@verusidx/shared 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 VerusIDX Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/build/audit-logger.d.ts

@@ -0,0 +1,9 @@
+import type { AuditEntry } from './types.js';
+/**
+ * Log a write operation to the audit trail.
+ *
+ * Called by MCP server tool handlers after a write operation completes
+ * (success or failure). Read-only operations are not logged.
+ */
+export declare function auditLog(entry: Omit<AuditEntry, 'timestamp'>): void;
+//# sourceMappingURL=audit-logger.d.ts.map

package/build/audit-logger.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-logger.d.ts","sourceRoot":"","sources":["../src/audit-logger.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAwB7C;;;;;GAKG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,GAAG,IAAI,CAqBnE"}

package/build/audit-logger.js

@@ -0,0 +1,48 @@
+import { appendFileSync, mkdirSync } from 'node:fs';
+import { join } from 'node:path';
+import { getAuditDir } from './platform.js';
+/**
+ * Date-stamped append-only audit logger for write operations.
+ *
+ * Each day gets a new JSONL file (e.g., 2026-03-11.jsonl).
+ * Files are created with 0600 permissions since params may contain
+ * addresses/amounts. Retention is the operator's responsibility.
+ *
+ * Disabled with VERUSIDX_AUDIT_LOG=false.
+ */
+function isAuditEnabled() {
+    return process.env.VERUSIDX_AUDIT_LOG !== 'false';
+}
+function getTodayFilename() {
+    const now = new Date();
+    const yyyy = now.getFullYear();
+    const mm = String(now.getMonth() + 1).padStart(2, '0');
+    const dd = String(now.getDate()).padStart(2, '0');
+    return `${yyyy}-${mm}-${dd}.jsonl`;
+}
+/**
+ * Log a write operation to the audit trail.
+ *
+ * Called by MCP server tool handlers after a write operation completes
+ * (success or failure). Read-only operations are not logged.
+ */
+export function auditLog(entry) {
+    if (!isAuditEnabled())
+        return;
+    const auditDir = getAuditDir();
+    const filePath = join(auditDir, getTodayFilename());
+    const fullEntry = {
+        timestamp: new Date().toISOString(),
+        ...entry,
+    };
+    try {
+        mkdirSync(auditDir, { recursive: true, mode: 0o700 });
+        appendFileSync(filePath, JSON.stringify(fullEntry) + '\n', { mode: 0o600 });
+    }
+    catch {
+        // Audit logging is best-effort — don't let a logging failure
+        // break the actual operation. Write to stderr so it's visible.
+        process.stderr.write(`verusidx-mcp: audit log write failed for ${filePath}\n`);
+    }
+}
+//# sourceMappingURL=audit-logger.js.map

package/build/audit-logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-logger.js","sourceRoot":"","sources":["../src/audit-logger.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAG5C;;;;;;;;GAQG;AAEH,SAAS,cAAc;IACrB,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,OAAO,CAAC;AACpD,CAAC;AAED,SAAS,gBAAgB;IACvB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,IAAI,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAC/B,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IACvD,MAAM,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAClD,OAAO,GAAG,IAAI,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC;AACrC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,QAAQ,CAAC,KAAoC;IAC3D,IAAI,CAAC,cAAc,EAAE;QAAE,OAAO;IAE9B,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,EAAE,gBAAgB,EAAE,CAAC,CAAC;IAEpD,MAAM,SAAS,GAAe;QAC5B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,GAAG,KAAK;KACT,CAAC;IAEF,IAAI,CAAC;QACH,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACtD,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC9E,CAAC;IAAC,MAAM,CAAC;QACP,6DAA6D;QAC7D,+DAA+D;QAC/D,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,4CAA4C,QAAQ,IAAI,CACzD,CAAC;IACJ,CAAC;AACH,CAAC"}

package/build/conf-parser.d.ts

@@ -0,0 +1,9 @@
+import type { ConfValues } from './types.js';
+/**
+ * Parse a Verus/Komodo .conf file for RPC credentials and port.
+ *
+ * Format: key=value lines, # comments, no sections.
+ * Returns null if the file cannot be read.
+ */
+export declare function parseConfFile(confPath: string): ConfValues | null;
+//# sourceMappingURL=conf-parser.d.ts.map

package/build/conf-parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"conf-parser.d.ts","sourceRoot":"","sources":["../src/conf-parser.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAE7C;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,CAqCjE"}

package/build/conf-parser.js

@@ -0,0 +1,43 @@
+import { readFileSync } from 'node:fs';
+/**
+ * Parse a Verus/Komodo .conf file for RPC credentials and port.
+ *
+ * Format: key=value lines, # comments, no sections.
+ * Returns null if the file cannot be read.
+ */
+export function parseConfFile(confPath) {
+    let content;
+    try {
+        content = readFileSync(confPath, 'utf-8');
+    }
+    catch {
+        return null;
+    }
+    const values = {};
+    for (const line of content.split('\n')) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#'))
+            continue;
+        const eqIndex = trimmed.indexOf('=');
+        if (eqIndex === -1)
+            continue;
+        const key = trimmed.slice(0, eqIndex).trim();
+        const value = trimmed.slice(eqIndex + 1).trim();
+        switch (key) {
+            case 'rpcuser':
+                values.rpcuser = value;
+                break;
+            case 'rpcpassword':
+                values.rpcpassword = value;
+                break;
+            case 'rpcport':
+                values.rpcport = value;
+                break;
+            case 'rpchost':
+                values.rpchost = value;
+                break;
+        }
+    }
+    return values;
+}
+//# sourceMappingURL=conf-parser.js.map

package/build/conf-parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"conf-parser.js","sourceRoot":"","sources":["../src/conf-parser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAGvC;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,QAAgB;IAC5C,IAAI,OAAe,CAAC;IACpB,IAAI,CAAC;QACH,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC5C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAe,EAAE,CAAC;IAE9B,KAAK,MAAM,IAAI,IAAI,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAElD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,OAAO,KAAK,CAAC,CAAC;YAAE,SAAS;QAE7B,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAEhD,QAAQ,GAAG,EAAE,CAAC;YACZ,KAAK,SAAS;gBACZ,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC;gBACvB,MAAM;YACR,KAAK,aAAa;gBAChB,MAAM,CAAC,WAAW,GAAG,KAAK,CAAC;gBAC3B,MAAM;YACR,KAAK,SAAS;gBACZ,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC;gBACvB,MAAM;YACR,KAAK,SAAS;gBACZ,MAAM,CAAC,OAAO,GAAG,KAAK,CAAC;gBACvB,MAAM;QACV,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/build/errors.d.ts

@@ -0,0 +1,29 @@
+import type { ErrorCategory } from './types.js';
+/**
+ * Normalized error from Verus daemon RPC calls.
+ *
+ * Every error from the daemon (or from pre-RPC guards like spending limits)
+ * is wrapped in this class with a machine-readable category.
+ */
+export declare class VerusError extends Error {
+    readonly category: ErrorCategory;
+    readonly code: number | undefined;
+    readonly retryable: boolean;
+    constructor(category: ErrorCategory, message: string, code?: number);
+}
+/**
+ * Normalize a daemon RPC error into a VerusError.
+ *
+ * @param code - The JSON-RPC error code from the daemon
+ * @param message - The error message from the daemon
+ */
+export declare function normalizeRpcError(code: number, message: string): VerusError;
+/**
+ * Create a CONNECTION_FAILED error from a network-level failure.
+ */
+export declare function connectionError(chain: string, cause?: Error): VerusError;
+/**
+ * Create an AUTH_FAILED error.
+ */
+export declare function authError(chain: string): VerusError;
+//# sourceMappingURL=errors.d.ts.map

package/build/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD;;;;;GAKG;AACH,qBAAa,UAAW,SAAQ,KAAK;IACnC,QAAQ,CAAC,QAAQ,EAAE,aAAa,CAAC;IACjC,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,CAAC;IAClC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC;gBAEhB,QAAQ,EAAE,aAAa,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM;CAOpE;AAqCD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,UAAU,CA4B3E;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,KAAK,GAAG,UAAU,CAMxE;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAKnD"}

