safehands-pharos 1.4.0 → 1.5.0

package/dist/lib/dodoApi.d.ts

@@ -1,79 +1,79 @@
-export interface DodoRouteResponse {
-    status: number;
-    data: {
-        resAmount: string | number;
-        priceImpact: string | number;
-        targetDecimals: number;
-        targetApproveAddr: string;
-        to: string;
-        data: string;
-        value: string | number;
-        gasLimit: string | number;
-    } | null;
-    message?: string;
-}
-export interface DodoQuote {
-    amountOut: string;
-    amountOutWei: string;
-    priceImpact: number;
-    gasLimit: string;
-    value: string;
-    calldata: string;
-    to: string;
-    approveAddress: string;
-    routeAvailable: boolean;
-    sourceStatus: "ok" | "no_route_available" | "auth_required" | "unavailable";
-    usedApiKey: boolean;
-    /** Actual on-chain address used for fromToken (may differ from input if USDC fallback triggered) */
-    usedFromToken: string;
-    /** Actual on-chain address used for toToken (may differ from input if USDC fallback triggered) */
-    usedToToken: string;
-    /** True when a silent token substitution occurred (e.g. canonical USDC → altUSDC) */
-    wasSubstituted: boolean;
-    /** Human-readable explanation when wasSubstituted is true */
-    substitutionNote?: string;
-    rawResponse: DodoRouteResponse;
-}
-/**
- * Resolves a token symbol (e.g. "PHRS") or address to its on-chain address.
- */
-export declare function resolveTokenAddress(token: string): `0x${string}`;
-/**
- * Resolves the decimal count for a token symbol or address.
- */
-export declare function resolveTokenDecimals(token: string): number;
-/**
- * Converts a human-readable amount to wei string.
- */
-export declare function toWei(amount: string, decimals: number): string;
-/**
- * Converts a wei string to human-readable amount.
- * Also handles the case where the API returns a decimal string directly.
- */
-export declare function fromWei(weiInput: string | number, decimals: number): string;
-/**
- * Fetches a swap route from the DODO aggregation API.
- */
-export declare function _getDodoRouteCore(params: {
-    fromToken: string;
-    toToken: string;
-    amountHuman: string;
-    walletAddress: string;
-    slippage?: number;
-}): Promise<DodoQuote>;
-/**
- * Smart wrapper around _getDodoRouteCore that automatically falls back to alternative token sources
- * (like Circle USDC) if the canonical tokens have no liquidity on the testnet.
- */
-export declare function getDodoRoute(params: {
-    fromToken: string;
-    toToken: string;
-    amountHuman: string;
-    walletAddress: string;
-    slippage?: number;
-}): Promise<DodoQuote>;
-/**
- * Checks whether a token is the native PHRS token.
- */
-export declare function isNativeToken(token: string): boolean;
+export interface DodoRouteResponse {
+    status: number;
+    data: {
+        resAmount: string | number;
+        priceImpact: string | number;
+        targetDecimals: number;
+        targetApproveAddr: string;
+        to: string;
+        data: string;
+        value: string | number;
+        gasLimit: string | number;
+    } | null;
+    message?: string;
+}
+export interface DodoQuote {
+    amountOut: string;
+    amountOutWei: string;
+    priceImpact: number;
+    gasLimit: string;
+    value: string;
+    calldata: string;
+    to: string;
+    approveAddress: string;
+    routeAvailable: boolean;
+    sourceStatus: "ok" | "no_route_available" | "auth_required" | "unavailable";
+    usedApiKey: boolean;
+    /** Actual on-chain address used for fromToken (may differ from input if USDC fallback triggered) */
+    usedFromToken: string;
+    /** Actual on-chain address used for toToken (may differ from input if USDC fallback triggered) */
+    usedToToken: string;
+    /** True when a silent token substitution occurred (e.g. canonical USDC → altUSDC) */
+    wasSubstituted: boolean;
+    /** Human-readable explanation when wasSubstituted is true */
+    substitutionNote?: string;
+    rawResponse: DodoRouteResponse;
+}
+/**
+ * Resolves a token symbol (e.g. "PHRS") or address to its on-chain address.
+ */
+export declare function resolveTokenAddress(token: string): `0x${string}`;
+/**
+ * Resolves the decimal count for a token symbol or address.
