@t402/wdk 2.4.0 → 2.6.0

package/dist/esm/index.mjs

@@ -1,15 +1,296 @@
+import {
+  createWDKBtcSigner,
+  createWDKSparkSigner
+} from "./chunk-7CG77QAN.mjs";
 import {
   WDKSvmSignerAdapter,
-  createWDKSvmSigner
-} from "./chunk-MCFHZSF7.mjs";
+  buildVersionedTransaction,
+  createWDKSvmSigner,
+  deriveATAAddress,
+  getRecentPriorityFees,
+  getTokenProgram,
+  getTransferFee,
+  resolveATA,
+  transferWithPriorityFee
+} from "./chunk-2KWVW77U.mjs";
 import {
   WDKTonSignerAdapter,
-  createWDKTonSigner
-} from "./chunk-YWBJJV5M.mjs";
+  createWDKTonSigner,
+  getJettonWalletAddress,
+  waitForJettonTransfer
+} from "./chunk-KWX6CJIH.mjs";
 import {
   WDKTronSignerAdapter,
   createWDKTronSigner
-} from "./chunk-HB2DGKQ3.mjs";
+} from "./chunk-QZKUU2O6.mjs";
+import {
+  createFacilitatorSigners,
+  createSIWxSigners,
+  createWdkA2APaymentClient,
+  toFacilitatorWdkSigner,
+  toSIWxSigner
+} from "./chunk-TVSNUSFZ.mjs";
+import {
+  __require
+} from "./chunk-BJTO5JO5.mjs";
+
+// src/secret.ts
+var _secretManager = null;
+async function encryptSeed(seedPhrase, password) {
+  if (!seedPhrase || typeof seedPhrase !== "string") {
+    throw new Error("Seed phrase is required and must be a string");
+  }
+  if (!password || typeof password !== "string") {
+    throw new Error("Password is required and must be a string");
+  }
+  const crypto = await import("crypto");
+  const salt = crypto.randomBytes(32);
+  const iv = crypto.randomBytes(16);
+  const key = crypto.pbkdf2Sync(password, salt, 1e5, 32, "sha256");
+  const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
+  const encrypted = Buffer.concat([cipher.update(seedPhrase, "utf8"), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  return {
+    ciphertext: Buffer.concat([encrypted, authTag]).toString("base64"),
+    algorithm: "aes-256-gcm",
+    kdf: {
+      salt: salt.toString("base64"),
+      iterations: 1e5,
+      keyLength: 32,
+      hash: "sha256"
+    },
+    iv: iv.toString("base64"),
+    version: 1
+  };
+}
+async function decryptSeed(encrypted, password) {
+  if (!encrypted || typeof encrypted !== "object") {
+    throw new Error("Encrypted seed data is required");
+  }
+  if (!password || typeof password !== "string") {
+    throw new Error("Password is required and must be a string");
+  }
+  const crypto = await import("crypto");
+  const salt = Buffer.from(encrypted.kdf.salt, "base64");
+  const iv = Buffer.from(encrypted.iv, "base64");
+  const key = crypto.pbkdf2Sync(
+    password,
+    salt,
+    encrypted.kdf.iterations,
+    encrypted.kdf.keyLength,
+    encrypted.kdf.hash
+  );
+  const data = Buffer.from(encrypted.ciphertext, "base64");
+  const authTag = data.subarray(-16);
+  const ciphertext = data.subarray(0, -16);
+  const decipher = crypto.createDecipheriv("aes-256-gcm", key, iv);
+  decipher.setAuthTag(authTag);
+  return Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString("utf8");
+}
+async function rotateSeedPassword(encrypted, oldPassword, newPassword, options) {
+  if (!newPassword || typeof newPassword !== "string") {
+    throw new Error("New password is required and must be a string");
+  }
+  const manager = getSecretManager();
+  const seedPhrase = await manager.decrypt(encrypted, oldPassword);
+  const iterations = options?.iterations ?? encrypted.kdf.iterations;
+  const newVersion = options?.iterations && options.iterations !== encrypted.kdf.iterations ? 2 : encrypted.version;
+  const crypto = await import("crypto");
+  const salt = crypto.randomBytes(32);
+  const iv = crypto.randomBytes(16);
+  const key = crypto.pbkdf2Sync(newPassword, salt, iterations, 32, "sha256");
+  const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
+  const encryptedData = Buffer.concat([cipher.update(seedPhrase, "utf8"), cipher.final()]);
+  const authTag = cipher.getAuthTag();
+  return {
+    ciphertext: Buffer.concat([encryptedData, authTag]).toString("base64"),
+    algorithm: "aes-256-gcm",
+    kdf: {
+      salt: salt.toString("base64"),
+      iterations,
+      keyLength: 32,
+      hash: "sha256"
+    },
+    iv: iv.toString("base64"),
+    version: newVersion
+  };
+}
+function registerSecretManager(manager) {
+  _secretManager = manager;
+}
+function getSecretManager() {
+  if (_secretManager) {
+    return _secretManager;
+  }
+  return {
+    encrypt: encryptSeed,
+    decrypt: decryptSeed
+  };
+}
+async function createBackup(seedPhrase, password, metadata) {
+  if (!seedPhrase || typeof seedPhrase !== "string") {
+    throw new Error("Seed phrase is required and must be a string");
+  }
+  if (!password || typeof password !== "string") {
+    throw new Error("Password is required and must be a string");
+  }
+  const manager = getSecretManager();
+  const encrypted = await manager.encrypt(seedPhrase, password);
+  const envelope = {
+    encrypted,
+    metadata
+  };
+  return JSON.stringify(envelope, null, 2);
+}
+async function verifyBackup(backup, password, expectedAddresses) {
+  let envelope;
+  try {
+    envelope = JSON.parse(backup);
+  } catch {
+    return { valid: false, addressMatch: false };
+  }
+  if (!envelope.encrypted || !envelope.metadata) {
+    return { valid: false, addressMatch: false };
+  }
+  try {
+    const manager = getSecretManager();
+    await manager.decrypt(envelope.encrypted, password);
+  } catch {
+    return { valid: false, addressMatch: false };
+  }
+  let addressMatch = true;
+  if (expectedAddresses && envelope.metadata.addressHints) {
+    for (const [chain, expectedAddr] of Object.entries(expectedAddresses)) {
+      const hint = envelope.metadata.addressHints[chain];
+      if (hint && hint.toLowerCase() !== expectedAddr.toLowerCase()) {
+        addressMatch = false;
+        break;
+      }
+    }
+  }
+  return { valid: true, addressMatch, metadata: envelope.metadata };
+}
+
+// src/events.ts
+var T402EventEmitter = class {
+  handlers = /* @__PURE__ */ new Map();
+  on(event, handler) {
+    let set = this.handlers.get(event);
+    if (!set) {
+      set = /* @__PURE__ */ new Set();
+      this.handlers.set(event, set);
+    }
+    set.add(handler);
+    return this;
+  }
+  off(event, handler) {
+    const set = this.handlers.get(event);
+    if (set) {
+      set.delete(handler);
+      if (set.size === 0) {
+        this.handlers.delete(event);
+      }
+    }
+    return this;
+  }
+  once(event, handler) {
+    const wrapper = (data) => {
+      this.off(event, wrapper);
+      handler(data);
+    };
+    return this.on(event, wrapper);
+  }
+  emit(event, data) {
+    const set = this.handlers.get(event);
+    if (!set || set.size === 0) {
+      return false;
+    }
+    for (const handler of set) {
+      handler(data);
+    }
+    return true;
+  }
+  removeAllListeners(event) {
+    if (event) {
+      this.handlers.delete(event);
+    } else {
+      this.handlers.clear();
+    }
+    return this;
+  }
+  listenerCount(event) {
+    return this.handlers.get(event)?.size ?? 0;
+  }
+};
+
+// src/receipts.ts
+var InMemoryReceiptStore = class {
+  receipts = /* @__PURE__ */ new Map();
+  async save(receipt) {
+    this.receipts.set(receipt.id, receipt);
+  }
+  async getById(id) {
+    return this.receipts.get(id) ?? null;
+  }
+  async query(filter) {
+    let results = Array.from(this.receipts.values());
+    results = applyFilter(results, filter);
+    return results;
+  }
+  async getAll() {
+    return Array.from(this.receipts.values());
+  }
+  async count(filter) {
+    if (!filter) {
+      return this.receipts.size;
+    }
+    const filtered = applyFilter(Array.from(this.receipts.values()), filter);
+    return filtered.length;
+  }
+  async clear() {
+    this.receipts.clear();
+  }
+  async exportJSON() {
+    return JSON.stringify(Array.from(this.receipts.values()), null, 2);
+  }
+};
+function applyFilter(receipts, filter) {
+  if (!filter) return receipts;
+  let results = receipts;
+  if (filter.network !== void 0) {
+    results = results.filter((r) => r.network === filter.network);
+  }
+  if (filter.chainFamily !== void 0) {
+    results = results.filter((r) => r.chainFamily === filter.chainFamily);
+  }
+  if (filter.success !== void 0) {
+    results = results.filter((r) => r.success === filter.success);
+  }
+  if (filter.fromDate !== void 0) {
+    const from = filter.fromDate;
+    results = results.filter((r) => r.timestamp >= from);
+  }
+  if (filter.toDate !== void 0) {
+    const to = filter.toDate;
+    results = results.filter((r) => r.timestamp <= to);
+  }
+  if (filter.minAmount !== void 0) {
+    const min = BigInt(filter.minAmount);
+    results = results.filter((r) => BigInt(r.amount) >= min);
+  }
+  if (filter.maxAmount !== void 0) {
+    const max = BigInt(filter.maxAmount);
+    results = results.filter((r) => BigInt(r.amount) <= max);
+  }
+  results.sort((a, b) => a.timestamp > b.timestamp ? -1 : a.timestamp < b.timestamp ? 1 : 0);
+  if (filter.offset !== void 0 && filter.offset > 0) {
+    results = results.slice(filter.offset);
+  }
+  if (filter.limit !== void 0 && filter.limit > 0) {
+    results = results.slice(0, filter.limit);
+  }
+  return results;
+}
 
 // src/cache.ts
 var DEFAULT_CACHE_CONFIG = {
@@ -629,6 +910,145 @@ var CHAIN_TOKENS = {
     }
   ]
 };
+var CHAIN_REGISTRY = {
+  // --- EVM chains (derived from existing constants) ---
+  ethereum: {
+    family: "evm",
+    chainId: 1,
+    caip2: "eip155:1",
+    rpcEndpoints: ["https://eth.drpc.org"],
+    tokens: (CHAIN_TOKENS.ethereum ?? []).map((t) => ({
+      address: t.address,
+      symbol: t.symbol,
+      decimals: t.decimals
+    }))
+  },
+  arbitrum: {
+    family: "evm",
+    chainId: 42161,
+    caip2: "eip155:42161",
+    rpcEndpoints: ["https://arb1.arbitrum.io/rpc"],
+    tokens: (CHAIN_TOKENS.arbitrum ?? []).map((t) => ({
+      address: t.address,
+      symbol: t.symbol,
+      decimals: t.decimals
+    }))
+  },
+  base: {
+    family: "evm",
+    chainId: 8453,
+    caip2: "eip155:8453",
+    rpcEndpoints: ["https://mainnet.base.org"],
+    tokens: (CHAIN_TOKENS.base ?? []).map((t) => ({
+      address: t.address,
+      symbol: t.symbol,
+      decimals: t.decimals
+    }))
+  },
+  ink: {
+    family: "evm",
+    chainId: 57073,
+    caip2: "eip155:57073",
+    rpcEndpoints: ["https://rpc-gel.inkonchain.com"],
+    tokens: (CHAIN_TOKENS.ink ?? []).map((t) => ({
+      address: t.address,
+      symbol: t.symbol,
+      decimals: t.decimals
+    }))
+  },
+  berachain: {
+    family: "evm",
+    chainId: 80094,
+    caip2: "eip155:80094",
+    rpcEndpoints: [],
+    tokens: (CHAIN_TOKENS.berachain ?? []).map((t) => ({
+      address: t.address,
+      symbol: t.symbol,
+      decimals: t.decimals
+    }))
+  },
+  unichain: {
+    family: "evm",
+    chainId: 130,
+    caip2: "eip155:130",
+    rpcEndpoints: [],
+    tokens: (CHAIN_TOKENS.unichain ?? []).map((t) => ({
+      address: t.address,
+      symbol: t.symbol,
+      decimals: t.decimals
+    }))
+  },
+  optimism: {
+    family: "evm",
+    chainId: 10,
+    caip2: "eip155:10",
+    rpcEndpoints: ["https://mainnet.optimism.io"],
+    tokens: (CHAIN_TOKENS.optimism ?? []).map((t) => ({
+      address: t.address,
+      symbol: t.symbol,
+      decimals: t.decimals
+    }))
+  },
+  polygon: {
+    family: "evm",
+    chainId: 137,
+    caip2: "eip155:137",
+    rpcEndpoints: ["https://polygon-rpc.com"],
+    tokens: (CHAIN_TOKENS.polygon ?? []).map((t) => ({
+      address: t.address,
+      symbol: t.symbol,
+      decimals: t.decimals
+    }))
+  },
+  // --- Non-EVM chains ---
+  ton: {
+    family: "ton",
+    caip2: "ton:mainnet",
+    rpcEndpoints: ["https://toncenter.com/api/v2/jsonRPC"],
+    tokens: [
+      {
+        address: "EQCxE6mUtQJKFnGfaROTKOt1lZbDiiX1kCixRv7Nw2Id_sDs",
+        symbol: "USDT",
+        decimals: 6
+      }
+    ]
+  },
+  tron: {
+    family: "tron",
+    caip2: "tron:mainnet",
+    rpcEndpoints: ["https://api.trongrid.io"],
+    tokens: [
+      {
+        address: "TR7NHqjeKQxGTCi8q8ZY4pL8otSzgjLj6t",
+        symbol: "USDT",
+        decimals: 6
+      }
+    ]
+  },
+  solana: {
+    family: "svm",
+    caip2: "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp",
+    rpcEndpoints: ["https://api.mainnet-beta.solana.com"],
+    tokens: [
+      {
+        address: "Es9vMFrzaCERmJfrF4H2FYD4KCoNkY11McCe8BenwNYB",
+        symbol: "USDT",
+        decimals: 6
+      }
+    ]
+  }
+};
+function getRegistryByCaip2(caip2) {
+  for (const entry of Object.values(CHAIN_REGISTRY)) {
+    if (entry.caip2 === caip2) {
+      return entry;
+    }
+  }
+  return void 0;
+}
+function getChainsByFamily(family) {
+  return Object.entries(CHAIN_REGISTRY).filter(([, entry]) => entry.family === family).map(([name]) => name);
+}
 function normalizeChainConfig(chainName, config) {
   const defaultConfig = DEFAULT_CHAINS[chainName];
   if (typeof config === "string") {
@@ -639,8 +1059,9 @@ function normalizeChainConfig(chainName, config) {
       name: chainName
     };
   }
+  const resolvedProvider = Array.isArray(config.provider) ? config.provider[0] : config.provider;
