@permissionless-technologies/upp-sdk 0.5.5 → 0.5.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (90) hide show
  1. package/dist/{chunk-Q6BLTPWV.js → chunk-2NKFTLPD.js} +3 -3
  2. package/dist/{chunk-Q6BLTPWV.js.map → chunk-2NKFTLPD.js.map} +1 -1
  3. package/dist/{chunk-EHGH6TAW.js → chunk-37RFFZU2.js} +3 -3
  4. package/dist/{chunk-EHGH6TAW.js.map → chunk-37RFFZU2.js.map} +1 -1
  5. package/dist/{chunk-UQIM2KT3.js → chunk-4E23V3AT.js} +29 -4
  6. package/dist/chunk-4E23V3AT.js.map +1 -0
  7. package/dist/{chunk-53JACDGZ.js → chunk-A6IYQ7UF.js} +3 -3
  8. package/dist/chunk-A6IYQ7UF.js.map +1 -0
  9. package/dist/{chunk-7T4CUE6E.js → chunk-AVSR443A.js} +3 -3
  10. package/dist/{chunk-7T4CUE6E.js.map → chunk-AVSR443A.js.map} +1 -1
  11. package/dist/{chunk-UFEDJJSH.cjs → chunk-BCSMUH4L.cjs} +30 -3
  12. package/dist/chunk-BCSMUH4L.cjs.map +1 -0
  13. package/dist/{chunk-IYRCJAME.cjs → chunk-C3HXJ5A6.cjs} +9 -9
  14. package/dist/{chunk-IYRCJAME.cjs.map → chunk-C3HXJ5A6.cjs.map} +1 -1
  15. package/dist/{chunk-MEFCUBQC.js → chunk-CRUJLZV7.js} +5 -4
  16. package/dist/chunk-CRUJLZV7.js.map +1 -0
  17. package/dist/{chunk-DTEAFJG7.js → chunk-FTEXUSHR.js} +4 -4
  18. package/dist/{chunk-DTEAFJG7.js.map → chunk-FTEXUSHR.js.map} +1 -1
  19. package/dist/chunk-FW2U6TKQ.js +498 -0
  20. package/dist/chunk-FW2U6TKQ.js.map +1 -0
  21. package/dist/{chunk-6TFDBBAQ.js → chunk-H4NDMIPF.js} +3 -3
  22. package/dist/{chunk-6TFDBBAQ.js.map → chunk-H4NDMIPF.js.map} +1 -1
  23. package/dist/{chunk-DD2RTRPE.cjs → chunk-HVSP62AH.cjs} +22 -36
  24. package/dist/chunk-HVSP62AH.cjs.map +1 -0
  25. package/dist/{chunk-7BNJV2ZS.cjs → chunk-LKXC3OQT.cjs} +14 -14
  26. package/dist/{chunk-7BNJV2ZS.cjs.map → chunk-LKXC3OQT.cjs.map} +1 -1
  27. package/dist/{chunk-HB43C26P.cjs → chunk-NGXEIUQ6.cjs} +4 -4
  28. package/dist/chunk-NGXEIUQ6.cjs.map +1 -0
  29. package/dist/{chunk-KV2QFPSJ.cjs → chunk-P6E3LE7T.cjs} +5 -4
  30. package/dist/chunk-P6E3LE7T.cjs.map +1 -0
  31. package/dist/chunk-PGIV2GDM.cjs +511 -0
  32. package/dist/chunk-PGIV2GDM.cjs.map +1 -0
  33. package/dist/{chunk-M6O7HMN7.js → chunk-UHMHZQZV.js} +6 -20
  34. package/dist/chunk-UHMHZQZV.js.map +1 -0
  35. package/dist/{chunk-I5EKGD4P.cjs → chunk-XNSMPNY6.cjs} +4 -4
  36. package/dist/{chunk-I5EKGD4P.cjs.map → chunk-XNSMPNY6.cjs.map} +1 -1
  37. package/dist/{chunk-U3YFYMWF.cjs → chunk-XSJ5VVH4.cjs} +5 -5
  38. package/dist/{chunk-U3YFYMWF.cjs.map → chunk-XSJ5VVH4.cjs.map} +1 -1
  39. package/dist/{chunk-SWTNJPK5.cjs → chunk-Y6WCXYOC.cjs} +11 -11
  40. package/dist/{chunk-SWTNJPK5.cjs.map → chunk-Y6WCXYOC.cjs.map} +1 -1
  41. package/dist/core/index.cjs +63 -67
  42. package/dist/core/index.d.cts +2 -5
  43. package/dist/core/index.d.ts +2 -5
  44. package/dist/core/index.js +7 -7
  45. package/dist/crypto-FWREDAVI.js +8 -0
  46. package/dist/crypto-FWREDAVI.js.map +1 -0
  47. package/dist/crypto-IZKHHFDU.cjs +42 -0
  48. package/dist/crypto-IZKHHFDU.cjs.map +1 -0
  49. package/dist/{index-BRgBwiBM.d.ts → index-DLvLv3mg.d.ts} +11 -23
  50. package/dist/{index-D6YhhbRP.d.cts → index-DOiHUft6.d.cts} +3 -4
  51. package/dist/{index-DHW5lKcd.d.ts → index-DY0XAmFw.d.ts} +3 -4
  52. package/dist/{index-brLSTa0y.d.cts → index-KTJgQUxb.d.cts} +11 -23
  53. package/dist/index.cjs +240 -240
  54. package/dist/index.d.cts +4 -7
  55. package/dist/index.d.ts +4 -7
  56. package/dist/index.js +10 -10
  57. package/dist/indexer/index.cjs +62 -11
  58. package/dist/indexer/index.d.cts +196 -12
  59. package/dist/indexer/index.d.ts +196 -12
  60. package/dist/indexer/index.js +4 -1
  61. package/dist/keys/index.cjs +17 -17
  62. package/dist/keys/index.js +3 -3
  63. package/dist/react/index.cjs +214 -693
  64. package/dist/react/index.cjs.map +1 -1
  65. package/dist/react/index.d.cts +138 -6
  66. package/dist/react/index.d.ts +138 -6
  67. package/dist/react/index.js +193 -672
  68. package/dist/react/index.js.map +1 -1
  69. package/dist/{transfer-BVZAMEJH.js → transfer-2UYFZMIK.js} +4 -4
  70. package/dist/{transfer-BVZAMEJH.js.map → transfer-2UYFZMIK.js.map} +1 -1
  71. package/dist/{transfer-ZD76R7XF.cjs → transfer-6OW3XKVC.cjs} +10 -10
  72. package/dist/{transfer-ZD76R7XF.cjs.map → transfer-6OW3XKVC.cjs.map} +1 -1
  73. package/dist/{transfer-p-NXHdGY.d.cts → transfer-C1XU_z-6.d.cts} +46 -156
  74. package/dist/{transfer-BxiDgCvx.d.ts → transfer-DgjxZlR7.d.ts} +46 -156
  75. package/dist/utils/index.cjs +44 -44
  76. package/dist/utils/index.d.cts +186 -5
  77. package/dist/utils/index.d.ts +186 -5
  78. package/dist/utils/index.js +4 -4
  79. package/package.json +1 -1
  80. package/src/deployments/31337.json +2 -1
  81. package/dist/chunk-53JACDGZ.js.map +0 -1
  82. package/dist/chunk-DD2RTRPE.cjs.map +0 -1
  83. package/dist/chunk-HB43C26P.cjs.map +0 -1
  84. package/dist/chunk-KV2QFPSJ.cjs.map +0 -1
  85. package/dist/chunk-M6O7HMN7.js.map +0 -1
  86. package/dist/chunk-MEFCUBQC.js.map +0 -1
  87. package/dist/chunk-UFEDJJSH.cjs.map +0 -1
  88. package/dist/chunk-UQIM2KT3.js.map +0 -1
  89. package/dist/stark-BcTD1OaJ.d.cts +0 -185
  90. package/dist/stark-BcTD1OaJ.d.ts +0 -185
package/dist/chunk-A6IYQ7UF.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/core/client.ts","../src/core/types.ts","../src/core/note.ts","../src/core/index.ts","../src/core/verify.ts"],"names":[],"mappings":";;;AAoFO,SAAS,gBAAgB,OAAA,EAAqC;AAEnE,EAAA,MAAM,IAAI,MAAM,iBAAiB,CAAA;AACnC;;;AC9EO,IAAM,YAAA,GAAe;;;ACiCrB,SAAS,WAAW,MAAA,EAAgC;AACzD,EAAA,MAAM,EAAE,MAAA,EAAQ,KAAA,EAAO,QAAQ,MAAA,EAAQ,IAAA,EAAM,UAAS,GAAI,MAAA;AAG1D,EAAA,MAAM,YAAA,GAAe,YAAY,sBAAA,EAAuB;AAExD,EAAA,OAAO;AAAA,IACL,OAAA,EAAS,YAAA;AAAA,IACT,MAAA;AAAA,IACA,QAAA,EAAU,YAAA;AAAA,IACV,MAAA;AAAA,IACA,MAAA;AAAA,IACA,KAAA;AAAA,IACA,IAAA;AAAA,IACA,WAAW,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI;AAAA,GACzC;AACF;AASO,SAAS,WAAA,CAAY,OAAa,aAAA,EAA0C;AAEjF,EAAA,MAAM,IAAI,MAAM,iBAAiB,CAAA;AACnC;AASO,SAAS,WAAA,CAAY,YAA2B,aAAA,EAAwC;AAE7F,EAAA,MAAM,IAAI,MAAM,iBAAiB,CAAA;AACnC;AAyBA,SAAS,sBAAA,GAAiC;AAExC,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,EAAE,CAAA;AAC/B,EAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,EAAA,OAAO,OAAO,IAAA,GAAO,KAAA,CAAM,KAAK,KAAK,CAAA,CAAE,IAAI,CAAA,CAAA,KAAK,CAAA,CAAE,SAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CAAE,IAAA,CAAK,EAAE,CAAC,CAAA;AAC3F;;;ACtGA,YAAA,EAAA;;;ACKA,IAAM,iBAAA,GACJ,oEAAA;AAkCF,eAAsB,mBAAA,CACpB,YAAA,EACA,UAAA,EACA,QAAA,EACkB;AAClB,EAAA,MAAM,YAAA,GAAe,WAAW,QAAQ,CAAA;AACxC,EAAA,MAAM,YAAA,GAAe,UAAA,CAAW,eAAA,GAAkB,QAAQ,CAAA;AAE1D,EAAA,IAAI,CAAC,YAAA,IAAgB,CAAC,YAAA,EAAc,OAAO,KAAA;AAE3C,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,YAAA,CAAa,YAAA,CAAa;AAAA,MAC/C,OAAA,EAAS,YAAA;AAAA,MACT,IAAA,EAAM;AAAA,KACP,CAAA;AACD,IAAA,MAAM,cAAc,IAAA,GAAA,CAAQ,QAAA,IAAY,MAAM,KAAA,CAAM,EAAE,GAAG,WAAA,EAAY;AACrE,IAAA,OAAO,UAAA,KAAe,aAAa,WAAA,EAAY;AAAA,EACjD,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAeA,eAAsB,gBAAA,CACpB,cACA,UAAA,EAC6B;AAC7B,EAAA,MAAM,SAA8B,EAAC;AAGrC,EAAA,MAAM,eAAA,CAAgB,YAAA,EAAc,MAAA,EAAQ,8BAAA,EAAgC,WAAW,oBAAoB,CAAA;AAC3G,EAAA,MAAM,eAAA,CAAgB,YAAA,EAAc,MAAA,EAAQ,wBAAA,EAA0B,WAAW,cAAc,CAAA;AAG/F,EAAA,IAAI,UAAA,CAAW,iBAAiB,oBAAA,EAAsB;AACpD,IAAA,MAAM,gBAAgB,YAAA,EAAc,MAAA,EAAQ,6BAAA,EAA+B,UAAA,CAAW,gBAAgB,oBAAoB,CAAA;AAAA,EAC5H;AACA,EAAA,IAAI,UAAA,CAAW,iBAAiB,cAAA,EAAgB;AAC9C,IAAA,MAAM,gBAAgB,YAAA,EAAc,MAAA,EAAQ,uBAAA,EAAyB,UAAA,CAAW,gBAAgB,cAAc,CAAA;AAAA,EAChH;AAGA,EAAA,IAAI,UAAA,CAAW,iBAAiB,oBAAA,EAAsB;AACpD,IAAA,MAAM,gBAAA;AAAA,MACJ,YAAA;AAAA,MAAc,MAAA;AAAA,MACd,sBAAA;AAAA,MACA,UAAA,CAAW,oBAAA;AAAA,MACX,WAAW,eAAA,CAAgB;AAAA,KAC7B;AAAA,EACF;AACA,EAAA,IAAI,UAAA,CAAW,iBAAiB,cAAA,EAAgB;AAC9C,IAAA,MAAM,gBAAA;AAAA,MACJ,YAAA;AAAA,MAAc,MAAA;AAAA,MACd,gBAAA;AAAA,MACA,UAAA,CAAW,cAAA;AAAA,MACX,WAAW,eAAA,CAAgB;AAAA,KAC7B;AAAA,EACF;AAGA,EAAA,KAAA,MAAW,CAAC,MAAM,IAAI,CAAA,IAAK,OAAO,OAAA,CAAQ,UAAA,CAAW,SAAS,CAAA,EAAG;AAC/D,IAAA,IAAI,IAAA,EAAM;AACR,MAAA,MAAM,gBAAgB,YAAA,EAAc,MAAA,EAAQ,CAAA,UAAA,EAAa,IAAI,IAAI,IAAe,CAAA;AAAA,IAClF;AAAA,EACF;AAEA,EAAA,MAAM,SAAS,MAAA,CAAO,MAAA,CAAO,CAAC,CAAA,KAAM,CAAA,CAAE,MAAM,CAAA,CAAE,MAAA;AAC9C,EAAA,MAAM,MAAA,GAAS,OAAO,MAAA,CAAO,CAAC,MAAM,CAAC,CAAA,CAAE,MAAM,CAAA,CAAE,MAAA;AAE/C,EAAA,OAAO;AAAA,IACL,SAAS,UAAA,CAAW,OAAA;AAAA,IACpB,MAAA;AAAA,IACA,MAAA;AAAA,IACA,MAAA;AAAA,IACA,WAAW,MAAA,KAAW;AAAA,GACxB;AACF;AAIA,eAAe,eAAA,CACb,MAAA,EACA,MAAA,EACA,IAAA,EACA,OAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,OAAO,MAAM,MAAA,CAAO,OAAA,CAAQ,EAAE,SAAS,CAAA;AAC7C,IAAA,MAAM,SAAS,IAAA,KAAS,KAAA,CAAA,IAAa,IAAA,KAAS,IAAA,IAAQ,KAAK,MAAA,GAAS,CAAA;AACpE,IAAA,MAAA,CAAO,IAAA,CAAK,EAAE,IAAA,EAAM,CAAA,EAAG,IAAI,CAAA,gBAAA,CAAA,EAAoB,MAAA,EAAQ,QAAQ,CAAA;AAAA,EACjE,CAAA,CAAA,MAAQ;AACN,IAAA,MAAA,CAAO,IAAA,CAAK,EAAE,IAAA,EAAM,CAAA,EAAG,IAAI,CAAA,gBAAA,CAAA,EAAoB,MAAA,EAAQ,OAAO,CAAA;AAAA,EAChE;AACF;AAEA,eAAe,gBAAA,CACb,MAAA,EACA,MAAA,EACA,IAAA,EACA,cACA,YAAA,EACe;AACf,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,MAAM,MAAA,CAAO,YAAA,CAAa;AAAA,MACzC,OAAA,EAAS,YAAA;AAAA,MACT,IAAA,EAAM;AAAA,KACP,CAAA;AACD,IAAA,MAAM,cAAc,IAAA,GAAA,CAAQ,QAAA,IAAY,MAAM,KAAA,CAAM,EAAE,GAAG,WAAA,EAAY;AACrE,IAAA,MAAM,QAAA,GAAW,aAAa,WAAA,EAAY;AAC1C,IAAA,MAAA,CAAO,IAAA,CAAK;AAAA,MACV,IAAA,EAAM,GAAG,IAAI,CAAA,cAAA,CAAA;AAAA,MACb,QAAQ,UAAA,KAAe,QAAA;AAAA,MACvB,QAAA,EAAU,YAAA;AAAA,MACV,MAAA,EAAQ;AAAA,KACT,CAAA;AAAA,EACH,CAAA,CAAA,MAAQ;AACN,IAAA,MAAA,CAAO,IAAA,CAAK,EAAE,IAAA,EAAM,CAAA,EAAG,IAAI,kBAAkB,MAAA,EAAQ,KAAA,EAAO,QAAA,EAAU,YAAA,EAAc,CAAA;AAAA,EACtF;AACF","file":"chunk-A6IYQ7UF.js","sourcesContent":["/**\n * Main UPP Client\n *\n * Provides high-level API for interacting with the Universal Private Pool.