npm - @notrace/stealth-sdk - Versions diffs - 1.0.0 - Mend

@notrace/stealth-sdk 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/dist/index.js ADDED Viewed

@@ -0,0 +1,317 @@
+import { ed25519 } from '@noble/curves/ed25519';
+import { sha512 } from '@noble/hashes/sha2';
+import { randomBytes } from '@noble/hashes/utils';
+// src/bytes.ts
+function concatBytes(...arrs) {
+  let total = 0;
+  for (const a of arrs) total += a.length;
+  const out = new Uint8Array(total);
+  let off = 0;
+  for (const a of arrs) {
+    out.set(a, off);
+    off += a.length;
+  }
+  return out;
+}
+function bytesToNumberLE(bytes) {
+  let n = 0n;
+  for (let i = bytes.length - 1; i >= 0; i--) {
+    n = n << 8n | BigInt(bytes[i]);
+  }
+  return n;
+}
+function numberToBytesLE(n, len) {
+  const out = new Uint8Array(len);
+  let x = BigInt(n);
+  for (let i = 0; i < len; i++) {
+    out[i] = Number(x & 0xffn);
+    x >>= 8n;
+  }
+  return out;
+}
+function bytesEqual(a, b) {
+  if (a.length !== b.length) return false;
+  for (let i = 0; i < a.length; i++) {
+    if (a[i] !== b[i]) return false;
+  }
+  return true;
+}
+// src/base58.ts
+var ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+var ALPHABET_MAP = (() => {
+  const m = new Int8Array(128).fill(-1);
+  for (let i = 0; i < ALPHABET.length; i++) m[ALPHABET.charCodeAt(i)] = i;
+  return m;
+})();
+function bs58encode(bytes) {
+  if (bytes.length === 0) return "";
+  let zeros = 0;
+  while (zeros < bytes.length && bytes[zeros] === 0) zeros++;
+  const size = (bytes.length - zeros) * 138 / 100 + 1 | 0;
+  const b58 = new Uint8Array(size);
+  let length = 0;
+  for (let i = zeros; i < bytes.length; i++) {
+    let carry = bytes[i];
+    let j = 0;
+    for (let k = size - 1; (carry !== 0 || j < length) && k >= 0; k--, j++) {
+      carry += 256 * b58[k];
+      b58[k] = carry % 58;
+      carry = carry / 58 | 0;
+    }
+    length = j;
+  }
+  let it = size - length;
+  while (it < size && b58[it] === 0) it++;
+  let out = "";
+  for (let i = 0; i < zeros; i++) out += "1";
+  for (; it < size; it++) out += ALPHABET[b58[it]];
+  return out;
+}
+function bs58decode(str) {
+  if (str.length === 0) return new Uint8Array(0);
+  let zeros = 0;
+  while (zeros < str.length && str[zeros] === "1") zeros++;
+  const size = (str.length - zeros) * 733 / 1e3 + 1 | 0;
+  const b256 = new Uint8Array(size);
+  let length = 0;
+  for (let i = zeros; i < str.length; i++) {
+    const code = str.charCodeAt(i);
+    const carryIn = code < 128 ? ALPHABET_MAP[code] : -1;
+    if (carryIn < 0) throw new Error(`Invalid base58 character at index ${i}`);
+    let carry = carryIn;
+    let j = 0;
+    for (let k = size - 1; (carry !== 0 || j < length) && k >= 0; k--, j++) {
+      carry += 58 * b256[k];
+      b256[k] = carry & 255;
+      carry >>= 8;
+    }
+    length = j;
+  }
+  let it = size - length;
+  while (it < size && b256[it] === 0) it++;
+  const out = new Uint8Array(zeros + (size - it));
+  let p = zeros;
+  while (it < size) out[p++] = b256[it++];
+  return out;
+}
+var Point = ed25519.ExtendedPoint;
+var L = ed25519.CURVE.n;
+function generateMetaKey() {
+  return metaFromSeed(randomBytes(32));
+}
+function metaFromSeed(seed) {
+  if (seed.length !== 32) {
+    throw new Error(`metaFromSeed: seed must be 32 bytes (got ${seed.length})`);
+  }
+  const h = sha512(seed);
+  const sb = new Uint8Array(h.slice(0, 32));
+  sb[0] &= 248;
+  sb[31] &= 127;
+  sb[31] |= 64;
+  const scalar = bytesToNumberLE(sb) % L;
+  const pub = Point.BASE.multiply(scalar).toRawBytes();
+  return { seed: new Uint8Array(seed), scalar, pub };
+}
+function pubFromScalar(scalar) {
+  return Point.BASE.multiply(scalar).toRawBytes();
+}
+var Point2 = ed25519.ExtendedPoint;
+var L2 = ed25519.CURVE.n;
+var VERSION_TAG = new TextEncoder().encode("notrace.v1.stealth");
+function modL(n) {
+  let r = n % L2;
+  if (r < 0n) r += L2;
+  return r;
+}
+function hash512ModL(input) {
+  return modL(bytesToNumberLE(sha512(input)));
+}
+function deriveStealthSender(metaPubBytes) {
+  if (metaPubBytes.length !== 32) {
+    throw new Error(`deriveStealthSender: meta_pub must be 32 bytes (got ${metaPubBytes.length})`);
+  }
+  const eph = metaFromSeed(randomBytes(32));
+  const metaPt = Point2.fromHex(metaPubBytes);
+  const sharedBytes = metaPt.multiply(eph.scalar).toRawBytes();
+  const tweak = hash512ModL(
+    concatBytes(VERSION_TAG, sharedBytes, eph.pub, metaPubBytes)
+  );
+  const stealthPt = metaPt.add(Point2.BASE.multiply(tweak));
+  const stealthPub = stealthPt.toRawBytes();
+  return { stealthPub, ephPub: eph.pub };
+}
+function recoverStealth(metaScalar, metaPubBytes, ephPubBytes) {
+  if (ephPubBytes.length !== 32) {
+    throw new Error(`recoverStealth: eph_pub must be 32 bytes (got ${ephPubBytes.length})`);
+  }
+  if (metaPubBytes.length !== 32) {
+    throw new Error(`recoverStealth: meta_pub must be 32 bytes (got ${metaPubBytes.length})`);
+  }
+  const ephPt = Point2.fromHex(ephPubBytes);
+  const sharedBytes = ephPt.multiply(metaScalar).toRawBytes();
+  const tweak = hash512ModL(
+    concatBytes(VERSION_TAG, sharedBytes, ephPubBytes, metaPubBytes)
+  );
+  const stealthScalar = modL(metaScalar + tweak);
+  const stealthPub = Point2.BASE.multiply(stealthScalar).toRawBytes();
+  return { stealthScalar, stealthPub };
+}
+var Point3 = ed25519.ExtendedPoint;
+var L3 = ed25519.CURVE.n;
+function modL2(n) {
+  let r = n % L3;
+  if (r < 0n) r += L3;
+  return r;
+}
+function hash512ModL2(input) {
+  return modL2(bytesToNumberLE(sha512(input)));
+}
+function signWithScalar(scalar, pubBytes, message) {
+  const prefix = randomBytes(32);
+  const r = hash512ModL2(concatBytes(prefix, pubBytes, message));
+  const R = Point3.BASE.multiply(r).toRawBytes();
+  const k = hash512ModL2(concatBytes(R, pubBytes, message));
+  const S = modL2(r + k * scalar);
+  return concatBytes(R, numberToBytesLE(S, 32));
+}
+function verify(sig, message, pubBytes) {
+  return ed25519.verify(sig, message, pubBytes);
+}
+// src/memo.ts
+var MEMO_PREFIX = "nt1:";
+var MEMO_PROGRAM_ID = "MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr";
+function encodeMemo(ephPubBytes) {
+  if (ephPubBytes.length !== 32) {
+    throw new Error(`encodeMemo: eph_pub must be 32 bytes (got ${ephPubBytes.length})`);
+  }
+  return MEMO_PREFIX + bs58encode(ephPubBytes);
+}
+function parseMemo(memoString) {
+  if (typeof memoString !== "string") return null;
+  if (!memoString.startsWith(MEMO_PREFIX)) return null;
+  const body = memoString.slice(MEMO_PREFIX.length).trim();
+  try {
+    const bytes = bs58decode(body);
+    if (bytes.length !== 32) return null;
+    return bytes;
+  } catch {
+    return null;
+  }
+}
+// src/payLink.ts
+var DEFAULT_ORIGIN = "https://notracesol.xyz";
+function makePayLink(metaPubBytes, origin = DEFAULT_ORIGIN) {
+  if (metaPubBytes.length !== 32) {
+    throw new Error(`makePayLink: meta_pub must be 32 bytes (got ${metaPubBytes.length})`);
