solvoid 1.1.7 → 1.3.0

package/dist/relayer/key-manager.js

@@ -0,0 +1,356 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KeyManager = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const crypto_1 = __importDefault(require("crypto"));
+const web3_js_1 = require("@solana/web3.js");
+const tweetnacl_1 = __importDefault(require("tweetnacl"));
+class KeyManager {
+    constructor(storageType = 'file') {
+        this.storageType = storageType;
+        this.keyFilePath = path.join(process.cwd(), '.relayer-keys.json');
+        this.encryptionKey = process.env.RELAYER_KEY_ENCRYPTION_KEY || 'default-encryption-key-change-in-production';
+        this.keypair = this.loadOrGenerateKeysSync();
+    }
+    loadOrGenerateKeysSync() {
+        try {
+            switch (this.storageType) {
+                case 'file':
+                    return this.loadFromFileSync();
+                case 'env':
+                    return this.loadFromEnvSync();
+                case 'aws':
+                    // AWS and GCP require async, fallback to file for now
+                    console.log('AWS/GCP storage requires async initialization, using file storage');
+                    return this.loadFromFileSync();
+                case 'gcp':
+                    console.log('AWS/GCP storage requires async initialization, using file storage');
+                    return this.loadFromFileSync();
+                case 'hsm':
+                    console.log('HSM storage requires async initialization, using file storage');
+                    return this.loadFromFileSync();
+                default:
+                    throw new Error(`Unsupported storage type: ${this.storageType}`);
+            }
+        }
+        catch (error) {
+            console.log('Failed to load existing keys, generating new ones:', error);
+            return this.generateNewKeysSync();
+        }
+    }
+    loadFromFileSync() {
+        if (!fs.existsSync(this.keyFilePath)) {
+            throw new Error('Key file does not exist');
+        }
+        const encryptedData = fs.readFileSync(this.keyFilePath, 'utf8');
+        const decryptedData = this.decryptData(encryptedData);
+        return JSON.parse(decryptedData);
+    }
+    loadFromEnvSync() {
+        const privateKey = process.env.RELAYER_PRIVATE_KEY;
+        const publicKey = process.env.RELAYER_PUBLIC_KEY;
+        if (!privateKey || !publicKey) {
+            throw new Error('Relayer keys not found in environment variables');
+        }
+        return {
+            publicKey,
+            privateKey,
+            createdAt: Date.now()
+        };
+    }
+    generateNewKeysSync() {
+        const keypair = web3_js_1.Keypair.generate();
+        const keyData = {
+            publicKey: keypair.publicKey.toBase58(),
+            privateKey: Buffer.from(keypair.secretKey).toString('hex'),
+            createdAt: Date.now()
+        };
+        this.saveKeysSync(keyData);
+        return keyData;
+    }
+    saveKeysSync(keyData) {
+        switch (this.storageType) {
+            case 'file':
+                this.saveToFileSync(keyData);
+                break;
+            case 'env':
+                this.saveToEnvSync(keyData);
+                break;
+            case 'aws':
+            case 'gcp':
+            case 'hsm':
+                console.log('Async storage types require manual setup');
+                break;
+        }
+    }
+    saveToFileSync(keyData) {
+        const encryptedData = this.encryptData(JSON.stringify(keyData));
+        fs.writeFileSync(this.keyFilePath, encryptedData, 'utf8');
+        console.log('Keys saved to encrypted file:', this.keyFilePath);
+    }
+    saveToEnvSync(keyData) {
+        console.log('Keys should be set in environment variables:');
+        console.log(`RELAYER_PRIVATE_KEY=${keyData.privateKey}`);
+        console.log(`RELAYER_PUBLIC_KEY=${keyData.publicKey}`);
+    }
+    async loadFromFile() {
+        if (!fs.existsSync(this.keyFilePath)) {
+            throw new Error('Key file does not exist');
+        }
+        const encryptedData = fs.readFileSync(this.keyFilePath, 'utf8');
+        const decryptedData = this.decryptData(encryptedData);
+        return JSON.parse(decryptedData);
+    }
+    async loadFromEnv() {
+        const privateKey = process.env.RELAYER_PRIVATE_KEY;
+        const publicKey = process.env.RELAYER_PUBLIC_KEY;
+        if (!privateKey || !publicKey) {
+            throw new Error('Relayer keys not found in environment variables');
+        }
+        return {
+            publicKey,
+            privateKey,
+            createdAt: Date.now()
+        };
+    }
+    async loadFromAWS() {
+        // Implementation for AWS Secrets Manager
+        const AWS = require('aws-sdk');
+        const secretsManager = new AWS.SecretsManager();
+        try {
+            const secretValue = await secretsManager.getSecretValue({
+                SecretId: process.env.AWS_RELAYER_KEY_SECRET_NAME || 'relayer-keys'
+            }).promise();
+            const decryptedData = this.decryptData(secretValue.SecretString);
+            return JSON.parse(decryptedData);
+        }
+        catch (error) {
+            throw new Error(`Failed to load keys from AWS Secrets Manager: ${error}`);
+        }
+    }
+    async loadFromGCP() {
+        // Implementation for GCP Secret Manager
+        const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
+        const client = new SecretManagerServiceClient();
+        try {
+            const [version] = await client.accessSecretVersion({
+                name: `projects/${process.env.GCP_PROJECT_ID}/secrets/${process.env.GCP_RELAYER_KEY_SECRET_NAME || 'relayer-keys'}/versions/latest`
+            });
+            const decryptedData = this.decryptData(version.payload.data.toString());
+            return JSON.parse(decryptedData);
+        }
+        catch (error) {
+            throw new Error(`Failed to load keys from GCP Secret Manager: ${error}`);
+        }
+    }
+    async loadFromHSM() {
+        // Implementation for Hardware Security Module
+        // This would integrate with HSM providers like AWS CloudHSM, Azure Key Vault, etc.
