@opaquecash/privacy-pool 0.2.0

package/dist/crypto.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Privacy-pool commitments and Poseidon Merkle trees (spec/privacy-pool.md §1–§3),
+ * byte-identical to `withdrawal.circom` and `OpaquePrivacyPool` / `MerkleTreeWithHistory`.
+ * All hashing is circomlib Poseidon over BN254; the empty leaf is 0 and
+ * `zeros[i] = Poseidon(zeros[i-1], zeros[i-1])`.
+ */
+export declare const POOL_LEVELS = 20;
+export declare const FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617n;
+export interface PoolCrypto {
+    /** Poseidon over field elements; returns a bigint. */
+    hash(inputs: bigint[]): bigint;
+    /** precommitment = Poseidon(nullifier, secret). */
+    precommitment(nullifier: bigint, secret: bigint): bigint;
+    /** commitment = Poseidon(value, label, precommitment). */
+    commitment(value: bigint, label: bigint, precommitment: bigint): bigint;
+    /** label = Poseidon(scope, depositIndex). */
+    label(scope: bigint, depositIndex: bigint): bigint;
+    /** nullifierHash = Poseidon(nullifier). */
+    nullifierHash(nullifier: bigint): bigint;
+    /** Zero-subtree roots, `zeros[0..LEVELS]`. */
+    zeros: bigint[];
+}
+/** Build the Poseidon-backed pool crypto (async: circomlibjs loads a wasm). */
+export declare function buildPoolCrypto(): Promise<PoolCrypto>;
+/**
+ * An append-only Poseidon Merkle tree mirroring `MerkleTreeWithHistory`. Build it from
+ * the pool's ordered leaves (deposit/remainder commitments for the state tree, approved
+ * labels for the association tree) to derive inclusion paths for the withdrawal witness.
+ */
+export declare class PoolMerkleTree {
+    private readonly crypto;
+    private readonly levels;
+    private layers;
+    constructor(crypto: PoolCrypto, leaves: bigint[], levels?: number);
+    /** The current root (matches the contract after inserting the same leaves in order). */
+    root(): bigint;
+    /** Inclusion path for the leaf at `index`: siblings + direction bits (0=left). */
+    proof(index: number): {
+        siblings: bigint[];
+        pathIndices: number[];
+    };
+}
+//# sourceMappingURL=crypto.d.ts.map

package/dist/crypto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.d.ts","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,eAAO,MAAM,WAAW,KAAK,CAAC;AAC9B,eAAO,MAAM,KAAK,iFAC8D,CAAC;AAEjF,MAAM,WAAW,UAAU;IACzB,sDAAsD;IACtD,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;IAC/B,mDAAmD;IACnD,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;IACzD,0DAA0D;IAC1D,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,GAAG,MAAM,CAAC;IACxE,6CAA6C;IAC7C,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,MAAM,CAAC;IACnD,2CAA2C;IAC3C,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IACzC,8CAA8C;IAC9C,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,+EAA+E;AAC/E,wBAAsB,eAAe,IAAI,OAAO,CAAC,UAAU,CAAC,CAgB3D;AAED;;;;GAIG;AACH,qBAAa,cAAc;IAIvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IAEvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IALzB,OAAO,CAAC,MAAM,CAAa;gBAGR,MAAM,EAAE,UAAU,EACnC,MAAM,EAAE,MAAM,EAAE,EACC,MAAM,SAAc;IAevC,wFAAwF;IACxF,IAAI,IAAI,MAAM;IAKd,kFAAkF;IAClF,KAAK,CAAC,KAAK,EAAE,MAAM,GAAG;QAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;QAAC,WAAW,EAAE,MAAM,EAAE,CAAA;KAAE;CAcpE"}

