@permissionless-technologies/upp-sdk 0.2.1 → 0.3.0

package/dist/stark-BcTD1OaJ.d.cts

@@ -0,0 +1,185 @@
+import { Address, Hex } from 'viem';
+
+/**
+ * STARK Utilities — Amount scaling, witness building, Fiat-Shamir
+ *
+ * These functions must produce identical outputs to the Rust Stwo prover
+ * (stwo-prover/src/) and the Solidity verifier.
+ *
+ * M31 field: p = 2^31 - 1 = 2,147,483,647
+ * Amount precision: 0.001 tokens (1e15 wei scale factor)
+ */
+
+/** Matches Solidity STARK_AMOUNT_SCALE = 1e15 */
+declare const STARK_AMOUNT_SCALE: bigint;
+/** State tree depth (Merkle tree for commitments) */
+declare const STARK_STATE_TREE_DEPTH = 32;
+/** ASP tree depth */
+declare const STARK_ASP_TREE_DEPTH = 20;
+/** Check if a wei amount is STARK-scale aligned and fits in M31. */
+declare function isStarkAligned(amount: bigint): boolean;
+/**
+ * Scale a wei amount down for the STARK circuit.
+ * Precision: 0.001 tokens (1e15 wei). Max: ~2.1M tokens.
+ *
+ * @returns The scaled amount as a number (fits in M31)
+ * @throws If not aligned to STARK_AMOUNT_SCALE or exceeds M31
+ */
+declare function scaleAmountForStark(weiAmount: bigint): number;
+/** Truncate a bigint to fit in M31 (modular reduction). */
+declare function truncateToM31(value: bigint): number;
+/** Convert an Ethereum address to an M31 field element (truncated). */
+declare function addressToM31(addr: Address): number;
+/**
+ * Split a 254-bit spending secret into 8 M31 limbs (248 bits of entropy).
+ *
+ * Each limb holds 31 bits (reduced mod M31_P). The secret is split
+ * little-endian: limb[0] = lowest 31 bits, limb[7] = highest bits.
+ *
+ * This matches the Rust prover's expectation of `[M31; 8]` for owner_secret.
+ */
+declare function splitSecretToM31Limbs(secret: bigint): number[];
+/**
+ * Pack an M31 digest (4 M31 elements) into a uint128 for Solidity.
+ * Each element occupies 32 bits (little-endian packing).
+ */
+declare function packM31Digest(digest: [number, number, number, number]): bigint;
+/**
+ * Compute the Fiat-Shamir public inputs seed for a STARK withdrawal.
+ * Must produce the same hash as Solidity and Rust.
+ */
+declare function computeWithdrawPublicInputsSeed(params: {
+    nullifier: Hex;
+    stateRoot: bigint;
+    aspRoot: bigint;
+    aspId: bigint;
+    token: Address;
+    amount: bigint;
+    recipient: Address;
+    isRagequit: boolean;
+}): Hex;
+/**
+ * Compute the Fiat-Shamir public inputs seed for a STARK transfer.
+ * Must produce the same hash as Solidity and Rust.
+ */
+declare function computeTransferPublicInputsSeed(params: {
+    nullifier: Hex;
+    stateRoot: bigint;
+    aspRoot: bigint;
+    token: Address;
+    outputCommitment1: Hex;
+    outputCommitment2: Hex;
+}): Hex;
+/**
+ * Witness inputs for the STARK withdrawal prover.
+ * All numeric values are u32 (must fit in M31 field, i.e. < 2^31 - 1).
+ * Hex string fields are for Fiat-Shamir seed binding.
+ */
+interface StarkWithdrawWitness {
+    owner_secret: number[];
+    input_amount: number;
+    input_blinding: number;
+    input_origin: number;
+    token: number;
+    leaf_index: number;
+    state_path_elements: number[];
+    state_path_indices: number[];
+    asp_path_elements: number[];
+    asp_path_indices: number[];
+    withdraw_amount: number;
+    change_amount: number;
+    change_blinding: number;
+    recipient: number;
+    is_ragequit: number;
+    nullifier_hex: string;
+    state_root_hex: string;
+    asp_root_hex: string;
+    asp_id_hex: string;
+    token_address_hex: string;
+    amount_hex: string;
+    recipient_address_hex: string;
+    is_ragequit_bool: boolean;
+}
+/**
+ * Witness inputs for the STARK transfer prover (1-in-2-out).
+ * All numeric values are u32 (must fit in M31 field).
+ */
+interface StarkTransferWitness {
+    owner_secret: number[];
+    input_amount: number;
+    input_blinding: number;
+    input_origin: number;
+    token: number;
+    leaf_index: number;
+    state_path_elements: number[];
+    state_path_indices: number[];
+    asp_path_elements: number[];
+    asp_path_indices: number[];
+    output1_amount: number;
+    output1_owner_hash: [number, number, number, number];
+    output1_blinding: number;
+    output1_origin: number;
+    output2_amount: number;
+    output2_owner_hash: [number, number, number, number];
+    output2_blinding: number;
+    output2_origin: number;
+    is_ragequit: number;
+    nullifier_hex: string;
+    state_root_hex: string;
+    asp_root_hex: string;
+    token_address_hex: string;
+    output_commitment_1_hex: string;
+    output_commitment_2_hex: string;
+}
+/**
+ * Build a complete STARK withdrawal witness from note data.
+ */
+declare function buildStarkWithdrawWitness(params: {
+    ownerSecret: number[];
+    inputAmount: number;
+    inputBlinding: number;
+    inputOrigin: number;
+    token: number;
+    leafIndex: number;
+    withdrawAmount: number;
+    changeAmount: number;
+    changeBlinding: number;
+    recipient: number;
+    isRagequit: number;
+    nullifierHex: Hex;
+    stateRootBigInt: bigint;
+    aspRootBigInt: bigint;
+    aspIdBigInt: bigint;
+    tokenAddress: Address;
+    amountWei: bigint;
+    recipientAddress: Address;
+    isRagequitBool: boolean;
+}): StarkWithdrawWitness;
+/**
+ * Build a complete STARK transfer witness (1-in-2-out).
+ */
+declare function buildStarkTransferWitness(params: {
+    ownerSecret: number[];
+    inputAmount: number;
+    inputBlinding: number;
+    inputOrigin: number;
+    token: number;
+    leafIndex: number;
+    output1Amount: number;
+    output1OwnerHash: [number, number, number, number];
+    output1Blinding: number;
+    output1Origin: number;
+    output2Amount: number;
+    output2OwnerHash: [number, number, number, number];
+    output2Blinding: number;
+    output2Origin: number;
+    isRagequit: number;
+    nullifierHex: Hex;
+    stateRootBigInt: bigint;
+    aspRootBigInt: bigint;
+    tokenAddress: Address;
+    outputCommitment1Hex: Hex;
+    outputCommitment2Hex: Hex;
+}): StarkTransferWitness;
+
+export { STARK_AMOUNT_SCALE as S, STARK_ASP_TREE_DEPTH as a, STARK_STATE_TREE_DEPTH as b, type StarkTransferWitness as c, type StarkWithdrawWitness as d, addressToM31 as e, buildStarkTransferWitness as f, buildStarkWithdrawWitness as g, computeTransferPublicInputsSeed as h, computeWithdrawPublicInputsSeed as i, isStarkAligned as j, splitSecretToM31Limbs as k, packM31Digest as p, scaleAmountForStark as s, truncateToM31 as t };

