npm - @veridex/sdk - Versions diffs - 1.0.0-beta.21 → 1.0.0-beta.23 - Mend

@veridex/sdk 1.0.0-beta.21 → 1.0.0-beta.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

package/dist/EVMClient-CoOR_ywD.d.mts +332 -0
package/dist/auth/prepareAuth.d.mts +1 -1
package/dist/auth/prepareAuth.js +749 -3
package/dist/auth/prepareAuth.js.map +1 -1
package/dist/auth/prepareAuth.mjs +25 -1404
package/dist/auth/prepareAuth.mjs.map +1 -1
package/dist/chains/aptos/index.d.mts +1 -1
package/dist/chains/aptos/index.mjs +5 -574
package/dist/chains/aptos/index.mjs.map +1 -1
package/dist/chains/avalanche/index.d.mts +137 -0
package/dist/chains/avalanche/index.js +1407 -0
package/dist/chains/avalanche/index.js.map +1 -0
package/dist/chains/avalanche/index.mjs +10 -0
package/dist/chains/avalanche/index.mjs.map +1 -0
package/dist/chains/evm/index.d.mts +4 -2
package/dist/chains/evm/index.mjs +8 -1200
package/dist/chains/evm/index.mjs.map +1 -1
package/dist/chains/solana/index.d.mts +1 -1
package/dist/chains/solana/index.mjs +4 -486
package/dist/chains/solana/index.mjs.map +1 -1
package/dist/chains/stacks/index.d.mts +1 -1
package/dist/chains/stacks/index.mjs +36 -1114
package/dist/chains/stacks/index.mjs.map +1 -1
package/dist/chains/starknet/index.d.mts +1 -1
package/dist/chains/starknet/index.mjs +5 -503
package/dist/chains/starknet/index.mjs.map +1 -1
package/dist/chains/sui/index.d.mts +1 -1
package/dist/chains/sui/index.mjs +5 -529
package/dist/chains/sui/index.mjs.map +1 -1
package/dist/chunk-3Q34PMHU.mjs +840 -0
package/dist/chunk-3Q34PMHU.mjs.map +1 -0
package/dist/chunk-72ZA3OYQ.mjs +20 -0
package/dist/chunk-72ZA3OYQ.mjs.map +1 -0
package/dist/chunk-7IEUU6LD.mjs +549 -0
package/dist/chunk-7IEUU6LD.mjs.map +1 -0
package/dist/chunk-ABLEEC5N.mjs +38 -0
package/dist/chunk-ABLEEC5N.mjs.map +1 -0
package/dist/chunk-AORSW75A.mjs +1101 -0
package/dist/chunk-AORSW75A.mjs.map +1 -0
package/dist/chunk-BKTCPT7P.mjs +269 -0
package/dist/chunk-BKTCPT7P.mjs.map +1 -0
package/dist/chunk-CCHASDAI.mjs +330 -0
package/dist/chunk-CCHASDAI.mjs.map +1 -0
package/dist/chunk-FQ2WU7PX.mjs +509 -0
package/dist/chunk-FQ2WU7PX.mjs.map +1 -0
package/dist/chunk-JO74ENTF.mjs +417 -0
package/dist/chunk-JO74ENTF.mjs.map +1 -0
package/dist/chunk-K73Y36KS.mjs +407 -0
package/dist/chunk-K73Y36KS.mjs.map +1 -0
package/dist/chunk-KHV3EP3I.mjs +179 -0
package/dist/chunk-KHV3EP3I.mjs.map +1 -0
package/dist/chunk-MMSTOW4F.mjs +722 -0
package/dist/chunk-MMSTOW4F.mjs.map +1 -0
package/dist/chunk-MWZ5UHCF.mjs +1082 -0
package/dist/chunk-MWZ5UHCF.mjs.map +1 -0
package/dist/chunk-NU6JGI7L.mjs +565 -0
package/dist/chunk-NU6JGI7L.mjs.map +1 -0
package/dist/chunk-PIC2Y5DF.mjs +422 -0
package/dist/chunk-PIC2Y5DF.mjs.map +1 -0
package/dist/chunk-PPN7BG3A.mjs +464 -0
package/dist/chunk-PPN7BG3A.mjs.map +1 -0
package/dist/chunk-RSV7J43V.mjs +438 -0
package/dist/chunk-RSV7J43V.mjs.map +1 -0
package/dist/chunk-UTT6KI7N.mjs +216 -0
package/dist/chunk-UTT6KI7N.mjs.map +1 -0
package/dist/constants.mjs +16 -389
package/dist/constants.mjs.map +1 -1
package/dist/index-Du1PoZqu.d.mts +216 -0
package/dist/index.d.mts +131 -9
package/dist/index.js +12064 -11594
package/dist/index.js.map +1 -1
package/dist/index.mjs +4407 -12273
package/dist/index.mjs.map +1 -1
package/dist/passkey.d.mts +142 -0
package/dist/passkey.js +807 -0
package/dist/passkey.js.map +1 -0
package/dist/passkey.mjs +15 -0
package/dist/passkey.mjs.map +1 -0
package/dist/payload.mjs +25 -244
package/dist/payload.mjs.map +1 -1
package/dist/portfolio-UV3LLWKI.mjs +13 -0
package/dist/portfolio-UV3LLWKI.mjs.map +1 -0
package/dist/queries/index.js +39 -1
package/dist/queries/index.js.map +1 -1
package/dist/queries/index.mjs +14 -1591
package/dist/queries/index.mjs.map +1 -1
package/dist/{types-DakHNZIP.d.ts → types-Bmk689Lw.d.mts} +1 -1
package/dist/types.d.mts +10 -0
package/dist/types.js.map +1 -1
package/dist/utils.mjs +19 -385
package/dist/utils.mjs.map +1 -1
package/dist/wormhole.mjs +25 -397
package/dist/wormhole.mjs.map +1 -1
package/package.json +17 -3
package/scripts/patch-noble-curves.js +78 -0
package/dist/auth/prepareAuth.d.ts +0 -25
package/dist/chains/aptos/index.d.ts +0 -146
package/dist/chains/evm/index.d.ts +0 -5
package/dist/chains/solana/index.d.ts +0 -116
package/dist/chains/stacks/index.d.ts +0 -559
package/dist/chains/starknet/index.d.ts +0 -172
package/dist/chains/sui/index.d.ts +0 -182
package/dist/constants.d.ts +0 -150
package/dist/index-Dy29mvBf.d.mts +0 -683
package/dist/index-eXXqodd0.d.ts +0 -683
package/dist/index.d.ts +0 -3442
package/dist/payload.d.ts +0 -125
package/dist/queries/index.d.ts +0 -148
package/dist/types-DakHNZIP.d.mts +0 -571
package/dist/types-DvFRnIBd.d.ts +0 -172
package/dist/types.d.ts +0 -413
package/dist/utils.d.ts +0 -81
package/dist/wormhole.d.ts +0 -167

package/dist/chunk-AORSW75A.mjs ADDED Viewed

@@ -0,0 +1,1101 @@
+import {
+  encodeBridgeAction,
+  encodeExecuteAction,
+  encodeTransferAction
+} from "./chunk-BKTCPT7P.mjs";
+// src/chains/evm/EVMClient.ts
+import { ethers } from "ethers";
+var PROXY_BYTECODE_PREFIX = "0x3d602d80600a3d3981f3363d3d373d3d3d363d73";
+var PROXY_BYTECODE_SUFFIX = "5af43d82803e903d91602b57fd5bf3";
+var ERC20_ABI = [
+  "function balanceOf(address owner) view returns (uint256)",
+  "function decimals() view returns (uint8)",
+  "function symbol() view returns (string)",
+  "function name() view returns (string)",
+  "function allowance(address owner, address spender) view returns (uint256)",
+  "function transfer(address to, uint256 amount) returns (bool)",
+  "function approve(address spender, uint256 amount) returns (bool)"
+];
+var HUB_ABI = [