package/dist/crypto.js

@@ -0,0 +1,73 @@
+/**
+ * Privacy-pool commitments and Poseidon Merkle trees (spec/privacy-pool.md §1–§3),
+ * byte-identical to `withdrawal.circom` and `OpaquePrivacyPool` / `MerkleTreeWithHistory`.
+ * All hashing is circomlib Poseidon over BN254; the empty leaf is 0 and
+ * `zeros[i] = Poseidon(zeros[i-1], zeros[i-1])`.
+ */
+// @ts-expect-error untyped
+import { buildPoseidon } from "circomlibjs";
+export const POOL_LEVELS = 20;
+export const FIELD = 21888242871839275222246405745257275088548364400416034343698204186575808495617n;
+/** Build the Poseidon-backed pool crypto (async: circomlibjs loads a wasm). */
+export async function buildPoolCrypto() {
+    const poseidon = await buildPoseidon();
+    const F = poseidon.F;
+    const hash = (inputs) => F.toObject(poseidon(inputs));
+    const zeros = [0n];
+    for (let i = 1; i <= POOL_LEVELS; i++)
+        zeros.push(hash([zeros[i - 1], zeros[i - 1]]));
+    return {
+        hash,
+        zeros,
+        precommitment: (nullifier, secret) => hash([nullifier, secret]),
+        commitment: (value, label, precommitment) => hash([value, label, precommitment]),
+        label: (scope, depositIndex) => hash([scope, depositIndex]),
+        nullifierHash: (nullifier) => hash([nullifier]),
+    };
+}
+/**
+ * An append-only Poseidon Merkle tree mirroring `MerkleTreeWithHistory`. Build it from
+ * the pool's ordered leaves (deposit/remainder commitments for the state tree, approved
+ * labels for the association tree) to derive inclusion paths for the withdrawal witness.
+ */
+export class PoolMerkleTree {
+    crypto;
+    levels;
+    layers;
+    constructor(crypto, leaves, levels = POOL_LEVELS) {
+        this.crypto = crypto;
+        this.levels = levels;
+        this.layers = [leaves.slice()];
+        for (let level = 0; level < levels; level++) {
+            const cur = this.layers[level];
+            const next = [];
+            for (let i = 0; i < cur.length; i += 2) {
+                const left = cur[i];
+                const right = i + 1 < cur.length ? cur[i + 1] : crypto.zeros[level];
+                next.push(crypto.hash([left, right]));
+            }
+            this.layers.push(next);
+        }
+    }
+    /** The current root (matches the contract after inserting the same leaves in order). */
+    root() {
+        const top = this.layers[this.levels];
+        return top.length > 0 ? top[0] : this.crypto.zeros[this.levels];
+    }
+    /** Inclusion path for the leaf at `index`: siblings + direction bits (0=left). */
+    proof(index) {
+        const siblings = [];
+        const pathIndices = [];
+        let idx = index;
+        for (let level = 0; level < this.levels; level++) {
+            const layer = this.layers[level];
+            const isRight = idx % 2 === 1;
+            const siblingIdx = isRight ? idx - 1 : idx + 1;
+            siblings.push(siblingIdx < layer.length ? layer[siblingIdx] : this.crypto.zeros[level]);
+            pathIndices.push(isRight ? 1 : 0);
+            idx = Math.floor(idx / 2);
+        }
+        return { siblings, pathIndices };
+    }
+}
+//# sourceMappingURL=crypto.js.map

package/dist/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../src/crypto.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,2BAA2B;AAC3B,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE5C,MAAM,CAAC,MAAM,WAAW,GAAG,EAAE,CAAC;AAC9B,MAAM,CAAC,MAAM,KAAK,GAChB,8EAA8E,CAAC;AAiBjF,+EAA+E;AAC/E,MAAM,CAAC,KAAK,UAAU,eAAe;IACnC,MAAM,QAAQ,GAAG,MAAM,aAAa,EAAE,CAAC;IACvC,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC;IACrB,MAAM,IAAI,GAAG,CAAC,MAAgB,EAAU,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAW,CAAC;IAElF,MAAM,KAAK,GAAa,CAAC,EAAE,CAAC,CAAC;IAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,WAAW,EAAE,CAAC,EAAE;QAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAEtF,OAAO;QACL,IAAI;QACJ,KAAK;QACL,aAAa,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QAC/D,UAAU,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,aAAa,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC;QAChF,KAAK,EAAE,CAAC,KAAK,EAAE,YAAY,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;QAC3D,aAAa,EAAE,CAAC,SAAS,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,CAAC;KAChD,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,OAAO,cAAc;IAIN;IAEA;IALX,MAAM,CAAa;IAE3B,YACmB,MAAkB,EACnC,MAAgB,EACC,SAAS,WAAW;QAFpB,WAAM,GAAN,MAAM,CAAY;QAElB,WAAM,GAAN,MAAM,CAAc;QAErC,IAAI,CAAC,MAAM,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QAC/B,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,MAAM,EAAE,KAAK,EAAE,EAAE,CAAC;YAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAC/B,MAAM,IAAI,GAAa,EAAE,CAAC;YAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvC,MAAM,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;gBACpB,MAAM,KAAK,GAAG,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;gBACpE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;YACxC,CAAC;YACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED,wFAAwF;IACxF,IAAI;QACF,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACrC,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAClE,CAAC;IAED,kFAAkF;IAClF,KAAK,CAAC,KAAa;QACjB,MAAM,QAAQ,GAAa,EAAE,CAAC;QAC9B,MAAM,WAAW,GAAa,EAAE,CAAC;QACjC,IAAI,GAAG,GAAG,KAAK,CAAC;QAChB,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,EAAE,CAAC;YACjD,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACjC,MAAM,OAAO,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC;YAC9B,MAAM,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;YAC/C,QAAQ,CAAC,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;YACxF,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAClC,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC;IACnC,CAAC;CACF"}

