npm - @dexterai/vault - Versions diffs - 0.3.1 → 0.3.3 - Mend

@dexterai/vault 0.3.1 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/instructions/index.cjs +1015 -984
package/dist/instructions/index.d.cts +42 -1
package/dist/instructions/index.d.ts +42 -1
package/dist/instructions/index.js +1018 -988
package/package.json +1 -1

package/dist/instructions/index.js CHANGED Viewed

@@ -112,408 +112,19 @@ function buildSetSwigInstruction(p) {
 // src/instructions/setSwigAtomic.ts
 import {
+  PublicKey as PublicKey5,
   TransactionInstruction as TransactionInstruction3,
   SystemProgram as SystemProgram2,
   SYSVAR_INSTRUCTIONS_PUBKEY as SYSVAR_INSTRUCTIONS_PUBKEY2
 } from "@solana/web3.js";
-var SET_SWIG_ATOMIC_DISCRIMINATOR = new Uint8Array([
-  119,
-  111,
-  247,
-  215,
-  190,
-  3,
-  170,
-  23
-]);
-function buildSetSwigAtomicInstruction(params) {
-  if (params.swigId.length !== 32) {
-    throw new Error(`swigId must be 32 bytes, got ${params.swigId.length}`);
-  }
-  if (params.authenticatorData.length < 37) {
-    throw new Error(`authenticatorData must be at least 37 bytes`);
-  }
-  const cdj = params.clientDataJSON;
-  const ad = params.authenticatorData;
-  const dataLen = 8 + // discriminator
-  32 + // swig_id
-  1 + // swig_account_bump
-  1 + // swig_wallet_address_bump
-  32 + // dexter_master_pubkey
-  4 + cdj.length + // client_data_json (len-prefixed)
-  4 + ad.length;
-  const data = new Uint8Array(dataLen);
-  const view = new DataView(data.buffer);
-  let off = 0;
-  data.set(SET_SWIG_ATOMIC_DISCRIMINATOR, off);
-  off += 8;
-  data.set(params.swigId, off);
-  off += 32;
-  data[off++] = params.swigAccountBump;
-  data[off++] = params.swigWalletAddressBump;
-  data.set(params.dexterMasterPubkey.toBytes(), off);
-  off += 32;
-  view.setUint32(off, cdj.length, true);
-  off += 4;
-  data.set(cdj, off);
-  off += cdj.length;
-  view.setUint32(off, ad.length, true);
-  off += 4;
-  data.set(ad, off);
-  off += ad.length;
-  if (off !== dataLen) throw new Error(`internal: byte offset mismatch (${off} vs ${dataLen})`);
-  return new TransactionInstruction3({
-    programId: DEXTER_VAULT_PROGRAM_ID,
-    keys: [
-      { pubkey: params.vaultPda, isSigner: false, isWritable: true },
-      { pubkey: params.feePayer, isSigner: true, isWritable: true },
-      { pubkey: params.swigAddress, isSigner: false, isWritable: true },
-      { pubkey: params.swigWalletAddress, isSigner: false, isWritable: true },
-      { pubkey: SWIG_PROGRAM_ID, isSigner: false, isWritable: false },
-      { pubkey: SystemProgram2.programId, isSigner: false, isWritable: false },
-      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY2, isSigner: false, isWritable: false }
-    ],
-    data: Buffer.from(data)
-  });
-}
-// src/instructions/registerSession.ts
-import { TransactionInstruction as TransactionInstruction4 } from "@solana/web3.js";
-function encodeU64LE(value) {
-  const buf = new Uint8Array(8);
-  new DataView(buf.buffer).setBigUint64(0, value, true);
-  return buf;
-}
-function encodeI64LE(value) {
-  const buf = new Uint8Array(8);
-  new DataView(buf.buffer).setBigInt64(0, value, true);
-  return buf;
-}
-function encodeU32LE(value) {
-  const buf = new Uint8Array(4);
-  new DataView(buf.buffer).setUint32(0, value >>> 0, true);
-  return buf;
-}
-function encodeVecU8(bytes) {
-  const out = new Uint8Array(4 + bytes.length);
-  new DataView(out.buffer).setUint32(0, bytes.length >>> 0, true);
-  out.set(bytes, 4);
-  return out;
-}
-function concatBytes(...parts) {
-  const total = parts.reduce((n, p) => n + p.length, 0);
-  const out = new Uint8Array(total);
-  let o2 = 0;
-  for (const p of parts) {
-    out.set(p, o2);
-    o2 += p.length;
-  }
-  return out;
-}
-function buildRegisterSessionKeyInstruction(args) {
-  if (args.sessionPubkey.length !== 32) {
-    throw new Error(`sessionPubkey must be 32 bytes, got ${args.sessionPubkey.length}`);
-  }
-  const data = concatBytes(
-    DISCRIMINATORS.register_session_key,
-    args.sessionPubkey,
-    encodeU64LE(args.maxAmount),
-    encodeI64LE(args.expiresAt),
-    args.allowedCounterparty.toBytes(),
-    encodeU32LE(args.nonce),
-    encodeVecU8(args.clientDataJSON),
-    encodeVecU8(args.authenticatorData)
-  );
-  return new TransactionInstruction4({
-    keys: [
-      { pubkey: args.vaultPda, isSigner: false, isWritable: true },
-      { pubkey: INSTRUCTIONS_SYSVAR_ID, isSigner: false, isWritable: false }
-    ],
-    programId: DEXTER_VAULT_PROGRAM_ID,
-    data: Buffer.from(data)
-  });
-}
-// src/instructions/revokeSession.ts
-import { TransactionInstruction as TransactionInstruction5 } from "@solana/web3.js";
-function encodeVecU82(bytes) {
-  const out = new Uint8Array(4 + bytes.length);
-  new DataView(out.buffer).setUint32(0, bytes.length >>> 0, true);
-  out.set(bytes, 4);
-  return out;
-}
-function concatBytes2(...parts) {
-  const total = parts.reduce((n, p) => n + p.length, 0);
-  const out = new Uint8Array(total);
-  let o2 = 0;
-  for (const p of parts) {
-    out.set(p, o2);
-    o2 += p.length;
-  }
-  return out;
-}
-function buildRevokeSessionKeyInstruction(args) {
-  const data = concatBytes2(
-    DISCRIMINATORS.revoke_session_key,
-    encodeVecU82(args.clientDataJSON),
-    encodeVecU82(args.authenticatorData)
-  );
-  return new TransactionInstruction5({
-    keys: [
-      { pubkey: args.vaultPda, isSigner: false, isWritable: true },
-      { pubkey: INSTRUCTIONS_SYSVAR_ID, isSigner: false, isWritable: false }
-    ],
-    programId: DEXTER_VAULT_PROGRAM_ID,
-    data: Buffer.from(data)
-  });
-}
-// src/instructions/settleVoucher.ts
-import { TransactionInstruction as TransactionInstruction6 } from "@solana/web3.js";
-function encodeU64(value) {
-  const out = Buffer.alloc(8);
-  out.writeBigUInt64LE(value, 0);
-  return out;
-}
-function encodeBool(value) {
-  return Buffer.from([value ? 1 : 0]);
-}
-function buildSettleVoucherInstruction(p) {
-  const argsBuf = Buffer.concat([encodeU64(p.amount), encodeBool(p.increment)]);
-  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.settle_voucher), argsBuf]);
-  return new TransactionInstruction6({
-    programId: DEXTER_VAULT_PROGRAM_ID,
-    keys: [
-      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
-      { pubkey: p.dexterAuthority, isSigner: true, isWritable: false }
-    ],
-    data
-  });
-}
-// src/instructions/settleTabVoucher.ts
+// src/instructions/swigBundle.ts
+import { createHmac } from "crypto";
 import {
-  TransactionInstruction as TransactionInstruction8,
-  SYSVAR_INSTRUCTIONS_PUBKEY as SYSVAR_INSTRUCTIONS_PUBKEY4
-} from "@solana/web3.js";
-// src/instructions/withdraw.ts
-import {
-  PublicKey as PublicKey8,
-  TransactionInstruction as TransactionInstruction7,
-  SYSVAR_INSTRUCTIONS_PUBKEY as SYSVAR_INSTRUCTIONS_PUBKEY3
-} from "@solana/web3.js";
-function encodeBytesVec2(buf) {
-  const out = Buffer.alloc(4 + buf.length);
-  out.writeUInt32LE(buf.length, 0);
-  Buffer.from(buf).copy(out, 4);
-  return out;
-}
-function encodeU642(value) {
-  const out = Buffer.alloc(8);
-  out.writeBigUInt64LE(value, 0);
-  return out;
-}
-function encodeI64(value) {
-  const out = Buffer.alloc(8);
-  out.writeBigInt64LE(value, 0);
-  return out;
-}
-function encodePubkey2(key) {
-  return Buffer.from(key.toBytes());
-}
-function deriveSwigWalletAddress(swigAddress) {
-  const [pda] = PublicKey8.findProgramAddressSync(
-    [Buffer.from("swig-wallet-address"), swigAddress.toBuffer()],
-    SWIG_PROGRAM_ID
-  );
-  return pda;
-}
-function buildRequestWithdrawalInstruction(p) {
-  const argsBuf = Buffer.concat([
-    encodeU642(p.amount),
-    encodePubkey2(p.destination),
-    encodeI64(p.signedAt),
-    encodeBytesVec2(p.clientDataJSON),
-    encodeBytesVec2(p.authenticatorData)
-  ]);
-  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.request_withdrawal), argsBuf]);
-  return new TransactionInstruction7({
-    programId: DEXTER_VAULT_PROGRAM_ID,
-    keys: [
-      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
-      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY3, isSigner: false, isWritable: false }
-    ],
-    data
-  });
-}
-function buildFinalizeWithdrawalInstruction(p) {
-  const argsBuf = Buffer.concat([
-    encodeBytesVec2(p.clientDataJSON),
-    encodeBytesVec2(p.authenticatorData)
-  ]);
-  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.finalize_withdrawal), argsBuf]);
-  const swigWalletAddress = deriveSwigWalletAddress(p.swigAddress);
-  return new TransactionInstruction7({
-    programId: DEXTER_VAULT_PROGRAM_ID,
-    keys: [
-      { pubkey: p.swigAddress, isSigner: false, isWritable: false },
