npm - @sip-protocol/sdk - Versions diffs - 0.7.3 → 0.7.4 - Mend

@sip-protocol/sdk 0.7.3 → 0.7.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (264) hide show

package/LICENSE +21 -0
package/README.md +267 -0
package/dist/{TransportWebUSB-TQ7WZ4LE.mjs → TransportWebUSB-YQMAGJAJ.mjs} +12 -9
package/dist/browser.d.mts +10 -4
package/dist/browser.d.ts +10 -4
package/dist/browser.js +47556 -19603
package/dist/browser.mjs +628 -48
package/dist/chunk-4GRJ5MAW.mjs +152 -0
package/dist/chunk-5D7A3L3W.mjs +717 -0
package/dist/chunk-64AYA5F5.mjs +7834 -0
package/dist/chunk-GMDGB22A.mjs +379 -0
package/dist/chunk-I534WKN7.mjs +328 -0
package/dist/chunk-IBZVA5Y7.mjs +1003 -0
package/dist/chunk-PRRZAWJE.mjs +223 -0
package/dist/{chunk-UJCSKKID.mjs → chunk-XGB3TDIC.mjs} +13 -1
package/dist/{chunk-3M3HNQCW.mjs → chunk-YWGJ77A2.mjs} +28656 -13103
package/dist/{chunk-6WGN57S2.mjs → chunk-Z3K7W5S3.mjs} +48 -0
package/dist/constants-LHAAUC2T.mjs +51 -0
package/dist/dist-2OGQ7FED.mjs +3957 -0
package/dist/dist-IFHPYLDX.mjs +254 -0
package/dist/fulfillment_proof-ANHVPKTB.mjs +21 -0
package/dist/funding_proof-ICFZ5LHY.mjs +21 -0
package/dist/{index-DIBZHOOQ.d.ts → index-DXh2IGkz.d.ts} +21239 -10304
package/dist/{index-8MQz13eJ.d.mts → index-DeE1ZzA4.d.mts} +21239 -10304
package/dist/index.d.mts +9 -3
package/dist/index.d.ts +9 -3
package/dist/index.js +48396 -19623
package/dist/index.mjs +537 -19
package/dist/interface-Bf7w1PLW.d.mts +679 -0
package/dist/interface-Bf7w1PLW.d.ts +679 -0
package/dist/{noir-DKfEzWy9.d.mts → noir-kzbLVTei.d.mts} +31 -21
package/dist/{noir-DKfEzWy9.d.ts → noir-kzbLVTei.d.ts} +31 -21
package/dist/proofs/halo2.d.mts +151 -0
package/dist/proofs/halo2.d.ts +151 -0
package/dist/proofs/halo2.js +350 -0
package/dist/proofs/halo2.mjs +11 -0
package/dist/proofs/kimchi.d.mts +160 -0
package/dist/proofs/kimchi.d.ts +160 -0
package/dist/proofs/kimchi.js +431 -0
package/dist/proofs/kimchi.mjs +13 -0
package/dist/proofs/noir.d.mts +1 -1
package/dist/proofs/noir.d.ts +1 -1
package/dist/proofs/noir.js +74 -18
package/dist/proofs/noir.mjs +84 -24
package/dist/solana-U3MEGU7W.mjs +280 -0
package/dist/validity_proof-3POXLPNY.mjs +21 -0
package/package.json +54 -21
package/src/adapters/index.ts +41 -0
package/src/adapters/jupiter.ts +571 -0
package/src/adapters/near-intents.ts +135 -0
package/src/advisor/advisor.ts +653 -0
package/src/advisor/index.ts +54 -0
package/src/advisor/tools.ts +303 -0
package/src/advisor/types.ts +164 -0
package/src/chains/ethereum/announcement.ts +536 -0
package/src/chains/ethereum/bnb-optimizations.ts +474 -0
package/src/chains/ethereum/commitment.ts +522 -0
package/src/chains/ethereum/constants.ts +462 -0
package/src/chains/ethereum/deployment.ts +596 -0
package/src/chains/ethereum/gas-estimation.ts +538 -0
package/src/chains/ethereum/index.ts +268 -0
package/src/chains/ethereum/optimizations.ts +614 -0
package/src/chains/ethereum/privacy-adapter.ts +855 -0
package/src/chains/ethereum/registry.ts +584 -0
package/src/chains/ethereum/rpc.ts +905 -0
package/src/chains/ethereum/stealth.ts +491 -0
package/src/chains/ethereum/token.ts +790 -0
package/src/chains/ethereum/transfer.ts +637 -0
package/src/chains/ethereum/types.ts +456 -0
package/src/chains/ethereum/viewing-key.ts +455 -0
package/src/chains/near/commitment.ts +608 -0
package/src/chains/near/constants.ts +284 -0
package/src/chains/near/function-call.ts +871 -0
package/src/chains/near/history.ts +654 -0
package/src/chains/near/implicit-account.ts +840 -0
package/src/chains/near/index.ts +393 -0
package/src/chains/near/native-transfer.ts +658 -0
package/src/chains/near/nep141.ts +775 -0
package/src/chains/near/privacy-adapter.ts +889 -0
package/src/chains/near/resolver.ts +971 -0
package/src/chains/near/rpc.ts +1016 -0
package/src/chains/near/stealth.ts +419 -0
package/src/chains/near/types.ts +317 -0
package/src/chains/near/viewing-key.ts +876 -0
package/src/chains/solana/anchor-transfer.ts +386 -0
package/src/chains/solana/commitment.ts +577 -0
package/src/chains/solana/constants.ts +126 -12
package/src/chains/solana/ephemeral-keys.ts +543 -0
package/src/chains/solana/index.ts +252 -1
package/src/chains/solana/key-derivation.ts +418 -0
package/src/chains/solana/kit-compat.ts +334 -0
package/src/chains/solana/optimizations.ts +560 -0
package/src/chains/solana/privacy-adapter.ts +605 -0
package/src/chains/solana/providers/generic.ts +47 -6
package/src/chains/solana/providers/helius-enhanced-types.ts +336 -0
package/src/chains/solana/providers/helius-enhanced.ts +623 -0
package/src/chains/solana/providers/helius.ts +186 -33
package/src/chains/solana/providers/index.ts +31 -0
package/src/chains/solana/providers/interface.ts +61 -18
package/src/chains/solana/providers/quicknode.ts +409 -0
package/src/chains/solana/providers/triton.ts +426 -0
package/src/chains/solana/providers/webhook.ts +338 -67
package/src/chains/solana/rpc-client.ts +1150 -0
package/src/chains/solana/scan.ts +83 -66
package/src/chains/solana/sol-transfer.ts +732 -0
package/src/chains/solana/spl-transfer.ts +886 -0
package/src/chains/solana/stealth-scanner.ts +703 -0
package/src/chains/solana/sunspot-verifier.ts +453 -0
package/src/chains/solana/transaction-builder.ts +755 -0
package/src/chains/solana/transfer.ts +74 -5
package/src/chains/solana/types.ts +57 -6
package/src/chains/solana/utils.ts +110 -0
package/src/chains/solana/viewing-key.ts +807 -0
package/src/compliance/fireblocks.ts +921 -0
package/src/compliance/index.ts +23 -0
package/src/compliance/range-sas.ts +398 -33
package/src/config/endpoints.ts +100 -0
package/src/crypto.ts +11 -8
package/src/errors.ts +82 -0
