@provablehq/sdk 0.9.16 → 0.9.17

package/dist/testnet/browser.js

@@ -713,7 +713,7 @@ class AleoNetworkClient {
             else {
                 this.headers = {
                     // This is replaced by the actual version by a Rollup plugin
-                    "X-Aleo-SDK-Version": "0.9.16",
+                    "X-Aleo-SDK-Version": "0.9.17",
                     "X-Aleo-environment": environment(),
                 };
             }
@@ -729,7 +729,7 @@ class AleoNetworkClient {
         else {
             this.headers = {
                 // This is replaced by the actual version by a Rollup plugin
-                "X-Aleo-SDK-Version": "0.9.16",
+                "X-Aleo-SDK-Version": "0.9.17",
                 "X-Aleo-environment": environment(),
             };
         }
@@ -2420,13 +2420,13 @@ class RecordNotFoundError extends Error {
         Object.setPrototypeOf(this, RecordNotFoundError.prototype);
     }
 }
-/** Error thrown when a record scanner request fails due to an invalid response. */
+/** Error thrown when no UUID is configured, the UUID is invalid, or a record scanner request fails due to an invalid UUID/response. */
 class UUIDError extends Error {
     uuid;
     filter;
     constructor(message, uuid, filter) {
         super(message);
-        this.name = "InvalidResponseError";
+        this.name = "UUIDError";
         this.uuid = uuid;
         this.filter = filter;
         Object.setPrototypeOf(this, UUIDError.prototype);
@@ -2458,8 +2458,8 @@ class AleoKeyProviderParams {
     }
 }
 /**
- * AleoKeyProvider class. Implements the KeyProvider interface. Enables the retrieval of Aleo program proving and
- * verifying keys for the credits.aleo program over http from official Aleo sources and storing and retrieving function
+ * AleoKeyProvider class. Implements the FunctionKeyProvider interface. Enables the retrieval of Aleo program proving and
+ * verifying keys for the credits.aleo program over HTTP from official Aleo sources and storing and retrieving function
  * keys from a local memory cache.
  */
 class AleoKeyProvider {
@@ -2481,6 +2481,9 @@ class AleoKeyProvider {
         this.cache = new Map();
         this.cacheOption = false;
     }
+    async keyStore() {
+        return undefined;
+    }
     /**
      * Use local memory to store keys
      *
@@ -2533,8 +2536,11 @@ class AleoKeyProvider {
     getKeys(keyId) {
         console.debug(`Checking if key exists in cache. KeyId: ${keyId}`);
         if (this.cache.has(keyId)) {
-            const [provingKeyBytes, verifyingKeyBytes] = this.cache.get(keyId);
-            return [ProvingKey.fromBytes(provingKeyBytes), VerifyingKey.fromBytes(verifyingKeyBytes)];
+            const [provingKeyBytes, verifyingKeyBytes] = (this.cache.get(keyId));
+            return [
+                ProvingKey.fromBytes(provingKeyBytes),
+                VerifyingKey.fromBytes(verifyingKeyBytes),
+            ];
         }
         else {
             throw new Error("Key not found in cache.");
@@ -2566,13 +2572,15 @@ class AleoKeyProvider {
             let verifierUrl;
             let cacheKey;
             if ("name" in params && typeof params["name"] == "string") {
-                let key = CREDITS_PROGRAM_KEYS.getKey(params["name"]);
+                const key = CREDITS_PROGRAM_KEYS.getKey(params["name"]);
                 return this.fetchCreditsKeys(key);
             }
-            if ("proverUri" in params && typeof params["proverUri"] == "string") {
+            if ("proverUri" in params &&
+                typeof params["proverUri"] == "string") {
                 proverUrl = params["proverUri"];
             }
-            if ("verifierUri" in params && typeof params["verifierUri"] == "string") {
+            if ("verifierUri" in params &&
+                typeof params["verifierUri"] == "string") {
                 verifierUrl = params["verifierUri"];
             }
             if ("cacheKey" in params && typeof params["cacheKey"] == "string") {
@@ -2621,20 +2629,26 @@ class AleoKeyProvider {
                 }
                 const value = this.cache.get(cacheKey);
                 if (typeof value !== "undefined") {
-                    return [ProvingKey.fromBytes(value[0]), VerifyingKey.fromBytes(value[1])];
+                    return [
+                        ProvingKey.fromBytes(value[0]),
+                        VerifyingKey.fromBytes(value[1]),
+                    ];
                 }
                 else {
                     console.debug("Fetching proving keys from url " + proverUrl);
-                    const provingKey = ProvingKey.fromBytes(await this.fetchBytes(proverUrl));