package/build/errors.js

@@ -0,0 +1,96 @@
+/**
+ * Normalized error from Verus daemon RPC calls.
+ *
+ * Every error from the daemon (or from pre-RPC guards like spending limits)
+ * is wrapped in this class with a machine-readable category.
+ */
+export class VerusError extends Error {
+    category;
+    code;
+    retryable;
+    constructor(category, message, code) {
+        super(message);
+        this.name = 'VerusError';
+        this.category = category;
+        this.code = code;
+        this.retryable = RETRYABLE_CATEGORIES.has(category);
+    }
+}
+const RETRYABLE_CATEGORIES = new Set([
+    'CONNECTION_FAILED',
+]);
+/**
+ * Known daemon error codes mapped to categories.
+ *
+ * Bitcoin/Zcash/Verus JSON-RPC error codes:
+ * -1:  general error
+ * -5:  invalid address or key not found (identity/currency not found)
+ * -6:  insufficient funds
+ * -8:  invalid parameter
+ * -32601: method not found
+ */
+const CODE_TO_CATEGORY = {
+    [-32601]: 'METHOD_NOT_FOUND',
+    [-8]: 'INVALID_PARAMS',
+    [-6]: 'INSUFFICIENT_FUNDS',
+};
+/**
+ * Message patterns for errors where the code alone isn't specific enough.
+ * Checked in order — first match wins.
+ */
+const MESSAGE_PATTERNS = [
+    { pattern: /identity.*not found/i, category: 'IDENTITY_NOT_FOUND' },
+    { pattern: /cannot find.*identity/i, category: 'IDENTITY_NOT_FOUND' },
+    { pattern: /no such identity/i, category: 'IDENTITY_NOT_FOUND' },
+    { pattern: /currency.*not found/i, category: 'CURRENCY_NOT_FOUND' },
+    { pattern: /cannot find.*currency/i, category: 'CURRENCY_NOT_FOUND' },
+    { pattern: /no such currency/i, category: 'CURRENCY_NOT_FOUND' },
+    { pattern: /insufficient funds/i, category: 'INSUFFICIENT_FUNDS' },
+    { pattern: /invalid.*param/i, category: 'INVALID_PARAMS' },
+];
+/**
+ * Normalize a daemon RPC error into a VerusError.
+ *
+ * @param code - The JSON-RPC error code from the daemon
+ * @param message - The error message from the daemon
+ */
+export function normalizeRpcError(code, message) {
+    // Check code-based mapping first
+    const codeCategory = CODE_TO_CATEGORY[code];
+    if (codeCategory) {
+        return new VerusError(codeCategory, message, code);
+    }
+    // Identity not found uses code -5 in some daemon versions
+    if (code === -5) {
+        // -5 can mean identity not found OR currency not found — check message
+        for (const { pattern, category } of MESSAGE_PATTERNS) {
+            if (pattern.test(message)) {
+                return new VerusError(category, message, code);
+            }
+        }
+        // Default -5 to identity not found (most common case)
+        return new VerusError('IDENTITY_NOT_FOUND', message, code);
+    }
+    // Check message patterns for any code
+    for (const { pattern, category } of MESSAGE_PATTERNS) {
+        if (pattern.test(message)) {
+            return new VerusError(category, message, code);
+        }
+    }
+    // Fallback — preserve original message
+    return new VerusError('RPC_ERROR', message, code);
+}
+/**
+ * Create a CONNECTION_FAILED error from a network-level failure.
+ */
+export function connectionError(chain, cause) {
+    const detail = cause ? `: ${cause.message}` : '';
+    return new VerusError('CONNECTION_FAILED', `Cannot connect to ${chain} daemon${detail}`);
+}
+/**
+ * Create an AUTH_FAILED error.
+ */
+export function authError(chain) {
+    return new VerusError('AUTH_FAILED', `Authentication failed for ${chain} — check rpcuser/rpcpassword in .conf file`);
+}
+//# sourceMappingURL=errors.js.map

package/build/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,MAAM,OAAO,UAAW,SAAQ,KAAK;IAC1B,QAAQ,CAAgB;IACxB,IAAI,CAAqB;IACzB,SAAS,CAAU;IAE5B,YAAY,QAAuB,EAAE,OAAe,EAAE,IAAa;QACjE,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,YAAY,CAAC;QACzB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,SAAS,GAAG,oBAAoB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACtD,CAAC;CACF;AAED,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAgB;IAClD,mBAAmB;CACpB,CAAC,CAAC;AAEH;;;;;;;;;GASG;AACH,MAAM,gBAAgB,GAAkC;IACtD,CAAC,CAAC,KAAK,CAAC,EAAE,kBAAkB;IAC5B,CAAC,CAAC,CAAC,CAAC,EAAE,gBAAgB;IACtB,CAAC,CAAC,CAAC,CAAC,EAAE,oBAAoB;CAC3B,CAAC;AAEF;;;GAGG;AACH,MAAM,gBAAgB,GAAwD;IAC5E,EAAE,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,oBAAoB,EAAE;IACnE,EAAE,OAAO,EAAE,wBAAwB,EAAE,QAAQ,EAAE,oBAAoB,EAAE;IACrE,EAAE,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,oBAAoB,EAAE;IAChE,EAAE,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,oBAAoB,EAAE;IACnE,EAAE,OAAO,EAAE,wBAAwB,EAAE,QAAQ,EAAE,oBAAoB,EAAE;IACrE,EAAE,OAAO,EAAE,mBAAmB,EAAE,QAAQ,EAAE,oBAAoB,EAAE;IAChE,EAAE,OAAO,EAAE,qBAAqB,EAAE,QAAQ,EAAE,oBAAoB,EAAE;IAClE,EAAE,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,gBAAgB,EAAE;CAC3D,CAAC;AAEF;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAY,EAAE,OAAe;IAC7D,iCAAiC;IACjC,MAAM,YAAY,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IAC5C,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,IAAI,UAAU,CAAC,YAAY,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IACrD,CAAC;IAED,0DAA0D;IAC1D,IAAI,IAAI,KAAK,CAAC,CAAC,EAAE,CAAC;QAChB,uEAAuE;QACvE,KAAK,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,gBAAgB,EAAE,CAAC;YACrD,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1B,OAAO,IAAI,UAAU,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;YACjD,CAAC;QACH,CAAC;QACD,sDAAsD;QACtD,OAAO,IAAI,UAAU,CAAC,oBAAoB,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;IAC7D,CAAC;IAED,sCAAsC;IACtC,KAAK,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,gBAAgB,EAAE,CAAC;QACrD,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,OAAO,IAAI,UAAU,CAAC,QAAQ,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED,uCAAuC;IACvC,OAAO,IAAI,UAAU,CAAC,WAAW,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;AACpD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa,EAAE,KAAa;IAC1D,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACjD,OAAO,IAAI,UAAU,CACnB,mBAAmB,EACnB,qBAAqB,KAAK,UAAU,MAAM,EAAE,CAC7C,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,OAAO,IAAI,UAAU,CACnB,aAAa,EACb,6BAA6B,KAAK,4CAA4C,CAC/E,CAAC;AACJ,CAAC"}

package/build/index.d.ts

@@ -0,0 +1,11 @@
+export type { LocalChainEntry, RemoteChainEntry, ChainEntry, ChainRegistry, RpcCredentials, ConfValues, ErrorCategory, SpendingLimitsConfig, AuditEntry, RpcRequest, RpcResponse, } from './types.js';
+export { isLocalChain, isRemoteChain } from './types.js';
+export { getChainDataDir, getPbaasDir, getChainConfPath, getConfigDir, getRegistryPath, getSpendingLimitsPath, getAuditDir, getCommitmentsDir, getVerusdDefaultPaths, } from './platform.js';
+export { parseConfFile } from './conf-parser.js';
+export { VerusError, normalizeRpcError, connectionError, authError } from './errors.js';
+export { RegistryReader, writeRegistry } from './registry.js';
+export { rpcCall, setRegistryReader, clearCredentialCache } from './rpc-client.js';
+export { auditLog } from './audit-logger.js';
+export { getSpendingLimit, checkSpendingLimits, sumOutputAmounts, ensureSpendingLimitsFile, clearSpendingLimitsCache, } from './spending-limits.js';
+export { isReadOnly, assertWriteEnabled } from './read-only-guard.js';
+//# sourceMappingURL=index.d.ts.map

