@arcium-hq/client 0.8.4 → 0.9.0

package/build/index.cjs

@@ -34,9 +34,9 @@ var anchor__namespace = /*#__PURE__*/_interopNamespaceDefault(anchor);
  */
 const CURVE25519_SCALAR_FIELD_MODULUS = ed25519.ed25519.CURVE.n;
 /**
- * Generates a random value within the field bound by q.
- * @param q - The upper bound (exclusive) for the random value.
- * @returns A random bigint value between 0 and q-1.
+ * Generate a random value within the field bound by q.
+ * @param q - Upper bound (exclusive) for the random value.
+ * @returns Random bigint value between 0 and q-1.
  */
 function generateRandomFieldElem(q) {
     const byteLength = (q.toString(2).length + 7) >> 3;
@@ -48,19 +48,19 @@ function generateRandomFieldElem(q) {
     return r;
 }
 /**
- * Computes the positive modulo of a over m.
- * @param a - The dividend.
- * @param m - The modulus.
- * @returns The positive remainder of a mod m.
+ * Compute the positive modulo of a over m.
+ * @param a - Dividend.
+ * @param m - Modulus.
+ * @returns Positive remainder of a mod m.
  */
 function positiveModulo(a, m) {
     return ((a % m) + m) % m;
 }
 /**
- * Serializes a bigint to a little-endian Uint8Array of the specified length.
- * @param val - The bigint value to serialize.
- * @param lengthInBytes - The desired length of the output array.
- * @returns The serialized value as a Uint8Array.
+ * Serialize a bigint to a little-endian Uint8Array of the specified length.
+ * @param val - Bigint value to serialize.
+ * @param lengthInBytes - Desired length of the output array.
+ * @returns Serialized value as a Uint8Array.
  * @throws Error if the value is too large for the specified length.
  */
 function serializeLE(val, lengthInBytes) {
@@ -76,9 +76,9 @@ function serializeLE(val, lengthInBytes) {
     return result;
 }
 /**
- * Deserializes a little-endian Uint8Array to a bigint.
- * @param bytes - The Uint8Array to deserialize.
- * @returns The deserialized bigint value.
+ * Deserialize a little-endian Uint8Array to a bigint.
+ * @param bytes - Uint8Array to deserialize.
+ * @returns Deserialized bigint value.
  */
 function deserializeLE(bytes) {
     let result = BigInt(0);
@@ -89,9 +89,9 @@ function deserializeLE(bytes) {
 }
 // GENERAL
 /**
- * Computes the SHA-256 hash of an array of Uint8Arrays.
- * @param byteArrays - The arrays to hash.
- * @returns The SHA-256 hash as a Buffer.
+ * Compute the SHA-256 hash of an array of Uint8Arrays.
+ * @param byteArrays - Arrays to hash.
+ * @returns SHA-256 hash as a Buffer.
  */
 function sha256(byteArrays) {
     const hash = crypto.createHash('sha256');
@@ -102,10 +102,10 @@ function sha256(byteArrays) {
 }
 
 /**
- * Converts a bigint to an array of bits (least significant to most significant, in 2's complement representation).
- * @param x - The bigint to convert.
- * @param binSize - The number of bits to use in the representation.
- * @returns An array of booleans representing the bits of x.
+ * Convert a bigint to an array of bits (least significant to most significant, in 2's complement representation).
+ * @param x - Bigint to convert.
+ * @param binSize - Number of bits to use in the representation.
+ * @returns Array of booleans representing the bits of x.
  */
 function toBinLE(x, binSize) {
     const res = [];
@@ -115,9 +115,9 @@ function toBinLE(x, binSize) {
     return res;
 }
 /**
- * Converts an array of bits (least significant to most significant, in 2's complement representation) to a bigint.
- * @param xBin - The array of bits to convert.
- * @returns The bigint represented by the bit array.
+ * Convert an array of bits (least significant to most significant, in 2's complement representation) to a bigint.
+ * @param xBin - Array of bits to convert.
+ * @returns Bigint represented by the bit array.
  */
 function fromBinLE(xBin) {
     let res = 0n;
@@ -128,11 +128,11 @@ function fromBinLE(xBin) {
 }
 /**
  * Binary adder between x and y (assumes xBin and yBin are of the same length and large enough to represent the sum).
- * @param xBin - The first operand as a bit array.
- * @param yBin - The second operand as a bit array.
- * @param carryIn - The initial carry-in value.
- * @param binSize - The number of bits to use in the operation.
- * @returns The sum as a bit array.
+ * @param xBin - First operand as a bit array.
+ * @param yBin - Second operand as a bit array.
+ * @param carryIn - Initial carry-in value.
+ * @param binSize - Number of bits to use in the operation.
+ * @returns Sum as a bit array.
  */
 function adder(xBin, yBin, carryIn, binSize) {
     const res = [];
@@ -150,10 +150,10 @@ function adder(xBin, yBin, carryIn, binSize) {
 }
 /**
  * Constant-time addition of two bigints, using 2's complement representation.
- * @param x - The first operand.
- * @param y - The second operand.
- * @param binSize - The number of bits to use in the operation.
- * @returns The sum as a bigint.
+ * @param x - First operand.
+ * @param y - Second operand.
+ * @param binSize - Number of bits to use in the operation.
+ * @returns Sum as a bigint.
  */
 function ctAdd(x, y, binSize) {
     const resBin = adder(toBinLE(x, binSize), toBinLE(y, binSize), false, binSize);
@@ -161,10 +161,10 @@ function ctAdd(x, y, binSize) {
 }
 /**
  * Constant-time subtraction of two bigints, using 2's complement representation.
- * @param x - The first operand.
- * @param y - The second operand.
- * @param binSize - The number of bits to use in the operation.
- * @returns The difference as a bigint.
+ * @param x - First operand.
+ * @param y - Second operand.
+ * @param binSize - Number of bits to use in the operation.
+ * @returns Difference as a bigint.
  */
 function ctSub(x, y, binSize) {
     const yBin = toBinLE(y, binSize);
@@ -176,9 +176,9 @@ function ctSub(x, y, binSize) {
     return fromBinLE(resBin);
 }
 /**
- * Returns the sign bit of a bigint in constant time.
- * @param x - The bigint to check.
- * @param binSize - The bit position to check (typically the highest bit).
+ * Return the sign bit of a bigint in constant time.
+ * @param x - Bigint to check.
+ * @param binSize - Bit position to check (typically the highest bit).
  * @returns True if the sign bit is set, false otherwise.
  */
 function ctSignBit(x, binSize) {
@@ -186,9 +186,9 @@ function ctSignBit(x, binSize) {
 }
 /**
  * Constant-time less-than comparison for two bigints.
- * @param x - The first operand.
- * @param y - The second operand.
- * @param binSize - The number of bits to use in the operation.
+ * @param x - First operand.
+ * @param y - Second operand.
+ * @param binSize - Number of bits to use in the operation.
  * @returns True if x < y, false otherwise.
  */
 function ctLt(x, y, binSize) {
@@ -196,21 +196,21 @@ function ctLt(x, y, binSize) {
 }
 /**
  * Constant-time select between two bigints based on a boolean condition.
- * @param b - The condition; if true, select x, otherwise select y.
- * @param x - The value to select if b is true.
- * @param y - The value to select if b is false.
- * @param binSize - The number of bits to use in the operation.
- * @returns The selected bigint.
+ * @param b - Condition; if true, select x, otherwise select y.
+ * @param x - Value to select if b is true.
+ * @param y - Value to select if b is false.
+ * @param binSize - Number of bits to use in the operation.
+ * @returns Selected bigint.
  */
 function ctSelect(b, x, y, binSize) {
     return ctAdd(y, BigInt(b) * (ctSub(x, y, binSize)), binSize);
 }
 /**
- * Checks if a bigint fits in the range -2^binSize <= x < 2^binSize.
+ * Check if a bigint fits in the range -2^binSize <= x < 2^binSize.
  * Not constant-time for arbitrary x, but is constant-time for all inputs for which the function returns true.
  * If you assert your inputs satisfy verifyBinSize(x, binSize), you need not care about the non constant-timeness of this function.
- * @param x - The bigint to check.
- * @param binSize - The number of bits to use in the check.
+ * @param x - Bigint to check.
+ * @param binSize - Number of bits to use in the check.
  * @returns True if x fits in the range, false otherwise.
  */
 function verifyBinSize(x, binSize) {
@@ -219,8 +219,8 @@ function verifyBinSize(x, binSize) {
 }
 
 /**
- * Checks if code is running in a browser environment.
- * @returns true if window object exists, false otherwise
+ * Check if code is running in a browser environment.
+ * @returns true if window object exists, false otherwise.
  */
 function isBrowser() {
     return (
@@ -229,8 +229,8 @@ function isBrowser() {
 }
 /**
  * Conditionally logs a message if logging is enabled.
- * @param log - Whether to output the log
- * @param args - Arguments to pass to console.log
+ * @param log - Whether to output the log.
+ * @param args - Arguments to pass to console.log.
  */
 function optionalLog(log, ...args) {
     if (log) {
@@ -239,10 +239,10 @@ function optionalLog(log, ...args) {
     }
 }
 /**
- * Calculates the minimum number of bits needed to represent a value.
+ * Calculate the minimum number of bits needed to represent a value.
  * Formula: floor(log2(max)) + 1 for unsigned, +1 for signed, +1 for diff of two negatives.
- * @param max - The bigint value to measure
- * @returns Number of bits required
+ * @param max - Bigint value to measure.
+ * @returns Number of bits required.
  */
 function getBinSize(max) {
     // floor(log2(max)) + 1 to represent unsigned elements, a +1 for signed elements
@@ -254,11 +254,11 @@ function getBinSize(max) {
  */
 const DOUBLE_PRECISION_MANTISSA = 52;
 /**
- * Encodes a value as a bigint suitable for Rescue encryption, handling booleans, bigints, and numbers.
+ * Encode a value as a bigint suitable for Rescue encryption, handling booleans, bigints, and numbers.
  * The encoding is performed in constant-time to avoid leaking information through timing side-channels.
  * Throws if the value is out of the supported range for the field.
- * @param v - The value to encode (bigint, number, or boolean).
- * @returns The encoded value as a bigint.
+ * @param v - Value to encode (bigint, number, or boolean).
+ * @returns Encoded value as a bigint.
  */
 function encodeAsRescueEncryptable(v) {
     if (typeof v === 'boolean') {
@@ -282,10 +282,10 @@ function encodeAsRescueEncryptable(v) {
     throw new Error('Invalid type to convert from number to bigint');
 }
 /**
- * Decodes a Rescue-decrypted value back to a signed bigint.
- * Handles the conversion from field element representation to signed integer.
- * @param v - The decrypted field element value
- * @returns The decoded signed bigint value
+ * Decode a Rescue-decrypted value back to a signed bigint.
+ * Handle the conversion from field element representation to signed integer.
+ * @param v - Decrypted field element value.
+ * @returns Decoded signed bigint value.
  */
 function decodeRescueDecryptedToBigInt(v) {
     const twoInv = (CURVE25519_BASE_FIELD.ORDER + 1n) / 2n;
@@ -294,19 +294,19 @@ function decodeRescueDecryptedToBigInt(v) {
     return ctSelect(isLtTwoInv, v, ctSub(v, CURVE25519_BASE_FIELD.ORDER, binSize), binSize);
 }
 /**
- * Decodes a Rescue-decrypted value back to a JavaScript number.
- * Converts from field element representation to a floating-point number.
- * @param v - The decrypted field element value
- * @returns The decoded number value
+ * Decode a Rescue-decrypted value back to a JavaScript number.
+ * Convert from field element representation to a floating-point number.
+ * @param v - Decrypted field element value.
+ * @returns Decoded number value.
  */
 function decodeRescueDecryptedToNumber(v) {
     const vSigned = decodeRescueDecryptedToBigInt(v);
     return Number(vSigned) * 2 ** -DOUBLE_PRECISION_MANTISSA;
 }
 /**
- * Checks if a computation reference is null (all zeros).
- * @param ref - The computation reference to check
- * @returns true if the reference is null, false otherwise
+ * Check if a computation reference is null (all zeros).
+ * @param ref - Computation reference to check.
+ * @returns true if the reference is null, false otherwise.
  */
 function isNullRef(ref) {
     const bigZero = new anchor__namespace.BN(0);
@@ -315,7 +315,9 @@ function isNullRef(ref) {
 }
 
 /**
- * Matrix class over FpField. Data is row-major.
+ * Matrix operations for MPC field arithmetic.
+ * Used internally by Rescue cipher. Not part of public API.
+ * @internal
  */
 class Matrix {
     field;
@@ -433,8 +435,8 @@ class Matrix {
         return new Matrix(this.field, data);
     }
     /**
-     * computs the determinant using gaus elimination
-     * matches the determinant implementation in arcis
+     * Compute the determinant using Gauss elimination.
+     * Match the determinant implementation in Arcis.
      */
     det() {
         // Ensure the matrix is square
@@ -484,6 +486,10 @@ class Matrix {
         return true;
     }
 }
+/**
+ * Generate random matrix for testing.
