@sip-protocol/sdk 0.7.2 → 0.7.3

package/dist/browser.js

@@ -1552,7 +1552,8 @@ async function scanForPayments(params) {
     spendingPublicKey,
     fromSlot,
     toSlot,
-    limit = 100
+    limit = 100,
+    provider
   } = params;
   const results = [];
   const memoProgram = new import_web32.PublicKey(MEMO_PROGRAM_ID);
@@ -1596,12 +1597,26 @@ async function scanForPayments(params) {
           if (isOurs) {
             const transferInfo = parseTokenTransfer(tx);
             if (transferInfo) {
+              let amount = transferInfo.amount;
+              const tokenSymbol = getTokenSymbol(transferInfo.mint);
+              if (provider && announcement.stealthAddress) {
+                try {
+                  const balance = await provider.getTokenBalance(
+                    announcement.stealthAddress,
+                    transferInfo.mint
+                  );
+                  if (balance > 0n) {
+                    amount = balance;
+                  }
+                } catch {
+                }
+              }
               results.push({
                 stealthAddress: announcement.stealthAddress || "",
                 ephemeralPublicKey: announcement.ephemeralPublicKey,
-                amount: transferInfo.amount,
+                amount,
                 mint: transferInfo.mint,
-                tokenSymbol: getTokenSymbol(transferInfo.mint),
+                tokenSymbol,
                 txSignature: sigInfo.signature,
                 slot: sigInfo.slot,
                 timestamp: sigInfo.blockTime || 0
@@ -1644,8 +1659,19 @@ async function claimStealthPayment(params) {
   );
   const stealthPrivKeyBytes = (0, import_utils9.hexToBytes)(recovery.privateKey.slice(2));
   const stealthPubkey = new import_web32.PublicKey(stealthAddress);
+  const expectedPubKeyBytes = stealthPubkey.toBytes();
+  const scalarBigInt = bytesToBigIntLE2(stealthPrivKeyBytes);
+  const ED25519_ORDER2 = 2n ** 252n + 27742317777372353535851937790883648493n;
+  let validScalar = scalarBigInt % ED25519_ORDER2;
+  if (validScalar === 0n) validScalar = 1n;
+  const derivedPubKeyBytes = import_ed255192.ed25519.ExtendedPoint.BASE.multiply(validScalar).toRawBytes();
+  if (!derivedPubKeyBytes.every((b, i) => b === expectedPubKeyBytes[i])) {
+    throw new Error(
+      "Stealth key derivation failed: derived private key does not produce expected public key. This may indicate incorrect spending/viewing keys or corrupted announcement data."
+    );
+  }
   const stealthKeypair = import_web32.Keypair.fromSecretKey(
-    new Uint8Array([...stealthPrivKeyBytes, ...stealthPubkey.toBytes()])
+    new Uint8Array([...stealthPrivKeyBytes, ...expectedPubKeyBytes])
   );
   const stealthATA = await (0, import_spl_token2.getAssociatedTokenAddress)(
     mint,
@@ -1696,7 +1722,13 @@ async function claimStealthPayment(params) {
     explorerUrl: getExplorerUrl(txSignature, cluster)
   };
 }
-async function getStealthBalance(connection, stealthAddress, mint) {
+async function getStealthBalance(connection, stealthAddress, mint, provider) {
+  if (provider) {
+    try {
+      return await provider.getTokenBalance(stealthAddress, mint.toBase58());
+    } catch {
+    }
+  }
   try {
     const stealthPubkey = new import_web32.PublicKey(stealthAddress);
     const ata = await (0, import_spl_token2.getAssociatedTokenAddress)(mint, stealthPubkey, true);
@@ -1746,7 +1778,14 @@ function detectCluster2(endpoint) {
   }
   return "mainnet-beta";
 }
-var import_web32, import_spl_token2, import_utils9;
+function bytesToBigIntLE2(bytes) {
+  let result = 0n;
+  for (let i = bytes.length - 1; i >= 0; i--) {
+    result = result << 8n | BigInt(bytes[i]);
+  }
+  return result;
+}
+var import_web32, import_spl_token2, import_utils9, import_ed255192;
 var init_scan = __esm({
   "src/chains/solana/scan.ts"() {
     "use strict";
@@ -1756,6 +1795,428 @@ var init_scan = __esm({
     init_types();
     init_constants();
     import_utils9 = require("@noble/hashes/utils");
+    import_ed255192 = require("@noble/curves/ed25519");
+  }
+});
+
+// src/chains/solana/providers/helius.ts
+var HeliusProvider;
+var init_helius = __esm({
+  "src/chains/solana/providers/helius.ts"() {
+    "use strict";
+    HeliusProvider = class {
+      name = "helius";
+      apiKey;
+      cluster;
+      rpcUrl;
+      restUrl;
+      constructor(config) {
+        if (!config.apiKey) {
+          throw new Error("Helius API key is required. Get one at https://dev.helius.xyz");
+        }
+        this.apiKey = config.apiKey;
+        this.cluster = config.cluster ?? "mainnet-beta";
+        this.rpcUrl = this.cluster === "devnet" ? `https://devnet.helius-rpc.com/?api-key=${this.apiKey}` : `https://mainnet.helius-rpc.com/?api-key=${this.apiKey}`;
+        this.restUrl = this.cluster === "devnet" ? `https://api-devnet.helius.xyz/v0` : `https://api.helius.xyz/v0`;
+      }
+      /**
+       * Get all token assets owned by an address using DAS API
+       *
+       * Uses getAssetsByOwner for comprehensive asset information including
+       * NFTs and fungible tokens with metadata.
+       */
+      async getAssetsByOwner(owner) {
+        const assets = [];
+        let page = 1;
+        const limit = 1e3;
+        let hasMore = true;
+        while (hasMore) {
+          const response = await fetch(this.rpcUrl, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({
+              jsonrpc: "2.0",
+              id: `sip-${Date.now()}`,
+              method: "getAssetsByOwner",
+              params: {
+                ownerAddress: owner,
+                page,
+                limit,
+                displayOptions: {
+                  showFungible: true,
+                  showNativeBalance: false
+                }
+              }
+            })
+          });
+          if (!response.ok) {
+            throw new Error(`Helius API error: ${response.status} ${response.statusText}`);
+          }
+          const data = await response.json();
+          if (data.error) {
+            throw new Error(`Helius RPC error: ${data.error.message} (code: ${data.error.code})`);
+          }
+          if (data.result?.items) {
+            for (const item of data.result.items) {
+              if (item.interface !== "FungibleToken" && item.interface !== "FungibleAsset") {
+                continue;
+              }
+              const tokenInfo = item.token_info;
+              if (!tokenInfo?.balance) continue;
+              const balanceValue = typeof tokenInfo.balance === "string" ? BigInt(tokenInfo.balance) : BigInt(Math.floor(tokenInfo.balance));
+              assets.push({
+                mint: item.id,
+                amount: balanceValue,
+                decimals: tokenInfo.decimals ?? 0,
+                symbol: tokenInfo.symbol ?? item.content?.metadata?.symbol,
+                name: item.content?.metadata?.name,
+                logoUri: item.content?.links?.image
+              });
+            }
+          }
+          hasMore = data.result?.items?.length === limit;
+          page++;
+          if (page > 100) {
+            console.warn("[HeliusProvider] Reached page limit (100), stopping pagination");
+            break;
+          }
+        }
+        return assets;
+      }
+      /**
+       * Get token balance for a specific mint using Balances API
+       *
+       * More efficient than getAssetsByOwner when you only need one token's balance.
+       */
+      async getTokenBalance(owner, mint) {
+        try {
+          const url = `${this.restUrl}/addresses/${owner}/balances?api-key=${this.apiKey}`;
+          const response = await fetch(url);
+          if (!response.ok) {
+            const assets = await this.getAssetsByOwner(owner);
+            const asset = assets.find((a) => a.mint === mint);
+            return asset?.amount ?? 0n;
+          }
+          const data = await response.json();
+          const token = data.tokens?.find((t) => t.mint === mint);
+          return token ? BigInt(token.amount) : 0n;
+        } catch (error) {
+          console.warn("[HeliusProvider] getTokenBalance error, falling back to DAS:", error);
+          const assets = await this.getAssetsByOwner(owner);
+          const asset = assets.find((a) => a.mint === mint);
+          return asset?.amount ?? 0n;
+        }
+      }
+      /**
+       * Check if provider supports real-time subscriptions
+       *
+       * Helius supports webhooks for real-time notifications,
+       * but that requires server-side setup. Client-side subscriptions
+       * are not directly supported.
+       */
+      supportsSubscriptions() {
+        return false;
+      }
+    };
+  }
+});
+
+// src/chains/solana/providers/generic.ts
+function validateSolanaAddress(address, paramName) {
+  try {
+    return new import_web33.PublicKey(address);
+  } catch {
+    throw new Error(`Invalid Solana address for ${paramName}: ${address}`);
+  }
+}
+var import_web33, import_spl_token3, CLUSTER_ENDPOINTS, GenericProvider;
+var init_generic = __esm({
+  "src/chains/solana/providers/generic.ts"() {
+    "use strict";
+    import_web33 = require("@solana/web3.js");
+    import_spl_token3 = require("@solana/spl-token");
+    CLUSTER_ENDPOINTS = {
+      "mainnet-beta": "https://api.mainnet-beta.solana.com",
+      devnet: "https://api.devnet.solana.com",
+      testnet: "https://api.testnet.solana.com"
+    };
+    GenericProvider = class {
+      name = "generic";
+      connection;
+      constructor(config) {
+        if (config.connection) {
+          this.connection = config.connection;
+        } else {
+          const endpoint = config.endpoint ?? CLUSTER_ENDPOINTS[config.cluster ?? "mainnet-beta"];
+          this.connection = new import_web33.Connection(endpoint, "confirmed");
+        }
+      }
+      /**
+       * Get all token assets owned by an address using getParsedTokenAccountsByOwner
+       *
+       * Note: This is less efficient than Helius DAS API for large wallets,
+       * but works with any RPC endpoint.
+       */
+      async getAssetsByOwner(owner) {
+        const ownerPubkey = validateSolanaAddress(owner, "owner");
+        const accounts = await this.connection.getParsedTokenAccountsByOwner(
+          ownerPubkey,
+          { programId: import_spl_token3.TOKEN_PROGRAM_ID }
+        );
+        const assets = [];
+        for (const { account } of accounts.value) {
+          const parsed = account.data.parsed;
+          if (parsed.type !== "account") continue;
+          const info = parsed.info;
+          const amount = BigInt(info.tokenAmount.amount);
+          if (amount === 0n) continue;
+          assets.push({
+            mint: info.mint,
+            amount,
+            decimals: info.tokenAmount.decimals,
+            // Generic RPC doesn't provide symbol/name, those need metadata lookup
+            symbol: void 0,
+            name: void 0,
+            logoUri: void 0
+          });
+        }
+        return assets;
+      }
+      /**
+       * Get token balance for a specific mint
+       *
+       * Uses getAccount on the associated token address.
+       */
+      async getTokenBalance(owner, mint) {
+        const ownerPubkey = validateSolanaAddress(owner, "owner");
+        const mintPubkey = validateSolanaAddress(mint, "mint");
+        try {
+          const ata = await (0, import_spl_token3.getAssociatedTokenAddress)(
+            mintPubkey,
+            ownerPubkey,
+            true
+            // allowOwnerOffCurve for PDAs
+          );
+          const account = await (0, import_spl_token3.getAccount)(this.connection, ata);
+          return account.amount;
+        } catch {
+          return 0n;
+        }
+      }
+      /**
+       * Check if provider supports real-time subscriptions
+       *
+       * Generic RPC supports WebSocket subscriptions but they're not
+       * efficient for monitoring token transfers. Returns false.
+       */
+      supportsSubscriptions() {
+        return false;
+      }
+      /**
+       * Get the underlying Connection object
+       *
+       * Useful for advanced operations that need direct RPC access.
+       */
+      getConnection() {
+        return this.connection;
+      }
+    };
+  }
+});
+
+// src/chains/solana/providers/interface.ts
+function createProvider(type, config) {
+  switch (type) {
+    case "helius":
+      return new HeliusProvider(config);
+    case "generic":
+      return new GenericProvider(config);
+    case "quicknode":
+    case "triton":
+      throw new Error(
+        `Provider '${type}' is not yet implemented. Use 'helius' or 'generic' for now. See https://github.com/sip-protocol/sip-protocol/issues/${type === "quicknode" ? "494" : "495"}`
+      );
+    default:
+      throw new Error(`Unknown provider type: ${type}`);
+  }
+}
+var init_interface = __esm({
+  "src/chains/solana/providers/interface.ts"() {
+    "use strict";
+    init_helius();
+    init_generic();
+  }
+});
+
+// src/chains/solana/providers/webhook.ts
+function createWebhookHandler(config) {
+  const { viewingPrivateKey, spendingPublicKey, onPaymentFound, onError } = config;
+  if (!viewingPrivateKey || !viewingPrivateKey.startsWith("0x")) {
+    throw new ValidationError("viewingPrivateKey must be a valid hex string starting with 0x", "viewingPrivateKey");
+  }
+  if (!spendingPublicKey || !spendingPublicKey.startsWith("0x")) {
+    throw new ValidationError("spendingPublicKey must be a valid hex string starting with 0x", "spendingPublicKey");
+  }
+  if (typeof onPaymentFound !== "function") {
+    throw new ValidationError("onPaymentFound callback is required", "onPaymentFound");
+  }
+  return async (payload) => {
+    const transactions = Array.isArray(payload) ? payload : [payload];
+    const results = [];
+    for (const tx of transactions) {
+      try {
+        if (isRawTransaction(tx)) {
+          const result = await processRawTransaction(
+            tx,
+            viewingPrivateKey,
+            spendingPublicKey,
+            onPaymentFound
+          );
+          results.push(result);
+        } else {
+          results.push({
+            found: false,
+            signature: tx.signature
+          });
+        }
+      } catch (error) {
+        onError?.(error, isRawTransaction(tx) ? tx : void 0);
+        results.push({
+          found: false,
+          signature: getSignature(tx)
+        });
+      }
+    }
+    return results;
+  };
+}
+async function processRawTransaction(tx, viewingPrivateKey, spendingPublicKey, onPaymentFound) {
+  const signature = tx.transaction?.signatures?.[0] ?? "unknown";
+  if (tx.meta?.err) {
+    return { found: false, signature };
+  }
+  if (!tx.meta?.logMessages) {
+    return { found: false, signature };
+  }
+  for (const log2 of tx.meta.logMessages) {
+    if (!log2.includes(SIP_MEMO_PREFIX)) continue;
+    const memoMatch = log2.match(/Program log: (.+)/);
+    if (!memoMatch) continue;
+    const memoContent = memoMatch[1];
+    const announcement = parseAnnouncement(memoContent);
+    if (!announcement) continue;
+    const ephemeralPubKeyHex = solanaAddressToEd25519PublicKey(
+      announcement.ephemeralPublicKey
+    );
+    const viewTagNumber = parseInt(announcement.viewTag, 16);
+    if (!Number.isFinite(viewTagNumber) || viewTagNumber < 0 || viewTagNumber > 255) {
+      continue;
+    }
+    const stealthAddressToCheck = {
+      address: announcement.stealthAddress ? solanaAddressToEd25519PublicKey(announcement.stealthAddress) : "0x" + "00".repeat(32),
+      ephemeralPublicKey: ephemeralPubKeyHex,
+      viewTag: viewTagNumber
+    };
+    let isOurs = false;
+    try {
+      isOurs = checkEd25519StealthAddress(
+        stealthAddressToCheck,
+        viewingPrivateKey,
+        spendingPublicKey
+      );
+    } catch {
+      continue;
+    }
+    if (isOurs) {
+      const transferInfo = parseTokenTransferFromWebhook(tx);
+      const payment = {
+        stealthAddress: announcement.stealthAddress || "",
+        ephemeralPublicKey: announcement.ephemeralPublicKey,
+        amount: transferInfo?.amount ?? 0n,
+        mint: transferInfo?.mint ?? "",
+        tokenSymbol: transferInfo?.mint ? getTokenSymbol2(transferInfo.mint) : void 0,
+        txSignature: signature,
+        slot: tx.slot,
+        timestamp: tx.blockTime
+      };
+      try {
+        await onPaymentFound(payment);
+      } catch {
+      }
+      return { found: true, payment, signature };
+    }
+  }
+  return { found: false, signature };
+}
+function parseTokenTransferFromWebhook(tx) {
+  const { preTokenBalances, postTokenBalances } = tx.meta;
+  if (!postTokenBalances || !preTokenBalances) {
+    return null;
+  }
+  for (const post of postTokenBalances) {
+    const pre = preTokenBalances.find(
+      (p) => p.accountIndex === post.accountIndex
+    );
+    const postAmount = BigInt(post.uiTokenAmount.amount);
+    const preAmount = pre ? BigInt(pre.uiTokenAmount.amount) : 0n;
+    if (postAmount > preAmount) {
+      return {
+        mint: post.mint,
+        amount: postAmount - preAmount
+      };
+    }
+  }
+  return null;
+}
+function getTokenSymbol2(mint) {
+  for (const [symbol, address] of Object.entries(SOLANA_TOKEN_MINTS)) {
+    if (address === mint) {
+      return symbol;
+    }
+  }
+  return void 0;
+}
+function isRawTransaction(tx) {
+  return typeof tx === "object" && tx !== null && "meta" in tx && "transaction" in tx && Array.isArray(tx.transaction?.signatures);
+}
+function getSignature(tx) {
+  if ("signature" in tx && typeof tx.signature === "string") {
+    return tx.signature;
+  }
+  if (isRawTransaction(tx)) {
+    return tx.transaction?.signatures?.[0] ?? "unknown";
+  }
+  return "unknown";
+}
+async function processWebhookTransaction(transaction, viewingPrivateKey, spendingPublicKey) {
+  const result = await processRawTransaction(
+    transaction,
+    viewingPrivateKey,
+    spendingPublicKey,
+    () => {
+    }
+    // No-op callback
+  );
+  return result.found ? result.payment ?? null : null;
+}
+var init_webhook = __esm({
+  "src/chains/solana/providers/webhook.ts"() {
+    "use strict";
+    init_stealth();
+    init_types();
+    init_constants();
+    init_errors();
+  }
+});
+
+// src/chains/solana/providers/index.ts
+var init_providers = __esm({
+  "src/chains/solana/providers/index.ts"() {
+    "use strict";
+    init_interface();
+    init_helius();
+    init_generic();
+    init_webhook();
   }
 });
 
@@ -1764,6 +2225,8 @@ var solana_exports = {};
 __export(solana_exports, {
   ATA_RENT_LAMPORTS: () => ATA_RENT_LAMPORTS,
   ESTIMATED_TX_FEE_LAMPORTS: () => ESTIMATED_TX_FEE_LAMPORTS,
+  GenericProvider: () => GenericProvider,
+  HeliusProvider: () => HeliusProvider,
   MEMO_PROGRAM_ID: () => MEMO_PROGRAM_ID,
   SIP_MEMO_PREFIX: () => SIP_MEMO_PREFIX,
   SOLANA_EXPLORER_URLS: () => SOLANA_EXPLORER_URLS,
@@ -1772,6 +2235,8 @@ __export(solana_exports, {
   SOLANA_TOKEN_MINTS: () => SOLANA_TOKEN_MINTS,
   claimStealthPayment: () => claimStealthPayment,
   createAnnouncementMemo: () => createAnnouncementMemo,
+  createProvider: () => createProvider,
+  createWebhookHandler: () => createWebhookHandler,
   estimatePrivateTransferFee: () => estimatePrivateTransferFee,
   getExplorerUrl: () => getExplorerUrl,
   getStealthBalance: () => getStealthBalance,
@@ -1779,6 +2244,7 @@ __export(solana_exports, {
   getTokenMint: () => getTokenMint,
   hasTokenAccount: () => hasTokenAccount,
   parseAnnouncement: () => parseAnnouncement,
+  processWebhookTransaction: () => processWebhookTransaction,
   scanForPayments: () => scanForPayments,
   sendPrivateSPLTransfer: () => sendPrivateSPLTransfer
 });
@@ -1789,6 +2255,8 @@ var init_solana = __esm({
     init_types();
     init_transfer();
     init_scan();
+    init_providers();
+    init_providers();
   }
 });
 
