@0xbow/privacy-pools-core-sdk 1.1.1 → 1.2.0

package/dist/types/{index-CHy3YamH.js → index-BwyNuaY0.js}

@@ -1,25 +1,25 @@
 import { mnemonicToAccount, privateKeyToAccount } from 'viem/accounts';
 import require$$0 from 'buffer';
 import require$$1 from 'http';
-import require$$1$1 from 'https';
-import require$$0$1 from 'zlib';
+import require$$2 from 'https';
+import require$$3$1 from 'zlib';
 import crypto$2 from 'crypto';
-import nc from 'node:crypto';
+import require$$0$1 from 'node:crypto';
 import require$$0$3 from 'events';
-import require$$3$1 from 'net';
+import require$$3$2 from 'net';
 import require$$4 from 'tls';
 import require$$0$2 from 'stream';
 import require$$7 from 'url';
-import require$$2 from 'assert';
-import { keccak256, encodeAbiParameters, numberToHex, createPublicClient, http, createWalletClient, getAddress, bytesToNumber as bytesToNumber$1, parseAbiItem } from 'viem';
+import require$$2$1 from 'assert';
+import { bytesToBigInt, keccak256, encodeAbiParameters, numberToHex, createPublicClient, http, createWalletClient, getAddress, bytesToNumber, parseAbiItem } from 'viem';
 import { mainnet } from 'viem/chains';
 import os from 'os';
-import require$$1$2 from 'vm';
-import require$$2$1 from 'worker_threads';
+import require$$1$1 from 'vm';
+import require$$2$2 from 'worker_threads';
 import fs from 'fs';
 import { O_TRUNC, O_CREAT, O_RDWR, O_RDONLY } from 'constants';
 import 'readline';
-import require$$1$3 from 'path';
+import require$$1$2 from 'path';
 
 /**
  * Default log fetch configuration
@@ -33,281 +33,6 @@ const DEFAULT_LOG_FETCH_CONFIG = {
     retryBaseDelayMs: 1000,
 };
 
