@mysten/sui 2.16.3 → 2.18.0

package/dist/version.mjs

@@ -1,5 +1,5 @@
 //#region src/version.ts
-const PACKAGE_VERSION = "2.16.3";
+const PACKAGE_VERSION = "2.18.0";
 
 //#endregion
 export { PACKAGE_VERSION };

package/dist/version.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"version.mjs","names":[],"sources":["../src/version.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '2.16.3';\n"],"mappings":";AAKA,MAAa,kBAAkB"}
+{"version":3,"file":"version.mjs","names":[],"sources":["../src/version.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '2.18.0';\n"],"mappings":";AAKA,MAAa,kBAAkB"}

package/dist/zklogin/jwt-utils.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"jwt-utils.d.mts","names":[],"sources":["../../src/zklogin/jwt-utils.ts"],"mappings":";;;iBAsHgB,SAAA,CAAU,GAAA,WAAc,IAAA,CAAK,UAAA;EAC5C,GAAA;EACA,GAAA;EACA,GAAA;EACA,MAAA;AAAA"}
+{"version":3,"file":"jwt-utils.d.mts","names":[],"sources":["../../src/zklogin/jwt-utils.ts"],"mappings":";;;iBAyHgB,SAAA,CAAU,GAAA,WAAc,IAAA,CAAK,UAAA;EAC5C,GAAA;EACA,GAAA;EACA,GAAA;EACA,MAAA;AAAA"}

