npm - @sip-protocol/sdk - Versions diffs - 0.2.0 → 0.2.1 - Mend

@sip-protocol/sdk 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/browser.d.mts +1 -1
package/dist/browser.d.ts +1 -1
package/dist/browser.js +944 -944
package/dist/browser.mjs +607 -2
package/dist/chunk-4VJHI66K.mjs +12120 -0
package/dist/index.d.mts +39 -39
package/dist/index.d.ts +39 -39
package/dist/index.js +3 -608
package/dist/index.mjs +1 -3
package/package.json +1 -4
package/src/browser.ts +4 -2
package/src/index.ts +3 -2
package/src/proofs/index.ts +10 -6

package/dist/browser.js CHANGED Viewed

@@ -5097,609 +5097,6 @@ function getBrowserInfo() {
   };
 }
-// src/proofs/browser.ts
-var import_noir_js2 = require("@noir-lang/noir_js");
-var import_bb2 = require("@aztec/bb.js");
-var import_secp256k14 = require("@noble/curves/secp256k1");
-var BrowserNoirProvider = class _BrowserNoirProvider {
-  framework = "noir";
-  _isReady = false;
-  config;
-  // Circuit instances
-  fundingNoir = null;
-  fundingBackend = null;
-  validityNoir = null;
-  validityBackend = null;
-  fulfillmentNoir = null;
-  fulfillmentBackend = null;
-  // Worker instance (optional)
-  worker = null;
-  workerPending = /* @__PURE__ */ new Map();
-  constructor(config = {}) {
-    this.config = {
-      useWorker: config.useWorker ?? true,
-      verbose: config.verbose ?? false,
-      oraclePublicKey: config.oraclePublicKey ?? void 0,
-      timeout: config.timeout ?? 6e4
-    };
-    if (!isBrowser()) {
-      console.warn(
-        "[BrowserNoirProvider] Not running in browser environment. Consider using NoirProofProvider for Node.js."
-      );
-    }
-  }
-  get isReady() {
-    return this._isReady;
-  }
-  /**
-   * Get browser environment info
-   */
-  static getBrowserInfo() {
-    return getBrowserInfo();
-  }
-  /**
-   * Check if browser supports all required features
-   */
-  static checkBrowserSupport() {
-    const missing = [];
-    if (!isBrowser()) {
-      missing.push("browser environment");
-    }
-    if (typeof WebAssembly === "undefined") {
-      missing.push("WebAssembly");
-    }
-    if (!supportsSharedArrayBuffer()) {
-      missing.push("SharedArrayBuffer (requires COOP/COEP headers)");
-    }
-    return {
-      supported: missing.length === 0,
-      missing
-    };
-  }
-  /**
-   * Derive secp256k1 public key coordinates from a private key
-   */
-  static derivePublicKey(privateKey) {
-    const uncompressedPubKey = import_secp256k14.secp256k1.getPublicKey(privateKey, false);
-    const x = Array.from(uncompressedPubKey.slice(1, 33));
-    const y = Array.from(uncompressedPubKey.slice(33, 65));
-    return { x, y };
-  }
-  /**
-   * Initialize the browser provider
-   *
-   * Loads WASM and circuit artifacts. This should be called before any
-   * proof generation. Consider showing a loading indicator during init.
-   *
-   * @param onProgress - Optional progress callback
-   */
-  async initialize(onProgress) {
-    if (this._isReady) {
-      return;
-    }
-    const { supported, missing } = _BrowserNoirProvider.checkBrowserSupport();
-    if (!supported) {
-      throw new ProofError(
-        `Browser missing required features: ${missing.join(", ")}`,
-        "SIP_4004" /* PROOF_PROVIDER_NOT_READY */
-      );
-    }
-    try {
-      onProgress?.({
-        stage: "initializing",
-        percent: 0,
-        message: "Loading WASM runtime..."
-      });
-      if (this.config.verbose) {
-        console.log("[BrowserNoirProvider] Initializing...");
-        console.log("[BrowserNoirProvider] Browser info:", getBrowserInfo());
-      }
-      const fundingCircuit = funding_proof_default;
-      const validityCircuit = validity_proof_default;
-      const fulfillmentCircuit = fulfillment_proof_default;
-      onProgress?.({
-        stage: "initializing",
-        percent: 20,
-        message: "Creating proof backends..."
-      });
-      this.fundingBackend = new import_bb2.UltraHonkBackend(fundingCircuit.bytecode);
-      this.validityBackend = new import_bb2.UltraHonkBackend(validityCircuit.bytecode);
-      this.fulfillmentBackend = new import_bb2.UltraHonkBackend(fulfillmentCircuit.bytecode);
-      onProgress?.({
-        stage: "initializing",
-        percent: 60,
-        message: "Initializing Noir circuits..."
-      });
-      this.fundingNoir = new import_noir_js2.Noir(fundingCircuit);
-      this.validityNoir = new import_noir_js2.Noir(validityCircuit);
-      this.fulfillmentNoir = new import_noir_js2.Noir(fulfillmentCircuit);
-      onProgress?.({
-        stage: "initializing",
-        percent: 90,
-        message: "Setting up worker..."
-      });
-      if (this.config.useWorker && supportsWebWorkers()) {
-        await this.initializeWorker();
-      }
-      this._isReady = true;
-      onProgress?.({
-        stage: "complete",
-        percent: 100,
-        message: "Ready for proof generation"
-      });
-      if (this.config.verbose) {
-        console.log("[BrowserNoirProvider] Initialization complete");
-      }
-    } catch (error) {
-      throw new ProofError(
-        `Failed to initialize BrowserNoirProvider: ${error instanceof Error ? error.message : String(error)}`,
-        "SIP_4003" /* PROOF_NOT_IMPLEMENTED */,
-        { context: { error } }
-      );
-    }
-  }
-  /**
-   * Initialize Web Worker for off-main-thread proof generation
-   */
-  async initializeWorker() {
-    if (this.config.verbose) {
-      console.log("[BrowserNoirProvider] Worker support: using async main-thread");
-    }
-  }
-  /**
-   * Generate a Funding Proof
-   *
-   * Proves: balance >= minimumRequired without revealing balance
-   *
-   * @param params - Funding proof parameters
-   * @param onProgress - Optional progress callback
-   */
-  async generateFundingProof(params, onProgress) {
-    this.ensureReady();
-    if (!this.fundingNoir || !this.fundingBackend) {
-      throw new ProofGenerationError("funding", "Funding circuit not initialized");
-    }
-    try {
-      onProgress?.({
-        stage: "witness",
-        percent: 10,
-        message: "Preparing witness inputs..."
-      });
-      const { commitmentHash, blindingField } = await this.computeCommitmentHash(
-        params.balance,
-        params.blindingFactor,
-        params.assetId
-      );
-      const witnessInputs = {
-        commitment_hash: commitmentHash,
-        minimum_required: params.minimumRequired.toString(),
-        asset_id: this.assetIdToField(params.assetId),
-        balance: params.balance.toString(),
-        blinding: blindingField
-      };
-      onProgress?.({
-        stage: "witness",
-        percent: 30,
-        message: "Generating witness..."
-      });
-      const { witness } = await this.fundingNoir.execute(witnessInputs);
-      onProgress?.({
-        stage: "proving",
-        percent: 50,
-        message: "Generating proof (this may take a moment)..."
-      });
-      const proofData = await this.fundingBackend.generateProof(witness);
-      onProgress?.({
-        stage: "complete",
-        percent: 100,
-        message: "Proof generated successfully"
-      });
-      const publicInputs = [
-        `0x${commitmentHash}`,
-        `0x${params.minimumRequired.toString(16).padStart(16, "0")}`,
-        `0x${this.assetIdToField(params.assetId)}`
-      ];
-      const proof = {
-        type: "funding",
-        proof: `0x${bytesToHex7(proofData.proof)}`,
-        publicInputs
-      };
-      return { proof, publicInputs };
-    } catch (error) {
-      const message = error instanceof Error ? error.message : String(error);
-      throw new ProofGenerationError(
-        "funding",
-        `Failed to generate funding proof: ${message}`,
-        error instanceof Error ? error : void 0
-      );
-    }
-  }
-  /**
-   * Generate a Validity Proof
-   *
-   * Proves: Intent is authorized by sender without revealing identity
-   */
-  async generateValidityProof(params, onProgress) {
-    this.ensureReady();
-    if (!this.validityNoir || !this.validityBackend) {
-      throw new ProofGenerationError("validity", "Validity circuit not initialized");
-    }
-    try {
-      onProgress?.({
-        stage: "witness",
-        percent: 10,
-        message: "Preparing validity witness..."
