tenzro-sdk 0.1.0

package/dist/config.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LOCAL_CONFIG = exports.TESTNET_CONFIG = exports.MAINNET_CONFIG = void 0;
+// Note: Mainnet is not yet live. This configuration is a placeholder.
+// Use TESTNET_CONFIG to connect to the live Tenzro testnet (chainId: 1337).
+exports.MAINNET_CONFIG = {
+    endpoint: "https://rpc.tenzro.network",
+    apiEndpoint: "https://api.tenzro.network",
+    chainId: 1,
+    timeout: 30000,
+};
+exports.TESTNET_CONFIG = {
+    endpoint: "https://rpc.tenzro.network",
+    apiEndpoint: "https://api.tenzro.network",
+    chainId: 1337,
+    timeout: 30000,
+};
+exports.LOCAL_CONFIG = {
+    endpoint: "http://localhost:8545",
+    apiEndpoint: "http://localhost:8080",
+    chainId: 1337,
+    timeout: 10000,
+};
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":";;;AAOA,sEAAsE;AACtE,4EAA4E;AAC/D,QAAA,cAAc,GAAiB;IAC1C,QAAQ,EAAE,4BAA4B;IACtC,WAAW,EAAE,4BAA4B;IACzC,OAAO,EAAE,CAAC;IACV,OAAO,EAAE,KAAK;CACf,CAAC;AAEW,QAAA,cAAc,GAAiB;IAC1C,QAAQ,EAAE,4BAA4B;IACtC,WAAW,EAAE,4BAA4B;IACzC,OAAO,EAAE,IAAI;IACb,OAAO,EAAE,KAAK;CACf,CAAC;AAEW,QAAA,YAAY,GAAiB;IACxC,QAAQ,EAAE,uBAAuB;IACjC,WAAW,EAAE,uBAAuB;IACpC,OAAO,EAAE,IAAI;IACb,OAAO,EAAE,KAAK;CACf,CAAC"}

package/dist/contract.d.ts

@@ -0,0 +1,68 @@
+import type { RpcClient } from './rpc';
+/** Parameters for deploying a contract. */
+export interface DeployContractParams {
+    /** Hex-encoded bytecode to deploy */
+    bytecode: string;
+    /** Target VM: "evm", "svm", or "daml" */
+    vm_type: string;
+    /** Deployer address */
+    from: string;
+    /** Optional constructor arguments (ABI-encoded hex for EVM) */
+    constructor_args?: string;
+    /** Optional gas limit */
+    gas_limit?: number;
+}
+/** Result of a read-only contract call. */
+export interface CallResult {
+    /** Hex-encoded return data */
+    data: string;
+}
+/** Result of a contract deployment. */
+export interface DeployResult {
+    /** Transaction hash */
+    tx_hash: string;
+    /** Deployed contract address */
+    contract_address: string;
+    /** VM the contract was deployed to */
+    vm_type: string;
+    /** Gas used */
+    gas_used?: number;
+    /** Deployment status */
+    status: string;
+}
+/**
+ * Client for smart contract deployment via the MultiVmRuntime.
+ * Supports deploying bytecode to EVM, SVM, or DAML VMs.
+ */
+export declare class ContractClient {
+    private readonly rpc;
+    constructor(rpc: RpcClient);
+    /**
+     * Deploy a contract to the specified VM.
+     * @param params - Deployment parameters including bytecode and target VM
+     * @returns Deployment result with contract address and transaction hash
+     */
+    deploy(params: DeployContractParams): Promise<DeployResult>;
+    /**
+     * Perform a read-only contract call (eth_call).
+     * @param to - Contract address (hex)
+     * @param data - ABI-encoded call data (hex)
+     * @param block - Block number or "latest" (default: "latest")
+     */
+    callContract(to: string, data: string, block?: string): Promise<CallResult>;
+    /**
+     * ABI-encode a function call.
+     * @param functionSig - Function signature (e.g., "transfer(address,uint256)")
+     * @param args - Function arguments
+     * @returns Hex-encoded call data
+     */
+    encodeFunction(functionSig: string, args: unknown[]): Promise<string>;
+    /**
+     * Decode ABI-encoded return data.
+     * @param data - Hex-encoded return data
+     * @param outputTypes - Expected output types (e.g., ["uint256", "address"])
+     * @returns Decoded values
+     */
+    decodeResult(data: string, outputTypes: string[]): Promise<unknown[]>;
+}
+//# sourceMappingURL=contract.d.ts.map