package/dist/zklogin/jwt-utils.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"jwt-utils.mjs","names":["i"],"sources":["../../src/zklogin/jwt-utils.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { JwtPayload } from './jwt-decode.js';\nimport { jwtDecode } from './jwt-decode.js';\nimport { normalizeZkLoginIssuer } from './utils.js';\n\nfunction base64UrlCharTo6Bits(base64UrlChar: string): number[] {\n\tif (base64UrlChar.length !== 1) {\n\t\tthrow new Error('Invalid base64Url character: ' + base64UrlChar);\n\t}\n\n\t// Define the base64URL character set\n\tconst base64UrlCharacterSet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';\n\n\t// Find the index of the input character in the base64URL character set\n\tconst index = base64UrlCharacterSet.indexOf(base64UrlChar);\n\n\tif (index === -1) {\n\t\tthrow new Error('Invalid base64Url character: ' + base64UrlChar);\n\t}\n\n\t// Convert the index to a 6-bit binary string\n\tconst binaryString = index.toString(2).padStart(6, '0');\n\n\t// Convert the binary string to an array of bits\n\tconst bits = Array.from(binaryString).map(Number);\n\n\treturn bits;\n}\n\nfunction base64UrlStringToBitVector(base64UrlString: string) {\n\tlet bitVector: number[] = [];\n\tfor (let i = 0; i < base64UrlString.length; i++) {\n\t\tconst base64UrlChar = base64UrlString.charAt(i);\n\t\tconst bits = base64UrlCharTo6Bits(base64UrlChar);\n\t\tbitVector = bitVector.concat(bits);\n\t}\n\treturn bitVector;\n}\n\nfunction decodeBase64URL(s: string, i: number): string {\n\tif (s.length < 2) {\n\t\tthrow new Error(`Input (s = ${s}) is not tightly packed because s.length < 2`);\n\t}\n\tlet bits = base64UrlStringToBitVector(s);\n\n\tconst firstCharOffset = i % 4;\n\tif (firstCharOffset === 0) {\n\t\t// skip\n\t} else if (firstCharOffset === 1) {\n\t\tbits = bits.slice(2);\n\t} else if (firstCharOffset === 2) {\n\t\tbits = bits.slice(4);\n\t} else {\n\t\t// (offset == 3)\n\t\tthrow new Error(`Input (s = ${s}) is not tightly packed because i%4 = 3 (i = ${i}))`);\n\t}\n\n\tconst lastCharOffset = (i + s.length - 1) % 4;\n\tif (lastCharOffset === 3) {\n\t\t// skip\n\t} else if (lastCharOffset === 2) {\n\t\tbits = bits.slice(0, bits.length - 2);\n\t} else if (lastCharOffset === 1) {\n\t\tbits = bits.slice(0, bits.length - 4);\n\t} else {\n\t\t// (offset == 0)\n\t\tthrow new Error(\n\t\t\t`Input (s = ${s}) is not tightly packed because (i + s.length - 1)%4 = 0 (i = ${i}))`,\n\t\t);\n\t}\n\n\tif (bits.length % 8 !== 0) {\n\t\tthrow new Error(`We should never reach here...`);\n\t}\n\n\tconst bytes = new Uint8Array(Math.floor(bits.length / 8));\n\tlet currentByteIndex = 0;\n\tfor (let i = 0; i < bits.length; i += 8) {\n\t\tconst bitChunk = bits.slice(i, i + 8);\n\n\t\t// Convert the 8-bit chunk to a byte and add it to the bytes array\n\t\tconst byte = parseInt(bitChunk.join(''), 2);\n\t\tbytes[currentByteIndex++] = byte;\n\t}\n\treturn new TextDecoder().decode(bytes);\n}\n\nfunction verifyExtendedClaim(claim: string) {\n\t// Last character of each extracted_claim must be '}' or ','\n\tif (!(claim.slice(-1) === '}' || claim.slice(-1) === ',')) {\n\t\tthrow new Error('Invalid claim');\n\t}\n\n\t// A hack to parse the JSON key-value pair.. but it should work\n\tconst json = JSON.parse('{' + claim.slice(0, -1) + '}');\n\tif (Object.keys(json).length !== 1) {\n\t\tthrow new Error('Invalid claim');\n\t}\n\tconst key = Object.keys(json)[0];\n\treturn [key, json[key]];\n}\n\nexport type Claim = {\n\tvalue: string;\n\tindexMod4: number;\n};\n\nexport function extractClaimValue<R>(claim: Claim, claimName: string): R {\n\tconst extendedClaim = decodeBase64URL(claim.value, claim.indexMod4);\n\tconst [name, value] = verifyExtendedClaim(extendedClaim);\n\tif (name !== claimName) {\n\t\tthrow new Error(`Invalid field name: found ${name} expected ${claimName}`);\n\t}\n\treturn value;\n}\n\nexport function decodeJwt(jwt: string): Omit<JwtPayload, 'iss' | 'aud' | 'sub'> & {\n\tiss: string;\n\taud: string;\n\tsub: string;\n\trawIss: string;\n} {\n\tconst { iss, aud, sub, ...decodedJWT } = jwtDecode(jwt);\n\n\tif (!sub || !iss || !aud) {\n\t\tthrow new Error('Missing jwt data');\n\t}\n\n\tif (Array.isArray(aud)) {\n\t\tthrow new Error('Not supported aud. Aud is an array, string was expected.');\n\t}\n\n\treturn {\n\t\t...decodedJWT,\n\t\tiss: normalizeZkLoginIssuer(iss),\n\t\trawIss: iss,\n\t\taud,\n\t\tsub,\n\t};\n}\n"],"mappings":";;;;AAOA,SAAS,qBAAqB,eAAiC;AAC9D,KAAI,cAAc,WAAW,EAC5B,OAAM,IAAI,MAAM,kCAAkC,cAAc;CAOjE,MAAM,QAHwB,mEAGM,QAAQ,cAAc;AAE1D,KAAI,UAAU,GACb,OAAM,IAAI,MAAM,kCAAkC,cAAc;CAIjE,MAAM,eAAe,MAAM,SAAS,EAAE,CAAC,SAAS,GAAG,IAAI;AAKvD,QAFa,MAAM,KAAK,aAAa,CAAC,IAAI,OAAO;;AAKlD,SAAS,2BAA2B,iBAAyB;CAC5D,IAAI,YAAsB,EAAE;AAC5B,MAAK,IAAI,IAAI,GAAG,IAAI,gBAAgB,QAAQ,KAAK;EAEhD,MAAM,OAAO,qBADS,gBAAgB,OAAO,EAAE,CACC;AAChD,cAAY,UAAU,OAAO,KAAK;;AAEnC,QAAO;;AAGR,SAAS,gBAAgB,GAAW,GAAmB;AACtD,KAAI,EAAE,SAAS,EACd,OAAM,IAAI,MAAM,cAAc,EAAE,8CAA8C;CAE/E,IAAI,OAAO,2BAA2B,EAAE;CAExC,MAAM,kBAAkB,IAAI;AAC5B,KAAI,oBAAoB,GAAG,YAEhB,oBAAoB,EAC9B,QAAO,KAAK,MAAM,EAAE;UACV,oBAAoB,EAC9B,QAAO,KAAK,MAAM,EAAE;KAGpB,OAAM,IAAI,MAAM,cAAc,EAAE,+CAA+C,EAAE,IAAI;CAGtF,MAAM,kBAAkB,IAAI,EAAE,SAAS,KAAK;AAC5C,KAAI,mBAAmB,GAAG,YAEf,mBAAmB,EAC7B,QAAO,KAAK,MAAM,GAAG,KAAK,SAAS,EAAE;UAC3B,mBAAmB,EAC7B,QAAO,KAAK,MAAM,GAAG,KAAK,SAAS,EAAE;KAGrC,OAAM,IAAI,MACT,cAAc,EAAE,gEAAgE,EAAE,IAClF;AAGF,KAAI,KAAK,SAAS,MAAM,EACvB,OAAM,IAAI,MAAM,gCAAgC;CAGjD,MAAM,QAAQ,IAAI,WAAW,KAAK,MAAM,KAAK,SAAS,EAAE,CAAC;CACzD,IAAI,mBAAmB;AACvB,MAAK,IAAIA,MAAI,GAAGA,MAAI,KAAK,QAAQ,OAAK,GAAG;EACxC,MAAM,WAAW,KAAK,MAAMA,KAAGA,MAAI,EAAE;EAGrC,MAAM,OAAO,SAAS,SAAS,KAAK,GAAG,EAAE,EAAE;AAC3C,QAAM,sBAAsB;;AAE7B,QAAO,IAAI,aAAa,CAAC,OAAO,MAAM;;AAGvC,SAAS,oBAAoB,OAAe;AAE3C,KAAI,EAAE,MAAM,MAAM,GAAG,KAAK,OAAO,MAAM,MAAM,GAAG,KAAK,KACpD,OAAM,IAAI,MAAM,gBAAgB;CAIjC,MAAM,OAAO,KAAK,MAAM,MAAM,MAAM,MAAM,GAAG,GAAG,GAAG,IAAI;AACvD,KAAI,OAAO,KAAK,KAAK,CAAC,WAAW,EAChC,OAAM,IAAI,MAAM,gBAAgB;CAEjC,MAAM,MAAM,OAAO,KAAK,KAAK,CAAC;AAC9B,QAAO,CAAC,KAAK,KAAK,KAAK;;AAQxB,SAAgB,kBAAqB,OAAc,WAAsB;CAExE,MAAM,CAAC,MAAM,SAAS,oBADA,gBAAgB,MAAM,OAAO,MAAM,UAAU,CACX;AACxD,KAAI,SAAS,UACZ,OAAM,IAAI,MAAM,6BAA6B,KAAK,YAAY,YAAY;AAE3E,QAAO;;AAGR,SAAgB,UAAU,KAKxB;CACD,MAAM,EAAE,KAAK,KAAK,KAAK,GAAG,eAAe,UAAU,IAAI;AAEvD,KAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IACpB,OAAM,IAAI,MAAM,mBAAmB;AAGpC,KAAI,MAAM,QAAQ,IAAI,CACrB,OAAM,IAAI,MAAM,2DAA2D;AAG5E,QAAO;EACN,GAAG;EACH,KAAK,uBAAuB,IAAI;EAChC,QAAQ;EACR;EACA;EACA"}
+{"version":3,"file":"jwt-utils.mjs","names":["i"],"sources":["../../src/zklogin/jwt-utils.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { JwtPayload } from './jwt-decode.js';\nimport { jwtDecode } from './jwt-decode.js';\nimport { normalizeZkLoginIssuer } from './utils.js';\n\nfunction base64UrlCharTo6Bits(base64UrlChar: string): number[] {\n\tif (base64UrlChar.length !== 1) {\n\t\tthrow new Error('Invalid base64Url character: ' + base64UrlChar);\n\t}\n\n\t// Define the base64URL character set\n\tconst base64UrlCharacterSet = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_';\n\n\t// Find the index of the input character in the base64URL character set\n\tconst index = base64UrlCharacterSet.indexOf(base64UrlChar);\n\n\tif (index === -1) {\n\t\tthrow new Error('Invalid base64Url character: ' + base64UrlChar);\n\t}\n\n\t// Convert the index to a 6-bit binary string\n\tconst binaryString = index.toString(2).padStart(6, '0');\n\n\t// Convert the binary string to an array of bits\n\tconst bits = Array.from(binaryString).map(Number);\n\n\treturn bits;\n}\n\nfunction base64UrlStringToBitVector(base64UrlString: string) {\n\tlet bitVector: number[] = [];\n\tfor (let i = 0; i < base64UrlString.length; i++) {\n\t\tconst base64UrlChar = base64UrlString.charAt(i);\n\t\tconst bits = base64UrlCharTo6Bits(base64UrlChar);\n\t\tbitVector = bitVector.concat(bits);\n\t}\n\treturn bitVector;\n}\n\nfunction decodeBase64URL(s: string, i: number): string {\n\tif (s.length < 2) {\n\t\tthrow new Error(`Input (s = ${s}) is not tightly packed because s.length < 2`);\n\t}\n\tlet bits = base64UrlStringToBitVector(s);\n\n\tconst firstCharOffset = i % 4;\n\tif (firstCharOffset === 0) {\n\t\t// skip\n\t} else if (firstCharOffset === 1) {\n\t\tbits = bits.slice(2);\n\t} else if (firstCharOffset === 2) {\n\t\tbits = bits.slice(4);\n\t} else {\n\t\t// (offset == 3)\n\t\tthrow new Error(`Input (s = ${s}) is not tightly packed because i%4 = 3 (i = ${i}))`);\n\t}\n\n\tconst lastCharOffset = (i + s.length - 1) % 4;\n\tif (lastCharOffset === 3) {\n\t\t// skip\n\t} else if (lastCharOffset === 2) {\n\t\tbits = bits.slice(0, bits.length - 2);\n\t} else if (lastCharOffset === 1) {\n\t\tbits = bits.slice(0, bits.length - 4);\n\t} else {\n\t\t// (offset == 0)\n\t\tthrow new Error(\n\t\t\t`Input (s = ${s}) is not tightly packed because (i + s.length - 1)%4 = 0 (i = ${i}))`,\n\t\t);\n\t}\n\n\tif (bits.length % 8 !== 0) {\n\t\tthrow new Error(`We should never reach here...`);\n\t}\n\n\tconst bytes = new Uint8Array(Math.floor(bits.length / 8));\n\tlet currentByteIndex = 0;\n\tfor (let i = 0; i < bits.length; i += 8) {\n\t\tconst bitChunk = bits.slice(i, i + 8);\n\n\t\t// Convert the 8-bit chunk to a byte and add it to the bytes array\n\t\tconst byte = parseInt(bitChunk.join(''), 2);\n\t\tbytes[currentByteIndex++] = byte;\n\t}\n\treturn new TextDecoder().decode(bytes);\n}\n\nfunction verifyExtendedClaim(claim: string) {\n\t// Last character of each extracted_claim must be '}' or ','\n\tif (!(claim.slice(-1) === '}' || claim.slice(-1) === ',')) {\n\t\tthrow new Error('Invalid claim');\n\t}\n\n\t// A hack to parse the JSON key-value pair.. but it should work\n\tconst json = JSON.parse('{' + claim.slice(0, -1) + '}');\n\tif (Object.keys(json).length !== 1) {\n\t\tthrow new Error('Invalid claim');\n\t}\n\tconst key = Object.keys(json)[0];\n\treturn [key, json[key]];\n}\n\nexport type Claim = {\n\tvalue: string;\n\tindexMod4: number;\n};\n\nexport function extractClaimValue<R>(claim: Claim, claimName: string): R {\n\tconst extendedClaim = decodeBase64URL(claim.value, claim.indexMod4);\n\tconst [name, value] = verifyExtendedClaim(extendedClaim);\n\tif (name !== claimName) {\n\t\tthrow new Error(`Invalid field name: found ${name} expected ${claimName}`);\n\t}\n\treturn value;\n}\n\n// TODO: root cause of the claim-escaping bug — jwtDecode resolves JSON escapes, but the\n// circuit derives the address seed from raw JWT bytes, so escaped claim values decode\n// differently here than the circuit hashes. Real fix: parse claims over raw bytes.\nexport function decodeJwt(jwt: string): Omit<JwtPayload, 'iss' | 'aud' | 'sub'> & {\n\tiss: string;\n\taud: string;\n\tsub: string;\n\trawIss: string;\n} {\n\tconst { iss, aud, sub, ...decodedJWT } = jwtDecode(jwt);\n\n\tif (!sub || !iss || !aud) {\n\t\tthrow new Error('Missing jwt data');\n\t}\n\n\tif (Array.isArray(aud)) {\n\t\tthrow new Error('Not supported aud. Aud is an array, string was expected.');\n\t}\n\n\treturn {\n\t\t...decodedJWT,\n\t\tiss: normalizeZkLoginIssuer(iss),\n\t\trawIss: iss,\n\t\taud,\n\t\tsub,\n\t};\n}\n"],"mappings":";;;;AAOA,SAAS,qBAAqB,eAAiC;AAC9D,KAAI,cAAc,WAAW,EAC5B,OAAM,IAAI,MAAM,kCAAkC,cAAc;CAOjE,MAAM,QAHwB,mEAGM,QAAQ,cAAc;AAE1D,KAAI,UAAU,GACb,OAAM,IAAI,MAAM,kCAAkC,cAAc;CAIjE,MAAM,eAAe,MAAM,SAAS,EAAE,CAAC,SAAS,GAAG,IAAI;AAKvD,QAFa,MAAM,KAAK,aAAa,CAAC,IAAI,OAAO;;AAKlD,SAAS,2BAA2B,iBAAyB;CAC5D,IAAI,YAAsB,EAAE;AAC5B,MAAK,IAAI,IAAI,GAAG,IAAI,gBAAgB,QAAQ,KAAK;EAEhD,MAAM,OAAO,qBADS,gBAAgB,OAAO,EAAE,CACC;AAChD,cAAY,UAAU,OAAO,KAAK;;AAEnC,QAAO;;AAGR,SAAS,gBAAgB,GAAW,GAAmB;AACtD,KAAI,EAAE,SAAS,EACd,OAAM,IAAI,MAAM,cAAc,EAAE,8CAA8C;CAE/E,IAAI,OAAO,2BAA2B,EAAE;CAExC,MAAM,kBAAkB,IAAI;AAC5B,KAAI,oBAAoB,GAAG,YAEhB,oBAAoB,EAC9B,QAAO,KAAK,MAAM,EAAE;UACV,oBAAoB,EAC9B,QAAO,KAAK,MAAM,EAAE;KAGpB,OAAM,IAAI,MAAM,cAAc,EAAE,+CAA+C,EAAE,IAAI;CAGtF,MAAM,kBAAkB,IAAI,EAAE,SAAS,KAAK;AAC5C,KAAI,mBAAmB,GAAG,YAEf,mBAAmB,EAC7B,QAAO,KAAK,MAAM,GAAG,KAAK,SAAS,EAAE;UAC3B,mBAAmB,EAC7B,QAAO,KAAK,MAAM,GAAG,KAAK,SAAS,EAAE;KAGrC,OAAM,IAAI,MACT,cAAc,EAAE,gEAAgE,EAAE,IAClF;AAGF,KAAI,KAAK,SAAS,MAAM,EACvB,OAAM,IAAI,MAAM,gCAAgC;CAGjD,MAAM,QAAQ,IAAI,WAAW,KAAK,MAAM,KAAK,SAAS,EAAE,CAAC;CACzD,IAAI,mBAAmB;AACvB,MAAK,IAAIA,MAAI,GAAGA,MAAI,KAAK,QAAQ,OAAK,GAAG;EACxC,MAAM,WAAW,KAAK,MAAMA,KAAGA,MAAI,EAAE;EAGrC,MAAM,OAAO,SAAS,SAAS,KAAK,GAAG,EAAE,EAAE;AAC3C,QAAM,sBAAsB;;AAE7B,QAAO,IAAI,aAAa,CAAC,OAAO,MAAM;;AAGvC,SAAS,oBAAoB,OAAe;AAE3C,KAAI,EAAE,MAAM,MAAM,GAAG,KAAK,OAAO,MAAM,MAAM,GAAG,KAAK,KACpD,OAAM,IAAI,MAAM,gBAAgB;CAIjC,MAAM,OAAO,KAAK,MAAM,MAAM,MAAM,MAAM,GAAG,GAAG,GAAG,IAAI;AACvD,KAAI,OAAO,KAAK,KAAK,CAAC,WAAW,EAChC,OAAM,IAAI,MAAM,gBAAgB;CAEjC,MAAM,MAAM,OAAO,KAAK,KAAK,CAAC;AAC9B,QAAO,CAAC,KAAK,KAAK,KAAK;;AAQxB,SAAgB,kBAAqB,OAAc,WAAsB;CAExE,MAAM,CAAC,MAAM,SAAS,oBADA,gBAAgB,MAAM,OAAO,MAAM,UAAU,CACX;AACxD,KAAI,SAAS,UACZ,OAAM,IAAI,MAAM,6BAA6B,KAAK,YAAY,YAAY;AAE3E,QAAO;;AAMR,SAAgB,UAAU,KAKxB;CACD,MAAM,EAAE,KAAK,KAAK,KAAK,GAAG,eAAe,UAAU,IAAI;AAEvD,KAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IACpB,OAAM,IAAI,MAAM,mBAAmB;AAGpC,KAAI,MAAM,QAAQ,IAAI,CACrB,OAAM,IAAI,MAAM,2DAA2D;AAG5E,QAAO;EACN,GAAG;EACH,KAAK,uBAAuB,IAAI;EAChC,QAAQ;EACR;EACA;EACA"}

