@auditable/privacy-pool-zk-sdk 0.0.2-rc.8 → 0.1.0

package/dist/cli.js

@@ -6,95 +6,1044 @@ var snarkjs = require('snarkjs');
 
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
 function _interopNamespaceDefault(e) {
-    var n = Object.create(null);
-    if (e) {
-        Object.keys(e).forEach(function (k) {
-            if (k !== 'default') {
-                var d = Object.getOwnPropertyDescriptor(e, k);
-                Object.defineProperty(n, k, d.get ? d : {
-                    enumerable: true,
-                    get: function () { return e[k]; }
-                });
-            }
-        });
-    }
-    n.default = e;
-    return Object.freeze(n);
+	var n = Object.create(null);
+	if (e) {
+		Object.keys(e).forEach(function (k) {
+			if (k !== 'default') {
+				var d = Object.getOwnPropertyDescriptor(e, k);
+				Object.defineProperty(n, k, d.get ? d : {
+					enumerable: true,
+					get: function () { return e[k]; }
+				});
+			}
+		});
+	}
+	n.default = e;
+	return Object.freeze(n);
 }
 
 var fs__namespace = /*#__PURE__*/_interopNamespaceDefault(fs);
 var snarkjs__namespace = /*#__PURE__*/_interopNamespaceDefault(snarkjs);
 
-let wasm;
+function getDefaultExportFromCjs (x) {
+	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
+}
 
-const heap = new Array(128).fill(undefined);
+var dist = {};
 
-heap.push(undefined, null, true, false);
+Object.defineProperty(dist, "__esModule", { value: true });
+dist.bech32m = bech32 = dist.bech32 = void 0;
+const ALPHABET = 'qpzry9x8gf2tvdw0s3jn54khce6mua7l';
+const ALPHABET_MAP = {};
+for (let z = 0; z < ALPHABET.length; z++) {
+    const x = ALPHABET.charAt(z);
+    ALPHABET_MAP[x] = z;
+}
+function polymodStep(pre) {
+    const b = pre >> 25;
+    return (((pre & 0x1ffffff) << 5) ^
+        (-((b >> 0) & 1) & 0x3b6a57b2) ^
+        (-((b >> 1) & 1) & 0x26508e6d) ^
+        (-((b >> 2) & 1) & 0x1ea119fa) ^
+        (-((b >> 3) & 1) & 0x3d4233dd) ^
+        (-((b >> 4) & 1) & 0x2a1462b3));
+}
+function prefixChk(prefix) {
+    let chk = 1;
+    for (let i = 0; i < prefix.length; ++i) {
+        const c = prefix.charCodeAt(i);
+        if (c < 33 || c > 126)
+            return 'Invalid prefix (' + prefix + ')';
+        chk = polymodStep(chk) ^ (c >> 5);
+    }
+    chk = polymodStep(chk);
+    for (let i = 0; i < prefix.length; ++i) {
+        const v = prefix.charCodeAt(i);
+        chk = polymodStep(chk) ^ (v & 0x1f);
+    }
+    return chk;
+}
+function convert(data, inBits, outBits, pad) {
+    let value = 0;
+    let bits = 0;
+    const maxV = (1 << outBits) - 1;
+    const result = [];
+    for (let i = 0; i < data.length; ++i) {
+        value = (value << inBits) | data[i];
+        bits += inBits;
+        while (bits >= outBits) {
+            bits -= outBits;
+            result.push((value >> bits) & maxV);
+        }
+    }
+    if (pad) {
+        if (bits > 0) {
+            result.push((value << (outBits - bits)) & maxV);
+        }
+    }
+    else {
+        if (bits >= inBits)
+            return 'Excess padding';
+        if ((value << (outBits - bits)) & maxV)
+            return 'Non-zero padding';
+    }
+    return result;
+}
+function toWords(bytes) {
+    return convert(bytes, 8, 5, true);
+}
+function fromWordsUnsafe(words) {
+    const res = convert(words, 5, 8, false);
+    if (Array.isArray(res))
+        return res;
+}
+function fromWords(words) {
+    const res = convert(words, 5, 8, false);
+    if (Array.isArray(res))
+        return res;
+    throw new Error(res);
+}
+function getLibraryFromEncoding(encoding) {
+    let ENCODING_CONST;
+    if (encoding === 'bech32') {
+        ENCODING_CONST = 1;
+    }
+    else {
+        ENCODING_CONST = 0x2bc830a3;
+    }
+    function encode(prefix, words, LIMIT) {
+        LIMIT = LIMIT || 90;
+        if (prefix.length + 7 + words.length > LIMIT)
+            throw new TypeError('Exceeds length limit');
+        prefix = prefix.toLowerCase();
+        // determine chk mod
+        let chk = prefixChk(prefix);
+        if (typeof chk === 'string')
+            throw new Error(chk);
+        let result = prefix + '1';
+        for (let i = 0; i < words.length; ++i) {
+            const x = words[i];
+            if (x >> 5 !== 0)
+                throw new Error('Non 5-bit word');
+            chk = polymodStep(chk) ^ x;
+            result += ALPHABET.charAt(x);
+        }
+        for (let i = 0; i < 6; ++i) {
+            chk = polymodStep(chk);
+        }
+        chk ^= ENCODING_CONST;
+        for (let i = 0; i < 6; ++i) {
+            const v = (chk >> ((5 - i) * 5)) & 0x1f;
+            result += ALPHABET.charAt(v);
+        }
+        return result;
+    }
+    function __decode(str, LIMIT) {
+        LIMIT = LIMIT || 90;
+        if (str.length < 8)
+            return str + ' too short';
+        if (str.length > LIMIT)
+            return 'Exceeds length limit';
+        // don't allow mixed case
+        const lowered = str.toLowerCase();
+        const uppered = str.toUpperCase();
+        if (str !== lowered && str !== uppered)
+            return 'Mixed-case string ' + str;
+        str = lowered;
+        const split = str.lastIndexOf('1');
+        if (split === -1)
+            return 'No separator character for ' + str;
+        if (split === 0)
+            return 'Missing prefix for ' + str;
+        const prefix = str.slice(0, split);
+        const wordChars = str.slice(split + 1);
+        if (wordChars.length < 6)
+            return 'Data too short';
+        let chk = prefixChk(prefix);
+        if (typeof chk === 'string')
+            return chk;
+        const words = [];
+        for (let i = 0; i < wordChars.length; ++i) {
+            const c = wordChars.charAt(i);
+            const v = ALPHABET_MAP[c];
+            if (v === undefined)
+                return 'Unknown character ' + c;
+            chk = polymodStep(chk) ^ v;
+            // not in the checksum?
+            if (i + 6 >= wordChars.length)
+                continue;
+            words.push(v);
+        }
+        if (chk !== ENCODING_CONST)
+            return 'Invalid checksum for ' + str;
+        return { prefix, words };
+    }
+    function decodeUnsafe(str, LIMIT) {
+        const res = __decode(str, LIMIT);
+        if (typeof res === 'object')
+            return res;
+    }
+    function decode(str, LIMIT) {
+        const res = __decode(str, LIMIT);
+        if (typeof res === 'object')
+            return res;
+        throw new Error(res);
+    }
+    return {
+        decodeUnsafe,
+        decode,
+        encode,
+        toWords,
+        fromWordsUnsafe,
+        fromWords,
+    };
+}
+var bech32 = dist.bech32 = getLibraryFromEncoding('bech32');
+dist.bech32m = getLibraryFromEncoding('bech32m');
+
+const STEALTH_ADDRESS_HRP = 'stpl1';
+/** BIP-173 default 90 is too small for 64-byte payload (32+32 field coords) after 8→5 bit conversion. */
+const BECH32_STEALTH_LIMIT = 1023;
+function normalizeHex$2(hex) {
+    const s = hex.trim().replace(/^0x/i, '');
+    if (!/^[0-9a-fA-F]*$/.test(s)) {
+        throw new Error('stealth-address: hex must contain only 0-9, a-f');
+    }
+    return s.length % 2 === 0 ? s : `0${s}`;
+}
+function hexToBytes$2(hex) {
+    const norm = normalizeHex$2(hex);
+    const out = new Uint8Array(norm.length / 2);
+    for (let i = 0; i < out.length; i++) {
+        out[i] = parseInt(norm.slice(i * 2, i * 2 + 2), 16);
+    }
+    return out;
+}
+function bytesToHex$1(bytes) {
+    let s = '';
+    for (let i = 0; i < bytes.length; i++) {
+        s += bytes[i].toString(16).padStart(2, '0');
+    }
+    return s;
+}
+function concatBytes(a, b) {
+    const out = new Uint8Array(a.length + b.length);
+    out.set(a, 0);
+    out.set(b, a.length);
+    return out;
+}
+/**
+ * Encodes `x || y` as Bech32 (BIP-173) with human-readable part {@link STEALTH_ADDRESS_HRP} (`stpl1`).
+ * `x` and `y` must have the same byte length so decoding can split the payload in half.
+ */
+function encodeStealthAddress(decoded) {
+    const xb = hexToBytes$2(decoded.x);
+    const yb = hexToBytes$2(decoded.y);
+    if (xb.length !== yb.length) {
+        throw new Error('stealth-address: x and y must encode the same number of bytes for a reversible address');
+    }
+    const payload = concatBytes(xb, yb);
+    const words = bech32.toWords(payload);
+    return bech32.encode(STEALTH_ADDRESS_HRP, words, BECH32_STEALTH_LIMIT);
+}
+/**
+ * Decodes a `stpl1` Bech32 stealth address into `x` and `y` (each half of the payload, as lowercase hex).
+ */
+function decodeStealthAddress(address) {
+    const { prefix, words } = bech32.decode(address, BECH32_STEALTH_LIMIT);
+    if (prefix !== STEALTH_ADDRESS_HRP) {
+        throw new Error(`stealth-address: expected HRP ${STEALTH_ADDRESS_HRP}, got ${JSON.stringify(prefix)}`);
+    }
+    const bytes = new Uint8Array(bech32.fromWords(words));
+    if (bytes.length === 0 || bytes.length % 2 !== 0) {
+        throw new Error('stealth-address: payload length must be positive and even');
+    }
+    const mid = bytes.length / 2;
+    return {
+        x: bytesToHex$1(bytes.subarray(0, mid)),
+        y: bytesToHex$1(bytes.subarray(mid)),
+    };
+}
 
-function getObject(idx) { return heap[idx]; }
+/** Default nonce when deriving the wallet sign-in message. */
+const DEFAULT_STEALTH_SIGN_NONCE = 'main address';
+/**
+ * Plaintext for Stellar wallet message signing (stealth address derivation).
+ * Sign the exact bytes of this string (UTF-8) with the stellar account key.
+ */
+function buildStealthAddressSignMessage(address, nonce = DEFAULT_STEALTH_SIGN_NONCE) {
+    return `Privacy layer app needs you to sign the message for stealth address derivation with address:\n${address}\n and nonce:\n${nonce}.\n\n This will not authorize any transaction.`;
+}
 