package/build/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,eAAe,EACf,gBAAgB,EAChB,UAAU,EACV,aAAa,EACb,cAAc,EACd,UAAU,EACV,aAAa,EACb,oBAAoB,EACpB,UAAU,EACV,UAAU,EACV,WAAW,GACZ,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAGzD,OAAO,EACL,eAAe,EACf,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,eAAe,EACf,qBAAqB,EACrB,WAAW,EACX,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAGvB,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAGjD,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxF,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAG9D,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAGnF,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAG7C,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,gBAAgB,EAChB,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC"}

package/build/index.js

@@ -0,0 +1,18 @@
+export { isLocalChain, isRemoteChain } from './types.js';
+// Platform
+export { getChainDataDir, getPbaasDir, getChainConfPath, getConfigDir, getRegistryPath, getSpendingLimitsPath, getAuditDir, getCommitmentsDir, getVerusdDefaultPaths, } from './platform.js';
+// Conf parser
+export { parseConfFile } from './conf-parser.js';
+// Errors
+export { VerusError, normalizeRpcError, connectionError, authError } from './errors.js';
+// Registry
+export { RegistryReader, writeRegistry } from './registry.js';
+// RPC client
+export { rpcCall, setRegistryReader, clearCredentialCache } from './rpc-client.js';
+// Audit logger
+export { auditLog } from './audit-logger.js';
+// Spending limits
+export { getSpendingLimit, checkSpendingLimits, sumOutputAmounts, ensureSpendingLimitsFile, clearSpendingLimitsCache, } from './spending-limits.js';
+// Read-only guard
+export { isReadOnly, assertWriteEnabled } from './read-only-guard.js';
+//# sourceMappingURL=index.js.map

package/build/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEzD,WAAW;AACX,OAAO,EACL,eAAe,EACf,WAAW,EACX,gBAAgB,EAChB,YAAY,EACZ,eAAe,EACf,qBAAqB,EACrB,WAAW,EACX,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAEvB,cAAc;AACd,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAEjD,SAAS;AACT,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAExF,WAAW;AACX,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAE9D,aAAa;AACb,OAAO,EAAE,OAAO,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AAEnF,eAAe;AACf,OAAO,EAAE,QAAQ,EAAE,MAAM,mBAAmB,CAAC;AAE7C,kBAAkB;AAClB,OAAO,EACL,gBAAgB,EAChB,mBAAmB,EACnB,gBAAgB,EAChB,wBAAwB,EACxB,wBAAwB,GACzB,MAAM,sBAAsB,CAAC;AAE9B,kBAAkB;AAClB,OAAO,EAAE,UAAU,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC"}

package/build/platform.d.ts

@@ -0,0 +1,19 @@
+/** Primary chain data directory (Komodo-style). */
+export declare function getChainDataDir(): string;
+/** PBaaS data directory (Verus-style). */
+export declare function getPbaasDir(): string;
+/** Get the expected .conf file path for a chain in the Komodo data dir. */
+export declare function getChainConfPath(chainName: string): string;
+/** Root config directory for verusidx-mcp. */
+export declare function getConfigDir(): string;
+/** Path to the chain registry file. */
+export declare function getRegistryPath(): string;
+/** Path to the spending limits config file. */
+export declare function getSpendingLimitsPath(): string;
+/** Audit log directory. */
+export declare function getAuditDir(): string;
+/** Commitment storage directory for identity registration. */
+export declare function getCommitmentsDir(): string;
+/** Default locations to search for the verusd binary, after env var and PATH. */
+export declare function getVerusdDefaultPaths(): string[];
+//# sourceMappingURL=platform.d.ts.map

package/build/platform.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"platform.d.ts","sourceRoot":"","sources":["../src/platform.ts"],"names":[],"mappings":"AA0BA,mDAAmD;AACnD,wBAAgB,eAAe,IAAI,MAAM,CAUxC;AAED,0CAA0C;AAC1C,wBAAgB,WAAW,IAAI,MAAM,CAUpC;AAED,2EAA2E;AAC3E,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAE1D;AAID,8CAA8C;AAC9C,wBAAgB,YAAY,IAAI,MAAM,CAUrC;AAED,uCAAuC;AACvC,wBAAgB,eAAe,IAAI,MAAM,CAExC;AAED,+CAA+C;AAC/C,wBAAgB,qBAAqB,IAAI,MAAM,CAI9C;AAED,2BAA2B;AAC3B,wBAAgB,WAAW,IAAI,MAAM,CAIpC;AAED,8DAA8D;AAC9D,wBAAgB,iBAAiB,IAAI,MAAM,CAE1C;AAID,iFAAiF;AACjF,wBAAgB,qBAAqB,IAAI,MAAM,EAAE,CAoBhD"}

package/build/platform.js

@@ -0,0 +1,99 @@
+import { homedir, platform } from 'node:os';
+import { join } from 'node:path';
+function getPlatform() {
+    const p = platform();
+    if (p === 'darwin' || p === 'win32')
+        return p;
+    return 'linux'; // treat all non-mac/win as linux
+}
+function getAppData() {
+    return process.env.APPDATA || join(homedir(), 'AppData', 'Roaming');
+}
+// --- Chain data directories ---
+/** Primary chain data directory (Komodo-style). */
+export function getChainDataDir() {
+    const p = getPlatform();
+    switch (p) {
+        case 'darwin':
+            return join(homedir(), 'Library', 'Application Support', 'Komodo');
+        case 'win32':
+            return join(getAppData(), 'Komodo');
+        default:
+            return join(homedir(), '.komodo');
+    }
+}
+/** PBaaS data directory (Verus-style). */
+export function getPbaasDir() {
+    const p = getPlatform();
+    switch (p) {
+        case 'darwin':
+            return join(homedir(), 'Library', 'Application Support', 'Verus', 'pbaas');
+        case 'win32':
+            return join(getAppData(), 'Verus', 'pbaas');
+        default:
+            return join(homedir(), '.verus', 'pbaas');
+    }
+}
+/** Get the expected .conf file path for a chain in the Komodo data dir. */
+export function getChainConfPath(chainName) {
+    return join(getChainDataDir(), chainName, `${chainName}.conf`);
+}
+// --- verusidx-mcp config directory ---
+/** Root config directory for verusidx-mcp. */
+export function getConfigDir() {
+    const p = getPlatform();
+    switch (p) {
+        case 'darwin':
+            return join(homedir(), 'Library', 'Application Support', 'verusidx-mcp');
+        case 'win32':
+            return join(getAppData(), 'verusidx-mcp');
+        default:
+            return join(homedir(), '.config', 'verusidx-mcp');
+    }
+}
+/** Path to the chain registry file. */
+export function getRegistryPath() {
+    return join(getConfigDir(), 'chains.json');
+}
+/** Path to the spending limits config file. */
+export function getSpendingLimitsPath() {
+    const custom = process.env.VERUSIDX_SPENDING_LIMITS_PATH;
+    if (custom)
+        return custom;
+    return join(getConfigDir(), 'spending-limits.json');
+}
+/** Audit log directory. */
+export function getAuditDir() {
+    const custom = process.env.VERUSIDX_AUDIT_DIR;
+    if (custom)
+        return custom;
+    return join(getConfigDir(), 'audit');
+}
+/** Commitment storage directory for identity registration. */
+export function getCommitmentsDir() {
+    return join(homedir(), '.verusidx', 'commitments');
+}
+// --- verusd binary locations ---
+/** Default locations to search for the verusd binary, after env var and PATH. */
+export function getVerusdDefaultPaths() {
+    const p = getPlatform();
+    switch (p) {
+        case 'darwin':
+            return [
+                '/Applications/Verus-Desktop.app/Contents/Resources/verusd/verusd',
+                join(homedir(), 'Library', 'Application Support', 'verus-cli', 'verusd'),
+                join(homedir(), 'verus-cli', 'verusd'),
+            ];
+        case 'win32':
+            return [
+                join(process.env.ProgramFiles || 'C:\\Program Files', 'VerusCoin', 'verusd.exe'),
+                join(homedir(), 'verus-cli', 'verusd.exe'),
+            ];
+        default:
+            return [
+                '/opt/verus/verusd',
+                join(homedir(), 'verus-cli', 'verusd'),
+            ];
+    }
+}
+//# sourceMappingURL=platform.js.map

