@opaquecash/stealth-chain-solana 0.2.0

package/dist/registry.d.ts

@@ -0,0 +1,39 @@
+/**
+ * `StealthMetaAddressRegistry` (Solana) — PDA derivation, `register_keys` instruction
+ * building, and meta-address resolution. Mirrors the read/write surface of
+ * `@opaquecash/stealth-chain` (EVM) so both adapters expose the same shape.
+ */
+import { Connection, PublicKey, TransactionInstruction } from "@solana/web3.js";
+import type { Hex } from "@opaquecash/adapter";
+/**
+ * Derive the registry entry PDA for `(registrant, schemeId)`:
+ * `["stealth_meta", registrant, schemeId_le]`.
+ */
+export declare function getRegistryEntryPda(registryProgramId: PublicKey, registrant: PublicKey, schemeId?: bigint): PublicKey;
+/**
+ * Build a `register_keys` instruction. The caller (`registrant`) signs and pays; the app's
+ * wallet layer submits the resulting transaction.
+ */
+export declare function buildRegisterKeysInstruction(params: {
+    registryProgramId: PublicKey;
+    registrant: PublicKey;
+    /** 66-byte stealth meta-address (compressed V || S). */
+    stealthMetaAddress: Uint8Array;
+    schemeId?: bigint;
+}): TransactionInstruction;
+/** Decode the 66-byte meta-address out of raw `RegistryEntry` account data. */
+export declare function decodeRegistryEntryMetaAddress(data: Uint8Array): Hex | null;
+/**
+ * Resolve a registrant's 66-byte stealth meta-address via the registry PDA, or `null` when
+ * unregistered.
+ */
+export declare function resolveMetaAddress(connection: Connection, params: {
+    registryProgramId: PublicKey;
+    registrant: PublicKey | string;
+}): Promise<Hex | null>;
+/** Whether `registrant` has a stealth meta-address registered. */
+export declare function isRegistered(connection: Connection, params: {
+    registryProgramId: PublicKey;
+    registrant: PublicKey | string;
+}): Promise<boolean>;
+//# sourceMappingURL=registry.d.ts.map

package/dist/registry.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.d.ts","sourceRoot":"","sources":["../src/registry.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,UAAU,EACV,SAAS,EAET,sBAAsB,EACvB,MAAM,iBAAiB,CAAC;AACzB,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,qBAAqB,CAAC;AAe/C;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,iBAAiB,EAAE,SAAS,EAC5B,UAAU,EAAE,SAAS,EACrB,QAAQ,GAAE,MAA4B,GACrC,SAAS,CAUX;AAED;;;GAGG;AACH,wBAAgB,4BAA4B,CAAC,MAAM,EAAE;IACnD,iBAAiB,EAAE,SAAS,CAAC;IAC7B,UAAU,EAAE,SAAS,CAAC;IACtB,wDAAwD;IACxD,kBAAkB,EAAE,UAAU,CAAC;IAC/B,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB,GAAG,sBAAsB,CAqBzB;AAED,+EAA+E;AAC/E,wBAAgB,8BAA8B,CAAC,IAAI,EAAE,UAAU,GAAG,GAAG,GAAG,IAAI,CAO3E;AAED;;;GAGG;AACH,wBAAsB,kBAAkB,CACtC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE;IAAE,iBAAiB,EAAE,SAAS,CAAC;IAAC,UAAU,EAAE,SAAS,GAAG,MAAM,CAAA;CAAE,GACvE,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CASrB;AAED,kEAAkE;AAClE,wBAAsB,YAAY,CAChC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE;IAAE,iBAAiB,EAAE,SAAS,CAAC;IAAC,UAAU,EAAE,SAAS,GAAG,MAAM,CAAA;CAAE,GACvE,OAAO,CAAC,OAAO,CAAC,CAGlB"}

package/dist/registry.js

@@ -0,0 +1,69 @@
+/**
+ * `StealthMetaAddressRegistry` (Solana) — PDA derivation, `register_keys` instruction
+ * building, and meta-address resolution. Mirrors the read/write surface of
+ * `@opaquecash/stealth-chain` (EVM) so both adapters expose the same shape.
+ */
+import { PublicKey, SystemProgram, TransactionInstruction, } from "@solana/web3.js";
+import { bytesToHex, concatBytes, u64le, vecU8 } from "./bytes.js";
+import { REGISTER_KEYS_DISCRIMINATOR, REGISTRY_ENTRY_SEED, SCHEME_ID_SECP256K1, } from "./programs.js";
+/** Byte layout of a `RegistryEntry` account before the 66-byte meta-address. */
+const REGISTRY_ENTRY_META_OFFSET = 8 /* discriminator */ + 32 /* registrant pubkey */ + 8 /* scheme_id u64 */ + 4 /* vec len */;
+/** Length of a stealth meta-address (compressed V || compressed S). */
+const META_ADDRESS_LEN = 66;
+/**
+ * Derive the registry entry PDA for `(registrant, schemeId)`:
+ * `["stealth_meta", registrant, schemeId_le]`.
+ */
+export function getRegistryEntryPda(registryProgramId, registrant, schemeId = SCHEME_ID_SECP256K1) {
+    const [pda] = PublicKey.findProgramAddressSync([
+        new TextEncoder().encode(REGISTRY_ENTRY_SEED),
+        registrant.toBuffer(),
+        u64le(schemeId),
+    ], registryProgramId);
+    return pda;
+}
+/**
+ * Build a `register_keys` instruction. The caller (`registrant`) signs and pays; the app's
+ * wallet layer submits the resulting transaction.
+ */
+export function buildRegisterKeysInstruction(params) {
+    const schemeId = params.schemeId ?? SCHEME_ID_SECP256K1;
+    const data = concatBytes(REGISTER_KEYS_DISCRIMINATOR, u64le(schemeId), vecU8(params.stealthMetaAddress));
+    const registryEntryPda = getRegistryEntryPda(params.registryProgramId, params.registrant, schemeId);
+    return new TransactionInstruction({
+        programId: params.registryProgramId,
+        keys: [
+            { pubkey: registryEntryPda, isSigner: false, isWritable: true },
+            { pubkey: params.registrant, isSigner: true, isWritable: true },
+            { pubkey: SystemProgram.programId, isSigner: false, isWritable: false },
+        ],
+        data: Buffer.from(data),
+    });
+}
+/** Decode the 66-byte meta-address out of raw `RegistryEntry` account data. */
+export function decodeRegistryEntryMetaAddress(data) {
+    if (data.length < REGISTRY_ENTRY_META_OFFSET + META_ADDRESS_LEN)
+        return null;
+    const meta = data.slice(REGISTRY_ENTRY_META_OFFSET, REGISTRY_ENTRY_META_OFFSET + META_ADDRESS_LEN);
+    return ("0x" + bytesToHex(meta));
+}
+/**
+ * Resolve a registrant's 66-byte stealth meta-address via the registry PDA, or `null` when
+ * unregistered.
+ */
+export async function resolveMetaAddress(connection, params) {
+    const registrant = typeof params.registrant === "string"
+        ? new PublicKey(params.registrant)
+        : params.registrant;
+    const pda = getRegistryEntryPda(params.registryProgramId, registrant);
+    const info = await connection.getAccountInfo(pda);
+    if (!info?.data)
+        return null;
+    return decodeRegistryEntryMetaAddress(new Uint8Array(info.data));
+}
+/** Whether `registrant` has a stealth meta-address registered. */
+export async function isRegistered(connection, params) {
+    const meta = await resolveMetaAddress(connection, params);
+    return meta != null && meta.length === 2 + META_ADDRESS_LEN * 2;
+}
+//# sourceMappingURL=registry.js.map

