npm - @provablehq/sdk - Versions diffs - 0.9.16 → 0.9.17 - Mend

@provablehq/sdk 0.9.16 → 0.9.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/dist/mainnet/browser.d.ts +10 -3
package/dist/mainnet/browser.js +251 -32
package/dist/mainnet/browser.js.map +1 -1
package/dist/mainnet/keys/keystore/error.d.ts +23 -0
package/dist/mainnet/keys/keystore/file.d.ts +217 -0
package/dist/mainnet/keys/keystore/interface.d.ts +85 -0
package/dist/mainnet/keys/provider/interface.d.ts +170 -0
package/dist/mainnet/{function-key-provider.d.ts → keys/provider/memory.d.ts} +9 -167
package/dist/mainnet/{offline-key-provider.d.ts → keys/provider/offline.d.ts} +6 -3
package/dist/mainnet/keys/verifier/interface.d.ts +70 -0
package/dist/mainnet/keys/verifier/memory.d.ts +37 -0
package/dist/mainnet/models/keyPair.d.ts +4 -0
package/dist/mainnet/models/record-scanner/error.d.ts +1 -1
package/dist/mainnet/models/record-scanner/revokeResult.d.ts +17 -0
package/dist/mainnet/node.d.ts +1 -0
package/dist/mainnet/node.js +399 -2
package/dist/mainnet/node.js.map +1 -1
package/dist/mainnet/program-manager.d.ts +2 -1
package/dist/mainnet/record-scanner.d.ts +16 -0
package/dist/testnet/browser.d.ts +10 -3
package/dist/testnet/browser.js +251 -32
package/dist/testnet/browser.js.map +1 -1
package/dist/testnet/keys/keystore/error.d.ts +23 -0
package/dist/testnet/keys/keystore/file.d.ts +217 -0
package/dist/testnet/keys/keystore/interface.d.ts +85 -0
package/dist/testnet/keys/provider/interface.d.ts +170 -0
package/dist/testnet/{function-key-provider.d.ts → keys/provider/memory.d.ts} +9 -167
package/dist/testnet/{offline-key-provider.d.ts → keys/provider/offline.d.ts} +6 -3
package/dist/testnet/keys/verifier/interface.d.ts +70 -0
package/dist/testnet/keys/verifier/memory.d.ts +37 -0
package/dist/testnet/models/keyPair.d.ts +4 -0
package/dist/testnet/models/record-scanner/error.d.ts +1 -1
package/dist/testnet/models/record-scanner/revokeResult.d.ts +17 -0
package/dist/testnet/node.d.ts +1 -0
package/dist/testnet/node.js +399 -2
package/dist/testnet/node.js.map +1 -1
package/dist/testnet/program-manager.d.ts +2 -1
package/dist/testnet/record-scanner.d.ts +16 -0
package/package.json +3 -3

package/dist/mainnet/node.js CHANGED Viewed

@@ -1,13 +1,410 @@
 import './node-polyfill.js';
-export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoNetworkClient, BlockHeightSearch, CREDITS_PROGRAM_KEYS, DecryptionNotEnabledError, KEY_STORE, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, PRIVATE_TO_PUBLIC_TRANSFER, PRIVATE_TRANSFER, PRIVATE_TRANSFER_TYPES, PUBLIC_TO_PRIVATE_TRANSFER, PUBLIC_TRANSFER, PUBLIC_TRANSFER_AS_SIGNER, ProgramManager, RECORD_DOMAIN, RecordNotFoundError, RecordScanner, RecordScannerRequestError, SealanceMerkleTree, UUIDError, VALID_TRANSFER_TYPES, ViewKeyNotStoredError, encryptAuthorization, encryptProvingRequest, encryptRegistrationRequest, encryptViewKey, initializeWasm, isProveApiErrorBody, isProvingResponse, logAndThrow } from './browser.js';
+import * as fs from 'node:fs/promises';
+import * as $fs from 'node:fs';
+import * as path from 'path';
+import { MemKeyVerifier, InvalidLocatorError } from './browser.js';
+export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoNetworkClient, BlockHeightSearch, CREDITS_PROGRAM_KEYS, KeyVerificationError as ChecksumMismatchError, DecryptionNotEnabledError, KEY_STORE, KeyVerificationError, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, PRIVATE_TO_PUBLIC_TRANSFER, PRIVATE_TRANSFER, PRIVATE_TRANSFER_TYPES, PUBLIC_TO_PRIVATE_TRANSFER, PUBLIC_TRANSFER, PUBLIC_TRANSFER_AS_SIGNER, ProgramManager, RECORD_DOMAIN, RecordNotFoundError, RecordScanner, RecordScannerRequestError, SealanceMerkleTree, UUIDError, VALID_TRANSFER_TYPES, ViewKeyNotStoredError, encryptAuthorization, encryptProvingRequest, encryptRegistrationRequest, encryptViewKey, initializeWasm, isProveApiErrorBody, isProvingResponse, logAndThrow, sha256Hex } from './browser.js';
+import { ProvingKey, VerifyingKey } from '@provablehq/wasm/mainnet.js';
 export { Address, Authorization, BHP1024, BHP256, BHP512, BHP768, Boolean, Ciphertext, ComputeKey, EncryptionToolkit, ExecutionRequest, ExecutionResponse, Field, Execution as FunctionExecution, GraphKey, Group, I128, I16, I32, I64, I8, OfflineQuery, Pedersen128, Pedersen64, Plaintext, Poseidon2, Poseidon4, Poseidon8, PrivateKey, PrivateKeyCiphertext, Program, ProgramManager as ProgramManagerBase, ProvingKey, ProvingRequest, RecordCiphertext, RecordPlaintext, Scalar, Signature, Transaction, Transition, U128, U16, U32, U64, U8, VerifyingKey, ViewKey, getOrInitConsensusVersionTestHeights, initThreadPool, verifyFunctionExecution } from '@provablehq/wasm/mainnet.js';
 import 'core-js/proposals/json-parse-with-source.js';
 import 'node:crypto';
-import 'node:fs';
 import 'mime/lite';
 import 'xmlhttprequest-ssl';
 import 'node:worker_threads';
 import 'node:os';
 import 'libsodium-wrappers';
 import '@scure/base';
+class LocalFileKeyStore {
+    directory;
+    keyVerifier = new MemKeyVerifier();
+    /**
+     * Creates a new directory at the given path or CURRENTDIR/.aleo if none is provided to store keys.
+     * If a custom directory is passed and its last path segment is not ".aleo", ".aleo" is appended
+     * so keys are stored under that subdirectory (e.g. /home/project → /home/project/.aleo).
+     *
+     * @param {string} [directory] - Optional custom directory path for key storage. Defaults to ".aleo" in current working directory.
+     * @throws {Error} If directory creation fails.
+     */
+    constructor(directory) {
+        this.directory = directory ?? path.join(process.cwd(), ".aleo");
+        if (directory !== undefined && path.basename(this.directory) !== ".aleo") {
+            this.directory = path.join(this.directory, ".aleo");
+        }
+        $fs.mkdirSync(this.directory, { recursive: true });
+    }
+    /**
+     * Validates that a locator is a safe filesystem identifier.
+     *
+     * @private
+     * @param {string} locator - Unique identifier used to derive a metadata file path.
+     * @throws {InvalidLocatorError} If the locator could cause path traversal.
