@did-btcr2/api 0.7.0 → 0.9.0

package/dist/browser.js

@@ -225,7 +225,7 @@ var BTCR2 = (() => {
     "../../node_modules/.pnpm/buffer@5.7.1/node_modules/buffer/index.js"(exports) {
       "use strict";
       init_shim();
-      var base648 = require_base64_js();
+      var base647 = require_base64_js();
       var ieee754 = require_ieee754();
       var customInspectSymbol = typeof Symbol === "function" && typeof Symbol["for"] === "function" ? Symbol["for"]("nodejs.util.inspect.custom") : null;
       exports.Buffer = Buffer3;
@@ -926,9 +926,9 @@ var BTCR2 = (() => {
       };
       function base64Slice(buf2, start2, end) {
         if (start2 === 0 && end === buf2.length) {
-          return base648.fromByteArray(buf2);
+          return base647.fromByteArray(buf2);
         } else {
-          return base648.fromByteArray(buf2.slice(start2, end));
+          return base647.fromByteArray(buf2.slice(start2, end));
         }
       }
       function utf8Slice2(buf2, start2, end) {
@@ -1563,7 +1563,7 @@ var BTCR2 = (() => {
         return byteArray;
       }
       function base64ToBytes(str) {
-        return base648.toByteArray(base64clean(str));
+        return base647.toByteArray(base64clean(str));
       }
       function blitBuffer(src6, dst, offset, length9) {
         for (var i5 = 0; i5 < length9; ++i5) {
@@ -58469,11 +58469,11 @@ ${[...listenStats.errors.entries()].map(([addr, err]) => {
       return "";
     }
     const dif = fullLength - str.length;
-    const padding3 = new Array(dif);
+    const padding2 = new Array(dif);
     for (let i42 = 0; i42 < dif; i42++) {
-      padding3[i42] = "0";
+      padding2[i42] = "0";
     }
-    const paddingString = padding3.join("");
+    const paddingString = padding2.join("");
     return paddingString.concat(str);
   }
   var log22;
@@ -105320,32 +105320,6 @@ a=end-of-candidates
     };
   }
   // @__NO_SIDE_EFFECTS__
-  function padding(bits, chr = "=") {
-    anumber2(bits);
-    astr("padding", chr);
-    return {
-      encode(data) {
-        astrArr("padding.encode", data);
-        while (data.length * bits % 8)
-          data.push(chr);
-        return data;
-      },
-      decode(input) {
-        astrArr("padding.decode", input);
-        let end = input.length;
-        if (end * bits % 8)
-          throw new Error("padding: invalid, string should have whole number of bytes");
-        for (; end > 0 && input[end - 1] === chr; end--) {
-          const last = end - 1;
-          const byte = last * bits;
-          if (byte % 8 === 0)
-            throw new Error("padding: invalid, string has too much padding");
-        }
-        return input.slice(0, end);
-      }
-    };
-  }
-  // @__NO_SIDE_EFFECTS__
   function normalize(fn) {
     afn(fn);
     return { encode: (from82) => from82, decode: (to) => fn(to) };
@@ -105406,7 +105380,7 @@ a=end-of-candidates
       res.push(2 ** i42);
     return res;
   })();
-  function convertRadix2(data, from82, to, padding3) {
+  function convertRadix2(data, from82, to, padding2) {
     aArr(data);
     if (from82 <= 0 || from82 > 32)
       throw new Error(`convertRadix2: wrong from=${from82}`);
@@ -105436,11 +105410,11 @@ a=end-of-candidates
       carry &= pow32 - 1;
     }
     carry = carry << to - pos & mask;
-    if (!padding3 && pos >= from82)
+    if (!padding2 && pos >= from82)
       throw new Error("Excess padding");
-    if (!padding3 && carry > 0)
+    if (!padding2 && carry > 0)
       throw new Error(`Non-zero padding: ${carry}`);
-    if (padding3 && pos > 0)
+    if (padding2 && pos > 0)
       res.push(carry >>> 0);
     return res;
   }
@@ -105514,24 +105488,6 @@ a=end-of-candidates
       }
     };
   }
-  var hasBase64Builtin = /* @__PURE__ */ (() => typeof Uint8Array.from([]).toBase64 === "function" && typeof Uint8Array.fromBase64 === "function")();
-  var decodeBase64Builtin = (s2, isUrl) => {
-    astr("base64", s2);
-    const re = isUrl ? /^[A-Za-z0-9=_-]+$/ : /^[A-Za-z0-9=+/]+$/;
-    const alphabet52 = isUrl ? "base64url" : "base64";
-    if (s2.length > 0 && !re.test(s2))
-      throw new Error("invalid base64");
-    return Uint8Array.fromBase64(s2, { alphabet: alphabet52, lastChunkHandling: "strict" });
-  };
-  var base64 = hasBase64Builtin ? {
-    encode(b) {
-      abytes2(b);
-      return b.toBase64();
-    },
-    decode(s2) {
-      return decodeBase64Builtin(s2, false);
-    }
-  } : /* @__PURE__ */ chain(/* @__PURE__ */ radix2(6), /* @__PURE__ */ alphabet("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"), /* @__PURE__ */ padding(6), /* @__PURE__ */ join(""));
   var base64urlnopad = /* @__PURE__ */ chain(/* @__PURE__ */ radix2(6), /* @__PURE__ */ alphabet("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"), /* @__PURE__ */ join(""));
   var genBase58 = /* @__NO_SIDE_EFFECTS__ */ (abc) => /* @__PURE__ */ chain(/* @__PURE__ */ radix(58), /* @__PURE__ */ alphabet(abc), /* @__PURE__ */ join(""));
   var base58 = /* @__PURE__ */ genBase58("123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz");
@@ -109857,7 +109813,7 @@ a=end-of-candidates
     };
   }
   // @__NO_SIDE_EFFECTS__
-  function padding2(bits, chr = "=") {
+  function padding(bits, chr = "=") {
     anumber4(bits);
     astr2("padding", chr);
     return {
@@ -109938,7 +109894,7 @@ a=end-of-candidates
       res.push(2 ** i42);
     return res;
   })();
-  function convertRadix22(data, from82, to, padding3) {
