npm - @opaquecash/opaque - Versions diffs - 0.1.2 → 0.2.0 - Mend

@opaquecash/opaque 0.1.2 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/dist/chains.d.ts.map +1 -1
package/dist/chains.js +19 -28
package/dist/chains.js.map +1 -1
package/dist/client.d.ts +577 -11
package/dist/client.d.ts.map +1 -1
package/dist/client.js +1340 -20
package/dist/client.js.map +1 -1
package/dist/crypto/dksap.d.ts +15 -0
package/dist/crypto/dksap.d.ts.map +1 -1
package/dist/crypto/dksap.js +22 -3
package/dist/crypto/dksap.js.map +1 -1
package/dist/index.d.ts +16 -3
package/dist/index.d.ts.map +1 -1
package/dist/index.js +16 -2
package/dist/index.js.map +1 -1
package/dist/resolve.d.ts +103 -0
package/dist/resolve.d.ts.map +1 -0
package/dist/resolve.js +221 -0
package/dist/resolve.js.map +1 -0
package/dist/signer.d.ts +41 -0
package/dist/signer.d.ts.map +1 -0
package/dist/signer.js +47 -0
package/dist/signer.js.map +1 -0
package/package.json +30 -10

package/dist/client.js CHANGED Viewed

@@ -1,14 +1,37 @@
-import { createPublicClient, http, encodeFunctionData, getAddress, hexToBytes, } from "viem";
+import { createPublicClient, createWalletClient, custom, defineChain, http, encodeFunctionData, getAddress, hexToBytes, keccak256, } from "viem";
+import { sepolia } from "viem/chains";
+import { Keypair, PublicKey, SystemProgram, Transaction, } from "@solana/web3.js";
 import { EIP5564_SCHEME_SECP256K1 } from "@opaquecash/stealth-core";
-import { stealthMetaAddressRegistryAbi, stealthAddressAnnouncerAbi, getStealthMetaAddress as readRegistryMetaAddress, } from "@opaquecash/stealth-chain";
+import { stealthMetaAddressRegistryAbi, stealthAddressAnnouncerAbi, getStealthMetaAddress as readRegistryMetaAddress, EvmAdapter, sweepStealthNative, } from "@opaquecash/stealth-chain";
+import { SolanaAdapter, deriveStealthSolanaAddress, deriveStealthSolanaAddressFromStealthPrivKey, fetchOnsMirrorRecord, fetchSnsTxtRecord, fetchOnsClaimStatus, fetchWormholeMessageFee, buildOnsClaimInstruction, buildOnsReconcileInstruction, } from "@opaquecash/stealth-chain-solana";
+import { getOnsDeployment } from "@opaquecash/deployments";
+/** Minimal write/read surface of the canonical OpaqueNameRegistry (spec/ONS.md §2). */
+const onsNameRegistryAbi = [
+    {
+        type: "function",
+        name: "register",
+        stateMutability: "payable",
+        inputs: [
+            { name: "label", type: "string" },
+            { name: "spendPubKey", type: "bytes" },
+            { name: "viewPubKey", type: "bytes" },
+        ],
+        outputs: [{ name: "node", type: "bytes32" }],
+    },
+];
 import { checkAnnouncement, checkAnnouncementViewTag, encodeAttestationMetadata, initStealthWasm, reconstructSigningKey, scanAttestationsJson, } from "@opaquecash/stealth-wasm";
-import { attestationsToDiscoveredTraits, buildActionScope, externalNullifierFromScope, } from "@opaquecash/psr-core";
-import { fetchLatestValidRoot, fetchRootHistory, isRootValid, simulateVerifyReputation, submitVerifyReputation, verifyReputationView, } from "@opaquecash/psr-chain";
+import { attestationsToDiscoveredTraits, buildActionScope, encodeAttestationData, encodeV2AttestationMetadata, externalNullifierFromScope, fieldDefsToString, parseFieldDefs, randomNonce, } from "@opaquecash/psr-core";
+import { fetchLatestValidRoot, fetchRootHistory, isRootValid, simulateVerifyReputation, submitVerifyReputation, verifyReputationView, requirePsrV2Config, fetchSchema as evmFetchSchema, fetchSchemasForWallet as evmFetchSchemasForWallet, fetchAttestationsIssuedBy as evmFetchAttestationsIssuedBy, isAuthorizedIssuer as evmIsAuthorizedIssuer, registerSchema as evmRegisterSchema, addDelegate as evmAddDelegate, removeDelegate as evmRemoveDelegate, deprecateSchema as evmDeprecateSchema, attest as evmAttest, announceV2Attestation as evmAnnounceV2Attestation, } from "@opaquecash/psr-chain";
+import { computeSchemaId as solanaComputeSchemaId, deriveSchemaPda, deriveAttestationPda, buildRegisterSchemaInstruction, buildAddDelegateInstruction, buildRemoveDelegateInstruction, buildDeprecateSchemaInstruction, buildAttestInstruction, fetchAllSchemas as solanaFetchAllSchemas, fetchAllAttestations as solanaFetchAllAttestations, fetchAttestationPda as solanaFetchAttestationPda, submitReputationProof as solanaSubmitReputationProof, } from "@opaquecash/psr-chain-solana";
 import { ensureBufferPolyfill, generateReputationProof as runGenerateReputationProof, } from "@opaquecash/psr-prover";
 import { aggregateBalancesByToken, } from "@opaquecash/stealth-balance";
-import { deriveKeysFromSignature, keysToStealthMetaAddress, stealthMetaAddressToHex, computeStealthAddressAndViewTag, recomputeStealthSendFromEphemeralPrivateKey, ephemeralPrivateKeyToCompressedPublicKey, } from "./crypto/dksap.js";
+import { buildAnnounceWithRelayRequest as uabBuildAnnounceWithRelayRequest, fetchCrossChainAnnouncements as uabFetchCrossChainAnnouncements, toIndexerAnnouncement as uabToIndexerAnnouncement, getUabDeployment, } from "@opaquecash/uab";
+import { deriveKeysFromSignature, keysToStealthMetaAddress, stealthMetaAddressToHex, computeStealthAddressAndViewTag, recomputeStealthSendFromEphemeralPrivateKey, ephemeralPrivateKeyToCompressedPublicKey, generateRandomMetaAddress, } from "./crypto/dksap.js";
 import { getChainDeployment as getChainDeploymentInfo, getSupportedChainIds, requireChainDeployment, NATIVE_TOKEN_ADDRESS, } from "./chains.js";
 import { indexerAnnouncementsToScannerJson, } from "./indexer/normalize.js";
+import { namehash, normalize as normalizeEnsName } from "viem/ens";
+import { ipfsPathFromInput, isEnsNameInput, isEvmAddressInput, isOnsNameInput, isSnsNameInput, isSolanaPubkeyInput, META_ADDRESS_VALUE_PREFIX, OPAQUE_META_RECORD_KEY, parseMetaAddressValue, resolveEnsMetaAddress, resolveIpfsDidMetaAddress, resolveSnsMetaAddress, } from "./resolve.js";
+import { requestSetupSignature, selectSigner, } from "./signer.js";
 const ERC20_BALANCE_ABI = [
     {
         type: "function",
@@ -31,6 +54,10 @@ export class OpaqueClient {
     metaAddressHex;
     publicClient;
     wasm;
+    evmAdapter;
+    solanaAdapter;
+    evmWalletClientCache;
+    solanaWalletCache;
     constructor(config, deployment, wasm, keys) {
         this.config = config;
         this.deployment = deployment;
@@ -60,9 +87,9 @@ export class OpaqueClient {
      */
     static async create(config) {
         const deployment = requireChainDeployment(config.chainId);
-        const wasm = await initStealthWasm({
-            moduleSpecifier: config.wasmModuleSpecifier,
-        });
+        const wasm = config.wasmModuleSpecifier
+            ? await initStealthWasm({ moduleSpecifier: config.wasmModuleSpecifier })
+            : wasmUnavailable();
         const { viewingKey, spendingKey } = deriveKeysFromSignature(config.walletSignature);
         const { S, metaAddress } = keysToStealthMetaAddress(viewingKey, spendingKey);
         const metaAddressHex = stealthMetaAddressToHex(metaAddress);
@@ -73,6 +100,38 @@ export class OpaqueClient {
             metaAddressHex,
         });
     }
+    /**
+     * Construct a client from wallet(s) in the {@link UnifiedSigner} shape — the
+     * one-adapter entry point for integrators (Phase 2.5). Pass at most one wallet per
+     * chain; the FIRST wallet is prompted for the {@link SETUP_MESSAGE} setup signature
+     * (HKDF entropy) unless a cached `walletSignature` is supplied. Each wallet is also
+     * wired as that chain's write signer (`ethereumProvider`/`ethereumWalletClient`,
+     * `solanaWallet`), so PSR writes and sends work without further config.
+     */
+    static async fromWallet(params) {
+        const { wallets, walletSignature, ...rest } = params;
+        const list = Array.isArray(wallets) ? wallets : [wallets];
+        if (list.length === 0 && !walletSignature) {
+            throw new Error("Opaque: fromWallet needs at least one wallet (or a cached walletSignature).");
+        }
+        const evm = selectSigner(list, "ethereum");
+        const solana = selectSigner(list, "solana");
+        const signature = walletSignature ?? (await requestSetupSignature(list[0]));
+        return OpaqueClient.create({
+            ...rest,
+            walletSignature: signature,
+            // Zero address keeps reads working for Solana-only sessions; never used for writes.