-const version$1 = '2.22.14';
-
-let errorConfig = {
-    getDocsUrl: ({ docsBaseUrl, docsPath = '', docsSlug, }) => docsPath
-        ? `${docsBaseUrl ?? 'https://viem.sh'}${docsPath}${docsSlug ? `#${docsSlug}` : ''}`
-        : undefined,
-    version: `viem@${version$1}`,
-};
-class BaseError extends Error {
-    constructor(shortMessage, args = {}) {
-        const details = (() => {
-            if (args.cause instanceof BaseError)
-                return args.cause.details;
-            if (args.cause?.message)
-                return args.cause.message;
-            return args.details;
-        })();
-        const docsPath = (() => {
-            if (args.cause instanceof BaseError)
-                return args.cause.docsPath || args.docsPath;
-            return args.docsPath;
-        })();
-        const docsUrl = errorConfig.getDocsUrl?.({ ...args, docsPath });
-        const message = [
-            shortMessage || 'An error occurred.',
-            '',
-            ...(args.metaMessages ? [...args.metaMessages, ''] : []),
-            ...(docsUrl ? [`Docs: ${docsUrl}`] : []),
-            ...(details ? [`Details: ${details}`] : []),
-            ...(errorConfig.version ? [`Version: ${errorConfig.version}`] : []),
-        ].join('\n');
-        super(message, args.cause ? { cause: args.cause } : undefined);
-        Object.defineProperty(this, "details", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: undefined
-        });
-        Object.defineProperty(this, "docsPath", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: undefined
-        });
-        Object.defineProperty(this, "metaMessages", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: undefined
-        });
-        Object.defineProperty(this, "shortMessage", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: undefined
-        });
-        Object.defineProperty(this, "version", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: undefined
-        });
-        Object.defineProperty(this, "name", {
-            enumerable: true,
-            configurable: true,
-            writable: true,
-            value: 'BaseError'
-        });
-        this.details = details;
-        this.docsPath = docsPath;
-        this.metaMessages = args.metaMessages;
-        this.name = args.name ?? this.name;
-        this.shortMessage = shortMessage;
-        this.version = version$1;
-    }
-    walk(fn) {
-        return walk(this, fn);
-    }
-}
-function walk(err, fn) {
-    if (fn?.(err))
-        return err;
-    if (err &&
-        typeof err === 'object' &&
-        'cause' in err &&
-        err.cause !== undefined)
-        return walk(err.cause, fn);
-    return fn ? null : err;
-}
-
-class SizeOverflowError extends BaseError {
-    constructor({ givenSize, maxSize }) {
-        super(`Size cannot exceed ${maxSize} bytes. Given size: ${givenSize} bytes.`, { name: 'SizeOverflowError' });
-    }
-}
-
-class SizeExceedsPaddingSizeError extends BaseError {
-    constructor({ size, targetSize, type, }) {
-        super(`${type.charAt(0).toUpperCase()}${type
-            .slice(1)
-            .toLowerCase()} size (${size}) exceeds padding size (${targetSize}).`, { name: 'SizeExceedsPaddingSizeError' });
-    }
-}
-
-function pad(hexOrBytes, { dir, size = 32 } = {}) {
-    if (typeof hexOrBytes === 'string')
-        return padHex(hexOrBytes, { dir, size });
-    return padBytes(hexOrBytes, { dir, size });
-}
-function padHex(hex_, { dir, size = 32 } = {}) {
-    if (size === null)
-        return hex_;
-    const hex = hex_.replace('0x', '');
-    if (hex.length > size * 2)
-        throw new SizeExceedsPaddingSizeError({
-            size: Math.ceil(hex.length / 2),
-            targetSize: size,
-            type: 'hex',
-        });
-    return `0x${hex[dir === 'right' ? 'padEnd' : 'padStart'](size * 2, '0')}`;
-}
-function padBytes(bytes, { dir, size = 32 } = {}) {
-    if (size === null)
-        return bytes;
-    if (bytes.length > size)
-        throw new SizeExceedsPaddingSizeError({
-            size: bytes.length,
-            targetSize: size,
-            type: 'bytes',
-        });
-    const paddedBytes = new Uint8Array(size);
-    for (let i = 0; i < size; i++) {
-        const padEnd = dir === 'right';
-        paddedBytes[padEnd ? i : size - i - 1] =
-            bytes[padEnd ? i : bytes.length - i - 1];
-    }
-    return paddedBytes;
-}
-
-function isHex(value, { strict = true } = {}) {
-    if (!value)
-        return false;
-    if (typeof value !== 'string')
-        return false;
-    return strict ? /^0x[0-9a-fA-F]*$/.test(value) : value.startsWith('0x');
-}
-
-/**
- * @description Retrieves the size of the value (in bytes).
- *
- * @param value The value (hex or byte array) to retrieve the size of.
- * @returns The size of the value (in bytes).
- */
-function size(value) {
-    if (isHex(value, { strict: false }))
-        return Math.ceil((value.length - 2) / 2);
-    return value.length;
-}
-
-function assertSize(hexOrBytes, { size: size$1 }) {
-    if (size(hexOrBytes) > size$1)
-        throw new SizeOverflowError({
-            givenSize: size(hexOrBytes),
-            maxSize: size$1,
-        });
-}
-/**
- * Decodes a hex value into a bigint.
- *
- * - Docs: https://viem.sh/docs/utilities/fromHex#hextobigint
- *
- * @param hex Hex value to decode.
- * @param opts Options.
- * @returns BigInt value.
- *
- * @example
- * import { hexToBigInt } from 'viem'
- * const data = hexToBigInt('0x1a4', { signed: true })
- * // 420n
- *
- * @example
- * import { hexToBigInt } from 'viem'
- * const data = hexToBigInt('0x00000000000000000000000000000000000000000000000000000000000001a4', { size: 32 })
- * // 420n
- */
-function hexToBigInt(hex, opts = {}) {
-    const { signed } = opts;
-    if (opts.size)
-        assertSize(hex, { size: opts.size });
-    const value = BigInt(hex);
-    if (!signed)
-        return value;
-    const size = (hex.length - 2) / 2;
-    const max = (1n << (BigInt(size) * 8n - 1n)) - 1n;
-    if (value <= max)
-        return value;
-    return value - BigInt(`0x${'f'.padStart(size * 2, 'f')}`) - 1n;
-}
-/**
- * Decodes a hex string into a number.
- *
- * - Docs: https://viem.sh/docs/utilities/fromHex#hextonumber
- *
- * @param hex Hex value to decode.
- * @param opts Options.
- * @returns Number value.
- *
- * @example
- * import { hexToNumber } from 'viem'
- * const data = hexToNumber('0x1a4')
- * // 420
- *
- * @example
- * import { hexToNumber } from 'viem'
- * const data = hexToBigInt('0x00000000000000000000000000000000000000000000000000000000000001a4', { size: 32 })
- * // 420
- */
-function hexToNumber(hex, opts = {}) {
-    return Number(hexToBigInt(hex, opts));
-}
-
-const hexes = /*#__PURE__*/ Array.from({ length: 256 }, (_v, i) => i.toString(16).padStart(2, '0'));
-/**
- * Encodes a bytes array into a hex string
- *
- * - Docs: https://viem.sh/docs/utilities/toHex#bytestohex
- *
- * @param value Value to encode.
- * @param opts Options.
- * @returns Hex value.
- *
- * @example
- * import { bytesToHex } from 'viem'
- * const data = bytesToHex(Uint8Array.from([72, 101, 108, 108, 111, 32, 87, 111, 114, 108, 100, 33])
- * // '0x48656c6c6f20576f726c6421'
- *
- * @example
- * import { bytesToHex } from 'viem'
- * const data = bytesToHex(Uint8Array.from([72, 101, 108, 108, 111, 32, 87, 111, 114, 108, 100, 33]), { size: 32 })
- * // '0x48656c6c6f20576f726c64210000000000000000000000000000000000000000'
- */
-function bytesToHex(value, opts = {}) {
-    let string = '';
-    for (let i = 0; i < value.length; i++) {
-        string += hexes[value[i]];
-    }
-    const hex = `0x${string}`;
-    if (typeof opts.size === 'number') {
-        assertSize(hex, { size: opts.size });
-        return pad(hex, { dir: 'right', size: opts.size });
-    }
-    return hex;
-}
-
-/**
- * Decodes a byte array into a number.
- *
- * - Docs: https://viem.sh/docs/utilities/fromBytes#bytestonumber
- *
- * @param bytes Byte array to decode.
- * @param opts Options.
- * @returns Number value.
- *
- * @example
- * import { bytesToNumber } from 'viem'
- * const data = bytesToNumber(new Uint8Array([1, 164]))
- * // 420
- */
-function bytesToNumber(bytes, opts = {}) {
-    if (typeof opts.size !== 'undefined')
-        assertSize(bytes, { size: opts.size });
-    const hex = bytesToHex(bytes, opts);
-    return hexToNumber(hex, opts);
-}
-
 var commonjsGlobal = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
 
