@shroud-fi/core 0.1.0

package/dist/esm/identity.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Agent Identity Factory
+ *
+ * Creates a complete ShroudFi agent identity (key hierarchy + meta-address)
+ * from an optional master seed. If no seed is provided, generates 32
+ * cryptographically random bytes via crypto.getRandomValues.
+ */
+import type { KeyHierarchy, StealthMetaAddress } from './types.js';
+export interface AgentIdentity {
+    readonly keys: KeyHierarchy;
+    readonly metaAddress: StealthMetaAddress;
+}
+/**
+ * Create a full agent identity with key hierarchy and meta-address.
+ *
+ * @param masterSeed - Optional 32-byte seed. If omitted, generates random bytes.
+ * @returns AgentIdentity with derived keys and meta-address
+ */
+export declare function createAgentIdentity(masterSeed?: Uint8Array): AgentIdentity;
+//# sourceMappingURL=identity.d.ts.map

package/dist/esm/identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/identity.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAInE,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,IAAI,EAAE,YAAY,CAAC;IAC5B,QAAQ,CAAC,WAAW,EAAE,kBAAkB,CAAC;CAC1C;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,CAAC,EAAE,UAAU,GAAG,aAAa,CAmB1E"}

package/dist/esm/identity.js

@@ -0,0 +1,35 @@
+/**
+ * Agent Identity Factory
+ *
+ * Creates a complete ShroudFi agent identity (key hierarchy + meta-address)
+ * from an optional master seed. If no seed is provided, generates 32
+ * cryptographically random bytes via crypto.getRandomValues.
+ */
+import { secp256k1 } from '@noble/curves/secp256k1';
+import { randomBytes } from '@noble/hashes/utils';
+import { deriveKeys } from './keys.js';
+import { SCHEME_ID } from './constants.js';
+/**
+ * Create a full agent identity with key hierarchy and meta-address.
+ *
+ * @param masterSeed - Optional 32-byte seed. If omitted, generates random bytes.
+ * @returns AgentIdentity with derived keys and meta-address
+ */
+export function createAgentIdentity(masterSeed) {
+    const seed = masterSeed ?? randomBytes(32);
+    const keys = deriveKeys(seed);
+    // Derive compressed public keys from the private keys.
+    // EIP-5564 scheme 1 has only spending + viewing keys, where "viewing" is the
+    // key used for ECDH scanning. In the @shroud-fi/core hierarchy we name that
+    // ECDH-scan key `scanningKey` (its semantic role). The separate `viewingKey`
+    // is reserved for future compliance/delegated-disclosure flows.
+    const spendingPubKey = secp256k1.getPublicKey(keys.spendingKey.bytes, true);
+    const viewingPubKey = secp256k1.getPublicKey(keys.scanningKey.bytes, true);
+    const metaAddress = {
+        spendingPubKey,
+        viewingPubKey,
+        schemeId: SCHEME_ID,
+    };
+    return { keys, metaAddress };
+}
+//# sourceMappingURL=identity.js.map

package/dist/esm/identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/identity.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAElD,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AACvC,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAO3C;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,UAAuB;IACzD,MAAM,IAAI,GAAG,UAAU,IAAI,WAAW,CAAC,EAAE,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IAE9B,uDAAuD;IACvD,6EAA6E;IAC7E,4EAA4E;IAC5E,6EAA6E;IAC7E,gEAAgE;IAChE,MAAM,cAAc,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC5E,MAAM,aAAa,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAE3E,MAAM,WAAW,GAAuB;QACtC,cAAc;QACd,aAAa;QACb,QAAQ,EAAE,SAAS;KACpB,CAAC;IAEF,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;AAC/B,CAAC"}

package/dist/esm/index.d.ts

@@ -0,0 +1,12 @@
+export type { SpendingKey, ScanningKey, ViewingKey, StealthMetaAddress, StealthAddressResult, KeyHierarchy, } from './types.js';
+export { ShroudFiError, InvalidKeyError, InvalidMetaAddressError, StealthAddressError, } from './errors.js';
+export type { Result } from './errors.js';
+export { SCHEME_ID, HKDF_SALT, ERC5564_ANNOUNCER_ADDRESS, ERC6538_REGISTRY_ADDRESS, } from './constants.js';
+export { deriveKeys } from './keys.js';
+export { generateStealthAddress } from './stealth.js';
+export { computeStealthKey } from './compute-key.js';
+export { extractViewTag, checkViewTag } from './view-tag.js';
+export { encodeMetaAddress, decodeMetaAddress } from './meta-address.js';
+export { createAgentIdentity } from './identity.js';
+export type { AgentIdentity } from './identity.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/esm/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,WAAW,EACX,WAAW,EACX,UAAU,EACV,kBAAkB,EAClB,oBAAoB,EACpB,YAAY,GACb,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,aAAa,EACb,eAAe,EACf,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,aAAa,CAAC;AACrB,YAAY,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAG1C,OAAO,EACL,SAAS,EACT,SAAS,EACT,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAGvC,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAGtD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAGrD,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAG7D,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAGzE,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC;AACpD,YAAY,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC"}

