@sip-protocol/sdk 0.4.0 → 0.5.0

package/dist/index.js

@@ -32,10 +32,14 @@ var index_exports = {};
 __export(index_exports, {
   ATTESTATION_VERSION: () => ATTESTATION_VERSION,
   AptosStealthService: () => AptosStealthService,
+  AuditorKeyDerivation: () => AuditorKeyDerivation,
+  AuditorType: () => AuditorType,
   BaseWalletAdapter: () => BaseWalletAdapter,
   CHAIN_NUMERIC_IDS: () => CHAIN_NUMERIC_IDS,
   COSMOS_CHAIN_PREFIXES: () => CHAIN_PREFIXES,
   ComplianceManager: () => ComplianceManager,
+  ComplianceReporter: () => ComplianceReporter,
+  ConditionalDisclosure: () => ConditionalDisclosure,
   CosmosStealthService: () => CosmosStealthService,
   CryptoError: () => CryptoError,
   DEFAULT_THRESHOLD: () => DEFAULT_THRESHOLD,
@@ -87,6 +91,7 @@ __export(index_exports, {
   SmartRouter: () => SmartRouter,
   SolanaWalletAdapter: () => SolanaWalletAdapter,
   SwapStatus: () => SwapStatus,
+  ThresholdViewingKey: () => ThresholdViewingKey,
   Treasury: () => Treasury,
   TrezorWalletAdapter: () => TrezorWalletAdapter,
   ValidationError: () => ValidationError,
@@ -171,6 +176,7 @@ __export(index_exports, {
   generateEd25519StealthAddress: () => generateEd25519StealthAddress,
   generateEd25519StealthMetaAddress: () => generateEd25519StealthMetaAddress,
   generateIntentId: () => generateIntentId,
+  generatePdfReport: () => generatePdfReport,
   generateRandomBytes: () => generateRandomBytes,
   generateStealthAddress: () => generateStealthAddress,
   generateStealthMetaAddress: () => generateStealthMetaAddress,
@@ -303,6 +309,14 @@ var ErrorCode = /* @__PURE__ */ ((ErrorCode2) => {
   ErrorCode2["SIGNATURE_FAILED"] = "SIP_3005";
   ErrorCode2["INVALID_CURVE_POINT"] = "SIP_3006";
   ErrorCode2["INVALID_SCALAR"] = "SIP_3007";
+  ErrorCode2["INVALID_KEY_SIZE"] = "SIP_3008";
+  ErrorCode2["INVALID_ENCRYPTED_DATA"] = "SIP_3009";
+  ErrorCode2["INVALID_COMMITMENT"] = "SIP_3010";
+  ErrorCode2["INVALID_TIME_LOCK"] = "SIP_3011";
+  ErrorCode2["INVALID_SHARE"] = "SIP_3012";
+  ErrorCode2["INVALID_THRESHOLD"] = "SIP_3013";
+  ErrorCode2["CRYPTO_OPERATION_FAILED"] = "SIP_3014";
+  ErrorCode2["INVALID_FORMAT"] = "SIP_3015";
   ErrorCode2["PROOF_FAILED"] = "SIP_4000";
   ErrorCode2["PROOF_GENERATION_FAILED"] = "SIP_4001";
   ErrorCode2["PROOF_VERIFICATION_FAILED"] = "SIP_4002";
@@ -8952,6 +8966,79 @@ var ComplianceManager = class _ComplianceManager {
   getAllReports() {
     return Array.from(this.reports.values());
   }
+  // ─── Dashboard Data API ──────────────────────────────────────────────────────
+  /**
+   * Get list of auditors for dashboard UI
+   *
+   * Returns a simplified view of auditors with essential info.
+   * Alias for getAllAuditors() but returns AuditorRegistration directly.
+   *
+   * @returns Array of auditor registrations
+   */
+  getAuditorList() {
+    return this.getAllAuditors();
+  }
+  /**
+   * Get pending disclosure requests for dashboard
+   *
+   * Returns disclosure requests waiting for approval/denial.
+   * This is for disclosure REQUESTS, not disclosed transactions.
+   *
+   * @returns Array of pending disclosure requests
+   */
+  getPendingDisclosures() {
+    return this.getPendingRequests();
+  }
+  /**
+   * Get disclosure history for a specific auditor
+   *
+   * Returns all disclosed transactions that were shared with this auditor,
+   * sorted by disclosure date (most recent first).
+   *
+   * @param auditorId - Auditor ID to get history for
+   * @returns Array of disclosed transactions for this auditor
+   */
+  getDisclosureHistory(auditorId) {
+    return this.getDisclosedTransactions(auditorId).sort((a, b) => b.disclosedAt - a.disclosedAt);
+  }
+  /**
+   * Get compliance metrics for dashboard
+   *
+   * Calculates key compliance metrics including:
+   * - Total auditors (active + inactive)
+   * - Total disclosures made
+   * - Pending disclosure requests
+   * - Approval rate (approved / total resolved requests)
+   * - Average processing time for disclosure requests
+   *
+   * @returns Compliance metrics object
+   */
+  getComplianceMetrics() {
+    const allAuditors = this.getAllAuditors();
+    const allDisclosures = this.getDisclosedTransactions();
+    const pendingRequests = this.getPendingRequests();
+    const allRequests = Array.from(this.disclosureRequests.values());
+    const resolvedRequests = allRequests.filter((r) => r.status !== "pending");
+    const approvedRequests = resolvedRequests.filter((r) => r.status === "approved");
+    const approvalRate = resolvedRequests.length > 0 ? approvedRequests.length / resolvedRequests.length : 0;
+    let averageProcessingTime;
+    if (resolvedRequests.length > 0) {
+      const totalProcessingTime = resolvedRequests.reduce((sum, req) => {
+        if (req.resolvedAt) {
+          return sum + (req.resolvedAt - req.requestedAt);
+        }
+        return sum;
+      }, 0);
+      averageProcessingTime = totalProcessingTime / resolvedRequests.length;
+    }
+    return {
+      totalAuditors: allAuditors.length,
+      totalDisclosures: allDisclosures.length,
+      pendingDisclosures: pendingRequests.length,
+      approvalRate,
+      averageProcessingTime
+    };
+  }
   // ─── Audit Log ───────────────────────────────────────────────────────────────
   /**
    * Get audit log entries
@@ -9150,147 +9237,1767 @@ var ComplianceManager = class _ComplianceManager {
         highRisk,
         flaggedTransactions: flagged
       }
-    };
-    if (includeTransactions) {
-      data.transactions = transactions;
+    };
+    if (includeTransactions) {
+      data.transactions = transactions;
+    }
+    return data;
+  }
+  generateCSV(transactions) {
+    const headers = [
+      "Transaction ID",
+      "Disclosure ID",
+      "Type",
+      "Direction",
+      "Token",
+      "Amount",
+      "Sender",
+      "Recipient",
+      "Chain",
+      "Privacy Level",
+      "Timestamp",
+      "TX Hash",
+      "Block",
+      "Risk Score",
+      "Purpose",
+      "Memo"
+    ];
+    const rows = transactions.map((tx) => [
+      tx.transactionId,
+      tx.disclosureId,
+      tx.type,
+      tx.direction,
+      tx.token.symbol,
+      tx.amount.toString(),
+      tx.sender,
+      tx.recipient,
+      tx.chain,
+      tx.privacyLevel,
+      new Date(tx.timestamp * 1e3).toISOString(),
+      tx.txHash,
+      tx.blockNumber.toString(),
+      tx.riskScore?.toString() ?? "",
+      tx.purpose ?? "",
+      tx.memo ?? ""
+    ]);
+    const escapeForCSV = (val) => {
+      let escaped = val;
+      if (/^[=+\-@|\t]/.test(escaped)) {
+        escaped = `'${escaped}`;
+      }
+      return `"${escaped.replace(/"/g, '""')}"`;
+    };
+    const csvRows = [headers, ...rows].map((row) => row.map(escapeForCSV).join(","));
+    return csvRows.join("\n");
+  }
+};
+function generateId(prefix) {
+  return `${prefix}_${(0, import_utils20.bytesToHex)((0, import_utils20.randomBytes)(12))}`;
+}
+function validateRegisterAuditorParams(params) {
+  if (!params.organization?.trim()) {
+    throw new ValidationError(
+      "organization is required",
+      "organization",
+      void 0,
+      "SIP_2008" /* MISSING_REQUIRED */
+    );
+  }
+  if (!params.contactName?.trim()) {
+    throw new ValidationError(
+      "contact name is required",
+      "contactName",
+      void 0,
+      "SIP_2008" /* MISSING_REQUIRED */
+    );
+  }
+  if (!params.contactEmail?.trim()) {
+    throw new ValidationError(
+      "contact email is required",
+      "contactEmail",
+      void 0,
+      "SIP_2008" /* MISSING_REQUIRED */
+    );
+  }
+  if (!params.publicKey?.trim()) {
+    throw new ValidationError(
+      "public key is required",
+      "publicKey",
+      void 0,
+      "SIP_2008" /* MISSING_REQUIRED */
+    );
+  }
+  if (!params.scope) {
+    throw new ValidationError(
+      "audit scope is required",
+      "scope",
+      void 0,
+      "SIP_2008" /* MISSING_REQUIRED */
+    );
+  }
+}
