@obelyzk/sdk 1.0.0 → 1.1.0

package/dist/obelysk/index.mjs

@@ -4,11 +4,12 @@ import {
   GENERATOR_G,
   GENERATOR_H,
   ObelyskPrivacy,
+  __require,
   ecAdd,
   ecMul,
   invMod,
   randomScalar
-} from "../chunk-O2PF7VJA.mjs";
+} from "../chunk-CGPFHXUF.mjs";
 
 // src/obelysk/client.ts
 import { RpcProvider } from "starknet";
@@ -1788,6 +1789,225 @@ var ShieldedSwapClient = class {
   }
 };
 
+// src/obelysk/ecies.ts
+var HKDF_INFO = "obelysk-ecies-v1";
+var ECIES_VERSION = 1;
+async function eciesEncrypt(payload, relayerPubkeyHex) {
+  const subtle = getCrypto();
+  const relayerPubkeyBytes = hexToBytes(relayerPubkeyHex);
+  if (relayerPubkeyBytes.length !== 32) {
+    throw new Error(`Invalid relayer public key length: ${relayerPubkeyBytes.length} (expected 32)`);
+  }
+  const relayerPubkey = await subtle.importKey(
+    "raw",
+    relayerPubkeyBytes.buffer,
+    { name: "X25519" },
+    false,
+    []
+  );
+  const ephemeralKeyPair = await subtle.generateKey(
+    { name: "X25519" },
+    true,
+    ["deriveBits"]
+  );
+  const sharedBits = await subtle.deriveBits(
+    { name: "X25519", public: relayerPubkey },
+    ephemeralKeyPair.privateKey,
+    256
+  );
+  const sharedKey = await subtle.importKey(
+    "raw",
+    sharedBits,
+    { name: "HKDF" },
+    false,
+    ["deriveKey"]
+  );
+  const aesKey = await subtle.deriveKey(
+    {
+      name: "HKDF",
+      hash: "SHA-256",
+      salt: new ArrayBuffer(0),
+      info: new TextEncoder().encode(HKDF_INFO)
+    },
+    sharedKey,
+    { name: "AES-GCM", length: 256 },
+    false,
+    ["encrypt"]
+  );
+  const nonce = getRandomBytes(12);
+  const plaintext = new TextEncoder().encode(JSON.stringify(payload));
+  const ciphertext = await subtle.encrypt(
+    { name: "AES-GCM", iv: nonce },
+    aesKey,
+    plaintext
+  );
+  const ephPubRaw = await subtle.exportKey("raw", ephemeralKeyPair.publicKey);
+  return {
+    ephemeral_pubkey: bytesToHex(new Uint8Array(ephPubRaw)),
+    ciphertext: bytesToBase64(new Uint8Array(ciphertext)),
+    nonce: bytesToHex(nonce),
+    version: ECIES_VERSION
+  };
+}
+function getCrypto() {
+  if (typeof globalThis.crypto?.subtle !== "undefined") {
+    return globalThis.crypto.subtle;
+  }
+  try {
+    const { webcrypto } = __require("crypto");
+    return webcrypto.subtle;
+  } catch {
+    throw new Error("ECIES requires Web Crypto API (Node 20+ or a modern browser)");
+  }
+}
+function getRandomBytes(n) {
+  if (typeof globalThis.crypto?.getRandomValues !== "undefined") {
+    return globalThis.crypto.getRandomValues(new Uint8Array(n));
+  }
+  const { randomBytes } = __require("crypto");
+  return new Uint8Array(randomBytes(n));
+}
+function hexToBytes(hex) {
+  const clean = hex.startsWith("0x") ? hex.slice(2) : hex;
+  const bytes = new Uint8Array(clean.length / 2);
+  for (let i = 0; i < bytes.length; i++) {
+    bytes[i] = parseInt(clean.slice(i * 2, i * 2 + 2), 16);
+  }
+  return bytes;
+}
+function bytesToHex(bytes) {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function bytesToBase64(bytes) {
+  if (typeof btoa === "function") {
+    return btoa(String.fromCharCode(...bytes));
+  }
+  return Buffer.from(bytes).toString("base64");
+}
+
+// src/obelysk/denominations.ts
+var WBTC_DENOMINATIONS = [
+  50000n,
+  // 0.0005 BTC
+  100000n,
+  // 0.001 BTC
+  500000n,
+  // 0.005 BTC
+  1000000n,
+  // 0.01 BTC
+  5000000n,
+  // 0.05 BTC
+  10000000n
