@nerochain/mpc-sdk 0.1.0

package/dist/react.js

@@ -0,0 +1,4033 @@
+'use strict';
+
+var sha256 = require('@noble/hashes/sha256');
+var utils = require('@noble/hashes/utils');
+var react = require('react');
+var secp256k1 = require('@noble/curves/secp256k1');
+var sha3 = require('@noble/hashes/sha3');
+var jsxRuntime = require('react/jsx-runtime');
+
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/core/crypto-primitives.ts
+var crypto_primitives_exports = {};
+__export(crypto_primitives_exports, {
+  bytesToHex: () => utils.bytesToHex,
+  computeCommitment: () => computeCommitment,
+  decryptWithKey: () => decryptWithKey,
+  decryptWithPassword: () => decryptWithPassword,
+  deriveKeyFromDeviceInfo: () => deriveKeyFromDeviceInfo,
+  deriveKeyFromPassword: () => deriveKeyFromPassword,
+  encryptWithKey: () => encryptWithKey,
+  encryptWithPassword: () => encryptWithPassword,
+  generateRandomBytes: () => generateRandomBytes,
+  generateRandomHex: () => generateRandomHex,
+  hashSha256: () => hashSha256,
+  hexToBytes: () => utils.hexToBytes,
+  utf8ToBytes: () => utils.utf8ToBytes
+});
+function getSubtleCrypto() {
+  if (typeof globalThis.crypto?.subtle !== "undefined") {
+    return globalThis.crypto.subtle;
+  }
+  throw new Error("WebCrypto API not available in this environment");
+}
+function getRandomValues(length) {
+  const buffer = new Uint8Array(length);
+  if (typeof globalThis.crypto?.getRandomValues !== "undefined") {
+    globalThis.crypto.getRandomValues(buffer);
+    return buffer;
+  }
+  throw new Error("Secure random not available in this environment");
+}
+function toBuffer(data) {
+  return data.buffer.slice(
+    data.byteOffset,
+    data.byteOffset + data.byteLength
+  );
+}
+async function deriveKeyFromPassword(password, salt) {
+  const subtle = getSubtleCrypto();
+  const passwordKey = await subtle.importKey(
+    "raw",
+    toBuffer(utils.utf8ToBytes(password)),
+    "PBKDF2",
+    false,
+    ["deriveKey"]
+  );
+  return subtle.deriveKey(
+    {
+      name: "PBKDF2",
+      salt: toBuffer(salt),
+      iterations: PBKDF2_ITERATIONS,
+      hash: "SHA-256"
+    },
+    passwordKey,
+    { name: "AES-GCM", length: KEY_LENGTH },
+    false,
+    ["encrypt", "decrypt"]
+  );
+}
+async function deriveKeyFromDeviceInfo(deviceId, userId) {
+  const combined = `${deviceId}:${userId}`;
+  const hash = sha256.sha256(utils.utf8ToBytes(combined));
+  const subtle = getSubtleCrypto();
+  return subtle.importKey(
+    "raw",
+    toBuffer(hash),
+    { name: "AES-GCM", length: KEY_LENGTH },
+    false,
+    ["encrypt", "decrypt"]
+  );
+}
+async function encryptWithPassword(plaintext, password) {
+  const subtle = getSubtleCrypto();
+  const salt = getRandomValues(SALT_LENGTH);
+  const iv = getRandomValues(IV_LENGTH);
+  const key = await deriveKeyFromPassword(password, salt);
+  const ciphertext = await subtle.encrypt(
+    { name: "AES-GCM", iv: toBuffer(iv) },
+    key,
+    toBuffer(utils.utf8ToBytes(plaintext))
+  );
+  return {
+    ciphertext: utils.bytesToHex(new Uint8Array(ciphertext)),
+    iv: utils.bytesToHex(iv),
+    salt: utils.bytesToHex(salt)
+  };
+}
+async function decryptWithPassword(encrypted, password) {
+  const subtle = getSubtleCrypto();
+  const salt = utils.hexToBytes(encrypted.salt);
+  const iv = utils.hexToBytes(encrypted.iv);
+  const ciphertext = utils.hexToBytes(encrypted.ciphertext);
+  const key = await deriveKeyFromPassword(password, salt);
+  const plaintext = await subtle.decrypt(
+    { name: "AES-GCM", iv: toBuffer(iv) },
+    key,
+    toBuffer(ciphertext)
+  );
+  return new TextDecoder().decode(plaintext);
+}
+async function encryptWithKey(plaintext, key) {
+  const subtle = getSubtleCrypto();
+  const iv = getRandomValues(IV_LENGTH);
+  const ciphertext = await subtle.encrypt(
+    { name: "AES-GCM", iv: toBuffer(iv) },
+    key,
+    toBuffer(utils.utf8ToBytes(plaintext))
+  );
+  return {
+    ciphertext: utils.bytesToHex(new Uint8Array(ciphertext)),
+    iv: utils.bytesToHex(iv)
+  };
+}
+async function decryptWithKey(ciphertext, iv, key) {
+  const subtle = getSubtleCrypto();
+  const plaintext = await subtle.decrypt(
+    { name: "AES-GCM", iv: toBuffer(utils.hexToBytes(iv)) },
+    key,
+    toBuffer(utils.hexToBytes(ciphertext))
+  );
+  return new TextDecoder().decode(plaintext);
+}
+function generateRandomBytes(length) {
+  return getRandomValues(length);
+}
+function generateRandomHex(length) {
+  return utils.bytesToHex(getRandomValues(length));
+}
+function hashSha256(data) {
+  const input = typeof data === "string" ? utils.utf8ToBytes(data) : data;
+  return utils.bytesToHex(sha256.sha256(input));
+}
+function computeCommitment(value, blinding) {
+  const combined = `${value}:${blinding}`;
+  return hashSha256(combined);
+}
+var PBKDF2_ITERATIONS, SALT_LENGTH, IV_LENGTH, KEY_LENGTH;
+var init_crypto_primitives = __esm({
+  "src/core/crypto-primitives.ts"() {
+    PBKDF2_ITERATIONS = 1e5;
+    SALT_LENGTH = 16;
+    IV_LENGTH = 12;
+    KEY_LENGTH = 256;
+  }
+});
+
+// src/chains/configs.ts
+var NERO_TESTNET = {
+  chainId: 689,
+  chainName: "nero-testnet",
+  displayName: "NERO Testnet",
+  nativeCurrency: {
+    name: "NERO",
+    symbol: "NERO",
+    decimals: 18
+  },
+  rpcUrls: ["https://testnet.nerochain.io"],
+  blockExplorerUrls: ["https://testnetscan.nerochain.io"],
+  isTestnet: true,
+  bundlerUrl: "https://bundler.testnet.nerochain.io",
+  paymasterUrl: "https://paymaster.testnet.nerochain.io",
+  entryPointAddress: "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789",
+  simpleAccountFactoryAddress: "0x9406Cc6185a346906296840746125a0E44976454"
+};
+var NERO_MAINNET = {
+  chainId: 1689,
+  chainName: "nero-mainnet",
+  displayName: "NERO Mainnet",
+  nativeCurrency: {
+    name: "NERO",
+    symbol: "NERO",
+    decimals: 18
+  },
+  rpcUrls: ["https://rpc.nerochain.io"],
+  blockExplorerUrls: ["https://scan.nerochain.io"],
+  isTestnet: false,
+  bundlerUrl: "https://bundler.nerochain.io",
+  paymasterUrl: "https://paymaster.nerochain.io",
+  entryPointAddress: "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789",
+  simpleAccountFactoryAddress: "0x9406Cc6185a346906296840746125a0E44976454"
+};
+var ETHEREUM_MAINNET = {
+  chainId: 1,
+  chainName: "ethereum",
+  displayName: "Ethereum",
+  nativeCurrency: {
+    name: "Ether",
+    symbol: "ETH",
+    decimals: 18
+  },
+  rpcUrls: ["https://eth.llamarpc.com", "https://rpc.ankr.com/eth"],
+  blockExplorerUrls: ["https://etherscan.io"],
+  isTestnet: false,
+  entryPointAddress: "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789"
+};
+var ETHEREUM_SEPOLIA = {
+  chainId: 11155111,
+  chainName: "sepolia",
+  displayName: "Sepolia Testnet",
+  nativeCurrency: {
+    name: "Sepolia Ether",
+    symbol: "ETH",
+    decimals: 18
+  },
+  rpcUrls: ["https://rpc.sepolia.org", "https://rpc.ankr.com/eth_sepolia"],
+  blockExplorerUrls: ["https://sepolia.etherscan.io"],
+  isTestnet: true,
+  entryPointAddress: "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789"
+};
+var POLYGON_MAINNET = {
+  chainId: 137,
+  chainName: "polygon",
+  displayName: "Polygon",
+  nativeCurrency: {
+    name: "MATIC",
+    symbol: "MATIC",
+    decimals: 18
+  },
+  rpcUrls: ["https://polygon-rpc.com", "https://rpc.ankr.com/polygon"],
+  blockExplorerUrls: ["https://polygonscan.com"],
+  isTestnet: false,
+  entryPointAddress: "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789"
+};
+var ARBITRUM_ONE = {
+  chainId: 42161,
+  chainName: "arbitrum",
+  displayName: "Arbitrum One",
+  nativeCurrency: {
+    name: "Ether",
+    symbol: "ETH",
+    decimals: 18
+  },
+  rpcUrls: ["https://arb1.arbitrum.io/rpc", "https://rpc.ankr.com/arbitrum"],
+  blockExplorerUrls: ["https://arbiscan.io"],
+  isTestnet: false,
+  entryPointAddress: "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789"
+};
+var BASE_MAINNET = {
+  chainId: 8453,
+  chainName: "base",
+  displayName: "Base",
+  nativeCurrency: {
+    name: "Ether",
+    symbol: "ETH",
+    decimals: 18
+  },
+  rpcUrls: ["https://mainnet.base.org", "https://base.llamarpc.com"],
+  blockExplorerUrls: ["https://basescan.org"],
+  isTestnet: false,
+  entryPointAddress: "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789"
+};
+var BUILTIN_CHAINS = /* @__PURE__ */ new Map([
+  [NERO_TESTNET.chainId, NERO_TESTNET],
+  [NERO_MAINNET.chainId, NERO_MAINNET],
+  [ETHEREUM_MAINNET.chainId, ETHEREUM_MAINNET],
+  [ETHEREUM_SEPOLIA.chainId, ETHEREUM_SEPOLIA],
+  [POLYGON_MAINNET.chainId, POLYGON_MAINNET],
+  [ARBITRUM_ONE.chainId, ARBITRUM_ONE],
+  [BASE_MAINNET.chainId, BASE_MAINNET]
+]);
+function getChainConfig(chainId) {
+  return BUILTIN_CHAINS.get(chainId);
+}
+
+// src/chains/chain-manager.ts
+var ChainManager = class {
+  constructor(initialChainId = 689) {
+    this.customChains = /* @__PURE__ */ new Map();
+    this.listeners = /* @__PURE__ */ new Set();
+    this.rpcConnections = /* @__PURE__ */ new Map();
+    this.currentChainId = initialChainId;
+  }
+  get chainId() {
+    return this.currentChainId;
+  }
+  get chainConfig() {
+    return this.getConfig(this.currentChainId);
+  }
+  getConfig(chainId) {
+    return getChainConfig(chainId) ?? this.customChains.get(chainId);
+  }
+  getSupportedChains() {
+    const builtins = Array.from(BUILTIN_CHAINS.values());
+    const custom = Array.from(this.customChains.values());
+    return [...builtins, ...custom];
+  }
+  getSupportedChainIds() {
+    return this.getSupportedChains().map((c) => c.chainId);
+  }
+  isChainSupported(chainId) {
+    return this.getConfig(chainId) !== void 0;
+  }
+  addChain(config) {
+    this.customChains.set(config.chainId, config);
+  }
+  removeChain(chainId) {
+    if (BUILTIN_CHAINS.has(chainId)) {
+      return false;
+    }
+    return this.customChains.delete(chainId);
+  }
+  async switchChain(chainId) {
+    const config = this.getConfig(chainId);
+    if (!config) {
+      throw new Error(`Chain ${chainId} is not supported`);
+    }
+    const previousChainId = this.currentChainId;
+    this.currentChainId = chainId;
+    if (previousChainId !== chainId) {
+      this.notifyListeners(chainId, config);
+    }
+    return config;
+  }
+  onChainChange(listener) {
+    this.listeners.add(listener);
+    return () => this.listeners.delete(listener);
+  }
+  notifyListeners(chainId, config) {
+    for (const listener of this.listeners) {
+      try {
+        listener(chainId, config);
+      } catch {
+      }
+    }
+  }
+  getRpcConnection(chainId) {
+    const targetChainId = chainId ?? this.currentChainId;
+    let connection = this.rpcConnections.get(targetChainId);
+    if (!connection) {
+      const config = this.getConfig(targetChainId);
+      if (!config) {
+        throw new Error(`Chain ${targetChainId} is not supported`);
+      }
+      connection = new RpcConnection(config);
+      this.rpcConnections.set(targetChainId, connection);
+    }
+    return connection;
+  }
+  getTestnets() {
+    return this.getSupportedChains().filter((c) => c.isTestnet);
+  }
+  getMainnets() {
+    return this.getSupportedChains().filter((c) => !c.isTestnet);
+  }
+};
+var RpcConnection = class {
+  constructor(config) {
+    this.currentRpcIndex = 0;
+    this.config = config;
+  }
+  get chainId() {
+    return this.config.chainId;
+  }
+  get rpcUrl() {
+    return this.config.rpcUrls[this.currentRpcIndex];
+  }
+  async call(method, params = []) {
+    const maxRetries = this.config.rpcUrls.length;
+    let lastError = null;
+    for (let attempt = 0; attempt < maxRetries; attempt++) {
+      try {
+        return await this.executeCall(method, params);
+      } catch (error) {
+        lastError = error;
+        this.rotateRpc();
+      }
+    }
+    throw lastError ?? new Error("RPC call failed");
+  }
+  async executeCall(method, params) {
+    const response = await fetch(this.rpcUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: Date.now(),
+        method,
+        params
+      })
+    });
+    if (!response.ok) {
+      throw new Error(`RPC request failed: ${response.status}`);
+    }
+    const data = await response.json();
+    if (data.error) {
+      throw new Error(data.error.message ?? "RPC error");
+    }
+    return data.result;
+  }
+  rotateRpc() {
+    this.currentRpcIndex = (this.currentRpcIndex + 1) % this.config.rpcUrls.length;
+  }
+  async getBlockNumber() {
+    const result = await this.call("eth_blockNumber");
+    return BigInt(result);
+  }
+  async getBalance(address) {
+    const result = await this.call("eth_getBalance", [
+      address,
+      "latest"
+    ]);
+    return BigInt(result);
+  }
+  async getTransactionCount(address) {
+    const result = await this.call("eth_getTransactionCount", [
+      address,
+      "latest"
+    ]);
+    return BigInt(result);
+  }
+  async getGasPrice() {
+    const result = await this.call("eth_gasPrice");
+    return BigInt(result);
+  }
+  async estimateGas(tx) {
+    const result = await this.call("eth_estimateGas", [tx]);
+    return BigInt(result);
+  }
+  async getCode(address) {
+    return this.call("eth_getCode", [address, "latest"]);
+  }
+  async sendRawTransaction(signedTx) {
+    return this.call("eth_sendRawTransaction", [signedTx]);
+  }
+  async getTransactionReceipt(hash) {
+    return this.call("eth_getTransactionReceipt", [
+      hash
+    ]);
+  }
+  async waitForTransaction(hash, confirmations = 1, timeout = 6e4) {
+    const startTime = Date.now();
+    while (Date.now() - startTime < timeout) {
+      const receipt = await this.getTransactionReceipt(hash);
+      if (receipt?.blockNumber) {
+        const currentBlock = await this.getBlockNumber();
+        const txBlock = BigInt(receipt.blockNumber);
+        if (currentBlock - txBlock >= BigInt(confirmations - 1)) {
+          return receipt;
+        }
+      }
+      await new Promise((resolve) => setTimeout(resolve, 2e3));
+    }
+    throw new Error(`Transaction ${hash} not confirmed within timeout`);
+  }
+};
+
+// src/types/index.ts
+var SDKError = class extends Error {
+  constructor(message, code, statusCode) {
+    super(message);
+    this.code = code;
+    this.statusCode = statusCode;
+    this.name = "SDKError";
+  }
+};
+
+// src/core/client-key-manager.ts
+init_crypto_primitives();
+
+// src/core/secure-storage.ts
+init_crypto_primitives();
+var DB_NAME = "nero-mpc-sdk";
+var DB_VERSION = 1;
+var STORE_NAME = "encrypted-data";
+function openDatabase() {
+  return new Promise((resolve, reject) => {
+    const request = indexedDB.open(DB_NAME, DB_VERSION);
+    request.onerror = () => {
+      reject(new Error(`Failed to open IndexedDB: ${request.error?.message}`));
+    };
+    request.onsuccess = () => {
+      resolve(request.result);
+    };
+    request.onupgradeneeded = (event) => {
+      const db = event.target.result;
+      if (!db.objectStoreNames.contains(STORE_NAME)) {
+        db.createObjectStore(STORE_NAME, { keyPath: "key" });
+      }
+    };
+  });
+}
+var IndexedDBStorage = class {
+  constructor(prefix = "nero") {
+    this.prefix = prefix;
+  }
+  prefixKey(key) {
+    return `${this.prefix}:${key}`;
+  }
+  async get(key) {
+    const db = await openDatabase();
+    return new Promise((resolve, reject) => {
+      const transaction = db.transaction(STORE_NAME, "readonly");
+      const store = transaction.objectStore(STORE_NAME);
+      const request = store.get(this.prefixKey(key));
+      request.onerror = () => reject(request.error);
+      request.onsuccess = () => {
+        const item = request.result;
+        resolve(item?.value ?? null);
+      };
+    });
+  }
+  async set(key, value) {
+    const db = await openDatabase();
+    return new Promise((resolve, reject) => {
+      const transaction = db.transaction(STORE_NAME, "readwrite");
+      const store = transaction.objectStore(STORE_NAME);
+      const now = Date.now();
+      const item = {
+        key: this.prefixKey(key),
+        value,
+        createdAt: now,
+        updatedAt: now
+      };
+      const request = store.put(item);
+      request.onerror = () => reject(request.error);
+      request.onsuccess = () => resolve();
+    });
+  }
+  async delete(key) {
+    const db = await openDatabase();
+    return new Promise((resolve, reject) => {
+      const transaction = db.transaction(STORE_NAME, "readwrite");
+      const store = transaction.objectStore(STORE_NAME);
+      const request = store.delete(this.prefixKey(key));
+      request.onerror = () => reject(request.error);
+      request.onsuccess = () => resolve();
+    });
+  }
+  async clear() {
+    const db = await openDatabase();
+    return new Promise((resolve, reject) => {
+      const transaction = db.transaction(STORE_NAME, "readwrite");
