@cardanowall/sdk-ts 0.0.0

package/dist/client/index.js

@@ -0,0 +1,2641 @@
+import { encode } from 'cbor2';
+import { sortCoreDeterministic } from 'cbor2/sorts';
+import { blake2b } from '@noble/hashes/blake2.js';
+import * as ed from '@noble/ed25519';
+import { sha512, sha256 as sha256$1 } from '@noble/hashes/sha2.js';
+import 'hash-wasm';
+import { z } from 'zod';
+import { randomBytes as randomBytes$1 } from '@noble/ciphers/utils.js';
+import { hmac } from '@noble/hashes/hmac.js';
+import { xchacha20poly1305, chacha20poly1305 } from '@noble/ciphers/chacha.js';
+import { hkdf } from '@noble/hashes/hkdf.js';
+import '@noble/curves/abstract/edwards.js';
+import '@noble/curves/abstract/montgomery.js';
+import '@noble/curves/abstract/weierstrass.js';
+import { x25519 } from '@noble/curves/ed25519.js';
+import '@noble/curves/nist.js';
+import { concatBytes, asciiToBytes, bytesToNumberLE, bytesToNumberBE } from '@noble/curves/utils.js';
+import { sha3_256, shake256, sha3_512, shake128 } from '@noble/hashes/sha3.js';
+import { anumber, abytes, randomBytes as randomBytes$2, u32, swap32IfBE } from '@noble/hashes/utils.js';
+import { FFTCore, reverseBits } from '@noble/curves/abstract/fft.js';
+
+// ../crypto-core/dist/cbor.js
+function encodeCanonicalCbor(value) {
+  return encode(value, {
+    cde: true,
+    collapseBigInts: true,
+    rejectDuplicateKeys: true,
+    sortKeys: sortCoreDeterministic
+  });
+}
+function encodeCanonicalCbor2(value) {
+  return encode(value, {
+    cde: true,
+    collapseBigInts: true,
+    rejectDuplicateKeys: true,
+    sortKeys: sortCoreDeterministic
+  });
+}
+ed.hashes.sha512 = sha512;
+ed.Point.CURVE().n;
+var CARDANO_POE_SIG_DOMAIN_PREFIX = "cardano-poe-record-sig-v1";
+var CARDANO_POE_SIG_DOMAIN_PREFIX_BYTES = new TextEncoder().encode(
+  CARDANO_POE_SIG_DOMAIN_PREFIX
+);
+if (CARDANO_POE_SIG_DOMAIN_PREFIX_BYTES.length !== 25) {
+  throw new Error(
+    `cardano-poe-record-sig-v1 prefix must encode to exactly 25 UTF-8 bytes, got ${CARDANO_POE_SIG_DOMAIN_PREFIX_BYTES.length}`
+  );
+}
+var EMPTY_BYTES = new Uint8Array(0);
+function buildSigStructure(args) {
+  return encodeCanonicalCbor2([
+    args.context,
+    args.bodyProtectedBytes,
+    args.externalAad,
+    args.payload
+  ]);
+}
+function buildCip309SigStructure(args) {
+  const toSign = new Uint8Array(
+    CARDANO_POE_SIG_DOMAIN_PREFIX_BYTES.length + args.recordBodyCbor.length
+  );
+  toSign.set(CARDANO_POE_SIG_DOMAIN_PREFIX_BYTES, 0);
+  toSign.set(args.recordBodyCbor, CARDANO_POE_SIG_DOMAIN_PREFIX_BYTES.length);
+  return buildSigStructure({
+    context: "Signature1",
+    bodyProtectedBytes: args.bodyProtectedBytes,
+    externalAad: EMPTY_BYTES,
+    payload: toSign
+  });
+}
+function encodeCoseSign1(args) {
+  const protectedBytes = args.protectedHeader.size === 0 ? EMPTY_BYTES : encodeCanonicalCbor2(args.protectedHeader);
+  return encodeCanonicalCbor2([
+    protectedBytes,
+    args.unprotectedHeader,
+    args.payload,
+    args.signature
+  ]);
+}
+function sha256(input) {
+  return sha256$1(input);
+}
+function blake2b256(input) {
+  return blake2b(input, { dkLen: 32 });
+}
+function blake2b224(input) {
+  return blake2b(input, { dkLen: 28 });
+}
+var MERKLE_ALG_ID = "rfc9162-sha256";
+var LEAF_PREFIX = 0;
+var NODE_PREFIX = 1;
+var DIGEST_LENGTH = 32;
+function validateLeaves(leaves, fnName) {
+  if (leaves.length === 0) {
+    throw new Error(`${fnName}: empty leaf list (n == 0 is forbidden by RFC 9162 \xA72.1.1)`);
+  }
+  for (let i = 0; i < leaves.length; i++) {
+    const leaf = leaves[i];
+    if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH) {
+      throw new Error(
+        `${fnName}: leaf[${i}] must be a Uint8Array(${DIGEST_LENGTH}); got length ${leaf instanceof Uint8Array ? leaf.length : "non-Uint8Array"}`
+      );
+    }
+  }
+}
+function merkleSha2256Root(leaves) {
+  validateLeaves(leaves, "merkleSha2256Root");
+  return mthRecursive(leaves, 0, leaves.length);
+}
+function largestPow2Lt(n) {
+  let k = 1;
+  while (k * 2 < n) k *= 2;
+  return k;
+}
+function hashLeaf(d) {
+  const buf = new Uint8Array(1 + d.length);
+  buf[0] = LEAF_PREFIX;
+  buf.set(d, 1);
+  return sha256$1(buf);
+}
+function hashNode(left, right) {
+  const buf = new Uint8Array(1 + left.length + right.length);
+  buf[0] = NODE_PREFIX;
+  buf.set(left, 1);
+  buf.set(right, 1 + left.length);
+  return sha256$1(buf);
+}
+function mthRecursive(leaves, start, end) {
+  const n = end - start;
+  if (n === 1) {
+    return hashLeaf(leaves[start]);
+  }
+  const k = largestPow2Lt(n);
+  const left = mthRecursive(leaves, start, start + k);
+  const right = mthRecursive(leaves, start + k, end);
+  return hashNode(left, right);
+}
+var ChunkedBytesArraySchema = z.array(
+  z.instanceof(Uint8Array).refine((b) => b.length >= 1 && b.length <= 64, {
+    params: { code: "CHUNK_TOO_LARGE" }
+  })
+).min(1);
+var UTF8_ENCODER = new TextEncoder();
+var UriChunkArraySchema = z.array(
+  z.string().refine(
+    (s) => {
+      const n = UTF8_ENCODER.encode(s).length;
+      return n >= 1 && n <= 64;
+    },
+    { params: { code: "CHUNK_TOO_LARGE" } }
+  )
+).min(1);
+var HashDigestSchema = z.instanceof(Uint8Array);
+var HashesMapSchema = z.record(z.string(), HashDigestSchema);
+var MerkleCommitSchema = z.object({
+  alg: z.string(),
+  root: z.instanceof(Uint8Array),
+  leaf_count: z.number().int().min(1),
+  uris: z.array(UriChunkArraySchema).min(1).optional()
+}).strict();
+var SlotSchema = z.object({
+  epk: z.instanceof(Uint8Array).optional(),
+  kem_ct: ChunkedBytesArraySchema.optional(),
+  wrap: z.instanceof(Uint8Array).optional()
+});
+z.object({
+  m: z.number().int(),
+  t: z.number().int(),
+  p: z.number().int()
+}).strict();
+var PassphraseBlockSchema = z.object({
+  alg: z.string(),
+  salt: z.instanceof(Uint8Array).superRefine((bytes, ctx) => {
+    if (bytes.length < 16) {
+      ctx.addIssue({
+        code: "custom",
+        path: [],
+        message: `passphrase.salt length ${bytes.length} < 16`,
+        params: { code: "ENC_PASSPHRASE_SALT_TOO_SHORT" }
+      });
+    } else if (bytes.length > 64) {
+      ctx.addIssue({
+        code: "custom",
+        path: [],
+        message: `passphrase.salt length ${bytes.length} > 64`,
+        params: { code: "ENC_PASSPHRASE_SALT_TOO_LONG" }
+      });
+    }
+  }),
+  params: z.record(z.string(), z.unknown())
+}).strict();
+z.object({
+  scheme: z.unknown(),
+  aead: z.string(),
+  kem: z.string().optional(),
+  nonce: z.instanceof(Uint8Array),
+  slots: z.array(SlotSchema).optional(),
+  slots_mac: z.instanceof(Uint8Array).refine((b) => b.length === 32, {
+    params: { code: "ENC_SLOTS_MAC_INVALID_LENGTH" }
+  }).optional(),
+  passphrase: PassphraseBlockSchema.optional()
+}).strict();
+var ItemEntrySchema = z.object({
+  hashes: HashesMapSchema,
+  uris: z.array(UriChunkArraySchema).min(1).optional(),
+  // Captured as `unknown` so the validator can run the
+  // `ENC_REQUIRES_CONTENT_HASH` pre-check ahead of any inner-shape errors
+  // and surface the most informative code first.
+  enc: z.unknown().optional()
+}).strict();
+var SigEntrySchema = z.object({
+  cose_key: ChunkedBytesArraySchema.optional(),
+  cose_sign1: ChunkedBytesArraySchema
+}).strict();
+var SupersedesSchema = z.instanceof(Uint8Array).refine((b) => b.length === 32, {
+  params: { code: "SUPERSEDES_TX_INVALID_LENGTH" }
+});
+var VersionLiteralSchema = z.literal(1);
+z.looseObject({
+  v: VersionLiteralSchema,
+  items: z.array(ItemEntrySchema).optional(),
+  merkle: z.array(MerkleCommitSchema).optional(),
+  supersedes: SupersedesSchema.optional(),
+  sigs: z.array(SigEntrySchema).optional(),
+  crit: z.array(z.string()).optional()
+});
+
+// ../poe-standard/src/encoder.ts
+function encodePoeRecord(record) {
+  return encodeCanonicalCbor(recordToCbor(record));
+}
+function encodeRecordBodyForSigning(record) {
+  const body = recordToCborInternal(
+    record,
+    /* includeSigs */
+    false
+  );
+  return encodeCanonicalCbor(body);
+}
+function recordToCbor(record) {
+  return recordToCborInternal(
+    record,
+    /* includeSigs */
+    true
+  );
+}
+function recordToCborInternal(record, includeSigs) {
+  const out = { v: record.v };
+  if (record.items !== void 0) out["items"] = record.items.map(itemToCbor);
+  if (record.merkle !== void 0) out["merkle"] = record.merkle.map(merkleToCbor);
+  if (record.supersedes !== void 0) out["supersedes"] = record.supersedes;
+  if (includeSigs && record.sigs !== void 0) out["sigs"] = record.sigs.map(sigEntryToCbor);
+  if (record.crit !== void 0) out["crit"] = record.crit.slice();
+  for (const [k, v] of Object.entries(record)) {
+    if (k === "v" || k === "items" || k === "merkle" || k === "supersedes" || k === "sigs" || k === "crit") {
+      continue;
+    }
+    out[k] = v;
+  }
+  return out;
+}
+function itemToCbor(item) {
+  const out = { hashes: hashesToCbor(item.hashes) };
+  if (item.uris !== void 0) {
+    out["uris"] = item.uris.map((chunks) => chunks.slice());
+  }
+  if (item.enc !== void 0) {
+    out["enc"] = envelopeToCbor(item.enc);
+  }
+  return out;
+}
+function hashesToCbor(hashes2) {
+  const out = {};
+  for (const [alg, digest] of Object.entries(hashes2)) {
+    out[alg] = digest;
+  }
+  return out;
+}
+function merkleToCbor(commit) {
+  const out = {
+    alg: commit.alg,
+    root: commit.root,
+    leaf_count: commit.leaf_count
+  };
+  if (commit.uris !== void 0) {
+    out["uris"] = commit.uris.map((chunks) => chunks.slice());
+  }
+  return out;
+}
+function envelopeToCbor(enc) {
+  const out = {
+    scheme: enc.scheme,
+    aead: enc.aead,
+    nonce: enc.nonce
+  };
+  if (enc.kem !== void 0) out["kem"] = enc.kem;
+  if (enc.slots !== void 0) out["slots"] = enc.slots.map(slotToCbor);
+  if (enc.slots_mac !== void 0) out["slots_mac"] = enc.slots_mac;
+  if (enc.passphrase !== void 0) out["passphrase"] = passphraseToCbor(enc.passphrase);
+  return out;
+}
+function slotToCbor(slot) {
+  if (slot.kem_ct !== void 0) {
+    return { kem_ct: slot.kem_ct.map((c) => c), wrap: slot.wrap };
+  }
+  return { epk: slot.epk, wrap: slot.wrap };
+}
+function passphraseToCbor(pp) {
+  return {
+    alg: pp.alg,
+    salt: pp.salt,
+    params: pp.params
+  };
+}
+function sigEntryToCbor(entry) {
+  const out = { cose_sign1: entry.cose_sign1.map((b) => b) };
+  if (entry.cose_key !== void 0) {
+    out["cose_key"] = entry.cose_key.map((b) => b);
+  }
+  return out;
+}
+
+// ../poe-standard/src/chunked.ts
+var CHUNK_MAX_BYTES = 64;
+var UTF8_ENCODER2 = new TextEncoder();
+function chunkBytes(value) {
+  if (value.length === 0) return [new Uint8Array(0)];
+  const chunks = [];
+  for (let i = 0; i < value.length; i += CHUNK_MAX_BYTES) {
+    chunks.push(value.subarray(i, Math.min(i + CHUNK_MAX_BYTES, value.length)));
+  }
+  return chunks;
+}
+function chunkUri(uri) {
+  const bytes = UTF8_ENCODER2.encode(uri);
+  if (bytes.length === 0) return [""];
+  if (bytes.length <= CHUNK_MAX_BYTES) return [uri];
+  const decoder = new TextDecoder("utf-8", { fatal: true });
+  const chunks = [];
+  let cursor = 0;
+  while (cursor < bytes.length) {
+    let end = Math.min(cursor + CHUNK_MAX_BYTES, bytes.length);
+    while (end < bytes.length && (bytes[end] & 192) === 128) end--;
+    chunks.push(decoder.decode(bytes.subarray(cursor, end)));
+    cursor = end;
+  }
+  return chunks;
+}
+
+// src/client/off-host-sign.ts
+var EMPTY_BYTES2 = new Uint8Array(0);
+var ED25519_PUBLIC_KEY_LENGTH = 32;
+var ED25519_SIGNATURE_LENGTH = 64;
+var OffHostSignError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.name = "OffHostSignError";
+    this.code = code;
+  }
+};
+function buildToSign(record) {
+  const body = encodeRecordBodyForSigning(record);
