feat(sdk-core): add bulk TRX resource delegation SDK methods

Adds buildAccountDelegations, sendAccountDelegation, sendAccountDelegations
to the Wallet class and IWallet interface, mirroring the consolidation API.
Adds Express typed route schema and handler for
POST /api/v2/:coin/wallet/:id/delegateResources with TSS/custodial/hot wallet
branching and partial-success (202) response handling.

CHALO-287

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: bhavidhingra

examples/ts/trx/delegate-bandwidth-resources.ts

@@ -0,0 +1,173 @@
+/**
+ * Delegate bandwidth resources to a Tron address using the BitGo API.
+ *
+ * The script queries net_usage (freeBandwidthUsed + stakedBandwidthUsed) before
+ * and after the max-size lookup to detect any account state change that could
+ * invalidate the queried delegatable amount. If net_usage has changed, the
+ * delegation is aborted.
+ *
+ * Steps:
+ *  1. Query net_usage
+ *  2. Query getAccountResources for maxResourcesDelegatable.bandwidthSun
+ *  3. Query net_usage again — abort if it changed since step 1
+ *  4. Delegate
+ *  5. Query net_usage after delegation
+ *
+ * Copyright 2026, BitGo, Inc.  All Rights Reserved.
+ */
+import { BitGo, WalletCoinSpecific } from 'bitgo';
+import type { Wallet } from 'bitgo';
+
+// TODO: change to 'production' for mainnet
+const env = 'staging';
+const bitgo = new BitGo({ env });
+
+// TODO: change to 'trx' for mainnet
+const coin = 'ttrx';
+
+// TODO: set your wallet id
+const walletId = '69d500a2359312cee530061c42dff0cc';
+
+// TODO: set your wallet passphrase
+const walletPassphrase = 'Ghghjkg!455544llll';
+
+// TODO: set OTP code
+const otp = '000000';
+
+// TODO: set your access token here
+// You can get this from User Settings > Developer Options > Add Access Token
+const accessToken = 'v2x6a81534b000a0e1dd48706b24a1e90add4ea2fd9fbe5a66080e637176534afbc';
+
+// TODO: set the address to receive the delegated bandwidth
+const recipientAddress = 'TGmRquG8ddJ6PiiLyxeWmY7xU4KDGwPRUH';
+
+// TODO: adjust the reserve amount (in SUN) to keep back from the delegatable bandwidth
+const bandwidthSunReserve = '600000000';
+
+interface NetUsage {
+  freeBandwidthUsed: number;
+  stakedBandwidthUsed: number;
+}
+
+/**
+ * Returns the bandwidth consumed by the given address in the current window,
+ * split into free and staked portions.
+ * Equivalent to net_usage on the Tron node.
+ */
+async function getNetUsage(wallet: Wallet, address: string): Promise<NetUsage> {
+  const { resources } = await wallet.getAccountResources({ addresses: [address] });
+  const info = resources[0];
+  return {
+    freeBandwidthUsed: info?.freeBandwidthUsed ?? 0,
+    stakedBandwidthUsed: info?.stakedBandwidthUsed ?? 0,
+  };
+}
+
+function logNetUsage(label: string, usage: NetUsage): void {
+  console.log(`${label} — freeBandwidthUsed: ${usage.freeBandwidthUsed}, stakedBandwidthUsed: ${usage.stakedBandwidthUsed}, total: ${usage.freeBandwidthUsed + usage.stakedBandwidthUsed}`);
+}
+
+async function main() {
+  bitgo.authenticateWithAccessToken({ accessToken });
+
+  const wallet = await bitgo.coin(coin).wallets().getWallet({ id: walletId });
+  const coinSpecific = wallet.coinSpecific() as WalletCoinSpecific;
+  const rootAddress = coinSpecific.rootAddress as string;
+
+  console.log('Wallet ID:', wallet.id());
+  console.log('Root Address:', rootAddress);
+
+  // Step 1: Query net_usage before the max-size lookup
+  const netUsageBefore = await getNetUsage(wallet, rootAddress);
+  logNetUsage('\n[Step 1] net_usage before getAccountResources', netUsageBefore);
+
+  // Step 2: Fetch account resources to get maxResourcesDelegatable.bandwidthSun
+  const { resources, failedAddresses } = await wallet.getAccountResources({ addresses: [rootAddress] });