   return {
-    provider: config.provider,
+    provider: resolvedProvider,
     chainId: config.chainId ?? defaultConfig?.chainId ?? 1,
     network: config.network ?? defaultConfig?.network ?? `eip155:${config.chainId}`,
     name: chainName
@@ -655,6 +1076,11 @@ function getChainFromNetwork(network) {
       return chain;
     }
   }
+  for (const [chain, entry] of Object.entries(CHAIN_REGISTRY)) {
+    if (entry.caip2 === network) {
+      return chain;
+    }
+  }
   return void 0;
 }
 function getChainId(chain) {
@@ -1317,6 +1743,65 @@ var WDKSigner = class {
       );
     }
   }
+  /**
+   * Sign an EIP-2612 permit for gasless token approvals
+   *
+   * @param params - Permit parameters
+   * @returns The permit signature components (v, r, s)
+   * @throws {SigningError} If signing fails
+   */
+  async signPermit(params) {
+    if (!params.token || !params.token.startsWith("0x")) {
+      throw new SigningError(
+        4003 /* INVALID_TYPED_DATA */,
+        `Invalid token address: ${params.token}`,
+        { operation: "signTypedData", context: { chain: this._chain } }
+      );
+    }
+    if (!params.spender || !params.spender.startsWith("0x")) {
+      throw new SigningError(
+        4003 /* INVALID_TYPED_DATA */,
+        `Invalid spender address: ${params.spender}`,
+        { operation: "signTypedData", context: { chain: this._chain } }
+      );
+    }
+    const chainId = this.getChainId();
+    const nonce = params.nonce ?? 0n;
+    const typedData = {
+      domain: {
+        name: params.tokenName ?? "Tether USD",
+        version: params.tokenVersion ?? "1",
+        chainId: BigInt(chainId),
+        verifyingContract: params.token
+      },
+      types: {
+        Permit: [
+          { name: "owner", type: "address" },
+          { name: "spender", type: "address" },
+          { name: "value", type: "uint256" },
+          { name: "nonce", type: "uint256" },
+          { name: "deadline", type: "uint256" }
+        ]
+      },
+      primaryType: "Permit",
+      message: {
+        owner: this.address,
+        spender: params.spender,
+        value: params.value.toString(),
+        nonce: nonce.toString(),
+        deadline: params.deadline.toString()
+      }
+    };
+    const signature = await this.signTypedData(typedData);
+    const sigHex = signature.slice(2);
+    const r = `0x${sigHex.slice(0, 64)}`;
+    const s = `0x${sigHex.slice(64, 128)}`;
+    let v = parseInt(sigHex.slice(128, 130), 16);
+    if (v < 27) {
+      v += 27;
+    }
+    return { v, r, s };
+  }
   /**
    * Send a transaction (for advanced use cases)
    *
@@ -1387,6 +1872,311 @@ var MockWDKSigner = class {
 
 // src/t402wdk.ts
 import { supportsBridging, getBridgeableChains } from "@t402/evm";
+
+// src/pricing.ts
+var _registeredPricingProvider = null;
+function registerPricingProvider(provider) {
+  _registeredPricingProvider = provider;
+}
+function getPricingProvider() {
+  return _registeredPricingProvider;
+}
+function isPricingProviderRegistered() {
+  return _registeredPricingProvider !== null;
+}
+var STABLECOIN_SYMBOLS = /* @__PURE__ */ new Set(["USDT", "USDT0", "USDC", "DAI", "BUSD"]);
+var DEFAULT_TTL = 6e4;
+var DEFAULT_FIAT = ["USD", "EUR", "GBP", "JPY"];
+function createWdkMoneyParser(config) {
+  const cacheTTL = config?.cacheTTL ?? DEFAULT_TTL;
+  const supportedFiat = new Set(config?.supportedFiat ?? DEFAULT_FIAT);
+  const cache = /* @__PURE__ */ new Map();
+  return async (amount, network) => {
+    if (!Number.isFinite(amount) || amount <= 0) return null;
+    const chain = getChainFromNetwork(network);
+    if (!chain) return null;
+    const tokenInfo = getPreferredToken(chain);
+    if (!tokenInfo) return null;
+    if (STABLECOIN_SYMBOLS.has(tokenInfo.symbol.toUpperCase())) {
+      return {
+        amount: toAtomicUnits(amount, tokenInfo.decimals),
+        asset: tokenInfo.address
+      };
+    }
+    const currency = "USD";
+    if (!supportedFiat.has(currency)) return null;
+    const cacheKey = `${currency}_${tokenInfo.symbol}`;
+    const cached = cache.get(cacheKey);
+    const now = Date.now();
+    let rate;
+    if (cached && now - cached.fetchedAt < cacheTTL) {
+      rate = cached.rate;
+    } else {
+      rate = await fetchRate(currency, tokenInfo.symbol);
+      cache.set(cacheKey, { rate, fetchedAt: now });
+    }
+    const convertedAmount = amount * rate;
+    return {
+      amount: toAtomicUnits(convertedAmount, tokenInfo.decimals),
+      asset: tokenInfo.address
+    };
+  };
+}
+function toAtomicUnits(amount, decimals) {
+  const factor = 10 ** decimals;
+  const atomic = Math.round(amount * factor);
+  return atomic.toString();
+}
+function resolveAssetForNetwork(token, network) {
+  const chain = getChainFromNetwork(network);
+  if (!chain) return null;
+  const upper = token.toUpperCase();
+  if (upper === "USDT0" || upper === "USDT") {
+    return USDT0_ADDRESSES[chain] ?? null;
+  }
+  if (upper === "USDC") {
+    return USDC_ADDRESSES[chain] ?? null;
+  }
+  return null;
+}
+async function fetchRate(fromCurrency, toToken) {
+  if (_registeredPricingProvider) {
+    try {
+      return await _registeredPricingProvider.getRate(fromCurrency, toToken);
+    } catch {
+    }
+  }
+  if (fromCurrency.toUpperCase() === "USD") {
+    return 1;
+  }
+  const placeholderRates = {
+    EUR: 1.08,
+    GBP: 1.27,
+    JPY: 67e-4
+  };
+  return placeholderRates[fromCurrency.toUpperCase()] ?? 1;
+}
+
+// src/failover.ts
+var DEFAULT_HEALTH_CHECK_INTERVAL = 3e4;
+var DEFAULT_REQUEST_TIMEOUT = 5e3;
+var DEFAULT_MAX_FAILURES = 3;
+var FailoverProvider = class {
+  providers;
+  currentIndex = 0;
+  healthCheckTimer;
+  maxFailures;
+  requestTimeout;
+  constructor(config) {
+    if (!config.urls || config.urls.length === 0) {
+      throw new Error("FailoverProvider requires at least one URL");
+    }
+    this.maxFailures = config.maxFailures ?? DEFAULT_MAX_FAILURES;
+    this.requestTimeout = config.requestTimeout ?? DEFAULT_REQUEST_TIMEOUT;
+    this.providers = config.urls.map((url) => ({
+      url,
+      healthy: true,
+      lastChecked: Date.now(),
+      consecutiveFailures: 0
+    }));
+    const interval = config.healthCheckInterval ?? DEFAULT_HEALTH_CHECK_INTERVAL;
+    if (interval > 0) {
+      this.startHealthChecks(interval);
+    }
+  }
+  /**
+   * Get current active RPC URL
+   */
+  getCurrentUrl() {
+    return this.providers[this.currentIndex].url;
+  }
+  /**
+   * Report a failure on the current URL.
+   * Auto-switches to next healthy provider if failure threshold is reached.
+   *
+   * @returns The new URL if switched, or null if no switch occurred
+   */
+  reportFailure() {
+    const provider = this.providers[this.currentIndex];
+    provider.consecutiveFailures++;
+    provider.lastChecked = Date.now();
+    if (provider.consecutiveFailures >= this.maxFailures) {
+      provider.healthy = false;
+      return this.switchToNext();
+    }
+    return null;
+  }
+  /**
+   * Report success on the current URL, reset failure counter.
+   */
+  reportSuccess() {
+    const provider = this.providers[this.currentIndex];
+    provider.consecutiveFailures = 0;
+    provider.healthy = true;
+    provider.lastChecked = Date.now();
+  }
+  /**
+   * Get all provider statuses
+   */
+  getStatus() {
+    return this.providers.map((p) => ({ ...p }));
+  }
+  /**
+   * Force switch to next healthy provider.
+   *
+   * @returns The new URL, or null if no healthy providers available
+   */
+  switchToNext() {
+    const startIndex = this.currentIndex;
+    for (let i = 1; i <= this.providers.length; i++) {
+      const nextIndex = (startIndex + i) % this.providers.length;
+      if (this.providers[nextIndex].healthy) {
+        this.currentIndex = nextIndex;
+        return this.providers[nextIndex].url;
+      }
+    }
+    return null;
+  }
+  /**
+   * Get the request timeout in milliseconds
+   */
+  getRequestTimeout() {
+    return this.requestTimeout;
+  }
+  /**
+   * Stop health checks and clean up resources
+   */
+  dispose() {
+    if (this.healthCheckTimer) {
+      clearInterval(this.healthCheckTimer);
+      this.healthCheckTimer = void 0;
+    }
+  }
+  startHealthChecks(interval) {
+    this.healthCheckTimer = setInterval(() => {
+      for (const provider of this.providers) {
+        if (!provider.healthy) {
+          this.checkHealth(provider);
+        }
+      }
+    }, interval);
+    if (this.healthCheckTimer.unref) {
+      this.healthCheckTimer.unref();
+    }
+  }
+  async checkHealth(provider) {
+    try {
+      const controller = new AbortController();
+      const timeout = setTimeout(() => controller.abort(), this.requestTimeout);
+      const response = await fetch(provider.url, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          jsonrpc: "2.0",
+          method: "eth_chainId",
+          params: [],
+          id: 1
+        }),
+        signal: controller.signal
+      });
+      clearTimeout(timeout);
+      if (response.ok) {
+        provider.healthy = true;
+        provider.consecutiveFailures = 0;
+        provider.lastChecked = Date.now();
+        return true;
+      }
+    } catch {
+    }
+    provider.lastChecked = Date.now();
+    return false;
+  }
+};
+function createFailoverProvider(config) {
+  if (typeof config === "string") return null;
+  if (Array.isArray(config)) return new FailoverProvider({ urls: config });
+  return new FailoverProvider(config);
+}
+function resolveRpcUrl(config) {
+  if (typeof config === "string") return config;
+  if (Array.isArray(config)) return config[0];
+  return config.urls[0];
+}
+
+// src/t402wdk.ts
+var SUPPORTED_WDK_RANGE = ">=1.0.0-beta.5 <2.0.0";
+function parseSemver(version) {
+  const match = version.match(/^v?(\d+)\.(\d+)\.(\d+)(?:-(.+))?$/);
+  if (!match) return null;
+  return {
+    major: parseInt(match[1], 10),
+    minor: parseInt(match[2], 10),
+    patch: parseInt(match[3], 10),
+    prerelease: match[4] ?? ""
+  };
+}
+function comparePrereleases(a, b) {
+  if (a === b) return 0;
+  if (a === "" && b !== "") return 1;
+  if (a !== "" && b === "") return -1;
+  const aParts = a.split(".");
+  const bParts = b.split(".");
+  const len = Math.max(aParts.length, bParts.length);
+  for (let i = 0; i < len; i++) {
+    const ap = aParts[i] ?? "";
+    const bp = bParts[i] ?? "";
+    const aNum = /^\d+$/.test(ap);
+    const bNum = /^\d+$/.test(bp);
+    if (aNum && bNum) {
+      const diff = parseInt(ap, 10) - parseInt(bp, 10);
+      if (diff !== 0) return diff;
+    } else if (aNum !== bNum) {
+      return aNum ? -1 : 1;
+    } else {
+      if (ap < bp) return -1;
+      if (ap > bp) return 1;
+    }
+  }
+  return 0;
+}
+function compareSemver(a, b) {
+  const pa = parseSemver(a);
+  const pb = parseSemver(b);
+  if (!pa || !pb) return 0;
+  if (pa.major !== pb.major) return pa.major - pb.major > 0 ? 1 : -1;
+  if (pa.minor !== pb.minor) return pa.minor - pb.minor > 0 ? 1 : -1;
+  if (pa.patch !== pb.patch) return pa.patch - pb.patch > 0 ? 1 : -1;
+  return comparePrereleases(pa.prerelease, pb.prerelease);
+}
+function satisfiesSemverRange(version, range) {
+  const parsed = parseSemver(version);
+  if (!parsed) return false;
+  const constraints = range.trim().split(/\s+/);
+  for (const constraint of constraints) {
+    const match = constraint.match(/^(>=|<=|>|<|=)(.+)$/);
+    if (!match) continue;
+    const [, op, target] = match;
+    const cmp = compareSemver(version, target);
+    switch (op) {
+      case ">=":
+        if (cmp < 0) return false;
+        break;
+      case ">":
+        if (cmp <= 0) return false;
+        break;
+      case "<=":
+        if (cmp > 0) return false;
+        break;
+      case "<":
+        if (cmp >= 0) return false;
+        break;
+      case "=":
+        if (cmp !== 0) return false;
+        break;
+    }
+  }
+  return true;
+}
 var T402WDK = class _T402WDK {
   _wdk = null;
   _normalizedChains = /* @__PURE__ */ new Map();
@@ -1394,17 +2184,107 @@ var T402WDK = class _T402WDK {
   _signerCache = /* @__PURE__ */ new Map();
   _balanceCache;
   _initializationError = null;
-  // WDK module references (set via registerWDK)
-  static _WDK = null;
-  static _WalletManagerEvm = null;
-  static _BridgeUsdt0Evm = null;
-  // Multi-chain wallet module storage
-  static _WalletModules = {};
-  static _ProtocolModules = {};
+  _events = new T402EventEmitter();
+  _receiptStore = new InMemoryReceiptStore();
+  _disposed = false;
+  // Instance-level module references (#204 multi-instance)
+  _wdkConstructor = null;
+  _walletManagerEvm = null;
+  _bridgeUsdt0Evm = null;
+  _walletModules = {};
+  _protocolModules = {};
+  _fiatOnRampProvider = null;
+  _middlewares = /* @__PURE__ */ new Map();
+  // Retry config (#202 network resilience)
+  _retryConfig;
+  // Failover providers (#195)
+  _failoverProviders = /* @__PURE__ */ new Map();
+  // Static defaults for backward compatibility (#204)
+  static _defaultModules = {};
+  // Legacy static accessors for tests that access _WDK, _WalletManagerEvm, etc.