-      { pubkey: swigWalletAddress, isSigner: false, isWritable: false },
-      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
-      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY3, isSigner: false, isWritable: false }
-    ],
-    data
-  });
-}
-function buildForceReleaseInstruction(p) {
-  const argsBuf = Buffer.concat([
-    encodeBytesVec2(p.clientDataJSON),
-    encodeBytesVec2(p.authenticatorData)
-  ]);
-  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.force_release), argsBuf]);
-  return new TransactionInstruction7({
-    programId: DEXTER_VAULT_PROGRAM_ID,
-    keys: [
-      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
-      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY3, isSigner: false, isWritable: false }
-    ],
-    data
-  });
-}
-// src/instructions/settleTabVoucher.ts
-function encodeFixedBytes2(buf, len) {
-  if (buf.length !== len) {
-    throw new Error(`expected ${len} bytes, got ${buf.length}`);
-  }
-  return Buffer.from(buf);
-}
-function encodeU643(value) {
-  const out = Buffer.alloc(8);
-  out.writeBigUInt64LE(value, 0);
-  return out;
-}
-function encodeU322(value) {
-  const out = Buffer.alloc(4);
-  out.writeUInt32LE(value >>> 0, 0);
-  return out;
-}
-function buildSettleTabVoucherInstruction(p) {
-  if (p.channelId.length !== 32) {
-    throw new Error(`channelId must be 32 bytes, got ${p.channelId.length}`);
-  }
-  const argsBuf = Buffer.concat([
-    encodeFixedBytes2(p.channelId, 32),
-    encodeU643(p.cumulativeAmount),
-    encodeU322(p.sequenceNumber)
-  ]);
-  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.settle_tab_voucher), argsBuf]);
-  const swigWalletAddress = deriveSwigWalletAddress(p.swigAddress);
-  return new TransactionInstruction8({
-    programId: DEXTER_VAULT_PROGRAM_ID,
-    keys: [
-      { pubkey: p.swigAddress, isSigner: false, isWritable: false },
-      { pubkey: swigWalletAddress, isSigner: false, isWritable: false },
-      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
-      { pubkey: p.dexterAuthority, isSigner: true, isWritable: false },
-      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY4, isSigner: false, isWritable: false }
-    ],
-    data
-  });
-}
-// src/instructions/rotate.ts
-import {
-  TransactionInstruction as TransactionInstruction9,
-  SYSVAR_INSTRUCTIONS_PUBKEY as SYSVAR_INSTRUCTIONS_PUBKEY5
-} from "@solana/web3.js";
-function encodeBytesVec3(buf) {
-  const out = Buffer.alloc(4 + buf.length);
-  out.writeUInt32LE(buf.length, 0);
-  Buffer.from(buf).copy(out, 4);
-  return out;
-}
-function encodeFixedBytes3(buf, len) {
-  if (buf.length !== len) {
-    throw new Error(`expected ${len} bytes, got ${buf.length}`);
-  }
-  return Buffer.from(buf);
-}
-function encodePubkey3(key) {
-  return Buffer.from(key.toBytes());
-}
-function buildRotatePasskeyInstruction(p) {
-  const argsBuf = Buffer.concat([
-    encodeFixedBytes3(p.newPasskeyPubkey, 33),
-    encodeBytesVec3(p.clientDataJSON),
-    encodeBytesVec3(p.authenticatorData)
-  ]);
-  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.rotate_passkey), argsBuf]);
-  return new TransactionInstruction9({
-    programId: DEXTER_VAULT_PROGRAM_ID,
-    keys: [
-      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
-      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY5, isSigner: false, isWritable: false }
-    ],
-    data
-  });
-}
-function buildRotateDexterAuthorityInstruction(p) {
-  const data = Buffer.concat([
-    Buffer.from(DISCRIMINATORS.rotate_dexter_authority),
-    encodePubkey3(p.newDexterAuthority)
-  ]);
-  return new TransactionInstruction9({
-    programId: DEXTER_VAULT_PROGRAM_ID,
-    keys: [
-      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
-      { pubkey: p.currentDexterAuthority, isSigner: true, isWritable: false }
-    ],
-    data
-  });
-}
-// src/instructions/provePasskey.ts
-import {
-  TransactionInstruction as TransactionInstruction10,
-  SYSVAR_INSTRUCTIONS_PUBKEY as SYSVAR_INSTRUCTIONS_PUBKEY6
-} from "@solana/web3.js";
-function encodeBytesVec4(buf) {
-  const out = Buffer.alloc(4 + buf.length);
-  out.writeUInt32LE(buf.length, 0);
-  Buffer.from(buf).copy(out, 4);
-  return out;
-}
-function encodeFixedBytes4(buf, len) {
-  if (buf.length !== len) {
-    throw new Error(`expected ${len} bytes, got ${buf.length}`);
-  }
-  return Buffer.from(buf);
-}
-function buildProvePasskeyInstruction(p) {
-  const argsBuf = Buffer.concat([
-    encodeFixedBytes4(p.challenge, 32),
-    encodeBytesVec4(p.clientDataJSON),
-    encodeBytesVec4(p.authenticatorData)
-  ]);
-  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.prove_passkey), argsBuf]);
-  return new TransactionInstruction10({
-    programId: DEXTER_VAULT_PROGRAM_ID,
-    keys: [
-      { pubkey: p.vaultPda, isSigner: false, isWritable: false },
-      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY6, isSigner: false, isWritable: false }
-    ],
-    data
-  });
-}
-// src/instructions/swigBundle.ts
-import { createHmac } from "crypto";
-import {
-  getInstructionsFromContext,
-  findSwigPda,
-  fetchNullableSwig
-} from "@swig-wallet/kit";
+  getInstructionsFromContext,
+  findSwigPda,
+  fetchNullableSwig
+} from "@swig-wallet/kit";
 import {
   Actions,
   createProgramExecAuthorityInfo,
@@ -4395,643 +4006,1060 @@ function getHumanReadableErrorMessage5(code, context = {}) {
   if (messageFormatString.length === 0) {
     return "";
   }
-  let state;
-  function commitStateUpTo(endIndex) {
-    if (state[TYPE5] === 2) {
-      const variableName = messageFormatString.slice(state[START_INDEX5] + 1, endIndex);
-      fragments.push(
-        variableName in context ? (
-          // eslint-disable-next-line @typescript-eslint/restrict-template-expressions
-          `${context[variableName]}`
-        ) : `$${variableName}`
-      );
-    } else if (state[TYPE5] === 1) {
-      fragments.push(messageFormatString.slice(state[START_INDEX5], endIndex));
+  let state;
+  function commitStateUpTo(endIndex) {
+    if (state[TYPE5] === 2) {
+      const variableName = messageFormatString.slice(state[START_INDEX5] + 1, endIndex);
+      fragments.push(
+        variableName in context ? (
+          // eslint-disable-next-line @typescript-eslint/restrict-template-expressions
+          `${context[variableName]}`
+        ) : `$${variableName}`
+      );
+    } else if (state[TYPE5] === 1) {
+      fragments.push(messageFormatString.slice(state[START_INDEX5], endIndex));
+    }
+  }
+  const fragments = [];
+  messageFormatString.split("").forEach((char, ii) => {
+    if (ii === 0) {
+      state = {
+        [START_INDEX5]: 0,
+        [TYPE5]: messageFormatString[0] === "\\" ? 0 : messageFormatString[0] === "$" ? 2 : 1
+        /* Text */
+      };
+      return;
+    }
+    let nextState;
+    switch (state[TYPE5]) {
+      case 0:
+        nextState = {
+          [START_INDEX5]: ii,
+          [TYPE5]: 1
+          /* Text */
+        };
+        break;
+      case 1:
+        if (char === "\\") {
+          nextState = {
+            [START_INDEX5]: ii,
+            [TYPE5]: 0
+            /* EscapeSequence */
+          };
+        } else if (char === "$") {
+          nextState = {
+            [START_INDEX5]: ii,
+            [TYPE5]: 2
+            /* Variable */
+          };
+        }
+        break;
+      case 2:
+        if (char === "\\") {
+          nextState = {
+            [START_INDEX5]: ii,
+            [TYPE5]: 0
+            /* EscapeSequence */
+          };
+        } else if (char === "$") {
+          nextState = {
+            [START_INDEX5]: ii,
+            [TYPE5]: 2
+            /* Variable */
+          };
+        } else if (!char.match(/\w/)) {
+          nextState = {
+            [START_INDEX5]: ii,
+            [TYPE5]: 1
+            /* Text */
+          };
+        }
+        break;
+    }
+    if (nextState) {
+      if (state !== nextState) {
+        commitStateUpTo(ii);
+      }
+      state = nextState;
+    }
+  });
+  commitStateUpTo();
+  return fragments.join("");
+}
+function getErrorMessage5(code, context = {}) {
+  if (process.env.NODE_ENV !== "production") {
+    return getHumanReadableErrorMessage5(code, context);
+  } else {
+    let decodingAdviceMessage = `Solana error #${code}; Decode this error by running \`npx @solana/errors decode -- ${code}`;
+    if (Object.keys(context).length) {
+      decodingAdviceMessage += ` '${encodeContextObject5(context)}'`;
+    }
+    return `${decodingAdviceMessage}\``;
+  }
+}
+var SolanaError5 = class extends Error {
+  /**
+   * Indicates the root cause of this {@link SolanaError}, if any.