+     */
+    validateLocator(locator) {
+        // Reject empty and reserved names that could resolve to the directory or parent
+        if (locator === "" || locator === "." || locator === "..") {
+            throw new InvalidLocatorError(`Invalid locator: reserved or empty name "${locator}"`, locator, "reserved_name");
+        }
+        // Explicitly block traversal attempts
+        if (locator.includes("..")) {
+            throw new InvalidLocatorError("Invalid locator: path traversal detected", locator, "path_traversal");
+        }
+        // Block path separators and null byte
+        if (locator.includes("/") || locator.includes("\\") || locator.includes("\0")) {
+            throw new InvalidLocatorError("Invalid locator: path separator or null byte not allowed", locator, "path_separator");
+        }
+    }
+    /**
+     * Generates the path for a key metadata file based on the locator.
+     *
+     * @private
+     * @param {string} locator - Unique identifier for the key.
+     * @returns {string} Full filesystem path to the metadata file.
+     */
+    metadataPath(locator) {
+        return path.join(this.directory, `${locator}.metadata`);
+    }
+    /**
+     * Reads and parses the key fingerprint metadata from storage.
+     *
+     * @private
+     * @param {string} locator - Unique identifier for the key.
+     * @returns {Promise<KeyFingerprint | null>} The key fingerprint if found, null if file doesn't exist.
+     * @throws {Error} If file read fails for any reason other than not found.
+     */
+    async readKeyMetadata(locator) {
+        try {
+            const data = await fs.readFile(this.metadataPath(locator), "utf-8");
+            return JSON.parse(data);
+        }
+        catch (err) {
+            if (err &&
+                typeof err === "object" &&
+                "code" in err &&
+                err.code === "ENOENT")
+                return null;
+            throw err;
+        }
+    }
+    /**
+     * Writes key fingerprint metadata to storage.
+     *
+     * @private
+     * @param {string} locator - Unique identifier for the key.
+     * @param {KeyFingerprint} metadata - Key fingerprint metadata to store.
+     * @returns {Promise<void>}
+     * @throws {Error} If directory creation or file write fails.
+     */
+    async writeKeyMetadata(locator, metadata) {
+        await fs.mkdir(path.dirname(this.metadataPath(locator)), {
+            recursive: true,
+        });
+        await fs.writeFile(this.metadataPath(locator), JSON.stringify(metadata, null, 0), "utf-8");
+    }
+    async readFileOptional(filepath) {
+        try {
+            const data = await fs.readFile(filepath);
+            return new Uint8Array(data);
+        }
+        catch (err) {
+            if (err.code === "ENOENT")
+                return null;
+            throw err;
+        }
+    }
+    /**
+     * Atomically writes data to a file, ensuring the parent directories exist.
+     *
+     * @private
+     * @param {string} filepath - Full path to the file to write
+     * @param {Uint8Array} data - Binary data to write to the file
+     * @returns {Promise<void>} Resolves when write is complete
+     * @throws {Error} If directory creation or file write fails
+     */
+    async writeFileAtomic(filepath, data) {
+        const dir = path.dirname(filepath);
+        await fs.mkdir(dir, { recursive: true });
+        const tempPath = path.join(dir, `.${path.basename(filepath)}.${process.pid}.${Date.now()}.${Math.random().toString(16).slice(2)}.tmp`);
+        await fs.writeFile(tempPath, data);
+        try {
+            await fs.rename(tempPath, filepath);
+        }
+        catch (err) {
+            const code = err && typeof err === "object" && "code" in err ? err.code : undefined;
+            // Windows often throws EEXIST when target exists; EPERM/EACCES happen with locks/AV.
+            if (code === "EEXIST" || code === "EPERM" || code === "EACCES") {
+                await fs.unlink(filepath).catch(() => { });
+                try {
+                    await fs.rename(tempPath, filepath);
+                }
+                catch (err2) {
+                    await fs.unlink(tempPath).catch(() => { });
+                    throw err2;
+                }
+            }
+            else {
+                await fs.unlink(tempPath).catch(() => { });
+                throw err;
+            }
+        }
+    }
+    /**
+     * Recursively removes all files and subdirectories under the given directory, then removes the directory itself.
+     * Uses fs.rm with recursive: true and force: true so that symbolic links are removed without following them,
+     * avoiding deletion of content outside the keystore.
+     *
+     * @private
+     * @param {string} dir - Directory path to clear
+     * @returns {Promise<void>} Resolves when clearing is complete
+     * @throws {Error} If directory removal fails for reasons other than non-existence
+     */
+    async clearDirectory(dir) {
+        try {
+            await fs.rm(dir, { recursive: true, force: true });
+        }
+        catch (err) {
+            const code = err && typeof err === "object" && "code" in err ? err.code : undefined;
+            if (code === "ENOENT") {
+                return;
+            }
+            throw err;
+        }
+    }
+    // -------------------------------------------------------
+    // KEYSTORE INTERFACE
+    // -------------------------------------------------------
+    /**
+     * Retrieves the key bytes from storage and optionally verifies them against a fingerprint.
+     *
+     * @param {KeyLocator} locator - Object containing a locator string for the key + optional fingerprint for verification.
+     * @returns {Promise<Uint8Array | null>} The key bytes if found and verified (if fingerprint provided), null if not found.
+     * @throws {KeyVerificationError} If fingerprint verification fails.
+     * @example
+     * const keyBytes = await getKeyBytes({
+     *   locator: 'transfer_private.prover.421e5a5',
+     *   fingerprint: { checksum: '421e5a52f01a1eeb068bbf56d15e19477ff7290e4b988d1013e15563f2b77801', size: 116746954 }
+     * });
+     * if (keyBytes) {
+     *   // Use the verified key bytes
+     * }
+     */
+    async getKeyBytes(locator) {
+        this.validateLocator(locator.locator);
+        // Attempt to read key bytes from storage (under this.directory).
+        const keyBytes = await this.readFileOptional(path.join(this.directory, locator.locator));
+        // If no key bytes were found, return null.
+        if (!keyBytes)
+            return null;
+        // Use caller-provided fingerprint or metadata stored on disk for verification.
+        const fingerprint = locator.fingerprint ?? (await this.getKeyMetadata(locator.locator));
+        if (fingerprint) {
+            await this.keyVerifier.verifyKeyBytes({
+                keyBytes,
+                locator: locator.locator,
+                fingerprint,
+            });
+        }
+        // Return the verified key bytes.
+        return keyBytes;
+    }
+    /**
+     * Retrieves and verifies a proving key from storage.
+     *
+     * @param {KeyLocator} locator - Object containing the proving key location and optional fingerprint.
+     * @returns {Promise<ProvingKey | null>} The proving key if found and verified, null if not found.
+     * @throws {KeyVerificationError} If fingerprint verification fails.
+     * @throws {Error} If key bytes cannot be parsed into a valid ProvingKey.
+     *
+     * @example
+     * try {
+     *   const key = await getProvingKey({
+     *     locator: 'transfer_private.prover.421e5a5'
+     *   });
+     *   if (key) {
+     *     // Use the verified proving key
+     *   }
+     * } catch (err) {
+     *   if (err instanceof KeyVerificationError) {
+     *     // Handle verification failure.
+     *   } else {
+     *     // Handle key parsing error.
+     *   }
+     * }
+     */
+    async getProvingKey(locator) {
+        // Get the key bytes from storage.
+        const proverBytes = await this.getKeyBytes(locator);
+        if (!proverBytes)
+            return null;
+        // Attempt to parse the key bytes as a WASM ProvingKey (throws if invalid).
+        return ProvingKey.fromBytes(proverBytes);
+    }
+    /**
+     * Retrieves and verifies a verifying key from storage.
+     *
+     * @param {KeyLocator} locator - Object containing the verifying key location and optional fingerprint.
