@elizaos/plugin-steward-app 2.0.3-beta.5 → 2.0.3-beta.7

package/dist/routes/wallet-trade-compat-routes.js

@@ -0,0 +1,570 @@
+import { loadElizaConfig } from "@elizaos/agent/config/config";
+import { ensureCompatApiAuthorized } from "@elizaos/app-core/api/auth";
+import {
+  readCompatJsonBody
+} from "@elizaos/app-core/api/compat-route-shared";
+import {
+  sendJsonError as sendJsonErrorResponse,
+  sendJson as sendJsonResponse
+} from "@elizaos/app-core/api/response";
+import { logger } from "@elizaos/core";
+import {
+  canUseLocalTradeExecution as _canUseLocalTradeExecution,
+  resolveTradePermissionMode as _resolveTradePermissionMode
+} from "@elizaos/plugin-wallet";
+import { StewardApiError } from "@stwd/sdk";
+import * as ethers from "ethers";
+import {
+  buildBscApproveUnsignedTx,
+  buildBscBuyUnsignedTx,
+  buildBscSellUnsignedTx,
+  buildBscTradeQuote,
+  resolveBscApprovalSpender,
+  resolvePrimaryBscRpcUrl
+} from "../api/bsc-trade.js";
+import { getWalletAddresses } from "../api/wallet.js";
+import { resolveWalletRpcReadiness } from "../api/wallet-rpc.js";
+import { recordWalletTradeLedgerEntry } from "../api/wallet-trading-profile.js";
+import {
+  isStewardConfigured,
+  signTransactionWithOptionalSteward
+} from "./steward-bridge.js";
+const AGENT_AUTOMATION_HEADER = "x-elizaos-agent-action";
+function isAgentAutomationRequest(req) {
+  const raw = req.headers[AGENT_AUTOMATION_HEADER];
+  return typeof raw === "string" && /^(1|true|yes|agent)$/i.test(raw.trim());
+}
+function resolveBscExecutionNetwork() {
+  if (process.env.ELIZA_WALLET_NETWORK?.trim().toLowerCase() === "testnet") {
+    const parsedChainId = Number.parseInt(
+      process.env.BSC_TESTNET_CHAIN_ID?.trim() ?? "97",
+      10
+    );
+    return {
+      chainId: Number.isNaN(parsedChainId) ? 97 : parsedChainId,
+      explorerBaseUrl: "https://testnet.bscscan.com"
+    };
+  }
+  return {
+    chainId: 56,
+    explorerBaseUrl: "https://bscscan.com"
+  };
+}
+function resolveWalletExecutionMode(canSign, canExecuteLocally, hasStewardSigner) {
+  if (!canSign || !canExecuteLocally) {
+    return "user-sign";
+  }
+  return hasStewardSigner ? "steward" : "local-key";
+}
+async function sendLocalWalletTransaction(rpcUrl, tx) {
+  const evmKey = process.env.EVM_PRIVATE_KEY ?? "";
+  const provider = new ethers.JsonRpcProvider(rpcUrl);
+  try {
+    const wallet = new ethers.Wallet(
+      evmKey.startsWith("0x") ? evmKey : `0x${evmKey}`,
+      provider
+    );
+    const txResponse = await wallet.sendTransaction(tx);
+    return {
+      hash: txResponse.hash,
+      nonce: txResponse.nonce,
+      gasLimit: txResponse.gasLimit?.toString() ?? "0"
+    };
+  } finally {
+    provider.destroy();
+  }
+}
+function getStewardPolicyResults(error) {
+  if (error.data && typeof error.data === "object" && "results" in error.data && Array.isArray(error.data.results)) {
+    return error.data.results;
+  }
+  return [];
+}
+function isStewardPolicyRejection(error) {
+  return error instanceof StewardApiError && error.status === 403;
+}
+async function handleWalletTradeCompatRoutes(req, res, _state) {
+  const method = (req.method ?? "GET").toUpperCase();
+  const url = new URL(req.url ?? "/", "http://localhost");
+  if (method === "POST" && url.pathname === "/api/wallet/trade/execute") {
+    if (!ensureCompatApiAuthorized(req, res)) {
+      return true;
+    }
+    const body = await readCompatJsonBody(req, res);
+    if (body == null) {
+      return true;
+    }
+    const side = typeof body.side === "string" ? body.side : "";
+    const tokenAddress = typeof body.tokenAddress === "string" ? body.tokenAddress : "";
+    const amount = typeof body.amount === "string" ? body.amount : "";
+    const routeProvider = body.routeProvider === "0x" || body.routeProvider === "pancakeswap-v2" || body.routeProvider === "auto" ? body.routeProvider : void 0;
+    if (!side || !tokenAddress || !amount) {
+      sendJsonErrorResponse(
+        res,
+        400,
+        "side, tokenAddress, and amount are required"
+      );
+      return true;
+    }
+    if (side !== "buy" && side !== "sell") {
+      sendJsonErrorResponse(res, 400, 'side must be "buy" or "sell"');
+      return true;
+    }
+    const config = loadElizaConfig();
+    const tradePermissionMode = _resolveTradePermissionMode(config);
+    const canExecuteLocally = _canUseLocalTradeExecution(
+      tradePermissionMode,
+      isAgentAutomationRequest(req)
+    );
+    const addresses = getWalletAddresses();
+    const walletAddress = addresses.evmAddress ?? null;
+    const hasLocalKey = Boolean(process.env.EVM_PRIVATE_KEY?.trim());
+    const hasStewardSigner = isStewardConfigured();
+    const canSign = hasLocalKey || hasStewardSigner;
+    const rpcReadiness = resolveWalletRpcReadiness(config);
+    const bscExecutionNetwork = resolveBscExecutionNetwork();
+    try {
+      const quote = await buildBscTradeQuote({
+        walletAddress,
+        rpcUrls: rpcReadiness.bscRpcUrls,
+        cloudManagedAccess: rpcReadiness.cloudManagedAccess,
+        request: {
+          side,
+          tokenAddress,
+          amount,
+          slippageBps: typeof body.slippageBps === "number" ? body.slippageBps : void 0,
+          routeProvider
+        }
+      });
+      const unsignedTx = quote.side === "buy" ? buildBscBuyUnsignedTx(
+        quote,
+        walletAddress,
+        typeof body.deadlineSeconds === "number" ? body.deadlineSeconds : void 0
+      ) : buildBscSellUnsignedTx(
+        quote,
+        walletAddress,
+        typeof body.deadlineSeconds === "number" ? body.deadlineSeconds : void 0
+      );
+      let unsignedApprovalTx;
+      let requiresApproval = false;
+      if (quote.side === "sell" && walletAddress) {
+        unsignedApprovalTx = buildBscApproveUnsignedTx(
+          quote.tokenAddress,
+          walletAddress,
+          resolveBscApprovalSpender(quote),
+          quote.quoteIn.amountWei
+        );
+        requiresApproval = true;
+      }
+      if (!canSign || !canExecuteLocally || body.confirm !== true) {
+        sendJsonResponse(res, 200, {
+          ok: true,
+          side: quote.side,
+          mode: resolveWalletExecutionMode(
+            canSign,
+            canExecuteLocally,
+            hasStewardSigner
+          ),
+          quote,
+          executed: false,
+          requiresUserSignature: true,
+          unsignedTx,
+          unsignedApprovalTx,
+          requiresApproval
+        });
+        return true;
+      }
+      const rpcUrl = resolvePrimaryBscRpcUrl({
+        rpcUrls: rpcReadiness.bscRpcUrls,
+        cloudManagedAccess: rpcReadiness.cloudManagedAccess
+      });
+      let approvalHash;
+      let finalHash = "";