package/src/evm/erc4337-relayer.ts +830 -0
package/src/evm/index.ts +47 -0
package/src/fees/calculator.ts +396 -0
package/src/fees/index.ts +87 -0
package/src/fees/near-contract.ts +429 -0
package/src/fees/types.ts +268 -0
package/src/index.ts +686 -1
package/src/intent.ts +6 -3
package/src/logger.ts +324 -0
package/src/network/index.ts +80 -0
package/src/network/proxy.ts +691 -0
package/src/optimizations/index.ts +541 -0
package/src/oracle/types.ts +1 -0
package/src/privacy-backends/arcium-types.ts +727 -0
package/src/privacy-backends/arcium.ts +719 -0
package/src/privacy-backends/combined-privacy.ts +866 -0
package/src/privacy-backends/cspl-token.ts +595 -0
package/src/privacy-backends/cspl-types.ts +512 -0
package/src/privacy-backends/cspl.ts +907 -0
package/src/privacy-backends/health.ts +488 -0
package/src/privacy-backends/inco-types.ts +323 -0
package/src/privacy-backends/inco.ts +616 -0
package/src/privacy-backends/index.ts +254 -4
package/src/privacy-backends/interface.ts +649 -6
package/src/privacy-backends/lru-cache.ts +343 -0
package/src/privacy-backends/magicblock.ts +458 -0
package/src/privacy-backends/mock.ts +258 -0
package/src/privacy-backends/privacycash.ts +13 -17
package/src/privacy-backends/private-swap.ts +570 -0
package/src/privacy-backends/rate-limiter.ts +683 -0
package/src/privacy-backends/registry.ts +414 -2
package/src/privacy-backends/router.ts +283 -3
package/src/privacy-backends/shadowwire.ts +449 -0
package/src/privacy-backends/sip-native.ts +3 -0
package/src/privacy-logger.ts +191 -0
package/src/production-safety.ts +373 -0
package/src/proofs/aggregator.ts +1029 -0
package/src/proofs/browser-composer.ts +1150 -0
package/src/proofs/browser.ts +113 -25
package/src/proofs/cache/index.ts +127 -0
package/src/proofs/cache/interface.ts +545 -0
package/src/proofs/cache/key-generator.ts +188 -0
package/src/proofs/cache/lru-cache.ts +481 -0
package/src/proofs/cache/multi-tier-cache.ts +575 -0
package/src/proofs/cache/persistent-cache.ts +788 -0
package/src/proofs/compliance-proof.ts +872 -0
package/src/proofs/composer/base.ts +923 -0
package/src/proofs/composer/index.ts +25 -0
package/src/proofs/composer/interface.ts +518 -0
package/src/proofs/composer/types.ts +383 -0
package/src/proofs/converters/halo2.ts +452 -0
package/src/proofs/converters/index.ts +208 -0
package/src/proofs/converters/interface.ts +363 -0
package/src/proofs/converters/kimchi.ts +462 -0
package/src/proofs/converters/noir.ts +451 -0
package/src/proofs/fallback.ts +888 -0
package/src/proofs/halo2.ts +42 -0
package/src/proofs/index.ts +471 -0
package/src/proofs/interface.ts +13 -0
package/src/proofs/kimchi.ts +42 -0
package/src/proofs/lazy.ts +1004 -0
package/src/proofs/mock.ts +25 -1
package/src/proofs/noir.ts +110 -29
package/src/proofs/orchestrator.ts +960 -0
package/src/proofs/parallel/concurrency.ts +297 -0
package/src/proofs/parallel/dependency-graph.ts +602 -0
package/src/proofs/parallel/executor.ts +420 -0
package/src/proofs/parallel/index.ts +131 -0
package/src/proofs/parallel/interface.ts +685 -0
package/src/proofs/parallel/worker-pool.ts +644 -0
package/src/proofs/providers/halo2.ts +560 -0
package/src/proofs/providers/index.ts +34 -0
package/src/proofs/providers/kimchi.ts +641 -0
package/src/proofs/validator.ts +881 -0
package/src/proofs/verifier.ts +867 -0
package/src/quantum/index.ts +112 -0
package/src/quantum/winternitz-vault.ts +639 -0
package/src/quantum/wots.ts +611 -0
package/src/settlement/backends/direct-chain.ts +1 -0
package/src/settlement/index.ts +9 -0
package/src/settlement/router.ts +732 -46
package/src/solana/index.ts +72 -0
package/src/solana/jito-relayer.ts +687 -0
package/src/solana/noir-verifier-types.ts +430 -0
package/src/solana/noir-verifier.ts +816 -0
package/src/stealth/address-derivation.ts +193 -0
package/src/stealth/ed25519.ts +431 -0
package/src/stealth/index.ts +233 -0
package/src/stealth/meta-address.ts +221 -0
package/src/stealth/secp256k1.ts +368 -0
package/src/stealth/utils.ts +194 -0
package/src/stealth.ts +50 -1504
package/src/sync/index.ts +106 -0
package/src/sync/manager.ts +504 -0
package/src/sync/mock-provider.ts +318 -0
package/src/sync/oblivious.ts +625 -0
package/src/tokens/index.ts +15 -0
package/src/tokens/registry.ts +301 -0
package/src/utils/deprecation.ts +94 -0
package/src/utils/index.ts +9 -0
package/src/wallet/ethereum/index.ts +68 -0
package/src/wallet/ethereum/metamask-privacy.ts +420 -0
package/src/wallet/ethereum/multi-wallet.ts +646 -0
package/src/wallet/ethereum/privacy-adapter.ts +700 -0
package/src/wallet/ethereum/types.ts +3 -1
package/src/wallet/ethereum/walletconnect-adapter.ts +675 -0
package/src/wallet/hardware/index.ts +10 -0
package/src/wallet/hardware/ledger-privacy.ts +414 -0
package/src/wallet/index.ts +71 -0
package/src/wallet/near/adapter.ts +626 -0
package/src/wallet/near/index.ts +86 -0
package/src/wallet/near/meteor-wallet.ts +1153 -0
package/src/wallet/near/my-near-wallet.ts +790 -0
package/src/wallet/near/wallet-selector.ts +702 -0
package/src/wallet/solana/adapter.ts +6 -4
package/src/wallet/solana/index.ts +13 -0
package/src/wallet/solana/privacy-adapter.ts +567 -0
package/src/wallet/sui/types.ts +6 -4
package/src/zcash/rpc-client.ts +13 -6
package/dist/chunk-2XIVXWHA.mjs +0 -1930
package/dist/chunk-3INS3PR5.mjs +0 -884
package/dist/chunk-3OVABDRH.mjs +0 -17096
package/dist/chunk-7RFRWDCW.mjs +0 -1504
package/dist/chunk-DLDWZFYC.mjs +0 -1495
package/dist/chunk-E6SZWREQ.mjs +0 -57
package/dist/chunk-F6F73W35.mjs +0 -16166
package/dist/chunk-G33LB27A.mjs +0 -16166
package/dist/chunk-HGU6HZRC.mjs +0 -231
package/dist/chunk-L2K34JCU.mjs +0 -1496