+      const store = transaction.objectStore(STORE_NAME);
+      const cursorRequest = store.openCursor();
+      cursorRequest.onerror = () => reject(cursorRequest.error);
+      cursorRequest.onsuccess = (event) => {
+        const cursor = event.target.result;
+        if (cursor) {
+          const key = cursor.key;
+          if (key.startsWith(`${this.prefix}:`)) {
+            cursor.delete();
+          }
+          cursor.continue();
+        } else {
+          resolve();
+        }
+      };
+    });
+  }
+};
+var MemoryStorage = class {
+  constructor(prefix = "nero") {
+    this.store = /* @__PURE__ */ new Map();
+    this.prefix = prefix;
+  }
+  prefixKey(key) {
+    return `${this.prefix}:${key}`;
+  }
+  async get(key) {
+    return this.store.get(this.prefixKey(key)) ?? null;
+  }
+  async set(key, value) {
+    this.store.set(this.prefixKey(key), value);
+  }
+  async delete(key) {
+    this.store.delete(this.prefixKey(key));
+  }
+  async clear() {
+    const keysToDelete = [];
+    for (const key of this.store.keys()) {
+      if (key.startsWith(`${this.prefix}:`)) {
+        keysToDelete.push(key);
+      }
+    }
+    for (const key of keysToDelete) {
+      this.store.delete(key);
+    }
+  }
+};
+var ENCRYPTION_VERSION = 1;
+var SecureKeyStorage = class {
+  constructor(storage, deviceKey) {
+    this.storage = storage;
+    this.deviceKey = deviceKey;
+  }
+  getStorageKey(userId) {
+    return `keyshare:${hashSha256(userId)}`;
+  }
+  getPartySharesKey(userId) {
+    return `partyshares:${hashSha256(userId)}`;
+  }
+  async storeKeyShare(userId, keyShare) {
+    const plaintext = JSON.stringify(keyShare);
+    const encrypted = await encryptWithPassword(plaintext, this.deviceKey);
+    const storedData = {
+      ciphertext: encrypted.ciphertext,
+      iv: encrypted.iv,
+      salt: encrypted.salt,
+      version: ENCRYPTION_VERSION
+    };
+    await this.storage.set(
+      this.getStorageKey(userId),
+      JSON.stringify(storedData)
+    );
+  }
+  async getKeyShare(userId) {
+    const stored = await this.storage.get(this.getStorageKey(userId));
+    if (!stored) {
+      return null;
+    }
+    const encryptedData = JSON.parse(stored);
+    if (encryptedData.version !== ENCRYPTION_VERSION) {
+      throw new Error(
+        `Unsupported encryption version: ${encryptedData.version}`
+      );
+    }
+    const encrypted = {
+      ciphertext: encryptedData.ciphertext,
+      iv: encryptedData.iv,
+      salt: encryptedData.salt
+    };
+    const plaintext = await decryptWithPassword(encrypted, this.deviceKey);
+    return JSON.parse(plaintext);
+  }
+  async hasKeyShare(userId) {
+    const stored = await this.storage.get(this.getStorageKey(userId));
+    return stored !== null;
+  }
+  async deleteKeyShare(userId) {
+    await this.storage.delete(this.getStorageKey(userId));
+  }
+  async storePartyPublicShares(userId, shares) {
+    const sharesArray = Array.from(shares.entries());
+    const plaintext = JSON.stringify(sharesArray);
+    const encrypted = await encryptWithPassword(plaintext, this.deviceKey);
+    const storedData = {
+      ciphertext: encrypted.ciphertext,
+      iv: encrypted.iv,
+      salt: encrypted.salt,
+      version: ENCRYPTION_VERSION
+    };
+    await this.storage.set(
+      this.getPartySharesKey(userId),
+      JSON.stringify(storedData)
+    );
+  }
+  async getPartyPublicShares(userId) {
+    const stored = await this.storage.get(this.getPartySharesKey(userId));
+    if (!stored) {
+      return null;
+    }
+    const encryptedData = JSON.parse(stored);
+    if (encryptedData.version !== ENCRYPTION_VERSION) {
+      throw new Error(
+        `Unsupported encryption version: ${encryptedData.version}`
+      );
+    }
+    const encrypted = {
+      ciphertext: encryptedData.ciphertext,
+      iv: encryptedData.iv,
+      salt: encryptedData.salt
+    };
+    const plaintext = await decryptWithPassword(encrypted, this.deviceKey);
+    const sharesArray = JSON.parse(plaintext);
+    return new Map(sharesArray);
+  }
+  async deletePartyPublicShares(userId) {
+    await this.storage.delete(this.getPartySharesKey(userId));
+  }
+  async clearAll() {
+    await this.storage.clear();
+  }
+};
+function createSecureStorage(deviceKey, prefix = "nero") {
+  const isIndexedDBAvailable = typeof indexedDB !== "undefined" && indexedDB !== null;
+  const adapter = isIndexedDBAvailable ? new IndexedDBStorage(prefix) : new MemoryStorage(prefix);
+  return new SecureKeyStorage(adapter, deviceKey);
+}
+
+// src/core/client-key-manager.ts
+var ClientKeyManager = class {
+  constructor(deviceKey, config = {}) {
+    this.currentUserId = null;
+    this.cachedKeyShare = null;
+    this.cachedPartyShares = null;
+    this.storage = createSecureStorage(
+      deviceKey,
+      config.storagePrefix ?? "nero"
+    );
+  }
+  async initialize(userId) {
+    this.currentUserId = userId;
+    this.cachedKeyShare = await this.storage.getKeyShare(userId);
+  }
+  async hasKeyShare() {
+    if (!this.currentUserId) {
+      return false;
+    }
+    return this.storage.hasKeyShare(this.currentUserId);
+  }
+  async getKeyShare() {
+    if (this.cachedKeyShare) {
+      return this.cachedKeyShare;
+    }
+    if (!this.currentUserId) {
+      return null;
+    }
+    this.cachedKeyShare = await this.storage.getKeyShare(this.currentUserId);
+    return this.cachedKeyShare;
+  }
+  async storeKeyShare(keyShare) {
+    if (!this.currentUserId) {
+      throw new SDKError("User not initialized", "USER_NOT_INITIALIZED");
+    }
+    await this.storage.storeKeyShare(this.currentUserId, keyShare);
+    this.cachedKeyShare = keyShare;
+  }
+  async getPartyPublicShares() {
+    if (this.cachedPartyShares) {
+      return this.cachedPartyShares;
+    }
+    if (!this.currentUserId) {
+      return null;
+    }
+    this.cachedPartyShares = await this.storage.getPartyPublicShares(
+      this.currentUserId
+    );
+    return this.cachedPartyShares;
+  }
+  async storePartyPublicShares(shares) {
+    if (!this.currentUserId) {
+      throw new SDKError("User not initialized", "USER_NOT_INITIALIZED");
+    }
+    await this.storage.storePartyPublicShares(this.currentUserId, shares);
+    this.cachedPartyShares = shares;
+  }
+  async deleteKeyShare() {
+    if (!this.currentUserId) {
+      return;
+    }
+    await this.storage.deleteKeyShare(this.currentUserId);
+    this.cachedKeyShare = null;
+  }
+  async rotateKeyShare(newKeyShare) {
+    if (!this.currentUserId) {
+      throw new SDKError("User not initialized", "USER_NOT_INITIALIZED");
+    }
+    const existingShare = await this.getKeyShare();
+    if (!existingShare) {
+      throw new SDKError("No existing key share to rotate", "NO_KEY_SHARE");
+    }
+    if (existingShare.partyId !== newKeyShare.partyId) {
+      throw new SDKError(
+        "Party ID mismatch during rotation",
+        "PARTY_ID_MISMATCH"
+      );
+    }
+    await this.storeKeyShare(newKeyShare);
+  }
+  async exportBackup(password) {
+    const keyShare = await this.getKeyShare();
+    if (!keyShare) {
+      throw new SDKError("No key share to export", "NO_KEY_SHARE");
+    }
+    const { encryptWithPassword: encryptWithPassword2 } = await Promise.resolve().then(() => (init_crypto_primitives(), crypto_primitives_exports));
+    const encrypted = await encryptWithPassword2(
+      JSON.stringify(keyShare),
+      password
+    );
+    const backup = {
+      version: 1,
+      type: "nero-mpc-backup",
+      data: encrypted,
+      createdAt: Date.now()
+    };
+    return btoa(JSON.stringify(backup));
+  }
+  async importBackup(backupString, password) {
+    const backup = JSON.parse(atob(backupString));
+    if (backup.type !== "nero-mpc-backup") {
+      throw new SDKError("Invalid backup format", "INVALID_BACKUP");
+    }
+    if (backup.version !== 1) {
+      throw new SDKError(
+        `Unsupported backup version: ${backup.version}`,
+        "UNSUPPORTED_VERSION"
+      );
+    }
+    const { decryptWithPassword: decryptWithPassword2 } = await Promise.resolve().then(() => (init_crypto_primitives(), crypto_primitives_exports));
+    const plaintext = await decryptWithPassword2(backup.data, password);
+    const keyShare = JSON.parse(plaintext);
+    return keyShare;
+  }
+  getWalletInfo(publicKey, chainId) {
+    const eoaAddress = this.deriveEOAAddress(publicKey);
+    return {
+      eoaAddress,
+      publicKey,
+      chainId
+    };
+  }
+  deriveEOAAddress(publicKey) {
+    let pubKeyBytes;
+    const pubKeyHex = publicKey.startsWith("0x") ? publicKey.slice(2) : publicKey;
+    if (pubKeyHex.length === 130) {
+      pubKeyBytes = hexToBytes2(pubKeyHex.slice(2));
+    } else if (pubKeyHex.length === 128) {
+      pubKeyBytes = hexToBytes2(pubKeyHex);
+    } else {
+      throw new SDKError("Invalid public key format", "INVALID_PUBLIC_KEY");
+    }
+    const hash = keccak256(pubKeyBytes);
+    const addressBytes = hash.slice(-20);
+    return `0x${bytesToHex2(addressBytes)}`;
+  }
+  async clear() {
+    await this.storage.clearAll();
+    this.currentUserId = null;
+    this.cachedKeyShare = null;
+    this.cachedPartyShares = null;
+  }
+};
+function hexToBytes2(hex) {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < bytes.length; i++) {
+    bytes[i] = Number.parseInt(hex.substring(i * 2, i * 2 + 2), 16);
+  }
+  return bytes;
+}
+function bytesToHex2(bytes) {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function keccak256(data) {
+  const { keccak_256: keccak_2564 } = __require("@noble/hashes/sha3");
+  return keccak_2564(data);
+}
+function generateDeviceKey() {
+  return generateRandomHex(32);
+}
+
+// src/core/index.ts
+init_crypto_primitives();
+
+// src/core/provider-types.ts
+var EIP1193_ERROR_CODES = {
+  UNAUTHORIZED: 4100,
+  UNSUPPORTED_METHOD: 4200,
+  DISCONNECTED: 4900,
+  CHAIN_DISCONNECTED: 4901,
+  INTERNAL_ERROR: -32603,
+  CHAIN_NOT_ADDED: 4902
+};
+function createProviderRpcError(code, message, data) {
+  const error = new Error(message);
+  error.code = code;
+  error.data = data;
+  return error;
+}
+
+// src/core/provider.ts
+var NeroProvider = class {
+  constructor(config) {
+    this.listeners = /* @__PURE__ */ new Map();
+    this.connected = false;
+    this.customChains = /* @__PURE__ */ new Map();
+    this.config = config;
+    this.chainId = config.chainId;
+    this.chainConfig = getChainConfig(config.chainId);
+  }
+  get isNero() {
+    return true;
+  }
+  get isConnected() {
+    return this.connected;
+  }
+  async request(args) {
+    const { method, params } = args;
+    switch (method) {
+      case "eth_chainId":
+        return this.toHexChainId(this.chainId);
+      case "net_version":
+        return String(this.chainId);
+      case "eth_accounts":
+      case "eth_requestAccounts":
+        return this.handleRequestAccounts();
+      case "eth_sign":
+        return this.handleEthSign(params);
+      case "personal_sign":
+        return this.handlePersonalSign(params);
+      case "eth_signTypedData":
+      case "eth_signTypedData_v3":
+      case "eth_signTypedData_v4":
+        return this.handleSignTypedData(params);
+      case "eth_sendTransaction":
+        return this.handleSendTransaction(params);
+      case "wallet_switchEthereumChain":
+        return this.handleSwitchChain(params);
+      case "wallet_addEthereumChain":
+        return this.handleAddChain(params);
+      case "wallet_watchAsset":
+        return true;
+      case "eth_call":
+      case "eth_estimateGas":
+      case "eth_getBalance":
+      case "eth_getBlockByNumber":
+      case "eth_getBlockByHash":
+      case "eth_getTransactionByHash":
+      case "eth_getTransactionReceipt":
+      case "eth_getCode":
+      case "eth_getStorageAt":
+      case "eth_blockNumber":
+      case "eth_gasPrice":
+      case "eth_getTransactionCount":
+      case "eth_getLogs":
+      case "eth_feeHistory":
+      case "eth_maxPriorityFeePerGas":
+        return this.forwardToRpc(method, params);
+      default:
+        throw createProviderRpcError(
+          EIP1193_ERROR_CODES.UNSUPPORTED_METHOD,
+          `Method ${method} is not supported`
+        );
+    }
+  }
+  on(event, listener) {
+    if (!this.listeners.has(event)) {
+      this.listeners.set(event, /* @__PURE__ */ new Set());
+    }
+    this.listeners.get(event)?.add(listener);
+    return this;
+  }
+  removeListener(event, listener) {
+    this.listeners.get(event)?.delete(listener);
+    return this;
+  }
+  removeAllListeners(event) {
+    if (event) {
+      this.listeners.delete(event);
+    } else {
+      this.listeners.clear();
+    }
+    return this;
+  }
+  emit(event, ...args) {
+    const listeners = this.listeners.get(event);
+    if (!listeners || listeners.size === 0) {
+      return false;
+    }
+    for (const listener of listeners) {
+      try {
+        listener(...args);
+      } catch {
+      }
+    }
+    return true;
+  }
+  connect() {
+    if (this.connected) return;
+    this.connected = true;
+    const info = {
+      chainId: this.toHexChainId(this.chainId)
+    };
+    this.emit("connect", info);
+  }
+  disconnect(error) {
+    if (!this.connected) return;
+    this.connected = false;
+    this.emit(
+      "disconnect",
+      error ?? createProviderRpcError(
+        EIP1193_ERROR_CODES.DISCONNECTED,
+        "Provider disconnected"
+      )
+    );
+  }
+  async switchChain(chainId) {
+    const config = this.getChainConfigById(chainId);
+    if (!config) {
+      throw createProviderRpcError(
+        EIP1193_ERROR_CODES.CHAIN_NOT_ADDED,
+        `Chain ${chainId} has not been added`
+      );
+    }
+    const previousChainId = this.chainId;
+    this.chainId = chainId;
+    this.chainConfig = config;
+    if (previousChainId !== chainId) {
+      this.emit("chainChanged", this.toHexChainId(chainId));
+      this.config.onChainChanged?.(chainId);
+    }
+  }
+  addChain(config) {
+    this.customChains.set(config.chainId, config);
+  }
+  getChainId() {
+    return this.chainId;
+  }
+  getChainConfig() {
+    return this.chainConfig;
+  }
+  getChainConfigById(chainId) {
+    return getChainConfig(chainId) ?? this.customChains.get(chainId);
+  }
+  async handleRequestAccounts() {
+    const accounts = this.config.getAccounts();
+    if (accounts.length === 0) {
+      throw createProviderRpcError(
+        EIP1193_ERROR_CODES.UNAUTHORIZED,
+        "No accounts available"
+      );
+    }
+    if (!this.connected) {
+      this.connect();
+    }
+    return accounts;
+  }
+  async handleEthSign(params) {
+    const [address, message] = params;
+    this.validateAddress(address);
+    return this.config.signMessage(utils.hexToBytes(message.slice(2)));
+  }
+  async handlePersonalSign(params) {
+    const [message, address] = params;
+    this.validateAddress(address);
+    const messageBytes = message.startsWith("0x") ? utils.hexToBytes(message.slice(2)) : utils.utf8ToBytes(message);
+    return this.config.signMessage(messageBytes);
+  }
+  async handleSignTypedData(params) {
+    const [address, typedDataJson] = params;
+    this.validateAddress(address);
+    const typedData = JSON.parse(typedDataJson);
+    const { domain, types, primaryType, message } = typedData;
+    const typesWithoutEIP712Domain = { ...types };
+    typesWithoutEIP712Domain.EIP712Domain = void 0;
+    return this.config.signTypedData(
+      domain,
+      typesWithoutEIP712Domain,
+      primaryType,
+      message
+    );
+  }
+  async handleSendTransaction(params) {
+    const [tx] = params;
+    return this.config.sendTransaction(tx);
+  }
+  async handleSwitchChain(params) {
+    const [{ chainId }] = params;
+    const numericChainId = Number.parseInt(chainId, 16);
+    await this.switchChain(numericChainId);
+    return null;
+  }
+  async handleAddChain(params) {
+    const [chainParams] = params;
+    const chainId = Number.parseInt(chainParams.chainId, 16);
+    const config = {
+      chainId,
+      chainName: chainParams.chainName.toLowerCase().replace(/\s+/g, "-"),
+      displayName: chainParams.chainName,
+      nativeCurrency: chainParams.nativeCurrency,
+      rpcUrls: chainParams.rpcUrls,
+      blockExplorerUrls: chainParams.blockExplorerUrls,
+      isTestnet: false
+    };
+    this.addChain(config);
+    return null;
+  }
+  async forwardToRpc(method, params) {
+    if (!this.chainConfig?.rpcUrls?.[0]) {
+      throw createProviderRpcError(
+        EIP1193_ERROR_CODES.CHAIN_DISCONNECTED,
+        "No RPC URL available for current chain"
+      );
+    }
+    const response = await fetch(this.chainConfig.rpcUrls[0], {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: Date.now(),
+        method,
+        params: params ?? []
+      })
+    });
+    const data = await response.json();