+ */
+export declare function resolveTokenDecimals(token: string): number;
+/**
+ * Converts a human-readable amount to wei string.
+ */
+export declare function toWei(amount: string, decimals: number): string;
+/**
+ * Converts a wei string to human-readable amount.
+ * Also handles the case where the API returns a decimal string directly.
+ */
+export declare function fromWei(weiInput: string | number, decimals: number): string;
+/**
+ * Fetches a swap route from the DODO aggregation API.
+ */
+export declare function _getDodoRouteCore(params: {
+    fromToken: string;
+    toToken: string;
+    amountHuman: string;
+    walletAddress: string;
+    slippage?: number;
+}): Promise<DodoQuote>;
+/**
+ * Smart wrapper around _getDodoRouteCore that automatically falls back to alternative token sources
+ * (like Circle USDC) if the canonical tokens have no liquidity on the testnet.
+ */
+export declare function getDodoRoute(params: {
+    fromToken: string;
+    toToken: string;
+    amountHuman: string;
+    walletAddress: string;
+    slippage?: number;
+}): Promise<DodoQuote>;
+/**
+ * Checks whether a token is the native PHRS token.
+ */
+export declare function isNativeToken(token: string): boolean;
 //# sourceMappingURL=dodoApi.d.ts.map

package/dist/lib/dodoApi.js

@@ -1,197 +1,197 @@
-// ─── DODO Route API Client ─────────────────────────────────────────────
-// Fetches swap routes from DODO's aggregation API for FaroSwap on
-// Pharos Atlantic Testnet.
-// ────────────────────────────────────────────────────────────────────────
-import { isAddress } from "viem";
-import { DODO_API_BASE, DODO_API_KEY, DODO_DEFAULT_SLIPPAGE, DODO_ROUTE_ENDPOINT, CHAIN_ID, TOKEN_MAP, TOKEN_DECIMALS, PHRS_ADDRESS, USDC_ADDRESS, CIRCLE_USDC_ADDRESS, } from "./constants.js";
-import { fetchWithTimeoutAndRetry } from "./http.js";
-// ─── Helpers ───────────────────────────────────────────────────────────
-/**
- * Resolves a token symbol (e.g. "PHRS") or address to its on-chain address.
- */
-export function resolveTokenAddress(token) {
-    const upper = token.toUpperCase();
-    if (TOKEN_MAP[upper])
-        return TOKEN_MAP[upper];
-    if (isAddress(token))
-        return token;
-    throw new Error(`INVALID_TOKEN_ADDRESS: Unknown token or invalid address: ${token}`);
-}
-/**
- * Resolves the decimal count for a token symbol or address.
- */
-export function resolveTokenDecimals(token) {
-    const upper = token.toUpperCase();
-    if (TOKEN_DECIMALS[upper] !== undefined)
-        return TOKEN_DECIMALS[upper];
-    const lower = token.toLowerCase();
-    if (TOKEN_DECIMALS[lower] !== undefined)
-        return TOKEN_DECIMALS[lower];
-    return 18; // unknown custom token fallback
-}
-/**
- * Converts a human-readable amount to wei string.
- */
-export function toWei(amount, decimals) {
-    if (!/^\d+(\.\d+)?$/.test(amount)) {
-        throw new Error(`INVALID_AMOUNT: ${amount}`);
-    }
-    const [whole, frac = ""] = amount.split(".");
-    const paddedFrac = frac.padEnd(decimals, "0").slice(0, decimals);
-    return BigInt(whole + paddedFrac).toString();
-}
-/**
- * Converts a wei string to human-readable amount.
- * Also handles the case where the API returns a decimal string directly.
- */
-export function fromWei(weiInput, decimals) {
-    const weiStr = String(weiInput);
-    if (weiStr.includes("."))
-        return weiStr;
-    const wei = BigInt(weiStr);
-    const divisor = BigInt(10) ** BigInt(decimals);
-    const whole = wei / divisor;
-    const remainder = wei % divisor;
-    if (remainder === 0n)
-        return whole.toString();
-    const fracStr = remainder.toString().padStart(decimals, "0").replace(/0+$/, "");
-    return `${whole}.${fracStr}`;
-}
-// ─── DODO Route Fetch ──────────────────────────────────────────────────
-/**
- * Fetches a swap route from the DODO aggregation API.
