@frontiercompute/zcash-ika 0.1.0

package/README.md

@@ -0,0 +1,154 @@
+# zcash-ika
+
+Split-key custody for Zcash and Bitcoin. The private key never exists whole.
+
+[![npm](https://img.shields.io/npm/v/@frontiercompute/zcash-ika)](https://www.npmjs.com/package/@frontiercompute/zcash-ika)
+
+## What this is
+
+Your agent/DAO/treasury holds ZEC and BTC through [Ika's 2PC-MPC network](https://ika.xyz). One key share on your device, one distributed across Ika's nodes on Sui. Both must cooperate to sign. Spending policy enforced by smart contract. Every action attested on-chain via [ZAP1](https://pay.frontiercompute.io).
+
+**Ed25519 dWallet live on Ika testnet.** First Zcash-capable dWallet ever created on the network.
+
+## Use cases
+
+### AI Agent Custody
+Your agent needs to spend money. Give it a split-key wallet instead of full access. The agent requests transactions, but can't override spending limits, daily caps, or approved recipient lists. If the agent gets compromised, the attacker gets half a key. Worthless.
+
+```
+npx @frontiercompute/zcash-mcp  # 17 tools, any MCP client
+```
+
+### DAO Treasury
+Multi-sig is 2003 technology. Split-key custody means the treasury key literally doesn't exist in one place. Policy lives in a Sui Move contract that no single party controls. Every spend attested to Zcash for the full audit trail, but balances stay shielded.
+
+### Privacy Payroll
+Pay contributors without publishing amounts on a block explorer. Shielded ZEC from an Orchard address, every payment attested via ZAP1 for compliance. The auditor sees proof of payment. Nobody else sees anything.
+
+### Cross-Border Commerce
+Hold shielded ZEC + stablecoins (USDC/USDT via secp256k1 on EVM chains) in one wallet. Same operator, same policy. Swap between them via NEAR Intents. Settlement is private. Compliance is provable.
+
+### Compliance Without Exposure
+ZAP1 attestations prove what happened without revealing what you hold. Bond deposits prove skin in the game. Policy verification proves you followed the rules. All on Zcash mainnet, all verifiable, nothing visible beyond what you choose to share.
+
+## Signing parameters
+
+| Chain | Curve | Algorithm | Hash | Status |
+|-------|-------|-----------|------|--------|
+| Zcash Orchard | ED25519 | EdDSA | SHA512 | dWallet live on testnet |
+| Bitcoin | SECP256K1 | ECDSASecp256k1 | DoubleSHA256 | SDK ready |
+| Zcash transparent | SECP256K1 | ECDSASecp256k1 | DoubleSHA256 | SDK ready |
+| Ethereum/Base | SECP256K1 | ECDSASecp256k1 | KECCAK256 | SDK ready |
+
+One secp256k1 dWallet signs for Bitcoin, Zcash transparent, and every EVM chain.
+
+## Install
+
+```bash
+npm install @frontiercompute/zcash-ika
+```
+
+## Quick start
+
+```typescript
+import {
+  createDualCustody,
+  spendShielded,
+  spendBitcoin,
+  setPolicy,
+  getHistory,
+  checkCompliance,
+  CHAIN_PARAMS,
+} from "@frontiercompute/zcash-ika";
+
+const config = {
+  network: "mainnet",
+  zebraRpcUrl: "http://127.0.0.1:8232",
+  zap1ApiUrl: "https://pay.frontiercompute.io",
+  zap1ApiKey: "your-key",
+};
+
+// Create dual custody - shielded ZEC + BTC/stablecoins
+const custody = await createDualCustody(config, operatorSeed);
+
+// Set spending policy (enforced by Sui contract, not by trust)
+await setPolicy(config, custody.shielded.id, {
+  maxPerTx: 100_000,       // 0.001 ZEC per tx
+  maxDaily: 1_000_000,     // 0.01 ZEC daily cap
+  allowedRecipients: [],   // any recipient (or lock to specific addresses)
+  approvalThreshold: 500_000, // operator approval above 0.005 ZEC
+});
+
+// Shielded spend - agent requests, both key shares cooperate
+const result = await spendShielded(config, custody.shielded.id, operatorSeed, {
+  to: "u1abc...",
+  amount: 50_000,
+  memo: "payment for API access",
+});
+
+// Compliance check (works now against live ZAP1 API)
+const compliance = await checkCompliance(config, custody.shielded.id);
+// { compliant: true, violations: 0, bondDeposits: 1 }
+```
+
+## How it works
+
+```
+Operator (phone / hardware wallet / DAO multisig)
+  |
+  | user key share
+  |
+Ika MPC Network (2PC-MPC on Sui, mainnet live)
+  |
+  | network key share (distributed across nodes)
+  |
+  +-- Spending Policy (Sui Move contract)
+  |     max per tx, daily cap, approved recipients
+  |     the agent CANNOT modify its own limits
+  |
+  +-- Sign Zcash tx (Ed25519/EdDSA)  -> shielded spend
+  +-- Sign Bitcoin tx (secp256k1/ECDSA) -> BTC spend
+  +-- Sign EVM tx (secp256k1/ECDSA)  -> USDC/USDT spend
+  |
+ZAP1 Attestation (Zcash mainnet)
+  +-- every spend recorded as AGENT_ACTION
+  +-- policy violations on-chain as POLICY_VIOLATION
+  +-- bond deposits prove skin in the game
+  +-- full audit trail, verifiable by anyone
+```
+
+## What's live
+
+- Ed25519 dWallet on Ika testnet (TX: `FYcuaxBCAfuZqfBW7JEtEJME3KLBSBKLvhjLpZGSyaXb`)
+- `getHistory()` and `checkCompliance()` against live ZAP1 API
+- All Ika SDK primitives re-exported and typed
+- Chain parameter configs for all signing modes
+- DKG test script proving the full round-trip
+
+## What's next
+
+- secp256k1 dWallet for BTC/stablecoins (same flow, different curve)
+- Sign a real Zcash sighash through the MPC
+- Ed25519 -> Orchard spending key derivation bridge
+- Move policy template for spending limits
+- Mainnet deployment
+
+## The competition
+
+| Project | Custody | Privacy | Attestation |
+|---------|---------|---------|-------------|
+| Coinbase AgentKit | Full key in agent | None | None |
+| GOAT SDK | Full key in agent | None | None |
+| Solana Agent Kit | Full key in agent | None | None |
+| **zcash-ika** | **Split-key MPC** | **Zcash Orchard** | **ZAP1 on-chain** |
+
+## Stack
+
+- [Ika](https://ika.xyz) - 2PC-MPC threshold signing on Sui
+- [ZAP1](https://pay.frontiercompute.io) - on-chain attestation protocol
+- [Zebra](https://github.com/ZcashFoundation/zebra) - Zcash node
+- [zcash-mcp](https://www.npmjs.com/package/@frontiercompute/zcash-mcp) - 17-tool MCP server
+
+## License
+
+MIT