+   *
+   * For example, a transaction error might have an instruction error as its root cause. In this
+   * case, you will be able to access the instruction error on the transaction error as `cause`.
+   */
+  cause = this.cause;
+  /**
+   * Contains context that can assist in understanding or recovering from a {@link SolanaError}.
+   */
+  context;
+  constructor(...[code, contextAndErrorOptions]) {
+    let context;
+    let errorOptions;
+    if (contextAndErrorOptions) {
+      const { cause, ...contextRest } = contextAndErrorOptions;
+      if (cause) {
+        errorOptions = { cause };
+      }
+      if (Object.keys(contextRest).length > 0) {
+        context = contextRest;
+      }
+    }
+    const message = getErrorMessage5(code, context);
+    super(message, errorOptions);
+    this.context = {
+      __code: code,
+      ...context
+    };
+    this.name = "SolanaError";
+  }
+};
+// node_modules/@solana/rpc-transport-http/dist/index.node.mjs
+var DISALLOWED_HEADERS = {
+  accept: true,
+  "content-length": true,
+  "content-type": true
+};
+var FORBIDDEN_HEADERS = /* @__PURE__ */ Object.assign(
+  {
+    "accept-charset": true,
+    "access-control-request-headers": true,
+    "access-control-request-method": true,
+    connection: true,
+    "content-length": true,
+    cookie: true,
+    date: true,
+    dnt: true,
+    expect: true,
+    host: true,
+    "keep-alive": true,
+    origin: true,
+    "permissions-policy": true,
+    // Prefix matching is implemented in code, below.
+    // 'proxy-': true,
+    // 'sec-': true,
+    referer: true,
+    te: true,
+    trailer: true,
+    "transfer-encoding": true,
+    upgrade: true,
+    via: true
+  },
+  void 0
+);
+function assertIsAllowedHttpRequestHeaders(headers) {
+  const badHeaders = Object.keys(headers).filter((headerName) => {
+    const lowercaseHeaderName = headerName.toLowerCase();
+    return DISALLOWED_HEADERS[headerName.toLowerCase()] === true || FORBIDDEN_HEADERS[headerName.toLowerCase()] === true || lowercaseHeaderName.startsWith("proxy-") || lowercaseHeaderName.startsWith("sec-");
+  });
+  if (badHeaders.length > 0) {
+    throw new SolanaError5(SOLANA_ERROR__RPC__TRANSPORT_HTTP_HEADER_FORBIDDEN5, {
+      headers: badHeaders
+    });
+  }
+}
+function normalizeHeaders(headers) {
+  const out = {};
+  for (const headerName in headers) {
+    out[headerName.toLowerCase()] = headers[headerName];
+  }
+  return out;
+}
+function createHttpTransport(config) {
+  if (process.env.NODE_ENV !== "production" && false) ;
+  const { fromJson, headers, toJson, url } = config;
+  if (process.env.NODE_ENV !== "production" && headers) {
+    assertIsAllowedHttpRequestHeaders(headers);
+  }
+  let dispatcherConfig;
+  if ("dispatcher_NODE_ONLY" in config) {
+    dispatcherConfig = { dispatcher: config.dispatcher_NODE_ONLY };
+  }
+  const customHeaders = headers && normalizeHeaders(headers);
+  return async function makeHttpRequest({
+    payload,
+    signal
+  }) {
+    const body = toJson ? toJson(payload) : JSON.stringify(payload);
+    const requestInfo = {
+      ...dispatcherConfig,
+      body,
+      headers: {
+        ...customHeaders,
+        // Keep these headers lowercase so they will override any user-supplied headers above.
+        accept: "application/json",
+        "content-length": body.length.toString(),
+        "content-type": "application/json; charset=utf-8"
+      },
+      method: "POST",
+      signal
+    };
+    const response = await fetch(url, requestInfo);
+    if (!response.ok) {
+      throw new SolanaError5(SOLANA_ERROR__RPC__TRANSPORT_HTTP_ERROR5, {
+        headers: response.headers,
+        message: response.statusText,
+        statusCode: response.status
+      });
+    }
+    if (fromJson) {
+      return fromJson(await response.text(), payload);
+    }
+    return await response.json();
+  };
+}
+var SOLANA_RPC_METHODS = [
+  "getAccountInfo",
+  "getBalance",
+  "getBlock",
+  "getBlockCommitment",
+  "getBlockHeight",
+  "getBlockProduction",
+  "getBlocks",
+  "getBlocksWithLimit",
+  "getBlockTime",
+  "getClusterNodes",
+  "getEpochInfo",
+  "getEpochSchedule",
+  "getFeeForMessage",
+  "getFirstAvailableBlock",
+  "getGenesisHash",
+  "getHealth",
+  "getHighestSnapshotSlot",
+  "getIdentity",
+  "getInflationGovernor",
+  "getInflationRate",
+  "getInflationReward",
+  "getLargestAccounts",
+  "getLatestBlockhash",
+  "getLeaderSchedule",
+  "getMaxRetransmitSlot",
+  "getMaxShredInsertSlot",
+  "getMinimumBalanceForRentExemption",
+  "getMultipleAccounts",
+  "getProgramAccounts",
+  "getRecentPerformanceSamples",
+  "getRecentPrioritizationFees",
+  "getSignaturesForAddress",
+  "getSignatureStatuses",
+  "getSlot",
+  "getSlotLeader",
+  "getSlotLeaders",
+  "getStakeMinimumDelegation",
+  "getSupply",
+  "getTokenAccountBalance",
+  "getTokenAccountsByDelegate",
+  "getTokenAccountsByOwner",
+  "getTokenLargestAccounts",
+  "getTokenSupply",
+  "getTransaction",
+  "getTransactionCount",
+  "getVersion",
+  "getVoteAccounts",
+  "index",
+  "isBlockhashValid",
+  "minimumLedgerSlot",
+  "requestAirdrop",
+  "sendTransaction",
+  "simulateTransaction"
+];
+function isSolanaRequest(payload) {
+  return isJsonRpcPayload(payload) && SOLANA_RPC_METHODS.includes(payload.method);
+}
+function createHttpTransportForSolanaRpc(config) {
+  return createHttpTransport({
+    ...config,
+    fromJson: (rawResponse, payload) => isSolanaRequest(payload) ? parseJsonWithBigInts(rawResponse) : JSON.parse(rawResponse),
+    toJson: (payload) => isSolanaRequest(payload) ? stringifyJsonWithBigints(payload) : JSON.stringify(payload)
+  });
+}
+// node_modules/@solana/rpc/dist/index.node.mjs
+import { setMaxListeners } from "events";
+// node_modules/@solana/fast-stable-stringify/dist/index.node.mjs
+var objToString = Object.prototype.toString;
+var objKeys = Object.keys || function(obj) {
+  const keys = [];
+  for (const name in obj) {
+    keys.push(name);
+  }
+  return keys;
+};
+function stringify(val, isArrayProp) {
+  let i, max, str, keys, key, propVal, toStr;
+  if (val === true) {
+    return "true";
+  }
+  if (val === false) {
+    return "false";
+  }
+  switch (typeof val) {
+    case "object":
+      if (val === null) {
+        return null;
+      } else if ("toJSON" in val && typeof val.toJSON === "function") {
+        return stringify(val.toJSON(), isArrayProp);
+      } else {
+        toStr = objToString.call(val);
+        if (toStr === "[object Array]") {
+          str = "[";
+          max = val.length - 1;
+          for (i = 0; i < max; i++) {
+            str += stringify(val[i], true) + ",";
+          }
+          if (max > -1) {
+            str += stringify(val[i], true);
+          }
+          return str + "]";
+        } else if (toStr === "[object Object]") {
+          keys = objKeys(val).sort();
+          max = keys.length;
+          str = "";
+          i = 0;
+          while (i < max) {
+            key = keys[i];
+            propVal = stringify(val[key], false);
+            if (propVal !== void 0) {
+              if (str) {
+                str += ",";
+              }
+              str += JSON.stringify(key) + ":" + propVal;
+            }
+            i++;
+          }
+          return "{" + str + "}";
+        } else {
+          return JSON.stringify(val);
+        }
+      }
+    case "function":
+    case "undefined":
+      return isArrayProp ? null : void 0;
+    case "bigint":
+      return `${val.toString()}n`;
+    case "string":
+      return JSON.stringify(val);
+    default:
+      return isFinite(val) ? val : null;
+  }
+}
+function index_default(val) {
+  const returnVal = stringify(val, false);
+  if (returnVal !== void 0) {
+    return "" + returnVal;
+  }
+}
+// node_modules/@solana/rpc/dist/index.node.mjs
+function createSolanaJsonRpcIntegerOverflowError(methodName, keyPath, value) {
+  let argumentLabel = "";
+  if (typeof keyPath[0] === "number") {
+    const argPosition = keyPath[0] + 1;
+    const lastDigit = argPosition % 10;
+    const lastTwoDigits = argPosition % 100;
+    if (lastDigit == 1 && lastTwoDigits != 11) {
+      argumentLabel = argPosition + "st";
+    } else if (lastDigit == 2 && lastTwoDigits != 12) {
+      argumentLabel = argPosition + "nd";
+    } else if (lastDigit == 3 && lastTwoDigits != 13) {
+      argumentLabel = argPosition + "rd";
