@gvnrdao/dh-lit-ops 0.0.1

package/dist/modules/lit-ops.module.js

@@ -0,0 +1,792 @@
+"use strict";
+/**
+ * LIT-OPS Main Module
+ * Diamond Hands Protocol - LIT Protocol Operations
+ *
+ * Main LitOps class providing decoupled LIT Protocol operations supporting:
+ * - Standalone mode: User pays LIT tokens directly
+ * - Service mode: Backend service handles LIT token costs
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LitOps = void 0;
+const dh_lit_actions_1 = require("@gvnrdao/dh-lit-actions");
+const ethers_1 = require("ethers");
+const action_executor_module_1 = require("./action-executor.module");
+const auth_manager_module_1 = require("./auth-manager.module");
+const client_manager_module_1 = require("./client-manager.module");
+const pkp_authorizer_module_1 = require("./pkp-authorizer.module");
+const pkp_macros_module_1 = require("./pkp-macros.module");
+const pkp_manager_module_1 = require("./pkp-manager.module");
+const pkp_minter_module_1 = require("./pkp-minter.module");
+const pkp_signer_module_1 = require("./pkp-signer.module");
+const session_signature_manager_module_1 = require("./session-signature-manager.module");
+class LitOps {
+    constructor(config) {
+        this.config = {
+            domain: "diamond-hands.local",
+            sessionExpirationMinutes: 15,
+            pkpImmutabilityVerificationDelayMs: 10000, // Default 10000ms (10s) to prevent immutability verification failures on test networks
+            ...config,
+        };
+        // Validate configuration based on mode
+        if (this.config.mode === "standalone") {
+            if (!this.config.signer) {
+                throw new Error("Signer is required for standalone mode");
+            }
+            if (!this.config.network) {
+                throw new Error("Network is required for standalone mode");
+            }
+            if (this.config.serviceEndpoint) {
+                throw new Error("serviceEndpoint must not be provided for standalone mode");
+            }
+        }
+        else if (this.config.mode === "service") {
+            if (this.config.signer) {
+                throw new Error("Signer must not be provided for service mode");
+            }
+            if (this.config.network) {
+                throw new Error("Network must not be provided for service mode (determined by serviceEndpoint)");
+            }
+            if (!this.config.serviceEndpoint) {
+                throw new Error("serviceEndpoint is required for service mode");
+            }
+        }
+        // Use shared dependencies if provided, otherwise create new singletons
+        // Only create network-dependent components for standalone mode
+        if (this.config.mode === "standalone") {
+            this.clientManager =
+                this.config.sharedDependencies?.clientManager ||
+                    new client_manager_module_1.LitClientManager({
+                        litNetwork: this.config.network,
+                        debug: this.config.debug,
+                        alertWhenUnauthorized: false,
+                        minNodeCount: 2,
+                    });
+        }
+        else {
+            // Service mode - create dummy client manager
+            this.clientManager =
+                this.config.sharedDependencies?.clientManager ||
+                    {};
+        }
+        this.pkpManager = new pkp_manager_module_1.PKPManager(this.config.mode, this.config.debug, this.config.serviceEndpoint);
+        // Create shared auth manager for all action executors
+        this.authManager =
+            this.config.sharedDependencies?.authManager ||
+                new auth_manager_module_1.LitAuthManager(this.config.debug);
+        // Create shared session manager for all signers
+        this.sessionManager =
+            this.config.sharedDependencies?.sessionManager ||
+                new session_signature_manager_module_1.SessionSignatureManager(this.config.debug);
+        this.actionExecutor =
+            this.config.sharedDependencies?.actionExecutor ||
+                new action_executor_module_1.LitActionExecutor(this.config.mode, this.config.debug, this.authManager, this.config.serviceEndpoint);
+        // Only create network-dependent PKPSigner for standalone mode