+      let finalNonce = null;
+      let finalGasLimit = "0";
+      let finalMode = hasLocalKey ? "local-key" : "steward";
+      if (hasLocalKey && canExecuteLocally) {
+        if (!rpcUrl) {
+          sendJsonErrorResponse(
+            res,
+            503,
+            "BSC RPC not configured for local execution"
+          );
+          return true;
+        }
+        if (requiresApproval && unsignedApprovalTx) {
+          const approvalResult = await sendLocalWalletTransaction(rpcUrl, {
+            to: unsignedApprovalTx.to,
+            data: unsignedApprovalTx.data,
+            value: BigInt(unsignedApprovalTx.valueWei),
+            chainId: unsignedApprovalTx.chainId
+          });
+          approvalHash = approvalResult.hash;
+          const provider = new ethers.JsonRpcProvider(rpcUrl);
+          try {
+            await provider.waitForTransaction(approvalHash, 1);
+          } finally {
+            provider.destroy();
+          }
+        }
+        const localExecution = await sendLocalWalletTransaction(rpcUrl, {
+          to: unsignedTx.to,
+          data: unsignedTx.data,
+          value: BigInt(unsignedTx.valueWei),
+          chainId: unsignedTx.chainId
+        });
+        finalHash = localExecution.hash;
+        finalNonce = localExecution.nonce;
+        finalGasLimit = localExecution.gasLimit;
+      } else {
+        finalMode = "steward";
+        if (requiresApproval && unsignedApprovalTx) {
+          const approvalResult = await signTransactionWithOptionalSteward({
+            evmAddress: walletAddress,
+            tx: {
+              to: unsignedApprovalTx.to,
+              data: unsignedApprovalTx.data,
+              value: unsignedApprovalTx.valueWei,
+              chainId: unsignedApprovalTx.chainId,
+              broadcast: true
+            }
+          });
+          if (approvalResult.mode === "steward" && approvalResult.pendingApproval) {
+            sendJsonResponse(res, 200, {
+              ok: true,
+              side: quote.side,
+              mode: "steward",
+              quote,
+              executed: false,
+              requiresUserSignature: false,
+              unsignedTx,
+              unsignedApprovalTx,
+              requiresApproval,
+              approval: {
+                status: "pending_approval",
+                policyResults: approvalResult.policyResults
+              }
+            });
+            return true;
+          }
+          approvalHash = "txHash" in approvalResult ? approvalResult.txHash : "";
+          if (approvalResult.mode === "steward" && rpcUrl) {
+            const provider = new ethers.JsonRpcProvider(rpcUrl);
+            try {
+              await provider.waitForTransaction(approvalHash, 1);
+            } finally {
+              provider.destroy();
+            }
+          }
+        }
+        const executionResult = await signTransactionWithOptionalSteward({
+          evmAddress: walletAddress,
+          tx: {
+            to: unsignedTx.to,
+            data: unsignedTx.data,
+            value: unsignedTx.valueWei,
+            chainId: unsignedTx.chainId,
+            broadcast: true
+          }
+        });
+        if (executionResult.mode === "steward" && executionResult.pendingApproval) {
+          sendJsonResponse(res, 200, {
+            ok: true,
+            side: quote.side,
+            mode: "steward",
+            quote,
+            executed: false,
+            requiresUserSignature: false,
+            unsignedTx,
+            unsignedApprovalTx,
+            requiresApproval,
+            approvalHash,
+            execution: {
+              status: "pending_approval",
+              policyResults: executionResult.policyResults
+            }
+          });
+          return true;
+        }
+        finalHash = "txHash" in executionResult ? executionResult.txHash : "";
+      }
+      try {
+        const tradeSource = body.source === "agent" || body.source === "manual" ? body.source : "manual";
+        recordWalletTradeLedgerEntry({
+          hash: finalHash,
+          source: tradeSource,
+          side: quote.side,
+          tokenAddress: quote.tokenAddress,
+          slippageBps: quote.slippageBps,
+          route: quote.route,
+          quoteIn: {
+            symbol: quote.quoteIn.symbol,
+            amount: quote.quoteIn.amount,
+            amountWei: quote.quoteIn.amountWei
+          },
+          quoteOut: {
+            symbol: quote.quoteOut.symbol,
+            amount: quote.quoteOut.amount,
+            amountWei: quote.quoteOut.amountWei
+          },
+          status: "pending",
+          confirmations: 0,
+          nonce: finalNonce,
+          blockNumber: null,
+          gasUsed: null,
+          effectiveGasPriceWei: null,
+          explorerUrl: `${bscExecutionNetwork.explorerBaseUrl}/tx/${finalHash}`
+        });
+      } catch (ledgerErr) {
+        logger.warn(
+          `[api] Failed to record trade ledger entry: ${ledgerErr instanceof Error ? ledgerErr.message : ledgerErr}`
+        );
+      }
+      sendJsonResponse(res, 200, {
+        ok: true,
+        side: quote.side,
+        mode: finalMode,
+        quote,
+        executed: true,
+        requiresUserSignature: false,
+        unsignedTx,
+        unsignedApprovalTx,
+        requiresApproval,
+        execution: {
+          hash: finalHash,
+          nonce: finalNonce,
+          gasLimit: finalGasLimit,
+          valueWei: unsignedTx.valueWei,
+          explorerUrl: `${bscExecutionNetwork.explorerBaseUrl}/tx/${finalHash}`,
+          blockNumber: null,
+          status: "pending",
+          approvalHash
+        }
+      });
+    } catch (err) {
+      if (isStewardPolicyRejection(err)) {
+        sendJsonResponse(res, 403, {
+          ok: false,
+          mode: "steward",
+          executed: false,
+          requiresUserSignature: false,
+          error: err.message,
+          execution: {
+            status: "rejected",
+            policyResults: getStewardPolicyResults(err)
+          }
+        });
+        return true;
+      }
+      sendJsonErrorResponse(
+        res,
+        500,
+        `Trade execution failed: ${err instanceof Error ? err.message : "unknown error"}`
+      );
+    }
+    return true;
+  }
+  if (method === "POST" && url.pathname === "/api/wallet/transfer/execute") {
+    if (!ensureCompatApiAuthorized(req, res)) {
+      return true;
+    }
+    const body = await readCompatJsonBody(req, res);
+    if (body == null) {
+      return true;
+    }
+    const toAddressRaw = typeof body.toAddress === "string" ? body.toAddress.trim() : "";
+    const amount = typeof body.amount === "string" ? body.amount.trim() : "";
