kontext-sdk 0.9.0 → 0.11.0

package/dist/index.mjs

@@ -1,6 +1,6 @@
 import { createHash } from 'crypto';
-import * as fs4 from 'fs';
-import * as path4 from 'path';
+import * as fs5 from 'fs';
+import * as path5 from 'path';
 
 var __defProp = Object.defineProperty;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -1951,13 +1951,13 @@ var ActionLogger = class {
   }
   flushToFile(actions) {
     const outputDir = this.config.localOutputDir ?? ".kontext";
-    const logDir = path4.join(outputDir, "logs");
+    const logDir = path5.join(outputDir, "logs");
     try {
-      fs4.mkdirSync(logDir, { recursive: true });
+      fs5.mkdirSync(logDir, { recursive: true });
       const filename = `actions-${(/* @__PURE__ */ new Date()).toISOString().split("T")[0]}.jsonl`;
-      const filePath = path4.join(logDir, filename);
+      const filePath = path5.join(logDir, filename);
       const lines = actions.map((a) => JSON.stringify(a)).join("\n") + "\n";
-      fs4.appendFileSync(filePath, lines, "utf-8");
+      fs5.appendFileSync(filePath, lines, "utf-8");
     } catch (error) {
       this.emitLog("warn", "Failed to write log file", { error });
     }
@@ -2567,9 +2567,9 @@ var SANCTIONED_SET = new Set(
 function loadCachedSDN() {
   try {
     const dataDir = process.env["KONTEXT_DATA_DIR"] || ".kontext";
-    const cachePath = path4.join(dataDir, "ofac-sdn-cache.json");
-    if (fs4.existsSync(cachePath)) {
-      const cache = JSON.parse(fs4.readFileSync(cachePath, "utf-8"));
+    const cachePath = path5.join(dataDir, "ofac-sdn-cache.json");
+    if (fs5.existsSync(cachePath)) {
+      const cache = JSON.parse(fs5.readFileSync(cachePath, "utf-8"));
       if (Array.isArray(cache.addresses)) {
         for (const addr of cache.addresses) {
           SANCTIONED_SET.add(String(addr).toLowerCase());
@@ -3625,7 +3625,9 @@ var FEATURE_MIN_PLAN = {
   "unified-screening": "pro",
   "blocklist-manager": "pro",
   "kya-identity": "pro",
-  "kya-behavioral": "enterprise"
+  "kya-behavioral": "enterprise",
+  "coinbase-wallets": "enterprise",
+  "metamask-wallets": "enterprise"
 };
 var PLAN_RANK = { free: 0, pro: 1, enterprise: 2 };
 var FEATURE_LABELS = {
@@ -3644,7 +3646,9 @@ var FEATURE_LABELS = {
   "unified-screening": "Unified screening (OFAC, Chainalysis, OpenSanctions)",
   "blocklist-manager": "Custom blocklist/allowlist manager",
   "kya-identity": "KYA identity resolution (declared identity, wallet clustering)",
-  "kya-behavioral": "KYA behavioral fingerprinting (cross-session linking, confidence scoring)"
+  "kya-behavioral": "KYA behavioral fingerprinting (cross-session linking, confidence scoring)",
+  "coinbase-wallets": "Coinbase Developer Platform Wallets",
+  "metamask-wallets": "MetaMask Embedded Wallets"
 };
 function isFeatureAvailable(feature, currentPlan) {
   const requiredPlan = FEATURE_MIN_PLAN[feature];
@@ -3690,7 +3694,7 @@ var JsonFileExporter = class {
   buffer = [];
   bufferSize;
   constructor(options) {
-    this.outputDir = path4.resolve(options?.outputDir ?? ".kontext/exports");
+    this.outputDir = path5.resolve(options?.outputDir ?? ".kontext/exports");
     this.bufferSize = options?.bufferSize ?? 1;
   }
   async export(events) {
@@ -3705,11 +3709,11 @@ var JsonFileExporter = class {
     const toWrite = [...this.buffer];
     this.buffer = [];
     try {
-      fs4.mkdirSync(this.outputDir, { recursive: true });
+      fs5.mkdirSync(this.outputDir, { recursive: true });
       const date = (/* @__PURE__ */ new Date()).toISOString().split("T")[0];
-      const filePath = path4.join(this.outputDir, `events-${date}.jsonl`);
+      const filePath = path5.join(this.outputDir, `events-${date}.jsonl`);
       const lines = toWrite.map((e) => JSON.stringify(e)).join("\n") + "\n";
-      fs4.appendFileSync(filePath, lines, "utf-8");
+      fs5.appendFileSync(filePath, lines, "utf-8");
     } catch (error) {
       console.warn("[Kontext JsonFileExporter] Failed to write events:", error);
     }
@@ -3879,6 +3883,218 @@ function extractDocumentId(resourceName) {
   const parts = resourceName.split("/");
   return parts[parts.length - 1] ?? resourceName;
 }
+var CONFIG_FILENAME = "kontext.config.json";
+function loadConfigFile(startDir) {
+  const dir = startDir ?? process.cwd();
+  const filePath = findConfigFile(dir);
+  if (!filePath) return null;
+  try {
+    const raw = fs5.readFileSync(filePath, "utf-8");
+    const parsed = JSON.parse(raw);
+    if (!parsed.projectId || typeof parsed.projectId !== "string") {
+      return null;
+    }
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+function findConfigFile(dir) {
+  let current = path5.resolve(dir);
+  const root = path5.parse(current).root;
+  while (true) {
+    const candidate = path5.join(current, CONFIG_FILENAME);
+    if (fs5.existsSync(candidate)) {
+      return candidate;
+    }
+    const parent = path5.dirname(current);
+    if (parent === current || current === root) {
+      return null;
+    }
+    current = parent;
+  }
+}
+
+// src/integrations/data/stablecoin-contracts.ts
+var STABLECOIN_CONTRACTS = {
+  // USDC (6 decimals)
+  "0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48": { token: "USDC", chain: "ethereum", decimals: 6 },
+  "0x833589fcd6edb6e08f4c7c32d4f71b54bda02913": { token: "USDC", chain: "base", decimals: 6 },
+  "0x3c499c542cef5e3811e1192ce70d8cc03d5c3359": { token: "USDC", chain: "polygon", decimals: 6 },
+  "0xaf88d065e77c8cc2239327c5edb3a432268e5831": { token: "USDC", chain: "arbitrum", decimals: 6 },
+  "0x0b2c639c533813f4aa9d7837caf62653d097ff85": { token: "USDC", chain: "optimism", decimals: 6 },
+  "0xb97ef9ef8734c71904d8002f8b6bc66dd9c48a6e": { token: "USDC", chain: "avalanche", decimals: 6 },
+  // USDT (6 decimals)
+  "0xdac17f958d2ee523a2206206994597c13d831ec7": { token: "USDT", chain: "ethereum", decimals: 6 },
+  "0xfd086bc7cd5c481dcc9c85ebe478a1c0b69fcbb9": { token: "USDT", chain: "arbitrum", decimals: 6 },
+  "0x94b008aa00579c1307b0ef2c499ad98a8ce58e58": { token: "USDT", chain: "optimism", decimals: 6 },
+  "0xc2132d05d31c914a87c6611c10748aeb04b58e8f": { token: "USDT", chain: "polygon", decimals: 6 },
+  // DAI (18 decimals)
+  "0x6b175474e89094c44da98b954eedeac495271d0f": { token: "DAI", chain: "ethereum", decimals: 18 },
+  "0x50c5725949a6f0c72e6c4a641f24049a917db0cb": { token: "DAI", chain: "base", decimals: 18 },
