@gvnrdao/dh-lit-ops 0.0.1

package/dist/modules/pkp-macros.module.js

@@ -0,0 +1,656 @@
+"use strict";
+/**
+ * PKP Macros - High-Level PKP Operations
+ *
+ * Provides simple macro functions for common PKP workflows:
+ * 1. Create PKP + Authorize + Burn (Test Workflow)
+ * 2. Create PKP + Authorize (Production Workflow)
+ * 3. Individual operations with smart defaults
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PKPMacroUtils = exports.PKPMacros = exports.DEFAULT_RPC_ENDPOINT = exports.DEFAULT_PKP_NFT_CONTRACT = exports.AUTHORIZATION_DUMMY_CID = void 0;
+const dh_lit_actions_1 = require("@gvnrdao/dh-lit-actions");
+const ethers_1 = require("ethers");
+const action_executor_module_1 = require("./action-executor.module");
+const client_manager_module_1 = require("./client-manager.module");
+const pkp_authorizer_module_1 = require("./pkp-authorizer.module");
+const pkp_minter_module_1 = require("./pkp-minter.module");
+// Import the working CID from lit-actions package
+exports.AUTHORIZATION_DUMMY_CID = dh_lit_actions_1.DH_LIT_ACTIONS.authorizationDummy.cid;
+// Default PKP NFT contract (datil-test)
+exports.DEFAULT_PKP_NFT_CONTRACT = "0x6a0f439f064B7167A8Ea6B22AcC07ae5360ee0d1";
+// Default RPC endpoint
+exports.DEFAULT_RPC_ENDPOINT = "https://yellowstone-rpc.litprotocol.com";
+class PKPMacros {
+    constructor(config, sharedDependencies) {
+        // Require network to be explicitly specified - no default to prevent multi-instance issues
+        if (!config.network) {
+            throw new Error("Network must be specified in PKPMacroConfig - no default network allowed");
+        }
+        this.config = {
+            pkpNftContract: exports.DEFAULT_PKP_NFT_CONTRACT,
+            debug: false,
+            ...config,
+        };
+        this.provider = new ethers_1.ethers.providers.JsonRpcProvider(exports.DEFAULT_RPC_ENDPOINT);
+        // Use shared client manager if provided, otherwise create new one
+        this.clientManager =
+            sharedDependencies?.clientManager ||
+                new client_manager_module_1.LitClientManager({
+                    litNetwork: config.network,
+                    debug: config.debug || false,
+                    alertWhenUnauthorized: false,
+                    minNodeCount: 2,
+                });
+        // Ensure all dependencies exist - create if not provided via shared dependencies
+        this.pkpMinter =
+            sharedDependencies?.pkpMinter ||
+                new pkp_minter_module_1.PKPMinter({
+                    signer: this.config.signer,
+                    network: this.config.network,
+                    debug: this.config.debug,
+                    clientManager: this.clientManager,
+                });
+        this.pkpAuthorizer =
+            sharedDependencies?.pkpAuthorizer ||
+                new pkp_authorizer_module_1.PKPAuthorizer({
+                    signer: this.config.signer,
+                    network: this.config.network,
+                    debug: this.config.debug,
+                    clientManager: this.clientManager,
+                });
+        this.actionExecutor =
+            sharedDependencies?.actionExecutor ||
+                new action_executor_module_1.LitActionExecutor("standalone", this.config.debug, sharedDependencies?.authManager);
+        this.authManager = sharedDependencies?.authManager;
+        if (config.debug) {
+            console.log("🔧 PKPMacros initialized with shared dependencies:", {
+                clientManager: !!sharedDependencies?.clientManager,
+                pkpMinter: !!sharedDependencies?.pkpMinter,
+                pkpAuthorizer: !!sharedDependencies?.pkpAuthorizer,
+                actionExecutor: !!sharedDependencies?.actionExecutor,
+                authManager: !!sharedDependencies?.authManager,
+            });
+        }
+    }
+    /**
+     * MACRO 1: Complete PKP Test Workflow
+     * Creates PKP -> Authorizes dummy action -> Burns PKP
+     * Perfect for testing and validation
+     */
+    async createAuthorizeAndBurn(litActionCid) {
+        const startTime = Date.now();
+        const cid = litActionCid || exports.AUTHORIZATION_DUMMY_CID;
+        if (this.config.debug) {