 function getDefaultExportFromCjs (x) {
@@ -16461,8 +16186,8 @@ function requireGeturl () {
 	geturl.getUrl = geturl.createGetUrl = undefined;
 	const tslib_1 = tslib_es6$1;
 	const http_1 = tslib_1.__importDefault(require$$1);
-	const https_1 = tslib_1.__importDefault(require$$1$1);
-	const zlib_1 = require$$0$1;
+	const https_1 = tslib_1.__importDefault(require$$2);
+	const zlib_1 = require$$3$1;
 	const errors_js_1 = /*@__PURE__*/ requireErrors();
 	const data_js_1 = /*@__PURE__*/ requireData();
 	/**
@@ -19099,8 +18824,8 @@ function requireCryptoNode () {
 	// See utils.ts for details.
 	// The file will throw on node.js 14 and earlier.
 	// @ts-ignore
-	const nc$1 = nc;
-	cryptoNode.crypto = nc$1 && typeof nc$1 === 'object' && 'webcrypto' in nc$1 ? nc$1.webcrypto : undefined;
+	const nc = require$$0$1;
+	cryptoNode.crypto = nc && typeof nc === 'object' && 'webcrypto' in nc ? nc.webcrypto : undefined;
 	
 	return cryptoNode;
 }
@@ -39974,7 +39699,7 @@ function requirePermessageDeflate () {
 	if (hasRequiredPermessageDeflate) return permessageDeflate;
 	hasRequiredPermessageDeflate = 1;
 
-	const zlib = require$$0$1;
+	const zlib = require$$3$1;
 
 	const bufferUtil = requireBufferUtil();
 	const Limiter = requireLimiter();
@@ -42364,9 +42089,9 @@ function requireWebsocket () {
 	hasRequiredWebsocket = 1;
 
