@frontiercompute/zcash-ika 0.1.0 → 0.2.0

package/dist/index.js

@@ -1,26 +1,31 @@
 /**
  * @frontiercompute/zcash-ika
  *
- * Zero-trust custody for Zcash and Bitcoin. Born shielded, stay shielded.
+ * Split-key custody for Zcash transparent, Bitcoin, and EVM chains.
  *
- * Two dWallets, one operator:
- * - Ed25519 dWallet -> Zcash Orchard (shielded ZEC)
- * - secp256k1 dWallet -> Bitcoin (BTC) + Zcash transparent (t-addr)
- *
- * Neither key ever exists whole. Both chains signed through Ika 2PC-MPC.
+ * One secp256k1 dWallet signs for all three chain families.
+ * Neither key half can sign alone. Policy enforced by Sui Move contract.
  * Every operation attested to Zcash via ZAP1.
  *
  * Built on Ika's 2PC-MPC network (Sui).
+ *
+ * NOTE: Zcash shielded (Orchard) uses RedPallas on the Pallas curve,
+ * which Ika does not currently support. Only transparent ZEC (secp256k1)
+ * is viable through this package today.
  */
 export { Curve, Hash, SignatureAlgorithm, IkaClient, IkaTransaction, UserShareEncryptionKeys, getNetworkConfig, createClassGroupsKeypair, createRandomSessionIdentifier, prepareDKG, prepareDKGAsync, prepareDKGSecondRound, prepareDKGSecondRoundAsync, createDKGUserOutput, publicKeyFromDWalletOutput, parseSignatureFromSignOutput, } from "@ika.xyz/sdk";
-/** Parameters for dWallet creation per chain */
+import { Curve, Hash, SignatureAlgorithm, IkaClient, IkaTransaction, UserShareEncryptionKeys, getNetworkConfig, createRandomSessionIdentifier, prepareDKGAsync, publicKeyFromDWalletOutput, } from "@ika.xyz/sdk";
+import { Ed25519Keypair } from "@mysten/sui/keypairs/ed25519";
+import { Transaction } from "@mysten/sui/transactions";
+import { decodeSuiPrivateKey } from "@mysten/sui/cryptography";
+import { createHash } from "node:crypto";
+const IKA_COIN_TYPE = "0x1f26bb2f711ff82dcda4d02c77d5123089cb7f8418751474b9fb744ce031526a::ika::IKA";
+/** Parameters for dWallet creation per chain.
+ *
+ * All chains use secp256k1 - one dWallet signs for all of them.
+ * Zcash shielded (Orchard) requires RedPallas on the Pallas curve,
+ * which is not available in Ika's current MPC. Transparent ZEC works. */
 export const CHAIN_PARAMS = {
-    "zcash-shielded": {
-        curve: "ED25519",
-        algorithm: "EdDSA",
-        hash: "SHA512",
-        description: "Zcash Orchard shielded pool (Ed25519/EdDSA)",
-    },
     "zcash-transparent": {
         curve: "SECP256K1",
         algorithm: "ECDSASecp256k1",
@@ -33,114 +38,482 @@ export const CHAIN_PARAMS = {
         hash: "DoubleSHA256",
         description: "Bitcoin (secp256k1/ECDSA, DoubleSHA256)",
     },
+    ethereum: {
+        curve: "SECP256K1",
+        algorithm: "ECDSASecp256k1",
+        hash: "KECCAK256",
+        description: "Ethereum/EVM (secp256k1/ECDSA, KECCAK256)",
+    },
+};
+// Zcash t-address version bytes (2 bytes each)
+const ZCASH_VERSION_BYTES = {
+    mainnet: Uint8Array.from([0x1c, 0xb8]), // t1...
+    testnet: Uint8Array.from([0x1d, 0x25]), // tm...
 };
+const BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function base58Encode(data) {
+    // Count leading zeros
+    let leadingZeros = 0;
+    for (const b of data) {
+        if (b !== 0)
+            break;
+        leadingZeros++;
+    }
+    // Convert to bigint for division
+    let num = BigInt(0);
+    for (const b of data) {
+        num = num * 256n + BigInt(b);
+    }
+    const chars = [];
+    while (num > 0n) {
+        const rem = Number(num % 58n);
+        num = num / 58n;
+        chars.push(BASE58_ALPHABET[rem]);
+    }
+    // Prepend '1' for each leading zero byte
+    for (let i = 0; i < leadingZeros; i++) {
+        chars.push("1");
+    }
+    return chars.reverse().join("");
+}
+function sha256(data) {
+    return createHash("sha256").update(data).digest();
+}
+function hash160(data) {
+    return createHash("ripemd160").update(sha256(data)).digest();
+}
 /**
- * Create a dual-custody setup: one shielded ZEC wallet + one BTC wallet.