\n */\n\nimport type { Address, PublicClient, WalletClient } from 'viem'\nimport type {\n ShieldParams,\n TransferParams,\n MergeParams,\n WithdrawParams,\n Note,\n} from './types.js'\n\n/**\n * UPP Client configuration\n */\nexport interface UPPClientConfig {\n /** Viem public client for reading chain state */\n publicClient: PublicClient\n /** Viem wallet client for sending transactions */\n walletClient: WalletClient\n /** Universal Private Pool contract address */\n poolAddress: Address\n /** ASP Registry Hub contract address */\n aspHubAddress: Address\n /** Chain ID (optional, derived from clients if not provided) */\n chainId?: number\n}\n\n/**\n * UPP Client interface\n */\nexport interface UPPClient {\n /** Shield tokens into the private pool */\n shield(params: ShieldParams): Promise<{ commitment: `0x${string}`; note: Note }>\n\n /** Transfer tokens privately */\n transfer(params: TransferParams): Promise<{ nullifier: `0x${string}`; changeNote?: Note }>\n\n /** Merge multiple notes into one */\n merge(params: MergeParams): Promise<{ commitment: `0x${string}`; note: Note }>\n\n /** Withdraw tokens from the private pool */\n withdraw(params: WithdrawParams): Promise<{ txHash: `0x${string}` }>\n\n /** Scan for notes belonging to a viewing key */\n scanNotes(viewingKey: `0x${string}`): Promise<Note[]>\n\n /** Get the current state root */\n getStateRoot(): Promise<bigint>\n\n /** Check if a nullifier has been spent */\n isNullifierSpent(nullifier: `0x${string}`): Promise<boolean>\n}\n\n/**\n * Create a UPP client instance\n *\n * @example\n * ```ts\n * import { createUPPClient } from '@upp/sdk'\n * import { createPublicClient, createWalletClient, http } from 'viem'\n * import { sepolia } from 'viem/chains'\n *\n * const publicClient = createPublicClient({\n * chain: sepolia,\n * transport: http(),\n * })\n *\n * const walletClient = createWalletClient({\n * chain: sepolia,\n * transport: http(),\n * })\n *\n * const client = createUPPClient({\n * publicClient,\n * walletClient,\n * poolAddress: '0x...',\n * aspHubAddress: '0x...',\n * })\n * ```\n */\nexport function createUPPClient(_config: UPPClientConfig): UPPClient {\n // TODO: Implement client\n throw new Error('Not implemented')\n}\n","/**\n * Core type definitions for UPP SDK\n */\n\nimport type { Address, Hex } from 'viem'\n\n/**\n * Note version - increment when note structure changes\n */\nexport const NOTE_VERSION = 5\n\n// =========================================================================\n// Shielded Note Types (stored in NoteStore, used across React hooks)\n// =========================================================================\n\n/** Note lifecycle status */\nexport type NoteStatus = 'pending' | 'confirmed' | 'spent'\n\n/** Which proof system created/guards a note */\nexport type ProofSystem = 'snark' | 'stark'\n\n/**\n * A shielded note (UTXO) - Post-quantum hash-based\n *\n * Commitment = Poseidon(amount, ownerHash, blinding, origin, token)\n * where ownerHash = Poseidon(spendingSecret)\n */\nexport interface ShieldedNote {\n /** Amount of tokens */\n amount: bigint\n /** Random blinding factor */\n blinding: bigint\n /** Commitment hash (hex) */\n commitment: string\n /** Spending secret for this note (hex) - proves ownership via hash preimage */\n ownerSecret: string\n /** Owner hash = Poseidon(ownerSecret) - what's committed on-chain (hex) */\n ownerHash: string\n /** Position in Merkle tree */\n leafIndex: number\n /** Origin address (original depositor) as hex */\n origin: string\n /** Token address as hex */\n token: string\n /** Transaction hash */\n txHash?: string\n /** Note status */\n status: NoteStatus\n /** Timestamp */\n timestamp: number\n /** Which proof system created this note (defaults to 'snark' for legacy notes) */\n proofSystem?: ProofSystem\n /** Block number where note was created (from IndexedNote) */\n blockNumber?: number\n /** Ephemeral public key X (R.x — used as viewing key nonce, for ECDH-based notes) */\n ephemeralX?: string\n /** Ephemeral public key Y (R.y, for ECDH-based notes) */\n ephemeralY?: string\n}\n\n/**\n * A private note in the Universal Private Pool\n */\nexport interface Note {\n /** Note format version */\n version: number\n /** Token amount (in wei) */\n amount: bigint\n /** Random blinding factor */\n blinding: bigint\n /** Current origin - who is responsible for these funds (updated on merge) */\n origin: Address\n /** Sender - who sent this specific note (for payment attribution) */\n sender: Address\n /** ERC20 token address */\n token: Address\n /** Optional memo/message */\n memo?: string\n /** Timestamp when note was created */\n timestamp?: number\n}\n\n/**\n * Encrypted note data stored on-chain (post-quantum, hash-based)\n */\nexport interface EncryptedNote {\n /** AES-GCM encrypted note data */\n ciphertext: Hex\n /** AES-GCM nonce */\n nonce: Hex\n}\n\n/**\n * Stealth meta-address (hash-based, post-quantum)\n * Published once, used by senders to encrypt notes to the recipient\n */\nexport interface StealthMetaAddress {\n /** Owner hash = Poseidon(spendingSecret) */\n ownerHash: bigint\n /** Viewing hash = Poseidon(viewingSecret) */\n viewingHash: bigint\n}\n\n/**\n * One-time address for a specific transaction (simplified for hash-based system)\n */\nexport interface StealthAddress {\n /** Owner hash for this note */\n ownerHash: bigint\n /** Search tag for efficient scanning */\n searchTag?: bigint\n}\n\n/**\n * On-chain merge record for audit trail\n */\nexport interface MergeRecord {\n /** Output commitment (the merged note) */\n outputCommitment: Hex\n /** First input nullifier */\n nullifier1: Hex\n /** Second input nullifier */\n nullifier2: Hex\n /** Who performed the merge (new origin) */\n merger: Address\n /** Token that was merged */\n token: Address\n /** Block timestamp */\n timestamp: number\n}\n\n/**\n * ASP (Association Set Provider) root\n */\nexport interface ASPRoot {\n /** Merkle root of approved addresses */\n root: bigint\n /** IPFS hash for off-chain data */\n ipfsHash: Hex\n /** When this root was published */\n timestamp: number\n /** Number of addresses in the set */\n leafCount: number\n}\n\n/**\n * Shield operation parameters\n */\nexport interface ShieldParams {\n /** ERC20 token to shield */\n token: Address\n /** Amount to shield (in wei) */\n amount: bigint\n /** Optional: recipient owner hash (defaults to self) */\n recipientOwnerHash?: bigint\n /** Optional: memo to include in note */\n memo?: string\n}\n\n/**\n * Transfer operation parameters\n */\nexport interface TransferParams {\n /** Note to spend */\n note: Note\n /** Recipient stealth address */\n recipient: StealthAddress\n /** Amount to send (remainder goes back to sender as change) */\n amount: bigint\n /** Optional: memo to include */\n memo?: string\n}\n\n/**\n * Merge operation parameters\n */\nexport interface MergeParams {\n /** Notes to merge (must be same token) */\n notes: [Note, Note]\n /** Optional: memo for the merged note */\n memo?: string\n}\n\n/**\n * Withdraw operation parameters\n */\nexport interface WithdrawParams {\n /** Note to withdraw */\n note: Note\n /** Amount to withdraw */\n amount: bigint\n /** Recipient address for the tokens */\n recipient: Address\n /** ASP ID to use for compliance check */\n aspId?: number\n /** Use ragequit (origin withdrawing own funds) */\n ragequit?: boolean\n}\n\n/**\n * Proof for ZK operations\n */\nexport interface Proof {\n /** Proof data (format depends on proof system: Groth16 has pi_a/pi_b/pi_c, PLONK has A/B/C/Z/T1-T3/evals/Wxi/Wxiw) */\n proof: Record<string, any>\n /** Public signals */\n publicSignals: string[]\n}\n\n/**\n * Note commitment (hash)\n */\nexport type Commitment = Hex\n\n/**\n * Nullifier (spent note identifier)\n */\nexport type Nullifier = Hex\n\n// =========================================================================\n// STARK Note Types (M31/Keccak-based, post-quantum)\n// =========================================================================\n\nimport type { M31Digest } from '../utils/keccak-m31.js'\n\n// STARK_AMOUNT_SCALE moved to utils/stark.ts\nexport { STARK_AMOUNT_SCALE } from '../utils/stark.js'\n\n/**\n * A private STARK note in the Universal Private Pool.\n *\n * All field values are M31 elements (< 2^31 - 1).\n * Commitment = keccak_m31(amount, ownerHash[0..4], blinding, origin, token).\n */\nexport interface StarkNote {\n /** Amount in STARK units (actual wei = amount * STARK_AMOUNT_SCALE) */\n amount: bigint\n /** Owner hash = keccak_m31(starkSecret) — 4 M31 elements */\n ownerHash: M31Digest\n /** Random blinding factor (M31) */\n blinding: bigint\n /** Origin address encoded as M31 (lower 31 bits of address) */\n origin: bigint\n /** Token address encoded as M31 (lower 31 bits of address) */\n token: bigint\n /** The leaf index in the STARK Keccak Merkle tree (set after shielding) */\n leafIndex?: number\n /** The commitment digest (set after computation) */\n commitment?: M31Digest\n /** Optional memo */\n memo?: string\n /** Timestamp when note was created */\n timestamp?: number\n}\n\n/**\n * STARK stealth meta-address (M31/Keccak-based)\n * Published once, used by senders to encrypt notes to the recipient\n */\nexport interface StarkStealthMetaAddress {\n /** Owner hash = keccak_m31(starkSecret) — 4 M31 elements */\n ownerHash: M31Digest\n /** Viewing hash = keccak_m31(starkViewingSecret) — 4 M31 elements */\n viewingHash: M31Digest\n}\n\n/**\n * STARK proof for ZK operations (serialized Circle STARK proof)\n */\nexport interface StarkProof {\n /** Raw serialized Stwo Circle STARK proof bytes */\n proofBytes: Hex\n /** Public inputs seed (keccak256 of public parameters) */\n publicInputsSeed: Hex\n}\n","/**\n * Note management utilities\n *\n * Create, encrypt, and decrypt private notes.