+        throw new Error('HSM integration not implemented yet');
+    }
+    async generateNewKeys() {
+        const keypair = web3_js_1.Keypair.generate();
+        const keyData = {
+            publicKey: keypair.publicKey.toBase58(),
+            privateKey: Buffer.from(keypair.secretKey).toString('hex'),
+            createdAt: Date.now()
+        };
+        await this.saveKeys(keyData);
+        return keyData;
+    }
+    async saveKeys(keyData) {
+        switch (this.storageType) {
+            case 'file':
+                await this.saveToFile(keyData);
+                break;
+            case 'env':
+                await this.saveToEnv(keyData);
+                break;
+            case 'aws':
+                await this.saveToAWS(keyData);
+                break;
+            case 'gcp':
+                await this.saveToGCP(keyData);
+                break;
+            case 'hsm':
+                await this.saveToHSM(keyData);
+                break;
+        }
+    }
+    async saveToFile(keyData) {
+        const encryptedData = this.encryptData(JSON.stringify(keyData));
+        fs.writeFileSync(this.keyFilePath, encryptedData, 'utf8');
+        console.log('Keys saved to encrypted file:', this.keyFilePath);
+    }
+    async saveToEnv(keyData) {
+        console.log('Keys should be set in environment variables:');
+        console.log(`RELAYER_PRIVATE_KEY=${keyData.privateKey}`);
+        console.log(`RELAYER_PUBLIC_KEY=${keyData.publicKey}`);
+    }
+    async saveToAWS(keyData) {
+        const AWS = require('aws-sdk');
+        const secretsManager = new AWS.SecretsManager();
+        const encryptedData = this.encryptData(JSON.stringify(keyData));
+        await secretsManager.createSecret({
+            Name: process.env.AWS_RELAYER_KEY_SECRET_NAME || 'relayer-keys',
+            SecretString: encryptedData
+        }).promise();
+        console.log('Keys saved to AWS Secrets Manager');
+    }
+    async saveToGCP(keyData) {
+        const { SecretManagerServiceClient } = require('@google-cloud/secret-manager');
+        const client = new SecretManagerServiceClient();
+        const encryptedData = this.encryptData(JSON.stringify(keyData));
+        await client.createSecret({
+            parent: `projects/${process.env.GCP_PROJECT_ID}`,
+            secretId: process.env.GCP_RELAYER_KEY_SECRET_NAME || 'relayer-keys',
+            replication: {
+                automatic: true
+            }
+        });
+        await client.addSecretVersion({
+            parent: `projects/${process.env.GCP_PROJECT_ID}/secrets/${process.env.GCP_RELAYER_KEY_SECRET_NAME || 'relayer-keys'}`,
+            payload: {
+                data: Buffer.from(encryptedData)
+            }
+        });
+        console.log('Keys saved to GCP Secret Manager');
+    }
+    async saveToHSM(keyData) {
+        throw new Error('HSM integration not implemented yet');
+    }
+    encryptData(data) {
+        const algorithm = 'aes-256-gcm';
+        const key = crypto_1.default.scryptSync(this.encryptionKey, 'salt', 32);
+        const iv = crypto_1.default.randomBytes(16);
+        const cipher = crypto_1.default.createCipheriv(algorithm, key, iv);
+        let encrypted = cipher.update(data, 'utf8', 'hex');
+        encrypted += cipher.final('hex');
+        const authTag = cipher.getAuthTag();
+        return iv.toString('hex') + ':' + authTag.toString('hex') + ':' + encrypted;
+    }
+    decryptData(encryptedData) {
+        const algorithm = 'aes-256-gcm';
+        const key = crypto_1.default.scryptSync(this.encryptionKey, 'salt', 32);
+        const parts = encryptedData.split(':');
+        const iv = Buffer.from(parts[0], 'hex');
+        const authTag = Buffer.from(parts[1], 'hex');
+        const encrypted = parts[2];
+        const decipher = crypto_1.default.createDecipheriv(algorithm, key, iv);
+        decipher.setAuthTag(authTag);
+        let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+        decrypted += decipher.final('utf8');
+        return decrypted;
+    }
+    async rotateKeys() {
+        const oldKeyData = { ...this.keypair };
+        const newKeyData = await this.generateNewKeys();
+        // Create rotation message
+        const rotationMessage = JSON.stringify({
+            oldPublicKey: oldKeyData.publicKey,
+            newPublicKey: newKeyData.publicKey,
+            timestamp: Date.now(),
+            transitionPeriod: 300 // 5 minutes transition period
+        });
+        // Sign rotation message with old key
+        const rotationSignature = this.signMessage(rotationMessage, oldKeyData.privateKey);
+        // Update key data with rotation info
+        newKeyData.previousPublicKey = oldKeyData.publicKey;
+        newKeyData.lastRotated = Date.now();