-      });
-      const intentHashField = this.hexToField(params.intentHash);
-      const senderAddressField = this.hexToField(params.senderAddress);
-      const senderBlindingField = this.bytesToField(params.senderBlinding);
-      const senderSecretField = this.bytesToField(params.senderSecret);
-      const nonceField = this.bytesToField(params.nonce);
-      const { commitmentX, commitmentY } = await this.computeSenderCommitment(
-        senderAddressField,
-        senderBlindingField
-      );
-      const nullifier = await this.computeNullifier(senderSecretField, intentHashField, nonceField);
-      const signature = Array.from(params.authorizationSignature);
-      const messageHash = this.fieldToBytes32(intentHashField);
-      let pubKeyX;
-      let pubKeyY;
-      if (params.senderPublicKey) {
-        pubKeyX = Array.from(params.senderPublicKey.x);
-        pubKeyY = Array.from(params.senderPublicKey.y);
-      } else {
-        const coords = this.getPublicKeyCoordinates(params.senderSecret);
-        pubKeyX = coords.x;
-        pubKeyY = coords.y;
-      }
-      const witnessInputs = {
-        intent_hash: intentHashField,
-        sender_commitment_x: commitmentX,
-        sender_commitment_y: commitmentY,
-        nullifier,
-        timestamp: params.timestamp.toString(),
-        expiry: params.expiry.toString(),
-        sender_address: senderAddressField,
-        sender_blinding: senderBlindingField,
-        sender_secret: senderSecretField,
-        pub_key_x: pubKeyX,
-        pub_key_y: pubKeyY,
-        signature,
-        message_hash: messageHash,
-        nonce: nonceField
-      };
-      onProgress?.({
-        stage: "witness",
-        percent: 30,
-        message: "Generating witness..."
-      });
-      const { witness } = await this.validityNoir.execute(witnessInputs);
-      onProgress?.({
-        stage: "proving",
-        percent: 50,
-        message: "Generating validity proof..."
-      });
-      const proofData = await this.validityBackend.generateProof(witness);
-      onProgress?.({
-        stage: "complete",
-        percent: 100,
-        message: "Validity proof generated"
-      });
-      const publicInputs = [
-        `0x${intentHashField}`,
-        `0x${commitmentX}`,
-        `0x${commitmentY}`,
-        `0x${nullifier}`,
-        `0x${params.timestamp.toString(16).padStart(16, "0")}`,
-        `0x${params.expiry.toString(16).padStart(16, "0")}`
-      ];
-      const proof = {
-        type: "validity",
-        proof: `0x${bytesToHex7(proofData.proof)}`,
-        publicInputs
-      };
-      return { proof, publicInputs };
-    } catch (error) {
-      const message = error instanceof Error ? error.message : String(error);
-      throw new ProofGenerationError(
-        "validity",
-        `Failed to generate validity proof: ${message}`,
-        error instanceof Error ? error : void 0
-      );
-    }
-  }
-  /**
-   * Generate a Fulfillment Proof
-   *
-   * Proves: Solver correctly executed the intent
-   */
-  async generateFulfillmentProof(params, onProgress) {
-    this.ensureReady();
-    if (!this.fulfillmentNoir || !this.fulfillmentBackend) {
-      throw new ProofGenerationError("fulfillment", "Fulfillment circuit not initialized");
-    }
-    try {
-      onProgress?.({
-        stage: "witness",
-        percent: 10,
-        message: "Preparing fulfillment witness..."
-      });
-      const intentHashField = this.hexToField(params.intentHash);
-      const recipientStealthField = this.hexToField(params.recipientStealth);
-      const { commitmentX, commitmentY } = await this.computeOutputCommitment(
-        params.outputAmount,
-        params.outputBlinding
-      );
-      const solverSecretField = this.bytesToField(params.solverSecret);
-      const solverId = await this.computeSolverId(solverSecretField);
-      const outputBlindingField = this.bytesToField(params.outputBlinding);
-      const attestation = params.oracleAttestation;
-      const attestationRecipientField = this.hexToField(attestation.recipient);
-      const attestationTxHashField = this.hexToField(attestation.txHash);
-      const oracleSignature = Array.from(attestation.signature);
-      const oracleMessageHash = await this.computeOracleMessageHash(
-        attestation.recipient,
-        attestation.amount,
-        attestation.txHash,
-        attestation.blockNumber
-      );
-      const oraclePubKeyX = this.config.oraclePublicKey?.x ?? new Array(32).fill(0);
-      const oraclePubKeyY = this.config.oraclePublicKey?.y ?? new Array(32).fill(0);
-      const witnessInputs = {
-        intent_hash: intentHashField,
-        output_commitment_x: commitmentX,
-        output_commitment_y: commitmentY,
-        recipient_stealth: recipientStealthField,
-        min_output_amount: params.minOutputAmount.toString(),
-        solver_id: solverId,
-        fulfillment_time: params.fulfillmentTime.toString(),
-        expiry: params.expiry.toString(),
-        output_amount: params.outputAmount.toString(),
-        output_blinding: outputBlindingField,
-        solver_secret: solverSecretField,
-        attestation_recipient: attestationRecipientField,
-        attestation_amount: attestation.amount.toString(),
-        attestation_tx_hash: attestationTxHashField,
-        attestation_block: attestation.blockNumber.toString(),
-        oracle_signature: oracleSignature,
-        oracle_message_hash: oracleMessageHash,
-        oracle_pub_key_x: oraclePubKeyX,
-        oracle_pub_key_y: oraclePubKeyY
-      };
-      onProgress?.({
-        stage: "witness",
-        percent: 30,
-        message: "Generating witness..."
-      });
-      const { witness } = await this.fulfillmentNoir.execute(witnessInputs);
-      onProgress?.({
-        stage: "proving",
-        percent: 50,
-        message: "Generating fulfillment proof..."
-      });
-      const proofData = await this.fulfillmentBackend.generateProof(witness);
-      onProgress?.({
-        stage: "complete",
-        percent: 100,
-        message: "Fulfillment proof generated"
-      });
-      const publicInputs = [
-        `0x${intentHashField}`,
-        `0x${commitmentX}`,
-        `0x${commitmentY}`,
-        `0x${recipientStealthField}`,
-        `0x${params.minOutputAmount.toString(16).padStart(16, "0")}`,
-        `0x${solverId}`,
-        `0x${params.fulfillmentTime.toString(16).padStart(16, "0")}`,
-        `0x${params.expiry.toString(16).padStart(16, "0")}`
-      ];
-      const proof = {
-        type: "fulfillment",
-        proof: `0x${bytesToHex7(proofData.proof)}`,
-        publicInputs
-      };
-      return { proof, publicInputs };
-    } catch (error) {
-      const message = error instanceof Error ? error.message : String(error);
-      throw new ProofGenerationError(
-        "fulfillment",
-        `Failed to generate fulfillment proof: ${message}`,
-        error instanceof Error ? error : void 0
-      );
-    }
-  }
-  /**
-   * Verify a proof
-   */
-  async verifyProof(proof) {
-    this.ensureReady();
-    let backend = null;
-    switch (proof.type) {
-      case "funding":
-        backend = this.fundingBackend;
-        break;
-      case "validity":
-        backend = this.validityBackend;
-        break;
-      case "fulfillment":
-        backend = this.fulfillmentBackend;
-        break;
-      default:
-        throw new ProofError(`Unknown proof type: ${proof.type}`, "SIP_4003" /* PROOF_NOT_IMPLEMENTED */);
-    }
-    if (!backend) {
-      throw new ProofError(
-        `${proof.type} backend not initialized`,
-        "SIP_4004" /* PROOF_PROVIDER_NOT_READY */
-      );
-    }
-    try {
-      const proofHex = proof.proof.startsWith("0x") ? proof.proof.slice(2) : proof.proof;
-      const proofBytes = hexToBytes5(proofHex);
-      const isValid = await backend.verifyProof({
-        proof: proofBytes,
-        publicInputs: proof.publicInputs.map(
-          (input) => input.startsWith("0x") ? input.slice(2) : input
-        )
-      });
-      return isValid;
-    } catch (error) {
-      if (this.config.verbose) {
-        console.error("[BrowserNoirProvider] Verification error:", error);
-      }
-      return false;
-    }
-  }
-  /**
-   * Destroy the provider and free resources
-   */
-  async destroy() {
-    if (this.fundingBackend) {
-      await this.fundingBackend.destroy();
-      this.fundingBackend = null;
-    }
-    if (this.validityBackend) {
-      await this.validityBackend.destroy();
-      this.validityBackend = null;
-    }
-    if (this.fulfillmentBackend) {
-      await this.fulfillmentBackend.destroy();
-      this.fulfillmentBackend = null;
-    }
-    if (this.worker) {
-      this.worker.terminate();
-      this.worker = null;
-    }
-    this.fundingNoir = null;
-    this.validityNoir = null;
-    this.fulfillmentNoir = null;