package/dist/stark-BcTD1OaJ.d.ts

@@ -0,0 +1,185 @@
+import { Address, Hex } from 'viem';
+
+/**
+ * STARK Utilities — Amount scaling, witness building, Fiat-Shamir
+ *
+ * These functions must produce identical outputs to the Rust Stwo prover
+ * (stwo-prover/src/) and the Solidity verifier.
+ *
+ * M31 field: p = 2^31 - 1 = 2,147,483,647
+ * Amount precision: 0.001 tokens (1e15 wei scale factor)
+ */
+
+/** Matches Solidity STARK_AMOUNT_SCALE = 1e15 */
+declare const STARK_AMOUNT_SCALE: bigint;
+/** State tree depth (Merkle tree for commitments) */
+declare const STARK_STATE_TREE_DEPTH = 32;
+/** ASP tree depth */
+declare const STARK_ASP_TREE_DEPTH = 20;
+/** Check if a wei amount is STARK-scale aligned and fits in M31. */
+declare function isStarkAligned(amount: bigint): boolean;
+/**
+ * Scale a wei amount down for the STARK circuit.
+ * Precision: 0.001 tokens (1e15 wei). Max: ~2.1M tokens.
+ *
+ * @returns The scaled amount as a number (fits in M31)
+ * @throws If not aligned to STARK_AMOUNT_SCALE or exceeds M31
+ */
+declare function scaleAmountForStark(weiAmount: bigint): number;
+/** Truncate a bigint to fit in M31 (modular reduction). */
+declare function truncateToM31(value: bigint): number;
+/** Convert an Ethereum address to an M31 field element (truncated). */
+declare function addressToM31(addr: Address): number;
+/**
+ * Split a 254-bit spending secret into 8 M31 limbs (248 bits of entropy).
+ *
+ * Each limb holds 31 bits (reduced mod M31_P). The secret is split
+ * little-endian: limb[0] = lowest 31 bits, limb[7] = highest bits.
+ *
+ * This matches the Rust prover's expectation of `[M31; 8]` for owner_secret.
+ */
+declare function splitSecretToM31Limbs(secret: bigint): number[];
+/**
+ * Pack an M31 digest (4 M31 elements) into a uint128 for Solidity.
+ * Each element occupies 32 bits (little-endian packing).
+ */
+declare function packM31Digest(digest: [number, number, number, number]): bigint;
+/**
+ * Compute the Fiat-Shamir public inputs seed for a STARK withdrawal.
+ * Must produce the same hash as Solidity and Rust.
+ */
+declare function computeWithdrawPublicInputsSeed(params: {
+    nullifier: Hex;
+    stateRoot: bigint;
+    aspRoot: bigint;
+    aspId: bigint;
+    token: Address;
+    amount: bigint;
+    recipient: Address;
+    isRagequit: boolean;
+}): Hex;
+/**
+ * Compute the Fiat-Shamir public inputs seed for a STARK transfer.
+ * Must produce the same hash as Solidity and Rust.
+ */
+declare function computeTransferPublicInputsSeed(params: {
+    nullifier: Hex;
+    stateRoot: bigint;
+    aspRoot: bigint;
+    token: Address;
+    outputCommitment1: Hex;
+    outputCommitment2: Hex;
+}): Hex;
+/**
+ * Witness inputs for the STARK withdrawal prover.
+ * All numeric values are u32 (must fit in M31 field, i.e. < 2^31 - 1).
+ * Hex string fields are for Fiat-Shamir seed binding.
+ */
+interface StarkWithdrawWitness {
+    owner_secret: number[];
+    input_amount: number;
+    input_blinding: number;
+    input_origin: number;
+    token: number;
+    leaf_index: number;
+    state_path_elements: number[];
+    state_path_indices: number[];
+    asp_path_elements: number[];
+    asp_path_indices: number[];
+    withdraw_amount: number;
+    change_amount: number;
+    change_blinding: number;
+    recipient: number;
+    is_ragequit: number;
+    nullifier_hex: string;
+    state_root_hex: string;
+    asp_root_hex: string;
+    asp_id_hex: string;
+    token_address_hex: string;
+    amount_hex: string;
+    recipient_address_hex: string;
+    is_ragequit_bool: boolean;
+}
+/**
+ * Witness inputs for the STARK transfer prover (1-in-2-out).
+ * All numeric values are u32 (must fit in M31 field).
+ */
+interface StarkTransferWitness {
+    owner_secret: number[];
+    input_amount: number;
+    input_blinding: number;
+    input_origin: number;
+    token: number;
+    leaf_index: number;
+    state_path_elements: number[];
+    state_path_indices: number[];
+    asp_path_elements: number[];
+    asp_path_indices: number[];
+    output1_amount: number;
+    output1_owner_hash: [number, number, number, number];
+    output1_blinding: number;
+    output1_origin: number;
+    output2_amount: number;
+    output2_owner_hash: [number, number, number, number];
+    output2_blinding: number;
+    output2_origin: number;
+    is_ragequit: number;
+    nullifier_hex: string;
+    state_root_hex: string;
+    asp_root_hex: string;
+    token_address_hex: string;
+    output_commitment_1_hex: string;
+    output_commitment_2_hex: string;
+}
+/**
+ * Build a complete STARK withdrawal witness from note data.
+ */
+declare function buildStarkWithdrawWitness(params: {
+    ownerSecret: number[];
+    inputAmount: number;
+    inputBlinding: number;
+    inputOrigin: number;
+    token: number;
+    leafIndex: number;
+    withdrawAmount: number;
+    changeAmount: number;
+    changeBlinding: number;
+    recipient: number;
+    isRagequit: number;
+    nullifierHex: Hex;
+    stateRootBigInt: bigint;
+    aspRootBigInt: bigint;
+    aspIdBigInt: bigint;
+    tokenAddress: Address;
+    amountWei: bigint;
+    recipientAddress: Address;
+    isRagequitBool: boolean;
+}): StarkWithdrawWitness;
+/**
+ * Build a complete STARK transfer witness (1-in-2-out).
+ */
+declare function buildStarkTransferWitness(params: {
+    ownerSecret: number[];
+    inputAmount: number;
+    inputBlinding: number;
+    inputOrigin: number;
+    token: number;
+    leafIndex: number;
+    output1Amount: number;
+    output1OwnerHash: [number, number, number, number];
+    output1Blinding: number;
+    output1Origin: number;
+    output2Amount: number;
+    output2OwnerHash: [number, number, number, number];
+    output2Blinding: number;
+    output2Origin: number;
+    isRagequit: number;
+    nullifierHex: Hex;
+    stateRootBigInt: bigint;
+    aspRootBigInt: bigint;
+    tokenAddress: Address;
+    outputCommitment1Hex: Hex;
+    outputCommitment2Hex: Hex;
+}): StarkTransferWitness;
+
+export { STARK_AMOUNT_SCALE as S, STARK_ASP_TREE_DEPTH as a, STARK_STATE_TREE_DEPTH as b, type StarkTransferWitness as c, type StarkWithdrawWitness as d, addressToM31 as e, buildStarkTransferWitness as f, buildStarkWithdrawWitness as g, computeTransferPublicInputsSeed as h, computeWithdrawPublicInputsSeed as i, isStarkAligned as j, splitSecretToM31Limbs as k, packM31Digest as p, scaleAmountForStark as s, truncateToM31 as t };

package/dist/{transfer-SA4NHNJ7.cjs → transfer-6ZIVZ6JY.cjs}

@@ -1,6 +1,6 @@
 'use strict';
 
-var chunk46GGZ3TC_cjs = require('./chunk-46GGZ3TC.cjs');
+var chunkX4DLTVOG_cjs = require('./chunk-X4DLTVOG.cjs');
 require('./chunk-NDM5EJEV.cjs');
 require('./chunk-EUP7MBAH.cjs');
 require('./chunk-JWNXBALH.cjs');
@@ -11,27 +11,27 @@ require('./chunk-G7VZBCD6.cjs');
 
