npm - @obelyzk/sdk - Versions diffs - 1.0.0 → 1.1.0 - Mend

@obelyzk/sdk 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/obelysk/index.js CHANGED Viewed

@@ -23,7 +23,9 @@ __export(obelysk_exports, {
   CURVE_ORDER: () => CURVE_ORDER,
   ConfidentialTransferClient: () => ConfidentialTransferClient,
   DARKPOOL_ASSET_IDS: () => DARKPOOL_ASSET_IDS,
+  DENOMINATION_BY_SYMBOL: () => DENOMINATION_BY_SYMBOL,
   DarkPoolClient: () => DarkPoolClient,
+  ETH_DENOMINATIONS: () => ETH_DENOMINATIONS,
   FIELD_PRIME: () => FIELD_PRIME,
   GENERATOR_G: () => GENERATOR_G,
   GENERATOR_H: () => GENERATOR_H,
@@ -38,27 +40,36 @@ __export(obelysk_exports, {
   PrivacyPoolClient: () => PrivacyPoolClient,
   PrivacyRouterClient: () => PrivacyRouterClient,
   ProverStakingClient: () => ProverStakingClient,
+  SAGE_DENOMINATIONS: () => SAGE_DENOMINATIONS,
+  STRK_DENOMINATIONS: () => STRK_DENOMINATIONS,
   ShieldedSwapClient: () => ShieldedSwapClient,
   StealthClient: () => StealthClient,
   TOKEN_DECIMALS: () => TOKEN_DECIMALS,
+  USDC_DENOMINATIONS: () => USDC_DENOMINATIONS,
   VM31BridgeClient: () => VM31BridgeClient,
   VM31VaultClient: () => VM31VaultClient,
   VM31_ASSET_IDS: () => VM31_ASSET_IDS,
+  VM31_DENOMINATIONS: () => VM31_DENOMINATIONS,
+  WBTC_DENOMINATIONS: () => WBTC_DENOMINATIONS,
   commitmentToHash: () => commitmentToHash,
   createAEHint: () => createAEHint,
   createEncryptionProof: () => createEncryptionProof,
   deriveNullifier: () => deriveNullifier,
   ecAdd: () => ecAdd2,
   ecMul: () => ecMul2,
+  eciesEncrypt: () => eciesEncrypt,
   elgamalEncrypt: () => elgamalEncrypt,
   formatAmount: () => formatAmount,
   getContracts: () => getContracts,
+  getDenominations: () => getDenominations,
   getRpcUrl: () => getRpcUrl,
   mod: () => mod,
   modInverse: () => modInverse,
   parseAmount: () => parseAmount,
   pedersenCommit: () => pedersenCommit,
-  randomScalar: () => randomScalar2
+  randomScalar: () => randomScalar2,
+  splitIntoDenominations: () => splitIntoDenominations,
+  validateDenomination: () => validateDenomination
 });
 module.exports = __toCommonJS(obelysk_exports);
@@ -2104,6 +2115,225 @@ var ShieldedSwapClient = class {
   }
 };
+// src/obelysk/ecies.ts
+var HKDF_INFO = "obelysk-ecies-v1";
+var ECIES_VERSION = 1;
+async function eciesEncrypt(payload, relayerPubkeyHex) {
+  const subtle = getCrypto();
+  const relayerPubkeyBytes = hexToBytes(relayerPubkeyHex);
+  if (relayerPubkeyBytes.length !== 32) {
+    throw new Error(`Invalid relayer public key length: ${relayerPubkeyBytes.length} (expected 32)`);
+  }
+  const relayerPubkey = await subtle.importKey(
+    "raw",
+    relayerPubkeyBytes.buffer,
+    { name: "X25519" },
+    false,
+    []
+  );
+  const ephemeralKeyPair = await subtle.generateKey(
+    { name: "X25519" },
+    true,
+    ["deriveBits"]
+  );
+  const sharedBits = await subtle.deriveBits(
+    { name: "X25519", public: relayerPubkey },
+    ephemeralKeyPair.privateKey,
+    256
+  );
+  const sharedKey = await subtle.importKey(
+    "raw",
+    sharedBits,
+    { name: "HKDF" },
+    false,
+    ["deriveKey"]
+  );
+  const aesKey = await subtle.deriveKey(
+    {
+      name: "HKDF",
+      hash: "SHA-256",
+      salt: new ArrayBuffer(0),
+      info: new TextEncoder().encode(HKDF_INFO)
+    },
+    sharedKey,
+    { name: "AES-GCM", length: 256 },
+    false,
+    ["encrypt"]
+  );
+  const nonce = getRandomBytes(12);
+  const plaintext = new TextEncoder().encode(JSON.stringify(payload));
+  const ciphertext = await subtle.encrypt(
+    { name: "AES-GCM", iv: nonce },
+    aesKey,
+    plaintext
+  );
+  const ephPubRaw = await subtle.exportKey("raw", ephemeralKeyPair.publicKey);
+  return {
+    ephemeral_pubkey: bytesToHex(new Uint8Array(ephPubRaw)),
