@veridex/sdk 1.0.0-beta.15 → 1.0.0-beta.17

package/README.md

@@ -82,7 +82,7 @@ const customSdk = createSDK('base', {
 
 ```typescript
 const sdk = createSDK('base', {
-  relayerUrl: 'https://relayer.veridex.io',
+  relayerUrl: 'https://relayer.veridex.network',
   relayerApiKey: 'your-api-key',
 });
 

package/dist/chains/aptos/index.d.mts

@@ -1,5 +1,5 @@
 import { Aptos } from '@aptos-labs/ts-sdk';
-import { C as ChainClient, a as ChainConfig, T as TransferParams, E as ExecuteParams, B as BridgeParams, W as WebAuthnSignature, D as DispatchResult, V as VaultCreationResult } from '../../types-ChIsqCiw.mjs';
+import { f as ChainClient, a as ChainConfig, T as TransferParams, E as ExecuteParams, B as BridgeParams, w as WebAuthnSignature, D as DispatchResult, j as VaultCreationResult } from '../../types-DE2ICQik.mjs';
 
 /**
  * Veridex Protocol SDK - Aptos Chain Client

package/dist/chains/aptos/index.d.ts

@@ -1,5 +1,5 @@
 import { Aptos } from '@aptos-labs/ts-sdk';
-import { C as ChainClient, a as ChainConfig, T as TransferParams, E as ExecuteParams, B as BridgeParams, W as WebAuthnSignature, D as DispatchResult, V as VaultCreationResult } from '../../types-ChIsqCiw.js';
+import { f as ChainClient, a as ChainConfig, T as TransferParams, E as ExecuteParams, B as BridgeParams, w as WebAuthnSignature, D as DispatchResult, j as VaultCreationResult } from '../../types-DE2ICQik.js';
 
 /**
  * Veridex Protocol SDK - Aptos Chain Client

package/dist/chains/evm/index.d.mts

@@ -1,5 +1,5 @@
-export { a as EVMClient, b as EVMClientConfig, E as EVMHubClientAdapter } from '../../index-DkrLIDgS.mjs';
+export { E as EVMClient, e as EVMClientConfig, c as EVMHubClientAdapter } from '../../index-CYOyIE3b.mjs';
 import '../../types.mjs';
 import 'ethers';
-import '../../types-ChIsqCiw.mjs';
-import '../../types-FJL7j6gQ.mjs';
+import '../../types-DE2ICQik.mjs';
+import '../../types-DvFRnIBd.mjs';

package/dist/chains/evm/index.d.ts

@@ -1,5 +1,5 @@
-export { a as EVMClient, b as EVMClientConfig, E as EVMHubClientAdapter } from '../../index-BJlmzSvm.js';
+export { E as EVMClient, e as EVMClientConfig, c as EVMHubClientAdapter } from '../../index-BXcR_ypI.js';
 import '../../types.js';
 import 'ethers';
-import '../../types-ChIsqCiw.js';
-import '../../types-FJL7j6gQ.js';
+import '../../types-DE2ICQik.js';
+import '../../types-DvFRnIBd.js';

package/dist/chains/solana/index.d.mts

@@ -1,6 +1,6 @@
 import * as _solana_web3_js from '@solana/web3.js';
 import { Connection, PublicKey } from '@solana/web3.js';
-import { C as ChainClient, a as ChainConfig, T as TransferParams, E as ExecuteParams, B as BridgeParams, W as WebAuthnSignature, D as DispatchResult, V as VaultCreationResult } from '../../types-ChIsqCiw.mjs';
+import { f as ChainClient, a as ChainConfig, T as TransferParams, E as ExecuteParams, B as BridgeParams, w as WebAuthnSignature, D as DispatchResult, j as VaultCreationResult } from '../../types-DE2ICQik.mjs';
 
 interface SolanaClientConfig {
     wormholeChainId: number;

package/dist/chains/solana/index.d.ts

@@ -1,6 +1,6 @@
 import * as _solana_web3_js from '@solana/web3.js';
 import { Connection, PublicKey } from '@solana/web3.js';
-import { C as ChainClient, a as ChainConfig, T as TransferParams, E as ExecuteParams, B as BridgeParams, W as WebAuthnSignature, D as DispatchResult, V as VaultCreationResult } from '../../types-ChIsqCiw.js';
+import { f as ChainClient, a as ChainConfig, T as TransferParams, E as ExecuteParams, B as BridgeParams, w as WebAuthnSignature, D as DispatchResult, j as VaultCreationResult } from '../../types-DE2ICQik.js';
 
 interface SolanaClientConfig {
     wormholeChainId: number;

package/dist/chains/stacks/index.d.mts

@@ -0,0 +1,559 @@
+import { a as SessionKey } from '../../types-DvFRnIBd.mjs';
+import { f as ChainClient, a as ChainConfig, T as TransferParams, E as ExecuteParams, B as BridgeParams, w as WebAuthnSignature, D as DispatchResult, j as VaultCreationResult, x as RegisterSessionParams, y as RevokeSessionParams, S as SessionValidationResult } from '../../types-DE2ICQik.mjs';
+
+/**
+ * Veridex Protocol SDK - Stacks Chain Client
+ *
+ * Production-grade implementation of ChainClient interface for Stacks.
