@zubari/sdk 0.2.8 → 0.3.1

package/dist/react/index.js

@@ -2,14 +2,14 @@
 
 var react = require('react');
 var ethers = require('ethers');
-var viem = require('viem');
-var chains = require('viem/chains');
 var bip39 = require('@scure/bip39');
 var english = require('@scure/bip39/wordlists/english');
 var bip32 = require('@scure/bip32');
 var base = require('@scure/base');
 var sha256 = require('@noble/hashes/sha256');
 var ripemd160 = require('@noble/hashes/ripemd160');
+var viem = require('viem');
+var chains = require('viem/chains');
 
 // src/react/useWalletManager.ts
 
@@ -133,1038 +133,1038 @@ function getNetworkConfig(network, isTestnet = false) {
   };
 }
 
-// src/security/KeyManager.ts
-var KeyManager = class {
-  static ALGORITHM = "AES-GCM";
-  static KEY_LENGTH = 256;
-  static IV_LENGTH = 12;
-  static SALT_LENGTH = 16;
-  static PBKDF2_ITERATIONS = 1e5;
-  /**
-   * Encrypt a seed phrase with a password
-   */
-  static async encryptSeed(seed, password) {
-    const encoder = new TextEncoder();
-    const seedData = encoder.encode(seed);
-    const salt = crypto.getRandomValues(new Uint8Array(this.SALT_LENGTH));
-    const iv = crypto.getRandomValues(new Uint8Array(this.IV_LENGTH));
-    const key = await this.deriveKey(password, salt);
-    const encrypted = await crypto.subtle.encrypt(
-      { name: this.ALGORITHM, iv },
-      key,
-      seedData
-    );
-    const combined = new Uint8Array(salt.length + iv.length + encrypted.byteLength);
-    combined.set(salt, 0);
-    combined.set(iv, salt.length);
-    combined.set(new Uint8Array(encrypted), salt.length + iv.length);
-    return btoa(String.fromCharCode(...combined));
+// src/services/WdkApiClient.ts
+var WdkApiClient = class {
+  config;
+  constructor(config) {
+    this.config = {
+      baseUrl: config.baseUrl,
+      timeout: config.timeout || 3e4
+    };
   }
   /**
-   * Decrypt a seed phrase with a password
+   * Generate a new BIP-39 seed phrase using Tether WDK
    */
-  static async decryptSeed(encryptedData, password) {
-    const combined = new Uint8Array(
-      atob(encryptedData).split("").map((c) => c.charCodeAt(0))
-    );
-    const salt = combined.slice(0, this.SALT_LENGTH);
-    const iv = combined.slice(this.SALT_LENGTH, this.SALT_LENGTH + this.IV_LENGTH);
-    const encrypted = combined.slice(this.SALT_LENGTH + this.IV_LENGTH);
-    const key = await this.deriveKey(password, salt);
-    const decrypted = await crypto.subtle.decrypt(
-      { name: this.ALGORITHM, iv },
-      key,
-      encrypted
-    );
-    const decoder = new TextDecoder();
-    return decoder.decode(decrypted);
+  async generateSeed() {
+    try {
+      const response = await fetch(`${this.config.baseUrl}/api/wallets/wdk/generate-seed`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        }
+      });
+      return await response.json();
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Failed to generate seed"
+      };
+    }
   }
   /**
-   * Derive encryption key from password using PBKDF2
+   * Validate a BIP-39 seed phrase
    */
-  static async deriveKey(password, salt) {
-    const encoder = new TextEncoder();
-    const passwordData = encoder.encode(password);
-    const keyMaterial = await crypto.subtle.importKey(
-      "raw",
-      passwordData,
-      "PBKDF2",
-      false,
-      ["deriveKey"]
-    );
-    return crypto.subtle.deriveKey(
-      {
-        name: "PBKDF2",
-        salt: salt.buffer.slice(salt.byteOffset, salt.byteOffset + salt.byteLength),
-        iterations: this.PBKDF2_ITERATIONS,
-        hash: "SHA-256"
-      },
-      keyMaterial,
-      { name: this.ALGORITHM, length: this.KEY_LENGTH },
-      false,
-      ["encrypt", "decrypt"]
-    );
+  async validateSeed(seed) {
+    try {
+      const response = await fetch(`${this.config.baseUrl}/api/wallets/wdk/validate-seed`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({ seed })
+      });
+      return await response.json();
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Failed to validate seed"
+      };
+    }
   }
   /**
-   * Validate a BIP-39 seed phrase (basic validation)
+   * Derive address for a specific chain using Tether WDK
    */
-  static validateSeedPhrase(seed) {
-    const words = seed.trim().split(/\s+/);
-    const validWordCounts = [12, 15, 18, 21, 24];
-    return validWordCounts.includes(words.length);
+  async deriveAddress(seed, chain, network = "testnet") {
+    try {
+      const response = await fetch(`${this.config.baseUrl}/api/wallets/wdk/derive-address`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({ seed, chain, network })
+      });
+      return await response.json();
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Failed to derive address"
+      };
+    }
   }
   /**
-   * Generate a random encryption key (for backup purposes)
+   * Derive addresses for all chains using Tether WDK
    */
-  static generateBackupKey() {
-    const bytes = crypto.getRandomValues(new Uint8Array(32));
-    return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
-  }
-};
-
-// src/storage/SecureStorage.ts
-var KeychainStorageAdapter = class {
-  serviceName;
-  constructor(serviceName = "com.zubari.wallet") {
-    this.serviceName = serviceName;
-  }
-  async setItem(key, value) {
-    if (typeof global !== "undefined" && global.KeychainModule) {
-      await global.KeychainModule.setItem(this.serviceName, key, value);
-    } else {
-      throw new Error("Keychain not available on this platform");
+  async deriveAllAddresses(seed, network = "testnet") {
+    try {
+      const response = await fetch(`${this.config.baseUrl}/api/wallets/wdk/derive-all`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({ seed, network })
+      });
+      return await response.json();
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Failed to derive addresses"
+      };
     }
   }
-  async getItem(key) {
-    if (typeof global !== "undefined" && global.KeychainModule) {
-      return global.KeychainModule.getItem(this.serviceName, key);
+  /**
+   * Send a transaction on a specific chain using Tether WDK
+   */
+  async sendTransaction(seed, chain, to, amount, network = "testnet") {
+    try {
+      const response = await fetch(`${this.config.baseUrl}/api/wallets/wdk/send`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({ seed, chain, to, amount, network })
+      });
+      return await response.json();
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Failed to send transaction"
+      };
     }
-    throw new Error("Keychain not available on this platform");
   }
-  async removeItem(key) {
-    if (typeof global !== "undefined" && global.KeychainModule) {
-      await global.KeychainModule.removeItem(this.serviceName, key);
-    } else {
-      throw new Error("Keychain not available on this platform");
+  /**
+   * Get transaction history for an address on a specific chain
+   * Fetches from blockchain explorers (Etherscan, mempool.space, etc.)
