@execra/core 1.0.0

package/dist/vault/index.js

@@ -0,0 +1,580 @@
+#!/usr/bin/env node
+
+// src/vault/mnemonic.ts
+import * as bip39 from "bip39";
+function generateMnemonic2(strength = 12) {
+  const mnemonic = bip39.generateMnemonic(strength == 12 ? 128 : 256);
+  const wordCount = strength;
+  return { mnemonic, wordCount };
+}
+function validateMnemonic2(mnemonic) {
+  const cleaned = cleanMnemonic(mnemonic);
+  return bip39.validateMnemonic(cleaned);
+}
+async function mnemonicToSeed2(mnemonic, passphrase = "") {
+  const cleaned = cleanMnemonic(mnemonic);
+  if (!validateMnemonic2(cleaned)) {
+    throw new Error("Invalid mnemonic: failed wordlist or checksum validation");
+  }
+  return bip39.mnemonicToSeed(cleaned, passphrase);
+}
+function mnemonicToNumberedWords(mnemonic) {
+  return cleanMnemonic(mnemonic).split(" ").map((word, i) => `${i + 1}. ${word}`);
+}
+function wordsToMnemonic(words) {
+  return words.map((w) => w.trim().toLowerCase()).join(" ");
+}
+function cleanMnemonic(mnemonic) {
+  return mnemonic.trim().toLowerCase().replace(/\s+/g, " ");
+}
+
+// src/vault/keystore.ts
+import crypto from "crypto";
+import fs from "fs";
+import os from "os";
+import path from "path";
+var VAULT_VERSION = 1;
+var PBKDF2_ITERATIONS = 21e4;
+var PBKDF2_DIGEST = "sha512";
+var KEY_LENGTH = 32;
+var SALT_LENGTH = 32;
+var IV_LENGTH = 16;
+var CIPHER = "aes-256-gcm";
+function getWalletDir() {
+  return path.join(os.homedir(), ".wallet");
+}
+function getVaultPath() {
+  return path.join(getWalletDir(), "vault.enc");
+}
+function getConfigPath() {
+  return path.join(getWalletDir(), "config.json");
+}
+function getSessionsPath() {
+  return path.join(getWalletDir(), "sessions.json");
+}
+var SESSIONS_FILE = getSessionsPath();
+function ensureWalletDir() {
+  const dir = getWalletDir();
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true, mode: 448 });
+  }
+}
+function vaultExists() {
+  return fs.existsSync(getVaultPath());
+}
+async function saveVault(data, password) {
+  ensureWalletDir();
+  const salt = crypto.randomBytes(SALT_LENGTH);
+  const iv = crypto.randomBytes(IV_LENGTH);
+  const key = await deriveKey(password, salt);
+  const plaintext = JSON.stringify(data);
+  const cipher = crypto.createCipheriv(CIPHER, key, iv);
+  const encrypted = Buffer.concat([
+    cipher.update(plaintext, "utf8"),
+    cipher.final()
+  ]);
+  const authTag = cipher.getAuthTag();
+  const vault = {
+    version: VAULT_VERSION,
+    salt: salt.toString("hex"),
+    iv: iv.toString("hex"),
+    authTag: authTag.toString("hex"),
+    ciphertext: encrypted.toString("hex")
+  };
+  fs.writeFileSync(getVaultPath(), JSON.stringify(vault, null, 2), {
+    mode: 384
+    // owner read/write only
+  });
+}
+async function loadVault(password) {
+  if (!vaultExists()) {
+    throw new Error("No vault found. Run `wallet init` to create one.");
+  }
+  const raw = fs.readFileSync(getVaultPath(), "utf8");
+  const vault = JSON.parse(raw);
+  if (vault.version !== VAULT_VERSION) {
+    throw new Error(`Unsupported vault version: ${vault.version}`);
+  }
+  const salt = Buffer.from(vault.salt, "hex");
+  const iv = Buffer.from(vault.iv, "hex");
+  const authTag = Buffer.from(vault.authTag, "hex");
+  const ciphertext = Buffer.from(vault.ciphertext, "hex");
+  const key = await deriveKey(password, salt);
+  try {
+    const decipher = crypto.createDecipheriv(CIPHER, key, iv);
+    decipher.setAuthTag(authTag);
+    const decrypted = Buffer.concat([
+      decipher.update(ciphertext),
+      decipher.final()
+    ]);
+    return JSON.parse(decrypted.toString("utf8"));
+  } catch {
+    throw new Error("Decryption failed: wrong password or vault is corrupted.");
+  }
+}
+async function changePassword(oldPassword, newPassword) {
+  const data = await loadVault(oldPassword);
+  await saveVault(data, newPassword);
+}
+function deriveKey(password, salt) {
+  return new Promise((resolve, reject) => {
+    crypto.pbkdf2(
+      password,
+      salt,
+      PBKDF2_ITERATIONS,
+      KEY_LENGTH,
+      PBKDF2_DIGEST,
+      (err, key) => {
+        if (err) reject(err);
+        else resolve(key);
+      }
+    );
+  });
+}
+
+// src/vault/accounts.ts
+import { derivePath } from "ed25519-hd-key";
+import nacl from "tweetnacl";
+import bs58 from "bs58";
+function deriveAccount(seed, index, name = `Account ${index + 1}`) {
+  const path2 = derivationPath(index);
+  const { key: privateKeyBytes } = derivePath(path2, seed.toString("hex"));
+  const keypair = nacl.sign.keyPair.fromSeed(privateKeyBytes);
+  const publicKey = bs58.encode(Buffer.from(keypair.publicKey));
+  return {
+    index,
+    name,
+    publicKey,
+    secretKey: keypair.secretKey,
+    // 64 bytes: seed + public key
+    derivationPath: path2,
+    createdAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+function deriveAccounts(seed, accountStore) {
+  return accountStore.accounts.map(
+    (account) => deriveAccount(seed, account.index, account.name)
+  );
+}
+async function deriveAccountFromMnemonic(mnemonic, index, name, passphrase) {
+  const seed = await mnemonicToSeed2(mnemonic, passphrase);
+  return deriveAccount(seed, index, name);
+}
+function createAccountStore(firstAccountName = "Account 1") {
+  return {
+    accounts: [
+      {
+        index: 0,
+        name: firstAccountName,
+        publicKey: "",
+        // filled in after derivation
+        derivationPath: derivationPath(0),
+        createdAt: (/* @__PURE__ */ new Date()).toISOString()
+      }
+    ],
+    activeIndex: 0
+  };
+}
+function addAccount(store, seed, name) {
+  const nextIndex = store.accounts.length > 0 ? Math.max(...store.accounts.map((a) => a.index)) + 1 : 0;
+  const accountName = name ?? `Account ${nextIndex + 1}`;
+  const keypair = deriveAccount(seed, nextIndex, accountName);
+  const newAccount = {
+    index: nextIndex,
+    name: accountName,
+    publicKey: keypair.publicKey,
+    derivationPath: keypair.derivationPath,
+    createdAt: keypair.createdAt
+  };
+  const updatedStore = {
+    ...store,
+    accounts: [...store.accounts, newAccount]
+  };
+  return { store: updatedStore, keypair };
+}
+function setActiveAccount(store, index) {
+  const exists = store.accounts.find((a) => a.index === index);
+  if (!exists) {
+    throw new Error(`Account index ${index} does not exist.`);
+  }
+  return { ...store, activeIndex: index };
+}
+function renameAccount(store, index, newName) {
+  return {
+    ...store,
+    accounts: store.accounts.map(
+      (a) => a.index === index ? { ...a, name: newName } : a
+    )
+  };
+}
+function getActiveAccount(store) {
+  const account = store.accounts.find((a) => a.index === store.activeIndex);
+  if (!account) throw new Error("No active account found.");
+  return account;
+}
+function signMessage(message, secretKey) {
+  const signature = nacl.sign.detached(message, secretKey);
+  return bs58.encode(Buffer.from(signature));
+}
+function formatAccount(account, isActive) {
+  const activeMarker = isActive ? "\u25CF" : "\u25CB";
+  const shortKey = `${account.publicKey.slice(0, 4)}...${account.publicKey.slice(-4)}`;
+  return `${activeMarker} [${account.index}] ${account.name.padEnd(20)} ${shortKey}`;
+}
+function derivationPath(index) {
+  return `m/44'/501'/${index}'/0'`;
+}
+
+// src/vault/config.ts
+import fs2 from "fs";
+var HELIUS_API_KEY = process.env.HELIUS_API_KEY;
+var RPC_URLS = {
+  "mainnet-beta": HELIUS_API_KEY ? `https://mainnet.helius-rpc.com/?api-key=${HELIUS_API_KEY}` : "https://api.mainnet-beta.solana.com",
+  devnet: HELIUS_API_KEY ? `https://devnet.helius-rpc.com/?api-key=${HELIUS_API_KEY}` : "https://api.devnet.solana.com",
+  testnet: "https://api.testnet.solana.com",
+  localnet: "http://localhost:8899"
+};
+var CONFIG_VERSION = 1;
+function configExists() {
+  return fs2.existsSync(getConfigPath());
+}
+function loadConfig() {
+  if (!configExists()) {
+    throw new Error("No config found. Run `wallet init` first.");
+  }
+  const raw = fs2.readFileSync(getConfigPath(), "utf8");
+  return JSON.parse(raw);
+}
+function saveConfig(config) {
+  ensureWalletDir();
+  const updated = { ...config, updatedAt: (/* @__PURE__ */ new Date()).toISOString() };
+  fs2.writeFileSync(getConfigPath(), JSON.stringify(updated, null, 2), {
+    mode: 384
+  });
+}
+function createConfig(walletConnectProjectId = "", cluster = "devnet") {
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  return {
+    version: CONFIG_VERSION,
+    cluster,
+    rpcUrl: RPC_URLS[cluster],
+    walletConnectProjectId,
+    accountStore: createAccountStore("Account 1"),
+    createdAt: now,
+    updatedAt: now
+  };
+}
+function updateCluster(cluster) {
+  const config = loadConfig();
+  config.cluster = cluster;
+  config.rpcUrl = RPC_URLS[cluster];
+  saveConfig(config);
+}
+function updateRpcUrl(url) {
+  const config = loadConfig();
+  config.rpcUrl = url;
+  saveConfig(config);
+}
+function updateAccountStore(accountStore) {
+  const config = loadConfig();
+  config.accountStore = accountStore;
+  saveConfig(config);
+}
+function getRpcUrl() {
+  return loadConfig().rpcUrl;
+}
+function getCluster() {
+  return loadConfig().cluster;
+}
+function getAccountStore() {
+  return loadConfig().accountStore;
+}
+
+// src/vault/index.ts
+var WalletVault = class {
+  _keypairs = [];
+  _seed = null;
+  // cached for agent account derivation
+  _config = null;
+  _unlocked = false;
+  _mnemonic = null;
+  // ── Lifecycle ──────────────────────────────────────────────────────────────
+  /**
+   * Initialize a brand new wallet.