+    if (data.error) {
+      throw createProviderRpcError(
+        data.error.code ?? EIP1193_ERROR_CODES.INTERNAL_ERROR,
+        data.error.message,
+        data.error.data
+      );
+    }
+    return data.result;
+  }
+  validateAddress(address) {
+    const accounts = this.config.getAccounts();
+    const normalizedAddress = address.toLowerCase();
+    const hasAccount = accounts.some(
+      (a) => a.toLowerCase() === normalizedAddress
+    );
+    if (!hasAccount) {
+      throw createProviderRpcError(
+        EIP1193_ERROR_CODES.UNAUTHORIZED,
+        `Address ${address} is not authorized`
+      );
+    }
+  }
+  toHexChainId(chainId) {
+    return `0x${chainId.toString(16)}`;
+  }
+};
+var CURVE_ORDER = secp256k1.secp256k1.CURVE.n;
+function generateRandomScalar() {
+  const bytes = new Uint8Array(32);
+  crypto.getRandomValues(bytes);
+  const scalar = bytesToBigInt(bytes) % CURVE_ORDER;
+  return scalar === 0n ? generateRandomScalar() : scalar;
+}
+function generatePolynomial(degree) {
+  if (degree < 0 || !Number.isInteger(degree)) {
+    throw new Error(`Invalid polynomial degree: ${degree}`);
+  }
+  const coefficients = [];
+  for (let i = 0; i <= degree; i++) {
+    coefficients.push(generateRandomScalar());
+  }
+  return coefficients;
+}
+function evaluatePolynomial(coefficients, x) {
+  let result = 0n;
+  let xPower = 1n;
+  for (const coeff of coefficients) {
+    result = mod(result + mod(coeff * xPower, CURVE_ORDER), CURVE_ORDER);
+    xPower = mod(xPower * x, CURVE_ORDER);
+  }
+  return result;
+}
+function aggregateShares(receivedShares, ownShare) {
+  let combined = ownShare;
+  for (const share of receivedShares.values()) {
+    combined = mod(combined + share, CURVE_ORDER);
+  }
+  return combined;
+}
+function scalarToHex(scalar) {
+  return scalar.toString(16).padStart(64, "0");
+}
+function hexToScalar(hex) {
+  return BigInt(`0x${hex}`);
+}
+function mod(n, m) {
+  return (n % m + m) % m;
+}
+function bytesToBigInt(bytes) {
+  let result = 0n;
+  for (const byte of bytes) {
+    result = (result << 8n) + BigInt(byte);
+  }
+  return result;
+}
+
+// src/protocols/dkg/commitments.ts
+function createVSSSCommitments(partyId, coefficients) {
+  const G2 = secp256k1.secp256k1.ProjectivePoint.BASE;
+  const coefficientCommitments = coefficients.map(
+    (coeff) => G2.multiply(coeff).toHex(true)
+  );
+  const proof = createProofOfKnowledge(
+    partyId,
+    coefficients[0],
+    coefficientCommitments[0]
+  );
+  return {
+    partyId,
+    coefficientCommitments,
+    proofOfKnowledge: proof
+  };
+}
+function verifyVSSSCommitment(commitment, share, receiverPartyId) {
+  const G2 = secp256k1.secp256k1.ProjectivePoint.BASE;
+  const sharePoint = G2.multiply(share);
+  let expectedPoint = secp256k1.secp256k1.ProjectivePoint.fromHex(
+    commitment.coefficientCommitments[0]
+  );
+  const x = BigInt(receiverPartyId);
+  let xPower = x;
+  for (let i = 1; i < commitment.coefficientCommitments.length; i++) {
+    const commitmentPoint = secp256k1.secp256k1.ProjectivePoint.fromHex(
+      commitment.coefficientCommitments[i]
+    );
+    const scaled = commitmentPoint.multiply(xPower);
+    expectedPoint = expectedPoint.add(scaled);
+    xPower = mod(xPower * x, CURVE_ORDER);
+  }
+  return sharePoint.equals(expectedPoint);
+}
+function createProofOfKnowledge(partyId, secret, publicCommitment) {
+  const G2 = secp256k1.secp256k1.ProjectivePoint.BASE;
+  const k = generateRandomScalar();
+  const R = G2.multiply(k);
+  const challenge = computeChallenge(partyId, publicCommitment, R.toHex(true));
+  const response = mod(k + secret * challenge, CURVE_ORDER);
+  return JSON.stringify({
+    R: R.toHex(true),
+    s: scalarToHex(response)
+  });
+}
+function verifyProofOfKnowledge(proof, partyId, publicCommitment) {
+  const G2 = secp256k1.secp256k1.ProjectivePoint.BASE;
+  const { R, s } = JSON.parse(proof);
+  const RPoint = secp256k1.secp256k1.ProjectivePoint.fromHex(R);
+  const response = BigInt(`0x${s}`);
+  const challenge = computeChallenge(partyId, publicCommitment, R);
+  const leftSide = G2.multiply(response);
+  const commitmentPoint = secp256k1.secp256k1.ProjectivePoint.fromHex(publicCommitment);
+  const rightSide = RPoint.add(commitmentPoint.multiply(challenge));
+  return leftSide.equals(rightSide);
+}
+function computeChallenge(partyId, commitment, R) {
+  const input = `${partyId}:${commitment}:${R}`;
+  const hash = sha256.sha256(utils.utf8ToBytes(input));
+  return mod(BigInt(`0x${utils.bytesToHex(hash)}`), CURVE_ORDER);
+}
+function combineVSSSCommitments(commitments) {
+  let combined = secp256k1.secp256k1.ProjectivePoint.fromHex(
+    commitments[0].coefficientCommitments[0]
+  );
+  for (let i = 1; i < commitments.length; i++) {
+    const point = secp256k1.secp256k1.ProjectivePoint.fromHex(
+      commitments[i].coefficientCommitments[0]
+    );
+    combined = combined.add(point);
+  }
+  return combined.toHex(false);
+}
+function toBuffer2(data) {
+  return data.buffer.slice(
+    data.byteOffset,
+    data.byteOffset + data.byteLength
+  );
+}
+async function deriveSharedSecret(privateKey, publicKey) {
+  const pubPoint = secp256k1.secp256k1.ProjectivePoint.fromHex(publicKey);
+  const sharedPoint = pubPoint.multiply(privateKey);
+  const sharedBytes = utils.hexToBytes(sharedPoint.toHex(true));
+  return sha256.sha256(sharedBytes);
+}
+async function aesGcmEncrypt(plaintext, key, nonce) {
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    toBuffer2(key),
+    { name: "AES-GCM" },
+    false,
+    ["encrypt"]
+  );
+  const encrypted = await crypto.subtle.encrypt(
+    { name: "AES-GCM", iv: toBuffer2(nonce), tagLength: 128 },
+    cryptoKey,
+    toBuffer2(plaintext)
+  );
+  const encryptedArray = new Uint8Array(encrypted);
+  const ciphertext = encryptedArray.slice(0, -16);
+  const tag = encryptedArray.slice(-16);
+  return { ciphertext, tag };
+}
+async function aesGcmDecrypt(ciphertext, tag, key, nonce) {
+  const cryptoKey = await crypto.subtle.importKey(
+    "raw",
+    toBuffer2(key),
+    { name: "AES-GCM" },
+    false,
+    ["decrypt"]
+  );
+  const combined = new Uint8Array(ciphertext.length + tag.length);
+  combined.set(ciphertext);
+  combined.set(tag, ciphertext.length);
+  const decrypted = await crypto.subtle.decrypt(
+    { name: "AES-GCM", iv: toBuffer2(nonce), tagLength: 128 },
+    cryptoKey,
+    toBuffer2(combined)
+  );
+  return new Uint8Array(decrypted);
+}
+async function encryptShare(share, fromPartyId, toPartyId, recipientPublicKey) {
+  const ephemeralPrivateKey = generateSecureScalar();
+  const ephemeralPublicKey = secp256k1.secp256k1.ProjectivePoint.BASE.multiply(ephemeralPrivateKey).toHex(true);
+  const sharedSecret = await deriveSharedSecret(
+    ephemeralPrivateKey,
+    recipientPublicKey
+  );
+  const nonce = crypto.getRandomValues(new Uint8Array(12));
+  const shareHex = scalarToHex(share);
+  const plaintext = utils.utf8ToBytes(shareHex);
+  const { ciphertext, tag } = await aesGcmEncrypt(
+    plaintext,
+    sharedSecret,
+    nonce
+  );
+  return {
+    fromPartyId,
+    toPartyId,
+    ephemeralPublicKey,
+    ciphertext: utils.bytesToHex(ciphertext),
+    nonce: utils.bytesToHex(nonce),
+    tag: utils.bytesToHex(tag)
+  };
+}
+async function decryptShare(encryptedShare, recipientPrivateKey) {
+  const sharedSecret = await deriveSharedSecret(
+    recipientPrivateKey,
+    encryptedShare.ephemeralPublicKey
+  );
+  const ciphertext = utils.hexToBytes(encryptedShare.ciphertext);
+  const nonce = utils.hexToBytes(encryptedShare.nonce);
+  const tag = utils.hexToBytes(encryptedShare.tag);
+  const plaintext = await aesGcmDecrypt(ciphertext, tag, sharedSecret, nonce);
+  const shareHex = new TextDecoder().decode(plaintext);
+  const share = hexToScalar(shareHex);
+  return {
+    fromPartyId: encryptedShare.fromPartyId,
+    share
+  };
+}
+function generateSecureScalar() {
+  const bytes = crypto.getRandomValues(new Uint8Array(32));
+  const scalar = mod(BigInt(`0x${utils.bytesToHex(bytes)}`), CURVE_ORDER);
+  if (scalar === 0n) {
+    throw new Error("RNG failure: generated zero scalar");
+  }
+  return scalar;
+}
+function generateEphemeralKeyPair() {
+  const privateKey = generateSecureScalar();
+  const publicKey = secp256k1.secp256k1.ProjectivePoint.BASE.multiply(privateKey).toHex(true);
+  return { privateKey, publicKey };
+}
+
+// src/protocols/dkg/dkg-client.ts
+var PROTOCOL_VERSION = "pedersen-dkg-v1";
+var DKGClient = class {
+  constructor(config) {
+    this.state = null;
+    this.polynomial = [];
+    this.ephemeralKeyPair = null;
+    this.receivedCommitments = /* @__PURE__ */ new Map();
+    this.receivedShares = /* @__PURE__ */ new Map();
+    this.apiClient = config.apiClient;
+    this.wsClient = config.wsClient;
+    this.timeout = config.timeout ?? 6e4;
+  }
+  async execute() {
+    try {
+      await this.initializeSession();
+      await this.runCommitmentPhase();
+      await this.runShareExchangePhase();
+      await this.runVerificationPhase();
+      return await this.completeProtocol();
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "DKG failed";
+      return {
+        success: false,
+        error: message
+      };
+    }
+  }
+  async initializeSession() {
+    const { sessionId, partyId, participantCount, threshold } = await this.apiClient.initiateDKG();
+    if (threshold < 2) {
+      throw new SDKError(
+        "Threshold must be at least 2 for security",
+        "INVALID_THRESHOLD"
+      );
+    }
+    if (participantCount < 2) {
+      throw new SDKError(
+        "Participant count must be at least 2",
+        "INVALID_PARTICIPANT_COUNT"
+      );
+    }
+    if (threshold > participantCount) {
+      throw new SDKError(
+        "Threshold cannot exceed participant count",
+        "INVALID_THRESHOLD"
+      );
+    }
+    this.state = {
+      sessionId,
+      round: "commitment",
+      partyId,
+      participantCount,
+      threshold,
+      commitments: /* @__PURE__ */ new Map(),
+      receivedShares: /* @__PURE__ */ new Map()
+    };
+    this.polynomial = generatePolynomial(threshold - 1);
+    this.ephemeralKeyPair = generateEphemeralKeyPair();
+    if (this.wsClient) {
+      await this.wsClient.connect();
+      this.wsClient.setAccessToken(
+        this.apiClient.getTokens()?.accessToken ?? ""
+      );
+    }
+  }
+  async runCommitmentPhase() {
+    if (!this.state) throw new SDKError("State not initialized", "STATE_ERROR");
+    const commitment = createVSSSCommitments(
+      this.state.partyId,
+      this.polynomial
+    );
+    const apiCommitment = {
+      partyId: this.state.partyId,
+      commitments: commitment.coefficientCommitments,
+      publicKey: this.ephemeralKeyPair?.publicKey ?? "",
+      proofOfKnowledge: commitment.proofOfKnowledge
+    };
+    await this.apiClient.submitDKGCommitment(
+      this.state.sessionId,
+      apiCommitment
+    );
+    this.receivedCommitments.set(this.state.partyId, commitment);
+    const otherCommitments = await this.waitForCommitments();
+    for (const [partyId, comm] of otherCommitments) {
+      if (!comm.proofOfKnowledge) {
+        throw new SDKError(
+          `Missing proof of knowledge from party ${comm.partyId}. Backend must relay proofs for client-side verification.`,
+          "MISSING_COMMITMENT_PROOF"
+        );
+      }
+      if (comm.partyId !== partyId) {
+        throw new SDKError(
+          `Party ID mismatch: expected ${partyId}, got ${comm.partyId}`,
+          "PARTY_ID_MISMATCH"
+        );
+      }
+      if (!verifyProofOfKnowledge(
+        comm.proofOfKnowledge,
+        comm.partyId,
+        comm.coefficientCommitments[0]
+      )) {
+        throw new SDKError(
+          `Invalid proof of knowledge from party ${comm.partyId}`,
+          "INVALID_COMMITMENT_PROOF"
+        );
+      }
+      this.receivedCommitments.set(comm.partyId, comm);
+    }
+    this.state.round = "share_exchange";
+  }
+  async runShareExchangePhase() {
+    if (!this.state) throw new SDKError("State not initialized", "STATE_ERROR");
+    for (let partyId = 1; partyId <= this.state.participantCount; partyId++) {
+      if (partyId === this.state.partyId) continue;
+      const share = evaluatePolynomial(this.polynomial, BigInt(partyId));
+      const commitment = this.receivedCommitments.get(partyId);
+      if (!commitment) {
+        throw new SDKError(
+          `Missing commitment from party ${partyId}`,
+          "MISSING_COMMITMENT"
+        );
+      }
+      const apiCommitment = await this.apiClient.getDKGCommitments(
+        this.state.sessionId
+      );
+      const partyCommitment = apiCommitment.commitments.find(
+        (c) => c.partyId === partyId
+      );
+      if (!partyCommitment) {
+        throw new SDKError(
+          `Missing public key from party ${partyId}`,
+          "MISSING_PUBLIC_KEY"
+        );
+      }
+      const encrypted = await encryptShare(
+        share,
+        this.state.partyId,
+        partyId,
+        partyCommitment.publicKey
+      );
+      await this.apiClient.submitDKGShare(
+        this.state.sessionId,
+        JSON.stringify(encrypted),
+        partyId
+      );
+    }
+    const ownShare = evaluatePolynomial(
+      this.polynomial,
+      BigInt(this.state.partyId)
+    );
+    this.receivedShares.set(this.state.partyId, ownShare);
+    const receivedShares = await this.waitForShares();
+    for (const [partyId, encryptedShare] of receivedShares) {
+      const decrypted = await decryptShare(
+        encryptedShare,
+        this.ephemeralKeyPair?.privateKey ?? 0n
+      );
+      const commitment = this.receivedCommitments.get(partyId);
+      if (!commitment) {
+        throw new SDKError(
+          `Missing commitment from party ${partyId}`,
+          "MISSING_COMMITMENT"
+        );
+      }
+      if (!verifyVSSSCommitment(commitment, decrypted.share, this.state.partyId)) {
+        throw new SDKError(
+          `Invalid share from party ${partyId}`,
+          "INVALID_SHARE"
+        );
+      }
+      this.receivedShares.set(partyId, decrypted.share);
+    }
+    this.state.round = "verification";
+  }
+  async runVerificationPhase() {
+    if (!this.state) throw new SDKError("State not initialized", "STATE_ERROR");
+    const finalShare = aggregateShares(this.receivedShares, 0n);
+    const allCommitments = Array.from(this.receivedCommitments.values());
+    const publicKey = combineVSSSCommitments(allCommitments);
+    this.state.privateShare = finalShare;
+    this.state.publicKey = publicKey;
+    this.state.round = "complete";
+  }
+  async completeProtocol() {
+    if (!this.state || !this.state.privateShare || !this.state.publicKey) {
+      throw new SDKError("Protocol not complete", "PROTOCOL_INCOMPLETE");
+    }
+    const walletAddress = this.deriveWalletAddress(this.state.publicKey);
+    await this.apiClient.completeDKG(
+      this.state.sessionId,
+      this.state.partyId,
+      this.state.publicKey,
+      walletAddress
+    );
+    return {
+      success: true,
+      publicKey: this.state.publicKey,
+      walletAddress,
+      partyId: this.state.partyId
+    };
+  }
+  getKeyShare() {
+    if (!this.state?.privateShare) return null;
+    return {
+      partyId: this.state.partyId,
+      privateShare: scalarToHex(this.state.privateShare),
+      publicShare: secp256k1.secp256k1.ProjectivePoint.BASE.multiply(
+        this.state.privateShare
+      ).toHex(true),
+      commitment: this.computeShareCommitment(this.state.privateShare),
+      threshold: this.state.threshold,
+      totalParties: this.state.participantCount,
+      protocolVersion: PROTOCOL_VERSION
+    };
+  }
+  getPartyPublicShares() {
+    const shares = /* @__PURE__ */ new Map();
+    for (const [partyId, commitment] of this.receivedCommitments) {
+      if (commitment.coefficientCommitments.length > 0) {
+        shares.set(partyId, commitment.coefficientCommitments[0]);
+      }
+    }
+    return shares;
+  }
+  async waitForCommitments() {
+    const startTime = Date.now();
+    const commitments = /* @__PURE__ */ new Map();
+    while (Date.now() - startTime < this.timeout) {
+      const result = await this.apiClient.getDKGCommitments(
+        this.state?.sessionId ?? ""
+      );
+      for (const comm of result.commitments) {
+        if (comm.partyId !== this.state?.partyId && !commitments.has(comm.partyId)) {
+          commitments.set(comm.partyId, {
+            partyId: comm.partyId,
+            coefficientCommitments: comm.commitments,
+            proofOfKnowledge: comm.proofOfKnowledge ?? ""
+          });
+        }
+      }
+      if (result.ready || commitments.size >= (this.state?.participantCount ?? 1) - 1) {
+        return commitments;
+      }
