npm - @waiaas/daemon - Versions diffs - 2.11.0-rc.7 → 2.11.0 - Mend

@waiaas/daemon 2.11.0-rc.7 → 2.11.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (430) hide show

package/dist/pipeline/stages.js CHANGED Viewed

@@ -1,1898 +1,13 @@
 /**
- * 6-stage transaction pipeline stages.
- *
- * Stage 1: Validate request + INSERT PENDING transaction (with sessionId audit trail)
- * Stage 2: Auth (sessionId passthrough from route handler)
- * Stage 3: Policy evaluation (evaluateAndReserve TOCTOU-safe + downgradeIfNoOwner)
- * Stage 4: Wait (v1.1 passthrough, INSTANT tier only)
- * Stage 5: On-chain execution (build -> simulate -> sign -> submit)
- * Stage 6: Confirmation wait
- *
- * @see docs/32-pipeline-design.md
- */
-import { eq, sql } from 'drizzle-orm';
-import { WAIaaSError, ChainError, SendTransactionRequestSchema, TransactionRequestSchema, } from '@waiaas/core';
-import { wallets, transactions } from '../infrastructure/database/schema.js';
-import { generateId } from '../infrastructure/database/id.js';
-import { insertAuditLog } from '../infrastructure/database/audit-helper.js';
-import { DatabasePolicyEngine } from './database-policy-engine.js';
-import { downgradeIfNoOwner } from '../workflow/owner-state.js';
-import { GAS_SAFETY_NUMERATOR, GAS_SAFETY_DENOMINATOR } from '../constants.js';
-import { formatDisplayCurrency, formatAmount } from '@waiaas/core';
-import { resolveEffectiveAmountUsd } from './resolve-effective-amount-usd.js';
-import { sleep } from './sleep.js';
-import { rpcConfigKey } from '../infrastructure/adapter-pool.js';
-// v30.6: ERC-4337 smart account imports
-import { privateKeyToAccount } from 'viem/accounts';
-import { createPublicClient, http, encodeFunctionData, toHex } from 'viem';
-import { SmartAccountService, SOLADY_FACTORY_ADDRESS } from '../infrastructure/smart-account/smart-account-service.js';
-import { createSmartAccountBundlerClient } from '../infrastructure/smart-account/smart-account-clients.js';
-import { decryptProviderApiKey } from '../infrastructure/smart-account/aa-provider-crypto.js';
-// v1.5: CoinGecko 키 안내 힌트 최초 1회 추적 (데몬 재시작 시 리셋 OK)
-const hintedTokens = new Set();
-// Exported for test cleanup
-export { hintedTokens };
-// ---------------------------------------------------------------------------
-// [Phase 331] Action tier override resolution
-// ---------------------------------------------------------------------------
-/**
- * Resolve the effective tier for an action.
- * Priority: Settings override > provider hardcoded defaultTier.
- *
- * @param providerKey - Provider key, e.g. 'jupiter_swap'
- * @param actionName - Action name, e.g. 'swap'
- * @param actionDefaultTier - Provider hardcoded default tier
- * @param settingsService - SettingsService (optional, undefined = use default)
- * @returns The effective tier for this action
- */
-export function resolveActionTier(providerKey, actionName, actionDefaultTier, settingsService) {
-    if (!settingsService)
-        return actionDefaultTier;
-    const tierKey = `actions.${providerKey}_${actionName}_tier`;
-    try {
-        const override = settingsService.get(tierKey);
-        if (override && override !== '')
-            return override;
-    }
-    catch { /* key not found -- use default */ }
-    return actionDefaultTier;
-}
-// ---------------------------------------------------------------------------
-// Helper: safe request field accessors for union type
-// ---------------------------------------------------------------------------
-/** Safely extract `amount` from SendTransactionRequest | TransactionRequest. */
-export function getRequestAmount(req) {
-    if ('amount' in req && typeof req.amount === 'string')
-        return req.amount;
-    return '0';
-}
-/** Safely extract `to` from SendTransactionRequest | TransactionRequest. */
-export function getRequestTo(req) {
-    if ('to' in req && typeof req.to === 'string')
-        return req.to;
-    return '';
-}
-/** Safely extract `memo` from SendTransactionRequest | TransactionRequest. */
-export function getRequestMemo(req) {
-    if ('memo' in req && typeof req.memo === 'string')
-        return req.memo;
-    return undefined;
-}
-// ---------------------------------------------------------------------------
-// Helper: format notification amount with token symbol
-// ---------------------------------------------------------------------------
-const NATIVE_DECIMALS = { solana: 9, ethereum: 18 };
-const NATIVE_SYMBOLS = { solana: 'SOL', ethereum: 'ETH' };
-/**
- * Format raw blockchain amount to human-readable string with token symbol.
- * e.g. "1000000000000000000" → "1 ETH", "100000000" → "100 USDC"
- */
-function formatNotificationAmount(req, chain) {
-    const raw = getRequestAmount(req);
-    if (raw === '0' || raw === '')
-        return '0';
-    try {
-        if ('type' in req && req.type === 'TOKEN_TRANSFER') {
-            const r = req;
-            const decimals = r.token.decimals;
-            const symbol = r.token.symbol ?? r.token.address.slice(0, 8);
-            return `${formatAmount(BigInt(raw), decimals)} ${symbol}`;
-        }
-        if ('type' in req && req.type === 'APPROVE') {
-            const r = req;
-            const decimals = r.token.decimals;
-            const symbol = r.token.symbol ?? r.token.address.slice(0, 8);
-            return `${formatAmount(BigInt(raw), decimals)} ${symbol}`;
-        }
-        if ('type' in req && req.type === 'NFT_TRANSFER') {
-            const r = req;
-            return `${r.amount ?? '1'} NFT (${r.token.standard})`;
-        }
-        // Native transfer / CONTRACT_CALL with value
-        const decimals = NATIVE_DECIMALS[chain] ?? 18;
-        const symbol = NATIVE_SYMBOLS[chain] ?? chain.toUpperCase();
-        return `${formatAmount(BigInt(raw), decimals)} ${symbol}`;
-    }
-    catch {
-        return raw;
-    }
-}
-// ---------------------------------------------------------------------------
-// Helper: resolve display amount for notification messages
-// ---------------------------------------------------------------------------
-/**
- * Convert amountUsd to display currency string for notification variables.
- * Returns empty string on failure (graceful fallback -- no display_amount in message).
- */
-async function resolveDisplayAmount(amountUsd, settingsService, forexRateService) {
-    if (!amountUsd || !settingsService || !forexRateService)
-        return '';
-    try {
-        const currency = settingsService.get('display.currency') ?? 'USD';
-        if (currency === 'USD')
-            return `($${amountUsd.toFixed(2)})`;
-        const rate = await forexRateService.getRate(currency);
-        if (!rate)
-            return `($${amountUsd.toFixed(2)})`;
-        return `(${formatDisplayCurrency(amountUsd, currency, rate.rate)})`;
-    }
-    catch {
-        return '';
-    }
-}
-// ---------------------------------------------------------------------------
-// Helper: extract policy type from evaluation reason string
-// ---------------------------------------------------------------------------
-function extractPolicyType(reason) {
-    if (!reason)
-        return '';
-    if (reason.includes('not in allowed list') || reason.includes('Token transfer not allowed'))
-        return 'ALLOWED_TOKENS';
-    if (reason.includes('not whitelisted') || reason.includes('Contract calls disabled'))
-        return 'CONTRACT_WHITELIST';
-    if (reason.includes('Method not whitelisted'))
-        return 'METHOD_WHITELIST';
-    if (reason.includes('not in approved list') || reason.includes('Token approvals disabled'))
-        return 'APPROVED_SPENDERS';
-    if (reason.includes('not in whitelist') || reason.includes('not in allowed addresses'))
-        return 'WHITELIST';
-    if (reason.includes('not in allowed networks'))
-        return 'ALLOWED_NETWORKS';
-    if (reason.includes('exceeds limit') || reason.includes('Unlimited token approval'))
-        return 'APPROVE_AMOUNT_LIMIT';
-    if (reason.includes('Spending limit'))
-        return 'SPENDING_LIMIT';
-    return '';
-}
-export function buildTransactionParam(req, txType, chain) {
-    switch (txType) {
-        case 'TOKEN_TRANSFER': {
-            const r = req;
-            return {
-                type: 'TOKEN_TRANSFER',
-                amount: r.amount,
-                toAddress: r.to,
-                chain,
-                tokenAddress: r.token.address,
-                assetId: r.token.assetId,
-                tokenDecimals: r.token.decimals,
-            };
-        }
-        case 'CONTRACT_CALL': {
-            const r = req;
-            return {
-                type: 'CONTRACT_CALL',
-                amount: r.value ?? '0',
-                toAddress: r.to,
-                chain,
-                contractAddress: r.to,
-                selector: r.calldata?.slice(0, 10),
-                // Pass through actionProvider for provider-trust policy bypass
-                ...(r.actionProvider ? { actionProvider: r.actionProvider } : {}),
-            };
-        }
-        case 'APPROVE': {
-            const r = req;
-            return {
-                type: 'APPROVE',
-                amount: r.amount,
-                toAddress: r.spender,
-                chain,
-                tokenAddress: r.token.address,
-                assetId: r.token.assetId,
-                spenderAddress: r.spender,
-                approveAmount: r.amount,
-                tokenDecimals: r.token.decimals,
-            };
-        }
-        case 'NFT_TRANSFER': {
-            const r = req;
-            return {
-                type: 'NFT_TRANSFER',
-                amount: r.amount ?? '1',
-                toAddress: r.to,
-                chain,
-                contractAddress: r.token.address,
-                assetId: r.token.assetId,
-            };
-        }
-        case 'CONTRACT_DEPLOY': {
-            const r = req;
-            return {
-                type: 'CONTRACT_DEPLOY',
-                amount: r.value ?? '0',
-                toAddress: '', // no recipient for contract deployment
-                chain,
-                contractAddress: '', // will be populated after deployment
-            };
-        }
-        case 'TRANSFER':
-        default: {
-            const r = req;
-            return {
-                type: 'TRANSFER',
-                amount: r.amount,
-                toAddress: r.to,
-                chain,
-            };
-        }
-    }
-}
-// ---------------------------------------------------------------------------
-// Stage 1: Validate + DB INSERT
-// ---------------------------------------------------------------------------
-export async function stage1Validate(ctx) {
-    // Validate request with appropriate Zod schema
-    // If request has a `type` field, use discriminatedUnion schema (5-type)
-    // Otherwise, use legacy SendTransactionRequestSchema (backward compat)
-    const req = ctx.request;
-    if ('type' in req && req.type) {
-        TransactionRequestSchema.parse(req);
-    }
-    else {
-        SendTransactionRequestSchema.parse(req);
-    }
-    // Determine transaction type from request
-    const txType = ('type' in req && req.type) ? req.type : 'TRANSFER';
-    // Generate transaction ID
-    ctx.txId = generateId();
-    // INSERT PENDING transaction into DB
-    const now = new Date(Math.floor(Date.now() / 1000) * 1000);
-    // Extract common and type-specific fields for DB INSERT
-    let amount = 'amount' in req ? req.amount : undefined;
-    // CONTRACT_CALL uses 'value' for native token amount (e.g. ETH sent with contract call)
-    if (!amount && 'value' in req) {
-        amount = req.value;
-    }
-    const toAddress = 'to' in req ? req.to : undefined;
-    // Serialize original request for pipeline re-entry (#208)
-    // DELAY/GAS_WAITING re-entry needs the full request to rebuild the correct tx type
-    const metadata = JSON.stringify({ originalRequest: req });
-    await ctx.db.insert(transactions).values({
-        id: ctx.txId,
-        walletId: ctx.walletId,
-        chain: ctx.wallet.chain,
-        network: ctx.resolvedNetwork,
-        type: txType,
-        status: 'PENDING',
-        amount: amount ?? null,
-        toAddress: toAddress ?? null,
-        sessionId: ctx.sessionId ?? null,
-        createdAt: now,
-        metadata,
-    });
-    // Fire-and-forget: notify TX_REQUESTED (never blocks pipeline)
-    // display_amount is empty at Stage 1 -- amountUsd not yet computed
-    void ctx.notificationService?.notify('TX_REQUESTED', ctx.walletId, {
-        amount: formatNotificationAmount(ctx.request, ctx.wallet.chain),
-        to: toAddress ?? '',
-        type: txType,
-        display_amount: '',
-    }, { txId: ctx.txId });
-    // v1.6: emit wallet:activity TX_REQUESTED event
-    ctx.eventBus?.emit('wallet:activity', {
-        walletId: ctx.walletId,
-        activity: 'TX_REQUESTED',
-        details: { txId: ctx.txId },
-        timestamp: Math.floor(Date.now() / 1000),
-    });
-}
-// ---------------------------------------------------------------------------
-// Stage 2: Auth (v1.1 passthrough)
-// ---------------------------------------------------------------------------
-export async function stage2Auth(_ctx) {
-    // sessionId is set on PipelineContext by the route handler from Hono c.get('sessionId').
