@thru/crypto 0.0.4

package/dist/index.d.ts

@@ -0,0 +1,121 @@
+interface EncryptedData {
+    ciphertext: Uint8Array;
+    salt: Uint8Array;
+    iv: Uint8Array;
+    kdfParams: {
+        N: number;
+        r: number;
+        p: number;
+    };
+}
+/**
+ * Encryption service using scrypt KDF and AES-GCM
+ */
+declare class EncryptionService {
+    private static readonly DEFAULT_N;
+    private static readonly DEFAULT_R;
+    private static readonly DEFAULT_P;
+    private static readonly KEY_LENGTH;
+    private static readonly SALT_LENGTH;
+    private static readonly IV_LENGTH;
+    /**
+     * Encrypt data using password-based encryption
+     * @param data - Data to encrypt
+     * @param password - User password
+     * @returns Encrypted data with parameters
+     */
+    static encrypt(data: Uint8Array, password: string): Promise<EncryptedData>;
+    /**
+     * Decrypt encrypted data using password
+     * @param encrypted - Encrypted data with parameters
+     * @param password - User password
+     * @returns Decrypted data
+     */
+    static decrypt(encrypted: EncryptedData, password: string): Promise<Uint8Array>;
+    /**
+     * Serialize encrypted data to a storable format
+     * @param encrypted - Encrypted data
+     * @returns Base64-encoded JSON string
+     */
+    static serialize(encrypted: EncryptedData): string;
+    /**
+     * Deserialize encrypted data from storage
+     * @param serialized - Serialized encrypted data
+     * @returns Encrypted data object
+     */
+    static deserialize(serialized: string): EncryptedData;
+}
+/**
+ * Utility functions for secure memory management
+ */
+declare class SecureMemory {
+    /**
+     * Zero out a Uint8Array to remove sensitive data from memory
+     * @param array - Array to zero out
+     */
+    static zeroize(array: Uint8Array): void;
+    /**
+     * Compare two Uint8Arrays in constant time to prevent timing attacks
+     * @param a - First array
+     * @param b - Second array
+     * @returns true if arrays are equal
+     */
+    static constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean;
+}
+
+/**
+ * HD Wallet helpers for Thru (BIP44 coin type 9999).
+ * Returns raw key material along with encoded addresses.
+ */
+declare class ThruHDWallet {
+    static readonly THRU_COIN_TYPE = 9999;
+    static readonly THRU_DERIVATION_PATH: string;
+    private static ensureSeed;
+    private static deriveKeyPair;
+    static getAccount(seed: Uint8Array, accountIndex?: number, change?: number): Promise<{
+        address: string;
+        publicKey: Uint8Array;
+        privateKey: Uint8Array;
+        secretKey: Uint8Array;
+        path: string;
+    }>;
+    static deriveAccounts(seed: Uint8Array, count: number): Promise<Array<{
+        index: number;
+        address: string;
+        path: string;
+        publicKey: Uint8Array;
+    }>>;
+    static isValidPath(path: string): boolean;
+}
+
+/**
+ * Handles BIP39 mnemonic phrase generation and validation
+ */
+declare class MnemonicGenerator {
+    /**
+     * Generate a new 12-word mnemonic phrase
+     * @returns 12-word mnemonic string
+     */
+    static generate(): string;
+    /**
+     * Validate a mnemonic phrase
+     * @param phrase - Mnemonic phrase to validate
+     * @returns true if valid, false otherwise
+     */
+    static validate(phrase: string): boolean;
+    /**
+     * Convert mnemonic phrase to seed bytes
+     * @param phrase - Valid mnemonic phrase
+     * @param passphrase - Optional passphrase for additional security
+     * @returns Seed as Uint8Array (64 bytes)
+     */
+    static toSeed(phrase: string, passphrase?: string): Uint8Array;
+    /**
+     * Get the number of words in a mnemonic
+     * @param phrase - Mnemonic phrase
+     * @returns Number of words
+     */
+    static getWordCount(phrase: string): number;
+}
+
+export { type EncryptedData, EncryptionService, MnemonicGenerator, SecureMemory, ThruHDWallet };

