@zendfi/sdk 0.5.8 → 0.6.0

package/dist/index.mjs

@@ -1,7 +1,19 @@
 import {
-  __require,
   processWebhook
-} from "./chunk-YFOBPGQE.mjs";
+} from "./chunk-3ACJUM6V.mjs";
+import {
+  DeviceBoundSessionKey,
+  DeviceFingerprintGenerator,
+  RecoveryQRGenerator,
+  SessionKeyCrypto
+} from "./chunk-XERHBDUK.mjs";
+import {
+  QuickCaches,
+  SessionKeyCache
+} from "./chunk-5O5NAX65.mjs";
+import {
+  __require
+} from "./chunk-Y6FXYEAI.mjs";
 
 // src/client.ts
 import fetch2 from "cross-fetch";
@@ -1199,6 +1211,43 @@ var AutonomyAPI = class {
       throw new Error("delegation_signature must be base64 encoded");
     }
   }
+  /**
+   * Get spending attestations for a delegate (audit trail)
+   * 
+   * Returns all cryptographically signed attestations ZendFi created for
+   * this delegate. Each attestation contains:
+   * - The spending state at the time of payment
+   * - ZendFi's Ed25519 signature
+   * - Timestamp and nonce (for replay protection)
+   * 
+   * These attestations can be independently verified using ZendFi's public key
+   * to confirm spending limit enforcement was applied correctly.
+   * 
+   * @param delegateId - UUID of the autonomous delegate
+   * @returns Attestation audit response with all signed attestations
+   * 
+   * @example
+   * ```typescript
+   * const audit = await zendfi.autonomy.getAttestations('delegate_123...');
+   * 
+   * console.log(`Found ${audit.attestation_count} attestations`);
+   * console.log(`ZendFi public key: ${audit.zendfi_attestation_public_key}`);
+   * 
+   * // Verify each attestation independently
+   * for (const signed of audit.attestations) {
+   *   console.log(`Payment ${signed.attestation.payment_id}:`);
+   *   console.log(`  Requested: $${signed.attestation.requested_usd}`);
+   *   console.log(`  Remaining after: $${signed.attestation.remaining_after_usd}`);
+   *   // Verify signature with nacl.sign.detached.verify()
+   * }
+   * ```
+   */
+  async getAttestations(delegateId) {
+    return this.request(
+      "GET",
+      `/api/v1/ai/delegates/${delegateId}/attestations`
+    );
+  }
 };
 
 // src/api/smart-payments.ts
@@ -2386,589 +2435,8 @@ function verifyWebhookSignature(payload, signature, secret) {
   });
 }
 
-// src/device-bound-crypto.ts
-import { Keypair } from "@solana/web3.js";
-import * as crypto from "crypto";
-var DeviceFingerprintGenerator = class {
-  /**
-   * Generate a unique device fingerprint
-   * Combines multiple browser attributes for uniqueness
-   */
-  static async generate() {
-    const components = {};
-    try {
-      components.canvas = await this.getCanvasFingerprint();
-      components.webgl = await this.getWebGLFingerprint();
-      components.audio = await this.getAudioFingerprint();
-      components.screen = `${screen.width}x${screen.height}x${screen.colorDepth}`;
-      components.timezone = Intl.DateTimeFormat().resolvedOptions().timeZone;
-      components.languages = navigator.languages?.join(",") || navigator.language;
-      components.platform = navigator.platform;
-      components.hardwareConcurrency = navigator.hardwareConcurrency?.toString() || "unknown";
-      const combined = Object.entries(components).sort(([a], [b]) => a.localeCompare(b)).map(([key, value]) => `${key}:${value}`).join("|");
-      const fingerprint = await this.sha256(combined);
-      return {
-        fingerprint,
-        generatedAt: Date.now(),
-        components
-      };
-    } catch (error) {
-      console.warn("Device fingerprinting failed, using fallback", error);
-      return this.generateFallbackFingerprint();
-    }
-  }
-  /**
-   * Graceful fallback fingerprint generation
-   * Works in headless browsers, SSR, and restricted environments
-   */
-  static async generateFallbackFingerprint() {
-    const components = {};
-    try {
-      if (typeof navigator !== "undefined") {
-        components.platform = navigator.platform || "unknown";
-        components.languages = navigator.languages?.join(",") || navigator.language || "unknown";
-        components.hardwareConcurrency = navigator.hardwareConcurrency?.toString() || "unknown";
-      }
-      if (typeof screen !== "undefined") {
-        components.screen = `${screen.width || 0}x${screen.height || 0}x${screen.colorDepth || 0}`;
-      }
-      if (typeof Intl !== "undefined") {
-        try {
-          components.timezone = Intl.DateTimeFormat().resolvedOptions().timeZone;
-        } catch {
-          components.timezone = "unknown";
-        }
-      }
-    } catch {
-      components.platform = "fallback";
-    }
-    let randomEntropy = "";
-    try {
-      if (typeof window !== "undefined" && window.crypto?.getRandomValues) {
-        const arr = new Uint8Array(16);
-        window.crypto.getRandomValues(arr);
-        randomEntropy = Array.from(arr).map((b) => b.toString(16).padStart(2, "0")).join("");
-      } else if (typeof crypto !== "undefined" && crypto.randomBytes) {
-        randomEntropy = crypto.randomBytes(16).toString("hex");
-      }
-    } catch {
-      randomEntropy = Date.now().toString(36) + Math.random().toString(36);
-    }
-    const combined = Object.entries(components).sort(([a], [b]) => a.localeCompare(b)).map(([key, value]) => `${key}:${value}`).join("|") + "|entropy:" + randomEntropy;
-    const fingerprint = await this.sha256(combined);
-    return {
-      fingerprint,
-      generatedAt: Date.now(),
-      components
-    };
-  }
-  static async getCanvasFingerprint() {
-    const canvas = document.createElement("canvas");
-    const ctx = canvas.getContext("2d");
-    if (!ctx) return "no-canvas";
-    canvas.width = 200;
-    canvas.height = 50;
-    ctx.textBaseline = "top";
-    ctx.font = '14px "Arial"';
-    ctx.fillStyle = "#f60";
-    ctx.fillRect(0, 0, 100, 50);
-    ctx.fillStyle = "#069";
-    ctx.fillText("ZendFi \u{1F510}", 2, 2);
-    ctx.fillStyle = "rgba(102, 204, 0, 0.7)";
-    ctx.fillText("Device-Bound", 4, 17);
-    return canvas.toDataURL();
-  }
-  static async getWebGLFingerprint() {
-    const canvas = document.createElement("canvas");
-    const gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
-    if (!gl) return "no-webgl";
-    const debugInfo = gl.getExtension("WEBGL_debug_renderer_info");
-    if (!debugInfo) return "no-debug-info";
-    const vendor = gl.getParameter(debugInfo.UNMASKED_VENDOR_WEBGL);
-    const renderer = gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL);
-    return `${vendor}|${renderer}`;
-  }
-  static async getAudioFingerprint() {
-    try {
-      const AudioContext = window.AudioContext || window.webkitAudioContext;
-      if (!AudioContext) return "no-audio";
-      const context = new AudioContext();
-      const oscillator = context.createOscillator();
-      const analyser = context.createAnalyser();
-      const gainNode = context.createGain();
-      const scriptProcessor = context.createScriptProcessor(4096, 1, 1);
-      gainNode.gain.value = 0;
-      oscillator.connect(analyser);
-      analyser.connect(scriptProcessor);
-      scriptProcessor.connect(gainNode);
-      gainNode.connect(context.destination);
-      oscillator.start(0);
-      return new Promise((resolve) => {
-        scriptProcessor.onaudioprocess = (event) => {
-          const output = event.inputBuffer.getChannelData(0);
-          const hash = Array.from(output.slice(0, 30)).reduce((acc, val) => acc + Math.abs(val), 0);
-          oscillator.stop();
-          scriptProcessor.disconnect();
-          context.close();
-          resolve(hash.toString());
-        };
-      });
-    } catch (error) {
-      return "audio-error";
-    }
-  }
-  static async sha256(data) {
-    if (typeof window !== "undefined" && window.crypto && window.crypto.subtle) {
-      const encoder = new TextEncoder();
-      const dataBuffer = encoder.encode(data);
-      const hashBuffer = await window.crypto.subtle.digest("SHA-256", dataBuffer);
-      const hashArray = Array.from(new Uint8Array(hashBuffer));
-      return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
-    } else {
-      return crypto.createHash("sha256").update(data).digest("hex");
-    }
-  }
-};
-var SessionKeyCrypto = class {
-  /**
-   * Encrypt a Solana keypair with PIN + device fingerprint
-   * Uses Argon2id for key derivation and AES-256-GCM for encryption
-   */
-  static async encrypt(keypair, pin, deviceFingerprint) {
-    if (!/^\d{6}$/.test(pin)) {
-      throw new Error("PIN must be exactly 6 numeric digits");
-    }
-    const encryptionKey = await this.deriveKey(pin, deviceFingerprint);
-    const nonce = this.generateNonce();
-    const secretKey = keypair.secretKey;
-    const encryptedData = await this.aesEncrypt(secretKey, encryptionKey, nonce);
-    return {
-      encryptedData: Buffer.from(encryptedData).toString("base64"),
-      nonce: Buffer.from(nonce).toString("base64"),
-      publicKey: keypair.publicKey.toBase58(),
-      deviceFingerprint,
-      version: "argon2id-aes256gcm-v1"
-    };
-  }
-  /**
-   * Decrypt an encrypted session key with PIN + device fingerprint
-   */
-  static async decrypt(encrypted, pin, deviceFingerprint) {
-    if (!/^\d{6}$/.test(pin)) {
-      throw new Error("PIN must be exactly 6 numeric digits");
-    }
-    if (encrypted.deviceFingerprint !== deviceFingerprint) {
-      throw new Error("Device fingerprint mismatch - wrong device or security threat");
-    }
-    const encryptionKey = await this.deriveKey(pin, deviceFingerprint);
-    const encryptedData = Buffer.from(encrypted.encryptedData, "base64");
-    const nonce = Buffer.from(encrypted.nonce, "base64");
-    try {
-      const secretKey = await this.aesDecrypt(encryptedData, encryptionKey, nonce);
-      return Keypair.fromSecretKey(secretKey);
-    } catch (error) {
-      throw new Error("Decryption failed - wrong PIN or corrupted data");
-    }
-  }
-  /**
-   * Derive encryption key from PIN + device fingerprint using Argon2id
-   * 
-   * Argon2id parameters (OWASP recommended):
-   * - Memory: 64MB (65536 KB)
-   * - Iterations: 3
-   * - Parallelism: 4
-   * - Salt: device fingerprint
-   */
-  static async deriveKey(pin, deviceFingerprint) {
-    if (typeof window !== "undefined" && window.crypto && window.crypto.subtle) {