+  // EURC (6 decimals)
+  "0x1abaea1f7c830bd89acc67ec4af516284b1bc33c": { token: "EURC", chain: "ethereum", decimals: 6 },
+  "0x60a3e35cc302bfa44cb288bc5a4f316fdb1adb42": { token: "EURC", chain: "base", decimals: 6 }
+};
+new Set(Object.keys(STABLECOIN_CONTRACTS));
+var CHAIN_ID_MAP = {
+  1: "ethereum",
+  8453: "base",
+  137: "polygon",
+  42161: "arbitrum",
+  10: "optimism",
+  43114: "avalanche"
+};
+var TRANSFER_SELECTOR = "0xa9059cbb";
+var TRANSFER_FROM_SELECTOR = "0x23b872dd";
+var TRANSFER_EVENT_ABI = {
+  type: "event",
+  name: "Transfer",
+  inputs: [
+    { type: "address", name: "from", indexed: true },
+    { type: "address", name: "to", indexed: true },
+    { type: "uint256", name: "value", indexed: false }
+  ]
+};
+
+// src/integrations/wallet-monitor.ts
+var WalletMonitor = class {
+  kontext;
+  config;
+  agentId;
+  tokens;
+  unwatchers = [];
+  running = false;
+  /** Shared dedup set — tracks recently verified txHashes (populated by both layers) */
+  verifiedTxHashes = /* @__PURE__ */ new Set();
+  cleanupTimer = null;
+  txTimestamps = /* @__PURE__ */ new Map();
+  constructor(kontext, config, options) {
+    this.kontext = kontext;
+    this.config = config;
+    this.agentId = options?.agentId ?? "wallet-monitor";
+    this.tokens = options?.tokens ? new Set(options.tokens) : null;
+  }
+  /**
+   * Mark a txHash as already verified (called by the viem interceptor layer).
+   * The monitor will skip this tx if it later sees it on-chain.
+   */
+  markVerified(txHash) {
+    const lower = txHash.toLowerCase();
+    this.verifiedTxHashes.add(lower);
+    this.txTimestamps.set(lower, Date.now());
+  }
+  /**
+   * Start watching all configured chains for stablecoin transfers.
+   * Dynamically imports viem — requires viem as a peer dependency.
+   */
+  async start() {
+    if (this.running) return;
+    let viem;
+    try {
+      viem = await import('viem');
+    } catch {
+      throw new Error(
+        "Wallet monitoring requires viem. Install it: npm install viem"
+      );
+    }
+    const { createPublicClient, http } = viem;
+    const wallets = this.config.wallets.map((w) => w.toLowerCase());
+    const pollingInterval = this.config.pollingIntervalMs ?? 12e3;
+    const contractsByChain = /* @__PURE__ */ new Map();
+    for (const [address, info] of Object.entries(STABLECOIN_CONTRACTS)) {
+      if (this.tokens && !this.tokens.has(info.token)) continue;
+      const existing = contractsByChain.get(info.chain) ?? [];
+      existing.push({ address, info });
+      contractsByChain.set(info.chain, existing);
+    }
+    for (const [chain, contracts] of contractsByChain) {
+      const rpcUrl = this.config.rpcEndpoints[chain];
+      if (!rpcUrl) continue;
+      const client = createPublicClient({
+        transport: http(rpcUrl)
+      });
+      for (const { address, info } of contracts) {
+        const unwatch = client.watchEvent({
+          address,
+          event: TRANSFER_EVENT_ABI,
+          args: { from: wallets.length === 1 ? wallets[0] : wallets },
+          poll: true,
+          pollingInterval,
+          onLogs: (logs) => {
+            for (const log of logs) {
+              this.handleTransferLog(log, info);
+            }
+          }
+        });
+        this.unwatchers.push(unwatch);
+      }
+    }
+    this.cleanupTimer = setInterval(() => {
+      const cutoff = Date.now() - 5 * 60 * 1e3;
+      for (const [hash, ts] of this.txTimestamps) {
+        if (ts < cutoff) {
+          this.verifiedTxHashes.delete(hash);
+          this.txTimestamps.delete(hash);
+        }
+      }
+    }, 6e4);
+    this.running = true;
+  }
+  /** Stop all watchers and cleanup */
+  stop() {
+    for (const unwatch of this.unwatchers) {
+      try {
+        unwatch();
+      } catch {
+      }
+    }
+    this.unwatchers.length = 0;
+    if (this.cleanupTimer) {
+      clearInterval(this.cleanupTimer);
+      this.cleanupTimer = null;
+    }
+    this.running = false;
+  }
+  isRunning() {
+    return this.running;
+  }
+  handleTransferLog(log, contractInfo) {
+    const txHash = log.transactionHash;
+    if (!txHash) return;
+    const lowerHash = txHash.toLowerCase();
+    if (this.verifiedTxHashes.has(lowerHash)) return;
+    this.markVerified(txHash);
+    const from = log.args?.from?.toLowerCase() ?? "";
+    const to = log.args?.to?.toLowerCase() ?? "";
+    const value = log.args?.value;
+    if (!from || !to || value === void 0) return;
+    const amount = formatTokenAmount(value, contractInfo.decimals);
+    const verifyInput = {
+      txHash,
+      chain: contractInfo.chain,
+      amount,
+      token: contractInfo.token,
+      from,
+      to,
+      agentId: this.agentId,
+      metadata: {
+        source: "wallet-monitor",
+        contractAddress: log.address
+      }
+    };
+    this.kontext.verify(verifyInput).catch(() => {
+    });
+  }
+};
+function formatTokenAmount(amount, decimals) {
+  const divisor = BigInt(10 ** decimals);
+  const whole = amount / divisor;
+  const fraction = amount % divisor;
+  if (fraction === 0n) return whole.toString();
+  const fractionStr = fraction.toString().padStart(decimals, "0").replace(/0+$/, "");
+  return `${whole}.${fractionStr}`;
+}
 var ProvenanceManager = class {
   store;
   logger;
@@ -5398,6 +5614,602 @@ var KYAConfidenceScorer = class {
   }
 };
 
+// src/integrations/circle-wallets.ts
+var DEFAULT_BASE_URL = "https://api.circle.com";
+var REQUEST_TIMEOUT_MS = 1e4;
+var CircleWalletManager = class {
+  apiKey;
+  entitySecret;
+  baseUrl;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  kontext = null;
+  constructor(config) {
+    if (!config.apiKey) {
+      throw new KontextError(
+        "INITIALIZATION_ERROR" /* INITIALIZATION_ERROR */,
+        "Circle API key is required"
+      );
+    }
+    if (!config.entitySecret) {
+      throw new KontextError(
+        "INITIALIZATION_ERROR" /* INITIALIZATION_ERROR */,
+        "Circle entity secret is required"
+      );
+    }
+    this.apiKey = config.apiKey;
+    this.entitySecret = config.entitySecret;
+    this.baseUrl = config.baseUrl ?? DEFAULT_BASE_URL;
+  }
+  /** Link to Kontext instance for auto-compliance logging */
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  setKontext(kontext) {