- * Same operator controls both via Ika split-key.
+ * Derive a Zcash transparent address from a compressed secp256k1 public key.
  *
- * Flow per wallet:
- * 1. Generate UserShareEncryptionKeys from operator seed
- * 2. Run DKG on Ika (2PC-MPC key generation)
- * 3. Extract public key, derive chain-specific address
- * 4. Attest wallet creation via ZAP1
+ * Same as Bitcoin P2PKH but with Zcash 2-byte version prefix:
+ *   mainnet 0x1cb8 (t1...), testnet 0x1d25 (tm...)
+ *
+ * Steps:
+ *   1. SHA256(pubkey) then RIPEMD160 = 20-byte hash
+ *   2. Prepend 2-byte version
+ *   3. Double-SHA256 checksum (first 4 bytes)
+ *   4. Base58 encode (version + hash + checksum)
  */
-export async function createDualCustody(config, operatorSeed) {
-    // Both wallets share one operator seed.
-    // Each gets its own dWallet with different curve params.
-    //
-    // Phase 1 (current): throw with setup instructions
-    // Phase 2: actual DKG on Ika testnet
-    throw new Error("createDualCustody requires Ika network access. " +
-        "Shielded: Ed25519/EdDSA/SHA512 dWallet -> Orchard address. " +
-        "Bitcoin: secp256k1/ECDSA/DoubleSHA256 dWallet -> BTC address. " +
-        "npm install @ika.xyz/sdk @mysten/sui && configure Sui wallet. " +
-        "See https://docs.ika.xyz for DKG walkthrough.");
+export function deriveZcashAddress(publicKey, network = "mainnet") {
+    if (publicKey.length !== 33) {
+        throw new Error(`Expected 33-byte compressed secp256k1 pubkey, got ${publicKey.length} bytes`);
+    }
+    const prefix = publicKey[0];
+    if (prefix !== 0x02 && prefix !== 0x03) {
+        throw new Error(`Invalid compressed pubkey prefix 0x${prefix.toString(16)}, expected 0x02 or 0x03`);
+    }
+    const pubkeyHash = hash160(publicKey); // 20 bytes
+    const version = ZCASH_VERSION_BYTES[network];
+    // version (2) + hash160 (20) = 22 bytes
+    const payload = new Uint8Array(22);
+    payload.set(version, 0);
+    payload.set(pubkeyHash, 2);
+    // checksum: first 4 bytes of SHA256(SHA256(payload))
+    const checksum = sha256(sha256(payload)).subarray(0, 4);
+    // final: payload (22) + checksum (4) = 26 bytes
+    const full = new Uint8Array(26);
+    full.set(payload, 0);
+    full.set(checksum, 22);
+    return base58Encode(full);
 }
+// Default poll settings for testnet (epochs can be slow)
+const POLL_OPTS = {
+    timeout: 300_000,
+    interval: 3_000,
+    maxInterval: 10_000,
+    backoffMultiplier: 1.5,
+};
 /**
- * Create a single dWallet for a specific chain.
+ * Initialize Ika + Sui clients from config.
