@sip-protocol/sdk 0.7.2 → 0.7.3

package/dist/chunk-2XIVXWHA.mjs

@@ -0,0 +1,1930 @@
+import {
+  ValidationError
+} from "./chunk-6WGN57S2.mjs";
+import {
+  ESTIMATED_TX_FEE_LAMPORTS,
+  MEMO_PROGRAM_ID,
+  SIP_MEMO_PREFIX,
+  SOLANA_TOKEN_MINTS,
+  getExplorerUrl
+} from "./chunk-E6SZWREQ.mjs";
+
+// src/chains/solana/types.ts
+function parseAnnouncement(memo) {
+  if (!memo.startsWith("SIP:1:")) {
+    return null;
+  }
+  const parts = memo.slice(6).split(":");
+  if (parts.length < 2) {
+    return null;
+  }
+  return {
+    ephemeralPublicKey: parts[0],
+    viewTag: parts[1],
+    stealthAddress: parts[2]
+  };
+}
+function createAnnouncementMemo(ephemeralPublicKey, viewTag, stealthAddress) {
+  const parts = ["SIP:1", ephemeralPublicKey, viewTag];
+  if (stealthAddress) {
+    parts.push(stealthAddress);
+  }
+  return parts.join(":");
+}
+
+// src/chains/solana/transfer.ts
+import {
+  PublicKey,
+  Transaction,
+  TransactionInstruction
+} from "@solana/web3.js";
+import {
+  getAssociatedTokenAddress,
+  createAssociatedTokenAccountInstruction,
+  createTransferInstruction,
+  TOKEN_PROGRAM_ID,
+  ASSOCIATED_TOKEN_PROGRAM_ID,
+  getAccount
+} from "@solana/spl-token";
+
+// src/stealth.ts
+import { secp256k1 } from "@noble/curves/secp256k1";
+import { ed25519 } from "@noble/curves/ed25519";
+import { sha256 } from "@noble/hashes/sha256";
+import { sha512 } from "@noble/hashes/sha512";
+import { keccak_256 } from "@noble/hashes/sha3";
+import { bytesToHex, hexToBytes, randomBytes as randomBytes2 } from "@noble/hashes/utils";
+
+// src/validation.ts
+var VALID_CHAIN_IDS = [
+  "solana",
+  "ethereum",
+  "near",
+  "zcash",
+  "polygon",
+  "arbitrum",
+  "optimism",
+  "base",
+  "bitcoin",
+  "aptos",
+  "sui",
+  "cosmos",
+  "osmosis",
+  "injective",
+  "celestia",
+  "sei",
+  "dydx"
+];
+function isValidChainId(chain) {
+  return VALID_CHAIN_IDS.includes(chain);
+}
+function isValidPrivacyLevel(level) {
+  if (typeof level !== "string") return false;
+  return ["transparent", "shielded", "compliant"].includes(level);
+}
+function isValidHex(value) {
+  if (typeof value !== "string") return false;
+  if (!value.startsWith("0x")) return false;
+  const hex = value.slice(2);
+  if (hex.length === 0) return false;
+  return /^[0-9a-fA-F]+$/.test(hex);
+}
+function isValidHexLength(value, byteLength) {
+  if (!isValidHex(value)) return false;
+  const hex = value.slice(2);
+  return hex.length === byteLength * 2;
+}
+function isValidAmount(value) {
+  return typeof value === "bigint" && value > 0n;
+}
+function isNonNegativeAmount(value) {
+  return typeof value === "bigint" && value >= 0n;
+}
+function isValidSlippage(value) {
+  return typeof value === "number" && !isNaN(value) && value >= 0 && value < 1;
+}
+var STEALTH_META_ADDRESS_REGEX = /^sip:[a-z]+:0x[0-9a-fA-F]{64,66}:0x[0-9a-fA-F]{64,66}$/;
+function isValidStealthMetaAddress(addr) {
+  if (typeof addr !== "string") return false;
+  return STEALTH_META_ADDRESS_REGEX.test(addr);
+}
+function isValidCompressedPublicKey(key) {
+  if (!isValidHexLength(key, 33)) return false;
+  const prefix = key.slice(2, 4);
+  return prefix === "02" || prefix === "03";
+}
+function isValidEd25519PublicKey(key) {
+  return isValidHexLength(key, 32);
+}
+function isValidPrivateKey(key) {
+  return isValidHexLength(key, 32);
+}
+function validateAsset(asset, field) {
+  if (!asset || typeof asset !== "object") {
+    throw new ValidationError("must be an object", field);
+  }
+  const a = asset;
+  if (!a.chain || !isValidChainId(a.chain)) {
+    throw new ValidationError(
+      `invalid chain '${a.chain}', must be one of: ${VALID_CHAIN_IDS.join(", ")}`,
+      `${field}.chain`
+    );
+  }
+  if (typeof a.symbol !== "string" || a.symbol.length === 0) {
+    throw new ValidationError("symbol must be a non-empty string", `${field}.symbol`);
+  }
+  if (a.address !== null && !isValidHex(a.address)) {
+    throw new ValidationError("address must be null or valid hex string", `${field}.address`);
+  }
+  if (typeof a.decimals !== "number" || !Number.isInteger(a.decimals) || a.decimals < 0) {
+    throw new ValidationError("decimals must be a non-negative integer", `${field}.decimals`);
+  }
+}
+function validateIntentInput(input, field = "input") {
+  if (!input || typeof input !== "object") {
+    throw new ValidationError("must be an object", field);
+  }
+  const i = input;
+  validateAsset(i.asset, `${field}.asset`);
+  if (!isValidAmount(i.amount)) {
+    throw new ValidationError(
+      "amount must be a positive bigint",
+      `${field}.amount`,
+      { received: typeof i.amount, value: String(i.amount) }
+    );
+  }
+}
+function validateIntentOutput(output, field = "output") {
+  if (!output || typeof output !== "object") {
+    throw new ValidationError("must be an object", field);
+  }
+  const o = output;
+  validateAsset(o.asset, `${field}.asset`);
+  if (!isNonNegativeAmount(o.minAmount)) {
+    throw new ValidationError(
+      "minAmount must be a non-negative bigint",
+      `${field}.minAmount`,
+      { received: typeof o.minAmount, value: String(o.minAmount) }
+    );
+  }
+  if (!isValidSlippage(o.maxSlippage)) {
+    throw new ValidationError(
+      "maxSlippage must be a number between 0 and 1 (exclusive)",
+      `${field}.maxSlippage`,
+      { received: o.maxSlippage }
+    );
+  }
+}
+function validateCreateIntentParams(params) {
+  if (!params || typeof params !== "object") {
+    throw new ValidationError("params must be an object");
+  }
+  const p = params;
+  if (!p.input) {
+    throw new ValidationError("input is required", "input");
+  }
+  validateIntentInput(p.input, "input");
+  if (!p.output) {
+    throw new ValidationError("output is required", "output");
+  }
+  validateIntentOutput(p.output, "output");
+  if (!p.privacy) {
+    throw new ValidationError("privacy is required", "privacy");
+  }
+  if (!isValidPrivacyLevel(p.privacy)) {
+    throw new ValidationError(
+      `invalid privacy level '${p.privacy}', must be one of: transparent, shielded, compliant`,
+      "privacy"
+    );
+  }
+  if ((p.privacy === "shielded" || p.privacy === "compliant") && p.recipientMetaAddress) {
+    if (!isValidStealthMetaAddress(p.recipientMetaAddress)) {
+      throw new ValidationError(
+        "invalid stealth meta-address format, expected: sip:<chain>:<spendingKey>:<viewingKey>",
+        "recipientMetaAddress"
+      );
+    }
+  }
+  if (p.privacy === "compliant" && !p.viewingKey) {
+    throw new ValidationError(
+      "viewingKey is required for compliant mode",
+      "viewingKey"
+    );
+  }
+  if (p.viewingKey && !isValidHex(p.viewingKey)) {
+    throw new ValidationError(
+      "viewingKey must be a valid hex string",
+      "viewingKey"
+    );
+  }
+  if (p.ttl !== void 0) {
+    if (typeof p.ttl !== "number" || !Number.isInteger(p.ttl) || p.ttl <= 0) {
+      throw new ValidationError(
+        "ttl must be a positive integer (seconds)",
+        "ttl",
+        { received: p.ttl }
+      );
+    }
+  }
+}
+function validateViewingKey(key, field = "viewingKey") {
+  if (!key || typeof key !== "string") {
+    throw new ValidationError("must be a string", field);
+  }
+  if (!isValidHex(key)) {
+    throw new ValidationError("must be a valid hex string with 0x prefix", field);
+  }
+  if (!isValidHexLength(key, 32)) {
+    throw new ValidationError("must be 32 bytes (64 hex characters)", field);
+  }
+}
+var SECP256K1_ORDER = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141n;
+function isValidScalar(value) {
+  return value > 0n && value < SECP256K1_ORDER;
+}
+function validateScalar(value, field) {
+  if (typeof value !== "bigint") {