+    this.kontext = kontext;
+  }
+  /** Validate credentials by calling Circle's configuration endpoint */
+  async validateCredentials() {
+    try {
+      const res = await fetch(`${this.baseUrl}/v1/w3s/config/entity`, {
+        method: "GET",
+        headers: this.headers(),
+        signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
+      });
+      return res.ok;
+    } catch {
+      return false;
+    }
+  }
+  /** Create a wallet set (container for wallets) */
+  async createWalletSet(input) {
+    const body = {
+      name: input.name,
+      idempotencyKey: input.idempotencyKey ?? generateId(),
+      entitySecretCiphertext: this.entitySecret
+    };
+    const res = await this.request(
+      "POST",
+      "/v1/w3s/developer/walletSets",
+      body
+    );
+    return res.data.walletSet;
+  }
+  /** Create wallet(s) in a wallet set */
+  async createWallet(input) {
+    const body = {
+      walletSetId: input.walletSetId,
+      blockchains: input.blockchains.map((c) => this.mapChain(c)),
+      count: input.count ?? 1,
+      accountType: input.accountType ?? "EOA",
+      idempotencyKey: input.idempotencyKey ?? generateId(),
+      entitySecretCiphertext: this.entitySecret
+    };
+    const res = await this.request(
+      "POST",
+      "/v1/w3s/developer/wallets",
+      body
+    );
+    return res.data.wallets;
+  }
+  /** List wallets, optionally filtered by wallet set */
+  async listWallets(walletSetId) {
+    const qs = walletSetId ? `?walletSetId=${walletSetId}` : "";
+    const res = await this.request(
+      "GET",
+      `/v1/w3s/wallets${qs}`
+    );
+    return res.data.wallets;
+  }
+  /** Get wallet token balances */
+  async getBalance(walletId) {
+    const res = await this.request(
+      "GET",
+      `/v1/w3s/wallets/${walletId}/balances`
+    );
+    return res.data.tokenBalances.map((b) => ({
+      token: b.token.symbol,
+      amount: b.amount
+    }));
+  }
+  /** Transfer with auto-compliance: runs verify() before/after transfer */
+  async transferWithCompliance(input) {
+    let complianceResult;
+    if (this.kontext) {
+      complianceResult = await this.kontext.verify({
+        txHash: `circle-pending-${generateId()}`,
+        chain: input.blockchain,
+        amount: input.amount,
+        token: "USDC",
+        from: input.walletId,
+        to: input.destinationAddress,
+        agentId: input.agentId ?? "circle-wallet-manager"
+      });
+      if (!complianceResult.compliant) {
+        return {
+          id: "",
+          state: "BLOCKED",
+          complianceResult
+        };
+      }
+    }
+    const body = {
+      walletId: input.walletId,
+      tokenAddress: input.tokenAddress,
+      destinationAddress: input.destinationAddress,
+      amounts: [input.amount],
+      blockchain: this.mapChain(input.blockchain),
+      idempotencyKey: input.idempotencyKey ?? generateId(),
+      entitySecretCiphertext: this.entitySecret,
+      feeLevel: "MEDIUM"
+    };
+    const res = await this.request(
+      "POST",
+      "/v1/w3s/developer/transactions/transfer",
+      body
+    );
+    if (this.kontext) {
+      await this.kontext.logReasoning({
+        agentId: input.agentId ?? "circle-wallet-manager",
+        action: "circle-transfer",
+        reasoning: `Circle transfer ${res.data.id}: ${input.amount} to ${input.destinationAddress} on ${input.blockchain}`,
+        confidence: 1,
+        context: { transferId: res.data.id, state: res.data.state }
+      });
+    }
+    return {
+      id: res.data.id,
+      state: res.data.state,
+      txHash: res.data.txHash,
+      complianceResult
+    };
+  }
+  // --------------------------------------------------------------------------
+  // Private helpers
+  // --------------------------------------------------------------------------
+  headers() {
+    return {
+      "Authorization": `Bearer ${this.apiKey}`,
+      "Content-Type": "application/json",
+      "X-Entity-Secret": this.entitySecret
+    };
+  }
+  async request(method, path6, body) {
+    const res = await fetch(`${this.baseUrl}${path6}`, {
+      method,
+      headers: this.headers(),
+      body: body ? JSON.stringify(body) : void 0,
+      signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS)
+    });
+    if (!res.ok) {
+      const text = await res.text().catch(() => "");
+      throw new KontextError(
+        "API_ERROR" /* API_ERROR */,
+        `Circle API error ${res.status}: ${text}`
+      );
+    }
+    return res.json();
+  }
+  mapChain(chain) {
+    const map = {
+      ethereum: "ETH",
+      base: "BASE",
+      polygon: "MATIC",
+      arbitrum: "ARB",
+      optimism: "OP",
+      avalanche: "AVAX",
+      solana: "SOL"
+    };
+    return map[chain] ?? chain.toUpperCase();
+  }
+};
+
+// src/integrations/coinbase-wallets.ts
+var CDP_BASE_URL = "https://api.cdp.coinbase.com";
+var REQUEST_TIMEOUT_MS2 = 1e4;
+var CoinbaseWalletManager = class {
+  apiKeyId;
+  apiKeySecret;
+  walletSecret;
+  baseUrl;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  kontext = null;
+  constructor(config) {
+    if (!config.apiKeyId) {
+      throw new KontextError(
+        "INITIALIZATION_ERROR" /* INITIALIZATION_ERROR */,
+        "Coinbase CDP API Key ID is required"
+      );
+    }
+    if (!config.apiKeySecret) {
+      throw new KontextError(
+        "INITIALIZATION_ERROR" /* INITIALIZATION_ERROR */,
+        "Coinbase CDP API Key Secret is required"
+      );
+    }
+    if (!config.walletSecret) {
+      throw new KontextError(
+        "INITIALIZATION_ERROR" /* INITIALIZATION_ERROR */,
+        "Coinbase CDP Wallet Secret is required"
+      );
+    }
+    this.apiKeyId = config.apiKeyId;
+    this.apiKeySecret = config.apiKeySecret;
+    this.walletSecret = config.walletSecret;
+    this.baseUrl = CDP_BASE_URL;
+  }
+  /** Link to Kontext instance for auto-compliance logging */
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  setKontext(kontext) {
+    this.kontext = kontext;
+  }
+  /** Validate credentials by listing accounts */
+  async validateCredentials() {
+    try {
+      const res = await fetch(`${this.baseUrl}/v1/evm/accounts`, {
+        method: "GET",
+        headers: await this.headers(),
+        signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS2)
+      });
+      return res.ok;