+            console.log("\n🚀 MACRO: Create + Authorize + Burn PKP");
+            console.log("=========================================");
+            console.log(`   Network: ${this.config.network}`);
+            console.log(`   LIT Action CID: ${cid}`);
+            console.log(`   Signer: ${this.config.signer.address}`);
+        }
+        try {
+            // Step 1: Create PKP
+            if (this.config.debug) {
+                console.log("\n⚡ Step 1: Creating PKP...");
+            }
+            const minter = this.pkpMinter;
+            const pkpResult = await minter.mintAndVerifyPKP(this.config.pkpNftContract, this.provider);
+            if (this.config.debug) {
+                console.log(`   ✅ PKP Created: ${pkpResult.tokenId}`);
+                console.log(`   📍 Address: ${pkpResult.ethAddress}`);
+            }
+            // Step 2: Authorize LIT Action
+            if (this.config.debug) {
+                console.log("\n⚡ Step 2: Authorizing LIT Action...");
+            }
+            const authorizer = this.pkpAuthorizer;
+            const authResult = await authorizer.authorizeAndVerify(pkpResult.tokenId, cid);
+            if (this.config.debug) {
+                console.log(`   ✅ Authorization Complete: ${authResult.isPermitted}`);
+                console.log(`   📋 Permitted Actions: ${authResult.permittedActions.length}`);
+            }
+            // Step 3: Burn PKP
+            if (this.config.debug) {
+                console.log("\n⚡ Step 3: Burning PKP...");
+            }
+            const burnResult = await this.burnPKP(pkpResult.tokenId);
+            if (this.config.debug) {
+                console.log(`   ✅ PKP Burned: ${burnResult.burned}`);
+                const duration = Date.now() - startTime;
+                console.log(`\n🎯 COMPLETE WORKFLOW FINISHED in ${duration}ms`);
+                console.log("   ✅ Create PKP");
+                console.log("   ✅ Authorize LIT Action");
+                console.log("   ✅ Burn PKP");
+                console.log("   🔥 PKP lifecycle completed successfully!");
+            }
+            return {
+                // PKP Creation
+                tokenId: pkpResult.tokenId,
+                publicKey: pkpResult.publicKey,
+                ethAddress: pkpResult.ethAddress,
+                mintTransactionHash: pkpResult.transactionHash,
+                verified: pkpResult.verified,
+                owner: pkpResult.owner,
+                // Authorization
+                authTransactionHash: authResult.transactionHash,
+                isPermitted: authResult.isPermitted,
+                permittedActions: authResult.permittedActions,
+                // Burn
+                burnTransactionHash: burnResult.transactionHash,
+                burned: burnResult.burned,
+                // Metadata
+                workflow: "create-authorize-burn",
+                timestamp: startTime,
+                duration: Date.now() - startTime,
+            };
+        }
+        catch (error) {
+            if (this.config.debug) {
+                console.error("❌ MACRO FAILED:", error);
+            }
+            throw error;
+        }
+    }
+    /**
+     * MACRO 2: Create, Authorize, and Burn PKP (Production Workflow)
+     * Creates PKP -> Authorizes Diamond Hands action -> Burns PKP for immutability
+     * This makes the PKP production-ready: only the authorized LIT action can sign
+     */
+    async createAuthorizeDhActionAndBurn(litActionCid) {
+        const startTime = Date.now();
+        const cid = litActionCid || exports.AUTHORIZATION_DUMMY_CID;
+        if (this.config.debug) {
+            console.log("\n🚀 MACRO: Create + Authorize + Burn PKP (Production Ready)");
+            console.log("=========================================================");
+            console.log(`   Network: ${this.config.network}`);
+            console.log(`   Diamond Hands Action CID: ${cid}`);
+            console.log(`   Signer: ${this.config.signer.address}`);
+            console.log("   🔒 Burn = Production Security (makes PKP immutable)");
+        }
+        try {
+            // Step 1: Create PKP
+            if (this.config.debug) {
+                console.log("\n⚡ Step 1: Creating PKP...");