package/build/platform.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"platform.js","sourceRoot":"","sources":["../src/platform.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAC5C,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAajC,SAAS,WAAW;IAClB,MAAM,CAAC,GAAG,QAAQ,EAAE,CAAC;IACrB,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,KAAK,OAAO;QAAE,OAAO,CAAC,CAAC;IAC9C,OAAO,OAAO,CAAC,CAAC,iCAAiC;AACnD,CAAC;AAED,SAAS,UAAU;IACjB,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;AACtE,CAAC;AAED,iCAAiC;AAEjC,mDAAmD;AACnD,MAAM,UAAU,eAAe;IAC7B,MAAM,CAAC,GAAG,WAAW,EAAE,CAAC;IACxB,QAAQ,CAAC,EAAE,CAAC;QACV,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,qBAAqB,EAAE,QAAQ,CAAC,CAAC;QACrE,KAAK,OAAO;YACV,OAAO,IAAI,CAAC,UAAU,EAAE,EAAE,QAAQ,CAAC,CAAC;QACtC;YACE,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,CAAC,CAAC;IACtC,CAAC;AACH,CAAC;AAED,0CAA0C;AAC1C,MAAM,UAAU,WAAW;IACzB,MAAM,CAAC,GAAG,WAAW,EAAE,CAAC;IACxB,QAAQ,CAAC,EAAE,CAAC;QACV,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,qBAAqB,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAC7E,KAAK,OAAO;YACV,OAAO,IAAI,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAC9C;YACE,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC9C,CAAC;AACH,CAAC;AAED,2EAA2E;AAC3E,MAAM,UAAU,gBAAgB,CAAC,SAAiB;IAChD,OAAO,IAAI,CAAC,eAAe,EAAE,EAAE,SAAS,EAAE,GAAG,SAAS,OAAO,CAAC,CAAC;AACjE,CAAC;AAED,wCAAwC;AAExC,8CAA8C;AAC9C,MAAM,UAAU,YAAY;IAC1B,MAAM,CAAC,GAAG,WAAW,EAAE,CAAC;IACxB,QAAQ,CAAC,EAAE,CAAC;QACV,KAAK,QAAQ;YACX,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,qBAAqB,EAAE,cAAc,CAAC,CAAC;QAC3E,KAAK,OAAO;YACV,OAAO,IAAI,CAAC,UAAU,EAAE,EAAE,cAAc,CAAC,CAAC;QAC5C;YACE,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC;IACtD,CAAC;AACH,CAAC;AAED,uCAAuC;AACvC,MAAM,UAAU,eAAe;IAC7B,OAAO,IAAI,CAAC,YAAY,EAAE,EAAE,aAAa,CAAC,CAAC;AAC7C,CAAC;AAED,+CAA+C;AAC/C,MAAM,UAAU,qBAAqB;IACnC,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,6BAA6B,CAAC;IACzD,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,OAAO,IAAI,CAAC,YAAY,EAAE,EAAE,sBAAsB,CAAC,CAAC;AACtD,CAAC;AAED,2BAA2B;AAC3B,MAAM,UAAU,WAAW;IACzB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IAC9C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAC1B,OAAO,IAAI,CAAC,YAAY,EAAE,EAAE,OAAO,CAAC,CAAC;AACvC,CAAC;AAED,8DAA8D;AAC9D,MAAM,UAAU,iBAAiB;IAC/B,OAAO,IAAI,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,aAAa,CAAC,CAAC;AACrD,CAAC;AAED,kCAAkC;AAElC,iFAAiF;AACjF,MAAM,UAAU,qBAAqB;IACnC,MAAM,CAAC,GAAG,WAAW,EAAE,CAAC;IACxB,QAAQ,CAAC,EAAE,CAAC;QACV,KAAK,QAAQ;YACX,OAAO;gBACL,kEAAkE;gBAClE,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,qBAAqB,EAAE,WAAW,EAAE,QAAQ,CAAC;gBACxE,IAAI,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,QAAQ,CAAC;aACvC,CAAC;QACJ,KAAK,OAAO;YACV,OAAO;gBACL,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,mBAAmB,EAAE,WAAW,EAAE,YAAY,CAAC;gBAChF,IAAI,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,YAAY,CAAC;aAC3C,CAAC;QACJ;YACE,OAAO;gBACL,mBAAmB;gBACnB,IAAI,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,QAAQ,CAAC;aACvC,CAAC;IACN,CAAC;AACH,CAAC"}

package/build/read-only-guard.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Check if the server is running in read-only mode.
+ */
+export declare function isReadOnly(): boolean;
+/**
+ * Guard function for write tools. Call at the start of any write tool handler.
+ * Throws a WRITE_DISABLED VerusError if read-only mode is active.
+ *
+ * This catches stale client tool lists — if a client cached the tool list
+ * before read-only mode was enabled, it may try to call a write tool that
+ * should no longer be available.
+ */
+export declare function assertWriteEnabled(): void;
+//# sourceMappingURL=read-only-guard.d.ts.map

package/build/read-only-guard.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"read-only-guard.d.ts","sourceRoot":"","sources":["../src/read-only-guard.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAgB,UAAU,IAAI,OAAO,CAEpC;AAED;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,IAAI,IAAI,CAOzC"}

package/build/read-only-guard.js

@@ -0,0 +1,21 @@
+import { VerusError } from './errors.js';
+/**
+ * Check if the server is running in read-only mode.
+ */
+export function isReadOnly() {
+    return process.env.VERUSIDX_READ_ONLY === 'true';
+}
+/**
+ * Guard function for write tools. Call at the start of any write tool handler.
+ * Throws a WRITE_DISABLED VerusError if read-only mode is active.
+ *
+ * This catches stale client tool lists — if a client cached the tool list
+ * before read-only mode was enabled, it may try to call a write tool that
+ * should no longer be available.
+ */
+export function assertWriteEnabled() {
+    if (isReadOnly()) {
+        throw new VerusError('WRITE_DISABLED', 'This server is running in read-only mode (VERUSIDX_READ_ONLY=true). Write tools are not available.');
+    }
+}
+//# sourceMappingURL=read-only-guard.js.map

package/build/read-only-guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"read-only-guard.js","sourceRoot":"","sources":["../src/read-only-guard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC;;GAEG;AACH,MAAM,UAAU,UAAU;IACxB,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,MAAM,CAAC;AACnD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB;IAChC,IAAI,UAAU,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,UAAU,CAClB,gBAAgB,EAChB,oGAAoG,CACrG,CAAC;IACJ,CAAC;AACH,CAAC"}

package/build/registry.d.ts

@@ -0,0 +1,43 @@
+import type { ChainRegistry, ChainEntry, RpcCredentials } from './types.js';
+/**
+ * Chain registry reader with stat()-based invalidation and credential resolution.
+ *
+ * Usage:
+ *   const reader = new RegistryReader();
+ *   const chains = reader.getChains();        // all chains
+ *   const creds = reader.getCredentials('VRSC'); // resolved credentials
+ */
+export declare class RegistryReader {
+    private registryPath;
+    private cached;
+    private cachedMtimeMs;
+    constructor(registryPath?: string);
+    /**
+     * Read the registry, re-reading from disk only if mtime changed.
+     * Returns null if the registry file doesn't exist.
+     */
+    read(): ChainRegistry | null;
+    /** Force a re-read from disk on next access. */
+    invalidate(): void;
+    /** Get all chains from the registry. */
+    getChains(): Record<string, ChainEntry>;
+    /** Get a specific chain entry. */
+    getChain(chainName: string): ChainEntry | undefined;
+    /** Get the discoveredAt timestamp. */
+    getDiscoveredAt(): string | null;
+    /**
+     * Resolve RPC credentials for a chain.
+     *
+     * - Local chains: reads credentials from the .conf file on disk
+     * - Remote chains: uses credentials from the registry entry
+     */
+    resolveCredentials(entry: ChainEntry): RpcCredentials | null;
+}
+/**
+ * Write a chain registry atomically.
+ *
+ * Writes to a temp file then renames — on POSIX, rename() is atomic
+ * at the filesystem level, so readers see either the old or new file.
+ */
+export declare function writeRegistry(registry: ChainRegistry, registryPath?: string): void;
+//# sourceMappingURL=registry.d.ts.map

