@verbeth/sdk 0.1.10 → 0.1.11

package/dist/esm/src/addresses.d.ts

@@ -1,20 +1,12 @@
-export interface ChainConfig {
-    verbethProxy: `0x${string}`;
-    verbethImpl: `0x${string}`;
-    creationBlock: number;
-    moduleSetupHelper?: `0x${string}`;
-}
-export declare const VERBETH_CONFIG: ChainConfig;
-export declare const MODULE_SETUP_HELPERS: Record<number, `0x${string}`>;
+export declare const VERBETH_ADDRESSES: {
+    readonly verbethProxy: `0x${string}`;
+    readonly verbethImpl: `0x${string}`;
+};
+export declare const MODULE_SETUP_HELPER: `0x${string}`;
+export declare const SESSION_MODULE: `0x${string}`;
+export declare const CREATION_BLOCKS: Record<number, number>;
 export declare function getVerbethAddress(): `0x${string}`;
-export declare function getCreationBlock(): number;
+export declare function getCreationBlock(chainId: number): number;
 export declare function getModuleSetupHelper(chainId: number): `0x${string}` | undefined;
 export declare function isModuleSetupSupported(chainId: number): boolean;
-export declare const SCAN_DEFAULTS: {
-    readonly INITIAL_SCAN_BLOCKS: 1000;
-    readonly MAX_RETRIES: 3;
-    readonly MAX_RANGE_PROVIDER: 2000;
-    readonly CHUNK_SIZE: 2000;
-    readonly REAL_TIME_BUFFER: 3;
-};
 //# sourceMappingURL=addresses.d.ts.map

package/dist/esm/src/addresses.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"addresses.d.ts","sourceRoot":"","sources":["../../../src/addresses.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,KAAK,MAAM,EAAE,CAAC;IAC5B,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,KAAK,MAAM,EAAE,CAAC;CACnC;AAGD,eAAO,MAAM,cAAc,EAAE,WAInB,CAAC;AAGX,eAAO,MAAM,oBAAoB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,CAGrD,CAAC;AAGX,wBAAgB,iBAAiB,IAAI,KAAK,MAAM,EAAE,CAEjD;AAED,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,KAAK,MAAM,EAAE,GAAG,SAAS,CAE/E;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE/D;AAGD,eAAO,MAAM,aAAa;;;;;;CAMhB,CAAC"}
+{"version":3,"file":"addresses.d.ts","sourceRoot":"","sources":["../../../src/addresses.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,iBAAiB;2BACkC,KAAK,MAAM,EAAE;0BACd,KAAK,MAAM,EAAE;CAClE,CAAC;AACX,eAAO,MAAM,mBAAmB,EAAmD,KAAK,MAAM,EAAE,CAAC;AACjG,eAAO,MAAM,cAAc,EAAmD,KAAK,MAAM,EAAE,CAAC;AAG5F,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAIzC,CAAC;AAEX,wBAAgB,iBAAiB,IAAI,KAAK,MAAM,EAAE,CAEjD;AAED,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAIxD;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,KAAK,MAAM,EAAE,GAAG,SAAS,CAE/E;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE/D"}