+    } else {
+      argumentLabel = argPosition + "th";
     }
+  } else {
+    argumentLabel = `\`${keyPath[0].toString()}\``;
   }
-  const fragments = [];
-  messageFormatString.split("").forEach((char, ii) => {
-    if (ii === 0) {
-      state = {
-        [START_INDEX5]: 0,
-        [TYPE5]: messageFormatString[0] === "\\" ? 0 : messageFormatString[0] === "$" ? 2 : 1
-        /* Text */
+  const path = keyPath.length > 1 ? keyPath.slice(1).map((pathPart) => typeof pathPart === "number" ? `[${pathPart}]` : pathPart).join(".") : void 0;
+  const error = new SolanaError4(SOLANA_ERROR__RPC__INTEGER_OVERFLOW4, {
+    argumentLabel,
+    keyPath,
+    methodName,
+    optionalPathLabel: path ? ` at path \`${path}\`` : "",
+    value,
+    ...path !== void 0 ? { path } : void 0
+  });
+  safeCaptureStackTrace2(error, createSolanaJsonRpcIntegerOverflowError);
+  return error;
+}
+var DEFAULT_RPC_CONFIG = {
+  defaultCommitment: "confirmed",
+  onIntegerOverflow(request, keyPath, value) {
+    throw createSolanaJsonRpcIntegerOverflowError(request.methodName, keyPath, value);
+  }
+};
+var e2 = class extends globalThis.AbortController {
+  constructor(...t) {
+    super(...t), setMaxListeners(Number.MAX_SAFE_INTEGER, this.signal);
+  }
+};
+var EXPLICIT_ABORT_TOKEN;
+function createExplicitAbortToken() {
+  return process.env.NODE_ENV !== "production" ? {
+    EXPLICIT_ABORT_TOKEN: "This object is thrown from the request that underlies a series of coalesced requests when the last request in that series aborts"
+  } : {};
+}
+function getRpcTransportWithRequestCoalescing(transport, getDeduplicationKey) {
+  let coalescedRequestsByDeduplicationKey;
+  return async function makeCoalescedHttpRequest(request) {
+    const { payload, signal } = request;
+    const deduplicationKey = getDeduplicationKey(payload);
+    if (deduplicationKey === void 0) {
+      return await transport(request);
+    }
+    if (!coalescedRequestsByDeduplicationKey) {
+      queueMicrotask(() => {
+        coalescedRequestsByDeduplicationKey = void 0;
+      });
+      coalescedRequestsByDeduplicationKey = {};
+    }
+    if (coalescedRequestsByDeduplicationKey[deduplicationKey] == null) {
+      const abortController = new e2();
+      const responsePromise = (async () => {
+        try {
+          return await transport({
+            ...request,
+            signal: abortController.signal
+          });
+        } catch (e22) {
+          if (e22 === (EXPLICIT_ABORT_TOKEN ||= createExplicitAbortToken())) {
+            return;
+          }
+          throw e22;
+        }
+      })();
+      coalescedRequestsByDeduplicationKey[deduplicationKey] = {
+        abortController,
+        numConsumers: 0,
+        responsePromise
       };
-      return;
     }
-    let nextState;
-    switch (state[TYPE5]) {
-      case 0:
-        nextState = {
-          [START_INDEX5]: ii,
-          [TYPE5]: 1
-          /* Text */
+    const coalescedRequest = coalescedRequestsByDeduplicationKey[deduplicationKey];
+    coalescedRequest.numConsumers++;
+    if (signal) {
+      const responsePromise = coalescedRequest.responsePromise;
+      return await new Promise((resolve, reject) => {
+        const handleAbort = (e22) => {
+          signal.removeEventListener("abort", handleAbort);
+          coalescedRequest.numConsumers -= 1;
+          queueMicrotask(() => {
+            if (coalescedRequest.numConsumers === 0) {
+              const abortController = coalescedRequest.abortController;
+              abortController.abort(EXPLICIT_ABORT_TOKEN ||= createExplicitAbortToken());
+            }
+          });
+          reject(e22.target.reason);
         };
-        break;
-      case 1:
-        if (char === "\\") {
-          nextState = {
-            [START_INDEX5]: ii,
-            [TYPE5]: 0
-            /* EscapeSequence */
-          };
-        } else if (char === "$") {
-          nextState = {
-            [START_INDEX5]: ii,
-            [TYPE5]: 2
-            /* Variable */
-          };
-        }
-        break;
-      case 2:
-        if (char === "\\") {
-          nextState = {
-            [START_INDEX5]: ii,
-            [TYPE5]: 0
-            /* EscapeSequence */
-          };
-        } else if (char === "$") {
-          nextState = {
-            [START_INDEX5]: ii,
-            [TYPE5]: 2
-            /* Variable */
-          };
-        } else if (!char.match(/\w/)) {
-          nextState = {
-            [START_INDEX5]: ii,
-            [TYPE5]: 1
-            /* Text */
-          };
+        signal.addEventListener("abort", handleAbort);
+        responsePromise.then(resolve).catch(reject).finally(() => {
+          signal.removeEventListener("abort", handleAbort);
+        });
+      });
+    } else {
+      return await coalescedRequest.responsePromise;
+    }
+  };
+}
+function getSolanaRpcPayloadDeduplicationKey(payload) {
+  return isJsonRpcPayload(payload) ? index_default([payload.method, payload.params]) : void 0;
+}
+function normalizeHeaders2(headers) {
+  const out = {};
+  for (const headerName in headers) {
+    out[headerName.toLowerCase()] = headers[headerName];
+  }
+  return out;
+}
+function createDefaultRpcTransport(config) {
+  return pipe(
+    createHttpTransportForSolanaRpc({
+      ...config,
+      headers: {
+        ...{
+          // Keep these headers lowercase so they will be overridden by any user-supplied headers below.
+          "accept-encoding": (
+            // Natively supported by Node LTS v20.18.0 and above.
+            "br,gzip,deflate"
+          )
+          // Brotli, gzip, and Deflate, in that order.
+        },
+        ...config.headers ? normalizeHeaders2(config.headers) : void 0,
+        ...{
+          // Keep these headers lowercase so they will override any user-supplied headers above.
+          "solana-client": `js/${"2.3.0"}`
         }
-        break;
-    }
-    if (nextState) {
-      if (state !== nextState) {
-        commitStateUpTo(ii);
       }
-      state = nextState;
-    }
+    }),
+    (transport) => getRpcTransportWithRequestCoalescing(transport, getSolanaRpcPayloadDeduplicationKey)
+  );
+}
+function createSolanaRpc(clusterUrl, config) {
+  return createSolanaRpcFromTransport(createDefaultRpcTransport({ url: clusterUrl, ...config }));
+}
+function createSolanaRpcFromTransport(transport) {
+  return createRpc({
+    api: createSolanaRpcApi(DEFAULT_RPC_CONFIG),
+    transport
   });
-  commitStateUpTo();
-  return fragments.join("");
 }
-function getErrorMessage5(code, context = {}) {
-  if (process.env.NODE_ENV !== "production") {
-    return getHumanReadableErrorMessage5(code, context);
-  } else {
-    let decodingAdviceMessage = `Solana error #${code}; Decode this error by running \`npx @solana/errors decode -- ${code}`;
-    if (Object.keys(context).length) {
-      decodingAdviceMessage += ` '${encodeContextObject5(context)}'`;
-    }
-    return `${decodingAdviceMessage}\``;
+// src/instructions/swigBundle.ts
+import * as bs58Module from "bs58";
+import { PublicKey as PublicKey4 } from "@solana/web3.js";
+var bs58 = bs58Module.default ?? bs58Module;
+var SWIG_ID_DOMAIN = "dexter-swig-id:v1:";
+var DEFAULT_SESSION_TTL_SECONDS = BigInt(30 * 24 * 60 * 60);
+var DEFAULT_SPEND_LIMIT_ATOMIC = BigInt(1e9);
+var SWIG_PROGRAM_EXEC_PREFIX = new Uint8Array([
+  178,
+  87,
+  206,
+  68,
+  201,
+  186,
+  164,
+  232
+]);
+var SWIG_PROGRAM_EXEC_PREFIX_SETTLE_TAB = new Uint8Array([
+  173,
+  22,
+  98,
+  31,
+  110,
+  129,
+  59,
+  161
+]);
+var SWIG_PROGRAM_EXEC_MARKERS = [
+  SWIG_PROGRAM_EXEC_PREFIX,
+  SWIG_PROGRAM_EXEC_PREFIX_SETTLE_TAB
+];
+function deriveSwigId(identitySeed, hmacKey) {
+  if (hmacKey.length !== 32) {
+    throw new Error(`hmacKey must be 32 bytes, got ${hmacKey.length}`);
   }
+  return createHmac("sha256", Buffer.from(hmacKey)).update(SWIG_ID_DOMAIN).update(Buffer.from(identitySeed)).digest();
 }
-var SolanaError5 = class extends Error {
-  /**
-   * Indicates the root cause of this {@link SolanaError}, if any.
-   *
-   * For example, a transaction error might have an instruction error as its root cause. In this
-   * case, you will be able to access the instruction error on the transaction error as `cause`.
-   */
-  cause = this.cause;
-  /**
-   * Contains context that can assist in understanding or recovering from a {@link SolanaError}.