  */
-export async function createWallet(config, chain, operatorSeed) {
-    const params = CHAIN_PARAMS[chain];
-    // The DKG flow:
-    // 1. IkaClient.init({ network: config.network })
-    // 2. UserShareEncryptionKeys from operatorSeed
-    // 3. prepareDKG(curve, signatureAlgorithm, hash)
-    // 4. Submit DKG round 1 to Ika via IkaTransaction
-    // 5. prepareDKGSecondRound with network output
-    // 6. Submit round 2 -> get dWallet object ID + public key
-    // 7. Derive chain address from public key
-    throw new Error(`createWallet(${chain}) requires Ika ${config.network} access. ` +
-        `Params: ${params.curve}/${params.algorithm}/${params.hash}. ` +
-        `${params.description}.`);
+async function initClients(config) {
+    const decoded = decodeSuiPrivateKey(config.suiPrivateKey);
+    const keypair = Ed25519Keypair.fromSecretKey(decoded.secretKey);
+    const address = keypair.getPublicKey().toSuiAddress();
+    const { SuiJsonRpcClient } = await import("@mysten/sui/jsonRpc");
+    const rpcUrl = config.suiRpcUrl || (config.network === "testnet"
+        ? "https://sui-testnet-rpc.publicnode.com"
+        : "https://sui-mainnet-rpc.publicnode.com");
+    const suiClient = new SuiJsonRpcClient({
+        url: rpcUrl,
+        network: config.network,
+    });
+    const ikaConfig = getNetworkConfig(config.network);
+    if (!ikaConfig)
+        throw new Error(`No Ika ${config.network} config`);
+    const ikaClient = new IkaClient({
+        suiClient,
+        config: ikaConfig,
+        cache: true,
+        encryptionKeyOptions: { autoDetect: true },
+    });
+    await ikaClient.initialize();
+    return { ikaClient, suiClient, keypair, address };
 }
 /**
- * Sign a message hash through Ika 2PC-MPC.
+ * Find the IKA coin object ID for an address.
+ * IKA is a separate token from SUI - needed for Ika transaction fees.
+ */
+async function findIkaCoin(rpcUrl, address) {
+    const resp = await fetch(rpcUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            jsonrpc: "2.0", id: 1,
+            method: "suix_getCoins",
+            params: [address, IKA_COIN_TYPE, null, 5],
+        }),
+    });
+    const data = (await resp.json());
+    const coins = data.result?.data || [];
+    if (coins.length === 0) {
+        throw new Error("No IKA tokens found. Get them from https://faucet.ika.xyz");
+    }
+    return coins[0].coinObjectId;
+}
+/**
+ * Create a split-key custody wallet.
+ * One secp256k1 dWallet signs for Zcash transparent, Bitcoin, and EVM.
  *
- * The operator provides their seed, Ika provides the network share.
- * Neither party ever sees the full private key.
+ * Returns the dWallet handle with ID, public key, and encryption seed.
+ * Save the encryption seed - you need it for signing.
+ */
+export async function createDualCustody(config, _operatorSeed) {
+    const wallet = await createWallet(config, "zcash-transparent");
+    const { address } = await initClients(config);
+    return {
+        primary: wallet,
+        operatorAddress: address,
+    };
+}
+/**
+ * Create a single secp256k1 dWallet on Ika.
  *
  * Flow:
- * 1. Create presign session on Ika
- * 2. Compute partial user signature locally
- * 3. Submit to Ika coordinator
- * 4. Poll for completion
- * 5. Extract full signature from sign output
+ * 1. Generate encryption keys from random seed
+ * 2. Prepare DKG locally (WASM crypto)
+ * 3. Submit DKG request to Ika network
+ * 4. Poll until dWallet reaches Active state
+ * 5. Extract compressed public key
+ */
+export async function createWallet(config, chain, _operatorSeed) {
+    const { ikaClient, suiClient, keypair, address } = await initClients(config);
+    // Generate encryption keys
+    const seed = new Uint8Array(32);
+    crypto.getRandomValues(seed);
+    const encKeys = await UserShareEncryptionKeys.fromRootSeedKey(seed, Curve.SECP256K1);
+    // Prepare DKG
+    const bytesToHash = createRandomSessionIdentifier();