package/dist/registry.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"registry.js","sourceRoot":"","sources":["../src/registry.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAEL,SAAS,EACT,aAAa,EACb,sBAAsB,GACvB,MAAM,iBAAiB,CAAC;AAEzB,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AACnE,OAAO,EACL,2BAA2B,EAC3B,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,eAAe,CAAC;AAEvB,gFAAgF;AAChF,MAAM,0BAA0B,GAC9B,CAAC,CAAC,mBAAmB,GAAG,EAAE,CAAC,uBAAuB,GAAG,CAAC,CAAC,mBAAmB,GAAG,CAAC,CAAC,aAAa,CAAC;AAE/F,uEAAuE;AACvE,MAAM,gBAAgB,GAAG,EAAE,CAAC;AAE5B;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CACjC,iBAA4B,EAC5B,UAAqB,EACrB,WAAmB,mBAAmB;IAEtC,MAAM,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,sBAAsB,CAC5C;QACE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,mBAAmB,CAAC;QAC7C,UAAU,CAAC,QAAQ,EAAE;QACrB,KAAK,CAAC,QAAQ,CAAC;KAChB,EACD,iBAAiB,CAClB,CAAC;IACF,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,4BAA4B,CAAC,MAM5C;IACC,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,mBAAmB,CAAC;IACxD,MAAM,IAAI,GAAG,WAAW,CACtB,2BAA2B,EAC3B,KAAK,CAAC,QAAQ,CAAC,EACf,KAAK,CAAC,MAAM,CAAC,kBAAkB,CAAC,CACjC,CAAC;IACF,MAAM,gBAAgB,GAAG,mBAAmB,CAC1C,MAAM,CAAC,iBAAiB,EACxB,MAAM,CAAC,UAAU,EACjB,QAAQ,CACT,CAAC;IACF,OAAO,IAAI,sBAAsB,CAAC;QAChC,SAAS,EAAE,MAAM,CAAC,iBAAiB;QACnC,IAAI,EAAE;YACJ,EAAE,MAAM,EAAE,gBAAgB,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE;YAC/D,EAAE,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE;YAC/D,EAAE,MAAM,EAAE,aAAa,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE;SACxE;QACD,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;KACxB,CAAC,CAAC;AACL,CAAC;AAED,+EAA+E;AAC/E,MAAM,UAAU,8BAA8B,CAAC,IAAgB;IAC7D,IAAI,IAAI,CAAC,MAAM,GAAG,0BAA0B,GAAG,gBAAgB;QAAE,OAAO,IAAI,CAAC;IAC7E,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CACrB,0BAA0B,EAC1B,0BAA0B,GAAG,gBAAgB,CAC9C,CAAC;IACF,OAAO,CAAC,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,CAAQ,CAAC;AAC1C,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,UAAsB,EACtB,MAAwE;IAExE,MAAM,UAAU,GACd,OAAO,MAAM,CAAC,UAAU,KAAK,QAAQ;QACnC,CAAC,CAAC,IAAI,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC;QAClC,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;IACxB,MAAM,GAAG,GAAG,mBAAmB,CAAC,MAAM,CAAC,iBAAiB,EAAE,UAAU,CAAC,CAAC;IACtE,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;IAClD,IAAI,CAAC,IAAI,EAAE,IAAI;QAAE,OAAO,IAAI,CAAC;IAC7B,OAAO,8BAA8B,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;AACnE,CAAC;AAED,kEAAkE;AAClE,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,UAAsB,EACtB,MAAwE;IAExE,MAAM,IAAI,GAAG,MAAM,kBAAkB,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,IAAI,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,GAAG,gBAAgB,GAAG,CAAC,CAAC;AAClE,CAAC"}