+   */
+  async getTransactionHistory(seed, chain, network = "testnet", limit = 10) {
+    try {
+      const response = await fetch(`${this.config.baseUrl}/api/wallets/wdk/history`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({ seed, chain, network, limit })
+      });
+      return await response.json();
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Failed to get transaction history"
+      };
     }
   }
-  async hasItem(key) {
-    const value = await this.getItem(key);
-    return value !== null;
-  }
-  async clear() {
-    if (typeof global !== "undefined" && global.KeychainModule) {
-      await global.KeychainModule.clear(this.serviceName);
-    } else {
-      throw new Error("Keychain not available on this platform");
+  /**
+   * Get transaction status by hash
+   * Fetches from blockchain explorers to check confirmation status
+   */
+  async getTransactionStatus(txHash, chain, network = "testnet") {
+    try {
+      const response = await fetch(`${this.config.baseUrl}/api/wallets/wdk/tx-status`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({ txHash, chain, network })
+      });
+      return await response.json();
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Failed to get transaction status"
+      };
     }
   }
 };
-var KeystoreStorageAdapter = class {
-  alias;
-  constructor(alias = "zubari_wallet_keys") {
-    this.alias = alias;
+var DEFAULT_API_URL = process.env.NEXT_PUBLIC_API_URL || "https://ckgwifsxka.us-east-2.awsapprunner.com";
+var wdkApiClient = null;
+function getWdkApiClient(baseUrl) {
+  if (!wdkApiClient || baseUrl && wdkApiClient["config"].baseUrl !== baseUrl) {
+    wdkApiClient = new WdkApiClient({
+      baseUrl: baseUrl || DEFAULT_API_URL
+    });
   }
-  async setItem(key, value) {
-    if (typeof global !== "undefined" && global.KeystoreModule) {
-      await global.KeystoreModule.setItem(this.alias, key, value);
-    } else {
-      throw new Error("Keystore not available on this platform");
-    }
-  }
-  async getItem(key) {
-    if (typeof global !== "undefined" && global.KeystoreModule) {
-      return global.KeystoreModule.getItem(this.alias, key);
-    }
-    throw new Error("Keystore not available on this platform");
-  }
-  async removeItem(key) {
-    if (typeof global !== "undefined" && global.KeystoreModule) {
-      await global.KeystoreModule.removeItem(this.alias, key);
-    } else {
-      throw new Error("Keystore not available on this platform");
-    }
-  }
-  async hasItem(key) {
-    const value = await this.getItem(key);
-    return value !== null;
-  }
-  async clear() {
-    if (typeof global !== "undefined" && global.KeystoreModule) {
-      await global.KeystoreModule.clear(this.alias);
-    } else {
-      throw new Error("Keystore not available on this platform");
+  return wdkApiClient;
+}
+var DERIVATION_PATHS2 = {
+  ethereum: "m/44'/60'/0'/0/0",
+  bitcoin_mainnet: "m/84'/0'/0'/0/0",
+  bitcoin_testnet: "m/84'/1'/0'/0/0",
+  ton: "m/44'/607'/0'/0'/0'",
+  tron: "m/44'/195'/0'/0/0",
+  solana: "m/44'/501'/0'/0'",
+  spark: "m/44'/998'/0'/0/0"
+};
+function deriveEthereumAddress(seed) {
+  const hdNode = ethers.HDNodeWallet.fromPhrase(seed, void 0, DERIVATION_PATHS2.ethereum);
+  return hdNode.address;
+}
+function deriveBitcoinAddress(seed, network = "testnet") {
+  try {
+    const seedBytes = bip39.mnemonicToSeedSync(seed);
+    const hdKey = bip32.HDKey.fromMasterSeed(seedBytes);
+    const path = network === "testnet" ? DERIVATION_PATHS2.bitcoin_testnet : DERIVATION_PATHS2.bitcoin_mainnet;
+    const child = hdKey.derive(path);
+    if (!child.publicKey) {
+      throw new Error("Failed to derive public key");
     }
+    const pubKeyHash = ripemd160.ripemd160(sha256.sha256(child.publicKey));
+    const witnessVersion = 0;
+    const words = base.bech32.toWords(pubKeyHash);
+    words.unshift(witnessVersion);
+    const hrp = network === "testnet" ? "tb" : "bc";
+    const address = base.bech32.encode(hrp, words);
+    return address;
+  } catch (error) {
+    console.error("Bitcoin address derivation failed:", error);
+    throw error;
   }
-};
-var WebEncryptedStorageAdapter = class {
-  encryptionKey = null;
-  storagePrefix;
-  constructor(storagePrefix = "zubari_") {
-    this.storagePrefix = storagePrefix;
+}
+async function deriveSolanaAddress(seed) {
+  try {
+    const [ed25519, nacl, bs58Module] = await Promise.all([
+      import('ed25519-hd-key'),
+      import('tweetnacl'),
+      import('bs58')
+    ]);
+    const bs58 = bs58Module.default || bs58Module;
+    const seedBytes = bip39.mnemonicToSeedSync(seed);
+    const derived = ed25519.derivePath(DERIVATION_PATHS2.solana, Buffer.from(seedBytes).toString("hex"));
+    const keypair = nacl.sign.keyPair.fromSeed(new Uint8Array(derived.key));
+    return bs58.encode(keypair.publicKey);
+  } catch (error) {
+    console.error("Solana address derivation failed:", error);
+    throw error;
   }
-  /**
-   * Initialize with a password-derived key
-   */
-  async initialize(password) {
-    const encoder = new TextEncoder();
-    const salt = this.getSalt();
-    const keyMaterial = await crypto.subtle.importKey(
-      "raw",
-      encoder.encode(password),
-      "PBKDF2",
-      false,
-      ["deriveKey"]
-    );
-    this.encryptionKey = await crypto.subtle.deriveKey(
-      {
-        name: "PBKDF2",
-        salt: salt.buffer,
-        iterations: 1e5,
-        hash: "SHA-256"
-      },
-      keyMaterial,
-      { name: "AES-GCM", length: 256 },
-      false,
-      ["encrypt", "decrypt"]
-    );
+}
+async function deriveTonAddress(seed) {
+  try {
+    const [ed25519, nacl] = await Promise.all([
+      import('ed25519-hd-key'),
+      import('tweetnacl')
+    ]);
+    const seedBytes = bip39.mnemonicToSeedSync(seed);
+    const derived = ed25519.derivePath(DERIVATION_PATHS2.ton, Buffer.from(seedBytes).toString("hex"));
+    const keypair = nacl.sign.keyPair.fromSeed(new Uint8Array(derived.key));
+    const publicKey = keypair.publicKey;
+    const workchain = 0;
+    const flags = 17;
+    const hash = sha256.sha256(publicKey);
+    const addressData = new Uint8Array(34);
+    addressData[0] = flags;
+    addressData[1] = workchain;
+    addressData.set(hash, 2);
+    const crc = crc16(addressData);
+    const fullAddress = new Uint8Array(36);
+    fullAddress.set(addressData);
+    fullAddress[34] = crc >> 8 & 255;
+    fullAddress[35] = crc & 255;
+    const base64 = btoa(String.fromCharCode(...fullAddress)).replace(/\+/g, "-").replace(/\//g, "_");
+    return base64;
+  } catch (error) {
+    console.error("TON address derivation failed:", error);
+    throw error;
   }
-  getSalt() {
-    const saltKey = `${this.storagePrefix}salt`;
-    let saltHex = localStorage.getItem(saltKey);
-    if (!saltHex) {
-      const salt = crypto.getRandomValues(new Uint8Array(16));
-      saltHex = Array.from(salt).map((b) => b.toString(16).padStart(2, "0")).join("");
-      localStorage.setItem(saltKey, saltHex);
+}
+function crc16(data) {
+  let crc = 0;
+  for (const byte of data) {
+    crc ^= byte << 8;
+    for (let i = 0; i < 8; i++) {
+      crc = crc & 32768 ? crc << 1 ^ 4129 : crc << 1;
+      crc &= 65535;
     }
-    return new Uint8Array(
-      saltHex.match(/.{1,2}/g).map((byte) => parseInt(byte, 16))
-    );
   }
-  async setItem(key, value) {
-    if (!this.encryptionKey) {
-      throw new Error("Storage not initialized. Call initialize() first.");
+  return crc;
+}
+function deriveTronAddress(seed) {
+  try {
+    const hdNode = ethers.HDNodeWallet.fromPhrase(seed, void 0, DERIVATION_PATHS2.tron);
+    const ethAddressHex = hdNode.address.slice(2).toLowerCase();
+    const addressBytes = new Uint8Array(21);
+    addressBytes[0] = 65;
+    for (let i = 0; i < 20; i++) {
+      addressBytes[i + 1] = parseInt(ethAddressHex.slice(i * 2, i * 2 + 2), 16);
     }
-    const encoder = new TextEncoder();
-    const iv = crypto.getRandomValues(new Uint8Array(12));
-    const encrypted = await crypto.subtle.encrypt(
-      { name: "AES-GCM", iv },
-      this.encryptionKey,
-      encoder.encode(value)
-    );
-    const combined = new Uint8Array(iv.length + encrypted.byteLength);
-    combined.set(iv);
-    combined.set(new Uint8Array(encrypted), iv.length);
-    const base64 = btoa(String.fromCharCode(...combined));
-    localStorage.setItem(`${this.storagePrefix}${key}`, base64);
+    const tronBase58check = base.base58check(sha256.sha256);
+    return tronBase58check.encode(addressBytes);
+  } catch (error) {
+    console.error("TRON address derivation failed:", error);
+    throw error;
   }
-  async getItem(key) {