+  static get _WDK() {
+    return _T402WDK._defaultModules.wdk ?? null;
+  }
+  static set _WDK(val) {
+    if (val === null) {
+      delete _T402WDK._defaultModules.wdk;
+    } else {
+      _T402WDK._defaultModules.wdk = val;
+    }
+  }
+  static get _WalletManagerEvm() {
+    return _T402WDK._defaultModules.walletManagerEvm ?? null;
+  }
+  static set _WalletManagerEvm(val) {
+    if (val === null) {
+      delete _T402WDK._defaultModules.walletManagerEvm;
+      if (_T402WDK._defaultModules.wallets) {
+        delete _T402WDK._defaultModules.wallets.evm;
+      }
+    } else {
+      _T402WDK._defaultModules.walletManagerEvm = val;
+      if (!_T402WDK._defaultModules.wallets) {
+        _T402WDK._defaultModules.wallets = {};
+      }
+      _T402WDK._defaultModules.wallets.evm = val;
+    }
+  }
+  static get _BridgeUsdt0Evm() {
+    return _T402WDK._defaultModules.bridgeUsdt0Evm ?? null;
+  }
+  static set _BridgeUsdt0Evm(val) {
+    if (val === null) {
+      delete _T402WDK._defaultModules.bridgeUsdt0Evm;
+      if (_T402WDK._defaultModules.protocols) {
+        delete _T402WDK._defaultModules.protocols.bridgeUsdt0Evm;
+      }
+    } else {
+      _T402WDK._defaultModules.bridgeUsdt0Evm = val;
+      if (!_T402WDK._defaultModules.protocols) {
+        _T402WDK._defaultModules.protocols = {};
+      }
+      _T402WDK._defaultModules.protocols.bridgeUsdt0Evm = val;
+    }
+  }
+  static get _WalletModules() {
+    return _T402WDK._defaultModules.wallets ?? {};
+  }
+  static set _WalletModules(val) {
+    _T402WDK._defaultModules.wallets = val;
+  }
+  static get _ProtocolModules() {
+    return _T402WDK._defaultModules.protocols ?? {};
+  }
+  static set _ProtocolModules(val) {
+    _T402WDK._defaultModules.protocols = val;
+  }
+  static get _fiatOnRampProvider() {
+    return _T402WDK._defaultModules.fiatOnRampProvider ?? null;
+  }
+  static set _fiatOnRampProvider(val) {
+    if (val === null) {
+      delete _T402WDK._defaultModules.fiatOnRampProvider;
+    } else {
+      _T402WDK._defaultModules.fiatOnRampProvider = val;
+    }
+  }
+  static get _middlewares() {
+    if (!_T402WDK._defaultModules.middlewares) {
+      _T402WDK._defaultModules.middlewares = /* @__PURE__ */ new Map();
+    }
+    return _T402WDK._defaultModules.middlewares;
+  }
+  static set _middlewares(val) {
+    _T402WDK._defaultModules.middlewares = val;
+  }
+  // HD path-derived signer cache
+  _pathSignerCache = /* @__PURE__ */ new Map();
   // Multi-chain signer caches
   _tonSignerCache = /* @__PURE__ */ new Map();
   _svmSignerCache = /* @__PURE__ */ new Map();
   _tronSignerCache = /* @__PURE__ */ new Map();
+  _sparkSignerCache = /* @__PURE__ */ new Map();
+  _btcSignerCache = /* @__PURE__ */ new Map();
   /**
    * Register the Tether WDK modules
    *
@@ -1443,6 +2323,14 @@ var T402WDK = class _T402WDK {
     if (typeof WDK !== "function") {
       throw new WDKInitializationError("WDK must be a constructor function");
     }
+    const wdkVersion = WDK.version;
+    if (wdkVersion && typeof wdkVersion === "string") {
+      if (!satisfiesSemverRange(wdkVersion, SUPPORTED_WDK_RANGE)) {
+        throw new WDKInitializationError(
+          `WDK version ${wdkVersion} is not supported. Required: ${SUPPORTED_WDK_RANGE}`
+        );
+      }
+    }
     _T402WDK._WDK = WDK;
     if (modulesOrWalletManager && typeof modulesOrWalletManager === "object" && ("wallets" in modulesOrWalletManager || "protocols" in modulesOrWalletManager)) {
       const modules = modulesOrWalletManager;
@@ -1493,6 +2381,18 @@ var T402WDK = class _T402WDK {
   static isTronRegistered() {
     return _T402WDK._WalletModules.tron !== void 0;
   }
+  /**
+   * Check if Spark wallet manager is registered
+   */
+  static isSparkRegistered() {
+    return _T402WDK._WalletModules.spark !== void 0;
+  }
+  /**
+   * Check if Bitcoin wallet manager is registered
+   */
+  static isBtcRegistered() {
+    return _T402WDK._WalletModules.btc !== void 0;
+  }
   /**
    * Get all registered wallet modules
    */
@@ -1510,15 +2410,71 @@ var T402WDK = class _T402WDK {
     );
   }
   /**
-   * Generate a new random seed phrase
+   * Register a fiat on-ramp provider
    *
-   * @throws {WDKInitializationError} If WDK is not registered
-   * @returns A new BIP-39 mnemonic seed phrase
+   * @param provider - A FiatOnRampProvider implementation (e.g., MoonpayOnRampProvider)
+   *
+   * @example
+   * ```typescript
+   * import { T402WDK, MoonpayOnRampProvider } from '@t402/wdk';
+   *
+   * T402WDK.registerFiatOnRamp(new MoonpayOnRampProvider({ apiKey: 'pk_test_...' }));
+   * ```
    */
-  static generateSeedPhrase() {
-    if (!_T402WDK._WDK) {
-      throw new WDKInitializationError(
-        "WDK not registered. Call T402WDK.registerWDK() first, or use a mock seed phrase for testing."
+  static registerFiatOnRamp(provider) {
+    if (!provider || typeof provider.getQuote !== "function") {
+      throw new WDKInitializationError("A valid FiatOnRampProvider is required");
+    }
+    _T402WDK._fiatOnRampProvider = provider;
+  }
+  /**
+   * Check if a fiat on-ramp provider is registered
+   */
+  static isFiatOnRampRegistered() {
+    return _T402WDK._fiatOnRampProvider !== null;
+  }
+  /**
+   * Register a pricing provider for fiat-to-crypto rate conversion
+   */
+  static registerPricingProvider(provider) {
+    registerPricingProvider(provider);
+  }
+  /**
+   * Check if a pricing provider is registered
+   */
+  static isPricingProviderRegistered() {
+    return isPricingProviderRegistered();
+  }
+  /**
+   * Register a middleware for a chain
+   */
+  static registerMiddleware(chain, fn) {
+    const existing = _T402WDK._middlewares.get(chain) ?? [];
+    existing.push(fn);
+    _T402WDK._middlewares.set(chain, existing);
+  }
+  /**
+   * Get registered middlewares for a chain
+   */
+  static getMiddlewares(chain) {
+    return _T402WDK._middlewares.get(chain) ?? [];
+  }
+  /**
+   * Clear all middlewares
+   */
+  static clearMiddlewares() {
+    _T402WDK._middlewares.clear();
+  }
+  /**
+   * Generate a new random seed phrase
+   *
+   * @throws {WDKInitializationError} If WDK is not registered
+   * @returns A new BIP-39 mnemonic seed phrase
+   */
+  static generateSeedPhrase() {
+    if (!_T402WDK._WDK) {
+      throw new WDKInitializationError(
+        "WDK not registered. Call T402WDK.registerWDK() first, or use a mock seed phrase for testing."
       );
     }
     try {
@@ -1559,6 +2515,131 @@ var T402WDK = class _T402WDK {
     _T402WDK.registerWDK(WDK, config.modules);
     return new _T402WDK(config.seedPhrase, config.chains, config.options);
   }
+  /**
+   * Auto-discover installed WDK packages using dynamic imports.
+   *
+   * Probes known `@tetherto/wdk-*` packages and returns the ones that
+   * are installed and importable.
+   *
+   * @returns Discovery result with available/unavailable packages and ready-to-use modules config
+   *
+   * @example
+   * ```typescript
+   * const result = await T402WDK.autoDiscover();
+   * console.log('Found:', result.available);
+   * console.log('Missing:', result.unavailable);
+   * ```
+   */
+  static async autoDiscover() {
+    const walletPackages = {
+      evm: "@tetherto/wdk-wallet-evm",
+      solana: "@tetherto/wdk-wallet-solana",
+      ton: "@tetherto/wdk-wallet-ton",
+      tron: "@tetherto/wdk-wallet-tron",
+      btc: "@tetherto/wdk-wallet-btc",
+      spark: "@buildonspark/spark-sdk",
+      evmErc4337: "@tetherto/wdk-wallet-evm-erc-4337",
+      tonGasless: "@tetherto/wdk-wallet-ton-gasless",
+      tronGasfree: "@tetherto/wdk-wallet-tron-gasfree"
+    };
+    const protocolPackages = {
+      bridgeUsdt0Evm: "@tetherto/wdk-protocol-bridge-usdt0-evm",
+      bridgeUsdt0Ton: "@tetherto/wdk-protocol-bridge-usdt0-ton",
+      swapVeloraEvm: "@tetherto/wdk-protocol-swap-velora-evm",
+      lendingAaveEvm: "@tetherto/wdk-protocol-lending-aave-evm"
+    };
+    const available = [];
+    const unavailable = [];
+    const wallets = {};
+    const protocols = {};
+    const walletEntries = Object.entries(walletPackages);
+    const walletResults = await Promise.allSettled(
+      walletEntries.map(async ([key, pkg]) => {
+        const mod = await import(
+          /* @vite-ignore */
+          pkg
+        );
+        return { key, pkg, mod: mod.default ?? mod };
+      })
+    );
+    for (let i = 0; i < walletResults.length; i++) {
+      const result = walletResults[i];
+      if (result.status === "fulfilled") {
+        const { key, pkg, mod } = result.value;
+        wallets[key] = mod;
+        available.push(pkg);
+      } else {
+        unavailable.push(walletEntries[i][1]);
+      }
+    }
+    const protocolEntries = Object.entries(protocolPackages);
+    const protocolResults = await Promise.allSettled(
+      protocolEntries.map(async ([key, pkg]) => {
+        const mod = await import(
+          /* @vite-ignore */
+          pkg
+        );
+        return { key, pkg, mod: mod.default ?? mod };
+      })
+    );
+    for (let i = 0; i < protocolResults.length; i++) {
+      const result = protocolResults[i];
+      if (result.status === "fulfilled") {
+        const { key, pkg, mod } = result.value;
+        protocols[key] = mod;
+        available.push(pkg);
+      } else {
+        unavailable.push(protocolEntries[i][1]);
+      }
+    }
+    return {
+      discovered: { wallets, protocols },
+      available,
+      unavailable
+    };
+  }
+  /**
+   * Auto-discover installed WDK modules, then create a fully configured T402WDK.
+   *
+   * Combines `autoDiscover()` + `create()` in one call. Any explicit
+   * modules you pass in `config.modules` take precedence over discovered ones.
+   *
+   * @param config - Same as `T402WDKCreateConfig` but `modules` is optional/partial
+   * @returns A ready-to-use T402WDK instance
+   *
+   * @example
+   * ```typescript
+   * const wdk = await T402WDK.autoCreate({
+   *   seedPhrase: 'your twelve word seed phrase ...',
+   *   chains: { arbitrum: 'https://arb1.arbitrum.io/rpc' },
+   * });
+   * ```
+   */
+  static async autoCreate(config) {
+    const { discovered } = await _T402WDK.autoDiscover();
+    const mergedModules = {
+      wallets: { ...discovered.wallets, ...config.modules?.wallets },
+      protocols: { ...discovered.protocols, ...config.modules?.protocols }
+    };
+    let WDKRef;
+    try {
+      const wdkMod = await import(
+        /* @vite-ignore */
+        "@tetherto/wdk"
+      );
+      WDKRef = wdkMod.default ?? wdkMod;
+    } catch {
+      throw new WDKInitializationError(
+        "@tetherto/wdk package not found. Install it with: npm install @tetherto/wdk"
+      );
+    }
+    return _T402WDK.create(WDKRef, {
+      seedPhrase: config.seedPhrase,
+      chains: config.chains,
+      modules: mergedModules,
+      options: config.options
+    });
+  }
   /**
    * Create a T402WDK from a pre-configured @tetherto/wdk instance.
    *
@@ -1578,6 +2659,31 @@ var T402WDK = class _T402WDK {
     instance._initializationError = null;
     return instance;
   }
+  /**
+   * Create a T402WDK instance from an encrypted seed.
+   *
+   * @example
+   * ```typescript
+   * const encrypted = JSON.parse(fs.readFileSync('seed.enc.json', 'utf8'))
+   * const wdk = await T402WDK.fromEncryptedSeed(encrypted, 'my-password', {
+   *   arbitrum: 'https://arb1.arbitrum.io/rpc',
+   * })
+   * ```
+   */
+  static async fromEncryptedSeed(encrypted, password, config, options) {
+    const seedPhrase = await decryptSeed(encrypted, password);
+    return new _T402WDK(seedPhrase, config, options);
+  }
+  /**
+   * Encrypt the current seed phrase for secure storage.
+   *
+   * @param password - Password to encrypt with
+   * @returns Encrypted seed data suitable for JSON serialization
+   */
+  async encryptSeed(password) {
+    this.assertNotDisposed();
+    return encryptSeed(this._seedPhrase, password);
+  }
   /**
    * Get all signers as an array ready for T402 HTTP clients.