-   */
-  context;
-  constructor(...[code, contextAndErrorOptions]) {
-    let context;
-    let errorOptions;
-    if (contextAndErrorOptions) {
-      const { cause, ...contextRest } = contextAndErrorOptions;
-      if (cause) {
-        errorOptions = { cause };
-      }
-      if (Object.keys(contextRest).length > 0) {
-        context = contextRest;
+async function buildSwigCreationBundle(params) {
+  const {
+    feePayer,
+    dexterMasterPubkey,
+    identitySeed,
+    hmacKey,
+    sessionTtlSeconds = DEFAULT_SESSION_TTL_SECONDS,
+    spendLimitAtomic = DEFAULT_SPEND_LIMIT_ATOMIC
+  } = params;
+  const swigId = deriveSwigId(identitySeed, hmacKey);
+  const swigPda = await findSwigPda(swigId);
+  const swigAddressStr = String(swigPda);
+  const feePayerBytes = bs58.decode(feePayer);
+  const vaultProgramIdBytes = Uint8Array.from(DEXTER_VAULT_PROGRAM_ID.toBytes());
+  const dexterPubkeyBytes = bs58.decode(dexterMasterPubkey);
+  const bootstrapAuthorityInfo = createEd25519AuthorityInfo(feePayerBytes);
+  const bootstrapActions = Actions.set().manageAuthority().get();
+  const vaultAuthorityInfo = createProgramExecAuthorityInfo(
+    vaultProgramIdBytes,
+    SWIG_PROGRAM_EXEC_PREFIX
+  );
+  const vaultActions = Actions.set().all().get();
+  const vaultTabSettleAuthorityInfo = createProgramExecAuthorityInfo(
+    vaultProgramIdBytes,
+    SWIG_PROGRAM_EXEC_PREFIX_SETTLE_TAB
+  );
+  const vaultTabSettleActions = Actions.set().all().get();
+  const sessionAuthorityInfo = createEd25519SessionAuthorityInfo(
+    dexterPubkeyBytes,
+    sessionTtlSeconds
+  );
+  const sessionActions = Actions.set().tokenLimit({ mint: bs58.decode(USDC_MAINNET), amount: spendLimitAtomic }).programAll().get();
+  const builder = getCreateSwigWithMultipleAuthoritiesInstructionContextBuilder({
+    payer: address(feePayer),
+    swigAddress: address(swigAddressStr),
+    id: swigId,
+    actions: bootstrapActions,
+    authorityInfo: bootstrapAuthorityInfo,
+    options: {}
+  }).addAuthority(vaultAuthorityInfo, vaultActions).addAuthority(sessionAuthorityInfo, sessionActions).addAuthority(vaultTabSettleAuthorityInfo, vaultTabSettleActions);
+  const contexts = await builder.getInstructionContexts();
+  const instructions = contexts.flatMap((ctx) => getInstructionsFromContext(ctx));
+  return {
+    swigAddress: swigAddressStr,
+    swigIdBase58: bs58.encode(swigId),
+    instructions
+  };
+}
+async function expectedSwigAddressFor(identitySeed, hmacKey) {
+  const swigId = deriveSwigId(identitySeed, hmacKey);
+  return String(await findSwigPda(swigId));
+}
+async function verifySwigIsOurs(params) {
+  const { swigAddress, identitySeed, hmacKey, dexterMasterPubkey, rpcEndpoint } = params;
+  const expected = await expectedSwigAddressFor(identitySeed, hmacKey);
+  if (swigAddress !== expected) {
+    return {
+      ok: false,
+      reason: `swig_address_mismatch: expected ${expected}, got ${swigAddress}`
+    };
+  }
+  try {
+    const rpc = createSolanaRpc(rpcEndpoint);
+    const swig = await fetchNullableSwig(rpc, address(swigAddress));
+    if (swig) {
+      const ourRoles = swig.findRolesByAuthorityAddress(bs58.decode(dexterMasterPubkey));
+      if (!ourRoles || ourRoles.length === 0) {
+        return {
+          ok: false,
+          reason: "swig_missing_session_master_role"
+        };
       }
     }
-    const message = getErrorMessage5(code, context);
-    super(message, errorOptions);
-    this.context = {
-      __code: code,
-      ...context
-    };
-    this.name = "SolanaError";
+  } catch {
   }
-};
+  return { ok: true };
+}
+function deriveVaultPda(supabaseUserId) {
+  if (supabaseUserId.length !== 16) {
+    throw new Error("supabaseUserId must be 16 bytes (UUID v4)");
+  }
+  const [pda, bump] = PublicKey4.findProgramAddressSync(
+    [Buffer.from("vault"), Buffer.from(supabaseUserId)],
+    DEXTER_VAULT_PROGRAM_ID
+  );
+  return { pda, bump };
+}
-// node_modules/@solana/rpc-transport-http/dist/index.node.mjs
-var DISALLOWED_HEADERS = {
-  accept: true,
-  "content-length": true,
-  "content-type": true
-};
-var FORBIDDEN_HEADERS = /* @__PURE__ */ Object.assign(
-  {
-    "accept-charset": true,
-    "access-control-request-headers": true,
-    "access-control-request-method": true,
-    connection: true,
-    "content-length": true,
-    cookie: true,
-    date: true,
-    dnt: true,
-    expect: true,
-    host: true,
-    "keep-alive": true,
-    origin: true,
-    "permissions-policy": true,
-    // Prefix matching is implemented in code, below.
-    // 'proxy-': true,
-    // 'sec-': true,
-    referer: true,
-    te: true,
-    trailer: true,
-    "transfer-encoding": true,
-    upgrade: true,
-    via: true
-  },
-  void 0
-);
-function assertIsAllowedHttpRequestHeaders(headers) {
-  const badHeaders = Object.keys(headers).filter((headerName) => {
-    const lowercaseHeaderName = headerName.toLowerCase();
-    return DISALLOWED_HEADERS[headerName.toLowerCase()] === true || FORBIDDEN_HEADERS[headerName.toLowerCase()] === true || lowercaseHeaderName.startsWith("proxy-") || lowercaseHeaderName.startsWith("sec-");
+// src/instructions/setSwigAtomic.ts
+var SET_SWIG_ATOMIC_DISCRIMINATOR = new Uint8Array([
+  119,
+  111,
+  247,
+  215,
+  190,
+  3,
+  170,
+  23
+]);
+function buildSetSwigAtomicInstruction(params) {
+  if (params.swigId.length !== 32) {
+    throw new Error(`swigId must be 32 bytes, got ${params.swigId.length}`);
+  }
+  if (params.authenticatorData.length < 37) {
+    throw new Error(`authenticatorData must be at least 37 bytes`);
+  }
+  const cdj = params.clientDataJSON;
+  const ad = params.authenticatorData;
+  const dataLen = 8 + // discriminator
+  32 + // swig_id
+  1 + // swig_account_bump
+  1 + // swig_wallet_address_bump
+  32 + // dexter_master_pubkey
+  4 + cdj.length + // client_data_json (len-prefixed)
+  4 + ad.length;
+  const data = new Uint8Array(dataLen);
+  const view = new DataView(data.buffer);
+  let off = 0;
+  data.set(SET_SWIG_ATOMIC_DISCRIMINATOR, off);
+  off += 8;
+  data.set(params.swigId, off);
+  off += 32;
+  data[off++] = params.swigAccountBump;
+  data[off++] = params.swigWalletAddressBump;
+  data.set(params.dexterMasterPubkey.toBytes(), off);
+  off += 32;
+  view.setUint32(off, cdj.length, true);
+  off += 4;
+  data.set(cdj, off);
+  off += cdj.length;
+  view.setUint32(off, ad.length, true);
+  off += 4;
+  data.set(ad, off);
+  off += ad.length;
+  if (off !== dataLen) throw new Error(`internal: byte offset mismatch (${off} vs ${dataLen})`);
+  return new TransactionInstruction3({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: params.vaultPda, isSigner: false, isWritable: true },
+      { pubkey: params.feePayer, isSigner: true, isWritable: true },
+      { pubkey: params.swigAddress, isSigner: false, isWritable: true },
+      { pubkey: params.swigWalletAddress, isSigner: false, isWritable: true },
+      { pubkey: SWIG_PROGRAM_ID, isSigner: false, isWritable: false },
+      { pubkey: SystemProgram2.programId, isSigner: false, isWritable: true },
+      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY2, isSigner: false, isWritable: false }
+    ],
+    data: Buffer.from(data)
   });
-  if (badHeaders.length > 0) {
-    throw new SolanaError5(SOLANA_ERROR__RPC__TRANSPORT_HTTP_HEADER_FORBIDDEN5, {
-      headers: badHeaders
-    });
-  }
 }
-function normalizeHeaders(headers) {
-  const out = {};
-  for (const headerName in headers) {
-    out[headerName.toLowerCase()] = headers[headerName];
-  }
-  return out;
+function buildSetSwigAtomicFromIdentity(params) {
+  const swigId = Uint8Array.from(
+    deriveSwigId(params.identitySeed, params.hmacKey)
+  );
+  const [swigAddress, swigAccountBump] = PublicKey5.findProgramAddressSync(
+    [Buffer.from(swigId)],
+    SWIG_PROGRAM_ID
+  );
+  const [swigWalletAddress, swigWalletAddressBump] = PublicKey5.findProgramAddressSync(
+    [swigAddress.toBytes()],
+    SWIG_PROGRAM_ID
+  );
+  return buildSetSwigAtomicInstruction({
+    vaultPda: params.vaultPda,
+    swigAddress,
+    swigWalletAddress,
+    feePayer: params.feePayer,
+    dexterMasterPubkey: params.dexterMasterPubkey,
+    swigId,
+    swigAccountBump,
+    swigWalletAddressBump,
+    clientDataJSON: params.clientDataJSON,
+    authenticatorData: params.authenticatorData
+  });
 }
-function createHttpTransport(config) {
-  if (process.env.NODE_ENV !== "production" && false) ;
-  const { fromJson, headers, toJson, url } = config;
-  if (process.env.NODE_ENV !== "production" && headers) {
-    assertIsAllowedHttpRequestHeaders(headers);
-  }
-  let dispatcherConfig;
-  if ("dispatcher_NODE_ONLY" in config) {
-    dispatcherConfig = { dispatcher: config.dispatcher_NODE_ONLY };
-  }
-  const customHeaders = headers && normalizeHeaders(headers);
-  return async function makeHttpRequest({
-    payload,
-    signal
-  }) {
-    const body = toJson ? toJson(payload) : JSON.stringify(payload);
-    const requestInfo = {
-      ...dispatcherConfig,
-      body,
-      headers: {
-        ...customHeaders,
-        // Keep these headers lowercase so they will override any user-supplied headers above.