package/dist/relay.d.ts

@@ -0,0 +1,71 @@
+/**
+ * `StealthAddressAnnouncer::announce_with_relay` (Solana) — cross-chain announcements over the
+ * Universal Announcement Bus. Emits the local `Announcement` AND publishes the 96-byte cross-chain
+ * payload (`spec/payload-format.md`) through the Wormhole Core Bridge via CPI.
+ *
+ * The Solana counterpart to `@opaquecash/uab`'s EVM `announceWithRelay`. Unlike the EVM path there
+ * is no `consistencyLevel` arg; the program takes a Wormhole `batch_id` (nonce) and the current
+ * `wormhole_fee` (lamports; 0 on devnet). The `wormhole_message` account is a fresh signer the
+ * caller must co-sign with — use {@link buildAnnounceWithRelay} to mint one alongside the
+ * instruction.
+ *
+ * Account order (IDL-authoritative, `solana/target/idl/stealth_announcer.json`):
+ * `caller(s,w)`, `wormhole_emitter` (PDA `["emitter"]` of the announcer), `wormhole_config`
+ * (PDA `["Bridge"]` of the core), `wormhole_fee_collector` (PDA `["fee_collector"]`),
+ * `wormhole_sequence` (PDA `["Sequence", emitter]`), `wormhole_message(s,w)`, `wormhole_program`,
+ * clock, rent, system_program.
+ */
+import { Connection, Keypair, PublicKey, TransactionInstruction } from "@solana/web3.js";
+/** Derive this announcer program's Wormhole emitter PDA (`["emitter"]`). */
+export declare function deriveWormholeEmitterPda(announcerProgramId: PublicKey): PublicKey;
+/** Derive the Wormhole Core Bridge config PDA (`["Bridge"]`). */
+export declare function deriveWormholeConfigPda(wormholeCore: PublicKey): PublicKey;
+/** Derive the Wormhole Core Bridge fee-collector PDA (`["fee_collector"]`). */
+export declare function deriveWormholeFeeCollectorPda(wormholeCore: PublicKey): PublicKey;
+/** Derive the per-emitter Wormhole sequence PDA (`["Sequence", emitter]`). */
+export declare function deriveWormholeSequencePda(wormholeCore: PublicKey, emitter: PublicKey): PublicKey;
+/**
+ * Read the current Wormhole message fee (lamports) from the core bridge config account. Returns
+ * `0n` when the account is missing or too short (devnet charges no fee). Pass the result as
+ * {@link AnnounceWithRelayInstructionParams.wormholeFee}.
+ */
+export declare function fetchWormholeMessageFee(connection: Connection, wormholeCore: PublicKey): Promise<bigint>;
+/** Parameters for {@link buildAnnounceWithRelayInstruction}. */
+export interface AnnounceWithRelayInstructionParams {
+    announcerProgramId: PublicKey;
+    /** Wormhole Core Bridge program id (from the {@link import("./programs.js").SolanaDeployment}). */
+    wormholeCore: PublicKey;
+    /** Signs and pays; on-chain `caller` of the announcement. */
+    caller: PublicKey;
+    /** Fresh ephemeral message account (signer + writable); use {@link buildAnnounceWithRelay} to mint. */
+    wormholeMessage: PublicKey;
+    /** Stealth address bytes (1..=32; Opaque uses the 20-byte EVM-style address). */
+    stealthAddress: Uint8Array;
+    /** 33-byte compressed secp256k1 ephemeral public key. */
+    ephemeralPubKey: Uint8Array;
+    /** Metadata; `metadata[0]` MUST be the view tag (<= 24 bytes for the cross-chain budget). */
+    metadata: Uint8Array;
+    schemeId?: bigint;
+    /** Wormhole nonce / batch id (default 0). */
+    batchId?: number;
+    /** Wormhole message fee in lamports (default 0; devnet is 0). See {@link fetchWormholeMessageFee}. */
+    wormholeFee?: bigint;
+}
+/**
+ * Build an `announce_with_relay` instruction. The `caller` AND the `wormholeMessage` account must
+ * both sign the transaction (the message account is consumed by the core bridge `post_message`
+ * CPI). Prefer {@link buildAnnounceWithRelay}, which mints the message keypair for you.
+ */
+export declare function buildAnnounceWithRelayInstruction(params: AnnounceWithRelayInstructionParams): TransactionInstruction;
+/** An `announce_with_relay` instruction plus the ephemeral message keypair that must co-sign. */
+export interface AnnounceWithRelayBuild {
+    instruction: TransactionInstruction;
+    /** Fresh Wormhole message account; add to the transaction's signers alongside the caller. */
+    messageKeypair: Keypair;
+}
+/**
+ * Mint a fresh Wormhole message keypair and build the `announce_with_relay` instruction against it.
+ * The returned `messageKeypair` MUST be included as an additional signer when sending the tx.
+ */
+export declare function buildAnnounceWithRelay(params: Omit<AnnounceWithRelayInstructionParams, "wormholeMessage">): AnnounceWithRelayBuild;
+//# sourceMappingURL=relay.d.ts.map

package/dist/relay.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"relay.d.ts","sourceRoot":"","sources":["../src/relay.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EACL,UAAU,EACV,OAAO,EACP,SAAS,EAIT,sBAAsB,EACvB,MAAM,iBAAiB,CAAC;AAiBzB,4EAA4E;AAC5E,wBAAgB,wBAAwB,CAAC,kBAAkB,EAAE,SAAS,GAAG,SAAS,CAEjF;AAED,iEAAiE;AACjE,wBAAgB,uBAAuB,CAAC,YAAY,EAAE,SAAS,GAAG,SAAS,CAE1E;AAED,+EAA+E;AAC/E,wBAAgB,6BAA6B,CAAC,YAAY,EAAE,SAAS,GAAG,SAAS,CAEhF;AAED,8EAA8E;AAC9E,wBAAgB,yBAAyB,CACvC,YAAY,EAAE,SAAS,EACvB,OAAO,EAAE,SAAS,GACjB,SAAS,CAKX;AAED;;;;GAIG;AACH,wBAAsB,uBAAuB,CAC3C,UAAU,EAAE,UAAU,EACtB,YAAY,EAAE,SAAS,GACtB,OAAO,CAAC,MAAM,CAAC,CASjB;AAED,gEAAgE;AAChE,MAAM,WAAW,kCAAkC;IACjD,kBAAkB,EAAE,SAAS,CAAC;IAC9B,mGAAmG;IACnG,YAAY,EAAE,SAAS,CAAC;IACxB,6DAA6D;IAC7D,MAAM,EAAE,SAAS,CAAC;IAClB,uGAAuG;IACvG,eAAe,EAAE,SAAS,CAAC;IAC3B,iFAAiF;IACjF,cAAc,EAAE,UAAU,CAAC;IAC3B,yDAAyD;IACzD,eAAe,EAAE,UAAU,CAAC;IAC5B,6FAA6F;IAC7F,QAAQ,EAAE,UAAU,CAAC;IACrB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6CAA6C;IAC7C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,sGAAsG;IACtG,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;GAIG;AACH,wBAAgB,iCAAiC,CAC/C,MAAM,EAAE,kCAAkC,GACzC,sBAAsB,CAiCxB;AAED,iGAAiG;AACjG,MAAM,WAAW,sBAAsB;IACrC,WAAW,EAAE,sBAAsB,CAAC;IACpC,6FAA6F;IAC7F,cAAc,EAAE,OAAO,CAAC;CACzB;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,IAAI,CAAC,kCAAkC,EAAE,iBAAiB,CAAC,GAClE,sBAAsB,CAOxB"}

