npm - @sip-protocol/sdk - Versions diffs - 0.6.26 → 0.7.0 - Mend

@sip-protocol/sdk 0.6.26 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/LICENSE +21 -0
package/dist/browser.js +12 -0
package/dist/browser.mjs +1 -1
package/dist/{chunk-ZEYNCEIE.mjs → chunk-3OVABDRH.mjs} +12 -0
package/dist/index.js +12 -0
package/dist/index.mjs +1 -1
package/package.json +16 -16
package/src/intent.ts +10 -0
package/src/stealth.ts +12 -2
package/dist/chunk-46TH5SRE.mjs +0 -17077
package/dist/chunk-C7RM67TH.mjs +0 -17047
package/dist/chunk-EMOAOF5P.mjs +0 -17084
package/dist/chunk-GE566OLO.mjs +0 -17059
package/dist/chunk-GFSLU6SP.mjs +0 -17077
package/dist/chunk-JK4FDH74.mjs +0 -17059
package/dist/chunk-TSOCBT73.mjs +0 -17067
package/dist/index-BZxo_8F3.d.ts +0 -11388
package/dist/index-CRz9S3eE.d.mts +0 -11390
package/dist/index-DKJ81T9L.d.mts +0 -11388
package/dist/index-DO9Az5n4.d.ts +0 -11390
package/dist/index-Dex_NSYv.d.mts +0 -11390
package/dist/index-DhThjSB5.d.ts +0 -11390

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2025 RECTOR Labs
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/browser.js CHANGED Viewed

@@ -4036,6 +4036,9 @@ function generateStealthMetaAddress(chain, label) {
       "chain"
     );
   }
+  if (isEd25519Chain(chain)) {
+    return generateEd25519StealthMetaAddress(chain, label);
+  }
   const spendingPrivateKey = (0, import_utils2.randomBytes)(32);
   const viewingPrivateKey = (0, import_utils2.randomBytes)(32);
   try {
@@ -4097,6 +4100,9 @@ function validateStealthMetaAddress(metaAddress, field = "recipientMetaAddress")
 }
 function generateStealthAddress(recipientMetaAddress) {
   validateStealthMetaAddress(recipientMetaAddress);
+  if (isEd25519Chain(recipientMetaAddress.chain)) {
+    return generateEd25519StealthAddress(recipientMetaAddress);
+  }
   const ephemeralPrivateKey = (0, import_utils2.randomBytes)(32);
   try {
     const ephemeralPublicKey = import_secp256k1.secp256k1.getPublicKey(ephemeralPrivateKey, true);
@@ -5430,6 +5436,12 @@ async function createShieldedIntent(params, options) {
       const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
       return (0, import_utils6.hexToBytes)(cleanHex);
     };
+    if (allowPlaceholders && typeof process !== "undefined" && process.env?.NODE_ENV === "production") {
+      throw new ValidationError(
+        "allowPlaceholders cannot be used in production environment. Provide valid senderSecret and signatures for production use.",
+        "options.allowPlaceholders"
+      );
+    }
     const effectiveSenderSecret = senderSecret ?? (0, import_utils6.randomBytes)(32);
     const rawIntentHashBytes = (0, import_sha2565.sha256)(new TextEncoder().encode(intentId));
     const intentHashHex = hash(intentId);

package/dist/browser.mjs CHANGED Viewed

@@ -263,7 +263,7 @@ import {
   walletRegistry,
   withSecureBuffer,
   withSecureBufferSync
-} from "./chunk-ZEYNCEIE.mjs";
+} from "./chunk-3OVABDRH.mjs";
 import {
   fulfillment_proof_default,
   funding_proof_default,