@@ -4947,6 +5415,8 @@ var browser_exports = {};
 __export(browser_exports, {
   ATTESTATION_VERSION: () => ATTESTATION_VERSION,
   AptosStealthService: () => AptosStealthService,
+  AttestationGatedDisclosure: () => AttestationGatedDisclosure,
+  AttestationSchema: () => AttestationSchema,
   AuditorKeyDerivation: () => AuditorKeyDerivation,
   AuditorType: () => AuditorType,
   BaseWalletAdapter: () => BaseWalletAdapter,
@@ -4965,11 +5435,14 @@ __export(browser_exports, {
   ErrorCode: () => ErrorCode,
   EthereumChainId: () => EthereumChainId,
   EthereumWalletAdapter: () => EthereumWalletAdapter,
+  GenericProvider: () => GenericProvider,
   HardwareErrorCode: () => HardwareErrorCode,
   HardwareWalletError: () => HardwareWalletError,
+  HeliusProvider: () => HeliusProvider,
   IntentBuilder: () => IntentBuilder,
   IntentError: () => IntentError,
-  IntentStatus: () => import_types58.IntentStatus,
+  IntentStatus: () => import_types59.IntentStatus,
+  KNOWN_EXCHANGES: () => KNOWN_EXCHANGES,
   LedgerWalletAdapter: () => LedgerWalletAdapter,
   MEMO_PROGRAM_ID: () => MEMO_PROGRAM_ID,
   MockEthereumAdapter: () => MockEthereumAdapter,
@@ -4979,31 +5452,34 @@ __export(browser_exports, {
   MockSolver: () => MockSolver,
   MockTrezorAdapter: () => MockTrezorAdapter,
   MockWalletAdapter: () => MockWalletAdapter,
-  NATIVE_TOKENS: () => import_types58.NATIVE_TOKENS,
+  NATIVE_TOKENS: () => import_types59.NATIVE_TOKENS,
   NEARIntentsAdapter: () => NEARIntentsAdapter,
   NEARIntentsBackend: () => NEARIntentsBackend,
   NetworkError: () => NetworkError,
   ORACLE_DOMAIN: () => ORACLE_DOMAIN,
   OneClickClient: () => OneClickClient,
-  OneClickDepositMode: () => import_types62.OneClickDepositMode,
-  OneClickErrorCode: () => import_types62.OneClickErrorCode,
-  OneClickSwapStatus: () => import_types62.OneClickSwapStatus,
-  OneClickSwapType: () => import_types62.OneClickSwapType,
+  OneClickDepositMode: () => import_types63.OneClickDepositMode,
+  OneClickErrorCode: () => import_types63.OneClickErrorCode,
+  OneClickSwapStatus: () => import_types63.OneClickSwapStatus,
+  OneClickSwapType: () => import_types63.OneClickSwapType,
   PaymentBuilder: () => PaymentBuilder,
-  PaymentStatus: () => import_types59.PaymentStatus,
-  PrivacyLevel: () => import_types58.PrivacyLevel,
+  PaymentStatus: () => import_types60.PaymentStatus,
+  PrivacyBackendRegistry: () => PrivacyBackendRegistry,
+  PrivacyLevel: () => import_types59.PrivacyLevel,
+  PrivacySmartRouter: () => SmartRouter2,
   PrivateNFT: () => PrivateNFT,
   PrivateVoting: () => PrivateVoting,
   ProofError: () => ProofError,
   ProofGenerationError: () => ProofGenerationError,
   ProofNotImplementedError: () => ProofNotImplementedError,
   ProofWorker: () => ProofWorker,
-  ProposalStatus: () => import_types60.ProposalStatus,
-  ReportStatus: () => import_types61.ReportStatus,
+  ProposalStatus: () => import_types61.ProposalStatus,
+  ReportStatus: () => import_types62.ReportStatus,
   SIP: () => SIP,
   SIPError: () => SIPError,
+  SIPNativeBackend: () => SIPNativeBackend,
   SIP_MEMO_PREFIX: () => SIP_MEMO_PREFIX,
-  SIP_VERSION: () => import_types58.SIP_VERSION,
+  SIP_VERSION: () => import_types59.SIP_VERSION,
   SOLANA_EXPLORER_URLS: () => SOLANA_EXPLORER_URLS,
   SOLANA_RPC_ENDPOINTS: () => SOLANA_RPC_ENDPOINTS,
   SOLANA_TOKEN_DECIMALS: () => SOLANA_TOKEN_DECIMALS,
@@ -5018,14 +5494,15 @@ __export(browser_exports, {
   SolanaSameChainExecutor: () => SolanaSameChainExecutor,
   SolanaWalletAdapter: () => SolanaWalletAdapter,
   SuiStealthService: () => SuiStealthService,
+  SurveillanceAnalyzer: () => SurveillanceAnalyzer,
   SwapStatus: () => SwapStatus,
   ThresholdViewingKey: () => ThresholdViewingKey,
   Treasury: () => Treasury,
   TrezorWalletAdapter: () => TrezorWalletAdapter,
   ValidationError: () => ValidationError,
   WalletError: () => WalletError,
-  WalletErrorCode: () => import_types57.WalletErrorCode,
-  ZcashErrorCode: () => import_types63.ZcashErrorCode,
+  WalletErrorCode: () => import_types58.WalletErrorCode,
+  ZcashErrorCode: () => import_types64.ZcashErrorCode,
   ZcashNativeBackend: () => ZcashNativeBackend,
   ZcashRPCClient: () => ZcashRPCClient,
   ZcashRPCError: () => ZcashRPCError,
@@ -5034,11 +5511,15 @@ __export(browser_exports, {
   addBlindings: () => addBlindings,
   addCommitments: () => addCommitments,
   addOracle: () => addOracle,
+  analyzeAddressReuse: () => analyzeAddressReuse,
+  analyzeTemporalPatterns: () => analyzeTemporalPatterns,
   aptosAddressToAuthKey: () => aptosAddressToAuthKey,
   attachProofs: () => attachProofs,
   base58ToHex: () => base58ToHex,
-  browserBytesToHex: () => bytesToHex12,
+  browserBytesToHex: () => bytesToHex11,
   browserHexToBytes: () => hexToBytes10,
+  calculatePrivacyScore: () => calculatePrivacyScore,
+  calculateSIPComparison: () => calculateSIPComparison,
   checkAptosStealthAddress: () => checkAptosStealthAddress,
   checkEd25519StealthAddress: () => checkEd25519StealthAddress,
   checkMobileWASMCompatibility: () => checkMobileWASMCompatibility,
@@ -5054,6 +5535,7 @@ __export(browser_exports, {
   createEthereumAdapter: () => createEthereumAdapter,
   createKeySpendOnlyOutput: () => createKeySpendOnlyOutput,
   createLedgerAdapter: () => createLedgerAdapter,
+  createMockAttestation: () => createMockAttestation,
   createMockEthereumAdapter: () => createMockEthereumAdapter,
   createMockEthereumProvider: () => createMockEthereumProvider,
   createMockLedgerAdapter: () => createMockLedgerAdapter,
@@ -5068,6 +5550,7 @@ __export(browser_exports, {
   createPrivateOwnership: () => createPrivateOwnership,
   createPrivateVoting: () => createPrivateVoting,
   createProductionSIP: () => createProductionSIP,
+  createProvider: () => createProvider,
   createSIP: () => createSIP,
   createSameChainExecutor: () => createSameChainExecutor,
   createSealedBidAuction: () => createSealedBidAuction,
@@ -5075,9 +5558,11 @@ __export(browser_exports, {
   createShieldedPayment: () => createShieldedPayment,
   createSmartRouter: () => createSmartRouter,
   createSolanaAdapter: () => createSolanaAdapter,
+  createSurveillanceAnalyzer: () => createSurveillanceAnalyzer,
   createTaprootOutput: () => createTaprootOutput,
   createTrezorAdapter: () => createTrezorAdapter,
   createWalletFactory: () => createWalletFactory,
+  createWebhookHandler: () => createWebhookHandler,
   createWorkerBlobURL: () => createWorkerBlobURL,
   createZcashClient: () => createZcashClient,
   createZcashNativeBackend: () => createZcashNativeBackend,
@@ -5087,6 +5572,7 @@ __export(browser_exports, {
   decodeTaprootAddress: () => decodeTaprootAddress,
   decryptMemo: () => decryptMemo,
   decryptWithViewing: () => decryptWithViewing,
+  defaultRegistry: () => defaultRegistry,
   deriveAptosStealthPrivateKey: () => deriveAptosStealthPrivateKey,
   deriveEd25519StealthPrivateKey: () => deriveEd25519StealthPrivateKey,
   deriveOracleId: () => deriveOracleId,
@@ -5096,7 +5582,9 @@ __export(browser_exports, {
   deserializeAttestationMessage: () => deserializeAttestationMessage,
   deserializeIntent: () => deserializeIntent,
   deserializePayment: () => deserializePayment,
+  detectClusters: () => detectClusters,
   detectEthereumWallets: () => detectEthereumWallets,
+  detectExchangeExposure: () => detectExchangeExposure,
   detectMobileBrowser: () => detectMobileBrowser,
   detectMobilePlatform: () => detectMobilePlatform,
   detectSolanaWallets: () => detectSolanaWallets,
@@ -5108,6 +5596,7 @@ __export(browser_exports, {
   encryptForViewing: () => encryptForViewing,
   estimatePrivateTransferFee: () => estimatePrivateTransferFee,
   featureNotSupportedError: () => featureNotSupportedError,
+  fetchAttestation: () => fetchAttestation,
   formatStablecoinAmount: () => formatStablecoinAmount,
   fromHex: () => fromHex,
   fromStablecoinUnits: () => fromStablecoinUnits,
@@ -5166,7 +5655,7 @@ __export(browser_exports, {
   isExpired: () => isExpired,
   isNonNegativeAmount: () => isNonNegativeAmount,
   isPaymentExpired: () => isPaymentExpired,
-  isPrivate: () => import_types58.isPrivate,
+  isPrivate: () => import_types59.isPrivate,
   isPrivateWalletAdapter: () => isPrivateWalletAdapter,
   isSIPError: () => isSIPError,
   isSameChainSupported: () => isSameChainSupported,
@@ -5196,6 +5685,7 @@ __export(browser_exports, {
   normalizeSuiAddress: () => normalizeSuiAddress,
   notConnectedError: () => notConnectedError,
   parseAnnouncement: () => parseAnnouncement,
+  processWebhookTransaction: () => processWebhookTransaction,
   proveOwnership: () => proveOwnership,
   publicKeyToEthAddress: () => publicKeyToEthAddress,
   registerWallet: () => registerWallet,
@@ -5219,7 +5709,7 @@ __export(browser_exports, {
   subtractCommitments: () => subtractCommitments,
   supportsSharedArrayBuffer: () => supportsSharedArrayBuffer,
   supportsTouch: () => supportsTouch,
-  supportsViewingKey: () => import_types58.supportsViewingKey,
+  supportsViewingKey: () => import_types59.supportsViewingKey,
   supportsWASMBulkMemory: () => supportsWASMBulkMemory,
   supportsWASMSimd: () => supportsWASMSimd,
   supportsWebBluetooth: () => supportsWebBluetooth,
@@ -5239,6 +5729,7 @@ __export(browser_exports, {
   validateScalar: () => validateScalar,
   validateViewingKey: () => validateViewingKey,
   verifyAttestation: () => verifyAttestation,
+  verifyAttestationSignature: () => verifyAttestationSignature,
   verifyCommitment: () => verifyCommitment,
   verifyOpening: () => verifyOpening,
   verifyOracleSignature: () => verifyOracleSignature,
@@ -5254,7 +5745,7 @@ module.exports = __toCommonJS(browser_exports);
 init_errors();
 
 // src/sip.ts
-var import_types7 = require("@sip-protocol/types");
+var import_types8 = require("@sip-protocol/types");
 
 // src/intent.ts
 var import_types = require("@sip-protocol/types");
@@ -7173,7 +7664,7 @@ var SIP = class {
     this.config = {
       ...config,
       mode: config.mode ?? "demo",
-      defaultPrivacy: config.defaultPrivacy ?? import_types7.PrivacyLevel.SHIELDED
+      defaultPrivacy: config.defaultPrivacy ?? import_types8.PrivacyLevel.SHIELDED
     };
     this.proofProvider = config.proofProvider;
     if (config.intentsAdapter) {
@@ -7378,8 +7869,8 @@ var SIP = class {
         "intentsAdapter"
       );
     }
-    const metaAddr = recipientMetaAddress ?? (params.privacy !== import_types7.PrivacyLevel.TRANSPARENT ? this.stealthKeys?.metaAddress : void 0);
-    if (params.privacy !== import_types7.PrivacyLevel.TRANSPARENT && !metaAddr) {
+    const metaAddr = recipientMetaAddress ?? (params.privacy !== import_types8.PrivacyLevel.TRANSPARENT ? this.stealthKeys?.metaAddress : void 0);
+    if (params.privacy !== import_types8.PrivacyLevel.TRANSPARENT && !metaAddr) {
       throw new ValidationError(
         "Stealth meta-address required for privacy modes. Call generateStealthKeys() or provide recipientMetaAddress.",
         "recipientMetaAddress"
@@ -7470,10 +7961,10 @@ var SIP = class {
       }
     );
     this.pendingSwaps.delete(quote.intentId);
-    const isSuccess = finalStatus.status === import_types7.OneClickSwapStatus.SUCCESS;
+    const isSuccess = finalStatus.status === import_types8.OneClickSwapStatus.SUCCESS;
     return {
       intentId: intent.intentId,
-      status: isSuccess ? import_types7.IntentStatus.FULFILLED : import_types7.IntentStatus.FAILED,
+      status: isSuccess ? import_types8.IntentStatus.FULFILLED : import_types8.IntentStatus.FAILED,
       outputAmount: quote.outputAmount,
       txHash: finalStatus.settlementTxHash ?? depositTxHash,
       fulfilledAt: Math.floor(Date.now() / 1e3),
@@ -7540,9 +8031,9 @@ var SIP = class {
     await new Promise((resolve) => setTimeout(resolve, 2e3));
     return {
       intentId: intent.intentId,
-      status: import_types7.IntentStatus.FULFILLED,
+      status: import_types8.IntentStatus.FULFILLED,
       outputAmount: quote.outputAmount,
-      txHash: intent.privacyLevel === import_types7.PrivacyLevel.TRANSPARENT ? `0x${Date.now().toString(16)}` : void 0,
+      txHash: intent.privacyLevel === import_types8.PrivacyLevel.TRANSPARENT ? `0x${Date.now().toString(16)}` : void 0,
       fulfilledAt: Math.floor(Date.now() / 1e3)
     };
   }
@@ -7584,7 +8075,7 @@ var SIP = class {
     }
     const { sendPrivateSPLTransfer: sendPrivateSPLTransfer2 } = await Promise.resolve().then(() => (init_solana(), solana_exports));
     const { PublicKey: SolanaPublicKey } = await import("@solana/web3.js");
-    const { getAssociatedTokenAddress: getAssociatedTokenAddress3 } = await import("@solana/spl-token");
+    const { getAssociatedTokenAddress: getAssociatedTokenAddress4 } = await import("@solana/spl-token");
     const { SOLANA_TOKEN_MINTS: SOLANA_TOKEN_MINTS2 } = await Promise.resolve().then(() => (init_constants(), constants_exports));
     let mint;
     if (params.token in SOLANA_TOKEN_MINTS2) {
@@ -7592,7 +8083,7 @@ var SIP = class {
     } else {
       mint = new SolanaPublicKey(params.token);
     }
-    const senderTokenAccount = await getAssociatedTokenAddress3(
+    const senderTokenAccount = await getAssociatedTokenAddress4(
       mint,
       params.sender
     );
@@ -8423,7 +8914,7 @@ function hexToBytes10(hex) {
   }
   return bytes;
 }
-function bytesToHex12(bytes) {
+function bytesToHex11(bytes) {
   return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
 }
 function isBrowser() {
@@ -8486,7 +8977,7 @@ var CHAIN_NUMERIC_IDS = {
 };
 
 // src/oracle/verification.ts
-var import_ed255192 = require("@noble/curves/ed25519");
+var import_ed255193 = require("@noble/curves/ed25519");
 var import_sha25610 = require("@noble/hashes/sha256");
 var import_utils14 = require("@noble/hashes/utils");
 
@@ -8652,7 +9143,7 @@ function verifyAttestation(attestation, registry) {
       const signatureBytes = (0, import_utils14.hexToBytes)(
         sig.signature.startsWith("0x") ? sig.signature.slice(2) : sig.signature
       );
-      const isValid = import_ed255192.ed25519.verify(signatureBytes, messageHash, publicKeyBytes);
+      const isValid = import_ed255193.ed25519.verify(signatureBytes, messageHash, publicKeyBytes);
       if (isValid) {
         validCount++;
         validOracles.push(sig.oracleId);
@@ -8680,14 +9171,14 @@ function verifyOracleSignature(signature, messageHash, oracle) {
     const signatureBytes = (0, import_utils14.hexToBytes)(
       signature.signature.startsWith("0x") ? signature.signature.slice(2) : signature.signature
     );
-    return import_ed255192.ed25519.verify(signatureBytes, messageHash, publicKeyBytes);
+    return import_ed255193.ed25519.verify(signatureBytes, messageHash, publicKeyBytes);
   } catch {
     return false;
   }
 }
 function signAttestationMessage(messageHash, privateKey) {
-  const signature = import_ed255192.ed25519.sign(messageHash, privateKey);
-  const publicKey = import_ed255192.ed25519.getPublicKey(privateKey);
+  const signature = import_ed255193.ed25519.sign(messageHash, privateKey);
+  const publicKey = import_ed255193.ed25519.getPublicKey(privateKey);
   const oracleId = deriveOracleId(publicKey);
   return {
     oracleId,
@@ -8743,13 +9234,13 @@ function hasEnoughOracles(registry) {
 }
 
 // src/index.ts
-var import_types58 = require("@sip-protocol/types");
 var import_types59 = require("@sip-protocol/types");
 var import_types60 = require("@sip-protocol/types");
 var import_types61 = require("@sip-protocol/types");
+var import_types62 = require("@sip-protocol/types");
 
 // src/solver/mock-solver.ts
-var import_types10 = require("@sip-protocol/types");
+var import_types11 = require("@sip-protocol/types");
 var import_utils15 = require("@noble/hashes/utils");
 var MockSolver = class {
   info;
@@ -8875,7 +9366,7 @@ var MockSolver = class {
       status.error = "Simulated failure for testing";
       return {
         intentId: intent.intentId,
-        status: import_types10.IntentStatus.FAILED,
+        status: import_types11.IntentStatus.FAILED,
         fulfilledAt: Math.floor(Date.now() / 1e3),
         error: status.error
       };
@@ -8885,7 +9376,7 @@ var MockSolver = class {
     status.txHash = txHash;
     return {
       intentId: intent.intentId,
-      status: import_types10.IntentStatus.FULFILLED,
+      status: import_types11.IntentStatus.FULFILLED,
       outputAmount: quote.outputAmount,
       txHash: intent.privacyLevel === "transparent" ? txHash : void 0,
       fulfillmentProof: {
@@ -8931,7 +9422,7 @@ function createMockSolver(config) {
 }
 
 // src/index.ts
-var import_types62 = require("@sip-protocol/types");
+var import_types63 = require("@sip-protocol/types");
 
 // src/settlement/interface.ts
 var SwapStatus = /* @__PURE__ */ ((SwapStatus2) => {
@@ -9338,21 +9829,21 @@ function createSmartRouter(registry) {
 }
 
 // src/settlement/backends/near-intents.ts
-var import_types11 = require("@sip-protocol/types");
+var import_types12 = require("@sip-protocol/types");
 init_errors();
 function mapOneClickStatus(status) {
   switch (status) {
-    case import_types11.OneClickSwapStatus.PENDING_DEPOSIT:
+    case import_types12.OneClickSwapStatus.PENDING_DEPOSIT:
       return "pending_deposit" /* PENDING_DEPOSIT */;
-    case import_types11.OneClickSwapStatus.PROCESSING:
+    case import_types12.OneClickSwapStatus.PROCESSING:
       return "in_progress" /* IN_PROGRESS */;
-    case import_types11.OneClickSwapStatus.SUCCESS:
+    case import_types12.OneClickSwapStatus.SUCCESS:
       return "success" /* SUCCESS */;
-    case import_types11.OneClickSwapStatus.FAILED:
+    case import_types12.OneClickSwapStatus.FAILED:
       return "failed" /* FAILED */;
-    case import_types11.OneClickSwapStatus.INCOMPLETE_DEPOSIT:
+    case import_types12.OneClickSwapStatus.INCOMPLETE_DEPOSIT:
       return "failed" /* FAILED */;
-    case import_types11.OneClickSwapStatus.REFUNDED:
+    case import_types12.OneClickSwapStatus.REFUNDED:
       return "refunded" /* REFUNDED */;
     default:
       return "pending_deposit" /* PENDING_DEPOSIT */;
@@ -9390,9 +9881,9 @@ var NEARIntentsBackend = class {
         "zcash"
       ],
       supportedPrivacyLevels: [
-        import_types11.PrivacyLevel.TRANSPARENT,
-        import_types11.PrivacyLevel.SHIELDED,
-        import_types11.PrivacyLevel.COMPLIANT
+        import_types12.PrivacyLevel.TRANSPARENT,
+        import_types12.PrivacyLevel.SHIELDED,
+        import_types12.PrivacyLevel.COMPLIANT
       ],
       supportsCancellation: false,
       supportsRefunds: true,
@@ -9649,13 +10140,13 @@ var NEARIntentsBackend = class {
     if (!params.privacyLevel) {
       throw new ValidationError("privacyLevel is required", "privacyLevel");
     }
-    if (params.privacyLevel !== import_types11.PrivacyLevel.TRANSPARENT && !params.recipientMetaAddress) {
+    if (params.privacyLevel !== import_types12.PrivacyLevel.TRANSPARENT && !params.recipientMetaAddress) {
       throw new ValidationError(
         "recipientMetaAddress is required for shielded/compliant privacy modes",
         "recipientMetaAddress"
       );
     }
-    if (params.privacyLevel === import_types11.PrivacyLevel.TRANSPARENT && !params.senderAddress) {
+    if (params.privacyLevel === import_types12.PrivacyLevel.TRANSPARENT && !params.senderAddress) {
       throw new ValidationError(
         "senderAddress is required for transparent mode",
         "senderAddress"
@@ -9694,7 +10185,7 @@ function createNEARIntentsBackend(config) {
 }
 
 // src/settlement/backends/zcash-native.ts
-var import_types12 = require("@sip-protocol/types");
+var import_types13 = require("@sip-protocol/types");
 init_errors();
 var ZcashNativeBackend = class {
   name = "zcash-native";
@@ -9713,9 +10204,9 @@ var ZcashNativeBackend = class {
       supportedSourceChains: ["zcash"],
       supportedDestinationChains: ["zcash"],
       supportedPrivacyLevels: [
-        import_types12.PrivacyLevel.TRANSPARENT,
-        import_types12.PrivacyLevel.SHIELDED,
-        import_types12.PrivacyLevel.COMPLIANT
+        import_types13.PrivacyLevel.TRANSPARENT,
+        import_types13.PrivacyLevel.SHIELDED,
+        import_types13.PrivacyLevel.COMPLIANT
       ],
       supportsCancellation: false,
       supportsRefunds: false,
@@ -9754,7 +10245,7 @@ var ZcashNativeBackend = class {
     const minAmountOut = amountOut * BigInt(99) / BigInt(100);
     let depositAddress;
     let recipientAddress;
-    if (privacyLevel === import_types12.PrivacyLevel.SHIELDED || privacyLevel === import_types12.PrivacyLevel.COMPLIANT) {
+    if (privacyLevel === import_types13.PrivacyLevel.SHIELDED || privacyLevel === import_types13.PrivacyLevel.COMPLIANT) {
       if (typeof recipientMetaAddress === "string") {
         recipientAddress = recipientMetaAddress;
       } else if (recipientMetaAddress) {
@@ -10039,7 +10530,7 @@ function createZcashNativeBackend(config) {
 }
 
 // src/settlement/backends/direct-chain.ts
-var import_types13 = require("@sip-protocol/types");
+var import_types14 = require("@sip-protocol/types");
 init_stealth();
 init_errors();
 var import_utils16 = require("@noble/hashes/utils");
@@ -10081,7 +10572,7 @@ var DEFAULT_GAS_FEES = {
 };
 
 // src/zcash/rpc-client.ts
-var import_types14 = require("@sip-protocol/types");
+var import_types15 = require("@sip-protocol/types");
 init_errors();
 var DEFAULT_CONFIG = {
   host: "127.0.0.1",
@@ -10102,19 +10593,19 @@ var ZcashRPCError = class extends Error {
    * Check if error is due to insufficient funds
    */
   isInsufficientFunds() {
-    return this.code === import_types14.ZcashErrorCode.WALLET_INSUFFICIENT_FUNDS;
+    return this.code === import_types15.ZcashErrorCode.WALLET_INSUFFICIENT_FUNDS;
   }
   /**
    * Check if error is due to invalid address
    */
   isInvalidAddress() {
-    return this.code === import_types14.ZcashErrorCode.INVALID_ADDRESS_OR_KEY;
+    return this.code === import_types15.ZcashErrorCode.INVALID_ADDRESS_OR_KEY;
   }
   /**
    * Check if error is due to wallet being locked
    */
   isWalletLocked() {
-    return this.code === import_types14.ZcashErrorCode.WALLET_UNLOCK_NEEDED;
+    return this.code === import_types15.ZcashErrorCode.WALLET_UNLOCK_NEEDED;
   }
 };
 var ZcashRPCClient = class {
@@ -10501,7 +10992,7 @@ function createZcashClient(config) {
 }
 
 // src/zcash/shielded-service.ts
-var import_types15 = require("@sip-protocol/types");
+var import_types16 = require("@sip-protocol/types");
 init_errors();
 var ZcashShieldedService = class _ZcashShieldedService {
   client;
@@ -10688,7 +11179,7 @@ var ZcashShieldedService = class _ZcashShieldedService {
    * Higher-level method that handles privacy level mapping.
    */
   async sendWithPrivacy(to, amount, privacyLevel, memo) {
-    if (privacyLevel === import_types15.PrivacyLevel.TRANSPARENT) {
+    if (privacyLevel === import_types16.PrivacyLevel.TRANSPARENT) {
       throw new ValidationError(
         "Transparent mode not supported for Zcash shielded service. Use standard RPC client.",
         "privacyLevel",
@@ -10782,7 +11273,7 @@ var ZcashShieldedService = class _ZcashShieldedService {
     const viewingKey = await this.exportViewingKey();
     return {
       viewingKey,
-      privacyLevel: import_types15.PrivacyLevel.COMPLIANT,
+      privacyLevel: import_types16.PrivacyLevel.COMPLIANT,
       disclaimer: "This viewing key provides read-only access to transaction history. It cannot be used to spend funds. Share only with authorized auditors."
     };
   }
@@ -10868,11 +11359,11 @@ var ZcashShieldedService = class _ZcashShieldedService {
    */
   mapPrivacyLevelToPolicy(level) {
     switch (level) {
-      case import_types15.PrivacyLevel.TRANSPARENT:
+      case import_types16.PrivacyLevel.TRANSPARENT:
         return "NoPrivacy";
-      case import_types15.PrivacyLevel.SHIELDED:
+      case import_types16.PrivacyLevel.SHIELDED:
         return "FullPrivacy";
-      case import_types15.PrivacyLevel.COMPLIANT:
+      case import_types16.PrivacyLevel.COMPLIANT:
         return "FullPrivacy";
       default:
         return "FullPrivacy";
@@ -10925,7 +11416,7 @@ function createZcashShieldedService(config) {
 }
 
 // src/zcash/swap-service.ts
-var import_types16 = require("@sip-protocol/types");
+var import_types17 = require("@sip-protocol/types");
 init_errors();
 var MOCK_PRICES = {
   ETH: 2500,
@@ -11039,7 +11530,7 @@ var ZcashSwapService = class {
       validUntil,
       depositAddress: this.generateMockDepositAddress(sourceChain),
       estimatedTime: this.getEstimatedTime(sourceChain),
-      privacyLevel: import_types16.PrivacyLevel.SHIELDED
+      privacyLevel: import_types17.PrivacyLevel.SHIELDED
     };
     this.quotes.set(quoteId, quote);
     return quote;
@@ -11082,7 +11573,7 @@ var ZcashSwapService = class {
       depositAddress: "",
       // Will be set by bridge
       estimatedTime: this.getEstimatedTime(params.sourceChain),
-      privacyLevel: import_types16.PrivacyLevel.SHIELDED
+      privacyLevel: import_types17.PrivacyLevel.SHIELDED
     };
     this.quotes.set(quote.quoteId, quote);
     return quote;
@@ -11365,10 +11856,10 @@ function createZcashSwapService(config) {
 init_errors();
 
 // src/zcash/index.ts
-var import_types17 = require("@sip-protocol/types");
+var import_types18 = require("@sip-protocol/types");
 
 // src/index.ts
-var import_types63 = require("@sip-protocol/types");
+var import_types64 = require("@sip-protocol/types");
 
 // src/bitcoin/taproot.ts
 var import_secp256k14 = require("@noble/curves/secp256k1");
@@ -11663,7 +12154,7 @@ init_errors();
 init_validation();
 