+  const out = new Uint8Array(CARDANO_POE_SIG_DOMAIN_PREFIX_BYTES.length + body.length);
+  out.set(CARDANO_POE_SIG_DOMAIN_PREFIX_BYTES, 0);
+  out.set(body, CARDANO_POE_SIG_DOMAIN_PREFIX_BYTES.length);
+  return out;
+}
+function encodePath1ProtectedHeader(signerPubkey) {
+  const protectedHeader = /* @__PURE__ */ new Map([
+    [1, -8],
+    [4, signerPubkey]
+  ]);
+  const protectedHeaderBytes = encodeCanonicalCbor(protectedHeader);
+  return { protectedHeader, protectedHeaderBytes };
+}
+function prepareSigStructure(args) {
+  if (args.signerPubkey.length !== ED25519_PUBLIC_KEY_LENGTH) {
+    throw new OffHostSignError(
+      "INVALID_PUBKEY_LENGTH",
+      `signerPubkey must be 32 bytes (Ed25519 raw public key), got ${args.signerPubkey.length}`
+    );
+  }
+  const { protectedHeaderBytes } = encodePath1ProtectedHeader(args.signerPubkey);
+  const recordBodyCbor = encodeRecordBodyForSigning(args.record);
+  const sigStructureBytes = buildCip309SigStructure({
+    bodyProtectedBytes: protectedHeaderBytes,
+    recordBodyCbor
+  });
+  return { sigStructureBytes, protectedHeaderBytes };
+}
+function assembleCoseSign1(args) {
+  if (args.signerPubkey.length !== ED25519_PUBLIC_KEY_LENGTH) {
+    throw new OffHostSignError(
+      "INVALID_PUBKEY_LENGTH",
+      `signerPubkey must be 32 bytes (Ed25519 raw public key), got ${args.signerPubkey.length}`
+    );
+  }
+  if (args.signature.length !== ED25519_SIGNATURE_LENGTH) {
+    throw new OffHostSignError(
+      "INVALID_SIGNATURE_LENGTH",
+      `signature must be 64 bytes (Ed25519 raw signature), got ${args.signature.length}`
+    );
+  }
+  const { protectedHeader } = encodePath1ProtectedHeader(args.signerPubkey);
+  const coseSign1Bytes = encodeCoseSign1({
+    protectedHeader,
+    unprotectedHeader: /* @__PURE__ */ new Map(),
+    payload: null,
+    signature: args.signature
+  });
+  const chunks = chunkBytes(coseSign1Bytes);
+  const sigEntry = { cose_sign1: chunks };
+  return { coseSign1Bytes, sigEntry };
+}
+function prepareSigStructureHashed(args) {
+  if (args.signerPubkey.length !== ED25519_PUBLIC_KEY_LENGTH) {
+    throw new OffHostSignError(
+      "INVALID_PUBKEY_LENGTH",
+      `signerPubkey must be 32 bytes (Ed25519 raw public key), got ${args.signerPubkey.length}`
+    );
+  }
+  const { protectedHeaderBytes } = encodePath1ProtectedHeader(args.signerPubkey);
+  const toSign = buildToSign(args.record);
+  const toSignHashBytes = blake2b224(toSign);
+  const sigStructureBytes = buildSigStructure({
+    context: "Signature1",
+    bodyProtectedBytes: protectedHeaderBytes,
+    externalAad: EMPTY_BYTES2,
+    payload: toSignHashBytes
+  });
+  return { sigStructureBytes, protectedHeaderBytes, toSignHashBytes };
+}
+function assembleCoseSign1Hashed(args) {
+  if (args.signerPubkey.length !== ED25519_PUBLIC_KEY_LENGTH) {
+    throw new OffHostSignError(
+      "INVALID_PUBKEY_LENGTH",
+      `signerPubkey must be 32 bytes (Ed25519 raw public key), got ${args.signerPubkey.length}`
+    );
+  }
+  if (args.signature.length !== ED25519_SIGNATURE_LENGTH) {
+    throw new OffHostSignError(
+      "INVALID_SIGNATURE_LENGTH",
+      `signature must be 64 bytes (Ed25519 raw signature), got ${args.signature.length}`
+    );
+  }
+  const { protectedHeader } = encodePath1ProtectedHeader(args.signerPubkey);
+  const unprotectedHeader = /* @__PURE__ */ new Map([["hashed", true]]);
+  const coseSign1Bytes = encodeCoseSign1({
+    protectedHeader,
+    unprotectedHeader,
+    payload: null,
+    signature: args.signature
+  });
+  const chunks = chunkBytes(coseSign1Bytes);
+  const sigEntry = { cose_sign1: chunks };
+  return { coseSign1Bytes, sigEntry };
+}
+
+// src/client/http-error.ts
+var CANONICAL_PROBLEM_KEYS = /* @__PURE__ */ new Set([
+  "type",
+  "title",
+  "status",
+  "detail",
+  "code",
+  "trace_id",
+  "errors",
+  "instance"
+]);
+function extractProblemExtensions(problem) {
+  const out = {};
+  for (const [key, value] of Object.entries(problem)) {
+    if (!CANONICAL_PROBLEM_KEYS.has(key)) {
+      out[key] = value;
+    }
+  }
+  return out;
+}
+var Cip309HttpError = class extends Error {
+  problem;
+  code;
+  httpStatus;
+  title;
+  detail;
+  type;
+  traceId;
+  instance;
+  errors;
+  extensions;
+  requestId;
+  retryAfterSeconds;
+  constructor(init) {
+    super(init.problem.detail || `${init.problem.title} (HTTP ${init.problem.status})`);
+    this.name = "Cip309HttpError";
+    this.problem = init.problem;
+    this.code = init.problem.code;
+    this.httpStatus = init.problem.status;
+    this.title = init.problem.title;
+    this.detail = init.problem.detail;
+    this.type = init.problem.type;
+    this.traceId = init.problem.trace_id;
+    this.instance = init.problem.instance;
+    this.errors = init.problem.errors;
+    this.extensions = init.extensions ?? extractProblemExtensions(init.problem);
+    this.requestId = init.requestId ?? init.problem.trace_id;
+    this.retryAfterSeconds = init.retryAfterSeconds;
+  }
+};
+
+// src/client/batch-empty-error.ts
+var BatchEmptyError = class extends Cip309HttpError {
+  constructor(init) {
+    super(init);
+    this.name = "BatchEmptyError";
+  }
+};
+
+// src/client/batch-too-large-error.ts
+function readInt(value) {
+  return typeof value === "number" && Number.isFinite(value) ? value : void 0;
+}
+var BatchTooLargeError = class extends Cip309HttpError {
+  max;
+  got;
+  constructor(init) {
+    super(init);
+    this.name = "BatchTooLargeError";
+    this.max = readInt(this.extensions["max"]);
+    this.got = readInt(this.extensions["got"]);
+  }
+};
+
+// src/client/forbidden-error.ts
+var ForbiddenError = class extends Cip309HttpError {
+  constructor(init) {
+    super(init);
+    this.name = "ForbiddenError";
+  }
+};
+
+// src/client/idempotency-conflict-error.ts
+var IdempotencyConflictError = class extends Cip309HttpError {
+  constructor(init) {
+    super(init);
+    this.name = "IdempotencyConflictError";
+  }
+};
+
+// src/client/insufficient-funds-error.ts
+function readBigIntString(value) {
+  if (typeof value !== "string") return void 0;
+  if (!/^-?[0-9]+$/.test(value)) return void 0;
+  try {
+    return BigInt(value);
+  } catch {
+    return void 0;
+  }
+}
+function readString(value) {
+  return typeof value === "string" ? value : void 0;
+}
+var InsufficientFundsError = class extends Cip309HttpError {
+  balanceUsdMicros;
+  requiredUsdMicros;
+  topUpUrl;
+  constructor(init) {
+    super(init);
+    this.name = "InsufficientFundsError";
+    this.balanceUsdMicros = readBigIntString(this.extensions["balance_usd_micros"]);
+    this.requiredUsdMicros = readBigIntString(this.extensions["required_usd_micros"]);
+    this.topUpUrl = readString(this.extensions["top_up_url"]);
+  }
+};
+
+// src/client/insufficient-scope-error.ts
+function readScopeArray(value) {
+  if (!Array.isArray(value)) return [];
+  return value.filter((entry) => typeof entry === "string");
+}
+var InsufficientScopeError = class extends Cip309HttpError {
+  requiredScopes;
+  grantedScopes;
+  constructor(init) {
+    super(init);
+    this.name = "InsufficientScopeError";
+    this.requiredScopes = readScopeArray(this.extensions["required"]);
+    this.grantedScopes = readScopeArray(this.extensions["granted"]);
+  }
+  /** Convenience for the single-scope case; first entry of `requiredScopes`. */
+  get requiredScope() {
+    return this.requiredScopes[0];
+  }
+};
+
+// src/client/internal-server-error.ts
+var InternalServerError = class extends Cip309HttpError {
+  constructor(init) {
+    super(init);
+    this.name = "InternalServerError";
+  }
+};
+
+// src/client/invalid-body-error.ts
+var InvalidBodyError = class extends Cip309HttpError {
+  constructor(init) {
+    super(init);
+    this.name = "InvalidBodyError";
+  }
+};
+
+// src/client/malformed-cbor-error.ts
+var MalformedCborError = class extends Cip309HttpError {
+  constructor(init) {
+    super(init);
+    this.name = "MalformedCborError";
+  }
+};
+
+// src/client/not-found-error.ts
+var NotFoundError = class extends Cip309HttpError {
+  constructor(init) {
+    super(init);
+    this.name = "NotFoundError";
+  }
+};
+
+// src/client/quote-already-consumed-error.ts
+function readString2(value) {
+  return typeof value === "string" ? value : void 0;
+}
+var QuoteAlreadyConsumedError = class extends Cip309HttpError {
+  quoteId;
+  constructor(init) {
+    super(init);
+    this.name = "QuoteAlreadyConsumedError";
+    this.quoteId = readString2(this.extensions["quote_id"]);
+  }
+};
+
+// src/client/quote-expired-error.ts
+function readString3(value) {
+  return typeof value === "string" ? value : void 0;
+}
+var QuoteExpiredError = class extends Cip309HttpError {
+  quoteId;
+  constructor(init) {
+    super(init);
+    this.name = "QuoteExpiredError";
+    this.quoteId = readString3(this.extensions["quote_id"]);
+  }
+};
+
+// src/client/quote-not-found-error.ts
+function readString4(value) {
+  return typeof value === "string" ? value : void 0;
+}
+var QuoteNotFoundError = class extends Cip309HttpError {
+  quoteId;
+  constructor(init) {
+    super(init);
+    this.name = "QuoteNotFoundError";
+    this.quoteId = readString4(this.extensions["quote_id"]);
+  }
+};
+
+// src/client/rate-limited-error.ts
+var RateLimitedError = class extends Cip309HttpError {
+  constructor(init) {
+    super(init);
+    this.name = "RateLimitedError";
+  }
+};
+
+// src/client/record-not-found-error.ts
+var RecordNotFoundError = class extends Cip309HttpError {
+  constructor(init) {
+    super(init);
+    this.name = "RecordNotFoundError";
+  }
+};
+
+// src/client/service-unavailable-error.ts
+var ServiceUnavailableError = class extends Cip309HttpError {
+  constructor(init) {
+    super(init);
+    this.name = "ServiceUnavailableError";
+  }
+};
+
+// src/client/unauthorized-error.ts
+var UnauthorizedError = class extends Cip309HttpError {
+  constructor(init) {
+    super(init);
+    this.name = "UnauthorizedError";
+  }
+};
+
+// src/client/validation-failed-error.ts
+var ValidationFailedError = class extends Cip309HttpError {
+  constructor(init) {
+    super(init);
+    this.name = "ValidationFailedError";
+  }
+};
+
+// src/client/parse-http-error.ts
+function asString(value) {
+  return typeof value === "string" ? value : void 0;
+}
+function asNumber(value) {
+  return typeof value === "number" && Number.isFinite(value) ? value : void 0;
+}
+function asProblemErrorEntries(value) {
+  if (!Array.isArray(value)) return void 0;
+  const out = [];
+  for (const entry of value) {
+    if (entry === null || typeof entry !== "object") continue;
+    const e = entry;
+    out.push({
+      field: typeof e["field"] === "string" ? e["field"] : "",
+      code: typeof e["code"] === "string" ? e["code"] : "",
+      detail: typeof e["detail"] === "string" ? e["detail"] : ""
+    });
+  }
+  return out;
+}
+function synthesiseProblem(httpStatus, requestId) {
+  const code = `http-${httpStatus}`;
+  return {
+    type: `about:blank`,
+    title: `HTTP ${httpStatus}`,
+    status: httpStatus,
+    detail: `Server returned HTTP ${httpStatus} without a problem+json body.`,
+    code,
+    trace_id: requestId ?? ""
+  };
+}
+function toProblemDetails(httpStatus, body, requestId) {
+  if (body === null || typeof body !== "object") {
+    return synthesiseProblem(httpStatus, requestId);
+  }
+  const b = body;
+  const code = asString(b["code"]);
+  const status = asNumber(b["status"]) ?? httpStatus;
+  const title = asString(b["title"]);
+  if (code === void 0 && title === void 0) {
+    return synthesiseProblem(httpStatus, requestId);
+  }
+  const errors = asProblemErrorEntries(b["errors"]);
+  const base = {
+    ...b,
+    // RFC 7807 §4.2: `about:blank` is the default when no type URI is supplied.
