npm - clawntenna - Versions diffs - 0.1.0 - Mend

clawntenna 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,697 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  ACCESS_PRIVATE: () => ACCESS_PRIVATE,
+  ACCESS_PUBLIC: () => ACCESS_PUBLIC,
+  ACCESS_PUBLIC_LIMITED: () => ACCESS_PUBLIC_LIMITED,
+  AccessLevel: () => AccessLevel,
+  CHAINS: () => CHAINS,
+  CHAIN_IDS: () => CHAIN_IDS,
+  Clawntenna: () => Clawntenna,
+  KEY_MANAGER_ABI: () => KEY_MANAGER_ABI,
+  PERMISSION_ADMIN: () => PERMISSION_ADMIN,
+  PERMISSION_NONE: () => PERMISSION_NONE,
+  PERMISSION_READ: () => PERMISSION_READ,
+  PERMISSION_READ_WRITE: () => PERMISSION_READ_WRITE,
+  PERMISSION_WRITE: () => PERMISSION_WRITE,
+  Permission: () => Permission,
+  REGISTRY_ABI: () => REGISTRY_ABI,
+  ROLE_ADMIN: () => ROLE_ADMIN,
+  ROLE_MEMBER: () => ROLE_MEMBER,
+  ROLE_OWNER_DELEGATE: () => ROLE_OWNER_DELEGATE,
+  ROLE_SUPPORT_MANAGER: () => ROLE_SUPPORT_MANAGER,
+  ROLE_TOPIC_MANAGER: () => ROLE_TOPIC_MANAGER,
+  Role: () => Role,
+  bytesToHex: () => bytesToHex,
+  computeSharedSecret: () => computeSharedSecret,
+  decrypt: () => decrypt,
+  decryptMessage: () => decryptMessage,
+  decryptTopicKey: () => decryptTopicKey,
+  deriveAESKeyFromSecret: () => deriveAESKeyFromSecret,
+  deriveKeyFromPassphrase: () => deriveKeyFromPassphrase,
+  deriveKeypairFromSignature: () => deriveKeypairFromSignature,
+  derivePublicTopicKey: () => derivePublicTopicKey,
+  encrypt: () => encrypt,
+  encryptMessage: () => encryptMessage,
+  encryptTopicKeyForUser: () => encryptTopicKeyForUser,
+  getChain: () => getChain,
+  hexToBytes: () => hexToBytes,
+  keypairFromPrivateKey: () => keypairFromPrivateKey
+});
+module.exports = __toCommonJS(index_exports);
+// src/client.ts
+var import_ethers = require("ethers");
+// src/chains.ts
+var CHAINS = {
+  base: {
+    chainId: 8453,
+    name: "Base",
+    shortName: "Base",
+    rpc: "https://base.publicnode.com",
+    explorer: "https://basescan.org",
+    registry: "0x5fF6BF04F1B5A78ae884D977a3C80A0D8E2072bF",
+    keyManager: "0xdc302ff43a34F6aEa19426D60C9D150e0661E4f4"
+  },
+  avalanche: {
+    chainId: 43114,
+    name: "Avalanche C-Chain",
+    shortName: "Avalanche",
+    rpc: "https://api.avax.network/ext/bc/C/rpc",
+    explorer: "https://snowtrace.io",
+    registry: "0x3Ca2FF0bD1b3633513299EB5d3e2d63e058b0713",
+    keyManager: "0x5a5ea9D408FBA984fFf6e243Dcc71ff6E00C73E4"
+  }
+};
+var CHAIN_IDS = {
+  8453: "base",
+  43114: "avalanche"
+};
+function getChain(nameOrId) {
+  if (typeof nameOrId === "number") {
+    const name = CHAIN_IDS[nameOrId];
+    if (!name) throw new Error(`Unsupported chain ID: ${nameOrId}`);
+    return CHAINS[name];
+  }
+  const chain = CHAINS[nameOrId];
+  if (!chain) throw new Error(`Unsupported chain: ${nameOrId}`);
+  return chain;
+}
+// src/contracts.ts
+var REGISTRY_ABI = [
+  // ===== READ FUNCTIONS =====
+  // Applications
+  "function applications(uint256) view returns (uint256 id, string name, string description, string frontendUrl, address owner, uint64 createdAt, uint32 memberCount, uint32 topicCount, bool active, bool allowPublicTopicCreation)",