+  }
+  const cleanOrigin = origin.replace(/\/+$/, "");
+  return `${cleanOrigin}/pay#m=${bs58encode(metaPubBytes)}`;
+}
+function parsePayLink(url) {
+  let parsed;
+  try {
+    parsed = new URL(url);
+  } catch {
+    return null;
+  }
+  const fragMatch = parsed.hash.match(/(?:^#|&)m=([1-9A-HJ-NP-Za-km-z]+)/);
+  const queryMatch = parsed.searchParams.get("m");
+  const encoded = fragMatch?.[1] ?? queryMatch;
+  if (!encoded) return null;
+  try {
+    const bytes = bs58decode(encoded);
+    return bytes.length === 32 ? bytes : null;
+  } catch {
+    return null;
+  }
+}
+// src/scan.ts
+async function scanForPayments(meta, rpc, opts = {}) {
+  const limit = opts.limit ?? 100;
+  const concurrency = Math.max(1, opts.concurrency ?? 5);
+  const seen = opts.alreadyScanned ?? /* @__PURE__ */ new Set();
+  const sigs = await rpc.getSignaturesForAddress(MEMO_PROGRAM_ID, {
+    limit,
+    ...opts.before ? { before: opts.before } : {}
+  });
+  const fresh = sigs.filter((s) => !seen.has(s.signature));
+  const matches = [];
+  for (let i = 0; i < fresh.length; i += concurrency) {
+    const batch = fresh.slice(i, i + concurrency);
+    const results = await Promise.allSettled(
+      batch.map((s) => checkSignature(s.signature, meta, rpc))
+    );
+    for (let j = 0; j < results.length; j++) {
+      const r = results[j];
+      const sig = batch[j].signature;
+      seen.add(sig);
+      if (r.status === "fulfilled" && r.value) matches.push(r.value);
+    }
+  }
+  return matches;
+}
+async function checkSignature(signature, meta, rpc) {
+  let tx;
+  try {
+    tx = await rpc.getParsedTransaction(signature, {
+      maxSupportedTransactionVersion: 0,
+      commitment: "confirmed"
+    });
+  } catch {
+    return null;
+  }
+  if (!tx || tx.meta?.err) return null;
+  const instrs = tx.transaction.message.instructions || [];
+  let memoString = null;
+  for (const ix of instrs) {
+    const pid = typeof ix.programId === "string" ? ix.programId : ix.programId?.toString();
+    if (pid !== MEMO_PROGRAM_ID) continue;
+    if (typeof ix.parsed === "string") {
+      memoString = ix.parsed;
+    } else if (ix.parsed && typeof ix.parsed === "object" && typeof ix.parsed.info === "string") {
+      memoString = ix.parsed.info;
+    } else if (typeof ix.data === "string") {
+      try {
+        memoString = new TextDecoder().decode(bs58decode(ix.data));
+      } catch {
+      }
+    }
+    if (memoString) break;
+  }
+  if (!memoString) return null;
+  const ephPub = parseMemo(memoString);
+  if (!ephPub) return null;
+  const { stealthScalar, stealthPub } = recoverStealth(meta.scalar, meta.pub, ephPub);
+  const expectedAddr = bs58encode(stealthPub);
+  for (const ix of instrs) {
+    const parsed = ix.parsed;
+    if (!parsed || typeof parsed !== "object") continue;
+    if (parsed.type !== "transfer") continue;
+    const info = parsed.info;
+    if (!info || typeof info !== "object") continue;
+    if (info.destination !== expectedAddr) continue;
+    return {
+      signature,
+      slot: tx.slot,
+      blockTimeMs: tx.blockTime ? tx.blockTime * 1e3 : null,
+      lamports: typeof info.lamports === "number" ? info.lamports : 0,
+      source: info.source ?? "",
+      stealthPub: expectedAddr,
+      stealthScalar,
+      ephPub: bs58encode(ephPub)
+    };
+  }
+  return null;
+}
+// src/index.ts
+var VERSION = "1.0.0";
+export { MEMO_PREFIX, MEMO_PROGRAM_ID, VERSION, bs58decode, bs58encode, bytesEqual, bytesToNumberLE, checkSignature, concatBytes, deriveStealthSender, encodeMemo, generateMetaKey, makePayLink, metaFromSeed, numberToBytesLE, parseMemo, parsePayLink, pubFromScalar, recoverStealth, scanForPayments, signWithScalar, verify };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/bytes.ts","../src/base58.ts","../src/keys.ts","../src/stealth.ts","../src/sign.ts","../src/memo.ts","../src/payLink.ts","../src/scan.ts","../src/index.ts"],"names":["Point","ed25519","L","sha512","randomBytes","modL","hash512ModL"],"mappings":";;;;;AAQO,SAAS,eAAe,IAAA,EAAgC;AAC7D,EAAA,IAAI,KAAA,GAAQ,CAAA;AACZ,EAAA,KAAA,MAAW,CAAA,IAAK,IAAA,EAAM,KAAA,IAAS,CAAA,CAAE,MAAA;AACjC,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,KAAK,CAAA;AAChC,EAAA,IAAI,GAAA,GAAM,CAAA;AACV,EAAA,KAAA,MAAW,KAAK,IAAA,EAAM;AACpB,IAAA,GAAA,CAAI,GAAA,CAAI,GAAG,GAAG,CAAA;AACd,IAAA,GAAA,IAAO,CAAA,CAAE,MAAA;AAAA,EACX;AACA,EAAA,OAAO,GAAA;AACT;AAGO,SAAS,gBAAgB,KAAA,EAA2B;AACzD,EAAA,IAAI,CAAA,GAAI,EAAA;AACR,EAAA,KAAA,IAAS,IAAI,KAAA,CAAM,MAAA,GAAS,CAAA,EAAG,CAAA,IAAK,GAAG,CAAA,EAAA,EAAK;AAC1C,IAAA,CAAA,GAAK,CAAA,IAAK,EAAA,GAAM,MAAA,CAAO,KAAA,CAAM,CAAC,CAAE,CAAA;AAAA,EAClC;AACA,EAAA,OAAO,CAAA;AACT;AAGO,SAAS,eAAA,CAAgB,GAAW,GAAA,EAAyB;AAClE,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,GAAG,CAAA;AAC9B,EAAA,IAAI,CAAA,GAAI,OAAO,CAAC,CAAA;AAChB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,GAAA,EAAK,CAAA,EAAA,EAAK;AAC5B,IAAA,GAAA,CAAI,CAAC,CAAA,GAAI,MAAA,CAAO,CAAA,GAAI,KAAK,CAAA;AACzB,IAAA,CAAA,KAAM,EAAA;AAAA,EACR;AACA,EAAA,OAAO,GAAA;AACT;AAGO,SAAS,UAAA,CAAW,GAAe,CAAA,EAAwB;AAChE,EAAA,IAAI,CAAA,CAAE,MAAA,KAAW,CAAA,CAAE,MAAA,EAAQ,OAAO,KAAA;AAClC,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,CAAE,QAAQ,CAAA,EAAA,EAAK;AACjC,IAAA,IAAI,EAAE,CAAC,CAAA,KAAM,CAAA,CAAE,CAAC,GAAG,OAAO,KAAA;AAAA,EAC5B;AACA,EAAA,OAAO,IAAA;AACT;;;ACzCA,IAAM,QAAA,GAAW,4DAAA;AAEjB,IAAM,gBAA2B,MAAM;AACrC,EAAA,MAAM,IAAI,IAAI,SAAA,CAAU,GAAG,CAAA,CAAE,KAAK,EAAE,CAAA;AACpC,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,QAAA,CAAS,MAAA,EAAQ,CAAA,EAAA,EAAK,CAAA,CAAE,QAAA,CAAS,UAAA,CAAW,CAAC,CAAC,CAAA,GAAI,CAAA;AACtE,EAAA,OAAO,CAAA;AACT,CAAA,GAAG;AAGI,SAAS,WAAW,KAAA,EAA2B;AACpD,EAAA,IAAI,KAAA,CAAM,MAAA,KAAW,CAAA,EAAG,OAAO,EAAA;AAC/B,EAAA,IAAI,KAAA,GAAQ,CAAA;AACZ,EAAA,OAAO,QAAQ,KAAA,CAAM,MAAA,IAAU,KAAA,CAAM,KAAK,MAAM,CAAA,EAAG,KAAA,EAAA;AACnD,EAAA,MAAM,QAAS,KAAA,CAAM,MAAA,GAAS,KAAA,IAAS,GAAA,GAAM,MAAM,CAAA,GAAK,CAAA;AACxD,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,IAAI,CAAA;AAC/B,EAAA,IAAI,MAAA,GAAS,CAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,KAAA,EAAO,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACzC,IAAA,IAAI,KAAA,GAAQ,MAAM,CAAC,CAAA;AACnB,IAAA,IAAI,CAAA,GAAI,CAAA;AACR,IAAA,KAAA,IAAS,CAAA,GAAI,IAAA,GAAO,CAAA,EAAA,CAAI,KAAA,KAAU,CAAA,IAAK,IAAI,MAAA,KAAW,CAAA,IAAK,CAAA,EAAG,CAAA,EAAA,EAAK,CAAA,EAAA,EAAK;AACtE,MAAA,KAAA,IAAS,GAAA,GAAM,IAAI,CAAC,CAAA;AACpB,MAAA,GAAA,CAAI,CAAC,IAAI,KAAA,GAAQ,EAAA;AACjB,MAAA,KAAA,GAAS,QAAQ,EAAA,GAAM,CAAA;AAAA,IACzB;AACA,IAAA,MAAA,GAAS,CAAA;AAAA,EACX;AACA,EAAA,IAAI,KAAK,IAAA,GAAO,MAAA;AAChB,EAAA,OAAO,EAAA,GAAK,IAAA,IAAQ,GAAA,CAAI,EAAE,MAAM,CAAA,EAAG,EAAA,EAAA;AACnC,EAAA,IAAI,GAAA,GAAM,EAAA;AACV,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,EAAO,KAAK,GAAA,IAAO,GAAA;AACvC,EAAA,OAAO,KAAK,IAAA,EAAM,EAAA,EAAA,SAAa,QAAA,CAAS,GAAA,CAAI,EAAE,CAAE,CAAA;AAChD,EAAA,OAAO,GAAA;AACT;AAGO,SAAS,WAAW,GAAA,EAAyB;AAClD,EAAA,IAAI,IAAI,MAAA,KAAW,CAAA,EAAG,OAAO,IAAI,WAAW,CAAC,CAAA