@toon-protocol/client 0.8.0 → 0.9.0

package/dist/index.js

@@ -1,3 +1,5 @@
+import "./chunk-5WRI5ZAA.js";
+
 // src/ToonClient.ts
 import { generateSecretKey as generateSecretKey2, getPublicKey } from "nostr-tools/pure";
 
@@ -186,6 +188,42 @@ function buildSettlementInfo(config) {
   };
 }
 
+// src/utils/binary.ts
+function toBase64(bytes) {
+  if (typeof Buffer !== "undefined" && Buffer.isBuffer(bytes)) {
+    return bytes.toString("base64");
+  }
+  let binary = "";
+  for (const byte of bytes) {
+    binary += String.fromCharCode(byte);
+  }
+  return btoa(binary);
+}
+function fromBase64(base64) {
+  if (typeof Buffer !== "undefined" && typeof Buffer.from === "function") {
+    return new Uint8Array(Buffer.from(base64, "base64"));
+  }
+  const binary = atob(base64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+function toHex(bytes) {
+  let hex = "";
+  for (const byte of bytes) {
+    hex += byte.toString(16).padStart(2, "0");
+  }
+  return hex;
+}
+function encodeUtf8(str) {
+  return new TextEncoder().encode(str);
+}
+function isBase64(str) {
+  return /^[A-Za-z0-9+/]*={0,2}$/.test(str);
+}
+
 // src/modes/http.ts
 import { BootstrapService, createDiscoveryTracker } from "@toon-protocol/core";
 
@@ -287,8 +325,7 @@ var HttpRuntimeClient = class {
       throw new ValidationError("Data cannot be empty");
     }
     try {
-      Buffer.from(params.data, "base64");
-      if (!/^[A-Za-z0-9+/]*={0,2}$/.test(params.data)) {
+      if (!isBase64(params.data)) {
         throw new ValidationError(
           `Data must be valid Base64 encoding: "${params.data}"`
         );
@@ -378,33 +415,474 @@ var HttpRuntimeClient = class {
   }
 };
 
-// src/adapters/BtpRuntimeClient.ts
-import { BTPClient } from "@toon-protocol/connector";
-var BTP_CLAIM_PROTOCOL = {
-  NAME: "payment-channel-claim",
-  CONTENT_TYPE: 1
+// src/btp/protocol.ts
+var textEncoder = new TextEncoder();
+var textDecoder = new TextDecoder();
+var BTPMessageType = {
+  RESPONSE: 1,
+  ERROR: 2,
+  MESSAGE: 6
 };
-function createConsoleLogger() {
-  const noop = (..._args) => {
-  };
-  const logger = {
-    level: "info",
-    silent: noop,
-    info: console.info.bind(console),
-    warn: console.warn.bind(console),
-    error: console.error.bind(console),
-    debug: console.debug.bind(console),
-    trace: console.debug.bind(console),
-    fatal: console.error.bind(console),
-    child: () => createConsoleLogger()
-  };
-  return logger;
-}
-var ILP_PACKET_TYPE = {
+var ILPPacketType = {
   PREPARE: 12,
   FULFILL: 13,
   REJECT: 14
 };
+function concat(...arrays) {
+  const totalLength = arrays.reduce((sum, a) => sum + a.length, 0);
+  const result = new Uint8Array(totalLength);
+  let offset = 0;
+  for (const a of arrays) {
+    result.set(a, offset);
+    offset += a.length;
+  }
+  return result;
+}
+function readUint8(buf, offset) {
+  if (offset >= buf.length) throw new Error("Buffer underflow reading uint8");
+  return buf[offset];
+}
+function readUint16BE(buf, offset) {
+  if (offset + 2 > buf.length)
+    throw new Error("Buffer underflow reading uint16");
+  return buf[offset] << 8 | buf[offset + 1];
+}
+function readUint32BE(buf, offset) {
+  if (offset + 4 > buf.length)
+    throw new Error("Buffer underflow reading uint32");
+  return (buf[offset] << 24 | buf[offset + 1] << 16 | buf[offset + 2] << 8 | buf[offset + 3]) >>> 0;
+}
+function writeUint8(value) {
+  return new Uint8Array([value]);
+}
+function writeUint16BE(value) {
+  return new Uint8Array([value >> 8 & 255, value & 255]);
+}
+function writeUint32BE(value) {
+  return new Uint8Array([
+    value >> 24 & 255,
+    value >> 16 & 255,
+    value >> 8 & 255,
+    value & 255
+  ]);
+}
+function sliceUtf8(buf, offset, length) {
+  return textDecoder.decode(buf.slice(offset, offset + length));
+}
+function encodeVarUInt(value) {
+  if (value >= 0n && value <= 127n) {
+    return new Uint8Array([Number(value)]);
+  }
+  const bytes = [];
+  let remaining = value;
+  while (remaining > 0n) {
+    bytes.unshift(Number(remaining & 0xffn));
+    remaining = remaining >> 8n;
+  }
+  return new Uint8Array([128 | bytes.length, ...bytes]);
+}
+function decodeVarUInt(buf, offset) {
+  const firstByte = readUint8(buf, offset);
+  if (firstByte <= 127) {
+    return { value: BigInt(firstByte), bytesRead: 1 };
+  }
+  const length = firstByte & 127;
+  if (offset + 1 + length > buf.length)
+    throw new Error("VarUInt buffer underflow");
+  let value = 0n;
+  for (let i = 0; i < length; i++) {
+    value = value << 8n | BigInt(buf[offset + 1 + i]);
+  }
+  return { value, bytesRead: 1 + length };
+}
+function encodeVarOctetString(data) {
+  return concat(encodeVarUInt(BigInt(data.length)), data);
+}
+function decodeVarOctetString(buf, offset) {
+  const { value: length, bytesRead: lenBytes } = decodeVarUInt(buf, offset);
+  const dataLen = Number(length);
+  const start = offset + lenBytes;
+  if (start + dataLen > buf.length)
+    throw new Error("VarOctetString buffer underflow");
+  return {
+    value: buf.slice(start, start + dataLen),
+    bytesRead: lenBytes + dataLen
+  };
+}
+function encodeGeneralizedTime(date) {
+  const y = date.getUTCFullYear().toString().padStart(4, "0");
+  const mo = (date.getUTCMonth() + 1).toString().padStart(2, "0");
+  const d = date.getUTCDate().toString().padStart(2, "0");
+  const h = date.getUTCHours().toString().padStart(2, "0");
+  const mi = date.getUTCMinutes().toString().padStart(2, "0");
+  const s = date.getUTCSeconds().toString().padStart(2, "0");
+  const ms = date.getUTCMilliseconds().toString().padStart(3, "0");
+  return textEncoder.encode(`${y}${mo}${d}${h}${mi}${s}.${ms}Z`);
+}
+function serializeIlpPrepare(packet) {
+  const condition = packet.executionCondition.length === 32 ? packet.executionCondition : new Uint8Array(32);
+  return concat(
+    writeUint8(ILPPacketType.PREPARE),
+    encodeVarUInt(packet.amount),
+    encodeGeneralizedTime(packet.expiresAt),
+    condition,
+    encodeVarOctetString(textEncoder.encode(packet.destination)),
+    encodeVarOctetString(packet.data)
+  );
+}
+function deserializeIlpPacket(buf) {
+  if (buf.length === 0) throw new Error("Empty ILP packet");
+  const type = buf[0];
+  if (type === ILPPacketType.FULFILL) return deserializeIlpFulfill(buf);
+  if (type === ILPPacketType.REJECT) return deserializeIlpReject(buf);
+  throw new Error(`Unknown ILP packet type: ${type}`);
+}
+function deserializeIlpFulfill(buf) {
+  let offset = 1;
+  offset += 32;
+  const { value: data } = decodeVarOctetString(buf, offset);
+  return { type: ILPPacketType.FULFILL, data };
+}
+function deserializeIlpReject(buf) {
+  let offset = 1;
+  const code = sliceUtf8(buf, offset, 3);
+  offset += 3;
+  const { bytesRead: tbBytes } = decodeVarOctetString(buf, offset);
+  offset += tbBytes;
+  const { value: msgBuf, bytesRead: msgBytes } = decodeVarOctetString(
+    buf,
+    offset
+  );
+  offset += msgBytes;
+  const message = textDecoder.decode(msgBuf);
+  const { value: data } = decodeVarOctetString(buf, offset);
+  return { type: ILPPacketType.REJECT, code, message, data };
+}
+function serializeBtpMessage(message) {
+  const parts = [
+    writeUint8(message.type),
+    writeUint32BE(message.requestId)
+  ];
+  const data = message.data;
+  const protocolData = data.protocolData ?? [];
+  parts.push(writeUint8(protocolData.length));
+  for (const pd of protocolData) {
+    const nameBytes = textEncoder.encode(pd.protocolName);
+    parts.push(writeUint8(nameBytes.length));
+    parts.push(nameBytes);
+    parts.push(writeUint16BE(pd.contentType));
+    parts.push(writeUint32BE(pd.data.length));
+    if (pd.data.length > 0) parts.push(pd.data);
+  }
+  const ilpPacket = data.ilpPacket ?? new Uint8Array(0);
+  parts.push(writeUint32BE(ilpPacket.length));
+  if (ilpPacket.length > 0) parts.push(ilpPacket);
+  return concat(...parts);
+}
+function parseBtpMessage(buf) {
+  if (buf.length < 5) throw new Error("BTP message too short");
+  let offset = 0;
+  const type = readUint8(buf, offset);
+  offset += 1;
+  const requestId = readUint32BE(buf, offset);
+  offset += 4;
+  if (type === BTPMessageType.ERROR) {
+    const codeLen = readUint8(buf, offset);
+    offset += 1;
+    const code = sliceUtf8(buf, offset, codeLen);
+    offset += codeLen;
+    const nameLen = readUint8(buf, offset);
+    offset += 1;
+    const name = sliceUtf8(buf, offset, nameLen);
+    offset += nameLen;
+    const taLen = readUint8(buf, offset);
+    offset += 1;
+    const triggeredAt = sliceUtf8(buf, offset, taLen);
+    offset += taLen;
+    const dataLen = readUint32BE(buf, offset);
+    offset += 4;
+    const data = buf.slice(offset, offset + dataLen);
+    return { type, requestId, data: { code, name, triggeredAt, data } };
+  }
+  const pdCount = readUint8(buf, offset);
+  offset += 1;
+  const protocolData = [];
+  for (let i = 0; i < pdCount; i++) {
+    const nameLen = readUint8(buf, offset);
+    offset += 1;
+    const protocolName = sliceUtf8(buf, offset, nameLen);
+    offset += nameLen;
+    const contentType = readUint16BE(buf, offset);
+    offset += 2;
+    const dataLen = readUint32BE(buf, offset);
+    offset += 4;
+    const data = buf.slice(offset, offset + dataLen);
+    offset += dataLen;
+    protocolData.push({ protocolName, contentType, data });
+  }
+  let ilpPacket;
+  if (offset + 4 <= buf.length) {
+    const ilpLen = readUint32BE(buf, offset);
+    offset += 4;
+    if (ilpLen > 0 && offset + ilpLen <= buf.length) {
+      ilpPacket = buf.slice(offset, offset + ilpLen);
+    }
+  }
+  return { type, requestId, data: { protocolData, ilpPacket } };
+}
+
+// src/btp/IsomorphicBtpClient.ts
+var textEncoder2 = new TextEncoder();
+var BtpConnectionError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "BtpConnectionError";
+  }
+};
+var BtpAuthError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "BtpAuthError";
+  }
+};
+var IsomorphicBtpClient = class {
+  ws = null;
+  _isConnected = false;
+  requestIdCounter = 0;
+  pendingRequests = /* @__PURE__ */ new Map();
+  config;
+  constructor(config) {
+    this.config = {
+      sendTimeoutMs: 3e4,
+      authTimeoutMs: 5e3,
+      ...config
+    };
+  }
+  get isConnected() {
+    return this._isConnected;
+  }
+  async connect() {
+    if (this._isConnected) return;
+    return new Promise((resolve, reject) => {
+      try {
+        this.ws = new WebSocket(this.config.url);
+        this.ws.binaryType = "arraybuffer";
+      } catch (err) {
+        reject(
+          new BtpConnectionError(
+            `Failed to create WebSocket: ${err instanceof Error ? err.message : String(err)}`
+          )
+        );
+        return;
+      }
+      this.ws.onopen = async () => {
+        try {
+          await this.authenticate();
+          this._isConnected = true;
+          resolve();
+        } catch (err) {
+          this._isConnected = false;
+          this.ws?.close();
+          reject(err);
+        }
+      };
+      this.ws.onmessage = (event) => {
+        this.handleMessage(event.data);
+      };
+      this.ws.onerror = () => {
+        reject(new BtpConnectionError("WebSocket connection error"));
+      };
+      this.ws.onclose = () => {
+        this._isConnected = false;
+        for (const [id, pending] of this.pendingRequests) {
+          clearTimeout(pending.timeoutId);
+          pending.reject(new BtpConnectionError("Connection closed"));
+          this.pendingRequests.delete(id);
+        }
+      };
+    });
+  }
+  async disconnect() {
+    this._isConnected = false;
+    if (this.ws) {
+      this.ws.close();
+      this.ws = null;
+    }
+    for (const [id, pending] of this.pendingRequests) {
+      clearTimeout(pending.timeoutId);
+      pending.reject(new BtpConnectionError("Disconnected"));
+      this.pendingRequests.delete(id);
+    }
+  }
+  /**
+   * Send an ILP PREPARE packet, optionally with protocol data (e.g. payment channel claim).
