@sip-protocol/sdk 0.7.0 → 0.7.2

package/dist/chunk-DLDWZFYC.mjs

@@ -0,0 +1,1495 @@
+import {
+  ValidationError
+} from "./chunk-6WGN57S2.mjs";
+import {
+  ESTIMATED_TX_FEE_LAMPORTS,
+  MEMO_PROGRAM_ID,
+  SIP_MEMO_PREFIX,
+  SOLANA_TOKEN_MINTS,
+  getExplorerUrl
+} from "./chunk-E6SZWREQ.mjs";
+
+// src/chains/solana/types.ts
+function parseAnnouncement(memo) {
+  if (!memo.startsWith("SIP:1:")) {
+    return null;
+  }
+  const parts = memo.slice(6).split(":");
+  if (parts.length < 2) {
+    return null;
+  }
+  return {
+    ephemeralPublicKey: parts[0],
+    viewTag: parts[1],
+    stealthAddress: parts[2]
+  };
+}
+function createAnnouncementMemo(ephemeralPublicKey, viewTag, stealthAddress) {
+  const parts = ["SIP:1", ephemeralPublicKey, viewTag];
+  if (stealthAddress) {
+    parts.push(stealthAddress);
+  }
+  return parts.join(":");
+}
+
+// src/chains/solana/transfer.ts
+import {
+  PublicKey,
+  Transaction,
+  TransactionInstruction
+} from "@solana/web3.js";
+import {
+  getAssociatedTokenAddress,
+  createAssociatedTokenAccountInstruction,
+  createTransferInstruction,
+  TOKEN_PROGRAM_ID,
+  ASSOCIATED_TOKEN_PROGRAM_ID,
+  getAccount
+} from "@solana/spl-token";
+
+// src/stealth.ts
+import { secp256k1 } from "@noble/curves/secp256k1";
+import { ed25519 } from "@noble/curves/ed25519";
+import { sha256 } from "@noble/hashes/sha256";
+import { sha512 } from "@noble/hashes/sha512";
+import { keccak_256 } from "@noble/hashes/sha3";
+import { bytesToHex, hexToBytes, randomBytes as randomBytes2 } from "@noble/hashes/utils";
+
+// src/validation.ts
+var VALID_CHAIN_IDS = [
+  "solana",
+  "ethereum",
+  "near",
+  "zcash",
+  "polygon",
+  "arbitrum",
+  "optimism",
+  "base",
+  "bitcoin",
+  "aptos",
+  "sui",
+  "cosmos",
+  "osmosis",
+  "injective",
+  "celestia",
+  "sei",
+  "dydx"
+];
+function isValidChainId(chain) {
+  return VALID_CHAIN_IDS.includes(chain);
+}
+function isValidPrivacyLevel(level) {
+  if (typeof level !== "string") return false;
+  return ["transparent", "shielded", "compliant"].includes(level);
+}
+function isValidHex(value) {
+  if (typeof value !== "string") return false;
+  if (!value.startsWith("0x")) return false;
+  const hex = value.slice(2);
+  if (hex.length === 0) return false;
+  return /^[0-9a-fA-F]+$/.test(hex);
+}
+function isValidHexLength(value, byteLength) {
+  if (!isValidHex(value)) return false;
+  const hex = value.slice(2);
+  return hex.length === byteLength * 2;
+}
+function isValidAmount(value) {
+  return typeof value === "bigint" && value > 0n;
+}
+function isNonNegativeAmount(value) {
+  return typeof value === "bigint" && value >= 0n;
+}
+function isValidSlippage(value) {
+  return typeof value === "number" && !isNaN(value) && value >= 0 && value < 1;
+}
+var STEALTH_META_ADDRESS_REGEX = /^sip:[a-z]+:0x[0-9a-fA-F]{64,66}:0x[0-9a-fA-F]{64,66}$/;
+function isValidStealthMetaAddress(addr) {
+  if (typeof addr !== "string") return false;
+  return STEALTH_META_ADDRESS_REGEX.test(addr);
+}
+function isValidCompressedPublicKey(key) {
+  if (!isValidHexLength(key, 33)) return false;
+  const prefix = key.slice(2, 4);
+  return prefix === "02" || prefix === "03";
+}
+function isValidEd25519PublicKey(key) {
+  return isValidHexLength(key, 32);
+}
+function isValidPrivateKey(key) {
+  return isValidHexLength(key, 32);
+}
+function validateAsset(asset, field) {
+  if (!asset || typeof asset !== "object") {
+    throw new ValidationError("must be an object", field);
+  }
+  const a = asset;
+  if (!a.chain || !isValidChainId(a.chain)) {
+    throw new ValidationError(
+      `invalid chain '${a.chain}', must be one of: ${VALID_CHAIN_IDS.join(", ")}`,
+      `${field}.chain`
+    );
+  }
+  if (typeof a.symbol !== "string" || a.symbol.length === 0) {
+    throw new ValidationError("symbol must be a non-empty string", `${field}.symbol`);
+  }
+  if (a.address !== null && !isValidHex(a.address)) {
+    throw new ValidationError("address must be null or valid hex string", `${field}.address`);
+  }
+  if (typeof a.decimals !== "number" || !Number.isInteger(a.decimals) || a.decimals < 0) {
+    throw new ValidationError("decimals must be a non-negative integer", `${field}.decimals`);
+  }
+}
+function validateIntentInput(input, field = "input") {
+  if (!input || typeof input !== "object") {
+    throw new ValidationError("must be an object", field);
+  }
+  const i = input;
+  validateAsset(i.asset, `${field}.asset`);
+  if (!isValidAmount(i.amount)) {
+    throw new ValidationError(
+      "amount must be a positive bigint",
+      `${field}.amount`,
+      { received: typeof i.amount, value: String(i.amount) }
+    );
+  }
+}
+function validateIntentOutput(output, field = "output") {
+  if (!output || typeof output !== "object") {
+    throw new ValidationError("must be an object", field);
+  }
+  const o = output;
+  validateAsset(o.asset, `${field}.asset`);
+  if (!isNonNegativeAmount(o.minAmount)) {
+    throw new ValidationError(
+      "minAmount must be a non-negative bigint",
+      `${field}.minAmount`,
+      { received: typeof o.minAmount, value: String(o.minAmount) }
+    );
+  }
+  if (!isValidSlippage(o.maxSlippage)) {
+    throw new ValidationError(
+      "maxSlippage must be a number between 0 and 1 (exclusive)",
+      `${field}.maxSlippage`,
+      { received: o.maxSlippage }
+    );
+  }
+}
+function validateCreateIntentParams(params) {
+  if (!params || typeof params !== "object") {
+    throw new ValidationError("params must be an object");
+  }
+  const p = params;
+  if (!p.input) {
+    throw new ValidationError("input is required", "input");
+  }
+  validateIntentInput(p.input, "input");
+  if (!p.output) {
+    throw new ValidationError("output is required", "output");
+  }
+  validateIntentOutput(p.output, "output");
+  if (!p.privacy) {
+    throw new ValidationError("privacy is required", "privacy");
+  }
+  if (!isValidPrivacyLevel(p.privacy)) {
+    throw new ValidationError(
+      `invalid privacy level '${p.privacy}', must be one of: transparent, shielded, compliant`,
+      "privacy"
+    );
+  }
