@ar.io/sdk 4.0.0-solana.35 → 4.0.0-solana.36

package/lib/esm/solana/canonical-message.js

@@ -18,15 +18,18 @@
  *
  * Produces the EXACT bytes a recipient signs to release an escrowed
  * ANT. Output MUST be byte-identical to the Rust implementation in
- * `contracts/programs/ario-ant-escrow/src/canonical.rs::build_canonical_message`.
- * Cross-language equivalence is asserted by `canonical-message.test.ts`
- * which spawns the Rust `canonical` example binary and diffs the bytes.
+ * `ario-ant-escrow/src/canonical.rs::build_ant_escrow_claim_message`
+ * (header `ANT_ESCROW_CLAIM_HEADER = "ar.io ant-escrow claim"`). The on-chain
+ * program reconstructs these exact bytes and verifies the signature against
+ * them, so any drift (header, field set, or ordering) makes every claim fail
+ * `EthereumAddressMismatch` / signature verification.
  *
  * Format (UTF-8, line-feed separated, no trailing newline):
  *
  * ```text
- * ar.io ant-escrow claim v1
+ * ar.io ant-escrow claim
  * network: <network>
+ * recipient: <base64url(sha256(recipient_pubkey)) — 43 chars, no pad>
  * ant: <ant_mint_base58>
  * claimant: <claimant_solana_pubkey_base58>
  * nonce: <nonce_hex_lowercase>
@@ -37,8 +40,9 @@
  * - Ethereum: `wallet.signMessage(bytes)` → 65-byte ECDSA + EIP-191 sig
  *   (the wallet applies the EIP-191 prefix; on-chain code re-applies it).
  */
-/** Header literal — must match Rust `CANONICAL_HEADER`. */
-const CANONICAL_HEADER = 'ar.io ant-escrow claim v1';
+import { sha256 } from '@noble/hashes/sha256';
+/** Header literal — must match Rust `ANT_ESCROW_CLAIM_HEADER`. */
+const CANONICAL_HEADER = 'ar.io ant-escrow claim';
 /**
  * Build the canonical claim message bytes. UTF-8 encoded, no trailing
  * newline, exactly the format shown in the docstring.
@@ -52,21 +56,23 @@ export function canonicalMessage(input) {
     }
     const text = `${CANONICAL_HEADER}\n` +
         `network: ${input.network}\n` +
+        `recipient: ${deriveRecipientId(input.recipient)}\n` +
         `ant: ${input.antMint}\n` +
         `claimant: ${input.claimant}\n` +
         `nonce: ${bytesToHexLower(input.nonce)}`;
     return new TextEncoder().encode(text);
 }
-/** Header literal — must match Rust `CANONICAL_HEADER_V2`. */
-const CANONICAL_HEADER_V2 = 'ar.io escrow claim v2';
+/** Header literal — must match Rust `ESCROW_CLAIM_HEADER`. */
+const CANONICAL_HEADER_V2 = 'ar.io escrow claim';
 /**
  * Build the v2 canonical claim message bytes for token/vault escrows.
  * UTF-8 encoded, no trailing newline.
  *
  * Format:
  * ```text
- * ar.io escrow claim v2
+ * ar.io escrow claim
  * network: <network>
+ * recipient: <base64url(sha256(recipient_pubkey)) — 43 chars, no pad>
  * type: <token|vault>
  * asset: <asset_id_hex_lowercase_64chars>
  * amount: <u64_decimal>
@@ -85,6 +91,7 @@ export function canonicalMessageV2(input) {
     }
     const text = `${CANONICAL_HEADER_V2}\n` +
         `network: ${input.network}\n` +
+        `recipient: ${deriveRecipientId(input.recipient)}\n` +
         `type: ${input.assetType}\n` +
         `asset: ${bytesToHexLower(input.assetId)}\n` +
         `amount: ${input.amount.toString()}\n` +
@@ -95,6 +102,20 @@ export function canonicalMessageV2(input) {
 // =========================================
 // Shared utilities
 // =========================================
+/**
+ * Recipient identity bound into the claim message — `base64url(sha256(bytes))`
+ * with no padding (32-byte hash → 43 chars). Byte-identical to the contract's
+ * `canonical.rs::derive_recipient_id_b64url`. Input is the recipient pubkey
+ * bytes the deposit targeted (ETH 20-byte address / Solana 32-byte pubkey /
+ * Arweave RSA modulus, etc.).
+ */
+export function deriveRecipientId(recipient) {
+    if (recipient.length === 0) {
+        throw new Error('deriveRecipientId: recipient bytes must be non-empty');
+    }
+    // Node's 'base64url' encoding is unpadded — matches the Rust no-pad alphabet.
+    return Buffer.from(sha256(recipient)).toString('base64url');
+}
 /** Lowercase-hex encoding. Matches Rust `encode_hex_lowercase`. */
 export function bytesToHexLower(bytes) {
     let s = '';

