@0xbow/privacy-pools-core-sdk 1.1.1 → 1.2.0

package/dist/esm/{index-DkNRxKxP.js → index-BjOXETm6.js}

@@ -1,7 +1,7 @@
 import { mnemonicToAccount, privateKeyToAccount } from 'viem/accounts';
 import require$$0 from 'buffer';
 import require$$2 from 'assert';
-import { keccak256, encodeAbiParameters, numberToHex, createPublicClient, http, createWalletClient, getAddress, bytesToNumber as bytesToNumber$1, parseAbiItem } from 'viem';
+import { bytesToBigInt, keccak256, encodeAbiParameters, numberToHex, createPublicClient, http, createWalletClient, getAddress, bytesToNumber, parseAbiItem } from 'viem';
 import { mainnet } from 'viem/chains';
 
 /**
@@ -16,281 +16,6 @@ const DEFAULT_LOG_FETCH_CONFIG = {
     retryBaseDelayMs: 1000,
 };
 
-const version = '2.22.14';
-
-let errorConfig = {
-    getDocsUrl: ({ docsBaseUrl, docsPath = '', docsSlug, }) => docsPath
-        ? `${docsBaseUrl ?? 'https://viem.sh'}${docsPath}${docsSlug ? `#${docsSlug}` : ''}`
-        : undefined,
-    version: `viem@${version}`,
-};
-class BaseError extends Error {
-    constructor(shortMessage, args = {}) {
-        const details = (() => {
-            if (args.cause instanceof BaseError)
-                return args.cause.details;
-            if (args.cause?.message)
-                return args.cause.message;
-            return args.details;
-        })();
-        const docsPath = (() => {
-            if (args.cause instanceof BaseError)
-                return args.cause.docsPath || args.docsPath;
-            return args.docsPath;
-        })();
-        const docsUrl = errorConfig.getDocsUrl?.({ ...args, docsPath });
-        const message = [
-            shortMessage || 'An error occurred.',
-            '',
-            ...(args.metaMessages ? [...args.metaMessages, ''] : []),
-            ...(docsUrl ? [`Docs: ${docsUrl}`] : []),
-            ...(details ? [`Details: ${details}`] : []),
-            ...(errorConfig.version ? [`Version: ${errorConfig.version}`] : []),
-        ].join('\n');
-        super(message, args.cause ? { cause: args.cause } : undefined);
-        Object.defineProperty(this, "details", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: undefined
-        });
-        Object.defineProperty(this, "docsPath", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: undefined
-        });
-        Object.defineProperty(this, "metaMessages", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: undefined
-        });
-        Object.defineProperty(this, "shortMessage", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: undefined
-        });
-        Object.defineProperty(this, "version", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: undefined
-        });
-        Object.defineProperty(this, "name", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: 'BaseError'
-        });
-        this.details = details;
-        this.docsPath = docsPath;
-        this.metaMessages = args.metaMessages;
-        this.name = args.name ?? this.name;
-        this.shortMessage = shortMessage;
-        this.version = version;
-    }
-    walk(fn) {
-        return walk(this, fn);
-    }
-}
-function walk(err, fn) {
-    if (fn?.(err))
-        return err;
-    if (err &&
-        typeof err === 'object' &&
-        'cause' in err &&
-        err.cause !== undefined)
-        return walk(err.cause, fn);
-    return fn ? null : err;
-}
-
-class SizeOverflowError extends BaseError {
-    constructor({ givenSize, maxSize }) {
-        super(`Size cannot exceed ${maxSize} bytes. Given size: ${givenSize} bytes.`, { name: 'SizeOverflowError' });
-    }
-}
-
-class SizeExceedsPaddingSizeError extends BaseError {
-    constructor({ size, targetSize, type, }) {
-        super(`${type.charAt(0).toUpperCase()}${type
-            .slice(1)