+  if ((p.privacy === "shielded" || p.privacy === "compliant") && p.recipientMetaAddress) {
+    if (!isValidStealthMetaAddress(p.recipientMetaAddress)) {
+      throw new ValidationError(
+        "invalid stealth meta-address format, expected: sip:<chain>:<spendingKey>:<viewingKey>",
+        "recipientMetaAddress"
+      );
+    }
+  }
+  if (p.privacy === "compliant" && !p.viewingKey) {
+    throw new ValidationError(
+      "viewingKey is required for compliant mode",
+      "viewingKey"
+    );
+  }
+  if (p.viewingKey && !isValidHex(p.viewingKey)) {
+    throw new ValidationError(
+      "viewingKey must be a valid hex string",
+      "viewingKey"
+    );
+  }
+  if (p.ttl !== void 0) {
+    if (typeof p.ttl !== "number" || !Number.isInteger(p.ttl) || p.ttl <= 0) {
+      throw new ValidationError(
+        "ttl must be a positive integer (seconds)",
+        "ttl",
+        { received: p.ttl }
+      );
+    }
+  }
+}
+function validateViewingKey(key, field = "viewingKey") {
+  if (!key || typeof key !== "string") {
+    throw new ValidationError("must be a string", field);
+  }
+  if (!isValidHex(key)) {
+    throw new ValidationError("must be a valid hex string with 0x prefix", field);
+  }
+  if (!isValidHexLength(key, 32)) {
+    throw new ValidationError("must be 32 bytes (64 hex characters)", field);
+  }
+}
+var SECP256K1_ORDER = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141n;
+function isValidScalar(value) {
+  return value > 0n && value < SECP256K1_ORDER;
+}
+function validateScalar(value, field) {
+  if (typeof value !== "bigint") {
+    throw new ValidationError("must be a bigint", field);
+  }
+  if (!isValidScalar(value)) {
+    throw new ValidationError(
+      "must be in range (0, curve order)",
+      field,
+      { curveOrder: SECP256K1_ORDER.toString(16) }
+    );
+  }
+}
+function isValidEvmAddress(address) {
+  if (typeof address !== "string") return false;
+  return /^0x[0-9a-fA-F]{40}$/.test(address);
+}
+function isValidSolanaAddressFormat(address) {
+  if (typeof address !== "string") return false;
+  return /^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(address);
+}
+function isValidNearAddressFormat(address) {
+  if (typeof address !== "string") return false;
+  if (/^[0-9a-f]{64}$/.test(address)) return true;
+  if (address.length < 2 || address.length > 64) return false;
+  if (!/^[a-z0-9]([a-z0-9._-]*[a-z0-9])?$/.test(address)) return false;
+  if (address.includes("..")) return false;
+  return true;
+}
+function isValidCosmosAddressFormat(address) {
+  if (typeof address !== "string") return false;
+  if (address.length < 39 || address.length > 90) return false;
+  const bech32Pattern = /^[a-z]+1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{38,}$/;
+  return bech32Pattern.test(address);
+}
+function getChainAddressType(chain) {
+  switch (chain) {
+    case "ethereum":
+    case "polygon":
+    case "arbitrum":
+    case "optimism":
+    case "base":
+      return "evm";
+    case "solana":
+      return "solana";
+    case "near":
+      return "near";
+    case "zcash":
+      return "zcash";
+    case "cosmos":
+    case "osmosis":
+    case "injective":
+    case "celestia":
+    case "sei":
+    case "dydx":
+      return "cosmos";
+    default:
+      return "unknown";
+  }
+}
+function validateAddressForChain(address, chain, field = "address") {
+  const addressType = getChainAddressType(chain);
+  switch (addressType) {
+    case "evm":
+      if (!isValidEvmAddress(address)) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected EVM address (0x + 40 hex chars), got: ${address.slice(0, 20)}...`,
+          field,
+          { chain, expectedFormat: "0x...", receivedFormat: address.startsWith("0x") ? "hex but wrong length" : "not hex" }
+        );
+      }
+      break;
+    case "solana":
+      if (!isValidSolanaAddressFormat(address)) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected Solana address (base58, 32-44 chars), got: ${address.slice(0, 20)}...`,
+          field,
+          { chain, expectedFormat: "base58", receivedFormat: address.startsWith("0x") ? "looks like EVM" : "unknown" }
+        );
+      }
+      break;
+    case "near":
+      if (!isValidNearAddressFormat(address)) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected NEAR account ID (named or implicit), got: ${address.slice(0, 20)}...`,
+          field,
+          { chain, expectedFormat: "alice.near or 64 hex chars" }
+        );
+      }
+      break;
+    case "zcash":
+      if (!address || address.length === 0) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected Zcash address.`,
+          field,
+          { chain }
+        );
+      }
+      break;
+    case "cosmos":
+      if (!isValidCosmosAddressFormat(address)) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected Cosmos bech32 address, got: ${address.slice(0, 20)}...`,
+          field,
+          { chain, expectedFormat: "bech32" }
+        );
+      }
+      break;
+    default:
+      break;
+  }
+}
+function isAddressValidForChain(address, chain) {
+  try {
+    validateAddressForChain(address, chain);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// src/secure-memory.ts
+import { randomBytes } from "@noble/hashes/utils";
+function secureWipe(buffer) {
+  if (!buffer || buffer.length === 0) {
+    return;
+  }
+  const random = randomBytes(buffer.length);
+  buffer.set(random);
+  buffer.fill(0);
+}
+async function withSecureBuffer(createSecret, useSecret) {
+  const secret = createSecret();
+  try {
+    return await useSecret(secret);
+  } finally {
+    secureWipe(secret);
+  }
+}
+function withSecureBufferSync(createSecret, useSecret) {
+  const secret = createSecret();
+  try {
+    return useSecret(secret);
+  } finally {
+    secureWipe(secret);
+  }
+}
+function secureWipeAll(...buffers) {
+  for (const buffer of buffers) {
+    if (buffer) {
+      secureWipe(buffer);
+    }
+  }
+}
+
+// src/stealth.ts
+function generateStealthMetaAddress(chain, label) {
+  if (!isValidChainId(chain)) {
+    throw new ValidationError(