\n */\n\nimport type { Address, Hex } from 'viem'\nimport type { Note, EncryptedNote } from './types.js'\nimport { NOTE_VERSION } from './types.js'\n\n/**\n * Parameters for creating a new note\n */\nexport interface CreateNoteParams {\n /** Token amount */\n amount: bigint\n /** ERC20 token address */\n token: Address\n /** Origin address (who is responsible) */\n origin: Address\n /** Sender address */\n sender: Address\n /** Optional memo */\n memo?: string\n /** Optional blinding factor (generated if not provided) */\n blinding?: bigint\n}\n\n/**\n * Create a new private note\n *\n * @example\n * ```ts\n * const note = createNote({\n * amount: 1000n * 10n ** 18n,\n * token: '0x...',\n * origin: '0xMyAddress...',\n * sender: '0xMyAddress...',\n * memo: 'Payment for services',\n * })\n * ```\n */\nexport function createNote(params: CreateNoteParams): Note {\n const { amount, token, origin, sender, memo, blinding } = params\n\n // Generate random blinding factor if not provided\n const noteBlinding = blinding ?? generateRandomBlinding()\n\n return {\n version: NOTE_VERSION,\n amount,\n blinding: noteBlinding,\n origin,\n sender,\n token,\n memo,\n timestamp: Math.floor(Date.now() / 1000),\n }\n}\n\n/**\n * Encrypt a note for a recipient\n *\n * @param note - The note to encrypt\n * @param sharedSecret - ECDH shared secret with recipient\n * @returns Encrypted note data\n */\nexport function encryptNote(_note: Note, _sharedSecret: Uint8Array): EncryptedNote {\n // TODO: Implement AES-GCM encryption\n throw new Error('Not implemented')\n}\n\n/**\n * Decrypt a received note\n *\n * @param encrypted - The encrypted note data\n * @param sharedSecret - ECDH shared secret\n * @returns Decrypted note or null if decryption fails\n */\nexport function decryptNote(_encrypted: EncryptedNote, _sharedSecret: Uint8Array): Note | null {\n // TODO: Implement AES-GCM decryption\n throw new Error('Not implemented')\n}\n\n/**\n * Compute the commitment hash for a note\n *\n * commitment = Poseidon(amount, blinding, origin, token)\n */\nexport function computeCommitment(_note: Note): Hex {\n // TODO: Implement Poseidon hash\n throw new Error('Not implemented')\n}\n\n/**\n * Compute the nullifier for spending a note\n *\n * nullifier = Poseidon(blinding, leafIndex)\n */\nexport function computeNullifier(_note: Note, _leafIndex: bigint): Hex {\n // TODO: Implement nullifier computation\n throw new Error('Not implemented')\n}\n\n/**\n * Generate a random blinding factor\n */\nfunction generateRandomBlinding(): bigint {\n // TODO: Use crypto.getRandomValues for secure randomness\n const bytes = new Uint8Array(31) // 31 bytes to stay in field\n crypto.getRandomValues(bytes)\n return BigInt('0x' + Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join(''))\n}\n","/**\n * Core UPP SDK functionality\n */\n\nexport { createUPPClient } from './client.js'\nexport type { UPPClient, UPPClientConfig } from './client.js'\n\nexport { createNote, encryptNote, decryptNote } from './note.js'\n\n// Stealth address utilities (post-quantum, hash-based)\nexport {\n STEALTH_ADDRESS_PREFIX,\n ADDRESS_VERSION,\n encodeStealthAddress,\n decodeStealthAddress,\n isValidStealthAddress,\n generateStealthAddress,\n createOneTimeKeys,\n verifyOwnership,\n computeNoteEncryptionKey,\n // STARK stealth addresses (0zs prefix)\n STARK_STEALTH_ADDRESS_PREFIX,\n STARK_ADDRESS_VERSION,\n encodeStarkStealthAddress,\n decodeStarkStealthAddress,\n isValidStarkStealthAddress,\n generateStarkStealthAddress,\n detectAddressType,\n} from './stealth.js'\n\n// Proof generation (UPP circuits)\nexport {\n generateUPPProof,\n formatProofForContract,\n getUPPCircuitArtifacts,\n STATE_TREE_DEPTH,\n ASP_TREE_DEPTH,\n} from './proof.js'\n\n// Proof worker (off-main-thread proving)\nexport {\n ProofWorkerManager,\n generateUPPProofAsync,\n} from './proof-worker.js'\nexport type {\n ProofWorkerRequest,\n ProofWorkerResponse,\n} from './proof-worker.js'\n\n// Circuit artifact cache (IndexedDB-based, with download progress)\nexport {\n CircuitArtifactCache,\n CIRCUIT_VERSION,\n CIRCUIT_CDN_BASE,\n} from './circuit-cache.js'\nexport type {\n DownloadProgress,\n ResolvedCircuitArtifacts,\n CircuitCacheStatus,\n} from './circuit-cache.js'\nexport type {\n UPPCircuitType,\n UPPTransferCircuitInputs,\n UPPWithdrawCircuitInputs,\n UPPCircuitInputs,\n CircuitArtifacts,\n ProofResult,\n PlonkProvingStage,\n} from './proof.js'\n\n// Legacy stealth proof exports (deprecated)\nexport {\n generateProof,\n verifyProof,\n generateStealthProof,\n getStealthCircuitArtifacts,\n} from './proof.js'\nexport type {\n CircuitType,\n StealthCircuitType,\n StealthCircuitInputs,\n Stealth1x2CircuitInputs,\n Stealth2x2CircuitInputs,\n} from './proof.js'\n\n// Deployment verification\nexport {\n checkImplementation,\n verifyDeployment,\n} from './verify.js'\nexport type {\n VerificationCheck,\n VerificationResult,\n} from './verify.js'\n\n// Types (explicit named exports to avoid tsup DTS NamespaceFixer conflicts)\n// Note: STARK_AMOUNT_SCALE is exported from utils/stark.ts (canonical location)\nexport {\n NOTE_VERSION,\n} from './types.js'\nexport type {\n NoteStatus,\n ProofSystem,\n ShieldedNote,\n Note,\n EncryptedNote,\n StealthMetaAddress,\n StealthAddress,\n MergeRecord,\n ASPRoot,\n ShieldParams,\n TransferParams,\n MergeParams,\n WithdrawParams,\n Proof,\n Commitment,\n Nullifier,\n StarkNote,\n StarkStealthMetaAddress,\n StarkProof,\n} from './types.js'\n\n// Swap order book module\nexport {\n computeGiveAmount,\n computeTakeAmount,\n computeRate,\n formatRate,\n computeCancelKeyHash,\n generateCancelSecret,\n filterOrdersByASP,\n filterOrdersByTokenPair,\n isFillerASPAccepted,\n isOrderActive,\n computeTotalBuyAmount,\n computeFillPercentage,\n storeCancelSecret,\n getCancelSecret,\n removeCancelSecret,\n getOwnOrderIds,\n RATE_PRECISION,\n SWAP_EVENTS_ABI,\n SWAP_ORDER_PLACED_EVENT,\n SWAP_ORDER_FILLED_EVENT,\n SWAP_ORDER_CLAIMED_EVENT,\n SWAP_ORDER_CANCELLED_EVENT,\n} from './swap.js'\nexport type {\n SwapOrder,\n SwapOrderParams,\n SwapFillParams,\n SwapOrderEvent,\n SwapFillEvent,\n} from './swap.js'\n\n// Account adapter (pluggable key source + persistence)\nexport { DirectAccountAdapter, StorableAccountAdapter } from './account.js'\nexport type { IAccountAdapter } from './account.js'\n\n// ASP provider (pluggable compliance)\nexport type { IASPProvider, ASPMembershipProof } from './asp-provider.js'\n\n// Note store (single source of truth for note state)\nexport { NoteStore } from './note-store.js'\nexport type { INoteStore } from './note-store.js'\n\n// New core modules — importable directly via deep paths:\n// import { createHashBasedNote } from '@permissionless-technologies/upp-sdk/core/note-crypto'\n// import { selectOptimalCircuit } from '@permissionless-technologies/upp-sdk/core/circuit-selector'\n// etc.\n// Not re-exported from the barrel to avoid tsup DTS NamespaceFixer limits.\n\n// ASP (Association Set Provider) module\nexport {\n computeSingleOriginASPRoot,\n generateSingleOriginASPProof,\n verifyASPProof,\n DEMO_ASP_ID,\n DEMO_ASP_NAME,\n createDemoASPRoot,\n // Multi-origin ASP tree\n buildASPTree,\n computeMultiOriginASPRoot,\n generateMultiOriginASPProof,\n generateASPProof,\n} from './asp.js'\nexport type { ASPProof } from './asp.js'\n\n// Transfer module\nexport {\n syncMerkleTree,\n getMerkleProofsForNotes,\n computeNullifier,\n buildUPPTransferCircuitInputs,\n buildTransfer,\n formatOutputForContract,\n} from './transfer.js'\nexport type {\n TransferStage,\n SpendableNote,\n MerkleProofWithNote,\n TransferContext,\n TransferBuildResult,\n NoteWithAmount,\n} from './transfer.js'\n","/**\n * UPP Deployment Verification — Check on-chain state matches deployment config.\n *\n * Verifies:\n * 1. Bytecode exists at proxy and implementation addresses\n * 2. UUPS proxy implementation slots point to expected implementations\n *\n * Use `verifyDeployment()` for comprehensive checks, or `checkImplementation()`\n * for a lightweight proxy-vs-expected check suitable for UI warnings.\n */\n\nimport type { Address, PublicClient } from 'viem'\nimport type { DeploymentConfig } from '../deployments/index.js'\n\n/** ERC-1967 implementation storage slot: keccak256(\"eip1967.proxy.implementation\") - 1 */\nconst ERC1967_IMPL_SLOT =\n '0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc' as const\n\nexport interface VerificationCheck {\n name: string\n passed: boolean\n expected?: string\n actual?: string\n}\n\nexport interface VerificationResult {\n chainId: number\n checks: VerificationCheck[]\n passed: number\n failed: number\n allPassed: boolean\n}\n\n/**\n * Lightweight check: does the on-chain proxy point to the expected implementation?\n *\n * Returns `true` if the implementation matches, `false` if it doesn't or can't be read.\n * Use this in UI code to warn users about outdated deployments.