 Object.defineProperty(exports, "buildTransfer", {
   enumerable: true,
-  get: function () { return chunk46GGZ3TC_cjs.buildTransfer; }
+  get: function () { return chunkX4DLTVOG_cjs.buildTransfer; }
 });
 Object.defineProperty(exports, "buildUPPTransferCircuitInputs", {
   enumerable: true,
-  get: function () { return chunk46GGZ3TC_cjs.buildUPPTransferCircuitInputs; }
+  get: function () { return chunkX4DLTVOG_cjs.buildUPPTransferCircuitInputs; }
 });
 Object.defineProperty(exports, "computeNullifier", {
   enumerable: true,
-  get: function () { return chunk46GGZ3TC_cjs.computeNullifier; }
+  get: function () { return chunkX4DLTVOG_cjs.computeNullifier; }
 });
 Object.defineProperty(exports, "formatOutputForContract", {
   enumerable: true,
-  get: function () { return chunk46GGZ3TC_cjs.formatOutputForContract; }
+  get: function () { return chunkX4DLTVOG_cjs.formatOutputForContract; }
 });
 Object.defineProperty(exports, "getMerkleProofsForNotes", {
   enumerable: true,
-  get: function () { return chunk46GGZ3TC_cjs.getMerkleProofsForNotes; }
+  get: function () { return chunkX4DLTVOG_cjs.getMerkleProofsForNotes; }
 });
 Object.defineProperty(exports, "syncMerkleTree", {
   enumerable: true,
-  get: function () { return chunk46GGZ3TC_cjs.syncMerkleTree; }
+  get: function () { return chunkX4DLTVOG_cjs.syncMerkleTree; }
 });
-//# sourceMappingURL=transfer-SA4NHNJ7.cjs.map
-//# sourceMappingURL=transfer-SA4NHNJ7.cjs.map
+//# sourceMappingURL=transfer-6ZIVZ6JY.cjs.map
+//# sourceMappingURL=transfer-6ZIVZ6JY.cjs.map

package/dist/{transfer-SA4NHNJ7.cjs.map → transfer-6ZIVZ6JY.cjs.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"transfer-SA4NHNJ7.cjs"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"transfer-6ZIVZ6JY.cjs"}

package/dist/{transfer-DKZuJnRM.d.cts → transfer-BzyernBd.d.cts}

@@ -165,8 +165,6 @@ type Commitment = Hex;
  */
 type Nullifier = Hex;
 
-/** STARK amount scaling: 1e15 wei per STARK unit (matches contract) */
-declare const STARK_AMOUNT_SCALE: bigint;
 /**
  * A private STARK note in the Universal Private Pool.
  *
@@ -1267,4 +1265,4 @@ declare function formatOutputForContract(note: NoteCreationResult): {
     encryptedNote: Hex;
 };
 
-export { buildUPPTransferCircuitInputs as $, type ASPProof as A, type StealthCircuitType as B, type CircuitArtifacts as C, DEMO_ASP_ID as D, type EncryptedNote as E, type StealthMetaAddress as F, type SwapFillEvent as G, type SwapFillParams as H, type SwapOrder as I, type SwapOrderEvent as J, type SwapOrderParams as K, type TransferContext as L, type MergeParams as M, NOTE_VERSION as N, type TransferParams as O, type Proof as P, type TransferStage as Q, RATE_PRECISION as R, STARK_AMOUNT_SCALE as S, type TransferBuildResult as T, type UPPCircuitInputs as U, type UPPCircuitType as V, type UPPTransferCircuitInputs as W, type UPPWithdrawCircuitInputs as X, type WithdrawParams as Y, buildASPTree as Z, buildTransfer as _, type ASPRoot as a, computeCancelKeyHash as a0, computeFillPercentage as a1, computeGiveAmount as a2, computeMultiOriginASPRoot as a3, computeNullifier as a4, computeRate as a5, computeSingleOriginASPRoot as a6, computeTakeAmount as a7, computeTotalBuyAmount as a8, createDemoASPRoot as a9, useUPPAccount as aA, UPPAccountProvider as aB, type UPPAccountContextType as aC, type ProofSystemType as aD, type IndexerConfig as aE, type SignTypedDataFn as aF, ASP_TREE_DEPTH as aG, filterOrdersByASP as aa, filterOrdersByTokenPair as ab, formatOutputForContract as ac, formatProofForContract as ad, formatRate as ae, generateASPProof as af, generateCancelSecret as ag, generateMultiOriginASPProof as ah, generateProof as ai, generateSingleOriginASPProof as aj, generateStealthProof as ak, generateUPPProof as al, getCancelSecret as am, getMerkleProofsForNotes as an, getOwnOrderIds as ao, getStealthCircuitArtifacts as ap, getUPPCircuitArtifacts as aq, isFillerASPAccepted as ar, isOrderActive as as, removeCancelSecret as at, storeCancelSecret as au, syncMerkleTree as av, verifyASPProof as aw, verifyProof as ax, type NoteCreationResult as ay, type ShieldedNote as az, ASP_TREE_DEPTH$1 as b, type CircuitType as c, type Commitment as d, DEMO_ASP_NAME as e, type MergeRecord as f, type MerkleProofWithNote as g, type Note as h, type NoteWithAmount as i, type Nullifier as j, type ProofResult as k, STATE_TREE_DEPTH as l, SWAP_EVENTS_ABI as m, SWAP_ORDER_CANCELLED_EVENT as n, SWAP_ORDER_CLAIMED_EVENT as o, SWAP_ORDER_FILLED_EVENT as p, SWAP_ORDER_PLACED_EVENT as q, type ShieldParams as r, type SpendableNote as s, type StarkNote as t, type StarkProof as u, type StarkStealthMetaAddress as v, type Stealth1x2CircuitInputs as w, type Stealth2x2CircuitInputs as x, type StealthAddress as y, type StealthCircuitInputs as z };
+export { computeCancelKeyHash as $, type ASPProof as A, type StealthMetaAddress as B, type CircuitArtifacts as C, DEMO_ASP_ID as D, type EncryptedNote as E, type SwapFillEvent as F, type SwapFillParams as G, type SwapOrder as H, type SwapOrderEvent as I, type SwapOrderParams as J, type TransferContext as K, type TransferParams as L, type MergeParams as M, NOTE_VERSION as N, type TransferStage as O, type Proof as P, type UPPCircuitType as Q, RATE_PRECISION as R, STATE_TREE_DEPTH as S, type TransferBuildResult as T, type UPPCircuitInputs as U, type UPPTransferCircuitInputs as V, type UPPWithdrawCircuitInputs as W, type WithdrawParams as X, buildASPTree as Y, buildTransfer as Z, buildUPPTransferCircuitInputs as _, type ASPRoot as a, computeFillPercentage as a0, computeGiveAmount as a1, computeMultiOriginASPRoot as a2, computeNullifier as a3, computeRate as a4, computeSingleOriginASPRoot as a5, computeTakeAmount as a6, computeTotalBuyAmount as a7, createDemoASPRoot as a8, filterOrdersByASP as a9, UPPAccountProvider as aA, type UPPAccountContextType as aB, type ProofSystemType as aC, type IndexerConfig as aD, type SignTypedDataFn as aE, ASP_TREE_DEPTH as aF, filterOrdersByTokenPair as aa, formatOutputForContract as ab, formatProofForContract as ac, formatRate as ad, generateASPProof as ae, generateCancelSecret as af, generateMultiOriginASPProof as ag, generateProof as ah, generateSingleOriginASPProof as ai, generateStealthProof as aj, generateUPPProof as ak, getCancelSecret as al, getMerkleProofsForNotes as am, getOwnOrderIds as an, getStealthCircuitArtifacts as ao, getUPPCircuitArtifacts as ap, isFillerASPAccepted as aq, isOrderActive as ar, removeCancelSecret as as, storeCancelSecret as at, syncMerkleTree as au, verifyASPProof as av, verifyProof as aw, type NoteCreationResult as ax, type ShieldedNote as ay, useUPPAccount as az, ASP_TREE_DEPTH$1 as b, type CircuitType as c, type Commitment as d, DEMO_ASP_NAME as e, type MergeRecord as f, type MerkleProofWithNote as g, type Note as h, type NoteWithAmount as i, type Nullifier as j, type ProofResult as k, SWAP_EVENTS_ABI as l, SWAP_ORDER_CANCELLED_EVENT as m, SWAP_ORDER_CLAIMED_EVENT as n, SWAP_ORDER_FILLED_EVENT as o, SWAP_ORDER_PLACED_EVENT as p, type ShieldParams as q, type SpendableNote as r, type StarkNote as s, type StarkProof as t, type StarkStealthMetaAddress as u, type Stealth1x2CircuitInputs as v, type Stealth2x2CircuitInputs as w, type StealthAddress as x, type StealthCircuitInputs as y, type StealthCircuitType as z };

