@ar.io/sdk 4.0.0-solana.16 → 4.0.0-solana.18

package/lib/esm/solana/escrow.js

@@ -16,11 +16,10 @@
  * Borsh codec, and account-meta wiring derived from the on-chain IDL.
  */
 import { fetchMaybeEscrowAnt, fetchMaybeEscrowToken, getCancelDepositInstruction, getCancelTokenDepositInstruction, getCancelVaultDepositInstruction, getClaimAntArweaveAttestedInstruction, getClaimAntEthereumInstruction, getClaimTokensArweaveAttestedInstruction, getClaimTokensEthereumInstruction, getClaimVaultArweaveAttestedInstruction, getClaimVaultEthereumInstruction, getDepositAntInstruction, getDepositTokensInstruction, getDepositVaultInstruction, getUpdateRecipientInstruction, getUpdateTokenRecipientInstruction, getUpdateVaultRecipientInstruction, } from '@ar.io/solana-contracts/ant-escrow';
-import { fetchMaybeVaultCounter, getVaultedTransferInstructionAsync, } from '@ar.io/solana-contracts/core';
 import { Logger } from '../common/logger.js';
 import { getAssociatedTokenAddressKit } from './ata.js';
 import { ARIO_ANT_ESCROW_PROGRAM_ID, ARIO_CORE_PROGRAM_ID, ESCROW_ARWEAVE_PUBKEY_LEN, ESCROW_ASSET_TYPE_VAULT, ESCROW_ETHEREUM_PUBKEY_LEN, ESCROW_PROTOCOL_ARWEAVE, ESCROW_PROTOCOL_ETHEREUM, } from './constants.js';
-import { getEscrowAntPDA, getEscrowTokenPDA, getEscrowVaultPDA, getVaultCounterPDA, getVaultPDA, } from './pda.js';
+import { getEscrowAntPDA, getEscrowTokenPDA, getEscrowVaultPDA, } from './pda.js';
 import { sendAndConfirm } from './send.js';
 /** Map the Codama-generated `EscrowAnt` raw decoded type to our public
  *  `EscrowAntState` with protocol enum + active-prefix pubkey slice. */
@@ -275,6 +274,28 @@ export class ANTEscrow {
         }
     }
 }
+/**
+ * Pre-flight the on-chain `VaultStillLocked` gate (ADR-022): refuse to build
+ * a claim tx while the vault is still locked. Surfaces the unlock timestamp
+ * so callers / UIs can show "claimable after <date>" instead of a doomed tx.
+ *
+ * Exported for unit-testability; not part of the public SDK surface — call the
+ * high-level `claimVaultArweave` / `claimVaultEthereum` instead, which invoke
+ * this guard internally.
+ *
+ * @internal
+ */
+export function assertVaultClaimable(escrow) {
+    const nowSeconds = BigInt(Math.floor(Date.now() / 1000));
+    if (escrow.vaultEndTimestamp > nowSeconds) {
+        const unlockIso = new Date(Number(escrow.vaultEndTimestamp) * 1000).toISOString();
+        throw new Error(`Vault escrow is still locked until ${unlockIso} ` +
+            `(vault_end_timestamp=${escrow.vaultEndTimestamp}). ` +
+            `Active (still-locked) vault claims are not supported (ADR-022 / ` +
+            `VaultStillLocked) — wait until after the unlock timestamp, then ` +
+            `claim again to receive the tokens liquid.`);
+    }
+}
 /** Map the Codama-generated `EscrowToken` raw decoded type to our public
  *  `EscrowTokenState` with protocol enum + active-prefix pubkey slice. */
 function toEscrowTokenState(raw) {
@@ -537,23 +558,27 @@ export class TokenEscrow {
         }, { programAddress: this.programId });
     }
     /**
-     * Submit an Arweave RSA-PSS-4096 signature to release escrowed vault tokens.
-     *
-     * The on-chain handler routes by vault state via instructions-sysvar
-     * introspection: an expired vault sends tokens straight to
-     * `claimantTokenAccount`; an active (still-locked) vault routes them to
-     * `payerTokenAccount` and requires a matching `ario_core::vaulted_transfer`
-     * sibling instruction in the same transaction.