\n *\n * @example\n * ```ts\n * import { checkImplementation, getDeploymentOrThrow } from '@permissionless-technologies/upp-sdk'\n *\n * const deployment = getDeploymentOrThrow(11155111)\n * const ok = await checkImplementation(publicClient, deployment, 'UniversalPrivatePool')\n * if (!ok) {\n * console.warn('Pool implementation has been upgraded — SDK may be outdated')\n * }\n * ```\n */\nexport async function checkImplementation(\n publicClient: PublicClient,\n deployment: DeploymentConfig,\n contract: 'UniversalPrivatePool' | 'ASPRegistryHub',\n): Promise<boolean> {\n const proxyAddress = deployment[contract]\n const expectedImpl = deployment.implementations?.[contract]\n\n if (!proxyAddress || !expectedImpl) return false\n\n try {\n const implSlot = await publicClient.getStorageAt({\n address: proxyAddress,\n slot: ERC1967_IMPL_SLOT,\n })\n const actualImpl = ('0x' + (implSlot ?? '0x').slice(26)).toLowerCase()\n return actualImpl === expectedImpl.toLowerCase()\n } catch {\n return false\n }\n}\n\n/**\n * Full deployment verification — checks bytecode existence and proxy implementations.\n *\n * @example\n * ```ts\n * const result = await verifyDeployment(publicClient, deployment)\n * if (!result.allPassed) {\n * for (const check of result.checks.filter(c => !c.passed)) {\n * console.error(`FAIL: ${check.name}`, check.expected, check.actual)\n * }\n * }\n * ```\n */\nexport async function verifyDeployment(\n publicClient: PublicClient,\n deployment: DeploymentConfig,\n): Promise<VerificationResult> {\n const checks: VerificationCheck[] = []\n\n // 1. Bytecode existence — proxy addresses\n await _verifyBytecode(publicClient, checks, 'UniversalPrivatePool (proxy)', deployment.UniversalPrivatePool)\n await _verifyBytecode(publicClient, checks, 'ASPRegistryHub (proxy)', deployment.ASPRegistryHub)\n\n // 1b. Bytecode existence — implementation addresses (if known)\n if (deployment.implementations?.UniversalPrivatePool) {\n await _verifyBytecode(publicClient, checks, 'UniversalPrivatePool (impl)', deployment.implementations.UniversalPrivatePool)\n }\n if (deployment.implementations?.ASPRegistryHub) {\n await _verifyBytecode(publicClient, checks, 'ASPRegistryHub (impl)', deployment.implementations.ASPRegistryHub)\n }\n\n // 2. Proxy implementation slots (ERC-1967)\n if (deployment.implementations?.UniversalPrivatePool) {\n await _verifyProxyImpl(\n publicClient, checks,\n 'UniversalPrivatePool',\n deployment.UniversalPrivatePool,\n deployment.implementations.UniversalPrivatePool,\n )\n }\n if (deployment.implementations?.ASPRegistryHub) {\n await _verifyProxyImpl(\n publicClient, checks,\n 'ASPRegistryHub',\n deployment.ASPRegistryHub,\n deployment.implementations.ASPRegistryHub,\n )\n }\n\n // 3. Bytecode existence — verifiers\n for (const [name, addr] of Object.entries(deployment.verifiers)) {\n if (addr) {\n await _verifyBytecode(publicClient, checks, `Verifier: ${name}`, addr as Address)\n }\n }\n\n const passed = checks.filter((c) => c.passed).length\n const failed = checks.filter((c) => !c.passed).length\n\n return {\n chainId: deployment.chainId,\n checks,\n passed,\n failed,\n allPassed: failed === 0,\n }\n}\n\n// ─── Internal helpers ─────────────────────────────────────────────\n\nasync function _verifyBytecode(\n client: PublicClient,\n checks: VerificationCheck[],\n name: string,\n address: Address,\n): Promise<void> {\n try {\n const code = await client.getCode({ address })\n const exists = code !== undefined && code !== '0x' && code.length > 2\n checks.push({ name: `${name} bytecode exists`, passed: exists })\n } catch {\n checks.push({ name: `${name} bytecode exists`, passed: false })\n }\n}\n\nasync function _verifyProxyImpl(\n client: PublicClient,\n checks: VerificationCheck[],\n name: string,\n proxyAddress: Address,\n expectedImpl: Address,\n): Promise<void> {\n try {\n const implSlot = await client.getStorageAt({\n address: proxyAddress,\n slot: ERC1967_IMPL_SLOT,\n })\n const actualImpl = ('0x' + (implSlot ?? '0x').slice(26)).toLowerCase() as Address\n const expected = expectedImpl.toLowerCase()\n checks.push({\n name: `${name} proxy -> impl`,\n passed: actualImpl === expected,\n expected: expectedImpl,\n actual: actualImpl as string,\n })\n } catch {\n checks.push({ name: `${name} proxy -> impl`, passed: false, expected: expectedImpl })\n }\n}\n"]}
package/dist/{chunk-7T4CUE6E.js → chunk-AVSR443A.js} RENAMED
@@ -1,4 +1,4 @@
1
- import { M31_P, SECRET_LIMBS } from './chunk-6TFDBBAQ.js';
1
+ import { M31_P, SECRET_LIMBS } from './chunk-H4NDMIPF.js';
2
2
  import { keccak256, encodePacked, pad, numberToHex } from 'viem';
3
3
 
4
4
  var STARK_AMOUNT_SCALE = 10n ** 15n;
@@ -136,5 +136,5 @@ function buildStarkTransferWitness(params) {
136
136
  }
137
137
 
138
138
  export { STARK_AMOUNT_SCALE, STARK_ASP_TREE_DEPTH, STARK_STATE_TREE_DEPTH, addressToM31, buildStarkTransferWitness, buildStarkWithdrawWitness, computeTransferPublicInputsSeed, computeWithdrawPublicInputsSeed, isStarkAligned, packM31Digest, scaleAmountForStark, splitSecretToM31Limbs, truncateToM31 };
139
- //# sourceMappingURL=chunk-7T4CUE6E.js.map
140
- //# sourceMappingURL=chunk-7T4CUE6E.js.map
139
+ //# sourceMappingURL=chunk-AVSR443A.js.map
140
+ //# sourceMappingURL=chunk-AVSR443A.js.map
package/dist/{chunk-7T4CUE6E.js.map → chunk-AVSR443A.js.map} RENAMED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/utils/stark.ts"],"names":[],"mappings":";;;AAmBO,IAAM,qBAAqB,GAAA,IAAO;AAGlC,IAAM,sBAAA,GAAyB;AAG/B,IAAM,oBAAA,GAAuB;AAO7B,SAAS,eAAe,MAAA,EAAyB;AACtD,EAAA,IAAI,MAAA,IAAU,IAAI,OAAO,KAAA;AACzB,EAAA,MAAM,SAAS,MAAA,GAAS,kBAAA;AACxB,EAAA,OAAO,MAAA,GAAS,kBAAA,KAAuB,MAAA,IAAU,MAAA,GAAS,KAAA;AAC5D;AASO,SAAS,oBAAoB,SAAA,EAA2B;AAC7D,EAAA,MAAM,SAAS,SAAA,GAAY,kBAAA;AAC3B,EAAA,IAAI,MAAA,GAAS,uBAAuB,SAAA,EAAW;AAC7C,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,OAAA,EAAU,SAAS,CAAA,6BAAA,EAAgC,kBAAkB,CAAA,CAAA,CAAG,CAAA;AAAA,EAC1F;AACA,EAAA,IAAI,UAAU,KAAA,EAAO;AACnB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,cAAA,EAAiB,MAAM,CAAA,kBAAA,EAAqB,KAAK,CAAA,CAAA,CAAG,CAAA;AAAA,EACtE;AACA,EAAA,OAAO,OAAO,MAAM,CAAA;AACtB;AAGO,SAAS,cAAc,KAAA,EAAuB;AACnD,EAAA,OAAO,MAAA,CAAO,QAAQ,KAAK,CAAA;AAC7B;AAOO,SAAS,aAAa,IAAA,EAAuB;AAClD,EAAA,OAAO,MAAA,CAAO,MAAA,CAAO,IAAI,CAAA,GAAI,KAAK,CAAA;AACpC;AAUO,SAAS,sBAAsB,MAAA,EAA0B;AAC9D,EAAA,MAAM,QAAkB,EAAC;AACzB,EAAA,IAAI,SAAA,GAAY,MAAA;AAChB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,YAAA,EAAc,CAAA,EAAA,EAAK;AACrC,IAAA,KAAA,CAAM,IAAA,CAAK,MAAA,CAAO,SAAA,GAAY,KAAK,CAAC,CAAA;AACpC,IAAA,SAAA,GAAY,SAAA,GAAY,KAAA;AAAA,EAC1B;AACA,EAAA,OAAO,KAAA;AACT;AAMO,SAAS,cAAc,MAAA,EAAkD;AAC9E,EAAA,OAAO,MAAA,CAAO,OAAO,CAAC,CAAC,IAClB,MAAA,CAAO,MAAA,CAAO,CAAC,CAAC,CAAA,IAAK,MACrB,MAAA,CAAO,MAAA,CAAO,CAAC,CAAC,CAAA,IAAK,MACrB,MAAA,CAAO,MAAA,CAAO,CAAC,CAAC,CAAA,IAAK,GAAA;AAC5B;AAUO,SAAS,gCAAgC,MAAA,EASxC;AACN,EAAA,OAAO,SAAA;AAAA,IACL,YAAA;AAAA,MACE,CAAC,WAAW,SAAA,EAAW,SAAA,EAAW,WAAW,SAAA,EAAW,SAAA,EAAW,WAAW,MAAM,CAAA;AAAA,MACpF;AAAA,QACE,MAAA,CAAO,SAAA;AAAA,QACP,MAAA,CAAO,SAAA;AAAA,QACP,MAAA,CAAO,OAAA;AAAA,QACP,MAAA,CAAO,KAAA;AAAA,QACP,MAAA,CAAO,KAAA;AAAA,QACP,MAAA,CAAO,MAAA;AAAA,QACP,MAAA,CAAO,SAAA;AAAA,QACP,MAAA,CAAO;AAAA;AACT;AACF,GACF;AACF;AAMO,SAAS,gCAAgC,MAAA,EAOxC;AACN,EAAA,OAAO,SAAA;AAAA,IACL,YAAA;AAAA,MACE,CAAC,SAAA,EAAW,SAAA,EAAW,SAAA,EAAW,SAAA,EAAW,WAAW,SAAS,CAAA;AAAA,MACjE;AAAA,QACE,MAAA,CAAO,SAAA;AAAA,QACP,MAAA,CAAO,SAAA;AAAA,QACP,MAAA,CAAO,OAAA;AAAA,QACP,MAAA,CAAO,KAAA;AAAA,QACP,MAAA,CAAO,iBAAA;AAAA,QACP,MAAA,CAAO;AAAA;AACT;AACF,GACF;AACF;AA8EA,SAAS,aAAa,KAAA,EAA6B;AACjD,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,IAAA,OAAO,IAAI,WAAA,CAAY,KAAK,GAAG,EAAE,IAAA,EAAM,IAAI,CAAA;AAAA,EAC7C;AACA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,eAAe,IAAA,EAAuB;AAC7C,EAAA,OAAO,KAAK,WAAA,EAAY;AAC1B;AAKO,SAAS,0BAA0B,MAAA,EAqBjB;AACvB,EAAA,OAAO;AAAA,IACL,cAAc,MAAA,CAAO,WAAA;AAAA,IACrB,cAAc,MAAA,CAAO,WAAA;AAAA,IACrB,gBAAgB,MAAA,CAAO,aAAA;AAAA,IACvB,cAAc,MAAA,CAAO,WAAA;AAAA,IACrB,OAAO,MAAA,CAAO,KAAA;AAAA,IACd,YAAY,MAAA,CAAO,SAAA;AAAA,IACnB,qBAAqB,IAAI,KAAA,CAAM,sBAAsB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IAC7D,oBAAoB,IAAI,KAAA,CAAM,sBAAsB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IAC5D,mBAAmB,IAAI,KAAA,CAAM,oBAAoB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IACzD,kBAAkB,IAAI,KAAA,CAAM,oBAAoB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IACxD,iBAAiB,MAAA,CAAO,cAAA;AAAA,IACxB,eAAe,MAAA,CAAO,YAAA;AAAA,IACtB,iBAAiB,MAAA,CAAO,cAAA;AAAA,IACxB,WAAW,MAAA,CAAO,SAAA;AAAA,IAClB,aAAa,MAAA,CAAO,UAAA;AAAA,IACpB,eAAe,MAAA,CAAO,YAAA;AAAA,IACtB,cAAA,EAAgB,YAAA,CAAa,MAAA,CAAO,eAAe,CAAA;AAAA,IACnD,YAAA,EAAc,YAAA,CAAa,MAAA,CAAO,aAAa,CAAA;AAAA,IAC/C,UAAA,EAAY,YAAA,CAAa,MAAA,CAAO,WAAW,CAAA;AAAA,IAC3C,iBAAA,EAAmB,cAAA,CAAe,MAAA,CAAO,YAAY,CAAA;AAAA,IACrD,UAAA,EAAY,YAAA,CAAa,MAAA,CAAO,SAAS,CAAA;AAAA,IACzC,qBAAA,EAAuB,cAAA,CAAe,MAAA,CAAO,gBAAgB,CAAA;AAAA,IAC7D,kBAAkB,MAAA,CAAO;AAAA,GAC3B;AACF;AAKO,SAAS,0BAA0B,MAAA,EAuBjB;AACvB,EAAA,OAAO;AAAA,IACL,cAAc,MAAA,CAAO,WAAA;AAAA,IACrB,cAAc,MAAA,CAAO,WAAA;AAAA,IACrB,gBAAgB,MAAA,CAAO,aAAA;AAAA,IACvB,cAAc,MAAA,CAAO,WAAA;AAAA,IACrB,OAAO,MAAA,CAAO,KAAA;AAAA,IACd,YAAY,MAAA,CAAO,SAAA;AAAA,IACnB,qBAAqB,IAAI,KAAA,CAAM,sBAAsB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IAC7D,oBAAoB,IAAI,KAAA,CAAM,sBAAsB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IAC5D,mBAAmB,IAAI,KAAA,CAAM,oBAAoB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IACzD,kBAAkB,IAAI,KAAA,CAAM,oBAAoB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IACxD,gBAAgB,MAAA,CAAO,aAAA;AAAA,IACvB,oBAAoB,MAAA,CAAO,gBAAA;AAAA,IAC3B,kBAAkB,MAAA,CAAO,eAAA;AAAA,IACzB,gBAAgB,MAAA,CAAO,aAAA;AAAA,IACvB,gBAAgB,MAAA,CAAO,aAAA;AAAA,IACvB,oBAAoB,MAAA,CAAO,gBAAA;AAAA,IAC3B,kBAAkB,MAAA,CAAO,eAAA;AAAA,IACzB,gBAAgB,MAAA,CAAO,aAAA;AAAA,IACvB,aAAa,MAAA,CAAO,UAAA;AAAA,IACpB,eAAe,MAAA,CAAO,YAAA;AAAA,IACtB,cAAA,EAAgB,YAAA,CAAa,MAAA,CAAO,eAAe,CAAA;AAAA,IACnD,YAAA,EAAc,YAAA,CAAa,MAAA,CAAO,aAAa,CAAA;AAAA,IAC/C,iBAAA,EAAmB,cAAA,CAAe,MAAA,CAAO,YAAY,CAAA;AAAA,IACrD,yBAAyB,MAAA,CAAO,oBAAA;AAAA,IAChC,yBAAyB,MAAA,CAAO;AAAA,GAClC;AACF","file":"chunk-7T4CUE6E.js","sourcesContent":["/**\n * STARK Utilities — Amount scaling, witness building, Fiat-Shamir\n *\n * These functions must produce identical outputs to the Rust Stwo prover\n * (stwo-prover/src/) and the Solidity verifier.