-    // In v1.2 this stage validates session is still active.
-    // For now, the sessionAuth middleware already validated the JWT and set sessionId.
-}
-// ---------------------------------------------------------------------------
-// Stage 3: Policy evaluation
-// ---------------------------------------------------------------------------
-export async function stage3Policy(ctx) {
-    let evaluation;
-    // Determine transaction type from request
-    const req = ctx.request;
-    const txType = ('type' in req && req.type) ? req.type : 'TRANSFER';
-    // Build type-specific TransactionParam (hoisted for notification use)
-    const txParam = buildTransactionParam(req, txType, ctx.wallet.chain);
-    txParam.network = ctx.resolvedNetwork;
-    // [Phase 127] Oracle HTTP 호출 (evaluateAndReserve 진입 전 완료)
-    let priceResult;
-    if (ctx.priceOracle) {
-        priceResult = await resolveEffectiveAmountUsd(req, txType, ctx.wallet.chain, ctx.priceOracle, ctx.resolvedNetwork);
-    }
-    // BATCH type uses evaluateBatch (2-stage policy evaluation)
-    if (txType === 'BATCH' && ctx.policyEngine instanceof DatabasePolicyEngine) {
-        const batchReq = req;
-        // Classify each instruction and build TransactionParam array
-        const params = batchReq.instructions.map((instr) => {
-            let instrType = 'TRANSFER';
-            if ('spender' in instr)
-                instrType = 'APPROVE';
-            else if ('token' in instr)
-                instrType = 'TOKEN_TRANSFER';
-            else if ('programId' in instr || 'calldata' in instr)
-                instrType = 'CONTRACT_CALL';
-            return {
-                type: instrType,
-                amount: 'amount' in instr ? instr.amount ?? '0' : '0',
-                toAddress: 'to' in instr ? instr.to ?? '' : '',
-                chain: ctx.wallet.chain,
-                network: ctx.resolvedNetwork,
-                tokenAddress: 'token' in instr ? instr.token?.address : undefined,
-                assetId: 'token' in instr ? instr.token?.assetId : undefined,
-                contractAddress: instrType === 'CONTRACT_CALL' ? ('to' in instr ? instr.to : undefined) : undefined,
-                selector: 'calldata' in instr ? instr.calldata?.slice(0, 10) : undefined,
-                spenderAddress: 'spender' in instr ? instr.spender : undefined,
-                approveAmount: instrType === 'APPROVE' && 'amount' in instr ? instr.amount : undefined,
-            };
-        });
-        // evaluateBatch에 batchUsdAmount 전달 (Phase 127)
-        const batchUsdAmount = priceResult?.type === 'success' ? priceResult.usdAmount : undefined;
-        evaluation = await ctx.policyEngine.evaluateBatch(ctx.walletId, params, batchUsdAmount);
-    }
-    else {
-        // evaluateAndReserve에 usdAmount 전달 (Phase 127)
-        const usdAmount = priceResult?.type === 'success' ? priceResult.usdAmount : undefined;
-        // [Phase 320] Pre-fetch reputation floor tier (async, before IMMEDIATE txn)
-        let reputationFloorTier;
-        if (ctx.reputationCache && ctx.policyEngine instanceof DatabasePolicyEngine) {
-            const prefetchResult = await ctx.policyEngine.prefetchReputationTier(ctx.walletId, txParam, ctx.reputationCache);
-            reputationFloorTier = prefetchResult?.tier;
-            // INT-01 fix: Emit REPUTATION_THRESHOLD_TRIGGERED when tier is escalated.
-            // This fires before the evaluation result is used, so the notification goes out
-            // regardless of whether the transaction is ultimately allowed or denied.
-            if (prefetchResult) {
-                void ctx.notificationService?.notify('REPUTATION_THRESHOLD_TRIGGERED', ctx.walletId, {
-                    tier: prefetchResult.tier,
-                    score: prefetchResult.score ?? '',
-                    threshold: prefetchResult.threshold ?? '',
-                }, { txId: ctx.txId });
-            }
-        }
-        // Use evaluateAndReserve for TOCTOU-safe evaluation when DatabasePolicyEngine + sqlite available
-        if (ctx.policyEngine instanceof DatabasePolicyEngine && ctx.sqlite) {
-            evaluation = ctx.policyEngine.evaluateAndReserve(ctx.walletId, txParam, ctx.txId, usdAmount, reputationFloorTier);
-        }
-        else {
-            evaluation = await ctx.policyEngine.evaluate(ctx.walletId, txParam);
-        }
-    }
-    if (!evaluation.allowed) {
-        // Update tx status to CANCELLED (REJECTED not in TRANSACTION_STATUSES enum)
-        await ctx.db
-            .update(transactions)
-            .set({ status: 'CANCELLED', error: evaluation.reason ?? 'Policy denied' })
-            .where(eq(transactions.id, ctx.txId));
-        // Fire-and-forget: notify POLICY_VIOLATION (never blocks pipeline)
-        void ctx.notificationService?.notify('POLICY_VIOLATION', ctx.walletId, {
-            reason: evaluation.reason ?? 'Policy denied',
-            amount: formatNotificationAmount(ctx.request, ctx.wallet.chain),
-            to: getRequestTo(ctx.request),
-            policyType: extractPolicyType(evaluation.reason),
-            tokenAddress: txParam.tokenAddress ?? '',
-            contractAddress: txParam.contractAddress ?? '',
-            adminLink: '/admin/policies',
-        }, { txId: ctx.txId });
-        // Audit log: POLICY_DENIED
-        if (ctx.sqlite) {
-            insertAuditLog(ctx.sqlite, {
-                eventType: 'POLICY_DENIED',
-                actor: ctx.sessionId ?? 'system',
-                walletId: ctx.walletId,
-                txId: ctx.txId,
-                details: {
-                    reason: evaluation.reason,
-                    requestedAmount: getRequestAmount(ctx.request),
-                    type: ('type' in ctx.request && ctx.request.type) ? ctx.request.type : 'TRANSFER',
-                },
-                severity: 'warning',
-            });
-        }
-        throw new WAIaaSError('POLICY_DENIED', {
-            message: evaluation.reason ?? 'Transaction denied by policy',
-        });
-    }
-    let tier = evaluation.tier;
-    let downgraded = false;
-    // [Phase 331] Action tier override: Settings > provider default > no floor
-    if (ctx.actionProviderKey && ctx.actionName && ctx.actionDefaultTier) {
-        const actionTier = resolveActionTier(ctx.actionProviderKey, ctx.actionName, ctx.actionDefaultTier, ctx.settingsService);
-        // Action tier acts as a FLOOR -- escalate but never downgrade
-        const TIER_ORDER_331 = ['INSTANT', 'NOTIFY', 'DELAY', 'APPROVAL'];
-        if (TIER_ORDER_331.indexOf(actionTier) > TIER_ORDER_331.indexOf(tier)) {
-            tier = actionTier;
-        }
-    }
-    // [Phase 127] PriceResult에 따른 후처리
-    if (priceResult?.type === 'notListed') {
-        // Audit log: UNLISTED_TOKEN_TRANSFER (refactored to insertAuditLog)
-        if (ctx.sqlite) {
-            insertAuditLog(ctx.sqlite, {
-                eventType: 'UNLISTED_TOKEN_TRANSFER',
-                actor: ctx.sessionId ?? 'system',
-                walletId: ctx.walletId,
-                txId: ctx.txId,
-                details: {
-                    tokenAddress: priceResult.tokenAddress,
-                    chain: priceResult.chain,
-                    failedCount: priceResult.failedCount,
-                },
-                severity: 'warning',
-            });
-        }
-        // 최소 NOTIFY 격상 (evaluation tier와 NOTIFY 중 보수적)
-        const TIER_ORDER = ['INSTANT', 'NOTIFY', 'DELAY', 'APPROVAL'];
-        const currentIdx = TIER_ORDER.indexOf(tier);
-        const notifyIdx = TIER_ORDER.indexOf('NOTIFY');
-        if (currentIdx < notifyIdx) {
-            tier = 'NOTIFY';
-        }
-        // CoinGecko 키 미설정 + 최초 1회 힌트
-        const cacheKey = `${priceResult.chain}:${priceResult.tokenAddress}`;
-        const coingeckoKey = ctx.settingsService?.get('oracle.coingecko_api_key');
-        const shouldShowHint = !coingeckoKey && !hintedTokens.has(cacheKey);
-        if (shouldShowHint) {
-            hintedTokens.add(cacheKey);
-        }
-        // 가격 불명 토큰 알림 발송 (allowed=true인 상태에서도 notListed는 발생)
-        const hint = shouldShowHint
-            ? 'CoinGecko API 키를 설정하면 이 토큰의 USD 가격을 조회할 수 있습니다. Admin Settings > Oracle에서 설정하세요.'