+    throw new ValidationError("must be a bigint", field);
+  }
+  if (!isValidScalar(value)) {
+    throw new ValidationError(
+      "must be in range (0, curve order)",
+      field,
+      { curveOrder: SECP256K1_ORDER.toString(16) }
+    );
+  }
+}
+function isValidEvmAddress(address) {
+  if (typeof address !== "string") return false;
+  return /^0x[0-9a-fA-F]{40}$/.test(address);
+}
+function isValidSolanaAddressFormat(address) {
+  if (typeof address !== "string") return false;
+  return /^[1-9A-HJ-NP-Za-km-z]{32,44}$/.test(address);
+}
+function isValidNearAddressFormat(address) {
+  if (typeof address !== "string") return false;
+  if (/^[0-9a-f]{64}$/.test(address)) return true;
+  if (address.length < 2 || address.length > 64) return false;
+  if (!/^[a-z0-9]([a-z0-9._-]*[a-z0-9])?$/.test(address)) return false;
+  if (address.includes("..")) return false;
+  return true;
+}
+function isValidCosmosAddressFormat(address) {
+  if (typeof address !== "string") return false;
+  if (address.length < 39 || address.length > 90) return false;
+  const bech32Pattern = /^[a-z]+1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{38,}$/;
+  return bech32Pattern.test(address);
+}
+function getChainAddressType(chain) {
+  switch (chain) {
+    case "ethereum":
+    case "polygon":
+    case "arbitrum":
+    case "optimism":
+    case "base":
+      return "evm";
+    case "solana":
+      return "solana";
+    case "near":
+      return "near";
+    case "zcash":
+      return "zcash";
+    case "cosmos":
+    case "osmosis":
+    case "injective":
+    case "celestia":
+    case "sei":
+    case "dydx":
+      return "cosmos";
+    default:
+      return "unknown";
+  }
+}
+function validateAddressForChain(address, chain, field = "address") {
+  const addressType = getChainAddressType(chain);
+  switch (addressType) {
+    case "evm":
+      if (!isValidEvmAddress(address)) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected EVM address (0x + 40 hex chars), got: ${address.slice(0, 20)}...`,
+          field,
+          { chain, expectedFormat: "0x...", receivedFormat: address.startsWith("0x") ? "hex but wrong length" : "not hex" }
+        );
+      }
+      break;
+    case "solana":
+      if (!isValidSolanaAddressFormat(address)) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected Solana address (base58, 32-44 chars), got: ${address.slice(0, 20)}...`,
+          field,
+          { chain, expectedFormat: "base58", receivedFormat: address.startsWith("0x") ? "looks like EVM" : "unknown" }
+        );
+      }
+      break;
+    case "near":
+      if (!isValidNearAddressFormat(address)) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected NEAR account ID (named or implicit), got: ${address.slice(0, 20)}...`,
+          field,
+          { chain, expectedFormat: "alice.near or 64 hex chars" }
+        );
+      }
+      break;
+    case "zcash":
+      if (!address || address.length === 0) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected Zcash address.`,
+          field,
+          { chain }
+        );
+      }
+      break;
+    case "cosmos":
+      if (!isValidCosmosAddressFormat(address)) {
+        throw new ValidationError(
+          `Invalid address format for ${chain}. Expected Cosmos bech32 address, got: ${address.slice(0, 20)}...`,
+          field,
+          { chain, expectedFormat: "bech32" }
+        );
+      }
+      break;
+    default:
+      break;
+  }
+}
+function isAddressValidForChain(address, chain) {
+  try {
+    validateAddressForChain(address, chain);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// src/secure-memory.ts
+import { randomBytes } from "@noble/hashes/utils";
+function secureWipe(buffer) {
+  if (!buffer || buffer.length === 0) {
+    return;
+  }
+  const random = randomBytes(buffer.length);
+  buffer.set(random);
+  buffer.fill(0);
+}
+async function withSecureBuffer(createSecret, useSecret) {
+  const secret = createSecret();
+  try {
+    return await useSecret(secret);
+  } finally {
+    secureWipe(secret);
+  }
+}
+function withSecureBufferSync(createSecret, useSecret) {
+  const secret = createSecret();
+  try {
+    return useSecret(secret);
+  } finally {
+    secureWipe(secret);
+  }
+}
+function secureWipeAll(...buffers) {
+  for (const buffer of buffers) {
+    if (buffer) {
+      secureWipe(buffer);
+    }
+  }
+}
+
+// src/stealth.ts
+function generateStealthMetaAddress(chain, label) {
+  if (!isValidChainId(chain)) {
+    throw new ValidationError(
+      `invalid chain '${chain}', must be one of: solana, ethereum, near, zcash, polygon, arbitrum, optimism, base, bitcoin, aptos, sui, cosmos, osmosis, injective, celestia, sei, dydx`,
+      "chain"
+    );
+  }
+  if (isEd25519Chain(chain)) {
+    return generateEd25519StealthMetaAddress(chain, label);
+  }
+  const spendingPrivateKey = randomBytes2(32);
+  const viewingPrivateKey = randomBytes2(32);
+  try {
+    const spendingKey = secp256k1.getPublicKey(spendingPrivateKey, true);
+    const viewingKey = secp256k1.getPublicKey(viewingPrivateKey, true);
+    const result = {
+      metaAddress: {
+        spendingKey: `0x${bytesToHex(spendingKey)}`,
+        viewingKey: `0x${bytesToHex(viewingKey)}`,
+        chain,
+        label
+      },
+      spendingPrivateKey: `0x${bytesToHex(spendingPrivateKey)}`,
+      viewingPrivateKey: `0x${bytesToHex(viewingPrivateKey)}`
+    };
+    return result;
+  } finally {
+    secureWipeAll(spendingPrivateKey, viewingPrivateKey);
+  }
+}
+function validateStealthMetaAddress(metaAddress, field = "recipientMetaAddress") {
+  if (!metaAddress || typeof metaAddress !== "object") {
+    throw new ValidationError("must be an object", field);
+  }
+  if (!isValidChainId(metaAddress.chain)) {
+    throw new ValidationError(
+      `invalid chain '${metaAddress.chain}'`,
+      `${field}.chain`
+    );
+  }
+  const isEd25519 = isEd25519Chain(metaAddress.chain);
+  if (isEd25519) {
+    if (!isValidEd25519PublicKey(metaAddress.spendingKey)) {
+      throw new ValidationError(
+        "spendingKey must be a valid ed25519 public key (32 bytes)",
+        `${field}.spendingKey`
+      );
+    }
+    if (!isValidEd25519PublicKey(metaAddress.viewingKey)) {
+      throw new ValidationError(
+        "viewingKey must be a valid ed25519 public key (32 bytes)",
+        `${field}.viewingKey`
+      );
+    }
+  } else {
+    if (!isValidCompressedPublicKey(metaAddress.spendingKey)) {
+      throw new ValidationError(
+        "spendingKey must be a valid compressed secp256k1 public key (33 bytes, starting with 02 or 03)",
+        `${field}.spendingKey`
+      );
+    }
+    if (!isValidCompressedPublicKey(metaAddress.viewingKey)) {
+      throw new ValidationError(
+        "viewingKey must be a valid compressed secp256k1 public key (33 bytes, starting with 02 or 03)",
+        `${field}.viewingKey`
+      );
+    }
+  }
+}
+function generateStealthAddress(recipientMetaAddress) {
+  validateStealthMetaAddress(recipientMetaAddress);
+  if (isEd25519Chain(recipientMetaAddress.chain)) {
+    return generateEd25519StealthAddress(recipientMetaAddress);
+  }
+  const ephemeralPrivateKey = randomBytes2(32);
+  try {
+    const ephemeralPublicKey = secp256k1.getPublicKey(ephemeralPrivateKey, true);
+    const spendingKeyBytes = hexToBytes(recipientMetaAddress.spendingKey.slice(2));
+    const viewingKeyBytes = hexToBytes(recipientMetaAddress.viewingKey.slice(2));
+    const sharedSecretPoint = secp256k1.getSharedSecret(
+      ephemeralPrivateKey,
+      spendingKeyBytes
+    );
+    const sharedSecretHash = sha256(sharedSecretPoint);
+    const hashTimesG = secp256k1.getPublicKey(sharedSecretHash, true);
