@provablehq/sdk 0.9.16 → 0.9.18

package/dist/mainnet/account.d.ts

@@ -1,6 +1,6 @@
 import { Address, ComputeKey, Field, Group, PrivateKey, Signature, ViewKey, PrivateKeyCiphertext, RecordCiphertext, RecordPlaintext } from "./wasm.js";
 interface AccountParam {
-    privateKey?: string;
+    privateKey?: string | PrivateKey;
     seed?: Uint8Array;
 }
 /**
@@ -13,6 +13,9 @@ interface AccountParam {
  * credits and other records to. This class should only be used in environments where the safety of the underlying key
  * material can be assured.
  *
+ * When an Account is no longer needed, call {@link destroy} to securely zeroize and free all sensitive key material
+ * from WASM memory. Alternatively, use `[Symbol.dispose]()` with the `using` declaration in ES2024+ environments.
+ *
  * @example
  * import { Account } from "@provablehq/sdk/testnet.js";
  *
@@ -32,12 +35,16 @@ interface AccountParam {
  *
  * // Verify a signature
  * assert(myRandomAccount.verify(hello_world, signature));
+ *
+ * // Securely destroy the account when done
+ * myRandomAccount.destroy();
  */
 export declare class Account {
     _privateKey: PrivateKey;
     _viewKey: ViewKey;
     _computeKey: ComputeKey;
     _address: Address;
+    private _destroyed;
     constructor(params?: AccountParam);
     /**
      * Attempts to create an account from a private key ciphertext
@@ -69,10 +76,14 @@ export declare class Account {
     static isValidAddress(address: string | Uint8Array): boolean;
     /**
      * Creates a PrivateKey from the provided parameters.
-     * @param {AccountParam} params The parameters containing either a private key string or a seed
+     * @param {AccountParam} params The parameters containing either a private key string, PrivateKey object, or a seed
      * @returns {PrivateKey} A PrivateKey instance derived from the provided parameters
      */
     private privateKeyFromParams;
+    /**
+     * Throws an error if this account has been destroyed.
+     */
+    private assertNotDestroyed;
     /**
      * Returns the PrivateKey associated with the account.
      * @returns {PrivateKey} The private key of the account
@@ -118,7 +129,8 @@ export declare class Account {
      */
     address(): Address;
     /**
-     * Deep clones the Account.
+     * Deep clones the Account via byte serialization of the private key,
+     * avoiding creation of immutable JS string representations of the private key.
      * @returns {Account} A new Account instance with the same private key
      *
      * @example
@@ -303,5 +315,33 @@ export declare class Account {
      * assert(account.verify(message, signature));
      */
     verify(message: Uint8Array, signature: Signature): boolean;
+    /**
+     * Securely destroys the account by zeroizing and freeing all sensitive key material
+     * from WASM memory. After calling this method, the account object should not be used.
+     *
+     * This triggers the Rust-level zeroizing Drop implementation which overwrites private key,
+     * view key, and compute key bytes with zeros in WASM linear memory before deallocation.
+     *
+     * Note: If destroy() is never called, the FinalizationRegistry (set up by wasm-bindgen)
+     * will eventually trigger cleanup via GC, but the timing is non-deterministic. For security-
+     * sensitive applications, always call destroy() explicitly when the account is no longer needed.
+     *
+     * @example
+     * const account = new Account();
+     * // ... use account ...
+     * account.destroy(); // Securely cleans up key material
+     */
+    destroy(): void;
+    /**
+     * Implements the Disposable interface for use with `using` declarations (ES2024+).
+     * Calls {@link destroy} to securely clean up key material.
+     *
+     * @example
+     * {
+     *   using account = new Account();
+     *   // ... use account ...
