@provablehq/sdk 0.9.18 → 0.10.0

package/dist/mainnet/browser.d.ts

@@ -54,17 +54,19 @@ import { FunctionKeyProvider, KeySearchParams } from "./keys/provider/interface.
 import { AleoKeyProvider, AleoKeyProviderParams, AleoKeyProviderInitParams } from "./keys/provider/memory.js";
 import { KeyFingerprint, KeyMetadata, KeyVerificationError, KeyVerifier, sha256Hex } from "./keys/verifier/interface.js";
 import { MemKeyVerifier } from "./keys/verifier/memory.js";
-import { InvalidLocatorError, InvalidLocatorReason, KeyLocator, KeyStore } from "./keys/keystore/interface.js";
+import { BaseFunctionKeyLocator, InvalidLocatorError, InvalidLocatorReason, KeyLocator, KeyStore, KeyType, ProvingKeyLocator, TranslationKeyLocator, VerifyingKeyLocator, provingKeyLocator, verifyingKeyLocator, translationKeyLocator } from "./keys/keystore/interface.js";
 import { OfflineKeyProvider, OfflineSearchParams } from "./keys/provider/offline.js";
 import { BlockHeightSearch, NetworkRecordProvider, RecordProvider } from "./record-provider.js";
 import { RecordScanner, RecordScannerJWTData, RecordScannerOptions } from "./record-scanner.js";
 import { SealanceMerkleTree } from "./integrations/sealance/merkle-tree.js";
 declare function initializeWasm(): Promise<void>;
-export { ProgramManager, ProvingRequestOptions, ExecuteOptions, FeeAuthorizationOptions, AuthorizationOptions } from "./program-manager.js";
+export { ProgramManager, ProvingRequestOptions, ExecuteOptions, FeeAuthorizationOptions, AuthorizationOptions, VerificationOptions, BatchVerificationOptions, inputsToFields, verifyProof, verifyBatchProof } from "./program-manager.js";
 export { logAndThrow } from "./utils.js";
-export { Address, Authorization, Boolean, BHP256, BHP512, BHP768, BHP1024, Ciphertext, ComputeKey, Execution as FunctionExecution, ExecutionRequest, ExecutionResponse, EncryptionToolkit, Field, GraphKey, Group, I8, I16, I32, I64, I128, OfflineQuery, Pedersen64, Pedersen128, Plaintext, Poseidon2, Poseidon4, Poseidon8, PrivateKey, PrivateKeyCiphertext, Program, ProgramManager as ProgramManagerBase, ProvingKey, ProvingRequest, RecordCiphertext, RecordPlaintext, Signature, Scalar, Transaction, Transition, U8, U16, U32, U64, U128, VerifyingKey, ViewKey, initThreadPool, getOrInitConsensusVersionTestHeights, verifyFunctionExecution, } from "./wasm.js";
+export { Address, Authorization, Boolean, BHP256, BHP512, BHP768, BHP1024, Ciphertext, ComputeKey, Execution as FunctionExecution, ExecutionRequest, ExecutionResponse, EncryptionToolkit, Field, GraphKey, Group, I8, I16, I32, I64, I128, OfflineQuery, Pedersen64, Pedersen128, Plaintext, Poseidon2, Poseidon4, Poseidon8, PrivateKey, PrivateKeyCiphertext, Program, ProgramManager as ProgramManagerBase, Proof, ProvingKey, ProvingRequest, RecordCiphertext, RecordPlaintext, Signature, Scalar, stringToField, Transaction, Transition, U8, U16, U32, U64, U128, Value, VerifyingKey, ViewKey, initThreadPool, getOrInitConsensusVersionTestHeights, snarkVerify, snarkVerifyBatch, verifyFunctionExecution, } from "./wasm.js";
 export { initializeWasm };
 export { Key, CREDITS_PROGRAM_KEYS, KEY_STORE, PRIVATE_TRANSFER, PRIVATE_TO_PUBLIC_TRANSFER, PRIVATE_TRANSFER_TYPES, PUBLIC_TRANSFER, PUBLIC_TRANSFER_AS_SIGNER, PUBLIC_TO_PRIVATE_TRANSFER, RECORD_DOMAIN, VALID_TRANSFER_TYPES, } from "./constants.js";
-export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoKeyProviderInitParams, AleoNetworkClient, BlockJSON, BlockHeightSearch, BroadcastResponse, BroadcastResult, CachedKeyPair, ConfirmedTransactionJSON, CryptoBoxPubKey, DeploymentJSON, DeploymentObject, EncryptedProvingRequest, EncryptedRecord, EncryptedRegistrationRequest, EncryptedRecordsResult, EncryptedRecordsSuccess, ExecutionJSON, ExecutionObject, FeeExecutionJSON, FeeExecutionObject, FinalizeJSON, FunctionInput, FunctionObject, FunctionKeyPair, FunctionKeyProvider, Header, isProvingResponse, isProveApiErrorBody, ImportedPrograms, ImportedVerifyingKeys, InputJSON, InputObject, InvalidLocatorError, InvalidLocatorReason, KeyFingerprint, KeyLocator, KeyMetadata, KeyStore, KeyVerificationError, KeyVerifier, MemKeyVerifier, KeySearchParams, Metadata, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, OutputJSON, OutputObject, OwnedFilter, OwnedRecord, OwnedRecordsResult, OwnedRecordsResponseFilter, OwnedRecordsSuccess, OwnerJSON, PartialSolutionJSON, PlaintextArray, PlaintextLiteral, PlaintextObject, PlaintextStruct, ProgramImports, ProveApiErrorBody, ProvingFailure, ProvingRequestError, ProvingRequestJSON, ProvingResult, ProvingSuccess, ProvingResponse, RatificationJSON, RecordsFilter, RecordsResponseFilter, RecordProvider, RecordScanner, RecordScannerErrorBody, RecordScannerFailure, RecordScannerJWTData, RecordScannerOptions, DecryptionNotEnabledError, RecordNotFoundError, RecordScannerRequestError, ViewKeyNotStoredError, RecordSearchParams, RegisterResult, RegisterSuccess, RegistrationRequest, RegistrationResponse, RevokeResult, RevokeSuccess, RevokeResponse, SealanceMerkleTree, SerialNumbersResult, SerialNumbersSuccess, sha256Hex, SolutionJSON, SolutionsJSON, StatusResponse, StatusResult, StatusSuccess, TagsResult, TagsSuccess, TransactionJSON, TransactionObject, TransitionJSON, TransitionObject, UUIDError, VerifyingKeys, };
+export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoKeyProviderInitParams, AleoNetworkClient, BlockJSON, BlockHeightSearch, BroadcastResponse, BroadcastResult, CachedKeyPair, ConfirmedTransactionJSON, CryptoBoxPubKey, DecryptionNotEnabledError, DeploymentJSON, DeploymentObject, EncryptedProvingRequest, EncryptedRecord, EncryptedRegistrationRequest, EncryptedRecordsResult, EncryptedRecordsSuccess, ExecutionJSON, ExecutionObject, FeeExecutionJSON, FeeExecutionObject, FinalizeJSON, FunctionInput, FunctionObject, FunctionKeyPair, FunctionKeyProvider, Header, isProvingResponse, isProveApiErrorBody, ImportedPrograms, ImportedVerifyingKeys, InputJSON, InputObject, InvalidLocatorError, InvalidLocatorReason, BaseFunctionKeyLocator, KeyFingerprint, KeyLocator, KeyMetadata, KeySearchParams, KeyStore, KeyType, KeyVerificationError, ProvingKeyLocator, provingKeyLocator, TranslationKeyLocator, translationKeyLocator, VerifyingKeyLocator, verifyingKeyLocator, KeyVerifier, MemKeyVerifier, Metadata, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, OutputJSON, OutputObject, OwnedFilter, OwnedRecord, OwnedRecordsResult, OwnedRecordsResponseFilter, OwnedRecordsSuccess, OwnerJSON, PartialSolutionJSON, PlaintextArray, PlaintextLiteral, PlaintextObject, PlaintextStruct, ProgramImports, ProveApiErrorBody, ProvingFailure, ProvingRequestError, ProvingRequestJSON, ProvingResult, ProvingSuccess, ProvingResponse, RatificationJSON, RecordsFilter, RecordsResponseFilter, RecordProvider, RecordScanner, RecordScannerErrorBody, RecordScannerFailure, RecordScannerJWTData, RecordScannerOptions, RecordNotFoundError, RecordScannerRequestError, ViewKeyNotStoredError, RecordSearchParams, RegisterResult, RegisterSuccess, RegistrationRequest, RegistrationResponse, RevokeResult, RevokeSuccess, RevokeResponse, SealanceMerkleTree, SerialNumbersResult, SerialNumbersSuccess, sha256Hex, SolutionJSON, SolutionsJSON, StatusResponse, StatusResult, StatusSuccess, TagsResult, TagsSuccess, TransactionJSON, TransactionObject, TransitionJSON, TransitionObject, UUIDError, VerifyingKeys, };
 export { KeyVerificationError as ChecksumMismatchError, KeyVerifier as FunctionKeyVerifier, } from "./keys/verifier/interface.js";
 export { encryptAuthorization, encryptProvingRequest, encryptViewKey, encryptRegistrationRequest, zeroizeBytes } from "./security.js";
+export { toField, toGroup, toViewKey, toSignature, toAddress, isViewKeyStrategy, isInputIdStrategy, isRecordViewKeyStrategy, buildExecutionRequestFromExternallySignedData, computeExternalSigningInputs, } from "./external-signing.js";
+export type { FieldLike, GroupLike, ViewKeyLike, SignatureLike, AddressLike, InputID, ExecutionRequestParams, RecordViewKeyStrategy, ViewKeyStrategy, InputIdStrategy, InputStrategy, ExternalSigningInput, ExternalSigningOptions, RequestSignInput, OutputFormat, FieldOutput, } from "./external-signing.js";

package/dist/mainnet/browser.js

@@ -1,6 +1,6 @@