package/dist/contract.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"contract.d.ts","sourceRoot":"","sources":["../src/contract.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAIvC,2CAA2C;AAC3C,MAAM,WAAW,oBAAoB;IACnC,qCAAqC;IACrC,QAAQ,EAAE,MAAM,CAAC;IACjB,yCAAyC;IACzC,OAAO,EAAE,MAAM,CAAC;IAChB,uBAAuB;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,+DAA+D;IAC/D,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,yBAAyB;IACzB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAID,2CAA2C;AAC3C,MAAM,WAAW,UAAU;IACzB,8BAA8B;IAC9B,IAAI,EAAE,MAAM,CAAC;CACd;AAED,uCAAuC;AACvC,MAAM,WAAW,YAAY;IAC3B,uBAAuB;IACvB,OAAO,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,gBAAgB,EAAE,MAAM,CAAC;IACzB,sCAAsC;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,eAAe;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,wBAAwB;IACxB,MAAM,EAAE,MAAM,CAAC;CAChB;AAID;;;GAGG;AACH,qBAAa,cAAc;IACb,OAAO,CAAC,QAAQ,CAAC,GAAG;gBAAH,GAAG,EAAE,SAAS;IAE3C;;;;OAIG;IACG,MAAM,CAAC,MAAM,EAAE,oBAAoB,GAAG,OAAO,CAAC,YAAY,CAAC;IAIjE;;;;;OAKG;IACG,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAQjF;;;;;OAKG;IACG,cAAc,CAAC,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAM3E;;;;;OAKG;IACG,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC;CAK5E"}

package/dist/contract.js

@@ -0,0 +1,59 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ContractClient = void 0;
+// ── Client ──
+/**
+ * Client for smart contract deployment via the MultiVmRuntime.
+ * Supports deploying bytecode to EVM, SVM, or DAML VMs.
+ */
+class ContractClient {
+    rpc;
+    constructor(rpc) {
+        this.rpc = rpc;
+    }
+    /**
+     * Deploy a contract to the specified VM.
+     * @param params - Deployment parameters including bytecode and target VM
+     * @returns Deployment result with contract address and transaction hash
+     */
+    async deploy(params) {
+        return this.rpc.call('tenzro_deployContract', [params]);
+    }
+    /**
+     * Perform a read-only contract call (eth_call).
+     * @param to - Contract address (hex)
+     * @param data - ABI-encoded call data (hex)
+     * @param block - Block number or "latest" (default: "latest")
+     */
+    async callContract(to, data, block) {
+        const result = await this.rpc.call('eth_call', [
+            { to, data },
+            block ?? 'latest',
+        ]);
+        return { data: result };
+    }
+    /**
+     * ABI-encode a function call.
+     * @param functionSig - Function signature (e.g., "transfer(address,uint256)")
+     * @param args - Function arguments
+     * @returns Hex-encoded call data
+     */
+    async encodeFunction(functionSig, args) {
+        return this.rpc.call('tenzro_encodeFunction', [
+            { function_sig: functionSig, args },
+        ]);
+    }
+    /**
+     * Decode ABI-encoded return data.
+     * @param data - Hex-encoded return data
+     * @param outputTypes - Expected output types (e.g., ["uint256", "address"])
+     * @returns Decoded values
+     */
+    async decodeResult(data, outputTypes) {
+        return this.rpc.call('tenzro_decodeResult', [
+            { data, output_types: outputTypes },
+        ]);
+    }
+}
+exports.ContractClient = ContractClient;
+//# sourceMappingURL=contract.js.map

