@veridex/sdk 1.0.0-beta.1

package/dist/chains/sui/index.mjs

@@ -0,0 +1,533 @@
+// src/chains/sui/SuiClient.ts
+import { SuiClient as MystenSuiClient } from "@mysten/sui/client";
+import { createHash } from "crypto";
+
+// src/payload.ts
+import { ethers } from "ethers";
+
+// src/constants.ts
+var ACTION_TRANSFER = 1;
+var ACTION_EXECUTE = 2;
+var ACTION_BRIDGE = 4;
+
+// src/payload.ts
+function encodeTransferAction(token, recipient, amount) {
+  const tokenPadded = padTo32Bytes(token);
+  const recipientPadded = padTo32Bytes(recipient);
+  const amountBytes = ethers.zeroPadValue(ethers.toBeHex(amount), 32);
+  return ethers.concat([
+    ethers.toBeHex(ACTION_TRANSFER, 1),
+    tokenPadded,
+    recipientPadded,
+    amountBytes
+  ]);
+}
+function encodeBridgeAction(token, amount, targetChain, recipient) {
+  const tokenPadded = padTo32Bytes(token);
+  const amountBytes = ethers.zeroPadValue(ethers.toBeHex(amount), 32);
+  const targetChainBytes = ethers.toBeHex(targetChain, 2);
+  const recipientPadded = padTo32Bytes(recipient);
+  return ethers.concat([
+    ethers.toBeHex(ACTION_BRIDGE, 1),
+    tokenPadded,
+    amountBytes,
+    targetChainBytes,
+    recipientPadded
+  ]);
+}
+function encodeExecuteAction(target, value, data) {
+  const targetPadded = padTo32Bytes(target);
+  const valueBytes = ethers.zeroPadValue(ethers.toBeHex(value), 32);
+  const dataBytes = ethers.getBytes(data);
+  const dataLengthBytes = ethers.toBeHex(dataBytes.length, 2);
+  return ethers.concat([
+    ethers.toBeHex(ACTION_EXECUTE, 1),
+    targetPadded,
+    valueBytes,
+    dataLengthBytes,
+    data
+  ]);
+}
+function padTo32Bytes(address) {
+  if (address.toLowerCase() === "native") {
+    return "0x" + "0".repeat(64);
+  }
+  if (address.startsWith("0x")) {
+    const hex2 = address.replace("0x", "");
+    if (!/^[0-9a-fA-F]*$/.test(hex2)) {
+      throw new Error(`Invalid address: ${address}. Expected hex string or 'native'.`);
+    }
+    return "0x" + hex2.padStart(64, "0");
+  }
+  const base58Chars = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+  for (const char of address) {
+    if (!base58Chars.includes(char)) {
+      throw new Error(`Invalid address: ${address}. Contains invalid base58 character '${char}'.`);
+    }
+  }
+  let value = BigInt(0);
+  for (const char of address) {
+    value = value * 58n + BigInt(base58Chars.indexOf(char));
+  }
+  let hex = value.toString(16);
+  if (hex.length > 64) {
+    throw new Error(`Invalid address: ${address}. Decoded value too large for 32 bytes.`);
+  }
+  return "0x" + hex.padStart(64, "0");
+}
+
+// src/chains/sui/SuiClient.ts
+var SuiClient = class {
+  config;
+  client;
+  packageId;
+  hubRpcUrl;
+  hubContractAddress;
+  constructor(config) {
+    this.config = {
+      name: `Sui ${config.network || "mainnet"}`,
+      chainId: 0,
+      wormholeChainId: config.wormholeChainId,
+      rpcUrl: config.rpcUrl,
+      explorerUrl: config.network === "testnet" ? "https://suiscan.xyz/testnet" : config.network === "devnet" ? "https://suiscan.xyz/devnet" : "https://suiscan.xyz/mainnet",
+      isEvm: false,
+      contracts: {
+        hub: config.packageId,
+        wormholeCoreBridge: config.wormholeCoreBridge,