 import 'core-js/proposals/json-parse-with-source.js';
-import { ViewKey, ComputeKey, Address, PrivateKeyCiphertext, PrivateKey, RecordCiphertext, EncryptionToolkit, Group, Metadata, VerifyingKey, Program, Plaintext, Transaction, ProvingRequest, ProvingKey, RecordPlaintext, Field, Poseidon4, ProgramManager as ProgramManager$1, verifyFunctionExecution } from '@provablehq/wasm/mainnet.js';
-export { Address, Authorization, BHP1024, BHP256, BHP512, BHP768, Boolean, Ciphertext, ComputeKey, EncryptionToolkit, ExecutionRequest, ExecutionResponse, Field, Execution as FunctionExecution, GraphKey, Group, I128, I16, I32, I64, I8, OfflineQuery, Pedersen128, Pedersen64, Plaintext, Poseidon2, Poseidon4, Poseidon8, PrivateKey, PrivateKeyCiphertext, Program, ProgramManager as ProgramManagerBase, ProvingKey, ProvingRequest, RecordCiphertext, RecordPlaintext, Scalar, Signature, Transaction, Transition, U128, U16, U32, U64, U8, VerifyingKey, ViewKey, getOrInitConsensusVersionTestHeights, initThreadPool, verifyFunctionExecution } from '@provablehq/wasm/mainnet.js';
+import { ViewKey, ComputeKey, Address, PrivateKeyCiphertext, PrivateKey, RecordCiphertext, EncryptionToolkit, Group, Metadata, VerifyingKey, Program, Plaintext, Transaction, ProvingRequest, ProvingKey, RecordPlaintext, Field, Poseidon4, ProgramManager as ProgramManager$1, ExecutionRequest, verifyFunctionExecution, Value, Proof, Signature } from '@provablehq/wasm/mainnet.js';
+export { Address, Authorization, BHP1024, BHP256, BHP512, BHP768, Boolean, Ciphertext, ComputeKey, EncryptionToolkit, ExecutionRequest, ExecutionResponse, Field, Execution as FunctionExecution, GraphKey, Group, I128, I16, I32, I64, I8, OfflineQuery, Pedersen128, Pedersen64, Plaintext, Poseidon2, Poseidon4, Poseidon8, PrivateKey, PrivateKeyCiphertext, Program, ProgramManager as ProgramManagerBase, Proof, ProvingKey, ProvingRequest, RecordCiphertext, RecordPlaintext, Scalar, Signature, Transaction, Transition, U128, U16, U32, U64, U8, Value, VerifyingKey, ViewKey, getOrInitConsensusVersionTestHeights, initThreadPool, snarkVerify, snarkVerifyBatch, stringToField, verifyFunctionExecution } from '@provablehq/wasm/mainnet.js';
 import sodium from 'libsodium-wrappers';
 import { bech32m } from '@scure/base';
 
@@ -823,6 +823,7 @@ const FIVE_MINUTES = 5 * 60 * 1000; // 5 minutes in milliseconds
  */
 class AleoNetworkClient {
     host;
+    baseUrl;
     headers;
     account;
     ctx;
@@ -834,6 +835,9 @@ class AleoNetworkClient {
     proverUri;
     recordScannerUri;
     constructor(host, options) {
+        // baseUrl is the API root (origin only) — used for JWT refresh which
+        // lives at /jwts/{consumerId} on the API root, not under the versioned path.
+        this.baseUrl = new URL(host).origin;
         this.host = host + "/mainnet";
         this.network = "mainnet";
         this.ctx = {};
@@ -845,7 +849,7 @@ class AleoNetworkClient {
             else {
                 this.headers = {
                     // This is replaced by the actual version by a Rollup plugin
-                    "X-Aleo-SDK-Version": "0.9.18",
+                    "X-Aleo-SDK-Version": "0.10.0",
                     "X-Aleo-environment": environment(),
                 };
             }
@@ -861,7 +865,7 @@ class AleoNetworkClient {
         else {
             this.headers = {
                 // This is replaced by the actual version by a Rollup plugin
-                "X-Aleo-SDK-Version": "0.9.18",
+                "X-Aleo-SDK-Version": "0.10.0",
                 "X-Aleo-environment": environment(),
             };
         }
@@ -2249,7 +2253,7 @@ class AleoNetworkClient {
         if (!apiKey || !consumerId) {
             throw new Error('API key and consumer ID are required to refresh JWT');
         }
-        const response = await post(`https://api.provable.com/jwts/${consumerId}`, {
+        const response = await post(`${this.baseUrl}/jwts/${consumerId}`, {
             headers: {
                 'X-Provable-API-Key': apiKey
             }
@@ -2336,7 +2340,7 @@ class AleoNetworkClient {
         // Check to see if the JWT needs refreshing.