package/dist/contract.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"contract.js","sourceRoot":"","sources":["../src/contract.ts"],"names":[],"mappings":";;;AAwCA,eAAe;AAEf;;;GAGG;AACH,MAAa,cAAc;IACI;IAA7B,YAA6B,GAAc;QAAd,QAAG,GAAH,GAAG,CAAW;IAAG,CAAC;IAE/C;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,MAA4B;QACvC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAe,uBAAuB,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;IACxE,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY,CAAC,EAAU,EAAE,IAAY,EAAE,KAAc;QACzD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,IAAI,CAAS,UAAU,EAAE;YACrD,EAAE,EAAE,EAAE,IAAI,EAAE;YACZ,KAAK,IAAI,QAAQ;SAClB,CAAC,CAAC;QACH,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAC1B,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,cAAc,CAAC,WAAmB,EAAE,IAAe;QACvD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAS,uBAAuB,EAAE;YACpD,EAAE,YAAY,EAAE,WAAW,EAAE,IAAI,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,WAAqB;QACpD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAY,qBAAqB,EAAE;YACrD,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;CACF;AAjDD,wCAiDC"}

package/dist/crypto.d.ts

@@ -0,0 +1,112 @@
+import type { RpcClient } from './rpc';
+/** Result of a message signing operation. */
+export interface SignatureResult {
+    /** Hex-encoded signature */
+    signature: string;
+    /** Hex-encoded public key of the signer */
+    public_key: string;
+}
+/** Result of a signature verification. */
+export interface VerifyResult {
+    /** Whether the signature is valid */
+    valid: boolean;
+}
+/** Result of an encryption operation. */
+export interface EncryptResult {
+    /** Hex-encoded ciphertext */
+    ciphertext: string;
+    /** Hex-encoded nonce (12 bytes) */
+    nonce: string;
+}
+/** Result of a decryption operation. */
+export interface DecryptResult {
+    /** Hex-encoded plaintext */
+    plaintext: string;
+}
+/** Key derived from a password. */
+export interface DerivedKey {
+    /** Hex-encoded derived key */
+    key: string;
+    /** Hex-encoded salt */
+    salt: string;
+}
+/** Generated keypair. */
+export interface KeyPair {
+    /** Hex-encoded public key */
+    public_key: string;
+    /** Hex-encoded private key */
+    private_key: string;
+    /** Key algorithm ("ed25519" or "secp256k1") */
+    key_type: string;
+}
+/** Shared secret from X25519 key exchange. */
+export interface SharedSecret {
+    /** Hex-encoded shared secret (32 bytes) */
+    secret: string;
+}
+/**
+ * Client for cryptographic operations.
+ *
+ * Provides signing, verification, encryption, hashing, key generation,
+ * and X25519 Diffie-Hellman key exchange.
+ */
+export declare class CryptoClient {
+    private readonly rpc;
+    constructor(rpc: RpcClient);
+    /**
+     * Sign a message using Ed25519 or Secp256k1.
+     * @param privateKey - Hex-encoded private key
+     * @param message - Hex-encoded message bytes
+     */
+    signMessage(privateKey: string, message: string): Promise<SignatureResult>;
+    /**
+     * Verify a signature against a message and public key.
+     * @param publicKey - Hex-encoded public key
+     * @param message - Hex-encoded message bytes
+     * @param signature - Hex-encoded signature
+     */
+    verifySignature(publicKey: string, message: string, signature: string): Promise<VerifyResult>;
+    /**
+     * Encrypt data using AES-256-GCM.
+     * @param key - Hex-encoded 256-bit encryption key
+     * @param plaintext - Hex-encoded plaintext
+     */
+    encrypt(key: string, plaintext: string): Promise<EncryptResult>;
+    /**
+     * Decrypt data using AES-256-GCM.
+     * @param key - Hex-encoded 256-bit encryption key
+     * @param ciphertext - Hex-encoded ciphertext
+     * @param nonce - Hex-encoded 12-byte nonce
+     */
+    decrypt(key: string, ciphertext: string, nonce: string): Promise<DecryptResult>;
+    /**
+     * Derive a key from a password using Argon2id (64MB, 3 iterations).
+     * @param password - Password to derive key from
+     * @param salt - Hex-encoded salt (16 bytes recommended)
+     */
+    deriveKey(password: string, salt: string): Promise<DerivedKey>;
+    /**
+     * Generate a new Ed25519 or Secp256k1 keypair.
+     * @param keyType - "ed25519" or "secp256k1"
+     */
+    generateKeypair(keyType: 'ed25519' | 'secp256k1'): Promise<KeyPair>;
+    /**
+     * Compute SHA-256 hash.
+     * @param data - Hex-encoded data
+     * @returns Hex-encoded hash
+     */
+    hashSha256(data: string): Promise<string>;
+    /**
+     * Compute Keccak-256 hash (Ethereum compatible).
+     * @param data - Hex-encoded data
+     * @returns Hex-encoded hash
+     */
+    hashKeccak256(data: string): Promise<string>;
+    /**
+     * Perform X25519 Diffie-Hellman key exchange.
+     * @param privateKey - Hex-encoded X25519 private key
+     * @param publicKey - Hex-encoded X25519 public key of the peer
+     */
+    x25519KeyExchange(privateKey: string, publicKey: string): Promise<SharedSecret>;
+}
+//# sourceMappingURL=crypto.d.ts.map