+            }
+            const minter = this.pkpMinter;
+            const pkpResult = await minter.mintAndVerifyPKP(this.config.pkpNftContract, this.provider);
+            if (this.config.debug) {
+                console.log(`   ✅ PKP Created: ${pkpResult.tokenId}`);
+                console.log(`   📍 Address: ${pkpResult.ethAddress}`);
+            }
+            // Step 2: Authorize Diamond Hands LIT Action
+            if (this.config.debug) {
+                console.log("\n⚡ Step 2: Authorizing Diamond Hands Action...");
+            }
+            const authorizer = this.pkpAuthorizer;
+            const authResult = await authorizer.authorizeAndVerify(pkpResult.tokenId, cid);
+            if (this.config.debug) {
+                console.log(`   ✅ Authorization Complete: ${authResult.isPermitted}`);
+                console.log(`   📋 Permitted Actions: ${authResult.permittedActions.length}`);
+            }
+            // Step 3: Make PKP Immutable (Transfer to Burn Address)
+            if (this.config.debug) {
+                console.log("\n⚡ Step 3: Making PKP Immutable (Transfer to Burn Address)...");
+                console.log("   🔒 This makes the PKP immutable and production-ready");
+                console.log("   🔒 Only the authorized LIT action can sign");
+                console.log("   🔒 Creator can no longer modify or add signers");
+                console.log("   🎯 PKP will exist on-chain but be permanently locked");
+            }
+            const burnResult = await this.burnPKP(pkpResult.tokenId);
+            // Step 4: Wait for network propagation before verification
+            if (this.config.debug) {
+                console.log("\n⚡ Step 4: Waiting for network propagation before verification...");
+                console.log(`   ⏳ Delay: ${this.config.pkpImmutabilityVerificationDelayMs || 5000}ms`);
+            }
+            await new Promise((resolve) => setTimeout(resolve, this.config.pkpImmutabilityVerificationDelayMs || 5000));
+            // Step 5: VERIFY the PKP is immutable (transferred to burn address)
+            if (this.config.debug) {
+                console.log("\n⚡ Step 5: VERIFYING PKP is actually immutable...");
+            }
+            const burnVerified = await this.verifyPKPBurned(pkpResult.tokenId);
+            if (!burnVerified) {
+                throw new Error(`IMMUTABILITY VERIFICATION FAILED: PKP ${pkpResult.tokenId} is not immutable!`);
+            }
+            if (this.config.debug) {
+                console.log(`   ✅ PKP IMMUTABILITY VERIFIED: ${burnResult.burned} (on-chain confirmed)`);
+                const duration = Date.now() - startTime;
+                console.log(`\n🎯 PRODUCTION WORKFLOW FINISHED in ${duration}ms`);
+                console.log("   ✅ Create PKP");
+                console.log("   ✅ Authorize Diamond Hands Action");
+                console.log("   ✅ Make PKP Immutable (Transfer to Burn Address)");
+                console.log("   ✅ VERIFY PKP Immutability (On-chain Confirmation)");
+                console.log(`   🔒 PKP ${pkpResult.tokenId} is now PRODUCTION READY and IMMUTABLE!`);
+                console.log("   🎯 PKP exists on-chain and can be validated by address");
+                console.log("   📝 Ready to be added to smart contract for validation");
+            }
+            return {
+                // PKP Creation
+                tokenId: pkpResult.tokenId,
+                publicKey: pkpResult.publicKey,
+                ethAddress: pkpResult.ethAddress,
+                mintTransactionHash: pkpResult.transactionHash,
+                verified: pkpResult.verified,
+                owner: pkpResult.owner,
+                // Authorization
+                authTransactionHash: authResult.transactionHash,
+                isPermitted: authResult.isPermitted,
+                permittedActions: authResult.permittedActions,
+                // Production Security Burn
+                burnTransactionHash: burnResult.transactionHash,
+                burned: burnResult.burned,
+                // Metadata
+                workflow: "create-authorize-burn",
+                timestamp: startTime,
+                duration: Date.now() - startTime,