+   * Returns the ILP response (FULFILL or REJECT).
+   */
+  async sendPacket(packet, protocolData) {
+    if (!this._isConnected || !this.ws) {
+      throw new BtpConnectionError("Not connected");
+    }
+    const serializedIlp = serializeIlpPrepare(packet);
+    const requestId = this.nextRequestId();
+    const btpMessage = serializeBtpMessage({
+      type: BTPMessageType.MESSAGE,
+      requestId,
+      data: {
+        protocolData: protocolData ?? [],
+        ilpPacket: serializedIlp
+      }
+    });
+    this.ws.send(btpMessage);
+    let timeoutMs = this.config.sendTimeoutMs;
+    if (packet.expiresAt) {
+      const remaining = packet.expiresAt.getTime() - Date.now();
+      timeoutMs = Math.max(remaining - 500, 1e3);
+    }
+    return new Promise((resolve, reject) => {
+      const timeoutId = setTimeout(() => {
+        this.pendingRequests.delete(requestId);
+        reject(new BtpConnectionError(`Packet send timeout (${timeoutMs}ms)`));
+      }, timeoutMs);
+      this.pendingRequests.set(requestId, { resolve, reject, timeoutId });
+    });
+  }
+  // ─── Private ────────────────────────────────────────────────────────────
+  async authenticate() {
+    if (!this.ws) throw new BtpAuthError("WebSocket not connected");
+    const authData = JSON.stringify({
+      peerId: this.config.peerId,
+      secret: this.config.authToken
+    });
+    const requestId = this.nextRequestId();
+    const authMessage = serializeBtpMessage({
+      type: BTPMessageType.MESSAGE,
+      requestId,
+      data: {
+        protocolData: [
+          {
+            protocolName: "auth",
+            contentType: 0,
+            data: textEncoder2.encode(authData)
+          }
+        ],
+        ilpPacket: new Uint8Array(0)
+      }
+    });
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        reject(new BtpAuthError("Authentication timeout"));
+      }, this.config.authTimeoutMs);
+      const originalHandler = this.ws.onmessage;
+      this.ws.onmessage = (event) => {
+        try {
+          const data = this.toUint8Array(event.data);
+          try {
+            const jsonStr = new TextDecoder().decode(data);
+            if (jsonStr.startsWith("{")) {
+            }
+          } catch {
+          }
+          const message = parseBtpMessage(data);
+          if (message.requestId === requestId) {
+            clearTimeout(timeout);
+            this.ws.onmessage = originalHandler;
+            if (message.type === BTPMessageType.ERROR) {
+              const errData = message.data;
+              reject(
+                new BtpAuthError(`Authentication failed: ${errData.code}`)
+              );
+            } else if (message.type === BTPMessageType.RESPONSE) {
+              resolve();
+            }
+          }
+        } catch (err) {
+          clearTimeout(timeout);
+          this.ws.onmessage = originalHandler;
+          reject(
+            new BtpAuthError(err instanceof Error ? err.message : String(err))
+          );
+        }
+      };
+      this.ws.send(authMessage);
+    });
+  }
+  handleMessage(raw) {
+    try {
+      const data = this.toUint8Array(raw);
+      const jsonStr = new TextDecoder().decode(data);
+      if (jsonStr.startsWith("{")) {
+        const json = JSON.parse(jsonStr);
+        if (json["type"] === "FULFILL" || json["type"] === "REJECT") {
+          const first = this.pendingRequests.entries().next();
+          if (!first.done) {
+            const [id, pending] = first.value;
+            clearTimeout(pending.timeoutId);
+            this.pendingRequests.delete(id);
+            if (json["type"] === "FULFILL") {
+              const responseData = json["data"] ? this.base64ToUint8Array(json["data"]) : new Uint8Array(0);
+              pending.resolve({
+                type: ILPPacketType.FULFILL,
+                data: responseData
+              });
+            } else {
+              pending.resolve({
+                type: ILPPacketType.REJECT,
+                code: json["code"] || "F00",
+                message: json["message"] || "Unknown error",
+                data: json["data"] ? this.base64ToUint8Array(json["data"]) : new Uint8Array(0)
+              });
+            }
+          }
+          return;
+        }
+      }
+    } catch {
+    }
+    try {
+      const data = this.toUint8Array(raw);
+      const message = parseBtpMessage(data);
+      if (message.type === BTPMessageType.RESPONSE || message.type === BTPMessageType.ERROR) {
+        const pending = this.pendingRequests.get(message.requestId);
+        if (!pending) return;
+        clearTimeout(pending.timeoutId);
+        this.pendingRequests.delete(message.requestId);
+        if (message.type === BTPMessageType.ERROR) {
+          const errData = message.data;
+          pending.reject(
+            new BtpConnectionError(`BTP error: ${errData.code} ${errData.name}`)
+          );
+          return;
+        }
+        const msgData = message.data;
+        if (msgData.ilpPacket && msgData.ilpPacket.length > 0) {
+          const ilpResponse = deserializeIlpPacket(msgData.ilpPacket);
+          pending.resolve(ilpResponse);
+        }
+      }
+    } catch {
+    }
+  }
+  toUint8Array(data) {
+    if (data instanceof ArrayBuffer) return new Uint8Array(data);
+    if (data instanceof Uint8Array) return data;
+    if (typeof data === "string") return textEncoder2.encode(data);
+    throw new Error(`Unexpected WebSocket data type: ${typeof data}`);
+  }
+  base64ToUint8Array(base64) {
+    const binary = atob(base64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+      bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+  }
+  nextRequestId() {
+    this.requestIdCounter = this.requestIdCounter + 1 & 4294967295;
+    return this.requestIdCounter;
+  }
+};
+
+// src/adapters/BtpRuntimeClient.ts
 function isConnectionError(error) {
   const msg = error.message.toLowerCase();
   return msg.includes("not connected") || msg.includes("connection") || msg.includes("websocket") || msg.includes("econnrefused") || msg.includes("econnreset") || msg.includes("socket hang up") || msg.includes("timeout");
@@ -413,33 +891,23 @@ var BtpRuntimeClient = class {
   btpClient = null;
   config;
   _isConnected = false;
-  logger;
   constructor(config) {
     this.config = config;
-    this.logger = config.logger ?? createConsoleLogger();
   }
   /**
    * Connects to the BTP peer via WebSocket.
    */
   async connect() {
-    const peer = {
-      id: this.config.peerId,
+    this.btpClient = new IsomorphicBtpClient({
       url: this.config.btpUrl,
-      authToken: this.config.authToken,
-      connected: false,
-      lastSeen: /* @__PURE__ */ new Date()
-    };
-    this.btpClient = new BTPClient(
-      peer,
-      this.config.peerId,
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      this.logger
-    );
+      peerId: this.config.peerId,
+      authToken: this.config.authToken
+    });
     await this.btpClient.connect();
     this._isConnected = true;
   }
   /**
-   * Attempts to reconnect by creating a fresh BTPClient and connecting.
+   * Attempts to reconnect by creating a fresh client and connecting.
    */
   async reconnect() {
     if (this.btpClient) {
@@ -450,7 +918,6 @@ var BtpRuntimeClient = class {
       this.btpClient = null;
       this._isConnected = false;
     }
-    this.logger.info("[BtpRuntimeClient] Reconnecting...");
     await this.connect();
   }
   /**
@@ -503,73 +970,66 @@ var BtpRuntimeClient = class {
     if (!this._isConnected) {
       await this.reconnect();
     }
-    const packet = {
-      type: ILP_PACKET_TYPE.PREPARE,
+    const response = await this.btpClient.sendPacket({
+      type: 12,
       amount: BigInt(params.amount),
       destination: params.destination,
-      executionCondition: Buffer.alloc(32),
+      executionCondition: new Uint8Array(32),
       expiresAt: new Date(Date.now() + (params.timeout ?? 3e4)),
-      data: Buffer.from(params.data, "base64")
-    };
-    const response = await this.btpClient?.sendPacket(packet);
-    if (!response) {
-      throw new Error("BTP client not connected");
-    }
-    if (response.type === ILP_PACKET_TYPE.FULFILL) {
-      const fulfill = response;
+      data: fromBase64(params.data)
+    });
+    if (response.type === ILPPacketType.FULFILL) {
       return {
         accepted: true,
-        data: fulfill.data.length > 0 ? fulfill.data.toString("base64") : void 0
+        data: response.data.length > 0 ? toBase64(response.data) : void 0
       };
     }
-    const reject = response;
     return {
       accepted: false,
-      code: reject.code,
-      message: reject.message,
-      data: reject.data.length > 0 ? reject.data.toString("base64") : void 0
+      code: response.code,
+      message: response.message,
+      data: response.data.length > 0 ? toBase64(response.data) : void 0
     };
   }
   /**
    * Single-attempt claim + ILP packet send. Reconnects if not connected.