+        if (this.config.mode === "standalone") {
+            this.pkpSigner =
+                this.config.sharedDependencies?.pkpSigner ||
+                    new pkp_signer_module_1.PKPSigner(this.config.network, this.config.debug, {
+                        clientManager: this.clientManager,
+                        sessionManager: this.sessionManager,
+                    });
+        }
+        else {
+            // Service mode - create dummy PKPSigner
+            this.pkpSigner =
+                this.config.sharedDependencies?.pkpSigner || {};
+        }
+        // Create shared PKPMinter with shared dependencies (only for standalone mode)
+        if (this.config.mode === "standalone") {
+            this.pkpMinter =
+                this.config.sharedDependencies?.pkpMinter ||
+                    new pkp_minter_module_1.PKPMinter({
+                        signer: this.config.signer,
+                        network: this.config.network,
+                        debug: this.config.debug,
+                        clientManager: this.clientManager,
+                    });
+            // Create shared PKPAuthorizer with shared dependencies
+            this.pkpAuthorizer =
+                this.config.sharedDependencies?.pkpAuthorizer ||
+                    new pkp_authorizer_module_1.PKPAuthorizer({
+                        signer: this.config.signer,
+                        network: this.config.network,
+                        debug: this.config.debug,
+                        clientManager: this.clientManager,
+                    });
+        }
+        else {
+            // Service mode - create dummy instances
+            this.pkpMinter =
+                this.config.sharedDependencies?.pkpMinter || {};
+            this.pkpAuthorizer =
+                this.config.sharedDependencies?.pkpAuthorizer || {};
+        }
+        // Create PKPMacroUtils with shared dependencies (only for standalone mode)
+        if (this.config.mode === "standalone") {
+            this.pkpMacroUtils =
+                this.config.sharedDependencies?.pkpMacroUtils ||
+                    new pkp_macros_module_1.PKPMacroUtils(this.config.network, this.config.debug, {
+                        clientManager: this.clientManager,
+                        actionExecutor: this.actionExecutor,
+                        authManager: this.authManager,
+                        pkpMinter: this.pkpMinter,
+                        pkpAuthorizer: this.pkpAuthorizer,
+                    }, this.config.pkpImmutabilityVerificationDelayMs);
+        }
+        else {
+            // Service mode - create dummy PKPMacroUtils
+            this.pkpMacroUtils =
+                this.config.sharedDependencies?.pkpMacroUtils || {};
+        }
+        if (this.config.debug) {
+            console.log("🚀 LitOps initialized:");
+            console.log("   Mode:", this.config.mode);
+            if (this.config.mode === "standalone") {
+                console.log("   Network:", this.config.network);
+                console.log("   Signer:", this.config.signer?.address);
+            }
+            else {
+                console.log("   Service Endpoint:", this.config.serviceEndpoint);
+            }
+            console.log("   Debug:", this.config.debug);
+            console.log("   PKP Immutability Verification Delay:", `${this.config.pkpImmutabilityVerificationDelayMs}ms`);
+            console.log("   🔧 Shared Dependencies:", {
+                clientManager: !!this.config.sharedDependencies?.clientManager,
+                pkpManager: !!this.config.sharedDependencies?.pkpManager,
+                authManager: !!this.config.sharedDependencies?.authManager,
+                sessionManager: !!this.config.sharedDependencies?.sessionManager,
+                actionExecutor: !!this.config.sharedDependencies?.actionExecutor,
+                pkpSigner: !!this.config.sharedDependencies?.pkpSigner,
+                pkpMacroUtils: !!this.config.sharedDependencies?.pkpMacroUtils,
+                pkpMinter: !!this.config.sharedDependencies?.pkpMinter,
+                pkpAuthorizer: !!this.config.sharedDependencies?.pkpAuthorizer,
+            });
+        }
+    }
+    /**
+     * Create a new PKP
+     */
+    async createPKP(signer, litActionCid) {