-    if (!this.encryptionKey) {
-      throw new Error("Storage not initialized. Call initialize() first.");
-    }
-    const base64 = localStorage.getItem(`${this.storagePrefix}${key}`);
-    if (!base64) return null;
-    try {
-      const combined = new Uint8Array(
-        atob(base64).split("").map((c) => c.charCodeAt(0))
-      );
-      const iv = combined.slice(0, 12);
-      const encrypted = combined.slice(12);
-      const decrypted = await crypto.subtle.decrypt(
-        { name: "AES-GCM", iv },
-        this.encryptionKey,
-        encrypted
-      );
-      const decoder = new TextDecoder();
-      return decoder.decode(decrypted);
-    } catch {
-      return null;
+}
+function deriveSparkAddress(seed, network = "testnet") {
+  try {
+    const seedBytes = bip39.mnemonicToSeedSync(seed);
+    const hdKey = bip32.HDKey.fromMasterSeed(seedBytes);
+    const child = hdKey.derive(DERIVATION_PATHS2.spark);
+    if (!child.publicKey) {
+      throw new Error("Failed to derive public key");
     }
+    const pubKeyHash = ripemd160.ripemd160(sha256.sha256(child.publicKey));
+    const witnessVersion = 0;
+    const words = base.bech32.toWords(pubKeyHash);
+    words.unshift(witnessVersion);
+    const hrp = network === "testnet" ? "tsp" : "sp";
+    const address = base.bech32.encode(hrp, words);
+    return address;
+  } catch (error) {
+    console.error("Spark address derivation failed:", error);
+    throw error;
   }
-  async removeItem(key) {
-    localStorage.removeItem(`${this.storagePrefix}${key}`);
-  }
-  async hasItem(key) {
-    return localStorage.getItem(`${this.storagePrefix}${key}`) !== null;
-  }
-  async clear() {
-    const keysToRemove = [];
-    for (let i = 0; i < localStorage.length; i++) {
-      const key = localStorage.key(i);
-      if (key?.startsWith(this.storagePrefix)) {
-        keysToRemove.push(key);
-      }
-    }
-    keysToRemove.forEach((key) => localStorage.removeItem(key));
+}
+async function deriveAllAddresses(seed, network = "testnet") {
+  const addresses = {
+    ethereum: null,
+    bitcoin: null,
+    ton: null,
+    tron: null,
+    solana: null,
+    spark: null
+  };
+  try {
+    addresses.ethereum = deriveEthereumAddress(seed);
+  } catch (e) {
+    console.error("ETH derivation failed:", e);
   }
-};
-var MemoryStorageAdapter = class {
-  storage = /* @__PURE__ */ new Map();
-  async setItem(key, value) {
-    this.storage.set(key, value);
+  try {
+    addresses.bitcoin = deriveBitcoinAddress(seed, network);
+  } catch (e) {
+    console.error("BTC derivation failed:", e);
   }
-  async getItem(key) {
-    return this.storage.get(key) || null;
+  try {
+    addresses.spark = deriveSparkAddress(seed, network);
+  } catch (e) {
+    console.error("Spark derivation failed:", e);
   }
-  async removeItem(key) {
-    this.storage.delete(key);
+  try {
+    addresses.tron = deriveTronAddress(seed);
+  } catch (e) {
+    console.error("TRON derivation failed:", e);
   }
-  async hasItem(key) {
-    return this.storage.has(key);
+  const [solResult, tonResult] = await Promise.allSettled([
+    deriveSolanaAddress(seed),
+    deriveTonAddress(seed)
+  ]);
+  if (solResult.status === "fulfilled") {
+    addresses.solana = solResult.value;
+  } else {
+    console.error("SOL derivation failed:", solResult.reason);
   }
-  async clear() {
-    this.storage.clear();
+  if (tonResult.status === "fulfilled") {
+    addresses.ton = tonResult.value;
+  } else {
+    console.error("TON derivation failed:", tonResult.reason);
   }
-};
-function createSecureStorage() {
-  if (typeof global !== "undefined" && global.nativeModuleProxy !== void 0) {
-    const Platform = global.Platform;
-    if (Platform?.OS === "ios") {
-      return new KeychainStorageAdapter();
-    } else if (Platform?.OS === "android") {
-      return new KeystoreStorageAdapter();
-    }
+  return addresses;
+}
+function isValidSeed(seed) {
+  return bip39.validateMnemonic(seed, english.wordlist);
+}
+function generateSeedPhrase() {
+  return bip39.generateMnemonic(english.wordlist);
+}
+
+// src/services/ZubariWdkService.ts
+var DEFAULT_API_URL2 = "https://ckgwifsxka.us-east-2.awsapprunner.com";
+function isBrowser() {
+  return typeof window !== "undefined" && typeof window.document !== "undefined";
+}
+var dynamicImport = new Function("specifier", "return import(specifier)");
+async function canUseNativeWdk() {
+  if (isBrowser()) {
+    return false;
   }
-  if (typeof window !== "undefined" && typeof localStorage !== "undefined") {
-    return new WebEncryptedStorageAdapter();
+  try {
+    await dynamicImport("@tetherto/wdk");
+    return true;
+  } catch {
+    return false;
   }
-  return new MemoryStorageAdapter();
 }
-
-// src/services/WdkApiClient.ts
-var WdkApiClient = class {
+var ZubariWdkService = class {
   config;
-  constructor(config) {
+  apiClient;
+  nativeWdkService = null;
+  initialized = false;
+  useNativeWdk = false;
+  constructor(config = {}) {
     this.config = {
-      baseUrl: config.baseUrl,
+      network: config.network || "testnet",
+      apiUrl: config.apiUrl || process.env.NEXT_PUBLIC_API_URL || DEFAULT_API_URL2,
+      forceApi: config.forceApi ?? false,
       timeout: config.timeout || 3e4
     };
+    this.apiClient = getWdkApiClient(this.config.apiUrl);
   }
   /**
-   * Generate a new BIP-39 seed phrase using Tether WDK
+   * Initialize the service and determine the best strategy
+   */
+  async initialize() {
+    if (this.initialized) return;
+    if (isBrowser() || this.config.forceApi) {
+      this.useNativeWdk = false;
+      this.initialized = true;
+      return;
+    }
+    if (await canUseNativeWdk()) {
+      try {
+        const WdkServiceModule = await dynamicImport("./WdkService");
+        const WdkService = WdkServiceModule.WdkService || WdkServiceModule.default;
+        this.nativeWdkService = new WdkService({
+          network: this.config.network
+        });
+        this.useNativeWdk = true;
+      } catch (error) {
+        console.warn("Failed to initialize native WDK, falling back to API:", error);
+        this.useNativeWdk = false;
+      }
+    }
+    this.initialized = true;
+  }
+  /**
+   * Get the current execution mode
+   */
+  getMode() {
+    if (this.useNativeWdk) return "native";
+    if (isBrowser()) return "api";
+    return "api";
+  }
+  /**
+   * Check if running in browser
+   */
+  isBrowserEnvironment() {
+    return isBrowser();
+  }
+  /**
+   * Generate a new BIP-39 seed phrase (12 words)
    */
   async generateSeed() {
+    await this.initialize();
     try {
-      const response = await fetch(`${this.config.baseUrl}/api/wallets/wdk/generate-seed`, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        }
-      });
-      return await response.json();
+      const response = await this.apiClient.generateSeed();
+      if (response.success && response.seed) {
+        return response.seed;
+      }
     } catch (error) {
-      return {
-        success: false,
-        error: error instanceof Error ? error.message : "Failed to generate seed"
-      };
+      console.warn("API seed generation failed:", error);
     }
+    if (this.useNativeWdk && this.nativeWdkService) {
+      try {
+        const wdk = this.nativeWdkService;
+        return await wdk.generateSeedPhrase();
+      } catch (error) {
+        console.warn("Native WDK seed generation failed:", error);
+      }
+    }
+    return generateSeedPhrase();
   }
   /**
    * Validate a BIP-39 seed phrase
    */
   async validateSeed(seed) {
+    await this.initialize();
     try {
-      const response = await fetch(`${this.config.baseUrl}/api/wallets/wdk/validate-seed`, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify({ seed })
-      });
-      return await response.json();
+      const response = await this.apiClient.validateSeed(seed);
+      if (response.success) {
+        return response.isValid ?? false;
+      }
     } catch (error) {
-      return {
-        success: false,
-        error: error instanceof Error ? error.message : "Failed to validate seed"
-      };
+      console.warn("API seed validation failed:", error);
+    }
+    if (this.useNativeWdk && this.nativeWdkService) {
+      try {
+        const wdk = this.nativeWdkService;
+        return await wdk.isValidSeed(seed);
+      } catch (error) {
+        console.warn("Native WDK seed validation failed:", error);
+      }
     }
+    return isValidSeed(seed);
   }
   /**
-   * Derive address for a specific chain using Tether WDK
+   * Derive address for a specific chain using WDK API
+   *
+   * For Ethereum, falls back to local derivation if API fails.