+     * Submit an Arweave attestor's Ed25519 signature to release escrowed vault
+     * tokens. The on-chain handler delivers liquid tokens directly to
+     * `claimantTokenAccount`.
      *
-     * This method auto-detects the path from `vaultEndTimestamp` and bundles
-     * the sibling `vaulted_transfer` ix automatically when the vault is still
-     * active — callers do not need to construct it themselves.
+     * **Vaults are only claimable after `vault_end_timestamp`.** Active
+     * (still-locked) vault claims are rejected on-chain with `VaultStillLocked`
+     * (ADR-022 / BD-107: the former active re-lock path was removed because its
+     * sibling-`vaulted_transfer` introspection had no 1:1 claim↔re-lock binding
+     * → reuse / relayer skim). This method pre-flights the same gate and throws
+     * a clear `vault still locked until <ISO>` error rather than building a tx
+     * that will fail on-chain. To revive "claim early, stay locked" see the
+     * restoration playbook in the contracts repo
+     * (`docs/RESTORE_ACTIVE_VAULT_RELOCK.md`).
      */
     async claimVaultArweave(args) {
         const escrow = await this.requireVaultEscrow(args.depositor, args.assetId);
         if (escrow.recipientProtocol !== 'arweave') {
             throw new Error(`escrow recipient is ${escrow.recipientProtocol}, not arweave`);
         }
+        // ADR-022 / VaultStillLocked: pre-flight the on-chain lock gate.
+        assertVaultClaimable(escrow);
         const signer = this.requireSigner('claimVaultArweave');
         const [escrowPda] = await getEscrowVaultPDA(args.depositor, args.assetId, this.programId);
         // `args.signature` and `args.saltLen` are no longer fed to the
@@ -564,73 +589,56 @@ export class TokenEscrow {
             escrow: escrowPda,
             escrowTokenAccount: args.escrowTokenAccount,
             claimantTokenAccount: args.claimantTokenAccount,
-            payerTokenAccount: args.payerTokenAccount,
             claimant: args.claimant,
             depositor: args.depositor,
             payer: signer,
             messageNonce: escrow.nonce,
         }, { programAddress: this.programId });
-        const ixs = await this.maybeBundleVaultedTransfer(escrow, args, claimIx);
+        const createClaimantAtaIx = await this._createClaimantAtaIfCanonical(args.claimant, args.claimantTokenAccount, escrow.arioMint);
+        const ixs = createClaimantAtaIx
+            ? [createClaimantAtaIx, claimIx]
+            : [claimIx];
         return this.send(ixs, 400_000);
     }
     /**
      * Submit an Ethereum ECDSA signature to release escrowed vault tokens. See
-     * {@link claimVaultArweave} for the expired/active vault routing semantics.
-     * Auto-bundles the sibling `vaulted_transfer` ix for active vaults.
+     * {@link claimVaultArweave} — same lock semantics: vaults are only claimable
+     * after `vault_end_timestamp`; active (still-locked) claims throw pre-flight
+     * and are rejected on-chain with `VaultStillLocked` (ADR-022 / BD-107).