+        newKeyData.rotationSignature = rotationSignature;
+        await this.saveKeys(newKeyData);
+        this.keypair = newKeyData;
+        const rotationData = {
+            oldPublicKey: oldKeyData.publicKey,
+            newPublicKey: newKeyData.publicKey,
+            rotationSignature,
+            timestamp: Date.now(),
+            transitionPeriod: 300
+        };
+        console.log('Key rotation completed');
+        return rotationData;
+    }
+    signMessage(message, privateKey) {
+        const keypair = web3_js_1.Keypair.fromSecretKey(Buffer.from(privateKey, 'hex'));
+        const messageBuffer = Buffer.from(message, 'utf8');
+        const signature = tweetnacl_1.default.sign.detached(messageBuffer, keypair.secretKey);
+        return Buffer.from(signature).toString('hex');
+    }
+    verifyRotationSignature(rotationData) {
+        try {
+            const rotationMessage = JSON.stringify({
+                oldPublicKey: rotationData.oldPublicKey,
+                newPublicKey: rotationData.newPublicKey,
+                timestamp: rotationData.timestamp,
+                transitionPeriod: rotationData.transitionPeriod
+            });
+            const messageBuffer = Buffer.from(rotationMessage, 'utf8');
+            const signatureBuffer = Buffer.from(rotationData.rotationSignature, 'hex');
+            const publicKeyBuffer = Buffer.from(rotationData.oldPublicKey, 'hex');
+            return tweetnacl_1.default.sign.detached.verify(messageBuffer, signatureBuffer, publicKeyBuffer);
+        }
+        catch (error) {
+            console.error('Failed to verify rotation signature:', error);
+            return false;
+        }
+    }
+    getCurrentKeys() {
+        return { ...this.keypair };
+    }
+    getPublicKey() {
+        return this.keypair.publicKey;
+    }
+    getPrivateKey() {
+        return this.keypair.privateKey;
+    }
+    isKeyInTransitionPeriod() {
+        if (!this.keypair.lastRotated) {
+            return false;
+        }
+        const transitionPeriod = 300; // 5 minutes
+        const timeSinceRotation = Date.now() - this.keypair.lastRotated;
+        return timeSinceRotation < (transitionPeriod * 1000);
+    }
+    getPreviousPublicKey() {
+        return this.keypair.previousPublicKey || null;
+    }
+}
+exports.KeyManager = KeyManager;
+//# sourceMappingURL=key-manager.js.map

package/dist/relayer/key-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-manager.js","sourceRoot":"","sources":["../../relayer/key-manager.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAC7B,oDAA4B;AAC5B,6CAA0C;AAC1C,0DAA6B;AAmB7B,MAAa,UAAU;IAMnB,YAAY,cAAsD,MAAM;QACpE,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;QAC/B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;QAClE,IAAI,CAAC,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,0BAA0B,IAAI,6CAA6C,CAAC;QAC7G,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,sBAAsB,EAAE,CAAC;IACjD,CAAC;IAEO,sBAAsB;QAC1B,IAAI,CAAC;YACD,QAAQ,IAAI,CAAC,WAAW,EAAE,CAAC;gBACvB,KAAK,MAAM;oBACP,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACnC,KAAK,KAAK;oBACN,OAAO,IAAI,CAAC,eAAe,EAAE,CAAC;gBAClC,KAAK,KAAK;oBACN,sDAAsD;oBACtD,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAC;oBACjF,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACnC,KAAK,KAAK;oBACN,OAAO,CAAC,GAAG,CAAC,mEAAmE,CAAC,CAAC;oBACjF,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACnC,KAAK,KAAK;oBACN,OAAO,CAAC,GAAG,CAAC,+DAA+D,CAAC,CAAC;oBAC7E,OAAO,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACnC;oBACI,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;YACzE,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,oDAAoD,EAAE,KAAK,CAAC,CAAC;YACzE,OAAO,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACtC,CAAC;IACL,CAAC;IAEO,gBAAgB;QACpB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,aAAa,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QAChE,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,KAAK,CAAC,aAAa,CAAgB,CAAC;IACpD,CAAC;IAEO,eAAe;QACnB,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACnD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAEjD,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACvE,CAAC;QAED,OAAO;YACH,SAAS;YACT,UAAU;YACV,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACxB,CAAC;IACN,CAAC;IAEO,mBAAmB;QACvB,MAAM,OAAO,GAAG,iBAAO,CAAC,QAAQ,EAAE,CAAC;QAEnC,MAAM,OAAO,GAAgB;YACzB,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE;YACvC,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;YAC1D,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACxB,CAAC;QAEF,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QAC3B,OAAO,OAAO,CAAC;IACnB,CAAC;IAEO,YAAY,CAAC,OAAoB;QACrC,QAAQ,IAAI,CAAC,WAAW,EAAE,CAAC;YACvB,KAAK,MAAM;gBACP,