-let heap_next = heap.length;
+/** Bech32 HRP for {@link DecodedEphemeralKey} only (`x ‖ y`, 64 bytes). */
+const DECODED_EPHEMERAL_HRP = 'epk1';
+/** Bech32 HRP for {@link DecodedDepositorSharedSecretPreimage} (96 bytes). */
+const DEPOSITOR_SHARED_SECRET_PREIMAGE_HRP = 'epk_dep_pre1';
+const FIELD_BYTES = 32;
+const EPK_POINT_PAYLOAD = FIELD_BYTES * 2;
+const EPK_DEP_PRE_PAYLOAD = FIELD_BYTES * 3;
+const BECH32_LONG_LIMIT = 1023;
+function normalizeHex$1(hex) {
+    const s = hex.trim().replace(/^0x/i, '');
+    if (!/^[0-9a-fA-F]*$/.test(s)) {
+        throw new Error('ephemeral-key: hex must contain only 0-9, a-f');
+    }
+    return s.length % 2 === 0 ? s : `0${s}`;
+}
+function hexToBytes$1(hex) {
+    const norm = normalizeHex$1(hex);
+    const out = new Uint8Array(norm.length / 2);
+    for (let i = 0; i < out.length; i++) {
+        out[i] = parseInt(norm.slice(i * 2, i * 2 + 2), 16);
+    }
+    return out;
+}
+function bytesToHex(bytes) {
+    let s = '';
+    for (let i = 0; i < bytes.length; i++) {
+        s += bytes[i].toString(16).padStart(2, '0');
+    }
+    return s;
+}
+function concat2(a, b) {
+    const out = new Uint8Array(a.length + b.length);
+    out.set(a, 0);
+    out.set(b, a.length);
+    return out;
+}
+function concat3(a, b, c) {
+    const out = new Uint8Array(a.length + b.length + c.length);
+    out.set(a, 0);
+    out.set(b, a.length);
+    out.set(c, a.length + b.length);
+    return out;
+}
+function require32(label, bytes) {
+    if (bytes.length !== FIELD_BYTES) {
+        throw new Error(`ephemeral-key: ${label} must encode exactly ${FIELD_BYTES} bytes, got ${bytes.length}`);
+    }
+}
+/**
+ * 32-byte big-endian integer as hex (64 chars), **< 2^253**, so BabyJub ECDH matches
+ * `circuits/encryption.circom` `Num2Bits(253)` and `libs/cryptography` `scalar_mul_253`.
+ */
+function generateRandomScalarHex32() {
+    const g = globalThis.crypto;
+    if (!g?.getRandomValues) {
+        throw new Error('ephemeral-key: crypto.getRandomValues is required');
+    }
+    const max = 1n << 253n;
+    for (let attempt = 0; attempt < 65536; attempt++) {
+        const b = new Uint8Array(32);
+        g.getRandomValues(b);
+        const hex = bytesToHex(b);
+        if (BigInt(`0x${hex}`) < max) {
+            return hex;
+        }
+    }
+    throw new Error('ephemeral-key: failed to sample scalar < 2^253');
+}
+/** Bech32 `epk1`: encodes `x ‖ y` (64 bytes). */
+function encodeDecodedEphemeralKey(decoded) {
+    const xb = hexToBytes$1(decoded.x);
+    const yb = hexToBytes$1(decoded.y);
+    require32('x', xb);
+    require32('y', yb);
+    const payload = concat2(xb, yb);
+    const words = bech32.toWords(payload);
+    return bech32.encode(DECODED_EPHEMERAL_HRP, words, BECH32_LONG_LIMIT);
+}
+function decodeDecodedEphemeralKey(encoded) {
+    const { prefix, words } = bech32.decode(encoded, BECH32_LONG_LIMIT);
+    if (prefix !== DECODED_EPHEMERAL_HRP) {
+        throw new Error(`ephemeral-key: expected HRP ${DECODED_EPHEMERAL_HRP}, got ${JSON.stringify(prefix)}`);
+    }
+    const bytes = new Uint8Array(bech32.fromWords(words));
+    if (bytes.length !== EPK_POINT_PAYLOAD) {
+        throw new Error(`ephemeral-key: epk1 payload must be ${EPK_POINT_PAYLOAD} bytes, got ${bytes.length}`);
+    }
+    return {
+        x: bytesToHex(bytes.subarray(0, FIELD_BYTES)),
+        y: bytesToHex(bytes.subarray(FIELD_BYTES)),
+    };
+}
+/** Bech32 `epk_dep_pre1`: `randomNonceScalar ‖ recipient.x ‖ recipient.y`. */
+function encodeDepositorSharedSecretPreimage(decoded) {
+    const sb = hexToBytes$1(decoded.randomNonceScalar);
+    const xb = hexToBytes$1(decoded.recipientStealthAddress.x);
+    const yb = hexToBytes$1(decoded.recipientStealthAddress.y);
+    require32('randomNonceScalar', sb);
+    require32('recipientStealthAddress.x', xb);
+    require32('recipientStealthAddress.y', yb);
+    const payload = concat3(sb, xb, yb);
+    const words = bech32.toWords(payload);
+    return bech32.encode(DEPOSITOR_SHARED_SECRET_PREIMAGE_HRP, words, BECH32_LONG_LIMIT);
+}
+function decodeDepositorSharedSecretPreimage(encoded) {
+    const { prefix, words } = bech32.decode(encoded, BECH32_LONG_LIMIT);
+    if (prefix !== DEPOSITOR_SHARED_SECRET_PREIMAGE_HRP) {
+        throw new Error(`ephemeral-key: expected HRP ${DEPOSITOR_SHARED_SECRET_PREIMAGE_HRP}, got ${JSON.stringify(prefix)}`);
+    }
+    const bytes = new Uint8Array(bech32.fromWords(words));
+    if (bytes.length !== EPK_DEP_PRE_PAYLOAD) {
+        throw new Error(`ephemeral-key: epk_dep_pre1 payload must be ${EPK_DEP_PRE_PAYLOAD} bytes, got ${bytes.length}`);
+    }
+    return {
+        randomNonceScalar: bytesToHex(bytes.subarray(0, FIELD_BYTES)),
+        recipientStealthAddress: {
+            x: bytesToHex(bytes.subarray(FIELD_BYTES, FIELD_BYTES * 2)),
+            y: bytesToHex(bytes.subarray(FIELD_BYTES * 2)),
+        },
+    };
+}
 
-function addHeapObject(obj) {
-    if (heap_next === heap.length) heap.push(heap.length + 1);
-    const idx = heap_next;
-    heap_next = heap[idx];
+/** Matches `Transaction(20, 2, 2)` in `circuits/main.circom`. */
+const TRANSACTION_TREE_DEPTH = 20;
+/** BN254 scalar field modulus (ark `Fr`, circom signals). */
+const BN254_SCALAR_MOD = 21888242871839275222246405745257275088548364400416034343698204186575808495617n;
+/**
+ * BabyJub ECDH in `circuits/encryption.circom` uses `Num2Bits(253)`; scalars must be < 2^253
+ * (matches `libs/cryptography` `scalar_mul_253`).
+ */
+const BN254_BABYJUB_SCALAR_MAX_EXCLUSIVE = 1n << 253n;
+function normalizeHex(hex) {
+    const s = hex.trim().replace(/^0x/i, '');
+    if (!/^[0-9a-fA-F]*$/.test(s)) {
+        throw new Error('withdrawal-transaction-input: invalid hex');
+    }
+    return s.length % 2 === 0 ? s : `0${s}`;
+}
+/** 32-byte field coordinate (hex, no 0x) → decimal string mod BN254 scalar field. */
+function coordHexToDecimal(hex) {
+    const h = normalizeHex(hex);
+    if (h.length > 64) {
+        throw new Error('withdrawal-transaction-input: coordinate hex too long');
+    }
+    const v = BigInt(`0x${h}`);
+    return (v % BN254_SCALAR_MOD).toString(10);
+}
+/**
+ * 32-byte big-endian scalar hex → decimal for circom `ephemeralKeyScalar` / ECDH `priv`.
+ * Integer must be < 2^253 (not reduced mod r — values ≥ 2^253 are rejected).
+ */
+function scalarHexToFrDecimal(hex) {
+    const h = normalizeHex(hex);
+    if (h.length > 64) {
+        throw new Error('withdrawal-transaction-input: scalar hex too long');
+    }
+    const v = BigInt(`0x${h.padStart(64, '0').slice(-64)}`);
+    if (v >= BN254_BABYJUB_SCALAR_MAX_EXCLUSIVE) {
+        throw new Error('depositor ephemeral scalar must be < 2^253 (BabyJub Num2Bits); resample with random-scalar');
+    }
+    return v.toString(10);
+}
+/**
+ * Stellar G-address Ed25519 payload (32 bytes as 64 hex, optional 0x) → two circom public decimals
+ * (`withdrawAddressHi` / `withdrawAddressLo`). No mod-r; each half fits in 128 bits.
+ */
+function ed25519PubkeyPayloadHexToWithdrawFrDecimals(hex) {
+    const h = normalizeHex(hex).padStart(64, '0').slice(-64);
+    const hi = BigInt(`0x${h.slice(0, 32)}`);
+    const lo = BigInt(`0x${h.slice(32, 64)}`);
+    return { hi: hi.toString(10), lo: lo.toString(10) };
+}
+/** Uniform random `Fr` as decimal (32 random bytes, mod r). For Poseidon-only inputs (e.g. nullifiers). */
+function randomFrDecimal() {
+    const hex = generateRandomScalarHex32();
+    const v = BigInt(`0x${normalizeHex(hex)}`);
+    return (v % BN254_SCALAR_MOD).toString(10);
+}
+/** Random scalar < 2^253 for BabyJub ECDH / `Num2Bits(253)` (uses {@link generateRandomScalarHex32}). */
+function randomFrDecimal253() {
+    const hex = generateRandomScalarHex32();
+    return BigInt(`0x${normalizeHex(hex)}`).toString(10);
+}
+function zerosTreeSiblings() {
+    return Array(TRANSACTION_TREE_DEPTH).fill('0');
+}
+function dummyWithdraw(wasm) {
+    const nullifier = randomFrDecimal();
+    const secretHex = generateRandomScalarHex32();
+    const secret = (BigInt(`0x${normalizeHex(secretHex)}`) % BN254_SCALAR_MOD).toString(10);
+    const pt = wasm.ecdhEphemeralPublicKeyFromScalarHex(secretHex);
+    return {
+        value: '0',
+        nullifier,
+        secret,
+        ephemeralKeys: [coordHexToDecimal(pt.x), coordHexToDecimal(pt.y)],
+        stateSiblings: zerosTreeSiblings(),
+        stateIndex: '0',
+    };
+}
+function dummyDeposit(wasm) {
+    const nullifier = randomFrDecimal();
+    const ephemeralKeyScalar = randomFrDecimal253();
+    const skHex = generateRandomScalarHex32();
+    const pt = wasm.ecdhEphemeralPublicKeyFromScalarHex(skHex);
+    return {
+        value: '0',
+        nullifier,
+        ephemeralKeyScalar,
+        recipientPublicKeys: [coordHexToDecimal(pt.x), coordHexToDecimal(pt.y)],
+    };
+}
+function resolveWithdraw(slot, wasm) {
+    return slot === 'dummy' ? dummyWithdraw(wasm) : slot;
+}
+function resolveDeposit(slot, wasm) {
+    return slot === 'dummy' ? dummyDeposit(wasm) : slot;
+}
+function buildTransactionWitnessInput(publicParams, withdrawSlots, depositSlots, wasm) {
+    const w0 = resolveWithdraw(withdrawSlots[0], wasm);
+    const w1 = resolveWithdraw(withdrawSlots[1], wasm);
+    const d0 = resolveDeposit(depositSlots[0], wasm);
+    const d1 = resolveDeposit(depositSlots[1], wasm);
+    return {
+        stateRoot: publicParams.stateRoot,
+        withdrawAddressHi: publicParams.withdrawAddressHi,
+        withdrawAddressLo: publicParams.withdrawAddressLo,
+        privKeyScalar: publicParams.privKeyScalar,
+        withdrawnValues: [w0.value, w1.value],
+        withdrawnNullifiers: [w0.nullifier, w1.nullifier],
+        withdrawnSecrets: [w0.secret, w1.secret],
+        ephemeralKeys: [w0.ephemeralKeys, w1.ephemeralKeys],
+        stateSiblings: [w0.stateSiblings, w1.stateSiblings],
+        stateIndex: [w0.stateIndex, w1.stateIndex],
+        depositedValues: [d0.value, d1.value],
+        depositedNullifiers: [d0.nullifier, d1.nullifier],
+        depositedEphemeralKeyScalars: [d0.ephemeralKeyScalar, d1.ephemeralKeyScalar],
+        depositedRecipientPublicKeys: [d0.recipientPublicKeys, d1.recipientPublicKeys],
+    };
+}
+/** `stpl1…` stealth address → `[x, y]` as decimal field strings for `depositedRecipientPublicKeys`. */
+function recipientPublicKeysDecimalFromStealthAddress(stealthAddress) {
+    const { x, y } = decodeStealthAddress(stealthAddress);
+    return [coordHexToDecimal(x), coordHexToDecimal(y)];
+}
+/** First withdraw leg: Merkle witness + depositor ECDH point coordinates (hex). */
+function withdrawObjectFromMerkleWitness(witness, depositorEphemeralHex) {
+    return {
+        value: witness.value,
+        nullifier: witness.nullifier,
+        secret: witness.secret,
+        ephemeralKeys: [
+            coordHexToDecimal(depositorEphemeralHex.x),
+            coordHexToDecimal(depositorEphemeralHex.y),
+        ],
+        stateSiblings: witness.stateSiblings,
+        stateIndex: witness.stateIndex,
+    };
+}
 