\n *\n * M31 field: p = 2^31 - 1 = 2,147,483,647\n * Amount precision: 0.001 tokens (1e15 wei scale factor)\n */\n\nimport type { Address, Hex } from 'viem'\nimport { keccak256, encodePacked, pad, numberToHex } from 'viem'\nimport { M31_P, SECRET_LIMBS } from './keccak-m31.js'\n\n// ============================================================================\n// Constants\n// ============================================================================\n\n/** Matches Solidity STARK_AMOUNT_SCALE = 1e15 */\nexport const STARK_AMOUNT_SCALE = 10n ** 15n\n\n/** State tree depth (Merkle tree for commitments) */\nexport const STARK_STATE_TREE_DEPTH = 32\n\n/** ASP tree depth */\nexport const STARK_ASP_TREE_DEPTH = 20\n\n// ============================================================================\n// Amount Scaling\n// ============================================================================\n\n/** Check if a wei amount is STARK-scale aligned and fits in M31. */\nexport function isStarkAligned(amount: bigint): boolean {\n if (amount <= 0n) return false\n const scaled = amount / STARK_AMOUNT_SCALE\n return scaled * STARK_AMOUNT_SCALE === amount && scaled < M31_P\n}\n\n/**\n * Scale a wei amount down for the STARK circuit.\n * Precision: 0.001 tokens (1e15 wei). Max: ~2.1M tokens.\n *\n * @returns The scaled amount as a number (fits in M31)\n * @throws If not aligned to STARK_AMOUNT_SCALE or exceeds M31\n */\nexport function scaleAmountForStark(weiAmount: bigint): number {\n const scaled = weiAmount / STARK_AMOUNT_SCALE\n if (scaled * STARK_AMOUNT_SCALE !== weiAmount) {\n throw new Error(`Amount ${weiAmount} not aligned to STARK scale (${STARK_AMOUNT_SCALE})`)\n }\n if (scaled >= M31_P) {\n throw new Error(`Scaled amount ${scaled} exceeds M31 max (${M31_P})`)\n }\n return Number(scaled)\n}\n\n/** Truncate a bigint to fit in M31 (modular reduction). */\nexport function truncateToM31(value: bigint): number {\n return Number(value % M31_P)\n}\n\n// ============================================================================\n// Field Conversions\n// ============================================================================\n\n/** Convert an Ethereum address to an M31 field element (truncated). */\nexport function addressToM31(addr: Address): number {\n return Number(BigInt(addr) % M31_P)\n}\n\n/**\n * Split a 254-bit spending secret into 8 M31 limbs (248 bits of entropy).\n *\n * Each limb holds 31 bits (reduced mod M31_P). The secret is split\n * little-endian: limb[0] = lowest 31 bits, limb[7] = highest bits.\n *\n * This matches the Rust prover's expectation of `[M31; 8]` for owner_secret.\n */\nexport function splitSecretToM31Limbs(secret: bigint): number[] {\n const limbs: number[] = []\n let remaining = secret\n for (let i = 0; i < SECRET_LIMBS; i++) {\n limbs.push(Number(remaining % M31_P))\n remaining = remaining / M31_P\n }\n return limbs\n}\n\n/**\n * Pack an M31 digest (4 M31 elements) into a uint128 for Solidity.\n * Each element occupies 32 bits (little-endian packing).\n */\nexport function packM31Digest(digest: [number, number, number, number]): bigint {\n return BigInt(digest[0])\n | (BigInt(digest[1]) << 32n)\n | (BigInt(digest[2]) << 64n)\n | (BigInt(digest[3]) << 96n)\n}\n\n// ============================================================================\n// Fiat-Shamir Public Input Seeds\n// ============================================================================\n\n/**\n * Compute the Fiat-Shamir public inputs seed for a STARK withdrawal.\n * Must produce the same hash as Solidity and Rust.\n */\nexport function computeWithdrawPublicInputsSeed(params: {\n nullifier: Hex\n stateRoot: bigint\n aspRoot: bigint\n aspId: bigint\n token: Address\n amount: bigint\n recipient: Address\n isRagequit: boolean\n}): Hex {\n return keccak256(\n encodePacked(\n ['bytes32', 'uint256', 'uint256', 'uint256', 'address', 'uint256', 'address', 'bool'],\n [\n params.nullifier,\n params.stateRoot,\n params.aspRoot,\n params.aspId,\n params.token,\n params.amount,\n params.recipient,\n params.isRagequit,\n ],\n ),\n )\n}\n\n/**\n * Compute the Fiat-Shamir public inputs seed for a STARK transfer.\n * Must produce the same hash as Solidity and Rust.\n */\nexport function computeTransferPublicInputsSeed(params: {\n nullifier: Hex\n stateRoot: bigint\n aspRoot: bigint\n token: Address\n outputCommitment1: Hex\n outputCommitment2: Hex\n}): Hex {\n return keccak256(\n encodePacked(\n ['bytes32', 'uint256', 'uint256', 'address', 'bytes32', 'bytes32'],\n [\n params.nullifier,\n params.stateRoot,\n params.aspRoot,\n params.token,\n params.outputCommitment1,\n params.outputCommitment2,\n ],\n ),\n )\n}\n\n// ============================================================================\n// Witness Types\n// ============================================================================\n\n/**\n * Witness inputs for the STARK withdrawal prover.\n * All numeric values are u32 (must fit in M31 field, i.e. < 2^31 - 1).\n * Hex string fields are for Fiat-Shamir seed binding.\n */\nexport interface StarkWithdrawWitness {\n owner_secret: number[]\n input_amount: number\n input_blinding: number\n input_origin: number\n token: number\n leaf_index: number\n state_path_elements: number[]\n state_path_indices: number[]\n asp_path_elements: number[]\n asp_path_indices: number[]\n withdraw_amount: number\n change_amount: number\n change_blinding: number\n recipient: number\n is_ragequit: number\n // Ethereum-native hex values for Fiat-Shamir seed binding\n nullifier_hex: string\n state_root_hex: string\n asp_root_hex: string\n asp_id_hex: string\n token_address_hex: string\n amount_hex: string\n recipient_address_hex: string\n is_ragequit_bool: boolean\n}\n\n/**\n * Witness inputs for the STARK transfer prover (1-in-2-out).\n * All numeric values are u32 (must fit in M31 field).\n */\nexport interface StarkTransferWitness {\n owner_secret: number[]\n input_amount: number\n input_blinding: number\n input_origin: number\n token: number\n leaf_index: number\n state_path_elements: number[]\n state_path_indices: number[]\n asp_path_elements: number[]\n asp_path_indices: number[]\n // Output 1\n output1_amount: number\n output1_owner_hash: [number, number, number, number]\n output1_blinding: number\n output1_origin: number\n // Output 2\n output2_amount: number\n output2_owner_hash: [number, number, number, number]\n output2_blinding: number\n output2_origin: number\n // Ragequit flag\n is_ragequit: number\n // Ethereum-native hex values for Fiat-Shamir seed binding\n nullifier_hex: string\n state_root_hex: string\n asp_root_hex: string\n token_address_hex: string\n output_commitment_1_hex: string\n output_commitment_2_hex: string\n}\n\n// ============================================================================\n// Witness Builders\n// ============================================================================\n\nfunction toBytes32Hex(value: bigint | Hex): string {\n if (typeof value === 'bigint') {\n return pad(numberToHex(value), { size: 32 })\n }\n return value as string\n}\n\nfunction toAddress20Hex(addr: Address): string {\n return addr.toLowerCase()\n}\n\n/**\n * Build a complete STARK withdrawal witness from note data.\n */\nexport function buildStarkWithdrawWitness(params: {\n ownerSecret: number[]\n inputAmount: number\n inputBlinding: number\n inputOrigin: number\n token: number\n leafIndex: number\n withdrawAmount: number\n changeAmount: number\n changeBlinding: number\n recipient: number\n isRagequit: number\n // Full Ethereum values for seed binding\n nullifierHex: Hex\n stateRootBigInt: bigint\n aspRootBigInt: bigint\n aspIdBigInt: bigint\n tokenAddress: Address\n amountWei: bigint\n recipientAddress: Address\n isRagequitBool: boolean\n}): StarkWithdrawWitness {\n return {\n owner_secret: params.ownerSecret,\n input_amount: params.inputAmount,\n input_blinding: params.inputBlinding,\n input_origin: params.inputOrigin,\n token: params.token,\n leaf_index: params.leafIndex,\n state_path_elements: new Array(STARK_STATE_TREE_DEPTH).fill(0),\n state_path_indices: new Array(STARK_STATE_TREE_DEPTH).fill(0),\n asp_path_elements: new Array(STARK_ASP_TREE_DEPTH).fill(0),\n asp_path_indices: new Array(STARK_ASP_TREE_DEPTH).fill(0),\n withdraw_amount: params.withdrawAmount,\n change_amount: params.changeAmount,\n change_blinding: params.changeBlinding,\n recipient: params.recipient,\n is_ragequit: params.isRagequit,\n nullifier_hex: params.nullifierHex,\n state_root_hex: toBytes32Hex(params.stateRootBigInt),\n asp_root_hex: toBytes32Hex(params.aspRootBigInt),\n asp_id_hex: toBytes32Hex(params.aspIdBigInt),\n token_address_hex: toAddress20Hex(params.tokenAddress),\n amount_hex: toBytes32Hex(params.amountWei),\n recipient_address_hex: toAddress20Hex(params.recipientAddress),\n is_ragequit_bool: params.isRagequitBool,\n }\n}\n\n/**\n * Build a complete STARK transfer witness (1-in-2-out).