package/build/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../src/registry.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,aAAa,EAAE,UAAU,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAG5E;;;;;;;GAOG;AACH,qBAAa,cAAc;IACzB,OAAO,CAAC,YAAY,CAAS;IAC7B,OAAO,CAAC,MAAM,CAA8B;IAC5C,OAAO,CAAC,aAAa,CAAK;gBAEd,YAAY,CAAC,EAAE,MAAM;IAIjC;;;OAGG;IACH,IAAI,IAAI,aAAa,GAAG,IAAI;IA2B5B,gDAAgD;IAChD,UAAU,IAAI,IAAI;IAKlB,wCAAwC;IACxC,SAAS,IAAI,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC;IAKvC,kCAAkC;IAClC,QAAQ,CAAC,SAAS,EAAE,MAAM,GAAG,UAAU,GAAG,SAAS;IAInD,sCAAsC;IACtC,eAAe,IAAI,MAAM,GAAG,IAAI;IAIhC;;;;;OAKG;IACH,kBAAkB,CAAC,KAAK,EAAE,UAAU,GAAG,cAAc,GAAG,IAAI;CAoB7D;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,aAAa,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAUlF"}

package/build/registry.js

@@ -0,0 +1,111 @@
+import { readFileSync, writeFileSync, renameSync, mkdirSync, statSync } from 'node:fs';
+import { dirname } from 'node:path';
+import { parseConfFile } from './conf-parser.js';
+import { getRegistryPath } from './platform.js';
+import { isLocalChain } from './types.js';
+/**
+ * Chain registry reader with stat()-based invalidation and credential resolution.
+ *
+ * Usage:
+ *   const reader = new RegistryReader();
+ *   const chains = reader.getChains();        // all chains
+ *   const creds = reader.getCredentials('VRSC'); // resolved credentials
+ */
+export class RegistryReader {
+    registryPath;
+    cached = null;
+    cachedMtimeMs = 0;
+    constructor(registryPath) {
+        this.registryPath = registryPath ?? getRegistryPath();
+    }
+    /**
+     * Read the registry, re-reading from disk only if mtime changed.
+     * Returns null if the registry file doesn't exist.
+     */
+    read() {
+        let stat;
+        try {
+            stat = statSync(this.registryPath);
+        }
+        catch {
+            // File doesn't exist
+            this.cached = null;
+            this.cachedMtimeMs = 0;
+            return null;
+        }
+        if (this.cached && stat.mtimeMs === this.cachedMtimeMs) {
+            return this.cached;
+        }
+        try {
+            const content = readFileSync(this.registryPath, 'utf-8');
+            this.cached = JSON.parse(content);
+            this.cachedMtimeMs = stat.mtimeMs;
+            return this.cached;
+        }
+        catch {
+            this.cached = null;
+            this.cachedMtimeMs = 0;
+            return null;
+        }
+    }
+    /** Force a re-read from disk on next access. */
+    invalidate() {
+        this.cached = null;
+        this.cachedMtimeMs = 0;
+    }
+    /** Get all chains from the registry. */
+    getChains() {
+        const registry = this.read();
+        return registry?.chains ?? {};
+    }
+    /** Get a specific chain entry. */
+    getChain(chainName) {
+        return this.getChains()[chainName];
+    }
+    /** Get the discoveredAt timestamp. */
+    getDiscoveredAt() {
+        return this.read()?.discoveredAt ?? null;
+    }
+    /**
+     * Resolve RPC credentials for a chain.
+     *
+     * - Local chains: reads credentials from the .conf file on disk
+     * - Remote chains: uses credentials from the registry entry
+     */
+    resolveCredentials(entry) {
+        if (isLocalChain(entry)) {
+            const conf = parseConfFile(entry.confPath);
+            if (!conf?.rpcuser || !conf?.rpcpassword)
+                return null;
+            return {
+                host: entry.host,
+                port: entry.port,
+                user: conf.rpcuser,
+                password: conf.rpcpassword,
+            };
+        }
+        // Remote chain — credentials are in the registry
+        return {
+            host: entry.host,
+            port: entry.port,
+            user: entry.user,
+            password: entry.password,
+        };
+    }
+}
+/**
+ * Write a chain registry atomically.
+ *
+ * Writes to a temp file then renames — on POSIX, rename() is atomic
+ * at the filesystem level, so readers see either the old or new file.
+ */
+export function writeRegistry(registry, registryPath) {
+    const path = registryPath ?? getRegistryPath();
+    const dir = dirname(path);
+    const tmpPath = `${path}.tmp`;
+    mkdirSync(dir, { recursive: true, mode: 0o700 });
+    const content = JSON.stringify(registry, null, 2) + '\n';
+    writeFileSync(tmpPath, content, { mode: 0o600 });
+    renameSync(tmpPath, path);
+}
+//# sourceMappingURL=registry.js.map

package/build/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../src/registry.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAa,MAAM,SAAS,CAAC;AAClG,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEhD,OAAO,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE1C;;;;;;;GAOG;AACH,MAAM,OAAO,cAAc;IACjB,YAAY,CAAS;IACrB,MAAM,GAAyB,IAAI,CAAC;IACpC,aAAa,GAAG,CAAC,CAAC;IAE1B,YAAY,YAAqB;QAC/B,IAAI,CAAC,YAAY,GAAG,YAAY,IAAI,eAAe,EAAE,CAAC;IACxD,CAAC;IAED;;;OAGG;IACH,IAAI;QACF,IAAI,IAAI,CAAC;QACT,IAAI,CAAC;YACH,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,qBAAqB;YACrB,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;YACnB,IAAI,CAAC,aAAa,GAAG,CAAC,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,CAAC,aAAa,EAAE,CAAC;YACvD,OAAO,IAAI,CAAC,MAAM,CAAC;QACrB,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACzD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAkB,CAAC;YACnD,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC;YAClC,OAAO,IAAI,CAAC,MAAM,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;YACnB,IAAI,CAAC,aAAa,GAAG,CAAC,CAAC;YACvB,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,gDAAgD;IAChD,UAAU;QACR,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC,aAAa,GAAG,CAAC,CAAC;IACzB,CAAC;IAED,wCAAwC;IACxC,SAAS;QACP,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC7B,OAAO,QAAQ,EAAE,MAAM,IAAI,EAAE,CAAC;IAChC,CAAC;IAED,kCAAkC;IAClC,QAAQ,CAAC,SAAiB;QACxB,OAAO,IAAI,CAAC,SAAS,EAAE,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAED,sCAAsC;IACtC,eAAe;QACb,OAAO,IAAI,CAAC,IAAI,EAAE,EAAE,YAAY,IAAI,IAAI,CAAC;IAC3C,CAAC;IAED;;;;;OAKG;IACH,kBAAkB,CAAC,KAAiB;QAClC,IAAI,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YAC3C,IAAI,CAAC,IAAI,EAAE,OAAO,IAAI,CAAC,IAAI,EAAE,WAAW;gBAAE,OAAO,IAAI,CAAC;YACtD,OAAO;gBACL,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,IAAI,EAAE,KAAK,CAAC,IAAI;gBAChB,IAAI,EAAE,IAAI,CAAC,OAAO;gBAClB,QAAQ,EAAE,IAAI,CAAC,WAAW;aAC3B,CAAC;QACJ,CAAC;QAED,iDAAiD;QACjD,OAAO;YACL,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,QAAQ,EAAE,KAAK,CAAC,QAAQ;SACzB,CAAC;IACJ,CAAC;CACF;AAED;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,QAAuB,EAAE,YAAqB;IAC1E,MAAM,IAAI,GAAG,YAAY,IAAI,eAAe,EAAE,CAAC;IAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1B,MAAM,OAAO,GAAG,GAAG,IAAI,MAAM,CAAC;IAE9B,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAEjD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;IACzD,aAAa,CAAC,OAAO,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACjD,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;AAC5B,CAAC"}