package/dist/esm/src/addresses.js

@@ -1,32 +1,29 @@
 // packages/sdk/src/addresses.ts
-// Deterministic deployment
-export const VERBETH_CONFIG = {
+// deterministic CREATE2 deployments
+export const VERBETH_ADDRESSES = {
     verbethProxy: '0x82C9c5475D63e4C9e959280e9066aBb24973a663',
     verbethImpl: '0x51670aB6eDE1d1B11C654CCA53b7D42080802326',
-    creationBlock: 37097547, // *** only base sepolia for now
 };
-// helpers for Safe session module
-export const MODULE_SETUP_HELPERS = {
-    8453: '0xc022F74924BDB4b62D830234d89b066359bF67c0',
-    84532: '0xbd59Fea46D308eDF3b75C22a6f64AC68feFc731A',
+export const MODULE_SETUP_HELPER = '0xbd59Fea46D308eDF3b75C22a6f64AC68feFc731A';
+export const SESSION_MODULE = '0xFDBcE316F66e20Cae78D969b4f6635C703C53805';
+// block at which verbeth was deployed
+export const CREATION_BLOCKS = {
+    8453: 42658728,
+    84532: 37097547,
+    11155111: 10340254,
 };
 export function getVerbethAddress() {
-    return VERBETH_CONFIG.verbethProxy;
+    return VERBETH_ADDRESSES.verbethProxy;
 }
-export function getCreationBlock() {
-    return VERBETH_CONFIG.creationBlock;
+export function getCreationBlock(chainId) {
+    const block = CREATION_BLOCKS[chainId];
+    if (block === undefined)
+        throw new Error(`Unsupported chain: ${chainId}`);
+    return block;
 }
 export function getModuleSetupHelper(chainId) {
-    return MODULE_SETUP_HELPERS[chainId];
+    return chainId in CREATION_BLOCKS ? MODULE_SETUP_HELPER : undefined;
 }
 export function isModuleSetupSupported(chainId) {
-    return chainId in MODULE_SETUP_HELPERS;
+    return chainId in CREATION_BLOCKS;
 }
-// Scanning defaults (chain-agnostic)
-export const SCAN_DEFAULTS = {
-    INITIAL_SCAN_BLOCKS: 1000,
-    MAX_RETRIES: 3,
-    MAX_RANGE_PROVIDER: 2000,
-    CHUNK_SIZE: 2000,
-    REAL_TIME_BUFFER: 3,
-};

package/dist/esm/src/internal/scalars.d.ts

@@ -0,0 +1,3 @@
+export declare function bytesToNumberBE(bytes: Uint8Array): bigint;
+export declare function numberToBytesBE(x: bigint, length: number): Uint8Array;
+//# sourceMappingURL=scalars.d.ts.map

package/dist/esm/src/internal/scalars.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scalars.d.ts","sourceRoot":"","sources":["../../../../src/internal/scalars.ts"],"names":[],"mappings":"AAGA,wBAAgB,eAAe,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAIzD;AAED,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,UAAU,CASrE"}

package/dist/esm/src/internal/scalars.js

@@ -0,0 +1,19 @@
+// packages/sdk/src/internal/scalars.ts
+// Shared scalar utilities for secp256k1 big-integer ↔ byte conversions.
+export function bytesToNumberBE(bytes) {
+    let hex = "";
+    for (const b of bytes)
+        hex += b.toString(16).padStart(2, "0");
+    return hex.length ? BigInt("0x" + hex) : 0n;
+}
+export function numberToBytesBE(x, length) {
+    let hex = x.toString(16);
+    if (hex.length > length * 2)
+        hex = hex.slice(hex.length - length * 2);
+    hex = hex.padStart(length * 2, "0");
+    const out = new Uint8Array(length);
+    for (let i = 0; i < length; i++) {
+        out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+    }
+    return out;
+}

package/dist/esm/src/stealth.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Derive blinding factor from session stealth keys.
+ * Includes chainId in HKDF info for cross-chain domain separation.
+ */
+export declare function deriveBlindingFactor(stealthChainKey: Uint8Array, stealthRootKey: Uint8Array, chainId: number, purpose?: string): Uint8Array;
+/**
+ * Derive stealth Ethereum address for a recipient.
+ * K_stealth = K_spend + G * blinding  (secp256k1 point addition)
+ */
+export declare function deriveStealthAddress(recipientSpendPub: Uint8Array, // 33 bytes compressed
+blinding: Uint8Array): string;
+/**
+ * Derive stealth private key for spending.
+ * stealth_priv = k_spend + blinding  (mod n)
+ */
+export declare function deriveStealthPrivateKey(spendPriv: Uint8Array, blinding: Uint8Array): Uint8Array;
+//# sourceMappingURL=stealth.d.ts.map