-    this._isReady = false;
-  }
-  // ─── Private Utility Methods ────────────────────────────────────────────────
-  ensureReady() {
-    if (!this._isReady) {
-      throw new ProofError(
-        "BrowserNoirProvider not initialized. Call initialize() first.",
-        "SIP_4004" /* PROOF_PROVIDER_NOT_READY */
-      );
-    }
-  }
-  async computeCommitmentHash(balance, blindingFactor, assetId) {
-    const blindingField = this.bytesToField(blindingFactor);
-    const { sha256: sha25611 } = await import("@noble/hashes/sha256");
-    const { bytesToHex: nobleToHex } = await import("@noble/hashes/utils");
-    const preimage = new Uint8Array([
-      ...this.bigintToBytes(balance, 8),
-      ...blindingFactor.slice(0, 32),
-      ...hexToBytes5(this.assetIdToField(assetId))
-    ]);
-    const hash2 = sha25611(preimage);
-    const commitmentHash = nobleToHex(hash2);
-    return { commitmentHash, blindingField };
-  }
-  assetIdToField(assetId) {
-    if (assetId.startsWith("0x")) {
-      return assetId.slice(2).padStart(64, "0");
-    }
-    const encoder = new TextEncoder();
-    const bytes = encoder.encode(assetId);
-    let result = 0n;
-    for (let i = 0; i < bytes.length && i < 31; i++) {
-      result = result * 256n + BigInt(bytes[i]);
-    }
-    return result.toString(16).padStart(64, "0");
-  }
-  bytesToField(bytes) {
-    let result = 0n;
-    const len = Math.min(bytes.length, 31);
-    for (let i = 0; i < len; i++) {
-      result = result * 256n + BigInt(bytes[i]);
-    }
-    return result.toString();
-  }
-  bigintToBytes(value, length) {
-    const bytes = new Uint8Array(length);
-    let v = value;
-    for (let i = length - 1; i >= 0; i--) {
-      bytes[i] = Number(v & 0xffn);
-      v = v >> 8n;
-    }
-    return bytes;
-  }
-  hexToField(hex) {
-    const h = hex.startsWith("0x") ? hex.slice(2) : hex;
-    return h.padStart(64, "0");
-  }
-  fieldToBytes32(field) {
-    const hex = field.padStart(64, "0");
-    const bytes = [];
-    for (let i = 0; i < 32; i++) {
-      bytes.push(parseInt(hex.slice(i * 2, i * 2 + 2), 16));
-    }
-    return bytes;
-  }
-  async computeSenderCommitment(senderAddressField, senderBlindingField) {
-    const { sha256: sha25611 } = await import("@noble/hashes/sha256");
-    const { bytesToHex: nobleToHex } = await import("@noble/hashes/utils");
-    const addressBytes = hexToBytes5(senderAddressField);
-    const blindingBytes = hexToBytes5(senderBlindingField.padStart(64, "0"));
-    const preimage = new Uint8Array([...addressBytes, ...blindingBytes]);
-    const hash2 = sha25611(preimage);
-    const commitmentX = nobleToHex(hash2.slice(0, 16)).padStart(64, "0");
-    const commitmentY = nobleToHex(hash2.slice(16, 32)).padStart(64, "0");
-    return { commitmentX, commitmentY };
-  }
-  async computeNullifier(senderSecretField, intentHashField, nonceField) {
-    const { sha256: sha25611 } = await import("@noble/hashes/sha256");
-    const { bytesToHex: nobleToHex } = await import("@noble/hashes/utils");
-    const secretBytes = hexToBytes5(senderSecretField.padStart(64, "0"));
-    const intentBytes = hexToBytes5(intentHashField);
-    const nonceBytes = hexToBytes5(nonceField.padStart(64, "0"));
-    const preimage = new Uint8Array([...secretBytes, ...intentBytes, ...nonceBytes]);
-    const hash2 = sha25611(preimage);
-    return nobleToHex(hash2);
-  }
-  async computeOutputCommitment(outputAmount, outputBlinding) {
-    const { sha256: sha25611 } = await import("@noble/hashes/sha256");
-    const { bytesToHex: nobleToHex } = await import("@noble/hashes/utils");
-    const amountBytes = this.bigintToBytes(outputAmount, 8);
-    const blindingBytes = outputBlinding.slice(0, 32);
-    const preimage = new Uint8Array([...amountBytes, ...blindingBytes]);
-    const hash2 = sha25611(preimage);
-    const commitmentX = nobleToHex(hash2.slice(0, 16)).padStart(64, "0");
-    const commitmentY = nobleToHex(hash2.slice(16, 32)).padStart(64, "0");
-    return { commitmentX, commitmentY };
-  }
-  async computeSolverId(solverSecretField) {
-    const { sha256: sha25611 } = await import("@noble/hashes/sha256");
-    const { bytesToHex: nobleToHex } = await import("@noble/hashes/utils");
-    const secretBytes = hexToBytes5(solverSecretField.padStart(64, "0"));
-    const hash2 = sha25611(secretBytes);
-    return nobleToHex(hash2);
-  }
-  async computeOracleMessageHash(recipient, amount, txHash, blockNumber) {
-    const { sha256: sha25611 } = await import("@noble/hashes/sha256");
-    const recipientBytes = hexToBytes5(this.hexToField(recipient));
-    const amountBytes = this.bigintToBytes(amount, 8);
-    const txHashBytes = hexToBytes5(this.hexToField(txHash));
-    const blockBytes = this.bigintToBytes(blockNumber, 8);
-    const preimage = new Uint8Array([
-      ...recipientBytes,
-      ...amountBytes,
-      ...txHashBytes,
-      ...blockBytes
-    ]);
-    const hash2 = sha25611(preimage);
-    return Array.from(hash2);
-  }
-  getPublicKeyCoordinates(privateKey) {
-    const uncompressedPubKey = import_secp256k14.secp256k1.getPublicKey(privateKey, false);
-    const x = Array.from(uncompressedPubKey.slice(1, 33));
-    const y = Array.from(uncompressedPubKey.slice(33, 65));
-    return { x, y };
-  }
-};
 // src/oracle/types.ts
 var ORACLE_DOMAIN = "SIP-ORACLE-ATTESTATION-V1";
 var ATTESTATION_VERSION = 1;
@@ -7653,7 +7050,7 @@ function getPaymentSummary(payment) {
 // src/treasury/treasury.ts
 var import_types12 = require("@sip-protocol/types");
-var import_secp256k15 = require("@noble/curves/secp256k1");
+var import_secp256k14 = require("@noble/curves/secp256k1");
 var import_sha25610 = require("@noble/hashes/sha256");
 var import_utils12 = require("@noble/hashes/utils");
 var DEFAULT_PROPOSAL_TTL = 7 * 24 * 60 * 60;
@@ -8169,7 +7566,7 @@ function signMessage(messageHash, privateKey) {
   const keyHex = privateKey.startsWith("0x") ? privateKey.slice(2) : privateKey;
   const keyBytes = (0, import_utils12.hexToBytes)(keyHex);
   try {
-    const signature = import_secp256k15.secp256k1.sign(messageHash, keyBytes);
+    const signature = import_secp256k14.secp256k1.sign(messageHash, keyBytes);
     return `0x${signature.toCompactHex()}`;
   } finally {
     secureWipe(keyBytes);
@@ -8181,7 +7578,7 @@ function verifySignature(messageHash, signature, publicKey) {
   try {
     const sigBytes = (0, import_utils12.hexToBytes)(sigHex);
     const pubKeyBytes = (0, import_utils12.hexToBytes)(pubKeyHex);
-    return import_secp256k15.secp256k1.verify(sigBytes, messageHash, pubKeyBytes);
+    return import_secp256k14.secp256k1.verify(sigBytes, messageHash, pubKeyBytes);
   } catch {
     return false;
   }
@@ -12202,31 +11599,298 @@ var TrezorWalletAdapter = class extends BaseWalletAdapter {
         "trezor"
       );
     }
-    if (err.message?.includes("not found") || err.message?.includes("No device")) {
-      return new HardwareWalletError(
-        "Trezor device not found",
-        HardwareErrorCode.DEVICE_NOT_FOUND,
-        "trezor"
-      );
+    if (err.message?.includes("not found") || err.message?.includes("No device")) {
+      return new HardwareWalletError(
+        "Trezor device not found",
+        HardwareErrorCode.DEVICE_NOT_FOUND,
+        "trezor"
+      );
+    }
+    return new HardwareWalletError(
+      err.message ?? "Unknown Trezor error",
+      HardwareErrorCode.TRANSPORT_ERROR,
+      "trezor",
+      error
+    );
+  }
+};
+function createTrezorAdapter(config) {
+  return new TrezorWalletAdapter(config);
+}
+// src/wallet/hardware/mock.ts
+var import_types29 = require("@sip-protocol/types");
+var import_utils14 = require("@noble/hashes/utils");
+var MockLedgerAdapter = class extends BaseWalletAdapter {
+  chain;
+  name = "mock-ledger";
+  config;
+  _derivationPath;
+  _deviceInfo = null;
+  _account = null;
+  mockAccounts = [];
+  constructor(config) {
+    super();
+    this.chain = config.chain;
+    this.config = {
+      model: "nanoX",
+      accountIndex: 0,
+      isLocked: false,
+      signingDelay: 100,
+      shouldReject: false,
+      shouldFailConnect: false,
+      accountCount: 5,
+      ...config
+    };
+    this._derivationPath = config.derivationPath ?? getDerivationPath(config.chain, config.accountIndex ?? 0);
+    this.generateMockAccounts();
+  }
+  /**
+   * Get device information
+   */
+  get deviceInfo() {
+    return this._deviceInfo;
+  }
+  /**
+   * Get current derivation path
+   */
+  get derivationPath() {
+    return this._derivationPath;
+  }
+  /**
+   * Get current account
+   */
+  get account() {
+    return this._account;
+  }
+  /**
+   * Connect to mock Ledger device
+   */
+  async connect() {
+    this._connectionState = "connecting";
+    await this.delay(200);
+    if (this.config.shouldFailConnect) {
+      this._connectionState = "error";
+      throw new HardwareWalletError(