package/dist/{transfer-4OF2JWXX.js → transfer-CDXC3OQW.js}

@@ -1,8 +1,8 @@
-export { buildTransfer, buildUPPTransferCircuitInputs, computeNullifier, formatOutputForContract, getMerkleProofsForNotes, syncMerkleTree } from './chunk-CZ23JMAQ.js';
+export { buildTransfer, buildUPPTransferCircuitInputs, computeNullifier, formatOutputForContract, getMerkleProofsForNotes, syncMerkleTree } from './chunk-QBCLFGMV.js';
 import './chunk-P37MRZ73.js';
 import './chunk-ZU6J7KMY.js';
 import './chunk-V23OSL25.js';
 import './chunk-S4B7GYLN.js';
 import './chunk-Z6ZWNWWR.js';
-//# sourceMappingURL=transfer-4OF2JWXX.js.map
-//# sourceMappingURL=transfer-4OF2JWXX.js.map
+//# sourceMappingURL=transfer-CDXC3OQW.js.map
+//# sourceMappingURL=transfer-CDXC3OQW.js.map

package/dist/{transfer-4OF2JWXX.js.map → transfer-CDXC3OQW.js.map}

@@ -1 +1 @@
-{"version":3,"sources":[],"names":[],"mappings":"","file":"transfer-4OF2JWXX.js"}
+{"version":3,"sources":[],"names":[],"mappings":"","file":"transfer-CDXC3OQW.js"}

package/dist/{transfer-BlmbO-Rd.d.ts → transfer-sqS6mJko.d.ts}

@@ -165,8 +165,6 @@ type Commitment = Hex;
  */
 type Nullifier = Hex;
 
-/** STARK amount scaling: 1e15 wei per STARK unit (matches contract) */
-declare const STARK_AMOUNT_SCALE: bigint;
 /**
  * A private STARK note in the Universal Private Pool.
  *
@@ -1267,4 +1265,4 @@ declare function formatOutputForContract(note: NoteCreationResult): {
     encryptedNote: Hex;
 };
 
-export { buildUPPTransferCircuitInputs as $, type ASPProof as A, type StealthCircuitType as B, type CircuitArtifacts as C, DEMO_ASP_ID as D, type EncryptedNote as E, type StealthMetaAddress as F, type SwapFillEvent as G, type SwapFillParams as H, type SwapOrder as I, type SwapOrderEvent as J, type SwapOrderParams as K, type TransferContext as L, type MergeParams as M, NOTE_VERSION as N, type TransferParams as O, type Proof as P, type TransferStage as Q, RATE_PRECISION as R, STARK_AMOUNT_SCALE as S, type TransferBuildResult as T, type UPPCircuitInputs as U, type UPPCircuitType as V, type UPPTransferCircuitInputs as W, type UPPWithdrawCircuitInputs as X, type WithdrawParams as Y, buildASPTree as Z, buildTransfer as _, type ASPRoot as a, computeCancelKeyHash as a0, computeFillPercentage as a1, computeGiveAmount as a2, computeMultiOriginASPRoot as a3, computeNullifier as a4, computeRate as a5, computeSingleOriginASPRoot as a6, computeTakeAmount as a7, computeTotalBuyAmount as a8, createDemoASPRoot as a9, useUPPAccount as aA, UPPAccountProvider as aB, type UPPAccountContextType as aC, type ProofSystemType as aD, type IndexerConfig as aE, type SignTypedDataFn as aF, ASP_TREE_DEPTH as aG, filterOrdersByASP as aa, filterOrdersByTokenPair as ab, formatOutputForContract as ac, formatProofForContract as ad, formatRate as ae, generateASPProof as af, generateCancelSecret as ag, generateMultiOriginASPProof as ah, generateProof as ai, generateSingleOriginASPProof as aj, generateStealthProof as ak, generateUPPProof as al, getCancelSecret as am, getMerkleProofsForNotes as an, getOwnOrderIds as ao, getStealthCircuitArtifacts as ap, getUPPCircuitArtifacts as aq, isFillerASPAccepted as ar, isOrderActive as as, removeCancelSecret as at, storeCancelSecret as au, syncMerkleTree as av, verifyASPProof as aw, verifyProof as ax, type NoteCreationResult as ay, type ShieldedNote as az, ASP_TREE_DEPTH$1 as b, type CircuitType as c, type Commitment as d, DEMO_ASP_NAME as e, type MergeRecord as f, type MerkleProofWithNote as g, type Note as h, type NoteWithAmount as i, type Nullifier as j, type ProofResult as k, STATE_TREE_DEPTH as l, SWAP_EVENTS_ABI as m, SWAP_ORDER_CANCELLED_EVENT as n, SWAP_ORDER_CLAIMED_EVENT as o, SWAP_ORDER_FILLED_EVENT as p, SWAP_ORDER_PLACED_EVENT as q, type ShieldParams as r, type SpendableNote as s, type StarkNote as t, type StarkProof as u, type StarkStealthMetaAddress as v, type Stealth1x2CircuitInputs as w, type Stealth2x2CircuitInputs as x, type StealthAddress as y, type StealthCircuitInputs as z };
+export { computeCancelKeyHash as $, type ASPProof as A, type StealthMetaAddress as B, type CircuitArtifacts as C, DEMO_ASP_ID as D, type EncryptedNote as E, type SwapFillEvent as F, type SwapFillParams as G, type SwapOrder as H, type SwapOrderEvent as I, type SwapOrderParams as J, type TransferContext as K, type TransferParams as L, type MergeParams as M, NOTE_VERSION as N, type TransferStage as O, type Proof as P, type UPPCircuitType as Q, RATE_PRECISION as R, STATE_TREE_DEPTH as S, type TransferBuildResult as T, type UPPCircuitInputs as U, type UPPTransferCircuitInputs as V, type UPPWithdrawCircuitInputs as W, type WithdrawParams as X, buildASPTree as Y, buildTransfer as Z, buildUPPTransferCircuitInputs as _, type ASPRoot as a, computeFillPercentage as a0, computeGiveAmount as a1, computeMultiOriginASPRoot as a2, computeNullifier as a3, computeRate as a4, computeSingleOriginASPRoot as a5, computeTakeAmount as a6, computeTotalBuyAmount as a7, createDemoASPRoot as a8, filterOrdersByASP as a9, UPPAccountProvider as aA, type UPPAccountContextType as aB, type ProofSystemType as aC, type IndexerConfig as aD, type SignTypedDataFn as aE, ASP_TREE_DEPTH as aF, filterOrdersByTokenPair as aa, formatOutputForContract as ab, formatProofForContract as ac, formatRate as ad, generateASPProof as ae, generateCancelSecret as af, generateMultiOriginASPProof as ag, generateProof as ah, generateSingleOriginASPProof as ai, generateStealthProof as aj, generateUPPProof as ak, getCancelSecret as al, getMerkleProofsForNotes as am, getOwnOrderIds as an, getStealthCircuitArtifacts as ao, getUPPCircuitArtifacts as ap, isFillerASPAccepted as aq, isOrderActive as ar, removeCancelSecret as as, storeCancelSecret as at, syncMerkleTree as au, verifyASPProof as av, verifyProof as aw, type NoteCreationResult as ax, type ShieldedNote as ay, useUPPAccount as az, ASP_TREE_DEPTH$1 as b, type CircuitType as c, type Commitment as d, DEMO_ASP_NAME as e, type MergeRecord as f, type MerkleProofWithNote as g, type Note as h, type NoteWithAmount as i, type Nullifier as j, type ProofResult as k, SWAP_EVENTS_ABI as l, SWAP_ORDER_CANCELLED_EVENT as m, SWAP_ORDER_CLAIMED_EVENT as n, SWAP_ORDER_FILLED_EVENT as o, SWAP_ORDER_PLACED_EVENT as p, type ShieldParams as q, type SpendableNote as r, type StarkNote as s, type StarkProof as t, type StarkStealthMetaAddress as u, type Stealth1x2CircuitInputs as v, type Stealth2x2CircuitInputs as w, type StealthAddress as x, type StealthCircuitInputs as y, type StealthCircuitType as z };

package/dist/utils/index.cjs

@@ -1,7 +1,8 @@
 'use strict';
 