+ * @internal
+ */
 function randMatrix(field, nrows, ncols) {
     const data = [];
     for (let i = 0; i < nrows; ++i) {
@@ -529,10 +535,10 @@ class RescueDesc {
     // The round keys, needed for encryption and decryption.
     roundKeys;
     /**
-     * Constructs a RescueDesc for a given field and mode (cipher or hash).
-     * Initializes round constants, MDS matrix, and key schedule.
-     * @param field - The field to use (e.g., CURVE25519_BASE_FIELD).
-     * @param mode - The mode: block cipher or hash function.
+     * Construct a RescueDesc for a given field and mode (cipher or hash).
+     * Initialize round constants, MDS matrix, and key schedule.
+     * @param field - Field to use (e.g., CURVE25519_BASE_FIELD).
+     * @param mode - Mode: block cipher or hash function.
      */
     constructor(field, mode) {
         this.field = field;
@@ -580,9 +586,9 @@ class RescueDesc {
         }
     }
     /**
-     * Samples round constants for the Rescue permutation, using SHAKE256.
-     * @param nRounds - The number of rounds.
-     * @returns An array of round constant matrices.
+     * Sample round constants for the Rescue permutation, using SHAKE256.
+     * @param nRounds - Number of rounds.
+     * @returns Array of round constant matrices.
      */
     sampleConstants(nRounds) {
         const field = this.field;
@@ -658,28 +664,28 @@ class RescueDesc {
         }
     }
     /**
-     * Applies the Rescue permutation to a state matrix.
-     * @param state - The input state matrix.
-     * @returns The permuted state matrix.
+     * Apply the Rescue permutation to a state matrix.
+     * @param state - Input state matrix.
+     * @returns Permuted state matrix.
      */
     permute(state) {
         return rescuePermutation(this.mode, this.alpha, this.alphaInverse, this.mdsMat, this.roundKeys, state)[2 * this.nRounds];
     }
     /**
-     * Applies the inverse Rescue permutation to a state matrix.
-     * @param state - The input state matrix.
-     * @returns The inverse-permuted state matrix.
+     * Apply the inverse Rescue permutation to a state matrix.
+     * @param state - Input state matrix.
+     * @returns Inverse-permuted state matrix.
      */
     permuteInverse(state) {
         return rescuePermutationInverse(this.mode, this.alpha, this.alphaInverse, this.mdsMatInverse, this.roundKeys, state)[2 * this.nRounds];
     }
 }
 /**
- * Finds the smallest prime alpha that does not divide p-1, and computes its inverse modulo p-1.
+ * Find the smallest prime alpha that does not divide p-1, and compute its inverse modulo p-1.
  * The alpha parameter is used in the Rescue permutation for exponentiation operations.
- * @param p - The field modulus (prime number)
- * @returns A tuple [alpha, alphaInverse] where alpha is the prime and alphaInverse is its modular inverse
- * @throws Error if no suitable prime alpha is found
+ * @param p - Field modulus (prime number).
+ * @returns Tuple [alpha, alphaInverse] where alpha is the prime and alphaInverse is its modular inverse.
+ * @throws Error if no suitable prime alpha is found.
  */
 function getAlphaAndInverse(p) {
     const pMinusOne = p - 1n;
@@ -697,14 +703,14 @@ function getAlphaAndInverse(p) {
     return [alpha, alphaInverse];
 }
 /**
- * Calculates the number of rounds required for the Rescue permutation based on security analysis.
+ * Calculate the number of rounds required for the Rescue permutation based on security analysis.
  * The number of rounds is determined by analyzing resistance to differential and algebraic attacks.
  * See: https://tosc.iacr.org/index.php/ToSC/article/view/8695/8287 for the security analysis.
- * @param p - The field modulus
- * @param mode - The Rescue mode (cipher or hash)
- * @param alpha - The prime alpha parameter
- * @param m - The state size (block size for cipher, total size for hash)
- * @returns The number of rounds (will be doubled for the full permutation)
+ * @param p - Field modulus.
+ * @param mode - Rescue mode (cipher or hash).
+ * @param alpha - Prime alpha parameter.
+ * @param m - State size (block size for cipher, total size for hash).
+ * @returns Number of rounds (will be doubled for the full permutation).
  */
 function getNRounds(p, mode, alpha, m) {
     function dcon(n) {
@@ -751,12 +757,12 @@ function getNRounds(p, mode, alpha, m) {
     }
 }
 /**
- * Builds a Cauchy matrix for use as an MDS (Maximum Distance Separable) matrix.
+ * Build a Cauchy matrix for use as an MDS (Maximum Distance Separable) matrix.
  * A Cauchy matrix is guaranteed to be invertible and provides optimal diffusion properties.
  * The matrix is constructed using the formula: M[i][j] = 1/(i + j) for i, j in [1, size].
- * @param field - The finite field over which to construct the matrix
- * @param size - The size of the square matrix
- * @returns A Cauchy matrix of the specified size
+ * @param field - Finite field over which to construct the matrix.
+ * @param size - Size of the square matrix.
+ * @returns Cauchy matrix of the specified size.
  */
 function buildCauchy(field, size) {
     const data = [];
@@ -770,11 +776,11 @@ function buildCauchy(field, size) {
     return new Matrix(field, data);
 }
 /**
- * Builds the inverse of a Cauchy matrix for use as the inverse MDS matrix.
+ * Build the inverse of a Cauchy matrix for use as the inverse MDS matrix.
  * The inverse is computed using a closed-form formula for Cauchy matrix inversion.
- * @param field - The finite field over which to construct the matrix
- * @param size - The size of the square matrix
- * @returns The inverse of the Cauchy matrix
+ * @param field - Finite field over which to construct the matrix.
+ * @param size - Size of the square matrix.
+ * @returns Inverse of the Cauchy matrix.
  */
 function buildInverseCauchy(field, size) {
     function product(arr) {
@@ -831,16 +837,16 @@ function exponentForOdd(mode, alpha, alphaInverse) {
 }
 /**
  * Core Rescue permutation function implementing the cryptographic primitive.
- * Applies alternating rounds of exponentiation and MDS matrix multiplication with round keys.
+ * Apply alternating rounds of exponentiation and MDS matrix multiplication with round keys.
  * The permutation alternates between using alpha and alphaInverse as exponents based on round parity.
  * This is the fundamental building block for both Rescue cipher and Rescue-Prime hash.
- * @param mode - The Rescue mode (cipher or hash) determining exponent selection
- * @param alpha - The prime exponent for even rounds
- * @param alphaInverse - The inverse exponent for odd rounds
- * @param mdsMat - The Maximum Distance Separable matrix for diffusion
- * @param subkeys - Array of round key matrices
- * @param state - The initial state matrix to permute
- * @returns Array of all intermediate states during the permutation
+ * @param mode - Rescue mode (cipher or hash) determining exponent selection.
+ * @param alpha - Prime exponent for even rounds.
+ * @param alphaInverse - Inverse exponent for odd rounds.
+ * @param mdsMat - Maximum Distance Separable matrix for diffusion.
+ * @param subkeys - Array of round key matrices.
+ * @param state - Initial state matrix to permute.
+ * @returns Array of all intermediate states during the permutation.
  */
 function rescuePermutation(mode, alpha, alphaInverse, mdsMat, subkeys, state) {
     const exponentEven = exponentForEven(mode, alpha, alphaInverse);
@@ -897,7 +903,7 @@ class RescuePrimeHash {
     rate;
     digestLength;
     /**
-     * Constructs a RescuePrimeHash instance with rate = 7 and capacity = 5.
+     * Construct a RescuePrimeHash instance with rate = 7 and capacity = 5.
      */
     constructor(field) {
         this.desc = new RescueDesc(field, { kind: 'hash', m: 12, capacity: 5 });
@@ -911,9 +917,9 @@ class RescuePrimeHash {
     // The security level is thus of the order of 256 bits for any field of size at least 102 bits.
     // The rate and capacity are chosen to achieve minimal number of rounds 8.
     /**
-     * Computes the Rescue-Prime hash of a message, with padding as described in Algorithm 2 of the paper.
-     * @param message - The input message as an array of bigints.
-     * @returns The hash output as an array of bigints (length = digestLength).
+     * Compute the Rescue-Prime hash of a message, with padding as described in Algorithm 2 of the paper.
+     * @param message - Input message as an array of bigints.
+     * @returns Hash output as an array of bigints (length = digestLength).
      */
     digest(message) {
         // Create a copy and pad message to avoid mutating input parameter
@@ -957,9 +963,9 @@ const RESCUE_CIPHER_BLOCK_SIZE = 5;
 class RescueCipherCommon {
     desc;
     /**
-     * Constructs a RescueCipherCommon instance using a shared secret.
+     * Construct a RescueCipherCommon instance using a shared secret.
      * The key is derived using RescuePrimeHash and used to initialize the RescueDesc.
-     * @param sharedSecret - The shared secret to derive the cipher key from.
+     * @param sharedSecret - Shared secret to derive the cipher key from.
      */
     constructor(sharedSecret, field) {
         if (sharedSecret.length != 32) {
@@ -993,10 +999,10 @@ class RescueCipherCommon {
         this.desc = new RescueDesc(field, { kind: 'cipher', key: rescueKey });
     }
     /**
-     * Encrypts the plaintext vector in Counter (CTR) mode (raw, returns bigints).
-     * @param plaintext - The array of plaintext bigints to encrypt.
-     * @param nonce - A 16-byte nonce for CTR mode.
-     * @returns The ciphertext as an array of bigints.
+     * Encrypt the plaintext vector in Counter (CTR) mode (raw, returns bigints).
+     * @param plaintext - Array of plaintext bigints to encrypt.
+     * @param nonce - 16-byte nonce for CTR mode.
+     * @returns Ciphertext as an array of bigints.
      * @throws Error if the nonce is not 16 bytes long.
      */
     encrypt_raw(plaintext, nonce) {
@@ -1032,19 +1038,19 @@ class RescueCipherCommon {
         return ciphertext;
     }
     /**
-     * Encrypts the plaintext vector in Counter (CTR) mode and serializes each block.
-     * @param plaintext - The array of plaintext bigints to encrypt.
-     * @param nonce - A 16-byte nonce for CTR mode.
-     * @returns The ciphertext as an array of arrays of numbers (each 32 bytes).
+     * Encrypt the plaintext vector in Counter (CTR) mode and serialize each block.
+     * @param plaintext - Array of plaintext bigints to encrypt.
+     * @param nonce - 16-byte nonce for CTR mode.
+     * @returns Ciphertext as an array of arrays of numbers (each 32 bytes).
      */
     encrypt(plaintext, nonce) {
         return this.encrypt_raw(plaintext, nonce).map((c) => Array.from(serializeLE(c, 32)));
     }
     /**
-     * Decrypts the ciphertext vector in Counter (CTR) mode (raw, expects bigints).
-     * @param ciphertext - The array of ciphertext bigints to decrypt.
-     * @param nonce - A 16-byte nonce for CTR mode.
-     * @returns The decrypted plaintext as an array of bigints.
+     * Decrypt the ciphertext vector in Counter (CTR) mode (raw, expects bigints).
+     * @param ciphertext - Array of ciphertext bigints to decrypt.
+     * @param nonce - 16-byte nonce for CTR mode.
+     * @returns Decrypted plaintext as an array of bigints.
      * @throws Error if the nonce is not 16 bytes long.
      */
     decrypt_raw(ciphertext, nonce) {
@@ -1077,10 +1083,10 @@ class RescueCipherCommon {
         return decrypted;
     }
     /**
-     * Deserializes and decrypts the ciphertext vector in Counter (CTR) mode.
-     * @param ciphertext - The array of arrays of numbers (each 32 bytes) to decrypt.
-     * @param nonce - A 16-byte nonce for CTR mode.
-     * @returns The decrypted plaintext as an array of bigints.
+     * Deserialize and decrypt the ciphertext vector in Counter (CTR) mode.
+     * @param ciphertext - Array of arrays of numbers (each 32 bytes) to decrypt.
+     * @param nonce - 16-byte nonce for CTR mode.
+     * @returns Decrypted plaintext as an array of bigints.
      */
     decrypt(ciphertext, nonce) {
         return this.decrypt_raw(ciphertext.map((c) => {
@@ -1092,10 +1098,10 @@ class RescueCipherCommon {
     }
 }
 /**
- * Generates the counter values for Rescue cipher CTR mode.
- * @param nonce - The initial nonce as a bigint.
- * @param nBlocks - The number of blocks to generate counters for.
- * @returns An array of counter values as bigints.
+ * Generate the counter values for Rescue cipher CTR mode.
+ * @param nonce - Initial nonce as a bigint.
+ * @param nBlocks - Number of blocks to generate counters for.
+ * @returns Array of counter values as bigints.
  */
 function getCounter(nonce, nBlocks) {
     const counter = [];
@@ -1117,27 +1123,27 @@ function getCounter(nonce, nBlocks) {
 class RescueCipher {
     cipher;
     /**
-     * Constructs a RescueCipher instance using a shared secret.