+   * For other chains, WDK API is required - no placeholder fallback.
    */
-  async deriveAddress(seed, chain, network = "testnet") {
+  async deriveAddress(seed, chain) {
+    await this.initialize();
+    const path = this.getDerivationPath(chain);
     try {
-      const response = await fetch(`${this.config.baseUrl}/api/wallets/wdk/derive-address`, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify({ seed, chain, network })
-      });
-      return await response.json();
+      const response = await this.apiClient.deriveAddress(seed, chain, this.config.network);
+      if (response.success && response.address) {
+        return {
+          chain,
+          address: response.address,
+          path: response.path || path
+        };
+      }
+    } catch (error) {
+      console.warn(`API address derivation failed for ${chain}:`, error);
+      if (chain === "ethereum") {
+        return this.deriveBrowserAddress(seed, chain);
+      }
+    }
+    if (this.useNativeWdk && this.nativeWdkService) {
+      try {
+        const wdk = this.nativeWdkService;
+        await wdk.initialize(seed);
+        return await wdk.deriveAddress(chain);
+      } catch (error) {
+        console.warn(`Native WDK address derivation failed for ${chain}:`, error);
+      }
+    }
+    if (chain === "ethereum") {
+      return this.deriveBrowserAddress(seed, chain);
+    }
+    throw new Error(
+      `WDK API required for ${chain} address derivation. Ensure the backend is running.`
+    );
+  }
+  /**
+   * Derive addresses for all supported chains using WDK API
+   *
+   * Uses the backend WDK API for real cryptographically valid addresses.
+   * No placeholder fallback - WDK API is required for multi-chain addresses.
+   */
+  async deriveAllAddresses(seed) {
+    await this.initialize();
+    try {
+      const response = await this.apiClient.deriveAllAddresses(seed, this.config.network);
+      if (response.success && response.addresses) {
+        const extractAddress = (value) => {
+          if (!value) return null;
+          if (typeof value === "string") return value;
+          if (typeof value === "object" && value !== null && "address" in value) {
+            return value.address;
+          }
+          return null;
+        };
+        return {
+          ethereum: extractAddress(response.addresses.ethereum),
+          bitcoin: extractAddress(response.addresses.bitcoin),
+          ton: extractAddress(response.addresses.ton),
+          tron: extractAddress(response.addresses.tron),
+          solana: extractAddress(response.addresses.solana),
+          spark: extractAddress(response.addresses.spark)
+        };
+      }
     } catch (error) {
-      return {
-        success: false,
-        error: error instanceof Error ? error.message : "Failed to derive address"
-      };
+      console.warn("API address derivation failed:", error);
+    }
+    if (this.useNativeWdk && this.nativeWdkService) {
+      try {
+        const wdk = this.nativeWdkService;
+        await wdk.initialize(seed);
+        return await wdk.deriveAllAddresses();
+      } catch (error) {
+        console.warn("Native WDK multi-chain derivation failed:", error);
+      }
     }
+    throw new Error(
+      "Tether WDK API required for multi-chain address derivation. Service temporarily unavailable."
+    );
   }
   /**
-   * Derive addresses for all chains using Tether WDK
+   * Get balances for all chains
    */
-  async deriveAllAddresses(seed, network = "testnet") {
+  async getAllBalances(seed) {
+    await this.initialize();
     try {
-      const response = await fetch(`${this.config.baseUrl}/api/wallets/wdk/derive-all`, {
+      const response = await fetch(`${this.config.apiUrl}/api/wallets/wdk/balances`, {
         method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify({ seed, network })
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ seed, network: this.config.network })
       });
-      return await response.json();
+      if (response.ok) {
+        const data = await response.json();
+        if (data.success) {
+          return data.balances;
+        }
+      }
     } catch (error) {
-      return {
-        success: false,
-        error: error instanceof Error ? error.message : "Failed to derive addresses"
-      };
+      console.warn("Failed to fetch balances:", error);
     }
+    return {};
   }
   /**
-   * Send a transaction on a specific chain using Tether WDK
+   * Get fee rates for a chain
    */
-  async sendTransaction(seed, chain, to, amount, network = "testnet") {
+  async getFeeRates(seed, chain) {
+    await this.initialize();
     try {
-      const response = await fetch(`${this.config.baseUrl}/api/wallets/wdk/send`, {
+      const response = await fetch(`${this.config.apiUrl}/api/wallets/wdk/fee-rates`, {
         method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify({ seed, chain, to, amount, network })
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ seed, chain, network: this.config.network })
       });
-      return await response.json();
+      if (response.ok) {
+        const data = await response.json();
+        if (data.success && data.feeRates) {
+          return data.feeRates;
+        }
+      }
     } catch (error) {
-      return {
-        success: false,
-        error: error instanceof Error ? error.message : "Failed to send transaction"
-      };
+      console.warn(`Failed to fetch fee rates for ${chain}:`, error);
     }
+    return { slow: "0", normal: "0", fast: "0" };
   }
   /**
-   * Get transaction history for an address on a specific chain
-   * Fetches from blockchain explorers (Etherscan, mempool.space, etc.)