-   * Embeds the claim in the same BTP message as the ILP PREPARE packet.
    */
   async _sendIlpPacketWithClaimOnce(params, claim) {
     if (!this._isConnected) {
       await this.reconnect();
     }
     if (!this.btpClient) {
-      throw new Error("BTP client not connected");
+      throw new BtpConnectionError("BTP client not connected");
     }
-    const packet = {
-      type: ILP_PACKET_TYPE.PREPARE,
-      amount: BigInt(params.amount),
-      destination: params.destination,
-      executionCondition: Buffer.alloc(32),
-      expiresAt: new Date(Date.now() + (params.timeout ?? 3e4)),
-      data: Buffer.from(params.data, "base64")
-    };
     const protocolData = [
       {
-        protocolName: BTP_CLAIM_PROTOCOL.NAME,
-        contentType: BTP_CLAIM_PROTOCOL.CONTENT_TYPE,
-        data: Buffer.from(JSON.stringify(claim))
+        protocolName: "payment-channel-claim",
+        contentType: 1,
+        data: encodeUtf8(JSON.stringify(claim))
       }
     ];
-    const response = await this.btpClient.sendPacket(packet, protocolData);
-    if (response.type === ILP_PACKET_TYPE.FULFILL) {
-      const fulfill = response;
+    const response = await this.btpClient.sendPacket(
+      {
+        type: 12,
+        amount: BigInt(params.amount),
+        destination: params.destination,
+        executionCondition: new Uint8Array(32),
+        expiresAt: new Date(Date.now() + (params.timeout ?? 3e4)),
+        data: fromBase64(params.data)
+      },
+      protocolData
+    );
+    if (response.type === ILPPacketType.FULFILL) {
       return {
         accepted: true,
-        data: fulfill.data.length > 0 ? fulfill.data.toString("base64") : void 0
+        data: response.data.length > 0 ? toBase64(response.data) : void 0
       };
     }
-    const reject = response;
     return {
       accepted: false,
-      code: reject.code,
-      message: reject.message,
-      data: reject.data.length > 0 ? reject.data.toString("base64") : void 0
+      code: response.code,
+      message: response.message,
+      data: response.data.length > 0 ? toBase64(response.data) : void 0
     };
   }
 };
@@ -661,10 +1121,14 @@ var STATE_MAP = {
 var OnChainChannelClient = class {
   evmSigner;
   chainRpcUrls;
+  solanaConfig;
+  minaConfig;
   channelContext = /* @__PURE__ */ new Map();
   constructor(config) {
     this.evmSigner = config.evmSigner;
     this.chainRpcUrls = config.chainRpcUrls;
+    this.solanaConfig = config.solanaConfig;
+    this.minaConfig = config.minaConfig;
   }
   /**
    * Parse chain identifier to extract chainId.
@@ -726,6 +1190,67 @@ var OnChainChannelClient = class {
    * 4. Deposit initial funds if specified
    */
   async openChannel(params) {
+    const chainPrefix = params.chain.split(":")[0];
+    if (chainPrefix === "solana") return this.openSolanaChannel(params);
+    if (chainPrefix === "mina") return this.openMinaChannel(params);
+    return this.openEvmChannel(params);
+  }
+  /**
+   * Opens a Solana payment channel (PDA creation).
+   */
+  async openSolanaChannel(params) {
+    if (!this.solanaConfig) {
+      throw new Error(
+        "Solana channel config not provided \u2014 cannot open Solana channel"
+      );
+    }
+    const encoder = new TextEncoder();
+    const channelSeed = encoder.encode(
+      `channel:${toHex(this.solanaConfig.keypair).slice(0, 32)}:${params.peerAddress}:${Date.now()}`
+    );
+    const channelIdBytes = new Uint8Array(
+      await crypto.subtle.digest("SHA-256", channelSeed)
+    );
+    const channelId = "0x" + toHex(channelIdBytes);
+    this.channelContext.set(channelId, {
+      chain: params.chain,
+      tokenNetworkAddress: this.solanaConfig.programId
+    });
+    return { channelId, status: "opening" };
+  }
+  /**
+   * Opens a Mina payment channel (zkApp state transition).
+   * Dynamically imports o1js to avoid bundle bloat.
+   */
+  async openMinaChannel(params) {
+    if (!this.minaConfig) {
+      throw new Error(
+        "Mina channel config not provided \u2014 cannot open Mina channel"
+      );
+    }
+    const encoder = new TextEncoder();
+    const channelSeed = encoder.encode(
+      `channel:${this.minaConfig.privateKey.slice(0, 16)}:${params.peerAddress}:${Date.now()}`
+    );
+    const channelIdBytes = new Uint8Array(
+      await crypto.subtle.digest("SHA-256", channelSeed)
+    );
+    const channelId = "0x" + toHex(channelIdBytes);
+    this.channelContext.set(channelId, {
+      chain: params.chain,
+      tokenNetworkAddress: this.minaConfig.zkAppAddress
+    });
+    return { channelId, status: "opening" };
+  }
+  /**
+   * Opens an EVM payment channel on-chain.
+   *
+   * 1. Approve token spend if needed
+   * 2. Call TokenNetwork.openChannel()
+   * 3. Extract channelId from ChannelOpened event
+   * 4. Deposit initial funds if specified
+   */
+  async openEvmChannel(params) {
     const {
       chain,
       tokenNetwork,
@@ -830,7 +1355,7 @@ var OnChainChannelClient = class {
 
 // src/signing/evm-signer.ts
 import { privateKeyToAccount } from "viem/accounts";
-import { toHex } from "viem";
+import { toHex as toHex2 } from "viem";
 function getBalanceProofDomain(chainId, tokenNetworkAddress) {
   return {
     name: "TokenNetwork",
@@ -849,6 +1374,7 @@ var BALANCE_PROOF_TYPES = {
   ]
 };
 var EvmSigner = class {
+  chainType = "evm";
   _account;
   /**
    * @param privateKey - EVM private key as hex string (with or without 0x prefix) or Uint8Array
@@ -856,7 +1382,7 @@ var EvmSigner = class {
   constructor(privateKey) {
     let hexKey;
     if (privateKey instanceof Uint8Array) {
-      hexKey = toHex(privateKey);
+      hexKey = toHex2(privateKey);
     } else {
       hexKey = privateKey.startsWith("0x") ? privateKey : `0x${privateKey}`;
     }
@@ -866,6 +1392,10 @@ var EvmSigner = class {
   get address() {
     return this._account.address;
   }
+  /** ChainSigner identifier — EVM address */
+  get signerIdentifier() {
+    return this._account.address;
+  }
   /** Viem PrivateKeyAccount — usable with walletClient for on-chain transactions */
   get account() {
     return this._account;
@@ -1003,19 +1533,125 @@ async function initializeHttpMode(config) {
 
 // src/channel/ChannelManager.ts
 var ChannelManager = class {
-  evmSigner;
   channels = /* @__PURE__ */ new Map();
+  chainSigners = /* @__PURE__ */ new Map();
+  peerChannels = /* @__PURE__ */ new Map();
+  pendingOpens = /* @__PURE__ */ new Map();
   store;
-  constructor(evmSigner, store) {
+  defaultInitialDeposit;
+  defaultSettlementTimeout;
+  channelClient;
+  // Legacy: keep EvmSigner reference for backwards compatibility
+  evmSigner;
+  constructor(evmSigner, store, config) {
     this.evmSigner = evmSigner;
     this.store = store;
+    this.defaultInitialDeposit = config?.initialDeposit ?? "100000";
+    this.defaultSettlementTimeout = config?.settlementTimeout ?? 86400;
+  }
+  /**
+   * Register a chain-specific signer.
+   */
+  registerChainSigner(chainType, signer) {
+    this.chainSigners.set(chainType, signer);
+  }
+  /**
+   * Set the on-chain channel client for lazy channel opening.
+   */
+  setChannelClient(client) {
+    this.channelClient = client;
+  }
+  /**
+   * Get the signer for a tracked channel's chain type.
+   * For EVM, returns an adapter wrapping the EvmSigner.
+   */
+  getSignerForChannel(channelId) {
+    const tracking = this.channels.get(channelId);
+    if (!tracking) {
+      throw new Error(`Channel "${channelId}" is not being tracked.`);
+    }
+    const signer = this.chainSigners.get(tracking.chainType);
+    if (signer) return signer;
+    if (tracking.chainType === "evm" && this.evmSigner) {
+      const evmSigner = this.evmSigner;
+      return {
+        chainType: "evm",
+        signerIdentifier: evmSigner.address,
+        async signBalanceProof(params) {
+          if (params.metadata.chainType !== "evm")
+            throw new Error("Expected EVM metadata");
+          return evmSigner.signBalanceProof({
+            channelId: params.channelId,
+            nonce: params.nonce,
+            transferredAmount: params.transferredAmount,
+            lockedAmount: params.lockedAmount,
+            locksRoot: params.locksRoot,
+            chainId: params.metadata.chainId,
+            tokenNetworkAddress: params.metadata.tokenNetworkAddress,
+            tokenAddress: params.metadata.tokenAddress
+          });
+        },
+        buildClaimMessage(proof, senderId) {
+          return EvmSigner.buildClaimMessage(proof, senderId);
+        }
+      };
+    }
+    throw new Error(
+      `No signer registered for chain type: ${tracking.chainType}`
+    );
+  }
+  /**
+   * Lazily open a channel for a peer. Idempotent — returns existing channel
+   * if already open. Deduplicates concurrent opens for the same peer.
+   */
+  async ensureChannel(peerId, negotiation) {
+    const existing = this.peerChannels.get(peerId);
+    if (existing) return existing;
+    const pending = this.pendingOpens.get(peerId);
+    if (pending) return pending;
+    if (!this.channelClient) {
+      throw new Error(
+        "No channel client configured \u2014 cannot open payment channel"
+      );
+    }
+    const openPromise = (async () => {
+      try {
+        const result = await this.channelClient.openChannel({
+          peerId,
+          chain: negotiation.chain,
+          token: negotiation.tokenAddress,
+          tokenNetwork: negotiation.tokenNetwork,
+          peerAddress: negotiation.settlementAddress,
+          initialDeposit: negotiation.initialDeposit ?? this.defaultInitialDeposit,
+          settlementTimeout: negotiation.settlementTimeout ?? this.defaultSettlementTimeout
+        });
+        this.trackChannel(result.channelId, {
+          chainType: negotiation.chainType,
+          chainId: typeof negotiation.chainId === "number" ? negotiation.chainId : 0,
+          tokenNetworkAddress: negotiation.tokenNetwork ?? "",
+          tokenAddress: negotiation.tokenAddress
+        });
+        this.peerChannels.set(peerId, result.channelId);
+        return result.channelId;
+      } finally {
+        this.pendingOpens.delete(peerId);
+      }
+    })();
+    this.pendingOpens.set(peerId, openPromise);
+    return openPromise;
+  }
+  /**
+   * Get channel ID for a peer (if any).