+      await this.delay(1e3);
+    }
+    throw new SDKError("Timeout waiting for commitments", "COMMITMENT_TIMEOUT");
+  }
+  async waitForShares() {
+    const startTime = Date.now();
+    const shares = /* @__PURE__ */ new Map();
+    while (Date.now() - startTime < this.timeout) {
+      const result = await this.apiClient.getDKGShares(
+        this.state?.sessionId ?? "",
+        this.state?.partyId ?? 0
+      );
+      for (const share of result.shares) {
+        if (!shares.has(share.fromPartyId)) {
+          shares.set(share.fromPartyId, JSON.parse(share.encryptedShare));
+        }
+      }
+      if (result.ready || shares.size >= (this.state?.participantCount ?? 1) - 1) {
+        return shares;
+      }
+      await this.delay(1e3);
+    }
+    throw new SDKError("Timeout waiting for shares", "SHARE_TIMEOUT");
+  }
+  deriveWalletAddress(publicKey) {
+    const pubKeyBytes = utils.hexToBytes(
+      publicKey.startsWith("04") ? publicKey.slice(2) : publicKey
+    );
+    const hash = sha3.keccak_256(pubKeyBytes);
+    const addressBytes = hash.slice(-20);
+    return `0x${utils.bytesToHex(addressBytes)}`;
+  }
+  computeShareCommitment(share) {
+    const shareHex = scalarToHex(share);
+    return utils.bytesToHex(sha256.sha256(utils.hexToBytes(shareHex)));
+  }
+  delay(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+  cleanup() {
+    this.state = null;
+    this.polynomial = [];
+    this.ephemeralKeyPair = null;
+    this.receivedCommitments.clear();
+    this.receivedShares.clear();
+  }
+};
+
+// src/transport/api-client.ts
+var APIClient = class {
+  constructor(config) {
+    this.tokens = null;
+    this.refreshPromise = null;
+    this.baseUrl = config.backendUrl.replace(/\/$/, "");
+  }
+  setTokens(tokens) {
+    this.tokens = tokens;
+  }
+  getTokens() {
+    return this.tokens;
+  }
+  clearTokens() {
+    this.tokens = null;
+  }
+  async request(method, path, body, requiresAuth = true) {
+    if (requiresAuth && this.tokens) {
+      if (Date.now() >= this.tokens.expiresAt - 6e4) {
+        await this.refreshAccessToken();
+      }
+    }
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (requiresAuth && this.tokens) {
+      headers.Authorization = `Bearer ${this.tokens.accessToken}`;
+    }
+    const response = await fetch(`${this.baseUrl}${path}`, {
+      method,
+      headers,
+      body: body ? JSON.stringify(body) : void 0,
+      credentials: "include"
+    });
+    const data = await response.json();
+    if (!data.success) {
+      throw new SDKError(
+        data.error?.message ?? "Request failed",
+        data.error?.code ?? "REQUEST_FAILED",
+        response.status
+      );
+    }
+    return data.data;
+  }
+  async refreshAccessToken() {
+    if (this.refreshPromise) {
+      return this.refreshPromise;
+    }
+    this.refreshPromise = (async () => {
+      if (!this.tokens?.refreshToken) {
+        throw new SDKError("No refresh token available", "NO_REFRESH_TOKEN");
+      }
+      const response = await fetch(`${this.baseUrl}/api/auth/refresh`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ refreshToken: this.tokens.refreshToken })
+      });
+      const data = await response.json();
+      if (!data.success || !data.data) {
+        this.tokens = null;
+        throw new SDKError("Token refresh failed", "TOKEN_REFRESH_FAILED");
+      }
+      this.tokens = {
+        accessToken: data.data.accessToken,
+        refreshToken: data.data.refreshToken,
+        expiresAt: Date.now() + data.data.expiresIn * 1e3
+      };
+    })();
+    try {
+      await this.refreshPromise;
+    } finally {
+      this.refreshPromise = null;
+    }
+  }
+  async getOAuthUrl(provider, redirectUri) {
+    return this.request(
+      "POST",
+      "/api/auth/oauth/url",
+      { provider, redirectUri },
+      false
+    );
+  }
+  async handleOAuthCallback(provider, code, state, fingerprint) {
+    const result = await this.request(
+      "POST",
+      "/api/auth/oauth/callback",
+      { provider, code, state, fingerprint },
+      false
+    );
+    this.tokens = {
+      accessToken: result.accessToken,
+      refreshToken: result.refreshToken,
+      expiresAt: Date.now() + result.expiresIn * 1e3
+    };
+    return {
+      user: result.user,
+      tokens: this.tokens,
+      wallet: result.wallet,
+      requiresDKG: result.requiresDKG
+    };
+  }
+  async getCurrentUser() {
+    return this.request("GET", "/api/user/me");
+  }
+  async logout() {
+    await this.request("POST", "/api/auth/logout");
+    this.tokens = null;
+  }
+  async initiateDKG() {
+    return this.request("POST", "/api/mpc/dkg/initiate");
+  }
+  async submitDKGCommitment(sessionId, commitment) {
+    return this.request("POST", "/api/mpc/dkg/commitment", {
+      sessionId,
+      commitment
+    });
+  }
+  async getDKGCommitments(sessionId) {
+    return this.request("GET", `/api/mpc/dkg/${sessionId}/commitments`);
+  }
+  async submitDKGShare(sessionId, encryptedShare, toPartyId) {
+    return this.request("POST", "/api/mpc/dkg/share", {
+      sessionId,
+      encryptedShare,
+      toPartyId
+    });
+  }
+  async getDKGShares(sessionId, partyId) {
+    return this.request("GET", `/api/mpc/dkg/${sessionId}/shares/${partyId}`);
+  }
+  async completeDKG(sessionId, partyId, publicKey, walletAddress) {
+    return this.request("POST", "/api/mpc/dkg/complete", {
+      sessionId,
+      partyId,
+      publicKey,
+      walletAddress
+    });
+  }
+  async initiateSigningSession(messageHash, messageType) {
+    return this.request("POST", "/api/mpc/signing/initiate", {
+      messageHash,
+      messageType
+    });
+  }
+  async submitNonceCommitment(sessionId, partyId, commitment) {
+    return this.request("POST", "/api/mpc/signing/nonce-commitment", {
+      sessionId,
+      partyId,
+      commitment
+    });
+  }
+  async getNonceCommitments(sessionId) {
+    return this.request(
+      "GET",
+      `/api/mpc/signing/${sessionId}/nonce-commitments`
+    );
+  }
+  async submitPartialSignature(sessionId, partyId, partialSignature) {
+    return this.request("POST", "/api/mpc/signing/partial", {
+      sessionId,
+      partyId,
+      partialSignature
+    });
+  }
+  async getPartialSignatures(sessionId) {
+    return this.request("GET", `/api/mpc/signing/${sessionId}/partials`);
+  }
+  async getSigningResult(sessionId) {
+    return this.request("GET", `/api/mpc/signing/${sessionId}/result`);
+  }
+  async getWalletInfo() {
+    return this.request("GET", "/api/wallet/info");
+  }
+  async getPartyPublicShares() {
+    return this.request("GET", "/api/wallet/party-shares");
+  }
+  // DKLS V2 API Methods
+  async dklsKeygenInit() {
+    return this.request("POST", "/api/v2/dkls/keygen/init");
+  }
+  async dklsKeygenCommitment(sessionId, clientCommitment) {
+    return this.request("POST", "/api/v2/dkls/keygen/commitment", {
+      sessionId,
+      clientCommitment
+    });
+  }
+  async dklsKeygenComplete(sessionId, clientPublicShare) {
+    return this.request("POST", "/api/v2/dkls/keygen/complete", {
+      sessionId,
+      clientPublicShare
+    });
+  }
+  async dklsSigningInit(params) {
+    return this.request("POST", "/api/v2/dkls/signing/init", params);
+  }
+  async dklsSigningNonce(sessionId, clientNonceCommitment) {
+    return this.request("POST", "/api/v2/dkls/signing/nonce", {
+      sessionId,
+      clientNonceCommitment
+    });
+  }
+  /**
+   * @deprecated This method defeats threshold security by transmitting the full key share.
+   * Use the MtA-based signing flow instead: dklsMtaRound1 -> dklsMtaRound2 -> dklsSigningPartial.
+   * This endpoint is only available in test mode (DKLS_LOCAL_TESTING_MODE=true).
+   */
+  async dklsSigningComplete(sessionId, clientKeyShare) {
+    console.warn(
+      "[DEPRECATED] dklsSigningComplete defeats threshold security. Use MtA-based signing (dklsMtaRound1/dklsMtaRound2/dklsSigningPartial) instead."
+    );
+    return this.request("POST", "/api/v2/dkls/signing/complete", {
+      sessionId,
+      clientKeyShare
+    });
+  }
+  async dklsSigningStatus(sessionId) {
+    return this.request("GET", `/api/v2/dkls/signing/${sessionId}`);
+  }
+  async dklsSigningCancel(sessionId) {
+    return this.request("DELETE", `/api/v2/dkls/signing/${sessionId}`);
+  }
+  async dklsMtaRound1(sessionId, mta1Setup, mta2Setup) {
+    return this.request("POST", "/api/v2/dkls/signing/mta/round1", {
+      sessionId,
+      mta1Setup,
+      mta2Setup
+    });
+  }
+  async dklsMtaRound2(sessionId, mta1Encrypted, mta2Encrypted) {
+    return this.request("POST", "/api/v2/dkls/signing/mta/round2", {
+      sessionId,
+      mta1Encrypted,
+      mta2Encrypted
+    });
+  }
+  async dklsSigningPartial(sessionId, clientPartialSignature) {
+    return this.request("POST", "/api/v2/dkls/signing/partial", {
+      sessionId,
+      clientPartialSignature
+    });
+  }
+  async initiateDeviceVerification(fingerprint, deviceName) {
+    return this.request("POST", "/api/user/devices/verify/initiate", {
+      fingerprint,
+      deviceName
+    });
+  }
+  async completeDeviceVerification(verificationId, code, fingerprint) {
+    return this.request("POST", "/api/user/devices/verify/complete", {
+      verificationId,
+      code,
+      fingerprint
+    });
+  }
+};
+
+// src/transport/websocket-client.ts
+var RECONNECT_DELAYS = [1e3, 2e3, 5e3, 1e4, 3e4];
+var PING_INTERVAL = 3e4;
+var MESSAGE_QUEUE_MAX = 100;
+var WebSocketClient = class {
+  constructor(url) {
+    this.ws = null;
+    this.accessToken = null;
+    this.messageHandlers = /* @__PURE__ */ new Map();
+    this.globalHandlers = /* @__PURE__ */ new Set();
+    this.onConnectHandlers = /* @__PURE__ */ new Set();
+    this.onDisconnectHandlers = /* @__PURE__ */ new Set();
+    this.onErrorHandlers = /* @__PURE__ */ new Set();
+    this.reconnectAttempt = 0;
+    this.reconnectTimeout = null;
+    this.pingInterval = null;
+    this.messageQueue = [];
+    this.isConnecting = false;
+    this.url = url;
+  }
+  setAccessToken(token) {
+    this.accessToken = token;
+  }
+  async connect() {
+    if (this.ws?.readyState === WebSocket.OPEN) {
+      return;
+    }
+    if (this.isConnecting) {
+      return;
+    }
+    this.isConnecting = true;
+    return new Promise((resolve, reject) => {
+      const wsUrl = this.accessToken ? `${this.url}?token=${encodeURIComponent(this.accessToken)}` : this.url;
+      this.ws = new WebSocket(wsUrl);
+      this.ws.onopen = () => {
+        this.isConnecting = false;
+        this.reconnectAttempt = 0;
+        this.startPingInterval();
+        this.flushMessageQueue();
+        this.onConnectHandlers.forEach((handler) => handler());
+        resolve();
+      };
+      this.ws.onmessage = (event) => {
+        this.handleMessage(event.data);
+      };
+      this.ws.onerror = () => {
+        const error = new Error("WebSocket error");
+        this.onErrorHandlers.forEach((handler) => handler(error));
+      };
+      this.ws.onclose = (event) => {
+        this.isConnecting = false;
+        this.stopPingInterval();
+        this.onDisconnectHandlers.forEach((handler) => handler());
+        if (!event.wasClean) {
+          this.scheduleReconnect();
+        }
+        if (this.isConnecting) {
+          reject(new SDKError("Connection failed", "CONNECTION_FAILED"));
+        }
+      };
+    });
+  }
+  disconnect() {
+    this.stopReconnect();
+    this.stopPingInterval();
+    if (this.ws) {
+      this.ws.close(1e3, "Client disconnect");
+      this.ws = null;
+    }
+  }
+  isConnected() {
+    return this.ws?.readyState === WebSocket.OPEN;
+  }
+  send(message) {
+    if (!this.ws || this.ws.readyState !== WebSocket.OPEN) {
+      this.queueMessage(message);
+      return;
+    }
+    this.ws.send(JSON.stringify(message));
+  }
+  on(type, handler) {
+    if (!this.messageHandlers.has(type)) {
+      this.messageHandlers.set(type, /* @__PURE__ */ new Set());
+    }
+    this.messageHandlers.get(type)?.add(handler);
+    return () => {
+      this.messageHandlers.get(type)?.delete(handler);
+    };
+  }
+  onAny(handler) {
+    this.globalHandlers.add(handler);
+    return () => {
+      this.globalHandlers.delete(handler);
+    };
+  }
+  onConnect(handler) {
+    this.onConnectHandlers.add(handler);
+    return () => {
+      this.onConnectHandlers.delete(handler);
+    };
+  }
+  onDisconnect(handler) {
+    this.onDisconnectHandlers.add(handler);
+    return () => {
+      this.onDisconnectHandlers.delete(handler);
+    };
+  }
+  onError(handler) {
+    this.onErrorHandlers.add(handler);
+    return () => {
+      this.onErrorHandlers.delete(handler);
+    };
+  }
+  waitForMessage(type, sessionId, timeout = 3e4) {
+    return new Promise((resolve, reject) => {
+      const timer = setTimeout(() => {
+        unsubscribe();
+        reject(new SDKError(`Timeout waiting for ${type}`, "MESSAGE_TIMEOUT"));
+      }, timeout);
+      const unsubscribe = this.on(type, (message) => {
+        if (message.sessionId === sessionId) {
+          clearTimeout(timer);
+          unsubscribe();
+          resolve(message);
+        }
+      });
+    });
+  }
+  handleMessage(data) {
+    let message;
+    try {
+      message = JSON.parse(data);
+    } catch {
+      return;
+    }
+    if (message.type === "pong") {
+      return;
+    }
+    this.globalHandlers.forEach((handler) => handler(message));
+    const typeHandlers = this.messageHandlers.get(message.type);
+    if (typeHandlers) {
+      typeHandlers.forEach((handler) => handler(message));
+    }
+  }
+  queueMessage(message) {
+    if (this.messageQueue.length >= MESSAGE_QUEUE_MAX) {
+      this.messageQueue.shift();
+    }
+    this.messageQueue.push({
+      message,
+      timestamp: Date.now()
+    });
+  }
+  flushMessageQueue() {
+    const now = Date.now();
+    const validMessages = this.messageQueue.filter(
+      (item) => now - item.timestamp < 6e4
+    );
+    this.messageQueue = [];
+    for (const item of validMessages) {
+      this.send(item.message);
+    }
+  }
+  scheduleReconnect() {
+    if (this.reconnectTimeout) {
+      return;
+    }
+    const delay = RECONNECT_DELAYS[Math.min(this.reconnectAttempt, RECONNECT_DELAYS.length - 1)];
+    this.reconnectTimeout = setTimeout(() => {
+      this.reconnectTimeout = null;
+      this.reconnectAttempt++;
+      this.connect().catch(() => {
+      });
+    }, delay);
+  }
+  stopReconnect() {
+    if (this.reconnectTimeout) {
+      clearTimeout(this.reconnectTimeout);
+      this.reconnectTimeout = null;
+    }
+    this.reconnectAttempt = 0;
+  }
+  startPingInterval() {
+    this.pingInterval = setInterval(() => {
+      if (this.ws?.readyState === WebSocket.OPEN) {
+        this.ws.send(JSON.stringify({ type: "ping" }));
+      }
+    }, PING_INTERVAL);
+  }
+  stopPingInterval() {
+    if (this.pingInterval) {
+      clearInterval(this.pingInterval);
+      this.pingInterval = null;
+    }
+  }
+};
+var CURVE_ORDER2 = secp256k1.secp256k1.CURVE.n;
+function mod2(n, m) {
+  return (n % m + m) % m;
+}
+function generateRandomScalar2() {
+  const bytes = new Uint8Array(32);
+  crypto.getRandomValues(bytes);
+  let result = 0n;
+  for (const byte of bytes) {
+    result = (result << 8n) + BigInt(byte);
+  }
+  const scalar = mod2(result, CURVE_ORDER2);
+  return scalar === 0n ? generateRandomScalar2() : scalar;
+}
+function generateNonceShare() {
+  return {
+    k: generateRandomScalar2(),
+    gamma: generateRandomScalar2()
+  };
+}
+function createNonceCommitment(partyId, nonce) {
+  const G2 = secp256k1.secp256k1.ProjectivePoint.BASE;
+  const D = G2.multiply(nonce.gamma);
+  const E = G2.multiply(nonce.k);
+  const proof = createNonceProof(partyId, nonce.k, nonce.gamma, D, E);
+  return {
+    partyId,
+    D: D.toHex(true),
+    E: E.toHex(true),
+    proof
+  };
+}
+function verifyNonceCommitment(commitment) {
+  try {
+    secp256k1.secp256k1.ProjectivePoint.fromHex(commitment.D);
+    secp256k1.secp256k1.ProjectivePoint.fromHex(commitment.E);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function verifyNonceProof(commitment) {
+  try {
+    const G2 = secp256k1.secp256k1.ProjectivePoint.BASE;
+    const D = secp256k1.secp256k1.ProjectivePoint.fromHex(commitment.D);
+    const E = secp256k1.secp256k1.ProjectivePoint.fromHex(commitment.E);
+    const { R1, R2, s1, s2 } = JSON.parse(commitment.proof);
+    if (!/^[0-9a-fA-F]{1,64}$/.test(s1) || !/^[0-9a-fA-F]{1,64}$/.test(s2)) {
+      return false;
+    }
+    const R1Point = secp256k1.secp256k1.ProjectivePoint.fromHex(R1);
+    const R2Point = secp256k1.secp256k1.ProjectivePoint.fromHex(R2);
+    const s1Scalar = BigInt(`0x${s1}`);
+    const s2Scalar = BigInt(`0x${s2}`);
+    if (s1Scalar <= 0n || s1Scalar >= CURVE_ORDER2) return false;