package/dist/esm/index.js

@@ -0,0 +1,17 @@
+// Errors
+export { ShroudFiError, InvalidKeyError, InvalidMetaAddressError, StealthAddressError, } from './errors.js';
+// Constants
+export { SCHEME_ID, HKDF_SALT, ERC5564_ANNOUNCER_ADDRESS, ERC6538_REGISTRY_ADDRESS, } from './constants.js';
+// Key derivation
+export { deriveKeys } from './keys.js';
+// Stealth address generation (sender side)
+export { generateStealthAddress } from './stealth.js';
+// Stealth key computation (recipient side)
+export { computeStealthKey } from './compute-key.js';
+// View tag utilities
+export { extractViewTag, checkViewTag } from './view-tag.js';
+// Meta-address encode/decode
+export { encodeMetaAddress, decodeMetaAddress } from './meta-address.js';
+// Agent identity factory
+export { createAgentIdentity } from './identity.js';
+//# sourceMappingURL=index.js.map

package/dist/esm/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAUA,SAAS;AACT,OAAO,EACL,aAAa,EACb,eAAe,EACf,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,aAAa,CAAC;AAGrB,YAAY;AACZ,OAAO,EACL,SAAS,EACT,SAAS,EACT,yBAAyB,EACzB,wBAAwB,GACzB,MAAM,gBAAgB,CAAC;AAExB,iBAAiB;AACjB,OAAO,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAEvC,2CAA2C;AAC3C,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAEtD,2CAA2C;AAC3C,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAErD,qBAAqB;AACrB,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAE7D,6BAA6B;AAC7B,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAEzE,yBAAyB;AACzB,OAAO,EAAE,mBAAmB,EAAE,MAAM,eAAe,CAAC"}

package/dist/esm/keys.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Key Derivation -- HKDF-SHA256
+ *
+ * Derives a full KeyHierarchy from a 32-byte master seed using
+ * HKDF with domain-separated info labels. Each derived key is
+ * validated as a valid secp256k1 scalar (1 < k < n).
+ */
+import type { KeyHierarchy } from './types.js';
+/**
+ * Derive the full ShroudFi key hierarchy from a master seed.
+ *
+ * @param masterSeed - 32-byte cryptographically random seed
+ * @returns KeyHierarchy with spending, scanning, and viewing keys
+ * @throws InvalidKeyError if seed length is wrong or a derived key is invalid
+ */
+export declare function deriveKeys(masterSeed: Uint8Array): KeyHierarchy;
+//# sourceMappingURL=keys.d.ts.map

package/dist/esm/keys.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"keys.d.ts","sourceRoot":"","sources":["../../src/keys.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,KAAK,EAAE,YAAY,EAAwC,MAAM,YAAY,CAAC;AAiBrF;;;;;;GAMG;AACH,wBAAgB,UAAU,CAAC,UAAU,EAAE,UAAU,GAAG,YAAY,CAmB/D"}

package/dist/esm/keys.js

@@ -0,0 +1,48 @@
+/**
+ * Key Derivation -- HKDF-SHA256
+ *
+ * Derives a full KeyHierarchy from a 32-byte master seed using
+ * HKDF with domain-separated info labels. Each derived key is
+ * validated as a valid secp256k1 scalar (1 < k < n).
+ */
+import { hkdf } from '@noble/hashes/hkdf';
+import { sha256 } from '@noble/hashes/sha256';
+import { secp256k1 } from '@noble/curves/secp256k1';
+import { InvalidKeyError } from './errors.js';
+import { HKDF_SALT } from './constants.js';
+/**
+ * Validate that a 32-byte array is a valid secp256k1 private key scalar.
+ * Must satisfy: 1 <= k < n  (curve order).
+ */
+function assertValidScalar(bytes, label) {
+    if (bytes.length !== 32) {
+        throw new InvalidKeyError(`Derived ${label} has invalid length`);
+    }
+    if (!secp256k1.utils.isValidPrivateKey(bytes)) {
+        throw new InvalidKeyError(`Derived ${label} is not a valid secp256k1 scalar`);
+    }
+}
+/**
+ * Derive the full ShroudFi key hierarchy from a master seed.
+ *
+ * @param masterSeed - 32-byte cryptographically random seed
+ * @returns KeyHierarchy with spending, scanning, and viewing keys
+ * @throws InvalidKeyError if seed length is wrong or a derived key is invalid
+ */
+export function deriveKeys(masterSeed) {
+    if (masterSeed.length !== 32) {
+        throw new InvalidKeyError('Master seed must be exactly 32 bytes');
+    }
+    const spendingBytes = hkdf(sha256, masterSeed, HKDF_SALT, 'spending-key', 32);
+    assertValidScalar(spendingBytes, 'spending key');
+    const scanningBytes = hkdf(sha256, masterSeed, HKDF_SALT, 'scanning-key', 32);
+    assertValidScalar(scanningBytes, 'scanning key');
+    const viewingBytes = hkdf(sha256, masterSeed, HKDF_SALT, 'viewing-key', 32);
+    assertValidScalar(viewingBytes, 'viewing key');
+    return {
+        spendingKey: { __brand: 'SpendingKey', bytes: spendingBytes },
+        scanningKey: { __brand: 'ScanningKey', bytes: scanningBytes },
+        viewingKey: { __brand: 'ViewingKey', bytes: viewingBytes },
+    };
+}
+//# sourceMappingURL=keys.js.map