+    const assetSymbol = typeof body.assetSymbol === "string" ? body.assetSymbol.trim() : "";
+    if (!toAddressRaw || !amount || !assetSymbol) {
+      sendJsonErrorResponse(
+        res,
+        400,
+        "toAddress, amount, and assetSymbol are required"
+      );
+      return true;
+    }
+    const config = loadElizaConfig();
+    const tradePermissionMode = _resolveTradePermissionMode(config);
+    const canExecuteLocally = _canUseLocalTradeExecution(
+      tradePermissionMode,
+      isAgentAutomationRequest(req)
+    );
+    const hasLocalKey = Boolean(process.env.EVM_PRIVATE_KEY?.trim());
+    const hasStewardSigner = isStewardConfigured();
+    const canSign = hasLocalKey || hasStewardSigner;
+    const addresses = getWalletAddresses();
+    const rpcReadiness = resolveWalletRpcReadiness(config);
+    const bscExecutionNetwork = resolveBscExecutionNetwork();
+    let toAddress;
+    try {
+      toAddress = ethers.getAddress(toAddressRaw);
+    } catch {
+      sendJsonErrorResponse(
+        res,
+        400,
+        "Invalid toAddress \u2014 must be a valid EVM address"
+      );
+      return true;
+    }
+    const isBnb = assetSymbol.toUpperCase() === "BNB";
+    let decimals = 18;
+    if (typeof body.tokenAddress === "string" && body.tokenAddress.trim()) {
+      const provider = new ethers.JsonRpcProvider(
+        resolvePrimaryBscRpcUrl({
+          rpcUrls: rpcReadiness.bscRpcUrls,
+          cloudManagedAccess: rpcReadiness.cloudManagedAccess
+        }) ?? "https://bsc-dataseed1.binance.org/"
+      );
+      try {
+        const tokenContract = new ethers.Contract(
+          body.tokenAddress,
+          ["function decimals() view returns (uint8)"],
+          provider
+        );
+        decimals = Number(await tokenContract.decimals());
+      } finally {
+        provider.destroy();
+      }
+    }
+    const unsignedTx = {
+      chainId: bscExecutionNetwork.chainId,
+      from: addresses.evmAddress ?? null,
+      to: isBnb || typeof body.tokenAddress !== "string" ? toAddress : body.tokenAddress,
+      data: isBnb ? "0x" : new ethers.Interface([
+        "function transfer(address to, uint256 amount) returns (bool)"
+      ]).encodeFunctionData("transfer", [
+        toAddress,
+        ethers.parseUnits(amount, decimals)
+      ]),
+      valueWei: isBnb ? ethers.parseEther(amount).toString() : "0",
+      explorerUrl: bscExecutionNetwork.explorerBaseUrl,
+      assetSymbol,
+      amount,
+      tokenAddress: typeof body.tokenAddress === "string" ? body.tokenAddress : void 0
+    };
+    if (!canSign || !canExecuteLocally || body.confirm !== true) {
+      sendJsonResponse(res, 200, {
+        ok: true,
+        mode: resolveWalletExecutionMode(
+          canSign,
+          canExecuteLocally,
+          hasStewardSigner
+        ),
+        executed: false,
+        requiresUserSignature: true,
+        toAddress,
+        amount,
+        assetSymbol,
+        tokenAddress: unsignedTx.tokenAddress,
+        unsignedTx
+      });
+      return true;
+    }
+    const _rpcUrl = resolvePrimaryBscRpcUrl({
+      rpcUrls: rpcReadiness.bscRpcUrls,
+      cloudManagedAccess: rpcReadiness.cloudManagedAccess
+    });
+    try {
+      let finalHash = "";
+      let finalNonce = null;
+      let finalGasLimit = "0";
+      let finalMode = hasLocalKey ? "local-key" : "steward";
+      if (hasLocalKey && canExecuteLocally) {
+        if (!_rpcUrl) {
+          sendJsonErrorResponse(
+            res,
+            503,
+            "BSC RPC not configured for local execution"
+          );
+          return true;
+        }
+        const localExecution = await sendLocalWalletTransaction(_rpcUrl, {
+          to: unsignedTx.to,
+          data: unsignedTx.data,
+          value: BigInt(unsignedTx.valueWei),
+          chainId: unsignedTx.chainId
+        });
+        finalHash = localExecution.hash;
+        finalNonce = localExecution.nonce;
+        finalGasLimit = localExecution.gasLimit;
+      } else {
+        finalMode = "steward";
+        const executionResult = await signTransactionWithOptionalSteward({
+          evmAddress: addresses.evmAddress,
+          tx: {
+            to: unsignedTx.to,
+            data: unsignedTx.data,
+            value: unsignedTx.valueWei,
+            chainId: unsignedTx.chainId,
+            broadcast: true
+          }
+        });
+        if (executionResult.mode === "steward" && executionResult.pendingApproval) {
+          sendJsonResponse(res, 200, {
+            ok: true,
+            mode: "steward",
+            executed: false,
+            requiresUserSignature: false,
+            toAddress,
+            amount,
+            assetSymbol,
+            tokenAddress: unsignedTx.tokenAddress,
+            unsignedTx,
+            execution: {
+              status: "pending_approval",
+              policyResults: executionResult.policyResults
+            }
+          });
+          return true;
+        }
+        finalHash = "txHash" in executionResult ? executionResult.txHash : "";
+      }
+      sendJsonResponse(res, 200, {
+        ok: true,
+        mode: finalMode,
+        executed: true,
+        requiresUserSignature: false,
+        toAddress,
+        amount,
+        assetSymbol,
+        tokenAddress: unsignedTx.tokenAddress,
+        unsignedTx,
+        execution: {
+          hash: finalHash,
+          nonce: finalNonce,
+          gasLimit: finalGasLimit,
+          valueWei: unsignedTx.valueWei,
+          explorerUrl: `${bscExecutionNetwork.explorerBaseUrl}/tx/${finalHash}`,
+          blockNumber: null,
+          status: "pending"
+        }
+      });
+    } catch (err) {
+      if (isStewardPolicyRejection(err)) {
+        sendJsonResponse(res, 403, {
+          ok: false,
+          mode: "steward",
+          executed: false,
+          requiresUserSignature: false,
+          error: err.message,
+          execution: {
+            status: "rejected",
+            policyResults: getStewardPolicyResults(err)
+          }
+        });
+        return true;
+      }
+      sendJsonErrorResponse(
+        res,
+        500,
+        `Transfer failed: ${err instanceof Error ? err.message : "unknown error"}`
+      );
+    }
+    return true;
+  }
+  return false;
+}
+export {
+  handleWalletTradeCompatRoutes
+};
+//# sourceMappingURL=wallet-trade-compat-routes.js.map