+      `invalid chain '${chain}', must be one of: solana, ethereum, near, zcash, polygon, arbitrum, optimism, base, bitcoin, aptos, sui, cosmos, osmosis, injective, celestia, sei, dydx`,
+      "chain"
+    );
+  }
+  if (isEd25519Chain(chain)) {
+    return generateEd25519StealthMetaAddress(chain, label);
+  }
+  const spendingPrivateKey = randomBytes2(32);
+  const viewingPrivateKey = randomBytes2(32);
+  try {
+    const spendingKey = secp256k1.getPublicKey(spendingPrivateKey, true);
+    const viewingKey = secp256k1.getPublicKey(viewingPrivateKey, true);
+    const result = {
+      metaAddress: {
+        spendingKey: `0x${bytesToHex(spendingKey)}`,
+        viewingKey: `0x${bytesToHex(viewingKey)}`,
+        chain,
+        label
+      },
+      spendingPrivateKey: `0x${bytesToHex(spendingPrivateKey)}`,
+      viewingPrivateKey: `0x${bytesToHex(viewingPrivateKey)}`
+    };
+    return result;
+  } finally {
+    secureWipeAll(spendingPrivateKey, viewingPrivateKey);
+  }
+}
+function validateStealthMetaAddress(metaAddress, field = "recipientMetaAddress") {
+  if (!metaAddress || typeof metaAddress !== "object") {
+    throw new ValidationError("must be an object", field);
+  }
+  if (!isValidChainId(metaAddress.chain)) {
+    throw new ValidationError(
+      `invalid chain '${metaAddress.chain}'`,
+      `${field}.chain`
+    );
+  }
+  const isEd25519 = isEd25519Chain(metaAddress.chain);
+  if (isEd25519) {
+    if (!isValidEd25519PublicKey(metaAddress.spendingKey)) {
+      throw new ValidationError(
+        "spendingKey must be a valid ed25519 public key (32 bytes)",
+        `${field}.spendingKey`
+      );
+    }
+    if (!isValidEd25519PublicKey(metaAddress.viewingKey)) {
+      throw new ValidationError(
+        "viewingKey must be a valid ed25519 public key (32 bytes)",
+        `${field}.viewingKey`
+      );
+    }
+  } else {
+    if (!isValidCompressedPublicKey(metaAddress.spendingKey)) {
+      throw new ValidationError(
+        "spendingKey must be a valid compressed secp256k1 public key (33 bytes, starting with 02 or 03)",
+        `${field}.spendingKey`
+      );
+    }
+    if (!isValidCompressedPublicKey(metaAddress.viewingKey)) {
+      throw new ValidationError(
+        "viewingKey must be a valid compressed secp256k1 public key (33 bytes, starting with 02 or 03)",
+        `${field}.viewingKey`
+      );
+    }
+  }
+}
+function generateStealthAddress(recipientMetaAddress) {
+  validateStealthMetaAddress(recipientMetaAddress);
+  if (isEd25519Chain(recipientMetaAddress.chain)) {
+    return generateEd25519StealthAddress(recipientMetaAddress);
+  }
+  const ephemeralPrivateKey = randomBytes2(32);
+  try {
+    const ephemeralPublicKey = secp256k1.getPublicKey(ephemeralPrivateKey, true);
+    const spendingKeyBytes = hexToBytes(recipientMetaAddress.spendingKey.slice(2));
+    const viewingKeyBytes = hexToBytes(recipientMetaAddress.viewingKey.slice(2));
+    const sharedSecretPoint = secp256k1.getSharedSecret(
+      ephemeralPrivateKey,
+      spendingKeyBytes
+    );
+    const sharedSecretHash = sha256(sharedSecretPoint);
+    const hashTimesG = secp256k1.getPublicKey(sharedSecretHash, true);
+    const viewingKeyPoint = secp256k1.ProjectivePoint.fromHex(viewingKeyBytes);
+    const hashTimesGPoint = secp256k1.ProjectivePoint.fromHex(hashTimesG);
+    const stealthPoint = viewingKeyPoint.add(hashTimesGPoint);
+    const stealthAddressBytes = stealthPoint.toRawBytes(true);
+    const viewTag = sharedSecretHash[0];
+    return {
+      stealthAddress: {
+        address: `0x${bytesToHex(stealthAddressBytes)}`,
+        ephemeralPublicKey: `0x${bytesToHex(ephemeralPublicKey)}`,
+        viewTag
+      },
+      sharedSecret: `0x${bytesToHex(sharedSecretHash)}`
+    };
+  } finally {
+    secureWipe(ephemeralPrivateKey);
+  }
+}
+function validateStealthAddress(stealthAddress, field = "stealthAddress") {
+  if (!stealthAddress || typeof stealthAddress !== "object") {
+    throw new ValidationError("must be an object", field);
+  }
+  if (!isValidCompressedPublicKey(stealthAddress.address)) {
+    throw new ValidationError(
+      "address must be a valid compressed secp256k1 public key",
+      `${field}.address`
+    );
+  }
+  if (!isValidCompressedPublicKey(stealthAddress.ephemeralPublicKey)) {
+    throw new ValidationError(
+      "ephemeralPublicKey must be a valid compressed secp256k1 public key",
+      `${field}.ephemeralPublicKey`
+    );
+  }
+  if (typeof stealthAddress.viewTag !== "number" || !Number.isInteger(stealthAddress.viewTag) || stealthAddress.viewTag < 0 || stealthAddress.viewTag > 255) {
+    throw new ValidationError(
+      "viewTag must be an integer between 0 and 255",
+      `${field}.viewTag`
+    );
+  }
+}
+function deriveStealthPrivateKey(stealthAddress, spendingPrivateKey, viewingPrivateKey) {
+  validateStealthAddress(stealthAddress);
+  if (!isValidPrivateKey(spendingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "spendingPrivateKey"
+    );
+  }
+  if (!isValidPrivateKey(viewingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "viewingPrivateKey"
+    );
+  }
+  const spendingPrivBytes = hexToBytes(spendingPrivateKey.slice(2));
+  const viewingPrivBytes = hexToBytes(viewingPrivateKey.slice(2));
+  const ephemeralPubBytes = hexToBytes(stealthAddress.ephemeralPublicKey.slice(2));
+  try {
+    const sharedSecretPoint = secp256k1.getSharedSecret(
+      spendingPrivBytes,
+      ephemeralPubBytes
+    );
+    const sharedSecretHash = sha256(sharedSecretPoint);
+    const viewingScalar = bytesToBigInt(viewingPrivBytes);
+    const hashScalar = bytesToBigInt(sharedSecretHash);
+    const stealthPrivateScalar = (viewingScalar + hashScalar) % secp256k1.CURVE.n;
+    const stealthPrivateKey = bigIntToBytes(stealthPrivateScalar, 32);
+    const result = {
+      stealthAddress: stealthAddress.address,
+      ephemeralPublicKey: stealthAddress.ephemeralPublicKey,
+      privateKey: `0x${bytesToHex(stealthPrivateKey)}`
+    };
+    secureWipe(stealthPrivateKey);
+    return result;
+  } finally {
+    secureWipeAll(spendingPrivBytes, viewingPrivBytes);
+  }
+}
+function checkStealthAddress(stealthAddress, spendingPrivateKey, viewingPrivateKey) {