+  function convertRadix22(data, from82, to, padding2) {
     aArr2(data);
     if (from82 <= 0 || from82 > 32)
       throw new Error(`convertRadix2: wrong from=${from82}`);
@@ -109968,11 +109924,11 @@ a=end-of-candidates
       carry &= pow32 - 1;
     }
     carry = carry << to - pos & mask;
-    if (!padding3 && pos >= from82)
+    if (!padding2 && pos >= from82)
       throw new Error("Excess padding");
-    if (!padding3 && carry > 0)
+    if (!padding2 && carry > 0)
       throw new Error(`Non-zero padding: ${carry}`);
-    if (padding3 && pos > 0)
+    if (padding2 && pos > 0)
       res.push(carry >>> 0);
     return res;
   }
@@ -110020,8 +109976,8 @@ a=end-of-candidates
       }
     };
   }
-  var hasBase64Builtin2 = /* @__PURE__ */ (() => typeof Uint8Array.from([]).toBase64 === "function" && typeof Uint8Array.fromBase64 === "function")();
-  var decodeBase64Builtin2 = (s2, isUrl) => {
+  var hasBase64Builtin = /* @__PURE__ */ (() => typeof Uint8Array.from([]).toBase64 === "function" && typeof Uint8Array.fromBase64 === "function")();
+  var decodeBase64Builtin = (s2, isUrl) => {
     astr2("base64", s2);
     const re = isUrl ? /^[A-Za-z0-9=_-]+$/ : /^[A-Za-z0-9=+/]+$/;
     const alphabet52 = isUrl ? "base64url" : "base64";
@@ -110029,15 +109985,15 @@ a=end-of-candidates
       throw new Error("invalid base64");
     return Uint8Array.fromBase64(s2, { alphabet: alphabet52, lastChunkHandling: "strict" });
   };
-  var base642 = hasBase64Builtin2 ? {
+  var base64 = hasBase64Builtin ? {
     encode(b) {
       abytes4(b);
       return b.toBase64();
     },
     decode(s2) {
-      return decodeBase64Builtin2(s2, false);
+      return decodeBase64Builtin(s2, false);
     }
-  } : /* @__PURE__ */ chain2(/* @__PURE__ */ radix22(6), /* @__PURE__ */ alphabet2("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"), /* @__PURE__ */ padding2(6), /* @__PURE__ */ join2(""));
+  } : /* @__PURE__ */ chain2(/* @__PURE__ */ radix22(6), /* @__PURE__ */ alphabet2("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"), /* @__PURE__ */ padding(6), /* @__PURE__ */ join2(""));
   var genBase582 = /* @__NO_SIDE_EFFECTS__ */ (abc) => /* @__PURE__ */ chain2(/* @__PURE__ */ radix3(58), /* @__PURE__ */ alphabet2(abc), /* @__PURE__ */ join2(""));
   var base582 = /* @__PURE__ */ genBase582("123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz");
   var BECH_ALPHABET2 = /* @__PURE__ */ chain2(/* @__PURE__ */ alphabet2("qpzry9x8gf2tvdw0s3jn54khce6mua7l"), /* @__PURE__ */ join2(""));
@@ -112263,123 +112219,23 @@ a=end-of-candidates
     }
     return s2;
   }
-  function hexToHash(hex22) {
-    validateHex(hex22, true);
-    const hash32 = new Uint8Array(HASH_BYTE_LENGTH);
-    for (let i42 = 0; i42 < HASH_BYTE_LENGTH; i42++) {
-      hash32[i42] = Number.parseInt(hex22.substring(i42 * 2, i42 * 2 + 2), 16);
-    }
-    return hash32;
-  }
-  function bigIntToHex(value2, padded) {
-    const s2 = value2.toString(16);
-    return padded ? s2.padStart(HASH_HEX_LENGTH, "0") : s2;
-  }
-  function hexToBigInt(hex22, padded) {
-    validateHex(hex22, padded);
-    return BigInt(`0x${hex22}`);
-  }
   function hashesEqual(a2, b) {
     if (!isValidHash(a2) || !isValidHash(b))
       return false;
     return equalBytes(a2, b);
   }
-  function hashToBase64(hash32) {
+  function hashToBase64Url(hash32) {
     validateHash(hash32);
-    return base64.encode(hash32);
+    return base64urlnopad.encode(hash32);
   }
-  function base64ToHash(b64) {
-    const hash32 = base64.decode(b64);
+  function base64UrlToHash(b64u) {
+    const hash32 = base64urlnopad.decode(b64u);
     if (hash32.length !== HASH_BYTE_LENGTH) {
-      throw new RangeError(`Invalid base64 hash: expected ${HASH_BYTE_LENGTH} decoded bytes, got ${hash32.length}`);
+      throw new RangeError(`Invalid base64url hash: expected ${HASH_BYTE_LENGTH} decoded bytes, got ${hash32.length}`);
     }
     return hash32;
   }
-  function bigIntToBase64(value2, padded) {
-    let bytes32 = bigIntToHash(value2);
-    if (!padded) {
-      const firstNonZero = bytes32.findIndex((b) => b !== 0);
-      bytes32 = firstNonZero === -1 ? new Uint8Array(1) : bytes32.slice(firstNonZero);
-    }
-    return base64.encode(bytes32);
-  }
-  function base64ToBigInt(b64, padded) {
-    const bytes32 = base64.decode(b64);
-    if (padded && bytes32.length !== HASH_BYTE_LENGTH) {
-      throw new RangeError(`Invalid padded base64 bigint: expected ${HASH_BYTE_LENGTH} decoded bytes, got ${bytes32.length}`);
-    }
-    if (bytes32.length > HASH_BYTE_LENGTH) {
-      throw new RangeError(`Value exceeds ${HASH_BYTE_LENGTH} bytes`);
-    }
-    let value2 = 0n;
-    for (const byte of bytes32) {
-      value2 = value2 << 8n | BigInt(byte);
-    }
-    return value2;
-  }
-  var HEX_RE = /^[0-9A-Fa-f]+$/;
-  function validateHex(s2, requireHashLength) {
-    const len = s2.length;
-    const minLen = requireHashLength ? HASH_HEX_LENGTH : 1;
-    if (len < minLen || len > HASH_HEX_LENGTH || !HEX_RE.test(s2)) {
-      throw new RangeError(`Invalid hex string: expected ${requireHashLength ? HASH_HEX_LENGTH : "1-" + HASH_HEX_LENGTH} hex characters, got ${len}`);
-    }
-  }
   init_shim2();
-  var BaseNode = class {
-    #index;
-    #depth;
-    constructor(index, depth) {
-      this.#index = index;
-      this.#depth = depth;
-    }
-    get index() {
-      return this.#index;
-    }
-    get depth() {
-      return this.#depth;
-    }
-  };
-  var LeafNode = class extends BaseNode {