package/dist/routes/wallet-trade-compat-routes.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/routes/wallet-trade-compat-routes.ts"],"sourcesContent":["/**\n * Wallet trade / transfer compat routes.\n *\n * Handles:\n *   POST /api/wallet/trade/execute    — BSC DEX trade execution\n *   POST /api/wallet/transfer/execute — token / BNB transfer execution\n */\nimport type http from \"node:http\";\nimport { loadElizaConfig } from \"@elizaos/agent/config/config\";\nimport { ensureCompatApiAuthorized } from \"@elizaos/app-core/api/auth\";\nimport {\n  type CompatRuntimeState,\n  readCompatJsonBody,\n} from \"@elizaos/app-core/api/compat-route-shared\";\nimport {\n  sendJsonError as sendJsonErrorResponse,\n  sendJson as sendJsonResponse,\n} from \"@elizaos/app-core/api/response\";\nimport { logger } from \"@elizaos/core\";\nimport {\n  canUseLocalTradeExecution as _canUseLocalTradeExecution,\n  resolveTradePermissionMode as _resolveTradePermissionMode,\n} from \"@elizaos/plugin-wallet\";\nimport { type PolicyResult, StewardApiError } from \"@stwd/sdk\";\nimport * as ethers from \"ethers\";\nimport {\n  buildBscApproveUnsignedTx,\n  buildBscBuyUnsignedTx,\n  buildBscSellUnsignedTx,\n  buildBscTradeQuote,\n  resolveBscApprovalSpender,\n  resolvePrimaryBscRpcUrl,\n} from \"../api/bsc-trade.js\";\nimport { getWalletAddresses } from \"../api/wallet.js\";\nimport { resolveWalletRpcReadiness } from \"../api/wallet-rpc.js\";\nimport { recordWalletTradeLedgerEntry } from \"../api/wallet-trading-profile.js\";\nimport {\n  isStewardConfigured,\n  signTransactionWithOptionalSteward,\n} from \"./steward-bridge.js\";\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\nconst AGENT_AUTOMATION_HEADER = \"x-elizaos-agent-action\";\n\n// ---------------------------------------------------------------------------\n// Helpers (only used by trade / transfer routes)\n// ---------------------------------------------------------------------------\n\nfunction isAgentAutomationRequest(\n  req: Pick<http.IncomingMessage, \"headers\">,\n): boolean {\n  const raw = req.headers[AGENT_AUTOMATION_HEADER];\n  return typeof raw === \"string\" && /^(1|true|yes|agent)$/i.test(raw.trim());\n}\n\nfunction resolveBscExecutionNetwork(): {\n  chainId: number;\n  explorerBaseUrl: string;\n} {\n  if (process.env.ELIZA_WALLET_NETWORK?.trim().toLowerCase() === \"testnet\") {\n    const parsedChainId = Number.parseInt(\n      process.env.BSC_TESTNET_CHAIN_ID?.trim() ?? \"97\",\n      10,\n    );\n    return {\n      chainId: Number.isNaN(parsedChainId) ? 97 : parsedChainId,\n      explorerBaseUrl: \"https://testnet.bscscan.com\",\n    };\n  }\n\n  return {\n    chainId: 56,\n    explorerBaseUrl: \"https://bscscan.com\",\n  };\n}\n\nfunction resolveWalletExecutionMode(\n  canSign: boolean,\n  canExecuteLocally: boolean,\n  hasStewardSigner: boolean,\n): \"local-key\" | \"steward\" | \"user-sign\" {\n  if (!canSign || !canExecuteLocally) {\n    return \"user-sign\";\n  }\n\n  return hasStewardSigner ? \"steward\" : \"local-key\";\n}\n\ninterface LocalSignedTransactionResult {\n  hash: string;\n  nonce: number;\n  gasLimit: string;\n}\n\n/** Broadcast a signed tx using `EVM_PRIVATE_KEY` and a JSON-RPC provider (local execution path). */\nasync function sendLocalWalletTransaction(\n  rpcUrl: string,\n  tx: {\n    to: string;\n    data?: string;\n    value: bigint;\n    chainId: number;\n    nonce?: number;\n  },\n): Promise<LocalSignedTransactionResult> {\n  const evmKey = process.env.EVM_PRIVATE_KEY ?? \"\";\n  const provider = new ethers.JsonRpcProvider(rpcUrl);\n\n  try {\n    const wallet = new ethers.Wallet(\n      evmKey.startsWith(\"0x\") ? evmKey : `0x${evmKey}`,\n      provider,\n    );\n    const txResponse = await wallet.sendTransaction(tx);\n    return {\n      hash: txResponse.hash,\n      nonce: txResponse.nonce,\n      gasLimit: txResponse.gasLimit?.toString() ?? \"0\",\n    };\n  } finally {\n    provider.destroy();\n  }\n}\n\nfunction getStewardPolicyResults(error: StewardApiError): PolicyResult[] {\n  if (\n    error.data &&\n    typeof error.data === \"object\" &&\n    \"results\" in error.data &&\n    Array.isArray(error.data.results)\n  ) {\n    return error.data.results as PolicyResult[];\n  }\n\n  return [];\n}\n\nfunction isStewardPolicyRejection(error: unknown): error is StewardApiError {\n  return error instanceof StewardApiError && error.status === 403;\n}\n\n// ---------------------------------------------------------------------------\n// Route handler\n// ---------------------------------------------------------------------------\n\nexport async function handleWalletTradeCompatRoutes(\n  req: http.IncomingMessage,\n  res: http.ServerResponse,\n  _state: CompatRuntimeState,\n): Promise<boolean> {\n  const method = (req.method ?? \"GET\").toUpperCase();\n  const url = new URL(req.url ?? \"/\", \"http://localhost\");\n\n  // ── POST /api/wallet/trade/execute ─────────────────────────────────────\n  if (method === \"POST\" && url.pathname === \"/api/wallet/trade/execute\") {\n    if (!ensureCompatApiAuthorized(req, res)) {\n      return true;\n    }\n\n    const body = await readCompatJsonBody(req, res);\n    if (body == null) {\n      return true;\n    }\n\n    const side = typeof body.side === \"string\" ? body.side : \"\";\n    const tokenAddress =\n      typeof body.tokenAddress === \"string\" ? body.tokenAddress : \"\";\n    const amount = typeof body.amount === \"string\" ? body.amount : \"\";\n    const routeProvider =\n      body.routeProvider === \"0x\" ||\n      body.routeProvider === \"pancakeswap-v2\" ||\n      body.routeProvider === \"auto\"\n        ? body.routeProvider\n        : undefined;\n\n    if (!side || !tokenAddress || !amount) {\n      sendJsonErrorResponse(\n        res,\n        400,\n        \"side, tokenAddress, and amount are required\",\n      );\n      return true;\n    }\n\n    if (side !== \"buy\" && side !== \"sell\") {\n      sendJsonErrorResponse(res, 400, 'side must be \"buy\" or \"sell\"');\n      return true;\n    }\n\n    const config = loadElizaConfig();\n    const tradePermissionMode = _resolveTradePermissionMode(config);\n    const canExecuteLocally = _canUseLocalTradeExecution(\n      tradePermissionMode,\n      isAgentAutomationRequest(req),\n    );\n    const addresses = getWalletAddresses();\n    const walletAddress = addresses.evmAddress ?? null;\n    const hasLocalKey = Boolean(process.env.EVM_PRIVATE_KEY?.trim());\n    const hasStewardSigner = isStewardConfigured();\n    const canSign = hasLocalKey || hasStewardSigner;\n    const rpcReadiness = resolveWalletRpcReadiness(config);\n    const bscExecutionNetwork = resolveBscExecutionNetwork();\n\n    try {\n      const quote = await buildBscTradeQuote({\n        walletAddress,\n        rpcUrls: rpcReadiness.bscRpcUrls,\n        cloudManagedAccess: rpcReadiness.cloudManagedAccess,\n        request: {\n          side,\n          tokenAddress,\n          amount,\n          slippageBps:\n            typeof body.slippageBps === \"number\" ? body.slippageBps : undefined,\n          routeProvider,\n        },\n      });\n\n      const unsignedTx =\n        quote.side === \"buy\"\n          ? buildBscBuyUnsignedTx(\n              quote,\n              walletAddress,\n              typeof body.deadlineSeconds === \"number\"\n                ? body.deadlineSeconds\n                : undefined,\n            )\n          : buildBscSellUnsignedTx(\n              quote,\n              walletAddress,\n              typeof body.deadlineSeconds === \"number\"\n                ? body.deadlineSeconds\n                : undefined,\n            );\n\n      let unsignedApprovalTx:\n        | ReturnType<typeof buildBscApproveUnsignedTx>\n        | undefined;\n      let requiresApproval = false;\n      if (quote.side === \"sell\" && walletAddress) {\n        unsignedApprovalTx = buildBscApproveUnsignedTx(\n          quote.tokenAddress,\n          walletAddress,\n          resolveBscApprovalSpender(quote),\n          quote.quoteIn.amountWei,\n        );\n        requiresApproval = true;\n      }\n\n      if (!canSign || !canExecuteLocally || body.confirm !== true) {\n        sendJsonResponse(res, 200, {\n          ok: true,\n          side: quote.side,\n          mode: resolveWalletExecutionMode(\n            canSign,\n            canExecuteLocally,\n            hasStewardSigner,\n          ),\n          quote,\n          executed: false,\n          requiresUserSignature: true,\n          unsignedTx,\n          unsignedApprovalTx,\n          requiresApproval,\n        });\n        return true;\n      }\n\n      const rpcUrl = resolvePrimaryBscRpcUrl({\n        rpcUrls: rpcReadiness.bscRpcUrls,\n        cloudManagedAccess: rpcReadiness.cloudManagedAccess,\n      });\n\n      let approvalHash: string | undefined;\n      let finalHash = \"\";\n      let finalNonce: number | null = null;\n      let finalGasLimit = \"0\";\n      let finalMode: \"local-key\" | \"steward\" = hasLocalKey\n        ? \"local-key\"\n        : \"steward\";\n\n      if (hasLocalKey && canExecuteLocally) {\n        if (!rpcUrl) {\n          sendJsonErrorResponse(\n            res,\n            503,\n            \"BSC RPC not configured for local execution\",\n          );\n          return true;\n        }\n\n        if (requiresApproval && unsignedApprovalTx) {\n          const approvalResult = await sendLocalWalletTransaction(rpcUrl, {\n            to: unsignedApprovalTx.to,\n            data: unsignedApprovalTx.data,\n            value: BigInt(unsignedApprovalTx.valueWei),\n            chainId: unsignedApprovalTx.chainId,\n          });\n          approvalHash = approvalResult.hash;\n          const provider = new ethers.JsonRpcProvider(rpcUrl);\n          try {\n            await provider.waitForTransaction(approvalHash, 1);\n          } finally {\n            provider.destroy();\n          }\n        }\n\n        const localExecution = await sendLocalWalletTransaction(rpcUrl, {\n          to: unsignedTx.to,\n          data: unsignedTx.data,\n          value: BigInt(unsignedTx.valueWei),\n          chainId: unsignedTx.chainId,\n        });\n        finalHash = localExecution.hash;\n        finalNonce = localExecution.nonce;\n        finalGasLimit = localExecution.gasLimit;\n      } else {\n        finalMode = \"steward\";\n        if (requiresApproval && unsignedApprovalTx) {\n          const approvalResult = await signTransactionWithOptionalSteward({\n            evmAddress: walletAddress,\n            tx: {\n              to: unsignedApprovalTx.to,\n              data: unsignedApprovalTx.data,\n              value: unsignedApprovalTx.valueWei,\n              chainId: unsignedApprovalTx.chainId,\n              broadcast: true,\n            },\n          });\n\n          if (\n            approvalResult.mode === \"steward\" &&\n            approvalResult.pendingApproval\n          ) {\n            sendJsonResponse(res, 200, {\n              ok: true,\n              side: quote.side,\n              mode: \"steward\",\n              quote,\n              executed: false,\n              requiresUserSignature: false,\n              unsignedTx,\n              unsignedApprovalTx,\n              requiresApproval,\n              approval: {\n                status: \"pending_approval\",\n                policyResults: approvalResult.policyResults,\n              },\n            });\n            return true;\n          }\n\n          approvalHash =\n            \"txHash\" in approvalResult ? approvalResult.txHash : \"\";\n\n          if (approvalResult.mode === \"steward\" && rpcUrl) {\n            const provider = new ethers.JsonRpcProvider(rpcUrl);\n            try {\n              await provider.waitForTransaction(approvalHash, 1);\n            } finally {\n              provider.destroy();\n            }\n          }\n        }\n\n        const executionResult = await signTransactionWithOptionalSteward({\n          evmAddress: walletAddress,\n          tx: {\n            to: unsignedTx.to,\n            data: unsignedTx.data,\n            value: unsignedTx.valueWei,\n            chainId: unsignedTx.chainId,\n            broadcast: true,\n          },\n        });\n\n        if (\n          executionResult.mode === \"steward\" &&\n          executionResult.pendingApproval\n        ) {\n          sendJsonResponse(res, 200, {\n            ok: true,\n            side: quote.side,\n            mode: \"steward\",\n            quote,\n            executed: false,\n            requiresUserSignature: false,\n            unsignedTx,\n            unsignedApprovalTx,\n            requiresApproval,\n            approvalHash,\n            execution: {\n              status: \"pending_approval\",\n              policyResults: executionResult.policyResults,\n            },\n          });\n          return true;\n        }\n\n        finalHash = \"txHash\" in executionResult ? executionResult.txHash : \"\";\n      }\n\n      try {\n        const tradeSource =\n          body.source === \"agent\" || body.source === \"manual\"\n            ? body.source\n            : \"manual\";\n\n        recordWalletTradeLedgerEntry({\n          hash: finalHash,\n          source: tradeSource,\n          side: quote.side,\n          tokenAddress: quote.tokenAddress,\n          slippageBps: quote.slippageBps,\n          route: quote.route,\n          quoteIn: {\n            symbol: quote.quoteIn.symbol,\n            amount: quote.quoteIn.amount,\n            amountWei: quote.quoteIn.amountWei,\n          },\n          quoteOut: {\n            symbol: quote.quoteOut.symbol,\n            amount: quote.quoteOut.amount,\n            amountWei: quote.quoteOut.amountWei,\n          },\n          status: \"pending\",\n          confirmations: 0,\n          nonce: finalNonce,\n          blockNumber: null,\n          gasUsed: null,\n          effectiveGasPriceWei: null,\n          explorerUrl: `${bscExecutionNetwork.explorerBaseUrl}/tx/${finalHash}`,\n        });\n      } catch (ledgerErr) {\n        logger.warn(\n          `[api] Failed to record trade ledger entry: ${ledgerErr instanceof Error ? ledgerErr.message : ledgerErr}`,\n        );\n      }\n\n      sendJsonResponse(res, 200, {\n        ok: true,\n        side: quote.side,\n        mode: finalMode,\n        quote,\n        executed: true,\n        requiresUserSignature: false,\n        unsignedTx,\n        unsignedApprovalTx,\n        requiresApproval,\n        execution: {\n          hash: finalHash,\n          nonce: finalNonce,\n          gasLimit: finalGasLimit,\n          valueWei: unsignedTx.valueWei,\n          explorerUrl: `${bscExecutionNetwork.explorerBaseUrl}/tx/${finalHash}`,\n          blockNumber: null,\n          status: \"pending\",\n          approvalHash,\n        },\n      });\n    } catch (err) {\n      if (isStewardPolicyRejection(err)) {\n        sendJsonResponse(res, 403, {\n          ok: false,\n          mode: \"steward\",\n          executed: false,\n          requiresUserSignature: false,\n          error: err.message,\n          execution: {\n            status: \"rejected\",\n            policyResults: getStewardPolicyResults(err),\n          },\n        });\n        return true;\n      }\n\n      sendJsonErrorResponse(\n        res,\n        500,\n        `Trade execution failed: ${err instanceof Error ? err.message : \"unknown error\"}`,\n      );\n    }\n    return true;\n  }\n\n  // ── POST /api/wallet/transfer/execute ──────────────────────────────────\n  if (method === \"POST\" && url.pathname === \"/api/wallet/transfer/execute\") {\n    if (!ensureCompatApiAuthorized(req, res)) {\n      return true;\n    }\n\n    const body = await readCompatJsonBody(req, res);\n    if (body == null) {\n      return true;\n    }\n\n    const toAddressRaw =\n      typeof body.toAddress === \"string\" ? body.toAddress.trim() : \"\";\n    const amount = typeof body.amount === \"string\" ? body.amount.trim() : \"\";\n    const assetSymbol =\n      typeof body.assetSymbol === \"string\" ? body.assetSymbol.trim() : \"\";\n\n    if (!toAddressRaw || !amount || !assetSymbol) {\n      sendJsonErrorResponse(\n        res,\n        400,\n        \"toAddress, amount, and assetSymbol are required\",\n      );\n      return true;\n    }\n\n    const config = loadElizaConfig();\n    const tradePermissionMode = _resolveTradePermissionMode(config);\n    const canExecuteLocally = _canUseLocalTradeExecution(\n      tradePermissionMode,\n      isAgentAutomationRequest(req),\n    );\n    const hasLocalKey = Boolean(process.env.EVM_PRIVATE_KEY?.trim());\n    const hasStewardSigner = isStewardConfigured();\n    const canSign = hasLocalKey || hasStewardSigner;\n    const addresses = getWalletAddresses();\n    const rpcReadiness = resolveWalletRpcReadiness(config);\n    const bscExecutionNetwork = resolveBscExecutionNetwork();\n\n    let toAddress: string;\n    try {\n      toAddress = ethers.getAddress(toAddressRaw);\n    } catch {\n      sendJsonErrorResponse(\n        res,\n        400,\n        \"Invalid toAddress — must be a valid EVM address\",\n      );\n      return true;\n    }\n\n    const isBnb = assetSymbol.toUpperCase() === \"BNB\";\n    let decimals = 18;\n    if (typeof body.tokenAddress === \"string\" && body.tokenAddress.trim()) {\n      const provider = new ethers.JsonRpcProvider(\n        resolvePrimaryBscRpcUrl({\n          rpcUrls: rpcReadiness.bscRpcUrls,\n          cloudManagedAccess: rpcReadiness.cloudManagedAccess,\n        }) ?? \"https://bsc-dataseed1.binance.org/\",\n      );\n      try {\n        const tokenContract = new ethers.Contract(\n          body.tokenAddress,\n          [\"function decimals() view returns (uint8)\"],\n          provider,\n        );\n        decimals = Number(await tokenContract.decimals());\n      } finally {\n        provider.destroy();\n      }\n    }\n\n    const unsignedTx = {\n      chainId: bscExecutionNetwork.chainId,\n      from: addresses.evmAddress ?? null,\n      to:\n        isBnb || typeof body.tokenAddress !== \"string\"\n          ? toAddress\n          : body.tokenAddress,\n      data: isBnb\n        ? \"0x\"\n        : new ethers.Interface([\n            \"function transfer(address to, uint256 amount) returns (bool)\",\n          ]).encodeFunctionData(\"transfer\", [\n            toAddress,\n            ethers.parseUnits(amount, decimals),\n          ]),\n      valueWei: isBnb ? ethers.parseEther(amount).toString() : \"0\",\n      explorerUrl: bscExecutionNetwork.explorerBaseUrl,\n      assetSymbol,\n      amount,\n      tokenAddress:\n        typeof body.tokenAddress === \"string\" ? body.tokenAddress : undefined,\n    };\n\n    if (!canSign || !canExecuteLocally || body.confirm !== true) {\n      sendJsonResponse(res, 200, {\n        ok: true,\n        mode: resolveWalletExecutionMode(\n          canSign,\n          canExecuteLocally,\n          hasStewardSigner,\n        ),\n        executed: false,\n        requiresUserSignature: true,\n        toAddress,\n        amount,\n        assetSymbol,\n        tokenAddress: unsignedTx.tokenAddress,\n        unsignedTx,\n      });\n      return true;\n    }\n\n    const _rpcUrl = resolvePrimaryBscRpcUrl({\n      rpcUrls: rpcReadiness.bscRpcUrls,\n      cloudManagedAccess: rpcReadiness.cloudManagedAccess,\n    });\n\n    try {\n      let finalHash = \"\";\n      let finalNonce: number | null = null;\n      let finalGasLimit = \"0\";\n      let finalMode: \"local-key\" | \"steward\" = hasLocalKey\n        ? \"local-key\"\n        : \"steward\";\n\n      if (hasLocalKey && canExecuteLocally) {\n        if (!