+        const request = {
+            signer,
+            litActionCid,
+            metadata: {
+                createdAt: Date.now(),
+                mode: this.config.mode,
+            },
+        };
+        return this.pkpManager.createPKP(request);
+    }
+    /**
+     * Validate a PKP
+     */
+    async validatePKP(pkpId, signer) {
+        return this.pkpManager.validatePKP({
+            pkpId,
+            signer,
+        });
+    }
+    /**
+     * Burn a PKP
+     */
+    async burnPKP(pkpId, signer, reason) {
+        return this.pkpManager.burnPKP({
+            pkpId,
+            signer,
+            reason,
+        });
+    }
+    /**
+     * Execute a LIT Action from CID
+     */
+    async executeActionFromCID(cid, pkpPublicKey, params, signer) {
+        const litClient = await this.clientManager.getClient({
+            litNetwork: this.config.network,
+            debug: this.config.debug,
+        });
+        const request = {
+            cid,
+            pkpPublicKey,
+            params,
+            signer,
+        };
+        return this.actionExecutor.executeAction(request, litClient);
+    }
+    /**
+     * Execute a LIT Action from code
+     */
+    async executeActionFromCode(code, pkpPublicKey, params, signer) {
+        const litClient = await this.clientManager.getClient({
+            litNetwork: this.config.network,
+            debug: this.config.debug,
+        });
+        const request = {
+            code,
+            pkpPublicKey,
+            params,
+            signer,
+        };
+        return this.actionExecutor.executeAction(request, litClient);
+    }
+    /**
+     * Sign a message using PKP via LIT Action (Golden Implementation)
+     * This is the main PKP signing method that can create PKP if needed
+     *
+     * If pkpPublicKey is empty, it will:
+     * 1. Create a new PKP
+     * 2. Authorize the LIT Action
+     * 3. Burn the PKP for immutability
+     * 4. Sign the message
+     *
+     * If pkpPublicKey is provided, it will directly sign with existing PKP
+     */
+    async signMessageWithPKP(message, pkpPublicKey, litActionCid, signer, pkpEthAddress) {
+        if (this.config.debug) {
+            console.log("\n🔑 LitOps.signMessageWithPKP called");
+            console.log(`   Message: "${message}"`);
+            console.log(`   PKP Public Key: ${pkpPublicKey || "(will create new)"}`);
+            console.log(`   LIT Action CID: ${litActionCid}`);
+        }
+        // If no PKP public key provided, create PKP using our macro
+        if (!pkpPublicKey || pkpPublicKey.trim() === "") {
+            if (this.config.debug) {
+                console.log("   🏗️ No PKP provided - creating new PKP with full workflow");
+            }
+            // Create PKP with authorization and burn for immutability
+            const pkpResult = await this.pkpMacroUtils.quickCreatePkpAuthorizeDhActionAndBurn(signer, {
+                litActionCid: litActionCid,
+            });
+            if (this.config.debug) {
+                console.log(`   ✅ PKP Created: ${pkpResult.tokenId}`);
+                console.log(`   🔑 Public Key: ${pkpResult.publicKey}`);
+                console.log(`   🏠 Address: ${pkpResult.ethAddress}`);
+            }
+            // Now sign with the newly created PKP
+            pkpPublicKey = pkpResult.publicKey;
+            pkpEthAddress = pkpResult.ethAddress;
+        }
+        // Use the PKPSigner to sign the message
+        const request = {
+            message,
+            pkpPublicKey,
+            pkpEthAddress,
+            litActionCid,
+            signer,
+            network: this.config.network,
+            debug: this.config.debug,
+        };
+        return this.pkpSigner.signMessage(request);
+    }
+    /**
+     * Create PKP with full workflow (Create + Authorize + Burn)
+     * This method provides the complete PKP creation workflow suitable for production use.
+     * Returns all necessary data for subsequent signing operations.
+     *
+     * @param litActionCid - The LIT Action CID to authorize for this PKP
+     * @param signer - The wallet to use for PKP creation and transactions
+     * @returns Complete PKP data including tokenId, publicKey, ethAddress, etc.