+  "function getApplication(uint256 appId) view returns (tuple(uint256 id, string name, string description, string frontendUrl, address owner, uint64 createdAt, uint32 memberCount, uint32 topicCount, bool active, bool allowPublicTopicCreation, address topicCreationFeeToken, uint256 topicCreationFeeAmount))",
+  "function applicationCount() view returns (uint256)",
+  "function applicationNames(string) view returns (uint256)",
+  // Topics
+  "function topics(uint256) view returns (uint256 id, uint256 applicationId, string name, string description, address owner, address creator, uint64 createdAt, uint64 lastMessageAt, uint256 messageCount, uint8 accessLevel, bool active)",
+  "function getTopic(uint256 topicId) view returns (tuple(uint256 id, uint256 applicationId, string name, string description, address owner, address creator, uint64 createdAt, uint64 lastMessageAt, uint256 messageCount, uint8 accessLevel, bool active))",
+  "function topicCount() view returns (uint256)",
+  "function getApplicationTopics(uint256 appId) view returns (uint256[])",
+  // Members
+  "function members(uint256 appId, address user) view returns (address account, string nickname, uint8 roles, uint64 joinedAt)",
+  "function getMember(uint256 appId, address account) view returns (tuple(address account, string nickname, uint8 roles, uint64 joinedAt))",
+  "function isMember(uint256 appId, address account) view returns (bool)",
+  "function getApplicationMembers(uint256 appId) view returns (address[])",
+  // Permissions
+  "function canReadTopic(uint256 topicId, address user) view returns (bool)",
+  "function canWriteToTopic(uint256 topicId, address user) view returns (bool)",
+  "function getTopicPermission(uint256 topicId, address user) view returns (uint8)",
+  "function topicPermissions(uint256, address) view returns (uint8)",
+  // Nicknames
+  "function getNickname(uint256 appId, address user) view returns (string)",
+  "function hasNickname(uint256 appId, address user) view returns (bool)",
+  "function canChangeNickname(uint256 appId, address user) view returns (bool canChange, uint256 timeRemaining)",
+  "function appNicknameCooldown(uint256 appId) view returns (uint256)",
+  // Fees
+  "function getTopicMessageFee(uint256 topicId) view returns (address token, uint256 amount)",
+  // ===== WRITE FUNCTIONS =====
+  // Applications
+  "function createApplication(string name, string description, string frontendUrl, bool allowPublicTopicCreation) returns (uint256)",
+  "function updateApplicationFrontendUrl(uint256 appId, string frontendUrl)",
+  // Topics
+  "function createTopic(uint256 appId, string name, string description, uint8 accessLevel) returns (uint256)",
+  "function setTopicPermission(uint256 topicId, address user, uint8 permission)",
+  // Members
+  "function addMember(uint256 appId, address member, string nickname, uint8 roles)",
+  "function removeMember(uint256 appId, address member)",
+  "function updateMemberRoles(uint256 appId, address member, uint8 roles)",
+  "function updateMemberNickname(uint256 appId, string nickname)",
+  // Nicknames (V3)
+  "function setNickname(uint256 appId, string nickname)",
+  "function clearNickname(uint256 appId)",
+  "function setNicknameCooldown(uint256 appId, uint256 cooldownSeconds)",
+  // Messaging
+  "function sendMessage(uint256 topicId, bytes payload)",
+  // Fees