_rpcUrl) {\n          sendJsonErrorResponse(\n            res,\n            503,\n            \"BSC RPC not configured for local execution\",\n          );\n          return true;\n        }\n\n        const localExecution = await sendLocalWalletTransaction(_rpcUrl, {\n          to: unsignedTx.to,\n          data: unsignedTx.data,\n          value: BigInt(unsignedTx.valueWei),\n          chainId: unsignedTx.chainId,\n        });\n        finalHash = localExecution.hash;\n        finalNonce = localExecution.nonce;\n        finalGasLimit = localExecution.gasLimit;\n      } else {\n        finalMode = \"steward\";\n        const executionResult = await signTransactionWithOptionalSteward({\n          evmAddress: addresses.evmAddress,\n          tx: {\n            to: unsignedTx.to,\n            data: unsignedTx.data,\n            value: unsignedTx.valueWei,\n            chainId: unsignedTx.chainId,\n            broadcast: true,\n          },\n        });\n\n        if (\n          executionResult.mode === \"steward\" &&\n          executionResult.pendingApproval\n        ) {\n          sendJsonResponse(res, 200, {\n            ok: true,\n            mode: \"steward\",\n            executed: false,\n            requiresUserSignature: false,\n            toAddress,\n            amount,\n            assetSymbol,\n            tokenAddress: unsignedTx.tokenAddress,\n            unsignedTx,\n            execution: {\n              status: \"pending_approval\",\n              policyResults: executionResult.policyResults,\n            },\n          });\n          return true;\n        }\n\n        finalHash = \"txHash\" in executionResult ? executionResult.txHash : \"\";\n      }\n\n      sendJsonResponse(res, 200, {\n        ok: true,\n        mode: finalMode,\n        executed: true,\n        requiresUserSignature: false,\n        toAddress,\n        amount,\n        assetSymbol,\n        tokenAddress: unsignedTx.tokenAddress,\n        unsignedTx,\n        execution: {\n          hash: finalHash,\n          nonce: finalNonce,\n          gasLimit: finalGasLimit,\n          valueWei: unsignedTx.valueWei,\n          explorerUrl: `${bscExecutionNetwork.explorerBaseUrl}/tx/${finalHash}`,\n          blockNumber: null,\n          status: \"pending\",\n        },\n      });\n    } catch (err) {\n      if (isStewardPolicyRejection(err)) {\n        sendJsonResponse(res, 403, {\n          ok: false,\n          mode: \"steward\",\n          executed: false,\n          requiresUserSignature: false,\n          error: err.message,\n          execution: {\n            status: \"rejected\",\n            policyResults: getStewardPolicyResults(err),\n          },\n        });\n        return true;\n      }\n\n      sendJsonErrorResponse(\n        res,\n        500,\n        `Transfer failed: ${err instanceof Error ? err.message : \"unknown error\"}`,\n      );\n    }\n    return true;\n  }\n\n  return false;\n}\n"],"mappings":"AAQA,SAAS,uBAAuB;AAChC,SAAS,iCAAiC;AAC1C;AAAA,EAEE;AAAA,OACK;AACP;AAAA,EACE,iBAAiB;AAAA,EACjB,YAAY;AAAA,OACP;AACP,SAAS,cAAc;AACvB;AAAA,EACE,6BAA6B;AAAA,EAC7B,8BAA8B;AAAA,OACzB;AACP,SAA4B,uBAAuB;AACnD,YAAY,YAAY;AACxB;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,0BAA0B;AACnC,SAAS,iCAAiC;AAC1C,SAAS,oCAAoC;AAC7C;AAAA,EACE;AAAA,EACA;AAAA,OACK;AAMP,MAAM,0BAA0B;AAMhC,SAAS,yBACP,KACS;AACT,QAAM,MAAM,IAAI,QAAQ,uBAAuB;AAC/C,SAAO,OAAO,QAAQ,YAAY,wBAAwB,KAAK,IAAI,KAAK,CAAC;AAC3E;AAEA,SAAS,6BAGP;AACA,MAAI,QAAQ,IAAI,sBAAsB,KAAK,EAAE,YAAY,MAAM,WAAW;AACxE,UAAM,gBAAgB,OAAO;AAAA,MAC3B,QAAQ,IAAI,sBAAsB,KAAK,KAAK;AAAA,MAC5C;AAAA,IACF;AACA,WAAO;AAAA,MACL,SAAS,OAAO,MAAM,aAAa,IAAI,KAAK;AAAA,MAC5C,iBAAiB;AAAA,IACnB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,SAAS;AAAA,IACT,iBAAiB;AAAA,EACnB;AACF;AAEA,SAAS,2BACP,SACA,mBACA,kBACuC;AACvC,MAAI,CAAC,WAAW,CAAC,mBAAmB;AAClC,WAAO;AAAA,EACT;AAEA,SAAO,mBAAmB,YAAY;AACxC;AASA,eAAe,2BACb,QACA,IAOuC;AACvC,QAAM,SAAS,QAAQ,IAAI,mBAAmB;AAC9C,QAAM,WAAW,IAAI,OAAO,gBAAgB,MAAM;AAElD,MAAI;AACF,UAAM,SAAS,IAAI,OAAO;AAAA,MACxB,OAAO,WAAW,IAAI,IAAI,SAAS,KAAK,MAAM;AAAA,MAC9C;AAAA,IACF;AACA,UAAM,aAAa,MAAM,OAAO,gBAAgB,EAAE;AAClD,WAAO;AAAA,MACL,MAAM,WAAW;AAAA,MACjB,OAAO,WAAW;AAAA,MAClB,UAAU,WAAW,UAAU,SAAS,KAAK;AAAA,IAC/C;AAAA,EACF,UAAE;AACA,aAAS,QAAQ;AAAA,EACnB;AACF;AAEA,SAAS,wBAAwB,OAAwC;AACvE,MACE,MAAM,QACN,OAAO,MAAM,SAAS,YACtB,aAAa,MAAM,QACnB,MAAM,QAAQ,MAAM,KAAK,OAAO,GAChC;AACA,WAAO,MAAM,KAAK;AAAA,EACpB;AAEA,SAAO,CAAC;AACV;AAEA,SAAS,yBAAyB,OAA0C;AAC1E,SAAO,iBAAiB,mBAAmB,MAAM,WAAW;AAC9D;AAMA,eAAsB,8BACpB,KACA,KACA,QACkB;AAClB,QAAM,UAAU,IAAI,UAAU,OAAO,YAAY;AACjD,QAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,kBAAkB;AAGtD,MAAI,WAAW,UAAU,IAAI,aAAa,6BAA6B;AACrE,QAAI,CAAC,0BAA0B,KAAK,GAAG,GAAG;AACxC,aAAO;AAAA,IACT;AAEA,UAAM,OAAO,MAAM,mBAAmB,KAAK,GAAG;AAC9C,QAAI,QAAQ,MAAM;AAChB,aAAO;AAAA,IACT;AAEA,UAAM,OAAO,OAAO,KAAK,SAAS,WAAW,KAAK,OAAO;AACzD,UAAM,eACJ,OAAO,KAAK,iBAAiB,WAAW,KAAK,eAAe;AAC9D,UAAM,SAAS,OAAO,KAAK,WAAW,WAAW,KAAK,SAAS;AAC/D,UAAM,gBACJ,KAAK,kBAAkB,QACvB,KAAK,kBAAkB,oBACvB,KAAK,kBAAkB,SACnB,KAAK,gBACL;AAEN,QAAI,CAAC,QAAQ,CAAC,gBAAgB,CAAC,QAAQ;AACrC;AAAA,QACE;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAEA,QAAI,SAAS,SAAS,SAAS,QAAQ;AACrC,4BAAsB,KAAK,KAAK,8BAA8B;AAC9D,aAAO;AAAA,IACT;AAEA,UAAM,SAAS,gBAAgB;AAC/B,UAAM,sBAAsB,4BAA4B,MAAM;AAC9D,UAAM,oBAAoB;AAAA,MACxB;AAAA,MACA,yBAAyB,GAAG;AAAA,IAC9B;AACA,UAAM,YAAY,mBAAmB;AACrC,UAAM,gBAAgB,UAAU,cAAc;AAC9C,UAAM,cAAc,QAAQ,QAAQ,IAAI,iBAAiB,KAAK,CAAC;AAC/D,UAAM,mBAAmB,oBAAoB;AAC7C,UAAM,UAAU,eAAe;AAC/B,UAAM,eAAe,0BAA0B,MAAM;AACrD,UAAM,sBAAsB,2BAA2B;AAEvD,QAAI;AACF,YAAM,QAAQ,MAAM,mBAAmB;AAAA,QACrC;AAAA,QACA,SAAS,aAAa;AAAA,QACtB,oBAAoB,aAAa;AAAA,QACjC,SAAS;AAAA,UACP;AAAA,UACA;AAAA,UACA;AAAA,UACA,aACE,OAAO,KAAK,gBAAgB,WAAW,KAAK,cAAc;AAAA,UAC5D;AAAA,QACF;AAAA,MACF,CAAC;AAED,YAAM,aACJ,MAAM,SAAS,QACX;AAAA,QACE;AAAA,QACA;AAAA,QACA,OAAO,KAAK,oBAAoB,WAC5B,KAAK,kBACL;AAAA,MACN,IACA;AAAA,QACE;AAAA,QACA;AAAA,QACA,OAAO,KAAK,oBAAoB,WAC5B,KAAK,kBACL;AAAA,MACN;AAEN,UAAI;AAGJ,UAAI,mBAAmB;AACvB,UAAI,MAAM,SAAS,UAAU,eAAe;AAC1C,6BAAqB;AAAA,UACnB,MAAM;AAAA,UACN;AAAA,UACA,0BAA0B,KAAK;AAAA,UAC/B,MAAM,QAAQ;AAAA,QAChB;AACA,2BAAmB;AAAA,MACrB;AAEA,UAAI,CAAC,WAAW,CAAC,qBAAqB,KAAK,YAAY,MAAM;AAC3D,yBAAiB,KAAK,KAAK;AAAA,UACzB,IAAI;AAAA,UACJ,MAAM,MAAM;AAAA,UACZ,MAAM;AAAA,YACJ;AAAA,YACA;AAAA,YACA;AAAA,UACF;AAAA,UACA;AAAA,UACA,UAAU;AAAA,UACV,uBAAuB;AAAA,UACvB;AAAA,UACA;AAAA,UACA;AAAA,QACF,CAAC;AACD,eAAO;AAAA,MACT;AAEA,YAAM,SAAS,wBAAwB;AAAA,QACrC,SAAS,aAAa;AAAA,QACtB,oBAAoB,aAAa;AAAA,MACnC,CAAC;AAED,UAAI;AACJ,UAAI,YAAY;AAChB,UAAI,aAA4B;AAChC,UAAI,gBAAgB;AACpB,UAAI,YAAqC,cACrC,cACA;AAEJ,UAAI,eAAe,mBAAmB;AACpC,YAAI,CAAC,QAAQ;AACX;AAAA,YACE;AAAA,YACA;AAAA,YACA;AAAA,UACF;AACA,iBAAO;AAAA,QACT;AAEA,YAAI,oBAAoB,oBAAoB;AAC1C,gBAAM,iBAAiB,MAAM,2BAA2B,QAAQ;AAAA,YAC9D,IAAI,mBAAmB;AAAA,YACvB,MAAM,mBAAmB;AAAA,YACzB,OAAO,OAAO,mBAAmB,QAAQ;AAAA,YACzC,SAAS,mBAAmB;AAAA,UAC9B,CAAC;AACD,yBAAe,eAAe;AAC9B,gBAAM,WAAW,IAAI,OAAO,gBAAgB,MAAM;AAClD,cAAI;AACF,kBAAM,SAAS,mBAAmB,cAAc,CAAC;AAAA,UACnD,UAAE;AACA,qBAAS,QAAQ;AAAA,UACnB;AAAA,QACF;AAEA,cAAM,iBAAiB,MAAM,2BAA2B,QAAQ;AAAA,UAC9D,IAAI,WAAW;AAAA,UACf,MAAM,WAAW;AAAA,UACjB,OAAO,OAAO,WAAW,QAAQ;AAAA,UACjC,SAAS,WAAW;AAAA,QACtB,CAAC;AACD,oBAAY,eAAe;AAC3B,qBAAa,eAAe;AAC5B,wBAAgB,eAAe;AAAA,MACjC,OAAO;AACL,oBAAY;AACZ,YAAI,oBAAoB,oBAAoB;AAC1C,gBAAM,iBAAiB,MAAM,mCAAmC;AAAA,YAC9D,YAAY;AAAA,YACZ,IAAI;AAAA,cACF,IAAI,mBAAmB;AAAA,cACvB,MAAM,mBAAmB;AAAA,cACzB,OAAO,mBAAmB;AAAA,cAC1B,SAAS,mBAAmB;AAAA,cAC5B,WAAW;AAAA,YACb;AAAA,UACF,CAAC;AAED,cACE,eAAe,SAAS,aACxB,eAAe,iBACf;AACA,6BAAiB,KAAK,KAAK;AAAA,cACzB,IAAI;AAAA,cACJ,MAAM,MAAM;AAAA,cACZ,MAAM;AAAA,cACN;AAAA,cACA,UAAU;AAAA,cACV,uBAAuB;AAAA,cACvB;AAAA,cACA;AAAA,cACA;AAAA,cACA,UAAU;AAAA,gBACR,QAAQ;AAAA,gBACR,eAAe,eAAe;AAAA,cAChC;