-        accept: "application/json",
-        "content-length": body.length.toString(),
-        "content-type": "application/json; charset=utf-8"
-      },
-      method: "POST",
-      signal
-    };
-    const response = await fetch(url, requestInfo);
-    if (!response.ok) {
-      throw new SolanaError5(SOLANA_ERROR__RPC__TRANSPORT_HTTP_ERROR5, {
-        headers: response.headers,
-        message: response.statusText,
-        statusCode: response.status
-      });
-    }
-    if (fromJson) {
-      return fromJson(await response.text(), payload);
-    }
-    return await response.json();
-  };
+// src/instructions/registerSession.ts
+import { TransactionInstruction as TransactionInstruction4 } from "@solana/web3.js";
+function encodeU64LE(value) {
+  const buf = new Uint8Array(8);
+  new DataView(buf.buffer).setBigUint64(0, value, true);
+  return buf;
 }
-var SOLANA_RPC_METHODS = [
-  "getAccountInfo",
-  "getBalance",
-  "getBlock",
-  "getBlockCommitment",
-  "getBlockHeight",
-  "getBlockProduction",
-  "getBlocks",
-  "getBlocksWithLimit",
-  "getBlockTime",
-  "getClusterNodes",
-  "getEpochInfo",
-  "getEpochSchedule",
-  "getFeeForMessage",
-  "getFirstAvailableBlock",
-  "getGenesisHash",
-  "getHealth",
-  "getHighestSnapshotSlot",
-  "getIdentity",
-  "getInflationGovernor",
-  "getInflationRate",
-  "getInflationReward",
-  "getLargestAccounts",
-  "getLatestBlockhash",
-  "getLeaderSchedule",
-  "getMaxRetransmitSlot",
-  "getMaxShredInsertSlot",
-  "getMinimumBalanceForRentExemption",
-  "getMultipleAccounts",
-  "getProgramAccounts",
-  "getRecentPerformanceSamples",
-  "getRecentPrioritizationFees",
-  "getSignaturesForAddress",
-  "getSignatureStatuses",
-  "getSlot",
-  "getSlotLeader",
-  "getSlotLeaders",
-  "getStakeMinimumDelegation",
-  "getSupply",
-  "getTokenAccountBalance",
-  "getTokenAccountsByDelegate",
-  "getTokenAccountsByOwner",
-  "getTokenLargestAccounts",
-  "getTokenSupply",
-  "getTransaction",
-  "getTransactionCount",
-  "getVersion",
-  "getVoteAccounts",
-  "index",
-  "isBlockhashValid",
-  "minimumLedgerSlot",
-  "requestAirdrop",
-  "sendTransaction",
-  "simulateTransaction"
-];
-function isSolanaRequest(payload) {
-  return isJsonRpcPayload(payload) && SOLANA_RPC_METHODS.includes(payload.method);
+function encodeI64LE(value) {
+  const buf = new Uint8Array(8);
+  new DataView(buf.buffer).setBigInt64(0, value, true);
+  return buf;
 }
-function createHttpTransportForSolanaRpc(config) {
-  return createHttpTransport({
-    ...config,
-    fromJson: (rawResponse, payload) => isSolanaRequest(payload) ? parseJsonWithBigInts(rawResponse) : JSON.parse(rawResponse),
-    toJson: (payload) => isSolanaRequest(payload) ? stringifyJsonWithBigints(payload) : JSON.stringify(payload)
-  });
+function encodeU32LE(value) {
+  const buf = new Uint8Array(4);
+  new DataView(buf.buffer).setUint32(0, value >>> 0, true);
+  return buf;
 }
-// node_modules/@solana/rpc/dist/index.node.mjs
-import { setMaxListeners } from "events";
-// node_modules/@solana/fast-stable-stringify/dist/index.node.mjs
-var objToString = Object.prototype.toString;
-var objKeys = Object.keys || function(obj) {
-  const keys = [];
-  for (const name in obj) {
-    keys.push(name);
-  }
-  return keys;
-};
-function stringify(val, isArrayProp) {
-  let i, max, str, keys, key, propVal, toStr;
-  if (val === true) {
-    return "true";
-  }
-  if (val === false) {
-    return "false";
+function encodeVecU8(bytes) {
+  const out = new Uint8Array(4 + bytes.length);
+  new DataView(out.buffer).setUint32(0, bytes.length >>> 0, true);
+  out.set(bytes, 4);
+  return out;
+}
+function concatBytes(...parts) {
+  const total = parts.reduce((n, p) => n + p.length, 0);
+  const out = new Uint8Array(total);
+  let o2 = 0;
+  for (const p of parts) {
+    out.set(p, o2);
+    o2 += p.length;
   }
-  switch (typeof val) {
-    case "object":
-      if (val === null) {
-        return null;
-      } else if ("toJSON" in val && typeof val.toJSON === "function") {
-        return stringify(val.toJSON(), isArrayProp);
-      } else {
-        toStr = objToString.call(val);
-        if (toStr === "[object Array]") {
-          str = "[";
-          max = val.length - 1;
-          for (i = 0; i < max; i++) {
-            str += stringify(val[i], true) + ",";
-          }
-          if (max > -1) {
-            str += stringify(val[i], true);
-          }
-          return str + "]";
-        } else if (toStr === "[object Object]") {
-          keys = objKeys(val).sort();
-          max = keys.length;
-          str = "";
-          i = 0;
-          while (i < max) {
-            key = keys[i];
-            propVal = stringify(val[key], false);
-            if (propVal !== void 0) {
-              if (str) {
-                str += ",";
-              }
-              str += JSON.stringify(key) + ":" + propVal;
-            }
-            i++;
-          }
-          return "{" + str + "}";
-        } else {
-          return JSON.stringify(val);
-        }
-      }
-    case "function":
-    case "undefined":
-      return isArrayProp ? null : void 0;
-    case "bigint":
-      return `${val.toString()}n`;
-    case "string":
-      return JSON.stringify(val);
-    default:
-      return isFinite(val) ? val : null;
+  return out;
+}
+function buildRegisterSessionKeyInstruction(args) {
+  if (args.sessionPubkey.length !== 32) {
+    throw new Error(`sessionPubkey must be 32 bytes, got ${args.sessionPubkey.length}`);
   }
+  const data = concatBytes(
+    DISCRIMINATORS.register_session_key,
+    args.sessionPubkey,
+    encodeU64LE(args.maxAmount),
+    encodeI64LE(args.expiresAt),
+    args.allowedCounterparty.toBytes(),
+    encodeU32LE(args.nonce),
+    encodeVecU8(args.clientDataJSON),
+    encodeVecU8(args.authenticatorData)
+  );
+  return new TransactionInstruction4({
+    keys: [
+      { pubkey: args.vaultPda, isSigner: false, isWritable: true },
+      { pubkey: INSTRUCTIONS_SYSVAR_ID, isSigner: false, isWritable: false }
+    ],
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    data: Buffer.from(data)
+  });
 }
-function index_default(val) {
-  const returnVal = stringify(val, false);
-  if (returnVal !== void 0) {
-    return "" + returnVal;
+// src/instructions/revokeSession.ts
+import { TransactionInstruction as TransactionInstruction5 } from "@solana/web3.js";
+function encodeVecU82(bytes) {
+  const out = new Uint8Array(4 + bytes.length);
+  new DataView(out.buffer).setUint32(0, bytes.length >>> 0, true);
+  out.set(bytes, 4);
+  return out;
+}
+function concatBytes2(...parts) {
+  const total = parts.reduce((n, p) => n + p.length, 0);
+  const out = new Uint8Array(total);
+  let o2 = 0;
+  for (const p of parts) {
+    out.set(p, o2);
+    o2 += p.length;
   }
+  return out;
+}
+function buildRevokeSessionKeyInstruction(args) {
+  const data = concatBytes2(
+    DISCRIMINATORS.revoke_session_key,
+    encodeVecU82(args.clientDataJSON),
+    encodeVecU82(args.authenticatorData)
+  );
+  return new TransactionInstruction5({
+    keys: [
+      { pubkey: args.vaultPda, isSigner: false, isWritable: true },
+      { pubkey: INSTRUCTIONS_SYSVAR_ID, isSigner: false, isWritable: false }
+    ],
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    data: Buffer.from(data)
+  });
 }
-// node_modules/@solana/rpc/dist/index.node.mjs
-function createSolanaJsonRpcIntegerOverflowError(methodName, keyPath, value) {
-  let argumentLabel = "";
-  if (typeof keyPath[0] === "number") {
-    const argPosition = keyPath[0] + 1;
-    const lastDigit = argPosition % 10;
-    const lastTwoDigits = argPosition % 100;
-    if (lastDigit == 1 && lastTwoDigits != 11) {
-      argumentLabel = argPosition + "st";
-    } else if (lastDigit == 2 && lastTwoDigits != 12) {
-      argumentLabel = argPosition + "nd";
-    } else if (lastDigit == 3 && lastTwoDigits != 13) {
-      argumentLabel = argPosition + "rd";
-    } else {
-      argumentLabel = argPosition + "th";
-    }
-  } else {
-    argumentLabel = `\`${keyPath[0].toString()}\``;
-  }
