@viwoapp/sdk 0.1.0 → 0.1.2

package/README.md

@@ -1,7 +1,21 @@
 # @viwoapp/sdk
 
+[![npm version](https://img.shields.io/npm/v/@viwoapp/sdk.svg)](https://www.npmjs.com/package/@viwoapp/sdk)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
 TypeScript SDK for VCoin Protocol Integration on Solana.
 
+**Version:** 0.1.1 (Security Update)
+
+## What's New in v0.1.1
+
+- Added security types for Phase 1-4 audit fixes
+- New types: `SlashRequest`, `DecryptionShare`, `PendingScoreUpdate`
+- All config types now support two-step authority transfer
+- Added `SECURITY_CONSTANTS` for timelocks and limits
+- Added `VALID_URI_PREFIXES` for proposal URI validation
+- New PDA seeds: `slashRequest`, `decryptionShare`, `pendingScore`
+
 ## Installation
 
 ```bash
@@ -229,7 +243,18 @@ import {
   FIVE_A_CONSTANTS,
   GOVERNANCE_CONSTANTS,
   CONTENT_CONSTANTS,
+  // Security constants (v0.1.1)
+  SECURITY_CONSTANTS,
+  VALID_URI_PREFIXES,
+  MERKLE_CONSTANTS,
 } from "@viwoapp/sdk";
+
+// Security constants
+SECURITY_CONSTANTS.authorityTransferTimelock; // 24 hours
+SECURITY_CONSTANTS.slashApprovalTimelock;     // 48 hours
+SECURITY_CONSTANTS.maxFeeSlippageBps;         // 500 (5%)
+SECURITY_CONSTANTS.oracleConsensusRequired;   // 3-of-N
+SECURITY_CONSTANTS.circuitBreakerCooldown;    // 6 hours
 ```
 
 ## Types
@@ -246,6 +271,10 @@ import type {
   Proposal,
   VoteRecord,
   ProposalStatus,
+  GovernanceConfig,
+  Delegation,
+  PrivateVotingConfig,
+  DecryptionShare,       // v0.1.1: ZK voting
   
   // Rewards
   RewardsPoolConfig,
@@ -267,16 +296,26 @@ import type {
   
   // Identity
   Identity,
+  IdentityConfig,
   VerificationLevel,
   
   // 5A
   FiveAScore,
+  FiveAConfig,
   VouchRecord,
+  PendingScoreUpdate,    // v0.1.1: Oracle consensus
   
   // Content
   ContentRecord,
+  RegistryConfig,
   UserEnergy,
   ContentState,
+  
+  // Security (v0.1.1)
+  PendingAuthorityFields,  // Two-step authority transfer
+  SlashRequest,            // Governance slashing
+  SlashStatus,
+  HookConfig,              // Transfer hook config
 } from "@viwoapp/sdk";
 ```
 

package/dist/index.d.mts

@@ -44,6 +44,9 @@ declare const SEEDS: {
     registryConfig: string;
     content: string;
     userEnergy: string;
+    slashRequest: string;
+    decryptionShare: string;
+    pendingScore: string;
 };
 declare const VCOIN_DECIMALS = 9;
 declare const VEVCOIN_DECIMALS = 9;
@@ -95,12 +98,15 @@ declare const SSCRE_CONSTANTS: {
     claimWindow: number;
     gaslessFeeBps: number;
     minClaimAmount: number;
+    circuitBreakerCooldown: number;
 };
 declare const VILINK_CONSTANTS: {
     maxActionExpiry: number;
     minTipAmount: number;
     maxTipAmount: number;
     platformFeeBps: number;
+    maxPlatformFeeBps: number;
+    minPlatformFeeBps: number;
 };
 declare const ACTION_SCOPES: {
     tip: number;
@@ -122,6 +128,7 @@ declare const GASLESS_CONSTANTS: {
     sscreDeductionBps: number;
     dailySubsidyBudget: number;
     maxSubsidizedPerUser: number;
+    maxSlippageBps: number;
 };
 declare const FIVE_A_CONSTANTS: {
     maxScore: number;
@@ -139,6 +146,9 @@ declare const FIVE_A_CONSTANTS: {
         "60-80": number;
         "80-100": number;
     };
+    oracleConsensusRequired: number;
+    pendingScoreExpiry: number;
+    minScoreUpdateInterval: number;
 };
 declare const CONTENT_CONSTANTS: {
     maxEnergy: number;
@@ -153,7 +163,37 @@ declare const GOVERNANCE_CONSTANTS: {
     executionDelay: number;
     vetoWindow: number;
     quorumBps: number;
+    zkVotingEnabled: boolean;
 };
+declare const SECURITY_CONSTANTS: {
+    authorityTransferTimelock: number;
+    slashApprovalTimelock: number;
+    slashExpiry: number;
+    maxFeeSlippageBps: number;
+    minScoreUpdateInterval: number;
+    circuitBreakerCooldown: number;
+    oracleConsensusRequired: number;
+    pendingScoreExpiry: number;
+    maxPlatformFeeBps: number;
+    minPlatformFeeBps: number;
+    merkleProofMaxSize: number;
+    maxEpochBitmap: number;
+    votingPowerVerifiedOnChain: boolean;
+};
+declare const VALID_URI_PREFIXES: readonly ["ipfs://", "https://", "ar://"];
+declare const MAX_URI_LENGTH = 128;
+declare const MERKLE_CONSTANTS: {
+    leafDomainPrefix: string;
+};
+/** Maximum Merkle proof size (H-NEW-02) - prevents DoS attacks */
+declare const MERKLE_PROOF_MAX_SIZE = 32;
+/** Maximum supported epoch number with bitmap storage (H-NEW-04) */
+declare const MAX_EPOCH_BITMAP = 1023;
+/**
+ * @deprecated The legacy slash_tokens function is disabled (C-NEW-02).
+ * Use propose_slash -> approve_slash -> execute_slash flow instead.