package/dist/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAIvC,6CAA6C;AAC7C,MAAM,WAAW,eAAe;IAC9B,4BAA4B;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,2CAA2C;IAC3C,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,0CAA0C;AAC1C,MAAM,WAAW,YAAY;IAC3B,qCAAqC;IACrC,KAAK,EAAE,OAAO,CAAC;CAChB;AAED,yCAAyC;AACzC,MAAM,WAAW,aAAa;IAC5B,6BAA6B;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,mCAAmC;IACnC,KAAK,EAAE,MAAM,CAAC;CACf;AAED,wCAAwC;AACxC,MAAM,WAAW,aAAa;IAC5B,4BAA4B;IAC5B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,mCAAmC;AACnC,MAAM,WAAW,UAAU;IACzB,8BAA8B;IAC9B,GAAG,EAAE,MAAM,CAAC;IACZ,uBAAuB;IACvB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,yBAAyB;AACzB,MAAM,WAAW,OAAO;IACtB,6BAA6B;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,8BAA8B;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,+CAA+C;IAC/C,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,8CAA8C;AAC9C,MAAM,WAAW,YAAY;IAC3B,2CAA2C;IAC3C,MAAM,EAAE,MAAM,CAAC;CAChB;AAID;;;;;GAKG;AACH,qBAAa,YAAY;IACX,OAAO,CAAC,QAAQ,CAAC,GAAG;gBAAH,GAAG,EAAE,SAAS;IAE3C;;;;OAIG;IACG,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,eAAe,CAAC;IAMhF;;;;;OAKG;IACG,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;IAMnG;;;;OAIG;IACG,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAIrE;;;;;OAKG;IACG,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAIrF;;;;OAIG;IACG,SAAS,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAIpE;;;OAGG;IACG,eAAe,CAAC,OAAO,EAAE,SAAS,GAAG,WAAW,GAAG,OAAO,CAAC,OAAO,CAAC;IAIzE;;;;OAIG;IACG,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAI/C;;;;OAIG;IACG,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIlD;;;;OAIG;IACG,iBAAiB,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC;CAKtF"}