    *
@@ -1591,6 +2697,7 @@ var T402WDK = class _T402WDK {
    * ```
    */
   async getAllSigners(options) {
+    this.assertNotDisposed();
     const accountIndex = options?.accountIndex ?? 0;
     const schemes = options?.schemes ?? ["exact"];
     const includeNonEvm = options?.includeNonEvm ?? true;
@@ -1614,7 +2721,7 @@ var T402WDK = class _T402WDK {
     if (!includeNonEvm) {
       return entries;
     }
-    if (_T402WDK.isTonRegistered()) {
+    if (this._walletModules.ton !== void 0) {
       try {
         const signer = await this.getTonSigner(accountIndex);
         for (const scheme of schemes) {
@@ -1623,7 +2730,7 @@ var T402WDK = class _T402WDK {
       } catch {
       }
     }
-    if (_T402WDK.isSolanaRegistered()) {
+    if (this._walletModules.solana !== void 0) {
       try {
         const signer = await this.getSvmSigner(accountIndex);
         for (const scheme of schemes) {
@@ -1637,7 +2744,7 @@ var T402WDK = class _T402WDK {
       } catch {
       }
     }
-    if (_T402WDK.isTronRegistered()) {
+    if (this._walletModules.tron !== void 0) {
       try {
         const signer = await this.getTronSigner(accountIndex);
         for (const scheme of schemes) {
@@ -1646,6 +2753,29 @@ var T402WDK = class _T402WDK {
       } catch {
       }
     }
+    if (this._walletModules.spark !== void 0) {
+      try {
+        const signer = await this.getSparkSigner(accountIndex);
+        for (const scheme of schemes) {
+          entries.push({ scheme, network: "spark:mainnet", signer, family: "spark" });
+        }
+      } catch {
+      }
+    }
+    if (this._walletModules.btc !== void 0) {
+      try {
+        const signer = await this.getBtcSigner(accountIndex);
+        for (const scheme of schemes) {
+          entries.push({
+            scheme,
+            network: "bip122:000000000019d6689c085ae165831e93",
+            signer,
+            family: "btc"
+          });
+        }
+      } catch {
+      }
+    }
     return entries;
   }
   /**
@@ -1673,10 +2803,45 @@ var T402WDK = class _T402WDK {
     }
     this._seedPhrase = seedPhrase;
     this._balanceCache = new BalanceCache(options.cache);
+    this._wdkConstructor = options.wdk ?? _T402WDK._defaultModules.wdk ?? null;
+    this._walletModules = options.wallets ?? _T402WDK._defaultModules.wallets ?? {};
+    this._protocolModules = options.protocols ?? _T402WDK._defaultModules.protocols ?? {};
+    this._walletManagerEvm = this._walletModules.evm ?? _T402WDK._defaultModules.walletManagerEvm ?? null;
+    this._bridgeUsdt0Evm = this._protocolModules.bridgeUsdt0Evm ?? _T402WDK._defaultModules.bridgeUsdt0Evm ?? null;
+    this._fiatOnRampProvider = options.fiatOnRampProvider ?? _T402WDK._defaultModules.fiatOnRampProvider ?? null;
+    if (options.middlewares) {
+      this._middlewares = new Map(options.middlewares);
+    } else if (_T402WDK._defaultModules.middlewares) {
+      this._middlewares = new Map(_T402WDK._defaultModules.middlewares);
+    }
+    this._retryConfig = options.retry;
     for (const [chain, chainConfig] of Object.entries(config)) {
       if (chainConfig) {
         try {
-          this._normalizedChains.set(chain, normalizeChainConfig(chain, chainConfig));
+          if (typeof chainConfig === "object" && "provider" in chainConfig && Array.isArray(chainConfig.provider)) {
+            const urls = chainConfig.provider;
+            if (urls.length === 0) {
+              throw new Error("Provider array must contain at least one URL");
+            }
+            const failoverConfig = {
+              urls,
+              ...chainConfig.failover ?? {}
+            };
+            const failoverProvider = new FailoverProvider(failoverConfig);
+            this._failoverProviders.set(chain, failoverProvider);
+            const normalized = normalizeChainConfig(chain, failoverProvider.getCurrentUrl());
+            if (chainConfig.chainId !== void 0) normalized.chainId = chainConfig.chainId;
+            if (chainConfig.network !== void 0) normalized.network = chainConfig.network;
+            this._normalizedChains.set(chain, normalized);
+          } else {
+            this._normalizedChains.set(
+              chain,
+              normalizeChainConfig(
+                chain,
+                chainConfig
+              )
+            );
+          }
         } catch (error) {
           throw new ChainError(
             2003 /* INVALID_CHAIN_CONFIG */,
@@ -1687,10 +2852,24 @@ var T402WDK = class _T402WDK {
       }
     }
     this._addDefaultChainsIfNeeded();
-    if (!isFromWDK && _T402WDK._WDK) {
+    if (!isFromWDK && this._wdkConstructor) {
       this._initializeWDK();
     }
   }
+  /**
+   * Guard: throw if this instance has been disposed (#194)
+   */
+  assertNotDisposed() {
+    if (this._disposed) {
+      throw new WDKError(1002 /* WDK_NOT_INITIALIZED */, "T402WDK has been disposed");
+    }
+  }
+  /**
+   * Whether this instance has been disposed
+   */
+  get isDisposed() {
+    return this._disposed;
+  }
   /**
    * Add default chain configurations for common chains
    */
@@ -1706,22 +2885,24 @@ var T402WDK = class _T402WDK {
    * Initialize the underlying WDK instance
    */
   _initializeWDK() {
-    if (!_T402WDK._WDK) {
+    if (!this._wdkConstructor) {
       this._initializationError = new WDKInitializationError("WDK not registered");
       return;
     }
-    if (!_T402WDK._WalletManagerEvm) {
+    if (!this._walletManagerEvm) {
       this._initializationError = new WDKInitializationError(
         "WalletManagerEvm not registered. Call T402WDK.registerWDK(WDK, WalletManagerEvm) to enable wallet functionality."
       );
       return;
     }
     try {
-      let wdk = new _T402WDK._WDK(this._seedPhrase);
+      let wdk = new this._wdkConstructor(this._seedPhrase);
       for (const [chain, config] of this._normalizedChains) {
         try {
-          wdk = wdk.registerWallet(chain, _T402WDK._WalletManagerEvm, {
-            provider: config.provider,
+          const failover = this._failoverProviders.get(chain);
+          const providerUrl = failover ? failover.getCurrentUrl() : config.provider;
+          wdk = wdk.registerWallet(chain, this._walletManagerEvm, {
+            provider: providerUrl,
             chainId: config.chainId
           });
         } catch (error) {
@@ -1732,15 +2913,44 @@ var T402WDK = class _T402WDK {
           );
         }
       }
-      if (_T402WDK._BridgeUsdt0Evm) {
+      if (this._bridgeUsdt0Evm) {
         try {
-          wdk = wdk.registerProtocol("bridge-usdt0", _T402WDK._BridgeUsdt0Evm);
+          wdk = wdk.registerProtocol("bridge-usdt0", this._bridgeUsdt0Evm);
         } catch (error) {
           console.warn(
             `Failed to register USDT0 bridge protocol: ${error instanceof Error ? error.message : String(error)}`
           );
         }
       }
+      if (this._protocolModules.swapVeloraEvm) {
+        try {
+          wdk = wdk.registerProtocol("swap-velora", this._protocolModules.swapVeloraEvm);
+        } catch (error) {
+          console.warn(
+            `Failed to register Velora swap protocol: ${error instanceof Error ? error.message : String(error)}`
+          );
+        }
+      }
+      if (this._protocolModules.lendingAaveEvm) {
+        try {
+          wdk = wdk.registerProtocol("lending-aave", this._protocolModules.lendingAaveEvm);
+        } catch (error) {
+          console.warn(
+            `Failed to register Aave lending protocol: ${error instanceof Error ? error.message : String(error)}`
+          );
+        }
+      }
+      if (typeof wdk.registerMiddleware === "function") {
+        for (const [chain, fns] of this._middlewares) {
+          for (const fn of fns) {
+            try {
+              ;
+              wdk.registerMiddleware(chain, fn);
+            } catch {
+            }
+          }
+        }
+      }
       this._wdk = wdk;
       this._initializationError = null;
     } catch (error) {
@@ -1779,6 +2989,47 @@ var T402WDK = class _T402WDK {
   get initializationError() {
     return this._initializationError;
   }
+  // ========== Event Emitter ==========
+  /**
+   * Subscribe to a T402 event
+   */
+  on(event, handler) {
+    this._events.on(event, handler);
+    return this;
+  }
+  /**
+   * Unsubscribe from a T402 event
+   */
+  off(event, handler) {
+    this._events.off(event, handler);
+    return this;
+  }
+  /**
+   * Subscribe to a T402 event (fires once then auto-unsubscribes)
+   */
+  once(event, handler) {
+    this._events.once(event, handler);
+    return this;
+  }
+  /**
+   * Emit a T402 event
+   */
+  emit(event, data) {
+    return this._events.emit(event, data);
+  }
+  // ========== Receipt Store ==========
+  /**
+   * Get the payment receipt store
+   */
+  getReceiptStore() {
+    return this._receiptStore;
+  }
+  /**
+   * Set a custom payment receipt store backend
+   */
+  setReceiptStore(store) {
+    this._receiptStore = store;
+  }
   /**
    * Get all configured chains
    */
@@ -1807,6 +3058,7 @@ var T402WDK = class _T402WDK {
    * @returns An initialized WDKSigner
    */
   async getSigner(chain, accountIndex = 0) {
+    this.assertNotDisposed();
     if (!chain || typeof chain !== "string") {
       throw new ChainError(
         2001 /* CHAIN_NOT_CONFIGURED */,
@@ -1830,6 +3082,11 @@ var T402WDK = class _T402WDK {
     try {
       const signer = await createWDKSigner(this.wdk, chain, accountIndex);
       this._signerCache.set(cacheKey, signer);
+      this._events.emit("signer:initialized", {
+        chain,
+        address: signer.address,
+        family: "evm"
+      });
       return signer;
     } catch (error) {
       if (isWDKError(error)) {
@@ -1849,9 +3106,69 @@ var T402WDK = class _T402WDK {
    */
   clearSignerCache() {
     this._signerCache.clear();
+    this._pathSignerCache.clear();
     this._tonSignerCache.clear();
     this._svmSignerCache.clear();
     this._tronSignerCache.clear();
+    this._sparkSignerCache.clear();
+    this._btcSignerCache.clear();
+  }
+  // ========== Fee Rates & Cost Estimation ==========
+  /**
+   * Get current fee rates for a chain
+   */
+  async getFeeRates(chain) {
+    if (this._wdk && typeof this._wdk.getFeeRates === "function") {
+      return this._wdk.getFeeRates(chain);
+    }
+    return { low: 1000000000n, medium: 2000000000n, high: 5000000000n };
+  }
+  /**
+   * Estimate total cost of a payment on a chain
+   */
+  async estimatePaymentCost(chain, amount) {
+    const signer = await this.getSigner(chain);
+    const nativeBalance = await signer.getBalance();
+    let estimatedGasCost = 100000n * 2000000000n;
+    try {
+      const feeRates = await this.getFeeRates(chain);
+      const mediumRate = feeRates.medium ?? 2000000000n;
+      estimatedGasCost = 100000n * mediumRate;
+    } catch {
+    }
+    const config = this.getChainConfig(chain);
+    return {
+      paymentAmount: amount,
+      estimatedGasCost,
+      nativeBalance,
+      canAffordGas: nativeBalance >= estimatedGasCost,
+      chain,
+      network: config?.network ?? ""
+    };
+  }
+  // ========== HD Derivation Paths ==========
+  /**
+   * Get a signer using a custom BIP-44 derivation path
+   */
+  async getSignerByPath(chain, path) {
+    const cacheKey = `${chain}:path:${path}`;
+    const cached = this._pathSignerCache.get(cacheKey);
+    if (cached) return cached;
+    if (!this._wdk) {
+      throw new WDKInitializationError("WDK not initialized");
+    }
+    if (typeof this._wdk.getAccountByPath !== "function") {
+      throw new Error(
+        "getAccountByPath not available. Upgrade @tetherto/wdk to support custom derivation paths."
+      );
+    }
+    const account = await this._wdk.getAccountByPath(chain, path);
+    const address = await account.getAddress();
+    const signer = new WDKSigner(this._wdk, chain, 0);
+    signer._account = account;
+    signer._address = address;
+    this._pathSignerCache.set(cacheKey, signer);
+    return signer;
   }
   // ========== Multi-Chain Signers ==========
   /**
@@ -1871,11 +3188,12 @@ var T402WDK = class _T402WDK {
    * ```
    */
   async getTonSigner(accountIndex = 0) {
+    this.assertNotDisposed();
     const cached = this._tonSignerCache.get(accountIndex);
     if (cached) {
       return cached;
     }
-    if (!_T402WDK._WalletModules.ton) {
+    if (!this._walletModules.ton) {
       throw new ChainError(
         2002 /* CHAIN_NOT_SUPPORTED */,
         "TON wallet manager not registered. Call T402WDK.registerWDK(WDK, { wallets: { ton: WalletManagerTon } }).",
@@ -1886,6 +3204,11 @@ var T402WDK = class _T402WDK {
       const account = await this.wdk.getAccount("ton", accountIndex);
       const signer = await createWDKTonSigner(account);
       this._tonSignerCache.set(accountIndex, signer);
+      this._events.emit("signer:initialized", {
+        chain: "ton",
+        address: signer.address.toString(),
+        family: "ton"
+      });
       return signer;
     } catch (error) {
       if (isWDKError(error)) {
@@ -1914,11 +3237,12 @@ var T402WDK = class _T402WDK {
    * ```
    */
   async getSvmSigner(accountIndex = 0) {
+    this.assertNotDisposed();
     const cached = this._svmSignerCache.get(accountIndex);
     if (cached) {
       return cached;
     }
-    if (!_T402WDK._WalletModules.solana) {
+    if (!this._walletModules.solana) {
       throw new ChainError(
         2002 /* CHAIN_NOT_SUPPORTED */,
         "Solana wallet manager not registered. Call T402WDK.registerWDK(WDK, { wallets: { solana: WalletManagerSolana } }).",
@@ -1932,6 +3256,11 @@ var T402WDK = class _T402WDK {
       );
       const signer = await createWDKSvmSigner(account);
       this._svmSignerCache.set(accountIndex, signer);
+      this._events.emit("signer:initialized", {
+        chain: "solana",
+        address: signer.address.toString(),
+        family: "svm"
+      });
       return signer;
     } catch (error) {
       if (isWDKError(error)) {
@@ -1963,13 +3292,14 @@ var T402WDK = class _T402WDK {
    * ```
    */
   async getTronSigner(accountIndex = 0, rpcUrl) {
+    this.assertNotDisposed();
     if (!rpcUrl) {
       const cached = this._tronSignerCache.get(accountIndex);
       if (cached) {
         return cached;
       }
     }
-    if (!_T402WDK._WalletModules.tron) {
+    if (!this._walletModules.tron) {
       throw new ChainError(
         2002 /* CHAIN_NOT_SUPPORTED */,
         "TRON wallet manager not registered. Call T402WDK.registerWDK(WDK, { wallets: { tron: WalletManagerTron } }).",
@@ -1982,6 +3312,11 @@ var T402WDK = class _T402WDK {
       if (!rpcUrl) {
         this._tronSignerCache.set(accountIndex, signer);
       }
+      this._events.emit("signer:initialized", {
+        chain: "tron",
+        address: signer.address,
+        family: "tron"
+      });
       return signer;
     } catch (error) {
       if (isWDKError(error)) {
@@ -1993,6 +3328,109 @@ var T402WDK = class _T402WDK {
       });
     }
   }
+  /**
+   * Get a Spark (Bitcoin L2) signer for T402 payments
+   *
+   * @param accountIndex - HD wallet account index (default: 0)