package/build/rpc-client.d.ts

@@ -0,0 +1,24 @@
+import { RegistryReader } from './registry.js';
+/**
+ * Allow tests or custom setups to provide their own RegistryReader.
+ */
+export declare function setRegistryReader(reader: RegistryReader): void;
+/**
+ * Make an RPC call to a chain's daemon.
+ *
+ * Handles:
+ * - Credential resolution from registry + .conf files
+ * - In-memory credential caching
+ * - Auth failure retry (invalidate cache, re-read .conf, retry once)
+ * - Error normalization
+ *
+ * @param chain - Chain name as it appears in the registry (e.g., "VRSC", "vrsctest")
+ * @param method - RPC method name (e.g., "getinfo", "sendcurrency")
+ * @param params - RPC method parameters
+ */
+export declare function rpcCall<T = unknown>(chain: string, method: string, params?: unknown[]): Promise<T | null>;
+/**
+ * Clear the credential cache for a specific chain or all chains.
+ */
+export declare function clearCredentialCache(chain?: string): void;
+//# sourceMappingURL=rpc-client.d.ts.map

package/build/rpc-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"rpc-client.d.ts","sourceRoot":"","sources":["../src/rpc-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAuB/C;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,cAAc,GAAG,IAAI,CAE9D;AA8FD;;;;;;;;;;;;GAYG;AACH,wBAAsB,OAAO,CAAC,CAAC,GAAG,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAE,OAAO,EAAO,GAAG,OAAO,CAAC,CAAC,GAAG,IAAI,CAAC,CAuBnH;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAMzD"}

package/build/rpc-client.js

@@ -0,0 +1,144 @@
+import { RegistryReader } from './registry.js';
+import { VerusError, normalizeRpcError, connectionError, authError } from './errors.js';
+const RPC_TIMEOUT = 30_000;
+/**
+ * In-memory credential cache per chain.
+ * Credentials are read from .conf files (local) or registry (remote)
+ * and cached here. Invalidated on auth failure for one retry.
+ */
+const credentialCache = new Map();
+/** Shared registry reader instance. */
+let registryReader = null;
+function getRegistry() {
+    if (!registryReader) {
+        registryReader = new RegistryReader();
+    }
+    return registryReader;
+}
+/**
+ * Allow tests or custom setups to provide their own RegistryReader.
+ */
+export function setRegistryReader(reader) {
+    registryReader = reader;
+}
+/**
+ * Resolve credentials for a chain, using cache when available.
+ */
+function resolveCredentials(chain, skipCache = false) {
+    if (!skipCache) {
+        const cached = credentialCache.get(chain);
+        if (cached)
+            return cached;
+    }
+    const registry = getRegistry();
+    const entry = registry.getChain(chain);
+    if (!entry) {
+        throw new VerusError('CONNECTION_FAILED', `Chain "${chain}" not found in registry. Run refresh_chains to update.`);
+    }
+    const creds = registry.resolveCredentials(entry);
+    if (!creds) {
+        throw new VerusError('AUTH_FAILED', `Cannot resolve credentials for chain "${chain}". Check .conf file exists and contains rpcuser/rpcpassword.`);
+    }
+    credentialCache.set(chain, creds);
+    return creds;
+}
+/**
+ * Make a single HTTP JSON-RPC call to a daemon.
+ */
+async function rawRpcCall(creds, method, params) {
+    const url = `http://${creds.host}:${creds.port}`;
+    const credentials = Buffer.from(`${creds.user}:${creds.password}`).toString('base64');
+    const request = {
+        jsonrpc: '1.0',
+        id: `verusidx-${Date.now()}`,
+        method,
+        params,
+    };
+    let response;
+    try {
+        response = await fetch(url, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'text/plain',
+                'Authorization': `Basic ${credentials}`,
+            },
+            body: JSON.stringify(request),
+            signal: AbortSignal.timeout(RPC_TIMEOUT),
+        });
+    }
+    catch (err) {
+        // Network-level failure — timeout, ECONNREFUSED, etc.
+        throw connectionError(method, err instanceof Error ? err : undefined);
+    }
+    // HTTP 401/403 → auth failure
+    if (response.status === 401 || response.status === 403) {
+        throw authError(method);
+    }
+    // Verus daemon returns HTTP 500 for RPC errors but includes the error details
+    // in the JSON response body. Try to parse the body for all non-auth error responses.
+    let data;
+    try {
+        data = await response.json();
+    }
+    catch {
+        // If we can't parse JSON and the response wasn't OK, throw generic error
+        if (!response.ok) {
+            throw new VerusError('RPC_ERROR', `RPC HTTP error: ${response.status} ${response.statusText}`);
+        }
+        throw new VerusError('RPC_ERROR', `Failed to parse RPC response as JSON`);
+    }
+    if (data.error) {
+        throw normalizeRpcError(data.error.code, data.error.message);
+    }
+    if (data.result === undefined) {
+        throw new VerusError('RPC_ERROR', `RPC returned undefined result for ${method}`);
+    }
+    return data.result;
+}
+/**
+ * Make an RPC call to a chain's daemon.
+ *
+ * Handles:
+ * - Credential resolution from registry + .conf files
+ * - In-memory credential caching
+ * - Auth failure retry (invalidate cache, re-read .conf, retry once)
+ * - Error normalization
+ *
+ * @param chain - Chain name as it appears in the registry (e.g., "VRSC", "vrsctest")
+ * @param method - RPC method name (e.g., "getinfo", "sendcurrency")
+ * @param params - RPC method parameters
+ */
+export async function rpcCall(chain, method, params = []) {
+    const creds = resolveCredentials(chain);
+    try {
+        return await rawRpcCall(creds, method, params);
+    }
+    catch (err) {
+        if (err instanceof VerusError && err.category === 'AUTH_FAILED') {
+            // Auth failure — invalidate cache, re-read .conf, retry once
+            credentialCache.delete(chain);
+            getRegistry().invalidate();
+            const freshCreds = resolveCredentials(chain, true);
+            return rawRpcCall(freshCreds, method, params);
+        }
+        if (err instanceof VerusError && err.category === 'CONNECTION_FAILED') {
+            // Connection failure — invalidate registry cache so next call re-reads
+            // (the chain may have moved ports after a restart)
+            credentialCache.delete(chain);
+            getRegistry().invalidate();
+        }
+        throw err;
+    }
+}
+/**
+ * Clear the credential cache for a specific chain or all chains.
+ */
+export function clearCredentialCache(chain) {
+    if (chain) {
+        credentialCache.delete(chain);
+    }
+    else {
+        credentialCache.clear();
+    }
+}
+//# sourceMappingURL=rpc-client.js.map

