import { SuiClient as SuiClient$1 } from '@mysten/sui/client';
import { a as SessionKey } from '../../types-C564CfsE.mjs';
import { C as ChainClient, a as ChainConfig, T as TransferParams, E as ExecuteParams, B as BridgeParams, W as WebAuthnSignature, D as DispatchResult, V as VaultCreationResult, x as RegisterSessionParams, y as RevokeSessionParams, S as SessionValidationResult } from '../../types-DP2CQT8p.mjs';

/**
 * Veridex Protocol SDK - Sui Chain Client
 *
 * Production-grade implementation of ChainClient interface for Sui.
 * Supports session management, query-based execution, and vault operations.
 *
 * Security:
 * - Native sui::ecdsa_k1::secp256k1_verify for signature validation
 * - CCQ-based session validation with 60s staleness window
 * - Replay protection via nonce verification
 *
 * Note: Sui is a spoke chain. Session registration/revocation happens on Hub.
 */

interface SuiClientConfig {
    wormholeChainId: number;
    rpcUrl: string;
    packageId: string;
    wormholeCoreBridge: string;
    tokenBridge?: string;
    network?: 'mainnet' | 'testnet' | 'devnet';
    hubRpcUrl?: string;
    hubContractAddress?: string;
}
declare class SuiClient implements ChainClient {
    private config;
    private client;
    private packageId;
    private hubRpcUrl?;
    private hubContractAddress?;
    constructor(config: SuiClientConfig);
    getConfig(): ChainConfig;
    getNonce(_userKeyHash: string): Promise<bigint>;
    getMessageFee(): Promise<bigint>;
    buildTransferPayload(params: TransferParams): Promise<string>;
    buildExecutePayload(params: ExecuteParams): Promise<string>;
    buildBridgePayload(params: BridgeParams): Promise<string>;
    dispatch(signature: WebAuthnSignature, publicKeyX: bigint, publicKeyY: bigint, targetChain: number, actionPayload: string, nonce: bigint, signer: any): Promise<DispatchResult>;
    dispatchGasless(signature: WebAuthnSignature, publicKeyX: bigint, publicKeyY: bigint, targetChain: number, actionPayload: string, nonce: bigint, relayerUrl: string): Promise<DispatchResult>;
    getVaultAddress(userKeyHash: string): Promise<string | null>;
    computeVaultAddress(userKeyHash: string): string;
    vaultExists(_userKeyHash: string): Promise<boolean>;
    createVault(userKeyHash: string, signer: any): Promise<VaultCreationResult>;
    createVaultSponsored?(userKeyHash: string, sponsorPrivateKey: string, rpcUrl?: string): Promise<VaultCreationResult>;
    /**
     * Create a vault via the relayer (sponsored/gasless)
     * This is the recommended way to create Sui vaults
     *
     * The relayer will dispatch a vault creation action from Hub to Sui spoke
     */
    createVaultViaRelayer(userKeyHash: string, relayerUrl: string): Promise<VaultCreationResult>;
    /**
     * Get vault info via relayer (includes existence check)
     */
    getVaultViaRelayer(userKeyHash: string, relayerUrl: string): Promise<{
        vaultAddress: string;
        exists: boolean;
    }>;
    estimateVaultCreationGas(_userKeyHash: string): Promise<bigint>;
    getFactoryAddress(): string | undefined;
    getImplementationAddress(): string | undefined;
    getNativeBalance(address: string): Promise<bigint>;
    getTokenBalance(coinType: string, ownerAddress: string): Promise<bigint>;
    getClient(): SuiClient$1;
    getPackageId(): string;
    /**
     * Register a session key on the Hub (must be called via Hub client)
     * Sui spokes validate sessions via CCQ, but registration happens on Hub
     *
     * @throws Error - Session management must be done via Hub chain
     */
    registerSession(_params: RegisterSessionParams): Promise<void>;
    /**
     * Revoke a session key on the Hub (must be called via Hub client)
     *
     * @throws Error - Session management must be done via Hub chain
     */
    revokeSession(_params: RevokeSessionParams): Promise<void>;
    /**
     * Check if a session is active by querying the Hub
     * This method queries the Hub contract directly for session validation
     *
     * @param userKeyHash - Hash of user's Passkey public key
     * @param sessionKeyHash - Hash of session key to validate
     * @returns Session validation result with expiry and limits
     */
    isSessionActive(_userKeyHash: string, _sessionKeyHash: string): Promise<SessionValidationResult>;
    /**
     * Get all sessions for a user from the Hub
     *
     * @param userKeyHash - Hash of user's Passkey public key
     * @returns Array of all sessions (active and expired/revoked)
     */
    getUserSessions(userKeyHash: string): Promise<SessionKey[]>;
    /**
     * Get user state from Hub (comprehensive state query)
     * Returns key hash, nonce, and last action hash for CCQ validation
     *
     * @param userKeyHash - Hash of user's Passkey public key
     * @returns User state with nonce and last action hash
     */
    getUserState(userKeyHash: string): Promise<{
        keyHash: string;
        nonce: bigint;
        lastActionHash: string;
    }>;
    /**
     * Get user's last action hash from Hub
     * Used for optimistic execution and nonce validation
     *
     * @param userKeyHash - Hash of user's Passkey public key
     * @returns Last action hash (zero hash if no actions)
     */
    getUserLastActionHash(userKeyHash: string): Promise<string>;
    /**
     * Execute with query-based validation (faster than VAA, ~23s vs 60-90s)
     * Uses Wormhole CCQ to validate Hub state, then executes on Sui
     *
     * @param params Query execution parameters with CCQ response
     * @returns Dispatch result with transaction hash
     *
     * @remarks
     * Query-based execution flow:
     * 1. Query Hub state via Wormhole CCQ
     * 2. Validate Guardian signatures on query response
     * 3. Execute on Sui with validated state
     * 4. Hub state must be < 60s stale (enforced by QueryVerifier)
     */
    executeWithQuery(_params: {
        userKeyHash: string;
        queryResponse: Uint8Array;
        actionType: number;
        actionPayload: Uint8Array;
        relayerUrl?: string;
    }): Promise<DispatchResult>;
    private computeKeyHash;
    private buildMessageHash;
    /**
     * Get vault object ID by owner key hash
     *
     * @param ownerKeyHash - Owner's passkey hash (32 bytes as hex)
     * @param configObjectId - Shared Config object ID
     * @param registryObjectId - Shared VaultRegistry object ID
     * @returns Vault object ID or null if not found
     */
    getVaultId(_ownerKeyHash: string, registryObjectId: string): Promise<string | null>;
    /**
     * Get vault owner key hash from vault object
     *
     * @param vaultObjectId - Vault object ID
     * @returns Owner key hash as hex string
     */
    getVaultOwner(vaultObjectId: string): Promise<string | null>;
    /**
     * Get authorized signers for a vault
     *
     * @param vaultObjectId - Vault object ID
     * @returns Array of authorized signer key hashes
     */
    getAuthorizedSigners(vaultObjectId: string): Promise<string[]>;
    /**
     * Check if a VAA has been processed (for replay protection)
     *
     * @param vaaHash - VAA hash as hex string
     * @param processedVaasObjectId - ProcessedVAAs shared object ID
     * @returns Whether the VAA has been processed
     */
    isVaaProcessed(_vaaHash: string, processedVaasObjectId: string): Promise<boolean>;
    /**
     * Check if protocol is paused
     *
     * @param configObjectId - Config shared object ID
     * @returns Whether the protocol is paused
     */
    isProtocolPaused(configObjectId: string): Promise<boolean>;
}

export { SuiClient, type SuiClientConfig };