+     * Construct a RescueCipher instance using a shared secret.
      * The key is derived using RescuePrimeHash and used to initialize the RescueDesc.
-     * @param sharedSecret - The shared secret to derive the cipher key from.
+     * @param sharedSecret - Shared secret to derive the cipher key from.
      */
     constructor(sharedSecret) {
         this.cipher = new RescueCipherCommon(sharedSecret, CURVE25519_BASE_FIELD);
     }
     /**
-     * Encrypts the plaintext vector in Counter (CTR) mode and serializes each block.
-     * @param plaintext - The array of plaintext bigints to encrypt.
-     * @param nonce - A 16-byte nonce for CTR mode.
-     * @returns The ciphertext as an array of arrays of numbers (each 32 bytes).
+     * Encrypt the plaintext vector in Counter (CTR) mode and serialize each block.
+     * @param plaintext - Array of plaintext bigints to encrypt.
+     * @param nonce - 16-byte nonce for CTR mode.
+     * @returns Ciphertext as an array of arrays of numbers (each 32 bytes).
      */
     encrypt(plaintext, nonce) {
         return this.cipher.encrypt(plaintext, nonce);
     }
     /**
-     * Deserializes and decrypts the ciphertext vector in Counter (CTR) mode.
-     * @param ciphertext - The array of arrays of numbers (each 32 bytes) to decrypt.
-     * @param nonce - A 16-byte nonce for CTR mode.
-     * @returns The decrypted plaintext as an array of bigints.
+     * Deserialize and decrypt the ciphertext vector in Counter (CTR) mode.
+     * @param ciphertext - Array of arrays of numbers (each 32 bytes) to decrypt.
+     * @param nonce - 16-byte nonce for CTR mode.
+     * @returns Decrypted plaintext as an array of bigints.
      */
     decrypt(ciphertext, nonce) {
         return this.cipher.decrypt(ciphertext, nonce);
@@ -1151,27 +1157,27 @@ class RescueCipher {
 class CSplRescueCipher {
     cipher;
     /**
-     * Constructs a RescueCipher instance using a shared secret.
+     * Construct a CSplRescueCipher instance using a shared secret.
      * The key is derived using RescuePrimeHash and used to initialize the RescueDesc.
-     * @param sharedSecret - The shared secret to derive the cipher key from.
+     * @param sharedSecret - Shared secret to derive the cipher key from.
      */
     constructor(sharedSecret) {
         this.cipher = new RescueCipherCommon(sharedSecret, CURVE25519_SCALAR_FIELD);
     }
     /**
-     * Encrypts the plaintext vector in Counter (CTR) mode and serializes each block.
-     * @param plaintext - The array of plaintext bigints to encrypt.
-     * @param nonce - A 16-byte nonce for CTR mode.
-     * @returns The ciphertext as an array of arrays of numbers (each 32 bytes).
+     * Encrypt the plaintext vector in Counter (CTR) mode and serialize each block.
+     * @param plaintext - Array of plaintext bigints to encrypt.
+     * @param nonce - 16-byte nonce for CTR mode.
+     * @returns Ciphertext as an array of arrays of numbers (each 32 bytes).
      */
     encrypt(plaintext, nonce) {
         return this.cipher.encrypt(plaintext, nonce);
     }
     /**
-     * Deserializes and decrypts the ciphertext vector in Counter (CTR) mode.
-     * @param ciphertext - The array of arrays of numbers (each 32 bytes) to decrypt.
-     * @param nonce - A 16-byte nonce for CTR mode.
-     * @returns The decrypted plaintext as an array of bigints.
+     * Deserialize and decrypt the ciphertext vector in Counter (CTR) mode.
+     * @param ciphertext - Array of arrays of numbers (each 32 bytes) to decrypt.
+     * @param nonce - 16-byte nonce for CTR mode.
+     * @returns Decrypted plaintext as an array of bigints.
      */
     decrypt(ciphertext, nonce) {
         return this.cipher.decrypt(ciphertext, nonce);
@@ -1225,10 +1231,10 @@ function ed25519_pow_2_252_3(x) {
 // Fp.sqrt(Fp.neg(1))
 const ED25519_SQRT_M1 = /* @__PURE__ */ BigInt('19681161376707505956807079304988542015446066515923890162744021073123829784752');
 /**
- * Clamps a 32-byte scalar as required by the Ed25519 signature scheme.
+ * Clamp a 32-byte scalar as required by the Ed25519 signature scheme.
  * See: https://datatracker.ietf.org/doc/html/rfc8032#section-5.1.5
- * @param bytes - The 32-byte scalar to clamp.
- * @returns The clamped scalar as a Uint8Array.
+ * @param bytes - 32-byte scalar to clamp.
+ * @returns Clamped scalar as a Uint8Array.
  */
 function adjustScalarBytes(bytes) {
     const clamped = bytes;
@@ -1239,7 +1245,7 @@ function adjustScalarBytes(bytes) {
 }
 /**
  * Helper function for decompression, calculating √(u/v).
- * @returns An object with isValid and value.
+ * @returns Object with isValid and value.
  */
 function uvRatio(u, v) {
     const P = ed25519.ed25519.CURVE.Fp.ORDER;
@@ -1275,10 +1281,10 @@ class AesCtrCipher {
     key;
     keyBits;
     /**
-     * Constructs an AES cipher instance using a shared secret.
+     * Construct an AES cipher instance using a shared secret.
      * The key is derived using SHA3-256.
-     * @param sharedSecret - The shared secret to derive the AES key from.
-     * @param keyBits - The AES key size in bits (128, 192, or 256).
+     * @param sharedSecret - Shared secret to derive the AES key from.
+     * @param keyBits - AES key size in bits (128, 192, or 256).
      */
     constructor(sharedSecret, keyBits) {
         this.keyBits = keyBits;
@@ -1303,10 +1309,10 @@ class AesCtrCipher {
         this.key = new Uint8Array(hasher.digest()).slice(0, KEY_BYTES[keyBits]);
     }
     /**
-     * Encrypts the plaintext array in Counter (CTR) mode.
-     * @param plaintext - The data to encrypt.
-     * @param nonce - An 8-byte nonce for CTR mode.
-     * @returns The encrypted ciphertext as a Uint8Array.
+     * Encrypt the plaintext array in Counter (CTR) mode.
+     * @param plaintext - Data to encrypt.
+     * @param nonce - 8-byte nonce for CTR mode.
+     * @returns Encrypted ciphertext as a Uint8Array.
      * @throws Error if the nonce is not 8 bytes long.
      */
     encrypt(plaintext, nonce) {
@@ -1319,10 +1325,10 @@ class AesCtrCipher {
         return new Uint8Array(ciphertext);
     }
     /**
-     * Decrypts the ciphertext array in Counter (CTR) mode.
-     * @param ciphertext - The data to decrypt.
-     * @param nonce - An 8-byte nonce for CTR mode.
-     * @returns The decrypted plaintext as a Uint8Array.
+     * Decrypt the ciphertext array in Counter (CTR) mode.
+     * @param ciphertext - Data to decrypt.
+     * @param nonce - 8-byte nonce for CTR mode.
+     * @returns Decrypted plaintext as a Uint8Array.
      * @throws Error if the nonce is not 8 bytes long.
      */
     decrypt(ciphertext, nonce) {
@@ -1342,9 +1348,9 @@ class AesCtrCipher {
  */
 class Aes128Cipher extends AesCtrCipher {
     /**
-     * Constructs an AES-128 cipher instance using a shared secret.
+     * Construct an AES-128 cipher instance using a shared secret.
      * The key is derived using SHA3-256.
-     * @param sharedSecret - The shared secret to derive the AES key from.
+     * @param sharedSecret - Shared secret to derive the AES key from.
      */
     constructor(sharedSecret) {
         super(sharedSecret, 128);
@@ -1357,9 +1363,9 @@ class Aes128Cipher extends AesCtrCipher {
  */
 class Aes192Cipher extends AesCtrCipher {
     /**
-     * Constructs an AES-192 cipher instance using a shared secret.
+     * Construct an AES-192 cipher instance using a shared secret.
      * The key is derived using SHA3-256.
-     * @param sharedSecret - The shared secret to derive the AES key from.
+     * @param sharedSecret - Shared secret to derive the AES key from.
      */
     constructor(sharedSecret) {
         super(sharedSecret, 192);
@@ -1372,18 +1378,26 @@ class Aes192Cipher extends AesCtrCipher {
  */
 class Aes256Cipher extends AesCtrCipher {
     /**
-     * Constructs an AES-256 cipher instance using a shared secret.
+     * Construct an AES-256 cipher instance using a shared secret.
      * The key is derived using SHA3-256.
-     * @param sharedSecret - The shared secret to derive the AES key from.
+     * @param sharedSecret - Shared secret to derive the AES key from.
      */
     constructor(sharedSecret) {
         super(sharedSecret, 256);
     }
 }
 
+/**
+ * Size descriptor for a single field in circuit packing.
+ * A "full" field occupies an entire slot; partial fields are bin-packed together.
+ * @internal
+ */
 class DataSize {
+    /** Whether this field occupies a full slot. */
     isFull;
+    /** Bit width of the field (0 if full). */
     size;
+    /** Original index in the fields array. */
     index;
     constructor(index, size) {
         const isUndefined = size === undefined;
@@ -1403,8 +1417,14 @@ function sortDataSizes(arr) {
         return left.index - right.index;
     });
 }
+/**
+ * Packed location of a field within the slot array.
+ * @internal
+ */
 class PackLocation {
+    /** Slot index in the packed array. */
     index;
+    /** Bit offset within the slot. */
     offset;
     constructor(index, offset) {
         this.index = index;
@@ -1463,6 +1483,12 @@ function packing(maxSize, arr) {
     return [nPacks, res];
 }
 const ARCIS_PACKING_SIZE = 214;
+/**
+ * Pack field sizes into minimum slots using the Arcium packing size (214 bits).
+ * @param arr - Array of field size descriptors.
+ * @returns Tuple of [total slot count, pack location for each input field].
+ * @internal
+ */
 function arcisPacking(arr) {
     return packing(ARCIS_PACKING_SIZE, arr);
 }
@@ -1479,6 +1505,10 @@ var ArcisValueKind;
     ArcisValueKind[ArcisValueKind["Float"] = 3] = "Float";
     ArcisValueKind[ArcisValueKind["Pubkey"] = 4] = "Pubkey";
 })(ArcisValueKind || (ArcisValueKind = {}));
+/**
+ * Integer type metadata. Used internally by packer.
+ * @internal
+ */
 class IntegerInfo {
     signed;
     width;
@@ -1501,6 +1531,10 @@ class IntegerInfo {
         return (this.signed ? "i" : "u") + this.width;
     }
 }
+/**
+ * Runtime field representation. Used internally by packer.
+ * @internal
+ */
 class ArcisValueField {
     name;
     kind;
@@ -1676,6 +1710,10 @@ class ArcisValueField {
         }
     }
 }
+/**
+ * Type container for pack/unpack operations. Used internally by packer.
+ * @internal
+ */
 class ArcisType {
     name;
     fields;
@@ -1720,11 +1758,21 @@ class ArcisType {
     }
 }
 
+/**
+ * Container for circuit type definitions.
+ * Loaded from generated JSON files by build tools -- not typically used directly.
+ * @internal
+ */
 class ArcisModule {
+    /** Map of type name to parsed ArcisType. */
     types;
     constructor(types) {
         this.types = types;
     }
+    /**
+     * Parse module from JSON object (as produced by the Arcium compiler).
+     * @param json - Raw JSON object with type name keys.
+     */
     static fromJson(json) {
         const typedJson = json;
         const res = {};
@@ -1733,6 +1781,10 @@ class ArcisModule {
         }
         return new ArcisModule(res);
     }
+    /**
+     * Load module from a JSON file on disk.
+     * @param path - Absolute or relative path to the JSON file.
+     */
     static loadFromFile(path) {
         const file = fs.readFileSync(path);
         const json = JSON.parse(file.toString());
@@ -1779,10 +1831,33 @@ function groupUnpackedValues(values, fieldNames) {
     return result;
 }
 /**
- * Creates a type-safe packer from field definitions.
- * Use `as const` on the fields array for compile-time field name validation.
- * @param fields - Field definitions from generated code.
- * @param typeName - Type name for debugging.
+ * Create a type-safe packer from field definitions.
+ *
+ * Use `as const` on the fields array to enable compile-time field name validation.
+ *
+ * @param fields - Array of {@link FieldInfo} objects defining each field's name and type.
+ * @param typeName - Optional name for debugging (default: 'Packer').
+ * @returns Packer instance with pack() and unpack() methods.
+ * @throws TypeError if field types don't match expected values during pack/unpack.
+ * @throws RangeError if array index is out of bounds.