;AAC7C,EAAA,IAAI,KAAA,GAAQ,CAAA;AACZ,EAAA,OAAO,QAAQ,GAAA,CAAI,MAAA,IAAU,GAAA,CAAI,KAAK,MAAM,GAAA,EAAK,KAAA,EAAA;AACjD,EAAA,MAAM,QAAS,GAAA,CAAI,MAAA,GAAS,KAAA,IAAS,GAAA,GAAM,MAAO,CAAA,GAAK,CAAA;AACvD,EAAA,MAAM,IAAA,GAAO,IAAI,UAAA,CAAW,IAAI,CAAA;AAChC,EAAA,IAAI,MAAA,GAAS,CAAA;AACb,EAAA,KAAA,IAAS,CAAA,GAAI,KAAA,EAAO,CAAA,GAAI,GAAA,CAAI,QAAQ,CAAA,EAAA,EAAK;AACvC,IAAA,MAAM,IAAA,GAAO,GAAA,CAAI,UAAA,CAAW,CAAC,CAAA;AAC7B,IAAA,MAAM,OAAA,GAAU,IAAA,GAAO,GAAA,GAAM,YAAA,CAAa,IAAI,CAAA,GAAK,EAAA;AACnD,IAAA,IAAI,UAAU,CAAA,EAAG,MAAM,IAAI,KAAA,CAAM,CAAA,kCAAA,EAAqC,CAAC,CAAA,CAAE,CAAA;AACzE,IAAA,IAAI,KAAA,GAAQ,OAAA;AACZ,IAAA,IAAI,CAAA,GAAI,CAAA;AACR,IAAA,KAAA,IAAS,CAAA,GAAI,IAAA,GAAO,CAAA,EAAA,CAAI,KAAA,KAAU,CAAA,IAAK,IAAI,MAAA,KAAW,CAAA,IAAK,CAAA,EAAG,CAAA,EAAA,EAAK,CAAA,EAAA,EAAK;AACtE,MAAA,KAAA,IAAS,EAAA,GAAK,KAAK,CAAC,CAAA;AACpB,MAAA,IAAA,CAAK,CAAC,IAAI,KAAA,GAAQ,GAAA;AAClB,MAAA,KAAA,KAAU,CAAA;AAAA,IACZ;AACA,IAAA,MAAA,GAAS,CAAA;AAAA,EACX;AACA,EAAA,IAAI,KAAK,IAAA,GAAO,MAAA;AAChB,EAAA,OAAO,EAAA,GAAK,IAAA,IAAQ,IAAA,CAAK,EAAE,MAAM,CAAA,EAAG,EAAA,EAAA;AACpC,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,KAAA,IAAS,OAAO,EAAA,CAAG,CAAA;AAC9C,EAAA,IAAI,CAAA,GAAI,KAAA;AACR,EAAA,OAAO,KAAK,IAAA,EAAM,GAAA,CAAI,CAAA,EAAG,CAAA,GAAI,KAAK,EAAA,EAAI,CAAA;AACtC,EAAA,OAAO,GAAA;AACT;ACjDA,IAAM,QAAQ,OAAA,CAAQ,aAAA;AACtB,IAAM,CAAA,GAAI,QAAQ,KAAA,CAAM,CAAA;AAajB,SAAS,eAAA,GAA2B;AACzC,EAAA,OAAO,YAAA,CAAa,WAAA,CAAY,EAAE,CAAC,CAAA;AACrC;AAQO,SAAS,aAAa,IAAA,EAA2B;AACtD,EAAA,IAAI,IAAA,CAAK,WAAW,EAAA,EAAI;AACtB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,yCAAA,EAA4C,IAAA,CAAK,MAAM,CAAA,CAAA,CAAG,CAAA;AAAA,EAC5E;AACA,EAAA,MAAM,CAAA,GAAI,OAAO,IAAI,CAAA;AACrB,EAAA,MAAM,KAAK,IAAI,UAAA,CAAW,EAAE,KAAA,CAAM,CAAA,EAAG,EAAE,CAAC,CAAA;AAExC,EAAA,EAAA,CAAG,CAAC,CAAA,IAAM,GAAA;AACV,EAAA,EAAA,CAAG,EAAE,CAAA,IAAM,GAAA;AACX,EAAA,EAAA,CAAG,EAAE,CAAA,IAAM,EAAA;AACX,EAAA,MAAM,MAAA,GAAS,eAAA,CAAgB,EAAE,CAAA,GAAI,CAAA;AACrC,EAAA,MAAM,MAAM,KAAA,CAAM,IAAA,CAAK,QAAA,CAAS,MAAM,EAAE,UAAA,EAAW;AAEnD,EAAA,OAAO,EAAE,IAAA,EAAM,IAAI,WAAW,IAAI,CAAA,EAAG,QAAQ,GAAA,EAAI;AACnD;AAGO,SAAS,cAAc,MAAA,EAA4B;AACxD,EAAA,OAAO,KAAA,CAAM,IAAA,CAAK,QAAA,CAAS,MAAM,EAAE,UAAA,EAAW;AAChD;ACvCA,IAAMA,SAAQC,OAAAA,CAAQ,aAAA;AACtB,IAAMC,EAAAA,GAAID,QAAQ,KAAA,CAAM,CAAA;AAExB,IAAM,WAAA,GAAc,IAAI,WAAA,EAAY,CAAE,OAAO,oBAAoB,CAAA;AAEjE,SAAS,KAAK,CAAA,EAAmB;AAC/B,EAAA,IAAI,IAAI,CAAA,GAAIC,EAAAA;AACZ,EAAA,IAAI,CAAA,GAAI,IAAI,CAAA,IAAKA,EAAAA;AACjB,EAAA,OAAO,CAAA;AACT;AAEA,SAAS,YAAY,KAAA,EAA2B;AAC9C,EAAA,OAAO,IAAA,CAAK,eAAA,CAAgBC,MAAAA,CAAO,KAAK,CAAC,CAAC,CAAA;AAC5C;AAuBO,SAAS,oBAAoB,YAAA,EAA4C;AAC9E,EAAA,IAAI,YAAA,CAAa,WAAW,EAAA,EAAI;AAC9B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,oDAAA,EAAuD,YAAA,CAAa,MAAM,CAAA,CAAA,CAAG,CAAA;AAAA,EAC/F;AAGA,EAAA,MAAM,GAAA,GAAM,YAAA,CAAaC,WAAAA,CAAY,EAAE,CAAC,CAAA;AAGxC,EAAA,MAAM,MAAA,GAASJ,MAAAA,CAAM,OAAA,CAAQ,YAAY,CAAA;AACzC,EAAA,MAAM,cAAc,MAAA,CAAO,QAAA,CAAS,GAAA,CAAI,MAAM,EAAE,UAAA,EAAW;AAG3D,EAAA,MAAM,KAAA,GAAQ,WAAA;AAAA,IACZ,WAAA,CAAY,WAAA,EAAa,WAAA,EAAa,GAAA,CAAI,KAAK,YAAY;AAAA,GAC7D;AAGA,EAAA,MAAM,YAAY,MAAA,CAAO,GAAA,CAAIA,OAAM,IAAA,CAAK,QAAA,CAAS,KAAK,CAAC,CAAA;AACvD,EAAA,MAAM,UAAA,GAAa,UAAU,UAAA,EAAW;AAExC,EAAA,OAAO,EAAE,UAAA,EAAY,MAAA,EAAQ,GAAA,CAAI,GAAA,EAAI;AACvC;AAsBO,SAAS,cAAA,CACd,UAAA,EACA,YAAA,EACA,WAAA,EACmB;AACnB,EAAA,IAAI,WAAA,CAAY,WAAW,EAAA,EAAI;AAC7B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,8CAAA,EAAiD,WAAA,CAAY,MAAM,CAAA,CAAA,CAAG,CAAA;AAAA,EACxF;AACA,EAAA,IAAI,YAAA,CAAa,WAAW,EAAA,EAAI;AAC9B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,+CAAA,EAAkD,YAAA,CAAa,MAAM,CAAA,CAAA,CAAG,CAAA;AAAA,EAC1F;AAEA,EAAA,MAAM,KAAA,GAAQA,MAAAA,CAAM,OAAA,CAAQ,WAAW,CAAA;AACvC,EAAA,MAAM,WAAA,GAAc,KAAA,CAAM,QAAA,CAAS,UAAU,EAAE,UAAA,EAAW;AAE1D,EAAA,MAAM,KAAA,GAAQ,WAAA;AAAA,IACZ,WAAA,CAAY,WAAA,EAAa,WAAA,EAAa,WAAA,EAAa,YAAY;AAAA,GACjE;AACA,EAAA,MAAM,aAAA,GAAgB,IAAA,CAAK,UAAA,GAAa,KAAK,CAAA;AAC7C,EAAA,MAAM,aAAaA,MAAAA,CAAM,IAAA,CAAK,QAAA,CAAS,aAAa,EAAE,UAAA,EAAW;AAEjE,EAAA,OAAO,EAAE,eAAe,UAAA,EAAW;AACrC;ACrGA,IAAMA,SAAQC,OAAAA,CAAQ,aAAA;AACtB,IAAMC,EAAAA,GAAID,QAAQ,KAAA,CAAM,CAAA;AAExB,SAASI,MAAK,CAAA,EAAmB;AAC/B,EAAA,IAAI,IAAI,CAAA,GAAIH,EAAAA;AACZ,EAAA,IAAI,CAAA,GAAI,IAAI,CAAA,IAAKA,EAAAA;AACjB,EAAA,OAAO,CAAA;AACT;AAEA,SAASI,aAAY,KAAA,EAA2B;AAC9C,EAAA,OAAOD,KAAAA,CAAK,eAAA,CAAgBF,MAAAA,CAAO,KAAK,CAAC,CAAC,CAAA;AAC5C;AASO,SAAS,cAAA,CACd,MAAA,EACA,QAAA,EACA,OAAA,EACY;AACZ,EAAA,MAAM,MAAA,GAASC,YAAY,EAAE,CAAA;AAC7B,EAAA,MAAM,IAAIE,YAAAA,CAAY,WAAA,CAAY,MAAA,EAAQ,QAAA,EAAU,OAAO,CAAC,CAAA;AAC5D,EAAA,MAAM,IAAIN,MAAAA,CAAM,IAAA,CAAK,QAAA,CAAS,CAAC,EAAE,UAAA,EAAW;AAC5C,EAAA,MAAM,IAAIM,YAAAA,CAAY,WAAA,CAAY,CAAA,EAAG,QAAA,EAAU,OAAO,CAAC,CAAA;AACvD,EAAA,MAAM,CAAA,GAAID,KAAAA,CAAK,CAAA,GAAI,CAAA,GAAI,MAAM,CAAA;AAC7B,EAAA,OAAO,WAAA,CAAY,CAAA,EAAG,eAAA,CAAgB,CAAA,EAAG,EAAE,CAAC,CAAA;AAC9C;AAGO,SAAS,MAAA,CACd,GAAA,EACA,OAAA,EACA,QAAA,EACS;AACT,EAAA,OAAOJ,OAAAA,CAAQ,MAAA,CAAO,GAAA,EAAK,OAAA,EAAS,QAAQ,CAAA;AAC9C;;;ACjDO,IAAM,WAAA,GAAc;AAGpB,IAAM,eAAA,GAAkB;AAMxB,SAAS,WAAW,WAAA,EAAiC;AAC1D,EAAA,IAAI,WAAA,CAAY,WAAW,EAAA,EAAI;AAC7B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0CAAA,EAA6C,WAAA,CAAY,MAAM,CAAA,CAAA,CAAG,CAAA;AAAA,EACpF;AACA,EAAA,OAAO,WAAA,GAAc,WAAW,WAAW,CAAA;AAC7C;AAOO,SAAS,UAAU,UAAA,EAAwC;AAChE,EAAA,IAAI,OAAO,UAAA,KAAe,QAAA,EAAU,OAAO,IAAA;AAC3C,EAAA,IAAI,CAAC,UAAA,CAAW,UAAA,CAAW,WAAW,GAAG,OAAO,IAAA;AAChD,EAAA,MAAM,OAAO,UAAA,CAAW,KAAA,CAAM,WAAA,CAAY,MAAM,EAAE,IAAA,EAAK;AACvD,EAAA,IAAI;AACF,IAAA,MAAM,KAAA,GAAQ,WAAW,IAAI,CAAA;AAC7B,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,EAAA,EAAI,OAAO,IAAA;AAChC,IAAA,OAAO,KAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;;;AC9BA,IAAM,cAAA,GAAiB,wBAAA;AAGhB,SAAS,WAAA,CAAY,YAAA,EAA0B,MAAA,GAAiB,cAAA,EAAwB;AAC7F,EAAA,IAAI,YAAA,CAAa,WAAW,EAAA,EAAI;AAC9B,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,4CAAA,EAA+C,YAAA,CAAa,MAAM,CAAA,CAAA,CAAG,CAAA;AAAA,EACvF;AACA,EAAA,MAAM,WAAA,GAAc,MAAA,CAAO,OAAA,CAAQ,MAAA,EAAQ,EAAE,CAAA;AAC7C,EAAA,OAAO,CAAA,EAAG,WAAW,CAAA,OAAA,EAAU,UAAA,CAAW,YAAY,CAAC,CAAA,CAAA;AACzD;AAMO,SAAS,aAAa,GAAA,EAAgC;AAC3D,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,IAAI,IAAI,GAAG,CAAA;AAAA,EACtB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,SAAA,GAAY,MAAA,CAAO,IAAA,CAAK,KAAA,CAAM,mCAAmC,CAAA;AACvE,EAAA,MAAM,UAAA,GAAa,MAAA,CAAO,YAAA,CAAa,GAAA,CAAI,GAAG,CAAA;AAC9C,EAAA,MAAM,OAAA,GAAU,SAAA,GAAY,CAAC,CAAA,IAAK,UAAA;AAClC,EAAA,IAAI,CAAC,SAAS,OAAO,IAAA;AACrB,EAAA,IAAI;AACF,IAAA,MAAM,KAAA,GAAQ,WAAW,OAAO,CAAA;AAChC,IAAA,OAAO,KAAA,CAAM,MAAA,KAAW,EAAA,GAAK,KAAA,GAAQ,IAAA;AAAA,EACvC,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACF;;;ACwDA,eAAsB,eAAA,CACpB,IAAA,EACA,GAAA,EACA,IAAA,GAAoB,EAAC,EACM;AAC3B,EAAA,MAAM,KAAA,GAAQ,KAAK,KAAA,IAAS,GAAA;AAC5B,EAAA,MAAM,cAAc,IAAA,CAAK,GAAA,CAAI,CAAA,EAAG,IAAA,CAAK,eAAe,CAAC,CAAA;AACrD,EAAA,MAAM,IAAA,GAAO,IAAA,CAAK,cAAA,oBAAkB,IAAI,GAAA,EAAY;AAEpD,EAAA,MAAM,IAAA,GAAO,MAAM,GAAA,CAAI,uBAAA,CAAwB,eAAA,EAAiB;AAAA,IAC9D,KAAA;AAAA,IACA,GAAI,KAAK,MAAA,GAAS,EAAE,QAAQ,IAAA,CAAK,MAAA,KAAW;AAAC,GAC9C,CAAA;AAED,EAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,MAAA,CAAO,CAAC,CAAA,KAAM,CAAC,IAAA,CAAK,GAAA,CAAI,CAAA,CAAE,SAAS,CAAC,CAAA;AACvD,EAAA,MAAM,UAA4B,EAAC;AAEnC,EAAA,KAAA,IAAS,IAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,MAAA,EAAQ,KAAK,WAAA,EAAa;AAClD,IAAA,MAAM,KAAA,GAAQ,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,IAAI,WAAW,CAAA;AAC5C,IAAA,MAAM,OAAA,GAAU,MAAM,OAAA,CAAQ,UAAA;AAAA,MAC5B,KAAA,CAAM,IAAI,CAAC,CAAA,KAAM,eAAe,CAAA,CAAE,SAAA,EAAW,IAAA,EAAM,GAAG,CAAC;AAAA,KACzD;AACA,IAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,OAAA,CAAQ,QAAQ,CAAA,EAAA,EAAK;AACvC,MAAA,MAAM,CAAA,GAAI,QAAQ,CAAC,CAAA;AACnB,MAAA,MAAM,GAAA,GAAM,KAAA,CAAM,CAAC,CAAA,CAAG,SAAA;AACtB,MAAA,IAAA,CAAK,IAAI,GAAG,CAAA;AACZ,MAAA,IAAI,CAAA,CAAE,WAAW,WAAA,IAAe,CAAA,CAAE,OAAO,OAAA,CAAQ,IAAA,CAAK,EAAE,KAAK,CAAA;AAAA,IAC/D;AAAA,EACF;AAEA,EAAA,OAAO,OAAA;AACT;AAOA,eAAsB,cAAA,CACpB,SAAA,EACA,IAAA,EACA,GAAA,EACgC;AAChC,EAAA,IAAI,EAAA;AACJ,EAAA,IAAI;AACF,IAAA,EAAA,GAAK,MAAM,GAAA,CAAI,oBAAA,CAAqB,SAAA,EAAW;AAAA,MAC7C,8BAAA,EAAgC,CAAA;AAAA,MAChC,UAAA,EAAY;AAAA,KACb,CAAA;AAAA,EACH,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,IAAA;AAAA,EACT;AACA,EAAA,IAAI,CAAC,EAAA,IAAM,EAAA,CAAG,IAAA,EAAM,KAAK,OAAO,IAAA;AAEhC,EAAA,MAAM,MAAA,GAAS,EAAA,CAAG,WAAA,CAAY,OAAA,CAAQ,gBAAgB,EAAC;AAGvD,EAAA,IAAI,UAAA,GAA4B,IAAA;AAChC,EAAA,KAAA,MAAW,MAAM,MAAA,EAAQ;AACvB,IAAA,MAAM,GAAA,GAAM,OAAO,EAAA,CAAG,SAAA,KAAc,WAAW,EAAA,CAAG,SAAA,GAAY,EAAA,CAAG,SAAA,EAAW,QAAA,EAAS;AACrF,IAAA,IAAI,QAAQ,eAAA,EAAiB;AAE7B,IAAA,IAAI,OAAO,EAAA,CAAG,MAAA,KAAW,QAAA,EAAU;AACjC,MAAA,UAAA,GAAa,EAAA,CAAG,MAAA;AAAA,IAClB,CAAA,MAAA,IAAW,EAAA,CAAG,MAAA,IAAU,OAAO,EAAA,CAAG,MAAA,KAAW,QAAA,IAAY,OAAO,EAAA,CAAG,MAAA,CAAO,IAAA,KAAS,QAAA,EAAU;AAC3F,MAAA,UAAA,GAAa,GAAG,MAAA,CAAO,IAAA;AAAA,IACzB,CAAA,MAAA,IAAW,OAAO,EAAA,CAAG,IAAA,KAAS,QAAA,EAAU;AACtC,MAAA,IAAI;AACF,QAAA,UAAA,GAAa,IAAI,WAAA,EAAY,CAAE,OAAO,UAAA,CAAW,EAAA,CAAG,IAAI,CAAC,CAAA;AAAA,MAC3D,CAAA,CAAA,MAAQ;AAAA,MAER;AAAA,IACF;AACA,IAAA,IAAI,UAAA,EAAY;AAAA,EAClB;AACA,EAAA,IAAI,CAAC,YAAY,OAAO,IAAA;AAExB,EAAA,MAAM,MAAA,GAAS,UAAU,UAAU,CAAA;AACnC,EAAA,IAAI,CAAC,QAAQ,OAAO,IAAA;AAGpB,EAAA,MAAM,EAAE,eAAe,UAAA,EAAW,GAAI,eAAe,IAAA,CAAK,MAAA,EAAQ,IAAA,CAAK,GAAA,EAAK,MAAM,CAAA;AAClF,EAAA,MAAM,YAAA,GAAe,WAAW,UAAU,CAAA;AAG1C,EAAA,KAAA,MAAW,MAAM,MAAA,EAAQ;AACvB,IAAA,MAAM,SAAS,EAAA,CAAG,MAAA;AAClB,IAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AAC3C,IAAA,IAAI,MAAA,CAAO,SAAS,UAAA,EAAY;AAChC,IAAA,MAAM,OAAO,MAAA,CAAO,IAAA;AACpB,IAAA,IAAI,CAAC,IAAA,IAAQ,OAAO,IAAA,KAAS,QAAA,EAAU;AACvC,IAAA,IAAI,IAAA,CAAK,gBAAgB,YAAA,EAAc;AAEvC,IAAA,OAAO;AAAA,MACL,SAAA;AAAA,MACA,MAAM,EAAA,CAAG,IAAA;AAAA,MACT,WAAA,EAAa,EAAA,CAAG,SAAA,GAAY,EAAA,CAAG,YAAY,GAAA,GAAO,IAAA;AAAA,MAClD,UAAU,OAAO,IAAA,CAAK,QAAA,KAAa,QAAA,GAAW,KAAK,QAAA,GAAW,CAAA;AAAA,MAC9D,MAAA,EAAQ,KAAK,MAAA,IAAU,EAAA;AAAA,MACvB,UAAA,EAAY,YAAA;AAAA,MACZ,aAAA;AAAA,MACA,MAAA,EAAQ,WAAW,MAAM;AAAA,KAC3B;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;;;AC/JO,IAAM,OAAA,GAAU","file":"index.js","sourcesContent":["/**\n * Byte/scalar helpers shared across the SDK.\n *\n * Kept dependency-free — no `Buffer`, no `bigint-buffer`. Works in browser,\n * Node 18+, Deno, and Bun without polyfills.\n */\n\n/** Concatenate any number of byte arrays into a single Uint8Array. */\nexport function concatBytes(...arrs: Uint8Array[]): Uint8Array {\n let total = 0;\n for (const a of arrs) total += a.length;\n const out = new Uint8Array(total);\n let off = 0;\n for (const a of arrs) {\n out.set(a, off);\n off += a.length;\n }\n return out;\n}\n\n/** Little-endian unsigned integer decode. */\nexport function bytesToNumberLE(bytes: Uint8Array): bigint {\n let n = 0n;\n for (let i = bytes.length - 1; i >= 0; i--) {\n n = (n << 8n) | BigInt(bytes[i]!);\n }\n return n;\n}\n\n/** Little-endian unsigned integer encode to a fixed length. */\nexport function numberToBytesLE(n: bigint, len: number): Uint8Array {\n const out = new Uint8Array(len);\n let x = BigInt(n);\n for (let i = 0; i < len; i++) {\n out[i] = Number(x & 0xffn);\n x >>= 8n;\n }\n return out;\n}\n\n/** Compare two Uint8Arrays for byte equality. */\nexport function bytesEqual(a: Uint8Array, b: Uint8Array): boolean {\n if (a.length !== b.length) return false;\n for (let i = 0; i < a.length; i++) {\n if (a[i] !== b[i]) return false;\n }\n return true;\n}\n","/**\n * Minimal base58 (Bitcoin/Solana alphabet) encoder/decoder.\n *\n * Zero-dep. Identical output to `bs58` and `@solana/web3.js` Address encoding.\n */\n\nconst ALPHABET = \"123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz\";\n\nconst ALPHABET_MAP: Int8Array = (() => {\n const m = new Int8Array(128).fill(-1);\n for (let i = 0; i < ALPHABET.length; i++) m[ALPHABET.charCodeAt(i)] = i;\n return m;\n})();\n\n/** Encode a byte array to a base58 string. */\nexport function bs58encode(bytes: Uint8Array): string {\n if (bytes.length === 0) return \"\";\n let zeros = 0;\n while (zeros < bytes.length && bytes[zeros] === 0) zeros++;\n const size = ((bytes.length - zeros) * 138 / 100 + 1) | 0;\n const b58 = new Uint8Array(size);\n let length = 0;\n for (let i = zeros; i < bytes.length; i++) {\n let carry = bytes[i]!;\n let j = 0;\n for (let k = size - 1; (carry !== 0 || j < length) && k >= 0; k--, j++) {\n carry += 256 * b58[k]!;\n b58[k] = carry % 58;\n carry = (carry / 58) | 0;\n }\n length = j;\n }\n let it = size - length;\n while (it < size && b58[it] === 0) it++;\n let out = \"\";\n for (let i = 0; i < zeros; i++) out += \"1\";\n for (; it < size; it++) out += ALPHABET[b58[it]!];\n return out;\n}\n\n/** Decode a base58 string back to bytes. Throws on invalid input. */\nexport function bs58decode(str: string): Uint8Array {\n if (str.length === 0) return new Uint8Array(0);\n let zeros = 0;\n while (zeros < str.length && str[zeros] === \"1\") zeros++;\n const size = ((str.length - zeros) * 733 / 1000 + 1) | 0;\n const b256 = new Uint8Array(size);\n let length = 0;\n for (let i = zeros; i < str.length; i++) {\n const code = str.charCodeAt(i);\n const carryIn = code < 128 ? ALPHABET_MAP[code]! : -1;\n if (carryIn < 0) throw new Error(`Invalid base58 character at index ${i}`);\n let carry = carryIn;\n let j = 0;\n for (let k = size - 1; (carry !== 0 || j < length) && k >= 0; k--, j++) {\n carry += 58 * b256[k]!;\n b256[k] = carry & 0xff;\n carry >>= 8;\n }\n length = j;\n }\n let it = size - length;\n while (it < size && b256[it] === 0) it++;\n const out = new Uint8Array(zeros + (size - it));\n let p = zeros;\n while (it < size) out[p++] = b256[it++]!;\n return out;\n}\n","/**\n * Meta-keypair generation and seed derivation.\n *\n * A NoTrace identity is a single ed25519 keypair (the *meta-key*). Its public\n * half is shared with payers — that's enough for them to derive a one-time\n * stealth address. Its private half (the *view+spend scalar*) is what lets the\n * recipient detect and claim incoming payments.