@provablehq/sdk 0.9.17 → 0.9.18

package/dist/mainnet/account.d.ts

@@ -1,6 +1,6 @@
 import { Address, ComputeKey, Field, Group, PrivateKey, Signature, ViewKey, PrivateKeyCiphertext, RecordCiphertext, RecordPlaintext } from "./wasm.js";
 interface AccountParam {
-    privateKey?: string;
+    privateKey?: string | PrivateKey;
     seed?: Uint8Array;
 }
 /**
@@ -13,6 +13,9 @@ interface AccountParam {
  * credits and other records to. This class should only be used in environments where the safety of the underlying key
  * material can be assured.
  *
+ * When an Account is no longer needed, call {@link destroy} to securely zeroize and free all sensitive key material
+ * from WASM memory. Alternatively, use `[Symbol.dispose]()` with the `using` declaration in ES2024+ environments.
+ *
  * @example
  * import { Account } from "@provablehq/sdk/testnet.js";
  *
@@ -32,12 +35,16 @@ interface AccountParam {
  *
  * // Verify a signature
  * assert(myRandomAccount.verify(hello_world, signature));
+ *
+ * // Securely destroy the account when done
+ * myRandomAccount.destroy();
  */
 export declare class Account {
     _privateKey: PrivateKey;
     _viewKey: ViewKey;
     _computeKey: ComputeKey;
     _address: Address;
+    private _destroyed;
     constructor(params?: AccountParam);
     /**
      * Attempts to create an account from a private key ciphertext
@@ -69,10 +76,14 @@ export declare class Account {
     static isValidAddress(address: string | Uint8Array): boolean;
     /**
      * Creates a PrivateKey from the provided parameters.
-     * @param {AccountParam} params The parameters containing either a private key string or a seed
+     * @param {AccountParam} params The parameters containing either a private key string, PrivateKey object, or a seed
      * @returns {PrivateKey} A PrivateKey instance derived from the provided parameters
      */
     private privateKeyFromParams;
+    /**
+     * Throws an error if this account has been destroyed.
+     */
+    private assertNotDestroyed;
     /**
      * Returns the PrivateKey associated with the account.
      * @returns {PrivateKey} The private key of the account
@@ -118,7 +129,8 @@ export declare class Account {
      */
     address(): Address;
     /**
-     * Deep clones the Account.
+     * Deep clones the Account via byte serialization of the private key,
+     * avoiding creation of immutable JS string representations of the private key.
      * @returns {Account} A new Account instance with the same private key
      *
      * @example
@@ -303,5 +315,33 @@ export declare class Account {
      * assert(account.verify(message, signature));
      */
     verify(message: Uint8Array, signature: Signature): boolean;
+    /**
+     * Securely destroys the account by zeroizing and freeing all sensitive key material
+     * from WASM memory. After calling this method, the account object should not be used.
+     *
+     * This triggers the Rust-level zeroizing Drop implementation which overwrites private key,
+     * view key, and compute key bytes with zeros in WASM linear memory before deallocation.
+     *
+     * Note: If destroy() is never called, the FinalizationRegistry (set up by wasm-bindgen)
+     * will eventually trigger cleanup via GC, but the timing is non-deterministic. For security-
+     * sensitive applications, always call destroy() explicitly when the account is no longer needed.
+     *
+     * @example
+     * const account = new Account();
+     * // ... use account ...
+     * account.destroy(); // Securely cleans up key material
+     */
+    destroy(): void;
+    /**
+     * Implements the Disposable interface for use with `using` declarations (ES2024+).
+     * Calls {@link destroy} to securely clean up key material.
+     *
+     * @example
+     * {
+     *   using account = new Account();
+     *   // ... use account ...