package/dist/zklogin/utils.d.mts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.mts","names":[],"sources":["../../src/zklogin/utils.ts"],"mappings":";;;iBAwBgB,sBAAA,CAAuB,GAAA,UAAa,KAAA,WAAgB,UAAA;AAAA,iBAMpD,gBAAA,CAAiB,GAAA,UAAa,KAAA,WAAgB,UAAA;AAAA,iBAY9C,6BAAA,CAA8B,SAAA,EAAW,SAAA;AAAA,iBA8BzC,mBAAA,CAAoB,GAAA,UAAa,OAAA;AAAA,iBAiBjC,cAAA,CACf,IAAA,mBACA,IAAA,UACA,KAAA,UACA,GAAA,UACA,eAAA,WACA,gBAAA,WACA,cAAA"}
+{"version":3,"file":"utils.d.mts","names":[],"sources":["../../src/zklogin/utils.ts"],"mappings":";;;iBAwBgB,sBAAA,CAAuB,GAAA,UAAa,KAAA,WAAgB,UAAA;AAAA,iBAMpD,gBAAA,CAAiB,GAAA,UAAa,KAAA,WAAgB,UAAA;AAAA,iBAY9C,6BAAA,CAA8B,SAAA,EAAW,SAAA;AAAA,iBA8BzC,mBAAA,CAAoB,GAAA,UAAa,OAAA;AAAA,iBA+BjC,cAAA,CACf,IAAA,mBACA,IAAA,UACA,KAAA,UACA,GAAA,UACA,eAAA,WACA,gBAAA,WACA,cAAA"}