+ * Supports direct relay with native sponsored transactions.
+ *
+ * Security:
+ * - Native secp256r1-verify for Passkey (P-256) validation
+ * - Native secp256k1-verify for session key validation
+ * - Protocol-level Post-Conditions for spending safety
+ * - Nonce-based replay protection
+ * - Block-height based session expiry
+ *
+ * Architecture:
+ * - Phase 1: Direct relay (relayer sponsors Stacks transactions)
+ * - Phase 2: Wormhole cross-chain messaging (VAA + CCQ)
+ * - Vaults are map-based (Clarity doesn't support factory patterns)
+ * - All identities stored in veridex-spoke.clar
+ * - STX/sBTC custody in veridex-vault.clar (direct) + veridex-vault-vaa.clar (cross-chain)
+ * - Guardian signature verification in veridex-wormhole-verifier.clar
+ */
+
+/** Stacks action types matching veridex-spoke.clar constants */
+declare const STACKS_ACTION_TYPES: {
+    readonly TRANSFER_STX: 1;
+    readonly TRANSFER_SBTC: 2;
+    readonly CONTRACT_CALL: 3;
+};
+interface StacksClientConfig {
+    /** Wormhole chain ID (60 for Stacks) */
+    wormholeChainId: number;
+    /** Stacks RPC URL (Hiro API) */
+    rpcUrl: string;
+    /** Spoke contract principal (e.g., "ST1PQHQKV...veridex-spoke") */
+    spokeContractAddress?: string;
+    /** Vault contract principal (e.g., "ST1PQHQKV...veridex-vault") */
+    vaultContractAddress?: string;
+    /** Wormhole verifier contract principal (Phase 2) */
+    wormholeVerifierAddress?: string;
+    /** VAA-authorized vault contract principal (Phase 2) */
+    vaultVaaContractAddress?: string;
+    /** Network type */
+    network?: 'mainnet' | 'testnet';
+    /** Hub RPC URL for cross-chain session management */
+    hubRpcUrl?: string;
+    /** Hub contract address for cross-chain session management */
+    hubContractAddress?: string;
+}
+declare class StacksClient implements ChainClient {
+    private config;
+    private rpcUrl;
+    private spokeContract;
+    private vaultContract;
+    private wormholeVerifierContract;
+    private vaultVaaContract;
+    private networkType;
+    constructor(clientConfig: StacksClientConfig);
+    getConfig(): ChainConfig;
+    /**
+     * Get the current nonce for a user identity from the spoke contract.
+     * Calls the read-only function `get-nonce` on veridex-spoke.
+     */
+    getNonce(userKeyHash: string): Promise<bigint>;
+    /**
+     * Get the Wormhole message fee.
+     * Phase 1: No Wormhole integration, returns 0.
+     */
+    getMessageFee(): Promise<bigint>;
+    buildTransferPayload(params: TransferParams): Promise<string>;
+    buildExecutePayload(params: ExecuteParams): Promise<string>;
+    buildBridgePayload(params: BridgeParams): Promise<string>;
+    /**
+     * Direct dispatch is not supported on Stacks in Phase 1.