+    // The client is gateway-agnostic, so it must not invent a vendor-specific
+    // problem-type namespace; the machine-readable discriminator is `code`.
+    type: asString(b["type"]) ?? "about:blank",
+    title: title ?? `HTTP ${status}`,
+    status,
+    detail: asString(b["detail"]) ?? "",
+    code: code ?? `http-${status}`,
+    trace_id: asString(b["trace_id"]) ?? requestId ?? ""
+  };
+  if (errors !== void 0) base["errors"] = errors;
+  return base;
+}
+function parseHttpError(args) {
+  const problem = toProblemDetails(args.httpStatus, args.body, args.requestId);
+  const extensions = extractProblemExtensions(problem);
+  const init = {
+    problem,
+    extensions,
+    requestId: args.requestId,
+    retryAfterSeconds: args.retryAfterSeconds
+  };
+  switch (problem.code) {
+    case "unauthorized":
+      return new UnauthorizedError(init);
+    case "forbidden":
+    case "csrf-invalid":
+      return new ForbiddenError(init);
+    case "insufficient-scope":
+      return new InsufficientScopeError(init);
+    case "insufficient-funds":
+      return new InsufficientFundsError(init);
+    case "quote-expired":
+      return new QuoteExpiredError(init);
+    case "quote-not-found":
+      return new QuoteNotFoundError(init);
+    case "quote-already-consumed":
+      return new QuoteAlreadyConsumedError(init);
+    case "not-found":
+      return new NotFoundError(init);
+    case "record-not-found":
+      return new RecordNotFoundError(init);
+    case "idempotency-key-conflict":
+      return new IdempotencyConflictError(init);
+    case "rate-limited":
+      return new RateLimitedError(init);
+    case "validation-failed":
+      return new ValidationFailedError(init);
+    case "invalid-body":
+      return new InvalidBodyError(init);
+    case "malformed-cbor":
+      return new MalformedCborError(init);
+    case "batch-too-large":
+      return new BatchTooLargeError(init);
+    case "batch-empty":
+      return new BatchEmptyError(init);
+    case "internal-error":
+      return new InternalServerError(init);
+    // A gateway that prices on a live FX oracle may surface a transient
+    // `fx-stale` pricing outage; to a vendor-neutral client that is just a
+    // temporary inability to serve, i.e. a service-unavailable condition.
+    case "service-unavailable":
+    case "fx-stale":
+      return new ServiceUnavailableError(init);
+    default:
+      return new Cip309HttpError(init);
+  }
+}
+
+// src/client/http-helpers.ts
+async function readJson(response) {
+  const text = await response.text();
+  if (text.length === 0) return null;
+  try {
+    return JSON.parse(text);
+  } catch {
+    return null;
+  }
+}
+function parseRetryAfter(header) {
+  if (header === null) return void 0;
+  const parsed = Number(header);
+  return Number.isFinite(parsed) ? parsed : void 0;
+}
+async function throwIfNotOk(response) {
+  if (response.ok) return;
+  const body = await readJson(response);
+  const requestId = response.headers.get("x-request-id") ?? void 0;
+  const retryAfterSeconds = parseRetryAfter(response.headers.get("retry-after"));
+  throw parseHttpError({ httpStatus: response.status, body, requestId, retryAfterSeconds });
+}
+
+// src/client/account.ts
+function buildHeaders(apiKey) {
+  const headers = new Headers({
+    "content-type": "application/json",
+    accept: "application/json"
+  });
+  if (apiKey !== void 0) headers.set("authorization", `Bearer ${apiKey}`);
+  return headers;
+}
+var AccountNamespace = class {
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * Fetch the caller's current prepaid USD balance.
+   *
+   * Returns `{ balanceUsdMicros }`, the gateway's `balance_usd_micros` field
+   * (USD micro-cents as a decimal string). The string is preserved verbatim —
+   * never parsed into a number — so no precision is lost. An account with no
+   * ledger activity yet reads `"0"`.
+   *
+   * Requires authentication: 401 (UnauthorizedError) when anonymous, 403
+   * (InsufficientScopeError) when the Bearer key lacks the `account:read`
+   * scope.
+   */
+  async balance() {
+    const response = await this.config.fetch(`${this.config.baseUrl}/api/v1/account/balance`, {
+      method: "GET",
+      headers: buildHeaders(this.config.apiKey)
+    });
+    await throwIfNotOk(response);
+    const body = await readJson(response);
+    return { balanceUsdMicros: body.balance_usd_micros };
+  }
+};
+
+// src/client/invalid-client-config-error.ts
+var InvalidClientConfigError = class extends Error {
+  code = "INVALID_CLIENT_CONFIG";
+  constructor(message) {
+    super(message);
+    this.name = "InvalidClientConfigError";
+  }
+};
+
+// src/hex.ts
+function bytesToHex(bytes) {
+  return Array.from(bytes, (b) => b.toString(16).padStart(2, "0")).join("");
+}
+function encodeCanonicalCbor3(value) {
+  return encode(value, {
+    cde: true,
+    collapseBigInts: true,
+    rejectDuplicateKeys: true,
+    sortKeys: sortCoreDeterministic
+  });
+}
+var LEAVES_LIST_FORMAT_V1 = "cardano-poe-merkle-leaves-v1";
+var TREE_ALG_RFC9162 = "rfc9162-sha256";
+var DIGEST_LENGTH2 = 32;
+var MerkleLeavesListError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message ? `${code}: ${message}` : code);
+    this.code = code;
+    this.name = "MerkleLeavesListError";
+  }
+};
+function encodeLeavesList(args) {
+  if (!(args.root instanceof Uint8Array) || args.root.length !== DIGEST_LENGTH2) {
+    throw new MerkleLeavesListError(
+      "SCHEMA_MERKLE_LEAVES_MALFORMED",
+      `root must be a Uint8Array(${DIGEST_LENGTH2})`
+    );
+  }
+  if (args.leaves.length < 1) {
+    throw new MerkleLeavesListError(
+      "SCHEMA_MERKLE_LEAVES_MALFORMED",
+      "leaves array must be non-empty"
+    );
+  }
+  const leavesCopy = [];
+  for (let i = 0; i < args.leaves.length; i++) {
+    const leaf = args.leaves[i];
+    if (!(leaf instanceof Uint8Array) || leaf.length !== DIGEST_LENGTH2) {
+      throw new MerkleLeavesListError(
+        "SCHEMA_MERKLE_LEAVES_MALFORMED",
+        `leaves[${i}] must be a Uint8Array(${DIGEST_LENGTH2})`
+      );
+    }
+    leavesCopy.push(leaf);
+  }
+  if (args.leafAlg !== void 0 && typeof args.leafAlg !== "string") {
+    throw new MerkleLeavesListError(
+      "SCHEMA_MERKLE_LEAVES_MALFORMED",
+      "leaf_alg must be a string when present"
+    );
+  }
+  const map = {
+    format: LEAVES_LIST_FORMAT_V1,
+    tree_alg: TREE_ALG_RFC9162,
+    root: args.root,
+    leaves: leavesCopy,
+    leaf_count: leavesCopy.length
+  };
+  if (args.leafAlg !== void 0) {
+    map["leaf_alg"] = args.leafAlg;
+  }
+  return encodeCanonicalCbor3(map);
+}
+var abytesDoc = abytes;
+var randomBytes = randomBytes$2;
+function equalBytes(a, b) {
+  if (a.length !== b.length)
+    return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++)
+    diff |= a[i] ^ b[i];
+  return diff === 0;
+}
+function copyBytes(bytes) {
+  return Uint8Array.from(abytes(bytes));
+}
+function splitCoder(label, ...lengths) {
+  const getLength = (c) => typeof c === "number" ? c : c.bytesLen;
+  const bytesLen = lengths.reduce((sum, a) => sum + getLength(a), 0);
+  return {
+    bytesLen,
+    encode: (bufs) => {
+      const res = new Uint8Array(bytesLen);
+      for (let i = 0, pos = 0; i < lengths.length; i++) {
+        const c = lengths[i];
+        const l = getLength(c);
+        const b = typeof c === "number" ? bufs[i] : c.encode(bufs[i]);
+        abytes(b, l, label);
+        res.set(b, pos);
+        if (typeof c !== "number")
+          b.fill(0);
+        pos += l;
+      }
+      return res;
+    },
+    decode: (buf) => {
+      abytes(buf, bytesLen, label);
+      const res = [];
+      for (const c of lengths) {
+        const l = getLength(c);
+        const b = buf.subarray(0, l);
+        res.push(typeof c === "number" ? b : c.decode(b));
+        buf = buf.subarray(l);
+      }
+      return res;
+    }
+  };
+}
+function vecCoder(c, vecLen) {
+  const coder = c;
+  const bytesLen = vecLen * coder.bytesLen;
+  return {
+    bytesLen,
+    encode: (u) => {
+      if (u.length !== vecLen)
+        throw new RangeError(`vecCoder.encode: wrong length=${u.length}. Expected: ${vecLen}`);
+      const res = new Uint8Array(bytesLen);
+      for (let i = 0, pos = 0; i < u.length; i++) {
+        const b = coder.encode(u[i]);
+        res.set(b, pos);
+        b.fill(0);
+        pos += b.length;
+      }
+      return res;
+    },
+    decode: (a) => {
+      abytes(a, bytesLen);
+      const r = [];
+      for (let i = 0; i < a.length; i += coder.bytesLen)
+        r.push(coder.decode(a.subarray(i, i + coder.bytesLen)));
+      return r;
+    }
+  };
+}
+function cleanBytes(...list) {
+  for (const t of list) {
+    if (Array.isArray(t))
+      for (const b of t)
+        b.fill(0);
+    else
+      t.fill(0);
+  }
+}
+function getMask(bits) {
+  if (!Number.isSafeInteger(bits) || bits < 0 || bits > 32)
+    throw new RangeError(`expected bits in [0..32], got ${bits}`);
+  return bits === 32 ? 4294967295 : ~(-1 << bits) >>> 0;
+}
+
+// ../../node_modules/.pnpm/@noble+post-quantum@0.6.1/node_modules/@noble/post-quantum/_crystals.js
+var genCrystals = (opts2) => {
+  const { newPoly, N: N2, Q: Q2, F: F2, ROOT_OF_UNITY: ROOT_OF_UNITY2, brvBits} = opts2;
+  const mod = (a, modulo = Q2) => {
+    const result = a % modulo | 0;
+    return (result >= 0 ? result | 0 : modulo + result | 0) | 0;
+  };
+  const smod = (a, modulo = Q2) => {
+    const r = mod(a, modulo) | 0;
+    return (r > modulo >> 1 ? r - modulo | 0 : r) | 0;
+  };
+  function getZettas() {
+    const out = newPoly(N2);
+    for (let i = 0; i < N2; i++) {
+      const b = reverseBits(i, brvBits);
+      const p = BigInt(ROOT_OF_UNITY2) ** BigInt(b) % BigInt(Q2);
+      out[i] = Number(p) | 0;
+    }
+    return out;
+  }
+  const nttZetas = getZettas();
+  const field = {
+    add: (a, b) => mod((a | 0) + (b | 0)) | 0,
+    sub: (a, b) => mod((a | 0) - (b | 0)) | 0,
+    mul: (a, b) => mod((a | 0) * (b | 0)) | 0,
+    inv: (_a) => {
+      throw new Error("not implemented");
+    }
+  };
+  const nttOpts = {
+    N: N2,
+    roots: nttZetas,
+    invertButterflies: true,
+    skipStages: 1 ,
+    brp: false
+  };
+  const dif = FFTCore(field, { dit: false, ...nttOpts });
+  const dit = FFTCore(field, { dit: true, ...nttOpts });
+  const NTT = {
+    encode: (r) => {
+      return dif(r);
+    },
+    decode: (r) => {
+      dit(r);
+      for (let i = 0; i < r.length; i++)
+        r[i] = mod(F2 * r[i]);
+      return r;
+    }
+  };
+  const bitsCoder = (d, c) => {
+    const mask = getMask(d);
+    const bytesLen = d * (N2 / 8);
+    return {
+      bytesLen,
+      encode: (poly_) => {
+        const poly = poly_;