+    const viewingKeyPoint = secp256k1.ProjectivePoint.fromHex(viewingKeyBytes);
+    const hashTimesGPoint = secp256k1.ProjectivePoint.fromHex(hashTimesG);
+    const stealthPoint = viewingKeyPoint.add(hashTimesGPoint);
+    const stealthAddressBytes = stealthPoint.toRawBytes(true);
+    const viewTag = sharedSecretHash[0];
+    return {
+      stealthAddress: {
+        address: `0x${bytesToHex(stealthAddressBytes)}`,
+        ephemeralPublicKey: `0x${bytesToHex(ephemeralPublicKey)}`,
+        viewTag
+      },
+      sharedSecret: `0x${bytesToHex(sharedSecretHash)}`
+    };
+  } finally {
+    secureWipe(ephemeralPrivateKey);
+  }
+}
+function validateStealthAddress(stealthAddress, field = "stealthAddress") {
+  if (!stealthAddress || typeof stealthAddress !== "object") {
+    throw new ValidationError("must be an object", field);
+  }
+  if (!isValidCompressedPublicKey(stealthAddress.address)) {
+    throw new ValidationError(
+      "address must be a valid compressed secp256k1 public key",
+      `${field}.address`
+    );
+  }
+  if (!isValidCompressedPublicKey(stealthAddress.ephemeralPublicKey)) {
+    throw new ValidationError(
+      "ephemeralPublicKey must be a valid compressed secp256k1 public key",
+      `${field}.ephemeralPublicKey`
+    );
+  }
+  if (typeof stealthAddress.viewTag !== "number" || !Number.isInteger(stealthAddress.viewTag) || stealthAddress.viewTag < 0 || stealthAddress.viewTag > 255) {
+    throw new ValidationError(
+      "viewTag must be an integer between 0 and 255",
+      `${field}.viewTag`
+    );
+  }
+}
+function deriveStealthPrivateKey(stealthAddress, spendingPrivateKey, viewingPrivateKey) {
+  validateStealthAddress(stealthAddress);
+  if (!isValidPrivateKey(spendingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "spendingPrivateKey"
+    );
+  }
+  if (!isValidPrivateKey(viewingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "viewingPrivateKey"
+    );
+  }
+  const spendingPrivBytes = hexToBytes(spendingPrivateKey.slice(2));
+  const viewingPrivBytes = hexToBytes(viewingPrivateKey.slice(2));
+  const ephemeralPubBytes = hexToBytes(stealthAddress.ephemeralPublicKey.slice(2));
+  try {
+    const sharedSecretPoint = secp256k1.getSharedSecret(
+      spendingPrivBytes,
+      ephemeralPubBytes
+    );
+    const sharedSecretHash = sha256(sharedSecretPoint);
+    const viewingScalar = bytesToBigInt(viewingPrivBytes);
+    const hashScalar = bytesToBigInt(sharedSecretHash);
+    const stealthPrivateScalar = (viewingScalar + hashScalar) % secp256k1.CURVE.n;
+    const stealthPrivateKey = bigIntToBytes(stealthPrivateScalar, 32);
+    const result = {
+      stealthAddress: stealthAddress.address,
+      ephemeralPublicKey: stealthAddress.ephemeralPublicKey,
+      privateKey: `0x${bytesToHex(stealthPrivateKey)}`
+    };
+    secureWipe(stealthPrivateKey);
+    return result;
+  } finally {
+    secureWipeAll(spendingPrivBytes, viewingPrivBytes);
+  }
+}
+function checkStealthAddress(stealthAddress, spendingPrivateKey, viewingPrivateKey) {
+  validateStealthAddress(stealthAddress);
+  if (!isValidPrivateKey(spendingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "spendingPrivateKey"
+    );
+  }
+  if (!isValidPrivateKey(viewingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "viewingPrivateKey"
+    );
+  }
+  const spendingPrivBytes = hexToBytes(spendingPrivateKey.slice(2));
+  const viewingPrivBytes = hexToBytes(viewingPrivateKey.slice(2));
+  const ephemeralPubBytes = hexToBytes(stealthAddress.ephemeralPublicKey.slice(2));
+  try {
+    const sharedSecretPoint = secp256k1.getSharedSecret(
+      spendingPrivBytes,
+      ephemeralPubBytes
+    );
+    const sharedSecretHash = sha256(sharedSecretPoint);
+    if (sharedSecretHash[0] !== stealthAddress.viewTag) {
+      return false;
+    }
+    const viewingScalar = bytesToBigInt(viewingPrivBytes);
+    const hashScalar = bytesToBigInt(sharedSecretHash);
+    const stealthPrivateScalar = (viewingScalar + hashScalar) % secp256k1.CURVE.n;
+    const derivedKeyBytes = bigIntToBytes(stealthPrivateScalar, 32);
+    const expectedPubKey = secp256k1.getPublicKey(derivedKeyBytes, true);
+    secureWipe(derivedKeyBytes);
+    const providedAddress = hexToBytes(stealthAddress.address.slice(2));
+    return bytesToHex(expectedPubKey) === bytesToHex(providedAddress);
+  } finally {
+    secureWipeAll(spendingPrivBytes, viewingPrivBytes);
+  }
+}
+function encodeStealthMetaAddress(metaAddress) {
+  return `sip:${metaAddress.chain}:${metaAddress.spendingKey}:${metaAddress.viewingKey}`;
+}
+function decodeStealthMetaAddress(encoded) {
+  if (typeof encoded !== "string") {
+    throw new ValidationError("must be a string", "encoded");
+  }
+  const parts = encoded.split(":");
+  if (parts.length < 4 || parts[0] !== "sip") {
+    throw new ValidationError(
+      "invalid format, expected: sip:<chain>:<spendingKey>:<viewingKey>",
+      "encoded"
+    );
+  }
+  const [, chain, spendingKey, viewingKey] = parts;
+  if (!isValidChainId(chain)) {
+    throw new ValidationError(
+      `invalid chain '${chain}'`,
+      "encoded.chain"
+    );
+  }
+  const chainId = chain;
+  if (isEd25519Chain(chainId)) {
+    if (!isValidEd25519PublicKey(spendingKey)) {
+      throw new ValidationError(
+        "spendingKey must be a valid 32-byte ed25519 public key",
+        "encoded.spendingKey"
+      );
+    }
+    if (!isValidEd25519PublicKey(viewingKey)) {
+      throw new ValidationError(
+        "viewingKey must be a valid 32-byte ed25519 public key",
+        "encoded.viewingKey"
+      );
+    }
+  } else {
+    if (!isValidCompressedPublicKey(spendingKey)) {
+      throw new ValidationError(
+        "spendingKey must be a valid compressed secp256k1 public key",
+        "encoded.spendingKey"
+      );
+    }
+    if (!isValidCompressedPublicKey(viewingKey)) {
+      throw new ValidationError(
+        "viewingKey must be a valid compressed secp256k1 public key",
+        "encoded.viewingKey"
+      );
+    }
+  }
+  return {
+    chain,
+    spendingKey,
+    viewingKey
+  };
+}
+function bytesToBigInt(bytes) {
+  let result = 0n;
+  for (const byte of bytes) {
+    result = (result << 8n) + BigInt(byte);
+  }
+  return result;
+}
+function bigIntToBytes(value, length) {
+  const bytes = new Uint8Array(length);
+  for (let i = length - 1; i >= 0; i--) {
+    bytes[i] = Number(value & 0xffn);
+    value >>= 8n;
+  }
+  return bytes;
+}
+function publicKeyToEthAddress(publicKey) {
+  const keyHex = publicKey.startsWith("0x") ? publicKey.slice(2) : publicKey;
+  const keyBytes = hexToBytes(keyHex);
+  let uncompressedBytes;
+  if (keyBytes.length === 33) {
+    const point = secp256k1.ProjectivePoint.fromHex(keyBytes);
+    uncompressedBytes = point.toRawBytes(false);
+  } else if (keyBytes.length === 65) {
+    uncompressedBytes = keyBytes;
+  } else {
+    throw new ValidationError(
+      `invalid public key length: ${keyBytes.length}, expected 33 (compressed) or 65 (uncompressed)`,
+      "publicKey"
+    );
+  }
+  const pubKeyWithoutPrefix = uncompressedBytes.slice(1);
+  const hash = keccak_256(pubKeyWithoutPrefix);
+  const addressBytes = hash.slice(-20);
+  return toChecksumAddress(`0x${bytesToHex(addressBytes)}`);
+}
+function toChecksumAddress(address) {
+  const addr = address.toLowerCase().replace("0x", "");
+  const hash = bytesToHex(keccak_256(new TextEncoder().encode(addr)));
+  let checksummed = "0x";
+  for (let i = 0; i < addr.length; i++) {
+    if (parseInt(hash[i], 16) >= 8) {
+      checksummed += addr[i].toUpperCase();
+    } else {
+      checksummed += addr[i];
+    }
+  }
+  return checksummed;
+}