-            : undefined;
-        const notifyVars = {
-            amount: formatNotificationAmount(ctx.request, ctx.wallet.chain),
-            to: getRequestTo(ctx.request),
-            reason: `가격 불명 토큰 (${priceResult.tokenAddress}) -- 최소 NOTIFY 격상`,
-            policyType: 'SPENDING_LIMIT',
-        };
-        if (hint)
-            notifyVars.hint = hint;
-        void ctx.notificationService?.notify('POLICY_VIOLATION', ctx.walletId, notifyVars, { txId: ctx.txId });
-    }
-    // oracleDown: 아무것도 하지 않음 -- 네이티브 금액 기준 tier가 이미 설정됨
-    // Check for APPROVAL -> DELAY downgrade when no owner registered
-    if (tier === 'APPROVAL') {
-        const walletRow = await ctx.db.select().from(wallets).where(eq(wallets.id, ctx.walletId)).get();
-        if (walletRow) {
-            const result = downgradeIfNoOwner({
-                ownerAddress: walletRow.ownerAddress ?? null,
-                ownerVerified: walletRow.ownerVerified ?? false,
-            }, tier);
-            tier = result.tier;
-            downgraded = result.downgraded;
-        }
-    }
-    // Set tier and metadata on context
-    ctx.tier = tier;
-    ctx.downgraded = downgraded;
-    if (evaluation.delaySeconds !== undefined) {
-        ctx.delaySeconds = evaluation.delaySeconds;
-    }
-    // [Phase 139] Cache amountUsd on context for Stage 5/6 display_amount
-    const stageAmountUsd = priceResult?.type === 'success' ? priceResult.usdAmount : undefined;
-    ctx.amountUsd = stageAmountUsd;
-    // [Phase 139] Resolve display amount for notifications
-    const displayAmount = await resolveDisplayAmount(stageAmountUsd ?? null, ctx.settingsService, ctx.forexRateService);
-    // [Phase 136] Cumulative spending warning notification (80% threshold)
-    if (evaluation.cumulativeWarning) {
-        const w = evaluation.cumulativeWarning;
-        void ctx.notificationService?.notify('CUMULATIVE_LIMIT_WARNING', ctx.walletId, {
-            type: w.type,
-            spent: String(w.spent.toFixed(2)),
-            limit: String(w.limit.toFixed(2)),
-            ratio: String(Math.round(w.ratio * 100)),
-            display_amount: displayAmount,
-        }, { txId: ctx.txId });
-    }
-    // [Phase 136] APPROVAL tier notification with reason
-    if (tier === 'APPROVAL' && !downgraded) {
-        const reason = evaluation.approvalReason ?? 'per_tx';
-        void ctx.notificationService?.notify('TX_APPROVAL_REQUIRED', ctx.walletId, {
-            txId: ctx.txId,
-            amount: formatNotificationAmount(ctx.request, ctx.wallet.chain),
-            to: getRequestTo(ctx.request),
-            reason,
-            display_amount: displayAmount,
-        }, { txId: ctx.txId });
-    }
-    // Update DB with tier
-    await ctx.db
-        .update(transactions)
-        .set({ tier })
-        .where(eq(transactions.id, ctx.txId));
-}
-// ---------------------------------------------------------------------------
-// Stage 3.5: Gas condition check (between policy and wait)
-// ---------------------------------------------------------------------------
-/**
- * Stage 3.5: Gas condition check.
- *
- * If the request includes `gasCondition` and the `gas_condition.enabled` setting
- * is true (defaults to true when settings key is not yet registered):
- *   1. Check max_pending_count limit against current GAS_WAITING transactions
- *   2. Set status='GAS_WAITING', store gasCondition metadata in bridgeMetadata
- *   3. Emit TX_GAS_WAITING notification
- *   4. Throw PIPELINE_HALTED (transaction will be picked up by GasConditionTracker)
- *
- * If gasCondition is absent: no-op (backward compat -- proceed to stage4Wait).
- *
- * @see 258-CONTEXT.md for architecture details
- */
-export async function stage3_5GasCondition(ctx) {
-    const req = ctx.request;
-    // Check if request has gasCondition (present on all 5 discriminatedUnion types)
-    const gasCondition = ('gasCondition' in req && req.gasCondition)
-        ? req.gasCondition
-        : undefined;
-    if (!gasCondition) {
-        // No gas condition specified: proceed normally (backward compat)
-        return;
-    }
-    // Check if gas_condition feature is enabled via settings
-    // Default to true if the setting key is not yet registered (258-02 adds it)
-    let gasConditionEnabled = true;
-    if (ctx.settingsService) {
-        try {
-            const enabledValue = ctx.settingsService.get('gas_condition.enabled');
-            gasConditionEnabled = enabledValue !== 'false';
-        }
-        catch {
-            // Setting key not yet registered (will be added in 258-02) -- default to true
-            gasConditionEnabled = true;
-        }
-    }
-    if (!gasConditionEnabled) {
-        // Feature disabled: proceed normally, ignore gasCondition
-        return;
-    }
-    // Check max_pending_count limit
-    let maxPendingCount = 100;
-    if (ctx.settingsService) {
-        try {
-            const maxValue = ctx.settingsService.get('gas_condition.max_pending_count');
-            const parsed = parseInt(maxValue, 10);
-            if (!isNaN(parsed) && parsed > 0) {
-                maxPendingCount = parsed;
-            }
-        }
-        catch {
-            // Setting key not yet registered -- use default
-        }
-    }
-    // Count current GAS_WAITING transactions
-    const countResult = ctx.db
-        .select({ count: sql `count(*)` })
-        .from(transactions)
-        .where(eq(transactions.status, 'GAS_WAITING'))
-        .get();
-    const currentWaiting = countResult?.count ?? 0;
-    if (currentWaiting >= maxPendingCount) {
-        throw new WAIaaSError('ACTION_VALIDATION_FAILED', {
-            message: `Gas condition pending limit reached (${currentWaiting}/${maxPendingCount}). Try again later.`,
-        });
-    }
-    // Resolve timeout: request.timeout > settings default > hardcoded 3600
-    let timeout = gasCondition.timeout;
-    if (!timeout) {
-        if (ctx.settingsService) {
-            try {
-                const defaultTimeout = ctx.settingsService.get('gas_condition.default_timeout_sec');
-                const parsed = parseInt(defaultTimeout, 10);
-                if (!isNaN(parsed) && parsed >= 60 && parsed <= 86400) {
-                    timeout = parsed;
-                }
-            }
-            catch {
-                // Setting key not yet registered
-            }
-        }
-        if (!timeout)
-            timeout = 3600;
-    }
-    // Clamp timeout to max_timeout_sec
-    let maxTimeout = 86400;
-    if (ctx.settingsService) {
-        try {
-            const maxValue = ctx.settingsService.get('gas_condition.max_timeout_sec');
-            const parsed = parseInt(maxValue, 10);
-            if (!isNaN(parsed) && parsed >= 60) {
-                maxTimeout = parsed;
-            }
-        }
-        catch {
-            // Setting key not yet registered
-        }
-    }
-    if (timeout > maxTimeout) {
-        timeout = maxTimeout;
-    }
-    // Resolve RPC URL for GasConditionTracker (raw fetch, no adapter dependency)
-    let rpcUrl = '';
-    if (ctx.settingsService) {
-        try {
-            rpcUrl = ctx.settingsService.get(`rpc.${rpcConfigKey(ctx.wallet.chain, ctx.resolvedNetwork)}`);
-        }
-        catch {
-            // Setting key not found -- tracker will skip this TX
-        }
-    }
-    // Store gas condition metadata in bridgeMetadata for GasConditionTracker (258-02)
-    const gasConditionMeta = {
-        tracker: 'gas-condition',
-        gasCondition: {
-            maxGasPrice: gasCondition.maxGasPrice,
-            maxPriorityFee: gasCondition.maxPriorityFee,
-            timeout,
-        },
-        chain: ctx.wallet.chain,
-        network: ctx.resolvedNetwork,
-        rpcUrl,
-        gasConditionCreatedAt: Date.now(),
-    };
-    // Set status='GAS_WAITING', store bridgeMetadata
-    await ctx.db
-        .update(transactions)
-        .set({
-        status: 'GAS_WAITING',
-        bridgeMetadata: JSON.stringify(gasConditionMeta),
-    })
-        .where(eq(transactions.id, ctx.txId));
-    // Fire-and-forget: notify TX_GAS_WAITING
-    void ctx.notificationService?.notify('TX_GAS_WAITING', ctx.walletId, {
-        txId: ctx.txId,
-        maxGasPrice: gasCondition.maxGasPrice ?? '',
-        maxPriorityFee: gasCondition.maxPriorityFee ?? '',
-        timeout: String(timeout),
-        chain: ctx.wallet.chain,
-        network: ctx.resolvedNetwork,
-    }, { txId: ctx.txId });
-    // Halt pipeline -- transaction will be picked up by GasConditionTracker
-    throw new WAIaaSError('PIPELINE_HALTED', {
-        message: `Transaction ${ctx.txId} waiting for gas condition (timeout: ${timeout}s)`,
-    });
-}
-// ---------------------------------------------------------------------------
-// Stage 4: Wait (DELAY/APPROVAL branching, INSTANT/NOTIFY passthrough)
-// ---------------------------------------------------------------------------
-export async function stage4Wait(ctx) {
-    const tier = ctx.tier;
-    // INSTANT and NOTIFY: pass through to stage5
-    if (tier === 'INSTANT' || tier === 'NOTIFY') {
-        return;
-    }
-    // DELAY: queue with cooldown, halt pipeline
-    if (tier === 'DELAY') {
-        if (!ctx.delayQueue) {
-            // Fallback: if no DelayQueue, treat as INSTANT (backward compat)
-            return;
-        }
-        const delaySeconds = ctx.delaySeconds
-            ?? ctx.config?.policy_defaults_delay_seconds
-            ?? 60;
-        ctx.delayQueue.queueDelay(ctx.txId, delaySeconds);
-        // Fire-and-forget: notify TX_QUEUED with cancel keyboard data
-        void ctx.notificationService?.notify('TX_QUEUED', ctx.walletId, {
-            txId: ctx.txId,
-            amount: formatNotificationAmount(ctx.request, ctx.wallet.chain),
-            to: getRequestTo(ctx.request),
-            delaySeconds: String(delaySeconds),
-        }, { txId: ctx.txId });
-        // Halt pipeline -- transaction will be picked up by processExpired worker
-        throw new WAIaaSError('PIPELINE_HALTED', {
-            message: `Transaction ${ctx.txId} queued for ${delaySeconds}s delay`,
-        });
-    }
-    // APPROVAL: create pending approval, halt pipeline
-    if (tier === 'APPROVAL') {
-        if (!ctx.approvalWorkflow) {
-            // Fallback: if no ApprovalWorkflow, treat as INSTANT (backward compat)
-            return;
-        }
-        // Pass EIP-712 metadata to requestApproval if present (Phase 321)
-        ctx.approvalWorkflow.requestApproval(ctx.txId, ctx.eip712Metadata ? {
-            approvalType: ctx.eip712Metadata.approvalType,
-            typedDataJson: ctx.eip712Metadata.typedDataJson,
-        } : undefined);
-        // Route approval to the correct signing channel
-        if (ctx.approvalChannelRouter) {
-            // v2.6.1+: use ApprovalChannelRouter to determine the correct channel
-            void (async () => {
-                try {
-                    const result = await ctx.approvalChannelRouter.route(ctx.walletId, {
-                        walletId: ctx.walletId,
-                        txId: ctx.txId,
-                        chain: ctx.wallet.chain,
-                        network: ctx.resolvedNetwork,
-                        type: ctx.request.type ?? 'TRANSFER',
-                        from: ctx.wallet.publicKey,
-                        to: getRequestTo(ctx.request),
-                        amount: getRequestAmount(ctx.request),
-                        policyTier: 'APPROVAL',
-                        approvalType: ctx.eip712Metadata?.approvalType,
-                    });
-                    // Only invoke WC bridge when the router selects walletconnect
-                    if (result.method === 'walletconnect' && ctx.wcSigningBridge) {
-                        void ctx.wcSigningBridge.requestSignature(ctx.walletId, ctx.txId, ctx.wallet.chain);
-                    }
-                }
-                catch {
-                    // Channel routing errors are non-fatal; pipeline already halted
-                }
-            })();
-        }
-        else if (ctx.wcSigningBridge) {
-            // Legacy: no router available, fall back to direct WC bridge
-            void ctx.wcSigningBridge.requestSignature(ctx.walletId, ctx.txId, ctx.wallet.chain);
-        }
-        // Halt pipeline -- transaction will be picked up by approve/reject/expire
-        throw new WAIaaSError('PIPELINE_HALTED', {
-            message: `Transaction ${ctx.txId} queued for owner approval`,
-        });
-    }
-}
-// ---------------------------------------------------------------------------
-// Helper: buildByType -- route to correct adapter method based on request.type
-// ---------------------------------------------------------------------------
-/**
- * Build unsigned transaction by dispatching to the correct IChainAdapter method
- * based on request.type (TRANSFER/TOKEN_TRANSFER/CONTRACT_CALL/APPROVE/BATCH).
