@toon-protocol/client 0.8.0 → 0.9.1

package/dist/index.d.ts

@@ -210,6 +210,7 @@ declare class ToonClient {
     private state;
     private readonly evmSigner?;
     private channelManager?;
+    private readonly peerNegotiations;
     /**
      * Creates a new ToonClient instance.
      *
@@ -285,6 +286,12 @@ declare class ToonClient {
      * Gets the cumulative transferred amount for a tracked channel.
      */
     getChannelCumulativeAmount(channelId: string): bigint;
+    /**
+     * Resolves an ILP destination address to a peer ID.
+     * Convention: destination "g.toon.peer1" → peerId "peer1" (last segment).
+     * Falls back to first known peer if no match.
+     */
+    private resolvePeerId;
     /**
      * Extracts chain context (chainId + tokenNetworkAddress) from a chain key like 'evm:base:421614'.
      */
@@ -664,6 +671,128 @@ declare class HttpConnectorAdmin implements ConnectorAdminClient {
     private handleErrorResponse;
 }
 
+interface BtpRuntimeClientConfig {
+    btpUrl: string;
+    peerId: string;
+    authToken: string;
+    /** Max reconnection attempts on send failure (default: 3) */
+    maxRetries?: number;
+    /** Delay between reconnection attempts in ms (default: 1000) */
+    retryDelay?: number;
+}
+/**
+ * BTP transport implementing IlpClient.
+ * Uses IsomorphicBtpClient (browser-native, no Node.js dependencies).
+ */
+declare class BtpRuntimeClient implements IlpClient {
+    private btpClient;
+    private readonly config;
+    private _isConnected;
+    constructor(config: BtpRuntimeClientConfig);
+    /**
+     * Connects to the BTP peer via WebSocket.
+     */
+    connect(): Promise<void>;
+    /**
+     * Attempts to reconnect by creating a fresh client and connecting.
+     */
+    reconnect(): Promise<void>;
+    /**
+     * Disconnects from the BTP peer.
+     */
+    disconnect(): Promise<void>;
+    get isConnected(): boolean;
+    /**
+     * Sends an ILP packet via BTP with auto-reconnect on connection errors.
+     * Satisfies IlpClient interface.
+     */
+    sendIlpPacket(params: {
+        destination: string;
+        amount: string;
+        data: string;
+        timeout?: number;
+    }): Promise<IlpSendResult>;
+    /**
+     * Sends a balance proof claim via BTP protocol data, then sends an ILP packet.
+     * Auto-reconnects on connection errors.
+     */
+    sendIlpPacketWithClaim(params: {
+        destination: string;
+        amount: string;
+        data: string;
+        timeout?: number;
+    }, claim: Record<string, unknown>): Promise<IlpSendResult>;
+    /**
+     * Single-attempt ILP packet send. Reconnects if not connected.
+     */
+    private _sendIlpPacketOnce;
+    /**
+     * Single-attempt claim + ILP packet send. Reconnects if not connected.
+     */
+    private _sendIlpPacketWithClaimOnce;
+}
+
+/**
+ * Chain-specific metadata (discriminated union).
+ */
+type ChainMetadata = {
+    chainType: 'evm';
+    chainId: number;
+    tokenNetworkAddress: string;
+    tokenAddress?: string;
+} | {
+    chainType: 'solana';
+    programId: string;
+    tokenMint?: string;
+} | {
+    chainType: 'mina';
+    zkAppAddress: string;
+    tokenId?: string;
+};
+/**
+ * Chain-agnostic signing interface for balance proofs.
+ */
+interface ChainSigner {
+    readonly chainType: 'evm' | 'solana' | 'mina';
+    readonly signerIdentifier: string;
+    signBalanceProof(params: {
+        channelId: string;
+        nonce: number;
+        transferredAmount: bigint;
+        lockedAmount: bigint;
+        locksRoot: string;
+        metadata: ChainMetadata;
+    }): Promise<SignedBalanceProof>;
+    buildClaimMessage(proof: SignedBalanceProof, senderId: string): ClaimMessage;
+}
+type ClaimMessage = EVMClaimMessage | SolanaClaimMessage | MinaClaimMessage;
+interface SolanaClaimMessage {
+    version: '1.0';
+    blockchain: 'solana';
+    messageId: string;
+    timestamp: string;
+    senderId: string;
+    channelId: string;
+    nonce: number;
+    transferredAmount: string;
+    signature: string;
+    signerAddress: string;
+    programId: string;
+}
+interface MinaClaimMessage {
+    version: '1.0';
+    blockchain: 'mina';
+    messageId: string;
+    timestamp: string;
+    senderId: string;
+    channelId: string;
+    nonce: number;
+    transferredAmount: string;
+    commitment: string;
+    signerAddress: string;
+    zkAppAddress: string;
+}
+
 /**
  * EVM claim message for BTP protocol data.
