@kasflow/passkey-wallet 0.1.0

package/dist/index.js

@@ -0,0 +1,1845 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  Address: () => import_kaspa_wasm2.Address,
+  DEFAULT_NETWORK: () => DEFAULT_NETWORK,
+  DEFAULT_PRIORITY_FEE_SOMPI: () => DEFAULT_PRIORITY_FEE_SOMPI,
+  ERROR_MESSAGES: () => ERROR_MESSAGES,
+  Generator: () => import_kaspa_wasm6.Generator,
+  KaspaRpc: () => KaspaRpc,
+  MIN_FEE_SOMPI: () => MIN_FEE_SOMPI,
+  NETWORK_ID: () => NETWORK_ID,
+  NetworkType: () => import_kaspa_wasm2.NetworkType,
+  PasskeyWallet: () => PasskeyWallet,
+  PendingTransaction: () => import_kaspa_wasm6.PendingTransaction,
+  PrivateKey: () => import_kaspa_wasm2.PrivateKey,
+  PublicKey: () => import_kaspa_wasm2.PublicKey,
+  Resolver: () => import_kaspa_wasm6.Resolver,
+  RpcClient: () => import_kaspa_wasm6.RpcClient,
+  SOMPI_PER_KAS: () => SOMPI_PER_KAS,
+  Transaction: () => import_kaspa_wasm6.Transaction,
+  UtxoContext: () => import_kaspa_wasm6.UtxoContext,
+  UtxoEntryReference: () => import_kaspa_wasm6.UtxoEntryReference,
+  UtxoProcessor: () => import_kaspa_wasm6.UtxoProcessor,
+  authenticateWithChallenge: () => authenticateWithChallenge,
+  buildTransactions: () => buildTransactions,
+  computeTransactionHash: () => computeTransactionHash,
+  createGenerator: () => createGenerator,
+  createLogger: () => createLogger,
+  createPrivateKey: () => createPrivateKey,
+  deriveKaspaKeysFromPasskey: () => deriveKaspaKeysFromPasskey,
+  estimateFee: () => estimateFee,
+  extractPublicKeyFromAttestation: () => extractPublicKeyFromAttestation,
+  formatKas: () => formatKas,
+  generatePrivateKey: () => generatePrivateKey,
+  getAddressFromPrivateKey: () => getAddressFromPrivateKey,
+  getDefaultRpc: () => getDefaultRpc,
+  getNetworkFromAddress: () => getNetworkFromAddress,
+  getNetworkIdString: () => getNetworkIdString,
+  getNetworkType: () => getNetworkType,
+  getPublicKeyHex: () => getPublicKeyHex,
+  hexToUint8Array: () => hexToUint8Array,
+  initDebugMode: () => initDebugMode,
+  isValidAddress: () => isValidAddress,
+  isValidPrivateKey: () => isValidPrivateKey,
+  isWebAuthnSupported: () => isWebAuthnSupported,
+  kasStringToSompi: () => kasStringToSompi,
+  kasToSompi: () => kasToSompi,
+  parseAddress: () => parseAddress,
+  parseKas: () => parseKas,
+  publicKeyToAddress: () => publicKeyToAddress,
+  resetDefaultRpc: () => resetDefaultRpc,
+  sendTransaction: () => sendTransaction,
+  signMessageWithKey: () => signMessageWithKey,
+  signTransaction: () => signTransaction,
+  signTransactions: () => signTransactions,
+  sompiToKas: () => sompiToKas,
+  sompiToKasString: () => sompiToKasString,
+  sompiToKasStringWithSuffix: () => sompiToKasStringWithSuffix,
+  submitTransactions: () => submitTransactions,
+  uint8ArrayToHex: () => uint8ArrayToHex,
+  verifyDeterminism: () => verifyDeterminism
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/constants.ts
+var WEBAUTHN_RP_NAME = "KasFlow";
+var WEBAUTHN_RP_ID = typeof window !== "undefined" ? window.location.hostname : "localhost";
+var WEBAUTHN_TIMEOUT_MS = 6e4;
+var WEBAUTHN_PUB_KEY_CRED_PARAMS = [
+  { alg: -7, type: "public-key" },
+  // ES256 (recommended)
+  { alg: -257, type: "public-key" }
+  // RS256 (fallback)
+];
+var WEBAUTHN_USER_VERIFICATION = "required";
+var WEBAUTHN_AUTHENTICATOR_ATTACHMENT = "platform";
+var IDB_DATABASE_NAME = "kasflow-wallet";
+var IDB_STORE_NAME = "keystore";
+var STORAGE_KEY_CREDENTIAL_ID = "credential-id";
+var STORAGE_KEY_METADATA = "wallet-metadata";
+var NETWORK_ID = {
+  MAINNET: "mainnet",
+  TESTNET_10: "testnet-10",
+  TESTNET_11: "testnet-11"
+};
+var DEFAULT_NETWORK = NETWORK_ID.TESTNET_10;
+var RPC_TIMEOUT_MS = 3e4;
+var DEFAULT_PRIORITY_FEE_SOMPI = 100000n;
+var SOMPI_PER_KAS = 100000000n;
+var MIN_FEE_SOMPI = 1000n;
+var ERROR_MESSAGES = {
+  WALLET_NOT_FOUND: "No wallet found. Please create a wallet first.",
+  WALLET_ALREADY_EXISTS: "A wallet already exists. Delete it before creating a new one.",
+  PASSKEY_REGISTRATION_FAILED: "Failed to register passkey. Please try again.",
+  PASSKEY_AUTHENTICATION_FAILED: "Failed to authenticate with passkey. Please try again.",
+  INVALID_ADDRESS: "Invalid Kaspa address format.",
+  INSUFFICIENT_BALANCE: "Insufficient balance for this transaction.",
+  WEBAUTHN_NOT_SUPPORTED: "WebAuthn is not supported in this browser.",
+  USER_CANCELLED: "Operation was cancelled by the user.",
+  WASM_NOT_INITIALIZED: "Kaspa WASM module not initialized. Call initKaspa() first.",
+  RPC_NOT_CONNECTED: "Not connected to Kaspa network. Call connect() first.",
+  RPC_CONNECTION_FAILED: "Failed to connect to Kaspa network.",
+  TRANSACTION_FAILED: "Transaction failed to submit.",
+  INVALID_AMOUNT: "Invalid transaction amount."
+};
+
+// src/crypto.ts
+var generateRandomBytes = (length) => {
+  return crypto.getRandomValues(new Uint8Array(length));
+};
+var uint8ArrayToBase64 = (bytes) => {
+  const binary = String.fromCharCode(...bytes);
+  return btoa(binary);
+};
+var base64ToUint8Array = (base64) => {
+  const binary = atob(base64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+};
+var base64urlToUint8Array = (base64url) => {
+  let base64 = base64url.replace(/-/g, "+").replace(/_/g, "/");
+  while (base64.length % 4 !== 0) {
+    base64 += "=";
+  }
+  return base64ToUint8Array(base64);
+};
+var uint8ArrayToHex = (bytes) => {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+};
+var hexToUint8Array = (hex) => {
+  const matches = hex.match(/.{1,2}/g);
+  if (!matches) {
+    throw new Error("Invalid hex string");
+  }
+  return new Uint8Array(matches.map((byte) => parseInt(byte, 16)));
+};
+
+// src/deterministic-keys.ts
+var import_sha256 = require("@noble/hashes/sha256");
+var import_utils = require("@noble/hashes/utils");
+
+// src/logger.ts
+var DEBUG_ENABLED = typeof process !== "undefined" ? process.env.NODE_ENV === "development" : true;
+var Logger = class {
+  module;
+  constructor(module2) {
+    this.module = module2;
+  }
+  formatMessage(level, ...args) {
+    return [`[${this.module}] ${level}:`, ...args];
+  }
+  /**
+   * Log info message
+   */
+  info(...args) {
+    console.log(...this.formatMessage("INFO", ...args));
+  }
+  /**
+   * Log warning message
+   */
+  warn(...args) {
+    console.warn(...this.formatMessage("WARN", ...args));
+  }
+  /**
+   * Log error message
+   */
+  error(...args) {
+    console.error(...this.formatMessage("ERROR", ...args));
+  }
+  /**
+   * Log debug message (only in development)
+   */
+  debug(...args) {
+    if (DEBUG_ENABLED) {
+      console.log(...this.formatMessage("DEBUG", ...args));
+    }
+  }
+};
+function createLogger(module2) {
+  return new Logger(module2);
+}
+
+// src/deterministic-keys.ts
+var logger = createLogger("DeterministicKeys");
+function deriveKaspaKeysFromPasskey(passkeyPublicKey) {
+  logger.info("[DeterministicKeys] Deriving Kaspa keys from passkey public key");
+  if (passkeyPublicKey.length !== 65) {
+    throw new Error(`Invalid passkey public key length: ${passkeyPublicKey.length} (expected 65)`);
+  }
+  if (passkeyPublicKey[0] !== 4) {
+    throw new Error(`Invalid passkey public key prefix: 0x${passkeyPublicKey[0].toString(16)} (expected 0x04)`);
+  }
+  const seed = (0, import_sha256.sha256)(passkeyPublicKey);
+  logger.info("[DeterministicKeys] Seed derived:", {
+    seedLength: seed.length,
+    seedHex: (0, import_utils.bytesToHex)(seed).substring(0, 16) + "..."