-      const encoder = new TextEncoder();
-      const keyMaterial = await window.crypto.subtle.importKey(
-        "raw",
-        encoder.encode(pin),
-        { name: "PBKDF2" },
-        false,
-        ["deriveBits"]
-      );
-      const derivedBits = await window.crypto.subtle.deriveBits(
-        {
-          name: "PBKDF2",
-          salt: encoder.encode(deviceFingerprint),
-          iterations: 1e5,
-          // High iteration count for security
-          hash: "SHA-256"
-        },
-        keyMaterial,
-        256
-        // 256 bits = 32 bytes for AES-256
-      );
-      return new Uint8Array(derivedBits);
-    } else {
-      const salt = crypto.createHash("sha256").update(deviceFingerprint).digest();
-      return crypto.pbkdf2Sync(pin, salt, 1e5, 32, "sha256");
-    }
-  }
-  /**
-   * Generate random nonce for AES-GCM (12 bytes)
-   */
-  static generateNonce() {
-    if (typeof window !== "undefined" && window.crypto) {
-      return window.crypto.getRandomValues(new Uint8Array(12));
-    } else {
-      return crypto.randomBytes(12);
-    }
-  }
-  /**
-   * Encrypt with AES-256-GCM
-   */
-  static async aesEncrypt(plaintext, key, nonce) {
-    if (typeof window !== "undefined" && window.crypto && window.crypto.subtle) {
-      const keyBuffer = key.buffer.slice(key.byteOffset, key.byteOffset + key.byteLength);
-      const nonceBuffer = nonce.buffer.slice(nonce.byteOffset, nonce.byteOffset + nonce.byteLength);
-      const plaintextBuffer = plaintext.buffer.slice(plaintext.byteOffset, plaintext.byteOffset + plaintext.byteLength);
-      const cryptoKey = await window.crypto.subtle.importKey(
-        "raw",
-        keyBuffer,
-        { name: "AES-GCM" },
-        false,
-        ["encrypt"]
-      );
-      const encrypted = await window.crypto.subtle.encrypt(
-        {
-          name: "AES-GCM",
-          iv: nonceBuffer
-        },
-        cryptoKey,
-        plaintextBuffer
-      );
-      return new Uint8Array(encrypted);
-    } else {
-      const cipher = crypto.createCipheriv("aes-256-gcm", key, nonce);
-      const encrypted = Buffer.concat([cipher.update(plaintext), cipher.final()]);
-      const authTag = cipher.getAuthTag();
-      return new Uint8Array(Buffer.concat([encrypted, authTag]));
-    }
-  }
-  /**
-   * Decrypt with AES-256-GCM
-   */
-  static async aesDecrypt(ciphertext, key, nonce) {
-    if (typeof window !== "undefined" && window.crypto && window.crypto.subtle) {
-      const keyBuffer = key.buffer.slice(key.byteOffset, key.byteOffset + key.byteLength);
-      const nonceBuffer = nonce.buffer.slice(nonce.byteOffset, nonce.byteOffset + nonce.byteLength);
-      const ciphertextBuffer = ciphertext.buffer.slice(ciphertext.byteOffset, ciphertext.byteOffset + ciphertext.byteLength);
-      const cryptoKey = await window.crypto.subtle.importKey(
-        "raw",
-        keyBuffer,
-        { name: "AES-GCM" },
-        false,
-        ["decrypt"]
-      );
-      const decrypted = await window.crypto.subtle.decrypt(
-        {
-          name: "AES-GCM",
-          iv: nonceBuffer
-        },
-        cryptoKey,
-        ciphertextBuffer
-      );
-      return new Uint8Array(decrypted);
-    } else {
-      const authTag = ciphertext.slice(-16);
-      const encrypted = ciphertext.slice(0, -16);
-      const decipher = crypto.createDecipheriv("aes-256-gcm", key, nonce);
-      decipher.setAuthTag(authTag);
-      const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]);
-      return new Uint8Array(decrypted);
-    }
-  }
-};
-var RecoveryQRGenerator = class {
-  /**
-   * Generate recovery QR data
-   * This allows users to recover their session key on a new device
-   */
-  static generate(encrypted) {
-    return {
-      encryptedSessionKey: encrypted.encryptedData,
-      nonce: encrypted.nonce,
-      publicKey: encrypted.publicKey,
-      version: "v1",
-      createdAt: Date.now()
-    };
-  }
-  /**
-   * Encode recovery QR as JSON string
-   */
-  static encode(recoveryQR) {
-    return JSON.stringify(recoveryQR);
-  }
-  /**
-   * Decode recovery QR from JSON string
-   */
-  static decode(qrData) {
-    try {
-      const parsed = JSON.parse(qrData);
-      if (!parsed.encryptedSessionKey || !parsed.nonce || !parsed.publicKey) {
-        throw new Error("Invalid recovery QR data");
-      }
-      return parsed;
-    } catch (error) {
-      throw new Error("Failed to decode recovery QR");
-    }
-  }
-  /**
-   * Re-encrypt session key for new device
-   */
-  static async reEncryptForNewDevice(recoveryQR, oldPin, oldDeviceFingerprint, newPin, newDeviceFingerprint) {
-    const oldEncrypted = {
-      encryptedData: recoveryQR.encryptedSessionKey,
-      nonce: recoveryQR.nonce,
-      publicKey: recoveryQR.publicKey,
-      deviceFingerprint: oldDeviceFingerprint,
-      version: "argon2id-aes256gcm-v1"
-    };
-    const keypair = await SessionKeyCrypto.decrypt(oldEncrypted, oldPin, oldDeviceFingerprint);
-    return await SessionKeyCrypto.encrypt(keypair, newPin, newDeviceFingerprint);
-  }
-};
-var DeviceBoundSessionKey = class _DeviceBoundSessionKey {
-  encrypted = null;
-  deviceFingerprint = null;
-  sessionKeyId = null;
-  recoveryQR = null;
-  // Auto-signing cache: decrypted keypair stored in memory
-  // Enables instant signing without re-entering PIN for subsequent payments
-  cachedKeypair = null;
-  cacheExpiry = null;
-  // Timestamp when cache expires
-  DEFAULT_CACHE_TTL_MS = 30 * 60 * 1e3;
-  // 30 minutes
-  /**
-   * Create a new device-bound session key
-   */
-  static async create(options) {
-    const deviceFingerprint = await DeviceFingerprintGenerator.generate();
-    const keypair = Keypair.generate();
-    const encrypted = await SessionKeyCrypto.encrypt(
-      keypair,
-      options.pin,
-      deviceFingerprint.fingerprint
-    );
-    const instance = new _DeviceBoundSessionKey();
-    instance.encrypted = encrypted;
-    instance.deviceFingerprint = deviceFingerprint;
-    if (options.generateRecoveryQR) {
-      instance.recoveryQR = RecoveryQRGenerator.generate(encrypted);
-    }
-    return instance;
-  }
-  /**
-   * Get encrypted data for backend storage
-   */
-  getEncryptedData() {
-    if (!this.encrypted) {
-      throw new Error("Session key not created yet");
-    }
-    return this.encrypted;
-  }
-  /**
-   * Get device fingerprint
-   */
-  getDeviceFingerprint() {
-    if (!this.deviceFingerprint) {
-      throw new Error("Device fingerprint not generated yet");
-    }
-    return this.deviceFingerprint.fingerprint;
-  }
-  /**
-   * Get public key
-   */
-  getPublicKey() {
-    if (!this.encrypted) {
-      throw new Error("Session key not created yet");
-    }
-    return this.encrypted.publicKey;
-  }
-  /**
-   * Get recovery QR data (if generated)
-   */
-  getRecoveryQR() {
-    return this.recoveryQR;
-  }
-  /**
-   * Decrypt and sign a transaction
-   * 
-   * @param transaction - The transaction to sign
-   * @param pin - User's PIN (required only if keypair not cached)
-   * @param cacheKeypair - Whether to cache the decrypted keypair for future use (default: true)
-   * @param cacheTTL - Cache time-to-live in milliseconds (default: 30 minutes)
-   * 
-   * @example
-   * ```typescript
-   * // First payment: requires PIN, caches keypair
-   * await sessionKey.signTransaction(tx1, '123456', true);
-   * 
-   * // Subsequent payments: uses cached keypair, no PIN needed!
-   * await sessionKey.signTransaction(tx2, '', false); // PIN ignored if cached
-   * 
-   * // Clear cache when done
-   * sessionKey.clearCache();
-   * ```
-   */
-  async signTransaction(transaction, pin = "", cacheKeypair = true, cacheTTL) {
-    if (!this.encrypted || !this.deviceFingerprint) {
-      throw new Error("Session key not initialized");
-    }
-    let keypair;
-    if (this.isCached()) {
-      keypair = this.cachedKeypair;
-      if (typeof console !== "undefined") {
-        console.log("\u{1F680} Using cached keypair - instant signing (no PIN required)");
-      }
-    } else {
-      if (!pin) {
-        throw new Error("PIN required: no cached keypair available");
-      }
-      keypair = await SessionKeyCrypto.decrypt(
-        this.encrypted,
-        pin,
-        this.deviceFingerprint.fingerprint
-      );
-      if (cacheKeypair) {
-        const ttl = cacheTTL || this.DEFAULT_CACHE_TTL_MS;
-        this.cacheKeypair(keypair, ttl);
-        if (typeof console !== "undefined") {
-          console.log(`\u2705 Keypair decrypted and cached for ${ttl / 1e3 / 60} minutes`);
-        }
-      }
-    }
-    transaction.sign(keypair);
-    return transaction;
-  }
-  /**
-   * Check if keypair is cached and valid
-   */
-  isCached() {
-    if (!this.cachedKeypair || !this.cacheExpiry) {
-      return false;
-    }
-    const now = Date.now();
-    if (now > this.cacheExpiry) {
-      this.clearCache();
-      return false;
-    }
-    return true;
-  }
-  /**
-   * Manually cache a keypair
-   * Called internally after PIN decryption
-   */
-  cacheKeypair(keypair, ttl) {
-    this.cachedKeypair = keypair;
-    this.cacheExpiry = Date.now() + ttl;
-  }
-  /**
-   * Clear cached keypair
-   * Should be called when user logs out or session ends
-   * 
-   * @example
-   * ```typescript
-   * // Clear cache on logout
-   * sessionKey.clearCache();
-   * 
-   * // Or clear automatically on tab close
-   * window.addEventListener('beforeunload', () => {
-   *   sessionKey.clearCache();
-   * });
-   * ```
-   */
-  clearCache() {
-    this.cachedKeypair = null;
-    this.cacheExpiry = null;
-    if (typeof console !== "undefined") {
-      console.log("\u{1F9F9} Keypair cache cleared");
-    }
-  }
-  /**
-   * Decrypt and cache keypair without signing a transaction
-   * Useful for pre-warming the cache before user makes payments
-   * 
-   * @example
-   * ```typescript
-   * // After session key creation, decrypt and cache
-   * await sessionKey.unlockWithPin('123456');
-   * 
-   * // Now all subsequent payments are instant (no PIN)
-   * await sessionKey.signTransaction(tx1, '', false); // Instant!
-   * await sessionKey.signTransaction(tx2, '', false); // Instant!