-    #hash = null;
-    get hash() {
-      return this.#hash;
-    }
-    set hash(value2) {
-      if (this.#hash !== null) {
-        throw new RangeError("Leaf hash already set");
-      }
-      this.#hash = value2;
-    }
-    reset() {
-      this.#hash = null;
-    }
-  };
-  var ParentNode = class extends BaseNode {
-    #left;
-    #right;
-    constructor(index, depth, left, right) {
-      super(index, depth);
-      this.#left = left;
-      this.#right = right;
-    }
-    get left() {
-      return this.#left;
-    }
-    set left(node) {
-      this.#left = node;
-    }
-    get right() {
-      return this.#right;
-    }
-    set right(node) {
-      this.#right = node;
-    }
-    reset() {
-      this.#left.reset();
-      this.#right.reset();
-    }
-  };
   init_shim2();
   var ValidationState;
   (function(ValidationState2) {
@@ -112387,375 +112243,80 @@ a=end-of-candidates
     ValidationState2[ValidationState2["Valid"] = 1] = "Valid";
     ValidationState2[ValidationState2["Invalid"] = 2] = "Invalid";
   })(ValidationState || (ValidationState = {}));
-  var SMTProof = class _SMTProof {
-    #converge;
-    #hashes;
-    constructor(converge, hashes2) {
-      this.#converge = converge;
-      this.#hashes = hashes2;
-    }
-    /** Converge bitmap: bit `i` set means a sibling hash exists at depth `256 - i - 1`. */
-    get converge() {
-      return this.#converge;
-    }
-    /** Sibling hashes at converge points, ordered leaf-to-root. */
-    get hashes() {
-      return this.#hashes;
-    }
-    /**
-     * Verify this proof for a single leaf.
-     *
-     * @param index         - Leaf index in the 256-bit key space.
-     * @param candidateHash - Expected leaf hash.
-     * @param rootHash      - Expected root hash.
-     * @returns `true` if the proof is valid.
-     */
-    isValid(index, candidateHash, rootHash) {
-      return this.#validate(index, candidateHash, rootHash);
-    }
-    /**
-     * Batch-validate multiple proofs against the same root hash.
-     *
-     * Caches intermediate (partial) proofs so that subsequent candidates
-     * sharing an ancestor path can short-circuit once a cached match is found.
-     *
-     * @yields One {@link SMTProofResult} per candidate.
-     */
-    static *isValidBatch(candidates, rootHash) {
-      const cache42 = /* @__PURE__ */ new Map();
-      for (const candidate of candidates) {
-        const added = [];
-        const { index } = candidate;
-        const valid = candidate.proof.#validate(index | OUTER_BIT, candidate.hash, rootHash, (nodeIndex, partial) => {
-          const cached = cache42.get(nodeIndex);
-          if (cached === void 0) {
-            cache42.set(nodeIndex, partial);
-            added.push(nodeIndex);
-            return ValidationState.Pending;
-          }
-          if (hashesEqual(partial.hash, cached.hash) && partial.converge === cached.converge && partial.hashes.length === cached.hashes.length && partial.hashes.every((h, i42) => hashesEqual(h, cached.hashes[i42]))) {
-            return ValidationState.Valid;
-          }
-          return ValidationState.Invalid;
-        });
-        if (!valid) {
-          for (const key of added)
-            cache42.delete(key);
-        }
-        yield { index, valid, additional: candidate.additional };
-      }
-    }
-    /**
-     * Export to JSON.
-     * @param base64  - Use base64 encoding instead of hex (default: `false`).
-     * @param compact - Omit whitespace (default: `true`).
-     */
-    toJSON(base6462 = false, compact = true) {
-      const convergeStr = base6462 ? bigIntToBase64(this.#converge, false) : bigIntToHex(this.#converge, false);
-      const hashStrs = this.#hashes.map((h) => base6462 ? hashToBase64(h) : hashToHex(h));
-      const obj = { converge: convergeStr, hashes: hashStrs };
-      return JSON.stringify(obj, null, compact ? 0 : 2);
-    }
-    /**
-     * Import from JSON.
-     * @param json   - JSON string.
-     * @param base64 - Parse base64 instead of hex (default: `false`).
-     */
-    static fromJSON(json, base6462 = false) {
-      const raw = JSON.parse(json);
-      if (typeof raw?.converge !== "string" || !Array.isArray(raw.hashes)) {
-        throw new RangeError("Invalid SMTProof JSON: expected { converge, hashes }");
-      }
-      const converge = base6462 ? base64ToBigInt(raw.converge, false) : hexToBigInt(raw.converge, false);
-      const hashes2 = raw.hashes.map((h) => base6462 ? base64ToHash(h) : hexToHash(h));
-      return new _SMTProof(converge, hashes2);
-    }
-    /**
-     * Export to compact binary format.
-     *
-     * Layout: `[convergeZeroCount : 1] [truncatedConverge : 32-zc] [hashCount : 1] [hashes : N*32]`
-     */
-    toBinary() {
-      const convergeBin = bigIntToHash(this.#converge);
-      let zc = 0;
-      while (zc < HASH_BYTE_LENGTH && convergeBin[zc] === 0)
-        zc++;
-      const truncated = convergeBin.slice(zc);
-      const hashCount = this.#hashes.length;
-      const totalBytes = 1 + truncated.length + 1 + hashCount * HASH_BYTE_LENGTH;
-      const out = new Uint8Array(totalBytes);
-      let pos = 0;
-      out[pos++] = zc;
-      out.set(truncated, pos);
-      pos += truncated.length;
-      out[pos++] = hashCount;
-      for (const h of this.#hashes) {
-        out.set(h, pos);
-        pos += HASH_BYTE_LENGTH;
-      }
-      return out;
-    }
-    /**
-     * Import from compact binary format.