+ *
+ * @example
+ * import { createPacker } from '@arcium-hq/client';
+ *
+ * // Define fields matching your circuit's input type
+ * const fields = [
+ *   { name: 'a', type: { Integer: { signed: false, width: 32 } } },
+ *   { name: 'b', type: { Integer: { signed: false, width: 32 } } },
+ * ] as const;
+ *
+ * // Create packer with explicit input/output types
+ * const packer = createPacker<{ a: number; b: number }, { a: bigint; b: bigint }>(fields);
+ *
+ * // Pack values for circuit input
+ * const packed = packer.pack({ a: 10, b: 20 });
+ *
+ * // Unpack circuit output (from decrypted computation result)
+ * const result = packer.unpack(decryptedOutput);
  */
 function createPacker(fields, typeName = 'Packer') {
     const arcisFields = fields.map(f => ArcisValueField.fromFieldInfo(f));
@@ -1809,7 +1884,7 @@ function createPacker(fields, typeName = 'Packer') {
 var address = "Arcj82pX7HxYKLR92qvgZUAd7vGS1k4hQvAFcPATFdEQ";
 var metadata = {
 	name: "arcium",
-	version: "0.8.4",
+	version: "0.9.0",
 	spec: "0.1.0",
 	description: "The Arcium program"
 };
@@ -1939,6 +2014,167 @@ var instructions = [
 			}
 		]
 	},
+	{
+		name: "add_permissioned_recovery_peers",
+		docs: [
+			"Add permissioned recovery peers"
+		],
+		discriminator: [
+			190,
+			177,
+			28,
+			28,
+			204,
+			131,
+			176,
+			251
+		],
+		accounts: [
+			{
+				name: "signer",
+				writable: true,
+				signer: true
+			},
+			{
+				name: "permissioned_recovery_peers_acc",
+				writable: true,
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								80,
+								101,
+								114,
+								109,
+								105,
+								115,
+								115,
+								105,
+								111,
+								110,
+								101,
+								100,
+								82,
+								101,
+								99,
+								111,
+								118,
+								101,
+								114,
+								121,
+								80,
+								101,
+								101,
+								114,
+								115,
+								65,
+								99,
+								99,
+								111,
+								117,
+								110,
+								116
+							]
+						}
+					]
+				}
+			},
+			{
+				name: "program_data",
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								146,
+								111,
+								9,
+								170,
+								109,
+								72,
+								125,
+								226,
+								216,
+								140,
+								55,
+								106,
+								22,
+								29,
+								7,
+								127,
+								176,
+								129,
+								11,
+								19,
+								35,
+								107,
+								124,
+								118,
+								71,
+								160,
+								112,
+								40,
+								3,
+								250,
+								93,
+								137
+							]
+						}
+					],
+					program: {
+						kind: "const",
+						value: [
+							2,
+							168,
+							246,
+							145,
+							78,
+							136,
+							161,
+							176,
+							226,
+							16,
+							21,
+							62,
+							247,
+							99,
+							174,
+							43,
+							0,
+							194,
+							185,
+							61,
+							22,
+							193,
+							36,
+							210,
+							192,
+							83,
+							122,
+							16,
+							4,
+							128,
+							0,
+							0
+						]
+					}
+				}
+			},
+			{
+				name: "system_program",
+				address: "11111111111111111111111111111111"
+			}
+		],
+		args: [
+			{
+				name: "peers",
+				type: {
+					vec: "pubkey"
+				}
+			}
+		]
+	},
 	{
 		name: "bump_epoch_cluster",
 		discriminator: [
@@ -3191,16 +3427,19 @@ var instructions = [
 		]
 	},
 	{
-		name: "deactivate_arx",
+		name: "close_permissioned_recovery_peers_account",
+		docs: [
+			"Close the permissioned recovery peers account"
+		],
 		discriminator: [
-			117,
-			244,
-			137,
-			148,
-			25,
+			55,
+			55,
+			184,
+			150,
+			82,
 			190,
-			175,
-			164
+			205,
+			92
 		],
 		accounts: [
 			{
@@ -3209,42 +3448,38 @@ var instructions = [
 				signer: true
 			},
 			{
-				name: "arx_node_acc",
+				name: "permissioned_recovery_peers_acc",
 				writable: true,
 				pda: {
 					seeds: [
 						{
 							kind: "const",
 							value: [
-								65,
+								80,
+								101,
 								114,
-								120,
-								78,
+								109,
+								105,
+								115,
+								115,
+								105,
 								111,
+								110,
+								101,
 								100,
-								101
-							]
-						},
-						{
-							kind: "arg",
-							path: "_node_offset"
-						}
-					]
-				}
-			},
-			{
-				name: "clock",
-				writable: true,
-				pda: {
-					seeds: [
-						{
-							kind: "const",
-							value: [
-								67,
-								108,
-								111,
+								82,
+								101,
 								99,
-								107,
+								111,
+								118,
+								101,
+								114,
+								121,
+								80,
+								101,
+								101,
+								114,
+								115,
 								65,
 								99,
 								99,
@@ -3258,50 +3493,206 @@ var instructions = [
 				}
 			},
 			{
-				name: "cluster_acc",
-				optional: true,
+				name: "program_data",
 				pda: {
 					seeds: [
 						{
 							kind: "const",
 							value: [
-								67,
-								108,
-								117,
-								115,
-								116,
-								101,
-								114
+								146,
+								111,
+								9,
+								170,
+								109,
+								72,
+								125,
+								226,
+								216,
+								140,
+								55,
+								106,
+								22,
+								29,
+								7,
+								127,
+								176,
+								129,
+								11,
+								19,
+								35,
+								107,
+								124,
+								118,
+								71,
+								160,
+								112,
+								40,
+								3,
+								250,
+								93,
+								137
 							]
-						},
-						{
-							kind: "account",
-							path: "arx_node_acc"
 						}
-					]
-				}
-			}
-		],
-		args: [
-			{
-				name: "node_offset",
-				type: "u32"
-			}
-		]
-	},
-	{
-		name: "deactivate_cluster",
-		discriminator: [
-			13,
-			42,
-			182,
-			159,
-			184,
-			10,
-			212,
-			178
-		],
-		accounts: [
+					],
+					program: {
+						kind: "const",
+						value: [
+							2,
+							168,
+							246,
+							145,
+							78,
+							136,
+							161,
+							176,
+							226,
+							16,
+							21,
+							62,
+							247,
+							99,
+							174,
+							43,
+							0,
+							194,
+							185,
+							61,
+							22,
+							193,
+							36,
+							210,
+							192,
+							83,
+							122,
+							16,
+							4,
+							128,
+							0,
+							0
+						]
+					}
+				}
+			},
+			{
+				name: "system_program",
+				address: "11111111111111111111111111111111"
+			}
+		],
+		args: [
+		]
+	},
+	{
+		name: "deactivate_arx",
+		discriminator: [
+			117,
+			244,
+			137,
+			148,
+			25,
+			190,
+			175,
+			164
+		],
+		accounts: [
+			{
+				name: "signer",
+				writable: true,
+				signer: true
+			},
+			{
+				name: "arx_node_acc",
+				writable: true,
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								65,
+								114,
+								120,
+								78,
+								111,
+								100,
+								101
+							]
+						},
+						{
+							kind: "arg",
+							path: "_node_offset"
+						}
+					]
+				}
+			},
+			{
+				name: "clock",
+				writable: true,
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								67,
+								108,
+								111,
+								99,
+								107,
+								65,
+								99,
+								99,
+								111,
+								117,
+								110,
+								116
+							]
+						}
+					]
+				}
+			},
+			{
+				name: "cluster_acc",
+				optional: true,
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								67,
+								108,
+								117,
+								115,
+								116,
+								101,
+								114
+							]
+						},
+						{
+							kind: "account",
+							path: "arx_node_acc"
+						}
+					]
+				}
+			}
+		],
+		args: [
+			{
+				name: "node_offset",
+				type: "u32"
+			}
+		]
+	},
+	{
+		name: "deactivate_cluster",
+		discriminator: [
+			13,
+			42,
+			182,
+			159,
+			184,
+			10,
+			212,
+			178
+		],
+		accounts: [
 			{
 				name: "authority",
 				writable: true,
@@ -6338,16 +6729,19 @@ var instructions = [
 		]
 	},
 	{
-		name: "init_raw_circuit_acc",
+		name: "init_permissioned_recovery_peers_account",
+		docs: [
+			"Initialize the permissioned recovery peers account"
+		],
 		discriminator: [
-			16,
-			228,
-			193,
-			228,
-			93,
-			231,
-			58,
-			4
+			23,
+			147,
+			149,
+			121,
+			218,
+			173,
+			81,
+			117
 		],
 		accounts: [
 			{
@@ -6356,33 +6750,38 @@ var instructions = [
 				signer: true
 			},
 			{
-				name: "comp_def_acc",
+				name: "permissioned_recovery_peers_acc",
+				writable: true,
 				pda: {
 					seeds: [
 						{
 							kind: "const",
 							value: [
-								67,
-								111,
+								80,
+								101,
+								114,
 								109,
-								112,
-								117,
-								116,
-								97,
-								116,
+								105,
+								115,
+								115,
 								105,
 								111,
 								110,
-								68,
 								101,
-								102,
-								105,
-								110,
-								105,
-								116,
-								105,
+								100,
+								82,
+								101,
+								99,
 								111,
-								110,
+								118,
+								101,
+								114,
+								121,
+								80,
+								101,
+								101,
+								114,
+								115,
 								65,
 								99,
 								99,
@@ -6391,56 +6790,203 @@ var instructions = [
 								110,
 								116
 							]
-						},
-						{
-							kind: "arg",
-							path: "_mxe_program"
-						},
-						{
-							kind: "arg",
-							path: "_comp_offset"
 						}
 					]
 				}
 			},
 			{
-				name: "comp_def_raw",
-				writable: true,
+				name: "program_data",
 				pda: {
 					seeds: [
 						{
 							kind: "const",
 							value: [
-								67,
+								146,
 								111,
+								9,
+								170,
 								109,
+								72,
+								125,
+								226,
+								216,
+								140,
+								55,
+								106,
+								22,
+								29,
+								7,
+								127,
+								176,
+								129,
+								11,
+								19,
+								35,
+								107,
+								124,
+								118,
+								71,
+								160,
 								112,
-								117,
-								116,
-								97,
-								116,
-								105,
-								111,
-								110,
-								68,
-								101,
-								102,
-								105,
-								110,
-								105,
-								116,
-								105,
-								111,
-								110,
-								82,
-								97,
-								119
+								40,
+								3,
+								250,
+								93,
+								137
 							]
-						},
-						{
-							kind: "account",
-							path: "comp_def_acc"
-						},
+						}
+					],
+					program: {
+						kind: "const",
+						value: [
+							2,
+							168,
+							246,
+							145,
+							78,
+							136,
+							161,
+							176,
+							226,
+							16,
+							21,
+							62,
+							247,
+							99,
+							174,
+							43,
+							0,
+							194,
+							185,
+							61,
+							22,
+							193,
+							36,
+							210,
+							192,
+							83,
+							122,
+							16,
+							4,
+							128,
+							0,
+							0
+						]
+					}
+				}
+			},
+			{
+				name: "system_program",
+				address: "11111111111111111111111111111111"
+			}
+		],
+		args: [
+		]
+	},
+	{
+		name: "init_raw_circuit_acc",
+		discriminator: [
+			16,
+			228,
+			193,
+			228,
+			93,
+			231,
+			58,
+			4
+		],
+		accounts: [
+			{
+				name: "signer",
+				writable: true,
+				signer: true
+			},
+			{
+				name: "comp_def_acc",
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								67,
+								111,
+								109,
+								112,
+								117,
+								116,
+								97,
+								116,
+								105,
+								111,
+								110,
+								68,
+								101,
+								102,
+								105,
+								110,
+								105,
+								116,
+								105,
+								111,
+								110,
+								65,
+								99,
+								99,
+								111,
+								117,
+								110,
+								116
+							]
+						},
+						{
+							kind: "arg",
+							path: "_mxe_program"
+						},
+						{
+							kind: "arg",
+							path: "_comp_offset"
+						}
+					]
+				}
+			},
+			{
+				name: "comp_def_raw",
+				writable: true,
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								67,
+								111,
+								109,
+								112,
+								117,
+								116,
+								97,
+								116,
+								105,
+								111,
+								110,
+								68,
+								101,
+								102,
+								105,
+								110,
+								105,
+								116,
+								105,
+								111,
+								110,
+								82,
+								97,
+								119
+							]
+						},
+						{