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;gBAC7B,MAAM;YACV,KAAK,KAAK;gBACN,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC;gBAC5B,MAAM;YACV,KAAK,KAAK,CAAC;YACX,KAAK,KAAK,CAAC;YACX,KAAK,KAAK;gBACN,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;gBACxD,MAAM;QACd,CAAC;IACL,CAAC;IAEO,cAAc,CAAC,OAAoB;QACvC,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAChE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IACnE,CAAC;IAEO,aAAa,CAAC,OAAoB;QACtC,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,uBAAuB,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,sBAAsB,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IAC3D,CAAC;IAEO,KAAK,CAAC,YAAY;QACtB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,aAAa,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QAChE,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC,KAAK,CAAC,aAAa,CAAgB,CAAC;IACpD,CAAC;IAEO,KAAK,CAAC,WAAW;QACrB,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;QACnD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAEjD,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;QACvE,CAAC;QAED,OAAO;YACH,SAAS;YACT,UAAU;YACV,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACxB,CAAC;IACN,CAAC;IAEO,KAAK,CAAC,WAAW;QACrB,yCAAyC;QACzC,MAAM,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;QAC/B,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC;QAEhD,IAAI,CAAC;YACD,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,cAAc,CAAC;gBACpD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,2BAA2B,IAAI,cAAc;aACtE,CAAC,CAAC,OAAO,EAAE,CAAC;YAEb,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;YACjE,OAAO,IAAI,CAAC,KAAK,CAAC,aAAa,CAAgB,CAAC;QACpD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,iDAAiD,KAAK,EAAE,CAAC,CAAC;QAC9E,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,WAAW;QACrB,wCAAwC;QACxC,MAAM,EAAE,0BAA0B,EAAE,GAAG,OAAO,CAAC,8BAA8B,CAAC,CAAC;QAC/E,MAAM,MAAM,GAAG,IAAI,0BAA0B,EAAE,CAAC;QAEhD,IAAI,CAAC;YACD,MAAM,CAAC,OAAO,CAAC,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC;gBAC/C,IAAI,EAAE,YAAY,OAAO,CAAC,GAAG,CAAC,cAAc,YAAY,OAAO,CAAC,GAAG,CAAC,2BAA2B,IAAI,cAAc,kBAAkB;aACtI,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;YACxE,OAAO,IAAI,CAAC,KAAK,CAAC,aAAa,CAAgB,CAAC;QACpD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,gDAAgD,KAAK,EAAE,CAAC,CAAC;QAC7E,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,WAAW;QACrB,8CAA8C;QAC9C,mFAAmF;QACnF,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IAC3D,CAAC;IAEO,KAAK,CAAC,eAAe;QACzB,MAAM,OAAO,GAAG,iBAAO,CAAC,QAAQ,EAAE,CAAC;QAEnC,MAAM,OAAO,GAAgB;YACzB,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,QAAQ,EAAE;YACvC,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;YAC1D,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACxB,CAAC;QAEF,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC7B,OAAO,OAAO,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,QAAQ,CAAC,OAAoB;QACvC,QAAQ,IAAI,CAAC,WAAW,EAAE,CAAC;YACvB,KAAK,MAAM;gBACP,MAAM,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBAC/B,MAAM;YACV,KAAK,KAAK;gBACN,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;gBAC9B,MAAM;YACV,KAAK,KAAK;gBACN,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;gBAC9B,MAAM;YACV,KAAK,KAAK;gBACN,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;gBAC9B,MAAM;YACV,KAAK,KAAK;gBACN,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;gBAC9B,MAAM;QACd,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,OAAoB;QACzC,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAChE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,MAAM,CAAC,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IACnE,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,OAAoB;QACxC,OAAO,CAAC,GAAG,CAAC,8CAA8C,CAAC,CAAC;QAC5D,OAAO,CAAC,GAAG,CAAC,uBAAuB,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,sBAAsB,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IAC3D,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,OAAoB;QACxC,MAAM,GAAG,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC;QAC/B,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC;QAEhD,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAEhE,MAAM,cAAc,CAAC,YAAY,CAAC;YAC9B,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC,2BAA2B,IAAI,cAAc;YAC/D,YAAY,EAAE,aAAa;SAC9B,CAAC,CAAC,OAAO,EAAE,CAAC;QAEb,OAAO,CAAC,GAAG,CAAC,mCAAmC,CAAC,CAAC;IACrD,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,OAAoB;QACxC,MAAM,EAAE,0BAA0B,EAAE,GAAG,OAAO,CAAC,8BAA8B,CAAC,CAAC;QAC/E,MAAM,MAAM,GAAG,IAAI,0BAA0B,EAAE,CAAC;QAEhD,MAAM,aAAa,GAAG,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAEhE,MAAM,MAAM,CAAC,YAAY,CAAC;YACtB,MAAM,EAAE,YAAY,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE;YAChD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,2BAA2B,IAAI,cAAc;YACnE,WAAW,EAAE;gBACT,SAAS,EAAE,