+   * @throws {ChainError} If Spark wallet manager is not registered
+   * @returns An initialized WDKSparkSignerAdapter
+   *
+   * @example
+   * ```typescript
+   * const sparkSigner = await wallet.getSparkSigner();
+   *
+   * const client = createT402HTTPClient({
+   *   signers: [{ scheme: 'exact', network: 'spark:mainnet', signer: sparkSigner }]
+   * });
+   * ```
+   */
+  async getSparkSigner(accountIndex = 0) {
+    this.assertNotDisposed();
+    const cached = this._sparkSignerCache.get(accountIndex);
+    if (cached) {
+      return cached;
+    }
+    if (!this._walletModules.spark) {
+      throw new ChainError(
+        2002 /* CHAIN_NOT_SUPPORTED */,
+        "Spark wallet manager not registered. Call T402WDK.registerWDK(WDK, { wallets: { spark: SparkWalletManager } }).",
+        { chain: "spark" }
+      );
+    }
+    try {
+      const account = await this.wdk.getAccount(
+        "spark",
+        accountIndex
+      );
+      const signer = await createWDKSparkSigner(account);
+      this._sparkSignerCache.set(accountIndex, signer);
+      this._events.emit("signer:initialized", {
+        chain: "spark",
+        address: signer.address,
+        family: "spark"
+      });
+      return signer;
+    } catch (error) {
+      if (isWDKError(error)) {
+        throw error;
+      }
+      throw wrapError(error, 3001 /* SIGNER_NOT_INITIALIZED */, "Failed to create Spark signer", {
+        chain: "spark",
+        accountIndex
+      });
+    }
+  }
+  /**
+   * Get a Bitcoin (BTC) on-chain signer for T402 payments
+   *
+   * @param accountIndex - HD wallet account index (default: 0)
+   * @throws {ChainError} If Bitcoin wallet manager is not registered
+   * @returns An initialized WDKBtcSignerAdapter
+   *
+   * @example
+   * ```typescript
+   * const btcSigner = await wallet.getBtcSigner();
+   *
+   * const client = createT402HTTPClient({
+   *   signers: [{ scheme: 'exact', network: 'bip122:000000000019d6689c085ae165831e93', signer: btcSigner }]
+   * });
+   * ```
+   */
+  async getBtcSigner(accountIndex = 0) {
+    this.assertNotDisposed();
+    const cached = this._btcSignerCache.get(accountIndex);
+    if (cached) {
+      return cached;
+    }
+    if (!this._walletModules.btc) {
+      throw new ChainError(
+        2002 /* CHAIN_NOT_SUPPORTED */,
+        "Bitcoin wallet manager not registered. Call T402WDK.registerWDK(WDK, { wallets: { btc: WalletManagerBtc } }).",
+        { chain: "btc" }
+      );
+    }
+    try {
+      const account = await this.wdk.getAccount("btc", accountIndex);
+      const signer = await createWDKBtcSigner(account);
+      this._btcSignerCache.set(accountIndex, signer);
+      this._events.emit("signer:initialized", {
+        chain: "btc",
+        address: signer.address,
+        family: "btc"
+      });
+      return signer;
+    } catch (error) {
+      if (isWDKError(error)) {
+        throw error;
+      }
+      throw wrapError(
+        error,
+        3001 /* SIGNER_NOT_INITIALIZED */,
+        "Failed to create Bitcoin signer",
+        { chain: "btc", accountIndex }
+      );
+    }
+  }
   /**
    * Get a signer for a specific chain family
    *
@@ -2031,10 +3469,14 @@ var T402WDK = class _T402WDK {
         return this.getSvmSigner(typeof chainOrIndex === "number" ? chainOrIndex : accountIndex);
       case "tron":
         return this.getTronSigner(typeof chainOrIndex === "number" ? chainOrIndex : accountIndex);
+      case "spark":
+        return this.getSparkSigner(typeof chainOrIndex === "number" ? chainOrIndex : accountIndex);
+      case "btc":
+        return this.getBtcSigner(typeof chainOrIndex === "number" ? chainOrIndex : accountIndex);
       default:
         throw new ChainError(
           2002 /* CHAIN_NOT_SUPPORTED */,
-          `Chain family "${family}" is not supported. Available: evm, ton, svm, tron`,
+          `Chain family "${family}" is not supported. Available: evm, ton, svm, tron, spark, btc`,
           { chain: family }
         );
     }
@@ -2048,6 +3490,7 @@ var T402WDK = class _T402WDK {
    * @throws {SignerError} If address fetch fails
    */
   async getAddress(chain, accountIndex = 0) {
+    this.assertNotDisposed();
     const signer = await this.getSigner(chain, accountIndex);
     return signer.address;
   }
@@ -2059,6 +3502,7 @@ var T402WDK = class _T402WDK {
    * @throws {BalanceError} If balance fetch fails
    */
   async getUsdt0Balance(chain, accountIndex = 0) {
+    this.assertNotDisposed();
     const usdt0Address = USDT0_ADDRESSES[chain];
     if (!usdt0Address) {
       return 0n;
@@ -2070,7 +3514,7 @@ var T402WDK = class _T402WDK {
         chain,
         usdt0Address,
         address,
-        async () => signer.getTokenBalance(usdt0Address)
+        () => this._withRetry(() => signer.getTokenBalance(usdt0Address))
       );
     } catch (error) {
       if (isWDKError(error) && error.code === 5002 /* TOKEN_BALANCE_FETCH_FAILED */) {
@@ -2087,6 +3531,7 @@ var T402WDK = class _T402WDK {
    * @throws {BalanceError} If balance fetch fails
    */
   async getUsdcBalance(chain, accountIndex = 0) {
+    this.assertNotDisposed();
     const usdcAddress = USDC_ADDRESSES[chain];
     if (!usdcAddress) {
       return 0n;
@@ -2098,7 +3543,7 @@ var T402WDK = class _T402WDK {
         chain,
         usdcAddress,
         address,
-        async () => signer.getTokenBalance(usdcAddress)
+        () => this._withRetry(() => signer.getTokenBalance(usdcAddress))
       );
     } catch (error) {
       if (isWDKError(error) && error.code === 5002 /* TOKEN_BALANCE_FETCH_FAILED */) {
@@ -2116,6 +3561,7 @@ var T402WDK = class _T402WDK {
    * @throws {BalanceError} If balance fetch fails
    */
   async getChainBalances(chain, accountIndex = 0) {
+    this.assertNotDisposed();
     const config = this._normalizedChains.get(chain);
     if (!config) {
       throw new ChainError(2001 /* CHAIN_NOT_CONFIGURED */, `Chain "${chain}" not configured`, {
@@ -2132,7 +3578,7 @@ var T402WDK = class _T402WDK {
             chain,
             token.address,
             address,
-            async () => signer.getTokenBalance(token.address)
+            () => this._withRetry(() => signer.getTokenBalance(token.address))
           );
           return {
             token: token.address,
@@ -2161,7 +3607,7 @@ var T402WDK = class _T402WDK {
         nativeBalance = await this._balanceCache.getOrFetchNativeBalance(
           chain,
           address,
-          async () => signer.getBalance()
+          () => this._withRetry(() => signer.getBalance())
         );
       } catch {
         nativeBalance = 0n;
@@ -2254,6 +3700,16 @@ var T402WDK = class _T402WDK {
         for (const chainBalance of balances.chains) {
           const tokenBalance = chainBalance.tokens.find((t) => t.symbol === tokenSymbol);
           if (tokenBalance && tokenBalance.balance >= amount) {
+            try {
+              const costEstimate = await this.estimatePaymentCost(
+                chainBalance.chain,
+                amount.toString()
+              );
+              if (!costEstimate.canAffordGas) {
+                continue;
+              }
+            } catch {
+            }
             return {
               chain: chainBalance.chain,
               token: tokenSymbol,
@@ -2287,7 +3743,8 @@ var T402WDK = class _T402WDK {
    * @returns Bridge result with transaction hash
    */
   async bridgeUsdt0(params) {
-    if (!_T402WDK._BridgeUsdt0Evm) {
+    this.assertNotDisposed();
+    if (!this._bridgeUsdt0Evm) {
       throw new BridgeError(
         7001 /* BRIDGE_NOT_AVAILABLE */,
         "USDT0 bridge not available. Register BridgeUsdt0Evm with T402WDK.registerWDK().",
@@ -2322,6 +3779,11 @@ var T402WDK = class _T402WDK {
     }
     try {
       const recipient = params.recipient ?? await this.getAddress(params.toChain);
+      this._events.emit("bridge:start", {
+        fromChain: params.fromChain,
+        toChain: params.toChain,
+        amount: params.amount
+      });
       const result = await this.wdk.executeProtocol("bridge-usdt0", {
         fromChain: params.fromChain,
         toChain: params.toChain,
@@ -2335,6 +3797,11 @@ var T402WDK = class _T402WDK {
           { fromChain: params.fromChain, toChain: params.toChain }
         );
       }
+      this._events.emit("bridge:confirmed", {
+        txHash: result.txHash,
+        fromChain: params.fromChain,
+        toChain: params.toChain
+      });
       return {
         txHash: result.txHash,
         estimatedTime: 300
@@ -2390,7 +3857,7 @@ var T402WDK = class _T402WDK {
    * Check if the Velora swap protocol is registered and available
    */
   canSwap() {
-    return _T402WDK._ProtocolModules.swapVeloraEvm !== void 0;
+    return this._protocolModules.swapVeloraEvm !== void 0;
   }
   /**
    * Get a swap quote for converting a token to USDT0
@@ -2497,18 +3964,143 @@ var T402WDK = class _T402WDK {
       );
     }
   }
-  // ========== Cache Management ==========
+  // ========== Lending Protocol ==========
   /**
-   * Check if balance caching is enabled
+   * Check if the Aave lending protocol is registered and available
    */
-  get isCacheEnabled() {
-    return this._balanceCache.enabled;
+  canBorrow() {
+    return this._protocolModules.lendingAaveEvm !== void 0;
   }
   /**
-   * Get cache configuration
+   * Borrow USDT0 against collateral and pay
+   *
+   * Uses the Aave protocol to deposit collateral, borrow USDT0, then the
+   * borrowed USDT0 is available for T402 payments.
+   *
+   * @param params - Borrow parameters
+   * @throws {WDKError} If lending protocol is not registered or borrow fails
+   *
+   * @example
+   * ```typescript
+   * // Borrow 100 USDT0 against 0.05 WETH on Arbitrum
+   * const result = await wallet.borrowAndPay({
+   *   chain: 'arbitrum',
+   *   collateralToken: '0x82aF49447D8a07e3bd95BD0d56f35241523fBab1', // WETH
+   *   collateralAmount: 50000000000000000n, // 0.05 WETH
+   *   borrowAmount: 100000000n, // 100 USDT0
+   * });
+   * ```
    */
-  getCacheConfig() {
-    return this._balanceCache.config;
+  async borrowAndPay(params) {
+    if (!this.canBorrow()) {
+      throw new WDKError(
+        8101 /* PROTOCOL_NOT_REGISTERED */,
+        "Aave lending protocol not registered. Call T402WDK.registerWDK(WDK, { protocols: { lendingAaveEvm: LendingAaveEvm } })."
+      );
+    }
+    const usdt0Address = USDT0_ADDRESSES[params.chain];
+    if (!usdt0Address) {
+      throw new ChainError(
+        2002 /* CHAIN_NOT_SUPPORTED */,
+        `Chain "${params.chain}" does not have a known USDT0 address`,
+        { chain: params.chain }
+      );
+    }
+    if (params.collateralAmount <= 0n) {
+      throw new WDKError(8103 /* INVALID_PARAMETER */, "collateralAmount must be greater than 0");
+    }
+    if (params.borrowAmount <= 0n) {
+      throw new WDKError(8103 /* INVALID_PARAMETER */, "borrowAmount must be greater than 0");
+    }
+    try {
+      const result = await this.wdk.executeProtocol("lending-aave", {
+        action: "borrow",
+        chain: params.chain,
+        collateralToken: params.collateralToken,
+        collateralAmount: params.collateralAmount.toString(),
+        borrowToken: usdt0Address,
+        borrowAmount: params.borrowAmount.toString(),
+        interestRateMode: params.interestRateMode ?? 2
+      });
+      this._balanceCache.invalidateChain(params.chain);
+      const r = result;
+      return {
+        supplyTxHash: r.supplyTxHash,
+        borrowTxHash: r.borrowTxHash,
+        borrowedAmount: BigInt(r.borrowedAmount)
+      };
+    } catch (error) {
+      throw wrapError(
+        error,
+        8102 /* PROTOCOL_EXECUTION_FAILED */,
+        `Failed to execute borrow on ${params.chain}`,
+        {
+          chain: params.chain,
+          collateralToken: params.collateralToken,
+          borrowAmount: params.borrowAmount.toString()
+        }
+      );
+    }
+  }
+  // ========== Fiat On-Ramp ==========
+  /**
+   * Get a fiat on-ramp quote
+   *
+   * @param params - Quote parameters (fiatAmount, fiatCurrency, network)
+   * @throws {WDKError} If no fiat on-ramp provider is registered
+   */
+  async getFiatOnRampQuote(params) {
+    this.assertNotDisposed();
+    if (!this._fiatOnRampProvider) {
+      throw new WDKError(
+        8101 /* PROTOCOL_NOT_REGISTERED */,
+        "No fiat on-ramp provider registered. Call T402WDK.registerFiatOnRamp() first."
+      );
+    }
+    return this._fiatOnRampProvider.getQuote(params);
+  }
+  /**
+   * Generate a fiat on-ramp widget URL for the user
+   *
+   * Returns a widget URL that the application should open in a browser
+   * or webview so the user can complete the fiat purchase.
+   *
+   * @param params - On-ramp parameters
+   * @throws {WDKError} If no fiat on-ramp provider is registered
+   *
+   * @example
+   * ```typescript
+   * const result = await wallet.onRampAndPay({
+   *   fiatAmount: 100,
+   *   fiatCurrency: 'USD',
+   *   walletAddress: '0x...',
+   *   network: 'eip155:42161',
+   * });
+   * // Open result.widgetUrl in browser/webview
+   * ```
+   */
+  onRampAndPay(params) {
+    this.assertNotDisposed();
+    if (!this._fiatOnRampProvider) {
+      throw new WDKError(
+        8101 /* PROTOCOL_NOT_REGISTERED */,
+        "No fiat on-ramp provider registered. Call T402WDK.registerFiatOnRamp() first."
+      );
+    }
+    return this._fiatOnRampProvider.createWidget(params);
+  }
+  // ========== Cache Management ==========
+  /**
+   * Check if balance caching is enabled
+   */
+  get isCacheEnabled() {
+    return this._balanceCache.enabled;
+  }
+  /**
+   * Get cache configuration
+   */
+  getCacheConfig() {
+    return this._balanceCache.config;
   }
   /**
    * Get cache statistics
@@ -2523,6 +4115,14 @@ var T402WDK = class _T402WDK {
    */
   invalidateBalanceCache() {
     this._balanceCache.clear();
+    for (const chain of this.getConfiguredChains()) {
+      this._events.emit("balance:changed", {
+        chain,
+        token: "*",
+        previousBalance: 0n,
+        newBalance: 0n
+      });
+    }
   }
   /**
    * Invalidate cached balances for a specific chain
@@ -2531,7 +4131,16 @@ var T402WDK = class _T402WDK {
    * @returns Number of cache entries invalidated
    */
   invalidateChainCache(chain) {
-    return this._balanceCache.invalidateChain(chain);
+    const count = this._balanceCache.invalidateChain(chain);
+    if (count > 0) {
+      this._events.emit("balance:changed", {
+        chain,
+        token: "*",
+        previousBalance: 0n,
+        newBalance: 0n
+      });
+    }
+    return count;
   }
   /**
    * Invalidate cached balances for a specific address
@@ -2543,16 +4152,92 @@ var T402WDK = class _T402WDK {
     return this._balanceCache.invalidateAddress(address);
   }
   /**
-   * Dispose of cache resources
+   * Dispose of all resources held by this instance (#194).
    *
-   * Call this when the T402WDK instance is no longer needed.
+   * After disposal, any public method call will throw.
+   * Safe to call multiple times.