+  // 0.1 BTC
+];
+var SAGE_DENOMINATIONS = [
+  10000000000000000n,
+  // 0.01 SAGE
+  50000000000000000n,
+  // 0.05 SAGE
+  100000000000000000n,
+  // 0.1 SAGE
+  500000000000000000n,
+  // 0.5 SAGE
+  1000000000000000000n,
+  // 1 SAGE
+  5000000000000000000n
+  // 5 SAGE
+];
+var ETH_DENOMINATIONS = [
+  1000000000000000n,
+  // 0.001 ETH
+  5000000000000000n,
+  // 0.005 ETH
+  10000000000000000n,
+  // 0.01 ETH
+  50000000000000000n,
+  // 0.05 ETH
+  100000000000000000n,
+  // 0.1 ETH
+  500000000000000000n
+  // 0.5 ETH
+];
+var STRK_DENOMINATIONS = [
+  50000000000000000n,
+  // 0.05 STRK
+  100000000000000000n,
+  // 0.1 STRK
+  500000000000000000n,
+  // 0.5 STRK
+  1000000000000000000n,
+  // 1 STRK
+  5000000000000000000n
+  // 5 STRK
+];
+var USDC_DENOMINATIONS = [
+  1000000n,
+  // 1 USDC
+  5000000n,
+  // 5 USDC
+  10000000n,
+  // 10 USDC
+  50000000n,
+  // 50 USDC
+  100000000n,
+  // 100 USDC
+  500000000n
+  // 500 USDC
+];
+var VM31_DENOMINATIONS = {
+  0: WBTC_DENOMINATIONS,
+  1: SAGE_DENOMINATIONS,
+  2: ETH_DENOMINATIONS,
+  3: STRK_DENOMINATIONS,
+  4: USDC_DENOMINATIONS
+};
+var DENOMINATION_BY_SYMBOL = {
+  wbtc: WBTC_DENOMINATIONS,
+  sage: SAGE_DENOMINATIONS,
+  eth: ETH_DENOMINATIONS,
+  strk: STRK_DENOMINATIONS,
+  usdc: USDC_DENOMINATIONS
+};
+function validateDenomination(amount, assetIdOrSymbol) {
+  let denoms;
+  if (typeof assetIdOrSymbol === "number") {
+    denoms = VM31_DENOMINATIONS[assetIdOrSymbol];
+  } else {
+    denoms = DENOMINATION_BY_SYMBOL[assetIdOrSymbol.toLowerCase()];
+  }
+  if (!denoms) return;
+  if (!denoms.includes(amount)) {
+    throw new Error(
+      `Deposit must use a standard denomination for asset ${assetIdOrSymbol}. Got ${amount}. Valid: [${denoms.join(", ")}]`
+    );
+  }
+}
+function splitIntoDenominations(amount, assetIdOrSymbol) {
+  let denoms;
+  if (typeof assetIdOrSymbol === "number") {
+    denoms = VM31_DENOMINATIONS[assetIdOrSymbol];
+  } else {
+    denoms = DENOMINATION_BY_SYMBOL[assetIdOrSymbol.toLowerCase()];
+  }
+  if (!denoms) return { denominations: [amount], remainder: 0n };
+  const sorted = [...denoms].sort((a, b) => b > a ? 1 : b < a ? -1 : 0);
+  const result = [];
+  let remaining = amount;
+  for (const denom of sorted) {
+    while (remaining >= denom) {
+      result.push(denom);
+      remaining -= denom;
+    }
+  }
+  return { denominations: result, remainder: remaining };
+}
+function getDenominations(assetIdOrSymbol) {
+  if (typeof assetIdOrSymbol === "number") {
+    return VM31_DENOMINATIONS[assetIdOrSymbol];
+  }
+  return DENOMINATION_BY_SYMBOL[assetIdOrSymbol.toLowerCase()];
+}
+
 // src/obelysk/vm31Vault.ts
 var VM31VaultClient = class {
   constructor(obelysk) {
@@ -1802,6 +2022,8 @@ var VM31VaultClient = class {
   get relayerApiKey() {
     return this.obelysk.relayerApiKey;
   }
+  /** Cached relayer X25519 public key (fetched on first encrypted submit) */
+  _relayerPubkey = null;
   async relayerFetch(path, init) {
     const url = `${this.relayerUrl}${path}`;
     const headers = { "Content-Type": "application/json" };
@@ -1813,6 +2035,27 @@ var VM31VaultClient = class {
     }
     return res.json();
   }
+  /**
+   * Submit a payload to the relayer, encrypted with ECIES.
+   * Falls back to plaintext if `encrypt: false` is passed.
+   */
+  async relayerSubmit(payload, encrypt = true) {
+    if (!encrypt) {
+      return this.relayerFetch("/submit", {