+            };
+        }
+        catch (error) {
+            if (this.config.debug) {
+                console.error("❌ PRODUCTION MACRO FAILED:", error);
+            }
+            throw error;
+        }
+    }
+    /**
+     * MACRO 3: Quick PKP Creation
+     * Just creates a PKP with verification
+     */
+    async quickCreatePKP() {
+        if (this.config.debug) {
+            console.log("\n⚡ MACRO: Quick Create PKP");
+        }
+        const minter = this.pkpMinter;
+        const result = await minter.mintAndVerifyPKP(this.config.pkpNftContract, this.provider);
+        if (this.config.debug) {
+            console.log(`   ✅ Quick PKP Created: ${result.tokenId}`);
+        }
+        return result;
+    }
+    /**
+     * MACRO 4: Quick Authorization
+     * Just authorizes a LIT Action for an existing PKP
+     */
+    async quickAuthorize(tokenId, litActionCid) {
+        const cid = litActionCid || exports.AUTHORIZATION_DUMMY_CID;
+        if (this.config.debug) {
+            console.log(`\n⚡ MACRO: Quick Authorize PKP ${tokenId}`);
+        }
+        const authorizer = this.pkpAuthorizer;
+        const result = await authorizer.authorizeAndVerify(tokenId, cid);
+        if (this.config.debug) {
+            console.log(`   ✅ Quick Authorization: ${result.isPermitted}`);
+        }
+        return result;
+    }
+    /**
+     * MACRO 5: PKP Immutability via Transfer
+     * Makes PKP immutable by transferring to burn address (instead of burning)
+     * This achieves the same security goal: PKP exists but cannot be modified
+     */
+    async burnPKP(tokenId) {
+        if (this.config.debug) {
+            console.log(`\n� MACRO: Making PKP Immutable ${tokenId}`);
+            console.log("   🔒 TRANSFER TO BURN ADDRESS - PKP exists but locked forever");
+            console.log("   🎯 This achieves same security as burn: PKP cannot be modified");
+        }
+        try {
+            // Initialize contracts for transfer operation (OPTIMIZED)
+            const contractClient = await this.clientManager.getContracts(this.config.signer, {
+                litNetwork: this.config.network,
+                debug: this.config.debug,
+            });
+            // Use the PKP NFT contract for transfer
+            const pkpNftContract = contractClient.pkpNftContract.write;
+            // Get current owner
+            const currentOwner = await pkpNftContract.ownerOf(tokenId);
+            // Burn address - no one can control this address
+            const BURN_ADDRESS = "0x000000000000000000000000000000000000dEaD";
+            if (this.config.debug) {
+                console.log(`   📍 Current owner: ${currentOwner}`);
+                console.log(`   🎯 Transferring to burn address: ${BURN_ADDRESS}`);
+                console.log("   🔒 After transfer, PKP will be immutable forever");
+            }
+            // Transfer PKP to burn address (makes it immutable)
+            const transferTransaction = await pkpNftContract.transferFrom(currentOwner, BURN_ADDRESS, tokenId);
+            if (this.config.debug) {
+                console.log(`   📤 Transfer transaction sent: ${transferTransaction.hash}`);
+                console.log("   ⏳ Waiting for transaction confirmation...");
+            }
+            // Wait for confirmation
+            const receipt = await transferTransaction.wait();
+            // Verify the transfer worked
+            const newOwner = await pkpNftContract.ownerOf(tokenId);
+            const isImmutable = newOwner.toLowerCase() === BURN_ADDRESS.toLowerCase();
+            if (this.config.debug) {
+                console.log(`   ✅ PKP NOW IMMUTABLE: ${tokenId}`);
+                console.log(`   🔒 New owner: ${newOwner}`);
+                console.log(`   🎯 Is immutable: ${isImmutable}`);
+                console.log(`   � Transaction confirmed: ${transferTransaction.hash}`);
+                console.log(`   ⛽ Gas used: ${receipt.gasUsed.toString()}`);
+                console.log("   🔒 PKP exists on-chain but can never be modified!");
+            }
+            return {
+                burned: isImmutable, // "burned" means immutable in our context
+                transactionHash: transferTransaction.hash,