package/dist/esm/keys.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keys.js","sourceRoot":"","sources":["../../src/keys.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AAEpD,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAE3C;;;GAGG;AACH,SAAS,iBAAiB,CAAC,KAAiB,EAAE,KAAa;IACzD,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QACxB,MAAM,IAAI,eAAe,CAAC,WAAW,KAAK,qBAAqB,CAAC,CAAC;IACnE,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,eAAe,CAAC,WAAW,KAAK,kCAAkC,CAAC,CAAC;IAChF,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,UAAU,CAAC,UAAsB;IAC/C,IAAI,UAAU,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC7B,MAAM,IAAI,eAAe,CAAC,sCAAsC,CAAC,CAAC;IACpE,CAAC;IAED,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;IAC9E,iBAAiB,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;IAEjD,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,cAAc,EAAE,EAAE,CAAC,CAAC;IAC9E,iBAAiB,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;IAEjD,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC;IAC5E,iBAAiB,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC;IAE/C,OAAO;QACL,WAAW,EAAE,EAAE,OAAO,EAAE,aAAsB,EAAE,KAAK,EAAE,aAAa,EAAiB;QACrF,WAAW,EAAE,EAAE,OAAO,EAAE,aAAsB,EAAE,KAAK,EAAE,aAAa,EAAiB;QACrF,UAAU,EAAE,EAAE,OAAO,EAAE,YAAqB,EAAE,KAAK,EAAE,YAAY,EAAgB;KAClF,CAAC;AACJ,CAAC"}

package/dist/esm/meta-address.d.ts

@@ -0,0 +1,26 @@
+/**
+ * ERC-6538 Stealth Meta-Address Encode/Decode
+ *
+ * Format: st:base:0x<spendingPubKey 33 bytes hex><viewingPubKey 33 bytes hex>
+ *
+ * Both keys are SEC1 compressed secp256k1 public keys (prefix 0x02 or 0x03).
+ * Total raw payload: 66 bytes = 132 hex characters.
+ */
+import type { StealthMetaAddress } from './types.js';
+/**
+ * Encode a StealthMetaAddress into the ERC-6538 URI format.
+ *
+ * @param meta - Stealth meta-address containing spending and viewing public keys
+ * @returns Encoded string: "st:base:0x<spendHex><viewHex>"
+ * @throws InvalidMetaAddressError if keys are invalid
+ */
+export declare function encodeMetaAddress(meta: StealthMetaAddress): string;
+/**
+ * Decode an ERC-6538 URI string into a StealthMetaAddress.
+ *
+ * @param encoded - String in format "st:base:0x<66 bytes hex>"
+ * @returns Parsed StealthMetaAddress
+ * @throws InvalidMetaAddressError if format is invalid
+ */
+export declare function decodeMetaAddress(encoded: string): StealthMetaAddress;
+//# sourceMappingURL=meta-address.d.ts.map

package/dist/esm/meta-address.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"meta-address.d.ts","sourceRoot":"","sources":["../../src/meta-address.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAC;AAgCrD;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,kBAAkB,GAAG,MAAM,CAQlE;AAED;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,kBAAkB,CAiCrE"}