+   * Estimate transaction fee
    */
-  async getTransactionHistory(seed, chain, network = "testnet", limit = 10) {
+  async estimateFee(seed, chain, to, amount) {
+    await this.initialize();
     try {
-      const response = await fetch(`${this.config.baseUrl}/api/wallets/wdk/history`, {
+      const response = await fetch(`${this.config.apiUrl}/api/wallets/wdk/estimate-fee`, {
         method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify({ seed, chain, network, limit })
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ seed, chain, to, amount, network: this.config.network })
       });
-      return await response.json();
+      if (response.ok) {
+        const data = await response.json();
+        if (data.success) {
+          return { fee: data.fee, symbol: data.symbol };
+        }
+      }
     } catch (error) {
-      return {
-        success: false,
-        error: error instanceof Error ? error.message : "Failed to get transaction history"
-      };
+      console.warn(`Failed to estimate fee for ${chain}:`, error);
     }
+    return { fee: "0", symbol: this.getChainSymbol(chain) };
   }
   /**
-   * Get transaction status by hash
-   * Fetches from blockchain explorers to check confirmation status
+   * Send a transaction
    */
-  async getTransactionStatus(txHash, chain, network = "testnet") {
+  async sendTransaction(seed, chain, to, amount) {
+    await this.initialize();
     try {
-      const response = await fetch(`${this.config.baseUrl}/api/wallets/wdk/tx-status`, {
+      const response = await fetch(`${this.config.apiUrl}/api/wallets/wdk/send`, {
         method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify({ txHash, chain, network })
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ seed, chain, to, amount, network: this.config.network })
       });
-      return await response.json();
-    } catch (error) {
-      return {
-        success: false,
-        error: error instanceof Error ? error.message : "Failed to get transaction status"
-      };
-    }
-  }
-};
-var DEFAULT_API_URL = process.env.NEXT_PUBLIC_API_URL || "https://ckgwifsxka.us-east-2.awsapprunner.com";
-var wdkApiClient = null;
-function getWdkApiClient(baseUrl) {
-  if (!wdkApiClient || baseUrl && wdkApiClient["config"].baseUrl !== baseUrl) {
-    wdkApiClient = new WdkApiClient({
-      baseUrl: baseUrl || DEFAULT_API_URL
-    });
-  }
-  return wdkApiClient;
-}
-var DERIVATION_PATHS2 = {
-  ethereum: "m/44'/60'/0'/0/0",
-  bitcoin_mainnet: "m/84'/0'/0'/0/0",
-  bitcoin_testnet: "m/84'/1'/0'/0/0",
-  ton: "m/44'/607'/0'/0'/0'",
-  tron: "m/44'/195'/0'/0/0",
-  solana: "m/44'/501'/0'/0'",
-  spark: "m/44'/998'/0'/0/0"
-};
-function deriveEthereumAddress(seed) {
-  const hdNode = ethers.HDNodeWallet.fromPhrase(seed, void 0, DERIVATION_PATHS2.ethereum);
-  return hdNode.address;
-}
-function deriveBitcoinAddress(seed, network = "testnet") {
-  try {
-    const seedBytes = bip39.mnemonicToSeedSync(seed);
-    const hdKey = bip32.HDKey.fromMasterSeed(seedBytes);
-    const path = network === "testnet" ? DERIVATION_PATHS2.bitcoin_testnet : DERIVATION_PATHS2.bitcoin_mainnet;
-    const child = hdKey.derive(path);
-    if (!child.publicKey) {
-      throw new Error("Failed to derive public key");
-    }
-    const pubKeyHash = ripemd160.ripemd160(sha256.sha256(child.publicKey));
-    const witnessVersion = 0;
-    const words = base.bech32.toWords(pubKeyHash);
-    words.unshift(witnessVersion);
-    const hrp = network === "testnet" ? "tb" : "bc";
-    const address = base.bech32.encode(hrp, words);
-    return address;
-  } catch (error) {
-    console.error("Bitcoin address derivation failed:", error);
-    throw error;
-  }
-}
-async function deriveSolanaAddress(seed) {
-  try {
-    const [ed25519, nacl, bs58Module] = await Promise.all([
-      import('ed25519-hd-key'),
-      import('tweetnacl'),
-      import('bs58')
-    ]);
-    const bs58 = bs58Module.default || bs58Module;
-    const seedBytes = bip39.mnemonicToSeedSync(seed);
-    const derived = ed25519.derivePath(DERIVATION_PATHS2.solana, Buffer.from(seedBytes).toString("hex"));
-    const keypair = nacl.sign.keyPair.fromSeed(new Uint8Array(derived.key));
-    return bs58.encode(keypair.publicKey);
-  } catch (error) {
-    console.error("Solana address derivation failed:", error);
-    throw error;
-  }
-}
-async function deriveTonAddress(seed) {
-  try {
-    const [ed25519, nacl] = await Promise.all([
-      import('ed25519-hd-key'),
-      import('tweetnacl')
-    ]);
-    const seedBytes = bip39.mnemonicToSeedSync(seed);
-    const derived = ed25519.derivePath(DERIVATION_PATHS2.ton, Buffer.from(seedBytes).toString("hex"));
-    const keypair = nacl.sign.keyPair.fromSeed(new Uint8Array(derived.key));
-    const publicKey = keypair.publicKey;
-    const workchain = 0;
-    const flags = 17;
-    const hash = sha256.sha256(publicKey);
-    const addressData = new Uint8Array(34);
-    addressData[0] = flags;
-    addressData[1] = workchain;
-    addressData.set(hash, 2);
-    const crc = crc16(addressData);
-    const fullAddress = new Uint8Array(36);
-    fullAddress.set(addressData);
-    fullAddress[34] = crc >> 8 & 255;
-    fullAddress[35] = crc & 255;
-    const base64 = btoa(String.fromCharCode(...fullAddress)).replace(/\+/g, "-").replace(/\//g, "_");
-    return base64;
-  } catch (error) {
-    console.error("TON address derivation failed:", error);
-    throw error;
-  }
-}
-function crc16(data) {
-  let crc = 0;
-  for (const byte of data) {
-    crc ^= byte << 8;
-    for (let i = 0; i < 8; i++) {
-      crc = crc & 32768 ? crc << 1 ^ 4129 : crc << 1;
-      crc &= 65535;
-    }
-  }
-  return crc;
-}
-function deriveTronAddress(seed) {
-  try {
-    const hdNode = ethers.HDNodeWallet.fromPhrase(seed, void 0, DERIVATION_PATHS2.tron);
-    const ethAddressHex = hdNode.address.slice(2).toLowerCase();
-    const addressBytes = new Uint8Array(21);
-    addressBytes[0] = 65;
-    for (let i = 0; i < 20; i++) {
-      addressBytes[i + 1] = parseInt(ethAddressHex.slice(i * 2, i * 2 + 2), 16);
+      if (response.ok) {
+        const data = await response.json();
+        let txHash = data.txHash || data.transactionHash || data.hash;
+        if (txHash && typeof txHash === "object" && "hash" in txHash) {
+          txHash = txHash.hash;
+        }
+        if (chain === "ethereum" && txHash && (typeof txHash !== "string" || !txHash.startsWith("0x") || txHash.length !== 66)) {
+          console.warn(`Invalid Ethereum tx hash format: ${txHash} (length: ${txHash?.length}, expected: 66)`);
+        }
+        return {
+          success: data.success,
+          txHash,
+          from: data.from,
+          to: data.to,
+          amount: data.amount,
+          chain: data.chain,
+          network: data.network
+        };
+      }
+      const errorData = await response.json().catch(() => ({}));
+      return {
+        success: false,
+        error: errorData.error || `HTTP ${response.status}`
+      };
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Transaction failed"
+      };
     }
-    const tronBase58check = base.base58check(sha256.sha256);
-    return tronBase58check.encode(addressBytes);
-  } catch (error) {
-    console.error("TRON address derivation failed:", error);
-    throw error;
   }
-}
-function deriveSparkAddress(seed, network = "testnet") {
-  try {
-    const seedBytes = bip39.mnemonicToSeedSync(seed);
-    const hdKey = bip32.HDKey.fromMasterSeed(seedBytes);
-    const child = hdKey.derive(DERIVATION_PATHS2.spark);
-    if (!child.publicKey) {
-      throw new Error("Failed to derive public key");
-    }
-    const pubKeyHash = ripemd160.ripemd160(sha256.sha256(child.publicKey));
-    const witnessVersion = 0;
-    const words = base.bech32.toWords(pubKeyHash);
-    words.unshift(witnessVersion);
-    const hrp = network === "testnet" ? "tsp" : "sp";
-    const address = base.bech32.encode(hrp, words);
-    return address;
-  } catch (error) {
-    console.error("Spark address derivation failed:", error);
-    throw error;
+  /**
+   * Get the network configuration
+   */
+  getNetwork() {
+    return this.config.network;
   }
-}