package/build/rpc-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rpc-client.js","sourceRoot":"","sources":["../src/rpc-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,eAAe,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxF,MAAM,WAAW,GAAG,MAAM,CAAC;AAE3B;;;;GAIG;AACH,MAAM,eAAe,GAAG,IAAI,GAAG,EAA0B,CAAC;AAE1D,uCAAuC;AACvC,IAAI,cAAc,GAA0B,IAAI,CAAC;AAEjD,SAAS,WAAW;IAClB,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,cAAc,GAAG,IAAI,cAAc,EAAE,CAAC;IACxC,CAAC;IACD,OAAO,cAAc,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAsB;IACtD,cAAc,GAAG,MAAM,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,KAAa,EAAE,SAAS,GAAG,KAAK;IAC1D,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,MAAM,GAAG,eAAe,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC1C,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;IAC5B,CAAC;IAED,MAAM,QAAQ,GAAG,WAAW,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,UAAU,CAClB,mBAAmB,EACnB,UAAU,KAAK,wDAAwD,CACxE,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,QAAQ,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC;IACjD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,UAAU,CAClB,aAAa,EACb,yCAAyC,KAAK,8DAA8D,CAC7G,CAAC;IACJ,CAAC;IAED,eAAe,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAClC,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,UAAU,CAAI,KAAqB,EAAE,MAAc,EAAE,MAAiB;IACnF,MAAM,GAAG,GAAG,UAAU,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC;IACjD,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAEtF,MAAM,OAAO,GAAe;QAC1B,OAAO,EAAE,KAAK;QACd,EAAE,EAAE,YAAY,IAAI,CAAC,GAAG,EAAE,EAAE;QAC5B,MAAM;QACN,MAAM;KACP,CAAC;IAEF,IAAI,QAAkB,CAAC;IACvB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;YAC1B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,YAAY;gBAC5B,eAAe,EAAE,SAAS,WAAW,EAAE;aACxC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAC7B,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,WAAW,CAAC;SACzC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,sDAAsD;QACtD,MAAM,eAAe,CAAC,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IACxE,CAAC;IAED,8BAA8B;IAC9B,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QACvD,MAAM,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1B,CAAC;IAED,8EAA8E;IAC9E,qFAAqF;IACrF,IAAI,IAAoB,CAAC;IACzB,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAoB,CAAC;IACjD,CAAC;IAAC,MAAM,CAAC;QACP,yEAAyE;QACzE,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,UAAU,CAClB,WAAW,EACX,mBAAmB,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAC5D,CAAC;QACJ,CAAC;QACD,MAAM,IAAI,UAAU,CAAC,WAAW,EAAE,sCAAsC,CAAC,CAAC;IAC5E,CAAC;IAED,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC9B,MAAM,IAAI,UAAU,CAAC,WAAW,EAAE,qCAAqC,MAAM,EAAE,CAAC,CAAC;IACnF,CAAC;IAED,OAAO,IAAI,CAAC,MAAM,CAAC;AACrB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,OAAO,CAAc,KAAa,EAAE,MAAc,EAAE,SAAoB,EAAE;IAC9F,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;IAExC,IAAI,CAAC;QACH,OAAO,MAAM,UAAU,CAAI,KAAK,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;IACpD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,UAAU,IAAI,GAAG,CAAC,QAAQ,KAAK,aAAa,EAAE,CAAC;YAChE,6DAA6D;YAC7D,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC9B,WAAW,EAAE,CAAC,UAAU,EAAE,CAAC;YAC3B,MAAM,UAAU,GAAG,kBAAkB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YACnD,OAAO,UAAU,CAAI,UAAU,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACnD,CAAC;QAED,IAAI,GAAG,YAAY,UAAU,IAAI,GAAG,CAAC,QAAQ,KAAK,mBAAmB,EAAE,CAAC;YACtE,uEAAuE;YACvE,mDAAmD;YACnD,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC9B,WAAW,EAAE,CAAC,UAAU,EAAE,CAAC;QAC7B,CAAC;QAED,MAAM,GAAG,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,KAAc;IACjD,IAAI,KAAK,EAAE,CAAC;QACV,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC;SAAM,CAAC;QACN,eAAe,CAAC,KAAK,EAAE,CAAC;IAC1B,CAAC;AACH,CAAC"}

package/build/spending-limits.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Get the configured spending limit for a currency.
+ * Returns undefined if no limit is configured (uncapped).
+ */
+export declare function getSpendingLimit(currency: string): number | undefined;
+/**
+ * Check a set of currency amounts against spending limits.
+ * Throws SPENDING_LIMIT_EXCEEDED if any limit is exceeded.
+ *
+ * @param amounts - Map of currency name to total amount being spent/offered
+ */
+export declare function checkSpendingLimits(amounts: Map<string, number>): void;
+/**
+ * Extract and sum currency amounts from sendcurrency outputs.
+ * Returns a map of currency name → total amount.
+ *
+ * Handles multi-output sends by summing per currency.
+ */
+export declare function sumOutputAmounts(outputs: Array<{
+    currency?: string;
+    amount?: number;
+}>): Map<string, number>;
+/**
+ * Ensure the spending limits file exists. If it doesn't, create it with
+ * safe defaults so users have a safety net out of the box.
+ *
+ * Call this on startup from any MCP server that enforces spending limits.
+ * Only writes if the file doesn't already exist — never overwrites user config.
+ */
+export declare function ensureSpendingLimitsFile(): void;
+/**
+ * Clear the cached spending limits (for testing or config reload).
+ */
+export declare function clearSpendingLimitsCache(): void;
+//# sourceMappingURL=spending-limits.d.ts.map

package/build/spending-limits.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"spending-limits.d.ts","sourceRoot":"","sources":["../src/spending-limits.ts"],"names":[],"mappings":"AAwDA;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAGrE;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,IAAI,CAatE;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,KAAK,CAAC;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,GACrD,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAarB;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,IAAI,IAAI,CAW/C;AAED;;GAEG;AACH,wBAAgB,wBAAwB,IAAI,IAAI,CAG/C"}

package/build/spending-limits.js

@@ -0,0 +1,118 @@
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from 'node:fs';
+import { dirname } from 'node:path';
+import { getSpendingLimitsPath } from './platform.js';
+import { VerusError } from './errors.js';
+/**
+ * Spending limits — pre-RPC guard that prevents transactions exceeding
+ * configured per-currency limits.
+ *
+ * Config file: spending-limits.json (location OS-specific, or VERUSIDX_SPENDING_LIMITS_PATH)
+ * Format: { "VRSC": 50, "BTC": 0.01, "Bridge.vETH": 0.1 }
+ * Currency name matching is case-insensitive (Verus names are case-insensitive on-chain).
+ *
+ * If the file doesn't exist, ensureSpendingLimitsFile() creates it with safe
+ * defaults on first run. Users can edit or delete it to adjust limits.
+ */
+/** Default spending limits created on first run. */
+const DEFAULT_LIMITS = {
+    VRSC: 10,
+};
+let cachedLimits = null;
+let cachedPath = null;
+/**
+ * Load spending limits from the config file.
+ * Returns an empty map if the file doesn't exist.
+ */
+function loadLimits() {
+    const path = getSpendingLimitsPath();
+    // Return cached if same path (limits don't change at runtime)
+    if (cachedLimits && cachedPath === path)
+        return cachedLimits;
+    const limits = new Map();
+    try {
+        const content = readFileSync(path, 'utf-8');
+        const config = JSON.parse(content);
+        for (const [currency, limit] of Object.entries(config)) {
+            if (typeof limit === 'number' && limit >= 0) {
+                limits.set(currency.toLowerCase(), limit);
+            }
+        }
+    }
+    catch {
+        // File doesn't exist or is invalid — no limits enforced
+    }
+    cachedLimits = limits;
+    cachedPath = path;
+    return limits;
+}
+/**
+ * Get the configured spending limit for a currency.
+ * Returns undefined if no limit is configured (uncapped).
+ */
+export function getSpendingLimit(currency) {
+    const limits = loadLimits();
+    return limits.get(currency.toLowerCase());
+}
+/**
+ * Check a set of currency amounts against spending limits.
+ * Throws SPENDING_LIMIT_EXCEEDED if any limit is exceeded.
+ *
+ * @param amounts - Map of currency name to total amount being spent/offered
+ */
+export function checkSpendingLimits(amounts) {
+    const limits = loadLimits();
+    if (limits.size === 0)
+        return; // No limits configured
+    for (const [currency, amount] of amounts) {
+        const limit = limits.get(currency.toLowerCase());
+        if (limit !== undefined && amount > limit) {
+            throw new VerusError('SPENDING_LIMIT_EXCEEDED', `Amount ${amount} ${currency} exceeds configured spending limit of ${limit} ${currency}`);
+        }
+    }
+}
+/**
+ * Extract and sum currency amounts from sendcurrency outputs.
+ * Returns a map of currency name → total amount.
+ *
+ * Handles multi-output sends by summing per currency.
+ */
+export function sumOutputAmounts(outputs) {
+    const sums = new Map();
+    for (const output of outputs) {
+        const currency = output.currency;
+        const amount = output.amount;
+        if (!currency || typeof amount !== 'number' || amount <= 0)
+            continue;
+        const current = sums.get(currency) ?? 0;
+        sums.set(currency, current + amount);
+    }
+    return sums;
+}
+/**
+ * Ensure the spending limits file exists. If it doesn't, create it with
+ * safe defaults so users have a safety net out of the box.
+ *
+ * Call this on startup from any MCP server that enforces spending limits.
+ * Only writes if the file doesn't already exist — never overwrites user config.
+ */
+export function ensureSpendingLimitsFile() {
+    const limitsPath = getSpendingLimitsPath();
+    if (existsSync(limitsPath))
+        return;
+    try {
+        mkdirSync(dirname(limitsPath), { recursive: true });
+        const content = JSON.stringify(DEFAULT_LIMITS, null, 2) + '\n';
+        writeFileSync(limitsPath, content, { mode: 0o600 });
+    }
+    catch {
+        // Best-effort — don't break startup if we can't write
+    }
+}
+/**
+ * Clear the cached spending limits (for testing or config reload).
+ */
+export function clearSpendingLimitsCache() {
+    cachedLimits = null;
+    cachedPath = null;
+}
+//# sourceMappingURL=spending-limits.js.map