+        tokenBridge: config.tokenBridge
+      }
+    };
+    this.client = new MystenSuiClient({ url: config.rpcUrl });
+    this.packageId = config.packageId;
+    this.hubRpcUrl = config.hubRpcUrl;
+    this.hubContractAddress = config.hubContractAddress;
+  }
+  getConfig() {
+    return this.config;
+  }
+  async getNonce(_userKeyHash) {
+    return 0n;
+  }
+  async getMessageFee() {
+    return 0n;
+  }
+  async buildTransferPayload(params) {
+    return encodeTransferAction(params.token, params.recipient, params.amount);
+  }
+  async buildExecutePayload(params) {
+    return encodeExecuteAction(params.target, params.value, params.data);
+  }
+  async buildBridgePayload(params) {
+    return encodeBridgeAction(params.token, params.amount, params.destinationChain, params.recipient);
+  }
+  async dispatch(signature, publicKeyX, publicKeyY, targetChain, actionPayload, nonce, signer) {
+    void signature;
+    void publicKeyX;
+    void publicKeyY;
+    void targetChain;
+    void actionPayload;
+    void nonce;
+    void signer;
+    throw new Error(
+      "Direct dispatch not supported on Sui spoke chains. Actions must be dispatched from the Hub (EVM) chain. "
+    );
+  }
+  async dispatchGasless(signature, publicKeyX, publicKeyY, targetChain, actionPayload, nonce, relayerUrl) {
+    const keyHash = this.computeKeyHash(publicKeyX, publicKeyY);
+    const messageHash = this.buildMessageHash(keyHash, targetChain, actionPayload, nonce);
+    const request = {
+      messageHash,
+      r: "0x" + signature.r.toString(16).padStart(64, "0"),
+      s: "0x" + signature.s.toString(16).padStart(64, "0"),
+      publicKeyX: "0x" + publicKeyX.toString(16).padStart(64, "0"),
+      publicKeyY: "0x" + publicKeyY.toString(16).padStart(64, "0"),
+      targetChain,
+      actionPayload,
+      nonce: Number(nonce)
+    };
+    const response = await fetch(`${relayerUrl}/api/v1/submit`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(request)
+    });
+    if (!response.ok) {
+      throw new Error(`Relayer submission failed: ${response.status} ${response.statusText}`);
+    }
+    const result = await response.json();
+    return {
+      transactionHash: result.transactionHash ?? result.txHash,
+      sequence: BigInt(result.sequence || 0),
+      userKeyHash: keyHash,
+      targetChain
+    };
+  }
+  async getVaultAddress(userKeyHash) {
+    return this.computeVaultAddress(userKeyHash);
+  }
+  computeVaultAddress(userKeyHash) {
+    const clean = userKeyHash.replace(/^0x/, "").padStart(64, "0");
+    return "0x" + clean;
+  }
+  async vaultExists(_userKeyHash) {
+    return true;
+  }
+  async createVault(userKeyHash, signer) {
+    void signer;
+    throw new Error(
+      `Vault creation on Sui must be done via cross-chain message from Hub. Use the Hub client to dispatch a vault creation action targeting Sui (chain ${this.config.wormholeChainId}). KeyHash=${userKeyHash}`
+    );
+  }
+  async createVaultSponsored(userKeyHash, sponsorPrivateKey, rpcUrl) {
+    void userKeyHash;
+    void sponsorPrivateKey;
+    void rpcUrl;
+    throw new Error(
+      "Vault creation on Sui must be done via cross-chain message from Hub. Use relayer gasless submission to create vault."