+  "function setTopicCreationFee(uint256 appId, address feeTokenAddr, uint256 feeAmount)",
+  "function setTopicMessageFee(uint256 topicId, address feeTokenAddr, uint256 feeAmount)",
+  // ===== EVENTS =====
+  "event ApplicationCreated(uint256 indexed applicationId, string name, address indexed owner)",
+  "event TopicCreated(uint256 indexed topicId, uint256 indexed applicationId, string name, address indexed creator, uint8 accessLevel)",
+  "event MemberAdded(uint256 indexed applicationId, address indexed member, string nickname, uint8 roles)",
+  "event MemberRemoved(uint256 indexed applicationId, address indexed member)",
+  "event MemberRolesUpdated(uint256 indexed applicationId, address indexed member, uint8 roles)",
+  "event NicknameUpdated(uint256 indexed applicationId, address indexed member, string nickname)",
+  "event UserNicknameSet(uint256 indexed applicationId, address indexed user, string nickname)",
+  "event TopicPermissionSet(uint256 indexed topicId, address indexed user, uint8 permission)",
+  "event MessageSent(uint256 indexed topicId, address indexed sender, bytes payload, uint256 timestamp)",
+  "event TopicMessageFeeUpdated(uint256 indexed topicId, address token, uint256 amount)"
+];
+var KEY_MANAGER_ABI = [
+  // ===== READ FUNCTIONS =====
+  "function hasPublicKey(address user) view returns (bool)",
+  "function getPublicKey(address user) view returns (bytes)",
+  "function publicKeys(address) view returns (bytes)",
+  "function hasKeyAccess(uint256 topicId, address user) view returns (bool)",
+  "function getMyKey(uint256 topicId) view returns (bytes encryptedKey, bytes granterPublicKey, address granter, uint256 keyVersion, uint256 currentVersion)",
+  "function getKeyGrant(uint256 topicId, address user) view returns (tuple(bytes encryptedKey, bytes granterPublicKey, address granter, uint256 keyVersion, uint64 grantedAt))",
+  "function keyVersions(uint256 topicId) view returns (uint256)",
+  // ===== WRITE FUNCTIONS =====
+  "function registerPublicKey(bytes publicKey)",
+  "function grantKeyAccess(uint256 topicId, address user, bytes encryptedKey)",
+  "function batchGrantKeyAccess(uint256 topicId, address[] users, bytes[] encryptedKeys)",
+  "function revokeKeyAccess(uint256 topicId, address user)",
+  "function rotateKey(uint256 topicId)",
+  // ===== EVENTS =====
+  "event PublicKeyRegistered(address indexed user, bytes publicKey)",
+  "event PublicKeyUpdated(address indexed user, bytes publicKey)",
+  "event KeyAccessGranted(uint256 indexed topicId, address indexed user, address indexed granter, uint256 version)",
+  "event KeyAccessRevoked(uint256 indexed topicId, address indexed user)",
+  "event KeyRotated(uint256 indexed topicId, uint256 newVersion)"
+];
+// src/crypto/encrypt.ts
+var import_pbkdf2 = require("@noble/hashes/pbkdf2");
+var import_sha256 = require("@noble/hashes/sha256");
+var import_aes = require("@noble/ciphers/aes");
+var import_utils = require("@noble/hashes/utils");
+// src/types.ts
+var AccessLevel = /* @__PURE__ */ ((AccessLevel2) => {
+  AccessLevel2[AccessLevel2["PUBLIC"] = 0] = "PUBLIC";
+  AccessLevel2[AccessLevel2["PUBLIC_LIMITED"] = 1] = "PUBLIC_LIMITED";
+  AccessLevel2[AccessLevel2["PRIVATE"] = 2] = "PRIVATE";
+  return AccessLevel2;
+})(AccessLevel || {});