package/dist/relay.js

@@ -0,0 +1,102 @@
+/**
+ * `StealthAddressAnnouncer::announce_with_relay` (Solana) — cross-chain announcements over the
+ * Universal Announcement Bus. Emits the local `Announcement` AND publishes the 96-byte cross-chain
+ * payload (`spec/payload-format.md`) through the Wormhole Core Bridge via CPI.
+ *
+ * The Solana counterpart to `@opaquecash/uab`'s EVM `announceWithRelay`. Unlike the EVM path there
+ * is no `consistencyLevel` arg; the program takes a Wormhole `batch_id` (nonce) and the current
+ * `wormhole_fee` (lamports; 0 on devnet). The `wormhole_message` account is a fresh signer the
+ * caller must co-sign with — use {@link buildAnnounceWithRelay} to mint one alongside the
+ * instruction.
+ *
+ * Account order (IDL-authoritative, `solana/target/idl/stealth_announcer.json`):
+ * `caller(s,w)`, `wormhole_emitter` (PDA `["emitter"]` of the announcer), `wormhole_config`
+ * (PDA `["Bridge"]` of the core), `wormhole_fee_collector` (PDA `["fee_collector"]`),
+ * `wormhole_sequence` (PDA `["Sequence", emitter]`), `wormhole_message(s,w)`, `wormhole_program`,
+ * clock, rent, system_program.
+ */
+import { Keypair, PublicKey, SystemProgram, SYSVAR_CLOCK_PUBKEY, SYSVAR_RENT_PUBKEY, TransactionInstruction, } from "@solana/web3.js";
+import { concatBytes, u32le, u64le, vecU8 } from "./bytes.js";
+import { ANNOUNCE_WITH_RELAY_DISCRIMINATOR, SCHEME_ID_SECP256K1 } from "./programs.js";
+const EMITTER_SEED = new TextEncoder().encode("emitter");
+const BRIDGE_SEED = new TextEncoder().encode("Bridge");
+const FEE_COLLECTOR_SEED = new TextEncoder().encode("fee_collector");
+const SEQUENCE_SEED = new TextEncoder().encode("Sequence");
+/**
+ * Byte offset of the `fee` (u64 LE) field inside the Wormhole Core Bridge config ("Bridge" PDA)
+ * account. The core bridge is a native (non-Anchor) program, so there is no 8-byte discriminator:
+ * `guardian_set_index: u32 (4) || last_lamports: u64 (8) || guardian_set_expiration_time: u32 (4)`
+ * precede `fee: u64`, putting it at offset 16.
+ */
+const WORMHOLE_FEE_OFFSET = 16;
+/** Derive this announcer program's Wormhole emitter PDA (`["emitter"]`). */
+export function deriveWormholeEmitterPda(announcerProgramId) {
+    return PublicKey.findProgramAddressSync([EMITTER_SEED], announcerProgramId)[0];
+}
+/** Derive the Wormhole Core Bridge config PDA (`["Bridge"]`). */
+export function deriveWormholeConfigPda(wormholeCore) {
+    return PublicKey.findProgramAddressSync([BRIDGE_SEED], wormholeCore)[0];
+}
+/** Derive the Wormhole Core Bridge fee-collector PDA (`["fee_collector"]`). */
+export function deriveWormholeFeeCollectorPda(wormholeCore) {
+    return PublicKey.findProgramAddressSync([FEE_COLLECTOR_SEED], wormholeCore)[0];
+}
+/** Derive the per-emitter Wormhole sequence PDA (`["Sequence", emitter]`). */
+export function deriveWormholeSequencePda(wormholeCore, emitter) {
+    return PublicKey.findProgramAddressSync([SEQUENCE_SEED, emitter.toBuffer()], wormholeCore)[0];
+}
+/**
+ * Read the current Wormhole message fee (lamports) from the core bridge config account. Returns
+ * `0n` when the account is missing or too short (devnet charges no fee). Pass the result as
+ * {@link AnnounceWithRelayInstructionParams.wormholeFee}.
+ */
+export async function fetchWormholeMessageFee(connection, wormholeCore) {
+    const config = deriveWormholeConfigPda(wormholeCore);
+    const info = await connection.getAccountInfo(config);
+    const data = info?.data;
+    if (!data || data.length < WORMHOLE_FEE_OFFSET + 8)
+        return 0n;
+    return new DataView(data.buffer, data.byteOffset + WORMHOLE_FEE_OFFSET, 8).getBigUint64(0, true);
+}
+/**
+ * Build an `announce_with_relay` instruction. The `caller` AND the `wormholeMessage` account must
+ * both sign the transaction (the message account is consumed by the core bridge `post_message`
+ * CPI). Prefer {@link buildAnnounceWithRelay}, which mints the message keypair for you.
+ */
+export function buildAnnounceWithRelayInstruction(params) {
+    const schemeId = params.schemeId ?? SCHEME_ID_SECP256K1;
+    const emitter = deriveWormholeEmitterPda(params.announcerProgramId);
+    const config = deriveWormholeConfigPda(params.wormholeCore);
+    const feeCollector = deriveWormholeFeeCollectorPda(params.wormholeCore);
+    const sequence = deriveWormholeSequencePda(params.wormholeCore, emitter);
+    const data = concatBytes(ANNOUNCE_WITH_RELAY_DISCRIMINATOR, u64le(schemeId), vecU8(params.stealthAddress), vecU8(params.ephemeralPubKey), vecU8(params.metadata), u32le(params.batchId ?? 0), u64le(params.wormholeFee ?? 0n));
+    return new TransactionInstruction({
+        programId: params.announcerProgramId,
+        keys: [
+            { pubkey: params.caller, isSigner: true, isWritable: true },
+            { pubkey: emitter, isSigner: false, isWritable: false },
+            { pubkey: config, isSigner: false, isWritable: true },
+            { pubkey: feeCollector, isSigner: false, isWritable: true },
+            { pubkey: sequence, isSigner: false, isWritable: true },
+            { pubkey: params.wormholeMessage, isSigner: true, isWritable: true },
+            { pubkey: params.wormholeCore, isSigner: false, isWritable: false },
+            { pubkey: SYSVAR_CLOCK_PUBKEY, isSigner: false, isWritable: false },
+            { pubkey: SYSVAR_RENT_PUBKEY, isSigner: false, isWritable: false },
+            { pubkey: SystemProgram.programId, isSigner: false, isWritable: false },
+        ],
+        data: Buffer.from(data),
+    });
+}
+/**
+ * Mint a fresh Wormhole message keypair and build the `announce_with_relay` instruction against it.
+ * The returned `messageKeypair` MUST be included as an additional signer when sending the tx.
+ */
+export function buildAnnounceWithRelay(params) {
+    const messageKeypair = Keypair.generate();
+    const instruction = buildAnnounceWithRelayInstruction({
+        ...params,
+        wormholeMessage: messageKeypair.publicKey,
+    });
+    return { instruction, messageKeypair };
+}
+//# sourceMappingURL=relay.js.map