+        const r = new Uint8Array(bytesLen);
+        for (let i = 0, buf = 0, bufLen = 0, pos = 0; i < poly.length; i++) {
+          buf |= (c.encode(poly[i]) & mask) << bufLen;
+          bufLen += d;
+          for (; bufLen >= 8; bufLen -= 8, buf >>= 8)
+            r[pos++] = buf & getMask(bufLen);
+        }
+        return r;
+      },
+      decode: (bytes) => {
+        const r = newPoly(N2);
+        for (let i = 0, buf = 0, bufLen = 0, pos = 0; i < bytes.length; i++) {
+          buf |= bytes[i] << bufLen;
+          bufLen += 8;
+          for (; bufLen >= d; bufLen -= d, buf >>= d)
+            r[pos++] = c.decode(buf & mask);
+        }
+        return r;
+      }
+    };
+  };
+  return {
+    mod,
+    smod,
+    nttZetas,
+    NTT: {
+      encode: (r) => NTT.encode(r),
+      decode: (r) => NTT.decode(r)
+    },
+    bitsCoder
+  };
+};
+var createXofShake = (shake) => (seed, blockLen) => {
+  if (!blockLen)
+    blockLen = shake.blockLen;
+  const _seed = new Uint8Array(seed.length + 2);
+  _seed.set(seed);
+  const seedLen = seed.length;
+  const buf = new Uint8Array(blockLen);
+  let h = shake.create({});
+  let calls = 0;
+  let xofs = 0;
+  return {
+    stats: () => ({ calls, xofs }),
+    get: (x, y) => {
+      _seed[seedLen + 0] = x;
+      _seed[seedLen + 1] = y;
+      h.destroy();
+      h = shake.create({}).update(_seed);
+      calls++;
+      return () => {
+        xofs++;
+        return h.xofInto(buf);
+      };
+    },
+    clean: () => {
+      h.destroy();
+      cleanBytes(buf, _seed);
+    }
+  };
+};
+var XOF128 = /* @__PURE__ */ createXofShake(shake128);
+
+// ../../node_modules/.pnpm/@noble+post-quantum@0.6.1/node_modules/@noble/post-quantum/ml-kem.js
+var N = 256;
+var Q = 3329;
+var F = 3303;
+var ROOT_OF_UNITY = 17;
+var crystals = /* @__PURE__ */ genCrystals({
+  N,
+  Q,
+  F,
+  ROOT_OF_UNITY,
+  newPoly: (n) => new Uint16Array(n),
+  brvBits: 7});
+var PARAMS = /* @__PURE__ */ (() => Object.freeze({
+  512: Object.freeze({ N, Q, K: 2, ETA1: 3, ETA2: 2, du: 10, dv: 4, RBGstrength: 128 }),
+  768: Object.freeze({ N, Q, K: 3, ETA1: 2, ETA2: 2, du: 10, dv: 4, RBGstrength: 192 }),
+  1024: Object.freeze({ N, Q, K: 4, ETA1: 2, ETA2: 2, du: 11, dv: 5, RBGstrength: 256 })
+}))();
+var compress = (d) => {
+  if (d >= 12)
+    return { encode: (i) => i, decode: (i) => i >= Q ? i - Q : i };
+  const a = 2 ** (d - 1);
+  return {
+    // This only matches standalone Compress_d after bitsCoder masks the result into Z_(2^d).
+    encode: (i) => ((i << d) + Q / 2) / Q,
+    // const decompress = (i: number) => round((Q / 2 ** d) * i);
+    decode: (i) => i * Q + a >>> d
+  };
+};
+var byteCoder = (d) => crystals.bitsCoder(d, { encode: (i) => i, decode: (i) => i >= Q ? i - Q : i } );
+var polyCoder = (d) => d === 12 ? byteCoder(12) : crystals.bitsCoder(d, compress(d));
+function polyAdd(a_, b_) {
+  const a = a_;
+  const b = b_;
+  for (let i = 0; i < N; i++)
+    a[i] = crystals.mod(a[i] + b[i]);
+}
+function polySub(a_, b_) {
+  const a = a_;
+  const b = b_;
+  for (let i = 0; i < N; i++)
+    a[i] = crystals.mod(a[i] - b[i]);
+}
+function BaseCaseMultiply(a0, a1, b0, b1, zeta) {
+  const c0 = crystals.mod(a1 * b1 * zeta + a0 * b0);
+  const c1 = crystals.mod(a0 * b1 + a1 * b0);
+  return { c0, c1 };
+}
+function MultiplyNTTs(f_, g_) {
+  const f = f_;
+  const g = g_;
+  for (let i = 0; i < N / 2; i++) {
+    let z3 = crystals.nttZetas[64 + (i >> 1)];
+    if (i & 1)
+      z3 = -z3;
+    const { c0, c1 } = BaseCaseMultiply(f[2 * i + 0], f[2 * i + 1], g[2 * i + 0], g[2 * i + 1], z3);
+    f[2 * i + 0] = c0;
+    f[2 * i + 1] = c1;
+  }
+  return f;
+}
+function SampleNTT(xof_) {
+  const xof = xof_;
+  const r = new Uint16Array(N);
+  for (let j = 0; j < N; ) {
+    const b = xof();
+    if (b.length % 3)
+      throw new Error("SampleNTT: unaligned block");
+    for (let i = 0; j < N && i + 3 <= b.length; i += 3) {
+      const d1 = (b[i + 0] >> 0 | b[i + 1] << 8) & 4095;
+      const d2 = (b[i + 1] >> 4 | b[i + 2] << 4) & 4095;
+      if (d1 < Q)
+        r[j++] = d1;
+      if (j < N && d2 < Q)
+        r[j++] = d2;
+    }
+  }
+  return r;
+}
+var sampleCBDBytes = (buf, eta) => {
+  const r = new Uint16Array(N);
+  const b32 = u32(buf);
+  swap32IfBE(b32);
+  let len = 0;
+  for (let i = 0, p = 0, bb = 0, t0 = 0; i < b32.length; i++) {
+    let b = b32[i];
+    for (let j = 0; j < 32; j++) {
+      bb += b & 1;
+      b >>= 1;
+      len += 1;
+      if (len === eta) {
+        t0 = bb;
+        bb = 0;
+      } else if (len === 2 * eta) {
+        r[p++] = crystals.mod(t0 - bb);
+        bb = 0;
+        len = 0;
+      }
+    }
+  }
+  swap32IfBE(b32);
+  if (len)
+    throw new Error(`sampleCBD: leftover bits: ${len}`);
+  return r;
+};
+function sampleCBD(PRF_, seed, nonce, eta) {
+  const PRF = PRF_;
+  return sampleCBDBytes(PRF(eta * N / 4, seed, nonce), eta);
+}
+var genKPKE = (opts_) => {
+  const opts2 = opts_;
+  const { K, PRF, XOF, HASH512, ETA1, ETA2, du, dv } = opts2;
+  const poly1 = polyCoder(1);
+  const polyV = polyCoder(dv);
+  const polyU = polyCoder(du);
+  const publicCoder = splitCoder("publicKey", vecCoder(polyCoder(12), K), 32);
+  const secretCoder = vecCoder(polyCoder(12), K);
+  const cipherCoder = splitCoder("ciphertext", vecCoder(polyU, K), polyV);
+  const seedCoder = splitCoder("seed", 32, 32);
+  return {
+    secretCoder,
+    lengths: {
+      secretKey: secretCoder.bytesLen,
+      publicKey: publicCoder.bytesLen,
+      cipherText: cipherCoder.bytesLen
+    },
+    keygen: (seed) => {
+      abytesDoc(seed, 32, "seed");
+      const seedDst = new Uint8Array(33);
+      seedDst.set(seed);
+      seedDst[32] = K;
+      const seedHash = HASH512(seedDst);
+      const [rho, sigma] = seedCoder.decode(seedHash);
+      const sHat = [];
+      const tHat = [];
+      for (let i = 0; i < K; i++)
+        sHat.push(crystals.NTT.encode(sampleCBD(PRF, sigma, i, ETA1)));
+      const x = XOF(rho);
+      for (let i = 0; i < K; i++) {
+        const e = crystals.NTT.encode(sampleCBD(PRF, sigma, K + i, ETA1));
+        for (let j = 0; j < K; j++) {
+          const aji = SampleNTT(x.get(j, i));
+          polyAdd(e, MultiplyNTTs(aji, sHat[j]));
+        }
+        tHat.push(e);
+      }
+      x.clean();
+      const res = {
+        publicKey: publicCoder.encode([tHat, rho]),
+        secretKey: secretCoder.encode(sHat)
+      };
+      cleanBytes(rho, sigma, sHat, tHat, seedDst, seedHash);
+      return res;
+    },
+    encrypt: (publicKey, msg, seed) => {
+      const [tHat, rho] = publicCoder.decode(publicKey);
+      const rHat = [];
+      for (let i = 0; i < K; i++)
+        rHat.push(crystals.NTT.encode(sampleCBD(PRF, seed, i, ETA1)));
+      const x = XOF(rho);
+      const tmp2 = new Uint16Array(N);
+      const u = [];
+      for (let i = 0; i < K; i++) {
+        const e1 = sampleCBD(PRF, seed, K + i, ETA2);
+        const tmp = new Uint16Array(N);
+        for (let j = 0; j < K; j++) {
+          const aij = SampleNTT(x.get(i, j));
+          polyAdd(tmp, MultiplyNTTs(aij, rHat[j]));
+        }
+        polyAdd(e1, crystals.NTT.decode(tmp));
+        u.push(e1);
+        polyAdd(tmp2, MultiplyNTTs(tHat[i], rHat[i]));
+        cleanBytes(tmp);
+      }
+      x.clean();
+      const e2 = sampleCBD(PRF, seed, 2 * K, ETA2);
+      polyAdd(e2, crystals.NTT.decode(tmp2));
+      const v = poly1.decode(msg);
+      polyAdd(v, e2);
+      cleanBytes(tHat, rHat, tmp2, e2);
+      return cipherCoder.encode([u, v]);
+    },
+    decrypt: (cipherText, privateKey) => {
+      const [u, v] = cipherCoder.decode(cipherText);
+      const sk = secretCoder.decode(privateKey);
+      const tmp = new Uint16Array(N);
+      for (let i = 0; i < K; i++)
+        polyAdd(tmp, MultiplyNTTs(sk[i], crystals.NTT.encode(u[i])));
+      polySub(v, crystals.NTT.decode(tmp));
+      cleanBytes(tmp, sk, u);
+      return poly1.encode(v);
+    }
+  };
+};
+function createKyber(opts2) {
+  const rawOpts = opts2;
+  const KPKE = genKPKE(rawOpts);
+  const { HASH256, HASH512, KDF } = rawOpts;
+  const { secretCoder: KPKESecretCoder, lengths } = KPKE;
+  const secretCoder = splitCoder("secretKey", lengths.secretKey, lengths.publicKey, 32, 32);
+  const msgLen = 32;
+  const seedLen = 64;
+  const kemLengths = Object.freeze({
+    ...lengths,
+    seed: 64,
+    msg: msgLen,
+    msgRand: msgLen,
+    secretKey: secretCoder.bytesLen
+  });
+  return Object.freeze({
+    info: Object.freeze({ type: "ml-kem" }),
+    lengths: kemLengths,
+    keygen: (seed = randomBytes(seedLen)) => {
+      abytesDoc(seed, seedLen, "seed");
+      const { publicKey, secretKey: sk } = KPKE.keygen(seed.subarray(0, 32));
+      const publicKeyHash = HASH256(publicKey);
+      const secretKey = secretCoder.encode([sk, publicKey, publicKeyHash, seed.subarray(32)]);
+      cleanBytes(sk, publicKeyHash);
+      return {
+        publicKey,
+        secretKey
+      };
+    },
+    getPublicKey: (secretKey) => {
+      const [_sk, publicKey, _publicKeyHash, _z] = secretCoder.decode(secretKey);
+      return Uint8Array.from(publicKey);
+    },
+    encapsulate: (publicKey, msg = randomBytes(msgLen)) => {
+      abytesDoc(publicKey, lengths.publicKey, "publicKey");
+      abytesDoc(msg, msgLen, "message");
+      const eke = publicKey.subarray(0, 384 * opts2.K);
+      const ek = KPKESecretCoder.encode(KPKESecretCoder.decode(copyBytes(eke)));
+      if (!equalBytes(ek, eke)) {
+        cleanBytes(ek);
+        throw new Error("ML-KEM.encapsulate: wrong publicKey modulus");
+      }
+      cleanBytes(ek);
+      const kr = HASH512.create().update(msg).update(HASH256(publicKey)).digest();
+      const cipherText = KPKE.encrypt(publicKey, msg, kr.subarray(32, 64));
+      cleanBytes(kr.subarray(32));
+      return {
+        cipherText,
+        sharedSecret: kr.subarray(0, 32)
+      };
+    },
+    decapsulate: (cipherText, secretKey) => {
+      abytesDoc(secretKey, secretCoder.bytesLen, "secretKey");
+      abytesDoc(cipherText, lengths.cipherText, "cipherText");
+      const k768 = secretCoder.bytesLen - 96;
+      const start = k768 + 32;
+      const test = HASH256(secretKey.subarray(k768 / 2, start));
+      if (!equalBytes(test, secretKey.subarray(start, start + 32)))
+        throw new Error("invalid secretKey: hash check failed");
+      const [sk, publicKey, publicKeyHash, z3] = secretCoder.decode(secretKey);
+      const msg = KPKE.decrypt(cipherText, sk);
+      const kr = HASH512.create().update(msg).update(publicKeyHash).digest();
+      const Khat = kr.subarray(0, 32);
+      const cipherText2 = KPKE.encrypt(publicKey, msg, kr.subarray(32, 64));
+      const isValid = equalBytes(cipherText, cipherText2);