+    if (s2Scalar <= 0n || s2Scalar >= CURVE_ORDER2) return false;
+    const challenge = computeNonceChallenge(
+      commitment.partyId,
+      commitment.D,
+      commitment.E,
+      R1,
+      R2
+    );
+    const leftSide1 = G2.multiply(s1Scalar);
+    const rightSide1 = R1Point.add(D.multiply(challenge));
+    if (!leftSide1.equals(rightSide1)) return false;
+    const leftSide2 = G2.multiply(s2Scalar);
+    const rightSide2 = R2Point.add(E.multiply(challenge));
+    if (!leftSide2.equals(rightSide2)) return false;
+    return true;
+  } catch {
+    return false;
+  }
+}
+function createNonceProof(partyId, k, gamma, D, E) {
+  const G2 = secp256k1.secp256k1.ProjectivePoint.BASE;
+  const r1 = generateRandomScalar2();
+  const r2 = generateRandomScalar2();
+  const R1 = G2.multiply(r1);
+  const R2 = G2.multiply(r2);
+  const challenge = computeNonceChallenge(
+    partyId,
+    D.toHex(true),
+    E.toHex(true),
+    R1.toHex(true),
+    R2.toHex(true)
+  );
+  const s1 = mod2(r1 + gamma * challenge, CURVE_ORDER2);
+  const s2 = mod2(r2 + k * challenge, CURVE_ORDER2);
+  return JSON.stringify({
+    R1: R1.toHex(true),
+    R2: R2.toHex(true),
+    s1: s1.toString(16).padStart(64, "0"),
+    s2: s2.toString(16).padStart(64, "0")
+  });
+}
+function computeNonceChallenge(partyId, D, E, R1, R2) {
+  const input = `${partyId}:${D}:${E}:${R1}:${R2}`;
+  const hash = sha256.sha256(utils.utf8ToBytes(input));
+  return mod2(BigInt(`0x${utils.bytesToHex(hash)}`), CURVE_ORDER2);
+}
+function combineNonceCommitments(commitments) {
+  let combinedD = secp256k1.secp256k1.ProjectivePoint.fromHex(commitments[0].D);
+  let combinedE = secp256k1.secp256k1.ProjectivePoint.fromHex(commitments[0].E);
+  for (let i = 1; i < commitments.length; i++) {
+    combinedD = combinedD.add(
+      secp256k1.secp256k1.ProjectivePoint.fromHex(commitments[i].D)
+    );
+    combinedE = combinedE.add(
+      secp256k1.secp256k1.ProjectivePoint.fromHex(commitments[i].E)
+    );
+  }
+  return {
+    R: combinedE.toHex(true),
+    combinedGamma: combinedD.toHex(true)
+  };
+}
+function computeR(combinedE) {
+  const R = secp256k1.secp256k1.ProjectivePoint.fromHex(combinedE);
+  const rFull = R.toAffine();
+  const r = mod2(rFull.x, CURVE_ORDER2);
+  return {
+    r,
+    R: R.toHex(true),
+    rPoint: { x: rFull.x, y: rFull.y }
+  };
+}
+var CURVE_ORDER3 = secp256k1.secp256k1.CURVE.n;
+var G = secp256k1.secp256k1.ProjectivePoint.BASE;
+function mod3(n, m) {
+  return (n % m + m) % m;
+}
+function modInverse(a, m) {
+  let [oldR, r] = [a, m];
+  let [oldS, s] = [1n, 0n];
+  while (r !== 0n) {
+    const quotient = oldR / r;
+    [oldR, r] = [r, oldR - quotient * r];
+    [oldS, s] = [s, oldS - quotient * s];
+  }
+  return mod3(oldS, m);
+}
+function computeLagrangeCoefficient(partyId, participatingParties) {
+  let numerator = 1n;
+  let denominator = 1n;
+  const i = BigInt(partyId);
+  for (const j of participatingParties) {
+    if (j !== partyId) {
+      const jBig = BigInt(j);
+      numerator = mod3(numerator * (CURVE_ORDER3 - jBig), CURVE_ORDER3);
+      denominator = mod3(denominator * mod3(i - jBig, CURVE_ORDER3), CURVE_ORDER3);
+    }
+  }
+  const denominatorInverse = modInverse(denominator, CURVE_ORDER3);
+  return mod3(numerator * denominatorInverse, CURVE_ORDER3);
+}
+function computePartialSignature(partyId, keyShare, nonceK, _nonceGamma, messageHash, r, participatingParties) {
+  const lambda = computeLagrangeCoefficient(partyId, participatingParties);
+  const kInverse = modInverse(nonceK, CURVE_ORDER3);
+  const adjustedShare = mod3(keyShare * lambda, CURVE_ORDER3);
+  const sigma = mod3(kInverse * (messageHash + r * adjustedShare), CURVE_ORDER3);
+  const publicShare = G.multiply(keyShare).toHex(true);
+  const nonceCommitment = G.multiply(nonceK).toHex(true);
+  return {
+    partyId,
+    sigma,
+    publicShare,
+    nonceCommitment
+  };
+}
+function verifyPartialSignature(partial, expectedPublicShare, expectedNonceCommitment, r, messageHash, participatingParties) {
+  if (partial.sigma <= 0n || partial.sigma >= CURVE_ORDER3) {
+    return false;
+  }
+  if (!partial.publicShare || !partial.nonceCommitment) {
+    return false;
+  }
+  if (expectedPublicShare && partial.publicShare !== expectedPublicShare) {
+    return false;
+  }
+  if (expectedNonceCommitment && partial.nonceCommitment !== expectedNonceCommitment) {
+    return false;
+  }
+  let R_i;
+  try {
+    R_i = secp256k1.secp256k1.ProjectivePoint.fromHex(partial.nonceCommitment);
+  } catch {
+    return false;
+  }
+  let P_i;
+  try {
+    P_i = secp256k1.secp256k1.ProjectivePoint.fromHex(partial.publicShare);
+  } catch {
+    return false;
+  }
+  const lambda = computeLagrangeCoefficient(
+    partial.partyId,
+    participatingParties
+  );
+  const rTimesLambda = mod3(r * lambda, CURVE_ORDER3);
+  const leftSide = R_i.multiply(partial.sigma);
+  const rightSide = G.multiply(messageHash).add(P_i.multiply(rTimesLambda));
+  return leftSide.equals(rightSide);
+}
+function parseMessageHash(hash) {
+  const cleanHash = hash.startsWith("0x") ? hash.slice(2) : hash;
+  return BigInt(`0x${cleanHash}`);
+}
+
+// src/protocols/signing/signing-client.ts
+var SigningClient = class {
+  constructor(config) {
+    this.state = null;
+    this.nonceShare = null;
+    this.receivedCommitments = /* @__PURE__ */ new Map();
+    this.expectedPublicShares = /* @__PURE__ */ new Map();
+    this.r = null;
+    this.apiClient = config.apiClient;
+    this.wsClient = config.wsClient;
+    this.keyShare = config.keyShare;
+    this.expectedPublicShares = new Map(config.partyPublicShares);
+    this.timeout = config.timeout ?? 3e4;
+  }
+  async sign(request) {
+    try {
+      await this.initializeSession(request);
+      await this.runNonceCommitmentPhase();
+      await this.runPartialSignaturePhase();
+      return await this.completeProtocol();
+    } catch (error) {
+      const message = error instanceof Error ? error.message : "Signing failed";
+      return {
+        success: false,
+        error: message
+      };
+    } finally {
+      this.cleanup();
+    }
+  }
+  async initializeSession(request) {
+    const { sessionId, participatingParties } = await this.apiClient.initiateSigningSession(
+      request.messageHash,
+      request.messageType
+    );
+    if (participatingParties.length < this.keyShare.threshold) {
+      throw new SDKError(
+        `Insufficient participating parties: got ${participatingParties.length}, need ${this.keyShare.threshold}`,
+        "INSUFFICIENT_PARTIES"
+      );
+    }
+    this.state = {
+      sessionId,
+      round: "nonce_commitment",
+      messageHash: request.messageHash,
+      participatingParties,
+      nonceCommitments: /* @__PURE__ */ new Map(),
+      partialSignatures: /* @__PURE__ */ new Map()
+    };
+    this.nonceShare = generateNonceShare();
+    if (this.wsClient) {
+      await this.wsClient.connect();
+    }
+  }
+  async runNonceCommitmentPhase() {
+    if (!this.state || !this.nonceShare) {
+      throw new SDKError("State not initialized", "STATE_ERROR");
+    }
+    const commitment = createNonceCommitment(
+      this.keyShare.partyId,
+      this.nonceShare
+    );
+    await this.apiClient.submitNonceCommitment(
+      this.state.sessionId,
+      this.keyShare.partyId,
+      JSON.stringify(commitment)
+    );
+    this.receivedCommitments.set(this.keyShare.partyId, commitment);
+    const otherCommitments = await this.waitForNonceCommitments();
+    for (const [partyId, comm] of otherCommitments) {
+      if (!verifyNonceCommitment(comm)) {
+        throw new SDKError(
+          `Invalid nonce commitment from party ${partyId}`,
+          "INVALID_NONCE_COMMITMENT"
+        );
+      }
+      if (!verifyNonceProof(comm)) {
+        throw new SDKError(
+          `Invalid nonce proof from party ${partyId}`,
+          "INVALID_NONCE_PROOF"
+        );
+      }
+      this.receivedCommitments.set(partyId, comm);
+    }
+    const allCommitments = Array.from(this.receivedCommitments.values());
+    const { R } = combineNonceCommitments(allCommitments);
+    const { r } = computeR(R);
+    this.r = r;
+    this.state.round = "partial_signature";
+  }
+  async runPartialSignaturePhase() {
+    if (!this.state || !this.nonceShare || this.r === null) {
+      throw new SDKError("State not initialized", "STATE_ERROR");
+    }
+    const messageHashBigInt = parseMessageHash(this.state.messageHash);
+    const keyShareBigInt = BigInt(`0x${this.keyShare.privateShare}`);
+    const partial = computePartialSignature(
+      this.keyShare.partyId,
+      keyShareBigInt,
+      this.nonceShare.k,
+      this.nonceShare.gamma,
+      messageHashBigInt,
+      this.r,
+      this.state.participatingParties
+    );
+    await this.apiClient.submitPartialSignature(
+      this.state.sessionId,
+      this.keyShare.partyId,
+      {
+        r: this.r.toString(16).padStart(64, "0"),
+        s: partial.sigma.toString(16).padStart(64, "0"),
+        publicShare: partial.publicShare,
+        nonceCommitment: partial.nonceCommitment
+      }
+    );
+    this.state.partialSignatures.set(this.keyShare.partyId, {
+      partyId: this.keyShare.partyId,
+      r: this.r.toString(16).padStart(64, "0"),
+      s: partial.sigma.toString(16).padStart(64, "0"),
+      publicShare: partial.publicShare,
+      nonceCommitment: partial.nonceCommitment
+    });
+    const otherPartials = await this.waitForPartialSignatures();
+    await this.verifyOtherPartials(otherPartials, messageHashBigInt);
+    this.state.round = "complete";
+  }
+  async waitForPartialSignatures() {
+    const startTime = Date.now();
+    const partials = /* @__PURE__ */ new Map();
+    while (Date.now() - startTime < this.timeout) {
+      const result = await this.apiClient.getPartialSignatures(
+        this.state?.sessionId ?? ""
+      );
+      for (const p of result.partials) {
+        if (p.partyId !== this.keyShare.partyId && !partials.has(p.partyId)) {
+          let sigma;
+          try {
+            if (!/^[0-9a-fA-F]{1,64}$/.test(p.s)) {
+              throw new SDKError(
+                `Invalid sigma hex from party ${p.partyId}`,
+                "INVALID_PARTIAL_FORMAT"
+              );
+            }
+            sigma = BigInt(`0x${p.s}`);
+          } catch (e) {
+            if (e instanceof SDKError) throw e;
+            throw new SDKError(
+              `Failed to parse sigma from party ${p.partyId}`,
+              "INVALID_PARTIAL_FORMAT"
+            );
+          }
+          partials.set(p.partyId, {
+            partyId: p.partyId,
+            sigma,
+            publicShare: p.publicShare,
+            nonceCommitment: p.nonceCommitment
+          });
+        }
+      }
+      const expectedCount = (this.state?.participatingParties.length ?? 1) - 1;
+      if (result.ready || partials.size >= expectedCount) {
+        return partials;
+      }
+      await this.delay(500);
+    }
+    throw new SDKError(
+      "Timeout waiting for partial signatures",
+      "PARTIAL_SIGNATURE_TIMEOUT"
+    );
+  }
+  async verifyOtherPartials(partials, messageHash) {
+    for (const [partyId, partial] of partials) {
+      const expectedNonceCommitment = this.receivedCommitments.get(partyId);
+      if (!expectedNonceCommitment) {
+        throw new SDKError(
+          `Missing nonce commitment for party ${partyId}`,
+          "MISSING_NONCE_COMMITMENT"
+        );
+      }
+      const expectedPublicShare = this.expectedPublicShares.get(partyId);
+      if (!expectedPublicShare) {
+        throw new SDKError(
+          `Missing expected public share for party ${partyId}. Public shares from DKG must be provided via partyPublicShares config.`,
+          "MISSING_PUBLIC_SHARE"
+        );
+      }
+      const isValid = verifyPartialSignature(
+        partial,
+        expectedPublicShare,
+        expectedNonceCommitment.E,
+        this.r,
+        messageHash,
+        this.state?.participatingParties ?? []
+      );
+      if (!isValid) {
+        throw new SDKError(
+          `Invalid partial signature from party ${partyId}`,
+          "INVALID_PARTIAL_SIGNATURE"
+        );
+      }
+      this.state?.partialSignatures.set(partyId, {
+        partyId,
+        r: this.r?.toString(16).padStart(64, "0") ?? "",
+        s: partial.sigma.toString(16).padStart(64, "0"),
+        publicShare: partial.publicShare,
+        nonceCommitment: partial.nonceCommitment
+      });
+    }
+  }
+  async completeProtocol() {
+    if (!this.state || this.r === null) {
+      throw new SDKError("Protocol not complete", "PROTOCOL_INCOMPLETE");
+    }
+    const result = await this.waitForSigningResult();
+    if (!result.complete || !result.signature) {
+      throw new SDKError("Signing not complete", "SIGNING_INCOMPLETE");
+    }
+    return {
+      success: true,
+      signature: result.signature
+    };
+  }
+  async waitForNonceCommitments() {
+    const startTime = Date.now();
+    const commitments = /* @__PURE__ */ new Map();
+    while (Date.now() - startTime < this.timeout) {
+      const result = await this.apiClient.getNonceCommitments(
+        this.state?.sessionId ?? ""
+      );
+      for (const [partyIdStr, commitmentStr] of Object.entries(
+        result.commitments
+      )) {
+        const partyId = Number.parseInt(partyIdStr, 10);
+        if (partyId !== this.keyShare.partyId && !commitments.has(partyId)) {
+          commitments.set(partyId, JSON.parse(commitmentStr));
+        }
+      }
+      if (result.ready) {
+        return commitments;
+      }
+      const expectedCount = (this.state?.participatingParties.length ?? 1) - 1;
+      if (commitments.size >= expectedCount) {
+        return commitments;
+      }
+      await this.delay(500);
+    }
+    throw new SDKError(
+      "Timeout waiting for nonce commitments",
+      "NONCE_COMMITMENT_TIMEOUT"
+    );
+  }
+  async waitForSigningResult() {
+    const startTime = Date.now();
+    while (Date.now() - startTime < this.timeout) {
+      const result = await this.apiClient.getSigningResult(
+        this.state?.sessionId ?? ""
+      );
+      if (result.complete && result.signature) {
+        return result;
+      }
+      await this.delay(500);
+    }
+    throw new SDKError(
+      "Timeout waiting for signing result",
+      "SIGNING_RESULT_TIMEOUT"
+    );
+  }
+  delay(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+  cleanup() {
+    this.state = null;
+    this.nonceShare = null;
+    this.receivedCommitments.clear();
+    this.expectedPublicShares.clear();
+    this.r = null;
+  }
+};
+function deriveEOAAddress(publicKey) {
+  let pubKeyHex = publicKey.startsWith("0x") ? publicKey.slice(2) : publicKey;
+  if (pubKeyHex.startsWith("04")) {
+    pubKeyHex = pubKeyHex.slice(2);
+  }
+  if (pubKeyHex.length !== 128) {
+    throw new Error(
+      `Invalid public key length: expected 128 hex chars (64 bytes), got ${pubKeyHex.length}`
+    );
+  }
+  const pubKeyBytes = utils.hexToBytes(pubKeyHex);
+  const hash = sha3.keccak_256(pubKeyBytes);
+  const addressBytes = hash.slice(-20);
+  return `0x${utils.bytesToHex(addressBytes)}`;
+}
+function checksumAddress(address) {
+  const addr = address.toLowerCase().replace("0x", "");
+  const hash = utils.bytesToHex(sha3.keccak_256(new TextEncoder().encode(addr)));
+  let checksummed = "0x";
+  for (let i = 0; i < 40; i++) {
+    if (Number.parseInt(hash[i], 16) >= 8) {
+      checksummed += addr[i].toUpperCase();
+    } else {
+      checksummed += addr[i];
+    }
+  }
+  return checksummed;
+}
+
+// src/wallet/smart-wallet.ts
+function stripHexPrefix(value) {
+  return value.startsWith("0x") ? value.slice(2) : value;
+}
+var DEFAULT_ENTRY_POINT = "0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789";
+var DEFAULT_FACTORY = "0x9406Cc6185a346906296840746125a0E44976454";
+var GET_ADDRESS_SELECTOR = "8cb84e18";
+var SmartWallet = class {
+  constructor(config) {
+    this._smartWalletAddress = null;
+    this._isDeployed = null;
+    this._cachedNonce = null;
+    this.apiClient = config.apiClient;
+    this.keyShare = config.keyShare;
+    this.partyPublicShares = config.partyPublicShares;
+    this.publicKey = config.publicKey;
+    this.chainId = config.chainId;
+    this.rpcConnection = config.rpcConnection;
+    this.bundlerUrl = config.bundlerUrl;
+    this.entryPointAddress = config.entryPointAddress ?? DEFAULT_ENTRY_POINT;
+    this.factoryAddress = config.factoryAddress ?? DEFAULT_FACTORY;
+    this.paymasterUrl = config.paymasterUrl;
+    this._eoaAddress = deriveEOAAddress(this.publicKey);
+  }
+  get eoaAddress() {
+    return checksumAddress(this._eoaAddress);
+  }
+  /**
+   * @deprecated Use getSmartWalletAddress() instead.