+    // Log first 8 bytes only
+  });
+  const privateKeyHex = (0, import_utils.bytesToHex)(seed);
+  logger.info("[DeterministicKeys] Kaspa private key derived successfully");
+  return {
+    privateKeyHex,
+    seed
+  };
+}
+function verifyDeterminism(passkeyPublicKey, expectedPrivateKeyHex) {
+  try {
+    const { privateKeyHex } = deriveKaspaKeysFromPasskey(passkeyPublicKey);
+    return privateKeyHex === expectedPrivateKeyHex;
+  } catch {
+    return false;
+  }
+}
+
+// src/kaspa.ts
+var import_kaspa_wasm2 = require("@onekeyfe/kaspa-wasm");
+var import_kaspa_address = require("@kluster/kaspa-address");
+
+// src/wasm-init.ts
+var import_kaspa_wasm = __toESM(require("@onekeyfe/kaspa-wasm"));
+var wasmInitialized = false;
+var initPromise = null;
+async function ensureWasmInitialized() {
+  if (wasmInitialized) {
+    return;
+  }
+  if (initPromise) {
+    return initPromise;
+  }
+  initPromise = (async () => {
+    try {
+      if (typeof WebAssembly === "undefined") {
+        throw new Error(
+          "WebAssembly is not supported in this browser. Please use a modern browser (Chrome 57+, Firefox 52+, Safari 11+, Edge 16+)"
+        );
+      }
+      console.log("[WASM] Initializing Kaspa WASM module...");
+      await (0, import_kaspa_wasm.default)();
+      if (process.env.NODE_ENV !== "production") {
+        try {
+          (0, import_kaspa_wasm.initConsolePanicHook)();
+          console.log("[WASM] Console panic hook enabled for better error messages");
+        } catch (error) {
+          console.warn("[WASM] Failed to initialize console panic hook:", error);
+        }
+      }
+      wasmInitialized = true;
+      console.log("[WASM] Kaspa WASM module initialized successfully");
+    } catch (error) {
+      initPromise = null;
+      wasmInitialized = false;
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      console.error("[WASM] Initialization failed:", errorMessage);
+      throw new Error(`WASM initialization failed: ${errorMessage}`);
+    }
+  })();
+  return initPromise;
+}
+
+// src/kaspa.ts
+var getNetworkType = (network) => {
+  switch (network) {
+    case NETWORK_ID.MAINNET:
+      return "mainnet";
+    case NETWORK_ID.TESTNET_10:
+      return "testnet-10";
+    case NETWORK_ID.TESTNET_11:
+      return "testnet-11";
+    default:
+      return "testnet-11";
+  }
+};
+var getNetworkIdString = (network) => getNetworkType(network);
+var generatePrivateKey = () => {
+  const randomBytes = generateRandomBytes(32);
+  return uint8ArrayToHex(randomBytes);
+};
+var createPrivateKey = async (privateKeyHex) => {
+  await ensureWasmInitialized();
+  return new import_kaspa_wasm2.PrivateKey(privateKeyHex);
+};
+var getPublicKeyHex = async (privateKeyHex) => {
+  await ensureWasmInitialized();
+  const privateKey = new import_kaspa_wasm2.PrivateKey(privateKeyHex);
+  return privateKey.toPublicKey().toString();
+};
+var getAddressFromPrivateKey = async (privateKeyHex, network) => {
+  await ensureWasmInitialized();
+  const privateKey = new import_kaspa_wasm2.PrivateKey(privateKeyHex);
+  const networkType = getNetworkType(network);
+  return privateKey.toAddress(networkType).toString();
+};
+var isValidPrivateKey = async (privateKeyHex) => {
+  await ensureWasmInitialized();
+  try {
+    new import_kaspa_wasm2.PrivateKey(privateKeyHex);
+    return true;
+  } catch {
+    return false;
+  }
+};
+var publicKeyToAddress = async (publicKeyHex, network) => {
+  await ensureWasmInitialized();
+  const networkType = getNetworkType(network);
+  const address = (0, import_kaspa_wasm2.createAddress)(publicKeyHex, networkType);
+  return address.toString();
+};
+var isValidAddress = (address) => {
+  try {
+    import_kaspa_address.KaspaAddress.fromString(address);
+    return true;
+  } catch {
+    return false;
+  }
+};
+var parseAddress = (address) => {
+  const parsed = import_kaspa_address.KaspaAddress.fromString(address);
+  return {
+    prefix: parsed.prefix,
+    version: parsed.version,
+    payload: parsed.payload
+  };
+};
+var getNetworkFromAddress = (address) => {
+  const parsed = import_kaspa_address.KaspaAddress.fromString(address);
+  switch (parsed.prefix) {
+    case import_kaspa_address.KaspaPrefix.MAINNET:
+      return NETWORK_ID.MAINNET;
+    case import_kaspa_address.KaspaPrefix.TESTNET:
+      return NETWORK_ID.TESTNET_11;
+    default:
+      return NETWORK_ID.TESTNET_11;
+  }
+};
+var signMessageWithKey = async (message, privateKeyHex) => {
+  await ensureWasmInitialized();
+  const privateKey = new import_kaspa_wasm2.PrivateKey(privateKeyHex);
+  return (0, import_kaspa_wasm2.signMessage)({
+    message,
+    privateKey
+  });
+};
+var signTransaction = async (transaction, privateKeys, verifySig = true) => {
+  await ensureWasmInitialized();
+  const keys = privateKeys.map((k) => typeof k === "string" ? new import_kaspa_wasm2.PrivateKey(k) : k);
+  return (0, import_kaspa_wasm2.signTransaction)(transaction, keys, verifySig);
+};
+var kasStringToSompi = (kasString) => {
+  const result = (0, import_kaspa_wasm2.kaspaToSompi)(kasString);
+  if (result === void 0) {
+    throw new Error(ERROR_MESSAGES.INVALID_AMOUNT);
+  }
+  return result;
+};
+var sompiToKasString = (sompi) => {
+  return (0, import_kaspa_wasm2.sompiToKaspaString)(sompi);
+};
+var sompiToKasStringWithSuffix = (sompi, network) => {
+  return (0, import_kaspa_wasm2.sompiToKaspaStringWithSuffix)(sompi, getNetworkType(network));
+};
+var sompiToKas = (sompi) => {
+  return Number(sompi) / Number(SOMPI_PER_KAS);
+};
+var kasToSompi = (kas) => {
+  return BigInt(Math.floor(kas * Number(SOMPI_PER_KAS)));
+};
+var formatKas = (sompi, decimals = 8) => {
+  const kas = sompiToKas(sompi);
+  return kas.toFixed(decimals).replace(/\.?0+$/, "");
+};
+var parseKas = kasStringToSompi;
+var computeTransactionHash = (tx) => {
+  const txId = tx.id;
+  if (!txId || typeof txId !== "string") {
+    throw new Error("Invalid transaction: missing transaction ID");
+  }
+  const hashBytes = hexToUint8Array(txId);
+  if (hashBytes.length !== 32) {
+    throw new Error(`Invalid transaction hash length: expected 32 bytes, got ${hashBytes.length}`);
+  }
+  return hashBytes;
+};
+
+// src/webauthn.ts
+var import_browser = require("@simplewebauthn/browser");
+
+// src/cose-parser.ts
+var import_cbor_x = require("cbor-x");
+var logger2 = createLogger("COSEParser");
+function extractPublicKeyFromAttestation(attestationObjectBase64) {
+  logger2.info("[COSEParser] Extracting public key from attestation object");
+  try {
+    const attestationBuffer = base64urlToUint8Array(attestationObjectBase64);
+    logger2.info("[COSEParser] Attestation buffer length:", attestationBuffer.length);
+    const attestation = (0, import_cbor_x.decode)(attestationBuffer);
+    logger2.info("[COSEParser] Attestation decoded:", {
+      fmt: attestation.fmt,
+      authDataLength: attestation.authData?.length
+    });
+    if (!attestation.authData) {
+      throw new Error("Attestation object missing authData");
+    }
+    const publicKey = parseAuthenticatorData(attestation.authData);
+    logger2.info("[COSEParser] Public key extracted:", {
+      length: publicKey.length,
+      prefix: publicKey[0]
+    });
+    return publicKey;
+  } catch (error) {
+    logger2.error("[COSEParser] Failed to extract public key:", error);
+    if (error instanceof Error) {
+      throw new Error(`Failed to extract public key: ${error.message}`);
+    }
+    throw new Error("Failed to extract public key from attestation object");
+  }
+}
+function parseAuthenticatorData(authData) {
+  logger2.info("[COSEParser] Parsing authenticator data:", {
+    length: authData.length
+  });
+  if (authData.length < 37) {
+    throw new Error(`Authenticator data too short: ${authData.length} bytes`);
+  }
+  const flags = authData[32];
+  const attestedCredentialDataIncluded = (flags & 64) !== 0;
+  logger2.info("[COSEParser] Flags:", {