+     */
+    async createProductionPKP(litActionCid, signer) {
+        if (this.config.debug) {
+            console.log("\n🏗️ LitOps.createProductionPKP called");
+            console.log(`   LIT Action CID: ${litActionCid}`);
+            console.log(`   Network: ${this.config.network}`);
+        }
+        // Create PKP with authorization and burn for immutability
+        const pkpResult = await this.pkpMacroUtils.quickCreatePkpAuthorizeDhActionAndBurn(signer, {
+            litActionCid: litActionCid,
+        });
+        if (this.config.debug) {
+            console.log("   ✅ Production PKP created successfully!");
+            console.log(`      Token ID: ${pkpResult.tokenId}`);
+            console.log(`      Public Key: ${pkpResult.publicKey}`);
+            console.log(`      ETH Address: ${pkpResult.ethAddress}`);
+            console.log(`      Authorized: ${pkpResult.isPermitted}`);
+            console.log(`      Immutable: ${pkpResult.burned}`);
+        }
+        return pkpResult;
+    }
+    /**
+     * Sign message with existing PKP data
+     * This method takes the result from createProductionPKP and signs a message.
+     * Perfect for two-step workflow: create PKP, then sign multiple messages.
+     *
+     * @param message - The message to sign
+     * @param pkpData - PKP data from createProductionPKP or compatible interface
+     * @param litActionCid - The LIT Action CID to use for signing
+     * @param signer - The wallet to use for session signatures
+     * @returns Signature result with verification data
+     */
+    async signWithExistingPKP(message, pkpData, litActionCid, signer) {
+        if (this.config.debug) {
+            console.log("\n🔐 LitOps.signWithExistingPKP called");
+            console.log(`   Message: "${message}"`);
+            console.log(`   PKP Address: ${pkpData.ethAddress}`);
+            console.log(`   LIT Action CID: ${litActionCid}`);
+            console.log(`   PKP has ${pkpData.permittedActions.length} authorized actions`);
+        }
+        // Verify PKP has authorized actions
+        if (pkpData.permittedActions.length === 0) {
+            throw new Error("PKP has no authorized actions - cannot sign messages");
+        }
+        if (this.config.debug) {
+            console.log(`   Using provided LIT Action: ${litActionCid}`);
+        }
+        // Use the existing PKPSigner with the provided PKP data
+        const request = {
+            message,
+            pkpPublicKey: pkpData.publicKey,
+            pkpEthAddress: pkpData.ethAddress,
+            litActionCid,
+            signer,
+            network: this.config.network,
+            debug: this.config.debug,
+        };
+        return this.pkpSigner.signMessage(request);
+    }
+    /**
+     * Get configuration
+     */
+    getConfig() {
+        return { ...this.config };
+    }
+    /**
+     * Get client status
+     */
+    getStatus() {
+        return {
+            config: this.getConfig(),
+            client: this.clientManager.getStats(),
+        };
+    }
+    /**
+     * Validate PKP Security via LIT Action
+     *
+     * This method executes the pkp-validator LIT Action to validate that a PKP is:
+     * - Created (exists on-chain)
+     * - Immutable (transferred to burn address)
+     * - Has only one authorized action
+     * - Authorized for the expected CID
+     *
+     * @param targetPkpTokenId - The PKP token ID to validate
+     * @param expectedCid - The expected CID in hex format (0x...)