-   * ```
-   */
-  async unlockWithPin(pin, cacheTTL) {
-    if (!this.encrypted || !this.deviceFingerprint) {
-      throw new Error("Session key not initialized");
-    }
-    const keypair = await SessionKeyCrypto.decrypt(
-      this.encrypted,
-      pin,
-      this.deviceFingerprint.fingerprint
-    );
-    const ttl = cacheTTL || this.DEFAULT_CACHE_TTL_MS;
-    this.cacheKeypair(keypair, ttl);
-    if (typeof console !== "undefined") {
-      console.log(`\u{1F513} Session key unlocked and cached for ${ttl / 1e3 / 60} minutes`);
-    }
-  }
-  /**
-   * Get time remaining until cache expires (in milliseconds)
-   * Returns 0 if not cached
-   */
-  getCacheTimeRemaining() {
-    if (!this.isCached() || !this.cacheExpiry) {
-      return 0;
-    }
-    const remaining = this.cacheExpiry - Date.now();
-    return Math.max(0, remaining);
-  }
-  /**
-   * Extend cache expiry time
-   * Useful to keep session active during user activity
-   * 
-   * @example
-   * ```typescript
-   * // Extend cache by 15 minutes on each payment
-   * await sessionKey.signTransaction(tx, '');
-   * sessionKey.extendCache(15 * 60 * 1000);
-   * ```
-   */
-  extendCache(additionalTTL) {
-    if (!this.isCached()) {
-      throw new Error("Cannot extend cache: no cached keypair");
-    }
-    this.cacheExpiry += additionalTTL;
-    if (typeof console !== "undefined") {
-      const remainingMinutes = this.getCacheTimeRemaining() / 1e3 / 60;
-      console.log(`\u23F0 Cache extended - ${remainingMinutes.toFixed(1)} minutes remaining`);
-    }
-  }
-  /**
-   * Set session key ID after backend creation
-   */
-  setSessionKeyId(id) {
-    this.sessionKeyId = id;
-  }
-  /**
-   * Get session key ID
-   */
-  getSessionKeyId() {
-    if (!this.sessionKeyId) {
-      throw new Error("Session key not registered with backend");
-    }
-    return this.sessionKeyId;
-  }
-};
-
 // src/device-bound-session-keys.ts
-import { Transaction as Transaction2 } from "@solana/web3.js";
+import { Transaction } from "@solana/web3.js";
 var ZendFiSessionKeyManager = class {
   baseURL;
   apiKey;
@@ -2987,6 +2455,8 @@ var ZendFiSessionKeyManager = class {
    * 
    * const sessionKey = await manager.createSessionKey({
    *   userWallet: '7xKNH....',
+   *   agentId: 'shopping-assistant-v1',
+   *   agentName: 'AI Shopping Assistant',
    *   limitUSDC: 100,
    *   durationDays: 7,
    *   pin: '123456',
@@ -2994,6 +2464,7 @@ var ZendFiSessionKeyManager = class {
    * });
    * 
    * console.log('Session key created:', sessionKey.sessionKeyId);
+   * console.log('Works across all apps with agent:', sessionKey.agentId);
    * console.log('Recovery QR:', sessionKey.recoveryQR);
    * ```
    */
@@ -3013,6 +2484,8 @@ var ZendFiSessionKeyManager = class {
     }
     const request = {
       userWallet: options.userWallet,
+      agentId: options.agentId,
+      agentName: options.agentName,
       limitUsdc: options.limitUSDC,
       durationDays: options.durationDays,
       encryptedSessionKey: encrypted.encryptedData,
@@ -3031,10 +2504,13 @@ var ZendFiSessionKeyManager = class {
     sessionKey.setSessionKeyId(response.sessionKeyId);
     return {
       sessionKeyId: response.sessionKeyId,
+      agentId: response.agentId,
+      agentName: response.agentName,
       sessionWallet: response.sessionWallet,
       expiresAt: response.expiresAt,
       recoveryQR,
-      limitUsdc: response.limitUsdc
+      limitUsdc: response.limitUsdc,
+      crossAppCompatible: response.crossAppCompatible
     };
   }
   /**
@@ -3137,7 +2613,7 @@ var ZendFiSessionKeyManager = class {
       throw new Error("Backend did not return unsigned transaction");
     }
     const transactionBuffer = Buffer.from(paymentResponse.unsigned_transaction, "base64");
-    const transaction = Transaction2.from(transactionBuffer);
+    const transaction = Transaction.from(transactionBuffer);
     const signedTransaction = await this.sessionKey.signTransaction(
       transaction,
       options.pin || "",
@@ -3448,29 +2924,2146 @@ function decodeSignatureFromLit(result) {
   }
   return bytes;
 }
+
+// src/helpers/ai.ts
+var PaymentIntentParser = class {
+  /**
+   * Parse natural language into structured intent
+   */
+  static parse(text) {
+    if (!text || typeof text !== "string") return null;
+    const lowerText = text.toLowerCase().trim();
+    let action = "chat_only";
+    let confidence = 0;
+    if (this.containsPaymentKeywords(lowerText)) {
+      action = "payment";
+      confidence = 0.7;
+      const amount = this.extractAmount(lowerText);
+      const description = this.extractDescription(lowerText);
+      if (amount && description) {
+        confidence = 0.9;
+        return { action, amount, description, confidence, rawText: text };
+      }
+      if (amount) {
+        confidence = 0.8;
+        return { action, amount, confidence, rawText: text };
+      }
+    }
+    if (this.containsSessionKeywords(lowerText)) {
+      action = "create_session";
+      confidence = 0.8;
+      const amount = this.extractAmount(lowerText);
+      return { action, amount, confidence, rawText: text, description: "Session key budget" };
+    }
+    if (this.containsStatusKeywords(lowerText)) {
+      action = lowerText.includes("session") || lowerText.includes("key") ? "check_status" : "check_balance";
+      confidence = 0.9;
+      return { action, confidence, rawText: text };
+    }
+    if (this.containsTopUpKeywords(lowerText)) {
+      action = "topup";
+      confidence = 0.8;
+      const amount = this.extractAmount(lowerText);
+      return { action, amount, confidence, rawText: text };
+    }
+    if (this.containsRevokeKeywords(lowerText)) {
+      action = "revoke";
+      confidence = 0.9;
+      return { action, confidence, rawText: text };
+    }
+    if (this.containsAutonomyKeywords(lowerText)) {
+      action = "enable_autonomy";
+      confidence = 0.8;
+      const amount = this.extractAmount(lowerText);
+      return { action, amount, confidence, rawText: text, description: "Autonomous delegate limit" };
+    }
+    return null;
+  }
+  /**
+   * Generate system prompt for AI models
+   */
+  static generateSystemPrompt(capabilities = {}) {
+    const enabledFeatures = Object.entries({
+      createPayment: capabilities.createPayment !== false,
+      createSessionKey: capabilities.createSessionKey !== false,
+      checkBalance: capabilities.checkBalance !== false,
+      checkStatus: capabilities.checkStatus !== false,
+      topUpSession: capabilities.topUpSession !== false,
+      revokeSession: capabilities.revokeSession !== false,
+      enableAutonomy: capabilities.enableAutonomy !== false
+    }).filter(([_, enabled]) => enabled).map(([feature]) => feature);
+    return `You are a ZendFi payment assistant. You can help users with crypto payments on Solana.
+
+Available Actions:
+${enabledFeatures.includes("createPayment") ? '- Make payments (e.g., "Buy coffee for $5", "Send $20 to merchant")' : ""}
+${enabledFeatures.includes("createSessionKey") ? '- Create session keys (e.g., "Create a session key with $100 budget")' : ""}
+${enabledFeatures.includes("checkBalance") ? `- Check balances (e.g., "What's my balance?", "How much do I have?")` : ""}
+${enabledFeatures.includes("checkStatus") ? '- Check session status (e.g., "Session key status", "How much is left?")' : ""}
+${enabledFeatures.includes("topUpSession") ? '- Top up session keys (e.g., "Add $50 to session key", "Top up with $100")' : ""}
+${enabledFeatures.includes("revokeSession") ? '- Revoke session keys (e.g., "Revoke session key", "Cancel my session")' : ""}
+${enabledFeatures.includes("enableAutonomy") ? '- Enable autonomous mode (e.g., "Enable auto-pay with $25 limit")' : ""}
+
+Response Format:
+Always respond with valid JSON:
+{
+  "action": "payment" | "create_session" | "check_balance" | "check_status" | "topup" | "revoke" | "enable_autonomy" | "chat_only",
+  "amount_usd": <number if applicable>,
+  "description": "<description>",
+  "message": "<friendly response to user>"
+}
+
+Examples:
+User: "Buy coffee for $5"
+You: {"action": "payment", "amount_usd": 5, "description": "coffee", "message": "Sure! Processing your $5 coffee payment..."}
+
+User: "Create a session key with $100"
+You: {"action": "create_session", "amount_usd": 100, "message": "I'll create a session key with a $100 budget..."}
+
+User: "What's my balance?"
+You: {"action": "check_balance", "message": "Let me check your balance..."}
+
+Be helpful, concise, and always respond in valid JSON format.`;
+  }
+  // ============================================
+  // Keyword Detection
+  // ============================================
+  static containsPaymentKeywords(text) {
+    const keywords = [
+      "buy",
+      "purchase",
+      "pay",
+      "send",
+      "transfer",
+      "payment",
+      "order",
+      "checkout",
+      "subscribe",
+      "donate",
+      "tip"
+    ];
+    return keywords.some((kw) => text.includes(kw));
+  }
+  static containsSessionKeywords(text) {
+    const keywords = [
+      "create session",
+      "new session",
+      "session key",
+      "setup session",
+      "generate session",
+      "make session",
+      "start session"
+    ];
+    return keywords.some((kw) => text.includes(kw));
+  }
+  static containsStatusKeywords(text) {
+    const keywords = [
+      "status",
+      "balance",
+      "remaining",
+      "left",
+      "how much",
+      "check",
+      "show",
+      "view",
+      "display"
+    ];
+    return keywords.some((kw) => text.includes(kw));
+  }
+  static containsTopUpKeywords(text) {
+    const keywords = [
+      "top up",
+      "topup",
+      "add funds",
+      "add money",
+      "fund",
+      "increase",
+      "reload",
+      "refill"
+    ];
+    return keywords.some((kw) => text.includes(kw));
+  }
+  static containsRevokeKeywords(text) {
+    const keywords = [
+      "revoke",
+      "cancel",
+      "disable",
+      "remove",
+      "delete",
+      "stop",
+      "end",
+      "terminate"
+    ];
+    return keywords.some((kw) => text.includes(kw));
+  }
+  static containsAutonomyKeywords(text) {
+    const keywords = [
+      "autonomous",
+      "auto",
+      "automatic",
+      "delegate",
+      "enable auto",
+      "auto-sign",
+      "auto sign",
+      "auto-pay",
+      "auto pay"
+    ];
+    return keywords.some((kw) => text.includes(kw));
+  }
+  // ============================================
+  // Amount Extraction
+  // ============================================
+  static extractAmount(text) {
+    const dollarMatch = text.match(/\$\s*(\d+(?:\.\d{1,2})?)/);
+    if (dollarMatch) {
+      return parseFloat(dollarMatch[1]);
+    }
+    const usdMatch = text.match(/(\d+(?:\.\d{1,2})?)\s*(?:usd|usdc|dollars?)/i);
+    if (usdMatch) {
+      return parseFloat(usdMatch[1]);
+    }
+    const numberMatch = text.match(/(\d+(?:\.\d{1,2})?)/);
+    if (numberMatch) {
+      const num = parseFloat(numberMatch[1]);
+      if (num > 0 && num < 1e5) {
+        return num;
+      }
+    }
+    return void 0;
+  }
+  // ============================================
+  // Description Extraction
+  // ============================================
+  static extractDescription(text) {
+    const lowerText = text.toLowerCase();
+    const items = {
+      "coffee": ["coffee", "espresso", "latte", "cappuccino"],
+      "food": ["food", "meal", "lunch", "dinner", "breakfast"],
+      "drink": ["drink", "beverage", "soda", "juice"],
+      "book": ["book", "ebook", "magazine"],
+      "subscription": ["subscription", "membership", "plan"],
+      "tip": ["tip", "gratuity"],
+      "donation": ["donate", "donation", "contribute"],
+      "game": ["game", "gaming"],
+      "music": ["music", "song", "album"],
+      "video": ["video", "movie", "film"]