-    heap[idx] = obj;
-    return idx;
+function hexToBytes(hex) {
+    const out = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < out.length; i++) {
+        out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+    }
+    return out;
+}
+function bytesToHexLower(bytes) {
+    let s = '';
+    for (let i = 0; i < bytes.length; i++) {
+        s += bytes[i].toString(16).padStart(2, '0');
+    }
+    return s;
+}
+/** Base64 → bytes via `atob` (browsers; Node 16+). No Node `Buffer`. */
+function decodeBase64ToBytes(s) {
+    const t = s.replace(/\s/g, '');
+    if (typeof atob !== 'function') {
+        throw new Error('Base64 decoding requires atob (browser or Node 16+)');
+    }
+    try {
+        const binary = atob(t);
+        const out = new Uint8Array(binary.length);
+        for (let i = 0; i < binary.length; i++) {
+            out[i] = binary.charCodeAt(i);
+        }
+        return out;
+    }
+    catch {
+        throw new Error('Invalid base64 signature');
+    }
+}
+/**
+ * Ed25519 signature as **128 hex chars** (optional `0x`) or **base64** (typically 88 chars for 64 bytes, whitespace ignored).
+ */
+function parseStellarEd25519SignatureRaw(input) {
+    const trimmed = input.trim();
+    const no0x = trimmed.replace(/^0x/i, '');
+    if (/^[0-9a-fA-F]+$/.test(no0x) && no0x.length === 128) {
+        return hexToBytes(no0x.toLowerCase());
+    }
+    const fromB64 = decodeBase64ToBytes(trimmed);
+    if (fromB64.length !== 64) {
+        throw new Error(`Decoded signature must be 64 bytes (Ed25519); got ${fromB64.length} from base64`);
+    }
+    return fromB64;
+}
+/** SHA-256 via Web Crypto only (`crypto.subtle`) — works in browsers and Node 19+ (global `crypto`). */
+async function sha256(data) {
+    const subtle = globalThis.crypto?.subtle;
+    if (!subtle) {
+        throw new Error('SHA-256 requires crypto.subtle (HTTPS or localhost in browsers, or Node.js 19+).');
+    }
+    const copy = new Uint8Array(data.length);
+    copy.set(data);
+    return new Uint8Array(await subtle.digest('SHA-256', copy));
+}
+/**
+ * Stellar Ed25519 signature (hex or base64) → SHA-256(signature bytes) → scalar → WASM ECDH (no UTF-8 seed hash).
+ */
+async function stealthAddressFromStellarSignature(ecdhFromScalarHex, encodeStealth, signature) {
+    const raw = parseStellarEd25519SignatureRaw(signature);
+    const scalar = await sha256(raw);
+    const scalarHex = bytesToHexLower(scalar);
+    const decoded = ecdhFromScalarHex(scalarHex);
+    return encodeStealth(decoded);
+}
+/**
+ * SHA-256(signature) as 32-byte BE integer, truncated to **253 bits** (same effective scalar as
+ * `libs/cryptography` `scalar_mul_253` / circom `Num2Bits(253)`), decimal for `privKeyScalar`.
+ */
+async function privKeyScalarDecimalFromStellarSignature(signature) {
+    const raw = parseStellarEd25519SignatureRaw(signature);
+    const h = await sha256(raw);
+    let v = 0n;
+    for (let i = 0; i < h.length; i++) {
+        v = (v << 8n) + BigInt(h[i]);
+    }
+    const mask = BN254_BABYJUB_SCALAR_MAX_EXCLUSIVE - 1n;
+    return (v & mask).toString(10);
 }
 
-function handleError(f, args) {
+/* @ts-self-types="./client_sdk_wasm.d.ts" */
+
+/**
+ * Merkle root, path, and coin field strings for the first withdraw leg (JSON → JSON).
+ * @param {string} coin_json
+ * @param {string} state_json
+ * @returns {string}
+ */
+function buildWithdrawMerkleWitness(coin_json, state_json) {
+    let deferred4_0;
+    let deferred4_1;
     try {
-        return f.apply(this, args);
-    } catch (e) {
-        wasm.__wbindgen_export_0(addHeapObject(e));
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passStringToWasm0(coin_json, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len0 = WASM_VECTOR_LEN;
+        const ptr1 = passStringToWasm0(state_json, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len1 = WASM_VECTOR_LEN;
+        wasm.buildWithdrawMerkleWitness(retptr, ptr0, len0, ptr1, len1);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+        var r3 = getDataViewMemory0().getInt32(retptr + 4 * 3, true);
+        var ptr3 = r0;
+        var len3 = r1;
+        if (r3) {
+            ptr3 = 0; len3 = 0;
+            throw takeObject(r2);
+        }
+        deferred4_0 = ptr3;
+        deferred4_1 = len3;
+        return getStringFromWasm0(ptr3, len3);
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
+        wasm.__wbindgen_export4(deferred4_0, deferred4_1, 1);
     }
 }
 
-let cachedUint8ArrayMemory0 = null;
+/**
+ * Calculate nullifier hash from nullifier decimal string.
+ * Returns hex string (0x...)
+ * @param {string} nullifier_decimal
+ * @returns {string}
+ */
+function calculateNullifierHash(nullifier_decimal) {
+    let deferred3_0;
+    let deferred3_1;
+    try {
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passStringToWasm0(nullifier_decimal, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len0 = WASM_VECTOR_LEN;
+        wasm.calculateNullifierHash(retptr, ptr0, len0);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+        var r3 = getDataViewMemory0().getInt32(retptr + 4 * 3, true);
+        var ptr2 = r0;
+        var len2 = r1;
+        if (r3) {
+            ptr2 = 0; len2 = 0;
+            throw takeObject(r2);
+        }
+        deferred3_0 = ptr2;
+        deferred3_1 = len2;
+        return getStringFromWasm0(ptr2, len2);
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
+        wasm.__wbindgen_export4(deferred3_0, deferred3_1, 1);
+    }
+}
 
-function getUint8ArrayMemory0() {
-    if (cachedUint8ArrayMemory0 === null || cachedUint8ArrayMemory0.byteLength === 0) {
-        cachedUint8ArrayMemory0 = new Uint8Array(wasm.memory.buffer);
+/**
+ * UTF-8 seed → `SHA256` → scalar → BabyJubJub `BASE8 * r` (circom `ECDHEphemeralKey`).
+ * `x` and `y` are lowercase hex (no `0x`). Bech32 / stealth string: TypeScript `encodeStealthAddress`.
+ * @param {string} seed
+ * @returns {any}
+ */
+function ecdhEphemeralPublicKey(seed) {
+    try {
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passStringToWasm0(seed, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len0 = WASM_VECTOR_LEN;
+        wasm.ecdhEphemeralPublicKey(retptr, ptr0, len0);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+        if (r2) {
+            throw takeObject(r1);
+        }
+        return takeObject(r0);
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
     }
-    return cachedUint8ArrayMemory0;
 }
 
-let cachedTextDecoder = (typeof TextDecoder !== 'undefined' ? new TextDecoder('utf-8', { ignoreBOM: true, fatal: true }) : { decode: () => { throw Error('TextDecoder not available') } } );
+/**
+ * 32-byte scalar as 64 hex chars (optional `0x`) → `ecdh_ephemeral_public_key` (no UTF-8 seed hash).
+ * @param {string} scalar_hex
+ * @returns {any}
+ */
+function ecdhEphemeralPublicKeyFromScalarHex(scalar_hex) {
+    try {
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passStringToWasm0(scalar_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len0 = WASM_VECTOR_LEN;
+        wasm.ecdhEphemeralPublicKeyFromScalarHex(retptr, ptr0, len0);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+        if (r2) {
+            throw takeObject(r1);
+        }
+        return takeObject(r0);
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+}
 
-if (typeof TextDecoder !== 'undefined') { cachedTextDecoder.decode(); }
-const MAX_SAFARI_DECODE_BYTES = 2146435072;
-let numBytesDecoded = 0;
-function decodeText(ptr, len) {
-    numBytesDecoded += len;
-    if (numBytesDecoded >= MAX_SAFARI_DECODE_BYTES) {
-        cachedTextDecoder = (typeof TextDecoder !== 'undefined' ? new TextDecoder('utf-8', { ignoreBOM: true, fatal: true }) : { decode: () => { throw Error('TextDecoder not available') } } );
-        cachedTextDecoder.decode();
-        numBytesDecoded = len;
+/**
+ * Circuit `ECDH`: `priv * (pub_x, pub_y)` → shared key (`key[0], key[1]` hex).
+ * @param {string} priv_hex
+ * @param {string} pub_x_hex
+ * @param {string} pub_y_hex
+ * @returns {any}
+ */
+function ecdhSharedKey(priv_hex, pub_x_hex, pub_y_hex) {
+    try {
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passStringToWasm0(priv_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len0 = WASM_VECTOR_LEN;
+        const ptr1 = passStringToWasm0(pub_x_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len1 = WASM_VECTOR_LEN;
+        const ptr2 = passStringToWasm0(pub_y_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len2 = WASM_VECTOR_LEN;
+        wasm.ecdhSharedKey(retptr, ptr0, len0, ptr1, len1, ptr2, len2);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+        if (r2) {
+            throw takeObject(r1);
+        }
+        return takeObject(r0);
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
     }
-    return cachedTextDecoder.decode(getUint8ArrayMemory0().subarray(ptr, ptr + len));
 }
 