+            ethereumAddress: evm?.address ?? "0x0000000000000000000000000000000000000000",
+            ethereumProvider: evm?.provider,
+            ethereumWalletClient: evm?.walletClient,
+            solanaWallet: solana?.signTransaction != null
+                ? {
+                    publicKey: solana.publicKey,
+                    signTransaction: solana.signTransaction,
+                }
+                : undefined,
+        });
+    }
     /** Chain id from configuration. */
     getChainId() {
         return this.config.chainId;
@@ -123,6 +182,156 @@ export class OpaqueClient {
             metaAddressHex: bytes,
         };
     }
+    /**
+     * Resolve ANY supported recipient identity to its 66-byte meta-address (CSAP §2.9):
+     *
+     * | Input | Path |
+     * |-------|------|
+     * | 66-byte meta-address (optionally `st:opq:`-prefixed) | validated and passed through |
+     * | `0x…` 20-byte EVM address | ERC-6538 `StealthMetaAddressRegistry` |
+     * | Solana base58 pubkey | `stealth-registry` PDA (needs {@link OpaqueClientConfig.solana}) |
+     * | `ipfs://…` / bare CID | DID document fetch via gateways (configure {@link OpaqueClientConfig.ipfs}) |
+     * | ONS name (`alice.opq.eth`) | Solana mirror PDA first, canonical OpaqueNameRegistry fallback (spec/ONS.md) |
+     * | other `*.eth` | ENS `com.opaque.meta` text record (needs {@link OpaqueClientConfig.ens}) |
+     * | `*.sol` | SNS Records V2 TXT record (needs {@link OpaqueClientConfig.solana} or `sns.getRecord`) |
+     *
+     * Every path point-validates both 33-byte halves before returning. Throws with a
+     * path-specific message when the identity is unregistered, unset, or malformed.
+     */
+    async resolveRecipient(input) {
+        const trimmed = input.trim();
+        if (trimmed.startsWith(META_ADDRESS_VALUE_PREFIX) ||
+            /^(0x)?[0-9a-fA-F]{132}$/.test(trimmed)) {
+            const meta = parseMetaAddressValue(trimmed);
+            if (!meta) {
+                throw new Error("Opaque: recipient looks like a meta-address but failed validation (both 33-byte halves must be valid compressed secp256k1 points).");
+            }
+            return { metaAddressHex: meta, source: "meta-address", input: trimmed };
+        }
+        const cidPath = ipfsPathFromInput(trimmed);
+        if (cidPath) {
+            const meta = await resolveIpfsDidMetaAddress(cidPath, this.resolveTransports());
+            return { metaAddressHex: meta, source: "ipfs-did", input: trimmed };
+        }
+        if (isEnsNameInput(trimmed)) {
+            const onsParent = this.onsParentName();
+            if (onsParent && isOnsNameInput(trimmed, onsParent)) {
+                return this.resolveOnsName(trimmed.toLowerCase());
+            }
+            const meta = await resolveEnsMetaAddress(trimmed, this.resolveTransports());
+            return { metaAddressHex: meta, source: "ens-text", input: trimmed };
+        }
+        if (isSnsNameInput(trimmed)) {
+            const meta = await resolveSnsMetaAddress(trimmed.toLowerCase(), this.snsGetRecord());
+            return { metaAddressHex: meta, source: "sns-record", input: trimmed };
+        }
+        if (isEvmAddressInput(trimmed)) {
+            const res = await this.resolveRecipientMetaAddress(trimmed);
+            if (!res.registered || !res.metaAddressHex) {
+                throw new Error(`Opaque: ${trimmed} has no registered meta-address on Ethereum.`);
+            }
+            return {
+                metaAddressHex: res.metaAddressHex,
+                source: "evm-registry",
+                input: trimmed,
+            };
+        }
+        if (isSolanaPubkeyInput(trimmed)) {
+            const meta = await this.getSolanaAdapter().resolveMetaAddress(trimmed);
+            if (!meta) {
+                throw new Error(`Opaque: ${trimmed} has no registered meta-address on Solana.`);
+            }
+            return { metaAddressHex: meta, source: "solana-registry", input: trimmed };
+        }
+        throw new Error(`Opaque: unrecognised recipient "${trimmed}" (expected a meta-address, EVM address, Solana pubkey, ipfs:// CID, or *.eth name).`);
+    }
+    /**
+     * Resolve an Opaque Name Service name (`alice.opq.eth`; `alice.opqtest.eth` on
+     * testnet) to its meta-address (spec/ONS.md §7). Tries the Solana mirror PDA first
+     * (one account read, no Ethereum RPC — needs {@link OpaqueClientConfig.solana});
+     * falls back to the canonical OpaqueNameRegistry (ENSIP-10) over the scan RPC.
+     * Both paths point-validate the 33-byte halves. Mirror records lag the canonical
+     * record by Wormhole latency (eventually consistent, canonical-chain-wins).
+     */
+    async resolveOpaqueMetaAddress(name) {
+        const { metaAddressHex } = await this.resolveOnsName(name.trim().toLowerCase());
+        return metaAddressHex;
+    }
+    /** ONS resolution: mirror-PDA-first, canonical-registry fallback. */
+    async resolveOnsName(name) {
+        // 1. Solana mirror PDA (cheap, chain-local).
+        if (this.config.solana) {
+            try {
+                const adapter = this.getSolanaAdapter();
+                const mirrorProgram = this.config.ons?.mirrorProgram
+                    ? new PublicKey(this.config.ons.mirrorProgram)
+                    : adapter.deployment.onsMirror;
+                const record = await fetchOnsMirrorRecord(adapter.connection, mirrorProgram, name);
+                if (record) {
+                    const meta = parseMetaAddressValue(record.metaAddressHex);
+                    if (meta)
+                        return { metaAddressHex: meta, source: "ons-mirror", input: name };
+                }
+            }
+            catch {
+                // Mirror unavailable (RPC outage, cluster mismatch): fall through to canonical.
+            }
+        }
+        // 2. Canonical OpaqueNameRegistry (ENSIP-10 wildcard resolver) on the EVM RPC.
+        const registry = this.config.ons?.registry ?? getOnsDeployment(this.config.chainId)?.registry;
+        if (!registry) {
+            throw new Error(`Opaque: cannot resolve ${name} — no ONS mirror record and no OpaqueNameRegistry ` +
+                `is known for chainId ${this.config.chainId} (pass config.ons.registry).`);
+        }
+        const value = (await this.publicClient.readContract({
+            address: registry,
+            abi: [
+                {
+                    type: "function",
+                    name: "text",
+                    stateMutability: "view",
+                    inputs: [
+                        { name: "node", type: "bytes32" },
+                        { name: "key", type: "string" },
+                    ],
+                    outputs: [{ name: "", type: "string" }],
+                },
+            ],
+            functionName: "text",
+            args: [namehash(name), OPAQUE_META_RECORD_KEY],
+        }));
+        const meta = value ? parseMetaAddressValue(value) : null;
+        if (!meta) {
+            throw new Error(`Opaque: ${name} is not registered with the Opaque Name Service.`);
+        }
+        return { metaAddressHex: meta, source: "ons-registry", input: name };
+    }
+    /** The ONS parent name in force (config override, else bundled deployment), if any. */
+    onsParentName() {
+        return (this.config.ons?.parentName?.toLowerCase() ??
+            getOnsDeployment(this.config.chainId)?.parentName);
+    }
+    /** The `.sol` record reader: injected, else the bundled Records V2 TXT reader. */
+    snsGetRecord() {
+        if (this.config.sns?.getRecord)
+            return this.config.sns.getRecord;
+        if (!this.config.solana)
+            return undefined;
+        return (domain) => fetchSnsTxtRecord(this.getSolanaAdapter().connection, domain);
+    }
+    /** Build the {@link ResolveTransports} from config (ENS reader + IPFS gateways). */
+    resolveTransports() {
+        const ens = this.config.ens;
+        const ensGetText = ens?.getText ??
+            (ens?.client
+                ? (name, key) => ens.client.getEnsText({ name: normalizeEnsName(name), key })
+                : undefined);
+        return {
+            ensGetText,
+            ipfsGateways: this.config.ipfs?.gateways,
+            fetchFn: this.config.ipfs?.fetch,
+        };
+    }
     /**
      * Encode `registerKeys` for the user's meta-address (they submit with `ethereumAddress`).
      */
@@ -140,6 +349,158 @@ export class OpaqueClient {
             metaAddressHex: this.metaAddressHex,
         };
     }
+    /**
+     * Register THIS wallet's 66-byte meta-address on-chain so others can resolve it, dispatching on
+     * `chain`. Submits the transaction with the configured signer (`ethereumWalletClient` /
+     * `ethereumProvider` for Ethereum, `solanaWallet` for Solana) and returns the tx id. For a
+     * calldata-only request you submit yourself, see {@link buildRegisterMetaAddressTransaction}
+     * (Ethereum) or `SolanaAdapter.buildRegisterKeysInstruction`.