 // src/payment/payment.ts
-var import_types18 = require("@sip-protocol/types");
+var import_types19 = require("@sip-protocol/types");
 var import_sha25613 = require("@noble/hashes/sha256");
 var import_utils19 = require("@noble/hashes/utils");
 var import_chacha2 = require("@noble/ciphers/chacha.js");
@@ -11854,7 +12345,7 @@ var PaymentBuilder = class {
   _amount;
   _recipientMetaAddress;
   _recipientAddress;
-  _privacy = import_types18.PrivacyLevel.SHIELDED;
+  _privacy = import_types19.PrivacyLevel.SHIELDED;
   _viewingKey;
   _sourceChain;
   _destinationChain;
@@ -12137,7 +12628,7 @@ async function createShieldedPayment(params, options) {
   } else {
     resolvedToken = token;
   }
-  if (privacy !== import_types18.PrivacyLevel.TRANSPARENT && !recipientMetaAddress) {
+  if (privacy !== import_types19.PrivacyLevel.TRANSPARENT && !recipientMetaAddress) {
     throw new ValidationError(
       "recipientMetaAddress is required for shielded/compliant privacy modes",
       "recipientMetaAddress",
@@ -12145,7 +12636,7 @@ async function createShieldedPayment(params, options) {
       "SIP_2008" /* MISSING_REQUIRED */
     );
   }
-  if (privacy === import_types18.PrivacyLevel.TRANSPARENT && !recipientAddress) {
+  if (privacy === import_types19.PrivacyLevel.TRANSPARENT && !recipientAddress) {
     throw new ValidationError(
       "recipientAddress is required for transparent mode",
       "recipientAddress",
@@ -12153,7 +12644,7 @@ async function createShieldedPayment(params, options) {
       "SIP_2008" /* MISSING_REQUIRED */
     );
   }
-  if (privacy === import_types18.PrivacyLevel.COMPLIANT && !viewingKey) {
+  if (privacy === import_types19.PrivacyLevel.COMPLIANT && !viewingKey) {
     throw new ValidationError(
       "viewingKey is required for compliant mode",
       "viewingKey",
@@ -12175,7 +12666,7 @@ async function createShieldedPayment(params, options) {
   const now = Math.floor(Date.now() / 1e3);
   const payment = {
     paymentId,
-    version: import_types18.SIP_VERSION,
+    version: import_types19.SIP_VERSION,
     privacyLevel: privacy,
     createdAt: now,
     expiry: now + ttl,
@@ -12186,7 +12677,7 @@ async function createShieldedPayment(params, options) {
     purpose,
     viewingKeyHash
   };
-  if (privacy !== import_types18.PrivacyLevel.TRANSPARENT && recipientMetaAddress) {
+  if (privacy !== import_types19.PrivacyLevel.TRANSPARENT && recipientMetaAddress) {
     const metaAddress = decodeStealthMetaAddress(recipientMetaAddress);
     const { stealthAddress } = generateStealthAddress(metaAddress);
     payment.recipientStealth = stealthAddress;
@@ -12203,7 +12694,7 @@ async function createShieldedPayment(params, options) {
     payment.recipientAddress = recipientAddress;
     payment.memo = memo;
   }
-  if (privacy !== import_types18.PrivacyLevel.TRANSPARENT && proofProvider?.isReady) {
+  if (privacy !== import_types19.PrivacyLevel.TRANSPARENT && proofProvider?.isReady) {
     const hexToUint8 = (hex) => {
       const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
       return (0, import_utils19.hexToBytes)(cleanHex);
@@ -12269,7 +12760,7 @@ function decryptMemo(encryptedMemo, viewingKey) {
 function trackPayment(payment) {
   return {
     ...payment,
-    status: import_types18.PaymentStatus.DRAFT
+    status: import_types19.PaymentStatus.DRAFT
   };
 }
 function isPaymentExpired(payment) {
@@ -12302,7 +12793,7 @@ function getPaymentSummary(payment) {
 }
 
 // src/treasury/treasury.ts
-var import_types19 = require("@sip-protocol/types");
+var import_types20 = require("@sip-protocol/types");
 var import_secp256k16 = require("@noble/curves/secp256k1");
 var import_sha25614 = require("@noble/hashes/sha256");
 var import_utils20 = require("@noble/hashes/utils");
@@ -12338,7 +12829,7 @@ var Treasury = class _Treasury {
         ...m,
         addedAt: now
       })),
-      defaultPrivacy: params.defaultPrivacy ?? import_types19.PrivacyLevel.SHIELDED,
+      defaultPrivacy: params.defaultPrivacy ?? import_types20.PrivacyLevel.SHIELDED,
       masterViewingKey,
       dailyLimit: params.dailyLimit,
       transactionLimit: params.transactionLimit,
@@ -12417,7 +12908,7 @@ var Treasury = class _Treasury {
       proposalId,
       treasuryId: this.config.treasuryId,
       type: "payment",
-      status: import_types19.ProposalStatus.PENDING,
+      status: import_types20.ProposalStatus.PENDING,
       proposer: "",
       // Should be set by caller
       title: params.title,
@@ -12450,7 +12941,7 @@ var Treasury = class _Treasury {
       proposalId,
       treasuryId: this.config.treasuryId,
       type: "batch_payment",
-      status: import_types19.ProposalStatus.PENDING,
+      status: import_types20.ProposalStatus.PENDING,
       proposer: "",
       title: params.title,
       description: params.description,
@@ -12484,7 +12975,7 @@ var Treasury = class _Treasury {
    * Get pending proposals
    */
   getPendingProposals() {
-    return this.getAllProposals().filter((p) => p.status === import_types19.ProposalStatus.PENDING);
+    return this.getAllProposals().filter((p) => p.status === import_types20.ProposalStatus.PENDING);
   }
   /**
    * Sign a proposal
@@ -12515,7 +13006,7 @@ var Treasury = class _Treasury {
         "SIP_2001" /* INVALID_INPUT */
       );
     }
-    if (proposal.status !== import_types19.ProposalStatus.PENDING) {
+    if (proposal.status !== import_types20.ProposalStatus.PENDING) {
       throw new ValidationError(
         `proposal is not pending: ${proposal.status}`,
         "proposalId",
@@ -12525,7 +13016,7 @@ var Treasury = class _Treasury {
     }
     const now = Math.floor(Date.now() / 1e3);
     if (now > proposal.expiresAt) {
-      proposal.status = import_types19.ProposalStatus.EXPIRED;
+      proposal.status = import_types20.ProposalStatus.EXPIRED;
       throw new ValidationError(
         "proposal has expired",
         "proposalId",
@@ -12557,9 +13048,9 @@ var Treasury = class _Treasury {
     const approvals = proposal.signatures.filter((s) => s.approved).length;
     const rejections = proposal.signatures.filter((s) => !s.approved).length;
     if (approvals >= proposal.requiredSignatures) {
-      proposal.status = import_types19.ProposalStatus.APPROVED;
+      proposal.status = import_types20.ProposalStatus.APPROVED;
     } else if (rejections > this.config.totalSigners - proposal.requiredSignatures) {
-      proposal.status = import_types19.ProposalStatus.REJECTED;
+      proposal.status = import_types20.ProposalStatus.REJECTED;
     }
     return proposal;
   }
@@ -12576,7 +13067,7 @@ var Treasury = class _Treasury {
         "SIP_2001" /* INVALID_INPUT */
       );
     }
-    if (proposal.status !== import_types19.ProposalStatus.APPROVED) {
+    if (proposal.status !== import_types20.ProposalStatus.APPROVED) {
       throw new ValidationError(
         `proposal is not approved: ${proposal.status}`,
         "proposalId",
@@ -12589,8 +13080,8 @@ var Treasury = class _Treasury {
       const payment = await createShieldedPayment({
         token: proposal.payment.token,
         amount: proposal.payment.amount,
-        recipientMetaAddress: proposal.payment.privacy !== import_types19.PrivacyLevel.TRANSPARENT ? proposal.payment.recipient : void 0,
-        recipientAddress: proposal.payment.privacy === import_types19.PrivacyLevel.TRANSPARENT ? proposal.payment.recipient : void 0,
+        recipientMetaAddress: proposal.payment.privacy !== import_types20.PrivacyLevel.TRANSPARENT ? proposal.payment.recipient : void 0,
+        recipientAddress: proposal.payment.privacy === import_types20.PrivacyLevel.TRANSPARENT ? proposal.payment.recipient : void 0,
         privacy: proposal.payment.privacy,
         viewingKey: this.config.masterViewingKey?.key,
         sourceChain: this.config.chain,
@@ -12603,8 +13094,8 @@ var Treasury = class _Treasury {
         const payment = await createShieldedPayment({
           token: proposal.batchPayment.token,
           amount: recipient.amount,
-          recipientMetaAddress: proposal.batchPayment.privacy !== import_types19.PrivacyLevel.TRANSPARENT ? recipient.address : void 0,
-          recipientAddress: proposal.batchPayment.privacy === import_types19.PrivacyLevel.TRANSPARENT ? recipient.address : void 0,
+          recipientMetaAddress: proposal.batchPayment.privacy !== import_types20.PrivacyLevel.TRANSPARENT ? recipient.address : void 0,
+          recipientAddress: proposal.batchPayment.privacy === import_types20.PrivacyLevel.TRANSPARENT ? recipient.address : void 0,
           privacy: proposal.batchPayment.privacy,
           viewingKey: this.config.masterViewingKey?.key,
           sourceChain: this.config.chain,
@@ -12614,7 +13105,7 @@ var Treasury = class _Treasury {
         payments.push(payment);
       }
     }
-    proposal.status = import_types19.ProposalStatus.EXECUTED;
+    proposal.status = import_types20.ProposalStatus.EXECUTED;
     proposal.executedAt = Math.floor(Date.now() / 1e3);
     proposal.resultPayments = payments;
     return payments;
@@ -12643,7 +13134,7 @@ var Treasury = class _Treasury {
         "SIP_2001" /* INVALID_INPUT */
       );
     }
-    if (proposal.status !== import_types19.ProposalStatus.PENDING) {
+    if (proposal.status !== import_types20.ProposalStatus.PENDING) {
       throw new ValidationError(
         `proposal is not pending: ${proposal.status}`,
         "proposalId",
@@ -12651,7 +13142,7 @@ var Treasury = class _Treasury {
         "SIP_2001" /* INVALID_INPUT */
       );
     }
-    proposal.status = import_types19.ProposalStatus.CANCELLED;
+    proposal.status = import_types20.ProposalStatus.CANCELLED;
     return proposal;
   }
   // ─── Auditor Access ──────────────────────────────────────────────────────────
@@ -12748,7 +13239,7 @@ var Treasury = class _Treasury {
   getCommittedAmount(token) {
     let committed = 0n;
     for (const proposal of this.proposals.values()) {
-      if (proposal.status !== import_types19.ProposalStatus.PENDING) continue;
+      if (proposal.status !== import_types20.ProposalStatus.PENDING) continue;
       if (proposal.type === "payment" && proposal.payment) {
         if (proposal.payment.token.symbol === token.symbol && proposal.payment.token.chain === token.chain) {
           committed += proposal.payment.amount;
@@ -12991,7 +13482,7 @@ function validateBatchProposalParams(params, config) {
 }
 
 // src/compliance/compliance-manager.ts
-var import_types20 = require("@sip-protocol/types");
+var import_types21 = require("@sip-protocol/types");
 var import_utils21 = require("@noble/hashes/utils");
 init_errors();
 var DEFAULTS2 = {
@@ -13360,7 +13851,7 @@ var ComplianceManager = class _ComplianceManager {
       title: params.title,
       description: params.description,
       format: params.format,
-      status: import_types20.ReportStatus.GENERATING,
+      status: import_types21.ReportStatus.GENERATING,
       requestedBy,
       requestedAt: now,
       startDate: params.startDate,
@@ -13389,10 +13880,10 @@ var ComplianceManager = class _ComplianceManager {
       } else if (params.format === "csv") {
         report.content = this.generateCSV(transactions);
       }
-      report.status = import_types20.ReportStatus.COMPLETED;
+      report.status = import_types21.ReportStatus.COMPLETED;
       report.generatedAt = Math.floor(Date.now() / 1e3);
     } catch (error) {
-      report.status = import_types20.ReportStatus.FAILED;
+      report.status = import_types21.ReportStatus.FAILED;
       report.error = error instanceof Error ? error.message : "Unknown error";
     }
     this.addAuditLog(requestedBy, "report_generated", {
@@ -15463,54 +15954,359 @@ var AuditorKeyDerivation = class {
   }
 };
 
-// src/auction/sealed-bid.ts
+// src/compliance/range-sas.ts
+var import_sha25620 = require("@noble/hashes/sha256");
+var import_hmac3 = require("@noble/hashes/hmac");
+var import_sha5124 = require("@noble/hashes/sha512");
 var import_utils27 = require("@noble/hashes/utils");
 init_errors();
-var SealedBidAuction = class {
+init_secure_memory();
+var AttestationSchema = /* @__PURE__ */ ((AttestationSchema2) => {
+  AttestationSchema2["RANGE_KYC_V1"] = "range-kyc-v1";
+  AttestationSchema2["RANGE_ACCREDITED_INVESTOR"] = "range-accredited-investor";
+  AttestationSchema2["RANGE_INSTITUTIONAL"] = "range-institutional";
+  AttestationSchema2["RANGE_REGULATOR"] = "range-regulator";
+  AttestationSchema2["CUSTOM"] = "custom";
+  return AttestationSchema2;
+})(AttestationSchema || {});
+var DEFAULT_MAX_CACHE_SIZE = 1e3;
+var AttestationGatedDisclosure = class {
+  config;
+  derivedKeys = /* @__PURE__ */ new Map();
+  cacheOrder = [];
+  // LRU tracking
   /**
-   * Create a sealed bid for an auction
-   *
-   * Generates a cryptographically binding commitment to a bid amount.
-   * The commitment can be published publicly without revealing the bid.
+   * Create a new attestation-gated disclosure manager
    *
-   * **Important:** Keep the returned `BidReceipt` secret! It contains the bid
-   * amount and salt needed to reveal the bid later. Only publish the commitment.
+   * @param config - Configuration options
+   */
+  constructor(config) {
+    if (!config.masterViewingKey) {
+      throw new ValidationError(
+        "masterViewingKey is required",
+        "masterViewingKey",
+        void 0,
+        "SIP_2008" /* MISSING_REQUIRED */
+      );
+    }
+    this.config = {
+      masterViewingKey: config.masterViewingKey,
+      allowedSchemas: config.allowedSchemas ?? [],
+      allowedIssuers: config.allowedIssuers ?? [],
+      verifyOnChain: config.verifyOnChain ?? false,
+      rangeApiEndpoint: config.rangeApiEndpoint ?? "https://api.range.org/v1",
+      minAttestationAge: config.minAttestationAge ?? 0,
+      maxAttestationAge: config.maxAttestationAge ?? 0,
+      // 0 = no limit
+      maxCacheSize: config.maxCacheSize ?? DEFAULT_MAX_CACHE_SIZE,
+      customVerifier: config.customVerifier ?? (async () => true)
+    };
+  }
+  /**
+   * Derive a viewing key for a verified auditor
    *
-   * @param params - Bid creation parameters
-   * @returns Complete bid receipt (keep secret!) and sealed bid (publish this)
-   * @throws {ValidationError} If auctionId is empty, amount is non-positive, or salt is invalid
+   * @param attestation - The auditor's Range SAS attestation
+   * @param scope - Optional scope restrictions for the viewing key
+   * @returns Derivation result with viewing key if granted
    *
    * @example
    * ```typescript
-   * const auction = new SealedBidAuction()
-   *
-   * // Create a bid for 50 ETH
-   * const receipt = auction.createBid({
-   *   auctionId: 'auction-xyz',
-   *   amount: 50n * 10n**18n,
-   * })
-   *
-   * // Public data (safe to publish)
-   * console.log({
-   *   auctionId: receipt.auctionId,
-   *   commitment: receipt.commitment,
-   *   timestamp: receipt.timestamp,
+   * const result = await disclosure.deriveViewingKeyForAuditor(attestation, {
+   *   startTime: Date.now() / 1000 - 30 * 24 * 60 * 60, // Last 30 days
+   *   endTime: Date.now() / 1000,
    * })
    *
-   * // Secret data (store securely, needed for reveal)
-   * secureStorage.save({
-   *   amount: receipt.amount,
-   *   salt: receipt.salt,
-   * })
+   * if (result.granted) {
+   *   // Share result.viewingKey with auditor
+   * }
    * ```
    */
-  createBid(params) {
-    if (typeof params.auctionId !== "string" || params.auctionId.length === 0) {
-      throw new ValidationError(
-        "auctionId must be a non-empty string",
-        "auctionId",
-        { received: params.auctionId }
-      );
+  async deriveViewingKeyForAuditor(attestation, scope) {
+    const verification = await this.verifyAttestation(attestation);
+    if (!verification.valid) {
+      return {
+        granted: false,
+        reason: verification.errors.join("; ")
+      };
+    }
+    const cacheKey = this.getCacheKey(attestation);
+    const cached = this.derivedKeys.get(cacheKey);
+    if (cached) {
+      this.updateCacheOrder(cacheKey);
+      return {
+        granted: true,
+        viewingKey: cached,
+        scope,
+        expiresAt: attestation.expiresAt
+        // 0 = never expires, undefined = not set
+      };
+    }
+    const viewingKey = this.deriveKeyFromAttestation(attestation);
+    this.cacheKey(cacheKey, viewingKey);
+    return {
+      granted: true,
+      viewingKey,
+      scope,
+      expiresAt: attestation.expiresAt
+      // 0 = never expires, undefined = not set
+    };
+  }
+  /**
+   * Verify a Range SAS attestation
+   *
+   * @param attestation - The attestation to verify
+   * @returns Verification result
+   */
+  async verifyAttestation(attestation) {
+    const errors = [];
+    if (!attestation || typeof attestation !== "object") {
+      return {
+        valid: false,
+        errors: ["Attestation must be an object"]
+      };
+    }
+    if (!attestation.uid || typeof attestation.uid !== "string" || attestation.uid.trim() === "") {
+      errors.push("Attestation uid is required and must be a non-empty string");
+    }
+    if (!attestation.subject || typeof attestation.subject !== "string" || attestation.subject.trim() === "") {
+      errors.push("Attestation subject is required and must be a non-empty string");
+    }
+    if (!attestation.schema || typeof attestation.schema !== "string" || attestation.schema.trim() === "") {
+      errors.push("Attestation schema is required and must be a non-empty string");
+    }
+    if (!attestation.issuer || typeof attestation.issuer !== "string" || attestation.issuer.trim() === "") {
+      errors.push("Attestation issuer is required and must be a non-empty string");
+    }
+    if (errors.length > 0) {
+      return { valid: false, errors };
+    }
+    if (attestation.revoked) {
+      errors.push("Attestation has been revoked");
+    }
+    const now = Date.now() / 1e3;
+    if (attestation.expiresAt > 0 && attestation.expiresAt < now) {
+      errors.push("Attestation has expired");
+    }
+    const age = now - attestation.timestamp;
+    if (age < this.config.minAttestationAge) {
+      errors.push(`Attestation too new (age: ${age}s, required: ${this.config.minAttestationAge}s)`);
+    }
+    if (this.config.maxAttestationAge > 0 && age > this.config.maxAttestationAge) {
+      errors.push(`Attestation too old (age: ${Math.floor(age)}s, max: ${this.config.maxAttestationAge}s)`);
+    }
+    if (this.config.allowedSchemas.length > 0) {
+      if (!this.config.allowedSchemas.includes(attestation.schema)) {
+        errors.push(`Schema '${attestation.schema}' not in allowed list`);
+      }
+    }
+    if (this.config.allowedIssuers.length > 0) {
+      if (!this.config.allowedIssuers.includes(attestation.issuer)) {
+        errors.push(`Issuer '${attestation.issuer}' not in allowed list`);
+      }
+    }
+    if (errors.length === 0 && this.config.customVerifier) {
+      try {
+        const customValid = await this.config.customVerifier(attestation);
+        if (!customValid) {
+          errors.push("Custom verification failed");
+        }
+      } catch (e) {
+        errors.push(`Custom verification error: ${e instanceof Error ? e.message : "unknown"}`);
+      }
+    }
+    return {
+      valid: errors.length === 0,
+      errors,
+      metadata: {
+        verificationMethod: this.config.verifyOnChain ? "on-chain" : "api",
+        schemaVersion: attestation.schema
+      }
+    };
+  }
+  /**
+   * Revoke a previously derived viewing key
+   *
+   * @param attestation - The attestation whose key should be revoked
+   * @returns Whether revocation was successful
+   */
+  revokeViewingKey(attestation) {
+    const key = this.getCacheKey(attestation);
+    const deleted = this.derivedKeys.delete(key);
+    if (deleted) {
+      const index = this.cacheOrder.indexOf(key);
+      if (index !== -1) {
+        this.cacheOrder.splice(index, 1);
+      }
+    }
+    return deleted;
+  }
+  /**
+   * Check if a viewing key has been derived for an attestation
+   *
+   * @param attestation - The attestation to check
+   * @returns Whether a key exists
+   */
+  hasViewingKey(attestation) {
+    const key = this.getCacheKey(attestation);
+    return this.derivedKeys.has(key);
+  }
+  /**
+   * Get the current cache size
+   *
+   * @returns Number of cached viewing keys
+   */
+  getCacheSize() {
+    return this.derivedKeys.size;
+  }
+  /**
+   * Clear all cached viewing keys
+   */
+  clearCache() {
+    this.derivedKeys.clear();
+    this.cacheOrder.length = 0;
+  }
+  // ─── Private Methods ────────────────────────────────────────────────────────
+  /**
+   * Add a key to cache with LRU eviction
+   */
+  cacheKey(key, viewingKey) {
+    while (this.derivedKeys.size >= this.config.maxCacheSize && this.cacheOrder.length > 0) {
+      const oldest = this.cacheOrder.shift();
+      if (oldest) {
+        this.derivedKeys.delete(oldest);
+      }
+    }
+    this.derivedKeys.set(key, viewingKey);
+    this.cacheOrder.push(key);
+  }
+  /**
+   * Update LRU order for a cache key (move to end)
+   */
+  updateCacheOrder(key) {
+    const index = this.cacheOrder.indexOf(key);
+    if (index !== -1) {
+      this.cacheOrder.splice(index, 1);
+      this.cacheOrder.push(key);
+    }
+  }
+  /**
+   * Derive a viewing key from an attestation
+   */
+  deriveKeyFromAttestation(attestation) {
+    const masterKeyHex = this.config.masterViewingKey.key.startsWith("0x") ? this.config.masterViewingKey.key.slice(2) : this.config.masterViewingKey.key;
+    const masterKeyBytes = (0, import_utils27.hexToBytes)(masterKeyHex);
+    const derivationData = (0, import_utils27.utf8ToBytes)(
+      `SIP-RANGE-SAS:${attestation.uid}:${attestation.subject}:${attestation.schema}:${attestation.signature}`
+    );
+    const derived = (0, import_hmac3.hmac)(import_sha5124.sha512, masterKeyBytes, derivationData);
+    const keyBytes = derived.slice(0, 32);
+    try {
+      const key = `0x${(0, import_utils27.bytesToHex)(keyBytes)}`;
+      const hashBytes = (0, import_sha25620.sha256)(keyBytes);
+      const hash2 = `0x${(0, import_utils27.bytesToHex)(hashBytes)}`;
+      return {
+        key,
+        path: `${this.config.masterViewingKey.path}/sas/${attestation.uid.slice(0, 8)}`,
+        hash: hash2
+      };
+    } finally {
+      secureWipe(masterKeyBytes);
+      secureWipe(derived);
+      secureWipe(keyBytes);
+    }
+  }
+  /**
+   * Get cache key for an attestation
+   *
+   * Includes schema and issuer to prevent cache poisoning attacks where
+   * an attacker could evict legitimate cache entries with same uid:subject.
+   */
+  getCacheKey(attestation) {
+    return `${attestation.uid}:${attestation.subject}:${attestation.schema}:${attestation.issuer}`;
+  }
+};
+function createMockAttestation(overrides = {}) {
+  const now = Math.floor(Date.now() / 1e3);
+  return {
+    uid: `sas_${Math.random().toString(36).slice(2, 10)}`,
+    schema: "range-kyc-v1" /* RANGE_KYC_V1 */,
+    issuer: "range-protocol",
+    subject: "11111111111111111111111111111112",
+    // System program (placeholder)
+    data: {
+      level: "institutional",
+      jurisdiction: "US",
+      verifiedAt: now
+    },
+    timestamp: now,
+    expiresAt: now + 365 * 24 * 60 * 60,
+    // 1 year
+    signature: "0x" + "00".repeat(64),
+    revoked: false,
+    ...overrides
+  };
+}
+async function verifyAttestationSignature(_attestation) {
+  console.warn(
+    "[Range SAS] verifyAttestationSignature is a STUB - always returns true. Implement real Ed25519 signature verification before production use."
+  );
+  return true;
+}
+async function fetchAttestation(uid, apiEndpoint = "https://api.range.org/v1") {
+  console.warn(
+    `[Range SAS] fetchAttestation is a STUB - returning null for ${uid}. Would fetch from ${apiEndpoint}. Implement Range API integration before production use.`
+  );
+  return null;
+}
+
+// src/auction/sealed-bid.ts
+var import_utils28 = require("@noble/hashes/utils");
+init_errors();
+var SealedBidAuction = class {
+  /**
+   * Create a sealed bid for an auction
+   *
+   * Generates a cryptographically binding commitment to a bid amount.
+   * The commitment can be published publicly without revealing the bid.
+   *
+   * **Important:** Keep the returned `BidReceipt` secret! It contains the bid
+   * amount and salt needed to reveal the bid later. Only publish the commitment.
+   *
+   * @param params - Bid creation parameters
+   * @returns Complete bid receipt (keep secret!) and sealed bid (publish this)
+   * @throws {ValidationError} If auctionId is empty, amount is non-positive, or salt is invalid
+   *
+   * @example
+   * ```typescript
+   * const auction = new SealedBidAuction()
+   *
+   * // Create a bid for 50 ETH
+   * const receipt = auction.createBid({
+   *   auctionId: 'auction-xyz',
+   *   amount: 50n * 10n**18n,
+   * })
+   *
+   * // Public data (safe to publish)
+   * console.log({
+   *   auctionId: receipt.auctionId,
+   *   commitment: receipt.commitment,
+   *   timestamp: receipt.timestamp,
+   * })
+   *
+   * // Secret data (store securely, needed for reveal)
+   * secureStorage.save({
+   *   amount: receipt.amount,
+   *   salt: receipt.salt,
+   * })
+   * ```
+   */
+  createBid(params) {
+    if (typeof params.auctionId !== "string" || params.auctionId.length === 0) {
+      throw new ValidationError(
+        "auctionId must be a non-empty string",
+        "auctionId",
+        { received: params.auctionId }
+      );
     }
     if (typeof params.amount !== "bigint") {
       throw new ValidationError(
@@ -15542,7 +16338,7 @@ var SealedBidAuction = class {
         );
       }
     }
-    const salt = params.salt ?? (0, import_utils27.randomBytes)(32);
+    const salt = params.salt ?? (0, import_utils28.randomBytes)(32);
     const { commitment, blinding } = commit(params.amount, salt);
     const sealedBid = {
       auctionId: params.auctionId,
@@ -15686,7 +16482,7 @@ var SealedBidAuction = class {
    * ```
    */
   revealBid(bid, amount, salt) {
-    const saltHex = `0x${(0, import_utils27.bytesToHex)(salt)}`;
+    const saltHex = `0x${(0, import_utils28.bytesToHex)(salt)}`;
     const isValid = this.verifyBid({
       commitment: bid.commitment,
       amount,
@@ -16171,9 +16967,9 @@ function createSealedBidAuction() {
 }
 