\n *\n * Note: this is a non-hierarchical key. If you want separate view-only and\n * spend keys, derive them upstream from your own master secret and pass the\n * spend scalar in only when you need to sign.\n */\n\nimport { ed25519 } from \"@noble/curves/ed25519\";\nimport { sha512 } from \"@noble/hashes/sha2\";\nimport { randomBytes } from \"@noble/hashes/utils\";\nimport { bytesToNumberLE } from \"./bytes.js\";\n\nconst Point = ed25519.ExtendedPoint;\nconst L = ed25519.CURVE.n;\n\n/** A meta-keypair. `seed` and `scalar` are *secret*; only `pub` is shareable. */\nexport interface MetaKey {\n /** Original 32-byte random seed (kept for backup/export). */\n seed: Uint8Array;\n /** ed25519 scalar derived from the seed (in [0, L)). */\n scalar: bigint;\n /** 32-byte compressed ed25519 public point. Share this with payers. */\n pub: Uint8Array;\n}\n\n/** Generate a fresh random meta-keypair using `crypto.getRandomValues`. */\nexport function generateMetaKey(): MetaKey {\n return metaFromSeed(randomBytes(32));\n}\n\n/**\n * Deterministically derive a meta-keypair from a 32-byte seed.\n *\n * Performs the standard ed25519 clamping (RFC 8032 §5.1.5) so the scalar lands\n * in a valid range. Same `seed` → same `pub` forever.\n */\nexport function metaFromSeed(seed: Uint8Array): MetaKey {\n if (seed.length !== 32) {\n throw new Error(`metaFromSeed: seed must be 32 bytes (got ${seed.length})`);\n }\n const h = sha512(seed);\n const sb = new Uint8Array(h.slice(0, 32));\n // ed25519 clamping\n sb[0]! &= 248;\n sb[31]! &= 127;\n sb[31]! |= 64;\n const scalar = bytesToNumberLE(sb) % L;\n const pub = Point.BASE.multiply(scalar).toRawBytes();\n // Defensive copy of `seed` so callers can't mutate our state.\n return { seed: new Uint8Array(seed), scalar, pub };\n}\n\n/** Recompute the public point for a given scalar. */\nexport function pubFromScalar(scalar: bigint): Uint8Array {\n return Point.BASE.multiply(scalar).toRawBytes();\n}\n","/**\n * Stealth-address derivation and recovery.\n *\n * The protocol is ECDH-on-ed25519 with a scalar-tweak — the same shape used by\n * ERC-5564 and Umbra Cash, ported to Solana's native curve. Properties:\n *\n * - Sender derives a stealth address from the recipient's published `meta_pub`.\n * - Sender CANNOT recover the stealth private key (would need `meta_scalar`).\n * - Recipient scans memos and applies their `meta_scalar` to detect payments.\n * - The stealth pub is a normal ed25519 point → a valid Solana address.\n *\n * The \"version tag\" included in the tweak makes the protocol forward-compatible:\n * a future curve swap or hash change can ship a new tag without breaking\n * existing wallets.\n */\n\nimport { ed25519 } from \"@noble/curves/ed25519\";\nimport { sha512 } from \"@noble/hashes/sha2\";\nimport { randomBytes } from \"@noble/hashes/utils\";\nimport { bytesToNumberLE, concatBytes } from \"./bytes.js\";\nimport { metaFromSeed } from \"./keys.js\";\n\nconst Point = ed25519.ExtendedPoint;\nconst L = ed25519.CURVE.n;\n\nconst VERSION_TAG = new TextEncoder().encode(\"notrace.v1.stealth\");\n\nfunction modL(n: bigint): bigint {\n let r = n % L;\n if (r < 0n) r += L;\n return r;\n}\n\nfunction hash512ModL(input: Uint8Array): bigint {\n return modL(bytesToNumberLE(sha512(input)));\n}\n\n/** Result of a sender-side derivation. */\nexport interface SenderDerivation {\n /** The one-time stealth address (32-byte ed25519 pub) to send funds to. */\n stealthPub: Uint8Array;\n /** The ephemeral pub the sender must publish on-chain (e.g. in a memo). */\n ephPub: Uint8Array;\n}\n\n/**\n * SENDER side: derive a one-time stealth address from the recipient's meta-pub.\n *\n * eph_scalar, eph_pub = fresh ed25519 keypair\n * shared = eph_scalar × meta_pub (DH on ed25519)\n * tweak = SHA512(ver ‖ shared ‖ eph_pub ‖ meta_pub) mod L\n * stealth_pub = meta_pub + tweak × G (point addition)\n *\n * The sender publishes `eph_pub`; only the holder of `meta_scalar` can both\n * recover `stealth_scalar` and produce signatures over it.\n *\n * Safe to call from a hostile environment — no state is persisted.\n */\nexport function deriveStealthSender(metaPubBytes: Uint8Array): SenderDerivation {\n if (metaPubBytes.length !== 32) {\n throw new Error(`deriveStealthSender: meta_pub must be 32 bytes (got ${metaPubBytes.length})`);\n }\n\n // Fresh ephemeral keypair via the same clamping path as the meta-key.\n const eph = metaFromSeed(randomBytes(32));\n\n // DH on ed25519\n const metaPt = Point.fromHex(metaPubBytes);\n const sharedBytes = metaPt.multiply(eph.scalar).toRawBytes();\n\n // Tweak. Include all four inputs so the tweak is bound to this exact pairing.\n const tweak = hash512ModL(\n concatBytes(VERSION_TAG, sharedBytes, eph.pub, metaPubBytes)\n );\n\n // stealth_pub = meta_pub + tweak * G\n const stealthPt = metaPt.add(Point.BASE.multiply(tweak));\n const stealthPub = stealthPt.toRawBytes();\n\n return { stealthPub, ephPub: eph.pub };\n}\n\n/** Result of a recipient-side recovery — pub matches what the sender derived. */\nexport interface RecipientRecovery {\n /** The recovered scalar — secret. Use this to sign sweeps. */\n stealthScalar: bigint;\n /** The recovered pub — compare against the on-chain destination. */\n stealthPub: Uint8Array;\n}\n\n/**\n * RECIPIENT side: given your meta-key and an ephemeral pub from a memo, recover\n * the stealth keypair the sender derived.\n *\n * shared = meta_scalar × eph_pub (same point as sender's)\n * tweak = SHA512(ver ‖ shared ‖ eph_pub ‖ meta_pub) mod L\n * stealth_scalar = (meta_scalar + tweak) mod L\n * stealth_pub = stealth_scalar × G\n *\n * Compare the returned `stealthPub` against the SOL/SPL `destination` field of\n * the transaction containing the memo. A match means the payment is yours.\n */\nexport function recoverStealth(\n metaScalar: bigint,\n metaPubBytes: Uint8Array,\n ephPubBytes: Uint8Array\n): RecipientRecovery {\n if (ephPubBytes.length !== 32) {\n throw new Error(`recoverStealth: eph_pub must be 32 bytes (got ${ephPubBytes.length})`);\n }\n if (metaPubBytes.length !== 32) {\n throw new Error(`recoverStealth: meta_pub must be 32 bytes (got ${metaPubBytes.length})`);\n }\n\n const ephPt = Point.fromHex(ephPubBytes);\n const sharedBytes = ephPt.multiply(metaScalar).toRawBytes();\n\n const tweak = hash512ModL(\n concatBytes(VERSION_TAG, sharedBytes, ephPubBytes, metaPubBytes)\n );\n const stealthScalar = modL(metaScalar + tweak);\n const stealthPub = Point.BASE.multiply(stealthScalar).toRawBytes();\n\n return { stealthScalar, stealthPub };\n}\n","/**\n * ed25519 signing with a raw scalar (not a seed).\n *\n * Standard ed25519 sign-from-seed first hashes the seed and uses the upper half\n * as a deterministic nonce. Our stealth scalars are *derived*, not seeded — so\n * we use a Schnorr-style construction directly:\n *\n * r = SHA512(prefix ‖ pub ‖ msg) mod L where prefix is 32 fresh bytes\n * R = r × G\n * k = SHA512(R ‖ pub ‖ msg) mod L\n * S = (r + k × scalar) mod L\n * sig = R ‖ S (64 bytes, verifiable as ed25519)\n *\n * The random `prefix` is a hedge against bad randomness leaking the scalar via\n * a colliding `r`. In normal NoTrace use each stealth scalar signs at most one\n * sweep, so even non-hedged would be safe — we hedge anyway.