-async function deriveAllAddresses(seed, network = "testnet") {
-  const addresses = {
-    ethereum: null,
-    bitcoin: null,
-    ton: null,
-    tron: null,
-    solana: null,
-    spark: null
-  };
-  try {
-    addresses.ethereum = deriveEthereumAddress(seed);
-  } catch (e) {
-    console.error("ETH derivation failed:", e);
+  /**
+   * Get API URL
+   */
+  getApiUrl() {
+    return this.config.apiUrl;
   }
-  try {
-    addresses.bitcoin = deriveBitcoinAddress(seed, network);
-  } catch (e) {
-    console.error("BTC derivation failed:", e);
+  // ==========================================
+  // Private Helper Methods
+  // ==========================================
+  getDerivationPath(chain) {
+    const paths = {
+      bitcoin: this.config.network === "testnet" ? "m/84'/1'/0'/0/0" : "m/84'/0'/0'/0/0",
+      ethereum: "m/44'/60'/0'/0/0",
+      ton: "m/44'/607'/0'/0'/0'",
+      tron: "m/44'/195'/0'/0/0",
+      solana: "m/44'/501'/0'/0'",
+      spark: "m/44'/998'/0'/0/0"
+    };
+    return paths[chain];
   }
-  try {
-    addresses.spark = deriveSparkAddress(seed, network);
-  } catch (e) {
-    console.error("Spark derivation failed:", e);
+  getChainSymbol(chain) {
+    const symbols = {
+      ethereum: "ETH",
+      bitcoin: "BTC",
+      ton: "TON",
+      tron: "TRX",
+      solana: "SOL",
+      spark: "SAT"
+    };
+    return symbols[chain];
   }
-  try {
-    addresses.tron = deriveTronAddress(seed);
-  } catch (e) {
-    console.error("TRON derivation failed:", e);
+  /**
+   * Derive address using browser-compatible libraries
+   */
+  async deriveBrowserAddress(seed, chain) {
+    const path = this.getDerivationPath(chain);
+    try {
+      let address;
+      switch (chain) {
+        case "ethereum":
+          address = deriveEthereumAddress(seed);
+          break;
+        case "bitcoin":
+          address = deriveBitcoinAddress(seed, this.config.network);
+          break;
+        case "tron":
+          address = deriveTronAddress(seed);
+          break;
+        case "spark":
+          address = deriveSparkAddress(seed, this.config.network);
+          break;
+        case "solana":
+          address = await deriveSolanaAddress(seed);
+          break;
+        case "ton":
+          address = await deriveTonAddress(seed);
+          break;
+        default:
+          throw new Error(`Unsupported chain: ${chain}`);
+      }
+      return { chain, address, path };
+    } catch (error) {
+      console.error(`Browser derivation failed for ${chain}:`, error);
+      throw error;
+    }
   }
-  const [solResult, tonResult] = await Promise.allSettled([
-    deriveSolanaAddress(seed),
-    deriveTonAddress(seed)
-  ]);
-  if (solResult.status === "fulfilled") {
-    addresses.solana = solResult.value;
-  } else {
-    console.error("SOL derivation failed:", solResult.reason);
+  /**
+   * Derive all addresses using browser-compatible libraries
+   */
+  async deriveAllBrowserAddresses(seed) {
+    return deriveAllAddresses(seed, this.config.network);
   }
-  if (tonResult.status === "fulfilled") {
-    addresses.ton = tonResult.value;
-  } else {
-    console.error("TON derivation failed:", tonResult.reason);
+};
+var defaultService = null;
+function getZubariWdkService(config) {
+  if (!defaultService || config && config.network !== defaultService.getNetwork()) {
+    defaultService = new ZubariWdkService(config);
   }
-  return addresses;
-}
-function isValidSeed(seed) {
-  return bip39.validateMnemonic(seed, english.wordlist);
-}
-function generateSeedPhrase() {
-  return bip39.generateMnemonic(english.wordlist);
+  return defaultService;
 }
 
-// src/services/ZubariWdkService.ts
-var DEFAULT_API_URL2 = "https://ckgwifsxka.us-east-2.awsapprunner.com";
-function isBrowser() {
-  return typeof window !== "undefined" && typeof window.document !== "undefined";
-}
-var dynamicImport = new Function("specifier", "return import(specifier)");
-async function canUseNativeWdk() {
-  if (isBrowser()) {
-    return false;
-  }
-  try {
-    await dynamicImport("@tetherto/wdk");
-    return true;
-  } catch {
-    return false;
-  }
-}
-var ZubariWdkService = class {
-  config;
-  apiClient;
-  nativeWdkService = null;
-  initialized = false;
-  useNativeWdk = false;
-  constructor(config = {}) {
-    this.config = {
-      network: config.network || "testnet",
-      apiUrl: config.apiUrl || process.env.NEXT_PUBLIC_API_URL || DEFAULT_API_URL2,
-      forceApi: config.forceApi ?? false,
-      timeout: config.timeout || 3e4
-    };
-    this.apiClient = getWdkApiClient(this.config.apiUrl);
+// src/security/KeyManager.ts
+var KeyManager = class {
+  static ALGORITHM = "AES-GCM";
+  static KEY_LENGTH = 256;
+  static IV_LENGTH = 12;
+  static SALT_LENGTH = 16;
+  static PBKDF2_ITERATIONS = 1e5;
+  /**
+   * Encrypt a seed phrase with a password
+   */
+  static async encryptSeed(seed, password) {
+    const encoder = new TextEncoder();
+    const seedData = encoder.encode(seed);
+    const salt = crypto.getRandomValues(new Uint8Array(this.SALT_LENGTH));
+    const iv = crypto.getRandomValues(new Uint8Array(this.IV_LENGTH));
+    const key = await this.deriveKey(password, salt);
+    const encrypted = await crypto.subtle.encrypt(
+      { name: this.ALGORITHM, iv },
+      key,
+      seedData
+    );
+    const combined = new Uint8Array(salt.length + iv.length + encrypted.byteLength);
+    combined.set(salt, 0);
+    combined.set(iv, salt.length);
+    combined.set(new Uint8Array(encrypted), salt.length + iv.length);
+    return btoa(String.fromCharCode(...combined));
   }
   /**
-   * Initialize the service and determine the best strategy
+   * Decrypt a seed phrase with a password
    */
-  async initialize() {
-    if (this.initialized) return;
-    if (isBrowser() || this.config.forceApi) {
-      this.useNativeWdk = false;
-      this.initialized = true;
-      return;
-    }
-    if (await canUseNativeWdk()) {
-      try {
-        const WdkServiceModule = await dynamicImport("./WdkService");
-        const WdkService = WdkServiceModule.WdkService || WdkServiceModule.default;
-        this.nativeWdkService = new WdkService({
-          network: this.config.network
-        });
-        this.useNativeWdk = true;
-      } catch (error) {
-        console.warn("Failed to initialize native WDK, falling back to API:", error);
-        this.useNativeWdk = false;
-      }
-    }
-    this.initialized = true;
+  static async decryptSeed(encryptedData, password) {
+    const combined = new Uint8Array(
+      atob(encryptedData).split("").map((c) => c.charCodeAt(0))
+    );
+    const salt = combined.slice(0, this.SALT_LENGTH);
+    const iv = combined.slice(this.SALT_LENGTH, this.SALT_LENGTH + this.IV_LENGTH);
+    const encrypted = combined.slice(this.SALT_LENGTH + this.IV_LENGTH);
+    const key = await this.deriveKey(password, salt);
+    const decrypted = await crypto.subtle.decrypt(
+      { name: this.ALGORITHM, iv },
+      key,
+      encrypted
+    );
+    const decoder = new TextDecoder();
+    return decoder.decode(decrypted);
   }
   /**
-   * Get the current execution mode
+   * Derive encryption key from password using PBKDF2
    */
-  getMode() {
-    if (this.useNativeWdk) return "native";
-    if (isBrowser()) return "api";
-    return "api";
+  static async deriveKey(password, salt) {
+    const encoder = new TextEncoder();
+    const passwordData = encoder.encode(password);
+    const keyMaterial = await crypto.subtle.importKey(
+      "raw",
+      passwordData,
+      "PBKDF2",
+      false,
+      ["deriveKey"]
+    );
+    return crypto.subtle.deriveKey(
+      {
+        name: "PBKDF2",
+        salt: salt.buffer.slice(salt.byteOffset, salt.byteOffset + salt.byteLength),
+        iterations: this.PBKDF2_ITERATIONS,
+        hash: "SHA-256"
+      },
+      keyMaterial,
+      { name: this.ALGORITHM, length: this.KEY_LENGTH },
+      false,
+      ["encrypt", "decrypt"]
+    );
   }
   /**
-   * Check if running in browser
+   * Validate a BIP-39 seed phrase (basic validation)
    */
-  isBrowserEnvironment() {
-    return isBrowser();
+  static validateSeedPhrase(seed) {
+    const words = seed.trim().split(/\s+/);
+    const validWordCounts = [12, 15, 18, 21, 24];