+     * @returns {Promise<VerifyingKey | null>} The verifying key if found and verified, null if not found.
+     * @throws {KeyVerificationError} If fingerprint verification fails.
+     * @throws {Error} If key bytes cannot be parsed into a valid VerifyingKey.
+     *
+     * @example
+     * try {
+     *   const key = await getVerifyingKey({
+     *     locator: 'transfer_private.verifier.4ac2f71'
+     *   });
+     *   if (key) {
+     *     // Use the verified verifying key
+     *   }
+     * } catch (err) {
+     *   if (err instanceof KeyVerificationError) {
+     *     // Handle verification failure.
+     *   } else {
+     *     // Handle key parsing error.
+     *   }
+     * }
+     */
+    async getVerifyingKey(locator) {
+        // Get the key bytes from storage.
+        const verifierBytes = await this.getKeyBytes(locator);
+        if (!verifierBytes)
+            return null;
+        // Attempt to parse the key bytes as a WASM VerifyingKey (throws if invalid).
+        return VerifyingKey.fromBytes(verifierBytes);
+    }
+    /**
+     * Stores proving and verifying keys in key storage.
+     *
+     * @param {KeyLocator} proverLocator The unique locator for the desired proving key.
+     * @param {KeyLocator} verifierLocator The unique locator for the desired verifying key.
+     * @param {FunctionKeyPair} keys The proving and verifying keys.
+     *
+     * @example
+     * const keys = await generateKeys();
+     * await setKeys(
+     *   { locator: 'transfer_private.prover' },
+     *   { locator: 'transfer_private.verifier' },
+     *   keys
+     * );
+     */
+    async setKeys(proverLocator, verifierLocator, keys) {
+        this.validateLocator(proverLocator.locator);
+        this.validateLocator(verifierLocator.locator);
+        // Convert the WASM keys to raw bytes.
+        const [provingKey, verifyingKey] = keys;
+        const [provingKeyBytes, verifyingKeyBytes] = [
+            provingKey.toBytes(),
+            verifyingKey.toBytes(),
+        ];
+        // Compute the fingerprints for the proving and verifying keys, verify against expected fingerprints if provided.
+        const [proverFingerPrint, verifierFingerPrint] = await Promise.all([
+            this.keyVerifier.computeKeyMetadata({
+                keyBytes: provingKeyBytes,
+                locator: proverLocator.locator,
+                fingerprint: proverLocator.fingerprint,
+            }),
+            this.keyVerifier.computeKeyMetadata({
+                keyBytes: verifyingKeyBytes,
+                locator: verifierLocator.locator,
+                fingerprint: verifierLocator.fingerprint,
+            }),
+        ]);
+        // Write the proving and verifying key bytes and their metadata to storage (under this.directory).
+        await this.writeFileAtomic(path.join(this.directory, proverLocator.locator), provingKeyBytes);
+        await this.writeFileAtomic(path.join(this.directory, verifierLocator.locator), verifyingKeyBytes);
+        await this.writeKeyMetadata(proverLocator.locator, proverFingerPrint);
+        await this.writeKeyMetadata(verifierLocator.locator, verifierFingerPrint);
+    }
+    /**
+     * Store a raw proving or verifying key in storage along with its fingerprint metadata for future verification.
+     *
+     * @param {Uint8Array} keyBytes The raw proving and verifying key bytes.
+     * @param {KeyLocator} locator The unique locator for the desired key pair.
+     * @returns {Promise<void>}
+     * @throws {Error} If computing key metadata or writing to storage fails
+     *
+     * @example
+     * const keys = await generateKeys();
+     * await setKeyBytes(keys.provingKey.toBytes(), { locator: 'transfer_private.prover' });
+     */
+    async setKeyBytes(keyBytes, locator) {
+        this.validateLocator(locator.locator);
+        // Compute the key metadata including fingerprint
+        const computedMetadata = await this.keyVerifier.computeKeyMetadata({
+            keyBytes: keyBytes,
+            locator: locator.locator,
+            fingerprint: locator.fingerprint,
+        });
+        // Write the key bytes and metadata atomically (key file under this.directory).
+        await this.writeFileAtomic(path.join(this.directory, locator.locator), keyBytes);
+        await this.writeKeyMetadata(locator.locator, computedMetadata);
+    }
+    /**
+     * Returns stored metadata for a key, if any.
+     *
+     * @param {string} locator The unique locator for the key.
+     * @returns {Promise<KeyFingerprint | null>} The stored fingerprint metadata for that locator, or null if none exists.
+     *
+     * @example
+     * const metadata = await getKeyMetadata('transfer_private.prover.421e5a5');
+     * if (metadata) {
+     *   // Use the stored metadata.
+     * }
+     */
+    async getKeyMetadata(locator) {
+        this.validateLocator(locator);
+        return this.readKeyMetadata(locator);
+    }
+    /**
+     * Checks if a key exists at the specified locator path.
+     *
+     * @param {string} locator - Unique identifier for the key location.
+     * @returns {Promise<boolean>} True if key exists at location, false otherwise.
+     *
+     * @example
+     * const exists = await has('transfer_private.prover.421e5a5');
+     * if (exists) {
+     *   // Key exists at location.
+     * } else {
+     *   // Key does not exist at location.
+     * }
+     */
+    async has(locator) {
+        this.validateLocator(locator);
+        const keyPath = path.join(this.directory, locator);
+        return await fs
+            .access(keyPath)
+            .then(() => true)
+            .catch(() => false);
+    }
+    /**
+     * Deletes a key and its associated metadata from storage. Silently ignores errors if files don't exist.
+     *
+     * @param {string} locator - Unique identifier for the key to delete.
+     * @returns {Promise<void>}
+     *
+     * @example
+     * await delete('transfer_private.prover.421e5a5');
+     */
+    async delete(locator) {
+        this.validateLocator(locator);
+        const p = path.join(this.directory, locator);
+        const m = this.metadataPath(locator);
+        await fs.unlink(p).catch(() => { });
+        await fs.unlink(m).catch(() => { });
+    }
+    /**
+     * Clears the key storage directory by recursively removing all files and subdirectories under it, then removes the keystore directory itself.
+     *
+     * @returns {Promise<void>}
+     * @throws {Error} If directory listing fails for reasons other than non-existence.
+     *
+     * @example
+     * await clear(); // Removes all files under the keystore directory.