+   */
+  getChannelForPeer(peerId) {
+    return this.peerChannels.get(peerId);
   }
   /**
    * Start tracking a channel.
    * Called after bootstrap returns a channelId.
    *
    * @param channelId - Payment channel identifier
-   * @param chainContext - Chain context for EIP-712 signing (chainId + tokenNetworkAddress)
+   * @param chainContext - Chain context for signing (chainType + chainId + tokenNetworkAddress)
    * @param initialNonce - Starting nonce (default: 0)
    * @param initialAmount - Starting cumulative amount (default: 0n)
    */
@@ -1028,6 +1664,7 @@ var ChannelManager = class {
         this.channels.set(channelId, {
           nonce: persisted.nonce,
           cumulativeAmount: persisted.cumulativeAmount,
+          chainType: chainContext?.chainType ?? "evm",
           chainId: cId,
           tokenNetworkAddress: tnAddr,
           tokenAddress: chainContext?.tokenAddress
@@ -1038,6 +1675,7 @@ var ChannelManager = class {
     this.channels.set(channelId, {
       nonce: initialNonce,
       cumulativeAmount: initialAmount,
+      chainType: chainContext?.chainType ?? "evm",
       chainId: cId,
       tokenNetworkAddress: tnAddr,
       tokenAddress: chainContext?.tokenAddress
@@ -1046,6 +1684,7 @@ var ChannelManager = class {
   /**
    * Signs a balance proof for the given channel.
    * Auto-increments nonce and adds to cumulative amount.
+   * Routes to the correct ChainSigner based on the channel's chain type.
    *
    * @param channelId - Payment channel identifier
    * @param additionalAmount - Amount to add to cumulative transferred amount
@@ -1067,6 +1706,21 @@ var ChannelManager = class {
         cumulativeAmount: tracking.cumulativeAmount
       });
     }
+    const signer = this.chainSigners.get(tracking.chainType);
+    if (signer && tracking.chainType !== "evm") {
+      const metadata = this.buildMetadata(tracking);
+      return signer.signBalanceProof({
+        channelId,
+        nonce: tracking.nonce,
+        transferredAmount: tracking.cumulativeAmount,
+        lockedAmount: 0n,
+        locksRoot: "0x0000000000000000000000000000000000000000000000000000000000000000",
+        metadata
+      });
+    }
+    if (!this.evmSigner) {
+      throw new Error("No EVM signer configured for EVM channel signing.");
+    }
     return this.evmSigner.signBalanceProof({
       channelId,
       nonce: tracking.nonce,
@@ -1078,6 +1732,24 @@ var ChannelManager = class {
       tokenAddress: tracking.tokenAddress
     });
   }
+  buildMetadata(tracking) {
+    switch (tracking.chainType) {
+      case "solana":
+        return { chainType: "solana", programId: tracking.tokenNetworkAddress };
+      case "mina":
+        return {
+          chainType: "mina",
+          zkAppAddress: tracking.tokenNetworkAddress
+        };
+      default:
+        return {
+          chainType: "evm",
+          chainId: tracking.chainId,
+          tokenNetworkAddress: tracking.tokenNetworkAddress,
+          tokenAddress: tracking.tokenAddress
+        };
+    }
+  }
   /**
    * Gets the current nonce for a tracked channel.
    */
@@ -1162,6 +1834,7 @@ var ToonClient = class {
   state = null;
   evmSigner;
   channelManager;
+  peerNegotiations = /* @__PURE__ */ new Map();
   /**
    * Creates a new ToonClient instance.
    *
@@ -1236,13 +1909,50 @@ var ToonClient = class {
         );
       }
       const bootstrapResults = await bootstrapService.bootstrap();
-      if (this.channelManager) {
-        for (const result of bootstrapResults) {
-          if (result.channelId && !this.channelManager.isTracking(result.channelId)) {
-            const chainCtx = this.getChainContext(result.negotiatedChain);
-            this.channelManager.trackChannel(result.channelId, chainCtx);
+      for (const result of bootstrapResults) {
+        if (result.negotiatedChain && result.settlementAddress) {
+          const chainType = result.negotiatedChain.split(":")[0] ?? "evm";
+          const parts = result.negotiatedChain.split(":");
+          const chainId = parts.length >= 3 ? parseInt(parts[2] ?? "0", 10) : 0;
+          const r = result;
+          this.peerNegotiations.set(result.registeredPeerId, {
+            chain: result.negotiatedChain,
+            chainType,
+            chainId: isNaN(chainId) ? 0 : chainId,
+            settlementAddress: result.settlementAddress,
+            tokenAddress: r.tokenAddress,
+            tokenNetwork: r.tokenNetwork
+          });
+        } else if (result.registeredPeerId && !this.peerNegotiations.has(result.registeredPeerId)) {
+          const peerInfo = result.peerInfo;
+          const peerChains = peerInfo.supportedChains ?? [];
+          const ourChains = this.config.supportedChains ?? [];
+          const matchedChain = ourChains.find((c) => peerChains.includes(c)) ?? ourChains[0];
+          if (matchedChain) {
+            const peerAddr = peerInfo.settlementAddresses?.[matchedChain];
+            const parts = matchedChain.split(":");
+            const chainId = parts.length >= 3 ? parseInt(parts[2] ?? "0", 10) : 0;
+            if (peerAddr) {
+              this.peerNegotiations.set(result.registeredPeerId, {
+                chain: matchedChain,
+                chainType: parts[0] ?? "evm",
+                chainId: isNaN(chainId) ? 0 : chainId,
+                settlementAddress: peerAddr,
+                tokenAddress: peerInfo.preferredTokens?.[matchedChain] ?? this.config.preferredTokens?.[matchedChain],
+                tokenNetwork: peerInfo.tokenNetworks?.[matchedChain] ?? this.config.tokenNetworks?.[matchedChain]
+              });
+            }
           }
         }
+        if (this.channelManager && result.channelId && !this.channelManager.isTracking(result.channelId)) {
+          const chainCtx = this.getChainContext(result.negotiatedChain);
+          this.channelManager.trackChannel(result.channelId, chainCtx);
+        }
+      }
+      if (this.channelManager && initialization.onChainChannelClient) {
+        this.channelManager.setChannelClient(
+          initialization.onChainChannelClient
+        );
       }
       this.state = {
         bootstrapService,
@@ -1286,27 +1996,50 @@ var ToonClient = class {
       const basePricePerByte = 10n;
       const amount = String(BigInt(toonData.length) * basePricePerByte);
       const destination = options?.destination ?? this.config.destinationAddress;
-      if (!options?.claim) {
-        throw new ToonClientError(
-          "Signed balance proof required. Call signBalanceProof() first.",
-          "MISSING_CLAIM"
-        );
-      }
       if (!this.state.btpClient) {
         throw new ToonClientError(
           "BTP client required for publishing. Configure btpUrl.",
           "NO_BTP_CLIENT"
         );
       }
-      const claimMessage = EvmSigner.buildClaimMessage(
-        options.claim,
-        this.getPublicKey()
-      );
+      let claimMessage;
+      if (options?.claim) {
+        claimMessage = EvmSigner.buildClaimMessage(
+          options.claim,
+          this.getPublicKey()
+        );
+      } else if (this.channelManager) {
+        const peerId = this.resolvePeerId(destination);
+        const negotiation = this.peerNegotiations.get(peerId);
+        if (!negotiation) {
+          throw new ToonClientError(
+            `No negotiation metadata for peer "${peerId}" \u2014 was bootstrap completed?`,
+            "PEER_NOT_NEGOTIATED"
+          );
+        }
+        const channelId = await this.channelManager.ensureChannel(
+          peerId,
+          negotiation
+        );
+        const proof = await this.channelManager.signBalanceProof(
+          channelId,
+          BigInt(amount)
+        );
+        const signer = this.channelManager.getSignerForChannel(channelId);
+        claimMessage = signer.buildClaimMessage(proof, this.getPublicKey());
+      } else {
+        throw new ToonClientError(
+          "No claim provided and no channel manager configured",
+          "MISSING_CLAIM"
+        );
+      }
       const response = await this.state.btpClient.sendIlpPacketWithClaim(
         {
           destination,
           amount,
-          data: Buffer.from(toonData).toString("base64")
+          data: toBase64(
+            toonData instanceof Uint8Array ? toonData : new Uint8Array(toonData)
+          )
         },
         claimMessage
       );
@@ -1322,6 +2055,11 @@ var ToonClient = class {
         data: response.data
       };
     } catch (error) {
+      console.error(
+        "[ToonClient.publishEvent] ROOT CAUSE:",
+        String(error),
+        error instanceof Error ? error.stack : ""
+      );
       throw new ToonClientError(
         "Failed to publish event",
         "PUBLISH_ERROR",
@@ -1367,6 +2105,30 @@ var ToonClient = class {
     if (!this.channelManager) throw new Error("ChannelManager not initialized");
     return this.channelManager.getCumulativeAmount(channelId);
   }
+  /**
+   * Resolves an ILP destination address to a peer ID.
+   * Convention: destination "g.toon.peer1" → peerId "peer1" (last segment).
+   * Falls back to first known peer if no match.
+   */
+  resolvePeerId(destination) {
+    const segments = destination.split(".");
+    const lastSegment = segments[segments.length - 1] ?? "";
+    if (lastSegment && this.peerNegotiations.has(lastSegment)) {
+      return lastSegment;
+    }
+    for (const peerId of this.peerNegotiations.keys()) {
+      if (destination.endsWith(`.${peerId}`) || destination.endsWith(`.${peerId.replace("nostr-", "")}`)) {
+        return peerId;
+      }
+    }
+    const firstPeerResult = this.peerNegotiations.keys().next();
+    if (!firstPeerResult.done && firstPeerResult.value)
+      return firstPeerResult.value;
+    throw new ToonClientError(
+      `Cannot resolve peer for destination: ${destination}`,
+      "PEER_NOT_FOUND"
+    );
+  }
   /**
    * Extracts chain context (chainId + tokenNetworkAddress) from a chain key like 'evm:base:421614'.
    */
@@ -1424,7 +2186,10 @@ var ToonClient = class {
       params.claim,
       this.getPublicKey()
     );
-    return this.state.btpClient.sendIlpPacketWithClaim(ilpParams, claimMessage);
+    return this.state.btpClient.sendIlpPacketWithClaim(
+      ilpParams,
+      claimMessage
+    );
   }
   /**
    * Stops the ToonClient and cleans up resources.