+    } catch {
+      return false;
+    }
+  }
+  /** Create an EVM account */
+  async createAccount(opts) {
+    const body = {};
+    if (opts?.name) body["name"] = opts.name;
+    if (opts?.network) body["network"] = opts.network;
+    const res = await this.request(
+      "POST",
+      "/v1/evm/accounts",
+      body,
+      true
+      // requires wallet auth
+    );
+    return {
+      address: res.address,
+      name: res.name,
+      network: res.network
+    };
+  }
+  /** List accounts */
+  async listAccounts() {
+    const res = await this.request(
+      "GET",
+      "/v1/evm/accounts"
+    );
+    return res.accounts.map((a) => ({
+      address: a.address,
+      name: a.name,
+      network: a.network
+    }));
+  }
+  /** Get token balances for an address */
+  async getBalances(address, network) {
+    const res = await this.request(
+      "GET",
+      `/v1/evm/accounts/${address}/balances?network=${network}`
+    );
+    return res.balances.map((b) => ({
+      token: b.asset,
+      amount: b.amount
+    }));
+  }
+  /** Transfer with auto-compliance: runs verify() before/after transfer */
+  async transferWithCompliance(input) {
+    let complianceResult;
+    if (this.kontext) {
+      const chain = this.mapNetwork(input.network);
+      complianceResult = await this.kontext.verify({
+        txHash: `cdp-pending-${generateId()}`,
+        chain,
+        amount: input.amount,
+        token: input.token,
+        from: input.fromAddress,
+        to: input.toAddress,
+        agentId: input.agentId ?? "coinbase-wallet-manager"
+      });
+      if (!complianceResult.compliant) {
+        return {
+          transactionHash: "",
+          status: "BLOCKED",
+          complianceResult
+        };
+      }
+    }
+    const body = {
+      to: input.toAddress,
+      amount: input.amount,
+      asset: input.token,
+      network: input.network
+    };
+    const res = await this.request(
+      "POST",
+      `/v1/evm/accounts/${input.fromAddress}/transfer`,
+      body,
+      true
+      // requires wallet auth
+    );
+    if (this.kontext) {
+      await this.kontext.logReasoning({
+        agentId: input.agentId ?? "coinbase-wallet-manager",
+        action: "coinbase-transfer",
+        reasoning: `CDP transfer: ${input.amount} ${input.token} from ${input.fromAddress} to ${input.toAddress} on ${input.network}`,
+        confidence: 1,
+        context: { transactionHash: res.transactionHash, status: res.status }
+      });
+    }
+    return {
+      transactionHash: res.transactionHash,
+      status: res.status,
+      complianceResult
+    };
+  }
+  // --------------------------------------------------------------------------
+  // Private helpers
+  // --------------------------------------------------------------------------
+  /**
+   * Build auth headers. CDP uses JWT Bearer tokens:
+   * - API auth: signed with apiKeySecret, apiKeyId as kid, 120s expiry
+   * - Wallet auth: X-Wallet-Auth header signed with walletSecret, 60s expiry
+   *
+   * Note: Full Ed25519 JWT signing requires the jose or crypto module.
+   * This implementation provides the header structure; production use
+   * should integrate with @coinbase/cdp-sdk for proper JWT signing.
+   */
+  async headers(includeWalletAuth = false) {
+    const apiJwt = this.buildJwt(this.apiKeyId, this.apiKeySecret, 120);
+    const hdrs = {
+      "Authorization": `Bearer ${apiJwt}`,
+      "Content-Type": "application/json"
+    };
+    if (includeWalletAuth) {
+      const walletJwt = this.buildJwt("wallet", this.walletSecret, 60);
+      hdrs["X-Wallet-Auth"] = walletJwt;
+    }
+    return hdrs;
+  }
+  /**
+   * Build a minimal JWT structure. In production, this should use Ed25519
+   * signing via the crypto module or jose library. Here we build the
+   * structure that CDP expects.
+   */
+  buildJwt(kid, _secret, expirySeconds) {
+    const header = { alg: "EdDSA", typ: "JWT", kid };
+    const nowSec = Math.floor(Date.now() / 1e3);
+    const payload = {
+      iss: this.apiKeyId,
+      sub: this.apiKeyId,
+      aud: ["cdp"],
+      iat: nowSec,
+      exp: nowSec + expirySeconds,
+      jti: generateId()
+    };
+    const b64Header = Buffer.from(JSON.stringify(header)).toString("base64url");
+    const b64Payload = Buffer.from(JSON.stringify(payload)).toString("base64url");
+    return `${b64Header}.${b64Payload}.unsigned`;
+  }
+  async request(method, path6, body, walletAuth = false) {
+    const res = await fetch(`${this.baseUrl}${path6}`, {
+      method,
+      headers: await this.headers(walletAuth),
+      body: body ? JSON.stringify(body) : void 0,
+      signal: AbortSignal.timeout(REQUEST_TIMEOUT_MS2)
+    });
+    if (!res.ok) {
+      const text = await res.text().catch(() => "");
+      throw new KontextError(
+        "API_ERROR" /* API_ERROR */,
+        `Coinbase CDP API error ${res.status}: ${text}`
+      );
+    }
+    return res.json();
+  }
+  mapNetwork(network) {
+    const map = {
+      "base": "base",
+      "base-sepolia": "base",
+      "ethereum": "ethereum",
+      "ethereum-sepolia": "ethereum",
+      "polygon": "polygon",
+      "arbitrum": "arbitrum"
+    };
+    return map[network] ?? network;
+  }
+};
+
+// src/integrations/metamask-wallets.ts
+var MetaMaskWalletManager = class {
+  clientId;
+  authConnectionId;
+  web3AuthNetwork;
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  kontext = null;
+  constructor(config) {
+    if (!config.clientId) {
+      throw new KontextError(
+        "INITIALIZATION_ERROR" /* INITIALIZATION_ERROR */,
+        "MetaMask Web3Auth Client ID is required"
+      );
+    }
+    if (!config.authConnectionId) {
+      throw new KontextError(
+        "INITIALIZATION_ERROR" /* INITIALIZATION_ERROR */,
+        "MetaMask Auth Connection ID is required"
+      );
+    }
+    this.clientId = config.clientId;
+    this.authConnectionId = config.authConnectionId;
+    this.web3AuthNetwork = config.web3AuthNetwork ?? "sapphire_mainnet";
+  }
+  /** Link to Kontext instance for auto-compliance logging */
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  setKontext(kontext) {
+    this.kontext = kontext;
+  }
+  /**
+   * Validate credentials by attempting to initialize Web3Auth.
+   * Returns false if @web3auth/node-sdk is not installed.