package/dist/index.d.ts

@@ -0,0 +1,186 @@
+/**
+ * @frontiercompute/zcash-ika
+ *
+ * Zero-trust custody for Zcash and Bitcoin. Born shielded, stay shielded.
+ *
+ * Two dWallets, one operator:
+ * - Ed25519 dWallet -> Zcash Orchard (shielded ZEC)
+ * - secp256k1 dWallet -> Bitcoin (BTC) + Zcash transparent (t-addr)
+ *
+ * Neither key ever exists whole. Both chains signed through Ika 2PC-MPC.
+ * Every operation attested to Zcash via ZAP1.
+ *
+ * Built on Ika's 2PC-MPC network (Sui).
+ */
+export { Curve, Hash, SignatureAlgorithm, IkaClient, IkaTransaction, UserShareEncryptionKeys, getNetworkConfig, createClassGroupsKeypair, createRandomSessionIdentifier, prepareDKG, prepareDKGAsync, prepareDKGSecondRound, prepareDKGSecondRoundAsync, createDKGUserOutput, publicKeyFromDWalletOutput, parseSignatureFromSignOutput, } from "@ika.xyz/sdk";
+export type Chain = "zcash-shielded" | "zcash-transparent" | "bitcoin";
+export interface ZcashIkaConfig {
+    /** Ika network: mainnet or testnet */
+    network: "mainnet" | "testnet";
+    /** Sui RPC URL (defaults to Ika's network config) */
+    suiRpcUrl?: string;
+    /** Zebra node RPC for broadcasting Zcash txs */
+    zebraRpcUrl: string;
+    /** ZAP1 API for attestation */
+    zap1ApiUrl: string;
+    /** ZAP1 API key for write operations */
+    zap1ApiKey?: string;
+}
+/** Parameters for dWallet creation per chain */
+export declare const CHAIN_PARAMS: {
+    readonly "zcash-shielded": {
+        readonly curve: "ED25519";
+        readonly algorithm: "EdDSA";
+        readonly hash: "SHA512";
+        readonly description: "Zcash Orchard shielded pool (Ed25519/EdDSA)";
+    };
+    readonly "zcash-transparent": {
+        readonly curve: "SECP256K1";
+        readonly algorithm: "ECDSASecp256k1";
+        readonly hash: "DoubleSHA256";
+        readonly description: "Zcash transparent t-address (secp256k1/ECDSA)";
+    };
+    readonly bitcoin: {
+        readonly curve: "SECP256K1";
+        readonly algorithm: "ECDSASecp256k1";
+        readonly hash: "DoubleSHA256";
+        readonly description: "Bitcoin (secp256k1/ECDSA, DoubleSHA256)";
+    };
+};
+export interface DWalletHandle {
+    /** dWallet object ID on Sui */
+    id: string;
+    /** Raw public key bytes */
+    publicKey: Uint8Array;
+    /** Which chain this wallet targets */
+    chain: Chain;
+    /** Derived address for the target chain */
+    address: string;
+    /** Ika network (mainnet/testnet) */
+    network: string;
+}
+export interface DualCustody {
+    /** Shielded ZEC wallet (Ed25519 dWallet -> Orchard address) */
+    shielded: DWalletHandle;
+    /** Bitcoin wallet (secp256k1 dWallet -> BTC address) */
+    bitcoin: DWalletHandle;
+    /** Operator ID (shared across both wallets) */
+    operatorId: string;
+}
+export interface SpendPolicy {
+    /** Max zatoshis (or satoshis) per single transaction */
+    maxPerTx: number;
+    /** Max per 24h window */
+    maxDaily: number;
+    /** Allowed recipient addresses (empty = any) */
+    allowedRecipients: string[];
+    /** Require operator approval above this amount */
+    approvalThreshold: number;
+}
+export interface SpendRequest {
+    /** Recipient address (Orchard UA, t-addr, or BTC address) */
+    to: string;
+    /** Amount in smallest unit (zatoshis or satoshis) */
+    amount: number;
+    /** Memo (ZAP1 structured or plain text, Zcash only) */
+    memo?: string;
+}
+export interface SpendResult {
+    /** Transaction ID on target chain */
+    txid: string;
+    /** ZAP1 attestation leaf hash */
+    leafHash: string;
+    /** Chain the spend was on */
+    chain: Chain;
+    /** Whether policy was checked */
+    policyChecked: boolean;
+}
+export interface SignRequest {
+    /** Raw message hash to sign (sighash) */
+    messageHash: Uint8Array;
+    /** Which dWallet to sign with */
+    walletId: string;
+    /** Chain determines signing params */
+    chain: Chain;
+}
+export interface SignResult {
+    /** DER-encoded signature (ECDSA) or raw Ed25519 signature */
+    signature: Uint8Array;
+    /** Public key used */
+    publicKey: Uint8Array;
+}
+/**
+ * Create a dual-custody setup: one shielded ZEC wallet + one BTC wallet.
+ * Same operator controls both via Ika split-key.
+ *
+ * Flow per wallet:
+ * 1. Generate UserShareEncryptionKeys from operator seed
+ * 2. Run DKG on Ika (2PC-MPC key generation)
+ * 3. Extract public key, derive chain-specific address
+ * 4. Attest wallet creation via ZAP1
+ */
+export declare function createDualCustody(config: ZcashIkaConfig, operatorSeed: Uint8Array): Promise<DualCustody>;
+/**
+ * Create a single dWallet for a specific chain.
+ */
+export declare function createWallet(config: ZcashIkaConfig, chain: Chain, operatorSeed: Uint8Array): Promise<DWalletHandle>;
+/**
+ * Sign a message hash through Ika 2PC-MPC.
+ *
+ * The operator provides their seed, Ika provides the network share.
+ * Neither party ever sees the full private key.
+ *
+ * Flow:
+ * 1. Create presign session on Ika
+ * 2. Compute partial user signature locally
+ * 3. Submit to Ika coordinator
+ * 4. Poll for completion
+ * 5. Extract full signature from sign output
+ */
+export declare function sign(config: ZcashIkaConfig, operatorSeed: Uint8Array, request: SignRequest): Promise<SignResult>;
+/**
+ * Set spending policy on the dWallet.
+ * Policy enforced at Sui Move contract level.
+ * The agent cannot bypass it - the contract holds the DWalletCap.
+ */
+export declare function setPolicy(config: ZcashIkaConfig, walletId: string, policy: SpendPolicy): Promise<string>;
+/**
+ * Spend from a shielded ZEC wallet.
+ *
+ * 1. Build Zcash Orchard transaction (zcash_primitives)
+ * 2. Extract sighash
+ * 3. Sign via Ika 2PC-MPC (Ed25519/EdDSA)
+ * 4. Attach signature to transaction
+ * 5. Broadcast via Zebra sendrawtransaction
+ * 6. Attest via ZAP1 as AGENT_ACTION
+ */
+export declare function spendShielded(config: ZcashIkaConfig, walletId: string, operatorSeed: Uint8Array, request: SpendRequest): Promise<SpendResult>;
+/**
+ * Spend from a Bitcoin wallet.
+ *
+ * 1. Build Bitcoin transaction
+ * 2. Compute sighash (DoubleSHA256)
+ * 3. Sign via Ika 2PC-MPC (secp256k1/ECDSA)
+ * 4. Attach signature
+ * 5. Broadcast to Bitcoin network
+ * 6. Attest via ZAP1 as AGENT_ACTION
+ */
+export declare function spendBitcoin(config: ZcashIkaConfig, walletId: string, operatorSeed: Uint8Array, request: SpendRequest): Promise<SpendResult>;
+/**
+ * Verify the wallet's attestation history via ZAP1.
+ * Works today against the live API.
+ */
+export declare function getHistory(config: ZcashIkaConfig, walletId: string): Promise<{
+    leafHash: string;
+    eventType: string;
+    timestamp: string;
+}[]>;
+/**
+ * Check wallet's policy compliance status via ZAP1.
+ * Works today against the live API.
+ */
+export declare function checkCompliance(config: ZcashIkaConfig, walletId: string): Promise<{
+    compliant: boolean;
+    violations: number;
+    bondDeposits: number;
+}>;