-  const path = keyPath.length > 1 ? keyPath.slice(1).map((pathPart) => typeof pathPart === "number" ? `[${pathPart}]` : pathPart).join(".") : void 0;
-  const error = new SolanaError4(SOLANA_ERROR__RPC__INTEGER_OVERFLOW4, {
-    argumentLabel,
-    keyPath,
-    methodName,
-    optionalPathLabel: path ? ` at path \`${path}\`` : "",
-    value,
-    ...path !== void 0 ? { path } : void 0
+// src/instructions/settleVoucher.ts
+import { TransactionInstruction as TransactionInstruction6 } from "@solana/web3.js";
+function encodeU64(value) {
+  const out = Buffer.alloc(8);
+  out.writeBigUInt64LE(value, 0);
+  return out;
+}
+function encodeBool(value) {
+  return Buffer.from([value ? 1 : 0]);
+}
+function buildSettleVoucherInstruction(p) {
+  const argsBuf = Buffer.concat([encodeU64(p.amount), encodeBool(p.increment)]);
+  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.settle_voucher), argsBuf]);
+  return new TransactionInstruction6({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
+      { pubkey: p.dexterAuthority, isSigner: true, isWritable: false }
+    ],
+    data
   });
-  safeCaptureStackTrace2(error, createSolanaJsonRpcIntegerOverflowError);
-  return error;
 }
-var DEFAULT_RPC_CONFIG = {
-  defaultCommitment: "confirmed",
-  onIntegerOverflow(request, keyPath, value) {
-    throw createSolanaJsonRpcIntegerOverflowError(request.methodName, keyPath, value);
-  }
-};
-var e2 = class extends globalThis.AbortController {
-  constructor(...t) {
-    super(...t), setMaxListeners(Number.MAX_SAFE_INTEGER, this.signal);
-  }
-};
-var EXPLICIT_ABORT_TOKEN;
-function createExplicitAbortToken() {
-  return process.env.NODE_ENV !== "production" ? {
-    EXPLICIT_ABORT_TOKEN: "This object is thrown from the request that underlies a series of coalesced requests when the last request in that series aborts"
-  } : {};
+// src/instructions/settleTabVoucher.ts
+import {
+  TransactionInstruction as TransactionInstruction8,
+  SYSVAR_INSTRUCTIONS_PUBKEY as SYSVAR_INSTRUCTIONS_PUBKEY4
+} from "@solana/web3.js";
+// src/instructions/withdraw.ts
+import {
+  PublicKey as PublicKey9,
+  TransactionInstruction as TransactionInstruction7,
+  SYSVAR_INSTRUCTIONS_PUBKEY as SYSVAR_INSTRUCTIONS_PUBKEY3
+} from "@solana/web3.js";
+function encodeBytesVec2(buf) {
+  const out = Buffer.alloc(4 + buf.length);
+  out.writeUInt32LE(buf.length, 0);
+  Buffer.from(buf).copy(out, 4);
+  return out;
 }
-function getRpcTransportWithRequestCoalescing(transport, getDeduplicationKey) {
-  let coalescedRequestsByDeduplicationKey;
-  return async function makeCoalescedHttpRequest(request) {
-    const { payload, signal } = request;
-    const deduplicationKey = getDeduplicationKey(payload);
-    if (deduplicationKey === void 0) {
-      return await transport(request);
-    }
-    if (!coalescedRequestsByDeduplicationKey) {
-      queueMicrotask(() => {
-        coalescedRequestsByDeduplicationKey = void 0;
-      });
-      coalescedRequestsByDeduplicationKey = {};
-    }
-    if (coalescedRequestsByDeduplicationKey[deduplicationKey] == null) {
-      const abortController = new e2();
-      const responsePromise = (async () => {
-        try {
-          return await transport({
-            ...request,
-            signal: abortController.signal
-          });
-        } catch (e22) {
-          if (e22 === (EXPLICIT_ABORT_TOKEN ||= createExplicitAbortToken())) {
-            return;
-          }
-          throw e22;
-        }
-      })();
-      coalescedRequestsByDeduplicationKey[deduplicationKey] = {
-        abortController,
-        numConsumers: 0,
-        responsePromise
-      };
-    }
-    const coalescedRequest = coalescedRequestsByDeduplicationKey[deduplicationKey];
-    coalescedRequest.numConsumers++;
-    if (signal) {
-      const responsePromise = coalescedRequest.responsePromise;
-      return await new Promise((resolve, reject) => {
-        const handleAbort = (e22) => {
-          signal.removeEventListener("abort", handleAbort);
-          coalescedRequest.numConsumers -= 1;
-          queueMicrotask(() => {
-            if (coalescedRequest.numConsumers === 0) {
-              const abortController = coalescedRequest.abortController;
-              abortController.abort(EXPLICIT_ABORT_TOKEN ||= createExplicitAbortToken());
-            }
-          });
-          reject(e22.target.reason);
-        };
-        signal.addEventListener("abort", handleAbort);
-        responsePromise.then(resolve).catch(reject).finally(() => {
-          signal.removeEventListener("abort", handleAbort);
-        });
-      });
-    } else {
-      return await coalescedRequest.responsePromise;
-    }
-  };
+function encodeU642(value) {
+  const out = Buffer.alloc(8);
+  out.writeBigUInt64LE(value, 0);
+  return out;
 }
-function getSolanaRpcPayloadDeduplicationKey(payload) {
-  return isJsonRpcPayload(payload) ? index_default([payload.method, payload.params]) : void 0;
+function encodeI64(value) {
+  const out = Buffer.alloc(8);
+  out.writeBigInt64LE(value, 0);
+  return out;
 }
-function normalizeHeaders2(headers) {
-  const out = {};
-  for (const headerName in headers) {
-    out[headerName.toLowerCase()] = headers[headerName];
+function encodePubkey2(key) {
+  return Buffer.from(key.toBytes());
+}
+function deriveSwigWalletAddress(swigAddress) {
+  const [pda] = PublicKey9.findProgramAddressSync(
+    [Buffer.from("swig-wallet-address"), swigAddress.toBuffer()],
+    SWIG_PROGRAM_ID
+  );
+  return pda;
+}
+function buildRequestWithdrawalInstruction(p) {
+  const argsBuf = Buffer.concat([
+    encodeU642(p.amount),
+    encodePubkey2(p.destination),
+    encodeI64(p.signedAt),
+    encodeBytesVec2(p.clientDataJSON),
+    encodeBytesVec2(p.authenticatorData)
+  ]);
+  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.request_withdrawal), argsBuf]);
+  return new TransactionInstruction7({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
+      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY3, isSigner: false, isWritable: false }
+    ],
+    data
+  });
+}
+function buildFinalizeWithdrawalInstruction(p) {
+  const argsBuf = Buffer.concat([
+    encodeBytesVec2(p.clientDataJSON),
+    encodeBytesVec2(p.authenticatorData)
+  ]);
+  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.finalize_withdrawal), argsBuf]);
+  const swigWalletAddress = deriveSwigWalletAddress(p.swigAddress);
+  return new TransactionInstruction7({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.swigAddress, isSigner: false, isWritable: false },
+      { pubkey: swigWalletAddress, isSigner: false, isWritable: false },
+      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
+      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY3, isSigner: false, isWritable: false }
+    ],
+    data
+  });
+}
+function buildForceReleaseInstruction(p) {
+  const argsBuf = Buffer.concat([
+    encodeBytesVec2(p.clientDataJSON),
+    encodeBytesVec2(p.authenticatorData)
+  ]);
+  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.force_release), argsBuf]);
+  return new TransactionInstruction7({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
+      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY3, isSigner: false, isWritable: false }
+    ],
+    data
+  });
+}
+// src/instructions/settleTabVoucher.ts
+function encodeFixedBytes2(buf, len) {
+  if (buf.length !== len) {
+    throw new Error(`expected ${len} bytes, got ${buf.length}`);
   }
-  return out;
+  return Buffer.from(buf);
 }
-function createDefaultRpcTransport(config) {
-  return pipe(
-    createHttpTransportForSolanaRpc({
-      ...config,
-      headers: {
-        ...{
-          // Keep these headers lowercase so they will be overridden by any user-supplied headers below.
-          "accept-encoding": (
-            // Natively supported by Node LTS v20.18.0 and above.
-            "br,gzip,deflate"
-          )
-          // Brotli, gzip, and Deflate, in that order.
-        },
-        ...config.headers ? normalizeHeaders2(config.headers) : void 0,
-        ...{
-          // Keep these headers lowercase so they will override any user-supplied headers above.