package/dist/esm/src/stealth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stealth.d.ts","sourceRoot":"","sources":["../../../src/stealth.ts"],"names":[],"mappings":"AAYA;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,eAAe,EAAE,UAAU,EAC3B,cAAc,EAAE,UAAU,EAC1B,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,GACf,UAAU,CAOZ;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,iBAAiB,EAAE,UAAU,EAAG,sBAAsB;AACtD,QAAQ,EAAE,UAAU,GACnB,MAAM,CAaR;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,UAAU,EACrB,QAAQ,EAAE,UAAU,GACnB,UAAU,CAUZ"}

package/dist/esm/src/stealth.js

@@ -0,0 +1,65 @@
+// packages/sdk/src/stealth.ts
+// Stealth payment derivation — pure functions with strict input validation.
+import { hkdf } from '@noble/hashes/hkdf';
+import { sha256 } from '@noble/hashes/sha2';
+import { secp256k1 } from '@noble/curves/secp256k1';
+import { keccak256 } from 'ethers';
+import { bytesToNumberBE, numberToBytesBE } from './internal/scalars.js';
+const Point = secp256k1.Point;
+const curveN = Point.CURVE().n;
+/**
+ * Derive blinding factor from session stealth keys.
+ * Includes chainId in HKDF info for cross-chain domain separation.
+ */
+export function deriveBlindingFactor(stealthChainKey, stealthRootKey, chainId, purpose) {
+    if (stealthChainKey.length !== 32)
+        throw new Error('stealthChainKey must be 32 bytes');
+    if (stealthRootKey.length !== 32)
+        throw new Error('stealthRootKey must be 32 bytes');
+    const info = purpose
+        ? `verbeth:stealth:v1:${chainId}:${purpose}`
+        : `verbeth:stealth:v1:${chainId}`;
+    return hkdf(sha256, stealthChainKey, stealthRootKey, info, 32);
+}
+/**
+ * Derive stealth Ethereum address for a recipient.
+ * K_stealth = K_spend + G * blinding  (secp256k1 point addition)
+ */
+export function deriveStealthAddress(recipientSpendPub, // 33 bytes compressed
+blinding // 32 bytes
+) {
+    if (recipientSpendPub.length !== 33)
+        throw new Error('recipientSpendPub must be 33 bytes compressed');
+    if (blinding.length !== 32)
+        throw new Error('blinding must be 32 bytes');
+    // Validate point is on curve (fromHex throws on invalid)
+    const spendPoint = Point.fromHex(recipientSpendPub);
+    const blindScalar = bytesToNumberBE(blinding);
+    if (blindScalar === 0n || blindScalar >= curveN)
+        throw new Error('invalid blinding scalar');
+    const blindPoint = Point.BASE.multiply(blindScalar);
+    const stealthPoint = spendPoint.add(blindPoint);
+    const stealthPubUncompressed = stealthPoint.toBytes(false); // 65 bytes
+    const hash = keccak256(stealthPubUncompressed.slice(1));
+    return '0x' + hash.slice(-40);
+}
+/**
+ * Derive stealth private key for spending.
+ * stealth_priv = k_spend + blinding  (mod n)
+ */
+export function deriveStealthPrivateKey(spendPriv, blinding) {
+    if (spendPriv.length !== 32)
+        throw new Error('spendPriv must be 32 bytes');
+    if (blinding.length !== 32)
+        throw new Error('blinding must be 32 bytes');
+    const privScalar = bytesToNumberBE(spendPriv);
+    const blindScalar = bytesToNumberBE(blinding);
+    if (privScalar === 0n || privScalar >= curveN)
+        throw new Error('invalid spend private key');
+    if (blindScalar === 0n || blindScalar >= curveN)
+        throw new Error('invalid blinding scalar');
+    const result = (privScalar + blindScalar) % curveN;
+    if (result === 0n)
+        throw new Error('stealth private key is zero');
+    return numberToBytesBE(result, 32);
+}