+   * Generates a mnemonic, encrypts it, writes config.
+   * Returns the mnemonic for the user to write down — shown ONCE.
+   */
+  async init(password, options = {}) {
+    if (vaultExists()) {
+      throw new Error(
+        "Wallet already exists. Use `wallet unlock` to access it."
+      );
+    }
+    const { mnemonic } = generateMnemonic2(options.strength ?? 12);
+    const vaultData = {
+      mnemonic,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+      version: 1
+    };
+    await saveVault(vaultData, password);
+    const config = createConfig(
+      options.walletConnectProjectId ?? "",
+      options.cluster ?? "devnet"
+    );
+    if (options.firstAccountName) {
+      config.accountStore.accounts[0].name = options.firstAccountName;
+    }
+    const seed = await mnemonicToSeed2(mnemonic);
+    const firstKeypair = deriveAccount(
+      seed,
+      0,
+      config.accountStore.accounts[0].name
+    );
+    config.accountStore.accounts[0].publicKey = firstKeypair.publicKey;
+    saveConfig(config);
+    return mnemonic;
+  }
+  /**
+   * Unlock the wallet for a session.
+   * Decrypts the vault, derives all account keypairs into memory.
+   */
+  async unlock(password) {
+    const vaultData = await loadVault(password);
+    const config = loadConfig();
+    const seed = await mnemonicToSeed2(vaultData.mnemonic);
+    this._seed = seed;
+    this._mnemonic = vaultData.mnemonic;
+    this._keypairs = deriveAccounts(seed, config.accountStore);
+    this._config = config;
+    this._unlocked = true;
+  }
+  /**
+   * Restore wallet from an existing mnemonic (import flow).
+   */
+  async restore(mnemonic, password, options = {}) {
+    if (!validateMnemonic2(mnemonic)) {
+      throw new Error("Invalid mnemonic phrase.");
+    }
+    const vaultData = {
+      mnemonic,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+      version: 1
+    };
+    await saveVault(vaultData, password);
+    const config = createConfig("", options.cluster ?? "devnet");
+    const seed = await mnemonicToSeed2(mnemonic);
+    const firstKeypair = deriveAccount(seed, 0, "Account 1");
+    config.accountStore.accounts[0].publicKey = firstKeypair.publicKey;
+    saveConfig(config);
+  }
+  lock() {
+    this._keypairs = [];
+    this._mnemonic = null;
+    this._seed = null;
+    this._config = null;
+    this._unlocked = false;
+  }
+  // ── Account Management ─────────────────────────────────────────────────────
+  /**
+   * Get the currently active keypair (used for signing + dApp connections).
+   */
+  getActiveKeypair() {
+    this.assertUnlocked();
+    const active = getActiveAccount(this._config.accountStore);
+    const keypair = this._keypairs.find((k) => k.index === active.index);
+    if (!keypair) throw new Error("Active keypair not found in session.");
+    return keypair;
+  }
+  /**
+   * Lock the wallet — wipe all keypairs from memory.
+   */
+  /**
+   * Returns the mnemonic — only available while unlocked.
+   * Used by agent_connect to derive new accounts on demand.
+   */
+  getMnemonic() {
+    if (!this._mnemonic) throw new Error("Wallet is locked");
+    return this._mnemonic;
+  }
+  /**
+   * Reload config and re-derive keypairs from seed.
+   * Call after adding new accounts so the vault picks them up.
+   */
+  async reload() {
+    if (!this._seed) throw new Error("Wallet is locked");
+    this._config = loadConfig();
+    this._keypairs = deriveAccounts(this._seed, this._config.accountStore);
+  }
+  /**
+   * Get a keypair by account index.
+   */
+  getKeypair(index) {
+    this.assertUnlocked();
+    const keypair = this._keypairs.find((k) => k.index === index);
+    if (!keypair) throw new Error(`Account ${index} not found.`);
+    return keypair;
+  }
+  /**
+   * Get all loaded keypairs.
+   */
+  getAllKeypairs() {
+    this.assertUnlocked();
+    return [...this._keypairs];
+  }
+  /**
+   * Add a new derived account.
+   */
+  async addAccount(name, password) {
+    this.assertUnlocked();
+    if (!password) throw new Error("Password required to add a new account.");
+    const vaultData = await loadVault(password);
+    const seed = await mnemonicToSeed2(vaultData.mnemonic);
+    const { store, keypair } = addAccount(
+      this._config.accountStore,
+      seed,
+      name
+    );
+    this._config.accountStore = store;
+    this._keypairs.push(keypair);
+    updateAccountStore(store);
+    return keypair;
+  }
+  /**
+   * Switch the active account.
+   */
+  setActiveAccount(index) {
+    this.assertUnlocked();
+    const updated = setActiveAccount(this._config.accountStore, index);
+    this._config.accountStore = updated;
+    updateAccountStore(updated);
+  }
+  /**
+   * Rename an account.
+   */
+  renameAccount(index, newName) {
+    this.assertUnlocked();
+    const updated = renameAccount(this._config.accountStore, index, newName);
+    this._config.accountStore = updated;
+    this._keypairs = this._keypairs.map(
+      (k) => k.index === index ? { ...k, name: newName } : k
+    );
+    updateAccountStore(updated);
+  }
+  // ── Display ────────────────────────────────────────────────────────────────
+  /**
+   * Format all accounts for terminal display.
+   */
+  listAccounts() {
+    this.assertUnlocked();
+    const activeIndex = this._config.accountStore.activeIndex;
+    return this._keypairs.map((k) => formatAccount(k, k.index === activeIndex));
+  }
+  /**
+   * Sign a message with the active account.
+   */
+  signMessage(message) {
+    const keypair = this.getActiveKeypair();
+    return signMessage(message, keypair.secretKey);
+  }
+  // ── State ──────────────────────────────────────────────────────────────────
+  get isUnlocked() {
+    return this._unlocked;
+  }
+  get config() {
+    this.assertUnlocked();
+    return this._config;
+  }
+  static exists() {
+    return vaultExists() && configExists();
+  }
+  /**
+   * Display mnemonic as numbered words — for backup verification flow.
+   */
+  static formatMnemonicForDisplay(mnemonic) {
+    const words = mnemonicToNumberedWords(mnemonic);
+    const cols = 3;
+    const rows = [];
+    for (let i = 0; i < words.length; i += cols) {
+      rows.push(
+        words.slice(i, i + cols).map((w) => w.padEnd(18)).join("  ")
+      );
+    }
+    return rows.join("\n");
+  }
+  // ── Internal ───────────────────────────────────────────────────────────────
+  assertUnlocked() {
+    if (!this._unlocked) {
+      throw new Error("Wallet is locked. Run `wallet unlock` first.");
+    }
+  }
+  /**
+   * Find an account by name or create it if it doesn't exist.
+   * Uses the cached seed — no password needed.
+   * This is the primary way agents acquire their account.
+   */
+  async findOrCreate(name) {
+    this.assertUnlocked();
+    const existing = this._keypairs.find((k) => k.name === name);
+    if (existing) return existing;
+    const nextIndex = this._config.accountStore.accounts.length;
+    const { store, keypair } = addAccount(
+      this._config.accountStore,
+      this._seed,
+      name
+    );
+    this._config.accountStore = store;
+    this._keypairs.push(keypair);
+    updateAccountStore(store);
+    console.log(
+      `[Vault] Created account "${name}" at index ${nextIndex} (${keypair.publicKey})`
+    );
+    return keypair;
+  }
+  /**
+   * Find an account by name. Returns null if not found.