-     * Accepts any sync or async byte iterable (e.g. `Uint8Array`, `ReadableStream`).
-     */
-    static async fromBinary(source) {
-      const iter = Symbol.iterator in source ? source[Symbol.iterator]() : source[Symbol.asyncIterator]();
-      async function readBytes(n2) {
-        const buf2 = new Uint8Array(n2);
-        for (let i42 = 0; i42 < n2; i42++) {
-          const r2 = await iter.next();
-          if (r2.done)
-            throw new Error("Unexpected end of binary source");
-          buf2[i42] = r2.value;
-        }
-        return buf2;
-      }
-      const zc = (await readBytes(1))[0];
-      const convergeBin = new Uint8Array(HASH_BYTE_LENGTH);
-      convergeBin.set(await readBytes(HASH_BYTE_LENGTH - zc), zc);
-      const hashCount = (await readBytes(1))[0];
-      const hashes2 = new Array(hashCount);
-      for (let i42 = 0; i42 < hashCount; i42++) {
-        hashes2[i42] = await readBytes(HASH_BYTE_LENGTH);
-      }
-      return new _SMTProof(hashToBigInt(convergeBin), hashes2);
-    }
-    #validate(index, candidateHash, rootHash, onMerge) {
-      let nodeIndex = index;
-      let nodeHash = candidateHash;
-      let remaining = this.#converge;
-      const hashes2 = this.#hashes;
-      let hi = 0;
-      const leftPad = [];
-      const rightPad = [];
-      const finalizePadding = () => {
-        if (leftPad.length > 0 || rightPad.length > 0) {
-          nodeHash = blockHash(new Uint8Array(leftPad), nodeHash, new Uint8Array(rightPad));
-          leftPad.length = 0;
-          rightPad.length = 0;
-        }
-      };
-      let state = ValidationState.Pending;
-      for (let i42 = 0; state === ValidationState.Pending && i42 < HASH_BIT_LENGTH; i42++) {
-        const isLeft = (nodeIndex & 1n) === 0n;
-        nodeIndex >>= 1n;
-        const bit = BITS[i42];
-        if ((remaining & bit) !== 0n) {
-          remaining ^= bit;
-          finalizePadding();
-          if (hi >= hashes2.length) {
-            state = ValidationState.Invalid;
-          } else {
-            const peer = hashes2[hi++];
-            nodeHash = isLeft ? blockHash(nodeHash, peer) : blockHash(peer, nodeHash);
-            if (onMerge !== void 0) {
-              state = onMerge(nodeIndex, {
-                hash: nodeHash,
-                converge: remaining,
-                hashes: hashes2.slice(hi)
-              });
-            }
-          }
-        } else {
-          const depth = HASH_BIT_LENGTH - i42 - 1;
-          if (isLeft) {
-            rightPad.push(depth);
-          } else {
-            leftPad.unshift(depth);
-          }
-        }
-      }
-      finalizePadding();
-      if (state === ValidationState.Pending) {
-        state = hi === hashes2.length && hashesEqual(nodeHash, rootHash) ? ValidationState.Valid : ValidationState.Invalid;
-      }
-      return state === ValidationState.Valid;
-    }
-  };
   init_shim2();
-  var OptimizedSMT = class _OptimizedSMT {
-    /** `2^256` — sentinel bit above the key space. Used by batch validation. */
-    static OUTER_BIT = OUTER_BIT;
-    /** Pre-computed MSB-first bit masks for tree traversal. */
-    static BITS = BITS;
-    #allowNonInclusion;
-    #root = null;
-    #rootHash = null;
-    #proofs = /* @__PURE__ */ new Map();
-    constructor(allowNonInclusion) {
-      this.#allowNonInclusion = allowNonInclusion;
-    }
-    get allowNonInclusion() {
-      return this.#allowNonInclusion;
+  init_shim2();
+  var TREE_DEPTH = HASH_BIT_LENGTH;
+  function bitAt(index, position) {
+    return Number(index >> BigInt(position) & 1n);
+  }
+  var CACHED_ZERO = (() => {
+    const arr = new Array(TREE_DEPTH + 1);
+    let z = new Uint8Array(HASH_BYTE_LENGTH);
+    for (let h = 0; h <= TREE_DEPTH; h++) {
+      z = blockHash(z, z);
+      arr[h] = z;
     }
-    /** Root hash. Throws if tree has not been finalized. */
-    get rootHash() {
-      if (this.#rootHash === null)
-        throw new RangeError("SMT not finalized");
-      return this.#rootHash;
-    }
-    // -----------------------------------------------------------------------
-    // Build phase
-    // -----------------------------------------------------------------------
-    /**
-     * Add leaf indexes to the tree.
-     * May be called multiple times before finalization. Duplicate indexes throw.