  * Matches @toon-protocol/connector's EVMClaimMessage interface.
@@ -698,6 +827,7 @@ interface EVMClaimMessage {
  * Encapsulates the private key — no getPrivateKey() method is exposed.
  */
 declare class EvmSigner {
+    readonly chainType: "evm";
     private readonly _account;
     /**
      * @param privateKey - EVM private key as hex string (with or without 0x prefix) or Uint8Array
@@ -705,6 +835,8 @@ declare class EvmSigner {
     constructor(privateKey: string | Uint8Array);
     /** Derived 0x EVM address */
     get address(): string;
+    /** ChainSigner identifier — EVM address */
+    get signerIdentifier(): string;
     /** Viem PrivateKeyAccount — usable with walletClient for on-chain transactions */
     get account(): PrivateKeyAccount;
     /**
@@ -729,85 +861,70 @@ declare class EvmSigner {
     static buildClaimMessage(proof: SignedBalanceProof, senderId: string): EVMClaimMessage;
 }
 
-/** Pino-compatible logger interface */
-interface ConsoleLogger {
-    level: string;
-    silent: (...args: unknown[]) => void;
-    info: typeof console.info;
-    warn: typeof console.warn;
-    error: typeof console.error;
-    debug: typeof console.debug;
-    trace: typeof console.debug;
-    fatal: typeof console.error;
-    child: () => ConsoleLogger;
-}
-interface BtpRuntimeClientConfig {
-    btpUrl: string;
-    peerId: string;
-    authToken: string;
-    logger?: ConsoleLogger;
-    /** Max reconnection attempts on send failure (default: 3) */
-    maxRetries?: number;
-    /** Delay between reconnection attempts in ms (default: 1000) */
-    retryDelay?: number;
+/**
+ * Solana signer for Ed25519 balance proofs.
+ *
+ * Signs channel state using Ed25519 (raw, not EIP-712).
+ * Dynamically imports @noble/curves to avoid missing-dep errors for non-Solana users.
+ */
+declare class SolanaSigner implements ChainSigner {
+    readonly chainType: "solana";
+    private readonly privateKey;
+    private publicKey?;
+    private pubkeyBase58Cache?;
+    constructor(privateKey: Uint8Array);
+    private ensurePublicKey;
+    get signerIdentifier(): string;
+    signBalanceProof(params: {
+        channelId: string;
+        nonce: number;
+        transferredAmount: bigint;
+        lockedAmount: bigint;
+        locksRoot: string;
+        metadata: ChainMetadata;
+    }): Promise<SignedBalanceProof>;
+    buildClaimMessage(proof: SignedBalanceProof, senderId: string): ClaimMessage;
 }
+
 /**
- * BTP transport implementing IlpClient.
- * Wraps BTPClient from @toon-protocol/connector with auto-reconnect on connection loss.
+ * Mina signer for Poseidon commitment balance proofs.
+ *
+ * Dynamically imports o1js to avoid pulling 50MB into the client bundle
+ * for non-Mina users.
  */
-declare class BtpRuntimeClient implements IlpClient {
-    private btpClient;
-    private readonly config;
-    private _isConnected;
-    private readonly logger;
-    constructor(config: BtpRuntimeClientConfig);
-    /**
-     * Connects to the BTP peer via WebSocket.
-     */
-    connect(): Promise<void>;
-    /**
-     * Attempts to reconnect by creating a fresh BTPClient and connecting.
-     */
-    reconnect(): Promise<void>;
-    /**
-     * Disconnects from the BTP peer.
-     */
-    disconnect(): Promise<void>;
-    get isConnected(): boolean;
-    /**
-     * Sends an ILP packet via BTP with auto-reconnect on connection errors.
-     * Satisfies IlpClient interface.
-     */
-    sendIlpPacket(params: {
-        destination: string;
-        amount: string;
-        data: string;
-        timeout?: number;
-    }): Promise<IlpSendResult>;
-    /**
-     * Sends a balance proof claim via BTP protocol data, then sends an ILP packet.