+     */
+    async clear() {
+        await this.clearDirectory(this.directory);
+    }
+}
+export { InvalidLocatorError, LocalFileKeyStore, MemKeyVerifier };
 //# sourceMappingURL=node.js.map

package/dist/mainnet/node.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"node.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;"}
1	+ {"version":3,"file":"node.js","sources":["../../src/keys/keystore/file.ts"],"sourcesContent":["import * as fs from \"node:fs/promises\";\nimport * as fsSync from \"node:fs\";\nimport * as path from \"path\";\n\nimport { FunctionKeyPair } from \"../../models/keyPair.js\";\nimport { KeyFingerprint } from \"../verifier/interface.js\";\nimport { InvalidLocatorError } from \"./error.js\";\nimport { KeyLocator, KeyStore } from \"./interface.js\";\nimport { MemKeyVerifier } from \"../verifier/memory.js\";\nimport { ProvingKey, VerifyingKey } from \"../../wasm.js\";\n\nexport class LocalFileKeyStore implements KeyStore {\n private directory: string;\n private readonly keyVerifier = new MemKeyVerifier();\n\n /*\n Creates a new directory at the given path or CURRENTDIR/.aleo if none is provided to store keys.\n * If a custom directory is passed and its last path segment is not \".aleo\", \".aleo\" is appended\n * so keys are stored under that subdirectory (e.g. /home/project → /home/project/.aleo).\n \n @param {string} [directory] - Optional custom directory path for key storage. Defaults to \".aleo\" in current working directory.\n * @throws {Error} If directory creation fails.\n /\n constructor(directory?: string) {\n this.directory = directory ?? path.join(process.cwd(), \".aleo\");\n if (directory !== undefined && path.basename(this.directory) !== \".aleo\") {\n this.directory = path.join(this.directory, \".aleo\");\n }\n fsSync.mkdirSync(this.directory, { recursive: true });\n }\n\n /\n Validates that a locator is a safe filesystem identifier.\n \n @private\n * @param {string} locator - Unique identifier used to derive a metadata file path.\n * @throws {InvalidLocatorError} If the locator could cause path traversal.\n /\n private validateLocator(locator: string): void {\n // Reject empty and reserved names that could resolve to the directory or parent\n if (locator === \"\" \|\| locator === \".\" \|\| locator === \"..\") {\n throw new InvalidLocatorError(\n `Invalid locator: reserved or empty name \"${locator}\"`,\n locator,\n \"reserved_name\"\n );\n }\n\n // Explicitly block traversal attempts\n if (locator.includes(\"..\")) {\n throw new InvalidLocatorError(\n \"Invalid locator: path traversal detected\",\n locator,\n \"path_traversal\"\n );\n }\n\n // Block path separators and null byte\n if (locator.includes(\"/\") \|\| locator.includes(\"\\\\\") \|\| locator.includes(\"\\0\")) {\n throw new InvalidLocatorError(\n \"Invalid locator: path separator or null byte not allowed\",\n locator,\n \"path_separator\"\n );\n }\n }\n\n /\n Generates the path for a key metadata file based on the locator.\n \n @private\n * @param {string} locator - Unique identifier for the key.\n * @returns {string} Full filesystem path to the metadata file.\n /\n private metadataPath(locator: string): string {\n return path.join(this.directory, `${locator}.metadata`);\n }\n\n /\n Reads and parses the key fingerprint metadata from storage.\n \n @private\n * @param {string} locator - Unique identifier for the key.\n * @returns {Promise<KeyFingerprint \| null>} The key fingerprint if found, null if file doesn't exist.\n * @throws {Error} If file read fails for any reason other than not found.\n /\n private async readKeyMetadata(\n locator: string,\n ): Promise<KeyFingerprint \| null> {\n try {\n const data = await fs.readFile(this.metadataPath(locator), \"utf-8\");\n return JSON.parse(data) as KeyFingerprint;\n } catch (err: unknown) {\n if (\n err &&\n typeof err === \"object\" &&\n \"code\" in err &&\n err.code === \"ENOENT\"\n )\n return null;\n throw err;\n }\n }\n\n /\n Writes key fingerprint metadata to storage.\n \n @private\n * @param {string} locator - Unique identifier for the key.\n * @param {KeyFingerprint} metadata - Key fingerprint metadata to store.\n * @returns {Promise<void>}\n * @throws {Error} If directory creation or file write fails.\n /\n private async writeKeyMetadata(\n locator: string,\n metadata: KeyFingerprint,\n ): Promise<void> {\n await fs.mkdir(path.dirname(this.metadataPath(locator)), {\n recursive: true,\n });\n await fs.writeFile(\n this.metadataPath(locator),\n JSON.stringify(metadata, null, 0),\n \"utf-8\",\n );\n }\n\n private async readFileOptional(\n filepath: string,\n ): Promise<Uint8Array \| null> {\n try {\n const data = await fs.readFile(filepath);\n return new Uint8Array(data);\n } catch (err: any) {\n if (err.code === \"ENOENT\") return null;\n throw err;\n }\n }\n \n /\n Atomically writes data to a file, ensuring the parent directories exist.\n \n @private\n * @param {string} filepath - Full path to the file to write\n * @param {Uint8Array} data - Binary data to write to the file\n * @returns {Promise<void>} Resolves when write is complete\n * @throws {Error} If directory creation or file write fails\n /\n private async writeFileAtomic(\n filepath: string,\n data: Uint8Array,\n ): Promise<void> {\n const dir = path.dirname(filepath);\n await fs.mkdir(dir, { recursive: true });\n const tempPath = path.join(\n dir,\n `.${path.basename(filepath)}.${process.pid}.${Date.now()}.${Math.random().toString(16).slice(2)}.tmp`\n );\n await fs.writeFile(tempPath, data);\n try {\n await fs.rename(tempPath, filepath);\n } catch (err: unknown) {\n const code = err && typeof err === \"object\" && \"code\" in err ? (err as NodeJS.ErrnoException).code : undefined;\n // Windows often throws EEXIST when target exists; EPERM/EACCES happen with locks/AV.\n if (code === \"EEXIST\" \|\| code === \"EPERM\" \|\| code === \"EACCES\") {\n await fs.unlink(filepath).catch(() => {});\n try {\n await fs.rename(tempPath, filepath);\n } catch (err2) {\n await fs.unlink(tempPath).catch(() => {});\n throw err2;\n }\n } else {\n await fs.unlink(tempPath).catch(() => {});\n throw err;\n }\n }\n }\n\n /\n Recursively removes all files and subdirectories under the given directory, then removes the directory itself.\n * Uses fs.rm with recursive: true and force: true so that symbolic links are removed without following them,\n * avoiding deletion of content outside the keystore.