         const isExpired = jwtData && Date.now() >= jwtData.expiration - FIVE_MINUTES;
         if (!jwtData || isExpired) {
-            if (options.apiKey && options.consumerId) {
+            if (apiKey && consumerId) {
                 jwtData = await this.refreshJwt(apiKey, consumerId);
                 this.jwtData = jwtData;
                 options.jwtData = jwtData;
@@ -3151,6 +3155,51 @@ class InvalidLocatorError extends Error {
     }
 }
 
+/**
+ * Creates a {@link ProvingKeyLocator}.
+ *
+ * @param {string} program - The program name (e.g. "credits.aleo").
+ * @param {string} functionName - The function name (e.g. "transfer_private").
+ * @param {number} [edition=1] - The program edition.
+ * @param {number} [amendment=0] - The program amendment.
+ * @param {string} [network] - The network name. Defaults to the build-time network.
+ * @param {string} [checksum] - Optional SHA-256 checksum for key verification.
+ * @returns {ProvingKeyLocator}
+ */
+function provingKeyLocator(program, functionName, edition = 1, amendment = 0, network = "mainnet", checksum) {
+    return { program, functionName, edition, amendment, network, keyType: "prover", ...(checksum !== undefined && { checksum }) };
+}
+/**
+ * Creates a {@link VerifyingKeyLocator}.
+ *
+ * @param {string} program - The program name (e.g. "credits.aleo").
+ * @param {string} functionName - The function name (e.g. "transfer_private").
+ * @param {number} [edition=1] - The program edition.
+ * @param {number} [amendment=0] - The program amendment.
+ * @param {string} [network] - The network name. Defaults to the build-time network.
+ * @param {string} [checksum] - Optional SHA-256 checksum for key verification.
+ * @returns {VerifyingKeyLocator}
+ */
+function verifyingKeyLocator(program, functionName, edition = 1, amendment = 0, network = "mainnet", checksum) {
+    return { program, functionName, edition, amendment, network, keyType: "verifier", ...(checksum !== undefined && { checksum }) };
+}
+/**
+ * Creates a {@link TranslationKeyLocator}.
+ *
+ * @param {string} program - The program name (e.g. "credits.aleo").
+ * @param {string} functionName - The function name (e.g. "transfer_private").
+ * @param {string} recordName - The record name associated with the translation key.
+ * @param {number} recordInputPosition - The record input position in the function signature.
+ * @param {number} [edition=1] - The program edition.
+ * @param {number} [amendment=0] - The program amendment.
+ * @param {string} [network] - The network name. Defaults to the build-time network.
+ * @param {string} [checksum] - Optional SHA-256 checksum for key verification.
+ * @returns {TranslationKeyLocator}
+ */
+function translationKeyLocator(program, functionName, recordName, recordInputPosition, edition = 1, amendment = 0, network = "mainnet", checksum) {
+    return { program, functionName, edition, amendment, network, keyType: "translation", recordName, recordInputPosition, ...(checksum !== undefined && { checksum }) };
+}
+
 /**
  * Search parameters for the offline key provider. This class implements the KeySearchParams interface and includes
  * a convenience method for creating a new instance of this class for each function of the credits.aleo program.
@@ -4012,6 +4061,7 @@ class BlockHeightSearch {
 class RecordScanner {
     cacheViewKeysOnRegister;
     url;
+    baseUrl;
     apiKey;
     consumerId;
     jwtData;
@@ -4031,6 +4081,9 @@ class RecordScanner {
             throw new Error("The record scanning url should not include the specific network, this is automatically configured by the Provable SDK.");
         }
         // Configure the url to use the network the SDK is using.
+        // baseUrl is the API root (origin only) — used for JWT refresh which
+        // lives at /jwts/{consumerId} on the API root, not under /scanner.
+        this.baseUrl = new URL(options.url).origin;
         this.url = options.url + network;
         // Get any view keys passed in the options.
         this.viewKeys = options.viewKeys ?
@@ -4159,7 +4212,7 @@ class RecordScanner {
      * @returns {Promise<RecordScannerJWTData>} The new JWT data.
      */
     async refreshJwt(apiKey, consumerId) {
-        const response = await post(`${this.url}/jwts/${consumerId}`, {
+        const response = await post(`${this.baseUrl}/jwts/${consumerId}`, {
             headers: {
                 "X-Provable-API-Key": apiKey,
             },
@@ -5976,7 +6029,7 @@ class ProgramManager {
         return await ProgramManager$1.buildAuthorizationUnchecked(executionPrivateKey, program, functionName, inputs, imports, edition);
     }
     /**
-     * Builds a `ProvingRequest` for submission to a prover for execution.
