@ar.io/sdk 4.0.0-solana.33 → 4.0.0-solana.35

package/lib/esm/solana/ant-readable.js

@@ -22,7 +22,7 @@
  *   - AntControllers: list of controller pubkeys
  *   - AntRecord: undername records (transactionId, ttl, priority, etc.)
  */
-import { address, fetchEncodedAccount, } from '@solana/kit';
+import { address, fetchEncodedAccount, fetchEncodedAccounts, } from '@solana/kit';
 import bs58 from 'bs58';
 import { createHash as __createHash } from 'crypto';
 import { ANT_RECORD_DISCRIMINATOR, ANT_RECORD_METADATA_DISCRIMINATOR, decodeAntConfig, decodeAntControllers, getAntRecordDecoder, getAntRecordMetadataDecoder, } from '@ar.io/solana-contracts/ant';
@@ -148,6 +148,38 @@ export class SolanaANTReadable {
             controllers: decoded.controllers.map((c) => c),
         };
     }
+    /**
+     * Fetch AntConfig + AntControllers in a single `getMultipleAccounts` round
+     * trip (instead of two single-account reads). Used by `getState` to shave one
+     * RPC per ANT — meaningful when a UI loads many ANTs.
+     */
+    async _fetchConfigAndControllers() {
+        const [[configPda], [controllersPda]] = await Promise.all([
+            getAntConfigPDA(this.mint, this.antProgram),
+            getAntControllersPDA(this.mint, this.antProgram),
+        ]);
+        const [configAccount, controllersAccount] = await withRetry(() => fetchEncodedAccounts(this.rpc, [configPda, controllersPda], {
+            commitment: this.commitment,
+        }));
+        if (!configAccount.exists) {
+            throw new Error(`ANT config not found for ${this.processId}`);
+        }
+        const decodedConfig = decodeAntConfig(configAccount).data;
+        const config = {
+            mint: decodedConfig.mint,
+            name: decodedConfig.name,
+            ticker: decodedConfig.ticker,
+            logo: decodedConfig.logo,
+            description: decodedConfig.description,
+            keywords: decodedConfig.keywords,
+            owner: decodedConfig.lastKnownOwner,
+            version: decodedConfig.version.major,
+        };
+        const controllers = controllersAccount.exists
+            ? decodeAntControllers(controllersAccount).data.controllers.map((c) => c)
+            : [];
+        return { config, controllers };
+    }
     async getOwner(_opts) {
         const config = await this.fetchConfig();
         return config.owner;
@@ -186,10 +218,9 @@ export class SolanaANTReadable {
             getAntRecordPDA(this.mint, undername, this.antProgram),
             getAntRecordMetadataPDA(this.mint, undername, this.antProgram),
         ]);
-        const [recordAccount, metaAccount] = await Promise.all([
-            this.getAccount(recordPda),
-            this.getAccount(metaPda),
-        ]);
+        const [recordAccount, metaAccount] = await withRetry(() => fetchEncodedAccounts(this.rpc, [recordPda, metaPda], {
+            commitment: this.commitment,
+        }));
         if (!recordAccount.exists)
             return undefined;
         const recordDecoder = getAntRecordDecoder();
@@ -222,8 +253,12 @@ export class SolanaANTReadable {
                 : undefined,
         };
     }
-    async getRecords(_opts) {
-        // Fetch all AntRecord + AntRecordMetadata accounts for this mint in parallel.
+    async getRecords(opts) {
+        // Fetch all AntRecord accounts for this mint. AntRecordMetadata
+        // (displayName/logo/description/keywords) is a SECOND program scan and is
+        // only needed in detail/edit views, so skip it unless `includeMetadata` is
+        // set — halving the per-ANT request cost on list reads. See AntReadOptions.
+        const includeMetadata = opts?.includeMetadata === true;
         const gpaFilter = (discriminator) => [
             {
                 memcmp: {
@@ -248,13 +283,15 @@ export class SolanaANTReadable {
                 filters: gpaFilter(bs58.encode(ANT_RECORD_DISCRIMINATOR)),
             })
                 .send()),
-            withRetry(() => this.rpc
-                .getProgramAccounts(this.antProgram, {
-                commitment: this.commitment,
-                encoding: 'base64',
-                filters: gpaFilter(bs58.encode(ANT_RECORD_METADATA_DISCRIMINATOR)),
-            })
-                .send()),
+            includeMetadata
+                ? withRetry(() => this.rpc
+                    .getProgramAccounts(this.antProgram, {
+                    commitment: this.commitment,
+                    encoding: 'base64',
+                    filters: gpaFilter(bs58.encode(ANT_RECORD_METADATA_DISCRIMINATOR)),
+                })
+                    .send())
+                : Promise.resolve([]),
         ]));
         const recordDecoder = getAntRecordDecoder();
         const metaDecoder = getAntRecordMetadataDecoder();
@@ -312,6 +349,256 @@ export class SolanaANTReadable {
         }
         return result;
     }
+    /**
+     * Bulk-load lightweight {@link ANTSummary} state for many ANTs in a handful
+     * of `getMultipleAccounts` calls instead of `N × getState`. For each mint it
+     * batches AntConfig + AntControllers + the apex (`@`) AntRecord — everything a
+     * portfolio/names table needs. Full undername records are NOT loaded here;
+     * fetch them lazily per-ANT via {@link getRecords}/{@link getState} when a
+     * name is opened.
+     *
+     * Requests: ~`ceil(3N / 100)` calls for N mints (10 → 1, 250 → 8), versus
+     * ~`4N` with per-ANT `getState`. Assumes every mint is deployed under this
+     * instance's `antProgram` (true for the standard AR.IO ANT program).
+     *
+     * Mints whose AntConfig doesn't exist are omitted from the result.
+     */
+    async getANTSummaries(mints) {
+        const unique = Array.from(new Set(mints));
+        if (unique.length === 0)
+            return {};
+        // Derive config + controllers + apex('@') record PDAs for every mint.
+        const triples = await Promise.all(unique.map(async (m) => {
+            const mintAddr = address(m);
+            const [[configPda], [controllersPda], [apexPda]] = await Promise.all([
+                getAntConfigPDA(mintAddr, this.antProgram),
+                getAntControllersPDA(mintAddr, this.antProgram),
+                getAntRecordPDA(mintAddr, '@', this.antProgram),
+            ]);
+            return { mint: m, configPda, controllersPda, apexPda };
+        }));
+        // Batch-fetch all PDAs (3 per mint) — getMultipleAccounts caps at 100.
+        const allPdas = triples.flatMap((t) => [
+            t.configPda,
+            t.controllersPda,
+            t.apexPda,
+        ]);
+        const accounts = [];
+        for (let i = 0; i < allPdas.length; i += 100) {
+            const chunk = allPdas.slice(i, i + 100);
+            const res = await withRetry(() => fetchEncodedAccounts(this.rpc, chunk, { commitment: this.commitment }));
+            accounts.push(...res);
+        }
+        const recordDecoder = getAntRecordDecoder();
+        const result = {};
+        for (let i = 0; i < triples.length; i++) {
+            const { mint } = triples[i];
+            const configAccount = accounts[i * 3];
+            const controllersAccount = accounts[i * 3 + 1];
+            const apexAccount = accounts[i * 3 + 2];
+            if (!configAccount?.exists)
+                continue;
+            const config = decodeAntConfig(configAccount).data;
+            const controllers = controllersAccount?.exists
+                ? decodeAntControllers(controllersAccount).data.controllers.map((c) => c)
+                : [];
+            let apexRecord;
+            if (apexAccount?.exists) {
+                const rec = recordDecoder.decode(new Uint8Array(apexAccount.data));
+                apexRecord = {
+                    transactionId: rec.target,
+                    targetProtocol: rec.targetProtocol,
+                    ttlSeconds: rec.ttlSeconds,
+                    priority: rec.priority?.__option === 'Some' ? rec.priority.value : undefined,
+                    owner: rec.owner?.__option === 'Some'
+                        ? rec.owner.value
+                        : undefined,
+                };
+            }
+            result[mint] = {
+                processId: mint,
+                name: config.name,
+                ticker: config.ticker,
+                logo: config.logo,
+                description: config.description,
+                keywords: config.keywords,
+                owner: config.lastKnownOwner,
+                controllers,
+                apexRecord,
+            };
+        }
+        return result;
+    }
+    /**
+     * Bulk-load FULL {@link ANTState} (including all undername records) for many