 // src/governance/private-vote.ts
-var import_sha25620 = require("@noble/hashes/sha256");
+var import_sha25621 = require("@noble/hashes/sha256");
 var import_hkdf3 = require("@noble/hashes/hkdf");
-var import_utils28 = require("@noble/hashes/utils");
+var import_utils29 = require("@noble/hashes/utils");
 var import_chacha4 = require("@noble/ciphers/chacha.js");
 init_errors();
 init_secure_memory();
@@ -16213,7 +17009,7 @@ var PrivateVoting = class {
     const { proposalId, choice, weight, encryptionKey, voter = "anonymous" } = params;
     const derivedKey = this.deriveEncryptionKey(encryptionKey, proposalId);
     try {
-      const nonce = (0, import_utils28.randomBytes)(NONCE_SIZE2);
+      const nonce = (0, import_utils29.randomBytes)(NONCE_SIZE2);
       const voteData = {
         proposalId,
         choice,
@@ -16221,14 +17017,14 @@ var PrivateVoting = class {
         voter,
         timestamp: Date.now()
       };
-      const plaintext = (0, import_utils28.utf8ToBytes)(JSON.stringify(voteData));
+      const plaintext = (0, import_utils29.utf8ToBytes)(JSON.stringify(voteData));
       const cipher = (0, import_chacha4.xchacha20poly1305)(derivedKey, nonce);
       const ciphertext = cipher.encrypt(plaintext);
-      const keyHash = (0, import_sha25620.sha256)((0, import_utils28.hexToBytes)(encryptionKey.slice(2)));
+      const keyHash = (0, import_sha25621.sha256)((0, import_utils29.hexToBytes)(encryptionKey.slice(2)));
       return {
-        ciphertext: `0x${(0, import_utils28.bytesToHex)(ciphertext)}`,
-        nonce: `0x${(0, import_utils28.bytesToHex)(nonce)}`,
-        encryptionKeyHash: `0x${(0, import_utils28.bytesToHex)(keyHash)}`,
+        ciphertext: `0x${(0, import_utils29.bytesToHex)(ciphertext)}`,
+        nonce: `0x${(0, import_utils29.bytesToHex)(nonce)}`,
+        encryptionKeyHash: `0x${(0, import_utils29.bytesToHex)(keyHash)}`,
         proposalId,
         voter,
         timestamp: voteData.timestamp
@@ -16274,8 +17070,8 @@ var PrivateVoting = class {
     }
     const derivedKey = this.deriveEncryptionKey(decryptionKey, vote.proposalId);
     try {
-      const keyHash = (0, import_sha25620.sha256)((0, import_utils28.hexToBytes)(decryptionKey.slice(2)));
-      const expectedKeyHash = `0x${(0, import_utils28.bytesToHex)(keyHash)}`;
+      const keyHash = (0, import_sha25621.sha256)((0, import_utils29.hexToBytes)(decryptionKey.slice(2)));
+      const expectedKeyHash = `0x${(0, import_utils29.bytesToHex)(keyHash)}`;
       if (vote.encryptionKeyHash !== expectedKeyHash) {
         throw new CryptoError(
           "Decryption key hash mismatch - this key cannot decrypt this vote",
@@ -16284,9 +17080,9 @@ var PrivateVoting = class {
         );
       }
       const nonceHex = vote.nonce.startsWith("0x") ? vote.nonce.slice(2) : vote.nonce;
-      const nonce = (0, import_utils28.hexToBytes)(nonceHex);
+      const nonce = (0, import_utils29.hexToBytes)(nonceHex);
       const ciphertextHex = vote.ciphertext.startsWith("0x") ? vote.ciphertext.slice(2) : vote.ciphertext;
-      const ciphertext = (0, import_utils28.hexToBytes)(ciphertextHex);
+      const ciphertext = (0, import_utils29.hexToBytes)(ciphertextHex);
       const cipher = (0, import_chacha4.xchacha20poly1305)(derivedKey, nonce);
       let plaintext;
       try {
@@ -16375,11 +17171,11 @@ var PrivateVoting = class {
    */
   deriveEncryptionKey(key, proposalId) {
     const keyHex = key.startsWith("0x") ? key.slice(2) : key;
-    const keyBytes = (0, import_utils28.hexToBytes)(keyHex);
+    const keyBytes = (0, import_utils29.hexToBytes)(keyHex);
     try {
-      const salt = (0, import_utils28.utf8ToBytes)(VOTE_ENCRYPTION_DOMAIN);
-      const info = (0, import_utils28.utf8ToBytes)(proposalId);
-      return (0, import_hkdf3.hkdf)(import_sha25620.sha256, keyBytes, salt, info, 32);
+      const salt = (0, import_utils29.utf8ToBytes)(VOTE_ENCRYPTION_DOMAIN);
+      const info = (0, import_utils29.utf8ToBytes)(proposalId);
+      return (0, import_hkdf3.hkdf)(import_sha25621.sha256, keyBytes, salt, info, 32);
     } finally {
       secureWipe(keyBytes);
     }
@@ -16524,21 +17320,21 @@ var PrivateVoting = class {
     const blindings = {};
     for (const [choice, weights] of Object.entries(votesByChoice)) {
       const totalWeight = weights.reduce((sum, w) => sum + w, 0n);
-      const { commitment, blinding } = commit(totalWeight, (0, import_utils28.hexToBytes)(generateBlinding().slice(2)));
+      const { commitment, blinding } = commit(totalWeight, (0, import_utils29.hexToBytes)(generateBlinding().slice(2)));
       tallies[choice] = commitment;
       blindings[choice] = blinding;
     }
     const encryptedBlindings = {};
     for (const [choice, blinding] of Object.entries(blindings)) {
-      const nonce = (0, import_utils28.randomBytes)(NONCE_SIZE2);
+      const nonce = (0, import_utils29.randomBytes)(NONCE_SIZE2);
       const derivedKey = this.deriveEncryptionKey(decryptionKey, `${proposalId}-tally-${choice}`);
       try {
         const cipher = (0, import_chacha4.xchacha20poly1305)(derivedKey, nonce);
-        const blindingBytes = (0, import_utils28.hexToBytes)(blinding.slice(2));
+        const blindingBytes = (0, import_utils29.hexToBytes)(blinding.slice(2));
         const ciphertext = cipher.encrypt(blindingBytes);
         encryptedBlindings[choice] = {
-          ciphertext: `0x${(0, import_utils28.bytesToHex)(ciphertext)}`,
-          nonce: `0x${(0, import_utils28.bytesToHex)(nonce)}`
+          ciphertext: `0x${(0, import_utils29.bytesToHex)(ciphertext)}`,
+          nonce: `0x${(0, import_utils29.bytesToHex)(nonce)}`
         };
       } finally {
         secureWipe(derivedKey);
@@ -16631,9 +17427,9 @@ var PrivateVoting = class {
     }
     let reconstructedKey = null;
     try {
-      reconstructedKey = (0, import_utils28.hexToBytes)(decryptionShares[0].share.slice(2));
+      reconstructedKey = (0, import_utils29.hexToBytes)(decryptionShares[0].share.slice(2));
       for (let i = 1; i < decryptionShares.length; i++) {
-        const shareBytes = (0, import_utils28.hexToBytes)(decryptionShares[i].share.slice(2));
+        const shareBytes = (0, import_utils29.hexToBytes)(decryptionShares[i].share.slice(2));
         if (shareBytes.length !== reconstructedKey.length) {
           throw new ValidationError(
             "all decryption shares must have the same length",
@@ -16646,7 +17442,7 @@ var PrivateVoting = class {
           reconstructedKey[j] ^= shareBytes[j];
         }
       }
-      const reconstructedKeyHex = `0x${(0, import_utils28.bytesToHex)(reconstructedKey)}`;
+      const reconstructedKeyHex = `0x${(0, import_utils29.bytesToHex)(reconstructedKey)}`;
       const results = {};
       for (const [choice, commitmentPoint] of Object.entries(tally.tallies)) {
         const encBlinding = tally.encryptedBlindings[choice];
@@ -16663,11 +17459,11 @@ var PrivateVoting = class {
         );
         let blindingFactor;
         try {
-          const nonceBytes = (0, import_utils28.hexToBytes)(encBlinding.nonce.slice(2));
-          const ciphertextBytes = (0, import_utils28.hexToBytes)(encBlinding.ciphertext.slice(2));
+          const nonceBytes = (0, import_utils29.hexToBytes)(encBlinding.nonce.slice(2));
+          const ciphertextBytes = (0, import_utils29.hexToBytes)(encBlinding.ciphertext.slice(2));
           const cipher = (0, import_chacha4.xchacha20poly1305)(derivedKey, nonceBytes);
           const blindingBytes = cipher.decrypt(ciphertextBytes);
-          blindingFactor = `0x${(0, import_utils28.bytesToHex)(blindingBytes)}`;
+          blindingFactor = `0x${(0, import_utils29.bytesToHex)(blindingBytes)}`;
         } catch (e) {
           throw new CryptoError(
             "failed to decrypt blinding factor",
@@ -16687,7 +17483,7 @@ var PrivateVoting = class {
           try {
             const { commitment: testCommit } = commit(
               value,
-              (0, import_utils28.hexToBytes)(blindingFactor.slice(2))
+              (0, import_utils29.hexToBytes)(blindingFactor.slice(2))
             );
             if (testCommit === commitmentPoint) {
               results[choice] = value;
@@ -16887,9 +17683,9 @@ function createPrivateVoting() {
 }
 
 // src/nft/private-nft.ts
-var import_sha25621 = require("@noble/hashes/sha256");
+var import_sha25622 = require("@noble/hashes/sha256");
 var import_secp256k18 = require("@noble/curves/secp256k1");
-var import_utils29 = require("@noble/hashes/utils");
+var import_utils30 = require("@noble/hashes/utils");
 init_stealth();
 init_errors();
 init_validation();
@@ -16978,23 +17774,23 @@ var PrivateNFT = class {
     const { ownership, challenge, stealthPrivateKey } = params;
     try {
       const message = this.createProofMessage(ownership, challenge);
-      const messageHash = (0, import_sha25621.sha256)(new TextEncoder().encode(message));
-      const privateKeyBytes = (0, import_utils29.hexToBytes)(stealthPrivateKey.slice(2));
+      const messageHash = (0, import_sha25622.sha256)(new TextEncoder().encode(message));
+      const privateKeyBytes = (0, import_utils30.hexToBytes)(stealthPrivateKey.slice(2));
       const signature = import_secp256k18.secp256k1.sign(messageHash, privateKeyBytes);
       const zkProof = {
         type: "ownership",
-        proof: `0x${(0, import_utils29.bytesToHex)(signature.toCompactRawBytes())}`,
+        proof: `0x${(0, import_utils30.bytesToHex)(signature.toCompactRawBytes())}`,
         publicInputs: [
-          `0x${(0, import_utils29.bytesToHex)(messageHash)}`
+          `0x${(0, import_utils30.bytesToHex)(messageHash)}`
         ]
       };
-      const stealthHashBytes = (0, import_sha25621.sha256)((0, import_utils29.hexToBytes)(ownership.ownerStealth.address.slice(2)));
+      const stealthHashBytes = (0, import_sha25622.sha256)((0, import_utils30.hexToBytes)(ownership.ownerStealth.address.slice(2)));
       return {
         nftContract: ownership.nftContract,
         tokenId: ownership.tokenId,
         challenge,
         proof: zkProof,
-        stealthHash: `0x${(0, import_utils29.bytesToHex)(stealthHashBytes)}`,
+        stealthHash: `0x${(0, import_utils30.bytesToHex)(stealthHashBytes)}`,
         timestamp: Date.now()
       };
     } catch (e) {
@@ -17036,9 +17832,9 @@ var PrivateNFT = class {
   verifyOwnership(proof) {
     try {
       this.validateOwnershipProof(proof);
-      const signatureBytes = (0, import_utils29.hexToBytes)(proof.proof.proof.slice(2));
+      const signatureBytes = (0, import_utils30.hexToBytes)(proof.proof.proof.slice(2));
       const signature = import_secp256k18.secp256k1.Signature.fromCompact(signatureBytes);
-      const messageHash = (0, import_utils29.hexToBytes)(proof.proof.publicInputs[0].slice(2));
+      const messageHash = (0, import_utils30.hexToBytes)(proof.proof.publicInputs[0].slice(2));
       if (signatureBytes.length !== 64) {
         return {
           valid: false,
@@ -17135,12 +17931,12 @@ var PrivateNFT = class {
       chain: nft.chain,
       timestamp: Date.now()
     };
-    const previousOwnerHashBytes = (0, import_sha25621.sha256)((0, import_utils29.hexToBytes)(nft.ownerStealth.address.slice(2)));
+    const previousOwnerHashBytes = (0, import_sha25622.sha256)((0, import_utils30.hexToBytes)(nft.ownerStealth.address.slice(2)));
     const transfer = {
       nftContract: nft.nftContract,
       tokenId: nft.tokenId,
       newOwnerStealth,
-      previousOwnerHash: `0x${(0, import_utils29.bytesToHex)(previousOwnerHashBytes)}`,
+      previousOwnerHash: `0x${(0, import_utils30.bytesToHex)(previousOwnerHashBytes)}`,
       chain: nft.chain,
       timestamp: Date.now()
     };
@@ -17207,8 +18003,8 @@ var PrivateNFT = class {
       );
     }
     const ownedNFTs = [];
-    const scanKeyHex = `0x${(0, import_utils29.bytesToHex)(scanKey)}`;
-    const viewingKeyHex = `0x${(0, import_utils29.bytesToHex)(viewingKey)}`;
+    const scanKeyHex = `0x${(0, import_utils30.bytesToHex)(scanKey)}`;
+    const viewingKeyHex = `0x${(0, import_utils30.bytesToHex)(viewingKey)}`;
     for (const transfer of transfers) {
       try {
         if (!transfer || typeof transfer !== "object") {
@@ -17426,10 +18222,10 @@ function verifyOwnership(proof) {
 
 // src/wallet/errors.ts
 init_errors();
-var import_types21 = require("@sip-protocol/types");
+var import_types22 = require("@sip-protocol/types");
 var WalletError = class extends SIPError {
   walletCode;
-  constructor(message, walletCode = import_types21.WalletErrorCode.UNKNOWN, options) {
+  constructor(message, walletCode = import_types22.WalletErrorCode.UNKNOWN, options) {
     super(message, "SIP_7000" /* WALLET_ERROR */, options);
     this.walletCode = walletCode;
     this.name = "WalletError";
@@ -17439,10 +18235,10 @@ var WalletError = class extends SIPError {
    */
   isConnectionError() {
     const codes = [
-      import_types21.WalletErrorCode.NOT_INSTALLED,
-      import_types21.WalletErrorCode.CONNECTION_REJECTED,
-      import_types21.WalletErrorCode.CONNECTION_FAILED,
-      import_types21.WalletErrorCode.NOT_CONNECTED
+      import_types22.WalletErrorCode.NOT_INSTALLED,
+      import_types22.WalletErrorCode.CONNECTION_REJECTED,
+      import_types22.WalletErrorCode.CONNECTION_FAILED,
+      import_types22.WalletErrorCode.NOT_CONNECTED
     ];
     return codes.includes(this.walletCode);
   }
@@ -17451,9 +18247,9 @@ var WalletError = class extends SIPError {
    */
   isSigningError() {
     const codes = [
-      import_types21.WalletErrorCode.SIGNING_REJECTED,
-      import_types21.WalletErrorCode.SIGNING_FAILED,
-      import_types21.WalletErrorCode.INVALID_MESSAGE
+      import_types22.WalletErrorCode.SIGNING_REJECTED,
+      import_types22.WalletErrorCode.SIGNING_FAILED,
+      import_types22.WalletErrorCode.INVALID_MESSAGE
     ];
     return codes.includes(this.walletCode);
   }
@@ -17462,10 +18258,10 @@ var WalletError = class extends SIPError {
    */
   isTransactionError() {
     const codes = [
-      import_types21.WalletErrorCode.INSUFFICIENT_FUNDS,
-      import_types21.WalletErrorCode.TRANSACTION_REJECTED,
-      import_types21.WalletErrorCode.TRANSACTION_FAILED,
-      import_types21.WalletErrorCode.INVALID_TRANSACTION
+      import_types22.WalletErrorCode.INSUFFICIENT_FUNDS,
+      import_types22.WalletErrorCode.TRANSACTION_REJECTED,
+      import_types22.WalletErrorCode.TRANSACTION_FAILED,
+      import_types22.WalletErrorCode.INVALID_TRANSACTION
     ];
     return codes.includes(this.walletCode);
   }
@@ -17474,9 +18270,9 @@ var WalletError = class extends SIPError {
    */
   isPrivacyError() {
     const codes = [
-      import_types21.WalletErrorCode.STEALTH_NOT_SUPPORTED,
-      import_types21.WalletErrorCode.VIEWING_KEY_NOT_SUPPORTED,
-      import_types21.WalletErrorCode.SHIELDED_NOT_SUPPORTED
+      import_types22.WalletErrorCode.STEALTH_NOT_SUPPORTED,
+      import_types22.WalletErrorCode.VIEWING_KEY_NOT_SUPPORTED,
+      import_types22.WalletErrorCode.SHIELDED_NOT_SUPPORTED
     ];
     return codes.includes(this.walletCode);
   }
@@ -17485,10 +18281,10 @@ var WalletError = class extends SIPError {
    */
   isUserRejection() {
     const codes = [
-      import_types21.WalletErrorCode.CONNECTION_REJECTED,
-      import_types21.WalletErrorCode.SIGNING_REJECTED,
-      import_types21.WalletErrorCode.TRANSACTION_REJECTED,
-      import_types21.WalletErrorCode.CHAIN_SWITCH_REJECTED
+      import_types22.WalletErrorCode.CONNECTION_REJECTED,
+      import_types22.WalletErrorCode.SIGNING_REJECTED,
+      import_types22.WalletErrorCode.TRANSACTION_REJECTED,
+      import_types22.WalletErrorCode.CHAIN_SWITCH_REJECTED
     ];
     return codes.includes(this.walletCode);
   }
@@ -17496,15 +18292,15 @@ var WalletError = class extends SIPError {
 function notConnectedError() {
   return new WalletError(
     "Wallet not connected. Call connect() first.",
-    import_types21.WalletErrorCode.NOT_CONNECTED
+    import_types22.WalletErrorCode.NOT_CONNECTED
   );
 }
-function featureNotSupportedError(feature, code = import_types21.WalletErrorCode.UNKNOWN) {
+function featureNotSupportedError(feature, code = import_types22.WalletErrorCode.UNKNOWN) {
   return new WalletError(`${feature} is not supported by this wallet`, code);
 }
 
 // src/wallet/base-adapter.ts
-var import_types22 = require("@sip-protocol/types");
+var import_types23 = require("@sip-protocol/types");
 var BaseWalletAdapter = class {
   _address = "";
   _publicKey = "";
@@ -17667,12 +18463,12 @@ var MockWalletAdapter = class extends BaseWalletAdapter {
     this._connectionState = "connecting";
     if (this.shouldFailConnect) {
       this.setError(
-        import_types22.WalletErrorCode.CONNECTION_FAILED,
+        import_types23.WalletErrorCode.CONNECTION_FAILED,
         "Mock connection failure"
       );
       throw new WalletError(
         "Mock connection failure",
-        import_types22.WalletErrorCode.CONNECTION_FAILED
+        import_types23.WalletErrorCode.CONNECTION_FAILED
       );
     }
     await new Promise((resolve) => setTimeout(resolve, 10));
@@ -17684,7 +18480,7 @@ var MockWalletAdapter = class extends BaseWalletAdapter {
   async signMessage(message) {
     this.requireConnected();
     if (this.shouldFailSign) {
-      throw new WalletError("Mock signing failure", import_types22.WalletErrorCode.SIGNING_FAILED);
+      throw new WalletError("Mock signing failure", import_types23.WalletErrorCode.SIGNING_FAILED);
     }
     const mockSig = new Uint8Array(64);
     for (let i = 0; i < 64; i++) {
@@ -17699,7 +18495,7 @@ var MockWalletAdapter = class extends BaseWalletAdapter {
   async signTransaction(tx) {
     this.requireConnected();
     if (this.shouldFailSign) {
-      throw new WalletError("Mock signing failure", import_types22.WalletErrorCode.SIGNING_FAILED);
+      throw new WalletError("Mock signing failure", import_types23.WalletErrorCode.SIGNING_FAILED);
     }
     const signature = await this.signMessage(
       new TextEncoder().encode(JSON.stringify(tx.data))
@@ -17881,7 +18677,7 @@ function isPrivateWalletAdapter(adapter) {
 }
 
 // src/wallet/solana/adapter.ts
-var import_types23 = require("@sip-protocol/types");
+var import_types24 = require("@sip-protocol/types");
 