+    ciphertext: bytesToBase64(new Uint8Array(ciphertext)),
+    nonce: bytesToHex(nonce),
+    version: ECIES_VERSION
+  };
+}
+function getCrypto() {
+  if (typeof globalThis.crypto?.subtle !== "undefined") {
+    return globalThis.crypto.subtle;
+  }
+  try {
+    const { webcrypto } = require("crypto");
+    return webcrypto.subtle;
+  } catch {
+    throw new Error("ECIES requires Web Crypto API (Node 20+ or a modern browser)");
+  }
+}
+function getRandomBytes(n) {
+  if (typeof globalThis.crypto?.getRandomValues !== "undefined") {
+    return globalThis.crypto.getRandomValues(new Uint8Array(n));
+  }
+  const { randomBytes: randomBytes2 } = require("crypto");
+  return new Uint8Array(randomBytes2(n));
+}
+function hexToBytes(hex) {
+  const clean = hex.startsWith("0x") ? hex.slice(2) : hex;
+  const bytes = new Uint8Array(clean.length / 2);
+  for (let i = 0; i < bytes.length; i++) {
+    bytes[i] = parseInt(clean.slice(i * 2, i * 2 + 2), 16);
+  }
+  return bytes;
+}
+function bytesToHex(bytes) {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function bytesToBase64(bytes) {
+  if (typeof btoa === "function") {
+    return btoa(String.fromCharCode(...bytes));
+  }
+  return Buffer.from(bytes).toString("base64");
+}
+// src/obelysk/denominations.ts
+var WBTC_DENOMINATIONS = [
+  50000n,
+  // 0.0005 BTC
+  100000n,
+  // 0.001 BTC
+  500000n,
+  // 0.005 BTC
+  1000000n,
+  // 0.01 BTC
+  5000000n,
+  // 0.05 BTC
+  10000000n
+  // 0.1 BTC
+];
+var SAGE_DENOMINATIONS = [
+  10000000000000000n,
+  // 0.01 SAGE
+  50000000000000000n,
+  // 0.05 SAGE
+  100000000000000000n,
+  // 0.1 SAGE
+  500000000000000000n,
+  // 0.5 SAGE
+  1000000000000000000n,
+  // 1 SAGE
+  5000000000000000000n
+  // 5 SAGE
+];
+var ETH_DENOMINATIONS = [
+  1000000000000000n,
+  // 0.001 ETH
+  5000000000000000n,
+  // 0.005 ETH
+  10000000000000000n,
+  // 0.01 ETH
+  50000000000000000n,
+  // 0.05 ETH
+  100000000000000000n,
+  // 0.1 ETH
+  500000000000000000n
+  // 0.5 ETH
+];
+var STRK_DENOMINATIONS = [
+  50000000000000000n,
+  // 0.05 STRK
+  100000000000000000n,
+  // 0.1 STRK
+  500000000000000000n,
+  // 0.5 STRK
+  1000000000000000000n,
+  // 1 STRK
+  5000000000000000000n
+  // 5 STRK
+];
+var USDC_DENOMINATIONS = [
+  1000000n,
+  // 1 USDC
+  5000000n,
+  // 5 USDC
+  10000000n,
+  // 10 USDC
+  50000000n,
+  // 50 USDC
+  100000000n,
+  // 100 USDC
+  500000000n
+  // 500 USDC
+];
+var VM31_DENOMINATIONS = {
+  0: WBTC_DENOMINATIONS,
+  1: SAGE_DENOMINATIONS,
+  2: ETH_DENOMINATIONS,
+  3: STRK_DENOMINATIONS,
+  4: USDC_DENOMINATIONS
+};
+var DENOMINATION_BY_SYMBOL = {
+  wbtc: WBTC_DENOMINATIONS,
+  sage: SAGE_DENOMINATIONS,
+  eth: ETH_DENOMINATIONS,
+  strk: STRK_DENOMINATIONS,
+  usdc: USDC_DENOMINATIONS
+};
+function validateDenomination(amount, assetIdOrSymbol) {
+  let denoms;
+  if (typeof assetIdOrSymbol === "number") {
+    denoms = VM31_DENOMINATIONS[assetIdOrSymbol];
+  } else {
+    denoms = DENOMINATION_BY_SYMBOL[assetIdOrSymbol.toLowerCase()];
+  }
+  if (!denoms) return;
+  if (!denoms.includes(amount)) {
+    throw new Error(
+      `Deposit must use a standard denomination for asset ${assetIdOrSymbol}. Got ${amount}. Valid: [${denoms.join(", ")}]`
+    );
+  }
+}
+function splitIntoDenominations(amount, assetIdOrSymbol) {
+  let denoms;
+  if (typeof assetIdOrSymbol === "number") {
+    denoms = VM31_DENOMINATIONS[assetIdOrSymbol];
+  } else {
+    denoms = DENOMINATION_BY_SYMBOL[assetIdOrSymbol.toLowerCase()];
+  }
+  if (!denoms) return { denominations: [amount], remainder: 0n };
+  const sorted = [...denoms].sort((a, b) => b > a ? 1 : b < a ? -1 : 0);
+  const result = [];
+  let remaining = amount;
+  for (const denom of sorted) {
+    while (remaining >= denom) {
+      result.push(denom);