+    const dkgInput = await prepareDKGAsync(ikaClient, Curve.SECP256K1, encKeys, bytesToHash, address);
+    // Build and submit DKG transaction
+    const tx = new Transaction();
+    const ikaTx = new IkaTransaction({
+        ikaClient,
+        transaction: tx,
+        userShareEncryptionKeys: encKeys,
+    });
+    const sessionId = ikaTx.registerSessionIdentifier(bytesToHash);
+    const networkEncKey = await ikaClient.getLatestNetworkEncryptionKey?.()
+        || await ikaClient.getConfiguredNetworkEncryptionKey?.();
+    // IKA coin (separate token type) required for Ika fees
+    const rpcUrl = config.suiRpcUrl || (config.network === "testnet"
+        ? "https://sui-testnet-rpc.publicnode.com"
+        : "https://sui-mainnet-rpc.publicnode.com");
+    const ikaCoinId = config.ikaCoinId || await findIkaCoin(rpcUrl, address);
+    const ikaCoinObj = tx.object(ikaCoinId);
+    const dkgReturn = await ikaTx.requestDWalletDKG({
+        dkgRequestInput: dkgInput,
+        sessionIdentifier: sessionId,
+        dwalletNetworkEncryptionKeyId: networkEncKey?.id,
+        curve: Curve.SECP256K1,
+        ikaCoin: tx.splitCoins(ikaCoinObj, [50_000_000]),
+        suiCoin: tx.splitCoins(tx.gas, [50_000_000]),
+    });
+    if (dkgReturn) {
+        tx.transferObjects([dkgReturn], address);
+    }
+    const result = await suiClient.signAndExecuteTransaction({
+        transaction: tx,
+        signer: keypair,
+        options: { showEffects: true },
+    });
+    if (result.effects?.status?.status !== "success") {
+        throw new Error(`DKG TX failed: ${result.effects?.status?.error}`);
+    }
+    // Find and poll the dWallet object
+    const created = result.effects?.created || [];
+    let dwalletId = null;
+    let pubkey = null;
+    for (const obj of created) {
+        const id = obj.reference?.objectId || obj.objectId;
+        if (!id)
+            continue;
+        try {
+            const dw = await ikaClient.getDWalletInParticularState(id, "Active", POLL_OPTS);
+            if (dw) {
+                dwalletId = id;
+                try {
+                    const rawOut = dw.state?.Active?.public_output || dw.publicOutput;
+                    const outBytes = new Uint8Array(Array.isArray(rawOut) ? rawOut : Array.from(rawOut));
+                    pubkey = await publicKeyFromDWalletOutput(Curve.SECP256K1, outBytes);
+                }
+                catch { /* extract later if needed */ }
+                break;
+            }
+        }
+        catch {
+            // Not a dWallet object or timeout - skip
+        }
+    }
+    if (!dwalletId) {
+        throw new Error("DKG completed but could not find Active dWallet in created objects");
+    }
+    const seedHex = Buffer.from(seed).toString("hex");
+    // Derive chain-specific address from compressed pubkey
+    let derivedAddress = "";
+    if (pubkey && pubkey.length === 33 && chain === "zcash-transparent") {
+        derivedAddress = deriveZcashAddress(pubkey, config.network);
+    }
+    return {
+        id: dwalletId,
+        publicKey: pubkey || new Uint8Array(0),
+        chain,
+        address: derivedAddress,
+        network: config.network,
+        encryptionSeed: seedHex,
+    };
+}
+/**
+ * Sign a message hash through Ika 2PC-MPC.
+ *
+ * Two on-chain transactions:
+ * 1. Request presign (pre-compute MPC ephemeral key share)
+ * 2. Approve message + request signature
+ *
+ * The operator provides their encryption seed, Ika provides the network share.
+ * Neither party ever sees the full private key.
  */
-export async function sign(config, operatorSeed, request) {
+export async function sign(config, request) {
+    const { ikaClient, suiClient, keypair, address } = await initClients(config);
     const params = CHAIN_PARAMS[request.chain];
-    // The sign flow:
-    // 1. IkaClient.init({ network: config.network })
-    // 2. RequestGlobalPresign for the dWallet
-    // 3. createUserSignMessageWithCentralizedOutput(messageHash, userShare, ...)