+   */
+  findByName(name) {
+    this.assertUnlocked();
+    return this._keypairs.find((k) => k.name === name) ?? null;
+  }
+};
+export {
+  RPC_URLS,
+  SESSIONS_FILE,
+  WalletVault,
+  addAccount,
+  changePassword,
+  configExists,
+  createAccountStore,
+  createConfig,
+  deriveAccount,
+  deriveAccountFromMnemonic,
+  deriveAccounts,
+  ensureWalletDir,
+  formatAccount,
+  generateMnemonic2 as generateMnemonic,
+  getAccountStore,
+  getActiveAccount,
+  getCluster,
+  getConfigPath,
+  getRpcUrl,
+  getSessionsPath,
+  getVaultPath,
+  getWalletDir,
+  loadConfig,
+  loadVault,
+  mnemonicToNumberedWords,
+  mnemonicToSeed2 as mnemonicToSeed,
+  renameAccount,
+  saveConfig,
+  saveVault,
+  setActiveAccount,
+  signMessage,
+  updateAccountStore,
+  updateCluster,
+  updateRpcUrl,
+  validateMnemonic2 as validateMnemonic,
+  vaultExists,
+  wordsToMnemonic
+};
+//# sourceMappingURL=index.js.map

package/dist/vault/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/vault/mnemonic.ts","../../src/vault/keystore.ts","../../src/vault/accounts.ts","../../src/vault/config.ts","../../src/vault/index.ts"],"sourcesContent":["/**\n *\n * BIP-39 mnemonic generation, validation, and seed derivation.\n * Supports 12-word (128-bit) and 24-word (256-bit) mnemonics.\n *\n * Dependencies: bip39\n */\n\nimport * as bip39 from \"bip39\";\n\nexport type MnemonicStrength = 12 | 24; // 128 = 12 words, 256 = 24 words\n\nexport interface MnemonicResult {\n  mnemonic: string;\n  wordCount: 12 | 24;\n}\n\n/**\n * Generate a new cryptographically random BIP-39 mnemonic.\n * @param strength 128 for 12-word, 256 for 24-word (default: 128)\n */\nexport function generateMnemonic(\n  strength: MnemonicStrength = 12,\n): MnemonicResult {\n  const mnemonic = bip39.generateMnemonic(strength == 12 ? 128 : 256);\n  const wordCount = strength;\n  return { mnemonic, wordCount };\n}\n\n/**\n * Validate a BIP-39 mnemonic phrase.\n * Checks both wordlist membership and BIP-39 checksum.\n */\nexport function validateMnemonic(mnemonic: string): boolean {\n  const cleaned = cleanMnemonic(mnemonic);\n  return bip39.validateMnemonic(cleaned);\n}\n\n/**\n * Derive a 64-byte seed buffer from a mnemonic.\n * Optional passphrase adds extra security per BIP-39 spec.\n * This seed is the root of ALL derived accounts.\n */\nexport async function mnemonicToSeed(\n  mnemonic: string,\n  passphrase: string = \"\",\n): Promise<Buffer> {\n  const cleaned = cleanMnemonic(mnemonic);\n\n  if (!validateMnemonic(cleaned)) {\n    throw new Error(\"Invalid mnemonic: failed wordlist or checksum validation\");\n  }\n\n  return bip39.mnemonicToSeed(cleaned, passphrase);\n}\n\n/**\n * Split mnemonic into a numbered word array.\n * Used for backup verification display in the terminal UI.\n *\n * Example output:\n * [ \"1. witch\", \"2. collapse\", \"3. practice\", ... ]\n */\nexport function mnemonicToNumberedWords(mnemonic: string): string[] {\n  return cleanMnemonic(mnemonic)\n    .split(\" \")\n    .map((word, i) => `${i + 1}. ${word}`);\n}\n\n/**\n * Reconstruct mnemonic from a word array.\n * Used when user inputs words one by one during restore flow.\n */\nexport function wordsToMnemonic(words: string[]): string {\n  return words.map((w) => w.trim().toLowerCase()).join(\" \");\n}\n\n// ── Internal ──────────────────────────────────────────────────────────────────\n\nfunction cleanMnemonic(mnemonic: string): string {\n  return mnemonic.trim().toLowerCase().replace(/\\s+/g, \" \");\n}\n","/**\n *\n * AES-256-GCM encrypted keystore.\n * The mnemonic (seed phrase) is encrypted at rest in ~/.wallet/vault.enc\n * Private keys NEVER touch disk — they are derived in memory at runtime.\n *\n * Encryption scheme:\n *   - Key derivation: PBKDF2 (SHA-512, 210,000 iterations) — OWASP recommended\n *   - Cipher: AES-256-GCM (authenticated encryption — detects tampering)\n *   - Salt: 32 random bytes (unique per vault)\n *   - IV: 16 random bytes (unique per encryption)\n *\n * Dependencies: Node.js built-in `crypto`, `fs`, `os`, `path`\n */\n\nimport crypto from \"crypto\";\nimport fs from \"fs\";\nimport os from \"os\";\nimport path from \"path\";\n\n// ── Types ─────────────────────────────────────────────────────────────────────\n\nexport interface VaultData {\n  mnemonic: string;\n  createdAt: string;\n  version: number;\n}\n\ninterface EncryptedVault {\n  version: number; // format version for future migrations\n  salt: string; // hex — used for PBKDF2 key derivation\n  iv: string; // hex — AES-GCM initialisation vector\n  authTag: string; // hex — GCM authentication tag (detects tampering)\n  ciphertext: string; // hex — encrypted vault data\n}\n\n// ── Constants ─────────────────────────────────────────────────────────────────\n\nconst VAULT_VERSION = 1;\nconst PBKDF2_ITERATIONS = 210_000; // OWASP 2024 recommendation for PBKDF2-SHA512\nconst PBKDF2_DIGEST = \"sha512\";\nconst KEY_LENGTH = 32; // 256 bits for AES-256\nconst SALT_LENGTH = 32; // 256 bits\nconst IV_LENGTH = 16; // 128 bits for AES-GCM\nconst CIPHER = \"aes-256-gcm\";\n\n// ── Vault Path ────────────────────────────────────────────────────────────────\n\nexport function getWalletDir(): string {\n  // return path.join(__dirname, \".wallet\");\n  return path.join(os.homedir(), \".wallet\");\n}\n\nexport function getVaultPath(): string {\n  return path.join(getWalletDir(), \"vault.enc\");\n}\n\nexport function getConfigPath(): string {\n  return path.join(getWalletDir(), \"config.json\");\n}\n\nexport function getSessionsPath(): string {\n  return path.join(getWalletDir(), \"sessions.json\");\n}\n\nexport const SESSIONS_FILE = getSessionsPath();\n\nexport function ensureWalletDir(): void {\n  const dir = getWalletDir();\n  if (!fs.existsSync(dir)) {\n    fs.mkdirSync(dir, { recursive: true, mode: 0o700 }); // owner-only access\n  }\n}\n\nexport function vaultExists(): boolean {\n  return fs.existsSync(getVaultPath());\n}\n\n// ── Encryption ────────────────────────────────────────────────────────────────\n\n/**\n * Encrypt and save the vault to disk.\n * @param data   - vault contents (mnemonic + metadata)\n * @param password - user's wallet password\n */\nexport async function saveVault(\n  data: VaultData,\n  password: string,\n): Promise<void> {\n  ensureWalletDir();\n\n  const salt = crypto.randomBytes(SALT_LENGTH);\n  const iv = crypto.randomBytes(IV_LENGTH);\n  const key = await deriveKey(password, salt);\n\n  const plaintext = JSON.stringify(data);\n  const cipher = crypto.createCipheriv(CIPHER, key, iv);\n\n  const encrypted = Buffer.concat([\n    cipher.update(plaintext, \"utf8\"),\n    cipher.final(),\n  ]);\n\n  const authTag = cipher.getAuthTag();\n\n  const vault: EncryptedVault = {\n    version: VAULT_VERSION,\n    salt: salt.toString(\"hex\"),\n    iv: iv.toString(\"hex\"),\n    authTag: authTag.toString(\"hex\"),\n    ciphertext: encrypted.toString(\"hex\"),\n  };\n\n  fs.writeFileSync(getVaultPath(), JSON.stringify(vault, null, 2), {\n    mode: 0o600, // owner read/write only\n  });\n}\n\n/**\n * Load and decrypt the vault from disk.