package/lib/esm/solana/index.js

@@ -91,7 +91,7 @@ export { ANTEscrow, TokenEscrow,
 // in lock-step so users never see a raw on-chain error.
 assertVaultClaimable, isVaultClaimable, CLOCK_SKEW_TOLERANCE_SECONDS, } from './escrow.js';
 // Canonical claim-message helper (byte-equivalent to Rust impl)
-export { canonicalMessage, canonicalMessageV2, bytesToHexLower, } from './canonical-message.js';
+export { canonicalMessage, canonicalMessageV2, deriveRecipientId, bytesToHexLower, } from './canonical-message.js';
 // ANT spawn (mint MPL Core asset + initialize ario-ant state in one tx)
 export { spawnSolanaANT, ARIO_LOGO_TX_ID, DEFAULT_ANT_TRANSACTION_ID, } from './spawn-ant.js';
 // PDA derivation

package/lib/esm/version.js

@@ -14,4 +14,4 @@
  * limitations under the License.
  */
 // AUTOMATICALLY GENERATED FILE - DO NOT TOUCH
-export const version = '4.0.0-solana.35';
+export const version = '4.0.0-solana.36';

package/lib/types/solana/canonical-message.d.ts

@@ -18,15 +18,18 @@
  *
  * Produces the EXACT bytes a recipient signs to release an escrowed
  * ANT. Output MUST be byte-identical to the Rust implementation in
- * `contracts/programs/ario-ant-escrow/src/canonical.rs::build_canonical_message`.
- * Cross-language equivalence is asserted by `canonical-message.test.ts`
- * which spawns the Rust `canonical` example binary and diffs the bytes.
+ * `ario-ant-escrow/src/canonical.rs::build_ant_escrow_claim_message`
+ * (header `ANT_ESCROW_CLAIM_HEADER = "ar.io ant-escrow claim"`). The on-chain
+ * program reconstructs these exact bytes and verifies the signature against
+ * them, so any drift (header, field set, or ordering) makes every claim fail
+ * `EthereumAddressMismatch` / signature verification.
  *
  * Format (UTF-8, line-feed separated, no trailing newline):
  *
  * ```text
- * ar.io ant-escrow claim v1
+ * ar.io ant-escrow claim
  * network: <network>
+ * recipient: <base64url(sha256(recipient_pubkey)) — 43 chars, no pad>
  * ant: <ant_mint_base58>
  * claimant: <claimant_solana_pubkey_base58>
  * nonce: <nonce_hex_lowercase>
@@ -50,6 +53,12 @@ export interface CanonicalMessageInput {
     /** Solana pubkey that will receive the ANT on claim. Bound into the
      *  signature so front-runners can't redirect. */
     claimant: Address;
+    /** Recipient identity pubkey bytes the deposit targeted (ETH 20-byte
+     *  address, Solana 32-byte pubkey, or Arweave RSA modulus). Bound into the
+     *  message as `recipient: base64url(sha256(bytes))` to match the contract's
+     *  `derive_recipient_id_b64url`. REQUIRED — the program reconstructs this
+     *  line, so omitting it makes the claim mismatch. */
+    recipient: Uint8Array;
     /** 32-byte anti-replay nonce — read from the EscrowAnt account. */
     nonce: Uint8Array;
 }
@@ -72,6 +81,12 @@ export interface CanonicalMessageV2Input {
     amount: bigint;
     /** Solana pubkey that will receive the tokens on claim. */
     claimant: Address;
+    /** Recipient identity pubkey bytes the deposit targeted (ETH 20-byte
+     *  address, Solana 32-byte pubkey, or Arweave RSA modulus). Bound into the