-    // 4. ApproveMessage on Sui (this is where Move policy gates)
-    // 5. RequestSign -> poll SessionsManager for Completed status
-    // 6. parseSignatureFromSignOutput(signOutput)
-    throw new Error(`sign requires active dWallet + Ika ${config.network}. ` +
-        `Chain: ${request.chain}, params: ${params.curve}/${params.algorithm}/${params.hash}.`);
+    // Reconstruct encryption keys
+    const encSeed = Buffer.from(request.encryptionSeed, "hex");
+    const encKeys = await UserShareEncryptionKeys.fromRootSeedKey(new Uint8Array(encSeed), Curve.SECP256K1);
+    // Fetch dWallet (must be Active)
+    const dWallet = await ikaClient.getDWallet(request.walletId);
+    if (!dWallet?.state?.Active) {
+        throw new Error(`dWallet ${request.walletId} not Active`);
+    }
+    // Find dWalletCap
+    let capId = request.dWalletCapId;
+    if (!capId) {
+        const capsResult = await ikaClient.getOwnedDWalletCaps(address);
+        const cap = (capsResult.dWalletCaps || []).find((c) => c.dwallet_id === request.walletId);
+        if (!cap)
+            throw new Error(`No dWalletCap found for ${request.walletId}`);
+        capId = cap.id;
+    }
+    // Find IKA coin for fees
+    const rpcUrl = config.suiRpcUrl || (config.network === "testnet"
+        ? "https://sui-testnet-rpc.publicnode.com"
+        : "https://sui-mainnet-rpc.publicnode.com");
+    const ikaCoinId = config.ikaCoinId || await findIkaCoin(rpcUrl, address);
+    // TX 1: Request presign
+    const presignTx = new Transaction();
+    const presignIkaTx = new IkaTransaction({
+        ikaClient,
+        transaction: presignTx,
+        userShareEncryptionKeys: encKeys,
+    });
+    const presignIkaCoin = presignTx.object(ikaCoinId);
+    const presignSuiCoin = presignTx.splitCoins(presignTx.gas, [50_000_000]);
+    presignIkaTx.requestGlobalPresign({
+        dwalletNetworkEncryptionKeyId: dWallet.dwallet_network_encryption_key_id,
+        curve: Curve.SECP256K1,
+        signatureAlgorithm: SignatureAlgorithm.ECDSASecp256k1,
+        ikaCoin: presignIkaCoin,
+        suiCoin: presignSuiCoin,
+    });
+    const presignResult = await suiClient.signAndExecuteTransaction({
+        transaction: presignTx,
+        signer: keypair,
+        options: { showEffects: true },
+    });
+    if (presignResult.effects?.status?.status !== "success") {
+        throw new Error(`Presign TX failed: ${presignResult.effects?.status?.error}`);
+    }
+    // Find presign session and poll for completion.
+    // Poll manually instead of using getPresignInParticularState so we can
+    // detect NetworkRejected early rather than burning the full timeout.
+    const presignCreated = presignResult.effects?.created || [];
+    let completedPresign = null;
+    for (const obj of presignCreated) {
+        const id = obj.reference?.objectId || obj.objectId;
+        if (!id)
+            continue;
+        try {
+            const startTime = Date.now();
+            let interval = POLL_OPTS.interval || 3_000;
+            while (Date.now() - startTime < (POLL_OPTS.timeout || 300_000)) {
+                const presign = await ikaClient.getPresign(id);
+                const kind = presign?.state?.$kind;
+                if (kind === "Completed") {
+                    completedPresign = presign;
+                    break;
+                }
+                if (kind === "NetworkRejected") {
+                    throw new Error(`Presign ${id} rejected by network (state: NetworkRejected). ` +
+                        `This usually means the MPC round was aborted by validators. ` +
+                        `Retry or check Ika network status.`);
+                }
+                await new Promise(r => setTimeout(r, interval));
+                interval = Math.min(interval * (POLL_OPTS.backoffMultiplier || 1.5), POLL_OPTS.maxInterval || 10_000);
+            }
+            if (completedPresign)
+                break;
+        }
+        catch (e) {
+            if (e.message?.includes("NetworkRejected"))
+                throw e;
+            // Not a presign object or fetch error, try next created object
+        }
+    }
+    if (!completedPresign) {
+        throw new Error("Presign TX succeeded but timed out waiting for completion. Check Ika network status.");
+    }
+    // TX 2: Approve message + sign
+    const hashEnum = Hash[params.hash];
+    const signTx = new Transaction();
+    const signIkaTx = new IkaTransaction({
+        ikaClient,
+        transaction: signTx,
+        userShareEncryptionKeys: encKeys,
+    });
+    const verifiedPresignCap = signIkaTx.verifyPresignCap({
+        presign: completedPresign,
+    });
+    const messageApproval = signIkaTx.approveMessage({
+        dWalletCap: capId,
+        curve: Curve.SECP256K1,
+        signatureAlgorithm: SignatureAlgorithm.ECDSASecp256k1,
+        hashScheme: hashEnum,
+        message: request.messageHash,
+    });
+    await signIkaTx.requestSign({
+        dWallet: dWallet,
+        messageApproval,
+        hashScheme: hashEnum,
+        verifiedPresignCap,
+        presign: completedPresign,
+        message: request.messageHash,
+        signatureScheme: SignatureAlgorithm.ECDSASecp256k1,
+        ikaCoin: signTx.splitCoins(signTx.object(ikaCoinId), [50_000_000]),
+        suiCoin: signTx.splitCoins(signTx.gas, [50_000_000]),
+    });
+    const signResult = await suiClient.signAndExecuteTransaction({
+        transaction: signTx,
+        signer: keypair,
+        options: { showEffects: true },
+    });
+    if (signResult.effects?.status?.status !== "success") {
+        throw new Error(`Sign TX failed: ${signResult.effects?.status?.error}`);
+    }
+    // Find sign session and poll for signature.