+    );
+  }
+  /**
+   * Create a vault via the relayer (sponsored/gasless)
+   * This is the recommended way to create Sui vaults
+   * 
+   * The relayer will dispatch a vault creation action from Hub to Sui spoke
+   */
+  async createVaultViaRelayer(userKeyHash, relayerUrl) {
+    const response = await fetch(`${relayerUrl}/api/v1/sui/vault`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        userKeyHash,
+        chainId: this.config.wormholeChainId
+      })
+    });
+    const result = await response.json();
+    if (!response.ok || !result.success) {
+      throw new Error(result.error || "Failed to create vault via relayer");
+    }
+    return {
+      address: result.vaultAddress,
+      transactionHash: result.transactionHash || "",
+      blockNumber: 0,
+      gasUsed: 0n,
+      alreadyExisted: result.alreadyExists || false,
+      sponsoredBy: "relayer"
+    };
+  }
+  /**
+   * Get vault info via relayer (includes existence check)
+   */
+  async getVaultViaRelayer(userKeyHash, relayerUrl) {
+    const response = await fetch(
+      `${relayerUrl}/api/v1/sui/vault/${userKeyHash}?chainId=${this.config.wormholeChainId}`
+    );
+    if (!response.ok) {
+      throw new Error("Failed to get vault info from relayer");
+    }
+    const result = await response.json();
+    return {
+      vaultAddress: result.vaultAddress,
+      exists: result.exists
+    };
+  }
+  async estimateVaultCreationGas(_userKeyHash) {
+    return 5000n;
+  }
+  getFactoryAddress() {
+    return void 0;
+  }
+  getImplementationAddress() {
+    return void 0;
+  }
+  // ========================================================================
+  // Balance utilities (used by VeridexSDK multichain)
+  // ========================================================================
+  async getNativeBalance(address) {
+    const balance = await this.client.getBalance({ owner: address });
+    return BigInt(balance.totalBalance);
+  }
+  async getTokenBalance(coinType, ownerAddress) {
+    const balance = await this.client.getBalance({ owner: ownerAddress, coinType });
+    return BigInt(balance.totalBalance);
+  }
+  getClient() {
+    return this.client;
+  }
+  getPackageId() {
+    return this.packageId;
+  }
+  // ========================================================================
+  // Session Management (Issue #13)
+  // ========================================================================
+  /**
+   * Register a session key on the Hub (must be called via Hub client)
+   * Sui spokes validate sessions via CCQ, but registration happens on Hub
+   * 
+   * @throws Error - Session management must be done via Hub chain
+   */
+  async registerSession(_params) {
+    throw new Error(
+      "Session registration must be performed on the Hub chain (Base). Use EVMClient connected to the Hub to call registerSession()."
+    );
+  }
+  /**
+   * Revoke a session key on the Hub (must be called via Hub client)
+   * 
+   * @throws Error - Session management must be done via Hub chain
+   */
+  async revokeSession(_params) {
+    throw new Error(
+      "Session revocation must be performed on the Hub chain (Base). Use EVMClient connected to the Hub to call revokeSession()."
+    );
+  }
+  /**
+   * Check if a session is active by querying the Hub
+   * This method queries the Hub contract directly for session validation
+   * 
+   * @param userKeyHash - Hash of user's Passkey public key
+   * @param sessionKeyHash - Hash of session key to validate
+   * @returns Session validation result with expiry and limits
+   */
+  async isSessionActive(_userKeyHash, _sessionKeyHash) {
+    if (!this.hubRpcUrl || !this.hubContractAddress) {
+      throw new Error(
+        "Hub configuration required for session validation. Provide hubRpcUrl and hubContractAddress in SuiClientConfig."
+      );
+    }
+    throw new Error(
+      "isSessionActive requires Hub client integration. Use EVMClient.isSessionActive() on the Hub chain, then pass the result to session execution on Sui."
+    );
+  }
+  /**
+   * Get all sessions for a user from the Hub
+   * 
+   * @param userKeyHash - Hash of user's Passkey public key
+   * @returns Array of all sessions (active and expired/revoked)
+   */
+  async getUserSessions(userKeyHash) {
+    if (!this.hubRpcUrl || !this.hubContractAddress) {
+      throw new Error(
+        "Hub configuration required for session queries. Provide hubRpcUrl and hubContractAddress in SuiClientConfig."