+                    const provingKey = (ProvingKey.fromBytes(await this.fetchBytes(proverUrl)));
                     console.debug("Fetching verifying keys " + verifierUrl);
                     const verifyingKey = (await this.getVerifyingKey(verifierUrl));
-                    this.cache.set(cacheKey, [provingKey.toBytes(), verifyingKey.toBytes()]);
+                    this.cache.set(cacheKey, [
+                        provingKey.toBytes(),
+                        verifyingKey.toBytes(),
+                    ]);
                     return [provingKey, verifyingKey];
                 }
             }
             else {
                 // If cache is disabled, fetch the keys and return them
-                const provingKey = ProvingKey.fromBytes(await this.fetchBytes(proverUrl));
+                const provingKey = (ProvingKey.fromBytes(await this.fetchBytes(proverUrl)));
                 const verifyingKey = (await this.getVerifyingKey(verifierUrl));
                 return [provingKey, verifyingKey];
             }
@@ -2664,12 +2678,12 @@ class AleoKeyProvider {
                 }
                 else {
                     console.debug("Fetching proving keys from url " + proverUrl);
-                    const provingKey = ProvingKey.fromBytes(await this.fetchBytes(proverUrl));
+                    const provingKey = (ProvingKey.fromBytes(await this.fetchBytes(proverUrl)));
                     return provingKey;
                 }
             }
             else {
-                const provingKey = ProvingKey.fromBytes(await this.fetchBytes(proverUrl));
+                const provingKey = (ProvingKey.fromBytes(await this.fetchBytes(proverUrl)));
                 return provingKey;
             }
         }
@@ -2681,7 +2695,7 @@ class AleoKeyProvider {
         try {
             if (!this.cache.has(key.locator) || !this.cacheOption) {
                 const verifying_key = key.verifyingKey();
-                const proving_key = await this.fetchProvingKey(key.prover, key.locator);
+                const proving_key = (await this.fetchProvingKey(key.prover, key.locator));
                 if (this.cacheOption) {
                     this.cache.set(CREDITS_PROGRAM_KEYS.getKey(key.name).locator, [proving_key.toBytes(), verifying_key.toBytes()]);
                 }
@@ -2689,7 +2703,10 @@ class AleoKeyProvider {
             }
             else {
                 const keyPair = this.cache.get(key.locator);
-                return [ProvingKey.fromBytes(keyPair[0]), VerifyingKey.fromBytes(keyPair[1])];
+                return [
+                    ProvingKey.fromBytes(keyPair[0]),
+                    VerifyingKey.fromBytes(keyPair[1]),
+                ];
             }
         }
         catch (error) {
@@ -2839,7 +2856,7 @@ class AleoKeyProvider {
                 catch (e) {
                     /// If that fails, try to fetch the verifying key from the network as bytes
                     try {
-                        return VerifyingKey.fromBytes(await this.fetchBytes(verifierUri));
+                        return (VerifyingKey.fromBytes(await this.fetchBytes(verifierUri)));
                     }
                     catch (inner) {
                         throw new Error("Invalid verifying key. Error: " + inner.message);
@@ -2852,6 +2869,156 @@ class AleoKeyProvider {
     }
 }
 
+/**
+ * Error thrown when there is a mismatch between expected and actual key metadata.
+ * This can occur during verification of either the checksum or size of a key.
+ *
+ * @extends Error
+ */
+class KeyVerificationError extends Error {
+    locator;
+    field;
+    expected;
+    actual;
+    /**
+     * Creates a new KeyVerificationError instance (error.name is "ChecksumMismatchError").
+     *
+     * @param {string} locator - The key locator where the mismatch occurred.
+     * @param {"checksum" | "size"} field - The field that failed verification (either "checksum" or "size").
+     * @param {string} expected - The expected value of the field.
+     * @param {string} actual - The actual value encountered.
+     */
+    constructor(locator, field, expected, actual) {
+        super(`Key verification ${locator} ${field} mismatch: expected ${expected}, got ${actual}`);
+        this.locator = locator;
+        this.field = field;
+        this.expected = expected;
+        this.actual = actual;
+        this.name = "ChecksumMismatchError";
+        Object.setPrototypeOf(this, KeyVerificationError.prototype);
+    }
+}
+/**
+ * Computes the SHA-256 checksum of a given set of bytes.
+ *
+ * @param {Uint8Array} bytes - The bytes to compute the checksum of.