\n */\n\nimport { ed25519 } from \"@noble/curves/ed25519\";\nimport { sha512 } from \"@noble/hashes/sha2\";\nimport { randomBytes } from \"@noble/hashes/utils\";\nimport { bytesToNumberLE, concatBytes, numberToBytesLE } from \"./bytes.js\";\n\nconst Point = ed25519.ExtendedPoint;\nconst L = ed25519.CURVE.n;\n\nfunction modL(n: bigint): bigint {\n let r = n % L;\n if (r < 0n) r += L;\n return r;\n}\n\nfunction hash512ModL(input: Uint8Array): bigint {\n return modL(bytesToNumberLE(sha512(input)));\n}\n\n/**\n * Produce a 64-byte ed25519 signature using a raw scalar.\n *\n * The resulting signature verifies against `pub = scalar × G` under the\n * standard ed25519 verify algorithm (e.g. `ed25519.verify` in @noble/curves,\n * or Solana's runtime).\n */\nexport function signWithScalar(\n scalar: bigint,\n pubBytes: Uint8Array,\n message: Uint8Array\n): Uint8Array {\n const prefix = randomBytes(32);\n const r = hash512ModL(concatBytes(prefix, pubBytes, message));\n const R = Point.BASE.multiply(r).toRawBytes();\n const k = hash512ModL(concatBytes(R, pubBytes, message));\n const S = modL(r + k * scalar);\n return concatBytes(R, numberToBytesLE(S, 32));\n}\n\n/** Re-export `ed25519.verify` for callers that don't want to import @noble directly. */\nexport function verify(\n sig: Uint8Array,\n message: Uint8Array,\n pubBytes: Uint8Array\n): boolean {\n return ed25519.verify(sig, message, pubBytes);\n}\n","/**\n * Memo-program encoding for the ephemeral pub.\n *\n * Every NoTrace payment carries a memo of the form `nt1:<bs58_eph_pub>`. The\n * recipient's scanner parses these out of memo-program instructions and feeds\n * them to `recoverStealth` to test for matches.\n *\n * The `nt1:` prefix makes the protocol forward-compatible: a future scheme can\n * use `nt2:` and old wallets will simply skip those memos.\n */\n\nimport { bs58decode, bs58encode } from \"./base58.js\";\n\n/** Current memo prefix. Bump when the on-chain wire format changes. */\nexport const MEMO_PREFIX = \"nt1:\";\n\n/** Solana's official Memo Program address (v2). Useful for filtering RPC calls. */\nexport const MEMO_PROGRAM_ID = \"MemoSq4gqABAXKb96qnH8TysNcWxMyWCqXgDLGmfcHr\";\n\n/**\n * Encode an ephemeral public key into a memo string for on-chain publication.\n * Output is ~48 chars (`nt1:` + 44-char base58).\n */\nexport function encodeMemo(ephPubBytes: Uint8Array): string {\n if (ephPubBytes.length !== 32) {\n throw new Error(`encodeMemo: eph_pub must be 32 bytes (got ${ephPubBytes.length})`);\n }\n return MEMO_PREFIX + bs58encode(ephPubBytes);\n}\n\n/**\n * Parse a memo string back into the ephemeral pub. Returns `null` for any\n * memo that doesn't start with the current prefix or fails to decode to 32\n * bytes — so the scanner can pipe every memo through this without try/catch.\n */\nexport function parseMemo(memoString: unknown): Uint8Array | null {\n if (typeof memoString !== \"string\") return null;\n if (!memoString.startsWith(MEMO_PREFIX)) return null;\n const body = memoString.slice(MEMO_PREFIX.length).trim();\n try {\n const bytes = bs58decode(body);\n if (bytes.length !== 32) return null;\n return bytes;\n } catch {\n return null;\n }\n}\n","/**\n * NoTrace pay-link helpers.\n *\n * A pay-link encodes a recipient's `meta_pub` in the URL fragment of a hosted\n * `/pay` page (default: https://notracesol.xyz/pay). The recipient shares the\n * link; the payer's browser derives a one-time address client-side and signs\n * the transfer through Phantom.\n *\n * Format: `https://<origin>/pay#m=<bs58(meta_pub)>`\n *\n * Using the URL fragment (after `#`) means the meta-pub never reaches the\n * NoTrace server — even the request log can't link payer to recipient.\n */\n\nimport { bs58decode, bs58encode } from \"./base58.js\";\n\nconst DEFAULT_ORIGIN = \"https://notracesol.xyz\";\n\n/** Build a `/pay` link for a given meta-pub. */\nexport function makePayLink(metaPubBytes: Uint8Array, origin: string = DEFAULT_ORIGIN): string {\n if (metaPubBytes.length !== 32) {\n throw new Error(`makePayLink: meta_pub must be 32 bytes (got ${metaPubBytes.length})`);\n }\n const cleanOrigin = origin.replace(/\\/+$/, \"\");\n return `${cleanOrigin}/pay#m=${bs58encode(metaPubBytes)}`;\n}\n\n/**\n * Parse a NoTrace pay-link and return the recipient meta-pub.\n * Returns `null` for any input that isn't a parseable NoTrace pay-link.\n */\nexport function parsePayLink(url: string): Uint8Array | null {\n let parsed: URL;\n try {\n parsed = new URL(url);\n } catch {\n return null;\n }\n // Accept both `#m=...` (fragment) and `?m=...` (query) for robustness.\n const fragMatch = parsed.hash.match(/(?:^#|&)m=([1-9A-HJ-NP-Za-km-z]+)/);\n const queryMatch = parsed.searchParams.get(\"m\");\n const encoded = fragMatch?.[1] ?? queryMatch;\n if (!encoded) return null;\n try {\n const bytes = bs58decode(encoded);\n return bytes.length === 32 ? bytes : null;\n } catch {\n return null;\n }\n}\n","/**\n * Memo-program scanner — find incoming stealth payments addressed to you.\n *\n * Standalone (no `@solana/web3.js` dependency at type-level): the scanner takes\n * a small `RpcLike` interface so it composes with any RPC client — a real\n * `Connection` from web3.js, a mock for tests, or a thin HTTP wrapper.\n *\n * Algorithm per scanned signature:\n *\n * 1. Fetch the parsed tx.\n * 2. Find a Memo-program instruction; extract the memo string.\n * 3. `parseMemo(...)` → 32-byte `eph_pub` (skip if not an `nt1:` memo).\n * 4. `recoverStealth(meta_scalar, meta_pub, eph_pub)` → expected `stealth_pub`.\n * 5. Look for a SystemProgram `transfer` whose `destination` matches; if so,\n * it's a payment to you.\n */\n\nimport { bs58decode, bs58encode } from \"./base58.js\";\nimport type { MetaKey } from \"./keys.js\";\nimport { MEMO_PROGRAM_ID, parseMemo } from \"./memo.js\";\nimport { recoverStealth } from \"./stealth.js\";\n\n/** Minimal shape we need from an RPC client. */\nexport interface RpcLike {\n /**\n * Return signatures touching `address`, newest first. Slot/blockTime are\n * optional but recommended for ordering and display.\n */\n getSignaturesForAddress(\n address: string,\n opts?: { limit?: number; before?: string; until?: string }\n ): Promise<Array<{ signature: string; slot?: number; blockTime?: number | null }>>;\n\n /**\n * Return a parsed transaction. The shape matches web3.js's\n * `getParsedTransaction` for the fields the scanner actually reads.