-require('../chunk-GQV47S3N.cjs');
+require('../chunk-PTDVGWHU.cjs');
 var chunkTSF6HEVS_cjs = require('../chunk-TSF6HEVS.cjs');
+var chunk3YZSIYJC_cjs = require('../chunk-3YZSIYJC.cjs');
 var chunkEUP7MBAH_cjs = require('../chunk-EUP7MBAH.cjs');
 var chunkBH24DZ5S_cjs = require('../chunk-BH24DZ5S.cjs');
 var chunk3HQ7A6ZM_cjs = require('../chunk-3HQ7A6ZM.cjs');
@@ -58,6 +59,58 @@ Object.defineProperty(exports, "tupleToPoint", {
   enumerable: true,
   get: function () { return chunkTSF6HEVS_cjs.tupleToPoint; }
 });
+Object.defineProperty(exports, "STARK_AMOUNT_SCALE", {
+  enumerable: true,
+  get: function () { return chunk3YZSIYJC_cjs.STARK_AMOUNT_SCALE; }
+});
+Object.defineProperty(exports, "STARK_ASP_TREE_DEPTH", {
+  enumerable: true,
+  get: function () { return chunk3YZSIYJC_cjs.STARK_ASP_TREE_DEPTH; }
+});
+Object.defineProperty(exports, "STARK_STATE_TREE_DEPTH", {
+  enumerable: true,
+  get: function () { return chunk3YZSIYJC_cjs.STARK_STATE_TREE_DEPTH; }
+});
+Object.defineProperty(exports, "addressToM31", {
+  enumerable: true,
+  get: function () { return chunk3YZSIYJC_cjs.addressToM31; }
+});
+Object.defineProperty(exports, "buildStarkTransferWitness", {
+  enumerable: true,
+  get: function () { return chunk3YZSIYJC_cjs.buildStarkTransferWitness; }
+});
+Object.defineProperty(exports, "buildStarkWithdrawWitness", {
+  enumerable: true,
+  get: function () { return chunk3YZSIYJC_cjs.buildStarkWithdrawWitness; }
+});
+Object.defineProperty(exports, "computeTransferPublicInputsSeed", {
+  enumerable: true,
+  get: function () { return chunk3YZSIYJC_cjs.computeTransferPublicInputsSeed; }
+});
+Object.defineProperty(exports, "computeWithdrawPublicInputsSeed", {
+  enumerable: true,
+  get: function () { return chunk3YZSIYJC_cjs.computeWithdrawPublicInputsSeed; }
+});
+Object.defineProperty(exports, "isStarkAligned", {
+  enumerable: true,
+  get: function () { return chunk3YZSIYJC_cjs.isStarkAligned; }
+});
+Object.defineProperty(exports, "packM31Digest", {
+  enumerable: true,
+  get: function () { return chunk3YZSIYJC_cjs.packM31Digest; }
+});
+Object.defineProperty(exports, "scaleAmountForStark", {
+  enumerable: true,
+  get: function () { return chunk3YZSIYJC_cjs.scaleAmountForStark; }
+});
+Object.defineProperty(exports, "splitSecretToM31Limbs", {
+  enumerable: true,
+  get: function () { return chunk3YZSIYJC_cjs.splitSecretToM31Limbs; }
+});
+Object.defineProperty(exports, "truncateToM31", {
+  enumerable: true,
+  get: function () { return chunk3YZSIYJC_cjs.truncateToM31; }
+});
 Object.defineProperty(exports, "MAX_TREE_DEPTH", {
   enumerable: true,
   get: function () { return chunkEUP7MBAH_cjs.MAX_TREE_DEPTH; }

package/dist/utils/index.d.cts

@@ -1,5 +1,7 @@
 export { M as MAX_TREE_DEPTH, a as MerkleProof, b as MerkleTree, P as Point, c as addPoints, d as buildMerkleTree, e as computeSharedSecret, f as deriveDecryptionViewingKey, g as deriveEncryptionViewingKey, h as getBasePoint, i as getMerkleProof, j as getSubOrder, k as isOnCurve, m as mulPointScalar, p as packPoint, l as pointToTuple, n as privateToPublic, t as tupleToPoint, v as verifyMerkleProof } from '../merkle-mteVOlDf.cjs';
+export { S as STARK_AMOUNT_SCALE, a as STARK_ASP_TREE_DEPTH, b as STARK_STATE_TREE_DEPTH, c as StarkTransferWitness, d as StarkWithdrawWitness, e as addressToM31, f as buildStarkTransferWitness, g as buildStarkWithdrawWitness, h as computeTransferPublicInputsSeed, i as computeWithdrawPublicInputsSeed, j as isStarkAligned, p as packM31Digest, s as scaleAmountForStark, k as splitSecretToM31Limbs, t as truncateToM31 } from '../stark-BcTD1OaJ.cjs';
 export { D as DIGEST_SIZE, a as M31Digest, M as M31Secret, b as M31_P, S as SECRET_LIMBS, c as computeStarkCommitment, d as computeStarkNullifier, e as computeStarkOwnerHash, k as keccakHashTwo, f as keccakM31, s as splitToM31Limbs } from '../keccak-m31-B_AqBbRF.cjs';
+import 'viem';
 
 /**
  * Poseidon Hash Utilities

package/dist/utils/index.d.ts

@@ -1,5 +1,7 @@
 export { M as MAX_TREE_DEPTH, a as MerkleProof, b as MerkleTree, P as Point, c as addPoints, d as buildMerkleTree, e as computeSharedSecret, f as deriveDecryptionViewingKey, g as deriveEncryptionViewingKey, h as getBasePoint, i as getMerkleProof, j as getSubOrder, k as isOnCurve, m as mulPointScalar, p as packPoint, l as pointToTuple, n as privateToPublic, t as tupleToPoint, v as verifyMerkleProof } from '../merkle-mteVOlDf.js';
+export { S as STARK_AMOUNT_SCALE, a as STARK_ASP_TREE_DEPTH, b as STARK_STATE_TREE_DEPTH, c as StarkTransferWitness, d as StarkWithdrawWitness, e as addressToM31, f as buildStarkTransferWitness, g as buildStarkWithdrawWitness, h as computeTransferPublicInputsSeed, i as computeWithdrawPublicInputsSeed, j as isStarkAligned, p as packM31Digest, s as scaleAmountForStark, k as splitSecretToM31Limbs, t as truncateToM31 } from '../stark-BcTD1OaJ.js';
 export { D as DIGEST_SIZE, a as M31Digest, M as M31Secret, b as M31_P, S as SECRET_LIMBS, c as computeStarkCommitment, d as computeStarkNullifier, e as computeStarkOwnerHash, k as keccakHashTwo, f as keccakM31, s as splitToM31Limbs } from '../keccak-m31-B_AqBbRF.js';
+import 'viem';
 
