@hsuite/smart-engines-sdk 3.0.0

package/dist/nestjs/index.js

@@ -0,0 +1,3338 @@
+'use strict';
+
+var common = require('@nestjs/common');
+var zod = require('zod');
+
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __decorateClass = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (decorator(result)) || result;
+  return result;
+};
+var __decorateParam = (index, decorator) => (target, key) => decorator(target, key, index);
+var ChainTypeSchema = zod.z.enum([
+  "hedera",
+  "xrpl",
+  "polkadot",
+  "solana",
+  "stellar",
+  "ethereum",
+  "polygon",
+  "bitcoin",
+  "cardano"
+]);
+var NetworkTypeSchema = zod.z.enum(["mainnet", "testnet", "devnet", "local"]);
+zod.z.object({
+  chain: ChainTypeSchema,
+  network: NetworkTypeSchema,
+  nativeCurrency: zod.z.object({
+    name: zod.z.string(),
+    symbol: zod.z.string(),
+    decimals: zod.z.number().int().min(0)
+  }),
+  blockTime: zod.z.number().optional(),
+  rpcEndpoint: zod.z.string().url().optional()
+});
+var NetworkMembershipTypeSchema = zod.z.enum(["validator", "host", "gateway"]);
+var MembershipStatusSchema = zod.z.enum(["pending", "active", "exiting", "exited", "banned"]);
+zod.z.object({
+  nodeId: zod.z.string().min(1),
+  networkType: NetworkMembershipTypeSchema,
+  chain: zod.z.enum(["hedera", "xrpl", "polkadot", "solana"]),
+  endpoint: zod.z.string().url(),
+  publicKey: zod.z.string().min(1),
+  joinedAt: zod.z.string().datetime(),
+  depositTxId: zod.z.string().min(1),
+  status: MembershipStatusSchema,
+  networkConfig: zod.z.record(zod.z.unknown()).optional()
+});
+var NetworkDepositRequirementsSchema = zod.z.object({
+  depositAmount: zod.z.string().min(1),
+  lockDurationDays: zod.z.number().int().positive(),
+  renewalWindowDays: zod.z.number().int().positive().optional()
+});
+zod.z.object({
+  validator: NetworkDepositRequirementsSchema,
+  host: NetworkDepositRequirementsSchema,
+  gateway: NetworkDepositRequirementsSchema
+});
+var TokenCapabilitiesSchema = zod.z.object({
+  /**
+   * Pause all token operations globally
+   * - Hedera: Adds pauseKey to token
+   * - XRPL: Enables GlobalFreeze flag on issuer account
+   */
+  pausable: zod.z.boolean().default(false),
+  /**
+   * Freeze/restrict specific accounts from transacting
+   * - Hedera: Adds freezeKey to token
+   * - XRPL: Enables trust line freeze capability
+   */
+  restrictable: zod.z.boolean().default(false),
+  /**
+   * KYC/compliance controls for accounts
+   * - Hedera: Adds kycKey to token
+   * - XRPL: Requires authorized trust lines (RequireAuth)
+   */
+  compliant: zod.z.boolean().default(false),
+  /**
+   * Force remove tokens from accounts (compliance wipe)
+   * - Hedera: Adds wipeKey to token
+   * - XRPL: Enables clawback (lsfAllowTrustLineClawback)
+   */
+  wipeable: zod.z.boolean().default(false),
+  /**
+   * Mint additional supply after creation
+   * - Hedera: Adds supplyKey to token
+   * - XRPL: Issuer can always issue more via Payment
+   */
+  mintable: zod.z.boolean().default(true),
+  /**
+   * Burn tokens (reduce supply)
+   * - Hedera: Requires supplyKey
+   * - XRPL: Send back to issuer (reduces supply)
+   */
+  burnable: zod.z.boolean().default(true),
+  /**
+   * Allow transfers between accounts
+   * - All chains: Generally always supported
+   */
+  transferable: zod.z.boolean().default(true)
+});
+var AccountIdSchema = zod.z.string().min(1);
+zod.z.object({
+  accountId: AccountIdSchema,
+  balance: zod.z.string(),
+  // String to handle large numbers and decimals
+  chain: ChainTypeSchema,
+  publicKey: zod.z.string().optional(),
+  metadata: zod.z.record(zod.z.any()).optional(),
+  createdAt: zod.z.date().optional(),
+  updatedAt: zod.z.date().optional()
+});
+zod.z.object({
+  accountId: AccountIdSchema,
+  chain: ChainTypeSchema,
+  nativeBalance: zod.z.string(),
+  tokens: zod.z.array(
+    zod.z.object({
+      tokenId: zod.z.string(),
+      balance: zod.z.string(),
+      decimals: zod.z.number().int().min(0),
+      symbol: zod.z.string().optional()
+    })
+  ).optional(),
+  timestamp: zod.z.date()
+});
+var SecurityModeSchema = zod.z.enum(["none", "partial", "full"]);
+var sovereigntyRefinePredicate = (v) => {
+  if (v.securityMode === "partial") {
+    return !!v.entityId && !!v.appOwnerPublicKey;
+  }
+  if (v.securityMode === "full") {
+    return !!v.entityId;
+  }
+  return true;
+};
+var SOVEREIGNTY_REFINE_MESSAGE = "securityMode='partial' requires entityId+appOwnerPublicKey; 'full' requires entityId";
+var SovereigntyFieldsRawSchema = zod.z.object({
+  securityMode: SecurityModeSchema.default("none"),
+  entityId: zod.z.string().optional(),
+  appOwnerPublicKey: zod.z.string().optional()
+});
+SovereigntyFieldsRawSchema.refine(sovereigntyRefinePredicate, { message: SOVEREIGNTY_REFINE_MESSAGE });
+var HederaKeyShapeSchema = zod.z.lazy(
+  () => zod.z.union([
+    zod.z.object({ type: zod.z.literal("ed25519"), key: zod.z.string() }),
+    zod.z.object({
+      type: zod.z.literal("keyList"),
+      threshold: zod.z.number().int().nonnegative(),
+      keys: zod.z.array(HederaKeyShapeSchema)
+    })
+  ])
+);
+var HederaAuthorizationSetShapeSchema = zod.z.object({
+  chain: zod.z.literal("hedera"),
+  adminKey: HederaKeyShapeSchema,
+  supplyKey: HederaKeyShapeSchema.optional(),
+  freezeKey: HederaKeyShapeSchema.optional(),
+  wipeKey: HederaKeyShapeSchema.optional(),
+  pauseKey: HederaKeyShapeSchema.optional(),
+  kycKey: HederaKeyShapeSchema.optional()
+});
+var XrplAuthorizationSetShapeSchema = zod.z.object({
+  chain: zod.z.literal("xrpl"),
+  signerEntries: zod.z.array(
+    zod.z.object({
+      account: zod.z.string(),
+      weight: zod.z.number().int().nonnegative()
+    })
+  ),
+  signerQuorum: zod.z.number().int().nonnegative(),
+  masterDisabled: zod.z.boolean()
+});
+var StellarAuthorizationSetShapeSchema = zod.z.object({
+  chain: zod.z.literal("stellar"),
+  signers: zod.z.array(
+    zod.z.object({
+      key: zod.z.string(),
+      weight: zod.z.number().int().nonnegative()
+    })
+  ),
+  thresholds: zod.z.object({
+    low: zod.z.number().int().nonnegative(),
+    med: zod.z.number().int().nonnegative(),
+    high: zod.z.number().int().nonnegative()
+  }),
+  masterWeight: zod.z.number().int().nonnegative()
+});
+var PolkadotSignatoryShapeSchema = zod.z.lazy(
+  () => zod.z.union([
+    zod.z.object({ type: zod.z.literal("account"), address: zod.z.string() }),
+    zod.z.object({
+      type: zod.z.literal("multisig"),
+      address: zod.z.string(),
+      threshold: zod.z.number().int().positive(),
+      signatories: zod.z.array(PolkadotSignatoryShapeSchema)
+    })
+  ])
+);
+var PolkadotAuthorizationSetShapeSchema = zod.z.object({
+  chain: zod.z.literal("polkadot"),
+  address: zod.z.string(),
+  signatory: PolkadotSignatoryShapeSchema,
+  ss58Format: zod.z.number().int().nonnegative()
+});
+var PreparedTransactionAuthorizationSetSchema = zod.z.discriminatedUnion("chain", [
+  HederaAuthorizationSetShapeSchema,
+  XrplAuthorizationSetShapeSchema,
+  StellarAuthorizationSetShapeSchema,
+  PolkadotAuthorizationSetShapeSchema
+]);
+var PreparedTransactionSovereigntySchema = zod.z.discriminatedUnion("mode", [
+  zod.z.object({ mode: zod.z.literal("none") }),
+  zod.z.object({
+    mode: zod.z.literal("partial"),
+    entityId: zod.z.string(),
+    validatorPublicKeys: zod.z.array(zod.z.string()),
+    authorizationSet: PreparedTransactionAuthorizationSetSchema.optional()
+  }),
+  zod.z.object({
+    mode: zod.z.literal("full"),
+    entityId: zod.z.string(),
+    validatorPublicKeys: zod.z.array(zod.z.string()),
+    authorizationSet: PreparedTransactionAuthorizationSetSchema.optional()
+  })
+]);
+var TransactionStatusSchema = zod.z.enum(["pending", "success", "failed", "expired"]);
+var TransactionTypeSchema = zod.z.enum([
+  "transfer",
+  "token_transfer",
+  "account_create",
+  "token_create",
+  "token_mint",
+  "token_burn",
+  "contract_call",
+  "contract_create",
+  "topic_message",
+  "other"
+]);
+zod.z.object({
+  id: zod.z.string(),
+  chain: ChainTypeSchema,
+  type: TransactionTypeSchema,
+  status: TransactionStatusSchema,
+  timestamp: zod.z.date(),
+  from: AccountIdSchema,
+  to: AccountIdSchema.optional(),
+  amount: zod.z.string().optional(),
+  fee: zod.z.string(),
+  memo: zod.z.string().optional(),
+  metadata: zod.z.record(zod.z.any()).optional()
+});
+zod.z.object({
+  transactionId: zod.z.string(),
+  chain: ChainTypeSchema,
+  status: TransactionStatusSchema,
+  blockNumber: zod.z.number().optional(),
+  blockHash: zod.z.string().optional(),
+  timestamp: zod.z.date(),
+  gasUsed: zod.z.string().optional(),
+  effectiveFee: zod.z.string(),
+  logs: zod.z.array(zod.z.any()).optional(),
+  metadata: zod.z.record(zod.z.any()).optional()
+});
+var TokenTypeSchema = zod.z.enum(["fungible", "nft", "semi_fungible"]);
+var TokenSchema = zod.z.object({
+  tokenId: zod.z.string(),
+  chain: ChainTypeSchema,
+  name: zod.z.string(),
+  symbol: zod.z.string(),
+  decimals: zod.z.number().int().min(0),
+  totalSupply: zod.z.string(),
+  type: TokenTypeSchema,
+  creator: AccountIdSchema.optional(),
+  metadata: zod.z.record(zod.z.any()).optional(),
+  createdAt: zod.z.date().optional()
+});
+zod.z.object({
+  name: zod.z.string(),
+  description: zod.z.string().optional(),
+  image: zod.z.string().url().optional(),
+  attributes: zod.z.array(
+    zod.z.object({
+      trait_type: zod.z.string(),
+      value: zod.z.union([zod.z.string(), zod.z.number(), zod.z.boolean()])
+    })
+  ).optional(),
+  external_url: zod.z.string().url().optional()
+});
+TokenSchema.extend({
+  holders: zod.z.number().optional(),
+  transferCount: zod.z.number().optional(),
+  circulatingSupply: zod.z.string().optional()
+});
+var CreateAccountRequestSchema = zod.z.object({
+  chain: ChainTypeSchema,
+  initialBalance: zod.z.string(),
+  publicKey: zod.z.string().optional(),
+  memo: zod.z.string().optional(),
+  /**
+   * Who pays the chain fee for this transaction. Resolution happens in the
+   * controller layer (`resolvePayerAccountId`): explicit `payerAccountId`
+   * wins, else the JWT-authenticated smart-app's wallet address, else the
+   * request is rejected with 400. The validator **never** silently falls
+   * back to its own operator account.
+   */
+  payerAccountId: zod.z.string().optional(),
+  /**
+   * HCS consensus timestamp of the validator rules (REQUIRED).
+   * Format: "1766490325.123456789"
+   */
+  validatorTimestamp: zod.z.string().min(1, "validatorTimestamp is required"),
+  /**
+   * HCS topic ID where validator rules are stored (REQUIRED).
+   */
+  validatorTopicId: zod.z.string().min(1, "validatorTopicId is required"),
+  /**
+   * Whether to remove admin key after creation (makes entity immutable).
+   * Default: true for production-grade immutability.
+   */
+  immutable: zod.z.boolean().default(true),
+  /**
+   * Smart node security mode for the account key structure.
+   * - 'none': Owner-only key (no validator involvement)
+   * - 'partial': threshold(2, [appOwnerKey, tssKeyList]) — co-control
+   * - 'full': TSS KeyList only — full validator network control
+   * Default: 'none' for basic account creation via SDK.
+   */
+  securityMode: zod.z.enum(["none", "partial", "full"]).default("none"),
+  /**
+   * App owner's public key (required for 'partial' security mode).
+   * The owner key + TSS network key form a threshold-2 multi-sig.
+   */
+  appOwnerPublicKey: zod.z.string().optional(),
+  metadata: zod.z.record(zod.z.any()).optional()
+});
+zod.z.object({
+  accountId: AccountIdSchema,
+  publicKey: zod.z.string().optional(),
+  privateKey: zod.z.string().optional(),
+  // Only returned on creation, store securely!