- */
-export async function buildByType(adapter, request, walletPublicKey) {
-    const type = ('type' in request && request.type) || 'TRANSFER';
-    switch (type) {
-        case 'TRANSFER': {
-            return adapter.buildTransaction({
-                from: walletPublicKey,
-                to: getRequestTo(request),
-                amount: BigInt(getRequestAmount(request)),
-                memo: getRequestMemo(request),
-            });
-        }
-        case 'TOKEN_TRANSFER': {
-            const req = request;
-            return adapter.buildTokenTransfer({
-                from: walletPublicKey,
-                to: req.to,
-                amount: BigInt(req.amount),
-                token: req.token,
-                memo: req.memo,
-            });
-        }
-        case 'CONTRACT_CALL': {
-            const req = request;
-            return adapter.buildContractCall({
-                from: walletPublicKey,
-                to: req.to,
-                calldata: req.calldata,
-                abi: req.abi,
-                value: req.value ? BigInt(req.value) : undefined,
-                programId: req.programId,
-                instructionData: req.instructionData
-                    ? Buffer.from(req.instructionData, 'base64')
-                    : undefined,
-                accounts: req.accounts,
-                // Pass through preInstructions for Solana (e.g., ATA creation for Jito staking)
-                preInstructions: req.preInstructions?.map((pre) => ({
-                    programId: pre.programId,
-                    data: Buffer.from(pre.data, 'base64'),
-                    accounts: pre.accounts,
-                })),
-            });
-        }
-        case 'APPROVE': {
-            const req = request;
-            // v31.0: NFT approval routing
-            if (req.nft) {
-                const approvalType = req.amount === '0' ? 'single' : 'all';
-                return adapter.approveNft({
-                    from: walletPublicKey,
-                    spender: req.spender,
-                    token: {
-                        address: req.token.address,
-                        tokenId: req.nft.tokenId,
-                        standard: req.nft.standard,
-                    },
-                    approvalType,
-                });
-            }
-            return adapter.buildApprove({
-                from: walletPublicKey,
-                spender: req.spender,
-                token: req.token,
-                amount: BigInt(req.amount),
-            });
-        }
-        case 'NFT_TRANSFER': {
-            const req = request;
-            return adapter.buildNftTransferTx({
-                from: walletPublicKey,
-                to: req.to,
-                token: {
-                    address: req.token.address,
-                    tokenId: req.token.tokenId,
-                    standard: req.token.standard,
-                },
-                amount: BigInt(req.amount ?? '1'),
-            });
-        }
-        case 'CONTRACT_DEPLOY': {
-            const req = request;
-            // Contract deployment: to=undefined, data=bytecode(+constructorArgs)
-            const deployData = req.constructorArgs
-                ? req.bytecode + req.constructorArgs.replace(/^0x/, '')
-                : req.bytecode;
-            return adapter.buildContractCall({
-                from: walletPublicKey,
-                to: '', // adapter handles to='' as to=undefined for deploy
-                calldata: deployData,
-                value: req.value ? BigInt(req.value) : undefined,
-            });
-        }
-        case 'BATCH': {
-            const req = request;
-            return adapter.buildBatch({
-                from: walletPublicKey,
-                instructions: req.instructions.map((instr) => {
-                    // Classify by field presence (same logic as classifyInstruction in Phase 80)
-                    if ('spender' in instr) {
-                        const a = instr;
-                        return {
-                            from: walletPublicKey,
-                            spender: a.spender,
-                            token: a.token,
-                            amount: BigInt(a.amount),
-                        };
-                    }
-                    if ('token' in instr) {
-                        const t = instr;
-                        return {
-                            from: walletPublicKey,
-                            to: t.to,
-                            amount: BigInt(t.amount),
-                            token: t.token,
-                            memo: t.memo,
-                        };
-                    }
-                    if ('programId' in instr || 'calldata' in instr) {
-                        const c = instr;
-                        return {
-                            from: walletPublicKey,
-                            to: c.to,
-                            calldata: c.calldata,
-                            programId: c.programId,
-                            instructionData: c.instructionData
-                                ? Buffer.from(c.instructionData, 'base64')
-                                : undefined,
-                            accounts: c.accounts,
-                            value: c.value ? BigInt(c.value) : undefined,
-                        };
-                    }
-                    // Default: TRANSFER instruction
-                    const tr = instr;
-                    return {
-                        from: walletPublicKey,
-                        to: tr.to,
-                        amount: BigInt(tr.amount),
-                        memo: tr.memo,
-                    };
-                }),
-            });
-        }
-        default:
-            throw new WAIaaSError('CHAIN_ERROR', {
-                message: `Unknown transaction type: ${type}`,
-            });
-    }
-}
-// ---------------------------------------------------------------------------
-// Stage 5: Smart account ERC-4337 UserOperation helpers
-// ---------------------------------------------------------------------------
-/**
- * Minimal ERC-20 ABI for transfer/approve encoding in UserOperation calls.
- * Inline to avoid cross-package import from @waiaas/adapters-evm.
- */
-const ERC20_USEROP_ABI = [
-    { type: 'function', name: 'transfer', inputs: [{ name: 'to', type: 'address' }, { name: 'amount', type: 'uint256' }], outputs: [{ type: 'bool' }] },
-    { type: 'function', name: 'approve', inputs: [{ name: 'spender', type: 'address' }, { name: 'amount', type: 'uint256' }], outputs: [{ type: 'bool' }] },
-];
-/** ERC-721 ABI for NFT UserOp calls (safeTransferFrom, approve, setApprovalForAll). */
-export const ERC721_USEROP_ABI = [
-    { type: 'function', name: 'safeTransferFrom', inputs: [
-            { name: 'from', type: 'address' }, { name: 'to', type: 'address' }, { name: 'tokenId', type: 'uint256' },
-        ], outputs: [] },
-    { type: 'function', name: 'approve', inputs: [
-            { name: 'to', type: 'address' }, { name: 'tokenId', type: 'uint256' },
-        ], outputs: [] },
-    { type: 'function', name: 'setApprovalForAll', inputs: [
-            { name: 'operator', type: 'address' }, { name: 'approved', type: 'bool' },
-        ], outputs: [] },
-];
-/** ERC-1155 ABI for NFT UserOp calls (safeTransferFrom, setApprovalForAll). */
-export const ERC1155_USEROP_ABI = [
-    { type: 'function', name: 'safeTransferFrom', inputs: [
-            { name: 'from', type: 'address' }, { name: 'to', type: 'address' },
-            { name: 'id', type: 'uint256' }, { name: 'amount', type: 'uint256' }, { name: 'data', type: 'bytes' },
-        ], outputs: [] },
-    { type: 'function', name: 'setApprovalForAll', inputs: [
-            { name: 'operator', type: 'address' }, { name: 'approved', type: 'bool' },
-        ], outputs: [] },
-];
-/**
- * Convert a TransactionRequest to viem's calls[] format for UserOperation submission.
- * Each call is { to, value, data } for the smart account to execute.