\n */\n getParsedTransaction(\n signature: string,\n opts?: { maxSupportedTransactionVersion?: number; commitment?: string }\n ): Promise<ParsedTransactionLike | null>;\n}\n\n/** Minimal parsed-tx shape required by the scanner. */\nexport interface ParsedTransactionLike {\n slot?: number;\n blockTime?: number | null;\n meta?: { err?: unknown } | null;\n transaction: {\n message: {\n instructions: Array<ParsedInstructionLike>;\n };\n };\n}\n\nexport interface ParsedInstructionLike {\n programId?: { toString(): string } | string;\n /** Memo program may surface the memo here as a string. */\n parsed?:\n | string\n | {\n type?: string;\n info?: { destination?: string; source?: string; lamports?: number } | string;\n };\n /** Raw memo bytes (base58-encoded) if the program is not parsed. */\n data?: string;\n}\n\n/** A successfully-matched stealth payment. */\nexport interface StealthPayment {\n /** Transaction signature on Solana. */\n signature: string;\n /** Slot the tx landed in (if the RPC returned it). */\n slot?: number;\n /** Block timestamp in **ms** since epoch (or `null` if RPC didn't supply). */\n blockTimeMs?: number | null;\n /** Lamports received at the stealth address. */\n lamports: number;\n /** Source wallet (the payer). */\n source: string;\n /** Stealth address (base58). */\n stealthPub: string;\n /** Secret stealth scalar — needed to sign sweeps. Treat as private key. */\n stealthScalar: bigint;\n /** Ephemeral pub from the memo (base58). */\n ephPub: string;\n}\n\nexport interface ScanOptions {\n /** How many signatures to pull from the memo program per batch. Default 100. */\n limit?: number;\n /** Concurrent `getParsedTransaction` calls. Default 5 (RPC-friendly). */\n concurrency?: number;\n /** Cursor for pagination — fetch sigs older than this signature. */\n before?: string;\n /** Already-scanned signatures to skip. */\n alreadyScanned?: Set<string>;\n}\n\n/**\n * Scan the memo program for new stealth payments addressed to `meta`.\n *\n * Returns *only the matches*. Updates `alreadyScanned` (if provided) in-place\n * so subsequent calls can resume without re-checking.\n */\nexport async function scanForPayments(\n meta: Pick<MetaKey, \"scalar\" | \"pub\">,\n rpc: RpcLike,\n opts: ScanOptions = {}\n): Promise<StealthPayment[]> {\n const limit = opts.limit ?? 100;\n const concurrency = Math.max(1, opts.concurrency ?? 5);\n const seen = opts.alreadyScanned ?? new Set<string>();\n\n const sigs = await rpc.getSignaturesForAddress(MEMO_PROGRAM_ID, {\n limit,\n ...(opts.before ? { before: opts.before } : {}),\n });\n\n const fresh = sigs.filter((s) => !seen.has(s.signature));\n const matches: StealthPayment[] = [];\n\n for (let i = 0; i < fresh.length; i += concurrency) {\n const batch = fresh.slice(i, i + concurrency);\n const results = await Promise.allSettled(\n batch.map((s) => checkSignature(s.signature, meta, rpc))\n );\n for (let j = 0; j < results.length; j++) {\n const r = results[j]!;\n const sig = batch[j]!.signature;\n seen.add(sig);\n if (r.status === \"fulfilled\" && r.value) matches.push(r.value);\n }\n }\n\n return matches;\n}\n\n/**\n * Check a single signature for a stealth payment to `meta`. Returns the\n * payment if matched, `null` otherwise. Exposed so callers can wire their own\n * scanning loop (e.g. with subscribe/webhook flows instead of polling).\n */\nexport async function checkSignature(\n signature: string,\n meta: Pick<MetaKey, \"scalar\" | \"pub\">,\n rpc: RpcLike\n): Promise<StealthPayment | null> {\n let tx: ParsedTransactionLike | null;\n try {\n tx = await rpc.getParsedTransaction(signature, {\n maxSupportedTransactionVersion: 0,\n commitment: \"confirmed\",\n });\n } catch {\n return null;\n }\n if (!tx || tx.meta?.err) return null;\n\n const instrs = tx.transaction.message.instructions || [];\n\n // 1. Find the memo string.\n let memoString: string | null = null;\n for (const ix of instrs) {\n const pid = typeof ix.programId === \"string\" ? ix.programId : ix.programId?.toString();\n if (pid !== MEMO_PROGRAM_ID) continue;\n\n if (typeof ix.parsed === \"string\") {\n memoString = ix.parsed;\n } else if (ix.parsed && typeof ix.parsed === \"object\" && typeof ix.parsed.info === \"string\") {\n memoString = ix.parsed.info;\n } else if (typeof ix.data === \"string\") {\n try {\n memoString = new TextDecoder().decode(bs58decode(ix.data));\n } catch {\n /* ignore unparseable memo */\n }\n }\n if (memoString) break;\n }\n if (!memoString) return null;\n\n const ephPub = parseMemo(memoString);\n if (!ephPub) return null;\n\n // 2. Recover the expected stealth address.\n const { stealthScalar, stealthPub } = recoverStealth(meta.scalar, meta.pub, ephPub);\n const expectedAddr = bs58encode(stealthPub);\n\n // 3. Find a transfer to that address.\n for (const ix of instrs) {\n const parsed = ix.parsed;\n if (!parsed || typeof parsed !== \"object\") continue;\n if (parsed.type !== \"transfer\") continue;\n const info = parsed.info;\n if (!info || typeof info !== \"object\") continue;\n if (info.destination !== expectedAddr) continue;\n\n return {\n signature,\n slot: tx.slot,\n blockTimeMs: tx.blockTime ? tx.blockTime * 1000 : null,\n lamports: typeof info.lamports === \"number\" ? info.lamports : 0,\n source: info.source ?? \"\",\n stealthPub: expectedAddr,\n stealthScalar,\n ephPub: bs58encode(ephPub),\n };\n }\n\n return null;\n}\n","/**\n * @notrace/stealth-sdk\n *\n * Real stealth addresses on Solana. ECDH-derived one-time addresses on\n * ed25519, view-key recoverable, with a Memo-program footprint.\n *\n * Extracted from the production NoTrace wallet (https://notracesol.xyz).\n *\n * Quick start:\n *\n * import {\n * generateMetaKey, deriveStealthSender, recoverStealth,\n * encodeMemo, parseMemo, makePayLink, scanForPayments,\n * } from \"@notrace/stealth-sdk\";\n *\n * See README.md for end-to-end examples.\n */\n\n// Byte helpers (useful for callers building their own pipelines).\nexport { bytesEqual, bytesToNumberLE, concatBytes, numberToBytesLE } from \"./bytes.js\";\n\n// Base58 (Solana's address alphabet).\nexport { bs58decode, bs58encode } from \"./base58.js\";\n\n// Meta-keypair generation and derivation.\nexport type { MetaKey } from \"./keys.js\";\nexport { generateMetaKey, metaFromSeed, pubFromScalar } from \"./keys.js\";\n\n// Stealth derivation (sender) and recovery (recipient).\nexport type { RecipientRecovery, SenderDerivation } from \"./stealth.js\";\nexport { deriveStealthSender, recoverStealth } from \"./stealth.js\";\n\n// Signing — produce ed25519 sigs from a raw stealth scalar.\nexport { signWithScalar, verify } from \"./sign.js\";\n\n// Memo encoding for on-chain publication of the ephemeral pub.\nexport { MEMO_PREFIX, MEMO_PROGRAM_ID, encodeMemo, parseMemo } from \"./memo.js\";\n\n// Pay-link helpers.\nexport { makePayLink, parsePayLink } from \"./payLink.js\";\n\n// Inbox scanner — find payments addressed to your meta-key.\nexport type {\n ParsedInstructionLike,\n ParsedTransactionLike,\n RpcLike,\n ScanOptions,\n StealthPayment,\n} from \"./scan.js\";\nexport { checkSignature, scanForPayments } from \"./scan.js\";\n\n/** Package version, kept in sync with `package.json`. */\nexport const VERSION = \"1.0.0\";\n"]}