+var ED25519_ORDER = 2n ** 252n + 27742317777372353535851937790883648493n;
+var ED25519_CHAINS = ["solana", "near", "aptos", "sui"];
+function isEd25519Chain(chain) {
+  return ED25519_CHAINS.includes(chain);
+}
+function getCurveForChain(chain) {
+  return isEd25519Chain(chain) ? "ed25519" : "secp256k1";
+}
+function validateEd25519StealthMetaAddress(metaAddress, field = "recipientMetaAddress") {
+  if (!metaAddress || typeof metaAddress !== "object") {
+    throw new ValidationError("must be an object", field);
+  }
+  if (!isValidChainId(metaAddress.chain)) {
+    throw new ValidationError(
+      `invalid chain '${metaAddress.chain}'`,
+      `${field}.chain`
+    );
+  }
+  if (!isEd25519Chain(metaAddress.chain)) {
+    throw new ValidationError(
+      `chain '${metaAddress.chain}' does not use ed25519, use secp256k1 functions instead`,
+      `${field}.chain`
+    );
+  }
+  if (!isValidEd25519PublicKey(metaAddress.spendingKey)) {
+    throw new ValidationError(
+      "spendingKey must be a valid ed25519 public key (32 bytes)",
+      `${field}.spendingKey`
+    );
+  }
+  if (!isValidEd25519PublicKey(metaAddress.viewingKey)) {
+    throw new ValidationError(
+      "viewingKey must be a valid ed25519 public key (32 bytes)",
+      `${field}.viewingKey`
+    );
+  }
+}
+function validateEd25519StealthAddress(stealthAddress, field = "stealthAddress") {
+  if (!stealthAddress || typeof stealthAddress !== "object") {
+    throw new ValidationError("must be an object", field);
+  }
+  if (!isValidEd25519PublicKey(stealthAddress.address)) {
+    throw new ValidationError(
+      "address must be a valid ed25519 public key (32 bytes)",
+      `${field}.address`
+    );
+  }
+  if (!isValidEd25519PublicKey(stealthAddress.ephemeralPublicKey)) {
+    throw new ValidationError(
+      "ephemeralPublicKey must be a valid ed25519 public key (32 bytes)",
+      `${field}.ephemeralPublicKey`
+    );
+  }
+  if (typeof stealthAddress.viewTag !== "number" || !Number.isInteger(stealthAddress.viewTag) || stealthAddress.viewTag < 0 || stealthAddress.viewTag > 255) {
+    throw new ValidationError(
+      "viewTag must be an integer between 0 and 255",
+      `${field}.viewTag`
+    );
+  }
+}
+function getEd25519Scalar(privateKey) {
+  const hash = sha512(privateKey);
+  const scalar = hash.slice(0, 32);
+  scalar[0] &= 248;
+  scalar[31] &= 127;
+  scalar[31] |= 64;
+  return bytesToBigIntLE(scalar);
+}
+function bytesToBigIntLE(bytes) {
+  let result = 0n;
+  for (let i = bytes.length - 1; i >= 0; i--) {
+    result = (result << 8n) + BigInt(bytes[i]);
+  }
+  return result;
+}
+function bigIntToBytesLE(value, length) {
+  const bytes = new Uint8Array(length);
+  for (let i = 0; i < length; i++) {
+    bytes[i] = Number(value & 0xffn);
+    value >>= 8n;
+  }
+  return bytes;
+}
+function generateEd25519StealthMetaAddress(chain, label) {
+  if (!isValidChainId(chain)) {
+    throw new ValidationError(
+      `invalid chain '${chain}', must be one of: solana, ethereum, near, zcash, polygon, arbitrum, optimism, base, bitcoin, aptos, sui, cosmos, osmosis, injective, celestia, sei, dydx`,
+      "chain"
+    );
+  }
+  if (!isEd25519Chain(chain)) {
+    throw new ValidationError(
+      `chain '${chain}' does not use ed25519, use generateStealthMetaAddress() for secp256k1 chains`,
+      "chain"
+    );
+  }
+  const spendingPrivateKey = randomBytes2(32);
+  const viewingPrivateKey = randomBytes2(32);
+  try {
+    const spendingKey = ed25519.getPublicKey(spendingPrivateKey);
+    const viewingKey = ed25519.getPublicKey(viewingPrivateKey);
+    const result = {
+      metaAddress: {
+        spendingKey: `0x${bytesToHex(spendingKey)}`,
+        viewingKey: `0x${bytesToHex(viewingKey)}`,
+        chain,
+        label
+      },
+      spendingPrivateKey: `0x${bytesToHex(spendingPrivateKey)}`,
+      viewingPrivateKey: `0x${bytesToHex(viewingPrivateKey)}`
+    };
+    return result;
+  } finally {
+    secureWipeAll(spendingPrivateKey, viewingPrivateKey);
+  }
+}
+function generateEd25519StealthAddress(recipientMetaAddress) {
+  validateEd25519StealthMetaAddress(recipientMetaAddress);
+  const ephemeralPrivateKey = randomBytes2(32);
+  try {
+    const ephemeralPublicKey = ed25519.getPublicKey(ephemeralPrivateKey);
+    const spendingKeyBytes = hexToBytes(recipientMetaAddress.spendingKey.slice(2));
+    const viewingKeyBytes = hexToBytes(recipientMetaAddress.viewingKey.slice(2));
+    const rawEphemeralScalar = getEd25519Scalar(ephemeralPrivateKey);
+    const ephemeralScalar = rawEphemeralScalar % ED25519_ORDER;
+    if (ephemeralScalar === 0n) {
+      throw new Error("CRITICAL: Zero ephemeral scalar after reduction - investigate RNG");
+    }
+    const spendingPoint = ed25519.ExtendedPoint.fromHex(spendingKeyBytes);
+    const sharedSecretPoint = spendingPoint.multiply(ephemeralScalar);
+    const sharedSecretHash = sha256(sharedSecretPoint.toRawBytes());
+    const hashScalar = bytesToBigInt(sharedSecretHash) % ED25519_ORDER;
+    if (hashScalar === 0n) {
+      throw new Error("CRITICAL: Zero hash scalar after reduction - investigate hash computation");
+    }
+    const hashTimesG = ed25519.ExtendedPoint.BASE.multiply(hashScalar);
+    const viewingPoint = ed25519.ExtendedPoint.fromHex(viewingKeyBytes);
+    const stealthPoint = viewingPoint.add(hashTimesG);
+    const stealthAddressBytes = stealthPoint.toRawBytes();
+    const viewTag = sharedSecretHash[0];
+    return {
+      stealthAddress: {
+        address: `0x${bytesToHex(stealthAddressBytes)}`,
+        ephemeralPublicKey: `0x${bytesToHex(ephemeralPublicKey)}`,
+        viewTag
+      },
+      sharedSecret: `0x${bytesToHex(sharedSecretHash)}`
+    };
+  } finally {
+    secureWipe(ephemeralPrivateKey);
+  }
+}
+function deriveEd25519StealthPrivateKey(stealthAddress, spendingPrivateKey, viewingPrivateKey) {
+  validateEd25519StealthAddress(stealthAddress);
+  if (!isValidPrivateKey(spendingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "spendingPrivateKey"
+    );
+  }
+  if (!isValidPrivateKey(viewingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "viewingPrivateKey"
+    );
+  }
+  const spendingPrivBytes = hexToBytes(spendingPrivateKey.slice(2));
+  const viewingPrivBytes = hexToBytes(viewingPrivateKey.slice(2));
+  const ephemeralPubBytes = hexToBytes(stealthAddress.ephemeralPublicKey.slice(2));
+  try {
+    const rawSpendingScalar = getEd25519Scalar(spendingPrivBytes);
+    const spendingScalar = rawSpendingScalar % ED25519_ORDER;
+    if (spendingScalar === 0n) {
+      throw new Error("CRITICAL: Zero spending scalar after reduction - investigate key derivation");
+    }
+    const ephemeralPoint = ed25519.ExtendedPoint.fromHex(ephemeralPubBytes);
+    const sharedSecretPoint = ephemeralPoint.multiply(spendingScalar);
+    const sharedSecretHash = sha256(sharedSecretPoint.toRawBytes());
+    const rawViewingScalar = getEd25519Scalar(viewingPrivBytes);
+    const viewingScalar = rawViewingScalar % ED25519_ORDER;
+    if (viewingScalar === 0n) {
+      throw new Error("CRITICAL: Zero viewing scalar after reduction - investigate key derivation");
+    }
+    const hashScalar = bytesToBigInt(sharedSecretHash) % ED25519_ORDER;
+    if (hashScalar === 0n) {
+      throw new Error("CRITICAL: Zero hash scalar after reduction - investigate hash computation");
+    }
+    const stealthPrivateScalar = (viewingScalar + hashScalar) % ED25519_ORDER;
+    if (stealthPrivateScalar === 0n) {
+      throw new Error("CRITICAL: Zero stealth scalar after reduction - investigate key derivation");
+    }
+    const stealthPrivateKey = bigIntToBytesLE(stealthPrivateScalar, 32);
+    const result = {