-     * Auto-reconnects on connection errors.
-     */
-    sendIlpPacketWithClaim(params: {
-        destination: string;
-        amount: string;
-        data: string;
-        timeout?: number;
-    }, claim: EVMClaimMessage): Promise<IlpSendResult>;
-    /**
-     * Single-attempt ILP packet send. Reconnects if not connected.
-     */
-    private _sendIlpPacketOnce;
-    /**
-     * Single-attempt claim + ILP packet send. Reconnects if not connected.
-     * Embeds the claim in the same BTP message as the ILP PREPARE packet.
-     */
-    private _sendIlpPacketWithClaimOnce;
+declare class MinaSigner implements ChainSigner {
+    readonly chainType: "mina";
+    private readonly privateKeyBase58;
+    private publicKeyBase58;
+    constructor(privateKeyBase58: string);
+    get signerIdentifier(): string;
+    private ensurePublicKey;
+    signBalanceProof(params: {
+        channelId: string;
+        nonce: number;
+        transferredAmount: bigint;
+        lockedAmount: bigint;
+        locksRoot: string;
+        metadata: ChainMetadata;
+    }): Promise<SignedBalanceProof>;
+    buildClaimMessage(proof: SignedBalanceProof, senderId: string): ClaimMessage;
 }
 
+interface SolanaChannelConfig {
+    rpcUrl: string;
+    keypair: Uint8Array;
+    programId: string;
+}
+interface MinaChannelConfig {
+    graphqlUrl: string;
+    privateKey: string;
+    zkAppAddress: string;
+}
 interface OnChainChannelClientConfig {
     evmSigner: EvmSigner;
     chainRpcUrls: Record<string, string>;
+    solanaConfig?: SolanaChannelConfig;
+    minaConfig?: MinaChannelConfig;
 }
 /**
  * Implements ConnectorChannelClient using viem for direct on-chain
@@ -818,6 +935,8 @@ interface OnChainChannelClientConfig {
 declare class OnChainChannelClient implements ConnectorChannelClient {
     private readonly evmSigner;
     private readonly chainRpcUrls;
+    private readonly solanaConfig?;
+    private readonly minaConfig?;
     private readonly channelContext;
     constructor(config: OnChainChannelClientConfig);
     /**
@@ -838,6 +957,24 @@ declare class OnChainChannelClient implements ConnectorChannelClient {
      * 4. Deposit initial funds if specified
      */
     openChannel(params: OpenChannelParams): Promise<OpenChannelResult>;
+    /**
+     * Opens a Solana payment channel (PDA creation).
+     */
+    private openSolanaChannel;
+    /**
+     * Opens a Mina payment channel (zkApp state transition).
+     * Dynamically imports o1js to avoid bundle bloat.
+     */
+    private openMinaChannel;
+    /**
+     * Opens an EVM payment channel on-chain.
+     *
+     * 1. Approve token spend if needed
+     * 2. Call TokenNetwork.openChannel()
+     * 3. Extract channelId from ChannelOpened event
+     * 4. Deposit initial funds if specified
+     */
+    private openEvmChannel;
     /**
      * Gets the current state of a payment channel from on-chain data.
      */
@@ -858,27 +995,70 @@ interface ChannelStore {
     delete(channelId: string): void;
 }
 
+interface ChannelManagerConfig {
+    initialDeposit?: string;
+    settlementTimeout?: number;
+}
+interface PeerNegotiation {
+    chain: string;
+    chainType: string;
+    chainId: number | string;
+    settlementAddress: string;
+    tokenAddress?: string;
+    tokenNetwork?: string;
+    initialDeposit?: string;
+    settlementTimeout?: number;
+}
 /**
- * Local nonce tracking and claim signing.
+ * Local nonce tracking, multi-chain signing, and lazy channel opening.
  *
- * Does NOT make any network calls — it only manages state
- * and delegates signing to EvmSigner.
+ * Supports multiple ChainSigner implementations (EVM, Solana, Mina).
+ * The ensureChannel() method provides idempotent lazy channel opening.