package/dist/zklogin/utils.mjs

@@ -45,7 +45,16 @@ function hashASCIIStrToField(str, maxSize) {
 	if (str.length > maxSize) throw new Error(`String ${str} is longer than ${maxSize} chars`);
 	return poseidonHash(chunkArray(str.padEnd(maxSize, String.fromCharCode(0)).split("").map((c) => c.charCodeAt(0)), PACK_WIDTH / 8).map((chunk) => bytesBEToBigInt(chunk)));
 }
+function assertNoJsonEscape(value, label) {
+	for (let i = 0; i < value.length; i++) {
+		const c = value.charCodeAt(i);
+		if (c < 32 || c === 34 || c === 92) throw new Error(`zkLogin ${label} contains a JSON-escaped character (code ${c}); the circuit hashes raw JWT bytes, so claim values with escapes are not supported`);
+	}
+}
 function genAddressSeed(salt, name, value, aud, max_name_length = MAX_KEY_CLAIM_NAME_LENGTH, max_value_length = MAX_KEY_CLAIM_VALUE_LENGTH, max_aud_length = MAX_AUD_VALUE_LENGTH) {
+	assertNoJsonEscape(name, "key claim name");
+	assertNoJsonEscape(value, "key claim value");
+	assertNoJsonEscape(aud, "aud");
 	return poseidonHash([
 		hashASCIIStrToField(name, max_name_length),
 		hashASCIIStrToField(value, max_value_length),

