@moonpay/cli 0.5.1 → 0.6.0

package/dist/{chunk-V7MA7WNX.js → chunk-GSAFAKB7.js}

@@ -10,16 +10,88 @@ import {
 } from "fs";
 import { join } from "path";
 import { homedir } from "os";
+import { randomBytes as randomBytes3 } from "crypto";
+
+// src/tools/wallet/models.ts
+import { z as z2 } from "zod";
+
+// src/crypto.ts
 import {
-  randomBytes as randomBytes2,
+  randomBytes,
   scryptSync,
   createCipheriv,
   createDecipheriv
 } from "crypto";
+import { z } from "zod";
+var SCRYPT_N = 2 ** 18;
+var SCRYPT_R = 8;
+var SCRYPT_P = 1;
+var KEY_LENGTH = 32;
+var SCRYPT_MAXMEM = 512 * 1024 * 1024;
+var encryptedFileSchema = z.object({
+  encryption: z.object({
+    cipher: z.literal("aes-256-gcm"),
+    kdf: z.literal("scrypt"),
+    kdfparams: z.object({
+      n: z.number(),
+      r: z.number(),
+      p: z.number()
+    }),
+    salt: z.string(),
+    iv: z.string(),
+    tag: z.string()
+  }),
+  data: z.string()
+});
+function encrypt(data, encryptionKey) {
+  const salt = randomBytes(32);
+  const aesKey = scryptSync(encryptionKey, salt, KEY_LENGTH, {
+    N: SCRYPT_N,
+    r: SCRYPT_R,
+    p: SCRYPT_P,
+    maxmem: SCRYPT_MAXMEM
+  });
+  const iv = randomBytes(12);
+  const cipher = createCipheriv("aes-256-gcm", aesKey, iv);
+  const encrypted = Buffer.concat([
+    cipher.update(data, "utf8"),
+    cipher.final()
+  ]);
+  return {
+    encryption: {
+      cipher: "aes-256-gcm",
+      kdf: "scrypt",
+      kdfparams: { n: SCRYPT_N, r: SCRYPT_R, p: SCRYPT_P },
+      salt: salt.toString("base64"),
+      iv: iv.toString("base64"),
+      tag: cipher.getAuthTag().toString("base64")
+    },
+    data: encrypted.toString("base64")
+  };
+}
+function decrypt(file, encryptionKey) {
+  const { salt, iv, tag, kdfparams } = file.encryption;
+  const aesKey = scryptSync(
+    encryptionKey,
+    Buffer.from(salt, "base64"),
+    KEY_LENGTH,
+    { N: kdfparams.n, r: kdfparams.r, p: kdfparams.p, maxmem: SCRYPT_MAXMEM }
+  );
+  const decipher = createDecipheriv(
+    "aes-256-gcm",
+    aesKey,
+    Buffer.from(iv, "base64"),
+    { authTagLength: 16 }
+  );
+  decipher.setAuthTag(Buffer.from(tag, "base64"));
+  return Buffer.concat([
+    decipher.update(Buffer.from(file.data, "base64")),
+    decipher.final()
+  ]).toString("utf8");
+}
 
 // src/tools/wallet/models.ts
-import { z } from "zod";
-var chainSchema = z.enum([
+var chainSchema = z2.enum([
   "solana",
   "ethereum",
   "base",
@@ -31,7 +103,7 @@ var chainSchema = z.enum([
   "bitcoin",
   "tron"
 ]);
-var keyChainSchema = z.enum(["solana", "ethereum", "bitcoin", "tron"]);
+var keyChainSchema = z2.enum(["solana", "ethereum", "bitcoin", "tron"]);
 var KEY_CHAIN_MAP = {
   solana: "solana",
   ethereum: "ethereum",
@@ -44,88 +116,94 @@ var KEY_CHAIN_MAP = {
   bitcoin: "bitcoin",
   tron: "tron"
 };
-var hdWalletSchema = z.object({
-  name: z.string(),
-  type: z.literal("hd"),
-  mnemonic: z.string(),
-  addresses: z.record(keyChainSchema, z.string()),
-  createdAt: z.string()
+var addressesSchema = z2.object({
+  solana: z2.string().optional(),
+  ethereum: z2.string().optional(),
+  bitcoin: z2.string().optional(),
+  tron: z2.string().optional()
 });
-var importedWalletSchema = z.object({
-  name: z.string(),
-  type: z.literal("imported"),
+var hdWalletSchema = z2.object({
+  name: z2.string(),
+  type: z2.literal("hd"),
+  mnemonic: z2.string(),
+  addresses: addressesSchema,
+  createdAt: z2.string()
+});
+var importedWalletSchema = z2.object({
+  name: z2.string(),
+  type: z2.literal("imported"),
   chain: keyChainSchema,
-  privateKey: z.string(),
-  addresses: z.record(keyChainSchema, z.string()),
-  createdAt: z.string()
+  privateKey: z2.string(),
+  addresses: addressesSchema,
+  createdAt: z2.string()
 });
-var walletSchema = z.discriminatedUnion("type", [
+var walletSchema = z2.discriminatedUnion("type", [
   hdWalletSchema,
   importedWalletSchema
 ]);
-var walletsFileSchema = z.object({
-  encryption: z.object({
-    cipher: z.literal("aes-256-gcm"),
-    kdf: z.literal("scrypt"),
-    kdfparams: z.object({
-      n: z.number(),
-      r: z.number(),
-      p: z.number()
-    }),
-    salt: z.string(),
-    iv: z.string(),
-    tag: z.string()
-  }),
-  data: z.string()
-});
-var walletInfoSchema = z.object({
-  name: z.string(),
-  type: z.enum(["hd", "imported"]),
-  addresses: z.record(keyChainSchema, z.string()),
-  createdAt: z.string()
+var walletInfoSchema = z2.object({
+  name: z2.string(),
+  type: z2.enum(["hd", "imported"]),
+  addresses: addressesSchema,
+  createdAt: z2.string()
 });
 
 // src/tools/wallet/session.ts
-import { execSync } from "child_process";
