npm - @scriptmasterlabs/mcp-x402 - Versions diffs - 2.0.2 → 2.1.0 - Mend

@scriptmasterlabs/mcp-x402 2.0.2 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (93) hide show

package/.well-known/agentcard.json +34 -34
package/.well-known/ai.txt +32 -0
package/CONTRIBUTING.md +76 -76
package/LICENSE +21 -21
package/README.md +304 -304
package/agents.json +81 -67
package/ai/faq.json +74 -0
package/ai/summary.json +157 -0
package/dist/lib/chains/base.d.ts.map +1 -1
package/dist/lib/chains/base.js +2 -0
package/dist/lib/chains/base.js.map +1 -1
package/dist/lib/credit/bureau.d.ts +7 -1
package/dist/lib/credit/bureau.d.ts.map +1 -1
package/dist/lib/credit/bureau.js +40 -10
package/dist/lib/credit/bureau.js.map +1 -1
package/dist/server/index.js +128 -5
package/dist/server/index.js.map +1 -1
package/llms.txt +170 -70
package/package.json +78 -78
package/server.json +52 -48
package/.env.example +0 -35
package/.github/workflows/ci.yml +0 -59
package/.github/workflows/keepalive.yml +0 -31
package/Dockerfile +0 -19
package/docker-compose.yml +0 -50
package/mcp-publisher.exe +0 -0
package/render.yaml +0 -39
package/sdk/mcp-x402-sdk/package.json +0 -18
package/sdk/mcp-x402-sdk/src/index.ts +0 -118
package/sdk/mcp-x402-sdk/tsconfig.json +0 -14
package/services/backtest_service.py +0 -176
package/src/lib/chains/base.ts +0 -77
package/src/lib/chains/solana.ts +0 -59
package/src/lib/chains/xrpl.ts +0 -63
package/src/lib/credit/bureau.ts +0 -65
package/src/lib/sml-api/agentcard.ts +0 -40
package/src/lib/sml-api/backtest.ts +0 -47
package/src/lib/sml-api/brokers.ts +0 -160
package/src/lib/sml-api/copytrader.ts +0 -33
package/src/lib/sml-api/crawl.ts +0 -44
package/src/lib/sml-api/echo.ts +0 -28
package/src/lib/sml-api/forge.ts +0 -33
package/src/lib/sml-api/ftd.ts +0 -53
package/src/lib/sml-api/ghost.ts +0 -35
package/src/lib/sml-api/launchpad.ts +0 -43
package/src/lib/sml-api/leviathan.ts +0 -49
package/src/lib/sml-api/nexus.ts +0 -50
package/src/lib/sml-api/proof402.ts +0 -27
package/src/lib/sml-api/rails.ts +0 -34
package/src/lib/sml-api/shadow.ts +0 -35
package/src/lib/sml-api/squeezeos.ts +0 -95
package/src/lib/sml-api/xdeo.ts +0 -40
package/src/lib/sml-api/xmit.ts +0 -40
package/src/server/health.ts +0 -52
package/src/server/index.ts +0 -213
package/src/server/payments/ap2.ts +0 -101
package/src/server/payments/receipt.ts +0 -85
package/src/server/payments/router.ts +0 -110
package/src/server/payments/wallet.ts +0 -123
package/src/server/payments/x402.ts +0 -177
package/src/server/registry/catalog.ts +0 -61
package/src/server/registry/discovery.ts +0 -39
package/src/server/registry/pricing.ts +0 -133
package/src/server/security/acl.ts +0 -42
package/src/server/security/audit.ts +0 -94
package/src/server/security/rate-limit.ts +0 -84
package/src/server/security/sandbox.ts +0 -40
package/src/server/tools/agentcard.ts +0 -134
package/src/server/tools/backtest.ts +0 -119
package/src/server/tools/brokers.ts +0 -250
package/src/server/tools/copytrader.ts +0 -104
package/src/server/tools/crawl.ts +0 -70
package/src/server/tools/discovery.ts +0 -202
package/src/server/tools/echo.ts +0 -58
package/src/server/tools/forge.ts +0 -87
package/src/server/tools/ftd.ts +0 -88
package/src/server/tools/ghost.ts +0 -93
package/src/server/tools/index.ts +0 -42
package/src/server/tools/launchpad.ts +0 -173
package/src/server/tools/leviathan.ts +0 -81
package/src/server/tools/nexus.ts +0 -76
package/src/server/tools/proof402.ts +0 -87
package/src/server/tools/rails.ts +0 -92
package/src/server/tools/shadow.ts +0 -128