package/dist/index.d.ts

@@ -0,0 +1,19 @@
+/**
+ * `@opaquecash/privacy-pool` — client for the Opaque privacy pool (spec/privacy-pool.md).
+ * Amount privacy via the Privacy Pools (Buterin/Soleimani association-set) construction:
+ * deposit a value-bearing commitment, then withdraw to a fresh stealth address with a
+ * zero-knowledge proof of state-tree membership AND association-set membership.
+ *
+ * Building blocks (compose into a shielded `deposit → withdraw` flow):
+ *   - {@link buildPoolCrypto} + {@link PoolMerkleTree}: Poseidon commitments + trees,
+ *     byte-identical to the circuit and contract.
+ *   - {@link generateDepositNote} + {@link buildDepositTx}: shielded deposit.
+ *   - {@link buildWithdrawalWitness} + {@link generateWithdrawalProof}: the ZK proof.
+ *   - {@link buildWithdrawTx}: the on-chain withdrawal call.
+ *
+ * @packageDocumentation
+ */
+export { POOL_LEVELS, FIELD, buildPoolCrypto, PoolMerkleTree, type PoolCrypto, } from "./crypto.js";
+export { buildWithdrawalWitness, generateWithdrawalProof, toSolidityProof, type PoolArtifacts, type CommitmentNote, type BuildWithdrawalWitnessParams, type WithdrawalWitness, type SolidityProof, } from "./prove.js";
+export { opaquePrivacyPoolAbi, generateDepositNote, buildDepositTx, buildWithdrawTx, type WithdrawalParams, type DepositNote, type EvmTxRequest, } from "./tx.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EACL,WAAW,EACX,KAAK,EACL,eAAe,EACf,cAAc,EACd,KAAK,UAAU,GAChB,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,eAAe,EACf,KAAK,aAAa,EAClB,KAAK,cAAc,EACnB,KAAK,4BAA4B,EACjC,KAAK,iBAAiB,EACtB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,KAAK,gBAAgB,EACrB,KAAK,WAAW,EAChB,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC"}

package/dist/index.js

@@ -0,0 +1,19 @@
+/**
+ * `@opaquecash/privacy-pool` — client for the Opaque privacy pool (spec/privacy-pool.md).
+ * Amount privacy via the Privacy Pools (Buterin/Soleimani association-set) construction:
+ * deposit a value-bearing commitment, then withdraw to a fresh stealth address with a
+ * zero-knowledge proof of state-tree membership AND association-set membership.
+ *
+ * Building blocks (compose into a shielded `deposit → withdraw` flow):
+ *   - {@link buildPoolCrypto} + {@link PoolMerkleTree}: Poseidon commitments + trees,
+ *     byte-identical to the circuit and contract.
+ *   - {@link generateDepositNote} + {@link buildDepositTx}: shielded deposit.
+ *   - {@link buildWithdrawalWitness} + {@link generateWithdrawalProof}: the ZK proof.
+ *   - {@link buildWithdrawTx}: the on-chain withdrawal call.
+ *
+ * @packageDocumentation
+ */
+export { POOL_LEVELS, FIELD, buildPoolCrypto, PoolMerkleTree, } from "./crypto.js";
+export { buildWithdrawalWitness, generateWithdrawalProof, toSolidityProof, } from "./prove.js";
+export { opaquePrivacyPoolAbi, generateDepositNote, buildDepositTx, buildWithdrawTx, } from "./tx.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EACL,WAAW,EACX,KAAK,EACL,eAAe,EACf,cAAc,GAEf,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,eAAe,GAMhB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,cAAc,EACd,eAAe,GAIhB,MAAM,SAAS,CAAC"}

package/dist/prove.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Withdrawal witness assembly + Groth16 proof generation (spec/privacy-pool.md §4.1).
+ * The witness binds the spent commitment's openings, both Merkle inclusion paths, the
+ * value accounting, and the contract-supplied `context`. Public-signal order matches
+ * the circuit: withdrawn_value, state_root, asp_root, nullifier_hash, new_commitment,
+ * context.
+ */
+import { POOL_LEVELS, type PoolCrypto } from "./crypto.js";
+/** Paths/URLs to the withdrawal circuit artifacts (Node: file paths; browser: static URLs). */
+export interface PoolArtifacts {
+    wasmPath: string;
+    zkeyPath: string;
+}
+/** The opening of a spendable commitment the user holds. */
+export interface CommitmentNote {
+    value: bigint;
+    label: bigint;
+    nullifier: bigint;
+    secret: bigint;
+}
+export interface BuildWithdrawalWitnessParams {
+    note: CommitmentNote;
+    /** Amount to pay out (≤ note.value). */
+    withdrawnValue: bigint;
+    /** Fresh openings for the remainder commitment. */
+    newNullifier: bigint;
+    newSecret: bigint;
+    /** Ordered state-tree leaves (all commitments) and the note's leaf index. */
+    stateLeaves: bigint[];
+    stateIndex: number;
+    /** Ordered association-tree leaves (approved labels) and the note's label index. */
+    aspLeaves: bigint[];
+    aspIndex: number;
+    /** The pool's `context(params)` value for this withdrawal (read from the contract). */
+    context: bigint;
+}
+export interface WithdrawalWitness {
+    input: Record<string, string | string[]>;
+    /** Public values the caller passes to `withdraw` alongside the proof. */
+    publics: {
+        withdrawnValue: bigint;
+        stateRoot: bigint;
+        aspRoot: bigint;
+        nullifierHash: bigint;
+        newCommitment: bigint;
+        context: bigint;
+    };
+}
+/** Assemble the circuit input + the public values for an on-chain `withdraw` call. */
+export declare function buildWithdrawalWitness(crypto: PoolCrypto, p: BuildWithdrawalWitnessParams): WithdrawalWitness;
+/** Groth16 proof formatted for the Solidity verifier's `verifyProof` argument order. */
+export interface SolidityProof {
+    a: [bigint, bigint];
+    b: [[bigint, bigint], [bigint, bigint]];
+    c: [bigint, bigint];
+}
+/** Generate a withdrawal proof and format it for the on-chain verifier. */
+export declare function generateWithdrawalProof(witness: WithdrawalWitness, artifacts: PoolArtifacts): Promise<{
+    proof: SolidityProof;
+    publicSignals: string[];
+}>;
+/** Convert a snarkjs proof object to the verifier's (a, b, c) calldata shape. */
+export declare function toSolidityProof(proof: {
+    pi_a: string[];
+    pi_b: string[][];
+    pi_c: string[];
+}): SolidityProof;
+export { POOL_LEVELS };
+//# sourceMappingURL=prove.d.ts.map