+function validateReportParams(params) {
+  if (!params.title?.trim()) {
+    throw new ValidationError(
+      "report title is required",
+      "title",
+      void 0,
+      "SIP_2008" /* MISSING_REQUIRED */
+    );
+  }
+  if (!params.type) {
+    throw new ValidationError(
+      "report type is required",
+      "type",
+      void 0,
+      "SIP_2008" /* MISSING_REQUIRED */
+    );
+  }
+  if (!params.format) {
+    throw new ValidationError(
+      "report format is required",
+      "format",
+      void 0,
+      "SIP_2008" /* MISSING_REQUIRED */
+    );
+  }
+  if (params.startDate === void 0 || params.startDate === null || params.endDate === void 0 || params.endDate === null) {
+    throw new ValidationError(
+      "date range is required",
+      "dateRange",
+      void 0,
+      "SIP_2008" /* MISSING_REQUIRED */
+    );
+  }
+  if (params.startDate >= params.endDate) {
+    throw new ValidationError(
+      "start date must be before end date",
+      "dateRange",
+      void 0,
+      "SIP_2001" /* INVALID_INPUT */
+    );
+  }
+}
+
+// src/compliance/reports.ts
+var import_sha25615 = require("@noble/hashes/sha256");
+var import_utils21 = require("@noble/hashes/utils");
+
+// src/compliance/pdf.ts
+function generatePdfReport(report, options = {}) {
+  const {
+    title = "SIP Protocol Audit Report",
+    organization = "",
+    includeTransactions = true,
+    maxTransactions = 100
+  } = options;
+  const content = buildPdfContent(report, {
+    title,
+    organization,
+    includeTransactions,
+    maxTransactions
+  });
+  return generatePdfBinary(content, title);
+}
+function buildPdfContent(report, options) {
+  const lines = [];
+  lines.push(options.title);
+  if (options.organization && options.organization.trim() !== "") {
+    lines.push(`Organization: ${options.organization}`);
+  }
+  lines.push(`Report ID: ${report.reportId}`);
+  lines.push(
+    `Generated: ${report.generatedAt.toISOString().replace("T", " ").slice(0, 19)} UTC`
+  );
+  lines.push("");
+  lines.push("Report Period");
+  lines.push(`  Start: ${formatDate(report.period.start)}`);
+  lines.push(`  End:   ${formatDate(report.period.end)}`);
+  lines.push("");
+  lines.push("Summary Statistics");
+  lines.push(`  Total Transactions: ${report.summary.transactionCount}`);
+  lines.push(
+    `  Total Volume: ${formatBigInt(report.summary.totalVolume)}`
+  );
+  lines.push(
+    `  Unique Counterparties: ${report.summary.uniqueCounterparties}`
+  );
+  lines.push("");
+  if (options.includeTransactions && report.transactions.length > 0) {
+    lines.push("Transaction Details");
+    lines.push("");
+    const txToShow = Math.min(
+      report.transactions.length,
+      options.maxTransactions
+    );
+    for (let i = 0; i < txToShow; i++) {
+      const tx = report.transactions[i];
+      lines.push(`Transaction ${i + 1}/${report.transactions.length}`);
+      lines.push(`  ID: ${tx.id}`);
+      lines.push(`  Sender: ${truncateAddress(tx.sender)}`);
+      lines.push(`  Recipient: ${truncateAddress(tx.recipient)}`);
+      lines.push(`  Amount: ${formatAmount(tx.amount)}`);
+      lines.push(
+        `  Timestamp: ${formatTimestamp(tx.timestamp)}`
+      );
+      if (tx.txHash) {
+        lines.push(`  Tx Hash: ${truncateHash(tx.txHash)}`);
+      }
+      if (tx.metadata && Object.keys(tx.metadata).length > 0) {
+        lines.push(`  Metadata: ${JSON.stringify(tx.metadata)}`);
+      }
+      lines.push("");
+    }
+    if (report.transactions.length > options.maxTransactions) {
+      lines.push(
+        `... and ${report.transactions.length - options.maxTransactions} more transactions`
+      );
+      lines.push("");
+    }
+  }
+  lines.push("---");
+  lines.push(
+    "This report was generated by SIP Protocol compliance tools."
+  );
+  lines.push("For verification, please contact your compliance officer.");
+  return lines.join("\n");
+}
+function generatePdfBinary(content, title) {
+  const objects = [];
+  objects.push(
+    "1 0 obj\n<< /Type /Catalog /Pages 2 0 R >>\nendobj"
+  );
+  objects.push(
+    "2 0 obj\n<< /Type /Pages /Kids [3 0 R] /Count 1 >>\nendobj"
+  );
+  objects.push(
+    "3 0 obj\n<< /Type /Page /Parent 2 0 R /Resources 4 0 R /MediaBox [0 0 612 792] /Contents 5 0 R >>\nendobj"
+  );
+  objects.push(
+    "4 0 obj\n<< /Font << /F1 << /Type /Font /Subtype /Type1 /BaseFont /Courier >> >> >>\nendobj"
+  );
+  const contentStream = buildContentStream(content);
+  objects.push(
+    `5 0 obj
+<< /Length ${contentStream.length} >>
+stream
+${contentStream}
+endstream
+endobj`
+  );
+  const now = /* @__PURE__ */ new Date();
+  const pdfDate = formatPdfDate(now);
+  objects.push(
+    `6 0 obj
+<< /Title (${title}) /Author (SIP Protocol) /Creator (SIP SDK) /CreationDate (${pdfDate}) >>
+endobj`
+  );
+  const pdfParts = [];
+  pdfParts.push("%PDF-1.4\n%\xE2\xE3\xCF\xD3\n");
+  const xrefOffsets = [0];
+  let currentOffset = pdfParts.join("").length;
+  for (const obj of objects) {
+    xrefOffsets.push(currentOffset);
+    pdfParts.push(obj + "\n");
+    currentOffset = pdfParts.join("").length;
+  }
+  const xrefStart = currentOffset;
+  pdfParts.push("xref\n");
+  pdfParts.push(`0 ${xrefOffsets.length}
+`);
+  for (let i = 0; i < xrefOffsets.length; i++) {
+    if (i === 0) {
+      pdfParts.push("0000000000 65535 f \n");
+    } else {
+      const offset = String(xrefOffsets[i]).padStart(10, "0");
+      pdfParts.push(`${offset} 00000 n 
+`);
+    }
+  }
+  pdfParts.push("trailer\n");
+  pdfParts.push(
+    `<< /Size ${xrefOffsets.length} /Root 1 0 R /Info 6 0 R >>
+`
+  );
+  pdfParts.push("startxref\n");
+  pdfParts.push(`${xrefStart}
+`);
+  pdfParts.push("%%EOF");
+  const pdfString = pdfParts.join("");
+  const encoder = new TextEncoder();
+  return encoder.encode(pdfString);
+}
+function buildContentStream(text) {
+  const lines = text.split("\n");
+  const commands = [];
+  commands.push("BT");
+  commands.push("/F1 10 Tf");
+  commands.push("12 TL");
+  let y = 742;
+  for (const line of lines) {
+    commands.push(`50 ${y} Td`);
+    const escaped = escapePdfString(line);
+    commands.push(`(${escaped}) Tj`);
+    y -= 12;
+    if (y < 50) {
+      break;
+    }
+  }
+  commands.push("ET");
+  return commands.join("\n");
+}
+function escapePdfString(str) {
+  return str.replace(/\\/g, "\\\\").replace(/\(/g, "\\(").replace(/\)/g, "\\)").replace(/\r/g, "\\r").replace(/\n/g, "\\n");
+}
+function formatPdfDate(date) {
+  const year = date.getUTCFullYear();
+  const month = String(date.getUTCMonth() + 1).padStart(2, "0");
+  const day = String(date.getUTCDate()).padStart(2, "0");
+  const hour = String(date.getUTCHours()).padStart(2, "0");
+  const minute = String(date.getUTCMinutes()).padStart(2, "0");
+  const second = String(date.getUTCSeconds()).padStart(2, "0");
+  return `D:${year}${month}${day}${hour}${minute}${second}Z`;
+}
+function formatDate(date) {
+  return date.toISOString().split("T")[0];
+}
+function formatBigInt(value) {
+  return value.toString().replace(/\B(?=(\d{3})+(?!\d))/g, ",");
+}
+function formatAmount(amount) {
+  try {
+    const num = BigInt(amount);
+    return formatBigInt(num);
+  } catch {
+    return amount;
+  }
+}
+function formatTimestamp(timestamp) {
+  const date = new Date(timestamp * 1e3);
+  return date.toISOString().replace("T", " ").slice(0, 19) + " UTC";
+}
+function truncateAddress(address) {
+  if (address.length <= 12) {
+    return address;
+  }
+  return `${address.slice(0, 6)}...${address.slice(-4)}`;
+}
+function truncateHash(hash2) {
+  if (hash2.length <= 16) {
+    return hash2;
+  }
+  return `${hash2.slice(0, 8)}...${hash2.slice(-8)}`;
+}
+
+// src/compliance/reports.ts
+var ComplianceReporter = class {
+  /**
+   * Generate an audit report from encrypted transactions
+   *
+   * Decrypts transactions using the provided viewing key, filters by date range,
+   * and generates a comprehensive report with summary statistics.