+     * } // account is automatically destroyed here
+     */
+    [Symbol.dispose](): void;
 }
 export {};

package/dist/mainnet/browser.d.ts

@@ -2,6 +2,7 @@ import "./polyfill/shared.js";
 import { Account } from "./account.js";
 import { AleoNetworkClient, ProgramImports } from "./network-client.js";
 import { BlockJSON, Header, Metadata } from "./models/blockJSON.js";
+import { CachedKeyPair, FunctionKeyPair } from "./models/keyPair.js";
 import { ConfirmedTransactionJSON } from "./models/confirmed_transaction.js";
 import { CryptoBoxPubKey } from "./models/cryptoBoxPubkey.js";
 import { DeploymentJSON, VerifyingKeys } from "./models/deployment/deploymentJSON.js";
@@ -36,6 +37,7 @@ import { OwnedRecordsResponseFilter } from "./models/record-scanner/ownedRecords
 import { RegisterResult, RegisterSuccess } from "./models/record-scanner/registrationResult.js";
 import { RegistrationRequest } from "./models/record-scanner/registrationRequest.js";
 import { RegistrationResponse } from "./models/record-scanner/registrationResponse.js";
+import { RevokeResult, RevokeSuccess, RevokeResponse } from "./models/record-scanner/revokeResult.js";
 import { RecordsFilter } from "./models/record-scanner/recordsFilter.js";
 import { RecordsResponseFilter } from "./models/record-scanner/recordsResponseFilter.js";
 import { SerialNumbersResult, SerialNumbersSuccess } from "./models/record-scanner/serialNumbersResult.js";
@@ -48,8 +50,12 @@ import { TransactionJSON } from "./models/transaction/transactionJSON.js";
 import { TransactionObject } from "./models/transaction/transactionObject.js";
 import { TransitionJSON } from "./models/transition/transitionJSON.js";
 import { TransitionObject } from "./models/transition/transitionObject.js";
-import { AleoKeyProvider, AleoKeyProviderParams, AleoKeyProviderInitParams, CachedKeyPair, FunctionKeyPair, FunctionKeyProvider, KeySearchParams } from "./function-key-provider.js";
-import { OfflineKeyProvider, OfflineSearchParams } from "./offline-key-provider.js";
+import { FunctionKeyProvider, KeySearchParams } from "./keys/provider/interface.js";
+import { AleoKeyProvider, AleoKeyProviderParams, AleoKeyProviderInitParams } from "./keys/provider/memory.js";
+import { KeyFingerprint, KeyMetadata, KeyVerificationError, KeyVerifier, sha256Hex } from "./keys/verifier/interface.js";
+import { MemKeyVerifier } from "./keys/verifier/memory.js";
+import { InvalidLocatorError, InvalidLocatorReason, KeyLocator, KeyStore } from "./keys/keystore/interface.js";
+import { OfflineKeyProvider, OfflineSearchParams } from "./keys/provider/offline.js";
 import { BlockHeightSearch, NetworkRecordProvider, RecordProvider } from "./record-provider.js";
 import { RecordScanner, RecordScannerJWTData, RecordScannerOptions } from "./record-scanner.js";
 import { SealanceMerkleTree } from "./integrations/sealance/merkle-tree.js";
@@ -59,5 +65,6 @@ export { logAndThrow } from "./utils.js";
 export { Address, Authorization, Boolean, BHP256, BHP512, BHP768, BHP1024, Ciphertext, ComputeKey, Execution as FunctionExecution, ExecutionRequest, ExecutionResponse, EncryptionToolkit, Field, GraphKey, Group, I8, I16, I32, I64, I128, OfflineQuery, Pedersen64, Pedersen128, Plaintext, Poseidon2, Poseidon4, Poseidon8, PrivateKey, PrivateKeyCiphertext, Program, ProgramManager as ProgramManagerBase, ProvingKey, ProvingRequest, RecordCiphertext, RecordPlaintext, Signature, Scalar, Transaction, Transition, U8, U16, U32, U64, U128, VerifyingKey, ViewKey, initThreadPool, getOrInitConsensusVersionTestHeights, verifyFunctionExecution, } from "./wasm.js";
 export { initializeWasm };
 export { Key, CREDITS_PROGRAM_KEYS, KEY_STORE, PRIVATE_TRANSFER, PRIVATE_TO_PUBLIC_TRANSFER, PRIVATE_TRANSFER_TYPES, PUBLIC_TRANSFER, PUBLIC_TRANSFER_AS_SIGNER, PUBLIC_TO_PRIVATE_TRANSFER, RECORD_DOMAIN, VALID_TRANSFER_TYPES, } from "./constants.js";