+var Permission = /* @__PURE__ */ ((Permission2) => {
+  Permission2[Permission2["NONE"] = 0] = "NONE";
+  Permission2[Permission2["READ"] = 1] = "READ";
+  Permission2[Permission2["WRITE"] = 2] = "WRITE";
+  Permission2[Permission2["READ_WRITE"] = 3] = "READ_WRITE";
+  Permission2[Permission2["ADMIN"] = 4] = "ADMIN";
+  return Permission2;
+})(Permission || {});
+var Role = /* @__PURE__ */ ((Role2) => {
+  Role2[Role2["MEMBER"] = 1] = "MEMBER";
+  Role2[Role2["SUPPORT_MANAGER"] = 2] = "SUPPORT_MANAGER";
+  Role2[Role2["TOPIC_MANAGER"] = 4] = "TOPIC_MANAGER";
+  Role2[Role2["ADMIN"] = 8] = "ADMIN";
+  Role2[Role2["OWNER_DELEGATE"] = 16] = "OWNER_DELEGATE";
+  return Role2;
+})(Role || {});
+// src/constants.ts
+var ACCESS_PUBLIC = 0 /* PUBLIC */;
+var ACCESS_PUBLIC_LIMITED = 1 /* PUBLIC_LIMITED */;
+var ACCESS_PRIVATE = 2 /* PRIVATE */;
+var PERMISSION_NONE = 0 /* NONE */;
+var PERMISSION_READ = 1 /* READ */;
+var PERMISSION_WRITE = 2 /* WRITE */;
+var PERMISSION_READ_WRITE = 3 /* READ_WRITE */;
+var PERMISSION_ADMIN = 4 /* ADMIN */;
+var ROLE_MEMBER = 1 /* MEMBER */;
+var ROLE_SUPPORT_MANAGER = 2 /* SUPPORT_MANAGER */;
+var ROLE_TOPIC_MANAGER = 4 /* TOPIC_MANAGER */;
+var ROLE_ADMIN = 8 /* ADMIN */;
+var ROLE_OWNER_DELEGATE = 16 /* OWNER_DELEGATE */;
+var PUBLIC_KEY_MATERIAL_PREFIX = "antenna-public-topic-";
+var SALT_PREFIX = "antenna-v2-salt-";
+var PBKDF2_ITERATIONS = 1e5;
+var ECDH_HKDF_SALT = "antenna-ecdh-v1";
+var ECDH_HKDF_INFO = "topic-key-encryption";
+var ECDH_DERIVATION_MESSAGE = (address, appId) => `Clawntenna ECDH Key Derivation
+This signature generates your encryption key.
+It never leaves your device.
+Wallet: ${address}
+App: ${appId}
+Chain: Base (8453)`;
+// src/crypto/encrypt.ts
+var encoder = new TextEncoder();
+var decoder = new TextDecoder();
+function derivePublicTopicKey(topicId) {
+  const keyMaterial = PUBLIC_KEY_MATERIAL_PREFIX + topicId;
+  const salt = encoder.encode(SALT_PREFIX + topicId);
+  return (0, import_pbkdf2.pbkdf2)(import_sha256.sha256, keyMaterial, salt, { c: PBKDF2_ITERATIONS, dkLen: 32 });
+}
+function deriveKeyFromPassphrase(passphrase, topicId) {
+  const salt = encoder.encode(SALT_PREFIX + topicId);
+  return (0, import_pbkdf2.pbkdf2)(import_sha256.sha256, passphrase, salt, { c: PBKDF2_ITERATIONS, dkLen: 32 });
+}
+function encrypt(plaintext, key) {
+  const iv = (0, import_utils.randomBytes)(12);
+  const aes = (0, import_aes.gcm)(key, iv);
+  const ciphertext = aes.encrypt(encoder.encode(plaintext));
+  const payload = {
+    e: true,
+    v: 2,
+    iv: toBase64(iv),
+    ct: toBase64(ciphertext)
+  };
+  return JSON.stringify(payload);
+}
+function decrypt(jsonStr, key) {
+  try {
+    const data = JSON.parse(jsonStr);
+    if (!data.e) {
+      return jsonStr;
+    }
+    const iv = fromBase64(data.iv);
+    const ct = fromBase64(data.ct);
+    const aes = (0, import_aes.gcm)(key, iv);
+    const decrypted = aes.decrypt(ct);
+    return decoder.decode(decrypted);
+  } catch {
+    return null;
+  }
+}
+function encryptMessage(text, key, options) {
+  const content = { text };
+  if (options?.replyTo) content.replyTo = options.replyTo;
+  if (options?.mentions) content.mentions = options.mentions;
+  return encrypt(JSON.stringify(content), key);
+}
+function decryptMessage(jsonStr, key) {
