@arcium-hq/client 0.9.7 → 0.10.0

package/src/idl/arcium_staking.json

@@ -1,5 +1,5 @@
 {
-  "address": "3y53DGSaqMNyiwpMkoHqscEwTV2U29aBW23vibQjw8mL",
+  "address": "6nZ37t1FKG6irnm9nDhDra7i92HWmtLinRtpSj8MEQHN",
   "metadata": {
     "name": "arcium_staking",
     "version": "0.1.0",
@@ -3734,19 +3734,6 @@
     }
   ],
   "accounts": [
-    {
-      "name": "ClockAccount",
-      "discriminator": [
-        152,
-        171,
-        158,
-        195,
-        75,
-        61,
-        51,
-        8
-      ]
-    },
     {
       "name": "DelegatedStakingAccount",
       "discriminator": [

package/src/idl/arcium_staking.ts

@@ -5,7 +5,7 @@
  * IDL can be found at `target/idl/arcium_staking.json`.
  */
 export type ArciumStaking = {
-  "address": "3y53DGSaqMNyiwpMkoHqscEwTV2U29aBW23vibQjw8mL",
+  "address": "6nZ37t1FKG6irnm9nDhDra7i92HWmtLinRtpSj8MEQHN",
   "metadata": {
     "name": "arciumStaking",
     "version": "0.1.0",
@@ -3740,19 +3740,6 @@ export type ArciumStaking = {
     }
   ],
   "accounts": [
-    {
-      "name": "clockAccount",
-      "discriminator": [
-        152,
-        171,
-        158,
-        195,
-        75,
-        61,
-        51,
-        8
-      ]
-    },
     {
       "name": "delegatedStakingAccount",
       "discriminator": [

package/src/onchain.ts

@@ -1,5 +1,5 @@
-import { Program, AnchorProvider } from '@coral-xyz/anchor';
-import * as anchor from '@coral-xyz/anchor';
+import { Program, AnchorProvider } from '@anchor-lang/core';
+import * as anchor from '@anchor-lang/core';
 import { ConfirmOptions, PublicKey } from '@solana/web3.js';
 import { ARCIUM_IDL, ArciumIdlType } from './idl/index.js';
 import { sha256 } from './cryptography/cryptography.js';
@@ -18,8 +18,6 @@ import {
     getArciumProgramId,
     getMXEAccAddress,
     getComputationAccAddress,
-    getMempoolAccAddress,
-    getExecutingPoolAccAddress,
     getFeePoolAccAddress,
     getRawCircuitAccAddress,
     getLookupTableAddress,
@@ -465,38 +463,6 @@ export async function uploadCircuit(
     return sigs;
 }
 
-/**
- * Queue a key recovery initialization for an MXE on a given cluster.
- * @param provider - Anchor provider for signing and sending.
- * @param clusterOffset - Cluster offset to recover keys from.
- * @param mxeProgramId - Public key of the MXE program.
- * @param confirmOptions - Transaction confirmation options.
- * @returns Array of transaction signatures.
- */
-export async function queueKeyRecoveryInit(
-    provider: AnchorProvider,
-    clusterOffset: number,
-    mxeProgramId: anchor.web3.PublicKey,
-    confirmOptions?: ConfirmOptions,
-): Promise<string[]> {
-    const program = getArciumProgram(provider);
-    const sigs: string[] = [];
-    const queueKeyRecoveryInitTx = await program.methods
-        .queueKeyRecoveryInit(clusterOffset, mxeProgramId)
-        .accounts({
-            signer: provider.publicKey,
-            mxeProgram: mxeProgramId,
-        })
-        .transaction();
-    sigs.push(await signAndSendWithBlockhash(
-        provider,
-        queueKeyRecoveryInitTx,
-        await provider.connection.getLatestBlockhash({ commitment: confirmOptions?.commitment || "confirmed" }),
-        confirmOptions,
-    ));
-    return sigs;
-}
-
 /**
  * Build a transaction to finalize a computation definition.
  * @param provider - Anchor provider to use for transactions.
@@ -689,7 +655,9 @@ async function buildUploadCircuitTx(
     let bytesInner = bytes;
 
     if (bytesInner.length < MAX_UPLOAD_PER_TX_BYTES) {
-        const paddedBytes = Buffer.allocUnsafe(MAX_UPLOAD_PER_TX_BYTES);
+        // Zero-fill the padding; allocUnsafe would leak prior process heap
+        // (tx bytes, keys) into public ledger history (R-01).
+        const paddedBytes = Buffer.alloc(MAX_UPLOAD_PER_TX_BYTES);
         paddedBytes.set(bytesInner);
         bytesInner = paddedBytes;
     }
@@ -772,155 +740,6 @@ function getCompDefAccPDA(arciumProgramId: anchor.web3.PublicKey, mxeProgramId:
     return anchor.web3.PublicKey.findProgramAddressSync([Buffer.from(COMP_DEF_ACC_SEED, 'utf-8'), mxeProgramId.toBuffer(), offset], arciumProgramId)[0];
 }
 