\n */\nexport function buildStarkTransferWitness(params: {\n ownerSecret: number[]\n inputAmount: number\n inputBlinding: number\n inputOrigin: number\n token: number\n leafIndex: number\n output1Amount: number\n output1OwnerHash: [number, number, number, number]\n output1Blinding: number\n output1Origin: number\n output2Amount: number\n output2OwnerHash: [number, number, number, number]\n output2Blinding: number\n output2Origin: number\n isRagequit: number\n // Full Ethereum values for seed binding\n nullifierHex: Hex\n stateRootBigInt: bigint\n aspRootBigInt: bigint\n tokenAddress: Address\n outputCommitment1Hex: Hex\n outputCommitment2Hex: Hex\n}): StarkTransferWitness {\n return {\n owner_secret: params.ownerSecret,\n input_amount: params.inputAmount,\n input_blinding: params.inputBlinding,\n input_origin: params.inputOrigin,\n token: params.token,\n leaf_index: params.leafIndex,\n state_path_elements: new Array(STARK_STATE_TREE_DEPTH).fill(0),\n state_path_indices: new Array(STARK_STATE_TREE_DEPTH).fill(0),\n asp_path_elements: new Array(STARK_ASP_TREE_DEPTH).fill(0),\n asp_path_indices: new Array(STARK_ASP_TREE_DEPTH).fill(0),\n output1_amount: params.output1Amount,\n output1_owner_hash: params.output1OwnerHash,\n output1_blinding: params.output1Blinding,\n output1_origin: params.output1Origin,\n output2_amount: params.output2Amount,\n output2_owner_hash: params.output2OwnerHash,\n output2_blinding: params.output2Blinding,\n output2_origin: params.output2Origin,\n is_ragequit: params.isRagequit,\n nullifier_hex: params.nullifierHex,\n state_root_hex: toBytes32Hex(params.stateRootBigInt),\n asp_root_hex: toBytes32Hex(params.aspRootBigInt),\n token_address_hex: toAddress20Hex(params.tokenAddress),\n output_commitment_1_hex: params.outputCommitment1Hex,\n output_commitment_2_hex: params.outputCommitment2Hex,\n }\n}\n"]}
1
+ {"version":3,"sources":["../src/utils/stark.ts"],"names":[],"mappings":";;;AAmBO,IAAM,qBAAqB,GAAA,IAAO;AAGlC,IAAM,sBAAA,GAAyB;AAG/B,IAAM,oBAAA,GAAuB;AAO7B,SAAS,eAAe,MAAA,EAAyB;AACtD,EAAA,IAAI,MAAA,IAAU,IAAI,OAAO,KAAA;AACzB,EAAA,MAAM,SAAS,MAAA,GAAS,kBAAA;AACxB,EAAA,OAAO,MAAA,GAAS,kBAAA,KAAuB,MAAA,IAAU,MAAA,GAAS,KAAA;AAC5D;AASO,SAAS,oBAAoB,SAAA,EAA2B;AAC7D,EAAA,MAAM,SAAS,SAAA,GAAY,kBAAA;AAC3B,EAAA,IAAI,MAAA,GAAS,uBAAuB,SAAA,EAAW;AAC7C,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,OAAA,EAAU,SAAS,CAAA,6BAAA,EAAgC,kBAAkB,CAAA,CAAA,CAAG,CAAA;AAAA,EAC1F;AACA,EAAA,IAAI,UAAU,KAAA,EAAO;AACnB,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,cAAA,EAAiB,MAAM,CAAA,kBAAA,EAAqB,KAAK,CAAA,CAAA,CAAG,CAAA;AAAA,EACtE;AACA,EAAA,OAAO,OAAO,MAAM,CAAA;AACtB;AAGO,SAAS,cAAc,KAAA,EAAuB;AACnD,EAAA,OAAO,MAAA,CAAO,QAAQ,KAAK,CAAA;AAC7B;AAOO,SAAS,aAAa,IAAA,EAAuB;AAClD,EAAA,OAAO,MAAA,CAAO,MAAA,CAAO,IAAI,CAAA,GAAI,KAAK,CAAA;AACpC;AAUO,SAAS,sBAAsB,MAAA,EAA0B;AAC9D,EAAA,MAAM,QAAkB,EAAC;AACzB,EAAA,IAAI,SAAA,GAAY,MAAA;AAChB,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,YAAA,EAAc,CAAA,EAAA,EAAK;AACrC,IAAA,KAAA,CAAM,IAAA,CAAK,MAAA,CAAO,SAAA,GAAY,KAAK,CAAC,CAAA;AACpC,IAAA,SAAA,GAAY,SAAA,GAAY,KAAA;AAAA,EAC1B;AACA,EAAA,OAAO,KAAA;AACT;AAMO,SAAS,cAAc,MAAA,EAAkD;AAC9E,EAAA,OAAO,MAAA,CAAO,OAAO,CAAC,CAAC,IAClB,MAAA,CAAO,MAAA,CAAO,CAAC,CAAC,CAAA,IAAK,MACrB,MAAA,CAAO,MAAA,CAAO,CAAC,CAAC,CAAA,IAAK,MACrB,MAAA,CAAO,MAAA,CAAO,CAAC,CAAC,CAAA,IAAK,GAAA;AAC5B;AAUO,SAAS,gCAAgC,MAAA,EASxC;AACN,EAAA,OAAO,SAAA;AAAA,IACL,YAAA;AAAA,MACE,CAAC,WAAW,SAAA,EAAW,SAAA,EAAW,WAAW,SAAA,EAAW,SAAA,EAAW,WAAW,MAAM,CAAA;AAAA,MACpF;AAAA,QACE,MAAA,CAAO,SAAA;AAAA,QACP,MAAA,CAAO,SAAA;AAAA,QACP,MAAA,CAAO,OAAA;AAAA,QACP,MAAA,CAAO,KAAA;AAAA,QACP,MAAA,CAAO,KAAA;AAAA,QACP,MAAA,CAAO,MAAA;AAAA,QACP,MAAA,CAAO,SAAA;AAAA,QACP,MAAA,CAAO;AAAA;AACT;AACF,GACF;AACF;AAMO,SAAS,gCAAgC,MAAA,EAOxC;AACN,EAAA,OAAO,SAAA;AAAA,IACL,YAAA;AAAA,MACE,CAAC,SAAA,EAAW,SAAA,EAAW,SAAA,EAAW,SAAA,EAAW,WAAW,SAAS,CAAA;AAAA,MACjE;AAAA,QACE,MAAA,CAAO,SAAA;AAAA,QACP,MAAA,CAAO,SAAA;AAAA,QACP,MAAA,CAAO,OAAA;AAAA,QACP,MAAA,CAAO,KAAA;AAAA,QACP,MAAA,CAAO,iBAAA;AAAA,QACP,MAAA,CAAO;AAAA;AACT;AACF,GACF;AACF;AA8EA,SAAS,aAAa,KAAA,EAA6B;AACjD,EAAA,IAAI,OAAO,UAAU,QAAA,EAAU;AAC7B,IAAA,OAAO,IAAI,WAAA,CAAY,KAAK,GAAG,EAAE,IAAA,EAAM,IAAI,CAAA;AAAA,EAC7C;AACA,EAAA,OAAO,KAAA;AACT;AAEA,SAAS,eAAe,IAAA,EAAuB;AAC7C,EAAA,OAAO,KAAK,WAAA,EAAY;AAC1B;AAKO,SAAS,0BAA0B,MAAA,EAqBjB;AACvB,EAAA,OAAO;AAAA,IACL,cAAc,MAAA,CAAO,WAAA;AAAA,IACrB,cAAc,MAAA,CAAO,WAAA;AAAA,IACrB,gBAAgB,MAAA,CAAO,aAAA;AAAA,IACvB,cAAc,MAAA,CAAO,WAAA;AAAA,IACrB,OAAO,MAAA,CAAO,KAAA;AAAA,IACd,YAAY,MAAA,CAAO,SAAA;AAAA,IACnB,qBAAqB,IAAI,KAAA,CAAM,sBAAsB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IAC7D,oBAAoB,IAAI,KAAA,CAAM,sBAAsB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IAC5D,mBAAmB,IAAI,KAAA,CAAM,oBAAoB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IACzD,kBAAkB,IAAI,KAAA,CAAM,oBAAoB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IACxD,iBAAiB,MAAA,CAAO,cAAA;AAAA,IACxB,eAAe,MAAA,CAAO,YAAA;AAAA,IACtB,iBAAiB,MAAA,CAAO,cAAA;AAAA,IACxB,WAAW,MAAA,CAAO,SAAA;AAAA,IAClB,aAAa,MAAA,CAAO,UAAA;AAAA,IACpB,eAAe,MAAA,CAAO,YAAA;AAAA,IACtB,cAAA,EAAgB,YAAA,CAAa,MAAA,CAAO,eAAe,CAAA;AAAA,IACnD,YAAA,EAAc,YAAA,CAAa,MAAA,CAAO,aAAa,CAAA;AAAA,IAC/C,UAAA,EAAY,YAAA,CAAa,MAAA,CAAO,WAAW,CAAA;AAAA,IAC3C,iBAAA,EAAmB,cAAA,CAAe,MAAA,CAAO,YAAY,CAAA;AAAA,IACrD,UAAA,EAAY,YAAA,CAAa,MAAA,CAAO,SAAS,CAAA;AAAA,IACzC,qBAAA,EAAuB,cAAA,CAAe,MAAA,CAAO,gBAAgB,CAAA;AAAA,IAC7D,kBAAkB,MAAA,CAAO;AAAA,GAC3B;AACF;AAKO,SAAS,0BAA0B,MAAA,EAuBjB;AACvB,EAAA,OAAO;AAAA,IACL,cAAc,MAAA,CAAO,WAAA;AAAA,IACrB,cAAc,MAAA,CAAO,WAAA;AAAA,IACrB,gBAAgB,MAAA,CAAO,aAAA;AAAA,IACvB,cAAc,MAAA,CAAO,WAAA;AAAA,IACrB,OAAO,MAAA,CAAO,KAAA;AAAA,IACd,YAAY,MAAA,CAAO,SAAA;AAAA,IACnB,qBAAqB,IAAI,KAAA,CAAM,sBAAsB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IAC7D,oBAAoB,IAAI,KAAA,CAAM,sBAAsB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IAC5D,mBAAmB,IAAI,KAAA,CAAM,oBAAoB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IACzD,kBAAkB,IAAI,KAAA,CAAM,oBAAoB,CAAA,CAAE,KAAK,CAAC,CAAA;AAAA,IACxD,gBAAgB,MAAA,CAAO,aAAA;AAAA,IACvB,oBAAoB,MAAA,CAAO,gBAAA;AAAA,IAC3B,kBAAkB,MAAA,CAAO,eAAA;AAAA,IACzB,gBAAgB,MAAA,CAAO,aAAA;AAAA,IACvB,gBAAgB,MAAA,CAAO,aAAA;AAAA,IACvB,oBAAoB,MAAA,CAAO,gBAAA;AAAA,IAC3B,kBAAkB,MAAA,CAAO,eAAA;AAAA,IACzB,gBAAgB,MAAA,CAAO,aAAA;AAAA,IACvB,aAAa,MAAA,CAAO,UAAA;AAAA,IACpB,eAAe,MAAA,CAAO,YAAA;AAAA,IACtB,cAAA,EAAgB,YAAA,CAAa,MAAA,CAAO,eAAe,CAAA;AAAA,IACnD,YAAA,EAAc,YAAA,CAAa,MAAA,CAAO,aAAa,CAAA;AAAA,IAC/C,iBAAA,EAAmB,cAAA,CAAe,MAAA,CAAO,YAAY,CAAA;AAAA,IACrD,yBAAyB,MAAA,CAAO,oBAAA;AAAA,IAChC,yBAAyB,MAAA,CAAO;AAAA,GAClC;AACF","file":"chunk-AVSR443A.js","sourcesContent":["/**\n * STARK Utilities — Amount scaling, witness building, Fiat-Shamir\n *\n * These functions must produce identical outputs to the Rust Stwo prover\n * (stwo-prover/src/) and the Solidity verifier.\n *\n * M31 field: p = 2^31 - 1 = 2,147,483,647\n * Amount precision: 0.001 tokens (1e15 wei scale factor)\n */\n\nimport type { Address, Hex } from 'viem'\nimport { keccak256, encodePacked, pad, numberToHex } from 'viem'\nimport { M31_P, SECRET_LIMBS } from './keccak-m31.js'\n\n// ============================================================================\n// Constants\n// ============================================================================\n\n/** Matches Solidity STARK_AMOUNT_SCALE = 1e15 */\nexport const STARK_AMOUNT_SCALE = 10n ** 15n\n\n/** State tree depth (Merkle tree for commitments) */\nexport const STARK_STATE_TREE_DEPTH = 32\n\n/** ASP tree depth */\nexport const STARK_ASP_TREE_DEPTH = 20\n\n// ============================================================================\n// Amount Scaling\n// ============================================================================\n\n/** Check if a wei amount is STARK-scale aligned and fits in M31. */\nexport function isStarkAligned(amount: bigint): boolean {\n if (amount <= 0n) return false\n const scaled = amount / STARK_AMOUNT_SCALE\n return scaled * STARK_AMOUNT_SCALE === amount && scaled < M31_P\n}\n\n/**\n * Scale a wei amount down for the STARK circuit.\n * Precision: 0.001 tokens (1e15 wei). Max: ~2.1M tokens.\n *\n * @returns The scaled amount as a number (fits in M31)\n * @throws If not aligned to STARK_AMOUNT_SCALE or exceeds M31\n */\nexport function scaleAmountForStark(weiAmount: bigint): number {\n const scaled = weiAmount / STARK_AMOUNT_SCALE\n if (scaled * STARK_AMOUNT_SCALE !== weiAmount) {\n throw new Error(`Amount ${weiAmount} not aligned to STARK scale (${STARK_AMOUNT_SCALE})`)\n }\n if (scaled >= M31_P) {\n throw new Error(`Scaled amount ${scaled} exceeds M31 max (${M31_P})`)\n }\n return Number(scaled)\n}\n\n/** Truncate a bigint to fit in M31 (modular reduction). */\nexport function truncateToM31(value: bigint): number {\n return Number(value % M31_P)\n}\n\n// ============================================================================\n// Field Conversions\n// ============================================================================\n\n/** Convert an Ethereum address to an M31 field element (truncated). */\nexport function addressToM31(addr: Address): number {\n return Number(BigInt(addr) % M31_P)\n}\n\n/**\n * Split a 254-bit spending secret into 8 M31 limbs (248 bits of entropy).\n *\n * Each limb holds 31 bits (reduced mod M31_P). The secret is split\n * little-endian: limb[0] = lowest 31 bits, limb[7] = highest bits.