+     * Stacks actions are executed via sponsored transactions through the relayer.
+     */
+    dispatch(_signature: WebAuthnSignature, _publicKeyX: bigint, _publicKeyY: bigint, _targetChain: number, _actionPayload: string, _nonce: bigint, _signer: unknown): Promise<DispatchResult>;
+    /**
+     * Dispatch an action via the relayer (gasless/sponsored).
+     *
+     * Flow:
+     * 1. User signs action with Passkey (on client)
+     * 2. SDK submits to relayer with targetChain=60 (Stacks)
+     * 3. Relayer builds Clarity contract-call transaction
+     * 4. Relayer sponsors the transaction (pays STX gas)
+     * 5. Relayer broadcasts to Stacks network
+     * 6. Transaction confirmed on Stacks
+     */
+    dispatchGasless(signature: WebAuthnSignature, publicKeyX: bigint, publicKeyY: bigint, targetChain: number, actionPayload: string, nonce: bigint, relayerUrl: string): Promise<DispatchResult>;
+    /**
+     * Get vault address for a user.
+     * On Stacks, vaults are map-based within the vault contract.
+     * The "vault address" is the vault contract principal itself.
+     */
+    getVaultAddress(userKeyHash: string): Promise<string | null>;
+    /**
+     * Compute vault address deterministically.
+     * On Stacks, all vaults live in the same contract (map-based).
+     */
+    computeVaultAddress(_userKeyHash: string): string;
+    /**
+     * Check if a vault (identity) exists for a user.
+     * Queries the spoke contract's `identity-exists` read-only function.
+     */
+    vaultExists(userKeyHash: string): Promise<boolean>;
+    /**
+     * Create a vault (register identity) on Stacks.
+     * Must be done via Hub dispatch or relayer in Phase 1.
+     */
+    createVault(userKeyHash: string, _signer: unknown): Promise<VaultCreationResult>;
+    /**
+     * Create a vault with a sponsor wallet.
+     * On Stacks, this registers an identity via sponsored transaction.
+     */
+    createVaultSponsored?(userKeyHash: string, _sponsorPrivateKey: string, _rpcUrl?: string): Promise<VaultCreationResult>;
+    /**
+     * Create a vault via the relayer (sponsored/gasless).
+     * The relayer will sponsor the register-identity transaction.
+     */
+    createVaultViaRelayer(userKeyHash: string, relayerUrl: string): Promise<VaultCreationResult>;
+    estimateVaultCreationGas(_userKeyHash: string): Promise<bigint>;
+    getFactoryAddress(): string | undefined;
+    getImplementationAddress(): string | undefined;
+    /**
+     * Get native STX balance for an address.
+     */
+    getNativeBalance(address: string): Promise<bigint>;
+    /**
+     * Get vault STX balance for an identity.
+     * Queries the vault contract's `get-stx-balance` read-only function.
+     */
+    getVaultStxBalance(keyHash: string): Promise<bigint>;
+    /**
+     * Get vault sBTC balance for an identity.
+     */
+    getVaultSbtcBalance(keyHash: string): Promise<bigint>;
+    /**
+     * Get identity info from the spoke contract.
+     */
+    getIdentity(keyHash: string): Promise<{
+        compressedPubkey: string;
+        owner: string;
+        nonce: bigint;
+        createdAt: bigint;
+    } | null>;
+    /**
+     * Get session info from the spoke contract.
+     */
+    getSession(keyHash: string, sessionHash: string): Promise<{
+        sessionPubkey: string;
+        expiry: bigint;
+        maxValue: bigint;
+        spent: bigint;
+        revoked: boolean;
+        createdAt: bigint;
+    } | null>;
+    /**
+     * Check if a session is currently active.
+     */
+    checkSessionActive(keyHash: string, sessionHash: string): Promise<boolean>;
+    /**
+     * Get remaining spending budget for a session.
+     */
+    getRemainingBudget(keyHash: string, sessionHash: string): Promise<bigint>;
+    /**
+     * Check if the spoke contract is paused.