+  validateStealthAddress(stealthAddress);
+  if (!isValidPrivateKey(spendingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "spendingPrivateKey"
+    );
+  }
+  if (!isValidPrivateKey(viewingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "viewingPrivateKey"
+    );
+  }
+  const spendingPrivBytes = hexToBytes(spendingPrivateKey.slice(2));
+  const viewingPrivBytes = hexToBytes(viewingPrivateKey.slice(2));
+  const ephemeralPubBytes = hexToBytes(stealthAddress.ephemeralPublicKey.slice(2));
+  try {
+    const sharedSecretPoint = secp256k1.getSharedSecret(
+      spendingPrivBytes,
+      ephemeralPubBytes
+    );
+    const sharedSecretHash = sha256(sharedSecretPoint);
+    if (sharedSecretHash[0] !== stealthAddress.viewTag) {
+      return false;
+    }
+    const viewingScalar = bytesToBigInt(viewingPrivBytes);
+    const hashScalar = bytesToBigInt(sharedSecretHash);
+    const stealthPrivateScalar = (viewingScalar + hashScalar) % secp256k1.CURVE.n;
+    const derivedKeyBytes = bigIntToBytes(stealthPrivateScalar, 32);
+    const expectedPubKey = secp256k1.getPublicKey(derivedKeyBytes, true);
+    secureWipe(derivedKeyBytes);
+    const providedAddress = hexToBytes(stealthAddress.address.slice(2));
+    return bytesToHex(expectedPubKey) === bytesToHex(providedAddress);
+  } finally {
+    secureWipeAll(spendingPrivBytes, viewingPrivBytes);
+  }
+}
+function encodeStealthMetaAddress(metaAddress) {
+  return `sip:${metaAddress.chain}:${metaAddress.spendingKey}:${metaAddress.viewingKey}`;
+}
+function decodeStealthMetaAddress(encoded) {
+  if (typeof encoded !== "string") {
+    throw new ValidationError("must be a string", "encoded");
+  }
+  const parts = encoded.split(":");
+  if (parts.length < 4 || parts[0] !== "sip") {
+    throw new ValidationError(
+      "invalid format, expected: sip:<chain>:<spendingKey>:<viewingKey>",
+      "encoded"
+    );
+  }
+  const [, chain, spendingKey, viewingKey] = parts;
+  if (!isValidChainId(chain)) {
+    throw new ValidationError(
+      `invalid chain '${chain}'`,
+      "encoded.chain"
+    );
+  }
+  const chainId = chain;
+  if (isEd25519Chain(chainId)) {
+    if (!isValidEd25519PublicKey(spendingKey)) {
+      throw new ValidationError(
+        "spendingKey must be a valid 32-byte ed25519 public key",
+        "encoded.spendingKey"
+      );
+    }
+    if (!isValidEd25519PublicKey(viewingKey)) {
+      throw new ValidationError(
+        "viewingKey must be a valid 32-byte ed25519 public key",
+        "encoded.viewingKey"
+      );
+    }
+  } else {
+    if (!isValidCompressedPublicKey(spendingKey)) {
+      throw new ValidationError(
+        "spendingKey must be a valid compressed secp256k1 public key",
+        "encoded.spendingKey"
+      );
+    }
+    if (!isValidCompressedPublicKey(viewingKey)) {
+      throw new ValidationError(
+        "viewingKey must be a valid compressed secp256k1 public key",
+        "encoded.viewingKey"
+      );
+    }
+  }
+  return {
+    chain,
+    spendingKey,
+    viewingKey
+  };
+}
+function bytesToBigInt(bytes) {
+  let result = 0n;
+  for (const byte of bytes) {
+    result = (result << 8n) + BigInt(byte);
+  }
+  return result;
+}
+function bigIntToBytes(value, length) {
+  const bytes = new Uint8Array(length);
+  for (let i = length - 1; i >= 0; i--) {
+    bytes[i] = Number(value & 0xffn);
+    value >>= 8n;
+  }
+  return bytes;
+}
+function publicKeyToEthAddress(publicKey) {
+  const keyHex = publicKey.startsWith("0x") ? publicKey.slice(2) : publicKey;
+  const keyBytes = hexToBytes(keyHex);
+  let uncompressedBytes;
+  if (keyBytes.length === 33) {
+    const point = secp256k1.ProjectivePoint.fromHex(keyBytes);
+    uncompressedBytes = point.toRawBytes(false);
+  } else if (keyBytes.length === 65) {
+    uncompressedBytes = keyBytes;
+  } else {
+    throw new ValidationError(
+      `invalid public key length: ${keyBytes.length}, expected 33 (compressed) or 65 (uncompressed)`,
+      "publicKey"
+    );
+  }
+  const pubKeyWithoutPrefix = uncompressedBytes.slice(1);
+  const hash = keccak_256(pubKeyWithoutPrefix);
+  const addressBytes = hash.slice(-20);
+  return toChecksumAddress(`0x${bytesToHex(addressBytes)}`);
+}
+function toChecksumAddress(address) {
+  const addr = address.toLowerCase().replace("0x", "");
+  const hash = bytesToHex(keccak_256(new TextEncoder().encode(addr)));
+  let checksummed = "0x";
+  for (let i = 0; i < addr.length; i++) {
+    if (parseInt(hash[i], 16) >= 8) {
+      checksummed += addr[i].toUpperCase();
+    } else {
+      checksummed += addr[i];
+    }
+  }
+  return checksummed;
+}
+var ED25519_ORDER = 2n ** 252n + 27742317777372353535851937790883648493n;
+var ED25519_CHAINS = ["solana", "near", "aptos", "sui"];
+function isEd25519Chain(chain) {
+  return ED25519_CHAINS.includes(chain);
+}
+function getCurveForChain(chain) {
+  return isEd25519Chain(chain) ? "ed25519" : "secp256k1";
+}
+function validateEd25519StealthMetaAddress(metaAddress, field = "recipientMetaAddress") {
+  if (!metaAddress || typeof metaAddress !== "object") {
+    throw new ValidationError("must be an object", field);
+  }
+  if (!isValidChainId(metaAddress.chain)) {
+    throw new ValidationError(
+      `invalid chain '${metaAddress.chain}'`,
+      `${field}.chain`
+    );
+  }
+  if (!isEd25519Chain(metaAddress.chain)) {
+    throw new ValidationError(
+      `chain '${metaAddress.chain}' does not use ed25519, use secp256k1 functions instead`,
+      `${field}.chain`
+    );
+  }
+  if (!isValidEd25519PublicKey(metaAddress.spendingKey)) {
+    throw new ValidationError(
+      "spendingKey must be a valid ed25519 public key (32 bytes)",
+      `${field}.spendingKey`
+    );
+  }
+  if (!isValidEd25519PublicKey(metaAddress.viewingKey)) {
+    throw new ValidationError(
+      "viewingKey must be a valid ed25519 public key (32 bytes)",
+      `${field}.viewingKey`
+    );
+  }
+}
+function validateEd25519StealthAddress(stealthAddress, field = "stealthAddress") {
+  if (!stealthAddress || typeof stealthAddress !== "object") {
+    throw new ValidationError("must be an object", field);