- *
- * @param walletAddress - Smart account address (required for NFT_TRANSFER safeTransferFrom 'from' param)
- */
-export function buildUserOpCalls(request, walletAddress) {
-    const type = ('type' in request && request.type) || 'TRANSFER';
-    switch (type) {
-        case 'TRANSFER': {
-            return [{
-                    to: getRequestTo(request),
-                    value: BigInt(getRequestAmount(request)),
-                    data: '0x',
-                }];
-        }
-        case 'TOKEN_TRANSFER': {
-            const req = request;
-            return [{
-                    to: req.token.address,
-                    value: 0n,
-                    data: encodeFunctionData({
-                        abi: ERC20_USEROP_ABI,
-                        functionName: 'transfer',
-                        args: [req.to, BigInt(req.amount)],
-                    }),
-                }];
-        }
-        case 'CONTRACT_CALL': {
-            const req = request;
-            return [{
-                    to: req.to,
-                    value: BigInt(req.value ?? '0'),
-                    data: (req.calldata || '0x'),
-                }];
-        }
-        case 'APPROVE': {
-            const req = request;
-            // v31.0: NFT approval routing for Smart Account
-            if (req.nft) {
-                const approvalType = req.amount === '0' ? 'single' : 'all';
-                if (req.nft.standard === 'METAPLEX') {
-                    throw new WAIaaSError('CHAIN_ERROR', {
-                        message: 'Smart Account (ERC-4337) does not support Solana METAPLEX NFT approvals',
-                    });
-                }
-                if (approvalType === 'single' && req.nft.standard === 'ERC-721') {
-                    return [{
-                            to: req.token.address,
-                            value: 0n,
-                            data: encodeFunctionData({
-                                abi: ERC721_USEROP_ABI,
-                                functionName: 'approve',
-                                args: [req.spender, BigInt(req.nft.tokenId)],
-                            }),
-                        }];
-                }
-                // setApprovalForAll (ERC-721 all / ERC-1155 all)
-                const nftAbi = req.nft.standard === 'ERC-721' ? ERC721_USEROP_ABI : ERC1155_USEROP_ABI;
-                return [{
-                        to: req.token.address,
-                        value: 0n,
-                        data: encodeFunctionData({
-                            abi: nftAbi,
-                            functionName: 'setApprovalForAll',
-                            args: [req.spender, true],
-                        }),
-                    }];
-            }
-            return [{
-                    to: req.token.address,
-                    value: 0n,
-                    data: encodeFunctionData({
-                        abi: ERC20_USEROP_ABI,
-                        functionName: 'approve',
-                        args: [req.spender, BigInt(req.amount)],
-                    }),
-                }];
-        }
-        case 'BATCH': {
-            const req = request;
-            return req.instructions.map((instr) => {
-                if ('spender' in instr) {
-                    // APPROVE instruction
-                    const a = instr;
-                    return {
-                        to: a.token.address,
-                        value: 0n,
-                        data: encodeFunctionData({
-                            abi: ERC20_USEROP_ABI,
-                            functionName: 'approve',
-                            args: [a.spender, BigInt(a.amount)],
-                        }),
-                    };
-                }
-                if ('token' in instr) {
-                    // TOKEN_TRANSFER instruction
-                    const t = instr;
-                    return {
-                        to: t.token.address,
-                        value: 0n,
-                        data: encodeFunctionData({
-                            abi: ERC20_USEROP_ABI,
-                            functionName: 'transfer',
-                            args: [t.to, BigInt(t.amount)],
-                        }),
-                    };
-                }
-                if ('calldata' in instr) {
-                    // CONTRACT_CALL instruction (also used by ActionProvider resolve() output)
-                    const c = instr;
-                    return {
-                        to: c.to,
-                        value: BigInt(c.value ?? '0'),
-                        data: (c.calldata || '0x'),
-                    };
-                }
-                // TRANSFER instruction (native transfer)
-                const t = instr;
-                return {
-                    to: t.to,
-                    value: BigInt(t.amount),
-                    data: '0x',
-                };
-            });
-        }
-        case 'NFT_TRANSFER': {
-            const req = request;
-            if (req.token.standard === 'METAPLEX') {
-                throw new WAIaaSError('CHAIN_ERROR', {
-                    message: 'Smart Account (ERC-4337) does not support Solana METAPLEX NFT transfers',
-                });
-            }
-            const from = (walletAddress ?? '0x0000000000000000000000000000000000000000');
-            if (req.token.standard === 'ERC-721') {
-                return [{
-                        to: req.token.address,
-                        value: 0n,
-                        data: encodeFunctionData({
-                            abi: ERC721_USEROP_ABI,
-                            functionName: 'safeTransferFrom',
-                            args: [from, req.to, BigInt(req.token.tokenId)],
-                        }),
-                    }];
-            }
-            // ERC-1155
-            return [{
-                    to: req.token.address,
-                    value: 0n,
-                    data: encodeFunctionData({
-                        abi: ERC1155_USEROP_ABI,
-                        functionName: 'safeTransferFrom',
-                        args: [from, req.to, BigInt(req.token.tokenId), BigInt(req.amount ?? '1'), '0x'],
-                    }),
-                }];
-        }
-        case 'CONTRACT_DEPLOY': {
-            const req = request;
-            const deployData = req.constructorArgs
-                ? req.bytecode + req.constructorArgs.replace(/^0x/, '')
-                : req.bytecode;
-            // Smart account contract deployment via CREATE2-like pattern
-            // to is empty (factory handles deployment), data is full bytecode+args
-            return [{
-                    to: '0x', // will be interpreted as factory/self call
-                    value: BigInt(req.value ?? '0'),
-                    data: deployData,
-                }];
-        }
-        default:
-            throw new WAIaaSError('CHAIN_ERROR', {
-                message: `Unknown transaction type for UserOp: ${type}`,
-            });
-    }
-}
-/**
- * Stage 5 smart account path: execute via UserOperation through BundlerClient.
- *
- * Flow:
- * 1. Decrypt signer key -> create LocalAccount via viem's privateKeyToAccount
- * 2. Create SmartAccount instance via SmartAccountService
- * 3. Create BundlerClient via createSmartAccountBundlerClient
- * 4. Build calls[] from request via buildUserOpCalls
- * 5. prepareUserOperation -> apply 120% gas safety margin
- * 6. sendUserOperation -> waitForUserOperationReceipt
- * 7. Update DB: SUBMITTED -> CONFIRMED, update deployed status if needed
- *
- * Error mapping:
- * - Paymaster rejection (message contains 'paymaster'/'PM_') -> PAYMASTER_REJECTED
- * - UserOperationReverted -> TRANSACTION_REVERTED
- * - Receipt timeout -> TRANSACTION_TIMEOUT
- * - Other -> CHAIN_ERROR
- */
-async function stage5ExecuteSmartAccount(ctx) {
-    // Check for deprecated Solady factory before proceeding
-    if (ctx.wallet.factoryAddress?.toLowerCase() === SOLADY_FACTORY_ADDRESS.toLowerCase()) {
-        throw new WAIaaSError('DEPRECATED_SMART_ACCOUNT');
-    }
-    const reqAmount = formatNotificationAmount(ctx.request, ctx.wallet.chain);
-    const reqTo = getRequestTo(ctx.request);
-    const displayAmount = await resolveDisplayAmount(ctx.amountUsd ?? null, ctx.settingsService, ctx.forexRateService);
-    // Build calls[] from request (pass wallet address for NFT safeTransferFrom 'from' param)
-    const calls = buildUserOpCalls(ctx.request, ctx.wallet.publicKey);
-    // CRITICAL: key MUST be released in finally block
-    let privateKey = null;
-    try {
-        // Step 1: Decrypt signer key
-        privateKey = await ctx.keyStore.decryptPrivateKey(ctx.walletId, ctx.masterPassword);
-        const hexKey = toHex(privateKey);
-        const localAccount = privateKeyToAccount(hexKey);
-        // Step 2: Create SmartAccount via SmartAccountService
-        const smartAccountService = new SmartAccountService();
-        // #251: Resolve viem Chain from EVM_CHAIN_MAP using network ID
-        const { EVM_CHAIN_MAP } = await import('@waiaas/adapter-evm');
-        const chainEntry = EVM_CHAIN_MAP[ctx.resolvedNetwork];
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        const publicClient = createPublicClient({
-            chain: chainEntry?.viemChain,
-            transport: http(ctx.resolvedRpcUrl),
-        });
-        const smartAccountInfo = await smartAccountService.createSmartAccount({
-            owner: localAccount,
-            client: publicClient,
-        });
-        // Step 3: Create BundlerClient from wallet's provider data (v30.9)
-        const decryptedApiKey = ctx.wallet.aaProviderApiKeyEncrypted
-            ? decryptProviderApiKey(ctx.wallet.aaProviderApiKeyEncrypted, ctx.masterPassword)
-            : null;
-        const walletProvider = {
-            aaProvider: ctx.wallet.aaProvider ?? null,
-            aaProviderApiKey: decryptedApiKey,
-            aaBundlerUrl: ctx.wallet.aaBundlerUrl ?? null,
-            aaPaymasterUrl: ctx.wallet.aaPaymasterUrl ?? null,
-            aaPaymasterPolicyId: ctx.wallet.aaPaymasterPolicyId ?? null,
-        };
-        const bundlerClient = createSmartAccountBundlerClient({
-            client: publicClient,
-            account: smartAccountInfo.account,
-            networkId: ctx.resolvedNetwork,
-            walletProvider,
-            settingsService: ctx.settingsService,
-        });
-        // Step 4: Prepare UserOperation to get gas estimates
-        const prepared = await bundlerClient.prepareUserOperation({ calls });
-        // Step 5: Apply 120% gas safety margin per CLAUDE.md rule
-        const safeCallGasLimit = (BigInt(prepared.callGasLimit) * GAS_SAFETY_NUMERATOR) / GAS_SAFETY_DENOMINATOR;
-        const safeVerificationGasLimit = (BigInt(prepared.verificationGasLimit) * GAS_SAFETY_NUMERATOR) / GAS_SAFETY_DENOMINATOR;
-        const safePreVerificationGas = (BigInt(prepared.preVerificationGas) * GAS_SAFETY_NUMERATOR) / GAS_SAFETY_DENOMINATOR;
-        // Step 6: Submit UserOperation with overridden gas limits
-        ctx.metricsCounter?.increment('rpc.calls', { network: ctx.resolvedNetwork });
-        const userOpHash = await bundlerClient.sendUserOperation({
-            calls,
-            userOperation: {
-                callGasLimit: safeCallGasLimit,
-                verificationGasLimit: safeVerificationGasLimit,
-                preVerificationGas: safePreVerificationGas,
-            },
-        });
-        ctx.metricsCounter?.increment('tx.submitted', { network: ctx.resolvedNetwork });
-        // Update DB: SUBMITTED with userOpHash