-import { randomBytes } from "crypto";
+import { execFileSync, execSync } from "child_process";
+import { randomBytes as randomBytes2 } from "crypto";
 import { platform } from "os";
 var SERVICE = "moonpay-cli";
 var ACCOUNT = "encryption-key";
 function storeMacOS(value) {
   try {
-    execSync(
-      `security delete-generic-password -s "${SERVICE}" -a "${ACCOUNT}" 2>/dev/null`,
-      { stdio: "ignore" }
-    );
+    execFileSync("security", [
+      "delete-generic-password",
+      "-s",
+      SERVICE,
+      "-a",
+      ACCOUNT
+    ], { stdio: "ignore" });
   } catch {
   }
-  execSync(
-    `security add-generic-password -s "${SERVICE}" -a "${ACCOUNT}" -w "${value}"`,
-    { stdio: "ignore" }
-  );
+  execFileSync("security", [
+    "add-generic-password",
+    "-s",
+    SERVICE,
+    "-a",
+    ACCOUNT,
+    "-w",
+    value
+  ], { stdio: "ignore" });
 }
 function getMacOS() {
   try {
-    return execSync(
-      `security find-generic-password -s "${SERVICE}" -a "${ACCOUNT}" -w`,
-      { encoding: "utf-8", stdio: ["ignore", "pipe", "ignore"] }
-    ).trim();
+    return execFileSync("security", [
+      "find-generic-password",
+      "-s",
+      SERVICE,
+      "-a",
+      ACCOUNT,
+      "-w"
+    ], { encoding: "utf-8", stdio: ["ignore", "pipe", "ignore"] }).trim();
   } catch {
     return null;
   }
 }
 function storeLinux(value) {
   execSync(
-    `printf '%s' "${value}" | secret-tool store --label="${SERVICE}" service "${SERVICE}" account "${ACCOUNT}"`,
-    { stdio: "ignore" }
+    `printf '%s' | secret-tool store --label="${SERVICE}" service "${SERVICE}" account "${ACCOUNT}"`,
+    { input: value, stdio: ["pipe", "ignore", "ignore"] }
   );
 }
 function getLinux() {
   try {
-    return execSync(
-      `secret-tool lookup service "${SERVICE}" account "${ACCOUNT}"`,
-      { encoding: "utf-8", stdio: ["ignore", "pipe", "ignore"] }
-    ).trim();
+    return execFileSync("secret-tool", [
+      "lookup",
+      "service",
+      SERVICE,
+      "account",
+      ACCOUNT
+    ], { encoding: "utf-8", stdio: ["ignore", "pipe", "ignore"] }).trim();
   } catch {
     return null;
   }
@@ -150,7 +228,7 @@ function getEncryptionKey() {
 function ensureEncryptionKey() {
   const existing = getEncryptionKey();
   if (existing) return existing;
-  const key = randomBytes(32).toString("hex");
+  const key = randomBytes2(32).toString("hex");
   storeInKeychain(key);
   return key;
 }
@@ -283,64 +361,6 @@ var WALLETS_PATH = join(CONFIG_DIR, "wallets.json");
 function ensureConfigDir() {
   mkdirSync(CONFIG_DIR, { recursive: true, mode: 448 });
 }
-var SCRYPT_N = 2 ** 18;
-var SCRYPT_R = 8;
-var SCRYPT_P = 1;
-var KEY_LENGTH = 32;
-var SCRYPT_MAXMEM = 512 * 1024 * 1024;
-function deriveAesKey(password, salt) {
-  return scryptSync(password, salt, KEY_LENGTH, {
-    N: SCRYPT_N,
-    r: SCRYPT_R,
-    p: SCRYPT_P,
-    maxmem: SCRYPT_MAXMEM
-  });
-}
-function encrypt(data, encryptionKey) {
-  const salt = randomBytes2(32);
-  const aesKey = deriveAesKey(encryptionKey, salt);
-  const iv = randomBytes2(12);
-  const cipher = createCipheriv("aes-256-gcm", aesKey, iv);
-  const encrypted = Buffer.concat([
-    cipher.update(data, "utf8"),
-    cipher.final()
-  ]);
-  return {
-    encryption: {
-      cipher: "aes-256-gcm",
-      kdf: "scrypt",
-      kdfparams: { n: SCRYPT_N, r: SCRYPT_R, p: SCRYPT_P },
-      salt: salt.toString("base64"),
-      iv: iv.toString("base64"),
-      tag: cipher.getAuthTag().toString("base64")
-    },
-    data: encrypted.toString("base64")
-  };
-}
-function decrypt(file, encryptionKey) {
-  const { salt, iv, tag, kdfparams } = file.encryption;
-  const aesKey = scryptSync(
-    encryptionKey,
-    Buffer.from(salt, "base64"),
-    KEY_LENGTH,
-    { N: kdfparams.n, r: kdfparams.r, p: kdfparams.p, maxmem: SCRYPT_MAXMEM }
-  );
-  const decipher = createDecipheriv(
-    "aes-256-gcm",
-    aesKey,
-    Buffer.from(iv, "base64"),
-    { authTagLength: 16 }
-  );
-  decipher.setAuthTag(Buffer.from(tag, "base64"));
-  try {
-    return Buffer.concat([
-      decipher.update(Buffer.from(file.data, "base64")),
-      decipher.final()
-    ]).toString("utf8");
-  } catch {
-    throw new Error("Failed to decrypt wallets. Encryption key may be invalid.");
-  }
-}
 function loadWallets() {
   if (!existsSync(WALLETS_PATH)) return [];
   const encryptionKey = getEncryptionKey();
@@ -350,7 +370,7 @@ function loadWallets() {
     );
   }
   const raw = JSON.parse(readFileSync(WALLETS_PATH, "utf-8"));
-  const file = walletsFileSchema.parse(raw);
+  const file = encryptedFileSchema.parse(raw);
   const decrypted = decrypt(file, encryptionKey);