+     * } // account is automatically destroyed here
+     */
+    [Symbol.dispose](): void;
 }
 export {};

package/dist/mainnet/browser.d.ts

@@ -67,4 +67,4 @@ export { initializeWasm };
 export { Key, CREDITS_PROGRAM_KEYS, KEY_STORE, PRIVATE_TRANSFER, PRIVATE_TO_PUBLIC_TRANSFER, PRIVATE_TRANSFER_TYPES, PUBLIC_TRANSFER, PUBLIC_TRANSFER_AS_SIGNER, PUBLIC_TO_PRIVATE_TRANSFER, RECORD_DOMAIN, VALID_TRANSFER_TYPES, } from "./constants.js";
 export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoKeyProviderInitParams, AleoNetworkClient, BlockJSON, BlockHeightSearch, BroadcastResponse, BroadcastResult, CachedKeyPair, ConfirmedTransactionJSON, CryptoBoxPubKey, DeploymentJSON, DeploymentObject, EncryptedProvingRequest, EncryptedRecord, EncryptedRegistrationRequest, EncryptedRecordsResult, EncryptedRecordsSuccess, ExecutionJSON, ExecutionObject, FeeExecutionJSON, FeeExecutionObject, FinalizeJSON, FunctionInput, FunctionObject, FunctionKeyPair, FunctionKeyProvider, Header, isProvingResponse, isProveApiErrorBody, ImportedPrograms, ImportedVerifyingKeys, InputJSON, InputObject, InvalidLocatorError, InvalidLocatorReason, KeyFingerprint, KeyLocator, KeyMetadata, KeyStore, KeyVerificationError, KeyVerifier, MemKeyVerifier, KeySearchParams, Metadata, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, OutputJSON, OutputObject, OwnedFilter, OwnedRecord, OwnedRecordsResult, OwnedRecordsResponseFilter, OwnedRecordsSuccess, OwnerJSON, PartialSolutionJSON, PlaintextArray, PlaintextLiteral, PlaintextObject, PlaintextStruct, ProgramImports, ProveApiErrorBody, ProvingFailure, ProvingRequestError, ProvingRequestJSON, ProvingResult, ProvingSuccess, ProvingResponse, RatificationJSON, RecordsFilter, RecordsResponseFilter, RecordProvider, RecordScanner, RecordScannerErrorBody, RecordScannerFailure, RecordScannerJWTData, RecordScannerOptions, DecryptionNotEnabledError, RecordNotFoundError, RecordScannerRequestError, ViewKeyNotStoredError, RecordSearchParams, RegisterResult, RegisterSuccess, RegistrationRequest, RegistrationResponse, RevokeResult, RevokeSuccess, RevokeResponse, SealanceMerkleTree, SerialNumbersResult, SerialNumbersSuccess, sha256Hex, SolutionJSON, SolutionsJSON, StatusResponse, StatusResult, StatusSuccess, TagsResult, TagsSuccess, TransactionJSON, TransactionObject, TransitionJSON, TransitionObject, UUIDError, VerifyingKeys, };
 export { KeyVerificationError as ChecksumMismatchError, KeyVerifier as FunctionKeyVerifier, } from "./keys/verifier/interface.js";
-export { encryptAuthorization, encryptProvingRequest, encryptViewKey, encryptRegistrationRequest } from "./security.js";
+export { encryptAuthorization, encryptProvingRequest, encryptViewKey, encryptRegistrationRequest, zeroizeBytes } from "./security.js";

package/dist/mainnet/browser.js

@@ -4,6 +4,109 @@ export { Address, Authorization, BHP1024, BHP256, BHP512, BHP768, Boolean, Ciphe
 import sodium from 'libsodium-wrappers';
 import { bech32m } from '@scure/base';
 
+await sodium.ready;
+/**
+ * Encrypt an authorization with a libsodium cryptobox public key.
+ *
+ * @param {string} publicKey The cryptobox X25519 public key to encrypt with (encoded in RFC 4648 standard Base64).
+ * @param {Authorization} authorization the authorization to encrypt.
+ *
+ * @returns {string} the encrypted authorization in RFC 4648 standard Base64.
+ */
+function encryptAuthorization(publicKey, authorization) {
+    // Ready the cryptobox lib.
+    return encryptMessage(publicKey, authorization.toBytesLe());
+}
+/**
+ * Encrypt a ProvingRequest with a libsodium cryptobox public key.
+ *
+ * @param {string} publicKey The cryptobox X25519 public key to encrypt with (encoded in RFC 4648 standard Base64).