- */
-export async function _getDodoRouteCore(params) {
-    const trimmedApiKey = DODO_API_KEY?.trim();
-    const usedApiKey = Boolean(trimmedApiKey);
-    if (!isAddress(params.walletAddress)) {
-        throw new Error(`INVALID_WALLET_ADDRESS: ${params.walletAddress}`);
-    }
-    const fromAddress = resolveTokenAddress(params.fromToken);
-    const toAddress = resolveTokenAddress(params.toToken);
-    const usedFromToken = fromAddress;
-    const usedToToken = toAddress;
-    const fromDecimals = resolveTokenDecimals(params.fromToken);
-    const toDecimals = resolveTokenDecimals(params.toToken);
-    const amountInWei = toWei(params.amountHuman, fromDecimals);
-    const slippage = params.slippage ?? DODO_DEFAULT_SLIPPAGE;
-    const deadline = Math.floor(Date.now() / 1000) + 600;
-    const url = new URL(`${DODO_API_BASE}${DODO_ROUTE_ENDPOINT}`);
-    url.searchParams.set("chainId", String(CHAIN_ID));
-    url.searchParams.set("fromTokenAddress", fromAddress);
-    url.searchParams.set("toTokenAddress", toAddress);
-    url.searchParams.set("fromAmount", amountInWei);
-    url.searchParams.set("userAddr", params.walletAddress);
-    url.searchParams.set("slippage", String(slippage));
-    url.searchParams.set("source", "dodoV2AndMixWasm");
-    url.searchParams.set("estimateGas", "true");
-    // DODO/FaroSwap read-only route queries should prefer public mode when no
-    // API key is configured. Never hardcode a default credential. If the
-    // provider rejects public mode, surface a structured auth-required error
-    // at the tool layer.
-    if (trimmedApiKey) {
-        url.searchParams.set("apikey", trimmedApiKey);
-    }
-    url.searchParams.set("deadLine", String(deadline));
-    const response = await fetchWithTimeoutAndRetry(url, {
-        timeoutMs: 10_000,
-        retries: 2,
-        retryDelayMs: 300,
-    });
-    if (!response.ok) {
-        if (response.status === 401 || response.status === 403) {
-            throw new Error(`DODO_API_AUTH_REQUIRED: DODO route API rejected public mode${usedApiKey ? " or provided key" : "; configure DODO_API_KEY if this endpoint requires authentication"}`);
-        }
-        if (response.status === 429) {
-            throw new Error(`DODO_API_RATE_LIMITED: ${response.status} ${response.statusText}`);
-        }
-        throw new Error(`DODO_API_UNAVAILABLE: ${response.status} ${response.statusText}`);
-    }
-    const json = (await response.json());
-    if (!json.data || json.status !== 200) {
-        const message = (json.message || "").toLowerCase();
-        if (message.includes("api key") || message.includes("apikey") || message.includes("unauthorized") || message.includes("forbidden")) {
-            throw new Error(`DODO_API_AUTH_REQUIRED: DODO route API rejected public mode${usedApiKey ? " or provided key" : "; configure DODO_API_KEY if this endpoint requires authentication"}`);
-        }
-        return {
-            amountOut: "0",
-            amountOutWei: "0",
-            priceImpact: 100,
-            gasLimit: "0",
-            value: "0",
-            calldata: "0x",
-            to: "",
-            approveAddress: "",
-            routeAvailable: false,
-            sourceStatus: "no_route_available",
-            usedApiKey,
-            usedFromToken,
-            usedToToken,
-            wasSubstituted: false,
-            rawResponse: json,
-        };
-    }
-    const d = json.data;
-    const resAmountStr = String(d.resAmount);
-    return {
-        amountOut: fromWei(resAmountStr, toDecimals),
-        amountOutWei: resAmountStr,
-        priceImpact: parseFloat(String(d.priceImpact)) || 0,
-        gasLimit: String(d.gasLimit),
-        value: String(d.value),
-        calldata: d.data,
-        to: d.to,
-        approveAddress: d.targetApproveAddr,
-        routeAvailable: true,
-        sourceStatus: "ok",
-        usedApiKey,
-        usedFromToken,
-        usedToToken,
-        wasSubstituted: false,
-        rawResponse: json,
-    };
-}
-/**
- * Smart wrapper around _getDodoRouteCore that automatically falls back to alternative token sources
- * (like Circle USDC) if the canonical tokens have no liquidity on the testnet.