package/dist/relay.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"relay.js","sourceRoot":"","sources":["../src/relay.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAEL,OAAO,EACP,SAAS,EACT,aAAa,EACb,mBAAmB,EACnB,kBAAkB,EAClB,sBAAsB,GACvB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAC9D,OAAO,EAAE,iCAAiC,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AAEvF,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;AACzD,MAAM,WAAW,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AACvD,MAAM,kBAAkB,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;AACrE,MAAM,aAAa,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;AAE3D;;;;;GAKG;AACH,MAAM,mBAAmB,GAAG,EAAE,CAAC;AAE/B,4EAA4E;AAC5E,MAAM,UAAU,wBAAwB,CAAC,kBAA6B;IACpE,OAAO,SAAS,CAAC,sBAAsB,CAAC,CAAC,YAAY,CAAC,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC;AACjF,CAAC;AAED,iEAAiE;AACjE,MAAM,UAAU,uBAAuB,CAAC,YAAuB;IAC7D,OAAO,SAAS,CAAC,sBAAsB,CAAC,CAAC,WAAW,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1E,CAAC;AAED,+EAA+E;AAC/E,MAAM,UAAU,6BAA6B,CAAC,YAAuB;IACnE,OAAO,SAAS,CAAC,sBAAsB,CAAC,CAAC,kBAAkB,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;AACjF,CAAC;AAED,8EAA8E;AAC9E,MAAM,UAAU,yBAAyB,CACvC,YAAuB,EACvB,OAAkB;IAElB,OAAO,SAAS,CAAC,sBAAsB,CACrC,CAAC,aAAa,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,EACnC,YAAY,CACb,CAAC,CAAC,CAAC,CAAC;AACP,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,UAAsB,EACtB,YAAuB;IAEvB,MAAM,MAAM,GAAG,uBAAuB,CAAC,YAAY,CAAC,CAAC;IACrD,MAAM,IAAI,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;IACrD,MAAM,IAAI,GAAG,IAAI,EAAE,IAAI,CAAC;IACxB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,mBAAmB,GAAG,CAAC;QAAE,OAAO,EAAE,CAAC;IAC9D,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,UAAU,GAAG,mBAAmB,EAAE,CAAC,CAAC,CAAC,YAAY,CACrF,CAAC,EACD,IAAI,CACL,CAAC;AACJ,CAAC;AAwBD;;;;GAIG;AACH,MAAM,UAAU,iCAAiC,CAC/C,MAA0C;IAE1C,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,mBAAmB,CAAC;IACxD,MAAM,OAAO,GAAG,wBAAwB,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;IACpE,MAAM,MAAM,GAAG,uBAAuB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC5D,MAAM,YAAY,GAAG,6BAA6B,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACxE,MAAM,QAAQ,GAAG,yBAAyB,CAAC,MAAM,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAEzE,MAAM,IAAI,GAAG,WAAW,CACtB,iCAAiC,EACjC,KAAK,CAAC,QAAQ,CAAC,EACf,KAAK,CAAC,MAAM,CAAC,cAAc,CAAC,EAC5B,KAAK,CAAC,MAAM,CAAC,eAAe,CAAC,EAC7B,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,EACtB,KAAK,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,CAAC,EAC1B,KAAK,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC,CAChC,CAAC;IAEF,OAAO,IAAI,sBAAsB,CAAC;QAChC,SAAS,EAAE,MAAM,CAAC,kBAAkB;QACpC,IAAI,EAAE;YACJ,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE;YAC3D,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE;YACvD,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE;YACrD,EAAE,MAAM,EAAE,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE;YAC3D,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE;YACvD,EAAE,MAAM,EAAE,MAAM,CAAC,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE;YACpE,EAAE,MAAM,EAAE,MAAM,CAAC,YAAY,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE;YACnE,EAAE,MAAM,EAAE,mBAAmB,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE;YACnE,EAAE,MAAM,EAAE,kBAAkB,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE;YAClE,EAAE,MAAM,EAAE,aAAa,CAAC,SAAS,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE;SACxE;QACD,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;KACxB,CAAC,CAAC;AACL,CAAC;AASD;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CACpC,MAAmE;IAEnE,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAC1C,MAAM,WAAW,GAAG,iCAAiC,CAAC;QACpD,GAAG,MAAM;QACT,eAAe,EAAE,cAAc,CAAC,SAAS;KAC1C,CAAC,CAAC;IACH,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,CAAC;AACzC,CAAC"}

package/dist/sns.d.ts

@@ -0,0 +1,16 @@
+/**
+ * SNS (Solana Name Service) reads for ONS resolution path 3 (spec/ONS.md §7): an
+ * existing `.sol` domain publishes its CSAP meta-address in an SNS **Records V2**
+ * TXT record (CSAP §2.9 — the value is the `st:opq:`-prefixed / raw-hex 66-byte
+ * serialisation, self-describing so it coexists with other TXT uses).
+ */
+import { Connection } from "@solana/web3.js";
+/** Strip a trailing `.sol` and lowercase: `"Bob.sol"` → `"bob"`. */
+export declare function snsDomainName(input: string): string;
+/**
+ * Read the TXT Records V2 content of a `.sol` domain (`"bob.sol"` or `"bob"`),
+ * or `null` when the domain or record does not exist. The caller validates the
+ * value as a meta-address (CSAP §2.9 point validation).
+ */
+export declare function fetchSnsTxtRecord(connection: Connection, domain: string): Promise<string | null>;
+//# sourceMappingURL=sns.d.ts.map

package/dist/sns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sns.d.ts","sourceRoot":"","sources":["../src/sns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,iBAAiB,CAAC;AAgC7C,oEAAoE;AACpE,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAEnD;AAED;;;;GAIG;AACH,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CASxB"}

package/dist/sns.js

@@ -0,0 +1,38 @@
+/**
+ * SNS (Solana Name Service) reads for ONS resolution path 3 (spec/ONS.md §7): an
+ * existing `.sol` domain publishes its CSAP meta-address in an SNS **Records V2**
+ * TXT record (CSAP §2.9 — the value is the `st:opq:`-prefixed / raw-hex 66-byte
+ * serialisation, self-describing so it coexists with other TXT uses).
+ */
+let bonfidaPromise;
+function loadBonfida() {
+    bonfidaPromise ??= import("@bonfida/spl-name-service")
+        .then((m) => m)
+        .catch(async () => {
+        const { createRequire } = await import("node:module");
+        const require = createRequire(import.meta.url);
+        return require("@bonfida/spl-name-service");
+    });
+    return bonfidaPromise;
+}
+/** Strip a trailing `.sol` and lowercase: `"Bob.sol"` → `"bob"`. */
+export function snsDomainName(input) {
+    return input.toLowerCase().replace(/\.sol$/, "");
+}
+/**
+ * Read the TXT Records V2 content of a `.sol` domain (`"bob.sol"` or `"bob"`),
+ * or `null` when the domain or record does not exist. The caller validates the
+ * value as a meta-address (CSAP §2.9 point validation).
+ */
+export async function fetchSnsTxtRecord(connection, domain) {
+    const bonfida = await loadBonfida();
+    try {
+        const res = await bonfida.getRecordV2(connection, snsDomainName(domain), bonfida.Record.TXT);
+        const content = res.retrievedRecord.getContent();
+        return bonfida.deserializeRecordV2Content(content, bonfida.Record.TXT);
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=sns.js.map