+      remaining -= denom;
+    }
+  }
+  return { denominations: result, remainder: remaining };
+}
+function getDenominations(assetIdOrSymbol) {
+  if (typeof assetIdOrSymbol === "number") {
+    return VM31_DENOMINATIONS[assetIdOrSymbol];
+  }
+  return DENOMINATION_BY_SYMBOL[assetIdOrSymbol.toLowerCase()];
+}
 // src/obelysk/vm31Vault.ts
 var VM31VaultClient = class {
   constructor(obelysk) {
@@ -2118,6 +2348,8 @@ var VM31VaultClient = class {
   get relayerApiKey() {
     return this.obelysk.relayerApiKey;
   }
+  /** Cached relayer X25519 public key (fetched on first encrypted submit) */
+  _relayerPubkey = null;
   async relayerFetch(path, init) {
     const url = `${this.relayerUrl}${path}`;
     const headers = { "Content-Type": "application/json" };
@@ -2129,6 +2361,27 @@ var VM31VaultClient = class {
     }
     return res.json();
   }
+  /**
+   * Submit a payload to the relayer, encrypted with ECIES.
+   * Falls back to plaintext if `encrypt: false` is passed.
+   */
+  async relayerSubmit(payload, encrypt = true) {
+    if (!encrypt) {
+      return this.relayerFetch("/submit", {
+        method: "POST",
+        body: JSON.stringify(payload)
+      });
+    }
+    if (!this._relayerPubkey) {
+      const keyInfo = await this.getRelayerPublicKey();
+      this._relayerPubkey = keyInfo.publicKey;
+    }
+    const envelope = await eciesEncrypt(payload, this._relayerPubkey);
+    return this.relayerFetch("/submit", {
+      method: "POST",
+      body: JSON.stringify(envelope)
+    });
+  }
   // --------------------------------------------------------------------------
   // On-chain reads (callContract to vm31_pool)
   // --------------------------------------------------------------------------
@@ -2292,61 +2545,65 @@ var VM31VaultClient = class {
       algorithm: data.algorithm
     };
   }
-  /** Submit a deposit transaction to the relayer */
-  async submitDeposit(params) {
-    return this.relayerFetch("/submit", {
-      method: "POST",
-      body: JSON.stringify({
-        type: "deposit",
-        amount: Number(params.amount),
-        asset_id: params.assetId,
-        recipient_pubkey: params.recipientPubkey,
-        recipient_viewing_key: params.recipientViewingKey
-      })
-    });
-  }
-  /** Submit a withdrawal transaction to the relayer */
-  async submitWithdraw(params) {
-    return this.relayerFetch("/submit", {
-      method: "POST",
-      body: JSON.stringify({
-        type: "withdraw",
-        amount: Number(params.amount),
-        asset_id: params.assetId,
-        note: {
-          owner_pubkey: params.note.owner_pubkey,
-          asset_id: params.note.asset_id,
-          amount_lo: params.note.amount_lo,
-          amount_hi: params.note.amount_hi,
-          blinding: params.note.blinding
-        },
-        spending_key: params.spendingKey,
-        merkle_path: params.merklePath,
-        merkle_root: params.merkleRoot,
-        withdrawal_binding: params.withdrawalBinding,
-        binding_salt: params.bindingSalt
-      })
-    });
-  }
-  /** Submit a private transfer transaction to the relayer */
-  async submitTransfer(params) {
-    return this.relayerFetch("/submit", {
-      method: "POST",
-      body: JSON.stringify({
-        type: "transfer",
-        amount: Number(params.amount),
-        asset_id: params.assetId,
-        recipient_pubkey: params.recipientPubkey,
-        recipient_viewing_key: params.recipientViewingKey,
-        sender_viewing_key: params.senderViewingKey,
-        input_notes: params.inputNotes.map((n) => ({
-          note: n.note,
-          spending_key: n.spendingKey,
-          merkle_path: n.merklePath
-        })),
-        merkle_root: params.merkleRoot
-      })
-    });
+  /**
+   * Submit a deposit transaction to the relayer.