+    raw: flags.toString(2).padStart(8, "0"),
+    attestedCredentialData: attestedCredentialDataIncluded
+  });
+  if (!attestedCredentialDataIncluded) {
+    throw new Error("Attested credential data not included in authenticator data");
+  }
+  let offset = 37;
+  let publicKeyOffset = 0;
+  let credIdLength = 0;
+  if (authData.length >= 55) {
+    offset = 53;
+    const view = new DataView(authData.buffer, authData.byteOffset + offset, 2);
+    credIdLength = view.getUint16(0, false);
+    logger2.info("[COSEParser] Attempting parse WITH AAGUID - Credential ID length:", credIdLength);
+    if (credIdLength > 0 && credIdLength <= 1024) {
+      publicKeyOffset = 55 + credIdLength;
+      if (authData.length > publicKeyOffset) {
+        logger2.info("[COSEParser] Successfully parsed with AAGUID");
+      } else {
+        logger2.info("[COSEParser] AAGUID parse failed, trying without AAGUID");
+        offset = 37;
+      }
+    } else {
+      logger2.info("[COSEParser] Unreasonable cred ID length with AAGUID, trying without");
+      offset = 37;
+    }
+  }
+  if (offset === 37) {
+    if (authData.length < 39) {
+      throw new Error("Authenticator data too short for credential ID length");
+    }
+    const view = new DataView(authData.buffer, authData.byteOffset + offset, 2);
+    credIdLength = view.getUint16(0, false);
+    logger2.info("[COSEParser] Attempting parse WITHOUT AAGUID - Credential ID length:", credIdLength);
+    if (credIdLength > 1024) {
+      throw new Error(`Credential ID length too large: ${credIdLength} bytes`);
+    }
+    publicKeyOffset = 39 + credIdLength;
+  }
+  logger2.info("[COSEParser] Offset calculation:", {
+    authDataLength: authData.length,
+    credIdLength,
+    publicKeyOffset,
+    remainingBytes: authData.length - publicKeyOffset
+  });
+  if (authData.length <= publicKeyOffset) {
+    throw new Error(
+      `Authenticator data missing COSE public key (authData length: ${authData.length}, expected offset: ${publicKeyOffset})`
+    );
+  }
+  const coseKey = authData.slice(publicKeyOffset);
+  logger2.info("[COSEParser] COSE key length:", coseKey.length);
+  return parseCOSEPublicKey(coseKey);
+}
+function parseCOSEPublicKey(coseKey) {
+  logger2.info("[COSEParser] Parsing COSE public key");
+  try {
+    const key = (0, import_cbor_x.decode)(coseKey);
+    logger2.info("[COSEParser] COSE key decoded:", {
+      kty: key[1],
+      alg: key[3],
+      crv: key[-1],
+      hasX: !!key[-2],
+      hasY: !!key[-3]
+    });
+    const x = key[-2];
+    const y = key[-3];
+    if (!x || !y) {
+      throw new Error("COSE key missing x or y coordinate");
+    }
+    if (x.length !== 32 || y.length !== 32) {
+      throw new Error(`Invalid coordinate length: x=${x.length}, y=${y.length}`);
+    }
+    const publicKey = new Uint8Array(65);
+    publicKey[0] = 4;
+    publicKey.set(x, 1);
+    publicKey.set(y, 33);
+    logger2.info("[COSEParser] Public key constructed successfully");
+    return publicKey;
+  } catch (error) {
+    logger2.error("[COSEParser] Failed to parse COSE key:", error);
+    if (error instanceof Error) {
+      throw new Error(`Failed to parse COSE public key: ${error.message}`);
+    }
+    throw new Error("Failed to parse COSE public key");
+  }
+}
+
+// src/webauthn.ts
+var logger3 = createLogger("WebAuthn");
+var isWebAuthnSupported = () => {
+  return (0, import_browser.browserSupportsWebAuthn)();
+};
+var registerPasskey = async (walletName) => {
+  logger3.info("[WebAuthn] registerPasskey() called with name:", walletName);
+  if (!isWebAuthnSupported()) {
+    logger3.error("[WebAuthn] WebAuthn not supported");
+    return {
+      success: false,
+      error: ERROR_MESSAGES.WEBAUTHN_NOT_SUPPORTED
+    };
+  }
+  try {
+    logger3.info("[WebAuthn] Generating challenge...");
+    const challenge = generateRandomBytes(32);
+    const challengeBase64 = uint8ArrayToBase64(challenge);
+    const userId = generateRandomBytes(32);
+    const userIdBase64 = uint8ArrayToBase64(userId);
+    const registrationOptions = {
+      challenge: challengeBase64,
+      rp: {
+        name: WEBAUTHN_RP_NAME,
+        id: WEBAUTHN_RP_ID
+      },
+      user: {
+        id: userIdBase64,
+        name: walletName,
+        displayName: walletName
+      },
+      pubKeyCredParams: WEBAUTHN_PUB_KEY_CRED_PARAMS,
+      timeout: WEBAUTHN_TIMEOUT_MS,
+      authenticatorSelection: {
+        authenticatorAttachment: WEBAUTHN_AUTHENTICATOR_ATTACHMENT,
+        userVerification: WEBAUTHN_USER_VERIFICATION,
+        residentKey: "required",
+        requireResidentKey: true
+      },
+      attestation: "none"
+    };
+    logger3.info("[WebAuthn] Registration options:", {
+      rpName: registrationOptions.rp.name,
+      rpId: registrationOptions.rp.id,
+      userName: registrationOptions.user.name,
+      timeout: registrationOptions.timeout
+    });
+    logger3.info("[WebAuthn] Starting WebAuthn registration ceremony...");
+    const credential = await (0, import_browser.startRegistration)({ optionsJSON: registrationOptions });
+    logger3.info("[WebAuthn] Registration ceremony completed, credential received:", {
+      id: credential.id,
+      type: credential.type,
+      hasPublicKey: !!credential.response.publicKey,
+      hasAttestationObject: !!credential.response.attestationObject,
+      rawId: credential.rawId
+    });
+    const publicKeyBytes = credential.response.publicKey ? credential.response.publicKey : "";
+    logger3.info("[WebAuthn] Extracting passkey public key from attestation object...");
+    let passkeyPublicKey;
+    try {
+      passkeyPublicKey = extractPublicKeyFromAttestation(credential.response.attestationObject);
+      logger3.info("[WebAuthn] Passkey public key extracted successfully:", {
+        length: passkeyPublicKey.length,
+        prefix: passkeyPublicKey[0]
+        // Should be 0x04 for uncompressed
+      });
+    } catch (error) {
+      logger3.error("[WebAuthn] Failed to extract passkey public key:", error);
+    }
+    const storedCredential = {
+      id: credential.id,
+      rawId: base64urlToUint8Array(credential.rawId),
+      publicKey: publicKeyBytes,
+      counter: 0,
+      transports: credential.response.transports
+    };
+    logger3.info("[WebAuthn] Passkey registered successfully");
+    return {
+      success: true,
+      credential: storedCredential,
+      userId,
+      // Included for WebAuthn spec compliance (not used for key derivation)
+      passkeyPublicKey
+      // Used for deterministic key derivation
+    };
+  } catch (error) {
+    logger3.error("[WebAuthn] Registration failed with error:", error);
+    if (error instanceof Error && error.name === "NotAllowedError") {
+      logger3.warn("[WebAuthn] User cancelled the registration");
+      return {
+        success: false,
+        error: ERROR_MESSAGES.USER_CANCELLED
+      };
+    }
+    if (error instanceof Error) {
+      logger3.error("[WebAuthn] Error details:", {
+        name: error.name,
+        message: error.message,
+        stack: error.stack
+      });
+    }
+    return {
+      success: false,
+      error: ERROR_MESSAGES.PASSKEY_REGISTRATION_FAILED
+    };
+  }
+};
+var authenticateWithPasskey = async (credentialId) => {
+  logger3.info("[WebAuthn] authenticateWithPasskey() called with credentialId:", credentialId);
+  if (!isWebAuthnSupported()) {
+    logger3.error("[WebAuthn] WebAuthn not supported");
+    return {
+      success: false,
+      error: ERROR_MESSAGES.WEBAUTHN_NOT_SUPPORTED
+    };
+  }
+  try {
+    logger3.info("[WebAuthn] Generating challenge for authentication...");
+    const challenge = generateRandomBytes(32);
+    const challengeBase64 = uint8ArrayToBase64(challenge);
+    const allowCredentials = credentialId ? [
+      {
+        id: credentialId,
+        type: "public-key"
+      }
+    ] : void 0;
+    const authenticationOptions = {