package/dist/prove.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"prove.d.ts","sourceRoot":"","sources":["../src/prove.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,EAAkB,WAAW,EAAE,KAAK,UAAU,EAAE,MAAM,aAAa,CAAC;AAE3E,+FAA+F;AAC/F,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,4DAA4D;AAC5D,MAAM,WAAW,cAAc;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,4BAA4B;IAC3C,IAAI,EAAE,cAAc,CAAC;IACrB,wCAAwC;IACxC,cAAc,EAAE,MAAM,CAAC;IACvB,mDAAmD;IACnD,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,6EAA6E;IAC7E,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,UAAU,EAAE,MAAM,CAAC;IACnB,oFAAoF;IACpF,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,uFAAuF;IACvF,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC,CAAC;IACzC,yEAAyE;IACzE,OAAO,EAAE;QACP,cAAc,EAAE,MAAM,CAAC;QACvB,SAAS,EAAE,MAAM,CAAC;QAClB,OAAO,EAAE,MAAM,CAAC;QAChB,aAAa,EAAE,MAAM,CAAC;QACtB,aAAa,EAAE,MAAM,CAAC;QACtB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAED,sFAAsF;AACtF,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,UAAU,EAClB,CAAC,EAAE,4BAA4B,GAC9B,iBAAiB,CAiDnB;AAED,wFAAwF;AACxF,MAAM,WAAW,aAAa;IAC5B,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACpB,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACxC,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACrB;AAED,2EAA2E;AAC3E,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,iBAAiB,EAC1B,SAAS,EAAE,aAAa,GACvB,OAAO,CAAC;IAAE,KAAK,EAAE,aAAa,CAAC;IAAC,aAAa,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CAO5D;AAED,iFAAiF;AACjF,wBAAgB,eAAe,CAAC,KAAK,EAAE;IACrC,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC;IACjB,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB,GAAG,aAAa,CAUhB;AAED,OAAO,EAAE,WAAW,EAAE,CAAC"}