+  }
+  if (!isValidEd25519PublicKey(stealthAddress.address)) {
+    throw new ValidationError(
+      "address must be a valid ed25519 public key (32 bytes)",
+      `${field}.address`
+    );
+  }
+  if (!isValidEd25519PublicKey(stealthAddress.ephemeralPublicKey)) {
+    throw new ValidationError(
+      "ephemeralPublicKey must be a valid ed25519 public key (32 bytes)",
+      `${field}.ephemeralPublicKey`
+    );
+  }
+  if (typeof stealthAddress.viewTag !== "number" || !Number.isInteger(stealthAddress.viewTag) || stealthAddress.viewTag < 0 || stealthAddress.viewTag > 255) {
+    throw new ValidationError(
+      "viewTag must be an integer between 0 and 255",
+      `${field}.viewTag`
+    );
+  }
+}
+function getEd25519Scalar(privateKey) {
+  const hash = sha512(privateKey);
+  const scalar = hash.slice(0, 32);
+  scalar[0] &= 248;
+  scalar[31] &= 127;
+  scalar[31] |= 64;
+  return bytesToBigIntLE(scalar);
+}
+function bytesToBigIntLE(bytes) {
+  let result = 0n;
+  for (let i = bytes.length - 1; i >= 0; i--) {
+    result = (result << 8n) + BigInt(bytes[i]);
+  }
+  return result;
+}
+function bigIntToBytesLE(value, length) {
+  const bytes = new Uint8Array(length);
+  for (let i = 0; i < length; i++) {
+    bytes[i] = Number(value & 0xffn);
+    value >>= 8n;
+  }
+  return bytes;
+}
+function generateEd25519StealthMetaAddress(chain, label) {
+  if (!isValidChainId(chain)) {
+    throw new ValidationError(
+      `invalid chain '${chain}', must be one of: solana, ethereum, near, zcash, polygon, arbitrum, optimism, base, bitcoin, aptos, sui, cosmos, osmosis, injective, celestia, sei, dydx`,
+      "chain"
+    );
+  }
+  if (!isEd25519Chain(chain)) {
+    throw new ValidationError(
+      `chain '${chain}' does not use ed25519, use generateStealthMetaAddress() for secp256k1 chains`,
+      "chain"
+    );
+  }
+  const spendingPrivateKey = randomBytes2(32);
+  const viewingPrivateKey = randomBytes2(32);
+  try {
+    const spendingKey = ed25519.getPublicKey(spendingPrivateKey);
+    const viewingKey = ed25519.getPublicKey(viewingPrivateKey);
+    const result = {
+      metaAddress: {
+        spendingKey: `0x${bytesToHex(spendingKey)}`,
+        viewingKey: `0x${bytesToHex(viewingKey)}`,
+        chain,
+        label
+      },
+      spendingPrivateKey: `0x${bytesToHex(spendingPrivateKey)}`,
+      viewingPrivateKey: `0x${bytesToHex(viewingPrivateKey)}`
+    };
+    return result;
+  } finally {
+    secureWipeAll(spendingPrivateKey, viewingPrivateKey);
+  }
+}
+function generateEd25519StealthAddress(recipientMetaAddress) {
+  validateEd25519StealthMetaAddress(recipientMetaAddress);
+  const ephemeralPrivateKey = randomBytes2(32);
+  try {
+    const ephemeralPublicKey = ed25519.getPublicKey(ephemeralPrivateKey);
+    const spendingKeyBytes = hexToBytes(recipientMetaAddress.spendingKey.slice(2));
+    const viewingKeyBytes = hexToBytes(recipientMetaAddress.viewingKey.slice(2));
+    const rawEphemeralScalar = getEd25519Scalar(ephemeralPrivateKey);
+    const ephemeralScalar = rawEphemeralScalar % ED25519_ORDER;
+    if (ephemeralScalar === 0n) {
+      throw new Error("CRITICAL: Zero ephemeral scalar after reduction - investigate RNG");
+    }
+    const spendingPoint = ed25519.ExtendedPoint.fromHex(spendingKeyBytes);
+    const sharedSecretPoint = spendingPoint.multiply(ephemeralScalar);
+    const sharedSecretHash = sha256(sharedSecretPoint.toRawBytes());
+    const hashScalar = bytesToBigInt(sharedSecretHash) % ED25519_ORDER;
+    if (hashScalar === 0n) {
+      throw new Error("CRITICAL: Zero hash scalar after reduction - investigate hash computation");
+    }
+    const hashTimesG = ed25519.ExtendedPoint.BASE.multiply(hashScalar);
+    const viewingPoint = ed25519.ExtendedPoint.fromHex(viewingKeyBytes);
+    const stealthPoint = viewingPoint.add(hashTimesG);
+    const stealthAddressBytes = stealthPoint.toRawBytes();
+    const viewTag = sharedSecretHash[0];
+    return {
+      stealthAddress: {
+        address: `0x${bytesToHex(stealthAddressBytes)}`,
+        ephemeralPublicKey: `0x${bytesToHex(ephemeralPublicKey)}`,
+        viewTag
+      },
+      sharedSecret: `0x${bytesToHex(sharedSecretHash)}`
+    };
+  } finally {
+    secureWipe(ephemeralPrivateKey);
+  }
+}
+function deriveEd25519StealthPrivateKey(stealthAddress, spendingPrivateKey, viewingPrivateKey) {
+  validateEd25519StealthAddress(stealthAddress);
+  if (!isValidPrivateKey(spendingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "spendingPrivateKey"
+    );
+  }
+  if (!isValidPrivateKey(viewingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "viewingPrivateKey"
+    );
+  }
+  const spendingPrivBytes = hexToBytes(spendingPrivateKey.slice(2));
+  const viewingPrivBytes = hexToBytes(viewingPrivateKey.slice(2));
+  const ephemeralPubBytes = hexToBytes(stealthAddress.ephemeralPublicKey.slice(2));
+  try {
+    const rawSpendingScalar = getEd25519Scalar(spendingPrivBytes);
+    const spendingScalar = rawSpendingScalar % ED25519_ORDER;
+    if (spendingScalar === 0n) {
+      throw new Error("CRITICAL: Zero spending scalar after reduction - investigate key derivation");
+    }
+    const ephemeralPoint = ed25519.ExtendedPoint.fromHex(ephemeralPubBytes);
+    const sharedSecretPoint = ephemeralPoint.multiply(spendingScalar);
+    const sharedSecretHash = sha256(sharedSecretPoint.toRawBytes());
+    const rawViewingScalar = getEd25519Scalar(viewingPrivBytes);
+    const viewingScalar = rawViewingScalar % ED25519_ORDER;
+    if (viewingScalar === 0n) {
+      throw new Error("CRITICAL: Zero viewing scalar after reduction - investigate key derivation");
+    }
+    const hashScalar = bytesToBigInt(sharedSecretHash) % ED25519_ORDER;
+    if (hashScalar === 0n) {
+      throw new Error("CRITICAL: Zero hash scalar after reduction - investigate hash computation");
+    }
+    const stealthPrivateScalar = (viewingScalar + hashScalar) % ED25519_ORDER;
+    if (stealthPrivateScalar === 0n) {
+      throw new Error("CRITICAL: Zero stealth scalar after reduction - investigate key derivation");
+    }