+     * @param signerPkp - The PKP to use for signing the LIT Action (should be PKP_VALIDATOR_PKP)
+     * @param signer - The wallet to use for session signatures
+     * @returns PKP validation result with signature verification
+     */
+    async validatePKPSecurity(targetPkpTokenId, expectedCid, signerPkp, signer) {
+        if (this.config.debug) {
+            console.log("\n🔍 LitOps.validatePKPSecurity");
+            console.log(`   Target PKP: ${targetPkpTokenId}`);
+            console.log(`   Expected CID (hex): ${expectedCid}`);
+            console.log(`   Signer PKP: ${signerPkp.tokenId}`);
+        }
+        try {
+            // Get the PKP validator CID
+            const pkpValidatorCid = dh_lit_actions_1.DH_LIT_ACTIONS.pkpValidator.cid;
+            if (this.config.debug) {
+                console.log(`   PKP Validator CID: ${pkpValidatorCid}`);
+            }
+            // Execute PKP Validator LIT Action
+            const litResult = await this.executeActionFromCID(pkpValidatorCid, signerPkp.publicKey, {
+                targetPkpTokenId,
+                expectedCid, // Expected to be in hex format
+                message: `PKP validation: ${Date.now()}`,
+            }, signer);
+            if (this.config.debug) {
+                console.log(`   LIT Action Success: ${litResult.success}`);
+                console.log(`   Response: ${litResult.response || "NONE"}`);
+                console.log(`   Error: ${litResult.error || "NONE"}`);
+            }
+            // Parse response and verify signature
+            if (litResult.success && litResult.response) {
+                try {
+                    // Handle response whether it's a string or object
+                    const responseData = typeof litResult.response === "string"
+                        ? JSON.parse(litResult.response)
+                        : litResult.response;
+                    // Verify signature if present
+                    let signatureValid = false;
+                    let pkpAddress = "";
+                    let recoveredAddress = "";
+                    if (litResult.signatures && litResult.signatures.pkpValidation) {
+                        if (this.config.debug) {
+                            console.log("   🔍 Verifying signature authenticity...");
+                        }
+                        try {
+                            // Compute PKP address from public key
+                            pkpAddress = ethers_1.ethers.utils.computeAddress(`0x${signerPkp.publicKey}`);
+                            // Recover address from signature - LIT Action signs the keccak256 hash
+                            const signedMessage = responseData.signedMessage;
+                            const signature = litResult.signatures.pkpValidation.signature;
+                            if (signedMessage && signature) {
+                                // The LIT Action signs the keccak256 hash, not a human-readable message
+                                const messageHash = ethers_1.ethers.utils.keccak256(ethers_1.ethers.utils.toUtf8Bytes(signedMessage));
+                                recoveredAddress = ethers_1.ethers.utils.recoverAddress(messageHash, signature);
+                                signatureValid =
+                                    pkpAddress.toLowerCase() === recoveredAddress.toLowerCase();
+                                if (this.config.debug) {
+                                    console.log(`   PKP Address: ${pkpAddress}`);
+                                    console.log(`   Recovered Address: ${recoveredAddress}`);
+                                    console.log(`   Signature: ${signature}`);
+                                    console.log(`   Signature Valid: ${signatureValid ? "✅" : "❌"}`);
+                                }
+                            }
+                            else {
+                                throw new Error("No signed message or signature found for verification");
+                            }
+                        }
+                        catch (verifyError) {
+                            if (this.config.debug) {
+                                console.log(`   ❌ Signature verification failed: ${verifyError}`);
+                            }
+                            throw new Error(`Signature verification failed: ${verifyError instanceof Error
+                                ? verifyError.message
+                                : verifyError}`);
+                        }
+                    }
+                    // Return parsed result
+                    return {
+                        success: responseData.success || false,
+                        signature: litResult.signatures?.pkpValidation?.signature,
+                        error: responseData.error,
+                        signatureValid,
+                        pkpAddress,
+                        recoveredAddress,
+                        validationResult: responseData.validated
+                            ? {
+                                exists: responseData.validated.exists || false,
+                                isImmutable: responseData.validated.immutable || false,
+                                hasOnlyOneAction: responseData.validated.singleAction || false,
+                                matchesExpectedCID: responseData.validated.correctCid || false,
+                                allValid: responseData.validated.exists &&
+                                    responseData.validated.immutable &&
+                                    responseData.validated.singleAction &&
+                                    responseData.validated.correctCid,
+                            }
+                            : undefined,
+                    };
+                }
+                catch (parseError) {
+                    if (this.config.debug) {
+                        console.log("   Error parsing response:", parseError);
+                        console.log("   Response type:", typeof litResult.response);
+                        console.log("   Response value:", litResult.response);
+                    }
+                    return {
+                        success: false,
+                        error: `Failed to parse LIT Action response: ${parseError}`,
+                        signatureValid: false,
+                    };
+                }
+            }
+            // LIT Action execution failed
+            return {
+                success: false,
+                error: litResult.error || "LIT Action execution failed",
+                signatureValid: false,
+            };
+        }
+        catch (error) {
+            if (this.config.debug) {
+                console.error("   ❌ PKP validation failed:", error);
+            }
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : "Unknown error",
+                signatureValid: false,
+            };
+        }
+    }
+    /**
+     * Ultimate PKP Macro: Create and Validate PKP to LIT Action
+     *
+     * This is the ultimate PKP security macro that combines:
+     * 1. PKP creation
+     * 2. LIT Action authorization
+     * 3. PKP immutability (burn to dead address)
+     * 4. PKP security validation via pkp-validator LIT Action
+     *
+     * Returns complete PKP data and cryptographic proof of security.