+      challenge: challengeBase64,
+      rpId: WEBAUTHN_RP_ID,
+      timeout: WEBAUTHN_TIMEOUT_MS,
+      userVerification: WEBAUTHN_USER_VERIFICATION,
+      allowCredentials
+    };
+    logger3.info("[WebAuthn] Authentication options:", {
+      rpId: authenticationOptions.rpId,
+      timeout: authenticationOptions.timeout,
+      hasAllowedCredentials: !!allowCredentials
+    });
+    logger3.info("[WebAuthn] Starting WebAuthn authentication ceremony...");
+    const assertion = await (0, import_browser.startAuthentication)({ optionsJSON: authenticationOptions });
+    logger3.info("[WebAuthn] Authentication ceremony completed, assertion received");
+    const authenticatorData = base64urlToUint8Array(assertion.response.authenticatorData);
+    const clientDataJSON = base64urlToUint8Array(assertion.response.clientDataJSON);
+    const signature = base64urlToUint8Array(assertion.response.signature);
+    logger3.info("[WebAuthn] Authentication successful");
+    return {
+      success: true,
+      authenticatorData,
+      clientDataJSON,
+      signature
+    };
+  } catch (error) {
+    logger3.error("[WebAuthn] Authentication failed with error:", error);
+    if (error instanceof Error && error.name === "NotAllowedError") {
+      logger3.warn("[WebAuthn] User cancelled the authentication");
+      return {
+        success: false,
+        error: ERROR_MESSAGES.USER_CANCELLED
+      };
+    }
+    if (error instanceof Error) {
+      logger3.error("[WebAuthn] Error details:", {
+        name: error.name,
+        message: error.message,
+        stack: error.stack
+      });
+    }
+    return {
+      success: false,
+      error: ERROR_MESSAGES.PASSKEY_AUTHENTICATION_FAILED
+    };
+  }
+};
+var authenticateWithChallenge = async (credentialId, challenge) => {
+  logger3.info("[WebAuthn] authenticateWithChallenge() called");
+  logger3.info("[WebAuthn] Challenge length:", challenge.length, "bytes");
+  if (!isWebAuthnSupported()) {
+    logger3.error("[WebAuthn] WebAuthn not supported");
+    return {
+      success: false,
+      error: ERROR_MESSAGES.WEBAUTHN_NOT_SUPPORTED
+    };
+  }
+  if (!credentialId) {
+    logger3.error("[WebAuthn] No credential ID provided");
+    return {
+      success: false,
+      error: "Credential ID is required for authentication"
+    };
+  }
+  try {
+    const challengeBase64 = uint8ArrayToBase64(challenge);
+    const authenticationOptions = {
+      challenge: challengeBase64,
+      rpId: WEBAUTHN_RP_ID,
+      timeout: WEBAUTHN_TIMEOUT_MS,
+      userVerification: WEBAUTHN_USER_VERIFICATION,
+      allowCredentials: [
+        {
+          id: credentialId,
+          type: "public-key"
+        }
+      ]
+    };
+    logger3.info("[WebAuthn] Authentication options with custom challenge:", {
+      rpId: authenticationOptions.rpId,
+      timeout: authenticationOptions.timeout,
+      challengePreview: challengeBase64.substring(0, 16) + "..."
+    });
+    logger3.info("[WebAuthn] Starting WebAuthn authentication ceremony with custom challenge...");
+    const assertion = await (0, import_browser.startAuthentication)({ optionsJSON: authenticationOptions });
+    logger3.info("[WebAuthn] Authentication ceremony completed, assertion received");
+    const authenticatorData = base64urlToUint8Array(assertion.response.authenticatorData);
+    const clientDataJSON = base64urlToUint8Array(assertion.response.clientDataJSON);
+    const signature = base64urlToUint8Array(assertion.response.signature);
+    logger3.info("[WebAuthn] Authentication with custom challenge successful");
+    return {
+      success: true,
+      authenticatorData,
+      clientDataJSON,
+      signature
+    };
+  } catch (error) {
+    logger3.error("[WebAuthn] Authentication with custom challenge failed:", error);
+    if (error instanceof Error && error.name === "NotAllowedError") {
+      logger3.warn("[WebAuthn] User cancelled the authentication");
+      return {
+        success: false,
+        error: ERROR_MESSAGES.USER_CANCELLED
+      };
+    }
+    if (error instanceof Error) {
+      logger3.error("[WebAuthn] Error details:", {
+        name: error.name,
+        message: error.message,
+        stack: error.stack
+      });
+    }
+    return {
+      success: false,
+      error: ERROR_MESSAGES.PASSKEY_AUTHENTICATION_FAILED
+    };
+  }
+};
+
+// src/keystore.ts
+var import_idb_keyval = require("idb-keyval");
+var customStore = null;
+var getStore = () => {
+  if (!customStore) {
+    customStore = (0, import_idb_keyval.createStore)(IDB_DATABASE_NAME, IDB_STORE_NAME);
+  }
+  return customStore;
+};
+var hasStoredWallet = async () => {
+  try {
+    const metadata = await (0, import_idb_keyval.get)(STORAGE_KEY_METADATA, getStore());
+    return metadata !== void 0;
+  } catch {
+    return false;
+  }
+};
+var storeWalletMetadata = async (metadata) => {
+  await (0, import_idb_keyval.set)(STORAGE_KEY_METADATA, metadata, getStore());
+};
+var getWalletMetadata = async () => {
+  try {
+    const data = await (0, import_idb_keyval.get)(STORAGE_KEY_METADATA, getStore());
+    return data ?? null;
+  } catch {
+    return null;
+  }
+};
+var deleteWalletMetadata = async () => {
+  await (0, import_idb_keyval.del)(STORAGE_KEY_METADATA, getStore());
+};
+var storeCredentialId = async (credentialId) => {
+  await (0, import_idb_keyval.set)(STORAGE_KEY_CREDENTIAL_ID, credentialId, getStore());
+};
+var getCredentialId = async () => {
+  try {
+    const id = await (0, import_idb_keyval.get)(STORAGE_KEY_CREDENTIAL_ID, getStore());
+    return id ?? null;
+  } catch {
+    return null;
+  }
+};
+var deleteCredentialId = async () => {
+  await (0, import_idb_keyval.del)(STORAGE_KEY_CREDENTIAL_ID, getStore());
+};
+var clearAllData = async () => {
+  await Promise.all([
+    deleteWalletMetadata(),
+    deleteCredentialId()
+  ]);
+};
+
+// src/rpc.ts
+var import_kaspa_wasm3 = require("@onekeyfe/kaspa-wasm");
+var KaspaRpc = class {
+  rpc = null;
+  network = null;
+  eventHandlers = {};
+  /**
+   * Check if connected to the network
+   */
+  get isConnected() {
+    return this.rpc !== null;
+  }
+  /**
+   * Get the current network
+   */
+  get currentNetwork() {
+    return this.network;
+  }
+  /**
+   * Get the underlying RpcClient instance
+   * Only use for advanced operations
+   */
+  get client() {
+    return this.rpc;
+  }
+  /**
+   * Set event handlers for connection events
+   */
+  setEventHandlers(handlers) {
+    this.eventHandlers = { ...this.eventHandlers, ...handlers };
+  }
+  /**
+   * Connect to the Kaspa network
+   *
+   * @param options - Connection options
+   * @throws Error if connection fails
+   */
+  async connect(options) {
+    await ensureWasmInitialized();
+    const { network, url, timeout = RPC_TIMEOUT_MS } = options;
+    const networkType = getNetworkType(network);
+    if (this.rpc) {
+      await this.disconnect();
+    }
+    try {
+      if (url) {
+        this.rpc = new import_kaspa_wasm3.RpcClient({
+          url,
+          networkId: networkType
+        });
+      } else {
+        this.rpc = new import_kaspa_wasm3.RpcClient({
+          resolver: new import_kaspa_wasm3.Resolver(),
+          networkId: networkType
+        });
+      }
+      this.rpc.addEventListener("connect", (event) => {
+        this.eventHandlers.onConnect?.(event?.url || "unknown");
+      });
+      this.rpc.addEventListener("disconnect", () => {
+        this.eventHandlers.onDisconnect?.();
+      });
+      await Promise.race([
+        this.rpc.connect(),
+        new Promise(
+          (_, reject) => setTimeout(() => reject(new Error("Connection timeout")), timeout)
+        )
+      ]);
+      this.network = network;
+    } catch (error) {
+      this.rpc = null;
+      this.network = null;
+      const message = error instanceof Error ? error.message : String(error);
+      this.eventHandlers.onError?.(message);