+  const decrypted = decrypt(jsonStr, key);
+  if (!decrypted) return null;
+  try {
+    const content = JSON.parse(decrypted);
+    if (typeof content === "object" && content.text) {
+      return {
+        text: content.text,
+        replyTo: content.replyTo || null,
+        mentions: content.mentions || null
+      };
+    }
+    return { text: decrypted, replyTo: null, mentions: null };
+  } catch {
+    return { text: decrypted, replyTo: null, mentions: null };
+  }
+}
+function toBase64(bytes) {
+  if (typeof Buffer !== "undefined") {
+    return Buffer.from(bytes).toString("base64");
+  }
+  return btoa(String.fromCharCode(...bytes));
+}
+function fromBase64(str) {
+  if (typeof Buffer !== "undefined") {
+    return new Uint8Array(Buffer.from(str, "base64"));
+  }
+  return Uint8Array.from(atob(str), (c) => c.charCodeAt(0));
+}
+// src/crypto/ecdh.ts
+var import_secp256k1 = require("@noble/curves/secp256k1");
+var import_hkdf = require("@noble/hashes/hkdf");
+var import_sha2562 = require("@noble/hashes/sha256");
+var import_aes2 = require("@noble/ciphers/aes");
+var import_utils2 = require("@noble/hashes/utils");
+var encoder2 = new TextEncoder();
+async function deriveKeypairFromSignature(walletAddress, signMessage, appId = 1) {
+  const message = ECDH_DERIVATION_MESSAGE(walletAddress, appId);
+  const signature = await signMessage(message);
+  const sigBytes = encoder2.encode(signature);
+  const hashBuffer = (0, import_sha2562.sha256)(sigBytes);
+  const privateKey = new Uint8Array(hashBuffer);
+  const publicKey = import_secp256k1.secp256k1.getPublicKey(privateKey, true);
+  return { privateKey, publicKey };
+}
+function keypairFromPrivateKey(privateKeyHex) {
+  const cleaned = privateKeyHex.startsWith("0x") ? privateKeyHex.slice(2) : privateKeyHex;
+  const privateKey = hexToBytes(cleaned);
+  const publicKey = import_secp256k1.secp256k1.getPublicKey(privateKey, true);
+  return { privateKey, publicKey };
+}
+function computeSharedSecret(ourPrivateKey, theirPublicKey) {
+  const sharedPoint = import_secp256k1.secp256k1.getSharedSecret(ourPrivateKey, theirPublicKey);
+  return sharedPoint.slice(1, 33);
+}
+function deriveAESKeyFromSecret(sharedSecret, info = ECDH_HKDF_INFO) {
+  return (0, import_hkdf.hkdf)(import_sha2562.sha256, sharedSecret, encoder2.encode(ECDH_HKDF_SALT), info, 32);
+}
+function encryptTopicKeyForUser(topicKey, ourPrivateKey, recipientPublicKey) {
+  const shared = computeSharedSecret(ourPrivateKey, recipientPublicKey);
+  const aesKey = deriveAESKeyFromSecret(shared);
+  const iv = (0, import_utils2.randomBytes)(12);
+  const aes = (0, import_aes2.gcm)(aesKey, iv);
+  const ciphertext = aes.encrypt(topicKey);
+  const result = new Uint8Array(iv.length + ciphertext.length);
+  result.set(iv);
+  result.set(ciphertext, iv.length);
+  return result;
+}
+function decryptTopicKey(encryptedKey, ourPrivateKey, granterPublicKey) {
+  const shared = computeSharedSecret(ourPrivateKey, granterPublicKey);
+  const aesKey = deriveAESKeyFromSecret(shared);
+  const iv = encryptedKey.slice(0, 12);
+  const ciphertext = encryptedKey.slice(12);
+  const aes = (0, import_aes2.gcm)(aesKey, iv);
+  return aes.decrypt(ciphertext);
+}
+function bytesToHex(bytes) {