+     * ANTs in a handful of calls instead of `N × getState`:
+     *   - AntConfig + AntControllers for every mint via `getMultipleAccounts`
+     *     (chunked at 100), and
+     *   - ALL undername records via a SINGLE program-wide `getProgramAccounts`
+     *     scan grouped by mint (offset 8), instead of one mint-filtered scan per
+     *     ANT.
+     *
+     * Requests: ~`ceil(2N / 100) + 1` (+1 when `includeMetadata`) regardless of
+     * N — e.g. 10 ANTs → 2 calls, 250 → ~6 — versus ~`2N` with per-ANT
+     * `getState`. The records scan reads every ANT's records program-wide (cheap
+     * per account, one round trip); prefer per-ANT {@link getState} when you only
+     * need one ANT. Mints with no AntConfig are omitted.
+     */
+    async getANTStates(mints, opts) {
+        const unique = Array.from(new Set(mints));
+        if (unique.length === 0)
+            return {};
+        // Config + controllers PDAs for every mint, batched (100 accounts/call).
+        const pairs = await Promise.all(unique.map(async (m) => {
+            const mintAddr = address(m);
+            const [[configPda], [controllersPda]] = await Promise.all([
+                getAntConfigPDA(mintAddr, this.antProgram),
+                getAntControllersPDA(mintAddr, this.antProgram),
+            ]);
+            return { mint: m, configPda, controllersPda };
+        }));
+        const allPdas = pairs.flatMap((p) => [p.configPda, p.controllersPda]);
+        const accounts = [];
+        for (let i = 0; i < allPdas.length; i += 100) {
+            const res = await withRetry(() => fetchEncodedAccounts(this.rpc, allPdas.slice(i, i + 100), {
+                commitment: this.commitment,
+            }));
+            accounts.push(...res);
+        }
+        const recordsByMint = await this._recordsByMint(opts?.includeMetadata === true);
+        const result = {};
+        for (let i = 0; i < pairs.length; i++) {
+            const { mint } = pairs[i];
+            const configAccount = accounts[i * 2];
+            const controllersAccount = accounts[i * 2 + 1];
+            if (!configAccount?.exists)
+                continue;
+            const config = decodeAntConfig(configAccount).data;
+            const controllers = controllersAccount?.exists
+                ? decodeAntControllers(controllersAccount).data.controllers.map((c) => c)
+                : [];
+            const sorted = recordsByMint.get(mint) ?? {};
+            const plainRecords = {};
+            for (const [key, val] of Object.entries(sorted)) {
+                const { index: _, ...rec } = val;
+                plainRecords[key] = rec;
+            }
+            const owner = config.lastKnownOwner;
+            result[mint] = {
+                Name: config.name,
+                Ticker: config.ticker,
+                Description: config.description,
+                Keywords: config.keywords,
+                Denomination: 0,
+                Owner: owner,
+                Controllers: controllers,
+                Records: plainRecords,
+                Balances: { [owner]: 1 },
+                Logo: config.logo,
+                TotalSupply: 1,
+                Initialized: true,
+            };
+        }
+        return result;
+    }
+    /**
+     * Group every AntRecord (+ optional metadata) in the program by mint via a
+     * single `getProgramAccounts` scan (the mint sits at offset 8). Used by
+     * {@link getANTStates} to load all ANTs' undername records in one round trip
+     * instead of one mint-filtered scan per ANT.
+     */
+    async _recordsByMint(includeMetadata) {
+        const discFilter = (discriminator) => [
+            {
+                memcmp: {
+                    offset: 0n,
+                    bytes: discriminator,
+                    encoding: 'base58',
+                },
+            },
+        ];
+        const [recordAccounts, metaAccounts] = (await Promise.all([
+            withRetry(() => this.rpc
+                .getProgramAccounts(this.antProgram, {
+                commitment: this.commitment,
+                encoding: 'base64',
+                filters: discFilter(bs58.encode(ANT_RECORD_DISCRIMINATOR)),
+            })
+                .send()),
+            includeMetadata
+                ? withRetry(() => this.rpc
+                    .getProgramAccounts(this.antProgram, {
+                    commitment: this.commitment,
+                    encoding: 'base64',
+                    filters: discFilter(bs58.encode(ANT_RECORD_METADATA_DISCRIMINATOR)),
+                })
+                    .send())
+                : Promise.resolve([]),
+        ]));
+        const recordDecoder = getAntRecordDecoder();
+        const metaDecoder = getAntRecordMetadataDecoder();
+        // Metadata keyed by `${mint}:${undernameHash}` (mint at 8, hash at 40).
+        const metaByKey = new Map();
+        for (const { account } of metaAccounts) {
+            try {
+                const buf = Buffer.from(account.data[0], 'base64');
+                const mint = bs58.encode(buf.subarray(8, 40));
+                const hash = buf.subarray(40, 72).toString('hex');
+                metaByKey.set(`${mint}:${hash}`, metaDecoder.decode(new Uint8Array(buf)));
+            }
+            catch {
+                // Skip malformed
+            }
+        }
+        const byMint = new Map();
+        const indexByMint = new Map();
+        for (const { account } of recordAccounts) {
+            try {
+                const buf = Buffer.from(account.data[0], 'base64');
+                const mint = bs58.encode(buf.subarray(8, 40));
+                const record = recordDecoder.decode(new Uint8Array(buf));
+                const hash = __createHash('sha256')
+                    .update(record.undername.toLowerCase())
+                    .digest('hex');
+                const meta = metaByKey.get(`${mint}:${hash}`);
+                const idx = indexByMint.get(mint) ?? 0;
+                let bucket = byMint.get(mint);
+                if (!bucket) {
+                    bucket = {};
+                    byMint.set(mint, bucket);
+                }
+                bucket[record.undername] = {
+                    transactionId: record.target,
+                    targetProtocol: record.targetProtocol,
+                    ttlSeconds: record.ttlSeconds,
+                    priority: record.priority?.__option === 'Some'
+                        ? record.priority.value
+                        : undefined,
+                    owner: record.owner?.__option === 'Some'
+                        ? record.owner.value
+                        : undefined,
+                    displayName: meta?.displayName?.__option === 'Some'
+                        ? meta.displayName.value
+                        : undefined,
+                    logo: meta?.recordLogo?.__option === 'Some'
+                        ? meta.recordLogo.value
+                        : undefined,
+                    description: meta?.recordDescription?.__option === 'Some'
+                        ? meta.recordDescription.value
+                        : undefined,
+                    keywords: meta?.recordKeywords?.__option === 'Some'
+                        ? meta.recordKeywords.value
+                        : undefined,
+                    index: idx,
+                };
+                indexByMint.set(mint, idx + 1);
+            }
+            catch {
+                // Skip malformed
+            }
+        }
+        return byMint;
+    }
     // =========================================
     // Balance reads (NFT model — owner has balance 1)
     // =========================================
@@ -326,11 +613,10 @@ export class SolanaANTReadable {
     // =========================================
     // State / Info composites
     // =========================================
-    async getState(_opts) {
-        const [config, controllersData, records] = await Promise.all([
-            this.fetchConfig(),
-            this.fetchControllers(),
-            this.getRecords(),
+    async getState(opts) {
+        const [{ config, controllers }, records] = await Promise.all([
+            this._fetchConfigAndControllers(),
+            this.getRecords(opts),
         ]);
         // Convert SortedANTRecords to ANTRecords (strip index)
         const plainRecords = {};
@@ -345,7 +631,7 @@ export class SolanaANTReadable {
             Keywords: config.keywords,
             Denomination: 0,
             Owner: config.owner,
-            Controllers: controllersData.controllers,
+            Controllers: controllers,
             Records: plainRecords,
             Balances: { [config.owner]: 1 },
             Logo: config.logo,