\n * Throws if the password is wrong or the file has been tampered with.\n */\nexport async function loadVault(password: string): Promise<VaultData> {\n  if (!vaultExists()) {\n    throw new Error(\"No vault found. Run `wallet init` to create one.\");\n  }\n\n  const raw = fs.readFileSync(getVaultPath(), \"utf8\");\n  const vault: EncryptedVault = JSON.parse(raw);\n\n  if (vault.version !== VAULT_VERSION) {\n    throw new Error(`Unsupported vault version: ${vault.version}`);\n  }\n\n  const salt = Buffer.from(vault.salt, \"hex\");\n  const iv = Buffer.from(vault.iv, \"hex\");\n  const authTag = Buffer.from(vault.authTag, \"hex\");\n  const ciphertext = Buffer.from(vault.ciphertext, \"hex\");\n\n  const key = await deriveKey(password, salt);\n\n  try {\n    const decipher = crypto.createDecipheriv(CIPHER, key, iv);\n    decipher.setAuthTag(authTag);\n\n    const decrypted = Buffer.concat([\n      decipher.update(ciphertext),\n      decipher.final(),\n    ]);\n\n    return JSON.parse(decrypted.toString(\"utf8\")) as VaultData;\n  } catch {\n    // GCM auth tag failure means wrong password OR tampered file\n    throw new Error(\"Decryption failed: wrong password or vault is corrupted.\");\n  }\n}\n\n/**\n * Change the vault password.\n * Decrypts with old password, re-encrypts with new password.\n */\nexport async function changePassword(\n  oldPassword: string,\n  newPassword: string,\n): Promise<void> {\n  const data = await loadVault(oldPassword);\n  await saveVault(data, newPassword);\n}\n\n// ── Internal ──────────────────────────────────────────────────────────────────\n\n/**\n * Derive a 256-bit AES key from a password using PBKDF2-SHA512.\n */\nfunction deriveKey(password: string, salt: Buffer): Promise<Buffer> {\n  return new Promise((resolve, reject) => {\n    crypto.pbkdf2(\n      password,\n      salt,\n      PBKDF2_ITERATIONS,\n      KEY_LENGTH,\n      PBKDF2_DIGEST,\n      (err, key) => {\n        if (err) reject(err);\n        else resolve(key);\n      },\n    );\n  });\n}\n","/**\n *\n * BIP-44 HD key derivation for Solana accounts.\n *\n * Derivation path: m/44'/501'/index'/0'\n *   44'  = BIP-44 purpose\n *   501' = Solana's registered coin type (SLIP-44)\n *   n'   = account index (0 = first account, 1 = second, etc.)\n *   0'   = change (always 0 for Solana)\n *\n * This is the exact path Phantom, Backpack, and Solflare use.\n * Same seed → same addresses as those wallets.\n *\n * Dependencies: ed25519-hd-key, tweetnacl, bs58\n */\n\nimport { derivePath } from \"ed25519-hd-key\";\nimport nacl from \"tweetnacl\";\nimport bs58 from \"bs58\";\nimport { mnemonicToSeed } from \"./mnemonic\";\n\n// ── Types ─────────────────────────────────────────────────────────────────────\n\nexport interface Account {\n  index: number; // derivation index\n  name: string; // user-defined label\n  publicKey: string; // Base58 encoded — this is the Solana address\n  derivationPath: string; // m/44'/501'/index'/0'\n  createdAt: string;\n}\n\n/**\n * In-memory keypair — private key NEVER persisted to disk.\n * Lives only for the duration of the daemon session.\n */\nexport interface AccountKeypair extends Account {\n  secretKey: Uint8Array; // 64-byte Ed25519 secret key (seed + public key)\n}\n\nexport interface AccountStore {\n  accounts: Account[];\n  activeIndex: number;\n}\n\n// ── Derivation ────────────────────────────────────────────────────────────────\n\n/**\n * Derive an Ed25519 keypair at a specific BIP-44 index.\n * This is the core operation — called once per session after vault unlock.\n *\n * @param seed  - 64-byte seed from BIP-39 mnemonic\n * @param index - account index (0-based)\n * @param name  - label for this account\n */\nexport function deriveAccount(\n  seed: Buffer,\n  index: number,\n  name: string = `Account ${index + 1}`,\n): AccountKeypair {\n  const path = derivationPath(index);\n\n  // SLIP-0010 Ed25519 derivation\n  const { key: privateKeyBytes } = derivePath(path, seed.toString(\"hex\"));\n\n  // nacl keypair from 32-byte seed\n  const keypair = nacl.sign.keyPair.fromSeed(privateKeyBytes);\n\n  const publicKey = bs58.encode(Buffer.from(keypair.publicKey));\n\n  return {\n    index,\n    name,\n    publicKey,\n    secretKey: keypair.secretKey, // 64 bytes: seed + public key\n    derivationPath: path,\n    createdAt: new Date().toISOString(),\n  };\n}\n\n/**\n * Derive multiple accounts at once.\n * Used on wallet startup to load all known accounts into memory.\n */\nexport function deriveAccounts(\n  seed: Buffer,\n  accountStore: AccountStore,\n): AccountKeypair[] {\n  return accountStore.accounts.map((account) =>\n    deriveAccount(seed, account.index, account.name),\n  );\n}\n\n/**\n * Derive a single account directly from mnemonic.\n * Convenience wrapper used in tests and programmatic access.\n */\nexport async function deriveAccountFromMnemonic(\n  mnemonic: string,\n  index: number,\n  name?: string,\n  passphrase?: string,\n): Promise<AccountKeypair> {\n  const seed = await mnemonicToSeed(mnemonic, passphrase);\n  return deriveAccount(seed, index, name);\n}\n\n// ── Account Store ─────────────────────────────────────────────────────────────\n\n/**\n * Create a fresh account store with the first account.\n */\nexport function createAccountStore(\n  firstAccountName: string = \"Account 1\",\n): AccountStore {\n  return {\n    accounts: [\n      {\n        index: 0,\n        name: firstAccountName,\n        publicKey: \"\", // filled in after derivation\n        derivationPath: derivationPath(0),\n        createdAt: new Date().toISOString(),\n      },\n    ],\n    activeIndex: 0,\n  };\n}\n\n/**\n * Add a new account to the store.\n * The next index is always max(existing indices) + 1.\n */\nexport function addAccount(\n  store: AccountStore,\n  seed: Buffer,\n  name?: string,\n): { store: AccountStore; keypair: AccountKeypair } {\n  const nextIndex =\n    store.accounts.length > 0\n      ? Math.max(...store.accounts.map((a) => a.index)) + 1\n      : 0;\n\n  const accountName = name ?? `Account ${nextIndex + 1}`;\n  const keypair = deriveAccount(seed, nextIndex, accountName);\n\n  const newAccount: Account = {\n    index: nextIndex,\n    name: accountName,\n    publicKey: keypair.publicKey,\n    derivationPath: keypair.derivationPath,\n    createdAt: keypair.createdAt,\n  };\n\n  const updatedStore: AccountStore = {\n    ...store,\n    accounts: [...store.accounts, newAccount],\n  };\n\n  return { store: updatedStore, keypair };\n}\n\n/**\n * Set the active account by index.