package/dist/index.js

@@ -0,0 +1,168 @@
+/**
+ * @frontiercompute/zcash-ika
+ *
+ * Zero-trust custody for Zcash and Bitcoin. Born shielded, stay shielded.
+ *
+ * Two dWallets, one operator:
+ * - Ed25519 dWallet -> Zcash Orchard (shielded ZEC)
+ * - secp256k1 dWallet -> Bitcoin (BTC) + Zcash transparent (t-addr)
+ *
+ * Neither key ever exists whole. Both chains signed through Ika 2PC-MPC.
+ * Every operation attested to Zcash via ZAP1.
+ *
+ * Built on Ika's 2PC-MPC network (Sui).
+ */
+export { Curve, Hash, SignatureAlgorithm, IkaClient, IkaTransaction, UserShareEncryptionKeys, getNetworkConfig, createClassGroupsKeypair, createRandomSessionIdentifier, prepareDKG, prepareDKGAsync, prepareDKGSecondRound, prepareDKGSecondRoundAsync, createDKGUserOutput, publicKeyFromDWalletOutput, parseSignatureFromSignOutput, } from "@ika.xyz/sdk";
+/** Parameters for dWallet creation per chain */
+export const CHAIN_PARAMS = {
+    "zcash-shielded": {
+        curve: "ED25519",
+        algorithm: "EdDSA",
+        hash: "SHA512",
+        description: "Zcash Orchard shielded pool (Ed25519/EdDSA)",
+    },
+    "zcash-transparent": {
+        curve: "SECP256K1",
+        algorithm: "ECDSASecp256k1",
+        hash: "DoubleSHA256",
+        description: "Zcash transparent t-address (secp256k1/ECDSA)",
+    },
+    bitcoin: {
+        curve: "SECP256K1",
+        algorithm: "ECDSASecp256k1",
+        hash: "DoubleSHA256",
+        description: "Bitcoin (secp256k1/ECDSA, DoubleSHA256)",
+    },
+};
+/**
+ * Create a dual-custody setup: one shielded ZEC wallet + one BTC wallet.
+ * Same operator controls both via Ika split-key.
+ *
+ * Flow per wallet:
+ * 1. Generate UserShareEncryptionKeys from operator seed
+ * 2. Run DKG on Ika (2PC-MPC key generation)
+ * 3. Extract public key, derive chain-specific address
+ * 4. Attest wallet creation via ZAP1
+ */
+export async function createDualCustody(config, operatorSeed) {
+    // Both wallets share one operator seed.
+    // Each gets its own dWallet with different curve params.
+    //
+    // Phase 1 (current): throw with setup instructions
+    // Phase 2: actual DKG on Ika testnet
+    throw new Error("createDualCustody requires Ika network access. " +
+        "Shielded: Ed25519/EdDSA/SHA512 dWallet -> Orchard address. " +
+        "Bitcoin: secp256k1/ECDSA/DoubleSHA256 dWallet -> BTC address. " +
+        "npm install @ika.xyz/sdk @mysten/sui && configure Sui wallet. " +
+        "See https://docs.ika.xyz for DKG walkthrough.");
+}
+/**
+ * Create a single dWallet for a specific chain.
+ */
+export async function createWallet(config, chain, operatorSeed) {
+    const params = CHAIN_PARAMS[chain];
+    // The DKG flow:
+    // 1. IkaClient.init({ network: config.network })
+    // 2. UserShareEncryptionKeys from operatorSeed
+    // 3. prepareDKG(curve, signatureAlgorithm, hash)
+    // 4. Submit DKG round 1 to Ika via IkaTransaction
+    // 5. prepareDKGSecondRound with network output
+    // 6. Submit round 2 -> get dWallet object ID + public key
+    // 7. Derive chain address from public key
+    throw new Error(`createWallet(${chain}) requires Ika ${config.network} access. ` +
+        `Params: ${params.curve}/${params.algorithm}/${params.hash}. ` +
+        `${params.description}.`);
+}
+/**
+ * Sign a message hash through Ika 2PC-MPC.
+ *
+ * The operator provides their seed, Ika provides the network share.
+ * Neither party ever sees the full private key.
+ *
+ * Flow:
+ * 1. Create presign session on Ika
+ * 2. Compute partial user signature locally
+ * 3. Submit to Ika coordinator
+ * 4. Poll for completion
+ * 5. Extract full signature from sign output
+ */
+export async function sign(config, operatorSeed, request) {
+    const params = CHAIN_PARAMS[request.chain];
+    // The sign flow:
+    // 1. IkaClient.init({ network: config.network })
+    // 2. RequestGlobalPresign for the dWallet
+    // 3. createUserSignMessageWithCentralizedOutput(messageHash, userShare, ...)
+    // 4. ApproveMessage on Sui (this is where Move policy gates)
+    // 5. RequestSign -> poll SessionsManager for Completed status
+    // 6. parseSignatureFromSignOutput(signOutput)
+    throw new Error(`sign requires active dWallet + Ika ${config.network}. ` +
+        `Chain: ${request.chain}, params: ${params.curve}/${params.algorithm}/${params.hash}.`);
+}
+/**
+ * Set spending policy on the dWallet.
+ * Policy enforced at Sui Move contract level.
+ * The agent cannot bypass it - the contract holds the DWalletCap.
+ */
+export async function setPolicy(config, walletId, policy) {
+    throw new Error("setPolicy requires a deployed Move module on Sui. " +
+        "The module gates approve_message() with spending constraints. " +
+        "See docs/move-policy-template.move for the template.");
+}
+/**
+ * Spend from a shielded ZEC wallet.
+ *
+ * 1. Build Zcash Orchard transaction (zcash_primitives)
+ * 2. Extract sighash
+ * 3. Sign via Ika 2PC-MPC (Ed25519/EdDSA)
+ * 4. Attach signature to transaction
+ * 5. Broadcast via Zebra sendrawtransaction
+ * 6. Attest via ZAP1 as AGENT_ACTION
+ */
+export async function spendShielded(config, walletId, operatorSeed, request) {
+    throw new Error("spendShielded requires active Ed25519 dWallet + Zebra node. " +
+        "Integration in progress - need Ed25519 -> Orchard spending key derivation bridge.");
+}
+/**
+ * Spend from a Bitcoin wallet.
+ *
+ * 1. Build Bitcoin transaction
+ * 2. Compute sighash (DoubleSHA256)
+ * 3. Sign via Ika 2PC-MPC (secp256k1/ECDSA)
+ * 4. Attach signature
+ * 5. Broadcast to Bitcoin network
+ * 6. Attest via ZAP1 as AGENT_ACTION
+ */
+export async function spendBitcoin(config, walletId, operatorSeed, request) {
+    throw new Error("spendBitcoin requires active secp256k1 dWallet + Bitcoin node. " +
+        "Same MPC flow as Zcash transparent - DoubleSHA256 sighash, ECDSA signature.");
+}
+/**
+ * Verify the wallet's attestation history via ZAP1.
+ * Works today against the live API.
+ */
+export async function getHistory(config, walletId) {
+    const resp = await fetch(`${config.zap1ApiUrl}/lifecycle/${walletId}`);
+    if (!resp.ok)
+        return [];
+    const data = (await resp.json());
+    return (data.leaves || []).map((l) => ({
+        leafHash: l.leaf_hash,
+        eventType: l.event_type,
+        timestamp: l.created_at,
+    }));
+}
+/**
+ * Check wallet's policy compliance status via ZAP1.
+ * Works today against the live API.
+ */
+export async function checkCompliance(config, walletId) {
+    const resp = await fetch(`${config.zap1ApiUrl}/agent/${walletId}/policy/verify`);
+    if (!resp.ok)
+        return { compliant: false, violations: -1, bondDeposits: 0 };
+    const data = (await resp.json());
+    return {
+        compliant: data.compliant,
+        violations: data.violations,
+        bondDeposits: data.bond_deposits || 0,
+    };
+}