+        method: "POST",
+        body: JSON.stringify(payload)
+      });
+    }
+    if (!this._relayerPubkey) {
+      const keyInfo = await this.getRelayerPublicKey();
+      this._relayerPubkey = keyInfo.publicKey;
+    }
+    const envelope = await eciesEncrypt(payload, this._relayerPubkey);
+    return this.relayerFetch("/submit", {
+      method: "POST",
+      body: JSON.stringify(envelope)
+    });
+  }
   // --------------------------------------------------------------------------
   // On-chain reads (callContract to vm31_pool)
   // --------------------------------------------------------------------------
@@ -1976,61 +2219,65 @@ var VM31VaultClient = class {
       algorithm: data.algorithm
     };
   }
-  /** Submit a deposit transaction to the relayer */
-  async submitDeposit(params) {
-    return this.relayerFetch("/submit", {
-      method: "POST",
-      body: JSON.stringify({
-        type: "deposit",
-        amount: Number(params.amount),
-        asset_id: params.assetId,
-        recipient_pubkey: params.recipientPubkey,
-        recipient_viewing_key: params.recipientViewingKey
-      })
-    });
+  /**
+   * Submit a deposit transaction to the relayer.
+   * Validates denomination (privacy gap #7) and encrypts with ECIES by default.
+   * @param encrypt - Set to false for legacy plaintext mode (default: true)
+   */
+  async submitDeposit(params, encrypt = true) {
+    validateDenomination(params.amount, params.assetId);
+    return this.relayerSubmit({
+      type: "deposit",
+      amount: Number(params.amount),
+      asset_id: params.assetId,
+      recipient_pubkey: params.recipientPubkey,
+      recipient_viewing_key: params.recipientViewingKey
+    }, encrypt);
   }
-  /** Submit a withdrawal transaction to the relayer */
-  async submitWithdraw(params) {
-    return this.relayerFetch("/submit", {
-      method: "POST",
-      body: JSON.stringify({
-        type: "withdraw",
-        amount: Number(params.amount),
-        asset_id: params.assetId,
-        note: {
-          owner_pubkey: params.note.owner_pubkey,
-          asset_id: params.note.asset_id,
-          amount_lo: params.note.amount_lo,
-          amount_hi: params.note.amount_hi,
-          blinding: params.note.blinding
-        },
-        spending_key: params.spendingKey,
-        merkle_path: params.merklePath,
-        merkle_root: params.merkleRoot,
-        withdrawal_binding: params.withdrawalBinding,
-        binding_salt: params.bindingSalt
-      })
-    });
+  /**
+   * Submit a withdrawal transaction to the relayer.
+   * Withdrawals are not denomination-restricted.
+   * @param encrypt - Set to false for legacy plaintext mode (default: true)
+   */
+  async submitWithdraw(params, encrypt = true) {
+    return this.relayerSubmit({
+      type: "withdraw",
+      amount: Number(params.amount),
+      asset_id: params.assetId,
+      note: {
+        owner_pubkey: params.note.owner_pubkey,
+        asset_id: params.note.asset_id,
+        amount_lo: params.note.amount_lo,
+        amount_hi: params.note.amount_hi,
+        blinding: params.note.blinding
+      },
+      spending_key: params.spendingKey,
+      merkle_path: params.merklePath,
+      merkle_root: params.merkleRoot,
+      withdrawal_binding: params.withdrawalBinding,
+      binding_salt: params.bindingSalt
+    }, encrypt);
   }
-  /** Submit a private transfer transaction to the relayer */