package/src/server/tools/squeezeos.ts +0 -312
package/src/server/tools/xdeo.ts +0 -67
package/src/server/tools/xmit.ts +0 -68
package/tests/integration/e2e.test.ts +0 -51
package/tests/unit/payments.test.ts +0 -49
package/tests/unit/security.test.ts +0 -92
package/tests/unit/tools.test.ts +0 -42
package/tsconfig.json +0 -21
package/vitest.config.ts +0 -20

package/src/server/index.ts DELETED Viewed

@@ -1,213 +0,0 @@
-#!/usr/bin/env node
-import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
-import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
-import { SSEServerTransport } from '@modelcontextprotocol/sdk/server/sse.js';
-import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
-import express from 'express';
-import { randomUUID } from 'crypto';
-import cors from 'cors';
-import { registerTools } from './tools/index.js';
-import { AuditLogger } from './security/audit.js';
-import { RateLimiter } from './security/rate-limit.js';
-import { healthHandler } from './health.js';
-const VERSION = '1.0.0';
-async function createServer(): Promise<McpServer> {
-  const server = new McpServer(
-    { name: 'mcp-x402', version: VERSION },
-    { capabilities: { tools: {} } },
-  );
-  await registerTools(server);
-  return server;
-}
-async function runStdio(): Promise<void> {
-  const server = await createServer();
-  const transport = new StdioServerTransport();
-  await server.connect(transport);
-  AuditLogger.getInstance().info('server_start', { transport: 'stdio', version: VERSION });
-  const shutdown = async () => {
-    AuditLogger.getInstance().info('server_stop', { transport: 'stdio' });
-    await server.close();
-    process.exit(0);
-  };
-  process.on('SIGINT', shutdown);
-  process.on('SIGTERM', shutdown);
-  // Keep stdio process alive
-  process.stdin.on('end', () => {
-    AuditLogger.getInstance().warn('stdio_stdin_end', {});
-    process.exit(0);
-  });
-}
-async function runSSE(): Promise<void> {
-  const app = express();
-  const port = parseInt(process.env['MCP_SSE_PORT'] ?? '3402', 10);
-  app.use(cors({ origin: process.env['CORS_ORIGIN'] ?? '*' }));
-  app.use(express.json({ limit: '1mb' }));
-  // Health endpoint
-  app.get('/health', healthHandler);
-  // Wallet info — shows the server's derived wallet address (safe to expose, no private key)
-  app.get('/wallet', async (_req, res) => {
-    const { WalletManager } = await import('./payments/wallet.js');
-    const wallet = await WalletManager.getInstance().getOrCreateWallet();
-    res.json({ address: wallet.address, chain: wallet.chain, note: 'Fund this address with USDC on Base to enable outbound payments.' });
-  });
-  app.get('/agents.json', (_req, res) => {
-    res.sendFile('agents.json', { root: process.cwd() });
-  });
-  app.get('/llms.txt', (_req, res) => {
-    res.sendFile('llms.txt', { root: process.cwd() });
-  });
-  app.get('/.well-known/agentcard.json', (_req, res) => {
-    res.sendFile('.well-known/agentcard.json', { root: process.cwd() });
-  });
-  // FIX: Root handler — was 404, now returns service discovery
-  app.get('/', (_req, res) => {
-    res.json({
-      name: 'mcp-x402',
-      version: VERSION,
-      description: 'The x402 Amazon — 43+ tools, pay-per-call via XRPL. scriptmasterlabs.com',
-      status: 'online',
-      transport: 'streamable-http + sse',
-      endpoints: {
-        mcp_streamable: 'POST /mcp',
-        sse_connect: 'GET /sse',
-        sse_messages: 'POST /messages',
-        health: 'GET /health',
-        agentCard: 'GET /.well-known/agentcard.json',