+      stealthAddress: stealthAddress.address,
+      ephemeralPublicKey: stealthAddress.ephemeralPublicKey,
+      privateKey: `0x${bytesToHex(stealthPrivateKey)}`
+    };
+    secureWipe(stealthPrivateKey);
+    return result;
+  } finally {
+    secureWipeAll(spendingPrivBytes, viewingPrivBytes);
+  }
+}
+function checkEd25519StealthAddress(stealthAddress, spendingPrivateKey, viewingPrivateKey) {
+  validateEd25519StealthAddress(stealthAddress);
+  if (!isValidPrivateKey(spendingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "spendingPrivateKey"
+    );
+  }
+  if (!isValidPrivateKey(viewingPrivateKey)) {
+    throw new ValidationError(
+      "must be a valid 32-byte hex string",
+      "viewingPrivateKey"
+    );
+  }
+  const spendingPrivBytes = hexToBytes(spendingPrivateKey.slice(2));
+  const viewingPrivBytes = hexToBytes(viewingPrivateKey.slice(2));
+  const ephemeralPubBytes = hexToBytes(stealthAddress.ephemeralPublicKey.slice(2));
+  try {
+    const rawSpendingScalar = getEd25519Scalar(spendingPrivBytes);
+    const spendingScalar = rawSpendingScalar % ED25519_ORDER;
+    if (spendingScalar === 0n) {
+      throw new Error("CRITICAL: Zero spending scalar after reduction - investigate key derivation");
+    }
+    const ephemeralPoint = ed25519.ExtendedPoint.fromHex(ephemeralPubBytes);
+    const sharedSecretPoint = ephemeralPoint.multiply(spendingScalar);
+    const sharedSecretHash = sha256(sharedSecretPoint.toRawBytes());
+    if (sharedSecretHash[0] !== stealthAddress.viewTag) {
+      return false;
+    }
+    const rawViewingScalar = getEd25519Scalar(viewingPrivBytes);
+    const viewingScalar = rawViewingScalar % ED25519_ORDER;
+    if (viewingScalar === 0n) {
+      throw new Error("CRITICAL: Zero viewing scalar after reduction - investigate key derivation");
+    }
+    const hashScalar = bytesToBigInt(sharedSecretHash) % ED25519_ORDER;
+    if (hashScalar === 0n) {
+      throw new Error("CRITICAL: Zero hash scalar after reduction - investigate hash computation");
+    }
+    const stealthPrivateScalar = (viewingScalar + hashScalar) % ED25519_ORDER;
+    if (stealthPrivateScalar === 0n) {
+      throw new Error("CRITICAL: Zero stealth scalar after reduction - investigate key derivation");
+    }
+    const expectedPubKey = ed25519.ExtendedPoint.BASE.multiply(stealthPrivateScalar);
+    const expectedPubKeyBytes = expectedPubKey.toRawBytes();
+    const providedAddress = hexToBytes(stealthAddress.address.slice(2));
+    return bytesToHex(expectedPubKeyBytes) === bytesToHex(providedAddress);
+  } finally {
+    secureWipeAll(spendingPrivBytes, viewingPrivBytes);
+  }
+}
+var BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function bytesToBase58(bytes) {
+  let leadingZeros = 0;
+  for (let i = 0; i < bytes.length && bytes[i] === 0; i++) {
+    leadingZeros++;
+  }
+  let value = 0n;
+  for (const byte of bytes) {
+    value = value * 256n + BigInt(byte);
+  }
+  let result = "";
+  while (value > 0n) {
+    const remainder = value % 58n;
+    value = value / 58n;
+    result = BASE58_ALPHABET[Number(remainder)] + result;
+  }
+  return "1".repeat(leadingZeros) + result;
+}
+function base58ToBytes(str) {
+  let leadingOnes = 0;
+  for (let i = 0; i < str.length && str[i] === "1"; i++) {
+    leadingOnes++;
+  }
+  let value = 0n;
+  for (const char of str) {
+    const index = BASE58_ALPHABET.indexOf(char);
+    if (index === -1) {
+      throw new ValidationError(`Invalid base58 character: ${char}`, "address");
+    }
+    value = value * 58n + BigInt(index);
+  }
+  const bytes = [];
+  while (value > 0n) {
+    bytes.unshift(Number(value % 256n));
+    value = value / 256n;
+  }
+  const result = new Uint8Array(leadingOnes + bytes.length);
+  for (let i = 0; i < leadingOnes; i++) {
+    result[i] = 0;
+  }
+  for (let i = 0; i < bytes.length; i++) {
+    result[leadingOnes + i] = bytes[i];
+  }
+  return result;
+}
+function ed25519PublicKeyToSolanaAddress(publicKey) {
+  if (!isValidHex(publicKey)) {
+    throw new ValidationError(
+      "publicKey must be a valid hex string with 0x prefix",
+      "publicKey"
+    );
+  }
+  if (!isValidEd25519PublicKey(publicKey)) {
+    throw new ValidationError(
+      "publicKey must be 32 bytes (64 hex characters)",
+      "publicKey"
+    );
+  }
+  const publicKeyBytes = hexToBytes(publicKey.slice(2));
+  return bytesToBase58(publicKeyBytes);
+}
+function isValidSolanaAddress(address) {
+  if (typeof address !== "string" || address.length === 0) {
+    return false;
+  }
+  if (address.length < 32 || address.length > 44) {
+    return false;
+  }
+  try {
+    const decoded = base58ToBytes(address);
+    return decoded.length === 32;
+  } catch {
+    return false;
+  }
+}
+function solanaAddressToEd25519PublicKey(address) {
+  if (!isValidSolanaAddress(address)) {
+    throw new ValidationError(
+      "Invalid Solana address format",
+      "address"
+    );
+  }
+  const decoded = base58ToBytes(address);
+  return `0x${bytesToHex(decoded)}`;
+}
+function ed25519PublicKeyToNearAddress(publicKey) {
+  if (!isValidHex(publicKey)) {
+    throw new ValidationError(
+      "publicKey must be a valid hex string with 0x prefix",
+      "publicKey"
+    );
+  }
+  if (!isValidEd25519PublicKey(publicKey)) {
+    throw new ValidationError(
+      "publicKey must be 32 bytes (64 hex characters)",
+      "publicKey"
+    );
+  }
+  return publicKey.slice(2).toLowerCase();
+}
+function nearAddressToEd25519PublicKey(address) {
+  if (!isValidNearImplicitAddress(address)) {
+    throw new ValidationError(
+      "Invalid NEAR implicit address format",
+      "address"
+    );
+  }
+  return `0x${address.toLowerCase()}`;
+}
+function isValidNearImplicitAddress(address) {
+  if (typeof address !== "string" || address.length === 0) {
+    return false;
+  }
+  if (address.length !== 64) {
+    return false;
+  }
+  return /^[0-9a-f]{64}$/.test(address);
+}
+function isValidNearAccountId(accountId) {
+  if (typeof accountId !== "string" || accountId.length === 0) {
+    return false;
+  }
+  if (isValidNearImplicitAddress(accountId)) {
+    return true;
+  }
+  if (accountId.length < 2 || accountId.length > 64) {
+    return false;
+  }
+  const nearAccountPattern = /^[a-z0-9]([a-z0-9._-]*[a-z0-9])?$/;
+  if (!nearAccountPattern.test(accountId)) {
+    return false;
+  }
+  if (accountId.includes("..")) {
+    return false;
+  }
+  return true;
+}
+
+// src/chains/solana/transfer.ts
+async function sendPrivateSPLTransfer(params) {
+  const {
+    connection,
+    sender,
+    senderTokenAccount,
+    recipientMetaAddress,
+    mint,
+    amount,
+    signTransaction
+  } = params;
+  if (recipientMetaAddress.chain !== "solana") {
+    throw new Error(
+      `Invalid chain: expected 'solana', got '${recipientMetaAddress.chain}'`
+    );
+  }
+  const { stealthAddress } = generateEd25519StealthAddress(recipientMetaAddress);
+  const stealthAddressBase58 = ed25519PublicKeyToSolanaAddress(stealthAddress.address);
+  const stealthPubkey = new PublicKey(stealthAddressBase58);
+  const ephemeralPubkeyBase58 = ed25519PublicKeyToSolanaAddress(
+    stealthAddress.ephemeralPublicKey
+  );
+  const stealthATA = await getAssociatedTokenAddress(
+    mint,
+    stealthPubkey,
+    true
+    // allowOwnerOffCurve - stealth addresses may be off-curve
+  );
+  const transaction = new Transaction();
+  let stealthATAExists = false;
+  try {
+    await getAccount(connection, stealthATA);
+    stealthATAExists = true;
+  } catch {
+    stealthATAExists = false;
+  }
+  if (!stealthATAExists) {
+    transaction.add(
+      createAssociatedTokenAccountInstruction(
+        sender,
+        // payer
+        stealthATA,