package/dist/index.js

@@ -0,0 +1,249 @@
+import scrypt from 'scrypt-js';
+import { getPublicKeyAsync } from '@noble/ed25519';
+import { encodeAddress } from '@thru/thru-sdk';
+import { derivePath } from 'ed25519-hd-key';
+import * as bip39 from 'bip39';
+
+// src/encryption.ts
+var EncryptionService = class {
+  // Recommended for AES-GCM
+  /**
+   * Encrypt data using password-based encryption
+   * @param data - Data to encrypt
+   * @param password - User password
+   * @returns Encrypted data with parameters
+   */
+  static async encrypt(data, password) {
+    const salt = crypto.getRandomValues(new Uint8Array(this.SALT_LENGTH));
+    const iv = crypto.getRandomValues(new Uint8Array(this.IV_LENGTH));
+    const passwordBytes = new TextEncoder().encode(password);
+    const derivedKey = await scrypt.scrypt(
+      passwordBytes,
+      salt,
+      this.DEFAULT_N,
+      this.DEFAULT_R,
+      this.DEFAULT_P,
+      this.KEY_LENGTH
+    );
+    const cryptoKey = await crypto.subtle.importKey(
+      "raw",
+      new Uint8Array(derivedKey),
+      { name: "AES-GCM" },
+      false,
+      ["encrypt"]
+    );
+    const ciphertext = await crypto.subtle.encrypt(
+      { name: "AES-GCM", iv },
+      cryptoKey,
+      data
+    );
+    derivedKey.fill(0);
+    passwordBytes.fill(0);
+    return {
+      ciphertext: new Uint8Array(ciphertext),
+      salt,
+      iv,
+      kdfParams: {
+        N: this.DEFAULT_N,
+        r: this.DEFAULT_R,
+        p: this.DEFAULT_P
+      }
+    };
+  }
+  /**
+   * Decrypt encrypted data using password
+   * @param encrypted - Encrypted data with parameters
+   * @param password - User password
+   * @returns Decrypted data
+   */
+  static async decrypt(encrypted, password) {
+    const passwordBytes = new TextEncoder().encode(password);
+    const derivedKey = await scrypt.scrypt(
+      passwordBytes,
+      encrypted.salt,
+      encrypted.kdfParams.N,
+      encrypted.kdfParams.r,
+      encrypted.kdfParams.p,
+      this.KEY_LENGTH
+    );
+    const cryptoKey = await crypto.subtle.importKey(
+      "raw",
+      new Uint8Array(derivedKey),
+      { name: "AES-GCM" },
+      false,
+      ["decrypt"]
+    );
+    try {
+      const decrypted = await crypto.subtle.decrypt(
+        { name: "AES-GCM", iv: encrypted.iv },
+        cryptoKey,
+        encrypted.ciphertext
+      );
+      derivedKey.fill(0);
+      passwordBytes.fill(0);
+      return new Uint8Array(decrypted);
+    } catch (error) {
+      derivedKey.fill(0);
+      passwordBytes.fill(0);
+      throw new Error("Decryption failed - incorrect password or corrupted data");
+    }
+  }
+  /**
+   * Serialize encrypted data to a storable format
+   * @param encrypted - Encrypted data
+   * @returns Base64-encoded JSON string
+   */
+  static serialize(encrypted) {
+    return JSON.stringify({
+      ciphertext: Buffer.from(encrypted.ciphertext).toString("base64"),
+      salt: Buffer.from(encrypted.salt).toString("base64"),
+      iv: Buffer.from(encrypted.iv).toString("base64"),
+      kdfParams: encrypted.kdfParams
+    });
+  }
+  /**
+   * Deserialize encrypted data from storage
+   * @param serialized - Serialized encrypted data
+   * @returns Encrypted data object
+   */
+  static deserialize(serialized) {
+    const parsed = JSON.parse(serialized);
+    return {
+      ciphertext: new Uint8Array(Buffer.from(parsed.ciphertext, "base64")),
+      salt: new Uint8Array(Buffer.from(parsed.salt, "base64")),
+      iv: new Uint8Array(Buffer.from(parsed.iv, "base64")),
+      kdfParams: parsed.kdfParams
+    };
+  }
+};
+// Default scrypt parameters (can be adjusted for performance/security trade-off)
+EncryptionService.DEFAULT_N = 8192;
+// 2^15
+EncryptionService.DEFAULT_R = 8;
+EncryptionService.DEFAULT_P = 1;
+EncryptionService.KEY_LENGTH = 32;
+// 256 bits for AES-256
+EncryptionService.SALT_LENGTH = 32;
+EncryptionService.IV_LENGTH = 12;
+var SecureMemory = class {
+  /**
+   * Zero out a Uint8Array to remove sensitive data from memory
+   * @param array - Array to zero out
+   */
+  static zeroize(array) {
+    array.fill(0);
+  }
+  /**
+   * Compare two Uint8Arrays in constant time to prevent timing attacks
+   * @param a - First array
+   * @param b - Second array
+   * @returns true if arrays are equal
+   */
+  static constantTimeEqual(a, b) {
+    if (a.length !== b.length) {
+      return false;
+    }
+    let result = 0;
+    for (let i = 0; i < a.length; i++) {
+      result |= a[i] ^ b[i];
+    }
+    return result === 0;
+  }
+};
+var _ThruHDWallet = class _ThruHDWallet {
+  static ensureSeed(seed) {
+    if (seed.length !== 64) {