-        llms: 'GET /llms.txt',
-      },
-      links: {
-        github: 'https://github.com/Timwal78/SML_Portfolio/tree/main/mcp-x402',
-        homepage: 'https://scriptmasterlabs.com',
-      },
-    });
-  });
-  // Streamable HTTP transport — claude.ai web connectors
-  const streamableTransports = new Map<string, StreamableHTTPServerTransport>();
-  app.post('/mcp', async (req, res) => {
-    const sessionId = req.headers['mcp-session-id'] as string | undefined;
-    let transport = sessionId ? streamableTransports.get(sessionId) : undefined;
-    if (!transport) {
-      const newSessionId = randomUUID();
-      transport = new StreamableHTTPServerTransport({ sessionIdGenerator: () => newSessionId });
-      streamableTransports.set(newSessionId, transport);
-      transport.onclose = () => streamableTransports.delete(newSessionId);
-      const server = await createServer();
-      await server.connect(transport);
-      AuditLogger.getInstance().info('mcp_connect', { sessionId: newSessionId });
-    }
-    await transport.handleRequest(req, res, req.body);
-  });
-  // FIX: GET /mcp with no session was 404, now returns service info
-  app.get('/mcp', async (req, res) => {
-    const sessionId = req.headers['mcp-session-id'] as string | undefined;
-    const transport = sessionId ? streamableTransports.get(sessionId) : undefined;
-    if (!transport) {
-      res.json({
-        name: 'mcp-x402',
-        version: VERSION,
-        protocol: 'MCP/streamable-http',
-        status: 'ready',
-        tools: '43+ tools available',
-        how_to_connect: 'POST /mcp with a JSON-RPC initialize request',
-        sse_alternative: 'GET /sse for legacy SSE transport',
-        health: '/health',
-        homepage: 'https://scriptmasterlabs.com',
-      });
-      return;
-    }
-    await transport.handleRequest(req, res);
-  });
-  app.delete('/mcp', async (req, res) => {
-    const sessionId = req.headers['mcp-session-id'] as string | undefined;
-    const transport = sessionId ? streamableTransports.get(sessionId) : undefined;
-    if (!transport) { res.status(404).json({ error: 'session_not_found' }); return; }
-    await transport.handleRequest(req, res);
-  });
-  const transports = new Map<string, SSEServerTransport>();
-  const rateLimiter = RateLimiter.getInstance();
-  app.get('/sse', async (req, res) => {
-    const clientIp = req.ip ?? 'unknown';
-    if (!rateLimiter.checkIp(clientIp)) {
-      res.status(429).json({ error: 'rate_limit_exceeded', retry_after: 60 });
-      return;
-    }
-    const transport = new SSEServerTransport('/messages', res);
-    const sessionId = transport.sessionId;
-    transports.set(sessionId, transport);
-    const server = await createServer();
-    await server.connect(transport);
-    AuditLogger.getInstance().info('sse_connect', { sessionId, clientIp });
-    res.on('close', async () => {
-      transports.delete(sessionId);
-      AuditLogger.getInstance().info('sse_disconnect', { sessionId });
-      await server.close();
-    });
-  });
-  app.post('/messages', async (req, res) => {
-    const sessionId = req.query['sessionId'] as string | undefined;
-    if (!sessionId) { res.status(400).json({ error: 'missing_session_id' }); return; }
-    const transport = transports.get(sessionId);
-    if (!transport) { res.status(404).json({ error: 'session_not_found' }); return; }
-    await transport.handlePostMessage(req, res);
-  });
-  const httpServer = await new Promise<ReturnType<typeof app.listen>>(