package/dist/zklogin/utils.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"utils.mjs","names":[],"sources":["../../src/zklogin/utils.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { hexToBytes } from '@noble/hashes/utils.js';\n\nimport type { PublicKey } from '../cryptography/publickey.js';\nimport { poseidonHash } from './poseidon.js';\n\nconst MAX_KEY_CLAIM_NAME_LENGTH = 32;\nconst MAX_KEY_CLAIM_VALUE_LENGTH = 115;\nconst MAX_AUD_VALUE_LENGTH = 145;\nconst PACK_WIDTH = 248;\n\nfunction findFirstNonZeroIndex(bytes: Uint8Array) {\n\tfor (let i = 0; i < bytes.length; i++) {\n\t\tif (bytes[i] !== 0) {\n\t\t\treturn i;\n\t\t}\n\t}\n\n\treturn -1;\n}\n\n// Derive bytearray from num where the bytearray is padded to the left with 0s to the specified width.\nexport function toPaddedBigEndianBytes(num: bigint, width: number): Uint8Array {\n\tconst hex = num.toString(16);\n\treturn hexToBytes(hex.padStart(width * 2, '0').slice(-width * 2));\n}\n\n// Derive bytearray from num where the bytearray is not padded with 0.\nexport function toBigEndianBytes(num: bigint, width: number): Uint8Array {\n\tconst bytes = toPaddedBigEndianBytes(num, width);\n\n\tconst firstNonZeroIndex = findFirstNonZeroIndex(bytes);\n\n\tif (firstNonZeroIndex === -1) {\n\t\treturn new Uint8Array([0]);\n\t}\n\n\treturn bytes.slice(firstNonZeroIndex);\n}\n\nexport function getExtendedEphemeralPublicKey(publicKey: PublicKey) {\n\treturn publicKey.toSuiPublicKey();\n}\n\n/**\n * Splits an array into chunks of size chunk_size. If the array is not evenly\n * divisible by chunk_size, the first chunk will be smaller than chunk_size.\n *\n * E.g., arrayChunk([1, 2, 3, 4, 5], 2) => [[1], [2, 3], [4, 5]]\n *\n * Note: Can be made more efficient by avoiding the reverse() calls.\n */\nexport function chunkArray<T>(array: T[], chunk_size: number): T[][] {\n\tconst chunks = Array(Math.ceil(array.length / chunk_size));\n\tconst revArray = array.reverse();\n\tfor (let i = 0; i < chunks.length; i++) {\n\t\tchunks[i] = revArray.slice(i * chunk_size, (i + 1) * chunk_size).reverse();\n\t}\n\treturn chunks.reverse();\n}\n\nfunction bytesBEToBigInt(bytes: number[]): bigint {\n\tconst hex = bytes.map((b) => b.toString(16).padStart(2, '0')).join('');\n\tif (hex.length === 0) {\n\t\treturn BigInt(0);\n\t}\n\treturn BigInt('0x' + hex);\n}\n\n// hashes an ASCII string to a field element\nexport function hashASCIIStrToField(str: string, maxSize: number) {\n\tif (str.length > maxSize) {\n\t\tthrow new Error(`String ${str} is longer than ${maxSize} chars`);\n\t}\n\n\t// Note: Padding with zeroes is safe because we are only using this function to map human-readable sequence of bytes.\n\t// So the ASCII values of those characters will never be zero (null character).\n\tconst strPadded = str\n\t\t.padEnd(maxSize, String.fromCharCode(0))\n\t\t.split('')\n\t\t.map((c) => c.charCodeAt(0));\n\n\tconst chunkSize = PACK_WIDTH / 8;\n\tconst packed = chunkArray(strPadded, chunkSize).map((chunk) => bytesBEToBigInt(chunk));\n\treturn poseidonHash(packed);\n}\n\nexport function genAddressSeed(\n\tsalt: string | bigint,\n\tname: string,\n\tvalue: string,\n\taud: string,\n\tmax_name_length = MAX_KEY_CLAIM_NAME_LENGTH,\n\tmax_value_length = MAX_KEY_CLAIM_VALUE_LENGTH,\n\tmax_aud_length = MAX_AUD_VALUE_LENGTH,\n): bigint {\n\treturn poseidonHash([\n\t\thashASCIIStrToField(name, max_name_length),\n\t\thashASCIIStrToField(value, max_value_length),\n\t\thashASCIIStrToField(aud, max_aud_length),\n\t\tposeidonHash([BigInt(salt)]),\n\t]);\n}\n\nexport function normalizeZkLoginIssuer(iss: string) {\n\tif (iss === 'accounts.google.com') {\n\t\treturn 'https://accounts.google.com';\n\t}\n\treturn iss;\n}\n"],"mappings":";;;;AAQA,MAAM,4BAA4B;AAClC,MAAM,6BAA6B;AACnC,MAAM,uBAAuB;AAC7B,MAAM,aAAa;AAEnB,SAAS,sBAAsB,OAAmB;AACjD,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,IACjC,KAAI,MAAM,OAAO,EAChB,QAAO;AAIT,QAAO;;AAIR,SAAgB,uBAAuB,KAAa,OAA2B;AAE9E,QAAO,WADK,IAAI,SAAS,GAAG,CACN,SAAS,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;;AAIlE,SAAgB,iBAAiB,KAAa,OAA2B;CACxE,MAAM,QAAQ,uBAAuB,KAAK,MAAM;CAEhD,MAAM,oBAAoB,sBAAsB,MAAM;AAEtD,KAAI,sBAAsB,GACzB,QAAO,IAAI,WAAW,CAAC,EAAE,CAAC;AAG3B,QAAO,MAAM,MAAM,kBAAkB;;AAGtC,SAAgB,8BAA8B,WAAsB;AACnE,QAAO,UAAU,gBAAgB;;;;;;;;;;AAWlC,SAAgB,WAAc,OAAY,YAA2B;CACpE,MAAM,SAAS,MAAM,KAAK,KAAK,MAAM,SAAS,WAAW,CAAC;CAC1D,MAAM,WAAW,MAAM,SAAS;AAChC,MAAK,IAAI,IAAI,GAAG,IAAI,OAAO,QAAQ,IAClC,QAAO,KAAK,SAAS,MAAM,IAAI,aAAa,IAAI,KAAK,WAAW,CAAC,SAAS;AAE3E,QAAO,OAAO,SAAS;;AAGxB,SAAS,gBAAgB,OAAyB;CACjD,MAAM,MAAM,MAAM,KAAK,MAAM,EAAE,SAAS,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,KAAK,GAAG;AACtE,KAAI,IAAI,WAAW,EAClB,QAAO,OAAO,EAAE;AAEjB,QAAO,OAAO,OAAO,IAAI;;AAI1B,SAAgB,oBAAoB,KAAa,SAAiB;AACjE,KAAI,IAAI,SAAS,QAChB,OAAM,IAAI,MAAM,UAAU,IAAI,kBAAkB,QAAQ,QAAQ;AAYjE,QAAO,aADQ,WANG,IAChB,OAAO,SAAS,OAAO,aAAa,EAAE,CAAC,CACvC,MAAM,GAAG,CACT,KAAK,MAAM,EAAE,WAAW,EAAE,CAAC,EAEX,aAAa,EACgB,CAAC,KAAK,UAAU,gBAAgB,MAAM,CAAC,CAC3D;;AAG5B,SAAgB,eACf,MACA,MACA,OACA,KACA,kBAAkB,2BAClB,mBAAmB,4BACnB,iBAAiB,sBACR;AACT,QAAO,aAAa;EACnB,oBAAoB,MAAM,gBAAgB;EAC1C,oBAAoB,OAAO,iBAAiB;EAC5C,oBAAoB,KAAK,eAAe;EACxC,aAAa,CAAC,OAAO,KAAK,CAAC,CAAC;EAC5B,CAAC;;AAGH,SAAgB,uBAAuB,KAAa;AACnD,KAAI,QAAQ,sBACX,QAAO;AAER,QAAO"}
+{"version":3,"file":"utils.mjs","names":[],"sources":["../../src/zklogin/utils.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { hexToBytes } from '@noble/hashes/utils.js';\n\nimport type { PublicKey } from '../cryptography/publickey.js';\nimport { poseidonHash } from './poseidon.js';\n\nconst MAX_KEY_CLAIM_NAME_LENGTH = 32;\nconst MAX_KEY_CLAIM_VALUE_LENGTH = 115;\nconst MAX_AUD_VALUE_LENGTH = 145;\nconst PACK_WIDTH = 248;\n\nfunction findFirstNonZeroIndex(bytes: Uint8Array) {\n\tfor (let i = 0; i < bytes.length; i++) {\n\t\tif (bytes[i] !== 0) {\n\t\t\treturn i;\n\t\t}\n\t}\n\n\treturn -1;\n}\n\n// Derive bytearray from num where the bytearray is padded to the left with 0s to the specified width.\nexport function toPaddedBigEndianBytes(num: bigint, width: number): Uint8Array {\n\tconst hex = num.toString(16);\n\treturn hexToBytes(hex.padStart(width * 2, '0').slice(-width * 2));\n}\n\n// Derive bytearray from num where the bytearray is not padded with 0.\nexport function toBigEndianBytes(num: bigint, width: number): Uint8Array {\n\tconst bytes = toPaddedBigEndianBytes(num, width);\n\n\tconst firstNonZeroIndex = findFirstNonZeroIndex(bytes);\n\n\tif (firstNonZeroIndex === -1) {\n\t\treturn new Uint8Array([0]);\n\t}\n\n\treturn bytes.slice(firstNonZeroIndex);\n}\n\nexport function getExtendedEphemeralPublicKey(publicKey: PublicKey) {\n\treturn publicKey.toSuiPublicKey();\n}\n\n/**\n * Splits an array into chunks of size chunk_size. If the array is not evenly\n * divisible by chunk_size, the first chunk will be smaller than chunk_size.\n *\n * E.g., arrayChunk([1, 2, 3, 4, 5], 2) => [[1], [2, 3], [4, 5]]\n *\n * Note: Can be made more efficient by avoiding the reverse() calls.\n */\nexport function chunkArray<T>(array: T[], chunk_size: number): T[][] {\n\tconst chunks = Array(Math.ceil(array.length / chunk_size));\n\tconst revArray = array.reverse();\n\tfor (let i = 0; i < chunks.length; i++) {\n\t\tchunks[i] = revArray.slice(i * chunk_size, (i + 1) * chunk_size).reverse();\n\t}\n\treturn chunks.reverse();\n}\n\nfunction bytesBEToBigInt(bytes: number[]): bigint {\n\tconst hex = bytes.map((b) => b.toString(16).padStart(2, '0')).join('');\n\tif (hex.length === 0) {\n\t\treturn BigInt(0);\n\t}\n\treturn BigInt('0x' + hex);\n}\n\n// hashes an ASCII string to a field element\nexport function hashASCIIStrToField(str: string, maxSize: number) {\n\tif (str.length > maxSize) {\n\t\tthrow new Error(`String ${str} is longer than ${maxSize} chars`);\n\t}\n\n\t// Note: Padding with zeroes is safe because we are only using this function to map human-readable sequence of bytes.\n\t// So the ASCII values of those characters will never be zero (null character).\n\tconst strPadded = str\n\t\t.padEnd(maxSize, String.fromCharCode(0))\n\t\t.split('')\n\t\t.map((c) => c.charCodeAt(0));\n\n\tconst chunkSize = PACK_WIDTH / 8;\n\tconst packed = chunkArray(strPadded, chunkSize).map((chunk) => bytesBEToBigInt(chunk));\n\treturn poseidonHash(packed);\n}\n\n// Reject claim inputs whose decoded form reveals a JSON escape ('\"', '\\', control char):\n// the circuit hashes raw JWT bytes, so an escaped value would derive a different address.\nfunction assertNoJsonEscape(value: string, label: string) {\n\tfor (let i = 0; i < value.length; i++) {\n\t\tconst c = value.charCodeAt(i);\n\t\tif (c < 0x20 || c === 0x22 || c === 0x5c) {\n\t\t\tthrow new Error(\n\t\t\t\t`zkLogin ${label} contains a JSON-escaped character (code ${c}); the circuit ` +\n\t\t\t\t\t`hashes raw JWT bytes, so claim values with escapes are not supported`,\n\t\t\t);\n\t\t}\n\t}\n}\n\nexport function genAddressSeed(\n\tsalt: string | bigint,\n\tname: string,\n\tvalue: string,\n\taud: string,\n\tmax_name_length = MAX_KEY_CLAIM_NAME_LENGTH,\n\tmax_value_length = MAX_KEY_CLAIM_VALUE_LENGTH,\n\tmax_aud_length = MAX_AUD_VALUE_LENGTH,\n): bigint {\n\tassertNoJsonEscape(name, 'key claim name');\n\tassertNoJsonEscape(value, 'key claim value');\n\tassertNoJsonEscape(aud, 'aud');\n\treturn poseidonHash([\n\t\thashASCIIStrToField(name, max_name_length),\n\t\thashASCIIStrToField(value, max_value_length),\n\t\thashASCIIStrToField(aud, max_aud_length),\n\t\tposeidonHash([BigInt(salt)]),\n\t]);\n}\n\nexport function normalizeZkLoginIssuer(iss: string) {\n\tif (iss === 'accounts.google.com') {\n\t\treturn 'https://accounts.google.com';\n\t}\n\treturn iss;\n}\n"],"mappings":";;;;AAQA,MAAM,4BAA4B;AAClC,MAAM,6BAA6B;AACnC,MAAM,uBAAuB;AAC7B,MAAM,aAAa;AAEnB,SAAS,sBAAsB,OAAmB;AACjD,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,IACjC,KAAI,MAAM,OAAO,EAChB,QAAO;AAIT,QAAO;;AAIR,SAAgB,uBAAuB,KAAa,OAA2B;AAE9E,QAAO,WADK,IAAI,SAAS,GAAG,CACN,SAAS,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;;AAIlE,SAAgB,iBAAiB,KAAa,OAA2B;CACxE,MAAM,QAAQ,uBAAuB,KAAK,MAAM;CAEhD,MAAM,oBAAoB,sBAAsB,MAAM;AAEtD,KAAI,sBAAsB,GACzB,QAAO,IAAI,WAAW,CAAC,EAAE,CAAC;AAG3B,QAAO,MAAM,MAAM,kBAAkB;;AAGtC,SAAgB,8BAA8B,WAAsB;AACnE,QAAO,UAAU,gBAAgB;;;;;;;;;;AAWlC,SAAgB,WAAc,OAAY,YAA2B;CACpE,MAAM,SAAS,MAAM,KAAK,KAAK,MAAM,SAAS,WAAW,CAAC;CAC1D,MAAM,WAAW,MAAM,SAAS;AAChC,MAAK,IAAI,IAAI,GAAG,IAAI,OAAO,QAAQ,IAClC,QAAO,KAAK,SAAS,MAAM,IAAI,aAAa,IAAI,KAAK,WAAW,CAAC,SAAS;AAE3E,QAAO,OAAO,SAAS;;AAGxB,SAAS,gBAAgB,OAAyB;CACjD,MAAM,MAAM,MAAM,KAAK,MAAM,EAAE,SAAS,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,KAAK,GAAG;AACtE,KAAI,IAAI,WAAW,EAClB,QAAO,OAAO,EAAE;AAEjB,QAAO,OAAO,OAAO,IAAI;;AAI1B,SAAgB,oBAAoB,KAAa,SAAiB;AACjE,KAAI,IAAI,SAAS,QAChB,OAAM,IAAI,MAAM,UAAU,IAAI,kBAAkB,QAAQ,QAAQ;AAYjE,QAAO,aADQ,WANG,IAChB,OAAO,SAAS,OAAO,aAAa,EAAE,CAAC,CACvC,MAAM,GAAG,CACT,KAAK,MAAM,EAAE,WAAW,EAAE,CAAC,EAEX,aAAa,EACgB,CAAC,KAAK,UAAU,gBAAgB,MAAM,CAAC,CAC3D;;AAK5B,SAAS,mBAAmB,OAAe,OAAe;AACzD,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK;EACtC,MAAM,IAAI,MAAM,WAAW,EAAE;AAC7B,MAAI,IAAI,MAAQ,MAAM,MAAQ,MAAM,GACnC,OAAM,IAAI,MACT,WAAW,MAAM,2CAA2C,EAAE,qFAE9D;;;AAKJ,SAAgB,eACf,MACA,MACA,OACA,KACA,kBAAkB,2BAClB,mBAAmB,4BACnB,iBAAiB,sBACR;AACT,oBAAmB,MAAM,iBAAiB;AAC1C,oBAAmB,OAAO,kBAAkB;AAC5C,oBAAmB,KAAK,MAAM;AAC9B,QAAO,aAAa;EACnB,oBAAoB,MAAM,gBAAgB;EAC1C,oBAAoB,OAAO,iBAAiB;EAC5C,oBAAoB,KAAK,eAAe;EACxC,aAAa,CAAC,OAAO,KAAK,CAAC,CAAC;EAC5B,CAAC;;AAGH,SAAgB,uBAAuB,KAAa;AACnD,KAAI,QAAQ,sBACX,QAAO;AAER,QAAO"}