+ */
+declare const LEGACY_SLASH_DEPRECATED = true;
 
 interface ConnectionConfig {
     endpoint: string;
@@ -237,7 +277,12 @@ declare function getCurrentTimestamp(): number;
 declare function timestampToDate(timestamp: number | BN): Date;
 declare function dateToTimestamp(date: Date): number;
 
-interface VCoinConfig {
+/** Two-step authority transfer fields (H-02) */
+interface PendingAuthorityFields {
+    pendingAuthority?: PublicKey;
+    pendingAuthorityActivatedAt?: BN;
+}
+interface VCoinConfig extends PendingAuthorityFields {
     authority: PublicKey;
     mint: PublicKey;
     permanentDelegate: PublicKey;
@@ -245,6 +290,25 @@ interface VCoinConfig {
     totalMinted: BN;
     totalBurned: BN;
 }
+/** Governance-controlled slashing request (H-01) */
+declare enum SlashStatus {
+    Proposed = 0,
+    Approved = 1,
+    Executed = 2,
+    Cancelled = 3
+}
+interface SlashRequest {
+    target: PublicKey;
+    requestId: BN;
+    amount: BN;
+    reason: Uint8Array;
+    proposer: PublicKey;
+    proposedAt: BN;
+    approvedAt?: BN;
+    executedAt?: BN;
+    status: SlashStatus;
+    governanceProposal?: PublicKey;
+}
 declare enum StakingTier {
     None = 0,
     Bronze = 1,
@@ -252,13 +316,14 @@ declare enum StakingTier {
     Gold = 3,
     Platinum = 4
 }
-interface StakingPool {
+interface StakingPool extends PendingAuthorityFields {
     authority: PublicKey;
     vcoinMint: PublicKey;
     vevcoinMint: PublicKey;
     totalStaked: BN;
     totalVevcoinMinted: BN;
     paused: boolean;
+    reentrancyGuard?: boolean;
 }
 interface UserStake {
     user: PublicKey;
@@ -279,6 +344,15 @@ declare enum ProposalStatus {
     Executed = 3,
     Cancelled = 4
 }
+/**
+ * Vote choice for governance voting (v2.8.0 C-NEW-01)
+ * Voting power params are now read from on-chain state, not passed as parameters
+ */
+declare enum VoteChoice {
+    Against = 0,
+    For = 1,
+    Abstain = 2
+}
 interface Proposal {
     id: BN;
     proposer: PublicKey;
@@ -305,13 +379,15 @@ interface CreateProposalParams {
     category: number;
     durationDays: number;
 }
-interface RewardsPoolConfig {
+interface RewardsPoolConfig extends PendingAuthorityFields {
     authority: PublicKey;
     vcoinMint: PublicKey;
     currentEpoch: BN;
     totalDistributed: BN;
     remainingReserves: BN;
     paused: boolean;
+    circuitBreakerActive?: boolean;
+    circuitBreakerTriggeredAt?: BN;
 }
 interface EpochDistribution {
     epoch: BN;
@@ -326,6 +402,9 @@ interface UserClaim {
     lastClaimedEpoch: BN;
     totalClaimed: BN;
     claimsCount: number;
+    claimedEpochsBitmap?: BN[];
+    claimedEpochsBitmapExt?: BN[];
+    highEpochsBitmap?: BN[];
 }
 interface ClaimRewardsParams {
     epoch: BN;
@@ -342,7 +421,7 @@ declare enum ActionType {
     Delegate = 6,
     Vote = 7
 }
-interface ViLinkConfig {
+interface ViLinkConfig extends PendingAuthorityFields {
     authority: PublicKey;
     vcoinMint: PublicKey;
     treasury: PublicKey;
@@ -379,7 +458,7 @@ declare enum FeeMethod {
     VCoinDeduction = 1,
     SSCREDeduction = 2
 }
-interface GaslessConfig {
+interface GaslessConfig extends PendingAuthorityFields {
     authority: PublicKey;
     feePayer: PublicKey;
     vcoinMint: PublicKey;
@@ -389,6 +468,7 @@ interface GaslessConfig {
     totalSubsidizedTx: BN;
     totalVcoinCollected: BN;
     paused: boolean;
+    maxSlippageBps?: number;
 }
 interface SessionKey {
     user: PublicKey;
@@ -474,6 +554,75 @@ interface UserEnergy {
     lastRegenTime: BN;
     tier: number;
 }
+interface RegistryConfig extends PendingAuthorityFields {
+    authority: PublicKey;
+    paused: boolean;
+    totalContent: BN;
+}
+interface IdentityConfig extends PendingAuthorityFields {
+    authority: PublicKey;
+    paused: boolean;
+    totalIdentities: BN;
+}
+interface FiveAConfig extends PendingAuthorityFields {
+    authority: PublicKey;
+    paused: boolean;
+    oracleConsensusRequired: number;
+}
+interface GovernanceConfig extends PendingAuthorityFields {
+    authority: PublicKey;
+    vevcoinMint: PublicKey;
+    paused: boolean;
+    proposalCount: BN;
+    zkVotingEnabled: boolean;
+}
+/** ZK voting decryption share storage (C-02) */
+interface DecryptionShare {
+    proposal: PublicKey;
+    committeeIndex: number;
+    committeeMember: PublicKey;
+    share: Uint8Array;
+    submittedAt: BN;
+}
+/** Private voting config with committee tracking (C-02) */
+interface PrivateVotingConfig {
+    proposal: PublicKey;
+    encryptionPubkey: PublicKey;
+    decryptionThreshold: number;
+    decryptionCommittee: PublicKey[];
+    sharesSubmitted: boolean[];
+    revealCompleted: boolean;
+    aggregatedFor: BN;
+    aggregatedAgainst: BN;
+}
+/** Delegation with expiry (M-07) */
+interface Delegation {
+    delegator: PublicKey;
+    delegate: PublicKey;
+    delegationType: number;
+    delegatedAmount: BN;
+    expiresAt?: BN;
+    revocable: boolean;
+}
+/** Pending score update for oracle consensus */
+interface PendingScoreUpdate {
+    user: PublicKey;
+    authenticity: number;
+    accuracy: number;
+    agility: number;
+    activity: number;
+    approved: number;
+    oracleSubmissions: PublicKey[];
+    submissionCount: number;
+    createdAt: BN;
+    expiresAt: BN;
+}
+interface HookConfig extends PendingAuthorityFields {
+    authority: PublicKey;
+    vcoinMint: PublicKey;
+    blockWashTrading: boolean;
+    paused: boolean;
+}
 
 /**
  * Governance Client for ViWoApp governance operations
@@ -550,6 +699,13 @@ declare class GovernanceClient {
     buildCreateProposalTransaction(params: CreateProposalParams): Promise<Transaction>;
     /**
      * Build vote transaction
+     *
+     * @note v2.8.0 (C-NEW-01): Voting power parameters (vevcoin_balance, five_a_score, tier)
+     * are now read from on-chain state, not passed as parameters. This prevents vote manipulation.