package/dist/chunk-OFDBEIEK.mjs +0 -16166
package/dist/chunk-SF7YSLF5.mjs +0 -1515
package/dist/chunk-SN4ZDTVW.mjs +0 -16166
package/dist/chunk-WWUSGOXE.mjs +0 -17129
package/dist/constants-VOI7BSLK.mjs +0 -27
package/dist/index-B71aXVzk.d.ts +0 -13264
package/dist/index-BYZbDjal.d.ts +0 -11390
package/dist/index-CHB3KuOB.d.mts +0 -11859
package/dist/index-CzWPI6Le.d.ts +0 -11859
package/dist/index-pOIIuwfV.d.mts +0 -13264
package/dist/index-xbWjohNq.d.mts +0 -11390
package/dist/solana-4O4K45VU.mjs +0 -46
package/dist/solana-5EMCTPTS.mjs +0 -46
package/dist/solana-NDABAZ6P.mjs +0 -56
package/dist/solana-Q4NAVBTS.mjs +0 -46
package/dist/solana-ZYO63LY5.mjs +0 -46

package/dist/chunk-GMDGB22A.mjs ADDED Viewed

@@ -0,0 +1,379 @@
+// src/proofs/circuits/fulfillment_proof.json
+var noir_version = "1.0.0-beta.15+83245db91dcf63420ef4bcbbd85b98f397fee663";
+var hash = "13146944445132352806";
+var abi = { parameters: [{ name: "intent_hash", type: { kind: "field" }, visibility: "public" }, { name: "output_commitment_x", type: { kind: "field" }, visibility: "public" }, { name: "output_commitment_y", type: { kind: "field" }, visibility: "public" }, { name: "recipient_stealth", type: { kind: "field" }, visibility: "public" }, { name: "min_output_amount", type: { kind: "integer", sign: "unsigned", width: 64 }, visibility: "public" }, { name: "solver_id", type: { kind: "field" }, visibility: "public" }, { name: "fulfillment_time", type: { kind: "integer", sign: "unsigned", width: 64 }, visibility: "public" }, { name: "expiry", type: { kind: "integer", sign: "unsigned", width: 64 }, visibility: "public" }, { name: "output_amount", type: { kind: "integer", sign: "unsigned", width: 64 }, visibility: "private" }, { name: "output_blinding", type: { kind: "field" }, visibility: "private" }, { name: "solver_secret", type: { kind: "field" }, visibility: "private" }, { name: "attestation_recipient", type: { kind: "field" }, visibility: "private" }, { name: "attestation_amount", type: { kind: "integer", sign: "unsigned", width: 64 }, visibility: "private" }, { name: "attestation_tx_hash", type: { kind: "field" }, visibility: "private" }, { name: "attestation_block", type: { kind: "integer", sign: "unsigned", width: 64 }, visibility: "private" }, { name: "oracle_signature", type: { kind: "array", length: 64, type: { kind: "integer", sign: "unsigned", width: 8 } }, visibility: "private" }, { name: "oracle_message_hash", type: { kind: "array", length: 32, type: { kind: "integer", sign: "unsigned", width: 8 } }, visibility: "private" }, { name: "oracle_pub_key_x", type: { kind: "array", length: 32, type: { kind: "integer", sign: "unsigned", width: 8 } }, visibility: "private" }, { name: "oracle_pub_key_y", type: { kind: "array", length: 32, type: { kind: "integer", sign: "unsigned", width: 8 } }, visibility: "private" }], return_type: null, error_types: { "1811611355587044900": { error_kind: "string", string: "Unauthorized solver" }, "5682920188479059162": { error_kind: "string", string: "Amount mismatch in attestation" }, "9350488092177273812": { error_kind: "string", string: "Recipient mismatch in attestation" }, "10078784717933725989": { error_kind: "string", string: "Invalid oracle attestation signature" }, "10879340518732620616": { error_kind: "string", string: "Commitment X mismatch" }, "12297495446303487112": { error_kind: "string", string: "Output below minimum" }, "12394005467219657293": { error_kind: "string", string: "Commitment Y mismatch" }, "15764276373176857197": { error_kind: "string", string: "Stack too deep" }, "17406200060514520896": { error_kind: "string", string: "Fulfillment after expiry" } } };
+var bytecode = "H4sIAAAAAAAA/82aCXBV1QGGzwshhBqJEJYQBR7IFoFIgKAIQhRCIErYouwJIQkQNAlkgyBCwr4ohKXUglpcKgFBtpiyCrZjW7GM06kjHactOmO1M51au+gA6oz5yX/zDpefvPcSdTwz8OV999x7z7153Pz/Cx5TN0LJvMzc/HO1fIOvPbV/mpGYk+hyYcK1EC5cuAjhWgkXyf1td5twrYVrI1yUcG2Faydce+E6CBctXEfhYoS7Xbg7hOskXGfhugjnFa6rcN2Eu1O47sL1EK6ncL2E6y1crHB3CddHuL7C9RMuTri7hesvXLxwA4QbKNwg4RKEGyzcPcLdK9wQ4e4Tbqhww4S7X7jhwo0QLlG4B4R7ULiRwo0SLkm40cIlCzdGuLHCpQj3kHAPCzdOuFThxgs3QbiJwk0SbrJwacI9Ityjwk0Rbqpw04SbLtwM4WYKN0u4dOEyhJstXKZwc4TLEi5buBzh5go3T7j5wuUKt0C4x4R7XLg84fKFKxBuoXCLhCsUrki4YuFKhCsVbrFwS4QrE26pcE8It0y4J4VbLtwK4cqFqxBupXCrhFst3Brh1gq3Trj1wm0QbqNwm4R7Srinhdss3BbhKoXbKtw24bYLt0O4nwq3U7ifCfeMcD8Xbpdwu4V7VrjnhHteuF8It0e4F4R7UbiXhHtZuF8K94pwe4WrEm6fcPuFe1W4A8IdFO41ulC+DjE3Dsd5yf7ZqYUfxe+JPT4hqaaiYuqs3gP/MabsxMKtIz/6YvvnPJbXBDQ84f7nehra6DWB7Wtf1yHysDPDuRkQia4jhLpO9H1d/E2OW8njeg4FsYbDpnE31RPktdpr8netoQ2c2H1ef8cK4E1TP+xv/BHyqHtSsyYswN9NOnLzuTNdcz1HA1+D+S5vaEvTuBt6jKx2Twr2htoL8HdDj5nAb2h14Gu4dtPwjQ2znJcMH17W+s8JLUtjPw8rif+63flvyqp2f/bOkMoRuVP6ZhWkTLfnxqxIv3pwRfzMHvui/xfx+4sDR/zh1aUX345s+7eK02/1vrJ9lj03kOHMbZ5StaDonY2DJqXPeOP9j4e+0HHz2siMIRN6bll0KWnrmY9D7Lne59492/erKVe+DC0YdTHmt1cvF6Yd+l3istB/zomZs+78mz3tuf6G/UY7Qh4lj5HVrrX6GZ7Xa/+qqf3zK9eGYH/UeExw5wxwbpPWFGICX1ON+WHW1MwEvqZbzA+zpiCe4p4I07g1BfsT7bgJfE04dhjPUUAuJBeRhWQRWUyWkKXkYnIJWUYuJZ8gl5FPksvJFWQ5WUGuJFeRq8k15FpyHbme3EBuJDeRT5FPk5uNr7KAlcZXTcBtxldBwB3GVzXAncZXKcBnjK86gLuMryKAzxpfFQCfN77ID+4xvmgPvmh8ER582fiiOviK8UVysMr4oje43/giNnjA+KI0+BoZSd5GtibbkFFkW7Id2Z7sQEaTHckY8nbyDrIT2ZnsYnzPQrAr2Y28k+xO9iB7kr3I3mQseRfZh+xL9iPjyLvJ/mQ8OYAcSA4iE8jB5D3kveQQ8j5yKDmMvJ8cTo4gE8kHyAfJkeQoMokcTSaTY8ixZAr5EPkwOY5MJceTE8iJ5CRyMplGPkI+Sk4hp5LTyOnkDHImOYtMJzPI2WQmOYfMIrPJHHIuOY+cT+aSC8jHyMfJPDKfxHPzhLl+eEivCWh4TlhzA2lZ9jmact6fBD73uvB7kjzlnhRs+LUX4O/CT9587g3h91Tga7h2037M4bff5ROJf9/QKjVq8YeTi65+sqtTyfjchE/2ltfM3VEc/98LF+y5cRfW/3HavNOTj6/ZGndr+7WZaQdq9v/6T5fTe51f/u+jb1ausuf6G/Yb7SR5yrU2P8MTxNygjnu69q8zxve7a2cEG8Sam+DOGeDc7/QzpTAT+Bpb+J/raWij1wS2r31dZ8lzzgznMyWIRNcRgv1MqbEX7+8zpbNBrOGcadxN9QR5rfaa/F3rXn6BBxc+QcCDFO0FbeFWU/efK5DMkMqQyJDGkMSQwpDAkL6QvJC6kLiQtpC0kLKQsJCuunA9XU1dmkKSQopCgkJ6QnJCakJiQlpCUkJKQkJCOkIyQipCIkIaQhJCCkICQvpB8kHqQeJB2kHSQcpBwkG6QbJJNHWJBmkGSQYpBgkG6QXJBakFiQVpBUkFKQUJBekEyQSpBIkEaQRJBCkECQTpA8kDqQOJA09yJA2kDDypkS6QLGabukSBNIEkgRSBBIH0gOSA1IDEgLSApICUgISAdIBmhFaERoQ2hCaEFoQGhPaD5oPWg8aDtoOmg5aDhoN2g2ZTbuoaDdoMnt5oMWgwaC9oLmgtaCxoK2gqaCloKGgnaCZoJWgkaCNoImghaCBoH2geaB1oHGgbaBpoGWgYaBdoFntMXaNAm0CTQItAg0B7wHsQrQGNAW0BTQEtAQ3B+XDdGc7DEM8GPAPw4MW/7RbWHHv+PnL9oE87/H/pvv3WpvoPscdkbavYEvfVTnvbYXLcyg8zU6dfW079cD4DfS/q7NXZu39TYW9zPhf9oLr/xAtv/zXV3vY62WNslHdcy0ub7G1O8us+973L/+rWvaO97QyZ+O60qlPDt/zH8c7DsxWZnZNVkLewoCgnY35ufnFn2nDXbOfJ6jUBDU+4tV/w+5cnh7sPGNT+Jtn5dUtT1u/s04j96+PcKGt/91owIvjafoQ7++Dd2cr6OtLaByPJOp7HtW20OG8TrynJ2T+0cfuHtDE3nt85Fn6C4Bqj+bqZmGu/l5pbc9R9NcJ5xHHc98b+PnjJqHhzsculhLI+7QcXjC9dfSnt4PK2L8V+Ghn9Wcmw0it/KXBfS0gDa49oYA0R4nrs++P8m2jc/V+S7JzTWVdzc+P9so8f6prfiWxpnd9ep9c0PD5464v3q1MG5LV27Y/hXDOuM4ZfZ+cW5mQV55bmZNQ+mHLm5RRmLCopKM7NyS927kS4tZdzxGDekc7+tzRu/+tKm3GtxT5u/QnJULGf5yavQ1xsaK7b2y5CbHOO2Ya01+tcx7dZzirpuSsAAA==";
+var debug_symbols = "pZbLjqswDIbfJWsWsXPvq4xGFW2ZERKiFdMe6ajqux+7QwJdJOoJG2Iu/oiN/eO7OHWH2/e+H7/OP2L3cReHqR+G/ns/nI/ttT+PdPUuJB/Aih02Atzv4sVO0RLETjcC6Qn9eDQiuu2vU9ex14pD9Es7deNV7MbbMDTiTzvcng/9XNrxuV7bie7KRnTjiVYCfvVDx9ajWbxl3tVLnJ092uQO7sUf8v5W69nfGlXj7yH6e1/lH4N3Mvv+QvzgpZoB4JVLBPN2BlFCDAGlUhUECEEmgsEcwRUINu0BrDFLHsILwRf34NMeMEsIeYIGMDNBg/E1BFQuEtCZOgJsJaB6g1DMpLfxW4RQQ6AiiE2FgJAjcLpzCGV0TISyUtZsAtClTViV3UShKrUJMQ5t9UpdbCUi5BDF9rQmxbHKxH80OKiQCE7XEKiSIkFBlcgom9pTyxqRQYNJpqzJ5gF1obKlTVpJOVk+hn57EzYRkJS7JgyvU1l6l00lutLX8CmXav3Te61sLDWHx9Sh3mQ7FLfLJW7XS9wumLhdMYvpDDJ1WIBQg1DU21HwqDjrEItmQnBbEZiX3WJ9L7NAWGn/+x2i5JIJuSpvJnzSWXvsp9dpFSxNqlSMYN28+nkNv6uT3PxsABk8xTqMV1S8onmCYsOw6LLB8y+wwRPwcxL23HJsBBYkHoplNIAlgQ3kfbNBZMUPe80/MTaIrPgVnsisyeBdNHw0AhsPTs/Ut4eh4wg5B7fxGAOm0+vfS7wTB/jLdD52p9vUcXJWUzwdP6jbMXw+OIH/AA==";
+var file_map = { "14": { source: "// docs:start:ecdsa_secp256k1\n/// Verifies a ECDSA signature over the secp256k1 curve.\n/// - inputs:\n///     - x coordinate of public key as 32 bytes\n///     - y coordinate of public key as 32 bytes\n///     - the signature, as a 64 bytes array\n///       The signature internally will be represented as `(r, s)`,\n///       where `r` and `s` are fixed-sized big endian scalar values.\n///       As the `secp256k1` has a 256-bit modulus, we have a 64 byte signature\n///       while `r` and `s` will both be 32 bytes.\n///       We expect `s` to be normalized. This means given the curve's order,\n///       `s` should be less than or equal to `order / 2`.\n///       This is done to prevent malleability.\n///       For more context regarding malleability you can reference BIP 0062.\n///     - the hash of the message, as a vector of bytes\n/// - output: false for failure and true for success\npub fn verify_signature(\n    public_key_x: [u8; 32],\n    public_key_y: [u8; 32],\n    signature: [u8; 64],\n    message_hash: [u8; 32],\n) -> bool\n// docs:end:ecdsa_secp256k1\n{\n    _verify_signature(public_key_x, public_key_y, signature, message_hash, true)\n}\n\n#[foreign(ecdsa_secp256k1)]\npub fn _verify_signature(\n    public_key_x: [u8; 32],\n    public_key_y: [u8; 32],\n    signature: [u8; 64],\n    message_hash: [u8; 32],\n    predicate: bool,\n) -> bool {}\n", path: "std/ecdsa_secp256k1.nr" }, "16": { source: "use crate::cmp::Eq;\nuse crate::hash::Hash;\nuse crate::ops::arith::{Add, Neg, Sub};\n\n/// A point on the embedded elliptic curve\n/// By definition, the base field of the embedded curve is the scalar field of the proof system curve, i.e the Noir Field.\n/// x and y denotes the Weierstrass coordinates of the point, if is_infinite is false.\npub struct EmbeddedCurvePoint {\n    pub x: Field,\n    pub y: Field,\n    pub is_infinite: bool,\n}\n\nimpl EmbeddedCurvePoint {\n    /// Elliptic curve point doubling operation\n    /// returns the doubled point of a point P, i.e P+P\n    pub fn double(self) -> EmbeddedCurvePoint {\n        embedded_curve_add(self, self)\n    }\n\n    /// Returns the null element of the curve; 'the point at infinity'\n    pub fn point_at_infinity() -> EmbeddedCurvePoint {\n        EmbeddedCurvePoint { x: 0, y: 0, is_infinite: true }\n    }\n\n    /// Returns the curve's generator point.\n    pub fn generator() -> EmbeddedCurvePoint {\n        // Generator point for the grumpkin curve (y^2 = x^3 - 17)\n        EmbeddedCurvePoint {\n            x: 1,\n            y: 17631683881184975370165255887551781615748388533673675138860, // sqrt(-16)\n            is_infinite: false,\n        }\n    }\n}\n\nimpl Add for EmbeddedCurvePoint {\n    /// Adds two points P+Q, using the curve addition formula, and also handles point at infinity\n    fn add(self, other: EmbeddedCurvePoint) -> EmbeddedCurvePoint {\n        embedded_curve_add(self, other)\n    }\n}\n\nimpl Sub for EmbeddedCurvePoint {\n    /// Points subtraction operation, using addition and negation\n    fn sub(self, other: EmbeddedCurvePoint) -> EmbeddedCurvePoint {\n        self + other.neg()\n    }\n}\n\nimpl Neg for EmbeddedCurvePoint {\n    /// Negates a point P, i.e returns -P, by negating the y coordinate.\n    /// If the point is at infinity, then the result is also at infinity.