package/lib/esm/solana/io-readable.js

@@ -105,6 +105,12 @@ function arnsRecordToWithName(record) {
             : {}),
     };
 }
+/**
+ * TTL for {@link SolanaARIOReadable.getCachedAccount}. DemandFactor / config
+ * accounts change on the order of epochs, so a few seconds of staleness is a
+ * safe trade for collapsing burst reads (e.g. per-row cost lookups).
+ */
+const CONFIG_CACHE_TTL_MS = 30_000;
 function paginate(items, params) {
     const limit = params?.limit ?? 100;
     const startIdx = params?.cursor ? parseInt(params.cursor, 10) : 0;
@@ -146,6 +152,11 @@ export class SolanaARIOReadable {
     // Memoized ARIO mint address (read once from ArioConfig.mint and reused
     // for every SPL-ATA derivation in getBalance/getBalances).
     _arioMint;
+    // Short-TTL cache for slow-changing config-ish accounts (DemandFactor,
+    // ArnsConfig, etc.). Collapses the many identical reads a UI fires in a
+    // burst — e.g. the returned-names page running `getCostDetails` per row,
+    // each re-reading the same DemandFactor PDA — into a single network call.
+    _accountCache = new Map();
     constructor(config) {
         this.rpc = config.rpc;
         this.commitment = config.commitment ?? 'confirmed';
@@ -161,6 +172,24 @@ export class SolanaARIOReadable {
             commitment: this.commitment,
         }));
     }
+    /**
+     * Like {@link getAccount} but caches the result per-PDA for `ttlMs`. Use only
+     * for accounts that change slowly (DemandFactor, ArnsConfig) where a few
+     * seconds of staleness is acceptable in exchange for collapsing repeated
+     * reads. A successful fetch is cached; misses (`exists: false`) are not.
+     */
+    async getCachedAccount(pda, ttlMs = CONFIG_CACHE_TTL_MS) {
+        const key = String(pda);
+        const now = Date.now();
+        const hit = this._accountCache.get(key);
+        if (hit && hit.expiresAt > now)
+            return hit.account;
+        const account = await this.getAccount(pda);
+        if (account.exists) {
+            this._accountCache.set(key, { account, expiresAt: now + ttlMs });
+        }
+        return account;
+    }
     /**
      * Helper for `getProgramAccounts` with a discriminator memcmp filter.
      *
@@ -959,7 +988,11 @@ export class SolanaARIOReadable {
     }
     async getArNSReturnedName({ name, }) {
         const [pda] = await getReturnedNamePDA(name, this.arnsProgram);
-        const account = await this.getAccount(pda);
+        // A ReturnedName account is immutable once created (its premium is derived
+        // client-side from the static start/end timestamps), so cache the read.
+        // The returned-names price table reads each name's PDA twice (lease +
+        // permabuy) and `getTokenCost` reads it again — all share one fetch.
+        const account = await this.getCachedAccount(pda);
         if (!account.exists) {
             throw new Error(`Returned name not found: ${name}`);
         }
@@ -1239,7 +1272,7 @@ export class SolanaARIOReadable {
      */
     async getTokenCost(params) {
         const [dfPda] = await getDemandFactorPDA(this.arnsProgram);
-        const dfAccount = await this.getAccount(dfPda);
+        const dfAccount = await this.getCachedAccount(dfPda);
         if (!dfAccount.exists)
             throw new Error('DemandFactor account not found');
         const df = deserializeDemandFactor(Buffer.from(dfAccount.data));
@@ -1327,14 +1360,22 @@ export class SolanaARIOReadable {
         const discounts = [];
         if (params.fromAddress) {
             try {
-                const gw = await this.getGateway({ address: params.fromAddress });
-                if (gw.status === 'joined') {
-                    const discountAmount = Math.floor((tokenCost * 200_000) / RATE_SCALE);
-                    discounts.push({
-                        name: 'Gateway Operator',
-                        discountTotal: discountAmount,
-                        multiplier: 0.8,
-                    });
+                // Operator-discount check. Read the gateway PDA through the short-TTL
+                // cache (NOT public `getGateway`, which stays fresh for gateway pages):
+                // a price table calls `getCostDetails` many times for the SAME
+                // `fromAddress`, so this collapses N redundant gateway reads to one.
+                const [gwPda] = await getGatewayPDA(address(params.fromAddress), this.garProgram);
+                const gwAccount = await this.getCachedAccount(gwPda);
+                if (gwAccount.exists) {
+                    const gw = deserializeGateway(Buffer.from(gwAccount.data));
+                    if (gw.status === 'joined') {
+                        const discountAmount = Math.floor((tokenCost * 200_000) / RATE_SCALE);
+                        discounts.push({
+                            name: 'Gateway Operator',
+                            discountTotal: discountAmount,
+                            multiplier: 0.8,
+                        });
+                    }
                 }
             }
             catch {
@@ -1441,7 +1482,7 @@ export class SolanaARIOReadable {
     }
     async getRegistrationFees() {
         const [dfPda] = await getDemandFactorPDA(this.arnsProgram);
-        const account = await this.getAccount(dfPda);
+        const account = await this.getCachedAccount(dfPda);
         if (!account.exists) {
             throw new Error('DemandFactor account not found');
         }
@@ -1464,7 +1505,7 @@ export class SolanaARIOReadable {
     }
     async getDemandFactor() {
         const [pda] = await getDemandFactorPDA(this.arnsProgram);
-        const account = await this.getAccount(pda);
+        const account = await this.getCachedAccount(pda);
         if (!account.exists) {
             throw new Error('DemandFactor account not found');
         }
@@ -1473,7 +1514,7 @@ export class SolanaARIOReadable {
     }
     async getDemandFactorSettings() {
         const [pda] = await getDemandFactorPDA(this.arnsProgram);
-        const account = await this.getAccount(pda);
+        const account = await this.getCachedAccount(pda);
         if (!account.exists) {
             throw new Error('DemandFactor account not found');
         }
@@ -1730,7 +1771,7 @@ export class SolanaARIOReadable {
      */
     async getExpiredArnsRecords(now) {
         const [arnsConfigPda] = await getArnsSettingsPDA(this.arnsProgram);
-        const cfgAccount = await this.getAccount(arnsConfigPda);
+        const cfgAccount = await this.getCachedAccount(arnsConfigPda);
         if (!cfgAccount.exists)
             return [];
         const cfg = getArnsConfigDecoder().decode(cfgAccount.data);
@@ -1765,7 +1806,7 @@ export class SolanaARIOReadable {
      */
     async getExpiredReturnedNames(now) {
         const [arnsConfigPda] = await getArnsSettingsPDA(this.arnsProgram);
-        const cfgAccount = await this.getAccount(arnsConfigPda);
+        const cfgAccount = await this.getCachedAccount(arnsConfigPda);
         if (!cfgAccount.exists)
             return [];
         const cfg = getArnsConfigDecoder().decode(cfgAccount.data);
@@ -2011,7 +2052,7 @@ export class SolanaARIOReadable {
      */
     async getArnsConfigRaw() {
         const [pda] = await getArnsSettingsPDA(this.arnsProgram);
-        const account = await this.getAccount(pda);
+        const account = await this.getCachedAccount(pda);
         if (!account.exists)
             return null;
         const cfg = getArnsConfigDecoder().decode(account.data);