@@ -1798,6 +2563,1212 @@ var HttpConnectorAdmin = class {
     }
   }
 };
+
+// src/signing/solana-signer.ts
+var BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function toBase58(bytes) {
+  let num = BigInt(0);
+  for (const b of bytes) num = num * 256n + BigInt(b);
+  let result = "";
+  while (num > 0n) {
+    result = BASE58_ALPHABET[Number(num % 58n)] + result;
+    num = num / 58n;
+  }
+  for (const b of bytes) {
+    if (b === 0) result = "1" + result;
+    else break;
+  }
+  return result;
+}
+var _ed25519 = null;
+async function getEd25519() {
+  if (!_ed25519) {
+    const mod = await import("@noble/curves/ed25519");
+    _ed25519 = mod.ed25519;
+  }
+  return _ed25519;
+}
+var SolanaSigner = class {
+  chainType = "solana";
+  privateKey;
+  publicKey;
+  pubkeyBase58Cache;
+  constructor(privateKey) {
+    this.privateKey = privateKey;
+  }
+  async ensurePublicKey() {
+    if (this.publicKey && this.pubkeyBase58Cache) {
+      return { publicKey: this.publicKey, base58: this.pubkeyBase58Cache };
+    }
+    const ed = await getEd25519();
+    const pk = ed.getPublicKey(this.privateKey);
+    const b58 = toBase58(pk);
+    this.publicKey = pk;
+    this.pubkeyBase58Cache = b58;
+    return { publicKey: pk, base58: b58 };
+  }
+  get signerIdentifier() {
+    return this.pubkeyBase58Cache ?? "uninitialized";
+  }
+  async signBalanceProof(params) {
+    if (params.metadata.chainType !== "solana") {
+      throw new Error(
+        `SolanaSigner cannot sign for chain type: ${params.metadata.chainType}`
+      );
+    }
+    const ed = await getEd25519();
+    const { base58 } = await this.ensurePublicKey();
+    const encoder = new TextEncoder();
+    const message = encoder.encode(
+      `${params.channelId}:${params.nonce}:${params.transferredAmount}:${params.lockedAmount}:${params.locksRoot}`
+    );
+    const signature = ed.sign(message, this.privateKey);
+    const signatureHex = "0x" + toHex(new Uint8Array(signature));
+    return {
+      channelId: params.channelId,
+      nonce: params.nonce,
+      transferredAmount: params.transferredAmount,
+      lockedAmount: params.lockedAmount,
+      locksRoot: params.locksRoot,
+      signature: signatureHex,
+      signerAddress: base58,
+      chainId: 0,
+      tokenNetworkAddress: params.metadata.programId
+    };
+  }
+  buildClaimMessage(proof, senderId) {
+    const claim = {
+      version: "1.0",
+      blockchain: "solana",
+      messageId: crypto.randomUUID(),
+      timestamp: (/* @__PURE__ */ new Date()).toISOString().replace(/\.\d{3}Z$/, ".000Z"),
+      senderId,
+      channelId: proof.channelId,
+      nonce: proof.nonce,
+      transferredAmount: proof.transferredAmount.toString(),
+      signature: proof.signature,
+      signerAddress: this.pubkeyBase58Cache ?? proof.signerAddress,
+      programId: proof.tokenNetworkAddress
+    };
+    return claim;
+  }
+};
+
+// src/signing/mina-signer.ts
+var MinaSigner = class {
+  chainType = "mina";
+  privateKeyBase58;
+  publicKeyBase58 = "uninitialized";
+  constructor(privateKeyBase58) {
+    this.privateKeyBase58 = privateKeyBase58;
+  }
+  get signerIdentifier() {
+    return this.publicKeyBase58;
+  }
+  async ensurePublicKey() {
+    if (this.publicKeyBase58 !== "uninitialized") return this.publicKeyBase58;
+    const o1js = await import("o1js");
+    const pk = o1js.PrivateKey.fromBase58(this.privateKeyBase58);
+    this.publicKeyBase58 = pk.toPublicKey().toBase58();
+    return this.publicKeyBase58;
+  }
+  async signBalanceProof(params) {
+    if (params.metadata.chainType !== "mina") {
+      throw new Error(
+        `MinaSigner cannot sign for chain type: ${params.metadata.chainType}`
+      );
+    }
+    const o1js = await import("o1js");
+    const pubkey = await this.ensurePublicKey();
+    const channelIdNum = BigInt(
+      "0x" + params.channelId.replace(/^0x/, "").slice(0, 16)
+    );
+    const commitment = o1js.Poseidon.hash([
+      o1js.Field(channelIdNum),
+      o1js.Field(params.nonce),
+      o1js.Field(params.transferredAmount),
+      o1js.Field(params.lockedAmount)
+    ]);
+    const pk = o1js.PrivateKey.fromBase58(this.privateKeyBase58);
+    const signature = o1js.Signature.create(pk, [commitment]);
+    return {
+      channelId: params.channelId,
+      nonce: params.nonce,
+      transferredAmount: params.transferredAmount,
+      lockedAmount: params.lockedAmount,
+      locksRoot: params.locksRoot,
+      signature: signature.toBase58(),
+      signerAddress: pubkey,
+      chainId: 0,
+      tokenNetworkAddress: params.metadata.zkAppAddress
+    };
+  }
+  buildClaimMessage(proof, senderId) {
+    const claim = {
+      version: "1.0",
+      blockchain: "mina",
+      messageId: crypto.randomUUID(),
+      timestamp: (/* @__PURE__ */ new Date()).toISOString().replace(/\.\d{3}Z$/, ".000Z"),
+      senderId,
+      channelId: proof.channelId,
+      nonce: proof.nonce,
+      transferredAmount: proof.transferredAmount.toString(),
+      commitment: proof.signature,
+      signerAddress: proof.signerAddress,
+      zkAppAddress: proof.tokenNetworkAddress
+    };
+    return claim;
+  }
+};
+
+// src/keys/KeyManager.ts
+import { finalizeEvent } from "nostr-tools/pure";
+import { nip19 } from "nostr-tools";
+
+// src/keys/KeyDerivation.ts
+import { generateSecretKey as generateSecretKey3, getPublicKey as getPublicKey2 } from "nostr-tools/pure";
+import { privateKeyToAccount as privateKeyToAccount2 } from "viem/accounts";
+import { toHex as toHex3 } from "viem";
+import {
+  generateMnemonic as _genMnemonic,
+  validateMnemonic as _validateMnemonic,
+  mnemonicToSeedSync
+} from "@scure/bip39";
+import { wordlist as english } from "@scure/bip39/wordlists/english";
+import { HDKey } from "@scure/bip32";
+function generateMnemonic() {
+  return _genMnemonic(english, 128);
+}
+function validateMnemonic(mnemonic) {
+  return _validateMnemonic(mnemonic, english);
+}
+function deriveNostrKey(seed) {
+  const master = HDKey.fromMasterSeed(seed);
+  const child = master.derive("m/44'/1237'/0'/0/0");
+  if (!child.privateKey) {
+    throw new Error("Failed to derive Nostr private key from seed");
+  }
+  const secretKey = new Uint8Array(child.privateKey);
+  const pubkey = getPublicKey2(secretKey);
+  return { secretKey, pubkey };
+}
+function deriveEvmIdentity(secretKey) {
+  const account = privateKeyToAccount2(toHex3(secretKey));
+  return {
+    privateKey: secretKey,
+    address: account.address
+  };
+}
+async function deriveSolanaKey(seed) {
+  const { hmac } = await import("@noble/hashes/hmac");
+  const { sha512 } = await import("@noble/hashes/sha512");
+  const { ed25519 } = await import("@noble/curves/ed25519");
+  const encoder = new TextEncoder();
+  let I = hmac(sha512, encoder.encode("ed25519 seed"), seed);
+  let key = I.slice(0, 32);
+  let chainCode = I.slice(32);
+  const indices = [
+    2147483692,
+    // 44'
+    2147484149,
+    // 501'
+    2147483648,
+    // 0'
+    2147483648
+    // 0'
+  ];
+  for (const index of indices) {
+    const data = new Uint8Array(37);
+    data[0] = 0;
+    data.set(key, 1);
+    data[33] = index >>> 24 & 255;
+    data[34] = index >>> 16 & 255;
+    data[35] = index >>> 8 & 255;
+    data[36] = index & 255;
+    I = hmac(sha512, chainCode, data);
+    key = I.slice(0, 32);
+    chainCode = I.slice(32);
+  }
+  const publicKeyBytes = ed25519.getPublicKey(key);
+  const keypair = new Uint8Array(64);
+  keypair.set(key, 0);
+  keypair.set(publicKeyBytes, 32);
+  const publicKey = toBase582(publicKeyBytes);
+  return { secretKey: keypair, publicKey };
+}
+async function deriveMinaKey(seed) {
+  const master = HDKey.fromMasterSeed(seed);
+  const child = master.derive("m/44'/12586'/0'/0/0");
+  if (!child.privateKey) {
+    throw new Error("Failed to derive Mina private key from seed");
+  }
+  const keyBytes = new Uint8Array(child.privateKey);
+  try {
+    const MinaSignerLib = await import("./mina-signer-J7GFWOGO.js");
+    const Client = "default" in MinaSignerLib ? MinaSignerLib.default : MinaSignerLib;
+    const client = new Client({ network: "mainnet" });
+    const hexKey = Array.from(keyBytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+    const keypair = client.derivePublicKey(hexKey);
+    return {
+      privateKey: hexKey,
+      publicKey: keypair
+    };
+  } catch {
+    throw new Error(
+      "mina-signer is required for Mina key derivation. Install it as an optional dependency."
+    );
+  }
+}
+async function deriveFullIdentity(mnemonic) {
+  const seed = mnemonicToSeedSync(mnemonic);
+  const nostr = deriveNostrKey(seed);
+  const evm = deriveEvmIdentity(nostr.secretKey);
+  let solana;
+  try {
+    solana = await deriveSolanaKey(seed);
+  } catch {
+    solana = { secretKey: new Uint8Array(64), publicKey: "" };
+  }
+  let mina;
+  try {
+    mina = await deriveMinaKey(seed);
+  } catch {
+    mina = { privateKey: "", publicKey: "" };
+  }
+  seed.fill(0);
+  return { nostr, evm, solana, mina };
+}
+function deriveFromNsec(secretKey) {
+  const keyCopy = new Uint8Array(secretKey);
+  const pubkey = getPublicKey2(keyCopy);
+  const evm = deriveEvmIdentity(keyCopy);
+  return {
+    nostr: { secretKey: keyCopy, pubkey },
+    evm,
+    solana: { secretKey: new Uint8Array(64), publicKey: "" },
+    mina: { privateKey: "", publicKey: "" }
+  };
+}
+function generateRandomIdentity() {
+  const secretKey = generateSecretKey3();
+  return deriveFromNsec(secretKey);
+}
+var BASE58_ALPHABET2 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function toBase582(bytes) {
+  let num = BigInt(0);
+  for (const b of bytes) num = num * 256n + BigInt(b);
+  let result = "";
+  while (num > 0n) {
+    result = BASE58_ALPHABET2[Number(num % 58n)] + result;
+    num = num / 58n;
+  }
+  for (const b of bytes) {
+    if (b === 0) result = "1" + result;
+    else break;
+  }
+  return result;
+}
+
+// src/keys/PasskeyAuth.ts
+async function registerPasskey(params) {
+  const { rpId, rpName, userId, userName, prfSalt } = params;
+  const publicKeyOptions = {
+    rp: { id: rpId, name: rpName },
+    user: {
+      id: userId,
+      name: userName,
+      displayName: userName
+    },
+    challenge: crypto.getRandomValues(
+      new Uint8Array(32)
+    ),
+    pubKeyCredParams: [
+      { alg: -7, type: "public-key" },
+      // ES256
+      { alg: -257, type: "public-key" }
+      // RS256
+    ],
+    authenticatorSelection: {
+      residentKey: "required",
+      userVerification: "required"
+    },
+    extensions: {
+      prf: {
+        eval: {
+          first: prfSalt
+        }
+      }
+    }
+  };
+  const credential = await navigator.credentials.create({
+    publicKey: publicKeyOptions
+  });
+  if (!credential) {
+    throw new Error("Passkey registration was cancelled or failed");
+  }
+  const response = credential.response;
+  const extensionResults = credential.getClientExtensionResults();
+  const prfResults = extensionResults["prf"];
+  if (!prfResults?.results?.first) {
+    throw new Error(
+      "PRF extension not supported by this authenticator. Passkey was created but cannot be used for key encryption. Use password-based encryption as fallback."