-function getStringFromWasm0(ptr, len) {
-    ptr = ptr >>> 0;
-    return decodeText(ptr, len);
+/**
+ * Generate a new coin with random nullifier, secret, and shared-secret field elements.
+ * `amount` is stroops (u64); JS passes `bigint`.
+ * Returns JSON: { coin: { value, nullifier, secret, commitment }, commitment_hex }
+ * @param {bigint} amount
+ * @returns {any}
+ */
+function generateCoin(amount) {
+    const ret = wasm.generateCoin(amount);
+    return takeObject(ret);
 }
 
-function dropObject(idx) {
-    if (idx < 132) return;
-    heap[idx] = heap_next;
-    heap_next = idx;
+/**
+ * `Poseidon₁(scalar)` secret + fixed ECDH shared coords (hex), matching an aligned deposit witness.
+ * @param {string} scalar_hex
+ * @param {string} shared_x_hex
+ * @param {string} shared_y_hex
+ * @param {bigint} amount
+ * @returns {any}
+ */
+function generateCoinForDepositWithSharedHex(scalar_hex, shared_x_hex, shared_y_hex, amount) {
+    try {
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passStringToWasm0(scalar_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len0 = WASM_VECTOR_LEN;
+        const ptr1 = passStringToWasm0(shared_x_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len1 = WASM_VECTOR_LEN;
+        const ptr2 = passStringToWasm0(shared_y_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len2 = WASM_VECTOR_LEN;
+        wasm.generateCoinForDepositWithSharedHex(retptr, ptr0, len0, ptr1, len1, ptr2, len2, amount);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+        if (r2) {
+            throw takeObject(r1);
+        }
+        return takeObject(r0);
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
+    }
 }
 
-function takeObject(idx) {
-    const ret = getObject(idx);
-    dropObject(idx);
-    return ret;
+/**
+ * `secret` in coin = `Poseidon255(1)(scalar)` per `deposit.circom`; scalar is 32-byte hex (64 chars, optional `0x`).
+ * @param {string} scalar_hex
+ * @param {bigint} amount
+ * @returns {any}
+ */
+function generateCoinFromDepositEphemeralScalarHex(scalar_hex, amount) {
+    try {
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passStringToWasm0(scalar_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len0 = WASM_VECTOR_LEN;
+        wasm.generateCoinFromDepositEphemeralScalarHex(retptr, ptr0, len0, amount);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+        if (r2) {
+            throw takeObject(r1);
+        }
+        return takeObject(r0);
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
+    }
 }
 
-function isLikeNone(x) {
-    return x === undefined || x === null;
+/**
+ * Same as `generateCoin`, but commitment uses the given ECDH shared key (64-char hex coords from `ecdhSharedKey`); shared coords are not stored in `coin` JSON.
+ * @param {string} shared_x_hex
+ * @param {string} shared_y_hex
+ * @param {bigint} amount
+ * @returns {any}
+ */
+function generateCoinWithSharedSecretHex(shared_x_hex, shared_y_hex, amount) {
+    try {
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passStringToWasm0(shared_x_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len0 = WASM_VECTOR_LEN;
+        const ptr1 = passStringToWasm0(shared_y_hex, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len1 = WASM_VECTOR_LEN;
+        wasm.generateCoinWithSharedSecretHex(retptr, ptr0, len0, ptr1, len1, amount);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+        if (r2) {
+            throw takeObject(r1);
+        }
+        return takeObject(r0);
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+}
+
+/**
+ * Convert snarkjs proof JSON to hex bytes for Soroban contract.
+ * @param {string} proof_json
+ * @returns {string}
+ */
+function proofToHex(proof_json) {
+    let deferred2_0;
+    let deferred2_1;
+    try {
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passStringToWasm0(proof_json, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len0 = WASM_VECTOR_LEN;
+        wasm.proofToHex(retptr, ptr0, len0);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        deferred2_0 = r0;
+        deferred2_1 = r1;
+        return getStringFromWasm0(r0, r1);
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
+        wasm.__wbindgen_export4(deferred2_0, deferred2_1, 1);
+    }
+}
+
+/**
+ * Convert snarkjs public signals JSON to hex bytes for Soroban contract.
+ * @param {string} public_json
+ * @returns {string}
+ */
+function publicToHex(public_json) {
+    let deferred2_0;
+    let deferred2_1;
+    try {
+        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+        const ptr0 = passStringToWasm0(public_json, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+        const len0 = WASM_VECTOR_LEN;
+        wasm.publicToHex(retptr, ptr0, len0);
+        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+        deferred2_0 = r0;
+        deferred2_1 = r1;
+        return getStringFromWasm0(r0, r1);
+    } finally {
+        wasm.__wbindgen_add_to_stack_pointer(16);
+        wasm.__wbindgen_export4(deferred2_0, deferred2_1, 1);
+    }
+}
+
+function __wbg_get_imports() {
+    const import0 = {
+        __proto__: null,
+        __wbg_String_8564e559799eccda: function(arg0, arg1) {
+            const ret = String(getObject(arg1));
+            const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+            const len1 = WASM_VECTOR_LEN;
+            getDataViewMemory0().setInt32(arg0 + 4 * 1, len1, true);
+            getDataViewMemory0().setInt32(arg0 + 4 * 0, ptr1, true);
+        },
+        __wbg___wbindgen_debug_string_5398f5bb970e0daa: function(arg0, arg1) {
+            const ret = debugString(getObject(arg1));
+            const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_export, wasm.__wbindgen_export2);
+            const len1 = WASM_VECTOR_LEN;
+            getDataViewMemory0().setInt32(arg0 + 4 * 1, len1, true);
+            getDataViewMemory0().setInt32(arg0 + 4 * 0, ptr1, true);
+        },
+        __wbg___wbindgen_is_function_3c846841762788c1: function(arg0) {
+            const ret = typeof(getObject(arg0)) === 'function';
+            return ret;
+        },
+        __wbg___wbindgen_is_object_781bc9f159099513: function(arg0) {
+            const val = getObject(arg0);
+            const ret = typeof(val) === 'object' && val !== null;
+            return ret;
+        },
+        __wbg___wbindgen_is_string_7ef6b97b02428fae: function(arg0) {
+            const ret = typeof(getObject(arg0)) === 'string';
+            return ret;
+        },
+        __wbg___wbindgen_is_undefined_52709e72fb9f179c: function(arg0) {
+            const ret = getObject(arg0) === undefined;
+            return ret;
+        },
+        __wbg___wbindgen_throw_6ddd609b62940d55: function(arg0, arg1) {
+            throw new Error(getStringFromWasm0(arg0, arg1));
+        },
+        __wbg_call_2d781c1f4d5c0ef8: function() { return handleError(function (arg0, arg1, arg2) {
+            const ret = getObject(arg0).call(getObject(arg1), getObject(arg2));
+            return addHeapObject(ret);
+        }, arguments); },
+        __wbg_crypto_38df2bab126b63dc: function(arg0) {
+            const ret = getObject(arg0).crypto;
+            return addHeapObject(ret);
+        },
+        __wbg_getRandomValues_c44a50d8cfdaebeb: function() { return handleError(function (arg0, arg1) {
+            getObject(arg0).getRandomValues(getObject(arg1));
+        }, arguments); },
+        __wbg_length_ea16607d7b61445b: function(arg0) {
+            const ret = getObject(arg0).length;
+            return ret;
+        },
+        __wbg_msCrypto_bd5a034af96bcba6: function(arg0) {
+            const ret = getObject(arg0).msCrypto;
+            return addHeapObject(ret);
+        },
+        __wbg_new_ab79df5bd7c26067: function() {
+            const ret = new Object();
+            return addHeapObject(ret);
+        },
+        __wbg_new_with_length_825018a1616e9e55: function(arg0) {
+            const ret = new Uint8Array(arg0 >>> 0);
+            return addHeapObject(ret);
+        },
+        __wbg_node_84ea875411254db1: function(arg0) {
+            const ret = getObject(arg0).node;
+            return addHeapObject(ret);
+        },
+        __wbg_process_44c7a14e11e9f69e: function(arg0) {
+            const ret = getObject(arg0).process;
+            return addHeapObject(ret);
+        },
+        __wbg_prototypesetcall_d62e5099504357e6: function(arg0, arg1, arg2) {
+            Uint8Array.prototype.set.call(getArrayU8FromWasm0(arg0, arg1), getObject(arg2));
+        },
+        __wbg_randomFillSync_6c25eac9869eb53c: function() { return handleError(function (arg0, arg1) {
+            getObject(arg0).randomFillSync(takeObject(arg1));
+        }, arguments); },
+        __wbg_require_b4edbdcf3e2a1ef0: function() { return handleError(function () {
+            const ret = module.require;
+            return addHeapObject(ret);
+        }, arguments); },
+        __wbg_set_6be42768c690e380: function(arg0, arg1, arg2) {
+            getObject(arg0)[takeObject(arg1)] = takeObject(arg2);
+        },
+        __wbg_static_accessor_GLOBAL_8adb955bd33fac2f: function() {
+            const ret = typeof global === 'undefined' ? null : global;
+            return isLikeNone(ret) ? 0 : addHeapObject(ret);
+        },
+        __wbg_static_accessor_GLOBAL_THIS_ad356e0db91c7913: function() {
+            const ret = typeof globalThis === 'undefined' ? null : globalThis;
+            return isLikeNone(ret) ? 0 : addHeapObject(ret);
+        },
+        __wbg_static_accessor_SELF_f207c857566db248: function() {
+            const ret = typeof self === 'undefined' ? null : self;
+            return isLikeNone(ret) ? 0 : addHeapObject(ret);
+        },
+        __wbg_static_accessor_WINDOW_bb9f1ba69d61b386: function() {
+            const ret = typeof window === 'undefined' ? null : window;
+            return isLikeNone(ret) ? 0 : addHeapObject(ret);
+        },
+        __wbg_subarray_a068d24e39478a8a: function(arg0, arg1, arg2) {
+            const ret = getObject(arg0).subarray(arg1 >>> 0, arg2 >>> 0);
+            return addHeapObject(ret);
+        },
+        __wbg_versions_276b2795b1c6a219: function(arg0) {
+            const ret = getObject(arg0).versions;
+            return addHeapObject(ret);
+        },
+        __wbindgen_cast_0000000000000001: function(arg0, arg1) {
+            // Cast intrinsic for `Ref(Slice(U8)) -> NamedExternref("Uint8Array")`.
+            const ret = getArrayU8FromWasm0(arg0, arg1);
+            return addHeapObject(ret);
+        },
+        __wbindgen_cast_0000000000000002: function(arg0, arg1) {
+            // Cast intrinsic for `Ref(String) -> Externref`.
+            const ret = getStringFromWasm0(arg0, arg1);
+            return addHeapObject(ret);
+        },
+        __wbindgen_object_clone_ref: function(arg0) {
+            const ret = getObject(arg0);
+            return addHeapObject(ret);
+        },
+        __wbindgen_object_drop_ref: function(arg0) {
+            takeObject(arg0);
+        },
+    };
+    return {
+        __proto__: null,
+        "./client_sdk_wasm_bg.js": import0,
+    };
+}
+
+function addHeapObject(obj) {
+    if (heap_next === heap.length) heap.push(heap.length + 1);
+    const idx = heap_next;
+    heap_next = heap[idx];
+
+    heap[idx] = obj;
+    return idx;
 }
 
 function debugString(val) {
@@ -162,385 +1111,177 @@ function debugString(val) {
     return className;
 }
 