+   */
+  get smartWalletAddress() {
+    if (this._smartWalletAddress) {
+      return checksumAddress(this._smartWalletAddress);
+    }
+    throw new Error(
+      "SmartWallet.smartWalletAddress is deprecated. Use 'await wallet.getSmartWalletAddress()' instead."
+    );
+  }
+  async getSmartWalletAddress() {
+    if (this._smartWalletAddress) {
+      return checksumAddress(this._smartWalletAddress);
+    }
+    const ownerPadded = this._eoaAddress.slice(2).padStart(64, "0");
+    const saltPadded = "0".padStart(64, "0");
+    const result = await this.rpcConnection.call("eth_call", [
+      {
+        to: this.factoryAddress,
+        data: `0x${GET_ADDRESS_SELECTOR}${ownerPadded}${saltPadded}`
+      },
+      "latest"
+    ]);
+    this._smartWalletAddress = `0x${result.slice(-40)}`;
+    return checksumAddress(this._smartWalletAddress);
+  }
+  async getWalletInfo() {
+    return {
+      eoaAddress: this.eoaAddress,
+      smartWalletAddress: await this.getSmartWalletAddress(),
+      publicKey: this.publicKey,
+      chainId: this.chainId
+    };
+  }
+  async buildUserOperation(transactions) {
+    const txArray = Array.isArray(transactions) ? transactions : [transactions];
+    const callData = this.encodeExecuteBatch(txArray);
+    const smartWalletAddress = await this.getSmartWalletAddress();
+    const nonce = await this.getNonce();
+    const isDeployed = await this.isDeployed();
+    const initCode = isDeployed ? "0x" : this.getInitCode();
+    const feeData = await this.getFeeData();
+    const userOp = {
+      sender: smartWalletAddress,
+      nonce,
+      initCode,
+      callData,
+      callGasLimit: 200000n,
+      verificationGasLimit: isDeployed ? 100000n : 400000n,
+      preVerificationGas: 50000n,
+      maxFeePerGas: feeData.maxFeePerGas,
+      maxPriorityFeePerGas: feeData.maxPriorityFeePerGas,
+      paymasterAndData: "0x",
+      signature: "0x"
+    };
+    if (this.paymasterUrl) {
+      const paymasterData = await this.getPaymasterData(userOp);
+      userOp.paymasterAndData = paymasterData;
+    }
+    return userOp;
+  }
+  async signUserOperation(userOp) {
+    const userOpHash = this.computeUserOpHash(userOp);
+    const signingClient = new SigningClient({
+      apiClient: this.apiClient,
+      keyShare: this.keyShare,
+      partyPublicShares: this.partyPublicShares
+    });
+    const result = await signingClient.sign({
+      messageHash: userOpHash,
+      messageType: "transaction"
+    });
+    if (!result.success || !result.signature) {
+      throw new SDKError(result.error ?? "Signing failed", "SIGNING_FAILED");
+    }
+    return {
+      ...userOp,
+      signature: result.signature.fullSignature
+    };
+  }
+  async sendUserOperation(userOp) {
+    const signedUserOp = userOp.signature === "0x" ? await this.signUserOperation(userOp) : userOp;
+    const userOpHex = this.userOpToHex(signedUserOp);
+    const response = await fetch(this.bundlerUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: 1,
+        method: "eth_sendUserOperation",
+        params: [userOpHex, this.entryPointAddress]
+      })
+    });
+    const data = await response.json();
+    if (data.error) {
+      throw new SDKError(
+        `Bundler error: ${data.error.message}`,
+        "BUNDLER_ERROR"
+      );
+    }
+    const userOpHash = data.result;
+    return {
+      userOpHash,
+      wait: async () => {
+        await this.waitForUserOperationReceipt(userOpHash);
+        this._isDeployed = true;
+        this._cachedNonce = null;
+      }
+    };
+  }
+  async waitForUserOperationReceipt(userOpHash) {
+    const maxAttempts = 60;
+    const intervalMs = 2e3;
+    for (let i = 0; i < maxAttempts; i++) {
+      const response = await fetch(this.bundlerUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          id: 1,
+          method: "eth_getUserOperationReceipt",
+          params: [userOpHash]
+        })
+      });
+      const data = await response.json();
+      if (data.result) {
+        return;
+      }
+      await new Promise((resolve) => setTimeout(resolve, intervalMs));
+    }
+    throw new SDKError("UserOperation receipt not found", "TIMEOUT");
+  }
+  userOpToHex(userOp) {
+    return {
+      sender: userOp.sender,
+      nonce: `0x${userOp.nonce.toString(16)}`,
+      initCode: userOp.initCode,
+      callData: userOp.callData,
+      callGasLimit: `0x${userOp.callGasLimit.toString(16)}`,
+      verificationGasLimit: `0x${userOp.verificationGasLimit.toString(16)}`,
+      preVerificationGas: `0x${userOp.preVerificationGas.toString(16)}`,
+      maxFeePerGas: `0x${userOp.maxFeePerGas.toString(16)}`,
+      maxPriorityFeePerGas: `0x${userOp.maxPriorityFeePerGas.toString(16)}`,
+      paymasterAndData: userOp.paymasterAndData,
+      signature: userOp.signature
+    };
+  }
+  async signMessage(message) {
+    const messageBytes = typeof message === "string" ? utils.utf8ToBytes(message) : message;
+    const prefix = utils.utf8ToBytes(
+      `Ethereum Signed Message:
+${messageBytes.length}`
+    );
+    const prefixedMessage = new Uint8Array(prefix.length + messageBytes.length);
+    prefixedMessage.set(prefix);
+    prefixedMessage.set(messageBytes, prefix.length);
+    const messageHash = `0x${utils.bytesToHex(sha3.keccak_256(prefixedMessage))}`;
+    const signingClient = new SigningClient({
+      apiClient: this.apiClient,
+      keyShare: this.keyShare,
+      partyPublicShares: this.partyPublicShares
+    });
+    const result = await signingClient.sign({
+      messageHash,
+      messageType: "message"
+    });
+    if (!result.success || !result.signature) {
+      throw new SDKError(
+        result.error ?? "Message signing failed",
+        "MESSAGE_SIGNING_FAILED"
+      );
+    }
+    return result.signature;
+  }
+  async signTypedData(domain, types, primaryType, value) {
+    const domainSeparator = this.hashTypedDataDomain(domain);
+    const structHash = this.hashTypedDataStruct(types, primaryType, value);
+    const messageHash = `0x${utils.bytesToHex(
+      sha3.keccak_256(
+        utils.hexToBytes(`1901${domainSeparator.slice(2)}${structHash.slice(2)}`)
+      )
+    )}`;
+    const signingClient = new SigningClient({
+      apiClient: this.apiClient,
+      keyShare: this.keyShare,
+      partyPublicShares: this.partyPublicShares
+    });
+    const result = await signingClient.sign({
+      messageHash,
+      messageType: "typed_data"
+    });
+    if (!result.success || !result.signature) {
+      throw new SDKError(
+        result.error ?? "Typed data signing failed",
+        "TYPED_DATA_SIGNING_FAILED"
+      );
+    }
+    return result.signature;
+  }
+  computeUserOpHash(userOp) {
+    const packed = this.packUserOp(userOp);
+    const userOpHash = sha3.keccak_256(packed);
+    const finalHash = sha3.keccak_256(
+      utils.hexToBytes(
+        utils.bytesToHex(userOpHash) + this.entryPointAddress.slice(2).toLowerCase().padStart(64, "0") + this.chainId.toString(16).padStart(64, "0")
+      )
+    );
+    return `0x${utils.bytesToHex(finalHash)}`;
+  }
+  packUserOp(userOp) {
+    const initCodeHash = sha3.keccak_256(utils.hexToBytes(userOp.initCode.slice(2) || ""));
+    const callDataHash = sha3.keccak_256(utils.hexToBytes(userOp.callData.slice(2) || ""));
+    const paymasterAndDataHash = sha3.keccak_256(
+      utils.hexToBytes(userOp.paymasterAndData.slice(2) || "")
+    );
+    const packed = userOp.sender.slice(2).toLowerCase().padStart(64, "0") + userOp.nonce.toString(16).padStart(64, "0") + utils.bytesToHex(initCodeHash) + utils.bytesToHex(callDataHash) + userOp.callGasLimit.toString(16).padStart(64, "0") + userOp.verificationGasLimit.toString(16).padStart(64, "0") + userOp.preVerificationGas.toString(16).padStart(64, "0") + userOp.maxFeePerGas.toString(16).padStart(64, "0") + userOp.maxPriorityFeePerGas.toString(16).padStart(64, "0") + utils.bytesToHex(paymasterAndDataHash);
+    return utils.hexToBytes(packed);
+  }
+  encodeExecuteBatch(transactions) {
+    if (transactions.length === 1) {
+      const tx = transactions[0];
+      const selector = "b61d27f6";
+      const to = tx.to.slice(2).toLowerCase().padStart(64, "0");
+      const value = (tx.value ?? 0n).toString(16).padStart(64, "0");
+      const dataOffset = "60".padStart(64, "0");
+      const data = tx.data?.slice(2) ?? "";
+      const dataLength = (data.length / 2).toString(16).padStart(64, "0");
+      return `0x${selector}${to}${value}${dataOffset}${dataLength}${data}`;
+    }
+    const n = transactions.length;
+    const destArraySize = 32 + n * 32;
+    const valueArraySize = 32 + n * 32;
+    const destOffset = 96;
+    const valueOffset = destOffset + destArraySize;
+    const funcOffset = valueOffset + valueArraySize;
+    let encoded = "18dfb3c7";
+    encoded += destOffset.toString(16).padStart(64, "0");
+    encoded += valueOffset.toString(16).padStart(64, "0");
+    encoded += funcOffset.toString(16).padStart(64, "0");
+    encoded += n.toString(16).padStart(64, "0");
+    for (const tx of transactions) {
+      encoded += tx.to.slice(2).toLowerCase().padStart(64, "0");
+    }
+    encoded += n.toString(16).padStart(64, "0");
+    for (const tx of transactions) {
+      encoded += (tx.value ?? 0n).toString(16).padStart(64, "0");
+    }
+    const funcDatas = transactions.map((tx) => {
+      const data = tx.data ?? "0x";
+      return data.startsWith("0x") ? data.slice(2) : data;
+    });
+    const funcElementOffsets = [];
+    let currentOffset = 32 + n * 32;
+    for (const funcData of funcDatas) {
+      funcElementOffsets.push(currentOffset);
+      const dataLen = funcData.length / 2;
+      const paddedLen = Math.ceil(dataLen / 32) * 32;
+      currentOffset += 32 + paddedLen;
+    }
+    encoded += n.toString(16).padStart(64, "0");
+    for (const offset of funcElementOffsets) {
+      encoded += offset.toString(16).padStart(64, "0");
+    }
+    for (const funcData of funcDatas) {
+      const dataLen = funcData.length / 2;
+      encoded += dataLen.toString(16).padStart(64, "0");
+      if (funcData.length > 0) {
+        const paddedLen = Math.ceil(dataLen / 32) * 32;
+        encoded += funcData.padEnd(paddedLen * 2, "0");
+      }
+    }
+    return `0x${encoded}`;
+  }
+  getInitCode() {
+    const selector = "5fbfb9cf";
+    const owner = this._eoaAddress.slice(2).toLowerCase().padStart(64, "0");
+    const salt = "0".padStart(64, "0");
+    return this.factoryAddress.toLowerCase() + selector + owner + salt;
+  }
+  async getNonce() {
+    const isDeployed = await this.isDeployed();
+    if (!isDeployed) {
+      return 0n;
+    }
+    if (this._cachedNonce !== null) {
+      return this._cachedNonce;
+    }
+    const smartWalletAddress = await this.getSmartWalletAddress();
+    const nonceKey = 0n;
+    const nonceData = await this.rpcConnection.call("eth_call", [
+      {
+        to: this.entryPointAddress,
+        data: `0x35567e1a${smartWalletAddress.slice(2).padStart(64, "0")}${nonceKey.toString(16).padStart(64, "0")}`
+      },
+      "latest"
+    ]);
+    const nonce = BigInt(nonceData);
+    this._cachedNonce = nonce;
+    return nonce;
+  }
+  async isDeployed() {
+    if (this._isDeployed !== null) {
+      return this._isDeployed;
+    }
+    try {
+      const smartWalletAddress = await this.getSmartWalletAddress();
+      const code = await this.rpcConnection.getCode(smartWalletAddress);
+      this._isDeployed = code !== "0x" && code.length > 2;
+      return this._isDeployed;
+    } catch {
+      return false;
+    }
+  }
+  async getFeeData() {
+    try {
+      const gasPrice = await this.rpcConnection.getGasPrice();
+      return {
+        maxFeePerGas: gasPrice * 2n,
+        maxPriorityFeePerGas: gasPrice / 10n
+      };
+    } catch {
+      return {
+        maxFeePerGas: 1000000000n,
+        maxPriorityFeePerGas: 1000000000n
+      };
+    }
+  }
+  async getPaymasterData(userOp) {
+    if (!this.paymasterUrl) {
+      return "0x";
+    }
+    try {
+      const userOpHex = this.userOpToHex(userOp);
+      const response = await fetch(this.paymasterUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          id: 1,
+          method: "pm_sponsorUserOperation",
+          params: [userOpHex, this.entryPointAddress, {}]
+        })
+      });
+      const data = await response.json();
+      if (data.error || !data.result?.paymasterAndData) {
+        return "0x";
+      }
+      return data.result.paymasterAndData;
+    } catch {
+      return "0x";
+    }
+  }
+  hashTypedDataDomain(domain) {
+    const domainFields = [];
+    let domainValues = "";
+    if (domain.name !== void 0) {
+      domainFields.push({ name: "name", type: "string" });
+      domainValues += utils.bytesToHex(
+        sha3.keccak_256(utils.utf8ToBytes(domain.name))
+      );
+    }
+    if (domain.version !== void 0) {
+      domainFields.push({ name: "version", type: "string" });
+      domainValues += utils.bytesToHex(
+        sha3.keccak_256(utils.utf8ToBytes(domain.version))
+      );
+    }
+    if (domain.chainId !== void 0) {
+      domainFields.push({ name: "chainId", type: "uint256" });
+      domainValues += BigInt(domain.chainId).toString(16).padStart(64, "0");
+    }
+    if (domain.verifyingContract !== void 0) {
+      domainFields.push({ name: "verifyingContract", type: "address" });
+      domainValues += stripHexPrefix(domain.verifyingContract).toLowerCase().padStart(64, "0");
+    }
+    if (domain.salt !== void 0) {
+      domainFields.push({ name: "salt", type: "bytes32" });
+      domainValues += stripHexPrefix(domain.salt).padStart(64, "0");
+    }
+    const domainTypeString = this.formatType("EIP712Domain", domainFields);
+    const domainTypeHash = `0x${utils.bytesToHex(sha3.keccak_256(utils.utf8ToBytes(domainTypeString)))}`;
+    return `0x${utils.bytesToHex(sha3.keccak_256(utils.hexToBytes(domainTypeHash.slice(2) + domainValues)))}`;
+  }
+  hashTypedDataStruct(types, primaryType, value) {
+    return this.hashStruct(primaryType, types, value);
+  }
+  encodeType(typeName, types) {
+    const fields = types[typeName];
+    if (!fields) {
+      throw new SDKError(`Unknown type: ${typeName}`, "INVALID_TYPE");
+    }
+    const deps = this.findTypeDependencies(typeName, types, /* @__PURE__ */ new Set());
+    deps.delete(typeName);
+    const sortedDeps = Array.from(deps).sort();
+    let result = this.formatType(typeName, fields);
+    for (const dep of sortedDeps) {
+      result += this.formatType(dep, types[dep]);
+    }