package/lib/esm/solana/io-writeable.js

@@ -881,7 +881,16 @@ export class SolanaARIOWriteable extends SolanaARIOReadable {
                 params: buyNameParams,
             }, { programAddress: this.arnsProgram });
         }
-        else if (params.fundFrom === 'plan' || params.fundFrom === 'any') {
+        else if (params.fundFrom === 'plan' ||
+            params.fundFrom === 'any' ||
+            params.fundFrom === 'stakes' ||
+            params.fundFrom === 'withdrawal') {
+            // 'stakes'/'withdrawal' WITHOUT an explicit gatewayAddress/withdrawalId
+            // land here (the single-source branches above handle the explicit case).
+            // Route through the funding planner, which constrains sources to the
+            // chosen mode — it never silently spends liquid balance and auto-splits
+            // across the caller's delegations/vaults. (Previously these fell through
+            // to the balance path below, silently draining liquid ARIO.)
             ix = await this._buildBuyNameFromFundingPlanIx({
                 params,
                 antPubkey,
@@ -892,8 +901,10 @@ export class SolanaARIOWriteable extends SolanaARIOReadable {
                 arnsConfig,
             });
         }
-        else {
-            // 'balance' or undefined falls through to the original direct-buy path.
+        else if (!params.fundFrom ||
+            params.fundFrom === 'balance' ||
+            params.fundFrom === 'turbo') {
+            // Direct balance-funded buy.
             ix = await getBuyNameInstructionAsync(await this.withArnsDefaults({
                 arnsRecord,
                 buyerTokenAccount: buyerATA,
@@ -904,6 +915,9 @@ export class SolanaARIOWriteable extends SolanaARIOReadable {
                 params: buyNameParams,
             }), { programAddress: this.arnsProgram });
         }
+        else {
+            throw new Error(`unsupported fundFrom mode '${params.fundFrom}' for buyRecord`);
+        }
         // Sprint 4 / ADR-016: bundle `ant.sync_attributes` IFF the buyer
         // owns the ANT (preserves BD-096 — non-holder buys defer the trait
         // sync to a later `syncAttributes()` call by the actual owner).
@@ -1428,7 +1442,14 @@ export class SolanaARIOWriteable extends SolanaARIOReadable {
                 return getExtendLeaseFromWithdrawalInstructionAsync({ ...wBase, years: args.years }, { programAddress: this.arnsProgram });
             return getIncreaseUndernameLimitFromWithdrawalInstructionAsync({ ...wBase, quantity: args.quantity }, { programAddress: this.arnsProgram });
         }
-        if (args.params.fundFrom === 'plan' || args.params.fundFrom === 'any') {
+        if (args.params.fundFrom === 'plan' ||
+            args.params.fundFrom === 'any' ||
+            args.params.fundFrom === 'stakes' ||
+            args.params.fundFrom === 'withdrawal') {
+            // 'stakes'/'withdrawal' without an explicit gatewayAddress/withdrawalId
+            // route here (the single-source branches above handle the explicit
+            // case). The planner constrains sources to the chosen mode and never
+            // spends liquid balance.
             // Cost estimation for manage variants: each operation has its own
             // pricing path. Keep it pragmatic — let the planner build the plan
             // around the user's desired total (caller can pass explicit sources
@@ -1987,10 +2008,54 @@ export class SolanaARIOWriteable extends SolanaARIOReadable {
             years: params.years ?? 1,
             ant: antPubkey,
         };
+        // Returned-name price is a per-slot-decaying Dutch auction, so the
+        // multi-source funding plan (which pre-commits exact source amounts) can't
+        // match the execution-time cost → FundingPlanAmountMismatch (#6066). Prefer
+        // a single-source stake path: it carries no amount, so the program computes
+        // and draws the live cost itself. When the caller asked to fund from
+        // stakes/withdrawal/any without naming a specific gateway/vault,
+        // auto-resolve a single source with enough stake to cover the
+        // (premium-inclusive) cost.
+        let resolvedGateway = params.gatewayAddress;
+        let resolvedFundAsOperator = params.fundAsOperator ?? false;
+        let resolvedWithdrawalId = params.withdrawalId;
+        const wantsStake = params.fundFrom === 'stakes' ||
+            params.fundFrom === 'withdrawal' ||
+            params.fundFrom === 'any';
+        if (wantsStake &&
+            resolvedGateway === undefined &&
+            resolvedWithdrawalId === undefined &&
+            !params.sources?.length) {
+            const picked = await this._autoPickReturnedNameStakeSource(params);
+            if (picked?.kind === 'delegation') {
+                resolvedGateway = picked.gateway;
+                resolvedFundAsOperator = false;
+            }
+            else if (picked?.kind === 'operatorStake') {
+                resolvedGateway = picked.gateway;
+                resolvedFundAsOperator = true;
+            }
+            else if (picked?.kind === 'withdrawal') {
+                resolvedWithdrawalId = picked.withdrawalId;
+            }
+            else if (params.fundFrom !== 'any') {
+                // 'stakes'/'withdrawal' explicitly requested but nothing covers it.
+                throw new Error(`buyReturnedName: no ${params.fundFrom === 'withdrawal'
+                    ? 'matured withdrawal vault'
+                    : 'delegation/operator stake'} large enough to fund '${params.name}' was found for ` +
+                    `${this.signer.address}. Fund from balance, or add stake first.`);
+            }
+            // 'any' with nothing found → falls through to the balance path.
+        }
         let ix;
-        if (!params.fundFrom ||
+        const useBalance = !params.fundFrom ||
             params.fundFrom === 'balance' ||
-            params.fundFrom === 'turbo') {
+            params.fundFrom === 'turbo' ||
+            (params.fundFrom === 'any' &&
+                resolvedGateway === undefined &&
+                resolvedWithdrawalId === undefined &&
+                !params.sources?.length);
+        if (useBalance) {
             ix = await getBuyReturnedNameInstructionAsync(await this.withArnsDefaults({
                 arnsRecord,
                 returnedName: returnedNamePda,
@@ -2019,10 +2084,10 @@ export class SolanaARIOWriteable extends SolanaARIOReadable {