+    };
+    for (const [item, keywords] of Object.entries(items)) {
+      if (keywords.some((kw) => lowerText.includes(kw))) {
+        return item;
+      }
+    }
+    const forMatch = text.match(/for\s+(.+?)(?:\s+\$|\s+usd|$)/i);
+    if (forMatch && forMatch[1]) {
+      const desc = forMatch[1].trim();
+      if (desc.length > 0 && desc.length < 50) {
+        return desc;
+      }
+    }
+    return void 0;
+  }
+};
+var OpenAIAdapter = class {
+  constructor(apiKey, model = "gpt-4o-mini", capabilities) {
+    this.apiKey = apiKey;
+    this.model = model;
+    this.capabilities = capabilities;
+  }
+  async chat(message, conversationHistory = []) {
+    const systemPrompt = PaymentIntentParser.generateSystemPrompt(this.capabilities);
+    const response = await fetch("https://api.openai.com/v1/chat/completions", {
+      method: "POST",
+      headers: {
+        "Authorization": `Bearer ${this.apiKey}`,
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        model: this.model,
+        messages: [
+          { role: "system", content: systemPrompt },
+          ...conversationHistory,
+          { role: "user", content: message }
+        ],
+        temperature: 0.7,
+        max_tokens: 500
+      })
+    });
+    if (!response.ok) {
+      throw new Error(`OpenAI API error: ${response.status} ${response.statusText}`);
+    }
+    const data = await response.json();
+    const text = data.choices[0]?.message?.content || "";
+    let intent = null;
+    try {
+      const jsonMatch = text.match(/\{[\s\S]*\}/);
+      if (jsonMatch) {
+        const parsed = JSON.parse(jsonMatch[0]);
+        intent = {
+          action: parsed.action || "chat_only",
+          amount: parsed.amount_usd,
+          description: parsed.description,
+          confidence: 0.9,
+          rawText: text,
+          metadata: { message: parsed.message }
+        };
+      }
+    } catch {
+      intent = PaymentIntentParser.parse(text);
+    }
+    return { text, intent, raw: data };
+  }
+};
+var AnthropicAdapter = class {
+  constructor(apiKey, model = "claude-3-5-sonnet-20241022", capabilities) {
+    this.apiKey = apiKey;
+    this.model = model;
+    this.capabilities = capabilities;
+  }
+  async chat(message, conversationHistory = []) {
+    const systemPrompt = PaymentIntentParser.generateSystemPrompt(this.capabilities);
+    const response = await fetch("https://api.anthropic.com/v1/messages", {
+      method: "POST",
+      headers: {
+        "x-api-key": this.apiKey,
+        "anthropic-version": "2023-06-01",
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        model: this.model,
+        system: systemPrompt,
+        messages: [
+          ...conversationHistory.map((msg) => ({
+            role: msg.role === "user" ? "user" : "assistant",
+            content: msg.content
+          })),
+          { role: "user", content: message }
+        ],
+        max_tokens: 500
+      })
+    });
+    if (!response.ok) {
+      throw new Error(`Anthropic API error: ${response.status} ${response.statusText}`);
+    }
+    const data = await response.json();
+    const text = data.content[0]?.text || "";
+    let intent = null;
+    try {
+      const jsonMatch = text.match(/\{[\s\S]*\}/);
+      if (jsonMatch) {
+        const parsed = JSON.parse(jsonMatch[0]);
+        intent = {
+          action: parsed.action || "chat_only",
+          amount: parsed.amount_usd,
+          description: parsed.description,
+          confidence: 0.9,
+          rawText: text,
+          metadata: { message: parsed.message }
+        };
+      }
+    } catch {
+      intent = PaymentIntentParser.parse(text);
+    }
+    return { text, intent, raw: data };
+  }
+};
+var GeminiAdapter = class {
+  constructor(apiKey, model = "gemini-2.0-flash-exp", capabilities) {
+    this.apiKey = apiKey;
+    this.model = model;
+    this.capabilities = capabilities;
+  }
+  async chat(message) {
+    const systemPrompt = PaymentIntentParser.generateSystemPrompt(this.capabilities);
+    const fullPrompt = `${systemPrompt}
+
+User: ${message}`;
+    const response = await fetch(
+      `https://generativelanguage.googleapis.com/v1beta/models/${this.model}:generateContent?key=${this.apiKey}`,
+      {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          contents: [{ parts: [{ text: fullPrompt }] }]
+        })
+      }
+    );
+    if (!response.ok) {
+      throw new Error(`Gemini API error: ${response.status} ${response.statusText}`);
+    }
+    const data = await response.json();
+    const text = data.candidates?.[0]?.content?.parts?.[0]?.text || "";
+    let intent = null;
+    try {
+      const jsonMatch = text.match(/\{[\s\S]*\}/);
+      if (jsonMatch) {
+        const parsed = JSON.parse(jsonMatch[0]);
+        intent = {
+          action: parsed.action || "chat_only",
+          amount: parsed.amount_usd,
+          description: parsed.description,
+          confidence: 0.9,
+          rawText: text,
+          metadata: { message: parsed.message }
+        };
+      }
+    } catch {
+      intent = PaymentIntentParser.parse(text);
+    }
+    return { text, intent, raw: data };
+  }
+};
+
+// src/helpers/wallet.ts
+var WalletConnector = class _WalletConnector {
+  static connectedWallet = null;
+  /**
+   * Detect and connect to a Solana wallet
+   */
+  static async detectAndConnect(config = {}) {
+    if (this.connectedWallet && this.connectedWallet.isConnected()) {
+      return this.connectedWallet;
+    }
+    const detected = this.detectWallets();
+    if (detected.length === 0) {
+      if (config.showInstallPrompt !== false) {
+        this.showInstallPrompt();
+      }
+      throw new Error("No Solana wallet detected. Please install Phantom, Solflare, or Backpack.");
+    }
+    let selectedProvider = detected[0];
+    if (config.preferredProvider && detected.includes(config.preferredProvider)) {
+      selectedProvider = config.preferredProvider;
+    }
+    const wallet = await this.connectToProvider(selectedProvider);
+    this.connectedWallet = wallet;
+    return wallet;
+  }
+  /**
+   * Detect available Solana wallets
+   */
+  static detectWallets() {
+    const detected = [];
+    if (typeof window === "undefined") return detected;
+    if (window.solana?.isPhantom) detected.push("phantom");
+    if (window.solflare?.isSolflare) detected.push("solflare");
+    if (window.backpack?.isBackpack) detected.push("backpack");
+    if (window.coinbaseSolana) detected.push("coinbase");
+    if (window.trustwallet?.solana) detected.push("trust");
+    return detected;
+  }
+  /**
+   * Connect to a specific wallet provider
+   */
+  static async connectToProvider(provider) {
+    if (typeof window === "undefined") {
+      throw new Error("Wallet connection only works in browser environment");
+    }
+    let adapter;
+    switch (provider) {
+      case "phantom":
+        adapter = window.solana;
+        if (!adapter?.isPhantom) {
+          throw new Error("Phantom wallet not found");
+        }
+        break;
+      case "solflare":
+        adapter = window.solflare;
+        if (!adapter?.isSolflare) {
+          throw new Error("Solflare wallet not found");
+        }
+        break;
+      case "backpack":
+        adapter = window.backpack;
+        if (!adapter?.isBackpack) {
+          throw new Error("Backpack wallet not found");
+        }
+        break;
+      case "coinbase":
+        adapter = window.coinbaseSolana;
+        if (!adapter) {
+          throw new Error("Coinbase Wallet not found");
+        }
+        break;
+      case "trust":
+        adapter = window.trustwallet?.solana;
+        if (!adapter) {
+          throw new Error("Trust Wallet not found");
+        }
+        break;
+      default:
+        throw new Error(`Unknown wallet provider: ${provider}`);
+    }
+    try {
+      const response = await adapter.connect();
+      const publicKey = response.publicKey || adapter.publicKey;
+      if (!publicKey) {
+        throw new Error("Failed to get wallet public key");
+      }
+      const connectedWallet = {
+        address: publicKey.toString(),
+        provider,
+        publicKey,
+        signTransaction: async (tx) => {
+          return await adapter.signTransaction(tx);
+        },
+        signAllTransactions: async (txs) => {
+          if (adapter.signAllTransactions) {
+            return await adapter.signAllTransactions(txs);
+          }
+          const signed = [];
+          for (const tx of txs) {
+            signed.push(await adapter.signTransaction(tx));
+          }
+          return signed;
+        },
+        signMessage: async (message) => {
+          if (adapter.signMessage) {
+            return await adapter.signMessage(message);
+          }
+          throw new Error(`${provider} does not support message signing`);
+        },
+        disconnect: async () => {
+          if (adapter.disconnect) {
+            await adapter.disconnect();
+          }
+          _WalletConnector.connectedWallet = null;
+        },
+        isConnected: () => {
+          return adapter.isConnected ?? false;
+        },
+        raw: adapter
+      };
+      return connectedWallet;
+    } catch (error) {
+      throw new Error(`Failed to connect to ${provider}: ${error.message}`);
+    }
+  }
+  /**
+   * Sign and submit a transaction
+   */
+  static async signAndSubmit(transaction, wallet, connection) {
+    const signedTx = await wallet.signTransaction(transaction);
+    const signature = await connection.sendRawTransaction(signedTx.serialize(), {
+      skipPreflight: false,
+      preflightCommitment: "confirmed"
+    });
+    return { signature };
+  }
+  /**
+   * Get current connected wallet
+   */
+  static getConnectedWallet() {
+    return this.connectedWallet;
+  }
+  /**
+   * Disconnect current wallet
+   */
+  static async disconnect() {
+    if (this.connectedWallet) {
+      await this.connectedWallet.disconnect();
+      this.connectedWallet = null;
+    }
+  }
+  /**
+   * Listen for wallet connection changes
+   */
+  static onAccountChange(callback) {
+    if (typeof window === "undefined") {
+      return () => {
+      };
+    }
+    const cleanupFns = [];
+    if (window.solana?.on) {
+      window.solana.on("accountChanged", callback);
+      cleanupFns.push(() => {
+        window.solana?.removeListener("accountChanged", callback);
+      });
+    }
+    if (window.solflare?.on) {
+      window.solflare.on("accountChanged", callback);
+      cleanupFns.push(() => {
+        window.solflare?.removeListener("accountChanged", callback);
+      });
+    }
+    return () => {
+      cleanupFns.forEach((fn) => fn());
+    };
+  }
+  /**
+   * Listen for wallet disconnection
+   */
+  static onDisconnect(callback) {
+    if (typeof window === "undefined") {
+      return () => {
+      };
+    }
+    const cleanupFns = [];
+    if (window.solana?.on) {
+      window.solana.on("disconnect", callback);
+      cleanupFns.push(() => {
+        window.solana?.removeListener("disconnect", callback);
+      });
+    }
+    if (window.solflare?.on) {
+      window.solflare.on("disconnect", callback);
+      cleanupFns.push(() => {
+        window.solflare?.removeListener("disconnect", callback);
+      });
+    }
+    return () => {
+      cleanupFns.forEach((fn) => fn());
+    };
+  }
+  /**
+   * Show install prompt UI
+   */
+  static showInstallPrompt() {
+    const message = `
+No Solana wallet detected!
+
+Install one of these wallets:
+\u2022 Phantom: https://phantom.app
+\u2022 Solflare: https://solflare.com
+\u2022 Backpack: https://backpack.app
+    `.trim();
+    console.warn(message);
+    if (typeof window !== "undefined") {
+      const userChoice = window.confirm(
+        "No Solana wallet detected.\n\nWould you like to install Phantom wallet?"