   const parsed = JSON.parse(decrypted);
   return (parsed.wallets ?? []).map((w) => walletSchema.parse(w));
@@ -360,7 +380,7 @@ function saveWallets(wallets) {
   const data = JSON.stringify({ wallets });
   const file = encrypt(data, encryptionKey);
   ensureConfigDir();
-  const tmpPath = join(CONFIG_DIR, `.wallets.${randomBytes2(4).toString("hex")}.tmp`);
+  const tmpPath = join(CONFIG_DIR, `.wallets.${randomBytes3(4).toString("hex")}.tmp`);
   writeFileSync(tmpPath, JSON.stringify(file, null, 2), { mode: 384 });
   renameSync(tmpPath, WALLETS_PATH);
 }
@@ -424,10 +444,16 @@ function decodePrivateKey(key, chain) {
 }
 
 export {
+  encryptedFileSchema,
+  encrypt,
+  decrypt,
+  getEncryptionKey,
+  ensureEncryptionKey,
   deriveAllAddresses,
   chainSchema,
   keyChainSchema,
   KEY_CHAIN_MAP,
+  addressesSchema,
   walletInfoSchema,
   loadWallets,
   saveWallets,
@@ -438,4 +464,4 @@ export {
   removeWallet,
   resolveSigningKey
 };
-//# sourceMappingURL=chunk-V7MA7WNX.js.map
+//# sourceMappingURL=chunk-GSAFAKB7.js.map

package/dist/chunk-GSAFAKB7.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/tools/wallet/store.ts","../src/tools/wallet/models.ts","../src/crypto.ts","../src/tools/wallet/session.ts","../src/tools/wallet/chains.ts"],"sourcesContent":["import {\n  existsSync,\n  readFileSync,\n  writeFileSync,\n  mkdirSync,\n  renameSync,\n} from \"node:fs\";\nimport { join } from \"node:path\";\nimport { homedir } from \"node:os\";\nimport { randomBytes } from \"node:crypto\";\nimport {\n  walletsFileSchema,\n  walletSchema,\n  type Wallet,\n  type Chain,\n  type KeyChain,\n  KEY_CHAIN_MAP,\n} from \"./models\";\nimport { encrypt, decrypt } from \"../../crypto\";\nimport { getEncryptionKey, ensureEncryptionKey } from \"./session\";\nimport { deriveKeyForChain } from \"./chains\";\nimport bs58 from \"bs58\";\n\n// ── Paths ───────────────────────────────────────────────────\n\nconst CONFIG_DIR = join(homedir(), \".config\", \"moonpay\");\nconst WALLETS_PATH = join(CONFIG_DIR, \"wallets.json\");\n\nfunction ensureConfigDir(): void {\n  mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });\n}\n\n// ── Load / Save ─────────────────────────────────────────────\n\nexport function loadWallets(): Wallet[] {\n  if (!existsSync(WALLETS_PATH)) return [];\n\n  const encryptionKey = getEncryptionKey();\n  if (!encryptionKey) {\n    throw new Error(\n      \"Encryption key not found. Set MOONPAY_ENCRYPTION_KEY or ensure OS keychain is accessible.\",\n    );\n  }\n\n  const raw = JSON.parse(readFileSync(WALLETS_PATH, \"utf-8\"));\n  const file = walletsFileSchema.parse(raw);\n  const decrypted = decrypt(file, encryptionKey);\n  const parsed = JSON.parse(decrypted);\n\n  return (parsed.wallets ?? []).map((w: unknown) => walletSchema.parse(w));\n}\n\nexport function saveWallets(wallets: Wallet[]): void {\n  const encryptionKey = ensureEncryptionKey();\n  const data = JSON.stringify({ wallets });\n  const file = encrypt(data, encryptionKey);\n\n  ensureConfigDir();\n  const tmpPath = join(CONFIG_DIR, `.wallets.${randomBytes(4).toString(\"hex\")}.tmp`);\n  writeFileSync(tmpPath, JSON.stringify(file, null, 2), { mode: 0o600 });\n  renameSync(tmpPath, WALLETS_PATH);\n}\n\nexport function mutateWallets(fn: (wallets: Wallet[]) => void): void {\n  const wallets = loadWallets();\n  fn(wallets);\n  saveWallets(wallets);\n}\n\n// ── Wallet operations ───────────────────────────────────────\n\nexport function findWallet(nameOrAddress: string): Wallet | null {\n  const wallets = loadWallets();\n\n  for (const wallet of wallets) {\n    if (wallet.name === nameOrAddress) return wallet;\n    for (const address of Object.values(wallet.addresses)) {\n      if (address === nameOrAddress) return wallet;\n    }\n  }\n\n  return null;\n}\n\nexport function findWalletOrThrow(nameOrAddress: string): Wallet {\n  const wallet = findWallet(nameOrAddress);\n  if (!wallet) throw new Error(`Wallet \"${nameOrAddress}\" not found`);\n  return wallet;\n}\n\nexport function addWallet(wallet: Wallet): void {\n  mutateWallets((wallets) => {\n    if (wallets.some((w) => w.name === wallet.name)) {\n      throw new Error(`Wallet \"${wallet.name}\" already exists`);\n    }\n    wallets.push(wallet);\n  });\n}\n\nexport function removeWallet(name: string): void {\n  mutateWallets((wallets) => {\n    const idx = wallets.findIndex((w) => w.name === name);\n    if (idx === -1) throw new Error(`Wallet \"${name}\" not found`);\n    wallets.splice(idx, 1);\n  });\n}\n\n// ── Key resolution ──────────────────────────────────────────\n\nexport function resolveSigningKey(\n  wallet: Wallet,\n  chain: Chain,\n): { privateKey: Uint8Array; address: string } {\n  const keyChain = KEY_CHAIN_MAP[chain];\n\n  if (wallet.type === \"imported\") {\n    if (wallet.chain !