+  "function dispatch(tuple(bytes authenticatorData, string clientDataJSON, uint256 challengeIndex, uint256 typeIndex, uint256 r, uint256 s) signature, uint256 publicKeyX, uint256 publicKeyY, uint16 targetChain, bytes actionPayload, uint256 nonce) payable returns (uint64 sequence)",
+  "function userNonces(bytes32 userKeyHash) view returns (uint256)",
+  "function getMessageFee() view returns (uint256)",
+  "function getVaultAddress(bytes32 userKeyHash) view returns (address)",
+  "function vaultExists(bytes32 userKeyHash) view returns (bool)",
+  "function createVault(bytes32 userKeyHash) returns (address)",
+  // Issue #9/#10: New Hub methods for Query-based execution
+  "function getUserState(bytes32 userKeyHash) view returns (bytes32 keyHash, uint256 nonce, bytes32 lastActionHash)",
+  "function getUserLastActionHash(bytes32 userKeyHash) view returns (bytes32)",
+  // Issue #13: Session key management
+  "function registerSession(tuple(bytes authenticatorData, string clientDataJSON, uint256 challengeIndex, uint256 typeIndex, uint256 r, uint256 s) auth, uint256 publicKeyX, uint256 publicKeyY, bytes32 sessionKeyHash, uint256 duration, uint256 maxValue, bool requireUV) external",
+  "function isSessionActive(bytes32 userKeyHash, bytes32 sessionKeyHash) view returns (bool active, uint256 expiry, uint256 maxValue, uint256 sessionIndex)",
+  "function revokeSession(tuple(bytes authenticatorData, string clientDataJSON, uint256 challengeIndex, uint256 typeIndex, uint256 r, uint256 s) auth, uint256 publicKeyX, uint256 publicKeyY, bytes32 sessionKeyHash, bool requireUV) external",
+  "function getUserSessions(bytes32 userKeyHash) view returns (tuple(bytes32 sessionKeyHash, uint256 expiry, uint256 maxValue, bool revoked)[])",
+  "function getUserSessionCount(bytes32 userKeyHash) view returns (uint256)",
+  // Issue #22: Backup Passkey / Multi-Key Identity management
+  "function registerIdentity(tuple(bytes authenticatorData, string clientDataJSON, uint256 challengeIndex, uint256 typeIndex, uint256 r, uint256 s) auth, uint256 publicKeyX, uint256 publicKeyY) external",
+  "function addBackupKey(tuple(bytes authenticatorData, string clientDataJSON, uint256 challengeIndex, uint256 typeIndex, uint256 r, uint256 s) auth, uint256 publicKeyX, uint256 publicKeyY, uint256 newPublicKeyX, uint256 newPublicKeyY, uint256 nonce) external payable returns (uint64 sequence)",
+  "function removeKey(tuple(bytes authenticatorData, string clientDataJSON, uint256 challengeIndex, uint256 typeIndex, uint256 r, uint256 s) auth, uint256 publicKeyX, uint256 publicKeyY, bytes32 keyToRemove, uint256 nonce) external payable returns (uint64 sequence)",
+  "function getIdentityForKey(bytes32 keyHash) view returns (bytes32)",
+  "function getAuthorizedKeys(bytes32 identity) view returns (bytes32[])",
+  "function getAuthorizedKeyCount(bytes32 identity) view returns (uint256)",
+  "function isAuthorizedForIdentity(bytes32 identity, bytes32 keyHash) view returns (bool)",
+  "function isIdentityRoot(bytes32 keyHash) view returns (bool)",
+  "function getIdentityState(bytes32 keyHash) view returns (bytes32 identity, uint256 keyCount, uint256 maxKeys, bool isRoot)",
+  // Issue #23: Social Recovery / Guardian Management
+  "function setupGuardians(tuple(bytes authenticatorData, string clientDataJSON, uint256 challengeIndex, uint256 typeIndex, uint256 r, uint256 s) auth, uint256 publicKeyX, uint256 publicKeyY, bytes32[] guardians, uint256 threshold) external payable returns (uint64 sequence)",
+  "function addGuardian(tuple(bytes authenticatorData, string clientDataJSON, uint256 challengeIndex, uint256 typeIndex, uint256 r, uint256 s) auth, uint256 publicKeyX, uint256 publicKeyY, bytes32 guardianKeyHash) external payable returns (uint64 sequence)",
+  "function removeGuardian(tuple(bytes authenticatorData, string clientDataJSON, uint256 challengeIndex, uint256 typeIndex, uint256 r, uint256 s) auth, uint256 publicKeyX, uint256 publicKeyY, bytes32 guardianKeyHash) external payable returns (uint64 sequence)",
+  "function initiateRecovery(tuple(bytes authenticatorData, string clientDataJSON, uint256 challengeIndex, uint256 typeIndex, uint256 r, uint256 s) auth, uint256 publicKeyX, uint256 publicKeyY, bytes32 identityToRecover, bytes32 newOwnerKeyHash) external payable returns (uint64 sequence)",
+  "function approveRecovery(tuple(bytes authenticatorData, string clientDataJSON, uint256 challengeIndex, uint256 typeIndex, uint256 r, uint256 s) auth, uint256 publicKeyX, uint256 publicKeyY, bytes32 identityToRecover) external payable returns (uint64 sequence)",
+  "function executeRecovery(bytes32 identityToRecover, uint256 newPublicKeyX, uint256 newPublicKeyY) external payable returns (uint64 sequence)",
+  "function cancelRecovery(tuple(bytes authenticatorData, string clientDataJSON, uint256 challengeIndex, uint256 typeIndex, uint256 r, uint256 s) auth, uint256 publicKeyX, uint256 publicKeyY) external payable returns (uint64 sequence)",
+  "function getGuardians(bytes32 identityKeyHash) view returns (bytes32[] guardians, uint256 threshold, bool isConfigured)",
+  "function getRecoveryStatus(bytes32 identityKeyHash) view returns (bool isActive, bytes32 newOwnerKeyHash, uint256 initiatedAt, uint256 approvalCount, uint256 threshold, uint256 canExecuteAt, uint256 expiresAt)",
+  "function hasGuardianApproved(bytes32 identityKeyHash, bytes32 guardianKeyHash) view returns (bool hasApproved)"
+];
+var FACTORY_ABI = [
+  "function createVault(bytes32 ownerKeyHash) returns (address vault)",
+  "function getVault(bytes32 ownerKeyHash) view returns (address)",