+      throw new Error(`${ERROR_MESSAGES.RPC_CONNECTION_FAILED}: ${message}`);
+    }
+  }
+  /**
+   * Disconnect from the network
+   */
+  async disconnect() {
+    if (this.rpc) {
+      try {
+        await this.rpc.disconnect();
+      } catch {
+      }
+      this.rpc = null;
+      this.network = null;
+    }
+  }
+  /**
+   * Ensure RPC is connected, throw if not
+   */
+  ensureConnected() {
+    if (!this.rpc) {
+      throw new Error(ERROR_MESSAGES.RPC_NOT_CONNECTED);
+    }
+    return this.rpc;
+  }
+  /**
+   * Get balance for an address
+   *
+   * @param address - Kaspa address
+   * @returns Balance info with available, pending, and total amounts
+   */
+  async getBalance(address) {
+    const rpc = this.ensureConnected();
+    const response = await rpc.getBalanceByAddress({ address });
+    const available = response.balance;
+    return {
+      available,
+      pending: 0n,
+      total: available
+    };
+  }
+  /**
+   * Get UTXOs for an address
+   *
+   * @param address - Kaspa address
+   * @returns Array of UTXO entries
+   */
+  async getUtxos(address) {
+    const rpc = this.ensureConnected();
+    const response = await rpc.getUtxosByAddresses({ addresses: [address] });
+    return response.entries;
+  }
+  /**
+   * Get UTXOs for multiple addresses
+   *
+   * @param addresses - Array of Kaspa addresses
+   * @returns Array of UTXO entries
+   */
+  async getUtxosForAddresses(addresses) {
+    const rpc = this.ensureConnected();
+    const response = await rpc.getUtxosByAddresses({ addresses });
+    return response.entries;
+  }
+  /**
+   * Submit a signed transaction to the network
+   *
+   * @param transaction - Signed transaction object
+   * @param allowOrphan - Allow orphan transactions (default: false)
+   * @returns Transaction ID
+   */
+  async submitTransaction(transaction, allowOrphan = false) {
+    const rpc = this.ensureConnected();
+    const response = await rpc.submitTransaction({
+      transaction,
+      allowOrphan
+    });
+    return response.transactionId;
+  }
+  /**
+   * Get the current block count
+   */
+  async getBlockCount() {
+    const rpc = this.ensureConnected();
+    const response = await rpc.getBlockCount();
+    return response.blockCount;
+  }
+  /**
+   * Get network info (DAG info)
+   */
+  async getNetworkInfo() {
+    const rpc = this.ensureConnected();
+    const response = await rpc.getBlockDagInfo();
+    return {
+      network: response.network,
+      blockCount: response.blockCount,
+      headerCount: response.headerCount,
+      tipHashes: response.tipHashes,
+      difficulty: response.difficulty,
+      pastMedianTime: response.pastMedianTime,
+      virtualParentHashes: response.virtualParentHashes,
+      pruningPointHash: response.pruningPointHash,
+      virtualDaaScore: response.virtualDaaScore,
+      sink: response.sink
+    };
+  }
+  /**
+   * Get the current server info
+   */
+  async getServerInfo() {
+    const rpc = this.ensureConnected();
+    const response = await rpc.getServerInfo();
+    return {
+      serverVersion: response.serverVersion,
+      rpcApiVersion: response.rpcApiVersion,
+      isSynced: response.isSynced,
+      hasUtxoIndex: response.hasUtxoIndex
+    };
+  }
+};
+var defaultRpcInstance = null;
+var getDefaultRpc = () => {
+  if (!defaultRpcInstance) {
+    defaultRpcInstance = new KaspaRpc();
+  }
+  return defaultRpcInstance;
+};
+var resetDefaultRpc = async () => {
+  if (defaultRpcInstance) {
+    await defaultRpcInstance.disconnect();
+    defaultRpcInstance = null;
+  }
+};
+
+// src/transaction.ts
+var import_kaspa_wasm4 = require("@onekeyfe/kaspa-wasm");
+var import_kaspa_wasm5 = require("@onekeyfe/kaspa-wasm");
+var buildTransactions = async (utxos, outputs, changeAddress, priorityFee = DEFAULT_PRIORITY_FEE_SOMPI, network) => {
+  await ensureWasmInitialized();
+  const settings = {
+    outputs,
+    changeAddress,
+    priorityFee,
+    entries: utxos,
+    networkId: getNetworkType(network)
+  };
+  const result = await (0, import_kaspa_wasm4.createTransactions)(settings);
+  return {
+    transactions: result.transactions,
+    summary: {
+      transactionCount: result.summary.transactions,
+      fees: result.summary.fees,
+      utxoCount: result.summary.utxos,
+      finalAmount: result.summary.finalAmount
+    }
+  };
+};
+var estimateFee = async (utxos, outputs, changeAddress, priorityFee = DEFAULT_PRIORITY_FEE_SOMPI, network) => {
+  await ensureWasmInitialized();
+  const settings = {
+    outputs,
+    changeAddress,
+    priorityFee,
+    entries: utxos,
+    networkId: getNetworkType(network)
+  };
+  const summary = await (0, import_kaspa_wasm4.estimateTransactions)(settings);
+  return {
+    transactionCount: summary.transactions,
+    fees: summary.fees,
+    utxoCount: summary.utxos,
+    finalAmount: summary.finalAmount ?? 0n
+  };
+};
+var signTransactions = async (transactions, privateKeyHex) => {
+  await ensureWasmInitialized();
+  const privateKey = await createPrivateKey(privateKeyHex);
+  for (const tx of transactions) {
+    tx.sign([privateKey]);
+  }
+  return transactions;
+};
+var submitTransactions = async (transactions, rpc) => {
+  if (!rpc.client) {
+    throw new Error(ERROR_MESSAGES.RPC_NOT_CONNECTED);
+  }
+  const transactionIds = [];
+  for (const tx of transactions) {
+    const txId = await tx.submit(rpc.client);
+    transactionIds.push(txId);
+  }
+  return transactionIds;
+};
+var sendTransaction = async (options, utxos, changeAddress, privateKeyHex, rpc, network) => {
+  await ensureWasmInitialized();
+  const { to, amount, priorityFee = DEFAULT_PRIORITY_FEE_SOMPI } = options;
+  if (!rpc.isConnected) {
+    throw new Error(ERROR_MESSAGES.RPC_NOT_CONNECTED);
+  }
+  const outputs = [{ address: to, amount }];
+  const { transactions, summary } = await buildTransactions(
+    utxos,
+    outputs,
+    changeAddress,
+    priorityFee,
+    network
+  );
+  if (transactions.length === 0) {
+    throw new Error(ERROR_MESSAGES.TRANSACTION_FAILED);
+  }
+  const signedTransactions = await signTransactions(transactions, privateKeyHex);
+  const transactionIds = await submitTransactions(signedTransactions, rpc);
+  return {
+    transactionId: transactionIds[0],
+    amount,
+    fee: summary.fees
+  };
+};
+var createGenerator = async (settings) => {
+  await ensureWasmInitialized();
+  return new import_kaspa_wasm4.Generator(settings);
+};
+
+// src/wallet.ts
+var logger4 = createLogger("PasskeyWallet");
+var PasskeyWallet = class _PasskeyWallet {
+  privateKeyHex;
+  publicKeyHex;
+  address;
+  network;
+  eventHandlers = /* @__PURE__ */ new Set();
+  rpc;
+  credentialId = null;
+  passkeyPublicKey = null;
+  constructor(privateKeyHex, publicKeyHex, address, network, credentialId, passkeyPublicKey) {
+    this.privateKeyHex = privateKeyHex;
+    this.publicKeyHex = publicKeyHex;
+    this.address = address;
+    this.network = network;
+    this.credentialId = credentialId ?? null;
+    this.passkeyPublicKey = passkeyPublicKey ?? null;
+    this.rpc = new KaspaRpc();
+    this.rpc.setEventHandlers({
+      onConnect: (url) => {
+        logger4.info(`Connected to Kaspa network: ${url}`);
+      },
+      onDisconnect: () => {
+        logger4.info("Disconnected from Kaspa network");
+      },
+      onError: (error) => {
+        logger4.error("RPC error:", error);
+      }
+    });
+  }
+  // ===========================================================================
+  // Static Factory Methods
+  // ===========================================================================
+  /**
+   * Check if WebAuthn/passkeys are supported in the current browser
+   */
+  static isSupported() {
+    return isWebAuthnSupported();
+  }
+  /**
+   * Check if a wallet already exists in storage
+   */
+  static async exists() {
+    return hasStoredWallet();
+  }
+  /**