+     * Builds a `ProvingRequest` for submission to a prover for execution. If building a proving request with an ExecutionRequest, a private key must be explicitly provided.
      *
      * @param {ProvingRequestOptions} options - The options for building the proving request
      * @returns {Promise<ProvingRequest>} - A promise that resolves to the transaction or an error.
@@ -6017,6 +6070,9 @@ class ProgramManager {
         let feeRecord = options.feeRecord;
         let imports = options.programImports;
         let edition = options.edition;
+        if (!inputs && !options.executionRequest) {
+            throw new Error("Either function inputs or an execution request must be provided to form a proving request");
+        }
         // Ensure the function exists on the network.
         if (program === undefined) {
             try {
@@ -6045,12 +6101,10 @@ class ProgramManager {
         // Get the private key from the account if it is not provided in the parameters.
         let executionPrivateKey = privateKey;
         if (typeof privateKey === "undefined" &&
-            typeof this.account !== "undefined") {
+            typeof this.account !== "undefined" &&
+            typeof options.executionRequest === "undefined") {
             executionPrivateKey = this.account.privateKey();
         }
-        if (typeof executionPrivateKey === "undefined") {
-            throw "No private key provided and no private key set in the ProgramManager";
-        }
         // Resolve the program imports if they exist.
         const numberOfImports = Program.fromString(program).getImports().length;
         if (numberOfImports > 0 && !imports) {
@@ -6063,7 +6117,7 @@ class ProgramManager {
         }
         // Get the fee record from the account if it is not provided in the parameters
         try {
-            if (privateFee && !useFeeMaster) {
+            if (privateFee && !useFeeMaster && !options.executionRequest) {
                 let fee = priorityFee;
                 // If a fee record wasn't provided, estimate the fee that needs to be paid.
                 if (!feeRecord) {
@@ -6081,8 +6135,21 @@ class ProgramManager {
         catch (e) {
             logAndThrow(`Error finding fee record. Record finder response: '${e.message}'. Please ensure you're connected to a valid Aleo network and a record with enough balance exists.`);
         }
-        // Build and return the `ProvingRequest`.
-        return await ProgramManager$1.buildProvingRequest(executionPrivateKey, program, functionName, inputs, baseFee, priorityFee, feeRecord, imports, broadcast, unchecked, edition, useFeeMaster);
+        if (options.executionRequest instanceof ExecutionRequest) {
+            return await ProgramManager$1.buildProvingRequestFromExecutionRequest(options.executionRequest, program, unchecked, broadcast, edition, imports, executionPrivateKey);
+        }
+        else {
+            // Ensure the private key exists.
+            if (!executionPrivateKey) {
+                throw new Error("No private key provided and no private key set in the ProgramManager");
+            }
+            // Ensure the inputs exist.
+            if (!inputs) {
+                throw new Error("No inputs provided to build a proving request");
+            }
+            // Build and return the `ProvingRequest`.
+            return await ProgramManager$1.buildProvingRequest(executionPrivateKey, program, functionName, inputs, baseFee, priorityFee, feeRecord, imports, broadcast, unchecked, edition, useFeeMaster);
+        }
     }
     /**
      * Builds a SnarkVM fee `Authorization` for `credits.aleo/fee_private` or `credits.aleo/fee_public`. If a record is provided `fee_private` will be executed, otherwise `fee_public` will be executed.
@@ -7763,11 +7830,322 @@ function validateTransferType(transferType) {
         ? transferType
         : logAndThrow(`Invalid transfer type '${transferType}'. Valid transfer types are 'private', 'privateToPublic', 'public', and 'publicToPrivate'.`);
 }
+/**
+ * Convert an array of Aleo type strings to field element strings.
+ *
+ * Inputs that are already field elements (e.g. "1field") are passed through directly.
+ * Other Aleo values (e.g. "1u32", records, futures, dynamic records) are parsed via
+ * Value and converted to their field representation.
+ *
+ * @param {string[]} inputs Array of Aleo value strings
+ * @returns {string[]} Array of field element strings
+ */
+function inputsToFields(inputs) {
+    const fields = [];
+    for (const input of inputs) {
+        if (input.endsWith("field")) {
+            fields.push(input);
+        }
+        else {
+            const value = Value.fromString(input);
+            let valueFields;
+            try {
+                valueFields = value.toFields();
+                for (const f of valueFields) {
+                    fields.push(f.toString());
+                }
+            }
+            finally {
+                if (valueFields) {
+                    for (const f of valueFields) {
+                        f.free();
+                    }
+                }
+                value.free();
+            }
+        }
+    }
+    return fields;
+}
+/**
+ * Verify an Aleo zkSnark proof against a verifying key and public inputs.
+ *
+ * This verifies a proof produced by an Aleo program that may not be deployed on chain.
+ * It directly invokes the Varuna proof verification from snarkVM.
+ *
+ * **Note:** The proof must have been generated with the Fiat-Shamir domain separator
+ * "snark_verify". Proofs generated via snarkVM with a different function name will fail
+ * verification even if the circuit and inputs are correct.