\n *\n * This matches the Rust prover's expectation of `[M31; 8]` for owner_secret.\n */\nexport function splitSecretToM31Limbs(secret: bigint): number[] {\n const limbs: number[] = []\n let remaining = secret\n for (let i = 0; i < SECRET_LIMBS; i++) {\n limbs.push(Number(remaining % M31_P))\n remaining = remaining / M31_P\n }\n return limbs\n}\n\n/**\n * Pack an M31 digest (4 M31 elements) into a uint128 for Solidity.\n * Each element occupies 32 bits (little-endian packing).\n */\nexport function packM31Digest(digest: [number, number, number, number]): bigint {\n return BigInt(digest[0])\n | (BigInt(digest[1]) << 32n)\n | (BigInt(digest[2]) << 64n)\n | (BigInt(digest[3]) << 96n)\n}\n\n// ============================================================================\n// Fiat-Shamir Public Input Seeds\n// ============================================================================\n\n/**\n * Compute the Fiat-Shamir public inputs seed for a STARK withdrawal.\n * Must produce the same hash as Solidity and Rust.\n */\nexport function computeWithdrawPublicInputsSeed(params: {\n nullifier: Hex\n stateRoot: bigint\n aspRoot: bigint\n aspId: bigint\n token: Address\n amount: bigint\n recipient: Address\n isRagequit: boolean\n}): Hex {\n return keccak256(\n encodePacked(\n ['bytes32', 'uint256', 'uint256', 'uint256', 'address', 'uint256', 'address', 'bool'],\n [\n params.nullifier,\n params.stateRoot,\n params.aspRoot,\n params.aspId,\n params.token,\n params.amount,\n params.recipient,\n params.isRagequit,\n ],\n ),\n )\n}\n\n/**\n * Compute the Fiat-Shamir public inputs seed for a STARK transfer.\n * Must produce the same hash as Solidity and Rust.\n */\nexport function computeTransferPublicInputsSeed(params: {\n nullifier: Hex\n stateRoot: bigint\n aspRoot: bigint\n token: Address\n outputCommitment1: Hex\n outputCommitment2: Hex\n}): Hex {\n return keccak256(\n encodePacked(\n ['bytes32', 'uint256', 'uint256', 'address', 'bytes32', 'bytes32'],\n [\n params.nullifier,\n params.stateRoot,\n params.aspRoot,\n params.token,\n params.outputCommitment1,\n params.outputCommitment2,\n ],\n ),\n )\n}\n\n// ============================================================================\n// Witness Types\n// ============================================================================\n\n/**\n * Witness inputs for the STARK withdrawal prover.\n * All numeric values are u32 (must fit in M31 field, i.e. < 2^31 - 1).\n * Hex string fields are for Fiat-Shamir seed binding.\n */\nexport interface StarkWithdrawWitness {\n owner_secret: number[]\n input_amount: number\n input_blinding: number\n input_origin: number\n token: number\n leaf_index: number\n state_path_elements: number[]\n state_path_indices: number[]\n asp_path_elements: number[]\n asp_path_indices: number[]\n withdraw_amount: number\n change_amount: number\n change_blinding: number\n recipient: number\n is_ragequit: number\n // Ethereum-native hex values for Fiat-Shamir seed binding\n nullifier_hex: string\n state_root_hex: string\n asp_root_hex: string\n asp_id_hex: string\n token_address_hex: string\n amount_hex: string\n recipient_address_hex: string\n is_ragequit_bool: boolean\n}\n\n/**\n * Witness inputs for the STARK transfer prover (1-in-2-out).\n * All numeric values are u32 (must fit in M31 field).\n */\nexport interface StarkTransferWitness {\n owner_secret: number[]\n input_amount: number\n input_blinding: number\n input_origin: number\n token: number\n leaf_index: number\n state_path_elements: number[]\n state_path_indices: number[]\n asp_path_elements: number[]\n asp_path_indices: number[]\n // Output 1\n output1_amount: number\n output1_owner_hash: [number, number, number, number]\n output1_blinding: number\n output1_origin: number\n // Output 2\n output2_amount: number\n output2_owner_hash: [number, number, number, number]\n output2_blinding: number\n output2_origin: number\n // Ragequit flag\n is_ragequit: number\n // Ethereum-native hex values for Fiat-Shamir seed binding\n nullifier_hex: string\n state_root_hex: string\n asp_root_hex: string\n token_address_hex: string\n output_commitment_1_hex: string\n output_commitment_2_hex: string\n}\n\n// ============================================================================\n// Witness Builders\n// ============================================================================\n\nfunction toBytes32Hex(value: bigint | Hex): string {\n if (typeof value === 'bigint') {\n return pad(numberToHex(value), { size: 32 })\n }\n return value as string\n}\n\nfunction toAddress20Hex(addr: Address): string {\n return addr.toLowerCase()\n}\n\n/**\n * Build a complete STARK withdrawal witness from note data.\n */\nexport function buildStarkWithdrawWitness(params: {\n ownerSecret: number[]\n inputAmount: number\n inputBlinding: number\n inputOrigin: number\n token: number\n leafIndex: number\n withdrawAmount: number\n changeAmount: number\n changeBlinding: number\n recipient: number\n isRagequit: number\n // Full Ethereum values for seed binding\n nullifierHex: Hex\n stateRootBigInt: bigint\n aspRootBigInt: bigint\n aspIdBigInt: bigint\n tokenAddress: Address\n amountWei: bigint\n recipientAddress: Address\n isRagequitBool: boolean\n}): StarkWithdrawWitness {\n return {\n owner_secret: params.ownerSecret,\n input_amount: params.inputAmount,\n input_blinding: params.inputBlinding,\n input_origin: params.inputOrigin,\n token: params.token,\n leaf_index: params.leafIndex,\n state_path_elements: new Array(STARK_STATE_TREE_DEPTH).fill(0),\n state_path_indices: new Array(STARK_STATE_TREE_DEPTH).fill(0),\n asp_path_elements: new Array(STARK_ASP_TREE_DEPTH).fill(0),\n asp_path_indices: new Array(STARK_ASP_TREE_DEPTH).fill(0),\n withdraw_amount: params.withdrawAmount,\n change_amount: params.changeAmount,\n change_blinding: params.changeBlinding,\n recipient: params.recipient,\n is_ragequit: params.isRagequit,\n nullifier_hex: params.nullifierHex,\n state_root_hex: toBytes32Hex(params.stateRootBigInt),\n asp_root_hex: toBytes32Hex(params.aspRootBigInt),\n asp_id_hex: toBytes32Hex(params.aspIdBigInt),\n token_address_hex: toAddress20Hex(params.tokenAddress),\n amount_hex: toBytes32Hex(params.amountWei),\n recipient_address_hex: toAddress20Hex(params.recipientAddress),\n is_ragequit_bool: params.isRagequitBool,\n }\n}\n\n/**\n * Build a complete STARK transfer witness (1-in-2-out).\n */\nexport function buildStarkTransferWitness(params: {\n ownerSecret: number[]\n inputAmount: number\n inputBlinding: number\n inputOrigin: number\n token: number\n leafIndex: number\n output1Amount: number\n output1OwnerHash: [number, number, number, number]\n output1Blinding: number\n output1Origin: number\n output2Amount: number\n output2OwnerHash: [number, number, number, number]\n output2Blinding: number\n output2Origin: number\n isRagequit: number\n // Full Ethereum values for seed binding\n nullifierHex: Hex\n stateRootBigInt: bigint\n aspRootBigInt: bigint\n tokenAddress: Address\n outputCommitment1Hex: Hex\n outputCommitment2Hex: Hex\n}): StarkTransferWitness {\n return {\n owner_secret: params.ownerSecret,\n input_amount: params.inputAmount,\n input_blinding: params.inputBlinding,\n input_origin: params.inputOrigin,\n token: params.token,\n leaf_index: params.leafIndex,\n state_path_elements: new Array(STARK_STATE_TREE_DEPTH).fill(0),\n state_path_indices: new Array(STARK_STATE_TREE_DEPTH).fill(0),\n asp_path_elements: new Array(STARK_ASP_TREE_DEPTH).fill(0),\n asp_path_indices: new Array(STARK_ASP_TREE_DEPTH).fill(0),\n output1_amount: params.output1Amount,\n output1_owner_hash: params.output1OwnerHash,\n output1_blinding: params.output1Blinding,\n output1_origin: params.output1Origin,\n output2_amount: params.output2Amount,\n output2_owner_hash: params.output2OwnerHash,\n output2_blinding: params.output2Blinding,\n output2_origin: params.output2Origin,\n is_ragequit: params.isRagequit,\n nullifier_hex: params.nullifierHex,\n state_root_hex: toBytes32Hex(params.stateRootBigInt),\n asp_root_hex: toBytes32Hex(params.aspRootBigInt),\n token_address_hex: toAddress20Hex(params.tokenAddress),\n output_commitment_1_hex: params.outputCommitment1Hex,\n output_commitment_2_hex: params.outputCommitment2Hex,\n }\n}\n"]}
package/dist/{chunk-UFEDJJSH.cjs → chunk-BCSMUH4L.cjs} RENAMED
@@ -21,7 +21,7 @@ function bytesToHex(bytes) {
21
21
  return `0x${Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("")}`;
22
22
  }
23
23
  function hexToBytes(hex) {
24
- const str = hex.slice(2);
24
+ const str = hex.startsWith("0x") ? hex.slice(2) : hex;
25
25
  const bytes = new Uint8Array(str.length / 2);
26
26
  for (let i = 0; i < bytes.length; i++) {
27
27
  bytes[i] = parseInt(str.slice(i * 2, i * 2 + 2), 16);
@@ -44,6 +44,31 @@ function bytesToBigint(bytes) {
44
44
  }
45
45
  return value;
46
46
  }
47
+ function modPow(base, exp, modulus) {
48
+ let result = 1n;
49
+ base = base % modulus;
50
+ while (exp > 0n) {
51
+ if (exp % 2n === 1n) {
52
+ result = result * base % modulus;
53
+ }
54
+ exp = exp >> 1n;
55
+ base = base * base % modulus;
56
+ }
57
+ return result;
58
+ }
59
+ function modInverse(a, modulus) {
60
+ let [oldR, r] = [a, modulus];
61
+ let [oldS, s] = [1n, 0n];
62
+ while (r !== 0n) {
63
+ const quotient = oldR / r;
64
+ [oldR, r] = [r, oldR - quotient * r];
65
+ [oldS, s] = [s, oldS - quotient * s];
66
+ }
67
+ if (oldR !== 1n) {
68
+ throw new Error("Modular inverse does not exist");
69
+ }
70