package/dist/crypto.js

@@ -0,0 +1,97 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CryptoClient = void 0;
+// ── Client ──
+/**
+ * Client for cryptographic operations.
+ *
+ * Provides signing, verification, encryption, hashing, key generation,
+ * and X25519 Diffie-Hellman key exchange.
+ */
+class CryptoClient {
+    rpc;
+    constructor(rpc) {
+        this.rpc = rpc;
+    }
+    /**
+     * Sign a message using Ed25519 or Secp256k1.
+     * @param privateKey - Hex-encoded private key
+     * @param message - Hex-encoded message bytes
+     */
+    async signMessage(privateKey, message) {
+        return this.rpc.call('tenzro_signMessage', [
+            { private_key: privateKey, message },
+        ]);
+    }
+    /**
+     * Verify a signature against a message and public key.
+     * @param publicKey - Hex-encoded public key
+     * @param message - Hex-encoded message bytes
+     * @param signature - Hex-encoded signature
+     */
+    async verifySignature(publicKey, message, signature) {
+        return this.rpc.call('tenzro_verifySignature', [
+            { public_key: publicKey, message, signature },
+        ]);
+    }
+    /**
+     * Encrypt data using AES-256-GCM.
+     * @param key - Hex-encoded 256-bit encryption key
+     * @param plaintext - Hex-encoded plaintext
+     */
+    async encrypt(key, plaintext) {
+        return this.rpc.call('tenzro_encrypt', [{ key, plaintext }]);
+    }
+    /**
+     * Decrypt data using AES-256-GCM.
+     * @param key - Hex-encoded 256-bit encryption key
+     * @param ciphertext - Hex-encoded ciphertext
+     * @param nonce - Hex-encoded 12-byte nonce
+     */
+    async decrypt(key, ciphertext, nonce) {
+        return this.rpc.call('tenzro_decrypt', [{ key, ciphertext, nonce }]);
+    }
+    /**
+     * Derive a key from a password using Argon2id (64MB, 3 iterations).
+     * @param password - Password to derive key from
+     * @param salt - Hex-encoded salt (16 bytes recommended)
+     */
+    async deriveKey(password, salt) {
+        return this.rpc.call('tenzro_deriveKey', [{ password, salt }]);
+    }
+    /**
+     * Generate a new Ed25519 or Secp256k1 keypair.
+     * @param keyType - "ed25519" or "secp256k1"
+     */
+    async generateKeypair(keyType) {
+        return this.rpc.call('tenzro_generateKeypair', [{ key_type: keyType }]);
+    }
+    /**
+     * Compute SHA-256 hash.
+     * @param data - Hex-encoded data
+     * @returns Hex-encoded hash
+     */
+    async hashSha256(data) {
+        return this.rpc.call('tenzro_hashSha256', [{ data }]);
+    }
+    /**
+     * Compute Keccak-256 hash (Ethereum compatible).
+     * @param data - Hex-encoded data
+     * @returns Hex-encoded hash
+     */
+    async hashKeccak256(data) {
+        return this.rpc.call('tenzro_hashKeccak256', [{ data }]);
+    }
+    /**
+     * Perform X25519 Diffie-Hellman key exchange.
+     * @param privateKey - Hex-encoded X25519 private key
+     * @param publicKey - Hex-encoded X25519 public key of the peer
+     */
+    async x25519KeyExchange(privateKey, publicKey) {
+        return this.rpc.call('tenzro_x25519KeyExchange', [
+            { private_key: privateKey, public_key: publicKey },
+        ]);
+    }
+}
+exports.CryptoClient = CryptoClient;
+//# sourceMappingURL=crypto.js.map

package/dist/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":";;;AAwDA,eAAe;AAEf;;;;;GAKG;AACH,MAAa,YAAY;IACM;IAA7B,YAA6B,GAAc;QAAd,QAAG,GAAH,GAAG,CAAW;IAAG,CAAC;IAE/C;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,UAAkB,EAAE,OAAe;QACnD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAkB,oBAAoB,EAAE;YAC1D,EAAE,WAAW,EAAE,UAAU,EAAE,OAAO,EAAE;SACrC,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,eAAe,CAAC,SAAiB,EAAE,OAAe,EAAE,SAAiB;QACzE,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAe,wBAAwB,EAAE;YAC3D,EAAE,UAAU,EAAE,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE;SAC9C,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO,CAAC,GAAW,EAAE,SAAiB;QAC1C,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAgB,gBAAgB,EAAE,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IAC9E,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,OAAO,CAAC,GAAW,EAAE,UAAkB,EAAE,KAAa;QAC1D,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAgB,gBAAgB,EAAE,CAAC,EAAE,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACtF,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,SAAS,CAAC,QAAgB,EAAE,IAAY;QAC5C,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAa,kBAAkB,EAAE,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC7E,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe,CAAC,OAAgC;QACpD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAU,wBAAwB,EAAE,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IACnF,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,UAAU,CAAC,IAAY;QAC3B,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAS,mBAAmB,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAChE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,aAAa,CAAC,IAAY;QAC9B,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAS,sBAAsB,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACnE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,iBAAiB,CAAC,UAAkB,EAAE,SAAiB;QAC3D,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAe,0BAA0B,EAAE;YAC7D,EAAE,WAAW,EAAE,UAAU,EAAE,UAAU,EAAE,SAAS,EAAE;SACnD,CAAC,CAAC;IACL,CAAC;CACF;AA1FD,oCA0FC"}