+
+  if (failedAddresses.length > 0) {
+    console.warn('Failed to fetch resources for:', failedAddresses);
+  }
+
+  console.log('\n[Step 2] Account Resources:');
+  console.log(JSON.stringify(resources, null, 2));
+
+  const rootResources = resources[0];
+  if (!rootResources) {
+    throw new Error(`No resource info returned for root address ${rootAddress}`);
+  }
+
+  // Step 3: Query net_usage again and abort if the account state changed
+  const netUsageAfter = await getNetUsage(wallet, rootAddress);
+  logNetUsage('\n[Step 3] net_usage after getAccountResources', netUsageAfter);
+
+  if (
+    netUsageAfter.freeBandwidthUsed !== netUsageBefore.freeBandwidthUsed ||
+    netUsageAfter.stakedBandwidthUsed !== netUsageBefore.stakedBandwidthUsed
+  ) {
+    throw new Error(
+      `Account state changed between queries — ` +
+        `freeBandwidthUsed: ${netUsageBefore.freeBandwidthUsed} → ${netUsageAfter.freeBandwidthUsed}, ` +
+        `stakedBandwidthUsed: ${netUsageBefore.stakedBandwidthUsed} → ${netUsageAfter.stakedBandwidthUsed}. ` +
+        `The queried maxResourcesDelegatable may no longer be valid. Aborting delegation.`
+    );
+  }
+  console.log('net_usage unchanged — account state is consistent, proceeding with delegation.');
+
+  // `maxResourcesDelegatable.bandwidthSun` is the max bandwidth (in SUN) the root
+  // address can currently delegate to another address.
+  const bandwidthSun = rootResources.maxResourcesDelegatable?.bandwidthSun;
+  if (!bandwidthSun || bandwidthSun === '0') {
+    console.log('Root address has no delegatable bandwidth. Nothing to delegate.');
+    return;
+  }
+
+  const adjustedBandwidthSun = (BigInt(bandwidthSun) - BigInt(bandwidthSunReserve)).toString();
+  if (BigInt(adjustedBandwidthSun) <= BigInt(0)) {
+    console.log('Delegatable bandwidth after adjustment is zero or negative. Nothing to delegate.');
+    return;
+  }
+
+  console.log(`\nDelegatable bandwidth: ${bandwidthSun} SUN`);
+  console.log(`Adjusted bandwidth (after ${bandwidthSunReserve} SUN reserve): ${adjustedBandwidthSun} SUN`);
+  console.log(`Recipient: ${recipientAddress}`);
+
+  // Unlock the session before sending
+  const unlock = await bitgo.unlock({ otp, duration: 3600 });
+  if (!unlock) {
+    throw new Error('Error unlocking session');
+  }
+
+  // Step 4: Delegate bandwidth from the root address to the recipient.
+  // stakingParams carries the delegation details; recipients must contain the same
+  // address with amount "0" (the actual amount lives in stakingParams.amount).
+  const result = await wallet.sendMany({
+    type: 'delegateResource',
+    stakingParams: {
+      receiver_address: recipientAddress,
+      amount: adjustedBandwidthSun,
+      resource: 'bandwidth',
+    },
+    recipients: [
+      {
+        address: recipientAddress,
+        amount: '0',
+      },
+    ],
+    walletPassphrase,
+    otp,
+  });
+
+  console.log('\n[Step 4] Delegate resource transaction result:');
+  console.dir(result, { depth: 6 });
+
+  // Step 5: Query net_usage after delegation
+  const netUsagePostDelegation = await getNetUsage(wallet, rootAddress);
+  logNetUsage('\n[Step 5] net_usage after delegation', netUsagePostDelegation);
+  console.log(
+    `net_usage delta (delegation overhead) — ` +
+      `freeBandwidthUsed: +${netUsagePostDelegation.freeBandwidthUsed - netUsageAfter.freeBandwidthUsed}, ` +
+      `stakedBandwidthUsed: +${netUsagePostDelegation.stakedBandwidthUsed - netUsageAfter.stakedBandwidthUsed}`
+  );
+}
+
+main().catch((e) => console.error(e));

modules/express/src/clientRoutes.ts

@@ -1052,6 +1052,53 @@ export async function handleV2ResourceDelegations(
   });
 }
 