package/dist/src/addresses.d.ts

@@ -1,20 +1,12 @@
-export interface ChainConfig {
-    verbethProxy: `0x${string}`;
-    verbethImpl: `0x${string}`;
-    creationBlock: number;
-    moduleSetupHelper?: `0x${string}`;
-}
-export declare const VERBETH_CONFIG: ChainConfig;
-export declare const MODULE_SETUP_HELPERS: Record<number, `0x${string}`>;
+export declare const VERBETH_ADDRESSES: {
+    readonly verbethProxy: `0x${string}`;
+    readonly verbethImpl: `0x${string}`;
+};
+export declare const MODULE_SETUP_HELPER: `0x${string}`;
+export declare const SESSION_MODULE: `0x${string}`;
+export declare const CREATION_BLOCKS: Record<number, number>;
 export declare function getVerbethAddress(): `0x${string}`;
-export declare function getCreationBlock(): number;
+export declare function getCreationBlock(chainId: number): number;
 export declare function getModuleSetupHelper(chainId: number): `0x${string}` | undefined;
 export declare function isModuleSetupSupported(chainId: number): boolean;
-export declare const SCAN_DEFAULTS: {
-    readonly INITIAL_SCAN_BLOCKS: 1000;
-    readonly MAX_RETRIES: 3;
-    readonly MAX_RANGE_PROVIDER: 2000;
-    readonly CHUNK_SIZE: 2000;
-    readonly REAL_TIME_BUFFER: 3;
-};
 //# sourceMappingURL=addresses.d.ts.map

package/dist/src/addresses.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"addresses.d.ts","sourceRoot":"","sources":["../../src/addresses.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,KAAK,MAAM,EAAE,CAAC;IAC5B,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;IAC3B,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,CAAC,EAAE,KAAK,MAAM,EAAE,CAAC;CACnC;AAGD,eAAO,MAAM,cAAc,EAAE,WAInB,CAAC;AAGX,eAAO,MAAM,oBAAoB,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,MAAM,EAAE,CAGrD,CAAC;AAGX,wBAAgB,iBAAiB,IAAI,KAAK,MAAM,EAAE,CAEjD;AAED,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,KAAK,MAAM,EAAE,GAAG,SAAS,CAE/E;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE/D;AAGD,eAAO,MAAM,aAAa;;;;;;CAMhB,CAAC"}
+{"version":3,"file":"addresses.d.ts","sourceRoot":"","sources":["../../src/addresses.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,iBAAiB;2BACkC,KAAK,MAAM,EAAE;0BACd,KAAK,MAAM,EAAE;CAClE,CAAC;AACX,eAAO,MAAM,mBAAmB,EAAmD,KAAK,MAAM,EAAE,CAAC;AACjG,eAAO,MAAM,cAAc,EAAmD,KAAK,MAAM,EAAE,CAAC;AAG5F,eAAO,MAAM,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAIzC,CAAC;AAEX,wBAAgB,iBAAiB,IAAI,KAAK,MAAM,EAAE,CAEjD;AAED,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAIxD;AAED,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG,KAAK,MAAM,EAAE,GAAG,SAAS,CAE/E;AAED,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAE/D"}