-     */
-    add(indexes) {
-      this.#checkNotFinalized();
-      for (const index of indexes) {
-        if (index < 0n || index >= _OptimizedSMT.OUTER_BIT) {
-          throw new RangeError("Index out of range");
-        }
-        const leaf = new LeafNode(index, HASH_BIT_LENGTH);
-        if (this.#root === null) {
-          this.#root = leaf;
+    return arr;
+  })();
+  function subtreeHash(leaves, height) {
+    if (leaves.length === 0)
+      return CACHED_ZERO[height];
+    if (height === 0)
+      return leaves[0].leaf;
+    const bit = TREE_DEPTH - height;
+    const left = [];
+    const right = [];
+    for (const e2 of leaves)
+      (bitAt(e2.index, bit) === 0 ? left : right).push(e2);
+    return blockHash(subtreeHash(left, height - 1), subtreeHash(right, height - 1));
+  }
+  function zeroHashRoot(leaves) {
+    return subtreeHash(leaves, TREE_DEPTH);
+  }
+  function generateZeroHashProof(leaves, targetIndex) {
+    let collapsed = 0n;
+    const hashes2 = [];
+    for (let height = 1; height <= TREE_DEPTH; height++) {
+      const bit = TREE_DEPTH - height;
+      const siblingLeaves = [];
+      for (const e2 of leaves) {
+        if (e2.index === targetIndex)
           continue;
-        }
-        let replaceNode = (node2) => {
-          this.#root = node2;
-        };
-        let node = this.#root;
-        let commonIndex = 0n;
-        let commonDepth = 0;
-        let done = false;
-        while (!done) {
-          const bit = BITS[commonDepth];
-          const indexBit = index & bit;
-          const isLeft = indexBit === 0n;
-          if (commonDepth === node.depth) {
-            if (node instanceof ParentNode) {
-              const parent = node;
-              if (isLeft) {
-                node = parent.left;
-                replaceNode = (n2) => {
-                  parent.left = n2;
-                };
-              } else {
-                node = parent.right;
-                replaceNode = (n2) => {
-                  parent.right = n2;
-                };
-              }
-            } else {
-              throw new RangeError("Duplicate index");
-            }
-          } else if ((node.index & bit) === indexBit) {
-            commonIndex |= indexBit;
-            commonDepth++;
-          } else {
-            replaceNode(new ParentNode(commonIndex, commonDepth, isLeft ? leaf : node, isLeft ? node : leaf));
-            done = true;
+        let sharesLowerPath = true;
+        for (let lower = 0; lower < bit; lower++) {
+          if (bitAt(e2.index, lower) !== bitAt(targetIndex, lower)) {
+            sharesLowerPath = false;
+            break;
           }
         }
+        if (sharesLowerPath && bitAt(e2.index, bit) !== bitAt(targetIndex, bit))
+          siblingLeaves.push(e2);
       }
-    }
-    /**
-     * Set the hash for a leaf at the given index.
-     * The index must have been previously added via {@link add}.
-     * Each leaf's hash can only be set once (until {@link reset}).
-     */
-    setHash(index, hash32) {
-      this.#checkNotFinalized();
-      validateHash(hash32);
-      let node = this.#root;
-      if (node === null)
-        throw new RangeError("Empty SMT");
-      while (node instanceof ParentNode) {
-        node = (index & BITS[node.depth]) === 0n ? node.left : node.right;
-      }
-      if (node.index !== index)
-        throw new RangeError("Index not found");
-      node.hash = hash32;
-    }
-    // -----------------------------------------------------------------------
-    // Finalize phase
-    // -----------------------------------------------------------------------
-    /**
-     * Compute root hash and generate all proofs in a single recursive pass.
-     * Must be called after all hashes are set.
-     */
-    finalize() {
-      if (this.#root === null) {
-        this.#rootHash = NULL_HASH;
-        return;
+      if (siblingLeaves.length === 0) {
+        collapsed |= 1n << BigInt(bit);
+      } else {
+        hashes2.push(subtreeHash(siblingLeaves, height - 1));
       }
-      const result = this.#finalizeStep(this.#root, 0n, 0);
-      this.#rootHash = result.hash;
-      result.saveProofs([]);
-    }
-    /** Retrieve the proof for an index. Only valid after {@link finalize}. */
-    proof(index) {
-      const p2 = this.#proofs.get(index);
-      if (p2 === void 0)
-        throw new RangeError("Proof not found");
-      return p2;
     }
-    /** Clear hashes and proofs, keeping the tree structure for reuse. */
-    reset() {
-      this.#root?.reset();
-      this.#rootHash = null;
-      this.#proofs.clear();
-    }
-    /**
-     * Check if the SMT has not been finalized yet.
-     * @throws {Error} If the SMT has already been finalized.
-     */
-    #checkNotFinalized() {
-      if (this.#rootHash !== null)
-        throw new Error("SMT already finalized");
-    }
-    /**
-     * Perform a single step of finalization on the given node.
-     * @param {Node} node The node to finalize.
-     * @param {bigint} parentConverge The convergence value from the parent node.
-     * @param {number} depth The current depth in the tree.
-     * @returns {FinalizeStepResult} The result of the finalization step.
-     */
-    #finalizeStep(node, parentConverge, depth) {
-      const converge = parentConverge | BITS[HASH_BIT_LENGTH - depth];
-      let hash32;
-      let saveProofs;
-      if (node instanceof ParentNode) {
-        const childDepth = node.depth + 1;
-        const leftResult = this.#finalizeStep(node.left, converge, childDepth);
-        const rightResult = this.#finalizeStep(node.right, converge, childDepth);
-        hash32 = blockHash(leftResult.hash, rightResult.hash);
-        saveProofs = (hashes2) => {
-          const leftHashes = hashes2;
-          const rightHashes = hashes2.slice();
-          leftHashes.unshift(rightResult.hash);