package/package.json ADDED Viewed

@@ -0,0 +1,71 @@
+{
+  "name": "@notrace/stealth-sdk",
+  "version": "1.0.0",
+  "description": "Real stealth addresses on Solana. ECDH-derived one-time addresses on ed25519, view-key recoverable, with a Memo-program footprint. Extracted from the production NoTrace wallet.",
+  "keywords": [
+    "solana",
+    "stealth-address",
+    "ecdh",
+    "ed25519",
+    "privacy",
+    "crypto",
+    "wallet"
+  ],
+  "homepage": "https://notracesol.xyz",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/NoTraceSol/stealth-sdk.git"
+  },
+  "bugs": "https://github.com/NoTraceSol/stealth-sdk/issues",
+  "author": "NoTrace",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist",
+    "src",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "npm run typecheck && npm test && npm run build"
+  },
+  "dependencies": {
+    "@noble/curves": "^1.6.0",
+    "@noble/hashes": "^1.5.0"
+  },
+  "peerDependencies": {
+    "@solana/web3.js": "^1.95.0"
+  },
+  "peerDependenciesMeta": {
+    "@solana/web3.js": {
+      "optional": true
+    }
+  },
+  "devDependencies": {
+    "@solana/web3.js": "^1.95.3",
+    "tsup": "^8.3.0",
+    "typescript": "^5.6.0",
+    "vitest": "^2.1.0"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "sideEffects": false,
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/src/base58.ts ADDED Viewed

@@ -0,0 +1,68 @@
+/**
+ * Minimal base58 (Bitcoin/Solana alphabet) encoder/decoder.
+ *
+ * Zero-dep. Identical output to `bs58` and `@solana/web3.js` Address encoding.
+ */
+const ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+const ALPHABET_MAP: Int8Array = (() => {
+  const m = new Int8Array(128).fill(-1);
+  for (let i = 0; i < ALPHABET.length; i++) m[ALPHABET.charCodeAt(i)] = i;
+  return m;
+})();
+/** Encode a byte array to a base58 string. */
+export function bs58encode(bytes: Uint8Array): string {
+  if (bytes.length === 0) return "";
+  let zeros = 0;
+  while (zeros < bytes.length && bytes[zeros] === 0) zeros++;
+  const size = ((bytes.length - zeros) * 138 / 100 + 1) | 0;
+  const b58 = new Uint8Array(size);
+  let length = 0;
+  for (let i = zeros; i < bytes.length; i++) {
+    let carry = bytes[i]!;
+    let j = 0;
+    for (let k = size - 1; (carry !== 0 || j < length) && k >= 0; k--, j++) {
+      carry += 256 * b58[k]!;
+      b58[k] = carry % 58;
+      carry = (carry / 58) | 0;
+    }
+    length = j;
+  }
+  let it = size - length;
+  while (it < size && b58[it] === 0) it++;
+  let out = "";
+  for (let i = 0; i < zeros; i++) out += "1";
+  for (; it < size; it++) out += ALPHABET[b58[it]!];
+  return out;
+}
+/** Decode a base58 string back to bytes. Throws on invalid input. */
+export function bs58decode(str: string): Uint8Array {
+  if (str.length === 0) return new Uint8Array(0);
+  let zeros = 0;
+  while (zeros < str.length && str[zeros] === "1") zeros++;
+  const size = ((str.length - zeros) * 733 / 1000 + 1) | 0;
+  const b256 = new Uint8Array(size);
+  let length = 0;
+  for (let i = zeros; i < str.length; i++) {
+    const code = str.charCodeAt(i);
+    const carryIn = code < 128 ? ALPHABET_MAP[code]! : -1;
+    if (carryIn < 0) throw new Error(`Invalid base58 character at index ${i}`);
+    let carry = carryIn;
+    let j = 0;
+    for (let k = size - 1; (carry !== 0 || j < length) && k >= 0; k--, j++) {
+      carry += 58 * b256[k]!;
+      b256[k] = carry & 0xff;
+      carry >>= 8;
+    }
+    length = j;
+  }
+  let it = size - length;
+  while (it < size && b256[it] === 0) it++;
+  const out = new Uint8Array(zeros + (size - it));
+  let p = zeros;
+  while (it < size) out[p++] = b256[it++]!;
+  return out;
+}

package/src/bytes.ts ADDED Viewed

@@ -0,0 +1,48 @@
+/**
+ * Byte/scalar helpers shared across the SDK.
+ *
+ * Kept dependency-free — no `Buffer`, no `bigint-buffer`. Works in browser,
+ * Node 18+, Deno, and Bun without polyfills.
+ */
+/** Concatenate any number of byte arrays into a single Uint8Array. */
+export function concatBytes(...arrs: Uint8Array[]): Uint8Array {
+  let total = 0;
+  for (const a of arrs) total += a.length;
+  const out = new Uint8Array(total);
+  let off = 0;
+  for (const a of arrs) {
+    out.set(a, off);
+    off += a.length;
+  }
+  return out;
+}
+/** Little-endian unsigned integer decode. */
+export function bytesToNumberLE(bytes: Uint8Array): bigint {
+  let n = 0n;
+  for (let i = bytes.length - 1; i >= 0; i--) {
+    n = (n << 8n) | BigInt(bytes[i]!);
+  }
+  return n;
+}
+/** Little-endian unsigned integer encode to a fixed length. */
+export function numberToBytesLE(n: bigint, len: number): Uint8Array {
+  const out = new Uint8Array(len);
+  let x = BigInt(n);
+  for (let i = 0; i < len; i++) {
+    out[i] = Number(x & 0xffn);
+    x >>= 8n;
+  }
+  return out;
+}
+/** Compare two Uint8Arrays for byte equality. */
+export function bytesEqual(a: Uint8Array, b: Uint8Array): boolean {
+  if (a.length !== b.length) return false;
+  for (let i = 0; i < a.length; i++) {
+    if (a[i] !== b[i]) return false;
+  }
+  return true;
+}

package/src/index.ts ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * @notrace/stealth-sdk
+ *
+ * Real stealth addresses on Solana. ECDH-derived one-time addresses on
+ * ed25519, view-key recoverable, with a Memo-program footprint.
+ *
+ * Extracted from the production NoTrace wallet (https://notracesol.xyz).
+ *
+ * Quick start:
+ *
+ *     import {
+ *       generateMetaKey, deriveStealthSender, recoverStealth,
+ *       encodeMemo, parseMemo, makePayLink, scanForPayments,
+ *     } from "@notrace/stealth-sdk";
+ *
+ * See README.md for end-to-end examples.
+ */
+// Byte helpers (useful for callers building their own pipelines).
+export { bytesEqual, bytesToNumberLE, concatBytes, numberToBytesLE } from "./bytes.js";
+// Base58 (Solana's address alphabet).
+export { bs58decode, bs58encode } from "./base58.js";
+// Meta-keypair generation and derivation.
+export type { MetaKey } from "./keys.js";
+export { generateMetaKey, metaFromSeed, pubFromScalar } from "./keys.js";
+// Stealth derivation (sender) and recovery (recipient).
+export type { RecipientRecovery, SenderDerivation } from "./stealth.js";
+export { deriveStealthSender, recoverStealth } from "./stealth.js";
+// Signing — produce ed25519 sigs from a raw stealth scalar.
+export { signWithScalar, verify } from "./sign.js";
+// Memo encoding for on-chain publication of the ephemeral pub.
+export { MEMO_PREFIX, MEMO_PROGRAM_ID, encodeMemo, parseMemo } from "./memo.js";
+// Pay-link helpers.
+export { makePayLink, parsePayLink } from "./payLink.js";
+// Inbox scanner — find payments addressed to your meta-key.
+export type {
+  ParsedInstructionLike,
+  ParsedTransactionLike,
+  RpcLike,
+  ScanOptions,
+  StealthPayment,
+} from "./scan.js";
+export { checkSignature, scanForPayments } from "./scan.js";
+/** Package version, kept in sync with `package.json`. */
+export const VERSION = "1.0.0";