\n    fn neg(self) -> EmbeddedCurvePoint {\n        EmbeddedCurvePoint { x: self.x, y: -self.y, is_infinite: self.is_infinite }\n    }\n}\n\nimpl Eq for EmbeddedCurvePoint {\n    /// Checks whether two points are equal\n    fn eq(self: Self, b: EmbeddedCurvePoint) -> bool {\n        (self.is_infinite & b.is_infinite)\n            | ((self.is_infinite == b.is_infinite) & (self.x == b.x) & (self.y == b.y))\n    }\n}\n\nimpl Hash for EmbeddedCurvePoint {\n    fn hash<H>(self, state: &mut H)\n    where\n        H: crate::hash::Hasher,\n    {\n        if self.is_infinite {\n            self.is_infinite.hash(state);\n        } else {\n            self.x.hash(state);\n            self.y.hash(state);\n        }\n    }\n}\n\n/// Scalar for the embedded curve represented as low and high limbs\n/// By definition, the scalar field of the embedded curve is base field of the proving system curve.\n/// It may not fit into a Field element, so it is represented with two Field elements; its low and high limbs.\npub struct EmbeddedCurveScalar {\n    pub lo: Field,\n    pub hi: Field,\n}\n\nimpl EmbeddedCurveScalar {\n    pub fn new(lo: Field, hi: Field) -> Self {\n        EmbeddedCurveScalar { lo, hi }\n    }\n\n    #[field(bn254)]\n    pub fn from_field(scalar: Field) -> EmbeddedCurveScalar {\n        let (a, b) = crate::field::bn254::decompose(scalar);\n        EmbeddedCurveScalar { lo: a, hi: b }\n    }\n\n    //Bytes to scalar: take the first (after the specified offset) 16 bytes of the input as the lo value, and the next 16 bytes as the hi value\n    #[field(bn254)]\n    pub(crate) fn from_bytes(bytes: [u8; 64], offset: u32) -> EmbeddedCurveScalar {\n        let mut v = 1;\n        let mut lo = 0 as Field;\n        let mut hi = 0 as Field;\n        for i in 0..16 {\n            lo = lo + (bytes[offset + 31 - i] as Field) * v;\n            hi = hi + (bytes[offset + 15 - i] as Field) * v;\n            v = v * 256;\n        }\n        let sig_s = crate::embedded_curve_ops::EmbeddedCurveScalar { lo, hi };\n        sig_s\n    }\n}\n\nimpl Eq for EmbeddedCurveScalar {\n    fn eq(self, other: Self) -> bool {\n        (other.hi == self.hi) & (other.lo == self.lo)\n    }\n}\n\nimpl Hash for EmbeddedCurveScalar {\n    fn hash<H>(self, state: &mut H)\n    where\n        H: crate::hash::Hasher,\n    {\n        self.hi.hash(state);\n        self.lo.hash(state);\n    }\n}\n\n// Computes a multi scalar multiplication over the embedded curve.\n// For bn254, We have Grumpkin and Baby JubJub.\n// For bls12-381, we have JubJub and Bandersnatch.\n//\n// The embedded curve being used is decided by the\n// underlying proof system.\n// docs:start:multi_scalar_mul\npub fn multi_scalar_mul<let N: u32>(\n    points: [EmbeddedCurvePoint; N],\n    scalars: [EmbeddedCurveScalar; N],\n) -> EmbeddedCurvePoint\n// docs:end:multi_scalar_mul\n{\n    multi_scalar_mul_array_return(points, scalars, true)[0]\n}\n\n#[foreign(multi_scalar_mul)]\npub(crate) fn multi_scalar_mul_array_return<let N: u32>(\n    points: [EmbeddedCurvePoint; N],\n    scalars: [EmbeddedCurveScalar; N],\n    predicate: bool,\n) -> [EmbeddedCurvePoint; 1] {}\n\n// docs:start:fixed_base_scalar_mul\npub fn fixed_base_scalar_mul(scalar: EmbeddedCurveScalar) -> EmbeddedCurvePoint\n// docs:end:fixed_base_scalar_mul\n{\n    multi_scalar_mul([EmbeddedCurvePoint::generator()], [scalar])\n}\n\n/// This function only assumes that the points are on the curve\n/// It handles corner cases around the infinity point causing some overhead compared to embedded_curve_add_not_nul and embedded_curve_add_unsafe\n// docs:start:embedded_curve_add\npub fn embedded_curve_add(\n    point1: EmbeddedCurvePoint,\n    point2: EmbeddedCurvePoint,\n) -> EmbeddedCurvePoint {\n    // docs:end:embedded_curve_add\n    if crate::runtime::is_unconstrained() {\n        // `embedded_curve_add_unsafe` requires the inputs not to be the infinity point, so we check it here.\n        // This is because `embedded_curve_add_unsafe` uses the `embedded_curve_add` opcode.\n        // For efficiency, the backend does not check the inputs for the infinity point, but it assumes that they are not the infinity point\n        // so that it can apply the ec addition formula directly.\n        if point1.is_infinite {\n            point2\n        } else if point2.is_infinite {\n            point1\n        } else {\n            embedded_curve_add_unsafe(point1, point2)\n        }\n    } else {\n        // In a constrained context, we also need to check the inputs are not the infinity point because we also use `embedded_curve_add_unsafe`\n        // However we also need to identify the case where the two inputs are the same, because then\n        // the addition formula does not work and we need to use the doubling formula instead.\n        // In unconstrained context, we can check directly if the input values are the same when solving the opcode, so it is not an issue.\n\n        // x_coordinates_match is true if both abscissae are the same\n        let x_coordinates_match = point1.x == point2.x;\n        // y_coordinates_match is true if both ordinates are the same\n        let y_coordinates_match = point1.y == point2.y;\n        // double_predicate is true if both abscissae and ordinates are the same\n        let double_predicate = (x_coordinates_match & y_coordinates_match);\n        // If the abscissae are the same, but not the ordinates, then one point is the opposite of the other\n        let infinity_predicate = (x_coordinates_match & !y_coordinates_match);\n\n        // `embedded_curve_add_unsafe` would not perform doubling, even if the inputs point1 and point2 are the same, because it cannot know this without adding some logic (and some constraints)\n        // However we did this logic when we computed `double_predicate`, so we set the result to 2*point1 if point1 and point2 are the same\n        let mut result = if double_predicate {\n            // `embedded_curve_add_unsafe` is doing a doubling if the input is the same variable, because in this case it is guaranteed (at 'compile time') that the input is the same.