+     * The transaction only needs: proposal_id and choice (VoteChoice enum)
+     *
+     * @param proposalId - The proposal to vote on
+     * @param support - true = For, false = Against (use VoteChoice for more options)
      */
     buildVoteTransaction(proposalId: BN, support: boolean): Promise<Transaction>;
     /**
@@ -1196,4 +1352,4 @@ declare class StakingClient {
     buildExtendLockTransaction(newDuration: number): Promise<Transaction>;
 }
 
-export { ACTION_SCOPES, ActionType, CONTENT_CONSTANTS, type ClaimRewardsParams, type ConnectionConfig, ContentClient, type ContentRecord, ContentState, type CreateActionParams, type CreateProposalParams, type CreateSessionParams, type EpochDistribution, FIVE_A_CONSTANTS, FeeMethod, FiveAClient, type FiveAScore, GASLESS_CONSTANTS, GOVERNANCE_CONSTANTS, GaslessClient, type GaslessConfig, GovernanceClient, type Identity, IdentityClient, LOCK_DURATIONS, PDAs, PROGRAM_IDS, type Proposal, ProposalStatus, RewardsClient, type RewardsPoolConfig, SEEDS, SSCRE_CONSTANTS, STAKING_TIERS, type SessionKey, type StakeParams, StakingClient, type StakingPool, StakingTier, TransactionBuilder, type UserClaim, type UserEnergy, type UserGaslessStats, type UserStake, VCOIN_DECIMALS, VCOIN_INITIAL_CIRCULATING, VCOIN_TOTAL_SUPPLY, type VCoinConfig, VEVCOIN_DECIMALS, VILINK_CONSTANTS, VerificationLevel, type ViLinkAction, ViLinkClient, type ViLinkConfig, ViWoClient, ViWoConnection, type VoteRecord, type VouchRecord, type WalletAdapter, dateToTimestamp, formatVCoin, getCurrentTimestamp, parseVCoin, timestampToDate };
+export { ACTION_SCOPES, ActionType, CONTENT_CONSTANTS, type ClaimRewardsParams, type ConnectionConfig, ContentClient, type ContentRecord, ContentState, type CreateActionParams, type CreateProposalParams, type CreateSessionParams, type DecryptionShare, type Delegation, type EpochDistribution, FIVE_A_CONSTANTS, FeeMethod, FiveAClient, type FiveAConfig, type FiveAScore, GASLESS_CONSTANTS, GOVERNANCE_CONSTANTS, GaslessClient, type GaslessConfig, GovernanceClient, type GovernanceConfig, type HookConfig, type Identity, IdentityClient, type IdentityConfig, LEGACY_SLASH_DEPRECATED, LOCK_DURATIONS, MAX_EPOCH_BITMAP, MAX_URI_LENGTH, MERKLE_CONSTANTS, MERKLE_PROOF_MAX_SIZE, PDAs, PROGRAM_IDS, type PendingAuthorityFields, type PendingScoreUpdate, type PrivateVotingConfig, type Proposal, ProposalStatus, type RegistryConfig, RewardsClient, type RewardsPoolConfig, SECURITY_CONSTANTS, SEEDS, SSCRE_CONSTANTS, STAKING_TIERS, type SessionKey, type SlashRequest, SlashStatus, type StakeParams, StakingClient, type StakingPool, StakingTier, TransactionBuilder, type UserClaim, type UserEnergy, type UserGaslessStats, type UserStake, VALID_URI_PREFIXES, VCOIN_DECIMALS, VCOIN_INITIAL_CIRCULATING, VCOIN_TOTAL_SUPPLY, type VCoinConfig, VEVCOIN_DECIMALS, VILINK_CONSTANTS, VerificationLevel, type ViLinkAction, ViLinkClient, type ViLinkConfig, ViWoClient, ViWoConnection, VoteChoice, type VoteRecord, type VouchRecord, type WalletAdapter, dateToTimestamp, formatVCoin, getCurrentTimestamp, parseVCoin, timestampToDate };

package/dist/index.d.ts

@@ -44,6 +44,9 @@ declare const SEEDS: {
     registryConfig: string;
     content: string;
     userEnergy: string;
+    slashRequest: string;
+    decryptionShare: string;
+    pendingScore: string;
 };
 declare const VCOIN_DECIMALS = 9;
 declare const VEVCOIN_DECIMALS = 9;
@@ -95,12 +98,15 @@ declare const SSCRE_CONSTANTS: {
     claimWindow: number;
     gaslessFeeBps: number;
     minClaimAmount: number;
+    circuitBreakerCooldown: number;
 };
 declare const VILINK_CONSTANTS: {
     maxActionExpiry: number;
     minTipAmount: number;
     maxTipAmount: number;
     platformFeeBps: number;
+    maxPlatformFeeBps: number;
+    minPlatformFeeBps: number;
 };
 declare const ACTION_SCOPES: {
     tip: number;
@@ -122,6 +128,7 @@ declare const GASLESS_CONSTANTS: {
     sscreDeductionBps: number;
     dailySubsidyBudget: number;
     maxSubsidizedPerUser: number;
+    maxSlippageBps: number;
 };
 declare const FIVE_A_CONSTANTS: {
     maxScore: number;
@@ -139,6 +146,9 @@ declare const FIVE_A_CONSTANTS: {
         "60-80": number;
         "80-100": number;
     };
+    oracleConsensusRequired: number;
+    pendingScoreExpiry: number;
+    minScoreUpdateInterval: number;
 };
 declare const CONTENT_CONSTANTS: {
     maxEnergy: number;
@@ -153,7 +163,37 @@ declare const GOVERNANCE_CONSTANTS: {
     executionDelay: number;
     vetoWindow: number;
     quorumBps: number;
+    zkVotingEnabled: boolean;
 };
+declare const SECURITY_CONSTANTS: {
+    authorityTransferTimelock: number;
+    slashApprovalTimelock: number;
+    slashExpiry: number;
+    maxFeeSlippageBps: number;
+    minScoreUpdateInterval: number;
+    circuitBreakerCooldown: number;
+    oracleConsensusRequired: number;
+    pendingScoreExpiry: number;
+    maxPlatformFeeBps: number;
+    minPlatformFeeBps: number;
+    merkleProofMaxSize: number;
+    maxEpochBitmap: number;
+    votingPowerVerifiedOnChain: boolean;
+};
+declare const VALID_URI_PREFIXES: readonly ["ipfs://", "https://", "ar://"];
+declare const MAX_URI_LENGTH = 128;
+declare const MERKLE_CONSTANTS: {
+    leafDomainPrefix: string;
+};
+/** Maximum Merkle proof size (H-NEW-02) - prevents DoS attacks */
+declare const MERKLE_PROOF_MAX_SIZE = 32;
+/** Maximum supported epoch number with bitmap storage (H-NEW-04) */
+declare const MAX_EPOCH_BITMAP = 1023;
+/**
+ * @deprecated The legacy slash_tokens function is disabled (C-NEW-02).