\n \n @private\n * @param {string} dir - Directory path to clear\n * @returns {Promise<void>} Resolves when clearing is complete\n * @throws {Error} If directory removal fails for reasons other than non-existence\n /\n private async clearDirectory(dir: string): Promise<void> {\n try {\n await fs.rm(dir, { recursive: true, force: true });\n } catch (err: unknown) {\n const code = err && typeof err === \"object\" && \"code\" in err ? (err as NodeJS.ErrnoException).code : undefined;\n if (code === \"ENOENT\") {\n return;\n }\n throw err;\n }\n }\n\n // -------------------------------------------------------\n // KEYSTORE INTERFACE\n // -------------------------------------------------------\n\n /\n Retrieves the key bytes from storage and optionally verifies them against a fingerprint.\n \n @param {KeyLocator} locator - Object containing a locator string for the key + optional fingerprint for verification.\n * @returns {Promise<Uint8Array \| null>} The key bytes if found and verified (if fingerprint provided), null if not found.\n * @throws {KeyVerificationError} If fingerprint verification fails.\n * @example\n * const keyBytes = await getKeyBytes({\n * locator: 'transfer_private.prover.421e5a5',\n * fingerprint: { checksum: '421e5a52f01a1eeb068bbf56d15e19477ff7290e4b988d1013e15563f2b77801', size: 116746954 }\n * });\n * if (keyBytes) {\n * // Use the verified key bytes\n * }\n /\n async getKeyBytes(locator: KeyLocator): Promise<Uint8Array \| null> {\n this.validateLocator(locator.locator);\n // Attempt to read key bytes from storage (under this.directory).\n const keyBytes = await this.readFileOptional(path.join(this.directory, locator.locator));\n\n // If no key bytes were found, return null.\n if (!keyBytes) return null;\n\n // Use caller-provided fingerprint or metadata stored on disk for verification.\n const fingerprint =\n locator.fingerprint ?? (await this.getKeyMetadata(locator.locator));\n if (fingerprint) {\n await this.keyVerifier.verifyKeyBytes({\n keyBytes,\n locator: locator.locator,\n fingerprint,\n });\n }\n\n // Return the verified key bytes.\n return keyBytes;\n }\n\n /\n Retrieves and verifies a proving key from storage.\n \n @param {KeyLocator} locator - Object containing the proving key location and optional fingerprint.\n * @returns {Promise<ProvingKey \| null>} The proving key if found and verified, null if not found.\n * @throws {KeyVerificationError} If fingerprint verification fails.\n * @throws {Error} If key bytes cannot be parsed into a valid ProvingKey.\n \n @example\n * try {\n * const key = await getProvingKey({\n * locator: 'transfer_private.prover.421e5a5'\n * });\n * if (key) {\n * // Use the verified proving key\n * }\n * } catch (err) {\n * if (err instanceof KeyVerificationError) {\n * // Handle verification failure.\n * } else {\n * // Handle key parsing error.\n * }\n * }\n /\n async getProvingKey(locator: KeyLocator): Promise<ProvingKey \| null> {\n // Get the key bytes from storage.\n const proverBytes = await this.getKeyBytes(locator);\n if (!proverBytes) return null;\n\n // Attempt to parse the key bytes as a WASM ProvingKey (throws if invalid).\n return ProvingKey.fromBytes(proverBytes);\n }\n\n /\n Retrieves and verifies a verifying key from storage.\n \n @param {KeyLocator} locator - Object containing the verifying key location and optional fingerprint.\n * @returns {Promise<VerifyingKey \| null>} The verifying key if found and verified, null if not found.\n * @throws {KeyVerificationError} If fingerprint verification fails.\n * @throws {Error} If key bytes cannot be parsed into a valid VerifyingKey.\n \n @example\n * try {\n * const key = await getVerifyingKey({\n * locator: 'transfer_private.verifier.4ac2f71'\n * });\n * if (key) {\n * // Use the verified verifying key\n * }\n * } catch (err) {\n * if (err instanceof KeyVerificationError) {\n * // Handle verification failure.\n * } else {\n * // Handle key parsing error.\n * }\n * }\n /\n async getVerifyingKey(locator: KeyLocator): Promise<VerifyingKey \| null> {\n // Get the key bytes from storage.\n const verifierBytes = await this.getKeyBytes(locator);\n if (!verifierBytes) return null;\n\n // Attempt to parse the key bytes as a WASM VerifyingKey (throws if invalid).\n return VerifyingKey.fromBytes(verifierBytes);\n }\n\n /\n Stores proving and verifying keys in key storage.\n \n @param {KeyLocator} proverLocator The unique locator for the desired proving key.\n * @param {KeyLocator} verifierLocator The unique locator for the desired verifying key.\n * @param {FunctionKeyPair} keys The proving and verifying keys.\n \n @example\n * const keys = await generateKeys();\n * await setKeys(\n * { locator: 'transfer_private.prover' },\n * { locator: 'transfer_private.verifier' },\n * keys\n * );\n /\n async setKeys(\n proverLocator: KeyLocator,\n verifierLocator: KeyLocator,\n keys: FunctionKeyPair,\n ): Promise<void> {\n this.validateLocator(proverLocator.locator);\n this.validateLocator(verifierLocator.locator);\n // Convert the WASM keys to raw bytes.\n const [provingKey, verifyingKey] = keys;\n const [provingKeyBytes, verifyingKeyBytes] = [\n provingKey.toBytes(),\n verifyingKey.toBytes(),\n ];\n\n // Compute the fingerprints for the proving and verifying keys, verify against expected fingerprints if provided.\n const [proverFingerPrint, verifierFingerPrint] = await Promise.all([\n this.keyVerifier.computeKeyMetadata({\n keyBytes: provingKeyBytes,\n locator: proverLocator.locator,\n fingerprint: proverLocator.fingerprint,\n }),\n this.keyVerifier.computeKeyMetadata({\n keyBytes: verifyingKeyBytes,\n locator: verifierLocator.locator,\n fingerprint: verifierLocator.fingerprint,\n }),\n ]);\n\n // Write the proving and verifying key bytes and their metadata to storage (under this.directory).\n await this.writeFileAtomic(path.join(this.directory, proverLocator.locator), provingKeyBytes);\n await this.writeFileAtomic(path.join(this.directory, verifierLocator.locator), verifyingKeyBytes);\n await this.writeKeyMetadata(proverLocator.locator, proverFingerPrint);\n await this.writeKeyMetadata(\n verifierLocator.locator,\n verifierFingerPrint,\n );\n }\n\n /\n Store a raw proving or verifying key in storage along with its fingerprint metadata for future verification.\n \n @param {Uint8Array} keyBytes The raw proving and verifying key bytes.\n * @param {KeyLocator} locator The unique locator for the desired key pair.