+ * @param {Authorization} provingRequest the ProvingRequest to encrypt.
+ *
+ * @returns {string} the encrypted ProvingRequest in RFC 4648 standard Base64.
+ */
+function encryptProvingRequest(publicKey, provingRequest) {
+    return encryptMessage(publicKey, provingRequest.toBytesLe());
+}
+/**
+ * Encrypt a view key with a libsodium cryptobox public key.
+ *
+ * @param {string} publicKey The cryptobox X25519 public key to encrypt with (encoded in RFC 4648 standard Base64).
+ * @param {ViewKey} viewKey the view key to encrypt.
+ *
+ * @returns {string} the encrypted view key in RFC 4648 standard Base64.
+ */
+function encryptViewKey(publicKey, viewKey) {
+    return encryptMessage(publicKey, viewKey.toBytesLe());
+}
+/**
+ * Encrypt a record scanner registration request.
+ *
+ * @param {string} publicKey The cryptobox X25519 public key to encrypt with (encoded in RFC 4648 standard Base64).
+ * @param {ViewKey} viewKey the view key to encrypt.
+ * @param {number} start the start height of the registration request.
+ *
+ * @returns {string} the encrypted view key in RFC 4648 standard Base64.
+ */
+function encryptRegistrationRequest(publicKey, viewKey, start) {
+    // Turn the view key into a Uint8Array.
+    const vk_bytes = viewKey.toBytesLe();
+    // Create a new array to hold the original bytes and the 4-byte start height.
+    const bytes = new Uint8Array(vk_bytes.length + 4);
+    // Copy existing bytes.
+    bytes.set(vk_bytes, 0);
+    // Write the 4-byte number in LE format at the end of the array.
+    const view = new DataView(bytes.buffer);
+    view.setUint32(vk_bytes.length, start, true);
+    // Encrypt the encoded bytes, ensuring sensitive intermediate
+    // byte arrays are zeroized regardless of success or failure.
+    try {
+        return encryptMessage(publicKey, bytes);
+    }
+    finally {
+        zeroizeBytes(vk_bytes);
+        zeroizeBytes(bytes);
+    }
+}
+/**
+ * Best-effort zeroization of a byte array by overwriting all bytes with zeros.
+ * Use this to clear sensitive data (e.g., key bytes) from memory when working
+ * with Uint8Array representations of keys or other secrets.
+ *
+ * This is best-effort in JavaScript — the JIT compiler could theoretically
+ * elide the fill if the array is never read again (though current engines
+ * do not). For deterministic zeroization of key material, use
+ * `Account.destroy()` or call `.free()` on key objects (PrivateKey, ViewKey,
+ * ComputeKey, GraphKey) whose Rust Drop implementations zeroize memory
+ * before deallocation.
+ *
+ * Note: This cannot zeroize JavaScript strings, which are immutable and managed
+ * by the garbage collector. Prefer using byte array representations of sensitive
+ * data over strings whenever possible.
+ *
+ * @param {Uint8Array} bytes The byte array to zeroize
+ *
+ * @example
+ * const keyBytes = privateKey.toBytesLe();
+ * // ... use keyBytes ...
+ * zeroizeBytes(keyBytes); // Overwrite with zeros when done
+ */
+function zeroizeBytes(bytes) {
+    bytes.fill(0);
+}
+/**
+ * Encrypt arbitrary bytes with a libsodium cryptobox public key.
+ *
+ * @param {string} publicKey The cryptobox X25519 public key to encrypt with (encoded in RFC 4648 standard Base64).
+ * @param {Uint8Array} message the bytes to encrypt.
+ *
+ * @returns {string} the encrypted bytes in RFC 4648 standard Base64.
+ */
+function encryptMessage(publicKey, message) {
+    const publicKeyBytes = sodium.from_base64(publicKey, sodium.base64_variants.ORIGINAL);
+    return sodium.to_base64(sodium.crypto_box_seal(message, publicKeyBytes), sodium.base64_variants.ORIGINAL);
+}
+
 /**
  * Key Management class. Enables the creation of a new Aleo Account, importation of an existing account from
  * an existing private key or seed, and message signing and verification functionality. An Aleo Account is generated
@@ -14,6 +117,9 @@ import { bech32m } from '@scure/base';
  * credits and other records to. This class should only be used in environments where the safety of the underlying key
  * material can be assured.