== keyChain) {\n      throw new Error(\n        `Wallet \"${wallet.name}\" was imported for ${wallet.chain}, cannot sign for ${chain}.`,\n      );\n    }\n    return {\n      privateKey: decodePrivateKey(wallet.privateKey, keyChain),\n      address: wallet.addresses[keyChain]!,\n    };\n  }\n\n  const derived = deriveKeyForChain(wallet.mnemonic, keyChain);\n  return { privateKey: derived.privateKey, address: derived.address };\n}\n\nfunction decodePrivateKey(key: string, chain: KeyChain): Uint8Array {\n  if (chain === \"solana\") {\n    return bs58.decode(key);\n  }\n  const hex = key.startsWith(\"0x\") ? key.slice(2) : key;\n  return Uint8Array.from(Buffer.from(hex, \"hex\"));\n}\n","import { z } from \"zod\";\nimport { encryptedFileSchema, type EncryptedFile } from \"../../crypto\";\n\nexport { encryptedFileSchema as walletsFileSchema };\nexport type WalletsFile = EncryptedFile;\n\n// ── Chain types ─────────────────────────────────────────────\n\nexport const chainSchema = z.enum([\n  \"solana\",\n  \"ethereum\",\n  \"base\",\n  \"arbitrum\",\n  \"polygon\",\n  \"optimism\",\n  \"bnb\",\n  \"avalanche\",\n  \"bitcoin\",\n  \"tron\",\n]);\nexport type Chain = z.infer<typeof chainSchema>;\n\nexport const keyChainSchema = z.enum([\"solana\", \"ethereum\", \"bitcoin\", \"tron\"]);\nexport type KeyChain = z.infer<typeof keyChainSchema>;\n\nexport const KEY_CHAIN_MAP: Record<Chain, KeyChain> = {\n  solana: \"solana\",\n  ethereum: \"ethereum\",\n  base: \"ethereum\",\n  arbitrum: \"ethereum\",\n  polygon: \"ethereum\",\n  optimism: \"ethereum\",\n  bnb: \"ethereum\",\n  avalanche: \"ethereum\",\n  bitcoin: \"bitcoin\",\n  tron: \"tron\",\n};\n\n// ── Addresses ───────────────────────────────────────────────\n\nexport const addressesSchema = z.object({\n  solana: z.string().optional(),\n  ethereum: z.string().optional(),\n  bitcoin: z.string().optional(),\n  tron: z.string().optional(),\n});\nexport type Addresses = z.infer<typeof addressesSchema>;\n\n// ── Wallet types (internal, includes secrets) ───────────────\n\nexport const hdWalletSchema = z.object({\n  name: z.string(),\n  type: z.literal(\"hd\"),\n  mnemonic: z.string(),\n  addresses: addressesSchema,\n  createdAt: z.string(),\n});\nexport type HdWallet = z.infer<typeof hdWalletSchema>;\n\nexport const importedWalletSchema = z.object({\n  name: z.string(),\n  type: z.literal(\"imported\"),\n  chain: keyChainSchema,\n  privateKey: z.string(),\n  addresses: addressesSchema,\n  createdAt: z.string(),\n});\nexport type ImportedWallet = z.infer<typeof importedWalletSchema>;\n\nexport const walletSchema = z.discriminatedUnion(\"type\", [\n  hdWalletSchema,\n  importedWalletSchema,\n]);\nexport type Wallet = z.infer<typeof walletSchema>;\n\n// ── Encrypted file format (re-exported from shared crypto) ──\n\n// ── Public wallet info (no secrets) ─────────────────────────\n\nexport const walletInfoSchema = z.object({\n  name: z.string(),\n  type: z.enum([\"hd\", \"imported\"]),\n  addresses: addressesSchema,\n  createdAt: z.string(),\n});\nexport type WalletInfo = z.infer<typeof walletInfoSchema>;\n","import {\n  randomBytes,\n  scryptSync,\n  createCipheriv,\n  createDecipheriv,\n} from \"node:crypto\";\nimport { z } from \"zod\";\n\nconst SCRYPT_N = 2 ** 18;\nconst SCRYPT_R = 8;\nconst SCRYPT_P = 1;\nconst KEY_LENGTH = 32;\nconst SCRYPT_MAXMEM = 512 * 1024 * 1024;\n\nexport const encryptedFileSchema = z.object({\n  encryption: z.object({\n    cipher: z.literal(\"aes-256-gcm\"),\n    kdf: z.literal(\"scrypt\"),\n    kdfparams: z.object({\n      n: z.number(),\n      r: z.number(),\n      p: z.number(),\n    }),\n    salt: z.string(),\n    iv: z.string(),\n    tag: z.string(),\n  }),\n  data: z.string(),\n});\nexport type EncryptedFile = z.infer<typeof encryptedFileSchema>;\n\nexport function encrypt(data: string, encryptionKey: string): EncryptedFile {\n  const salt = randomBytes(32);\n  const aesKey = scryptSync(encryptionKey, salt, KEY_LENGTH, {\n    N: SCRYPT_N, r: SCRYPT_R, p: SCRYPT_P, maxmem: SCRYPT_MAXMEM,\n  });\n  const iv = randomBytes(12);\n  const cipher = createCipheriv(\"aes-256-gcm\", aesKey, iv);\n\n  const encrypted = Buffer.concat([\n    cipher.update(data, \"utf8\"),\n    cipher.final(),\n  ]);\n\n  return {\n    encryption: {\n      cipher: \"aes-256-gcm\",\n      kdf: \"scrypt\",\n      kdfparams: { n: SCRYPT_N, r: SCRYPT_R, p: SCRYPT_P },\n      salt: salt.toString(\"base64\"),\n      iv: iv.toString(\"base64\"),\n      tag: cipher.getAuthTag().toString(\"base64\"),\n    },\n    data: encrypted.toString(\"base64\"),\n  };\n}\n\nexport function decrypt(file: EncryptedFile, encryptionKey: string): string {\n  const { salt, iv, tag, kdfparams } = file.encryption;\n\n  const aesKey = scryptSync(\n    encryptionKey,\n    Buffer.from(salt, \"base64\"),\n    KEY_LENGTH,\n    { N: kdfparams.n, r: kdfparams.r, p: kdfparams.p, maxmem: SCRYPT_MAXMEM },\n  );\n\n  const decipher = createDecipheriv(\n    \"aes-256-gcm\",\n    aesKey,\n    Buffer.from(iv, \"base64\"),\n    { authTagLength: 16 },\n  );\n  decipher.setAuthTag(Buffer.from(tag, \"base64\"));\n\n  return Buffer.concat([\n    decipher.update(Buffer.from(file.data, \"base64\")),\n    decipher.final(),\n  ]).toString(\"utf8\");\n}\n","import { execFileSync, execSync } from \"node:child_process\";\nimport { randomBytes } from \"node:crypto\";\nimport { platform } from \"node:os\";\n\nconst SERVICE = \"moonpay-cli\";\nconst ACCOUNT = \"encryption-key\";\n\n// ── macOS Keychain ──────────────────────────────────────────\n\nfunction storeMacOS(value: string): void {\n  try {\n    execFileSync(\"security\", [\n      \"delete-generic-password\", \"-s\", SERVICE, \"-a\", ACCOUNT,\n    ], { stdio: \"ignore\" });\n  } catch {}\n  execFileSync(\"security\", [\n    \"add-generic-password\", \"-s\", SERVICE, \"-a\", ACCOUNT, \"-w\", value,\n  ], { stdio: \"ignore\" });\n}\n\nfunction getMacOS(): string | null {\n  try {\n    return execFileSync(\"security\", [\n      \"find-generic-password\", \"-s\", SERVICE, \"-a\", ACCOUNT, \"-w\",\n    ], { encoding: \"utf-8\", stdio: [\"ignore\", \"pipe\", \"ignore\"] }).trim();\n  } catch {\n    return null;\n  }\n}\n\n// ── Linux libsecret ─────────────────────────────────────────\n\nfunction storeLinux(value: string): void {\n  execSync(\n    `printf '%s' | secret-tool store --label=\"${SERVICE}\" service \"${SERVICE}\" account \"${ACCOUNT}\"`,\n    { input: value, stdio: [\"pipe\", \"ignore\", \"ignore\"] },\n  );\n}\n\nfunction getLinux(): string | null {\n  try {\n    return execFileSync(\"secret-tool\", [\n      \"lookup\", \"service\", SERVICE, \"account\", ACCOUNT,\n    ], { encoding: \"utf-8\", stdio: [\"ignore\", \"pipe\", \"ignore\"] }).trim();\n  } catch {\n    return null;\n  }\n}\n\n// ── Platform dispatch ───────────────────────────────────────\n\nfunction storeInKeychain(value: string): void {\n  const os = platform();\n  if (os === \"darwin\") return storeMacOS(value);\n  if (os === \"linux\") return storeLinux(value);\n  throw new Error(\"OS keychain not supported on this platform\");\n}\n\nfunction getFromKeychain(): string | null {\n  const os = platform();\n  if (os === \"darwin\") return getMacOS();\n  if (os === \"linux\") return getLinux();\n  return null;\n}\n\n// ── Public API ──────────────────────────────────────────────\n\nexport function getEncryptionKey(): string | null {\n  const envKey = process.env.MOONPAY_ENCRYPTION_KEY;\n  if (envKey) return envKey;\n  return getFromKeychain();\n}\n\nexport function ensureEncryptionKey(): string {\n  const existing = getEncryptionKey();\n  if (existing) return existing;\n\n  const key = randomBytes(32).toString(\"hex\");\n  storeInKeychain(key);\n  return key;\n}\n","import { createHash } from \"node:crypto\";\nimport { HDKey } from \"@scure/bip32\";\nimport { mnemonicToSeedSync } from \"@scure/bip39\";\nimport { keccak_256 } from \"@noble/hashes/sha3\";\nimport { derivePath } from \"ed25519-hd-key\";\nimport * as bitcoin from \"bitcoinjs-lib\";\nimport ECPairFactory from \"ecpair\";\nimport * as ecc from \"tiny-secp256k1\";\nimport { Keypair } from \"@solana/web3.js\";\nimport bs58 from \"bs58\";\nimport type { KeyChain } from \"./models\";\n\nconst ECPair = ECPairFactory(ecc);\n\n// ── BIP44 derivation paths ──────────────────────────────────\n\nexport function derivationPath(chain: KeyChain, account = 0): string {\n  switch (chain) {\n    case \"solana\":\n      return `m/44'/501'/${account}'/0'`;\n    case \"ethereum\":\n      return `m/44'/60'/${account}'/0/0`;\n    case \"bitcoin\":\n      return `m/84'/0'/${account}'/0/0`;\n    case \"tron\":\n      return `m/44'/195'/${account}'/0/0`;\n  }\n}\n\n// ── Key derivation ──────────────────────────────────────────\n\nexport interface DerivedKey {\n  privateKey: Uint8Array;\n  address: string;\n}\n\nexport function deriveKeyForChain(\n  mnemonic: string,\n  chain: KeyChain,\n  account = 0,\n): DerivedKey {\n  switch (chain) {\n    case \"solana\":\n      return deriveSolana(mnemonic, account);\n    case \"ethereum\":\n      return deriveEthereum(mnemonic, account);\n    case \"bitcoin\":\n      return deriveBitcoin(mnemonic, account);\n    