+    // Same manual polling as presign to detect NetworkRejected early.
+    const signCreated = signResult.effects?.created || [];
+    let completedSign = null;
+    for (const obj of signCreated) {
+        const id = obj.reference?.objectId || obj.objectId;
+        if (!id)
+            continue;
+        try {
+            const startTime = Date.now();
+            let interval = POLL_OPTS.interval || 3_000;
+            while (Date.now() - startTime < (POLL_OPTS.timeout || 300_000)) {
+                const sign = await ikaClient.getSign(id, Curve.SECP256K1, SignatureAlgorithm.ECDSASecp256k1);
+                const kind = sign?.state?.$kind;
+                if (kind === "Completed") {
+                    completedSign = sign;
+                    break;
+                }
+                if (kind === "NetworkRejected") {
+                    throw new Error(`Sign ${id} rejected by network (state: NetworkRejected). ` +
+                        `MPC signing round aborted. Retry or check Ika network status.`);
+                }
+                await new Promise(r => setTimeout(r, interval));
+                interval = Math.min(interval * (POLL_OPTS.backoffMultiplier || 1.5), POLL_OPTS.maxInterval || 10_000);
+            }
+            if (completedSign)
+                break;
+        }
+        catch (e) {
+            if (e.message?.includes("NetworkRejected"))
+                throw e;
+            // Not a sign object or fetch error, try next created object
+        }
+    }
+    if (!completedSign?.state?.Completed?.signature) {
+        throw new Error("Sign TX succeeded but timed out waiting for signature. Check Ika network status.");
+    }
+    const rawSig = completedSign.state.Completed.signature;
+    const sigBytes = new Uint8Array(Array.isArray(rawSig) ? rawSig : Array.from(rawSig));
+    // Extract public key from dWallet
+    let pubkey = new Uint8Array(0);
+    try {
+        const rawOutput = dWallet.state.Active.public_output;
+        const outputBytes = new Uint8Array(Array.isArray(rawOutput) ? rawOutput : Array.from(rawOutput));
+        pubkey = await publicKeyFromDWalletOutput(Curve.SECP256K1, outputBytes);
+    }
+    catch { /* non-fatal */ }
+    return {
+        signature: sigBytes,
+        publicKey: pubkey,
+        signTxDigest: signResult.digest,
+    };
 }
 /**
  * Set spending policy on the dWallet.
  * Policy enforced at Sui Move contract level.
  * The agent cannot bypass it - the contract holds the DWalletCap.
  */
-export async function setPolicy(config, walletId, policy) {
+export async function setPolicy(_config, _walletId, _policy) {
     throw new Error("setPolicy requires a deployed Move module on Sui. " +
         "The module gates approve_message() with spending constraints. " +
         "See docs/move-policy-template.move for the template.");
 }
 /**
- * Spend from a shielded ZEC wallet.
+ * Spend from a Zcash transparent wallet.
  *
- * 1. Build Zcash Orchard transaction (zcash_primitives)
- * 2. Extract sighash
- * 3. Sign via Ika 2PC-MPC (Ed25519/EdDSA)
+ * 1. Build Zcash transparent transaction (requires Zebra)
+ * 2. Compute sighash (DoubleSHA256)
+ * 3. Sign via Ika 2PC-MPC (secp256k1/ECDSA)
  * 4. Attach signature to transaction
  * 5. Broadcast via Zebra sendrawtransaction
  * 6. Attest via ZAP1 as AGENT_ACTION
  */
-export async function spendShielded(config, walletId, operatorSeed, request) {
-    throw new Error("spendShielded requires active Ed25519 dWallet + Zebra node. " +
-        "Integration in progress - need Ed25519 -> Orchard spending key derivation bridge.");
+export async function spendTransparent(config, walletId, encryptionSeed, request) {
+    // Build transaction, extract sighash
+    // For now: the caller provides the sighash directly via sign()
+    // This function will be the full pipeline once we have tx building
+    throw new Error("spendTransparent requires Zcash transparent tx builder. " +
+        "Use sign() directly with a pre-computed sighash for now. " +
+        "Full pipeline: build tx -> sighash -> sign() -> attach sig -> broadcast.");
 }
 /**
  * Spend from a Bitcoin wallet.