  *
+ * When an Account is no longer needed, call {@link destroy} to securely zeroize and free all sensitive key material
+ * from WASM memory. Alternatively, use `[Symbol.dispose]()` with the `using` declaration in ES2024+ environments.
+ *
  * @example
  * import { Account } from "@provablehq/sdk/testnet.js";
  *
@@ -33,12 +139,16 @@ import { bech32m } from '@scure/base';
  *
  * // Verify a signature
  * assert(myRandomAccount.verify(hello_world, signature));
+ *
+ * // Securely destroy the account when done
+ * myRandomAccount.destroy();
  */
 class Account {
     _privateKey;
     _viewKey;
     _computeKey;
     _address;
+    _destroyed = false;
     constructor(params = {}) {
         try {
             this._privateKey = this.privateKeyFromParams(params);
@@ -67,7 +177,12 @@ class Account {
         try {
             ciphertext = (typeof ciphertext === "string") ? PrivateKeyCiphertext.fromString(ciphertext) : ciphertext;
             const _privateKey = PrivateKey.fromPrivateKeyCiphertext(ciphertext, password);
-            return new Account({ privateKey: _privateKey.to_string() });
+            try {
+                return new Account({ privateKey: _privateKey });
+            }
+            finally {
+                _privateKey.free(); // Zeroize + free the temporary; Account owns its own clone
+            }
         }
         catch (e) {
             throw new Error("Wrong password or invalid ciphertext");
@@ -92,7 +207,7 @@ class Account {
     }
     /**
      * Creates a PrivateKey from the provided parameters.
-     * @param {AccountParam} params The parameters containing either a private key string or a seed
+     * @param {AccountParam} params The parameters containing either a private key string, PrivateKey object, or a seed
      * @returns {PrivateKey} A PrivateKey instance derived from the provided parameters
      */
     privateKeyFromParams(params) {
@@ -100,10 +215,29 @@ class Account {
             return PrivateKey.from_seed_unchecked(params.seed);
         }
         if (params.privateKey) {
-            return PrivateKey.from_string(params.privateKey);
+            if (typeof params.privateKey === 'string') {
+                return PrivateKey.from_string(params.privateKey);
+            }
+            // Clone the PrivateKey WASM object via byte serialization to avoid
+            // creating an immutable JS string of the private key.
+            const bytes = params.privateKey.toBytesLe();
+            try {
+                return PrivateKey.fromBytesLe(bytes);
+            }
+            finally {
+                zeroizeBytes(bytes);
+            }
         }
         return new PrivateKey();
     }
+    /**
+     * Throws an error if this account has been destroyed.
+     */
+    assertNotDestroyed() {
+        if (this._destroyed) {
+            throw new Error("Account has been destroyed. Create a new Account instance.");
+        }
+    }
     /**
      * Returns the PrivateKey associated with the account.
      * @returns {PrivateKey} The private key of the account
@@ -115,6 +249,7 @@ class Account {
      * const privateKey = account.privateKey();
      */
     privateKey() {
+        this.assertNotDestroyed();
         return this._privateKey;
     }
     /**
@@ -128,6 +263,7 @@ class Account {
      * const viewKey = account.viewKey();
      */
     viewKey() {
+        this.assertNotDestroyed();
         return this._viewKey;
     }
     /**
@@ -141,6 +277,7 @@ class Account {
      * const computeKey = account.computeKey();
      */
     computeKey() {
+        this.assertNotDestroyed();
         return this._computeKey;
     }
     /**
@@ -154,10 +291,12 @@ class Account {
      * const address = account.address();
      */
     address() {
+        this.assertNotDestroyed();
         return this._address;
     }
     /**
-     * Deep clones the Account.
+     * Deep clones the Account via byte serialization of the private key,
+     * avoiding creation of immutable JS string representations of the private key.