-/**
- * Set an MXE to Recovery status, initiating the key recovery process.
- * @param provider - Anchor provider to use for transactions.
- * @param mxeProgramId - Public key of the MXE program to recover.
- * @param confirmOptions - Transaction confirmation options.
- * @returns Transaction signature.
- */
-export async function recoverMxe(
-    provider: AnchorProvider,
-    mxeProgramId: anchor.web3.PublicKey,
-    confirmOptions?: ConfirmOptions,
-): Promise<string> {
-    const program = getArciumProgram(provider);
-    const tx = await program.methods
-        .recoverMxe(mxeProgramId)
-        .accountsPartial({
-            authority: provider.publicKey,
-            mxeProgram: mxeProgramId,
-        })
-        .transaction();
-    return signAndSendWithBlockhash(provider, tx, await provider.connection.getLatestBlockhash({ commitment: confirmOptions?.commitment || 'confirmed' }), confirmOptions);
-}
-
-/**
- * Initialize key recovery execution by creating the MxeRecoveryAccount and
- * registering the key_recovery_final computation definition on the backup MXE.
- * This is split into two parts due to Solana's 10KB per-instruction allocation limit.
- * @param provider - Anchor provider to use for transactions.
- * @param originalMxeProgramId - Public key of the original MXE program being recovered.
- * @param backupMxeProgramId - Public key of the backup MXE program that will take over.
- * @param confirmOptions - Transaction confirmation options.
- * @returns Transaction signature from part2.
- */
-export async function initKeyRecoveryExecution(
-    provider: AnchorProvider,
-    originalMxeProgramId: anchor.web3.PublicKey,
-    backupMxeProgramId: anchor.web3.PublicKey,
-    confirmOptions?: ConfirmOptions,
-): Promise<string> {
-    // Part 1: Create MxeRecoveryAccount with partial size
-    const program = getArciumProgram(provider);
-    const tx1 = await program.methods
-        .initKeyRecoveryExecutionPart1(originalMxeProgramId, backupMxeProgramId)
-        .accountsPartial({
-            payer: provider.publicKey,
-            originalMxeProgram: originalMxeProgramId,
-            backupMxeProgram: backupMxeProgramId,
-        })
-        .transaction();
-    await signAndSendWithBlockhash(provider, tx1, await provider.connection.getLatestBlockhash({ commitment: confirmOptions?.commitment || 'confirmed' }), confirmOptions);
-
-    // Part 2: Reallocate to full size and create computation definition
-    const tx2 = await program.methods
-        .initKeyRecoveryExecutionPart2(originalMxeProgramId, backupMxeProgramId)
-        .accountsPartial({
-            authority: provider.publicKey,
-            payer: provider.publicKey,
-            originalMxeProgram: originalMxeProgramId,
-            backupMxeProgram: backupMxeProgramId,
-        })
-        .transaction();
-    return signAndSendWithBlockhash(provider, tx2, await provider.connection.getLatestBlockhash({ commitment: confirmOptions?.commitment || 'confirmed' }), confirmOptions);
-}
-
-/**
- * Submit a re-encrypted key recovery share from a recovery peer.
- * Recovery peers must decrypt shares using their x25519 private key and re-encrypt
- * them for the backup MXE before submission.
- * @param provider - Anchor provider to use for transactions.
- * @param originalMxeProgramId - Public key of the original MXE program being recovered.
- * @param backupMxeProgramId - Public key of the backup MXE program.
- * @param peerOffset - Offset of the recovery peer.
- * @param peerIndex - Index of this peer in the recovery peers list.
- * @param share - Re-encrypted share: 5 field elements of 32 bytes each (160 bytes total).
- * @param confirmOptions - Transaction confirmation options.
- * @returns Transaction signature.
- */
-export async function submitKeyRecoveryShare(
-    provider: AnchorProvider,
-    originalMxeProgramId: anchor.web3.PublicKey,
-    backupMxeProgramId: anchor.web3.PublicKey,
-    peerOffset: number,
-    peerIndex: number,
-    share: number[][] | Uint8Array[],
-    confirmOptions?: ConfirmOptions,
-): Promise<string> {