- */
-export async function getDodoRoute(params) {
-    let quote = await _getDodoRouteCore(params);
-    if (!quote.routeAvailable) {
-        const fromUpper = params.fromToken.toUpperCase();
-        const toUpper = params.toToken.toUpperCase();
-        // Smart Fallback: If swapping TO canonical USDC failed, try Alternate Circle USDC
-        if (toUpper === "USDC" || toUpper === USDC_ADDRESS.toUpperCase()) {
-            const fallbackQuote = await _getDodoRouteCore({ ...params, toToken: CIRCLE_USDC_ADDRESS });
-            if (fallbackQuote.routeAvailable) {
-                return {
-                    ...fallbackQuote,
-                    wasSubstituted: true,
-                    substitutionNote: `toToken substituted: canonical USDC (${USDC_ADDRESS}) had no route; used altUSDC (${CIRCLE_USDC_ADDRESS}). Ensure your approval targets the correct address.`,
-                };
-            }
-        }
-        // Smart Fallback: If swapping FROM canonical USDC failed, try Alternate Circle USDC
-        if (fromUpper === "USDC" || fromUpper === USDC_ADDRESS.toUpperCase()) {
-            const fallbackQuote = await _getDodoRouteCore({ ...params, fromToken: CIRCLE_USDC_ADDRESS });
-            if (fallbackQuote.routeAvailable) {
-                return {
-                    ...fallbackQuote,
-                    wasSubstituted: true,
-                    substitutionNote: `fromToken substituted: canonical USDC (${USDC_ADDRESS}) had no route; used altUSDC (${CIRCLE_USDC_ADDRESS}). Ensure your allowance covers the correct address.`,
-                };
-            }
-        }
-    }
-    return quote;
-}
-/**
- * Checks whether a token is the native PHRS token.
- */
-export function isNativeToken(token) {
-    const upper = token.toUpperCase();
-    if (upper === "PHRS")
-        return true;
-    return token.toLowerCase() === PHRS_ADDRESS.toLowerCase();
-}
+// ─── DODO Route API Client ─────────────────────────────────────────────
+// Fetches swap routes from DODO's aggregation API for FaroSwap on
+// Pharos Atlantic Testnet.
+// ────────────────────────────────────────────────────────────────────────
+import { isAddress } from "viem";
+import { DODO_API_BASE, DODO_API_KEY, DODO_DEFAULT_SLIPPAGE, DODO_ROUTE_ENDPOINT, CHAIN_ID, TOKEN_MAP, TOKEN_DECIMALS, PHRS_ADDRESS, USDC_ADDRESS, CIRCLE_USDC_ADDRESS, } from "./constants.js";
+import { fetchWithTimeoutAndRetry } from "./http.js";
+// ─── Helpers ───────────────────────────────────────────────────────────
+/**
+ * Resolves a token symbol (e.g. "PHRS") or address to its on-chain address.
+ */
+export function resolveTokenAddress(token) {
+    const upper = token.toUpperCase();
+    if (TOKEN_MAP[upper])
+        return TOKEN_MAP[upper];
+    if (isAddress(token))
+        return token;
+    throw new Error(`INVALID_TOKEN_ADDRESS: Unknown token or invalid address: ${token}`);
+}
+/**
+ * Resolves the decimal count for a token symbol or address.
+ */
+export function resolveTokenDecimals(token) {
+    const upper = token.toUpperCase();
+    if (TOKEN_DECIMALS[upper] !== undefined)
+        return TOKEN_DECIMALS[upper];
+    const lower = token.toLowerCase();
+    if (TOKEN_DECIMALS[lower] !== undefined)
+        return TOKEN_DECIMALS[lower];
+    return 18; // unknown custom token fallback
+}
+/**
+ * Converts a human-readable amount to wei string.