+     */
+    isProtocolPaused(): Promise<boolean>;
+    /**
+     * Get global identity count.
+     */
+    getIdentityCount(): Promise<bigint>;
+    /**
+     * Get total STX deposited across all vaults.
+     */
+    getTotalStxDeposited(): Promise<bigint>;
+    /**
+     * Register a session key on the Stacks spoke.
+     * On Stacks, sessions are managed directly on the spoke contract
+     * (unlike EVM spokes where sessions are on the Hub).
+     */
+    registerSession(_params: RegisterSessionParams): Promise<void>;
+    /**
+     * Revoke a session key on the Stacks spoke.
+     */
+    revokeSession(_params: RevokeSessionParams): Promise<void>;
+    /**
+     * Check if a session is active.
+     */
+    isSessionActive(userKeyHash: string, sessionKeyHash: string): Promise<SessionValidationResult>;
+    /**
+     * Get all sessions for a user.
+     * Note: Clarity maps don't support enumeration, so this requires
+     * off-chain indexing or event log parsing.
+     */
+    getUserSessions(_userKeyHash: string): Promise<SessionKey[]>;
+    /**
+     * Get the status of a Stacks transaction.
+     */
+    getTransactionStatus(txId: string): Promise<{
+        status: 'pending' | 'success' | 'failed' | 'not_found';
+        blockHeight?: number;
+        error?: string;
+    }>;
+    /**
+     * Wait for a transaction to be confirmed.
+     *
+     * @param txId - Transaction ID
+     * @param maxAttempts - Maximum polling attempts (default: 60)
+     * @param pollIntervalMs - Polling interval in milliseconds (default: 5000)
+     */
+    waitForConfirmation(txId: string, maxAttempts?: number, pollIntervalMs?: number): Promise<{
+        confirmed: boolean;
+        blockHeight?: number;
+    }>;
+    /**
+     * Get Stacks network info (block height, network version, etc.).
+     */
+    getNetworkInfo(): Promise<{
+        networkId: number;
+        stacksBlockHeight: number;
+        burnBlockHeight: number;
+        serverVersion: string;
+    }>;
+    /**
+     * Get the current Stacks block height.
+     * Used for session expiry calculations.
+     */
+    getCurrentBlockHeight(): Promise<number>;
+    /**
+     * Call a read-only Clarity function via the Hiro API.
+     * Uses the /v2/contracts/call-read endpoint.
+     */
+    private callReadOnly;
+    /**
+     * Parse a hex-encoded Clarity value from the API response.
+     * This is a simplified parser for common Clarity types.
+     */
+    private parseClarityValue;
+}
+
+/**
+ * Veridex Protocol SDK - Stacks Signature Format Conversion
+ *
+ * Converts WebAuthn/Passkey signatures to Clarity-compatible formats.
+ *
+ * Key conversions:
+ * - WebAuthn DER-encoded signature → 64-byte compact (buff 64) for secp256r1-verify
+ * - Uncompressed pubkey (x, y) → 33-byte compressed (buff 33)
+ * - Session key signing via secp256k1 → 65-byte recoverable (buff 65)
+ */
+/**
+ * Compress a P-256 public key from (x, y) coordinates to 33-byte compressed format.
+ * The prefix byte is 0x02 if y is even, 0x03 if y is odd.
+ *
+ * @param x - P-256 public key X coordinate
+ * @param y - P-256 public key Y coordinate
+ * @returns 33-byte compressed public key
+ */
+declare function compressPublicKey(x: bigint, y: bigint): Uint8Array;
+/**
+ * Convert (r, s) bigint pair to 64-byte compact signature for secp256r1-verify.
+ * Applies low-S normalization (required by Clarity's secp256r1-verify).
+ *
+ * @param r - Signature r component
+ * @param s - Signature s component
+ * @returns 64-byte compact signature buffer
+ */
+declare function rsToCompactSignature(r: bigint, s: bigint): Uint8Array;
+/**
+ * Parse a DER-encoded ECDSA signature into (r, s) components.
+ * WebAuthn signatures are typically DER-encoded.