                 garProgram: this.garProgram,
                 params: buyParams,
             };
-            if (params.fundFrom === 'stakes' && params.gatewayAddress) {
-                const gatewayAddr = address(params.gatewayAddress);
+            if (resolvedGateway !== undefined) {
+                const gatewayAddr = address(resolvedGateway);
                 const [gatewayPda] = await getGatewayPDA(gatewayAddr, this.garProgram);
-                if (params.fundAsOperator) {
+                if (resolvedFundAsOperator) {
                     ix = await getBuyReturnedNameFromOperatorStakeInstructionAsync({ ...sharedReturnedBase, gateway: gatewayPda }, { programAddress: this.arnsProgram });
                 }
                 else {
@@ -2034,17 +2099,16 @@ export class SolanaARIOWriteable extends SolanaARIOReadable {
                     }, { programAddress: this.arnsProgram });
                 }
             }
-            else if (params.fundFrom === 'withdrawal' &&
-                params.withdrawalId !== undefined) {
-                const [withdrawalPda] = await getWithdrawalPDA(this.signer.address, params.withdrawalId, this.garProgram);
+            else if (resolvedWithdrawalId !== undefined) {
+                const [withdrawalPda] = await getWithdrawalPDA(this.signer.address, resolvedWithdrawalId, this.garProgram);
                 ix = await getBuyReturnedNameFromWithdrawalInstructionAsync({ ...sharedReturnedBase, withdrawal: withdrawalPda }, { programAddress: this.arnsProgram });
             }
-            else if (params.fundFrom === 'plan' || params.fundFrom === 'any') {
-                // Returned-name pricing is dynamic (Dutch auction premium); we trust
-                // explicit caller-supplied sources here and skip auto-discovery if
-                // sources is provided. For 'any' without sources, we fall back to a
-                // best-effort estimate using the plain registration fee — caller can
-                // always retry with explicit sources on FundingPlanAmountMismatch.
+            else if (params.fundFrom === 'plan' && params.sources?.length) {
+                // Explicit caller-supplied plan only: the caller owns the source
+                // amounts and accepts the decay risk (the price moves per slot, so a
+                // stale plan trips FundingPlanAmountMismatch). We do NOT auto-discover
+                // a multi-source plan for returned names — see the single-source note
+                // above.
                 const cost = await this._simulateTokenCost({
                     intent: CostIntent.BuyName,
                     name: params.name,
@@ -2068,14 +2132,63 @@ export class SolanaARIOWriteable extends SolanaARIOReadable {
                 throw new Error(`unsupported fundFrom mode '${params.fundFrom}' for buyReturnedName`);
             }
         }
+        // The on-chain `buy_returned_name*` handlers take `initiator_token_account`
+        // and `buyer_token_account` as `Account<TokenAccount>` (NOT `init`), so
+        // Anchor requires both ATAs to already exist or fails with
+        // AccountNotInitialized (#3012). The original initiator may never have held
+        // ARIO, and the premium always settles from the buyer's liquid ATA — bundle
+        // idempotent ATA creates so the buy succeeds without a separate setup step
+        // (mirrors the vault-ATA handling above). Idempotent: ~1500 CU each, no-op
+        // when the account already exists.
+        const createInitiatorAtaIx = buildCreateAtaIdempotentIx(this.signer.address, initiatorATA, initiator, arnsConfig.mint);
+        const createBuyerAtaIx = buildCreateAtaIdempotentIx(this.signer.address, buyerATA, this.signer.address, arnsConfig.mint);
         // Sprint 4 / ADR-016: bundle ant.sync_attributes after the buy so the
         // Attributes plugin reflects the new record holder. assetOverride =
         // antPubkey because the ArnsRecord PDA is created by buy_returned_name
         // and doesn't exist on-chain at SDK build time.
         const syncIx = await this._buildSyncAttributesIxIfOwner(params.name, antPubkey);
-        const sig = await this.sendTransaction(syncIx ? [ix, syncIx] : [ix]);
+        const sig = await this.sendTransaction([
+            createBuyerAtaIx,
+            createInitiatorAtaIx,
+            ix,
+            ...(syncIx ? [syncIx] : []),
+        ]);
         return { id: sig };
     }
+    /**
+     * Pick a single stake-derived funding source that can cover a returned-name
+     * purchase, for the single-source `buy_returned_name_from_*` paths.
+     *
+     * Returned-name prices decay per slot, so the multi-source funding plan
+     * (which pre-commits exact amounts) can't match the execution-time cost. The
+     * single-source paths carry no amount — the program draws the live cost — so
+     * we only need to pick ONE source with enough stake. We size the pick against
+     * the premium-inclusive estimate (an upper bound, since the price only falls
+     * from now) and choose the largest matching source. Returns `null` when no
+     * single source covers the estimate.
+     */
+    async _autoPickReturnedNameStakeSource(params) {
+        const estimate = BigInt(Math.ceil(await this.getTokenCost({
+            intent: 'Buy-Name',
+            name: params.name,
+            type: params.type,
+            years: params.years ?? 1,
+        })));
+        const arnsConfig = await this.getArnsConfig();
+        const { discoverFundingSources } = await import('./funding-plan.js');
+        const sources = await discoverFundingSources(this.rpc, this.signer.address, { arioMint: arnsConfig.mint, garProgram: this.garProgram });
+        // 'withdrawal' mode → matured withdrawal vaults only; otherwise prefer
+        // operator stake when the caller asked, else a delegation.
+        const wantKind = params.fundFrom === 'withdrawal'
+            ? 'withdrawal'
+            : params.fundAsOperator === true
+                ? 'operatorStake'
+                : 'delegation';
+        const candidates = sources
+            .filter((s) => s.kind === wantKind && s.available >= estimate)
+            .sort((a, b) => b.available > a.available ? 1 : b.available < a.available ? -1 : 0);
+        return candidates[0] ?? null;
+    }
     // =========================================
     // Name management (ario-arns)
     // =========================================