 /**
  * Poseidon Hash Utilities

package/dist/utils/index.js

@@ -1,5 +1,6 @@
-import '../chunk-NCW4AE7L.js';
+import '../chunk-UAVWYXDN.js';
 export { addPoints, computeSharedSecret, deriveDecryptionViewingKey, deriveEncryptionViewingKey, getBasePoint, getSubOrder, isOnCurve, mulPointScalar, packPoint, pointToTuple, privateToPublic, tupleToPoint } from '../chunk-YOWDERVC.js';
+export { STARK_AMOUNT_SCALE, STARK_ASP_TREE_DEPTH, STARK_STATE_TREE_DEPTH, addressToM31, buildStarkTransferWitness, buildStarkWithdrawWitness, computeTransferPublicInputsSeed, computeWithdrawPublicInputsSeed, isStarkAligned, packM31Digest, scaleAmountForStark, splitSecretToM31Limbs, truncateToM31 } from '../chunk-XBNYAAMU.js';
 export { MAX_TREE_DEPTH, MerkleTree, buildMerkleTree, getMerkleProof, verifyMerkleProof } from '../chunk-ZU6J7KMY.js';
 export { DIGEST_SIZE, M31_P, SECRET_LIMBS, computeStarkCommitment, computeStarkNullifier, computeStarkOwnerHash, keccakHashTwo, keccakM31, splitToM31Limbs } from '../chunk-5V5HSN6Y.js';
 export { bigintToBytes, bytesToBigint, bytesToHex, hexToBytes, randomBytes, randomFieldElement } from '../chunk-W77GRBO4.js';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@permissionless-technologies/upp-sdk",
-  "version": "0.2.1",
+  "version": "0.3.0",
   "description": "Universal Private Pool SDK - Privacy-preserving token operations for any ERC20",
   "type": "module",
   "main": "./dist/index.cjs",

package/src/deployments/31337.json

@@ -15,5 +15,5 @@
     "CircleStarkVerifier": "0x0dcd1bf9a1b36ce34237eeafef220932846bcd82"
   },
   "deployBlock": 1,
-  "deployTimestamp": 1774604726045
+  "deployTimestamp": 1774617727738
 }