package/dist/custody.d.ts

@@ -0,0 +1,114 @@
+import type { RpcClient } from './rpc';
+/** MPC threshold wallet information. */
+export interface MpcWallet {
+    /** Wallet identifier */
+    wallet_id: string;
+    /** Wallet address (hex) */
+    address: string;
+    /** Signing threshold (e.g., 2) */
+    threshold: number;
+    /** Total number of key shares (e.g., 3) */
+    total_shares: number;
+}
+/** Encrypted keystore export. */
+export interface EncryptedKeystore {
+    /** Encrypted keystore data (JSON string) */
+    encrypted: string;
+    /** Key derivation function used ("argon2id") */
+    kdf: string;
+    /** Cipher used ("aes-256-gcm") */
+    cipher: string;
+}
+/** Key share metadata (not the actual share material). */
+export interface KeyShare {
+    /** Share index (1-based) */
+    index: number;
+    /** When this share was created */
+    created_at: string;
+}
+/** Result of a key rotation operation. */
+export interface RotationResult {
+    /** Whether the rotation succeeded */
+    success: boolean;
+    /** Number of shares rotated */
+    shares_rotated: number;
+    /** New rotation epoch */
+    epoch: number;
+}
+/** Wallet spending policy. */
+export interface SpendingPolicy {
+    /** Maximum daily spending (in smallest unit, as string for BigInt support) */
+    daily_limit: string;
+    /** Maximum per-transaction spending (in smallest unit, as string) */
+    per_tx_limit: string;
+    /** Amount already spent today (in smallest unit, as string) */
+    daily_spent: string;
+}
+/** Scoped session key for temporary wallet access. */
+export interface SessionKey {
+    /** Session key identifier */
+    session_id: string;
+    /** When the session expires (ISO 8601) */
+    expires_at: string;
+    /** Allowed operations */
+    operations: string[];
+}
+/**
+ * Client for key custody and wallet security operations.
+ *
+ * Provides MPC wallet creation, keystore management, key rotation,
+ * spending policies, and session key authorization.
+ */
+export declare class CustodyClient {
+    private readonly rpc;
+    constructor(rpc: RpcClient);
+    /**
+     * Create a new MPC threshold wallet.
+     * @param threshold - Minimum number of shares required to sign
+     * @param totalShares - Total number of key shares
+     * @param keyType - "ed25519" or "secp256k1"
+     */
+    createMpcWallet(threshold: number, totalShares: number, keyType: 'ed25519' | 'secp256k1'): Promise<MpcWallet>;
+    /**
+     * Export an encrypted keystore (Argon2id + AES-256-GCM).
+     * @param walletId - Wallet identifier
+     * @param password - Password to encrypt the keystore
+     */
+    exportKeystore(walletId: string, password: string): Promise<EncryptedKeystore>;
+    /**
+     * Import a wallet from an encrypted keystore.
+     * @param keystore - Encrypted keystore JSON string
+     * @param password - Password to decrypt the keystore
+     */
+    importKeystore(keystore: string, password: string): Promise<MpcWallet>;
+    /**
+     * Get key share metadata (not the actual shares).
+     * @param walletId - Wallet identifier
+     */
+    getKeyShares(walletId: string): Promise<KeyShare[]>;
+    /**
+     * Rotate MPC key shares (same public key, new shares).
+     * @param walletId - Wallet identifier
+     */
+    rotateKeys(walletId: string): Promise<RotationResult>;
+    /**
+     * Set spending limits for a wallet.
+     * @param walletId - Wallet identifier
+     * @param dailyLimit - Maximum daily spending (in smallest unit)
+     * @param perTxLimit - Maximum per-transaction spending
+     */
+    setSpendingLimits(walletId: string, dailyLimit: bigint, perTxLimit: bigint): Promise<SpendingPolicy>;
+    /**
+     * Get current spending limits for a wallet.
+     * @param walletId - Wallet identifier
+     */
+    getSpendingLimits(walletId: string): Promise<SpendingPolicy>;
+    /**
+     * Create a session key with scoped permissions.
+     * @param walletId - Wallet identifier
+     * @param durationSecs - Session validity duration in seconds
+     * @param operations - Allowed operations (e.g., "transfer", "stake")
+     */
+    authorizeSession(walletId: string, durationSecs: number, operations: string[]): Promise<SessionKey>;
+}
+//# sourceMappingURL=custody.d.ts.map