package/dist/test-dkg.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Ika DKG test - create dWallets on testnet.
+ *
+ * Creates:
+ * 1. Ed25519 dWallet (Zcash Orchard shielded)
+ * 2. secp256k1 dWallet (Bitcoin + USDC + USDT + any EVM)
+ *
+ * One operator, split-key custody across all chains.
+ * Swiss bank in your pocket. Jailbroken but legal tender.
+ *
+ * Requires: SUI_PRIVATE_KEY env var (base64 Sui keypair)
+ * Get testnet SUI: https://faucet.sui.io
+ *
+ * Usage:
+ *   SUI_PRIVATE_KEY=... node dist/test-dkg.js
+ */
+export {};

package/dist/test-dkg.js

@@ -0,0 +1,150 @@
+// @ts-nocheck
+/**
+ * Ika DKG test - create dWallets on testnet.
+ *
+ * Creates:
+ * 1. Ed25519 dWallet (Zcash Orchard shielded)
+ * 2. secp256k1 dWallet (Bitcoin + USDC + USDT + any EVM)
+ *
+ * One operator, split-key custody across all chains.
+ * Swiss bank in your pocket. Jailbroken but legal tender.
+ *
+ * Requires: SUI_PRIVATE_KEY env var (base64 Sui keypair)
+ * Get testnet SUI: https://faucet.sui.io
+ *
+ * Usage:
+ *   SUI_PRIVATE_KEY=... node dist/test-dkg.js
+ */
+import { Ed25519Keypair } from "@mysten/sui/keypairs/ed25519";
+import { Transaction } from "@mysten/sui/transactions";
+import { decodeSuiPrivateKey } from "@mysten/sui/cryptography";
+import { IkaClient, IkaTransaction, UserShareEncryptionKeys, getNetworkConfig, Curve, prepareDKGAsync, createRandomSessionIdentifier, CHAIN_PARAMS, } from "./index.js";
+const NETWORK = "testnet";
+async function createDWallet(ikaClient, suiClient, keypair, encKeys, chain, address) {
+    const params = CHAIN_PARAMS[chain];
+    console.log(`\n--- ${params.description} ---`);
+    console.log(`Params: ${params.curve}/${params.algorithm}/${params.hash}`);
+    // Prepare DKG (async fetches protocol public params from network)
+    const bytesToHash = createRandomSessionIdentifier();
+    const dkgInput = await prepareDKGAsync(ikaClient, Curve[params.curve], encKeys, bytesToHash, address);
+    console.log("DKG prepared locally");
+    // Build transaction
+    const tx = new Transaction();
+    const ikaTx = new IkaTransaction({
+        ikaClient,
+        transaction: tx,
+        userShareEncryptionKeys: encKeys,
+    });
+    const sessionId = ikaTx.registerSessionIdentifier(bytesToHash);
+    // Get network encryption key
+    const networkEncKey = await ikaClient.getLatestNetworkEncryptionKey?.()
+        || await ikaClient.getConfiguredNetworkEncryptionKey?.();
+    if (!networkEncKey) {
+        // Try without - some SDK versions auto-detect
+        console.log("No explicit encryption key method found, trying auto-detect...");
+    }
+    // Submit DKG request
+    const dkgResult = await ikaTx.requestDWalletDKG({
+        dkgRequestInput: dkgInput,
+        sessionIdentifier: sessionId,
+        dwalletNetworkEncryptionKeyId: networkEncKey?.id,
+        curve: Curve[params.curve],
+        ikaCoin: tx.splitCoins(tx.gas, [50_000_000]),
+        suiCoin: tx.splitCoins(tx.gas, [50_000_000]),
+    });
+    console.log("Submitting DKG to Ika network...");
+    const result = await suiClient.signAndExecuteTransaction({
+        transaction: tx,
+        signer: keypair,
+        options: { showEffects: true, showEvents: true },
+    });
+    console.log("TX digest:", result.digest);
+    if (result.effects?.status?.status !== "success") {
+        console.error("TX failed:", result.effects?.status?.error);
+        return null;
+    }
+    console.log("DKG submitted. Poll for completion...");
+    // Extract dWallet ID from events/created objects
+    const created = result.effects?.created || [];
+    console.log(`Created ${created.length} objects`);
+    for (const obj of created) {
+        console.log(`  ${obj.reference?.objectId || obj}`);
+    }
+    return result;
+}
+async function main() {
+    const privKeyRaw = process.env.SUI_PRIVATE_KEY;
+    if (!privKeyRaw) {
+        console.log("zcash-ika DKG test");