+      throw new Error("Seed must be 64 bytes");
+    }
+  }
+  static async deriveKeyPair(seed, path) {
+    _ThruHDWallet.ensureSeed(seed);
+    const derived = derivePath(path, Buffer.from(seed).toString("hex"));
+    const privateKey = new Uint8Array(derived.key);
+    const publicKey = new Uint8Array(await getPublicKeyAsync(privateKey));
+    const secretKey = new Uint8Array(privateKey.length + publicKey.length);
+    secretKey.set(privateKey, 0);
+    secretKey.set(publicKey, privateKey.length);
+    return {
+      publicKey,
+      privateKey,
+      secretKey
+    };
+  }
+  static async getAccount(seed, accountIndex = 0, change = 0) {
+    if (accountIndex < 0) {
+      throw new Error("Account index must be non-negative");
+    }
+    const path = `${_ThruHDWallet.THRU_DERIVATION_PATH}/${accountIndex}'/${change}'`;
+    const { publicKey, privateKey, secretKey } = await _ThruHDWallet.deriveKeyPair(seed, path);
+    return {
+      address: encodeAddress(publicKey),
+      publicKey,
+      privateKey,
+      secretKey,
+      path
+    };
+  }
+  static async deriveAccounts(seed, count) {
+    const accounts = [];
+    for (let i = 0; i < count; i++) {
+      const account = await _ThruHDWallet.getAccount(seed, i);
+      accounts.push({
+        index: i,
+        address: account.address,
+        path: account.path,
+        publicKey: account.publicKey
+      });
+    }
+    return accounts;
+  }
+  static isValidPath(path) {
+    const pathRegex = /^m(\/\d+')+$/;
+    return pathRegex.test(path);
+  }
+};
+_ThruHDWallet.THRU_COIN_TYPE = 9999;
+_ThruHDWallet.THRU_DERIVATION_PATH = `m/44'/${_ThruHDWallet.THRU_COIN_TYPE}'`;
+var ThruHDWallet = _ThruHDWallet;
+var MnemonicGenerator = class {
+  /**
+   * Generate a new 12-word mnemonic phrase
+   * @returns 12-word mnemonic string
+   */
+  static generate() {
+    return bip39.generateMnemonic(128);
+  }
+  /**
+   * Validate a mnemonic phrase
+   * @param phrase - Mnemonic phrase to validate
+   * @returns true if valid, false otherwise
+   */
+  static validate(phrase) {
+    return bip39.validateMnemonic(phrase);
+  }
+  /**
+   * Convert mnemonic phrase to seed bytes
+   * @param phrase - Valid mnemonic phrase
+   * @param passphrase - Optional passphrase for additional security
+   * @returns Seed as Uint8Array (64 bytes)
+   */
+  static toSeed(phrase, passphrase = "") {
+    if (!this.validate(phrase)) {
+      throw new Error("Invalid mnemonic phrase");
+    }
+    const seed = bip39.mnemonicToSeedSync(phrase, passphrase);
+    return new Uint8Array(seed);
+  }
+  /**
+   * Get the number of words in a mnemonic
+   * @param phrase - Mnemonic phrase
+   * @returns Number of words
+   */
+  static getWordCount(phrase) {
+    return phrase.trim().split(/\s+/).length;
+  }
+};
+
+export { EncryptionService, MnemonicGenerator, SecureMemory, ThruHDWallet };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/encryption.ts","../src/hdwallet.ts","../src/mnemonic.ts"],"names":[],"mappings":";;;;;;;AAgBO,IAAM,oBAAN,MAAwB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAe7B,aAAa,OAAA,CAAQ,IAAA,EAAkB,QAAA,EAA0C;AAE/E,IAAA,MAAM,OAAO,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,IAAA,CAAK,WAAW,CAAC,CAAA;AACpE,IAAA,MAAM,KAAK,MAAA,CAAO,eAAA,CAAgB,IAAI,UAAA,CAAW,IAAA,CAAK,SAAS,CAAC,CAAA;AAGhE,IAAA,MAAM,aAAA,GAAgB,IAAI,WAAA,EAAY,CAAE,OAAO,QAAQ,CAAA;AACvD,IAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA;AAAA,MAC9B,aAAA;AAAA,MACA,IAAA;AAAA,MACA,IAAA,CAAK,SAAA;AAAA,MACL,IAAA,CAAK,SAAA;AAAA,MACL,IAAA,CAAK,SAAA;AAAA,MACL,IAAA,CAAK;AAAA,KACP;AAGA,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MACpC,KAAA;AAAA,MACA,IAAI,WAAW,UAAU,CAAA;AAAA,MACzB,EAAE,MAAM,SAAA,EAAU;AAAA,MAClB,KAAA;AAAA,MACA,CAAC,SAAS;AAAA,KACZ;AAGA,IAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA,CAAO,OAAA;AAAA,MACrC,EAAE,IAAA,EAAM,SAAA,EAAW,EAAA,EAAG;AAAA,MACtB,SAAA;AAAA,MACA;AAAA,KACF;AAGA,IAAA,UAAA,CAAW,KAAK,CAAC,CAAA;AACjB,IAAA,aAAA,CAAc,KAAK,CAAC,CAAA;AAEpB,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,IAAI,UAAA,CAAW,UAAU,CAAA;AAAA,MACrC,IAAA;AAAA,MACA,EAAA;AAAA,MACA,SAAA,EAAW;AAAA,QACT,GAAG,IAAA,CAAK,SAAA;AAAA,QACR,GAAG,IAAA,CAAK,SAAA;AAAA,QACR,GAAG,IAAA,CAAK;AAAA;AACV,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,aAAa,OAAA,CAAQ,SAAA,EAA0B,QAAA,EAAuC;AAEpF,IAAA,MAAM,aAAA,GAAgB,IAAI,WAAA,EAAY,CAAE,OAAO,QAAQ,CAAA;AACvD,IAAA,MAAM,UAAA,GAAa,MAAM,MAAA,CAAO,MAAA;AAAA,MAC9B,aAAA;AAAA,MACA,SAAA,CAAU,IAAA;AAAA,MACV,UAAU,SAAA,CAAU,CAAA;AAAA,MACpB,UAAU,SAAA,CAAU,CAAA;AAAA,MACpB,UAAU,SAAA,CAAU,CAAA;AAAA,MACpB,IAAA,CAAK;AAAA,KACP;AAGA,IAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,SAAA;AAAA,MACpC,KAAA;AAAA,MACA,IAAI,WAAW,UAAU,CAAA;AAAA,MACzB,EAAE,MAAM,SAAA,EAAU;AAAA,MAClB,KAAA;AAAA,MACA,CAAC,SAAS;AAAA,KACZ;AAEA,IAAA,IAAI;AAEF,MAAA,MAAM,SAAA,GAAY,MAAM,MAAA,CAAO,MAAA,CAAO,OAAA;AAAA,QACpC,EAAE,IAAA,EAAM,SAAA,EAAW,EAAA,EAAI,UAAU,EAAA,EAA6B;AAAA,QAC9D,SAAA;AAAA,QACA,SAAA,CAAU;AAAA,OACZ;AAGA,MAAA,UAAA,CAAW,KAAK,CAAC,CAAA;AACjB,MAAA,aAAA,CAAc,KAAK,CAAC,CAAA;AAEpB,MAAA,OAAO,IAAI,WAAW,SAAS,CAAA;AAAA,IACjC,SAAS,KAAA,EAAO;AAEd,MAAA,UAAA,CAAW,KAAK,CAAC,CAAA;AACjB,MAAA,aAAA,CAAc,KAAK,CAAC,CAAA;AACpB,MAAA,MAAM,IAAI,MAAM,0DAA0D,CAAA;AAAA,IAC5E;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,UAAU,SAAA,EAAkC;AACjD,IAAA,OAAO,KAAK,SAAA,CAAU;AAAA,MACpB,YAAY,MAAA,CAAO,IAAA,CAAK,UAAU,UAAU,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,MAC/D,MAAM,MAAA,CAAO,IAAA,CAAK,UAAU,IAAI,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,MACnD,IAAI,MAAA,CAAO,IAAA,CAAK,UAAU,EAAE,CAAA,CAAE,SAAS,QAAQ,CAAA;AAAA,MAC/C,WAAW,SAAA,CAAU;AAAA,KACtB,CAAA;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,YAAY,UAAA,EAAmC;AACpD,IAAA,MAAM,MAAA,GAAS,IAAA,CAAK,KAAA,CAAM,UAAU,CAAA;AACpC,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,IAAI,UAAA,CAAW,MAAA,CAAO,KAAK,MAAA,CAAO,UAAA,EAAY,QAAQ,CAAC,CAAA;AAAA,MACnE,IAAA,EAAM,IAAI,UAAA,CAAW,MAAA,CAAO,KAAK,MAAA,CAAO,IAAA,EAAM,QAAQ,CAAC,CAAA;AAAA,MACvD,EAAA,EAAI,IAAI,UAAA,CAAW,MAAA,CAAO,KAAK,MAAA,CAAO,EAAA,EAAI,QAAQ,CAAC,CAAA;AAAA,MACnD,WAAW,MAAA,CAAO;AAAA,KACpB;AAAA,EACF;AACF;AAAA;AA3Ia,iBAAA,CAEa,SAAA,GAAY,IAAA;AAAA;AAFzB,iBAAA,CAGa,SAAA,GAAY,CAAA;AAHzB,iBAAA,CAIa,SAAA,GAAY,CAAA;AAJzB,iBAAA,CAKa,UAAA,GAAa,EAAA;AAAA;AAL1B,iBAAA,CAMa,WAAA,GAAc,EAAA;AAN3B,iBAAA,CAOa,SAAA,GAAY,EAAA;AAyI/B,IAAM,eAAN,MAAmB;AAAA;AAAA;AAAA;AAAA;AAAA,EAKxB,OAAO,QAAQ,KAAA,EAAyB;AACtC,IAAA,KAAA,CAAM,KAAK,CAAC,CAAA;AAAA,EACd;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,iBAAA,CAAkB,CAAA,EAAe,CAAA,EAAwB;AAC9D,IAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ;AACzB,MAAA,OAAO,KAAA;AAAA,IACT;AAEA,IAAA,IAAI,MAAA,GAAS,CAAA;AACb,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,QAAQ,CAAA,EAAA,EAAK;AACjC,MAAA,MAAA,IAAU,CAAA,CAAE,CAAC,CAAA,GAAI,CAAA,CAAE,CAAC,CAAA;AAAA,IACtB;AAEA,IAAA,OAAO,MAAA,KAAW,CAAA;AAAA,EACpB;AACF;ACnLO,IAAM,aAAA,GAAN,MAAM,aAAA,CAAa;AAAA,EAIxB,OAAe,WAAW,IAAA,EAAwB;AAChD,IAAA,IAAI,IAAA,CAAK,WAAW,EAAA,EAAI;AACtB,MAAA,MAAM,IAAI,MAAM,uBAAuB,CAAA;AAAA,IACzC;AAAA,EACF;AAAA,EAEA,aAAqB,aAAA,CAAc,IAAA,EAAkB,IAAA,EAAc;AACjE,IAAA,aAAA,CAAa,WAAW,IAAI,CAAA;AAC5B,IAAA,MAAM,OAAA,GAAU,WAAW,IAAA,EAAM,MAAA,CAAO,KAAK,IAAI,CAAA,CAAE,QAAA,CAAS,KAAK,CAAC,CAAA;AAClE,IAAA,MAAM,UAAA,GAAa,IAAI,UAAA,CAAW,OAAA,CAAQ,GAAG,CAAA;AAC7C,IAAA,MAAM,YAAY,IAAI,UAAA,CAAW,MAAM,iBAAA,CAAkB,UAAU,CAAC,CAAA;AACpE,IAAA,MAAM,YAAY,IAAI,UAAA,CAAW,UAAA,CAAW,MAAA,GAAS,UAAU,MAAM,CAAA;AACrE,IAAA,SAAA,CAAU,GAAA,CAAI,YAAY,CAAC,CAAA;AAC3B,IAAA,SAAA,CAAU,GAAA,CAAI,SAAA,EAAW,UAAA,CAAW,MAAM,CAAA;AAE1C,IAAA,OAAO;AAAA,MACL,SAAA;AAAA,MACA,UAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,aAAa,UAAA,CACX,IAAA,EACA,YAAA,GAAuB,CAAA,EACvB,SAAiB,CAAA,EAOhB;AACD,IAAA,IAAI,eAAe,CAAA,EAAG;AACpB,MAAA,MAAM,IAAI,MAAM,oCAAoC,CAAA;AAAA,IACtD;AAEA,IAAA,MAAM,OAAO,CAAA,EAAG,aAAA,CAAa,oBAAoB,CAAA,CAAA,EAAI,YAAY,KAAK,MAAM,CAAA,CAAA,CAAA;AAC5E,IAAA,MAAM,EAAE,WAAW,UAAA,EAAY,SAAA,KAAc,MAAM,aAAA,CAAa,aAAA,CAAc,IAAA,EAAM,IAAI,CAAA;AAExF,IAAA,OAAO;AAAA,MACL,OAAA,EAAS,cAAc,SAAS,CAAA;AAAA,MAChC,SAAA;AAAA,MACA,UAAA;AAAA,MACA,SAAA;AAAA,MACA;AAAA,KACF;AAAA,EACF;AAAA,EAEA,aAAa,cAAA,CACX,IAAA,EACA,KAAA,EAME;AACF,IAAA,MAAM,WAAW,EAAC;AAClB,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,EAAO,CAAA,EAAA,EAAK;AAC9B,MAAA,MAAM,OAAA,GAAU,MAAM,aAAA,CAAa,UAAA,CAAW,MAAM,CAAC,CAAA;AACrD,MAAA,QAAA,CAAS,IAAA,CAAK;AAAA,QACZ,KAAA,EAAO,CAAA;AAAA,QACP,SAAS,OAAA,CAAQ,OAAA;AAAA,QACjB,MAAM,OAAA,CAAQ,IAAA;AAAA,QACd,WAAW,OAAA,CAAQ;AAAA,OACpB,CAAA;AAAA,IACH;AACA,IAAA,OAAO,QAAA;AAAA,EACT;AAAA,EAEA,OAAO,YAAY,IAAA,EAAuB;AACxC,IAAA,MAAM,SAAA,GAAY,cAAA;AAClB,IAAA,OAAO,SAAA,CAAU,KAAK,IAAI,CAAA;AAAA,EAC5B;AACF,CAAA;AA/Ea,aAAA,CACK,cAAA,GAAiB,IAAA;AADtB,aAAA,CAEK,oBAAA,GAAuB,CAAA,MAAA,EAAS,aAAA,CAAa,cAAc,CAAA,CAAA,CAAA;AAFtE,IAAM,YAAA,GAAN;ACHA,IAAM,oBAAN,MAAwB;AAAA;AAAA;AAAA;AAAA;AAAA,EAK7B,OAAO,QAAA,GAAmB;AAExB,IAAA,OAAa,uBAAiB,GAAG,CAAA;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,SAAS,MAAA,EAAyB;AACvC,IAAA,OAAa,uBAAiB,MAAM,CAAA;AAAA,EACtC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,OAAO,MAAA,CAAO,MAAA,EAAgB,UAAA,GAAqB,EAAA,EAAgB;AACjE,IAAA,IAAI,CAAC,IAAA,CAAK,QAAA,CAAS,MAAM,CAAA,EAAG;AAC1B,MAAA,MAAM,IAAI,MAAM,yBAAyB,CAAA;AAAA,IAC3C;AACA,IAAA,MAAM,IAAA,GAAa,KAAA,CAAA,kBAAA,CAAmB,MAAA,EAAQ,UAAU,CAAA;AACxD,IAAA,OAAO,IAAI,WAAW,IAAI,CAAA;AAAA,EAC5B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAOA,OAAO,aAAa,MAAA,EAAwB;AAC1C,IAAA,OAAO,MAAA,CAAO,IAAA,EAAK,CAAE,KAAA,CAAM,KAAK,CAAA,CAAE,MAAA;AAAA,EACpC;AACF","file":"index.js","sourcesContent":["import