+        // associatedToken
+        stealthPubkey,
+        // owner
+        mint,
+        // mint
+        TOKEN_PROGRAM_ID,
+        ASSOCIATED_TOKEN_PROGRAM_ID
+      )
+    );
+  }
+  transaction.add(
+    createTransferInstruction(
+      senderTokenAccount,
+      // source
+      stealthATA,
+      // destination
+      sender,
+      // owner
+      amount
+      // amount
+    )
+  );
+  const viewTagHex = stealthAddress.viewTag.toString(16).padStart(2, "0");
+  const memoContent = createAnnouncementMemo(
+    ephemeralPubkeyBase58,
+    viewTagHex,
+    stealthAddressBase58
+  );
+  const memoInstruction = new TransactionInstruction({
+    keys: [],
+    programId: new PublicKey(MEMO_PROGRAM_ID),
+    data: Buffer.from(memoContent, "utf-8")
+  });
+  transaction.add(memoInstruction);
+  const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash();
+  transaction.recentBlockhash = blockhash;
+  transaction.lastValidBlockHeight = lastValidBlockHeight;
+  transaction.feePayer = sender;
+  const signedTx = await signTransaction(transaction);
+  const txSignature = await connection.sendRawTransaction(signedTx.serialize(), {
+    skipPreflight: false,
+    preflightCommitment: "confirmed"
+  });
+  await connection.confirmTransaction(
+    {
+      signature: txSignature,
+      blockhash,
+      lastValidBlockHeight
+    },
+    "confirmed"
+  );
+  const cluster = detectCluster(connection.rpcEndpoint);
+  return {
+    txSignature,
+    stealthAddress: stealthAddressBase58,
+    ephemeralPublicKey: ephemeralPubkeyBase58,
+    viewTag: viewTagHex,
+    explorerUrl: getExplorerUrl(txSignature, cluster),
+    cluster
+  };
+}
+async function estimatePrivateTransferFee(connection, needsATACreation = true) {
+  let fee = ESTIMATED_TX_FEE_LAMPORTS;
+  if (needsATACreation) {
+    const rentExemption = await connection.getMinimumBalanceForRentExemption(165);
+    fee += BigInt(rentExemption);
+  }
+  return fee;
+}
+async function hasTokenAccount(connection, stealthAddress, mint) {
+  try {
+    const stealthPubkey = new PublicKey(stealthAddress);
+    const ata = await getAssociatedTokenAddress(mint, stealthPubkey, true);
+    await getAccount(connection, ata);
+    return true;
+  } catch {
+    return false;
+  }
+}
+function detectCluster(endpoint) {
+  if (endpoint.includes("devnet")) {
+    return "devnet";
+  }
+  if (endpoint.includes("testnet")) {
+    return "testnet";
+  }
+  if (endpoint.includes("localhost") || endpoint.includes("127.0.0.1")) {
+    return "localnet";
+  }
+  return "mainnet-beta";
+}
+
+// src/chains/solana/scan.ts
+import {
+  PublicKey as PublicKey2,
+  Transaction as Transaction2,
+  Keypair
+} from "@solana/web3.js";
+import {
+  getAssociatedTokenAddress as getAssociatedTokenAddress2,
+  createTransferInstruction as createTransferInstruction2,
+  getAccount as getAccount2
+} from "@solana/spl-token";
+import { hexToBytes as hexToBytes2 } from "@noble/hashes/utils";
+import { ed25519 as ed255192 } from "@noble/curves/ed25519";
+async function scanForPayments(params) {
+  const {
+    connection,
+    viewingPrivateKey,
+    spendingPublicKey,
+    fromSlot,
+    toSlot,
+    limit = 100,
+    provider
+  } = params;
+  const results = [];
+  const memoProgram = new PublicKey2(MEMO_PROGRAM_ID);
+  try {
+    const signatures = await connection.getSignaturesForAddress(
+      memoProgram,
+      {
+        limit,
+        minContextSlot: fromSlot
+      }
+    );
+    const filteredSignatures = toSlot ? signatures.filter((s) => s.slot <= toSlot) : signatures;
+    for (const sigInfo of filteredSignatures) {
+      try {
+        const tx = await connection.getTransaction(sigInfo.signature, {
+          maxSupportedTransactionVersion: 0
+        });
+        if (!tx?.meta?.logMessages) continue;
+        for (const log of tx.meta.logMessages) {
+          if (!log.includes(SIP_MEMO_PREFIX)) continue;
+          const memoMatch = log.match(/Program log: (.+)/);
+          if (!memoMatch) continue;
+          const memoContent = memoMatch[1];
+          const announcement = parseAnnouncement(memoContent);
+          if (!announcement) continue;
+          const ephemeralPubKeyHex = solanaAddressToEd25519PublicKey(
+            announcement.ephemeralPublicKey
+          );
+          const viewTagNumber = parseInt(announcement.viewTag, 16);
+          const stealthAddressToCheck = {
+            address: announcement.stealthAddress ? solanaAddressToEd25519PublicKey(announcement.stealthAddress) : "0x" + "00".repeat(32),
+            // Will be computed
+            ephemeralPublicKey: ephemeralPubKeyHex,
+            viewTag: viewTagNumber
+          };
+          const isOurs = checkEd25519StealthAddress(
+            stealthAddressToCheck,
+            viewingPrivateKey,
+            spendingPublicKey
+          );
+          if (isOurs) {
+            const transferInfo = parseTokenTransfer(tx);
+            if (transferInfo) {
+              let amount = transferInfo.amount;
+              const tokenSymbol = getTokenSymbol(transferInfo.mint);
+              if (provider && announcement.stealthAddress) {
+                try {
+                  const balance = await provider.getTokenBalance(
+                    announcement.stealthAddress,
+                    transferInfo.mint
+                  );
+                  if (balance > 0n) {
+                    amount = balance;
+                  }
+                } catch {
+                }
+              }
+              results.push({
+                stealthAddress: announcement.stealthAddress || "",
+                ephemeralPublicKey: announcement.ephemeralPublicKey,
+                amount,
+                mint: transferInfo.mint,
+                tokenSymbol,
+                txSignature: sigInfo.signature,
+                slot: sigInfo.slot,
+                timestamp: sigInfo.blockTime || 0
+              });
+            }
+          }
+        }
+      } catch (err) {
+        console.warn(`Failed to parse tx ${sigInfo.signature}:`, err);
+      }
+    }
+  } catch (err) {
+    console.error("Scan failed:", err);
+    throw new Error(`Failed to scan for payments: ${err}`);
+  }
+  return results;
+}
+async function claimStealthPayment(params) {
+  const {
+    connection,
+    stealthAddress,
+    ephemeralPublicKey,
+    viewingPrivateKey,
+    spendingPrivateKey,
+    destinationAddress,
+    mint
+  } = params;
+  const stealthAddressHex = solanaAddressToEd25519PublicKey(stealthAddress);
+  const ephemeralPubKeyHex = solanaAddressToEd25519PublicKey(ephemeralPublicKey);
+  const stealthAddressObj = {
+    address: stealthAddressHex,
+    ephemeralPublicKey: ephemeralPubKeyHex,
+    viewTag: 0
+    // Not needed for derivation
+  };
+  const recovery = deriveEd25519StealthPrivateKey(
+    stealthAddressObj,
+    spendingPrivateKey,
+    viewingPrivateKey
+  );
+  const stealthPrivKeyBytes = hexToBytes2(recovery.privateKey.slice(2));
+  const stealthPubkey = new PublicKey2(stealthAddress);
+  const expectedPubKeyBytes = stealthPubkey.toBytes();
+  const scalarBigInt = bytesToBigIntLE2(stealthPrivKeyBytes);
+  const ED25519_ORDER2 = 2n ** 252n + 27742317777372353535851937790883648493n;
+  let validScalar = scalarBigInt % ED25519_ORDER2;
+  if (validScalar === 0n) validScalar = 1n;
+  const derivedPubKeyBytes = ed255192.ExtendedPoint.BASE.multiply(validScalar).toRawBytes();
+  if (!derivedPubKeyBytes.every((b, i) => b === expectedPubKeyBytes[i])) {
+    throw new Error(
+      "Stealth key derivation failed: derived private key does not produce expected public key. This may indicate incorrect spending/viewing keys or corrupted announcement data."