+							kind: "account",
+							path: "comp_def_acc"
+						},
 						{
 							kind: "arg",
 							path: "_raw_circuit_index"
@@ -6522,6 +7068,50 @@ var instructions = [
 					]
 				}
 			},
+			{
+				name: "permissioned_recovery_peers_acc",
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								80,
+								101,
+								114,
+								109,
+								105,
+								115,
+								115,
+								105,
+								111,
+								110,
+								101,
+								100,
+								82,
+								101,
+								99,
+								111,
+								118,
+								101,
+								114,
+								121,
+								80,
+								101,
+								101,
+								114,
+								115,
+								65,
+								99,
+								99,
+								111,
+								117,
+								110,
+								116
+							]
+						}
+					]
+				}
+			},
 			{
 				name: "system_program",
 				address: "11111111111111111111111111111111"
@@ -6533,7 +7123,7 @@ var instructions = [
 				type: "u32"
 			},
 			{
-				name: "authority",
+				name: "signer",
 				type: "pubkey"
 			},
 			{
@@ -7508,6 +8098,32 @@ var instructions = [
 				writable: true,
 				signer: true
 			},
+			{
+				name: "mxe",
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								77,
+								88,
+								69,
+								65,
+								99,
+								99,
+								111,
+								117,
+								110,
+								116
+							]
+						},
+						{
+							kind: "arg",
+							path: "_mxe_program"
+						}
+					]
+				}
+			},
 			{
 				name: "comp",
 				writable: true,
@@ -7537,8 +8153,9 @@ var instructions = [
 							]
 						},
 						{
-							kind: "arg",
-							path: "_mxe_program"
+							kind: "account",
+							path: "mxe.cluster.ok_or(ArciumError :: ClusterNotSet) ? ",
+							account: "MXEAccount"
 						},
 						{
 							kind: "arg",
@@ -7547,6 +8164,32 @@ var instructions = [
 					]
 				}
 			},
+			{
+				name: "executing_pool",
+				writable: true,
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								69,
+								120,
+								101,
+								99,
+								112,
+								111,
+								111,
+								108
+							]
+						},
+						{
+							kind: "account",
+							path: "mxe.cluster.ok_or(ArciumError :: ClusterNotSet) ? ",
+							account: "MXEAccount"
+						}
+					]
+				}
+			},
 			{
 				name: "pool_account",
 				writable: true,
@@ -7663,26 +8306,225 @@ var instructions = [
 								99,
 								99,
 								111,
-								117,
-								110,
-								116
+								117,
+								110,
+								116
+							]
+						},
+						{
+							kind: "arg",
+							path: "_mxe_program"
+						}
+					]
+				}
+			},
+			{
+				name: "recovery_cluster_acc",
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								82,
+								101,
+								99,
+								111,
+								118,
+								101,
+								114,
+								121,
+								67,
+								108,
+								117,
+								115,
+								116,
+								101,
+								114,
+								65,
+								99,
+								99,
+								111,
+								117,
+								110,
+								116
+							]
+						},
+						{
+							kind: "arg",
+							path: "_mxe_program"
+						}
+					]
+				}
+			},
+			{
+				name: "mxe_program"
+			}
+		],
+		args: [
+			{
+				name: "mxe_program",
+				type: "pubkey"
+			}
+		]
+	},
+	{
+		name: "remove_permissioned_recovery_peers",
+		docs: [
+			"Remove permissioned recovery peers"
+		],
+		discriminator: [
+			246,
+			123,
+			224,
+			196,
+			110,
+			208,
+			85,
+			6
+		],
+		accounts: [
+			{
+				name: "signer",
+				writable: true,
+				signer: true
+			},
+			{
+				name: "permissioned_recovery_peers_acc",
+				writable: true,
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								80,
+								101,
+								114,
+								109,
+								105,
+								115,
+								115,
+								105,
+								111,
+								110,
+								101,
+								100,
+								82,
+								101,
+								99,
+								111,
+								118,
+								101,
+								114,
+								121,
+								80,
+								101,
+								101,
+								114,
+								115,
+								65,
+								99,
+								99,
+								111,
+								117,
+								110,
+								116
+							]
+						}
+					]
+				}
+			},
+			{
+				name: "program_data",
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								146,
+								111,
+								9,
+								170,
+								109,
+								72,
+								125,
+								226,
+								216,
+								140,
+								55,
+								106,
+								22,
+								29,
+								7,
+								127,
+								176,
+								129,
+								11,
+								19,
+								35,
+								107,
+								124,
+								118,
+								71,
+								160,
+								112,
+								40,
+								3,
+								250,
+								93,
+								137
 							]
-						},
-						{
-							kind: "arg",
-							path: "_mxe_program"
 						}
-					]
+					],
+					program: {
+						kind: "const",
+						value: [
+							2,
+							168,
+							246,
+							145,
+							78,
+							136,
+							161,
+							176,
+							226,
+							16,
+							21,
+							62,
+							247,
+							99,
+							174,
+							43,
+							0,
+							194,
+							185,
+							61,
+							22,
+							193,
+							36,
+							210,
+							192,
+							83,
+							122,
+							16,
+							4,
+							128,
+							0,
+							0
+						]
+					}
 				}
 			},
 			{
-				name: "mxe_program"
+				name: "system_program",
+				address: "11111111111111111111111111111111"
 			}
 		],
 		args: [
 			{
-				name: "mxe_program",
-				type: "pubkey"
+				name: "peers",
+				type: {
+					vec: "pubkey"
+				}
 			}
 		]
 	},
@@ -7764,6 +8606,44 @@ var instructions = [
 					]
 				}
 			},
+			{
+				name: "recovery_cluster_acc",
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								82,
+								101,
+								99,
+								111,
+								118,
+								101,
+								114,
+								121,
+								67,
+								108,
+								117,
+								115,
+								116,
+								101,
+								114,
+								65,
+								99,
+								99,
+								111,
+								117,
+								110,
+								116
+							]
+						},
+						{
+							kind: "arg",
+							path: "_original_mxe_program"
+						}
+					]
+				}
+			},
 			{
 				name: "mxe_recovery_account",
 				writable: true,
@@ -8377,6 +9257,7 @@ var instructions = [
 				docs: [
 					"Cluster to set for the MXE."
 				],
+				writable: true,
 				pda: {
 					seeds: [
 						{
@@ -8490,6 +9371,66 @@ var instructions = [
 			}
 		]
 	},
+	{
+		name: "set_cluster_td_info",
+		discriminator: [
+			182,
+			126,
+			92,
+			101,
+			25,
+			252,
+			84,
+			180
+		],
+		accounts: [
+			{
+				name: "authority",
+				writable: true,
+				signer: true
+			},
+			{
+				name: "cluster_acc",
+				writable: true,
+				pda: {
+					seeds: [
+						{
+							kind: "const",
+							value: [
+								67,
+								108,
+								117,
+								115,
+								116,
+								101,
+								114
+							]
+						},
+						{
+							kind: "arg",
+							path: "_id"
+						}
+					]
+				}
+			}
+		],
+		args: [
+			{
+				name: "cluster_id",
+				type: "u32"
+			},
+			{
+				name: "td_info",
+				type: {
+					option: {
+						defined: {
+							name: "NodeMetadata"
+						}
+					}
+				}
+			}
+		]
+	},
 	{
 		name: "set_mxe_keys",
 		discriminator: [
@@ -9590,6 +10531,19 @@ var accounts = [
 			117
 		]
 	},
+	{
+		name: "PermissionedRecoveryPeersAccount",
+		discriminator: [
+			113,
+			236,
+			217,
+			203,
+			251,
+			98,
+			36,
+			240
+		]
+	},
 	{
 		name: "RecoveryClusterAccount",
 		discriminator: [
@@ -10018,6 +10972,11 @@ var errors = [
 		name: "ClusterNotReady",
 		msg: "Cluster is not ready"
 	},
+	{
+		code: 6508,
+		name: "BlsPubkeyNotSet",
+		msg: "Bls pubkey not set"
+	},
 	{
 		code: 6600,
 		name: "SerializationFailed",
@@ -10133,15 +11092,25 @@ var errors = [
 		name: "NoFeesToClaim",
 		msg: "No fees available to claim"
 	},
+	{
+		code: 6623,
+		name: "RecoveryPeerOffsetZero",
+		msg: "Recovery peer offset is zero"
+	},
+	{
+		code: 6624,
+		name: "InvalidDomainSeparator",
+		msg: "Invalid domain separator"
+	},
 	{
 		code: 6700,
-		name: "MxeNotInRecoveryState",
-		msg: "MXE is not in recovery state"
+		name: "MxeNotInMigrationState",
+		msg: "MXE is not in migration state"
 	},
 	{
 		code: 6701,
-		name: "MxeAlreadyInRecovery",
-		msg: "MXE is already in recovery state"
+		name: "MxeAlreadyInMigration",
+		msg: "MXE is already in migration state"
 	},
 	{
 		code: 6702,
@@ -10215,8 +11184,33 @@ var errors = [
 	},
 	{
 		code: 6716,
-		name: "MxeInRecoveryState",
-		msg: "MXE is in recovery state, cannot queue new computations"
+		name: "MxeInMigrationState",
+		msg: "MXE is in migration state, cannot queue new computations"
+	},
+	{
+		code: 6717,
+		name: "PermissionedRecoveryPeersNotDistinct",
+		msg: "Permissioned recovery peers to add must be distinct"
+	},
+	{
+		code: 6718,
+		name: "TooManyPermissionedRecoveryPeers",
+		msg: "Too many permissioned recovery peers to add"
+	},
+	{
+		code: 6719,
+		name: "RemoveNonExistingPermissionedRecoveryPeers",
+		msg: "Can only remove existing permissioned recovery peers"
+	},
+	{
+		code: 6720,
+		name: "UnauthorizedRecoveryPeerCreation",
+		msg: "Unauthorized to create recovery peer on mainnet"
+	},
+	{
+		code: 6721,
+		name: "CompilationWithoutMainnetFeatureFlag",
+		msg: "Program must be compiled with the \\mainnet\\ feature flag."
 	}
 ];
 var types = [
@@ -11203,7 +12197,16 @@ var types = [
 									name: "AcccountAccessInfo"
 								}
 							},
-							12
+							13
+						]
+					}
+				},
+				{
+					name: "_padding",
+					type: {
+						array: [
+							"u8",
+							6
 						]
 					}
 				}
@@ -11377,6 +12380,12 @@ var types = [
 							}
 						}
 					]
+				},
+				{
+					name: "TrustedDealer"
+				},
+				{
+					name: "OutputTooLarge"
 				}
 			]
 		}
@@ -11498,6 +12507,14 @@ var types = [
 				{
 					name: "mxe_program_id",
 					type: "pubkey"
+				},
+				{
+					name: "execution_status",
+					type: {
+						defined: {
+							name: "ExecutionStatus"
+						}
+					}
 				}
 			]
 		}
@@ -11579,9 +12596,6 @@ var types = [
 				},
 				{
 					name: "NoPubkeysSet"
-				},
-				{
-					name: "AccountNotFound"
 				}
 			]
 		}
@@ -11874,7 +12888,7 @@ var types = [
 				{
 					name: "status",
 					docs: [
-						"The status of this MXE (Active or Recovery)."
+						"The status of this MXE (Active or Migration)."
 					],
 					type: {
 						defined: {
@@ -12178,7 +13192,7 @@ var types = [
 					name: "Active"
 				},
 				{
-					name: "Recovery"
+					name: "Migration"
 				}
 			]
 		}
@@ -12471,6 +13485,38 @@ var types = [
 			]
 		}
 	},
+	{
+		name: "PermissionedRecoveryPeersAccount",
+		docs: [
+			"Account for tracking permissioned recovery peers - needed until we have staking."
+		],
+		serialization: "bytemuck",
+		repr: {
+			kind: "c"
+		},
+		type: {
+			kind: "struct",
+			fields: [
+				{
+					name: "permissioned_peers",
+					docs: [
+						"DO NOT PUT ANYTHING ELSE BEFORE THE PERMISSIONED_PEERS FIELD, IT'S EXPECTED TO BE AT",
+						"OFFSET 8."
+					],
+					type: {
+						array: [
+							"pubkey",
+							25
+						]
+					}
+				},
+				{
+					name: "bump",
+					type: "u8"
+				}
+			]
+		}
+	},
 	{
 		name: "QueueComputationEvent",
 		type: {
@@ -12634,6 +13680,18 @@ var types = [
 						]
 					}
 				},
+				{
+					name: "peer_offset",
+					docs: [
+						"DO NOT PUT ANYTHING ELSE BEFORE THE PEER_OFFSET FIELD, IT'S EXPECTED TO BE AT OFFSET 72."
+					],
+					type: {
+						array: [
+							"u8",
+							4
+						]
+					}
+				},
 				{
 					name: "bump",
 					type: "u8"
@@ -13126,62 +14184,62 @@ const ARCIUM_IDL = (arcium ?? ARCIUM_IDL_MODULE);
 const ARCIUM_ADDR = ARCIUM_IDL.address;
 
 /**
- * Seed for ClockAccount PDA
+ * Seed for ClockAccount PDA.
  * @constant {string}
  */
 const CLOCK_ACC_SEED = 'ClockAccount';
 /**
- * Seed for FeePool PDA
+ * Seed for FeePool PDA.
  * @constant {string}
  */
 const POOL_ACC_SEED = 'FeePool';
 /**
- * Seed for ComputationAccount PDA
+ * Seed for ComputationAccount PDA.
  * @constant {string}
  */
 const COMPUTATION_ACC_SEED = 'ComputationAccount';
 /**
- * Seed for Mempool PDA
+ * Seed for Mempool PDA.
  * @constant {string}
  */
 const MEMPOOL_ACC_SEED = 'Mempool';
 /**
- * Seed for ExecutingPoolAccount PDA
+ * Seed for ExecutingPoolAccount PDA.