 	const EventEmitter = require$$0$3;
-	const https = require$$1$1;
+	const https = require$$2;
 	const http = require$$1;
-	const net = require$$3$1;
+	const net = require$$3$2;
 	const tls = require$$4;
 	const { randomBytes, createHash } = crypto$2;
 	const { URL } = require$$7;
@@ -46456,7 +46181,7 @@ function requireProviderIpcsocket () {
 	hasRequiredProviderIpcsocket = 1;
 	Object.defineProperty(providerIpcsocket, "__esModule", { value: true });
 	providerIpcsocket.IpcSocketProvider = undefined;
-	const net_1 = require$$3$1;
+	const net_1 = require$$3$2;
 	const provider_socket_js_1 = /*@__PURE__*/ requireProviderSocket();
 	// @TODO: Is this sufficient? Is this robust? Will newlines occur between
 	// all payloads and only between payloads?
@@ -50179,7 +49904,7 @@ function requireConstants () {
 		exports.NOTHING_UP_MY_SLEEVE = exports.SNARK_FIELD_SIZE = undefined;
 		const baby_jubjub_1 = requireDist$2();
 		const ethers_1 = /*@__PURE__*/ requireLib_commonjs();
-		const assert_1 = __importDefault(require$$2);
+		const assert_1 = __importDefault(require$$2$1);
 		exports.SNARK_FIELD_SIZE = baby_jubjub_1.r;
 		// A nothing-up-my-sleeve zero value
 		// Should be equal to 8370432830353022751713833565135785980866757267633941821328460903436894336785
@@ -50203,7 +49928,7 @@ function requireHashing () {
 		exports.hashOne = exports.hash12 = exports.hash5 = exports.hash4 = exports.hash3 = exports.hash2 = exports.hashN = exports.hashLeftRight = exports.poseidonT6 = exports.poseidonT5 = exports.poseidonT4 = exports.poseidonT3 = exports.poseidon = exports.sha256Hash = undefined;
 		const poseidon_cipher_1 = requireDist$1();
 		const ethers_1 = /*@__PURE__*/ requireLib_commonjs();
-		const assert_1 = __importDefault(require$$2);
+		const assert_1 = __importDefault(require$$2$1);
 		const constants_1 = requireConstants();
 		/**
 		 * Hash an array of uint256 values the same way that the EVM does.
@@ -50862,10 +50587,10 @@ function generateMasterKeys(mnemonic) {
     if (!mnemonic) {
         throw new PrivacyPoolError(ErrorCode$1.INVALID_VALUE, "Invalid input: mnemonic phrase is required.");
     }
-    const key1 = bytesToNumber(mnemonicToAccount(mnemonic, { accountIndex: 0 }).getHdKey().privateKey);
-    const key2 = bytesToNumber(mnemonicToAccount(mnemonic, { accountIndex: 1 }).getHdKey().privateKey);
-    const masterNullifier = hashingExports.poseidon([BigInt(key1)]);
-    const masterSecret = hashingExports.poseidon([BigInt(key2)]);
+    const key1 = bytesToBigInt(mnemonicToAccount(mnemonic, { accountIndex: 0 }).getHdKey().privateKey);
+    const key2 = bytesToBigInt(mnemonicToAccount(mnemonic, { accountIndex: 1 }).getHdKey().privateKey);
+    const masterNullifier = hashingExports.poseidon([key1]);
+    const masterSecret = hashingExports.poseidon([key2]);
     return { masterNullifier, masterSecret };
 }
 /**
@@ -51082,10 +50807,62 @@ const circuitToAsset = {
 
 async function importFetchVersionedArtifact(isBrowser) {
     if (isBrowser) {
-        return import('./fetchArtifacts.esm-DT5RuODl.js');
+        return import('./fetchArtifacts.esm-BKxGrC6w.js');
     }
     else {
-        return import('./fetchArtifacts.node-D_iVIPqW.js');
+        return import('./fetchArtifacts.node-kXMUDgNn.js');
+    }
+}
+
+/**
+ * Expected SHA-256 hex digests for every downloaded circuit artifact.
+ *
+ * vkey and zkey hashes are derived from the trusted-setup ceremony outputs
+ * committed in packages/circuits/trusted-setup/final-keys/.
+ *
+ * wasm hashes are derived from the compiled circuit outputs
+ * in packages/circuits/build/.
+ *
+ * Every artifact downloaded by the SDK MUST have a hash entry here.
+ * verifyArtifactIntegrity throws if a hash is missing — refusing to
+ * load unverified artifacts is the correct security posture.
+ */
+const ARTIFACT_HASHES = {
+    [CircuitName$1.Commitment]: {
+        wasm: "254d2130607182fd6fd1aee67971526b13cfe178c88e360da96dce92663828d8",
+        vkey: "7d48b4eb3dedc12fb774348287b587f0c18c3c7254cd60e9cf0f8b3636a570d8",
+        zkey: "494ae92d64098fda2a5649690ddc5821fcd7449ca5fe8ef99ee7447544d7e1f3",
+    },
+    [CircuitName$1.Withdraw]: {
+        wasm: "36cda22791def3d520a55c0fc808369cd5849532a75fab65686e666ed3d55c10",
+        vkey: "666bd0983b20c1611543b04f7712e067fbe8cad69f07ada8a310837ff398d21e",
+        zkey: "2a893b42174c813566e5c40c715a8b90cd49fc4ecf384e3a6024158c3d6de677",
+    },
+    [CircuitName$1.MerkleTree]: {},
+};
+// Freeze the manifest so runtime code cannot swap out trusted hashes.
+for (const circuitHashes of Object.values(ARTIFACT_HASHES)) {
+    if (circuitHashes != null) {
+        Object.freeze(circuitHashes);
+    }
+}
+Object.freeze(ARTIFACT_HASHES);
+async function sha256Hex(data) {
+    const hashBuffer = await globalThis.crypto.subtle.digest("SHA-256", data);
+    return Array.from(new Uint8Array(hashBuffer))
+        .map((b) => b.toString(16).padStart(2, "0"))
+        .join("");
+}
+async function verifyArtifactIntegrity(circuitName, artifactType, data) {
+    const expectedHash = ARTIFACT_HASHES[circuitName]?.[artifactType];
+    if (expectedHash === undefined) {
+        throw new Error(`No integrity hash registered for ${circuitName}.${artifactType}. ` +
+            `Refusing to load unverified artifact.`);
+    }
+    const actualHash = await sha256Hex(data);
+    if (actualHash !== expectedHash) {
+        throw new Error(`Integrity check failed for ${circuitName}.${artifactType}: ` +
+            `expected ${expectedHash}, got ${actualHash}`);
     }
 }
 