package/dist/prove.js

@@ -0,0 +1,73 @@
+/**
+ * Withdrawal witness assembly + Groth16 proof generation (spec/privacy-pool.md §4.1).
+ * The witness binds the spent commitment's openings, both Merkle inclusion paths, the
+ * value accounting, and the contract-supplied `context`. Public-signal order matches
+ * the circuit: withdrawn_value, state_root, asp_root, nullifier_hash, new_commitment,
+ * context.
+ */
+// @ts-expect-error snarkjs is untyped
+import * as snarkjs from "snarkjs";
+import { PoolMerkleTree, POOL_LEVELS } from "./crypto.js";
+/** Assemble the circuit input + the public values for an on-chain `withdraw` call. */
+export function buildWithdrawalWitness(crypto, p) {
+    if (p.withdrawnValue > p.note.value) {
+        throw new Error("Opaque pool: withdrawnValue exceeds the note value");
+    }
+    const stateTree = new PoolMerkleTree(crypto, p.stateLeaves);
+    const aspTree = new PoolMerkleTree(crypto, p.aspLeaves);
+    const statePath = stateTree.proof(p.stateIndex);
+    const aspPath = aspTree.proof(p.aspIndex);
+    const remainder = p.note.value - p.withdrawnValue;
+    const newCommitment = crypto.commitment(remainder, p.note.label, crypto.precommitment(p.newNullifier, p.newSecret));
+    const nullifierHash = crypto.nullifierHash(p.note.nullifier);
+    const stateRoot = stateTree.root();
+    const aspRoot = aspTree.root();
+    const input = {
+        value: p.note.value.toString(),
+        label: p.note.label.toString(),
+        nullifier: p.note.nullifier.toString(),
+        secret: p.note.secret.toString(),
+        new_nullifier: p.newNullifier.toString(),
+        new_secret: p.newSecret.toString(),
+        state_siblings: statePath.siblings.map(String),
+        state_index: statePath.pathIndices.map(String),
+        asp_siblings: aspPath.siblings.map(String),
+        asp_index: aspPath.pathIndices.map(String),
+        withdrawn_value: p.withdrawnValue.toString(),
+        state_root: stateRoot.toString(),
+        asp_root: aspRoot.toString(),
+        nullifier_hash: nullifierHash.toString(),
+        new_commitment: newCommitment.toString(),
+        context: p.context.toString(),
+    };
+    return {
+        input,
+        publics: {
+            withdrawnValue: p.withdrawnValue,
+            stateRoot,
+            aspRoot,
+            nullifierHash,
+            newCommitment,
+            context: p.context,
+        },
+    };
+}
+/** Generate a withdrawal proof and format it for the on-chain verifier. */
+export async function generateWithdrawalProof(witness, artifacts) {
+    const { proof, publicSignals } = await snarkjs.groth16.fullProve(witness.input, artifacts.wasmPath, artifacts.zkeyPath);
+    return { proof: toSolidityProof(proof), publicSignals };
+}
+/** Convert a snarkjs proof object to the verifier's (a, b, c) calldata shape. */
+export function toSolidityProof(proof) {
+    return {
+        a: [BigInt(proof.pi_a[0]), BigInt(proof.pi_a[1])],
+        // G2 point coordinates are swapped for the EVM pairing precompile.
+        b: [
+            [BigInt(proof.pi_b[0][1]), BigInt(proof.pi_b[0][0])],
+            [BigInt(proof.pi_b[1][1]), BigInt(proof.pi_b[1][0])],
+        ],
+        c: [BigInt(proof.pi_c[0]), BigInt(proof.pi_c[1])],
+    };
+}
+export { POOL_LEVELS };
+//# sourceMappingURL=prove.js.map

package/dist/prove.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"prove.js","sourceRoot":"","sources":["../src/prove.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,sCAAsC;AACtC,OAAO,KAAK,OAAO,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,cAAc,EAAE,WAAW,EAAmB,MAAM,aAAa,CAAC;AA8C3E,sFAAsF;AACtF,MAAM,UAAU,sBAAsB,CACpC,MAAkB,EAClB,CAA+B;IAE/B,IAAI,CAAC,CAAC,cAAc,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACxE,CAAC;IACD,MAAM,SAAS,GAAG,IAAI,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,WAAW,CAAC,CAAC;IAC5D,MAAM,OAAO,GAAG,IAAI,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC;IACxD,MAAM,SAAS,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAE1C,MAAM,SAAS,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,cAAc,CAAC;IAClD,MAAM,aAAa,GAAG,MAAM,CAAC,UAAU,CACrC,SAAS,EACT,CAAC,CAAC,IAAI,CAAC,KAAK,EACZ,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC,CAAC,SAAS,CAAC,CAClD,CAAC;IACF,MAAM,aAAa,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC7D,MAAM,SAAS,GAAG,SAAS,CAAC,IAAI,EAAE,CAAC;IACnC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAE/B,MAAM,KAAK,GAAsC;QAC/C,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE;QAC9B,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE;QAC9B,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE;QACtC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;QAChC,aAAa,EAAE,CAAC,CAAC,YAAY,CAAC,QAAQ,EAAE;QACxC,UAAU,EAAE,CAAC,CAAC,SAAS,CAAC,QAAQ,EAAE;QAClC,cAAc,EAAE,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC;QAC9C,WAAW,EAAE,SAAS,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC;QAC9C,YAAY,EAAE,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC;QAC1C,SAAS,EAAE,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC;QAC1C,eAAe,EAAE,CAAC,CAAC,cAAc,CAAC,QAAQ,EAAE;QAC5C,UAAU,EAAE,SAAS,CAAC,QAAQ,EAAE;QAChC,QAAQ,EAAE,OAAO,CAAC,QAAQ,EAAE;QAC5B,cAAc,EAAE,aAAa,CAAC,QAAQ,EAAE;QACxC,cAAc,EAAE,aAAa,CAAC,QAAQ,EAAE;QACxC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE;KAC9B,CAAC;IAEF,OAAO;QACL,KAAK;QACL,OAAO,EAAE;YACP,cAAc,EAAE,CAAC,CAAC,cAAc;YAChC,SAAS;YACT,OAAO;YACP,aAAa;YACb,aAAa;YACb,OAAO,EAAE,CAAC,CAAC,OAAO;SACnB;KACF,CAAC;AACJ,CAAC;AASD,2EAA2E;AAC3E,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,OAA0B,EAC1B,SAAwB;IAExB,MAAM,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,SAAS,CAC9D,OAAO,CAAC,KAAK,EACb,SAAS,CAAC,QAAQ,EAClB,SAAS,CAAC,QAAQ,CACnB,CAAC;IACF,OAAO,EAAE,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC,EAAE,aAAa,EAAE,CAAC;AAC1D,CAAC;AAED,iFAAiF;AACjF,MAAM,UAAU,eAAe,CAAC,KAI/B;IACC,OAAO;QACL,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACjD,mEAAmE;QACnE,CAAC,EAAE;YACD,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACpD,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SACrD;QACD,CAAC,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;KAClD,CAAC;AACJ,CAAC;AAED,OAAO,EAAE,WAAW,EAAE,CAAC"}