+      );
+      if (userChoice) {
+        window.open("https://phantom.app", "_blank");
+      }
+    }
+  }
+  /**
+   * Check if wallet is installed
+   */
+  static isWalletInstalled(provider) {
+    return this.detectWallets().includes(provider);
+  }
+  /**
+   * Get wallet download URL
+   */
+  static getWalletUrl(provider) {
+    const urls = {
+      phantom: "https://phantom.app",
+      solflare: "https://solflare.com",
+      backpack: "https://backpack.app",
+      coinbase: "https://www.coinbase.com/wallet",
+      trust: "https://trustwallet.com"
+    };
+    return urls[provider];
+  }
+};
+function createWalletHook() {
+  let useState;
+  let useEffect;
+  try {
+    const React = __require("react");
+    useState = React.useState;
+    useEffect = React.useEffect;
+  } catch {
+    throw new Error("React not found. Install react to use wallet hooks.");
+  }
+  return function useWallet() {
+    const [wallet, setWallet] = useState(null);
+    const [connecting, setConnecting] = useState(false);
+    const [error, setError] = useState(null);
+    const connect = async (config) => {
+      setConnecting(true);
+      setError(null);
+      try {
+        const connected = await WalletConnector.detectAndConnect(config);
+        setWallet(connected);
+      } catch (err) {
+        setError(err);
+      } finally {
+        setConnecting(false);
+      }
+    };
+    const disconnect = async () => {
+      await WalletConnector.disconnect();
+      setWallet(null);
+    };
+    useEffect(() => {
+      const cleanup = WalletConnector.onAccountChange((publicKey) => {
+        if (wallet) {
+          setWallet({ ...wallet, publicKey, address: publicKey.toString() });
+        }
+      });
+      return cleanup;
+    }, [wallet]);
+    return {
+      wallet,
+      connecting,
+      error,
+      connect,
+      disconnect,
+      isConnected: wallet !== null
+    };
+  };
+}
+
+// src/helpers/security.ts
+var PINValidator = class {
+  /**
+   * Validate PIN strength and format
+   */
+  static validate(pin) {
+    const errors = [];
+    const suggestions = [];
+    if (!pin || pin.length < 4) {
+      errors.push("PIN must be at least 4 digits");
+    }
+    if (pin.length > 12) {
+      errors.push("PIN must be at most 12 digits");
+    }
+    if (!/^\d+$/.test(pin)) {
+      errors.push("PIN must contain only digits");
+    }
+    if (this.isWeakPattern(pin)) {
+      errors.push("PIN is too simple");
+      suggestions.push("Avoid sequential numbers (1234) or repeated digits (1111)");
+    }
+    let strength = "strong";
+    if (errors.length > 0) {
+      strength = "weak";
+    } else if (pin.length <= 4 || this.hasRepeatedDigits(pin)) {
+      strength = "weak";
+      suggestions.push("Use at least 6 digits for better security");
+    } else if (pin.length <= 6) {
+      strength = "medium";
+      suggestions.push("Use 8+ digits for maximum security");
+    }
+    return {
+      valid: errors.length === 0,
+      strength,
+      errors,
+      suggestions
+    };
+  }
+  /**
+   * Check PIN strength (0-100 score)
+   */
+  static strengthScore(pin) {
+    if (!pin) return 0;
+    let score = 0;
+    score += Math.min(pin.length * 10, 50);
+    const uniqueDigits = new Set(pin).size;
+    score += uniqueDigits * 5;
+    if (!this.isSequential(pin)) {
+      score += 20;
+    }
+    if (!this.hasRepeatedDigits(pin)) {
+      score += 10;
+    }
+    return Math.min(score, 100);
+  }
+  /**
+   * Generate a secure random PIN
+   */
+  static generateSecureRandom(length = 6) {
+    if (length < 4 || length > 12) {
+      throw new Error("PIN length must be between 4 and 12");
+    }
+    const array = new Uint32Array(length);
+    crypto.getRandomValues(array);
+    const pin = Array.from(array).map((num) => num % 10).join("");
+    if (this.isWeakPattern(pin)) {
+      return this.generateSecureRandom(length);
+    }
+    return pin;
+  }
+  /**
+   * Check for weak patterns
+   */
+  static isWeakPattern(pin) {
+    if (this.isSequential(pin)) return true;
+    if (/^(\d)\1+$/.test(pin)) return true;
+    const commonPatterns = [
+      "1234",
+      "4321",
+      "1111",
+      "2222",
+      "3333",
+      "4444",
+      "5555",
+      "6666",
+      "7777",
+      "8888",
+      "9999",
+      "0000",
+      "1212",
+      "2323",
+      "0123",
+      "3210",
+      "9876",
+      "6789"
+    ];
+    return commonPatterns.some((pattern) => pin.includes(pattern));
+  }
+  /**
+   * Check if PIN is sequential
+   */
+  static isSequential(pin) {
+    for (let i = 1; i < pin.length; i++) {
+      const diff = parseInt(pin[i]) - parseInt(pin[i - 1]);
+      if (Math.abs(diff) !== 1) return false;
+    }
+    return true;
+  }
+  /**
+   * Check if PIN has repeated digits
+   */
+  static hasRepeatedDigits(pin) {
+    return /(\d)\1{2,}/.test(pin);
+  }
+  /**
+   * Hash PIN for storage (if needed)
+   * Note: For device-bound keys, the PIN is used for key derivation, not storage
+   */
+  static async hashPIN(pin, salt) {
+    const actualSalt = salt || crypto.getRandomValues(new Uint8Array(16));
+    const encoder = new TextEncoder();
+    const data = encoder.encode(pin + actualSalt);
+    const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+    const hashArray = Array.from(new Uint8Array(hashBuffer));
+    return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+};
+var PINRateLimiter = class {
+  attempts = /* @__PURE__ */ new Map();
+  locked = /* @__PURE__ */ new Map();
+  maxAttempts;
+  windowMs;
+  lockoutMs;
+  constructor(config = {}) {
+    this.maxAttempts = config.maxAttempts || 3;
+    this.windowMs = config.windowMs || 6e4;
+    this.lockoutMs = config.lockoutMs || 3e5;
+  }
+  /**
+   * Check if attempt is allowed
+   */
+  async checkAttempt(sessionKeyId) {
+    const now = Date.now();
+    const lockoutUntil = this.locked.get(sessionKeyId);
+    if (lockoutUntil && now < lockoutUntil) {
+      const lockoutSeconds = Math.ceil((lockoutUntil - now) / 1e3);
+      return {
+        allowed: false,
+        remainingAttempts: 0,
+        lockoutSeconds
+      };
+    }
+    if (lockoutUntil && now >= lockoutUntil) {
+      this.locked.delete(sessionKeyId);
+      this.attempts.delete(sessionKeyId);
+    }
+    const recentAttempts = this.getRecentAttempts(sessionKeyId, now);
+    const remainingAttempts = this.maxAttempts - recentAttempts.length;
+    if (remainingAttempts <= 0) {
+      this.locked.set(sessionKeyId, now + this.lockoutMs);
+      return {
+        allowed: false,
+        remainingAttempts: 0,
+        lockoutSeconds: Math.ceil(this.lockoutMs / 1e3)
+      };
+    }
+    return {
+      allowed: true,
+      remainingAttempts
+    };
+  }
+  /**
+   * Record a failed attempt
+   */
+  recordFailedAttempt(sessionKeyId) {
+    const now = Date.now();
+    const attempts = this.attempts.get(sessionKeyId) || [];
+    attempts.push(now);
+    this.attempts.set(sessionKeyId, attempts);
+  }
+  /**
+   * Record a successful attempt (clears history)
+   */
+  recordSuccessfulAttempt(sessionKeyId) {
+    this.attempts.delete(sessionKeyId);
+    this.locked.delete(sessionKeyId);
+  }
+  /**
+   * Get recent attempts within window
+   */
+  getRecentAttempts(sessionKeyId, now) {
+    const attempts = this.attempts.get(sessionKeyId) || [];
+    const cutoff = now - this.windowMs;
+    const recent = attempts.filter((timestamp) => timestamp > cutoff);
+    if (recent.length !== attempts.length) {
+      this.attempts.set(sessionKeyId, recent);
+    }
+    return recent;
+  }
+  /**
+   * Clear all rate limit data
+   */
+  clear() {
+    this.attempts.clear();
+    this.locked.clear();
+  }
+  /**
+   * Check lockout status
+   */
+  isLockedOut(sessionKeyId) {
+    const lockoutUntil = this.locked.get(sessionKeyId);
+    return lockoutUntil ? Date.now() < lockoutUntil : false;
+  }
+  /**
+   * Get remaining lockout time
+   */
+  getRemainingLockoutTime(sessionKeyId) {
+    const lockoutUntil = this.locked.get(sessionKeyId);
+    if (!lockoutUntil) return 0;
+    return Math.max(0, lockoutUntil - Date.now());
+  }
+};
+var SecureStorage = class {
+  /**
+   * Store data with encryption (basic)
+   * For production, consider using Web Crypto API with user-derived keys
+   */
+  static async setEncrypted(key, value, secret) {
+    const encrypted = await this.encrypt(value, secret);
+    localStorage.setItem(key, JSON.stringify(encrypted));
+  }
+  /**
+   * Retrieve encrypted data
+   */
+  static async getEncrypted(key, secret) {
+    const stored = localStorage.getItem(key);
+    if (!stored) return null;
+    try {
+      const encrypted = JSON.parse(stored);
+      return await this.decrypt(encrypted, secret);
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Encrypt string with AES-GCM
+   */
+  static async encrypt(plaintext, secret) {
+    const encoder = new TextEncoder();
+    const data = encoder.encode(plaintext);
+    const key = await this.deriveKey(secret);
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const encrypted = await crypto.subtle.encrypt(
+      { name: "AES-GCM", iv },
+      key,
+      data
+    );
+    return {
+      ciphertext: btoa(String.fromCharCode(...new Uint8Array(encrypted))),
+      iv: btoa(String.fromCharCode(...iv))
+    };
+  }
+  /**
+   * Decrypt AES-GCM ciphertext
+   */
+  static async decrypt(encrypted, secret) {
+    const key = await this.deriveKey(secret);
+    const iv = Uint8Array.from(atob(encrypted.iv), (c) => c.charCodeAt(0));
+    const ciphertext = Uint8Array.from(atob(encrypted.ciphertext), (c) => c.charCodeAt(0));
+    const decrypted = await crypto.subtle.decrypt(
+      { name: "AES-GCM", iv },
+      key,
+      ciphertext
+    );
+    const decoder = new TextDecoder();
+    return decoder.decode(decrypted);
+  }
+  /**
+   * Derive encryption key from secret
+   */
+  static async deriveKey(secret) {
+    const encoder = new TextEncoder();
+    const keyMaterial = await crypto.subtle.importKey(
+      "raw",
+      encoder.encode(secret),
+      { name: "PBKDF2" },
+      false,
+      ["deriveBits", "deriveKey"]
+    );
+    return await crypto.subtle.deriveKey(
+      {
+        name: "PBKDF2",
+        salt: encoder.encode("zendfi-secure-storage"),
+        iterations: 1e5,
+        hash: "SHA-256"
+      },
+      keyMaterial,
+      { name: "AES-GCM", length: 256 },
+      false,
+      ["encrypt", "decrypt"]
+    );
+  }
+  /**
+   * Clear all secure storage
+   */
+  static clearAll(namespace = "zendfi") {
+    const keysToRemove = [];
+    for (let i = 0; i < localStorage.length; i++) {
+      const key = localStorage.key(i);
+      if (key?.startsWith(namespace)) {
+        keysToRemove.push(key);
+      }
+    }
+    keysToRemove.forEach((key) => localStorage.removeItem(key));
+  }
+};
+
+// src/helpers/polling.ts
+var TransactionPoller = class {