+ return (oldS % modulus + modulus) % modulus;
71
+ }
47
72
  var init_crypto = chunkG7VZBCD6_cjs.__esm({
48
73
  "src/utils/crypto.ts"() {
49
74
  chunkHEHXSV47_cjs.init_poseidon();
@@ -55,7 +80,9 @@ exports.bytesToBigint = bytesToBigint;
55
80
  exports.bytesToHex = bytesToHex;
56
81
  exports.hexToBytes = hexToBytes;
57
82
  exports.init_crypto = init_crypto;
83
+ exports.modInverse = modInverse;
84
+ exports.modPow = modPow;
58
85
  exports.randomBytes = randomBytes;
59
86
  exports.randomFieldElement = randomFieldElement;
60
- //# sourceMappingURL=chunk-UFEDJJSH.cjs.map
61
- //# sourceMappingURL=chunk-UFEDJJSH.cjs.map
87
+ //# sourceMappingURL=chunk-BCSMUH4L.cjs.map
88
+ //# sourceMappingURL=chunk-BCSMUH4L.cjs.map
package/dist/chunk-BCSMUH4L.cjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../src/utils/crypto.ts"],"names":["FIELD_PRIME","__esm","init_poseidon"],"mappings":";;;;;;AAWO,SAAS,YAAY,MAAA,EAA4B;AACtD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,MAAA,CAAO,gBAAgB,KAAK,CAAA;AAC5B,EAAA,OAAO,KAAA;AACT;AAOO,SAAS,kBAAA,GAA6B;AAE3C,EAAA,MAAM,KAAA,GAAQ,YAAY,EAAE,CAAA;AAG5B,EAAA,IAAI,KAAA,GAAQ,EAAA;AACZ,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,KAAA,GAAA,CAAS,KAAA,IAAS,EAAA,IAAM,MAAA,CAAO,KAAA,CAAM,CAAC,CAAE,CAAA;AAAA,EAC1C;AAGA,EAAA,OAAO,KAAA,GAAQA,6BAAA;AACjB;AAKO,SAAS,WAAW,KAAA,EAAkC;AAC3D,EAAA,OAAO,KAAK,KAAA,CAAM,IAAA,CAAK,KAAK,CAAA,CACzB,GAAA,CAAI,OAAK,CAAA,CAAE,QAAA,CAAS,EAAE,CAAA,CAAE,SAAS,CAAA,EAAG,GAAG,CAAC,CAAA,CACxC,IAAA,CAAK,EAAE,CAAC,CAAA,CAAA;AACb;AAKO,SAAS,WAAW,GAAA,EAAyB;AAClD,EAAA,MAAM,GAAA,GAAM,IAAI,UAAA,CAAW,IAAI,IAAI,GAAA,CAAI,KAAA,CAAM,CAAC,CAAA,GAAI,GAAA;AAClD,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,GAAA,CAAI,SAAS,CAAC,CAAA;AAC3C,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,QAAA,CAAS,GAAA,CAAI,KAAA,CAAM,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,CAAA,GAAI,CAAC,CAAA,EAAG,EAAE,CAAA;AAAA,EACrD;AACA,EAAA,OAAO,KAAA;AACT;AAKO,SAAS,aAAA,CAAc,OAAe,MAAA,EAA4B;AACvE,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,IAAA,GAAO,KAAA;AACX,EAAA,KAAA,IAAS,CAAA,GAAI,MAAA,GAAS,CAAA,EAAG,CAAA,IAAK,GAAG,CAAA,EAAA,EAAK;AACpC,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,IAAA,GAAO,KAAK,CAAA;AAC9B,IAAA,IAAA,KAAS,EAAA;AAAA,EACX;AACA,EAAA,OAAO,KAAA;AACT;AAKO,SAAS,cAAc,KAAA,EAA2B;AACvD,EAAA,IAAI,KAAA,GAAQ,EAAA;AACZ,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,KAAA,CAAM,QAAQ,CAAA,EAAA,EAAK;AACrC,IAAA,KAAA,GAAA,CAAS,KAAA,IAAS,EAAA,IAAM,MAAA,CAAO,KAAA,CAAM,CAAC,CAAE,CAAA;AAAA,EAC1C;AACA,EAAA,OAAO,KAAA;AACT;AAKO,SAAS,MAAA,CAAO,IAAA,EAAc,GAAA,EAAa,OAAA,EAAyB;AACzE,EAAA,IAAI,MAAA,GAAS,EAAA;AACb,EAAA,IAAA,GAAO,IAAA,GAAO,OAAA;AAEd,EAAA,OAAO,MAAM,EAAA,EAAI;AACf,IAAA,IAAI,GAAA,GAAM,OAAO,EAAA,EAAI;AACnB,MAAA,MAAA,GAAU,SAAS,IAAA,GAAQ,OAAA;AAAA,IAC7B;AACA,IAAA,GAAA,GAAM,GAAA,IAAO,EAAA;AACb,IAAA,IAAA,GAAQ,OAAO,IAAA,GAAQ,OAAA;AAAA,EACzB;AAEA,EAAA,OAAO,MAAA;AACT;AAKO,SAAS,UAAA,CAAW,GAAW,OAAA,EAAyB;AAC7D,EAAA,IAAI,CAAC,IAAA,EAAM,CAAC,CAAA,GAAI,CAAC,GAAG,OAAO,CAAA;AAC3B,EAAA,IAAI,CAAC,IAAA,EAAM,CAAC,CAAA,GAAI,CAAC,IAAI,EAAE,CAAA;AAEvB,EAAA,OAAO,MAAM,EAAA,EAAI;AACf,IAAA,MAAM,WAAW,IAAA,GAAO,CAAA;AACvB,IAAA,CAAC,MAAM,CAAC,CAAA,GAAI,CAAC,CAAA,EAAG,IAAA,GAAO,WAAW,CAAC,CAAA;AACnC,IAAA,CAAC,MAAM,CAAC,CAAA,GAAI,CAAC,CAAA,EAAG,IAAA,GAAO,WAAW,CAAC,CAAA;AAAA,EACtC;AAEA,EAAA,IAAI,SAAS,EAAA,EAAI;AACf,IAAA,MAAM,IAAI,MAAM,gCAAgC,CAAA;AAAA,EAClD;AAEA,EAAA,OAAA,CAAS,IAAA,GAAO,UAAW,OAAA,IAAW,OAAA;AACxC;AArHA,IAAA,WAAA,GAAAC,uBAAA,CAAA;AAAA,EAAA,qBAAA,GAAA;AAMA,IAAAC,+BAAA,EAAA;AAAA,EAAA;AAAA,CAAA","file":"chunk-BCSMUH4L.cjs","sourcesContent":["/**\n * Cryptographic Utilities\n *\n * Secure random number generation and field arithmetic.\n */\n\nimport { FIELD_PRIME } from './poseidon.js'\n\n/**\n * Generate cryptographically secure random bytes\n */\nexport function randomBytes(length: number): Uint8Array {\n const bytes = new Uint8Array(length)\n crypto.getRandomValues(bytes)\n return bytes\n}\n\n/**\n * Generate a random field element (for blinding factors, etc.)\n *\n * Returns a value in range [0, FIELD_PRIME)\n */\nexport function randomFieldElement(): bigint {\n // Generate 32 bytes of randomness\n const bytes = randomBytes(32)\n\n // Convert to bigint\n let value = 0n\n for (let i = 0; i < bytes.length; i++) {\n value = (value << 8n) + BigInt(bytes[i]!)\n }\n\n // Reduce modulo field prime\n return value % FIELD_PRIME\n}\n\n/**\n * Convert bytes to hex string\n */\nexport function bytesToHex(bytes: Uint8Array): `0x${string}` {\n return `0x${Array.from(bytes)\n .map(b => b.toString(16).padStart(2, '0'))\n .join('')}`\n}\n\n/**\n * Convert hex string to bytes (handles with or without 0x prefix)\n */\nexport function hexToBytes(hex: string): Uint8Array {\n const str = hex.startsWith('0x') ? hex.slice(2) : hex\n const bytes = new Uint8Array(str.length / 2)\n for (let i = 0; i < bytes.length; i++) {\n bytes[i] = parseInt(str.slice(i * 2, i * 2 + 2), 16)\n }\n return bytes\n}\n\n/**\n * Convert bigint to bytes (big-endian)\n */\nexport function bigintToBytes(value: bigint, length: number): Uint8Array {\n const bytes = new Uint8Array(length)\n let temp = value\n for (let i = length - 1; i >= 0; i--) {\n bytes[i] = Number(temp & 0xffn)\n temp >>= 8n\n }\n return bytes\n}\n\n/**\n * Convert bytes to bigint (big-endian)\n */\nexport function bytesToBigint(bytes: Uint8Array): bigint {\n let value = 0n\n for (let i = 0; i < bytes.length; i++) {\n value = (value << 8n) + BigInt(bytes[i]!)\n }\n return value\n}\n\n/**\n * Modular exponentiation: base^exp mod modulus\n */\nexport function modPow(base: bigint, exp: bigint, modulus: bigint): bigint {\n let result = 1n\n base = base % modulus\n\n while (exp > 0n) {\n if (exp % 2n === 1n) {\n result = (result * base) % modulus\n }\n exp = exp >> 1n\n base = (base * base) % modulus\n }\n\n return result\n}\n\n/**\n * Modular inverse using extended Euclidean algorithm\n */\nexport function modInverse(a: bigint, modulus: bigint): bigint {\n let [oldR, r] = [a, modulus]\n let [oldS, s] = [1n, 0n]\n\n while (r !== 0n) {\n const quotient = oldR / r\n ;[oldR, r] = [r, oldR - quotient * r]\n ;[oldS, s] = [s, oldS - quotient * s]\n }\n\n if (oldR !== 1n) {\n throw new Error('Modular inverse does not exist')\n }\n\n return ((oldS % modulus) + modulus) % modulus\n}\n"]}
package/dist/{chunk-IYRCJAME.cjs → chunk-C3HXJ5A6.cjs} RENAMED
@@ -1,6 +1,6 @@
1
1
  'use strict';
2
2
 
3
- var chunkUFEDJJSH_cjs = require('./chunk-UFEDJJSH.cjs');
3
+ var chunkBCSMUH4L_cjs = require('./chunk-BCSMUH4L.cjs');
4
4
  var chunkG7VZBCD6_cjs = require('./chunk-G7VZBCD6.cjs');
5
5
  var bech32 = require('bech32');
6
6
  var viem = require('viem');
@@ -33,10 +33,10 @@ function encodeStealthAddress(ownerHash, viewingHash, chainId = 0) {
33
33
  data[offset++] = chainId >> 16 & 255;
34
34
  data[offset++] = chainId >> 8 & 255;
35
35
  data[offset++] = chainId & 255;
36
- const ownerBytes = chunkUFEDJJSH_cjs.bigintToBytes(ownerHash, 32);
36
+ const ownerBytes = chunkBCSMUH4L_cjs.bigintToBytes(ownerHash, 32);
37
37
  data.set(ownerBytes, offset);
38
38
  offset += 32;
39
- const viewingBytes = chunkUFEDJJSH_cjs.bigintToBytes(viewingHash, 32);
39
+ const viewingBytes = chunkBCSMUH4L_cjs.bigintToBytes(viewingHash, 32);
40
40
  data.set(viewingBytes, offset);
41
41
  const words = bech32.bech32m.toWords(data);
42
42
  return bech32.bech32m.encode(exports.STEALTH_ADDRESS_PREFIX, words, BECH32M_LIMIT);
@@ -53,9 +53,9 @@ function decodeStealthAddress(address) {
53
53
  throw new Error(`Unsupported address version: ${version}. Expected v${exports.ADDRESS_VERSION} (hash-based).`);
54
54
  }
55
55
  const chainId = data[offset++] << 24 | data[offset++] << 16 | data[offset++] << 8 | data[offset++];
56
- const ownerHash = chunkUFEDJJSH_cjs.bytesToBigint(data.slice(offset, offset + 32));
56
+ const ownerHash = chunkBCSMUH4L_cjs.bytesToBigint(data.slice(offset, offset + 32));
57
57
  offset += 32;
58
- const viewingHash = chunkUFEDJJSH_cjs.bytesToBigint(data.slice(offset, offset + 32));
58
+ const viewingHash = chunkBCSMUH4L_cjs.bytesToBigint(data.slice(offset, offset + 32));
59
59
  return {
60
60
  version,
61
61
  chainId,
@@ -83,7 +83,7 @@ async function createOneTimeKeys(_recipientOwnerHash, selfSecret) {
83
83
  ownerHash: ownerHash2
84
84
  };
85
85
  }
86
- const oneTimeSecret = chunkUFEDJJSH_cjs.randomFieldElement();
86
+ const oneTimeSecret = chunkBCSMUH4L_cjs.randomFieldElement();
87
87
  const ownerHash = await poseidon([oneTimeSecret]);
88
88
  return {
89
89
  oneTimeSecret,
@@ -181,7 +181,7 @@ function detectAddressType(address) {
181
181
  exports.STEALTH_ADDRESS_PREFIX = void 0; exports.ADDRESS_VERSION = void 0; var BECH32M_LIMIT; exports.STARK_STEALTH_ADDRESS_PREFIX = void 0; exports.STARK_ADDRESS_VERSION = void 0;
182
182
  var init_stealth = chunkG7VZBCD6_cjs.__esm({
183
183
  "src/core/stealth.ts"() {
184
- chunkUFEDJJSH_cjs.init_crypto();
184
+ chunkBCSMUH4L_cjs.init_crypto();
185
185
  exports.STEALTH_ADDRESS_PREFIX = "0zk";
186
186
  exports.ADDRESS_VERSION = 2;
187
187
  BECH32M_LIMIT = 1023;
@@ -713,5 +713,5 @@ exports.removeCancelSecret = removeCancelSecret;
713
713
  exports.stealth_exports = stealth_exports;
714
714
  exports.storeCancelSecret = storeCancelSecret;
715
715
  exports.verifyOwnership = verifyOwnership;
716
- //# sourceMappingURL=chunk-IYRCJAME.cjs.map
717
- //# sourceMappingURL=chunk-IYRCJAME.cjs.map
716
+ //# sourceMappingURL=chunk-C3HXJ5A6.cjs.map
717
+ //# sourceMappingURL=chunk-C3HXJ5A6.cjs.map