 // src/wallet/solana/types.ts
 function getSolanaProvider(wallet = "phantom") {
@@ -18002,19 +18798,19 @@ var SolanaWalletAdapter = class extends BaseWalletAdapter {
       }
       if (!this.provider) {
         this.setError(
-          import_types23.WalletErrorCode.NOT_INSTALLED,
+          import_types24.WalletErrorCode.NOT_INSTALLED,
           `${this.walletName} wallet is not installed`
         );
         throw new WalletError(
           `${this.walletName} wallet is not installed`,
-          import_types23.WalletErrorCode.NOT_INSTALLED
+          import_types24.WalletErrorCode.NOT_INSTALLED
         );
       }
       const { publicKey } = await this.provider.connect();
       if (!publicKey) {
         throw new WalletError(
           "No public key returned from wallet",
-          import_types23.WalletErrorCode.CONNECTION_FAILED
+          import_types24.WalletErrorCode.CONNECTION_FAILED
         );
       }
       this.setupEventHandlers();
@@ -18024,11 +18820,11 @@ var SolanaWalletAdapter = class extends BaseWalletAdapter {
     } catch (error) {
       const message = error instanceof Error ? error.message : "Connection failed";
       if (message.includes("User rejected") || message.includes("rejected")) {
-        this.setError(import_types23.WalletErrorCode.CONNECTION_REJECTED, message);
-        throw new WalletError(message, import_types23.WalletErrorCode.CONNECTION_REJECTED);
+        this.setError(import_types24.WalletErrorCode.CONNECTION_REJECTED, message);
+        throw new WalletError(message, import_types24.WalletErrorCode.CONNECTION_REJECTED);
       }
-      this.setError(import_types23.WalletErrorCode.CONNECTION_FAILED, message);
-      throw error instanceof WalletError ? error : new WalletError(message, import_types23.WalletErrorCode.CONNECTION_FAILED, { cause: error });
+      this.setError(import_types24.WalletErrorCode.CONNECTION_FAILED, message);
+      throw error instanceof WalletError ? error : new WalletError(message, import_types24.WalletErrorCode.CONNECTION_FAILED, { cause: error });
     }
   }
   /**
@@ -18051,7 +18847,7 @@ var SolanaWalletAdapter = class extends BaseWalletAdapter {
   async signMessage(message) {
     this.requireConnected();
     if (!this.provider) {
-      throw new WalletError("Provider not available", import_types23.WalletErrorCode.NOT_CONNECTED);
+      throw new WalletError("Provider not available", import_types24.WalletErrorCode.NOT_CONNECTED);
     }
     try {
       const { signature } = await this.provider.signMessage(message);
@@ -18062,9 +18858,9 @@ var SolanaWalletAdapter = class extends BaseWalletAdapter {
     } catch (error) {
       const message2 = error instanceof Error ? error.message : "Signing failed";
       if (message2.includes("User rejected") || message2.includes("rejected")) {
-        throw new WalletError(message2, import_types23.WalletErrorCode.SIGNING_REJECTED);
+        throw new WalletError(message2, import_types24.WalletErrorCode.SIGNING_REJECTED);
       }
-      throw new WalletError(message2, import_types23.WalletErrorCode.SIGNING_FAILED, {
+      throw new WalletError(message2, import_types24.WalletErrorCode.SIGNING_FAILED, {
         cause: error
       });
     }
@@ -18077,7 +18873,7 @@ var SolanaWalletAdapter = class extends BaseWalletAdapter {
   async signTransaction(tx) {
     this.requireConnected();
     if (!this.provider) {
-      throw new WalletError("Provider not available", import_types23.WalletErrorCode.NOT_CONNECTED);
+      throw new WalletError("Provider not available", import_types24.WalletErrorCode.NOT_CONNECTED);
     }
     try {
       const solTx = tx.data;
@@ -18096,9 +18892,9 @@ var SolanaWalletAdapter = class extends BaseWalletAdapter {
     } catch (error) {
       const message = error instanceof Error ? error.message : "Signing failed";
       if (message.includes("User rejected") || message.includes("rejected")) {
-        throw new WalletError(message, import_types23.WalletErrorCode.SIGNING_REJECTED);
+        throw new WalletError(message, import_types24.WalletErrorCode.SIGNING_REJECTED);
       }
-      throw new WalletError(message, import_types23.WalletErrorCode.SIGNING_FAILED, {
+      throw new WalletError(message, import_types24.WalletErrorCode.SIGNING_FAILED, {
         cause: error
       });
     }
@@ -18109,7 +18905,7 @@ var SolanaWalletAdapter = class extends BaseWalletAdapter {
   async signAndSendTransaction(tx) {
     this.requireConnected();
     if (!this.provider) {
-      throw new WalletError("Provider not available", import_types23.WalletErrorCode.NOT_CONNECTED);
+      throw new WalletError("Provider not available", import_types24.WalletErrorCode.NOT_CONNECTED);
     }
     try {
       const solTx = tx.data;
@@ -18124,12 +18920,12 @@ var SolanaWalletAdapter = class extends BaseWalletAdapter {
     } catch (error) {
       const message = error instanceof Error ? error.message : "Transaction failed";
       if (message.includes("User rejected") || message.includes("rejected")) {
-        throw new WalletError(message, import_types23.WalletErrorCode.TRANSACTION_REJECTED);
+        throw new WalletError(message, import_types24.WalletErrorCode.TRANSACTION_REJECTED);
       }
       if (message.includes("insufficient") || message.includes("Insufficient")) {
-        throw new WalletError(message, import_types23.WalletErrorCode.INSUFFICIENT_FUNDS);
+        throw new WalletError(message, import_types24.WalletErrorCode.INSUFFICIENT_FUNDS);
       }
-      throw new WalletError(message, import_types23.WalletErrorCode.TRANSACTION_FAILED, {
+      throw new WalletError(message, import_types24.WalletErrorCode.TRANSACTION_FAILED, {
         cause: error
       });
     }
@@ -18142,16 +18938,16 @@ var SolanaWalletAdapter = class extends BaseWalletAdapter {
   async signAllTransactions(transactions) {
     this.requireConnected();
     if (!this.provider) {
-      throw new WalletError("Provider not available", import_types23.WalletErrorCode.NOT_CONNECTED);
+      throw new WalletError("Provider not available", import_types24.WalletErrorCode.NOT_CONNECTED);
     }
     try {
       return await this.provider.signAllTransactions(transactions);
     } catch (error) {
       const message = error instanceof Error ? error.message : "Signing failed";
       if (message.includes("User rejected") || message.includes("rejected")) {
-        throw new WalletError(message, import_types23.WalletErrorCode.SIGNING_REJECTED);
+        throw new WalletError(message, import_types24.WalletErrorCode.SIGNING_REJECTED);
       }
-      throw new WalletError(message, import_types23.WalletErrorCode.SIGNING_FAILED, {
+      throw new WalletError(message, import_types24.WalletErrorCode.SIGNING_FAILED, {
         cause: error
       });
     }
@@ -18172,7 +18968,7 @@ var SolanaWalletAdapter = class extends BaseWalletAdapter {
     } catch (error) {
       throw new WalletError(
         "Failed to get balance",
-        import_types23.WalletErrorCode.UNKNOWN,
+        import_types24.WalletErrorCode.UNKNOWN,
         { cause: error }
       );
     }
@@ -18185,7 +18981,7 @@ var SolanaWalletAdapter = class extends BaseWalletAdapter {
     if (asset.chain !== "solana") {
       throw new WalletError(
         `Asset chain ${asset.chain} not supported by Solana adapter`,
-        import_types23.WalletErrorCode.UNSUPPORTED_CHAIN
+        import_types24.WalletErrorCode.UNSUPPORTED_CHAIN
       );
     }
     if (!asset.address) {
@@ -18303,7 +19099,7 @@ function createSolanaAdapter(config = {}) {
 }
 
 // src/wallet/solana/mock.ts
-var import_types25 = require("@sip-protocol/types");
+var import_types26 = require("@sip-protocol/types");
 var MockPublicKey = class {
   base58;
   bytes;
@@ -18369,8 +19165,8 @@ var MockSolanaAdapter = class extends BaseWalletAdapter {
     this._connectionState = "connecting";
     await this.simulateLatency();
     if (this.shouldFailConnect) {
-      this.setError(import_types25.WalletErrorCode.CONNECTION_FAILED, "Mock connection failure");
-      throw new WalletError("Mock connection failure", import_types25.WalletErrorCode.CONNECTION_FAILED);
+      this.setError(import_types26.WalletErrorCode.CONNECTION_FAILED, "Mock connection failure");
+      throw new WalletError("Mock connection failure", import_types26.WalletErrorCode.CONNECTION_FAILED);
     }
     const hexPubKey = "0x" + Buffer.from(this.mockPublicKey.toBytes()).toString("hex");
     this.setConnected(this.mockAddress, hexPubKey);
@@ -18389,7 +19185,7 @@ var MockSolanaAdapter = class extends BaseWalletAdapter {
     this.requireConnected();
     await this.simulateLatency();
     if (this.shouldFailSign) {
-      throw new WalletError("Mock signing failure", import_types25.WalletErrorCode.SIGNING_REJECTED);
+      throw new WalletError("Mock signing failure", import_types26.WalletErrorCode.SIGNING_REJECTED);
     }
     const mockSig = new Uint8Array(64);
     for (let i = 0; i < 64; i++) {
@@ -18407,7 +19203,7 @@ var MockSolanaAdapter = class extends BaseWalletAdapter {
     this.requireConnected();
     await this.simulateLatency();
     if (this.shouldFailSign) {
-      throw new WalletError("Mock signing failure", import_types25.WalletErrorCode.SIGNING_REJECTED);
+      throw new WalletError("Mock signing failure", import_types26.WalletErrorCode.SIGNING_REJECTED);
     }
     const solTx = tx.data;
     this.signedTransactions.push(solTx);
@@ -18427,10 +19223,10 @@ var MockSolanaAdapter = class extends BaseWalletAdapter {
     this.requireConnected();
     await this.simulateLatency();
     if (this.shouldFailSign) {
-      throw new WalletError("Mock signing failure", import_types25.WalletErrorCode.SIGNING_REJECTED);
+      throw new WalletError("Mock signing failure", import_types26.WalletErrorCode.SIGNING_REJECTED);
     }
     if (this.shouldFailTransaction) {
-      throw new WalletError("Mock transaction failure", import_types25.WalletErrorCode.TRANSACTION_FAILED);
+      throw new WalletError("Mock transaction failure", import_types26.WalletErrorCode.TRANSACTION_FAILED);
     }
     const txSig = `mock_tx_${Date.now()}_${Math.random().toString(36).slice(2)}`;
     this.sentTransactions.push(txSig);
@@ -18450,7 +19246,7 @@ var MockSolanaAdapter = class extends BaseWalletAdapter {
     this.requireConnected();
     await this.simulateLatency();
     if (this.shouldFailSign) {
-      throw new WalletError("Mock signing failure", import_types25.WalletErrorCode.SIGNING_REJECTED);
+      throw new WalletError("Mock signing failure", import_types26.WalletErrorCode.SIGNING_REJECTED);
     }
     this.signedTransactions.push(...transactions);
     return transactions.map((tx) => {
@@ -18477,7 +19273,7 @@ var MockSolanaAdapter = class extends BaseWalletAdapter {
     if (asset.chain !== "solana") {
       throw new WalletError(
         `Asset chain ${asset.chain} not supported by Solana adapter`,
-        import_types25.WalletErrorCode.UNSUPPORTED_CHAIN
+        import_types26.WalletErrorCode.UNSUPPORTED_CHAIN
       );
     }
     if (!asset.address) {
@@ -18646,7 +19442,7 @@ function createMockSolanaAdapter(config = {}) {
 }
 
 // src/wallet/ethereum/adapter.ts
-var import_types27 = require("@sip-protocol/types");
+var import_types28 = require("@sip-protocol/types");
 
 // src/wallet/ethereum/types.ts
 var EthereumChainId = {
@@ -18788,7 +19584,7 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
         this._connectionState = "error";
         throw new WalletError(
           `${this.walletType} wallet not found. Please install the extension.`,
-          import_types27.WalletErrorCode.NOT_INSTALLED
+          import_types28.WalletErrorCode.NOT_INSTALLED
         );
       }
       const accounts = await this.provider.request({
@@ -18798,7 +19594,7 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
         this._connectionState = "error";
         throw new WalletError(
           "No accounts returned from wallet",
-          import_types27.WalletErrorCode.CONNECTION_REJECTED
+          import_types28.WalletErrorCode.CONNECTION_REJECTED
         );
       }
       const address = normalizeAddress(accounts[0]);
@@ -18818,12 +19614,12 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
       if (rpcError.code === 4001) {
         throw new WalletError(
           "User rejected connection request",
-          import_types27.WalletErrorCode.CONNECTION_REJECTED
+          import_types28.WalletErrorCode.CONNECTION_REJECTED
         );
       }
       throw new WalletError(
         `Failed to connect: ${rpcError.message || String(error)}`,
-        import_types27.WalletErrorCode.CONNECTION_FAILED
+        import_types28.WalletErrorCode.CONNECTION_FAILED
       );
     }
   }
@@ -18843,7 +19639,7 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
     if (!this.provider) {
       throw new WalletError(
         "Provider not available",
-        import_types27.WalletErrorCode.NOT_CONNECTED
+        import_types28.WalletErrorCode.NOT_CONNECTED
       );
     }
     try {
@@ -18861,12 +19657,12 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
       if (rpcError.code === 4001) {
         throw new WalletError(
           "User rejected signing request",
-          import_types27.WalletErrorCode.SIGNING_REJECTED
+          import_types28.WalletErrorCode.SIGNING_REJECTED
         );
       }
       throw new WalletError(
         `Failed to sign message: ${rpcError.message || String(error)}`,
-        import_types27.WalletErrorCode.SIGNING_FAILED
+        import_types28.WalletErrorCode.SIGNING_FAILED
       );
     }
   }
@@ -18878,7 +19674,7 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
     if (!this.provider) {
       throw new WalletError(
         "Provider not available",
-        import_types27.WalletErrorCode.NOT_CONNECTED
+        import_types28.WalletErrorCode.NOT_CONNECTED
       );
     }
     try {
@@ -18895,12 +19691,12 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
       if (rpcError.code === 4001) {
         throw new WalletError(
           "User rejected signing request",
-          import_types27.WalletErrorCode.SIGNING_REJECTED
+          import_types28.WalletErrorCode.SIGNING_REJECTED
         );
       }
       throw new WalletError(
         `Failed to sign typed data: ${rpcError.message || String(error)}`,
-        import_types27.WalletErrorCode.SIGNING_FAILED
+        import_types28.WalletErrorCode.SIGNING_FAILED
       );
     }
   }
@@ -18912,7 +19708,7 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
     if (!this.provider) {
       throw new WalletError(
         "Provider not available",
-        import_types27.WalletErrorCode.NOT_CONNECTED
+        import_types28.WalletErrorCode.NOT_CONNECTED
       );
     }
     try {
@@ -18940,7 +19736,7 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
       if (rpcError.code === 4001) {
         throw new WalletError(
           "User rejected transaction signing",
-          import_types27.WalletErrorCode.SIGNING_REJECTED
+          import_types28.WalletErrorCode.SIGNING_REJECTED
         );
       }
       if (rpcError.code === -32601 || rpcError.message?.includes("not supported")) {
@@ -18958,7 +19754,7 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
       }
       throw new WalletError(
         `Failed to sign transaction: ${rpcError.message || String(error)}`,
-        import_types27.WalletErrorCode.TRANSACTION_FAILED
+        import_types28.WalletErrorCode.TRANSACTION_FAILED
       );
     }
   }
@@ -18970,7 +19766,7 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
     if (!this.provider) {
       throw new WalletError(
         "Provider not available",
-        import_types27.WalletErrorCode.NOT_CONNECTED
+        import_types28.WalletErrorCode.NOT_CONNECTED
       );
     }
     try {
@@ -18992,12 +19788,12 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
       if (rpcError.code === 4001) {
         throw new WalletError(
           "User rejected transaction",
-          import_types27.WalletErrorCode.TRANSACTION_REJECTED
+          import_types28.WalletErrorCode.TRANSACTION_REJECTED
         );
       }
       throw new WalletError(
         `Failed to send transaction: ${rpcError.message || String(error)}`,
-        import_types27.WalletErrorCode.TRANSACTION_FAILED
+        import_types28.WalletErrorCode.TRANSACTION_FAILED
       );
     }
   }
@@ -19032,7 +19828,7 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
     } catch (error) {
       throw new WalletError(
         `Failed to fetch balance: ${String(error)}`,
-        import_types27.WalletErrorCode.UNKNOWN
+        import_types28.WalletErrorCode.UNKNOWN
       );
     }
   }
@@ -19044,7 +19840,7 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
     if (asset.chain !== "ethereum") {
       throw new WalletError(
         `Asset chain ${asset.chain} not supported by Ethereum adapter`,
-        import_types27.WalletErrorCode.UNSUPPORTED_CHAIN
+        import_types28.WalletErrorCode.UNSUPPORTED_CHAIN
       );
     }
     if (!asset.address) {
@@ -19069,7 +19865,7 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
     } catch (error) {
       throw new WalletError(
         `Failed to fetch token balance: ${String(error)}`,
-        import_types27.WalletErrorCode.UNKNOWN
+        import_types28.WalletErrorCode.UNKNOWN
       );
     }
   }
@@ -19081,7 +19877,7 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
     if (!this.provider) {
       throw new WalletError(
         "Provider not available",
-        import_types27.WalletErrorCode.NOT_CONNECTED
+        import_types28.WalletErrorCode.NOT_CONNECTED
       );
     }
     try {
@@ -19096,18 +19892,18 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
       if (rpcError.code === 4001) {
         throw new WalletError(
           "User rejected chain switch",
-          import_types27.WalletErrorCode.CHAIN_SWITCH_REJECTED
+          import_types28.WalletErrorCode.CHAIN_SWITCH_REJECTED
         );
       }
       if (rpcError.code === 4902) {
         throw new WalletError(
           `Chain ${chainId} not added to wallet`,
-          import_types27.WalletErrorCode.UNSUPPORTED_CHAIN
+          import_types28.WalletErrorCode.UNSUPPORTED_CHAIN
         );
       }
       throw new WalletError(
         `Failed to switch chain: ${rpcError.message || String(error)}`,
-        import_types27.WalletErrorCode.CHAIN_SWITCH_FAILED
+        import_types28.WalletErrorCode.CHAIN_SWITCH_FAILED
       );
     }
   }
@@ -19143,7 +19939,7 @@ var EthereumWalletAdapter = class extends BaseWalletAdapter {
     }
     throw new WalletError(
       `Transaction ${txHash} not confirmed after ${maxAttempts * 5} seconds`,
-      import_types27.WalletErrorCode.TRANSACTION_FAILED
+      import_types28.WalletErrorCode.TRANSACTION_FAILED
     );
   }
   /**
@@ -19217,7 +20013,7 @@ function createEthereumAdapter(config) {
 }
 
 // src/wallet/ethereum/mock.ts
-var import_types29 = require("@sip-protocol/types");
+var import_types30 = require("@sip-protocol/types");
 var MockEthereumAdapter = class extends BaseWalletAdapter {
   chain = "ethereum";
   name = "mock-ethereum";
@@ -19258,7 +20054,7 @@ var MockEthereumAdapter = class extends BaseWalletAdapter {
         this._connectionState = "error";
         throw new WalletError(
           "Mock connection rejected",
-          import_types29.WalletErrorCode.CONNECTION_REJECTED
+          import_types30.WalletErrorCode.CONNECTION_REJECTED
         );
       }
       await new Promise((resolve) => setTimeout(resolve, 10));
@@ -19270,7 +20066,7 @@ var MockEthereumAdapter = class extends BaseWalletAdapter {
       this._connectionState = "error";
       throw new WalletError(
         `Mock connection failed: ${String(error)}`,
-        import_types29.WalletErrorCode.CONNECTION_FAILED
+        import_types30.WalletErrorCode.CONNECTION_FAILED
       );
     }
   }
@@ -19288,7 +20084,7 @@ var MockEthereumAdapter = class extends BaseWalletAdapter {
     if (this._shouldFailSign) {
       throw new WalletError(
         "Mock signing rejected",
-        import_types29.WalletErrorCode.SIGNING_REJECTED
+        import_types30.WalletErrorCode.SIGNING_REJECTED
       );
     }
     const msgHex = Buffer.from(message).toString("hex");
@@ -19306,7 +20102,7 @@ var MockEthereumAdapter = class extends BaseWalletAdapter {
     if (this._shouldFailSign) {
       throw new WalletError(
         "Mock signing rejected",
-        import_types29.WalletErrorCode.SIGNING_REJECTED
+        import_types30.WalletErrorCode.SIGNING_REJECTED
       );
     }
     const mockSig = `0x${"1".repeat(130)}`;
@@ -19323,7 +20119,7 @@ var MockEthereumAdapter = class extends BaseWalletAdapter {
     if (this._shouldFailSign) {
       throw new WalletError(
         "Mock signing rejected",
-        import_types29.WalletErrorCode.SIGNING_REJECTED
+        import_types30.WalletErrorCode.SIGNING_REJECTED
       );
     }
     this._signedTransactions.push(tx);
@@ -19348,7 +20144,7 @@ var MockEthereumAdapter = class extends BaseWalletAdapter {
     if (this._shouldFailTransaction) {
       throw new WalletError(
         "Mock transaction failed",
-        import_types29.WalletErrorCode.TRANSACTION_FAILED
+        import_types30.WalletErrorCode.TRANSACTION_FAILED
       );
     }
     this._signedTransactions.push(tx);
@@ -19378,7 +20174,7 @@ var MockEthereumAdapter = class extends BaseWalletAdapter {
     if (asset.chain !== "ethereum") {
       throw new WalletError(
         `Asset chain ${asset.chain} not supported by Ethereum adapter`,
-        import_types29.WalletErrorCode.UNSUPPORTED_CHAIN
+        import_types30.WalletErrorCode.UNSUPPORTED_CHAIN
       );
     }
     if (!asset.address) {
@@ -19583,28 +20379,28 @@ function createMockEthereumProvider(config = {}) {
 }
 
 // src/wallet/cosmos/adapter.ts
-var import_types32 = require("@sip-protocol/types");
+var import_types33 = require("@sip-protocol/types");
 
 // src/wallet/cosmos/mock.ts
-var import_types34 = require("@sip-protocol/types");
+var import_types35 = require("@sip-protocol/types");
 
 // src/wallet/bitcoin/adapter.ts
-var import_types37 = require("@sip-protocol/types");
+var import_types38 = require("@sip-protocol/types");
 
 // src/wallet/bitcoin/mock.ts
-var import_types39 = require("@sip-protocol/types");
+var import_types40 = require("@sip-protocol/types");
 
 // src/wallet/aptos/adapter.ts
-var import_types42 = require("@sip-protocol/types");
+var import_types43 = require("@sip-protocol/types");
 
 // src/wallet/aptos/mock.ts
-var import_types44 = require("@sip-protocol/types");
+var import_types45 = require("@sip-protocol/types");
 
 // src/wallet/sui/adapter.ts
-var import_types46 = require("@sip-protocol/types");
+var import_types47 = require("@sip-protocol/types");
 
 // src/wallet/sui/mock.ts
-var import_types48 = require("@sip-protocol/types");
+var import_types49 = require("@sip-protocol/types");
 
 // src/wallet/hardware/types.ts
 var DerivationPath = {
@@ -19684,7 +20480,7 @@ function getAvailableTransports() {
 
 // src/wallet/hardware/ledger.ts
 var import_rlp = require("@ethereumjs/rlp");
-var import_types50 = require("@sip-protocol/types");
+var import_types51 = require("@sip-protocol/types");
 var LedgerWalletAdapter = class extends BaseWalletAdapter {
   chain;
   name = "ledger";
@@ -19837,7 +20633,7 @@ var LedgerWalletAdapter = class extends BaseWalletAdapter {
   async getBalance() {
     throw new WalletError(
       "Hardware wallets do not track balances. Use an RPC provider.",
-      import_types50.WalletErrorCode.UNSUPPORTED_OPERATION
+      import_types51.WalletErrorCode.UNSUPPORTED_OPERATION
     );
   }
   /**
@@ -19848,7 +20644,7 @@ var LedgerWalletAdapter = class extends BaseWalletAdapter {
   async getTokenBalance(_asset) {
     throw new WalletError(
       "Hardware wallets do not track balances. Use an RPC provider.",
-      import_types50.WalletErrorCode.UNSUPPORTED_OPERATION
+      import_types51.WalletErrorCode.UNSUPPORTED_OPERATION
     );
   }
   // ─── Account Management ─────────────────────────────────────────────────────
@@ -20075,7 +20871,7 @@ var LedgerWalletAdapter = class extends BaseWalletAdapter {
    * @see https://ethereum.org/en/developers/docs/data-structures-and-encoding/rlp/
    */
   buildRawEthereumTx(tx) {
-    const hexToBytes24 = (hex) => {
+    const hexToBytes25 = (hex) => {
       if (!hex || hex === "0x" || hex === "0x0" || hex === "0x00") {
         return new Uint8Array(0);
       }
@@ -20092,21 +20888,21 @@ var LedgerWalletAdapter = class extends BaseWalletAdapter {
     const isEIP1559 = tx.maxFeePerGas !== void 0 && tx.maxPriorityFeePerGas !== void 0;
     if (isEIP1559) {
       const txData = [
-        hexToBytes24(`0x${tx.chainId.toString(16)}`),
+        hexToBytes25(`0x${tx.chainId.toString(16)}`),
         // chainId
-        hexToBytes24(tx.nonce),
+        hexToBytes25(tx.nonce),
         // nonce
-        hexToBytes24(tx.maxPriorityFeePerGas),
+        hexToBytes25(tx.maxPriorityFeePerGas),
         // maxPriorityFeePerGas
-        hexToBytes24(tx.maxFeePerGas),
+        hexToBytes25(tx.maxFeePerGas),
         // maxFeePerGas
-        hexToBytes24(tx.gasLimit),
+        hexToBytes25(tx.gasLimit),
         // gasLimit
-        hexToBytes24(tx.to),
+        hexToBytes25(tx.to),
         // to
-        hexToBytes24(tx.value),
+        hexToBytes25(tx.value),
         // value
-        hexToBytes24(tx.data),
+        hexToBytes25(tx.data),
         // data
         []
         // accessList (empty)
@@ -20125,19 +20921,19 @@ var LedgerWalletAdapter = class extends BaseWalletAdapter {
         );
       }
       const txData = [
-        hexToBytes24(tx.nonce),
+        hexToBytes25(tx.nonce),
         // nonce
-        hexToBytes24(tx.gasPrice),
+        hexToBytes25(tx.gasPrice),
         // gasPrice
-        hexToBytes24(tx.gasLimit),
+        hexToBytes25(tx.gasLimit),
         // gasLimit
-        hexToBytes24(tx.to),
+        hexToBytes25(tx.to),
         // to
-        hexToBytes24(tx.value),
+        hexToBytes25(tx.value),
         // value
-        hexToBytes24(tx.data),
+        hexToBytes25(tx.data),
         // data
-        hexToBytes24(`0x${tx.chainId.toString(16)}`),
+        hexToBytes25(`0x${tx.chainId.toString(16)}`),
         // v (chainId for EIP-155)
         new Uint8Array(0),
         // r (empty for unsigned)
@@ -20214,7 +21010,7 @@ function createLedgerAdapter(config) {
 }
 
 // src/wallet/hardware/trezor.ts
-var import_types52 = require("@sip-protocol/types");
+var import_types53 = require("@sip-protocol/types");
 var TrezorWalletAdapter = class extends BaseWalletAdapter {
   chain;
   name = "trezor";
@@ -20360,7 +21156,7 @@ var TrezorWalletAdapter = class extends BaseWalletAdapter {
   async getBalance() {
     throw new WalletError(
       "Hardware wallets do not track balances. Use an RPC provider.",
-      import_types52.WalletErrorCode.UNSUPPORTED_OPERATION
+      import_types53.WalletErrorCode.UNSUPPORTED_OPERATION
     );
   }
   /**
@@ -20371,7 +21167,7 @@ var TrezorWalletAdapter = class extends BaseWalletAdapter {
   async getTokenBalance(_asset) {
     throw new WalletError(
       "Hardware wallets do not track balances. Use an RPC provider.",
-      import_types52.WalletErrorCode.UNSUPPORTED_OPERATION
+      import_types53.WalletErrorCode.UNSUPPORTED_OPERATION
     );
   }
   // ─── Account Management ─────────────────────────────────────────────────────
@@ -20652,8 +21448,8 @@ function createTrezorAdapter(config) {
 }
 