+  transactionId: zod.z.string(),
+  chain: ChainTypeSchema,
+  timestamp: zod.z.date().optional()
+});
+var TransferRequestSchema = zod.z.object({
+  chain: ChainTypeSchema,
+  from: AccountIdSchema,
+  to: AccountIdSchema,
+  amount: zod.z.string(),
+  tokenId: zod.z.string().optional(),
+  // undefined = native token
+  memo: zod.z.string().optional(),
+  /** See CreateAccountRequestSchema.payerAccountId — same resolution rules. */
+  payerAccountId: zod.z.string().optional(),
+  metadata: zod.z.record(zod.z.any()).optional()
+});
+zod.z.object({
+  transactionId: zod.z.string(),
+  status: zod.z.enum(["pending", "success", "failed"]),
+  chain: ChainTypeSchema,
+  fee: zod.z.string().optional(),
+  timestamp: zod.z.date().optional()
+});
+zod.z.object({
+  chain: ChainTypeSchema,
+  accountId: AccountIdSchema
+});
+zod.z.object({
+  chain: ChainTypeSchema,
+  transactionId: zod.z.string()
+});
+var CreateTokenRequestSchema = zod.z.object({
+  chain: ChainTypeSchema,
+  name: zod.z.string().min(1).max(100),
+  symbol: zod.z.string().min(1).max(10),
+  decimals: zod.z.number().int().min(0).max(18),
+  initialSupply: zod.z.string(),
+  type: zod.z.enum(["fungible", "nft"]),
+  treasury: AccountIdSchema.optional(),
+  /**
+   * Token capabilities define what operations the token supports.
+   * These are validated against chain support and translated to native implementations.
+   *
+   * @example
+   * ```typescript
+   * capabilities: {
+   *   pausable: true,      // Hedera: pauseKey, XRPL: GlobalFreeze
+   *   restrictable: true,  // Hedera: freezeKey, XRPL: TrustLineFreeze
+   *   compliant: true,     // Hedera: kycKey, XRPL: RequireAuth
+   *   wipeable: true,      // Hedera: wipeKey, XRPL: Clawback
+   *   mintable: true,      // Allow additional minting
+   *   burnable: true,      // Allow burning
+   * }
+   * ```
+   */
+  capabilities: TokenCapabilitiesSchema.optional().default({
+    pausable: false,
+    restrictable: false,
+    compliant: false,
+    wipeable: false,
+    mintable: true,
+    burnable: true,
+    transferable: true
+  }),
+  /**
+   * HCS consensus timestamp of the validator rules (REQUIRED).
+   * Format: "1766490325.123456789"
+   */
+  validatorTimestamp: zod.z.string().min(1, "validatorTimestamp is required"),
+  /**
+   * HCS topic ID where validator rules are stored (REQUIRED).
+   */
+  validatorTopicId: zod.z.string().min(1, "validatorTopicId is required"),
+  /**
+   * Whether to remove admin key after creation (makes entity immutable).
+   * Default: true for production-grade immutability.
+   */
+  immutable: zod.z.boolean().default(true),
+  /** See CreateAccountRequestSchema.payerAccountId — same resolution rules. */
+  payerAccountId: zod.z.string().optional(),
+  metadata: zod.z.record(zod.z.any()).optional()
+});
+zod.z.object({
+  tokenId: zod.z.string(),
+  transactionId: zod.z.string(),
+  chain: ChainTypeSchema,
+  timestamp: zod.z.date().optional()
+});
+var MintTokenRequestSchema = zod.z.object({
+  chain: ChainTypeSchema,
+  tokenId: zod.z.string(),
+  /** Amount to mint (fungible tokens). Ignored for NFTs. */
+  amount: zod.z.string().optional(),
+  /** Recipient account (fungible: transfer after mint; NFT: Hedera mints to treasury). */
+  recipient: AccountIdSchema.optional(),
+  /**
+   * NFT metadata entries — one per NFT to mint.
+   * Each entry becomes on-chain metadata (e.g. IPFS CID, encoded memo).
+   * On Hedera: passed to TokenMintTransaction.setMetadata().
+   * On XRPL: used as URI in NFTokenMint.
+   */
+  nftMetadata: zod.z.array(zod.z.string()).optional(),
+  /** Additional chain-specific options. */
+  metadata: zod.z.record(zod.z.any()).optional(),
+  /** See CreateAccountRequestSchema.payerAccountId — same resolution rules. */
+  payerAccountId: zod.z.string().optional()
+});
+var BurnTokenRequestSchema = zod.z.object({
+  chain: ChainTypeSchema,
+  tokenId: zod.z.string(),
+  amount: zod.z.string(),
+  /** See CreateAccountRequestSchema.payerAccountId — same resolution rules. */
+  payerAccountId: zod.z.string().optional(),
+  metadata: zod.z.record(zod.z.any()).optional()
+});
+var TokenActionRequestSchema = zod.z.object({
+  chain: ChainTypeSchema,
+  tokenId: zod.z.string(),
+  accountId: AccountIdSchema.optional(),
+  // Required for account-specific actions
+  amount: zod.z.string().optional(),
+  // Required for wipe action
+  /** See CreateAccountRequestSchema.payerAccountId — same resolution rules. */
+  payerAccountId: zod.z.string().optional(),
+  metadata: zod.z.record(zod.z.any()).optional()
+});
+var ActionResultSchema = zod.z.object({
+  success: zod.z.boolean(),
+  transactionId: zod.z.string(),
+  chain: ChainTypeSchema,
+  /** The native chain operation that was executed */
+  chainOperation: zod.z.string(),
+  /** Additional context or notes about the operation */
+  notes: zod.z.array(zod.z.string()).optional(),
+  /** Timestamp of the operation */
+  timestamp: zod.z.date().optional()
+});
+ActionResultSchema.extend({
+  tokenId: zod.z.string(),
+  /** The capabilities that were enabled for this token */
+  enabledCapabilities: zod.z.array(zod.z.string())
+});
+var ValidatorSignatureSchema = zod.z.object({
+  /** Validator's node ID */
+  validatorId: zod.z.string(),
+  /** Validator's public key (hex-encoded) */
+  publicKey: zod.z.string(),
+  /** Signature over the transaction bytes (hex-encoded) */
+  signature: zod.z.string(),
+  /** When this signature was created */
+  signedAt: zod.z.date(),
+  /** Signature algorithm used */
+  algorithm: zod.z.enum(["ed25519", "ecdsa-secp256k1", "bls12-381"]).optional()
+});
+var HederaPreparedMetadataSchema = zod.z.object({
+  /** Hedera node account IDs that will process this transaction */
+  nodeAccountIds: zod.z.array(zod.z.string()).optional(),
+  /** Maximum transaction fee in tinybars */
+  maxTransactionFee: zod.z.string().optional(),
+  /** Transaction memo */
+  memo: zod.z.string().optional(),
+  /** Schedule info if this is a scheduled transaction */
+  scheduleInfo: zod.z.object({
+    scheduleId: zod.z.string(),
+    adminKey: zod.z.string().optional()
+  }).optional()
+});
+var XRPLPreparedMetadataSchema = zod.z.object({
+  /** Sequence number for this transaction */
+  sequence: zod.z.number().optional(),
+  /** Last ledger sequence for expiration */
+  lastLedgerSequence: zod.z.number().optional(),
+  /** Signer list info for multi-sig */
+  signerList: zod.z.array(
+    zod.z.object({
+      account: zod.z.string(),
+      signerWeight: zod.z.number()
+    })
+  ).optional(),
+  /** Quorum weight required */
+  signerQuorum: zod.z.number().optional()
+});
+var SolanaPreparedMetadataSchema = zod.z.object({
+  /** Recent blockhash for transaction validity */
+  recentBlockhash: zod.z.string().optional(),
+  /** Fee payer account */
+  feePayer: zod.z.string().optional(),
+  /** Program IDs involved */
+  programIds: zod.z.array(zod.z.string()).optional(),
+  /** Squads v4 multisig PDA address (partial/full modes) */
+  squadsMultisigPda: zod.z.string().optional(),
+  /** Squads v4 vault PDA address (partial/full modes) */
+  squadsVaultPda: zod.z.string().optional(),
+  /** Index of the vault transaction proposal */
+  squadsTransactionIndex: zod.z.number().optional(),
+  /** Proposal PDA address */
+  squadsProposalAddress: zod.z.string().optional(),
+  /** Whether the multisig was created in this call (vs already existed) */
+  multisigCreated: zod.z.boolean().optional(),
+  /** Security mode used to prepare this transaction */
+  securityMode: zod.z.enum(["none", "partial", "full"]).optional(),
+  /** SPL Token mint address (token-create and all SPL operations) */
+  splMint: zod.z.string().optional()
+});
+var PolkadotPreparedMetadataSchema = zod.z.object({
+  /** Era for transaction mortality */
+  era: zod.z.string().optional(),
+  /** Nonce for the sender */
+  nonce: zod.z.number().optional(),
+  /** Tip for priority */
+  tip: zod.z.string().optional(),
+  /** Spec version for runtime */
+  specVersion: zod.z.number().optional()
+});
+var ChainPreparedMetadataSchema = zod.z.union([
+  HederaPreparedMetadataSchema,
+  XRPLPreparedMetadataSchema,
+  SolanaPreparedMetadataSchema,
+  PolkadotPreparedMetadataSchema,
+  zod.z.record(zod.z.any())
+  // Allow extension for future chains
+]);
+zod.z.object({
+  /** The blockchain this transaction is for */
+  chain: ChainTypeSchema,
+  /** Type of transaction (e.g., 'TokenCreate', 'Payment', 'NFTMint') */
+  transactionType: zod.z.string(),
+  /** Pre-assigned transaction ID for tracking */
+  transactionId: zod.z.string(),
+  /** Base64-encoded frozen transaction bytes ready for submission */
+  transactionBytes: zod.z.string(),
+  /** When this prepared transaction expires */
+  expiresAt: zod.z.date(),
+  /** Validator signatures collected for this transaction */
+  validatorSignatures: zod.z.array(ValidatorSignatureSchema),
+  /** Required payer account ID (caller must fund this account) */
+  payerAccountId: zod.z.string().optional(),
+  /** Estimated network fee */
+  estimatedFee: zod.z.string().optional(),
+  /** Number of signatures required for submission */
+  requiredSignatures: zod.z.number().optional(),
+  /** Whether the transaction has enough signatures to submit */
+  readyToSubmit: zod.z.boolean().default(false),
+  /** Chain-specific metadata */
+  metadata: ChainPreparedMetadataSchema.optional(),
+  /**
+   * Sovereignty metadata: the mode and (for partial/full) the on-chain
+   * authorization set the validator is binding to. Lets smart-apps and tests
+   * inspect the authorization topology without decoding chain-native bytes.
+   */
+  sovereignty: PreparedTransactionSovereigntySchema.optional()
+});
+zod.z.object({
+  /** The original transaction ID */
+  transactionId: zod.z.string(),
+  /** The blockchain */
+  chain: ChainTypeSchema,
+  /** Whether submission was successful */
+  success: zod.z.boolean(),
+  /** Consensus timestamp (Hedera) or ledger/block info */
+  consensusTimestamp: zod.z.string().optional(),
+  /** Block or ledger number */
+  blockNumber: zod.z.number().optional(),
+  /** Actual fee paid */
+  actualFee: zod.z.string().optional(),
+  /** Receipt or confirmation data */
+  receipt: zod.z.record(zod.z.any()).optional(),
+  /** Error message if submission failed */
+  error: zod.z.string().optional()
+});
+zod.z.object({
+  chain: zod.z.literal("hedera"),
+  payerAccountId: zod.z.string().optional(),
+  name: zod.z.string().min(1).max(100),
+  symbol: zod.z.string().min(1).max(10),
+  decimals: zod.z.number().int().min(0).max(18),
+  initialSupply: zod.z.string(),
+  treasuryAccountId: zod.z.string().min(1, "treasuryAccountId is required"),
+  memo: zod.z.string().optional(),
+  tokenType: zod.z.enum(["FUNGIBLE_COMMON", "NON_FUNGIBLE_UNIQUE"]).default("FUNGIBLE_COMMON"),
+  supplyKey: zod.z.string().optional(),
+  adminKey: zod.z.string().optional(),
+  pauseKey: zod.z.string().optional(),
+  freezeKey: zod.z.string().optional(),
+  kycKey: zod.z.string().optional(),
+  wipeKey: zod.z.string().optional(),
+  validatorTimestamp: zod.z.string().min(1),
+  validatorTopicId: zod.z.string().min(1)
+}).merge(SovereigntyFieldsRawSchema).refine(sovereigntyRefinePredicate, { message: SOVEREIGNTY_REFINE_MESSAGE });
+zod.z.object({
+  chain: zod.z.literal("xrpl"),
+  payerAccountId: zod.z.string().optional(),
+  // User's XRPL account whose authorization we're configuring.
+  accountAddress: zod.z.string().min(25).max(34),
+  validatorTimestamp: zod.z.string().min(1),
+  validatorTopicId: zod.z.string().min(1)
+}).merge(SovereigntyFieldsRawSchema).refine(sovereigntyRefinePredicate, { message: SOVEREIGNTY_REFINE_MESSAGE });
+zod.z.object({
+  chain: zod.z.literal("stellar"),
+  payerAccountId: zod.z.string().optional(),
+  // The master public key of the new Stellar account.
+  publicKey: zod.z.string().min(56).max(56),
+  startingBalance: zod.z.string().regex(/^\d+(\.\d+)?$/),
+  validatorTimestamp: zod.z.string().min(1),
+  validatorTopicId: zod.z.string().min(1)
+}).merge(SovereigntyFieldsRawSchema).refine(
+  (v) => {
+    if (v.securityMode === "partial" || v.securityMode === "full") {
+      return !!v.entityId;
+    }
+    return true;
+  },
+  { message: "securityMode='partial'/'full' requires entityId" }
+);
+
+// src/discovery/mirror-node.ts
+function validateUrl(url, allowInsecure = false) {
+  try {
+    const parsed = new URL(url);
+    if (!["http:", "https:"].includes(parsed.protocol)) {
+      throw new Error(`Invalid protocol: ${parsed.protocol}`);
+    }
+    if (!allowInsecure && parsed.protocol !== "https:") {
+      throw new Error(
+        "HTTPS is required for secure connections. Set allowInsecure=true to override."