+   * Create a new passkey-protected wallet
+   *
+   * @param options - Configuration options
+   * @returns Result containing the wallet instance or error
+   */
+  static async create(options = {}) {
+    logger4.info("create() called with options:", options);
+    const { name = "KasFlow Wallet", network = DEFAULT_NETWORK } = options;
+    logger4.debug("Checking if wallet already exists...");
+    if (await hasStoredWallet()) {
+      logger4.warn("Wallet already exists in storage");
+      return {
+        success: false,
+        error: ERROR_MESSAGES.WALLET_ALREADY_EXISTS
+      };
+    }
+    logger4.debug("Checking WebAuthn support...");
+    if (!isWebAuthnSupported()) {
+      logger4.error("WebAuthn not supported");
+      return {
+        success: false,
+        error: ERROR_MESSAGES.WEBAUTHN_NOT_SUPPORTED
+      };
+    }
+    logger4.debug("WebAuthn is supported");
+    logger4.info("Starting passkey registration...");
+    const registration = await registerPasskey(name);
+    logger4.debug("Registration result:", {
+      success: registration.success,
+      hasCredential: !!registration.credential,
+      hasPasskeyPublicKey: !!registration.passkeyPublicKey,
+      error: registration.error
+    });
+    if (!registration.success || !registration.credential || !registration.passkeyPublicKey) {
+      logger4.error("Passkey registration failed:", registration.error);
+      return {
+        success: false,
+        error: registration.error ?? ERROR_MESSAGES.PASSKEY_REGISTRATION_FAILED
+      };
+    }
+    logger4.info("Deriving Kaspa keys from passkey public key...");
+    const { privateKeyHex } = deriveKaspaKeysFromPasskey(registration.passkeyPublicKey);
+    logger4.debug("Getting public key...");
+    const publicKeyHex = await getPublicKeyHex(privateKeyHex);
+    logger4.info("Generating addresses for all networks...");
+    const addresses = {
+      [NETWORK_ID.MAINNET]: await getAddressFromPrivateKey(privateKeyHex, NETWORK_ID.MAINNET),
+      [NETWORK_ID.TESTNET_10]: await getAddressFromPrivateKey(privateKeyHex, NETWORK_ID.TESTNET_10),
+      [NETWORK_ID.TESTNET_11]: await getAddressFromPrivateKey(privateKeyHex, NETWORK_ID.TESTNET_11)
+    };
+    const address = addresses[network];
+    logger4.info("Wallet created for all networks:", {
+      primaryNetwork: network,
+      mainnetAddress: addresses[NETWORK_ID.MAINNET],
+      testnet10Address: addresses[NETWORK_ID.TESTNET_10],
+      testnet11Address: addresses[NETWORK_ID.TESTNET_11],
+      publicKeyPrefix: publicKeyHex.substring(0, 10) + "..."
+    });
+    const passkeyPublicKeyBase64 = uint8ArrayToBase64(registration.passkeyPublicKey);
+    logger4.debug("Storing wallet metadata...");
+    await storeWalletMetadata({
+      passkeyPublicKey: passkeyPublicKeyBase64,
+      addresses,
+      primaryNetwork: network,
+      createdAt: Date.now(),
+      // Backward compatibility fields
+      address,
+      network
+    });
+    await storeCredentialId(registration.credential.id);
+    logger4.debug("Wallet metadata stored successfully");
+    logger4.debug("Creating wallet instance...");
+    const wallet = new _PasskeyWallet(
+      privateKeyHex,
+      publicKeyHex,
+      address,
+      network,
+      registration.credential.id,
+      registration.passkeyPublicKey
+    );
+    wallet.emit({ type: "connected", address });
+    logger4.info("Wallet created successfully!");
+    return {
+      success: true,
+      data: wallet
+    };
+  }
+  /**
+   * Unlock an existing wallet using passkey authentication
+   *
+   * @param options - Configuration options
+   * @returns Result containing the wallet instance or error
+   */
+  static async unlock(options = {}) {
+    logger4.info("unlock() called with options:", options);
+    logger4.debug("Checking if wallet exists in storage...");
+    if (!await hasStoredWallet()) {
+      logger4.error("No wallet found in storage");
+      return {
+        success: false,
+        error: ERROR_MESSAGES.WALLET_NOT_FOUND
+      };
+    }
+    logger4.debug("Wallet exists in storage");
+    logger4.debug("Getting stored credential ID and wallet metadata...");
+    const credentialId = await getCredentialId();
+    const metadata = await getWalletMetadata();
+    logger4.debug("Stored credential ID:", credentialId);
+    logger4.debug("Wallet metadata:", metadata ? "found" : "not found");
+    if (!metadata || !metadata.passkeyPublicKey) {
+      logger4.error("No passkey public key found in metadata");
+      return {
+        success: false,
+        error: ERROR_MESSAGES.WALLET_NOT_FOUND
+      };
+    }
+    logger4.info("Authenticating with passkey...");
+    const auth = await authenticateWithPasskey(credentialId ?? void 0);
+    logger4.debug("Authentication result:", {
+      success: auth.success,
+      error: auth.error
+    });
+    if (!auth.success) {
+      logger4.error("Passkey authentication failed:", auth.error);
+      return {
+        success: false,
+        error: auth.error ?? ERROR_MESSAGES.PASSKEY_AUTHENTICATION_FAILED
+      };
+    }
+    logger4.info("Deriving keys from passkey public key...");
+    const passkeyPublicKey = base64ToUint8Array(metadata.passkeyPublicKey);
+    const { privateKeyHex } = deriveKaspaKeysFromPasskey(passkeyPublicKey);
+    const publicKeyHex = await getPublicKeyHex(privateKeyHex);
+    let currentMetadata = metadata;
+    if (!metadata.addresses && metadata.address && metadata.network) {
+      logger4.info("Migrating wallet to multi-network format...");
+      const addresses = {
+        [NETWORK_ID.MAINNET]: await getAddressFromPrivateKey(privateKeyHex, NETWORK_ID.MAINNET),
+        [NETWORK_ID.TESTNET_10]: await getAddressFromPrivateKey(privateKeyHex, NETWORK_ID.TESTNET_10),
+        [NETWORK_ID.TESTNET_11]: await getAddressFromPrivateKey(privateKeyHex, NETWORK_ID.TESTNET_11)
+      };
+      if (addresses[metadata.network] !== metadata.address) {
+        logger4.error("Migration validation failed", {
+          expectedAddress: metadata.address,
+          derivedAddress: addresses[metadata.network],
+          network: metadata.network
+        });
+        return {
+          success: false,
+          error: "Failed to migrate wallet to multi-network format"
+        };
+      }
+      currentMetadata = {
+        passkeyPublicKey: metadata.passkeyPublicKey,
+        addresses,
+        primaryNetwork: metadata.network,
+        createdAt: metadata.createdAt,
+        // Keep old fields for rollback safety
+        address: metadata.address,
+        network: metadata.network
+      };
+      await storeWalletMetadata(currentMetadata);
+      logger4.info("Migration complete - wallet now supports all networks");
+    }
+    const network = options.network ?? currentMetadata.primaryNetwork ?? currentMetadata.network ?? NETWORK_ID.TESTNET_10;
+    const address = await getAddressFromPrivateKey(privateKeyHex, network);
+    const expectedAddress = currentMetadata.addresses ? currentMetadata.addresses[network] : currentMetadata.address;
+    if (address !== expectedAddress) {
+      logger4.error("Derived address mismatch for network", {
+        network,
+        expected: expectedAddress,
+        derived: address
+      });
+      return {
+        success: false,
+        error: "Failed to derive correct wallet address for network"
+      };
+    }
+    logger4.debug("Keys derived successfully, address verified for network:", network);
+    const wallet = new _PasskeyWallet(
+      privateKeyHex,
+      publicKeyHex,
+      address,
+      network,
+      credentialId ?? void 0,
+      passkeyPublicKey
+    );
+    wallet.emit({ type: "connected", address });
+    logger4.info("Wallet unlocked successfully!");
+    return {
+      success: true,
+      data: wallet
+    };
+  }
+  /**
+   * Delete the wallet from storage
+   * This is irreversible - make sure user has backed up their keys!