+      );
+    }
+    throw new Error(
+      `getUserSessions requires Hub client integration. Use EVMClient.getUserSessions() on the Hub chain. User: ${userKeyHash}`
+    );
+  }
+  // ========================================================================
+  // Query-Based Execution (Issue #9/#10)
+  // ========================================================================
+  /**
+   * Get user state from Hub (comprehensive state query)
+   * Returns key hash, nonce, and last action hash for CCQ validation
+   * 
+   * @param userKeyHash - Hash of user's Passkey public key
+   * @returns User state with nonce and last action hash
+   */
+  async getUserState(userKeyHash) {
+    if (!this.hubRpcUrl || !this.hubContractAddress) {
+      throw new Error(
+        "Hub configuration required for state queries. Provide hubRpcUrl and hubContractAddress in SuiClientConfig."
+      );
+    }
+    throw new Error(
+      `getUserState requires Hub client integration. Use EVMClient.getUserState() on the Hub chain. User: ${userKeyHash}`
+    );
+  }
+  /**
+   * Get user's last action hash from Hub
+   * Used for optimistic execution and nonce validation
+   * 
+   * @param userKeyHash - Hash of user's Passkey public key
+   * @returns Last action hash (zero hash if no actions)
+   */
+  async getUserLastActionHash(userKeyHash) {
+    if (!this.hubRpcUrl || !this.hubContractAddress) {
+      throw new Error(
+        "Hub configuration required for action hash queries. Provide hubRpcUrl and hubContractAddress in SuiClientConfig."
+      );
+    }
+    throw new Error(
+      `getUserLastActionHash requires Hub client integration. Use EVMClient.getUserLastActionHash() on the Hub chain. User: ${userKeyHash}`
+    );
+  }
+  /**
+   * Execute with query-based validation (faster than VAA, ~23s vs 60-90s)
+   * Uses Wormhole CCQ to validate Hub state, then executes on Sui
+   * 
+   * @param params Query execution parameters with CCQ response
+   * @returns Dispatch result with transaction hash
+   * 
+   * @remarks
+   * Query-based execution flow:
+   * 1. Query Hub state via Wormhole CCQ
+   * 2. Validate Guardian signatures on query response
+   * 3. Execute on Sui with validated state
+   * 4. Hub state must be < 60s stale (enforced by QueryVerifier)
+   */
+  async executeWithQuery(_params) {
+    throw new Error(
+      "Query-based execution on Sui requires relayer integration. Use relayer API to submit query-validated transactions. Relayer will call veridex_spoke::execute_with_query on Sui."
+    );
+  }
+  // ========================================================================
+  // Internal helpers
+  // ========================================================================
+  computeKeyHash(publicKeyX, publicKeyY) {
+    const xHex = publicKeyX.toString(16).padStart(64, "0");
+    const yHex = publicKeyY.toString(16).padStart(64, "0");
+    const combined = Buffer.from(xHex + yHex, "hex");
+    const hash = createHash("sha256").update(combined).digest("hex");
+    return "0x" + hash;
+  }
+  buildMessageHash(keyHash, targetChain, actionPayload, nonce) {
+    const keyHashBuffer = Buffer.from(keyHash.replace(/^0x/, ""), "hex");
+    const targetChainBuffer = Buffer.alloc(2);
+    targetChainBuffer.writeUInt16BE(targetChain);
+    const payloadBuffer = Buffer.from(actionPayload.replace(/^0x/, ""), "hex");
+    const nonceHex = nonce.toString(16).padStart(64, "0");
+    const nonceBuffer = Buffer.from(nonceHex, "hex");
+    const combined = Buffer.concat([keyHashBuffer, targetChainBuffer, payloadBuffer, nonceBuffer]);
+    const hash = createHash("sha256").update(combined).digest("hex");
+    return "0x" + hash;
+  }
+  // ============================================================================
+  // Social Recovery Methods (Issue #23)
+  // ============================================================================
+  // 
+  // Note: Social recovery is managed on the Hub chain (EVM).
+  // Sui spokes receive and execute recovery VAAs broadcast from the Hub.
+  // The relayer service handles submitting recovery transactions to Sui.
+  //
+  // SDK users should use EVMClient methods for guardian management and
+  // recovery initiation on the Hub chain.