+   *
+   * @param params - Report generation parameters
+   * @returns Audit report with decrypted transactions and statistics
+   * @throws {ValidationError} If parameters are invalid
+   * @throws {CryptoError} If decryption fails
+   */
+  async generateAuditReport(params) {
+    this.validateParams(params);
+    const viewingKey = this.normalizeViewingKey(params.viewingKey);
+    const decryptedTransactions = this.decryptTransactions(
+      params.transactions,
+      viewingKey,
+      params.startDate,
+      params.endDate
+    );
+    const summary = this.calculateSummary(decryptedTransactions);
+    const period = this.determinePeriod(
+      decryptedTransactions,
+      params.startDate,
+      params.endDate
+    );
+    const reportId = `audit_${generateRandomBytes(16).slice(2)}`;
+    return {
+      reportId,
+      generatedAt: /* @__PURE__ */ new Date(),
+      period,
+      transactions: decryptedTransactions,
+      summary
+    };
+  }
+  /**
+   * Validate report generation parameters
+   */
+  validateParams(params) {
+    if (!params.viewingKey) {
+      throw new ValidationError(
+        "viewingKey is required",
+        "viewingKey",
+        void 0,
+        "SIP_2008" /* MISSING_REQUIRED */
+      );
+    }
+    if (!params.transactions) {
+      throw new ValidationError(
+        "transactions array is required",
+        "transactions",
+        void 0,
+        "SIP_2008" /* MISSING_REQUIRED */
+      );
+    }
+    if (!Array.isArray(params.transactions)) {
+      throw new ValidationError(
+        "transactions must be an array",
+        "transactions",
+        { received: typeof params.transactions },
+        "SIP_2001" /* INVALID_INPUT */
+      );
+    }
+    if (params.format !== "json" && params.format !== "pdf") {
+      throw new ValidationError(
+        "only JSON and PDF formats are supported",
+        "format",
+        { received: params.format },
+        "SIP_2001" /* INVALID_INPUT */
+      );
+    }
+    if (params.startDate && params.endDate) {
+      if (params.startDate > params.endDate) {
+        throw new ValidationError(
+          "startDate must be before endDate",
+          "startDate",
+          {
+            startDate: params.startDate.toISOString(),
+            endDate: params.endDate.toISOString()
+          },
+          "SIP_2001" /* INVALID_INPUT */
+        );
+      }
+    }
+  }
+  /**
+   * Normalize viewing key to ViewingKey object
+   */
+  normalizeViewingKey(viewingKey) {
+    if (typeof viewingKey === "string") {
+      const keyHex = viewingKey.startsWith("0x") ? viewingKey.slice(2) : viewingKey;
+      const keyBytes = (0, import_utils21.hexToBytes)(keyHex);
+      const hashBytes = (0, import_sha25615.sha256)(keyBytes);
+      return {
+        key: `0x${keyHex}`,
+        path: "m/0",
+        hash: `0x${(0, import_utils21.bytesToHex)(hashBytes)}`
+      };
+    }
+    return viewingKey;
+  }
+  /**
+   * Decrypt transactions and filter by date range
+   */
+  decryptTransactions(encrypted, viewingKey, startDate, endDate) {
+    const decrypted = [];
+    const errors = [];
+    for (let i = 0; i < encrypted.length; i++) {
+      try {
+        const txData = decryptWithViewing(encrypted[i], viewingKey);
+        if (startDate || endDate) {
+          const txDate = new Date(txData.timestamp * 1e3);
+          if (startDate && txDate < startDate) {
+            continue;
+          }
+          if (endDate && txDate > endDate) {
+            continue;
+          }
+        }
+        decrypted.push({
+          id: `tx_${i}`,
+          sender: txData.sender,
+          recipient: txData.recipient,
+          amount: txData.amount,
+          timestamp: txData.timestamp
+        });
+      } catch (error) {
+        errors.push({ index: i, error });
+      }
+    }
+    if (decrypted.length === 0 && encrypted.length > 0) {
+      throw new CryptoError(
+        `Failed to decrypt any transactions. First error: ${errors[0]?.error.message}`,
+        "SIP_3002" /* DECRYPTION_FAILED */,
+        {
+          context: {
+            totalTransactions: encrypted.length,
+            failedCount: errors.length
+          }
+        }
+      );
+    }
+    return decrypted;
+  }
+  /**
+   * Calculate summary statistics
+   */
+  calculateSummary(transactions) {
+    let totalVolume = 0n;
+    const counterparties = /* @__PURE__ */ new Set();
+    for (const tx of transactions) {
+      try {
+        const amount = BigInt(tx.amount);
+        totalVolume += amount;
+      } catch (error) {
+        console.warn(`Skipping invalid amount in transaction ${tx.id}: ${tx.amount}`);
+      }
+      counterparties.add(tx.sender);
+      counterparties.add(tx.recipient);
+    }
+    return {
+      totalVolume,
+      transactionCount: transactions.length,
+      uniqueCounterparties: counterparties.size
+    };
+  }
+  /**
+   * Determine report period from transactions and params
+   */
+  determinePeriod(transactions, startDate, endDate) {
+    if (startDate && endDate) {
+      return { start: startDate, end: endDate };
+    }
+    if (transactions.length === 0) {
+      const now = /* @__PURE__ */ new Date();
+      return { start: now, end: now };
+    }
+    let minTimestamp = transactions[0].timestamp;
+    let maxTimestamp = transactions[0].timestamp;
+    for (const tx of transactions) {
+      if (tx.timestamp < minTimestamp) {
+        minTimestamp = tx.timestamp;
+      }
+      if (tx.timestamp > maxTimestamp) {
+        maxTimestamp = tx.timestamp;
+      }
+    }
+    return {
+      start: startDate || new Date(minTimestamp * 1e3),
+      end: endDate || new Date(maxTimestamp * 1e3)
+    };
+  }
+  /**
+   * Export audit report to PDF format
+   *
+   * Generates a professionally formatted PDF document from an audit report.
+   * Works in both Node.js and browser environments.
+   *
+   * @param report - The audit report to export
+   * @param options - PDF export options
+   * @returns PDF document as Uint8Array
+   *
+   * @example
+   * ```typescript
+   * const reporter = new ComplianceReporter()
+   * const report = await reporter.generateAuditReport({...})
+   *
+   * const pdfBytes = reporter.exportToPdf(report, {
+   *   title: 'Q1 2025 Audit Report',
+   *   organization: 'ACME Corp',
+   * })
+   *
+   * // Save to file (Node.js)
+   * fs.writeFileSync('report.pdf', pdfBytes)
+   * ```
+   */
+  exportToPdf(report, options) {
+    return generatePdfReport(report, options);
+  }
+  /**
+   * Export transactions to regulatory compliance formats
+   *
+   * Decrypts and exports transactions in formats required by regulators:
+   * - FATF: Financial Action Task Force Travel Rule format
+   * - FINCEN: FinCEN Suspicious Activity Report (SAR) format
+   * - CSV: Generic comma-separated values format
+   *
+   * @param params - Export parameters
+   * @returns Regulatory export in the specified format
+   * @throws {ValidationError} If parameters are invalid
+   * @throws {CryptoError} If decryption fails
+   *
+   * @example
+   * ```typescript
+   * const reporter = new ComplianceReporter()
+   *
+   * // FATF Travel Rule export
+   * const fatfExport = await reporter.exportForRegulator({
+   *   viewingKey: myViewingKey,
+   *   transactions: encryptedTxs,
+   *   jurisdiction: 'EU',
+   *   format: 'FATF',
+   *   currency: 'EUR',
+   * })
+   *
+   * // FINCEN SAR export (US only)
+   * const fincenExport = await reporter.exportForRegulator({
+   *   viewingKey: myViewingKey,
+   *   transactions: suspiciousTxs,
+   *   jurisdiction: 'US',
+   *   format: 'FINCEN',
+   * })
+   *
+   * // CSV export
+   * const csvExport = await reporter.exportForRegulator({
+   *   viewingKey: myViewingKey,
+   *   transactions: encryptedTxs,
+   *   jurisdiction: 'SG',
+   *   format: 'CSV',
+   * })
+   * ```
+   */
+  async exportForRegulator(params) {
+    this.validateRegulatoryParams(params);
+    const viewingKey = this.normalizeViewingKey(params.viewingKey);
+    const decryptedTransactions = this.decryptTransactions(
+      params.transactions,
+      viewingKey,
+      params.startDate,
+      params.endDate
+    );
+    const reportId = `reg_${generateRandomBytes(16).slice(2)}`;
+    switch (params.format) {