+ */
+async function sha256Hex(bytes) {
+    const hash = await crypto.subtle.digest("SHA-256", bytes);
+    return Array.from(new Uint8Array(hash))
+        .map((b) => b.toString(16).padStart(2, "0"))
+        .join("");
+}
+
+/**
+ * In-memory implementation of KeyVerifier that stores and verifies key fingerprints.
+ * Provides functionality to compute and verify cryptographic checksums of keys, storing them
+ * in memory for subsequent verification. This implementation is primarily used for testing
+ * and development purposes where persistence is not required.
+ *
+ * Key features:
+ * - Computes SHA-256 checksums and sizes for key bytes.
+ * - Stores key fingerprints in memory using string locators.
+ * - Verifies key bytes against stored or provided fingerprints.
+ *
+ * @implements {KeyVerifier}
+ */
+class MemKeyVerifier {
+    keyStore = {};
+    /**
+     * Computes and optionally stores key metadata. If a keyFingerprint is provided, this function will verify the computed checksum against it before storing it.
+     *
+     * @param {KeyMetadata} keyMetadata - Object containing key bytes and optional verification data.
+     * @throws {KeyVerificationError} When provided keyFingerprint doesn't match computed values.
+     * @returns {Promise<KeyFingerprint>} Computed key metadata.
+     */
+    async computeKeyMetadata(keyMetadata) {
+        // Compute the metadata from the key bytes
+        const computedFingerprint = {
+            checksum: await sha256Hex(keyMetadata.keyBytes),
+            size: keyMetadata.keyBytes.length
+        };
+        // If a KeyFingerprint is provided, verify it matches computed values.
+        if (keyMetadata.fingerprint) {
+            if (keyMetadata.fingerprint.size !== computedFingerprint.size) {
+                throw new KeyVerificationError(keyMetadata.locator ? keyMetadata.locator : "", "size", String(keyMetadata.fingerprint.size), String(computedFingerprint.size));
+            }
+            if (keyMetadata.fingerprint.checksum !== computedFingerprint.checksum) {
+                throw new KeyVerificationError(keyMetadata.locator ? keyMetadata.locator : "", "checksum", keyMetadata.fingerprint.checksum, computedFingerprint.checksum);
+            }
+        }
+        // If locator is provided, store only the fingerprint
+        if (keyMetadata.locator) {
+            this.keyStore[keyMetadata.locator] = computedFingerprint;
+        }
+        return computedFingerprint;
+    }
+    /**
+     * Verifies key bytes against stored or provided metadata. Follows a priority verification scheme:
+     * 1. If KeyFingerprint is provided in the metadata, this method verifies against that first.
+     * 2. If a locator is provided, attempts to verify against stored fingerprint.
+     * 3. If neither is available, throws an error.
+     *
+     * @param {KeyMetadata} keyMetadata - Object containing the key bytes and optional verification metadata.
+     * @throws {Error} When neither fingerprint nor valid locator is provided for verification.
+     * @throws {KeyVerificationError} When size or checksum verification fails.
+     * @returns {Promise<void>} Promise that resolves when verification succeeds.
+     */
+    async verifyKeyBytes(keyMetadata) {
+        if (!keyMetadata.keyBytes) {
+            throw new Error("Key bytes must be provided for verification.");
+        }
+        // Compute the fingerprint for the provided bytes.
+        const computedFingerprint = await this.computeKeyMetadata({
+            keyBytes: keyMetadata.keyBytes
+        });
+        // Determine which fingerprint to verify against.
+        let fingerprintToVerify;
+        if (keyMetadata.fingerprint) {
+            // If a key fingerprint is provided, use it.
+            fingerprintToVerify = keyMetadata.fingerprint;
+        }
+        else if (keyMetadata.locator) {
+            // Otherwise try to get stored fingerprint by locator.
+            fingerprintToVerify = this.keyStore[keyMetadata.locator];
+        }
+        if (!fingerprintToVerify) {
+            throw new Error("Either fingerprint or a valid locator must be provided for verification.");
+        }
+        // Verify the key size.
+        if (fingerprintToVerify.size !== computedFingerprint.size) {
+            throw new KeyVerificationError(keyMetadata.locator || "", "size", String(fingerprintToVerify.size), String(computedFingerprint.size));
+        }
+        // Verify the key checksum.
+        if (fingerprintToVerify.checksum !== computedFingerprint.checksum) {
+            throw new KeyVerificationError(keyMetadata.locator || "", "checksum", fingerprintToVerify.checksum, computedFingerprint.checksum);
+        }
+    }
+}
+
+/**
+ * Error thrown when a key locator is invalid for filesystem use.