+            };
+        }
+        catch (error) {
+            if (this.config.debug) {
+                console.error(`   ❌ Transfer to burn address failed: ${error}`);
+            }
+            throw new Error(`Failed to make PKP immutable ${tokenId}: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+    /**
+     * UTILITY: Get PKP information and verify if it exists
+     */
+    async getPKPInfo(tokenId) {
+        const PKP_NFT_ABI = [
+            "function ownerOf(uint256 tokenId) view returns (address owner)",
+            "function exists(uint256 tokenId) view returns (bool)",
+        ];
+        // Get contract address dynamically from the LIT SDK
+        const contractClient = await this.clientManager.getContracts(this.config.signer, {
+            litNetwork: this.config.network,
+            debug: this.config.debug,
+        });
+        // Use the correct contract address for the current network
+        const pkpNftContractAddress = contractClient.pkpNftContract.read.address;
+        const contract = new ethers_1.ethers.Contract(pkpNftContractAddress, PKP_NFT_ABI, this.provider);
+        try {
+            if (this.config.debug) {
+                console.log(`   🔍 Querying PKP info for token ${tokenId}`);
+                console.log(`   📋 Contract address: ${pkpNftContractAddress}`);
+                console.log(`   🌐 Network: ${this.config.network}`);
+            }
+            const owner = await contract.ownerOf(tokenId);
+            if (this.config.debug) {
+                console.log(`   ✅ PKP owner query successful: ${owner}`);
+            }
+            return {
+                tokenId,
+                owner,
+                exists: owner !== "0x0000000000000000000000000000000000000000",
+            };
+        }
+        catch (error) {
+            if (this.config.debug) {
+                console.log(`   ❌ PKP owner query failed: ${error.message}`);
+                console.log(`   📋 Error code: ${error.code}`);
+                console.log(`   📋 Error reason: ${error.reason}`);
+            }
+            // If error contains "invalid token ID" or "ERC721: owner query for nonexistent token"
+            // then the PKP has been burned or never existed
+            if (error.message?.includes("invalid token") ||
+                error.message?.includes("nonexistent token") ||
+                error.message?.includes("ERC721")) {
+                return {
+                    tokenId,
+                    owner: null,
+                    exists: false,
+                    burned: true, // PKP was burned
+                };
+            }
+            throw error;
+        }
+    }
+    /**
+     * UTILITY: Verify PKP is immutable (transferred to burn address)
+     */
+    async verifyPKPBurned(tokenId) {
+        try {
+            const info = await this.getPKPInfo(tokenId);
+            // For immutable PKPs, check if owner is burn address
+            const BURN_ADDRESS = "0x000000000000000000000000000000000000dEaD";
+            const isImmutable = info.exists &&
+                info.owner &&
+                info.owner.toLowerCase() === BURN_ADDRESS.toLowerCase();
+            if (this.config.debug) {
+                console.log(`   🔍 Immutability verification: ${isImmutable ? "CONFIRMED" : "FAILED"}`);
+                console.log(`   📋 PKP ${tokenId} exists: ${info.exists}`);
+                console.log(`   👤 Owner: ${info.owner}`);
+                console.log(`   🔒 Is owned by burn address: ${isImmutable}`);
+                console.log(`   🎯 PKP is ${isImmutable ? "IMMUTABLE" : "still modifiable"}`);
+            }
+            return isImmutable;
+        }
+        catch (error) {
+            if (this.config.debug) {
+                console.error(`   ❌ Immutability verification error: ${error}`);
+            }
+            // Don't hide errors - let caller handle them
+            throw new Error(`Failed to verify PKP immutability for ${tokenId}: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+}
+exports.PKPMacros = PKPMacros;
+/**
+ * PKP Macro Utils - Proper Instantiated Class with Shared Dependencies
+ * No more instantiating new dependencies every function call!