-            .toLowerCase()} size (${size}) exceeds padding size (${targetSize}).`, { name: 'SizeExceedsPaddingSizeError' });
-    }
-}
-
-function pad(hexOrBytes, { dir, size = 32 } = {}) {
-    if (typeof hexOrBytes === 'string')
-        return padHex(hexOrBytes, { dir, size });
-    return padBytes(hexOrBytes, { dir, size });
-}
-function padHex(hex_, { dir, size = 32 } = {}) {
-    if (size === null)
-        return hex_;
-    const hex = hex_.replace('0x', '');
-    if (hex.length > size * 2)
-        throw new SizeExceedsPaddingSizeError({
-            size: Math.ceil(hex.length / 2),
-            targetSize: size,
-            type: 'hex',
-        });
-    return `0x${hex[dir === 'right' ? 'padEnd' : 'padStart'](size * 2, '0')}`;
-}
-function padBytes(bytes, { dir, size = 32 } = {}) {
-    if (size === null)
-        return bytes;
-    if (bytes.length > size)
-        throw new SizeExceedsPaddingSizeError({
-            size: bytes.length,
-            targetSize: size,
-            type: 'bytes',
-        });
-    const paddedBytes = new Uint8Array(size);
-    for (let i = 0; i < size; i++) {
-        const padEnd = dir === 'right';
-        paddedBytes[padEnd ? i : size - i - 1] =
-            bytes[padEnd ? i : bytes.length - i - 1];
-    }
-    return paddedBytes;
-}
-
-function isHex(value, { strict = true } = {}) {
-    if (!value)
-        return false;
-    if (typeof value !== 'string')
-        return false;
-    return strict ? /^0x[0-9a-fA-F]*$/.test(value) : value.startsWith('0x');
-}
-
-/**
- * @description Retrieves the size of the value (in bytes).
- *
- * @param value The value (hex or byte array) to retrieve the size of.
- * @returns The size of the value (in bytes).
- */
-function size(value) {
-    if (isHex(value, { strict: false }))
-        return Math.ceil((value.length - 2) / 2);
-    return value.length;
-}
-
-function assertSize(hexOrBytes, { size: size$1 }) {
-    if (size(hexOrBytes) > size$1)
-        throw new SizeOverflowError({
-            givenSize: size(hexOrBytes),
-            maxSize: size$1,
-        });
-}
-/**
- * Decodes a hex value into a bigint.
- *
- * - Docs: https://viem.sh/docs/utilities/fromHex#hextobigint
- *
- * @param hex Hex value to decode.
- * @param opts Options.
- * @returns BigInt value.
- *
- * @example
- * import { hexToBigInt } from 'viem'
- * const data = hexToBigInt('0x1a4', { signed: true })
- * // 420n
- *
- * @example
- * import { hexToBigInt } from 'viem'
- * const data = hexToBigInt('0x00000000000000000000000000000000000000000000000000000000000001a4', { size: 32 })
- * // 420n
- */
-function hexToBigInt(hex, opts = {}) {
-    const { signed } = opts;
-    if (opts.size)
-        assertSize(hex, { size: opts.size });
-    const value = BigInt(hex);
-    if (!signed)
-        return value;
-    const size = (hex.length - 2) / 2;
-    const max = (1n << (BigInt(size) * 8n - 1n)) - 1n;
-    if (value <= max)
-        return value;
-    return value - BigInt(`0x${'f'.padStart(size * 2, 'f')}`) - 1n;
-}
-/**
- * Decodes a hex string into a number.
- *
- * - Docs: https://viem.sh/docs/utilities/fromHex#hextonumber
- *
- * @param hex Hex value to decode.
- * @param opts Options.
- * @returns Number value.
- *
- * @example
- * import { hexToNumber } from 'viem'
- * const data = hexToNumber('0x1a4')
- * // 420
- *
- * @example
- * import { hexToNumber } from 'viem'
- * const data = hexToBigInt('0x00000000000000000000000000000000000000000000000000000000000001a4', { size: 32 })
- * // 420
- */
-function hexToNumber(hex, opts = {}) {
-    return Number(hexToBigInt(hex, opts));
-}
-
-const hexes = /*#__PURE__*/ Array.from({ length: 256 }, (_v, i) => i.toString(16).padStart(2, '0'));
-/**
- * Encodes a bytes array into a hex string
- *
- * - Docs: https://viem.sh/docs/utilities/toHex#bytestohex
- *
- * @param value Value to encode.
- * @param opts Options.
- * @returns Hex value.