+     */
+    async registerMetaAddress(chain) {
+        const schemeId = BigInt(EIP5564_SCHEME_SECP256K1);
+        if (chain === "ethereum") {
+            const wc = this.evmWalletClient();
+            const txHash = await wc.writeContract({
+                address: this.registry,
+                abi: stealthMetaAddressRegistryAbi,
+                functionName: "registerKeys",
+                args: [schemeId, this.metaAddressHex],
+                account: this.config.ethereumAddress,
+                chain: wc.chain ?? this.viemChain(),
+            });
+            return { chain, txHash, metaAddressHex: this.metaAddressHex };
+        }
+        if (chain === "solana") {
+            const wallet = this.requireSolanaWallet();
+            const ix = this.getSolanaAdapter().buildRegisterKeysInstruction(wallet.publicKey, hexToBytes(this.metaAddressHex), schemeId);
+            const txHash = await this.sendSolanaTx([ix]);
+            return { chain, txHash, metaAddressHex: this.metaAddressHex };
+        }
+        throw new Error(`Opaque: unsupported register chain "${chain}"`);
+    }
+    /**
+     * Whether THIS wallet's meta-address is already registered on `chain` (Ethereum reads its
+     * configured `ethereumAddress`; Solana reads the `solanaWallet` pubkey).
+     */
+    async isMetaAddressRegistered(chain) {
+        if (chain === "ethereum") {
+            const res = await this.resolveRecipientMetaAddress(this.config.ethereumAddress);
+            return res.registered;
+        }
+        if (chain === "solana") {
+            const wallet = this.requireSolanaWallet();
+            return this.getSolanaAdapter().isRegistered(wallet.publicKey.toBase58());
+        }
+        throw new Error(`Opaque: unsupported register chain "${chain}"`);
+    }
+    // ------------------------------------------------------------------ ONS names
+    /**
+     * Register `label`.<parent> for THIS wallet's meta-address on the canonical
+     * OpaqueNameRegistry (Ethereum; spec/ONS.md §4.1). Immediately authoritative;
+     * the Solana mirror follows after Wormhole relay. Submits with the configured
+     * Ethereum signer and returns the tx hash.
+     */
+    async registerOpaqueName(label) {
+        const registry = this.requireOnsRegistry();
+        const { spendPubKey, viewPubKey } = this.ownMetaAddressHalves();
+        const wc = this.evmWalletClient();
+        return wc.writeContract({
+            address: registry,
+            abi: onsNameRegistryAbi,
+            functionName: "register",
+            args: [label.toLowerCase(), spendPubKey, viewPubKey],
+            account: this.config.ethereumAddress,
+            chain: wc.chain ?? this.viemChain(),
+        });
+    }
+    /**
+     * Claim `label`.<parent> from Solana (spec/ONS.md §4.2). Creates a PROVISIONAL
+     * claim and publishes it to the canonical registry via Wormhole; it becomes
+     * authoritative only when the registry confirms (mirror record appears), and it
+     * loses to any concurrent direct Ethereum registration. Track with
+     * {@link getOpaqueNameStatus}; surface `pending` in UI (never as owned).
+     */
+    async claimOpaqueName(label) {
+        const parentName = this.requireOnsParentName();
+        const adapter = this.getSolanaAdapter();
+        const wallet = this.requireSolanaWallet();
+        const { spendPubKey, viewPubKey } = this.ownMetaAddressHalves();
+        const message = Keypair.generate();
+        const fee = await fetchWormholeMessageFee(adapter.connection, adapter.deployment.wormholeCore);
+        const ix = buildOnsClaimInstruction({
+            registrationProgramId: this.onsRegistrationProgram(),
+            wormholeCore: adapter.deployment.wormholeCore,
+            claimer: wallet.publicKey,
+            label,
+            parentName,
+            spendPubKey: hexToBytes(spendPubKey),
+            viewPubKey: hexToBytes(viewPubKey),
+            wormholeMessage: message.publicKey,
+            wormholeFee: fee,
+        });
+        const signature = await this.sendSolanaTx([ix], [message]);
+        return { signature, name: `${label.toLowerCase()}.${parentName}` };
+    }
+    /**
+     * Reconciliation state of an ONS name's Solana-originated claim
+     * (`none`/`pending`/`confirmed`/`lost`/`expired`; spec/ONS.md §6), plus the
+     * mirror record when one exists. Two Solana account reads.
+     */
+    async getOpaqueNameStatus(name) {
+        const adapter = this.getSolanaAdapter();
+        return fetchOnsClaimStatus(adapter.connection, this.onsRegistrationProgram(), this.onsMirrorProgram(), name.trim().toLowerCase());
+    }
+    /**
+     * Close a finished provisional claim (confirmed / lost / expired) and refund its
+     * rent to the claimer. Permissionless; submits with the configured Solana wallet.
+     */
+    async reconcileOpaqueName(name) {
+        const status = await this.getOpaqueNameStatus(name);
+        if (!status.claim)
+            throw new Error(`Opaque: no provisional claim for ${name}.`);
+        const wallet = this.requireSolanaWallet();
+        const ix = buildOnsReconcileInstruction({
+            registrationProgramId: this.onsRegistrationProgram(),
+            mirrorProgramId: this.onsMirrorProgram(),
+            fullName: name.trim().toLowerCase(),
+            claimer: status.claim.claimer,
+            payer: wallet.publicKey,
+        });
+        return this.sendSolanaTx([ix]);
+    }
+    /** The ONS parent name in force, or throw with setup guidance. */
+    requireOnsParentName() {
+        const parent = this.onsParentName();
+        if (!parent) {
+            throw new Error(`Opaque: no ONS deployment is known for chainId ${this.config.chainId} ` +
+                "(pass config.ons.parentName).");
+        }
+        return parent;
+    }
+    requireOnsRegistry() {
+        const registry = this.config.ons?.registry ?? getOnsDeployment(this.config.chainId)?.registry;
+        if (!registry) {
+            throw new Error(`Opaque: no OpaqueNameRegistry is known for chainId ${this.config.chainId} ` +
+                "(pass config.ons.registry).");
+        }
+        return registry;
+    }
+    onsMirrorProgram() {
+        return this.config.ons?.mirrorProgram
+            ? new PublicKey(this.config.ons.mirrorProgram)
+            : this.getSolanaAdapter().deployment.onsMirror;
+    }
+    onsRegistrationProgram() {
+        return this.getSolanaAdapter().deployment.onsRegistration;
+    }
+    /** Split this wallet's meta-address (CSAP V‖S) into its 33-byte halves. */
+    ownMetaAddressHalves() {
+        const hex = this.metaAddressHex.slice(2);
+        return {
+            viewPubKey: `0x${hex.slice(0, 66)}`,
+            spendPubKey: `0x${hex.slice(66, 132)}`,
+        };
+    }
     /**
      * Derive a one-time stealth address for sending to a recipient meta-address.
      */
@@ -152,8 +513,190 @@ export class OpaqueClient {
             ephemeralPublicKey: r.ephemeralPubKey,
             ephemeralPrivateKey: r.ephemeralPriv,
             metadata: r.metadata,
+            stealthPubKey: r.stealthPubKeyUncompressed,
         };
     }
+    /**
+     * High-level send: resolve the recipient, derive a one-time stealth destination, transfer the
+     * native asset, and publish the discovery announcement — in one call, dispatching on `chain`.
+     *
+     * Solana bundles the transfer and `announce` (or `announce_with_relay` when `relay` is set) into a
+     * single transaction and returns its signature. Ethereum submits the value transfer first, then
+     * the announce, returning both tx hashes. Token (SPL/ERC-20) sends are not yet supported.
+     * Requires the chain's signer (`solanaWallet` / `ethereumWalletClient` or `ethereumProvider`).