+   */
+  static async delete() {
+    await clearAllData();
+    return { success: true };
+  }
+  // ===========================================================================
+  // Instance Methods - Basic Info
+  // ===========================================================================
+  /**
+   * Get the wallet's Kaspa address
+   */
+  getAddress() {
+    return this.address;
+  }
+  /**
+   * Get the wallet's public key as hex string
+   */
+  getPublicKey() {
+    return this.publicKeyHex;
+  }
+  /**
+   * Get the current network
+   */
+  getNetwork() {
+    return this.network;
+  }
+  /**
+   * Sign a message with the wallet's private key
+   * Uses Kaspa's message signing scheme
+   *
+   * @param message - Message to sign
+   * @returns Signature as hex string
+   */
+  async signMessage(message) {
+    return await signMessageWithKey(message, this.privateKeyHex);
+  }
+  /**
+   * Get the private key hex (for advanced usage like transaction signing)
+   * WARNING: Handle with care - this is sensitive data
+   */
+  getPrivateKeyHex() {
+    return this.privateKeyHex;
+  }
+  // ===========================================================================
+  // Network Connection
+  // ===========================================================================
+  /**
+   * Check if connected to the network
+   */
+  get isConnected() {
+    return this.rpc.isConnected;
+  }
+  /**
+   * Get the underlying RPC client for advanced usage
+   */
+  getRpcClient() {
+    return this.rpc;
+  }
+  /**
+   * Connect to the Kaspa network
+   *
+   * @param options - Optional connection options (defaults to current network with public resolver)
+   */
+  async connect(options) {
+    await this.rpc.connect({
+      network: options?.network ?? this.network,
+      url: options?.url,
+      timeout: options?.timeout
+    });
+  }
+  /**
+   * Disconnect from the Kaspa network
+   */
+  async disconnectNetwork() {
+    await this.rpc.disconnect();
+  }
+  /**
+   * Switch to a different network without re-authentication
+   * Uses pre-computed addresses from wallet creation
+   *
+   * @param network - Target network to switch to
+   * @returns Result with success status
+   */
+  async switchNetwork(network) {
+    logger4.info("switchNetwork() called:", { from: this.network, to: network });
+    if (network === this.network) {
+      logger4.info("Already on target network");
+      return { success: true };
+    }
+    const metadata = await getWalletMetadata();
+    if (!metadata || !metadata.addresses || !metadata.addresses[network]) {
+      logger4.error("Address for target network not found in metadata");
+      return {
+        success: false,
+        error: `Address for network ${network} not found. Wallet may need to be recreated.`
+      };
+    }
+    const newAddress = await getAddressFromPrivateKey(this.privateKeyHex, network);
+    if (newAddress !== metadata.addresses[network]) {
+      logger4.error("Derived address does not match stored address for network", {
+        network,
+        stored: metadata.addresses[network],
+        derived: newAddress
+      });
+      return {
+        success: false,
+        error: "Failed to validate address for network switch"
+      };
+    }
+    if (this.isConnected) {
+      logger4.debug("Disconnecting from current network...");
+      await this.disconnectNetwork();
+    }
+    this.network = network;
+    this.address = newAddress;
+    logger4.info("Network switched successfully:", { network, address: newAddress });
+    this.emit({ type: "connected", address: newAddress });
+    return { success: true };
+  }
+  // ===========================================================================
+  // Balance & UTXOs
+  // ===========================================================================
+  /**
+   * Get the wallet's balance
+   *
+   * @returns Balance info with available, pending, and total amounts
+   * @throws Error if not connected to network
+   */
+  async getBalance() {
+    if (!this.rpc.isConnected) {
+      throw new Error(ERROR_MESSAGES.RPC_NOT_CONNECTED);
+    }
+    const balance = await this.rpc.getBalance(this.address);
+    this.emit({ type: "balance_updated", balance });
+    return balance;
+  }
+  // ===========================================================================
+  // Transactions
+  // ===========================================================================
+  /**
+   * Send KAS to an address
+   *
+   * @param options - Send options (to, amount, priorityFee)
+   * @returns Send result with transaction ID and details
+   * @throws Error if not connected or insufficient balance
+   *
+   * @example
+   * ```typescript
+   * const result = await wallet.send({
+   *   to: 'kaspatest:qz...',
+   *   amount: 100000000n, // 1 KAS
+   * });
+   * console.log('Transaction ID:', result.transactionId);
+   * ```
+   */
+  async send(options) {
+    if (!this.rpc.isConnected) {
+      throw new Error(ERROR_MESSAGES.RPC_NOT_CONNECTED);
+    }
+    const utxos = await this.rpc.getUtxos(this.address);
+    const totalAvailable = utxos.reduce((sum, utxo) => sum + utxo.amount, 0n);
+    if (totalAvailable < options.amount) {
+      throw new Error(ERROR_MESSAGES.INSUFFICIENT_BALANCE);
+    }
+    const result = await sendTransaction(
+      options,
+      utxos,
+      this.address,
+      // Use same address for change
+      this.privateKeyHex,
+      this.rpc,
+      this.network
+    );
+    this.emit({ type: "transaction_sent", txId: result.transactionId });
+    return result;
+  }
+  /**
+   * Send transaction with per-transaction passkey authentication
+   *
+   * **RECOMMENDED:** Use this method instead of `send()` for better security.
+   *
+   * This method prompts for passkey authentication for EACH transaction, using the
+   * transaction hash as the WebAuthn challenge. This provides cryptographic proof
+   * that the user approved THIS specific transaction.
+   *
+   * Benefits over `send()`:
+   * - Per-transaction authentication (user approves each transaction)
+   * - Transaction hash cryptographically bound to WebAuthn signature
+   * - Keys derived only when needed, not stored in memory
+   * - Matches standard wallet UX (MetaMask, hardware wallets)
+   *
+   * @param options - Send options (to, amount, priorityFee)
+   * @returns Transaction result with ID and fees
+   * @throws Error if authentication fails, insufficient balance, or network error
+   *
+   * @example
+   * ```typescript
+   * const result = await wallet.sendWithAuth({
+   *   to: 'kaspatest:qz...',
+   *   amount: 100000000n, // 1 KAS
+   * });
+   * console.log('Transaction ID:', result.transactionId);
+   * ```
+   */
+  async sendWithAuth(options) {
+    if (!this.rpc.isConnected) {
+      throw new Error(ERROR_MESSAGES.RPC_NOT_CONNECTED);
+    }
+    if (!this.credentialId) {
+      throw new Error("Credential ID not available. Cannot authenticate transaction.");
+    }
+    if (!this.passkeyPublicKey) {
+      throw new Error("Passkey public key not available. Cannot derive signing key.");
+    }
+    logger4.info("[PasskeyWallet] sendWithAuth() - Starting per-transaction auth flow");
+    const utxos = await this.rpc.getUtxos(this.address);
+    const totalAvailable = utxos.reduce((sum, utxo) => sum + utxo.amount, 0n);
+    if (totalAvailable < options.amount) {
+      throw new Error(ERROR_MESSAGES.INSUFFICIENT_BALANCE);
+    }
+    const outputs = [
+      {
+        address: options.to,
+        amount: options.amount
+      }
+    ];
+    const buildResult = await buildTransactions(
+      utxos,
+      outputs,
+      this.address,
+      options.priorityFee,
+      this.network
+    );
+    const { transactions, summary } = buildResult;
+    logger4.info("[PasskeyWallet] Built unsigned transactions:", {
+      count: transactions.length,
+      totalFee: summary.fees.toString()
+    });
+    const signedTransactions = [];
+    for (let i = 0; i < transactions.length; i++) {
+      const tx = transactions[i];
+      logger4.info(`[PasskeyWallet] Processing transaction ${i + 1}/${transactions.length}`);
+      const txHash = computeTransactionHash(tx);
+      logger4.info("[PasskeyWallet] Transaction hash computed:", {
+        length: txHash.length,
+        previewHex: Array.from(txHash.slice(0, 8)).map((b) => b.toString(16).padStart(2, "0")).join("")
+      });
+      logger4.info(
+        "[PasskeyWallet] Requesting passkey authentication for this transaction..."