package/dist/esm/meta-address.js

@@ -0,0 +1,82 @@
+/**
+ * ERC-6538 Stealth Meta-Address Encode/Decode
+ *
+ * Format: st:base:0x<spendingPubKey 33 bytes hex><viewingPubKey 33 bytes hex>
+ *
+ * Both keys are SEC1 compressed secp256k1 public keys (prefix 0x02 or 0x03).
+ * Total raw payload: 66 bytes = 132 hex characters.
+ */
+import { secp256k1 } from '@noble/curves/secp256k1';
+import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
+import { InvalidMetaAddressError } from './errors.js';
+import { SCHEME_ID } from './constants.js';
+const META_ADDRESS_PREFIX = 'st:base:0x';
+const COMPRESSED_KEY_LENGTH = 33; // bytes
+const TOTAL_PAYLOAD_LENGTH = COMPRESSED_KEY_LENGTH * 2; // 66 bytes
+/**
+ * Validate that a byte array is a valid compressed secp256k1 public key.
+ * Must be 33 bytes with 0x02 or 0x03 prefix.
+ */
+function assertValidCompressedKey(key, label) {
+    if (key.length !== COMPRESSED_KEY_LENGTH) {
+        throw new InvalidMetaAddressError(`${label} must be ${COMPRESSED_KEY_LENGTH} bytes, got ${key.length}`);
+    }
+    const prefix = key[0];
+    if (prefix !== 0x02 && prefix !== 0x03) {
+        throw new InvalidMetaAddressError(`${label} must have 0x02 or 0x03 prefix`);
+    }
+    // Validate it's actually on the curve
+    try {
+        secp256k1.ProjectivePoint.fromHex(key);
+    }
+    catch {
+        throw new InvalidMetaAddressError(`${label} is not a valid secp256k1 point`);
+    }
+}
+/**
+ * Encode a StealthMetaAddress into the ERC-6538 URI format.
+ *
+ * @param meta - Stealth meta-address containing spending and viewing public keys
+ * @returns Encoded string: "st:base:0x<spendHex><viewHex>"
+ * @throws InvalidMetaAddressError if keys are invalid
+ */
+export function encodeMetaAddress(meta) {
+    assertValidCompressedKey(meta.spendingPubKey, 'Spending public key');
+    assertValidCompressedKey(meta.viewingPubKey, 'Viewing public key');
+    const spendHex = bytesToHex(meta.spendingPubKey);
+    const viewHex = bytesToHex(meta.viewingPubKey);
+    return `${META_ADDRESS_PREFIX}${spendHex}${viewHex}`;
+}
+/**
+ * Decode an ERC-6538 URI string into a StealthMetaAddress.
+ *
+ * @param encoded - String in format "st:base:0x<66 bytes hex>"
+ * @returns Parsed StealthMetaAddress
+ * @throws InvalidMetaAddressError if format is invalid
+ */
+export function decodeMetaAddress(encoded) {
+    if (!encoded.startsWith(META_ADDRESS_PREFIX)) {
+        throw new InvalidMetaAddressError(`Meta-address must start with "${META_ADDRESS_PREFIX}"`);
+    }
+    const hexPayload = encoded.slice(META_ADDRESS_PREFIX.length);
+    if (hexPayload.length !== TOTAL_PAYLOAD_LENGTH * 2) {
+        throw new InvalidMetaAddressError(`Meta-address hex payload must be ${TOTAL_PAYLOAD_LENGTH * 2} characters, got ${hexPayload.length}`);
+    }
+    let payloadBytes;
+    try {
+        payloadBytes = hexToBytes(hexPayload);
+    }
+    catch {
+        throw new InvalidMetaAddressError('Meta-address contains invalid hex characters');
+    }
+    const spendingPubKey = payloadBytes.slice(0, COMPRESSED_KEY_LENGTH);
+    const viewingPubKey = payloadBytes.slice(COMPRESSED_KEY_LENGTH);
+    assertValidCompressedKey(spendingPubKey, 'Spending public key');
+    assertValidCompressedKey(viewingPubKey, 'Viewing public key');
+    return {
+        spendingPubKey,
+        viewingPubKey,
+        schemeId: SCHEME_ID,
+    };
+}
+//# sourceMappingURL=meta-address.js.map

package/dist/esm/meta-address.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"meta-address.js","sourceRoot":"","sources":["../../src/meta-address.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAE7D,OAAO,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAE3C,MAAM,mBAAmB,GAAG,YAAY,CAAC;AACzC,MAAM,qBAAqB,GAAG,EAAE,CAAC,CAAC,QAAQ;AAC1C,MAAM,oBAAoB,GAAG,qBAAqB,GAAG,CAAC,CAAC,CAAC,WAAW;AAEnE;;;GAGG;AACH,SAAS,wBAAwB,CAAC,GAAe,EAAE,KAAa;IAC9D,IAAI,GAAG,CAAC,MAAM,KAAK,qBAAqB,EAAE,CAAC;QACzC,MAAM,IAAI,uBAAuB,CAC/B,GAAG,KAAK,YAAY,qBAAqB,eAAe,GAAG,CAAC,MAAM,EAAE,CACrE,CAAC;IACJ,CAAC;IACD,MAAM,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;IACtB,IAAI,MAAM,KAAK,IAAI,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;QACvC,MAAM,IAAI,uBAAuB,CAC/B,GAAG,KAAK,gCAAgC,CACzC,CAAC;IACJ,CAAC;IACD,sCAAsC;IACtC,IAAI,CAAC;QACH,SAAS,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACzC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,uBAAuB,CAAC,GAAG,KAAK,iCAAiC,CAAC,CAAC;IAC/E,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAwB;IACxD,wBAAwB,CAAC,IAAI,CAAC,cAAc,EAAE,qBAAqB,CAAC,CAAC;IACrE,wBAAwB,CAAC,IAAI,CAAC,aAAa,EAAE,oBAAoB,CAAC,CAAC;IAEnE,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAE/C,OAAO,GAAG,mBAAmB,GAAG,QAAQ,GAAG,OAAO,EAAE,CAAC;AACvD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,mBAAmB,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,uBAAuB,CAC/B,iCAAiC,mBAAmB,GAAG,CACxD,CAAC;IACJ,CAAC;IAED,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAE7D,IAAI,UAAU,CAAC,MAAM,KAAK,oBAAoB,GAAG,CAAC,EAAE,CAAC;QACnD,MAAM,IAAI,uBAAuB,CAC/B,oCAAoC,oBAAoB,GAAG,CAAC,oBAAoB,UAAU,CAAC,MAAM,EAAE,CACpG,CAAC;IACJ,CAAC;IAED,IAAI,YAAwB,CAAC;IAC7B,IAAI,CAAC;QACH,YAAY,GAAG,UAAU,CAAC,UAAU,CAAC,CAAC;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,uBAAuB,CAAC,8CAA8C,CAAC,CAAC;IACpF,CAAC;IAED,MAAM,cAAc,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,qBAAqB,CAAC,CAAC;IACpE,MAAM,aAAa,GAAG,YAAY,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC;IAEhE,wBAAwB,CAAC,cAAc,EAAE,qBAAqB,CAAC,CAAC;IAChE,wBAAwB,CAAC,aAAa,EAAE,oBAAoB,CAAC,CAAC;IAE9D,OAAO;QACL,cAAc;QACd,aAAa;QACb,QAAQ,EAAE,SAAS;KACpB,CAAC;AACJ,CAAC"}