-  async submitTransfer(params) {
-    return this.relayerFetch("/submit", {
-      method: "POST",
-      body: JSON.stringify({
-        type: "transfer",
-        amount: Number(params.amount),
-        asset_id: params.assetId,
-        recipient_pubkey: params.recipientPubkey,
-        recipient_viewing_key: params.recipientViewingKey,
-        sender_viewing_key: params.senderViewingKey,
-        input_notes: params.inputNotes.map((n) => ({
-          note: n.note,
-          spending_key: n.spendingKey,
-          merkle_path: n.merklePath
-        })),
-        merkle_root: params.merkleRoot
-      })
-    });
+  /**
+   * Submit a private transfer transaction to the relayer.
+   * Transfers are not denomination-restricted.
+   * @param encrypt - Set to false for legacy plaintext mode (default: true)
+   */
+  async submitTransfer(params, encrypt = true) {
+    return this.relayerSubmit({
+      type: "transfer",
+      amount: Number(params.amount),
+      asset_id: params.assetId,
+      recipient_pubkey: params.recipientPubkey,
+      recipient_viewing_key: params.recipientViewingKey,
+      sender_viewing_key: params.senderViewingKey,
+      input_notes: params.inputNotes.map((n) => ({
+        note: n.note,
+        spending_key: n.spendingKey,
+        merkle_path: n.merklePath
+      })),
+      merkle_root: params.merkleRoot
+    }, encrypt);
   }
   /** Query batch info from the relayer */
   async queryBatch(batchId) {
@@ -2747,7 +2994,9 @@ export {
   CURVE_ORDER,
   ConfidentialTransferClient,
   DARKPOOL_ASSET_IDS,
+  DENOMINATION_BY_SYMBOL,
   DarkPoolClient,
+  ETH_DENOMINATIONS,
   FIELD_PRIME,
   GENERATOR_G,
   GENERATOR_H,
@@ -2762,25 +3011,34 @@ export {
   PrivacyPoolClient,
   PrivacyRouterClient,
   ProverStakingClient,
+  SAGE_DENOMINATIONS,
+  STRK_DENOMINATIONS,
   ShieldedSwapClient,
   StealthClient,
   TOKEN_DECIMALS,
+  USDC_DENOMINATIONS,
   VM31BridgeClient,
   VM31VaultClient,
   VM31_ASSET_IDS,
+  VM31_DENOMINATIONS,
+  WBTC_DENOMINATIONS,
   commitmentToHash,
   createAEHint,
   createEncryptionProof,
   deriveNullifier,
   ecAdd2 as ecAdd,
   ecMul2 as ecMul,
+  eciesEncrypt,
   elgamalEncrypt,
   formatAmount,
   getContracts,
+  getDenominations,
   getRpcUrl,
   mod,
   modInverse,
   parseAmount,
   pedersenCommit,
-  randomScalar2 as randomScalar
+  randomScalar2 as randomScalar,
+  splitIntoDenominations,
+  validateDenomination
 };

package/dist/privacy/index.mjs

@@ -19,7 +19,7 @@ import {
   randomBytes,
   randomScalar,
   subMod
-} from "../chunk-O2PF7VJA.mjs";
+} from "../chunk-CGPFHXUF.mjs";
 export {
   AssetId,
   CURVE_ORDER,

package/dist/react/index.mjs

@@ -16,7 +16,7 @@ import {
   WorkersClient,
   getContractsForNetwork
 } from "../chunk-LXJT3QK6.mjs";
-import "../chunk-O2PF7VJA.mjs";
+import "../chunk-CGPFHXUF.mjs";
 
 // src/react/providers/BitSageProvider.tsx
 import {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@obelyzk/sdk",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "BitSage Network SDK - Client library for distributed compute, privacy swaps, and Obelysk encryption",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -97,5 +97,9 @@
   "homepage": "https://bitsage.network",
   "bugs": {
     "url": "https://github.com/Bitsage-Network/bitsage-network/issues"
+  },
+  "optionalDependencies": {
+    "@modelcontextprotocol/sdk": "^1.27.1",
+    "zod": "^4.3.6"
   }
 }