+      case "FATF":
+        return this.exportToFATF(
+          reportId,
+          decryptedTransactions,
+          params.jurisdiction,
+          params.currency || "USD"
+        );
+      case "FINCEN":
+        return this.exportToFINCEN(
+          reportId,
+          decryptedTransactions,
+          params.startDate,
+          params.endDate,
+          params.currency || "USD"
+        );
+      case "CSV":
+        return this.exportToCSV(
+          reportId,
+          decryptedTransactions,
+          params.jurisdiction,
+          params.currency || "USD"
+        );
+      default:
+        throw new ValidationError(
+          `unsupported format: ${params.format}`,
+          "format",
+          { received: params.format },
+          "SIP_2001" /* INVALID_INPUT */
+        );
+    }
+  }
+  /**
+   * Validate regulatory export parameters
+   */
+  validateRegulatoryParams(params) {
+    if (!params.viewingKey) {
+      throw new ValidationError(
+        "viewingKey is required",
+        "viewingKey",
+        void 0,
+        "SIP_2008" /* MISSING_REQUIRED */
+      );
+    }
+    if (!params.transactions) {
+      throw new ValidationError(
+        "transactions array is required",
+        "transactions",
+        void 0,
+        "SIP_2008" /* MISSING_REQUIRED */
+      );
+    }
+    if (!Array.isArray(params.transactions)) {
+      throw new ValidationError(
+        "transactions must be an array",
+        "transactions",
+        { received: typeof params.transactions },
+        "SIP_2001" /* INVALID_INPUT */
+      );
+    }
+    if (!params.jurisdiction) {
+      throw new ValidationError(
+        "jurisdiction is required",
+        "jurisdiction",
+        void 0,
+        "SIP_2008" /* MISSING_REQUIRED */
+      );
+    }
+    const validJurisdictions = ["US", "EU", "UK", "SG"];
+    if (!validJurisdictions.includes(params.jurisdiction)) {
+      throw new ValidationError(
+        `invalid jurisdiction. Must be one of: ${validJurisdictions.join(", ")}`,
+        "jurisdiction",
+        { received: params.jurisdiction },
+        "SIP_2001" /* INVALID_INPUT */
+      );
+    }
+    if (!params.format) {
+      throw new ValidationError(
+        "format is required",
+        "format",
+        void 0,
+        "SIP_2008" /* MISSING_REQUIRED */
+      );
+    }
+    const validFormats = ["FATF", "FINCEN", "CSV"];
+    if (!validFormats.includes(params.format)) {
+      throw new ValidationError(
+        `invalid format. Must be one of: ${validFormats.join(", ")}`,
+        "format",
+        { received: params.format },
+        "SIP_2001" /* INVALID_INPUT */
+      );
+    }
+    if (params.format === "FINCEN" && params.jurisdiction !== "US") {
+      throw new ValidationError(
+        "FINCEN format is only available for US jurisdiction",
+        "format",
+        { jurisdiction: params.jurisdiction, format: params.format },
+        "SIP_2001" /* INVALID_INPUT */
+      );
+    }
+    if (params.startDate && params.endDate) {
+      if (params.startDate > params.endDate) {
+        throw new ValidationError(
+          "startDate must be before endDate",
+          "startDate",
+          {
+            startDate: params.startDate.toISOString(),
+            endDate: params.endDate.toISOString()
+          },
+          "SIP_2001" /* INVALID_INPUT */
+        );
+      }
+    }
+  }
+  /**
+   * Export to FATF Travel Rule format
+   */
+  exportToFATF(reportId, transactions, jurisdiction, currency) {
+    const fatfTransactions = transactions.map((tx) => ({
+      originatorAccount: tx.sender,
+      beneficiaryAccount: tx.recipient,
+      amount: tx.amount,
+      currency,
+      transactionRef: tx.id,
+      timestamp: new Date(tx.timestamp * 1e3).toISOString()
+    }));
+    return {
+      reportId,
+      generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      jurisdiction,
+      transactions: fatfTransactions
+    };
+  }
+  /**
+   * Export to FINCEN SAR format
+   */
+  exportToFINCEN(reportId, transactions, startDate, endDate, currency = "USD") {
+    let totalAmount = 0n;
+    for (const tx of transactions) {
+      try {
+        totalAmount += BigInt(tx.amount);
+      } catch (error) {
+      }
+    }
+    const period = this.determinePeriod(transactions, startDate, endDate);
+    const fincenTransactions = transactions.map((tx) => ({
+      transactionDate: new Date(tx.timestamp * 1e3).toISOString(),
+      amount: tx.amount,
+      currency,
+      narrativeSummary: `Transfer from ${tx.sender} to ${tx.recipient}`,
+      transactionRef: tx.id,
+      parties: {
+        sender: tx.sender,
+        recipient: tx.recipient
+      }
+    }));
+    return {
+      reportId,
+      filingType: "SAR",
+      reportDate: (/* @__PURE__ */ new Date()).toISOString(),
+      jurisdiction: "US",
+      summary: {
+        transactionCount: transactions.length,
+        totalAmount: totalAmount.toString(),
+        period: {
+          start: period.start.toISOString(),
+          end: period.end.toISOString()
+        }
+      },
+      transactions: fincenTransactions
+    };
+  }
+  /**
+   * Export to CSV format
+   */
+  exportToCSV(reportId, transactions, jurisdiction, currency) {
+    const headers = [
+      "Transaction ID",
+      "Timestamp",
+      "Sender",
+      "Recipient",
+      "Amount",
+      "Currency"
+    ];
+    const rows = transactions.map((tx) => [
+      tx.id,
+      new Date(tx.timestamp * 1e3).toISOString(),
+      tx.sender,
+      tx.recipient,
+      tx.amount,
+      currency
+    ]);
+    return {
+      reportId,
+      generatedAt: (/* @__PURE__ */ new Date()).toISOString(),
+      jurisdiction,
+      headers,
+      rows
+    };
+  }
+};
+
+// src/compliance/conditional.ts
+var import_sha25616 = require("@noble/hashes/sha256");
+var import_utils22 = require("@noble/hashes/utils");
+var import_chacha3 = require("@noble/ciphers/chacha.js");
+var ConditionalDisclosure = class {
+  /**
+   * Create a time-locked disclosure
+   *
+   * Encrypts the viewing key with a deterministic key derived from
+   * the commitment and reveal time. The key can only be reconstructed
+   * after the specified time/block height.
+   *
+   * @param params - Time-lock parameters
+   * @returns Time-lock result with encrypted key
+   * @throws {ValidationError} If parameters are invalid
+   * @throws {CryptoError} If encryption fails
+   */
+  createTimeLocked(params) {
+    if (!params.viewingKey || !params.viewingKey.startsWith("0x")) {
+      throw new ValidationError(
+        "Invalid viewing key format",
+        "viewingKey",
+        { viewingKey: params.viewingKey },
+        "SIP_2006" /* INVALID_KEY */
+      );
+    }
+    if (!params.commitment || !params.commitment.startsWith("0x")) {
+      throw new ValidationError(
+        "Invalid commitment format",
+        "commitment",
+        { commitment: params.commitment },
+        "SIP_3010" /* INVALID_COMMITMENT */
+      );
+    }
+    let revealAfterSeconds;
+    let type;
+    if (params.revealAfter instanceof Date) {
+      revealAfterSeconds = Math.floor(params.revealAfter.getTime() / 1e3);
+      type = "timestamp";
+    } else if (typeof params.revealAfter === "number") {
+      if (params.revealAfter > 1e10) {
+        revealAfterSeconds = Math.floor(params.revealAfter / 1e3);
+        type = "timestamp";
+      } else {
+        revealAfterSeconds = params.revealAfter;
+        type = "blockheight";
+      }
+      if (revealAfterSeconds <= 0) {
+        throw new ValidationError(
+          "Reveal time/block height must be positive",
+          "revealAfter",
+          { revealAfter: revealAfterSeconds },
+          "SIP_3011" /* INVALID_TIME_LOCK */
+        );
+      }
+    } else {
+      throw new ValidationError(
+        "Invalid revealAfter type (must be Date or number)",
+        "revealAfter",
+        { revealAfter: params.revealAfter },
+        "SIP_3011" /* INVALID_TIME_LOCK */
+      );
+    }
+    try {
+      const encryptionKey = this._deriveEncryptionKey(
+        params.commitment,
+        revealAfterSeconds
+      );
+      const nonce = (0, import_utils22.randomBytes)(24);