      */
     async claimVaultEthereum(args) {
         const escrow = await this.requireVaultEscrow(args.depositor, args.assetId);
         if (escrow.recipientProtocol !== 'ethereum') {
             throw new Error(`escrow recipient is ${escrow.recipientProtocol}, not ethereum`);
         }
+        assertVaultClaimable(escrow);
         const signer = this.requireSigner('claimVaultEthereum');
         const [escrowPda] = await getEscrowVaultPDA(args.depositor, args.assetId, this.programId);
         const claimIx = getClaimVaultEthereumInstruction({
             escrow: escrowPda,
             escrowTokenAccount: args.escrowTokenAccount,
             claimantTokenAccount: args.claimantTokenAccount,
-            payerTokenAccount: args.payerTokenAccount,
             claimant: args.claimant,
             depositor: args.depositor,
             payer: signer,
             messageNonce: escrow.nonce,
             signature: args.signature,
         }, { programAddress: this.programId });
-        const ixs = await this.maybeBundleVaultedTransfer(escrow, args, claimIx);
+        const createClaimantAtaIx = await this._createClaimantAtaIfCanonical(args.claimant, args.claimantTokenAccount, escrow.arioMint);
+        const ixs = createClaimantAtaIx
+            ? [createClaimantAtaIx, claimIx]
+            : [claimIx];
         return this.send(ixs);
     }
     /**
-     * If the vault escrow is still locked (`vaultEndTimestamp` in the future),
-     * return `[claimIx, vaultedTransferIx]` so the on-chain claim handler can
-     * see the sibling (via `instructions_sysvar`) and re-vault tokens for the
-     * claimant. If the vault has expired, just `[claimIx]` — the on-chain
-     * handler delivers tokens directly to `claimantTokenAccount`.
-     *
-     * **Ordering matters at runtime**: `claim` must execute first so it can
-     * move tokens `escrow → payerTokenAccount`. `vaulted_transfer` then pulls
-     * from `payerTokenAccount` into the new vault. Reversing the order makes
-     * `vaulted_transfer` fail with `insufficient funds` because nothing has
-     * funded `payerTokenAccount` yet. The introspection check in
-     * `vault_introspect::verify_vaulted_transfer_in_tx` is presence-based
-     * (reads `instructions_sysvar`) so the *sibling* ordering doesn't matter
-     * for the check itself — only for atomic execution.
-     *
-     * `lockDurationSeconds` is set to the SDK-local `remaining` value. The
-     * on-chain handler accepts `lock_duration >= remaining_at_execution - 60s`
-     * (see the introspection function's tolerance), so any modest clock skew
-     * between client and chain is absorbed.
-     */
     /**
      * Idempotent-create the claimant's canonical ATA when needed.
      *
-     * The on-chain claim handler delivers liquid tokens directly to
-     * `claimantTokenAccount` for expired vaults AND for token escrows.
-     * For active vaults, the `claim_vault_*` Anchor Accounts struct still
-     * declares `claimant_token_account: Account<TokenAccount>`, which forces
-     * Anchor's account-load-time validation to require the account exist
-     * even though the active path doesn't write to it. Either way: if the
-     * claimant is a fresh wallet that has never held this mint, the ATA
-     * doesn't exist and the tx fails with `AccountNotInitialized` (#3012).
+     * The claim handler delivers liquid tokens directly to
+     * `claimantTokenAccount` (post-ADR-022 there's only the liquid path for
+     * vaults). If the claimant is a fresh wallet that has never held this
+     * mint, the ATA doesn't exist and the tx fails with `AccountNotInitialized`
+     * (#3012).
      *
      * Returns `null` when the caller passed a non-canonical
      * `claimantTokenAccount` (manually-created non-ATA token account,
@@ -643,52 +651,6 @@ export class TokenEscrow {
         const signer = this.requireSigner('createClaimantAtaIfCanonical');
         return buildCreateAtaIdempotentIx(signer.address, canonical, claimant, mint);
     }
-    async maybeBundleVaultedTransfer(escrow, args, claimIx) {
-        const nowSeconds = BigInt(Math.floor(Date.now() / 1000));
-        const remaining = escrow.vaultEndTimestamp - nowSeconds;
-        if (remaining <= 0n) {
-            // Expired vault → claim handler delivers liquid to claimantTokenAccount.
-            // Idempotent-create that ATA if it's the canonical derivation so a
-            // first-time recipient just works.