 // src/wallet/hardware/mock.ts
-var import_types54 = require("@sip-protocol/types");
-var import_utils30 = require("@noble/hashes/utils");
+var import_types55 = require("@sip-protocol/types");
+var import_utils31 = require("@noble/hashes/utils");
 var MockLedgerAdapter = class extends BaseWalletAdapter {
   chain;
   name = "mock-ledger";
@@ -20800,7 +21596,7 @@ var MockLedgerAdapter = class extends BaseWalletAdapter {
   async getBalance() {
     throw new WalletError(
       "Hardware wallets do not track balances",
-      import_types54.WalletErrorCode.UNSUPPORTED_OPERATION
+      import_types55.WalletErrorCode.UNSUPPORTED_OPERATION
     );
   }
   /**
@@ -20809,7 +21605,7 @@ var MockLedgerAdapter = class extends BaseWalletAdapter {
   async getTokenBalance(_asset) {
     throw new WalletError(
       "Hardware wallets do not track balances",
-      import_types54.WalletErrorCode.UNSUPPORTED_OPERATION
+      import_types55.WalletErrorCode.UNSUPPORTED_OPERATION
     );
   }
   /**
@@ -20898,15 +21694,15 @@ var MockLedgerAdapter = class extends BaseWalletAdapter {
     }
   }
   generateMockAddress(index) {
-    const bytes = (0, import_utils30.randomBytes)(20);
+    const bytes = (0, import_utils31.randomBytes)(20);
     bytes[0] = index;
-    return `0x${(0, import_utils30.bytesToHex)(bytes)}`;
+    return `0x${(0, import_utils31.bytesToHex)(bytes)}`;
   }
   generateMockPublicKey(index) {
-    const bytes = (0, import_utils30.randomBytes)(33);
+    const bytes = (0, import_utils31.randomBytes)(33);
     bytes[0] = 2;
     bytes[1] = index;
-    return `0x${(0, import_utils30.bytesToHex)(bytes)}`;
+    return `0x${(0, import_utils31.bytesToHex)(bytes)}`;
   }
   generateMockSignature(data) {
     const sig = new Uint8Array(65);
@@ -20915,7 +21711,7 @@ var MockLedgerAdapter = class extends BaseWalletAdapter {
       sig[32 + i] = (data[i % data.length] ?? 0) ^ i * 11;
     }
     sig[64] = 27;
-    return `0x${(0, import_utils30.bytesToHex)(sig)}`;
+    return `0x${(0, import_utils31.bytesToHex)(sig)}`;
   }
   delay(ms) {
     return new Promise((resolve) => setTimeout(resolve, ms));
@@ -21039,13 +21835,13 @@ var MockTrezorAdapter = class extends BaseWalletAdapter {
   async getBalance() {
     throw new WalletError(
       "Hardware wallets do not track balances",
-      import_types54.WalletErrorCode.UNSUPPORTED_OPERATION
+      import_types55.WalletErrorCode.UNSUPPORTED_OPERATION
     );
   }
   async getTokenBalance(_asset) {
     throw new WalletError(
       "Hardware wallets do not track balances",
-      import_types54.WalletErrorCode.UNSUPPORTED_OPERATION
+      import_types55.WalletErrorCode.UNSUPPORTED_OPERATION
     );
   }
   async getAccounts(startIndex = 0, count = 5) {
@@ -21104,15 +21900,15 @@ var MockTrezorAdapter = class extends BaseWalletAdapter {
     }
   }
   generateMockAddress(index) {
-    const bytes = (0, import_utils30.randomBytes)(20);
+    const bytes = (0, import_utils31.randomBytes)(20);
     bytes[0] = index + 100;
-    return `0x${(0, import_utils30.bytesToHex)(bytes)}`;
+    return `0x${(0, import_utils31.bytesToHex)(bytes)}`;
   }
   generateMockPublicKey(index) {
-    const bytes = (0, import_utils30.randomBytes)(33);
+    const bytes = (0, import_utils31.randomBytes)(33);
     bytes[0] = 3;
     bytes[1] = index + 100;
-    return `0x${(0, import_utils30.bytesToHex)(bytes)}`;
+    return `0x${(0, import_utils31.bytesToHex)(bytes)}`;
   }
   generateMockSignature(data) {
     const sig = new Uint8Array(65);
@@ -21121,7 +21917,7 @@ var MockTrezorAdapter = class extends BaseWalletAdapter {
       sig[32 + i] = (data[i % data.length] ?? 0) ^ i * 17;
     }
     sig[64] = 28;
-    return `0x${(0, import_utils30.bytesToHex)(sig)}`;
+    return `0x${(0, import_utils31.bytesToHex)(sig)}`;
   }
   delay(ms) {
     return new Promise((resolve) => setTimeout(resolve, ms));
@@ -21135,7 +21931,7 @@ function createMockTrezorAdapter(config) {
 }
 
 // src/wallet/index.ts
-var import_types57 = require("@sip-protocol/types");
+var import_types58 = require("@sip-protocol/types");
 
 // src/index.ts
 init_solana();
@@ -21189,6 +21985,1772 @@ function getSupportedSameChainChains() {
   return ["solana"];
 }
 