+  /**
+   * Wait for transaction confirmation
+   */
+  static async waitForConfirmation(signature, options = {}) {
+    const {
+      timeout = 6e4,
+      interval = 2e3,
+      maxInterval = 1e4,
+      maxAttempts = 30,
+      commitment = "confirmed",
+      rpcUrl
+    } = options;
+    const startTime = Date.now();
+    let currentInterval = interval;
+    let attempts = 0;
+    while (true) {
+      attempts++;
+      if (Date.now() - startTime > timeout) {
+        return {
+          confirmed: false,
+          signature,
+          error: `Transaction confirmation timeout after ${timeout}ms`
+        };
+      }
+      if (attempts > maxAttempts) {
+        return {
+          confirmed: false,
+          signature,
+          error: `Maximum polling attempts (${maxAttempts}) exceeded`
+        };
+      }
+      try {
+        const status = await this.checkTransactionStatus(signature, commitment, rpcUrl);
+        if (status.confirmed) {
+          return status;
+        }
+        if (status.error) {
+          return status;
+        }
+        await this.sleep(currentInterval);
+        currentInterval = Math.min(currentInterval * 1.5, maxInterval);
+      } catch (error) {
+        await this.sleep(currentInterval);
+        currentInterval = Math.min(currentInterval * 1.5, maxInterval);
+      }
+    }
+  }
+  /**
+   * Check transaction status via RPC
+   */
+  static async checkTransactionStatus(signature, commitment = "confirmed", rpcUrl) {
+    const endpoint = rpcUrl || this.getDefaultRpcUrl();
+    const response = await fetch(endpoint, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: 1,
+        method: "getSignatureStatuses",
+        params: [[signature], { searchTransactionHistory: true }]
+      })
+    });
+    if (!response.ok) {
+      throw new Error(`RPC error: ${response.status} ${response.statusText}`);
+    }
+    const data = await response.json();
+    if (data.error) {
+      return {
+        confirmed: false,
+        signature,
+        error: data.error.message || "RPC error"
+      };
+    }
+    const status = data.result?.value?.[0];
+    if (!status) {
+      return {
+        confirmed: false,
+        signature
+      };
+    }
+    const isConfirmed = this.isCommitmentReached(status, commitment);
+    return {
+      confirmed: isConfirmed,
+      signature,
+      slot: status.slot,
+      confirmations: status.confirmations,
+      error: status.err ? JSON.stringify(status.err) : void 0
+    };
+  }
+  /**
+   * Check if commitment level is reached
+   */
+  static isCommitmentReached(status, commitment) {
+    if (status.err) return false;
+    switch (commitment) {
+      case "processed":
+        return true;
+      // Any status means processed
+      case "confirmed":
+        return status.confirmationStatus === "confirmed" || status.confirmationStatus === "finalized";
+      case "finalized":
+        return status.confirmationStatus === "finalized";
+      default:
+        return false;
+    }
+  }
+  /**
+   * Get default RPC URL based on environment
+   */
+  static getDefaultRpcUrl() {
+    if (typeof window !== "undefined" && window.location) {
+      const hostname = window.location.hostname;
+      if (hostname.includes("localhost") || hostname.includes("dev")) {
+        return "https://api.devnet.solana.com";
+      }
+    }
+    return "https://api.mainnet-beta.solana.com";
+  }
+  /**
+   * Poll multiple transactions in parallel
+   */
+  static async waitForMultiple(signatures, options = {}) {
+    return await Promise.all(
+      signatures.map((sig) => this.waitForConfirmation(sig, options))
+    );
+  }
+  /**
+   * Get transaction details after confirmation
+   */
+  static async getTransactionDetails(signature, rpcUrl) {
+    const endpoint = rpcUrl || this.getDefaultRpcUrl();
+    const response = await fetch(endpoint, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: 1,
+        method: "getTransaction",
+        params: [
+          signature,
+          {
+            encoding: "jsonParsed",
+            commitment: "confirmed",
+            maxSupportedTransactionVersion: 0
+          }
+        ]
+      })
+    });
+    if (!response.ok) {
+      throw new Error(`RPC error: ${response.status}`);
+    }
+    const data = await response.json();
+    if (data.error) {
+      throw new Error(data.error.message || "Failed to get transaction");
+    }
+    return data.result;
+  }
+  /**
+   * Check if transaction exists on chain
+   */
+  static async exists(signature, rpcUrl) {
+    try {
+      const status = await this.checkTransactionStatus(signature, "confirmed", rpcUrl);
+      return status.confirmed || !!status.slot;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Get recent blockhash (useful for transaction building)
+   */
+  static async getRecentBlockhash(rpcUrl) {
+    const endpoint = rpcUrl || this.getDefaultRpcUrl();
+    const response = await fetch(endpoint, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        jsonrpc: "2.0",
+        id: 1,
+        method: "getLatestBlockhash",
+        params: [{ commitment: "finalized" }]
+      })
+    });
+    if (!response.ok) {
+      throw new Error(`RPC error: ${response.status}`);
+    }
+    const data = await response.json();
+    if (data.error) {
+      throw new Error(data.error.message);
+    }
+    return data.result.value;
+  }
+  /**
+   * Sleep utility
+   */
+  static sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+};
+var TransactionMonitor = class {
+  monitors = /* @__PURE__ */ new Map();
+  /**
+   * Start monitoring a transaction
+   */
+  monitor(signature, callbacks, options = {}) {
+    this.stopMonitoring(signature);
+    const { timeout = 6e4, interval = 2e3 } = options;
+    const startTime = Date.now();
+    const intervalId = setInterval(async () => {
+      if (Date.now() - startTime > timeout) {
+        this.stopMonitoring(signature);
+        callbacks.onTimeout?.();
+        return;
+      }
+      try {
+        const status = await TransactionPoller.waitForConfirmation(signature, {
+          ...options,
+          maxAttempts: 1
+          // Single check per interval
+        });
+        if (status.confirmed) {
+          this.stopMonitoring(signature);
+          callbacks.onConfirmed?.(status);
+        } else if (status.error) {
+          this.stopMonitoring(signature);
+          callbacks.onFailed?.(status);
+        }
+      } catch (error) {
+      }
+    }, interval);
+    this.monitors.set(signature, { interval: intervalId, callbacks });
+  }
+  /**
+   * Stop monitoring a transaction
+   */
+  stopMonitoring(signature) {
+    const monitor = this.monitors.get(signature);
+    if (monitor) {
+      clearInterval(monitor.interval);
+      this.monitors.delete(signature);
+    }
+  }
+  /**
+   * Stop all monitors
+   */
+  stopAll() {
+    for (const [signature] of this.monitors) {
+      this.stopMonitoring(signature);
+    }
+  }
+  /**
+   * Get active monitors
+   */
+  getActiveMonitors() {
+    return Array.from(this.monitors.keys());
+  }
+};
+
+// src/helpers/recovery.ts
+var RetryStrategy = class {
+  /**
+   * Execute function with retry logic
+   */
+  static async withRetry(fn, options = {}) {
+    const {
+      maxAttempts = 3,
+      backoffMs = 1e3,
+      backoffMultiplier = 2,
+      maxBackoffMs = 3e4,
+      shouldRetry = () => true,
+      onRetry
+    } = options;
+    let lastError = null;
+    let currentBackoff = backoffMs;
+    for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+      try {
+        return await fn();
+      } catch (error) {
+        lastError = error;
+        if (attempt === maxAttempts || !shouldRetry(error, attempt)) {
+          throw error;
+        }
+        const jitter = Math.random() * 0.3 * currentBackoff;
+        const nextDelay = Math.min(currentBackoff + jitter, maxBackoffMs);
+        onRetry?.(error, attempt, nextDelay);
+        await this.sleep(nextDelay);
+        currentBackoff *= backoffMultiplier;
+      }
+    }
+    throw lastError || new Error("Retry failed");
+  }
+  /**
+   * Retry with linear backoff
+   */
+  static async withLinearRetry(fn, maxAttempts = 3, delayMs = 1e3) {
+    return this.withRetry(fn, {
+      maxAttempts,
+      backoffMs: delayMs,
+      backoffMultiplier: 1
+      // Linear
+    });
+  }
+  /**
+   * Retry with custom backoff function
+   */
+  static async withCustomBackoff(fn, backoffFn, maxAttempts = 3) {
+    let lastError = null;
+    for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+      try {
+        return await fn();
+      } catch (error) {
+        lastError = error;
+        if (attempt === maxAttempts) {
+          throw error;
+        }
+        const delay = backoffFn(attempt);
+        await this.sleep(delay);
+      }
+    }
+    throw lastError || new Error("Retry failed");
+  }
+  /**
+   * Check if error is retryable
+   */
+  static isRetryableError(error) {
+    if (error.name === "NetworkError" || error.message?.includes("network")) {
+      return true;
+    }
+    if (error.name === "TimeoutError" || error.message?.includes("timeout")) {
+      return true;
+    }
+    if (error.status === 429 || error.code === "RATE_LIMIT_EXCEEDED") {
+      return true;
+    }
+    if (error.status >= 500 && error.status < 600) {
+      return true;
+    }
+    if (error.message?.includes("blockhash") || error.message?.includes("recent")) {
+      return true;
+    }
+    return false;
+  }
+  static sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+};
+var ErrorRecovery = class {
+  /**
+   * Recover from network errors with retry
+   */
+  static async recoverFromNetworkError(fn, maxAttempts = 3) {
+    return RetryStrategy.withRetry(fn, {
+      maxAttempts,
+      backoffMs: 2e3,
+      shouldRetry: (error) => {
+        return error.name === "NetworkError" || error.message?.includes("network") || error.message?.includes("fetch");
+      },
+      onRetry: (error, attempt, nextDelay) => {
+        console.warn(
+          `Network error (attempt ${attempt}), retrying in ${nextDelay}ms:`,
+          error.message
+        );
+      }
+    });
+  }
+  /**
+   * Recover from rate limit errors with exponential backoff
+   */
+  static async recoverFromRateLimit(fn, maxAttempts = 5) {
+    return RetryStrategy.withRetry(fn, {
+      maxAttempts,
+      backoffMs: 5e3,
+      // Start with 5 seconds
+      backoffMultiplier: 2,
+      maxBackoffMs: 6e4,
+      // Cap at 1 minute
+      shouldRetry: (error) => {
+        return error.status === 429 || error.code === "RATE_LIMIT_EXCEEDED";
+      },
+      onRetry: (attempt, nextDelay) => {
+        console.warn(
+          `Rate limited (attempt ${attempt}), waiting ${nextDelay}ms before retry`
+        );
+      }
+    });
+  }
+  /**
+   * Recover from Solana RPC errors (blockhash, etc.)