package/lib/esm/solana/rpc-circuit-breaker.js

@@ -47,6 +47,121 @@ const logger = new Logger({ level: 'error' });
 const DEFAULT_MAINNET_RPC = 'https://api.mainnet-beta.solana.com';
 const DEFAULT_DEVNET_RPC = 'https://api.devnet.solana.com';
 // ---------------------------------------------------------------------------
+// Adaptive rate gate (token bucket + cooldown)
+// ---------------------------------------------------------------------------
+/** Default ceiling when `maxRequestsPerSecond` is not provided. */
+const DEFAULT_MAX_RPS = 10;
+/** Multiply the current rate by this on a 429 with no usable header. */
+const AIMD_DECREASE = 0.5;
+/** Never throttle below this many requests/second. */
+const MIN_RATE = 1;
+/** Consecutive successes before nudging the rate up by 1 (additive recovery). */
+const RECOVERY_SUCCESSES = 20;
+/** Fraction of a provider-advertised limit to actually use (safety margin). */
+const RATE_SAFETY_FACTOR = 0.9;
+/** Cooldown applied on a 429 that carries no `Retry-After`. */
+const DEFAULT_COOLDOWN_MS = 1_000;
+/**
+ * Token-bucket throttle whose rate can be retuned at runtime and which can be
+ * paused on demand. Tokens refill continuously at the current rate, capped at
+ * one second's worth (the burst allowance); waiters are released FIFO.
+ */
+function createRateGate(initialRate) {
+    let rate = Math.max(MIN_RATE, initialRate);
+    let capacity = Math.max(1, rate);
+    let tokens = capacity;
+    let lastRefill = Date.now();
+    let pausedUntil = 0;
+    const queue = [];
+    let timer = null;
+    const schedule = (ms) => {
+        if (timer !== null)
+            return;
+        timer = setTimeout(() => {
+            timer = null;
+            pump();
+        }, Math.max(ms, 1));
+    };
+    const refill = () => {
+        const now = Date.now();
+        const elapsed = (now - lastRefill) / 1000;
+        if (elapsed > 0) {
+            tokens = Math.min(capacity, tokens + elapsed * rate);
+            lastRefill = now;
+        }
+    };
+    const pump = () => {
+        const now = Date.now();
+        if (pausedUntil > now) {
+            schedule(pausedUntil - now);
+            return;
+        }
+        refill();
+        while (tokens >= 1) {
+            const release = queue.shift();
+            if (!release)
+                break;
+            tokens -= 1;
+            release();
+        }
+        if (queue.length > 0) {
+            // Wake when the next whole token will have accrued.
+            schedule(Math.ceil(((1 - tokens) / rate) * 1000));
+        }
+    };
+    return {
+        acquire: () => new Promise((resolve) => {
+            queue.push(resolve);
+            pump();
+        }),
+        setRate: (ratePerSecond) => {
+            rate = Math.max(MIN_RATE, ratePerSecond);
+            capacity = Math.max(1, rate);
+            tokens = Math.min(tokens, capacity);
+            lastRefill = Date.now();
+            pump();
+        },
+        pauseFor: (ms) => {
+            const until = Date.now() + Math.max(0, ms);
+            if (until > pausedUntil)
+                pausedUntil = until;
+            schedule(ms);
+        },
+    };
+}
+// ---------------------------------------------------------------------------
+// 429 / rate-limit header parsing
+// ---------------------------------------------------------------------------
+/**
+ * If `err` is a transport HTTP 429, return its response `Headers`; else null.
+ * Duck-typed against the `@solana/errors` HTTP-error context
+ * (`{ statusCode, headers }`) so we avoid a hard dependency on the error code.
+ */
+function http429Headers(err) {
+    const ctx = err
+        ?.context;
+    if (ctx?.statusCode === 429 && ctx.headers instanceof Headers) {
+        return ctx.headers;
+    }
+    return null;
+}
+/** Parse `Retry-After` (delta-seconds or HTTP-date) into ms, or null. */
+function parseRetryAfterMs(headers) {
+    const v = headers.get('retry-after');
+    if (v === null || v === '')
+        return null;
+    const secs = Number(v);
+    if (Number.isFinite(secs))
+        return Math.max(0, secs * 1000);
+    const when = Date.parse(v);
+    return Number.isNaN(when) ? null : Math.max(0, when - Date.now());
+}
+/** Provider-advertised requests/second limit (`x-ratelimit-rps-limit`), or null. */
+function parseRpsLimit(headers) {
+    const v = Number(headers.get('x-ratelimit-rps-limit'));
+    return Number.isFinite(v) && v > 0 ? v : null;
+}
+// ---------------------------------------------------------------------------
 // Implementation
 // ---------------------------------------------------------------------------
 /**
@@ -58,11 +173,51 @@ const DEFAULT_DEVNET_RPC = 'https://api.devnet.solana.com';
 export function createCircuitBreakerRpc({ primaryUrl, fallbackUrl, circuitBreakerOptions: opts = {}, }) {
     const primaryTransport = createDefaultRpcTransport({ url: primaryUrl });
     const fallbackTransport = createDefaultRpcTransport({ url: fallbackUrl });
+    // Throttling is always on. `maxRequestsPerSecond` is the *ceiling*: every
+    // request flows through an adaptive token bucket that backs off on HTTP 429
+    // (honoring `Retry-After` and `x-ratelimit-rps-limit` when present, AIMD
+    // otherwise) and recovers back toward the ceiling on sustained success.
+    const ceilingRate = opts.maxRequestsPerSecond !== undefined && opts.maxRequestsPerSecond > 0
+        ? opts.maxRequestsPerSecond
+        : DEFAULT_MAX_RPS;
+    const gate = createRateGate(ceilingRate);
+    let currentRate = ceilingRate;
+    let successStreak = 0;
+    const onError = (err) => {
+        const headers = http429Headers(err);
+        if (!headers)
+            return; // only adapt to rate-limit (429) failures
+        successStreak = 0;
+        const advertised = parseRpsLimit(headers);
+        const next = advertised !== null
+            ? Math.min(ceilingRate, Math.max(MIN_RATE, advertised * RATE_SAFETY_FACTOR))
+            : Math.max(MIN_RATE, currentRate * AIMD_DECREASE);
+        if (next !== currentRate) {
+            currentRate = next;
+            gate.setRate(currentRate);
+        }
+        const retryAfter = parseRetryAfterMs(headers);
+        gate.pauseFor(retryAfter ?? DEFAULT_COOLDOWN_MS);
+        logger.warn(`[rpc-circuit-breaker] 429 — throttling to ${currentRate.toFixed(1)} req/s` +
+            `, cooling down ${retryAfter ?? DEFAULT_COOLDOWN_MS}ms`);
+    };
+    const onSuccess = () => {
+        if (currentRate >= ceilingRate)
+            return;
+        if (++successStreak >= RECOVERY_SUCCESSES) {
+            successStreak = 0;
+            currentRate = Math.min(ceilingRate, currentRate + 1);
+            gate.setRate(currentRate);
+        }
+    };
     const breaker = new CircuitBreaker((request) => primaryTransport(request), {
         timeout: opts.timeout ?? 10_000,
         errorThresholdPercentage: opts.errorThresholdPercentage ?? 25,
         resetTimeout: opts.resetTimeout ?? 60_000,
         volumeThreshold: opts.volumeThreshold ?? 3,
+        ...(opts.maxConcurrent !== undefined && opts.maxConcurrent > 0
+            ? { capacity: opts.maxConcurrent }
+            : {}),
     });
     breaker.fallback((request) => fallbackTransport(request));
     breaker.on('open', () => {
@@ -74,7 +229,20 @@ export function createCircuitBreakerRpc({ primaryUrl, fallbackUrl, circuitBreake
     breaker.on('close', () => {
         logger.info('[rpc-circuit-breaker] circuit CLOSED — primary RPC recovered');
     });
-    const transport = ((request) => breaker.fire(request));
+    // Adapt the rate to the *primary's* health via opossum's events: `failure`
+    // fires whenever the primary call rejects (a 429 included) even when the
+    // fallback then masks it by resolving `fire()`, and `success` fires on a
+    // healthy primary call. A plain try/catch around `fire()` would miss the
+    // fallback-masked 429s entirely.
+    breaker.on('failure', (err) => onError(err));
+    breaker.on('success', () => onSuccess());
+    const transport = (async (request) => {
+        // Throttle entry to the breaker so we stay under the provider's rate
+        // limit; the queue wait sits outside `fire`, so opossum's per-request
+        // timeout only measures the actual transport call.
+        await gate.acquire();
+        return breaker.fire(request);
+    });
     return createSolanaRpcFromTransport(transport);
 }
 /**