      * @returns {Account} A new Account instance with the same private key
      *
      * @example
@@ -167,7 +306,8 @@ class Account {
      * const clonedAccount = account.clone();
      */
     clone() {
-        return new Account({ privateKey: this._privateKey.to_string() });
+        this.assertNotDestroyed();
+        return new Account({ privateKey: this._privateKey });
     }
     /**
      * Returns the address of the account in a string representation.
@@ -175,6 +315,7 @@ class Account {
      * @returns {string} The string representation of the account address
      */
     toString() {
+        this.assertNotDestroyed();
         return this.address().to_string();
     }
     /**
@@ -191,6 +332,7 @@ class Account {
      * process.env.ciphertext = ciphertext.toString();
      */
     encryptAccount(password) {
+        this.assertNotDestroyed();
         return this._privateKey.toCiphertext(password);
     }
     /**
@@ -220,6 +362,7 @@ class Account {
      * }
      */
     decryptRecord(ciphertext) {
+        this.assertNotDestroyed();
         return this._viewKey.decrypt(ciphertext);
     }
     /**
@@ -244,6 +387,7 @@ class Account {
      * const decryptedRecords = account.decryptRecords(records);
      */
     decryptRecords(ciphertexts) {
+        this.assertNotDestroyed();
         return ciphertexts.map((ciphertext) => this._viewKey.decrypt(ciphertext));
     }
     /**
@@ -264,6 +408,7 @@ class Account {
      * const recordViewKey = account.generateRecordViewKey(recordCiphertext);
      */
     generateRecordViewKey(recordCiphertext) {
+        this.assertNotDestroyed();
         if (typeof recordCiphertext === 'string') {
             recordCiphertext = RecordCiphertext.fromString(recordCiphertext);
         }
@@ -289,6 +434,7 @@ class Account {
      * const transitionViewKey = account.generateTransitionViewKey(tpk);
      */
     generateTransitionViewKey(tpk) {
+        this.assertNotDestroyed();
         if (typeof tpk === 'string') {
             tpk = Group.fromString(tpk);
         }
@@ -320,6 +466,7 @@ class Account {
      * }
      */
     ownsRecordCiphertext(ciphertext) {
+        this.assertNotDestroyed();
         if (typeof ciphertext === 'string') {
             try {
                 const ciphertextObject = RecordCiphertext.fromString(ciphertext);
@@ -356,6 +503,7 @@ class Account {
      * assert(account.verify(message, signature));
      */
     sign(message) {
+        this.assertNotDestroyed();
         return this._privateKey.sign(message);
     }
     /**
@@ -380,8 +528,62 @@ class Account {
      * assert(account.verify(message, signature));
      */
     verify(message, signature) {
+        this.assertNotDestroyed();
         return this._address.verify(message, signature);
     }
+    /**
+     * Securely destroys the account by zeroizing and freeing all sensitive key material
+     * from WASM memory. After calling this method, the account object should not be used.
+     *
+     * This triggers the Rust-level zeroizing Drop implementation which overwrites private key,
+     * view key, and compute key bytes with zeros in WASM linear memory before deallocation.
+     *
+     * Note: If destroy() is never called, the FinalizationRegistry (set up by wasm-bindgen)
+     * will eventually trigger cleanup via GC, but the timing is non-deterministic. For security-
+     * sensitive applications, always call destroy() explicitly when the account is no longer needed.
+     *
+     * @example
+     * const account = new Account();
+     * // ... use account ...
+     * account.destroy(); // Securely cleans up key material
+     */
+    destroy() {
+        if (this._destroyed)
+            return;
+        this._destroyed = true;
+        // Free sensitive WASM objects (triggers Rust Drop -> zeroization).
+        // try/catch guards against double-free if FinalizationRegistry already ran.
+        try {
+            this._privateKey.free();
+        }
+        catch (_) { /* already freed */ }
+        try {
+            this._viewKey.free();
+        }
+        catch (_) { /* already freed */ }
+        try {
+            this._computeKey.free();
+        }
+        catch (_) { /* already freed */ }
+        // Address is public data but free it for completeness.
+        try {
+            this._address.free();
+        }
+        catch (_) { /* already freed */ }
+    }
+    /**
+     * Implements the Disposable interface for use with `using` declarations (ES2024+).