\n * @returns {Promise<void>}\n * @throws {Error} If computing key metadata or writing to storage fails\n \n @example\n * const keys = await generateKeys();\n * await setKeyBytes(keys.provingKey.toBytes(), { locator: 'transfer_private.prover' });\n /\n async setKeyBytes(keyBytes: Uint8Array, locator: KeyLocator): Promise<void> {\n this.validateLocator(locator.locator);\n // Compute the key metadata including fingerprint\n const computedMetadata = await this.keyVerifier.computeKeyMetadata({\n keyBytes: keyBytes,\n locator: locator.locator,\n fingerprint: locator.fingerprint,\n });\n\n // Write the key bytes and metadata atomically (key file under this.directory).\n await this.writeFileAtomic(path.join(this.directory, locator.locator), keyBytes);\n await this.writeKeyMetadata(locator.locator, computedMetadata);\n }\n\n /\n Returns stored metadata for a key, if any.\n \n @param {string} locator The unique locator for the key.\n * @returns {Promise<KeyFingerprint \| null>} The stored fingerprint metadata for that locator, or null if none exists.\n \n @example\n * const metadata = await getKeyMetadata('transfer_private.prover.421e5a5');\n * if (metadata) {\n * // Use the stored metadata.\n * }\n /\n async getKeyMetadata(locator: string): Promise<KeyFingerprint \| null> {\n this.validateLocator(locator);\n return this.readKeyMetadata(locator);\n }\n\n /\n Checks if a key exists at the specified locator path.\n \n @param {string} locator - Unique identifier for the key location.\n * @returns {Promise<boolean>} True if key exists at location, false otherwise.\n \n @example\n * const exists = await has('transfer_private.prover.421e5a5');\n * if (exists) {\n * // Key exists at location.\n * } else {\n * // Key does not exist at location.\n * }\n /\n async has(locator: string): Promise<boolean> {\n this.validateLocator(locator);\n const keyPath = path.join(this.directory, locator);\n return await fs\n .access(keyPath)\n .then(() => true)\n .catch(() => false);\n }\n\n /\n Deletes a key and its associated metadata from storage. Silently ignores errors if files don't exist.\n \n @param {string} locator - Unique identifier for the key to delete.\n * @returns {Promise<void>}\n \n @example\n * await delete('transfer_private.prover.421e5a5');\n /\n async delete(locator: string): Promise<void> {\n this.validateLocator(locator);\n const p = path.join(this.directory, locator);\n const m = this.metadataPath(locator);\n\n await fs.unlink(p).catch(() => {});\n await fs.unlink(m).catch(() => {});\n }\n\n /\n Clears the key storage directory by recursively removing all files and subdirectories under it, then removes the keystore directory itself.\n \n @returns {Promise<void>}\n * @throws {Error} If directory listing fails for reasons other than non-existence.\n \n @example\n * await clear(); // Removes all files under the keystore directory.\n */\n async clear(): Promise<void> {\n await this.clearDirectory(this.directory);\n }\n}"],"names":["fsSync"],"mappings":";;;;;;;;;;;;;;;;;MAWa,iBAAiB,CAAA;AAClB,IAAA,SAAS;AACA,IAAA,WAAW,GAAG,IAAI,cAAc,EAAE;AAEnD;;;;;;;AAOG;AACH,IAAA,WAAA,CAAY,SAAkB,EAAA;AAC1B,QAAA,IAAI,CAAC,SAAS,GAAG,SAAS,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,OAAO,CAAC;AAC/D,QAAA,IAAI,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,OAAO,EAAE;AACtE,YAAA,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC;QACvD;AACA,QAAAA,GAAM,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IACzD;AAEA;;;;;;AAMG;AACK,IAAA,eAAe,CAAC,OAAe,EAAA;;AAEnC,QAAA,IAAI,OAAO,KAAK,EAAE,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,IAAI,EAAE;YACvD,MAAM,IAAI,mBAAmB,CACzB,CAAA,yCAAA,EAA4C,OAAO,CAAA,CAAA,CAAG,EACtD,OAAO,EACP,eAAe,CAClB;QACL;;AAGA,QAAA,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE;YACxB,MAAM,IAAI,mBAAmB,CACzB,0CAA0C,EAC1C,OAAO,EACP,gBAAgB,CACnB;QACL;;QAGA,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE;YAC3E,MAAM,IAAI,mBAAmB,CACzB,0DAA0D,EAC1D,OAAO,EACP,gBAAgB,CACnB;QACL;IACJ;AAEA;;;;;;AAMG;AACK,IAAA,YAAY,CAAC,OAAe,EAAA;AAChC,QAAA,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAA,EAAG,OAAO,CAAA,SAAA,CAAW,CAAC;IAC3D;AAEA;;;;;;;AAOG;IACK,MAAM,eAAe,CACzB,OAAe,EAAA;AAEf,QAAA,IAAI;AACA,YAAA,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC;AACnE,YAAA,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB;QAC7C;QAAE,OAAO,GAAY,EAAE;AACnB,YAAA,IACI,GAAG;gBACH,OAAO,GAAG,KAAK,QAAQ;AACvB,gBAAA,MAAM,IAAI,GAAG;gBACb,GAAG,CAAC,IAAI,KAAK,QAAQ;AAErB,gBAAA,OAAO,IAAI;AACf,YAAA,MAAM,GAAG;QACb;IACJ;AAEA;;;;;;;;AAQG;AACK,IAAA,MAAM,gBAAgB,CAC1B,OAAe,EACf,QAAwB,EAAA;AAExB,QAAA,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,EAAE;AACrD,YAAA,SAAS,EAAE,IAAI;AAClB,SAAA,CAAC;QACF,MAAM,EAAE,CAAC,SAAS,CACd,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,EAC1B,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EACjC,OAAO,CACV;IACL;IAEQ,MAAM,gBAAgB,CAC1B,QAAgB,EAAA;AAEhB,QAAA,IAAI;YACA,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;AACxC,YAAA,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC;QAC/B;QAAE,OAAO,GAAQ,EAAE;AACf,YAAA,IAAI,GAAG,CAAC,IAAI,KAAK,QAAQ;AAAE,gBAAA,OAAO,IAAI;AACtC,YAAA,MAAM,GAAG;QACb;IACJ;AAEA;;;;;;;;AAQG;AACK,IAAA,MAAM,eAAe,CACzB,QAAgB,EAChB,IAAgB,EAAA;QAEhB,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC;AAClC,QAAA,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AACxC,QAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CACtB,GAAG,EACH,CAAA,CAAA,EAAI,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA,CAAA,EAAI,OAAO,CAAC,GAAG,CAAA,CAAA,EAAI,IAAI,CAAC,GAAG,EAAE,CAAA,CAAA,EAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA,IAAA,CAAM,CACxG;QACD,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC;AAClC,QAAA,IAAI;YACA,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC;QACvC;QAAE,OAAO,GAAY,EAAE;YACnB,MAAM,IAAI,GAAG,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,MAAM,IAAI,GAAG,GAAI,GAA6B,CAAC,IAAI,GAAG,SAAS;;AAE9G,YAAA,IAAI,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,QAAQ,EAAE;AAC5D,gBAAA,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,MAAK,EAAE,CAAC,CAAC;AACzC,gBAAA,IAAI;oBACA,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,EAAE,QAAQ,CAAC;gBACvC;gBAAE,OAAO,IAAI,EAAE;AACX,oBAAA,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,MAAK,EAAE,CAAC,CAAC;AACzC,oBAAA,MAAM,IAAI;gBACd;YACJ;iBAAO;AACH,gBAAA,MAAM,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,KAAK,CAAC,MAAK,EAAE,CAAC,CAAC;AACzC,gBAAA,MAAM,GAAG;YACb;QACJ;IACJ;AAEA;;;;;;;;;AASG;IACK,MAAM,cAAc,CAAC,GAAW,EAAA;AACpC,QAAA,IAAI;AACA,YAAA,MAAM,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QACtD;QAAE,OAAO,GAAY,EAAE;YACnB,MAAM,IAAI,GAAG,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,MAAM,IAAI,GAAG,GAAI,GAA6B,CAAC,IAAI,GAAG,SAAS;AAC9G,YAAA,IAAI,IAAI,KAAK,QAAQ,EAAE;gBACnB;YACJ;AACA,YAAA,MAAM,GAAG;QACb;IACJ;;;;AAMA;;;;;;;;;;;;;;AAcG;IACH,MAAM,WAAW,CAAC,OAAmB,EAAA;AACjC,QAAA,