+ *
+ * Inputs can be raw field element strings (e.g. "1field") or Aleo type strings
+ * (e.g. "1u32", "true", "{ x: 1u8, y: 2u8 }"). Non-field inputs are automatically
+ * converted to their field representation via Value.toFields().
+ *
+ * @param {VerificationOptions} options The verification parameters
+ * @returns {boolean} True if the proof is valid, false otherwise
+ *
+ * @example
+ * import { verifyProof } from "@provablehq/sdk/mainnet.js";
+ *
+ * // Using raw field elements:
+ * const isValid = verifyProof({
+ *     verifyingKey: "verifier1...",
+ *     inputs: ["1field", "2field"],
+ *     proof: "proof1...",
+ * });
+ *
+ * // Using Aleo types (automatically converted to fields):
+ * const isValid2 = verifyProof({
+ *     verifyingKey: "verifier1...",
+ *     inputs: ["1u32", "2u32"],
+ *     proof: "proof1...",
+ * });
+ */
+function verifyProof(options) {
+    const fieldInputs = inputsToFields(options.inputs);
+    let verifyingKey;
+    let proof;
+    try {
+        verifyingKey = VerifyingKey.fromString(options.verifyingKey);
+        proof = Proof.fromString(options.proof);
+        return verifyingKey.verify(fieldInputs, proof);
+    }
+    finally {
+        if (verifyingKey)
+            verifyingKey.free();
+        if (proof)
+            proof.free();
+    }
+}
+/**
+ * Verify a batch Aleo zkSnark proof against multiple verifying keys and their corresponding public inputs.
+ *
+ * Each verifying key is paired with one or more sets of public inputs (instances).
+ * Inputs can be raw field element strings or Aleo type strings — non-field inputs
+ * are automatically converted to their field representation.
+ *
+ * **Note:** The proof must have been generated with the Fiat-Shamir domain separator
+ * "snark_verify_batch". Proofs generated with a different function name will fail
+ * verification even if the circuits and inputs are correct.
+ *
+ * @param {BatchVerificationOptions} options The batch verification parameters
+ * @returns {boolean} True if the batch proof is valid, false otherwise
+ *
+ * @example
+ * import { verifyBatchProof } from "@provablehq/sdk/mainnet.js";
+ *
+ * const isValid = verifyBatchProof({
+ *     verifyingKeys: ["verifier1...", "verifier2..."],
+ *     inputs: [[["1field", "2field"]], [["3field"]]],
+ *     proof: "proof1...",
+ * });
+ */
+function verifyBatchProof(options) {
+    const fieldInputs = options.inputs.map(circuit => circuit.map(instance => inputsToFields(instance)));
+    const proof = Proof.fromString(options.proof);
+    try {
+        return VerifyingKey.verifyBatch(options.verifyingKeys, fieldInputs, proof);
+    }
+    finally {
+        proof.free();
+    }
+}
+
+// ---------------------------------------------------------------------------
+// Converters
+// ---------------------------------------------------------------------------
+function toField(value) {
+    if (value instanceof Field)
+        return value;
+    if (typeof value === "string")
+        return Field.fromString(value);
+    if (value instanceof Uint8Array)
+        return Field.fromBytesLe(value);
+    throw new Error("toField: expected Field, string, or Uint8Array");
+}
+function toGroup(value) {
+    if (value instanceof Group)
+        return value;
+    if (value instanceof Field)
+        return Group.fromField(value);
+    if (typeof value === "string") {
+        // If the string contains "field", treat it as an x-coordinate
+        if (value.includes("field"))
+            return Group.fromFieldString(value);
+        return Group.fromString(value);
+    }
+    if (value instanceof Uint8Array) {
+        // Try group deserialization first, fall back to field-to-group
+        try {
+            return Group.fromBytesLe(value);
+        }
+        catch {
+            return Group.fromField(Field.fromBytesLe(value));
+        }
+    }
+    throw new Error("toGroup: expected Group, Field, string, or Uint8Array");
+}
+function toViewKey(value) {
+    if (value instanceof ViewKey)
+        return value;
+    if (typeof value === "string")
+        return ViewKey.from_string(value);
+    if (value instanceof Uint8Array)
+        return ViewKey.fromBytesLe(value);
+    throw new Error("toViewKey: expected ViewKey, string, or Uint8Array");
+}
+function toSignature(value) {
+    if (value instanceof Signature)
+        return value;
+    if (typeof value === "string")
+        return Signature.from_string(value);
+    if (value instanceof Uint8Array)
+        return Signature.fromBytesLe(value);
+    throw new Error("toSignature: expected Signature, string, or Uint8Array");
+}
+function toAddress(value) {
+    if (value instanceof Address)
+        return value;
+    if (typeof value === "string")
+        return Address.from_string(value);
+    if (value instanceof Uint8Array)
+        return Address.fromBytesLe(value);
+    throw new Error("toAddress: expected Address, string, or Uint8Array");
+}
+// ---------------------------------------------------------------------------
+// Type guards
+// ---------------------------------------------------------------------------
+/** Returns `true` if the strategy provides a `viewKey` for deriving record view keys. */
+function isViewKeyStrategy(r) {
+    return r != null && "viewKey" in r;
+}
+/** Returns `true` if the strategy provides pre-computed `inputIds`. */
+function isInputIdStrategy(r) {
+    return r != null && "inputIds" in r;
+}
+/** Returns `true` if the strategy provides explicit `recordViewKeys` (or is the default empty variant). */
+function isRecordViewKeyStrategy(r) {
+    if (r == null || isViewKeyStrategy(r) || isInputIdStrategy(r))
+        return false;
+    const keys = Object.keys(r);
+    return keys.length === 0 || keys.every((k) => k === "recordViewKeys" || k === "gammas");
+}
+
+// ---------------------------------------------------------------------------
+// buildExecutionRequestFromExternallySignedData
+// ---------------------------------------------------------------------------
+/**
+ * Build an ExecutionRequest from externally signed data.