case \"tron\":\n      return deriveTron(mnemonic, account);\n  }\n}\n\nexport function deriveAllAddresses(\n  mnemonic: string,\n  account = 0,\n): Record<KeyChain, string> {\n  return {\n    solana: deriveKeyForChain(mnemonic, \"solana\", account).address,\n    ethereum: deriveKeyForChain(mnemonic, \"ethereum\", account).address,\n    bitcoin: deriveKeyForChain(mnemonic, \"bitcoin\", account).address,\n    tron: deriveKeyForChain(mnemonic, \"tron\", account).address,\n  };\n}\n\n// ── Solana (ed25519 via SLIP-0010) ──────────────────────────\n\nfunction deriveSolana(mnemonic: string, account: number): DerivedKey {\n  const seed = mnemonicToSeedSync(mnemonic);\n  const path = derivationPath(\"solana\", account);\n  const { key } = derivePath(path, Buffer.from(seed).toString(\"hex\"));\n  const keypair = Keypair.fromSeed(Uint8Array.from(key));\n  return {\n    privateKey: keypair.secretKey,\n    address: keypair.publicKey.toBase58(),\n  };\n}\n\n// ── Ethereum / EVM (secp256k1 via BIP32) ────────────────────\n\nfunction deriveEthereum(mnemonic: string, account: number): DerivedKey {\n  const seed = mnemonicToSeedSync(mnemonic);\n  const hdkey = HDKey.fromMasterSeed(seed);\n  const path = derivationPath(\"ethereum\", account);\n  const child = hdkey.derive(path);\n  if (!child.privateKey) throw new Error(\"Failed to derive EVM private key\");\n\n  const address = publicKeyToEthAddress(child.publicKey!);\n  return {\n    privateKey: child.privateKey,\n    address,\n  };\n}\n\nfunction publicKeyToEthAddress(compressedPubKey: Uint8Array): string {\n  const uncompressed = ecc.pointCompress(compressedPubKey, false);\n  const hash = keccak256(uncompressed.slice(1));\n  const addressBytes = hash.slice(-20);\n  const address = \"0x\" + Buffer.from(addressBytes).toString(\"hex\");\n  return toChecksumAddress(address);\n}\n\nfunction keccak256(data: Uint8Array): Uint8Array {\n  return keccak_256(data);\n}\n\nfunction toChecksumAddress(address: string): string {\n  const addr = address.toLowerCase().replace(\"0x\", \"\");\n  const hash = Buffer.from(keccak_256(Buffer.from(addr, \"utf8\"))).toString(\"hex\");\n  let checksummed = \"0x\";\n  for (let i = 0; i < addr.length; i++) {\n    checksummed += parseInt(hash[i], 16) >= 8 ? addr[i].toUpperCase() : addr[i];\n  }\n  return checksummed;\n}\n\n// ── Bitcoin (secp256k1 via BIP32, native segwit) ────────────\n\nfunction deriveBitcoin(mnemonic: string, account: number): DerivedKey {\n  const seed = mnemonicToSeedSync(mnemonic);\n  const hdkey = HDKey.fromMasterSeed(seed);\n  const path = derivationPath(\"bitcoin\", account);\n  const child = hdkey.derive(path);\n  if (!child.privateKey) throw new Error(\"Failed to derive Bitcoin private key\");\n\n  const keyPair = ECPair.fromPrivateKey(Buffer.from(child.privateKey));\n  const { address } = bitcoin.payments.p2wpkh({\n    pubkey: Buffer.from(keyPair.publicKey),\n  });\n  if (!address) throw new Error(\"Failed to derive Bitcoin address\");\n\n  return {\n    privateKey: child.privateKey,\n    address,\n  };\n}\n\n// ── Tron (secp256k1 via BIP32, Base58Check) ─────────────────\n\nfunction deriveTron(mnemonic: string, account: number): DerivedKey {\n  const seed = mnemonicToSeedSync(mnemonic);\n  const hdkey = HDKey.fromMasterSeed(seed);\n  const path = derivationPath(\"tron\", account);\n  const child = hdkey.derive(path);\n  if (!child.privateKey) throw new Error(\"Failed to derive Tron private key\");\n\n  const address = publicKeyToTronAddress(child.publicKey!);\n  return { privateKey: child.privateKey, address };\n}\n\nfunction publicKeyToTronAddress(compressedPubKey: Uint8Array): string {\n  const uncompressed = ecc.pointCompress(compressedPubKey, false);\n  const hash = keccak256(uncompressed.slice(1));\n  const addressBytes = hash.slice(-20);\n\n  // Tron: 0x41 prefix + 20 address bytes + 4-byte double-SHA256 checksum\n  const prefixed = Buffer.concat([Buffer.from([0x41]), Buffer.from(addressBytes)]);\n  const hash1 = createHash(\"sha256\").update(prefixed).digest();\n  const hash2 = createHash(\"sha256\").update(hash1).digest();\n  const raw = Buffer.concat([prefixed, hash2.slice(0, 4)]);\n\n  return