+ * Used to prevent path traversal and other filesystem injection when deriving paths from locators.
+ *
+ * @extends Error
+ */
+class InvalidLocatorError extends Error {
+    locator;
+    reason;
+    /**
+     * @param message - Human-readable description of the validation failure.
+     * @param locator - The invalid locator string that failed validation.
+     * @param reason - Machine-readable reason code for the failure.
+     */
+    constructor(message, locator, reason) {
+        super(message);
+        this.locator = locator;
+        this.reason = reason;
+        this.name = "InvalidLocatorError";
+        Object.setPrototypeOf(this, InvalidLocatorError.prototype);
+    }
+}
+
 /**
  * Search parameters for the offline key provider. This class implements the KeySearchParams interface and includes
  * a convenience method for creating a new instance of this class for each function of the credits.aleo program.
@@ -2891,7 +3058,7 @@ class OfflineSearchParams {
         return new OfflineSearchParams(CREDITS_PROGRAM_KEYS.bond_validator.locator, true);
     }
     /**
-     * Create a new OfflineSearchParams instance for the claim_unbond_public function of the
+     * Create a new OfflineSearchParams instance for the claim_unbond_public function of the credits.aleo program.
      */
     static claimUnbondPublicKeyParams() {
         return new OfflineSearchParams(CREDITS_PROGRAM_KEYS.claim_unbond_public.locator, true);
@@ -3025,6 +3192,9 @@ class OfflineKeyProvider {
     constructor() {
         this.cache = new Map();
     }
+    keyStore() {
+        return Promise.resolve(undefined);
+    }
     /**
      * Get bond_public function keys from the credits.aleo program. The keys must be cached prior to calling this
      * method for it to work.
@@ -4005,6 +4175,56 @@ class RecordScanner {
             return this.handleRequestError(err);
         }
     }
+    /**
+     * Remove all local scanner state associated with the given UUID (stored uuid, viewKeys entry, account if it matches).
+     * Called after a successful revoke so the scanner does not retain view keys or account for a revoked registration.
+     */
+    clearLocalStateForUuid(uuidStr) {
+        if (this.uuid != null && this.uuid.toString() === uuidStr) {
+            this.uuid = undefined;
+        }
+        if (this.viewKeys != null) {
+            delete this.viewKeys[uuidStr];
+            if (Object.keys(this.viewKeys).length === 0) {
+                this.viewKeys = undefined;
+            }
+        }
+        if (this.account != null && this.computeUUID(this.account.viewKey()).toString() === uuidStr) {
+            this.account = undefined;
+        }
+    }
+    /**
+     * Revoke the account registration with the record scanning service (POST /revoke). On success, also removes
+     * all local state for that UUID: the stored UUID (if it matches), the view key for that UUID, and the
+     * account (if its view key corresponds to that UUID).
+     *
+     * @param {string | Field | undefined} uuid The UUID to revoke. If omitted, uses the UUID configured on the scanner.
+     * @returns {Promise<RevokeResult>} `{ ok: true, data: { status } }` on success, or `{ ok: false, status, error }` on failure.
+     * @throws {UUIDError} When no UUID is configured and none provided, or when the UUID string is invalid.
+     */
+    async revoke(uuid) {
+        const resolvedUuid = uuid ?? this.uuid;
+        if (!resolvedUuid) {
+            throw new UUIDError("No UUID configured for the record scanner and no UUID provided.");
+        }
+        const uuidStr = typeof resolvedUuid === "string" ? resolvedUuid : resolvedUuid.toString();
+        if (!this.uuidIsValid(uuidStr)) {
+            throw new UUIDError(`UUID provided ${uuidStr} is invalid`, uuidStr);
+        }
+        try {
+            const response = await this.request(new Request(`${this.url}/revoke`, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify(uuidStr),
+            }));
+            const data = await response.json();
+            this.clearLocalStateForUuid(uuidStr);
+            return { ok: true, data };
+        }
+        catch (err) {
+            return this.handleRequestError(err);
+        }
+    }
     /**
      * Get encrypted records from the record scanning service. This is a safe variant of /records/encrypted that returns
      * a result instead of throwing on HTTP error.