package/dist/tx.d.ts

@@ -0,0 +1,128 @@
+/**
+ * Deposit / withdraw transaction building for `OpaquePrivacyPool` and the random note
+ * generation behind a shielded deposit (spec/privacy-pool.md §5–§6).
+ */
+import { type Address, type Hex } from "viem";
+import { type PoolCrypto } from "./crypto.js";
+import type { SolidityProof } from "./prove.js";
+/** Minimal pool ABI for deposit + withdraw + the reads a client needs. */
+export declare const opaquePrivacyPoolAbi: readonly [{
+    readonly type: "function";
+    readonly name: "deposit";
+    readonly stateMutability: "payable";
+    readonly inputs: readonly [{
+        readonly name: "precommitment";
+        readonly type: "uint256";
+    }];
+    readonly outputs: readonly [{
+        readonly name: "commitment";
+        readonly type: "bytes32";
+    }];
+}, {
+    readonly type: "function";
+    readonly name: "withdraw";
+    readonly stateMutability: "nonpayable";
+    readonly inputs: readonly [{
+        readonly name: "a";
+        readonly type: "uint256[2]";
+    }, {
+        readonly name: "b";
+        readonly type: "uint256[2][2]";
+    }, {
+        readonly name: "c";
+        readonly type: "uint256[2]";
+    }, {
+        readonly name: "withdrawnValue";
+        readonly type: "uint256";
+    }, {
+        readonly name: "stateRoot";
+        readonly type: "uint256";
+    }, {
+        readonly name: "nullifierHash";
+        readonly type: "uint256";
+    }, {
+        readonly name: "newCommitment";
+        readonly type: "uint256";
+    }, {
+        readonly name: "params";
+        readonly type: "tuple";
+        readonly components: readonly [{
+            readonly name: "recipient";
+            readonly type: "address";
+        }, {
+            readonly name: "feeRecipient";
+            readonly type: "address";
+        }, {
+            readonly name: "fee";
+            readonly type: "uint256";
+        }];
+    }];
+    readonly outputs: readonly [];
+}, {
+    readonly type: "function";
+    readonly name: "scope";
+    readonly stateMutability: "view";
+    readonly inputs: readonly [];
+    readonly outputs: readonly [{
+        readonly type: "uint256";
+    }];
+}, {
+    readonly type: "function";
+    readonly name: "aspRoot";
+    readonly stateMutability: "view";
+    readonly inputs: readonly [];
+    readonly outputs: readonly [{
+        readonly type: "uint256";
+    }];
+}, {
+    readonly type: "function";
+    readonly name: "context";
+    readonly stateMutability: "view";
+    readonly inputs: readonly [{
+        readonly name: "params";
+        readonly type: "tuple";
+        readonly components: readonly [{
+            readonly name: "recipient";
+            readonly type: "address";
+        }, {
+            readonly name: "feeRecipient";
+            readonly type: "address";
+        }, {
+            readonly name: "fee";
+            readonly type: "uint256";
+        }];
+    }];
+    readonly outputs: readonly [{
+        readonly type: "uint256";
+    }];
+}];
+/** Payout parameters bound into the withdrawal proof's `context`. */
+export interface WithdrawalParams {
+    recipient: Address;
+    feeRecipient: Address;
+    fee: bigint;
+}
+/** A freshly generated deposit note: secret openings the user must keep to withdraw. */
+export interface DepositNote {
+    nullifier: bigint;
+    secret: bigint;
+    precommitment: bigint;
+}
+/** Generate fresh `(nullifier, secret)` and the `precommitment` to deposit. */
+export declare function generateDepositNote(crypto: PoolCrypto, randomBytes: (n: number) => Uint8Array): DepositNote;
+/** EVM transaction request the depositor sends (value = deposit amount). */
+export interface EvmTxRequest {
+    to: Address;
+    data: Hex;
+    value: bigint;
+}
+/** Build the `deposit(precommitment)` call. */
+export declare function buildDepositTx(pool: Address, note: DepositNote, value: bigint): EvmTxRequest;
+/** Build the `withdraw(...)` calldata from a proof + public values + payout params. */
+export declare function buildWithdrawTx(pool: Address, proof: SolidityProof, publics: {
+    withdrawnValue: bigint;
+    stateRoot: bigint;
+    nullifierHash: bigint;
+    newCommitment: bigint;
+}, params: WithdrawalParams): EvmTxRequest;
+//# sourceMappingURL=tx.d.ts.map