+     */
+    async sendStealthPayment(params) {
+        if (params.token) {
+            throw new Error("Opaque: token (SPL/ERC-20) stealth sends are not yet supported; send the native asset.");
+        }
+        const metaAddressHex = await this.resolveSendRecipientMeta(params.chain, params.recipient);
+        const send = this.prepareStealthSend(metaAddressHex);
+        const ephemeralPublicKey = bytesToHex0x(send.ephemeralPublicKey);
+        const wantAnnounce = params.announce ?? true;
+        if (params.chain === "solana") {
+            const wallet = this.requireSolanaWallet();
+            const adapter = this.getSolanaAdapter();
+            const destination = deriveStealthSolanaAddress(send.stealthPubKey);
+            const transferIx = SystemProgram.transfer({
+                fromPubkey: wallet.publicKey,
+                toPubkey: new PublicKey(destination),
+                lamports: params.amount,
+            });
+            const buildAnnounceIxs = async () => {
+                if (params.relay) {
+                    const wormholeFee = await adapter.fetchWormholeMessageFee();
+                    const { instruction, messageKeypair } = adapter.buildAnnounceWithRelay({
+                        caller: wallet.publicKey,
+                        stealthAddress: hexToBytes(send.stealthAddress),
+                        ephemeralPubKey: send.ephemeralPublicKey,
+                        metadata: send.metadata,
+                        schemeId: send.schemeId,
+                        batchId: params.batchId,
+                        wormholeFee,
+                    });
+                    return { ixs: [instruction], signers: [messageKeypair] };
+                }
+                return {
+                    ixs: [
+                        adapter.buildAnnounceInstruction({
+                            caller: wallet.publicKey,
+                            stealthAddress: hexToBytes(send.stealthAddress),
+                            ephemeralPubKey: send.ephemeralPublicKey,
+                            metadata: send.metadata,
+                            schemeId: send.schemeId,
+                        }),
+                    ],
+                    signers: [],
+                };
+            };
+            const wantsAnyAnnounce = params.relay || wantAnnounce;
+            if (params.delayAnnouncement != null && wantsAnyAnnounce) {
+                const txHash = await this.sendSolanaTx([transferIx]);
+                const announcePromise = (async () => {
+                    await sleep(params.delayAnnouncement);
+                    const { ixs, signers } = await buildAnnounceIxs();
+                    return this.sendSolanaTx(ixs, signers);
+                })();
+                return {
+                    chain: "solana",
+                    txHash,
+                    announcePromise,
+                    stealthAddress: send.stealthAddress,
+                    destination,
+                    ephemeralPublicKey,
+                    metaAddressHex,
+                };
+            }
+            const ixs = [transferIx];
+            const extraSigners = [];
+            if (wantsAnyAnnounce) {
+                const announce = await buildAnnounceIxs();
+                ixs.push(...announce.ixs);
+                extraSigners.push(...announce.signers);
+            }
+            const txHash = await this.sendSolanaTx(ixs, extraSigners);
+            return {
+                chain: "solana",
+                txHash,
+                stealthAddress: send.stealthAddress,
+                destination,
+                ephemeralPublicKey,
+                metaAddressHex,
+            };
+        }
+        if (params.chain === "ethereum") {
+            const wc = this.evmWalletClient();
+            const viemChain = wc.chain ?? this.viemChain();
+            const txHash = await wc.sendTransaction({
+                account: this.config.ethereumAddress,
+                chain: viemChain,
+                to: send.stealthAddress,
+                value: params.amount,
+            });
+            const submitAnnounce = async () => {
+                if (params.relay) {
+                    const req = await this.buildAnnounceWithRelayRequest(send);
+                    return wc.sendTransaction({
+                        account: this.config.ethereumAddress,
+                        chain: viemChain,
+                        to: req.to,
+                        data: req.data,
+                        value: req.value,
+                    });
+                }
+                const req = this.buildAnnounceTransactionRequest(send);
+                return wc.sendTransaction({
+                    account: this.config.ethereumAddress,
+                    chain: viemChain,
+                    to: req.to,
+                    data: req.data,
+                });
+            };
+            const wantsAnyAnnounce = params.relay || wantAnnounce;
+            if (params.delayAnnouncement != null && wantsAnyAnnounce) {
+                const announcePromise = (async () => {
+                    await sleep(params.delayAnnouncement);
+                    return submitAnnounce();
+                })();
+                return {
+                    chain: "ethereum",
+                    txHash,
+                    announcePromise,
+                    stealthAddress: send.stealthAddress,
+                    ephemeralPublicKey,
+                    metaAddressHex,
+                };
+            }
+            let announceTxHash;
+            if (wantsAnyAnnounce) {
+                announceTxHash = await submitAnnounce();
+            }
+            return {
+                chain: "ethereum",
+                txHash,
+                announceTxHash,
+                stealthAddress: send.stealthAddress,
+                ephemeralPublicKey,
+                metaAddressHex,
+            };
+        }
+        throw new Error(`Opaque: unsupported send chain "${params.chain}"`);
+    }
+    /**
+     * Resolve a {@link SendStealthPaymentParams.recipient} to a 66-byte meta-address.
+     * Delegates to {@link resolveRecipient}, so sends accept every supported identity
+     * form (meta-address, registry address/pubkey, `ipfs://` DID, `*.eth`) on any chain —
+     * meta-addresses are chain-neutral.
+     */
+    async resolveSendRecipientMeta(_chain, recipient) {
+        const resolved = await this.resolveRecipient(recipient);
+        return resolved.metaAddressHex;
+    }
+    /**
+     * Anonymity-set utility (guide §17): mint `n` decoy announcements. Each one is a fully
+     * valid DKSAP announcement to a freshly generated THROWAWAY meta-address whose private
+     * keys are discarded — on-chain it is indistinguishable from a real payment
+     * announcement (valid curve points, correctly derived view tag), but nobody will ever
+     * match or spend it. Submit them (e.g. via {@link buildDummyAnnouncementTransactions})
+     * interleaved with real sends to grow every recipient's anonymity set.
+     */
+    generateDummyAnnouncements(n) {
+        if (!Number.isInteger(n) || n < 0) {
+            throw new Error("Opaque: generateDummyAnnouncements needs a non-negative integer count.");
+        }
+        return Array.from({ length: n }, () => {
+            const metaAddressHex = generateRandomMetaAddress();
+            return { ...this.prepareStealthSend(metaAddressHex), metaAddressHex };
+        });
+    }
+    /**
+     * Convenience over {@link generateDummyAnnouncements}: `n` ready-to-submit `announce`
+     * calldata requests for this chain's announcer. Broadcast them from any account —
+     * announcements carry no value and any caller may announce.
+     */
+    buildDummyAnnouncementTransactions(n) {
+        return this.generateDummyAnnouncements(n).map((d) => this.buildAnnounceTransactionRequest(d));
+    }
     /**
      * Manual “ghost” receive: derive a one-time stealth address for **this** wallet’s meta-address
      * without any on-chain announcement yet. Cryptographically this is {@link prepareStealthSend}
@@ -178,6 +721,7 @@ export class OpaqueClient {
             ephemeralPublicKey: r.ephemeralPubKey,
             ephemeralPrivateKey: r.ephemeralPriv,
             metadata: r.metadata,
+            stealthPubKey: r.stealthPubKeyUncompressed,
         });
     }
     /**
@@ -203,6 +747,96 @@ export class OpaqueClient {
             },
         };
     }
+    // ---------------------------------------------------------------------------
+    // Universal Announcement Bus (cross-chain announcements over Wormhole)
+    // ---------------------------------------------------------------------------
+    /** Resolve UAB addresses for this chain (config override takes precedence over the known deployment). */
+    uabAddresses() {
+        const d = getUabDeployment(this.config.chainId);
+        const uabSender = this.config.contracts?.uabSender ?? d?.uabSender;
+        const uabReceiver = this.config.contracts?.uabReceiver ?? d?.uabReceiver;
+        const wormholeCore = this.config.contracts?.wormholeCore ?? d?.wormholeCore;
+        if (!uabSender || !uabReceiver || !wormholeCore) {
+            throw new Error(`UAB not configured for chainId ${this.config.chainId}; pass contracts.{uabSender,uabReceiver,wormholeCore}`);
+        }
+        return { uabSender, uabReceiver, wormholeCore, fromBlock: d?.fromBlock ?? 0n };
+    }
+    /**
+     * Build a `{to,data,value}` request for a CROSS-CHAIN announce (`announceWithRelay`): it emits the
+     * local announcement AND publishes the 96-byte payload through Wormhole. `value` is the Wormhole
+     * message fee. Pass the same {@link PrepareStealthSendResult} you'd use for a native announce.
+     */
+    async buildAnnounceWithRelayRequest(send, opts = {}) {
+        const { uabSender, wormholeCore } = this.uabAddresses();
+        const req = await uabBuildAnnounceWithRelayRequest(this.publicClient, {
+            uabSender,
+            wormholeCore,
+            schemeId: send.schemeId,
+            stealthAddress: send.stealthAddress,
+            ephemeralPubKey: (`0x${bytesToHex(send.ephemeralPublicKey)}`),
+            metadata: (`0x${bytesToHex(send.metadata)}`),
+            consistencyLevel: opts.consistencyLevel,
+        });
+        return { ...req, chainId: this.config.chainId };
+    }
+    /**
+     * Build a CROSS-CHAIN announce for either chain, dispatching on `chain`. Emits the local
+     * announcement AND relays the 96-byte payload over Wormhole. Ethereum returns a `{to,data,value}`
+     * request (`value` is the Wormhole fee); Solana returns `instructions` + extra `signers` (the
+     * fresh Wormhole message keypair) — both must co-sign with the wallet. Pass the same
+     * {@link PrepareStealthSendResult} you'd use for a native announce.
+     *
+     * EVM honours `consistencyLevel`; Solana honours `batchId` (Wormhole nonce) and `wormholeFee`
+     * (auto-fetched from the core bridge when omitted; 0 on devnet).
+     */
+    async buildAnnounceWithRelay(chain, send, opts = {}) {
+        if (chain === "ethereum") {
+            const req = await this.buildAnnounceWithRelayRequest(send, {
+                consistencyLevel: opts.consistencyLevel,
+            });
+            return {
+                chain: "ethereum",
+                to: req.to,
+                data: req.data,
+                value: req.value,
+                chainId: req.chainId,
+            };
+        }
+        if (chain === "solana") {
+            const adapter = this.getSolanaAdapter();
+            const caller = this.requireSolanaWallet().publicKey;
+            const wormholeFee = opts.wormholeFee ?? (await adapter.fetchWormholeMessageFee());
+            const { instruction, messageKeypair } = adapter.buildAnnounceWithRelay({
+                caller,
+                stealthAddress: hexToBytes(send.stealthAddress),
+                ephemeralPubKey: send.ephemeralPublicKey,
+                metadata: send.metadata,
+                schemeId: send.schemeId,
+                batchId: opts.batchId,
+                wormholeFee,
+            });
+            return { chain: "solana", instructions: [instruction], signers: [messageKeypair] };
+        }
+        throw new Error(`Opaque: unsupported announce-with-relay chain "${chain}"`);
+    }
+    /**
+     * Read inbound CROSS-CHAIN announcements (from the UABReceiver) as indexer-shaped rows, ready to
+     * pass into {@link filterOwnedAnnouncements} alongside native rows.