+    );
+  }
+  const credentialId = new Uint8Array(credential.rawId);
+  if (!response.attestationObject) {
+    throw new Error("Invalid attestation response");
+  }
+  return {
+    prfOutput: prfResults.results.first,
+    credentialId
+  };
+}
+async function assertPasskey(params) {
+  const { rpId, prfSalt, allowCredentials } = params;
+  const publicKeyOptions = {
+    rpId,
+    challenge: crypto.getRandomValues(
+      new Uint8Array(32)
+    ),
+    userVerification: "required",
+    ...allowCredentials && {
+      allowCredentials: allowCredentials.map((id) => ({
+        id,
+        type: "public-key"
+      }))
+    },
+    extensions: {
+      prf: {
+        eval: {
+          first: prfSalt
+        }
+      }
+    }
+  };
+  const credential = await navigator.credentials.get({
+    publicKey: publicKeyOptions
+  });
+  if (!credential) {
+    throw new Error("Passkey assertion was cancelled or failed");
+  }
+  const response = credential.response;
+  const extensionResults = credential.getClientExtensionResults();
+  const prfResults = extensionResults["prf"];
+  if (!prfResults?.results?.first) {
+    throw new Error(
+      "PRF extension did not return a result. The authenticator may not support PRF."
+    );
+  }
+  return {
+    prfOutput: prfResults.results.first,
+    credentialId: new Uint8Array(credential.rawId),
+    userHandle: response.userHandle ? new Uint8Array(response.userHandle) : null
+  };
+}
+function isPrfSupported() {
+  if (typeof window === "undefined") return false;
+  if (typeof navigator === "undefined") return false;
+  if (!navigator.credentials) return false;
+  if (typeof PublicKeyCredential === "undefined") return false;
+  return true;
+}
+async function hashCredentialId(credentialId) {
+  const arrayBuffer = credentialId.buffer.slice(
+    credentialId.byteOffset,
+    credentialId.byteOffset + credentialId.byteLength
+  );
+  const hash = await crypto.subtle.digest("SHA-256", arrayBuffer);
+  return Array.from(new Uint8Array(hash)).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+
+// src/keys/encoding.ts
+function toBase642(data) {
+  const bytes = data instanceof Uint8Array ? data : new Uint8Array(data);
+  let binary = "";
+  for (const b of bytes) binary += String.fromCharCode(b);
+  return btoa(binary);
+}
+function fromBase642(b64) {
+  const binary = atob(b64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+function hexToBytes(hex) {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
+  }
+  return bytes;
+}
+function bytesToHex(bytes) {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+
+// src/keys/KeyVault.ts
+async function generateDek() {
+  return crypto.subtle.generateKey(
+    { name: "AES-GCM", length: 256 },
+    true,
+    // extractable — needed for AES-KW wrapping
+    ["encrypt", "decrypt"]
+  );
+}
+async function encryptMnemonic(dek, mnemonic) {
+  const encoder = new TextEncoder();
+  const iv = crypto.getRandomValues(new Uint8Array(12));
+  const ciphertext = await crypto.subtle.encrypt(
+    { name: "AES-GCM", iv },
+    dek,
+    encoder.encode(mnemonic)
+  );
+  return {
+    encryptedMnemonic: toBase642(ciphertext),
+    iv: toBase642(iv)
+  };
+}
+async function decryptMnemonic(dek, encryptedMnemonic, iv) {
+  const decoder = new TextDecoder();
+  const plaintext = await crypto.subtle.decrypt(
+    { name: "AES-GCM", iv: fromBase642(iv) },
+    dek,
+    fromBase642(encryptedMnemonic)
+  );
+  return decoder.decode(plaintext);
+}
+async function deriveKek(prfOutput) {
+  const keyMaterial = await crypto.subtle.importKey(
+    "raw",
+    prfOutput,
+    "HKDF",
+    false,
+    ["deriveKey"]
+  );
+  const encoder = new TextEncoder();
+  return crypto.subtle.deriveKey(
+    {
+      name: "HKDF",
+      hash: "SHA-256",
+      salt: new Uint8Array(0),
+      // PRF salt was already applied at the WebAuthn level
+      info: encoder.encode("toon:kek")
+    },
+    keyMaterial,
+    { name: "AES-KW", length: 256 },
+    false,
+    // not extractable
+    ["wrapKey", "unwrapKey"]
+  );
+}
+async function deriveKekFromPassword(password, salt) {
+  const encoder = new TextEncoder();
+  const keyMaterial = await crypto.subtle.importKey(
+    "raw",
+    encoder.encode(password),
+    "PBKDF2",
+    false,
+    ["deriveKey"]
+  );
+  return crypto.subtle.deriveKey(
+    {
+      name: "PBKDF2",
+      hash: "SHA-256",
+      salt,
+      iterations: 6e5
+      // OWASP 2023 recommendation for SHA-256
+    },
+    keyMaterial,
+    { name: "AES-KW", length: 256 },
+    false,
+    ["wrapKey", "unwrapKey"]
+  );
+}
+async function wrapDek(kek, dek) {
+  const wrapped = await crypto.subtle.wrapKey("raw", dek, kek, "AES-KW");
+  return toBase642(new Uint8Array(wrapped));
+}
+async function unwrapDek(kek, wrappedDek) {
+  return crypto.subtle.unwrapKey(
+    "raw",
+    fromBase642(wrappedDek),
+    kek,
+    "AES-KW",
+    { name: "AES-GCM", length: 256 },
+    true,
+    // extractable — needed for re-wrapping when adding new KEKs
+    ["encrypt", "decrypt"]
+  );
+}
+async function createVault(mnemonic, kek, credentialIdHash, prfSalt) {
+  const dek = await generateDek();
+  const { encryptedMnemonic, iv } = await encryptMnemonic(dek, mnemonic);
+  const wrappedDek = await wrapDek(kek, dek);
+  const entry = {
+    id: credentialIdHash,
+    wrapped_dek: wrappedDek,
+    salt: toBase642(prfSalt),
+    created_at: Math.floor(Date.now() / 1e3)
+  };
+  return {
+    encryptedMnemonic,
+    iv,
+    wrappedKeys: [entry]
+  };
+}
+async function unlockVault(vault, kek, credentialIdHash) {
+  const entry = vault.wrappedKeys.find((e) => e.id === credentialIdHash);
+  if (!entry) {
+    throw new Error(`No wrapped key found for credential ${credentialIdHash}`);
+  }
+  const dek = await unwrapDek(kek, entry.wrapped_dek);
+  return decryptMnemonic(dek, vault.encryptedMnemonic, vault.iv);
+}
+async function addKekToVault(vault, existingKek, existingCredentialIdHash, newKek, newCredentialIdHash, newPrfSalt) {
+  const existingEntry = vault.wrappedKeys.find(
+    (e) => e.id === existingCredentialIdHash
+  );
+  if (!existingEntry) {
+    throw new Error(
+      `No wrapped key found for credential ${existingCredentialIdHash}`
+    );
+  }
+  const dek = await unwrapDek(existingKek, existingEntry.wrapped_dek);
+  const newWrappedDek = await wrapDek(newKek, dek);
+  const newEntry = {
+    id: newCredentialIdHash,
+    wrapped_dek: newWrappedDek,
+    salt: toBase642(newPrfSalt),
+    created_at: Math.floor(Date.now() / 1e3)
+  };
+  return {
+    ...vault,
+    wrappedKeys: [...vault.wrappedKeys, newEntry]
+  };
+}
+function removeKekFromVault(vault, credentialIdHash) {
+  const remaining = vault.wrappedKeys.filter((e) => e.id !== credentialIdHash);
+  if (remaining.length === 0) {
+    throw new Error(
+      "Cannot remove the last passkey \u2014 at least one passkey must remain for vault access"
+    );
+  }
+  return {
+    ...vault,
+    wrappedKeys: remaining
+  };
+}
+async function addRecoveryCodeToVault(vault, existingKek, existingCredentialIdHash, recoveryKek, recoverySalt) {
+  const existingEntry = vault.wrappedKeys.find(
+    (e) => e.id === existingCredentialIdHash
+  );
+  if (!existingEntry) {
+    throw new Error(
+      `No wrapped key found for credential ${existingCredentialIdHash}`
+    );
+  }
+  const dek = await unwrapDek(existingKek, existingEntry.wrapped_dek);
+  const recoveryWrappedDek = await wrapDek(recoveryKek, dek);
+  return {
+    ...vault,
+    recoveryCodeWrappedDek: recoveryWrappedDek,
+    recoveryCodeSalt: toBase642(recoverySalt)
+  };
+}
+async function unlockVaultWithRecoveryCode(vault, recoveryKek) {
+  if (!vault.recoveryCodeWrappedDek) {
+    throw new Error("No recovery code is configured for this vault");
+  }
+  const dek = await unwrapDek(recoveryKek, vault.recoveryCodeWrappedDek);
+  return decryptMnemonic(dek, vault.encryptedMnemonic, vault.iv);
+}
+function generateRecoveryCode() {
+  const bytes = crypto.getRandomValues(new Uint8Array(12));
+  const hex = Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+  const groups = hex.match(/.{4}/g) ?? [];
+  return groups.join("-");
+}
+
+// src/keys/BackupService.ts
+import { getPublicKey as getPublicKey3 } from "nostr-tools/pure";
+var BACKUP_KIND = 30078;
+var BACKUP_D_TAG = "toon:identity-backup";
+var BACKUP_VERSION = "1";
+function buildBackupEvent(vault, secretKey, chains = "nostr,evm,solana,mina") {
+  const pubkey = getPublicKey3(secretKey);
+  const payload = {
+    encrypted_mnemonic: vault.encryptedMnemonic,
+    wrapped_keys: vault.wrappedKeys,
+    iv: vault.iv,
+    ...vault.recoveryCodeWrappedDek && {
+      recovery_code_wrapped_dek: vault.recoveryCodeWrappedDek
+    },
+    ...vault.recoveryCodeSalt && {
+      recovery_code_salt: vault.recoveryCodeSalt
+    }
+  };
+  return {
+    kind: BACKUP_KIND,
+    pubkey,
+    created_at: Math.floor(Date.now() / 1e3),
+    tags: [
+      ["d", BACKUP_D_TAG],
+      ["v", BACKUP_VERSION],
+      ["chains", chains]
+    ],
+    content: JSON.stringify(payload)