    */
   dispose() {
-    this._balanceCache.dispose();
+    if (this._disposed) return;
+    this._disposed = true;
+    if (this._wdk && typeof this._wdk.dispose === "function") {
+      try {
+        ;
+        this._wdk.dispose();
+      } catch {
+      }
+    }
+    this._wdk = null;
     this._signerCache.clear();
+    this._pathSignerCache.clear();
     this._tonSignerCache.clear();
     this._svmSignerCache.clear();
     this._tronSignerCache.clear();
+    this._sparkSignerCache.clear();
+    this._btcSignerCache.clear();
+    this._seedPhrase = "";
+    this._balanceCache.dispose();
+    for (const provider of this._failoverProviders.values()) {
+      provider.dispose();
+    }
+    this._failoverProviders.clear();
+  }
+  /**
+   * Symbol.dispose support for `using` declarations (TC39 Explicit Resource Management)
+   */
+  [Symbol.dispose]() {
+    this.dispose();
+  }
+  // ========== Failover Provider Status (#195) ==========
+  /**
+   * Get the FailoverProvider status for a chain, if one exists.
+   *
+   * @param chain - Chain name
+   * @returns Array of provider statuses, or null if no failover is configured for the chain
+   */
+  getProviderStatus(chain) {
+    const provider = this._failoverProviders.get(chain);
+    if (!provider) return null;
+    return provider.getStatus();
+  }
+  // ========== Network Resilience (#202) ==========
+  /**
+   * Simple online connectivity check.
+   * Returns true if at least one configured chain's RPC responds.
+   */
+  get isOnline() {
+    return this._checkOnline();
+  }
+  async _checkOnline() {
+    const chains = this.getConfiguredChains();
+    if (chains.length === 0) return false;
+    for (const chain of chains) {
+      const config = this._normalizedChains.get(chain);
+      if (!config) continue;
+      try {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), 3e3);
+        const response = await fetch(config.provider, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ jsonrpc: "2.0", method: "eth_chainId", params: [], id: 1 }),
+          signal: controller.signal
+        });
+        clearTimeout(timeout);
+        if (response.ok) return true;
+      } catch {
+      }
+    }
+    return false;
+  }
+  /**
+   * Wrap an async operation with the instance retry config (#202)
+   */
+  async _withRetry(fn) {
+    if (this._retryConfig) {
+      return withRetry(fn, this._retryConfig);
+    }
+    return fn();
   }
 };
 function formatTokenAmount(amount, decimals) {
@@ -2570,42 +4255,402 @@ function formatTokenAmount(amount, decimals) {
   return `${whole}.${trimmed}`;
 }
 
+// src/validation.ts
+var EVM_ADDRESS_RE = /^0x[0-9a-fA-F]{40}$/;
+var TON_RAW_RE = /^0:[0-9a-fA-F]{64}$/;
+var TRON_ADDRESS_RE = /^T[1-9A-HJ-NP-Za-km-z]{33}$/;
+var BASE58_CHARS = /^[1-9A-HJ-NP-Za-km-z]+$/;
+var BECH32_BTC_RE = /^bc1[a-zA-HJ-NP-Z0-9]{25,90}$/;
+var COSMOS_BECH32_RE = /^[a-z]+1[a-z0-9]{38,58}$/;
+function isBase58(s) {
+  return BASE58_CHARS.test(s);
+}
+function validateEvm(address) {
+  if (!EVM_ADDRESS_RE.test(address)) {
+    const detected = detectFamily(address, "evm");
+    if (detected) {
+      return {
+        valid: false,
+        error: `Address appears to be a ${detected} address, not an EVM address`,
+        detectedFamily: detected
+      };
+    }
+    return {
+      valid: false,
+      error: "Invalid EVM address: must be 0x-prefixed, 40 hex characters"
+    };
+  }
+  return {
+    valid: true,
+    normalized: address.toLowerCase()
+  };
+}
+function validateTon(address) {
+  if (TON_RAW_RE.test(address)) {
+    return { valid: true, normalized: address.toLowerCase() };
+  }
+  const base64UrlRe = /^[A-Za-z0-9_\-+/=]{44,48}$/;
+  if (base64UrlRe.test(address)) {
+    return { valid: true, normalized: address };
+  }
+  const detected = detectFamily(address, "ton");
+  if (detected) {
+    return {
+      valid: false,
+      error: `Address appears to be a ${detected} address, not a TON address`,
+      detectedFamily: detected
+    };
+  }
+  return {
+    valid: false,
+    error: "Invalid TON address: must be raw format (0:<64 hex>) or user-friendly (48 chars base64)"
+  };
+}
+function validateTron(address) {
+  if (!TRON_ADDRESS_RE.test(address)) {
+    const detected = detectFamily(address, "tron");
+    if (detected) {
+      return {
+        valid: false,
+        error: `Address appears to be a ${detected} address, not a TRON address`,
+        detectedFamily: detected
+      };
+    }
+    return {
+      valid: false,
+      error: "Invalid TRON address: must be T-prefixed base58check, 34 characters"
+    };
+  }
+  return { valid: true, normalized: address };
+}
+function validateSvm(address) {
+  if (TRON_ADDRESS_RE.test(address)) {
+    return {
+      valid: false,
+      error: "Address appears to be a tron address, not a Solana address",
+      detectedFamily: "tron"
+    };
+  }
+  if (!isBase58(address) || address.length < 32 || address.length > 44) {
+    const detected = detectFamily(address, "svm");
+    if (detected) {
+      return {
+        valid: false,
+        error: `Address appears to be a ${detected} address, not a Solana address`,
+        detectedFamily: detected
+      };
+    }
+    return {
+      valid: false,
+      error: "Invalid Solana address: must be base58, 32-44 characters"
+    };
+  }
+  return { valid: true, normalized: address };
+}
+function validateBtc(address) {
+  if (BECH32_BTC_RE.test(address)) {
+    return { valid: true, normalized: address.toLowerCase() };
+  }
+  if ((address.startsWith("1") || address.startsWith("3")) && isBase58(address)) {
+    if (address.length >= 25 && address.length <= 34) {
+      return { valid: true, normalized: address };
+    }
+  }
+  const detected = detectFamily(address, "btc");
+  if (detected) {
+    return {
+      valid: false,
+      error: `Address appears to be a ${detected} address, not a Bitcoin address`,
+      detectedFamily: detected
+    };
+  }
+  return {
+    valid: false,
+    error: "Invalid Bitcoin address: must be bech32 (bc1...) or base58 (1... or 3...), 25-90 characters"
+  };
+}
+function validateCosmos(address) {
+  if (!COSMOS_BECH32_RE.test(address)) {
+    const detected = detectFamily(address, "cosmos");
+    if (detected) {
+      return {
+        valid: false,
+        error: `Address appears to be a ${detected} address, not a Cosmos address`,
+        detectedFamily: detected
+      };
+    }
+    return {
+      valid: false,
+      error: "Invalid Cosmos address: must be bech32 with lowercase prefix"
+    };
+  }
+  return { valid: true, normalized: address };
+}
+function detectFamily(address, exclude) {
+  if (exclude !== "evm" && EVM_ADDRESS_RE.test(address)) return "evm";
+  if (exclude !== "tron" && TRON_ADDRESS_RE.test(address)) return "tron";
+  if (exclude !== "ton" && (TON_RAW_RE.test(address) || /^[A-Za-z0-9_\-+/=]{44,48}$/.test(address)))
+    return "ton";
+  if (exclude !== "btc" && (BECH32_BTC_RE.test(address) || address.startsWith("1") && isBase58(address) && address.length >= 25 && address.length <= 34))
+    return "btc";
+  if (exclude !== "svm" && exclude !== "tron" && isBase58(address) && address.length >= 32 && address.length <= 44 && !address.startsWith("T"))
+    return "svm";
+  return void 0;
+}
+var VALIDATORS = {
+  evm: validateEvm,
+  ton: validateTon,
+  tron: validateTron,
+  svm: validateSvm,
+  btc: validateBtc,
+  spark: validateBtc,
+  // Spark uses Bitcoin addresses
+  cosmos: validateCosmos
+};
+function validatePaymentAddress(address, family) {
+  if (!address || typeof address !== "string") {
+    return { valid: false, error: "Address is required" };
+  }
+  const trimmed = address.trim();
+  if (trimmed.length === 0) {
+    return { valid: false, error: "Address is required" };
+  }
+  const validator = VALIDATORS[family];
+  if (!validator) {
+    return { valid: false, error: `Unsupported chain family: ${family}` };
+  }
+  return validator(trimmed);
+}
+
+// src/bridge.ts
+import {
+  Usdt0Bridge,
+  supportsBridging as supportsBridging2,
+  getBridgeableChains as getBridgeableChains2
+} from "@t402/evm";
+
+// src/bridge-tracker.ts
+var LAYERZERO_SCAN_API = "https://scan.layerzero-api.com/v1";
+var BridgeTracker = class {
+  apiBaseUrl;
+  constructor(config) {
+    this.apiBaseUrl = config?.apiBaseUrl ?? LAYERZERO_SCAN_API;
+  }
+  /** Get current status of a bridge message */
+  async getStatus(txHash) {
+    const response = await fetch(`${this.apiBaseUrl}/messages/tx/${txHash}`);
+    if (!response.ok) {
+      if (response.status === 404) return { status: "INFLIGHT" };
+      throw new Error(`LayerZero API error: ${response.status}`);
+    }
+    const data = await response.json();
+    return mapLayerZeroStatus(data);
+  }
+  /** Wait for delivery with polling */
+  async waitForDelivery(txHash, options) {
+    const timeout = options?.timeout ?? 6e5;
+    const pollInterval = options?.pollInterval ?? 1e4;
+    const startTime = Date.now();
+    while (Date.now() - startTime < timeout) {
+      const { status, dstTxHash } = await this.getStatus(txHash);
+      options?.onStatusChange?.(status);
+      if (status === "DELIVERED") {
+        return {
+          success: true,
+          status,
+          dstTxHash,
+          srcTxHash: txHash,
+          messageGuid: txHash
+        };
+      }
+      if (status === "FAILED" || status === "BLOCKED") {
+        return {
+          success: false,
+          status,
+          srcTxHash: txHash,
+          messageGuid: txHash,
+          error: `Bridge ${status.toLowerCase()}`
+        };
+      }
+      await new Promise((r) => setTimeout(r, pollInterval));
+    }
+    return {
+      success: false,
+      status: "INFLIGHT",
+      srcTxHash: txHash,
+      messageGuid: txHash,
+      error: "Timeout waiting for delivery"
+    };
+  }
+};
+function mapLayerZeroStatus(data) {
+  const obj = data;
+  if (!obj) return { status: "INFLIGHT" };
+  const messages = obj.messages ?? obj.data ?? [];
+  const msg = Array.isArray(messages) ? messages[0] : messages;
+  if (!msg) return { status: "INFLIGHT" };
+  const lzStatus = (msg.status ?? msg.msgStatus ?? "").toUpperCase();
+  if (lzStatus === "DELIVERED" || lzStatus === "DESTINATION_FINALIZED") {
+    return { status: "DELIVERED", dstTxHash: msg.dstTxHash };
+  }
+  if (lzStatus === "FAILED") return { status: "FAILED" };
+  if (lzStatus === "BLOCKED") return { status: "BLOCKED" };
+  if (lzStatus.includes("CONFIRM")) return { status: "CONFIRMING" };
+  return { status: "INFLIGHT" };
+}
+
 // src/bridge.ts
-import { Usdt0Bridge, supportsBridging as supportsBridging2, getBridgeableChains as getBridgeableChains2 } from "@t402/evm";
+var jsonRpcId = 1;
+async function jsonRpcCall(rpcUrl, method, params) {
+  const id = jsonRpcId++;
+  const body = JSON.stringify({ jsonrpc: "2.0", id, method, params });
+  const res = await fetch(rpcUrl, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body
+  });
+  if (!res.ok) {
+    throw new Error(`JSON-RPC request failed: ${res.status} ${res.statusText}`);
+  }
+  const json = await res.json();
+  if (json.error) {
+    throw new Error(`JSON-RPC error ${json.error.code}: ${json.error.message}`);
+  }
+  return json.result;
+}
+var KNOWN_SELECTORS = {
+  // ERC-20
+  balanceOf: "0x70a08231",
+  allowance: "0xdd62ed3e",
+  approve: "0x095ea7b3",
+  transfer: "0xa9059cbb",
+  // OFT / LayerZero
+  quoteSend: "0x0d35b415",
+  send: "0xc7c7f5b3"
+};
+function encodeUint256(value) {
+  return value.toString(16).padStart(64, "0");
+}
+function encodeAddress(addr) {
+  const clean = addr.startsWith("0x") ? addr.slice(2) : addr;
+  return clean.toLowerCase().padStart(64, "0");
+}
+function encodeFunctionCall(args) {
+  const selector = KNOWN_SELECTORS[args.functionName];
+  if (!selector) {
+    throw new Error(`Unknown function: ${args.functionName}. Cannot encode without full ABI codec.`);
+  }
+  const fnArgs = args.args ?? [];
+  let encoded = selector;
+  for (const arg of fnArgs) {
+    if (typeof arg === "bigint") {
+      encoded += encodeUint256(arg);
+    } else if (typeof arg === "string" && arg.startsWith("0x") && arg.length === 42) {
+      encoded += encodeAddress(arg);
+    } else if (typeof arg === "string" && arg.startsWith("0x")) {
+      const clean = arg.slice(2);
+      encoded += clean.padStart(64, "0");
+    } else if (typeof arg === "number") {
+      encoded += BigInt(arg).toString(16).padStart(64, "0");
+    } else if (typeof arg === "object" && arg !== null) {
+      const obj = arg;
+      for (const val of Object.values(obj)) {
+        if (typeof val === "bigint") {
+          encoded += encodeUint256(val);
+        } else if (typeof val === "string" && val.startsWith("0x")) {
+          const clean = val.slice(2);
+          encoded += clean.padStart(64, "0");
+        } else if (typeof val === "number") {
+          encoded += BigInt(val).toString(16).padStart(64, "0");
+        }
+      }
+    } else {
+      throw new Error(`Cannot encode argument of type ${typeof arg}`);
+    }
+  }
+  return encoded;
+}
+function decodeFunctionResult(args, hex) {
+  if (typeof hex !== "string") return hex;
+  const data = hex.startsWith("0x") ? hex.slice(2) : hex;
+  if (data.length === 0) return void 0;
+  const word = data.slice(0, 64);
+  const fnName = args.functionName;
+  if (["balanceOf", "allowance", "totalSupply", "decimals", "nonces"].includes(fnName)) {
+    return BigInt("0x" + word);
+  }
+  if (["approve", "transfer", "transferFrom"].includes(fnName)) {
+    return BigInt("0x" + word) !== 0n;
+  }
+  return hex;
+}
+async function pollForReceipt(rpcUrl, hash, timeout) {
+  const pollInterval = 2e3;
+  const deadline = Date.now() + timeout;
+  while (Date.now() < deadline) {
+    const result = await jsonRpcCall(rpcUrl, "eth_getTransactionReceipt", [hash]);
+    if (result) {
+      return {
+        status: result.status === "0x1" ? "success" : "reverted",
+        transactionHash: result.transactionHash,
+        logs: (result.logs ?? []).map((log) => ({
+          address: log.address,
+          topics: log.topics,
+          data: log.data
+        }))
+      };
+    }
+    await new Promise((resolve) => setTimeout(resolve, pollInterval));
+  }
+  throw new Error(`Transaction receipt not found after ${timeout}ms: ${hash}`);
+}
 var WdkBridge = class {
   bridges = /* @__PURE__ */ new Map();
+  tracker;
+  constructor(trackerConfig) {
+    this.tracker = new BridgeTracker(trackerConfig);
+  }
   /**
-   * Create bridge signer adapter from WDK signer
+   * Create bridge signer adapter from WDK signer.