+    );
+  }
+  const stealthKeypair = Keypair.fromSecretKey(
+    new Uint8Array([...stealthPrivKeyBytes, ...expectedPubKeyBytes])
+  );
+  const stealthATA = await getAssociatedTokenAddress2(
+    mint,
+    stealthPubkey,
+    true
+  );
+  const destinationPubkey = new PublicKey2(destinationAddress);
+  const destinationATA = await getAssociatedTokenAddress2(
+    mint,
+    destinationPubkey
+  );
+  const stealthAccount = await getAccount2(connection, stealthATA);
+  const amount = stealthAccount.amount;
+  const transaction = new Transaction2();
+  transaction.add(
+    createTransferInstruction2(
+      stealthATA,
+      destinationATA,
+      stealthPubkey,
+      amount
+    )
+  );
+  const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash();
+  transaction.recentBlockhash = blockhash;
+  transaction.lastValidBlockHeight = lastValidBlockHeight;
+  transaction.feePayer = stealthPubkey;
+  transaction.sign(stealthKeypair);
+  const txSignature = await connection.sendRawTransaction(
+    transaction.serialize(),
+    {
+      skipPreflight: false,
+      preflightCommitment: "confirmed"
+    }
+  );
+  await connection.confirmTransaction(
+    {
+      signature: txSignature,
+      blockhash,
+      lastValidBlockHeight
+    },
+    "confirmed"
+  );
+  const cluster = detectCluster2(connection.rpcEndpoint);
+  return {
+    txSignature,
+    destinationAddress,
+    amount,
+    explorerUrl: getExplorerUrl(txSignature, cluster)
+  };
+}
+async function getStealthBalance(connection, stealthAddress, mint, provider) {
+  if (provider) {
+    try {
+      return await provider.getTokenBalance(stealthAddress, mint.toBase58());
+    } catch {
+    }
+  }
+  try {
+    const stealthPubkey = new PublicKey2(stealthAddress);
+    const ata = await getAssociatedTokenAddress2(mint, stealthPubkey, true);
+    const account = await getAccount2(connection, ata);
+    return account.amount;
+  } catch {
+    return 0n;
+  }
+}
+function parseTokenTransfer(tx) {
+  if (!tx?.meta?.postTokenBalances || !tx.meta.preTokenBalances) {
+    return null;
+  }
+  for (let i = 0; i < tx.meta.postTokenBalances.length; i++) {
+    const post = tx.meta.postTokenBalances[i];
+    const pre = tx.meta.preTokenBalances.find(
+      (p) => p.accountIndex === post.accountIndex
+    );
+    const postAmount = BigInt(post.uiTokenAmount.amount);
+    const preAmount = pre ? BigInt(pre.uiTokenAmount.amount) : 0n;
+    if (postAmount > preAmount) {
+      return {
+        mint: post.mint,
+        amount: postAmount - preAmount
+      };
+    }
+  }
+  return null;
+}
+function getTokenSymbol(mint) {
+  for (const [symbol, address] of Object.entries(SOLANA_TOKEN_MINTS)) {
+    if (address === mint) {
+      return symbol;
+    }
+  }
+  return void 0;
+}
+function detectCluster2(endpoint) {
+  if (endpoint.includes("devnet")) {
+    return "devnet";
+  }
+  if (endpoint.includes("testnet")) {
+    return "testnet";
+  }
+  if (endpoint.includes("localhost") || endpoint.includes("127.0.0.1")) {
+    return "localnet";
+  }
+  return "mainnet-beta";
+}
+function bytesToBigIntLE2(bytes) {
+  let result = 0n;
+  for (let i = bytes.length - 1; i >= 0; i--) {
+    result = result << 8n | BigInt(bytes[i]);
+  }
+  return result;
+}
+
+// src/chains/solana/providers/helius.ts
+var HeliusProvider = class {
+  name = "helius";
+  apiKey;
+  cluster;
+  rpcUrl;
+  restUrl;
+  constructor(config) {
+    if (!config.apiKey) {
+      throw new Error("Helius API key is required. Get one at https://dev.helius.xyz");
+    }
+    this.apiKey = config.apiKey;
+    this.cluster = config.cluster ?? "mainnet-beta";
+    this.rpcUrl = this.cluster === "devnet" ? `https://devnet.helius-rpc.com/?api-key=${this.apiKey}` : `https://mainnet.helius-rpc.com/?api-key=${this.apiKey}`;
+    this.restUrl = this.cluster === "devnet" ? `https://api-devnet.helius.xyz/v0` : `https://api.helius.xyz/v0`;
+  }
+  /**
+   * Get all token assets owned by an address using DAS API
+   *
+   * Uses getAssetsByOwner for comprehensive asset information including
+   * NFTs and fungible tokens with metadata.
+   */
+  async getAssetsByOwner(owner) {
+    const assets = [];
+    let page = 1;
+    const limit = 1e3;
+    let hasMore = true;
+    while (hasMore) {
+      const response = await fetch(this.rpcUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          id: `sip-${Date.now()}`,
+          method: "getAssetsByOwner",
+          params: {
+            ownerAddress: owner,
+            page,
+            limit,
+            displayOptions: {
+              showFungible: true,
+              showNativeBalance: false
+            }
+          }
+        })
+      });
+      if (!response.ok) {
+        throw new Error(`Helius API error: ${response.status} ${response.statusText}`);
+      }
+      const data = await response.json();
+      if (data.error) {
+        throw new Error(`Helius RPC error: ${data.error.message} (code: ${data.error.code})`);
+      }
+      if (data.result?.items) {
+        for (const item of data.result.items) {
+          if (item.interface !== "FungibleToken" && item.interface !== "FungibleAsset") {
+            continue;
+          }
+          const tokenInfo = item.token_info;
+          if (!tokenInfo?.balance) continue;
+          const balanceValue = typeof tokenInfo.balance === "string" ? BigInt(tokenInfo.balance) : BigInt(Math.floor(tokenInfo.balance));
+          assets.push({
+            mint: item.id,
+            amount: balanceValue,
+            decimals: tokenInfo.decimals ?? 0,
+            symbol: tokenInfo.symbol ?? item.content?.metadata?.symbol,
+            name: item.content?.metadata?.name,
+            logoUri: item.content?.links?.image
+          });
+        }
+      }
+      hasMore = data.result?.items?.length === limit;
+      page++;
+      if (page > 100) {
+        console.warn("[HeliusProvider] Reached page limit (100), stopping pagination");
+        break;
+      }
+    }
+    return assets;
+  }
+  /**
+   * Get token balance for a specific mint using Balances API
+   *
+   * More efficient than getAssetsByOwner when you only need one token's balance.
+   */
+  async getTokenBalance(owner, mint) {
+    try {
+      const url = `${this.restUrl}/addresses/${owner}/balances?api-key=${this.apiKey}`;
+      const response = await fetch(url);
+      if (!response.ok) {
+        const assets = await this.getAssetsByOwner(owner);
+        const asset = assets.find((a) => a.mint === mint);
+        return asset?.amount ?? 0n;
+      }
+      const data = await response.json();
+      const token = data.tokens?.find((t) => t.mint === mint);
+      return token ? BigInt(token.amount) : 0n;
+    } catch (error) {
+      console.warn("[HeliusProvider] getTokenBalance error, falling back to DAS:", error);
+      const assets = await this.getAssetsByOwner(owner);
+      const asset = assets.find((a) => a.mint === mint);
+      return asset?.amount ?? 0n;
+    }
+  }
+  /**
+   * Check if provider supports real-time subscriptions
+   *
+   * Helius supports webhooks for real-time notifications,
+   * but that requires server-side setup. Client-side subscriptions
+   * are not directly supported.
+   */
+  supportsSubscriptions() {
+    return false;
+  }
+};
+
+// src/chains/solana/providers/generic.ts
+import {
+  Connection,
+  PublicKey as PublicKey3
+} from "@solana/web3.js";
+import {
+  TOKEN_PROGRAM_ID as TOKEN_PROGRAM_ID2,
+  getAssociatedTokenAddress as getAssociatedTokenAddress3,
+  getAccount as getAccount3
+} from "@solana/spl-token";
+var CLUSTER_ENDPOINTS = {
+  "mainnet-beta": "https://api.mainnet-beta.solana.com",
+  devnet: "https://api.devnet.solana.com",
+  testnet: "https://api.testnet.solana.com"
+};
+function validateSolanaAddress(address, paramName) {
+  try {
+    return new PublicKey3(address);
+  } catch {
+    throw new Error(`Invalid Solana address for ${paramName}: ${address}`);
+  }
+}
+var GenericProvider = class {
+  name = "generic";
+  connection;
+  constructor(config) {
+    if (config.connection) {
+      this.connection = config.connection;
+    } else {
+      const endpoint = config.endpoint ?? CLUSTER_ENDPOINTS[config.cluster ?? "mainnet-beta"];
+      this.connection = new Connection(endpoint, "confirmed");
+    }
+  }
+  /**
+   * Get all token assets owned by an address using getParsedTokenAccountsByOwner
+   *
+   * Note: This is less efficient than Helius DAS API for large wallets,
+   * but works with any RPC endpoint.
+   */
+  async getAssetsByOwner(owner) {
+    const ownerPubkey = validateSolanaAddress(owner, "owner");
+    const accounts = await this.connection.getParsedTokenAccountsByOwner(
+      ownerPubkey,
+      { programId: TOKEN_PROGRAM_ID2 }
+    );
+    const assets = [];
+    for (const { account } of accounts.value) {
+      const parsed = account.data.parsed;
+      if (parsed.type !== "account") continue;
+      const info = parsed.info;
+      const amount = BigInt(info.tokenAmount.amount);
+      if (amount === 0n) continue;
+      assets.push({
+        mint: info.mint,
+        amount,
+        decimals: info.tokenAmount.decimals,
+        // Generic RPC doesn't provide symbol/name, those need metadata lookup
+        symbol: void 0,
+        name: void 0,
+        logoUri: void 0
+      });
+    }
+    return assets;
+  }
+  /**
+   * Get token balance for a specific mint
+   *
+   * Uses getAccount on the associated token address.