scrypt from 'scrypt-js';\n\nexport interface EncryptedData {\n  ciphertext: Uint8Array;\n  salt: Uint8Array;\n  iv: Uint8Array;\n  kdfParams: {\n    N: number; // CPU/memory cost parameter\n    r: number; // Block size\n    p: number; // Parallelization parameter\n  };\n}\n\n/**\n * Encryption service using scrypt KDF and AES-GCM\n */\nexport class EncryptionService {\n  // Default scrypt parameters (can be adjusted for performance/security trade-off)\n  private static readonly DEFAULT_N = 8192; // 2^15\n  private static readonly DEFAULT_R = 8;\n  private static readonly DEFAULT_P = 1;\n  private static readonly KEY_LENGTH = 32; // 256 bits for AES-256\n  private static readonly SALT_LENGTH = 32;\n  private static readonly IV_LENGTH = 12; // Recommended for AES-GCM\n\n  /**\n   * Encrypt data using password-based encryption\n   * @param data - Data to encrypt\n   * @param password - User password\n   * @returns Encrypted data with parameters\n   */\n  static async encrypt(data: Uint8Array, password: string): Promise<EncryptedData> {\n    // Generate random salt and IV\n    const salt = crypto.getRandomValues(new Uint8Array(this.SALT_LENGTH));\n    const iv = crypto.getRandomValues(new Uint8Array(this.IV_LENGTH));\n\n    // Derive key from password using scrypt\n    const passwordBytes = new TextEncoder().encode(password);\n    const derivedKey = await scrypt.scrypt(\n      passwordBytes,\n      salt,\n      this.DEFAULT_N,\n      this.DEFAULT_R,\n      this.DEFAULT_P,\n      this.KEY_LENGTH\n    );\n\n    // Import key for WebCrypto API\n    const cryptoKey = await crypto.subtle.importKey(\n      'raw',\n      new Uint8Array(derivedKey),\n      { name: 'AES-GCM' },\n      false,\n      ['encrypt']\n    );\n\n    // Encrypt data using AES-GCM\n    const ciphertext = await crypto.subtle.encrypt(\n      { name: 'AES-GCM', iv },\n      cryptoKey,\n      data as unknown as ArrayBuffer\n    );\n\n    // Zero out sensitive data\n    derivedKey.fill(0);\n    passwordBytes.fill(0);\n\n    return {\n      ciphertext: new Uint8Array(ciphertext),\n      salt,\n      iv,\n      kdfParams: {\n        N: this.DEFAULT_N,\n        r: this.DEFAULT_R,\n        p: this.DEFAULT_P,\n      },\n    };\n  }\n\n  /**\n   * Decrypt encrypted data using password\n   * @param encrypted - Encrypted data with parameters\n   * @param password - User password\n   * @returns Decrypted data\n   */\n  static async decrypt(encrypted: EncryptedData, password: string): Promise<Uint8Array> {\n    // Derive key from password using stored parameters\n    const passwordBytes = new TextEncoder().encode(password);\n    const derivedKey = await scrypt.scrypt(\n      passwordBytes,\n      encrypted.salt,\n      encrypted.kdfParams.N,\n      encrypted.kdfParams.r,\n      encrypted.kdfParams.p,\n      this.KEY_LENGTH\n    );\n\n    // Import key for WebCrypto API\n    const cryptoKey = await crypto.subtle.importKey(\n      'raw',\n      new Uint8Array(derivedKey),\n      { name: 'AES-GCM' },\n      false,\n      ['decrypt']\n    );\n\n    try {\n      // Decrypt data using AES-GCM\n      const decrypted = await crypto.subtle.decrypt(\n        { name: 'AES-GCM', iv: encrypted.iv as unknown as ArrayBuffer },\n        cryptoKey,\n        encrypted.ciphertext as unknown as ArrayBuffer\n      );\n\n      // Zero out sensitive data\n      derivedKey.fill(0);\n      passwordBytes.fill(0);\n\n      return new Uint8Array(decrypted);\n    } catch (error) {\n      // Zero out sensitive data even on error\n      derivedKey.fill(0);\n      passwordBytes.fill(0);\n      throw new Error('Decryption failed - incorrect password or corrupted data');\n    }\n  }\n\n  /**\n   * Serialize encrypted data to a storable format\n   * @param encrypted - Encrypted data\n   * @returns Base64-encoded JSON string\n   */\n  static serialize(encrypted: EncryptedData): string {\n    return JSON.stringify({\n      ciphertext: Buffer.from(encrypted.ciphertext).toString('base64'),\n      salt: Buffer.from(encrypted.salt).toString('base64'),\n      iv: Buffer.from(encrypted.iv).toString('base64'),\n      kdfParams: encrypted.kdfParams,\n    });\n  }\n\n  /**\n   * Deserialize encrypted data from storage\n   * @param serialized - Serialized encrypted data\n   * @returns Encrypted data object\n   */\n  static deserialize(serialized: string): EncryptedData {\n    const parsed = JSON.parse(serialized);\n    return {\n      ciphertext: new Uint8Array(Buffer.from(parsed.ciphertext, 'base64')),\n      salt: new Uint8Array(Buffer.from(parsed.salt, 'base64')),\n      iv: new Uint8Array(Buffer.from(parsed.iv, 'base64')),\n      kdfParams: parsed.kdfParams,\n    };\n  }\n}\n\n/**\n * Utility functions for secure memory management\n */\nexport class SecureMemory {\n  /**\n   * Zero out a Uint8Array to remove sensitive data from memory\n   * @param array - Array to zero out\n   */\n  static zeroize(array: Uint8Array): void {\n    array.fill(0);\n  }\n\n  /**\n   * Compare two Uint8Arrays in constant time to prevent timing attacks\n   * @param a - First array\n   * @param b - Second array\n   * @returns true if arrays are equal\n   */\n  static constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {\n    if (a.length !