@@ -4164,8 +4384,7 @@ class RecordScanner {
         // Throw an error if none could be found, otherwise set the UUID on the filter with either the UUID configured
         // within the filter or the UUID configured within the scanner.
         if (!uuid) {
-            throw new Error("Error while using the record scanner. UUID is not set on the scanner and the UUID " +
-                "provided in the record filter was invalid.");
+            throw new UUIDError("Error while using the record scanner. UUID is not set on the scanner and the UUID provided in the record filter was invalid.", undefined, filter);
         }
         filter.uuid = uuid;
         // Inner request used to retry once after 422 re-register without duplicating logic.
@@ -5240,8 +5459,8 @@ class ProgramManager {
                 edition = await this.networkClient.getLatestProgramEdition(programName);
             }
             catch (e) {
-                console.warn(`Error finding edition for ${programName}. Network response: '${e.message}'. Assuming edition 1.`);
-                edition = 1;
+                console.warn(`Error finding edition for ${programName}. Network response: '${e.message}'. Assuming edition 0.`);
+                edition = 0;
             }
         }
         // Get the private key from the account if it is not provided in the parameters
@@ -5524,8 +5743,8 @@ class ProgramManager {
                 edition = await this.networkClient.getLatestProgramEdition(programName);
             }
             catch (e) {
-                console.warn(`Error finding edition for ${programName}. Network response: '${e.message}'. Assuming edition 1.`);
-                edition = 1;
+                console.warn(`Error finding edition for ${programName}. Network response: '${e.message}'. Assuming edition 0.`);
+                edition = 0;
             }
         }
         // Resolve the program imports if they exist.
@@ -5617,8 +5836,8 @@ class ProgramManager {
                 edition = await this.networkClient.getLatestProgramEdition(programName);
             }
             catch (e) {
-                console.warn(`Error finding edition for ${programName}. Network response: '${e.message}'. Assuming edition 1.`);
-                edition = 1;
+                console.warn(`Error finding edition for ${programName}. Network response: '${e.message}'. Assuming edition 0.`);
+                edition = 0;
             }
         }
         // Build and return an `Authorization` for the desired function.
@@ -5687,8 +5906,8 @@ class ProgramManager {
                 edition = await this.networkClient.getLatestProgramEdition(programName);
             }
             catch (e) {
-                console.warn(`Error finding edition for ${programName}. Network response: '${e.message}'. Assuming edition 1.`);
-                edition = 1;
+                console.warn(`Error finding edition for ${programName}. Network response: '${e.message}'. Assuming edition 0.`);
+                edition = 0;
             }
         }
         // Get the private key from the account if it is not provided in the parameters.
@@ -7418,5 +7637,5 @@ async function initializeWasm() {
     console.warn("initializeWasm is deprecated, you no longer need to use it");
 }
 
-export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoNetworkClient, BlockHeightSearch, CREDITS_PROGRAM_KEYS, DecryptionNotEnabledError, KEY_STORE, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, PRIVATE_TO_PUBLIC_TRANSFER, PRIVATE_TRANSFER, PRIVATE_TRANSFER_TYPES, PUBLIC_TO_PRIVATE_TRANSFER, PUBLIC_TRANSFER, PUBLIC_TRANSFER_AS_SIGNER, ProgramManager, RECORD_DOMAIN, RecordNotFoundError, RecordScanner, RecordScannerRequestError, SealanceMerkleTree, UUIDError, VALID_TRANSFER_TYPES, ViewKeyNotStoredError, encryptAuthorization, encryptProvingRequest, encryptRegistrationRequest, encryptViewKey, initializeWasm, isProveApiErrorBody, isProvingResponse, logAndThrow };
+export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoNetworkClient, BlockHeightSearch, CREDITS_PROGRAM_KEYS, KeyVerificationError as ChecksumMismatchError, DecryptionNotEnabledError, InvalidLocatorError, KEY_STORE, KeyVerificationError, MemKeyVerifier, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, PRIVATE_TO_PUBLIC_TRANSFER, PRIVATE_TRANSFER, PRIVATE_TRANSFER_TYPES, PUBLIC_TO_PRIVATE_TRANSFER, PUBLIC_TRANSFER, PUBLIC_TRANSFER_AS_SIGNER, ProgramManager, RECORD_DOMAIN, RecordNotFoundError, RecordScanner, RecordScannerRequestError, SealanceMerkleTree, UUIDError, VALID_TRANSFER_TYPES, ViewKeyNotStoredError, encryptAuthorization, encryptProvingRequest, encryptRegistrationRequest, encryptViewKey, initializeWasm, isProveApiErrorBody, isProvingResponse, logAndThrow, sha256Hex };
 //# sourceMappingURL=browser.js.map