\n * The active account is used for all dApp connections and signing.\n */\nexport function setActiveAccount(\n  store: AccountStore,\n  index: number,\n): AccountStore {\n  const exists = store.accounts.find((a) => a.index === index);\n  if (!exists) {\n    throw new Error(`Account index ${index} does not exist.`);\n  }\n  return { ...store, activeIndex: index };\n}\n\n/**\n * Rename an account.\n */\nexport function renameAccount(\n  store: AccountStore,\n  index: number,\n  newName: string,\n): AccountStore {\n  return {\n    ...store,\n    accounts: store.accounts.map((a) =>\n      a.index === index ? { ...a, name: newName } : a,\n    ),\n  };\n}\n\n/**\n * Get the active account metadata from the store.\n */\nexport function getActiveAccount(store: AccountStore): Account {\n  const account = store.accounts.find((a) => a.index === store.activeIndex);\n  if (!account) throw new Error(\"No active account found.\");\n  return account;\n}\n\n// ── Utilities ─────────────────────────────────────────────────────────────────\n\n/**\n * Sign a raw message with an account's secret key.\n * Returns a Base58 encoded signature.\n */\nexport function signMessage(\n  message: Uint8Array,\n  secretKey: Uint8Array,\n): string {\n  const signature = nacl.sign.detached(message, secretKey);\n  return bs58.encode(Buffer.from(signature));\n}\n\n/**\n * Format account for display in terminal.\n */\nexport function formatAccount(account: Account, isActive: boolean): string {\n  const activeMarker = isActive ? \"●\" : \"○\";\n  const shortKey = `${account.publicKey.slice(0, 4)}...${account.publicKey.slice(-4)}`;\n  return `${activeMarker} [${account.index}] ${account.name.padEnd(20)} ${shortKey}`;\n}\n\n// ── Internal ──────────────────────────────────────────────────────────────────\n\nfunction derivationPath(index: number): string {\n  return `m/44'/501'/${index}'/0'`;\n}\n","/**\n *\n * Reads and writes ~/.wallet/config.json\n * Stores non-sensitive wallet preferences:\n *   - Active account index\n *   - RPC endpoint (mainnet / devnet)\n *   - Account metadata (names, indices — no keys)\n *   - WalletConnect project ID\n *\n * Dependencies: Node.js built-in `fs`, `os`, `path`\n */\n\nimport fs from \"fs\";\nimport { getConfigPath, ensureWalletDir } from \"./keystore\";\nimport { AccountStore, createAccountStore } from \"./accounts\";\n\n// ── Types ─────────────────────────────────────────────────────────────────────\n\nexport type ClusterType = \"mainnet-beta\" | \"devnet\" | \"testnet\" | \"localnet\" | \"custom\";\n\nexport interface WalletConfig {\n  version: number;\n  cluster: ClusterType;\n  rpcUrl: string;\n  walletConnectProjectId: string;\n  accountStore: AccountStore;\n  createdAt: string;\n  updatedAt: string;\n}\n\n// ── Defaults ──────────────────────────────────────────────────────────────────\n\nconst HELIUS_API_KEY = process.env.HELIUS_API_KEY;\nexport const RPC_URLS: Record<Exclude<ClusterType, \"custom\">, string> = {\n  \"mainnet-beta\": HELIUS_API_KEY\n    ? `https://mainnet.helius-rpc.com/?api-key=${HELIUS_API_KEY}`\n    : \"https://api.mainnet-beta.solana.com\",\n  devnet: HELIUS_API_KEY\n    ? `https://devnet.helius-rpc.com/?api-key=${HELIUS_API_KEY}`\n    : \"https://api.devnet.solana.com\",\n  testnet: \"https://api.testnet.solana.com\",\n  localnet: \"http://localhost:8899\",\n};\n\nconst CONFIG_VERSION = 1;\n\n// ── Read / Write ──────────────────────────────────────────────────────────────\n\nexport function configExists(): boolean {\n  return fs.existsSync(getConfigPath());\n}\n\nexport function loadConfig(): WalletConfig {\n  if (!configExists()) {\n    throw new Error(\"No config found. Run `wallet init` first.\");\n  }\n  const raw = fs.readFileSync(getConfigPath(), \"utf8\");\n  return JSON.parse(raw) as WalletConfig;\n}\n\nexport function saveConfig(config: WalletConfig): void {\n  ensureWalletDir();\n  const updated = { ...config, updatedAt: new Date().toISOString() };\n  fs.writeFileSync(getConfigPath(), JSON.stringify(updated, null, 2), {\n    mode: 0o600,\n  });\n}\n\n/**\n * Create a fresh config on `wallet init`.\n */\nexport function createConfig(\n  walletConnectProjectId: string = \"\",\n  cluster: Exclude<ClusterType, \"custom\"> = \"devnet\",\n): WalletConfig {\n  const now = new Date().toISOString();\n  return {\n    version: CONFIG_VERSION,\n    cluster,\n    rpcUrl: RPC_URLS[cluster],\n    walletConnectProjectId,\n    accountStore: createAccountStore(\"Account 1\"),\n    createdAt: now,\n    updatedAt: now,\n  };\n}\n\n// ── Helpers ───────────────────────────────────────────────────────────────────\n\nexport function updateCluster(cluster: Exclude<ClusterType, \"custom\">): void {\n  const config = loadConfig();\n  config.cluster = cluster;\n  config.rpcUrl = RPC_URLS[cluster];\n  saveConfig(config);\n}\n\nexport function updateRpcUrl(url: string): void {\n  const config = loadConfig();\n  config.rpcUrl = url;\n  saveConfig(config);\n}\n\nexport function updateAccountStore(accountStore: AccountStore): void {\n  const config = loadConfig();\n  config.accountStore = accountStore;\n  saveConfig(config);\n}\n\nexport function getRpcUrl(): string {\n  return loadConfig().rpcUrl;\n}\n\nexport function getCluster(): ClusterType {\n  return loadConfig().cluster;\n}\n\nexport function getAccountStore(): AccountStore {\n  return loadConfig().accountStore;\n}\n","/**\n *\n * Public API for the vault module.\n * All other modules import from here — not directly from sub-files.\n *\n * Usage:\n *   import { WalletVault } from \"../vault\"\n *\n *   const vault = new WalletVault()\n *   await vault.init(\"my password\")\n *   const account = vault.getActiveKeypair()\n */\n\nimport {\n  generateMnemonic,\n  validateMnemonic,\n  mnemonicToSeed,\n  mnemonicToNumberedWords,\n} from \"./mnemonic\";\nimport { saveVault, loadVault, vaultExists, VaultData } from \"./keystore\";\nimport {\n  deriveAccount,\n  deriveAccounts,\n  addAccount,\n  setActiveAccount,\n  getActiveAccount,\n  renameAccount,\n  formatAccount,\n  signMessage,\n  AccountKeypair,\n  AccountStore,\n} from \"./accounts\";\nimport {\n  loadConfig,\n  saveConfig,\n  createConfig,\n  updateAccountStore,\n  configExists,\n  WalletConfig,\n  ClusterType,\n} from \"./config\";\n\nexport * from \"./mnemonic\";\nexport * from \"./keystore\";\nexport * from \"./accounts\";\nexport * from \"./config\";\n\n// ── WalletVault ───────────────────────────────────────────────────────────────\n\n/**\n * WalletVault is the in-memory session state of the wallet.\n * It is populated on `unlock()` and holds derived keypairs\n * for the duration of the daemon session.\n *\n * Private keys exist ONLY in this object — never on disk.