IAAI;aAClB;SACJ,CAAC,CAAC;QAEH,MAAM,MAAM,CAAC,gBAAgB,CAAC;YAC1B,MAAM,EAAE,YAAY,OAAO,CAAC,GAAG,CAAC,cAAc,YAAY,OAAO,CAAC,GAAG,CAAC,2BAA2B,IAAI,cAAc,EAAE;YACrH,OAAO,EAAE;gBACL,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC;aACnC;SACJ,CAAC,CAAC;QAEH,OAAO,CAAC,GAAG,CAAC,kCAAkC,CAAC,CAAC;IACpD,CAAC;IAEO,KAAK,CAAC,SAAS,CAAC,OAAoB;QACxC,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IAC3D,CAAC;IAEO,WAAW,CAAC,IAAY;QAC5B,MAAM,SAAS,GAAG,aAAa,CAAC;QAChC,MAAM,GAAG,GAAG,gBAAM,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAC9D,MAAM,EAAE,GAAG,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;QAClC,MAAM,MAAM,GAAG,gBAAM,CAAC,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAEzD,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QACnD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEjC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACpC,OAAO,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,SAAS,CAAC;IAChF,CAAC;IAEO,WAAW,CAAC,aAAqB;QACrC,MAAM,SAAS,GAAG,aAAa,CAAC;QAChC,MAAM,GAAG,GAAG,gBAAM,CAAC,UAAU,CAAC,IAAI,CAAC,aAAa,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;QAE9D,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACvC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QACxC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QAC7C,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAE3B,MAAM,QAAQ,GAAG,gBAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAC7D,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QAE7B,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC1D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEpC,OAAO,SAAS,CAAC;IACrB,CAAC;IAEM,KAAK,CAAC,UAAU;QACnB,MAAM,UAAU,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAEhD,0BAA0B;QAC1B,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC;YACnC,YAAY,EAAE,UAAU,CAAC,SAAS;YAClC,YAAY,EAAE,UAAU,CAAC,SAAS;YAClC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,gBAAgB,EAAE,GAAG,CAAC,8BAA8B;SACvD,CAAC,CAAC;QAEH,qCAAqC;QACrC,MAAM,iBAAiB,GAAG,IAAI,CAAC,WAAW,CAAC,eAAe,EAAE,UAAU,CAAC,UAAU,CAAC,CAAC;QAEnF,qCAAqC;QACrC,UAAU,CAAC,iBAAiB,GAAG,UAAU,CAAC,SAAS,CAAC;QACpD,UAAU,CAAC,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACpC,UAAU,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAEjD,MAAM,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QAChC,IAAI,CAAC,OAAO,GAAG,UAAU,CAAC;QAE1B,MAAM,YAAY,GAAoB;YAClC,YAAY,EAAE,UAAU,CAAC,SAAS;YAClC,YAAY,EAAE,UAAU,CAAC,SAAS;YAClC,iBAAiB;YACjB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,gBAAgB,EAAE,GAAG;SACxB,CAAC;QAEF,OAAO,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;QACtC,OAAO,YAAY,CAAC;IACxB,CAAC;IAEO,WAAW,CAAC,OAAe,EAAE,UAAkB;QACnD,MAAM,OAAO,GAAG,iBAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC;QACtE,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACnD,MAAM,SAAS,GAAG,mBAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;QACvE,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAClD,CAAC;IAEM,uBAAuB,CAAC,YAA6B;QACxD,IAAI,CAAC;YACD,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC;gBACnC,YAAY,EAAE,YAAY,CAAC,YAAY;gBACvC,YAAY,EAAE,YAAY,CAAC,YAAY;gBACvC,SAAS,EAAE,YAAY,CAAC,SAAS;gBACjC,gBAAgB,EAAE,YAAY,CAAC,gBAAgB;aAClD,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;YAC3D,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;YAC3E,MAAM,eAAe,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;YAEtE,OAAO,mBAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,aAAa,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;QACtF,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,sCAAsC,EAAE,KAAK,CAAC,CAAC;YAC7D,OAAO,KAAK,CAAC;QACjB,CAAC;IACL,CAAC;IAEM,cAAc;QACjB,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAC/B,CAAC;IAEM,YAAY;QACf,OAAO,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC;IAClC,CAAC;IAEM,aAAa;QAChB,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;IACnC,CAAC;IAEM,uBAAuB;QAC1B,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;YAC5B,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,MAAM,gBAAgB,GAAG,GAAG,CAAC,CAAC,YAAY;QAC1C,MAAM,iBAAiB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;QAChE,OAAO,iBAAiB,GAAG,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;IACzD,CAAC;IAEM,oBAAoB;QACvB,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,IAAI,IAAI,CAAC;IAClD,CAAC;CACJ;AAvXD,gCAuXC"}

package/dist/relayer/replay-protection.d.ts

@@ -0,0 +1,94 @@
+export interface NonceEntry {
+    publicKey: string;
+    nonce: number;
+    timestamp: number;
+    txHash: string;
+}
+export interface TransactionData {
+    publicKey: string;
+    nonce: number;
+    timestamp: number;
+    txHash: string;
+    signature: string;
+    instructions: any[];
+}
+export interface ReplayCacheEntry {
+    publicKey: string;
+    nonce: number;
+    txHash: string;
+    timestamp: number;