+  };
+}
+function buildBackupFilter(pubkey) {
+  return {
+    kinds: [BACKUP_KIND],
+    authors: [pubkey],
+    "#d": [BACKUP_D_TAG]
+  };
+}
+function parseBackupPayload(content) {
+  let parsed;
+  try {
+    parsed = JSON.parse(content);
+  } catch {
+    throw new Error("Invalid backup event content: not valid JSON");
+  }
+  if (typeof parsed !== "object" || parsed === null) {
+    throw new Error("Invalid backup event content: not an object");
+  }
+  const payload = parsed;
+  if (typeof payload["encrypted_mnemonic"] !== "string") {
+    throw new Error("Invalid backup: missing encrypted_mnemonic");
+  }
+  if (typeof payload["iv"] !== "string") {
+    throw new Error("Invalid backup: missing iv");
+  }
+  if (!Array.isArray(payload["wrapped_keys"])) {
+    throw new Error("Invalid backup: missing wrapped_keys array");
+  }
+  for (const entry of payload["wrapped_keys"]) {
+    if (typeof entry !== "object" || entry === null) {
+      throw new Error("Invalid backup: wrapped_keys entry is not an object");
+    }
+    const e = entry;
+    if (typeof e["id"] !== "string") {
+      throw new Error("Invalid backup: wrapped key missing id");
+    }
+    if (typeof e["wrapped_dek"] !== "string") {
+      throw new Error("Invalid backup: wrapped key missing wrapped_dek");
+    }
+    if (typeof e["salt"] !== "string") {
+      throw new Error("Invalid backup: wrapped key missing salt");
+    }
+    if (typeof e["created_at"] !== "number") {
+      throw new Error(
+        "Invalid backup: wrapped key missing or invalid created_at"
+      );
+    }
+  }
+  return {
+    encryptedMnemonic: payload["encrypted_mnemonic"],
+    iv: payload["iv"],
+    wrappedKeys: payload["wrapped_keys"],
+    ...typeof payload["recovery_code_wrapped_dek"] === "string" && {
+      recoveryCodeWrappedDek: payload["recovery_code_wrapped_dek"]
+    },
+    ...typeof payload["recovery_code_salt"] === "string" && {
+      recoveryCodeSalt: payload["recovery_code_salt"]
+    }
+  };
+}
+async function publishBackupToRelays(signedEvent, relayUrls) {
+  const { SimplePool } = await import("nostr-tools/pool");
+  const pool = new SimplePool();
+  try {
+    await Promise.allSettled(
+      relayUrls.map((url) => pool.publish([url], signedEvent))
+    );
+  } finally {
+    pool.close(relayUrls);
+  }
+}
+async function fetchBackupFromRelays(pubkey, relayUrls) {
+  const { SimplePool } = await import("nostr-tools/pool");
+  const pool = new SimplePool();
+  try {
+    const filter = buildBackupFilter(pubkey);
+    const events = await pool.querySync(relayUrls, filter);
+    if (!events || events.length === 0) {
+      return null;
+    }
+    events.sort(
+      (a, b) => b.created_at - a.created_at
+    );
+    const latest = events[0];
+    if (!latest) return null;
+    return parseBackupPayload(latest.content);
+  } finally {
+    pool.close(relayUrls);
+  }
+}
+
+// src/keys/KeyManager.ts
+var KeyManager = class {
+  config;
+  identity = null;
+  vault = null;
+  activeCredentialIdHash = null;
+  constructor(config) {
+    if (!config.relayUrls || config.relayUrls.length === 0) {
+      throw new Error("KeyManager requires at least one relay URL");
+    }
+    this.config = {
+      relayUrls: config.relayUrls,
+      rpId: config.rpId ?? (typeof window !== "undefined" ? window.location.hostname : "localhost"),
+      rpName: config.rpName ?? "TOON Protocol",
+      storageKey: config.storageKey ?? "toon:keys"
+    };
+  }
+  // --- Account Lifecycle ---
+  /**
+   * Create a new account: generate mnemonic, create Passkey, encrypt, backup.
+   */
+  async create() {
+    const mnemonic = generateMnemonic();
+    const identity = await deriveFullIdentity(mnemonic);
+    const prfSalt = crypto.getRandomValues(new Uint8Array(32));
+    const userIdBytes = hexToBytes(identity.nostr.pubkey);
+    const registration = await registerPasskey({
+      rpId: this.config.rpId,
+      rpName: this.config.rpName,
+      userId: userIdBytes,
+      userName: `TOON ${identity.nostr.pubkey.slice(0, 8)}`,
+      prfSalt
+    });
+    const kek = await deriveKek(registration.prfOutput);
+    const credIdHash = await hashCredentialId(registration.credentialId);
+    this.vault = await createVault(mnemonic, kek, credIdHash, prfSalt);
+    this.identity = identity;
+    this.activeCredentialIdHash = credIdHash;
+    await this.saveToLocalStorage();
+    await this.backupToRelay().catch(() => {
+    });
+    return identity;
+  }
+  /**
+   * Recover an account using a synced Passkey.
+   * The Nostr pubkey is extracted from the Passkey's userHandle.
+   *
+   * Flow: single assertion → userHandle → fetch backup → derive KEK → unlock.
+   * If the local vault is available (has the PRF salt), we use a single assertion
+   * with the correct salt. Otherwise, we need the backup from relays first, which
+   * requires a discovery assertion to get the pubkey.
+   */
+  async recover() {
+    const localVault = await this.loadFromLocalStorage();
+    if (localVault) {
+      return this.unlockWithVault(localVault);
+    }
+    const discovery = await assertPasskey({
+      rpId: this.config.rpId,
+      prfSalt: crypto.getRandomValues(new Uint8Array(32))
+      // Dummy salt for discovery
+    });
+    if (!discovery.userHandle || discovery.userHandle.length === 0) {
+      throw new Error(
+        "Passkey did not return a userHandle. Cannot determine Nostr pubkey for recovery."
+      );
+    }
+    const pubkey = bytesToHex(discovery.userHandle);
+    const vault = await fetchBackupFromRelays(pubkey, this.config.relayUrls);
+    if (!vault) {
+      throw new Error(
+        "No backup found on configured relays for this identity. Try importing with a mnemonic or nsec instead."
+      );
+    }
+    const credIdHash = await hashCredentialId(discovery.credentialId);
+    const entry = vault.wrappedKeys.find((e) => e.id === credIdHash);
+    if (!entry) {
+      throw new Error(
+        "This Passkey is not registered with the backup. Try a different Passkey or use a recovery code."
+      );
+    }
+    const saltBytes = fromBase642(entry.salt);
+    const reassertion = await assertPasskey({
+      rpId: this.config.rpId,
+      prfSalt: saltBytes,
+      allowCredentials: [discovery.credentialId]
+    });
+    const kek = await deriveKek(reassertion.prfOutput);
+    const mnemonic = await unlockVault(vault, kek, credIdHash);
+    const identity = await deriveFullIdentity(mnemonic);
+    this.vault = vault;
+    this.identity = identity;
+    this.activeCredentialIdHash = credIdHash;
+    await this.saveToLocalStorage();
+    return identity;
+  }
+  /**
+   * Import an existing BIP-39 mnemonic. Creates a Passkey and backup.
+   */
+  async importMnemonic(mnemonic) {
+    if (!validateMnemonic(mnemonic)) {
+      throw new Error("Invalid BIP-39 mnemonic phrase");
+    }
+    const identity = await deriveFullIdentity(mnemonic);
+    const prfSalt = crypto.getRandomValues(new Uint8Array(32));
+    const userIdBytes = hexToBytes(identity.nostr.pubkey);
+    const registration = await registerPasskey({
+      rpId: this.config.rpId,
+      rpName: this.config.rpName,
+      userId: userIdBytes,
+      userName: `TOON ${identity.nostr.pubkey.slice(0, 8)}`,
+      prfSalt
+    });
+    const kek = await deriveKek(registration.prfOutput);
+    const credIdHash = await hashCredentialId(registration.credentialId);
+    this.vault = await createVault(mnemonic, kek, credIdHash, prfSalt);
+    this.identity = identity;
+    this.activeCredentialIdHash = credIdHash;
+    await this.saveToLocalStorage();
+    await this.backupToRelay().catch(() => {
+    });
+    return identity;
+  }
+  /**
+   * Import from an nsec (Nostr-only key).
+   * Nostr + EVM are derived; Solana + Mina get fresh keys (not deterministically linked).
+   */
+  async importNsec(nsec) {
+    const decoded = nip19.decode(nsec);
+    if (decoded.type !== "nsec") {
+      throw new Error("Invalid nsec string");
+    }
+    const secretKey = decoded.data;
+    const identity = deriveFromNsec(secretKey);
+    if (isPrfSupported()) {
+      const prfSalt = crypto.getRandomValues(new Uint8Array(32));
+      const userIdBytes = hexToBytes(identity.nostr.pubkey);
+      try {
+        const registration = await registerPasskey({
+          rpId: this.config.rpId,
+          rpName: this.config.rpName,
+          userId: userIdBytes,
+          userName: `TOON ${identity.nostr.pubkey.slice(0, 8)}`,
+          prfSalt
+        });
+        const kek = await deriveKek(registration.prfOutput);
+        const credIdHash = await hashCredentialId(registration.credentialId);
+        const hexKey = bytesToHex(secretKey);
+        this.vault = await createVault(hexKey, kek, credIdHash, prfSalt);
+        this.activeCredentialIdHash = credIdHash;
+        await this.saveToLocalStorage();
+      } catch {
+      }
+    }
+    this.identity = identity;
+    return identity;
+  }
+  // --- Passkey Management ---
+  /**
+   * Register an additional Passkey for this identity.