+      const Kbar = KDF.create({ dkLen: 32 }).update(z3).update(cipherText).digest();
+      cleanBytes(msg, cipherText2, !isValid ? Khat : Kbar);
+      return isValid ? Khat : Kbar;
+    }
+  });
+}
+function shakePRF(dkLen, key, nonce) {
+  return shake256.create({ dkLen }).update(key).update(new Uint8Array([nonce])).digest();
+}
+var opts = /* @__PURE__ */ (() => ({
+  HASH256: sha3_256,
+  HASH512: sha3_512,
+  KDF: shake256,
+  XOF: XOF128,
+  PRF: shakePRF
+}))();
+var mk = (params) => createKyber({
+  ...opts,
+  ...params
+});
+var ml_kem768 = /* @__PURE__ */ (() => mk(PARAMS[768]))();
+
+// ../../node_modules/.pnpm/@noble+post-quantum@0.6.1/node_modules/@noble/post-quantum/hybrid.js
+function ecKeygen(curve, allowZeroKey = false) {
+  const lengths = curve.lengths;
+  let keygen = curve.keygen;
+  if (allowZeroKey) {
+    if (!("getSharedSecret" in curve && "sign" in curve && "verify" in curve))
+      throw new Error("allowZeroKey requires a Weierstrass curve");
+    const wCurve = curve;
+    const Fn = wCurve.Point.Fn;
+    keygen = (seed = randomBytes(lengths.seed)) => {
+      abytes(seed, lengths.seed, "seed");
+      const seedScalar = Fn.isLE ? bytesToNumberLE(seed) : bytesToNumberBE(seed);
+      const secretKey = Fn.toBytes(Fn.create(seedScalar));
+      return {
+        secretKey,
+        publicKey: curve.getPublicKey(secretKey)
+      };
+    };
+  }
+  return {
+    lengths: { secretKey: lengths.secretKey, publicKey: lengths.publicKey, seed: lengths.seed },
+    keygen: (seed) => keygen(seed),
+    getPublicKey: (secretKey) => curve.getPublicKey(secretKey)
+  };
+}
+function ecdhKem(curve, allowZeroKey = false) {
+  const kg = ecKeygen(curve, allowZeroKey);
+  if (!curve.getSharedSecret)
+    throw new Error("wrong curve");
+  return {
+    lengths: { ...kg.lengths, msg: kg.lengths.seed, cipherText: kg.lengths.publicKey },
+    keygen: kg.keygen,
+    getPublicKey: kg.getPublicKey,
+    encapsulate(publicKey, rand = randomBytes(curve.lengths.seed)) {
+      const seed = copyBytes(rand);
+      let ek = void 0;
+      try {
+        ek = this.keygen(seed).secretKey;
+        const sharedSecret = this.decapsulate(publicKey, ek);
+        const cipherText = curve.getPublicKey(ek);
+        return { sharedSecret, cipherText };
+      } finally {
+        cleanBytes(seed);
+        if (ek)
+          cleanBytes(ek);
+      }
+    },
+    decapsulate(cipherText, secretKey) {
+      const res = curve.getSharedSecret(secretKey, cipherText);
+      return curve.lengths.publicKeyHasPrefix ? res.subarray(1) : res;
+    }
+  };
+}
+function splitLengths(lst, name) {
+  return splitCoder(name, ...lst.map((i) => {
+    if (typeof i.lengths[name] !== "number")
+      throw new Error("wrong length: " + name);
+    return i.lengths[name];
+  }));
+}
+function expandSeedXof(xof) {
+  return ((seed, seedLen) => xof(seed, { dkLen: seedLen }));
+}
+function combineKeys(realSeedLen, expandSeed_, ...ck_) {
+  const expandSeed = expandSeed_;
+  const ck = ck_;
+  const seedCoder = splitLengths(ck, "seed");
+  const pkCoder = splitLengths(ck, "publicKey");
+  anumber(realSeedLen);
+  function expandDecapsulationKey(seed) {
+    abytes(seed, realSeedLen);
+    const expandedRaw = expandSeed(seed, seedCoder.bytesLen);
+    const expandedSeed = expandedRaw.buffer === seed.buffer ? copyBytes(expandedRaw) : expandedRaw;
+    const expanded = [];
+    const keySecret = [];
+    const secretKey = [];
+    const publicKey = [];
+    let ok = false;
+    try {
+      for (const part of seedCoder.decode(expandedSeed))
+        expanded.push(copyBytes(part));
+      for (let i = 0; i < ck.length; i++) {
+        const keys = ck[i].keygen(expanded[i]);
+        keySecret.push(keys.secretKey);
+        secretKey.push(copyBytes(keys.secretKey));
+        publicKey.push(keys.publicKey);
+      }
+      ok = true;
+      return { secretKey, publicKey };
+    } finally {
+      cleanBytes(expandedSeed, expanded, keySecret);
+      if (!ok)
+        cleanBytes(secretKey);
+    }
+  }
+  return {
+    info: { lengths: { seed: realSeedLen, publicKey: pkCoder.bytesLen, secretKey: realSeedLen } },
+    getPublicKey(secretKey) {
+      return this.keygen(secretKey).publicKey;
+    },
+    keygen(seed = randomBytes(realSeedLen)) {
+      const { publicKey: pk, secretKey } = expandDecapsulationKey(seed);
+      try {
+        const publicKey = pkCoder.encode(pk);
+        return { secretKey: seed, publicKey };
+      } finally {
+        cleanBytes(pk);
+        cleanBytes(secretKey);
+      }
+    },
+    expandDecapsulationKey,
+    realSeedLen
+  };
+}
+function combineKEMS(realSeedLen, realMsgLen, expandSeed, combiner, ...kems) {
+  const rawCombiner = combiner;
+  const rawKems = kems;
+  const keys = combineKeys(realSeedLen, expandSeed, ...rawKems);
+  const ctCoder = splitLengths(rawKems, "cipherText");
+  const pkCoder = splitLengths(rawKems, "publicKey");
+  const msgCoder = splitLengths(rawKems, "msg");
+  anumber(realMsgLen);
+  const lengths = Object.freeze({
+    ...keys.info.lengths,
+    msg: realMsgLen,
+    msgRand: msgCoder.bytesLen,
+    cipherText: ctCoder.bytesLen
+  });
+  return Object.freeze({
+    lengths,
+    getPublicKey: keys.getPublicKey,
+    keygen: keys.keygen,
+    encapsulate(pk, randomness = randomBytes(msgCoder.bytesLen)) {
+      const pks = pkCoder.decode(pk);
+      const rand = msgCoder.decode(randomness);
+      const sharedSecret = [];
+      const cipherText = [];
+      try {
+        for (let i = 0; i < rawKems.length; i++) {
+          const enc = rawKems[i].encapsulate(pks[i], rand[i]);
+          sharedSecret.push(enc.sharedSecret);
+          cipherText.push(enc.cipherText);
+        }
+        return {
+          // Detach the combiner result before cleanup: a caller-provided combiner may alias one of
+          // the child sharedSecret buffers, and those child buffers are zeroized immediately below.
+          sharedSecret: copyBytes(rawCombiner(pks, cipherText, sharedSecret)),
+          cipherText: ctCoder.encode(cipherText)
+        };
+      } finally {
+        cleanBytes(sharedSecret, cipherText);
+      }
+    },
+    decapsulate(ct, seed) {
+      const cts = ctCoder.decode(ct);
+      const { publicKey, secretKey } = keys.expandDecapsulationKey(seed);
+      const sharedSecret = rawKems.map((i, j) => i.decapsulate(cts[j], secretKey[j]));
+      try {
+        return copyBytes(rawCombiner(publicKey, cts, sharedSecret));
+      } finally {
+        cleanBytes(secretKey, sharedSecret);
+      }
+    }
+  });
+}
+var x25519kem = /* @__PURE__ */ ecdhKem(x25519);
+var ml_kem768_x25519 = /* @__PURE__ */ (() => combineKEMS(
+  32,
+  32,
+  expandSeedXof(shake256),
+  // Awesome label, so much escaping hell in a single line.
+  (pk, ct, ss) => sha3_256(concatBytes(ss[0], ss[1], ct[1], pk[1], asciiToBytes("\\.//^\\"))),
+  ml_kem768,
+  x25519kem
+))();
+var XWing = /* @__PURE__ */ (() => ml_kem768_x25519)();
+function chacha20Poly1305Encrypt(opts2) {
+  return chacha20poly1305(opts2.key, opts2.nonce, opts2.aad).encrypt(opts2.plaintext);
+}
+function xchacha20Poly1305Encrypt(opts2) {
+  return xchacha20poly1305(opts2.key, opts2.nonce, opts2.aad).encrypt(opts2.plaintext);
+}
+function hkdfSha256(opts2) {
+  return hkdf(sha256$1, opts2.ikm, opts2.salt, opts2.info, opts2.length);
+}
+var MLKEM768X25519_PUBLIC_KEY_LENGTH = 1216;
+var MLKEM768X25519_ENC_LENGTH = 1120;
+var MLKEM768X25519_ESEED_LENGTH = 64;
+function mlkem768x25519Encapsulate(opts2) {
+  if (opts2.publicKey.length !== MLKEM768X25519_PUBLIC_KEY_LENGTH) {
+    throw new Error(
+      `mlkem768x25519 public key must be ${MLKEM768X25519_PUBLIC_KEY_LENGTH} bytes, got ${opts2.publicKey.length}`
+    );
+  }
+  if (opts2.eseed !== void 0 && opts2.eseed.length !== MLKEM768X25519_ESEED_LENGTH) {
+    throw new Error(
+      `mlkem768x25519 eseed must be ${MLKEM768X25519_ESEED_LENGTH} bytes, got ${opts2.eseed.length}`
+    );
+  }
+  const { cipherText, sharedSecret } = XWing.encapsulate(opts2.publicKey, opts2.eseed);
+  return { enc: cipherText, ss: sharedSecret };
+}
+var X25519LowOrderPointError = class extends Error {
+  code = "X25519_LOW_ORDER_POINT";
+  constructor(options) {
+    super("x25519 ECDH rejected: peer public key is a small-order point", options);
+    this.name = "X25519LowOrderPointError";
+  }
+};
+var NOBLE_LOW_ORDER_MESSAGE = "invalid private or public key received";
+function x25519PublicKey(opts2) {
+  return x25519.getPublicKey(opts2.secretKey);
+}
+function x25519Ecdh(opts2) {
+  try {
+    return x25519.getSharedSecret(opts2.secretKey, opts2.theirPublicKey);
+  } catch (e) {
+    if (e instanceof Error && e.message === NOBLE_LOW_ORDER_MESSAGE) {
+      throw new X25519LowOrderPointError({ cause: e });
+    }
+    throw e;
+  }
+}
+var EciesSealedPoeError = class extends Error {
+  code;
+  constructor(code, message, options) {
+    super(message, options);
+    this.name = "EciesSealedPoeError";
+    this.code = code;
+  }
+};
+function encodeCanonicalCbor4(value) {
+  return encode(value, {
+    cde: true,
+    collapseBigInts: true,
+    rejectDuplicateKeys: true,
+    sortKeys: sortCoreDeterministic
+  });
+}
+var CHUNK_MAX_BYTES2 = 64;
+function chunkKemCt(value) {
+  if (value.length === 0) {
+    throw new Error("chunkKemCt: refusing to chunk an empty byte string");
+  }
+  const chunks = [];
+  for (let i = 0; i < value.length; i += CHUNK_MAX_BYTES2) {
+    chunks.push(value.subarray(i, Math.min(i + CHUNK_MAX_BYTES2, value.length)));
+  }
+  return chunks;
+}
+function joinKemCt(chunks) {
+  let total = 0;
+  for (const c of chunks) total += c.length;
+  const out = new Uint8Array(total);
+  let offset = 0;
+  for (const c of chunks) {
+    out.set(c, offset);
+    offset += c.length;
+  }
+  return out;
+}
+function slotsToMacCbor(slots, kem) {
+  let value;
+  if (kem === "x25519") {
+    value = slots.map((s) => ({ epk: s.epk, wrap: s.wrap }));
+  } else {
+    value = slots.map((s) => ({
+      // Canonicalize the chunk boundaries before the MAC commits to them:
+      // reassemble the logical ciphertext and re-split into canonical ≤ 64-byte
+      // chunks. The on-wire `kem_ct` array is a transport detail (the Cardano
+      // ledger's 64-byte metadatum cap), and a hostile or non-canonical chunking
+      // ([1, 63, …] instead of [64, …]) reassembles to the SAME bytes — so the
+      // MAC must be invariant to it. Committing to the verbatim wire chunks would
+      // let an attacker re-chunk an honest envelope and break the slots_mac match
+      // for an honest recipient. Honest (already-64B-chunked) records are
+      // unchanged; a real byte flip still changes the reassembled bytes and is
+      // still rejected.