+     *
+     * @param litActionCid - The LIT Action CID to authorize for this PKP
+     * @param signer - Optional signer (required for standalone mode, not used in service mode)
+     * @returns Complete PKP creation and validation result with audit trail
+     */
+    async createAndValidatePkpToLitAction(litActionCid, signer) {
+        const startTime = Date.now();
+        const auditSteps = [];
+        if (this.config.debug) {
+            console.log("\n🎯 LitOps.createAndValidatePkpToLitAction");
+            console.log("   ULTIMATE PKP SECURITY MACRO");
+            console.log(`   Target LIT Action CID: ${litActionCid}`);
+            console.log(`   Mode: ${this.config.mode}`);
+        }
+        // Service mode: Call the service endpoint directly
+        if (this.config.mode === "service") {
+            if (!this.config.serviceEndpoint) {
+                throw new Error("Service endpoint not configured for service mode");
+            }
+            if (this.config.debug) {
+                console.log(`   🌐 Service mode: calling ${this.config.serviceEndpoint}/api/lit/pkp/create-diamond-hands-loan`);
+            }
+            try {
+                const response = await fetch(`${this.config.serviceEndpoint}/api/lit/pkp/create-diamond-hands-loan`, {
+                    method: "POST",
+                    headers: {
+                        "Content-Type": "application/json",
+                    },
+                    body: JSON.stringify({
+                        litActionCid: litActionCid,
+                    }),
+                });
+                if (!response.ok) {
+                    throw new Error(`Service request failed: ${response.status} ${response.statusText}`);
+                }
+                const result = (await response.json());
+                const duration = Date.now() - startTime;
+                if (this.config.debug) {
+                    console.log("✅ Diamond Hands Loan PKP created via service!");
+                    console.log(`   Duration: ${duration}ms`);
+                }
+                return {
+                    success: result.success,
+                    timestamp: startTime,
+                    duration,
+                    targetCid: result.targetCid,
+                    pkpData: result.pkpData,
+                    validationResult: result.validationResult,
+                    auditTrail: result.auditTrail,
+                };
+            }
+            catch (error) {
+                const duration = Date.now() - startTime;
+                if (this.config.debug) {
+                    console.error("❌ Service request failed:", error);
+                }
+                return {
+                    success: false,
+                    error: error instanceof Error ? error.message : String(error),
+                    timestamp: startTime,
+                    duration,
+                    targetCid: litActionCid,
+                    pkpData: {},
+                    validationResult: {},
+                    auditTrail: {
+                        steps: [
+                            {
+                                step: 1,
+                                description: "Service request failed",
+                                timestamp: startTime,
+                                duration,
+                                success: false,
+                                data: {
+                                    error: error instanceof Error ? error.message : String(error),
+                                },
+                            },
+                        ],
+                        totalDuration: duration,
+                    },
+                };
+            }
+        }
+        // Standalone mode validation
+        if (this.config.mode === "standalone" && !signer) {
+            throw new Error("Signer is required for standalone mode");
+        }
+        try {
+            // Step 1: Create production PKP (create + authorize + burn)
+            const step1Start = Date.now();
+            if (this.config.debug) {
+                console.log("\n   Step 1: Creating production PKP...");
+            }
+            const pkpData = await this.createProductionPKP(litActionCid, signer);
+            const step1Duration = Date.now() - step1Start;
+            auditSteps.push({
+                step: 1,