+      );
+    }
+    const hostname = parsed.hostname.toLowerCase();
+    const blockedPatterns = [
+      /^localhost$/i,
+      /^127\./,
+      /^10\./,
+      /^172\.(1[6-9]|2[0-9]|3[01])\./,
+      /^192\.168\./,
+      /^169\.254\./,
+      /^::1$/,
+      /^fe80:/i,
+      /^fc00:/i,
+      /^fd00:/i
+    ];
+    const isPrivate = blockedPatterns.some((pattern) => pattern.test(hostname));
+    if (isPrivate && !allowInsecure) {
+      throw new Error(
+        "Private/internal URLs are blocked. Set allowInsecure=true for local development."
+      );
+    }
+    return parsed;
+  } catch (error) {
+    if (error instanceof Error && error.message.includes("Invalid URL")) {
+      throw new MirrorNodeError(`Invalid URL format: ${url}`, 400);
+    }
+    throw error;
+  }
+}
+function validateTopicId(topicId) {
+  if (!/^\d+\.\d+\.\d+$/.test(topicId)) {
+    throw new MirrorNodeError(
+      `Invalid topic ID format: ${topicId}. Expected format: 0.0.123456`,
+      400
+    );
+  }
+}
+var MIRROR_NODE_URLS = {
+  mainnet: "https://mainnet-public.mirrornode.hedera.com",
+  testnet: "https://testnet.mirrornode.hedera.com",
+  previewnet: "https://previewnet.mirrornode.hedera.com"
+};
+var MirrorNodeClient = class _MirrorNodeClient {
+  baseUrl;
+  timeout;
+  allowInsecure;
+  constructor(config) {
+    this.allowInsecure = config.allowInsecure ?? false;
+    const validatedUrl = validateUrl(config.baseUrl, this.allowInsecure);
+    this.baseUrl = validatedUrl.origin;
+    this.timeout = config.timeout || 3e4;
+  }
+  /**
+   * Create client for a specific network
+   */
+  static forNetwork(network) {
+    const baseUrl = MIRROR_NODE_URLS[network];
+    if (!baseUrl) {
+      throw new Error(`Unknown network: ${network}`);
+    }
+    return new _MirrorNodeClient({ baseUrl });
+  }
+  /**
+   * Get topic messages from mirror node
+   *
+   * @param topicId - HCS topic ID (e.g., '0.0.123456')
+   * @param options - Query options
+   * @returns Topic messages
+   */
+  async getTopicMessages(topicId, options) {
+    validateTopicId(topicId);
+    const params = new URLSearchParams();
+    if (options?.limit) {
+      params.set("limit", options.limit.toString());
+    }
+    if (options?.order) {
+      params.set("order", options.order);
+    }
+    if (options?.timestampStart) {
+      params.set("timestamp", `gte:${options.timestampStart}`);
+    }
+    if (options?.timestampEnd) {
+      params.set("timestamp", `lte:${options.timestampEnd}`);
+    }
+    if (options?.sequenceNumberStart) {
+      params.set("sequencenumber", `gte:${options.sequenceNumberStart}`);
+    }
+    const url = `${this.baseUrl}/api/v1/topics/${topicId}/messages?${params.toString()}`;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    try {
+      const response = await fetch(url, {
+        method: "GET",
+        headers: {
+          Accept: "application/json"
+        },
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        throw new MirrorNodeError(
+          `Mirror node error: ${response.status} ${response.statusText}`,
+          response.status
+        );
+      }
+      const data = await response.json();
+      return data.messages;
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error instanceof MirrorNodeError) {
+        throw error;
+      }
+      const err = error;
+      if (err.name === "AbortError") {
+        throw new MirrorNodeError("Mirror node request timeout", 408);
+      }
+      throw new MirrorNodeError(`Mirror node network error: ${err.message}`, 0);
+    }
+  }
+  /**
+   * Get all topic messages with pagination
+   *
+   * @param topicId - HCS topic ID
+   * @param maxMessages - Maximum messages to fetch (default: 1000)
+   * @returns All topic messages
+   */
+  async getAllTopicMessages(topicId, maxMessages = 1e3) {
+    validateTopicId(topicId);
+    const safeMaxMessages = Math.min(maxMessages, 1e4);
+    const allMessages = [];
+    let nextPath = `/api/v1/topics/${topicId}/messages?limit=100&order=desc`;
+    while (nextPath && allMessages.length < safeMaxMessages) {
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+      try {
+        const fullUrl = `${this.baseUrl}${nextPath}`;
+        const response = await fetch(fullUrl, {
+          method: "GET",
+          headers: { Accept: "application/json" },
+          signal: controller.signal
+        });
+        clearTimeout(timeoutId);
+        if (!response.ok) {
+          throw new MirrorNodeError(
+            `Mirror node error: ${response.status} ${response.statusText}`,
+            response.status
+          );
+        }
+        const data = await response.json();
+        allMessages.push(...data.messages);
+        if (data.links.next) {
+          const nextLink = data.links.next;
+          if (nextLink.startsWith("/api/v1/topics/")) {
+            nextPath = nextLink;
+          } else {
+            nextPath = void 0;
+          }
+        } else {
+          nextPath = void 0;
+        }
+      } catch (error) {
+        clearTimeout(timeoutId);
+        if (error instanceof MirrorNodeError) {
+          throw error;
+        }
+        const err = error;
+        throw new MirrorNodeError(`Mirror node error: ${err.message}`, 0);
+      }
+    }
+    return allMessages.slice(0, safeMaxMessages);
+  }
+  /**
+   * Decode base64 message content
+   */
+  static decodeMessage(base64Message) {
+    if (typeof Buffer !== "undefined") {
+      return Buffer.from(base64Message, "base64").toString("utf-8");
+    }
+    return atob(base64Message);
+  }
+};
+var MirrorNodeError = class extends Error {
+  constructor(message, statusCode) {
+    super(message);
+    this.statusCode = statusCode;
+    this.name = "MirrorNodeError";
+  }
+  statusCode;
+};
+
+// src/discovery/validator-discovery.ts
+var ValidatorDiscoveryClient = class {
+  mirrorNode;
+  registryTopicId;
+  cacheTtlMs;
+  cache = null;
+  constructor(config) {
+    const mirrorNodeUrl = config.mirrorNodeUrl || MIRROR_NODE_URLS[config.network];
+    if (!mirrorNodeUrl) {
+      throw new Error(`Unknown network: ${config.network}`);
+    }
+    this.mirrorNode = new MirrorNodeClient({
+      baseUrl: mirrorNodeUrl,
+      allowInsecure: config.allowInsecure
+    });
+    this.registryTopicId = config.registryTopicId;
+    this.cacheTtlMs = config.cacheTtlMs ?? 6e4;
+  }
+  /**
+   * Get all active validators from the registry
+   *
+   * Results are cached for efficiency. Use `forceRefresh` to bypass cache.
+   *
+   * @param forceRefresh - Force refresh from mirror node
+   * @returns List of active validators
+   */
+  async getValidators(forceRefresh = false) {
+    if (!forceRefresh && this.cache && this.isCacheValid()) {
+      return this.cache.validators;
+    }
+    const messages = await this.mirrorNode.getAllTopicMessages(
+      this.registryTopicId,
+      500
+      // Max messages to fetch
+    );
+    const validatorMap = /* @__PURE__ */ new Map();
+    const leftValidators = /* @__PURE__ */ new Set();
+    for (const msg of messages) {
+      try {
+        const content = MirrorNodeClient.decodeMessage(msg.message);
+        const raw = JSON.parse(content);
+        const entry = normalizeRegistryEntry(raw);
+        if (!entry) continue;
+        if (entry.messageType === "validator.leave") {
+          leftValidators.add(entry.nodeId);
+          continue;
+        }
+        if (leftValidators.has(entry.nodeId)) {
+          continue;
+        }
+        if (!validatorMap.has(entry.nodeId)) {
+          validatorMap.set(entry.nodeId, entry);
+        }
+      } catch {
+        continue;
+      }
+    }
+    const validators = Array.from(validatorMap.values());
+    this.cache = {
+      validators,
+      lastUpdated: Date.now()
+    };
+    return validators;
+  }
+  /**
+   * Get validators with API endpoints available
+   *
+   * @param forceRefresh - Force refresh from mirror node
+   * @returns Validators with apiEndpoint configured
+   */
+  async getValidatorsWithEndpoints(forceRefresh = false) {
+    const validators = await this.getValidators(forceRefresh);
+    return validators.filter((v) => v.networkEndpoints?.apiEndpoint);
+  }
+  /**
+   * Get a random validator from the registry
+   *
+   * @param forceRefresh - Force refresh from mirror node
+   * @returns Random validator info or null if none available
+   */
+  async getRandomValidator(forceRefresh = false) {
+    const validators = await this.getValidatorsWithEndpoints(forceRefresh);
+    if (validators.length === 0) {
+      return null;
+    }
+    const randomBytes = new Uint32Array(1);
+    crypto.getRandomValues(randomBytes);
+    const randomIndex = randomBytes[0] % validators.length;
+    return validators[randomIndex];
+  }
+  /**
+   * Get a random validator API endpoint URL
+   *
+   * @param forceRefresh - Force refresh from mirror node
+   * @returns Random validator API URL or null if none available
+   */
+  async getRandomValidatorUrl(forceRefresh = false) {
+    const validator = await this.getRandomValidator(forceRefresh);
+    return validator?.networkEndpoints?.apiEndpoint ?? null;
+  }
+  /**
+   * Get validator by node ID
+   *
+   * @param nodeId - Validator node ID (e.g., 'validator-1')
+   * @param forceRefresh - Force refresh from mirror node
+   * @returns Validator info or null if not found
+   */
+  async getValidatorByNodeId(nodeId, forceRefresh = false) {
+    const validators = await this.getValidators(forceRefresh);
+    return validators.find((v) => v.nodeId === nodeId) ?? null;
+  }
+  /**
+   * Get validators by capability
+   *
+   * @param capability - Required capability (e.g., 'hedera', 'xrpl', 'dkg')
+   * @param forceRefresh - Force refresh from mirror node
+   * @returns Validators with the specified capability
+   */
+  async getValidatorsByCapability(capability, forceRefresh = false) {
+    const validators = await this.getValidatorsWithEndpoints(forceRefresh);
+    return validators.filter((v) => v.capabilities?.includes(capability));
+  }
+  /**
+   * Clear the validator cache
+   */
+  clearCache() {
+    this.cache = null;
+  }
+  /**
+   * Check if cache is still valid
+   */
+  isCacheValid() {
+    if (!this.cache) return false;
+    return Date.now() - this.cache.lastUpdated < this.cacheTtlMs;
+  }
+};
+function normalizeRegistryEntry(raw) {
+  if (raw.messageType && typeof raw.nodeId === "string") {
+    return raw;
+  }
+  if (raw.type === "validator.register") {
+    if (raw.validatorType && raw.validatorType !== void 0 && raw.validatorType !== null) {
+      if (typeof raw.validatorType === "string" && raw.validatorType !== "node") {
+        return null;
+      }
+    }
+    const nodeId = typeof raw.validatorId === "string" && raw.validatorId || typeof raw.nodeId === "string" && raw.nodeId || null;
+    if (!nodeId) return null;
+    const endpoint = typeof raw.endpoint === "string" ? raw.endpoint : void 0;
+    if (!endpoint) return null;
+    const capabilities = Array.isArray(raw.capabilities) ? raw.capabilities.filter((c) => typeof c === "string") : void 0;
+    return {
+      validatorTimestamp: typeof raw.timestamp === "string" ? raw.timestamp : "",
+      nodeId,
+      type: "consensus",
+      networkEndpoints: { apiEndpoint: endpoint },
+      publicKey: typeof raw.publicKey === "string" ? raw.publicKey : void 0,
+      capabilities,
+      metadata: {},
+      registeredAt: typeof raw.timestamp === "string" ? raw.timestamp : "",
+      messageType: "validator.join"
+    };
+  }
+  return null;
+}
+
+// src/auth/validator-auth.ts
+var SUPPORTED_AUTH_CHAINS = [
+  "hedera",
+  "xrpl",
+  "polkadot",
+  "stellar",
+  "solana"
+];
+function validateValidatorUrl(url, allowInsecure = false) {
+  try {
+    const parsed = new URL(url);
+    if (!["http:", "https:"].includes(parsed.protocol)) {
+      throw new ValidatorAuthError(`Invalid protocol: ${parsed.protocol}`, 400);
+    }
+    if (!allowInsecure && parsed.protocol !== "https:") {
+      throw new ValidatorAuthError(
+        "HTTPS is required for validator connections. Set allowInsecure=true for local development.",
+        400
+      );
+    }
+    const hostname = parsed.hostname.toLowerCase();
+    const isLocalhost = hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1";
+    if (isLocalhost && !allowInsecure) {
+      throw new ValidatorAuthError(
+        "Localhost connections blocked in secure mode. Set allowInsecure=true for local development.",
+        400
+      );
+    }
+    return parsed.origin;
+  } catch (error) {
+    if (error instanceof ValidatorAuthError) {
+      throw error;
+    }
+    throw new ValidatorAuthError(`Invalid validator URL: ${url}`, 400);
+  }
+}
+function sanitizeInput(input, fieldName, maxLength = 256) {
+  if (typeof input !== "string") {
+    throw new ValidatorAuthError(`${fieldName} must be a string`, 400);
+  }
+  if (input.length > maxLength) {
+    throw new ValidatorAuthError(`${fieldName} exceeds maximum length of ${maxLength}`, 400);
+  }
+  return input.replace(/[\x00-\x1F\x7F]/g, "");
+}
+var ValidatorAuthClient = class {
+  timeout;
+  allowInsecure;
+  constructor(config) {
+    this.timeout = config?.timeout ?? 3e4;
+    this.allowInsecure = config?.security?.allowInsecure ?? false;
+  }
+  /**
+   * Request authentication challenge from validator
+   *
+   * @param validatorUrl - Validator API base URL
+   * @param chain - Blockchain type
+   * @param address - Wallet address
+   * @returns Challenge to sign
+   */
+  async requestChallenge(validatorUrl, chain, address) {
+    const safeUrl = validateValidatorUrl(validatorUrl, this.allowInsecure);
+    const safeAddress = sanitizeInput(address, "address", 128);
+    if (!SUPPORTED_AUTH_CHAINS.includes(chain)) {
+      throw new ValidatorAuthError(`Invalid chain type: ${chain}`, 400);
+    }
+    const url = `${safeUrl}/auth/validator/challenge`;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    try {
+      const response = await fetch(url, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({ chain, address: safeAddress }),
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        const error = await response.json().catch(() => ({}));