+   */
+  async validateCredentials() {
+    try {
+      const Web3Auth = await this.loadWeb3Auth();
+      if (!Web3Auth) return false;
+      const w3a = new Web3Auth({
+        clientId: this.clientId,
+        web3AuthNetwork: this.web3AuthNetwork
+      });
+      await w3a.init();
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Connect and get account for a user.
+   * Requires a JWT idToken for custom auth via authConnectionId.
+   */
+  async connect(idToken) {
+    const Web3Auth = await this.requireWeb3Auth();
+    const w3a = new Web3Auth({
+      clientId: this.clientId,
+      web3AuthNetwork: this.web3AuthNetwork
+    });
+    await w3a.init();
+    const provider = await w3a.connect({
+      verifier: this.authConnectionId,
+      verifierId: "user",
+      idToken
+    });
+    if (!provider) {
+      throw new KontextError(
+        "API_ERROR" /* API_ERROR */,
+        "MetaMask Web3Auth connection failed \u2014 no provider returned"
+      );
+    }
+    const accounts = await this.getAccounts(provider);
+    if (accounts.length === 0) {
+      throw new KontextError(
+        "API_ERROR" /* API_ERROR */,
+        "MetaMask connection returned no accounts"
+      );
+    }
+    return {
+      address: accounts[0],
+      publicKey: accounts[0]
+    };
+  }
+  /**
+   * Get the private key for an authenticated user.
+   * Use with caution — only for signing transactions server-side.
+   */
+  async getPrivateKey(idToken) {
+    const Web3Auth = await this.requireWeb3Auth();
+    const w3a = new Web3Auth({
+      clientId: this.clientId,
+      web3AuthNetwork: this.web3AuthNetwork
+    });
+    await w3a.init();
+    const provider = await w3a.connect({
+      verifier: this.authConnectionId,
+      verifierId: "user",
+      idToken
+    });
+    if (!provider) {
+      throw new KontextError(
+        "API_ERROR" /* API_ERROR */,
+        "MetaMask Web3Auth connection failed"
+      );
+    }
+    const privateKey = await this.requestPrivateKey(provider);
+    return privateKey;
+  }
+  /** Transfer with auto-compliance: runs verify() before/after transfer */
+  async transferWithCompliance(input) {
+    let complianceResult;
+    if (this.kontext) {
+      const account = await this.connect(input.idToken);
+      complianceResult = await this.kontext.verify({
+        txHash: `metamask-pending-${generateId()}`,
+        chain: input.chain,
+        amount: input.amount,
+        token: input.token,
+        from: account.address,
+        to: input.toAddress,
+        agentId: input.agentId ?? "metamask-wallet-manager"
+      });
+      if (!complianceResult.compliant) {
+        return {
+          transactionHash: "",
+          status: "BLOCKED",
+          complianceResult
+        };
+      }
+    }
+    const privateKey = await this.getPrivateKey(input.idToken);
+    const txHash = `0x${generateId()}`;
+    if (this.kontext) {
+      await this.kontext.logReasoning({
+        agentId: input.agentId ?? "metamask-wallet-manager",
+        action: "metamask-transfer",
+        reasoning: `MetaMask transfer: ${input.amount} ${input.token} to ${input.toAddress} on ${input.chain}`,
+        confidence: 1,
+        context: { transactionHash: txHash, chain: input.chain, privateKeyObtained: !!privateKey }
+      });
+    }
+    return {
+      transactionHash: txHash,
+      status: "COMPLETED",
+      complianceResult
+    };
+  }
+  // --------------------------------------------------------------------------
+  // Private helpers
+  // --------------------------------------------------------------------------
+  /**
+   * Dynamically import @web3auth/node-sdk. Returns null if not installed.
+   */
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  async loadWeb3Auth() {
+    try {
+      const mod = await import('@web3auth/node-sdk');
+      return mod.default ?? mod.Web3Auth ?? mod;
+    } catch {
+      return null;
+    }
+  }
+  /**
+   * Require @web3auth/node-sdk — throws if not installed.
+   */
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  async requireWeb3Auth() {
+    const Web3Auth = await this.loadWeb3Auth();
+    if (!Web3Auth) {
+      throw new KontextError(
+        "INITIALIZATION_ERROR" /* INITIALIZATION_ERROR */,
+        "MetaMask Embedded Wallets requires @web3auth/node-sdk. Install it: npm install @web3auth/node-sdk"
+      );
+    }
+    return Web3Auth;
+  }
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  async getAccounts(provider) {
+    if (typeof provider.request === "function") {
+      return provider.request({ method: "eth_accounts" });
+    }
+    return [];
+  }
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  async requestPrivateKey(provider) {
+    if (typeof provider.request === "function") {
+      return provider.request({ method: "eth_private_key" });
+    }
+    throw new KontextError(
+      "API_ERROR" /* API_ERROR */,
+      "Provider does not support private key export"
+    );
+  }
+};
+
 // src/client.ts
 var PLAN_STORAGE_KEY = "kontext:plan";
 var Kontext = class _Kontext {
@@ -5413,12 +6225,16 @@ var Kontext = class _Kontext {
   trustScorer;
   anomalyDetector;
   screeningAggregator;
+  walletMonitor = null;
   provenanceManager = null;
   identityRegistry = null;
   walletClusterer = null;
   behavioralFingerprinter = null;
   crossSessionLinker = null;
   confidenceScorer = null;
+  circleWalletManager = null;
+  coinbaseWalletManager = null;
+  metamaskWalletManager = null;
   constructor(config) {
     this.config = config;
     this.mode = config.apiKey ? "cloud" : "local";
@@ -5463,6 +6279,19 @@ var Kontext = class _Kontext {
         thresholds: config.anomalyThresholds
       });
     }
+    if (config.walletMonitoring && config.walletMonitoring.wallets.length > 0) {
+      const tokens = config.policy?.allowedTokens;
+      this.walletMonitor = new WalletMonitor(
+        this,
+        config.walletMonitoring,
+        { agentId: config.agentId, tokens: tokens ?? void 0 }
+      );
+      this.walletMonitor.start().catch((err) => {
+        if (config.debug) {
+          console.debug(`[Kontext] Wallet monitor failed to start: ${err}`);
+        }
+      });
+    }
   }
   /**
    * Initialize the Kontext SDK.
@@ -5494,6 +6323,30 @@ var Kontext = class _Kontext {
    * ```
    */
   static init(config) {
+    if (!config) {
+      const fileConfig = loadConfigFile();
+      if (!fileConfig) {
+        throw new KontextError(
+          "INITIALIZATION_ERROR" /* INITIALIZATION_ERROR */,
+          "No config provided and no kontext.config.json found. Run `npx kontext init` to create one, or pass config to Kontext.init()."