+      );
+      const authResult = await authenticateWithChallenge(this.credentialId, txHash);
+      if (!authResult.success) {
+        throw new Error(
+          authResult.error ?? "Passkey authentication failed for transaction"
+        );
+      }
+      logger4.info("[PasskeyWallet] User authenticated - passkey signature received");
+      const verified = this.verifyAuthenticationForTransaction(authResult, txHash);
+      if (!verified) {
+        throw new Error(
+          "Authentication signature does not match transaction. Possible security issue."
+        );
+      }
+      logger4.info("[PasskeyWallet] \u2713 WebAuthn signature verified for this transaction");
+      const { privateKeyHex } = deriveKaspaKeysFromPasskey(this.passkeyPublicKey);
+      logger4.info("[PasskeyWallet] Derived secp256k1 signing key for this transaction");
+      await signTransactions([tx], privateKeyHex);
+      logger4.info("[PasskeyWallet] Transaction signed successfully");
+      signedTransactions.push(tx);
+    }
+    logger4.info("[PasskeyWallet] All transactions signed successfully");
+    const transactionIds = await submitTransactions(signedTransactions, this.rpc);
+    logger4.info("[PasskeyWallet] Transactions submitted:", transactionIds);
+    this.emit({
+      type: "transaction_sent",
+      txId: transactionIds[0]
+    });
+    return {
+      transactionId: transactionIds[0],
+      amount: options.amount,
+      fee: summary.fees
+    };
+  }
+  /**
+   * Estimate the fee for a transaction
+   *
+   * @param options - Send options (to, amount, priorityFee)
+   * @returns Transaction estimate with fees and UTXO count
+   * @throws Error if not connected
+   */
+  async estimateFee(options) {
+    if (!this.rpc.isConnected) {
+      throw new Error(ERROR_MESSAGES.RPC_NOT_CONNECTED);
+    }
+    const utxos = await this.rpc.getUtxos(this.address);
+    return estimateFee(
+      utxos,
+      [{ address: options.to, amount: options.amount }],
+      this.address,
+      options.priorityFee,
+      this.network
+    );
+  }
+  // ===========================================================================
+  // Event Handling
+  // ===========================================================================
+  /**
+   * Subscribe to wallet events
+   *
+   * @param handler - Event handler function
+   * @returns Unsubscribe function
+   */
+  on(handler) {
+    this.eventHandlers.add(handler);
+    return () => this.eventHandlers.delete(handler);
+  }
+  /**
+   * Emit an event to all subscribers
+   */
+  emit(event) {
+    this.eventHandlers.forEach((handler) => {
+      try {
+        handler(event);
+      } catch (error) {
+        logger4.error("Event handler error:", error);
+      }
+    });
+  }
+  // ===========================================================================
+  // Per-Transaction Authentication Helpers
+  // ===========================================================================
+  /**
+   * Verify that WebAuthn authentication result is for specific transaction
+   *
+   * This method ensures the WebAuthn signature was created for THIS specific
+   * transaction by verifying that the challenge in clientDataJSON matches the
+   * transaction hash.
+   *
+   * This prevents replay attacks where an attacker could try to reuse a signature
+   * from a different transaction.
+   *
+   * @param authResult - Authentication result from passkey
+   * @param txHash - Transaction hash that should be in the challenge
+   * @returns true if verified, false otherwise
+   */
+  verifyAuthenticationForTransaction(authResult, txHash) {
+    try {
+      const clientDataText = new TextDecoder().decode(authResult.clientDataJSON);
+      const clientData = JSON.parse(clientDataText);
+      logger4.debug("[PasskeyWallet] Verifying clientDataJSON:", {
+        type: clientData.type,
+        origin: clientData.origin,
+        challengePreview: clientData.challenge?.substring(0, 16)
+      });
+      const challengeBase64url = clientData.challenge;
+      if (!challengeBase64url) {
+        logger4.error("[PasskeyWallet] No challenge found in clientDataJSON");
+        return false;
+      }
+      const challengeBytes = base64urlToUint8Array(challengeBase64url);
+      if (challengeBytes.length !== txHash.length) {
+        logger4.error("[PasskeyWallet] Challenge length mismatch:", {
+          expected: txHash.length,
+          actual: challengeBytes.length
+        });
+        return false;
+      }
+      for (let i = 0; i < txHash.length; i++) {
+        if (challengeBytes[i] !== txHash[i]) {
+          logger4.error("[PasskeyWallet] Challenge byte mismatch at index:", i);
+          return false;
+        }
+      }
+      logger4.info("[PasskeyWallet] \u2713 WebAuthn challenge verified = transaction hash");
+      if (clientData.type !== "webauthn.get") {
+        logger4.error("[PasskeyWallet] Invalid clientData type:", clientData.type);
+        return false;
+      }
+      return true;
+    } catch (error) {
+      logger4.error("[PasskeyWallet] Failed to verify authentication:", error);
+      return false;
+    }
+  }
+  /**
+   * Disconnect the wallet (clears in-memory keys and network connection)
+   */
+  async disconnect() {
+    await this.rpc.disconnect();
+    this.privateKeyHex = "";
+    this.emit({ type: "disconnected" });
+    this.eventHandlers.clear();
+  }
+};
+
+// src/wasm.ts
+var import_kaspa_wasm6 = require("@onekeyfe/kaspa-wasm");
+var initDebugMode = async () => {
+  const { initConsolePanicHook: initConsolePanicHook3 } = await import("@onekeyfe/kaspa-wasm");
+  initConsolePanicHook3();
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  Address,
+  DEFAULT_NETWORK,
+  DEFAULT_PRIORITY_FEE_SOMPI,
+  ERROR_MESSAGES,
+  Generator,
+  KaspaRpc,
+  MIN_FEE_SOMPI,
+  NETWORK_ID,
+  NetworkType,
+  PasskeyWallet,
+  PendingTransaction,
+  PrivateKey,
+  PublicKey,
+  Resolver,
+  RpcClient,
+  SOMPI_PER_KAS,
+  Transaction,
+  UtxoContext,
+  UtxoEntryReference,
+  UtxoProcessor,
+  authenticateWithChallenge,
+  buildTransactions,
+  computeTransactionHash,
+  createGenerator,
+  createLogger,
+  createPrivateKey,
+  deriveKaspaKeysFromPasskey,
+  estimateFee,
+  extractPublicKeyFromAttestation,
+  formatKas,
+  generatePrivateKey,
+  getAddressFromPrivateKey,
+  getDefaultRpc,
+  getNetworkFromAddress,
+  getNetworkIdString,
+  getNetworkType,
+  getPublicKeyHex,
+  hexToUint8Array,
+  initDebugMode,
+  isValidAddress,
+  isValidPrivateKey,
+  isWebAuthnSupported,
+  kasStringToSompi,
+  kasToSompi,
+  parseAddress,
+  parseKas,
+  publicKeyToAddress,
+  resetDefaultRpc,
+  sendTransaction,
+  signMessageWithKey,
+  signTransaction,
+  signTransactions,
+  sompiToKas,
+  sompiToKasString,
+  sompiToKasStringWithSuffix,
+  submitTransactions,
+  uint8ArrayToHex,
+  verifyDeterminism
+});