- *
- * @example
- * import { bytesToHex } from 'viem'
- * const data = bytesToHex(Uint8Array.from([72, 101, 108, 108, 111, 32, 87, 111, 114, 108, 100, 33])
- * // '0x48656c6c6f20576f726c6421'
- *
- * @example
- * import { bytesToHex } from 'viem'
- * const data = bytesToHex(Uint8Array.from([72, 101, 108, 108, 111, 32, 87, 111, 114, 108, 100, 33]), { size: 32 })
- * // '0x48656c6c6f20576f726c64210000000000000000000000000000000000000000'
- */
-function bytesToHex(value, opts = {}) {
-    let string = '';
-    for (let i = 0; i < value.length; i++) {
-        string += hexes[value[i]];
-    }
-    const hex = `0x${string}`;
-    if (typeof opts.size === 'number') {
-        assertSize(hex, { size: opts.size });
-        return pad(hex, { dir: 'right', size: opts.size });
-    }
-    return hex;
-}
-
-/**
- * Decodes a byte array into a number.
- *
- * - Docs: https://viem.sh/docs/utilities/fromBytes#bytestonumber
- *
- * @param bytes Byte array to decode.
- * @param opts Options.
- * @returns Number value.
- *
- * @example
- * import { bytesToNumber } from 'viem'
- * const data = bytesToNumber(new Uint8Array([1, 164]))
- * // 420
- */
-function bytesToNumber(bytes, opts = {}) {
-    if (typeof opts.size !== 'undefined')
-        assertSize(bytes, { size: opts.size });
-    const hex = bytesToHex(bytes, opts);
-    return hexToNumber(hex, opts);
-}
-
 var commonjsGlobal$1 = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
 
 var hashing = {};
@@ -45595,10 +45320,10 @@ function generateMasterKeys(mnemonic) {
     if (!mnemonic) {
         throw new PrivacyPoolError(ErrorCode$1.INVALID_VALUE, "Invalid input: mnemonic phrase is required.");
     }
-    const key1 = bytesToNumber(mnemonicToAccount(mnemonic, { accountIndex: 0 }).getHdKey().privateKey);
-    const key2 = bytesToNumber(mnemonicToAccount(mnemonic, { accountIndex: 1 }).getHdKey().privateKey);
-    const masterNullifier = hashingExports.poseidon([BigInt(key1)]);
-    const masterSecret = hashingExports.poseidon([BigInt(key2)]);
+    const key1 = bytesToBigInt(mnemonicToAccount(mnemonic, { accountIndex: 0 }).getHdKey().privateKey);
+    const key2 = bytesToBigInt(mnemonicToAccount(mnemonic, { accountIndex: 1 }).getHdKey().privateKey);
+    const masterNullifier = hashingExports.poseidon([key1]);
+    const masterSecret = hashingExports.poseidon([key2]);
     return { masterNullifier, masterSecret };
 }
 /**
@@ -45815,10 +45540,62 @@ const circuitToAsset = {
 
 async function importFetchVersionedArtifact(isBrowser) {
     if (isBrowser) {
-        return import('./fetchArtifacts.esm-DbVRphob.js');
+        return import('./fetchArtifacts.esm-B0qaot8v.js');
     }
     else {
-        return import('./fetchArtifacts.node-D-fJGtzV.js');
+        return import('./fetchArtifacts.node-PzijuwVc.js');
+    }
+}
+
+/**
+ * Expected SHA-256 hex digests for every downloaded circuit artifact.
+ *
+ * vkey and zkey hashes are derived from the trusted-setup ceremony outputs
+ * committed in packages/circuits/trusted-setup/final-keys/.
+ *
+ * wasm hashes are derived from the compiled circuit outputs
+ * in packages/circuits/build/.
+ *
+ * Every artifact downloaded by the SDK MUST have a hash entry here.
+ * verifyArtifactIntegrity throws if a hash is missing — refusing to
+ * load unverified artifacts is the correct security posture.