  * @constant {string}
  */
 const EXEC_POOL_ACC_SEED = 'Execpool';
 /**
- * Seed for ClusterAccount PDA
+ * Seed for ClusterAccount PDA.
  * @constant {string}
  */
 const CLUSTER_ACC_SEED = 'Cluster';
 /**
- * Seed for ArxNodeAccount PDA
+ * Seed for ArxNodeAccount PDA.
  * @constant {string}
  */
 const ARX_NODE_ACC_SEED = 'ArxNode';
 /**
- * Seed for MXE Account PDA
+ * Seed for MXE Account PDA.
  * @constant {string}
  */
 const MXE_ACCOUNT_SEED = 'MXEAccount';
 /**
- * Seed for CompDefAccount PDA
+ * Seed for CompDefAccount PDA.
  * @constant {string}
  */
 const COMP_DEF_ACC_SEED = 'ComputationDefinitionAccount';
 /**
- * Seed for RecoveryClusterAccount PDA
+ * Seed for RecoveryClusterAccount PDA.
  * @constant {string}
  */
 const RECOVERY_CLUSTER_ACC_SEED = 'RecoveryClusterAccount';
 /**
- * Seed for MxeRecoveryAccount PDA
+ * Seed for MxeRecoveryAccount PDA.
  * @constant {string}
  */
 const MXE_RECOVERY_ACC_SEED = 'MxeRecoveryAccount';
 /**
- * Seed for ComputationDefinitionRaw PDA
+ * Seed for ComputationDefinitionRaw PDA.
  * @constant {string}
  */
 const RAW_CIRCUIT_ACC_SEED = 'ComputationDefinitionRaw';
@@ -13201,7 +14259,7 @@ const MAX_UPLOAD_PER_TX_BYTES = 814;
  */
 const MAX_ACCOUNT_SIZE = 10485760;
 /**
- * Maximum number of arcium embiggen instructions allowed in a single transaction (due to compute unit limits).
+ * Maximum number of Arcium embiggen instructions allowed in a single transaction (due to compute unit limits).
  * @constant {number}
  */
 const MAX_EMBIGGEN_IX_PER_TX = 18;
@@ -13222,17 +14280,17 @@ const OFFSET_BUFFER_SIZE = 4;
 const COMP_DEF_OFFSET_SIZE = 4;
 
 /**
- * Returns the public key of the deployed Arcium program on Solana.
- * @returns The Arcium program's public key.
+ * Return the public key of the deployed Arcium program on Solana.
+ * @returns Arcium program's public key.
  */
 function getArciumProgramId() {
     return new anchor__namespace.web3.PublicKey(ARCIUM_ADDR);
 }
 /**
- * Derives the computation account address for a given cluster and computation offset.
- * @param clusterOffset - The offset of the cluster this computation will be executed by.
- * @param computationOffset - The computation offset as an anchor.BN.
- * @returns The derived computation account public key.
+ * Derive the computation account address for a given cluster and computation offset.
+ * @param clusterOffset - Offset of the cluster this computation will be executed by.
+ * @param computationOffset - Computation offset as an anchor.BN.
+ * @returns Derived computation account public key.
  */
 function getComputationAccAddress(clusterOffset, computationOffset) {
     const clOffsetBuffer = Buffer.alloc(OFFSET_BUFFER_SIZE);
@@ -13241,9 +14299,9 @@ function getComputationAccAddress(clusterOffset, computationOffset) {
     return generateArciumPDAFrom(seeds)[0];
 }
 /**
- * Derives the mempool account address for a given cluster.
- * @param clusterOffset - The offset of the cluster.
- * @returns The derived mempool account public key.
+ * Derive the mempool account address for a given cluster.
+ * @param clusterOffset - Offset of the cluster.
+ * @returns Derived mempool account public key.
  */
 function getMempoolAccAddress(clusterOffset) {
     const clOffsetBuffer = Buffer.alloc(OFFSET_BUFFER_SIZE);
@@ -13252,9 +14310,9 @@ function getMempoolAccAddress(clusterOffset) {
     return generateArciumPDAFrom(seeds)[0];
 }
 /**
- * Derives the executing pool account address for a given cluster.
- * @param clusterOffset - The offset of the cluster.
- * @returns The derived executing pool account public key.
+ * Derive the executing pool account address for a given cluster.
+ * @param clusterOffset - Offset of the cluster.
+ * @returns Derived executing pool account public key.
  */
 function getExecutingPoolAccAddress(clusterOffset) {
     const clOffsetBuffer = Buffer.alloc(OFFSET_BUFFER_SIZE);
@@ -13263,25 +14321,25 @@ function getExecutingPoolAccAddress(clusterOffset) {
     return generateArciumPDAFrom(seeds)[0];
 }
 /**
- * Derives the fee pool account address.
- * @returns The derived fee pool account public key.
+ * Derive the fee pool account address.
+ * @returns Derived fee pool account public key.
  */
 function getFeePoolAccAddress() {
     const seeds = [Buffer.from(POOL_ACC_SEED)];
     return generateArciumPDAFrom(seeds)[0];
 }
 /**
- * Derives the clock account address.
- * @returns The derived clock account public key.
+ * Derive the clock account address.
+ * @returns Derived clock account public key.
  */
 function getClockAccAddress() {
     const seeds = [Buffer.from(CLOCK_ACC_SEED)];
     return generateArciumPDAFrom(seeds)[0];
 }
 /**
- * Derives the cluster account address for a given offset.
- * @param clusterOffset - The cluster offset as a number.
- * @returns The derived cluster account public key.
+ * Derive the cluster account address for a given offset.
+ * @param clusterOffset - Cluster offset as a number.
+ * @returns Derived cluster account public key.
  */
 function getClusterAccAddress(clusterOffset) {
     const offsetBuffer = Buffer.alloc(OFFSET_BUFFER_SIZE);
@@ -13290,9 +14348,9 @@ function getClusterAccAddress(clusterOffset) {
     return generateArciumPDAFrom(seeds)[0];
 }
 /**
- * Derives the ArxNode account address for a given offset.
- * @param nodeOffset - The ArxNode offset as a number.
- * @returns The derived ArxNode account public key.
+ * Derive the ArxNode account address for a given offset.
+ * @param nodeOffset - ArxNode offset as a number.
+ * @returns Derived ArxNode account public key.
  */
 function getArxNodeAccAddress(nodeOffset) {
     const offsetBuffer = Buffer.alloc(OFFSET_BUFFER_SIZE);
@@ -13301,19 +14359,19 @@ function getArxNodeAccAddress(nodeOffset) {
     return generateArciumPDAFrom(seeds)[0];
 }
 /**
- * Derives the MXE account address for a given MXE program ID.
- * @param mxeProgramId - The public key of the MXE program.
- * @returns The derived MXE account public key.
+ * Derive the MXE account address for a given MXE program ID.
+ * @param mxeProgramId - Public key of the MXE program.
+ * @returns Derived MXE account public key.
  */
 function getMXEAccAddress(mxeProgramId) {
     const seeds = [Buffer.from(MXE_ACCOUNT_SEED), mxeProgramId.toBuffer()];
     return generateArciumPDAFrom(seeds)[0];
 }
 /**
- * Derives the computation definition account address for a given MXE program ID and offset.
- * @param mxeProgramId - The public key of the MXE program.
- * @param compDefOffset - The computation definition offset as a number.
- * @returns The derived computation definition account public key.
+ * Derive the computation definition account address for a given MXE program ID and offset.
+ * @param mxeProgramId - Public key of the MXE program.
+ * @param compDefOffset - Computation definition offset as a number.
+ * @returns Derived computation definition account public key.
  */
 function getCompDefAccAddress(mxeProgramId, compDefOffset) {
     const offsetBuffer = Buffer.alloc(OFFSET_BUFFER_SIZE);
@@ -13322,19 +14380,19 @@ function getCompDefAccAddress(mxeProgramId, compDefOffset) {
     return generateArciumPDAFrom(seeds)[0];
 }
 /**
- * Derives the recovery cluster account address for a given MXE program ID.
- * @param mxeProgramId - The public key of the MXE program.
- * @returns The derived recovery cluster account public key.
+ * Derive the recovery cluster account address for a given MXE program ID.
+ * @param mxeProgramId - Public key of the MXE program.
+ * @returns Derived recovery cluster account public key.
  */
 function getRecoveryClusterAccAddress(mxeProgramId) {
     const seeds = [Buffer.from(RECOVERY_CLUSTER_ACC_SEED), mxeProgramId.toBuffer()];
     return generateArciumPDAFrom(seeds)[0];
 }
 /**
- * Derives the MXE recovery account address for a key recovery session.
- * @param backupMxeProgramId - The public key of the backup MXE program that will take over.
- * @param originalMxeProgramId - The public key of the original MXE program being recovered.
- * @returns The derived MXE recovery account public key.
+ * Derive the MXE recovery account address for a key recovery session.
+ * @param backupMxeProgramId - Public key of the backup MXE program that will take over.
+ * @param originalMxeProgramId - Public key of the original MXE program being recovered.
+ * @returns Derived MXE recovery account public key.
  */
 function getMxeRecoveryAccAddress(backupMxeProgramId, originalMxeProgramId) {
     const seeds = [
@@ -13345,10 +14403,10 @@ function getMxeRecoveryAccAddress(backupMxeProgramId, originalMxeProgramId) {
     return generateArciumPDAFrom(seeds)[0];
 }
 /**
- * Derives the raw circuit account address for a given computation definition and index.
- * @param compDefPubkey - The public key of the computation definition account.
- * @param rawCircuitIndex - The index of the raw circuit account (0-based).
- * @returns The derived raw circuit account public key.
+ * Derive the raw circuit account address for a given computation definition and index.
+ * @param compDefPubkey - Public key of the computation definition account.
+ * @param rawCircuitIndex - Index of the raw circuit account (0-based).
+ * @returns Derived raw circuit account public key.
  */
 function getRawCircuitAccAddress(compDefPubkey, rawCircuitIndex) {
     const seeds = [
@@ -13359,10 +14417,10 @@ function getRawCircuitAccAddress(compDefPubkey, rawCircuitIndex) {
     return generateArciumPDAFrom(seeds)[0];
 }
 /**
- * Derives the address lookup table address for an MXE program.
- * @param mxeProgramId - The public key of the MXE program.
- * @param lutOffset - The index of the lookup table, to be fetched from the mxe account.
- * @returns The derived address lookup table public key.
+ * Derive the address lookup table address for an MXE program.
+ * @param mxeProgramId - Public key of the MXE program.
+ * @param lutOffset - Index of the lookup table, to be fetched from the mxe account.
+ * @returns Derived address lookup table public key.
  */
 function getLookupTableAddress(mxeProgramId, lutOffset) {
     const mxeAccount = getMXEAccAddress(mxeProgramId);
@@ -13371,9 +14429,9 @@ function getLookupTableAddress(mxeProgramId, lutOffset) {
     return web3_js.PublicKey.findProgramAddressSync(seeds, web3_js.AddressLookupTableProgram.programId)[0];
 }
 /**
- * Generates a program-derived address (PDA) from the provided seeds and the Arcium program ID.
- * @param seeds - An array of Buffer seeds used for PDA derivation.
- * @returns A tuple containing the derived public key and the bump seed.
+ * Generate a program-derived address (PDA) from the provided seeds and the Arcium program ID.
+ * @param seeds - Array of Buffer seeds used for PDA derivation.
+ * @returns Tuple containing the derived public key and the bump seed.
  */
 function generateArciumPDAFrom(seeds) {
     const programId = getArciumProgramId();
@@ -13481,10 +14539,10 @@ const EXECPOOL_DISCRIMINATOR_MAP = {
     [LARGE_EXECPOOL_DISCRIMINATOR.toString()]: LARGE_EXECPOOL_ACC_NAME,
 };
 /**
- * Fetches and decodes the mempool account info for any mempool account size.
- * @param provider - The Anchor provider to use for fetching accounts.
- * @param mempoolAccPubkey - The public key of the mempool account.
- * @returns The decoded mempool account info.
+ * Fetch and decode the mempool account info for any mempool account size.
+ * @param provider - Anchor provider to use for fetching accounts.
+ * @param mempoolAccPubkey - Public key of the mempool account.
+ * @returns Decoded mempool account info.
  * @throws Error if the account cannot be fetched or the discriminator is unknown.
  */
 async function getMempoolAccInfo(provider, mempoolAccPubkey) {
@@ -13501,10 +14559,10 @@ async function getMempoolAccInfo(provider, mempoolAccPubkey) {
     return program.coder.accounts.decode(accName, accData.data);
 }
 /**
- * Fetches and decodes the executing pool account info for any pool size.
- * @param provider - The Anchor provider to use for fetching accounts.
- * @param executingPoolAccPubkey - The public key of the executing pool account.
- * @returns The decoded executing pool account info.
+ * Fetch and decode the executing pool account info for any pool size.
+ * @param provider - Anchor provider to use for fetching accounts.
+ * @param executingPoolAccPubkey - Public key of the executing pool account.
+ * @returns Decoded executing pool account info.