+ */
+class PKPMacroUtils {
+    constructor(network, debug = false, sharedDependencies, pkpImmutabilityVerificationDelayMs = 5000) {
+        this.network = network;
+        this.debug = debug;
+        this.pkpImmutabilityVerificationDelayMs = pkpImmutabilityVerificationDelayMs;
+        // Use shared dependencies if provided, otherwise create new ones
+        this.clientManager =
+            sharedDependencies?.clientManager ||
+                new client_manager_module_1.LitClientManager({
+                    litNetwork: network,
+                    debug,
+                    alertWhenUnauthorized: false,
+                    minNodeCount: 2,
+                });
+        this.actionExecutor =
+            sharedDependencies?.actionExecutor ||
+                new action_executor_module_1.LitActionExecutor("standalone", debug, sharedDependencies?.authManager);
+        // Store shared PKPMinter if provided
+        this.pkpMinter = sharedDependencies?.pkpMinter;
+        // Store shared PKPAuthorizer if provided
+        this.pkpAuthorizer = sharedDependencies?.pkpAuthorizer;
+        if (debug) {
+            console.log("🔧 PKPMacroUtils initialized with shared dependencies");
+        }
+    }
+    /**
+     * Quick test workflow: Create + Authorize + Burn
+     */
+    async quickTestWorkflow(signer, options = {}) {
+        const macros = new PKPMacros({
+            signer,
+            network: this.network,
+            debug: this.debug,
+        }, {
+            clientManager: this.clientManager,
+            actionExecutor: this.actionExecutor,
+        });
+        return await macros.createAuthorizeAndBurn(options.litActionCid);
+    }
+    /**
+     * Quick production workflow: Create + Authorize + Burn (Production Ready)
+     */
+    async quickCreatePkpAuthorizeDhActionAndBurn(signer, options = {}) {
+        const macros = new PKPMacros({
+            signer,
+            network: this.network,
+            debug: this.debug,
+            pkpImmutabilityVerificationDelayMs: this.pkpImmutabilityVerificationDelayMs,
+        }, {
+            clientManager: this.clientManager,
+            actionExecutor: this.actionExecutor,
+        });
+        return await macros.createAuthorizeDhActionAndBurn(options.litActionCid);
+    }
+    /**
+     * Quick burn (cleanup utility)
+     */
+    static async quickBurn(signer, tokenId, options = {}) {
+        const macros = new PKPMacros({
+            signer,
+            network: options.network,
+            debug: options.debug,
+        });
+        return await macros.burnPKP(tokenId);
+    }
+    /**
+     * PKP Validator Macro - Validate PKP Security via LIT Action
+     *
+     * This is the optimized macro that validates a PKP is created, granted, and burned
+     * correctly against a specific CID by executing the pkp-validator LIT Action and
+     * verifying the signature returned.
+     *
+     * @param targetPkpTokenId - The PKP token ID to validate
+     * @param expectedCid - The expected CID in hex format that the PKP should be authorized for
+     * @param signer - The wallet to use for session signatures
+     * @param options - Configuration options
+     * @returns PKP validation result with signature verification
+     */
+    static async validatePKPSecurity(targetPkpTokenId, expectedCid, signer, options = {}) {
+        const debug = options.debug || false;
+        const network = options.network;
+        if (!network) {
+            throw new Error("Network must be specified - no default network allowed");
+        }
+        if (debug) {
+            console.log("\n🔍 PKP Security Validation Macro");
+            console.log(`   Target PKP: ${targetPkpTokenId}`);
+            console.log(`   Expected CID: ${expectedCid}`);
+            console.log(`   Network: ${network}`);
+        }
+        try {
+            // Initialize LitActionExecutor with configuration
+            const actionExecutor = new action_executor_module_1.LitActionExecutor("standalone", debug);
+            // Create a client manager for this static method
+            const clientManager = new client_manager_module_1.LitClientManager({
+                litNetwork: network,
+                debug: debug || false,
+                alertWhenUnauthorized: false,
+                minNodeCount: 2,
+            });
+            // Get LIT client
+            const litClient = await clientManager.getClient({
+                litNetwork: network,
+                debug: debug,
+            });
+            // Get PKP Validator CID and signer PKP
+            const pkpValidatorCid = dh_lit_actions_1.DH_LIT_ACTIONS.pkpValidator.cid;
+            const signerPkp = options.signerPkp || {
+                tokenId: "0x1234", // Default fallback
+                publicKey: "041a4c73c35215b50fb3708e4ad8cbd0ebf67231fb25e4e095f9f1dcb70f408ab24d28a8460ef436786e66c967d7ebf1d3f3e6441fd661afd9dc7d4f2c1d416f59",
+                ethAddress: "0x5449b0C085Fbd9D1A5F02d30b02aA042016A8756",
+            };
+            if (debug) {
+                console.log(`   PKP Validator CID: ${pkpValidatorCid}`);
+                console.log(`   Signer PKP: ${signerPkp.tokenId}`);
+            }
+            // Execute PKP Validator LIT Action
+            const litResult = await actionExecutor.executeAction({