+      const viewingKeyBytes = (0, import_utils22.hexToBytes)(params.viewingKey.slice(2));
+      const cipher = (0, import_chacha3.xchacha20poly1305)(encryptionKey, nonce);
+      const encryptedKey = cipher.encrypt(viewingKeyBytes);
+      const commitmentData = new Uint8Array([
+        ...viewingKeyBytes,
+        ...this._numberToBytes(revealAfterSeconds)
+      ]);
+      const commitmentHash = (0, import_sha25616.sha256)(commitmentData);
+      return {
+        encryptedKey: "0x" + (0, import_utils22.bytesToHex)(encryptedKey),
+        nonce: "0x" + (0, import_utils22.bytesToHex)(nonce),
+        revealAfter: revealAfterSeconds,
+        verificationCommitment: "0x" + (0, import_utils22.bytesToHex)(commitmentHash),
+        encryptionCommitment: params.commitment,
+        type
+      };
+    } catch (error) {
+      if (error instanceof ValidationError) {
+        throw error;
+      }
+      throw new CryptoError(
+        "Failed to create time-locked disclosure",
+        "SIP_3001" /* ENCRYPTION_FAILED */,
+        {
+          cause: error instanceof Error ? error : void 0,
+          operation: "createTimeLocked"
+        }
+      );
+    }
+  }
+  /**
+   * Check if a time-lock is unlocked and retrieve the viewing key
+   *
+   * @param timeLock - Time-lock result to check
+   * @param currentTimeOrBlock - Current time (Date/number) or block height (number)
+   * @returns Unlock result with viewing key if unlocked
+   * @throws {ValidationError} If time-lock format is invalid
+   * @throws {CryptoError} If decryption fails
+   */
+  checkUnlocked(timeLock, currentTimeOrBlock) {
+    if (!timeLock.encryptedKey || !timeLock.encryptedKey.startsWith("0x")) {
+      throw new ValidationError(
+        "Invalid encrypted key format",
+        "encryptedKey",
+        { encryptedKey: timeLock.encryptedKey },
+        "SIP_3009" /* INVALID_ENCRYPTED_DATA */
+      );
+    }
+    if (!timeLock.nonce || !timeLock.nonce.startsWith("0x")) {
+      throw new ValidationError(
+        "Invalid nonce format",
+        "nonce",
+        { nonce: timeLock.nonce },
+        "SIP_3009" /* INVALID_ENCRYPTED_DATA */
+      );
+    }
+    if (!timeLock.verificationCommitment || !timeLock.verificationCommitment.startsWith("0x")) {
+      throw new ValidationError(
+        "Invalid verification commitment format",
+        "verificationCommitment",
+        { commitment: timeLock.verificationCommitment },
+        "SIP_3010" /* INVALID_COMMITMENT */
+      );
+    }
+    if (!timeLock.encryptionCommitment || !timeLock.encryptionCommitment.startsWith("0x")) {
+      throw new ValidationError(
+        "Invalid encryption commitment format",
+        "encryptionCommitment",
+        { commitment: timeLock.encryptionCommitment },
+        "SIP_3010" /* INVALID_COMMITMENT */
+      );
+    }
+    let currentValue;
+    if (currentTimeOrBlock instanceof Date) {
+      currentValue = Math.floor(currentTimeOrBlock.getTime() / 1e3);
+    } else if (typeof currentTimeOrBlock === "number") {
+      currentValue = currentTimeOrBlock;
+    } else {
+      currentValue = Math.floor(Date.now() / 1e3);
+    }
+    const unlocked = currentValue >= timeLock.revealAfter;
+    if (!unlocked) {
+      return { unlocked: false };
+    }
+    try {
+      const encryptionKey = this._deriveEncryptionKey(
+        timeLock.encryptionCommitment,
+        timeLock.revealAfter
+      );
+      const nonce = (0, import_utils22.hexToBytes)(timeLock.nonce.slice(2));
+      const encryptedData = (0, import_utils22.hexToBytes)(timeLock.encryptedKey.slice(2));
+      const cipher = (0, import_chacha3.xchacha20poly1305)(encryptionKey, nonce);
+      const decryptedBytes = cipher.decrypt(encryptedData);
+      const viewingKey = "0x" + (0, import_utils22.bytesToHex)(decryptedBytes);
+      return {
+        unlocked: true,
+        viewingKey
+      };
+    } catch (error) {
+      if (error instanceof ValidationError || error instanceof CryptoError) {
+        throw error;
+      }
+      throw new CryptoError(
+        "Failed to decrypt time-locked viewing key",
+        "SIP_3002" /* DECRYPTION_FAILED */,
+        {
+          cause: error instanceof Error ? error : void 0,
+          operation: "checkUnlocked"
+        }
+      );
+    }
+  }
+  /**
+   * Verify a time-lock commitment
+   *
+   * Verifies that the verification commitment in the time-lock matches the hash
+   * of the provided viewing key and reveal time.
+   *
+   * @param timeLock - Time-lock to verify
+   * @param viewingKey - Viewing key to verify against
+   * @returns True if commitment is valid
+   */
+  verifyCommitment(timeLock, viewingKey) {
+    try {
+      const viewingKeyBytes = (0, import_utils22.hexToBytes)(viewingKey.slice(2));
+      const commitmentData = new Uint8Array([
+        ...viewingKeyBytes,
+        ...this._numberToBytes(timeLock.revealAfter)
+      ]);
+      const expectedCommitment = (0, import_sha25616.sha256)(commitmentData);
+      const actualCommitment = (0, import_utils22.hexToBytes)(timeLock.verificationCommitment.slice(2));
+      if (expectedCommitment.length !== actualCommitment.length) {
+        return false;
+      }
+      let diff = 0;
+      for (let i = 0; i < expectedCommitment.length; i++) {
+        diff |= expectedCommitment[i] ^ actualCommitment[i];
+      }
+      return diff === 0;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Derive deterministic encryption key from commitment and reveal time
+   *
+   * @private
+   */
+  _deriveEncryptionKey(commitment, revealAfter) {
+    const commitmentBytes = (0, import_utils22.hexToBytes)(commitment.slice(2));
+    const timeBytes = this._numberToBytes(revealAfter);
+    const combined = new Uint8Array([...commitmentBytes, ...timeBytes]);
+    const key = (0, import_sha25616.sha256)(combined);
+    if (key.length !== 32) {
+      throw new CryptoError(
+        "Derived key must be 32 bytes",
+        "SIP_3008" /* INVALID_KEY_SIZE */,
+        {
+          context: { actualSize: key.length, expectedSize: 32 },
+          operation: "_deriveEncryptionKey"
+        }
+      );
+    }
+    return key;
+  }
+  /**
+   * Convert number to 8-byte big-endian representation
+   *
+   * @private
+   */
+  _numberToBytes(num) {
+    const bytes = new Uint8Array(8);
+    const view = new DataView(bytes.buffer);
+    view.setBigUint64(0, BigInt(Math.floor(num)), false);
+    return bytes;
+  }
+};
+
+// src/compliance/conditional-threshold.ts
+var import_secp256k17 = require("@noble/curves/secp256k1");
+var import_sha25617 = require("@noble/hashes/sha256");
+var import_utils23 = require("@noble/hashes/utils");
+var CURVE_ORDER2 = import_secp256k17.secp256k1.CURVE.n;
+
+// src/compliance/threshold.ts
+var import_sha25618 = require("@noble/hashes/sha256");
+var import_utils24 = require("@noble/hashes/utils");
+var FIELD_PRIME = 2n ** 256n - 189n;
+var ThresholdViewingKey = class {
+  /**
+   * Create threshold shares from a viewing key
+   *
+   * @param params - Configuration parameters
+   * @returns Threshold shares with commitment
+   * @throws ValidationError if parameters are invalid
+   *
+   * @example
+   * ```typescript
+   * const threshold = ThresholdViewingKey.create({
+   *   threshold: 3,
+   *   totalShares: 5,
+   *   viewingKey: '0xabc123...',
+   * })
+   * ```
+   */
+  static create(params) {
+    this.validateParams(params.threshold, params.totalShares);
+    this.validateViewingKey(params.viewingKey);
+    const secret = this.viewingKeyToSecret(params.viewingKey);
+    const keyLength = params.viewingKey.slice(2).length;
+    const coefficients = this.generateCoefficients(params.threshold, secret);
+    const commitment = this.createCommitment(secret, coefficients);
+    const shares = [];
+    for (let i = 1; i <= params.totalShares; i++) {
+      const x = BigInt(i);
+      const y = this.evaluatePolynomial(coefficients, x);
+      shares.push(this.encodeShare(x, y, keyLength, commitment));
+    }
+    return {
+      shares,
+      commitment,
+      threshold: params.threshold,
+      totalShares: params.totalShares
+    };
+  }
+  /**
+   * Reconstruct viewing key from threshold shares
+   *
+   * @param shares - Array of encoded shares (must be >= threshold)
+   * @returns Reconstructed viewing key