package/dist/tx.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tx.d.ts","sourceRoot":"","sources":["../src/tx.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAsB,KAAK,OAAO,EAAE,KAAK,GAAG,EAAE,MAAM,MAAM,CAAC;AAClE,OAAO,EAAS,KAAK,UAAU,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAEhD,0EAA0E;AAC1E,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6CvB,CAAC;AAEX,qEAAqE;AACrE,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,wFAAwF;AACxF,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,EAAE,MAAM,CAAC;CACvB;AASD,+EAA+E;AAC/E,wBAAgB,mBAAmB,CACjC,MAAM,EAAE,UAAU,EAClB,WAAW,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,UAAU,GACrC,WAAW,CAIb;AAED,4EAA4E;AAC5E,MAAM,WAAW,YAAY;IAC3B,EAAE,EAAE,OAAO,CAAC;IACZ,IAAI,EAAE,GAAG,CAAC;IACV,KAAK,EAAE,MAAM,CAAC;CACf;AAED,+CAA+C;AAC/C,wBAAgB,cAAc,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,MAAM,GAAG,YAAY,CAU5F;AAED,uFAAuF;AACvF,wBAAgB,eAAe,CAC7B,IAAI,EAAE,OAAO,EACb,KAAK,EAAE,aAAa,EACpB,OAAO,EAAE;IACP,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;CACvB,EACD,MAAM,EAAE,gBAAgB,GACvB,YAAY,CAmBd"}

package/dist/tx.js

@@ -0,0 +1,100 @@
+/**
+ * Deposit / withdraw transaction building for `OpaquePrivacyPool` and the random note
+ * generation behind a shielded deposit (spec/privacy-pool.md §5–§6).
+ */
+import { encodeFunctionData } from "viem";
+import { FIELD } from "./crypto.js";
+/** Minimal pool ABI for deposit + withdraw + the reads a client needs. */
+export const opaquePrivacyPoolAbi = [
+    {
+        type: "function",
+        name: "deposit",
+        stateMutability: "payable",
+        inputs: [{ name: "precommitment", type: "uint256" }],
+        outputs: [{ name: "commitment", type: "bytes32" }],
+    },
+    {
+        type: "function",
+        name: "withdraw",
+        stateMutability: "nonpayable",
+        inputs: [
+            { name: "a", type: "uint256[2]" },
+            { name: "b", type: "uint256[2][2]" },
+            { name: "c", type: "uint256[2]" },
+            { name: "withdrawnValue", type: "uint256" },
+            { name: "stateRoot", type: "uint256" },
+            { name: "nullifierHash", type: "uint256" },
+            { name: "newCommitment", type: "uint256" },
+            {
+                name: "params",
+                type: "tuple",
+                components: [
+                    { name: "recipient", type: "address" },
+                    { name: "feeRecipient", type: "address" },
+                    { name: "fee", type: "uint256" },
+                ],
+            },
+        ],
+        outputs: [],
+    },
+    { type: "function", name: "scope", stateMutability: "view", inputs: [], outputs: [{ type: "uint256" }] },
+    { type: "function", name: "aspRoot", stateMutability: "view", inputs: [], outputs: [{ type: "uint256" }] },
+    {
+        type: "function",
+        name: "context",
+        stateMutability: "view",
+        inputs: [{ name: "params", type: "tuple", components: [
+                    { name: "recipient", type: "address" },
+                    { name: "feeRecipient", type: "address" },
+                    { name: "fee", type: "uint256" },
+                ] }],
+        outputs: [{ type: "uint256" }],
+    },
+];
+/** A uniformly random field element from injected randomness. */
+function randomField(randomBytes) {
+    let x = 0n;
+    for (const byte of randomBytes(32))
+        x = (x << 8n) | BigInt(byte);
+    return x % FIELD;
+}
+/** Generate fresh `(nullifier, secret)` and the `precommitment` to deposit. */
+export function generateDepositNote(crypto, randomBytes) {
+    const nullifier = randomField(randomBytes);
+    const secret = randomField(randomBytes);
+    return { nullifier, secret, precommitment: crypto.precommitment(nullifier, secret) };
+}
+/** Build the `deposit(precommitment)` call. */
+export function buildDepositTx(pool, note, value) {
+    return {
+        to: pool,
+        data: encodeFunctionData({
+            abi: opaquePrivacyPoolAbi,
+            functionName: "deposit",
+            args: [note.precommitment],
+        }),
+        value,
+    };
+}
+/** Build the `withdraw(...)` calldata from a proof + public values + payout params. */
+export function buildWithdrawTx(pool, proof, publics, params) {
+    return {
+        to: pool,
+        data: encodeFunctionData({
+            abi: opaquePrivacyPoolAbi,
+            functionName: "withdraw",
+            args: [
+                proof.a,
+                proof.b,
+                proof.c,
+                publics.withdrawnValue,
+                publics.stateRoot,
+                publics.nullifierHash,
+                publics.newCommitment,
+                params,
+            ],
+        }),
+        value: 0n,
+    };
+}
+//# sourceMappingURL=tx.js.map