+        console.log("==================");
+        console.log("");
+        console.log("Chain params (what Ika signs for each chain):");
+        for (const [chain, params] of Object.entries(CHAIN_PARAMS)) {
+            console.log(`  ${chain}: ${params.curve}/${params.algorithm}/${params.hash}`);
+        }
+        console.log("");
+        console.log("secp256k1/ECDSA/DoubleSHA256 signs for:");
+        console.log("  - Bitcoin (BTC)");
+        console.log("  - Zcash transparent (t-addr)");
+        console.log("  - Ethereum/Base (USDC, USDT) via KECCAK256 variant");
+        console.log("");
+        console.log("Ed25519/EdDSA/SHA512 signs for:");
+        console.log("  - Zcash Orchard (shielded ZEC)");
+        console.log("");
+        console.log("One operator. Split-key custody. Every chain.");
+        console.log("");
+        console.log("To run DKG:");
+        console.log("  SUI_PRIVATE_KEY=suiprivkey1... node dist/test-dkg.js");
+        console.log("  Get testnet SUI: https://faucet.sui.io");
+        return;
+    }
+    // Decode Sui keypair
+    const decoded = decodeSuiPrivateKey(privKeyRaw);
+    const keypair = Ed25519Keypair.fromSecretKey(decoded.secretKey);
+    const address = keypair.getPublicKey().toSuiAddress();
+    console.log(`Sui address: ${address}`);
+    // Init clients
+    // PublicNode doesn't rate limit like Mysten's public RPC
+    const { SuiJsonRpcClient } = await import("@mysten/sui/jsonRpc");
+    const suiClient = new SuiJsonRpcClient({ url: "https://sui-testnet-rpc.publicnode.com" });
+    const ikaConfig = getNetworkConfig(NETWORK);
+    if (!ikaConfig)
+        throw new Error("No Ika testnet config");
+    const ikaClient = new IkaClient({ suiClient, config: ikaConfig });
+    await ikaClient.initialize();
+    console.log("Ika client initialized on testnet");
+    // Check balance
+    const balance = await suiClient.getBalance({ owner: address });
+    const suiBalance = Number(balance.totalBalance) / 1e9;
+    console.log(`SUI balance: ${suiBalance} SUI`);
+    if (suiBalance < 0.2) {
+        console.log("Need at least 0.2 SUI for gas (two DKG operations).");
+        console.log("Get testnet SUI: https://faucet.sui.io");
+        return;
+    }
+    // Generate encryption keys - one per curve
+    const seed = new Uint8Array(32);
+    crypto.getRandomValues(seed);
+    // Ed25519 encryption keys for shielded ZEC wallet
+    const edEncKeys = await UserShareEncryptionKeys.fromRootSeedKey(seed, Curve.ED25519);
+    console.log("Ed25519 encryption keys generated");
+    // secp256k1 encryption keys for BTC/stablecoin wallet
+    const secpEncKeys = await UserShareEncryptionKeys.fromRootSeedKey(seed, Curve.SECP256K1);
+    console.log("secp256k1 encryption keys generated");
+    // Create Ed25519 dWallet (Zcash Orchard)
+    try {
+        await createDWallet(ikaClient, suiClient, keypair, edEncKeys, "zcash-shielded", address);
+    }
+    catch (err) {
+        console.error("Ed25519 DKG error:", err.message);
+    }
+    // Create secp256k1 dWallet (Bitcoin + stablecoins)
+    try {
+        await createDWallet(ikaClient, suiClient, keypair, secpEncKeys, "bitcoin", address);
+    }
+    catch (err) {
+        console.error("secp256k1 DKG error:", err.message);
+    }
+    console.log("\nDone.");
+}
+main().catch(console.error);

package/package.json

@@ -0,0 +1,20 @@
+{
+  "name": "@frontiercompute/zcash-ika",
+  "version": "0.1.0",
+  "description": "Zero-trust Zcash agent custody via Ika dWallet. Born shielded, stay shielded.",
+  "type": "module",
+  "main": "dist/index.js",
+  "scripts": {
+    "build": "tsc",
+    "test": "node --experimental-vm-modules dist/test.js"
+  },
+  "dependencies": {
+    "@ika.xyz/sdk": "^0.3.1",
+    "@mysten/sui": "^2.5.0"
+  },
+  "devDependencies": {
+    "@types/node": "^25.5.2",
+    "typescript": "^5.4.0"
+  },
+  "license": "MIT"
+}