+   * @throws ValidationError if insufficient or invalid shares
+   *
+   * @example
+   * ```typescript
+   * const viewingKey = ThresholdViewingKey.reconstruct([
+   *   'share1',
+   *   'share2',
+   *   'share3',
+   * ])
+   * ```
+   */
+  static reconstruct(shares) {
+    if (!shares || shares.length === 0) {
+      throw new ValidationError(
+        "at least one share is required",
+        "shares",
+        { received: shares },
+        "SIP_2008" /* MISSING_REQUIRED */
+      );
+    }
+    const decodedShares = shares.map((s) => this.decodeShare(s));
+    const commitment = decodedShares[0].commitment;
+    const keyLength = decodedShares[0].keyLength;
+    for (const share of decodedShares) {
+      if (share.commitment !== commitment) {
+        throw new ValidationError(
+          "shares must all have the same commitment",
+          "shares",
+          { commitment },
+          "SIP_3012" /* INVALID_SHARE */
+        );
+      }
+      if (share.keyLength !== keyLength) {
+        throw new ValidationError(
+          "shares must all have the same key length",
+          "shares",
+          { keyLength },
+          "SIP_3012" /* INVALID_SHARE */
+        );
+      }
+    }
+    const xCoords = new Set(decodedShares.map((s) => s.x.toString()));
+    if (xCoords.size !== decodedShares.length) {
+      throw new ValidationError(
+        "shares must have unique x-coordinates",
+        "shares",
+        void 0,
+        "SIP_3012" /* INVALID_SHARE */
+      );
+    }
+    const secret = this.lagrangeInterpolate(decodedShares);
+    return this.secretToViewingKey(secret, keyLength);
+  }
+  /**
+   * Verify a share without revealing the viewing key
+   *
+   * @param share - Encoded share to verify
+   * @param expectedCommitment - Expected commitment hash
+   * @returns True if share is valid
+   *
+   * @example
+   * ```typescript
+   * const isValid = ThresholdViewingKey.verifyShare(
+   *   'share1',
+   *   'commitment_hash'
+   * )
+   * ```
+   */
+  static verifyShare(share, expectedCommitment) {
+    try {
+      const decoded = this.decodeShare(share);
+      return decoded.commitment === expectedCommitment;
+    } catch {
+      return false;
+    }
+  }
+  // ─── Private Helper Methods ─────────────────────────────────────────────────
+  /**
+   * Validate threshold and total shares parameters
+   */
+  static validateParams(threshold, totalShares) {
+    if (!Number.isInteger(threshold) || threshold < 2) {
+      throw new ValidationError(
+        "threshold must be an integer >= 2",
+        "threshold",
+        { received: threshold },
+        "SIP_3013" /* INVALID_THRESHOLD */
+      );
+    }
+    if (!Number.isInteger(totalShares) || totalShares < threshold) {
+      throw new ValidationError(
+        "totalShares must be an integer >= threshold",
+        "totalShares",
+        { received: totalShares, threshold },
+        "SIP_3013" /* INVALID_THRESHOLD */
+      );
+    }
+    if (totalShares > 255) {
+      throw new ValidationError(
+        "totalShares must be <= 255",
+        "totalShares",
+        { received: totalShares },
+        "SIP_3013" /* INVALID_THRESHOLD */
+      );
+    }
+  }
+  /**
+   * Validate viewing key format
+   */
+  static validateViewingKey(viewingKey) {
+    if (!viewingKey || typeof viewingKey !== "string") {
+      throw new ValidationError(
+        "viewingKey is required",
+        "viewingKey",
+        { received: viewingKey },
+        "SIP_2008" /* MISSING_REQUIRED */
+      );
+    }
+    if (!viewingKey.startsWith("0x")) {
+      throw new ValidationError(
+        "viewingKey must be hex-encoded (start with 0x)",
+        "viewingKey",
+        { received: viewingKey },
+        "SIP_3015" /* INVALID_FORMAT */
+      );
+    }
+    if (viewingKey.length < 66) {
+      throw new ValidationError(
+        "viewingKey must be at least 32 bytes",
+        "viewingKey",
+        { received: viewingKey.length },
+        "SIP_3015" /* INVALID_FORMAT */
+      );
+    }
+  }
+  /**
+   * Convert viewing key to secret (bigint)
+   */
+  static viewingKeyToSecret(viewingKey) {
+    const bytes = (0, import_utils24.hexToBytes)(viewingKey.slice(2));
+    let secret = 0n;
+    for (let i = 0; i < bytes.length; i++) {
+      secret = secret << 8n | BigInt(bytes[i]);
+    }
+    return this.mod(secret, FIELD_PRIME);
+  }
+  /**
+   * Convert secret (bigint) back to viewing key
+   * @param secret - The secret as bigint
+   * @param hexLength - Length of the hex string (without 0x prefix)
+   */
+  static secretToViewingKey(secret, hexLength) {
+    let hex = secret.toString(16);
+    hex = hex.padStart(hexLength, "0");
+    return `0x${hex}`;
+  }
+  /**
+   * Generate random polynomial coefficients
+   * Polynomial: f(x) = a₀ + a₁x + a₂x² + ... + aₙ₋₁xⁿ⁻¹
+   * where a₀ = secret
+   */
+  static generateCoefficients(threshold, secret) {
+    const coefficients = [secret];
+    for (let i = 1; i < threshold; i++) {
+      const randomCoeff = this.randomFieldElement();
+      coefficients.push(randomCoeff);
+    }
+    return coefficients;
+  }
+  /**
+   * Generate a random field element
+   */
+  static randomFieldElement() {
+    const bytes = (0, import_utils24.randomBytes)(32);
+    let value = 0n;
+    for (let i = 0; i < bytes.length; i++) {
+      value = value << 8n | BigInt(bytes[i]);
+    }
+    return this.mod(value, FIELD_PRIME);
+  }
+  /**
+   * Evaluate polynomial at point x
+   * f(x) = a₀ + a₁x + a₂x² + ... + aₙ₋₁xⁿ⁻¹
+   */
+  static evaluatePolynomial(coefficients, x) {
+    let result = 0n;
+    let xPower = 1n;
+    for (const coeff of coefficients) {
+      result = this.mod(result + this.mod(coeff * xPower, FIELD_PRIME), FIELD_PRIME);
+      xPower = this.mod(xPower * x, FIELD_PRIME);
+    }
+    return result;
+  }
+  /**
+   * Create commitment hash from secret and coefficients
+   */
+  static createCommitment(secret, coefficients) {
+    const data = [secret, ...coefficients].map((c) => c.toString(16).padStart(64, "0")).join("");
+    const hash2 = (0, import_sha25618.sha256)((0, import_utils24.hexToBytes)(data));
+    return (0, import_utils24.bytesToHex)(hash2);
+  }
+  /**
+   * Encode share as string: "x:y:len:commitment"
+   */
+  static encodeShare(x, y, keyLength, commitment) {
+    const xHex = x.toString(16).padStart(2, "0");
+    const yHex = y.toString(16).padStart(64, "0");
+    const lenHex = keyLength.toString(16).padStart(4, "0");
+    return `${xHex}:${yHex}:${lenHex}:${commitment}`;
+  }
+  /**
+   * Decode share from string
+   */
+  static decodeShare(share) {
+    if (!share || typeof share !== "string") {
+      throw new ValidationError(
+        "share must be a non-empty string",
+        "share",
+        { received: share },
+        "SIP_3012" /* INVALID_SHARE */
+      );
+    }
+    const parts = share.split(":");
+    if (parts.length !== 4) {
+      throw new ValidationError(
+        'share must have format "x:y:len:commitment"',
+        "share",
+        { received: share },
+        "SIP_3012" /* INVALID_SHARE */
+      );
+    }
+    const [xHex, yHex, lenHex, commitment] = parts;
+    try {
+      const x = BigInt(`0x${xHex}`);
+      const y = BigInt(`0x${yHex}`);
+      const keyLength = parseInt(lenHex, 16);
+      if (x <= 0n) {
+        throw new ValidationError(
+          "share x-coordinate must be positive",
+          "share",
+          { x },
+          "SIP_3012" /* INVALID_SHARE */
+        );
+      }
+      if (keyLength < 64) {
+        throw new ValidationError(
+          "key length must be at least 64 (32 bytes)",
+          "share",
+          { keyLength },
+          "SIP_3012" /* INVALID_SHARE */
+        );
+      }
+      return { x, y, keyLength, commitment };
+    } catch (error) {
+      throw new ValidationError(
+        "failed to decode share",
+        "share",
+        { error: error.message },
+        "SIP_3012" /* INVALID_SHARE */
+      );
     }
-    return data;
   }
-  generateCSV(transactions) {
-    const headers = [
-      "Transaction ID",
-      "Disclosure ID",
-      "Type",
-      "Direction",
-      "Token",
-      "Amount",
-      "Sender",
-      "Recipient",
-      "Chain",
-      "Privacy Level",