+ *
+ * DER format: 0x30 [total-len] 0x02 [r-len] [r] 0x02 [s-len] [s]
+ *
+ * @param der - DER-encoded signature bytes
+ * @returns Object with r and s as bigints
+ */
+declare function parseDERSignature(der: Uint8Array): {
+    r: bigint;
+    s: bigint;
+};
+/**
+ * Convert a DER-encoded signature to 64-byte compact format.
+ * Combines DER parsing with compact encoding and low-S normalization.
+ *
+ * @param der - DER-encoded signature bytes
+ * @returns 64-byte compact signature buffer
+ */
+declare function derToCompactSignature(der: Uint8Array): Uint8Array;
+/**
+ * Compute the key hash (SHA-256 of compressed public key).
+ * This matches the Clarity contract's `(sha256 compressed-pubkey)`.
+ *
+ * @param compressedPubkey - 33-byte compressed public key
+ * @returns 32-byte key hash as hex string (with 0x prefix)
+ */
+declare function computeKeyHash(compressedPubkey: Uint8Array): Promise<string>;
+/**
+ * Compute the key hash from (x, y) public key coordinates.
+ * Compresses the key first, then SHA-256 hashes it.
+ *
+ * @param x - P-256 public key X coordinate
+ * @param y - P-256 public key Y coordinate
+ * @returns 32-byte key hash as hex string (with 0x prefix)
+ */
+declare function computeKeyHashFromCoords(x: bigint, y: bigint): Promise<string>;
+/**
+ * Build a registration message hash.
+ * Format: SHA-256("veridex:register:<nonce>")
+ *
+ * @param nonce - Registration nonce (typically 0 for first registration)
+ * @returns 32-byte message hash
+ */
+declare function buildRegistrationHash(nonce: number): Promise<Uint8Array>;
+/**
+ * Build a session registration message hash.
+ * Format: SHA-256("veridex:session:<session-key-hash>:<duration>:<max-value>:<nonce>")
+ *
+ * @param sessionKeyHash - Hex string of session key hash
+ * @param duration - Session duration in blocks
+ * @param maxValue - Maximum spending value in microSTX
+ * @param nonce - Identity nonce
+ * @returns 32-byte message hash
+ */
+declare function buildSessionRegistrationHash(sessionKeyHash: string, duration: number, maxValue: bigint, nonce: number): Promise<Uint8Array>;
+/**
+ * Build a session revocation message hash.
+ * Format: SHA-256("veridex:revoke:<session-hash>:<nonce>")
+ *
+ * @param sessionHash - Hex string of session hash to revoke
+ * @param nonce - Identity nonce
+ * @returns 32-byte message hash
+ */
+declare function buildRevocationHash(sessionHash: string, nonce: number): Promise<Uint8Array>;
+/**
+ * Build an execute action message hash.
+ * Format: SHA-256("veridex:execute:<action-type>:<amount>:<recipient>:<nonce>")
+ *
+ * @param actionType - Action type (1=STX transfer, 2=sBTC transfer)
+ * @param amount - Amount in base units
+ * @param recipient - Stacks principal address
+ * @param nonce - Identity nonce
+ * @returns 32-byte message hash
+ */
+declare function buildExecuteHash(actionType: number, amount: bigint, recipient: string, nonce: number): Promise<Uint8Array>;
+/**
+ * Build a withdrawal message hash.
+ * Format: SHA-256("veridex:withdraw:<amount>:<recipient>:<nonce>")
+ *
+ * @param amount - Amount in microSTX
+ * @param recipient - Stacks principal address
+ * @param nonce - Identity nonce (from spoke contract, not used for passkey withdrawals but kept for consistency)
+ * @returns 32-byte message hash
+ */
+declare function buildWithdrawalHash(amount: bigint, recipient: string, nonce: number): Promise<Uint8Array>;
+/**
+ * Convert a byte array to a hex string (no prefix).
+ */
+declare function bytesToHex(bytes: Uint8Array): string;
+/**
+ * Convert a hex string to a byte array.
+ */
+declare function hexToBytes(hex: string): Uint8Array;
+
+/**
+ * Veridex Protocol SDK - Stacks Address Utilities
+ *
+ * Validates and manipulates Stacks principal addresses.