+ */
+const ARTIFACT_HASHES = {
+    [CircuitName$1.Commitment]: {
+        wasm: "254d2130607182fd6fd1aee67971526b13cfe178c88e360da96dce92663828d8",
+        vkey: "7d48b4eb3dedc12fb774348287b587f0c18c3c7254cd60e9cf0f8b3636a570d8",
+        zkey: "494ae92d64098fda2a5649690ddc5821fcd7449ca5fe8ef99ee7447544d7e1f3",
+    },
+    [CircuitName$1.Withdraw]: {
+        wasm: "36cda22791def3d520a55c0fc808369cd5849532a75fab65686e666ed3d55c10",
+        vkey: "666bd0983b20c1611543b04f7712e067fbe8cad69f07ada8a310837ff398d21e",
+        zkey: "2a893b42174c813566e5c40c715a8b90cd49fc4ecf384e3a6024158c3d6de677",
+    },
+    [CircuitName$1.MerkleTree]: {},
+};
+// Freeze the manifest so runtime code cannot swap out trusted hashes.
+for (const circuitHashes of Object.values(ARTIFACT_HASHES)) {
+    if (circuitHashes != null) {
+        Object.freeze(circuitHashes);
+    }
+}
+Object.freeze(ARTIFACT_HASHES);
+async function sha256Hex(data) {
+    const hashBuffer = await globalThis.crypto.subtle.digest("SHA-256", data);
+    return Array.from(new Uint8Array(hashBuffer))
+        .map((b) => b.toString(16).padStart(2, "0"))
+        .join("");
+}
+async function verifyArtifactIntegrity(circuitName, artifactType, data) {
+    const expectedHash = ARTIFACT_HASHES[circuitName]?.[artifactType];
+    if (expectedHash === undefined) {
+        throw new Error(`No integrity hash registered for ${circuitName}.${artifactType}. ` +
+            `Refusing to load unverified artifact.`);
+    }
+    const actualHash = await sha256Hex(data);
+    if (actualHash !== expectedHash) {
+        throw new Error(`Integrity check failed for ${circuitName}.${artifactType}: ` +
+            `expected ${expectedHash}, got ${actualHash}`);
     }
 }
 
@@ -45935,6 +45712,11 @@ class Circuits {
             this._fetchVersionedArtifact(["artifacts", assetName.vkey].join("/")),
             this._fetchVersionedArtifact(["artifacts", assetName.zkey].join("/")),
         ]);
+        await Promise.all([
+            verifyArtifactIntegrity(circuitName, "wasm", wasm),
+            verifyArtifactIntegrity(circuitName, "vkey", vkey),
+            verifyArtifactIntegrity(circuitName, "zkey", zkey),
+        ]);
         return { wasm, vkey, zkey };
     }
     /**
@@ -72069,6 +71851,38 @@ class AccountService {
             this.account = config.account;
         }
     }
+    /**
+     * Initializes a new account from a mnemonic phrase for the legacy account.
+     *
+     * @param mnemonic - The mnemonic phrase to derive keys from
+     * @returns A new PrivacyPoolAccount with derived master keys
+     *
+     * @remarks
+     * This method derives two master keys from the mnemonic:
+     * 1. A master nullifier key from account index 0
+     * 2. A master secret key from account index 1
+     * These keys are used to deterministically generate nullifiers and secrets for deposits and withdrawals.
+     *
+     * @throws {AccountError} If account initialization fails
+     * @private
+     */
+    static _initializeLegacyAccount(mnemonic) {
+        try {
+            const masterNullifierSeed = bytesToNumber(mnemonicToAccount(mnemonic, { accountIndex: 0 }).getHdKey().privateKey);
+            const masterSecretSeed = bytesToNumber(mnemonicToAccount(mnemonic, { accountIndex: 1 }).getHdKey().privateKey);
+            const masterNullifier = hashingExports.poseidon([BigInt(masterNullifierSeed)]);
+            const masterSecret = hashingExports.poseidon([BigInt(masterSecretSeed)]);
+            return {
+                masterKeys: [masterNullifier, masterSecret],
+                poolAccounts: new Map(),
+                creationTimestamp: 0n,
+                lastUpdateTimestamp: 0n,
+            };
+        }
+        catch (error) {
+            throw AccountError.accountInitializationFailed(error instanceof Error ? error.message : "Unknown error");
+        }
+    }
     /**
      * Initializes a new account from a mnemonic phrase.