-            const createClaimantAtaIx = await this._createClaimantAtaIfCanonical(args.claimant, args.claimantTokenAccount, escrow.arioMint);
-            return createClaimantAtaIx ? [createClaimantAtaIx, claimIx] : [claimIx];
-        }
-        const signer = this.requireSigner('maybeBundleVaultedTransfer');
-        const nextId = await this.getNextVaultId(args.claimant);
-        const [vaultPda] = await getVaultPDA(args.claimant, nextId, this.coreProgram);
-        const vaultATA = await getAssociatedTokenAddressKit(escrow.arioMint, vaultPda, true);
-        // Active-vault path: `claim_vault_*` still validates the claimant ATA
-        // at account-load-time (Anchor `Account<TokenAccount>` constraint),
-        // even though no liquid is written to it. Idempotent-create so a fresh
-        // claimant doesn't fail the ix with AccountNotInitialized (#3012).
-        const createClaimantAtaIx = await this._createClaimantAtaIfCanonical(args.claimant, args.claimantTokenAccount, escrow.arioMint);
-        // The new vault PDA's ATA must exist before `vaulted_transfer` reads it
-        // (else `AccountNotInitialized` #3012). Idempotent so a retry after a
-        // partial-failure tx is safe. Placed after the claim ix to preserve
-        // the "claim first" tx ordering invariant.
-        const createVaultAtaIx = buildCreateAtaIdempotentIx(signer.address, vaultATA, vaultPda, escrow.arioMint);
-        const vaultedIx = await getVaultedTransferInstructionAsync({
-            vault: vaultPda,
-            senderTokenAccount: args.payerTokenAccount,
-            vaultTokenAccount: vaultATA,
-            recipient: args.claimant,
-            sender: signer,
-            amount: escrow.amount,
-            lockDurationSeconds: remaining,
-            revocable: escrow.vaultRevocable,
-        }, { programAddress: this.coreProgram });
-        const head = createClaimantAtaIx ? [createClaimantAtaIx] : [];
-        return [...head, claimIx, createVaultAtaIx, vaultedIx];
-    }
-    /** Read the recipient's `VaultCounter.nextId`, defaulting to 0n if the
-     *  counter PDA hasn't been initialised yet (first vault for that owner). */
-    async getNextVaultId(owner) {
-        const [counterPda] = await getVaultCounterPDA(owner, this.coreProgram);
-        const account = await fetchMaybeVaultCounter(this.rpc, counterPda, {
-            commitment: this.commitment,
-        });
-        return account.exists ? account.data.nextId : 0n;
-    }
     // -------------------------------------------------------------------
     // Write — cancel
     // -------------------------------------------------------------------

package/lib/esm/solana/io-writeable.js

@@ -1786,39 +1786,44 @@ export class SolanaARIOWriteable extends SolanaARIOReadable {
     async reassignName(params, _options) {
         const newAnt = address(params.processId);
         const [arnsRecord] = await getArnsRecordPDA(params.name, this.arnsProgram);
+        // The on-chain `reassign_name` (PR #73 / BD-106 / BD-095) now authorizes
+        // against the CURRENT Metaplex Core holder of `record.ant` via a named
+        // `ant_asset` account constrained to `arns_record.ant`. We must read the
+        // current record to know which asset to pass — that's the OLD ant (the
+        // one we're reassigning AWAY FROM), not `newAnt`.
+        const currentRecord = await this.getArNSRecord({ name: params.name });
+        const currentAnt = address(currentRecord.processId);
         const ix = await getReassignNameInstructionAsync(await this.withArnsDefaults({
             arnsRecord,
+            antAsset: currentAnt,
             caller: this.signer,
             newAnt,
         }), { programAddress: this.arnsProgram });
-        // The on-chain handler validates the new ANT via `remaining_accounts[0]`
-        // (must be MPL-Core-owned + key matches `newAnt`). The codama builder
-        // for reassign_name only encodes the typed accounts above, so we tag
-        // the new ANT asset on as a readonly remaining account.
-        //
-        // Sprint 4 / ADR-016: post-reassign the record points at `newAnt`. The
-        // bundled `sync_attributes` MUST target `newAnt` — without the
-        // override, the helper would read the on-chain record at SDK build
-        // time (still pointing at the OLD asset), build a sync ix for the
-        // OLD asset, and fail the post-reassign `record.ant == asset.key()`
-        // check. The owner-check inside _buildSyncAttributesIxIfOwner runs
-        // against `newAnt`, so the bundle fires only when the reassign
-        // caller is also the new ANT's holder; otherwise the ix is sent
-        // alone and the new owner runs `syncAttributes()` later (BD-095/096).