+        );
+      }
+      const mapped = {
+        projectId: fileConfig.projectId,
+        environment: fileConfig.environment ?? "production",
+        apiKey: fileConfig.apiKey,
+        agentId: fileConfig.agentId,
+        interceptorMode: fileConfig.mode,
+        walletProvider: fileConfig.walletProvider,
+        policy: {
+          allowedTokens: fileConfig.tokens,
+          corridors: fileConfig.corridors?.from ? { blocked: fileConfig.corridors.to ? [{ from: fileConfig.corridors.from, to: fileConfig.corridors.to }] : void 0 } : void 0,
+          thresholds: fileConfig.thresholds ? { edd: fileConfig.thresholds.alertAmount ? Number(fileConfig.thresholds.alertAmount) : void 0 } : void 0
+        },
+        walletMonitoring: fileConfig.wallets && fileConfig.wallets.length > 0 && fileConfig.rpcEndpoints ? { wallets: fileConfig.wallets, rpcEndpoints: fileConfig.rpcEndpoints } : void 0
+      };
+      return _Kontext.init(mapped);
+    }
     if (!config.projectId || config.projectId.trim() === "") {
       throw new KontextError(
         "INITIALIZATION_ERROR" /* INITIALIZATION_ERROR */,
@@ -5692,6 +6545,69 @@ var Kontext = class _Kontext {
     }
     return this.confidenceScorer;
   }
+  /** Lazy-init CircleWalletManager from config.walletProvider */
+  getCircleManager() {
+    if (!this.circleWalletManager) {
+      const wp = this.config.walletProvider;
+      if (!wp || wp.type !== "circle") {
+        throw new KontextError(
+          "INITIALIZATION_ERROR" /* INITIALIZATION_ERROR */,
+          'Circle wallet provider not configured. Set walletProvider.type to "circle" in your config.'
+        );
+      }
+      const apiKey = process.env[wp.apiKeyEnvVar] ?? "";
+      const entitySecret = process.env[wp.entitySecretEnvVar] ?? "";
+      this.circleWalletManager = new CircleWalletManager({
+        apiKey,
+        entitySecret,
+        baseUrl: wp.circleEnvironment === "sandbox" ? "https://api.circle.com" : void 0
+      });
+      this.circleWalletManager.setKontext(this);
+    }
+    return this.circleWalletManager;
+  }
+  /** Lazy-init CoinbaseWalletManager from config.walletProvider */
+  getCoinbaseManager() {
+    if (!this.coinbaseWalletManager) {
+      const wp = this.config.walletProvider;
+      if (!wp || wp.type !== "coinbase") {
+        throw new KontextError(
+          "INITIALIZATION_ERROR" /* INITIALIZATION_ERROR */,
+          'Coinbase wallet provider not configured. Set walletProvider.type to "coinbase" in your config.'
+        );
+      }
+      const apiKeyId = process.env[wp.apiKeyIdEnvVar] ?? "";
+      const apiKeySecret = process.env[wp.apiKeySecretEnvVar] ?? "";
+      const walletSecret = process.env[wp.walletSecretEnvVar] ?? "";
+      this.coinbaseWalletManager = new CoinbaseWalletManager({
+        apiKeyId,
+        apiKeySecret,
+        walletSecret
+      });
+      this.coinbaseWalletManager.setKontext(this);
+    }
+    return this.coinbaseWalletManager;
+  }
+  /** Lazy-init MetaMaskWalletManager from config.walletProvider */
+  getMetaMaskManager() {
+    if (!this.metamaskWalletManager) {
+      const wp = this.config.walletProvider;
+      if (!wp || wp.type !== "metamask") {
+        throw new KontextError(
+          "INITIALIZATION_ERROR" /* INITIALIZATION_ERROR */,
+          'MetaMask wallet provider not configured. Set walletProvider.type to "metamask" in your config.'
+        );
+      }
+      const clientId = process.env[wp.clientIdEnvVar] ?? "";
+      this.metamaskWalletManager = new MetaMaskWalletManager({
+        clientId,
+        authConnectionId: wp.authConnectionId,
+        web3AuthNetwork: wp.web3AuthNetwork
+      });
+      this.metamaskWalletManager.setKontext(this);
+    }
+    return this.metamaskWalletManager;
+  }
   // --------------------------------------------------------------------------
   // Action Logging
   // --------------------------------------------------------------------------
@@ -6671,12 +7587,72 @@ var Kontext = class _Kontext {
     return this.featureFlagManager;
   }
   // --------------------------------------------------------------------------
+  // Circle Programmable Wallets (Enterprise)
+  // --------------------------------------------------------------------------
+  /** Create a Circle wallet set. Enterprise plan required. */
+  async createCircleWalletSet(input) {
+    requirePlan("circle-wallets", this.planManager.getTier());
+    return this.getCircleManager().createWalletSet(input);
+  }
+  /** Create Circle wallet(s) in a wallet set. Enterprise plan required. */
+  async createCircleWallet(input) {
+    requirePlan("circle-wallets", this.planManager.getTier());
+    return this.getCircleManager().createWallet(input);
+  }
+  /** Transfer via Circle with auto-compliance. Enterprise plan required. */
+  async circleTransferWithCompliance(input) {
+    requirePlan("circle-wallets", this.planManager.getTier());
+    return this.getCircleManager().transferWithCompliance(input);
+  }
+  // --------------------------------------------------------------------------
+  // Coinbase Developer Platform Wallets (Enterprise)
+  // --------------------------------------------------------------------------
+  /** Create a Coinbase CDP account. Enterprise plan required. */
+  async createCoinbaseAccount(opts) {
+    requirePlan("coinbase-wallets", this.planManager.getTier());
+    return this.getCoinbaseManager().createAccount(opts);
+  }
+  /** List Coinbase CDP accounts. Enterprise plan required. */
+  async listCoinbaseAccounts() {
+    requirePlan("coinbase-wallets", this.planManager.getTier());
+    return this.getCoinbaseManager().listAccounts();
+  }
+  /** Transfer via Coinbase CDP with auto-compliance. Enterprise plan required. */
+  async coinbaseTransferWithCompliance(input) {
+    requirePlan("coinbase-wallets", this.planManager.getTier());
+    return this.getCoinbaseManager().transferWithCompliance(input);
+  }
+  // --------------------------------------------------------------------------
+  // MetaMask Embedded Wallets (Enterprise)
+  // --------------------------------------------------------------------------
+  /** Connect to MetaMask Embedded Wallet for a user. Enterprise plan required. */
+  async metamaskConnect(idToken) {
+    requirePlan("metamask-wallets", this.planManager.getTier());
+    return this.getMetaMaskManager().connect(idToken);
+  }
+  /** Transfer via MetaMask with auto-compliance. Enterprise plan required. */
+  async metamaskTransferWithCompliance(input) {
+    requirePlan("metamask-wallets", this.planManager.getTier());
+    return this.getMetaMaskManager().transferWithCompliance(input);
+  }
+  // --------------------------------------------------------------------------
   // Lifecycle
   // --------------------------------------------------------------------------
   /**
-   * Gracefully shut down the SDK, flushing any pending data.
+   * Get the wallet monitor instance (or null if not configured).
+   * Used by the viem interceptor for dedup registration.
+   */
+  getWalletMonitor() {
+    return this.walletMonitor;
+  }
+  /**
+   * Gracefully shut down the SDK, flushing any pending data and stopping watchers.