+        throw new ValidatorAuthError(
+          `Challenge request failed: ${response.status} ${response.statusText}`,
+          response.status,
+          error
+        );
+      }
+      return await response.json();
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error instanceof ValidatorAuthError) {
+        throw error;
+      }
+      const err = error;
+      if (err.name === "AbortError") {
+        throw new ValidatorAuthError("Challenge request timeout", 408);
+      }
+      throw new ValidatorAuthError(`Challenge request failed: ${err.message}`, 0);
+    }
+  }
+  /**
+   * Authenticate with signed challenge
+   *
+   * @param validatorUrl - Validator API base URL
+   * @param request - Authentication request with signature
+   * @returns Session token and info
+   */
+  async authenticate(validatorUrl, request) {
+    const safeUrl = validateValidatorUrl(validatorUrl, this.allowInsecure);
+    const sanitizedRequest = {
+      chain: request.chain,
+      address: sanitizeInput(request.address, "address", 128),
+      publicKey: sanitizeInput(request.publicKey, "publicKey", 512),
+      signature: sanitizeInput(request.signature, "signature", 1024),
+      challenge: sanitizeInput(request.challenge, "challenge", 512),
+      metadata: request.metadata ? {
+        nodeId: request.metadata.nodeId ? sanitizeInput(request.metadata.nodeId, "nodeId", 64) : void 0,
+        endpoint: request.metadata.endpoint ? sanitizeInput(request.metadata.endpoint, "endpoint", 256) : void 0,
+        capabilities: request.metadata.capabilities,
+        appId: request.metadata.appId ? sanitizeInput(request.metadata.appId, "appId", 64) : void 0,
+        appName: request.metadata.appName ? sanitizeInput(request.metadata.appName, "appName", 128) : void 0
+      } : void 0
+    };
+    if (!SUPPORTED_AUTH_CHAINS.includes(sanitizedRequest.chain)) {
+      throw new ValidatorAuthError(`Invalid chain type: ${sanitizedRequest.chain}`, 400);
+    }
+    if (!/^[0-9a-fA-F]+$/.test(sanitizedRequest.signature.replace(/_.*$/, ""))) {
+      throw new ValidatorAuthError("Invalid signature format: must be hex encoded", 400);
+    }
+    const url = `${safeUrl}/auth/validator/authenticate`;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    try {
+      const response = await fetch(url, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify(sanitizedRequest),
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        const error = await response.json().catch(() => ({}));
+        throw new ValidatorAuthError(
+          `Authentication failed: ${response.status} ${response.statusText}`,
+          response.status,
+          error
+        );
+      }
+      return await response.json();
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error instanceof ValidatorAuthError) {
+        throw error;
+      }
+      const err = error;
+      if (err.name === "AbortError") {
+        throw new ValidatorAuthError("Authentication request timeout", 408);
+      }
+      throw new ValidatorAuthError(`Authentication failed: ${err.message}`, 0);
+    }
+  }
+  /**
+   * Get current session info
+   *
+   * @param validatorUrl - Validator API base URL
+   * @param token - Session token
+   * @returns Session information
+   */
+  async getSession(validatorUrl, token) {
+    const safeUrl = validateValidatorUrl(validatorUrl, this.allowInsecure);
+    const safeToken = sanitizeInput(token, "token", 2048);
+    const url = `${safeUrl}/auth/validator/session`;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    try {
+      const response = await fetch(url, {
+        method: "GET",
+        headers: {
+          Authorization: `Bearer ${safeToken}`
+        },
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        const error = await response.json().catch(() => ({}));
+        throw new ValidatorAuthError(
+          `Session request failed: ${response.status} ${response.statusText}`,
+          response.status,
+          error
+        );
+      }
+      return await response.json();
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error instanceof ValidatorAuthError) {
+        throw error;
+      }
+      const err = error;
+      if (err.name === "AbortError") {
+        throw new ValidatorAuthError("Session request timeout", 408);
+      }
+      throw new ValidatorAuthError(`Session request failed: ${err.message}`, 0);
+    }
+  }
+  /**
+   * Sign challenge with Hedera private key
+   *
+   * @param challenge - Challenge string from validator
+   * @param privateKey - Hedera PrivateKey instance from @hashgraph/sdk
+   * @returns Hex-encoded signature
+   */
+  signChallengeHedera(challenge, privateKey) {
+    const messageBytes = Buffer.from(challenge, "utf-8");
+    const signature = privateKey.sign(messageBytes);
+    return Buffer.from(signature).toString("hex");
+  }
+  /**
+   * Sign challenge with XRPL wallet
+   *
+   * @param challenge - Challenge string from validator
+   * @param wallet - XRPL Wallet instance from xrpl library
+   * @returns Hex-encoded signature
+   */
+  signChallengeXRPL(challenge, wallet) {
+    const signature = wallet.sign(challenge);
+    if (typeof signature === "string" && /^[0-9A-Fa-f]+$/.test(signature)) {
+      return signature;
+    }
+    return Buffer.from(signature).toString("hex");
+  }
+  /**
+   * Complete authentication flow in one call
+   *
+   * @param validatorUrl - Validator API base URL
+   * @param chain - Blockchain type
+   * @param address - Wallet address
+   * @param publicKey - Public key (hex)
+   * @param signFn - Function to sign the challenge
+   * @param metadata - Optional metadata
+   * @returns Session token and info
+   */
+  async authenticateWithSigner(validatorUrl, chain, address, publicKey, signFn, metadata) {
+    const challengeResponse = await this.requestChallenge(validatorUrl, chain, address);
+    const signature = await signFn(challengeResponse.challenge);
+    return this.authenticate(validatorUrl, {
+      chain,
+      address,
+      publicKey,
+      signature,
+      challenge: challengeResponse.challenge,
+      metadata
+    });
+  }
+};
+var ValidatorAuthError = class extends Error {
+  constructor(message, statusCode, details) {
+    super(message);
+    this.statusCode = statusCode;
+    this.details = details;
+    this.name = "ValidatorAuthError";
+  }
+  statusCode;
+  details;
+};
+
+// src/http/index.ts
+var SdkHttpError = class extends Error {
+  constructor(message, statusCode, details) {
+    super(message);
+    this.statusCode = statusCode;
+    this.details = details;
+    this.name = "SdkHttpError";
+  }
+  statusCode;
+  details;
+};
+function createHttpClient(config) {
+  const timeout = config.timeout ?? 3e4;
+  function getHeaders(contentType) {
+    const headers = {};
+    {
+      headers["Content-Type"] = contentType;
+    }
+    if (config.authToken) {
+      headers["Authorization"] = `Bearer ${config.authToken}`;
+    }
+    if (config.apiKey) {
+      headers["X-API-Key"] = config.apiKey;
+    }
+    return headers;
+  }
+  function setAuthToken(token) {
+    config.authToken = token;
+  }
+  async function request(method, path, body) {
+    const url = `${config.baseUrl}${path}`;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), timeout);
+    try {
+      const init = {
+        method,
+        headers: getHeaders("application/json"),
+        signal: controller.signal
+      };
+      if (body !== void 0) {
+        init.body = JSON.stringify(body);
+      }
+      const response = await fetch(url, init);
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        const errorData = await response.json().catch(() => ({}));
+        throw new SdkHttpError(
+          errorData.message || `API error: ${response.status} ${response.statusText}`,
+          response.status,
+          errorData
+        );
+      }
+      const text = await response.text();
+      if (!text) return void 0;
+      return JSON.parse(text);
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error instanceof SdkHttpError) throw error;
+      const err = error;
+      if (err.name === "AbortError") {
+        throw new SdkHttpError("Request timeout", 408);
+      }
+      throw new SdkHttpError(`Network error: ${err.message}`, 0, error);
+    }
+  }
+  async function upload(path, file, filename, metadata) {
+    const url = `${config.baseUrl}${path}`;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), timeout * 2);
+    try {
+      const formData = new FormData();
+      const blob = file instanceof Blob ? file : new Blob([new Uint8Array(file)]);
+      formData.append("file", blob, filename);
+      if (metadata) {
+        for (const [key, value] of Object.entries(metadata)) {
+          formData.append(key, value);
+        }
+      }
+      const headers = {};
+      if (config.authToken) {
+        headers["Authorization"] = `Bearer ${config.authToken}`;
+      }
+      if (config.apiKey) {
+        headers["X-API-Key"] = config.apiKey;
+      }
+      const response = await fetch(url, {
+        method: "POST",
+        headers,
+        body: formData,
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        const errorData = await response.json().catch(() => ({}));
+        throw new SdkHttpError(
+          errorData.message || `Upload error: ${response.status} ${response.statusText}`,
+          response.status,
+          errorData
+        );
+      }
+      return response.json();
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error instanceof SdkHttpError) throw error;
+      const err = error;
+      if (err.name === "AbortError") {
+        throw new SdkHttpError("Upload timeout", 408);
+      }
+      throw new SdkHttpError(`Upload error: ${err.message}`, 0, error);
+    }
+  }
+  const client = {
+    post: (path, body) => request("POST", path, body),
+    get: (path) => request("GET", path),
+    put: (path, body) => request("PUT", path, body),
+    delete: (path) => request("DELETE", path),
+    upload,
+    setAuthToken
+  };
+  return client;
+}
+function encodePathParam(param) {
+  return encodeURIComponent(param).replace(/%2F/gi, "");
+}
+
+// src/subscription/index.ts
+var SubscriptionClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /**
+   * Request a new subscription.
+   * Creates a deposit wallet and returns deposit instructions.
+   */
+  async request(request) {
+    return this.http.post("/subscription/request", request);
+  }
+  /**
+   * Get subscription status by app ID
+   */
+  async getStatus(appId) {
+    return this.http.get(`/subscription/status/${encodeURIComponent(appId)}`);
+  }
+  /**
+   * Mint subscription NFT after deposit is confirmed
+   */
+  async mintNft(appId) {
+    return this.http.post(`/subscription/mint/${encodeURIComponent(appId)}`, {});
+  }
+  /**
+   * Renew subscription by extending period
+   */
+  async renew(request) {
+    return this.http.post("/subscription/renew", request);
+  }
+  /**
+   * Fetch available subscription tiers from the network.
+   *
+   * Use this instead of hard-coding tier names -- the validator returns the
+   * canonical list of tiers together with pricing, limits, and features.
+   *
+   * @returns Array of {@link SubscriptionTierInfo} objects.
+   *
+   * @example
+   * ```typescript
+   * const tiers = await subscription.getTiers();
+   * console.log(tiers.map(t => `${t.name}: $${t.priceUsd}/mo`));
+   * ```
+   */
+  async getTiers() {
+    try {
+      return await this.http.get("/subscription/tiers");
+    } catch (err) {
+      const isNotFound = err != null && typeof err === "object" && "statusCode" in err && err.statusCode === 404;
+      if (!isNotFound) throw err;
+      const cfg = await this.http.get("/subscription/config");
+      return (cfg.availableTiers || []).map((raw) => {
+        const tier = raw.tier ?? raw.name;
+        const displayName = raw.name ?? raw.displayName ?? String(tier);
+        const monthlyPriceHsuite = Number(
+          raw.monthlyPriceHsuite ?? raw.depositAmount ?? 0
+        );
+        const apiCallsPerDay = Number(raw.apiCallsPerDay ?? 0);
+        const rawNetworks = raw.allowedNetworks ?? raw.supportedNetworks ?? [];
+        const supportedNetworks = rawNetworks.some(
+          (n) => n === "mainnet"
+        ) ? ["hedera", "xrpl"] : ["hedera"];
+        return {
+          name: tier,
+          displayName,
+          description: raw.description ?? `${displayName} tier`,
+          priceUsd: Number(raw.priceUsd ?? 0),
+          depositAmount: String(monthlyPriceHsuite),
+          apiCallsPerDay: Number.isFinite(apiCallsPerDay) ? apiCallsPerDay : Number.MAX_SAFE_INTEGER,
+          supportedNetworks,
+          features: raw.features ?? []
+        };
+      });
+    }
+  }
+  /**
+   * Get subscription configuration
+   */
+  async getConfig() {
+    return this.http.get("/subscription/config");
+  }
+  /**
+   * List all subscriptions
+   */
+  async list() {
+    return this.http.get("/subscription/list");
+  }
+  /**
+   * List subscriptions by status
+   */
+  async listByStatus(status) {
+    return this.http.get(`/subscription/list/status/${encodeURIComponent(status)}`);
+  }
+  /**
+   * Get subscription balance
+   */
+  async getBalance(appId) {
+    return this.http.get(`/subscription/balance/${encodeURIComponent(appId)}`);
+  }
+};
+
+// src/tss/index.ts
+var TSSClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /**
+   * Create a multi-sig entity with TSS
+   */
+  async createEntity(options) {
+    return this.http.post("/tss/entity/create", options);
+  }
+  /**
+   * Reshare keys when cluster membership changes.
+   * Redistributes secret shares WITHOUT changing public keys.
+   */
+  async reshareCluster(request) {
+    return this.http.post("/tss/cluster/reshare", request);
+  }
+  /**
+   * Get entity details by ID
+   */
+  async getEntity(entityId) {
+    return this.http.get(`/tss/entity/${encodeURIComponent(entityId)}`);
+  }
+  /**
+   * Sign a transaction using MPC — chain-agnostic.
+   * Routes to the correct chain backend based on the `chain` parameter.