+    return result;
+  }
+  formatType(typeName, fields) {
+    return `${typeName}(${fields.map((f) => `${f.type} ${f.name}`).join(",")})`;
+  }
+  findTypeDependencies(typeName, types, found) {
+    if (found.has(typeName)) return found;
+    const fields = types[typeName];
+    if (!fields) return found;
+    found.add(typeName);
+    for (const field of fields) {
+      let baseType = field.type;
+      if (baseType.endsWith("[]")) {
+        baseType = baseType.slice(0, -2);
+      }
+      if (types[baseType]) {
+        this.findTypeDependencies(baseType, types, found);
+      }
+    }
+    return found;
+  }
+  hashType(typeName, types) {
+    const encodedType = this.encodeType(typeName, types);
+    return `0x${utils.bytesToHex(sha3.keccak_256(utils.utf8ToBytes(encodedType)))}`;
+  }
+  hashStruct(typeName, types, value) {
+    const fields = types[typeName];
+    if (!fields) {
+      throw new SDKError(`Unknown type: ${typeName}`, "INVALID_TYPE");
+    }
+    const typeHash = this.hashType(typeName, types);
+    let encodedValues = "";
+    for (const field of fields) {
+      const fieldValue = value[field.name];
+      encodedValues += this.encodeField(field.type, fieldValue, types);
+    }
+    return `0x${utils.bytesToHex(sha3.keccak_256(utils.hexToBytes(typeHash.slice(2) + encodedValues)))}`;
+  }
+  encodeField(type, value, types) {
+    if (type === "string") {
+      return utils.bytesToHex(sha3.keccak_256(utils.utf8ToBytes(value)));
+    }
+    if (type === "bytes") {
+      const bytesValue = stripHexPrefix(value);
+      return utils.bytesToHex(sha3.keccak_256(utils.hexToBytes(bytesValue)));
+    }
+    if (type === "bool") {
+      return (value ? 1n : 0n).toString(16).padStart(64, "0");
+    }
+    if (type === "address") {
+      return stripHexPrefix(value).toLowerCase().padStart(64, "0");
+    }
+    if (type.startsWith("uint") || type.startsWith("int")) {
+      const n = BigInt(value);
+      if (type.startsWith("int") && n < 0n) {
+        return ((1n << 256n) + n).toString(16).padStart(64, "0");
+      }
+      return n.toString(16).padStart(64, "0");
+    }
+    if (type.startsWith("bytes")) {
+      const bytesValue = stripHexPrefix(value);
+      return bytesValue.padEnd(64, "0");
+    }
+    if (types[type]) {
+      return this.hashStruct(
+        type,
+        types,
+        value
+      ).slice(2);
+    }
+    if (type.endsWith("[]")) {
+      const arrayType = type.slice(0, -2);
+      const arrayValue = value;
+      const encodedItems = arrayValue.map(
+        (item) => this.encodeField(arrayType, item, types)
+      );
+      return utils.bytesToHex(sha3.keccak_256(utils.hexToBytes(encodedItems.join(""))));
+    }
+    throw new SDKError(`Unsupported type: ${type}`, "UNSUPPORTED_TYPE");
+  }
+};
+
+// src/nero-sdk.ts
+var NeroMpcSDK = class {
+  constructor(config) {
+    this.wsClient = null;
+    this.keyManager = null;
+    this.deviceKey = null;
+    this._user = null;
+    this._wallet = null;
+    this._publicKey = null;
+    this._partyPublicShares = /* @__PURE__ */ new Map();
+    this._provider = null;
+    this._connectionStatus = "disconnected";
+    this._customChains = /* @__PURE__ */ new Map();
+    this._cachedWalletInfo = null;
+    this.config = {
+      chainId: 689,
+      storagePrefix: "nero",
+      autoConnect: true,
+      ...config
+    };
+    this._chainId = this.config.chainId;
+    this.apiClient = new APIClient(this.config);
+    this.chainManager = new ChainManager(this._chainId);
+    if (this.config.wsUrl) {
+      this.wsClient = new WebSocketClient(this.config.wsUrl);
+    }
+  }
+  get isAuthenticated() {
+    return this._user !== null && this.apiClient.getTokens() !== null;
+  }
+  get hasWallet() {
+    return this._wallet !== null;
+  }
+  get user() {
+    return this._user;
+  }
+  get wallet() {
+    return this._wallet;
+  }
+  get chainId() {
+    return this._chainId;
+  }
+  get connected() {
+    return this._connectionStatus === "connected";
+  }
+  get status() {
+    return this._connectionStatus;
+  }
+  get provider() {
+    return this._provider;
+  }
+  get state() {
+    return {
+      isAuthenticated: this.isAuthenticated,
+      isInitialized: this.keyManager !== null,
+      hasWallet: this.hasWallet,
+      user: this._user,
+      walletInfo: this._cachedWalletInfo,
+      chainId: this._chainId,
+      isConnected: this.connected
+    };
+  }
+  async getWalletInfo() {
+    if (!this._wallet) return null;
+    this._cachedWalletInfo = await this._wallet.getWalletInfo();
+    return this._cachedWalletInfo;
+  }
+  async initialize() {
+    this.deviceKey = this.loadOrGenerateDeviceKey();
+    this.keyManager = new ClientKeyManager(this.deviceKey, {
+      storagePrefix: this.config.storagePrefix
+    });
+    const storedTokens = this.loadStoredTokens();
+    if (storedTokens) {
+      this.apiClient.setTokens(storedTokens);
+      try {
+        this._user = await this.apiClient.getCurrentUser();
+        await this.initializeWallet();
+      } catch {
+        this.apiClient.clearTokens();
+        this.clearStoredTokens();
+      }
+    }
+  }
+  async getOAuthUrl(provider, redirectUri) {
+    return this.apiClient.getOAuthUrl(provider, redirectUri);
+  }
+  async handleOAuthCallback(provider, code, state) {
+    const fingerprint = this.getDeviceFingerprint();
+    const result = await this.apiClient.handleOAuthCallback(
+      provider,
+      code,
+      state,
+      fingerprint
+    );
+    this._user = result.user;
+    this.storeTokens(result.tokens);
+    if (this.keyManager && this._user) {
+      await this.keyManager.initialize(this._user.id);
+    }
+    if (!result.requiresDKG && result.wallet) {
+      await this.initializeWallet();
+      await this.connect();
+    }
+    return {
+      user: result.user,
+      requiresDKG: result.requiresDKG
+    };
+  }
+  async loginWithGoogle(redirectUri) {
+    const { url } = await this.getOAuthUrl(
+      "google",
+      redirectUri ?? window.location.href
+    );
+    window.location.href = url;
+  }
+  async loginWithGithub(redirectUri) {
+    const { url } = await this.getOAuthUrl(
+      "github",
+      redirectUri ?? window.location.href
+    );
+    window.location.href = url;
+  }
+  async loginWithApple(redirectUri) {
+    const { url } = await this.getOAuthUrl(
+      "apple",
+      redirectUri ?? window.location.href
+    );
+    window.location.href = url;
+  }
+  async generateWallet() {
+    if (!this._user) {
+      throw new SDKError("User not authenticated", "NOT_AUTHENTICATED");
+    }
+    if (!this.keyManager) {
+      throw new SDKError("SDK not initialized", "NOT_INITIALIZED");
+    }
+    const dkgClient = new DKGClient({
+      apiClient: this.apiClient,
+      wsClient: this.wsClient ?? void 0
+    });
+    const result = await dkgClient.execute();
+    if (!result.success) {
+      throw new SDKError(result.error ?? "DKG failed", "DKG_FAILED");
+    }
+    const keyShare = dkgClient.getKeyShare();
+    if (!keyShare) {
+      throw new SDKError("Failed to get key share", "KEY_SHARE_ERROR");
+    }
+    await this.keyManager.storeKeyShare(keyShare);
+    this._publicKey = result.publicKey;
+    this._partyPublicShares = dkgClient.getPartyPublicShares();
+    await this.keyManager.storePartyPublicShares(this._partyPublicShares);
+    this._wallet = this.createSmartWallet(
+      keyShare,
+      this._partyPublicShares,
+      this._publicKey
+    );
+    dkgClient.cleanup();
+    await this.connect();
+    this._cachedWalletInfo = await this._wallet.getWalletInfo();
+    return this._cachedWalletInfo;
+  }
+  async logout() {
+    try {
+      await this.apiClient.logout();
+    } catch {
+    }
+    this._user = null;
+    this._wallet = null;
+    this._publicKey = null;
+    this._connectionStatus = "disconnected";
+    this.apiClient.clearTokens();
+    this.clearStoredTokens();
+    if (this._provider) {
+      this._provider.disconnect();
+    }
+    if (this.wsClient) {
+      this.wsClient.disconnect();
+    }
+  }
+  async connect() {
+    if (!this._wallet) {
+      throw new SDKError("Wallet not available", "NO_WALLET");
+    }
+    this._connectionStatus = "connecting";
+    try {
+      this._provider = new NeroProvider({
+        chainId: this._chainId,
+        getAccounts: () => this.getAccounts(),
+        signMessage: (message) => this.signMessageInternal(message),
+        signTypedData: (domain, types, primaryType, message) => this.signTypedDataInternal(domain, types, primaryType, message),
+        sendTransaction: (tx) => this.sendTransactionInternal(tx),
+        onChainChanged: (chainId) => this.handleChainChanged(chainId)
+      });
+      this._provider.connect();
+      this._connectionStatus = "connected";
+      return this._provider;
+    } catch (error) {
+      this._connectionStatus = "errored";
+      throw error;
+    }
+  }
+  async disconnect() {
+    if (this._provider) {
+      this._provider.disconnect();
+    }
+    this._connectionStatus = "disconnected";
+    await this.logout();
+  }
+  getProvider() {
+    return this._provider;
+  }
+  getUserInfo() {
+    if (!this._user) return null;
+    return {
+      email: this._user.email,
+      name: this._user.displayName,
+      profileImage: this._user.profilePicture,
+      verifier: "nero-mpc",
+      verifierId: this._user.id,
+      typeOfLogin: "social"
+    };
+  }
+  async switchChain(chainId) {
+    const config = this.getChainConfigForId(chainId);
+    if (!config) {
+      throw new SDKError(`Chain ${chainId} not supported`, "UNSUPPORTED_CHAIN");
+    }
+    this._chainId = chainId;
+    await this.chainManager.switchChain(chainId);
+    if (this._provider) {
+      await this._provider.switchChain(chainId);
+    }
+    if (this._wallet && this.keyManager) {
+      const keyShare = await this.keyManager.getKeyShare();
+      if (keyShare) {
+        this._wallet = this.createSmartWallet(
+          keyShare,
+          this._partyPublicShares,
+          this._publicKey
+        );
+        this._cachedWalletInfo = await this._wallet.getWalletInfo();
+      }
+    }
+  }
+  addChain(config) {
+    this._customChains.set(config.chainId, config);
+    this.chainManager.addChain(config);
+    if (this._provider) {
+      this._provider.addChain(config);
+    }
+  }
+  getChainConfig(chainId) {
+    const targetChainId = chainId ?? this._chainId;
+    return this.getChainConfigForId(targetChainId);
+  }
+  getSupportedChainIds() {
+    const builtinIds = Array.from(BUILTIN_CHAINS.keys());
+    const customIds = Array.from(this._customChains.keys());
+    return [.../* @__PURE__ */ new Set([...builtinIds, ...customIds])];
+  }
+  getAccounts() {
+    if (!this._wallet) return [];
+    return [this._wallet.eoaAddress];
+  }
+  async signMessageInternal(message) {
+    if (!this._wallet) {
+      throw new SDKError("Wallet not available", "NO_WALLET");
+    }
+    const signature = await this._wallet.signMessage(message);
+    return signature.fullSignature;
+  }
+  async signTypedDataInternal(domain, types, primaryType, message) {
+    if (!this._wallet) {
+      throw new SDKError("Wallet not available", "NO_WALLET");
+    }
+    const signature = await this._wallet.signTypedData(
+      domain,
+      types,
+      primaryType,
+      message
+    );
+    return signature.fullSignature;
+  }
+  async sendTransactionInternal(tx) {
+    if (!this._wallet) {
+      throw new SDKError("Wallet not available", "NO_WALLET");
+    }
+    const txRequest = tx;
+    const userOp = await this._wallet.buildUserOperation({
+      to: txRequest.to,
+      value: txRequest.value ? BigInt(txRequest.value) : void 0,
+      data: txRequest.data
+    });
+    const result = await this._wallet.sendUserOperation(userOp);
+    return result.userOpHash;
+  }
+  handleChainChanged(chainId) {
+    this._chainId = chainId;
+  }
+  getChainConfigForId(chainId) {
+    return getChainConfig(chainId) ?? this._customChains.get(chainId);
+  }
+  createSmartWallet(keyShare, partyPublicShares, publicKey) {
+    const chainConfig = this.getChainConfigForId(this._chainId);
+    const rpcConnection = this.chainManager.getRpcConnection();
+    const bundlerUrl = chainConfig?.bundlerUrl ?? `${this.config.backendUrl}/api/v1/bundler`;
+    return new SmartWallet({
+      apiClient: this.apiClient,
+      keyShare,
+      partyPublicShares,
+      publicKey,
+      chainId: this._chainId,
+      rpcConnection,
+      bundlerUrl,
+      entryPointAddress: chainConfig?.entryPointAddress,
+      factoryAddress: chainConfig?.simpleAccountFactoryAddress,
+      paymasterUrl: chainConfig?.paymasterUrl
+    });
+  }
+  async exportBackup(password) {
+    if (!this.keyManager) {
+      throw new SDKError("SDK not initialized", "NOT_INITIALIZED");
+    }
+    return this.keyManager.exportBackup(password);
+  }
+  async importBackup(backupString, password) {
+    if (!this.keyManager || !this._user) {
+      throw new SDKError("SDK not initialized", "NOT_INITIALIZED");
+    }
+    const keyShare = await this.keyManager.importBackup(backupString, password);
+    await this.keyManager.storeKeyShare(keyShare);
+    await this.initializeWallet();
+  }
+  async initializeWallet() {
+    if (!this.keyManager || !this._user) {
+      return;
+    }
+    const keyShare = await this.keyManager.getKeyShare();
+    if (!keyShare) {
+      return;
+    }
+    const storedPartyShares = await this.keyManager.getPartyPublicShares();
+    if (!storedPartyShares) {
+      return;
+    }
+    try {
+      const walletInfo = await this.apiClient.getWalletInfo();
+      this._publicKey = walletInfo.publicKey;
+      this._partyPublicShares = storedPartyShares;
+      this._wallet = this.createSmartWallet(
+        keyShare,
+        this._partyPublicShares,
+        this._publicKey
+      );
+      this._cachedWalletInfo = await this._wallet.getWalletInfo();
+    } catch {
+    }
+  }
+  getDeviceFingerprint() {
+    return {
+      userAgent: typeof navigator !== "undefined" ? navigator.userAgent : "unknown"
+    };
+  }
+  loadOrGenerateDeviceKey() {
+    const storageKey = `${this.config.storagePrefix}:device_key`;
+    if (typeof localStorage !== "undefined") {
+      const stored = localStorage.getItem(storageKey);
+      if (stored) {
+        return stored;
+      }
+    }
+    const newKey = generateDeviceKey();
+    if (typeof localStorage !== "undefined") {
+      localStorage.setItem(storageKey, newKey);
+    }
+    return newKey;