+                description: "Create production PKP (create + authorize + burn)",
+                timestamp: step1Start,
+                duration: step1Duration,
+                success: true,
+                data: {
+                    tokenId: pkpData.tokenId,
+                    ethAddress: pkpData.ethAddress,
+                    isPermitted: pkpData.isPermitted,
+                    burned: pkpData.burned,
+                },
+            });
+            if (this.config.debug) {
+                console.log(`   ✅ Step 1 completed in ${step1Duration}ms`);
+                console.log(`      PKP ID: ${pkpData.tokenId}`);
+                console.log(`      PKP Address: ${pkpData.ethAddress}`);
+            }
+            // Add delay to prevent PKP immutability verification failures
+            // This allows burned PKP state to propagate across LIT Protocol network nodes
+            const immutabilityDelayMs = this.config.pkpImmutabilityVerificationDelayMs;
+            if (this.config.debug) {
+                console.log(`\n   ⏳ Waiting ${immutabilityDelayMs}ms for PKP immutability verification across network nodes...`);
+            }
+            await new Promise((resolve) => setTimeout(resolve, immutabilityDelayMs));
+            if (this.config.debug) {
+                console.log(`   ✅ Network propagation delay completed`);
+            }
+            // Step 2: Validate PKP security using pkp-validator LIT Action
+            const step2Start = Date.now();
+            if (this.config.debug) {
+                console.log("\n   Step 2: Validating PKP security...");
+            }
+            // Use the real PKP validator PKP from dh-lit-actions package
+            // Select the appropriate deployment based on network configuration
+            let validatorPkp;
+            // Determine network and select appropriate deployment based on LitOps config
+            const isTestNetwork = this.config.network === "datil-test" ||
+                process.env.LIT_NETWORK === "datil-test";
+            if (isTestNetwork) {
+                // Use test deployments first, then fallback to production
+                validatorPkp =
+                    dh_lit_actions_1.DATIL_TEST_DEPLOYMENTS.pkpValidator.pkp ||
+                        dh_lit_actions_1.DATIL_DEPLOYMENTS.pkpValidator.pkp;
+                if (this.config.debug) {
+                    console.log("   Using validator PKP for test environment (fallback to production if needed)");
+                }
+            }
+            else {
+                // Use production deployments
+                validatorPkp = dh_lit_actions_1.DATIL_DEPLOYMENTS.pkpValidator.pkp;
+                if (this.config.debug) {
+                    console.log("   Using production validator PKP");
+                }
+            }
+            if (!validatorPkp) {
+                throw new Error("PKP validator PKP not found in dh-lit-actions package");
+            }
+            let validationResult;
+            try {
+                // Convert IPFS CID to hex format for validation
+                const litActionCidHex = (0, dh_lit_actions_1.cidToHex)(litActionCid);
+                if (this.config.debug) {
+                    console.log(`      Converting CID: ${litActionCid} → ${litActionCidHex}`);
+                }
+                validationResult = await this.validatePKPSecurity(pkpData.tokenId, litActionCidHex, // Pass hex format CID
+                validatorPkp, signer);
+                // If validation fails, the ultimate macro should fail too
+                if (!validationResult.success) {
+                    throw new Error(`PKP validation failed: ${validationResult.error || "Unknown validation error"}`);
+                }
+            }
+            catch (validationError) {
+                // If validation throws an error, the ultimate macro should fail
+                throw new Error(`PKP validation error: ${validationError instanceof Error
+                    ? validationError.message
+                    : validationError}`);
+            }
+            const step2Duration = Date.now() - step2Start;
+            auditSteps.push({
+                step: 2,
+                description: "Validate PKP security via pkp-validator LIT Action",
+                timestamp: step2Start,
+                duration: step2Duration,