package/build/spending-limits.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"spending-limits.js","sourceRoot":"","sources":["../src/spending-limits.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,qBAAqB,EAAE,MAAM,eAAe,CAAC;AACtD,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC;;;;;;;;;;GAUG;AAEH,oDAAoD;AACpD,MAAM,cAAc,GAAyB;IAC3C,IAAI,EAAE,EAAE;CACT,CAAC;AAEF,IAAI,YAAY,GAA+B,IAAI,CAAC;AACpD,IAAI,UAAU,GAAkB,IAAI,CAAC;AAErC;;;GAGG;AACH,SAAS,UAAU;IACjB,MAAM,IAAI,GAAG,qBAAqB,EAAE,CAAC;IAErC,8DAA8D;IAC9D,IAAI,YAAY,IAAI,UAAU,KAAK,IAAI;QAAE,OAAO,YAAY,CAAC;IAE7D,MAAM,MAAM,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEzC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAyB,CAAC;QAE3D,KAAK,MAAM,CAAC,QAAQ,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACvD,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;gBAC5C,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,KAAK,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wDAAwD;IAC1D,CAAC;IAED,YAAY,GAAG,MAAM,CAAC;IACtB,UAAU,GAAG,IAAI,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,QAAgB;IAC/C,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,OAAO,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;AAC5C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAA4B;IAC9D,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,IAAI,MAAM,CAAC,IAAI,KAAK,CAAC;QAAE,OAAO,CAAC,uBAAuB;IAEtD,KAAK,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACzC,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QACjD,IAAI,KAAK,KAAK,SAAS,IAAI,MAAM,GAAG,KAAK,EAAE,CAAC;YAC1C,MAAM,IAAI,UAAU,CAClB,yBAAyB,EACzB,UAAU,MAAM,IAAI,QAAQ,yCAAyC,KAAK,IAAI,QAAQ,EAAE,CACzF,CAAC;QACJ,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAC9B,OAAsD;IAEtD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAC;IAEvC,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QACjC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAC7B,IAAI,CAAC,QAAQ,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,MAAM,IAAI,CAAC;YAAE,SAAS;QAErE,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACxC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,OAAO,GAAG,MAAM,CAAC,CAAC;IACvC,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB;IACtC,MAAM,UAAU,GAAG,qBAAqB,EAAE,CAAC;IAC3C,IAAI,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO;IAEnC,IAAI,CAAC;QACH,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACpD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;QAC/D,aAAa,CAAC,UAAU,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,sDAAsD;IACxD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB;IACtC,YAAY,GAAG,IAAI,CAAC;IACpB,UAAU,GAAG,IAAI,CAAC;AACpB,CAAC"}

package/build/types.d.ts

@@ -0,0 +1,82 @@
+/**
+ * Chain registry types — the JSON structure written by chain-mcp
+ * and read by all other MCPs.
+ */
+/** A local chain discovered from a .conf file on disk. */
+export interface LocalChainEntry {
+    confPath: string;
+    host: string;
+    port: number;
+}
+/** A remote chain added via VERUSIDX_EXTRA_CHAINS env var. */
+export interface RemoteChainEntry {
+    host: string;
+    port: number;
+    user: string;
+    password: string;
+}
+export type ChainEntry = LocalChainEntry | RemoteChainEntry;
+export declare function isLocalChain(entry: ChainEntry): entry is LocalChainEntry;
+export declare function isRemoteChain(entry: ChainEntry): entry is RemoteChainEntry;
+/** The chain registry file written to disk as chains.json. */
+export interface ChainRegistry {
+    version: number;
+    discoveredAt: string;
+    chains: Record<string, ChainEntry>;
+}
+/**
+ * Credentials resolved from a .conf file or remote entry.
+ */
+export interface RpcCredentials {
+    host: string;
+    port: number;
+    user: string;
+    password: string;
+}
+/**
+ * Parsed values from a Verus/Komodo .conf file.
+ */
+export interface ConfValues {
+    rpcuser?: string;
+    rpcpassword?: string;
+    rpcport?: string;
+    rpchost?: string;
+}
+/**
+ * Error categories for normalized daemon errors.
+ */
+export type ErrorCategory = 'CONNECTION_FAILED' | 'AUTH_FAILED' | 'METHOD_NOT_FOUND' | 'INVALID_PARAMS' | 'INSUFFICIENT_FUNDS' | 'IDENTITY_NOT_FOUND' | 'CURRENCY_NOT_FOUND' | 'SPENDING_LIMIT_EXCEEDED' | 'WRITE_DISABLED' | 'RPC_ERROR';
+/**
+ * Spending limits config — currency name (case-insensitive) to max amount.
+ */
+export type SpendingLimitsConfig = Record<string, number>;
+/**
+ * Audit log entry for a write operation.
+ */
+export interface AuditEntry {
+    timestamp: string;
+    server: string;
+    tool: string;
+    chain: string;
+    params: unknown;
+    result: unknown;
+    success: boolean;
+}
+/**
+ * JSON-RPC request/response types.
+ */
+export interface RpcRequest {
+    jsonrpc: '1.0';
+    id: string;
+    method: string;
+    params: unknown[];
+}
+export interface RpcResponse<T = unknown> {
+    result: T | null;
+    error: {
+        code: number;
+        message: string;
+    } | null;
+    id: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/build/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,0DAA0D;AAC1D,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,8DAA8D;AAC9D,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,MAAM,UAAU,GAAG,eAAe,GAAG,gBAAgB,CAAC;AAE5D,wBAAgB,YAAY,CAAC,KAAK,EAAE,UAAU,GAAG,KAAK,IAAI,eAAe,CAExE;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,KAAK,IAAI,gBAAgB,CAE1E;AAED,8DAA8D;AAC9D,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;CACpC;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,MAAM,aAAa,GACrB,mBAAmB,GACnB,aAAa,GACb,kBAAkB,GAClB,gBAAgB,GAChB,oBAAoB,GACpB,oBAAoB,GACpB,oBAAoB,GACpB,yBAAyB,GACzB,gBAAgB,GAChB,WAAW,CAAC;AAEhB;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAE1D;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,OAAO,CAAC;IAChB,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,KAAK,CAAC;IACf,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,OAAO,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,WAAW,CAAC,CAAC,GAAG,OAAO;IACtC,MAAM,EAAE,CAAC,GAAG,IAAI,CAAC;IACjB,KAAK,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IAChD,EAAE,EAAE,MAAM,CAAC;CACZ"}

package/build/types.js

@@ -0,0 +1,11 @@
+/**
+ * Chain registry types — the JSON structure written by chain-mcp
+ * and read by all other MCPs.
+ */
+export function isLocalChain(entry) {
+    return 'confPath' in entry;
+}
+export function isRemoteChain(entry) {
+    return !('confPath' in entry);
+}
+//# sourceMappingURL=types.js.map

package/build/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAmBH,MAAM,UAAU,YAAY,CAAC,KAAiB;IAC5C,OAAO,UAAU,IAAI,KAAK,CAAC;AAC7B,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAiB;IAC7C,OAAO,CAAC,CAAC,UAAU,IAAI,KAAK,CAAC,CAAC;AAChC,CAAC"}

package/package.json

@@ -0,0 +1,24 @@
+{
+  "name": "@verusidx/shared",
+  "version": "0.1.0",
+  "description": "Shared library for verusidx MCP servers — registry reader, RPC client, error handling, audit logging",
+  "type": "module",
+  "main": "./build/index.js",
+  "types": "./build/index.d.ts",
+  "files": [
+    "build"
+  ],
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "license": "MIT",
+  "devDependencies": {
+    "@types/node": "^22.0.0",
+    "typescript": "^5.7.0",
+    "vitest": "^3.0.0"
+  },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run"
+  }
+}