@sip-protocol/sdk 0.6.17 → 0.6.18

package/dist/browser.js

@@ -5434,9 +5434,9 @@ async function createShieldedIntent(params, options) {
       const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
       return (0, import_utils6.hexToBytes)(cleanHex);
     };
-    const effectiveOwnershipSig = ownershipSignature ?? new Uint8Array(64);
-    const effectiveSenderSecret = senderSecret ?? new Uint8Array(32);
-    const effectiveAuthSig = authorizationSignature ?? new Uint8Array(64);
+    const effectiveOwnershipSig = ownershipSignature ?? (0, import_utils6.randomBytes)(64);
+    const effectiveSenderSecret = senderSecret ?? (0, import_utils6.randomBytes)(32);
+    const effectiveAuthSig = authorizationSignature ?? (0, import_utils6.randomBytes)(64);
     const fundingResult = await proofProvider.generateFundingProof({
       balance: input.amount,
       minimumRequired: input.amount,
@@ -5453,8 +5453,7 @@ async function createShieldedIntent(params, options) {
       senderBlinding: hexToUint8(senderCommitment.blindingFactor),
       senderSecret: effectiveSenderSecret,
       authorizationSignature: effectiveAuthSig,
-      nonce: new Uint8Array(32),
-      // Could use randomBytes here
+      nonce: (0, import_utils6.randomBytes)(32),
       timestamp: now,
       expiry: now + ttl
     });

package/dist/browser.mjs

@@ -263,7 +263,7 @@ import {
   walletRegistry,
   withSecureBuffer,
   withSecureBufferSync
-} from "./chunk-O33JCQFJ.mjs";
+} from "./chunk-NM5PTCQ5.mjs";
 import {
   fulfillment_proof_default,
   funding_proof_default,

package/dist/{chunk-O33JCQFJ.mjs → chunk-NM5PTCQ5.mjs}

@@ -1303,7 +1303,7 @@ function generateRandomBytes(length) {
 }
 
 // src/intent.ts
-import { hexToBytes as hexToBytes4, bytesToHex as bytesToHex5 } from "@noble/hashes/utils";
+import { hexToBytes as hexToBytes4, bytesToHex as bytesToHex5, randomBytes as randomBytes6 } from "@noble/hashes/utils";
 import { sha256 as sha2565 } from "@noble/hashes/sha256";
 
 // src/privacy.ts
@@ -1777,9 +1777,9 @@ async function createShieldedIntent(params, options) {
       const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
       return hexToBytes4(cleanHex);
     };
-    const effectiveOwnershipSig = ownershipSignature ?? new Uint8Array(64);
-    const effectiveSenderSecret = senderSecret ?? new Uint8Array(32);
-    const effectiveAuthSig = authorizationSignature ?? new Uint8Array(64);
+    const effectiveOwnershipSig = ownershipSignature ?? randomBytes6(64);
+    const effectiveSenderSecret = senderSecret ?? randomBytes6(32);
+    const effectiveAuthSig = authorizationSignature ?? randomBytes6(64);
     const fundingResult = await proofProvider.generateFundingProof({
       balance: input.amount,
       minimumRequired: input.amount,
@@ -1796,8 +1796,7 @@ async function createShieldedIntent(params, options) {
       senderBlinding: hexToUint8(senderCommitment.blindingFactor),
       senderSecret: effectiveSenderSecret,
       authorizationSignature: effectiveAuthSig,
-      nonce: new Uint8Array(32),
-      // Could use randomBytes here
+      nonce: randomBytes6(32),
       timestamp: now,
       expiry: now + ttl
     });
@@ -3598,7 +3597,7 @@ import { sha256 as sha2567 } from "@noble/hashes/sha256";
 