+  "function computeVaultAddress(bytes32 ownerKeyHash) view returns (address vault)",
+  "function vaultExists(bytes32 ownerKeyHash) view returns (bool)",
+  "function implementation() view returns (address)"
+];
+var EVMClient = class {
+  config;
+  provider;
+  hubContract;
+  factoryContract = null;
+  cachedImplementation = null;
+  constructor(config) {
+    this.config = {
+      name: config.name ?? `EVM Chain ${config.chainId}`,
+      chainId: config.chainId,
+      wormholeChainId: config.wormholeChainId,
+      rpcUrl: config.rpcUrl,
+      explorerUrl: config.explorerUrl ?? "",
+      isEvm: true,
+      contracts: {
+        hub: config.hubContractAddress,
+        vaultFactory: config.vaultFactory,
+        vaultImplementation: config.vaultImplementation,
+        wormholeCoreBridge: config.wormholeCoreBridge,
+        tokenBridge: config.tokenBridge
+      }
+    };
+    this.provider = new ethers.JsonRpcProvider(config.rpcUrl);
+    this.hubContract = new ethers.Contract(
+      config.hubContractAddress,
+      HUB_ABI,
+      this.provider
+    );
+    if (config.vaultFactory) {
+      this.factoryContract = new ethers.Contract(
+        config.vaultFactory,
+        FACTORY_ABI,
+        this.provider
+      );
+    }
+    if (config.vaultImplementation) {
+      this.cachedImplementation = config.vaultImplementation;
+    }
+  }
+  getConfig() {
+    return this.config;
+  }
+  async getNonce(userKeyHash) {
+    const nonce = await this.hubContract.userNonces(userKeyHash);
+    return BigInt(nonce.toString());
+  }
+  /**
+   * Get user state from Hub (Issue #9/#10)
+   * Returns comprehensive state including last action hash
+   */
+  async getUserState(userKeyHash) {
+    try {
+      const result = await this.hubContract.getUserState(userKeyHash);
+      return {
+        keyHash: result[0],
+        nonce: BigInt(result[1].toString()),
+        lastActionHash: result[2]
+      };
+    } catch (error) {
+      const nonce = await this.getNonce(userKeyHash);
+      return {
+        keyHash: userKeyHash,
+        nonce,
+        lastActionHash: ethers.ZeroHash
+      };
+    }
+  }
+  /**
+   * Get user's last action hash from Hub (Issue #9/#10)
+   * Returns zero hash if user has no actions yet
+   */
+  async getUserLastActionHash(userKeyHash) {
+    try {
+      return await this.hubContract.getUserLastActionHash(userKeyHash);
+    } catch (error) {
+      return ethers.ZeroHash;
+    }
+  }
+  // ==========================================================================
+  // Session Management Methods (Issue #13)
+  // ==========================================================================
+  /**
+   * Register a new session key for temporary authentication
+   * Enables native L1 speed for repeat transactions without biometric auth
+   *
+   * @param params Session registration parameters
+   * @param signer Ethereum signer to pay gas
+   * @returns Transaction receipt
+   */
+  async registerSession(params, signer) {
+    const hubWithSigner = this.hubContract.connect(signer);
+    const authTuple = {
+      authenticatorData: params.signature.authenticatorData,
+      clientDataJSON: params.signature.clientDataJSON,
+      challengeIndex: params.signature.challengeIndex,
+      typeIndex: params.signature.typeIndex,
+      r: params.signature.r,
+      s: params.signature.s
+    };
+    const tx = await hubWithSigner.registerSession(
+      authTuple,
+      params.publicKeyX,
+      params.publicKeyY,
+      params.sessionKeyHash,
+      params.duration,
+      params.maxValue,
+      params.requireUV
+    );
+    return await tx.wait();
+  }
+  /**
+   * Check if a session is currently active (queryable via Wormhole CCQ)
+   *
+   * @param userKeyHash Hash of the user's Passkey public key
+   * @param sessionKeyHash Hash of the session key to check
+   * @returns Session validation result
+   */
+  async isSessionActive(userKeyHash, sessionKeyHash) {
+    const result = await this.hubContract.isSessionActive(userKeyHash, sessionKeyHash);
+    return {
+      active: result[0],
+      expiry: Number(result[1]),
+      maxValue: BigInt(result[2].toString()),
+      sessionIndex: Number(result[3])
+    };
+  }
+  /**
+   * Revoke a session key immediately
+   *
+   * @param params Session revocation parameters
+   * @param signer Ethereum signer to pay gas
+   * @returns Transaction receipt
+   */
+  async revokeSession(params, signer) {
+    const hubWithSigner = this.hubContract.connect(signer);
+    const authTuple = {
+      authenticatorData: params.signature.authenticatorData,
+      clientDataJSON: params.signature.clientDataJSON,
+      challengeIndex: params.signature.challengeIndex,
+      typeIndex: params.signature.typeIndex,
+      r: params.signature.r,
+      s: params.signature.s
+    };
+    const tx = await hubWithSigner.revokeSession(
+      authTuple,
+      params.publicKeyX,
+      params.publicKeyY,
+      params.sessionKeyHash,
+      params.requireUV
+    );
+    return await tx.wait();
+  }
+  /**
+   * Get all sessions for a user
+   *
+   * @param userKeyHash Hash of the user's Passkey public key
+   * @returns Array of all sessions (active and expired/revoked)
+   */
+  async getUserSessions(userKeyHash) {
+    const sessions = await this.hubContract.getUserSessions(userKeyHash);
+    return sessions.map((s) => ({
+      sessionKeyHash: s.sessionKeyHash,
+      expiry: Number(s.expiry),
+      maxValue: BigInt(s.maxValue.toString()),
+      revoked: s.revoked
+    }));
+  }
+  /**
+   * Get the number of sessions for a user
+   *
+   * @param userKeyHash Hash of the user's Passkey public key