+        "Mock connection failure",
+        HardwareErrorCode.DEVICE_NOT_FOUND,
+        "ledger"
+      );
+    }
+    if (this.config.isLocked) {
+      this._connectionState = "error";
+      throw new HardwareWalletError(
+        "Device is locked. Please enter PIN.",
+        HardwareErrorCode.DEVICE_LOCKED,
+        "ledger"
+      );
+    }
+    this._account = this.mockAccounts[this.config.accountIndex ?? 0];
+    this._deviceInfo = {
+      manufacturer: "ledger",
+      model: this.config.model ?? "Nano X",
+      firmwareVersion: "2.1.0",
+      isLocked: false,
+      currentApp: this.getAppName(),
+      label: "Mock Ledger",
+      deviceId: "mock-ledger-001"
+    };
+    this.setConnected(this._account.address, this._account.publicKey);
+  }
+  /**
+   * Disconnect from mock device
+   */
+  async disconnect() {
+    this._account = null;
+    this._deviceInfo = null;
+    this.setDisconnected();
+  }
+  /**
+   * Sign a message
+   */
+  async signMessage(message) {
+    this.requireConnected();
+    await this.delay(this.config.signingDelay ?? 100);
+    if (this.config.shouldReject) {
+      throw new HardwareWalletError(
+        "User rejected on device",
+        HardwareErrorCode.USER_REJECTED,
+        "ledger"
+      );
+    }
+    const sig = this.generateMockSignature(message);
+    return {
+      signature: sig,
+      publicKey: this._account.publicKey
+    };
+  }
+  /**
+   * Sign a transaction
+   */
+  async signTransaction(tx) {
+    this.requireConnected();
+    await this.delay(this.config.signingDelay ?? 100);
+    if (this.config.shouldReject) {
+      throw new HardwareWalletError(
+        "Transaction rejected on device",
+        HardwareErrorCode.USER_REJECTED,
+        "ledger"
+      );
+    }
+    const sig = this.generateMockSignature(
+      new TextEncoder().encode(JSON.stringify(tx.data))
+    );
+    return {
+      unsigned: tx,
+      signatures: [
+        {
+          signature: sig,
+          publicKey: this._account.publicKey
+        }
+      ],
+      serialized: sig
+    };
+  }
+  /**
+   * Sign and send transaction
+   */
+  async signAndSendTransaction(tx) {
+    const signed = await this.signTransaction(tx);
+    return {
+      txHash: signed.serialized.slice(0, 66),
+      status: "pending"
+    };
+  }
+  /**
+   * Get balance (not supported by hardware wallets)
+   */
+  async getBalance() {
+    throw new WalletError(
+      "Hardware wallets do not track balances",
+      import_types29.WalletErrorCode.UNSUPPORTED_OPERATION
+    );
+  }
+  /**
+   * Get token balance (not supported by hardware wallets)
+   */
+  async getTokenBalance(_asset) {
+    throw new WalletError(
+      "Hardware wallets do not track balances",
+      import_types29.WalletErrorCode.UNSUPPORTED_OPERATION
+    );
+  }
+  /**
+   * Get multiple accounts
+   */
+  async getAccounts(startIndex = 0, count = 5) {
+    this.requireConnected();
+    return this.mockAccounts.slice(startIndex, startIndex + count);
+  }
+  /**
+   * Switch account
+   */
+  async switchAccount(accountIndex) {
+    this.requireConnected();
+    if (accountIndex >= this.mockAccounts.length) {
+      throw new HardwareWalletError(
+        "Account index out of range",
+        HardwareErrorCode.INVALID_PATH,
+        "ledger"
+      );
+    }
+    const previousAddress = this._address;
+    this._account = this.mockAccounts[accountIndex];
+    this._derivationPath = this._account.derivationPath;
+    this.setConnected(this._account.address, this._account.publicKey);
+    if (previousAddress !== this._account.address) {
+      this.emitAccountChanged(previousAddress, this._account.address);
+    }
+    return this._account;
+  }
+  // ─── Test Helpers ───────────────────────────────────────────────────────────
+  /**
+   * Set whether device should reject signing
+   */
+  setShouldReject(shouldReject) {
+    this.config.shouldReject = shouldReject;
+  }
+  /**
+   * Set signing delay
+   */
+  setSigningDelay(delay) {
+    this.config.signingDelay = delay;
+  }
+  /**
+   * Simulate device lock
+   */
+  simulateLock() {
+    if (this._deviceInfo) {
+      this._deviceInfo.isLocked = true;
+    }
+    this.config.isLocked = true;
+  }
+  /**
+   * Simulate device unlock
+   */
+  simulateUnlock() {
+    if (this._deviceInfo) {
+      this._deviceInfo.isLocked = false;
+    }
+    this.config.isLocked = false;
+  }
+  // ─── Private Methods ────────────────────────────────────────────────────────
+  getAppName() {
+    switch (this.chain) {
+      case "ethereum":
+        return "Ethereum";
+      case "solana":
+        return "Solana";
+      default:
+        return "Unknown";
+    }
+  }
+  generateMockAccounts() {
+    const count = this.config.accountCount ?? 5;
+    for (let i = 0; i < count; i++) {
+      const path = getDerivationPath(this.chain, i);
+      const address = this.config.mockAddress && i === 0 ? this.config.mockAddress : this.generateMockAddress(i);
+      const publicKey = this.config.mockPublicKey && i === 0 ? this.config.mockPublicKey : this.generateMockPublicKey(i);
+      this.mockAccounts.push({
+        address,
+        publicKey,
+        derivationPath: path,
+        index: i,
+        chain: this.chain
+      });
+    }
+  }
+  generateMockAddress(index) {
+    const bytes = (0, import_utils14.randomBytes)(20);
+    bytes[0] = index;
+    return `0x${(0, import_utils14.bytesToHex)(bytes)}`;
+  }
+  generateMockPublicKey(index) {
+    const bytes = (0, import_utils14.randomBytes)(33);
+    bytes[0] = 2;
+    bytes[1] = index;
+    return `0x${(0, import_utils14.bytesToHex)(bytes)}`;
+  }
+  generateMockSignature(data) {
+    const sig = new Uint8Array(65);
+    for (let i = 0; i < 32; i++) {
+      sig[i] = (data[i % data.length] ?? 0) ^ i * 7;
+      sig[32 + i] = (data[i % data.length] ?? 0) ^ i * 11;
     }
-    return new HardwareWalletError(
-      err.message ?? "Unknown Trezor error",
-      HardwareErrorCode.TRANSPORT_ERROR,
-      "trezor",
-      error
-    );
+    sig[64] = 27;
+    return `0x${(0, import_utils14.bytesToHex)(sig)}`;
+  }
+  delay(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
   }
 };
-function createTrezorAdapter(config) {
-  return new TrezorWalletAdapter(config);
-}
-// src/wallet/hardware/mock.ts
-var import_types29 = require("@sip-protocol/types");
-var import_utils14 = require("@noble/hashes/utils");
-var MockLedgerAdapter = class extends BaseWalletAdapter {
+var MockTrezorAdapter = class extends BaseWalletAdapter {
   chain;
-  name = "mock-ledger";
+  name = "mock-trezor";
   config;
   _derivationPath;
   _deviceInfo = null;
@@ -12236,7 +11900,7 @@ var MockLedgerAdapter = class extends BaseWalletAdapter {
     super();
     this.chain = config.chain;
     this.config = {
-      model: "nanoX",
+      model: "T",
       accountIndex: 0,
       isLocked: false,
       signingDelay: 100,
@@ -12248,27 +11912,15 @@ var MockLedgerAdapter = class extends BaseWalletAdapter {
     this._derivationPath = config.derivationPath ?? getDerivationPath(config.chain, config.accountIndex ?? 0);
     this.generateMockAccounts();
   }
-  /**
-   * Get device information
-   */
   get deviceInfo() {
     return this._deviceInfo;
   }
-  /**
-   * Get current derivation path
-   */
   get derivationPath() {
     return this._derivationPath;
   }
-  /**
-   * Get current account
-   */
   get account() {
     return this._account;
   }
-  /**
-   * Connect to mock Ledger device
-   */
   async connect() {
     this._connectionState = "connecting";
     await this.delay(200);
@@ -12277,40 +11929,33 @@ var MockLedgerAdapter = class extends BaseWalletAdapter {
       throw new HardwareWalletError(
         "Mock connection failure",
         HardwareErrorCode.DEVICE_NOT_FOUND,
-        "ledger"
+        "trezor"
       );
     }
     if (this.config.isLocked) {
       this._connectionState = "error";
       throw new HardwareWalletError(
-        "Device is locked. Please enter PIN.",
+        "Device requires PIN",
         HardwareErrorCode.DEVICE_LOCKED,
-        "ledger"
+        "trezor"
       );
     }
     this._account = this.mockAccounts[this.config.accountIndex ?? 0];
     this._deviceInfo = {
-      manufacturer: "ledger",
-      model: this.config.model ?? "Nano X",
-      firmwareVersion: "2.1.0",
+      manufacturer: "trezor",
+      model: this.config.model ?? "Model T",
+      firmwareVersion: "2.5.3",
       isLocked: false,
-      currentApp: this.getAppName(),
-      label: "Mock Ledger",
-      deviceId: "mock-ledger-001"
+      label: "Mock Trezor",
+      deviceId: "mock-trezor-001"
     };
     this.setConnected(this._account.address, this._account.publicKey);
   }
-  /**
-   * Disconnect from mock device
-   */
   async disconnect() {
     this._account = null;
     this._deviceInfo = null;
     this.setDisconnected();
   }
-  /**