 // src/proofs/mock.ts
 import { sha256 as sha2568 } from "@noble/hashes/sha256";
-import { bytesToHex as bytesToHex10, randomBytes as randomBytes6 } from "@noble/hashes/utils";
+import { bytesToHex as bytesToHex10, randomBytes as randomBytes7 } from "@noble/hashes/utils";
 var MOCK_PROOF_PREFIX = "0x4d4f434b";
 var WARNING_MESSAGE = `
 \u2554\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2557
@@ -3764,7 +3763,7 @@ var MockProofProvider = class {
       (_, v) => typeof v === "bigint" ? v.toString() : v
     );
     const hash2 = sha2568(new TextEncoder().encode(input));
-    const random = randomBytes6(16);
+    const random = randomBytes7(16);
     const combined = new Uint8Array(4 + hash2.length + random.length);
     combined.set(new TextEncoder().encode("MOCK"), 0);
     combined.set(hash2, 4);
@@ -4393,7 +4392,7 @@ import { ReportStatus as ReportStatus2 } from "@sip-protocol/types";
 import {
   IntentStatus as IntentStatus3
 } from "@sip-protocol/types";
-import { bytesToHex as bytesToHex14, randomBytes as randomBytes7 } from "@noble/hashes/utils";
+import { bytesToHex as bytesToHex14, randomBytes as randomBytes8 } from "@noble/hashes/utils";
 var MockSolver = class {
   info;
   capabilities;
@@ -4475,7 +4474,7 @@ var MockSolver = class {
     const spreadAmount = baseOutput * BigInt(Math.floor(this.spreadPercent * 1e4)) / 10000n;
     const outputAmount = baseOutput + spreadAmount;
     const feeAmount = outputAmount * BigInt(Math.floor(this.feePercent * 1e4)) / 10000n;
-    const quoteId = `quote-${bytesToHex14(randomBytes7(8))}`;
+    const quoteId = `quote-${bytesToHex14(randomBytes8(8))}`;
     const now = Math.floor(Date.now() / 1e3);
     const quote = {
       quoteId,
@@ -4486,7 +4485,7 @@ var MockSolver = class {
       expiry: now + 60,
       // Quote valid for 1 minute
       fee: feeAmount,
-      signature: `0x${bytesToHex14(randomBytes7(64))}`,
+      signature: `0x${bytesToHex14(randomBytes8(64))}`,
       // Mock signature
       validUntil: now + 60,
       estimatedGas: 200000n
@@ -4523,7 +4522,7 @@ var MockSolver = class {
         error: status.error
       };
     }
-    const txHash = `0x${bytesToHex14(randomBytes7(32))}`;
+    const txHash = `0x${bytesToHex14(randomBytes8(32))}`;
     status.status = "completed";
     status.txHash = txHash;
     return {
@@ -4533,7 +4532,7 @@ var MockSolver = class {
       txHash: intent.privacyLevel === "transparent" ? txHash : void 0,
       fulfillmentProof: {
         type: "fulfillment",
-        proof: `0x${bytesToHex14(randomBytes7(128))}`,
+        proof: `0x${bytesToHex14(randomBytes8(128))}`,
         publicInputs: [
           `0x${bytesToHex14(new TextEncoder().encode(intent.intentId))}`,
           `0x${bytesToHex14(new TextEncoder().encode(quote.quoteId))}`
@@ -5688,7 +5687,7 @@ function createZcashNativeBackend(config) {
 
 // src/settlement/backends/direct-chain.ts
 import { PrivacyLevel as PrivacyLevel5 } from "@sip-protocol/types";
-import { randomBytes as randomBytes8, bytesToHex as bytesToHex15 } from "@noble/hashes/utils";
+import { randomBytes as randomBytes9, bytesToHex as bytesToHex15 } from "@noble/hashes/utils";
 var DEFAULT_GAS_FEES = {
   ethereum: 21000n * 50n * 1000000000n,
   // 21k gas * 50 gwei = 0.00105 ETH
@@ -7309,7 +7308,7 @@ import {
   PaymentStatus
 } from "@sip-protocol/types";
 import { sha256 as sha25613 } from "@noble/hashes/sha256";
-import { bytesToHex as bytesToHex18, hexToBytes as hexToBytes14, randomBytes as randomBytes9 } from "@noble/hashes/utils";
+import { bytesToHex as bytesToHex18, hexToBytes as hexToBytes14, randomBytes as randomBytes10 } from "@noble/hashes/utils";
 import { xchacha20poly1305 as xchacha20poly13052 } from "@noble/ciphers/chacha.js";
 import { hkdf as hkdf2 } from "@noble/hashes/hkdf";
 