  * @throws Error if the account cannot be fetched or the discriminator is unknown.
  */
 async function getExecutingPoolAccInfo(provider, executingPoolAccPubkey) {
@@ -13521,10 +14579,10 @@ async function getExecutingPoolAccInfo(provider, executingPoolAccPubkey) {
     return program.coder.accounts.decode(accName, accData.data);
 }
 /**
- * Returns all computation references in the mempool for a given account.
+ * Return all computation references in the mempool for a given account.
  * Only non-stake computations are included.
- * @param arciumProgram - The Anchor program instance.
- * @param address - The public key of the mempool account.
+ * @param arciumProgram - Anchor program instance.
+ * @param address - Public key of the mempool account.
  * @returns Array of ComputationReference objects.
  */
 async function getComputationsInMempool(arciumProgram, address) {
@@ -13555,9 +14613,9 @@ async function getComputationsInMempool(arciumProgram, address) {
         .filter((ref) => !isNullRef(ref));
 }
 /**
- * Calculates priority fee statistics for computations in a mempool.
- * @param arciumProgram - The Anchor program instance.
- * @param mempoolAddress - The public key of the mempool account.
+ * Calculate priority fee statistics for computations in a mempool.
+ * @param arciumProgram - Anchor program instance.
+ * @param mempoolAddress - Public key of the mempool account.
  * @returns Priority fee statistics (mean, median, min, max, count).
  */
 async function getMempoolPriorityFeeStats(arciumProgram, mempoolAddress) {
@@ -13582,11 +14640,11 @@ async function getMempoolPriorityFeeStats(arciumProgram, mempoolAddress) {
     };
 }
 /**
- * Helper function to fetch a specific utility key from the MXE account.
- * @param provider - The Anchor provider to use for fetching accounts.
- * @param mxeProgramId - The public key of the MXE program.
- * @param field - The field name to extract ('x25519Pubkey' or 'ed25519VerifyingKey').
- * @returns The utility key as a Uint8Array, or null if not set.
+ * Fetch a specific utility key from the MXE account.
+ * @param provider - Anchor provider to use for fetching accounts.
+ * @param mxeProgramId - Public key of the MXE program.
+ * @param field - Field name to extract ('x25519Pubkey' or 'ed25519VerifyingKey').
+ * @returns Utility key as a Uint8Array, or null if not set.
  */
 async function getMXEUtilityKey(provider, mxeProgramId, field) {
     const program = getArciumProgram(provider);
@@ -13605,28 +14663,28 @@ async function getMXEUtilityKey(provider, mxeProgramId, field) {
     return null;
 }
 /**
- * Fetches and extracts the MXE X25519 public key from the MXE account.
- * @param provider - The Anchor provider to use for fetching accounts.
- * @param mxeProgramId - The public key of the MXE program.
- * @returns The MXE's X25519 public key as a Uint8Array, or null if not set.
+ * Fetch and extract the MXE X25519 public key from the MXE account.
+ * @param provider - Anchor provider to use for fetching accounts.
+ * @param mxeProgramId - Public key of the MXE program.
+ * @returns MXE's X25519 public key as a Uint8Array, or null if not set.
  */
 async function getMXEPublicKey(provider, mxeProgramId) {
     return getMXEUtilityKey(provider, mxeProgramId, 'x25519Pubkey');
 }
 /**
- * Fetches and extracts the MXE arcis Ed25519 verifying key from the MXE account.
- * @param provider - The Anchor provider to use for fetching accounts.
- * @param mxeProgramId - The public key of the MXE program.
- * @returns The MXE's arcis Ed25519 verifying key as a Uint8Array, or null if not set.
+ * Fetch and extract the MXE arcis Ed25519 verifying key from the MXE account.
+ * @param provider - Anchor provider to use for fetching accounts.
+ * @param mxeProgramId - Public key of the MXE program.
+ * @returns MXE's arcis Ed25519 verifying key as a Uint8Array, or null if not set.
  */
 async function getMXEArcisEd25519VerifyingKey(provider, mxeProgramId) {
     return getMXEUtilityKey(provider, mxeProgramId, 'ed25519VerifyingKey');
 }
 /**
- * Determines the current state of a circuit based on its on-chain configuration.
+ * Determine the current state of a circuit based on its on-chain configuration.
  * @internal Called internally by `uploadCircuit` - most users don't need this directly.
- * @param circuitSource - The circuitSource field from ComputationDefinitionAccount.
- * @returns The current state of the circuit.
+ * @param circuitSource - circuitSource field from ComputationDefinitionAccount.
+ * @returns Current state of the circuit.
  */
 function getCircuitState(circuitSource) {
     if (!('onChain' in circuitSource) || !circuitSource.onChain) {
@@ -13638,14 +14696,15 @@ function getCircuitState(circuitSource) {
     return 'OnchainPending';
 }
 /**
- * Uploads a circuit to the blockchain, splitting it into multiple accounts if necessary.
- * @param provider - The Anchor provider to use for transactions.
- * @param circuitName - The name of the circuit.
- * @param mxeProgramId - The public key of the MXE program.
- * @param rawCircuit - The raw circuit data as a Uint8Array.
+ * Upload a circuit to the blockchain, splitting it into multiple accounts if necessary.
+ * @param provider - Anchor provider to use for transactions.
+ * @param circuitName - Name of the circuit.
+ * @param mxeProgramId - Public key of the MXE program.
+ * @param rawCircuit - Raw circuit data as a Uint8Array.
  * @param logging - Whether to log progress (default: true).
- * @param chunkSize - The number of upload transactions to send in parallel (default: 500).
- * @returns An array of transaction signatures for all upload and finalize transactions.
+ * @param chunkSize - Number of upload transactions to send in parallel (default: 500).
+ * @param confirmOptions - Transaction confirmation options.
+ * @returns Array of transaction signatures for all upload and finalize transactions.
  */
 async function uploadCircuit(provider, circuitName, mxeProgramId, rawCircuit, logging = true, chunkSize = 500, confirmOptions) {
     const compDefAccInfo = getCompDefAccInfo(circuitName, mxeProgramId);
@@ -13669,6 +14728,14 @@ async function uploadCircuit(provider, circuitName, mxeProgramId, rawCircuit, lo
     sigs.push(await signAndSendWithBlockhash(provider, finalizeCompDefTx, await provider.connection.getLatestBlockhash({ commitment: confirmOptions?.commitment || 'confirmed' }), confirmOptions));
     return sigs;
 }
+/**
+ * Queue a key recovery initialization for an MXE on a given cluster.
+ * @param provider - Anchor provider for signing and sending.
+ * @param clusterOffset - Cluster offset to recover keys from.
+ * @param mxeProgramId - Public key of the MXE program.
+ * @param confirmOptions - Transaction confirmation options.
+ * @returns Array of transaction signatures.
+ */
 async function queueKeyRecoveryInit(provider, clusterOffset, mxeProgramId, confirmOptions) {
     const program = getArciumProgram(provider);
     const sigs = [];
@@ -13683,11 +14750,11 @@ async function queueKeyRecoveryInit(provider, clusterOffset, mxeProgramId, confi
     return sigs;
 }
 /**
- * Builds a transaction to finalize a computation definition.
- * @param provider - The Anchor provider to use for transactions.
- * @param compDefOffset - The offset of the computation definition.
- * @param mxeProgramId - The public key of the MXE program.
- * @returns The transaction to finalize the computation definition.
+ * Build a transaction to finalize a computation definition.
+ * @param provider - Anchor provider to use for transactions.
+ * @param compDefOffset - Offset of the computation definition.
+ * @param mxeProgramId - Public key of the MXE program.
+ * @returns Transaction to finalize the computation definition.
  */
 async function buildFinalizeCompDefTx(provider, compDefOffset, mxeProgramId) {
     const program = getArciumProgram(provider);
@@ -13805,35 +14872,35 @@ async function signAndSendWithBlockhash(provider, tx, block, confirmOptions) {
     return provider.sendAndConfirm(tx, [], confirmOptions || { commitment: 'confirmed' });
 }
 /**
- * Returns the base seed for an Arcium account, given its name.
- * @param accName - The name of the account.
- * @returns The base seed as a Uint8Array.
+ * Return the base seed for an Arcium account, given its name.
+ * @param accName - Name of the account.
+ * @returns Base seed as a Uint8Array.
  */
 function getArciumAccountBaseSeed(accName) {
     return Buffer.from(accName, 'utf-8');
 }
 /**
- * Computes the offset for a computation definition account, based on the circuit name.
- * @param circuitName - The name of the circuit.
- * @returns The offset as a 4-byte Uint8Array.
+ * Compute the offset for a computation definition account, based on the circuit name.
+ * @param circuitName - Name of the circuit.
+ * @returns Offset as a 4-byte Uint8Array.
  */
 function getCompDefAccOffset(circuitName) {
     const hash = new Uint8Array(sha256([Buffer.from(circuitName, 'utf-8')]));
     return hash.slice(0, COMP_DEF_OFFSET_SIZE);
 }
 /**
- * Returns an Anchor program instance for the Arcium program.
- * @param provider - The Anchor provider to use.
- * @returns The Anchor program instance for Arcium.
+ * Return an Anchor program instance for the Arcium program.
+ * @param provider - Anchor provider to use.
+ * @returns Anchor program instance for Arcium.
  */
 function getArciumProgram(provider) {
     return new anchor.Program(ARCIUM_IDL, provider);
 }
 /**
- * Returns the public key and offset for a computation definition account, given the circuit name and MXE program ID.
- * @param circuitName - The name of the circuit.
- * @param mxeProgramId - The public key of the MXE program.
- * @returns An object containing the public key and offset for the computation definition account.
+ * Return the public key and offset for a computation definition account, given the circuit name and MXE program ID.
+ * @param circuitName - Name of the circuit.
+ * @param mxeProgramId - Public key of the MXE program.
+ * @returns Object containing the public key and offset for the computation definition account.
  */
 function getCompDefAccInfo(circuitName, mxeProgramId) {
     const offset = getCompDefAccOffset(circuitName);
@@ -13841,20 +14908,21 @@ function getCompDefAccInfo(circuitName, mxeProgramId) {
     return { pubkey: pda, offset: Buffer.from(offset).readUInt32LE(0) };
 }
 /**
- * Returns the PDA for a computation definition account, given the program ID, MXE program ID, and offset.
- * @param arciumProgramId - The public key of the Arcium program.
- * @param mxeProgramId - The public key of the MXE program.
- * @param offset - The offset as a Uint8Array.
- * @returns The PDA for the computation definition account.
+ * Return the PDA for a computation definition account, given the program ID, MXE program ID, and offset.
+ * @param arciumProgramId - Public key of the Arcium program.
+ * @param mxeProgramId - Public key of the MXE program.
+ * @param offset - Offset as a Uint8Array.
+ * @returns PDA for the computation definition account.
  */
 function getCompDefAccPDA(arciumProgramId, mxeProgramId, offset) {
     return anchor__namespace.web3.PublicKey.findProgramAddressSync([Buffer.from(COMP_DEF_ACC_SEED, 'utf-8'), mxeProgramId.toBuffer(), offset], arciumProgramId)[0];
 }
 /**
- * Sets an MXE to Recovery status, initiating the key recovery process.
- * @param provider - The Anchor provider to use for transactions.
- * @param mxeProgramId - The public key of the MXE program to recover.
- * @returns The transaction signature.
+ * Set an MXE to Recovery status, initiating the key recovery process.
+ * @param provider - Anchor provider to use for transactions.
+ * @param mxeProgramId - Public key of the MXE program to recover.
+ * @param confirmOptions - Transaction confirmation options.
+ * @returns Transaction signature.
  */
 async function recoverMxe(provider, mxeProgramId, confirmOptions) {
     const program = getArciumProgram(provider);
@@ -13868,13 +14936,14 @@ async function recoverMxe(provider, mxeProgramId, confirmOptions) {
     return signAndSendWithBlockhash(provider, tx, await provider.connection.getLatestBlockhash({ commitment: confirmOptions?.commitment || 'confirmed' }), confirmOptions);
 }
 /**
- * Initializes key recovery execution by creating the MxeRecoveryAccount and
+ * Initialize key recovery execution by creating the MxeRecoveryAccount and
  * registering the key_recovery_final computation definition on the backup MXE.
  * This is split into two parts due to Solana's 10KB per-instruction allocation limit.
- * @param provider - The Anchor provider to use for transactions.
- * @param originalMxeProgramId - The public key of the original MXE program being recovered.
- * @param backupMxeProgramId - The public key of the backup MXE program that will take over.
- * @returns The transaction signature from part2.
+ * @param provider - Anchor provider to use for transactions.
+ * @param originalMxeProgramId - Public key of the original MXE program being recovered.
+ * @param backupMxeProgramId - Public key of the backup MXE program that will take over.
+ * @param confirmOptions - Transaction confirmation options.
+ * @returns Transaction signature from part2.