-    (resolve) => {
-      const s = app.listen(port, () => resolve(s));
-    },
-  );
-  AuditLogger.getInstance().info('server_start', { transport: 'sse', port, version: VERSION });
-  console.error(`[mcp-x402] listening on :${port} — health: http://localhost:${port}/health`);
-  const shutdown = async () => {
-    AuditLogger.getInstance().info('server_stop', { transport: 'sse' });
-    for (const [id] of transports) {
-      AuditLogger.getInstance().info('sse_force_close', { sessionId: id });
-    }
-    httpServer.close(() => process.exit(0));
-    setTimeout(() => process.exit(1), 10_000).unref();
-  };
-  process.on('SIGINT', shutdown);
-  process.on('SIGTERM', shutdown);
-  process.on('uncaughtException', (err) => {
-    AuditLogger.getInstance().error('uncaught_exception', { error: String(err), stack: err.stack ?? '' });
-  });
-  process.on('unhandledRejection', (reason) => {
-    AuditLogger.getInstance().error('unhandledRejection', { reason: String(reason) });
-  });
-}
-const transport = process.env['MCP_TRANSPORT'] ?? 'stdio';
-if (transport === 'sse') {
-  runSSE().catch((err) => {
-    console.error('[mcp-x402] fatal:', err);
-    process.exit(1);
-  });
-} else {
-  runStdio().catch((err) => {
-    console.error('[mcp-x402] fatal:', err);
-    process.exit(1);
-  });
-}

package/src/server/payments/ap2.ts DELETED Viewed

@@ -1,101 +0,0 @@
-import { AuditLogger } from '../security/audit.js';
-export interface MandateParams {
-  maxAmount: string;
-  currency: string;
-  toolName: string;
-}
-interface MandateCache {
-  valid: boolean;
-  expiresAt: number;
-}
-// In-memory mandate cache — 5 minute TTL per wallet+tool combination
-const mandateCache = new Map<string, MandateCache>();
-export class AP2Client {
-  private static instance: AP2Client;
-  private readonly baseUrl: string;
-  private constructor() {
-    this.baseUrl = process.env['SML_API_BASE'] ?? 'https://api.scriptmasterlabs.com';
-  }
-  static getInstance(): AP2Client {
-    if (!AP2Client.instance) {
-      AP2Client.instance = new AP2Client();
-    }
-    return AP2Client.instance;
-  }
-  async verifyMandate(wallet: string, params: MandateParams): Promise<boolean> {
-    const cacheKey = `${wallet}:${params.toolName}:${params.currency}`;
-    const cached = mandateCache.get(cacheKey);
-    if (cached && cached.expiresAt > Date.now()) {
-      return cached.valid;
-    }
-    const audit = AuditLogger.getInstance();
-    try {
-      const controller = new AbortController();
-      const timeout = setTimeout(() => controller.abort(), 5000);
-      const res = await fetch(`${this.baseUrl}/ap2/v1/mandate/verify`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({
-          wallet,
-          max_amount: params.maxAmount,
-          currency: params.currency,
-          tool: params.toolName,
-        }),
-        signal: controller.signal,
-      });
-      clearTimeout(timeout);
-      if (!res.ok) {
-        audit.warn('ap2_mandate_http_error', { status: res.status, wallet });
-        mandateCache.set(cacheKey, { valid: false, expiresAt: Date.now() + 60_000 });
-        return false;
-      }
-      const body = (await res.json()) as { valid: boolean; expires_in?: number };
-      const ttl = (body.expires_in ?? 300) * 1000;
-      mandateCache.set(cacheKey, { valid: body.valid, expiresAt: Date.now() + ttl });
-      return body.valid;
-    } catch (err) {
-      audit.error('ap2_mandate_error', { error: String(err), wallet });
-      // Fail open when AP2 service is unreachable — log and allow