bs58.encode(raw);\n}\n"],"mappings":";;;AAAA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,YAAY;AACrB,SAAS,eAAe;AACxB,SAAS,eAAAA,oBAAmB;;;ACT5B,SAAS,KAAAC,UAAS;;;ACAlB;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AACP,SAAS,SAAS;AAElB,IAAM,WAAW,KAAK;AACtB,IAAM,WAAW;AACjB,IAAM,WAAW;AACjB,IAAM,aAAa;AACnB,IAAM,gBAAgB,MAAM,OAAO;AAE5B,IAAM,sBAAsB,EAAE,OAAO;AAAA,EAC1C,YAAY,EAAE,OAAO;AAAA,IACnB,QAAQ,EAAE,QAAQ,aAAa;AAAA,IAC/B,KAAK,EAAE,QAAQ,QAAQ;AAAA,IACvB,WAAW,EAAE,OAAO;AAAA,MAClB,GAAG,EAAE,OAAO;AAAA,MACZ,GAAG,EAAE,OAAO;AAAA,MACZ,GAAG,EAAE,OAAO;AAAA,IACd,CAAC;AAAA,IACD,MAAM,EAAE,OAAO;AAAA,IACf,IAAI,EAAE,OAAO;AAAA,IACb,KAAK,EAAE,OAAO;AAAA,EAChB,CAAC;AAAA,EACD,MAAM,EAAE,OAAO;AACjB,CAAC;AAGM,SAAS,QAAQ,MAAc,eAAsC;AAC1E,QAAM,OAAO,YAAY,EAAE;AAC3B,QAAM,SAAS,WAAW,eAAe,MAAM,YAAY;AAAA,IACzD,GAAG;AAAA,IAAU,GAAG;AAAA,IAAU,GAAG;AAAA,IAAU,QAAQ;AAAA,EACjD,CAAC;AACD,QAAM,KAAK,YAAY,EAAE;AACzB,QAAM,SAAS,eAAe,eAAe,QAAQ,EAAE;AAEvD,QAAM,YAAY,OAAO,OAAO;AAAA,IAC9B,OAAO,OAAO,MAAM,MAAM;AAAA,IAC1B,OAAO,MAAM;AAAA,EACf,CAAC;AAED,SAAO;AAAA,IACL,YAAY;AAAA,MACV,QAAQ;AAAA,MACR,KAAK;AAAA,MACL,WAAW,EAAE,GAAG,UAAU,GAAG,UAAU,GAAG,SAAS;AAAA,MACnD,MAAM,KAAK,SAAS,QAAQ;AAAA,MAC5B,IAAI,GAAG,SAAS,QAAQ;AAAA,MACxB,KAAK,OAAO,WAAW,EAAE,SAAS,QAAQ;AAAA,IAC5C;AAAA,IACA,MAAM,UAAU,SAAS,QAAQ;AAAA,EACnC;AACF;AAEO,SAAS,QAAQ,MAAqB,eAA+B;AAC1E,QAAM,EAAE,MAAM,IAAI,KAAK,UAAU,IAAI,KAAK;AAE1C,QAAM,SAAS;AAAA,IACb;AAAA,IACA,OAAO,KAAK,MAAM,QAAQ;AAAA,IAC1B;AAAA,IACA,EAAE,GAAG,UAAU,GAAG,GAAG,UAAU,GAAG,GAAG,UAAU,GAAG,QAAQ,cAAc;AAAA,EAC1E;AAEA,QAAM,WAAW;AAAA,IACf;AAAA,IACA;AAAA,IACA,OAAO,KAAK,IAAI,QAAQ;AAAA,IACxB,EAAE,eAAe,GAAG;AAAA,EACtB;AACA,WAAS,WAAW,OAAO,KAAK,KAAK,QAAQ,CAAC;AAE9C,SAAO,OAAO,OAAO;AAAA,IACnB,SAAS,OAAO,OAAO,KAAK,KAAK,MAAM,QAAQ,CAAC;AAAA,IAChD,SAAS,MAAM;AAAA,EACjB,CAAC,EAAE,SAAS,MAAM;AACpB;;;ADvEO,IAAM,cAAcC,GAAE,KAAK;AAAA,EAChC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAGM,IAAM,iBAAiBA,GAAE,KAAK,CAAC,UAAU,YAAY,WAAW,MAAM,CAAC;AAGvE,IAAM,gBAAyC;AAAA,EACpD,QAAQ;AAAA,EACR,UAAU;AAAA,EACV,MAAM;AAAA,EACN,UAAU;AAAA,EACV,SAAS;AAAA,EACT,UAAU;AAAA,EACV,KAAK;AAAA,EACL,WAAW;AAAA,EACX,SAAS;AAAA,EACT,MAAM;AACR;AAIO,IAAM,kBAAkBA,GAAE,OAAO;AAAA,EACtC,QAAQA,GAAE,OAAO,EAAE,SAAS;AAAA,EAC5B,UAAUA,GAAE,OAAO,EAAE,SAAS;AAAA,EAC9B,SAASA,GAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,MAAMA,GAAE,OAAO,EAAE,SAAS;AAC5B,CAAC;AAKM,IAAM,iBAAiBA,GAAE,OAAO;AAAA,EACrC,MAAMA,GAAE,OAAO;AAAA,EACf,MAAMA,GAAE,QAAQ,IAAI;AAAA,EACpB,UAAUA,GAAE,OAAO;AAAA,EACnB,WAAW;AAAA,EACX,WAAWA,GAAE,OAAO;AACtB,CAAC;AAGM,IAAM,uBAAuBA,GAAE,OAAO;AAAA,EAC3C,MAAMA,GAAE,OAAO;AAAA,EACf,MAAMA,GAAE,QAAQ,UAAU;AAAA,EAC1B,OAAO;AAAA,EACP,YAAYA,GAAE,OAAO;AAAA,EACrB,WAAW;AAAA,EACX,WAAWA,GAAE,OAAO;AACtB,CAAC;AAGM,IAAM,eAAeA,GAAE,mBAAmB,QAAQ;AAAA,EACvD;AAAA,EACA;AACF,CAAC;AAOM,IAAM,mBAAmBA,GAAE,OAAO;AAAA,EACvC,MAAMA,GAAE,OAAO;AAAA,EACf,MAAMA,GAAE,KAAK,CAAC,MAAM,UAAU,CAAC;AAAA,EAC/B,WAAW;AAAA,EACX,WAAWA,GAAE,OAAO;AACtB,CAAC;;;AEpFD,SAAS,cAAc,gBAAgB;AACvC,SAAS,eAAAC,oBAAmB;AAC5B,SAAS,gBAAgB;AAEzB,IAAM,UAAU;AAChB,IAAM,UAAU;AAIhB,SAAS,WAAW,OAAqB;AACvC,MAAI;AACF,iBAAa,YAAY;AAAA,MACvB;AAAA,MAA2B;AAAA,MAAM;AAAA,MAAS;AAAA,MAAM;AAAA,IAClD,GAAG,EAAE,OAAO,SAAS,CAAC;AAAA,EACxB,QAAQ;AAAA,EAAC;AACT,eAAa,YAAY;AAAA,IACvB;AAAA,IAAwB;AAAA,IAAM;AAAA,IAAS;AAAA,IAAM;AAAA,IAAS;AAAA,IAAM;AAAA,EAC9D,GAAG,EAAE,OAAO,SAAS,CAAC;AACxB;AAEA,SAAS,WAA0B;AACjC,MAAI;AACF,WAAO,aAAa,YAAY;AAAA,MAC9B;AAAA,MAAyB;AAAA,MAAM;AAAA,MAAS;AAAA,MAAM;AAAA,MAAS;AAAA,IACzD,GAAG,EAAE,UAAU,SAAS,OAAO,CAAC,UAAU,QAAQ,QAAQ,EAAE,CAAC,EAAE,KAAK;AAAA,EACtE,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAIA,SAAS,WAAW,OAAqB;AACvC;AAAA,IACE,4CAA4C,OAAO,cAAc,OAAO,cAAc,OAAO;AAAA,IAC7F,EAAE,OAAO,OAAO,OAAO,CAAC,QAAQ,UAAU,QAAQ,EAAE;AAAA,EACtD;AACF;AAEA,SAAS,WAA0B;AACjC,MAAI;AACF,WAAO,aAAa,eAAe;AAAA,MACjC;AAAA,MAAU;AAAA,MAAW;AAAA,MAAS;AAAA,MAAW;AAAA,IAC3C,GAAG,EAAE,UAAU,SAAS,OAAO,CAAC,UAAU,QAAQ,QAAQ,EAAE,CAAC,EAAE,KAAK;AAAA,EACtE,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAIA,SAAS,gBAAgB,OAAqB;AAC5C,QAAM,KAAK,SAAS;AACpB,MAAI,OAAO,SAAU,QAAO,WAAW,KAAK;AAC5C,MAAI,OAAO,QAAS,QAAO,WAAW,KAAK;AAC3C,QAAM,IAAI,MAAM,4CAA4C;AAC9D;AAEA,SAAS,kBAAiC;AACxC,QAAM,KAAK,SAAS;AACpB,MAAI,OAAO,SAAU,QAAO,SAAS;AACrC,MAAI,OAAO,QAAS,QAAO,SAAS;AACpC,SAAO;AACT;AAIO,SAAS,mBAAkC;AAChD,QAAM,SAAS,QAAQ,IAAI;AAC3B,MAAI,OAAQ,QAAO;AACnB,SAAO,gBAAgB;AACzB;AAEO,SAAS,sBAA8B;AAC5C,QAAM,WAAW,iBAAiB;AAClC,MAAI,SAAU,QAAO;AAErB,QAAM,MAAMA,aAAY,EAAE,EAAE,SAAS,KAAK;AAC1C,kBAAgB,GAAG;AACnB,SAAO;AACT;;;AChFA,SAAS,kBAAkB;AAC3B,SAAS,aAAa;AACtB,SAAS,0BAA0B;AACnC,SAAS,kBAAkB;AAC3B,SAAS,kBAAkB;AAC3B,YAAY,aAAa;AACzB,OAAO,mBAAmB;AAC1B,YAAY,SAAS;AACrB,SAAS,eAAe;AACxB,OAAO,UAAU;AAGjB,IAAM,SAAS,cAAc,GAAG;AAIzB,SAAS,eAAe,OAAiB,UAAU,GAAW;AACnE,UAAQ,OAAO;AAAA,IACb,KAAK;AACH,aAAO,cAAc,OAAO;AAAA,IAC9B,KAAK;AACH,aAAO,aAAa,OAAO;AAAA,IAC7B,KAAK;AACH,aAAO,YAAY,OAAO;AAAA,IAC5B,KAAK;AACH,aAAO,cAAc,OAAO;AAAA,EAChC;AACF;AASO,SAAS,kBACd,UACA,OACA,UAAU,GACE;AACZ,UAAQ,OAAO;AAAA,IACb,KAAK;AACH,aAAO,aAAa,UAAU,OAAO;AAAA,IACvC,KAAK;AACH,aAAO,eAAe,UAAU,OAAO;AAAA,IACzC,KAAK;AACH,aAAO,cAAc,UAAU,OAAO;AAAA,IACxC,KAAK;AACH,aAAO,WAAW,UAAU,OAAO;AAAA,EACvC;AACF;AAEO,SAAS,mBACd,UACA,UAAU,GACgB;AAC1B,SAAO;AAAA,IACL,QAAQ,kBAAkB,UAAU,UAAU,OAAO,EAAE;AAAA,IACvD,UAAU,