package/dist/chunk-C7QQOJ7T.cjs.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/core/client.ts","../src/core/types.ts","../src/core/note.ts","../src/core/index.ts","../src/core/account.ts"],"names":["init_stealth"],"mappings":";;;;;AAoFO,SAAS,gBAAgB,OAAA,EAAqC;AAEnE,EAAA,MAAM,IAAI,MAAM,iBAAiB,CAAA;AACnC;;;AC9EO,IAAM,YAAA,GAAe;AA4KrB,IAAM,qBAAqB,GAAA,IAAO;;;AC3IlC,SAAS,WAAW,MAAA,EAAgC;AACzD,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAO,QAAQ,MAAA,EAAQ,IAAA,EAAM,UAAS,GAAI,MAAA;AAG1D,EAAA,MAAM,YAAA,GAAe,YAAY,sBAAA,EAAuB;AAExD,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,YAAA;AAAA,IACT,MAAA;AAAA,IACA,QAAA,EAAU,YAAA;AAAA,IACV,MAAA;AAAA,IACA,MAAA;AAAA,IACA,KAAA;AAAA,IACA,IAAA;AAAA,IACA,WAAW,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI;AAAA,GACzC;AACF;AASO,SAAS,WAAA,CAAY,OAAa,aAAA,EAA0C;AAEjF,EAAA,MAAM,IAAI,MAAM,iBAAiB,CAAA;AACnC;AASO,SAAS,WAAA,CAAY,YAA2B,aAAA,EAAwC;AAE7F,EAAA,MAAM,IAAI,MAAM,iBAAiB,CAAA;AACnC;AAyBA,SAAS,sBAAA,GAAiC;AAExC,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,EAAE,CAAA;AAC/B,EAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,EAAA,OAAO,OAAO,IAAA,GAAO,KAAA,CAAM,KAAK,KAAK,CAAA,CAAE,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC,CAAA;AAC3F;;;ACtGAA,8BAAA,EAAA;;;ACqCO,IAAM,uBAAN,MAAsD;AAAA,EAC3D,WAAA,CACU,MACA,SAAA,EACR;AAFQ,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AACA,IAAA,IAAA,CAAA,SAAA,GAAA,SAAA;AAAA,EACP;AAAA,EAEH,MAAM,OAAA,GAA+B;AACnC,IAAA,OAAO,IAAA,CAAK,IAAA;AAAA,EACd;AAAA,EAEA,MAAM,YAAA,GAAyC;AAC7C,IAAA,IAAI,CAAC,IAAA,CAAK,SAAA,EAAW,MAAM,IAAI,MAAM,wBAAwB,CAAA;AAC7D,IAAA,OAAO,IAAA,CAAK,SAAA;AAAA,EACd;AACF","file":"chunk-C7QQOJ7T.cjs","sourcesContent":["/**\n * Main UPP Client\n *\n * Provides high-level API for interacting with the Universal Private Pool.\n */\n\nimport type { Address, PublicClient, WalletClient } from 'viem'\nimport type {\n  ShieldParams,\n  TransferParams,\n  MergeParams,\n  WithdrawParams,\n  Note,\n} from './types.js'\n\n/**\n * UPP Client configuration\n */\nexport interface UPPClientConfig {\n  /** Viem public client for reading chain state */\n  publicClient: PublicClient\n  /** Viem wallet client for sending transactions */\n  walletClient: WalletClient\n  /** Universal Private Pool contract address */\n  poolAddress: Address\n  /** ASP Registry Hub contract address */\n  aspHubAddress: Address\n  /** Chain ID (optional, derived from clients if not provided) */\n  chainId?: number\n}\n\n/**\n * UPP Client interface\n */\nexport interface UPPClient {\n  /** Shield tokens into the private pool */\n  shield(params: ShieldParams): Promise<{ commitment: `0x${string}`; note: Note }>\n\n  /** Transfer tokens privately */\n  transfer(params: TransferParams): Promise<{ nullifier: `0x${string}`; changeNote?: Note }>\n\n  /** Merge multiple notes into one */\n  merge(params: MergeParams): Promise<{ commitment: `0x${string}`; note: Note }>\n\n  /** Withdraw tokens from the private pool */\n  withdraw(params: WithdrawParams): Promise<{ txHash: `0x${string}` }>\n\n  /** Scan for notes belonging to a viewing key */\n  scanNotes(viewingKey: `0x${string}`): Promise<Note[]>\n\n  /** Get the current state root */\n  getStateRoot(): Promise<bigint>\n\n  /** Check if a nullifier has been spent */\n  isNullifierSpent(nullifier: `0x${string}`): Promise<boolean>\n}\n\n/**\n * Create a UPP client instance\n *\n * @example\n * ```ts\n * import { createUPPClient } from '@upp/sdk'\n * import { createPublicClient, createWalletClient, http } from 'viem'\n * import { sepolia } from 'viem/chains'\n *\n * const publicClient = createPublicClient({\n *   chain: sepolia,\n *   transport: http(),\n * })\n *\n * const walletClient = createWalletClient({\n *   chain: sepolia,\n *   transport: http(),\n * })\n *\n * const client = createUPPClient({\n *   publicClient,\n *   walletClient,\n *   poolAddress: '0x...',\n *   aspHubAddress: '0x...',\n * })\n * ```\n */\nexport function createUPPClient(_config: UPPClientConfig): UPPClient {\n  // TODO: Implement client\n  throw new Error('Not implemented')\n}\n","/**\n * Core type definitions for UPP SDK\n */\n\nimport type { Address, Hex } from 'viem'\n\n/**\n * Note version - increment when note structure changes\n */\nexport const NOTE_VERSION = 5\n\n/**\n * A private note in the Universal Private Pool\n */\nexport interface Note {\n  /** Note format version */\n  version: number\n  /** Token amount (in wei) */\n  amount: bigint\n  /** Random blinding factor */\n  blinding: bigint\n  /** Current origin - who is responsible for these funds (updated on merge) */\n  origin: Address\n  /** Sender - who sent this specific note (for payment attribution) */\n  sender: Address\n  /** ERC20 token address */\n  token: Address\n  /** Optional memo/message */\n  memo?: string\n  /** Timestamp when note was created */\n  timestamp?: number\n}\n\n/**\n * Encrypted note data stored on-chain (post-quantum, hash-based)\n */\nexport interface EncryptedNote {\n  /** AES-GCM encrypted note data */\n  ciphertext: Hex\n  /** AES-GCM nonce */\n  nonce: Hex\n}\n\n/**\n * Stealth meta-address (hash-based, post-quantum)\n * Published once, used by senders to encrypt notes to the recipient\n */\nexport interface StealthMetaAddress {\n  /** Owner hash = Poseidon(spendingSecret) */\n  ownerHash: bigint\n  /** Viewing hash = Poseidon(viewingSecret) */\n  viewingHash: bigint\n}\n\n/**\n * One-time address for a specific transaction (simplified for hash-based system)\n */\nexport interface StealthAddress {\n  /** Owner hash for this note */\n  ownerHash: bigint\n  /** Search tag for efficient scanning */\n  searchTag?: bigint\n}\n\n/**\n * On-chain merge record for audit trail\n */\nexport interface MergeRecord {\n  /** Output commitment (the merged note) */\n  outputCommitment: Hex\n  /** First input nullifier */\n  nullifier1: Hex\n  /** Second input nullifier */\n  nullifier2: Hex\n  /** Who performed the merge (new origin) */\n  merger: Address\n  /** Token that was merged */\n  token: Address\n  /** Block timestamp */\n  timestamp: number\n}\n\n/**\n * ASP (Association Set Provider) root\n */\nexport interface ASPRoot {\n  /** Merkle root of approved addresses */\n  root: bigint\n  /** IPFS hash for off-chain data */\n  ipfsHash: Hex\n  /** When this root was published */\n  timestamp: number\n  /** Number of addresses in the set */\n  leafCount: number\n}\n\n/**\n * Shield operation parameters\n */\nexport interface ShieldParams {\n  /** ERC20 token to shield */\n  token: Address\n  /** Amount to shield (in wei) */\n  amount: bigint\n  /** Optional: recipient owner hash (defaults to self) */\n  recipientOwnerHash?: bigint\n  /** Optional: memo to include in note */\n  memo?: string\n}\n\n/**\n * Transfer operation parameters\n */\nexport interface TransferParams {\n  /** Note to spend */\n  note: Note\n  /** Recipient stealth address */\n  recipient: StealthAddress\n  /** Amount to send (remainder goes back to sender as change) */\n  amount: bigint\n  /** Optional: memo to include */\n  memo?: string\n}\n\n/**\n * Merge operation parameters\n */\nexport interface MergeParams {\n  /** Notes to merge (must be same token) */\n  notes: [Note, Note]\n  /** Optional: memo for the merged note */\n  memo?: string\n}\n\n/**\n * Withdraw operation parameters\n */\nexport interface WithdrawParams {\n  /** Note to withdraw */\n  note: Note\n  /** Amount to withdraw */\n  amount: bigint\n  /** Recipient address for the tokens */\n  recipient: Address\n  /** ASP ID to use for compliance check */\n  aspId?: number\n  /** Use ragequit (origin withdrawing own funds) */\n  ragequit?: boolean\n}\n\n/**\n * Proof for ZK operations\n */\nexport interface Proof {\n  /** Proof points */\n  proof: {\n    pi_a: [string, string]\n    pi_b: [[string, string], [string, string]]\n    pi_c: [string, string]\n  }\n  /** Public signals */\n  publicSignals: string[]\n}\n\n/**\n * Note commitment (hash)\n */\nexport type Commitment = Hex\n\n/**\n * Nullifier (spent note identifier)\n */\nexport type Nullifier = Hex\n\n// =========================================================================\n// STARK Note Types (M31/Keccak-based, post-quantum)\n// =========================================================================\n\nimport type { M31Digest } from '../utils/keccak-m31.js'\n\n/** STARK amount scaling: 1e15 wei per STARK unit (matches contract) */\nexport const STARK_AMOUNT_SCALE = 10n ** 15n\n\n/**\n * A private STARK note in the Universal Private Pool.\n *\n * All field values are M31 elements (< 2^31 - 1).\n * Commitment = keccak_m31(amount, ownerHash[0..4], blinding, origin, token).