-      "Timestamp",
-      "TX Hash",
-      "Block",
-      "Risk Score",
-      "Purpose",
-      "Memo"
-    ];
-    const rows = transactions.map((tx) => [
-      tx.transactionId,
-      tx.disclosureId,
-      tx.type,
-      tx.direction,
-      tx.token.symbol,
-      tx.amount.toString(),
-      tx.sender,
-      tx.recipient,
-      tx.chain,
-      tx.privacyLevel,
-      new Date(tx.timestamp * 1e3).toISOString(),
-      tx.txHash,
-      tx.blockNumber.toString(),
-      tx.riskScore?.toString() ?? "",
-      tx.purpose ?? "",
-      tx.memo ?? ""
-    ]);
-    const escapeForCSV = (val) => {
-      let escaped = val;
-      if (/^[=+\-@|\t]/.test(escaped)) {
-        escaped = `'${escaped}`;
+  /**
+   * Lagrange interpolation to reconstruct secret
+   * Evaluates polynomial at x=0 to get f(0) = secret
+   */
+  static lagrangeInterpolate(shares) {
+    let secret = 0n;
+    for (let i = 0; i < shares.length; i++) {
+      const xi = shares[i].x;
+      const yi = shares[i].y;
+      let numerator = 1n;
+      let denominator = 1n;
+      for (let j = 0; j < shares.length; j++) {
+        if (i === j) continue;
+        const xj = shares[j].x;
+        numerator = this.mod(numerator * this.mod(-xj, FIELD_PRIME), FIELD_PRIME);
+        denominator = this.mod(denominator * this.mod(xi - xj, FIELD_PRIME), FIELD_PRIME);
       }
-      return `"${escaped.replace(/"/g, '""')}"`;
-    };
-    const csvRows = [headers, ...rows].map((row) => row.map(escapeForCSV).join(","));
-    return csvRows.join("\n");
+      const coeff = this.mod(numerator * this.modInverse(denominator, FIELD_PRIME), FIELD_PRIME);
+      secret = this.mod(secret + this.mod(yi * coeff, FIELD_PRIME), FIELD_PRIME);
+    }
+    return secret;
   }
-};
-function generateId(prefix) {
-  return `${prefix}_${(0, import_utils20.bytesToHex)((0, import_utils20.randomBytes)(12))}`;
-}
-function validateRegisterAuditorParams(params) {
-  if (!params.organization?.trim()) {
-    throw new ValidationError(
-      "organization is required",
-      "organization",
-      void 0,
-      "SIP_2008" /* MISSING_REQUIRED */
-    );
+  /**
+   * Modular arithmetic: a mod m
+   */
+  static mod(a, m) {
+    return (a % m + m) % m;
   }
-  if (!params.contactName?.trim()) {
-    throw new ValidationError(
-      "contact name is required",
-      "contactName",
-      void 0,
-      "SIP_2008" /* MISSING_REQUIRED */
-    );
+  /**
+   * Modular multiplicative inverse using Extended Euclidean Algorithm
+   * Returns x such that (a * x) mod m = 1
+   */
+  static modInverse(a, m) {
+    const a0 = this.mod(a, m);
+    if (a0 === 0n) {
+      throw new CryptoError(
+        "modular inverse does not exist (a = 0)",
+        "SIP_3014" /* CRYPTO_OPERATION_FAILED */,
+        { operation: "modInverse" }
+      );
+    }
+    let [old_r, r] = [a0, m];
+    let [old_s, s] = [1n, 0n];
+    while (r !== 0n) {
+      const quotient = old_r / r;
+      [old_r, r] = [r, old_r - quotient * r];
+      [old_s, s] = [s, old_s - quotient * s];
+    }
+    if (old_r !== 1n) {
+      throw new CryptoError(
+        "modular inverse does not exist (gcd != 1)",
+        "SIP_3014" /* CRYPTO_OPERATION_FAILED */,
+        { operation: "modInverse" }
+      );
+    }
+    return this.mod(old_s, m);
   }
-  if (!params.contactEmail?.trim()) {
-    throw new ValidationError(
-      "contact email is required",
-      "contactEmail",
-      void 0,
-      "SIP_2008" /* MISSING_REQUIRED */
-    );
+};
+
+// src/compliance/derivation.ts
+var import_sha25619 = require("@noble/hashes/sha256");
+var import_sha5123 = require("@noble/hashes/sha512");
+var import_hmac2 = require("@noble/hashes/hmac");
+var import_utils25 = require("@noble/hashes/utils");
+var AuditorType = /* @__PURE__ */ ((AuditorType2) => {
+  AuditorType2[AuditorType2["PRIMARY"] = 0] = "PRIMARY";
+  AuditorType2[AuditorType2["REGULATORY"] = 1] = "REGULATORY";
+  AuditorType2[AuditorType2["INTERNAL"] = 2] = "INTERNAL";
+  AuditorType2[AuditorType2["TAX"] = 3] = "TAX";
+  return AuditorType2;
+})(AuditorType || {});
+var AuditorKeyDerivation = class {
+  /**
+   * SIP Protocol coin type (BIP-44 registered)
+   *
+   * Note: This is a placeholder. In production, register with SLIP-44:
+   * https://github.com/satoshilabs/slips/blob/master/slip-0044.md
+   */
+  static COIN_TYPE = 1234;
+  /**
+   * BIP-44 purpose field
+   */
+  static PURPOSE = 44;
+  /**
+   * Hardened derivation flag (2^31)
+   */
+  static HARDENED = 2147483648;
+  /**
+   * Generate BIP-44 derivation path
+   *
+   * @param auditorType - Type of auditor key
+   * @param account - Account index (default: 0)
+   * @returns BIP-44 style path string
+   *
+   * @example
+   * ```typescript
+   * AuditorKeyDerivation.derivePath(AuditorType.REGULATORY)
+   * // Returns: "m/44'/1234'/0'/1"
+   *
+   * AuditorKeyDerivation.derivePath(AuditorType.TAX, 5)
+   * // Returns: "m/44'/1234'/5'/3"
+   * ```
+   */
+  static derivePath(auditorType, account = 0) {
+    this.validateAuditorType(auditorType);
+    this.validateAccount(account);
+    return `m/${this.PURPOSE}'/${this.COIN_TYPE}'/${account}'/${auditorType}`;
   }
-  if (!params.publicKey?.trim()) {
-    throw new ValidationError(
-      "public key is required",
-      "publicKey",
-      void 0,
-      "SIP_2008" /* MISSING_REQUIRED */
-    );
+  /**
+   * Derive a viewing key for an auditor
+   *
+   * Uses BIP-32 style hierarchical deterministic key derivation:
+   * 1. Derive master key from seed
+   * 2. Harden purpose (44')
+   * 3. Harden coin type (1234')
+   * 4. Harden account index
+   * 5. Derive auditor type (non-hardened)
+   *
+   * @param params - Derivation parameters
+   * @returns Derived viewing key with metadata
+   *
+   * @throws {ValidationError} If parameters are invalid
+   *
+   * @example
+   * ```typescript
+   * const regulatoryKey = AuditorKeyDerivation.deriveViewingKey({
+   *   masterSeed: randomBytes(32),
+   *   auditorType: AuditorType.REGULATORY,
+   * })
+   *
+   * console.log(regulatoryKey.path) // "m/44'/1234'/0'/1"
+   * console.log(regulatoryKey.viewingKey.key) // "0x..."
+   * ```
+   */
+  static deriveViewingKey(params) {
+    const { masterSeed, auditorType, account = 0 } = params;
+    this.validateMasterSeed(masterSeed);
+    this.validateAuditorType(auditorType);
+    this.validateAccount(account);
+    const path = this.derivePath(auditorType, account);
+    const indices = [
+      this.PURPOSE | this.HARDENED,
+      // 44' (hardened)
+      this.COIN_TYPE | this.HARDENED,
+      // 1234' (hardened)
+      account | this.HARDENED,
+      // account' (hardened)
+      auditorType
+      // auditorType (non-hardened)
+    ];
+    const masterData = (0, import_hmac2.hmac)(import_sha5123.sha512, (0, import_utils25.utf8ToBytes)("SIP-MASTER-SEED"), masterSeed);
+    let currentKey = new Uint8Array(masterData.slice(0, 32));
+    let chainCode = new Uint8Array(masterData.slice(32, 64));
+    try {
+      for (let i = 0; i < indices.length; i++) {
+        const index = indices[i];
+        const derived = this.deriveChildKey(currentKey, chainCode, index);
+        if (i > 0) {
+          secureWipe(currentKey);
+        }
+        currentKey = new Uint8Array(derived.key);
+        chainCode = new Uint8Array(derived.chainCode);
+      }
+      const keyHex = `0x${(0, import_utils25.bytesToHex)(currentKey)}`;
+      const hashBytes = (0, import_sha25619.sha256)(currentKey);
+      const hash2 = `0x${(0, import_utils25.bytesToHex)(hashBytes)}`;
+      const viewingKey = {
+        key: keyHex,
+        path,
+        hash: hash2
+      };
+      return {
+        path,
+        viewingKey,
+        auditorType,
+        account
+      };
+    } finally {
+      secureWipe(currentKey);
+      secureWipe(chainCode);
+    }
   }
-  if (!params.scope) {
-    throw new ValidationError(
-      "audit scope is required",
-      "scope",
-      void 0,
-      "SIP_2008" /* MISSING_REQUIRED */
-    );
+  /**
+   * Derive multiple viewing keys at once
+   *
+   * Efficiently derives keys for multiple auditor types from the same
+   * master seed. This is more efficient than calling deriveViewingKey
+   * multiple times as it reuses intermediate derivations.