@@ -51202,6 +50979,11 @@ class Circuits {
             this._fetchVersionedArtifact(["artifacts", assetName.vkey].join("/")),
             this._fetchVersionedArtifact(["artifacts", assetName.zkey].join("/")),
         ]);
+        await Promise.all([
+            verifyArtifactIntegrity(circuitName, "wasm", wasm),
+            verifyArtifactIntegrity(circuitName, "vkey", vkey),
+            verifyArtifactIntegrity(circuitName, "zkey", zkey),
+        ]);
         return { wasm, vkey, zkey };
     }
     /**
@@ -67075,9 +66857,9 @@ function requireNode () {
 	hasRequiredNode = 1;
 	const URL = require$$7;
 
-	const VM = require$$1$2;
+	const VM = require$$1$1;
 
-	const threads = require$$2$1;
+	const threads = require$$2$2;
 
 	const WORKER = Symbol.for('worker');
 	const EVENTS = Symbol.for('events');
@@ -74540,7 +74322,7 @@ function requireEjs () {
 
 
 		var fs$1 = fs;
-		var path = require$$1$3;
+		var path = require$$1$2;
 		var utils = requireUtils();
 
 		var scopeOptionWarned = false;
@@ -79133,6 +78915,38 @@ class AccountService {
             this.account = config.account;
         }
     }
+    /**
+     * Initializes a new account from a mnemonic phrase for the legacy account.
+     *
+     * @param mnemonic - The mnemonic phrase to derive keys from
+     * @returns A new PrivacyPoolAccount with derived master keys
+     *
+     * @remarks
+     * This method derives two master keys from the mnemonic:
+     * 1. A master nullifier key from account index 0
+     * 2. A master secret key from account index 1
+     * These keys are used to deterministically generate nullifiers and secrets for deposits and withdrawals.
+     *
+     * @throws {AccountError} If account initialization fails
+     * @private
+     */
+    static _initializeLegacyAccount(mnemonic) {
+        try {
+            const masterNullifierSeed = bytesToNumber(mnemonicToAccount(mnemonic, { accountIndex: 0 }).getHdKey().privateKey);
+            const masterSecretSeed = bytesToNumber(mnemonicToAccount(mnemonic, { accountIndex: 1 }).getHdKey().privateKey);
+            const masterNullifier = hashingExports.poseidon([BigInt(masterNullifierSeed)]);
+            const masterSecret = hashingExports.poseidon([BigInt(masterSecretSeed)]);
+            return {
+                masterKeys: [masterNullifier, masterSecret],
+                poolAccounts: new Map(),
+                creationTimestamp: 0n,
+                lastUpdateTimestamp: 0n,
+            };
+        }
+        catch (error) {
+            throw AccountError.accountInitializationFailed(error instanceof Error ? error.message : "Unknown error");
+        }
+    }
     /**
      * Initializes a new account from a mnemonic phrase.
      *
@@ -79151,10 +78965,7 @@ class AccountService {
     _initializeAccount(mnemonic) {
         try {
             this.logger.debug("Initializing account with mnemonic");
-            const masterNullifierSeed = bytesToNumber$1(mnemonicToAccount(mnemonic, { accountIndex: 0 }).getHdKey().privateKey);
-            const masterSecretSeed = bytesToNumber$1(mnemonicToAccount(mnemonic, { accountIndex: 1 }).getHdKey().privateKey);
-            const masterNullifier = hashingExports.poseidon([BigInt(masterNullifierSeed)]);
-            const masterSecret = hashingExports.poseidon([BigInt(masterSecretSeed)]);
+            const { masterNullifier, masterSecret } = generateMasterKeys(mnemonic);
             return {
                 masterKeys: [masterNullifier, masterSecret],
                 poolAccounts: new Map(),
@@ -79253,7 +79064,7 @@ class AccountService {
             const nonZeroCommitments = [];
             for (const account of accounts) {
                 // Skip accounts that have been ragequit
-                if (account.ragequit) {
+                if (account.ragequit || account.isMigrated) {
                     continue;
                 }
                 const lastCommitment = account.children.length > 0
@@ -79409,6 +79220,57 @@ class AccountService {
         this.logger.info(`Added new commitment with value ${value} to account with label ${parentCommitment.label}`);
         return newCommitment;
     }
+    /**
+     * Adds a new commitment to the account after migrate
+     *
+     * @param parentCommitment - The commitment that was spent
+     * @param value - The remaining value after spending
+     * @param nullifier - The nullifier used for migrate
+     * @param secret - The secret used for migrate
+     * @param blockNumber - The block number of the withdrawal
+     * @param txHash - The transaction hash of the withdrawal
+     * @returns The new commitment
+     *
+     * @remarks
+     * This method finds the account containing the parent commitment, creates a new
+     * commitment with the provided parameters, and adds it to the account's children.
+     * The new commitment inherits the label from the parent commitment.
+     *
+     * @throws {AccountError} If no account is found for the commitment
+     */
+    addMigrationCommitment(parentCommitment, value, nullifier, secret, blockNumber, txHash) {
+        let foundAccount;
+        let foundScope;
+        for (const [scope, accounts] of this.account.poolAccounts.entries()) {
+            foundAccount = accounts.find((account) => {
+                if (account.deposit.hash === parentCommitment.hash)
+                    return true;
+                return account.children.some((child) => child.hash === parentCommitment.hash);