+ * Stacks uses c32check encoding for addresses.
+ *
+ * Address formats:
+ * - Standard principal: SP/ST + 33 chars (mainnet/testnet)
+ * - Contract principal: SP/ST + 33 chars + "." + contract-name
+ */
+/** Stacks mainnet address prefix */
+declare const STACKS_MAINNET_PREFIX = "SP";
+/** Stacks testnet address prefix */
+declare const STACKS_TESTNET_PREFIX = "ST";
+/**
+ * Validate a Stacks principal address (standard or contract).
+ *
+ * @param address - Address to validate
+ * @returns true if the address is a valid Stacks principal
+ */
+declare function isValidStacksPrincipal(address: string): boolean;
+/**
+ * Validate a standard Stacks principal (not contract).
+ *
+ * @param address - Standard principal address
+ * @returns true if valid
+ */
+declare function isValidStandardPrincipal(address: string): boolean;
+/**
+ * Validate a Clarity contract name.
+ * Contract names must be 1-128 chars, alphanumeric + hyphens, starting with alpha.
+ *
+ * @param name - Contract name to validate
+ * @returns true if valid
+ */
+declare function isValidContractName(name: string): boolean;
+/**
+ * Get the network type from a Stacks address.
+ *
+ * @param address - Stacks principal address
+ * @returns 'mainnet' or 'testnet'
+ */
+declare function getNetworkFromAddress(address: string): 'mainnet' | 'testnet';
+/**
+ * Build a contract principal from deployer address and contract name.
+ *
+ * @param deployerAddress - Standard principal of the deployer
+ * @param contractName - Name of the contract
+ * @returns Contract principal in "address.contract-name" format
+ */
+declare function getContractPrincipal(deployerAddress: string, contractName: string): string;
+/**
+ * Parse a contract principal into deployer address and contract name.
+ *
+ * @param contractPrincipal - Full contract principal (e.g., "ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM.veridex-spoke")
+ * @returns Object with address and contractName
+ */
+declare function parseContractPrincipal(contractPrincipal: string): {
+    address: string;
+    contractName: string;
+};
+/**
+ * Check if an address is a contract principal.
+ *
+ * @param address - Address to check
+ * @returns true if the address contains a contract name
+ */
+declare function isContractPrincipal(address: string): boolean;
+/**
+ * Get the explorer URL for a Stacks transaction.
+ *
+ * @param txId - Transaction ID (hex string)
+ * @param network - 'mainnet' or 'testnet'
+ * @returns Full explorer URL
+ */
+declare function getStacksExplorerTxUrl(txId: string, network?: 'mainnet' | 'testnet'): string;
+/**
+ * Get the explorer URL for a Stacks address.
+ *
+ * @param address - Stacks principal address
+ * @param network - 'mainnet' or 'testnet'
+ * @returns Full explorer URL
+ */
+declare function getStacksExplorerAddressUrl(address: string, network?: 'mainnet' | 'testnet'): string;
+
+/**
+ * Veridex Protocol SDK - Stacks Post-Condition Builder
+ *
+ * Stacks Post-Conditions are a unique protocol-level safety feature.
+ * They enforce spending constraints at the blockchain level, independent
+ * of smart contract logic. This provides a third layer of protection:
+ *
+ * 1. SDK-level spending limits (off-chain, first check)
+ * 2. Contract-level spending limits (on-chain, enforced in veridex-spoke sessions)
+ * 3. Protocol-level Post-Conditions (Stacks-native, attached by SDK at tx broadcast)
+ *
+ * Post-conditions are attached to transactions before broadcast and are
+ * validated by the Stacks node itself — they cannot be bypassed by contracts.
+ */
+/** Post-condition comparison type */
+type PostConditionComparison = 'eq' | 'gte' | 'lte' | 'gt' | 'lt';
+/** STX post-condition */
+interface StxPostCondition {
+    type: 'stx';
+    principal: string;
+    comparison: PostConditionComparison;
+    amount: bigint;
+}
+/** Fungible token post-condition */
+interface FtPostCondition {
+    type: 'ft';
+    principal: string;
+    comparison: PostConditionComparison;
+    amount: bigint;
+    contractAddress: string;
+    contractName: string;
+    tokenName: string;
+}
+/** Non-fungible token post-condition */
+interface NftPostCondition {
+    type: 'nft';
+    principal: string;
+    contractAddress: string;
+    contractName: string;
+    tokenName: string;
+    assetId: string;
+    owns: boolean;
+}
+type PostCondition = StxPostCondition | FtPostCondition | NftPostCondition;
+/**
+ * Build STX transfer post-conditions for vault withdrawals.