package/src/index.ts

@@ -0,0 +1,338 @@
+/**
+ * @frontiercompute/zcash-ika
+ *
+ * Zero-trust custody for Zcash and Bitcoin. Born shielded, stay shielded.
+ *
+ * Two dWallets, one operator:
+ * - Ed25519 dWallet -> Zcash Orchard (shielded ZEC)
+ * - secp256k1 dWallet -> Bitcoin (BTC) + Zcash transparent (t-addr)
+ *
+ * Neither key ever exists whole. Both chains signed through Ika 2PC-MPC.
+ * Every operation attested to Zcash via ZAP1.
+ *
+ * Built on Ika's 2PC-MPC network (Sui).
+ */
+
+export {
+  Curve,
+  Hash,
+  SignatureAlgorithm,
+  IkaClient,
+  IkaTransaction,
+  UserShareEncryptionKeys,
+  getNetworkConfig,
+  createClassGroupsKeypair,
+  createRandomSessionIdentifier,
+  prepareDKG,
+  prepareDKGAsync,
+  prepareDKGSecondRound,
+  prepareDKGSecondRoundAsync,
+  createDKGUserOutput,
+  publicKeyFromDWalletOutput,
+  parseSignatureFromSignOutput,
+} from "@ika.xyz/sdk";
+
+// Chain identifiers for wallet creation
+export type Chain = "zcash-shielded" | "zcash-transparent" | "bitcoin";
+
+export interface ZcashIkaConfig {
+  /** Ika network: mainnet or testnet */
+  network: "mainnet" | "testnet";
+  /** Sui RPC URL (defaults to Ika's network config) */
+  suiRpcUrl?: string;
+  /** Zebra node RPC for broadcasting Zcash txs */
+  zebraRpcUrl: string;
+  /** ZAP1 API for attestation */
+  zap1ApiUrl: string;
+  /** ZAP1 API key for write operations */
+  zap1ApiKey?: string;
+}
+
+/** Parameters for dWallet creation per chain */
+export const CHAIN_PARAMS = {
+  "zcash-shielded": {
+    curve: "ED25519" as const,
+    algorithm: "EdDSA" as const,
+    hash: "SHA512" as const,
+    description: "Zcash Orchard shielded pool (Ed25519/EdDSA)",
+  },
+  "zcash-transparent": {
+    curve: "SECP256K1" as const,
+    algorithm: "ECDSASecp256k1" as const,
+    hash: "DoubleSHA256" as const,
+    description: "Zcash transparent t-address (secp256k1/ECDSA)",
+  },
+  bitcoin: {
+    curve: "SECP256K1" as const,
+    algorithm: "ECDSASecp256k1" as const,
+    hash: "DoubleSHA256" as const,
+    description: "Bitcoin (secp256k1/ECDSA, DoubleSHA256)",
+  },
+} as const;
+
+export interface DWalletHandle {
+  /** dWallet object ID on Sui */
+  id: string;
+  /** Raw public key bytes */
+  publicKey: Uint8Array;
+  /** Which chain this wallet targets */
+  chain: Chain;
+  /** Derived address for the target chain */
+  address: string;
+  /** Ika network (mainnet/testnet) */
+  network: string;
+}
+
+export interface DualCustody {
+  /** Shielded ZEC wallet (Ed25519 dWallet -> Orchard address) */
+  shielded: DWalletHandle;
+  /** Bitcoin wallet (secp256k1 dWallet -> BTC address) */
+  bitcoin: DWalletHandle;
+  /** Operator ID (shared across both wallets) */
+  operatorId: string;
+}
+
+export interface SpendPolicy {
+  /** Max zatoshis (or satoshis) per single transaction */
+  maxPerTx: number;
+  /** Max per 24h window */
+  maxDaily: number;
+  /** Allowed recipient addresses (empty = any) */
+  allowedRecipients: string[];
+  /** Require operator approval above this amount */
+  approvalThreshold: number;
+}
+
+export interface SpendRequest {
+  /** Recipient address (Orchard UA, t-addr, or BTC address) */
+  to: string;
+  /** Amount in smallest unit (zatoshis or satoshis) */
+  amount: number;
+  /** Memo (ZAP1 structured or plain text, Zcash only) */
+  memo?: string;
+}
+
+export interface SpendResult {
+  /** Transaction ID on target chain */
+  txid: string;
+  /** ZAP1 attestation leaf hash */
+  leafHash: string;
+  /** Chain the spend was on */
+  chain: Chain;
+  /** Whether policy was checked */
+  policyChecked: boolean;
+}
+
+export interface SignRequest {
+  /** Raw message hash to sign (sighash) */
+  messageHash: Uint8Array;
+  /** Which dWallet to sign with */
+  walletId: string;
+  /** Chain determines signing params */
+  chain: Chain;
+}
+
+export interface SignResult {
+  /** DER-encoded signature (ECDSA) or raw Ed25519 signature */
+  signature: Uint8Array;
+  /** Public key used */
+  publicKey: Uint8Array;
+}
+
+/**
+ * Create a dual-custody setup: one shielded ZEC wallet + one BTC wallet.
+ * Same operator controls both via Ika split-key.
+ *
+ * Flow per wallet:
+ * 1. Generate UserShareEncryptionKeys from operator seed
+ * 2. Run DKG on Ika (2PC-MPC key generation)
+ * 3. Extract public key, derive chain-specific address
+ * 4. Attest wallet creation via ZAP1
+ */
+export async function createDualCustody(
+  config: ZcashIkaConfig,
+  operatorSeed: Uint8Array
+): Promise<DualCustody> {
+  // Both wallets share one operator seed.
+  // Each gets its own dWallet with different curve params.
+  //
+  // Phase 1 (current): throw with setup instructions
+  // Phase 2: actual DKG on Ika testnet
+
+  throw new Error(
+    "createDualCustody requires Ika network access. " +
+      "Shielded: Ed25519/EdDSA/SHA512 dWallet -> Orchard address. " +
+      "Bitcoin: secp256k1/ECDSA/DoubleSHA256 dWallet -> BTC address. " +
+      "npm install @ika.xyz/sdk @mysten/sui && configure Sui wallet. " +
+      "See https://docs.ika.xyz for DKG walkthrough."
+  );
+}
+
+/**