+// src/privacy-backends/registry.ts
+var DEFAULT_PRIORITY = 50;
+var PrivacyBackendRegistry = class {
+  backends = /* @__PURE__ */ new Map();
+  /**
+   * Register a privacy backend
+   *
+   * @param backend - Backend instance to register
+   * @param options - Registration options
+   * @throws Error if backend with same name exists and override is false
+   *
+   * @example
+   * ```typescript
+   * registry.register(new SIPNativeBackend())
+   * registry.register(new PrivacyCashBackend(), { priority: 100 })
+   * ```
+   */
+  register(backend, options = {}) {
+    const { override = false, priority = DEFAULT_PRIORITY, enabled = true } = options;
+    if (this.backends.has(backend.name) && !override) {
+      throw new Error(
+        `Backend '${backend.name}' is already registered. Use { override: true } to replace it.`
+      );
+    }
+    this.backends.set(backend.name, {
+      backend,
+      priority,
+      enabled,
+      registeredAt: Date.now()
+    });
+  }
+  /**
+   * Unregister a backend by name
+   *
+   * @param name - Backend name to unregister
+   * @returns true if backend was removed, false if not found
+   */
+  unregister(name) {
+    return this.backends.delete(name);
+  }
+  /**
+   * Get a backend by name
+   *
+   * @param name - Backend name
+   * @returns Backend instance or undefined if not found
+   */
+  get(name) {
+    const entry = this.backends.get(name);
+    return entry?.enabled ? entry.backend : void 0;
+  }
+  /**
+   * Check if a backend is registered
+   *
+   * @param name - Backend name
+   * @returns true if registered (regardless of enabled state)
+   */
+  has(name) {
+    return this.backends.has(name);
+  }
+  /**
+   * Get all enabled backends sorted by priority
+   *
+   * @returns Array of backends (highest priority first)
+   */
+  getAll() {
+    return Array.from(this.backends.values()).filter((entry) => entry.enabled).sort((a, b) => b.priority - a.priority).map((entry) => entry.backend);
+  }
+  /**
+   * Get all registered entries (including disabled)
+   *
+   * @returns Array of registered backend entries
+   */
+  getAllEntries() {
+    return Array.from(this.backends.values()).sort((a, b) => b.priority - a.priority);
+  }
+  /**
+   * Get backends supporting a specific chain
+   *
+   * @param chain - Chain type to filter by
+   * @returns Array of backends supporting the chain
+   */
+  getByChain(chain) {
+    return this.getAll().filter(
+      (backend) => backend.chains.includes(chain)
+    );
+  }
+  /**
+   * Get backends of a specific type
+   *
+   * @param type - Backend type to filter by
+   * @returns Array of backends of the specified type
+   */
+  getByType(type) {
+    return this.getAll().filter(
+      (backend) => backend.type === type || backend.type === "both"
+    );
+  }
+  /**
+   * Get backends that support compliance (viewing keys)
+   *
+   * @returns Array of compliance-supporting backends
+   */
+  getCompliant() {
+    return this.getAll().filter(
+      (backend) => backend.getCapabilities().complianceSupport
+    );
+  }
+  /**
+   * Find available backends for a transfer
+   *
+   * @param params - Transfer parameters
+   * @returns Array of available backends with availability info
+   */
+  async findAvailable(params) {
+    const chainBackends = this.getByChain(params.chain);
+    const results = [];
+    for (const backend of chainBackends) {
+      const availability = await backend.checkAvailability(params);
+      if (availability.available) {
+        results.push({ backend, availability });
+      }
+    }
+    return results;
+  }
+  /**
+   * Enable a backend
+   *
+   * @param name - Backend name
+   * @returns true if backend was enabled, false if not found
+   */
+  enable(name) {
+    const entry = this.backends.get(name);
+    if (entry) {
+      entry.enabled = true;
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Disable a backend
+   *
+   * @param name - Backend name
+   * @returns true if backend was disabled, false if not found
+   */
+  disable(name) {
+    const entry = this.backends.get(name);
+    if (entry) {
+      entry.enabled = false;
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Set backend priority
+   *
+   * @param name - Backend name
+   * @param priority - New priority value
+   * @returns true if priority was set, false if not found
+   */
+  setPriority(name, priority) {
+    const entry = this.backends.get(name);
+    if (entry) {
+      entry.priority = priority;
+      return true;
+    }
+    return false;
+  }
+  /**
+   * Get count of registered backends
+   *
+   * @param enabledOnly - If true, only count enabled backends
+   * @returns Number of backends
+   */
+  count(enabledOnly = false) {
+    if (enabledOnly) {
+      return Array.from(this.backends.values()).filter((e) => e.enabled).length;
+    }
+    return this.backends.size;
+  }
+  /**
+   * Clear all registered backends
+   */
+  clear() {
+    this.backends.clear();
+  }
+  /**
+   * Get backend names
+   *
+   * @param enabledOnly - If true, only return enabled backend names
+   * @returns Array of backend names
+   */
+  getNames(enabledOnly = false) {
+    if (enabledOnly) {
+      return Array.from(this.backends.entries()).filter(([, entry]) => entry.enabled).map(([name]) => name);
+    }
+    return Array.from(this.backends.keys());
+  }
+};
+var defaultRegistry = new PrivacyBackendRegistry();
+
+// src/privacy-backends/sip-native.ts
+var SUPPORTED_CHAINS = [
+  "solana",
+  "ethereum",
+  "near",
+  "polygon",
+  "arbitrum",
+  "optimism",
+  "base",
+  "avalanche",
+  "bsc"
+];
+var SIP_NATIVE_CAPABILITIES = {
+  hiddenAmount: true,
+  hiddenSender: true,
+  hiddenRecipient: true,
+  hiddenCompute: false,
+  complianceSupport: true,
+  anonymitySet: void 0,
+  // Not pool-based
+  setupRequired: false,
+  latencyEstimate: "fast",
+  supportedTokens: "all",
+  minAmount: void 0,
+  maxAmount: void 0
+};
+var SIPNativeBackend = class {
+  name = "sip-native";
+  type = "transaction";
+  chains;
+  config;
+  /**
+   * Create a new SIP Native backend
+   *
+   * @param config - Backend configuration
+   */
+  constructor(config = {}) {
+    this.chains = config.chains ?? SUPPORTED_CHAINS;
+    this.config = {
+      chains: this.chains,
+      requireViewingKey: config.requireViewingKey ?? false,
+      minAmount: config.minAmount ?? BigInt(0),
+      maxAmount: config.maxAmount ?? BigInt(Number.MAX_SAFE_INTEGER)
+    };
+  }
+  /**
+   * Check if backend is available for given parameters
+   */
+  async checkAvailability(params) {
+    if (!this.chains.includes(params.chain)) {
+      return {
+        available: false,
+        reason: `Chain '${params.chain}' not supported by SIP Native backend`
+      };
+    }
+    if (this.config.requireViewingKey && !params.viewingKey) {
+      return {
+        available: false,
+        reason: "Viewing key required for SIP Native backend"
+      };
+    }
+    if (params.amount < this.config.minAmount) {
+      return {
+        available: false,
+        reason: `Amount ${params.amount} below minimum ${this.config.minAmount}`
+      };
+    }
+    if (params.amount > this.config.maxAmount) {
+      return {
+        available: false,
+        reason: `Amount ${params.amount} above maximum ${this.config.maxAmount}`
+      };
+    }
+    const estimatedCost = this.getEstimatedCostForChain(params.chain);
+    return {
+      available: true,
+      estimatedCost,
+      estimatedTime: 1e3
+      // ~1 second for stealth address operations
+    };
+  }
+  /**
+   * Get backend capabilities
+   */
+  getCapabilities() {
+    return {
+      ...SIP_NATIVE_CAPABILITIES,
+      minAmount: this.config.minAmount > BigInt(0) ? this.config.minAmount : void 0,
+      maxAmount: this.config.maxAmount < BigInt(Number.MAX_SAFE_INTEGER) ? this.config.maxAmount : void 0
+    };
+  }
+  /**
+   * Execute a privacy-preserving transfer
+   *
+   * This creates a stealth address transfer with:
+   * - Ephemeral keypair generation
+   * - Stealth address derivation
+   * - Pedersen commitment for amount
+   * - Optional viewing key encryption
+   */
+  async execute(params) {
+    const availability = await this.checkAvailability(params);
+    if (!availability.available) {
+      return {
+        success: false,
+        error: availability.reason,
+        backend: this.name
+      };
+    }
+    try {
+      const simulatedSignature = `sim_${Date.now()}_${Math.random().toString(36).slice(2)}`;
+      return {
+        success: true,
+        signature: simulatedSignature,
+        backend: this.name,
+        metadata: {
+          chain: params.chain,
+          amount: params.amount.toString(),
+          hasViewingKey: !!params.viewingKey,
+          timestamp: Date.now()
+        }
+      };
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Unknown error",
+        backend: this.name
+      };
+    }
+  }
+  /**
+   * Estimate cost for a transfer
+   */
+  async estimateCost(params) {
+    return this.getEstimatedCostForChain(params.chain);
+  }
+  /**
+   * Get estimated cost based on chain
+   */
+  getEstimatedCostForChain(chain) {
+    const costMap = {
+      solana: BigInt(5e3),
+      // ~0.000005 SOL
+      ethereum: BigInt("50000000000000"),
+      // ~0.00005 ETH
+      near: BigInt("1000000000000000000000"),
+      // ~0.001 NEAR
+      polygon: BigInt("50000000000000"),
+      // ~0.00005 MATIC
+      arbitrum: BigInt("50000000000000"),
+      optimism: BigInt("50000000000000"),
+      base: BigInt("50000000000000"),
+      avalanche: BigInt("50000000000000"),
+      bsc: BigInt("50000000000000")
+    };
+    return costMap[chain] ?? BigInt(0);
+  }
+};
+
+// src/privacy-backends/privacycash-types.ts
+var SOL_POOL_SIZES = {
+  /** 0.1 SOL pool */
+  SMALL: BigInt(1e8),
+  /** 1 SOL pool */
+  MEDIUM: BigInt(1e9),
+  /** 10 SOL pool */
+  LARGE: BigInt(1e10),
+  /** 100 SOL pool */
+  WHALE: BigInt(1e11)
+};
+var USDC_POOL_SIZES = {
+  /** 10 USDC pool */
+  SMALL: BigInt(1e7),
+  /** 100 USDC pool */
+  MEDIUM: BigInt(1e8),
+  /** 1,000 USDC pool */
+  LARGE: BigInt(1e9),
+  /** 10,000 USDC pool */
+  WHALE: BigInt(1e10)
+};
+var USDT_POOL_SIZES = {
+  /** 10 USDT pool */
+  SMALL: BigInt(1e7),
+  /** 100 USDT pool */
+  MEDIUM: BigInt(1e8),
+  /** 1,000 USDT pool */
+  LARGE: BigInt(1e9),
+  /** 10,000 USDT pool */
+  WHALE: BigInt(1e10)
+};
+var SOL_POOL_AMOUNTS = [
+  SOL_POOL_SIZES.SMALL,
+  SOL_POOL_SIZES.MEDIUM,
+  SOL_POOL_SIZES.LARGE,
+  SOL_POOL_SIZES.WHALE
+];
+var SPL_POOL_AMOUNTS = [
+  USDC_POOL_SIZES.SMALL,
+  USDC_POOL_SIZES.MEDIUM,
+  USDC_POOL_SIZES.LARGE,
+  USDC_POOL_SIZES.WHALE
+];
+
+// src/privacy-backends/privacycash.ts
+var DEFAULT_ANONYMITY_SET = 50;
+var BASE_COST_LAMPORTS = BigInt(1e7);
+var PRIVACYCASH_CAPABILITIES = {
+  hiddenAmount: false,
+  // Fixed pool sizes, amount is known
+  hiddenSender: true,
+  // Pool mixing hides sender
+  hiddenRecipient: true,
+  // Withdrawal to fresh address
+  hiddenCompute: false,
+  // No compute privacy
+  complianceSupport: false,
+  // No viewing keys
+  anonymitySet: DEFAULT_ANONYMITY_SET,
+  setupRequired: false,
+  // No setup needed
+  latencyEstimate: "medium",
+  // Need to wait for pool
+  supportedTokens: "all",
+  // SOL + USDC/USDT
+  minAmount: SOL_POOL_AMOUNTS[0],
+  // Smallest pool
+  maxAmount: SOL_POOL_AMOUNTS[SOL_POOL_AMOUNTS.length - 1]
+  // Largest pool
+};
+
+// src/privacy-backends/router.ts
+var DEFAULT_CONFIG2 = {
+  prioritize: "privacy",
+  requireViewingKeys: false,
+  allowComputePrivacy: true
+};
+var PRIORITY_WEIGHTS = {
+  privacy: {
+    hiddenAmount: 25,
+    hiddenSender: 25,
+    hiddenRecipient: 25,
+    hiddenCompute: 10,
+    anonymitySet: 15
+  },
+  speed: {
+    fast: 40,
+    medium: 25,
+    slow: 10,
+    setupRequired: -20
+  },
+  cost: {
+    baseCost: 50,
+    estimatedCost: 50
+  },
+  compliance: {
+    complianceSupport: 60,
+    hiddenAmount: 15,
+    hiddenSender: 15,
+    hiddenRecipient: 10
+  }
+};
+var SmartRouter2 = class {
+  registry;
+  /**
+   * Create a new SmartRouter
+   *
+   * @param registry - Backend registry to use for selection
+   */
+  constructor(registry) {
+    this.registry = registry;
+  }
+  /**
+   * Select the best backend for a transfer
+   *
+   * @param params - Transfer parameters
+   * @param config - Router configuration
+   * @returns Selection result with backend and reasoning
+   * @throws Error if no suitable backend is found
+   */
+  async selectBackend(params, config = {}) {
+    const fullConfig = { ...DEFAULT_CONFIG2, ...config };
+    const chainBackends = this.registry.getByChain(params.chain);
+    if (chainBackends.length === 0) {
+      throw new Error(
+        `No backends available for chain '${params.chain}'. Register a backend that supports this chain.`
+      );
+    }
+    const scoredBackends = [];
+    for (const backend of chainBackends) {
+      if (fullConfig.excludeBackends?.includes(backend.name)) {
+        continue;
+      }
+      const availability = await backend.checkAvailability(params);
+      if (!availability.available) {
+        continue;
+      }
+      const capabilities = backend.getCapabilities();
+      if (fullConfig.requireViewingKeys && !capabilities.complianceSupport) {
+        continue;
+      }
+      if (fullConfig.minAnonymitySet && capabilities.anonymitySet !== void 0 && capabilities.anonymitySet < fullConfig.minAnonymitySet) {
+        continue;
+      }
+      if (!fullConfig.allowComputePrivacy && backend.type === "compute") {
+        continue;
+      }
+      if (fullConfig.maxCost && availability.estimatedCost) {
+        if (availability.estimatedCost > fullConfig.maxCost) {
+          continue;
+        }
+      }
+      if (fullConfig.maxLatency && availability.estimatedTime) {
+        if (availability.estimatedTime > fullConfig.maxLatency) {
+          continue;
+        }
+      }
+      const { score, reason } = this.scoreBackend(
+        backend,
+        availability,
+        fullConfig
+      );
+      scoredBackends.push({
+        backend,
+        availability,
+        score,
+        reason
+      });
+    }
+    if (scoredBackends.length === 0) {
+      throw new Error(
+        `No backends meet the requirements for this transfer. Check your router configuration and registered backends.`
+      );
+    }
+    scoredBackends.sort((a, b) => b.score - a.score);
+    if (fullConfig.preferredBackend) {
+      const preferredIndex = scoredBackends.findIndex(
+        (s) => s.backend.name === fullConfig.preferredBackend
+      );
+      if (preferredIndex > 0) {
+        const preferred = scoredBackends[preferredIndex];
+        const leader = scoredBackends[0];
+        if (leader.score - preferred.score <= 10) {
+          scoredBackends.splice(preferredIndex, 1);
+          scoredBackends.unshift(preferred);
+          preferred.reason = `Preferred backend (within 10pts of optimal)`;
+        }
+      }
+    }
+    const selected = scoredBackends[0];
+    const alternatives = scoredBackends.slice(1).map((s) => ({
+      backend: s.backend,
+      score: s.score,
+      reason: s.reason
+    }));
+    return {
+      backend: selected.backend,
+      reason: selected.reason,
+      alternatives,
+      score: selected.score
+    };
+  }
+  /**
+   * Execute a transfer using the best available backend
+   *
+   * @param params - Transfer parameters
+   * @param config - Router configuration
+   * @returns Transaction result
+   */
+  async execute(params, config = {}) {
+    const selection = await this.selectBackend(params, config);
+    return selection.backend.execute(params);
+  }
+  /**
+   * Get available backends for a transfer (without selecting)
+   *
+   * @param params - Transfer parameters
+   * @returns Array of available backends with scores
+   */
+  async getAvailableBackends(params) {
+    return this.registry.findAvailable(params);
+  }
+  /**
+   * Score a backend based on configuration priority
+   */
+  scoreBackend(backend, availability, config) {
+    const capabilities = backend.getCapabilities();
+    let score = 0;
+    const reasons = [];
+    switch (config.prioritize) {
+      case "privacy":
+        if (capabilities.hiddenAmount) {
+          score += PRIORITY_WEIGHTS.privacy.hiddenAmount;
+          reasons.push("hidden amounts");
+        }
+        if (capabilities.hiddenSender) {
+          score += PRIORITY_WEIGHTS.privacy.hiddenSender;
+          reasons.push("hidden sender");
+        }
+        if (capabilities.hiddenRecipient) {
+          score += PRIORITY_WEIGHTS.privacy.hiddenRecipient;
+          reasons.push("hidden recipient");
+        }
+        if (capabilities.hiddenCompute) {
+          score += PRIORITY_WEIGHTS.privacy.hiddenCompute;
+          reasons.push("private compute");
+        }
+        if (capabilities.anonymitySet && capabilities.anonymitySet >= 100) {
+          score += PRIORITY_WEIGHTS.privacy.anonymitySet;
+          reasons.push(`anonymity set: ${capabilities.anonymitySet}`);
+        }
+        break;
+      case "speed":
+        score += PRIORITY_WEIGHTS.speed[capabilities.latencyEstimate];
+        reasons.push(`${capabilities.latencyEstimate} latency`);
+        if (capabilities.setupRequired) {
+          score += PRIORITY_WEIGHTS.speed.setupRequired;
+          reasons.push("setup required");
+        }
+        break;
+      case "cost":
+        if (availability.estimatedCost !== void 0) {
+          const logCost = availability.estimatedCost > BigInt(0) ? Math.log10(Number(availability.estimatedCost)) : 0;
+          const costScore = Math.max(0, 70 - logCost * 5);
+          score += costScore;
+          reasons.push(`low cost`);
+        }
+        break;
+      case "compliance":
+        if (capabilities.complianceSupport) {
+          score += PRIORITY_WEIGHTS.compliance.complianceSupport;
+          reasons.push("viewing key support");
+        }
+        if (capabilities.hiddenAmount) {
+          score += PRIORITY_WEIGHTS.compliance.hiddenAmount;
+        }
+        if (capabilities.hiddenSender) {
+          score += PRIORITY_WEIGHTS.compliance.hiddenSender;
+        }
+        if (capabilities.hiddenRecipient) {
+          score += PRIORITY_WEIGHTS.compliance.hiddenRecipient;
+        }
+        break;
+    }
+    score = Math.min(100, Math.max(0, score));
+    return {
+      score,
+      reason: reasons.length > 0 ? reasons.join(", ") : "default selection"
+    };
+  }
+};
+
+// src/surveillance/algorithms/address-reuse.ts
+var MAX_DEDUCTION = 25;
+var DEDUCTION_PER_REUSE = 2;
+var REUSE_THRESHOLD = 1;
+function analyzeAddressReuse(transactions, walletAddress) {
+  const receiveAddresses = /* @__PURE__ */ new Map();
+  const sendAddresses = /* @__PURE__ */ new Map();
+  for (const tx of transactions) {
+    if (!tx.success) continue;
+    if (tx.recipient === walletAddress) {
+      const count = receiveAddresses.get(walletAddress) ?? 0;
+      receiveAddresses.set(walletAddress, count + 1);
+    }
+    if (tx.sender === walletAddress) {
+      const count = sendAddresses.get(walletAddress) ?? 0;
+      sendAddresses.set(walletAddress, count + 1);
+    }
+    for (const addr of tx.involvedAddresses) {
+      if (addr === walletAddress) continue;
+      if (tx.sender === walletAddress) {
+        const count = sendAddresses.get(addr) ?? 0;
+        sendAddresses.set(addr, count + 1);
+      }
+      if (tx.recipient === walletAddress) {
+        const count = receiveAddresses.get(addr) ?? 0;
+        receiveAddresses.set(addr, count + 1);
+      }
+    }
+  }
+  let receiveReuseCount = 0;
+  let sendReuseCount = 0;
+  const reusedAddresses = [];
+  for (const [address, count] of Array.from(receiveAddresses.entries())) {
+    if (count > REUSE_THRESHOLD) {
+      const reuseCount = count - REUSE_THRESHOLD;
+      receiveReuseCount += reuseCount;
+      const existing = reusedAddresses.find((r) => r.address === address);
+      if (existing) {
+        existing.useCount = Math.max(existing.useCount, count);
+        existing.type = "both";
+      } else {
+        reusedAddresses.push({
+          address,
+          useCount: count,
+          type: "receive"
+        });
+      }
+    }
+  }
+  for (const [address, count] of Array.from(sendAddresses.entries())) {
+    if (count > REUSE_THRESHOLD) {
+      const reuseCount = count - REUSE_THRESHOLD;
+      sendReuseCount += reuseCount;
+      const existing = reusedAddresses.find((r) => r.address === address);
+      if (existing) {
+        existing.useCount = Math.max(existing.useCount, count);
+        existing.type = "both";
+      } else {
+        reusedAddresses.push({
+          address,
+          useCount: count,
+          type: "send"
+        });
+      }
+    }
+  }
+  const totalReuseCount = receiveReuseCount + sendReuseCount;
+  const rawDeduction = totalReuseCount * DEDUCTION_PER_REUSE;
+  const scoreDeduction = Math.min(rawDeduction, MAX_DEDUCTION);
+  reusedAddresses.sort((a, b) => b.useCount - a.useCount);
+  return {
+    receiveReuseCount,
+    sendReuseCount,
+    totalReuseCount,
+    scoreDeduction,
+    reusedAddresses: reusedAddresses.slice(0, 10)
+    // Top 10 most reused
+  };
+}
+
+// src/surveillance/algorithms/cluster.ts
+var MAX_DEDUCTION2 = 25;
+var DEDUCTION_PER_LINK = 3;
+var MIN_LINK_THRESHOLD = 2;
+var UnionFind = class {
+  parent;
+  rank;
+  constructor() {
+    this.parent = /* @__PURE__ */ new Map();
+    this.rank = /* @__PURE__ */ new Map();
+  }
+  find(x) {
+    if (!this.parent.has(x)) {
+      this.parent.set(x, x);
+      this.rank.set(x, 0);
+    }
+    if (this.parent.get(x) !== x) {
+      this.parent.set(x, this.find(this.parent.get(x)));
+    }
+    return this.parent.get(x);
+  }
+  union(x, y) {
+    const rootX = this.find(x);
+    const rootY = this.find(y);
+    if (rootX === rootY) return;
+    const rankX = this.rank.get(rootX) ?? 0;
+    const rankY = this.rank.get(rootY) ?? 0;
+    if (rankX < rankY) {
+      this.parent.set(rootX, rootY);
+    } else if (rankX > rankY) {
+      this.parent.set(rootY, rootX);
+    } else {
+      this.parent.set(rootY, rootX);
+      this.rank.set(rootX, rankX + 1);
+    }
+  }
+  getClusters() {
+    const clusters = /* @__PURE__ */ new Map();
+    for (const addr of Array.from(this.parent.keys())) {
+      const root = this.find(addr);
+      if (!clusters.has(root)) {
+        clusters.set(root, []);
+      }
+      clusters.get(root).push(addr);
+    }
+    return clusters;
+  }
+};
+function detectClusters(transactions, walletAddress) {
+  const uf = new UnionFind();
+  const linkCounts = /* @__PURE__ */ new Map();
+  const linkTypes = /* @__PURE__ */ new Map();
+  const txCountPerPair = /* @__PURE__ */ new Map();
+  uf.find(walletAddress);
+  for (const tx of transactions) {
+    if (!tx.success) continue;
+    const involvedWithWallet = tx.involvedAddresses.filter(
+      (addr) => addr !== walletAddress
+    );
+    if (tx.sender === walletAddress && involvedWithWallet.length > 0) {
+      for (const addr of involvedWithWallet) {
+        const pairKey = [walletAddress, addr].sort().join(":");
+        const count = (txCountPerPair.get(pairKey) ?? 0) + 1;
+        txCountPerPair.set(pairKey, count);
+        if (count >= MIN_LINK_THRESHOLD) {
+          uf.union(walletAddress, addr);
+          linkCounts.set(addr, count);
+          linkTypes.set(addr, "common-input");
+        }
+      }
+    }
+    if (tx.sender === walletAddress && tx.recipient !== walletAddress) {
+      const otherRecipients = involvedWithWallet.filter(
+        (addr) => addr !== tx.recipient
+      );
+      for (const addr of otherRecipients) {
+        const pairKey = [walletAddress, addr].sort().join(":");
+        const count = (txCountPerPair.get(pairKey) ?? 0) + 1;
+        txCountPerPair.set(pairKey, count);
+        if (count >= MIN_LINK_THRESHOLD) {
+          uf.union(walletAddress, addr);
+          if (!linkTypes.has(addr)) {
+            linkTypes.set(addr, "change-address");
+          }
+          linkCounts.set(addr, count);
+        }
+      }
+    }
+    if (tx.recipient === walletAddress && involvedWithWallet.length > 1) {
+      for (let i = 0; i < involvedWithWallet.length; i++) {
+        for (let j = i + 1; j < involvedWithWallet.length; j++) {
+          const addr1 = involvedWithWallet[i];
+          const addr2 = involvedWithWallet[j];
+          const pairKey2 = [addr1, addr2].sort().join(":");
+          const count2 = (txCountPerPair.get(pairKey2) ?? 0) + 1;
+          txCountPerPair.set(pairKey2, count2);
+          if (count2 >= MIN_LINK_THRESHOLD) {
+            uf.union(addr1, addr2);
+            linkTypes.set(addr1, "consolidation");
+            linkTypes.set(addr2, "consolidation");
+          }
+        }
+        const pairKey = [walletAddress, involvedWithWallet[i]].sort().join(":");
+        const count = (txCountPerPair.get(pairKey) ?? 0) + 1;
+        txCountPerPair.set(pairKey, count);
+        if (count >= MIN_LINK_THRESHOLD) {
+          uf.union(walletAddress, involvedWithWallet[i]);
+          linkCounts.set(involvedWithWallet[i], count);
+        }
+      }
+    }
+  }
+  const allClusters = uf.getClusters();
+  const walletRoot = uf.find(walletAddress);
+  const walletCluster = allClusters.get(walletRoot) ?? [walletAddress];
+  const linkedAddresses = walletCluster.filter((addr) => addr !== walletAddress);
+  const linkedAddressCount = linkedAddresses.length;
+  const totalLinkTxs = Array.from(linkCounts.values()).reduce((a, b) => a + b, 0);
+  const confidence = Math.min(totalLinkTxs / (linkedAddressCount * 5), 1);
+  const rawDeduction = linkedAddressCount * DEDUCTION_PER_LINK;
+  const scoreDeduction = Math.min(rawDeduction, MAX_DEDUCTION2);
+  const clusters = [];
+  if (linkedAddressCount > 0) {
+    const byType = /* @__PURE__ */ new Map();
+    for (const addr of linkedAddresses) {
+      const type = linkTypes.get(addr) ?? "common-input";
+      if (!byType.has(type)) {
+        byType.set(type, []);
+      }
+      byType.get(type).push(addr);
+    }
+    for (const [type, addresses] of Array.from(byType.entries())) {
+      const txCount = addresses.reduce(
+        (sum, addr) => sum + (linkCounts.get(addr) ?? 0),
+        0
+      );
+      clusters.push({
+        addresses: [walletAddress, ...addresses],
+        linkType: type,
+        transactionCount: txCount
+      });
+    }
+  }
+  return {
+    linkedAddressCount,
+    confidence,
+    scoreDeduction,
+    clusters
+  };
+}
+
+// src/surveillance/algorithms/exchange.ts
+var MAX_DEDUCTION3 = 20;
+var DEDUCTION_PER_CEX = 8;
+var DEDUCTION_PER_DEX = 2;
+var KNOWN_EXCHANGES = [
+  // Centralized Exchanges (KYC Required)
+  {
+    name: "Binance",
+    addresses: [
+      "5tzFkiKscXHK5ZXCGbXZxdw7gTjjD1mBwuoFbhUvuAi9",
+      "9WzDXwBbmkg8ZTbNMqUxvQRAyrZzDsGYdLVL9zYtAWWM",
+      "AC5RDfQFmDS1deWZos921JfqscXdByf8BKHs5ACWjtW2"
+    ],
+    type: "cex",
+    kycRequired: true
+  },
+  {
+    name: "Coinbase",
+    addresses: [
+      "H8sMJSCQxfKiFTCfDR3DUMLPwcRbM61LGFJ8N4dK3WjS",
+      "2ojv9BAiHUrvsm9gxDe7fJSzbNZSJcxZvf8dqmWGHG8S",
+      "GJRs4FwHtemZ5ZE9x3FNvJ8TMwitKTh21yxdRPqn7npE"
+    ],
+    type: "cex",
+    kycRequired: true
+  },
+  {
+    name: "Kraken",
+    addresses: [
+      "krakenmRKej41L9sX8N8Z2mhjZ8UpVHHBMzkKzfBh54"
+    ],
+    type: "cex",
+    kycRequired: true
+  },
+  {
+    name: "FTX (Defunct)",
+    addresses: [
+      "FTXkd8cjuYGRLzPVdvqxNxNNNYBfFPPjrF3vW2Yq8p7"
+    ],
+    type: "cex",
+    kycRequired: true
+  },
+  {
+    name: "KuCoin",
+    addresses: [
+      "BmFdpraQhkiDQE6SnfG5omcA1VwzqfXrwtNYBwWTymy6"
+    ],
+    type: "cex",
+    kycRequired: true
+  },
+  {
+    name: "OKX",
+    addresses: [
+      "GGztQqQ6pCPaJQnNpXBgELr5cs3WwDakRbh1iEMzjgSJ"
+    ],
+    type: "cex",
+    kycRequired: true
+  },
+  {
+    name: "Bybit",
+    addresses: [
+      "AC5RDfQFmDS1deWZos921JfqscXdByf8BKHs5ACWjtW3"
+    ],
+    type: "cex",
+    kycRequired: true
+  },
+  {
+    name: "Gate.io",
+    addresses: [
+      "u6PJ8DtQuPFnfmwHbGFULQ4u4EgjDiyYKjVEsynXq2w"
+    ],
+    type: "cex",
+    kycRequired: true
+  },
+  // Decentralized Exchanges (No KYC but traceable)
+  {
+    name: "Jupiter",
+    addresses: [
+      "JUP6LkbZbjS1jKKwapdHNy74zcZ3tLUZoi5QNyVTaV4",
+      "JUP4Fb2cqiRUcaTHdrPC8h2gNsA2ETXiPDD33WcGuJB"
+    ],
+    type: "dex",
+    kycRequired: false
+  },
+  {
+    name: "Raydium",
+    addresses: [
+      "675kPX9MHTjS2zt1qfr1NYHuzeLXfQM9H24wFSUt1Mp8",
+      "5Q544fKrFoe6tsEbD7S8EmxGTJYAKtTVhAW5Q5pge4j1"
+    ],
+    type: "dex",
+    kycRequired: false
+  },
+  {
+    name: "Orca",
+    addresses: [
+      "9W959DqEETiGZocYWCQPaJ6sBmUzgfxXfqGeTEdp3aQP",
+      "whirLbMiicVdio4qvUfM5KAg6Ct8VwpYzGff3uctyCc"
+    ],
+    type: "dex",
+    kycRequired: false
+  },
+  {
+    name: "Marinade",
+    addresses: [
+      "MarBmsSgKXdrN1egZf5sqe1TMai9K1rChYNDJgjq7aD"
+    ],
+    type: "dex",
+    kycRequired: false
+  },
+  {
+    name: "Phantom Swap",
+    addresses: [
+      "PhoeNiXZ8ByJGLkxNfZRnkUfjvmuYqLR89jjFHGqdXY"
+    ],
+    type: "dex",
+    kycRequired: false
+  }
+];
+function buildExchangeLookup(exchanges) {
+  const lookup = /* @__PURE__ */ new Map();
+  for (const exchange of exchanges) {
+    for (const address of exchange.addresses) {
+      lookup.set(address, exchange);
+    }
+  }
+  return lookup;
+}
+function detectExchangeExposure(transactions, walletAddress, customExchanges) {
+  const exchanges = customExchanges ? [...KNOWN_EXCHANGES, ...customExchanges] : KNOWN_EXCHANGES;
+  const lookup = buildExchangeLookup(exchanges);
+  const exchangeStats = /* @__PURE__ */ new Map();
+  for (const tx of transactions) {
+    if (!tx.success) continue;
+    for (const addr of tx.involvedAddresses) {
+      const exchange = lookup.get(addr);
+      if (!exchange) continue;
+      if (!exchangeStats.has(exchange.name)) {
+        exchangeStats.set(exchange.name, {
+          exchange,
+          deposits: 0,
+          withdrawals: 0,
+          firstInteraction: tx.timestamp,
+          lastInteraction: tx.timestamp
+        });
+      }
+      const stats = exchangeStats.get(exchange.name);
+      stats.firstInteraction = Math.min(stats.firstInteraction, tx.timestamp);
+      stats.lastInteraction = Math.max(stats.lastInteraction, tx.timestamp);
+      if (tx.sender === walletAddress && tx.recipient === addr) {
+        stats.deposits++;
+      } else if (tx.sender === addr && tx.recipient === walletAddress) {
+        stats.withdrawals++;
+      } else if (tx.sender === walletAddress) {
+        stats.deposits++;
+      }
+    }
+  }
+  let totalDeposits = 0;
+  let totalWithdrawals = 0;
+  let cexCount = 0;
+  let dexCount = 0;
+  const exchangeResults = [];
+  for (const [name, stats] of Array.from(exchangeStats.entries())) {
+    totalDeposits += stats.deposits;
+    totalWithdrawals += stats.withdrawals;
+    if (stats.exchange.type === "cex") {
+      cexCount++;
+    } else {
+      dexCount++;
+    }
+    exchangeResults.push({
+      name,
+      type: stats.exchange.type,
+      kycRequired: stats.exchange.kycRequired,
+      deposits: stats.deposits,
+      withdrawals: stats.withdrawals,
+      firstInteraction: stats.firstInteraction,
+      lastInteraction: stats.lastInteraction
+    });
+  }
+  exchangeResults.sort(
+    (a, b) => b.deposits + b.withdrawals - (a.deposits + a.withdrawals)
+  );
+  const cexDeduction = cexCount * DEDUCTION_PER_CEX;
+  const dexDeduction = dexCount * DEDUCTION_PER_DEX;
+  const rawDeduction = cexDeduction + dexDeduction;
+  const scoreDeduction = Math.min(rawDeduction, MAX_DEDUCTION3);
+  return {
+    exchangeCount: exchangeStats.size,
+    depositCount: totalDeposits,
+    withdrawalCount: totalWithdrawals,
+    scoreDeduction,
+    exchanges: exchangeResults
+  };
+}
+
+// src/surveillance/algorithms/temporal.ts
+var MAX_DEDUCTION4 = 15;
+var DEDUCTION_PER_PATTERN = 5;
+var MIN_TRANSACTIONS_FOR_PATTERN = 5;
+var DAY_REGULARITY_THRESHOLD = 0.3;
+var HOUR_REGULARITY_THRESHOLD = 0.25;
+var TIMEZONES = {
+  "UTC-12": -12,
+  "UTC-11": -11,
+  "HST": -10,
+  "AKST": -9,
+  "PST": -8,
+  "MST": -7,
+  "CST": -6,
+  "EST": -5,
+  "AST": -4,
+  "BRT": -3,
+  "UTC-2": -2,
+  "UTC-1": -1,
+  "UTC": 0,
+  "CET": 1,
+  "EET": 2,
+  "MSK": 3,
+  "GST": 4,
+  "PKT": 5,
+  "BST": 6,
+  "ICT": 7,
+  "CST_ASIA": 8,
+  "JST": 9,
+  "AEST": 10,
+  "AEDT": 11,
+  "NZST": 12
+};
+function analyzeTemporalPatterns(transactions) {
+  const patterns = [];
+  if (transactions.length < MIN_TRANSACTIONS_FOR_PATTERN) {
+    return {
+      patterns: [],
+      scoreDeduction: 0
+    };
+  }
+  const txTimes = transactions.filter((tx) => tx.success && tx.timestamp > 0).map((tx) => new Date(tx.timestamp * 1e3));