+   *
+   * @param params - Derivation parameters
+   * @returns Array of derived viewing keys
+   *
+   * @example
+   * ```typescript
+   * const keys = AuditorKeyDerivation.deriveMultiple({
+   *   masterSeed: randomBytes(32),
+   *   auditorTypes: [
+   *     AuditorType.PRIMARY,
+   *     AuditorType.REGULATORY,
+   *     AuditorType.INTERNAL,
+   *   ],
+   * })
+   *
+   * // keys[0] -> PRIMARY key (m/44'/1234'/0'/0)
+   * // keys[1] -> REGULATORY key (m/44'/1234'/0'/1)
+   * // keys[2] -> INTERNAL key (m/44'/1234'/0'/2)
+   * ```
+   */
+  static deriveMultiple(params) {
+    const { masterSeed, auditorTypes, account = 0 } = params;
+    this.validateMasterSeed(masterSeed);
+    this.validateAccount(account);
+    if (!auditorTypes || auditorTypes.length === 0) {
+      throw new ValidationError(
+        "at least one auditor type is required",
+        "auditorTypes",
+        { received: auditorTypes },
+        "SIP_2008" /* MISSING_REQUIRED */
+      );
+    }
+    for (const type of auditorTypes) {
+      this.validateAuditorType(type);
+    }
+    const uniqueTypes = Array.from(new Set(auditorTypes));
+    const commonIndices = [
+      this.PURPOSE | this.HARDENED,
+      // 44' (hardened)
+      this.COIN_TYPE | this.HARDENED,
+      // 1234' (hardened)
+      account | this.HARDENED
+      // account' (hardened)
+    ];
+    const masterData = (0, import_hmac2.hmac)(import_sha5123.sha512, (0, import_utils25.utf8ToBytes)("SIP-MASTER-SEED"), masterSeed);
+    let commonKey = new Uint8Array(masterData.slice(0, 32));
+    let commonChainCode = new Uint8Array(masterData.slice(32, 64));
+    try {
+      for (let i = 0; i < commonIndices.length; i++) {
+        const index = commonIndices[i];
+        const derived = this.deriveChildKey(commonKey, commonChainCode, index);
+        if (i > 0) {
+          secureWipe(commonKey);
+        }
+        commonKey = new Uint8Array(derived.key);
+        commonChainCode = new Uint8Array(derived.chainCode);
+      }
+      const results = [];
+      for (const auditorType of uniqueTypes) {
+        const derived = this.deriveChildKey(commonKey, commonChainCode, auditorType);
+        try {
+          const keyHex = `0x${(0, import_utils25.bytesToHex)(derived.key)}`;
+          const hashBytes = (0, import_sha25619.sha256)(derived.key);
+          const hash2 = `0x${(0, import_utils25.bytesToHex)(hashBytes)}`;
+          const path = this.derivePath(auditorType, account);
+          const viewingKey = {
+            key: keyHex,
+            path,
+            hash: hash2
+          };
+          results.push({
+            path,
+            viewingKey,
+            auditorType,
+            account
+          });
+        } finally {
+          secureWipe(derived.key);
+          secureWipe(derived.chainCode);
+        }
+      }
+      return results;
+    } finally {
+      secureWipe(commonKey);
+      secureWipe(commonChainCode);
+    }
   }
-}
-function validateReportParams(params) {
-  if (!params.title?.trim()) {
-    throw new ValidationError(
-      "report title is required",
-      "title",
-      void 0,
-      "SIP_2008" /* MISSING_REQUIRED */
-    );
+  /**
+   * Get human-readable name for auditor type
+   *
+   * @param auditorType - Auditor type enum value
+   * @returns Friendly name string
+   */
+  static getAuditorTypeName(auditorType) {
+    switch (auditorType) {
+      case 0 /* PRIMARY */:
+        return "Primary";
+      case 1 /* REGULATORY */:
+        return "Regulatory";
+      case 2 /* INTERNAL */:
+        return "Internal";
+      case 3 /* TAX */:
+        return "Tax Authority";
+      default:
+        return `Unknown (${auditorType})`;
+    }
   }
-  if (!params.type) {
-    throw new ValidationError(
-      "report type is required",
-      "type",
-      void 0,
-      "SIP_2008" /* MISSING_REQUIRED */
-    );
+  // ─── Private Helpers ─────────────────────────────────────────────────────────
+  /**
+   * Derive a child key using BIP-32 HMAC-SHA512 derivation
+   *
+   * @param parentKey - Parent key bytes (32 bytes)
+   * @param chainCode - Parent chain code (32 bytes)
+   * @param index - Child index (use | HARDENED for hardened derivation)
+   * @returns Derived key and chain code
+   */
+  static deriveChildKey(parentKey, chainCode, index) {
+    const isHardened = (index & this.HARDENED) !== 0;
+    const data = new Uint8Array(37);
+    if (isHardened) {
+      data[0] = 0;
+      data.set(parentKey, 1);
+    } else {
+      data[0] = 1;
+      data.set(parentKey, 1);
+    }
+    const indexView = new DataView(data.buffer, 33, 4);
+    indexView.setUint32(0, index, false);
+    const hmacResult = (0, import_hmac2.hmac)(import_sha5123.sha512, chainCode, data);
+    const childKey = new Uint8Array(hmacResult.slice(0, 32));
+    const childChainCode = new Uint8Array(hmacResult.slice(32, 64));
+    return {
+      key: childKey,
+      chainCode: childChainCode
+    };
   }
-  if (!params.format) {
-    throw new ValidationError(
-      "report format is required",
-      "format",
-      void 0,
-      "SIP_2008" /* MISSING_REQUIRED */
-    );
+  /**
+   * Validate master seed
+   */
+  static validateMasterSeed(seed) {
+    if (!seed || seed.length < 32) {
+      throw new ValidationError(
+        "master seed must be at least 32 bytes",
+        "masterSeed",
+        { received: seed?.length ?? 0 },
+        "SIP_2001" /* INVALID_INPUT */
+      );
+    }
   }
-  if (params.startDate === void 0 || params.startDate === null || params.endDate === void 0 || params.endDate === null) {
-    throw new ValidationError(
-      "date range is required",
-      "dateRange",
-      void 0,
-      "SIP_2008" /* MISSING_REQUIRED */
-    );
+  /**
+   * Validate auditor type
+   */
+  static validateAuditorType(type) {
+    const validTypes = [
+      0 /* PRIMARY */,
+      1 /* REGULATORY */,
+      2 /* INTERNAL */,
+      3 /* TAX */
+    ];
+    if (!validTypes.includes(type)) {
+      throw new ValidationError(
+        `invalid auditor type: ${type}`,
+        "auditorType",
+        { received: type, valid: validTypes },
+        "SIP_2001" /* INVALID_INPUT */
+      );
+    }
   }
-  if (params.startDate >= params.endDate) {
-    throw new ValidationError(
-      "start date must be before end date",
-      "dateRange",
-      void 0,
-      "SIP_2001" /* INVALID_INPUT */
-    );
+  /**
+   * Validate account index
+   */
+  static validateAccount(account) {
+    if (!Number.isInteger(account) || account < 0 || account >= this.HARDENED) {
+      throw new ValidationError(
+        `account must be a non-negative integer less than ${this.HARDENED}`,
+        "account",
+        { received: account },
+        "SIP_2001" /* INVALID_INPUT */
+      );
+    }
   }
-}
+};
 
 // src/wallet/errors.ts
 var import_types18 = require("@sip-protocol/types");
@@ -12439,7 +14146,7 @@ function createTrezorAdapter(config) {
 
 // src/wallet/hardware/mock.ts
 var import_types51 = require("@sip-protocol/types");
-var import_utils21 = require("@noble/hashes/utils");
+var import_utils26 = require("@noble/hashes/utils");
 var MockLedgerAdapter = class extends BaseWalletAdapter {
   chain;
   name = "mock-ledger";
@@ -12684,15 +14391,15 @@ var MockLedgerAdapter = class extends BaseWalletAdapter {
     }
   }
   generateMockAddress(index) {
-    const bytes = (0, import_utils21.randomBytes)(20);
+    const bytes = (0, import_utils26.randomBytes)(20);
     bytes[0] = index;
-    return `0x${(0, import_utils21.bytesToHex)(bytes)}`;
+    return `0x${(0, import_utils26.bytesToHex)(bytes)}`;
   }
   generateMockPublicKey(index) {
-    const bytes = (0, import_utils21.randomBytes)(33);
+    const bytes = (0, import_utils26.randomBytes)(33);
     bytes[0] = 2;
     bytes[1] = index;
-    return `0x${(0, import_utils21.bytesToHex)(bytes)}`;
+    return `0x${(0, import_utils26.bytesToHex)(bytes)}`;
   }
   generateMockSignature(data) {
     const sig = new Uint8Array(65);
@@ -12701,7 +14408,7 @@ var MockLedgerAdapter = class extends BaseWalletAdapter {
       sig[32 + i] = (data[i % data.length] ?? 0) ^ i * 11;
     }
     sig[64] = 27;
-    return `0x${(0, import_utils21.bytesToHex)(sig)}`;
+    return `0x${(0, import_utils26.bytesToHex)(sig)}`;
   }
   delay(ms) {
     return new Promise((resolve) => setTimeout(resolve, ms));
@@ -12890,15 +14597,15 @@ var MockTrezorAdapter = class extends BaseWalletAdapter {
     }
   }
   generateMockAddress(index) {
-    const bytes = (0, import_utils21.randomBytes)(20);
+    const bytes = (0, import_utils26.randomBytes)(20);
     bytes[0] = index + 100;
-    return `0x${(0, import_utils21.bytesToHex)(bytes)}`;
+    return `0x${(0, import_utils26.bytesToHex)(bytes)}`;
   }
   generateMockPublicKey(index) {
-    const bytes = (0, import_utils21.randomBytes)(33);
+    const bytes = (0, import_utils26.randomBytes)(33);
     bytes[0] = 3;
     bytes[1] = index + 100;
-    return `0x${(0, import_utils21.bytesToHex)(bytes)}`;
+    return `0x${(0, import_utils26.bytesToHex)(bytes)}`;
   }
   generateMockSignature(data) {
     const sig = new Uint8Array(65);
@@ -12907,7 +14614,7 @@ var MockTrezorAdapter = class extends BaseWalletAdapter {
       sig[32 + i] = (data[i % data.length] ?? 0) ^ i * 17;
     }
     sig[64] = 28;
-    return `0x${(0, import_utils21.bytesToHex)(sig)}`;
+    return `0x${(0, import_utils26.bytesToHex)(sig)}`;
   }
   delay(ms) {
     return new Promise((resolve) => setTimeout(resolve, ms));
@@ -12926,10 +14633,14 @@ var import_types54 = require("@sip-protocol/types");
 0 && (module.exports = {
   ATTESTATION_VERSION,
   AptosStealthService,
+  AuditorKeyDerivation,
+  AuditorType,
   BaseWalletAdapter,
   CHAIN_NUMERIC_IDS,
   COSMOS_CHAIN_PREFIXES,
   ComplianceManager,
+  ComplianceReporter,
+  ConditionalDisclosure,
   CosmosStealthService,
   CryptoError,
   DEFAULT_THRESHOLD,
@@ -12981,6 +14692,7 @@ var import_types54 = require("@sip-protocol/types");
   SmartRouter,
   SolanaWalletAdapter,
   SwapStatus,
+  ThresholdViewingKey,
   Treasury,
   TrezorWalletAdapter,
   ValidationError,
@@ -13065,6 +14777,7 @@ var import_types54 = require("@sip-protocol/types");
   generateEd25519StealthAddress,
   generateEd25519StealthMetaAddress,
   generateIntentId,
+  generatePdfReport,
   generateRandomBytes,
   generateStealthAddress,
   generateStealthMetaAddress,