-let WASM_VECTOR_LEN = 0;
-
-const cachedTextEncoder = (typeof TextEncoder !== 'undefined' ? new TextEncoder('utf-8') : { encode: () => { throw Error('TextEncoder not available') } } );
-
-const encodeString = (typeof cachedTextEncoder.encodeInto === 'function'
-    ? function (arg, view) {
-    return cachedTextEncoder.encodeInto(arg, view);
+function dropObject(idx) {
+    if (idx < 1028) return;
+    heap[idx] = heap_next;
+    heap_next = idx;
 }
-    : function (arg, view) {
-    const buf = cachedTextEncoder.encode(arg);
-    view.set(buf);
-    return {
-        read: arg.length,
-        written: buf.length
-    };
-});
-
-function passStringToWasm0(arg, malloc, realloc) {
-
-    if (realloc === undefined) {
-        const buf = cachedTextEncoder.encode(arg);
-        const ptr = malloc(buf.length, 1) >>> 0;
-        getUint8ArrayMemory0().subarray(ptr, ptr + buf.length).set(buf);
-        WASM_VECTOR_LEN = buf.length;
-        return ptr;
-    }
-
-    let len = arg.length;
-    let ptr = malloc(len, 1) >>> 0;
-
-    const mem = getUint8ArrayMemory0();
-
-    let offset = 0;
-
-    for (; offset < len; offset++) {
-        const code = arg.charCodeAt(offset);
-        if (code > 0x7F) break;
-        mem[ptr + offset] = code;
-    }
-
-    if (offset !== len) {
-        if (offset !== 0) {
-            arg = arg.slice(offset);
-        }
-        ptr = realloc(ptr, len, len = offset + arg.length * 3, 1) >>> 0;
-        const view = getUint8ArrayMemory0().subarray(ptr + offset, ptr + len);
-        const ret = encodeString(arg, view);
-
-        offset += ret.written;
-        ptr = realloc(ptr, len, offset, 1) >>> 0;
-    }
 
-    WASM_VECTOR_LEN = offset;
-    return ptr;
+function getArrayU8FromWasm0(ptr, len) {
+    ptr = ptr >>> 0;
+    return getUint8ArrayMemory0().subarray(ptr / 1, ptr / 1 + len);
 }
 
 let cachedDataViewMemory0 = null;
-
 function getDataViewMemory0() {
     if (cachedDataViewMemory0 === null || cachedDataViewMemory0.buffer.detached === true || (cachedDataViewMemory0.buffer.detached === undefined && cachedDataViewMemory0.buffer !== wasm.memory.buffer)) {
         cachedDataViewMemory0 = new DataView(wasm.memory.buffer);
     }
     return cachedDataViewMemory0;
 }
-/**
- * Convert snarkjs public signals JSON to hex bytes for Soroban contract.
- * @param {string} public_json
- * @returns {string}
- */
-function publicToHex(public_json) {
-    let deferred2_0;
-    let deferred2_1;
-    try {
-        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passStringToWasm0(public_json, wasm.__wbindgen_export_1, wasm.__wbindgen_export_2);
-        const len0 = WASM_VECTOR_LEN;
-        wasm.publicToHex(retptr, ptr0, len0);
-        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
-        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
-        deferred2_0 = r0;
-        deferred2_1 = r1;
-        return getStringFromWasm0(r0, r1);
-    } finally {
-        wasm.__wbindgen_add_to_stack_pointer(16);
-        wasm.__wbindgen_export_3(deferred2_0, deferred2_1, 1);
+
+function getStringFromWasm0(ptr, len) {
+    ptr = ptr >>> 0;
+    return decodeText(ptr, len);
+}
+
+let cachedUint8ArrayMemory0 = null;
+function getUint8ArrayMemory0() {
+    if (cachedUint8ArrayMemory0 === null || cachedUint8ArrayMemory0.byteLength === 0) {
+        cachedUint8ArrayMemory0 = new Uint8Array(wasm.memory.buffer);
     }
+    return cachedUint8ArrayMemory0;
 }
 
-/**
- * Calculate nullifier hash from nullifier decimal string.
- * Returns hex string (0x...)
- * @param {string} nullifier_decimal
- * @returns {string}
- */
-function calculateNullifierHash(nullifier_decimal) {
-    let deferred3_0;
-    let deferred3_1;
+function getObject(idx) { return heap[idx]; }
+
+function handleError(f, args) {
     try {
-        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passStringToWasm0(nullifier_decimal, wasm.__wbindgen_export_1, wasm.__wbindgen_export_2);
-        const len0 = WASM_VECTOR_LEN;
-        wasm.calculateNullifierHash(retptr, ptr0, len0);
-        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
-        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
-        var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
-        var r3 = getDataViewMemory0().getInt32(retptr + 4 * 3, true);
-        var ptr2 = r0;
-        var len2 = r1;
-        if (r3) {
-            ptr2 = 0; len2 = 0;
-            throw takeObject(r2);
-        }
-        deferred3_0 = ptr2;
-        deferred3_1 = len2;
-        return getStringFromWasm0(ptr2, len2);
-    } finally {
-        wasm.__wbindgen_add_to_stack_pointer(16);
-        wasm.__wbindgen_export_3(deferred3_0, deferred3_1, 1);
+        return f.apply(this, args);
+    } catch (e) {
+        wasm.__wbindgen_export3(addHeapObject(e));
     }
 }
 
-/**
- * Generate withdrawal SNARK input from coin and state JSON strings.
- * Returns JSON string of SnarkInput.
- * @param {string} coin_json
- * @param {string} state_json
- * @returns {string}
- */
-function generateWithdrawalInput(coin_json, state_json) {
-    let deferred4_0;
-    let deferred4_1;
-    try {
-        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passStringToWasm0(coin_json, wasm.__wbindgen_export_1, wasm.__wbindgen_export_2);
-        const len0 = WASM_VECTOR_LEN;
-        const ptr1 = passStringToWasm0(state_json, wasm.__wbindgen_export_1, wasm.__wbindgen_export_2);
-        const len1 = WASM_VECTOR_LEN;
-        wasm.generateWithdrawalInput(retptr, ptr0, len0, ptr1, len1);
-        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
-        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
-        var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
-        var r3 = getDataViewMemory0().getInt32(retptr + 4 * 3, true);
-        var ptr3 = r0;
-        var len3 = r1;
-        if (r3) {
-            ptr3 = 0; len3 = 0;
-            throw takeObject(r2);
+let heap = new Array(1024).fill(undefined);
+heap.push(undefined, null, true, false);
+
+let heap_next = heap.length;
+
+function isLikeNone(x) {
+    return x === undefined || x === null;
+}
+
+function passStringToWasm0(arg, malloc, realloc) {
+    if (realloc === undefined) {
+        const buf = cachedTextEncoder.encode(arg);
+        const ptr = malloc(buf.length, 1) >>> 0;
+        getUint8ArrayMemory0().subarray(ptr, ptr + buf.length).set(buf);
+        WASM_VECTOR_LEN = buf.length;
+        return ptr;
+    }
+
+    let len = arg.length;
+    let ptr = malloc(len, 1) >>> 0;
+
+    const mem = getUint8ArrayMemory0();
+
+    let offset = 0;
+
+    for (; offset < len; offset++) {
+        const code = arg.charCodeAt(offset);
+        if (code > 0x7F) break;
+        mem[ptr + offset] = code;
+    }
+    if (offset !== len) {
+        if (offset !== 0) {
+            arg = arg.slice(offset);
         }
-        deferred4_0 = ptr3;
-        deferred4_1 = len3;
-        return getStringFromWasm0(ptr3, len3);
-    } finally {
-        wasm.__wbindgen_add_to_stack_pointer(16);
-        wasm.__wbindgen_export_3(deferred4_0, deferred4_1, 1);
+        ptr = realloc(ptr, len, len = offset + arg.length * 3, 1) >>> 0;
+        const view = getUint8ArrayMemory0().subarray(ptr + offset, ptr + len);
+        const ret = cachedTextEncoder.encodeInto(arg, view);
+
+        offset += ret.written;
+        ptr = realloc(ptr, len, offset, 1) >>> 0;
     }
+
+    WASM_VECTOR_LEN = offset;
+    return ptr;
 }
 
-/**
- * Generate a new coin with random nullifier and secret.
- * Returns JSON: { coin: { value, nullifier, secret, commitment }, commitment_hex }
- * @returns {any}
- */
-function generateCoin() {
-    const ret = wasm.generateCoin();
-    return takeObject(ret);
+function takeObject(idx) {
+    const ret = getObject(idx);
+    dropObject(idx);
+    return ret;
 }
 
-/**
- * Convert snarkjs proof JSON to hex bytes for Soroban contract.
- * @param {string} proof_json
- * @returns {string}
- */
-function proofToHex(proof_json) {
-    let deferred2_0;
-    let deferred2_1;
-    try {
-        const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
-        const ptr0 = passStringToWasm0(proof_json, wasm.__wbindgen_export_1, wasm.__wbindgen_export_2);
-        const len0 = WASM_VECTOR_LEN;
-        wasm.proofToHex(retptr, ptr0, len0);
-        var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
-        var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
-        deferred2_0 = r0;
-        deferred2_1 = r1;
-        return getStringFromWasm0(r0, r1);
-    } finally {
-        wasm.__wbindgen_add_to_stack_pointer(16);
-        wasm.__wbindgen_export_3(deferred2_0, deferred2_1, 1);
+let cachedTextDecoder = new TextDecoder('utf-8', { ignoreBOM: true, fatal: true });
+cachedTextDecoder.decode();
+const MAX_SAFARI_DECODE_BYTES = 2146435072;
+let numBytesDecoded = 0;
+function decodeText(ptr, len) {
+    numBytesDecoded += len;
+    if (numBytesDecoded >= MAX_SAFARI_DECODE_BYTES) {
+        cachedTextDecoder = new TextDecoder('utf-8', { ignoreBOM: true, fatal: true });
+        cachedTextDecoder.decode();
+        numBytesDecoded = len;
     }
+    return cachedTextDecoder.decode(getUint8ArrayMemory0().subarray(ptr, ptr + len));
+}
+
+const cachedTextEncoder = new TextEncoder();
+
+if (!('encodeInto' in cachedTextEncoder)) {
+    cachedTextEncoder.encodeInto = function (arg, view) {
+        const buf = cachedTextEncoder.encode(arg);
+        view.set(buf);
+        return {
+            read: arg.length,
+            written: buf.length
+        };
+    };
 }
 
-const EXPECTED_RESPONSE_TYPES = new Set(['basic', 'cors', 'default']);
+let WASM_VECTOR_LEN = 0;
+
+let wasm;
+function __wbg_finalize_init(instance, module) {
+    wasm = instance.exports;
+    cachedDataViewMemory0 = null;
+    cachedUint8ArrayMemory0 = null;
+    return wasm;
+}
 
 async function __wbg_load(module, imports) {
     if (typeof Response === 'function' && module instanceof Response) {
         if (typeof WebAssembly.instantiateStreaming === 'function') {
             try {
                 return await WebAssembly.instantiateStreaming(module, imports);
-
             } catch (e) {
-                const validResponse = module.ok && EXPECTED_RESPONSE_TYPES.has(module.type);
+                const validResponse = module.ok && expectedResponseType(module.type);
 
                 if (validResponse && module.headers.get('Content-Type') !== 'application/wasm') {
                     console.warn("`WebAssembly.instantiateStreaming` failed because your server does not serve Wasm with `application/wasm` MIME type. Falling back to `WebAssembly.instantiate` which is slower. Original error:\n", e);
 