+   */
+  static async recoverFromRPCError(fn, maxAttempts = 3) {
+    return RetryStrategy.withRetry(fn, {
+      maxAttempts,
+      backoffMs: 1e3,
+      shouldRetry: (error) => {
+        const message = error.message?.toLowerCase() || "";
+        return message.includes("blockhash") || message.includes("recent") || message.includes("slot") || message.includes("rpc");
+      },
+      onRetry: (error, attempt, nextDelay) => {
+        console.warn(
+          `RPC error (attempt ${attempt}), retrying in ${nextDelay}ms:`,
+          error.message
+        );
+      }
+    });
+  }
+  /**
+   * Recover from timeout errors
+   */
+  static async recoverFromTimeout(fn, timeoutMs = 3e4, maxAttempts = 2) {
+    return RetryStrategy.withRetry(
+      () => this.withTimeout(fn, timeoutMs),
+      {
+        maxAttempts,
+        backoffMs: 5e3,
+        shouldRetry: (error) => {
+          return error.name === "TimeoutError" || error.message?.includes("timeout");
+        }
+      }
+    );
+  }
+  /**
+   * Add timeout to async function
+   */
+  static async withTimeout(fn, timeoutMs) {
+    return Promise.race([
+      fn(),
+      new Promise((_, reject) => {
+        setTimeout(() => {
+          reject(new Error(`Operation timed out after ${timeoutMs}ms`));
+        }, timeoutMs);
+      })
+    ]);
+  }
+  /**
+   * Circuit breaker pattern for repeated failures
+   */
+  static createCircuitBreaker(fn, options = {}) {
+    const {
+      failureThreshold = 5,
+      resetTimeoutMs = 6e4,
+      onStateChange
+    } = options;
+    let state = "closed";
+    let failureCount = 0;
+    let lastFailureTime = 0;
+    let resetTimer = null;
+    return async () => {
+      if (state === "open" && Date.now() - lastFailureTime > resetTimeoutMs) {
+        state = "half-open";
+        onStateChange?.("half-open");
+      }
+      if (state === "open") {
+        throw new Error("Circuit breaker is OPEN - too many failures");
+      }
+      try {
+        const result = await fn();
+        if (state === "half-open") {
+          state = "closed";
+          onStateChange?.("closed");
+        }
+        failureCount = 0;
+        return result;
+      } catch (error) {
+        failureCount++;
+        lastFailureTime = Date.now();
+        if (failureCount >= failureThreshold) {
+          state = "open";
+          onStateChange?.("open");
+          if (resetTimer) clearTimeout(resetTimer);
+          resetTimer = setTimeout(() => {
+            state = "half-open";
+            onStateChange?.("half-open");
+          }, resetTimeoutMs);
+        }
+        throw error;
+      }
+    };
+  }
+  /**
+   * Fallback to alternative function on error
+   */
+  static async withFallback(primaryFn, fallbackFn, shouldFallback = () => true) {
+    try {
+      return await primaryFn();
+    } catch (error) {
+      if (shouldFallback(error)) {
+        console.warn("Primary function failed, using fallback:", error.message);
+        return await fallbackFn();
+      }
+      throw error;
+    }
+  }
+  /**
+   * Graceful degradation - return partial result on error
+   */
+  static async withGracefulDegradation(fn, defaultValue, onError) {
+    try {
+      return await fn();
+    } catch (error) {
+      onError?.(error);
+      console.warn("Operation failed, returning default value:", error.message);
+      return defaultValue;
+    }
+  }
+};
+
+// src/helpers/lifecycle.ts
+var SessionKeyLifecycle = class {
+  constructor(client, config = {}) {
+    this.client = client;
+    this.config = config;
+    if (config.autoCleanup && typeof window !== "undefined") {
+      window.addEventListener("beforeunload", () => {
+        this.cleanup().catch(console.error);
+      });
+    }
+  }
+  sessionKeyId = null;
+  sessionWallet = null;
+  encryptedKey = null;
+  deviceFingerprint = null;
+  /**
+   * Create and fund session key in one call
+   * Handles: keypair generation → encryption → backend registration → funding
+   */
+  async createAndFund(config) {
+    const fingerprint = this.config.deviceFingerprintProvider ? await this.config.deviceFingerprintProvider() : await this.generateDeviceFingerprint();
+    this.deviceFingerprint = fingerprint;
+    const pin = this.config.pinProvider ? await this.config.pinProvider() : await this.promptForPIN("Create PIN for session key");
+    const { Keypair } = await this.getSolanaWeb3();
+    const { SessionKeyCrypto: SessionKeyCrypto2 } = await import("./device-bound-crypto-VX7SFVHT.mjs");
+    const keypair = Keypair.generate();
+    const encrypted = await SessionKeyCrypto2.encrypt(
+      keypair.secretKey,
+      pin,
+      fingerprint
+    );
+    this.encryptedKey = {
+      ciphertext: encrypted.encryptedData,
+      nonce: encrypted.nonce
+    };
+    const response = await this.client.sessionKeys.createDeviceBound({
+      user_wallet: config.userWallet,
+      agent_id: config.agentId,
+      agent_name: config.agentName,
+      limit_usdc: config.limitUsdc,
+      duration_days: config.durationDays || 7,
+      encrypted_session_key: encrypted.encryptedData,
+      nonce: encrypted.nonce,
+      session_public_key: keypair.publicKey.toBase58(),
+      device_fingerprint: fingerprint
+    });
+    this.sessionKeyId = response.session_key_id;
+    this.sessionWallet = response.session_wallet;
+    if (this.config.cache) {
+      await this.config.cache.getCached(
+        this.sessionKeyId,
+        async () => keypair,
+        { deviceFingerprint: fingerprint }
+      );
+    }
+    if (config.onApprovalNeeded) {
+      const topupResponse = await this.client.sessionKeys.topUp(
+        this.sessionKeyId,
+        {
+          user_wallet: config.userWallet,
+          amount_usdc: config.limitUsdc,
+          device_fingerprint: fingerprint
+        }
+      );
+      await config.onApprovalNeeded(topupResponse.top_up_transaction);
+    }
+    return {
+      sessionKeyId: this.sessionKeyId,
+      sessionWallet: this.sessionWallet
+    };
+  }
+  /**
+   * Make a payment using the session key
+   * Auto-handles caching, PIN prompts, and signing
+   */
+  async pay(amount, description) {
+    if (!this.sessionKeyId) {
+      throw new Error("No active session key. Call createAndFund() first.");
+    }
+    let keypair;
+    if (this.config.cache) {
+      keypair = await this.config.cache.getCached(
+        this.sessionKeyId,
+        async () => {
+          const pin = this.config.pinProvider ? await this.config.pinProvider() : await this.promptForPIN("Enter PIN to sign payment");
+          return await this.decryptKeypair(pin);
+        },
+        { deviceFingerprint: this.deviceFingerprint || void 0 }
+      );
+    } else {
+      const pin = this.config.pinProvider ? await this.config.pinProvider() : await this.promptForPIN("Enter PIN to sign payment");
+      keypair = await this.decryptKeypair(pin);
+    }
+    const paymentResponse = await this.client.smart.execute({
+      user_wallet: this.sessionWallet,
+      // Session wallet, not user wallet
+      amount_usd: amount,
+      description,
+      agent_id: "session-lifecycle",
+      auto_detect_gasless: true
+    });
+    if (paymentResponse.requires_signature && paymentResponse.unsigned_transaction) {
+      const { Transaction: Transaction2 } = await this.getSolanaWeb3();
+      const txBuffer = Uint8Array.from(atob(paymentResponse.unsigned_transaction), (c) => c.charCodeAt(0));
+      const tx = Transaction2.from(txBuffer);
+      tx.partialSign(keypair);
+      const submitUrl = paymentResponse.submit_url || `/api/v1/ai/payments/${paymentResponse.payment_id}/submit-signed`;
+      const submitResponse = await fetch(`${this.client["config"].baseURL}${submitUrl}`, {
+        method: "POST",
+        headers: {
+          "Authorization": `Bearer ${this.client["config"].apiKey}`,
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          signed_transaction: btoa(String.fromCharCode(...tx.serialize()))
+        })
+      });
+      if (!submitResponse.ok) {
+        throw new Error(`Failed to submit signed transaction: ${submitResponse.statusText}`);
+      }
+      const submitData = await submitResponse.json();
+      return {
+        paymentId: paymentResponse.payment_id,
+        status: submitData.status,
+        signature: submitData.transaction_signature,
+        confirmedInMs: submitData.confirmed_in_ms
+      };
+    }
+    return {
+      paymentId: paymentResponse.payment_id,
+      status: paymentResponse.status,
+      signature: paymentResponse.transaction_signature,
+      confirmedInMs: paymentResponse.confirmed_in_ms
+    };
+  }
+  /**
+   * Check session key status
+   */
+  async getStatus() {
+    if (!this.sessionKeyId) {
+      throw new Error("No active session key");
+    }
+    return await this.client.sessionKeys.getStatus(this.sessionKeyId);
+  }
+  /**
+   * Top up session key
+   */
+  async topUp(amount, userWallet, onApprovalNeeded) {
+    if (!this.sessionKeyId || !this.deviceFingerprint) {
+      throw new Error("No active session key");
+    }
+    const response = await this.client.sessionKeys.topUp(
+      this.sessionKeyId,
+      {
+        user_wallet: userWallet,
+        amount_usdc: amount,
+        device_fingerprint: this.deviceFingerprint
+      }
+    );
+    if (onApprovalNeeded) {
+      await onApprovalNeeded(response.top_up_transaction);
+    }
+  }
+  /**
+   * Revoke session key
+   */
+  async revoke() {
+    if (!this.sessionKeyId) {
+      throw new Error("No active session key");
+    }
+    await this.client.sessionKeys.revoke(this.sessionKeyId);
+    await this.cleanup();
+  }
+  /**
+   * Cleanup (clear cache, reset state)
+   */
+  async cleanup() {
+    if (this.config.cache && this.sessionKeyId) {
+      await this.config.cache.invalidate(this.sessionKeyId);
+    }
+    this.sessionKeyId = null;
+    this.sessionWallet = null;
+    this.encryptedKey = null;
+    this.deviceFingerprint = null;
+  }
+  /**
+   * Get current session key ID
+   */
+  getSessionKeyId() {
+    return this.sessionKeyId;
+  }
+  /**
+   * Check if session is active
+   */
+  isActive() {
+    return this.sessionKeyId !== null;
+  }
+  // ============================================
+  // Private Helpers
+  // ============================================
+  async decryptKeypair(pin) {
+    if (!this.encryptedKey || !this.deviceFingerprint) {
+      throw new Error("No encrypted key available");
+    }
+    const { SessionKeyCrypto: SessionKeyCrypto2 } = await import("./device-bound-crypto-VX7SFVHT.mjs");
+    const encrypted = {
+      encryptedData: this.encryptedKey.ciphertext,
+      nonce: this.encryptedKey.nonce,
+      publicKey: "",
+      // Not needed for decryption
+      deviceFingerprint: this.deviceFingerprint,
+      version: "argon2id-aes256gcm-v1"
+    };
+    return await SessionKeyCrypto2.decrypt(encrypted, pin, this.deviceFingerprint);
+  }
+  async generateDeviceFingerprint() {
+    const { DeviceFingerprintGenerator: DeviceFingerprintGenerator2 } = await import("./device-bound-crypto-VX7SFVHT.mjs");
+    const fingerprint = await DeviceFingerprintGenerator2.generate();
+    return fingerprint.fingerprint;
+  }
+  async promptForPIN(message) {
+    if (typeof window !== "undefined" && window.prompt) {
+      const pin = window.prompt(message);
+      if (!pin) {
+        throw new Error("PIN required");
+      }
+      return pin;
+    }
+    throw new Error("PIN provider not configured and no browser prompt available");
+  }
+  async getSolanaWeb3() {
+    try {
+      return await import("@solana/web3.js");
+    } catch {
+      throw new Error("@solana/web3.js not installed. Install it to use device-bound payments.");
+    }
+  }
+};
+async function setupQuickSessionKey(client, config) {
+  const { SessionKeyCache: SessionKeyCache2 } = await import("./cache-T5YPC7OK.mjs");
+  const lifecycle = new SessionKeyLifecycle(client, {
+    cache: new SessionKeyCache2({ storage: "localStorage", ttl: 36e5 }),
+    autoCleanup: true
+  });
+  await lifecycle.createAndFund({
+    userWallet: config.userWallet,
+    agentId: config.agentId,
+    limitUsdc: config.budgetUsdc,
+    onApprovalNeeded: config.onApproval
+  });
+  return lifecycle;
+}
+
+// src/helpers/dev.ts
+var DevTools = class {
+  static debugEnabled = false;
+  static requestLog = [];
+  /**
+   * Enable debug mode (logs all API requests/responses)
+   */
+  static enableDebugMode() {
+    if (this.isDevelopment()) {
+      this.debugEnabled = true;
+      console.log("\u{1F527} ZendFi Debug Mode: ENABLED");
+      console.log("All API requests will be logged to console");
+    } else {
+      console.warn("Debug mode can only be enabled in development environment");
+    }
+  }
+  /**
+   * Disable debug mode
+   */
+  static disableDebugMode() {
+    this.debugEnabled = false;
+    console.log("\u{1F527} ZendFi Debug Mode: DISABLED");
+  }
+  /**
+   * Check if debug mode is enabled
+   */
+  static isDebugEnabled() {
+    return this.debugEnabled;
+  }
+  /**