package/dist/src/addresses.js

@@ -1,32 +1,29 @@
 // packages/sdk/src/addresses.ts
-// Deterministic deployment
-export const VERBETH_CONFIG = {
+// deterministic CREATE2 deployments
+export const VERBETH_ADDRESSES = {
     verbethProxy: '0x82C9c5475D63e4C9e959280e9066aBb24973a663',
     verbethImpl: '0x51670aB6eDE1d1B11C654CCA53b7D42080802326',
-    creationBlock: 37097547, // *** only base sepolia for now
 };
-// helpers for Safe session module
-export const MODULE_SETUP_HELPERS = {
-    8453: '0xc022F74924BDB4b62D830234d89b066359bF67c0',
-    84532: '0xbd59Fea46D308eDF3b75C22a6f64AC68feFc731A',
+export const MODULE_SETUP_HELPER = '0xbd59Fea46D308eDF3b75C22a6f64AC68feFc731A';
+export const SESSION_MODULE = '0xFDBcE316F66e20Cae78D969b4f6635C703C53805';
+// block at which verbeth was deployed
+export const CREATION_BLOCKS = {
+    8453: 42658728,
+    84532: 37097547,
+    11155111: 10340254,
 };
 export function getVerbethAddress() {
-    return VERBETH_CONFIG.verbethProxy;
+    return VERBETH_ADDRESSES.verbethProxy;
 }
-export function getCreationBlock() {
-    return VERBETH_CONFIG.creationBlock;
+export function getCreationBlock(chainId) {
+    const block = CREATION_BLOCKS[chainId];
+    if (block === undefined)
+        throw new Error(`Unsupported chain: ${chainId}`);
+    return block;
 }
 export function getModuleSetupHelper(chainId) {
-    return MODULE_SETUP_HELPERS[chainId];
+    return chainId in CREATION_BLOCKS ? MODULE_SETUP_HELPER : undefined;
 }
 export function isModuleSetupSupported(chainId) {
-    return chainId in MODULE_SETUP_HELPERS;
+    return chainId in CREATION_BLOCKS;
 }
-// Scanning defaults (chain-agnostic)
-export const SCAN_DEFAULTS = {
-    INITIAL_SCAN_BLOCKS: 1000,
-    MAX_RETRIES: 3,
-    MAX_RANGE_PROVIDER: 2000,
-    CHUNK_SIZE: 2000,
-    REAL_TIME_BUFFER: 3,
-};

package/dist/src/internal/scalars.d.ts

@@ -0,0 +1,3 @@
+export declare function bytesToNumberBE(bytes: Uint8Array): bigint;
+export declare function numberToBytesBE(x: bigint, length: number): Uint8Array;
+//# sourceMappingURL=scalars.d.ts.map

package/dist/src/internal/scalars.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scalars.d.ts","sourceRoot":"","sources":["../../../src/internal/scalars.ts"],"names":[],"mappings":"AAGA,wBAAgB,eAAe,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAIzD;AAED,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,UAAU,CASrE"}

package/dist/src/internal/scalars.js

@@ -0,0 +1,19 @@
+// packages/sdk/src/internal/scalars.ts
+// Shared scalar utilities for secp256k1 big-integer ↔ byte conversions.
+export function bytesToNumberBE(bytes) {
+    let hex = "";
+    for (const b of bytes)
+        hex += b.toString(16).padStart(2, "0");
+    return hex.length ? BigInt("0x" + hex) : 0n;
+}
+export function numberToBytesBE(x, length) {
+    let hex = x.toString(16);
+    if (hex.length > length * 2)
+        hex = hex.slice(hex.length - length * 2);
+    hex = hex.padStart(length * 2, "0");
+    const out = new Uint8Array(length);
+    for (let i = 0; i < length; i++) {
+        out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+    }
+    return out;
+}

package/dist/src/stealth.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Derive blinding factor from session stealth keys.
+ * Includes chainId in HKDF info for cross-chain domain separation.
+ */
+export declare function deriveBlindingFactor(stealthChainKey: Uint8Array, stealthRootKey: Uint8Array, chainId: number, purpose?: string): Uint8Array;
+/**
+ * Derive stealth Ethereum address for a recipient.
+ * K_stealth = K_spend + G * blinding  (secp256k1 point addition)
+ */
+export declare function deriveStealthAddress(recipientSpendPub: Uint8Array, // 33 bytes compressed
+blinding: Uint8Array): string;
+/**
+ * Derive stealth private key for spending.
+ * stealth_priv = k_spend + blinding  (mod n)
+ */
+export declare function deriveStealthPrivateKey(spendPriv: Uint8Array, blinding: Uint8Array): Uint8Array;
+//# sourceMappingURL=stealth.d.ts.map