+    const stealthPrivateKey = bigIntToBytesLE(stealthPrivateScalar, 32);
+    const result = {
+      stealthAddress: stealthAddress.address,
+      ephemeralPublicKey: stealthAddress.ephemeralPublicKey,
+      privateKey: `0x${bytesToHex(stealthPrivateKey)}`
+    };
+    secureWipe(stealthPrivateKey);
+    return result;
+  } finally {
+    secureWipeAll(spendingPrivBytes, viewingPrivBytes);
+  }
+}
+function checkEd25519StealthAddress(stealthAddress, spendingPrivateKey, viewingPrivateKey) {
+  validateEd25519StealthAddress(stealthAddress);
+  if (!isValidPrivateKey(spendingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "spendingPrivateKey"
+    );
+  }
+  if (!isValidPrivateKey(viewingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "viewingPrivateKey"
+    );
+  }
+  const spendingPrivBytes = hexToBytes(spendingPrivateKey.slice(2));
+  const viewingPrivBytes = hexToBytes(viewingPrivateKey.slice(2));
+  const ephemeralPubBytes = hexToBytes(stealthAddress.ephemeralPublicKey.slice(2));
+  try {
+    const rawSpendingScalar = getEd25519Scalar(spendingPrivBytes);
+    const spendingScalar = rawSpendingScalar % ED25519_ORDER;
+    if (spendingScalar === 0n) {
+      throw new Error("CRITICAL: Zero spending scalar after reduction - investigate key derivation");
+    }
+    const ephemeralPoint = ed25519.ExtendedPoint.fromHex(ephemeralPubBytes);
+    const sharedSecretPoint = ephemeralPoint.multiply(spendingScalar);
+    const sharedSecretHash = sha256(sharedSecretPoint.toRawBytes());
+    if (sharedSecretHash[0] !== stealthAddress.viewTag) {
+      return false;
+    }
+    const rawViewingScalar = getEd25519Scalar(viewingPrivBytes);
+    const viewingScalar = rawViewingScalar % ED25519_ORDER;
+    if (viewingScalar === 0n) {
+      throw new Error("CRITICAL: Zero viewing scalar after reduction - investigate key derivation");
+    }
+    const hashScalar = bytesToBigInt(sharedSecretHash) % ED25519_ORDER;
+    if (hashScalar === 0n) {
+      throw new Error("CRITICAL: Zero hash scalar after reduction - investigate hash computation");
+    }
+    const stealthPrivateScalar = (viewingScalar + hashScalar) % ED25519_ORDER;
+    if (stealthPrivateScalar === 0n) {
+      throw new Error("CRITICAL: Zero stealth scalar after reduction - investigate key derivation");
+    }
+    const expectedPubKey = ed25519.ExtendedPoint.BASE.multiply(stealthPrivateScalar);
+    const expectedPubKeyBytes = expectedPubKey.toRawBytes();
+    const providedAddress = hexToBytes(stealthAddress.address.slice(2));
+    return bytesToHex(expectedPubKeyBytes) === bytesToHex(providedAddress);
+  } finally {
+    secureWipeAll(spendingPrivBytes, viewingPrivBytes);
+  }
+}
+var BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function bytesToBase58(bytes) {
+  let leadingZeros = 0;
+  for (let i = 0; i < bytes.length && bytes[i] === 0; i++) {
+    leadingZeros++;
+  }
+  let value = 0n;
+  for (const byte of bytes) {
+    value = value * 256n + BigInt(byte);
+  }
+  let result = "";
+  while (value > 0n) {
+    const remainder = value % 58n;
+    value = value / 58n;
+    result = BASE58_ALPHABET[Number(remainder)] + result;
+  }
+  return "1".repeat(leadingZeros) + result;
+}
+function base58ToBytes(str) {
+  let leadingOnes = 0;
+  for (let i = 0; i < str.length && str[i] === "1"; i++) {
+    leadingOnes++;
+  }
+  let value = 0n;
+  for (const char of str) {
+    const index = BASE58_ALPHABET.indexOf(char);
+    if (index === -1) {
+      throw new ValidationError(`Invalid base58 character: ${char}`, "address");
+    }
+    value = value * 58n + BigInt(index);
+  }
+  const bytes = [];
+  while (value > 0n) {
+    bytes.unshift(Number(value % 256n));
+    value = value / 256n;
+  }
+  const result = new Uint8Array(leadingOnes + bytes.length);
+  for (let i = 0; i < leadingOnes; i++) {
+    result[i] = 0;
+  }
+  for (let i = 0; i < bytes.length; i++) {
+    result[leadingOnes + i] = bytes[i];
+  }
+  return result;
+}
+function ed25519PublicKeyToSolanaAddress(publicKey) {
+  if (!isValidHex(publicKey)) {
+    throw new ValidationError(
+      "publicKey must be a valid hex string with 0x prefix",
+      "publicKey"
+    );
+  }
+  if (!isValidEd25519PublicKey(publicKey)) {
+    throw new ValidationError(
+      "publicKey must be 32 bytes (64 hex characters)",
+      "publicKey"
+    );
+  }
+  const publicKeyBytes = hexToBytes(publicKey.slice(2));
+  return bytesToBase58(publicKeyBytes);
+}
+function isValidSolanaAddress(address) {
+  if (typeof address !== "string" || address.length === 0) {
+    return false;
+  }
+  if (address.length < 32 || address.length > 44) {
+    return false;
+  }
+  try {
+    const decoded = base58ToBytes(address);
+    return decoded.length === 32;
+  } catch {
+    return false;
+  }
+}
+function solanaAddressToEd25519PublicKey(address) {
+  if (!isValidSolanaAddress(address)) {
+    throw new ValidationError(
+      "Invalid Solana address format",
+      "address"
+    );
+  }
+  const decoded = base58ToBytes(address);
+  return `0x${bytesToHex(decoded)}`;
+}
+function ed25519PublicKeyToNearAddress(publicKey) {
+  if (!isValidHex(publicKey)) {
+    throw new ValidationError(
+      "publicKey must be a valid hex string with 0x prefix",
+      "publicKey"
+    );
+  }
+  if (!isValidEd25519PublicKey(publicKey)) {
+    throw new ValidationError(
+      "publicKey must be 32 bytes (64 hex characters)",
+      "publicKey"
+    );
+  }
+  return publicKey.slice(2).toLowerCase();
+}
+function nearAddressToEd25519PublicKey(address) {
+  if (!isValidNearImplicitAddress(address)) {
+    throw new ValidationError(
+      "Invalid NEAR implicit address format",
+      "address"
+    );
+  }
+  return `0x${address.toLowerCase()}`;
+}
+function isValidNearImplicitAddress(address) {
+  if (typeof address !== "string" || address.length === 0) {
+    return false;
+  }
+  if (address.length !== 64) {
+    return false;
+  }
+  return /^[0-9a-f]{64}$/.test(address);
+}
+function isValidNearAccountId(accountId) {
+  if (typeof accountId !== "string" || accountId.length === 0) {
+    return false;
+  }
+  if (isValidNearImplicitAddress(accountId)) {