+ * Use propose_slash -> approve_slash -> execute_slash flow instead.
+ */
+declare const LEGACY_SLASH_DEPRECATED = true;
 
 interface ConnectionConfig {
     endpoint: string;
@@ -237,7 +277,12 @@ declare function getCurrentTimestamp(): number;
 declare function timestampToDate(timestamp: number | BN): Date;
 declare function dateToTimestamp(date: Date): number;
 
-interface VCoinConfig {
+/** Two-step authority transfer fields (H-02) */
+interface PendingAuthorityFields {
+    pendingAuthority?: PublicKey;
+    pendingAuthorityActivatedAt?: BN;
+}
+interface VCoinConfig extends PendingAuthorityFields {
     authority: PublicKey;
     mint: PublicKey;
     permanentDelegate: PublicKey;
@@ -245,6 +290,25 @@ interface VCoinConfig {
     totalMinted: BN;
     totalBurned: BN;
 }
+/** Governance-controlled slashing request (H-01) */
+declare enum SlashStatus {
+    Proposed = 0,
+    Approved = 1,
+    Executed = 2,
+    Cancelled = 3
+}
+interface SlashRequest {
+    target: PublicKey;
+    requestId: BN;
+    amount: BN;
+    reason: Uint8Array;
+    proposer: PublicKey;
+    proposedAt: BN;
+    approvedAt?: BN;
+    executedAt?: BN;
+    status: SlashStatus;
+    governanceProposal?: PublicKey;
+}
 declare enum StakingTier {
     None = 0,
     Bronze = 1,
@@ -252,13 +316,14 @@ declare enum StakingTier {
     Gold = 3,
     Platinum = 4
 }
-interface StakingPool {
+interface StakingPool extends PendingAuthorityFields {
     authority: PublicKey;
     vcoinMint: PublicKey;
     vevcoinMint: PublicKey;
     totalStaked: BN;
     totalVevcoinMinted: BN;
     paused: boolean;
+    reentrancyGuard?: boolean;
 }
 interface UserStake {
     user: PublicKey;
@@ -279,6 +344,15 @@ declare enum ProposalStatus {
     Executed = 3,
     Cancelled = 4
 }
+/**
+ * Vote choice for governance voting (v2.8.0 C-NEW-01)
+ * Voting power params are now read from on-chain state, not passed as parameters
+ */
+declare enum VoteChoice {
+    Against = 0,
+    For = 1,
+    Abstain = 2
+}
 interface Proposal {
     id: BN;
     proposer: PublicKey;
@@ -305,13 +379,15 @@ interface CreateProposalParams {
     category: number;
     durationDays: number;
 }
-interface RewardsPoolConfig {
+interface RewardsPoolConfig extends PendingAuthorityFields {
     authority: PublicKey;
     vcoinMint: PublicKey;
     currentEpoch: BN;
     totalDistributed: BN;
     remainingReserves: BN;
     paused: boolean;
+    circuitBreakerActive?: boolean;
+    circuitBreakerTriggeredAt?: BN;
 }
 interface EpochDistribution {
     epoch: BN;
@@ -326,6 +402,9 @@ interface UserClaim {
     lastClaimedEpoch: BN;
     totalClaimed: BN;
     claimsCount: number;
+    claimedEpochsBitmap?: BN[];
+    claimedEpochsBitmapExt?: BN[];
+    highEpochsBitmap?: BN[];
 }
 interface ClaimRewardsParams {
     epoch: BN;
@@ -342,7 +421,7 @@ declare enum ActionType {
     Delegate = 6,
     Vote = 7
 }
-interface ViLinkConfig {
+interface ViLinkConfig extends PendingAuthorityFields {
     authority: PublicKey;
     vcoinMint: PublicKey;
     treasury: PublicKey;
@@ -379,7 +458,7 @@ declare enum FeeMethod {
     VCoinDeduction = 1,
     SSCREDeduction = 2
 }
-interface GaslessConfig {
+interface GaslessConfig extends PendingAuthorityFields {
     authority: PublicKey;
     feePayer: PublicKey;
     vcoinMint: PublicKey;
@@ -389,6 +468,7 @@ interface GaslessConfig {
     totalSubsidizedTx: BN;
     totalVcoinCollected: BN;
     paused: boolean;
+    maxSlippageBps?: number;
 }
 interface SessionKey {
     user: PublicKey;
@@ -474,6 +554,75 @@ interface UserEnergy {
     lastRegenTime: BN;
     tier: number;
 }
+interface RegistryConfig extends PendingAuthorityFields {
+    authority: PublicKey;
+    paused: boolean;
+    totalContent: BN;
+}
+interface IdentityConfig extends PendingAuthorityFields {
+    authority: PublicKey;
+    paused: boolean;
+    totalIdentities: BN;
+}
+interface FiveAConfig extends PendingAuthorityFields {
+    authority: PublicKey;
+    paused: boolean;
+    oracleConsensusRequired: number;
+}
+interface GovernanceConfig extends PendingAuthorityFields {
+    authority: PublicKey;
+    vevcoinMint: PublicKey;
+    paused: boolean;
+    proposalCount: BN;
+    zkVotingEnabled: boolean;
+}
+/** ZK voting decryption share storage (C-02) */
+interface DecryptionShare {
+    proposal: PublicKey;
+    committeeIndex: number;
+    committeeMember: PublicKey;
+    share: Uint8Array;
+    submittedAt: BN;
+}
+/** Private voting config with committee tracking (C-02) */
+interface PrivateVotingConfig {
+    proposal: PublicKey;
+    encryptionPubkey: PublicKey;
+    decryptionThreshold: number;
+    decryptionCommittee: PublicKey[];
+    sharesSubmitted: boolean[];
+    revealCompleted: boolean;
+    aggregatedFor: BN;
+    aggregatedAgainst: BN;
+}
+/** Delegation with expiry (M-07) */
+interface Delegation {
+    delegator: PublicKey;
+    delegate: PublicKey;
+    delegationType: number;
+    delegatedAmount: BN;
+    expiresAt?: BN;
+    revocable: boolean;
+}
+/** Pending score update for oracle consensus */
+interface PendingScoreUpdate {
+    user: PublicKey;
+    authenticity: number;
+    accuracy: number;
+    agility: number;
+    activity: number;
+    approved: number;
+    oracleSubmissions: PublicKey[];
+    submissionCount: number;
+    createdAt: BN;
+    expiresAt: BN;
+}
+interface HookConfig extends PendingAuthorityFields {
+    authority: PublicKey;
+    vcoinMint: PublicKey;
+    blockWashTrading: boolean;
+    paused: boolean;
+}
 
 /**
  * Governance Client for ViWoApp governance operations
@@ -550,6 +699,13 @@ declare class GovernanceClient {
     buildCreateProposalTransaction(params: CreateProposalParams): Promise<Transaction>;
     /**
      * Build vote transaction
+     *
+     * @note v2.8.0 (C-NEW-01): Voting power parameters (vevcoin_balance, five_a_score, tier)
+     * are now read from on-chain state, not passed as parameters. This prevents vote manipulation.