  */
 declare class ChannelManager {
-    private readonly evmSigner;
     private readonly channels;
+    private readonly chainSigners;
+    private readonly peerChannels;
+    private readonly pendingOpens;
     private readonly store?;
-    constructor(evmSigner: EvmSigner, store?: ChannelStore);
+    private readonly defaultInitialDeposit;
+    private readonly defaultSettlementTimeout;
+    private channelClient?;
+    private readonly evmSigner?;
+    constructor(evmSigner?: EvmSigner, store?: ChannelStore, config?: ChannelManagerConfig);
+    /**
+     * Register a chain-specific signer.
+     */
+    registerChainSigner(chainType: string, signer: ChainSigner): void;
+    /**
+     * Set the on-chain channel client for lazy channel opening.
+     */
+    setChannelClient(client: ConnectorChannelClient): void;
+    /**
+     * Get the signer for a tracked channel's chain type.
+     * For EVM, returns an adapter wrapping the EvmSigner.
+     */
+    getSignerForChannel(channelId: string): ChainSigner;
+    /**
+     * Lazily open a channel for a peer. Idempotent — returns existing channel
+     * if already open. Deduplicates concurrent opens for the same peer.
+     */
+    ensureChannel(peerId: string, negotiation: PeerNegotiation): Promise<string>;
+    /**
+     * Get channel ID for a peer (if any).
+     */
+    getChannelForPeer(peerId: string): string | undefined;
     /**
      * Start tracking a channel.
      * Called after bootstrap returns a channelId.
      *
      * @param channelId - Payment channel identifier
-     * @param chainContext - Chain context for EIP-712 signing (chainId + tokenNetworkAddress)
+     * @param chainContext - Chain context for signing (chainType + chainId + tokenNetworkAddress)
      * @param initialNonce - Starting nonce (default: 0)
      * @param initialAmount - Starting cumulative amount (default: 0n)
      */
     trackChannel(channelId: string, chainContext?: {
+        chainType?: string;
         chainId: number;
         tokenNetworkAddress: string;
         tokenAddress?: string;
@@ -886,6 +1066,7 @@ declare class ChannelManager {
     /**
      * Signs a balance proof for the given channel.
      * Auto-increments nonce and adds to cumulative amount.
+     * Routes to the correct ChainSigner based on the channel's chain type.
      *
      * @param channelId - Payment channel identifier
      * @param additionalAmount - Amount to add to cumulative transferred amount
@@ -893,6 +1074,7 @@ declare class ChannelManager {
      * @throws Error if channel is not being tracked
      */
     signBalanceProof(channelId: string, additionalAmount: bigint): Promise<SignedBalanceProof>;
+    private buildMetadata;
     /**
      * Gets the current nonce for a tracked channel.
      */
@@ -1005,4 +1187,258 @@ declare function applyDefaults(config: ToonClientConfig): ResolvedConfig;
  */
 declare function buildSettlementInfo(config: ToonClientConfig): ClientSettlementInfo | undefined;
 
-export { type BalanceProofParams, BtpRuntimeClient, type BtpRuntimeClientConfig, ChannelManager, ConnectorError, type EVMClaimMessage, EvmSigner, HttpConnectorAdmin, type HttpConnectorAdminConfig, HttpRuntimeClient, type HttpRuntimeClientConfig, NetworkError, OnChainChannelClient, type OnChainChannelClientConfig, type PublishEventResult, type RetryOptions, type SignedBalanceProof, ToonClient, type ToonClientConfig, ToonClientError, type ToonStartResult, ValidationError, applyDefaults, buildSettlementInfo, validateConfig, withRetry };
+/**
+ * Full multi-chain identity derived from a single BIP-39 mnemonic.
+ */
+interface ToonIdentity {
+    nostr: {
+        secretKey: Uint8Array;
+        pubkey: string;
+    };
+    evm: {
+        privateKey: Uint8Array;
+        address: string;
+    };
+    solana: {
+        secretKey: Uint8Array;
+        publicKey: string;
+    };
+    mina: {
+        privateKey: string;
+        publicKey: string;
+    };
+}
+/**
+ * Signer accessors provided by KeyManager after create/recover.
+ */
+interface ToonSigners {
+    evm: EvmSigner;
+    solana: SolanaSigner;
+    mina: MinaSigner;
+}
+/**
+ * Metadata about a registered WebAuthn credential.
+ */
+interface PasskeyInfo {
+    credentialIdHash: string;
+    createdAt: number;
+}
+/**
+ * Configuration for the KeyManager.