+    return validWordCounts.includes(words.length);
   }
   /**
-   * Generate a new BIP-39 seed phrase (12 words)
+   * Generate a random encryption key (for backup purposes)
    */
-  async generateSeed() {
-    await this.initialize();
-    try {
-      const response = await this.apiClient.generateSeed();
-      if (response.success && response.seed) {
-        return response.seed;
-      }
-    } catch (error) {
-      console.warn("API seed generation failed:", error);
+  static generateBackupKey() {
+    const bytes = crypto.getRandomValues(new Uint8Array(32));
+    return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+};
+
+// src/storage/SecureStorage.ts
+var KeychainStorageAdapter = class {
+  serviceName;
+  constructor(serviceName = "com.zubari.wallet") {
+    this.serviceName = serviceName;
+  }
+  async setItem(key, value) {
+    if (typeof global !== "undefined" && global.KeychainModule) {
+      await global.KeychainModule.setItem(this.serviceName, key, value);
+    } else {
+      throw new Error("Keychain not available on this platform");
     }
-    if (this.useNativeWdk && this.nativeWdkService) {
-      try {
-        const wdk = this.nativeWdkService;
-        return await wdk.generateSeedPhrase();
-      } catch (error) {
-        console.warn("Native WDK seed generation failed:", error);
-      }
+  }
+  async getItem(key) {
+    if (typeof global !== "undefined" && global.KeychainModule) {
+      return global.KeychainModule.getItem(this.serviceName, key);
     }
-    return generateSeedPhrase();
+    throw new Error("Keychain not available on this platform");
   }
-  /**
-   * Validate a BIP-39 seed phrase
-   */
-  async validateSeed(seed) {
-    await this.initialize();
-    try {
-      const response = await this.apiClient.validateSeed(seed);
-      if (response.success) {
-        return response.isValid ?? false;
-      }
-    } catch (error) {
-      console.warn("API seed validation failed:", error);
+  async removeItem(key) {
+    if (typeof global !== "undefined" && global.KeychainModule) {
+      await global.KeychainModule.removeItem(this.serviceName, key);
+    } else {
+      throw new Error("Keychain not available on this platform");
     }
-    if (this.useNativeWdk && this.nativeWdkService) {
-      try {
-        const wdk = this.nativeWdkService;
-        return await wdk.isValidSeed(seed);
-      } catch (error) {
-        console.warn("Native WDK seed validation failed:", error);
-      }
+  }
+  async hasItem(key) {
+    const value = await this.getItem(key);
+    return value !== null;
+  }
+  async clear() {
+    if (typeof global !== "undefined" && global.KeychainModule) {
+      await global.KeychainModule.clear(this.serviceName);
+    } else {
+      throw new Error("Keychain not available on this platform");
     }
-    return isValidSeed(seed);
   }
-  /**
-   * Derive address for a specific chain using WDK API
-   *
-   * For Ethereum, falls back to local derivation if API fails.
-   * For other chains, WDK API is required - no placeholder fallback.
-   */
-  async deriveAddress(seed, chain) {
-    await this.initialize();
-    const path = this.getDerivationPath(chain);
-    try {
-      const response = await this.apiClient.deriveAddress(seed, chain, this.config.network);
-      if (response.success && response.address) {
-        return {
-          chain,
-          address: response.address,
-          path: response.path || path
-        };
-      }
-    } catch (error) {
-      console.warn(`API address derivation failed for ${chain}:`, error);
-      if (chain === "ethereum") {
-        return this.deriveBrowserAddress(seed, chain);
-      }
+};
+var KeystoreStorageAdapter = class {
+  alias;
+  constructor(alias = "zubari_wallet_keys") {
+    this.alias = alias;
+  }
+  async setItem(key, value) {
+    if (typeof global !== "undefined" && global.KeystoreModule) {
+      await global.KeystoreModule.setItem(this.alias, key, value);
+    } else {
+      throw new Error("Keystore not available on this platform");
     }
-    if (this.useNativeWdk && this.nativeWdkService) {
-      try {
-        const wdk = this.nativeWdkService;
-        await wdk.initialize(seed);
-        return await wdk.deriveAddress(chain);
-      } catch (error) {
-        console.warn(`Native WDK address derivation failed for ${chain}:`, error);
-      }
+  }
+  async getItem(key) {
+    if (typeof global !== "undefined" && global.KeystoreModule) {
+      return global.KeystoreModule.getItem(this.alias, key);
     }
-    if (chain === "ethereum") {
-      return this.deriveBrowserAddress(seed, chain);
+    throw new Error("Keystore not available on this platform");
+  }
+  async removeItem(key) {
+    if (typeof global !== "undefined" && global.KeystoreModule) {
+      await global.KeystoreModule.removeItem(this.alias, key);
+    } else {
+      throw new Error("Keystore not available on this platform");
+    }
+  }
+  async hasItem(key) {
+    const value = await this.getItem(key);
+    return value !== null;
+  }
+  async clear() {
+    if (typeof global !== "undefined" && global.KeystoreModule) {
+      await global.KeystoreModule.clear(this.alias);
+    } else {
+      throw new Error("Keystore not available on this platform");
     }
-    throw new Error(
-      `WDK API required for ${chain} address derivation. Ensure the backend is running.`
-    );
+  }
+};
+var WebEncryptedStorageAdapter = class {
+  encryptionKey = null;
+  storagePrefix;
+  constructor(storagePrefix = "zubari_") {
+    this.storagePrefix = storagePrefix;
   }
   /**
-   * Derive addresses for all supported chains using WDK API
-   *
-   * Uses the backend WDK API for real cryptographically valid addresses.
-   * No placeholder fallback - WDK API is required for multi-chain addresses.
+   * Initialize with a password-derived key
    */
-  async deriveAllAddresses(seed) {
-    await this.initialize();
-    try {
-      const response = await this.apiClient.deriveAllAddresses(seed, this.config.network);
-      if (response.success && response.addresses) {
-        const extractAddress = (value) => {
-          if (!value) return null;
-          if (typeof value === "string") return value;
-          if (typeof value === "object" && value !== null && "address" in value) {
-            return value.address;
-          }
-          return null;
-        };
-        return {
-          ethereum: extractAddress(response.addresses.ethereum),
-          bitcoin: extractAddress(response.addresses.bitcoin),
-          ton: extractAddress(response.addresses.ton),
-          tron: extractAddress(response.addresses.tron),
-          solana: extractAddress(response.addresses.solana),
-          spark: extractAddress(response.addresses.spark)
-        };
-      }
-    } catch (error) {
-      console.warn("API address derivation failed:", error);
-    }
-    if (this.useNativeWdk && this.nativeWdkService) {
-      try {
-        const wdk = this.nativeWdkService;
-        await wdk.initialize(seed);
-        return await wdk.deriveAllAddresses();
-      } catch (error) {
-        console.warn("Native WDK multi-chain derivation failed:", error);
-      }
+  async initialize(password) {
+    const encoder = new TextEncoder();
+    const salt = this.getSalt();
+    const keyMaterial = await crypto.subtle.importKey(
+      "raw",
+      encoder.encode(password),
+      "PBKDF2",
+      false,
+      ["deriveKey"]
+    );
+    this.encryptionKey = await crypto.subtle.deriveKey(
+      {
+        name: "PBKDF2",
+        salt: salt.buffer,
+        iterations: 1e5,
+        hash: "SHA-256"
+      },
+      keyMaterial,
+      { name: "AES-GCM", length: 256 },
+      false,
+      ["encrypt", "decrypt"]
+    );
+  }
+  getSalt() {
+    const saltKey = `${this.storagePrefix}salt`;
+    let saltHex = localStorage.getItem(saltKey);
+    if (!saltHex) {
+      const salt = crypto.getRandomValues(new Uint8Array(16));
+      saltHex = Array.from(salt).map((b) => b.toString(16).padStart(2, "0")).join("");
+      localStorage.setItem(saltKey, saltHex);
     }
-    throw new Error(
-      "Tether WDK API required for multi-chain address derivation. Service temporarily unavailable."