package/dist/sns.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sns.js","sourceRoot":"","sources":["../src/sns.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAqBH,IAAI,cAAqD,CAAC;AAE1D,SAAS,WAAW;IAClB,cAAc,KAAK,MAAM,CAAC,2BAA2B,CAAC;SACnD,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAgC,CAAC;SAC7C,KAAK,CAAC,KAAK,IAAI,EAAE;QAChB,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACtD,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC/C,OAAO,OAAO,CAAC,2BAA2B,CAAqB,CAAC;IAClE,CAAC,CAAC,CAAC;IACL,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,oEAAoE;AACpE,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,OAAO,KAAK,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;AACnD,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,UAAsB,EACtB,MAAc;IAEd,MAAM,OAAO,GAAG,MAAM,WAAW,EAAE,CAAC;IACpC,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,UAAU,EAAE,aAAa,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7F,MAAM,OAAO,GAAG,GAAG,CAAC,eAAe,CAAC,UAAU,EAAE,CAAC;QACjD,OAAO,OAAO,CAAC,0BAA0B,CAAC,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/stealth.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Deterministic one-time Solana destinations for stealth funds.
+ *
+ * The DKSAP stealth point is a secp256k1 key (shared with Ethereum), but Solana accounts are
+ * ed25519. Sender and recipient — who can both reconstruct the same stealth secp256k1 point —
+ * derive the same ed25519 Solana keypair via `Keypair.fromSeed(sha256("opaque-solana-stealth-v1"
+ * || uncompressedStealthPubKey))`. This agrees on the destination without leaking linkage to the
+ * recipient's main wallet. Ported from `solana/frontend/src/lib/stealth.ts`.
+ */
+import { Keypair } from "@solana/web3.js";
+/** Derive the deterministic Solana keypair from the uncompressed (65-byte) stealth pubkey. */
+export declare function deriveStealthSolanaKeypair(stealthPubKeyUncompressed: Uint8Array): Keypair;
+/** Base58 Solana address for the uncompressed stealth pubkey. */
+export declare function deriveStealthSolanaAddress(stealthPubKeyUncompressed: Uint8Array): string;
+/**
+ * Derive the deterministic Solana keypair from a reconstructed 32-byte secp256k1 stealth
+ * private key (recipient side).
+ */
+export declare function deriveStealthSolanaKeypairFromStealthPrivKey(stealthPrivKey: Uint8Array): Keypair;
+/** Base58 Solana address from a reconstructed 32-byte secp256k1 stealth private key. */
+export declare function deriveStealthSolanaAddressFromStealthPrivKey(stealthPrivKey: Uint8Array): string;
+//# sourceMappingURL=stealth.d.ts.map

package/dist/stealth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stealth.d.ts","sourceRoot":"","sources":["../src/stealth.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAO1C,8FAA8F;AAC9F,wBAAgB,0BAA0B,CACxC,yBAAyB,EAAE,UAAU,GACpC,OAAO,CAIT;AAED,iEAAiE;AACjE,wBAAgB,0BAA0B,CACxC,yBAAyB,EAAE,UAAU,GACpC,MAAM,CAER;AAED;;;GAGG;AACH,wBAAgB,4CAA4C,CAC1D,cAAc,EAAE,UAAU,GACzB,OAAO,CAGT;AAED,wFAAwF;AACxF,wBAAgB,4CAA4C,CAC1D,cAAc,EAAE,UAAU,GACzB,MAAM,CAGR"}

package/dist/stealth.js

@@ -0,0 +1,38 @@
+/**
+ * Deterministic one-time Solana destinations for stealth funds.
+ *
+ * The DKSAP stealth point is a secp256k1 key (shared with Ethereum), but Solana accounts are
+ * ed25519. Sender and recipient — who can both reconstruct the same stealth secp256k1 point —
+ * derive the same ed25519 Solana keypair via `Keypair.fromSeed(sha256("opaque-solana-stealth-v1"
+ * || uncompressedStealthPubKey))`. This agrees on the destination without leaking linkage to the
+ * recipient's main wallet. Ported from `solana/frontend/src/lib/stealth.ts`.
+ */
+import { Keypair } from "@solana/web3.js";
+import { secp256k1 } from "@noble/curves/secp256k1";
+import { sha256 } from "@noble/hashes/sha2";
+import { concatBytes } from "./bytes.js";
+const STEALTH_SOLANA_DOMAIN = "opaque-solana-stealth-v1";
+/** Derive the deterministic Solana keypair from the uncompressed (65-byte) stealth pubkey. */
+export function deriveStealthSolanaKeypair(stealthPubKeyUncompressed) {
+    const domain = new TextEncoder().encode(STEALTH_SOLANA_DOMAIN);
+    const seed = sha256(concatBytes(domain, stealthPubKeyUncompressed));
+    return Keypair.fromSeed(seed.slice(0, 32));
+}
+/** Base58 Solana address for the uncompressed stealth pubkey. */
+export function deriveStealthSolanaAddress(stealthPubKeyUncompressed) {
+    return deriveStealthSolanaKeypair(stealthPubKeyUncompressed).publicKey.toBase58();
+}
+/**
+ * Derive the deterministic Solana keypair from a reconstructed 32-byte secp256k1 stealth
+ * private key (recipient side).
+ */
+export function deriveStealthSolanaKeypairFromStealthPrivKey(stealthPrivKey) {
+    const uncompressed = secp256k1.getPublicKey(stealthPrivKey, false);
+    return deriveStealthSolanaKeypair(uncompressed);
+}
+/** Base58 Solana address from a reconstructed 32-byte secp256k1 stealth private key. */
+export function deriveStealthSolanaAddressFromStealthPrivKey(stealthPrivKey) {
+    const uncompressed = secp256k1.getPublicKey(stealthPrivKey, false);
+    return deriveStealthSolanaAddress(uncompressed);
+}
+//# sourceMappingURL=stealth.js.map

package/dist/stealth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stealth.js","sourceRoot":"","sources":["../src/stealth.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,iBAAiB,CAAC;AAC1C,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEzC,MAAM,qBAAqB,GAAG,0BAA0B,CAAC;AAEzD,8FAA8F;AAC9F,MAAM,UAAU,0BAA0B,CACxC,yBAAqC;IAErC,MAAM,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAC;IAC/D,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,EAAE,yBAAyB,CAAC,CAAC,CAAC;IACpE,OAAO,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AAC7C,CAAC;AAED,iEAAiE;AACjE,MAAM,UAAU,0BAA0B,CACxC,yBAAqC;IAErC,OAAO,0BAA0B,CAAC,yBAAyB,CAAC,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC;AACpF,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,4CAA4C,CAC1D,cAA0B;IAE1B,MAAM,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACnE,OAAO,0BAA0B,CAAC,YAAY,CAAC,CAAC;AAClD,CAAC;AAED,wFAAwF;AACxF,MAAM,UAAU,4CAA4C,CAC1D,cAA0B;IAE1B,MAAM,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;IACnE,OAAO,0BAA0B,CAAC,YAAY,CAAC,CAAC;AAClD,CAAC"}