+     * Calls {@link destroy} to securely clean up key material.
+     *
+     * @example
+     * {
+     *   using account = new Account();
+     *   // ... use account ...
+     * } // account is automatically destroyed here
+     */
+    [Symbol.dispose]() {
+        this.destroy();
+    }
 }
 
 function detectBrowser() {
@@ -504,76 +706,6 @@ function isProveApiErrorBody(value) {
         "message" in value);
 }
 
-await sodium.ready;
-/**
- * Encrypt an authorization with a libsodium cryptobox public key.
- *
- * @param {string} publicKey The cryptobox X25519 public key to encrypt with (encoded in RFC 4648 standard Base64).
- * @param {Authorization} authorization the authorization to encrypt.
- *
- * @returns {string} the encrypted authorization in RFC 4648 standard Base64.
- */
-function encryptAuthorization(publicKey, authorization) {
-    // Ready the cryptobox lib.
-    return encryptMessage(publicKey, authorization.toBytesLe());
-}
-/**
- * Encrypt a ProvingRequest with a libsodium cryptobox public key.
- *
- * @param {string} publicKey The cryptobox X25519 public key to encrypt with (encoded in RFC 4648 standard Base64).
- * @param {Authorization} provingRequest the ProvingRequest to encrypt.
- *
- * @returns {string} the encrypted ProvingRequest in RFC 4648 standard Base64.
- */
-function encryptProvingRequest(publicKey, provingRequest) {
-    return encryptMessage(publicKey, provingRequest.toBytesLe());
-}
-/**
- * Encrypt a view key with a libsodium cryptobox public key.
- *
- * @param {string} publicKey The cryptobox X25519 public key to encrypt with (encoded in RFC 4648 standard Base64).
- * @param {ViewKey} viewKey the view key to encrypt.
- *
- * @returns {string} the encrypted view key in RFC 4648 standard Base64.
- */
-function encryptViewKey(publicKey, viewKey) {
-    return encryptMessage(publicKey, viewKey.toBytesLe());
-}
-/**
- * Encrypt a record scanner registration request.
- *
- * @param {string} publicKey The cryptobox X25519 public key to encrypt with (encoded in RFC 4648 standard Base64).
- * @param {ViewKey} viewKey the view key to encrypt.
- * @param {number} start the start height of the registration request.
- *
- * @returns {string} the encrypted view key in RFC 4648 standard Base64.
- */
-function encryptRegistrationRequest(publicKey, viewKey, start) {
-    // Turn the view key into a Uint8Array.
-    const vk_bytes = viewKey.toBytesLe();
-    // Create a new array to hold the original bytes and the 4-byte start height.
-    const bytes = new Uint8Array(vk_bytes.length + 4);
-    // Copy existing bytes.
-    bytes.set(vk_bytes, 0);
-    // Write the 4-byte number in LE format at the end of the array.
-    const view = new DataView(bytes.buffer);
-    view.setUint32(vk_bytes.length, start, true);
-    // Encrypt the encoded bytes.
-    return encryptMessage(publicKey, bytes);
-}
-/**
- * Encrypt arbitrary bytes with a libsodium cryptobox public key.
- *
- * @param {string} publicKey The cryptobox X25519 public key to encrypt with (encoded in RFC 4648 standard Base64).
- * @param {Uint8Array} message the bytes to encrypt.
- *
- * @returns {string} the encrypted bytes in RFC 4648 standard Base64.