+                success: validationResult.success,
+                data: {
+                    signatureValid: validationResult.signatureValid,
+                    allValid: validationResult.validationResult?.allValid,
+                    signature: validationResult.signature,
+                },
+            });
+            if (this.config.debug) {
+                console.log(`   ✅ Step 2 completed in ${step2Duration}ms`);
+                console.log(`      Validation Success: ${validationResult.success}`);
+                console.log(`      Signature Valid: ${validationResult.signatureValid}`);
+            }
+            const totalDuration = Date.now() - startTime;
+            // Return comprehensive result
+            const result = {
+                success: true,
+                timestamp: startTime,
+                duration: totalDuration,
+                targetCid: litActionCid,
+                pkpData,
+                validationResult,
+                auditTrail: {
+                    steps: auditSteps,
+                    totalDuration,
+                },
+            };
+            if (this.config.debug) {
+                console.log(`\n🎉 Ultimate macro completed successfully in ${totalDuration}ms`);
+                console.log("   ✅ PKP created, authorized, and made immutable");
+                console.log("   ✅ PKP security validated with cryptographic proof");
+                console.log("   🔒 MAXIMUM SECURITY ACHIEVED!");
+            }
+            return result;
+        }
+        catch (error) {
+            const totalDuration = Date.now() - startTime;
+            const errorMessage = error instanceof Error ? error.message : "Unknown error";
+            auditSteps.push({
+                step: auditSteps.length + 1,
+                description: "Ultimate macro failed",
+                timestamp: Date.now(),
+                duration: 0,
+                success: false,
+                data: { error: errorMessage },
+            });
+            if (this.config.debug) {
+                console.error("   ❌ Ultimate macro failed:", error);
+            }
+            return {
+                success: false,
+                error: errorMessage,
+                timestamp: startTime,
+                duration: totalDuration,
+                targetCid: litActionCid,
+                pkpData: {}, // Empty PKP data on failure
+                validationResult: {
+                    success: false,
+                    error: errorMessage,
+                    signatureValid: false,
+                },
+                auditTrail: {
+                    steps: auditSteps,
+                    totalDuration,
+                },
+            };
+        }
+    }
+    /**
+     * Production method: Create a new Diamond Hands Loan PKP
+     *
+     * This is the main method that will be called in production.
+     * Creates a new PKP specifically for Diamond Hands loans, using the
+     * authorization dummy CID from dh-lit-actions package.
+     *
+     * @param signer - Optional signer (required for standalone mode, not used in service mode)
+     * @returns Complete PKP creation and validation result
+     */
+    async getNewDiamondHandsLoanPkp(signer) {
+        if (this.config.debug) {
+            console.log("🎯 Creating new Diamond Hands Loan PKP");
+            console.log(`   Using authorization CID: ${dh_lit_actions_1.AUTHORIZATION_DUMMY_CID}`);
+            console.log(`   Mode: ${this.config.mode}`);
+        }
+        // In standalone mode, use provided signer or config signer
+        // In service mode, signer is not needed (service handles it)
+        const effectiveSigner = this.config.mode === "service" ? undefined : signer || this.config.signer;
+        if (this.config.mode === "standalone" && !effectiveSigner) {
+            throw new Error("Signer is required for standalone mode");
+        }
+        return this.createAndValidatePkpToLitAction(dh_lit_actions_1.AUTHORIZATION_DUMMY_CID, effectiveSigner);
+    }
+    /**
+     * Cleanup - disconnect all clients
+     */
+    async disconnect() {
+        await this.clientManager.disconnectAll();
+        if (this.config.debug) {
+            console.log("🔌 LitOps disconnected");
+        }
+    }
+}
+exports.LitOps = LitOps;
+//# sourceMappingURL=lit-ops.module.js.map