+/**
+ * Handle bulk resource delegation (e.g. TRX ENERGY/BANDWIDTH delegation).
+ * Builds, signs, and sends one on-chain delegation transaction per entry in req.body.delegations.
+ * @param req
+ */
+export async function handleV2DelegateResources(
+  req: ExpressApiRouteRequest<'express.v2.wallet.delegateresources', 'post'>
+) {
+  const bitgo = req.bitgo;
+  const coin = bitgo.coin(req.decoded.coin);
+
+  if (!Array.isArray(req.decoded.delegations) || req.decoded.delegations.length === 0) {
+    throw new Error('delegations must be a non-empty array');
+  }
+
+  const wallet = await coin.wallets().get({ id: req.decoded.id });
+
+  let result: any;
+  try {
+    if (coin.supportsTss()) {
+      result = await wallet.sendAccountDelegations(createTSSSendParams(req, wallet));
+    } else {
+      result = await wallet.sendAccountDelegations(createSendParams(req));
+    }
+  } catch (err) {
+    err.status = 400;
+    throw err;
+  }
+
+  // Handle partial success / failure
+  if (result.failure.length > 0) {
+    let msg = '';
+    let status = 202;
+
+    if (result.success.length > 0) {
+      msg = `Transactions failed: ${result.failure.length} and succeeded: ${result.success.length}`;
+    } else {
+      status = 400;
+      msg = `All transactions failed`;
+    }
+
+    throw apiResponse(status, result, msg);
+  }
+
+  return result;
+}
+
 /**
  *  payload meant for prebuildAndSignTransaction() in sdk-core which
  * validates the payload and makes the appropriate request to WP to
@@ -1830,6 +1877,10 @@ export function setupAPIRoutes(app: express.Application, config: Config): void {
     prepareBitGo(config),
     typedPromiseWrapper(handleV2ResourceDelegations),
   ]);
+  router.post('express.v2.wallet.delegateresources', [
+    prepareBitGo(config),
+    typedPromiseWrapper(handleV2DelegateResources),
+  ]);
 
   // Miscellaneous
   router.post('express.canonicaladdress', [prepareBitGo(config), typedPromiseWrapper(handleCanonicalAddress)]);

modules/express/src/typedRoutes/api/index.ts

@@ -54,6 +54,7 @@ import { PostWalletAccelerateTx } from './v2/walletAccelerateTx';
 import { PostIsWalletAddress } from './v2/isWalletAddress';
 import { GetAccountResources } from './v2/accountResources';
 import { GetResourceDelegations } from './v2/resourceDelegations';
+import { PostDelegateResources } from './v2/delegateResources';
 
 // Too large types can cause the following error
 //
@@ -176,6 +177,12 @@ export const ExpressV2WalletConsolidateAccountApiSpec = apiSpec({
   },
 });
 
+export const ExpressV2WalletDelegateResourcesApiSpec = apiSpec({
+  'express.v2.wallet.delegateresources': {
+    post: PostDelegateResources,
+  },
+});
+
 export const ExpressWalletFanoutUnspentsApiSpec = apiSpec({
   'express.v1.wallet.fanoutunspents': {
     put: PutFanoutUnspents,
@@ -381,6 +388,7 @@ export type ExpressApi = typeof ExpressPingApiSpec &
   typeof ExpressV2WalletAccelerateTxApiSpec &
   typeof ExpressV2WalletAccountResourcesApiSpec &
   typeof ExpressV2WalletResourceDelegationsApiSpec &
+  typeof ExpressV2WalletDelegateResourcesApiSpec &
   typeof ExpressWalletManagementApiSpec;
 