@@ -7876,7 +7875,7 @@ function encryptMemo(memo, viewingKey) {
   const keyBytes = hexToBytes14(keyHex);
   const encKey = hkdf2(sha25613, keyBytes, new Uint8Array(0), new Uint8Array(0), 32);
   try {
-    const nonce = randomBytes9(24);
+    const nonce = randomBytes10(24);
     const cipher = xchacha20poly13052(encKey, nonce);
     const plaintext = new TextEncoder().encode(memo);
     const ciphertext = cipher.encrypt(plaintext);
@@ -7948,7 +7947,7 @@ import {
 } from "@sip-protocol/types";
 import { secp256k1 as secp256k16 } from "@noble/curves/secp256k1";
 import { sha256 as sha25614 } from "@noble/hashes/sha256";
-import { bytesToHex as bytesToHex19, hexToBytes as hexToBytes15, randomBytes as randomBytes10 } from "@noble/hashes/utils";
+import { bytesToHex as bytesToHex19, hexToBytes as hexToBytes15, randomBytes as randomBytes11 } from "@noble/hashes/utils";
 var DEFAULT_PROPOSAL_TTL = 7 * 24 * 60 * 60;
 var Treasury = class _Treasury {
   config;
@@ -8439,11 +8438,11 @@ var Treasury = class _Treasury {
   }
 };
 function generateTreasuryId() {
-  const bytes = randomBytes10(16);
+  const bytes = randomBytes11(16);
   return `treasury_${bytesToHex19(bytes)}`;
 }
 function generateProposalId() {
-  const bytes = randomBytes10(16);
+  const bytes = randomBytes11(16);
   return `prop_${bytesToHex19(bytes)}`;
 }
 function computeProposalHash(proposal) {
@@ -8634,7 +8633,7 @@ function validateBatchProposalParams(params, config) {
 import {
   ReportStatus
 } from "@sip-protocol/types";
-import { bytesToHex as bytesToHex20, randomBytes as randomBytes11 } from "@noble/hashes/utils";
+import { bytesToHex as bytesToHex20, randomBytes as randomBytes12 } from "@noble/hashes/utils";
 var DEFAULTS2 = {
   riskThreshold: 70,
   highValueThreshold: 10000000000n,
@@ -9381,7 +9380,7 @@ var ComplianceManager = class _ComplianceManager {
   }
 };
 function generateId(prefix) {
-  return `${prefix}_${bytesToHex20(randomBytes11(12))}`;
+  return `${prefix}_${bytesToHex20(randomBytes12(12))}`;
 }
 function validateRegisterAuditorParams(params) {
   if (!params.organization?.trim()) {
@@ -10158,7 +10157,7 @@ var ComplianceReporter = class {
 
 // src/compliance/conditional.ts
 import { sha256 as sha25616 } from "@noble/hashes/sha256";
-import { bytesToHex as bytesToHex22, hexToBytes as hexToBytes17, randomBytes as randomBytes12 } from "@noble/hashes/utils";
+import { bytesToHex as bytesToHex22, hexToBytes as hexToBytes17, randomBytes as randomBytes13 } from "@noble/hashes/utils";
 import { xchacha20poly1305 as xchacha20poly13053 } from "@noble/ciphers/chacha.js";
 var ConditionalDisclosure = class {
   /**
@@ -10224,7 +10223,7 @@ var ConditionalDisclosure = class {
         params.commitment,
         revealAfterSeconds
       );
-      const nonce = randomBytes12(24);
+      const nonce = randomBytes13(24);
       const viewingKeyBytes = hexToBytes17(params.viewingKey.slice(2));
       const cipher = xchacha20poly13053(encryptionKey, nonce);
       const encryptedKey = cipher.encrypt(viewingKeyBytes);
@@ -10411,7 +10410,7 @@ var CURVE_ORDER2 = secp256k17.CURVE.n;
 
 // src/compliance/threshold.ts
 import { sha256 as sha25618 } from "@noble/hashes/sha256";
-import { bytesToHex as bytesToHex24, hexToBytes as hexToBytes19, randomBytes as randomBytes13 } from "@noble/hashes/utils";
+import { bytesToHex as bytesToHex24, hexToBytes as hexToBytes19, randomBytes as randomBytes14 } from "@noble/hashes/utils";
 var FIELD_PRIME = 2n ** 256n - 189n;
 var ThresholdViewingKey = class {
   /**
@@ -10628,7 +10627,7 @@ var ThresholdViewingKey = class {
    * Generate a random field element
    */
   static randomFieldElement() {
-    const bytes = randomBytes13(32);
+    const bytes = randomBytes14(32);
     let value = 0n;
     for (let i = 0; i < bytes.length; i++) {
       value = value << 8n | BigInt(bytes[i]);
@@ -11099,7 +11098,7 @@ var AuditorKeyDerivation = class {
 };
 