+ * Ensures the contract sends exactly the specified amount.
+ *
+ * @param contractPrincipal - The vault contract principal (e.g., "ST1PQHQKV...veridex-vault")
+ * @param amount - Exact amount in microSTX
+ * @returns Array of post-conditions to attach to the transaction
+ */
+declare function buildStxWithdrawalPostConditions(contractPrincipal: string, amount: bigint): StxPostCondition[];
+/**
+ * Build STX deposit post-conditions.
+ * Ensures the sender sends exactly the specified amount to the vault.
+ *
+ * @param senderPrincipal - The depositor's principal address
+ * @param amount - Exact amount in microSTX
+ * @returns Array of post-conditions
+ */
+declare function buildStxDepositPostConditions(senderPrincipal: string, amount: bigint): StxPostCondition[];
+/**
+ * Build sBTC transfer post-conditions for vault withdrawals.
+ *
+ * @param contractPrincipal - The vault contract principal
+ * @param amount - Exact amount in satoshis
+ * @param sbtcContractAddress - sBTC token contract deployer address
+ * @param sbtcContractName - sBTC token contract name (default: 'sbtc-token')
+ * @returns Array of post-conditions
+ */
+declare function buildSbtcWithdrawalPostConditions(contractPrincipal: string, amount: bigint, sbtcContractAddress?: string, sbtcContractName?: string): FtPostCondition[];
+/**
+ * Build post-conditions for a session-authorized execute action.
+ * Combines STX or sBTC post-conditions based on action type.
+ *
+ * @param actionType - 1 = STX transfer, 2 = sBTC transfer
+ * @param contractPrincipal - The spoke/vault contract principal
+ * @param amount - Amount in base units
+ * @returns Array of post-conditions
+ */
+declare function buildExecutePostConditions(actionType: number, contractPrincipal: string, amount: bigint): PostCondition[];
+/**
+ * Validate that a set of post-conditions is present and reasonable.
+ * Used to reject transactions that lack post-conditions for asset transfers.
+ *
+ * @param postConditions - Array of post-conditions to validate
+ * @param expectedAmount - Expected transfer amount
+ * @returns Validation result with error message if invalid
+ */
+declare function validatePostConditions(postConditions: PostCondition[], expectedAmount: bigint): {
+    valid: boolean;
+    error?: string;
+};
+/**
+ * Get the contract address and name from a principal for post-condition construction.
+ * Handles both standard and contract principals.
+ *
+ * @param principal - Stacks principal (standard or contract)
+ * @returns Object with address and optional contractName
+ */
+declare function principalForPostCondition(principal: string): {
+    address: string;
+    contractName?: string;
+};
+
+export { type FtPostCondition, type NftPostCondition, type PostCondition, type PostConditionComparison, STACKS_ACTION_TYPES, STACKS_MAINNET_PREFIX, STACKS_TESTNET_PREFIX, StacksClient, type StacksClientConfig, type StxPostCondition, buildExecuteHash, buildExecutePostConditions, buildRegistrationHash, buildRevocationHash, buildSbtcWithdrawalPostConditions, buildSessionRegistrationHash, buildStxDepositPostConditions, buildStxWithdrawalPostConditions, buildWithdrawalHash, bytesToHex, compressPublicKey, computeKeyHash, computeKeyHashFromCoords, derToCompactSignature, getContractPrincipal, getNetworkFromAddress, getStacksExplorerAddressUrl, getStacksExplorerTxUrl, hexToBytes, isContractPrincipal, isValidContractName, isValidStacksPrincipal, isValidStandardPrincipal, parseContractPrincipal, parseDERSignature, principalForPostCondition, rsToCompactSignature, validatePostConditions };