-          rightHashes.unshift(leftResult.hash);
-          leftResult.saveProofs(leftHashes);
-          rightResult.saveProofs(rightHashes);
-        };
+    return { collapsed, hashes: hashes2 };
+  }
+  function verifyZeroHash(collapsed, hashes2, index, candidate, root) {
+    let acc = candidate;
+    let hashPtr = 0;
+    for (let n2 = 0; n2 < TREE_DEPTH; n2++) {
+      const i42 = TREE_DEPTH - 1 - n2;
+      let sibling;
+      if ((collapsed >> BigInt(i42) & 1n) === 1n) {
+        sibling = CACHED_ZERO[n2];
       } else {
-        if (node.hash === null) {
-          if (!this.#allowNonInclusion)
-            throw new RangeError("Hash missing");
-          node.hash = NULL_HASH;
-        }
-        hash32 = node.hash;
-        saveProofs = (hashes2) => {
-          this.#proofs.set(node.index, new SMTProof(converge, hashes2));
-        };
-      }
-      if (node.depth !== depth) {
-        const leftPad = [];
-        const rightPad = [];
-        for (let i42 = node.depth - 1; i42 >= depth; i42--) {
-          if ((node.index & BITS[i42]) === 0n) {
-            rightPad.push(i42);
-          } else {
-            leftPad.unshift(i42);
-          }
-        }
-        hash32 = blockHash(new Uint8Array(leftPad), hash32, new Uint8Array(rightPad));
+        if (hashPtr >= hashes2.length)
+          return false;
+        sibling = hashes2[hashPtr++];
       }
-      return { hash: hash32, saveProofs };
+      acc = bitAt(index, i42) === 1 ? blockHash(sibling, acc) : blockHash(acc, sibling);
     }
-  };
+    return hashPtr === hashes2.length && hashesEqual(acc, root);
+  }
   init_shim2();
   var encoder = new TextEncoder();
   function didToIndex(did) {
@@ -112768,49 +112329,51 @@ a=end-of-candidates
     return blockHash(blockHash(nonce));
   }
   init_shim2();
-  function serializeProof(proof, rootHash, options2) {
+  function serializeProof(rootHash, proof, options2) {
     const result = {
-      id: hashToHex(rootHash),
-      collapsed: bigIntToHex(proof.converge, false),
-      hashes: proof.hashes.map((h) => hashToHex(h))
+      id: hashToBase64Url(rootHash),
+      collapsed: hashToBase64Url(bigIntToHash(proof.collapsed)),
+      hashes: proof.hashes.map((h) => hashToBase64Url(h))
     };
     if (options2?.nonce)
-      result.nonce = hashToHex(options2.nonce);
+      result.nonce = hashToBase64Url(options2.nonce);
     if (options2?.updateId)
-      result.updateId = hashToHex(options2.updateId);
+      result.updateId = hashToBase64Url(options2.updateId);
     return result;
   }
   function deserializeProof(serialized) {
-    const converge = hexToBigInt(serialized.collapsed, false);
-    const hashes2 = serialized.hashes.map((h) => hexToHash(h));
     const result = {
-      proof: new SMTProof(converge, hashes2),
-      rootHash: hexToHash(serialized.id)
+      rootHash: base64UrlToHash(serialized.id),
+      collapsed: hashToBigInt(base64UrlToHash(serialized.collapsed)),
+      hashes: serialized.hashes.map((h) => base64UrlToHash(h))
     };
     if (serialized.nonce)
-      result.nonce = hexToHash(serialized.nonce);
+      result.nonce = base64UrlToHash(serialized.nonce);
     if (serialized.updateId)
-      result.updateId = hexToHash(serialized.updateId);
+      result.updateId = base64UrlToHash(serialized.updateId);
     return result;
   }
   function verifySerializedProof(serialized, index, candidateHash) {
-    const { proof, rootHash } = deserializeProof(serialized);
-    return proof.isValid(index, candidateHash, rootHash);
+    const { rootHash, collapsed, hashes: hashes2 } = deserializeProof(serialized);
+    return verifyZeroHash(collapsed, hashes2, index, candidateHash, rootHash);
   }
   init_shim2();
   var BTCR2MerkleTree = class {
-    #smt;
     #entries = /* @__PURE__ */ new Map();
     #indexByDid = /* @__PURE__ */ new Map();
-    constructor(allowNonInclusion = true) {
-      this.#smt = new OptimizedSMT(allowNonInclusion);
+    #leaves = null;
+    #root = null;
+    /**
+     * @param _allowNonInclusion Retained for API compatibility; non-inclusion
+     *   leaves are always supported (an entry without `signedUpdate`).
+     */
+    constructor(_allowNonInclusion = true) {
     }
     /**
      * Add entries to the tree. May be called multiple times before
      * {@link finalize}. Duplicate DIDs (same index) throw.
      */
     addEntries(entries) {
-      const indexes = [];
       for (const entry of entries) {
         const index = didToIndex(entry.did);
         if (this.#entries.has(index)) {
@@ -112818,24 +112381,28 @@ a=end-of-candidates
         }
         this.#entries.set(index, entry);
         this.#indexByDid.set(entry.did, index);
-        indexes.push(index);
       }
-      this.#smt.add(indexes);
+      this.#leaves = null;
+      this.#root = null;
     }
     /**
-     * Compute leaf hashes and finalize the tree.
+     * Compute leaf hashes and the zero-hash root.
      * After this call, {@link rootHash} and {@link proof} become available.
      */
     finalize() {
+      const leaves = [];
       for (const [index, entry] of this.#entries) {
-        const leafHash = entry.signedUpdate !== void 0 ? inclusionLeafHash(entry.nonce, entry.signedUpdate) : nonInclusionLeafHash(entry.nonce);
-        this.#smt.setHash(index, leafHash);
+        const leaf = entry.signedUpdate !== void 0 ? inclusionLeafHash(entry.nonce, entry.signedUpdate) : nonInclusionLeafHash(entry.nonce);
+        leaves.push({ index, leaf });
       }
-      this.#smt.finalize();
+      this.#leaves = leaves;
+      this.#root = zeroHashRoot(leaves);
     }
     /** Root hash of the finalized tree. Throws if not finalized. */
     get rootHash() {
-      return this.#smt.rootHash;
+      if (this.#root === null)
+        throw new Error("Tree not finalized: call finalize() first");
+      return this.#root;
     }
     /**
      * Get the did:btcr2 serialized proof for a DID.