+    return true;
+  }
+  if (accountId.length < 2 || accountId.length > 64) {
+    return false;
+  }
+  const nearAccountPattern = /^[a-z0-9]([a-z0-9._-]*[a-z0-9])?$/;
+  if (!nearAccountPattern.test(accountId)) {
+    return false;
+  }
+  if (accountId.includes("..")) {
+    return false;
+  }
+  return true;
+}
+
+// src/chains/solana/transfer.ts
+async function sendPrivateSPLTransfer(params) {
+  const {
+    connection,
+    sender,
+    senderTokenAccount,
+    recipientMetaAddress,
+    mint,
+    amount,
+    signTransaction
+  } = params;
+  if (recipientMetaAddress.chain !== "solana") {
+    throw new Error(
+      `Invalid chain: expected 'solana', got '${recipientMetaAddress.chain}'`
+    );
+  }
+  const { stealthAddress } = generateEd25519StealthAddress(recipientMetaAddress);
+  const stealthAddressBase58 = ed25519PublicKeyToSolanaAddress(stealthAddress.address);
+  const stealthPubkey = new PublicKey(stealthAddressBase58);
+  const ephemeralPubkeyBase58 = ed25519PublicKeyToSolanaAddress(
+    stealthAddress.ephemeralPublicKey
+  );
+  const stealthATA = await getAssociatedTokenAddress(
+    mint,
+    stealthPubkey,
+    true
+    // allowOwnerOffCurve - stealth addresses may be off-curve
+  );
+  const transaction = new Transaction();
+  let stealthATAExists = false;
+  try {
+    await getAccount(connection, stealthATA);
+    stealthATAExists = true;
+  } catch {
+    stealthATAExists = false;
+  }
+  if (!stealthATAExists) {
+    transaction.add(
+      createAssociatedTokenAccountInstruction(
+        sender,
+        // payer
+        stealthATA,
+        // associatedToken
+        stealthPubkey,
+        // owner
+        mint,
+        // mint
+        TOKEN_PROGRAM_ID,
+        ASSOCIATED_TOKEN_PROGRAM_ID
+      )
+    );
+  }
+  transaction.add(
+    createTransferInstruction(
+      senderTokenAccount,
+      // source
+      stealthATA,
+      // destination
+      sender,
+      // owner
+      amount
+      // amount
+    )
+  );
+  const memoContent = createAnnouncementMemo(
+    ephemeralPubkeyBase58,
+    stealthAddress.viewTag.slice(2),
+    // Remove 0x prefix
+    stealthAddressBase58
+  );
+  const memoInstruction = new TransactionInstruction({
+    keys: [],
+    programId: new PublicKey(MEMO_PROGRAM_ID),
+    data: Buffer.from(memoContent, "utf-8")
+  });
+  transaction.add(memoInstruction);
+  const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash();
+  transaction.recentBlockhash = blockhash;
+  transaction.lastValidBlockHeight = lastValidBlockHeight;
+  transaction.feePayer = sender;
+  const signedTx = await signTransaction(transaction);
+  const txSignature = await connection.sendRawTransaction(signedTx.serialize(), {
+    skipPreflight: false,
+    preflightCommitment: "confirmed"
+  });
+  await connection.confirmTransaction(
+    {
+      signature: txSignature,
+      blockhash,
+      lastValidBlockHeight
+    },
+    "confirmed"
+  );
+  const cluster = detectCluster(connection.rpcEndpoint);
+  return {
+    txSignature,
+    stealthAddress: stealthAddressBase58,
+    ephemeralPublicKey: ephemeralPubkeyBase58,
+    viewTag: stealthAddress.viewTag,
+    explorerUrl: getExplorerUrl(txSignature, cluster),
+    cluster
+  };
+}
+async function estimatePrivateTransferFee(connection, needsATACreation = true) {
+  let fee = ESTIMATED_TX_FEE_LAMPORTS;
+  if (needsATACreation) {
+    const rentExemption = await connection.getMinimumBalanceForRentExemption(165);
+    fee += BigInt(rentExemption);
+  }
+  return fee;
+}
+async function hasTokenAccount(connection, stealthAddress, mint) {
+  try {
+    const stealthPubkey = new PublicKey(stealthAddress);
+    const ata = await getAssociatedTokenAddress(mint, stealthPubkey, true);
+    await getAccount(connection, ata);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function detectCluster(endpoint) {
+  if (endpoint.includes("devnet")) {
+    return "devnet";
+  }
+  if (endpoint.includes("testnet")) {
+    return "testnet";
+  }
+  if (endpoint.includes("localhost") || endpoint.includes("127.0.0.1")) {
+    return "localnet";
+  }
+  return "mainnet-beta";
+}
+
+// src/chains/solana/scan.ts
+import {
+  PublicKey as PublicKey2,
+  Transaction as Transaction2,
+  Keypair
+} from "@solana/web3.js";
+import {
+  getAssociatedTokenAddress as getAssociatedTokenAddress2,
+  createTransferInstruction as createTransferInstruction2,
+  getAccount as getAccount2
+} from "@solana/spl-token";
+import { hexToBytes as hexToBytes2 } from "@noble/hashes/utils";
+async function scanForPayments(params) {
+  const {
+    connection,
+    viewingPrivateKey,
+    spendingPublicKey,
+    fromSlot,
+    toSlot,
+    limit = 100
+  } = params;
+  const results = [];
+  const memoProgram = new PublicKey2(MEMO_PROGRAM_ID);
+  try {
+    const signatures = await connection.getSignaturesForAddress(
+      memoProgram,
+      {
+        limit,
+        minContextSlot: fromSlot
+      }
+    );
+    const filteredSignatures = toSlot ? signatures.filter((s) => s.slot <= toSlot) : signatures;
+    for (const sigInfo of filteredSignatures) {
+      try {
+        const tx = await connection.getTransaction(sigInfo.signature, {
+          maxSupportedTransactionVersion: 0
+        });
+        if (!tx?.meta?.logMessages) continue;
+        for (const log of tx.meta.logMessages) {
+          if (!log.includes(SIP_MEMO_PREFIX)) continue;
+          const memoMatch = log.match(/Program log: (.+)/);
+          if (!memoMatch) continue;
+          const memoContent = memoMatch[1];
+          const announcement = parseAnnouncement(memoContent);
+          if (!announcement) continue;
+          const ephemeralPubKeyHex = solanaAddressToEd25519PublicKey(
+            announcement.ephemeralPublicKey
+          );
+          const stealthAddressToCheck = {
+            address: announcement.stealthAddress ? solanaAddressToEd25519PublicKey(announcement.stealthAddress) : "0x" + "00".repeat(32),
+            // Will be computed
+            ephemeralPublicKey: ephemeralPubKeyHex,
+            viewTag: "0x" + announcement.viewTag
+          };