+  }
+  storeTokens(tokens) {
+    if (typeof localStorage !== "undefined") {
+      localStorage.setItem(
+        `${this.config.storagePrefix}:tokens`,
+        JSON.stringify(tokens)
+      );
+    }
+  }
+  loadStoredTokens() {
+    if (typeof localStorage === "undefined") {
+      return null;
+    }
+    const stored = localStorage.getItem(`${this.config.storagePrefix}:tokens`);
+    if (!stored) {
+      return null;
+    }
+    try {
+      return JSON.parse(stored);
+    } catch {
+      return null;
+    }
+  }
+  clearStoredTokens() {
+    if (typeof localStorage !== "undefined") {
+      localStorage.removeItem(`${this.config.storagePrefix}:tokens`);
+    }
+  }
+};
+var NeroMpcAuthContext = react.createContext(
+  null
+);
+function useNeroMpcAuthContext() {
+  const context = react.useContext(NeroMpcAuthContext);
+  if (!context) {
+    throw new Error(
+      "useNeroMpcAuthContext must be used within a NeroMpcAuthProvider"
+    );
+  }
+  return context;
+}
+
+// src/react/theme/default-theme.ts
+var lightColors = {
+  primary: "#6366f1",
+  primaryHover: "#4f46e5",
+  secondary: "#8b5cf6",
+  secondaryHover: "#7c3aed",
+  background: "#ffffff",
+  backgroundSecondary: "#f9fafb",
+  surface: "#ffffff",
+  surfaceHover: "#f3f4f6",
+  text: "#111827",
+  textSecondary: "#374151",
+  textMuted: "#6b7280",
+  border: "#e5e7eb",
+  borderFocus: "#6366f1",
+  error: "#ef4444",
+  errorBackground: "#fef2f2",
+  success: "#22c55e",
+  successBackground: "#f0fdf4",
+  warning: "#f59e0b",
+  warningBackground: "#fffbeb",
+  overlay: "rgba(0, 0, 0, 0.5)"
+};
+var darkColors = {
+  primary: "#818cf8",
+  primaryHover: "#6366f1",
+  secondary: "#a78bfa",
+  secondaryHover: "#8b5cf6",
+  background: "#0f172a",
+  backgroundSecondary: "#1e293b",
+  surface: "#1e293b",
+  surfaceHover: "#334155",
+  text: "#f8fafc",
+  textSecondary: "#e2e8f0",
+  textMuted: "#94a3b8",
+  border: "#334155",
+  borderFocus: "#818cf8",
+  error: "#f87171",
+  errorBackground: "#450a0a",
+  success: "#4ade80",
+  successBackground: "#052e16",
+  warning: "#fbbf24",
+  warningBackground: "#451a03",
+  overlay: "rgba(0, 0, 0, 0.7)"
+};
+var typography = {
+  fontFamily: '-apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif',
+  fontFamilyMono: 'ui-monospace, SFMono-Regular, "SF Mono", Menlo, Consolas, monospace',
+  fontSizeXs: "0.75rem",
+  fontSizeSm: "0.875rem",
+  fontSizeMd: "1rem",
+  fontSizeLg: "1.125rem",
+  fontSizeXl: "1.25rem",
+  fontWeightNormal: 400,
+  fontWeightMedium: 500,
+  fontWeightSemibold: 600,
+  fontWeightBold: 700,
+  lineHeightTight: 1.25,
+  lineHeightNormal: 1.5,
+  lineHeightRelaxed: 1.75
+};
+var spacing = {
+  xs: "0.25rem",
+  sm: "0.5rem",
+  md: "1rem",
+  lg: "1.5rem",
+  xl: "2rem",
+  xxl: "3rem"
+};
+var borderRadius = {
+  none: "0",
+  sm: "0.25rem",
+  md: "0.375rem",
+  lg: "0.5rem",
+  xl: "0.75rem",
+  full: "9999px"
+};
+var shadows = {
+  sm: "0 1px 2px 0 rgb(0 0 0 / 0.05)",
+  md: "0 4px 6px -1px rgb(0 0 0 / 0.1), 0 2px 4px -2px rgb(0 0 0 / 0.1)",
+  lg: "0 10px 15px -3px rgb(0 0 0 / 0.1), 0 4px 6px -4px rgb(0 0 0 / 0.1)",
+  xl: "0 20px 25px -5px rgb(0 0 0 / 0.1), 0 8px 10px -6px rgb(0 0 0 / 0.1)"
+};
+var lightTheme = {
+  mode: "light",
+  colors: lightColors,
+  typography,
+  spacing,
+  borderRadius,
+  shadows
+};
+var darkTheme = {
+  mode: "dark",
+  colors: darkColors,
+  typography,
+  spacing,
+  borderRadius,
+  shadows
+};
+function getDefaultTheme(mode) {
+  return mode === "dark" ? darkTheme : lightTheme;
+}
+function createTheme(mode, overrides) {
+  const base = getDefaultTheme(mode);
+  if (!overrides) {
+    return base;
+  }
+  return {
+    ...base,
+    colors: {
+      ...base.colors,
+      ...overrides.primary && { primary: overrides.primary },
+      ...overrides.secondary && { secondary: overrides.secondary },
+      ...overrides.background && { background: overrides.background },
+      ...overrides.text && { text: overrides.text },
+      ...overrides.border && { border: overrides.border }
+    },
+    typography: {
+      ...base.typography,
+      ...overrides.fontFamily && { fontFamily: overrides.fontFamily }
+    }
+  };
+}
+var ThemeContext = react.createContext(null);
+function getSystemTheme() {
+  if (typeof window === "undefined" || !window.matchMedia) {
+    return "light";
+  }
+  try {
+    return window.matchMedia("(prefers-color-scheme: dark)").matches ? "dark" : "light";
+  } catch {
+    return "light";
+  }
+}
+function ThemeProvider({
+  children,
+  uiConfig,
+  defaultMode = "auto"
+}) {
+  const [mode, setMode] = react.useState(defaultMode);
+  const [systemTheme, setSystemTheme] = react.useState(
+    getSystemTheme
+  );
+  react.useEffect(() => {
+    if (typeof window === "undefined" || !window.matchMedia) return void 0;
+    try {
+      const mediaQuery = window.matchMedia("(prefers-color-scheme: dark)");
+      const handleChange = (e) => {
+        setSystemTheme(e.matches ? "dark" : "light");
+      };
+      mediaQuery.addEventListener("change", handleChange);
+      return () => mediaQuery.removeEventListener("change", handleChange);
+    } catch {
+      return void 0;
+    }
+  }, []);
+  const resolvedMode = react.useMemo(() => {
+    if (mode === "auto") {
+      return systemTheme;
+    }
+    return mode;
+  }, [mode, systemTheme]);
+  const theme = react.useMemo(() => {
+    const overrides = uiConfig?.theme;
+    if (overrides) {
+      return createTheme(resolvedMode, overrides);
+    }
+    return getDefaultTheme(resolvedMode);
+  }, [resolvedMode, uiConfig?.theme]);
+  const logo = react.useMemo(() => {
+    if (!uiConfig) return void 0;
+    return resolvedMode === "dark" ? uiConfig.logoDark : uiConfig.logoLight;
+  }, [uiConfig, resolvedMode]);
+  const config = react.useMemo(() => {
+    return {
+      appName: uiConfig?.appName ?? "NERO MPC Wallet",
+      logoLight: uiConfig?.logoLight,
+      logoDark: uiConfig?.logoDark,
+      mode: uiConfig?.mode ?? defaultMode,
+      theme: uiConfig?.theme,
+      defaultLanguage: uiConfig?.defaultLanguage ?? "en"
+    };
+  }, [uiConfig, defaultMode]);
+  const handleSetMode = react.useCallback((newMode) => {
+    setMode(newMode);
+    if (typeof localStorage !== "undefined") {
+      localStorage.setItem("nero-theme-mode", newMode);
+    }
+  }, []);
+  react.useEffect(() => {
+    if (typeof localStorage === "undefined") return;
+    const stored = localStorage.getItem("nero-theme-mode");
+    if (stored && ["light", "dark", "auto"].includes(stored)) {
+      setMode(stored);
+    }
+  }, []);
+  const value = react.useMemo(
+    () => ({
+      theme,
+      mode,
+      resolvedMode,
+      setMode: handleSetMode,
+      uiConfig: config,
+      logo
+    }),
+    [theme, mode, resolvedMode, handleSetMode, config, logo]
+  );
+  return /* @__PURE__ */ jsxRuntime.jsx(ThemeContext.Provider, { value, children });
+}
+function useTheme() {
+  const context = react.useContext(ThemeContext);
+  if (!context) {
+    throw new Error("useTheme must be used within a ThemeProvider");
+  }
+  return context;
+}
+function useThemeColors() {
+  const { theme } = useTheme();
+  return theme.colors;
+}
+function useResolvedMode() {
+  const { resolvedMode } = useTheme();
+  return resolvedMode;
+}
+var DEFAULT_STATE = {
+  isAuthenticated: false,
+  isInitialized: false,
+  hasWallet: false,
+  user: null,
+  walletInfo: null,
+  chainId: 689,
+  isConnected: false
+};
+function NeroMpcAuthProvider({
+  children,
+  config,
+  autoConnect = true,
+  uiConfig,
+  themeMode = "auto"
+}) {
+  const [sdk, setSdk] = react.useState(null);
+  const [state, setState] = react.useState(DEFAULT_STATE);
+  const [isLoading, setIsLoading] = react.useState(true);
+  const [error, setError] = react.useState(null);
+  react.useEffect(() => {
+    const initializeSDK = async () => {
+      try {
+        setIsLoading(true);
+        setError(null);
+        const instance = new NeroMpcSDK(config);
+        setSdk(instance);
+        if (autoConnect) {
+          await instance.initialize();
+        }
+        setState(instance.state);
+      } catch (err) {
+        setError(err instanceof Error ? err : new Error(String(err)));
+      } finally {
+        setIsLoading(false);
+      }
+    };
+    initializeSDK();
+  }, [config.backendUrl, config.chainId, autoConnect]);
+  react.useEffect(() => {
+    if (sdk) {
+      setState(sdk.state);
+    }
+  }, [sdk?.isAuthenticated, sdk?.hasWallet, sdk?.user]);
+  const contextValue = react.useMemo(
+    () => ({
+      sdk,
+      state,
+      isLoading,
+      error
+    }),
+    [sdk, state, isLoading, error]
+  );
+  return /* @__PURE__ */ jsxRuntime.jsx(ThemeProvider, { uiConfig, defaultMode: themeMode, children: /* @__PURE__ */ jsxRuntime.jsx(NeroMpcAuthContext.Provider, { value: contextValue, children }) });
+}
+
+// src/react/hooks/useNeroMpcAuth.ts
+function useNeroMpcAuth() {
+  const { sdk, state, isLoading, error } = useNeroMpcAuthContext();
+  return {
+    ...state,
+    sdk,
+    isLoading,
+    error
+  };
+}
+function useNeroConnect() {
+  const { sdk } = useNeroMpcAuthContext();
+  const [isConnecting, setIsConnecting] = react.useState(false);
+  const [error, setError] = react.useState(null);
+  const connect = react.useCallback(
+    async (provider, redirectUri) => {
+      if (!sdk) {
+        throw new Error("SDK not initialized");
+      }
+      setIsConnecting(true);
+      setError(null);
+      try {
+        switch (provider) {
+          case "google":
+            await sdk.loginWithGoogle(redirectUri);
+            break;
+          case "github":
+            await sdk.loginWithGithub(redirectUri);
+            break;
+          case "apple":
+            await sdk.loginWithApple(redirectUri);
+            break;
+          default:
+            throw new Error(`Unsupported provider: ${provider}`);
+        }
+      } catch (err) {
+        const error2 = err instanceof Error ? err : new Error(String(err));
+        setError(error2);
+        throw error2;
+      } finally {
+        setIsConnecting(false);
+      }
+    },
+    [sdk]
+  );
+  const handleCallback = react.useCallback(
+    async (provider, code, state) => {
+      if (!sdk) {
+        throw new Error("SDK not initialized");
+      }
+      setIsConnecting(true);
+      setError(null);
+      try {
+        const result = await sdk.handleOAuthCallback(provider, code, state);
+        return result;
+      } catch (err) {
+        const error2 = err instanceof Error ? err : new Error(String(err));
+        setError(error2);
+        throw error2;
+      } finally {
+        setIsConnecting(false);
+      }
+    },
+    [sdk]
+  );
+  return {
+    connect,
+    handleCallback,
+    isConnecting,
+    error
+  };
+}
+function useNeroDisconnect() {
+  const { sdk } = useNeroMpcAuthContext();
+  const [isDisconnecting, setIsDisconnecting] = react.useState(false);
+  const [error, setError] = react.useState(null);
+  const disconnect = react.useCallback(async () => {
+    if (!sdk) {
+      throw new Error("SDK not initialized");
+    }
+    setIsDisconnecting(true);
+    setError(null);
+    try {
+      await sdk.logout();
+    } catch (err) {
+      const error2 = err instanceof Error ? err : new Error(String(err));
+      setError(error2);
+      throw error2;
+    } finally {
+      setIsDisconnecting(false);
+    }
+  }, [sdk]);
+  return {
+    disconnect,
+    isDisconnecting,
+    error
+  };
+}
+
+// src/react/hooks/useNeroUser.ts
+function useNeroUser() {
+  const { state } = useNeroMpcAuthContext();
+  return {
+    user: state.user,
+    isAuthenticated: state.isAuthenticated
+  };
+}
+function useNeroWallet() {
+  const { sdk, state } = useNeroMpcAuthContext();
+  const [isGenerating, setIsGenerating] = react.useState(false);
+  const [isSigning, setIsSigning] = react.useState(false);
+  const [error, setError] = react.useState(null);
+  const generateWallet = react.useCallback(async () => {
+    if (!sdk) {
+      throw new Error("SDK not initialized");
+    }
+    setIsGenerating(true);
+    setError(null);
+    try {
+      const walletInfo = await sdk.generateWallet();
+      return walletInfo;
+    } catch (err) {
+      const error2 = err instanceof Error ? err : new Error(String(err));
+      setError(error2);
+      throw error2;
+    } finally {
+      setIsGenerating(false);
+    }
+  }, [sdk]);
+  const signMessage = react.useCallback(
+    async (message) => {
+      if (!sdk?.wallet) {
+        throw new Error("Wallet not available");
+      }
+      setIsSigning(true);
+      setError(null);
+      try {
+        const result = await sdk.wallet.signMessage(message);
+        return result;
+      } catch (err) {
+        const error2 = err instanceof Error ? err : new Error(String(err));
+        setError(error2);
+        throw error2;
+      } finally {
+        setIsSigning(false);
+      }
+    },
+    [sdk]
+  );
+  const signTypedData = react.useCallback(
+    async (domain, types, primaryType, value) => {
+      if (!sdk?.wallet) {
+        throw new Error("Wallet not available");
+      }
+      setIsSigning(true);
+      setError(null);
+      try {
+        const result = await sdk.wallet.signTypedData(
+          domain,
+          types,
+          primaryType,
+          value
+        );
+        return result;
+      } catch (err) {
+        const error2 = err instanceof Error ? err : new Error(String(err));
+        setError(error2);
+        throw error2;
+      } finally {
+        setIsSigning(false);
+      }
+    },
+    [sdk]
+  );
+  return {
+    wallet: state.walletInfo,
+    hasWallet: state.hasWallet,
+    generateWallet,
+    signMessage,
+    signTypedData,
+    isGenerating,
+    isSigning,
+    error
+  };
+}
+
+exports.NeroMpcAuthContext = NeroMpcAuthContext;
+exports.NeroMpcAuthProvider = NeroMpcAuthProvider;
+exports.ThemeProvider = ThemeProvider;
+exports.createTheme = createTheme;
+exports.darkTheme = darkTheme;
+exports.getDefaultTheme = getDefaultTheme;
+exports.lightTheme = lightTheme;
+exports.useNeroConnect = useNeroConnect;
+exports.useNeroDisconnect = useNeroDisconnect;
+exports.useNeroMpcAuth = useNeroMpcAuth;
+exports.useNeroMpcAuthContext = useNeroMpcAuthContext;
+exports.useNeroUser = useNeroUser;
+exports.useNeroWallet = useNeroWallet;
+exports.useResolvedMode = useResolvedMode;
+exports.useTheme = useTheme;
+exports.useThemeColors = useThemeColors;
+//# sourceMappingURL=react.js.map
+//# sourceMappingURL=react.js.map