-   * Sign a message
-   */
   async signMessage(message) {
     this.requireConnected();
     await this.delay(this.config.signingDelay ?? 100);
@@ -12318,7 +11963,7 @@ var MockLedgerAdapter = class extends BaseWalletAdapter {
       throw new HardwareWalletError(
         "User rejected on device",
         HardwareErrorCode.USER_REJECTED,
-        "ledger"
+        "trezor"
       );
     }
     const sig = this.generateMockSignature(message);
@@ -12327,9 +11972,6 @@ var MockLedgerAdapter = class extends BaseWalletAdapter {
       publicKey: this._account.publicKey
     };
   }
-  /**
-   * Sign a transaction
-   */
   async signTransaction(tx) {
     this.requireConnected();
     await this.delay(this.config.signingDelay ?? 100);
@@ -12337,7 +11979,7 @@ var MockLedgerAdapter = class extends BaseWalletAdapter {
       throw new HardwareWalletError(
         "Transaction rejected on device",
         HardwareErrorCode.USER_REJECTED,
-        "ledger"
+        "trezor"
       );
     }
     const sig = this.generateMockSignature(
@@ -12354,9 +11996,6 @@ var MockLedgerAdapter = class extends BaseWalletAdapter {
       serialized: sig
     };
   }
-  /**
-   * Sign and send transaction
-   */
   async signAndSendTransaction(tx) {
     const signed = await this.signTransaction(tx);
     return {
@@ -12364,348 +12003,709 @@ var MockLedgerAdapter = class extends BaseWalletAdapter {
       status: "pending"
     };
   }
-  /**
-   * Get balance (not supported by hardware wallets)
-   */
   async getBalance() {
     throw new WalletError(
       "Hardware wallets do not track balances",
       import_types29.WalletErrorCode.UNSUPPORTED_OPERATION
     );
   }
-  /**
-   * Get token balance (not supported by hardware wallets)
-   */
   async getTokenBalance(_asset) {
     throw new WalletError(
       "Hardware wallets do not track balances",
       import_types29.WalletErrorCode.UNSUPPORTED_OPERATION
     );
   }
+  async getAccounts(startIndex = 0, count = 5) {
+    this.requireConnected();
+    return this.mockAccounts.slice(startIndex, startIndex + count);
+  }
+  async switchAccount(accountIndex) {
+    this.requireConnected();
+    if (accountIndex >= this.mockAccounts.length) {
+      throw new HardwareWalletError(
+        "Account index out of range",
+        HardwareErrorCode.INVALID_PATH,
+        "trezor"
+      );
+    }
+    const previousAddress = this._address;
+    this._account = this.mockAccounts[accountIndex];
+    this._derivationPath = this._account.derivationPath;
+    this.setConnected(this._account.address, this._account.publicKey);
+    if (previousAddress !== this._account.address) {
+      this.emitAccountChanged(previousAddress, this._account.address);
+    }
+    return this._account;
+  }
+  setShouldReject(shouldReject) {
+    this.config.shouldReject = shouldReject;
+  }
+  setSigningDelay(delay) {
+    this.config.signingDelay = delay;
+  }
+  simulateLock() {
+    if (this._deviceInfo) {
+      this._deviceInfo.isLocked = true;
+    }
+    this.config.isLocked = true;
+  }
+  simulateUnlock() {
+    if (this._deviceInfo) {
+      this._deviceInfo.isLocked = false;
+    }
+    this.config.isLocked = false;
+  }
+  generateMockAccounts() {
+    const count = this.config.accountCount ?? 5;
+    for (let i = 0; i < count; i++) {
+      const path = getDerivationPath(this.chain, i);
+      const address = this.config.mockAddress && i === 0 ? this.config.mockAddress : this.generateMockAddress(i);
+      const publicKey = this.config.mockPublicKey && i === 0 ? this.config.mockPublicKey : this.generateMockPublicKey(i);
+      this.mockAccounts.push({
+        address,
+        publicKey,
+        derivationPath: path,
+        index: i,
+        chain: this.chain
+      });
+    }
+  }
+  generateMockAddress(index) {
+    const bytes = (0, import_utils14.randomBytes)(20);
+    bytes[0] = index + 100;
+    return `0x${(0, import_utils14.bytesToHex)(bytes)}`;
+  }
+  generateMockPublicKey(index) {
+    const bytes = (0, import_utils14.randomBytes)(33);
+    bytes[0] = 3;
+    bytes[1] = index + 100;
+    return `0x${(0, import_utils14.bytesToHex)(bytes)}`;
+  }
+  generateMockSignature(data) {
+    const sig = new Uint8Array(65);
+    for (let i = 0; i < 32; i++) {
+      sig[i] = (data[i % data.length] ?? 0) ^ i * 13;
+      sig[32 + i] = (data[i % data.length] ?? 0) ^ i * 17;
+    }
+    sig[64] = 28;
+    return `0x${(0, import_utils14.bytesToHex)(sig)}`;
+  }
+  delay(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+};
+function createMockLedgerAdapter(config) {
+  return new MockLedgerAdapter({ ...config, deviceType: "ledger" });
+}
+function createMockTrezorAdapter(config) {
+  return new MockTrezorAdapter({ ...config, deviceType: "trezor" });
+}
+// src/wallet/index.ts
+var import_types32 = require("@sip-protocol/types");
+// src/proofs/browser.ts
+var import_noir_js2 = require("@noir-lang/noir_js");
+var import_bb2 = require("@aztec/bb.js");
+var import_secp256k15 = require("@noble/curves/secp256k1");
+var BrowserNoirProvider = class _BrowserNoirProvider {
+  framework = "noir";
+  _isReady = false;
+  config;
+  // Circuit instances
+  fundingNoir = null;
+  fundingBackend = null;
+  validityNoir = null;
+  validityBackend = null;
+  fulfillmentNoir = null;
+  fulfillmentBackend = null;
+  // Worker instance (optional)
+  worker = null;
+  workerPending = /* @__PURE__ */ new Map();
+  constructor(config = {}) {
+    this.config = {
+      useWorker: config.useWorker ?? true,
+      verbose: config.verbose ?? false,
+      oraclePublicKey: config.oraclePublicKey ?? void 0,
+      timeout: config.timeout ?? 6e4
+    };
+    if (!isBrowser()) {
+      console.warn(
+        "[BrowserNoirProvider] Not running in browser environment. Consider using NoirProofProvider for Node.js."
+      );
+    }
+  }
+  get isReady() {
+    return this._isReady;
+  }
+  /**
+   * Get browser environment info
+   */
+  static getBrowserInfo() {
+    return getBrowserInfo();
+  }
+  /**
+   * Check if browser supports all required features
+   */
+  static checkBrowserSupport() {
+    const missing = [];
+    if (!isBrowser()) {
+      missing.push("browser environment");
+    }
+    if (typeof WebAssembly === "undefined") {
+      missing.push("WebAssembly");
+    }
+    if (!supportsSharedArrayBuffer()) {
+      missing.push("SharedArrayBuffer (requires COOP/COEP headers)");
+    }
+    return {
+      supported: missing.length === 0,
+      missing
+    };
+  }
   /**
-   * Get multiple accounts
+   * Derive secp256k1 public key coordinates from a private key
    */
-  async getAccounts(startIndex = 0, count = 5) {
-    this.requireConnected();
-    return this.mockAccounts.slice(startIndex, startIndex + count);
+  static derivePublicKey(privateKey) {
+    const uncompressedPubKey = import_secp256k15.secp256k1.getPublicKey(privateKey, false);
+    const x = Array.from(uncompressedPubKey.slice(1, 33));
+    const y = Array.from(uncompressedPubKey.slice(33, 65));
+    return { x, y };
   }
   /**
-   * Switch account
+   * Initialize the browser provider
+   *
+   * Loads WASM and circuit artifacts. This should be called before any
+   * proof generation. Consider showing a loading indicator during init.
+   *
+   * @param onProgress - Optional progress callback
    */
-  async switchAccount(accountIndex) {
-    this.requireConnected();
-    if (accountIndex >= this.mockAccounts.length) {
-      throw new HardwareWalletError(
-        "Account index out of range",
-        HardwareErrorCode.INVALID_PATH,
-        "ledger"
+  async initialize(onProgress) {
+    if (this._isReady) {
+      return;
+    }
+    const { supported, missing } = _BrowserNoirProvider.checkBrowserSupport();
+    if (!supported) {
+      throw new ProofError(
+        `Browser missing required features: ${missing.join(", ")}`,
+        "SIP_4004" /* PROOF_PROVIDER_NOT_READY */
       );
     }
-    const previousAddress = this._address;
-    this._account = this.mockAccounts[accountIndex];
-    this._derivationPath = this._account.derivationPath;
-    this.setConnected(this._account.address, this._account.publicKey);
-    if (previousAddress !== this._account.address) {
-      this.emitAccountChanged(previousAddress, this._account.address);
+    try {
+      onProgress?.({
+        stage: "initializing",
+        percent: 0,
+        message: "Loading WASM runtime..."
+      });
+      if (this.config.verbose) {
+        console.log("[BrowserNoirProvider] Initializing...");
+        console.log("[BrowserNoirProvider] Browser info:", getBrowserInfo());
+      }
+      const fundingCircuit = funding_proof_default;
+      const validityCircuit = validity_proof_default;
+      const fulfillmentCircuit = fulfillment_proof_default;
+      onProgress?.({
+        stage: "initializing",
+        percent: 20,
+        message: "Creating proof backends..."