package/dist/custody.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"custody.d.ts","sourceRoot":"","sources":["../src/custody.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,OAAO,CAAC;AAIvC,wCAAwC;AACxC,MAAM,WAAW,SAAS;IACxB,wBAAwB;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,2BAA2B;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,kCAAkC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,2CAA2C;IAC3C,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,iCAAiC;AACjC,MAAM,WAAW,iBAAiB;IAChC,4CAA4C;IAC5C,SAAS,EAAE,MAAM,CAAC;IAClB,gDAAgD;IAChD,GAAG,EAAE,MAAM,CAAC;IACZ,kCAAkC;IAClC,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,0DAA0D;AAC1D,MAAM,WAAW,QAAQ;IACvB,4BAA4B;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,kCAAkC;IAClC,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,0CAA0C;AAC1C,MAAM,WAAW,cAAc;IAC7B,qCAAqC;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,+BAA+B;IAC/B,cAAc,EAAE,MAAM,CAAC;IACvB,yBAAyB;IACzB,KAAK,EAAE,MAAM,CAAC;CACf;AAED,8BAA8B;AAC9B,MAAM,WAAW,cAAc;IAC7B,8EAA8E;IAC9E,WAAW,EAAE,MAAM,CAAC;IACpB,qEAAqE;IACrE,YAAY,EAAE,MAAM,CAAC;IACrB,+DAA+D;IAC/D,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,sDAAsD;AACtD,MAAM,WAAW,UAAU;IACzB,6BAA6B;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,0CAA0C;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,yBAAyB;IACzB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAID;;;;;GAKG;AACH,qBAAa,aAAa;IACZ,OAAO,CAAC,QAAQ,CAAC,GAAG;gBAAH,GAAG,EAAE,SAAS;IAE3C;;;;;OAKG;IACG,eAAe,CACnB,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,SAAS,GAAG,WAAW,GAC/B,OAAO,CAAC,SAAS,CAAC;IAMrB;;;;OAIG;IACG,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IAMpF;;;;OAIG;IACG,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC;IAI5E;;;OAGG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAIzD;;;OAGG;IACG,UAAU,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAI3D;;;;;OAKG;IACG,iBAAiB,CACrB,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,cAAc,CAAC;IAU1B;;;OAGG;IACG,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAMlE;;;;;OAKG;IACG,gBAAgB,CACpB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,UAAU,EAAE,MAAM,EAAE,GACnB,OAAO,CAAC,UAAU,CAAC;CAKvB"}