+     * The transaction only needs: proposal_id and choice (VoteChoice enum)
+     *
+     * @param proposalId - The proposal to vote on
+     * @param support - true = For, false = Against (use VoteChoice for more options)
      */
     buildVoteTransaction(proposalId: BN, support: boolean): Promise<Transaction>;
     /**
@@ -1196,4 +1352,4 @@ declare class StakingClient {
     buildExtendLockTransaction(newDuration: number): Promise<Transaction>;
 }
 
-export { ACTION_SCOPES, ActionType, CONTENT_CONSTANTS, type ClaimRewardsParams, type ConnectionConfig, ContentClient, type ContentRecord, ContentState, type CreateActionParams, type CreateProposalParams, type CreateSessionParams, type EpochDistribution, FIVE_A_CONSTANTS, FeeMethod, FiveAClient, type FiveAScore, GASLESS_CONSTANTS, GOVERNANCE_CONSTANTS, GaslessClient, type GaslessConfig, GovernanceClient, type Identity, IdentityClient, LOCK_DURATIONS, PDAs, PROGRAM_IDS, type Proposal, ProposalStatus, RewardsClient, type RewardsPoolConfig, SEEDS, SSCRE_CONSTANTS, STAKING_TIERS, type SessionKey, type StakeParams, StakingClient, type StakingPool, StakingTier, TransactionBuilder, type UserClaim, type UserEnergy, type UserGaslessStats, type UserStake, VCOIN_DECIMALS, VCOIN_INITIAL_CIRCULATING, VCOIN_TOTAL_SUPPLY, type VCoinConfig, VEVCOIN_DECIMALS, VILINK_CONSTANTS, VerificationLevel, type ViLinkAction, ViLinkClient, type ViLinkConfig, ViWoClient, ViWoConnection, type VoteRecord, type VouchRecord, type WalletAdapter, dateToTimestamp, formatVCoin, getCurrentTimestamp, parseVCoin, timestampToDate };
+export { ACTION_SCOPES, ActionType, CONTENT_CONSTANTS, type ClaimRewardsParams, type ConnectionConfig, ContentClient, type ContentRecord, ContentState, type CreateActionParams, type CreateProposalParams, type CreateSessionParams, type DecryptionShare, type Delegation, type EpochDistribution, FIVE_A_CONSTANTS, FeeMethod, FiveAClient, type FiveAConfig, type FiveAScore, GASLESS_CONSTANTS, GOVERNANCE_CONSTANTS, GaslessClient, type GaslessConfig, GovernanceClient, type GovernanceConfig, type HookConfig, type Identity, IdentityClient, type IdentityConfig, LEGACY_SLASH_DEPRECATED, LOCK_DURATIONS, MAX_EPOCH_BITMAP, MAX_URI_LENGTH, MERKLE_CONSTANTS, MERKLE_PROOF_MAX_SIZE, PDAs, PROGRAM_IDS, type PendingAuthorityFields, type PendingScoreUpdate, type PrivateVotingConfig, type Proposal, ProposalStatus, type RegistryConfig, RewardsClient, type RewardsPoolConfig, SECURITY_CONSTANTS, SEEDS, SSCRE_CONSTANTS, STAKING_TIERS, type SessionKey, type SlashRequest, SlashStatus, type StakeParams, StakingClient, type StakingPool, StakingTier, TransactionBuilder, type UserClaim, type UserEnergy, type UserGaslessStats, type UserStake, VALID_URI_PREFIXES, VCOIN_DECIMALS, VCOIN_INITIAL_CIRCULATING, VCOIN_TOTAL_SUPPLY, type VCoinConfig, VEVCOIN_DECIMALS, VILINK_CONSTANTS, VerificationLevel, type ViLinkAction, ViLinkClient, type ViLinkConfig, ViWoClient, ViWoConnection, VoteChoice, type VoteRecord, type VouchRecord, type WalletAdapter, dateToTimestamp, formatVCoin, getCurrentTimestamp, parseVCoin, timestampToDate };

package/dist/index.js

@@ -34,17 +34,25 @@ __export(index_exports, {
   GaslessClient: () => GaslessClient,
   GovernanceClient: () => GovernanceClient,
   IdentityClient: () => IdentityClient,
+  LEGACY_SLASH_DEPRECATED: () => LEGACY_SLASH_DEPRECATED,
   LOCK_DURATIONS: () => LOCK_DURATIONS,
+  MAX_EPOCH_BITMAP: () => MAX_EPOCH_BITMAP,
+  MAX_URI_LENGTH: () => MAX_URI_LENGTH,
+  MERKLE_CONSTANTS: () => MERKLE_CONSTANTS,
+  MERKLE_PROOF_MAX_SIZE: () => MERKLE_PROOF_MAX_SIZE,
   PDAs: () => PDAs,
   PROGRAM_IDS: () => PROGRAM_IDS,
   ProposalStatus: () => ProposalStatus,
   RewardsClient: () => RewardsClient,
+  SECURITY_CONSTANTS: () => SECURITY_CONSTANTS,
   SEEDS: () => SEEDS,
   SSCRE_CONSTANTS: () => SSCRE_CONSTANTS,
   STAKING_TIERS: () => STAKING_TIERS,
+  SlashStatus: () => SlashStatus,
   StakingClient: () => StakingClient,
   StakingTier: () => StakingTier,
   TransactionBuilder: () => TransactionBuilder,
+  VALID_URI_PREFIXES: () => VALID_URI_PREFIXES,
   VCOIN_DECIMALS: () => VCOIN_DECIMALS,
   VCOIN_INITIAL_CIRCULATING: () => VCOIN_INITIAL_CIRCULATING,
   VCOIN_TOTAL_SUPPLY: () => VCOIN_TOTAL_SUPPLY,
@@ -54,6 +62,7 @@ __export(index_exports, {
   ViLinkClient: () => ViLinkClient,
   ViWoClient: () => ViWoClient,
   ViWoConnection: () => ViWoConnection,
+  VoteChoice: () => VoteChoice,
   dateToTimestamp: () => dateToTimestamp,
   formatVCoin: () => formatVCoin,
   getCurrentTimestamp: () => getCurrentTimestamp,
@@ -119,7 +128,14 @@ var SEEDS = {
   // Content
   registryConfig: "registry-config",
   content: "content",
-  userEnergy: "user-energy"
+  userEnergy: "user-energy",