+      });
+      this.fundingBackend = new import_bb2.UltraHonkBackend(fundingCircuit.bytecode);
+      this.validityBackend = new import_bb2.UltraHonkBackend(validityCircuit.bytecode);
+      this.fulfillmentBackend = new import_bb2.UltraHonkBackend(fulfillmentCircuit.bytecode);
+      onProgress?.({
+        stage: "initializing",
+        percent: 60,
+        message: "Initializing Noir circuits..."
+      });
+      this.fundingNoir = new import_noir_js2.Noir(fundingCircuit);
+      this.validityNoir = new import_noir_js2.Noir(validityCircuit);
+      this.fulfillmentNoir = new import_noir_js2.Noir(fulfillmentCircuit);
+      onProgress?.({
+        stage: "initializing",
+        percent: 90,
+        message: "Setting up worker..."
+      });
+      if (this.config.useWorker && supportsWebWorkers()) {
+        await this.initializeWorker();
+      }
+      this._isReady = true;
+      onProgress?.({
+        stage: "complete",
+        percent: 100,
+        message: "Ready for proof generation"
+      });
+      if (this.config.verbose) {
+        console.log("[BrowserNoirProvider] Initialization complete");
+      }
+    } catch (error) {
+      throw new ProofError(
+        `Failed to initialize BrowserNoirProvider: ${error instanceof Error ? error.message : String(error)}`,
+        "SIP_4003" /* PROOF_NOT_IMPLEMENTED */,
+        { context: { error } }
+      );
     }
-    return this._account;
   }
-  // ─── Test Helpers ───────────────────────────────────────────────────────────
   /**
-   * Set whether device should reject signing
+   * Initialize Web Worker for off-main-thread proof generation
    */
-  setShouldReject(shouldReject) {
-    this.config.shouldReject = shouldReject;
+  async initializeWorker() {
+    if (this.config.verbose) {
+      console.log("[BrowserNoirProvider] Worker support: using async main-thread");
+    }
   }
   /**
-   * Set signing delay
+   * Generate a Funding Proof
+   *
+   * Proves: balance >= minimumRequired without revealing balance
+   *
+   * @param params - Funding proof parameters
+   * @param onProgress - Optional progress callback
    */
-  setSigningDelay(delay) {
-    this.config.signingDelay = delay;
+  async generateFundingProof(params, onProgress) {
+    this.ensureReady();
+    if (!this.fundingNoir || !this.fundingBackend) {
+      throw new ProofGenerationError("funding", "Funding circuit not initialized");
+    }
+    try {
+      onProgress?.({
+        stage: "witness",
+        percent: 10,
+        message: "Preparing witness inputs..."
+      });
+      const { commitmentHash, blindingField } = await this.computeCommitmentHash(
+        params.balance,
+        params.blindingFactor,
+        params.assetId
+      );
+      const witnessInputs = {
+        commitment_hash: commitmentHash,
+        minimum_required: params.minimumRequired.toString(),
+        asset_id: this.assetIdToField(params.assetId),
+        balance: params.balance.toString(),
+        blinding: blindingField
+      };
+      onProgress?.({
+        stage: "witness",
+        percent: 30,
+        message: "Generating witness..."
+      });
+      const { witness } = await this.fundingNoir.execute(witnessInputs);
+      onProgress?.({
+        stage: "proving",
+        percent: 50,
+        message: "Generating proof (this may take a moment)..."
+      });
+      const proofData = await this.fundingBackend.generateProof(witness);
+      onProgress?.({
+        stage: "complete",
+        percent: 100,
+        message: "Proof generated successfully"
+      });
+      const publicInputs = [
+        `0x${commitmentHash}`,
+        `0x${params.minimumRequired.toString(16).padStart(16, "0")}`,
+        `0x${this.assetIdToField(params.assetId)}`
+      ];
+      const proof = {
+        type: "funding",
+        proof: `0x${bytesToHex7(proofData.proof)}`,
+        publicInputs
+      };
+      return { proof, publicInputs };
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      throw new ProofGenerationError(
+        "funding",
+        `Failed to generate funding proof: ${message}`,
+        error instanceof Error ? error : void 0
+      );
+    }
   }
   /**
-   * Simulate device lock
+   * Generate a Validity Proof
+   *
+   * Proves: Intent is authorized by sender without revealing identity
    */
-  simulateLock() {
-    if (this._deviceInfo) {
-      this._deviceInfo.isLocked = true;
+  async generateValidityProof(params, onProgress) {
+    this.ensureReady();
+    if (!this.validityNoir || !this.validityBackend) {
+      throw new ProofGenerationError("validity", "Validity circuit not initialized");
+    }
+    try {
+      onProgress?.({
+        stage: "witness",
+        percent: 10,
+        message: "Preparing validity witness..."
+      });
+      const intentHashField = this.hexToField(params.intentHash);
+      const senderAddressField = this.hexToField(params.senderAddress);
+      const senderBlindingField = this.bytesToField(params.senderBlinding);
+      const senderSecretField = this.bytesToField(params.senderSecret);
+      const nonceField = this.bytesToField(params.nonce);
+      const { commitmentX, commitmentY } = await this.computeSenderCommitment(
+        senderAddressField,
+        senderBlindingField
+      );
+      const nullifier = await this.computeNullifier(senderSecretField, intentHashField, nonceField);
+      const signature = Array.from(params.authorizationSignature);
+      const messageHash = this.fieldToBytes32(intentHashField);
+      let pubKeyX;
+      let pubKeyY;
+      if (params.senderPublicKey) {
+        pubKeyX = Array.from(params.senderPublicKey.x);
+        pubKeyY = Array.from(params.senderPublicKey.y);
+      } else {
+        const coords = this.getPublicKeyCoordinates(params.senderSecret);
+        pubKeyX = coords.x;
+        pubKeyY = coords.y;
+      }
+      const witnessInputs = {
+        intent_hash: intentHashField,
+        sender_commitment_x: commitmentX,
+        sender_commitment_y: commitmentY,
+        nullifier,
+        timestamp: params.timestamp.toString(),
+        expiry: params.expiry.toString(),
+        sender_address: senderAddressField,
+        sender_blinding: senderBlindingField,
+        sender_secret: senderSecretField,
+        pub_key_x: pubKeyX,
+        pub_key_y: pubKeyY,
+        signature,
+        message_hash: messageHash,
+        nonce: nonceField
+      };
+      onProgress?.({
+        stage: "witness",
+        percent: 30,
+        message: "Generating witness..."
+      });
+      const { witness } = await this.validityNoir.execute(witnessInputs);
+      onProgress?.({
+        stage: "proving",
+        percent: 50,
+        message: "Generating validity proof..."
+      });
+      const proofData = await this.validityBackend.generateProof(witness);
+      onProgress?.({
+        stage: "complete",
+        percent: 100,
+        message: "Validity proof generated"
+      });
+      const publicInputs = [
+        `0x${intentHashField}`,
+        `0x${commitmentX}`,
+        `0x${commitmentY}`,
+        `0x${nullifier}`,
+        `0x${params.timestamp.toString(16).padStart(16, "0")}`,
+        `0x${params.expiry.toString(16).padStart(16, "0")}`
+      ];
+      const proof = {
+        type: "validity",
+        proof: `0x${bytesToHex7(proofData.proof)}`,
+        publicInputs
+      };
+      return { proof, publicInputs };
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      throw new ProofGenerationError(
+        "validity",
+        `Failed to generate validity proof: ${message}`,
+        error instanceof Error ? error : void 0
+      );
     }
-    this.config.isLocked = true;
   }
   /**
-   * Simulate device unlock
+   * Generate a Fulfillment Proof
+   *
+   * Proves: Solver correctly executed the intent
    */
-  simulateUnlock() {
-    if (this._deviceInfo) {
-      this._deviceInfo.isLocked = false;
-    }
-    this.config.isLocked = false;
-  }
-  // ─── Private Methods ────────────────────────────────────────────────────────
-  getAppName() {
-    switch (this.chain) {
-      case "ethereum":
-        return "Ethereum";
-      case "solana":
-        return "Solana";
-      default:
-        return "Unknown";
+  async generateFulfillmentProof(params, onProgress) {
+    this.ensureReady();
+    if (!this.fulfillmentNoir || !this.fulfillmentBackend) {
+      throw new ProofGenerationError("fulfillment", "Fulfillment circuit not initialized");
     }
-  }
-  generateMockAccounts() {
-    const count = this.config.accountCount ?? 5;
-    for (let i = 0; i < count; i++) {
-      const path = getDerivationPath(this.chain, i);
-      const address = this.config.mockAddress && i === 0 ? this.config.mockAddress : this.generateMockAddress(i);
-      const publicKey = this.config.mockPublicKey && i === 0 ? this.config.mockPublicKey : this.generateMockPublicKey(i);
-      this.mockAccounts.push({
-        address,
-        publicKey,
-        derivationPath: path,
-        index: i,
-        chain: this.chain
+    try {
+      onProgress?.({
+        stage: "witness",
+        percent: 10,
+        message: "Preparing fulfillment witness..."