package/dist/src/stealth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stealth.d.ts","sourceRoot":"","sources":["../../src/stealth.ts"],"names":[],"mappings":"AAYA;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,eAAe,EAAE,UAAU,EAC3B,cAAc,EAAE,UAAU,EAC1B,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,MAAM,GACf,UAAU,CAOZ;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAClC,iBAAiB,EAAE,UAAU,EAAG,sBAAsB;AACtD,QAAQ,EAAE,UAAU,GACnB,MAAM,CAaR;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,SAAS,EAAE,UAAU,EACrB,QAAQ,EAAE,UAAU,GACnB,UAAU,CAUZ"}

package/dist/src/stealth.js

@@ -0,0 +1,65 @@
+// packages/sdk/src/stealth.ts
+// Stealth payment derivation — pure functions with strict input validation.
+import { hkdf } from '@noble/hashes/hkdf';
+import { sha256 } from '@noble/hashes/sha2';
+import { secp256k1 } from '@noble/curves/secp256k1';
+import { keccak256 } from 'ethers';
+import { bytesToNumberBE, numberToBytesBE } from './internal/scalars.js';
+const Point = secp256k1.Point;
+const curveN = Point.CURVE().n;
+/**
+ * Derive blinding factor from session stealth keys.
+ * Includes chainId in HKDF info for cross-chain domain separation.
+ */
+export function deriveBlindingFactor(stealthChainKey, stealthRootKey, chainId, purpose) {
+    if (stealthChainKey.length !== 32)
+        throw new Error('stealthChainKey must be 32 bytes');
+    if (stealthRootKey.length !== 32)
+        throw new Error('stealthRootKey must be 32 bytes');
+    const info = purpose
+        ? `verbeth:stealth:v1:${chainId}:${purpose}`
+        : `verbeth:stealth:v1:${chainId}`;
+    return hkdf(sha256, stealthChainKey, stealthRootKey, info, 32);
+}
+/**
+ * Derive stealth Ethereum address for a recipient.
+ * K_stealth = K_spend + G * blinding  (secp256k1 point addition)
+ */
+export function deriveStealthAddress(recipientSpendPub, // 33 bytes compressed
+blinding // 32 bytes
+) {
+    if (recipientSpendPub.length !== 33)
+        throw new Error('recipientSpendPub must be 33 bytes compressed');
+    if (blinding.length !== 32)
+        throw new Error('blinding must be 32 bytes');
+    // Validate point is on curve (fromHex throws on invalid)
+    const spendPoint = Point.fromHex(recipientSpendPub);
+    const blindScalar = bytesToNumberBE(blinding);
+    if (blindScalar === 0n || blindScalar >= curveN)
+        throw new Error('invalid blinding scalar');
+    const blindPoint = Point.BASE.multiply(blindScalar);
+    const stealthPoint = spendPoint.add(blindPoint);
+    const stealthPubUncompressed = stealthPoint.toBytes(false); // 65 bytes
+    const hash = keccak256(stealthPubUncompressed.slice(1));
+    return '0x' + hash.slice(-40);
+}
+/**
+ * Derive stealth private key for spending.
+ * stealth_priv = k_spend + blinding  (mod n)
+ */
+export function deriveStealthPrivateKey(spendPriv, blinding) {
+    if (spendPriv.length !== 32)
+        throw new Error('spendPriv must be 32 bytes');
+    if (blinding.length !== 32)
+        throw new Error('blinding must be 32 bytes');
+    const privScalar = bytesToNumberBE(spendPriv);
+    const blindScalar = bytesToNumberBE(blinding);
+    if (privScalar === 0n || privScalar >= curveN)
+        throw new Error('invalid spend private key');
+    if (blindScalar === 0n || blindScalar >= curveN)
+        throw new Error('invalid blinding scalar');
+    const result = (privScalar + blindScalar) % curveN;
+    if (result === 0n)
+        throw new Error('stealth private key is zero');
+    return numberToBytesBE(result, 32);
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@verbeth/sdk",
-  "version": "0.1.10",
+  "version": "0.1.11",
   "private": false,
   "main": "dist/src/index.js",
   "module": "dist/esm/src/index.js",