  */
 async function initKeyRecoveryExecution(provider, originalMxeProgramId, backupMxeProgramId, confirmOptions) {
     // Part 1: Create MxeRecoveryAccount with partial size
@@ -13901,16 +14970,17 @@ async function initKeyRecoveryExecution(provider, originalMxeProgramId, backupMx
     return signAndSendWithBlockhash(provider, tx2, await provider.connection.getLatestBlockhash({ commitment: confirmOptions?.commitment || 'confirmed' }), confirmOptions);
 }
 /**
- * Submits a re-encrypted key recovery share from a recovery peer.
+ * Submit a re-encrypted key recovery share from a recovery peer.
  * Recovery peers must decrypt shares using their x25519 private key and re-encrypt
  * them for the backup MXE before submission.
- * @param provider - The Anchor provider to use for transactions.
- * @param originalMxeProgramId - The public key of the original MXE program being recovered.
- * @param backupMxeProgramId - The public key of the backup MXE program.
- * @param peerOffset - The offset of the recovery peer.
- * @param peerIndex - The index of this peer in the recovery peers list.
- * @param share - The re-encrypted share: 5 field elements of 32 bytes each (160 bytes total).
- * @returns The transaction signature.
+ * @param provider - Anchor provider to use for transactions.
+ * @param originalMxeProgramId - Public key of the original MXE program being recovered.
+ * @param backupMxeProgramId - Public key of the backup MXE program.
+ * @param peerOffset - Offset of the recovery peer.
+ * @param peerIndex - Index of this peer in the recovery peers list.
+ * @param share - Re-encrypted share: 5 field elements of 32 bytes each (160 bytes total).
+ * @param confirmOptions - Transaction confirmation options.
+ * @returns Transaction signature.
  */
 async function submitKeyRecoveryShare(provider, originalMxeProgramId, backupMxeProgramId, peerOffset, peerIndex, share, confirmOptions) {
     const program = getArciumProgram(provider);
@@ -13935,14 +15005,15 @@ async function submitKeyRecoveryShare(provider, originalMxeProgramId, backupMxeP
     return signAndSendWithBlockhash(provider, tx, await provider.connection.getLatestBlockhash({ commitment: confirmOptions?.commitment || 'confirmed' }), confirmOptions);
 }
 /**
- * Finalizes key recovery execution after the submission threshold is met.
+ * Finalize key recovery execution after the submission threshold is met.
  * This queues the key_recovery_finalize MPC computation on the backup cluster.
- * @param provider - The Anchor provider to use for transactions.
- * @param originalMxeProgramId - The public key of the original MXE program being recovered.
- * @param backupMxeProgramId - The public key of the backup MXE program.
- * @param clusterOffset - The cluster offset where the backup MXE is deployed.
- * @param keyRecoveryFinalizeOffset - The computation offset for the key_recovery_finalize computation.
- * @returns The transaction signature.
+ * @param provider - Anchor provider to use for transactions.
+ * @param originalMxeProgramId - Public key of the original MXE program being recovered.
+ * @param backupMxeProgramId - Public key of the backup MXE program.
+ * @param clusterOffset - Cluster offset where the backup MXE is deployed.
+ * @param keyRecoveryFinalizeOffset - Computation offset for the key_recovery_finalize computation.
+ * @param confirmOptions - Transaction confirmation options.
+ * @returns Transaction signature.
  */
 async function finalizeKeyRecoveryExecution(provider, originalMxeProgramId, backupMxeProgramId, clusterOffset, keyRecoveryFinalizeOffset, confirmOptions) {
     const program = getArciumProgram(provider);
@@ -13961,12 +15032,13 @@ async function finalizeKeyRecoveryExecution(provider, originalMxeProgramId, back
     return signAndSendWithBlockhash(provider, tx, await provider.connection.getLatestBlockhash({ commitment: confirmOptions?.commitment || 'confirmed' }), confirmOptions);
 }
 /**
- * Initializes an MXE (part 1). Due to Solana's 10KB per-instruction allocation limit,
+ * Initialize an MXE (part 1). Due to Solana's 10KB per-instruction allocation limit,
  * this only partially allocates recovery_cluster_acc.
  * Call initMxePart2 afterwards to finish allocation and add keygen to mempool.
- * @param provider - The Anchor provider to use for transactions.
- * @param mxeProgramId - The public key to use as the MXE program ID.
- * @returns The transaction signature.
+ * @param provider - Anchor provider to use for transactions.
+ * @param mxeProgramId - Public key to use as the MXE program ID.
+ * @param confirmOptions - Transaction confirmation options.
+ * @returns Transaction signature.
  */
 async function initMxePart1(provider, mxeProgramId, confirmOptions) {
     const program = getArciumProgram(provider);
@@ -13980,17 +15052,19 @@ async function initMxePart1(provider, mxeProgramId, confirmOptions) {
     return signAndSendWithBlockhash(provider, tx, await provider.connection.getLatestBlockhash({ commitment: confirmOptions?.commitment || 'confirmed' }), confirmOptions);
 }
 /**
- * Finishes MXE initialization (part 2).
- * Reallocates recovery_cluster_acc to full size, initializes recovery_peers,
- * and adds the keygen computation to the mempool.
- * @param provider - The Anchor provider to use for transactions.
- * @param clusterOffset - The cluster offset to associate with the MXE.
- * @param mxeProgramId - The public key to use as the MXE program ID.
+ * Finish MXE initialization (part 2).
+ * Reallocate recovery_cluster_acc to full size, initialize recovery_peers,
+ * and add the keygen computation to the mempool.
+ * @param provider - Anchor provider to use for transactions.
+ * @param clusterOffset - Cluster offset to associate with the MXE.
+ * @param mxeProgramId - Public key to use as the MXE program ID.
  * @param recoveryPeers - Array of 100 node offsets for recovery peers (0 for unused slots).
- * @param keygenOffset - The computation offset for the keygen computation.
- * @param keyRecoveryInitOffset - The computation offset for the key_recovery_init computation.
+ * @param keygenOffset - Computation offset for the keygen computation.
+ * @param keyRecoveryInitOffset - Computation offset for the key_recovery_init computation.
+ * @param lutOffset - Lookup table offset for the MXE's address lookup table.
  * @param mxeAuthority - Optional authority for the MXE (defaults to provider.publicKey).
- * @returns The transaction signature.
+ * @param confirmOptions - Transaction confirmation options.
+ * @returns Transaction signature.
  */
 async function initMxePart2(provider, clusterOffset, mxeProgramId, recoveryPeers, keygenOffset, keyRecoveryInitOffset, lutOffset, mxeAuthority, confirmOptions) {
     const program = getArciumProgram(provider);
@@ -14016,9 +15090,9 @@ async function initMxePart2(provider, clusterOffset, mxeProgramId, recoveryPeers
 }
 
 /**
- * Reads local Arcium environment information from environment variables.
+ * Read local Arcium environment information from environment variables.
  * Only available in Node.js and when testing locally.
- * @returns The local Arcium environment configuration.
+ * @returns Local Arcium environment configuration.
  * @throws Error if called in a browser or if required environment variables are missing or invalid.
  */
 function getArciumEnv() {
@@ -14030,8 +15104,14 @@ function getArciumEnv() {
         if (isNaN(arciumClusterOffset)) {
             throw new Error('ARCIUM_CLUSTER_OFFSET environment variable is not set or is invalid (NaN).');
         }
+        const arciumBackupClusterOffset = process.env.ARCIUM_BACKUP_CLUSTER_OFFSET;
+        const arciumBackupClusterOffsetNumber = Number(arciumBackupClusterOffset);
+        if (typeof arciumBackupClusterOffset !== 'undefined' && isNaN(arciumBackupClusterOffsetNumber)) {
+            throw new Error('ARCIUM_BACKUP_CLUSTER_OFFSET environment variable is invalid (NaN).');
+        }
         return {
             arciumClusterOffset,
+            arciumBackupClusterOffset: arciumBackupClusterOffsetNumber,
         };
     }
     catch (e) {
@@ -14039,38 +15119,78 @@ function getArciumEnv() {
     }
 }
 
+const POLL_INTERVAL_MS = 500;
 /**
- * Waits for the finalization of a computation by listening for the finalizeComputationEvent.
- * Resolves with the transaction signature once the computation is finalized.
- * @param provider - The Anchor provider to use for event listening.
- * @param computationOffset - The offset of the computation to wait for.
- * @param mxeProgramId - The public key of the MXE program.
- * @param commitment - (Optional) The desired finality/commitment level (default: 'confirmed').
- * @returns The transaction signature of the finalization event.
+ * Wait for a computation to finalize by polling the computation account
+ * status via HTTP RPC. Does not use WebSocket subscriptions.
+ *
+ * Polls every 500ms (same as Agave's send_and_confirm_transaction_with_config).
+ * Return the most recent transaction signature on the computation account
+ * once finalization is detected.
+ *
+ * @param provider - Anchor provider.
+ * @param computationOffset - Computation offset to wait for.
+ * @param mxeProgramId - MXE program public key.
+ * @param commitment - Commitment level for RPC calls (default: 'confirmed').
+ * @param timeoutMs - Maximum wait time in milliseconds (default: 120000).
+ * @returns Transaction signature from the finalization.
+ * @throws Error if the MXE account has no cluster assigned.
+ * @throws Error if the computation does not finalize within timeoutMs.
  */
-async function awaitComputationFinalization(provider, computationOffset, mxeProgramId, commitment = 'confirmed') {
+async function awaitComputationFinalization(provider, computationOffset, mxeProgramId, commitment = 'confirmed', timeoutMs = 120_000) {
+    const conn = provider.connection;
     const arciumProgram = getArciumProgram(provider);
-    const eventListener = new anchor.EventManager(arciumProgram.programId, provider, arciumProgram.coder);
-    const finalizeComp = await awaitEvent(eventListener, 'finalizeComputationEvent', (e) => mxeProgramId.equals(e.mxeProgramId) && e.computationOffset.eq(computationOffset), commitment);
-    return finalizeComp.sig;
-}
-/**
- * Waits for a specific event to occur, matching a custom check, and returns the event and its signature.
- * @param eventListener - The EventManager instance to use for listening.
- * @param eventName - The name of the event to listen for.
- * @param eventCheck - A predicate function to check if the event matches the desired criteria.
- * @param commitment - (Optional) The desired finality/commitment level (default: 'confirmed').
- * @returns An object containing the event and its transaction signature.
- */
-async function awaitEvent(eventListener, eventName, eventCheck, commitment = 'confirmed') {
-    const foundEvent = await new Promise((res) => {
-        const listenerId = eventListener.addEventListener(eventName, (event, _slot, signature) => {
-            if (eventCheck(event))
-                res([event, signature, listenerId]);
-        }, commitment);
-    });
-    await eventListener.removeEventListener(foundEvent[2]);
-    return { event: foundEvent[0], sig: foundEvent[1] };
+    // Derive computation account PDA (requires clusterOffset from MXE account)
+    const mxeAccAddress = getMXEAccAddress(mxeProgramId);
+    const mxeAcc = await arciumProgram.account.mxeAccount.fetch(mxeAccAddress, commitment);
+    if (mxeAcc.cluster === null) {
+        throw new Error('MXE account has no cluster assigned');
+    }
+    const compAccAddress = getComputationAccAddress(mxeAcc.cluster, computationOffset);
+    const startTime = Date.now();
+    let lastStatus = 'unknown';
+    let rpcErrorCount = 0;
+    let lastError;
+    while (Date.now() - startTime < timeoutMs) {
+        let compAcc;
+        try {
+            // eslint-disable-next-line no-await-in-loop
+            compAcc = await arciumProgram.account.computationAccount.fetchNullable(compAccAddress, commitment);
+        }
+        catch (e) {
+            rpcErrorCount++;
+            lastError = e instanceof Error ? e.message : String(e);
+            // eslint-disable-next-line no-await-in-loop
+            await new Promise((r) => {
+                setTimeout(r, POLL_INTERVAL_MS);
+            });
+            continue;
+        }
+        if (compAcc !== null && 'finalized' in compAcc.status) {
+            lastStatus = 'finalized';
+            for (let sigRetry = 0; sigRetry < 10; sigRetry++) {
+                // eslint-disable-next-line no-await-in-loop
+                const sigs = await conn.getSignaturesForAddress(compAccAddress, { limit: 1 }, commitment);
+                if (sigs.length > 0)
+                    return sigs[0].signature;
+                // eslint-disable-next-line no-await-in-loop
+                await new Promise((r) => {
+                    setTimeout(r, POLL_INTERVAL_MS);
+                });
+            }
+            throw new Error('Computation finalized but transaction signature not indexed after retries.');
+        }
+        if (compAcc !== null)
+            lastStatus = 'queued';
+        // eslint-disable-next-line no-await-in-loop
+        await new Promise((r) => {
+            setTimeout(r, POLL_INTERVAL_MS);
+        });
+    }
+    const timeoutMsg = `Computation did not finalize within ${timeoutMs}ms (status: ${lastStatus})`;
+    throw rpcErrorCount > 0
+        ? new Error(timeoutMsg, { cause: new Error(`${rpcErrorCount} RPC errors, last: ${lastError}`) })
+        : new Error(timeoutMsg);
 }
 
 Object.defineProperty(exports, "x25519", {