== b.length) {\n      return false;\n    }\n\n    let result = 0;\n    for (let i = 0; i < a.length; i++) {\n      result |= a[i] ^ b[i];\n    }\n\n    return result === 0;\n  }\n}\n","import { getPublicKeyAsync } from '@noble/ed25519';\nimport { encodeAddress } from '@thru/thru-sdk';\nimport { derivePath } from 'ed25519-hd-key';\n\n/**\n * HD Wallet helpers for Thru (BIP44 coin type 9999).\n * Returns raw key material along with encoded addresses.\n */\nexport class ThruHDWallet {\n  static readonly THRU_COIN_TYPE = 9999;\n  static readonly THRU_DERIVATION_PATH = `m/44'/${ThruHDWallet.THRU_COIN_TYPE}'`;\n\n  private static ensureSeed(seed: Uint8Array): void {\n    if (seed.length !== 64) {\n      throw new Error('Seed must be 64 bytes');\n    }\n  }\n\n  private static async deriveKeyPair(seed: Uint8Array, path: string) {\n    ThruHDWallet.ensureSeed(seed);\n    const derived = derivePath(path, Buffer.from(seed).toString('hex'));\n    const privateKey = new Uint8Array(derived.key);\n    const publicKey = new Uint8Array(await getPublicKeyAsync(privateKey));\n    const secretKey = new Uint8Array(privateKey.length + publicKey.length);\n    secretKey.set(privateKey, 0);\n    secretKey.set(publicKey, privateKey.length);\n\n    return {\n      publicKey,\n      privateKey,\n      secretKey,\n    };\n  }\n\n  static async getAccount(\n    seed: Uint8Array,\n    accountIndex: number = 0,\n    change: number = 0\n  ): Promise<{\n    address: string;\n    publicKey: Uint8Array;\n    privateKey: Uint8Array;\n    secretKey: Uint8Array;\n    path: string;\n  }> {\n    if (accountIndex < 0) {\n      throw new Error('Account index must be non-negative');\n    }\n\n    const path = `${ThruHDWallet.THRU_DERIVATION_PATH}/${accountIndex}'/${change}'`;\n    const { publicKey, privateKey, secretKey } = await ThruHDWallet.deriveKeyPair(seed, path);\n\n    return {\n      address: encodeAddress(publicKey),\n      publicKey,\n      privateKey,\n      secretKey,\n      path,\n    };\n  }\n\n  static async deriveAccounts(\n    seed: Uint8Array,\n    count: number\n  ): Promise<Array<{\n    index: number;\n    address: string;\n    path: string;\n    publicKey: Uint8Array;\n  }>> {\n    const accounts = [];\n    for (let i = 0; i < count; i++) {\n      const account = await ThruHDWallet.getAccount(seed, i);\n      accounts.push({\n        index: i,\n        address: account.address,\n        path: account.path,\n        publicKey: account.publicKey,\n      });\n    }\n    return accounts;\n  }\n\n  static isValidPath(path: string): boolean {\n    const pathRegex = /^m(\\/\\d+')+$/;\n    return pathRegex.test(path);\n  }\n}\n","import * as bip39 from 'bip39';\n\n/**\n * Handles BIP39 mnemonic phrase generation and validation\n */\nexport class MnemonicGenerator {\n  /**\n   * Generate a new 12-word mnemonic phrase\n   * @returns 12-word mnemonic string\n   */\n  static generate(): string {\n    // 128 bits of entropy = 12 words\n    return bip39.generateMnemonic(128);\n  }\n\n  /**\n   * Validate a mnemonic phrase\n   * @param phrase - Mnemonic phrase to validate\n   * @returns true if valid, false otherwise\n   */\n  static validate(phrase: string): boolean {\n    return bip39.validateMnemonic(phrase);\n  }\n\n  /**\n   * Convert mnemonic phrase to seed bytes\n   * @param phrase - Valid mnemonic phrase\n   * @param passphrase - Optional passphrase for additional security\n   * @returns Seed as Uint8Array (64 bytes)\n   */\n  static toSeed(phrase: string, passphrase: string = ''): Uint8Array {\n    if (!this.validate(phrase)) {\n      throw new Error('Invalid mnemonic phrase');\n    }\n    const seed = bip39.mnemonicToSeedSync(phrase, passphrase);\n    return new Uint8Array(seed);\n  }\n\n  /**\n   * Get the number of words in a mnemonic\n   * @param phrase - Mnemonic phrase\n   * @returns Number of words\n   */\n  static getWordCount(phrase: string): number {\n    return phrase.trim().split(/\\s+/).length;\n  }\n}\n"]}