+      kem_ct: chunkKemCt(joinKemCt(s.kem_ct)),
+      wrap: s.wrap
+    }));
+  }
+  return encodeCanonicalCbor4(value);
+}
+var CARDANO_POE_HKDF_INFO_KEK = new TextEncoder().encode("cardano-poe-kek-v1");
+var CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519 = new TextEncoder().encode(
+  "cardano-poe-kek-mlkem768x25519-v1"
+);
+var CARDANO_POE_HKDF_INFO_SLOTS_MAC = new TextEncoder().encode(
+  "cardano-poe-slots-mac-v1"
+);
+var ZERO_NONCE_12 = new Uint8Array(12);
+var EMPTY_SALT = new Uint8Array(0);
+var X25519_PUBLIC_KEY_LENGTH = 32;
+var X25519_SECRET_KEY_LENGTH = 32;
+var CEK_LENGTH = 32;
+var NONCE_LENGTH = 24;
+var WRAP_LENGTH = 48;
+var SLOTS_MAC_LENGTH = 32;
+if (CARDANO_POE_HKDF_INFO_KEK.length !== 18) {
+  throw new Error("CARDANO_POE_HKDF_INFO_KEK byte-length invariant violated (expected 18)");
+}
+if (CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519.length !== 33) {
+  throw new Error(
+    "CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519 byte-length invariant violated (expected 33)"
+  );
+}
+if (CARDANO_POE_HKDF_INFO_SLOTS_MAC.length !== 24) {
+  throw new Error("CARDANO_POE_HKDF_INFO_SLOTS_MAC byte-length invariant violated (expected 24)");
+}
+if (ZERO_NONCE_12.length !== 12) {
+  throw new Error("ZERO_NONCE_12 byte-length invariant violated (expected 12)");
+}
+function concat(a, b) {
+  const out = new Uint8Array(a.length + b.length);
+  out.set(a, 0);
+  out.set(b, a.length);
+  return out;
+}
+function uniformIndexBelow(m) {
+  const limit = 4294967296 - 4294967296 % m;
+  const buf = new Uint32Array(1);
+  let x;
+  do {
+    crypto.getRandomValues(buf);
+    x = buf[0];
+  } while (x >= limit);
+  return x % m;
+}
+function csprngShuffle(arr) {
+  for (let i = arr.length - 1; i > 0; i--) {
+    const j = uniformIndexBelow(i + 1);
+    const tmp = arr[i];
+    arr[i] = arr[j];
+    arr[j] = tmp;
+  }
+}
+function wrapSlotX25519(args) {
+  const privEph = args.privEph ?? randomBytes$1(X25519_SECRET_KEY_LENGTH);
+  if (privEph.length !== X25519_SECRET_KEY_LENGTH) {
+    throw new EciesSealedPoeError(
+      "INVALID_EPHEMERAL_SECRET_LENGTH",
+      `ephemeralSecrets[${args.slotIdx}] MUST be exactly ${X25519_SECRET_KEY_LENGTH} bytes, got ${privEph.length}`
+    );
+  }
+  const epk = x25519PublicKey({ secretKey: privEph });
+  const shared = x25519Ecdh({ secretKey: privEph, theirPublicKey: args.pubR });
+  const kek = hkdfSha256({
+    ikm: shared,
+    salt: concat(epk, args.pubR),
+    info: CARDANO_POE_HKDF_INFO_KEK,
+    length: 32
+  });
+  const wrap = chacha20Poly1305Encrypt({
+    key: kek,
+    nonce: ZERO_NONCE_12,
+    aad: CARDANO_POE_HKDF_INFO_KEK,
+    plaintext: args.cek
+  });
+  if (wrap.length !== WRAP_LENGTH) {
+    throw new Error(`internal: wrap.length=${wrap.length}, expected ${WRAP_LENGTH}`);
+  }
+  return { epk, wrap };
+}
+function wrapSlotMlkem768X25519(args) {
+  const { enc, ss } = mlkem768x25519Encapsulate({
+    publicKey: args.pubR,
+    ...args.eseed !== void 0 ? { eseed: args.eseed } : {}
+  });
+  if (enc.length !== MLKEM768X25519_ENC_LENGTH) {
+    throw new Error(`internal: enc.length=${enc.length}, expected ${MLKEM768X25519_ENC_LENGTH}`);
+  }
+  const kek = hkdfSha256({
+    ikm: ss,
+    salt: EMPTY_SALT,
+    info: CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519,
+    length: 32
+  });
+  const wrap = chacha20Poly1305Encrypt({
+    key: kek,
+    nonce: ZERO_NONCE_12,
+    aad: CARDANO_POE_HKDF_INFO_KEK_MLKEM768X25519,
+    plaintext: args.cek
+  });
+  if (wrap.length !== WRAP_LENGTH) {
+    throw new Error(`internal: wrap.length=${wrap.length}, expected ${WRAP_LENGTH}`);
+  }
+  return { kem_ct: chunkKemCt(enc), wrap };
+}
+function eciesSealedPoeWrap(args) {
+  const { plaintext, recipientPublicKeys } = args;
+  const kem = args.kem ?? "x25519";
+  const n = recipientPublicKeys.length;
+  if (n < 1) {
+    throw new EciesSealedPoeError(
+      "ENC_SLOTS_EMPTY",
+      `recipientPublicKeys.length=${n} must be >= 1`
+    );
+  }
+  const expectedPubLen = kem === "x25519" ? X25519_PUBLIC_KEY_LENGTH : MLKEM768X25519_PUBLIC_KEY_LENGTH;
+  for (let i = 0; i < n; i++) {
+    const pub = recipientPublicKeys[i];
+    if (pub === void 0 || pub.length !== expectedPubLen) {
+      throw new EciesSealedPoeError(
+        "KEM_EPK_LENGTH_MISMATCH",
+        `recipientPublicKeys[${i}] MUST be exactly ${expectedPubLen} bytes for kem='${kem}'`
+      );
+    }
+  }
+  if (kem === "x25519") {
+    if (args.eseeds !== void 0) {
+      throw new EciesSealedPoeError(
+        "EPHEMERAL_SECRETS_COUNT_MISMATCH",
+        "eseeds is an X-Wing (mlkem768x25519) override and MUST NOT be supplied for kem='x25519'"
+      );
+    }
+    if (args.ephemeralSecrets !== void 0 && args.ephemeralSecrets.length !== n) {
+      throw new EciesSealedPoeError(
+        "EPHEMERAL_SECRETS_COUNT_MISMATCH",
+        `ephemeralSecrets.length=${args.ephemeralSecrets.length} must match recipientPublicKeys.length=${n}`
+      );
+    }
+  } else {
+    if (args.ephemeralSecrets !== void 0) {
+      throw new EciesSealedPoeError(
+        "EPHEMERAL_SECRETS_COUNT_MISMATCH",
+        "ephemeralSecrets is an X25519 override and MUST NOT be supplied for kem='mlkem768x25519'"
+      );
+    }
+    if (args.eseeds !== void 0) {
+      if (args.eseeds.length !== n) {
+        throw new EciesSealedPoeError(
+          "EPHEMERAL_SECRETS_COUNT_MISMATCH",
+          `eseeds.length=${args.eseeds.length} must match recipientPublicKeys.length=${n}`
+        );
+      }
+      for (let i = 0; i < n; i++) {
+        const eseed = args.eseeds[i];
+        if (eseed.length !== MLKEM768X25519_ESEED_LENGTH) {
+          throw new EciesSealedPoeError(
+            "INVALID_EPHEMERAL_SECRET_LENGTH",
+            `eseeds[${i}] MUST be exactly ${MLKEM768X25519_ESEED_LENGTH} bytes, got ${eseed.length}`
+          );
+        }
+      }
+    }
+  }
+  const cek = args.cek ?? randomBytes$1(CEK_LENGTH);
+  const nonce = args.nonce ?? randomBytes$1(NONCE_LENGTH);
+  if (cek.length !== CEK_LENGTH) {
+    throw new EciesSealedPoeError(
+      "INVALID_CEK_LENGTH",
+      `cek MUST be exactly ${CEK_LENGTH} bytes, got ${cek.length}`
+    );
+  }
+  if (nonce.length !== NONCE_LENGTH) {
+    throw new EciesSealedPoeError(
+      "NONCE_LENGTH_MISMATCH",
+      `nonce MUST be exactly ${NONCE_LENGTH} bytes, got ${nonce.length}`
+    );
+  }
+  let envelope;
+  if (kem === "x25519") {
+    const slots = [];
+    for (let i = 0; i < n; i++) {
+      slots.push(
+        wrapSlotX25519({
+          pubR: recipientPublicKeys[i],
+          privEph: args.ephemeralSecrets ? args.ephemeralSecrets[i] : void 0,
+          cek,
+          slotIdx: i
+        })
+      );
+    }
+    if (args.skipShuffle !== true) {
+      csprngShuffle(slots);
+    }
+    const slotsMac = computeSlotsMac(cek, slots, "x25519");
+    envelope = {
+      scheme: 1,
+      aead: "xchacha20-poly1305",
+      kem: "x25519",
+      nonce,
+      slots,
+      slots_mac: slotsMac
+    };
+  } else {
+    const slots = [];
+    for (let i = 0; i < n; i++) {
+      slots.push(
+        wrapSlotMlkem768X25519({
+          pubR: recipientPublicKeys[i],
+          eseed: args.eseeds ? args.eseeds[i] : void 0,
+          cek
+        })
+      );
+    }
+    if (args.skipShuffle !== true) {
+      csprngShuffle(slots);
+    }
+    const slotsMac = computeSlotsMac(cek, slots, "mlkem768x25519");
+    envelope = {
+      scheme: 1,
+      aead: "xchacha20-poly1305",
+      kem: "mlkem768x25519",
+      nonce,
+      slots,
+      slots_mac: slotsMac
+    };
+  }
+  const adContent = concat(nonce, envelope.slots_mac);
+  const ciphertext = xchacha20Poly1305Encrypt({
+    key: cek,
+    nonce,
+    aad: adContent,
+    plaintext
+  });
+  return { envelope, ciphertext };
+}
+function computeSlotsMac(cek, slots, kem) {
+  const hmacKey = hkdfSha256({
+    ikm: cek,
+    salt: EMPTY_SALT,
+    info: CARDANO_POE_HKDF_INFO_SLOTS_MAC,
+    length: 32
+  });
+  const slotsCbor = slotsToMacCbor(slots, kem);
+  const slotsMac = hmac(sha256$1, hmacKey, slotsCbor);
+  if (slotsMac.length !== SLOTS_MAC_LENGTH) {
+    throw new Error(`internal: slots_mac.length=${slotsMac.length}, expected ${SLOTS_MAC_LENGTH}`);
+  }
+  return slotsMac;
+}
+
+// src/client/partial-upload-error.ts
+var PartialUploadError = class extends Error {
+  response;
+  failed;
+  constructor(response) {
+    const failed = response.uploads.filter((u) => u.ok === false);
+    super(
+      `${failed.length} of ${response.uploads.length} upload(s) failed: ${failed.map((f) => `[${f.idx}] ${f.error.code} \u2014 ${f.error.detail}`).join("; ")}`
+    );
+    this.name = "PartialUploadError";
+    this.response = response;
+    this.failed = failed;
+  }
+  /** Convenience: the `idx` of every failed entry, in input order. */
+  get failedIndices() {
+    return this.failed.map((f) => f.idx);
+  }
+};
+
+// src/client/publish.ts
+var ED25519_PUBLIC_KEY_LENGTH2 = 32;
+var ED25519_SIGNATURE_LENGTH2 = 64;
+var X25519_PUBLIC_KEY_LENGTH2 = 32;
+var MLKEM768X25519_PUBLIC_KEY_LENGTH2 = 1216;
+var LEAF_DIGEST_LENGTH = 32;
+var STORAGE_TARGET_ARWEAVE = "arweave";
+var PublishError = class extends Error {
+  code;
+  constructor(code, message) {
+    super(message);
+    this.name = "PublishError";
+    this.code = code;
+  }
+};
+function bytesToHex2(bytes) {
+  return Array.from(bytes, (b) => b.toString(16).padStart(2, "0")).join("");
+}
+function hexToBytes(hex) {
+  if (hex.length % 2 !== 0) {
+    throw new PublishError("INVALID_LEAVES", `hex string has odd length: ${hex.length}`);
+  }
+  const out = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < out.length; i++) {
+    const byte = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+    if (Number.isNaN(byte)) {
+      throw new PublishError("INVALID_LEAVES", `invalid hex byte at offset ${i * 2}`);
+    }
+    out[i] = byte;
+  }
+  return out;
+}
+function toBytes(content) {
+  if (typeof content === "string") return new TextEncoder().encode(content);
+  return content;
+}
+function cloneToOwnedBuffer(src) {
+  const out = new Uint8Array(new ArrayBuffer(src.length));
+  out.set(src);
+  return out;
+}
+function hashContent(bytes, alg) {
+  if (alg === "sha2-256") return cloneToOwnedBuffer(sha256(bytes));
+  if (alg === "blake2b-256") return cloneToOwnedBuffer(blake2b256(bytes));
+  throw new PublishError(
+    "UNSUPPORTED_HASH_ALG",
+    `hashAlg must be 'sha2-256' or 'blake2b-256', got '${alg}'`
+  );
+}
+function assertSigner(signer) {
+  if (!(signer.signerPubkey instanceof Uint8Array) || signer.signerPubkey.length !== ED25519_PUBLIC_KEY_LENGTH2) {
+    throw new PublishError(