-        await ctx.db
-            .update(transactions)
-            .set({ status: 'SUBMITTED', txHash: userOpHash })
-            .where(eq(transactions.id, ctx.txId));
-        // Audit log: TX_SUBMITTED
-        if (ctx.sqlite) {
-            insertAuditLog(ctx.sqlite, {
-                eventType: 'TX_SUBMITTED',
-                actor: ctx.sessionId ?? 'system',
-                walletId: ctx.walletId,
-                txId: ctx.txId,
-                details: {
-                    txHash: userOpHash,
-                    chain: ctx.wallet.chain,
-                    network: ctx.resolvedNetwork,
-                    type: ('type' in ctx.request && ctx.request.type) ? ctx.request.type : 'TRANSFER',
-                    accountType: 'smart',
-                },
-                severity: 'info',
-            });
-        }
-        // Notify TX_SUBMITTED
-        void ctx.notificationService?.notify('TX_SUBMITTED', ctx.walletId, {
-            txId: ctx.txId,
-            txHash: userOpHash,
-            amount: reqAmount,
-            to: reqTo,
-            display_amount: displayAmount,
-            network: ctx.resolvedNetwork,
-        }, { txId: ctx.txId });
-        // Emit wallet:activity
-        ctx.eventBus?.emit('wallet:activity', {
-            walletId: ctx.walletId,
-            activity: 'TX_SUBMITTED',
-            details: { txId: ctx.txId, txHash: userOpHash },
-            timestamp: Math.floor(Date.now() / 1000),
-        });
-        // Step 7: Wait for UserOperation receipt (120s timeout)
-        const receipt = await bundlerClient.waitForUserOperationReceipt({
-            hash: userOpHash,
-            timeout: 120_000,
-        });
-        const txHash = receipt?.receipt?.transactionHash ?? userOpHash;
-        // Update DB: CONFIRMED with actual txHash
-        await ctx.db
-            .update(transactions)
-            .set({ status: 'CONFIRMED', txHash })
-            .where(eq(transactions.id, ctx.txId));
-        // Update deployed status if this was first UserOp (lazy deployment)
-        const walletRow = ctx.db.select().from(wallets).where(eq(wallets.id, ctx.walletId)).get();
-        if (walletRow && !walletRow.deployed) {
-            ctx.db.update(wallets).set({ deployed: true }).where(eq(wallets.id, ctx.walletId)).run();
-        }
-        ctx.metricsCounter?.increment('tx.confirmed', { network: ctx.resolvedNetwork });
-        // Store submitResult for Stage 6
-        ctx.submitResult = { txHash, status: 'confirmed' };
-        // Audit log: TX_CONFIRMED
-        if (ctx.sqlite) {
-            insertAuditLog(ctx.sqlite, {
-                eventType: 'TX_CONFIRMED',
-                actor: ctx.sessionId ?? 'system',
-                walletId: ctx.walletId,
-                txId: ctx.txId,
-                details: {
-                    txHash,
-                    chain: ctx.wallet.chain,
-                    network: ctx.resolvedNetwork,
-                    accountType: 'smart',
-                },
-                severity: 'info',
-            });
-        }
-        // Notify TX_CONFIRMED
-        void ctx.notificationService?.notify('TX_CONFIRMED', ctx.walletId, {
-            txId: ctx.txId,
-            txHash,
-            amount: reqAmount,
-            to: reqTo,
-            display_amount: displayAmount,
-            network: ctx.resolvedNetwork,
-        }, { txId: ctx.txId });
-        // Emit transaction:completed event
-        ctx.eventBus?.emit('transaction:completed', {
-            walletId: ctx.walletId,
-            txId: ctx.txId,
-            txHash,
-            network: ctx.resolvedNetwork,
-            type: ('type' in ctx.request && ctx.request.type) ? ctx.request.type : 'TRANSFER',
-            timestamp: Math.floor(Date.now() / 1000),
-        });
-    }
-    catch (err) {
-        const errMsg = err instanceof Error ? err.message : String(err);
-        const errName = err instanceof Error ? err.name : '';
-        // Already a WAIaaSError? (e.g., CHAIN_ERROR from bundler URL not configured)
-        if (err instanceof WAIaaSError) {
-            // Update DB to FAILED
-            await ctx.db
-                .update(transactions)
-                .set({ status: 'FAILED', error: errMsg })
-                .where(eq(transactions.id, ctx.txId));
-            ctx.metricsCounter?.increment('tx.failed', { network: ctx.resolvedNetwork });
-            void ctx.notificationService?.notify('TX_FAILED', ctx.walletId, {
-                txId: ctx.txId,
-                error: errMsg,
-                amount: reqAmount,
-                display_amount: displayAmount,
-                network: ctx.resolvedNetwork,
-            }, { txId: ctx.txId });
-            ctx.eventBus?.emit('transaction:failed', {
-                walletId: ctx.walletId,
-                txId: ctx.txId,
-                error: errMsg,
-                network: ctx.resolvedNetwork,
-                type: ('type' in ctx.request && ctx.request.type) ? ctx.request.type : 'TRANSFER',
-                timestamp: Math.floor(Date.now() / 1000),
-            });
-            throw err;
-        }
-        // Paymaster rejection detection
-        if (errMsg.toLowerCase().includes('paymaster') ||
-            errMsg.includes('PM_') ||
-            errName.includes('Paymaster')) {
-            await ctx.db
-                .update(transactions)
-                .set({ status: 'FAILED', error: `Paymaster rejected: ${errMsg}` })
-                .where(eq(transactions.id, ctx.txId));
-            ctx.metricsCounter?.increment('tx.failed', { network: ctx.resolvedNetwork });
-            if (ctx.sqlite) {
-                insertAuditLog(ctx.sqlite, {
-                    eventType: 'TX_FAILED',
-                    actor: ctx.sessionId ?? 'system',
-                    walletId: ctx.walletId,
-                    txId: ctx.txId,
-                    details: { error: errMsg, stage: 5, reason: 'paymaster_rejected' },
-                    severity: 'warning',
-                });
-            }
-            void ctx.notificationService?.notify('TX_FAILED', ctx.walletId, {
-                txId: ctx.txId,
-                error: `Paymaster rejected: ${errMsg}`,
-                amount: reqAmount,
-                display_amount: displayAmount,
-                network: ctx.resolvedNetwork,
-            }, { txId: ctx.txId });
-            ctx.eventBus?.emit('transaction:failed', {
-                walletId: ctx.walletId,
-                txId: ctx.txId,
-                error: `Paymaster rejected: ${errMsg}`,
-                network: ctx.resolvedNetwork,
-                type: ('type' in ctx.request && ctx.request.type) ? ctx.request.type : 'TRANSFER',
-                timestamp: Math.floor(Date.now() / 1000),
-            });
-            throw new WAIaaSError('PAYMASTER_REJECTED', {
-                message: `Paymaster rejected the UserOperation: ${errMsg}`,
-            });
-        }
-        // UserOperationReverted
-        if (errName === 'UserOperationReverted' || errMsg.includes('UserOperation reverted')) {
-            await ctx.db
-                .update(transactions)
-                .set({ status: 'FAILED', error: errMsg })
-                .where(eq(transactions.id, ctx.txId));
-            ctx.metricsCounter?.increment('tx.failed', { network: ctx.resolvedNetwork });
-            if (ctx.sqlite) {
-                insertAuditLog(ctx.sqlite, {
-                    eventType: 'TX_FAILED',
-                    actor: ctx.sessionId ?? 'system',
-                    walletId: ctx.walletId,
-                    txId: ctx.txId,
-                    details: { error: errMsg, stage: 5, reason: 'user_op_reverted' },
-                    severity: 'warning',
-                });
-            }
-            void ctx.notificationService?.notify('TX_FAILED', ctx.walletId, {
-                txId: ctx.txId,
-                error: errMsg,
-                amount: reqAmount,
-                display_amount: displayAmount,
-                network: ctx.resolvedNetwork,
-            }, { txId: ctx.txId });
-            ctx.eventBus?.emit('transaction:failed', {
-                walletId: ctx.walletId,
-                txId: ctx.txId,
-                error: errMsg,
-                network: ctx.resolvedNetwork,
-                type: ('type' in ctx.request && ctx.request.type) ? ctx.request.type : 'TRANSFER',
-                timestamp: Math.floor(Date.now() / 1000),
-            });
-            throw new WAIaaSError('TRANSACTION_REVERTED', {
-                message: errMsg,
-            });
-        }
-        // Receipt timeout
-        if (errName === 'WaitForUserOperationReceiptTimeoutError' || errMsg.includes('timed out')) {
-            await ctx.db
-                .update(transactions)
-                .set({ status: 'FAILED', error: `UserOp receipt timeout: ${errMsg}` })
-                .where(eq(transactions.id, ctx.txId));
-            ctx.metricsCounter?.increment('tx.failed', { network: ctx.resolvedNetwork });
-            if (ctx.sqlite) {
-                insertAuditLog(ctx.sqlite, {
-                    eventType: 'TX_FAILED',
-                    actor: ctx.sessionId ?? 'system',
-                    walletId: ctx.walletId,
-                    txId: ctx.txId,
-                    details: { error: errMsg, stage: 5, reason: 'user_op_timeout' },
-                    severity: 'warning',
-                });
-            }
-            void ctx.notificationService?.notify('TX_FAILED', ctx.walletId, {
-                txId: ctx.txId,
-                error: `Receipt timeout: ${errMsg}`,
-                amount: reqAmount,
-                display_amount: displayAmount,
-                network: ctx.resolvedNetwork,
-            }, { txId: ctx.txId });
-            ctx.eventBus?.emit('transaction:failed', {
-                walletId: ctx.walletId,
-                txId: ctx.txId,
-                error: `Receipt timeout: ${errMsg}`,
-                network: ctx.resolvedNetwork,
-                type: ('type' in ctx.request && ctx.request.type) ? ctx.request.type : 'TRANSFER',
-                timestamp: Math.floor(Date.now() / 1000),
-            });
-            throw new WAIaaSError('TRANSACTION_TIMEOUT', {
-                message: `UserOperation receipt timed out: ${errMsg}`,
-            });
-        }
-        // Generic fallback
-        await ctx.db
-            .update(transactions)
-            .set({ status: 'FAILED', error: errMsg })
-            .where(eq(transactions.id, ctx.txId));
-        ctx.metricsCounter?.increment('tx.failed', { network: ctx.resolvedNetwork });
-        void ctx.notificationService?.notify('TX_FAILED', ctx.walletId, {
-            txId: ctx.txId,
-            error: errMsg,
-            amount: reqAmount,
-            display_amount: displayAmount,
-            network: ctx.resolvedNetwork,
-        }, { txId: ctx.txId });
-        ctx.eventBus?.emit('transaction:failed', {
-            walletId: ctx.walletId,
-            txId: ctx.txId,
-            error: errMsg,
-            network: ctx.resolvedNetwork,
-            type: ('type' in ctx.request && ctx.request.type) ? ctx.request.type : 'TRANSFER',
-            timestamp: Math.floor(Date.now() / 1000),
-        });
-        throw new WAIaaSError('CHAIN_ERROR', { message: errMsg });
-    }
-    finally {
-        if (privateKey) {
-            ctx.keyStore.releaseKey(privateKey);
-        }
-    }
-}
-// ---------------------------------------------------------------------------
-// Stage 5: On-chain execution (CONC-01 retry loop)
-// ---------------------------------------------------------------------------
-/**
- * Stage 5: Build -> Simulate -> Sign -> Submit with CONC-01 retry logic.