+   *
+   * @param request - MPC signing request with chain, entityId, and transaction bytes
+   */
+  async signMPC(request) {
+    const chain = request.chain || "hedera";
+    return this.http.post(`/tss/${encodeURIComponent(chain)}/sign-mpc`, request);
+  }
+  /**
+   * Get known validators and their public keys
+   */
+  async getValidators() {
+    return this.http.get("/tss/validators");
+  }
+  /**
+   * Force announcement of this node's public key
+   */
+  async announceKey() {
+    return this.http.post("/tss/announce", {});
+  }
+  /**
+   * Get TSS statistics
+   */
+  async getStats() {
+    return this.http.get("/tss/stats");
+  }
+  /**
+   * List all TSS entities
+   */
+  async listEntities() {
+    return this.http.get("/tss/entities");
+  }
+  /**
+   * TSS health check
+   */
+  async getHealth() {
+    return this.http.get("/tss/health");
+  }
+  /**
+   * List DKG ceremonies and their statistics
+   */
+  async listCeremonies() {
+    return this.http.get("/tss/multisig/ceremonies");
+  }
+  /**
+   * Get multi-sig transaction status by transaction ID
+   */
+  async getMultiSigStatus(txId) {
+    return this.http.get(`/tss/multisig/transactions/${encodeURIComponent(txId)}`);
+  }
+};
+
+// src/ipfs/index.ts
+var IPFSClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /**
+   * Upload a file to IPFS
+   *
+   * @param file - File data as Blob or Buffer
+   * @param filename - Name of the file
+   * @param metadata - Optional metadata key-value pairs
+   * @returns Upload result with CID
+   */
+  async upload(file, filename, metadata) {
+    return this.http.upload("/ipfs/upload", file, filename, metadata);
+  }
+  /**
+   * Pin content by CID to ensure it persists
+   */
+  async pin(cid) {
+    return this.http.post(`/ipfs/pin/${encodeURIComponent(cid)}`, {});
+  }
+  /**
+   * Unpin content by CID
+   */
+  async unpin(cid) {
+    return this.http.delete(`/ipfs/unpin/${encodeURIComponent(cid)}`);
+  }
+  /**
+   * Get a file by CID
+   */
+  async getFile(cid) {
+    return this.http.get(`/ipfs/file/${encodeURIComponent(cid)}`);
+  }
+  /**
+   * Get raw content by CID
+   */
+  async getContent(cid) {
+    return this.http.get(`/ipfs/${encodeURIComponent(cid)}`);
+  }
+  /**
+   * Get file metadata by CID
+   */
+  async getMetadata(cid) {
+    return this.http.get(`/ipfs/metadata/${encodeURIComponent(cid)}`);
+  }
+  /**
+   * List all pinned content
+   */
+  async listPins() {
+    return this.http.get("/ipfs/pins");
+  }
+  /**
+   * Get IPFS node status
+   */
+  async getStatus() {
+    return this.http.get("/ipfs/status");
+  }
+  /**
+   * Get storage usage information
+   */
+  async getStorageUsage() {
+    return this.http.get("/ipfs/storage");
+  }
+};
+
+// src/transactions/index.ts
+var TransactionsClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /**
+   * Get transaction preparation service info
+   */
+  async getInfo() {
+    return this.http.get("/info");
+  }
+  /**
+   * Prepare a transfer transaction for local signing
+   */
+  async prepareTransfer(request) {
+    return this.http.post("/transfer/prepare", request);
+  }
+  /**
+   * Prepare an NFT mint transaction
+   */
+  async prepareNftMint(request) {
+    return this.http.post("/nft/mint/prepare", request);
+  }
+  /**
+   * Prepare an NFT burn transaction
+   */
+  async prepareNftBurn(request) {
+    return this.http.post("/nft/burn/prepare", request);
+  }
+  /**
+   * Prepare an NFT transfer transaction
+   */
+  async prepareNftTransfer(request) {
+    return this.http.post("/nft/transfer/prepare", request);
+  }
+  /**
+   * Prepare a token creation transaction
+   */
+  async prepareTokenCreate(request) {
+    return this.http.post("/token/create/prepare", request);
+  }
+  /**
+   * Prepare a token mint transaction
+   */
+  async prepareTokenMint(request) {
+    return this.http.post("/token/mint/prepare", request);
+  }
+  /**
+   * Prepare a fungible token burn transaction (Hedera).
+   *
+   * For NFT burn use `prepareNftBurn` with a serialNumber.
+   */
+  async prepareTokenBurn(request) {
+    return this.http.post("/token/burn/prepare", request);
+  }
+  /**
+   * Prepare a token association transaction
+   */
+  async prepareTokenAssociation(request) {
+    return this.http.post("/token/associate/prepare", request);
+  }
+  // ── Capability actions (Hedera) ──────────────────────────────────────
+  /** Prepare a token pause transaction (capability: pausable). */
+  async prepareTokenPause(request) {
+    return this.http.post("/token/pause/prepare", request);
+  }
+  /** Prepare a token unpause transaction (capability: pausable). */
+  async prepareTokenUnpause(request) {
+    return this.http.post("/token/unpause/prepare", request);
+  }
+  /**
+   * Prepare a token restrict (freeze account) transaction (capability:
+   * restrictable). Freezes `accountId` from transacting `tokenId`.
+   */
+  async prepareTokenRestrict(request) {
+    return this.http.post("/token/restrict/prepare", request);
+  }
+  /** Prepare a token unrestrict (unfreeze account) transaction. */
+  async prepareTokenUnrestrict(request) {
+    return this.http.post("/token/unrestrict/prepare", request);
+  }
+  /**
+   * Prepare a token compliance-enable (grant KYC) transaction (capability:
+   * compliant).
+   */
+  async prepareTokenComplianceEnable(request) {
+    return this.http.post("/token/compliance/enable/prepare", request);
+  }
+  /** Prepare a token compliance-disable (revoke KYC) transaction. */
+  async prepareTokenComplianceDisable(request) {
+    return this.http.post("/token/compliance/disable/prepare", request);
+  }
+  /**
+   * Prepare a token wipe transaction (capability: wipeable). Force-removes
+   * `amount` of `tokenId` from `accountId`.
+   */
+  async prepareTokenWipe(request) {
+    return this.http.post("/token/wipe/prepare", request);
+  }
+  /**
+   * Prepare a topic creation transaction
+   */
+  async prepareTopicCreate(request) {
+    return this.http.post("/topic/create/prepare", request);
+  }
+  /**
+   * Prepare a topic message submission transaction
+   */
+  async prepareTopicMessage(request) {
+    return this.http.post("/topic/message/prepare", request);
+  }
+  /**
+   * Prepare a trust line transaction (e.g. XRPL trust lines)
+   */
+  async prepareTrustLine(request) {
+    return this.http.post("/trustline/prepare", request);
+  }
+};
+
+// src/snapshots/index.ts
+var SnapshotsClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /**
+   * Generate a new snapshot for a token
+   *
+   * @param tokenId - Token identifier
+   * @param options - Generation options (format, filters)
+   */
+  async generate(tokenId, options) {
+    return this.http.post(
+      `/snapshots/generate/${encodeURIComponent(tokenId)}`,
+      options || {}
+    );
+  }
+  /**
+   * Get snapshot details by ID
+   */
+  async get(snapshotId) {
+    return this.http.get(`/snapshots/${encodeURIComponent(snapshotId)}`);
+  }
+  /**
+   * List snapshots for a token
+   */
+  async listByToken(tokenId, pagination) {
+    const params = new URLSearchParams();
+    if (pagination?.page !== void 0) params.set("page", String(pagination.page));
+    if (pagination?.limit !== void 0) params.set("limit", String(pagination.limit));
+    const qs = params.toString();
+    return this.http.get(
+      `/snapshots/token/${encodeURIComponent(tokenId)}${qs ? `?${qs}` : ""}`
+    );
+  }
+  /**
+   * Download snapshot data
+   *
+   * @param snapshotId - Snapshot ID
+   * @param format - Output format (json or csv)
+   */
+  async download(snapshotId, format) {
+    const params = format ? `?format=${encodeURIComponent(format)}` : "";
+    return this.http.get(
+      `/snapshots/${encodeURIComponent(snapshotId)}/download${params}`
+    );
+  }
+};
+
+// src/settlement/index.ts
+var SettlementClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /**
+   * Initiate a new settlement operation.
+   * Submits source-chain payment details and begins the conversion pipeline.
+   */
+  async initiate(request) {
+    return this.http.post("/settlement/initiate", request);
+  }
+  /**
+   * Get the current status of a settlement by ID.
+   */
+  async getStatus(settlementId) {
+    return this.http.get(`/settlement/${encodeURIComponent(settlementId)}/status`);
+  }
+  /**
+   * Confirm that XRP has landed on the destination address.
+   * Advances the settlement to the next processing step.
+   */
+  async confirmXrpLanded(settlementId) {
+    return this.http.post(`/settlement/${encodeURIComponent(settlementId)}/confirm-xrp`, {});
+  }
+  /**
+   * Get settlement history for a given entity.
+   */
+  async getHistory(entityId) {
+    return this.http.get(`/settlement/history/${encodeURIComponent(entityId)}`);
+  }
+};
+
+// src/client.ts
+var SmartEngineClient = class _SmartEngineClient {
+  baseUrl;
+  allowInsecure;
+  http;
+  /** Separate HTTP client for /api/transactions (non-v3 base path) */
+  txHttp;
+  /** Last HTTP error (for getHttpHealth) */
+  lastHttpError;
+  // ========== Sub-Clients ==========
+  /** Application subscription management */
+  subscription;
+  /** Threshold Signature Scheme — chain-agnostic MPC operations */
+  tss;
+  /** IPFS decentralized file storage */
+  ipfs;
+  /** Transaction preparation for local signing (sovereignty model) */
+  transactions;
+  /** Token holder snapshot generation and retrieval */
+  snapshots;
+  /** Cross-chain settlement operations */
+  settlement;
+  constructor(config) {
+    this.allowInsecure = config.allowInsecure ?? false;
+    this.baseUrl = validateClientUrl(config.baseUrl, this.allowInsecure);
+    this.http = createHttpClient({
+      baseUrl: `${this.baseUrl}/api/v3`,
+      apiKey: config.apiKey,
+      authToken: config.authToken,
+      timeout: config.timeout
+    });
+    this.txHttp = createHttpClient({
+      baseUrl: `${this.baseUrl}/api/transactions`,
+      apiKey: config.apiKey,
+      authToken: config.authToken,
+      timeout: config.timeout
+    });
+    this.subscription = new SubscriptionClient(this.http);
+    this.tss = new TSSClient(this.http);
+    this.ipfs = new IPFSClient(this.http);
+    this.transactions = new TransactionsClient(this.txHttp);
+    this.snapshots = new SnapshotsClient(this.http);
+    this.settlement = new SettlementClient(this.http);
+  }
+  /**
+   * Connect to the smart-engines network with auto-discovery and authentication
+   *
+   * This method:
+   * 1. Discovers validators via HCS registry topic
+   * 2. Selects a random validator with API endpoint
+   * 3. Authenticates with Web3-style challenge-response
+   * 4. Returns a configured client ready to use
+   */
+  static async connectToNetwork(config) {
+    const allowInsecure = config.allowInsecure ?? false;
+    const discovery = new ValidatorDiscoveryClient({
+      network: config.network,
+      registryTopicId: config.registryTopicId,
+      mirrorNodeUrl: config.mirrorNodeUrl
+    });
+    const validator = await discovery.getRandomValidator();
+    if (!validator || !validator.networkEndpoints?.apiEndpoint) {
+      throw new SmartEngineError2(
+        "No validators available. Check registry topic and network configuration.",
+        503
+      );
+    }
+    const validatorUrl = validator.networkEndpoints.apiEndpoint;
+    validateClientUrl(validatorUrl, allowInsecure);
+    const auth = new ValidatorAuthClient({
+      security: { allowInsecure }
+    });
+    const session = await auth.authenticateWithSigner(
+      validatorUrl,
+      config.chain,
+      config.address,
+      config.publicKey,
+      config.signFn,
+      config.metadata
+    );
+    const client = new _SmartEngineClient({
+      baseUrl: validatorUrl,
+      authToken: session.token,
+      allowInsecure
+    });
+    return { client, validator, session };
+  }
+  /** Get the current validator URL */
+  getBaseUrl() {
+    return this.baseUrl;
+  }
+  /** Check if client has an auth token */
+  isAuthenticated() {
+    return !!this.http.authToken;
+  }
+  /**
+   * Get HTTP resilience health information
+   * @returns Object with circuit breaker state and last error (if any)
+   */
+  getHttpHealth() {
+    return {
+      breaker: null,
+      lastError: this.lastHttpError
+    };
+  }
+  // ========== Health & Info ==========
+  /** Get health status of the validator */
+  async getHealth() {
+    return this.http.get("/health");
+  }
+  /** Get list of supported chains */
+  async getSupportedChains() {
+    return this.http.get("/chains");
+  }
+  // ========== Account Operations ==========
+  /** Create a new account on the specified chain */
+  async createAccount(request) {
+    const validated = CreateAccountRequestSchema.parse(request);
+    return this.http.post("/accounts", validated);
+  }
+  /** Get account information */
+  async getAccountInfo(chain, accountId) {
+    return this.http.get(`/accounts/${encodePathParam(chain)}/${encodePathParam(accountId)}`);
+  }
+  /** Get account balance */
+  async getBalance(chain, accountId) {
+    return this.http.get(`/accounts/${encodePathParam(chain)}/${encodePathParam(accountId)}/balance`);
+  }
+  // ========== Transaction Operations ==========
+  /** Execute a transfer transaction */
+  async transfer(request) {
+    const validated = TransferRequestSchema.parse(request);
+    return this.http.post("/transfer", validated);
+  }
+  /** Get transaction details */
+  async getTransaction(chain, txId) {
+    return this.http.get(`/transactions/${encodePathParam(chain)}/${encodePathParam(txId)}`);
+  }
+  /** Get transaction receipt */
+  async getTransactionReceipt(chain, txId) {
+    return this.http.get(`/transactions/${encodePathParam(chain)}/${encodePathParam(txId)}/receipt`);
+  }
+  // ========== Token Operations ==========