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC;;QAErC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;;AAGxF,QAAA,IAAI,CAAC,QAAQ;AAAE,YAAA,OAAO,IAAI;;AAG1B,QAAA,MAAM,WAAW,GACb,OAAO,CAAC,WAAW,KAAK,MAAM,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,WAAW,EAAE;AACb,YAAA,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC;gBAClC,QAAQ;gBACR,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,WAAW;AACd,aAAA,CAAC;QACN;;AAGA,QAAA,OAAO,QAAQ;IACnB;AAEA;;;;;;;;;;;;;;;;;;;;;;;AAuBG;IACH,MAAM,aAAa,CAAC,OAAmB,EAAA;;QAEnC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC;AACnD,QAAA,IAAI,CAAC,WAAW;AAAE,YAAA,OAAO,IAAI;;AAG7B,QAAA,OAAO,UAAU,CAAC,SAAS,CAAC,WAAW,CAAC;IAC5C;AAEA;;;;;;;;;;;;;;;;;;;;;;;AAuBG;IACH,MAAM,eAAe,CAAC,OAAmB,EAAA;;QAErC,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC;AACrD,QAAA,IAAI,CAAC,aAAa;AAAE,YAAA,OAAO,IAAI;;AAG/B,QAAA,OAAO,YAAY,CAAC,SAAS,CAAC,aAAa,CAAC;IAChD;AAEA;;;;;;;;;;;;;;AAcG;AACH,IAAA,MAAM,OAAO,CACT,aAAyB,EACzB,eAA2B,EAC3B,IAAqB,EAAA;AAErB,QAAA,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,OAAO,CAAC;AAC3C,QAAA,IAAI,CAAC,eAAe,CAAC,eAAe,CAAC,OAAO,CAAC;;AAE7C,QAAA,MAAM,CAAC,UAAU,EAAE,YAAY,CAAC,GAAG,IAAI;AACvC,QAAA,MAAM,CAAC,eAAe,EAAE,iBAAiB,CAAC,GAAG;YACzC,UAAU,CAAC,OAAO,EAAE;YACpB,YAAY,CAAC,OAAO,EAAE;SACzB;;QAGD,MAAM,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;AAC/D,YAAA,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC;AAChC,gBAAA,QAAQ,EAAE,eAAe;gBACzB,OAAO,EAAE,aAAa,CAAC,OAAO;gBAC9B,WAAW,EAAE,aAAa,CAAC,WAAW;aACzC,CAAC;AACF,YAAA,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC;AAChC,gBAAA,QAAQ,EAAE,iBAAiB;gBAC3B,OAAO,EAAE,eAAe,CAAC,OAAO;gBAChC,WAAW,EAAE,eAAe,CAAC,WAAW;aAC3C,CAAC;AACL,SAAA,CAAC;;AAGF,QAAA,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,eAAe,CAAC;AAC7F,QAAA,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,eAAe,CAAC,OAAO,CAAC,EAAE,iBAAiB,CAAC;QACjG,MAAM,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,OAAO,EAAE,iBAAiB,CAAC;QACrE,MAAM,IAAI,CAAC,gBAAgB,CACvB,eAAe,CAAC,OAAO,EACvB,mBAAmB,CACtB;IACL;AAEA;;;;;;;;;;;AAWG;AACH,IAAA,MAAM,WAAW,CAAC,QAAoB,EAAE,OAAmB,EAAA;AACvD,QAAA,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,OAAO,CAAC;;QAErC,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC;AAC/D,YAAA,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,WAAW,EAAE,OAAO,CAAC,WAAW;AACnC,SAAA,CAAC;;AAGF,QAAA,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,OAAO,CAAC,EAAE,QAAQ,CAAC;QAChF,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,OAAO,EAAE,gBAAgB,CAAC;IAClE;AAEA;;;;;;;;;;;AAWG;IACH,MAAM,cAAc,CAAC,OAAe,EAAA;AAChC,QAAA,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;AAC7B,QAAA,OAAO,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;IACxC;AAEA;;;;;;;;;;;;;AAaG;IACH,MAAM,GAAG,CAAC,OAAe,EAAA;AACrB,QAAA,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;AAC7B,QAAA,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC;AAClD,QAAA,OAAO,MAAM;aACR,MAAM,CAAC,OAAO;AACd,aAAA,IAAI,CAAC,MAAM,IAAI;AACf,aAAA,KAAK,CAAC,MAAM,KAAK,CAAC;IAC3B;AAEA;;;;;;;;AAQG;IACH,MAAM,MAAM,CAAC,OAAe,EAAA;AACxB,QAAA,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC;AAC7B,QAAA,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC;QAC5C,MAAM,CAAC,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC;AAEpC,QAAA,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAK,EAAE,CAAC,CAAC;AAClC,QAAA,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAK,EAAE,CAAC,CAAC;IACtC;AAEA;;;;;;;;AAQG;AACH,IAAA,MAAM,KAAK,GAAA;QACP,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC;IAC7C;AACH;;;;"}

package/dist/mainnet/program-manager.d.ts CHANGED Viewed

@@ -3,7 +3,8 @@ import { AleoNetworkClient, AleoNetworkClientOptions, ProgramImports } from "./n
 import { ImportedPrograms, ImportedVerifyingKeys } from "./models/imports.js";
 import { RecordProvider } from "./record-provider.js";
 import { RecordSearchParams } from "./models/record-provider/recordSearchParams.js";
-import { FunctionKeyPair, FunctionKeyProvider, KeySearchParams } from "./function-key-provider.js";
+import { FunctionKeyProvider, KeySearchParams } from "./keys/provider/interface.js";
+import { FunctionKeyPair } from "./models/keyPair.js";
 import { Authorization, ExecutionResponse, OfflineQuery, RecordPlaintext, PrivateKey, Program, ProvingKey, ProvingRequest, VerifyingKey, Transaction } from "./wasm.js";
 /**
  * Represents the options for deploying and upgrading a transaction in the Aleo network.

package/dist/mainnet/record-scanner.d.ts CHANGED Viewed

@@ -6,6 +6,7 @@ import { RecordProvider } from "./record-provider";
 import { Field, ViewKey } from "./wasm";
 import { RecordsFilter } from "./models/record-scanner/recordsFilter";
 import { RegisterResult } from "./models/record-scanner/registrationResult.js";
+import { RevokeResult } from "./models/record-scanner/revokeResult.js";
 import { TagsResult } from "./models/record-scanner/tagsResult.js";
 import { SerialNumbersResult } from "./models/record-scanner/serialNumbersResult.js";
 import { StatusResult } from "./models/record-scanner/statusResult.js";
@@ -218,6 +219,21 @@ declare class RecordScanner implements RecordProvider {
      * @returns {Promise<RegisterResult>} `{ ok: true, data }` on success, or `{ ok: false, status, error }` on failure.
      */
     registerEncrypted(viewKey: ViewKey, startBlock: number): Promise<RegisterResult>;
+    /**
+     * Remove all local scanner state associated with the given UUID (stored uuid, viewKeys entry, account if it matches).
+     * Called after a successful revoke so the scanner does not retain view keys or account for a revoked registration.
+     */
+    private clearLocalStateForUuid;
+    /**
+     * Revoke the account registration with the record scanning service (POST /revoke). On success, also removes
+     * all local state for that UUID: the stored UUID (if it matches), the view key for that UUID, and the
+     * account (if its view key corresponds to that UUID).
+     *
+     * @param {string | Field | undefined} uuid The UUID to revoke. If omitted, uses the UUID configured on the scanner.
+     * @returns {Promise<RevokeResult>} `{ ok: true, data: { status } }` on success, or `{ ok: false, status, error }` on failure.
+     * @throws {UUIDError} When no UUID is configured and none provided, or when the UUID string is invalid.
+     */
+    revoke(uuid?: string | Field): Promise<RevokeResult>;
     /**
      * Get encrypted records from the record scanning service. This is a safe variant of /records/encrypted that returns
      * a result instead of throwing on HTTP error.