+    return new Uint8Array(
+      saltHex.match(/.{1,2}/g).map((byte) => parseInt(byte, 16))
     );
   }
-  /**
-   * Get balances for all chains
-   */
-  async getAllBalances(seed) {
-    await this.initialize();
-    try {
-      const response = await fetch(`${this.config.apiUrl}/api/wallets/wdk/balances`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ seed, network: this.config.network })
-      });
-      if (response.ok) {
-        const data = await response.json();
-        if (data.success) {
-          return data.balances;
-        }
-      }
-    } catch (error) {
-      console.warn("Failed to fetch balances:", error);
+  async setItem(key, value) {
+    if (!this.encryptionKey) {
+      throw new Error("Storage not initialized. Call initialize() first.");
     }
-    return {};
+    const encoder = new TextEncoder();
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const encrypted = await crypto.subtle.encrypt(
+      { name: "AES-GCM", iv },
+      this.encryptionKey,
+      encoder.encode(value)
+    );
+    const combined = new Uint8Array(iv.length + encrypted.byteLength);
+    combined.set(iv);
+    combined.set(new Uint8Array(encrypted), iv.length);
+    const base64 = btoa(String.fromCharCode(...combined));
+    localStorage.setItem(`${this.storagePrefix}${key}`, base64);
   }
-  /**
-   * Get fee rates for a chain
-   */
-  async getFeeRates(seed, chain) {
-    await this.initialize();
-    try {
-      const response = await fetch(`${this.config.apiUrl}/api/wallets/wdk/fee-rates`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ seed, chain, network: this.config.network })
-      });
-      if (response.ok) {
-        const data = await response.json();
-        if (data.success && data.feeRates) {
-          return data.feeRates;
-        }
-      }
-    } catch (error) {
-      console.warn(`Failed to fetch fee rates for ${chain}:`, error);
+  async getItem(key) {
+    if (!this.encryptionKey) {
+      throw new Error("Storage not initialized. Call initialize() first.");
     }
-    return { slow: "0", normal: "0", fast: "0" };
-  }
-  /**
-   * Estimate transaction fee
-   */
-  async estimateFee(seed, chain, to, amount) {
-    await this.initialize();
+    const base64 = localStorage.getItem(`${this.storagePrefix}${key}`);
+    if (!base64) return null;
     try {
-      const response = await fetch(`${this.config.apiUrl}/api/wallets/wdk/estimate-fee`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ seed, chain, to, amount, network: this.config.network })
-      });
-      if (response.ok) {
-        const data = await response.json();
-        if (data.success) {
-          return { fee: data.fee, symbol: data.symbol };
-        }
-      }
-    } catch (error) {
-      console.warn(`Failed to estimate fee for ${chain}:`, error);
+      const combined = new Uint8Array(
+        atob(base64).split("").map((c) => c.charCodeAt(0))
+      );
+      const iv = combined.slice(0, 12);
+      const encrypted = combined.slice(12);
+      const decrypted = await crypto.subtle.decrypt(
+        { name: "AES-GCM", iv },
+        this.encryptionKey,
+        encrypted
+      );
+      const decoder = new TextDecoder();
+      return decoder.decode(decrypted);
+    } catch {
+      return null;
     }
-    return { fee: "0", symbol: this.getChainSymbol(chain) };
   }
-  /**
-   * Send a transaction
-   */
-  async sendTransaction(seed, chain, to, amount) {
-    await this.initialize();
-    try {
-      const response = await fetch(`${this.config.apiUrl}/api/wallets/wdk/send`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ seed, chain, to, amount, network: this.config.network })
-      });
-      if (response.ok) {
-        const data = await response.json();
-        let txHash = data.txHash || data.transactionHash || data.hash;
-        if (txHash && typeof txHash === "object" && "hash" in txHash) {
-          txHash = txHash.hash;
-        }
-        if (chain === "ethereum" && txHash && (typeof txHash !== "string" || !txHash.startsWith("0x") || txHash.length !== 66)) {
-          console.warn(`Invalid Ethereum tx hash format: ${txHash} (length: ${txHash?.length}, expected: 66)`);
-        }
-        return {
-          success: data.success,
-          txHash,
-          from: data.from,
-          to: data.to,
-          amount: data.amount,
-          chain: data.chain,
-          network: data.network
-        };
+  async removeItem(key) {
+    localStorage.removeItem(`${this.storagePrefix}${key}`);
+  }
+  async hasItem(key) {
+    return localStorage.getItem(`${this.storagePrefix}${key}`) !== null;
+  }
+  async clear() {
+    const keysToRemove = [];
+    for (let i = 0; i < localStorage.length; i++) {
+      const key = localStorage.key(i);
+      if (key?.startsWith(this.storagePrefix)) {
+        keysToRemove.push(key);
       }
-      const errorData = await response.json().catch(() => ({}));
-      return {
-        success: false,
-        error: errorData.error || `HTTP ${response.status}`
-      };
-    } catch (error) {
-      return {
-        success: false,
-        error: error instanceof Error ? error.message : "Transaction failed"
-      };
     }
+    keysToRemove.forEach((key) => localStorage.removeItem(key));
   }
-  /**
-   * Get the network configuration
-   */
-  getNetwork() {
-    return this.config.network;
-  }
-  /**
-   * Get API URL
-   */
-  getApiUrl() {
-    return this.config.apiUrl;
+};
+var MemoryStorageAdapter = class {
+  storage = /* @__PURE__ */ new Map();
+  async setItem(key, value) {
+    this.storage.set(key, value);
   }
-  // ==========================================
-  // Private Helper Methods
-  // ==========================================
-  getDerivationPath(chain) {
-    const paths = {
-      bitcoin: this.config.network === "testnet" ? "m/84'/1'/0'/0/0" : "m/84'/0'/0'/0/0",
-      ethereum: "m/44'/60'/0'/0/0",
-      ton: "m/44'/607'/0'/0'/0'",
-      tron: "m/44'/195'/0'/0/0",
-      solana: "m/44'/501'/0'/0'",
-      spark: "m/44'/998'/0'/0/0"
-    };
-    return paths[chain];
+  async getItem(key) {
+    return this.storage.get(key) || null;
   }
-  getChainSymbol(chain) {
-    const symbols = {
-      ethereum: "ETH",
-      bitcoin: "BTC",
-      ton: "TON",
-      tron: "TRX",
-      solana: "SOL",
-      spark: "SAT"
-    };
-    return symbols[chain];
+  async removeItem(key) {
+    this.storage.delete(key);
   }
-  /**
-   * Derive address using browser-compatible libraries
-   */
-  async deriveBrowserAddress(seed, chain) {
-    const path = this.getDerivationPath(chain);
-    try {
-      let address;
-      switch (chain) {
-        case "ethereum":
-          address = deriveEthereumAddress(seed);
-          break;
-        case "bitcoin":
-          address = deriveBitcoinAddress(seed, this.config.network);
-          break;
-        case "tron":
-          address = deriveTronAddress(seed);
-          break;
-        case "spark":
-          address = deriveSparkAddress(seed, this.config.network);
-          break;
-        case "solana":
-          address = await deriveSolanaAddress(seed);
-          break;
-        case "ton":
-          address = await deriveTonAddress(seed);
-          break;
-        default:
-          throw new Error(`Unsupported chain: ${chain}`);
-      }
-      return { chain, address, path };
-    } catch (error) {
-      console.error(`Browser derivation failed for ${chain}:`, error);
-      throw error;
-    }
+  async hasItem(key) {
+    return this.storage.has(key);
   }
-  /**
-   * Derive all addresses using browser-compatible libraries
-   */
-  async deriveAllBrowserAddresses(seed) {
-    return deriveAllAddresses(seed, this.config.network);
+  async clear() {
+    this.storage.clear();
   }
 };
-var defaultService = null;
-function getZubariWdkService(config) {
-  if (!defaultService || config && config.network !== defaultService.getNetwork()) {
-    defaultService = new ZubariWdkService(config);
+function createSecureStorage() {
+  if (typeof global !== "undefined" && global.nativeModuleProxy !== void 0) {
+    const Platform = global.Platform;
+    if (Platform?.OS === "ios") {
+      return new KeychainStorageAdapter();
+    } else if (Platform?.OS === "android") {
+      return new KeystoreStorageAdapter();
+    }
   }
-  return defaultService;
+  if (typeof window !== "undefined" && typeof localStorage !== "undefined") {
+    return new WebEncryptedStorageAdapter();
+  }
+  return new MemoryStorageAdapter();
 }
 
 // src/wallet/WalletManager.ts