package/dist/sweep.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Sweep native SOL out of a one-time stealth account. The derived stealth keypair signs and
+ * pays its own fee, so the on-chain `from` is the stealth address itself (preserving
+ * unlinkability). Ported from `solana/frontend/src/lib/stealthLifecycle.ts`.
+ */
+import { Connection, Keypair, PublicKey, Transaction, type Finality } from "@solana/web3.js";
+/** A prepared full-balance sweep (transaction not yet signed/sent). */
+export interface StealthSweepPlan {
+    transaction: Transaction;
+    fromPubkey: PublicKey;
+    destination: PublicKey;
+    balanceLamports: bigint;
+    feeLamports: bigint;
+    sweepLamports: bigint;
+}
+/**
+ * Build a full-balance sweep transaction: balance minus the network fee, transferred to
+ * `destination`. Reads balance, blockhash, and the exact fee from the RPC.
+ */
+export declare function buildStealthSweepTransaction(connection: Connection, params: {
+    stealthKeypair?: Keypair;
+    /** 32-byte secp256k1 stealth private key (derives the Solana keypair). */
+    stealthPrivKey?: Uint8Array;
+    destination: PublicKey | string;
+    commitment?: Finality;
+}): Promise<StealthSweepPlan>;
+/**
+ * Sweep the full SOL balance of a stealth account to `destination`, signed by the stealth
+ * keypair. Returns the confirmed signature plus the swept/fee amounts.
+ */
+export declare function sweepStealthSol(connection: Connection, params: {
+    stealthKeypair?: Keypair;
+    stealthPrivKey?: Uint8Array;
+    destination: PublicKey | string;
+    commitment?: Finality;
+}): Promise<{
+    signature: string;
+    sweepLamports: bigint;
+    feeLamports: bigint;
+}>;
+//# sourceMappingURL=sweep.d.ts.map

package/dist/sweep.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sweep.d.ts","sourceRoot":"","sources":["../src/sweep.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EACL,UAAU,EACV,OAAO,EACP,SAAS,EAET,WAAW,EAEX,KAAK,QAAQ,EACd,MAAM,iBAAiB,CAAC;AAMzB,uEAAuE;AACvE,MAAM,WAAW,gBAAgB;IAC/B,WAAW,EAAE,WAAW,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,WAAW,EAAE,SAAS,CAAC;IACvB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;CACvB;AAiBD;;;GAGG;AACH,wBAAsB,4BAA4B,CAChD,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE;IACN,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,0EAA0E;IAC1E,cAAc,CAAC,EAAE,UAAU,CAAC;IAC5B,WAAW,EAAE,SAAS,GAAG,MAAM,CAAC;IAChC,UAAU,CAAC,EAAE,QAAQ,CAAC;CACvB,GACA,OAAO,CAAC,gBAAgB,CAAC,CA+C3B;AAED;;;GAGG;AACH,wBAAsB,eAAe,CACnC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE;IACN,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,cAAc,CAAC,EAAE,UAAU,CAAC;IAC5B,WAAW,EAAE,SAAS,GAAG,MAAM,CAAC;IAChC,UAAU,CAAC,EAAE,QAAQ,CAAC;CACvB,GACA,OAAO,CAAC;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CAAC,CAc5E"}

package/dist/sweep.js

@@ -0,0 +1,76 @@
+/**
+ * Sweep native SOL out of a one-time stealth account. The derived stealth keypair signs and
+ * pays its own fee, so the on-chain `from` is the stealth address itself (preserving
+ * unlinkability). Ported from `solana/frontend/src/lib/stealthLifecycle.ts`.
+ */
+import { PublicKey, SystemProgram, Transaction, sendAndConfirmTransaction, } from "@solana/web3.js";
+import { deriveStealthSolanaKeypairFromStealthPrivKey } from "./stealth.js";
+/** Fallback per-signature fee (lamports) if `getFeeForMessage` returns null. */
+const DEFAULT_FEE_LAMPORTS = 5000;
+function resolveStealthKeypair(input) {
+    if (input.stealthKeypair)
+        return input.stealthKeypair;
+    if (input.stealthPrivKey) {
+        return deriveStealthSolanaKeypairFromStealthPrivKey(input.stealthPrivKey);
+    }
+    throw new Error("sweep requires stealthKeypair or stealthPrivKey");
+}
+function toPubkey(v) {
+    return typeof v === "string" ? new PublicKey(v.trim()) : v;
+}
+/**
+ * Build a full-balance sweep transaction: balance minus the network fee, transferred to
+ * `destination`. Reads balance, blockhash, and the exact fee from the RPC.
+ */
+export async function buildStealthSweepTransaction(connection, params) {
+    const commitment = params.commitment ?? "confirmed";
+    const stealthKeypair = resolveStealthKeypair(params);
+    const fromPubkey = stealthKeypair.publicKey;
+    const destination = toPubkey(params.destination);
+    const balanceLamports = BigInt(await connection.getBalance(fromPubkey, commitment));
+    if (balanceLamports <= 0n) {
+        throw new Error("Stealth address has zero balance.");
+    }
+    const { blockhash } = await connection.getLatestBlockhash(commitment);
+    const probe = new Transaction({ feePayer: fromPubkey, recentBlockhash: blockhash }).add(SystemProgram.transfer({ fromPubkey, toPubkey: destination, lamports: 1 }));
+    const feeResult = await connection.getFeeForMessage(probe.compileMessage(), commitment);
+    const feeLamports = BigInt(feeResult.value ?? DEFAULT_FEE_LAMPORTS);
+    if (balanceLamports <= feeLamports) {
+        throw new Error(`Insufficient balance to cover network fee (balance ${balanceLamports}, fee ${feeLamports} lamports).`);
+    }
+    const sweepLamports = balanceLamports - feeLamports;
+    if (sweepLamports > BigInt(Number.MAX_SAFE_INTEGER)) {
+        throw new Error("Sweep amount too large to encode as JS-number lamports.");
+    }
+    const transaction = new Transaction({
+        feePayer: fromPubkey,
+        recentBlockhash: blockhash,
+    }).add(SystemProgram.transfer({
+        fromPubkey,
+        toPubkey: destination,
+        lamports: Number(sweepLamports),
+    }));
+    return {
+        transaction,
+        fromPubkey,
+        destination,
+        balanceLamports,
+        feeLamports,
+        sweepLamports,
+    };
+}
+/**
+ * Sweep the full SOL balance of a stealth account to `destination`, signed by the stealth
+ * keypair. Returns the confirmed signature plus the swept/fee amounts.
+ */
+export async function sweepStealthSol(connection, params) {
+    const stealthKeypair = resolveStealthKeypair(params);
+    const plan = await buildStealthSweepTransaction(connection, { ...params, stealthKeypair });
+    const signature = await sendAndConfirmTransaction(connection, plan.transaction, [stealthKeypair], { commitment: params.commitment ?? "confirmed" });
+    return {
+        signature,
+        sweepLamports: plan.sweepLamports,
+        feeLamports: plan.feeLamports,
+    };
+}
+//# sourceMappingURL=sweep.js.map