package/dist/custody.js

@@ -0,0 +1,96 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CustodyClient = void 0;
+// ── Client ──
+/**
+ * Client for key custody and wallet security operations.
+ *
+ * Provides MPC wallet creation, keystore management, key rotation,
+ * spending policies, and session key authorization.
+ */
+class CustodyClient {
+    rpc;
+    constructor(rpc) {
+        this.rpc = rpc;
+    }
+    /**
+     * Create a new MPC threshold wallet.
+     * @param threshold - Minimum number of shares required to sign
+     * @param totalShares - Total number of key shares
+     * @param keyType - "ed25519" or "secp256k1"
+     */
+    async createMpcWallet(threshold, totalShares, keyType) {
+        return this.rpc.call('tenzro_createMpcWallet', [
+            { threshold, total_shares: totalShares, key_type: keyType },
+        ]);
+    }
+    /**
+     * Export an encrypted keystore (Argon2id + AES-256-GCM).
+     * @param walletId - Wallet identifier
+     * @param password - Password to encrypt the keystore
+     */
+    async exportKeystore(walletId, password) {
+        return this.rpc.call('tenzro_exportKeystore', [
+            { wallet_id: walletId, password },
+        ]);
+    }
+    /**
+     * Import a wallet from an encrypted keystore.
+     * @param keystore - Encrypted keystore JSON string
+     * @param password - Password to decrypt the keystore
+     */
+    async importKeystore(keystore, password) {
+        return this.rpc.call('tenzro_importKeystore', [{ keystore, password }]);
+    }
+    /**
+     * Get key share metadata (not the actual shares).
+     * @param walletId - Wallet identifier
+     */
+    async getKeyShares(walletId) {
+        return this.rpc.call('tenzro_getKeyShares', [{ wallet_id: walletId }]);
+    }
+    /**
+     * Rotate MPC key shares (same public key, new shares).
+     * @param walletId - Wallet identifier
+     */
+    async rotateKeys(walletId) {
+        return this.rpc.call('tenzro_rotateKeys', [{ wallet_id: walletId }]);
+    }
+    /**
+     * Set spending limits for a wallet.
+     * @param walletId - Wallet identifier
+     * @param dailyLimit - Maximum daily spending (in smallest unit)
+     * @param perTxLimit - Maximum per-transaction spending
+     */
+    async setSpendingLimits(walletId, dailyLimit, perTxLimit) {
+        return this.rpc.call('tenzro_setSpendingLimits', [
+            {
+                wallet_id: walletId,
+                daily_limit: dailyLimit.toString(),
+                per_tx_limit: perTxLimit.toString(),
+            },
+        ]);
+    }
+    /**
+     * Get current spending limits for a wallet.
+     * @param walletId - Wallet identifier
+     */
+    async getSpendingLimits(walletId) {
+        return this.rpc.call('tenzro_getSpendingLimits', [
+            { wallet_id: walletId },
+        ]);
+    }
+    /**
+     * Create a session key with scoped permissions.
+     * @param walletId - Wallet identifier
+     * @param durationSecs - Session validity duration in seconds
+     * @param operations - Allowed operations (e.g., "transfer", "stake")
+     */
+    async authorizeSession(walletId, durationSecs, operations) {
+        return this.rpc.call('tenzro_authorizeSession', [
+            { wallet_id: walletId, duration_secs: durationSecs, operations },
+        ]);
+    }
+}
+exports.CustodyClient = CustodyClient;
+//# sourceMappingURL=custody.js.map

package/dist/custody.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"custody.js","sourceRoot":"","sources":["../src/custody.ts"],"names":[],"mappings":";;;AAgEA,eAAe;AAEf;;;;;GAKG;AACH,MAAa,aAAa;IACK;IAA7B,YAA6B,GAAc;QAAd,QAAG,GAAH,GAAG,CAAW;IAAG,CAAC;IAE/C;;;;;OAKG;IACH,KAAK,CAAC,eAAe,CACnB,SAAiB,EACjB,WAAmB,EACnB,OAAgC;QAEhC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAY,wBAAwB,EAAE;YACxD,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE;SAC5D,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,QAAgB;QACrD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAoB,uBAAuB,EAAE;YAC/D,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE;SAClC,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,cAAc,CAAC,QAAgB,EAAE,QAAgB;QACrD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAY,uBAAuB,EAAE,CAAC,EAAE,QAAQ,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IACrF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,YAAY,CAAC,QAAgB;QACjC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAa,qBAAqB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IACrF,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAC,QAAgB;QAC/B,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAiB,mBAAmB,EAAE,CAAC,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;IACvF,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,iBAAiB,CACrB,QAAgB,EAChB,UAAkB,EAClB,UAAkB;QAElB,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAiB,0BAA0B,EAAE;YAC/D;gBACE,SAAS,EAAE,QAAQ;gBACnB,WAAW,EAAE,UAAU,CAAC,QAAQ,EAAE;gBAClC,YAAY,EAAE,UAAU,CAAC,QAAQ,EAAE;aACpC;SACF,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,iBAAiB,CAAC,QAAgB;QACtC,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAiB,0BAA0B,EAAE;YAC/D,EAAE,SAAS,EAAE,QAAQ,EAAE;SACxB,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,gBAAgB,CACpB,QAAgB,EAChB,YAAoB,EACpB,UAAoB;QAEpB,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAa,yBAAyB,EAAE;YAC1D,EAAE,SAAS,EAAE,QAAQ,EAAE,aAAa,EAAE,YAAY,EAAE,UAAU,EAAE;SACjE,CAAC,CAAC;IACL,CAAC;CACF;AApGD,sCAoGC"}