+      "INVALID_SIGNER_PUBKEY",
+      `signer.signerPubkey must be a Uint8Array(${ED25519_PUBLIC_KEY_LENGTH2})`
+    );
+  }
+  if (typeof signer.sign !== "function") {
+    throw new PublishError("INVALID_SIGNER_PUBKEY", "signer.sign must be a function");
+  }
+}
+function buildJsonHeaders(apiKey, idempotencyKey) {
+  const headers = new Headers({ "content-type": "application/json", accept: "application/json" });
+  if (apiKey !== void 0) headers.set("authorization", `Bearer ${apiKey}`);
+  if (idempotencyKey !== void 0) headers.set("idempotency-key", idempotencyKey);
+  return headers;
+}
+function buildMultipartHeaders(apiKey, idempotencyKey) {
+  const headers = new Headers({ accept: "application/json" });
+  if (apiKey !== void 0) headers.set("authorization", `Bearer ${apiKey}`);
+  if (idempotencyKey !== void 0) headers.set("idempotency-key", idempotencyKey);
+  return headers;
+}
+async function readJson2(response) {
+  const text = await response.text();
+  if (text.length === 0) return null;
+  try {
+    return JSON.parse(text);
+  } catch {
+    return null;
+  }
+}
+function parseRetryAfter2(header) {
+  if (header === null) return void 0;
+  const parsed = Number(header);
+  return Number.isFinite(parsed) ? parsed : void 0;
+}
+async function throwIfNotOk2(response) {
+  if (response.ok) return;
+  const body = await readJson2(response);
+  const requestId = response.headers.get("x-request-id") ?? void 0;
+  const retryAfterSeconds = parseRetryAfter2(response.headers.get("retry-after"));
+  throw parseHttpError({ httpStatus: response.status, body, requestId, retryAfterSeconds });
+}
+async function signAndEncodeRecord(record, signer) {
+  const { sigStructureBytes } = prepareSigStructure({
+    record,
+    signerPubkey: signer.signerPubkey
+  });
+  const signature = await signer.sign(sigStructureBytes);
+  if (!(signature instanceof Uint8Array) || signature.length !== ED25519_SIGNATURE_LENGTH2) {
+    throw new PublishError(
+      "INVALID_SIGNER_SIGNATURE",
+      `signer.sign() must return a Uint8Array(${ED25519_SIGNATURE_LENGTH2}); got length ${signature instanceof Uint8Array ? signature.length : "non-Uint8Array"}`
+    );
+  }
+  const { sigEntry } = assembleCoseSign1({
+    signerPubkey: signer.signerPubkey,
+    signature
+  });
+  const signed = { ...record, sigs: [sigEntry] };
+  return encodePoeRecord(signed);
+}
+async function encodeRecord(record, signer) {
+  if (signer === void 0) return encodePoeRecord(record);
+  return signAndEncodeRecord(record, signer);
+}
+async function postPublish(config, recordBytesHex, quoteId, idempotencyKey) {
+  const body = { record: recordBytesHex, quote_id: quoteId };
+  const response = await config.fetch(`${config.baseUrl}/api/v1/poe/publish`, {
+    method: "POST",
+    headers: buildJsonHeaders(config.apiKey, idempotencyKey),
+    body: JSON.stringify(body)
+  });
+  await throwIfNotOk2(response);
+  const parsed = await readJson2(response);
+  return { ...parsed, dedup_hit: response.status === 200 };
+}
+async function postUploads(config, blobs, idempotencyKey) {
+  const form = new FormData();
+  form.append("target", STORAGE_TARGET_ARWEAVE);
+  for (let idx = 0; idx < blobs.length; idx++) {
+    const bytes = blobs[idx];
+    form.append(
+      `file_${idx}`,
+      new Blob([bytes], { type: "application/octet-stream" }),
+      `file_${idx}.bin`
+    );
+  }
+  const response = await config.fetch(`${config.baseUrl}/api/v1/poe/uploads`, {
+    method: "POST",
+    headers: buildMultipartHeaders(config.apiKey, idempotencyKey),
+    body: form
+  });
+  await throwIfNotOk2(response);
+  const result = await readJson2(response);
+  const anyFailed = result.uploads.some((u) => u.ok === false);
+  if (anyFailed) {
+    throw new PartialUploadError(result);
+  }
+  return result;
+}
+async function publishContent(config, input) {
+  if (input.signer !== void 0) assertSigner(input.signer);
+  const hashAlg = input.hashAlg ?? "sha2-256";
+  const contentBytes = toBytes(input.content);
+  const digest = hashContent(contentBytes, hashAlg);
+  const record = {
+    v: 1,
+    items: [{ hashes: { [hashAlg]: digest } }]
+  };
+  const recordBytes = await encodeRecord(record, input.signer);
+  return postPublish(config, bytesToHex2(recordBytes), input.quoteId, input.idempotencyKey);
+}
+var DIGEST_BYTE_LENGTH = {
+  "sha2-256": 32,
+  "blake2b-256": 32
+};
+async function publishPrehashed(config, input) {
+  if (input.signer !== void 0) assertSigner(input.signer);
+  const entries = Object.entries(input.hashes);
+  const present = entries.filter(([, hex]) => typeof hex === "string" && hex.length > 0);
+  if (present.length === 0) {
+    throw new PublishError(
+      "INVALID_DIGEST",
+      "publishPrehashed requires at least one digest in `hashes`"
+    );
+  }
+  const decoded = {};
+  for (const [alg, hex] of present) {
+    if (!(alg in DIGEST_BYTE_LENGTH)) {
+      throw new PublishError(
+        "UNSUPPORTED_HASH_ALG",
+        `unsupported hash algorithm '${alg}' (expected 'sha2-256' or 'blake2b-256')`
+      );
+    }
+    const bytes = hexToBytes(hex);
+    const expected = DIGEST_BYTE_LENGTH[alg];
+    if (bytes.length !== expected) {
+      throw new PublishError(
+        "INVALID_DIGEST",
+        `hashes[${alg}] must be a ${expected}-byte digest (got ${bytes.length} bytes)`
+      );
+    }
+    decoded[alg] = cloneToOwnedBuffer(bytes);
+  }
+  const record = {
+    v: 1,
+    items: [{ hashes: decoded }]
+  };
+  const recordBytes = await encodeRecord(record, input.signer);
+  return postPublish(config, bytesToHex2(recordBytes), input.quoteId, input.idempotencyKey);
+}
+async function publishSealed(config, input) {
+  if (input.signer !== void 0) assertSigner(input.signer);
+  if (input.recipients.length < 1) {
+    throw new PublishError(
+      "INVALID_RECIPIENT",
+      "publishSealed requires at least one recipient public key"
+    );
+  }
+  const kem = input.kem ?? "mlkem768x25519";
+  const expectedRecipientLength = kem === "x25519" ? X25519_PUBLIC_KEY_LENGTH2 : MLKEM768X25519_PUBLIC_KEY_LENGTH2;
+  for (let i = 0; i < input.recipients.length; i++) {
+    const pub = input.recipients[i];
+    if (!(pub instanceof Uint8Array) || pub.length !== expectedRecipientLength) {
+      throw new PublishError(
+        "INVALID_RECIPIENT",
+        `recipients[${i}] must be a ${expectedRecipientLength}-byte public key for kem='${kem}'`
+      );
+    }
+  }
+  const hashAlg = input.hashAlg ?? "sha2-256";
+  const plaintext = toBytes(input.content);
+  const plaintextDigest = hashContent(plaintext, hashAlg);
+  const sealed = eciesSealedPoeWrap({
+    plaintext,
+    recipientPublicKeys: input.recipients.map((r) => r),
+    kem
+  });
+  const uploadsResp = await postUploads(config, [sealed.ciphertext], input.idempotencyKey);
+  const uri = uploadsResp.uploads[0].uri;
+  const env = sealed.envelope;
+  const slots = env.kem === "mlkem768x25519" ? env.slots.map((s) => ({
+    kem_ct: s.kem_ct.map((c) => cloneToOwnedBuffer(c)),
+    wrap: cloneToOwnedBuffer(s.wrap)
+  })) : env.slots.map((s) => ({
+    epk: cloneToOwnedBuffer(s.epk),
+    wrap: cloneToOwnedBuffer(s.wrap)
+  }));
+  const envelope = {
+    scheme: 1,
+    aead: env.aead,
+    kem: env.kem,
+    nonce: cloneToOwnedBuffer(env.nonce),
+    slots,
+    slots_mac: cloneToOwnedBuffer(env.slots_mac)
+  };
+  const record = {
+    v: 1,
+    items: [
+      {
+        hashes: { [hashAlg]: plaintextDigest },
+        uris: [chunkUri(uri)],
+        enc: envelope
+      }
+    ]
+  };
+  const recordBytes = await encodeRecord(record, input.signer);
+  return postPublish(config, bytesToHex2(recordBytes), input.quoteId, input.idempotencyKey);
+}
+async function publishMerkle(config, input) {
+  if (input.signer !== void 0) assertSigner(input.signer);
+  if (input.hashAlg !== void 0 && input.hashAlg !== "sha2-256") {
+    throw new PublishError(
+      "UNSUPPORTED_HASH_ALG",
+      `publishMerkle only supports 'sha2-256' leaves; got '${input.hashAlg}'`
+    );
+  }
+  if (input.leaves.length < 1) {
+    throw new PublishError("INVALID_LEAVES", "publishMerkle requires at least one leaf hash");
+  }
+  const leaves = input.leaves.map((leaf, idx) => {
+    const bytes = typeof leaf === "string" ? hexToBytes(leaf) : leaf;
+    if (!(bytes instanceof Uint8Array) || bytes.length !== LEAF_DIGEST_LENGTH) {
+      throw new PublishError(
+        "INVALID_LEAVES",
+        `leaves[${idx}] must be a ${LEAF_DIGEST_LENGTH}-byte sha2-256 digest`
+      );
+    }
+    return bytes;
+  });
+  const root = cloneToOwnedBuffer(merkleSha2256Root(leaves));
+  const leavesListCbor = encodeLeavesList({ leaves, root });
+  const uploadsResp = await postUploads(config, [leavesListCbor], input.idempotencyKey);
+  const uri = uploadsResp.uploads[0].uri;
+  const merkleEntry = {
+    alg: MERKLE_ALG_ID,
+    root,
+    leaf_count: leaves.length,
+    uris: [chunkUri(uri)]
+  };
+  const record = { v: 1, merkle: [merkleEntry] };
+  const recordBytes = await encodeRecord(record, input.signer);
+  const published = await postPublish(
+    config,
+    bytesToHex2(recordBytes),
+    input.quoteId,
+    input.idempotencyKey
+  );
+  return {
+    id: published.id,
+    tx_hash: published.tx_hash,
+    status: published.status,
+    root: bytesToHex2(root),
+    leaf_count: leaves.length,
+    ar_uri: uri,
+    balance_after_usd_micros: published.balance_after_usd_micros
+  };
+}
+
+// src/client/poe.ts
+function buildJsonHeaders2(args) {
+  const headers = new Headers({ "content-type": "application/json", accept: "application/json" });
+  if (args.apiKey !== void 0) headers.set("authorization", `Bearer ${args.apiKey}`);
+  if (args.idempotencyKey !== void 0) headers.set("idempotency-key", args.idempotencyKey);
+  return headers;
+}
+function buildMultipartHeaders2(args) {
+  const headers = new Headers({ accept: "application/json" });
+  if (args.apiKey !== void 0) headers.set("authorization", `Bearer ${args.apiKey}`);
+  if (args.idempotencyKey !== void 0) headers.set("idempotency-key", args.idempotencyKey);
+  return headers;
+}
+function toHex(record) {
+  return typeof record === "string" ? record : bytesToHex(record);
+}
+var PoeNamespace = class {
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * Request an opaque price lock for an upcoming /publish call. The gateway
+   * prices the described publish from the supplied byte counts, records the
+   * lock, and returns a sealed price token: `quote_id`, the total `amount` in
+   * `currency`, and an `expires_at`. The gateway's pricing internals are
+   * deliberately NOT part of the response.