+  return "0x" + Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function hexToBytes(hex) {
+  const cleaned = hex.startsWith("0x") ? hex.slice(2) : hex;
+  return new Uint8Array(cleaned.match(/.{1,2}/g).map((b) => parseInt(b, 16)));
+}
+// src/client.ts
+var Clawntenna = class {
+  provider;
+  wallet;
+  registry;
+  keyManager;
+  chainName;
+  // In-memory ECDH state
+  ecdhPrivateKey = null;
+  ecdhPublicKey = null;
+  topicKeys = /* @__PURE__ */ new Map();
+  constructor(options = {}) {
+    const chainName = options.chain ?? "base";
+    const chain = CHAINS[chainName];
+    if (!chain) throw new Error(`Unsupported chain: ${chainName}`);
+    this.chainName = chainName;
+    const rpcUrl = options.rpcUrl ?? chain.rpc;
+    this.provider = new import_ethers.ethers.JsonRpcProvider(rpcUrl);
+    const registryAddr = options.registryAddress ?? chain.registry;
+    const keyManagerAddr = options.keyManagerAddress ?? chain.keyManager;
+    if (options.privateKey) {
+      this.wallet = new import_ethers.ethers.Wallet(options.privateKey, this.provider);
+      this.registry = new import_ethers.ethers.Contract(registryAddr, REGISTRY_ABI, this.wallet);
+      this.keyManager = new import_ethers.ethers.Contract(keyManagerAddr, KEY_MANAGER_ABI, this.wallet);
+    } else {
+      this.wallet = null;
+      this.registry = new import_ethers.ethers.Contract(registryAddr, REGISTRY_ABI, this.provider);
+      this.keyManager = new import_ethers.ethers.Contract(keyManagerAddr, KEY_MANAGER_ABI, this.provider);
+    }
+  }
+  get address() {
+    return this.wallet?.address ?? null;
+  }
+  // ===== MESSAGING =====
+  /**
+   * Send an encrypted message to a topic.
+   * Automatically determines encryption key based on topic access level.
+   */
+  async sendMessage(topicId, text, options) {
+    if (!this.wallet) throw new Error("Wallet required to send messages");
+    const key = await this.getEncryptionKey(topicId);
+    const encrypted = encryptMessage(text, key, {
+      replyTo: options?.replyTo,
+      mentions: options?.mentions
+    });
+    return this.registry.sendMessage(topicId, import_ethers.ethers.toUtf8Bytes(encrypted));
+  }
+  /**
+   * Read and decrypt recent messages from a topic.
+   */
+  async readMessages(topicId, options) {
+    const limit = options?.limit ?? 50;
+    const fromBlock = options?.fromBlock ?? -1e5;
+    const key = await this.getEncryptionKey(topicId);
+    const filter = this.registry.filters.MessageSent(topicId);
+    const events = await this.registry.queryFilter(filter, fromBlock);
+    const messages = [];
+    const recent = events.slice(-limit);
+    for (const event of recent) {
+      const log = event;
+      const payloadStr = import_ethers.ethers.toUtf8String(log.args.payload);
+      const parsed = decryptMessage(payloadStr, key);
+      messages.push({
+        topicId: BigInt(topicId),
+        sender: log.args.sender,
+        text: parsed?.text ?? "[decryption failed]",
+        replyTo: parsed?.replyTo ?? null,
+        mentions: parsed?.mentions ?? null,
+        timestamp: log.args.timestamp,
+        txHash: log.transactionHash,
+        blockNumber: log.blockNumber
+      });
+    }
+    return messages;
+  }
+  /**
+   * Subscribe to real-time messages on a topic.
+   * Returns an unsubscribe function.