      *
@@ -72087,10 +71901,7 @@ class AccountService {
     _initializeAccount(mnemonic) {
         try {
             this.logger.debug("Initializing account with mnemonic");
-            const masterNullifierSeed = bytesToNumber$1(mnemonicToAccount(mnemonic, { accountIndex: 0 }).getHdKey().privateKey);
-            const masterSecretSeed = bytesToNumber$1(mnemonicToAccount(mnemonic, { accountIndex: 1 }).getHdKey().privateKey);
-            const masterNullifier = hashingExports.poseidon([BigInt(masterNullifierSeed)]);
-            const masterSecret = hashingExports.poseidon([BigInt(masterSecretSeed)]);
+            const { masterNullifier, masterSecret } = generateMasterKeys(mnemonic);
             return {
                 masterKeys: [masterNullifier, masterSecret],
                 poolAccounts: new Map(),
@@ -72189,7 +72000,7 @@ class AccountService {
             const nonZeroCommitments = [];
             for (const account of accounts) {
                 // Skip accounts that have been ragequit
-                if (account.ragequit) {
+                if (account.ragequit || account.isMigrated) {
                     continue;
                 }
                 const lastCommitment = account.children.length > 0
@@ -72345,6 +72156,57 @@ class AccountService {
         this.logger.info(`Added new commitment with value ${value} to account with label ${parentCommitment.label}`);
         return newCommitment;
     }
+    /**
+     * Adds a new commitment to the account after migrate
+     *
+     * @param parentCommitment - The commitment that was spent
+     * @param value - The remaining value after spending
+     * @param nullifier - The nullifier used for migrate
+     * @param secret - The secret used for migrate
+     * @param blockNumber - The block number of the withdrawal
+     * @param txHash - The transaction hash of the withdrawal
+     * @returns The new commitment
+     *
+     * @remarks
+     * This method finds the account containing the parent commitment, creates a new
+     * commitment with the provided parameters, and adds it to the account's children.
+     * The new commitment inherits the label from the parent commitment.
+     *
+     * @throws {AccountError} If no account is found for the commitment
+     */
+    addMigrationCommitment(parentCommitment, value, nullifier, secret, blockNumber, txHash) {
+        let foundAccount;
+        let foundScope;
+        for (const [scope, accounts] of this.account.poolAccounts.entries()) {
+            foundAccount = accounts.find((account) => {
+                if (account.deposit.hash === parentCommitment.hash)
+                    return true;
+                return account.children.some((child) => child.hash === parentCommitment.hash);
+            });
+            if (foundAccount) {
+                foundScope = scope;
+                break;
+            }
+        }
+        if (!foundAccount || !foundScope) {
+            throw AccountError.commitmentNotFound(parentCommitment.hash);
+        }
+        const precommitment = this._hashPrecommitment(nullifier, secret);
+        const newCommitment = {
+            hash: this._hashCommitment(value, parentCommitment.label, precommitment),
+            value,
+            label: parentCommitment.label,
+            nullifier,
+            secret,
+            blockNumber,
+            txHash,
+            isMigration: true
+        };
+        foundAccount.children.push(newCommitment);
+        foundAccount.isMigrated = true;
+        this.logger.info(`Added new commitment with value ${value} to account with label ${parentCommitment.label}`);
+        return newCommitment;
+    }
     /**
      * Adds a ragequit event to an existing pool account
      *
@@ -72514,11 +72376,11 @@ class AccountService {
      * @param depositEvents - The map of deposit events
      *
      */
-    _processDepositEvents(scope, depositEvents) {
+    _processDepositEvents(scope, depositEvents, startIndex = 0n) {
         const MAX_CONSECUTIVE_MISSES = 10; // Large enough to avoid tx failures
         const foundIndices = new Set();
         let consecutiveMisses = 0;
-        for (let index = BigInt(0);; index++) {
+        for (let index = startIndex;; index++) {
             // Generate nullifier, secret, and precommitment for this index
             const { nullifier, secret, precommitment } = this.createDepositSecrets(scope, index);
             // Look for a deposit with this precommitment
@@ -72569,8 +72431,8 @@ class AccountService {
         // Process each account in parallel for better performance
         for (const account of accounts) {
             let currentCommitment = account.deposit;
-            let index = BigInt(0);
-            // Continue processing withdrawals until no more are found secuentially
+            let index = BigInt(account.children.length);
+            // Continue processing withdrawals until no more are found sequentially
             while (true) {
                 // Generate nullifier for this withdrawal
                 const nullifierHash = hashingExports.poseidon([currentCommitment.nullifier]);
@@ -72579,13 +72441,26 @@ class AccountService {
                 if (!withdrawal) {
                     break;
                 }
+                const remainingValue = currentCommitment.value - withdrawal.withdrawn;
                 // Generate secret for this withdrawal
                 const nullifier = this._genWithdrawalNullifier(account.label, index);
                 const secret = this._genWithdrawalSecret(account.label, index);
-                // Add the withdrawal commitment to the account
-                const newCommitment = this.addWithdrawalCommitment(currentCommitment, currentCommitment.value - withdrawal.withdrawn, nullifier, secret, withdrawal.blockNumber, withdrawal.transactionHash);
-                // Update current commitment to the newly created one
-                currentCommitment = newCommitment;
+                const precommitment = this._hashPrecommitment(nullifier, secret);
+                const accountCommitment = this._hashCommitment(remainingValue, currentCommitment.label, precommitment);
+                // If the locally-computed hash doesn't match the on-chain commitment,
+                // the withdrawal was performed with different keys (e.g. migration from
+                // legacy to safe keys). Mark the child as unspendable from this account.