- *
- * 1. Build Bitcoin transaction
- * 2. Compute sighash (DoubleSHA256)
- * 3. Sign via Ika 2PC-MPC (secp256k1/ECDSA)
- * 4. Attach signature
- * 5. Broadcast to Bitcoin network
- * 6. Attest via ZAP1 as AGENT_ACTION
+ * Same MPC flow as Zcash transparent - DoubleSHA256 sighash, ECDSA signature.
  */
-export async function spendBitcoin(config, walletId, operatorSeed, request) {
-    throw new Error("spendBitcoin requires active secp256k1 dWallet + Bitcoin node. " +
-        "Same MPC flow as Zcash transparent - DoubleSHA256 sighash, ECDSA signature.");
+export async function spendBitcoin(config, walletId, encryptionSeed, request) {
+    throw new Error("spendBitcoin requires Bitcoin tx builder. " +
+        "Use sign() with chain='bitcoin' and a pre-computed sighash for now.");
 }
 /**
  * Verify the wallet's attestation history via ZAP1.
  * Works today against the live API.
  */
 export async function getHistory(config, walletId) {
+    if (!config.zap1ApiUrl)
+        return [];
     const resp = await fetch(`${config.zap1ApiUrl}/lifecycle/${walletId}`);
     if (!resp.ok)
         return [];
@@ -156,6 +529,8 @@ export async function getHistory(config, walletId) {
  * Works today against the live API.
  */
 export async function checkCompliance(config, walletId) {
+    if (!config.zap1ApiUrl)
+        return { compliant: false, violations: -1, bondDeposits: 0 };
     const resp = await fetch(`${config.zap1ApiUrl}/agent/${walletId}/policy/verify`);
     if (!resp.ok)
         return { compliant: false, violations: -1, bondDeposits: 0 };

package/package.json

@@ -1,12 +1,13 @@
 {
   "name": "@frontiercompute/zcash-ika",
-  "version": "0.1.0",
-  "description": "Zero-trust Zcash agent custody via Ika dWallet. Born shielded, stay shielded.",
+  "version": "0.2.0",
+  "description": "Split-key Zcash custody via Ika dWallet. secp256k1 MPC for transparent, hybrid model for shielded.",
   "type": "module",
   "main": "dist/index.js",
   "scripts": {
     "build": "tsc",
-    "test": "node --experimental-vm-modules dist/test.js"
+    "test:dkg": "node dist/test-dkg.js",
+    "test:sign": "node dist/test-sign.js"
   },
   "dependencies": {
     "@ika.xyz/sdk": "^0.3.1",
@@ -16,5 +17,12 @@
     "@types/node": "^25.5.2",
     "typescript": "^5.4.0"
   },
+  "files": ["dist/index.js", "dist/index.d.ts", "dist/hybrid.js", "dist/hybrid.d.ts"],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/Frontier-Compute/zcash-ika.git"
+  },
+  "author": "zk_nd3r <zk_nd3r@frontiercompute.io>",
+  "keywords": ["zcash", "ika", "dwallet", "mpc", "custody", "bitcoin", "split-key"],
   "license": "MIT"
 }

package/dist/test-dkg.d.ts

@@ -1,17 +0,0 @@
-/**
- * Ika DKG test - create dWallets on testnet.
- *
- * Creates:
- * 1. Ed25519 dWallet (Zcash Orchard shielded)
- * 2. secp256k1 dWallet (Bitcoin + USDC + USDT + any EVM)
- *
- * One operator, split-key custody across all chains.
- * Swiss bank in your pocket. Jailbroken but legal tender.
- *
- * Requires: SUI_PRIVATE_KEY env var (base64 Sui keypair)
- * Get testnet SUI: https://faucet.sui.io
- *
- * Usage:
- *   SUI_PRIVATE_KEY=... node dist/test-dkg.js
- */
-export {};