+            });
+            if (foundAccount) {
+                foundScope = scope;
+                break;
+            }
+        }
+        if (!foundAccount || !foundScope) {
+            throw AccountError.commitmentNotFound(parentCommitment.hash);
+        }
+        const precommitment = this._hashPrecommitment(nullifier, secret);
+        const newCommitment = {
+            hash: this._hashCommitment(value, parentCommitment.label, precommitment),
+            value,
+            label: parentCommitment.label,
+            nullifier,
+            secret,
+            blockNumber,
+            txHash,
+            isMigration: true
+        };
+        foundAccount.children.push(newCommitment);
+        foundAccount.isMigrated = true;
+        this.logger.info(`Added new commitment with value ${value} to account with label ${parentCommitment.label}`);
+        return newCommitment;
+    }
     /**
      * Adds a ragequit event to an existing pool account
      *
@@ -79578,11 +79440,11 @@ class AccountService {
      * @param depositEvents - The map of deposit events
      *
      */
-    _processDepositEvents(scope, depositEvents) {
+    _processDepositEvents(scope, depositEvents, startIndex = 0n) {
         const MAX_CONSECUTIVE_MISSES = 10; // Large enough to avoid tx failures
         const foundIndices = new Set();
         let consecutiveMisses = 0;
-        for (let index = BigInt(0);; index++) {
+        for (let index = startIndex;; index++) {
             // Generate nullifier, secret, and precommitment for this index
             const { nullifier, secret, precommitment } = this.createDepositSecrets(scope, index);
             // Look for a deposit with this precommitment
@@ -79633,8 +79495,8 @@ class AccountService {
         // Process each account in parallel for better performance
         for (const account of accounts) {
             let currentCommitment = account.deposit;
-            let index = BigInt(0);
-            // Continue processing withdrawals until no more are found secuentially
+            let index = BigInt(account.children.length);
+            // Continue processing withdrawals until no more are found sequentially
             while (true) {
                 // Generate nullifier for this withdrawal
                 const nullifierHash = hashingExports.poseidon([currentCommitment.nullifier]);
@@ -79643,13 +79505,26 @@ class AccountService {
                 if (!withdrawal) {
                     break;
                 }
+                const remainingValue = currentCommitment.value - withdrawal.withdrawn;
                 // Generate secret for this withdrawal
                 const nullifier = this._genWithdrawalNullifier(account.label, index);
                 const secret = this._genWithdrawalSecret(account.label, index);
-                // Add the withdrawal commitment to the account
-                const newCommitment = this.addWithdrawalCommitment(currentCommitment, currentCommitment.value - withdrawal.withdrawn, nullifier, secret, withdrawal.blockNumber, withdrawal.transactionHash);
-                // Update current commitment to the newly created one
-                currentCommitment = newCommitment;
+                const precommitment = this._hashPrecommitment(nullifier, secret);
+                const accountCommitment = this._hashCommitment(remainingValue, currentCommitment.label, precommitment);
+                // If the locally-computed hash doesn't match the on-chain commitment,
+                // the withdrawal was performed with different keys (e.g. migration from
+                // legacy to safe keys). Mark the child as unspendable from this account.
+                if (accountCommitment !== withdrawal.newCommitment) {
+                    this.logger.info(`Withdrawal commitment hash mismatch — marking as unspendable (migrated with different keys)`, { label: currentCommitment.label, expected: withdrawal.newCommitment, computed: accountCommitment });
+                    // Add the withdrawal commitment to the account
+                    const migrationCommitment = this.addMigrationCommitment(currentCommitment, remainingValue, nullifier, secret, withdrawal.blockNumber, withdrawal.transactionHash);
+                    currentCommitment = migrationCommitment;
+                }
+                else {
+                    // Add the withdrawal commitment to the account
+                    const withdrawalCommitment = this.addWithdrawalCommitment(currentCommitment, remainingValue, nullifier, secret, withdrawal.blockNumber, withdrawal.transactionHash);
+                    currentCommitment = withdrawalCommitment;
+                }
                 // Increment index for next potential withdrawal
                 index++;
             }
@@ -79684,6 +79559,59 @@ class AccountService {
             }
         }
     }
+    /**
+     * Discovers commitments that were migrated from legacy accounts via 0-value withdrawal.
+     *
+     * @param scope - The scope of the pool
+     * @param legacyAccounts - The legacy pool accounts for this scope
+     * @param withdrawalEvents - The map of withdrawal events (keyed by spentNullifier)
+     *
+     * @remarks
+     * When a legacy account performs a 0-value withdrawal to rotate keys (migration),
+     * the resulting on-chain commitment is created with safe keys. This method finds
+     * those commitments by:
+     * 1. Identifying legacy accounts with the `isMigrated` flag (set by `addMigrationCommitment`)
+     * 2. Computing the expected commitment hash using safe keys at withdrawal index 0
+     * 3. Verifying the hash exists in on-chain withdrawal events
+     * 4. Adding verified commitments as new safe pool accounts
+     *
+     * @private
+     */
+    _discoverMigratedCommitments(scope, legacyAccounts, withdrawalEvents) {
+        // Build reverse lookup: newCommitment hash → WithdrawalEvent
+        const newCommitmentMap = new Map();
+        for (const event of withdrawalEvents.values()) {
+            newCommitmentMap.set(event.newCommitment, event);
+        }
+        for (const legacyAccount of legacyAccounts) {
+            // Skip if not flagged as migrated (set by addMigrationCommitment)
+            if (!legacyAccount.isMigrated)
+                continue;
+            const migrationChild = legacyAccount.children.find(c => c.isMigration);
+            if (!migrationChild)
+                continue;
+            const label = legacyAccount.label;
+            // The migration child's value is the remaining value carried forward.
+            // Zero-value migrations (full withdrawal + key rotation) are valid and
+            // must still be registered so that poolAccounts.length reflects the
+            // correct slot count for deposit index alignment in step C.
+            const remainingValue = migrationChild.value;
+            // Generate safe nullifier/secret at withdrawal index 0
+            const nullifier = this._genWithdrawalNullifier(label, 0n);
+            const secret = this._genWithdrawalSecret(label, 0n);
+            // Compute expected commitment hash
+            const precommitment = this._hashPrecommitment(nullifier, secret);
+            const expectedHash = this._hashCommitment(remainingValue, label, precommitment);
+            // Verify hash exists in withdrawal events' newCommitment
+            const withdrawalEvent = newCommitmentMap.get(expectedHash);
+            if (!withdrawalEvent)
+                continue;
+            // Verified — add as a new safe pool account
+            const newAccount = this.addPoolAccount(scope, remainingValue, nullifier, secret, label, withdrawalEvent.blockNumber, withdrawalEvent.transactionHash);
+            this.addWithdrawalCommitment(newAccount.deposit, remainingValue, nullifier, secret, withdrawalEvent.blockNumber, withdrawalEvent.transactionHash);
+            this.logger.info(`Discovered migrated commitment for label ${label} with value ${remainingValue}`);
+        }
+    }
     /**
      * Initializes an AccountService instance with events for a given set of pools
      *
@@ -79717,25 +79645,99 @@ class AccountService {
             }
             uniqueScopes.add(pool.scope);
         }
+        // Retry path (non-migration): reuse the existing service's account and
+        // only process pools whose scopes haven't been fully processed yet.
+        // Already-processed scopes are skipped to avoid duplicate deposits and
+        // withdrawal misclassification.
+        //
+        // This path performs simple deposit/withdrawal/ragequit processing only
+        // — no migration discovery. For migration-aware retries, the caller
+        // should re-invoke with { mnemonic } scoped to only the failed pools;
+        // the mnemonic path builds both safe and legacy accounts from scratch
+        // with no shared references.
+        if (!('mnemonic' in source)) {
+            const account = new AccountService(dataService, { account: source.service.account });
+            const processedScopes = source.service.account.poolAccounts;
+            const newPools = pools.filter((p) => !processedScopes.has(p.scope));
+            const errors = await account._processEvents(newPools);
+            return { account, errors };
+        }
+        // Mnemonic path: phased processing with migration discovery
+        const account = new AccountService(dataService, { mnemonic: source.mnemonic });
+        const legacyPrivacyPoolAccount = AccountService._initializeLegacyAccount(source.mnemonic);
+        const legacyAccount = new AccountService(dataService, { account: legacyPrivacyPoolAccount });
+        const errors = await account._processEvents(pools, legacyAccount);
+        return { account, legacyAccount, errors };
+    }
+    /**
+     * Fetches and processes events for a set of pools.
+     *
+     * When a legacyAccount is provided, the full migration-aware pipeline runs
+     * for each scope:
+     *   1. Legacy account: process deposits and withdrawals (to detect migrations)
+     *   2. Safe account: discover migrated commitments from the legacy accounts
+     *   3. Safe account (this): process deposits (starting after migrated accounts)
+     *   4. Safe account: process withdrawals (now includes migrated accounts)
+     *   5. Both accounts: process ragequits
+     *
+     * Migration discovery (step 2) must run before safe deposit scanning (step 3)
+     * so that the migrated account count can be used as the starting index.
+     * Post-migration deposits use poolAccounts.length as their index, which
+     * sits right after the migrated slots; scanning from 0 would hit
+     * MAX_CONSECUTIVE_MISSES on the legacy-key indices and never reach them.
+     *
+     * Without a legacyAccount, only steps 3, 4, and 5 run (simple processing).
+     *