+}
+export declare class ReplayProtection {
+    private nonceCache;
+    private replayCache;
+    private expirationWindow;
+    private cleanupInterval;
+    constructor();
+    /**
+     * Initialize nonce for a user (called during registration)
+     */
+    initializeNonce(publicKey: string): number;
+    /**
+     * Get current nonce for a user
+     */
+    getCurrentNonce(publicKey: string): number;
+    /**
+     * Validate and increment nonce for transaction
+     */
+    validateAndIncrementNonce(publicKey: string, expectedNonce: number): boolean;
+    /**
+     * Check if transaction is expired
+     */
+    isTransactionExpired(timestamp: number): boolean;
+    /**
+     * Create cache key for replay protection
+     */
+    private createCacheKey;
+    /**
+     * Check if transaction is in replay cache
+     */
+    isTransactionReplayed(publicKey: string, nonce: number, txHash: string): boolean;
+    /**
+     * Add transaction to replay cache
+     */
+    addTransactionToCache(publicKey: string, nonce: number, txHash: string): void;
+    /**
+     * Validate complete transaction data
+     */
+    validateTransaction(txData: TransactionData): {
+        isValid: boolean;
+        error: string;
+    };
+    /**
+     * Get nonce statistics for a user
+     */
+    getNonceStats(publicKey: string): {
+        currentNonce: number;
+        totalTransactions: number;
+    };
+    /**
+     * Clean up old entries from replay cache
+     */
+    private cleanupExpiredEntries;
+    /**
+     * Start cleanup task
+     */
+    private startCleanupTask;
+    /**
+     * Stop cleanup task
+     */
+    stopCleanupTask(): void;
+    /**
+     * Get cache statistics
+     */
+    getCacheStats(): {
+        totalEntries: number;
+        nonceCacheSize: number;
+        expirationWindow: number;
+    };
+    /**
+     * Clear all cache data (for testing)
+     */
+    clearCache(): void;
+}
+//# sourceMappingURL=replay-protection.d.ts.map

package/dist/relayer/replay-protection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay-protection.d.ts","sourceRoot":"","sources":["../../relayer/replay-protection.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,UAAU;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,YAAY,EAAE,GAAG,EAAE,CAAC;CACvB;AAED,MAAM,WAAW,gBAAgB;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACrB;AAED,qBAAa,gBAAgB;IACzB,OAAO,CAAC,UAAU,CAAkC;IACpD,OAAO,CAAC,WAAW,CAA4C;IAC/D,OAAO,CAAC,gBAAgB,CAA0B;IAClD,OAAO,CAAC,eAAe,CAA+B;;IAMtD;;OAEG;IACI,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAOjD;;OAEG;IACI,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAIjD;;OAEG;IACI,yBAAyB,CAAC,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,OAAO;IAanF;;OAEG;IACI,oBAAoB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAMvD;;OAEG;IACH,OAAO,CAAC,cAAc;IAItB;;OAEG;IACI,qBAAqB,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO;IAiBvF;;OAEG;IACI,qBAAqB,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI;IAapF;;OAEG;IACI,mBAAmB,CAAC,MAAM,EAAE,eAAe,GAAG;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE;IAkCxF;;OAEG;IACI,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG;QAAE,YAAY,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE;IAiB5F;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAmB7B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAOxB;;OAEG;IACI,eAAe,IAAI,IAAI;IAO9B;;OAEG;IACI,aAAa;;;;;IAQpB;;OAEG;IACI,UAAU,IAAI,IAAI;CAK5B"}

package/dist/relayer/replay-protection.js

@@ -0,0 +1,189 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReplayProtection = void 0;
+class ReplayProtection {
+    constructor() {
+        this.nonceCache = new Map(); // publicKey -> current nonce
+        this.replayCache = new Map(); // (publicKey:nonce:txHash) -> entry
+        this.expirationWindow = 10 * 60 * 1000; // 10 minutes in milliseconds
+        this.cleanupInterval = null;
+        this.startCleanupTask();
+    }
+    /**
+     * Initialize nonce for a user (called during registration)
+     */
+    initializeNonce(publicKey) {
+        const nonce = 1;
+        this.nonceCache.set(publicKey, nonce);
+        console.log(`Initialized nonce ${nonce} for user ${publicKey}`);
+        return nonce;
+    }
+    /**
+     * Get current nonce for a user
+     */
+    getCurrentNonce(publicKey) {
+        return this.nonceCache.get(publicKey) || 0;
+    }
+    /**
+     * Validate and increment nonce for transaction
+     */
+    validateAndIncrementNonce(publicKey, expectedNonce) {
+        const currentNonce = this.nonceCache.get(publicKey) || 0;
+        if (expectedNonce !== currentNonce + 1) {
+            console.log(`Invalid nonce for user ${publicKey}: expected ${currentNonce + 1}, got ${expectedNonce}`);
+            return false;