@@ -112845,14 +112412,18 @@ a=end-of-candidates
       const index = this.#indexByDid.get(did);
       if (index === void 0)
         throw new RangeError(`DID not in tree: ${did}`);
+      if (this.#leaves === null || this.#root === null) {
+        throw new Error("Tree not finalized: call finalize() first");
+      }
       const entry = this.#entries.get(index);
-      const smtProof = this.#smt.proof(index);
+      const proof = generateZeroHashProof(this.#leaves, index);
       const updateId = entry.signedUpdate !== void 0 ? blockHash(entry.signedUpdate) : void 0;
-      return serializeProof(smtProof, this.#smt.rootHash, { nonce: entry.nonce, updateId });
+      return serializeProof(this.#root, proof, { nonce: entry.nonce, updateId });
     }
-    /** Clear hashes and proofs, keeping tree structure. Entries are preserved. */
+    /** Clear computed leaves and root, keeping entries. */
     reset() {
-      this.#smt.reset();
+      this.#leaves = null;
+      this.#root = null;
     }
   };
   var CAS_STRATEGY = {
@@ -112885,12 +112456,12 @@ a=end-of-candidates
       const smtProof = body.smtProof;
       if (!smtProof?.updateId || !smtProof?.nonce) return { matches: false };
       const canonicalBytes = new TextEncoder().encode(canonicalize2(submittedUpdate));
-      const expectedUpdateId = hashToHex(blockHash(canonicalBytes));
+      const expectedUpdateId = hashToBase64Url(blockHash(canonicalBytes));
       if (smtProof.updateId !== expectedUpdateId) {
         return { matches: false, smtProof };
       }
       const index = didToIndex(participantDid);
-      const candidateHash = blockHash(blockHash(hexToHash(smtProof.nonce)), hexToHash(smtProof.updateId));
+      const candidateHash = blockHash(blockHash(base64UrlToHash(smtProof.nonce)), base64UrlToHash(smtProof.updateId));
       return {
         matches: verifySerializedProof(smtProof, index, candidateHash),
         smtProof
@@ -117166,8 +116737,8 @@ a=end-of-candidates
     let iv = Uint8Array.from(randomBytes2(16));
     let plaintext = utf8Encoder.encode(text);
     let ciphertext = cbc(normalizedKey, iv).encrypt(plaintext);
-    let ctb64 = base642.encode(new Uint8Array(ciphertext));
-    let ivb64 = base642.encode(new Uint8Array(iv.buffer));
+    let ctb64 = base64.encode(new Uint8Array(ciphertext));
+    let ivb64 = base64.encode(new Uint8Array(iv.buffer));
     return `${ctb64}?iv=${ivb64}`;
   }
   function decrypt2(secretKey, pubkey, data) {
@@ -117175,8 +116746,8 @@ a=end-of-candidates
     let [ctb64, ivb64] = data.split("?iv=");
     let key = secp256k1.getSharedSecret(privkey, hexToBytes2("02" + pubkey));
     let normalizedKey = getNormalizedX(key);
-    let iv = base642.decode(ivb64);
-    let ciphertext = base642.decode(ctb64);
+    let iv = base64.decode(ivb64);
+    let ciphertext = base64.decode(ctb64);
     let plaintext = cbc(normalizedKey, iv).decrypt(ciphertext);
     return utf8Decoder.decode(plaintext);
   }
@@ -117496,7 +117067,7 @@ a=end-of-candidates
       throw new Error("unknown encryption version");
     let data;
     try {
-      data = base642.decode(payload);
+      data = base64.decode(payload);
     } catch (error) {
       throw new Error("invalid base64: " + error.message);
     }
@@ -117517,7 +117088,7 @@ a=end-of-candidates
     const padded = pad(plaintext);
     const ciphertext = chacha20(chacha_key, chacha_nonce, padded);
     const mac = hmacAad(hmac_key, ciphertext, nonce);
-    return base642.encode(concatBytes2(new Uint8Array([2]), nonce, ciphertext, mac));
+    return base64.encode(concatBytes2(new Uint8Array([2]), nonce, ciphertext, mac));
   }
   function decrypt22(payload, conversationKey) {
     const { nonce, ciphertext, mac } = decodePayload(payload);
@@ -118792,7 +118363,7 @@ a=end-of-candidates
     }
     const signedEvent = await sign(event);
     const authorizationScheme = includeAuthorizationScheme ? _authorizationScheme : "";
-    return authorizationScheme + base642.encode(utf8Encoder.encode(JSON.stringify(signedEvent)));
+    return authorizationScheme + base64.encode(utf8Encoder.encode(JSON.stringify(signedEvent)));
   }
   async function validateToken(token, url, method) {
     const event = await unpackEventFromToken(token).catch((error) => {
@@ -118808,7 +118379,7 @@ a=end-of-candidates
       throw new Error("Missing token");
     }
     token = token.replace(_authorizationScheme, "");
-    const eventB64 = utf8Decoder.decode(base642.decode(token));
+    const eventB64 = utf8Decoder.decode(base64.decode(token));
     if (!eventB64 || eventB64.length === 0 || !eventB64.startsWith("{")) {
       throw new Error("Invalid token");
     }
@@ -118958,6 +118529,9 @@ a=end-of-candidates
   }
   var DEFAULT_BROADCAST_LOOKBACK_MS = 5 * 60 * 1e3;
   init_shim2();
+  init_utils();
+  init_shim2();
+  init_shim2();
   init_shim2();
   init_shim2();
   init_shim2();
@@ -119080,7 +118654,7 @@ a=end-of-candidates
     tx.finalize();
     return tx.hex;
   }
-  var Beacon = class {
+  var SinglePartyBeacon = class {
     /**
      * The Beacon service configuration parsed from the DID Document.
      */
@@ -119215,7 +118789,7 @@ a=end-of-candidates
     }
   };
   init_shim2();
-  var CASBeacon = class extends Beacon {
+  var CASBeacon = class extends SinglePartyBeacon {
     /**
      * Creates an instance of CASBeacon.
      * @param {BeaconService} service The service of the Beacon.
@@ -119275,7 +118849,7 @@ a=end-of-candidates
      * Creates a CAS Announcement mapping the DID to the update hash, broadcasts the hash of the
      * announcement via OP_RETURN, and optionally publishes the announcement off-chain via the
      * supplied `casPublish` callback. UTXO selection, PSBT construction, fee estimation, signing,
-     * and broadcast are delegated to {@link Beacon.buildSignAndBroadcast}.
+     * and broadcast are delegated to {@link SinglePartyBeacon.buildSignAndBroadcast}.
      *
      * @param {SignedBTCR2Update} signedUpdate The signed BTCR2 update to broadcast.
      * @param {Signer} signer Signer that produces the ECDSA signature for the Bitcoin transaction.
@@ -119299,7 +118873,7 @@ a=end-of-candidates
   };
   init_shim2();
   init_shim2();
-  var SingletonBeacon = class extends Beacon {
+  var SingletonBeacon = class extends SinglePartyBeacon {
     /**
      * Creates an instance of SingletonBeacon.
      * @param {BeaconService} service The BeaconService object representing the funded beacon to announce the update to.
@@ -119336,7 +118910,7 @@ a=end-of-candidates
      *
      * The signal bytes embedded in OP_RETURN are the SHA-256 canonical hash of the signed update.
      * UTXO selection, PSBT construction, fee estimation, signing, and broadcast are delegated to
-     * {@link Beacon.buildSignAndBroadcast}.
+     * {@link SinglePartyBeacon.buildSignAndBroadcast}.