+        // Post-reassign the record points at `newAnt`. The bundled
+        // `sync_attributes` MUST target `newAnt` — without the override, the
+        // helper would read the on-chain record at SDK build time (still
+        // pointing at the OLD asset), build a sync ix for the OLD asset, and
+        // fail the post-reassign `record.ant == asset.key()` check. The
+        // owner-check inside _buildSyncAttributesIxIfOwner runs against
+        // `newAnt`, so the bundle fires only when the reassign caller is also
+        // the new ANT's holder; otherwise the ix is sent alone and the new
+        // owner runs `syncAttributes()` later (BD-095/096).
         const syncIx = await this._buildSyncAttributesIxIfOwner(params.name, newAnt);
-        const reassignWithMetas = withRemainingAccounts(ix, [
-            { address: newAnt, role: AccountRole.READONLY },
-        ]);
-        const sig = await this.sendTransaction(syncIx ? [reassignWithMetas, syncIx] : [reassignWithMetas]);
+        const sig = await this.sendTransaction(syncIx ? [ix, syncIx] : [ix]);
         return { id: sig };
     }
     /** Release a permabuy name back to the registry (creates a returned name auction). */
     async releaseName(params, _options) {
         const [returnedNamePda] = await getReturnedNamePDA(params.name, this.arnsProgram);
         const [arnsRecord] = await getArnsRecordPDA(params.name, this.arnsProgram);
+        // PR #73 / BD-106: `release_name` now authorizes against the current
+        // Metaplex Core holder of `record.ant` via a named `ant_asset` account
+        // constrained to `arns_record.ant`. Fetch the record to know which.
+        const currentRecord = await this.getArNSRecord({ name: params.name });
         const ix = await getReleaseNameInstructionAsync(await this.withArnsDefaults({
             arnsRecord,
             returnedName: returnedNamePda,
+            antAsset: address(currentRecord.processId),
             caller: this.signer,
         }), { programAddress: this.arnsProgram });
         // Note: no sync_attributes bundle here — release_name closes the

package/lib/esm/version.js

@@ -14,4 +14,4 @@
  * limitations under the License.
  */
 // AUTOMATICALLY GENERATED FILE - DO NOT TOUCH
-export const version = '4.0.0-solana.16';
+export const version = '4.0.0-solana.18';

package/lib/types/solana/escrow.d.ts

@@ -16,15 +16,13 @@
  * Borsh codec, and account-meta wiring derived from the on-chain IDL.
  */
 import { type Address, type Commitment, type Instruction, type TransactionSigner } from '@solana/kit';
+import { type EscrowAnt, type EscrowToken } from '@ar.io/solana-contracts/ant-escrow';
 import type { ILogger } from '../common/logger.js';
 import type { SolanaRpc, SolanaRpcSubscriptions } from './types.js';
 export type EscrowProtocol = 'arweave' | 'ethereum';
 export interface EscrowAntState {
-    version: {
-        major: number;
-        minor: number;
-        patch: number;
-    };
+    /** On-chain schema version, as decoded by the generated client. */
+    version: EscrowAnt['version'];
     bump: number;
     depositor: Address;
     antMint: Address;
@@ -39,9 +37,13 @@ export interface ANTEscrowConfig {
     signer?: TransactionSigner;
     programId?: Address;
     /**
-     * ario-core program id, used by `TokenEscrow` to build the sibling
-     * `vaulted_transfer` instruction when claiming an active (still-locked)
-     * vault escrow. Defaults to {@link ARIO_CORE_PROGRAM_ID}.