+   */
+  async addPasskey() {
+    if (!this.identity || !this.vault || !this.activeCredentialIdHash) {
+      throw new Error("No active identity \u2014 call create() or recover() first");
+    }
+    const prfSalt = crypto.getRandomValues(new Uint8Array(32));
+    const userIdBytes = hexToBytes(this.identity.nostr.pubkey);
+    const registration = await registerPasskey({
+      rpId: this.config.rpId,
+      rpName: this.config.rpName,
+      userId: userIdBytes,
+      userName: `TOON ${this.identity.nostr.pubkey.slice(0, 8)}`,
+      prfSalt
+    });
+    const newKek = await deriveKek(registration.prfOutput);
+    const newCredIdHash = await hashCredentialId(registration.credentialId);
+    const currentEntry = this.vault.wrappedKeys.find(
+      (e) => e.id === this.activeCredentialIdHash
+    );
+    if (!currentEntry) {
+      throw new Error("Active credential not found in vault");
+    }
+    const currentSaltBytes = fromBase642(currentEntry.salt);
+    const currentAssertion = await assertPasskey({
+      rpId: this.config.rpId,
+      prfSalt: currentSaltBytes
+    });
+    const currentKek = await deriveKek(currentAssertion.prfOutput);
+    this.vault = await addKekToVault(
+      this.vault,
+      currentKek,
+      this.activeCredentialIdHash,
+      newKek,
+      newCredIdHash,
+      prfSalt
+    );
+    await this.saveToLocalStorage();
+    await this.backupToRelay().catch(() => {
+    });
+  }
+  /**
+   * List registered Passkey credentials.
+   */
+  listPasskeys() {
+    if (!this.vault) return [];
+    return this.vault.wrappedKeys.map((entry) => ({
+      credentialIdHash: entry.id,
+      createdAt: entry.created_at
+    }));
+  }
+  /**
+   * Remove a Passkey from the vault. Cannot remove the last one.
+   */
+  async removePasskey(credentialIdHash) {
+    if (!this.vault) {
+      throw new Error("No active vault");
+    }
+    this.vault = removeKekFromVault(this.vault, credentialIdHash);
+    if (this.activeCredentialIdHash === credentialIdHash) {
+      const remaining = this.vault.wrappedKeys[0];
+      this.activeCredentialIdHash = remaining ? remaining.id : null;
+    }
+    await this.saveToLocalStorage();
+    await this.backupToRelay().catch(() => {
+    });
+  }
+  // --- Recovery ---
+  /**
+   * Generate a printable recovery code and add it to the vault.
+   * The PBKDF2 salt is persisted alongside the wrapped DEK so the code
+   * can be verified later without the original salt.
+   *
+   * @returns The recovery code — user must store it securely.
+   */
+  async generateRecoveryCode() {
+    if (!this.vault || !this.activeCredentialIdHash) {
+      throw new Error("No active vault");
+    }
+    const code = generateRecoveryCode();
+    const salt = crypto.getRandomValues(new Uint8Array(16));
+    const recoveryKek = await deriveKekFromPassword(code, salt);
+    const currentEntry = this.vault.wrappedKeys.find(
+      (e) => e.id === this.activeCredentialIdHash
+    );
+    if (!currentEntry) {
+      throw new Error("Active credential not found in vault");
+    }
+    const currentSaltBytes = fromBase642(currentEntry.salt);
+    const currentAssertion = await assertPasskey({
+      rpId: this.config.rpId,
+      prfSalt: currentSaltBytes
+    });
+    const currentKek = await deriveKek(currentAssertion.prfOutput);
+    this.vault = await addRecoveryCodeToVault(
+      this.vault,
+      currentKek,
+      this.activeCredentialIdHash,
+      recoveryKek,
+      salt
+    );
+    await this.saveToLocalStorage();
+    await this.backupToRelay().catch(() => {
+    });
+    return code;
+  }
+  /**
+   * Recover identity using a recovery code.
+   * The PBKDF2 salt is read from the persisted vault data.
+   */
+  async recoverWithCode(code) {
+    const vault = await this.loadFromLocalStorage();
+    if (!vault) {
+      throw new Error(
+        "No local vault found. Recovery code requires the encrypted vault. If you have a Passkey, use recover() to fetch from relays first."
+      );
+    }
+    if (!vault.recoveryCodeWrappedDek || !vault.recoveryCodeSalt) {
+      throw new Error("No recovery code configured for this vault");
+    }
+    const salt = fromBase642(vault.recoveryCodeSalt);
+    const recoveryKek = await deriveKekFromPassword(code, salt);
+    const mnemonic = await unlockVaultWithRecoveryCode(vault, recoveryKek);
+    const identity = await deriveFullIdentity(mnemonic);
+    this.vault = vault;
+    this.identity = identity;
+    return identity;
+  }
+  // --- Key Access ---
+  /**
+   * Get the current identity, or null if not unlocked.
+   */
+  getIdentity() {
+    return this.identity;
+  }
+  /**
+   * Get the Nostr secret key. Throws if not unlocked.
+   */
+  getNostrSecretKey() {
+    if (!this.identity) throw new Error("Identity not unlocked");
+    return this.identity.nostr.secretKey;
+  }
+  /**
+   * Get an EvmSigner instance. Throws if not unlocked.
+   */
+  getEvmSigner() {
+    if (!this.identity) throw new Error("Identity not unlocked");
+    return new EvmSigner(this.identity.evm.privateKey);
+  }
+  /**
+   * Get a SolanaSigner instance. Throws if not unlocked or Solana not derived.
+   */
+  getSolanaSigner() {
+    if (!this.identity) throw new Error("Identity not unlocked");
+    if (!this.identity.solana.publicKey) {
+      throw new Error(
+        "Solana keys not available \u2014 was this imported from nsec?"
+      );
+    }
+    return new SolanaSigner(this.identity.solana.secretKey);
+  }
+  /**
+   * Get a MinaSigner instance. Throws if not unlocked or Mina not derived.
+   */
+  getMinaSigner() {
+    if (!this.identity) throw new Error("Identity not unlocked");
+    if (!this.identity.mina.publicKey) {
+      throw new Error("Mina keys not available \u2014 was this imported from nsec?");
+    }
+    return new MinaSigner(this.identity.mina.privateKey);
+  }
+  // --- Backup ---
+  /**
+   * Publish the current vault to configured relays as a kind:30078 event.
+   */
+  async backupToRelay() {
+    if (!this.identity || !this.vault) {
+      throw new Error("No active identity or vault to backup");
+    }
+    const eventTemplate = buildBackupEvent(
+      this.vault,
+      this.identity.nostr.secretKey
+    );
+    const signedEvent = finalizeEvent(
+      eventTemplate,
+      this.identity.nostr.secretKey
+    );
+    await publishBackupToRelays(signedEvent, this.config.relayUrls);
+  }
+  // --- Lock/Unlock ---
+  /**
+   * Clear keys from memory. The vault remains in IndexedDB.
+   * Note: JavaScript strings (mnemonics) cannot be zeroed — only Uint8Array keys are cleared.
+   */
+  lock() {
+    if (this.identity) {
+      this.identity.nostr.secretKey.fill(0);
+      this.identity.evm.privateKey.fill(0);
+      this.identity.solana.secretKey.fill(0);
+    }
+    this.identity = null;
+  }
+  /**
+   * Re-assert Passkey to decrypt local vault and restore identity.
+   * Uses the local vault's stored PRF salt for a single biometric prompt.
+   */
+  async unlock() {
+    const vault = await this.loadFromLocalStorage();
+    if (!vault) {
+      throw new Error("No local vault found \u2014 use create() or recover()");
+    }
+    return this.unlockWithVault(vault);
+  }
+  // --- Private helpers ---
+  /**
+   * Unlock a vault with a single Passkey assertion using stored PRF salts.
+   * If the vault has only one credential, uses allowCredentials to constrain.
+   */
+  async unlockWithVault(vault) {
+    const firstEntry = vault.wrappedKeys[0];
+    if (!firstEntry) {
+      throw new Error("Vault has no registered credentials");
+    }
+    const assertion = await assertPasskey({
+      rpId: this.config.rpId,
+      prfSalt: fromBase642(firstEntry.salt)
+    });
+    const credIdHash = await hashCredentialId(assertion.credentialId);
+    const matchingEntry = vault.wrappedKeys.find((e) => e.id === credIdHash);
+    if (!matchingEntry) {
+      throw new Error("This Passkey is not registered with the local vault");
+    }
+    let prfOutput = assertion.prfOutput;
+    if (matchingEntry.id !== firstEntry.id) {
+      const correctSalt = fromBase642(matchingEntry.salt);
+      const reassertion = await assertPasskey({
+        rpId: this.config.rpId,
+        prfSalt: correctSalt,
+        allowCredentials: [assertion.credentialId]
+      });
+      prfOutput = reassertion.prfOutput;
+    }
+    const kek = await deriveKek(prfOutput);
+    const mnemonic = await unlockVault(vault, kek, credIdHash);
+    const identity = await deriveFullIdentity(mnemonic);
+    this.vault = vault;
+    this.identity = identity;
+    this.activeCredentialIdHash = credIdHash;
+    return identity;
+  }
+  // --- IndexedDB Persistence ---
+  async saveToLocalStorage() {
+    if (!this.vault) return;
+    if (typeof indexedDB === "undefined") return;
+    const dbName = this.config.storageKey;
+    const db = await openDb(dbName);
+    const tx = db.transaction("vault", "readwrite");
+    const store = tx.objectStore("vault");
+    store.put(JSON.stringify(this.vault), "current");
+    await new Promise((resolve, reject) => {
+      tx.oncomplete = () => resolve();
+      tx.onerror = () => reject(tx.error);
+    });
+    db.close();
+  }
+  async loadFromLocalStorage() {
+    if (typeof indexedDB === "undefined") return null;
+    const dbName = this.config.storageKey;
+    try {
+      const db = await openDb(dbName);
+      const tx = db.transaction("vault", "readonly");
+      const store = tx.objectStore("vault");
+      const request = store.get("current");
+      const result = await new Promise(
+        (resolve, reject) => {
+          request.onsuccess = () => resolve(request.result);
+          request.onerror = () => reject(request.error);
+        }
+      );
+      db.close();
+      if (!result) return null;
+      return JSON.parse(result);
+    } catch {
+      return null;
+    }
+  }
+};
+function openDb(name) {
+  return new Promise((resolve, reject) => {
+    const request = indexedDB.open(name, 1);
+    request.onupgradeneeded = () => {
+      const db = request.result;
+      if (!db.objectStoreNames.contains("vault")) {
+        db.createObjectStore("vault");
+      }
+    };
+    request.onsuccess = () => resolve(request.result);
+    request.onerror = () => reject(request.error);
+  });
+}
 export {
   BtpRuntimeClient,
   ChannelManager,
@@ -1805,14 +3776,24 @@ export {
   EvmSigner,
   HttpConnectorAdmin,
   HttpRuntimeClient,
+  KeyManager,
   NetworkError,
   OnChainChannelClient,
   ToonClient,
   ToonClientError,
   ValidationError,
   applyDefaults,
+  buildBackupEvent,
+  buildBackupFilter,
   buildSettlementInfo,
+  deriveFromNsec,
+  deriveFullIdentity,
+  generateMnemonic,
+  generateRandomIdentity,
+  isPrfSupported,
+  parseBackupPayload,
   validateConfig,
+  validateMnemonic,
   withRetry
 };
 //# sourceMappingURL=index.js.map