+   */
+  onMessage(topicId, callback) {
+    let key = null;
+    this.getEncryptionKey(topicId).then((k) => {
+      key = k;
+    });
+    const handler = (tId, sender, payload, timestamp, event) => {
+      if (!key) return;
+      const payloadStr = import_ethers.ethers.toUtf8String(payload);
+      const parsed = decryptMessage(payloadStr, key);
+      callback({
+        topicId: tId,
+        sender,
+        text: parsed?.text ?? "[decryption failed]",
+        replyTo: parsed?.replyTo ?? null,
+        mentions: parsed?.mentions ?? null,
+        timestamp,
+        txHash: event.transactionHash,
+        blockNumber: event.blockNumber
+      });
+    };
+    this.registry.on(this.registry.filters.MessageSent(topicId), handler);
+    return () => {
+      this.registry.off(this.registry.filters.MessageSent(topicId), handler);
+    };
+  }
+  // ===== NICKNAMES =====
+  async setNickname(appId, nickname) {
+    if (!this.wallet) throw new Error("Wallet required");
+    return this.registry.setNickname(appId, nickname);
+  }
+  async getNickname(appId, address) {
+    return this.registry.getNickname(appId, address);
+  }
+  // ===== TOPICS =====
+  async createTopic(appId, name, description, accessLevel) {
+    if (!this.wallet) throw new Error("Wallet required");
+    return this.registry.createTopic(appId, name, description, accessLevel);
+  }
+  async getTopic(topicId) {
+    const t = await this.registry.getTopic(topicId);
+    return {
+      id: t.id,
+      applicationId: t.applicationId,
+      name: t.name,
+      description: t.description,
+      owner: t.owner,
+      creator: t.creator,
+      createdAt: t.createdAt,
+      lastMessageAt: t.lastMessageAt,
+      messageCount: t.messageCount,
+      accessLevel: Number(t.accessLevel),
+      active: t.active
+    };
+  }
+  async getApplicationTopics(appId) {
+    return this.registry.getApplicationTopics(appId);
+  }
+  async setTopicPermission(topicId, user, permission) {
+    if (!this.wallet) throw new Error("Wallet required");
+    return this.registry.setTopicPermission(topicId, user, permission);
+  }
+  // ===== MEMBERS =====
+  async addMember(appId, address, nickname, roles) {
+    if (!this.wallet) throw new Error("Wallet required");
+    return this.registry.addMember(appId, address, nickname, roles);
+  }
+  async removeMember(appId, address) {
+    if (!this.wallet) throw new Error("Wallet required");
+    return this.registry.removeMember(appId, address);
+  }
+  async updateMemberRoles(appId, address, roles) {
+    if (!this.wallet) throw new Error("Wallet required");
+    return this.registry.updateMemberRoles(appId, address, roles);
+  }
+  async getMember(appId, address) {
+    const m = await this.registry.getMember(appId, address);
+    return {
+      account: m.account,
+      nickname: m.nickname,
+      roles: Number(m.roles),
+      joinedAt: m.joinedAt
+    };
+  }
+  async isMember(appId, address) {
+    return this.registry.isMember(appId, address);
+  }
+  async getApplicationMembers(appId) {
+    return this.registry.getApplicationMembers(appId);
+  }
+  // ===== ACCESS CHECKS =====
+  async canRead(topicId, address) {
+    return this.registry.canReadTopic(topicId, address);
+  }
+  async canWrite(topicId, address) {
+    return this.registry.canWriteToTopic(topicId, address);
+  }
+  // ===== APPLICATIONS =====
+  async createApplication(name, description, frontendUrl, allowPublicTopicCreation) {
+    if (!this.wallet) throw new Error("Wallet required");
+    return this.registry.createApplication(name, description, frontendUrl, allowPublicTopicCreation);
+  }
+  async getApplication(appId) {
+    const a = await this.registry.getApplication(appId);
+    return {
+      id: a.id,
+      name: a.name,
+      description: a.description,
+      frontendUrl: a.frontendUrl,
+      owner: a.owner,
+      createdAt: a.createdAt,
+      memberCount: Number(a.memberCount),
+      topicCount: Number(a.topicCount),
+      active: a.active,
+      allowPublicTopicCreation: a.allowPublicTopicCreation,
+      topicCreationFeeToken: a.topicCreationFeeToken,
+      topicCreationFeeAmount: a.topicCreationFeeAmount
+    };
+  }
+  // ===== FEES =====
+  async getTopicMessageFee(topicId) {
+    const [token, amount] = await this.registry.getTopicMessageFee(topicId);
+    return { token, amount };
+  }
+  // ===== ECDH (Private Topics) =====
+  /**
+   * Derive ECDH keypair from wallet signature (deterministic).
+   * Requires a signer capable of signing messages.
+   */
+  async deriveECDHFromWallet(appId = 1) {
+    if (!this.wallet) throw new Error("Wallet required");
+    const { privateKey, publicKey } = await deriveKeypairFromSignature(
+      this.wallet.address,
+      (msg) => this.wallet.signMessage(msg),
+      appId
+    );
+    this.ecdhPrivateKey = privateKey;
+    this.ecdhPublicKey = publicKey;
+    return { publicKey };
+  }
+  /**
+   * Load ECDH keypair from a hex private key (e.g. from credentials file).