kBAAkB,UAAU,YAAY,OAAO,EAAE;AAAA,IAC3D,SAAS,kBAAkB,UAAU,WAAW,OAAO,EAAE;AAAA,IACzD,MAAM,kBAAkB,UAAU,QAAQ,OAAO,EAAE;AAAA,EACrD;AACF;AAIA,SAAS,aAAa,UAAkB,SAA6B;AACnE,QAAM,OAAO,mBAAmB,QAAQ;AACxC,QAAM,OAAO,eAAe,UAAU,OAAO;AAC7C,QAAM,EAAE,IAAI,IAAI,WAAW,MAAM,OAAO,KAAK,IAAI,EAAE,SAAS,KAAK,CAAC;AAClE,QAAM,UAAU,QAAQ,SAAS,WAAW,KAAK,GAAG,CAAC;AACrD,SAAO;AAAA,IACL,YAAY,QAAQ;AAAA,IACpB,SAAS,QAAQ,UAAU,SAAS;AAAA,EACtC;AACF;AAIA,SAAS,eAAe,UAAkB,SAA6B;AACrE,QAAM,OAAO,mBAAmB,QAAQ;AACxC,QAAM,QAAQ,MAAM,eAAe,IAAI;AACvC,QAAM,OAAO,eAAe,YAAY,OAAO;AAC/C,QAAM,QAAQ,MAAM,OAAO,IAAI;AAC/B,MAAI,CAAC,MAAM,WAAY,OAAM,IAAI,MAAM,kCAAkC;AAEzE,QAAM,UAAU,sBAAsB,MAAM,SAAU;AACtD,SAAO;AAAA,IACL,YAAY,MAAM;AAAA,IAClB;AAAA,EACF;AACF;AAEA,SAAS,sBAAsB,kBAAsC;AACnE,QAAM,eAAmB,kBAAc,kBAAkB,KAAK;AAC9D,QAAM,OAAO,UAAU,aAAa,MAAM,CAAC,CAAC;AAC5C,QAAM,eAAe,KAAK,MAAM,GAAG;AACnC,QAAM,UAAU,OAAO,OAAO,KAAK,YAAY,EAAE,SAAS,KAAK;AAC/D,SAAO,kBAAkB,OAAO;AAClC;AAEA,SAAS,UAAU,MAA8B;AAC/C,SAAO,WAAW,IAAI;AACxB;AAEA,SAAS,kBAAkB,SAAyB;AAClD,QAAM,OAAO,QAAQ,YAAY,EAAE,QAAQ,MAAM,EAAE;AACnD,QAAM,OAAO,OAAO,KAAK,WAAW,OAAO,KAAK,MAAM,MAAM,CAAC,CAAC,EAAE,SAAS,KAAK;AAC9E,MAAI,cAAc;AAClB,WAAS,IAAI,GAAG,IAAI,KAAK,QAAQ,KAAK;AACpC,mBAAe,SAAS,KAAK,CAAC,GAAG,EAAE,KAAK,IAAI,KAAK,CAAC,EAAE,YAAY,IAAI,KAAK,CAAC;AAAA,EAC5E;AACA,SAAO;AACT;AAIA,SAAS,cAAc,UAAkB,SAA6B;AACpE,QAAM,OAAO,mBAAmB,QAAQ;AACxC,QAAM,QAAQ,MAAM,eAAe,IAAI;AACvC,QAAM,OAAO,eAAe,WAAW,OAAO;AAC9C,QAAM,QAAQ,MAAM,OAAO,IAAI;AAC/B,MAAI,CAAC,MAAM,WAAY,OAAM,IAAI,MAAM,sCAAsC;AAE7E,QAAM,UAAU,OAAO,eAAe,OAAO,KAAK,MAAM,UAAU,CAAC;AACnE,QAAM,EAAE,QAAQ,IAAY,iBAAS,OAAO;AAAA,IAC1C,QAAQ,OAAO,KAAK,QAAQ,SAAS;AAAA,EACvC,CAAC;AACD,MAAI,CAAC,QAAS,OAAM,IAAI,MAAM,kCAAkC;AAEhE,SAAO;AAAA,IACL,YAAY,MAAM;AAAA,IAClB;AAAA,EACF;AACF;AAIA,SAAS,WAAW,UAAkB,SAA6B;AACjE,QAAM,OAAO,mBAAmB,QAAQ;AACxC,QAAM,QAAQ,MAAM,eAAe,IAAI;AACvC,QAAM,OAAO,eAAe,QAAQ,OAAO;AAC3C,QAAM,QAAQ,MAAM,OAAO,IAAI;AAC/B,MAAI,CAAC,MAAM,WAAY,OAAM,IAAI,MAAM,mCAAmC;AAE1E,QAAM,UAAU,uBAAuB,MAAM,SAAU;AACvD,SAAO,EAAE,YAAY,MAAM,YAAY,QAAQ;AACjD;AAEA,SAAS,uBAAuB,kBAAsC;AACpE,QAAM,eAAmB,kBAAc,kBAAkB,KAAK;AAC9D,QAAM,OAAO,UAAU,aAAa,MAAM,CAAC,CAAC;AAC5C,QAAM,eAAe,KAAK,MAAM,GAAG;AAGnC,QAAM,WAAW,OAAO,OAAO,CAAC,OAAO,KAAK,CAAC,EAAI,CAAC,GAAG,OAAO,KAAK,YAAY,CAAC,CAAC;AAC/E,QAAM,QAAQ,WAAW,QAAQ,EAAE,OAAO,QAAQ,EAAE,OAAO;AAC3D,QAAM,QAAQ,WAAW,QAAQ,EAAE,OAAO,KAAK,EAAE,OAAO;AACxD,QAAM,MAAM,OAAO,OAAO,CAAC,UAAU,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC;AAEvD,SAAO,KAAK,OAAO,GAAG;AACxB;;;AJ7IA,OAAOC,WAAU;AAIjB,IAAM,aAAa,KAAK,QAAQ,GAAG,WAAW,SAAS;AACvD,IAAM,eAAe,KAAK,YAAY,cAAc;AAEpD,SAAS,kBAAwB;AAC/B,YAAU,YAAY,EAAE,WAAW,MAAM,MAAM,IAAM,CAAC;AACxD;AAIO,SAAS,cAAwB;AACtC,MAAI,CAAC,WAAW,YAAY,EAAG,QAAO,CAAC;AAEvC,QAAM,gBAAgB,iBAAiB;AACvC,MAAI,CAAC,eAAe;AAClB,UAAM,IAAI;AAAA,MACR;AAAA,IACF;AAAA,EACF;AAEA,QAAM,MAAM,KAAK,MAAM,aAAa,cAAc,OAAO,CAAC;AAC1D,QAAM,OAAO,oBAAkB,MAAM,GAAG;AACxC,QAAM,YAAY,QAAQ,MAAM,aAAa;AAC7C,QAAM,SAAS,KAAK,MAAM,SAAS;AAEnC,UAAQ,OAAO,WAAW,CAAC,GAAG,IAAI,CAAC,MAAe,aAAa,MAAM,CAAC,CAAC;AACzE;AAEO,SAAS,YAAY,SAAyB;AACnD,QAAM,gBAAgB,oBAAoB;AAC1C,QAAM,OAAO,KAAK,UAAU,EAAE,QAAQ,CAAC;AACvC,QAAM,OAAO,QAAQ,MAAM,aAAa;AAExC,kBAAgB;AAChB,QAAM,UAAU,KAAK,YAAY,YAAYC,aAAY,CAAC,EAAE,SAAS,KAAK,CAAC,MAAM;AACjF,gBAAc,SAAS,KAAK,UAAU,MAAM,MAAM,CAAC,GAAG,EAAE,MAAM,IAAM,CAAC;AACrE,aAAW,SAAS,YAAY;AAClC;AAEO,SAAS,cAAc,IAAuC;AACnE,QAAM,UAAU,YAAY;AAC5B,KAAG,OAAO;AACV,cAAY,OAAO;AACrB;AAIO,SAAS,WAAW,eAAsC;AAC/D,QAAM,UAAU,YAAY;AAE5B,aAAW,UAAU,SAAS;AAC5B,QAAI,OAAO,SAAS,cAAe,QAAO;AAC1C,eAAW,WAAW,OAAO,OAAO,OAAO,SAAS,GAAG;AACrD,UAAI,YAAY,cAAe,QAAO;AAAA,IACxC;AAAA,EACF;AAEA,SAAO;AACT;AAEO,SAAS,kBAAkB,eAA+B;AAC/D,QAAM,SAAS,WAAW,aAAa;AACvC,MAAI,CAAC,OAAQ,OAAM,IAAI,MAAM,WAAW,aAAa,aAAa;AAClE,SAAO;AACT;AAEO,SAAS,UAAU,QAAsB;AAC9C,gBAAc,CAAC,YAAY;AACzB,QAAI,QAAQ,KAAK,CAAC,MAAM,EAAE,SAAS,OAAO,IAAI,GAAG;AAC/C,YAAM,IAAI,MAAM,WAAW,OAAO,IAAI,kBAAkB;AAAA,IAC1D;AACA,YAAQ,KAAK,MAAM;AAAA,EACrB,CAAC;AACH;AAEO,SAAS,aAAa,MAAoB;AAC/C,gBAAc,CAAC,YAAY;AACzB,UAAM,MAAM,QAAQ,UAAU,CAAC,MAAM,EAAE,SAAS,IAAI;AACpD,QAAI,QAAQ,GAAI,OAAM,IAAI,MAAM,WAAW,IAAI,aAAa;AAC5D,YAAQ,OAAO,KAAK,CAAC;AAAA,EACvB,CAAC;AACH;AAIO,SAAS,kBACd,QACA,OAC6C;AAC7C,QAAM,WAAW,cAAc,KAAK;AAEpC,MAAI,OAAO,SAAS,YAAY;AAC9B,QAAI,OAAO,UAAU,UAAU;AAC7B,YAAM,IAAI;AAAA,QACR,WAAW,OAAO,IAAI,sBAAsB,OAAO,KAAK,qBAAqB,KAAK;AAAA,MACpF;AAAA,IACF;AACA,WAAO;AAAA,MACL,YAAY,iBAAiB,OAAO,YAAY,QAAQ;AAAA,MACxD,SAAS,OAAO,UAAU,QAAQ;AAAA,IACpC;AAAA,EACF;AAEA,QAAM,UAAU,kBAAkB,OAAO,UAAU,QAAQ;AAC3D,SAAO,EAAE,YAAY,QAAQ,YAAY,SAAS,QAAQ,QAAQ;AACpE;AAEA,SAAS,iBAAiB,KAAa,OAA6B;AAClE,MAAI,UAAU,UAAU;AACtB,WAAOD,MAAK,OAAO,GAAG;AAAA,EACxB;AACA,QAAM,MAAM,IAAI,WAAW,IAAI,IAAI,IAAI,MAAM,CAAC,IAAI;AAClD,SAAO,WAAW,KAAK,OAAO,KAAK,KAAK,KAAK,CAAC;AAChD;","names":["randomBytes","z","z","randomBytes","bs58","randomBytes"]}