package/dist/{chunk-ZEYNCEIE.mjs → chunk-3OVABDRH.mjs} RENAMED Viewed

@@ -379,6 +379,9 @@ function generateStealthMetaAddress(chain, label) {
       "chain"
     );
   }
+  if (isEd25519Chain(chain)) {
+    return generateEd25519StealthMetaAddress(chain, label);
+  }
   const spendingPrivateKey = randomBytes2(32);
   const viewingPrivateKey = randomBytes2(32);
   try {
@@ -440,6 +443,9 @@ function validateStealthMetaAddress(metaAddress, field = "recipientMetaAddress")
 }
 function generateStealthAddress(recipientMetaAddress) {
   validateStealthMetaAddress(recipientMetaAddress);
+  if (isEd25519Chain(recipientMetaAddress.chain)) {
+    return generateEd25519StealthAddress(recipientMetaAddress);
+  }
   const ephemeralPrivateKey = randomBytes2(32);
   try {
     const ephemeralPublicKey = secp256k1.getPublicKey(ephemeralPrivateKey, true);
@@ -1773,6 +1779,12 @@ async function createShieldedIntent(params, options) {
       const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
       return hexToBytes4(cleanHex);
     };
+    if (allowPlaceholders && typeof process !== "undefined" && process.env?.NODE_ENV === "production") {
+      throw new ValidationError(
+        "allowPlaceholders cannot be used in production environment. Provide valid senderSecret and signatures for production use.",
+        "options.allowPlaceholders"
+      );
+    }
     const effectiveSenderSecret = senderSecret ?? randomBytes6(32);
     const rawIntentHashBytes = sha2565(new TextEncoder().encode(intentId));
     const intentHashHex = hash(intentId);

package/dist/index.js CHANGED Viewed

@@ -4023,6 +4023,9 @@ function generateStealthMetaAddress(chain, label) {
       "chain"
     );
   }
+  if (isEd25519Chain(chain)) {
+    return generateEd25519StealthMetaAddress(chain, label);
+  }
   const spendingPrivateKey = (0, import_utils2.randomBytes)(32);
   const viewingPrivateKey = (0, import_utils2.randomBytes)(32);
   try {
@@ -4084,6 +4087,9 @@ function validateStealthMetaAddress(metaAddress, field = "recipientMetaAddress")
 }
 function generateStealthAddress(recipientMetaAddress) {
   validateStealthMetaAddress(recipientMetaAddress);
+  if (isEd25519Chain(recipientMetaAddress.chain)) {
+    return generateEd25519StealthAddress(recipientMetaAddress);
+  }
   const ephemeralPrivateKey = (0, import_utils2.randomBytes)(32);
   try {
     const ephemeralPublicKey = import_secp256k1.secp256k1.getPublicKey(ephemeralPrivateKey, true);
@@ -5417,6 +5423,12 @@ async function createShieldedIntent(params, options) {
       const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
       return (0, import_utils6.hexToBytes)(cleanHex);
     };
+    if (allowPlaceholders && typeof process !== "undefined" && process.env?.NODE_ENV === "production") {
+      throw new ValidationError(
+        "allowPlaceholders cannot be used in production environment. Provide valid senderSecret and signatures for production use.",
+        "options.allowPlaceholders"
+      );
+    }
     const effectiveSenderSecret = senderSecret ?? (0, import_utils6.randomBytes)(32);
     const rawIntentHashBytes = (0, import_sha2565.sha256)(new TextEncoder().encode(intentId));
     const intentHashHex = hash(intentId);