+   * @returns Number of sessions
+   */
+  async getUserSessionCount(userKeyHash) {
+    const count = await this.hubContract.getUserSessionCount(userKeyHash);
+    return Number(count);
+  }
+  async getMessageFee() {
+    const fee = await this.hubContract.getMessageFee();
+    return BigInt(fee.toString());
+  }
+  async buildTransferPayload(params) {
+    return encodeTransferAction(
+      params.token,
+      params.recipient,
+      params.amount
+    );
+  }
+  async buildExecutePayload(params) {
+    return encodeExecuteAction(
+      params.target,
+      params.value,
+      params.data
+    );
+  }
+  async buildBridgePayload(params) {
+    return encodeBridgeAction(
+      params.token,
+      params.amount,
+      params.destinationChain,
+      params.recipient
+    );
+  }
+  async dispatch(signature, publicKeyX, publicKeyY, targetChain, actionPayload, nonce, signer) {
+    const hubWithSigner = this.hubContract.connect(signer);
+    const signatureTuple = {
+      authenticatorData: signature.authenticatorData,
+      clientDataJSON: signature.clientDataJSON,
+      challengeIndex: signature.challengeIndex,
+      typeIndex: signature.typeIndex,
+      r: signature.r,
+      s: signature.s
+    };
+    const messageFee = await this.getMessageFee();
+    const tx = await hubWithSigner.dispatch(
+      signatureTuple,
+      publicKeyX,
+      publicKeyY,
+      targetChain,
+      actionPayload,
+      nonce,
+      { value: messageFee }
+    );
+    const receipt = await tx.wait();
+    const dispatchEvent = receipt.logs.find((log) => {
+      try {
+        const parsed = hubWithSigner.interface.parseLog(log);
+        return parsed?.name === "ActionDispatched";
+      } catch {
+        return false;
+      }
+    });
+    let sequence = 0n;
+    if (dispatchEvent) {
+      const parsed = hubWithSigner.interface.parseLog(dispatchEvent);
+      sequence = BigInt(parsed?.args?.sequence?.toString() ?? "0");
+    }
+    const keyHash = ethers.keccak256(
+      ethers.AbiCoder.defaultAbiCoder().encode(
+        ["uint256", "uint256"],
+        [publicKeyX, publicKeyY]
+      )
+    );
+    return {
+      transactionHash: receipt.hash,
+      sequence,
+      userKeyHash: keyHash,
+      targetChain,
+      blockNumber: receipt.blockNumber
+    };
+  }
+  /**
+   * Dispatch an action to the Hub via relayer (gasless)
+   * The relayer pays for gas and submits the transaction on behalf of the user
+   */
+  async dispatchGasless(signature, publicKeyX, publicKeyY, targetChain, actionPayload, nonce, relayerUrl) {
+    const keyHash = ethers.keccak256(
+      ethers.AbiCoder.defaultAbiCoder().encode(
+        ["uint256", "uint256"],
+        [publicKeyX, publicKeyY]
+      )
+    );
+    const message = ethers.keccak256(
+      ethers.AbiCoder.defaultAbiCoder().encode(
+        ["bytes32", "uint16", "bytes", "uint256"],
+        [keyHash, targetChain, actionPayload, nonce]
+      )
+    );
+    const request = {
+      messageHash: message,
+      r: "0x" + signature.r.toString(16).padStart(64, "0"),
+      s: "0x" + signature.s.toString(16).padStart(64, "0"),
+      publicKeyX: "0x" + publicKeyX.toString(16).padStart(64, "0"),
+      publicKeyY: "0x" + publicKeyY.toString(16).padStart(64, "0"),
+      targetChain,
+      actionPayload,
+      nonce: Number(nonce)
+    };
+    const response = await fetch(`${relayerUrl}/api/v1/submit`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(request)
+    });
+    if (!response.ok) {
+      const error = await response.json().catch(() => ({ error: response.statusText }));
+      throw new Error(`Relayer submission failed: ${error.error || response.statusText}`);
+    }
+    const result = await response.json();
+    if (!result.success) {
+      throw new Error(`Relayer submission failed: ${result.error}`);
+    }
+    return {
+      transactionHash: result.txHash,
+      sequence: BigInt(result.sequence || "0"),
+      userKeyHash: keyHash,
+      targetChain
+    };
+  }
+  async getVaultAddress(userKeyHash) {
+    try {
+      if (this.factoryContract) {
+        const address2 = await this.factoryContract.getVault(userKeyHash);
+        if (address2 !== ethers.ZeroAddress) {
+          return address2;
+        }
+      }
+      const address = await this.hubContract.getVaultAddress(userKeyHash);
+      if (address === ethers.ZeroAddress) {
+        return null;
+      }
+      return address;
+    } catch (error) {
+      console.error("Error getting vault address:", error);
+      return null;
+    }
+  }
+  /**
+   * Compute vault address deterministically without querying the chain
+   * Uses CREATE2 with EIP-1167 minimal proxy pattern
+   */
+  computeVaultAddress(userKeyHash) {
+    const factoryAddress = this.getFactoryAddress();
+    const implementationAddress = this.getImplementationAddress();
+    if (!factoryAddress || !implementationAddress) {
+      throw new Error("Factory and implementation addresses required for address computation");
+    }
+    const salt = ethers.keccak256(
+      ethers.solidityPacked(
+        ["address", "bytes32"],
+        [factoryAddress, userKeyHash]
+      )
+    );
+    const initCode = this.buildProxyInitCode(implementationAddress);
+    const initCodeHash = ethers.keccak256(initCode);
+    const create2Data = ethers.solidityPacked(
+      ["bytes1", "address", "bytes32", "bytes32"],
+      ["0xff", factoryAddress, salt, initCodeHash]
+    );
+    const hash = ethers.keccak256(create2Data);
+    return ethers.getAddress("0x" + hash.slice(26));
+  }
+  /**
+   * Build EIP-1167 minimal proxy initcode
+   */
+  buildProxyInitCode(implementationAddress) {