+     * ario-core program id. Currently unused (post-ADR-022 the SDK no longer
+     * builds a sibling `vaulted_transfer`; active vault claims are rejected
+     * with `VaultStillLocked`). Retained for forward-compat — if the active
+     * re-lock path is ever revived via the direct-CPI restoration playbook
+     * (contracts `docs/RESTORE_ACTIVE_VAULT_RELOCK.md`), this is the program
+     * the new claim ABI would need to reference. Defaults to
+     * {@link ARIO_CORE_PROGRAM_ID}.
      */
     coreProgram?: Address;
     commitment?: Commitment;
@@ -168,11 +170,8 @@ export declare class ANTEscrow {
 }
 export type EscrowAssetType = 'token' | 'vault';
 export interface EscrowTokenState {
-    version: {
-        major: number;
-        minor: number;
-        patch: number;
-    };
+    /** On-chain schema version, as decoded by the generated client. */
+    version: EscrowToken['version'];
     bump: number;
     depositor: Address;
     assetType: EscrowAssetType;
@@ -186,6 +185,18 @@ export interface EscrowTokenState {
     vaultEndTimestamp: bigint;
     vaultRevocable: boolean;
 }
+/**
+ * Pre-flight the on-chain `VaultStillLocked` gate (ADR-022): refuse to build
+ * a claim tx while the vault is still locked. Surfaces the unlock timestamp
+ * so callers / UIs can show "claimable after <date>" instead of a doomed tx.
+ *
+ * Exported for unit-testability; not part of the public SDK surface — call the
+ * high-level `claimVaultArweave` / `claimVaultEthereum` instead, which invoke
+ * this guard internally.
+ *
+ * @internal
+ */
+export declare function assertVaultClaimable(escrow: EscrowTokenState): void;
 /**
  * Solana-backed client for the trustless token/vault escrow program. All
  * write methods require both `rpcSubscriptions` and `signer`; read methods
@@ -302,17 +313,19 @@ export declare class TokenEscrow {
         messageNonce: Uint8Array;
     }): Promise<Instruction>;
     /**
-     * Submit an Arweave RSA-PSS-4096 signature to release escrowed vault tokens.
+     * Submit an Arweave attestor's Ed25519 signature to release escrowed vault
+     * tokens. The on-chain handler delivers liquid tokens directly to
+     * `claimantTokenAccount`.
      *
-     * The on-chain handler routes by vault state via instructions-sysvar
-     * introspection: an expired vault sends tokens straight to
-     * `claimantTokenAccount`; an active (still-locked) vault routes them to
-     * `payerTokenAccount` and requires a matching `ario_core::vaulted_transfer`
-     * sibling instruction in the same transaction.
-     *
-     * This method auto-detects the path from `vaultEndTimestamp` and bundles
-     * the sibling `vaulted_transfer` ix automatically when the vault is still
-     * active — callers do not need to construct it themselves.
+     * **Vaults are only claimable after `vault_end_timestamp`.** Active
+     * (still-locked) vault claims are rejected on-chain with `VaultStillLocked`
+     * (ADR-022 / BD-107: the former active re-lock path was removed because its
+     * sibling-`vaulted_transfer` introspection had no 1:1 claim↔re-lock binding
+     * → reuse / relayer skim). This method pre-flights the same gate and throws
+     * a clear `vault still locked until <ISO>` error rather than building a tx
+     * that will fail on-chain. To revive "claim early, stay locked" see the
+     * restoration playbook in the contracts repo
+     * (`docs/RESTORE_ACTIVE_VAULT_RELOCK.md`).
      */
     claimVaultArweave(args: {
         depositor: Address;
@@ -320,14 +333,14 @@ export declare class TokenEscrow {
         claimant: Address;
         claimantTokenAccount: Address;
         escrowTokenAccount: Address;
-        payerTokenAccount: Address;
         signature: Uint8Array;
         saltLen?: number;
     }): Promise<string>;
     /**
      * Submit an Ethereum ECDSA signature to release escrowed vault tokens. See
-     * {@link claimVaultArweave} for the expired/active vault routing semantics.
-     * Auto-bundles the sibling `vaulted_transfer` ix for active vaults.