package/dist/sweep.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sweep.js","sourceRoot":"","sources":["../src/sweep.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAGL,SAAS,EACT,aAAa,EACb,WAAW,EACX,yBAAyB,GAE1B,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,4CAA4C,EAAE,MAAM,cAAc,CAAC;AAE5E,gFAAgF;AAChF,MAAM,oBAAoB,GAAG,IAAI,CAAC;AAYlC,SAAS,qBAAqB,CAAC,KAG9B;IACC,IAAI,KAAK,CAAC,cAAc;QAAE,OAAO,KAAK,CAAC,cAAc,CAAC;IACtD,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;QACzB,OAAO,4CAA4C,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IAC5E,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;AACrE,CAAC;AAED,SAAS,QAAQ,CAAC,CAAqB;IACrC,OAAO,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAChD,UAAsB,EACtB,MAMC;IAED,MAAM,UAAU,GAAa,MAAM,CAAC,UAAU,IAAI,WAAW,CAAC;IAC9D,MAAM,cAAc,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,cAAc,CAAC,SAAS,CAAC;IAC5C,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAEjD,MAAM,eAAe,GAAG,MAAM,CAAC,MAAM,UAAU,CAAC,UAAU,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;IACpF,IAAI,eAAe,IAAI,EAAE,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,EAAE,SAAS,EAAE,GAAG,MAAM,UAAU,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;IACtE,MAAM,KAAK,GAAG,IAAI,WAAW,CAAC,EAAE,QAAQ,EAAE,UAAU,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC,CAAC,GAAG,CACrF,aAAa,CAAC,QAAQ,CAAC,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAC3E,CAAC;IACF,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,gBAAgB,CAAC,KAAK,CAAC,cAAc,EAAE,EAAE,UAAU,CAAC,CAAC;IACxF,MAAM,WAAW,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,IAAI,oBAAoB,CAAC,CAAC;IAEpE,IAAI,eAAe,IAAI,WAAW,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CACb,sDAAsD,eAAe,SAAS,WAAW,aAAa,CACvG,CAAC;IACJ,CAAC;IACD,MAAM,aAAa,GAAG,eAAe,GAAG,WAAW,CAAC;IACpD,IAAI,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACpD,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;IAC7E,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC;QAClC,QAAQ,EAAE,UAAU;QACpB,eAAe,EAAE,SAAS;KAC3B,CAAC,CAAC,GAAG,CACJ,aAAa,CAAC,QAAQ,CAAC;QACrB,UAAU;QACV,QAAQ,EAAE,WAAW;QACrB,QAAQ,EAAE,MAAM,CAAC,aAAa,CAAC;KAChC,CAAC,CACH,CAAC;IAEF,OAAO;QACL,WAAW;QACX,UAAU;QACV,WAAW;QACX,eAAe;QACf,WAAW;QACX,aAAa;KACd,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,UAAsB,EACtB,MAKC;IAED,MAAM,cAAc,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;IACrD,MAAM,IAAI,GAAG,MAAM,4BAA4B,CAAC,UAAU,EAAE,EAAE,GAAG,MAAM,EAAE,cAAc,EAAE,CAAC,CAAC;IAC3F,MAAM,SAAS,GAAG,MAAM,yBAAyB,CAC/C,UAAU,EACV,IAAI,CAAC,WAAW,EAChB,CAAC,cAAc,CAAC,EAChB,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,WAAW,EAAE,CACjD,CAAC;IACF,OAAO;QACL,SAAS;QACT,aAAa,EAAE,IAAI,CAAC,aAAa;QACjC,WAAW,EAAE,IAAI,CAAC,WAAW;KAC9B,CAAC;AACJ,CAAC"}

package/dist/uab-receiver.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Read Ethereum-originated announcements mirrored on Solana by the `uab-receiver`
+ * program. The program verifies a posted Wormhole VAA and re-emits the canonical
+ * 96-byte payload as a `CrossChainAnnouncement` Anchor event; this module decodes
+ * those events into the same chain-neutral {@link Announcement} shape as native
+ * announcer logs, so the universal scan loop needs no special casing.
+ */
+import { Connection, PublicKey, type Finality } from "@solana/web3.js";
+import type { Announcement } from "@opaquecash/adapter";
+import { type UabPayload } from "@opaquecash/stealth-core";
+/** A decoded `CrossChainAnnouncement` event from the `uab-receiver` program. */
+export interface DecodedCrossChainAnnouncementEvent {
+    /** Wormhole chain id of the origin chain (Ethereum = 2). */
+    sourceChain: number;
+    /** Wormhole-formatted 32-byte emitter address on the origin chain. */
+    sourceEmitter: Uint8Array;
+    /** Wormhole sequence number of the carrying VAA. */
+    sequence: bigint;
+    /** Decoded canonical 96-byte payload. */
+    payload: UabPayload;
+}
+/**
+ * Decode a single `CrossChainAnnouncement` event payload (the bytes after the
+ * `Program data: ` base64 decode). Returns `null` when the discriminator does not
+ * match or the buffer is malformed.
+ */
+export declare function decodeCrossChainAnnouncementEventData(data: Uint8Array): DecodedCrossChainAnnouncementEvent | null;
+/** Map a decoded cross-chain event to the chain-neutral {@link Announcement} shape. */
+export declare function crossChainEventToAnnouncement(event: DecodedCrossChainAnnouncementEvent, provenance?: {
+    txHash?: string;
+    cursor?: bigint;
+}): Announcement;
+/**
+ * Decode every `CrossChainAnnouncement` event in a transaction's log messages.
+ * Non-matching `Program data:` lines are skipped, as are payloads whose scheme id
+ * is not secp256k1 (scheme 1).
+ */
+export declare function decodeCrossChainAnnouncementLogs(logs: string[], provenance?: {
+    txHash?: string;
+    cursor?: bigint;
+}): Announcement[];
+/**
+ * Fetch historical cross-chain announcements by walking recent signatures for the
+ * `uab-receiver` program and decoding each transaction's logs. Returns chain-neutral
+ * {@link Announcement}s (with the *origin* chain id) in signature order (newest first).
+ */
+export declare function fetchCrossChainAnnouncementsRange(connection: Connection, params: {
+    uabReceiverProgramId: PublicKey;
+    /** Max signatures to scan (RPC `getSignaturesForAddress` limit; default 1000). */
+    limit?: number;
+    /** Start searching backwards from this signature (pagination). */
+    before?: string;
+    /** Search until this signature (pagination). */
+    until?: string;
+    commitment?: Finality;
+}): Promise<Announcement[]>;
+//# sourceMappingURL=uab-receiver.d.ts.map