\n */\nexport class WalletVault {\n  private _keypairs: AccountKeypair[] = [];\n  private _seed: Buffer | null = null; // cached for agent account derivation\n  private _config: WalletConfig | null = null;\n  private _unlocked: boolean = false;\n  private _mnemonic: string | null = null;\n\n  // ── Lifecycle ──────────────────────────────────────────────────────────────\n\n  /**\n   * Initialize a brand new wallet.\n   * Generates a mnemonic, encrypts it, writes config.\n   * Returns the mnemonic for the user to write down — shown ONCE.\n   */\n  async init(\n    password: string,\n    options: {\n      strength?: 12 | 24;\n      cluster?: Exclude<ClusterType, \"custom\">;\n      walletConnectProjectId?: string;\n      firstAccountName?: string;\n    } = {},\n  ): Promise<string> {\n    if (vaultExists()) {\n      throw new Error(\n        \"Wallet already exists. Use `wallet unlock` to access it.\",\n      );\n    }\n\n    const { mnemonic } = generateMnemonic(options.strength ?? 12);\n\n    const vaultData: VaultData = {\n      mnemonic,\n      createdAt: new Date().toISOString(),\n      version: 1,\n    };\n\n    // Save encrypted vault\n    await saveVault(vaultData, password);\n\n    // Create and save config\n    const config = createConfig(\n      options.walletConnectProjectId ?? \"\",\n      options.cluster ?? \"devnet\",\n    );\n\n    if (options.firstAccountName) {\n      config.accountStore.accounts[0].name = options.firstAccountName;\n    }\n\n    // Derive and store the first account's public key in config\n    const seed = await mnemonicToSeed(mnemonic);\n    const firstKeypair = deriveAccount(\n      seed,\n      0,\n      config.accountStore.accounts[0].name,\n    );\n    config.accountStore.accounts[0].publicKey = firstKeypair.publicKey;\n    saveConfig(config);\n\n    return mnemonic; // shown once to user, never stored in plaintext again\n  }\n\n  /**\n   * Unlock the wallet for a session.\n   * Decrypts the vault, derives all account keypairs into memory.\n   */\n  async unlock(password: string): Promise<void> {\n    const vaultData = await loadVault(password); // throws on wrong password\n    const config = loadConfig();\n\n    const seed = await mnemonicToSeed(vaultData.mnemonic);\n    this._seed = seed;\n    this._mnemonic = vaultData.mnemonic;\n    this._keypairs = deriveAccounts(seed, config.accountStore);\n    this._config = config;\n    this._unlocked = true;\n  }\n\n  /**\n   * Restore wallet from an existing mnemonic (import flow).\n   */\n  async restore(\n    mnemonic: string,\n    password: string,\n    options: { cluster?: Exclude<ClusterType, \"custom\"> } = {},\n  ): Promise<void> {\n    if (!validateMnemonic(mnemonic)) {\n      throw new Error(\"Invalid mnemonic phrase.\");\n    }\n\n    const vaultData: VaultData = {\n      mnemonic,\n      createdAt: new Date().toISOString(),\n      version: 1,\n    };\n\n    await saveVault(vaultData, password);\n    const config = createConfig(\"\", options.cluster ?? \"devnet\");\n    const seed = await mnemonicToSeed(mnemonic);\n    const firstKeypair = deriveAccount(seed, 0, \"Account 1\");\n    config.accountStore.accounts[0].publicKey = firstKeypair.publicKey;\n    saveConfig(config);\n  }\n\n  lock(): void {\n    this._keypairs = [];\n    this._mnemonic = null;\n    this._seed = null;\n    this._config = null;\n    this._unlocked = false;\n  }\n\n  // ── Account Management ─────────────────────────────────────────────────────\n\n  /**\n   * Get the currently active keypair (used for signing + dApp connections).\n   */\n  getActiveKeypair(): AccountKeypair {\n    this.assertUnlocked();\n    const active = getActiveAccount(this._config!.accountStore);\n    const keypair = this._keypairs.find((k) => k.index === active.index);\n    if (!keypair) throw new Error(\"Active keypair not found in session.\");\n    return keypair;\n  }\n\n  /**\n   * Lock the wallet — wipe all keypairs from memory.\n   */\n  /**\n   * Returns the mnemonic — only available while unlocked.\n   * Used by agent_connect to derive new accounts on demand.\n   */\n\n  getMnemonic(): string {\n    if (!this._mnemonic) throw new Error(\"Wallet is locked\");\n    return this._mnemonic;\n  }\n\n  /**\n   * Reload config and re-derive keypairs from seed.\n   * Call after adding new accounts so the vault picks them up.\n   */\n  async reload(): Promise<void> {\n    if (!this._seed) throw new Error(\"Wallet is locked\");\n    this._config = loadConfig();\n    this._keypairs = deriveAccounts(this._seed, this._config.accountStore);\n  }\n\n  /**\n   * Get a keypair by account index.\n   */\n  getKeypair(index: number): AccountKeypair {\n    this.assertUnlocked();\n    const keypair = this._keypairs.find((k) => k.index === index);\n    if (!keypair) throw new Error(`Account ${index} not found.`);\n    return keypair;\n  }\n\n  /**\n   * Get all loaded keypairs.\n   */\n  getAllKeypairs(): AccountKeypair[] {\n    this.assertUnlocked();\n    return [...this._keypairs];\n  }\n\n  /**\n   * Add a new derived account.\n   */\n  async addAccount(name?: string, password?: string): Promise<AccountKeypair> {\n    this.assertUnlocked();\n\n    // Need the seed to derive the new account\n    if (!password) throw new Error(\"Password required to add a new account.\");\n    const vaultData = await loadVault(password);\n    const seed = await mnemonicToSeed(vaultData.mnemonic);\n\n    const { store, keypair } = addAccount(\n      this._config!.accountStore,\n      seed,\n      name,\n    );\n\n    this._config!.accountStore = store;\n    this._keypairs.push(keypair);\n    updateAccountStore(store);\n\n    return keypair;\n  }\n\n  /**\n   * Switch the active account.\n   */\n  setActiveAccount(index: number): void {\n    this.assertUnlocked();\n    const updated = setActiveAccount(this._config!.accountStore, index);\n    this._config!.accountStore = updated;\n    updateAccountStore(updated);\n  }\n\n  /**\n   * Rename an account.\n   */\n  renameAccount(index: number, newName: string): void {\n    this.assertUnlocked();\n    const updated = renameAccount(this._config!.accountStore, index, newName);\n    this._config!.accountStore = updated;\n    this._keypairs = this._keypairs.map((k) =>\n      k.index === index ? { ...k, name: newName } : k,\n    );\n    updateAccountStore(updated);\n  }\n\n  // ── Display ────────────────────────────────────────────────────────────────\n\n  /**\n   * Format all accounts for terminal display.\n   */\n  listAccounts(): string[] {\n    this.assertUnlocked();\n    const activeIndex = this._config!.accountStore.activeIndex;\n    return this._keypairs.map((k) => formatAccount(k, k.index === activeIndex));\n  }\n\n  /**\n   * Sign a message with the active account.