+ */
+interface KeyManagerConfig {
+    relayUrls: string[];
+    rpId?: string;
+    rpName?: string;
+    storageKey?: string;
+}
+/**
+ * Encrypted backup payload stored in kind:30078 event content.
+ */
+interface BackupPayload {
+    encrypted_mnemonic: string;
+    wrapped_keys: WrappedKeyEntry[];
+    recovery_code_wrapped_dek?: string;
+    iv: string;
+}
+/**
+ * A single wrapped DEK entry, keyed to a specific WebAuthn credential.
+ */
+interface WrappedKeyEntry {
+    id: string;
+    wrapped_dek: string;
+    salt: string;
+    created_at: number;
+}
+/**
+ * Vault data persisted to IndexedDB.
+ */
+interface VaultData {
+    encryptedMnemonic: string;
+    iv: string;
+    wrappedKeys: WrappedKeyEntry[];
+    recoveryCodeWrappedDek?: string;
+    recoveryCodeSalt?: string;
+}
+
+/**
+ * KeyManager orchestrates the full key lifecycle:
+ * generate, derive, store, backup, recover — gated by WebAuthn Passkeys.
+ *
+ * Usage:
+ *   const km = new KeyManager({ relayUrls: ['wss://relay.example'] });
+ *   const identity = await km.create();
+ *   // or: const identity = await km.recover();
+ *
+ *   const client = new ToonClient({
+ *     secretKey: identity.nostr.secretKey,
+ *     // ...
+ *   });
+ *
+ * Security note: JavaScript strings (like mnemonics) are immutable and cannot be
+ * zeroed from memory. Uint8Array key material is zeroed on lock(), but mnemonic
+ * strings persist until garbage collected. This is a known JS platform limitation.
+ */
+declare class KeyManager {
+    private readonly config;
+    private identity;
+    private vault;
+    private activeCredentialIdHash;
+    constructor(config: KeyManagerConfig);
+    /**
+     * Create a new account: generate mnemonic, create Passkey, encrypt, backup.
+     */
+    create(): Promise<ToonIdentity>;
+    /**
+     * Recover an account using a synced Passkey.
+     * The Nostr pubkey is extracted from the Passkey's userHandle.
+     *
+     * Flow: single assertion → userHandle → fetch backup → derive KEK → unlock.
+     * If the local vault is available (has the PRF salt), we use a single assertion
+     * with the correct salt. Otherwise, we need the backup from relays first, which
+     * requires a discovery assertion to get the pubkey.
+     */
+    recover(): Promise<ToonIdentity>;
+    /**
+     * Import an existing BIP-39 mnemonic. Creates a Passkey and backup.
+     */
+    importMnemonic(mnemonic: string): Promise<ToonIdentity>;
+    /**
+     * Import from an nsec (Nostr-only key).
+     * Nostr + EVM are derived; Solana + Mina get fresh keys (not deterministically linked).
+     */
+    importNsec(nsec: string): Promise<ToonIdentity>;
+    /**
+     * Register an additional Passkey for this identity.
+     */
+    addPasskey(): Promise<void>;
+    /**
+     * List registered Passkey credentials.
+     */
+    listPasskeys(): PasskeyInfo[];
+    /**
+     * Remove a Passkey from the vault. Cannot remove the last one.
+     */
+    removePasskey(credentialIdHash: string): Promise<void>;
+    /**
+     * Generate a printable recovery code and add it to the vault.
+     * The PBKDF2 salt is persisted alongside the wrapped DEK so the code
+     * can be verified later without the original salt.
+     *
+     * @returns The recovery code — user must store it securely.
+     */
+    generateRecoveryCode(): Promise<string>;
+    /**
+     * Recover identity using a recovery code.
+     * The PBKDF2 salt is read from the persisted vault data.
+     */
+    recoverWithCode(code: string): Promise<ToonIdentity>;
+    /**
+     * Get the current identity, or null if not unlocked.
+     */
+    getIdentity(): ToonIdentity | null;
+    /**
+     * Get the Nostr secret key. Throws if not unlocked.
+     */
+    getNostrSecretKey(): Uint8Array;
+    /**
+     * Get an EvmSigner instance. Throws if not unlocked.
+     */
+    getEvmSigner(): EvmSigner;
+    /**
+     * Get a SolanaSigner instance. Throws if not unlocked or Solana not derived.
+     */
+    getSolanaSigner(): SolanaSigner;
+    /**
+     * Get a MinaSigner instance. Throws if not unlocked or Mina not derived.