+          const isOurs = checkEd25519StealthAddress(
+            stealthAddressToCheck,
+            viewingPrivateKey,
+            spendingPublicKey
+          );
+          if (isOurs) {
+            const transferInfo = parseTokenTransfer(tx);
+            if (transferInfo) {
+              results.push({
+                stealthAddress: announcement.stealthAddress || "",
+                ephemeralPublicKey: announcement.ephemeralPublicKey,
+                amount: transferInfo.amount,
+                mint: transferInfo.mint,
+                tokenSymbol: getTokenSymbol(transferInfo.mint),
+                txSignature: sigInfo.signature,
+                slot: sigInfo.slot,
+                timestamp: sigInfo.blockTime || 0
+              });
+            }
+          }
+        }
+      } catch (err) {
+        console.warn(`Failed to parse tx ${sigInfo.signature}:`, err);
+      }
+    }
+  } catch (err) {
+    console.error("Scan failed:", err);
+    throw new Error(`Failed to scan for payments: ${err}`);
+  }
+  return results;
+}
+async function claimStealthPayment(params) {
+  const {
+    connection,
+    stealthAddress,
+    ephemeralPublicKey,
+    viewingPrivateKey,
+    spendingPrivateKey,
+    destinationAddress,
+    mint
+  } = params;
+  const stealthAddressHex = solanaAddressToEd25519PublicKey(stealthAddress);
+  const ephemeralPubKeyHex = solanaAddressToEd25519PublicKey(ephemeralPublicKey);
+  const stealthAddressObj = {
+    address: stealthAddressHex,
+    ephemeralPublicKey: ephemeralPubKeyHex,
+    viewTag: "0x00"
+    // Not needed for derivation
+  };
+  const recovery = deriveEd25519StealthPrivateKey(
+    stealthAddressObj,
+    spendingPrivateKey,
+    viewingPrivateKey
+  );
+  const stealthPrivKeyBytes = hexToBytes2(recovery.privateKey.slice(2));
+  const stealthPubkey = new PublicKey2(stealthAddress);
+  const stealthKeypair = Keypair.fromSecretKey(
+    new Uint8Array([...stealthPrivKeyBytes, ...stealthPubkey.toBytes()])
+  );
+  const stealthATA = await getAssociatedTokenAddress2(
+    mint,
+    stealthPubkey,
+    true
+  );
+  const destinationPubkey = new PublicKey2(destinationAddress);
+  const destinationATA = await getAssociatedTokenAddress2(
+    mint,
+    destinationPubkey
+  );
+  const stealthAccount = await getAccount2(connection, stealthATA);
+  const amount = stealthAccount.amount;
+  const transaction = new Transaction2();
+  transaction.add(
+    createTransferInstruction2(
+      stealthATA,
+      destinationATA,
+      stealthPubkey,
+      amount
+    )
+  );
+  const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash();
+  transaction.recentBlockhash = blockhash;
+  transaction.lastValidBlockHeight = lastValidBlockHeight;
+  transaction.feePayer = stealthPubkey;
+  transaction.sign(stealthKeypair);
+  const txSignature = await connection.sendRawTransaction(
+    transaction.serialize(),
+    {
+      skipPreflight: false,
+      preflightCommitment: "confirmed"
+    }
+  );
+  await connection.confirmTransaction(
+    {
+      signature: txSignature,
+      blockhash,
+      lastValidBlockHeight
+    },
+    "confirmed"
+  );
+  const cluster = detectCluster2(connection.rpcEndpoint);
+  return {
+    txSignature,
+    destinationAddress,
+    amount,
+    explorerUrl: getExplorerUrl(txSignature, cluster)
+  };
+}
+async function getStealthBalance(connection, stealthAddress, mint) {
+  try {
+    const stealthPubkey = new PublicKey2(stealthAddress);
+    const ata = await getAssociatedTokenAddress2(mint, stealthPubkey, true);
+    const account = await getAccount2(connection, ata);
+    return account.amount;
+  } catch {
+    return 0n;
+  }
+}
+function parseTokenTransfer(tx) {
+  if (!tx?.meta?.postTokenBalances || !tx.meta.preTokenBalances) {
+    return null;
+  }
+  for (let i = 0; i < tx.meta.postTokenBalances.length; i++) {
+    const post = tx.meta.postTokenBalances[i];
+    const pre = tx.meta.preTokenBalances.find(
+      (p) => p.accountIndex === post.accountIndex
+    );
+    const postAmount = BigInt(post.uiTokenAmount.amount);
+    const preAmount = pre ? BigInt(pre.uiTokenAmount.amount) : 0n;
+    if (postAmount > preAmount) {
+      return {
+        mint: post.mint,
+        amount: postAmount - preAmount
+      };
+    }
+  }
+  return null;
+}
+function getTokenSymbol(mint) {
+  for (const [symbol, address] of Object.entries(SOLANA_TOKEN_MINTS)) {
+    if (address === mint) {
+      return symbol;
+    }
+  }
+  return void 0;
+}
+function detectCluster2(endpoint) {
+  if (endpoint.includes("devnet")) {
+    return "devnet";
+  }
+  if (endpoint.includes("testnet")) {
+    return "testnet";
+  }
+  if (endpoint.includes("localhost") || endpoint.includes("127.0.0.1")) {
+    return "localnet";
+  }
+  return "mainnet-beta";
+}
+
+export {
+  isValidChainId,
+  isValidPrivacyLevel,
+  isValidHex,
+  isValidHexLength,
+  isValidAmount,
+  isNonNegativeAmount,
+  isValidSlippage,
+  isValidStealthMetaAddress,
+  isValidCompressedPublicKey,
+  isValidEd25519PublicKey,
+  isValidPrivateKey,
+  validateAsset,
+  validateIntentInput,
+  validateIntentOutput,
+  validateCreateIntentParams,
+  validateViewingKey,
+  isValidScalar,
+  validateScalar,
+  getChainAddressType,
+  isAddressValidForChain,
+  secureWipe,
+  withSecureBuffer,
+  withSecureBufferSync,
+  secureWipeAll,
+  generateStealthMetaAddress,
+  generateStealthAddress,
+  deriveStealthPrivateKey,
+  checkStealthAddress,
+  encodeStealthMetaAddress,
+  decodeStealthMetaAddress,
+  publicKeyToEthAddress,
+  isEd25519Chain,
+  getCurveForChain,
+  generateEd25519StealthMetaAddress,
+  generateEd25519StealthAddress,
+  deriveEd25519StealthPrivateKey,
+  checkEd25519StealthAddress,
+  ed25519PublicKeyToSolanaAddress,
+  isValidSolanaAddress,
+  solanaAddressToEd25519PublicKey,
+  ed25519PublicKeyToNearAddress,
+  nearAddressToEd25519PublicKey,
+  isValidNearImplicitAddress,
+  isValidNearAccountId,
+  parseAnnouncement,
+  createAnnouncementMemo,
+  sendPrivateSPLTransfer,
+  estimatePrivateTransferFee,
+  hasTokenAccount,
+  scanForPayments,
+  claimStealthPayment,
+  getStealthBalance
+};