+   * Validates denomination (privacy gap #7) and encrypts with ECIES by default.
+   * @param encrypt - Set to false for legacy plaintext mode (default: true)
+   */
+  async submitDeposit(params, encrypt = true) {
+    validateDenomination(params.amount, params.assetId);
+    return this.relayerSubmit({
+      type: "deposit",
+      amount: Number(params.amount),
+      asset_id: params.assetId,
+      recipient_pubkey: params.recipientPubkey,
+      recipient_viewing_key: params.recipientViewingKey
+    }, encrypt);
+  }
+  /**
+   * Submit a withdrawal transaction to the relayer.
+   * Withdrawals are not denomination-restricted.
+   * @param encrypt - Set to false for legacy plaintext mode (default: true)
+   */
+  async submitWithdraw(params, encrypt = true) {
+    return this.relayerSubmit({
+      type: "withdraw",
+      amount: Number(params.amount),
+      asset_id: params.assetId,
+      note: {
+        owner_pubkey: params.note.owner_pubkey,
+        asset_id: params.note.asset_id,
+        amount_lo: params.note.amount_lo,
+        amount_hi: params.note.amount_hi,
+        blinding: params.note.blinding
+      },
+      spending_key: params.spendingKey,
+      merkle_path: params.merklePath,
+      merkle_root: params.merkleRoot,
+      withdrawal_binding: params.withdrawalBinding,
+      binding_salt: params.bindingSalt
+    }, encrypt);
+  }
+  /**
+   * Submit a private transfer transaction to the relayer.
+   * Transfers are not denomination-restricted.
+   * @param encrypt - Set to false for legacy plaintext mode (default: true)
+   */
+  async submitTransfer(params, encrypt = true) {
+    return this.relayerSubmit({
+      type: "transfer",
+      amount: Number(params.amount),
+      asset_id: params.assetId,
+      recipient_pubkey: params.recipientPubkey,
+      recipient_viewing_key: params.recipientViewingKey,
+      sender_viewing_key: params.senderViewingKey,
+      input_notes: params.inputNotes.map((n) => ({
+        note: n.note,
+        spending_key: n.spendingKey,
+        merkle_path: n.merklePath
+      })),
+      merkle_root: params.merkleRoot
+    }, encrypt);
   }
   /** Query batch info from the relayer */
   async queryBatch(batchId) {
@@ -3064,7 +3321,9 @@ var ObelyskClient = class {
   CURVE_ORDER,
   ConfidentialTransferClient,
   DARKPOOL_ASSET_IDS,
+  DENOMINATION_BY_SYMBOL,
   DarkPoolClient,
+  ETH_DENOMINATIONS,
   FIELD_PRIME,
   GENERATOR_G,
   GENERATOR_H,
@@ -3079,25 +3338,34 @@ var ObelyskClient = class {
   PrivacyPoolClient,
   PrivacyRouterClient,
   ProverStakingClient,
+  SAGE_DENOMINATIONS,
+  STRK_DENOMINATIONS,
   ShieldedSwapClient,
   StealthClient,
   TOKEN_DECIMALS,
+  USDC_DENOMINATIONS,
   VM31BridgeClient,
   VM31VaultClient,
   VM31_ASSET_IDS,
+  VM31_DENOMINATIONS,
+  WBTC_DENOMINATIONS,
   commitmentToHash,
   createAEHint,
   createEncryptionProof,
   deriveNullifier,
   ecAdd,
   ecMul,
+  eciesEncrypt,
   elgamalEncrypt,
   formatAmount,
   getContracts,
+  getDenominations,
   getRpcUrl,
   mod,
   modInverse,
   parseAmount,
   pedersenCommit,
-  randomScalar
+  randomScalar,
+  splitIntoDenominations,
+  validateDenomination
 });