+     */
+    getMinaSigner(): MinaSigner;
+    /**
+     * Publish the current vault to configured relays as a kind:30078 event.
+     */
+    backupToRelay(): Promise<void>;
+    /**
+     * Clear keys from memory. The vault remains in IndexedDB.
+     * Note: JavaScript strings (mnemonics) cannot be zeroed — only Uint8Array keys are cleared.
+     */
+    lock(): void;
+    /**
+     * Re-assert Passkey to decrypt local vault and restore identity.
+     * Uses the local vault's stored PRF salt for a single biometric prompt.
+     */
+    unlock(): Promise<ToonIdentity>;
+    /**
+     * Unlock a vault with a single Passkey assertion using stored PRF salts.
+     * If the vault has only one credential, uses allowCredentials to constrain.
+     */
+    private unlockWithVault;
+    private saveToLocalStorage;
+    private loadFromLocalStorage;
+}
+
+/**
+ * Generate a new 12-word BIP-39 mnemonic.
+ */
+declare function generateMnemonic(): string;
+/**
+ * Validate a BIP-39 mnemonic phrase.
+ */
+declare function validateMnemonic(mnemonic: string): boolean;
+/**
+ * Derive a full multi-chain ToonIdentity from a BIP-39 mnemonic.
+ *
+ * Chains derived:
+ * - Nostr (secp256k1): m/44'/1237'/0'/0/0
+ * - EVM (secp256k1): same key as Nostr
+ * - Solana (Ed25519): m/44'/501'/0'/0' (SLIP-0010)
+ * - Mina (Pallas): m/44'/12586'/0'/0/0
+ */
+declare function deriveFullIdentity(mnemonic: string): Promise<ToonIdentity>;
+/**
+ * Derive a partial identity from an nsec (Nostr-only private key).
+ * Nostr + EVM share the same secp256k1 key.
+ * Solana and Mina get empty placeholders (not deterministically linked).
+ */
+declare function deriveFromNsec(secretKey: Uint8Array): ToonIdentity;
+/**
+ * Generate a random identity (no mnemonic — for testing or ephemeral use).
+ */
+declare function generateRandomIdentity(): ToonIdentity;
+
+/**
+ * Build a kind:30078 Nostr event for identity backup.
+ * The event must be signed by the caller before publishing.
+ *
+ * @param vault - The encrypted vault data
+ * @param secretKey - Nostr secret key for signing
+ * @param chains - Comma-separated list of supported chains
+ * @returns Unsigned Nostr event template
+ */
+declare function buildBackupEvent(vault: VaultData, secretKey: Uint8Array, chains?: string): {
+    kind: number;
+    pubkey: string;
+    created_at: number;
+    tags: string[][];
+    content: string;
+};
+/**
+ * Build a relay filter to fetch the identity backup for a given pubkey.
+ */
+declare function buildBackupFilter(pubkey: string): {
+    kinds: number[];
+    authors: string[];
+    '#d': string[];
+};
+/**
+ * Parse a backup event's content into VaultData.
+ * Validates the structure before returning.
+ */
+declare function parseBackupPayload(content: string): VaultData;
+
+/**
+ * Check whether the current browser supports WebAuthn with PRF extension.
+ * Returns false in Node.js or browsers without PublicKeyCredential.
+ */
+declare function isPrfSupported(): boolean;
+
+export { type BackupPayload, type BalanceProofParams, BtpRuntimeClient, type BtpRuntimeClientConfig, ChannelManager, ConnectorError, type EVMClaimMessage, EvmSigner, HttpConnectorAdmin, type HttpConnectorAdminConfig, HttpRuntimeClient, type HttpRuntimeClientConfig, KeyManager, type KeyManagerConfig, NetworkError, OnChainChannelClient, type OnChainChannelClientConfig, type PasskeyInfo, type PublishEventResult, type RetryOptions, type SignedBalanceProof, ToonClient, type ToonClientConfig, ToonClientError, type ToonIdentity, type ToonSigners, type ToonStartResult, ValidationError, type VaultData, applyDefaults, buildBackupEvent, buildBackupFilter, buildSettlementInfo, deriveFromNsec, deriveFullIdentity, generateMnemonic, generateRandomIdentity, isPrfSupported, parseBackupPayload, validateConfig, validateMnemonic, withRetry };