package/docs/bcs.md

@@ -35,7 +35,6 @@ the following pre-defined schemes:
 - `SharedObjectRef`
 - `StructTag`
 - `SuiObjectRef`
-- `Transaction`
 - `TransactionData`
 - `TransactionDataV1`
 - `TransactionExpiration`
@@ -85,12 +84,18 @@ object response, so you typically only need `content`.
 
 ```typescript
 
-// Parse a full object envelope (from objectBcs include option)
-const envelope = bcs.Object.parse(object.objectBcs);
-console.log('Owner:', envelope.owner);
-console.log('Inner struct bytes:', envelope.data.Move.contents);
+// Parse a BCS-encoded object
+const { objects } = await grpcClient.getObjects({
+	objectIds: [objectId],
+	include: { objectBcs: true },
+});
+
+const parsed = bcs.Object.parse(objects[0].objectBcs);
+console.log('Owner:', parsed.owner);
+console.log('Previous Transaction:', parsed.previousTransaction);
+console.log('Storage Rebate:', parsed.storageRebate);
 
-// Serialize a full object envelope
+// Serialize an object
 const serialized = bcs.Object.serialize({
 	data: {
 		Move: {

package/docs/clients/core.md

@@ -178,13 +178,14 @@ The `display` field is `null` when the object's type has no registered Display t
 Get the balance of a specific coin type for an owner.
 
 ```typescript
-const balance = await client.core.getBalance({
+const { balance } = await client.core.getBalance({
 	owner: '0xabc...',
 	coinType: '0x2::sui::SUI', // Optional, defaults to SUI
 });
 
-console.log(balance.totalBalance); // Total balance as bigint
-console.log(balance.coinObjectCount); // Number of coin objects
+console.log(balance.balance); // Total balance (coin objects + address balance)
+console.log(balance.coinBalance); // Balance from coin objects only
+console.log(balance.addressBalance); // Balance from address balance only
 ```
 
 ### `listBalances`
@@ -197,7 +198,7 @@ const { balances } = await client.core.listBalances({
 });
 
 for (const balance of balances) {
-	console.log(balance.coinType, balance.totalBalance);
+	console.log(balance.coinType, balance.balance);
 }
 ```
 
@@ -212,7 +213,7 @@ const result = await client.core.listCoins({
 	limit: 10,
 });
 
-for (const coin of result.coins) {
+for (const coin of result.objects) {
 	console.log(coin.objectId, coin.balance);
 }
 ```
@@ -454,7 +455,7 @@ console.log(referenceGasPrice); // bigint
 Get the current system state including epoch information.
 