+                if (accountCommitment !== withdrawal.newCommitment) {
+                    this.logger.info(`Withdrawal commitment hash mismatch — marking as unspendable (migrated with different keys)`, { label: currentCommitment.label, expected: withdrawal.newCommitment, computed: accountCommitment });
+                    // Add the withdrawal commitment to the account
+                    const migrationCommitment = this.addMigrationCommitment(currentCommitment, remainingValue, nullifier, secret, withdrawal.blockNumber, withdrawal.transactionHash);
+                    currentCommitment = migrationCommitment;
+                }
+                else {
+                    // Add the withdrawal commitment to the account
+                    const withdrawalCommitment = this.addWithdrawalCommitment(currentCommitment, remainingValue, nullifier, secret, withdrawal.blockNumber, withdrawal.transactionHash);
+                    currentCommitment = withdrawalCommitment;
+                }
                 // Increment index for next potential withdrawal
                 index++;
             }
@@ -72620,6 +72495,59 @@ class AccountService {
             }
         }
     }
+    /**
+     * Discovers commitments that were migrated from legacy accounts via 0-value withdrawal.
+     *
+     * @param scope - The scope of the pool
+     * @param legacyAccounts - The legacy pool accounts for this scope
+     * @param withdrawalEvents - The map of withdrawal events (keyed by spentNullifier)
+     *
+     * @remarks
+     * When a legacy account performs a 0-value withdrawal to rotate keys (migration),
+     * the resulting on-chain commitment is created with safe keys. This method finds
+     * those commitments by:
+     * 1. Identifying legacy accounts with the `isMigrated` flag (set by `addMigrationCommitment`)
+     * 2. Computing the expected commitment hash using safe keys at withdrawal index 0
+     * 3. Verifying the hash exists in on-chain withdrawal events
+     * 4. Adding verified commitments as new safe pool accounts
+     *
+     * @private
+     */
+    _discoverMigratedCommitments(scope, legacyAccounts, withdrawalEvents) {
+        // Build reverse lookup: newCommitment hash → WithdrawalEvent
+        const newCommitmentMap = new Map();
+        for (const event of withdrawalEvents.values()) {
+            newCommitmentMap.set(event.newCommitment, event);
+        }
+        for (const legacyAccount of legacyAccounts) {
+            // Skip if not flagged as migrated (set by addMigrationCommitment)
+            if (!legacyAccount.isMigrated)
+                continue;
+            const migrationChild = legacyAccount.children.find(c => c.isMigration);
+            if (!migrationChild)
+                continue;
+            const label = legacyAccount.label;
+            // The migration child's value is the remaining value carried forward.
+            // Zero-value migrations (full withdrawal + key rotation) are valid and
+            // must still be registered so that poolAccounts.length reflects the
+            // correct slot count for deposit index alignment in step C.