package/lib/esm/version.js

@@ -14,4 +14,4 @@
  * limitations under the License.
  */
 // AUTOMATICALLY GENERATED FILE - DO NOT TOUCH
-export const version = '4.0.0-solana.33';
+export const version = '4.0.0-solana.35';

package/lib/types/solana/ant-readable.d.ts

@@ -24,7 +24,7 @@
  */
 import { type Address, type Commitment } from '@solana/kit';
 import { type ILogger } from '../common/logger.js';
-import type { ANTHandler, ANTInfo, ANTRecord, ANTState, AntReadOptions, SortedANTRecords } from '../types/ant.js';
+import type { ANTHandler, ANTInfo, ANTRecord, ANTState, ANTSummary, AntReadOptions, SortedANTRecords } from '../types/ant.js';
 import type { WalletAddress } from '../types/common.js';
 import { SolanaANTRegistryReadable } from './ant-registry-readable.js';
 import type { SolanaRpc } from './types.js';
@@ -99,6 +99,12 @@ export declare class SolanaANTReadable {
     private getAccount;
     private fetchConfig;
     private fetchControllers;
+    /**
+     * Fetch AntConfig + AntControllers in a single `getMultipleAccounts` round
+     * trip (instead of two single-account reads). Used by `getState` to shave one
+     * RPC per ANT — meaningful when a UI loads many ANTs.
+     */
+    private _fetchConfigAndControllers;
     getOwner(_opts?: AntReadOptions): Promise<WalletAddress>;
     /** Get the on-chain schema version of this ANT's config. */
     getConfigVersion(): Promise<number>;
@@ -111,12 +117,50 @@ export declare class SolanaANTReadable {
     getRecord({ undername }: {
         undername: string;
     }, _opts?: AntReadOptions): Promise<ANTRecord | undefined>;
-    getRecords(_opts?: AntReadOptions): Promise<SortedANTRecords>;
+    getRecords(opts?: AntReadOptions): Promise<SortedANTRecords>;
+    /**
+     * Bulk-load lightweight {@link ANTSummary} state for many ANTs in a handful
+     * of `getMultipleAccounts` calls instead of `N × getState`. For each mint it
+     * batches AntConfig + AntControllers + the apex (`@`) AntRecord — everything a
+     * portfolio/names table needs. Full undername records are NOT loaded here;
+     * fetch them lazily per-ANT via {@link getRecords}/{@link getState} when a
+     * name is opened.
+     *
+     * Requests: ~`ceil(3N / 100)` calls for N mints (10 → 1, 250 → 8), versus
+     * ~`4N` with per-ANT `getState`. Assumes every mint is deployed under this
+     * instance's `antProgram` (true for the standard AR.IO ANT program).
+     *
+     * Mints whose AntConfig doesn't exist are omitted from the result.
+     */
+    getANTSummaries(mints: ReadonlyArray<string>): Promise<Record<string, ANTSummary>>;
+    /**
+     * Bulk-load FULL {@link ANTState} (including all undername records) for many
+     * ANTs in a handful of calls instead of `N × getState`:
+     *   - AntConfig + AntControllers for every mint via `getMultipleAccounts`
+     *     (chunked at 100), and
+     *   - ALL undername records via a SINGLE program-wide `getProgramAccounts`
+     *     scan grouped by mint (offset 8), instead of one mint-filtered scan per
+     *     ANT.
+     *
+     * Requests: ~`ceil(2N / 100) + 1` (+1 when `includeMetadata`) regardless of
+     * N — e.g. 10 ANTs → 2 calls, 250 → ~6 — versus ~`2N` with per-ANT
+     * `getState`. The records scan reads every ANT's records program-wide (cheap
+     * per account, one round trip); prefer per-ANT {@link getState} when you only
+     * need one ANT. Mints with no AntConfig are omitted.
+     */
+    getANTStates(mints: ReadonlyArray<string>, opts?: AntReadOptions): Promise<Record<string, ANTState>>;
+    /**
+     * Group every AntRecord (+ optional metadata) in the program by mint via a
+     * single `getProgramAccounts` scan (the mint sits at offset 8). Used by
+     * {@link getANTStates} to load all ANTs' undername records in one round trip
+     * instead of one mint-filtered scan per ANT.
+     */
+    private _recordsByMint;
     getBalance({ address: queryAddress }: {
         address: WalletAddress;
     }, _opts?: AntReadOptions): Promise<number>;
     getBalances(_opts?: AntReadOptions): Promise<Record<WalletAddress, number>>;
-    getState(_opts?: AntReadOptions): Promise<ANTState>;
+    getState(opts?: AntReadOptions): Promise<ANTState>;
     getInfo(_opts?: AntReadOptions): Promise<ANTInfo>;
     getHandlers(): Promise<ANTHandler[]>;
     getModuleId(_opts?: {