-      audit.warn('ap2_mandate_fallback', { wallet, tool: params.toolName, note: 'AP2 unreachable, auto-approving' });
-      mandateCache.set(cacheKey, { valid: true, expiresAt: Date.now() + 60_000 });
-      return true;
-    }
-  }
-  async createMandate(
-    wallet: string,
-    params: { dailyCap: string; currency: string },
-  ): Promise<string> {
-    const res = await fetch(`${this.baseUrl}/ap2/v1/mandate/create`, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({
-        wallet,
-        daily_cap: params.dailyCap,
-        currency: params.currency,
-      }),
-    });
-    if (!res.ok) {
-      throw new Error(`AP2 mandate creation failed: HTTP ${res.status}`);
-    }
-    const body = (await res.json()) as { mandate_id: string };
-    return body.mandate_id;
-  }
-}

package/src/server/payments/receipt.ts DELETED Viewed

@@ -1,85 +0,0 @@
-import { createHash, randomUUID } from 'crypto';
-import { AuditLogger } from '../security/audit.js';
-export interface ReceiptInput {
-  txHash: string;
-  chain: string;
-  amount: string;
-  currency: string;
-  tool: string;
-  wallet: string;
-}
-export interface Receipt {
-  id: string;
-  txHash: string;
-  chain: string;
-  amount: string;
-  currency: string;
-  tool: string;
-  wallet: string;
-  issuedAt: number;
-  hash: string;
-}
-export class ReceiptStore {
-  private static instance: ReceiptStore;
-  private readonly baseUrl: string;
-  private constructor() {
-    this.baseUrl = process.env['SML_API_BASE'] ?? 'https://api.scriptmasterlabs.com';
-  }
-  static getInstance(): ReceiptStore {
-    if (!ReceiptStore.instance) {
-      ReceiptStore.instance = new ReceiptStore();
-    }
-    return ReceiptStore.instance;
-  }
-  async create(input: ReceiptInput): Promise<Receipt> {
-    const id = randomUUID();
-    const issuedAt = Date.now();
-    // Content hash for tamper detection
-    const hash = createHash('sha256')
-      .update(`${id}:${input.txHash}:${input.chain}:${input.amount}:${input.currency}:${input.tool}:${input.wallet}:${issuedAt}`)
-      .digest('hex');
-    const receipt: Receipt = { id, ...input, issuedAt, hash };
-    // Attempt to register with 402Proof server (N7)
-    try {
-      await this.registerWithProofServer(receipt);
-    } catch (err) {
-      // Log but don't fail — local receipt is still valid
-      AuditLogger.getInstance().warn('proof_server_register_fail', { error: String(err), receiptId: id });
-    }
-    AuditLogger.getInstance().info('receipt_issued', { receiptId: id, tool: input.tool });
-    return receipt;
-  }
-  private async registerWithProofServer(receipt: Receipt): Promise<void> {
-    const proofUrl = process.env['PROOF402_URL'] ?? 'https://four02proof.onrender.com';
-    const res = await fetch(`${proofUrl}/v1/receipt`, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({
-        receipt_id: receipt.id,
-        tx_hash: receipt.txHash,
-        chain: receipt.chain,
-        amount: receipt.amount,
-        currency: receipt.currency,
-        tool: receipt.tool,
-        wallet: receipt.wallet,
-        issued_at: receipt.issuedAt,
-        hash: receipt.hash,
-      }),
-    });
-    if (!res.ok) {
-      throw new Error(`402Proof server returned HTTP ${res.status}`);
-    }
-  }
-}

package/src/server/payments/router.ts DELETED Viewed

@@ -1,110 +0,0 @@
-import { AuditLogger } from '../security/audit.js';
-import { BaseChain } from '../../lib/chains/base.js';
-import { XRPLChain } from '../../lib/chains/xrpl.js';