package/dist/tx.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tx.js","sourceRoot":"","sources":["../src/tx.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,kBAAkB,EAA0B,MAAM,MAAM,CAAC;AAClE,OAAO,EAAE,KAAK,EAAmB,MAAM,aAAa,CAAC;AAGrD,0EAA0E;AAC1E,MAAM,CAAC,MAAM,oBAAoB,GAAG;IAClC;QACE,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,SAAS;QACf,eAAe,EAAE,SAAS;QAC1B,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QACpD,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;KACnD;IACD;QACE,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,UAAU;QAChB,eAAe,EAAE,YAAY;QAC7B,MAAM,EAAE;YACN,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE;YACjC,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,eAAe,EAAE;YACpC,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,YAAY,EAAE;YACjC,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,SAAS,EAAE;YAC3C,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE;YACtC,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,SAAS,EAAE;YAC1C,EAAE,IAAI,EAAE,eAAe,EAAE,IAAI,EAAE,SAAS,EAAE;YAC1C;gBACE,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE;oBACV,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE;oBACtC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,SAAS,EAAE;oBACzC,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE;iBACjC;aACF;SACF;QACD,OAAO,EAAE,EAAE;KACZ;IACD,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE;IACxG,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,eAAe,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE;IAC1G;QACE,IAAI,EAAE,UAAU;QAChB,IAAI,EAAE,SAAS;QACf,eAAe,EAAE,MAAM;QACvB,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE;oBACpD,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE;oBACtC,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,SAAS,EAAE;oBACzC,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE;iBACjC,EAAE,CAAC;QACJ,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;KAC/B;CACO,CAAC;AAgBX,iEAAiE;AACjE,SAAS,WAAW,CAAC,WAAsC;IACzD,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,EAAE,CAAC;QAAE,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IACjE,OAAO,CAAC,GAAG,KAAK,CAAC;AACnB,CAAC;AAED,+EAA+E;AAC/E,MAAM,UAAU,mBAAmB,CACjC,MAAkB,EAClB,WAAsC;IAEtC,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IAC3C,MAAM,MAAM,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IACxC,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,EAAE,MAAM,CAAC,aAAa,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,CAAC;AACvF,CAAC;AASD,+CAA+C;AAC/C,MAAM,UAAU,cAAc,CAAC,IAAa,EAAE,IAAiB,EAAE,KAAa;IAC5E,OAAO;QACL,EAAE,EAAE,IAAI;QACR,IAAI,EAAE,kBAAkB,CAAC;YACvB,GAAG,EAAE,oBAAoB;YACzB,YAAY,EAAE,SAAS;YACvB,IAAI,EAAE,CAAC,IAAI,CAAC,aAAa,CAAC;SAC3B,CAAC;QACF,KAAK;KACN,CAAC;AACJ,CAAC;AAED,uFAAuF;AACvF,MAAM,UAAU,eAAe,CAC7B,IAAa,EACb,KAAoB,EACpB,OAKC,EACD,MAAwB;IAExB,OAAO;QACL,EAAE,EAAE,IAAI;QACR,IAAI,EAAE,kBAAkB,CAAC;YACvB,GAAG,EAAE,oBAAoB;YACzB,YAAY,EAAE,UAAU;YACxB,IAAI,EAAE;gBACJ,KAAK,CAAC,CAAC;gBACP,KAAK,CAAC,CAAC;gBACP,KAAK,CAAC,CAAC;gBACP,OAAO,CAAC,cAAc;gBACtB,OAAO,CAAC,SAAS;gBACjB,OAAO,CAAC,aAAa;gBACrB,OAAO,CAAC,aAAa;gBACrB,MAAM;aACP;SACF,CAAC;QACF,KAAK,EAAE,EAAE;KACV,CAAC;AACJ,CAAC"}

package/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "@opaquecash/privacy-pool",
+  "version": "0.2.0",
+  "description": "Privacy pool client: deposit commitments, Poseidon Merkle trees, withdrawal witness + Groth16 proof generation, and deposit/withdraw tx building (spec/privacy-pool.md)",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "clean": "rm -rf dist"
+  },
+  "dependencies": {
+    "@opaquecash/deployments": "0.2.0",
+    "circomlibjs": "^0.1.7",
+    "snarkjs": "^0.7.5",
+    "viem": "^2.21.0"
+  },
+  "sideEffects": false,
+  "license": "Apache-2.0",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/opaquecash/sdk.git",
+    "directory": "packages/privacy-pool"
+  },
+  "homepage": "https://docs.opaque.cash",
+  "publishConfig": {
+    "access": "public"
+  }
+}