\n   */\n  signMessage(message: Uint8Array): string {\n    const keypair = this.getActiveKeypair();\n    return signMessage(message, keypair.secretKey);\n  }\n\n  // ── State ──────────────────────────────────────────────────────────────────\n\n  get isUnlocked(): boolean {\n    return this._unlocked;\n  }\n\n  get config(): WalletConfig {\n    this.assertUnlocked();\n    return this._config!;\n  }\n\n  static exists(): boolean {\n    return vaultExists() && configExists();\n  }\n\n  /**\n   * Display mnemonic as numbered words — for backup verification flow.\n   */\n  static formatMnemonicForDisplay(mnemonic: string): string {\n    const words = mnemonicToNumberedWords(mnemonic);\n    // Format into 3 columns of 4 (12-word) or 6 columns of 4 (24-word)\n    const cols = 3;\n    const rows: string[] = [];\n    for (let i = 0; i < words.length; i += cols) {\n      rows.push(\n        words\n          .slice(i, i + cols)\n          .map((w) => w.padEnd(18))\n          .join(\"  \"),\n      );\n    }\n    return rows.join(\"\\n\");\n  }\n\n  // ── Internal ───────────────────────────────────────────────────────────────\n\n  private assertUnlocked(): void {\n    if (!this._unlocked) {\n      throw new Error(\"Wallet is locked. Run `wallet unlock` first.\");\n    }\n  }\n\n  /**\n   * Find an account by name or create it if it doesn't exist.\n   * Uses the cached seed — no password needed.\n   * This is the primary way agents acquire their account.\n   */\n  async findOrCreate(name: string): Promise<AccountKeypair> {\n    this.assertUnlocked();\n\n    // Return existing account with this name\n    const existing = this._keypairs.find((k) => k.name === name);\n    if (existing) return existing;\n\n    // Derive a new account at the next index\n    const nextIndex = this._config!.accountStore.accounts.length;\n    const { store, keypair } = addAccount(\n      this._config!.accountStore,\n      this._seed!,\n      name,\n    );\n\n    this._config!.accountStore = store;\n    this._keypairs.push(keypair);\n    updateAccountStore(store);\n\n    console.log(\n      `[Vault] Created account \"${name}\" at index ${nextIndex} (${keypair.publicKey})`,\n    );\n    return keypair;\n  }\n\n  /**\n   * Find an account by name. Returns null if not found.\n   */\n  findByName(name: string): AccountKeypair | null {\n    this.assertUnlocked();\n    return this._keypairs.find((k) => k.name === name) ?? null;\n  }\n}\n"],"mappings":";;;AAQA,YAAY,WAAW;AAahB,SAASA,kBACd,WAA6B,IACb;AAChB,QAAM,WAAiB,uBAAiB,YAAY,KAAK,MAAM,GAAG;AAClE,QAAM,YAAY;AAClB,SAAO,EAAE,UAAU,UAAU;AAC/B;AAMO,SAASC,kBAAiB,UAA2B;AAC1D,QAAM,UAAU,cAAc,QAAQ;AACtC,SAAa,uBAAiB,OAAO;AACvC;AAOA,eAAsBC,gBACpB,UACA,aAAqB,IACJ;AACjB,QAAM,UAAU,cAAc,QAAQ;AAEtC,MAAI,CAACD,kBAAiB,OAAO,GAAG;AAC9B,UAAM,IAAI,MAAM,0DAA0D;AAAA,EAC5E;AAEA,SAAa,qBAAe,SAAS,UAAU;AACjD;AASO,SAAS,wBAAwB,UAA4B;AAClE,SAAO,cAAc,QAAQ,EAC1B,MAAM,GAAG,EACT,IAAI,CAAC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE;AACzC;AAMO,SAAS,gBAAgB,OAAyB;AACvD,SAAO,MAAM,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,YAAY,CAAC,EAAE,KAAK,GAAG;AAC1D;AAIA,SAAS,cAAc,UAA0B;AAC/C,SAAO,SAAS,KAAK,EAAE,YAAY,EAAE,QAAQ,QAAQ,GAAG;AAC1D;;;AClEA,OAAO,YAAY;AACnB,OAAO,QAAQ;AACf,OAAO,QAAQ;AACf,OAAO,UAAU;AAoBjB,IAAM,gBAAgB;AACtB,IAAM,oBAAoB;AAC1B,IAAM,gBAAgB;AACtB,IAAM,aAAa;AACnB,IAAM,cAAc;AACpB,IAAM,YAAY;AAClB,IAAM,SAAS;AAIR,SAAS,eAAuB;AAErC,SAAO,KAAK,KAAK,GAAG,QAAQ,GAAG,SAAS;AAC1C;AAEO,SAAS,eAAuB;AACrC,SAAO,KAAK,KAAK,aAAa,GAAG,WAAW;AAC9C;AAEO,SAAS,gBAAwB;AACtC,SAAO,KAAK,KAAK,aAAa,GAAG,aAAa;AAChD;AAEO,SAAS,kBAA0B;AACxC,SAAO,KAAK,KAAK,aAAa,GAAG,eAAe;AAClD;AAEO,IAAM,gBAAgB,gBAAgB;AAEtC,SAAS,kBAAwB;AACtC,QAAM,MAAM,aAAa;AACzB,MAAI,CAAC,GAAG,WAAW,GAAG,GAAG;AACvB,OAAG,UAAU,KAAK,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AAAA,EACpD;AACF;AAEO,SAAS,cAAuB;AACrC,SAAO,GAAG,WAAW,aAAa,CAAC;AACrC;AASA,eAAsB,UACpB,MACA,UACe;AACf,kBAAgB;AAEhB,QAAM,OAAO,OAAO,YAAY,WAAW;AAC3C,QAAM,KAAK,OAAO,YAAY,SAAS;AACvC,QAAM,MAAM,MAAM,UAAU,UAAU,IAAI;AAE1C,QAAM,YAAY,KAAK,UAAU,IAAI;AACrC,QAAM,SAAS,OAAO,eAAe,QAAQ,KAAK,EAAE;AAEpD,QAAM,YAAY,OAAO,OAAO;AAAA,IAC9B,OAAO,OAAO,WAAW,MAAM;AAAA,IAC/B,OAAO,MAAM;AAAA,EACf,CAAC;AAED,QAAM,UAAU,OAAO,WAAW;AAElC,QAAM,QAAwB;AAAA,IAC5B,SAAS;AAAA,IACT,MAAM,KAAK,SAAS,KAAK;AAAA,IACzB,IAAI,GAAG,SAAS,KAAK;AAAA,IACrB,SAAS,QAAQ,SAAS,KAAK;AAAA,IAC/B,YAAY,UAAU,SAAS,KAAK;AAAA,EACtC;AAEA,KAAG,cAAc,aAAa,GAAG,KAAK,UAAU,OAAO,MAAM,CAAC,GAAG;AAAA,IAC/D,MAAM;AAAA;AAAA,EACR,CAAC;AACH;AAMA,eAAsB,UAAU,UAAsC;AACpE,MAAI,CAAC,YAAY,GAAG;AAClB,UAAM,IAAI,MAAM,kDAAkD;AAAA,EACpE;AAEA,QAAM,MAAM,GAAG,aAAa,aAAa,GAAG,MAAM;AAClD,QAAM,QAAwB,KAAK,MAAM,GAAG;AAE5C,MAAI,MAAM,YAAY,eAAe;AACnC,UAAM,IAAI,MAAM,8BAA8B,MAAM,OAAO,EAAE;AAAA,EAC/D;AAEA,QAAM,OAAO,OAAO,KAAK,MAAM,MAAM,KAAK;AAC1C,QAAM,KAAK,OAAO,KAAK,MAAM,IAAI,KAAK;AACtC,QAAM,UAAU,OAAO,KAAK,MAAM,SAAS,KAAK;AAChD,QAAM,aAAa,OAAO,KAAK,MAAM,YAAY,KAAK;AAEtD,QAAM,MAAM,MAAM,UAAU,UAAU,IAAI;AAE1C,MAAI;AACF,UAAM,WAAW,OAAO,iBAAiB,QAAQ,KAAK,EAAE;AACxD,aAAS,WAAW,OAAO;AAE3B,UAAM,YAAY,OAAO,OAAO;AAAA,MAC9B,SAAS,OAAO,UAAU;AAAA,MAC1B,SAAS,MAAM;AAAA,IACjB,CAAC;AAED,WAAO,KAAK,MAAM,UAAU,SAAS,MAAM,CAAC;AAAA,EAC9C,QAAQ;AAEN,UAAM,IAAI,MAAM,0DAA0D;AAAA,EAC5E;AACF;AAMA,eAAsB,eACpB,aACA,aACe;AACf,QAAM,OAAO,MAAM,UAAU,WAAW;AACxC,QAAM,UAAU,MAAM,WAAW;AACnC;AAOA,SAAS,UAAU,UAAkB,MAA+B;AAClE,SAAO,IAAI,QAAQ,CAAC,SAAS,WAAW;AACtC,WAAO;AAAA,MACL;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,CAAC,KAAK,QAAQ;AACZ,YAAI,IAAK,QAAO,GAAG;AAAA,YACd,SAAQ,GAAG;AAAA,MAClB;AAAA,IACF;AAAA,EACF,CAAC;AACH;;;AC5KA,SAAS,kBAAkB;AAC3B,OAAO,UAAU;AACjB,OAAO,UAAU;AAoCV,SAAS,cACd,MACA,OACA,OAAe,WAAW,QAAQ,CAAC,IACnB;AAChB,QAAME,QAAO,eAAe,KAAK;AAGjC,QAAM,EAAE,KAAK,gBAAgB,IAAI,WAAWA,OAAM,KAAK,SAAS,KAAK,CAAC;AAGtE,QAAM,UAAU,KAAK,KAAK,QAAQ,SAAS,eAAe;AAE1D,QAAM,YAAY,KAAK,OAAO,OAAO,KAAK,QAAQ,SAAS,CAAC;AAE5D,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,IACA,WAAW,QAAQ;AAAA;AAAA,IACnB,gBAAgBA;AAAA,IAChB,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,EACpC;AACF;AAMO,SAAS,eACd,MACA,cACkB;AAClB,SAAO,aAAa,SAAS;AAAA,IAAI,CAAC,YAChC,cAAc,MAAM,QAAQ,OAAO,QAAQ,IAAI;AAAA,EACjD;AACF;AAMA,eAAsB,0BACpB,UACA,OACA,MACA,YACyB;AACzB,QAAM,OAAO,MAAMC,gBAAe,UAAU,UAAU;AACtD,SAAO,cAAc,MAAM,OAAO,IAAI;AACxC;AAOO,SAAS,mBACd,mBAA2B,aACb;AACd,SAAO;AAAA,IACL,UAAU;AAAA,MACR;AAAA,QACE,OAAO;AAAA,QACP,MAAM;AAAA,QACN,WAAW;AAAA;AAAA,QACX,gBAAgB,eAAe,CAAC;AAAA,QAChC,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MACpC;AAAA,IACF;AAAA,IACA,aAAa;AAAA,EACf;AACF;AAMO,SAAS,WACd,OACA,MACA,MACkD;AAClD,QAAM,YACJ,MAAM,SAAS,SAAS,IACpB,KAAK,IAAI,GAAG,MAAM,SAAS,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,IAClD;AAEN,QAAM,cAAc,QAAQ,WAAW,YAAY,CAAC;AACpD,QAAM,UAAU,cAAc,MAAM,WAAW,WAAW;AAE1D,QAAM,aAAsB;AAAA,IAC1B,OAAO;AAAA,IACP,MAAM;AAAA,IACN,WAAW,QAAQ;AAAA,IACnB,gBAAgB,QAAQ;AAAA,IACxB,WAAW,QAAQ;AAAA,EACrB;AAEA,QAAM,eAA6B;AAAA,IACjC,GAAG;AAAA,IACH,UAAU,CAAC,GAAG,MAAM,UAAU,UAAU;AAAA,EAC1C;AAEA,SAAO,EAAE,OAAO,cAAc,QAAQ;AACxC;AAMO,SAAS,iBACd,OACA,OACc;AACd,QAAM,SAAS,MAAM,SAAS,KAAK,CAAC,MAAM,EAAE,UAAU,KAAK;AAC3D,MAAI,CAAC,QAAQ;AACX,UAAM,IAAI,MAAM,iBAAiB,KAAK,kBAAkB;AAAA,EAC1D;AACA,SAAO,EAAE,GAAG,OAAO,aAAa,MAAM;AACxC;