- */
-function encryptMessage(publicKey, message) {
-    const publicKeyBytes = sodium.from_base64(publicKey, sodium.base64_variants.ORIGINAL);
-    return sodium.to_base64(sodium.crypto_box_seal(message, publicKeyBytes), sodium.base64_variants.ORIGINAL);
-}
-
 const KEY_STORE = Metadata.baseUrl();
 function convert(metadata) {
     // This looks up the method name in VerifyingKey
@@ -713,7 +845,7 @@ class AleoNetworkClient {
             else {
                 this.headers = {
                     // This is replaced by the actual version by a Rollup plugin
-                    "X-Aleo-SDK-Version": "0.9.17",
+                    "X-Aleo-SDK-Version": "0.9.18",
                     "X-Aleo-environment": environment(),
                 };
             }
@@ -729,7 +861,7 @@ class AleoNetworkClient {
         else {
             this.headers = {
                 // This is replaced by the actual version by a Rollup plugin
-                "X-Aleo-SDK-Version": "0.9.17",
+                "X-Aleo-SDK-Version": "0.9.18",
                 "X-Aleo-environment": environment(),
             };
         }
@@ -7292,7 +7424,7 @@ class ProgramManager {
      * import { AleoKeyProvider, getOrInitConsensusVersionTestHeights, ProgramManager, NetworkRecordProvider } from "@provablehq/sdk/mainnet.js";
      *
      * // Initialize the development consensus heights in order to work with devnode.
-     * getOrInitConsensusVersionTestHeights("0,1,2,3,4,5,6,7,8,9,10,11");
+     * getOrInitConsensusVersionTestHeights("0,1,2,3,4,5,6,7,8,9,10,11,12");
      *
      * // Create a new NetworkClient and RecordProvider.
      * const recordProvider = new NetworkRecordProvider(account, networkClient);
@@ -7424,7 +7556,7 @@ class ProgramManager {
      * import { ProgramManager, NetworkRecordProvider, getOrInitConsensusVersionTestHeights } from "@provablehq/sdk/mainnet.js";
      *
      * // Initialize the development consensus heights in order to work with a local devnode.
-     * getOrInitConsensusVersionTestHeights("0,1,2,3,4,5,6,7,8,9,10,11");
+     * getOrInitConsensusVersionTestHeights("0,1,2,3,4,5,6,7,8,9,10,11,12");
      *
      * // Create a new NetworkClient, and RecordProvider
      * const recordProvider = new NetworkRecordProvider(account, networkClient);
@@ -7637,5 +7769,5 @@ async function initializeWasm() {
     console.warn("initializeWasm is deprecated, you no longer need to use it");
 }
 
-export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoNetworkClient, BlockHeightSearch, CREDITS_PROGRAM_KEYS, KeyVerificationError as ChecksumMismatchError, DecryptionNotEnabledError, InvalidLocatorError, KEY_STORE, KeyVerificationError, MemKeyVerifier, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, PRIVATE_TO_PUBLIC_TRANSFER, PRIVATE_TRANSFER, PRIVATE_TRANSFER_TYPES, PUBLIC_TO_PRIVATE_TRANSFER, PUBLIC_TRANSFER, PUBLIC_TRANSFER_AS_SIGNER, ProgramManager, RECORD_DOMAIN, RecordNotFoundError, RecordScanner, RecordScannerRequestError, SealanceMerkleTree, UUIDError, VALID_TRANSFER_TYPES, ViewKeyNotStoredError, encryptAuthorization, encryptProvingRequest, encryptRegistrationRequest, encryptViewKey, initializeWasm, isProveApiErrorBody, isProvingResponse, logAndThrow, sha256Hex };
+export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoNetworkClient, BlockHeightSearch, CREDITS_PROGRAM_KEYS, KeyVerificationError as ChecksumMismatchError, DecryptionNotEnabledError, InvalidLocatorError, KEY_STORE, KeyVerificationError, MemKeyVerifier, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, PRIVATE_TO_PUBLIC_TRANSFER, PRIVATE_TRANSFER, PRIVATE_TRANSFER_TYPES, PUBLIC_TO_PRIVATE_TRANSFER, PUBLIC_TRANSFER, PUBLIC_TRANSFER_AS_SIGNER, ProgramManager, RECORD_DOMAIN, RecordNotFoundError, RecordScanner, RecordScannerRequestError, SealanceMerkleTree, UUIDError, VALID_TRANSFER_TYPES, ViewKeyNotStoredError, encryptAuthorization, encryptProvingRequest, encryptRegistrationRequest, encryptViewKey, initializeWasm, isProveApiErrorBody, isProvingResponse, logAndThrow, sha256Hex, zeroizeBytes };
 //# sourceMappingURL=browser.js.map