+  // Security (Phase 2-4)
+  slashRequest: "slash-request",
+  // H-01: Governance slashing
+  decryptionShare: "decryption-share",
+  // C-02: ZK voting shares
+  pendingScore: "pending-score"
+  // H-05: Oracle consensus
 };
 var VCOIN_DECIMALS = 9;
 var VEVCOIN_DECIMALS = 9;
@@ -150,8 +166,10 @@ var SSCRE_CONSTANTS = {
   // 90 days
   gaslessFeeBps: 100,
   // 1%
-  minClaimAmount: 1
+  minClaimAmount: 1,
   // 1 VCoin
+  circuitBreakerCooldown: 21600
+  // M-05: 6 hours before reset
 };
 var VILINK_CONSTANTS = {
   maxActionExpiry: 7 * 24 * 3600,
@@ -160,8 +178,12 @@ var VILINK_CONSTANTS = {
   // 0.1 VCoin
   maxTipAmount: 1e4,
   // 10,000 VCoin
-  platformFeeBps: 250
+  platformFeeBps: 250,
   // 2.5%
+  maxPlatformFeeBps: 1e3,
+  // M-02: 10% max
+  minPlatformFeeBps: 10
+  // M-02: 0.1% min
 };
 var ACTION_SCOPES = {
   tip: 1 << 0,
@@ -187,7 +209,9 @@ var GASLESS_CONSTANTS = {
   // 1%
   dailySubsidyBudget: 10,
   // 10 SOL
-  maxSubsidizedPerUser: 50
+  maxSubsidizedPerUser: 50,
+  maxSlippageBps: 500
+  // L-03: 5% max slippage for fee conversion
 };
 var FIVE_A_CONSTANTS = {
   maxScore: 1e4,
@@ -210,7 +234,15 @@ var FIVE_A_CONSTANTS = {
     "40-60": 0.7,
     "60-80": 1,
     "80-100": 1.2
-  }
+  },
+  // H-05: Oracle consensus
+  oracleConsensusRequired: 3,
+  // 3-of-N oracles must agree
+  pendingScoreExpiry: 3600,
+  // 1 hour
+  // L-07: Rate limiting
+  minScoreUpdateInterval: 3600
+  // 1 hour between updates for same user
 };
 var CONTENT_CONSTANTS = {
   maxEnergy: 100,
@@ -229,9 +261,56 @@ var GOVERNANCE_CONSTANTS = {
   // 2 days
   vetoWindow: 24 * 3600,
   // 1 day
-  quorumBps: 400
+  quorumBps: 400,
   // 4%
+  zkVotingEnabled: false
+  // C-01: Disabled until proper ZK infrastructure
+};
+var SECURITY_CONSTANTS = {
+  // H-02: Two-step authority transfer
+  authorityTransferTimelock: 24 * 3600,
+  // 24 hours
+  // H-01: Governance-controlled slashing
+  slashApprovalTimelock: 48 * 3600,
+  // 48 hours
+  slashExpiry: 7 * 24 * 3600,
+  // 7 days
+  // L-03: Slippage protection for gasless fees
+  maxFeeSlippageBps: 500,
+  // 5% max slippage
+  // L-07: Oracle rate limiting
+  minScoreUpdateInterval: 3600,
+  // 1 hour between updates for same user
+  // M-05: Circuit breaker cooldown
+  circuitBreakerCooldown: 21600,
+  // 6 hours (6 * 3600)
+  // H-05: Oracle consensus
+  oracleConsensusRequired: 3,
+  // 3-of-N oracles must agree
+  pendingScoreExpiry: 3600,
+  // 1 hour
+  // M-02: Platform fee bounds (ViLink)
+  maxPlatformFeeBps: 1e3,
+  // 10% max
+  minPlatformFeeBps: 10,
+  // 0.1% min
+  // v2.8.0 Phase 5 additions
+  merkleProofMaxSize: 32,
+  // H-NEW-02: Max proof levels (supports 4B+ users)
+  maxEpochBitmap: 1023,
+  // H-NEW-04: Max epoch with bitmap storage (85+ years)
+  votingPowerVerifiedOnChain: true
+  // C-NEW-01: Params read from chain, not passed
+};
+var VALID_URI_PREFIXES = ["ipfs://", "https://", "ar://"];
+var MAX_URI_LENGTH = 128;
+var MERKLE_CONSTANTS = {
+  leafDomainPrefix: "SSCRE_CLAIM_V1"
+  // Domain separation for merkle leaves
 };
+var MERKLE_PROOF_MAX_SIZE = 32;
+var MAX_EPOCH_BITMAP = 1023;
+var LEGACY_SLASH_DEPRECATED = true;
 
 // src/core/index.ts
 var ViWoConnection = class {
@@ -500,6 +579,13 @@ function dateToTimestamp(date) {
 }
 
 // src/types.ts
+var SlashStatus = /* @__PURE__ */ ((SlashStatus2) => {
+  SlashStatus2[SlashStatus2["Proposed"] = 0] = "Proposed";
+  SlashStatus2[SlashStatus2["Approved"] = 1] = "Approved";
+  SlashStatus2[SlashStatus2["Executed"] = 2] = "Executed";
+  SlashStatus2[SlashStatus2["Cancelled"] = 3] = "Cancelled";
+  return SlashStatus2;
+})(SlashStatus || {});
 var StakingTier = /* @__PURE__ */ ((StakingTier2) => {
   StakingTier2[StakingTier2["None"] = 0] = "None";
   StakingTier2[StakingTier2["Bronze"] = 1] = "Bronze";
@@ -516,6 +602,12 @@ var ProposalStatus = /* @__PURE__ */ ((ProposalStatus2) => {
   ProposalStatus2[ProposalStatus2["Cancelled"] = 4] = "Cancelled";
   return ProposalStatus2;
 })(ProposalStatus || {});
+var VoteChoice = /* @__PURE__ */ ((VoteChoice2) => {
+  VoteChoice2[VoteChoice2["Against"] = 0] = "Against";
+  VoteChoice2[VoteChoice2["For"] = 1] = "For";
+  VoteChoice2[VoteChoice2["Abstain"] = 2] = "Abstain";
+  return VoteChoice2;
+})(VoteChoice || {});
 var ActionType = /* @__PURE__ */ ((ActionType2) => {
   ActionType2[ActionType2["Tip"] = 0] = "Tip";
   ActionType2[ActionType2["Vouch"] = 1] = "Vouch";
@@ -916,6 +1008,13 @@ var GovernanceClient = class {
   }
   /**
    * Build vote transaction
+   * 
+   * @note v2.8.0 (C-NEW-01): Voting power parameters (vevcoin_balance, five_a_score, tier) 
+   * are now read from on-chain state, not passed as parameters. This prevents vote manipulation.