- *
- * For smart accounts (accountType === 'smart'), delegates to stage5ExecuteSmartAccount
- * which uses the UserOperation pipeline (BundlerClient + PaymasterClient).
- *
- * For EOA accounts, uses the existing buildByType -> simulate -> sign -> submit path.
- *
- * ChainError category-based retry:
- * - PERMANENT: immediate FAILED, no retry
- * - TRANSIENT: exponential backoff (1s, 2s, 4s), max 3 retries (retryCount >= 3 guard)
- * - STALE: rebuild from Stage 5a, max 1 (retryCount >= 1 guard)
- *
- * retryCount is shared between TRANSIENT and STALE to limit total retry count.
- * Total attempts: initial 1 + up to 3 retries = 4 max.
- */
-export async function stage5Execute(ctx) {
-    // Smart account UserOperation path
-    if (ctx.wallet.accountType === 'smart') {
-        await stage5ExecuteSmartAccount(ctx);
-        return;
-    }
-    // v31.4: ApiDirectResult path -- skip on-chain execution entirely (HDESIGN-01)
-    if (ctx.actionResult) {
-        const result = ctx.actionResult;
-        // Update transaction status to CONFIRMED with API direct result metadata
-        await ctx.db
-            .update(transactions)
-            .set({
-            status: 'CONFIRMED',
-            metadata: JSON.stringify({
-                apiDirect: true,
-                provider: result.provider,
-                action: result.action,
-                externalId: result.externalId,
-                resultStatus: result.status,
-                data: result.data,
-                ...(result.metadata ?? {}),
-            }),
-        })
-            .where(eq(transactions.id, ctx.txId));
-        // Audit log: TX_CONFIRMED (API direct)
-        if (ctx.sqlite) {
-            insertAuditLog(ctx.sqlite, {
-                eventType: 'TX_CONFIRMED',
-                actor: ctx.sessionId ?? 'system',
-                walletId: ctx.walletId,
-                txId: ctx.txId,
-                details: {
-                    provider: result.provider,
-                    action: result.action,
-                    externalId: result.externalId,
-                    apiDirect: true,
-                    chain: ctx.wallet.chain,
-                    network: ctx.resolvedNetwork,
-                },
-                severity: 'info',
-            });
-        }
-        // Fire-and-forget: notify TX_CONFIRMED
-        const apiDirectAmount = formatNotificationAmount(ctx.request, ctx.wallet.chain);
-        const apiDirectTo = getRequestTo(ctx.request);
-        const apiDirectDisplayAmount = await resolveDisplayAmount(ctx.amountUsd ?? null, ctx.settingsService, ctx.forexRateService);
-        void ctx.notificationService?.notify('TX_CONFIRMED', ctx.walletId, {
-            txId: ctx.txId,
-            provider: result.provider,
-            action: result.action,
-            externalId: result.externalId,
-            network: ctx.resolvedNetwork,
-            amount: apiDirectAmount,
-            to: apiDirectTo,
-            display_amount: apiDirectDisplayAmount,
-        }, { txId: ctx.txId });
-        // Emit transaction:completed event (txHash = externalId for API direct)
-        ctx.eventBus?.emit('transaction:completed', {
-            walletId: ctx.walletId,
-            txId: ctx.txId,
-            txHash: result.externalId,
-            network: ctx.resolvedNetwork,
-            type: 'CONTRACT_CALL',
-            timestamp: Math.floor(Date.now() / 1000),
-        });
-        // Increment metrics
-        ctx.metricsCounter?.increment('tx.completed', { network: ctx.resolvedNetwork });
-        return; // Skip on-chain execution
-    }
-    // --- EOA execution path (unchanged) ---
-    const reqAmount = formatNotificationAmount(ctx.request, ctx.wallet.chain);
-    const reqTo = getRequestTo(ctx.request);
-    // [Phase 139] Resolve display amount once for all Stage 5 notifications
-    const displayAmount = await resolveDisplayAmount(ctx.amountUsd ?? null, ctx.settingsService, ctx.forexRateService);
-    let retryCount = 0;
-    // Outer buildLoop: STALE errors return here to rebuild from Stage 5a
-    buildLoop: while (true) {
-        try {
-            // Stage 5a: Build unsigned transaction (type-routed)
-            ctx.unsignedTx = await buildByType(ctx.adapter, ctx.request, ctx.wallet.publicKey);
-            // Stage 5b: Simulate (with RPC metrics)
-            const simStart = Date.now();
-            ctx.metricsCounter?.increment('rpc.calls', { network: ctx.resolvedNetwork });
-            const simResult = await ctx.adapter.simulateTransaction(ctx.unsignedTx);
-            ctx.metricsCounter?.recordLatency('rpc.latency', Date.now() - simStart, { network: ctx.resolvedNetwork });
-            if (!simResult.success) {
-                ctx.metricsCounter?.increment('rpc.errors', { network: ctx.resolvedNetwork });
-                ctx.metricsCounter?.increment('tx.failed', { network: ctx.resolvedNetwork });
-                await ctx.db
-                    .update(transactions)
-                    .set({ status: 'FAILED', error: simResult.error ?? 'Simulation failed' })
-                    .where(eq(transactions.id, ctx.txId));
-                // Audit log: TX_FAILED (simulation failure)
-                if (ctx.sqlite) {
-                    insertAuditLog(ctx.sqlite, {
-                        eventType: 'TX_FAILED',
-                        actor: ctx.sessionId ?? 'system',
-                        walletId: ctx.walletId,
-                        txId: ctx.txId,
-                        details: { error: simResult.error ?? 'Simulation failed', stage: 5, chain: ctx.wallet.chain, network: ctx.resolvedNetwork },
-                        severity: 'warning',
-                    });
-                }
-                // Fire-and-forget: notify TX_FAILED on simulation failure
-                void ctx.notificationService?.notify('TX_FAILED', ctx.walletId, {
-                    txId: ctx.txId,
-                    error: simResult.error ?? 'Simulation failed',
-                    amount: reqAmount,
-                    display_amount: displayAmount,
-                    network: ctx.resolvedNetwork,
-                }, { txId: ctx.txId });
-                // v1.6: emit transaction:failed event (simulation failure)
-                ctx.eventBus?.emit('transaction:failed', {
-                    walletId: ctx.walletId,
-                    txId: ctx.txId,
-                    error: simResult.error ?? 'Simulation failed',
-                    network: ctx.resolvedNetwork,
-                    type: ('type' in ctx.request && ctx.request.type) ? ctx.request.type : 'TRANSFER',
-                    timestamp: Math.floor(Date.now() / 1000),
-                });
-                throw new WAIaaSError('SIMULATION_FAILED', {
-                    message: simResult.error ?? 'Transaction simulation failed',
-                });
-            }
-            // Stage 5c: Decrypt private key, sign
-            // CRITICAL: key MUST be released in finally block
-            let privateKey = null;
-            try {
-                privateKey = await ctx.keyStore.decryptPrivateKey(ctx.walletId, ctx.masterPassword);
-                ctx.signedTx = await ctx.adapter.signTransaction(ctx.unsignedTx, privateKey);
-            }
-            finally {
-                if (privateKey) {
-                    ctx.keyStore.releaseKey(privateKey);
-                }
-            }
-            // Stage 5d: Submit (with RPC metrics)
-            const submitStart = Date.now();
-            ctx.metricsCounter?.increment('rpc.calls', { network: ctx.resolvedNetwork });
-            ctx.submitResult = await ctx.adapter.submitTransaction(ctx.signedTx);
-            ctx.metricsCounter?.recordLatency('rpc.latency', Date.now() - submitStart, { network: ctx.resolvedNetwork });
-            // Success: increment tx.submitted counter
-            ctx.metricsCounter?.increment('tx.submitted', { network: ctx.resolvedNetwork });
-            // Success: Update DB SUBMITTED + txHash
-            await ctx.db
-                .update(transactions)
-                .set({ status: 'SUBMITTED', txHash: ctx.submitResult.txHash })
-                .where(eq(transactions.id, ctx.txId));
-            // Audit log: TX_SUBMITTED
-            if (ctx.sqlite) {
-                const txType = ('type' in ctx.request && ctx.request.type) ? ctx.request.type : 'TRANSFER';
-                const auditDetails = {
-                    txHash: ctx.submitResult.txHash,
-                    chain: ctx.wallet.chain,
-                    network: ctx.resolvedNetwork,
-                    type: txType,
-                };
-                // v31.14 DEPL-06: log keccak256(bytecode) for CONTRACT_DEPLOY audit trail
-                if (txType === 'CONTRACT_DEPLOY' && 'bytecode' in ctx.request) {
-                    const { keccak256, toBytes } = await import('viem');
-                    auditDetails.bytecodeHash = keccak256(toBytes(ctx.request.bytecode));
-                }
-                insertAuditLog(ctx.sqlite, {
-                    eventType: 'TX_SUBMITTED',
-                    actor: ctx.sessionId ?? 'system',
-                    walletId: ctx.walletId,
-                    txId: ctx.txId,
-                    details: auditDetails,
-                    severity: 'info',
-                });
-            }
-            // Fire-and-forget: notify TX_SUBMITTED
-            void ctx.notificationService?.notify('TX_SUBMITTED', ctx.walletId, {
-                txId: ctx.txId,
-                txHash: ctx.submitResult.txHash,
-                amount: reqAmount,
-                to: reqTo,
-                display_amount: displayAmount,
-                network: ctx.resolvedNetwork,
-            }, { txId: ctx.txId });
-            // v1.6: emit wallet:activity TX_SUBMITTED event
-            ctx.eventBus?.emit('wallet:activity', {
-                walletId: ctx.walletId,
-                activity: 'TX_SUBMITTED',
-                details: { txId: ctx.txId, txHash: ctx.submitResult.txHash },
-                timestamp: Math.floor(Date.now() / 1000),
-            });
-            return; // Success -- exit the loop
-        }
-        catch (err) {
-            // Non-ChainError: rethrow as-is (WAIaaSError, validation errors, etc.)