+        }
+        this.nonceCache.set(publicKey, expectedNonce);
+        console.log(`Incremented nonce to ${expectedNonce} for user ${publicKey}`);
+        return true;
+    }
+    /**
+     * Check if transaction is expired
+     */
+    isTransactionExpired(timestamp) {
+        const now = Date.now();
+        const age = now - timestamp;
+        return age > this.expirationWindow;
+    }
+    /**
+     * Create cache key for replay protection
+     */
+    createCacheKey(publicKey, nonce, txHash) {
+        return `${publicKey}:${nonce}:${txHash}`;
+    }
+    /**
+     * Check if transaction is in replay cache
+     */
+    isTransactionReplayed(publicKey, nonce, txHash) {
+        const cacheKey = this.createCacheKey(publicKey, nonce, txHash);
+        const entry = this.replayCache.get(cacheKey);
+        if (!entry) {
+            return false;
+        }
+        // Check if transaction is expired
+        if (this.isTransactionExpired(entry.timestamp)) {
+            this.replayCache.delete(cacheKey);
+            return false;
+        }
+        return true;
+    }
+    /**
+     * Add transaction to replay cache
+     */
+    addTransactionToCache(publicKey, nonce, txHash) {
+        const cacheKey = this.createCacheKey(publicKey, nonce, txHash);
+        const entry = {
+            publicKey,
+            nonce,
+            txHash,
+            timestamp: Date.now()
+        };
+        this.replayCache.set(cacheKey, entry);
+        console.log(`Added transaction to replay cache: ${cacheKey}`);
+    }
+    /**
+     * Validate complete transaction data
+     */
+    validateTransaction(txData) {
+        // Check timestamp expiration
+        if (this.isTransactionExpired(txData.timestamp)) {
+            return {
+                isValid: false,
+                error: 'Transaction has expired'
+            };
+        }
+        // Check nonce sequence
+        if (!this.validateAndIncrementNonce(txData.publicKey, txData.nonce)) {
+            return {
+                isValid: false,
+                error: `Invalid nonce sequence. Expected ${this.getCurrentNonce(txData.publicKey) + 1}, got ${txData.nonce}`
+            };
+        }
+        // Check replay cache
+        if (this.isTransactionReplayed(txData.publicKey, txData.nonce, txData.txHash)) {
+            return {
+                isValid: false,
+                error: 'Transaction has already been processed'
+            };
+        }
+        // Add to replay cache
+        this.addTransactionToCache(txData.publicKey, txData.nonce, txData.txHash);
+        return {
+            isValid: true,
+            error: ''
+        };
+    }
+    /**
+     * Get nonce statistics for a user
+     */
+    getNonceStats(publicKey) {
+        const currentNonce = this.getCurrentNonce(publicKey);
+        let totalTransactions = 0;
+        // Count transactions in cache for this user
+        for (const [key, entry] of this.replayCache.entries()) {
+            if (key.startsWith(`${publicKey}:`)) {
+                totalTransactions++;
+            }
+        }
+        return {
+            currentNonce,
+            totalTransactions
+        };
+    }
+    /**
+     * Clean up old entries from replay cache
+     */
+    cleanupExpiredEntries() {
+        const now = Date.now();
+        const expiredKeys = [];
+        for (const [key, entry] of this.replayCache.entries()) {
+            if (this.isTransactionExpired(entry.timestamp)) {
+                expiredKeys.push(key);
+            }
+        }
+        for (const key of expiredKeys) {
+            this.replayCache.delete(key);
+        }
+        if (expiredKeys.length > 0) {
+            console.log(`Cleaned up ${expiredKeys.length} expired replay cache entries`);
+        }
+    }
+    /**
+     * Start cleanup task
+     */
+    startCleanupTask() {
+        // Run cleanup every 5 minutes
+        this.cleanupInterval = setInterval(() => {
+            this.cleanupExpiredEntries();
+        }, 5 * 60 * 1000);
+    }
+    /**
+     * Stop cleanup task
+     */
+    stopCleanupTask() {
+        if (this.cleanupInterval) {
+            clearInterval(this.cleanupInterval);
+            this.cleanupInterval = null;
+        }
+    }
+    /**
+     * Get cache statistics
+     */
+    getCacheStats() {
+        return {
+            totalEntries: this.replayCache.size,
+            nonceCacheSize: this.nonceCache.size,
+            expirationWindow: this.expirationWindow
+        };
+    }
+    /**
+     * Clear all cache data (for testing)
+     */
+    clearCache() {
+        this.nonceCache.clear();
+        this.replayCache.clear();
+        console.log('Cleared all replay protection cache data');
+    }
+}
+exports.ReplayProtection = ReplayProtection;