-                } else {
-                    throw e;
-                }
+                } else { throw e; }
             }
         }
 
         const bytes = await module.arrayBuffer();
         return await WebAssembly.instantiate(bytes, imports);
-
     } else {
         const instance = await WebAssembly.instantiate(module, imports);
 
         if (instance instanceof WebAssembly.Instance) {
             return { instance, module };
-
         } else {
             return instance;
         }
     }
-}
-
-function __wbg_get_imports() {
-    const imports = {};
-    imports.wbg = {};
-    imports.wbg.__wbg_buffer_a1a27a0dfa70165d = function(arg0) {
-        const ret = getObject(arg0).buffer;
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_call_f2db6205e5c51dc8 = function() { return handleError(function (arg0, arg1, arg2) {
-        const ret = getObject(arg0).call(getObject(arg1), getObject(arg2));
-        return addHeapObject(ret);
-    }, arguments) };
-    imports.wbg.__wbg_call_fbe8be8bf6436ce5 = function() { return handleError(function (arg0, arg1) {
-        const ret = getObject(arg0).call(getObject(arg1));
-        return addHeapObject(ret);
-    }, arguments) };
-    imports.wbg.__wbg_crypto_574e78ad8b13b65f = function(arg0) {
-        const ret = getObject(arg0).crypto;
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_getRandomValues_b8f5dbd5f3995a9e = function() { return handleError(function (arg0, arg1) {
-        getObject(arg0).getRandomValues(getObject(arg1));
-    }, arguments) };
-    imports.wbg.__wbg_msCrypto_a61aeb35a24c1329 = function(arg0) {
-        const ret = getObject(arg0).msCrypto;
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_new_07b483f72211fd66 = function() {
-        const ret = new Object();
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_new_e52b3efaaa774f96 = function(arg0) {
-        const ret = new Uint8Array(getObject(arg0));
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_newnoargs_ff528e72d35de39a = function(arg0, arg1) {
-        const ret = new Function(getStringFromWasm0(arg0, arg1));
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_newwithbyteoffsetandlength_3b01ecda099177e8 = function(arg0, arg1, arg2) {
-        const ret = new Uint8Array(getObject(arg0), arg1 >>> 0, arg2 >>> 0);
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_newwithlength_08f872dc1e3ada2e = function(arg0) {
-        const ret = new Uint8Array(arg0 >>> 0);
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_node_905d3e251edff8a2 = function(arg0) {
-        const ret = getObject(arg0).node;
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_process_dc0fbacc7c1c06f7 = function(arg0) {
-        const ret = getObject(arg0).process;
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_randomFillSync_ac0988aba3254290 = function() { return handleError(function (arg0, arg1) {
-        getObject(arg0).randomFillSync(takeObject(arg1));
-    }, arguments) };
-    imports.wbg.__wbg_require_60cc747a6bc5215a = function() { return handleError(function () {
-        const ret = module.require;
-        return addHeapObject(ret);
-    }, arguments) };
-    imports.wbg.__wbg_set_3f1d0b984ed272ed = function(arg0, arg1, arg2) {
-        getObject(arg0)[takeObject(arg1)] = takeObject(arg2);
-    };
-    imports.wbg.__wbg_set_fe4e79d1ed3b0e9b = function(arg0, arg1, arg2) {
-        getObject(arg0).set(getObject(arg1), arg2 >>> 0);
-    };
-    imports.wbg.__wbg_static_accessor_GLOBAL_487c52c58d65314d = function() {
-        const ret = typeof global === 'undefined' ? null : global;
-        return isLikeNone(ret) ? 0 : addHeapObject(ret);
-    };
-    imports.wbg.__wbg_static_accessor_GLOBAL_THIS_ee9704f328b6b291 = function() {
-        const ret = typeof globalThis === 'undefined' ? null : globalThis;
-        return isLikeNone(ret) ? 0 : addHeapObject(ret);
-    };
-    imports.wbg.__wbg_static_accessor_SELF_78c9e3071b912620 = function() {
-        const ret = typeof self === 'undefined' ? null : self;
-        return isLikeNone(ret) ? 0 : addHeapObject(ret);
-    };
-    imports.wbg.__wbg_static_accessor_WINDOW_a093d21393777366 = function() {
-        const ret = typeof window === 'undefined' ? null : window;
-        return isLikeNone(ret) ? 0 : addHeapObject(ret);
-    };
-    imports.wbg.__wbg_subarray_dd4ade7d53bd8e26 = function(arg0, arg1, arg2) {
-        const ret = getObject(arg0).subarray(arg1 >>> 0, arg2 >>> 0);
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbg_versions_c01dfd4722a88165 = function(arg0) {
-        const ret = getObject(arg0).versions;
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbindgen_debug_string = function(arg0, arg1) {
-        const ret = debugString(getObject(arg1));
-        const ptr1 = passStringToWasm0(ret, wasm.__wbindgen_export_1, wasm.__wbindgen_export_2);
-        const len1 = WASM_VECTOR_LEN;
-        getDataViewMemory0().setInt32(arg0 + 4 * 1, len1, true);
-        getDataViewMemory0().setInt32(arg0 + 4 * 0, ptr1, true);
-    };
-    imports.wbg.__wbindgen_is_function = function(arg0) {
-        const ret = typeof(getObject(arg0)) === 'function';
-        return ret;
-    };
-    imports.wbg.__wbindgen_is_object = function(arg0) {
-        const val = getObject(arg0);
-        const ret = typeof(val) === 'object' && val !== null;
-        return ret;
-    };
-    imports.wbg.__wbindgen_is_string = function(arg0) {
-        const ret = typeof(getObject(arg0)) === 'string';
-        return ret;
-    };
-    imports.wbg.__wbindgen_is_undefined = function(arg0) {
-        const ret = getObject(arg0) === undefined;
-        return ret;
-    };
-    imports.wbg.__wbindgen_memory = function() {
-        const ret = wasm.memory;
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbindgen_object_clone_ref = function(arg0) {
-        const ret = getObject(arg0);
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbindgen_object_drop_ref = function(arg0) {
-        takeObject(arg0);
-    };
-    imports.wbg.__wbindgen_string_new = function(arg0, arg1) {
-        const ret = getStringFromWasm0(arg0, arg1);
-        return addHeapObject(ret);
-    };
-    imports.wbg.__wbindgen_throw = function(arg0, arg1) {
-        throw new Error(getStringFromWasm0(arg0, arg1));
-    };
-
-    return imports;
-}
-
-function __wbg_finalize_init(instance, module) {
-    wasm = instance.exports;
-    __wbg_init.__wbindgen_wasm_module = module;
-    cachedDataViewMemory0 = null;
-    cachedUint8ArrayMemory0 = null;
-
 
-
-    return wasm;
+    function expectedResponseType(type) {
+        switch (type) {
+            case 'basic': case 'cors': case 'default': return true;
+        }
+        return false;
+    }
 }
 
 function initSync(module) {
     if (wasm !== undefined) return wasm;
 
 
-    if (typeof module !== 'undefined') {
+    if (module !== undefined) {
         if (Object.getPrototypeOf(module) === Object.prototype) {
             ({module} = module);
         } else {
@@ -549,21 +1290,18 @@ function initSync(module) {
     }
 
     const imports = __wbg_get_imports();
-
     if (!(module instanceof WebAssembly.Module)) {
         module = new WebAssembly.Module(module);
     }
-
     const instance = new WebAssembly.Instance(module, imports);
-
-    return __wbg_finalize_init(instance, module);
+    return __wbg_finalize_init(instance);
 }
 
 async function __wbg_init(module_or_path) {
     if (wasm !== undefined) return wasm;
 
 
-    if (typeof module_or_path !== 'undefined') {
+    if (module_or_path !== undefined) {
         if (Object.getPrototypeOf(module_or_path) === Object.prototype) {
             ({module_or_path} = module_or_path);
         } else {
@@ -571,7 +1309,7 @@ async function __wbg_init(module_or_path) {
         }
     }
 
-    if (typeof module_or_path === 'undefined') {
+    if (module_or_path === undefined) {
         module_or_path = new URL('client_sdk_wasm_bg.wasm', (typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href)));
     }
     const imports = __wbg_get_imports();
@@ -582,18 +1320,24 @@ async function __wbg_init(module_or_path) {
 
     const { instance, module } = await __wbg_load(await module_or_path, imports);
 
-    return __wbg_finalize_init(instance, module);
+    return __wbg_finalize_init(instance);
 }
 
 var wasmBindings = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    calculateNullifierHash: calculateNullifierHash,
-    default: __wbg_init,
-    generateCoin: generateCoin,
-    generateWithdrawalInput: generateWithdrawalInput,
-    initSync: initSync,
-    proofToHex: proofToHex,
-    publicToHex: publicToHex
+	__proto__: null,
+	buildWithdrawMerkleWitness: buildWithdrawMerkleWitness,
+	calculateNullifierHash: calculateNullifierHash,
+	default: __wbg_init,
+	ecdhEphemeralPublicKey: ecdhEphemeralPublicKey,
+	ecdhEphemeralPublicKeyFromScalarHex: ecdhEphemeralPublicKeyFromScalarHex,
+	ecdhSharedKey: ecdhSharedKey,
+	generateCoin: generateCoin,
+	generateCoinForDepositWithSharedHex: generateCoinForDepositWithSharedHex,
+	generateCoinFromDepositEphemeralScalarHex: generateCoinFromDepositEphemeralScalarHex,
+	generateCoinWithSharedSecretHex: generateCoinWithSharedSecretHex,
+	initSync: initSync,
+	proofToHex: proofToHex,
+	publicToHex: publicToHex
 });
 
 const isNode$2 = typeof process !== 'undefined' && !!process.versions?.node;
@@ -603,7 +1347,7 @@ async function loadWasm(wasmBinary) {
         return wasmModule;
     if (isNode$2) {
         if (wasmBinary) {
-            initSync(wasmBinary);
+            initSync({ module: wasmBinary });
         }
         else {
             const path = await import('path');
@@ -612,13 +1356,13 @@ async function loadWasm(wasmBinary) {
             const dir = path.dirname(fileURLToPath((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('cli.js', document.baseURI).href))));
             const wasmPath = path.resolve(dir, '..', 'pkg', 'client_sdk_wasm_bg.wasm');
             const buffer = fs.readFileSync(wasmPath);
-            initSync(buffer);
+            initSync({ module: buffer });
         }
         wasmModule = wasmBindings;
     }
     else {
         if (wasmBinary) {
-            initSync(wasmBinary);
+            initSync({ module: wasmBinary });
         }
         else {
             await __wbg_init();
@@ -628,10 +1372,6 @@ async function loadWasm(wasmBinary) {
     return wasmModule;
 }
 
-function getDefaultExportFromCjs (x) {
-	return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
-}
-
 var witness_calculator = async function builder(code, options) {
 
     options = options || {};
@@ -666,6 +1406,8 @@ var witness_calculator = async function builder(code, options) {
                     err = "Not enough memory.\n";
 		} else if (code == 6) {
                     err = "Input signal array access exceeds the size.\n";
+		} else if (code == 7) {
+                    err = "Out of bounds array access.\n";
 		} else {
 		    err = "Unknown error.\n";
                 }
@@ -1090,6 +1832,29 @@ async function generateProof(wtns, zkey) {
     return { proof, publicSignals };
 }
 