       });
+      const intentHashField = this.hexToField(params.intentHash);
+      const recipientStealthField = this.hexToField(params.recipientStealth);
+      const { commitmentX, commitmentY } = await this.computeOutputCommitment(
+        params.outputAmount,
+        params.outputBlinding
+      );
+      const solverSecretField = this.bytesToField(params.solverSecret);
+      const solverId = await this.computeSolverId(solverSecretField);
+      const outputBlindingField = this.bytesToField(params.outputBlinding);
+      const attestation = params.oracleAttestation;
+      const attestationRecipientField = this.hexToField(attestation.recipient);
+      const attestationTxHashField = this.hexToField(attestation.txHash);
+      const oracleSignature = Array.from(attestation.signature);
+      const oracleMessageHash = await this.computeOracleMessageHash(
+        attestation.recipient,
+        attestation.amount,
+        attestation.txHash,
+        attestation.blockNumber
+      );
+      const oraclePubKeyX = this.config.oraclePublicKey?.x ?? new Array(32).fill(0);
+      const oraclePubKeyY = this.config.oraclePublicKey?.y ?? new Array(32).fill(0);
+      const witnessInputs = {
+        intent_hash: intentHashField,
+        output_commitment_x: commitmentX,
+        output_commitment_y: commitmentY,
+        recipient_stealth: recipientStealthField,
+        min_output_amount: params.minOutputAmount.toString(),
+        solver_id: solverId,
+        fulfillment_time: params.fulfillmentTime.toString(),
+        expiry: params.expiry.toString(),
+        output_amount: params.outputAmount.toString(),
+        output_blinding: outputBlindingField,
+        solver_secret: solverSecretField,
+        attestation_recipient: attestationRecipientField,
+        attestation_amount: attestation.amount.toString(),
+        attestation_tx_hash: attestationTxHashField,
+        attestation_block: attestation.blockNumber.toString(),
+        oracle_signature: oracleSignature,
+        oracle_message_hash: oracleMessageHash,
+        oracle_pub_key_x: oraclePubKeyX,
+        oracle_pub_key_y: oraclePubKeyY
+      };
+      onProgress?.({
+        stage: "witness",
+        percent: 30,
+        message: "Generating witness..."
+      });
+      const { witness } = await this.fulfillmentNoir.execute(witnessInputs);
+      onProgress?.({
+        stage: "proving",
+        percent: 50,
+        message: "Generating fulfillment proof..."
+      });
+      const proofData = await this.fulfillmentBackend.generateProof(witness);
+      onProgress?.({
+        stage: "complete",
+        percent: 100,
+        message: "Fulfillment proof generated"
+      });
+      const publicInputs = [
+        `0x${intentHashField}`,
+        `0x${commitmentX}`,
+        `0x${commitmentY}`,
+        `0x${recipientStealthField}`,
+        `0x${params.minOutputAmount.toString(16).padStart(16, "0")}`,
+        `0x${solverId}`,
+        `0x${params.fulfillmentTime.toString(16).padStart(16, "0")}`,
+        `0x${params.expiry.toString(16).padStart(16, "0")}`
+      ];
+      const proof = {
+        type: "fulfillment",
+        proof: `0x${bytesToHex7(proofData.proof)}`,
+        publicInputs
+      };
+      return { proof, publicInputs };
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      throw new ProofGenerationError(
+        "fulfillment",
+        `Failed to generate fulfillment proof: ${message}`,
+        error instanceof Error ? error : void 0
+      );
     }
   }
-  generateMockAddress(index) {
-    const bytes = (0, import_utils14.randomBytes)(20);
-    bytes[0] = index;
-    return `0x${(0, import_utils14.bytesToHex)(bytes)}`;
-  }
-  generateMockPublicKey(index) {
-    const bytes = (0, import_utils14.randomBytes)(33);
-    bytes[0] = 2;
-    bytes[1] = index;
-    return `0x${(0, import_utils14.bytesToHex)(bytes)}`;
-  }
-  generateMockSignature(data) {
-    const sig = new Uint8Array(65);
-    for (let i = 0; i < 32; i++) {
-      sig[i] = (data[i % data.length] ?? 0) ^ i * 7;
-      sig[32 + i] = (data[i % data.length] ?? 0) ^ i * 11;
-    }
-    sig[64] = 27;
-    return `0x${(0, import_utils14.bytesToHex)(sig)}`;
-  }
-  delay(ms) {
-    return new Promise((resolve) => setTimeout(resolve, ms));
-  }
-};
-var MockTrezorAdapter = class extends BaseWalletAdapter {
-  chain;
-  name = "mock-trezor";
-  config;
-  _derivationPath;
-  _deviceInfo = null;
-  _account = null;
-  mockAccounts = [];
-  constructor(config) {
-    super();
-    this.chain = config.chain;
-    this.config = {
-      model: "T",
-      accountIndex: 0,
-      isLocked: false,
-      signingDelay: 100,
-      shouldReject: false,
-      shouldFailConnect: false,
-      accountCount: 5,
-      ...config
-    };
-    this._derivationPath = config.derivationPath ?? getDerivationPath(config.chain, config.accountIndex ?? 0);
-    this.generateMockAccounts();
-  }
-  get deviceInfo() {
-    return this._deviceInfo;
-  }
-  get derivationPath() {
-    return this._derivationPath;
-  }
-  get account() {
-    return this._account;
-  }
-  async connect() {
-    this._connectionState = "connecting";
-    await this.delay(200);
-    if (this.config.shouldFailConnect) {
-      this._connectionState = "error";
-      throw new HardwareWalletError(
-        "Mock connection failure",
-        HardwareErrorCode.DEVICE_NOT_FOUND,
-        "trezor"
-      );
+  /**
+   * Verify a proof
+   */
+  async verifyProof(proof) {
+    this.ensureReady();
+    let backend = null;
+    switch (proof.type) {
+      case "funding":
+        backend = this.fundingBackend;
+        break;
+      case "validity":
+        backend = this.validityBackend;
+        break;
+      case "fulfillment":
+        backend = this.fulfillmentBackend;
+        break;
+      default:
+        throw new ProofError(`Unknown proof type: ${proof.type}`, "SIP_4003" /* PROOF_NOT_IMPLEMENTED */);
     }
-    if (this.config.isLocked) {
-      this._connectionState = "error";
-      throw new HardwareWalletError(
-        "Device requires PIN",
-        HardwareErrorCode.DEVICE_LOCKED,
-        "trezor"
+    if (!backend) {
+      throw new ProofError(
+        `${proof.type} backend not initialized`,
+        "SIP_4004" /* PROOF_PROVIDER_NOT_READY */
       );
     }
-    this._account = this.mockAccounts[this.config.accountIndex ?? 0];
-    this._deviceInfo = {
-      manufacturer: "trezor",
-      model: this.config.model ?? "Model T",
-      firmwareVersion: "2.5.3",
-      isLocked: false,
-      label: "Mock Trezor",
-      deviceId: "mock-trezor-001"
-    };
-    this.setConnected(this._account.address, this._account.publicKey);
-  }
-  async disconnect() {
-    this._account = null;
-    this._deviceInfo = null;
-    this.setDisconnected();
+    try {
+      const proofHex = proof.proof.startsWith("0x") ? proof.proof.slice(2) : proof.proof;
+      const proofBytes = hexToBytes5(proofHex);
+      const isValid = await backend.verifyProof({
+        proof: proofBytes,
+        publicInputs: proof.publicInputs.map(
+          (input) => input.startsWith("0x") ? input.slice(2) : input
+        )
+      });
+      return isValid;
+    } catch (error) {
+      if (this.config.verbose) {
+        console.error("[BrowserNoirProvider] Verification error:", error);
+      }
+      return false;
+    }
   }
-  async signMessage(message) {
-    this.requireConnected();
-    await this.delay(this.config.signingDelay ?? 100);
-    if (this.config.shouldReject) {
-      throw new HardwareWalletError(
-        "User rejected on device",
-        HardwareErrorCode.USER_REJECTED,
-        "trezor"
-      );
+  /**
+   * Destroy the provider and free resources
+   */
+  async destroy() {
+    if (this.fundingBackend) {
+      await this.fundingBackend.destroy();
+      this.fundingBackend = null;
     }
-    const sig = this.generateMockSignature(message);
-    return {
-      signature: sig,
-      publicKey: this._account.publicKey
-    };
+    if (this.validityBackend) {
+      await this.validityBackend.destroy();
+      this.validityBackend = null;
+    }
+    if (this.fulfillmentBackend) {
+      await this.fulfillmentBackend.destroy();
+      this.fulfillmentBackend = null;
+    }
+    if (this.worker) {
+      this.worker.terminate();
+      this.worker = null;
+    }
+    this.fundingNoir = null;
+    this.validityNoir = null;
+    this.fulfillmentNoir = null;
+    this._isReady = false;
   }
-  async signTransaction(tx) {
-    this.requireConnected();
-    await this.delay(this.config.signingDelay ?? 100);
-    if (this.config.shouldReject) {
-      throw new HardwareWalletError(
-        "Transaction rejected on device",
-        HardwareErrorCode.USER_REJECTED,
-        "trezor"
+  // ─── Private Utility Methods ────────────────────────────────────────────────
+  ensureReady() {
+    if (!this._isReady) {