package/dist/index.mjs CHANGED Viewed

@@ -253,7 +253,7 @@ import {
   walletRegistry,
   withSecureBuffer,
   withSecureBufferSync
-} from "./chunk-ZEYNCEIE.mjs";
+} from "./chunk-3OVABDRH.mjs";
 import {
   CryptoError,
   EncryptionNotImplementedError,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sip-protocol/sdk",
-  "version": "0.6.26",
+  "version": "0.7.0",
   "description": "Core SDK for Shielded Intents Protocol - Privacy layer for cross-chain transactions",
   "author": "SIP Protocol <hello@sip-protocol.org>",
   "homepage": "https://sip-protocol.org",
@@ -36,18 +36,6 @@
     "dist",
     "src"
   ],
-  "scripts": {
-    "build": "tsup src/index.ts src/browser.ts src/proofs/noir.ts --format cjs,esm --dts",
-    "dev": "tsup src/index.ts src/browser.ts src/proofs/noir.ts --format cjs,esm --dts --watch",
-    "lint": "eslint --ext .ts src/",
-    "typecheck": "tsc --noEmit",
-    "clean": "rm -rf dist",
-    "test": "vitest",
-    "test:coverage": "vitest run --coverage",
-    "bench": "vitest bench --config vitest.bench.config.ts",
-    "bench:json": "vitest bench --config vitest.bench.config.ts --outputJson benchmarks/results.json",
-    "demo:auction": "tsx examples/auction-demo.ts"
-  },
   "dependencies": {
     "@aztec/bb.js": "3.0.0-nightly.20251104",
     "@ethereumjs/rlp": "^10.1.0",
@@ -57,7 +45,7 @@
     "@noir-lang/noir_js": "1.0.0-beta.15",
     "@noir-lang/types": "1.0.0-beta.15",
     "@scure/base": "^2.0.0",
-    "@sip-protocol/types": "^0.2.0"
+    "@sip-protocol/types": "0.2.1"
   },
   "devDependencies": {
     "@vitest/coverage-v8": "1.6.1",
@@ -74,5 +62,17 @@
     "stealth-addresses",
     "zcash"
   ],
-  "license": "MIT"
-}
+  "license": "MIT",
+  "scripts": {
+    "build": "tsup src/index.ts src/browser.ts src/proofs/noir.ts --format cjs,esm --dts",
+    "dev": "tsup src/index.ts src/browser.ts src/proofs/noir.ts --format cjs,esm --dts --watch",
+    "lint": "eslint --ext .ts src/",
+    "typecheck": "tsc --noEmit",
+    "clean": "rm -rf dist",
+    "test": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "bench": "vitest bench --config vitest.bench.config.ts",
+    "bench:json": "vitest bench --config vitest.bench.config.ts --outputJson benchmarks/results.json",
+    "demo:auction": "tsx examples/auction-demo.ts"
+  }
+}

package/src/intent.ts CHANGED Viewed

@@ -554,6 +554,16 @@ export async function createShieldedIntent(
       return hexToBytes(cleanHex)
     }
+    // SECURITY: Prevent placeholder mode in production environments
+    // Placeholder signatures are NOT cryptographically valid and must never be used in production
+    if (allowPlaceholders && typeof process !== 'undefined' && process.env?.NODE_ENV === 'production') {
+      throw new ValidationError(
+        'allowPlaceholders cannot be used in production environment. ' +
+        'Provide valid senderSecret and signatures for production use.',
+        'options.allowPlaceholders'
+      )
+    }
     // Use provided signatures or generate them from senderSecret
     // IMPORTANT: senderSecret must be random even for placeholders, as secp256k1
     // rejects all-zero private keys. randomBytes generates cryptographically secure random values.

package/src/stealth.ts CHANGED Viewed

@@ -113,7 +113,12 @@ export function generateStealthMetaAddress(
     )
   }
-  // Generate random private keys
+  // Dispatch to curve-specific implementation
+  if (isEd25519Chain(chain)) {
+    return generateEd25519StealthMetaAddress(chain, label)
+  }
+  // secp256k1 implementation for EVM chains
   const spendingPrivateKey = randomBytes(32)
   const viewingPrivateKey = randomBytes(32)
@@ -269,7 +274,12 @@ export function generateStealthAddress(
   // Validate input
   validateStealthMetaAddress(recipientMetaAddress)
-  // Generate ephemeral keypair
+  // Dispatch to curve-specific implementation based on chain
+  if (isEd25519Chain(recipientMetaAddress.chain)) {
+    return generateEd25519StealthAddress(recipientMetaAddress)
+  }
+  // secp256k1 implementation for EVM chains
   const ephemeralPrivateKey = randomBytes(32)
   try {