-export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoKeyProviderInitParams, AleoNetworkClient, BlockJSON, BlockHeightSearch, BroadcastResponse, BroadcastResult, CachedKeyPair, ConfirmedTransactionJSON, CryptoBoxPubKey, DeploymentJSON, DeploymentObject, EncryptedProvingRequest, EncryptedRecord, EncryptedRegistrationRequest, EncryptedRecordsResult, EncryptedRecordsSuccess, ExecutionJSON, ExecutionObject, FeeExecutionJSON, FeeExecutionObject, FinalizeJSON, FunctionInput, FunctionObject, FunctionKeyPair, FunctionKeyProvider, Header, isProvingResponse, isProveApiErrorBody, ImportedPrograms, ImportedVerifyingKeys, InputJSON, InputObject, KeySearchParams, Metadata, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, OutputJSON, OutputObject, OwnedFilter, OwnedRecord, OwnedRecordsResult, OwnedRecordsResponseFilter, OwnedRecordsSuccess, OwnerJSON, PartialSolutionJSON, PlaintextArray, PlaintextLiteral, PlaintextObject, PlaintextStruct, ProgramImports, ProveApiErrorBody, ProvingFailure, ProvingRequestError, ProvingRequestJSON, ProvingResult, ProvingSuccess, ProvingResponse, RatificationJSON, RecordsFilter, RecordsResponseFilter, RecordProvider, RecordScanner, RecordScannerErrorBody, RecordScannerFailure, RecordScannerJWTData, RecordScannerOptions, DecryptionNotEnabledError, RecordNotFoundError, RecordScannerRequestError, ViewKeyNotStoredError, RecordSearchParams, RegisterResult, RegisterSuccess, RegistrationRequest, RegistrationResponse, SealanceMerkleTree, SerialNumbersResult, SerialNumbersSuccess, SolutionJSON, SolutionsJSON, StatusResponse, StatusResult, StatusSuccess, TagsResult, TagsSuccess, TransactionJSON, TransactionObject, TransitionJSON, TransitionObject, UUIDError, VerifyingKeys, };
-export { encryptAuthorization, encryptProvingRequest, encryptViewKey, encryptRegistrationRequest } from "./security.js";
+export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoKeyProviderInitParams, AleoNetworkClient, BlockJSON, BlockHeightSearch, BroadcastResponse, BroadcastResult, CachedKeyPair, ConfirmedTransactionJSON, CryptoBoxPubKey, DeploymentJSON, DeploymentObject, EncryptedProvingRequest, EncryptedRecord, EncryptedRegistrationRequest, EncryptedRecordsResult, EncryptedRecordsSuccess, ExecutionJSON, ExecutionObject, FeeExecutionJSON, FeeExecutionObject, FinalizeJSON, FunctionInput, FunctionObject, FunctionKeyPair, FunctionKeyProvider, Header, isProvingResponse, isProveApiErrorBody, ImportedPrograms, ImportedVerifyingKeys, InputJSON, InputObject, InvalidLocatorError, InvalidLocatorReason, KeyFingerprint, KeyLocator, KeyMetadata, KeyStore, KeyVerificationError, KeyVerifier, MemKeyVerifier, KeySearchParams, Metadata, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, OutputJSON, OutputObject, OwnedFilter, OwnedRecord, OwnedRecordsResult, OwnedRecordsResponseFilter, OwnedRecordsSuccess, OwnerJSON, PartialSolutionJSON, PlaintextArray, PlaintextLiteral, PlaintextObject, PlaintextStruct, ProgramImports, ProveApiErrorBody, ProvingFailure, ProvingRequestError, ProvingRequestJSON, ProvingResult, ProvingSuccess, ProvingResponse, RatificationJSON, RecordsFilter, RecordsResponseFilter, RecordProvider, RecordScanner, RecordScannerErrorBody, RecordScannerFailure, RecordScannerJWTData, RecordScannerOptions, DecryptionNotEnabledError, RecordNotFoundError, RecordScannerRequestError, ViewKeyNotStoredError, RecordSearchParams, RegisterResult, RegisterSuccess, RegistrationRequest, RegistrationResponse, RevokeResult, RevokeSuccess, RevokeResponse, SealanceMerkleTree, SerialNumbersResult, SerialNumbersSuccess, sha256Hex, SolutionJSON, SolutionsJSON, StatusResponse, StatusResult, StatusSuccess, TagsResult, TagsSuccess, TransactionJSON, TransactionObject, TransitionJSON, TransitionObject, UUIDError, VerifyingKeys, };
+export { KeyVerificationError as ChecksumMismatchError, KeyVerifier as FunctionKeyVerifier, } from "./keys/verifier/interface.js";
+export { encryptAuthorization, encryptProvingRequest, encryptViewKey, encryptRegistrationRequest, zeroizeBytes } from "./security.js";