+  /** Create a new token */
+  async createToken(request) {
+    const validated = CreateTokenRequestSchema.parse(request);
+    return this.http.post("/tokens", validated);
+  }
+  /** Mint tokens */
+  async mintToken(request) {
+    const validated = MintTokenRequestSchema.parse(request);
+    return this.http.post("/tokens/mint", validated);
+  }
+  /** Get token information */
+  async getTokenInfo(chain, tokenId) {
+    return this.http.get(`/tokens/${encodePathParam(chain)}/${encodePathParam(tokenId)}`);
+  }
+  /** Burn tokens to reduce supply */
+  async burnToken(request) {
+    const validated = BurnTokenRequestSchema.parse(request);
+    return this.http.post("/tokens/burn", validated);
+  }
+  /** Pause all token operations globally */
+  async pauseToken(request) {
+    const validated = TokenActionRequestSchema.parse(request);
+    return this.http.post("/tokens/pause", validated);
+  }
+  /** Unpause token operations */
+  async unpauseToken(request) {
+    const validated = TokenActionRequestSchema.parse(request);
+    return this.http.post("/tokens/unpause", validated);
+  }
+  /** Freeze/restrict an account from transacting the token */
+  async restrictAccount(request) {
+    const validated = TokenActionRequestSchema.parse(request);
+    if (!validated.accountId) {
+      throw new SmartEngineError2("accountId is required for restrictAccount", 400);
+    }
+    return this.http.post("/tokens/restrict", validated);
+  }
+  /** Unfreeze an account */
+  async unrestrictAccount(request) {
+    const validated = TokenActionRequestSchema.parse(request);
+    if (!validated.accountId) {
+      throw new SmartEngineError2("accountId is required for unrestrictAccount", 400);
+    }
+    return this.http.post("/tokens/unrestrict", validated);
+  }
+  /** Grant KYC/compliance approval to an account */
+  async enableCompliance(request) {
+    const validated = TokenActionRequestSchema.parse(request);
+    if (!validated.accountId) {
+      throw new SmartEngineError2("accountId is required for enableCompliance", 400);
+    }
+    return this.http.post("/tokens/compliance/enable", validated);
+  }
+  /** Revoke KYC/compliance approval from an account */
+  async disableCompliance(request) {
+    const validated = TokenActionRequestSchema.parse(request);
+    if (!validated.accountId) {
+      throw new SmartEngineError2("accountId is required for disableCompliance", 400);
+    }
+    return this.http.post("/tokens/compliance/disable", validated);
+  }
+  /** Force remove tokens from an account (compliance action) */
+  async wipeFromAccount(request) {
+    const validated = TokenActionRequestSchema.parse(request);
+    if (!validated.accountId) {
+      throw new SmartEngineError2("accountId is required for wipeFromAccount", 400);
+    }
+    if (!validated.amount) {
+      throw new SmartEngineError2("amount is required for wipeFromAccount", 400);
+    }
+    return this.http.post("/tokens/wipe", validated);
+  }
+  // ========== Capabilities Discovery ==========
+  /** Get capability support matrix for all chains */
+  async getAllCapabilities() {
+    return this.http.get("/capabilities");
+  }
+  /** Get capability support for a specific chain */
+  async getChainCapabilities(chain) {
+    return this.http.get(`/capabilities/${encodePathParam(chain)}`);
+  }
+  /** Get comprehensive system status */
+  async getSystemStatus() {
+    return this.http.get("/status");
+  }
+  // ========== Messaging Operations ==========
+  /** Submit a message to consensus */
+  async submitMessage(chain, topicId, message) {
+    if (message.length > 1024 * 1024) {
+      throw new SmartEngineError2("Message too large (max 1MB)", 400);
+    }
+    return this.http.post(`/messages/${encodePathParam(chain)}/${encodePathParam(topicId)}`, {
+      message
+    });
+  }
+  // ========== Cluster Operations ==========
+  /** Get cluster health status */
+  async getClusterHealth() {
+    return this.http.get("/cluster/health");
+  }
+  /** Get cluster status including node details */
+  async getClusterStatus() {
+    return this.http.get("/cluster/status");
+  }
+  // ========== Metrics & Monitoring ==========
+  /** Get Prometheus-format metrics */
+  async getMetrics() {
+    return this.http.get("/metrics");
+  }
+  /** Get queue statistics for monitoring */
+  async getQueueStats() {
+    return this.http.get("/monitoring/queue");
+  }
+  /** Get circuit breaker status for all services */
+  async getCircuitBreakerStatus() {
+    return this.http.get("/monitoring/circuit-breakers");
+  }
+  // ========== Signature Verification ==========
+  /** Verify an arbitrary signature */
+  async verifySignature(request) {
+    return this.http.post("/auth/verify-signature", request);
+  }
+};
+var SmartEngineError2 = class extends Error {
+  constructor(message, statusCode, details) {
+    super(message);
+    this.statusCode = statusCode;
+    this.details = details;
+    this.name = "SmartEngineError";
+  }
+  statusCode;
+  details;
+};
+function validateClientUrl(url, allowInsecure = false) {
+  try {
+    const parsed = new URL(url);
+    if (!["http:", "https:"].includes(parsed.protocol)) {
+      throw new SmartEngineError2(`Invalid protocol: ${parsed.protocol}`, 400);
+    }
+    if (!allowInsecure && parsed.protocol !== "https:") {
+      throw new SmartEngineError2(
+        "HTTPS is required for secure connections. Set allowInsecure=true for local development.",
+        400
+      );
+    }
+    return parsed.origin;
+  } catch (error) {
+    if (error instanceof SmartEngineError2) throw error;
+    throw new SmartEngineError2(`Invalid URL: ${url}`, 400);
+  }
+}
+
+// src/gateway/routing/index.ts
+var RoutingClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /** Register a new host */
+  async registerHost(request) {
+    return this.http.post("/routing/hosts", request);
+  }
+  /** Unregister a host */
+  async unregisterHost(hostId) {
+    return this.http.delete(`/routing/hosts/${encodeURIComponent(hostId)}`);
+  }
+  /** Get all registered hosts */
+  async getAllHosts() {
+    return this.http.get("/routing/hosts");
+  }
+  /** Get only verified hosts */
+  async getVerifiedHosts() {
+    return this.http.get("/routing/hosts/verified");
+  }
+  /** Get a specific host by ID */
+  async getHost(hostId) {
+    return this.http.get(`/routing/hosts/${encodeURIComponent(hostId)}`);
+  }
+  /** Verify a host */
+  async verifyHost(hostId) {
+    return this.http.post(`/routing/hosts/${encodeURIComponent(hostId)}/verify`, {});
+  }
+  /** Set routing configuration for an app */
+  async setRoutingConfig(appId, config) {
+    return this.http.put(`/routing/config/${encodeURIComponent(appId)}`, config);
+  }
+  /** Get routing configuration for an app */
+  async getRoutingConfig(appId) {
+    return this.http.get(`/routing/config/${encodeURIComponent(appId)}`);
+  }
+  /** Proxy a request through the gateway */
+  async proxyRequest(request) {
+    return this.http.post("/routing/proxy", request);
+  }
+  /** Get routing statistics */
+  async getStats() {
+    return this.http.get("/routing/stats");
+  }
+  /** Map a domain to an application */
+  async mapDomainToApp(domain, appId) {
+    return this.http.post(`/routing/domains/${encodeURIComponent(domain)}/map`, { appId });
+  }
+};
+
+// src/gateway/domains/index.ts
+var DomainsClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /** Register a new domain */
+  async register(request) {
+    return this.http.post("/domains", request);
+  }
+  /** Check domain availability */
+  async checkAvailability(domain) {
+    return this.http.get(`/domains/check/${encodeURIComponent(domain)}`);
+  }
+  /** Get domain information */
+  async getInfo(domain) {
+    return this.http.get(`/domains/${encodeURIComponent(domain)}`);
+  }
+  /** List domains, optionally filtered by owner */
+  async list(owner) {
+    const params = owner ? `?owner=${encodeURIComponent(owner)}` : "";
+    return this.http.get(`/domains${params}`);
+  }
+  /** Generate a verification token */
+  async generateVerificationToken(domain, method) {
+    return this.http.post(`/domains/${encodeURIComponent(domain)}/verification`, { method });
+  }
+  /** Verify domain ownership */
+  async verifyOwnership(domain, token) {
+    return this.http.post(`/domains/${encodeURIComponent(domain)}/verify`, { token });
+  }
+  /** Configure DNS records for a domain */
+  async configureDns(domain, records) {
+    return this.http.post(`/domains/${encodeURIComponent(domain)}/dns`, { records });
+  }
+  /** Enable DNSSEC for a domain */
+  async enableDnssec(domain) {
+    return this.http.post(`/domains/${encodeURIComponent(domain)}/dnssec/enable`, {});
+  }
+  /** Disable DNSSEC for a domain */
+  async disableDnssec(domain) {
+    return this.http.post(`/domains/${encodeURIComponent(domain)}/dnssec/disable`, {});
+  }
+  /** Renew a domain */
+  async renew(domain, years) {
+    return this.http.post(`/domains/${encodeURIComponent(domain)}/renew`, { years: years ?? 1 });
+  }
+  /** Initiate a domain transfer */
+  async transfer(domain, request) {
+    return this.http.post(`/domains/${encodeURIComponent(domain)}/transfer`, request);
+  }
+  /** Approve a pending domain transfer */
+  async approveTransfer(domain) {
+    return this.http.post(`/domains/${encodeURIComponent(domain)}/transfer/approve`, {});
+  }
+  /** Reject a pending domain transfer */
+  async rejectTransfer(domain) {
+    return this.http.post(`/domains/${encodeURIComponent(domain)}/transfer/reject`, {});
+  }
+  /** Suspend a domain */
+  async suspend(domain, reason) {
+    return this.http.post(`/domains/${encodeURIComponent(domain)}/suspend`, { reason });
+  }
+  /** Unsuspend a domain */
+  async unsuspend(domain) {
+    return this.http.post(`/domains/${encodeURIComponent(domain)}/unsuspend`, {});
+  }
+};
+
+// src/gateway/dns/index.ts
+var DnsClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /** Resolve a DNS name */
+  async resolve(name, type, dnssec) {
+    const params = new URLSearchParams({ name });
+    if (type) params.set("type", type);
+    if (dnssec !== void 0) params.set("dnssec", String(dnssec));
+    return this.http.get(`/dns/resolve?${params.toString()}`);
+  }
+  /** Batch resolve multiple DNS queries */
+  async resolveBatch(queries) {
+    return this.http.post("/dns/resolve/batch", { queries });
+  }
+  /** List all DNS zones */
+  async listZones() {
+    return this.http.get("/dns/zones");
+  }
+  /** Get a specific zone */
+  async getZone(zoneName) {
+    return this.http.get(`/dns/zones/${encodeURIComponent(zoneName)}`);
+  }
+  /** Create a new DNS zone */
+  async createZone(request) {
+    return this.http.post("/dns/zones", request);
+  }
+  /** Delete a DNS zone */
+  async deleteZone(zoneName) {
+    return this.http.delete(`/dns/zones/${encodeURIComponent(zoneName)}`);
+  }
+  /** Add a record to a zone */
+  async addRecord(zoneName, record) {
+    return this.http.post(`/dns/zones/${encodeURIComponent(zoneName)}/records`, record);
+  }
+  /** Update a record in a zone */
+  async updateRecord(zoneName, recordId, updates) {
+    return this.http.put(
+      `/dns/zones/${encodeURIComponent(zoneName)}/records/${encodeURIComponent(recordId)}`,
+      updates
+    );
+  }
+  /** Delete a record from a zone */
+  async deleteRecord(zoneName, recordId) {
+    return this.http.delete(
+      `/dns/zones/${encodeURIComponent(zoneName)}/records/${encodeURIComponent(recordId)}`
+    );
+  }
+  /** Generate DNSSEC keys for a zone */
+  async generateDnssecKeys(zoneName, algorithm) {
+    return this.http.post(`/dns/zones/${encodeURIComponent(zoneName)}/dnssec/keys`, {
+      algorithm
+    });
+  }
+  /** Get DNSSEC keys for a zone */
+  async getDnssecKeys(zoneName) {
+    return this.http.get(`/dns/zones/${encodeURIComponent(zoneName)}/dnssec/keys`);
+  }
+  /** Get DS record for a zone (for registrar configuration) */
+  async getDsRecord(zoneName) {
+    return this.http.get(`/dns/zones/${encodeURIComponent(zoneName)}/dnssec/ds`);
+  }
+  /** Clear DNS cache */
+  async clearCache() {
+    return this.http.post("/dns/cache/clear", {});
+  }
+};
+
+// src/gateway/client.ts
+var SmartGatewayClient = class {
+  http;
+  /** Host routing and proxy management */
+  routing;
+  /** Domain registration and management */
+  domains;
+  /** DNS resolution and zone management */
+  dns;
+  constructor(config) {
+    const baseUrl = config.baseUrl.replace(/\/+$/, "");
+    this.http = createHttpClient({
+      baseUrl: `${baseUrl}/api/v3`,
+      apiKey: config.apiKey,
+      authToken: config.authToken,
+      timeout: config.timeout
+    });
+    this.routing = new RoutingClient(this.http);
+    this.domains = new DomainsClient(this.http);
+    this.dns = new DnsClient(this.http);
+  }
+  // ========== Health & Metrics ==========
+  /** Get gateway health status */
+  async getHealth() {
+    return this.http.get("/health");
+  }
+  /** Get gateway status with host and domain counts */
+  async getStatus() {
+    return this.http.get("/status");
+  }
+  /** Check gateway readiness */
+  async getReadiness() {
+    return this.http.get("/ready");
+  }
+  /** Check gateway liveness */
+  async getLiveness() {
+    return this.http.get("/live");
+  }
+  /** Get detailed gateway metrics */
+  async getMetrics(refresh) {
+    const params = refresh ? "?refresh=true" : "";
+    return this.http.get(`/metrics${params}`);
+  }
+  /** Get metrics summary */
+  async getMetricsSummary() {
+    return this.http.get("/metrics/summary");
+  }
+};
+
+// src/baas/database/index.ts
+var DatabaseClient = class {
+  constructor(http, getAppId) {
+    this.http = http;
+    this.getAppId = getAppId;
+  }
+  http;
+  getAppId;
+  /**
+   * Insert a document into a collection