AAAA,YACF,CAAC;AACD,mBAAO;AAAA,UACT;AAEA,yBACE,YAAY,iBAAiB,eAAe,SAAS;AAEvD,cAAI,eAAe,SAAS,aAAa,QAAQ;AAC/C,kBAAM,WAAW,IAAI,OAAO,gBAAgB,MAAM;AAClD,gBAAI;AACF,oBAAM,SAAS,mBAAmB,cAAc,CAAC;AAAA,YACnD,UAAE;AACA,uBAAS,QAAQ;AAAA,YACnB;AAAA,UACF;AAAA,QACF;AAEA,cAAM,kBAAkB,MAAM,mCAAmC;AAAA,UAC/D,YAAY;AAAA,UACZ,IAAI;AAAA,YACF,IAAI,WAAW;AAAA,YACf,MAAM,WAAW;AAAA,YACjB,OAAO,WAAW;AAAA,YAClB,SAAS,WAAW;AAAA,YACpB,WAAW;AAAA,UACb;AAAA,QACF,CAAC;AAED,YACE,gBAAgB,SAAS,aACzB,gBAAgB,iBAChB;AACA,2BAAiB,KAAK,KAAK;AAAA,YACzB,IAAI;AAAA,YACJ,MAAM,MAAM;AAAA,YACZ,MAAM;AAAA,YACN;AAAA,YACA,UAAU;AAAA,YACV,uBAAuB;AAAA,YACvB;AAAA,YACA;AAAA,YACA;AAAA,YACA;AAAA,YACA,WAAW;AAAA,cACT,QAAQ;AAAA,cACR,eAAe,gBAAgB;AAAA,YACjC;AAAA,UACF,CAAC;AACD,iBAAO;AAAA,QACT;AAEA,oBAAY,YAAY,kBAAkB,gBAAgB,SAAS;AAAA,MACrE;AAEA,UAAI;AACF,cAAM,cACJ,KAAK,WAAW,WAAW,KAAK,WAAW,WACvC,KAAK,SACL;AAEN,qCAA6B;AAAA,UAC3B,MAAM;AAAA,UACN,QAAQ;AAAA,UACR,MAAM,MAAM;AAAA,UACZ,cAAc,MAAM;AAAA,UACpB,aAAa,MAAM;AAAA,UACnB,OAAO,MAAM;AAAA,UACb,SAAS;AAAA,YACP,QAAQ,MAAM,QAAQ;AAAA,YACtB,QAAQ,MAAM,QAAQ;AAAA,YACtB,WAAW,MAAM,QAAQ;AAAA,UAC3B;AAAA,UACA,UAAU;AAAA,YACR,QAAQ,MAAM,SAAS;AAAA,YACvB,QAAQ,MAAM,SAAS;AAAA,YACvB,WAAW,MAAM,SAAS;AAAA,UAC5B;AAAA,UACA,QAAQ;AAAA,UACR,eAAe;AAAA,UACf,OAAO;AAAA,UACP,aAAa;AAAA,UACb,SAAS;AAAA,UACT,sBAAsB;AAAA,UACtB,aAAa,GAAG,oBAAoB,eAAe,OAAO,SAAS;AAAA,QACrE,CAAC;AAAA,MACH,SAAS,WAAW;AAClB,eAAO;AAAA,UACL,8CAA8C,qBAAqB,QAAQ,UAAU,UAAU,SAAS;AAAA,QAC1G;AAAA,MACF;AAEA,uBAAiB,KAAK,KAAK;AAAA,QACzB,IAAI;AAAA,QACJ,MAAM,MAAM;AAAA,QACZ,MAAM;AAAA,QACN;AAAA,QACA,UAAU;AAAA,QACV,uBAAuB;AAAA,QACvB;AAAA,QACA;AAAA,QACA;AAAA,QACA,WAAW;AAAA,UACT,MAAM;AAAA,UACN,OAAO;AAAA,UACP,UAAU;AAAA,UACV,UAAU,WAAW;AAAA,UACrB,aAAa,GAAG,oBAAoB,eAAe,OAAO,SAAS;AAAA,UACnE,aAAa;AAAA,UACb,QAAQ;AAAA,UACR;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,UAAI,yBAAyB,GAAG,GAAG;AACjC,yBAAiB,KAAK,KAAK;AAAA,UACzB,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,UAAU;AAAA,UACV,uBAAuB;AAAA,UACvB,OAAO,IAAI;AAAA,UACX,WAAW;AAAA,YACT,QAAQ;AAAA,YACR,eAAe,wBAAwB,GAAG;AAAA,UAC5C;AAAA,QACF,CAAC;AACD,eAAO;AAAA,MACT;AAEA;AAAA,QACE;AAAA,QACA;AAAA,QACA,2BAA2B,eAAe,QAAQ,IAAI,UAAU,eAAe;AAAA,MACjF;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAGA,MAAI,WAAW,UAAU,IAAI,aAAa,gCAAgC;AACxE,QAAI,CAAC,0BAA0B,KAAK,GAAG,GAAG;AACxC,aAAO;AAAA,IACT;AAEA,UAAM,OAAO,MAAM,mBAAmB,KAAK,GAAG;AAC9C,QAAI,QAAQ,MAAM;AAChB,aAAO;AAAA,IACT;AAEA,UAAM,eACJ,OAAO,KAAK,cAAc,WAAW,KAAK,UAAU,KAAK,IAAI;AAC/D,UAAM,SAAS,OAAO,KAAK,WAAW,WAAW,KAAK,OAAO,KAAK,IAAI;AACtE,UAAM,cACJ,OAAO,KAAK,gBAAgB,WAAW,KAAK,YAAY,KAAK,IAAI;AAEnE,QAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,aAAa;AAC5C;AAAA,QACE;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAEA,UAAM,SAAS,gBAAgB;AAC/B,UAAM,sBAAsB,4BAA4B,MAAM;AAC9D,UAAM,oBAAoB;AAAA,MACxB;AAAA,MACA,yBAAyB,GAAG;AAAA,IAC9B;AACA,UAAM,cAAc,QAAQ,QAAQ,IAAI,iBAAiB,KAAK,CAAC;AAC/D,UAAM,mBAAmB,oBAAoB;AAC7C,UAAM,UAAU,eAAe;AAC/B,UAAM,YAAY,mBAAmB;AACrC,UAAM,eAAe,0BAA0B,MAAM;AACrD,UAAM,sBAAsB,2BAA2B;AAEvD,QAAI;AACJ,QAAI;AACF,kBAAY,OAAO,WAAW,YAAY;AAAA,IAC5C,QAAQ;AACN;AAAA,QACE;AAAA,QACA;AAAA,QACA;AAAA,MACF;AACA,aAAO;AAAA,IACT;AAEA,UAAM,QAAQ,YAAY,YAAY,MAAM;AAC5C,QAAI,WAAW;AACf,QAAI,OAAO,KAAK,iBAAiB,YAAY,KAAK,aAAa,KAAK,GAAG;AACrE,YAAM,WAAW,IAAI,OAAO;AAAA,QAC1B,wBAAwB;AAAA,UACtB,SAAS,aAAa;AAAA,UACtB,oBAAoB,aAAa;AAAA,QACnC,CAAC,KAAK;AAAA,MACR;AACA,UAAI;AACF,cAAM,gBAAgB,IAAI,OAAO;AAAA,UAC/B,KAAK;AAAA,UACL,CAAC,0CAA0C;AAAA,UAC3C;AAAA,QACF;AACA,mBAAW,OAAO,MAAM,cAAc,SAAS,CAAC;AAAA,MAClD,UAAE;AACA,iBAAS,QAAQ;AAAA,MACnB;AAAA,IACF;AAEA,UAAM,aAAa;AAAA,MACjB,SAAS,oBAAoB;AAAA,MAC7B,MAAM,UAAU,cAAc;AAAA,MAC9B,IACE,SAAS,OAAO,KAAK,iBAAiB,WAClC,YACA,KAAK;AAAA,MACX,MAAM,QACF,OACA,IAAI,OAAO,UAAU;AAAA,QACnB;AAAA,MACF,CAAC,EAAE,mBAAmB,YAAY;AAAA,QAChC;AAAA,QACA,OAAO,WAAW,QAAQ,QAAQ;AAAA,MACpC,CAAC;AAAA,MACL,UAAU,QAAQ,OAAO,WAAW,MAAM,EAAE,SAAS,IAAI;AAAA,MACzD,aAAa,oBAAoB;AAAA,MACjC;AAAA,MACA;AAAA,MACA,cACE,OAAO,KAAK,iBAAiB,WAAW,KAAK,eAAe;AAAA,IAChE;AAEA,QAAI,CAAC,WAAW,CAAC,qBAAqB,KAAK,YAAY,MAAM;AAC3D,uBAAiB,KAAK,KAAK;AAAA,QACzB,IAAI;AAAA,QACJ,MAAM;AAAA,UACJ;AAAA,UACA;AAAA,UACA;AAAA,QACF;AAAA,QACA,UAAU;AAAA,QACV,uBAAuB;AAAA,QACvB;AAAA,QACA;AAAA,QACA;AAAA,QACA,cAAc,WAAW;AAAA,QACzB;AAAA,MACF,CAAC;AACD,aAAO;AAAA,IACT;AAEA,UAAM,UAAU,wBAAwB;AAAA,MACtC,SAAS,aAAa;AAAA,MACtB,oBAAoB,aAAa;AAAA,IACnC,CAAC;AAED,QAAI;AACF,UAAI,YAAY;AAChB,UAAI,aAA4B;AAChC,UAAI,gBAAgB;AACpB,UAAI,YAAqC,cACrC,cACA;AAEJ,UAAI,eAAe,mBAAmB;AACpC,YAAI,CAAC,SAAS;AACZ;AAAA,YACE;AAAA,YACA;AAAA,YACA;AAAA,UACF;AACA,iBAAO;AAAA,QACT;AAEA,cAAM,iBAAiB,MAAM,2BAA2B,SAAS;AAAA,UAC/D,IAAI,WAAW;AAAA,UACf,MAAM,WAAW;AAAA,UACjB,OAAO,OAAO,WAAW,QAAQ;AAAA,UACjC,SAAS,WAAW;AAAA,QACtB,CAAC;AACD,oBAAY,eAAe;AAC3B,qBAAa,eAAe;AAC5B,wBAAgB,eAAe;AAAA,MACjC,OAAO;AACL,oBAAY;AACZ,cAAM,kBAAkB,MAAM,mCAAmC;AAAA,UAC/D,YAAY,UAAU;AAAA,UACtB,IAAI;AAAA,YACF,IAAI,WAAW;AAAA,YACf,MAAM,WAAW;AAAA,YACjB,OAAO,WAAW;AAAA,YAClB,SAAS,WAAW;AAAA,YACpB,WAAW;AAAA,UACb;AAAA,QACF,CAAC;AAED,YACE,gBAAgB,SAAS,aACzB,gBAAgB,iBAChB;AACA,2BAAiB,KAAK,KAAK;AAAA,YACzB,IAAI;AAAA,YACJ,MAAM;AAAA,YACN,UAAU;AAAA,YACV,uBAAuB;AAAA,YACvB;AAAA,YACA;AAAA,YACA;AAAA,YACA,cAAc,WAAW;AAAA,YACzB;AAAA,YACA,WAAW;AAAA,cACT,QAAQ;AAAA,cACR,eAAe,gBAAgB;AAAA,YACjC;AAAA,UACF,CAAC;AACD,iBAAO;AAAA,QACT;AAEA,oBAAY,YAAY,kBAAkB,gBAAgB,SAAS;AAAA,MACrE;AAEA,uBAAiB,KAAK,KAAK;AAAA,QACzB,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,UAAU;AAAA,QACV,uBAAuB;AAAA,QACvB;AAAA,QACA;AAAA,QACA;AAAA,QACA,cAAc,WAAW;AAAA,QACzB;AAAA,QACA,WAAW;AAAA,UACT,MAAM;AAAA,UACN,OAAO;AAAA,UACP,UAAU;AAAA,UACV,UAAU,WAAW;AAAA,UACrB,aAAa,GAAG,oBAAoB,eAAe,OAAO,SAAS;AAAA,UACnE,aAAa;AAAA,UACb,QAAQ;AAAA,QACV;AAAA,MACF,CAAC;AAAA,IACH,SAAS,KAAK;AACZ,UAAI,yBAAyB,GAAG,GAAG;AACjC,yBAAiB,KAAK,KAAK;AAAA,UACzB,IAAI;AAAA,UACJ,MAAM;AAAA,UACN,UAAU;AAAA,UACV,uBAAuB;AAAA,UACvB,OAAO,IAAI;AAAA,UACX,WAAW;AAAA,YACT,QAAQ;AAAA,YACR,eAAe,wBAAwB,GAAG;AAAA,UAC5C;AAAA,QACF,CAAC;AACD,eAAO;AAAA,MACT;AAEA;AAAA,QACE;AAAA,QACA;AAAA,QACA,oBAAoB,eAAe,QAAQ,IAAI,UAAU,eAAe;AAAA,MAC1E;AAAA,IACF;AACA,WAAO;AAAA,EACT;AAEA,SAAO;AACT;","names":[]}

package/dist/security/hydrate-wallet-keys-from-platform-store.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Fills `process.env` wallet keys from the OS secret store when the key is
+ * unset/blank. Runs before upstream `startApiServer` merges `config.env`, so
+ * persisted config only fills gaps the store did not supply.
+ */
+export declare function hydrateWalletKeysFromNodePlatformSecureStore(): Promise<void>;
+//# sourceMappingURL=hydrate-wallet-keys-from-platform-store.d.ts.map

package/dist/security/hydrate-wallet-keys-from-platform-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hydrate-wallet-keys-from-platform-store.d.ts","sourceRoot":"","sources":["../../src/security/hydrate-wallet-keys-from-platform-store.ts"],"names":[],"mappings":"AAgBA;;;;GAIG;AACH,wBAAsB,4CAA4C,IAAI,OAAO,CAAC,IAAI,CAAC,CA6BlF"}