+ * Create a single dWallet for a specific chain.
+ */
+export async function createWallet(
+  config: ZcashIkaConfig,
+  chain: Chain,
+  operatorSeed: Uint8Array
+): Promise<DWalletHandle> {
+  const params = CHAIN_PARAMS[chain];
+
+  // The DKG flow:
+  // 1. IkaClient.init({ network: config.network })
+  // 2. UserShareEncryptionKeys from operatorSeed
+  // 3. prepareDKG(curve, signatureAlgorithm, hash)
+  // 4. Submit DKG round 1 to Ika via IkaTransaction
+  // 5. prepareDKGSecondRound with network output
+  // 6. Submit round 2 -> get dWallet object ID + public key
+  // 7. Derive chain address from public key
+
+  throw new Error(
+    `createWallet(${chain}) requires Ika ${config.network} access. ` +
+      `Params: ${params.curve}/${params.algorithm}/${params.hash}. ` +
+      `${params.description}.`
+  );
+}
+
+/**
+ * Sign a message hash through Ika 2PC-MPC.
+ *
+ * The operator provides their seed, Ika provides the network share.
+ * Neither party ever sees the full private key.
+ *
+ * Flow:
+ * 1. Create presign session on Ika
+ * 2. Compute partial user signature locally
+ * 3. Submit to Ika coordinator
+ * 4. Poll for completion
+ * 5. Extract full signature from sign output
+ */
+export async function sign(
+  config: ZcashIkaConfig,
+  operatorSeed: Uint8Array,
+  request: SignRequest
+): Promise<SignResult> {
+  const params = CHAIN_PARAMS[request.chain];
+
+  // The sign flow:
+  // 1. IkaClient.init({ network: config.network })
+  // 2. RequestGlobalPresign for the dWallet
+  // 3. createUserSignMessageWithCentralizedOutput(messageHash, userShare, ...)
+  // 4. ApproveMessage on Sui (this is where Move policy gates)
+  // 5. RequestSign -> poll SessionsManager for Completed status
+  // 6. parseSignatureFromSignOutput(signOutput)
+
+  throw new Error(
+    `sign requires active dWallet + Ika ${config.network}. ` +
+      `Chain: ${request.chain}, params: ${params.curve}/${params.algorithm}/${params.hash}.`
+  );
+}
+
+/**
+ * Set spending policy on the dWallet.
+ * Policy enforced at Sui Move contract level.
+ * The agent cannot bypass it - the contract holds the DWalletCap.
+ */
+export async function setPolicy(
+  config: ZcashIkaConfig,
+  walletId: string,
+  policy: SpendPolicy
+): Promise<string> {
+  throw new Error(
+    "setPolicy requires a deployed Move module on Sui. " +
+      "The module gates approve_message() with spending constraints. " +
+      "See docs/move-policy-template.move for the template."
+  );
+}
+
+/**
+ * Spend from a shielded ZEC wallet.
+ *
+ * 1. Build Zcash Orchard transaction (zcash_primitives)
+ * 2. Extract sighash
+ * 3. Sign via Ika 2PC-MPC (Ed25519/EdDSA)
+ * 4. Attach signature to transaction
+ * 5. Broadcast via Zebra sendrawtransaction
+ * 6. Attest via ZAP1 as AGENT_ACTION
+ */
+export async function spendShielded(
+  config: ZcashIkaConfig,
+  walletId: string,
+  operatorSeed: Uint8Array,
+  request: SpendRequest
+): Promise<SpendResult> {
+  throw new Error(
+    "spendShielded requires active Ed25519 dWallet + Zebra node. " +
+      "Integration in progress - need Ed25519 -> Orchard spending key derivation bridge."
+  );
+}
+
+/**
+ * Spend from a Bitcoin wallet.
+ *
+ * 1. Build Bitcoin transaction
+ * 2. Compute sighash (DoubleSHA256)
+ * 3. Sign via Ika 2PC-MPC (secp256k1/ECDSA)
+ * 4. Attach signature
+ * 5. Broadcast to Bitcoin network
+ * 6. Attest via ZAP1 as AGENT_ACTION
+ */
+export async function spendBitcoin(
+  config: ZcashIkaConfig,
+  walletId: string,
+  operatorSeed: Uint8Array,
+  request: SpendRequest
+): Promise<SpendResult> {
+  throw new Error(
+    "spendBitcoin requires active secp256k1 dWallet + Bitcoin node. " +
+      "Same MPC flow as Zcash transparent - DoubleSHA256 sighash, ECDSA signature."
+  );
+}
+
+/**
+ * Verify the wallet's attestation history via ZAP1.
+ * Works today against the live API.
+ */
+export async function getHistory(
+  config: ZcashIkaConfig,
+  walletId: string
+): Promise<{ leafHash: string; eventType: string; timestamp: string }[]> {
+  const resp = await fetch(`${config.zap1ApiUrl}/lifecycle/${walletId}`);
+  if (!resp.ok) return [];
+  const data = (await resp.json()) as {
+    leaves?: { leaf_hash: string; event_type: string; created_at: string }[];
+  };
+  return (data.leaves || []).map((l) => ({
+    leafHash: l.leaf_hash,
+    eventType: l.event_type,
+    timestamp: l.created_at,
+  }));
+}
+
+/**
+ * Check wallet's policy compliance status via ZAP1.
+ * Works today against the live API.
+ */
+export async function checkCompliance(
+  config: ZcashIkaConfig,
+  walletId: string
+): Promise<{
+  compliant: boolean;
+  violations: number;
+  bondDeposits: number;
+}> {
+  const resp = await fetch(
+    `${config.zap1ApiUrl}/agent/${walletId}/policy/verify`
+  );
+  if (!resp.ok) return { compliant: false, violations: -1, bondDeposits: 0 };
+  const data = (await resp.json()) as {
+    compliant: boolean;
+    violations: number;
+    bond_deposits?: number;
+  };
+  return {
+    compliant: data.compliant,
+    violations: data.violations,
+    bondDeposits: data.bond_deposits || 0,
+  };
+}