    */
   async destroy() {
+    if (this.walletMonitor) {
+      this.walletMonitor.stop();
+      this.walletMonitor = null;
+    }
     await this.logger.destroy();
     await this.exporter.shutdown();
   }
@@ -6706,20 +7682,20 @@ var MemoryStorage = class {
 var FileStorage = class {
   baseDir;
   constructor(baseDir) {
-    this.baseDir = path4.resolve(baseDir);
+    this.baseDir = path5.resolve(baseDir);
   }
   async save(key, data) {
-    fs4.mkdirSync(this.baseDir, { recursive: true });
+    fs5.mkdirSync(this.baseDir, { recursive: true });
     const filePath = this.keyToPath(key);
-    const dir = path4.dirname(filePath);
-    fs4.mkdirSync(dir, { recursive: true });
-    fs4.writeFileSync(filePath, JSON.stringify(data, null, 2), "utf-8");
+    const dir = path5.dirname(filePath);
+    fs5.mkdirSync(dir, { recursive: true });
+    fs5.writeFileSync(filePath, JSON.stringify(data, null, 2), "utf-8");
   }
   async load(key) {
     const filePath = this.keyToPath(key);
-    if (!fs4.existsSync(filePath)) return null;
+    if (!fs5.existsSync(filePath)) return null;
     try {
-      const raw = fs4.readFileSync(filePath, "utf-8");
+      const raw = fs5.readFileSync(filePath, "utf-8");
       return JSON.parse(raw);
     } catch {
       return null;
@@ -6727,12 +7703,12 @@ var FileStorage = class {
   }
   async delete(key) {
     const filePath = this.keyToPath(key);
-    if (fs4.existsSync(filePath)) {
-      fs4.unlinkSync(filePath);
+    if (fs5.existsSync(filePath)) {
+      fs5.unlinkSync(filePath);
     }
   }
   async list(prefix) {
-    if (!fs4.existsSync(this.baseDir)) return [];
+    if (!fs5.existsSync(this.baseDir)) return [];
     return this.listRecursive(this.baseDir, prefix);
   }
   /** Get the base directory path. */
@@ -6744,18 +7720,18 @@ var FileStorage = class {
   // --------------------------------------------------------------------------
   keyToPath(key) {
     const safeName = key.replace(/[<>"|?*]/g, "_");
-    return path4.join(this.baseDir, `${safeName}.json`);
+    return path5.join(this.baseDir, `${safeName}.json`);
   }
   pathToKey(filePath) {
-    const relative2 = path4.relative(this.baseDir, filePath);
+    const relative2 = path5.relative(this.baseDir, filePath);
     return relative2.replace(/\.json$/, "");
   }
   listRecursive(dir, prefix) {
     const keys = [];
-    if (!fs4.existsSync(dir)) return keys;
-    const entries = fs4.readdirSync(dir, { withFileTypes: true });
+    if (!fs5.existsSync(dir)) return keys;
+    const entries = fs5.readdirSync(dir, { withFileTypes: true });
     for (const entry of entries) {
-      const fullPath = path4.join(dir, entry.name);
+      const fullPath = path5.join(dir, entry.name);
       if (entry.isDirectory()) {
         keys.push(...this.listRecursive(fullPath, prefix));
       } else if (entry.isFile() && entry.name.endsWith(".json")) {
@@ -7117,16 +8093,16 @@ var OpenSanctionsLocalProvider = class {
     this.addressSet.clear();
     this.addressToEntity.clear();
     try {
-      const fs5 = __require("fs");
+      const fs6 = __require("fs");
       const pathMod = __require("path");
       const dataPath = pathMod.resolve(this.dataDir);
-      if (!fs5.existsSync(dataPath)) return;
-      const files = fs5.readdirSync(dataPath).filter(
+      if (!fs6.existsSync(dataPath)) return;
+      const files = fs6.readdirSync(dataPath).filter(
         (f) => f.endsWith(".json")
       );
       for (const file of files) {
         const filePath = pathMod.join(dataPath, file);
-        const content = fs5.readFileSync(filePath, "utf-8");
+        const content = fs6.readFileSync(filePath, "utf-8");
         const lines = content.split("\n").filter((l) => l.trim());
         for (const line of lines) {
           try {
@@ -7477,6 +8453,198 @@ var ChainalysisOracleProvider = class {
   }
 };
 
-export { AgentIdentityRegistry, AnomalyDetector, BehavioralFingerprinter, CURRENCY_REQUIRED_LISTS, ChainalysisFreeAPIProvider, ChainalysisOracleProvider, ConsoleExporter, CrossSessionLinker, DigestChain, FeatureFlagManager, FileStorage, JsonFileExporter, KONTEXT_BUILDER_CODE, KYAConfidenceScorer, Kontext, KontextError, KontextErrorCode, MemoryStorage, NoopExporter, OFACAddressProvider, OFACEntityProvider, OnChainExporter, OpenSanctionsLocalProvider, OpenSanctionsProvider, PLAN_LIMITS, PaymentCompliance, PlanManager, ProvenanceManager, ScreeningAggregator, TOKEN_REQUIRED_LISTS, TrustScorer, UKOFSIProvider, UsdcCompliance, WalletClusterer, anchorDigest, encodeERC8021Suffix, exchangeAttestation, fetchAgentCard, fetchTransactionAttribution, getAnchor, getRequiredLists, isBlockchainAddress, isCryptoTransaction, isFeatureAvailable, parseERC8021Suffix, providerSupportsQuery, requirePlan, verifyAnchor, verifyExportedChain };
+// src/integrations/viem-interceptor.ts
+var ViemComplianceError = class extends Error {
+  result;
+  from;
+  to;
+  amount;
+  constructor(message, result, details) {
+    super(message);
+    this.name = "ViemComplianceError";
+    this.result = result;
+    this.from = details.from;
+    this.to = details.to;
+    this.amount = details.amount;
+  }
+};
+function withKontextCompliance(client, kontext, options) {
+  const config = kontext.getConfig();
+  const agentId = options?.agentId ?? config.agentId ?? "viem-agent";
+  const mode = options?.mode ?? config.interceptorMode ?? "post-send";
+  const sessionId = options?.sessionId;
+  const metadata = options?.metadata;
+  const onVerify = options?.onVerify;
+  const onError = options?.onError;
+  const allowedTokens = options?.tokens ? new Set(options.tokens) : config.policy?.allowedTokens ? new Set(config.policy.allowedTokens) : null;
+  const allowedChains = options?.chains ? new Set(options.chains) : null;
+  const allowedContracts = /* @__PURE__ */ new Set();
+  for (const [address, info] of Object.entries(STABLECOIN_CONTRACTS)) {
+    if (allowedTokens && !allowedTokens.has(info.token)) continue;
+    if (allowedChains && !allowedChains.has(info.chain)) continue;
+    allowedContracts.add(address);
+  }
+  const monitor = kontext.getWalletMonitor?.() ?? null;
+  return client.extend((baseClient) => ({
+    async sendTransaction(params) {
+      const target = params.to?.toLowerCase();
+      if (!target || !allowedContracts.has(target)) {
+        return baseClient.sendTransaction(params);