+    const impl = implementationAddress.toLowerCase().replace("0x", "");
+    return PROXY_BYTECODE_PREFIX + impl + PROXY_BYTECODE_SUFFIX;
+  }
+  async vaultExists(userKeyHash) {
+    try {
+      if (this.factoryContract) {
+        return await this.factoryContract.vaultExists(userKeyHash);
+      }
+      if (this.hubContract.vaultExists) {
+        try {
+          return await this.hubContract.vaultExists(userKeyHash);
+        } catch {
+          return false;
+        }
+      }
+      return false;
+    } catch {
+      return false;
+    }
+  }
+  async createVault(userKeyHash, signer) {
+    const exists = await this.vaultExists(userKeyHash);
+    if (exists) {
+      const address = await this.getVaultAddress(userKeyHash);
+      if (address) {
+        return {
+          address,
+          transactionHash: "",
+          blockNumber: 0,
+          gasUsed: 0n,
+          alreadyExisted: true
+        };
+      }
+    }
+    let tx;
+    if (this.factoryContract) {
+      const factoryWithSigner = this.factoryContract.connect(signer);
+      tx = await factoryWithSigner.createVault(userKeyHash);
+    } else {
+      const hubWithSigner = this.hubContract.connect(signer);
+      tx = await hubWithSigner.createVault(userKeyHash);
+    }
+    const receipt = await tx.wait();
+    if (!receipt) {
+      throw new Error("Transaction failed - no receipt");
+    }
+    const vaultAddress = await this.getVaultAddress(userKeyHash);
+    if (!vaultAddress) {
+      throw new Error("Failed to create vault - address not found after creation");
+    }
+    return {
+      address: vaultAddress,
+      transactionHash: receipt.hash,
+      blockNumber: receipt.blockNumber,
+      gasUsed: receipt.gasUsed,
+      alreadyExisted: false
+    };
+  }
+  /**
+   * Create a vault with a sponsor wallet paying for gas
+   *
+   * @param userKeyHash - The user's passkey hash
+   * @param sponsorPrivateKey - Private key of the wallet that will pay gas
+   * @param rpcUrl - Optional RPC URL to use (defaults to client's RPC)
+   * @returns VaultCreationResult with address and transaction details
+   */
+  async createVaultSponsored(userKeyHash, sponsorPrivateKey, rpcUrl) {
+    const exists = await this.vaultExists(userKeyHash);
+    if (exists) {
+      const address = await this.getVaultAddress(userKeyHash);
+      if (address) {
+        return {
+          address,
+          transactionHash: "",
+          blockNumber: 0,
+          gasUsed: 0n,
+          alreadyExisted: true
+        };
+      }
+    }
+    const provider = rpcUrl ? new ethers.JsonRpcProvider(rpcUrl) : this.provider;
+    const sponsorWallet = new ethers.Wallet(sponsorPrivateKey, provider);
+    const sponsorBalance = await provider.getBalance(sponsorWallet.address);
+    const estimatedGas = await this.estimateVaultCreationGas(userKeyHash);
+    const feeData = await provider.getFeeData();
+    const estimatedCost = estimatedGas * (feeData.gasPrice ?? 1000000000n);
+    if (sponsorBalance < estimatedCost) {
+      throw new Error(
+        `Sponsor wallet has insufficient funds. Balance: ${ethers.formatEther(sponsorBalance)} ETH, Estimated cost: ${ethers.formatEther(estimatedCost)} ETH`
+      );
+    }
+    let tx;
+    if (this.factoryContract) {
+      const factoryWithSponsor = this.factoryContract.connect(sponsorWallet);
+      tx = await factoryWithSponsor.createVault(userKeyHash);
+    } else {
+      const hubWithSponsor = this.hubContract.connect(sponsorWallet);
+      tx = await hubWithSponsor.createVault(userKeyHash);
+    }
+    const receipt = await tx.wait();
+    if (!receipt) {
+      throw new Error("Transaction failed - no receipt");
+    }
+    const vaultAddress = await this.getVaultAddress(userKeyHash);
+    if (!vaultAddress) {
+      throw new Error("Failed to create vault - address not found after creation");
+    }
+    return {
+      address: vaultAddress,
+      transactionHash: receipt.hash,
+      blockNumber: receipt.blockNumber,
+      gasUsed: receipt.gasUsed,
+      alreadyExisted: false,
+      sponsoredBy: sponsorWallet.address
+    };
+  }
+  async estimateVaultCreationGas(userKeyHash) {
+    try {
+      if (this.factoryContract) {
+        return await this.factoryContract.createVault.estimateGas(userKeyHash);
+      }
+      return await this.hubContract.createVault.estimateGas(userKeyHash);
+    } catch (error) {
+      console.warn("Gas estimation failed, returning default:", error);
+      return 150000n;
+    }
+  }
+  getFactoryAddress() {
+    return this.config.contracts.vaultFactory;
+  }
+  getImplementationAddress() {
+    return this.config.contracts.vaultImplementation ?? this.cachedImplementation ?? void 0;
+  }
+  /**
+   * Fetch implementation address from factory contract
+   */
+  async fetchImplementationAddress() {
+    if (this.cachedImplementation) {
+      return this.cachedImplementation;
+    }
+    if (!this.factoryContract) {
+      return null;
+    }
+    try {
+      this.cachedImplementation = await this.factoryContract.implementation();
+      return this.cachedImplementation;
+    } catch (error) {
+      console.error("Error fetching implementation address:", error);
+      return null;
+    }
+  }
+  /**
+   * Get the provider instance
+   */
+  getProvider() {
+    return this.provider;
+  }
+  // ========================================================================
+  // Balance Methods (Phase 2)
+  // ========================================================================
+  /**
+   * Get native token balance for an address
+   */
+  async getNativeBalance(address) {