package/dist/testnet/browser.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@ import "./polyfill/shared.js";
 import { Account } from "./account.js";
 import { AleoNetworkClient, ProgramImports } from "./network-client.js";
 import { BlockJSON, Header, Metadata } from "./models/blockJSON.js";
+import { CachedKeyPair, FunctionKeyPair } from "./models/keyPair.js";
 import { ConfirmedTransactionJSON } from "./models/confirmed_transaction.js";
 import { CryptoBoxPubKey } from "./models/cryptoBoxPubkey.js";
 import { DeploymentJSON, VerifyingKeys } from "./models/deployment/deploymentJSON.js";
@@ -36,6 +37,7 @@ import { OwnedRecordsResponseFilter } from "./models/record-scanner/ownedRecords
 import { RegisterResult, RegisterSuccess } from "./models/record-scanner/registrationResult.js";
 import { RegistrationRequest } from "./models/record-scanner/registrationRequest.js";
 import { RegistrationResponse } from "./models/record-scanner/registrationResponse.js";
+import { RevokeResult, RevokeSuccess, RevokeResponse } from "./models/record-scanner/revokeResult.js";
 import { RecordsFilter } from "./models/record-scanner/recordsFilter.js";
 import { RecordsResponseFilter } from "./models/record-scanner/recordsResponseFilter.js";
 import { SerialNumbersResult, SerialNumbersSuccess } from "./models/record-scanner/serialNumbersResult.js";
@@ -48,8 +50,12 @@ import { TransactionJSON } from "./models/transaction/transactionJSON.js";
 import { TransactionObject } from "./models/transaction/transactionObject.js";
 import { TransitionJSON } from "./models/transition/transitionJSON.js";
 import { TransitionObject } from "./models/transition/transitionObject.js";
-import { AleoKeyProvider, AleoKeyProviderParams, AleoKeyProviderInitParams, CachedKeyPair, FunctionKeyPair, FunctionKeyProvider, KeySearchParams } from "./function-key-provider.js";
-import { OfflineKeyProvider, OfflineSearchParams } from "./offline-key-provider.js";
+import { FunctionKeyProvider, KeySearchParams } from "./keys/provider/interface.js";
+import { AleoKeyProvider, AleoKeyProviderParams, AleoKeyProviderInitParams } from "./keys/provider/memory.js";
+import { KeyFingerprint, KeyMetadata, KeyVerificationError, KeyVerifier, sha256Hex } from "./keys/verifier/interface.js";
+import { MemKeyVerifier } from "./keys/verifier/memory.js";
+import { InvalidLocatorError, InvalidLocatorReason, KeyLocator, KeyStore } from "./keys/keystore/interface.js";
+import { OfflineKeyProvider, OfflineSearchParams } from "./keys/provider/offline.js";
 import { BlockHeightSearch, NetworkRecordProvider, RecordProvider } from "./record-provider.js";
 import { RecordScanner, RecordScannerJWTData, RecordScannerOptions } from "./record-scanner.js";
 import { SealanceMerkleTree } from "./integrations/sealance/merkle-tree.js";
@@ -59,5 +65,6 @@ export { logAndThrow } from "./utils.js";
 export { Address, Authorization, Boolean, BHP256, BHP512, BHP768, BHP1024, Ciphertext, ComputeKey, Execution as FunctionExecution, ExecutionRequest, ExecutionResponse, EncryptionToolkit, Field, GraphKey, Group, I8, I16, I32, I64, I128, OfflineQuery, Pedersen64, Pedersen128, Plaintext, Poseidon2, Poseidon4, Poseidon8, PrivateKey, PrivateKeyCiphertext, Program, ProgramManager as ProgramManagerBase, ProvingKey, ProvingRequest, RecordCiphertext, RecordPlaintext, Signature, Scalar, Transaction, Transition, U8, U16, U32, U64, U128, VerifyingKey, ViewKey, initThreadPool, getOrInitConsensusVersionTestHeights, verifyFunctionExecution, } from "./wasm.js";
 export { initializeWasm };
 export { Key, CREDITS_PROGRAM_KEYS, KEY_STORE, PRIVATE_TRANSFER, PRIVATE_TO_PUBLIC_TRANSFER, PRIVATE_TRANSFER_TYPES, PUBLIC_TRANSFER, PUBLIC_TRANSFER_AS_SIGNER, PUBLIC_TO_PRIVATE_TRANSFER, RECORD_DOMAIN, VALID_TRANSFER_TYPES, } from "./constants.js";
-export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoKeyProviderInitParams, AleoNetworkClient, BlockJSON, BlockHeightSearch, BroadcastResponse, BroadcastResult, CachedKeyPair, ConfirmedTransactionJSON, CryptoBoxPubKey, DeploymentJSON, DeploymentObject, EncryptedProvingRequest, EncryptedRecord, EncryptedRegistrationRequest, EncryptedRecordsResult, EncryptedRecordsSuccess, ExecutionJSON, ExecutionObject, FeeExecutionJSON, FeeExecutionObject, FinalizeJSON, FunctionInput, FunctionObject, FunctionKeyPair, FunctionKeyProvider, Header, isProvingResponse, isProveApiErrorBody, ImportedPrograms, ImportedVerifyingKeys, InputJSON, InputObject, KeySearchParams, Metadata, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, OutputJSON, OutputObject, OwnedFilter, OwnedRecord, OwnedRecordsResult, OwnedRecordsResponseFilter, OwnedRecordsSuccess, OwnerJSON, PartialSolutionJSON, PlaintextArray, PlaintextLiteral, PlaintextObject, PlaintextStruct, ProgramImports, ProveApiErrorBody, ProvingFailure, ProvingRequestError, ProvingRequestJSON, ProvingResult, ProvingSuccess, ProvingResponse, RatificationJSON, RecordsFilter, RecordsResponseFilter, RecordProvider, RecordScanner, RecordScannerErrorBody, RecordScannerFailure, RecordScannerJWTData, RecordScannerOptions, DecryptionNotEnabledError, RecordNotFoundError, RecordScannerRequestError, ViewKeyNotStoredError, RecordSearchParams, RegisterResult, RegisterSuccess, RegistrationRequest, RegistrationResponse, SealanceMerkleTree, SerialNumbersResult, SerialNumbersSuccess, SolutionJSON, SolutionsJSON, StatusResponse, StatusResult, StatusSuccess, TagsResult, TagsSuccess, TransactionJSON, TransactionObject, TransitionJSON, TransitionObject, UUIDError, VerifyingKeys, };
+export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoKeyProviderInitParams, AleoNetworkClient, BlockJSON, BlockHeightSearch, BroadcastResponse, BroadcastResult, CachedKeyPair, ConfirmedTransactionJSON, CryptoBoxPubKey, DeploymentJSON, DeploymentObject, EncryptedProvingRequest, EncryptedRecord, EncryptedRegistrationRequest, EncryptedRecordsResult, EncryptedRecordsSuccess, ExecutionJSON, ExecutionObject, FeeExecutionJSON, FeeExecutionObject, FinalizeJSON, FunctionInput, FunctionObject, FunctionKeyPair, FunctionKeyProvider, Header, isProvingResponse, isProveApiErrorBody, ImportedPrograms, ImportedVerifyingKeys, InputJSON, InputObject, InvalidLocatorError, InvalidLocatorReason, KeyFingerprint, KeyLocator, KeyMetadata, KeyStore, KeyVerificationError, KeyVerifier, MemKeyVerifier, KeySearchParams, Metadata, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, OutputJSON, OutputObject, OwnedFilter, OwnedRecord, OwnedRecordsResult, OwnedRecordsResponseFilter, OwnedRecordsSuccess, OwnerJSON, PartialSolutionJSON, PlaintextArray, PlaintextLiteral, PlaintextObject, PlaintextStruct, ProgramImports, ProveApiErrorBody, ProvingFailure, ProvingRequestError, ProvingRequestJSON, ProvingResult, ProvingSuccess, ProvingResponse, RatificationJSON, RecordsFilter, RecordsResponseFilter, RecordProvider, RecordScanner, RecordScannerErrorBody, RecordScannerFailure, RecordScannerJWTData, RecordScannerOptions, DecryptionNotEnabledError, RecordNotFoundError, RecordScannerRequestError, ViewKeyNotStoredError, RecordSearchParams, RegisterResult, RegisterSuccess, RegistrationRequest, RegistrationResponse, RevokeResult, RevokeSuccess, RevokeResponse, SealanceMerkleTree, SerialNumbersResult, SerialNumbersSuccess, sha256Hex, SolutionJSON, SolutionsJSON, StatusResponse, StatusResult, StatusSuccess, TagsResult, TagsSuccess, TransactionJSON, TransactionObject, TransitionJSON, TransitionObject, UUIDError, VerifyingKeys, };
+export { KeyVerificationError as ChecksumMismatchError, KeyVerifier as FunctionKeyVerifier, } from "./keys/verifier/interface.js";
 export { encryptAuthorization, encryptProvingRequest, encryptViewKey, encryptRegistrationRequest } from "./security.js";