+            const remainingValue = migrationChild.value;
+            // Generate safe nullifier/secret at withdrawal index 0
+            const nullifier = this._genWithdrawalNullifier(label, 0n);
+            const secret = this._genWithdrawalSecret(label, 0n);
+            // Compute expected commitment hash
+            const precommitment = this._hashPrecommitment(nullifier, secret);
+            const expectedHash = this._hashCommitment(remainingValue, label, precommitment);
+            // Verify hash exists in withdrawal events' newCommitment
+            const withdrawalEvent = newCommitmentMap.get(expectedHash);
+            if (!withdrawalEvent)
+                continue;
+            // Verified — add as a new safe pool account
+            const newAccount = this.addPoolAccount(scope, remainingValue, nullifier, secret, label, withdrawalEvent.blockNumber, withdrawalEvent.transactionHash);
+            this.addWithdrawalCommitment(newAccount.deposit, remainingValue, nullifier, secret, withdrawalEvent.blockNumber, withdrawalEvent.transactionHash);
+            this.logger.info(`Discovered migrated commitment for label ${label} with value ${remainingValue}`);
+        }
+    }
     /**
      * Initializes an AccountService instance with events for a given set of pools
      *
@@ -72653,25 +72581,99 @@ class AccountService {
             }
             uniqueScopes.add(pool.scope);
         }
+        // Retry path (non-migration): reuse the existing service's account and
+        // only process pools whose scopes haven't been fully processed yet.
+        // Already-processed scopes are skipped to avoid duplicate deposits and
+        // withdrawal misclassification.
+        //
+        // This path performs simple deposit/withdrawal/ragequit processing only
+        // — no migration discovery. For migration-aware retries, the caller
+        // should re-invoke with { mnemonic } scoped to only the failed pools;
+        // the mnemonic path builds both safe and legacy accounts from scratch
+        // with no shared references.
+        if (!('mnemonic' in source)) {
+            const account = new AccountService(dataService, { account: source.service.account });
+            const processedScopes = source.service.account.poolAccounts;
+            const newPools = pools.filter((p) => !processedScopes.has(p.scope));
+            const errors = await account._processEvents(newPools);
+            return { account, errors };
+        }
+        // Mnemonic path: phased processing with migration discovery
+        const account = new AccountService(dataService, { mnemonic: source.mnemonic });
+        const legacyPrivacyPoolAccount = AccountService._initializeLegacyAccount(source.mnemonic);
+        const legacyAccount = new AccountService(dataService, { account: legacyPrivacyPoolAccount });
+        const errors = await account._processEvents(pools, legacyAccount);
+        return { account, legacyAccount, errors };
+    }
+    /**
+     * Fetches and processes events for a set of pools.
+     *
+     * When a legacyAccount is provided, the full migration-aware pipeline runs
+     * for each scope:
+     *   1. Legacy account: process deposits and withdrawals (to detect migrations)
+     *   2. Safe account: discover migrated commitments from the legacy accounts
+     *   3. Safe account (this): process deposits (starting after migrated accounts)
+     *   4. Safe account: process withdrawals (now includes migrated accounts)
+     *   5. Both accounts: process ragequits
+     *
+     * Migration discovery (step 2) must run before safe deposit scanning (step 3)
+     * so that the migrated account count can be used as the starting index.
+     * Post-migration deposits use poolAccounts.length as their index, which
+     * sits right after the migrated slots; scanning from 0 would hit
+     * MAX_CONSECUTIVE_MISSES on the legacy-key indices and never reach them.
+     *
+     * Without a legacyAccount, only steps 3, 4, and 5 run (simple processing).
+     *
+     * Per-scope errors are caught and returned rather than thrown, and any
+     * partial state left by a mid-scope failure is cleaned from both accounts
+     * so that a subsequent retry starts fresh for that scope.
+     */
+    async _processEvents(pools, legacyAccount) {
         const errors = [];
-        const account = new AccountService(dataService, "mnemonic" in source
-            ? { mnemonic: source.mnemonic }
-            : { account: source.service.account });
-        const events = await account.getEvents(pools);
+        const events = await this.getEvents(pools);
         for (const [scope, result] of events.entries()) {
             if ("reason" in result) {
                 errors.push(result);
             }
             else {
-                // Process deposit events an create pool accounts
-                account._processDepositEvents(scope, result.depositEvents);
-                // Process withdrawal events and add commitments to pool accounts
-                account._processWithdrawalEvents(scope, result.withdrawalEvents);
-                // Process ragequit events and add ragequit to pool accounts
-                account._processRagequitEvents(scope, result.ragequitEvents);
+                try {
+                    // a. Legacy: process deposits + withdrawals
+                    if (legacyAccount) {
+                        legacyAccount._processDepositEvents(scope, result.depositEvents);
+                        legacyAccount._processWithdrawalEvents(scope, result.withdrawalEvents);
+                    }
+                    // b. Safe: discover migrated commitments from legacy accounts.