 export const ExpressApi: ExpressApi = {
@@ -424,6 +432,7 @@ export const ExpressApi: ExpressApi = {
   ...ExpressV2WalletAccelerateTxApiSpec,
   ...ExpressV2WalletAccountResourcesApiSpec,
   ...ExpressV2WalletResourceDelegationsApiSpec,
+  ...ExpressV2WalletDelegateResourcesApiSpec,
   ...ExpressWalletManagementApiSpec,
 };
 

modules/express/src/typedRoutes/api/v2/delegateResources.ts

@@ -0,0 +1,98 @@
+import * as t from 'io-ts';
+import { httpRoute, httpRequest, optional } from '@api-ts/io-ts-http';
+import { BitgoExpressError } from '../../schemas/error';
+
+/**
+ * Path parameters for the delegate resources endpoint
+ */
+export const DelegateResourcesParams = {
+  /** Coin identifier (e.g., 'trx', 'ttrx') */
+  coin: t.string,
+  /** Wallet ID */
+  id: t.string,
+} as const;
+
+/**
+ * A single resource delegation entry
+ */
+export const DelegationEntryCodec = t.type({
+  /** On-chain address that will receive the delegated resources */
+  receiverAddress: t.string,
+  /** Amount of TRX (in SUN) to stake for the delegation */
+  amount: t.string,
+  /** Resource type to delegate (e.g. 'ENERGY', 'BANDWIDTH') */
+  resource: t.string,
+});
+
+/**
+ * Request body for delegating resources to multiple receiver addresses.
+ * Each delegation entry triggers a separate on-chain staking transaction
+ * from the wallet's root address to the receiver address.
+ *
+ * Signing behaviour by wallet type:
+ *   - Hot (non-TSS)   → signed locally with walletPassphrase and submitted
+ *   - Custodial non-TSS → sent for BitGo approval via initiateTransaction
+ *   - TSS (any)       → build response contains txRequestId; signed by TSS service
+ */
+export const DelegateResourcesRequestBody = {
+  /** Delegation entries — one on-chain transaction is built per entry */
+  delegations: t.array(DelegationEntryCodec),
+
+  /** Wallet passphrase to decrypt the user key (hot wallets) */
+  walletPassphrase: optional(t.string),
+  /** Extended private key (alternative to walletPassphrase) */
+  xprv: optional(t.string),
+  /** One-time password for 2FA */
+  otp: optional(t.string),
+
+  /** API version for TSS transaction request response ('lite' or 'full') */
+  apiVersion: optional(t.union([t.literal('lite'), t.literal('full')])),
+} as const;
+
+/**
+ * Response for the delegate resources operation.
+ * Returns arrays of successful and failed delegation transactions.
+ */
+export const DelegateResourcesResponse = t.type({
+  /** Successfully sent delegation transactions */
+  success: t.array(t.unknown),
+  /** Errors from failed delegation transactions */
+  failure: t.array(t.unknown),
+});
+
+/**
+ * Response for partial success or failure cases (202/400).
+ * Includes both the transaction results and error metadata.
+ */
+export const DelegateResourcesErrorResponse = t.intersection([DelegateResourcesResponse, BitgoExpressError]);
+
+/**
+ * Bulk Resource Delegation
+ *
+ * Delegates resources (ENERGY or BANDWIDTH) from a wallet's root address to one or more
+ * receiver addresses. Each delegation entry produces a separate on-chain staking transaction.
+ * This is the resource-delegation analogue of the consolidateAccount endpoint.
+ *
+ * Supported coins: TRON (trx, ttrx) and any future coins that support resource delegation.
+ *
+ * The API may return partial success (status 202) if some delegations succeed but others fail.
+ *
+ * @operationId express.v2.wallet.delegateresources
+ * @tag express
+ */
+export const PostDelegateResources = httpRoute({
+  path: '/api/v2/{coin}/wallet/{id}/delegateResources',
+  method: 'POST',
+  request: httpRequest({
+    params: DelegateResourcesParams,
+    body: DelegateResourcesRequestBody,
+  }),
+  response: {
+    /** All delegations succeeded */
+    200: DelegateResourcesResponse,
+    /** Partial success — some delegations succeeded, others failed */
+    202: DelegateResourcesErrorResponse,
+    /** All delegations failed */
+    400: DelegateResourcesErrorResponse,
+  },
+});