 ```typescript
-const systemState = await client.core.getCurrentSystemState();
+const { systemState } = await client.core.getCurrentSystemState();
 console.log(systemState.epoch);
 console.log(systemState.systemStateVersion);
 ```
@@ -478,7 +479,7 @@ Get information about a Move function.
 const { function: fn } = await client.core.getMoveFunction({
 	packageId: '0x2',
 	moduleName: 'coin',
-	name: 'transfer',
+	name: 'value',
 });
 
 console.log(fn.name);
@@ -566,7 +567,7 @@ function processObject(obj: SuiClientTypes.Object<{ content: true }>) {
 async function fetchBalance(
 	client: ClientWithCoreApi,
 	owner: string,
-): Promise<SuiClientTypes.CoinBalance> {
+): Promise<SuiClientTypes.Balance> {
 	const { balance } = await client.core.getBalance({ owner });
 	return balance;
 }
@@ -584,7 +585,7 @@ const options: SuiClientTypes.GetObjectOptions<{ content: true }> = {
 | ---------------------- | ------------------------------------------- |
 | `Object<Include>`      | Fetched object with optional included data  |
 | `Coin`                 | Coin object with balance                    |
-| `CoinBalance`          | Balance summary for a coin type             |
+| `Balance`              | Balance summary for a coin type             |
 | `CoinMetadata`         | Metadata for a coin type                    |
 | `Transaction<Include>` | Executed transaction with optional data     |
 | `TransactionResult`    | Success or failure result from execution    |

package/docs/clients/grpc.md

@@ -179,7 +179,7 @@ const { response: fields } = await grpcClient.stateService.listDynamicFields({
 const { response } = await grpcClient.movePackageService.getFunction({
 	packageId: '0x2',
 	moduleName: 'coin',
-	name: 'transfer',
+	name: 'value',
 });
 ```
 

package/docs/index.md

@@ -1,22 +1,55 @@
-# Sui TypeScript SDK Quick Start
+# Sui TypeScript SDK
 
-> The Sui TypeScript SDK is a modular library of tools for interacting with the Sui blockchain.
+> TypeScript SDK for building on the Sui blockchain
 
 The Sui TypeScript SDK is a modular library of tools for interacting with the Sui blockchain. Use it
 to send queries to RPC nodes, build and sign transactions, and interact with a Sui or local network.
 