+     * Per-scope errors are caught and returned rather than thrown, and any
+     * partial state left by a mid-scope failure is cleaned from both accounts
+     * so that a subsequent retry starts fresh for that scope.
+     */
+    async _processEvents(pools, legacyAccount) {
         const errors = [];
-        const account = new AccountService(dataService, "mnemonic" in source
-            ? { mnemonic: source.mnemonic }
-            : { account: source.service.account });
-        const events = await account.getEvents(pools);
+        const events = await this.getEvents(pools);
         for (const [scope, result] of events.entries()) {
             if ("reason" in result) {
                 errors.push(result);
             }
             else {
-                // Process deposit events an create pool accounts
-                account._processDepositEvents(scope, result.depositEvents);
-                // Process withdrawal events and add commitments to pool accounts
-                account._processWithdrawalEvents(scope, result.withdrawalEvents);
-                // Process ragequit events and add ragequit to pool accounts
-                account._processRagequitEvents(scope, result.ragequitEvents);
+                try {
+                    // a. Legacy: process deposits + withdrawals
+                    if (legacyAccount) {
+                        legacyAccount._processDepositEvents(scope, result.depositEvents);
+                        legacyAccount._processWithdrawalEvents(scope, result.withdrawalEvents);
+                    }
+                    // b. Safe: discover migrated commitments from legacy accounts.
+                    //    Must run before safe deposit scanning so that the migrated
+                    //    account count can serve as the starting index for step (c),
+                    //    avoiding a gap of consecutive misses over legacy-key indices.
+                    if (legacyAccount) {
+                        const legacyAccounts = legacyAccount.account.poolAccounts.get(scope) ?? [];
+                        this._discoverMigratedCommitments(scope, legacyAccounts, result.withdrawalEvents);
+                    }
+                    // c. Safe: process deposits, starting after any migrated accounts.
+                    //    New deposits created after migration use poolAccounts.length as
+                    //    their index, so they sit right after the migrated slots.
+                    const depositStartIndex = BigInt(this.account.poolAccounts.get(scope)?.length ?? 0);
+                    this._processDepositEvents(scope, result.depositEvents, depositStartIndex);
+                    // d. Safe: process withdrawals (now includes migrated accounts)
+                    this._processWithdrawalEvents(scope, result.withdrawalEvents);
+                    // e. Both: process ragequits
+                    if (legacyAccount) {
+                        legacyAccount._processRagequitEvents(scope, result.ragequitEvents);
+                    }
+                    this._processRagequitEvents(scope, result.ragequitEvents);
+                }
+                catch (e) {
+                    this.account.poolAccounts.delete(scope);
+                    legacyAccount?.account.poolAccounts.delete(scope);
+                    errors.push({
+                        reason: e instanceof Error ? e.message : String(e),
+                        scope,
+                    });
+                }
             }
         }
-        return { account, errors };
+        return errors;
     }
     /**
      * @deprecated Use `initializeWithEvents` for instantiating an account with history reconstruction
@@ -79994,7 +79996,7 @@ class DataService {
                         depositor: depositor.toLowerCase(),
                         commitment: commitment,
                         label: label,
-                        value: value || BigInt(0),
+                        value: value ?? BigInt(0),
                         precommitment: precommitment,
                         blockNumber: BigInt(typedLog.blockNumber),
                         transactionHash: typedLog.transactionHash,
@@ -80046,12 +80048,7 @@ class DataService {
                         throw DataError.invalidLog("withdrawal", "missing args");
                     }
                     const { _value: value, _spentNullifier: spentNullifier, _newCommitment: newCommitment, } = typedLog.args;
-                    if (value === undefined ||
-                        value === null ||
-                        !spentNullifier ||
-                        !newCommitment ||
-                        !typedLog.blockNumber ||
-                        !typedLog.transactionHash) {
+                    if (value == null || !spentNullifier || !newCommitment || !typedLog.blockNumber || !typedLog.transactionHash) {
                         throw DataError.invalidLog("withdrawal", "missing required fields");
                     }
                     return {
@@ -80119,7 +80116,7 @@ class DataService {
                         ragequitter: ragequitter.toLowerCase(),
                         commitment: commitment,
                         label: label,
-                        value: value || BigInt(0),
+                        value: value ?? BigInt(0),
                         blockNumber: BigInt(typedLog.blockNumber),
                         transactionHash: typedLog.transactionHash,
                     };