+ *
+ * The `strategy` parameter determines how record input IDs are resolved:
+ * - `{ recordViewKeys?, gammas? }` — explicit record view keys and gammas
+ * - `{ viewKey, gammas? }` — derive record view keys from a ViewKey
+ * - `{ inputIds }` — pre-computed input IDs (Field or [Field, Group, Field, Field, Field] tuples)
+ *
+ * @throws {Error} If `strategy` is not a valid `InputStrategy` variant.
+ *
+ * @example
+ * // With explicit record view keys
+ * buildExecutionRequestFromExternallySignedData(
+ *   { programId, functionName, inputs, inputTypes, signature, tvk, signer, skTag },
+ *   { recordViewKeys: [...], gammas: [...] },
+ * );
+ *
+ * // With a view key
+ * buildExecutionRequestFromExternallySignedData(
+ *   { programId, functionName, inputs, inputTypes, signature, tvk, signer, skTag },
+ *   { viewKey: "AViewKey1..." },
+ * );
+ *
+ * // With pre-computed input IDs
+ * buildExecutionRequestFromExternallySignedData(
+ *   { programId, functionName, inputs, inputTypes, signature, tvk, signer, skTag },
+ *   { inputIds: [...] },
+ * );
+ */
+function buildExecutionRequestFromExternallySignedData(params, strategy = {}) {
+    const { programId, functionName, inputs, inputTypes, signature, tvk, signer, skTag } = params;
+    const sig = toSignature(signature);
+    const tvkField = toField(tvk);
+    const signerAddr = toAddress(signer);
+    const skTagField = toField(skTag);
+    if (isInputIdStrategy(strategy)) {
+        const convertedIds = strategy.inputIds.map((id) => {
+            if (Array.isArray(id)) {
+                return [toField(id[0]), toGroup(id[1]), toField(id[2]), toField(id[3]), toField(id[4])];
+            }
+            return toField(id);
+        });
+        return ExecutionRequest.fromExternallySignedDataWithInputIds(programId, functionName, inputs, inputTypes, sig, tvkField, signerAddr, skTagField, convertedIds);
+    }
+    if (isViewKeyStrategy(strategy)) {
+        return ExecutionRequest.fromExternallySignedDataWithViewKey(programId, functionName, inputs, inputTypes, sig, tvkField, signerAddr, skTagField, toViewKey(strategy.viewKey), strategy.gammas ? strategy.gammas.map(toGroup) : undefined);
+    }
+    if (isRecordViewKeyStrategy(strategy)) {
+        return ExecutionRequest.fromExternallySignedData(programId, functionName, inputs, inputTypes, sig, tvkField, signerAddr, skTagField, strategy.recordViewKeys ? strategy.recordViewKeys.map(toField) : undefined, strategy.gammas ? strategy.gammas.map(toGroup) : undefined);
+    }
+    throw new Error("buildExecutionRequestFromExternallySignedData: strategy must be a RecordViewKeyStrategy ({ recordViewKeys?, gammas? }), "
+        + "ViewKeyStrategy ({ viewKey, gammas? }), or InputIdStrategy ({ inputIds }). "
+        + `Received: ${JSON.stringify(strategy)}`);
+}
+async function computeExternalSigningInputs(options) {
+    const { programName, functionName, inputs, inputTypes, isRoot, checksum, viewKey, outputFormat = "string" } = options;
+    // Convert FieldLike/ViewKeyLike to WASM types (or null)
+    const checksumField = checksum != null ? toField(checksum) : null;
+    const viewKeyObj = viewKey != null ? toViewKey(viewKey) : null;
+    try {
+        const raw = (await ExecutionRequest.computeExternalSigningInputs(programName, functionName, inputs, inputTypes, isRoot, checksumField, viewKeyObj));
+        // Normalize camelCase: WASM may return function_id
+        const functionIdStr = (raw.functionId ?? raw.function_id);
+        const isRootBool = raw.isRoot === "1field";
+        if (outputFormat === "bytes") {
+            return {
+                functionId: fieldStringToBytes(functionIdStr),
+                isRoot: isRootBool,
+                requestInputs: raw.requestInputs.map(serializeRequestSignInputToBytes),