      *
      * @param {SignedBTCR2Update} signedUpdate The signed BTCR2 update to broadcast.
      * @param {Signer} signer Signer that produces the ECDSA signature for the Bitcoin transaction.
@@ -119353,7 +118927,7 @@ a=end-of-candidates
   };
   init_shim2();
   init_utils();
-  var SMTBeacon = class extends Beacon {
+  var SMTBeacon = class extends SinglePartyBeacon {
     /**
      * Creates an instance of SMTBeacon.
      * @param {BeaconService} service The Beacon service.
@@ -119388,9 +118962,6 @@ a=end-of-candidates
           });
           continue;
         }
-        if (!smtProof.updateId) {
-          continue;
-        }
         if (!smtProof.nonce) {
           throw new SMTBeaconError(
             "SMT proof missing required nonce field.",
@@ -119399,7 +118970,8 @@ a=end-of-candidates
           );
         }
         const index = didToIndex(did);
-        const candidateHash = blockHash(blockHash(hexToHash(smtProof.nonce)), hexToHash(smtProof.updateId));
+        const nonceHash2 = base64UrlToHash(smtProof.nonce);
+        const candidateHash = smtProof.updateId ? blockHash(blockHash(nonceHash2), base64UrlToHash(smtProof.updateId)) : blockHash(blockHash(nonceHash2));
         const valid = verifySerializedProof(smtProof, index, candidateHash);
         if (!valid) {
           throw new SMTBeaconError(
@@ -119408,11 +118980,15 @@ a=end-of-candidates
             { smtProof, did }
           );
         }
-        const signedUpdate = sidecar.updateMap.get(smtProof.updateId);
+        if (!smtProof.updateId) {
+          continue;
+        }
+        const updateHashHex = hashToHex(base64UrlToHash(smtProof.updateId));
+        const signedUpdate = sidecar.updateMap.get(updateHashHex);
         if (!signedUpdate) {
           needs.push({
             kind: "NeedSignedUpdate",
-            updateHash: smtProof.updateId,
+            updateHash: updateHashHex,
             beaconServiceId: this.service.id
           });
           continue;
@@ -119427,7 +119003,7 @@ a=end-of-candidates
      * Builds a single-entry Sparse Merkle Tree from the signed update, then broadcasts the tree's
      * root hash via OP_RETURN. For multi-party aggregation, use the {@link AggregationService}
      * subsystem directly instead of this method. UTXO selection, PSBT construction, fee estimation,
-     * signing, and broadcast are delegated to {@link Beacon.buildSignAndBroadcast}.
+     * signing, and broadcast are delegated to {@link SinglePartyBeacon.buildSignAndBroadcast}.
      *
      * @param {SignedBTCR2Update} signedUpdate The signed BTCR2 update to broadcast.
      * @param {Signer} signer Signer that produces the ECDSA signature for the Bitcoin transaction.
@@ -119451,7 +119027,7 @@ a=end-of-candidates
     /**
      * Establish a Beacon instance based on the provided service and optional sidecar data.
      * @param {BeaconService} service The beacon service configuration.
-     * @returns {Beacon} The established Beacon instance.
+     * @returns {SinglePartyBeacon} The established Beacon instance.
      */
     static establish(service) {
       switch (service.type) {
@@ -135168,7 +134744,7 @@ a=end-of-candidates
       const smtMap = /* @__PURE__ */ new Map();
       if (sidecar.smtProofs?.length)
         for (const proof of sidecar.smtProofs) {
-          smtMap.set(proof.id, proof);
+          smtMap.set(encode(decode(proof.id, "base64urlnopad"), "hex"), proof);
         }
       return { updateMap, casMap, smtMap };
     }
@@ -135456,11 +135032,12 @@ a=end-of-candidates
         case "NeedSMTProof": {
           const smtNeed = need;
           const proof = data;
-          if (proof.id !== smtNeed.smtRootHash) {
+          const proofIdHex = encode(decode(proof.id, "base64urlnopad"), "hex");
+          if (proofIdHex !== smtNeed.smtRootHash) {
             throw new ResolveError(
-              `SMT proof root hash mismatch: expected ${smtNeed.smtRootHash}, got ${proof.id}`,
+              `SMT proof root hash mismatch: expected ${smtNeed.smtRootHash}, got ${proofIdHex}`,
               INVALID_DID_UPDATE,
-              { expected: smtNeed.smtRootHash, actual: proof.id }
+              { expected: smtNeed.smtRootHash, actual: proofIdHex }
             );
           }
           this.#sidecarData.smtMap.set(smtNeed.smtRootHash, proof);
@@ -136097,7 +135674,7 @@ a=end-of-candidates
       res.push(2 ** i5);
     return res;
   })();
-  function convertRadix23(data, from14, to, padding3) {
+  function convertRadix23(data, from14, to, padding2) {
     aArr3(data);
     if (from14 <= 0 || from14 > 32)
       throw new Error(`convertRadix2: wrong from=${from14}`);
@@ -136127,11 +135704,11 @@ a=end-of-candidates
       carry &= pow4 - 1;
     }
     carry = carry << to - pos & mask;
-    if (!padding3 && pos >= from14)
+    if (!padding2 && pos >= from14)
       throw new Error("Excess padding");
-    if (!padding3 && carry > 0)
+    if (!padding2 && carry > 0)
       throw new Error(`Non-zero padding: ${carry}`);
-    if (padding3 && pos > 0)
+    if (padding2 && pos > 0)
       res.push(carry >>> 0);
     return res;
   }
@@ -146728,7 +146305,7 @@ a=end-of-candidates
 
   // ../../node_modules/.pnpm/multiformats@13.1.0/node_modules/multiformats/dist/src/bases/base64.js
   init_shim();
-  var base646 = rfc46485({
+  var base642 = rfc46485({
     prefix: "m",
     name: "base64",
     alphabet: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
@@ -158712,7 +158289,7 @@ a=end-of-candidates
   };
 
   // ../../node_modules/.pnpm/multiformats@12.1.3/node_modules/multiformats/src/bases/base64.js
-  var base647 = rfc46486({
+  var base646 = rfc46486({
     prefix: "m",
     name: "base64",
     alphabet: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",