package/package.json

@@ -0,0 +1,26 @@
+{
+  "name": "@thru/crypto",
+  "version": "0.0.4",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "dependencies": {
+    "@noble/ed25519": "^2.3.0",
+    "bip39": "^3.1.0",
+    "ed25519-hd-key": "^1.3.0",
+    "scrypt-js": "^3.0.1",
+    "@thru/thru-sdk": "0.0.4"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "lint": "eslint src/",
+    "clean": "rm -rf dist"
+  }
+}

package/src/encryption.ts

@@ -0,0 +1,188 @@
+import scrypt from 'scrypt-js';
+
+export interface EncryptedData {
+  ciphertext: Uint8Array;
+  salt: Uint8Array;
+  iv: Uint8Array;
+  kdfParams: {
+    N: number; // CPU/memory cost parameter
+    r: number; // Block size
+    p: number; // Parallelization parameter
+  };
+}
+
+/**
+ * Encryption service using scrypt KDF and AES-GCM
+ */
+export class EncryptionService {
+  // Default scrypt parameters (can be adjusted for performance/security trade-off)
+  private static readonly DEFAULT_N = 8192; // 2^15
+  private static readonly DEFAULT_R = 8;
+  private static readonly DEFAULT_P = 1;
+  private static readonly KEY_LENGTH = 32; // 256 bits for AES-256
+  private static readonly SALT_LENGTH = 32;
+  private static readonly IV_LENGTH = 12; // Recommended for AES-GCM
+
+  /**
+   * Encrypt data using password-based encryption
+   * @param data - Data to encrypt
+   * @param password - User password
+   * @returns Encrypted data with parameters
+   */
+  static async encrypt(data: Uint8Array, password: string): Promise<EncryptedData> {
+    // Generate random salt and IV
+    const salt = crypto.getRandomValues(new Uint8Array(this.SALT_LENGTH));
+    const iv = crypto.getRandomValues(new Uint8Array(this.IV_LENGTH));
+
+    // Derive key from password using scrypt
+    const passwordBytes = new TextEncoder().encode(password);
+    const derivedKey = await scrypt.scrypt(
+      passwordBytes,
+      salt,
+      this.DEFAULT_N,
+      this.DEFAULT_R,
+      this.DEFAULT_P,
+      this.KEY_LENGTH
+    );
+
+    // Import key for WebCrypto API
+    const cryptoKey = await crypto.subtle.importKey(
+      'raw',
+      new Uint8Array(derivedKey),
+      { name: 'AES-GCM' },
+      false,
+      ['encrypt']
+    );
+
+    // Encrypt data using AES-GCM
+    const ciphertext = await crypto.subtle.encrypt(
+      { name: 'AES-GCM', iv },
+      cryptoKey,
+      data as unknown as ArrayBuffer
+    );
+
+    // Zero out sensitive data
+    derivedKey.fill(0);
+    passwordBytes.fill(0);
+
+    return {
+      ciphertext: new Uint8Array(ciphertext),
+      salt,
+      iv,
+      kdfParams: {
+        N: this.DEFAULT_N,
+        r: this.DEFAULT_R,
+        p: this.DEFAULT_P,
+      },
+    };
+  }
+
+  /**
+   * Decrypt encrypted data using password
+   * @param encrypted - Encrypted data with parameters
+   * @param password - User password
+   * @returns Decrypted data
+   */
+  static async decrypt(encrypted: EncryptedData, password: string): Promise<Uint8Array> {
+    // Derive key from password using stored parameters
+    const passwordBytes = new TextEncoder().encode(password);
+    const derivedKey = await scrypt.scrypt(
+      passwordBytes,
+      encrypted.salt,
+      encrypted.kdfParams.N,
+      encrypted.kdfParams.r,
+      encrypted.kdfParams.p,
+      this.KEY_LENGTH
+    );
+
+    // Import key for WebCrypto API
+    const cryptoKey = await crypto.subtle.importKey(
+      'raw',
+      new Uint8Array(derivedKey),
+      { name: 'AES-GCM' },
+      false,
+      ['decrypt']
+    );
+
+    try {
+      // Decrypt data using AES-GCM
+      const decrypted = await crypto.subtle.decrypt(
+        { name: 'AES-GCM', iv: encrypted.iv as unknown as ArrayBuffer },
+        cryptoKey,
+        encrypted.ciphertext as unknown as ArrayBuffer
+      );
+
+      // Zero out sensitive data
+      derivedKey.fill(0);
+      passwordBytes.fill(0);
+
+      return new Uint8Array(decrypted);
+    } catch (error) {
+      // Zero out sensitive data even on error
+      derivedKey.fill(0);
+      passwordBytes.fill(0);
+      throw new Error('Decryption failed - incorrect password or corrupted data');
+    }
+  }
+
+  /**
+   * Serialize encrypted data to a storable format
+   * @param encrypted - Encrypted data
+   * @returns Base64-encoded JSON string
+   */
+  static serialize(encrypted: EncryptedData): string {
+    return JSON.stringify({
+      ciphertext: Buffer.from(encrypted.ciphertext).toString('base64'),
+      salt: Buffer.from(encrypted.salt).toString('base64'),
+      iv: Buffer.from(encrypted.iv).toString('base64'),
+      kdfParams: encrypted.kdfParams,
+    });
+  }
+
+  /**
+   * Deserialize encrypted data from storage
+   * @param serialized - Serialized encrypted data
+   * @returns Encrypted data object
+   */
+  static deserialize(serialized: string): EncryptedData {
+    const parsed = JSON.parse(serialized);
+    return {
+      ciphertext: new Uint8Array(Buffer.from(parsed.ciphertext, 'base64')),
+      salt: new Uint8Array(Buffer.from(parsed.salt, 'base64')),
+      iv: new Uint8Array(Buffer.from(parsed.iv, 'base64')),
+      kdfParams: parsed.kdfParams,
+    };
+  }
+}
+
+/**
+ * Utility functions for secure memory management
+ */
+export class SecureMemory {
+  /**
+   * Zero out a Uint8Array to remove sensitive data from memory
+   * @param array - Array to zero out
+   */
+  static zeroize(array: Uint8Array): void {
+    array.fill(0);
+  }
+
+  /**
+   * Compare two Uint8Arrays in constant time to prevent timing attacks
+   * @param a - First array
+   * @param b - Second array
+   * @returns true if arrays are equal
+   */
+  static constantTimeEqual(a: Uint8Array, b: Uint8Array): boolean {
+    if (a.length !== b.length) {
+      return false;
+    }
+
+    let result = 0;
+    for (let i = 0; i < a.length; i++) {
+      result |= a[i] ^ b[i];
+    }
+
+    return result === 0;
+  }
+}