package/dist/esm/stealth.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Stealth Address Generation (Sender Side)
+ *
+ * Implements EIP-5564 scheme 1 (secp256k1):
+ *   1. Generate random ephemeral key r, compute R = r*G
+ *   2. ECDH: sharedSecret = r * viewingPubKey
+ *   3. Hash: hashedSecret = keccak256(compress(sharedSecret))
+ *   4. View tag: viewTag = hashedSecret[0]
+ *   5. Stealth pubkey: P_stealth = spendingPubKey + hashedSecret * G
+ *   6. Stealth address: keccak256(uncompressed64(P_stealth))[12:] -> 20-byte address
+ */
+import type { StealthMetaAddress, StealthAddressResult } from './types.js';
+/**
+ * Generate a one-time stealth address for a recipient.
+ *
+ * @param meta - Recipient's stealth meta-address (two compressed public keys)
+ * @returns StealthAddressResult with stealth address, ephemeral pubkey, and view tag
+ * @throws InvalidKeyError if meta-address public keys are invalid
+ * @throws StealthAddressError if the derived stealth point is at infinity
+ */
+export declare function generateStealthAddress(meta: StealthMetaAddress): StealthAddressResult;
+//# sourceMappingURL=stealth.d.ts.map

package/dist/esm/stealth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"stealth.d.ts","sourceRoot":"","sources":["../../src/stealth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAKH,OAAO,KAAK,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAa3E;;;;;;;GAOG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,kBAAkB,GACvB,oBAAoB,CA2DtB"}