\n */\nexport interface StarkNote {\n  /** Amount in STARK units (actual wei = amount * STARK_AMOUNT_SCALE) */\n  amount: bigint\n  /** Owner hash = keccak_m31(starkSecret) — 4 M31 elements */\n  ownerHash: M31Digest\n  /** Random blinding factor (M31) */\n  blinding: bigint\n  /** Origin address encoded as M31 (lower 31 bits of address) */\n  origin: bigint\n  /** Token address encoded as M31 (lower 31 bits of address) */\n  token: bigint\n  /** The leaf index in the STARK Keccak Merkle tree (set after shielding) */\n  leafIndex?: number\n  /** The commitment digest (set after computation) */\n  commitment?: M31Digest\n  /** Optional memo */\n  memo?: string\n  /** Timestamp when note was created */\n  timestamp?: number\n}\n\n/**\n * STARK stealth meta-address (M31/Keccak-based)\n * Published once, used by senders to encrypt notes to the recipient\n */\nexport interface StarkStealthMetaAddress {\n  /** Owner hash = keccak_m31(starkSecret) — 4 M31 elements */\n  ownerHash: M31Digest\n  /** Viewing hash = keccak_m31(starkViewingSecret) — 4 M31 elements */\n  viewingHash: M31Digest\n}\n\n/**\n * STARK proof for ZK operations (serialized Circle STARK proof)\n */\nexport interface StarkProof {\n  /** Raw serialized Stwo Circle STARK proof bytes */\n  proofBytes: Hex\n  /** Public inputs seed (keccak256 of public parameters) */\n  publicInputsSeed: Hex\n}\n","/**\n * Note management utilities\n *\n * Create, encrypt, and decrypt private notes.\n */\n\nimport type { Address, Hex } from 'viem'\nimport type { Note, EncryptedNote } from './types.js'\nimport { NOTE_VERSION } from './types.js'\n\n/**\n * Parameters for creating a new note\n */\nexport interface CreateNoteParams {\n  /** Token amount */\n  amount: bigint\n  /** ERC20 token address */\n  token: Address\n  /** Origin address (who is responsible) */\n  origin: Address\n  /** Sender address */\n  sender: Address\n  /** Optional memo */\n  memo?: string\n  /** Optional blinding factor (generated if not provided) */\n  blinding?: bigint\n}\n\n/**\n * Create a new private note\n *\n * @example\n * ```ts\n * const note = createNote({\n *   amount: 1000n * 10n ** 18n,\n *   token: '0x...',\n *   origin: '0xMyAddress...',\n *   sender: '0xMyAddress...',\n *   memo: 'Payment for services',\n * })\n * ```\n */\nexport function createNote(params: CreateNoteParams): Note {\n  const { amount, token, origin, sender, memo, blinding } = params\n\n  // Generate random blinding factor if not provided\n  const noteBlinding = blinding ?? generateRandomBlinding()\n\n  return {\n    version: NOTE_VERSION,\n    amount,\n    blinding: noteBlinding,\n    origin,\n    sender,\n    token,\n    memo,\n    timestamp: Math.floor(Date.now() / 1000),\n  }\n}\n\n/**\n * Encrypt a note for a recipient\n *\n * @param note - The note to encrypt\n * @param sharedSecret - ECDH shared secret with recipient\n * @returns Encrypted note data\n */\nexport function encryptNote(_note: Note, _sharedSecret: Uint8Array): EncryptedNote {\n  // TODO: Implement AES-GCM encryption\n  throw new Error('Not implemented')\n}\n\n/**\n * Decrypt a received note\n *\n * @param encrypted - The encrypted note data\n * @param sharedSecret - ECDH shared secret\n * @returns Decrypted note or null if decryption fails\n */\nexport function decryptNote(_encrypted: EncryptedNote, _sharedSecret: Uint8Array): Note | null {\n  // TODO: Implement AES-GCM decryption\n  throw new Error('Not implemented')\n}\n\n/**\n * Compute the commitment hash for a note\n *\n * commitment = Poseidon(amount, blinding, origin, token)\n */\nexport function computeCommitment(_note: Note): Hex {\n  // TODO: Implement Poseidon hash\n  throw new Error('Not implemented')\n}\n\n/**\n * Compute the nullifier for spending a note\n *\n * nullifier = Poseidon(blinding, leafIndex)\n */\nexport function computeNullifier(_note: Note, _leafIndex: bigint): Hex {\n  // TODO: Implement nullifier computation\n  throw new Error('Not implemented')\n}\n\n/**\n * Generate a random blinding factor\n */\nfunction generateRandomBlinding(): bigint {\n  // TODO: Use crypto.getRandomValues for secure randomness\n  const bytes = new Uint8Array(31) // 31 bytes to stay in field\n  crypto.getRandomValues(bytes)\n  return BigInt('0x' + Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join(''))\n}\n","/**\n * Core UPP SDK functionality\n */\n\nexport { createUPPClient } from './client.js'\nexport type { UPPClient, UPPClientConfig } from './client.js'\n\nexport { createNote, encryptNote, decryptNote } from './note.js'\n\n// Stealth address utilities (post-quantum, hash-based)\nexport {\n  STEALTH_ADDRESS_PREFIX,\n  ADDRESS_VERSION,\n  encodeStealthAddress,\n  decodeStealthAddress,\n  isValidStealthAddress,\n  generateStealthAddress,\n  createOneTimeKeys,\n  verifyOwnership,\n  computeNoteEncryptionKey,\n  // STARK stealth addresses (0zs prefix)\n  STARK_STEALTH_ADDRESS_PREFIX,\n  STARK_ADDRESS_VERSION,\n  encodeStarkStealthAddress,\n  decodeStarkStealthAddress,\n  isValidStarkStealthAddress,\n  generateStarkStealthAddress,\n  detectAddressType,\n} from './stealth.js'\n\n// Proof generation (UPP circuits)\nexport {\n  generateUPPProof,\n  formatProofForContract,\n  getUPPCircuitArtifacts,\n  STATE_TREE_DEPTH,\n  ASP_TREE_DEPTH,\n} from './proof.js'\nexport type {\n  UPPCircuitType,\n  UPPTransferCircuitInputs,\n  UPPWithdrawCircuitInputs,\n  UPPCircuitInputs,\n  CircuitArtifacts,\n  ProofResult,\n} from './proof.js'\n\n// Legacy stealth proof exports (deprecated)\nexport {\n  generateProof,\n  verifyProof,\n  generateStealthProof,\n  getStealthCircuitArtifacts,\n} from './proof.js'\nexport type {\n  CircuitType,\n  StealthCircuitType,\n  StealthCircuitInputs,\n  Stealth1x2CircuitInputs,\n  Stealth2x2CircuitInputs,\n} from './proof.js'\n\nexport * from './types.js'\n\n// Swap order book module\nexport {\n  computeGiveAmount,\n  computeTakeAmount,\n  computeRate,\n  formatRate,\n  computeCancelKeyHash,\n  generateCancelSecret,\n  filterOrdersByASP,\n  filterOrdersByTokenPair,\n  isFillerASPAccepted,\n  isOrderActive,\n  computeTotalBuyAmount,\n  computeFillPercentage,\n  storeCancelSecret,\n  getCancelSecret,\n  removeCancelSecret,\n  getOwnOrderIds,\n  RATE_PRECISION,\n  SWAP_EVENTS_ABI,\n  SWAP_ORDER_PLACED_EVENT,\n  SWAP_ORDER_FILLED_EVENT,\n  SWAP_ORDER_CLAIMED_EVENT,\n  SWAP_ORDER_CANCELLED_EVENT,\n} from './swap.js'\nexport type {\n  SwapOrder,\n  SwapOrderParams,\n  SwapFillParams,\n  SwapOrderEvent,\n  SwapFillEvent,\n} from './swap.js'\n\n// Account adapter (pluggable key source)\nexport { DirectAccountAdapter } from './account.js'\nexport type { IAccountAdapter } from './account.js'\n\n// ASP provider (pluggable compliance)\nexport type { IASPProvider, ASPMembershipProof } from './asp-provider.js'\n\n// Note store (single source of truth for note state)\nexport { NoteStore } from './note-store.js'\nexport type { INoteStore, ShieldedNote, NoteStatus, ProofSystem } from './note-store.js'\n\n// ASP (Association Set Provider) module\nexport {\n  computeSingleOriginASPRoot,\n  generateSingleOriginASPProof,\n  verifyASPProof,\n  DEMO_ASP_ID,\n  DEMO_ASP_NAME,\n  createDemoASPRoot,\n  // Multi-origin ASP tree\n  buildASPTree,\n  computeMultiOriginASPRoot,\n  generateMultiOriginASPProof,\n  generateASPProof,\n} from './asp.js'\nexport type { ASPProof } from './asp.js'\n\n// Transfer module\nexport {\n  syncMerkleTree,\n  getMerkleProofsForNotes,\n  computeNullifier,\n  buildUPPTransferCircuitInputs,\n  buildTransfer,\n  formatOutputForContract,\n} from './transfer.js'\nexport type {\n  TransferStage,\n  SpendableNote,\n  MerkleProofWithNote,\n  TransferContext,\n  TransferBuildResult,\n  NoteWithAmount,\n} from './transfer.js'\n","/**\n * Account Adapter — Pluggable account creation\n *\n * Abstracts how master keys are derived/loaded.\n * The SDK doesn't care if keys come from a wallet signature,\n * seed phrase, hardware wallet, or external KMS.\n */\n\nimport type { MasterKeys, StarkMasterKeys } from '../keys/types.js'\n\n/**\n * Account adapter interface — pluggable key source.\n *\n * Implement this to bring your own key derivation:\n * - SignatureAccountAdapter: EIP-712 wallet signature (built-in)\n * - DirectAccountAdapter: pre-derived keys (built-in, for testing/KMS)\n * - SeedPhraseAccountAdapter: BIP-39 seed phrase (custom)\n * - HardwareWalletAccountAdapter: Ledger/Trezor (custom)\n */\nexport interface IAccountAdapter {\n  /** Derive or load SNARK master keys */\n  getKeys(): Promise<MasterKeys>\n  /** Derive or load STARK master keys (optional) */\n  getStarkKeys?(): Promise<StarkMasterKeys>\n  /** Persist keys (adapter decides where/how) */\n  save?(): Promise<void>\n  /** Clear persisted keys */\n  clear?(): Promise<void>\n}\n\n/**\n * Direct account adapter — accepts pre-derived keys.\n *\n * Use for testing, external KMS, or when keys are derived\n * outside the SDK (e.g., from a seed phrase).\n *\n * @example\n * ```ts\n * const adapter = new DirectAccountAdapter({\n *   spendingSecret: 12345n,\n *   ownerHash: await poseidon([12345n]),\n *   viewingSecret: 67890n,\n *   viewingHash: await poseidon([67890n]),\n * })\n * const keys = await adapter.getKeys()\n * ```\n */\nexport class DirectAccountAdapter implements IAccountAdapter {\n  constructor(\n    private keys: MasterKeys,\n    private starkKeys?: StarkMasterKeys,\n  ) {}\n\n  async getKeys(): Promise<MasterKeys> {\n    return this.keys\n  }\n\n  async getStarkKeys(): Promise<StarkMasterKeys> {\n    if (!this.starkKeys) throw new Error('No STARK keys provided')\n    return this.starkKeys\n  }\n}\n"]}