+     */
+    async fetchCrossChainAnnouncements(opts = {}) {
+        const { uabReceiver, fromBlock } = this.uabAddresses();
+        const records = await uabFetchCrossChainAnnouncements(this.publicClient, {
+            uabReceiver,
+            fromBlock: opts.fromBlock ?? fromBlock,
+            toBlock: opts.toBlock,
+        });
+        return records.map(uabToIndexerAnnouncement);
+    }
+    /** Discover stealth outputs owned by this user that arrived via the cross-chain UAB. */
+    async scanCrossChain(opts = {}) {
+        const rows = await this.fetchCrossChainAnnouncements(opts);
+        return this.filterOwnedAnnouncements(rows);
+    }
     /**
      * Filter indexer announcements down to outputs owned by this user (WASM scan).
      */
@@ -222,10 +856,18 @@ export class OpaqueClient {
                     : Number(vtRaw);
             if (!Number.isFinite(vt) || !Number.isInteger(vt) || vt < 0 || vt > 255)
                 continue;
-            const tagResult = checkAnnouncementViewTag(this.wasm, vt, this.viewingKey, eph);
-            if (tagResult === "NoMatch")
+            // Anyone can announce; skip rows whose ephemeral key is 33 bytes but not a valid
+            // curve point (the WASM throws "Invalid public key" on them) instead of aborting.
+            let ok = false;
+            try {
+                const tagResult = checkAnnouncementViewTag(this.wasm, vt, this.viewingKey, eph);
+                if (tagResult === "NoMatch")
+                    continue;
+                ok = checkAnnouncement(this.wasm, row.stealthAddress, vt, this.viewingKey, this.spendPubKey, eph);
+            }
+            catch {
                 continue;
-            const ok = checkAnnouncement(this.wasm, row.stealthAddress, vt, this.viewingKey, this.spendPubKey, eph);
+            }
             if (!ok)
                 continue;
             owned.push({
@@ -239,6 +881,126 @@ export class OpaqueClient {
         }
         return owned;
     }
+    // ---------------------------------------------------------------------------
+    // Unified cross-chain inbox
+    // ---------------------------------------------------------------------------
+    /**
+     * Scan one or more chains for stealth outputs owned by this wallet and return a single,
+     * merged inbox. Each chain's native announcements are fetched through its {@link ChainAdapter}
+     * and run through the same WASM view-tag + DKSAP filter ({@link filterOwnedAnnouncements}), so
+     * detection is identical across chains. Outputs are tagged with their source `chain` / `chainId`.
+     *
+     * `"ethereum"` reuses this client's viem client + configured announcer/registry. `"solana"`
+     * requires {@link OpaqueClientConfig.solana} (connection / rpcUrl / cluster; defaults to devnet).
+     * The viewing/spending keys are chain-neutral, so one wallet's inbox spans both chains.
+     */
+    async scan(opts) {
+        const out = [];
+        for (const chain of opts.chains) {
+            const adapter = this.getAdapter(chain);
+            const announcements = await adapter.fetchAnnouncements({
+                fromCursor: opts.fromBlock,
+                toCursor: opts.toBlock,
+                limit: opts.solanaLimit,
+                includeCrossChain: opts.includeCrossChain,
+            });
+            // Adapters may merge cross-chain (UAB) announcements relayed to their chain;
+            // those keep their origin chainId, which distinguishes them from native ones.
+            const native = announcements.filter((a) => a.chainId === adapter.chainId);
+            const relayed = announcements.filter((a) => a.chainId !== adapter.chainId);
+            for (const [list, source] of [
+                [native, "native"],
+                [relayed, "uab"],
+            ]) {
+                if (list.length === 0)
+                    continue;
+                const rows = list.map(announcementToIndexerRow);
+                const owned = await this.filterOwnedAnnouncements(rows);
+                for (const o of owned) {
+                    out.push({ ...o, chain, chainId: adapter.chainId, source });
+                }
+            }
+        }
+        const uabConfigured = getUabDeployment(this.config.chainId) != null ||
+            this.config.contracts?.uabReceiver != null;
+        const includeCrossChain = opts.includeCrossChain ?? (opts.chains.includes("ethereum") && uabConfigured);
+        if (includeCrossChain) {
+            const crossOwned = await this.scanCrossChain({
+                fromBlock: opts.fromBlock,
+                toBlock: opts.toBlock,
+            });
+            const evmChainId = this.getAdapter("ethereum").chainId;
+            for (const o of crossOwned) {
+                out.push({ ...o, chain: "ethereum", chainId: evmChainId, source: "uab" });
+            }
+        }
+        return out;
+    }
+    /**
+     * Fetch ALL native announcements on `chain` as indexer-shaped rows — unfiltered, with their
+     * full on-chain `metadata`. This is the raw input for the metadata-aware scanners:
+     * {@link discoverTraits} / {@link getReputationTraitsFromAnnouncements} (PSR attestation
+     * markers) and {@link filterOwnedAnnouncements}. Unlike {@link scan}, nothing is dropped, so
+     * callers can decode announcement metadata that ownership filtering would discard.
+     *
+     * Note: cross-chain (UAB) announcements are NOT included — the 96-byte Wormhole payload only
+     * carries a 24-byte metadata tail, which cannot hold the 130-byte V2 attestation metadata.
+     * For trait discovery, fetch rows natively on each chain instead.
+     */
+    async fetchAnnouncementRows(chain, opts = {}) {
+        const announcements = await this.getAdapter(chain).fetchAnnouncements({
+            fromCursor: opts.fromBlock,
+            toCursor: opts.toBlock,
+            limit: opts.solanaLimit,
+        });
+        return announcements.map(announcementToIndexerRow);
+    }
+    /** Lazily build and cache the {@link ChainAdapter} for a chain. */
+    getAdapter(chain) {
+        if (chain === "ethereum") {
+            this.evmAdapter ??= new EvmAdapter({
+                publicClient: this.publicClient,
+                announcerAddress: this.announcer,
+                registryAddress: this.registry,
+                evmChainId: this.config.chainId,
+                schemeId: BigInt(EIP5564_SCHEME_SECP256K1),
+            });
+            return this.evmAdapter;
+        }
+        if (chain === "solana") {
+            return this.getSolanaAdapter();
+        }
+        throw new Error(`Opaque: unsupported scan chain "${chain}"`);
+    }
+    /** Lazily build and cache the concrete {@link SolanaAdapter}. */
+    getSolanaAdapter() {
+        this.solanaAdapter ??= new SolanaAdapter(this.config.solana ?? {});
+        return this.solanaAdapter;
+    }
+    /**
+     * Sweep the full native balance of an owned stealth output to `destination`, signed by the
+     * reconstructed one-time key (the on-chain `from` is the stealth address itself). Works for
+     * Ethereum (ETH) and Solana (SOL); `"solana"` requires {@link OpaqueClientConfig.solana}.
+     */
+    async sweep(params) {
+        const stealthPrivKey = this.getStealthSignerPrivateKey(params.output);
+        if (params.chain === "ethereum") {
+            const hash = await sweepStealthNative(this.publicClient, {
+                stealthPrivKey,
+                destination: getAddress(params.destination),
+                rpcUrl: this.config.rpcUrl,
+            });
+            return { chain: "ethereum", tx: hash };
+        }
+        if (params.chain === "solana") {
+            const { signature } = await this.getSolanaAdapter().sweepStealthSol({
+                stealthPrivKey,
+                destination: params.destination,
+            });
+            return { chain: "solana", tx: signature };
+        }
+        throw new Error(`Opaque: unsupported sweep chain "${params.chain}"`);
+    }
     /**
      * Reconstruct the 32-byte secp256k1 private key that controls `output`’s one-time stealth address.
      * Uses the same WASM path as the on-chain scanner (`reconstruct_signing_key_wasm`).
@@ -299,6 +1061,40 @@ export class OpaqueClient {
             totalRaw: totals.get(t.address.toLowerCase()) ?? 0n,
         }));
     }
+    /**
+     * Native balance per owned stealth output across chains. Ethereum reads the stealth address
+     * directly; Solana reconstructs the one-time key (WASM), derives the Solana stealth account, and
+     * reads its lamports. Pass the {@link UnifiedOwnedOutput}s from {@link scan}. SPL/ERC-20 token
+     * sums for the EVM tracked-token set live in {@link getBalancesFromAnnouncements}.
+     */
+    async getBalancesForOutputs(outputs) {
+        const result = [];
+        for (const o of outputs) {
+            if (o.chain === "ethereum") {
+                const wei = await this.publicClient.getBalance({
+                    address: getAddress(o.stealthAddress),
+                });
+                result.push({
+                    chain: "ethereum",
+                    stealthAddress: o.stealthAddress,
+                    address: o.stealthAddress,
+                    nativeRaw: wei,
+                });
+            }
+            else if (o.chain === "solana") {
+                const stealthPrivKey = this.getStealthSignerPrivateKey(o);
+                const address = deriveStealthSolanaAddressFromStealthPrivKey(stealthPrivKey);
+                const lamports = await this.getSolanaAdapter().connection.getBalance(new PublicKey(address));
+                result.push({
+                    chain: "solana",
+                    stealthAddress: o.stealthAddress,
+                    address,
+                    nativeRaw: BigInt(lamports),
+                });
+            }
+        }
+        return result;
+    }
     /**
      * PSR: map owned attestation markers to {@link DiscoveredTrait} list.
      */
@@ -338,8 +1134,406 @@ export class OpaqueClient {
     buildAssignReputationTransaction(recipientMetaAddressHex, attestationId) {
         return this.buildAnnounceTransactionRequest(this.prepareReputationAssignment(recipientMetaAddressHex, attestationId));
     }
+    // ---------------------------------------------------------------------------
+    // PSR admin API (cross-chain): schema + attestation lifecycle.