package/dist/esm/stealth.js

@@ -0,0 +1,97 @@
+/**
+ * Stealth Address Generation (Sender Side)
+ *
+ * Implements EIP-5564 scheme 1 (secp256k1):
+ *   1. Generate random ephemeral key r, compute R = r*G
+ *   2. ECDH: sharedSecret = r * viewingPubKey
+ *   3. Hash: hashedSecret = keccak256(compress(sharedSecret))
+ *   4. View tag: viewTag = hashedSecret[0]
+ *   5. Stealth pubkey: P_stealth = spendingPubKey + hashedSecret * G
+ *   6. Stealth address: keccak256(uncompressed64(P_stealth))[12:] -> 20-byte address
+ */
+import { secp256k1 } from '@noble/curves/secp256k1';
+import { keccak_256 } from '@noble/hashes/sha3';
+import { bytesToHex } from '@noble/hashes/utils';
+import { StealthAddressError, InvalidKeyError } from './errors.js';
+/**
+ * Convert a 64-byte uncompressed public key (no 0x04 prefix) to an EVM address.
+ * address = last 20 bytes of keccak256(pubkey64)
+ */
+function pubKeyToAddress(uncompressed64) {
+    const hash = keccak_256(uncompressed64);
+    const addrBytes = hash.slice(12);
+    return `0x${bytesToHex(addrBytes)}`;
+}
+/**
+ * Generate a one-time stealth address for a recipient.
+ *
+ * @param meta - Recipient's stealth meta-address (two compressed public keys)
+ * @returns StealthAddressResult with stealth address, ephemeral pubkey, and view tag
+ * @throws InvalidKeyError if meta-address public keys are invalid
+ * @throws StealthAddressError if the derived stealth point is at infinity
+ */
+export function generateStealthAddress(meta) {
+    // Validate input public keys by parsing them (fromHex validates on-curve)
+    let viewingPoint;
+    let spendingPoint;
+    try {
+        viewingPoint = secp256k1.ProjectivePoint.fromHex(meta.viewingPubKey);
+    }
+    catch {
+        throw new InvalidKeyError('Invalid viewing public key in meta-address');
+    }
+    try {
+        spendingPoint = secp256k1.ProjectivePoint.fromHex(meta.spendingPubKey);
+    }
+    catch {
+        throw new InvalidKeyError('Invalid spending public key in meta-address');
+    }
+    // Step 1: Generate ephemeral keypair
+    const ephemeralPriv = secp256k1.utils.randomPrivateKey();
+    const ephemeralPub = secp256k1.getPublicKey(ephemeralPriv, true); // compressed
+    try {
+        // Step 2: ECDH shared secret  S = r * P_view
+        const ephemeralScalar = bytesToBigInt(ephemeralPriv);
+        const sharedSecretPoint = viewingPoint.multiply(ephemeralScalar);
+        // Step 3: Hash the compressed shared secret
+        const sharedSecretCompressed = sharedSecretPoint.toRawBytes(true); // 33 bytes
+        const hashedSecret = keccak_256(sharedSecretCompressed); // 32 bytes
+        // Step 4: View tag = first byte
+        const viewTag = hashedSecret[0];
+        // Step 5: Stealth public key = P_spend + hashedSecret * G
+        const hashedScalar = bytesToBigInt(hashedSecret) % secp256k1.CURVE.n;
+        if (hashedScalar === 0n) {
+            throw new StealthAddressError('Hashed secret reduced to zero');
+        }
+        const hashedPoint = secp256k1.ProjectivePoint.BASE.multiply(hashedScalar);
+        const stealthPubPoint = spendingPoint.add(hashedPoint);
+        // Verify not point at infinity
+        try {
+            stealthPubPoint.assertValidity();
+        }
+        catch {
+            throw new StealthAddressError('Stealth public key is the point at infinity');
+        }
+        // Step 6: Derive EVM address from uncompressed stealth public key
+        const stealthPubUncompressed = stealthPubPoint.toRawBytes(false); // 65 bytes (04 || x || y)
+        const stealthAddress = pubKeyToAddress(stealthPubUncompressed.slice(1)); // strip 0x04 prefix
+        return {
+            stealthAddress,
+            ephemeralPubKey: ephemeralPub,
+            viewTag,
+        };
+    }
+    finally {
+        // Zero ephemeral private key
+        ephemeralPriv.fill(0);
+    }
+}
+/** Convert a Uint8Array to a BigInt (big-endian). */
+function bytesToBigInt(bytes) {
+    let result = 0n;
+    for (const byte of bytes) {
+        result = (result << 8n) | BigInt(byte);
+    }
+    return result;
+}
+//# sourceMappingURL=stealth.js.map

package/dist/esm/stealth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"stealth.js","sourceRoot":"","sources":["../../src/stealth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAEjD,OAAO,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnE;;;GAGG;AACH,SAAS,eAAe,CAAC,cAA0B;IACjD,MAAM,IAAI,GAAG,UAAU,CAAC,cAAc,CAAC,CAAC;IACxC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACjC,OAAO,KAAK,UAAU,CAAC,SAAS,CAAC,EAAmB,CAAC;AACvD,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,sBAAsB,CACpC,IAAwB;IAExB,0EAA0E;IAC1E,IAAI,YAA4D,CAAC;IACjE,IAAI,aAA6D,CAAC;IAClE,IAAI,CAAC;QACH,YAAY,GAAG,SAAS,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IACvE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,eAAe,CAAC,4CAA4C,CAAC,CAAC;IAC1E,CAAC;IACD,IAAI,CAAC;QACH,aAAa,GAAG,SAAS,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IACzE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,eAAe,CAAC,6CAA6C,CAAC,CAAC;IAC3E,CAAC;IAED,qCAAqC;IACrC,MAAM,aAAa,GAAG,SAAS,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IACzD,MAAM,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC,CAAC,aAAa;IAE/E,IAAI,CAAC;QACH,6CAA6C;QAC7C,MAAM,eAAe,GAAG,aAAa,CAAC,aAAa,CAAC,CAAC;QACrD,MAAM,iBAAiB,GAAG,YAAY,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC;QAEjE,4CAA4C;QAC5C,MAAM,sBAAsB,GAAG,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW;QAC9E,MAAM,YAAY,GAAG,UAAU,CAAC,sBAAsB,CAAC,CAAC,CAAC,WAAW;QAEpE,gCAAgC;QAChC,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAE,CAAC;QAEjC,0DAA0D;QAC1D,MAAM,YAAY,GAAG,aAAa,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;QACrE,IAAI,YAAY,KAAK,EAAE,EAAE,CAAC;YACxB,MAAM,IAAI,mBAAmB,CAAC,+BAA+B,CAAC,CAAC;QACjE,CAAC;QACD,MAAM,WAAW,GAAG,SAAS,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAC1E,MAAM,eAAe,GAAG,aAAa,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QAEvD,+BAA+B;QAC/B,IAAI,CAAC;YACH,eAAe,CAAC,cAAc,EAAE,CAAC;QACnC,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,mBAAmB,CAAC,6CAA6C,CAAC,CAAC;QAC/E,CAAC;QAED,kEAAkE;QAClE,MAAM,sBAAsB,GAAG,eAAe,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,0BAA0B;QAC5F,MAAM,cAAc,GAAG,eAAe,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,oBAAoB;QAE7F,OAAO;YACL,cAAc;YACd,eAAe,EAAE,YAAY;YAC7B,OAAO;SACR,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,6BAA6B;QAC7B,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC;AACH,CAAC;AAED,qDAAqD;AACrD,SAAS,aAAa,CAAC,KAAiB;IACtC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/esm/types.d.ts