+ */
+export function toWei(amount, decimals) {
+    if (!/^\d+(\.\d+)?$/.test(amount)) {
+        throw new Error(`INVALID_AMOUNT: ${amount}`);
+    }
+    const [whole, frac = ""] = amount.split(".");
+    const paddedFrac = frac.padEnd(decimals, "0").slice(0, decimals);
+    return BigInt(whole + paddedFrac).toString();
+}
+/**
+ * Converts a wei string to human-readable amount.
+ * Also handles the case where the API returns a decimal string directly.
+ */
+export function fromWei(weiInput, decimals) {
+    const weiStr = String(weiInput);
+    if (weiStr.includes("."))
+        return weiStr;
+    const wei = BigInt(weiStr);
+    const divisor = BigInt(10) ** BigInt(decimals);
+    const whole = wei / divisor;
+    const remainder = wei % divisor;
+    if (remainder === 0n)
+        return whole.toString();
+    const fracStr = remainder.toString().padStart(decimals, "0").replace(/0+$/, "");
+    return `${whole}.${fracStr}`;
+}
+// ─── DODO Route Fetch ──────────────────────────────────────────────────
+/**
+ * Fetches a swap route from the DODO aggregation API.
+ */
+export async function _getDodoRouteCore(params) {
+    const trimmedApiKey = DODO_API_KEY?.trim();
+    const usedApiKey = Boolean(trimmedApiKey);
+    if (!isAddress(params.walletAddress)) {
+        throw new Error(`INVALID_WALLET_ADDRESS: ${params.walletAddress}`);
+    }
+    const fromAddress = resolveTokenAddress(params.fromToken);
+    const toAddress = resolveTokenAddress(params.toToken);
+    const usedFromToken = fromAddress;
+    const usedToToken = toAddress;
+    const fromDecimals = resolveTokenDecimals(params.fromToken);
+    const toDecimals = resolveTokenDecimals(params.toToken);
+    const amountInWei = toWei(params.amountHuman, fromDecimals);
+    const slippage = params.slippage ?? DODO_DEFAULT_SLIPPAGE;
+    const deadline = Math.floor(Date.now() / 1000) + 600;
+    const url = new URL(`${DODO_API_BASE}${DODO_ROUTE_ENDPOINT}`);
+    url.searchParams.set("chainId", String(CHAIN_ID));
+    url.searchParams.set("fromTokenAddress", fromAddress);
+    url.searchParams.set("toTokenAddress", toAddress);
+    url.searchParams.set("fromAmount", amountInWei);
+    url.searchParams.set("userAddr", params.walletAddress);
+    url.searchParams.set("slippage", String(slippage));
+    url.searchParams.set("source", "dodoV2AndMixWasm");
+    url.searchParams.set("estimateGas", "true");
+    // DODO/FaroSwap read-only route queries should prefer public mode when no
+    // API key is configured. Never hardcode a default credential. If the
+    // provider rejects public mode, surface a structured auth-required error
+    // at the tool layer.
+    if (trimmedApiKey) {
+        url.searchParams.set("apikey", trimmedApiKey);
+    }
+    url.searchParams.set("deadLine", String(deadline));
+    const response = await fetchWithTimeoutAndRetry(url, {
+        timeoutMs: 10_000,
+        retries: 2,
+        retryDelayMs: 300,
+    });
+    if (!response.ok) {
+        if (response.status === 401 || response.status === 403) {
+            throw new Error(`DODO_API_AUTH_REQUIRED: DODO route API rejected public mode${usedApiKey ? " or provided key" : "; configure DODO_API_KEY if this endpoint requires authentication"}`);
+        }
+        if (response.status === 429) {
+            throw new Error(`DODO_API_RATE_LIMITED: ${response.status} ${response.statusText}`);
+        }
+        throw new Error(`DODO_API_UNAVAILABLE: ${response.status} ${response.statusText}`);
+    }
+    const json = (await response.json());
+    if (!json.data || json.status !== 200) {
+        const message = (json.message || "").toLowerCase();
+        if (message.includes("api key") || message.includes("apikey") || message.includes("unauthorized") || message.includes("forbidden")) {
+            throw new Error(`DODO_API_AUTH_REQUIRED: DODO route API rejected public mode${usedApiKey ? " or provided key" : "; configure DODO_API_KEY if this endpoint requires authentication"}`);