AAKO,SAAS,cACd,OACA,OACA,SACc;AACd,SAAO;AAAA,IACL,GAAG;AAAA,IACH,UAAU,MAAM,SAAS;AAAA,MAAI,CAAC,MAC5B,EAAE,UAAU,QAAQ,EAAE,GAAG,GAAG,MAAM,QAAQ,IAAI;AAAA,IAChD;AAAA,EACF;AACF;AAKO,SAAS,iBAAiB,OAA8B;AAC7D,QAAM,UAAU,MAAM,SAAS,KAAK,CAAC,MAAM,EAAE,UAAU,MAAM,WAAW;AACxE,MAAI,CAAC,QAAS,OAAM,IAAI,MAAM,0BAA0B;AACxD,SAAO;AACT;AAQO,SAAS,YACd,SACA,WACQ;AACR,QAAM,YAAY,KAAK,KAAK,SAAS,SAAS,SAAS;AACvD,SAAO,KAAK,OAAO,OAAO,KAAK,SAAS,CAAC;AAC3C;AAKO,SAAS,cAAc,SAAkB,UAA2B;AACzE,QAAM,eAAe,WAAW,WAAM;AACtC,QAAM,WAAW,GAAG,QAAQ,UAAU,MAAM,GAAG,CAAC,CAAC,MAAM,QAAQ,UAAU,MAAM,EAAE,CAAC;AAClF,SAAO,GAAG,YAAY,KAAK,QAAQ,KAAK,KAAK,QAAQ,KAAK,OAAO,EAAE,CAAC,IAAI,QAAQ;AAClF;AAIA,SAAS,eAAe,OAAuB;AAC7C,SAAO,cAAc,KAAK;AAC5B;;;ACxNA,OAAOC,SAAQ;AAoBf,IAAM,iBAAiB,QAAQ,IAAI;AAC5B,IAAM,WAA2D;AAAA,EACtE,gBAAgB,iBACZ,2CAA2C,cAAc,KACzD;AAAA,EACJ,QAAQ,iBACJ,0CAA0C,cAAc,KACxD;AAAA,EACJ,SAAS;AAAA,EACT,UAAU;AACZ;AAEA,IAAM,iBAAiB;AAIhB,SAAS,eAAwB;AACtC,SAAOC,IAAG,WAAW,cAAc,CAAC;AACtC;AAEO,SAAS,aAA2B;AACzC,MAAI,CAAC,aAAa,GAAG;AACnB,UAAM,IAAI,MAAM,2CAA2C;AAAA,EAC7D;AACA,QAAM,MAAMA,IAAG,aAAa,cAAc,GAAG,MAAM;AACnD,SAAO,KAAK,MAAM,GAAG;AACvB;AAEO,SAAS,WAAW,QAA4B;AACrD,kBAAgB;AAChB,QAAM,UAAU,EAAE,GAAG,QAAQ,YAAW,oBAAI,KAAK,GAAE,YAAY,EAAE;AACjE,EAAAA,IAAG,cAAc,cAAc,GAAG,KAAK,UAAU,SAAS,MAAM,CAAC,GAAG;AAAA,IAClE,MAAM;AAAA,EACR,CAAC;AACH;AAKO,SAAS,aACd,yBAAiC,IACjC,UAA0C,UAC5B;AACd,QAAM,OAAM,oBAAI,KAAK,GAAE,YAAY;AACnC,SAAO;AAAA,IACL,SAAS;AAAA,IACT;AAAA,IACA,QAAQ,SAAS,OAAO;AAAA,IACxB;AAAA,IACA,cAAc,mBAAmB,WAAW;AAAA,IAC5C,WAAW;AAAA,IACX,WAAW;AAAA,EACb;AACF;AAIO,SAAS,cAAc,SAA+C;AAC3E,QAAM,SAAS,WAAW;AAC1B,SAAO,UAAU;AACjB,SAAO,SAAS,SAAS,OAAO;AAChC,aAAW,MAAM;AACnB;AAEO,SAAS,aAAa,KAAmB;AAC9C,QAAM,SAAS,WAAW;AAC1B,SAAO,SAAS;AAChB,aAAW,MAAM;AACnB;AAEO,SAAS,mBAAmB,cAAkC;AACnE,QAAM,SAAS,WAAW;AAC1B,SAAO,eAAe;AACtB,aAAW,MAAM;AACnB;AAEO,SAAS,YAAoB;AAClC,SAAO,WAAW,EAAE;AACtB;AAEO,SAAS,aAA0B;AACxC,SAAO,WAAW,EAAE;AACtB;AAEO,SAAS,kBAAgC;AAC9C,SAAO,WAAW,EAAE;AACtB;;;AC9DO,IAAM,cAAN,MAAkB;AAAA,EACf,YAA8B,CAAC;AAAA,EAC/B,QAAuB;AAAA;AAAA,EACvB,UAA+B;AAAA,EAC/B,YAAqB;AAAA,EACrB,YAA2B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASnC,MAAM,KACJ,UACA,UAKI,CAAC,GACY;AACjB,QAAI,YAAY,GAAG;AACjB,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAEA,UAAM,EAAE,SAAS,IAAIC,kBAAiB,QAAQ,YAAY,EAAE;AAE5D,UAAM,YAAuB;AAAA,MAC3B;AAAA,MACA,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MAClC,SAAS;AAAA,IACX;AAGA,UAAM,UAAU,WAAW,QAAQ;AAGnC,UAAM,SAAS;AAAA,MACb,QAAQ,0BAA0B;AAAA,MAClC,QAAQ,WAAW;AAAA,IACrB;AAEA,QAAI,QAAQ,kBAAkB;AAC5B,aAAO,aAAa,SAAS,CAAC,EAAE,OAAO,QAAQ;AAAA,IACjD;AAGA,UAAM,OAAO,MAAMC,gBAAe,QAAQ;AAC1C,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA,OAAO,aAAa,SAAS,CAAC,EAAE;AAAA,IAClC;AACA,WAAO,aAAa,SAAS,CAAC,EAAE,YAAY,aAAa;AACzD,eAAW,MAAM;AAEjB,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,OAAO,UAAiC;AAC5C,UAAM,YAAY,MAAM,UAAU,QAAQ;AAC1C,UAAM,SAAS,WAAW;AAE1B,UAAM,OAAO,MAAMA,gBAAe,UAAU,QAAQ;AACpD,SAAK,QAAQ;AACb,SAAK,YAAY,UAAU;AAC3B,SAAK,YAAY,eAAe,MAAM,OAAO,YAAY;AACzD,SAAK,UAAU;AACf,SAAK,YAAY;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QACJ,UACA,UACA,UAAwD,CAAC,GAC1C;AACf,QAAI,CAACC,kBAAiB,QAAQ,GAAG;AAC/B,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC5C;AAEA,UAAM,YAAuB;AAAA,MAC3B;AAAA,MACA,YAAW,oBAAI,KAAK,GAAE,YAAY;AAAA,MAClC,SAAS;AAAA,IACX;AAEA,UAAM,UAAU,WAAW,QAAQ;AACnC,UAAM,SAAS,aAAa,IAAI,QAAQ,WAAW,QAAQ;AAC3D,UAAM,OAAO,MAAMD,gBAAe,QAAQ;AAC1C,UAAM,eAAe,cAAc,MAAM,GAAG,WAAW;AACvD,WAAO,aAAa,SAAS,CAAC,EAAE,YAAY,aAAa;AACzD,eAAW,MAAM;AAAA,EACnB;AAAA,EAEA,OAAa;AACX,SAAK,YAAY,CAAC;AAClB,SAAK,YAAY;AACjB,SAAK,QAAQ;AACb,SAAK,UAAU;AACf,SAAK,YAAY;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,mBAAmC;AACjC,SAAK,eAAe;AACpB,UAAM,SAAS,iBAAiB,KAAK,QAAS,YAAY;AAC1D,UAAM,UAAU,KAAK,UAAU,KAAK,CAAC,MAAM,EAAE,UAAU,OAAO,KAAK;AACnE,QAAI,CAAC,QAAS,OAAM,IAAI,MAAM,sCAAsC;AACpE,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,cAAsB;AACpB,QAAI,CAAC,KAAK,UAAW,OAAM,IAAI,MAAM,kBAAkB;AACvD,WAAO,KAAK;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,SAAwB;AAC5B,QAAI,CAAC,KAAK,MAAO,OAAM,IAAI,MAAM,kBAAkB;AACnD,SAAK,UAAU,WAAW;AAC1B,SAAK,YAAY,eAAe,KAAK,OAAO,KAAK,QAAQ,YAAY;AAAA,EACvE;AAAA;AAAA;AAAA;AAAA,EAKA,WAAW,OAA+B;AACxC,SAAK,eAAe;AACpB,UAAM,UAAU,KAAK,UAAU,KAAK,CAAC,MAAM,EAAE,UAAU,KAAK;AAC5D,QAAI,CAAC,QAAS,OAAM,IAAI,MAAM,WAAW,KAAK,aAAa;AAC3D,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,iBAAmC;AACjC,SAAK,eAAe;AACpB,WAAO,CAAC,GAAG,KAAK,SAAS;AAAA,EAC3B;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,WAAW,MAAe,UAA4C;AAC1E,SAAK,eAAe;AAGpB,QAAI,CAAC,SAAU,OAAM,IAAI,MAAM,yCAAyC;AACxE,UAAM,YAAY,MAAM,UAAU,QAAQ;AAC1C,UAAM,OAAO,MAAMA,gBAAe,UAAU,QAAQ;AAEpD,UAAM,EAAE,OAAO,QAAQ,IAAI;AAAA,MACzB,KAAK,QAAS;AAAA,MACd;AAAA,MACA;AAAA,IACF;AAEA,SAAK,QAAS,eAAe;AAC7B,SAAK,UAAU,KAAK,OAAO;AAC3B,uBAAmB,KAAK;AAExB,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,iBAAiB,OAAqB;AACpC,SAAK,eAAe;AACpB,UAAM,UAAU,iBAAiB,KAAK,QAAS,cAAc,KAAK;AAClE,SAAK,QAAS,eAAe;AAC7B,uBAAmB,OAAO;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA,EAKA,cAAc,OAAe,SAAuB;AAClD,SAAK,eAAe;AACpB,UAAM,UAAU,cAAc,KAAK,QAAS,cAAc,OAAO,OAAO;AACxE,SAAK,QAAS,eAAe;AAC7B,SAAK,YAAY,KAAK,UAAU;AAAA,MAAI,CAAC,MACnC,EAAE,UAAU,QAAQ,EAAE,GAAG,GAAG,MAAM,QAAQ,IAAI;AAAA,IAChD;AACA,uBAAmB,OAAO;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,eAAyB;AACvB,SAAK,eAAe;AACpB,UAAM,cAAc,KAAK,QAAS,aAAa;AAC/C,WAAO,KAAK,UAAU,IAAI,CAAC,MAAM,cAAc,GAAG,EAAE,UAAU,WAAW,CAAC;AAAA,EAC5E;AAAA;AAAA;AAAA;AAAA,EAKA,YAAY,SAA6B;AACvC,UAAM,UAAU,KAAK,iBAAiB;AACtC,WAAO,YAAY,SAAS,QAAQ,SAAS;AAAA,EAC/C;AAAA;AAAA,EAIA,IAAI,aAAsB;AACxB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,IAAI,SAAuB;AACzB,SAAK,eAAe;AACpB,WAAO,KAAK;AAAA,EACd;AAAA,EAEA,OAAO,SAAkB;AACvB,WAAO,YAAY,KAAK,aAAa;AAAA,EACvC;AAAA;AAAA;AAAA;AAAA,EAKA,OAAO,yBAAyB,UAA0B;AACxD,UAAM,QAAQ,wBAAwB,QAAQ;AAE9C,UAAM,OAAO;AACb,UAAM,OAAiB,CAAC;AACxB,aAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,MAAM;AAC3C,WAAK;AAAA,QACH,MACG,MAAM,GAAG,IAAI,IAAI,EACjB,IAAI,CAAC,MAAM,EAAE,OAAO,EAAE,CAAC,EACvB,KAAK,IAAI;AAAA,MACd;AAAA,IACF;AACA,WAAO,KAAK,KAAK,IAAI;AAAA,EACvB;AAAA;AAAA,EAIQ,iBAAuB;AAC7B,QAAI,CAAC,KAAK,WAAW;AACnB,YAAM,IAAI,MAAM,8CAA8C;AAAA,IAChE;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,MAAM,aAAa,MAAuC;AACxD,SAAK,eAAe;AAGpB,UAAM,WAAW,KAAK,UAAU,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI;AAC3D,QAAI,SAAU,QAAO;AAGrB,UAAM,YAAY,KAAK,QAAS,aAAa,SAAS;AACtD,UAAM,EAAE,OAAO,QAAQ,IAAI;AAAA,MACzB,KAAK,QAAS;AAAA,MACd,KAAK;AAAA,MACL;AAAA,IACF;AAEA,SAAK,QAAS,eAAe;AAC7B,SAAK,UAAU,KAAK,OAAO;AAC3B,uBAAmB,KAAK;AAExB,YAAQ;AAAA,MACN,4BAA4B,IAAI,cAAc,SAAS,KAAK,QAAQ,SAAS;AAAA,IAC/E;AACA,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA,EAKA,WAAW,MAAqC;AAC9C,SAAK,eAAe;AACpB,WAAO,KAAK,UAAU,KAAK,CAAC,MAAM,EAAE,SAAS,IAAI,KAAK;AAAA,EACxD;AACF;","names":["generateMnemonic","validateMnemonic","mnemonicToSeed","path","mnemonicToSeed","fs","fs","generateMnemonic","mnemonicToSeed","validateMnemonic"]}