package/lib/types/solana/io-readable.d.ts

@@ -49,6 +49,7 @@ export declare class SolanaARIOReadable {
     protected readonly arnsProgram: Address;
     protected readonly antProgram: Address;
     private _arioMint?;
+    private _accountCache;
     constructor(config: SolanaReadConfig & {
         logger?: ILogger;
         coreProgramId?: Address;
@@ -58,6 +59,13 @@ export declare class SolanaARIOReadable {
     });
     /** Helper to fetch an encoded account (kit's replacement for Connection.getAccountInfo). */
     private getAccount;
+    /**
+     * Like {@link getAccount} but caches the result per-PDA for `ttlMs`. Use only
+     * for accounts that change slowly (DemandFactor, ArnsConfig) where a few
+     * seconds of staleness is acceptable in exchange for collapsing repeated
+     * reads. A successful fetch is cached; misses (`exists: false`) are not.
+     */
+    private getCachedAccount;
     /**
      * Helper for `getProgramAccounts` with a discriminator memcmp filter.
      *

package/lib/types/solana/io-writeable.d.ts

@@ -522,6 +522,19 @@ export declare class SolanaARIOWriteable extends SolanaARIOReadable {
         years?: number;
         processId: string;
     } & Partial<ArNSPurchaseParams>, _options?: WriteOptions): Promise<MessageResult>;
+    /**
+     * Pick a single stake-derived funding source that can cover a returned-name
+     * purchase, for the single-source `buy_returned_name_from_*` paths.
+     *
+     * Returned-name prices decay per slot, so the multi-source funding plan
+     * (which pre-commits exact amounts) can't match the execution-time cost. The
+     * single-source paths carry no amount — the program draws the live cost — so
+     * we only need to pick ONE source with enough stake. We size the pick against
+     * the premium-inclusive estimate (an upper bound, since the price only falls
+     * from now) and choose the largest matching source. Returns `null` when no
+     * single source covers the estimate.
+     */
+    private _autoPickReturnedNameStakeSource;
     /** Reassign an ArNS name to a different ANT. */
     reassignName(params: {
         name: string;

package/lib/types/solana/rpc-circuit-breaker.d.ts

@@ -24,6 +24,35 @@ export interface CircuitBreakerRpcOptions {
      * @default 3
      */
     volumeThreshold?: number;
+    /**
+     * Ceiling for requests allowed through per second. Implemented as an
+     * adaptive token bucket *in front of* the breaker: excess requests are
+     * queued (FIFO) until a token frees, smoothing bursts so you stay under a
+     * provider's rate limit (avoids HTTP 429 / Solana error #8100002).
+     *
+     * The bucket auto-tunes on 429s: it honors `Retry-After`, drops to
+     * `x-ratelimit-rps-limit` when the provider advertises one (public Solana
+     * RPC does; QuickNode generally does not), otherwise halves the rate
+     * (AIMD). It recovers back up toward this ceiling on sustained success.
+     *
+     * The queue wait happens *before* `breaker.fire`, so it does NOT count
+     * against {@link CircuitBreakerRpcOptions.timeout}.
+     *
+     * Throttling is always on; omitting this (or passing `<= 0`) uses the
+     * {@link DEFAULT_MAX_RPS} default. To effectively remove the limit, pass a
+     * very large number.
+     * @default 10
+     */
+    maxRequestsPerSecond?: number;
+    /**
+     * Maximum number of concurrent in-flight requests (opossum `capacity`
+     * semaphore). Unlike {@link CircuitBreakerRpcOptions.maxRequestsPerSecond},
+     * excess requests are **rejected immediately** rather than queued — this is
+     * concurrency control, not a rate limit. For avoiding 429s you usually want
+     * `maxRequestsPerSecond` instead.
+     * @default undefined (unlimited)
+     */
+    maxConcurrent?: number;
 }
 export interface CircuitBreakerRpcConfig {
     /** URL for the primary (preferred) RPC endpoint. */

package/lib/types/types/ant.d.ts

@@ -193,6 +193,25 @@ export declare const AntStateSchema: z.ZodObject<{
     Initialized: boolean;
 }>;
 export type ANTState = z.infer<typeof AntStateSchema>;
+/**
+ * Lightweight ANT view for portfolio/list rendering. Carries the config fields
+ * plus controllers and the apex (`@`) record — everything a names table needs —
+ * WITHOUT the full undername record set. Produced in bulk by
+ * `getANTSummaries(mints)` in a handful of `getMultipleAccounts` calls; fetch
+ * full undernames lazily via `getRecords`/`getState` when a name is opened.
+ */
+export type ANTSummary = {
+    processId: string;
+    name: string;
+    ticker: string;
+    logo: string;
+    description: string;
+    keywords: string[];
+    owner: WalletAddress;
+    controllers: WalletAddress[];
+    /** The apex (`@`) record — the name's primary target — if set. */
+    apexRecord?: ANTRecord;
+};
 export declare const SpawnANTStateSchema: z.ZodObject<{
     name: z.ZodString;
     ticker: z.ZodString;
@@ -324,6 +343,14 @@ export type ANTInfo = z.infer<typeof AntInfoSchema>;
 export declare function isANTState(state: object): state is ANTState;
 export type AntReadOptions = {
     strict?: boolean;
+    /**
+     * Include per-record metadata (`displayName`/`logo`/`description`/`keywords`)
+     * when reading undername records. Defaults to `false` — metadata requires a
+     * second `getProgramAccounts` scan per ANT and is only needed in detail/edit
+     * views, so list reads (`getState`/`getRecords`) skip it by default. Fetch a
+     * single record's metadata on demand via `getRecord`.
+     */
+    includeMetadata?: boolean;
 };
 export interface ANTRead {
     processId: string;

package/lib/types/version.d.ts

@@ -13,4 +13,4 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-export declare const version = "4.0.0-solana.32";
+export declare const version = "4.0.0-solana.34";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ar.io/sdk",
-  "version": "4.0.0-solana.33",
+  "version": "4.0.0-solana.35",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/ar-io/ar-io-sdk.git"