+   *
+   * `amount` is a decimal string; promote it to `BigInt` (or a decimal type)
+   * at the application boundary if you need exact arithmetic.
+   *
+   * Pass the returned `quote_id` to `publish()` (or one of the high-level
+   * `publishContent` / `publishSealed` / `publishMerkle` helpers).
+   */
+  async quote(input) {
+    const body = {
+      record_bytes: input.recordBytes,
+      recipient_count: input.recipientCount,
+      file_bytes_total: input.fileBytesTotal
+    };
+    const response = await this.config.fetch(`${this.config.baseUrl}/api/v1/poe/quote`, {
+      method: "POST",
+      headers: buildJsonHeaders2({ apiKey: this.config.apiKey }),
+      body: JSON.stringify(body)
+    });
+    await throwIfNotOk(response);
+    return await readJson(response);
+  }
+  /**
+   * Upload 1..32 binary files to a storage backend. Returns one entry per file
+   * — successful entries carry the `ar://` URI + content hash, failed entries
+   * carry an error code / detail so the caller can retry just the failed
+   * indices.
+   *
+   * Billing: free. The storage cost is part of the publish quote (POST
+   * /api/v1/poe/quote → POST /api/v1/poe/publish) and is debited once at
+   * publish time against the locked price snapshot.
+   *
+   * On HTTP-level failure (auth, rate limit, malformed request) this throws
+   * a typed `Cip309HttpError` subclass. Per-file failures inside a 200
+   * response are NOT thrown by `uploads()` itself — the response body is
+   * returned verbatim so the caller can decide how to react. The
+   * higher-level helpers (`publishSealed`, `publishMerkle`) treat any failed
+   * file as a `PartialUploadError`.
+   */
+  async uploads(input) {
+    const form = new FormData();
+    form.append("target", input.target);
+    for (let idx = 0; idx < input.data.length; idx++) {
+      const bytes = input.data[idx];
+      form.append(
+        `file_${idx}`,
+        new Blob([bytes], { type: "application/octet-stream" }),
+        `file_${idx}.bin`
+      );
+    }
+    const headers = buildMultipartHeaders2({
+      apiKey: this.config.apiKey,
+      idempotencyKey: input.idempotencyKey
+    });
+    const response = await this.config.fetch(`${this.config.baseUrl}/api/v1/poe/uploads`, {
+      method: "POST",
+      headers,
+      body: form
+    });
+    await throwIfNotOk(response);
+    return await readJson(response);
+  }
+  /**
+   * Submit a single finalised canonical-CBOR record to Cardano. Caller is
+   * responsible for constructing the record bytes (use `publishContent` /
+   * `publishSealed` / `publishMerkle` for the assisted flows) and for
+   * acquiring a `quote_id` via `quote()` first.
+   *
+   * Returns 202 (`dedup_hit: false`) on freshly enqueued records, or 200
+   * (`dedup_hit: true`) when the same record bytes were previously submitted
+   * by this account. Dedup hits debit nothing.
+   */
+  async publish(input) {
+    const body = {
+      record: toHex(input.record),
+      quote_id: input.quoteId
+    };
+    if (input.signatures !== void 0) body.signatures = input.signatures;
+    const response = await this.config.fetch(`${this.config.baseUrl}/api/v1/poe/publish`, {
+      method: "POST",
+      headers: buildJsonHeaders2({
+        apiKey: this.config.apiKey,
+        idempotencyKey: input.idempotencyKey
+      }),
+      body: JSON.stringify(body)
+    });
+    await throwIfNotOk(response);
+    const parsed = await readJson(response);
+    return { ...parsed, dedup_hit: response.status === 200 };
+  }
+  /**
+   * Submit 1..50 finalised records as independent Cardano transactions.
+   * Each entry carries its own `quote_id` — request quotes ahead of time
+   * with one `quote()` call per record. Returns 200 with `results[]` —
+   * successful entries land alongside failed ones; per-record errors do NOT
+   * roll back the batch.
+   */
+  async publishBatch(input) {
+    const body = {
+      records: input.records.map((r) => ({
+        record: toHex(r.record),
+        quote_id: r.quoteId,
+        ...r.signatures !== void 0 ? { signatures: r.signatures } : {}
+      }))
+    };
+    const response = await this.config.fetch(`${this.config.baseUrl}/api/v1/poe/publish-batch`, {
+      method: "POST",
+      headers: buildJsonHeaders2({
+        apiKey: this.config.apiKey,
+        idempotencyKey: input.idempotencyKey
+      }),
+      body: JSON.stringify(body)
+    });
+    await throwIfNotOk(response);
+    return await readJson(response);
+  }
+  /**
+   * High-level hash-only publish: hash the supplied content, build a
+   * single-item CIP-309 record, optionally sign it with the caller-supplied
+   * signer, and submit. No Arweave, no storage round-trip — anchors the
+   * digest only.
+   */
+  async publishContent(input) {
+    return publishContent(this.config, input);
+  }
+  /**
+   * Hash-already-computed publish: caller already holds the digest(s) — e.g.
+   * the CLI `--hash <hex>` mode, an air-gapped offline hashing flow, or any
+   * pipeline that proxies digests from another tool. No client-side hashing.
+   */
+  async publishPrehashed(input) {
+    return publishPrehashed(this.config, input);
+  }
+  /**
+   * Sealed-PoE: encrypt the supplied content to the recipient X25519 public
+   * keys (age-style sealed envelope), upload the ciphertext to Arweave via
+   * /uploads, build a CIP-309 record with the resulting `ar://` URI, sign
+   * it (optional), and submit via /publish.
+   *
+   * The sender SHOULD include their own X25519 public key in `recipients`
+   * to retain decrypt access — the SDK does NOT inject the sender silently.
+   */
+  async publishSealed(input) {
+    return publishSealed(this.config, input);
+  }
+  /**
+   * Merkle batch publish: compute the RFC 9162 §2.1.1 root over N
+   * caller-supplied 32-byte leaf hashes, upload the canonical leaves-list
+   * CBOR to Arweave via /uploads, bind the root + leaf_count into
+   * `merkle[0]` of an on-chain record, optionally sign, and submit.
+   *
+   * Returns the on-chain id + tx hash + root + leaf count + the canonical
+   * `ar://<tx>` URI of the leaves-list. Anyone with that URI can later
+   * fetch the leaves-list, recompute the root, and prove inclusion of any
+   * leaf via `merkleSha2256VerifyInclusion`.
+   */
+  async publishMerkle(input) {
+    return publishMerkle(this.config, input);
+  }
+};
+
+// src/client/records.ts
+function buildHeaders2(apiKey) {
+  const headers = new Headers({
+    "content-type": "application/json",
+    accept: "application/json"
+  });
+  if (apiKey !== void 0) headers.set("authorization", `Bearer ${apiKey}`);
+  return headers;
+}
+function deriveTipBlockHeight(records) {
+  let tip = null;
+  for (const r of records) {
+    if (r.block_height === null) continue;
+    const candidate = r.block_height + r.num_confirmations - 1;
+    tip = tip === null ? candidate : Math.max(tip, candidate);
+  }
+  return tip;
+}
+var RecordsNamespace = class {
+  config;
+  constructor(config) {
+    this.config = config;
+  }
+  /**
+   * List records as a paginated `RecordsListResponse` whose `data[]` entries
+   * are the same `RecordResource` projection `get()` returns.
+   *
+   * Pass `{ sealed: true }` to restrict the page to sealed records addressed
+   * to the authenticated caller (the gateway resolves the recipient from the
+   * bearer identity); omit it to list every record the caller may read. Page
+   * with `{ cursor: previous.next_cursor }` until `has_more` is false.
+   */
+  async list(input) {
+    const params = new URLSearchParams();
+    if (input?.sealed === true) params.set("sealed", "true");
+    if (input?.limit !== void 0) params.set("limit", String(input.limit));
+    if (input?.cursor !== void 0 && input.cursor !== null) {
+      params.set("cursor", input.cursor);
+    }
+    const query = params.toString();
+    const url = `${this.config.baseUrl}/api/v1/records${query === "" ? "" : `?${query}`}`;
+    const response = await this.config.fetch(url, {
+      method: "GET",
+      headers: buildHeaders2(this.config.apiKey)
+    });
+    await throwIfNotOk(response);
+    const page = await readJson(response);
+    if (page.tip_block_height === void 0 || page.tip_block_height === null) {
+      return { ...page, tip_block_height: deriveTipBlockHeight(page.data) };
+    }
+    return page;
+  }
+  /**
+   * Fetch a record by Cardano transaction hash. Returns the JSON
+   * `RecordResource` projection — same shape every `records.list` page entry
+   * carries inside `data[]`.
+   *
+   * 404 (RecordNotFoundError) on tx_hashes the indexer has not seen, OR on
+   * un-anchored rows when the caller is not their owner (oracle-safe
+   * indistinguishable response per the route's privacy invariant).
+   */
+  async get(txHash) {
+    const response = await this.config.fetch(
+      `${this.config.baseUrl}/api/v1/records/${encodeURIComponent(txHash)}`,
+      {
+        method: "GET",
+        headers: buildHeaders2(this.config.apiKey)
+      }
+    );
+    await throwIfNotOk(response);
+    return await readJson(response);
+  }
+  /**
+   * Run the canonical CIP-309 verifier against the record at `txHash`.
+   * Returns the same `VerifyReport` shape the standalone verifier emits —
+   * `VerifyReport` IS the wire body of this endpoint, with no transformer in
+   * between.
+   *
+   * Auth required (Bearer with `poe:read` scope, or NextAuth session
+   * cookie). Optional `verify_uris` toggles URI hash-equivalence checks;
+   * `decryption[]` drives trial-decrypt of sealed envelopes per item.
+   */
+  async verify(txHash, input) {
+    const response = await this.config.fetch(
+      `${this.config.baseUrl}/api/v1/records/${encodeURIComponent(txHash)}/verify`,
+      {
+        method: "POST",
+        headers: buildHeaders2(this.config.apiKey),
+        body: JSON.stringify(input ?? {})
+      }
+    );
+    await throwIfNotOk(response);
+    return await readJson(response);
+  }
+};
+
+// src/client/cip309-client.ts
+function resolveFetch(provided) {
+  if (provided !== void 0) return provided;
+  if (typeof globalThis.fetch === "function") {
+    return globalThis.fetch.bind(globalThis);
+  }
+  throw new Error(
+    "Cip309Client: no fetch implementation available. Pass `fetch` in the config or run on a platform with globalThis.fetch."
+  );
+}
+function resolveBaseUrl(config) {
+  const baseUrl = config.baseUrl?.trim();
+  if (baseUrl === void 0 || baseUrl === "") {
+    throw new InvalidClientConfigError(
+      "Cip309Client: baseUrl is required. Pass the base URL of the CIP-309 gateway you are targeting (e.g. https://gateway.example.com)."
+    );
+  }
+  return baseUrl.replace(/\/$/, "");
+}
+var Cip309Client = class {
+  poe;
+  records;
+  account;
+  /**
+   * Construct a client against a CIP-309 gateway.
+   *
+   * `config.baseUrl` is required — there is no default deployment. The
+   * `config.apiKey`, when supplied, is an opaque bearer token sent verbatim as
+   * `Authorization: Bearer <apiKey>`; omit it for anonymous read-only access.
+   *
+   * PoE submissions debit the gateway's own balance model. Acquire a price lock
+   * via `client.poe.quote(...)` first; the resulting `quote_id` is consumed by
+   * the publish call.
+   */
+  constructor(config) {
+    const fetchImpl = resolveFetch(config.fetch);
+    const baseUrl = resolveBaseUrl(config);
+    const resolved = { apiKey: config.apiKey, baseUrl, fetch: fetchImpl };
+    this.poe = new PoeNamespace(resolved);
+    this.records = new RecordsNamespace(resolved);
+    this.account = new AccountNamespace(resolved);
+  }
+};
+/*! Bundled license information:
+
+@noble/post-quantum/utils.js:
+@noble/post-quantum/_crystals.js:
+@noble/post-quantum/ml-kem.js:
+@noble/post-quantum/hybrid.js:
+  (*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) *)
+*/
+
+export { AccountNamespace, BatchEmptyError, BatchTooLargeError, Cip309Client, Cip309HttpError, ForbiddenError, IdempotencyConflictError, InsufficientFundsError, InsufficientScopeError, InternalServerError, InvalidBodyError, InvalidClientConfigError, MalformedCborError, NotFoundError, OffHostSignError, PartialUploadError, PoeNamespace, PublishError, QuoteAlreadyConsumedError, QuoteExpiredError, QuoteNotFoundError, RateLimitedError, RecordNotFoundError, RecordsNamespace, ServiceUnavailableError, UnauthorizedError, ValidationFailedError, assembleCoseSign1, assembleCoseSign1Hashed, buildToSign, parseHttpError, prepareSigStructure, prepareSigStructureHashed };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map