+    //
+    // Every method dispatches on `chain` and behaves identically from the caller's view, returning
+    // the chain-neutral SchemaV2 / AttestationV2 shapes. Ethereum writes need `ethereumProvider`;
+    // Solana writes need `solanaWallet`. The recipient/field/expiry/announce semantics match the
+    // reference frontends byte-for-byte.
+    // ---------------------------------------------------------------------------
+    /**
+     * Register a new schema (attestation class + issuance rules). Returns the tx id and derived
+     * `schemaId`. `fieldDefinitions` accepts an ABI string or {@link FieldDef}s.
+     */
+    async createSchema(chain, params) {
+        const fieldDefinitions = normalizeFieldDefs(params.fieldDefinitions);
+        if (chain === "ethereum") {
+            const cfg = requirePsrV2Config(this.config.chainId);
+            const clients = this.evmWriteClients();
+            const schemaExpiryBlock = await this.resolveEvmExpiryBlock(params.schemaExpiry);
+            return evmRegisterSchema(clients, cfg, {
+                name: params.name,
+                fieldDefinitions,
+                revocable: params.revocable,
+                resolver: params.resolver ? getAddress(params.resolver) : undefined,
+                schemaExpiryBlock,
+            });
+        }
+        if (chain === "solana") {
+            const wallet = this.requireSolanaWallet();
+            const programs = this.getSolanaAdapter().deployment;
+            const schemaId = solanaComputeSchemaId(wallet.publicKey, params.name);
+            const schemaPda = deriveSchemaPda(programs.schemaRegistry, wallet.publicKey, schemaId);
+            const schemaExpirySlot = await this.resolveSolanaExpirySlot(params.schemaExpiry);
+            const ix = buildRegisterSchemaInstruction({
+                schemaRegistryProgramId: programs.schemaRegistry,
+                authority: wallet.publicKey,
+                schemaPda,
+                schemaId,
+                name: params.name,
+                fieldDefinitions,
+                revocable: params.revocable,
+                resolver: params.resolver ? new PublicKey(params.resolver) : null,
+                schemaExpirySlot,
+            });
+            const txHash = await this.sendSolanaTx([ix]);
+            return { txHash, schemaId: bytesToHex0x(schemaId) };
+        }
+        throw unsupportedPsrChain(chain);
+    }
+    /** Schemas where this client's wallet is the authority OR an authorized delegate. */
+    async getMySchemas(chain) {
+        if (chain === "ethereum") {
+            const cfg = requirePsrV2Config(this.config.chainId);
+            return evmFetchSchemasForWallet(this.publicClient, cfg, this.config.ethereumAddress);
+        }
+        if (chain === "solana") {
+            const wallet = this.requireSolanaWallet();
+            const programs = this.getSolanaAdapter().deployment;
+            const me = wallet.publicKey.toBase58();
+            const all = await solanaFetchAllSchemas(this.getSolanaAdapter().connection, programs.schemaRegistry);
+            return all
+                .filter(({ schema }) => schema.authority.toBase58() === me ||
+                schema.delegates.some((d) => d.toBase58() === me))
+                .map(({ address, schema }) => solanaSchemaToV2(address, schema));
+        }
+        throw unsupportedPsrChain(chain);
+    }
+    /** Authority-only, irreversible: deprecate a schema (blocks new attestations). */
+    async deprecateSchema(chain, schemaId) {
+        if (chain === "ethereum") {
+            const cfg = requirePsrV2Config(this.config.chainId);
+            const txHash = await evmDeprecateSchema(this.evmWriteClients(), cfg, schemaId);
+            return { txHash };
+        }
+        if (chain === "solana") {
+            const wallet = this.requireSolanaWallet();
+            const programs = this.getSolanaAdapter().deployment;
+            const schemaPda = deriveSchemaPda(programs.schemaRegistry, wallet.publicKey, hexToBytes(schemaId));
+            const ix = buildDeprecateSchemaInstruction({
+                schemaRegistryProgramId: programs.schemaRegistry,
+                authority: wallet.publicKey,
+                schemaPda,
+            });
+            return { txHash: await this.sendSolanaTx([ix]) };
+        }
+        throw unsupportedPsrChain(chain);
+    }
+    /** Authority-only: authorize `delegate` to issue under `schemaId`. */
+    async addSchemaDelegate(chain, schemaId, delegate) {
+        if (chain === "ethereum") {
+            const cfg = requirePsrV2Config(this.config.chainId);
+            const txHash = await evmAddDelegate(this.evmWriteClients(), cfg, schemaId, getAddress(delegate));
+            return { txHash };
+        }
+        if (chain === "solana") {
+            const wallet = this.requireSolanaWallet();
+            const programs = this.getSolanaAdapter().deployment;
+            const schemaPda = deriveSchemaPda(programs.schemaRegistry, wallet.publicKey, hexToBytes(schemaId));
+            const ix = buildAddDelegateInstruction({
+                schemaRegistryProgramId: programs.schemaRegistry,
+                authority: wallet.publicKey,
+                schemaPda,
+                delegate: new PublicKey(delegate),
+            });
+            return { txHash: await this.sendSolanaTx([ix]) };
+        }
+        throw unsupportedPsrChain(chain);
+    }
+    /** Authority-only: revoke a delegate's issuance rights under `schemaId`. */
+    async removeSchemaDelegate(chain, schemaId, delegate) {
+        if (chain === "ethereum") {
+            const cfg = requirePsrV2Config(this.config.chainId);
+            const txHash = await evmRemoveDelegate(this.evmWriteClients(), cfg, schemaId, getAddress(delegate));
+            return { txHash };
+        }
+        if (chain === "solana") {
+            const wallet = this.requireSolanaWallet();
+            const programs = this.getSolanaAdapter().deployment;
+            const schemaPda = deriveSchemaPda(programs.schemaRegistry, wallet.publicKey, hexToBytes(schemaId));
+            const ix = buildRemoveDelegateInstruction({
+                schemaRegistryProgramId: programs.schemaRegistry,
+                authority: wallet.publicKey,
+                schemaPda,
+                delegate: new PublicKey(delegate),
+            });
+            return { txHash: await this.sendSolanaTx([ix]) };
+        }
+        throw unsupportedPsrChain(chain);
+    }
+    /** Attestations issued by this client's wallet. */
+    async getMyIssuedAttestations(chain) {
+        if (chain === "ethereum") {
+            const cfg = requirePsrV2Config(this.config.chainId);
+            return evmFetchAttestationsIssuedBy(this.publicClient, cfg, this.config.ethereumAddress);
+        }
+        if (chain === "solana") {
+            const wallet = this.requireSolanaWallet();
+            const programs = this.getSolanaAdapter().deployment;
+            const me = wallet.publicKey.toBase58();
+            const all = await solanaFetchAllAttestations(this.getSolanaAdapter().connection, programs.attestationEngineV2);
+            return all
+                .filter(({ attestation }) => attestation.issuer.toBase58() === me)
+                .map(({ address, attestation }) => solanaAttestationToV2(address, attestation));
+        }
+        throw unsupportedPsrChain(chain);
+    }
     /**
-     * JSON array string for {@link generateReputationProof} when passing `attestationsJson` (WASM Merkle witness).
+     * Issue a schema-bound attestation against a stealth identity. Resolves the recipient to a
+     * `stealth_address_hash`, encodes the field values per the schema, submits `attest`, and
+     * (when the recipient is a meta-address and `announce` is not `false`) publishes a discovery
+     * announcement so the recipient's scanner can find the trait. Verifies the wallet is an
+     * authorized issuer first.
+     */
+    async issueAttestation(chain, params) {
+        if (chain === "ethereum") {
+            const cfg = requirePsrV2Config(this.config.chainId);
+            const clients = this.evmWriteClients();
+            const schema = await evmFetchSchema(this.publicClient, cfg, params.schemaId);
+            if (!schema)
+                throw new Error(`Opaque PSR: schema ${params.schemaId} not found on Ethereum.`);
+            const authorized = await evmIsAuthorizedIssuer(this.publicClient, cfg, params.schemaId, this.config.ethereumAddress);
+            if (!authorized) {
+                throw new Error(`Opaque PSR: ${this.config.ethereumAddress} is not an authorized issuer for schema ${params.schemaId}.`);
+            }
+            const resolved = this.resolveStealthAddressHash(params.recipient);
+            const expirationBlock = await this.resolveEvmExpiryBlock(params.expiration);
+            const { txHash, uid } = await evmAttest(clients, cfg, {
+                schemaId: params.schemaId,
+                stealthAddressHash: resolved.hash,
+                fieldValues: params.fieldValues,
+                fieldDefs: parseFieldDefs(schema.fieldDefinitions),
+                expirationBlock,
+                refUid: params.refUid,
+            });
+            const wantAnnounce = params.announce ?? resolved.ephemeralPubKey != null;
+            if (wantAnnounce && resolved.stealthAddress && resolved.ephemeralPubKey && resolved.viewTag != null) {
+                const metadata = encodeV2AttestationMetadata({
+                    viewTag: resolved.viewTag,
+                    schemaId: params.schemaId,
+                    issuer: this.config.ethereumAddress,
+                    uid,
+                    nonce: randomNonce(),
+                });
+                try {
+                    await evmAnnounceV2Attestation(clients, this.announcer, {
+                        stealthAddress: resolved.stealthAddress,
+                        ephemeralPubKey: bytesToHex0x(resolved.ephemeralPubKey),
+                        metadata,
+                    });
+                }
+                catch {
+                    // Announcement is a discovery convenience; issuance already succeeded.