+                checksum: raw.checksum ? fieldStringToBytes(raw.checksum) : undefined,
+                signer: raw.signer ? raw.signer.to_string() : undefined,
+                skTag: raw.skTag ? raw.skTag.toString() : undefined,
+            };
+        }
+        return {
+            functionId: functionIdStr,
+            isRoot: isRootBool,
+            requestInputs: raw.requestInputs,
+            checksum: raw.checksum ?? undefined,
+            signer: raw.signer ? raw.signer.to_string() : undefined,
+            skTag: raw.skTag ? raw.skTag.toString() : undefined,
+        };
+    }
+    catch (e) {
+        const msg = e instanceof Error ? e.message : String(e);
+        logAndThrow(`Error computing public message payload: ${msg}`);
+    }
+}
+// ---------------------------------------------------------------------------
+// Bytes conversion helpers
+// ---------------------------------------------------------------------------
+/** Convert a field-element string (e.g. `"123field"`) to little-endian bytes. */
+function fieldStringToBytes(s) {
+    return Field.fromString(s).toBytesLe();
+}
+/** Convert a {@link RequestSignInput<"string">} to its bytes-serialised equivalent. */
+function serializeRequestSignInputToBytes(input) {
+    return {
+        signingInputType: input.signingInputType,
+        index: fieldStringToBytes(input.index),
+        data: input.data.map(fieldStringToBytes),
+        name: input.name,
+        h: input.h ? fieldStringToBytes(input.h) : undefined,
+        tag: input.tag ? fieldStringToBytes(input.tag) : undefined,
+        recordViewKey: input.recordViewKey ? fieldStringToBytes(input.recordViewKey) : undefined,
+    };
+}
 
 // @TODO: This function is no longer needed, remove it.
 async function initializeWasm() {
     console.warn("initializeWasm is deprecated, you no longer need to use it");
 }
 
-export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoNetworkClient, BlockHeightSearch, CREDITS_PROGRAM_KEYS, KeyVerificationError as ChecksumMismatchError, DecryptionNotEnabledError, InvalidLocatorError, KEY_STORE, KeyVerificationError, MemKeyVerifier, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, PRIVATE_TO_PUBLIC_TRANSFER, PRIVATE_TRANSFER, PRIVATE_TRANSFER_TYPES, PUBLIC_TO_PRIVATE_TRANSFER, PUBLIC_TRANSFER, PUBLIC_TRANSFER_AS_SIGNER, ProgramManager, RECORD_DOMAIN, RecordNotFoundError, RecordScanner, RecordScannerRequestError, SealanceMerkleTree, UUIDError, VALID_TRANSFER_TYPES, ViewKeyNotStoredError, encryptAuthorization, encryptProvingRequest, encryptRegistrationRequest, encryptViewKey, initializeWasm, isProveApiErrorBody, isProvingResponse, logAndThrow, sha256Hex, zeroizeBytes };
+export { Account, AleoKeyProvider, AleoKeyProviderParams, AleoNetworkClient, BlockHeightSearch, CREDITS_PROGRAM_KEYS, KeyVerificationError as ChecksumMismatchError, DecryptionNotEnabledError, InvalidLocatorError, KEY_STORE, KeyVerificationError, MemKeyVerifier, NetworkRecordProvider, OfflineKeyProvider, OfflineSearchParams, PRIVATE_TO_PUBLIC_TRANSFER, PRIVATE_TRANSFER, PRIVATE_TRANSFER_TYPES, PUBLIC_TO_PRIVATE_TRANSFER, PUBLIC_TRANSFER, PUBLIC_TRANSFER_AS_SIGNER, ProgramManager, RECORD_DOMAIN, RecordNotFoundError, RecordScanner, RecordScannerRequestError, SealanceMerkleTree, UUIDError, VALID_TRANSFER_TYPES, ViewKeyNotStoredError, buildExecutionRequestFromExternallySignedData, computeExternalSigningInputs, encryptAuthorization, encryptProvingRequest, encryptRegistrationRequest, encryptViewKey, initializeWasm, inputsToFields, isInputIdStrategy, isProveApiErrorBody, isProvingResponse, isRecordViewKeyStrategy, isViewKeyStrategy, logAndThrow, provingKeyLocator, sha256Hex, toAddress, toField, toGroup, toSignature, toViewKey, translationKeyLocator, verifyBatchProof, verifyProof, verifyingKeyLocator, zeroizeBytes };
 //# sourceMappingURL=browser.js.map