\n            embedded_curve_add_unsafe(point1, point1)\n        } else {\n            let point1_1 = EmbeddedCurvePoint {\n                x: point1.x + (x_coordinates_match as Field),\n                y: point1.y,\n                is_infinite: false,\n            };\n            let point2_1 = EmbeddedCurvePoint { x: point2.x, y: point2.y, is_infinite: false };\n            // point1_1 is guaranteed to have a different abscissa than point2:\n            // - if x_coordinates_match is 0, that means point1.x != point2.x, and point1_1.x = point1.x + 0\n            // - if x_coordinates_match is 1, that means point1.x = point2.x, but point1_1.x = point1.x + 1 in this case\n            // Because the abscissa is different, the addition formula is guaranteed to succeed, so we can safely use `embedded_curve_add_unsafe`\n            // Note that this computation may be garbage: if x_coordinates_match is 1, or if one of the input is the point at infinity.\n            // therefore we only want to do this if we need the result, otherwise it needs to be eliminated as a dead instruction, lest we want the circuit to fail.\n            embedded_curve_add_unsafe(point1_1, point2_1)\n        };\n\n        // Same logic as above for unconstrained context, we set the proper result when one of the inputs is the infinity point\n        if point1.is_infinite {\n            result = point2;\n        }\n        if point2.is_infinite {\n            result = point1;\n        }\n\n        // Finally, we set the is_infinity flag of the result:\n        // Opposite points should sum into the infinity point, however, if one of them is point at infinity, their coordinates are not meaningful\n        // so we should not use the fact that the inputs are opposite in this case:\n        let mut result_is_infinity =\n            infinity_predicate & (!point1.is_infinite & !point2.is_infinite);\n        // However, if both of them are at infinity, then the result is also at infinity\n        result.is_infinite = result_is_infinity | (point1.is_infinite & point2.is_infinite);\n        result\n    }\n}\n\n#[foreign(embedded_curve_add)]\nfn embedded_curve_add_array_return(\n    _point1: EmbeddedCurvePoint,\n    _point2: EmbeddedCurvePoint,\n    _predicate: bool,\n) -> [EmbeddedCurvePoint; 1] {}\n\n/// This function assumes that:\n/// The points are on the curve, and\n/// The points don't share an x-coordinate, and\n/// Neither point is the infinity point.\n/// If it is used with correct input, the function ensures the correct non-zero result is returned.\n/// Except for points on the curve, the other assumptions are checked by the function. It will cause assertion failure if they are not respected.\npub fn embedded_curve_add_not_nul(\n    point1: EmbeddedCurvePoint,\n    point2: EmbeddedCurvePoint,\n) -> EmbeddedCurvePoint {\n    assert(point1.x != point2.x);\n    assert(!point1.is_infinite);\n    assert(!point2.is_infinite);\n    // Ensure is_infinite is comptime\n    let point1_1 = EmbeddedCurvePoint { x: point1.x, y: point1.y, is_infinite: false };\n    let point2_1 = EmbeddedCurvePoint { x: point2.x, y: point2.y, is_infinite: false };\n    embedded_curve_add_unsafe(point1_1, point2_1)\n}\n\n/// Unsafe ec addition\n/// If the inputs are the same, it will perform a doubling, but only if point1 and point2 are the same variable.\n/// If they have the same value but are different variables, the result will be incorrect because in this case\n/// it assumes (but does not check) that the points' x-coordinates are not equal.\n/// It also assumes neither point is the infinity point.\npub fn embedded_curve_add_unsafe(\n    point1: EmbeddedCurvePoint,\n    point2: EmbeddedCurvePoint,\n) -> EmbeddedCurvePoint {\n    embedded_curve_add_array_return(point1, point2, true)[0]\n}\n", path: "std/embedded_curve_ops.nr" }, "17": { source: `use crate::field::field_less_than;
+use crate::runtime::is_unconstrained;
+// The low and high decomposition of the field modulus
+global PLO: Field = 53438638232309528389504892708671455233;
+global PHI: Field = 64323764613183177041862057485226039389;
+pub(crate) global TWO_POW_128: Field = 0x100000000000000000000000000000000;
+// Decomposes a single field into two 16 byte fields.
+fn compute_decomposition(x: Field) -> (Field, Field) {
+    // Here's we're taking advantage of truncating 128 bit limbs from the input field
+    // and then subtracting them from the input such the field division is equivalent to integer division.
+    let low = (x as u128) as Field;
+    let high = (x - low) / TWO_POW_128;
+    (low, high)
+}
+pub(crate) unconstrained fn decompose_hint(x: Field) -> (Field, Field) {
+    compute_decomposition(x)
+}
+unconstrained fn lte_hint(x: Field, y: Field) -> bool {
+    if x == y {
+        true
+    } else {
+        field_less_than(x, y)
+    }
+}
+// Assert that (alo > blo && ahi >= bhi) || (alo <= blo && ahi > bhi)
+fn assert_gt_limbs(a: (Field, Field), b: (Field, Field)) {
+    let (alo, ahi) = a;
+    let (blo, bhi) = b;
+    // Safety: borrow is enforced to be boolean due to its type.
+    // if borrow is 0, it asserts that (alo > blo && ahi >= bhi)
+    // if borrow is 1, it asserts that (alo <= blo && ahi > bhi)
+    unsafe {
+        let borrow = lte_hint(alo, blo);
+        let rlo = alo - blo - 1 + (borrow as Field) * TWO_POW_128;
+        let rhi = ahi - bhi - (borrow as Field);
+        rlo.assert_max_bit_size::<128>();
+        rhi.assert_max_bit_size::<128>();
+    }
+}
+/// Decompose a single field into two 16 byte fields.