-            if (!(err instanceof ChainError)) {
-                throw err;
-            }
-            // ChainError: category-based retry logic
-            switch (err.category) {
-                case 'PERMANENT': {
-                    // Immediate failure, no retry
-                    ctx.metricsCounter?.increment('rpc.errors', { network: ctx.resolvedNetwork });
-                    ctx.metricsCounter?.increment('tx.failed', { network: ctx.resolvedNetwork });
-                    await ctx.db
-                        .update(transactions)
-                        .set({ status: 'FAILED', error: err.message })
-                        .where(eq(transactions.id, ctx.txId));
-                    // Audit log: TX_FAILED (permanent chain error)
-                    if (ctx.sqlite) {
-                        insertAuditLog(ctx.sqlite, {
-                            eventType: 'TX_FAILED',
-                            actor: ctx.sessionId ?? 'system',
-                            walletId: ctx.walletId,
-                            txId: ctx.txId,
-                            details: { error: err.message, stage: 5, chain: ctx.wallet.chain, network: ctx.resolvedNetwork },
-                            severity: 'warning',
-                        });
-                    }
-                    // Fire-and-forget: notify TX_FAILED
-                    void ctx.notificationService?.notify('TX_FAILED', ctx.walletId, {
-                        txId: ctx.txId,
-                        error: err.message,
-                        amount: reqAmount,
-                        display_amount: displayAmount,
-                        network: ctx.resolvedNetwork,
-                    }, { txId: ctx.txId });
-                    // v1.6: emit transaction:failed event (permanent chain error)
-                    ctx.eventBus?.emit('transaction:failed', {
-                        walletId: ctx.walletId,
-                        txId: ctx.txId,
-                        error: err.message,
-                        network: ctx.resolvedNetwork,
-                        type: ('type' in ctx.request && ctx.request.type) ? ctx.request.type : 'TRANSFER',
-                        timestamp: Math.floor(Date.now() / 1000),
-                    });
-                    throw new WAIaaSError('CHAIN_ERROR', {
-                        message: err.message,
-                        cause: err,
-                    });
-                }
-                case 'TRANSIENT': {
-                    ctx.metricsCounter?.increment('rpc.errors', { network: ctx.resolvedNetwork });
-                    if (retryCount >= 3) {
-                        // Max retries exhausted
-                        ctx.metricsCounter?.increment('tx.failed', { network: ctx.resolvedNetwork });
-                        await ctx.db
-                            .update(transactions)
-                            .set({ status: 'FAILED', error: `${err.code} (max retries exceeded)` })
-                            .where(eq(transactions.id, ctx.txId));
-                        // Fire-and-forget: notify TX_FAILED
-                        void ctx.notificationService?.notify('TX_FAILED', ctx.walletId, {
-                            txId: ctx.txId,
-                            error: `${err.code} (max retries exceeded)`,
-                            amount: reqAmount,
-                            display_amount: displayAmount,
-                            network: ctx.resolvedNetwork,
-                        }, { txId: ctx.txId });
-                        // v1.6: emit transaction:failed event (transient max retries)
-                        ctx.eventBus?.emit('transaction:failed', {
-                            walletId: ctx.walletId,
-                            txId: ctx.txId,
-                            error: `${err.code} (max retries exceeded)`,
-                            network: ctx.resolvedNetwork,
-                            type: ('type' in ctx.request && ctx.request.type) ? ctx.request.type : 'TRANSFER',
-                            timestamp: Math.floor(Date.now() / 1000),
-                        });
-                        throw new WAIaaSError('CHAIN_ERROR', {
-                            message: `${err.message} (max retries exceeded)`,
-                            cause: err,
-                        });
-                    }
-                    // Exponential backoff: 1s, 2s, 4s
-                    await sleep(1000 * Math.pow(2, retryCount));
-                    retryCount++;
-                    continue buildLoop; // Retry from Stage 5a (rebuild)
-                }
-                case 'STALE': {
-                    ctx.metricsCounter?.increment('rpc.errors', { network: ctx.resolvedNetwork });
-                    if (retryCount >= 1) {
-                        // Stale retry exhausted (shared retryCount)
-                        ctx.metricsCounter?.increment('tx.failed', { network: ctx.resolvedNetwork });
-                        await ctx.db
-                            .update(transactions)
-                            .set({ status: 'FAILED', error: `${err.code} (stale retry exhausted)` })
-                            .where(eq(transactions.id, ctx.txId));
-                        // Fire-and-forget: notify TX_FAILED
-                        void ctx.notificationService?.notify('TX_FAILED', ctx.walletId, {
-                            txId: ctx.txId,
-                            error: `${err.code} (stale retry exhausted)`,
-                            amount: reqAmount,
-                            display_amount: displayAmount,
-                            network: ctx.resolvedNetwork,
-                        }, { txId: ctx.txId });
-                        // v1.6: emit transaction:failed event (stale retry exhausted)
-                        ctx.eventBus?.emit('transaction:failed', {
-                            walletId: ctx.walletId,
-                            txId: ctx.txId,
-                            error: `${err.code} (stale retry exhausted)`,
-                            network: ctx.resolvedNetwork,
-                            type: ('type' in ctx.request && ctx.request.type) ? ctx.request.type : 'TRANSFER',
-                            timestamp: Math.floor(Date.now() / 1000),
-                        });
-                        throw new WAIaaSError('CHAIN_ERROR', {
-                            message: `${err.message} (stale retry exhausted)`,
-                            cause: err,
-                        });
-                    }
-                    // Rebuild from Stage 5a with new blockhash/nonce
-                    retryCount++;
-                    continue buildLoop;
-                }
-                default: {
-                    // Unknown category: treat as permanent
-                    await ctx.db
-                        .update(transactions)
-                        .set({ status: 'FAILED', error: err.message })
-                        .where(eq(transactions.id, ctx.txId));
-                    throw new WAIaaSError('CHAIN_ERROR', {
-                        message: err.message,
-                        cause: err,
-                    });
-                }
-            }
-        }
-    }
-}
-// ---------------------------------------------------------------------------
-// Stage 6: Confirmation wait
-// ---------------------------------------------------------------------------
-export async function stage6Confirm(ctx) {
-    const reqAmount = formatNotificationAmount(ctx.request, ctx.wallet.chain);
-    const reqTo = getRequestTo(ctx.request);
-    // [Phase 139] Resolve display amount for Stage 6 notifications
-    const displayAmount = await resolveDisplayAmount(ctx.amountUsd ?? null, ctx.settingsService, ctx.forexRateService);
-    const result = await ctx.adapter.waitForConfirmation(ctx.submitResult.txHash, 30_000);
-    if (result.status === 'confirmed' || result.status === 'finalized') {
-        // On-chain confirmed
-        const executedAt = new Date(Math.floor(Date.now() / 1000) * 1000);
-        await ctx.db
-            .update(transactions)
-            .set({ status: 'CONFIRMED', executedAt })
-            .where(eq(transactions.id, ctx.txId));
-        // Audit log: TX_CONFIRMED
-        if (ctx.sqlite) {
-            insertAuditLog(ctx.sqlite, {
-                eventType: 'TX_CONFIRMED',
-                actor: ctx.sessionId ?? 'system',
-                walletId: ctx.walletId,
-                txId: ctx.txId,
-                details: {
-                    txHash: ctx.submitResult.txHash,
-                    chain: ctx.wallet.chain,
-                    network: ctx.resolvedNetwork,
-                    executedAt: Math.floor(Date.now() / 1000),
-                },
-                severity: 'info',
-            });
-        }
-        // Fire-and-forget: notify TX_CONFIRMED (never blocks pipeline)
-        void ctx.notificationService?.notify('TX_CONFIRMED', ctx.walletId, {
-            txId: ctx.txId,
-            txHash: ctx.submitResult.txHash,
-            amount: reqAmount,
-            to: reqTo,
-            display_amount: displayAmount,
-            network: ctx.resolvedNetwork,
-        }, { txId: ctx.txId });
-        // v1.6: emit transaction:completed event
-        ctx.eventBus?.emit('transaction:completed', {
-            walletId: ctx.walletId,
-            txId: ctx.txId,
-            txHash: ctx.submitResult.txHash,
-            amount: getRequestAmount(ctx.request),
-            network: ctx.resolvedNetwork,
-            type: ('type' in ctx.request && ctx.request.type) ? ctx.request.type : 'TRANSFER',
-            timestamp: Math.floor(Date.now() / 1000),
-        });
-    }
-    else if (result.status === 'failed') {
-        // On-chain revert
-        await ctx.db
-            .update(transactions)
-            .set({ status: 'FAILED', error: 'Transaction reverted on-chain' })
-            .where(eq(transactions.id, ctx.txId));
-        // Audit log: TX_FAILED (on-chain revert)
-        if (ctx.sqlite) {
-            insertAuditLog(ctx.sqlite, {
-                eventType: 'TX_FAILED',
-                actor: ctx.sessionId ?? 'system',
-                walletId: ctx.walletId,
-                txId: ctx.txId,
-                details: { error: 'Transaction reverted on-chain', stage: 6, chain: ctx.wallet.chain, network: ctx.resolvedNetwork },
-                severity: 'warning',
-            });
-        }
-        // Fire-and-forget: notify TX_FAILED on on-chain revert (never blocks pipeline)
-        void ctx.notificationService?.notify('TX_FAILED', ctx.walletId, {
-            txId: ctx.txId,
-            error: 'Transaction reverted on-chain',
-            amount: reqAmount,
-            display_amount: displayAmount,
-            network: ctx.resolvedNetwork,
-        }, { txId: ctx.txId });
-        // v1.6: emit transaction:failed event (on-chain revert)
-        ctx.eventBus?.emit('transaction:failed', {
-            walletId: ctx.walletId,
-            txId: ctx.txId,
-            error: 'Transaction reverted on-chain',
-            network: ctx.resolvedNetwork,
-            type: ('type' in ctx.request && ctx.request.type) ? ctx.request.type : 'TRANSFER',
-            timestamp: Math.floor(Date.now() / 1000),
-        });
-        throw new WAIaaSError('CHAIN_ERROR', {
-            message: 'Transaction reverted on-chain',
-        });
-    }
-    else {
-        // status === 'submitted': still pending, NOT failed
-        // Keep SUBMITTED status (already set by Stage 5)
-        // Do NOT overwrite to FAILED -- tx may confirm later
-        // No notification: no state change occurred
-    }
-}
+ * Pipeline stages -- barrel re-export.
+ * Individual stage modules: stage1-validate.ts through stage6-confirm.ts
+ * Shared types/helpers: pipeline-helpers.ts
+ */
+export * from './pipeline-helpers.js';
+export * from './stage1-validate.js';
+export * from './stage2-auth.js';
+export * from './stage3-policy.js';
+export * from './stage4-wait.js';
+export * from './stage5-execute.js';
+export * from './stage6-confirm.js';
 //# sourceMappingURL=stages.js.map