+                    //    Must run before safe deposit scanning so that the migrated
+                    //    account count can serve as the starting index for step (c),
+                    //    avoiding a gap of consecutive misses over legacy-key indices.
+                    if (legacyAccount) {
+                        const legacyAccounts = legacyAccount.account.poolAccounts.get(scope) ?? [];
+                        this._discoverMigratedCommitments(scope, legacyAccounts, result.withdrawalEvents);
+                    }
+                    // c. Safe: process deposits, starting after any migrated accounts.
+                    //    New deposits created after migration use poolAccounts.length as
+                    //    their index, so they sit right after the migrated slots.
+                    const depositStartIndex = BigInt(this.account.poolAccounts.get(scope)?.length ?? 0);
+                    this._processDepositEvents(scope, result.depositEvents, depositStartIndex);
+                    // d. Safe: process withdrawals (now includes migrated accounts)
+                    this._processWithdrawalEvents(scope, result.withdrawalEvents);
+                    // e. Both: process ragequits
+                    if (legacyAccount) {
+                        legacyAccount._processRagequitEvents(scope, result.ragequitEvents);
+                    }
+                    this._processRagequitEvents(scope, result.ragequitEvents);
+                }
+                catch (e) {
+                    this.account.poolAccounts.delete(scope);
+                    legacyAccount?.account.poolAccounts.delete(scope);
+                    errors.push({
+                        reason: e instanceof Error ? e.message : String(e),
+                        scope,
+                    });
+                }
             }
         }
-        return { account, errors };
+        return errors;
     }
     /**
      * @deprecated Use `initializeWithEvents` for instantiating an account with history reconstruction
@@ -72930,7 +72932,7 @@ class DataService {
                         depositor: depositor.toLowerCase(),
                         commitment: commitment,
                         label: label,
-                        value: value || BigInt(0),
+                        value: value ?? BigInt(0),
                         precommitment: precommitment,
                         blockNumber: BigInt(typedLog.blockNumber),
                         transactionHash: typedLog.transactionHash,
@@ -72982,12 +72984,7 @@ class DataService {
                         throw DataError.invalidLog("withdrawal", "missing args");
                     }
                     const { _value: value, _spentNullifier: spentNullifier, _newCommitment: newCommitment, } = typedLog.args;
-                    if (value === undefined ||
-                        value === null ||
-                        !spentNullifier ||
-                        !newCommitment ||
-                        !typedLog.blockNumber ||
-                        !typedLog.transactionHash) {
+                    if (value == null || !spentNullifier || !newCommitment || !typedLog.blockNumber || !typedLog.transactionHash) {
                         throw DataError.invalidLog("withdrawal", "missing required fields");
                     }
                     return {
@@ -73055,7 +73052,7 @@ class DataService {
                         ragequitter: ragequitter.toLowerCase(),
                         commitment: commitment,
                         label: label,
-                        value: value || BigInt(0),
+                        value: value ?? BigInt(0),
                         blockNumber: BigInt(typedLog.blockNumber),
                         transactionHash: typedLog.transactionHash,
                     };
@@ -73158,4 +73155,4 @@ class DataService {
 }
 
 export { AccountService as A, BlockchainProvider as B, CommitmentService as C, DataService as D, ErrorCode as E, FetchArtifact as F, InvalidRpcUrl as I, PrivacyPoolSDK as P, SDKError as S, WithdrawalService as W, DEFAULT_LOG_FETCH_CONFIG as a, generateDepositSecrets as b, generateWithdrawalSecrets as c, getCommitment as d, generateMerkleProof as e, bigintToHash as f, generateMasterKeys as g, hashPrecommitment as h, bigintToHex as i, calculateContext as j, Circuits as k, ContractInteractionsService as l, ProofError as m, ContractError as n, AccountError as o, CircuitName as p };
-//# sourceMappingURL=index-DkNRxKxP.js.map
+//# sourceMappingURL=index-BjOXETm6.js.map