+pub fn decompose(x: Field) -> (Field, Field) {
+    if is_unconstrained() {
+        compute_decomposition(x)
+    } else {
+        // Safety: decomposition is properly checked below
+        unsafe {
+            // Take hints of the decomposition
+            let (xlo, xhi) = decompose_hint(x);
+            // Range check the limbs
+            xlo.assert_max_bit_size::<128>();
+            xhi.assert_max_bit_size::<128>();
+            // Check that the decomposition is correct
+            assert_eq(x, xlo + TWO_POW_128 * xhi);
+            // Assert that the decomposition of P is greater than the decomposition of x
+            assert_gt_limbs((PLO, PHI), (xlo, xhi));
+            (xlo, xhi)
+        }
+    }
+}
+pub fn assert_gt(a: Field, b: Field) {
+    if is_unconstrained() {
+        assert(
+            // Safety: already unconstrained
+            unsafe { field_less_than(b, a) },
+        );
+    } else {
+        // Decompose a and b
+        let a_limbs = decompose(a);
+        let b_limbs = decompose(b);
+        // Assert that a_limbs is greater than b_limbs
+        assert_gt_limbs(a_limbs, b_limbs)
+    }
+}
+pub fn assert_lt(a: Field, b: Field) {
+    assert_gt(b, a);
+}
+pub fn gt(a: Field, b: Field) -> bool {
+    if is_unconstrained() {
+        // Safety: unsafe in unconstrained
+        unsafe {
+            field_less_than(b, a)
+        }
+    } else if a == b {
+        false
+    } else {
+        // Safety: Take a hint of the comparison and verify it
+        unsafe {
+            if field_less_than(a, b) {
+                assert_gt(b, a);
+                false
+            } else {
+                assert_gt(a, b);
+                true
+            }
+        }
+    }
+}
+pub fn lt(a: Field, b: Field) -> bool {
+    gt(b, a)
+}
+mod tests {
+    // TODO: Allow imports from "super"
+    use crate::field::bn254::{assert_gt, decompose, gt, lt, lte_hint, PHI, PLO, TWO_POW_128};
+    #[test]
+    fn check_decompose() {
+        assert_eq(decompose(TWO_POW_128), (0, 1));
+        assert_eq(decompose(TWO_POW_128 + 0x1234567890), (0x1234567890, 1));
+        assert_eq(decompose(0x1234567890), (0x1234567890, 0));
+    }
+    #[test]
+    unconstrained fn check_lte_hint() {
+        assert(lte_hint(0, 1));
+        assert(lte_hint(0, 0x100));
+        assert(lte_hint(0x100, TWO_POW_128 - 1));
+        assert(!lte_hint(0 - 1, 0));
+        assert(lte_hint(0, 0));
+        assert(lte_hint(0x100, 0x100));
+        assert(lte_hint(0 - 1, 0 - 1));
+    }
+    #[test]
+    fn check_gt() {
+        assert(gt(1, 0));
+        assert(gt(0x100, 0));
+        assert(gt((0 - 1), (0 - 2)));
+        assert(gt(TWO_POW_128, 0));
+        assert(!gt(0, 0));
+        assert(!gt(0, 0x100));
+        assert(gt(0 - 1, 0 - 2));
+        assert(!gt(0 - 2, 0 - 1));
+        assert_gt(0 - 1, 0);
+    }
+    #[test]
+    fn check_plo_phi() {
+        assert_eq(PLO + PHI * TWO_POW_128, 0);
+        let p_bytes = crate::field::modulus_le_bytes();
+        let mut p_low: Field = 0;
+        let mut p_high: Field = 0;
+        let mut offset = 1;
+        for i in 0..16 {
+            p_low += (p_bytes[i] as Field) * offset;
+            p_high += (p_bytes[i + 16] as Field) * offset;
+            offset *= 256;
+        }
+        assert_eq(p_low, PLO);
+        assert_eq(p_high, PHI);
+    }
+    #[test]
+    fn check_decompose_edge_cases() {
+        assert_eq(decompose(0), (0, 0));
+        assert_eq(decompose(TWO_POW_128 - 1), (TWO_POW_128 - 1, 0));
+        assert_eq(decompose(TWO_POW_128 + 1), (1, 1));
+        assert_eq(decompose(TWO_POW_128 * 2), (0, 2));
+        assert_eq(decompose(TWO_POW_128 * 2 + 0x1234567890), (0x1234567890, 2));
+    }
+    #[test]
+    fn check_decompose_large_values() {
+        let large_field = 0xffffffffffffffff;
+        let (lo, hi) = decompose(large_field);
+        assert_eq(large_field, lo + TWO_POW_128 * hi);
+        let large_value = large_field - TWO_POW_128;
+        let (lo2, hi2) = decompose(large_value);
+        assert_eq(large_value, lo2 + TWO_POW_128 * hi2);
+    }
+    #[test]
+    fn check_lt_comprehensive() {
+        assert(lt(0, 1));
+        assert(!lt(1, 0));
+        assert(!lt(0, 0));
+        assert(!lt(42, 42));
+        assert(lt(TWO_POW_128 - 1, TWO_POW_128));
+        assert(!lt(TWO_POW_128, TWO_POW_128 - 1));
+    }
+}
+`, path: "std/field/bn254.nr" }, "19": { source: '// Exposed only for usage in `std::meta`\npub(crate) mod poseidon2;\n\nuse crate::default::Default;\nuse crate::embedded_curve_ops::{\n    EmbeddedCurvePoint, EmbeddedCurveScalar, multi_scalar_mul, multi_scalar_mul_array_return,\n};\nuse crate::meta::derive_via;\n\n#[foreign(sha256_compression)]\n// docs:start:sha256_compression\npub fn sha256_compression(input: [u32; 16], state: [u32; 8]) -> [u32; 8] {}\n// docs:end:sha256_compression\n\n#[foreign(keccakf1600)]\n// docs:start:keccakf1600\npub fn keccakf1600(input: [u64; 25]) -> [u64; 25] {}\n// docs:end:keccakf1600\n\npub mod keccak {\n    #[deprecated("This function has been moved to std::hash::keccakf1600")]\n    pub fn keccakf1600(input: [u64; 25]) -> [u64; 25] {\n        super::keccakf1600(input)\n    }\n}\n\n#[foreign(blake2s)]\n// docs:start:blake2s\npub fn blake2s<let N: u32>(input: [u8; N]) -> [u8; 32]\n// docs:end:blake2s\n{}\n\n// docs:start:blake3\npub fn blake3<let N: u32>(input: [u8; N]) -> [u8; 32]\n// docs:end:blake3\n{\n    if crate::runtime::is_unconstrained() {\n        // Temporary measure while Barretenberg is main proving system.\n        // Please open an issue if you\'re working on another proving system and running into problems due to this.\n        crate::static_assert(\n            N <= 1024,\n            "Barretenberg cannot prove blake3 hashes with inputs larger than 1024 bytes",\n        );\n    }\n    __blake3(input)\n}\n\n#[foreign(blake3)]\nfn __blake3<let N: u32>(input: [u8; N]) -> [u8; 32] {}\n\n// docs:start:pedersen_commitment\npub fn pedersen_commitment<let N: u32>(input: [Field; N]) -> EmbeddedCurvePoint {\n    // docs:end:pedersen_commitment\n    pedersen_commitment_with_separator(input, 0)\n}\n\n#[inline_always]\npub fn pedersen_commitment_with_separator<let N: u32>(\n    input: [Field; N],\n    separator: u32,\n) -> EmbeddedCurvePoint {\n    let mut points = [EmbeddedCurveScalar { lo: 0, hi: 0 }; N];\n    for i in 0..N {\n        // we use the unsafe version because the multi_scalar_mul will constrain the scalars.