+    return await this.provider.getBalance(address);
+  }
+  /**
+   * Get ERC20 token balance for an address
+   */
+  async getTokenBalance(tokenAddress, ownerAddress) {
+    const contract = new ethers.Contract(tokenAddress, ERC20_ABI, this.provider);
+    return await contract.balanceOf(ownerAddress);
+  }
+  /**
+   * Get token allowance
+   */
+  async getTokenAllowance(tokenAddress, ownerAddress, spenderAddress) {
+    const contract = new ethers.Contract(tokenAddress, ERC20_ABI, this.provider);
+    return await contract.allowance(ownerAddress, spenderAddress);
+  }
+  /**
+   * Estimate gas for a dispatch transaction
+   */
+  async estimateDispatchGas(signature, publicKeyX, publicKeyY, targetChain, actionPayload, nonce) {
+    const signatureTuple = {
+      authenticatorData: signature.authenticatorData,
+      clientDataJSON: signature.clientDataJSON,
+      challengeIndex: signature.challengeIndex,
+      typeIndex: signature.typeIndex,
+      r: signature.r,
+      s: signature.s
+    };
+    const messageFee = await this.getMessageFee();
+    try {
+      const gasEstimate = await this.hubContract.dispatch.estimateGas(
+        signatureTuple,
+        publicKeyX,
+        publicKeyY,
+        targetChain,
+        actionPayload,
+        nonce,
+        { value: messageFee }
+      );
+      return gasEstimate;
+    } catch (error) {
+      console.warn("Gas estimation failed, using default:", error);
+      return 500000n;
+    }
+  }
+  /**
+   * Get current gas price
+   */
+  async getGasPrice() {
+    const feeData = await this.provider.getFeeData();
+    return feeData.gasPrice ?? feeData.maxFeePerGas ?? 0n;
+  }
+  /**
+   * Get current block number
+   */
+  async getBlockNumber() {
+    return await this.provider.getBlockNumber();
+  }
+  /**
+   * Get transaction receipt
+   */
+  async getTransactionReceipt(hash) {
+    return await this.provider.getTransactionReceipt(hash);
+  }
+  /**
+   * Wait for transaction confirmation
+   */
+  async waitForTransaction(hash, confirmations = 1) {
+    return await this.provider.waitForTransaction(hash, confirmations);
+  }
+  // ==========================================================================
+  // Backup Passkey / Multi-Key Identity Methods (Issue #22)
+  // ==========================================================================
+  /**
+   * Get the identity for a given key hash
+   * Returns zero hash if key is not registered to any identity
+   *
+   * @param keyHash Hash of the passkey to look up
+   * @returns Identity (first passkey's keyHash) or zero hash
+   */
+  async getIdentityForKey(keyHash) {
+    try {
+      return await this.hubContract.getIdentityForKey(keyHash);
+    } catch (error) {
+      return ethers.ZeroHash;
+    }
+  }
+  /**
+   * Get all authorized keys for an identity
+   *
+   * @param identity The identity key hash (first passkey's keyHash)
+   * @returns Array of authorized key hashes
+   */
+  async getAuthorizedKeys(identity) {
+    try {
+      return await this.hubContract.getAuthorizedKeys(identity);
+    } catch (error) {
+      return [];
+    }
+  }
+  /**
+   * Get count of authorized keys for an identity
+   *
+   * @param identity The identity key hash
+   * @returns Number of authorized keys
+   */
+  async getAuthorizedKeyCount(identity) {
+    try {
+      const count = await this.hubContract.getAuthorizedKeyCount(identity);
+      return Number(count);
+    } catch (error) {
+      return 0;
+    }
+  }
+  /**
+   * Check if a key is authorized for an identity
+   *
+   * @param identity The identity key hash
+   * @param keyHash The key hash to check
+   * @returns Whether the key is authorized
+   */
+  async isAuthorizedForIdentity(identity, keyHash) {
+    try {
+      return await this.hubContract.isAuthorizedForIdentity(identity, keyHash);
+    } catch (error) {
+      return false;
+    }
+  }
+  /**
+   * Check if a key is the root identity key
+   *
+   * @param keyHash The key hash to check
+   * @returns Whether the key is a root identity
+   */
+  async isIdentityRootKey(keyHash) {
+    try {
+      return await this.hubContract.isIdentityRoot(keyHash);
+    } catch (error) {
+      return false;
+    }
+  }
+  /**
+   * Get comprehensive identity state for a key
+   *
+   * @param keyHash Hash of any key in the identity
+   * @returns Identity state including count, max, and root status
+   */
+  async getIdentityState(keyHash) {
+    try {
+      const result = await this.hubContract.getIdentityState(keyHash);
+      return {
+        identity: result[0],
+        keyCount: Number(result[1]),
+        maxKeys: Number(result[2]),
+        isRoot: result[3]
+      };
+    } catch (error) {
+      return {
+        identity: ethers.ZeroHash,
+        keyCount: 0,
+        maxKeys: 5,
+        isRoot: false
+      };
+    }
+  }
+  /**
+   * Register a new identity with the first passkey
+   * This makes the passkey the root identity key
+   *
+   * @param signature WebAuthn signature
+   * @param publicKeyX Passkey public key X coordinate
+   * @param publicKeyY Passkey public key Y coordinate
+   * @param signer Ethereum signer to pay gas
+   * @returns Transaction receipt and identity hash
+   */
+  async registerIdentity(signature, publicKeyX, publicKeyY, signer) {
+    const hubWithSigner = this.hubContract.connect(signer);
+    const authTuple = {
+      authenticatorData: signature.authenticatorData,
+      clientDataJSON: signature.clientDataJSON,
+      challengeIndex: signature.challengeIndex,
+      typeIndex: signature.typeIndex,
+      r: signature.r,
+      s: signature.s