+     * {@link claimVaultArweave} — same lock semantics: vaults are only claimable
+     * after `vault_end_timestamp`; active (still-locked) claims throw pre-flight
+     * and are rejected on-chain with `VaultStillLocked` (ADR-022 / BD-107).
      */
     claimVaultEthereum(args: {
         depositor: Address;
@@ -335,51 +348,23 @@ export declare class TokenEscrow {
         claimant: Address;
         claimantTokenAccount: Address;
         escrowTokenAccount: Address;
-        payerTokenAccount: Address;
         signature: Uint8Array;
     }): Promise<string>;
     /**
-     * If the vault escrow is still locked (`vaultEndTimestamp` in the future),
-     * return `[claimIx, vaultedTransferIx]` so the on-chain claim handler can
-     * see the sibling (via `instructions_sysvar`) and re-vault tokens for the
-     * claimant. If the vault has expired, just `[claimIx]` — the on-chain
-     * handler delivers tokens directly to `claimantTokenAccount`.
-     *
-     * **Ordering matters at runtime**: `claim` must execute first so it can
-     * move tokens `escrow → payerTokenAccount`. `vaulted_transfer` then pulls
-     * from `payerTokenAccount` into the new vault. Reversing the order makes
-     * `vaulted_transfer` fail with `insufficient funds` because nothing has
-     * funded `payerTokenAccount` yet. The introspection check in
-     * `vault_introspect::verify_vaulted_transfer_in_tx` is presence-based
-     * (reads `instructions_sysvar`) so the *sibling* ordering doesn't matter
-     * for the check itself — only for atomic execution.
-     *
-     * `lockDurationSeconds` is set to the SDK-local `remaining` value. The
-     * on-chain handler accepts `lock_duration >= remaining_at_execution - 60s`
-     * (see the introspection function's tolerance), so any modest clock skew
-     * between client and chain is absorbed.
-     */
     /**
      * Idempotent-create the claimant's canonical ATA when needed.
      *
-     * The on-chain claim handler delivers liquid tokens directly to
-     * `claimantTokenAccount` for expired vaults AND for token escrows.
-     * For active vaults, the `claim_vault_*` Anchor Accounts struct still
-     * declares `claimant_token_account: Account<TokenAccount>`, which forces
-     * Anchor's account-load-time validation to require the account exist
-     * even though the active path doesn't write to it. Either way: if the
-     * claimant is a fresh wallet that has never held this mint, the ATA
-     * doesn't exist and the tx fails with `AccountNotInitialized` (#3012).
+     * The claim handler delivers liquid tokens directly to
+     * `claimantTokenAccount` (post-ADR-022 there's only the liquid path for
+     * vaults). If the claimant is a fresh wallet that has never held this
+     * mint, the ATA doesn't exist and the tx fails with `AccountNotInitialized`
+     * (#3012).
      *
      * Returns `null` when the caller passed a non-canonical
      * `claimantTokenAccount` (manually-created non-ATA token account,
      * presumably already exists — caller's responsibility).
      */
     private _createClaimantAtaIfCanonical;
-    private maybeBundleVaultedTransfer;
-    /** Read the recipient's `VaultCounter.nextId`, defaulting to 0n if the
-     *  counter PDA hasn't been initialised yet (first vault for that owner). */
-    private getNextVaultId;
     /**
      * Cancel a token or vault escrow deposit and return the tokens to the
      * depositor. Only callable by the original depositor.

package/lib/types/version.d.ts

@@ -13,4 +13,4 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-export declare const version = "4.0.0-solana.15";
+export declare const version = "4.0.0-solana.17";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ar.io/sdk",
-  "version": "4.0.0-solana.16",
+  "version": "4.0.0-solana.18",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/ar-io/ar-io-sdk.git"
@@ -122,7 +122,7 @@
     "typescript": "^5.1.6"
   },
   "dependencies": {
-    "@ar.io/solana-contracts": "^0.3.0",
+    "@ar.io/solana-contracts": "^0.4.0",
     "@solana-program/compute-budget": "^0.15.0",
     "@solana-program/token": "^0.13.0",
     "@solana/kit": "^6.8.0",