+   */
+  loadECDHKeypair(privateKeyHex) {
+    const { privateKey, publicKey } = keypairFromPrivateKey(privateKeyHex);
+    this.ecdhPrivateKey = privateKey;
+    this.ecdhPublicKey = publicKey;
+  }
+  /**
+   * Register ECDH public key on-chain.
+   */
+  async registerPublicKey() {
+    if (!this.wallet) throw new Error("Wallet required");
+    if (!this.ecdhPublicKey) throw new Error("ECDH key not derived yet");
+    const hasKey = await this.keyManager.hasPublicKey(this.wallet.address);
+    if (hasKey) {
+      throw new Error("Public key already registered on-chain");
+    }
+    return this.keyManager.registerPublicKey(this.ecdhPublicKey);
+  }
+  /**
+   * Fetch and decrypt the topic symmetric key from an on-chain ECDH grant.
+   */
+  async fetchAndDecryptTopicKey(topicId) {
+    if (!this.ecdhPrivateKey) throw new Error("ECDH key not derived yet");
+    const grant = await this.keyManager.getMyKey(topicId);
+    const encryptedKey = import_ethers.ethers.getBytes(grant.encryptedKey);
+    const granterPubKey = import_ethers.ethers.getBytes(grant.granterPublicKey);
+    const topicKey = decryptTopicKey(encryptedKey, this.ecdhPrivateKey, granterPubKey);
+    this.topicKeys.set(topicId, topicKey);
+    return topicKey;
+  }
+  /**
+   * Grant a user access to a private topic's symmetric key.
+   */
+  async grantKeyAccess(topicId, userAddress, topicKey) {
+    if (!this.wallet) throw new Error("Wallet required");
+    if (!this.ecdhPrivateKey) throw new Error("ECDH key not derived yet");
+    const userPubKeyBytes = import_ethers.ethers.getBytes(await this.keyManager.getPublicKey(userAddress));
+    const encrypted = encryptTopicKeyForUser(topicKey, this.ecdhPrivateKey, userPubKeyBytes);
+    return this.keyManager.grantKeyAccess(topicId, userAddress, encrypted);
+  }
+  /**
+   * Store a pre-known topic key (e.g. loaded from credentials).
+   */
+  setTopicKey(topicId, key) {
+    this.topicKeys.set(topicId, key);
+  }
+  // ===== INTERNAL =====
+  /**
+   * Get the encryption key for a topic, determining the type automatically.
+   */
+  async getEncryptionKey(topicId) {
+    const storedKey = this.topicKeys.get(topicId);
+    if (storedKey) return storedKey;
+    const topic = await this.getTopic(topicId);
+    if (topic.accessLevel === 2 /* PRIVATE */) {
+      throw new Error(
+        `Topic ${topicId} is PRIVATE. Call fetchAndDecryptTopicKey() or setTopicKey() first.`
+      );
+    }
+    return derivePublicTopicKey(topicId);
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ACCESS_PRIVATE,
+  ACCESS_PUBLIC,
+  ACCESS_PUBLIC_LIMITED,
+  AccessLevel,
+  CHAINS,
+  CHAIN_IDS,
+  Clawntenna,
+  KEY_MANAGER_ABI,
+  PERMISSION_ADMIN,
+  PERMISSION_NONE,
+  PERMISSION_READ,
+  PERMISSION_READ_WRITE,
+  PERMISSION_WRITE,
+  Permission,
+  REGISTRY_ABI,
+  ROLE_ADMIN,
+  ROLE_MEMBER,
+  ROLE_OWNER_DELEGATE,
+  ROLE_SUPPORT_MANAGER,
+  ROLE_TOPIC_MANAGER,
+  Role,
+  bytesToHex,
+  computeSharedSecret,
+  decrypt,
+  decryptMessage,
+  decryptTopicKey,
+  deriveAESKeyFromSecret,
+  deriveKeyFromPassphrase,
+  deriveKeypairFromSignature,
+  derivePublicTopicKey,
+  encrypt,
+  encryptMessage,
+  encryptTopicKeyForUser,
+  getChain,
+  hexToBytes,
+  keypairFromPrivateKey
+});
+//# sourceMappingURL=index.cjs.map