+//# sourceMappingURL=replay-protection.js.map

package/dist/relayer/replay-protection.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"replay-protection.js","sourceRoot":"","sources":["../../relayer/replay-protection.ts"],"names":[],"mappings":";;;AAyBA,MAAa,gBAAgB;IAMzB;QALQ,eAAU,GAAwB,IAAI,GAAG,EAAE,CAAC,CAAC,6BAA6B;QAC1E,gBAAW,GAAkC,IAAI,GAAG,EAAE,CAAC,CAAC,oCAAoC;QAC5F,qBAAgB,GAAW,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,6BAA6B;QACxE,oBAAe,GAA0B,IAAI,CAAC;QAGlD,IAAI,CAAC,gBAAgB,EAAE,CAAC;IAC5B,CAAC;IAED;;OAEG;IACI,eAAe,CAAC,SAAiB;QACpC,MAAM,KAAK,GAAG,CAAC,CAAC;QAChB,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,aAAa,SAAS,EAAE,CAAC,CAAC;QAChE,OAAO,KAAK,CAAC;IACjB,CAAC;IAED;;OAEG;IACI,eAAe,CAAC,SAAiB;QACpC,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC/C,CAAC;IAED;;OAEG;IACI,yBAAyB,CAAC,SAAiB,EAAE,aAAqB;QACrE,MAAM,YAAY,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAEzD,IAAI,aAAa,KAAK,YAAY,GAAG,CAAC,EAAE,CAAC;YACrC,OAAO,CAAC,GAAG,CAAC,0BAA0B,SAAS,cAAc,YAAY,GAAG,CAAC,SAAS,aAAa,EAAE,CAAC,CAAC;YACvG,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QAC9C,OAAO,CAAC,GAAG,CAAC,wBAAwB,aAAa,aAAa,SAAS,EAAE,CAAC,CAAC;QAC3E,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACI,oBAAoB,CAAC,SAAiB;QACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,GAAG,GAAG,GAAG,GAAG,SAAS,CAAC;QAC5B,OAAO,GAAG,GAAG,IAAI,CAAC,gBAAgB,CAAC;IACvC,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,SAAiB,EAAE,KAAa,EAAE,MAAc;QACnE,OAAO,GAAG,SAAS,IAAI,KAAK,IAAI,MAAM,EAAE,CAAC;IAC7C,CAAC;IAED;;OAEG;IACI,qBAAqB,CAAC,SAAiB,EAAE,KAAa,EAAE,MAAc;QACzE,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC/D,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE7C,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,kCAAkC;QAClC,IAAI,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YAClC,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,OAAO,IAAI,CAAC;IAChB,CAAC;IAED;;OAEG;IACI,qBAAqB,CAAC,SAAiB,EAAE,KAAa,EAAE,MAAc;QACzE,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC/D,MAAM,KAAK,GAAqB;YAC5B,SAAS;YACT,KAAK;YACL,MAAM;YACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACxB,CAAC;QAEF,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACtC,OAAO,CAAC,GAAG,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;IAClE,CAAC;IAED;;OAEG;IACI,mBAAmB,CAAC,MAAuB;QAC9C,6BAA6B;QAC7B,IAAI,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9C,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,yBAAyB;aACnC,CAAC;QACN,CAAC;QAED,uBAAuB;QACvB,IAAI,CAAC,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YAClE,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,oCAAoC,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,MAAM,CAAC,KAAK,EAAE;aAC/G,CAAC;QACN,CAAC;QAED,qBAAqB;QACrB,IAAI,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5E,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,wCAAwC;aAClD,CAAC;QACN,CAAC;QAED,sBAAsB;QACtB,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAE1E,OAAO;YACH,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,EAAE;SACZ,CAAC;IACN,CAAC;IAED;;OAEG;IACI,aAAa,CAAC,SAAiB;QAClC,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC;QACrD,IAAI,iBAAiB,GAAG,CAAC,CAAC;QAE1B,4CAA4C;QAC5C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC;YACpD,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC;gBAClC,iBAAiB,EAAE,CAAC;YACxB,CAAC;QACL,CAAC;QAED,OAAO;YACH,YAAY;YACZ,iBAAiB;SACpB,CAAC;IACN,CAAC;IAED;;OAEG;IACK,qBAAqB;QACzB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,WAAW,GAAa,EAAE,CAAC;QAEjC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC;YACpD,IAAI,IAAI,CAAC,oBAAoB,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC7C,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAC1B,CAAC;QACL,CAAC;QAED,KAAK,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC;YAC5B,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QACjC,CAAC;QAED,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzB,OAAO,CAAC,GAAG,CAAC,cAAc,WAAW,CAAC,MAAM,+BAA+B,CAAC,CAAC;QACjF,CAAC;IACL,CAAC;IAED;;OAEG;IACK,gBAAgB;QACpB,8BAA8B;QAC9B,IAAI,CAAC,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;YACpC,IAAI,CAAC,qBAAqB,EAAE,CAAC;QACjC,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACtB,CAAC;IAED;;OAEG;IACI,eAAe;QAClB,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACvB,aAAa,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YACpC,IAAI,CAAC,eAAe,GAAG,IAAI,CAAC;QAChC,CAAC;IACL,CAAC;IAED;;OAEG;IACI,aAAa;QAChB,OAAO;YACH,YAAY,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI;YACnC,cAAc,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI;YACpC,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;SAC1C,CAAC;IACN,CAAC;IAED;;OAEG;IACI,UAAU;QACb,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,CAAC;IAC5D,CAAC;CACJ;AArND,4CAqNC"}