+   */
+  async insert(collection, document) {
+    const appId = this.getAppId();
+    return this.http.post(
+      `/api/db/${encodeURIComponent(appId)}/${encodeURIComponent(collection)}`,
+      document
+    );
+  }
+  /**
+   * Find documents in a collection
+   */
+  async find(collection, query, options) {
+    const appId = this.getAppId();
+    const params = new URLSearchParams();
+    if (query && Object.keys(query).length > 0) {
+      params.set("query", JSON.stringify(query));
+    }
+    if (options?.limit !== void 0) params.set("limit", String(options.limit));
+    if (options?.skip !== void 0) params.set("skip", String(options.skip));
+    if (options?.sort) params.set("sort", options.sort);
+    const qs = params.toString();
+    return this.http.get(
+      `/api/db/${encodeURIComponent(appId)}/${encodeURIComponent(collection)}${qs ? `?${qs}` : ""}`
+    );
+  }
+  /**
+   * Update a document in a collection
+   */
+  async update(collection, documentId, updates) {
+    const appId = this.getAppId();
+    return this.http.put(
+      `/api/db/${encodeURIComponent(appId)}/${encodeURIComponent(collection)}/${encodeURIComponent(documentId)}`,
+      updates
+    );
+  }
+  /**
+   * Delete a document from a collection
+   */
+  async delete(collection, documentId) {
+    const appId = this.getAppId();
+    return this.http.delete(
+      `/api/db/${encodeURIComponent(appId)}/${encodeURIComponent(collection)}/${encodeURIComponent(documentId)}`
+    );
+  }
+  /**
+   * List collections for the app
+   */
+  async listCollections() {
+    const appId = this.getAppId();
+    return this.http.get(`/api/db/${encodeURIComponent(appId)}`);
+  }
+  // ========== State Proofs ==========
+  /**
+   * Get the current state root for the app
+   */
+  async getStateRoot() {
+    const appId = this.getAppId();
+    return this.http.get(`/api/db/${encodeURIComponent(appId)}/state/root`);
+  }
+  /**
+   * Get a Merkle proof for a specific document
+   */
+  async getDocumentProof(documentId) {
+    const appId = this.getAppId();
+    return this.http.get(
+      `/api/db/${encodeURIComponent(appId)}/${encodeURIComponent(documentId)}/proof`
+    );
+  }
+  /**
+   * Get state transitions (audit log)
+   */
+  async getStateTransitions(options) {
+    const appId = this.getAppId();
+    const params = new URLSearchParams();
+    if (options?.fromBlock !== void 0) params.set("fromBlock", String(options.fromBlock));
+    if (options?.toBlock !== void 0) params.set("toBlock", String(options.toBlock));
+    if (options?.limit !== void 0) params.set("limit", String(options.limit));
+    const qs = params.toString();
+    return this.http.get(
+      `/api/db/${encodeURIComponent(appId)}/state/transitions${qs ? `?${qs}` : ""}`
+    );
+  }
+  /**
+   * Get database statistics
+   */
+  async getDbStats() {
+    const appId = this.getAppId();
+    return this.http.get(`/api/db/${encodeURIComponent(appId)}/stats`);
+  }
+};
+
+// src/baas/storage/index.ts
+var StorageClient = class {
+  constructor(http, getAppId) {
+    this.http = http;
+    this.getAppId = getAppId;
+  }
+  http;
+  getAppId;
+  /**
+   * Upload a file to storage
+   */
+  async upload(file, filename, metadata) {
+    const appId = this.getAppId();
+    return this.http.upload(`/api/storage/${encodeURIComponent(appId)}/upload`, file, filename, metadata);
+  }
+  /**
+   * Download a file by CID
+   */
+  async download(cid) {
+    return this.http.get(`/api/storage/download/${encodeURIComponent(cid)}`);
+  }
+  /**
+   * Get file metadata
+   */
+  async getMetadata(cid) {
+    return this.http.get(`/api/storage/metadata/${encodeURIComponent(cid)}`);
+  }
+  /**
+   * Delete a file
+   */
+  async delete(cid) {
+    const appId = this.getAppId();
+    return this.http.delete(`/api/storage/${encodeURIComponent(appId)}/${encodeURIComponent(cid)}`);
+  }
+  /**
+   * Get file info
+   */
+  async getFile(cid) {
+    const appId = this.getAppId();
+    return this.http.get(`/api/storage/${encodeURIComponent(appId)}/${encodeURIComponent(cid)}`);
+  }
+  /**
+   * List all files for the app
+   */
+  async listFiles(pagination) {
+    const appId = this.getAppId();
+    const params = new URLSearchParams();
+    if (pagination?.limit !== void 0) params.set("limit", String(pagination.limit));
+    if (pagination?.skip !== void 0) params.set("skip", String(pagination.skip));
+    const qs = params.toString();
+    return this.http.get(`/api/storage/${encodeURIComponent(appId)}/files${qs ? `?${qs}` : ""}`);
+  }
+  /**
+   * Get storage usage for the current app
+   */
+  async getUsage() {
+    return this.http.get("/api/storage/usage");
+  }
+  /**
+   * Check if a file exists
+   */
+  async exists(cid) {
+    return this.http.get(`/api/storage/exists/${encodeURIComponent(cid)}`);
+  }
+};
+
+// src/baas/functions/index.ts
+var FunctionsClient = class {
+  constructor(http, getAppId) {
+    this.http = http;
+    this.getAppId = getAppId;
+  }
+  http;
+  getAppId;
+  /**
+   * Deploy a new function
+   */
+  async deploy(request) {
+    const appId = this.getAppId();
+    return this.http.post(`/api/functions/${encodeURIComponent(appId)}`, request);
+  }
+  /**
+   * Invoke a function
+   */
+  async invoke(functionId, payload) {
+    return this.http.post(`/api/functions/${encodeURIComponent(functionId)}/invoke`, payload ?? {});
+  }
+  /**
+   * List all functions
+   */
+  async list() {
+    return this.http.get("/api/functions");
+  }
+  /**
+   * Get function details
+   */
+  async get(functionId) {
+    return this.http.get(`/api/functions/${encodeURIComponent(functionId)}`);
+  }
+  /**
+   * Update a function
+   */
+  async update(functionId, updates) {
+    return this.http.put(`/api/functions/${encodeURIComponent(functionId)}`, updates);
+  }
+  /**
+   * Delete a function
+   */
+  async delete(functionId) {
+    return this.http.delete(`/api/functions/${encodeURIComponent(functionId)}`);
+  }
+  /**
+   * Get function execution logs
+   */
+  async getLogs(functionId, options) {
+    const params = new URLSearchParams();
+    if (options?.limit !== void 0) params.set("limit", String(options.limit));
+    if (options?.startTime) params.set("startTime", options.startTime);
+    if (options?.level) params.set("level", options.level);
+    const qs = params.toString();
+    return this.http.get(`/api/functions/${encodeURIComponent(functionId)}/logs${qs ? `?${qs}` : ""}`);
+  }
+  /**
+   * Get function statistics for an app
+   */
+  async getStats() {
+    const appId = this.getAppId();
+    return this.http.get(`/api/functions/${encodeURIComponent(appId)}/stats`);
+  }
+};
+
+// src/baas/messaging/index.ts
+var MessagingClient = class {
+  constructor(http, getAppId) {
+    this.http = http;
+    this.getAppId = getAppId;
+  }
+  http;
+  getAppId;
+  /**
+   * Create a new channel
+   */
+  async createChannel(config) {
+    const appId = this.getAppId();
+    return this.http.post(`/api/messaging/${encodeURIComponent(appId)}/channels`, config);
+  }
+  /**
+   * Delete a channel
+   */
+  async deleteChannel(channelId) {
+    const appId = this.getAppId();
+    return this.http.delete(`/api/messaging/${encodeURIComponent(appId)}/channels/${encodeURIComponent(channelId)}`);
+  }
+  /**
+   * Get a channel by ID
+   */
+  async getChannel(channelId) {
+    const appId = this.getAppId();
+    return this.http.get(`/api/messaging/${encodeURIComponent(appId)}/channels/${encodeURIComponent(channelId)}`);
+  }
+  /**
+   * List all channels for the app
+   */
+  async listChannels() {
+    const appId = this.getAppId();
+    return this.http.get(`/api/messaging/${encodeURIComponent(appId)}/channels`);
+  }
+  /**
+   * Publish a message to a channel
+   */
+  async publish(channel, message, metadata) {
+    const appId = this.getAppId();
+    return this.http.post(
+      `/api/messaging/${encodeURIComponent(appId)}/channels/${encodeURIComponent(channel)}/publish`,
+      { data: message, metadata }
+    );
+  }
+  /**
+   * Get message history for a channel
+   */
+  async getHistory(channel, options) {
+    const appId = this.getAppId();
+    const params = new URLSearchParams();
+    if (options?.limit !== void 0) params.set("limit", String(options.limit));
+    if (options?.before) params.set("before", options.before);
+    if (options?.after) params.set("after", options.after);
+    const qs = params.toString();
+    return this.http.get(
+      `/api/messaging/${encodeURIComponent(appId)}/channels/${encodeURIComponent(channel)}/history${qs ? `?${qs}` : ""}`
+    );
+  }
+  /**
+   * Set presence for a member
+   */
+  async setPresence(member) {
+    const appId = this.getAppId();
+    return this.http.post(`/api/messaging/${encodeURIComponent(appId)}/presence`, member);
+  }
+  /**
+   * Remove presence for a member
+   */
+  async removePresence(memberId) {
+    const appId = this.getAppId();
+    return this.http.delete(`/api/messaging/${encodeURIComponent(appId)}/presence/${encodeURIComponent(memberId)}`);
+  }
+  /**
+   * Get presence info for a channel
+   */
+  async getPresence(channel) {
+    const appId = this.getAppId();
+    return this.http.get(`/api/messaging/${encodeURIComponent(appId)}/presence/${encodeURIComponent(channel)}`);
+  }
+  /**
+   * Get messaging statistics
+   */
+  async getStats() {
+    const appId = this.getAppId();
+    return this.http.get(`/api/messaging/${encodeURIComponent(appId)}/stats`);
+  }
+};
+
+// src/baas/deployment/index.ts
+var DeploymentClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /**
+   * Create (deploy) a new app
+   */
+  async create(request) {
+    return this.http.post("/api/deployment/apps", request);
+  }
+  /**
+   * List all deployed apps
+   */
+  async list() {
+    return this.http.get("/api/deployment/apps");
+  }
+  /**
+   * Get app details
+   */
+  async get(appId) {
+    return this.http.get(`/api/deployment/apps/${encodeURIComponent(appId)}`);
+  }
+  /**
+   * Update app configuration
+   */
+  async update(appId, updates) {
+    return this.http.put(`/api/deployment/apps/${encodeURIComponent(appId)}`, updates);
+  }
+  /**
+   * Delete an app
+   */
+  async delete(appId) {
+    return this.http.delete(`/api/deployment/apps/${encodeURIComponent(appId)}`);
+  }
+  /**
+   * Suspend an app
+   */
+  async suspend(appId) {
+    return this.http.post(`/api/deployment/apps/${encodeURIComponent(appId)}/suspend`, {});
+  }
+  /**
+   * Resume a suspended app
+   */
+  async resume(appId) {
+    return this.http.post(`/api/deployment/apps/${encodeURIComponent(appId)}/resume`, {});
+  }
+  /**
+   * Get deployment statistics
+   */
+  async getStats() {
+    return this.http.get("/api/deployment/stats");
+  }
+};
+
+// src/baas/agents/index.ts
+var AgentsClient = class {
+  constructor(http) {
+    this.http = http;
+  }
+  http;
+  /** Register a new agent */
+  async register(request) {
+    return this.http.post("/api/agents/register", request);
+  }
+  /** Get agent details */
+  async get(agentId) {
+    return this.http.get(`/api/agents/${encodeURIComponent(agentId)}`);
+  }
+  /** List all agents */
+  async list() {
+    return this.http.get("/api/agents");
+  }
+  /** Fund an agent */
+  async fund(agentId, request) {
+    return this.http.post(`/api/agents/${encodeURIComponent(agentId)}/fund`, request);
+  }
+  /** Execute a trade */
+  async trade(agentId, request) {
+    return this.http.post(`/api/agents/${encodeURIComponent(agentId)}/trade`, request);
+  }
+  /** Withdraw funds from agent */
+  async withdraw(agentId, request) {
+    return this.http.post(`/api/agents/${encodeURIComponent(agentId)}/withdraw`, request);
+  }
+  /** Pause an agent */
+  async pause(agentId) {
+    return this.http.post(`/api/agents/${encodeURIComponent(agentId)}/pause`, {});
+  }
+  /** Resume a paused agent */
+  async resume(agentId) {
+    return this.http.post(`/api/agents/${encodeURIComponent(agentId)}/resume`, {});
+  }
+  /** Revoke an agent (permanent) */
+  async revoke(agentId) {
+    return this.http.post(`/api/agents/${encodeURIComponent(agentId)}/revoke`, {});
+  }
+  /** Update agent rules */
+  async updateRules(agentId, rules) {
+    return this.http.put(`/api/agents/${encodeURIComponent(agentId)}/rules`, rules);
+  }
+  /** Get agent events */
+  async getEvents(agentId) {
+    return this.http.get(`/api/agents/${encodeURIComponent(agentId)}/events`);
+  }
+  /** Get agent balances across chains */
+  async getBalances(agentId) {
+    return this.http.get(`/api/agents/${encodeURIComponent(agentId)}/balances`);
+  }
+  /** Approve a pending agent operation */
+  async approve(agentId, operationId) {
+    return this.http.post(`/api/agents/${encodeURIComponent(agentId)}/approve/${encodeURIComponent(operationId)}`, {});
+  }
+  /** Reject a pending agent operation */
+  async reject(agentId, operationId) {
+    return this.http.post(`/api/agents/${encodeURIComponent(agentId)}/reject/${encodeURIComponent(operationId)}`, {});
+  }
+};
+
+// src/baas/client.ts
+var BaasClient = class {
+  hostUrl;
+  pathPrefix;
+  appId;
+  timeout;
+  allowInsecure;
+  authToken = null;
+  http;
+  /** Last HTTP error (for getHttpHealth) */
+  lastHttpError;
+  // ========== Sub-Clients ==========
+  /** Trustless database with state proofs and Merkle verification */
+  db;
+  /** Decentralized file storage */
+  storage;
+  /** Serverless function deployment and invocation */
+  functions;
+  /** Real-time pub/sub messaging with channels, history, and presence */
+  messaging;
+  /** App deployment lifecycle management */
+  deployment;
+  /** Autonomous smart agent management */
+  agents;
+  constructor(config) {
+    this.allowInsecure = config.allowInsecure ?? false;