package/src/test-dkg.ts

@@ -0,0 +1,199 @@
+// @ts-nocheck
+/**
+ * Ika DKG test - create dWallets on testnet.
+ *
+ * Creates:
+ * 1. Ed25519 dWallet (Zcash Orchard shielded)
+ * 2. secp256k1 dWallet (Bitcoin + USDC + USDT + any EVM)
+ *
+ * One operator, split-key custody across all chains.
+ * Swiss bank in your pocket. Jailbroken but legal tender.
+ *
+ * Requires: SUI_PRIVATE_KEY env var (base64 Sui keypair)
+ * Get testnet SUI: https://faucet.sui.io
+ *
+ * Usage:
+ *   SUI_PRIVATE_KEY=... node dist/test-dkg.js
+ */
+
+import { CoreClient } from "@mysten/sui/client";
+import { Ed25519Keypair } from "@mysten/sui/keypairs/ed25519";
+import { Transaction } from "@mysten/sui/transactions";
+import { decodeSuiPrivateKey } from "@mysten/sui/cryptography";
+import {
+  IkaClient,
+  IkaTransaction,
+  UserShareEncryptionKeys,
+  getNetworkConfig,
+  Curve,
+  prepareDKGAsync,
+  publicKeyFromDWalletOutput,
+  createRandomSessionIdentifier,
+  CHAIN_PARAMS,
+  type Chain,
+} from "./index.js";
+
+const NETWORK = "testnet";
+
+async function createDWallet(
+  ikaClient: IkaClient,
+  suiClient: CoreClient,
+  keypair: Ed25519Keypair,
+  encKeys: UserShareEncryptionKeys,
+  chain: Chain,
+  address: string,
+) {
+  const params = CHAIN_PARAMS[chain];
+  console.log(`\n--- ${params.description} ---`);
+  console.log(`Params: ${params.curve}/${params.algorithm}/${params.hash}`);
+
+  // Prepare DKG (async fetches protocol public params from network)
+  const bytesToHash = createRandomSessionIdentifier();
+  const dkgInput = await prepareDKGAsync(
+    ikaClient,
+    Curve[params.curve],
+    encKeys,
+    bytesToHash,
+    address,
+  );
+  console.log("DKG prepared locally");
+
+  // Build transaction
+  const tx = new Transaction();
+  const ikaTx = new IkaTransaction({
+    ikaClient,
+    transaction: tx,
+    userShareEncryptionKeys: encKeys,
+  });
+
+  const sessionId = ikaTx.registerSessionIdentifier(bytesToHash);
+
+  // Get network encryption key
+  const networkEncKey = await (ikaClient as any).getLatestNetworkEncryptionKey?.()
+    || await (ikaClient as any).getConfiguredNetworkEncryptionKey?.();
+
+  if (!networkEncKey) {
+    // Try without - some SDK versions auto-detect
+    console.log("No explicit encryption key method found, trying auto-detect...");
+  }
+
+  // Submit DKG request
+  const dkgResult = await (ikaTx as any).requestDWalletDKG({
+    dkgRequestInput: dkgInput,
+    sessionIdentifier: sessionId,
+    dwalletNetworkEncryptionKeyId: networkEncKey?.id,
+    curve: Curve[params.curve],
+    ikaCoin: tx.splitCoins(tx.gas, [50_000_000]),
+    suiCoin: tx.splitCoins(tx.gas, [50_000_000]),
+  });
+
+  console.log("Submitting DKG to Ika network...");
+  const result = await suiClient.signAndExecuteTransaction({
+    transaction: tx,
+    signer: keypair,
+    options: { showEffects: true, showEvents: true },
+  });
+  console.log("TX digest:", result.digest);
+
+  if (result.effects?.status?.status !== "success") {
+    console.error("TX failed:", result.effects?.status?.error);
+    return null;
+  }
+
+  console.log("DKG submitted. Poll for completion...");
+
+  // Extract dWallet ID from events/created objects
+  const created = result.effects?.created || [];
+  console.log(`Created ${created.length} objects`);
+  for (const obj of created) {
+    console.log(`  ${(obj.reference as any)?.objectId || obj}`);
+  }
+
+  return result;
+}
+
+async function main() {
+  const privKeyRaw = process.env.SUI_PRIVATE_KEY;
+  if (!privKeyRaw) {
+    console.log("zcash-ika DKG test");
+    console.log("==================");
+    console.log("");
+    console.log("Chain params (what Ika signs for each chain):");
+    for (const [chain, params] of Object.entries(CHAIN_PARAMS)) {
+      console.log(`  ${chain}: ${params.curve}/${params.algorithm}/${params.hash}`);
+    }
+    console.log("");
+    console.log("secp256k1/ECDSA/DoubleSHA256 signs for:");
+    console.log("  - Bitcoin (BTC)");
+    console.log("  - Zcash transparent (t-addr)");
+    console.log("  - Ethereum/Base (USDC, USDT) via KECCAK256 variant");
+    console.log("");
+    console.log("Ed25519/EdDSA/SHA512 signs for:");
+    console.log("  - Zcash Orchard (shielded ZEC)");
+    console.log("");
+    console.log("One operator. Split-key custody. Every chain.");
+    console.log("");
+    console.log("To run DKG:");
+    console.log("  SUI_PRIVATE_KEY=suiprivkey1... node dist/test-dkg.js");
+    console.log("  Get testnet SUI: https://faucet.sui.io");
+    return;
+  }
+
+  // Decode Sui keypair
+  const decoded = decodeSuiPrivateKey(privKeyRaw);
+  const keypair = Ed25519Keypair.fromSecretKey(decoded.secretKey);
+  const address = keypair.getPublicKey().toSuiAddress();
+  console.log(`Sui address: ${address}`);
+
+  // Init clients
+  // PublicNode doesn't rate limit like Mysten's public RPC
+  const { SuiJsonRpcClient } = await import("@mysten/sui/jsonRpc");
+  const suiClient = new SuiJsonRpcClient({ url: "https://sui-testnet-rpc.publicnode.com" });
+  const ikaConfig = getNetworkConfig(NETWORK);
+  if (!ikaConfig) throw new Error("No Ika testnet config");
+
+  const ikaClient = new IkaClient({ suiClient, config: ikaConfig });
+  await ikaClient.initialize();
+  console.log("Ika client initialized on testnet");
+
+  // Check balance
+  const balance = await suiClient.getBalance({ owner: address });
+  const suiBalance = Number(balance.totalBalance) / 1e9;
+  console.log(`SUI balance: ${suiBalance} SUI`);
+
+  if (suiBalance < 0.2) {
+    console.log("Need at least 0.2 SUI for gas (two DKG operations).");
+    console.log("Get testnet SUI: https://faucet.sui.io");
+    return;
+  }
+
+  // Generate encryption keys - one per curve
+  const seed = new Uint8Array(32);
+  crypto.getRandomValues(seed);
+
+  // Ed25519 encryption keys for shielded ZEC wallet
+  const edEncKeys = await UserShareEncryptionKeys.fromRootSeedKey(seed, Curve.ED25519);
+  console.log("Ed25519 encryption keys generated");
+
+  // secp256k1 encryption keys for BTC/stablecoin wallet
+  const secpEncKeys = await UserShareEncryptionKeys.fromRootSeedKey(seed, Curve.SECP256K1);
+  console.log("secp256k1 encryption keys generated");
+
+  // Create Ed25519 dWallet (Zcash Orchard)
+  try {
+    await createDWallet(ikaClient, suiClient, keypair, edEncKeys, "zcash-shielded", address);
+  } catch (err) {
+    console.error("Ed25519 DKG error:", (err as Error).message);
+  }
+
+  // Create secp256k1 dWallet (Bitcoin + stablecoins)
+  try {
+    await createDWallet(ikaClient, suiClient, keypair, secpEncKeys, "bitcoin", address);
+  } catch (err) {
+    console.error("secp256k1 DKG error:", (err as Error).message);
+  }
+
+  console.log("\nDone.");
+}
+
+main().catch(console.error);

package/tsconfig.json

@@ -0,0 +1,13 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "NodeNext",
+    "moduleResolution": "NodeNext",
+    "outDir": "dist",
+    "declaration": true,
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true
+  },
+  "include": ["src"]
+}