+    };
+    const tx = await hubWithSigner.registerIdentity(
+      authTuple,
+      publicKeyX,
+      publicKeyY
+    );
+    const receipt = await tx.wait();
+    const keyHash = ethers.keccak256(
+      ethers.solidityPacked(["uint256", "uint256"], [publicKeyX, publicKeyY])
+    );
+    return { receipt, identity: keyHash };
+  }
+  /**
+   * Add a backup passkey to an existing identity
+   * Requires WebAuthn signature from an authorized key
+   *
+   * @param signature WebAuthn signature from existing authorized key
+   * @param publicKeyX Existing key's X coordinate
+   * @param publicKeyY Existing key's Y coordinate
+   * @param newPublicKeyX New backup key's X coordinate
+   * @param newPublicKeyY New backup key's Y coordinate
+   * @param nonce Current nonce for the signing key
+   * @param signer Ethereum signer to pay gas
+   * @returns Transaction receipt and sequence number
+   */
+  async addBackupKey(signature, publicKeyX, publicKeyY, newPublicKeyX, newPublicKeyY, nonce, signer) {
+    const hubWithSigner = this.hubContract.connect(signer);
+    const authTuple = {
+      authenticatorData: signature.authenticatorData,
+      clientDataJSON: signature.clientDataJSON,
+      challengeIndex: signature.challengeIndex,
+      typeIndex: signature.typeIndex,
+      r: signature.r,
+      s: signature.s
+    };
+    const messageFee = await this.getMessageFee();
+    const tx = await hubWithSigner.addBackupKey(
+      authTuple,
+      publicKeyX,
+      publicKeyY,
+      newPublicKeyX,
+      newPublicKeyY,
+      nonce,
+      { value: messageFee }
+    );
+    const receipt = await tx.wait();
+    let sequence = 0n;
+    for (const log of receipt.logs) {
+      try {
+        const parsed = this.hubContract.interface.parseLog({
+          topics: log.topics,
+          data: log.data
+        });
+        if (parsed?.name === "Dispatched") {
+          sequence = BigInt(parsed.args[3]);
+          break;
+        }
+      } catch {
+      }
+    }
+    return { receipt, sequence };
+  }
+  /**
+   * Remove a passkey from an identity
+   * Cannot remove the last remaining key
+   *
+   * @param signature WebAuthn signature from an authorized key
+   * @param publicKeyX Signing key's X coordinate
+   * @param publicKeyY Signing key's Y coordinate
+   * @param keyToRemove Hash of the key to remove
+   * @param nonce Current nonce for the signing key
+   * @param signer Ethereum signer to pay gas
+   * @returns Transaction receipt and sequence number
+   */
+  async removeKey(signature, publicKeyX, publicKeyY, keyToRemove, nonce, signer) {
+    const hubWithSigner = this.hubContract.connect(signer);
+    const authTuple = {
+      authenticatorData: signature.authenticatorData,
+      clientDataJSON: signature.clientDataJSON,
+      challengeIndex: signature.challengeIndex,
+      typeIndex: signature.typeIndex,
+      r: signature.r,
+      s: signature.s
+    };
+    const messageFee = await this.getMessageFee();
+    const tx = await hubWithSigner.removeKey(
+      authTuple,
+      publicKeyX,
+      publicKeyY,
+      keyToRemove,
+      nonce,
+      { value: messageFee }
+    );
+    const receipt = await tx.wait();
+    let sequence = 0n;
+    for (const log of receipt.logs) {
+      try {
+        const parsed = this.hubContract.interface.parseLog({
+          topics: log.topics,
+          data: log.data
+        });
+        if (parsed?.name === "Dispatched") {
+          sequence = BigInt(parsed.args[3]);
+          break;
+        }
+      } catch {
+      }
+    }
+    return { receipt, sequence };
+  }
+  // =========================================================================
+  //                      SOCIAL RECOVERY METHODS (Issue #23)
+  // =========================================================================
+  /**
+   * Setup guardians for an identity
+   * @param signature WebAuthn signature from owner
+   * @param publicKeyX Owner's public key X coordinate
+   * @param publicKeyY Owner's public key Y coordinate
+   * @param guardians Array of guardian key hashes
+   * @param threshold Required approvals for recovery
+   * @param signer Ethers signer for transaction
+   */
+  async setupGuardians(signature, publicKeyX, publicKeyY, guardians, threshold, signer) {
+    const hubWithSigner = this.hubContract.connect(signer);
+    const authTuple = {
+      authenticatorData: signature.authenticatorData,
+      clientDataJSON: signature.clientDataJSON,
+      challengeIndex: signature.challengeIndex,
+      typeIndex: signature.typeIndex,
+      r: signature.r,
+      s: signature.s
+    };
+    const messageFee = await this.getMessageFee();
+    const tx = await hubWithSigner.setupGuardians(
+      authTuple,
+      publicKeyX,
+      publicKeyY,
+      guardians,
+      threshold,
+      { value: messageFee }
+    );
+    const receipt = await tx.wait();
+    const sequence = this._extractSequenceFromReceipt(receipt);
+    return { receipt, sequence };
+  }
+  /**
+   * Add a guardian to an identity
+   */
+  async addGuardian(signature, publicKeyX, publicKeyY, guardianKeyHash, signer) {
+    const hubWithSigner = this.hubContract.connect(signer);
+    const authTuple = {
+      authenticatorData: signature.authenticatorData,
+      clientDataJSON: signature.clientDataJSON,
+      challengeIndex: signature.challengeIndex,
+      typeIndex: signature.typeIndex,
+      r: signature.r,
+      s: signature.s
+    };
+    const messageFee = await this.getMessageFee();
+    const tx = await hubWithSigner.addGuardian(
+      authTuple,
+      publicKeyX,
+      publicKeyY,
+      guardianKeyHash,