+   * Log API request
+   */
+  static logRequest(method, url, body) {
+    if (!this.debugEnabled) return;
+    const timestamp = /* @__PURE__ */ new Date();
+    console.group(`\u{1F4E4} API Request: ${method} ${url}`);
+    console.log("Time:", timestamp.toISOString());
+    if (body) {
+      console.log("Body:", body);
+    }
+    console.groupEnd();
+    this.requestLog.push({ timestamp, method, url });
+  }
+  /**
+   * Log API response
+   */
+  static logResponse(method, url, status, data, duration) {
+    if (!this.debugEnabled) return;
+    const emoji = status >= 200 && status < 300 ? "\u2705" : "\u274C";
+    console.group(`${emoji} API Response: ${method} ${url} [${status}]`);
+    if (duration) {
+      console.log("Duration:", `${duration}ms`);
+    }
+    console.log("Data:", data);
+    console.groupEnd();
+    const lastRequest = this.requestLog[this.requestLog.length - 1];
+    if (lastRequest && lastRequest.method === method && lastRequest.url === url) {
+      lastRequest.status = status;
+      lastRequest.duration = duration;
+    }
+  }
+  /**
+   * Get request log
+   */
+  static getRequestLog() {
+    return [...this.requestLog];
+  }
+  /**
+   * Clear request log
+   */
+  static clearRequestLog() {
+    this.requestLog = [];
+    console.log("\u{1F5D1}\uFE0F Request log cleared");
+  }
+  /**
+   * Create a test session key (devnet only)
+   */
+  static async createTestSessionKey() {
+    if (!this.isDevelopment()) {
+      throw new Error("Test session keys can only be created in development");
+    }
+    const { Keypair } = await this.getSolanaWeb3();
+    const keypair = Keypair.generate();
+    return {
+      sessionKeyId: this.generateTestId("sk_test"),
+      sessionWallet: keypair.publicKey.toString(),
+      privateKey: keypair.secretKey,
+      budget: 10
+      // $10 test budget
+    };
+  }
+  /**
+   * Create a mock wallet for testing
+   */
+  static mockWallet(address) {
+    const mockAddress = address || this.generateTestAddress();
+    return {
+      address: mockAddress,
+      publicKey: { toString: () => mockAddress },
+      signTransaction: async (tx) => {
+        console.log("\u{1F527} Mock wallet: Signing transaction");
+        return tx;
+      },
+      signMessage: async (_msg) => {
+        console.log("\u{1F527} Mock wallet: Signing message");
+        return {
+          signature: new Uint8Array(64)
+          // Mock signature
+        };
+      },
+      isConnected: () => true,
+      disconnect: async () => {
+        console.log("\u{1F527} Mock wallet: Disconnected");
+      }
+    };
+  }
+  /**
+   * Log transaction flow (visual diagram in console)
+   */
+  static logTransactionFlow(paymentId) {
+    console.log(`
+\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557
+\u2551                    TRANSACTION FLOW                            \u2551
+\u2560\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2563
+\u2551                                                                \u2551
+\u2551  Payment ID: ${paymentId}                                      \u2551
+\u2551                                                                \u2551
+\u2551  1. \u{1F3D7}\uFE0F  Create Payment Intent                                 \u2551
+\u2551      \u2514\u2500> POST /api/v1/ai/smart-payment                        \u2551
+\u2551                                                                \u2551
+\u2551  2. \u{1F510} Sign Transaction (Device-Bound)                        \u2551
+\u2551      \u2514\u2500> Client-side signing with cached keypair             \u2551
+\u2551                                                                \u2551
+\u2551  3. \u{1F4E4} Submit Signed Transaction                              \u2551
+\u2551      \u2514\u2500> POST /api/v1/ai/payments/{id}/submit-signed         \u2551
+\u2551                                                                \u2551
+\u2551  4. \u23F3 Wait for Blockchain Confirmation                       \u2551
+\u2551      \u2514\u2500> Poll Solana RPC (~30-60 seconds)                    \u2551
+\u2551                                                                \u2551
+\u2551  5. \u2705 Payment Confirmed                                      \u2551
+\u2551      \u2514\u2500> Webhook fired: payment.confirmed                    \u2551
+\u2551                                                                \u2551
+\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D
+    `);
+  }
+  /**
+   * Log session key lifecycle
+   */
+  static logSessionKeyLifecycle(sessionKeyId) {
+    console.log(`
+\u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557
+\u2551                  SESSION KEY LIFECYCLE                        \u2551
+\u2560\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2563
+\u2551                                                               \u2551
+\u2551  Session Key ID: ${sessionKeyId}                              \u2551
+\u2551                                                               \u2551
+\u2551  Phase 1: CREATION                                            \u2551
+\u2551  \u251C\u2500 Generate keypair (client-side)                            \u2551
+\u2551  \u251C\u2500 Encrypt with PIN + device fingerprint                     \u2551
+\u2551  \u251C\u2500 Send encrypted blob to backend                            \u2551
+\u2551  \u2514\u2500 Session key record created                                \u2551
+\u2551                                                               \u2551
+\u2551  Phase 2: FUNDING                                             \u2551
+\u2551  \u251C\u2500 Create top-up transaction                                 \u2551
+\u2551  \u251C\u2500 User signs with main wallet                               \u2551
+\u2551  \u251C\u2500 Submit to Solana                                          \u2551
+\u2551  \u2514\u2500 Session wallet funded                                     \u2551
+\u2551                                                               \u2551
+\u2551  Phase 3: USAGE                                               \u2551
+\u2551  \u251C\u2500 Decrypt keypair with PIN                                  \u2551
+\u2551  \u251C\u2500 Cache for 30min/1hr/24hr                                  \u2551
+\u2551  \u251C\u2500 Sign payments automatically                               \u2551
+\u2551  \u2514\u2500 Track spending against limit                              \u2551
+\u2551                                                               \u2551
+\u2551  Phase 4: REVOCATION                                          \u2551
+\u2551  \u251C\u2500 Mark as inactive in DB                                    \u2551
+\u2551  \u251C\u2500 Clear local cache                                         \u2551
+\u2551  \u2514\u2500 Remaining funds locked                                    \u2551
+\u2551                                                               \u2551
+\u255A\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u255D
+    `);
+  }
+  /**
+   * Benchmark API request
+   */
+  static async benchmarkRequest(name, fn) {
+    const start = performance.now();
+    const result = await fn();
+    const duration = performance.now() - start;
+    console.log(`\u23F1\uFE0F Benchmark [${name}]: ${duration.toFixed(2)}ms`);
+    return {
+      result,
+      durationMs: duration
+    };
+  }
+  /**
+   * Stress test (send multiple concurrent requests)
+   */
+  static async stressTest(name, fn, concurrency = 10, iterations = 100) {
+    console.log(`\u{1F525} Stress Test: ${name}`);
+    console.log(`Concurrency: ${concurrency}, Iterations: ${iterations}`);
+    const durations = [];
+    let successful = 0;
+    let failed = 0;
+    for (let i = 0; i < iterations; i += concurrency) {
+      const batch = Array(Math.min(concurrency, iterations - i)).fill(null).map(() => this.benchmarkRequest(`${name}-${i}`, fn));
+      const results = await Promise.allSettled(batch);
+      results.forEach((result) => {
+        if (result.status === "fulfilled") {
+          successful++;
+          durations.push(result.value.durationMs);
+        } else {
+          failed++;
+        }
+      });
+    }
+    const stats = {
+      totalRequests: iterations,
+      successful,
+      failed,
+      avgDurationMs: durations.reduce((a, b) => a + b, 0) / durations.length,
+      minDurationMs: Math.min(...durations),
+      maxDurationMs: Math.max(...durations)
+    };
+    console.table(stats);
+    return stats;
+  }
+  /**
+   * Inspect ZendFi SDK configuration
+   */
+  static inspectConfig(client) {
+    console.group("\u{1F50D} ZendFi SDK Configuration");
+    console.log("Base URL:", client.config?.baseURL || "Unknown");
+    console.log("API Key:", client.config?.apiKey ? `${client.config.apiKey.slice(0, 10)}...` : "Not set");
+    console.log("Mode:", client.config?.mode || "Unknown");
+    console.log("Environment:", client.config?.environment || "Unknown");
+    console.log("Timeout:", client.config?.timeout || "Default");
+    console.groupEnd();
+  }
+  /**
+   * Generate test data
+   */
+  static generateTestData() {
+    return {
+      userWallet: this.generateTestAddress(),
+      agentId: `test-agent-${Date.now()}`,
+      sessionKeyId: this.generateTestId("sk_test"),
+      paymentId: this.generateTestId("pay_test")
+    };
+  }
+  /**
+   * Check if running in development environment
+   */
+  static isDevelopment() {
+    if (typeof process !== "undefined" && process.env) {
+      return process.env.NODE_ENV === "development" || process.env.NODE_ENV === "test";
+    }
+    if (typeof window !== "undefined" && window.location) {
+      return window.location.hostname === "localhost" || window.location.hostname.includes("dev") || window.location.hostname.includes("staging");
+    }
+    return false;
+  }
+  /**
+   * Generate test Solana address
+   */
+  static generateTestAddress() {
+    const chars = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+    let address = "";
+    for (let i = 0; i < 44; i++) {
+      address += chars[Math.floor(Math.random() * chars.length)];
+    }
+    return address;
+  }
+  /**
+   * Generate test ID with prefix
+   */
+  static generateTestId(prefix) {
+    const id = Array(32).fill(null).map(() => Math.floor(Math.random() * 16).toString(16)).join("");
+    return `${prefix}_${id}`;
+  }
+  /**
+   * Get Solana Web3.js
+   */
+  static async getSolanaWeb3() {
+    try {
+      return await import("@solana/web3.js");
+    } catch {
+      throw new Error("@solana/web3.js not installed");
+    }
+  }
+};
+var PerformanceMonitor = class {
+  metrics = /* @__PURE__ */ new Map();
+  /**
+   * Record a metric
+   */
+  record(name, value) {
+    const values = this.metrics.get(name) || [];
+    values.push(value);
+    this.metrics.set(name, values);
+  }
+  /**
+   * Get statistics for a metric
+   */
+  getStats(name) {
+    const values = this.metrics.get(name);
+    if (!values || values.length === 0) return null;
+    const sorted = [...values].sort((a, b) => a - b);
+    const count = values.length;
+    return {
+      count,
+      avg: values.reduce((a, b) => a + b, 0) / count,
+      min: sorted[0],
+      max: sorted[count - 1],
+      p50: sorted[Math.floor(count * 0.5)],
+      p95: sorted[Math.floor(count * 0.95)],
+      p99: sorted[Math.floor(count * 0.99)]
+    };
+  }
+  /**
+   * Get all metrics
+   */
+  getAllStats() {
+    const stats = {};
+    for (const [name] of this.metrics) {
+      stats[name] = this.getStats(name);
+    }
+    return stats;
+  }
+  /**
+   * Print report
+   */
+  printReport() {
+    console.table(this.getAllStats());
+  }
+  /**
+   * Clear all metrics
+   */
+  clear() {
+    this.metrics.clear();
+  }
+};
 export {
   AgentAPI,
+  AnthropicAdapter,
   ApiError,
   AuthenticationError2 as AuthenticationError,
   AutonomyAPI,
   ConfigLoader,
+  DevTools,
   DeviceBoundSessionKey,
   DeviceFingerprintGenerator,
   ERROR_CODES,
+  ErrorRecovery,
+  GeminiAdapter,
   InterceptorManager,
   LitCryptoSigner,
   NetworkError2 as NetworkError,
+  OpenAIAdapter,
+  PINRateLimiter,
+  PINValidator,
   PaymentError,
+  PaymentIntentParser,
   PaymentIntentsAPI,
+  PerformanceMonitor,
   PricingAPI,
+  QuickCaches,
   RateLimitError2 as RateLimitError,
   RateLimiter,
   RecoveryQRGenerator,
+  RetryStrategy,
   SPENDING_LIMIT_ACTION_CID,
+  SecureStorage,
+  SessionKeyCache,
   SessionKeyCrypto,
+  SessionKeyLifecycle,
   SessionKeysAPI,
   SmartPaymentsAPI,
+  TransactionMonitor,
+  TransactionPoller,
   ValidationError2 as ValidationError,
+  WalletConnector,
   WebhookError,
   ZendFiClient,
   ZendFiError2 as ZendFiError,
@@ -3485,6 +5078,7 @@ export {
   asPaymentLinkCode,
   asSessionId,
   asSubscriptionId,
+  createWalletHook,
   createZendFiError,
   decodeSignatureFromLit,
   encodeTransactionForLit,
@@ -3492,6 +5086,7 @@ export {
   isZendFiError,
   processWebhook,
   requiresLitSigning,
+  setupQuickSessionKey,
   sleep,
   verifyExpressWebhook,
   verifyNextWebhook,