+/**
+ * Depositor: `randomNonceScalar * recipientStealthPoint` (same as circom `ECDH` with depositor scalar).
+ */
+function sharedSecretFromDepositorPreimage(ecdhShared, preimage) {
+    const out = ecdhShared(preimage.randomNonceScalar, preimage.recipientStealthAddress.x, preimage.recipientStealthAddress.y);
+    return { x: out.x, y: out.y };
+}
+/**
+ * Recipient: `recipientScalar * ephemeralKey` (same shared point as depositor path when keys match).
+ */
+function sharedSecretFromRecipientPreimage(ecdhShared, preimage) {
+    const out = ecdhShared(preimage.recipientScalar, preimage.ephemeralKey.x, preimage.ephemeralKey.y);
+    return { x: out.x, y: out.y };
+}
+
+/** Stroops amount as WASM `u64` (`bigint`). */
+function wasmU64Stroops(amount) {
+    const b = typeof amount === 'bigint' ? amount : BigInt(amount);
+    if (b < 0n || b > 0xffffffffffffffffn) {
+        throw new RangeError('amount must be a non-negative u64 (stroops)');
+    }
+    return b;
+}
 class PrivacyPoolSDK {
     constructor(wasm, options) {
         this.wasm = wasm;
@@ -1114,20 +1879,70 @@ class PrivacyPoolSDK {
         return new PrivacyPoolSDK(wasm, opts);
     }
     /**
-     * Generate a new coin with random nullifier and secret.
+     * Uniform 32-byte scalar as lowercase hex (Web Crypto). Same in browser and Node 19+.
+     */
+    static generateRandomScalarHex32() {
+        return generateRandomScalarHex32();
+    }
+    /**
+     * Text to sign with a Stellar wallet for stealth derivation (UTF-8). No WASM required.
+     */
+    static buildStealthAddressSignMessage(address, nonce = DEFAULT_STEALTH_SIGN_NONCE) {
+        return buildStealthAddressSignMessage(address, nonce);
+    }
+    /**
+     * Generate a new coin with random nullifier, secret, and random shared-secret field elements (dev / self-contained tests).
+     * @param amount Stroops encoded as `bigint` or integer `number` (WASM `u64`).
+     */
+    generateCoin(amount) {
+        return this.wasm.generateCoin(wasmU64Stroops(amount));
+    }
+    /**
+     * Generate a coin with the same commitment shape as on-chain deposit: pass `ecdhSharedKey` output (hex x, y).
+     * @param amount Stroops (`bigint` | `number`).
+     */
+    generateCoinWithSharedSecret(shared, amount) {
+        return this.wasm.generateCoinWithSharedSecretHex(shared.x, shared.y, wasmU64Stroops(amount));
+    }
+    /**
+     * Coin for a depositor `ephemeralKeyScalar` (32-byte hex): `coin.secret = Poseidon255(1)(scalar)` as in `deposit.circom`.
+     * @param amount Stroops (`bigint` | `number`).
      */
-    generateCoin() {
-        return this.wasm.generateCoin();
+    generateCoinFromDepositEphemeralScalarHex(scalarHex, amount) {
+        return this.wasm.generateCoinFromDepositEphemeralScalarHex(scalarHex, wasmU64Stroops(amount));
     }
     /**
-     * Generate withdrawal SNARK input from coin data and state.
+     * Aligned deposit coin: `secret = Poseidon₁(scalar)` and ECDH shared key from hex coords (e.g. `ecdhSharedKey(scalar, recipient_x, recipient_y)`).
+     * @param amount Stroops (`bigint` | `number`).
      */
-    generateWithdrawalInput(coin, state) {
+    generateCoinForDepositWithSharedHex(scalarHex, sharedXHex, sharedYHex, amount) {
+        return this.wasm.generateCoinForDepositWithSharedHex(scalarHex, sharedXHex, sharedYHex, wasmU64Stroops(amount));
+    }
+    /**
+     * Merkle root, path, and coin fields for the first withdraw leg (Rust LeanIMT + Poseidon).
+     */
+    buildWithdrawMerkleWitness(coin, state) {
         const coinJson = JSON.stringify(coin);
         const stateJson = JSON.stringify(state);
-        const resultJson = this.wasm.generateWithdrawalInput(coinJson, stateJson);
+        const resultJson = this.wasm.buildWithdrawMerkleWitness(coinJson, stateJson);
         return JSON.parse(resultJson);
     }
+    /**
+     * Full `Transaction(20,2,2)` withdrawal proof: one real withdraw + dummies, using coin/state and depositor ECDH point (hex).
+     */
+    async proveWithdrawal(coin, state, params) {
+        const witness = this.buildWithdrawMerkleWitness(coin, state);
+        const w0 = withdrawObjectFromMerkleWitness(witness, {
+            x: params.ephemeralXHex,
+            y: params.ephemeralYHex,
+        });
+        return this.proveTransaction({
+            stateRoot: witness.stateRoot,
+            withdrawAddressHi: params.withdrawAddressHi,
+            withdrawAddressLo: params.withdrawAddressLo,
+            privKeyScalar: params.privKeyScalar,
+        }, [w0, 'dummy'], ['dummy', 'dummy']);
+    }
     /**
      * Convert a snarkjs proof JSON to hex bytes for Soroban.
      */
@@ -1141,16 +1956,33 @@ class PrivacyPoolSDK {
         return this.wasm.publicToHex(JSON.stringify(publicSignals));
     }
     /**
-     * Full withdrawal flow: generate input -> witness -> proof -> serialize.
-     * Returns proof_hex and public_hex ready for Soroban contract call.
+     * BabyJubJub ephemeral point from a 32-byte scalar (hex). For custom {@link WithdrawObject} / tests.
+     */
+    ecdhEphemeralPublicKeyFromScalarHex(scalarHex) {
+        return this.wasm.ecdhEphemeralPublicKeyFromScalarHex(scalarHex);
+    }
+    /** Circuit `ECDH`: scalar (32-byte hex) × recipient BabyJub point → shared key hex coords. */
+    ecdhSharedKey(scalarHex, recipientPubXHex, recipientPubYHex) {
+        return this.wasm.ecdhSharedKey(scalarHex, recipientPubXHex, recipientPubYHex);
+    }
+    /**
+     * `Transaction(20,2,2)` proof from high-level legs: maps to witness input (incl. `"dummy"` ECDH via WASM), then Groth16 → Soroban hex.
+     *
+     * @param publicParams Public inputs: `stateRoot`, `withdrawAddressHi` / `withdrawAddressLo`, `privKeyScalar` (decimal field strings).
+     * @param withdraws Exactly two withdraw slots (`WithdrawObject` or `"dummy"`).
+     * @param deposits Exactly two deposit slots (`DepositObject` or `"dummy"`).
      */
-    async prepareWithdrawal(coin, state) {
-        const snarkInput = this.generateWithdrawalInput(coin, state);
-        const wtns = await generateWitness(snarkInput, this.options.circuitWasm);
+    async proveTransaction(publicParams, withdraws, deposits) {
+        const wasmEcdh = {
+            ecdhEphemeralPublicKeyFromScalarHex: (h) => this.wasm.ecdhEphemeralPublicKeyFromScalarHex(h),
+        };
+        const witnessInput = buildTransactionWitnessInput(publicParams, withdraws, deposits, wasmEcdh);
+        const wtns = await generateWitness(witnessInput, this.options.circuitWasm);
         const { proof, publicSignals } = await generateProof(wtns, this.options.zkey);
-        const proof_hex = this.proofToHex(proof);
-        const public_hex = this.publicToHex(publicSignals);
-        return { proof_hex, public_hex };
+        return {
+            proof_hex: this.proofToHex(proof),
+            public_hex: this.publicToHex(publicSignals),
+        };
     }
     /**
      * Calculate nullifier hash: Poseidon(nullifier)
@@ -1160,8 +1992,37 @@ class PrivacyPoolSDK {
     calculateNullifierHash(nullifier) {
         return this.wasm.calculateNullifierHash(nullifier);
     }
+    /**
+     * Ed25519 signature from signing {@link buildStealthAddressSignMessage}: **128 hex chars** (optional `0x`)
+     * or **base64** (64 raw bytes after decode). `SHA-256(signature bytes)` → scalar → ECDH → `stpl1` Bech32.
+     */
+    async generateStealthAddressFromStellarSignature(signature) {
+        return stealthAddressFromStellarSignature((h) => this.wasm.ecdhEphemeralPublicKeyFromScalarHex(h), encodeStealthAddress, signature);
+    }
+    encodeDecodedEphemeralKey(decoded) {
+        return encodeDecodedEphemeralKey(decoded);
+    }
+    decodeDecodedEphemeralKey(encoded) {
+        return decodeDecodedEphemeralKey(encoded);
+    }
+    encodeDepositorSharedSecretPreimage(decoded) {
+        return encodeDepositorSharedSecretPreimage(decoded);
+    }
+    decodeDepositorSharedSecretPreimage(encoded) {
+        return decodeDepositorSharedSecretPreimage(encoded);
+    }
+    sharedSecretFromDepositorPreimage(preimage) {
+        return sharedSecretFromDepositorPreimage((a, b, c) => this.wasm.ecdhSharedKey(a, b, c), preimage);
+    }
+    sharedSecretFromRecipientPreimage(preimage) {
+        return sharedSecretFromRecipientPreimage((a, b, c) => this.wasm.ecdhSharedKey(a, b, c), preimage);
+    }
 }
 