+                }
+            }
+            return { txHash, uid, stealthAddressHash: resolved.hash };
+        }
+        if (chain === "solana") {
+            const wallet = this.requireSolanaWallet();
+            const conn = this.getSolanaAdapter().connection;
+            const programs = this.getSolanaAdapter().deployment;
+            const schemaIdBytes = hexToBytes(params.schemaId);
+            const found = await this.fetchSolanaSchemaById(schemaIdBytes);
+            if (!found)
+                throw new Error(`Opaque PSR: schema ${params.schemaId} not found on Solana.`);
+            const me = wallet.publicKey.toBase58();
+            const authorized = found.schema.authority.toBase58() === me ||
+                found.schema.delegates.some((d) => d.toBase58() === me);
+            if (!authorized) {
+                throw new Error(`Opaque PSR: ${me} is not an authorized issuer for schema ${params.schemaId}.`);
+            }
+            const resolved = this.resolveStealthAddressHash(params.recipient);
+            const stealthHashBytes = hexToBytes(resolved.hash);
+            const dataBytes = hexToBytes(encodeAttestationData(params.fieldValues, parseFieldDefs(found.schema.fieldDefinitions)));
+            const expirationSlot = await this.resolveSolanaExpirySlot(params.expiration);
+            const refUid = params.refUid ? hexToBytes(params.refUid) : new Uint8Array(32);
+            const schemaPda = deriveSchemaPda(programs.schemaRegistry, found.schema.authority, schemaIdBytes);
+            const attestationPda = deriveAttestationPda(programs.attestationEngineV2, schemaIdBytes, wallet.publicKey, stealthHashBytes);
+            const resolverProgram = found.schema.resolver.equals(PublicKey.default) ? undefined : found.schema.resolver;
+            const ix = buildAttestInstruction({
+                attestationProgramId: programs.attestationEngineV2,
+                issuer: wallet.publicKey,
+                schemaPda,
+                attestationPda,
+                stealthAddressHash: stealthHashBytes,
+                data: dataBytes,
+                expirationSlot,
+                refUid,
+                resolverProgram,
+            });
+            const txHash = await this.sendSolanaTx([ix]);
+            const confirmed = await solanaFetchAttestationPda(conn, attestationPda);
+            const uid = confirmed ? bytesToHex0x(confirmed.uid) : ZERO_BYTES32_HEX;
+            const wantAnnounce = params.announce ?? resolved.ephemeralPubKey != null;
+            if (wantAnnounce && confirmed && resolved.stealthAddress && resolved.ephemeralPubKey && resolved.viewTag != null) {
+                const metadata = buildSolanaV2AttestationMetadata(resolved.viewTag, schemaIdBytes, wallet.publicKey, confirmed.uid);
+                const announceIx = this.getSolanaAdapter().buildAnnounceInstruction({
+                    caller: wallet.publicKey,
+                    stealthAddress: hexToBytes(resolved.stealthAddress),
+                    ephemeralPubKey: resolved.ephemeralPubKey,
+                    metadata,
+                });
+                try {
+                    await this.sendSolanaTx([announceIx]);
+                }
+                catch {
+                    // Announcement is a discovery convenience; issuance already succeeded.
+                }
+            }
+            return { txHash, uid, stealthAddressHash: resolved.hash };
+        }
+        throw unsupportedPsrChain(chain);
+    }
+    // --- PSR admin helpers ----------------------------------------------------
+    /** EIP-1193 provider or a clear error. */
+    requireEthereumProvider() {
+        const p = this.config.ethereumProvider;
+        if (!p) {
+            throw new Error("Opaque PSR: ethereumProvider is required for Ethereum PSR writes. Pass it to OpaqueClient.create.");
+        }
+        return p;
+    }
+    /** Viem chain for the configured chain id (bundled Sepolia, else a minimal definition). */
+    viemChain() {
+        if (this.config.chainId === sepolia.id)
+            return sepolia;
+        return defineChain({
+            id: this.config.chainId,
+            name: `chain-${this.config.chainId}`,
+            nativeCurrency: { name: "Ether", symbol: "ETH", decimals: 18 },
+            rpcUrls: { default: { http: [this.config.rpcUrl] } },
+        });
+    }
+    /** Lazily build the signing wallet client for Ethereum PSR writes. */
+    evmWalletClient() {
+        if (!this.evmWalletClientCache) {
+            this.evmWalletClientCache =
+                this.config.ethereumWalletClient ??
+                    createWalletClient({
+                        account: this.config.ethereumAddress,
+                        chain: this.viemChain(),
+                        transport: custom(this.requireEthereumProvider()),
+                    });
+        }
+        return this.evmWalletClientCache;
+    }
+    evmWriteClients() {
+        return {
+            publicClient: this.publicClient,
+            walletClient: this.evmWalletClient(),
+            account: this.config.ethereumAddress,
+        };
+    }
+    /** Solana signer (normalized) or a clear error. */
+    requireSolanaWallet() {
+        if (!this.solanaWalletCache) {
+            const w = this.config.solanaWallet;
+            if (!w) {
+                throw new Error("Opaque PSR: solanaWallet ({ publicKey, signTransaction }) is required for Solana PSR writes. Pass it to OpaqueClient.create.");
+            }
+            this.solanaWalletCache = {
+                publicKey: typeof w.publicKey === "string" ? new PublicKey(w.publicKey) : w.publicKey,
+                signTransaction: w.signTransaction,
+            };
+        }
+        return this.solanaWalletCache;
+    }
+    /**
+     * Sign + send + confirm a Solana transaction built from `ixs`. Any `extraSigners` (e.g. the
+     * Wormhole message keypair for `announce_with_relay`) partial-sign before the wallet signs as
+     * fee payer.
+     */
+    async sendSolanaTx(ixs, extraSigners = []) {
+        const wallet = this.requireSolanaWallet();
+        const conn = this.getSolanaAdapter().connection;
+        const tx = new Transaction();
+        for (const ix of ixs)
+            tx.add(ix);
+        tx.feePayer = wallet.publicKey;
+        const latest = await conn.getLatestBlockhash("confirmed");
+        tx.recentBlockhash = latest.blockhash;
+        if (extraSigners.length > 0)
+            tx.partialSign(...extraSigners);
+        const signed = await wallet.signTransaction(tx);
+        const signature = await conn.sendRawTransaction(signed.serialize());
+        await conn.confirmTransaction({ signature, ...latest }, "confirmed");
+        return signature;
+    }
+    /**
+     * Resolve a recipient to a 32-byte `stealth_address_hash` (and, for a meta-address, the
+     * ephemeral material needed to announce). Matches the frontends: 66-byte meta-address → DKSAP →
+     * `keccak256(stealthAddress)`; 20-byte stealth address → `keccak256(address)`; 32-byte → as-is.
+     */
+    resolveStealthAddressHash(recipient) {
+        const trimmed = recipient.trim();
+        const normalized = (trimmed.startsWith("0x") ? trimmed : `0x${trimmed}`);
+        const hexLen = normalized.length - 2;
+        if (hexLen === 132) {
+            const r = computeStealthAddressAndViewTag(normalized);
+            return {
+                hash: keccak256(r.stealthAddress),
+                stealthAddress: r.stealthAddress,
+                ephemeralPubKey: r.ephemeralPubKey,
+                viewTag: r.viewTag,
+            };
+        }
+        if (hexLen === 40) {
+            return { hash: keccak256(getAddress(normalized)), stealthAddress: getAddress(normalized) };
+        }
+        if (hexLen === 64) {
+            return { hash: normalized };
+        }
+        throw new Error("Opaque PSR: recipient must be a 66-byte meta-address, 20-byte stealth address, or 32-byte hash (hex).");
+    }
+    /** Resolve a {@link PsrExpiryInput} to an absolute Ethereum block (0 = no expiry). */
+    async resolveEvmExpiryBlock(expiry) {
+        if (!expiry)
+            return 0n;
+        if (expiry.slotOrBlock != null)
+            return BigInt(expiry.slotOrBlock);
+        if (expiry.dateTime) {
+            const targetMs = Date.parse(expiry.dateTime);
+            if (!Number.isFinite(targetMs))
+                throw new Error(`Opaque PSR: invalid expiry dateTime "${expiry.dateTime}".`);
+            const nowMs = Date.now();
+            if (targetMs <= nowMs)
+                throw new Error("Opaque PSR: expiry must be in the future.");
+            const current = await this.publicClient.getBlockNumber();
+            const blocks = Math.ceil((targetMs - nowMs) / 12_000); // ~12s/block
+            return current + BigInt(Math.max(1, blocks));
+        }
+        return 0n;
+    }
+    /** Resolve a {@link PsrExpiryInput} to an absolute Solana slot (0 = no expiry). */
+    async resolveSolanaExpirySlot(expiry) {
+        if (!expiry)
+            return 0;
+        if (expiry.slotOrBlock != null)
+            return Number(expiry.slotOrBlock);
+        if (expiry.dateTime) {
+            const targetMs = Date.parse(expiry.dateTime);
+            if (!Number.isFinite(targetMs))
+                throw new Error(`Opaque PSR: invalid expiry dateTime "${expiry.dateTime}".`);
+            const nowMs = Date.now();
+            if (targetMs <= nowMs)
+                throw new Error("Opaque PSR: expiry must be in the future.");
+            const currentSlot = await this.getSolanaAdapter().connection.getSlot("confirmed");
+            const slots = Math.ceil((targetMs - nowMs) / 400); // ~400ms/slot
+            return currentSlot + Math.max(1, slots);
+        }
+        return 0;
+    }
+    /** Find a Solana schema by `schemaId` (PSR schemas have no id-indexed PDA across authorities). */
+    async fetchSolanaSchemaById(schemaIdBytes) {
+        const programs = this.getSolanaAdapter().deployment;
+        const all = await solanaFetchAllSchemas(this.getSolanaAdapter().connection, programs.schemaRegistry);
+        const target = bytesToHex(schemaIdBytes);
+        return all.find(({ schema }) => bytesToHex(schema.schemaId) === target) ?? null;
+    }
+    /**
+     * JSON array string in the Rust scanner's announcement format (general scanner interop;
+     * no longer consumed by {@link generateReputationProof}, which builds V2 witnesses directly).