+                cid: pkpValidatorCid,
+                pkpPublicKey: signerPkp.publicKey,
+                params: {
+                    targetPkpTokenId,
+                    expectedCid,
+                    message: `PKP validation via macro: ${Date.now()}`,
+                },
+                signer,
+            }, litClient);
+            if (debug) {
+                console.log(`   LIT Action Success: ${litResult.success}`);
+                console.log(`   Response: ${litResult.response || "NONE"}`);
+                console.log(`   Error: ${litResult.error || "NONE"}`);
+            }
+            // Parse response and verify signature
+            if (litResult.success && litResult.response) {
+                try {
+                    const responseData = JSON.parse(litResult.response);
+                    // Verify signature if present
+                    let signatureValid = false;
+                    let pkpAddress = "";
+                    let recoveredAddress = "";
+                    if (responseData.signature) {
+                        if (debug) {
+                            console.log("   🔍 Verifying signature authenticity...");
+                        }
+                        try {
+                            // Compute PKP address from public key
+                            pkpAddress = ethers_1.ethers.utils.computeAddress(`0x${signerPkp.publicKey}`);
+                            // Recover address from signature
+                            const signedMessage = responseData.signedMessage;
+                            if (signedMessage) {
+                                recoveredAddress = ethers_1.ethers.utils.verifyMessage(signedMessage, responseData.signature);
+                                signatureValid =
+                                    pkpAddress.toLowerCase() === recoveredAddress.toLowerCase();
+                                if (debug) {
+                                    console.log(`   PKP Address: ${pkpAddress}`);
+                                    console.log(`   Recovered Address: ${recoveredAddress}`);
+                                    console.log(`   Signature Valid: ${signatureValid ? "✅" : "❌"}`);
+                                }
+                            }
+                            else {
+                                throw new Error("No signed message found for verification");
+                            }
+                        }
+                        catch (verifyError) {
+                            if (debug) {
+                                console.log(`   ❌ Signature verification failed: ${verifyError}`);
+                            }
+                            throw new Error(`Signature verification failed: ${verifyError instanceof Error
+                                ? verifyError.message
+                                : verifyError}`);
+                        }
+                    }
+                    // Return parsed result
+                    return {
+                        success: responseData.success || false,
+                        signature: responseData.signature,
+                        error: responseData.error,
+                        signatureValid,
+                        pkpAddress,
+                        recoveredAddress,
+                        validationResult: responseData.validated
+                            ? {
+                                exists: responseData.validated.exists || false,
+                                isImmutable: responseData.validated.immutable || false,
+                                hasOnlyOneAction: responseData.validated.singleAction || false,
+                                matchesExpectedCID: responseData.validated.correctCid || false,
+                                allValid: responseData.validated.exists &&
+                                    responseData.validated.immutable &&
+                                    responseData.validated.singleAction &&
+                                    responseData.validated.correctCid,
+                            }
+                            : undefined,
+                    };
+                }
+                catch (parseError) {
+                    if (debug) {
+                        console.log("   Response is not JSON, treating as execution error");
+                    }
+                    return {
+                        success: false,
+                        error: "Failed to parse LIT Action response",
+                        signatureValid: false,
+                    };
+                }
+            }
+            // LIT Action execution failed
+            return {
+                success: false,
+                error: litResult.error || "LIT Action execution failed",
+                signatureValid: false,
+            };
+        }
+        catch (error) {
+            if (debug) {
+                console.error("   ❌ PKP validation macro failed:", error);
+            }
+            return {
+                success: false,
+                error: error instanceof Error ? error.message : "Unknown error",
+                signatureValid: false,
+            };
+        }
+    }
+}
+exports.PKPMacroUtils = PKPMacroUtils;
+//# sourceMappingURL=pkp-macros.module.js.map