package/src/hdwallet.ts

@@ -0,0 +1,88 @@
+import { getPublicKeyAsync } from '@noble/ed25519';
+import { encodeAddress } from '@thru/thru-sdk';
+import { derivePath } from 'ed25519-hd-key';
+
+/**
+ * HD Wallet helpers for Thru (BIP44 coin type 9999).
+ * Returns raw key material along with encoded addresses.
+ */
+export class ThruHDWallet {
+  static readonly THRU_COIN_TYPE = 9999;
+  static readonly THRU_DERIVATION_PATH = `m/44'/${ThruHDWallet.THRU_COIN_TYPE}'`;
+
+  private static ensureSeed(seed: Uint8Array): void {
+    if (seed.length !== 64) {
+      throw new Error('Seed must be 64 bytes');
+    }
+  }
+
+  private static async deriveKeyPair(seed: Uint8Array, path: string) {
+    ThruHDWallet.ensureSeed(seed);
+    const derived = derivePath(path, Buffer.from(seed).toString('hex'));
+    const privateKey = new Uint8Array(derived.key);
+    const publicKey = new Uint8Array(await getPublicKeyAsync(privateKey));
+    const secretKey = new Uint8Array(privateKey.length + publicKey.length);
+    secretKey.set(privateKey, 0);
+    secretKey.set(publicKey, privateKey.length);
+
+    return {
+      publicKey,
+      privateKey,
+      secretKey,
+    };
+  }
+
+  static async getAccount(
+    seed: Uint8Array,
+    accountIndex: number = 0,
+    change: number = 0
+  ): Promise<{
+    address: string;
+    publicKey: Uint8Array;
+    privateKey: Uint8Array;
+    secretKey: Uint8Array;
+    path: string;
+  }> {
+    if (accountIndex < 0) {
+      throw new Error('Account index must be non-negative');
+    }
+
+    const path = `${ThruHDWallet.THRU_DERIVATION_PATH}/${accountIndex}'/${change}'`;
+    const { publicKey, privateKey, secretKey } = await ThruHDWallet.deriveKeyPair(seed, path);
+
+    return {
+      address: encodeAddress(publicKey),
+      publicKey,
+      privateKey,
+      secretKey,
+      path,
+    };
+  }
+
+  static async deriveAccounts(
+    seed: Uint8Array,
+    count: number
+  ): Promise<Array<{
+    index: number;
+    address: string;
+    path: string;
+    publicKey: Uint8Array;
+  }>> {
+    const accounts = [];
+    for (let i = 0; i < count; i++) {
+      const account = await ThruHDWallet.getAccount(seed, i);
+      accounts.push({
+        index: i,
+        address: account.address,
+        path: account.path,
+        publicKey: account.publicKey,
+      });
+    }
+    return accounts;
+  }
+
+  static isValidPath(path: string): boolean {
+    const pathRegex = /^m(\/\d+')+$/;
+    return pathRegex.test(path);
+  }
+}

package/src/index.ts

@@ -0,0 +1,4 @@
+export { EncryptionService, SecureMemory, type EncryptedData } from './encryption';
+export { ThruHDWallet } from './hdwallet';
+export { MnemonicGenerator } from './mnemonic';
+

package/src/mnemonic.ts

@@ -0,0 +1,47 @@
+import * as bip39 from 'bip39';
+
+/**
+ * Handles BIP39 mnemonic phrase generation and validation
+ */
+export class MnemonicGenerator {
+  /**
+   * Generate a new 12-word mnemonic phrase
+   * @returns 12-word mnemonic string
+   */
+  static generate(): string {
+    // 128 bits of entropy = 12 words
+    return bip39.generateMnemonic(128);
+  }
+
+  /**
+   * Validate a mnemonic phrase
+   * @param phrase - Mnemonic phrase to validate
+   * @returns true if valid, false otherwise
+   */
+  static validate(phrase: string): boolean {
+    return bip39.validateMnemonic(phrase);
+  }
+
+  /**
+   * Convert mnemonic phrase to seed bytes
+   * @param phrase - Valid mnemonic phrase
+   * @param passphrase - Optional passphrase for additional security
+   * @returns Seed as Uint8Array (64 bytes)
+   */
+  static toSeed(phrase: string, passphrase: string = ''): Uint8Array {
+    if (!this.validate(phrase)) {
+      throw new Error('Invalid mnemonic phrase');
+    }
+    const seed = bip39.mnemonicToSeedSync(phrase, passphrase);
+    return new Uint8Array(seed);
+  }
+
+  /**
+   * Get the number of words in a mnemonic
+   * @param phrase - Mnemonic phrase
+   * @returns Number of words
+   */
+  static getWordCount(phrase: string): number {
+    return phrase.trim().split(/\s+/).length;
+  }
+}

package/tsconfig.json

@@ -0,0 +1,9 @@
+{
+  "extends": "../tsconfig.base.json",
+  "compilerOptions": {
+    "outDir": "./dist",
+    "rootDir": "./src"
+  },
+  "include": ["src"],
+  "exclude": ["node_modules", "dist"]
+}

package/tsup.config.ts

@@ -0,0 +1,10 @@
+import { defineConfig } from 'tsup';
+
+export default defineConfig({
+  entry: ['src/index.ts'],
+  format: ['esm'],
+  dts: true,
+  sourcemap: true,
+  clean: true,
+  treeshake: true,
+});