+        }
+        return {
+            amountOut: "0",
+            amountOutWei: "0",
+            priceImpact: 100,
+            gasLimit: "0",
+            value: "0",
+            calldata: "0x",
+            to: "",
+            approveAddress: "",
+            routeAvailable: false,
+            sourceStatus: "no_route_available",
+            usedApiKey,
+            usedFromToken,
+            usedToToken,
+            wasSubstituted: false,
+            rawResponse: json,
+        };
+    }
+    const d = json.data;
+    const resAmountStr = String(d.resAmount);
+    return {
+        amountOut: fromWei(resAmountStr, toDecimals),
+        amountOutWei: resAmountStr,
+        priceImpact: parseFloat(String(d.priceImpact)) || 0,
+        gasLimit: String(d.gasLimit),
+        value: String(d.value),
+        calldata: d.data,
+        to: d.to,
+        approveAddress: d.targetApproveAddr,
+        routeAvailable: true,
+        sourceStatus: "ok",
+        usedApiKey,
+        usedFromToken,
+        usedToToken,
+        wasSubstituted: false,
+        rawResponse: json,
+    };
+}
+/**
+ * Smart wrapper around _getDodoRouteCore that automatically falls back to alternative token sources
+ * (like Circle USDC) if the canonical tokens have no liquidity on the testnet.
+ */
+export async function getDodoRoute(params) {
+    let quote = await _getDodoRouteCore(params);
+    if (!quote.routeAvailable) {
+        const fromUpper = params.fromToken.toUpperCase();
+        const toUpper = params.toToken.toUpperCase();
+        // Smart Fallback: If swapping TO canonical USDC failed, try Alternate Circle USDC
+        if (toUpper === "USDC" || toUpper === USDC_ADDRESS.toUpperCase()) {
+            const fallbackQuote = await _getDodoRouteCore({ ...params, toToken: CIRCLE_USDC_ADDRESS });
+            if (fallbackQuote.routeAvailable) {
+                return {
+                    ...fallbackQuote,
+                    wasSubstituted: true,
+                    substitutionNote: `toToken substituted: canonical USDC (${USDC_ADDRESS}) had no route; used altUSDC (${CIRCLE_USDC_ADDRESS}). Ensure your approval targets the correct address.`,
+                };
+            }
+        }
+        // Smart Fallback: If swapping FROM canonical USDC failed, try Alternate Circle USDC
+        if (fromUpper === "USDC" || fromUpper === USDC_ADDRESS.toUpperCase()) {
+            const fallbackQuote = await _getDodoRouteCore({ ...params, fromToken: CIRCLE_USDC_ADDRESS });
+            if (fallbackQuote.routeAvailable) {
+                return {
+                    ...fallbackQuote,
+                    wasSubstituted: true,
+                    substitutionNote: `fromToken substituted: canonical USDC (${USDC_ADDRESS}) had no route; used altUSDC (${CIRCLE_USDC_ADDRESS}). Ensure your allowance covers the correct address.`,
+                };
+            }
+        }
+    }
+    return quote;
+}
+/**
+ * Checks whether a token is the native PHRS token.
+ */
+export function isNativeToken(token) {
+    const upper = token.toUpperCase();
+    if (upper === "PHRS")
+        return true;
+    return token.toLowerCase() === PHRS_ADDRESS.toLowerCase();
+}
 //# sourceMappingURL=dodoApi.js.map

package/dist/lib/envLoader.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=envLoader.d.ts.map

package/dist/lib/envLoader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"envLoader.d.ts","sourceRoot":"","sources":["../../src/lib/envLoader.ts"],"names":[],"mappings":""}

package/dist/lib/envLoader.js

@@ -0,0 +1,44 @@
+// Synchronously load .env from cwd before any other module reads process.env.
+// Must be imported as the very first import in index.ts so that wallet store,
+// constants, and other modules that read env vars at module-init time see the values.