+      { value: messageFee }
+    );
+    const receipt = await tx.wait();
+    const sequence = this._extractSequenceFromReceipt(receipt);
+    return { receipt, sequence };
+  }
+  /**
+   * Remove a guardian from an identity
+   */
+  async removeGuardian(signature, publicKeyX, publicKeyY, guardianKeyHash, signer) {
+    const hubWithSigner = this.hubContract.connect(signer);
+    const authTuple = {
+      authenticatorData: signature.authenticatorData,
+      clientDataJSON: signature.clientDataJSON,
+      challengeIndex: signature.challengeIndex,
+      typeIndex: signature.typeIndex,
+      r: signature.r,
+      s: signature.s
+    };
+    const messageFee = await this.getMessageFee();
+    const tx = await hubWithSigner.removeGuardian(
+      authTuple,
+      publicKeyX,
+      publicKeyY,
+      guardianKeyHash,
+      { value: messageFee }
+    );
+    const receipt = await tx.wait();
+    const sequence = this._extractSequenceFromReceipt(receipt);
+    return { receipt, sequence };
+  }
+  /**
+   * Initiate recovery as a guardian
+   */
+  async initiateRecovery(signature, publicKeyX, publicKeyY, identityToRecover, newOwnerKeyHash, signer) {
+    const hubWithSigner = this.hubContract.connect(signer);
+    const authTuple = {
+      authenticatorData: signature.authenticatorData,
+      clientDataJSON: signature.clientDataJSON,
+      challengeIndex: signature.challengeIndex,
+      typeIndex: signature.typeIndex,
+      r: signature.r,
+      s: signature.s
+    };
+    const messageFee = await this.getMessageFee();
+    const tx = await hubWithSigner.initiateRecovery(
+      authTuple,
+      publicKeyX,
+      publicKeyY,
+      identityToRecover,
+      newOwnerKeyHash,
+      { value: messageFee }
+    );
+    const receipt = await tx.wait();
+    const sequence = this._extractSequenceFromReceipt(receipt);
+    return { receipt, sequence };
+  }
+  /**
+   * Approve recovery as a guardian
+   */
+  async approveRecovery(signature, publicKeyX, publicKeyY, identityToRecover, signer) {
+    const hubWithSigner = this.hubContract.connect(signer);
+    const authTuple = {
+      authenticatorData: signature.authenticatorData,
+      clientDataJSON: signature.clientDataJSON,
+      challengeIndex: signature.challengeIndex,
+      typeIndex: signature.typeIndex,
+      r: signature.r,
+      s: signature.s
+    };
+    const messageFee = await this.getMessageFee();
+    const tx = await hubWithSigner.approveRecovery(
+      authTuple,
+      publicKeyX,
+      publicKeyY,
+      identityToRecover,
+      { value: messageFee }
+    );
+    const receipt = await tx.wait();
+    const sequence = this._extractSequenceFromReceipt(receipt);
+    return { receipt, sequence };
+  }
+  /**
+   * Execute recovery after timelock (anyone can call)
+   */
+  async executeRecovery(identityToRecover, newPublicKeyX, newPublicKeyY, signer) {
+    const hubWithSigner = this.hubContract.connect(signer);
+    const messageFee = await this.getMessageFee();
+    const tx = await hubWithSigner.executeRecovery(
+      identityToRecover,
+      newPublicKeyX,
+      newPublicKeyY,
+      { value: messageFee }
+    );
+    const receipt = await tx.wait();
+    const sequence = this._extractSequenceFromReceipt(receipt);
+    return { receipt, sequence };
+  }
+  /**
+   * Cancel recovery as owner
+   */
+  async cancelRecovery(signature, publicKeyX, publicKeyY, signer) {
+    const hubWithSigner = this.hubContract.connect(signer);
+    const authTuple = {
+      authenticatorData: signature.authenticatorData,
+      clientDataJSON: signature.clientDataJSON,
+      challengeIndex: signature.challengeIndex,
+      typeIndex: signature.typeIndex,
+      r: signature.r,
+      s: signature.s
+    };
+    const messageFee = await this.getMessageFee();
+    const tx = await hubWithSigner.cancelRecovery(
+      authTuple,
+      publicKeyX,
+      publicKeyY,
+      { value: messageFee }
+    );
+    const receipt = await tx.wait();
+    const sequence = this._extractSequenceFromReceipt(receipt);
+    return { receipt, sequence };
+  }
+  /**
+   * Get guardians for an identity
+   */
+  async getGuardians(identityKeyHash) {
+    const result = await this.hubContract.getGuardians(identityKeyHash);
+    return {
+      guardians: result.guardians,
+      threshold: result.threshold,
+      isConfigured: result.isConfigured
+    };
+  }
+  /**
+   * Get recovery status for an identity
+   */
+  async getRecoveryStatus(identityKeyHash) {
+    const result = await this.hubContract.getRecoveryStatus(identityKeyHash);
+    return {
+      isActive: result.isActive,
+      newOwnerKeyHash: result.newOwnerKeyHash,
+      initiatedAt: result.initiatedAt,
+      approvalCount: result.approvalCount,
+      threshold: result.threshold,
+      canExecuteAt: result.canExecuteAt,
+      expiresAt: result.expiresAt
+    };
+  }
+  /**
+   * Check if a guardian has approved recovery
+   */
+  async hasGuardianApproved(identityKeyHash, guardianKeyHash) {
+    return this.hubContract.hasGuardianApproved(identityKeyHash, guardianKeyHash);
+  }
+  /**
+   * Helper to extract sequence from transaction receipt
+   */
+  _extractSequenceFromReceipt(receipt) {
+    for (const log of receipt.logs) {
+      try {
+        const parsed = this.hubContract.interface.parseLog({
+          topics: log.topics,
+          data: log.data
+        });
+        if (parsed?.name === "Dispatch") {
+          return BigInt(parsed.args.sequence);
+        }
+      } catch {
+      }
+    }
+    return 0n;
+  }
+};
+export {
+  EVMClient
+};
+//# sourceMappingURL=chunk-AORSW75A.mjs.map