+      throw new ProofError(
+        "BrowserNoirProvider not initialized. Call initialize() first.",
+        "SIP_4004" /* PROOF_PROVIDER_NOT_READY */
       );
     }
-    const sig = this.generateMockSignature(
-      new TextEncoder().encode(JSON.stringify(tx.data))
-    );
-    return {
-      unsigned: tx,
-      signatures: [
-        {
-          signature: sig,
-          publicKey: this._account.publicKey
-        }
-      ],
-      serialized: sig
-    };
-  }
-  async signAndSendTransaction(tx) {
-    const signed = await this.signTransaction(tx);
-    return {
-      txHash: signed.serialized.slice(0, 66),
-      status: "pending"
-    };
-  }
-  async getBalance() {
-    throw new WalletError(
-      "Hardware wallets do not track balances",
-      import_types29.WalletErrorCode.UNSUPPORTED_OPERATION
-    );
-  }
-  async getTokenBalance(_asset) {
-    throw new WalletError(
-      "Hardware wallets do not track balances",
-      import_types29.WalletErrorCode.UNSUPPORTED_OPERATION
-    );
   }
-  async getAccounts(startIndex = 0, count = 5) {
-    this.requireConnected();
-    return this.mockAccounts.slice(startIndex, startIndex + count);
+  async computeCommitmentHash(balance, blindingFactor, assetId) {
+    const blindingField = this.bytesToField(blindingFactor);
+    const { sha256: sha25611 } = await import("@noble/hashes/sha256");
+    const { bytesToHex: nobleToHex } = await import("@noble/hashes/utils");
+    const preimage = new Uint8Array([
+      ...this.bigintToBytes(balance, 8),
+      ...blindingFactor.slice(0, 32),
+      ...hexToBytes5(this.assetIdToField(assetId))
+    ]);
+    const hash2 = sha25611(preimage);
+    const commitmentHash = nobleToHex(hash2);
+    return { commitmentHash, blindingField };
   }
-  async switchAccount(accountIndex) {
-    this.requireConnected();
-    if (accountIndex >= this.mockAccounts.length) {
-      throw new HardwareWalletError(
-        "Account index out of range",
-        HardwareErrorCode.INVALID_PATH,
-        "trezor"
-      );
+  assetIdToField(assetId) {
+    if (assetId.startsWith("0x")) {
+      return assetId.slice(2).padStart(64, "0");
     }
-    const previousAddress = this._address;
-    this._account = this.mockAccounts[accountIndex];
-    this._derivationPath = this._account.derivationPath;
-    this.setConnected(this._account.address, this._account.publicKey);
-    if (previousAddress !== this._account.address) {
-      this.emitAccountChanged(previousAddress, this._account.address);
+    const encoder = new TextEncoder();
+    const bytes = encoder.encode(assetId);
+    let result = 0n;
+    for (let i = 0; i < bytes.length && i < 31; i++) {
+      result = result * 256n + BigInt(bytes[i]);
     }
-    return this._account;
-  }
-  setShouldReject(shouldReject) {
-    this.config.shouldReject = shouldReject;
-  }
-  setSigningDelay(delay) {
-    this.config.signingDelay = delay;
+    return result.toString(16).padStart(64, "0");
   }
-  simulateLock() {
-    if (this._deviceInfo) {
-      this._deviceInfo.isLocked = true;
+  bytesToField(bytes) {
+    let result = 0n;
+    const len = Math.min(bytes.length, 31);
+    for (let i = 0; i < len; i++) {
+      result = result * 256n + BigInt(bytes[i]);
     }
-    this.config.isLocked = true;
+    return result.toString();
   }
-  simulateUnlock() {
-    if (this._deviceInfo) {
-      this._deviceInfo.isLocked = false;
+  bigintToBytes(value, length) {
+    const bytes = new Uint8Array(length);
+    let v = value;
+    for (let i = length - 1; i >= 0; i--) {
+      bytes[i] = Number(v & 0xffn);
+      v = v >> 8n;
     }
-    this.config.isLocked = false;
+    return bytes;
   }
-  generateMockAccounts() {
-    const count = this.config.accountCount ?? 5;
-    for (let i = 0; i < count; i++) {
-      const path = getDerivationPath(this.chain, i);
-      const address = this.config.mockAddress && i === 0 ? this.config.mockAddress : this.generateMockAddress(i);
-      const publicKey = this.config.mockPublicKey && i === 0 ? this.config.mockPublicKey : this.generateMockPublicKey(i);
-      this.mockAccounts.push({
-        address,
-        publicKey,
-        derivationPath: path,
-        index: i,
-        chain: this.chain
-      });
+  hexToField(hex) {
+    const h = hex.startsWith("0x") ? hex.slice(2) : hex;
+    return h.padStart(64, "0");
+  }
+  fieldToBytes32(field) {
+    const hex = field.padStart(64, "0");
+    const bytes = [];
+    for (let i = 0; i < 32; i++) {
+      bytes.push(parseInt(hex.slice(i * 2, i * 2 + 2), 16));
     }
+    return bytes;
   }
-  generateMockAddress(index) {
-    const bytes = (0, import_utils14.randomBytes)(20);
-    bytes[0] = index + 100;
-    return `0x${(0, import_utils14.bytesToHex)(bytes)}`;
+  async computeSenderCommitment(senderAddressField, senderBlindingField) {
+    const { sha256: sha25611 } = await import("@noble/hashes/sha256");
+    const { bytesToHex: nobleToHex } = await import("@noble/hashes/utils");
+    const addressBytes = hexToBytes5(senderAddressField);
+    const blindingBytes = hexToBytes5(senderBlindingField.padStart(64, "0"));
+    const preimage = new Uint8Array([...addressBytes, ...blindingBytes]);
+    const hash2 = sha25611(preimage);
+    const commitmentX = nobleToHex(hash2.slice(0, 16)).padStart(64, "0");
+    const commitmentY = nobleToHex(hash2.slice(16, 32)).padStart(64, "0");
+    return { commitmentX, commitmentY };
   }
-  generateMockPublicKey(index) {
-    const bytes = (0, import_utils14.randomBytes)(33);
-    bytes[0] = 3;
-    bytes[1] = index + 100;
-    return `0x${(0, import_utils14.bytesToHex)(bytes)}`;
+  async computeNullifier(senderSecretField, intentHashField, nonceField) {
+    const { sha256: sha25611 } = await import("@noble/hashes/sha256");
+    const { bytesToHex: nobleToHex } = await import("@noble/hashes/utils");
+    const secretBytes = hexToBytes5(senderSecretField.padStart(64, "0"));
+    const intentBytes = hexToBytes5(intentHashField);
+    const nonceBytes = hexToBytes5(nonceField.padStart(64, "0"));
+    const preimage = new Uint8Array([...secretBytes, ...intentBytes, ...nonceBytes]);
+    const hash2 = sha25611(preimage);
+    return nobleToHex(hash2);
   }
-  generateMockSignature(data) {
-    const sig = new Uint8Array(65);
-    for (let i = 0; i < 32; i++) {
-      sig[i] = (data[i % data.length] ?? 0) ^ i * 13;
-      sig[32 + i] = (data[i % data.length] ?? 0) ^ i * 17;
-    }
-    sig[64] = 28;
-    return `0x${(0, import_utils14.bytesToHex)(sig)}`;
+  async computeOutputCommitment(outputAmount, outputBlinding) {
+    const { sha256: sha25611 } = await import("@noble/hashes/sha256");
+    const { bytesToHex: nobleToHex } = await import("@noble/hashes/utils");
+    const amountBytes = this.bigintToBytes(outputAmount, 8);
+    const blindingBytes = outputBlinding.slice(0, 32);
+    const preimage = new Uint8Array([...amountBytes, ...blindingBytes]);
+    const hash2 = sha25611(preimage);
+    const commitmentX = nobleToHex(hash2.slice(0, 16)).padStart(64, "0");
+    const commitmentY = nobleToHex(hash2.slice(16, 32)).padStart(64, "0");
+    return { commitmentX, commitmentY };
   }
-  delay(ms) {
-    return new Promise((resolve) => setTimeout(resolve, ms));
+  async computeSolverId(solverSecretField) {
+    const { sha256: sha25611 } = await import("@noble/hashes/sha256");
+    const { bytesToHex: nobleToHex } = await import("@noble/hashes/utils");
+    const secretBytes = hexToBytes5(solverSecretField.padStart(64, "0"));
+    const hash2 = sha25611(secretBytes);
+    return nobleToHex(hash2);
+  }
+  async computeOracleMessageHash(recipient, amount, txHash, blockNumber) {
+    const { sha256: sha25611 } = await import("@noble/hashes/sha256");
+    const recipientBytes = hexToBytes5(this.hexToField(recipient));
+    const amountBytes = this.bigintToBytes(amount, 8);
+    const txHashBytes = hexToBytes5(this.hexToField(txHash));
+    const blockBytes = this.bigintToBytes(blockNumber, 8);
+    const preimage = new Uint8Array([
+      ...recipientBytes,
+      ...amountBytes,
+      ...txHashBytes,
+      ...blockBytes
+    ]);
+    const hash2 = sha25611(preimage);
+    return Array.from(hash2);
+  }
+  getPublicKeyCoordinates(privateKey) {
+    const uncompressedPubKey = import_secp256k15.secp256k1.getPublicKey(privateKey, false);
+    const x = Array.from(uncompressedPubKey.slice(1, 33));
+    const y = Array.from(uncompressedPubKey.slice(33, 65));
+    return { x, y };
   }
 };
-function createMockLedgerAdapter(config) {
-  return new MockLedgerAdapter({ ...config, deviceType: "ledger" });
-}
-function createMockTrezorAdapter(config) {
-  return new MockTrezorAdapter({ ...config, deviceType: "trezor" });
-}
-// src/wallet/index.ts
-var import_types32 = require("@sip-protocol/types");
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   ATTESTATION_VERSION,