+   * The transaction only needs: proposal_id and choice (VoteChoice enum)
+   * 
+   * @param proposalId - The proposal to vote on
+   * @param support - true = For, false = Against (use VoteChoice for more options)
    */
   async buildVoteTransaction(proposalId, support) {
     if (!this.client.publicKey) {
@@ -926,6 +1025,7 @@ var GovernanceClient = class {
       throw new Error("Already voted on this proposal");
     }
     const tx = new import_web34.Transaction();
+    const choice = support ? 1 /* For */ : 0 /* Against */;
     return tx;
   }
   /**
@@ -2318,17 +2418,25 @@ var ViWoClient = class {
   GaslessClient,
   GovernanceClient,
   IdentityClient,
+  LEGACY_SLASH_DEPRECATED,
   LOCK_DURATIONS,
+  MAX_EPOCH_BITMAP,
+  MAX_URI_LENGTH,
+  MERKLE_CONSTANTS,
+  MERKLE_PROOF_MAX_SIZE,
   PDAs,
   PROGRAM_IDS,
   ProposalStatus,
   RewardsClient,
+  SECURITY_CONSTANTS,
   SEEDS,
   SSCRE_CONSTANTS,
   STAKING_TIERS,
+  SlashStatus,
   StakingClient,
   StakingTier,
   TransactionBuilder,
+  VALID_URI_PREFIXES,
   VCOIN_DECIMALS,
   VCOIN_INITIAL_CIRCULATING,
   VCOIN_TOTAL_SUPPLY,
@@ -2338,6 +2446,7 @@ var ViWoClient = class {
   ViLinkClient,
   ViWoClient,
   ViWoConnection,
+  VoteChoice,
   dateToTimestamp,
   formatVCoin,
   getCurrentTimestamp,

package/dist/index.mjs

@@ -59,7 +59,14 @@ var SEEDS = {
   // Content
   registryConfig: "registry-config",
   content: "content",
-  userEnergy: "user-energy"
+  userEnergy: "user-energy",
+  // Security (Phase 2-4)
+  slashRequest: "slash-request",
+  // H-01: Governance slashing
+  decryptionShare: "decryption-share",
+  // C-02: ZK voting shares
+  pendingScore: "pending-score"
+  // H-05: Oracle consensus
 };
 var VCOIN_DECIMALS = 9;
 var VEVCOIN_DECIMALS = 9;
@@ -90,8 +97,10 @@ var SSCRE_CONSTANTS = {
   // 90 days
   gaslessFeeBps: 100,
   // 1%
-  minClaimAmount: 1
+  minClaimAmount: 1,
   // 1 VCoin
+  circuitBreakerCooldown: 21600
+  // M-05: 6 hours before reset
 };
 var VILINK_CONSTANTS = {
   maxActionExpiry: 7 * 24 * 3600,
@@ -100,8 +109,12 @@ var VILINK_CONSTANTS = {
   // 0.1 VCoin
   maxTipAmount: 1e4,
   // 10,000 VCoin
-  platformFeeBps: 250
+  platformFeeBps: 250,
   // 2.5%
+  maxPlatformFeeBps: 1e3,
+  // M-02: 10% max
+  minPlatformFeeBps: 10
+  // M-02: 0.1% min
 };
 var ACTION_SCOPES = {
   tip: 1 << 0,
@@ -127,7 +140,9 @@ var GASLESS_CONSTANTS = {
   // 1%
   dailySubsidyBudget: 10,
   // 10 SOL
-  maxSubsidizedPerUser: 50
+  maxSubsidizedPerUser: 50,
+  maxSlippageBps: 500
+  // L-03: 5% max slippage for fee conversion
 };
 var FIVE_A_CONSTANTS = {
   maxScore: 1e4,
@@ -150,7 +165,15 @@ var FIVE_A_CONSTANTS = {
     "40-60": 0.7,
     "60-80": 1,
     "80-100": 1.2
-  }
+  },
+  // H-05: Oracle consensus
+  oracleConsensusRequired: 3,
+  // 3-of-N oracles must agree
+  pendingScoreExpiry: 3600,
+  // 1 hour
+  // L-07: Rate limiting
+  minScoreUpdateInterval: 3600
+  // 1 hour between updates for same user
 };
 var CONTENT_CONSTANTS = {
   maxEnergy: 100,
@@ -169,9 +192,56 @@ var GOVERNANCE_CONSTANTS = {
   // 2 days
   vetoWindow: 24 * 3600,
   // 1 day
-  quorumBps: 400
+  quorumBps: 400,
   // 4%
+  zkVotingEnabled: false
+  // C-01: Disabled until proper ZK infrastructure
+};
+var SECURITY_CONSTANTS = {
+  // H-02: Two-step authority transfer
+  authorityTransferTimelock: 24 * 3600,
+  // 24 hours
+  // H-01: Governance-controlled slashing
+  slashApprovalTimelock: 48 * 3600,
+  // 48 hours
+  slashExpiry: 7 * 24 * 3600,
+  // 7 days
+  // L-03: Slippage protection for gasless fees
+  maxFeeSlippageBps: 500,
+  // 5% max slippage
+  // L-07: Oracle rate limiting
+  minScoreUpdateInterval: 3600,
+  // 1 hour between updates for same user
+  // M-05: Circuit breaker cooldown
+  circuitBreakerCooldown: 21600,
+  // 6 hours (6 * 3600)
+  // H-05: Oracle consensus
+  oracleConsensusRequired: 3,
+  // 3-of-N oracles must agree
+  pendingScoreExpiry: 3600,
+  // 1 hour
+  // M-02: Platform fee bounds (ViLink)