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from "fs";
+import { join, resolve, dirname } from "path";
+import { randomBytes } from "crypto";
+// 1. Load .env
+try {
+    const text = readFileSync(join(process.cwd(), ".env"), "utf-8");
+    for (const line of text.split(/\r?\n/)) {
+        const m = line.match(/^\s*([A-Za-z_][A-Za-z0-9_]*)\s*=\s*(.*?)\s*$/);
+        if (m && m[1] && !process.env[m[1]]) {
+            // Strip surrounding quotes if present
+            process.env[m[1]] = m[2].replace(/^(['"])(.*)\1$/, "$2");
+        }
+    }
+}
+catch {
+    // No .env file — environment vars must be set externally (CI, shell, MCP host)
+}
+// 2. Auto-resolve wallet persistence so managed wallets survive restarts
+//    without requiring explicit config from the user.
+if (!process.env.WALLET_STORE_PATH) {
+    process.env.WALLET_STORE_PATH = "./.agents/wallets.json";
+}
+if (!process.env.WALLET_ENCRYPTION_KEY) {
+    const storePath = resolve(process.cwd(), process.env.WALLET_STORE_PATH);
+    const keyPath = join(dirname(storePath), ".key");
+    try {
+        if (existsSync(keyPath)) {
+            process.env.WALLET_ENCRYPTION_KEY = readFileSync(keyPath, "utf-8").trim();
+        }
+        else {
+            mkdirSync(dirname(keyPath), { recursive: true });
+            const key = randomBytes(32).toString("hex");
+            writeFileSync(keyPath, key, { mode: 0o600 });
+            process.env.WALLET_ENCRYPTION_KEY = key;
+        }
+    }
+    catch {
+        // File ops failed (read-only FS, permission error) — fall back to in-memory behavior
+    }
+}
+//# sourceMappingURL=envLoader.js.map

package/dist/lib/envLoader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"envLoader.js","sourceRoot":"","sources":["../../src/lib/envLoader.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAC9E,8EAA8E;AAC9E,sFAAsF;AACtF,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAErC,eAAe;AACf,IAAI,CAAC;IACH,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,EAAE,OAAO,CAAC,CAAC;IAChE,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC;QACvC,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;QACrE,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YACpC,sCAAsC;YACtC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;QAC3D,CAAC;IACH,CAAC;AACH,CAAC;AAAC,MAAM,CAAC;IACP,+EAA+E;AACjF,CAAC;AAED,yEAAyE;AACzE,sDAAsD;AACtD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC;IACnC,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,wBAAwB,CAAC;AAC3D,CAAC;AAED,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACxE,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,CAAC;IACjD,IAAI,CAAC;QACH,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;YACxB,OAAO,CAAC,GAAG,CAAC,qBAAqB,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;QAC5E,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACjD,MAAM,GAAG,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAC5C,aAAa,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,qBAAqB,GAAG,GAAG,CAAC;QAC1C,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,qFAAqF;IACvF,CAAC;AACH,CAAC"}

package/dist/lib/http.d.ts

@@ -1,15 +1,15 @@
-export declare class HttpError extends Error {
-    readonly status?: number | undefined;
-    readonly statusText?: string | undefined;
-    constructor(message: string, status?: number | undefined, statusText?: string | undefined);
-}
-export interface FetchWithRetryOptions extends RequestInit {
-    timeoutMs?: number;
-    retries?: number;
-    retryDelayMs?: number;
-}
-export declare function fetchWithTimeoutAndRetry(url: string | URL, options?: FetchWithRetryOptions): Promise<Response>;
-export declare function redactSensitive(value: unknown): unknown;
-export declare function isBlockedIp(ip: string): boolean;
-export declare function assertSafeFetchUrl(rawUrl: string): Promise<void>;
+export declare class HttpError extends Error {
+    readonly status?: number | undefined;
+    readonly statusText?: string | undefined;
+    constructor(message: string, status?: number | undefined, statusText?: string | undefined);
+}
+export interface FetchWithRetryOptions extends RequestInit {
+    timeoutMs?: number;
+    retries?: number;
+    retryDelayMs?: number;
+}
+export declare function fetchWithTimeoutAndRetry(url: string | URL, options?: FetchWithRetryOptions): Promise<Response>;
+export declare function redactSensitive(value: unknown): unknown;
+export declare function isBlockedIp(ip: string): boolean;
+export declare function assertSafeFetchUrl(rawUrl: string): Promise<void>;
 //# sourceMappingURL=http.d.ts.map