+   *
+   * Uses JSON-RPC calls for readContract / waitForTransactionReceipt,
+   * and delegates writeContract to the WDK signer's sendTransaction.
    */
-  createBridgeSigner(signer) {
+  createBridgeSigner(signer, rpcUrl) {
     return {
       address: signer.address,
-      readContract: async (_args) => {
-        throw new Error(
-          "readContract not available on WDKSigner. Use T402WDK.bridgeUsdt0() instead."
-        );
+      readContract: async (args) => {
+        const data = encodeFunctionCall(args);
+        const result = await jsonRpcCall(rpcUrl, "eth_call", [{ to: args.address, data }, "latest"]);
+        return decodeFunctionResult(args, result);
       },
-      writeContract: async (_args) => {
-        throw new Error(
-          "writeContract not available on WDKSigner. Use T402WDK.bridgeUsdt0() instead."
-        );
+      writeContract: async (args) => {
+        const data = encodeFunctionCall(args);
+        const { hash } = await signer.sendTransaction({
+          to: args.address,
+          data,
+          value: args.value
+        });
+        return hash;
       },
-      waitForTransactionReceipt: async (_args) => {
-        throw new Error(
-          "waitForTransactionReceipt not available on WDKSigner. Use T402WDK.bridgeUsdt0() instead."
-        );
+      waitForTransactionReceipt: async (args) => {
+        return pollForReceipt(rpcUrl, args.hash, 6e4);
       }
     };
   }
   /**
    * Get or create a bridge instance for a chain
+   *
+   * @param chain - Chain name (e.g., "arbitrum", "ethereum")
+   * @param signer - WDK signer for the chain
+   * @param rpcUrl - JSON-RPC endpoint URL for the chain
    */
-  getBridge(chain, signer) {
+  getBridge(chain, signer, rpcUrl) {
     const cached = this.bridges.get(chain);
     if (cached) {
       return cached;
     }
-    const bridgeSigner = this.createBridgeSigner(signer);
+    const bridgeSigner = this.createBridgeSigner(signer, rpcUrl);
     const bridge = new Usdt0Bridge(bridgeSigner, chain);
     this.bridges.set(chain, bridge);
     return bridge;
@@ -2633,6 +4678,59 @@ function createDirectBridge(signer, chain) {
   return new Usdt0Bridge(signer, chain);
 }
 
+// src/logger.ts
+var defaultLogger = {
+  debug(msg, ctx) {
+    if (ctx && Object.keys(ctx).length > 0) {
+      console.debug(`[t402] ${msg}`, ctx);
+    } else {
+      console.debug(`[t402] ${msg}`);
+    }
+  },
+  info(msg, ctx) {
+    if (ctx && Object.keys(ctx).length > 0) {
+      console.info(`[t402] ${msg}`, ctx);
+    } else {
+      console.info(`[t402] ${msg}`);
+    }
+  },
+  warn(msg, ctx) {
+    if (ctx && Object.keys(ctx).length > 0) {
+      console.warn(`[t402] ${msg}`, ctx);
+    } else {
+      console.warn(`[t402] ${msg}`);
+    }
+  },
+  error(msg, ctx) {
+    if (ctx && Object.keys(ctx).length > 0) {
+      console.error(`[t402] ${msg}`, ctx);
+    } else {
+      console.error(`[t402] ${msg}`);
+    }
+  }
+};
+var noopLogger = {
+  debug() {
+  },
+  info() {
+  },
+  warn() {
+  },
+  error() {
+  }
+};
+function createCorrelationId() {
+  const bytes = new Uint8Array(8);
+  if (typeof globalThis.crypto?.getRandomValues === "function") {
+    globalThis.crypto.getRandomValues(bytes);
+  } else {
+    for (let i = 0; i < bytes.length; i++) {
+      bytes[i] = Math.floor(Math.random() * 256);
+    }
+  }
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+
 // src/index.ts
 import {
   supportsBridging as supportsBridging3,
@@ -2730,6 +4828,575 @@ function getWalletModuleMinVersion(module) {
   return WDK_COMPATIBILITY.walletModuleVersions[module];
 }
 
+// src/idempotency.ts
+var InMemoryIdempotencyManager = class {
+  _payments = /* @__PURE__ */ new Map();
+  _nonces = /* @__PURE__ */ new Map();
+  _recentTxHashes;
+  _maxRecentTxHashes;
+  /**
+   * @param maxRecentTxHashes - Maximum number of recent tx hashes to track for dedup (default: 1000)
+   */
+  constructor(maxRecentTxHashes = 1e3) {
+    this._recentTxHashes = /* @__PURE__ */ new Set();
+    this._maxRecentTxHashes = maxRecentTxHashes;
+  }
+  async checkDuplicate(key) {
+    return this._payments.has(key);
+  }
+  async recordPayment(key, receipt) {
+    this._payments.set(key, receipt);
+    if (receipt.txHash) {
+      this._addTxHash(receipt.txHash);
+    }
+  }
+  async getNonce(address, chain) {
+    const key = this._nonceKey(address, chain);
+    return this._nonces.get(key) ?? 0n;
+  }
+  async incrementNonce(address, chain) {
+    const key = this._nonceKey(address, chain);
+    const current = this._nonces.get(key) ?? 0n;
+    const next = current + 1n;
+    this._nonces.set(key, next);
+    return next;
+  }
+  /**
+   * Check if a transaction hash has been seen recently
+   */
+  hasTxHash(txHash) {
+    return this._recentTxHashes.has(txHash.toLowerCase());
+  }
+  /**
+   * Get a recorded payment by its idempotency key
+   */
+  getPayment(key) {
+    return this._payments.get(key);
+  }
+  /**
+   * Get the number of recorded payments
+   */
+  get size() {
+    return this._payments.size;
+  }
+  /**
+   * Clear all recorded payments and nonces
+   */
+  clear() {
+    this._payments.clear();
+    this._nonces.clear();
+    this._recentTxHashes.clear();
+  }
+  _nonceKey(address, chain) {
+    return `${chain}:${address.toLowerCase()}`;
+  }
+  _addTxHash(txHash) {
+    const normalized = txHash.toLowerCase();
+    if (this._recentTxHashes.size >= this._maxRecentTxHashes) {
+      const first = this._recentTxHashes.values().next().value;
+      if (first !== void 0) {
+        this._recentTxHashes.delete(first);
+      }
+    }
+    this._recentTxHashes.add(normalized);
+  }
+};
+var NonceManager = class {
+  _nonces = /* @__PURE__ */ new Map();
+  /**
+   * Get the current nonce for an address on a chain.
+   * If no cached value exists, uses the provided fetcher to query on-chain.
+   *
+   * @param address - Wallet address
+   * @param chain - Chain identifier
+   * @param fetchOnChainNonce - Optional function to query the on-chain nonce
+   */
+  async getNonce(address, chain, fetchOnChainNonce) {
+    const key = this._key(address, chain);
+    const cached = this._nonces.get(key);
+    if (cached !== void 0) {
+      return cached;
+    }
+    if (fetchOnChainNonce) {
+      const onChainNonce = await fetchOnChainNonce();
+      this._nonces.set(key, onChainNonce);
+      return onChainNonce;
+    }
+    return 0n;
+  }
+  /**
+   * Increment the nonce after a successful signature/transaction
+   */
+  increment(address, chain) {
+    const key = this._key(address, chain);
+    const current = this._nonces.get(key) ?? 0n;
+    const next = current + 1n;
+    this._nonces.set(key, next);
+    return next;
+  }
+  /**
+   * Set the nonce to a specific value (e.g., after querying on-chain)
+   */
+  set(address, chain, nonce) {
+    const key = this._key(address, chain);
+    this._nonces.set(key, nonce);
+  }
+  /**
+   * Reset the nonce for an address on a chain (forces re-fetch on next use)
+   */
+  reset(address, chain) {
+    const key = this._key(address, chain);
+    this._nonces.delete(key);
+  }
+  /**
+   * Clear all cached nonces
+   */
+  clear() {
+    this._nonces.clear();
+  }
+  _key(address, chain) {
+    return `${chain}:${address.toLowerCase()}`;
+  }
+};
+function generateIdempotencyKey(params) {
+  return `${params.from.toLowerCase()}:${params.payTo.toLowerCase()}:${params.network}:${params.amount}:${params.url}`;
+}
+
+// src/compliance.ts
+var ComplianceManager = class {
+  _providers = [];
+  _auditTrail = [];
+  /**
+   * Register a compliance provider
+   */
+  registerProvider(provider) {
+    this._providers.push(provider);
+  }
+  /**
+   * Run all registered providers against the given parameters.
+   * Returns the first rejection, or `{ allowed: true }` if all pass.
+   *
+   * @param params - The transaction parameters to check
+   * @param action - The type of action being performed (default: 'payment')
+   */
+  async check(params, action = "payment") {
+    if (this._providers.length === 0) {
+      const result2 = { allowed: true };
+      this._recordEvent(action, params, result2);
+      return result2;
+    }
+    for (const provider of this._providers) {
+      const result2 = await provider.check(params);
+      if (!result2.allowed) {
+        this._recordEvent(action, params, result2);
+        return result2;
+      }
+    }
+    const result = { allowed: true };
+    this._recordEvent(action, params, result);
+    return result;
+  }
+  /**
+   * Get the full audit trail of compliance checks
+   */
+  getAuditTrail() {
+    return [...this._auditTrail];
+  }
+  /**
+   * Clear the audit trail
+   */
+  clearAuditTrail() {
+    this._auditTrail = [];
+  }
+  /**
+   * Get the number of registered providers
+   */
+  get providerCount() {
+    return this._providers.length;
+  }
+  _recordEvent(action, params, result) {
+    this._auditTrail.push({
+      timestamp: Date.now(),
+      action,
+      params,
+      result
+    });
+  }
+};
+var BlacklistProvider = class {
+  _addresses;
+  constructor(addresses) {
+    this._addresses = /* @__PURE__ */ new Set();
+    if (addresses) {
+      for (const addr of addresses) {
+        this._addresses.add(addr.toLowerCase());
+      }
+    }
+  }
+  async check(params) {
+    const fromLower = params.from.toLowerCase();
+    const toLower = params.to.toLowerCase();
+    if (this._addresses.has(fromLower)) {
+      return { allowed: false, reason: `Address ${params.from} is blacklisted (sender)` };
+    }
+    if (this._addresses.has(toLower)) {
+      return { allowed: false, reason: `Address ${params.to} is blacklisted (recipient)` };
+    }
+    return { allowed: true };
+  }
+  /**
+   * Add an address to the blacklist
+   */
+  addAddress(address) {
+    this._addresses.add(address.toLowerCase());
+  }
+  /**
+   * Remove an address from the blacklist
+   */
+  removeAddress(address) {
+    this._addresses.delete(address.toLowerCase());
+  }
+  /**
+   * Check if an address is blacklisted
+   */
+  hasAddress(address) {
+    return this._addresses.has(address.toLowerCase());
+  }
+  /**
+   * Get the number of blacklisted addresses
+   */
+  get size() {
+    return this._addresses.size;
+  }
+};
+var AmountLimitProvider = class {
+  _maxPerTransaction;
+  _cumulativeAmounts = /* @__PURE__ */ new Map();
+  _maxCumulative;
+  /**
+   * @param maxPerTransaction - Maximum amount per single transaction
+   * @param maxCumulative - Optional maximum cumulative amount per address
+   */
+  constructor(maxPerTransaction, maxCumulative) {
+    this._maxPerTransaction = maxPerTransaction;
+    this._maxCumulative = maxCumulative;
+  }
+  async check(params) {
+    if (params.amount > this._maxPerTransaction) {
+      return {
+        allowed: false,
+        reason: `Amount ${params.amount} exceeds per-transaction limit of ${this._maxPerTransaction}`
+      };
+    }
+    if (this._maxCumulative !== void 0) {
+      const key = params.from.toLowerCase();
+      const cumulative = (this._cumulativeAmounts.get(key) ?? 0n) + params.amount;
+      if (cumulative > this._maxCumulative) {
+        return {
+          allowed: false,
+          reason: `Cumulative amount ${cumulative} would exceed limit of ${this._maxCumulative}`
+        };
+      }
+      this._cumulativeAmounts.set(key, cumulative);
+    }
+    return { allowed: true };
+  }
+  /**
+   * Reset cumulative tracking for an address
+   */
+  resetCumulative(address) {
+    this._cumulativeAmounts.delete(address.toLowerCase());
+  }
+  /**
+   * Reset all cumulative tracking
+   */
+  resetAllCumulative() {
+    this._cumulativeAmounts.clear();
+  }
+};
+
+// src/webhooks.ts
+var WebhookManager = class {
+  _configs;
+  _deliveryResults = [];
+  _maxDeliveryHistory;
+  /**
+   * @param configs - Array of webhook endpoint configurations
+   * @param maxDeliveryHistory - Maximum number of delivery results to retain (default: 100)
+   */
+  constructor(configs, maxDeliveryHistory = 100) {
+    this._configs = configs;
+    this._maxDeliveryHistory = maxDeliveryHistory;
+  }
+  /**
+   * Send a webhook event to all subscribed endpoints
+   *
+   * @param event - Event type (e.g., 'payment.completed')
+   * @param payload - Event payload data
+   * @returns Array of delivery results for each endpoint
+   */
+  async send(event, payload) {
+    const results = [];
+    for (const config of this._configs) {
+      if (config.events && config.events.length > 0 && !config.events.includes(event)) {
+        continue;
+      }
+      const result = await this._deliver(config, event, payload);
+      results.push(result);
+      this._recordResult(result);
+    }
+    return results;
+  }
+  /**
+   * Sign a payload with HMAC-SHA256
+   *
+   * @param payload - The payload to sign (will be JSON.stringify'd if not a string)
+   * @param secret - The secret key
+   * @returns Hex-encoded HMAC-SHA256 signature
+   */
+  signPayload(payload, secret) {
+    const crypto = __require("crypto");
+    const data = typeof payload === "string" ? payload : JSON.stringify(payload);
+    return crypto.createHmac("sha256", secret).update(data).digest("hex");
+  }
+  /**
+   * Verify an HMAC-SHA256 signature on a payload
+   *
+   * @param payload - The raw payload string
+   * @param signature - The signature to verify
+   * @param secret - The secret key
+   * @returns True if the signature is valid
+   */
+  verifySignature(payload, signature, secret) {
+    const expected = this.signPayload(payload, secret);
+    if (expected.length !== signature.length) {
+      return false;
+    }
+    const crypto = __require("crypto");
+    return crypto.timingSafeEqual(Buffer.from(expected, "hex"), Buffer.from(signature, "hex"));
+  }
+  /**