 ## Installation
 
-```sh npm2yarn
+```npm
 npm i @mysten/sui
 ```
 
+The SDK is published as an ESM only package. Make sure your `package.json` includes
+`"type": "module"`:
+
+```json
+{
+	"type": "module"
+}
+```
+
+If you are using TypeScript, your `tsconfig.json` should use a compatible `moduleResolution` setting
+such as `"NodeNext"`, `"Node16"`, or `"Bundler"`.
+
+## Module packages
+
+The SDK contains a set of modular packages that you can use independently or together. Import just
+what you need to keep your code light and compact.
+
+- [`@mysten/sui/client`](/sui/clients): A client for interacting with Sui RPC nodes.
+- [`@mysten/sui/bcs`](/sui/bcs): A BCS builder with pre-defined types for Sui.
+- [`@mysten/sui/transactions`](/sui/transactions/basics): Utilities for building and interacting
+  with transactions.
+- [`@mysten/sui/keypairs/*`](/sui/cryptography/keypairs): Modular exports for specific KeyPair
+  implementations.
+- [`@mysten/sui/verify`](/sui/cryptography/keypairs#verifying-signatures-without-a-key-pair):
+  Methods for verifying transactions and messages.
+- [`@mysten/sui/cryptography`](/sui/cryptography/keypairs): Shared types and classes for
+  cryptography.
+- [`@mysten/sui/multisig`](/sui/cryptography/multisig): Utilities for working with multisig
+  signatures.
+- [`@mysten/sui/utils`](/sui/utils): Utilities for formatting and parsing various Sui types.
+- [`@mysten/sui/faucet`](#faucet): Methods for requesting SUI from a faucet.
+- [`@mysten/sui/zklogin`](/sui/zklogin): Utilities for working with zkLogin.
+
 ## Network locations
 
 The following table lists the locations for Sui networks.
 
 | Network | Full node                             | faucet                                   |
-| :------ | :------------------------------------ | :--------------------------------------- |
+| ------- | ------------------------------------- | ---------------------------------------- |
 | local   | `http://127.0.0.1:9000` (default)     | `http://127.0.0.1:9123/v2/gas` (default) |
 | Devnet  | `https://fullnode.devnet.sui.io:443`  | `https://faucet.devnet.sui.io/v2/gas`    |
 | Testnet | `https://fullnode.testnet.sui.io:443` | `https://faucet.testnet.sui.io/v2/gas`   |
@@ -31,23 +64,144 @@ The following table lists the locations for Sui networks.
 > (preferred for apps that have high traffic). You can find a list of reliable RPC endpoint providers
 > for Sui on the [Sui Dev Portal](https://sui.io/developers#dev-tools) using the **Node Service** tab.
 
-## Module packages
+## Quick start
 
-The SDK contains a set of modular packages that you can use independently or together. Import just
-what you need to keep your code light and compact.
+Get started in a few minutes. This guide walks you through creating a keypair, funding it from a
+faucet, and checking your balance.
 
-- [`@mysten/sui/client`](/sui/clients): A client for interacting with Sui RPC nodes.
-- [`@mysten/sui/bcs`](/sui/bcs): A BCS builder with pre-defined types for Sui.
-- [`@mysten/sui/transactions`](/sui/transaction-building/basics): Utilities for building and
-  interacting with transactions.
-- [`@mysten/sui/keypairs/*`](/sui/cryptography/keypairs): Modular exports for specific KeyPair
-  implementations.
-- [`@mysten/sui/verify`](/sui/cryptography/keypairs#verifying-signatures-without-a-key-pair):
-  Methods for verifying transactions and messages.
-- [`@mysten/sui/cryptography`](/sui/cryptography/keypairs): Shared types and classes for
-  cryptography.
-- [`@mysten/sui/multisig`](/sui/cryptography/multisig): Utilities for working with multisig
-  signatures.
-- [`@mysten/sui/utils`](/sui/utils): Utilities for formatting and parsing various Sui types.
-- [`@mysten/sui/faucet`](/sui/faucet): Methods for requesting SUI from a faucet.
-- [`@mysten/sui/zklogin`](/sui/zklogin): Utilities for working with zkLogin.
+### Create a project
+
+```sh
+mkdir hello-sui
+cd hello-sui
+npm init -y
+npm pkg set type=module
+npm i @mysten/sui
+```
+
+### Step 1: Create a keypair and get SUI
+
+Create a `setup.ts` file that generates a new keypair, requests SUI from the faucet, and prints your
+secret key for later use:
+
+```typescript
+
+// Generate a new keypair
+const keypair = new Ed25519Keypair();
+
+console.log('Address:', keypair.toSuiAddress());
+console.log('Secret key:', keypair.getSecretKey());
+
+// Request SUI from the devnet faucet
+await requestSuiFromFaucetV2({
+	host: getFaucetHost('devnet'),
+	recipient: keypair.toSuiAddress(),
+});
+
+console.log('Faucet request sent! Save the secret key above for the next step.');
+```
+
+Run it:
+
+```sh
+node setup.ts
+```
+
+Save the secret key that gets printed; you'll use it in the next step.
+
+> **Warning:** Logging secret keys to the console is only appropriate for quick demos like this. In real
+> applications, never log or expose secret keys. Store them securely using environment variables,
+> encrypted keystores, or a secrets manager.
+
+### Step 2: Check your balance
+
+Create a `balance.ts` file that imports your keypair from the secret key and checks the balance:
+
+```typescript
+
+// Import the keypair using the secret key from step 1
+const keypair = Ed25519Keypair.fromSecretKey('suiprivkey1...'); // paste your secret key here
+
+const grpcClient = new SuiGrpcClient({
+	network: 'devnet',
+	baseUrl: 'https://fullnode.devnet.sui.io:443',
+});
+
+const { balance } = await grpcClient.core.getBalance({
+	owner: keypair.toSuiAddress(),
+});
+
+const sui = Number(balance.balance) / Number(MIST_PER_SUI);
+console.log(`Address: ${keypair.toSuiAddress()}`);
+console.log(`Balance: ${sui} SUI`);
+```
+
+Run it:
+
+```sh
+node balance.ts
+```
+
+### Step 3: Transfer SUI
+
+Create a `transfer.ts` file that sends SUI to another address and logs the transaction effects:
+
+```typescript
+
+const keypair = Ed25519Keypair.fromSecretKey('suiprivkey1...'); // paste your secret key here
+const grpcClient = new SuiGrpcClient({
+	network: 'devnet',
+	baseUrl: 'https://fullnode.devnet.sui.io:443',
+});
+
+const tx = new Transaction();
+
+tx.transferObjects(
+	[coinWithBalance({ balance: BigInt(0.1 * Number(MIST_PER_SUI)) })],
+	'0xRecipientAddress', // replace with the recipient's address
+);
+
+const result = await keypair.signAndExecuteTransaction({
+	transaction: tx,
+	client: grpcClient,
+	include: { effects: true, balanceChanges: true },
+});
+
+if (result.$kind === 'FailedTransaction') {
+	console.error('Transaction failed:', result.FailedTransaction.status.error?.message);
+} else {
+	console.log('Transaction digest:', result.Transaction.digest);
+	console.log('Effects:', JSON.stringify(result.Transaction.effects, null, 2));
+	console.log('Balance changes:', JSON.stringify(result.Transaction.balanceChanges, null, 2));
+}
+```
+
+Run it:
+
+```sh
+node transfer.ts
+```
+
+### Faucet
+
+Devnet, Testnet, and local networks include faucets that mint SUI. Use `requestSuiFromFaucetV2` to
+request SUI programmatically:
+
+```typescript
+
+await requestSuiFromFaucetV2({
+	host: getFaucetHost('testnet'),
+	recipient: '0xYourAddress',
+});
+```
+
+> **Note:** Faucets on Devnet and Testnet are rate limited. If you hit the limit, wait before trying again.
+> For Testnet, you can also get SUI through the web UI at `faucet.sui.io` or through the [Sui
+> Discord](https://discord.gg/sui) faucet channels.
+
+## Next steps
+
+- [Building Transactions](/sui/transactions/basics): create and compose transactions
+- [Signing and Execution](/sui/transactions/signing-and-execution): sign and submit transactions
+- [Coins and Balances](/sui/transactions/coins-and-balances): work with tokens
+- [Client Setup](/sui/clients): configure clients for different networks

package/docs/llms-index.md

@@ -1,21 +1,18 @@
 # Sui SDK
 > TypeScript interfaces for Sui
 
-- [Sui TypeScript SDK Quick Start](..md): The Sui TypeScript SDK is a modular library of tools for interacting with the Sui blockchain.
-- [Install Sui TypeScript SDK](./install.md): Install the @mysten/sui package and configure your project.
+- [Sui TypeScript SDK](..md): TypeScript SDK for building on the Sui blockchain
 - [LLM Documentation](./llm-docs.md): Give AI agents access to Sui SDK documentation in your project.
-- [Hello Sui](./hello-sui.md): Build your first Sui application with the TypeScript SDK.
-- [Faucet](./faucet.md): Request test SUI tokens from the faucet on Devnet, Testnet, or local networks.
 - [Sui Clients](./clients.md): Choose and configure gRPC, GraphQL, or JSON-RPC clients for the Sui network.
 - [Core API](./clients/core.md): Transport-agnostic Core API shared by all Sui clients.
 - [SuiGrpcClient](./clients/grpc.md): Connect to Sui through gRPC with SuiGrpcClient.
 - [SuiGraphQLClient](./clients/graphql.md): Connect to Sui through GraphQL with SuiGraphQLClient.
 - [SuiJsonRpcClient](./clients/json-rpc.md): Connect to Sui through JSON-RPC with SuiJsonRpcClient.
-- [Sui Programmable Transaction Basics](./transaction-building/basics.md): Construct programmable transaction blocks with the Transaction API.
-- [Paying for Sui Transactions with Gas Coins](./transaction-building/gas.md): Configure gas budget, price, and coin selection for Sui transactions.
-- [Sponsored Transactions](./transaction-building/sponsored-transactions.md): Pay gas fees on behalf of other users with sponsored transactions.
-- [Building Offline](./transaction-building/offline.md): Build transactions without a network connection.
-- [Transaction Intents](./transaction-building/intents.md): Use high-level intents to simplify transaction building.
+- [Building Transactions](./transactions/basics.md): Construct programmable transaction blocks with the Transaction API
+- [Signing and Execution](./transactions/signing-and-execution.md): Sign transactions and execute them on the Sui network
+- [Coins and Balances](./transactions/coins-and-balances.md): Work with coin objects and address balances in transactions
+- [Commands and Inputs Reference](./transactions/reference.md): Complete reference for transaction commands and input types
+- [Building Offline](./transactions/offline.md): Build transactions without a network connection
 - [Key pairs](./cryptography/keypairs.md): Create and manage Ed25519, Secp256k1, and Secp256r1 keypairs for Sui transaction signing.
 - [Multi-Signature Transactions](./cryptography/multisig.md): Create multi-signature transactions with multiple signers on Sui.
 - [Passkey](./cryptography/passkey.md): Use WebAuthn passkeys for Sui transaction signing.

package/docs/migrations/0.38.md

@@ -13,7 +13,7 @@ earlier version of the SDK, there are some changes you should consider when upda
 
 The Sui TypeScript SDK is now divided into modular components. Before version 0.38.0, you imported
 the complete SDK module. Now, you upload the individual packages of the SDK module instead. See the
-[Module Packages section](#module-packages) for the list of packages.
+[Module Structure section](#module-structure) for the list of packages.
 
 ### Deprecated classes
 
@@ -40,7 +40,7 @@ The Sui TypeScript SDK deprecates the following classes with version 0.38.0:
 
 Signing and sending transactions changes slightly with the deprecation of the `Signer` pattern. For
 an example of transaction signing, see the
-[Sui Programmable Transaction Blocks Basics](/sui/transaction-building/basics) topic.
+[Sui Programmable Transaction Block Basics](/sui/transactions/basics) topic.
 
 ### Faucet requests
 

package/docs/migrations/sui-1.0.md

@@ -11,7 +11,7 @@ highlights:
 
 - [A new GraphQL Client for the newly released Sui GraphQL API](/sui/clients/graphql)
 - [New Transaction Executor classes for efficient Transaction execution](../executors)
-- [New Transaction Intents to simplify common transaction patterns](../transaction-building/intents)
+- [New Transaction Intents to simplify common transaction patterns](../transactions/coins-and-balances)
 - [A new Plugin system for Extending Transaction Building](../plugins)
 
 The majority of changes in this release are in the `@mysten/sui` package, but the changes to API
@@ -24,7 +24,7 @@ As part of the 1.0 release the `@mysten/sui.js` package has been renamed to `@my
 
 To upgrade to the new version, uninstall the old package and install the new one:
 
-```sh npm2yarn
+```npm
 npm uninstall @mysten/sui.js
 npm install @mysten/sui
 ```