+  maxPlatformFeeBps: 1e3,
+  // 10% max
+  minPlatformFeeBps: 10,
+  // 0.1% min
+  // v2.8.0 Phase 5 additions
+  merkleProofMaxSize: 32,
+  // H-NEW-02: Max proof levels (supports 4B+ users)
+  maxEpochBitmap: 1023,
+  // H-NEW-04: Max epoch with bitmap storage (85+ years)
+  votingPowerVerifiedOnChain: true
+  // C-NEW-01: Params read from chain, not passed
+};
+var VALID_URI_PREFIXES = ["ipfs://", "https://", "ar://"];
+var MAX_URI_LENGTH = 128;
+var MERKLE_CONSTANTS = {
+  leafDomainPrefix: "SSCRE_CLAIM_V1"
+  // Domain separation for merkle leaves
 };
+var MERKLE_PROOF_MAX_SIZE = 32;
+var MAX_EPOCH_BITMAP = 1023;
+var LEGACY_SLASH_DEPRECATED = true;
 
 // src/core/index.ts
 var ViWoConnection = class {
@@ -440,6 +510,13 @@ function dateToTimestamp(date) {
 }
 
 // src/types.ts
+var SlashStatus = /* @__PURE__ */ ((SlashStatus2) => {
+  SlashStatus2[SlashStatus2["Proposed"] = 0] = "Proposed";
+  SlashStatus2[SlashStatus2["Approved"] = 1] = "Approved";
+  SlashStatus2[SlashStatus2["Executed"] = 2] = "Executed";
+  SlashStatus2[SlashStatus2["Cancelled"] = 3] = "Cancelled";
+  return SlashStatus2;
+})(SlashStatus || {});
 var StakingTier = /* @__PURE__ */ ((StakingTier2) => {
   StakingTier2[StakingTier2["None"] = 0] = "None";
   StakingTier2[StakingTier2["Bronze"] = 1] = "Bronze";
@@ -456,6 +533,12 @@ var ProposalStatus = /* @__PURE__ */ ((ProposalStatus2) => {
   ProposalStatus2[ProposalStatus2["Cancelled"] = 4] = "Cancelled";
   return ProposalStatus2;
 })(ProposalStatus || {});
+var VoteChoice = /* @__PURE__ */ ((VoteChoice2) => {
+  VoteChoice2[VoteChoice2["Against"] = 0] = "Against";
+  VoteChoice2[VoteChoice2["For"] = 1] = "For";
+  VoteChoice2[VoteChoice2["Abstain"] = 2] = "Abstain";
+  return VoteChoice2;
+})(VoteChoice || {});
 var ActionType = /* @__PURE__ */ ((ActionType2) => {
   ActionType2[ActionType2["Tip"] = 0] = "Tip";
   ActionType2[ActionType2["Vouch"] = 1] = "Vouch";
@@ -856,6 +939,13 @@ var GovernanceClient = class {
   }
   /**
    * Build vote transaction
+   * 
+   * @note v2.8.0 (C-NEW-01): Voting power parameters (vevcoin_balance, five_a_score, tier) 
+   * are now read from on-chain state, not passed as parameters. This prevents vote manipulation.
+   * The transaction only needs: proposal_id and choice (VoteChoice enum)
+   * 
+   * @param proposalId - The proposal to vote on
+   * @param support - true = For, false = Against (use VoteChoice for more options)
    */
   async buildVoteTransaction(proposalId, support) {
     if (!this.client.publicKey) {
@@ -866,6 +956,7 @@ var GovernanceClient = class {
       throw new Error("Already voted on this proposal");
     }
     const tx = new Transaction3();
+    const choice = support ? 1 /* For */ : 0 /* Against */;
     return tx;
   }
   /**
@@ -2257,17 +2348,25 @@ export {
   GaslessClient,
   GovernanceClient,
   IdentityClient,
+  LEGACY_SLASH_DEPRECATED,
   LOCK_DURATIONS,
+  MAX_EPOCH_BITMAP,
+  MAX_URI_LENGTH,
+  MERKLE_CONSTANTS,
+  MERKLE_PROOF_MAX_SIZE,
   PDAs,
   PROGRAM_IDS,
   ProposalStatus,
   RewardsClient,
+  SECURITY_CONSTANTS,
   SEEDS,
   SSCRE_CONSTANTS,
   STAKING_TIERS,
+  SlashStatus,
   StakingClient,
   StakingTier,
   TransactionBuilder,
+  VALID_URI_PREFIXES,
   VCOIN_DECIMALS,
   VCOIN_INITIAL_CIRCULATING,
   VCOIN_TOTAL_SUPPLY,
@@ -2277,6 +2376,7 @@ export {
   ViLinkClient,
   ViWoClient,
   ViWoConnection,
+  VoteChoice,
   dateToTimestamp,
   formatVCoin,
   getCurrentTimestamp,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@viwoapp/sdk",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "ViWoApp SDK - TypeScript SDK for VCoin Protocol Integration",
   "main": "dist/index.js",
   "module": "dist/index.esm.js",
@@ -31,7 +31,10 @@
     "bs58": "^5.0.0"
   },
   "devDependencies": {
+    "@types/jest": "^29.5.0",
     "@types/node": "^20.0.0",
+    "jest": "^29.7.0",
+    "ts-jest": "^29.1.0",
     "tsup": "^8.0.0",
     "typescript": "^5.0.0"
   },