+     *  message as `recipient: base64url(sha256(bytes))` to match the contract's
+     *  `derive_recipient_id_b64url`. REQUIRED — the program reconstructs this
+     *  line, so omitting it makes the claim mismatch. */
+    recipient: Uint8Array;
     /** 32-byte anti-replay nonce — read from the EscrowToken account. */
     nonce: Uint8Array;
 }
@@ -81,8 +96,9 @@ export interface CanonicalMessageV2Input {
  *
  * Format:
  * ```text
- * ar.io escrow claim v2
+ * ar.io escrow claim
  * network: <network>
+ * recipient: <base64url(sha256(recipient_pubkey)) — 43 chars, no pad>
  * type: <token|vault>
  * asset: <asset_id_hex_lowercase_64chars>
  * amount: <u64_decimal>
@@ -93,5 +109,13 @@ export interface CanonicalMessageV2Input {
  * @throws if `assetId` or `nonce` aren't exactly 32 bytes.
  */
 export declare function canonicalMessageV2(input: CanonicalMessageV2Input): Uint8Array;
+/**
+ * Recipient identity bound into the claim message — `base64url(sha256(bytes))`
+ * with no padding (32-byte hash → 43 chars). Byte-identical to the contract's
+ * `canonical.rs::derive_recipient_id_b64url`. Input is the recipient pubkey
+ * bytes the deposit targeted (ETH 20-byte address / Solana 32-byte pubkey /
+ * Arweave RSA modulus, etc.).
+ */
+export declare function deriveRecipientId(recipient: Uint8Array): string;
 /** Lowercase-hex encoding. Matches Rust `encode_hex_lowercase`. */
 export declare function bytesToHexLower(bytes: Uint8Array): string;

package/lib/types/solana/index.d.ts

@@ -68,7 +68,7 @@ export type { SolanaANTRegistryWriteableConfig } from './ant-registry-writeable.
 export type { AclMaintenanceOp, AclMaintenanceRole, } from '../types/ant-registry.js';
 export { ANTEscrow, TokenEscrow, assertVaultClaimable, isVaultClaimable, CLOCK_SKEW_TOLERANCE_SECONDS, } from './escrow.js';
 export type { ANTEscrowConfig, EscrowAntState, EscrowAssetType, EscrowProtocol, EscrowTokenState, } from './escrow.js';
-export { canonicalMessage, canonicalMessageV2, bytesToHexLower, } from './canonical-message.js';
+export { canonicalMessage, canonicalMessageV2, deriveRecipientId, bytesToHexLower, } from './canonical-message.js';
 export type { CanonicalMessageInput, CanonicalMessageV2Input, EscrowNetwork, } from './canonical-message.js';
 export { spawnSolanaANT, ARIO_LOGO_TX_ID, DEFAULT_ANT_TRANSACTION_ID, } from './spawn-ant.js';
 export type { SpawnSolanaANTParams, SpawnSolanaANTResult, SpawnSolanaANTState, } from './spawn-ant.js';

package/lib/types/version.d.ts

@@ -13,4 +13,4 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-export declare const version = "4.0.0-solana.34";
+export declare const version = "4.0.0-solana.35";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ar.io/sdk",
-  "version": "4.0.0-solana.35",
+  "version": "4.0.0-solana.36",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/ar-io/ar-io-sdk.git"
@@ -115,6 +115,7 @@
   },
   "dependencies": {
     "@ar.io/solana-contracts": "0.7.0-staging.17",
+    "@noble/hashes": "^1.8.0",
     "@solana-program/address-lookup-table": "^0.11.0",
     "@solana-program/compute-budget": "^0.15.0",
     "@solana-program/token": "^0.13.0",