-          "solana-client": `js/${"2.3.0"}`
-        }
-      }
-    }),
-    (transport) => getRpcTransportWithRequestCoalescing(transport, getSolanaRpcPayloadDeduplicationKey)
-  );
+function encodeU643(value) {
+  const out = Buffer.alloc(8);
+  out.writeBigUInt64LE(value, 0);
+  return out;
 }
-function createSolanaRpc(clusterUrl, config) {
-  return createSolanaRpcFromTransport(createDefaultRpcTransport({ url: clusterUrl, ...config }));
+function encodeU322(value) {
+  const out = Buffer.alloc(4);
+  out.writeUInt32LE(value >>> 0, 0);
+  return out;
 }
-function createSolanaRpcFromTransport(transport) {
-  return createRpc({
-    api: createSolanaRpcApi(DEFAULT_RPC_CONFIG),
-    transport
+function buildSettleTabVoucherInstruction(p) {
+  if (p.channelId.length !== 32) {
+    throw new Error(`channelId must be 32 bytes, got ${p.channelId.length}`);
+  }
+  const argsBuf = Buffer.concat([
+    encodeFixedBytes2(p.channelId, 32),
+    encodeU643(p.cumulativeAmount),
+    encodeU322(p.sequenceNumber)
+  ]);
+  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.settle_tab_voucher), argsBuf]);
+  const swigWalletAddress = deriveSwigWalletAddress(p.swigAddress);
+  return new TransactionInstruction8({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.swigAddress, isSigner: false, isWritable: false },
+      { pubkey: swigWalletAddress, isSigner: false, isWritable: false },
+      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
+      { pubkey: p.dexterAuthority, isSigner: true, isWritable: false },
+      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY4, isSigner: false, isWritable: false }
+    ],
+    data
   });
 }
-// src/instructions/swigBundle.ts
-import * as bs58Module from "bs58";
-import { PublicKey as PublicKey12 } from "@solana/web3.js";
-var bs58 = bs58Module.default ?? bs58Module;
-var SWIG_ID_DOMAIN = "dexter-swig-id:v1:";
-var DEFAULT_SESSION_TTL_SECONDS = BigInt(30 * 24 * 60 * 60);
-var DEFAULT_SPEND_LIMIT_ATOMIC = BigInt(1e9);
-var SWIG_PROGRAM_EXEC_PREFIX = new Uint8Array([
-  178,
-  87,
-  206,
-  68,
-  201,
-  186,
-  164,
-  232
-]);
-var SWIG_PROGRAM_EXEC_PREFIX_SETTLE_TAB = new Uint8Array([
-  173,
-  22,
-  98,
-  31,
-  110,
-  129,
-  59,
-  161
-]);
-var SWIG_PROGRAM_EXEC_MARKERS = [
-  SWIG_PROGRAM_EXEC_PREFIX,
-  SWIG_PROGRAM_EXEC_PREFIX_SETTLE_TAB
-];
-function deriveSwigId(identitySeed, hmacKey) {
-  if (hmacKey.length !== 32) {
-    throw new Error(`hmacKey must be 32 bytes, got ${hmacKey.length}`);
+// src/instructions/rotate.ts
+import {
+  TransactionInstruction as TransactionInstruction9,
+  SYSVAR_INSTRUCTIONS_PUBKEY as SYSVAR_INSTRUCTIONS_PUBKEY5
+} from "@solana/web3.js";
+function encodeBytesVec3(buf) {
+  const out = Buffer.alloc(4 + buf.length);
+  out.writeUInt32LE(buf.length, 0);
+  Buffer.from(buf).copy(out, 4);
+  return out;
+}
+function encodeFixedBytes3(buf, len) {
+  if (buf.length !== len) {
+    throw new Error(`expected ${len} bytes, got ${buf.length}`);
   }
-  return createHmac("sha256", Buffer.from(hmacKey)).update(SWIG_ID_DOMAIN).update(Buffer.from(identitySeed)).digest();
+  return Buffer.from(buf);
 }
-async function buildSwigCreationBundle(params) {
-  const {
-    feePayer,
-    dexterMasterPubkey,
-    identitySeed,
-    hmacKey,
-    sessionTtlSeconds = DEFAULT_SESSION_TTL_SECONDS,
-    spendLimitAtomic = DEFAULT_SPEND_LIMIT_ATOMIC
-  } = params;
-  const swigId = deriveSwigId(identitySeed, hmacKey);
-  const swigPda = await findSwigPda(swigId);
-  const swigAddressStr = String(swigPda);
-  const feePayerBytes = bs58.decode(feePayer);
-  const vaultProgramIdBytes = Uint8Array.from(DEXTER_VAULT_PROGRAM_ID.toBytes());
-  const dexterPubkeyBytes = bs58.decode(dexterMasterPubkey);
-  const bootstrapAuthorityInfo = createEd25519AuthorityInfo(feePayerBytes);
-  const bootstrapActions = Actions.set().manageAuthority().get();
-  const vaultAuthorityInfo = createProgramExecAuthorityInfo(
-    vaultProgramIdBytes,
-    SWIG_PROGRAM_EXEC_PREFIX
-  );
-  const vaultActions = Actions.set().all().get();
-  const vaultTabSettleAuthorityInfo = createProgramExecAuthorityInfo(
-    vaultProgramIdBytes,
-    SWIG_PROGRAM_EXEC_PREFIX_SETTLE_TAB
-  );
-  const vaultTabSettleActions = Actions.set().all().get();
-  const sessionAuthorityInfo = createEd25519SessionAuthorityInfo(
-    dexterPubkeyBytes,
-    sessionTtlSeconds
-  );
-  const sessionActions = Actions.set().tokenLimit({ mint: bs58.decode(USDC_MAINNET), amount: spendLimitAtomic }).programAll().get();
-  const builder = getCreateSwigWithMultipleAuthoritiesInstructionContextBuilder({
-    payer: address(feePayer),
-    swigAddress: address(swigAddressStr),
-    id: swigId,
-    actions: bootstrapActions,
-    authorityInfo: bootstrapAuthorityInfo,
-    options: {}
-  }).addAuthority(vaultAuthorityInfo, vaultActions).addAuthority(sessionAuthorityInfo, sessionActions).addAuthority(vaultTabSettleAuthorityInfo, vaultTabSettleActions);
-  const contexts = await builder.getInstructionContexts();
-  const instructions = contexts.flatMap((ctx) => getInstructionsFromContext(ctx));
-  return {
-    swigAddress: swigAddressStr,
-    swigIdBase58: bs58.encode(swigId),
-    instructions
-  };
+function encodePubkey3(key) {
+  return Buffer.from(key.toBytes());
 }
-async function expectedSwigAddressFor(identitySeed, hmacKey) {
-  const swigId = deriveSwigId(identitySeed, hmacKey);
-  return String(await findSwigPda(swigId));
+function buildRotatePasskeyInstruction(p) {
+  const argsBuf = Buffer.concat([
+    encodeFixedBytes3(p.newPasskeyPubkey, 33),
+    encodeBytesVec3(p.clientDataJSON),
+    encodeBytesVec3(p.authenticatorData)
+  ]);
+  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.rotate_passkey), argsBuf]);
+  return new TransactionInstruction9({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
+      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY5, isSigner: false, isWritable: false }
+    ],
+    data
+  });
 }
-async function verifySwigIsOurs(params) {
-  const { swigAddress, identitySeed, hmacKey, dexterMasterPubkey, rpcEndpoint } = params;
-  const expected = await expectedSwigAddressFor(identitySeed, hmacKey);
-  if (swigAddress !== expected) {
-    return {
-      ok: false,
-      reason: `swig_address_mismatch: expected ${expected}, got ${swigAddress}`
-    };
-  }
-  try {
-    const rpc = createSolanaRpc(rpcEndpoint);
-    const swig = await fetchNullableSwig(rpc, address(swigAddress));
-    if (swig) {
-      const ourRoles = swig.findRolesByAuthorityAddress(bs58.decode(dexterMasterPubkey));
-      if (!ourRoles || ourRoles.length === 0) {
-        return {
-          ok: false,
-          reason: "swig_missing_session_master_role"
-        };
-      }
-    }
-  } catch {
-  }
-  return { ok: true };
+function buildRotateDexterAuthorityInstruction(p) {
+  const data = Buffer.concat([
+    Buffer.from(DISCRIMINATORS.rotate_dexter_authority),
+    encodePubkey3(p.newDexterAuthority)
+  ]);
+  return new TransactionInstruction9({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.vaultPda, isSigner: false, isWritable: true },
+      { pubkey: p.currentDexterAuthority, isSigner: true, isWritable: false }
+    ],
+    data
+  });
 }
-function deriveVaultPda(supabaseUserId) {
-  if (supabaseUserId.length !== 16) {
-    throw new Error("supabaseUserId must be 16 bytes (UUID v4)");
+// src/instructions/provePasskey.ts
+import {
+  TransactionInstruction as TransactionInstruction10,
+  SYSVAR_INSTRUCTIONS_PUBKEY as SYSVAR_INSTRUCTIONS_PUBKEY6
+} from "@solana/web3.js";
+function encodeBytesVec4(buf) {
+  const out = Buffer.alloc(4 + buf.length);
+  out.writeUInt32LE(buf.length, 0);
+  Buffer.from(buf).copy(out, 4);
+  return out;
+}
+function encodeFixedBytes4(buf, len) {
+  if (buf.length !== len) {
+    throw new Error(`expected ${len} bytes, got ${buf.length}`);
   }
-  const [pda, bump] = PublicKey12.findProgramAddressSync(
-    [Buffer.from("vault"), Buffer.from(supabaseUserId)],
-    DEXTER_VAULT_PROGRAM_ID
-  );
-  return { pda, bump };
+  return Buffer.from(buf);
+}
+function buildProvePasskeyInstruction(p) {
+  const argsBuf = Buffer.concat([
+    encodeFixedBytes4(p.challenge, 32),
+    encodeBytesVec4(p.clientDataJSON),
+    encodeBytesVec4(p.authenticatorData)
+  ]);
+  const data = Buffer.concat([Buffer.from(DISCRIMINATORS.prove_passkey), argsBuf]);
+  return new TransactionInstruction10({
+    programId: DEXTER_VAULT_PROGRAM_ID,
+    keys: [
+      { pubkey: p.vaultPda, isSigner: false, isWritable: false },
+      { pubkey: SYSVAR_INSTRUCTIONS_PUBKEY6, isSigner: false, isWritable: false }
+    ],
+    data
+  });
 }
 export {
   SET_SWIG_ATOMIC_DISCRIMINATOR,
@@ -5047,11 +5075,13 @@ export {
   buildRevokeSessionKeyInstruction,
   buildRotateDexterAuthorityInstruction,
   buildRotatePasskeyInstruction,
+  buildSetSwigAtomicFromIdentity,
   buildSetSwigAtomicInstruction,
   buildSetSwigInstruction,
   buildSettleTabVoucherInstruction,
   buildSettleVoucherInstruction,
   buildSwigCreationBundle,
+  deriveSwigId,
   deriveSwigWalletAddress,
   deriveVaultPda,
   expectedSwigAddressFor,