-import { SolanaChain } from '../../lib/chains/solana.js';
-export interface RouteParams {
-  amount: string;
-  currency: 'USDC' | 'RLUSD';
-  from: string;
-  to: string;
-  timeoutMs?: number;
-}
-export interface RouteResult {
-  txHash: string;
-  chain: string;
-  latencyMs: number;
-}
-// Chain preference order: cheapest/fastest first (N13)
-const CHAIN_PREFERENCE = ['base', 'xrpl', 'solana'] as const;
-export class ChainRouter {
-  private static instance: ChainRouter;
-  private constructor(
-    private readonly base = BaseChain.getInstance(),
-    private readonly xrpl = XRPLChain.getInstance(),
-    private readonly solana = SolanaChain.getInstance(),
-  ) {}
-  static getInstance(): ChainRouter {
-    if (!ChainRouter.instance) {
-      ChainRouter.instance = new ChainRouter();
-    }
-    return ChainRouter.instance;
-  }
-  async route(params: RouteParams): Promise<RouteResult> {
-    const audit = AuditLogger.getInstance();
-    const timeout = params.timeoutMs ?? 3000;
-    // For RLUSD, prefer XRPL
-    const ordered =
-      params.currency === 'RLUSD'
-        ? (['xrpl', 'base', 'solana'] as const)
-        : CHAIN_PREFERENCE;
-    const errors: string[] = [];
-    for (const chain of ordered) {
-      try {
-        const start = Date.now();
-        let txHash: string;
-        switch (chain) {
-          case 'base':
-            txHash = await this.withTimeout(
-              this.base.sendPayment(params),
-              timeout,
-              'base',
-            );
-            break;
-          case 'xrpl':
-            txHash = await this.withTimeout(
-              this.xrpl.sendPayment(params),
-              timeout,
-              'xrpl',
-            );
-            break;
-          case 'solana':
-            txHash = await this.withTimeout(
-              this.solana.sendPayment(params),
-              timeout,
-              'solana',
-            );
-            break;
-        }
-        const latencyMs = Date.now() - start;
-        audit.info('chain_route_success', { chain, latencyMs, tx: txHash });
-        return { txHash, chain, latencyMs };
-      } catch (err) {
-        const msg = String(err);
-        errors.push(`${chain}: ${msg}`);
-        audit.warn('chain_route_fail', { chain, error: msg });
-      }
-    }
-    throw new Error(`All chains failed.\n${errors.join('\n')}`);
-  }
-  private withTimeout<T>(
-    promise: Promise<T>,
-    ms: number,
-    chain: string,
-  ): Promise<T> {
-    return new Promise((resolve, reject) => {
-      const t = setTimeout(
-        () => reject(new Error(`${chain} timeout after ${ms}ms`)),
-        ms,
-      );
-      promise.then(
-        (v) => { clearTimeout(t); resolve(v); },
-        (e) => { clearTimeout(t); reject(e); },
-      );
-    });
-  }
-}

package/src/server/payments/wallet.ts DELETED Viewed

@@ -1,123 +0,0 @@
-import { AuditLogger } from '../security/audit.js';
-const KEYCHAIN_SERVICE = 'mcp-x402';
-const KEYCHAIN_ACCOUNT = 'master-seed';
-export interface WalletInfo {
-  address: string;
-  chain: 'base' | 'xrpl' | 'solana';
-}
-export class WalletManager {
-  private static instance: WalletManager;
-  private cachedAddress: string | null = null;
-  private cachedSeed: string | null = null;
-  private constructor() {}
-  static getInstance(): WalletManager {
-    if (!WalletManager.instance) {
-      WalletManager.instance = new WalletManager();
-    }
-    return WalletManager.instance;
-  }
-  // Try OS keychain; returns null if keytar is unavailable (Docker/cloud) or no entry exists.