@@ -0,0 +1,46 @@
+/**
+ * ShroudFi Core Types
+ *
+ * Branded key types for compile-time safety -- prevents accidentally
+ * passing a scanning key where a spending key is expected.
+ */
+/** secp256k1 spending private key (32 bytes). Controls funds. */
+export type SpendingKey = {
+    readonly __brand: 'SpendingKey';
+    readonly bytes: Uint8Array;
+};
+/** secp256k1 scanning private key (32 bytes). Detects incoming payments. */
+export type ScanningKey = {
+    readonly __brand: 'ScanningKey';
+    readonly bytes: Uint8Array;
+};
+/** secp256k1 viewing key (32 bytes). Enables selective disclosure. */
+export type ViewingKey = {
+    readonly __brand: 'ViewingKey';
+    readonly bytes: Uint8Array;
+};
+/**
+ * ERC-6538 stealth meta-address: two compressed secp256k1 public keys.
+ * Shareable -- contains NO private material.
+ */
+export interface StealthMetaAddress {
+    readonly spendingPubKey: Uint8Array;
+    readonly viewingPubKey: Uint8Array;
+    readonly schemeId: number;
+}
+/** Result of generating a one-time stealth address for a recipient. */
+export interface StealthAddressResult {
+    /** The derived stealth EVM address. */
+    readonly stealthAddress: `0x${string}`;
+    /** Compressed ephemeral public key (33 bytes) -- must be announced. */
+    readonly ephemeralPubKey: Uint8Array;
+    /** View tag (0-255) -- first byte of hashed shared secret. */
+    readonly viewTag: number;
+}
+/** Full key hierarchy derived from a master seed. */
+export interface KeyHierarchy {
+    readonly spendingKey: SpendingKey;
+    readonly scanningKey: ScanningKey;
+    readonly viewingKey: ViewingKey;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/esm/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,iEAAiE;AACjE,MAAM,MAAM,WAAW,GAAG;IACxB,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;CAC5B,CAAC;AAEF,4EAA4E;AAC5E,MAAM,MAAM,WAAW,GAAG;IACxB,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC;IAChC,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;CAC5B,CAAC;AAEF,sEAAsE;AACtE,MAAM,MAAM,UAAU,GAAG;IACvB,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;IAC/B,QAAQ,CAAC,KAAK,EAAE,UAAU,CAAC;CAC5B,CAAC;AAEF;;;GAGG;AACH,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,cAAc,EAAE,UAAU,CAAC;IACpC,QAAQ,CAAC,aAAa,EAAE,UAAU,CAAC;IACnC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B;AAED,uEAAuE;AACvE,MAAM,WAAW,oBAAoB;IACnC,uCAAuC;IACvC,QAAQ,CAAC,cAAc,EAAE,KAAK,MAAM,EAAE,CAAC;IACvC,uEAAuE;IACvE,QAAQ,CAAC,eAAe,EAAE,UAAU,CAAC;IACrC,8DAA8D;IAC9D,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,qDAAqD;AACrD,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAClC,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAClC,QAAQ,CAAC,UAAU,EAAE,UAAU,CAAC;CACjC"}

package/dist/esm/types.js

@@ -0,0 +1,8 @@
+/**
+ * ShroudFi Core Types
+ *
+ * Branded key types for compile-time safety -- prevents accidentally
+ * passing a scanning key where a spending key is expected.
+ */
+export {};
+//# sourceMappingURL=types.js.map

package/dist/esm/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/types.ts"],"names":[],"mappings":"AAAA;;;;;GAKG"}

package/dist/esm/view-tag.d.ts

@@ -0,0 +1,29 @@
+/**
+ * View Tag Utilities
+ *
+ * View tags enable fast filtering of stealth address announcements.
+ * The view tag is the first byte of keccak256(compress(ECDH_shared_secret)).
+ * This filters ~99.6% of non-matching announcements with a single byte check.
+ */
+import type { ScanningKey } from './types.js';
+/**
+ * Extract the view tag from a compressed shared secret point.
+ * The view tag is byte 0 of keccak256(compressedPoint).
+ *
+ * @param sharedSecretCompressed - 33-byte compressed secp256k1 point
+ * @returns View tag value (0-255)
+ */
+export declare function extractViewTag(sharedSecretCompressed: Uint8Array): number;
+/**
+ * Check whether a view tag matches for a given scanning key and ephemeral public key.
+ *
+ * Performs the ECDH step and view tag extraction, then compares against
+ * the expected tag. This is the fast-path filter for scanning.
+ *
+ * @param scanningKey - Recipient's scanning private key
+ * @param ephemeralPubKey - Ephemeral public key from the announcement (33 bytes)
+ * @param expectedTag - The view tag from the announcement metadata
+ * @returns true if the view tag matches (candidate for full verification)
+ */
+export declare function checkViewTag(scanningKey: ScanningKey, ephemeralPubKey: Uint8Array, expectedTag: number): boolean;
+//# sourceMappingURL=view-tag.d.ts.map