      */
     announcementsJsonForReputationWitness(rows) {
         return indexerAnnouncementsToScannerJson(rows);
@@ -357,18 +1551,22 @@ export class OpaqueClient {
         return this.getStealthSignerPrivateKey({ ephemeralPublicKey });
     }
     /**
-     * Groth16 proof bundle for `OpaqueReputationVerifier` (requires `snarkjs`).
-     * When `artifacts` is omitted, wasm/zkey are loaded from the default hosted paths on opaque.cash
-     * (same as the Opaque frontend `/circuits/...` assets).
+     * V2 Groth16 proof bundle for the reputation verifiers (requires `snarkjs`).
+     * When `artifacts` is omitted, the V2 wasm/zkey are loaded from the default hosted paths on
+     * opaque.cash (same as the Opaque frontend `/circuits/v2/...` assets).
+     *
+     * Public signals: `[merkle_root, attestation_id, external_nullifier, nullifier_hash]`;
+     * `ProofData.nullifier` carries `nullifier_hash`.
      */
     async generateReputationProof(params) {
         await ensureBufferPolyfill();
         return runGenerateReputationProof({
-            wasm: this.wasm,
             trait: params.trait,
             stealthPrivKeyBytes: params.stealthPrivKeyBytes,
             externalNullifier: params.externalNullifier,
-            attestationsJson: params.attestationsJson,
+            issuerPkX: params.issuerPkX,
+            traitDataHash: params.traitDataHash,
+            nonce: params.nonce,
             artifacts: params.artifacts,
             onProgress: params.onProgress,
         });
@@ -393,9 +1591,37 @@ export class OpaqueClient {
     async simulateReputationVerification(wallet, args) {
         return simulateVerifyReputation(this.publicClient, wallet, this.getReputationVerifierAddress(), args);
     }
-    /** Broadcast `verifyReputation` (consumes nullifier when successful). */
-    async submitReputationVerification(wallet, args) {
-        return submitVerifyReputation(this.publicClient, wallet, this.getReputationVerifierAddress(), args);
+    /**
+     * Broadcast a reputation proof to the verifier, dispatching on `chain` (consumes the nullifier on
+     * success). Uses the configured signer for each chain — `ethereumWalletClient` / `ethereumProvider`
+     * for Ethereum, `solanaWallet` for Solana. The same {@link VerifyReputationArgs} feeds both:
+     * `proofData` (from {@link generateReputationProof}), `merkleRoot`, and `externalNullifier`.
+     */
+    async submitReputationVerification(chain, args) {
+        if (chain === "ethereum") {
+            // The configured wallet client carries a concrete chain at runtime (viemChain / wagmi);
+            // cast to satisfy submitVerifyReputation's `TChain extends Chain` constraint.
+            const wallet = this.evmWalletClient();
+            const txHash = await submitVerifyReputation(this.publicClient, wallet, this.getReputationVerifierAddress(), args);
+            return { txHash };
+        }
+        if (chain === "solana") {
+            const wallet = this.requireSolanaWallet();
+            const adapter = this.getSolanaAdapter();
+            const txHash = await solanaSubmitReputationProof(adapter.connection, {
+                reputationProgramId: adapter.deployment.reputationVerifier,
+                groth16ProgramId: adapter.deployment.groth16Verifier,
+                proof: args.proofData.proof,
+                merkleRoot: args.merkleRoot,
+                nullifier: args.proofData.nullifier,
+                externalNullifier: args.externalNullifier,
+                attestationId: args.proofData.attestationId,
+                publicKey: wallet.publicKey,
+                signTransaction: wallet.signTransaction,
+            });
+            return { txHash };
+        }
+        throw unsupportedPsrChain(chain);
     }
     getReputationVerifierAddress() {
         if (!this.reputationVerifier) {
@@ -431,6 +1657,100 @@ function bytesToHex(b) {
         .map((x) => x.toString(16).padStart(2, "0"))
         .join("");
 }
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/**
+ * Stand-in WASM module for clients created without a `wasmModuleSpecifier`: any property access
+ * throws a clear error. The PSR admin API never touches it; scan/sweep/proof/trait methods do.
+ */
+function wasmUnavailable() {
+    return new Proxy({}, {
+        get() {
+            throw new Error("Opaque: this method requires the cryptography WASM module. Pass `wasmModuleSpecifier` to " +
+                "OpaqueClient.create. (Scanning, sweeping, trait discovery, key reconstruction, and proof " +
+                "generation need it; PSR schema/attestation admin does not.)");
+        },
+    });
+}
+/** All-zero bytes32 as `0x`-hex (no attestation uid). */
+const ZERO_BYTES32_HEX = ("0x" + "00".repeat(32));
+function bytesToHex0x(b) {
+    return ("0x" + bytesToHex(b));
+}
+function unsupportedPsrChain(chain) {
+    return new Error(`Opaque PSR: unsupported chain "${chain}".`);
+}
+/** Accept an ABI string or {@link FieldDef}s and return the canonical ABI string. */
+function normalizeFieldDefs(fieldDefinitions) {
+    return typeof fieldDefinitions === "string"
+        ? fieldDefinitions
+        : fieldDefsToString(fieldDefinitions);
+}
+/** Convert a parsed Solana schema PDA into the chain-neutral {@link SchemaV2}. */
+function solanaSchemaToV2(address, s) {
+    return {
+        address: address.toBase58(),
+        schemaId: bytesToHex0x(s.schemaId),
+        authority: s.authority.toBase58(),
+        resolver: s.resolver.toBase58(),
+        revocable: s.revocable,
+        name: s.name,
+        fieldDefinitions: s.fieldDefinitions,
+        version: s.version,
+        delegates: s.delegates.map((d) => d.toBase58()),
+        createdAt: Number(s.createdAt),
+        schemaExpirySlot: Number(s.schemaExpirySlot),
+        deprecated: s.deprecated,
+    };
+}
+/** Convert a parsed Solana attestation PDA into the chain-neutral {@link AttestationV2}. */
+function solanaAttestationToV2(address, a) {
+    return {
+        address: address.toBase58(),
+        uid: bytesToHex0x(a.uid),
+        schemaId: bytesToHex0x(a.schemaId),
+        issuer: a.issuer.toBase58(),
+        stealthAddressHash: bytesToHex0x(a.stealthAddressHash),
+        dataHex: bytesToHex0x(a.data),
+        createdAt: Number(a.createdAt),
+        expirationSlot: Number(a.expirationSlot),
+        revocationSlot: Number(a.revocationSlot),
+        refUid: bytesToHex0x(a.refUid),
+    };
+}
+/**
+ * Build the 130-byte V2 attestation announcement metadata for Solana (the issuer is a 32-byte
+ * Ed25519 pubkey, so this is the Solana counterpart to `encodeV2AttestationMetadata`):
+ * `viewTag(1) || 0xB2 || schemaId(32) || issuer(32) || uid(32) || nonce(32)`.
+ */
+function buildSolanaV2AttestationMetadata(viewTag, schemaIdBytes, issuer, uid) {
+    const metadata = new Uint8Array(130);
+    metadata[0] = viewTag & 0xff;
+    metadata[1] = 0xb2;
+    metadata.set(schemaIdBytes.slice(0, 32), 2);
+    metadata.set(issuer.toBytes(), 34);
+    metadata.set(uid.slice(0, 32), 66);
+    metadata.set(hexToBytes(randomNonce()), 98);
+    return metadata;
+}
+/**
+ * Map a chain-neutral {@link Announcement} (from any {@link ChainAdapter}) into the
+ * {@link IndexerAnnouncement} row shape consumed by {@link OpaqueClient.filterOwnedAnnouncements}.
+ * `txHash` passes through verbatim (an EVM `0x` hash or a Solana base58 signature); `cursor`
+ * (EVM block / Solana slot) becomes `blockNumber`.
+ */
+export function announcementToIndexerRow(a) {
+    return {
+        blockNumber: (a.cursor ?? 0n).toString(),
+        etherealPublicKey: (`0x${bytesToHex(a.ephemeralPubKey)}`),
+        logIndex: a.logIndex ?? 0,
+        metadata: (`0x${bytesToHex(a.metadata)}`),
+        stealthAddress: a.stealthAddress,
+        transactionHash: (a.txHash ?? "0x"),
+        viewTag: a.viewTag,
+    };
+}
 function hexPayloadByteLength(h) {
     const s = h.startsWith("0x") ? h.slice(2) : h;
     return s.length / 2;