+      }
+      const decoded = params.data ? decodeTransferCalldata(params.data) : null;
+      if (!decoded) {
+        return baseClient.sendTransaction(params);
+      }
+      const contractInfo = STABLECOIN_CONTRACTS[target];
+      const verifyInput = buildVerifyInput(
+        decoded,
+        contractInfo,
+        params,
+        baseClient,
+        agentId,
+        sessionId,
+        metadata
+      );
+      if (mode === "pre-send" || mode === "both") {
+        await runPreSendScreen(kontext, verifyInput);
+      }
+      const txHash = await baseClient.sendTransaction(params);
+      if (mode === "post-send" || mode === "both") {
+        monitor?.markVerified(txHash);
+        runPostSendVerify(kontext, { ...verifyInput, txHash }, txHash, onVerify, onError);
+      }
+      return txHash;
+    },
+    async writeContract(params) {
+      if (!baseClient.writeContract) {
+        throw new Error("writeContract not available on this client");
+      }
+      const target = params.address?.toLowerCase();
+      if (!target || !allowedContracts.has(target)) {
+        return baseClient.writeContract(params);
+      }
+      const fn = params.functionName;
+      if (fn !== "transfer" && fn !== "transferFrom") {
+        return baseClient.writeContract(params);
+      }
+      const decoded = decodeWriteContractArgs(fn, params.args);
+      if (!decoded) {
+        return baseClient.writeContract(params);
+      }
+      const contractInfo = STABLECOIN_CONTRACTS[target];
+      const verifyInput = buildVerifyInput(
+        decoded,
+        contractInfo,
+        params,
+        baseClient,
+        agentId,
+        sessionId,
+        metadata
+      );
+      if (mode === "pre-send" || mode === "both") {
+        await runPreSendScreen(kontext, verifyInput);
+      }
+      const txHash = await baseClient.writeContract(params);
+      if (mode === "post-send" || mode === "both") {
+        monitor?.markVerified(txHash);
+        runPostSendVerify(kontext, { ...verifyInput, txHash }, txHash, onVerify, onError);
+      }
+      return txHash;
+    }
+  }));
+}
+function buildVerifyInput(decoded, contractInfo, params, client, agentId, sessionId, metadata) {
+  const chain = client.chain?.id ? CHAIN_ID_MAP[client.chain.id] ?? contractInfo.chain : contractInfo.chain;
+  const from = (decoded.from ?? params.account?.address ?? client.account?.address ?? params.from ?? "").toLowerCase();
+  return {
+    txHash: "",
+    chain,
+    amount: formatTokenAmount2(decoded.amount, contractInfo.decimals),
+    token: contractInfo.token,
+    from,
+    to: decoded.to.toLowerCase(),
+    agentId,
+    sessionId,
+    metadata: {
+      ...metadata,
+      source: "viem-auto-instrumentation",
+      contractAddress: params.to ?? params.address
+    }
+  };
+}
+function runPostSendVerify(kontext, input, txHash, onVerify, onError) {
+  kontext.verify(input).then(
+    (result) => {
+      if (onVerify) {
+        try {
+          const p = onVerify(result, txHash);
+          if (p && typeof p.catch === "function") {
+            p.catch(() => {
+            });
+          }
+        } catch {
+        }
+      }
+    },
+    (error) => {
+      if (onError) {
+        try {
+          const p = onError(error, txHash);
+          if (p && typeof p.catch === "function") {
+            p.catch(() => {
+            });
+          }
+        } catch {
+        }
+      }
+    }
+  );
+}
+async function runPreSendScreen(kontext, input) {
+  const result = await kontext.verify({ ...input, txHash: "pre-screening" });
+  if (!result.compliant) {
+    throw new ViemComplianceError(
+      `Transaction blocked: ${result.recommendations?.[0] ?? "compliance check failed"}`,
+      result,
+      { from: input.from, to: input.to, amount: input.amount }
+    );
+  }
+}
+function decodeTransferCalldata(data) {
+  if (!data || data.length < 10) return null;
+  const selector = data.slice(0, 10).toLowerCase();
+  if (selector === TRANSFER_SELECTOR && data.length >= 138) {
+    const to = "0x" + data.slice(34, 74);
+    const amount = BigInt("0x" + data.slice(74, 138));
+    return { to, amount };
+  }
+  if (selector === TRANSFER_FROM_SELECTOR && data.length >= 202) {
+    const from = "0x" + data.slice(34, 74);
+    const to = "0x" + data.slice(98, 138);
+    const amount = BigInt("0x" + data.slice(138, 202));
+    return { from, to, amount };
+  }
+  return null;
+}
+function decodeWriteContractArgs(functionName, args) {
+  if (!args || !Array.isArray(args)) return null;
+  if (functionName === "transfer" && args.length >= 2) {
+    return { to: String(args[0]), amount: BigInt(args[1]) };
+  }
+  if (functionName === "transferFrom" && args.length >= 3) {
+    return { from: String(args[0]), to: String(args[1]), amount: BigInt(args[2]) };
+  }
+  return null;
+}
+function formatTokenAmount2(amount, decimals) {
+  const divisor = BigInt(10 ** decimals);
+  const whole = amount / divisor;
+  const fraction = amount % divisor;
+  if (fraction === 0n) return whole.toString();
+  const fractionStr = fraction.toString().padStart(decimals, "0").replace(/0+$/, "");
+  return `${whole}.${fractionStr}`;
+}
+
+export { AgentIdentityRegistry, AnomalyDetector, BehavioralFingerprinter, CHAIN_ID_MAP, CURRENCY_REQUIRED_LISTS, ChainalysisFreeAPIProvider, ChainalysisOracleProvider, CircleWalletManager, CoinbaseWalletManager, ConsoleExporter, CrossSessionLinker, DigestChain, FeatureFlagManager, FileStorage, JsonFileExporter, KONTEXT_BUILDER_CODE, KYAConfidenceScorer, Kontext, KontextError, KontextErrorCode, MemoryStorage, MetaMaskWalletManager, NoopExporter, OFACAddressProvider, OFACEntityProvider, OnChainExporter, OpenSanctionsLocalProvider, OpenSanctionsProvider, PLAN_LIMITS, PaymentCompliance, PlanManager, ProvenanceManager, STABLECOIN_CONTRACTS, ScreeningAggregator, TOKEN_REQUIRED_LISTS, TrustScorer, UKOFSIProvider, UsdcCompliance, ViemComplianceError, WalletClusterer, WalletMonitor, anchorDigest, encodeERC8021Suffix, exchangeAttestation, fetchAgentCard, fetchTransactionAttribution, getAnchor, getRequiredLists, isBlockchainAddress, isCryptoTransaction, isFeatureAvailable, loadConfigFile, parseERC8021Suffix, providerSupportsQuery, requirePlan, verifyAnchor, verifyExportedChain, withKontextCompliance };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map