+  // ============================================================================
+  /**
+   * Get vault object ID by owner key hash
+   * 
+   * @param ownerKeyHash - Owner's passkey hash (32 bytes as hex)
+   * @param configObjectId - Shared Config object ID
+   * @param registryObjectId - Shared VaultRegistry object ID
+   * @returns Vault object ID or null if not found
+   */
+  async getVaultId(ownerKeyHash, registryObjectId) {
+    try {
+      const registryObject = await this.client.getObject({
+        id: registryObjectId,
+        options: { showContent: true }
+      });
+      if (!registryObject.data?.content) {
+        return null;
+      }
+      console.warn("getVaultId requires dynamic field query - use Move view function");
+      return null;
+    } catch (error) {
+      console.error("Error getting vault ID:", error);
+      return null;
+    }
+  }
+  /**
+   * Get vault owner key hash from vault object
+   * 
+   * @param vaultObjectId - Vault object ID
+   * @returns Owner key hash as hex string
+   */
+  async getVaultOwner(vaultObjectId) {
+    try {
+      const vaultObject = await this.client.getObject({
+        id: vaultObjectId,
+        options: { showContent: true }
+      });
+      if (!vaultObject.data?.content || vaultObject.data.content.dataType !== "moveObject") {
+        return null;
+      }
+      const fields = vaultObject.data.content.fields;
+      const ownerKeyHash = fields["owner_key_hash"];
+      if (!ownerKeyHash) {
+        return null;
+      }
+      return "0x" + Buffer.from(ownerKeyHash).toString("hex");
+    } catch (error) {
+      console.error("Error getting vault owner:", error);
+      return null;
+    }
+  }
+  /**
+   * Get authorized signers for a vault
+   * 
+   * @param vaultObjectId - Vault object ID
+   * @returns Array of authorized signer key hashes
+   */
+  async getAuthorizedSigners(vaultObjectId) {
+    try {
+      const vaultObject = await this.client.getObject({
+        id: vaultObjectId,
+        options: { showContent: true }
+      });
+      if (!vaultObject.data?.content || vaultObject.data.content.dataType !== "moveObject") {
+        return [];
+      }
+      const fields = vaultObject.data.content.fields;
+      const authorizedSigners = fields["authorized_signers"];
+      if (!authorizedSigners) {
+        return [];
+      }
+      return authorizedSigners.map(
+        (signer) => "0x" + Buffer.from(signer).toString("hex")
+      );
+    } catch (error) {
+      console.error("Error getting authorized signers:", error);
+      return [];
+    }
+  }
+  /**
+   * Check if a VAA has been processed (for replay protection)
+   * 
+   * @param vaaHash - VAA hash as hex string
+   * @param processedVaasObjectId - ProcessedVAAs shared object ID
+   * @returns Whether the VAA has been processed
+   */
+  async isVaaProcessed(vaaHash, processedVaasObjectId) {
+    try {
+      const processedObject = await this.client.getObject({
+        id: processedVaasObjectId,
+        options: { showContent: true }
+      });
+      if (!processedObject.data?.content) {
+        return false;
+      }
+      console.warn("isVaaProcessed requires dynamic field query");
+      return false;
+    } catch (error) {
+      console.error("Error checking VAA status:", error);
+      return false;
+    }
+  }
+  /**
+   * Check if protocol is paused
+   * 
+   * @param configObjectId - Config shared object ID
+   * @returns Whether the protocol is paused
+   */
+  async isProtocolPaused(configObjectId) {
+    try {
+      const configObject = await this.client.getObject({
+        id: configObjectId,
+        options: { showContent: true }
+      });
+      if (!configObject.data?.content || configObject.data.content.dataType !== "moveObject") {
+        return false;
+      }
+      const fields = configObject.data.content.fields;
+      return fields["paused"] === true;
+    } catch (error) {
+      console.error("Error checking pause status:", error);
+      return false;
+    }
+  }
+};
+export {
+  SuiClient
+};
+//# sourceMappingURL=index.mjs.map