+/** Pool Merkle tree depth (matches `coin::TREE_DEPTH` / `Transaction` circuit). */
+/** Default coin value in stroops (1 XLM); matches Rust `coin::COIN_VALUE`. */
+const COIN_VALUE_STROOPS = 1000000000;
+
 async function main() {
     const args = process.argv.slice(2);
     if (args.length === 0 || args[0] === '--help' || args[0] === '-h') {
@@ -1172,9 +2033,24 @@ async function main() {
     if (command === 'withdraw') {
         await handleWithdraw(args.slice(1));
     }
+    else if (command === 'deposit-proof') {
+        await handleDepositProof(args.slice(1));
+    }
     else if (command === 'generate') {
         await handleGenerate(args.slice(1));
     }
+    else if (command === 'random-scalar') {
+        handleRandomScalar();
+    }
+    else if (command === 'stealth-sign-message') {
+        handleStealthSignMessage(args.slice(1));
+    }
+    else if (command === 'stealth-from-signature') {
+        await handleStealthFromSignature(args.slice(1));
+    }
+    else if (command === 'priv-scalar-from-signature') {
+        await handlePrivScalarFromSignature(args.slice(1));
+    }
     else {
         console.error(`Unknown command: ${command}`);
         printUsage();
@@ -1189,14 +2065,44 @@ function printUsage() {
 Commands:
   generate                         Generate a new coin
     --output, -o <file>            Output coin to file (default: stdout)
+    --amount <stroops>             Coin value in stroops (u64); default: 1000000000 (1 XLM)
+    --scalar <hex>                 32-byte depositor ephemeral scalar (64 hex, optional 0x); coin.secret = Poseidon₁(scalar) (deposit.circom)
+    --stealth <stpl1...>           With --scalar: ECDH(scalar, recipient) shared secret + aligned commitment (requires WASM ecdhSharedKey)
+
+  random-scalar                    Print random 32-byte hex scalar with integer < 2^253 (BabyJub / circom)
+
+  stealth-sign-message             Print message to sign (Stellar wallet / stellar CLI)
+    --address <G...>               Stellar account address (required)
+    --nonce <string>               Nonce label (default: "main address")
+
+  stealth-from-signature           Derive stpl1 stealth address from Ed25519 signature
+    --signature <value>            128 hex chars (optional 0x) or standard base64 (64 bytes)
+    --signature-file <path>        Read signature from file (whitespace trimmed)
+
+  priv-scalar-from-signature       Print privKeyScalar (decimal Fr) from Stellar Ed25519 signature (SHA-256(sig) mod r)
 
   withdraw                         Generate a withdrawal proof
     --coin <file>                  Path to coin JSON file
     --state <file>                 Path to state JSON file
+    --withdraw-pubkey-hex <hex>    Stellar account Ed25519 payload (32 bytes = 64 hex); splits to public withdrawAddressHi/Lo
+    --withdraw-address-hi <dec>    Optional: override high u128 (decimal) if not using --withdraw-pubkey-hex
+    --withdraw-address-lo <dec>    Optional: override low u128 (decimal)
+    --priv-key-scalar <dec>        privKeyScalar (decimal Fr)
+    --ephemeral-x <hex>            Depositor ECDH point x (64 hex chars, optional 0x)
+    --ephemeral-y <hex>            Depositor ECDH point y (64 hex chars, optional 0x)
     --output-proof <file>          Write proof hex to file
     --output-public <file>         Write public signals hex to file
 
-Output (withdraw):
+  deposit-proof                  Groth16 proof for deposit-only transact (2 dummy withdraws, 1 deposit + dummy)
+    --state-root <dec>           Current Merkle root (decimal Fr), must match pool on submit
+    --stealth <stpl1...>         Recipient stealth address (decodes to recipient public key)
+    --coin <file>                With --ephemeral-scalar-hex: use coin nullifier/value (aligned with generate --scalar --stealth)
+    --ephemeral-scalar-hex <hex>  Same 32-byte hex as deposit / generate --scalar
+    --value <dec>                Deposit amount (stroops as decimal Fr); optional if --coin (must match coin)
+    --output-proof <file>        Write proof hex to file
+    --output-public <file>       Write public signals hex to file
+
+Output (withdraw, deposit-proof):
   Prints proof_hex on first line and public_hex on second line to stdout.
 `);
 }
@@ -1218,13 +2124,101 @@ function parseArgs(args) {
         else if (arg === '-o' && i + 1 < args.length) {
             parsed['output'] = args[++i];
         }
+        else if (arg === '-a' && i + 1 < args.length) {
+            parsed['address'] = args[++i];
+        }
+        else if (arg === '-n' && i + 1 < args.length) {
+            parsed['nonce'] = args[++i];
+        }
+        else if (arg === '-s' && i + 1 < args.length) {
+            parsed['signature'] = args[++i];
+        }
     }
     return parsed;
 }
+function handleStealthSignMessage(args) {
+    const parsed = parseArgs(args);
+    const address = parsed['address'];
+    if (!address) {
+        console.error('Error: --address <G...> is required');
+        process.exit(1);
+    }
+    const nonce = parsed['nonce'] ?? DEFAULT_STEALTH_SIGN_NONCE;
+    console.log(buildStealthAddressSignMessage(address, nonce));
+}
+async function handleStealthFromSignature(args) {
+    const parsed = parseArgs(args);
+    let sig = parsed['signature'];
+    if (parsed['signature-file']) {
+        sig = fs__namespace.readFileSync(parsed['signature-file'], 'utf-8');
+    }
+    if (!sig) {
+        console.error('Error: --signature <hex> or --signature-file <path> is required');
+        process.exit(1);
+    }
+    const sdk = await PrivacyPoolSDK.init();
+    const stealth = await sdk.generateStealthAddressFromStellarSignature(sig);
+    console.log(stealth);
+}
+async function handlePrivScalarFromSignature(args) {
+    const parsed = parseArgs(args);
+    let sig = parsed['signature'];
+    if (parsed['signature-file']) {
+        sig = fs__namespace.readFileSync(parsed['signature-file'], 'utf-8');
+    }
+    if (!sig) {
+        console.error('Error: --signature <hex> or --signature-file <path> is required');
+        process.exit(1);
+    }
+    const dec = await privKeyScalarDecimalFromStellarSignature(sig.trim());
+    console.log(dec);
+}
+function handleRandomScalar() {
+    console.log(PrivacyPoolSDK.generateRandomScalarHex32());
+}
+function parseStroopsU64(label, raw, defaultStroops) {
+    if (raw === undefined) {
+        return defaultStroops;
+    }
+    if (!/^\d+$/.test(raw)) {
+        console.error(`Error: ${label} must be a non-negative decimal integer (stroops u64)`);
+        process.exit(1);
+    }
+    try {
+        const b = BigInt(raw);
+        if (b < 0n || b > 0xffffffffffffffffn) {
+            console.error(`Error: ${label} out of u64 range`);
+            process.exit(1);
+        }
+        return b;
+    }
+    catch {
+        console.error(`Error: invalid ${label}`);
+        process.exit(1);
+    }
+}
 async function handleGenerate(args) {
     const parsed = parseArgs(args);
     const sdk = await PrivacyPoolSDK.init();
-    const coin = sdk.generateCoin();
+    const scalar = parsed['scalar'];
+    const stealth = parsed['stealth'];
+    const amount = parseStroopsU64('--amount', parsed['amount'], BigInt(COIN_VALUE_STROOPS));
+    if (stealth && !scalar) {
+        console.error('Error: --stealth requires --scalar');
+        process.exit(1);
+    }
+    let coin;
+    if (scalar && stealth) {
+        const { x, y } = decodeStealthAddress(stealth);
+        const shared = sdk.ecdhSharedKey(scalar, x, y);
+        coin = sdk.generateCoinForDepositWithSharedHex(scalar, shared.x, shared.y, amount);
+    }
+    else if (scalar) {
+        coin = sdk.generateCoinFromDepositEphemeralScalarHex(scalar, amount);
+    }
+    else {
+        coin = sdk.generateCoin(amount);
+    }
     const json = JSON.stringify(coin, null, 2);
     if (parsed['output']) {
         fs__namespace.writeFileSync(parsed['output'], json);
@@ -1245,11 +2239,37 @@ async function handleWithdraw(args) {
         console.error('Error: --state <file> is required');
         process.exit(1);
     }
+    let withdrawHi = parsed['withdraw-address-hi'];
+    let withdrawLo = parsed['withdraw-address-lo'];
+    const pkHex = parsed['withdraw-pubkey-hex'];
+    if (pkHex) {
+        const parts = ed25519PubkeyPayloadHexToWithdrawFrDecimals(pkHex);
+        withdrawHi = parts.hi;
+        withdrawLo = parts.lo;
+    }
+    if (withdrawHi === undefined || withdrawLo === undefined) {
+        console.error('Error: provide --withdraw-pubkey-hex <64 hex> or both --withdraw-address-hi and --withdraw-address-lo');
+        process.exit(1);
+    }
+    if (!parsed['priv-key-scalar']) {
+        console.error('Error: --priv-key-scalar <dec> is required');
+        process.exit(1);
+    }
+    if (!parsed['ephemeral-x'] || !parsed['ephemeral-y']) {
+        console.error('Error: --ephemeral-x <hex> and --ephemeral-y <hex> are required');
+        process.exit(1);
+    }
     const coinFile = JSON.parse(fs__namespace.readFileSync(parsed['coin'], 'utf-8'));
     const coin = coinFile.coin || coinFile;
     const state = JSON.parse(fs__namespace.readFileSync(parsed['state'], 'utf-8'));
     const sdk = await PrivacyPoolSDK.init();
-    const result = await sdk.prepareWithdrawal(coin, state);
+    const result = await sdk.proveWithdrawal(coin, state, {
+        withdrawAddressHi: withdrawHi,
+        withdrawAddressLo: withdrawLo,
+        privKeyScalar: parsed['priv-key-scalar'],
+        ephemeralXHex: parsed['ephemeral-x'],
+        ephemeralYHex: parsed['ephemeral-y'],
+    });
     // Output proof and public hex to stdout (newline-separated)
     console.log(result.proof_hex);
     console.log(result.public_hex);
@@ -1263,6 +2283,69 @@ async function handleWithdraw(args) {
         console.error(`Public signals written to: ${parsed['output-public']}`);
     }
 }
+async function handleDepositProof(args) {
+    const parsed = parseArgs(args);
+    if (!parsed['state-root']) {
+        console.error('Error: --state-root <dec> is required');
+        process.exit(1);
+    }
+    if (!parsed['stealth']) {
+        console.error('Error: --stealth <stpl1...> is required');
+        process.exit(1);
+    }
+    const sdk = await PrivacyPoolSDK.init();
+    const recipientPublicKeys = recipientPublicKeysDecimalFromStealthAddress(parsed['stealth']);
+    const coinPath = parsed['coin'];
+    const ephemeralScalarHex = parsed['ephemeral-scalar-hex'];
+    let deposit;
+    if (coinPath || ephemeralScalarHex) {
+        if (!coinPath || !ephemeralScalarHex) {
+            console.error('Error: aligned deposit proof requires both --coin <file> and --ephemeral-scalar-hex <hex>');
+            process.exit(1);
+        }
+        const coinFile = JSON.parse(fs__namespace.readFileSync(coinPath, 'utf-8'));
+        const c = coinFile.coin || coinFile;
+        const value = parsed['value'] ?? c.value;
+        if (parsed['value'] && parsed['value'] !== c.value) {
+            console.error('Error: --value must match coin.value when using --coin');
+            process.exit(1);
+        }
+        deposit = {
+            value,
+            nullifier: c.nullifier,
+            ephemeralKeyScalar: scalarHexToFrDecimal(ephemeralScalarHex),
+            recipientPublicKeys,
+        };
+    }
+    else {
+        if (!parsed['value']) {
+            console.error('Error: --value <dec> is required (unless using --coin and --ephemeral-scalar-hex)');
+            process.exit(1);
+        }
+        deposit = {
+            value: parsed['value'],
+            nullifier: randomFrDecimal(),
+            ephemeralKeyScalar: randomFrDecimal253(),
+            recipientPublicKeys,
+        };
+    }
+    const result = await sdk.proveTransaction({
+        stateRoot: parsed['state-root'],
+        withdrawAddressHi: '0',
+        withdrawAddressLo: '0',
+        privKeyScalar: randomFrDecimal253(),
+    }, ['dummy', 'dummy'], [deposit, 'dummy']);
+    console.log(result.proof_hex);
+    console.log(result.public_hex);
+    if (parsed['output-proof']) {
+        fs__namespace.writeFileSync(parsed['output-proof'], result.proof_hex);
+        console.error(`Proof written to: ${parsed['output-proof']}`);
+    }
+    if (parsed['output-public']) {
+        fs__namespace.writeFileSync(parsed['output-public'], result.public_hex);
+        console.error(`Public signals written to: ${parsed['output-public']}`);
+    }
+}
 main().catch((err) => {
     console.error('Error:', err.message || err);
     process.exit(1);