package/dist/esm/view-tag.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"view-tag.d.ts","sourceRoot":"","sources":["../../src/view-tag.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAG9C;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,sBAAsB,EAAE,UAAU,GAAG,MAAM,CAGzE;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,YAAY,CAC1B,WAAW,EAAE,WAAW,EACxB,eAAe,EAAE,UAAU,EAC3B,WAAW,EAAE,MAAM,GAClB,OAAO,CAkBT"}

package/dist/esm/view-tag.js

@@ -0,0 +1,58 @@
+/**
+ * View Tag Utilities
+ *
+ * View tags enable fast filtering of stealth address announcements.
+ * The view tag is the first byte of keccak256(compress(ECDH_shared_secret)).
+ * This filters ~99.6% of non-matching announcements with a single byte check.
+ */
+import { secp256k1 } from '@noble/curves/secp256k1';
+import { keccak_256 } from '@noble/hashes/sha3';
+import { InvalidKeyError } from './errors.js';
+/**
+ * Extract the view tag from a compressed shared secret point.
+ * The view tag is byte 0 of keccak256(compressedPoint).
+ *
+ * @param sharedSecretCompressed - 33-byte compressed secp256k1 point
+ * @returns View tag value (0-255)
+ */
+export function extractViewTag(sharedSecretCompressed) {
+    const hash = keccak_256(sharedSecretCompressed);
+    return hash[0];
+}
+/**
+ * Check whether a view tag matches for a given scanning key and ephemeral public key.
+ *
+ * Performs the ECDH step and view tag extraction, then compares against
+ * the expected tag. This is the fast-path filter for scanning.
+ *
+ * @param scanningKey - Recipient's scanning private key
+ * @param ephemeralPubKey - Ephemeral public key from the announcement (33 bytes)
+ * @param expectedTag - The view tag from the announcement metadata
+ * @returns true if the view tag matches (candidate for full verification)
+ */
+export function checkViewTag(scanningKey, ephemeralPubKey, expectedTag) {
+    // Validate ephemeral public key
+    let ephemeralPoint;
+    try {
+        ephemeralPoint = secp256k1.ProjectivePoint.fromHex(ephemeralPubKey);
+    }
+    catch {
+        throw new InvalidKeyError('Invalid ephemeral public key');
+    }
+    // ECDH: sharedSecret = scanningPriv * P_ephemeral
+    const scanScalar = bytesToBigInt(scanningKey.bytes);
+    const sharedSecretPoint = ephemeralPoint.multiply(scanScalar);
+    // Hash compressed shared secret and extract view tag
+    const sharedSecretCompressed = sharedSecretPoint.toRawBytes(true);
+    const tag = extractViewTag(sharedSecretCompressed);
+    return tag === expectedTag;
+}
+/** Convert a Uint8Array to a BigInt (big-endian). */
+function bytesToBigInt(bytes) {
+    let result = 0n;
+    for (const byte of bytes) {
+        result = (result << 8n) | BigInt(byte);
+    }
+    return result;
+}
+//# sourceMappingURL=view-tag.js.map

package/dist/esm/view-tag.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"view-tag.js","sourceRoot":"","sources":["../../src/view-tag.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAEhD,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,sBAAkC;IAC/D,MAAM,IAAI,GAAG,UAAU,CAAC,sBAAsB,CAAC,CAAC;IAChD,OAAO,IAAI,CAAC,CAAC,CAAE,CAAC;AAClB,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,YAAY,CAC1B,WAAwB,EACxB,eAA2B,EAC3B,WAAmB;IAEnB,gCAAgC;IAChC,IAAI,cAA8D,CAAC;IACnE,IAAI,CAAC;QACH,cAAc,GAAG,SAAS,CAAC,eAAe,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IACtE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,eAAe,CAAC,8BAA8B,CAAC,CAAC;IAC5D,CAAC;IAED,kDAAkD;IAClD,MAAM,UAAU,GAAG,aAAa,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IACpD,MAAM,iBAAiB,GAAG,cAAc,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAE9D,qDAAqD;IACrD,MAAM,sBAAsB,GAAG,iBAAiB,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IAClE,MAAM,GAAG,GAAG,cAAc,CAAC,sBAAsB,CAAC,CAAC;IAEnD,OAAO,GAAG,KAAK,WAAW,CAAC;AAC7B,CAAC;AAED,qDAAqD;AACrD,SAAS,aAAa,CAAC,KAAiB;IACtC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;IACzC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}