 // src/auction/sealed-bid.ts
-import { randomBytes as randomBytes14, bytesToHex as bytesToHex26 } from "@noble/hashes/utils";
+import { randomBytes as randomBytes15, bytesToHex as bytesToHex26 } from "@noble/hashes/utils";
 var SealedBidAuction = class {
   /**
    * Create a sealed bid for an auction
@@ -11176,7 +11175,7 @@ var SealedBidAuction = class {
         );
       }
     }
-    const salt = params.salt ?? randomBytes14(32);
+    const salt = params.salt ?? randomBytes15(32);
     const { commitment, blinding } = commit(params.amount, salt);
     const sealedBid = {
       auctionId: params.auctionId,
@@ -11807,7 +11806,7 @@ function createSealedBidAuction() {
 // src/governance/private-vote.ts
 import { sha256 as sha25620 } from "@noble/hashes/sha256";
 import { hkdf as hkdf3 } from "@noble/hashes/hkdf";
-import { bytesToHex as bytesToHex27, hexToBytes as hexToBytes21, randomBytes as randomBytes15, utf8ToBytes as utf8ToBytes5 } from "@noble/hashes/utils";
+import { bytesToHex as bytesToHex27, hexToBytes as hexToBytes21, randomBytes as randomBytes16, utf8ToBytes as utf8ToBytes5 } from "@noble/hashes/utils";
 import { xchacha20poly1305 as xchacha20poly13054 } from "@noble/ciphers/chacha.js";
 var VOTE_ENCRYPTION_DOMAIN = "SIP-PRIVATE-VOTE-ENCRYPTION-V1";
 var NONCE_SIZE2 = 24;
@@ -11844,7 +11843,7 @@ var PrivateVoting = class {
     const { proposalId, choice, weight, encryptionKey, voter = "anonymous" } = params;
     const derivedKey = this.deriveEncryptionKey(encryptionKey, proposalId);
     try {
-      const nonce = randomBytes15(NONCE_SIZE2);
+      const nonce = randomBytes16(NONCE_SIZE2);
       const voteData = {
         proposalId,
         choice,
@@ -12161,7 +12160,7 @@ var PrivateVoting = class {
     }
     const encryptedBlindings = {};
     for (const [choice, blinding] of Object.entries(blindings)) {
-      const nonce = randomBytes15(NONCE_SIZE2);
+      const nonce = randomBytes16(NONCE_SIZE2);
       const derivedKey = this.deriveEncryptionKey(decryptionKey, `${proposalId}-tally-${choice}`);
       try {
         const cipher = xchacha20poly13054(derivedKey, nonce);
@@ -16280,7 +16279,7 @@ function createTrezorAdapter(config) {
 
 // src/wallet/hardware/mock.ts
 import { WalletErrorCode as WalletErrorCode17 } from "@sip-protocol/types";
-import { bytesToHex as bytesToHex29, randomBytes as randomBytes16 } from "@noble/hashes/utils";
+import { bytesToHex as bytesToHex29, randomBytes as randomBytes17 } from "@noble/hashes/utils";
 var MockLedgerAdapter = class extends BaseWalletAdapter {
   chain;
   name = "mock-ledger";
@@ -16525,12 +16524,12 @@ var MockLedgerAdapter = class extends BaseWalletAdapter {
     }
   }
   generateMockAddress(index) {
-    const bytes = randomBytes16(20);
+    const bytes = randomBytes17(20);
     bytes[0] = index;
     return `0x${bytesToHex29(bytes)}`;
   }
   generateMockPublicKey(index) {
-    const bytes = randomBytes16(33);
+    const bytes = randomBytes17(33);
     bytes[0] = 2;
     bytes[1] = index;
     return `0x${bytesToHex29(bytes)}`;
@@ -16731,12 +16730,12 @@ var MockTrezorAdapter = class extends BaseWalletAdapter {
     }
   }
   generateMockAddress(index) {
-    const bytes = randomBytes16(20);
+    const bytes = randomBytes17(20);
     bytes[0] = index + 100;
     return `0x${bytesToHex29(bytes)}`;
   }
   generateMockPublicKey(index) {
-    const bytes = randomBytes16(33);
+    const bytes = randomBytes17(33);
     bytes[0] = 3;
     bytes[1] = index + 100;
     return `0x${bytesToHex29(bytes)}`;