+   * Get recent delivery results
+   */
+  getDeliveryResults() {
+    return [...this._deliveryResults];
+  }
+  /**
+   * Clear delivery history
+   */
+  clearDeliveryResults() {
+    this._deliveryResults = [];
+  }
+  /**
+   * Get the number of configured webhook endpoints
+   */
+  get endpointCount() {
+    return this._configs.length;
+  }
+  async _deliver(config, event, payload) {
+    const maxRetries = config.retries ?? 3;
+    const body = JSON.stringify({ event, timestamp: (/* @__PURE__ */ new Date()).toISOString(), data: payload });
+    const signature = this.signPayload(body, config.secret);
+    for (let attempt = 1; attempt <= maxRetries; attempt++) {
+      try {
+        const response = await fetch(config.url, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            "X-Webhook-Signature": signature,
+            "X-Webhook-Event": event
+          },
+          body
+        });
+        if (response.ok) {
+          return {
+            url: config.url,
+            success: true,
+            statusCode: response.status,
+            attempts: attempt
+          };
+        }
+        if (response.status >= 400 && response.status < 500) {
+          return {
+            url: config.url,
+            success: false,
+            statusCode: response.status,
+            error: `HTTP ${response.status}`,
+            attempts: attempt
+          };
+        }
+        if (attempt === maxRetries) {
+          return {
+            url: config.url,
+            success: false,
+            statusCode: response.status,
+            error: `HTTP ${response.status} after ${maxRetries} attempts`,
+            attempts: attempt
+          };
+        }
+        await this._sleep(Math.min(1e3 * Math.pow(2, attempt - 1), 1e4));
+      } catch (error) {
+        if (attempt === maxRetries) {
+          return {
+            url: config.url,
+            success: false,
+            error: error instanceof Error ? error.message : String(error),
+            attempts: attempt
+          };
+        }
+        await this._sleep(Math.min(1e3 * Math.pow(2, attempt - 1), 1e4));
+      }
+    }
+    return {
+      url: config.url,
+      success: false,
+      error: "Max retries exceeded",
+      attempts: maxRetries
+    };
+  }
+  _recordResult(result) {
+    this._deliveryResults.push(result);
+    while (this._deliveryResults.length > this._maxDeliveryHistory) {
+      this._deliveryResults.shift();
+    }
+  }
+  _sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+};
+
+// src/indexer.ts
+var WdkIndexerVerifier = class {
+  endpoint;
+  apiKey;
+  timeout;
+  constructor(config) {
+    if (!config.endpoint) {
+      throw new Error("Indexer endpoint is required");
+    }
+    this.endpoint = config.endpoint.replace(/\/$/, "");
+    this.apiKey = config.apiKey;
+    this.timeout = config.timeout ?? 1e4;
+  }
+  /**
+   * Query a transaction across any supported chain
+   */
+  async queryTransaction(query) {
+    if (!query.txHash) {
+      throw new Error("Transaction hash is required");
+    }
+    if (!query.network) {
+      throw new Error("Network is required");
+    }
+    const url = `${this.endpoint}/v1/transactions/${encodeURIComponent(query.network)}/${encodeURIComponent(query.txHash)}`;
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    if (this.apiKey) {
+      headers["Authorization"] = `Bearer ${this.apiKey}`;
+    }
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    try {
+      const response = await fetch(url, {
+        method: "GET",
+        headers,
+        signal: controller.signal
+      });
+      if (!response.ok) {
+        if (response.status === 404) {
+          return {
+            found: false,
+            confirmed: false,
+            from: "",
+            to: "",
+            amount: "0",
+            token: ""
+          };
+        }
+        throw new Error(`Indexer request failed: ${response.status} ${response.statusText}`);
+      }
+      const data = await response.json();
+      return {
+        found: true,
+        confirmed: data.confirmed ?? data.status === "confirmed",
+        from: data.from ?? "",
+        to: data.to ?? "",
+        amount: String(data.amount ?? data.value ?? "0"),
+        token: data.token ?? data.tokenAddress ?? "",
+        blockNumber: data.blockNumber ?? data.block_number,
+        timestamp: data.timestamp ?? data.block_timestamp
+      };
+    } catch (error) {
+      if (error.name === "AbortError") {
+        throw new Error(`Indexer request timed out after ${this.timeout}ms`);
+      }
+      throw error;
+    } finally {
+      clearTimeout(timeoutId);
+    }
+  }
+  /**
+   * Verify a transaction matches expected payment parameters
+   */
+  async verifyPayment(query) {
+    const result = await this.queryTransaction(query);
+    if (!result.found) {
+      return { verified: false, reason: "Transaction not found" };
+    }
+    if (!result.confirmed) {
+      return { verified: false, reason: "Transaction not yet confirmed" };
+    }
+    if (query.expectedTo) {
+      const normalizedExpected = query.expectedTo.toLowerCase();
+      const normalizedActual = result.to.toLowerCase();
+      if (normalizedActual !== normalizedExpected) {
+        return {
+          verified: false,
+          reason: `Recipient mismatch: expected ${query.expectedTo}, got ${result.to}`
+        };
+      }
+    }
+    if (query.expectedAmount) {
+      const expected = BigInt(query.expectedAmount);
+      const actual = BigInt(result.amount);
+      if (actual < expected) {
+        return {
+          verified: false,
+          reason: `Amount insufficient: expected ${query.expectedAmount}, got ${result.amount}`
+        };
+      }
+    }
+    return { verified: true };
+  }
+  /**
+   * Check indexer health
+   */
+  async healthCheck() {
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    try {
+      const headers = {};
+      if (this.apiKey) {
+        headers["Authorization"] = `Bearer ${this.apiKey}`;
+      }
+      const response = await fetch(`${this.endpoint}/health`, {
+        method: "GET",
+        headers,
+        signal: controller.signal
+      });
+      return response.ok;
+    } catch {
+      return false;
+    } finally {
+      clearTimeout(timeoutId);
+    }
+  }
+};
+function createIndexerVerifier(config) {
+  return new WdkIndexerVerifier(config);
+}
+
 // src/hardware/types.ts
 var HardwareWalletErrorCode = /* @__PURE__ */ ((HardwareWalletErrorCode2) => {
   HardwareWalletErrorCode2["DEVICE_NOT_FOUND"] = "DEVICE_NOT_FOUND";
@@ -3352,25 +6019,178 @@ function isHardwareWalletSupported() {
   const support = detectHardwareWalletSupport();
   return support.ledger.webusb || support.ledger.webhid || support.ledger.bluetooth || support.trezor;
 }
+
+// src/providers/moonpay.ts
+var NETWORK_TO_MOONPAY_CURRENCY = {
+  "eip155:1": "usdt",
+  "eip155:42161": "usdt_arbitrum",
+  "eip155:137": "usdt_polygon",
+  "eip155:8453": "usdt_base",
+  "eip155:10": "usdt_optimism",
+  "eip155:43114": "usdt_avalanche_c_chain",
+  "eip155:56": "usdt_bsc"
+};
+var SUPPORTED_FIAT_CURRENCIES = ["USD", "EUR", "GBP"];
+var SUPPORTED_NETWORKS = Object.keys(NETWORK_TO_MOONPAY_CURRENCY);
+var BASE_URLS = {
+  production: "https://buy.moonpay.com",
+  sandbox: "https://buy-sandbox.moonpay.com"
+};
+var API_URLS = {
+  production: "https://api.moonpay.com",
+  sandbox: "https://api.moonpay.com"
+};
+var MoonpayOnRampProvider = class {
+  name = "moonpay";
+  _apiKey;
+  _environment;
+  constructor(config) {
+    if (!config.apiKey) {
+      throw new Error("Moonpay API key is required");
+    }
+    this._apiKey = config.apiKey;
+    this._environment = config.environment ?? "production";
+  }
+  /**
+   * Get the base widget URL for the current environment
+   */
+  get baseUrl() {
+    return BASE_URLS[this._environment];
+  }
+  /**
+   * Get the API base URL for the current environment
+   */
+  get apiUrl() {
+    return API_URLS[this._environment];
+  }
+  /**
+   * Get a quote for fiat-to-crypto conversion
+   *
+   * This method fetches a real-time quote from Moonpay.
+   * Override `_fetchQuote` for testing.
+   */
+  async getQuote(params) {
+    const currencyCode = this._getCurrencyCode(params.network);
+    if (!currencyCode) {
+      throw new Error(`Network "${params.network}" is not supported by Moonpay`);
+    }
+    if (params.fiatAmount <= 0) {
+      throw new Error("fiatAmount must be greater than 0");
+    }
+    if (!SUPPORTED_FIAT_CURRENCIES.includes(params.fiatCurrency.toUpperCase())) {
+      throw new Error(
+        `Currency "${params.fiatCurrency}" is not supported. Supported: ${SUPPORTED_FIAT_CURRENCIES.join(", ")}`
+      );
+    }
+    const quoteUrl = `${this.apiUrl}/v3/currencies/${currencyCode}/buy_quote?apiKey=${this._apiKey}&baseCurrencyAmount=${params.fiatAmount}&baseCurrencyCode=${params.fiatCurrency.toLowerCase()}`;
+    const data = await this._fetchQuote(quoteUrl);
+    return {
+      fiatAmount: params.fiatAmount,
+      fiatCurrency: params.fiatCurrency.toUpperCase(),
+      cryptoAmount: String(data.quoteCurrencyAmount ?? "0"),
+      cryptoCurrency: "USDT",
+      exchangeRate: Number(data.quoteCurrencyPrice ?? 1),
+      fees: {
+        network: String(data.networkFeeAmount ?? "0"),
+        service: String(data.feeAmount ?? "0"),
+        total: String(data.totalFeeAmount ?? "0")
+      },
+      estimatedTime: 600
+      // ~10 minutes typical for card purchases
+    };
+  }
+  /**
+   * Fetch quote from Moonpay API (override in tests)
+   */
+  async _fetchQuote(url) {
+    const response = await fetch(url);
+    if (!response.ok) {
+      throw new Error(`Moonpay API error: ${response.status} ${response.statusText}`);
+    }
+    return response.json();
+  }
+  /**
+   * Create a Moonpay widget URL for the user
+   */
+  createWidget(params) {
+    const currencyCode = this._getCurrencyCode(params.network);
+    if (!currencyCode) {
+      throw new Error(`Network "${params.network}" is not supported by Moonpay`);
+    }
+    if (!params.walletAddress) {
+      throw new Error("walletAddress is required");
+    }
+    if (params.fiatAmount <= 0) {
+      throw new Error("fiatAmount must be greater than 0");
+    }
+    const queryParams = new URLSearchParams({
+      apiKey: this._apiKey,
+      currencyCode,
+      baseCurrencyCode: params.fiatCurrency.toLowerCase(),
+      baseCurrencyAmount: String(params.fiatAmount),
+      walletAddress: params.walletAddress
+    });
+    if (params.redirectUrl) {
+      queryParams.set("redirectURL", params.redirectUrl);
+    }
+    const widgetUrl = `${this.baseUrl}?${queryParams.toString()}`;
+    const orderId = `mp_${Date.now()}_${Math.random().toString(36).slice(2, 10)}`;
+    const expiresAt = new Date(Date.now() + 30 * 60 * 1e3).toISOString();
+    return { widgetUrl, orderId, expiresAt };
+  }
+  /**
+   * Get supported fiat currencies
+   */
+  getSupportedCurrencies() {
+    return [...SUPPORTED_FIAT_CURRENCIES];
+  }
+  /**
+   * Get supported CAIP-2 networks
+   */
+  getSupportedNetworks() {
+    return [...SUPPORTED_NETWORKS];
+  }
+  /**
+   * Map CAIP-2 network to Moonpay currency code
+   */
+  _getCurrencyCode(network) {
+    return NETWORK_TO_MOONPAY_CURRENCY[network];
+  }
+};
+function getMoonpayCurrencyCode(network) {
+  return NETWORK_TO_MOONPAY_CURRENCY[network];
+}
 export {
+  AmountLimitProvider,
   BalanceCache,
   BalanceError,
+  BlacklistProvider,
   BridgeError,
+  BridgeTracker,
+  CHAIN_REGISTRY,
   CHAIN_TOKENS,
   ChainError,
+  ComplianceManager,
   DEFAULT_BALANCE_CACHE_CONFIG,
   DEFAULT_CACHE_CONFIG,
   DEFAULT_CHAINS,
   DEFAULT_RETRY_CONFIG,
   DEFAULT_RPC_ENDPOINTS,
+  FailoverProvider,
   HardwareWalletError,
   HardwareWalletErrorCode,
+  InMemoryIdempotencyManager,
+  InMemoryReceiptStore,
   LAYERZERO_ENDPOINT_IDS,
   LedgerSigner,
   MockWDKSigner,
+  MoonpayOnRampProvider,
+  NonceManager,
   RPCError,
+  SUPPORTED_WDK_RANGE,
   SignerError,
   SigningError,
+  T402EventEmitter,
   T402WDK,
   TTLCache,
   TransactionError,
@@ -3389,28 +6209,72 @@ export {
   WDKTronSignerAdapter,
   WDK_COMPATIBILITY,
   WdkBridge,
+  WdkIndexerVerifier,
+  WebhookManager,
+  buildVersionedTransaction,
   checkWalletEvmCompatibility,
   checkWdkCompatibility,
+  compareSemver,
+  createBackup,
+  createCorrelationId,
   createDirectBridge,
+  createFacilitatorSigners,
+  createFailoverProvider,
+  createIndexerVerifier,
   createLedgerSigner,
+  createSIWxSigners,
   createTrezorSigner,
   createWDKSigner,
   createWDKSvmSigner,
   createWDKTonSigner,
   createWDKTronSigner,
+  createWdkA2APaymentClient,
+  createWdkMoneyParser,
+  decryptSeed,
+  defaultLogger,
+  deriveATAAddress,
   detectHardwareWalletSupport,
+  encryptSeed,
+  generateIdempotencyKey,
   getBridgeableChains3 as getBridgeableChains,
   getChainFromNetwork,
   getChainId,
+  getChainsByFamily,
+  getJettonWalletAddress,
+  getMoonpayCurrencyCode,
   getNetworkFromChain,
   getPreferredToken,
+  getPricingProvider,
+  getRecentPriorityFees,
+  getRegistryByCaip2,
+  getSecretManager,
+  getTokenProgram,
+  getTransferFee,
   getUsdt0Chains,
   getWalletModuleMinVersion,
   hasErrorCode,
   isHardwareWalletSupported,
+  isPricingProviderRegistered,
   isWDKError,
+  mapLayerZeroStatus,
+  noopLogger,
   normalizeChainConfig,
+  parseSemver,
+  registerPricingProvider,
+  registerSecretManager,
+  resolveATA,
+  resolveAssetForNetwork,
+  resolveRpcUrl,
+  rotateSeedPassword,
+  satisfiesSemverRange,
   supportsBridging3 as supportsBridging,
+  toAtomicUnits,
+  toFacilitatorWdkSigner,
+  toSIWxSigner,
+  transferWithPriorityFee,
+  validatePaymentAddress,
+  verifyBackup,
+  waitForJettonTransfer,
   withRetry,
   withTimeout,
   wrapError