-    const program = getArciumProgram(provider);
-    // Convert to array of 5 elements, each 32 bytes
-    const shareArrays: number[][] = share.map(elem => Array.from(elem));
-    if (shareArrays.length !== 5) {
-        throw new Error(`Share must contain exactly 5 elements, got ${shareArrays.length}`);
-    }
-    for (let i = 0; i < 5; i++) {
-        if (shareArrays[i].length !== 32) {
-            throw new Error(`Share element ${i} must be exactly 32 bytes, got ${shareArrays[i].length}`);
-        }
-    }
-    const tx = await program.methods
-        .submitKeyRecoveryShare(
-            originalMxeProgramId,
-            backupMxeProgramId,
-            peerOffset,
-            peerIndex,
-            shareArrays as number[][],
-        )
-        .accountsPartial({
-            signer: provider.publicKey,
-            originalMxeProgram: originalMxeProgramId,
-            backupMxeProgram: backupMxeProgramId,
-        })
-        .transaction();
-    return signAndSendWithBlockhash(provider, tx, await provider.connection.getLatestBlockhash({ commitment: confirmOptions?.commitment || 'confirmed' }), confirmOptions);
-}
-
-/**
- * Finalize key recovery execution after the submission threshold is met.
- * This queues the key_recovery_finalize MPC computation on the backup cluster.
- * @param provider - Anchor provider to use for transactions.
- * @param originalMxeProgramId - Public key of the original MXE program being recovered.
- * @param backupMxeProgramId - Public key of the backup MXE program.
- * @param clusterOffset - Cluster offset where the backup MXE is deployed.
- * @param keyRecoveryFinalizeOffset - Computation offset for the key_recovery_finalize computation.
- * @param confirmOptions - Transaction confirmation options.
- * @returns Transaction signature.
- */
-export async function finalizeKeyRecoveryExecution(
-    provider: AnchorProvider,
-    originalMxeProgramId: anchor.web3.PublicKey,
-    backupMxeProgramId: anchor.web3.PublicKey,
-    clusterOffset: number,
-    keyRecoveryFinalizeOffset: anchor.BN,
-    confirmOptions?: ConfirmOptions,
-): Promise<string> {
-    const program = getArciumProgram(provider);
-    const tx = await program.methods
-        .finalizeKeyRecoveryExecution(originalMxeProgramId, backupMxeProgramId, clusterOffset)
-        .accountsPartial({
-            authority: provider.publicKey,
-            payer: provider.publicKey,
-            keyRecoveryFinalizeComputation: getComputationAccAddress(clusterOffset, keyRecoveryFinalizeOffset),
-            executingPool: getExecutingPoolAccAddress(clusterOffset),
-            mempool: getMempoolAccAddress(clusterOffset),
-            originalMxeProgram: originalMxeProgramId,
-            backupMxeProgram: backupMxeProgramId,
-        })
-        .transaction();
-    return signAndSendWithBlockhash(provider, tx, await provider.connection.getLatestBlockhash({ commitment: confirmOptions?.commitment || 'confirmed' }), confirmOptions);
-}
-
 /**
  * Initialize an MXE (part 1). Due to Solana's 10KB per-instruction allocation limit,
  * this only partially allocates recovery_cluster_acc.
@@ -965,9 +784,9 @@ export async function initMxePart2(
     provider: AnchorProvider,
     clusterOffset: number,
     mxeProgramId: anchor.web3.PublicKey,
-    recoveryPeers: number[],
     keygenOffset: anchor.BN,
     keyRecoveryInitOffset: anchor.BN,
+    recoveryPeers: number[],
     lutOffset: anchor.BN,
     mxeAuthority?: anchor.web3.PublicKey,
     confirmOptions?: ConfirmOptions,

package/src/pda.ts

@@ -1,5 +1,5 @@
 import { PublicKey, AddressLookupTableProgram } from '@solana/web3.js';
-import * as anchor from '@coral-xyz/anchor';
+import * as anchor from '@anchor-lang/core';
 import {
     ARX_NODE_ACC_SEED,
     CLOCK_ACC_SEED,

package/src/utils.ts

@@ -1,4 +1,4 @@
-import * as anchor from '@coral-xyz/anchor';
+import * as anchor from '@anchor-lang/core';
 import { CURVE25519_BASE_FIELD } from './cryptography/rescueDesc.js';
 import { ctAdd, ctLt, ctSelect, ctSignBit, ctSub, verifyBinSize } from './ctUtils.js';
 import { ArciumIdlType } from './idl/index.js';