+  if (txTimes.length < MIN_TRANSACTIONS_FOR_PATTERN) {
+    return {
+      patterns: [],
+      scoreDeduction: 0
+    };
+  }
+  const dayOfWeekPattern = analyzeDayOfWeekPattern(txTimes);
+  if (dayOfWeekPattern) {
+    patterns.push(dayOfWeekPattern);
+  }
+  const hourPattern = analyzeHourPattern(txTimes);
+  if (hourPattern) {
+    patterns.push(hourPattern);
+  }
+  const inferredTimezone = inferTimezone(txTimes);
+  const burstPattern = detectActivityBursts(transactions);
+  if (burstPattern) {
+    patterns.push(burstPattern);
+  }
+  const rawDeduction = patterns.length * DEDUCTION_PER_PATTERN;
+  const scoreDeduction = Math.min(rawDeduction, MAX_DEDUCTION4);
+  return {
+    patterns,
+    inferredTimezone,
+    scoreDeduction
+  };
+}
+function analyzeDayOfWeekPattern(times) {
+  const dayCount = new Array(7).fill(0);
+  for (const time of times) {
+    dayCount[time.getUTCDay()]++;
+  }
+  const total = times.length;
+  const dominantDays = [];
+  for (let day = 0; day < 7; day++) {
+    const percentage = dayCount[day] / total;
+    if (percentage >= DAY_REGULARITY_THRESHOLD) {
+      dominantDays.push(day);
+    }
+  }
+  if (dominantDays.length === 0 || dominantDays.length > 3) {
+    return null;
+  }
+  const dayNames = ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"];
+  const dominantDayNames = dominantDays.map((d) => dayNames[d]).join(", ");
+  return {
+    type: "regular-schedule",
+    description: `Most transactions occur on ${dominantDayNames}`,
+    confidence: Math.max(...dominantDays.map((d) => dayCount[d] / total)),
+    evidence: {
+      dayOfWeek: dominantDays
+    }
+  };
+}
+function analyzeHourPattern(times) {
+  const hourCount = new Array(24).fill(0);
+  for (const time of times) {
+    hourCount[time.getUTCHours()]++;
+  }
+  const total = times.length;
+  const activeHours = [];
+  for (let hour = 0; hour < 24; hour++) {
+    const windowCount = hourCount[hour] + hourCount[(hour + 1) % 24] + hourCount[(hour + 2) % 24];
+    const windowPercentage = windowCount / total;
+    if (windowPercentage >= HOUR_REGULARITY_THRESHOLD) {
+      if (!activeHours.includes(hour)) {
+        activeHours.push(hour);
+      }
+    }
+  }
+  if (activeHours.length === 0 || activeHours.length > 8) {
+    return null;
+  }
+  const activeHourRange = Math.max(...activeHours) - Math.min(...activeHours);
+  if (activeHourRange <= 6) {
+    const startHour = Math.min(...activeHours);
+    const endHour = Math.max(...activeHours) + 2;
+    return {
+      type: "timezone-inference",
+      description: `Activity concentrated between ${startHour}:00-${endHour}:00 UTC`,
+      confidence: 0.7,
+      evidence: {
+        hourOfDay: activeHours
+      }
+    };
+  }
+  return null;
+}
+function inferTimezone(times) {
+  const hourCount = new Array(24).fill(0);
+  for (const time of times) {
+    hourCount[time.getUTCHours()]++;
+  }
+  let maxActivity = 0;
+  let bestStartHour = 0;
+  for (let start = 0; start < 24; start++) {
+    let windowActivity = 0;
+    for (let i = 0; i < 8; i++) {
+      windowActivity += hourCount[(start + i) % 24];
+    }
+    if (windowActivity > maxActivity) {
+      maxActivity = windowActivity;
+      bestStartHour = start;
+    }
+  }
+  const totalActivity = times.length;
+  if (maxActivity / totalActivity < 0.6) {
+    return void 0;
+  }
+  const assumedLocalNoon = 12;
+  const peakMidpoint = (bestStartHour + 4) % 24;
+  const inferredOffset = (assumedLocalNoon - peakMidpoint + 24) % 24;
+  const normalizedOffset = inferredOffset > 12 ? inferredOffset - 24 : inferredOffset;
+  for (const [name, offset] of Object.entries(TIMEZONES)) {
+    if (Math.abs(offset - normalizedOffset) <= 1) {
+      return name;
+    }
+  }
+  return `UTC${normalizedOffset >= 0 ? "+" : ""}${normalizedOffset}`;
+}
+function detectActivityBursts(transactions) {
+  if (transactions.length < 10) {
+    return null;
+  }
+  const sorted = [...transactions].filter((tx) => tx.timestamp > 0).sort((a, b) => a.timestamp - b.timestamp);
+  const gaps = [];
+  for (let i = 1; i < sorted.length; i++) {
+    gaps.push(sorted[i].timestamp - sorted[i - 1].timestamp);
+  }
+  const avgGap = gaps.reduce((a, b) => a + b, 0) / gaps.length;
+  const burstThreshold = avgGap * 0.1;
+  let burstCount = 0;
+  for (const gap of gaps) {
+    if (gap < burstThreshold && gap < 3600) {
+      burstCount++;
+    }
+  }
+  const burstPercentage = burstCount / gaps.length;
+  if (burstPercentage > 0.2) {
+    return {
+      type: "activity-burst",
+      description: `${Math.round(burstPercentage * 100)}% of transactions occur in rapid succession`,
+      confidence: burstPercentage,
+      evidence: {
+        frequency: `${burstCount} bursts detected`
+      }
+    };
+  }
+  return null;
+}
+
+// src/surveillance/scoring.ts
+var MAX_POINTS = {
+  addressReuse: 25,
+  clusterExposure: 25,
+  exchangeExposure: 20,
+  temporalPatterns: 15,
+  socialLinks: 15
+};
+var TOTAL_MAX_SCORE = Object.values(MAX_POINTS).reduce((a, b) => a + b, 0);
+var RISK_THRESHOLDS = {
+  critical: 30,
+  high: 50,
+  medium: 70,
+  low: 100
+};
+function calculatePrivacyScore(addressReuse, cluster, exchangeExposure, temporalPatterns, socialLinks, walletAddress) {
+  const breakdown = {
+    addressReuse: MAX_POINTS.addressReuse - addressReuse.scoreDeduction,
+    clusterExposure: MAX_POINTS.clusterExposure - cluster.scoreDeduction,
+    exchangeExposure: MAX_POINTS.exchangeExposure - exchangeExposure.scoreDeduction,
+    temporalPatterns: MAX_POINTS.temporalPatterns - temporalPatterns.scoreDeduction,
+    socialLinks: MAX_POINTS.socialLinks - socialLinks.scoreDeduction
+  };
+  const totalScore = breakdown.addressReuse + breakdown.clusterExposure + breakdown.exchangeExposure + breakdown.temporalPatterns + breakdown.socialLinks;
+  const overall = Math.round(totalScore / TOTAL_MAX_SCORE * 100);
+  let risk = "low";
+  if (overall < RISK_THRESHOLDS.critical) {
+    risk = "critical";
+  } else if (overall < RISK_THRESHOLDS.high) {
+    risk = "high";
+  } else if (overall < RISK_THRESHOLDS.medium) {
+    risk = "medium";
+  }
+  const recommendations = generateRecommendations(
+    addressReuse,
+    cluster,
+    exchangeExposure,
+    temporalPatterns,
+    socialLinks
+  );
+  return {
+    overall,
+    breakdown,
+    risk,
+    recommendations,
+    analyzedAt: Date.now(),
+    walletAddress
+  };
+}
+function generateRecommendations(addressReuse, cluster, exchangeExposure, temporalPatterns, socialLinks) {
+  const recommendations = [];
+  if (addressReuse.scoreDeduction > 0) {
+    const severity = getSeverity(addressReuse.scoreDeduction, MAX_POINTS.addressReuse);
+    recommendations.push({
+      id: "address-reuse-001",
+      severity,
+      category: "addressReuse",
+      title: `Address reused ${addressReuse.totalReuseCount} times`,
+      description: "Reusing the same address for multiple transactions creates linkability between your transactions, allowing observers to track your activity.",
+      action: "Use SIP stealth addresses for each transaction. Each payment uses a unique one-time address that cannot be linked to your main address.",
+      potentialGain: addressReuse.scoreDeduction
+    });
+  }
+  if (cluster.scoreDeduction > 0) {
+    const severity = getSeverity(cluster.scoreDeduction, MAX_POINTS.clusterExposure);
+    recommendations.push({
+      id: "cluster-001",
+      severity,
+      category: "clusterExposure",
+      title: `${cluster.linkedAddressCount} addresses linked to your wallet`,
+      description: "Transaction analysis has linked multiple addresses to your wallet through common input ownership patterns. This expands your privacy exposure.",
+      action: "Use SIP for all transactions to prevent cluster analysis. Stealth addresses break the link between your spending and receiving addresses.",
+      potentialGain: cluster.scoreDeduction
+    });
+  }
+  if (exchangeExposure.scoreDeduction > 0) {
+    const cexes = exchangeExposure.exchanges.filter((e) => e.kycRequired);
+    const severity = getSeverity(exchangeExposure.scoreDeduction, MAX_POINTS.exchangeExposure);
+    if (cexes.length > 0) {
+      recommendations.push({
+        id: "exchange-cex-001",
+        severity,
+        category: "exchangeExposure",
+        title: `Interacted with ${cexes.length} KYC exchange(s)`,
+        description: `Deposits to ${cexes.map((e) => e.name).join(", ")} link your on-chain activity to your verified identity. This is one of the biggest privacy risks.`,
+        action: "Use SIP viewing keys for selective disclosure. You can prove compliance to exchanges without exposing your full transaction history.",
+        potentialGain: Math.min(cexes.length * 8, MAX_POINTS.exchangeExposure)
+      });
+    }
+    const dexes = exchangeExposure.exchanges.filter((e) => !e.kycRequired);
+    if (dexes.length > 0) {
+      recommendations.push({
+        id: "exchange-dex-001",
+        severity: "low",
+        category: "exchangeExposure",
+        title: `Used ${dexes.length} DEX(es) without privacy`,
+        description: "DEX swaps are public and can be traced. While no KYC is required, your swap patterns can reveal trading strategies.",
+        action: "Use SIP for private swaps. Amounts and swap details are hidden while still using your preferred DEX.",
+        potentialGain: Math.min(dexes.length * 2, 6)
+      });
+    }
+  }
+  if (temporalPatterns.scoreDeduction > 0) {
+    const severity = getSeverity(temporalPatterns.scoreDeduction, MAX_POINTS.temporalPatterns);
+    for (const pattern of temporalPatterns.patterns) {
+      if (pattern.type === "regular-schedule") {
+        recommendations.push({
+          id: "temporal-schedule-001",
+          severity,
+          category: "temporalPatterns",
+          title: "Regular transaction schedule detected",
+          description: `${pattern.description}. Predictable patterns make your activity easier to track and attribute.`,
+          action: "Vary your transaction timing. Consider using scheduled private transactions through SIP to obscure timing patterns.",
+          potentialGain: 5
+        });
+      }
+      if (pattern.type === "timezone-inference") {
+        recommendations.push({
+          id: "temporal-timezone-001",
+          severity: "medium",
+          category: "temporalPatterns",
+          title: "Timezone can be inferred from activity",
+          description: `${pattern.description}. This narrows down your geographic location based on when you transact.`,
+          action: "Use time-delayed transactions or vary your active hours. SIP can queue transactions for random future execution.",
+          potentialGain: 5
+        });
+      }
+    }
+  }
+  if (socialLinks.scoreDeduction > 0) {
+    const severity = getSeverity(socialLinks.scoreDeduction, MAX_POINTS.socialLinks);
+    if (socialLinks.isDoxxed) {
+      recommendations.push({
+        id: "social-doxxed-001",
+        severity: "critical",
+        category: "socialLinks",
+        title: "Wallet publicly linked to your identity",
+        description: "Your wallet address is publicly associated with your real identity through ENS/SNS names or social profiles. All transactions are attributable to you.",
+        action: "Use a fresh wallet with SIP for private transactions. Your viewing keys let you prove ownership when needed without constant exposure.",
+        potentialGain: 15
+      });
+    } else if (socialLinks.partialExposure) {
+      recommendations.push({
+        id: "social-partial-001",
+        severity,
+        category: "socialLinks",
+        title: "Partial identity exposure detected",
+        description: "Some identifying information is linked to your wallet, such as ENS names or labeled addresses on block explorers.",
+        action: "Consider using a separate wallet for private activities. SIP stealth addresses prevent linking to your main identity.",
+        potentialGain: socialLinks.scoreDeduction
+      });
+    }
+  }
+  recommendations.sort((a, b) => b.potentialGain - a.potentialGain);
+  return recommendations;
+}
+function getSeverity(deduction, maxPoints) {
+  const percentage = deduction / maxPoints;
+  if (percentage >= 0.8) return "critical";
+  if (percentage >= 0.5) return "high";
+  if (percentage >= 0.25) return "medium";
+  return "low";
+}
+function calculateSIPComparison(currentScore) {
+  const improvements = [];
+  const addressReuseImprovement = MAX_POINTS.addressReuse - currentScore.breakdown.addressReuse;
+  if (addressReuseImprovement > 0) {
+    improvements.push({
+      category: "addressReuse",
+      currentScore: currentScore.breakdown.addressReuse,
+      projectedScore: MAX_POINTS.addressReuse,
+      reason: "Stealth addresses prevent any address reuse"
+    });
+  }
+  const clusterImprovement = MAX_POINTS.clusterExposure - currentScore.breakdown.clusterExposure;
+  if (clusterImprovement > 0) {
+    improvements.push({
+      category: "clusterExposure",
+      currentScore: currentScore.breakdown.clusterExposure,
+      projectedScore: MAX_POINTS.clusterExposure,
+      reason: "Stealth addresses cannot be linked via common input analysis"
+    });
+  }
+  const exchangeImprovement = Math.min(
+    (MAX_POINTS.exchangeExposure - currentScore.breakdown.exchangeExposure) * 0.5,
+    10
+  );
+  if (exchangeImprovement > 0) {
+    improvements.push({
+      category: "exchangeExposure",
+      currentScore: currentScore.breakdown.exchangeExposure,
+      projectedScore: currentScore.breakdown.exchangeExposure + Math.round(exchangeImprovement),
+      reason: "Viewing keys allow selective disclosure without exposing full history"
+    });
+  }
+  const temporalImprovement = Math.min(
+    (MAX_POINTS.temporalPatterns - currentScore.breakdown.temporalPatterns) * 0.3,
+    5
+  );
+  if (temporalImprovement > 0) {
+    improvements.push({
+      category: "temporalPatterns",
+      currentScore: currentScore.breakdown.temporalPatterns,
+      projectedScore: currentScore.breakdown.temporalPatterns + Math.round(temporalImprovement),
+      reason: "Private transactions reduce pattern correlation"
+    });
+  }
+  const totalImprovement = improvements.reduce(
+    (sum, imp) => sum + (imp.projectedScore - imp.currentScore),
+    0
+  );
+  const projectedTotal = currentScore.overall / 100 * TOTAL_MAX_SCORE + totalImprovement;
+  const projectedScore = Math.min(Math.round(projectedTotal / TOTAL_MAX_SCORE * 100), 100);
+  return {
+    currentScore: currentScore.overall,
+    projectedScore,
+    improvement: projectedScore - currentScore.overall,
+    improvements
+  };
+}
+
+// src/surveillance/analyzer.ts
+var SurveillanceAnalyzer = class _SurveillanceAnalyzer {
+  config;
+  heliusUrl;
+  constructor(config) {
+    if (!config.heliusApiKey) {
+      throw new Error(
+        "Helius API key is required. Get one at https://dev.helius.xyz"
+      );
+    }
+    this.config = {
+      heliusApiKey: config.heliusApiKey,
+      cluster: config.cluster ?? "mainnet-beta",
+      maxTransactions: config.maxTransactions ?? 1e3,
+      includeSocialLinks: config.includeSocialLinks ?? false,
+      customExchangeAddresses: config.customExchangeAddresses ?? []
+    };
+    this.heliusUrl = this.config.cluster === "devnet" ? `https://api-devnet.helius.xyz/v0` : `https://api.helius.xyz/v0`;
+  }
+  /**
+   * Perform full privacy analysis on a wallet
+   *
+   * @param walletAddress - Solana wallet address to analyze
+   * @returns Complete analysis result with all details
+   */
+  async analyze(walletAddress) {
+    const startTime = Date.now();
+    const transactions = await this.fetchTransactionHistory(walletAddress);
+    const addressReuse = analyzeAddressReuse(transactions, walletAddress);
+    const cluster = detectClusters(transactions, walletAddress);
+    const exchangeExposure = detectExchangeExposure(
+      transactions,
+      walletAddress,
+      this.config.customExchangeAddresses
+    );
+    const temporalPatterns = analyzeTemporalPatterns(transactions);
+    const socialLinks = await this.analyzeSocialLinks(walletAddress);
+    const privacyScore = calculatePrivacyScore(
+      addressReuse,
+      cluster,
+      exchangeExposure,
+      temporalPatterns,
+      socialLinks,
+      walletAddress
+    );
+    const sipComparison = calculateSIPComparison(privacyScore);
+    const analysisDurationMs = Date.now() - startTime;
+    return {
+      privacyScore,
+      addressReuse,
+      cluster,
+      exchangeExposure,
+      temporalPatterns,
+      socialLinks,
+      sipComparison,
+      transactionCount: transactions.length,
+      analysisDurationMs
+    };
+  }
+  /**
+   * Fetch transaction history using Helius Enhanced Transactions API
+   */
+  async fetchTransactionHistory(walletAddress) {
+    const transactions = [];
+    let beforeSignature;
+    let hasMore = true;
+    while (hasMore && transactions.length < this.config.maxTransactions) {
+      const url = new URL(`${this.heliusUrl}/addresses/${walletAddress}/transactions`);
+      url.searchParams.set("api-key", this.config.heliusApiKey);
+      url.searchParams.set("limit", "100");
+      if (beforeSignature) {
+        url.searchParams.set("before", beforeSignature);
+      }
+      const controller = new AbortController();
+      const timeoutId = setTimeout(() => controller.abort(), 3e4);
+      let response;
+      try {
+        response = await fetch(url.toString(), {
+          signal: controller.signal
+        });
+      } catch (error) {
+        clearTimeout(timeoutId);
+        if (error instanceof Error && error.name === "AbortError") {
+          throw new Error("Helius API request timed out after 30 seconds");
+        }
+        throw error;
+      }
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        throw new Error(
+          `Helius API error: ${response.status} ${response.statusText}`
+        );
+      }
+      const data = await response.json();
+      if (data.length === 0) {
+        hasMore = false;
+        break;
+      }
+      for (const tx of data) {
+        const analyzable = this.parseTransaction(tx, walletAddress);
+        if (analyzable) {
+          transactions.push(analyzable);
+        }
+      }
+      beforeSignature = data[data.length - 1]?.signature;
+      hasMore = data.length === 100;
+      await new Promise((resolve) => setTimeout(resolve, 100));
+    }
+    return transactions;
+  }
+  /**
+   * Parse Helius transaction into analyzable format
+   */
+  parseTransaction(tx, walletAddress) {
+    const involvedAddresses = /* @__PURE__ */ new Set();
+    if (tx.feePayer) {
+      involvedAddresses.add(tx.feePayer);
+    }
+    let sender = null;
+    let recipient = null;
+    let amount = BigInt(0);
+    if (tx.nativeTransfers && tx.nativeTransfers.length > 0) {
+      for (const transfer of tx.nativeTransfers) {
+        involvedAddresses.add(transfer.fromUserAccount);
+        involvedAddresses.add(transfer.toUserAccount);
+        if (transfer.fromUserAccount === walletAddress) {
+          sender = walletAddress;
+          recipient = transfer.toUserAccount;
+          amount = BigInt(transfer.amount);
+        } else if (transfer.toUserAccount === walletAddress) {
+          sender = transfer.fromUserAccount;
+          recipient = walletAddress;
+          amount = BigInt(transfer.amount);
+        }
+      }
+    }
+    let mint = null;
+    if (tx.tokenTransfers && tx.tokenTransfers.length > 0) {
+      for (const transfer of tx.tokenTransfers) {
+        if (transfer.fromUserAccount) {
+          involvedAddresses.add(transfer.fromUserAccount);
+        }
+        if (transfer.toUserAccount) {
+          involvedAddresses.add(transfer.toUserAccount);
+        }
+        if (transfer.fromUserAccount === walletAddress) {
+          sender = walletAddress;
+          recipient = transfer.toUserAccount;
+          amount = BigInt(Math.floor(transfer.tokenAmount));
+          mint = transfer.mint;
+        } else if (transfer.toUserAccount === walletAddress) {
+          sender = transfer.fromUserAccount;
+          recipient = walletAddress;
+          amount = BigInt(Math.floor(transfer.tokenAmount));
+          mint = transfer.mint;
+        }
+      }
+    }
+    if (tx.accountData) {
+      for (const account of tx.accountData) {
+        involvedAddresses.add(account.account);
+      }
+    }
+    let type = "other";
+    if (tx.type === "SWAP" || tx.events?.swap) {
+      type = "swap";
+    } else if (tx.type === "TRANSFER" || tx.nativeTransfers?.length || tx.tokenTransfers?.length) {
+      type = "transfer";
+    } else if (tx.type?.includes("STAKE")) {
+      type = "stake";
+    }
+    return {
+      signature: tx.signature,
+      slot: tx.slot,
+      timestamp: tx.timestamp,
+      sender,
+      recipient,
+      amount,
+      mint,
+      fee: BigInt(tx.fee || 0),
+      involvedAddresses: Array.from(involvedAddresses),
+      type,
+      success: true
+      // Helius only returns successful transactions
+    };
+  }
+  /**
+   * Analyze social links (placeholder for external API integration)
+   *
+   * In production, this would query:
+   * - SNS (Solana Name Service)
+   * - Arkham Intelligence
+   * - 0xppl API
+   * - Other identity providers
+   */
+  async analyzeSocialLinks(walletAddress) {
+    if (!this.config.includeSocialLinks) {
+      return {
+        isDoxxed: false,
+        partialExposure: false,
+        scoreDeduction: 0,
+        links: []
+      };
+    }
+    try {
+      const snsResult = await this.checkSNS(walletAddress);
+      if (snsResult) {
+        return {
+          isDoxxed: false,
+          partialExposure: true,
+          scoreDeduction: 7,
+          links: [snsResult]
+        };
+      }
+    } catch {
+    }
+    return {
+      isDoxxed: false,
+      partialExposure: false,
+      scoreDeduction: 0,
+      links: []
+    };
+  }
+  /**
+   * Check Solana Name Service for domain names
+   */
+  async checkSNS(walletAddress) {
+    try {
+      const url = `${this.heliusUrl}/addresses/${walletAddress}/names?api-key=${this.config.heliusApiKey}`;
+      const response = await fetch(url);
+      if (!response.ok) {
+        return null;
+      }
+      const data = await response.json();
+      if (Array.isArray(data) && data.length > 0) {
+        return {
+          platform: "sns",
+          identifier: data[0].name || data[0],
+          confidence: 1
+        };
+      }
+    } catch {
+    }
+    return null;
+  }
+  /**
+   * Get quick privacy score without full analysis
+   *
+   * Performs a lighter analysis suitable for real-time display.
+   * Uses only the most recent transactions (100 max).
+   */
+  async quickScore(walletAddress) {
+    const quickAnalyzer = new _SurveillanceAnalyzer({
+      heliusApiKey: this.config.heliusApiKey,
+      cluster: this.config.cluster,
+      maxTransactions: 100,
+      includeSocialLinks: false,
+      // Skip social links for speed
+      customExchangeAddresses: this.config.customExchangeAddresses
+    });
+    const result = await quickAnalyzer.analyze(walletAddress);
+    const topRecommendation = result.privacyScore.recommendations[0];
+    return {
+      score: result.privacyScore.overall,
+      risk: result.privacyScore.risk,
+      topIssue: topRecommendation?.title ?? null
+    };
+  }
+};
+function createSurveillanceAnalyzer(config) {
+  return new SurveillanceAnalyzer(config);
+}
+
 // src/proofs/browser.ts
 init_errors();
 var import_noir_js = require("@noir-lang/noir_js");
@@ -22422,7 +24984,7 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
           message: "Proof generated successfully"
         });
         const commitmentHashBytes = returnValue;
-        const commitmentHashHex = bytesToHex12(new Uint8Array(commitmentHashBytes));
+        const commitmentHashHex = bytesToHex11(new Uint8Array(commitmentHashBytes));
         const publicInputs = [
           `0x${params.minimumRequired.toString(16).padStart(64, "0")}`,
           `0x${this.assetIdToField(params.assetId)}`,
@@ -22430,7 +24992,7 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
         ];
         const proof = {
           type: "funding",
-          proof: `0x${bytesToHex12(proofData.proof)}`,
+          proof: `0x${bytesToHex11(proofData.proof)}`,
           publicInputs
         };
         return { proof, publicInputs };
@@ -22545,7 +25107,7 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
         ];
         const proof = {
           type: "validity",
-          proof: `0x${bytesToHex12(proofData.proof)}`,
+          proof: `0x${bytesToHex11(proofData.proof)}`,
           publicInputs
         };
         return { proof, publicInputs };
@@ -22647,7 +25209,7 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
         ];
         const proof = {
           type: "fulfillment",
-          proof: `0x${bytesToHex12(proofData.proof)}`,
+          proof: `0x${bytesToHex11(proofData.proof)}`,
           publicInputs
         };
         return { proof, publicInputs };
@@ -22761,14 +25323,14 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
   }
   async computeCommitmentHash(balance, blindingFactor, assetId) {
     const blindingField = this.bytesToField(blindingFactor);
-    const { sha256: sha25622 } = await import("@noble/hashes/sha256");
+    const { sha256: sha25623 } = await import("@noble/hashes/sha256");
     const { bytesToHex: nobleToHex } = await import("@noble/hashes/utils");
     const preimage = new Uint8Array([
       ...this.bigintToBytes(balance, 8),
       ...blindingFactor.slice(0, 32),
       ...hexToBytes10(this.assetIdToField(assetId))
     ]);
-    const hash2 = sha25622(preimage);
+    const hash2 = sha25623(preimage);
     const commitmentHash = nobleToHex(hash2);
     return { commitmentHash, blindingField };
   }
@@ -22872,8 +25434,8 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
       const addressBytes = hexToBytes10(senderAddressField.padStart(64, "0"));
       const blindingBytes = hexToBytes10(senderBlindingField.padStart(64, "0"));
       const result = await api.pedersenCommit({ inputs: [addressBytes, blindingBytes], hashIndex: 0 });
-      const commitmentX = bytesToHex12(result.point.x).padStart(64, "0");
-      const commitmentY = bytesToHex12(result.point.y).padStart(64, "0");
+      const commitmentX = bytesToHex11(result.point.x).padStart(64, "0");
+      const commitmentY = bytesToHex11(result.point.y).padStart(64, "0");
       return { commitmentX, commitmentY };
     } finally {
       await api.destroy();
@@ -22893,7 +25455,7 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
       const intentBytes = hexToBytes10(intentHashField.padStart(64, "0"));
       const nonceBytes = hexToBytes10(nonceField.padStart(64, "0"));
       const result = await api.pedersenHash({ inputs: [secretBytes, intentBytes, nonceBytes], hashIndex: 0 });
-      const nullifier = bytesToHex12(result.hash).padStart(64, "0");
+      const nullifier = bytesToHex11(result.hash).padStart(64, "0");
       return nullifier;
     } finally {
       await api.destroy();
@@ -22953,25 +25515,25 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
     return sig;
   }
   async computeOutputCommitment(outputAmount, outputBlinding) {
-    const { sha256: sha25622 } = await import("@noble/hashes/sha256");
+    const { sha256: sha25623 } = await import("@noble/hashes/sha256");
     const { bytesToHex: nobleToHex } = await import("@noble/hashes/utils");
     const amountBytes = this.bigintToBytes(outputAmount, 8);
     const blindingBytes = outputBlinding.slice(0, 32);
     const preimage = new Uint8Array([...amountBytes, ...blindingBytes]);
-    const hash2 = sha25622(preimage);
+    const hash2 = sha25623(preimage);
     const commitmentX = nobleToHex(hash2.slice(0, 16)).padStart(64, "0");
     const commitmentY = nobleToHex(hash2.slice(16, 32)).padStart(64, "0");
     return { commitmentX, commitmentY };
   }
   async computeSolverId(solverSecretField) {
-    const { sha256: sha25622 } = await import("@noble/hashes/sha256");
+    const { sha256: sha25623 } = await import("@noble/hashes/sha256");
     const { bytesToHex: nobleToHex } = await import("@noble/hashes/utils");
     const secretBytes = hexToBytes10(solverSecretField.padStart(64, "0"));
-    const hash2 = sha25622(secretBytes);
+    const hash2 = sha25623(secretBytes);
     return this.reduceToField(nobleToHex(hash2));
   }
   async computeOracleMessageHash(recipient, amount, txHash, blockNumber) {
-    const { sha256: sha25622 } = await import("@noble/hashes/sha256");
+    const { sha256: sha25623 } = await import("@noble/hashes/sha256");
     const recipientBytes = hexToBytes10(this.hexToField(recipient));
     const amountBytes = this.bigintToBytes(amount, 8);
     const txHashBytes = hexToBytes10(this.hexToField(txHash));
@@ -22982,7 +25544,7 @@ var BrowserNoirProvider = class _BrowserNoirProvider {
       ...txHashBytes,
       ...blockBytes
     ]);
-    const hash2 = sha25622(preimage);
+    const hash2 = sha25623(preimage);
     return Array.from(hash2);
   }
   getPublicKeyCoordinates(privateKey) {
@@ -23542,6 +26104,8 @@ var ProofWorker = class _ProofWorker {
 0 && (module.exports = {
   ATTESTATION_VERSION,
   AptosStealthService,
+  AttestationGatedDisclosure,
+  AttestationSchema,
   AuditorKeyDerivation,
   AuditorType,
   BaseWalletAdapter,
@@ -23560,11 +26124,14 @@ var ProofWorker = class _ProofWorker {
   ErrorCode,
   EthereumChainId,
   EthereumWalletAdapter,
+  GenericProvider,
   HardwareErrorCode,
   HardwareWalletError,
+  HeliusProvider,
   IntentBuilder,
   IntentError,
   IntentStatus,
+  KNOWN_EXCHANGES,
   LedgerWalletAdapter,
   MEMO_PROGRAM_ID,
   MockEthereumAdapter,
@@ -23586,7 +26153,9 @@ var ProofWorker = class _ProofWorker {
   OneClickSwapType,
   PaymentBuilder,
   PaymentStatus,
+  PrivacyBackendRegistry,
   PrivacyLevel,
+  PrivacySmartRouter,
   PrivateNFT,
   PrivateVoting,
   ProofError,
@@ -23597,6 +26166,7 @@ var ProofWorker = class _ProofWorker {
   ReportStatus,
   SIP,
   SIPError,
+  SIPNativeBackend,
   SIP_MEMO_PREFIX,
   SIP_VERSION,
   SOLANA_EXPLORER_URLS,
@@ -23613,6 +26183,7 @@ var ProofWorker = class _ProofWorker {
   SolanaSameChainExecutor,
   SolanaWalletAdapter,
   SuiStealthService,
+  SurveillanceAnalyzer,
   SwapStatus,
   ThresholdViewingKey,
   Treasury,
@@ -23629,11 +26200,15 @@ var ProofWorker = class _ProofWorker {
   addBlindings,
   addCommitments,
   addOracle,
+  analyzeAddressReuse,
+  analyzeTemporalPatterns,
   aptosAddressToAuthKey,
   attachProofs,
   base58ToHex,
   browserBytesToHex,
   browserHexToBytes,
+  calculatePrivacyScore,
+  calculateSIPComparison,
   checkAptosStealthAddress,
   checkEd25519StealthAddress,
   checkMobileWASMCompatibility,
@@ -23649,6 +26224,7 @@ var ProofWorker = class _ProofWorker {
   createEthereumAdapter,
   createKeySpendOnlyOutput,
   createLedgerAdapter,
+  createMockAttestation,
   createMockEthereumAdapter,
   createMockEthereumProvider,
   createMockLedgerAdapter,
@@ -23663,6 +26239,7 @@ var ProofWorker = class _ProofWorker {
   createPrivateOwnership,
   createPrivateVoting,
   createProductionSIP,
+  createProvider,
   createSIP,
   createSameChainExecutor,
   createSealedBidAuction,
@@ -23670,9 +26247,11 @@ var ProofWorker = class _ProofWorker {
   createShieldedPayment,
   createSmartRouter,
   createSolanaAdapter,
+  createSurveillanceAnalyzer,
   createTaprootOutput,
   createTrezorAdapter,
   createWalletFactory,
+  createWebhookHandler,
   createWorkerBlobURL,
   createZcashClient,
   createZcashNativeBackend,
@@ -23682,6 +26261,7 @@ var ProofWorker = class _ProofWorker {
   decodeTaprootAddress,
   decryptMemo,
   decryptWithViewing,
+  defaultRegistry,
   deriveAptosStealthPrivateKey,
   deriveEd25519StealthPrivateKey,
   deriveOracleId,
@@ -23691,7 +26271,9 @@ var ProofWorker = class _ProofWorker {
   deserializeAttestationMessage,
   deserializeIntent,
   deserializePayment,
+  detectClusters,
   detectEthereumWallets,
+  detectExchangeExposure,
   detectMobileBrowser,
   detectMobilePlatform,
   detectSolanaWallets,
@@ -23703,6 +26285,7 @@ var ProofWorker = class _ProofWorker {
   encryptForViewing,
   estimatePrivateTransferFee,
   featureNotSupportedError,
+  fetchAttestation,
   formatStablecoinAmount,
   fromHex,
   fromStablecoinUnits,
@@ -23791,6 +26374,7 @@ var ProofWorker = class _ProofWorker {
   normalizeSuiAddress,
   notConnectedError,
   parseAnnouncement,
+  processWebhookTransaction,
   proveOwnership,
   publicKeyToEthAddress,
   registerWallet,
@@ -23834,6 +26418,7 @@ var ProofWorker = class _ProofWorker {
   validateScalar,
   validateViewingKey,
   verifyAttestation,
+  verifyAttestationSignature,
   verifyCommitment,
   verifyOpening,
   verifyOracleSignature,