package/dist/index.js

@@ -5421,9 +5421,9 @@ async function createShieldedIntent(params, options) {
       const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
       return (0, import_utils6.hexToBytes)(cleanHex);
     };
-    const effectiveOwnershipSig = ownershipSignature ?? new Uint8Array(64);
-    const effectiveSenderSecret = senderSecret ?? new Uint8Array(32);
-    const effectiveAuthSig = authorizationSignature ?? new Uint8Array(64);
+    const effectiveOwnershipSig = ownershipSignature ?? (0, import_utils6.randomBytes)(64);
+    const effectiveSenderSecret = senderSecret ?? (0, import_utils6.randomBytes)(32);
+    const effectiveAuthSig = authorizationSignature ?? (0, import_utils6.randomBytes)(64);
     const fundingResult = await proofProvider.generateFundingProof({
       balance: input.amount,
       minimumRequired: input.amount,
@@ -5440,8 +5440,7 @@ async function createShieldedIntent(params, options) {
       senderBlinding: hexToUint8(senderCommitment.blindingFactor),
       senderSecret: effectiveSenderSecret,
       authorizationSignature: effectiveAuthSig,
-      nonce: new Uint8Array(32),
-      // Could use randomBytes here
+      nonce: (0, import_utils6.randomBytes)(32),
       timestamp: now,
       expiry: now + ttl
     });

package/dist/index.mjs

@@ -253,7 +253,7 @@ import {
   walletRegistry,
   withSecureBuffer,
   withSecureBufferSync
-} from "./chunk-O33JCQFJ.mjs";
+} from "./chunk-NM5PTCQ5.mjs";
 import {
   CryptoError,
   EncryptionNotImplementedError,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sip-protocol/sdk",
-  "version": "0.6.17",
+  "version": "0.6.18",
   "description": "Core SDK for Shielded Intents Protocol - Privacy layer for cross-chain transactions",
   "author": "SIP Protocol <hello@sip-protocol.org>",
   "homepage": "https://sip-protocol.org",

package/src/intent.ts

@@ -31,7 +31,7 @@ import {
   generateIntentId,
   hash,
 } from './crypto'
-import { hexToBytes, bytesToHex } from '@noble/hashes/utils'
+import { hexToBytes, bytesToHex, randomBytes } from '@noble/hashes/utils'
 import { sha256 } from '@noble/hashes/sha256'
 import { getPrivacyConfig, generateViewingKey } from './privacy'
 import type { ProofProvider } from './proofs'
@@ -556,9 +556,11 @@ export async function createShieldedIntent(
     }
 
     // Use provided signatures or placeholders (if allowed)
-    const effectiveOwnershipSig = ownershipSignature ?? new Uint8Array(64)
-    const effectiveSenderSecret = senderSecret ?? new Uint8Array(32)
-    const effectiveAuthSig = authorizationSignature ?? new Uint8Array(64)
+    // IMPORTANT: senderSecret must be random even for placeholders, as secp256k1
+    // rejects all-zero private keys. randomBytes generates cryptographically secure random values.
+    const effectiveOwnershipSig = ownershipSignature ?? randomBytes(64)
+    const effectiveSenderSecret = senderSecret ?? randomBytes(32)
+    const effectiveAuthSig = authorizationSignature ?? randomBytes(64)
 
     // Generate funding proof
     // Note: The funding proof proves balance >= minimumRequired
@@ -583,7 +585,7 @@ export async function createShieldedIntent(
       senderBlinding: hexToUint8(senderCommitment.blindingFactor as HexString),
       senderSecret: effectiveSenderSecret,
       authorizationSignature: effectiveAuthSig,
-      nonce: new Uint8Array(32), // Could use randomBytes here
+      nonce: randomBytes(32),
       timestamp: now,
       expiry: now + ttl,
     })