-  private async keytarGet(): Promise<string | null> {
-    try {
-      const kt = await import('keytar');
-      return await kt.getPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT);
-    } catch {
-      return null;
-    }
-  }
-  private async keytarSet(value: string): Promise<void> {
-    try {
-      const kt = await import('keytar');
-      await kt.setPassword(KEYCHAIN_SERVICE, KEYCHAIN_ACCOUNT, value);
-    } catch {
-      // Silently skip — keytar unavailable in this environment
-    }
-  }
-  // Seed resolution priority:
-  // 1. OS keychain (local desktop — most secure)
-  // 2. WALLET_SEED env var (Render secret — cloud/Docker deployment)
-  // 3. CI_WALLET_SEED env var (CI only, never production)
-  // 4. Generate fresh and try to persist in keychain
-  async getSeed(): Promise<string> {
-    if (this.cachedSeed) return this.cachedSeed;
-    const audit = AuditLogger.getInstance();
-    let seed = await this.keytarGet();
-    if (!seed) {
-      const envSeed = process.env['WALLET_SEED'];
-      if (envSeed) {
-        seed = envSeed;
-        audit.warn('wallet_env_seed', { note: 'Using WALLET_SEED env var (cloud deployment).' });
-      } else if (process.env['CI_WALLET_SEED'] && process.env['NODE_ENV'] !== 'production') {
-        seed = process.env['CI_WALLET_SEED'];
-        audit.warn('wallet_ci_fallback', { note: 'Using CI_WALLET_SEED. NEVER do this in production.' });
-      } else {
-        const { generateMnemonic } = await import('bip39');
-        seed = generateMnemonic(256);
-        await this.keytarSet(seed);
-        audit.info('wallet_created', { note: 'New BIP-39 seed generated.' });
-      }
-    }
-    this.cachedSeed = seed;
-    return seed;
-  }
-  async getOrCreateWallet(): Promise<WalletInfo> {
-    if (this.cachedAddress) {
-      return { address: this.cachedAddress, chain: 'base' };
-    }
-    const audit = AuditLogger.getInstance();
-    const seed = await this.getSeed();
-    const address = await this.deriveAddress(seed);
-    this.cachedAddress = address;
-    audit.info('wallet_loaded', { address });
-    return { address, chain: 'base' };
-  }
-  private async deriveAddress(mnemonic: string): Promise<string> {
-    // BIP-44 deterministic derivation: m/44'/60'/0'/0/0 (Base = EVM)
-    const { mnemonicToSeedSync } = await import('bip39');
-    const { default: HDKey } = await import('hdkey');
-    const { privateKeyToAccount } = await import('viem/accounts');
-    const seed = mnemonicToSeedSync(mnemonic);
-    const hdkey = HDKey.fromMasterSeed(seed);
-    const child = hdkey.derive("m/44'/60'/0'/0/0");
-    if (!child.privateKey) {
-      throw new Error('Failed to derive private key from HD path');
-    }
-    const account = privateKeyToAccount(`0x${child.privateKey.toString('hex')}`);
-    return account.address;
-  }
-  async signPayload(payload: string): Promise<string> {
-    const mnemonic = await this.getSeed();
-    const { mnemonicToSeedSync } = await import('bip39');
-    const { default: HDKey } = await import('hdkey');
-    const { privateKeyToAccount } = await import('viem/accounts');
-    const seed = mnemonicToSeedSync(mnemonic);
-    const hdkey = HDKey.fromMasterSeed(seed);
-    const child = hdkey.derive("m/44'/60'/0'/0/0");
-    if (!child.privateKey) throw new Error('Key derivation failed');
-    const account = privateKeyToAccount(`0x${child.privateKey.toString('hex')}`);
-    return account.signMessage({ message: payload });
-  }
-}