+    this.hostUrl = validateUrl2(config.hostUrl, this.allowInsecure);
+    this.appId = config.appId;
+    this.timeout = config.timeout ?? 3e4;
+    const prefix = (config.pathPrefix ?? "").replace(/\/$/, "");
+    this.pathPrefix = prefix ? prefix.startsWith("/") ? prefix : `/${prefix}` : "";
+    const baseUrlWithPrefix = this.pathPrefix ? this.hostUrl.replace(/\/$/, "") + this.pathPrefix : this.hostUrl;
+    this.http = createHttpClient({
+      baseUrl: baseUrlWithPrefix,
+      timeout: this.timeout
+    });
+    const getAppId = () => this.requireAppId();
+    this.db = new DatabaseClient(this.http, getAppId);
+    this.storage = new StorageClient(this.http, getAppId);
+    this.functions = new FunctionsClient(this.http, getAppId);
+    this.messaging = new MessagingClient(this.http, getAppId);
+    this.deployment = new DeploymentClient(this.http);
+    this.agents = new AgentsClient(this.http);
+  }
+  /** Set the app ID (for newly registered apps) */
+  setAppId(appId) {
+    this.appId = appId;
+  }
+  /** Check if the client is authenticated */
+  isAuthenticated() {
+    return this.authToken !== null;
+  }
+  /** Get the current app ID */
+  getAppId() {
+    return this.appId;
+  }
+  /**
+   * Get HTTP resilience health information
+   * @returns Object with circuit breaker state and last error (if any)
+   */
+  getHttpHealth() {
+    return {
+      breaker: null,
+      lastError: this.lastHttpError
+    };
+  }
+  requireAppId() {
+    if (!this.appId) {
+      throw new BaasError(
+        "App ID required. Either provide appId in config or call register() first.",
+        400
+      );
+    }
+    return this.appId;
+  }
+  // ========== Authentication ==========
+  /**
+   * Authenticate with the BaaS host using wallet challenge-response
+   *
+   * 1. Requests a challenge message from the host
+   * 2. Signs the challenge with the provided signing function
+   * 3. Submits the signature for verification
+   * 4. Stores the JWT token for subsequent requests
+   */
+  async authenticate(options) {
+    const { chain, walletAddress, publicKey, signFn } = options;
+    const challenge = await this.post("/api/auth/challenge", {
+      chain,
+      walletAddress,
+      appId: this.appId
+    });
+    const signature = await signFn(challenge.message);
+    const result = await this.post("/api/auth/verify", {
+      challengeId: challenge.challengeId,
+      signature,
+      publicKey
+    });
+    this.authToken = result.token;
+    this.http.setAuthToken?.(result.token);
+    return result;
+  }
+  /** Validate the current session */
+  async validateSession() {
+    this.requireAuth();
+    return this.get("/api/auth/session");
+  }
+  /** Destroy the current session on server and clear local token */
+  async logout() {
+    if (this.authToken) {
+      try {
+        await this.post("/api/auth/logout", {});
+      } catch {
+      }
+    }
+    this.authToken = null;
+  }
+  // ========== App Registration ==========
+  /** Register a new app on the BaaS host */
+  async register(request) {
+    this.requireAuth();
+    return this.post("/api/deployment/apps", request);
+  }
+  // ========== HTTP Helpers ==========
+  requireAuth() {
+    if (!this.authToken) {
+      throw new BaasError("Authentication required. Call authenticate() first.", 401);
+    }
+  }
+  getHeaders() {
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.authToken) {
+      headers["Authorization"] = `Bearer ${this.authToken}`;
+    }
+    return headers;
+  }
+  async post(path, body) {
+    return this.request("POST", path, body);
+  }
+  async get(path) {
+    return this.request("GET", path);
+  }
+  async request(method, path, body) {
+    const url = `${this.hostUrl}${this.pathPrefix}${path}`;
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    try {
+      const options = {
+        method,
+        headers: this.getHeaders(),
+        signal: controller.signal
+      };
+      if (body !== void 0) {
+        options.body = JSON.stringify(body);
+      }
+      const response = await fetch(url, options);
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        const errorData = await response.json().catch(() => ({}));
+        throw new BaasError(
+          errorData.message || `API error: ${response.status} ${response.statusText}`,
+          response.status,
+          errorData
+        );
+      }
+      const text = await response.text();
+      if (!text) return void 0;
+      return JSON.parse(text);
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error instanceof BaasError) throw error;
+      const err = error;
+      if (err.name === "AbortError") {
+        throw new BaasError("Request timeout", 408);
+      }
+      throw new BaasError(`Network error: ${err.message}`, 0, { originalError: err.message });
+    }
+  }
+};
+var BaasError = class extends Error {
+  constructor(message, statusCode, details) {
+    super(message);
+    this.statusCode = statusCode;
+    this.details = details;
+    this.name = "BaasError";
+  }
+  statusCode;
+  details;
+};
+function validateUrl2(url, allowInsecure = false) {
+  try {
+    const parsed = new URL(url);
+    if (!["http:", "https:"].includes(parsed.protocol)) {
+      throw new BaasError(`Invalid protocol: ${parsed.protocol}`, 400);
+    }
+    if (!allowInsecure && parsed.protocol !== "https:") {
+      throw new BaasError(
+        "HTTPS is required for secure connections. Set allowInsecure=true for local development.",
+        400
+      );
+    }
+    return parsed.origin;
+  } catch (error) {
+    if (error instanceof BaasError) throw error;
+    throw new BaasError(`Invalid URL: ${url}`, 400);
+  }
+}
+
+// src/nestjs/smart-engine.service.ts
+var SMART_ENGINE_CONFIG = "SMART_ENGINE_CONFIG";
+exports.SmartEngineService = class SmartEngineService {
+  constructor(config) {
+    this.config = config;
+  }
+  config;
+  logger = new common.Logger(exports.SmartEngineService.name);
+  client = null;
+  baasClient = null;
+  connected = false;
+  reconnectTimer = null;
+  reconnectAttempts = 0;
+  /**
+   * Initialize the service when the module starts
+   */
+  async onModuleInit() {
+    if (!this.config) {
+      this.logger.warn(
+        "SmartEngineService initialized without configuration. Call configure() before using."
+      );
+      return;
+    }
+    await this.initialize(this.config);
+  }
+  /**
+   * Clean up resources when the module is destroyed
+   */
+  async onModuleDestroy() {
+    await this.shutdown();
+  }
+  /**
+   * Initialize the service with configuration
+   *
+   * Can be called manually if not using DI configuration
+   */
+  async initialize(config) {
+    this.logger.log(`Initializing SmartEngineService for ${config.baseUrl}`);
+    try {
+      this.client = new SmartEngineClient({
+        baseUrl: config.baseUrl,
+        apiKey: config.apiKey,
+        authToken: config.authToken,
+        timeout: config.timeout,
+        allowInsecure: config.allowInsecure
+      });
+      this.baasClient = this.createBaasClient(this.client);
+      if (config.testConnection !== false) {
+        await this.testConnection();
+      }
+      this.connected = true;
+      this.reconnectAttempts = 0;
+      this.logger.log("SmartEngineService initialized successfully");
+    } catch (error) {
+      const err = error;
+      this.logger.error(`Failed to initialize SmartEngineService: ${err.message}`);
+      if (config.autoReconnect) {
+        this.scheduleReconnect(config);
+      } else {
+        throw error;
+      }
+    }
+  }
+  /**
+   * Gracefully shutdown the service
+   */
+  async shutdown() {
+    this.logger.log("Shutting down SmartEngineService");
+    if (this.reconnectTimer) {
+      clearTimeout(this.reconnectTimer);
+      this.reconnectTimer = null;
+    }
+    this.client = null;
+    this.baasClient = null;
+    this.connected = false;
+    this.logger.log("SmartEngineService shutdown complete");
+  }
+  /**
+   * Get the SmartEngineClient instance
+   *
+   * @throws SmartEngineError if client is not initialized
+   */
+  getClient() {
+    if (!this.client) {
+      throw new SmartEngineError2(
+        "SmartEngineClient not initialized. Ensure SmartEngineService is configured properly.",
+        500
+      );
+    }
+    return this.client;
+  }
+  /**
+   * Get the BaaS client for simplified blockchain access
+   *
+   * The BaaS client provides a simplified interface for applications
+   * that need managed blockchain infrastructure access.
+   *
+   * @throws SmartEngineError if client is not initialized
+   */
+  getBaasClient() {
+    if (!this.baasClient) {
+      throw new SmartEngineError2(
+        "BaasClient not initialized. Ensure SmartEngineService is configured properly.",
+        500
+      );
+    }
+    return this.baasClient;
+  }
+  /**
+   * Check if the service is connected and healthy
+   */
+  isConnected() {
+    return this.connected;
+  }
+  /**
+   * Test the connection to the validator
+   */
+  async testConnection() {
+    if (!this.client) {
+      return false;
+    }
+    try {
+      const health = await this.client.getHealth();
+      this.connected = health.status === "healthy" || health.status === "ok";
+      return this.connected;
+    } catch (error) {
+      const err = error;
+      this.logger.warn(`Connection test failed: ${err.message}`);
+      this.connected = false;
+      return false;
+    }
+  }
+  /**
+   * Get the current connection status
+   */
+  getStatus() {
+    return {
+      connected: this.connected,
+      baseUrl: this.client?.getBaseUrl() ?? null,
+      authenticated: this.client?.isAuthenticated() ?? false,
+      reconnectAttempts: this.reconnectAttempts
+    };
+  }
+  /**
+   * Create a SmartGatewayClient for gateway operations
+   */
+  createGatewayClient(config) {
+    return new SmartGatewayClient(config);
+  }
+  /**
+   * Create a BaaS client for host operations
+   */
+  createHostClient(config) {
+    return new BaasClient(config);
+  }
+  /**
+   * Create a BaaS client wrapper around the SmartEngineClient
+   */
+  createBaasClient(client) {
+    return {
+      client,
+      isHealthy: async () => {
+        try {
+          const health = await client.getHealth();
+          return health.status === "healthy" || health.status === "ok";
+        } catch {
+          return false;
+        }
+      },
+      getBaseUrl: () => client.getBaseUrl()
+    };
+  }
+  /**
+   * Schedule a reconnection attempt
+   */
+  scheduleReconnect(config) {
+    const maxAttempts = config.maxReconnectAttempts ?? 0;
+    const interval = config.reconnectInterval ?? 5e3;
+    if (maxAttempts > 0 && this.reconnectAttempts >= maxAttempts) {
+      this.logger.error(`Max reconnection attempts (${maxAttempts}) reached. Giving up.`);
+      return;
+    }
+    this.reconnectAttempts++;
+    this.logger.log(`Scheduling reconnection attempt ${this.reconnectAttempts} in ${interval}ms`);
+    this.reconnectTimer = setTimeout(async () => {
+      try {
+        await this.initialize(config);
+      } catch {
+      }
+    }, interval);
+  }
+};
+exports.SmartEngineService = __decorateClass([
+  common.Injectable(),
+  __decorateParam(0, common.Optional()),
+  __decorateParam(0, common.Inject(SMART_ENGINE_CONFIG))
+], exports.SmartEngineService);
+
+// src/nestjs/smart-engine.module.ts
+exports.SmartEngineModule = class SmartEngineModule {
+  /**
+   * Configure the module with static configuration
+   *
+   * @param config - SmartEngine service configuration
+   * @param isGlobal - Whether to make the module global (default: true)
+   */
+  static forRoot(config, isGlobal = true) {
+    return {
+      module: exports.SmartEngineModule,
+      global: isGlobal,
+      providers: [
+        {
+          provide: SMART_ENGINE_CONFIG,
+          useValue: config
+        },
+        exports.SmartEngineService
+      ],
+      exports: [exports.SmartEngineService]
+    };
+  }
+  /**
+   * Configure the module with async configuration
+   *
+   * Supports factory functions, configuration classes, and existing providers.
+   *
+   * @param options - Async configuration options
+   */
+  static forRootAsync(options) {
+    const asyncProviders = this.createAsyncProviders(options);
+    return {
+      module: exports.SmartEngineModule,
+      global: options.isGlobal ?? true,
+      imports: options.imports || [],
+      providers: [...asyncProviders, exports.SmartEngineService],
+      exports: [exports.SmartEngineService]
+    };
+  }
+  /**
+   * Create async providers based on configuration options
+   */
+  static createAsyncProviders(options) {
+    if (options.useFactory) {
+      return [
+        {
+          provide: SMART_ENGINE_CONFIG,
+          useFactory: options.useFactory,
+          inject: options.inject || []
+        }
+      ];
+    }
+    if (options.useClass) {
+      return [
+        {
+          provide: options.useClass,
+          useClass: options.useClass
+        },
+        {
+          provide: SMART_ENGINE_CONFIG,
+          useFactory: async (optionsFactory) => optionsFactory.createSmartEngineOptions(),
+          inject: [options.useClass]
+        }
+      ];
+    }
+    if (options.useExisting) {
+      return [
+        {
+          provide: SMART_ENGINE_CONFIG,
+          useFactory: async (optionsFactory) => optionsFactory.createSmartEngineOptions(),
+          inject: [options.useExisting]
+        }
+      ];
+    }
+    throw new Error(
+      "Invalid SmartEngineModuleAsyncOptions: must provide useFactory, useClass, or useExisting"
+    );
+  }
+};
+exports.SmartEngineModule = __decorateClass([
+  common.Module({})
+], exports.SmartEngineModule);
+
+exports.SMART_ENGINE_CONFIG = SMART_ENGINE_CONFIG;
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map