+   */
+  async getTokenBalance(owner, mint) {
+    const ownerPubkey = validateSolanaAddress(owner, "owner");
+    const mintPubkey = validateSolanaAddress(mint, "mint");
+    try {
+      const ata = await getAssociatedTokenAddress3(
+        mintPubkey,
+        ownerPubkey,
+        true
+        // allowOwnerOffCurve for PDAs
+      );
+      const account = await getAccount3(this.connection, ata);
+      return account.amount;
+    } catch {
+      return 0n;
+    }
+  }
+  /**
+   * Check if provider supports real-time subscriptions
+   *
+   * Generic RPC supports WebSocket subscriptions but they're not
+   * efficient for monitoring token transfers. Returns false.
+   */
+  supportsSubscriptions() {
+    return false;
+  }
+  /**
+   * Get the underlying Connection object
+   *
+   * Useful for advanced operations that need direct RPC access.
+   */
+  getConnection() {
+    return this.connection;
+  }
+};
+
+// src/chains/solana/providers/interface.ts
+function createProvider(type, config) {
+  switch (type) {
+    case "helius":
+      return new HeliusProvider(config);
+    case "generic":
+      return new GenericProvider(config);
+    case "quicknode":
+    case "triton":
+      throw new Error(
+        `Provider '${type}' is not yet implemented. Use 'helius' or 'generic' for now. See https://github.com/sip-protocol/sip-protocol/issues/${type === "quicknode" ? "494" : "495"}`
+      );
+    default:
+      throw new Error(`Unknown provider type: ${type}`);
+  }
+}
+
+// src/chains/solana/providers/webhook.ts
+function createWebhookHandler(config) {
+  const { viewingPrivateKey, spendingPublicKey, onPaymentFound, onError } = config;
+  if (!viewingPrivateKey || !viewingPrivateKey.startsWith("0x")) {
+    throw new ValidationError("viewingPrivateKey must be a valid hex string starting with 0x", "viewingPrivateKey");
+  }
+  if (!spendingPublicKey || !spendingPublicKey.startsWith("0x")) {
+    throw new ValidationError("spendingPublicKey must be a valid hex string starting with 0x", "spendingPublicKey");
+  }
+  if (typeof onPaymentFound !== "function") {
+    throw new ValidationError("onPaymentFound callback is required", "onPaymentFound");
+  }
+  return async (payload) => {
+    const transactions = Array.isArray(payload) ? payload : [payload];
+    const results = [];
+    for (const tx of transactions) {
+      try {
+        if (isRawTransaction(tx)) {
+          const result = await processRawTransaction(
+            tx,
+            viewingPrivateKey,
+            spendingPublicKey,
+            onPaymentFound
+          );
+          results.push(result);
+        } else {
+          results.push({
+            found: false,
+            signature: tx.signature
+          });
+        }
+      } catch (error) {
+        onError?.(error, isRawTransaction(tx) ? tx : void 0);
+        results.push({
+          found: false,
+          signature: getSignature(tx)
+        });
+      }
+    }
+    return results;
+  };
+}
+async function processRawTransaction(tx, viewingPrivateKey, spendingPublicKey, onPaymentFound) {
+  const signature = tx.transaction?.signatures?.[0] ?? "unknown";
+  if (tx.meta?.err) {
+    return { found: false, signature };
+  }
+  if (!tx.meta?.logMessages) {
+    return { found: false, signature };
+  }
+  for (const log of tx.meta.logMessages) {
+    if (!log.includes(SIP_MEMO_PREFIX)) continue;
+    const memoMatch = log.match(/Program log: (.+)/);
+    if (!memoMatch) continue;
+    const memoContent = memoMatch[1];
+    const announcement = parseAnnouncement(memoContent);
+    if (!announcement) continue;
+    const ephemeralPubKeyHex = solanaAddressToEd25519PublicKey(
+      announcement.ephemeralPublicKey
+    );
+    const viewTagNumber = parseInt(announcement.viewTag, 16);
+    if (!Number.isFinite(viewTagNumber) || viewTagNumber < 0 || viewTagNumber > 255) {
+      continue;
+    }
+    const stealthAddressToCheck = {
+      address: announcement.stealthAddress ? solanaAddressToEd25519PublicKey(announcement.stealthAddress) : "0x" + "00".repeat(32),
+      ephemeralPublicKey: ephemeralPubKeyHex,
+      viewTag: viewTagNumber
+    };
+    let isOurs = false;
+    try {
+      isOurs = checkEd25519StealthAddress(
+        stealthAddressToCheck,
+        viewingPrivateKey,
+        spendingPublicKey
+      );
+    } catch {
+      continue;
+    }
+    if (isOurs) {
+      const transferInfo = parseTokenTransferFromWebhook(tx);
+      const payment = {
+        stealthAddress: announcement.stealthAddress || "",
+        ephemeralPublicKey: announcement.ephemeralPublicKey,
+        amount: transferInfo?.amount ?? 0n,
+        mint: transferInfo?.mint ?? "",
+        tokenSymbol: transferInfo?.mint ? getTokenSymbol2(transferInfo.mint) : void 0,
+        txSignature: signature,
+        slot: tx.slot,
+        timestamp: tx.blockTime
+      };
+      try {
+        await onPaymentFound(payment);
+      } catch {
+      }
+      return { found: true, payment, signature };
+    }
+  }
+  return { found: false, signature };
+}
+function parseTokenTransferFromWebhook(tx) {
+  const { preTokenBalances, postTokenBalances } = tx.meta;
+  if (!postTokenBalances || !preTokenBalances) {
+    return null;
+  }
+  for (const post of postTokenBalances) {
+    const pre = preTokenBalances.find(
+      (p) => p.accountIndex === post.accountIndex
+    );
+    const postAmount = BigInt(post.uiTokenAmount.amount);
+    const preAmount = pre ? BigInt(pre.uiTokenAmount.amount) : 0n;
+    if (postAmount > preAmount) {
+      return {
+        mint: post.mint,
+        amount: postAmount - preAmount
+      };
+    }
+  }
+  return null;
+}
+function getTokenSymbol2(mint) {
+  for (const [symbol, address] of Object.entries(SOLANA_TOKEN_MINTS)) {
+    if (address === mint) {
+      return symbol;
+    }
+  }
+  return void 0;
+}
+function isRawTransaction(tx) {
+  return typeof tx === "object" && tx !== null && "meta" in tx && "transaction" in tx && Array.isArray(tx.transaction?.signatures);
+}
+function getSignature(tx) {
+  if ("signature" in tx && typeof tx.signature === "string") {
+    return tx.signature;
+  }
+  if (isRawTransaction(tx)) {
+    return tx.transaction?.signatures?.[0] ?? "unknown";
+  }
+  return "unknown";
+}
+async function processWebhookTransaction(transaction, viewingPrivateKey, spendingPublicKey) {
+  const result = await processRawTransaction(
+    transaction,
+    viewingPrivateKey,
+    spendingPublicKey,
+    () => {
+    }
+    // No-op callback
+  );
+  return result.found ? result.payment ?? null : null;
+}
+
+export {
+  isValidChainId,
+  isValidPrivacyLevel,
+  isValidHex,
+  isValidHexLength,
+  isValidAmount,
+  isNonNegativeAmount,
+  isValidSlippage,
+  isValidStealthMetaAddress,
+  isValidCompressedPublicKey,
+  isValidEd25519PublicKey,
+  isValidPrivateKey,
+  validateAsset,
+  validateIntentInput,
+  validateIntentOutput,
+  validateCreateIntentParams,
+  validateViewingKey,
+  isValidScalar,
+  validateScalar,
+  getChainAddressType,
+  isAddressValidForChain,
+  secureWipe,
+  withSecureBuffer,
+  withSecureBufferSync,
+  secureWipeAll,
+  generateStealthMetaAddress,
+  generateStealthAddress,
+  deriveStealthPrivateKey,
+  checkStealthAddress,
+  encodeStealthMetaAddress,
+  decodeStealthMetaAddress,
+  publicKeyToEthAddress,
+  isEd25519Chain,
+  getCurveForChain,
+  generateEd25519StealthMetaAddress,
+  generateEd25519StealthAddress,
+  deriveEd25519StealthPrivateKey,
+  checkEd25519StealthAddress,
+  ed25519PublicKeyToSolanaAddress,
+  isValidSolanaAddress,
+  solanaAddressToEd25519PublicKey,
+  ed25519PublicKeyToNearAddress,
+  nearAddressToEd25519PublicKey,
+  isValidNearImplicitAddress,
+  isValidNearAccountId,
+  parseAnnouncement,
+  createAnnouncementMemo,
+  sendPrivateSPLTransfer,
+  estimatePrivateTransferFee,
+  hasTokenAccount,
+  scanForPayments,
+  claimStealthPayment,
+  getStealthBalance,
+  HeliusProvider,
+  GenericProvider,
+  createProvider,
+  createWebhookHandler,
+  processWebhookTransaction
+};