\n        points[i] = from_field_unsafe(input[i]);\n    }\n    let generators = derive_generators("DEFAULT_DOMAIN_SEPARATOR".as_bytes(), separator);\n    multi_scalar_mul(generators, points)\n}\n\n// docs:start:pedersen_hash\npub fn pedersen_hash<let N: u32>(input: [Field; N]) -> Field\n// docs:end:pedersen_hash\n{\n    pedersen_hash_with_separator(input, 0)\n}\n\n#[no_predicates]\npub fn pedersen_hash_with_separator<let N: u32>(input: [Field; N], separator: u32) -> Field {\n    let mut scalars: [EmbeddedCurveScalar; N + 1] = [EmbeddedCurveScalar { lo: 0, hi: 0 }; N + 1];\n    let mut generators: [EmbeddedCurvePoint; N + 1] =\n        [EmbeddedCurvePoint::point_at_infinity(); N + 1];\n    let domain_generators: [EmbeddedCurvePoint; N] =\n        derive_generators("DEFAULT_DOMAIN_SEPARATOR".as_bytes(), separator);\n\n    for i in 0..N {\n        scalars[i] = from_field_unsafe(input[i]);\n        generators[i] = domain_generators[i];\n    }\n    scalars[N] = EmbeddedCurveScalar { lo: N as Field, hi: 0 as Field };\n\n    let length_generator: [EmbeddedCurvePoint; 1] =\n        derive_generators("pedersen_hash_length".as_bytes(), 0);\n    generators[N] = length_generator[0];\n    multi_scalar_mul_array_return(generators, scalars, true)[0].x\n}\n\n#[field(bn254)]\n#[inline_always]\npub fn derive_generators<let N: u32, let M: u32>(\n    domain_separator_bytes: [u8; M],\n    starting_index: u32,\n) -> [EmbeddedCurvePoint; N] {\n    crate::assert_constant(domain_separator_bytes);\n    // TODO(https://github.com/noir-lang/noir/issues/5672): Add back assert_constant on starting_index\n    __derive_generators(domain_separator_bytes, starting_index)\n}\n\n#[builtin(derive_pedersen_generators)]\n#[field(bn254)]\nfn __derive_generators<let N: u32, let M: u32>(\n    domain_separator_bytes: [u8; M],\n    starting_index: u32,\n) -> [EmbeddedCurvePoint; N] {}\n\n#[field(bn254)]\n// Same as from_field but:\n// does not assert the limbs are 128 bits\n// does not assert the decomposition does not overflow the EmbeddedCurveScalar\nfn from_field_unsafe(scalar: Field) -> EmbeddedCurveScalar {\n    // Safety: xlo and xhi decomposition is checked below\n    let (xlo, xhi) = unsafe { crate::field::bn254::decompose_hint(scalar) };\n    // Check that the decomposition is correct\n    assert_eq(scalar, xlo + crate::field::bn254::TWO_POW_128 * xhi);\n    EmbeddedCurveScalar { lo: xlo, hi: xhi }\n}\n\npub fn poseidon2_permutation<let N: u32>(input: [Field; N], state_len: u32) -> [Field; N] {\n    assert_eq(input.len(), state_len);\n    poseidon2_permutation_internal(input)\n}\n\n#[foreign(poseidon2_permutation)]\nfn poseidon2_permutation_internal<let N: u32>(input: [Field; N]) -> [Field; N] {}\n\n// Generic hashing support.\n// Partially ported and impacted by rust.\n\n// Hash trait shall be implemented per type.\n#[derive_via(derive_hash)]\npub trait Hash {\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher;\n}\n\n// docs:start:derive_hash\ncomptime fn derive_hash(s: TypeDefinition) -> Quoted {\n    let name = quote { $crate::hash::Hash };\n    let signature = quote { fn hash<H>(_self: Self, _state: &mut H) where H: $crate::hash::Hasher };\n    let for_each_field = |name| quote { _self.$name.hash(_state); };\n    crate::meta::make_trait_impl(\n        s,\n        name,\n        signature,\n        for_each_field,\n        quote {},\n        |fields| fields,\n    )\n}\n// docs:end:derive_hash\n\n// Hasher trait shall be implemented by algorithms to provide hash-agnostic means.\n// TODO: consider making the types generic here ([u8], [Field], etc.)\npub trait Hasher {\n    fn finish(self) -> Field;\n\n    fn write(&mut self, input: Field);\n}\n\n// BuildHasher is a factory trait, responsible for production of specific Hasher.\npub trait BuildHasher {\n    type H: Hasher;\n\n    fn build_hasher(self) -> H;\n}\n\npub struct BuildHasherDefault<H>;\n\nimpl<H> BuildHasher for BuildHasherDefault<H>\nwhere\n    H: Hasher + Default,\n{\n    type H = H;\n\n    fn build_hasher(_self: Self) -> H {\n        H::default()\n    }\n}\n\nimpl<H> Default for BuildHasherDefault<H>\nwhere\n    H: Hasher + Default,\n{\n    fn default() -> Self {\n        BuildHasherDefault {}\n    }\n}\n\nimpl Hash for Field {\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        H::write(state, self);\n    }\n}\n\nimpl Hash for u1 {\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        H::write(state, self as Field);\n    }\n}\n\nimpl Hash for u8 {\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        H::write(state, self as Field);\n    }\n}\n\nimpl Hash for u16 {\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        H::write(state, self as Field);\n    }\n}\n\nimpl Hash for u32 {\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        H::write(state, self as Field);\n    }\n}\n\nimpl Hash for u64 {\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        H::write(state, self as Field);\n    }\n}\n\nimpl Hash for u128 {\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        H::write(state, self as Field);\n    }\n}\n\nimpl Hash for i8 {\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        H::write(state, self as u8 as Field);\n    }\n}\n\nimpl Hash for i16 {\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        H::write(state, self as u16 as Field);\n    }\n}\n\nimpl Hash for i32 {\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        H::write(state, self as u32 as Field);\n    }\n}\n\nimpl Hash for i64 {\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        H::write(state, self as u64 as Field);\n    }\n}\n\nimpl Hash for bool {\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        H::write(state, self as Field);\n    }\n}\n\nimpl Hash for () {\n    fn hash<H>(_self: Self, _state: &mut H)\n    where\n        H: Hasher,\n    {}\n}\n\nimpl<T, let N: u32> Hash for [T; N]\nwhere\n    T: Hash,\n{\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        for elem in self {\n            elem.hash(state);\n        }\n    }\n}\n\nimpl<T> Hash for [T]\nwhere\n    T: Hash,\n{\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        self.len().hash(state);\n        for elem in self {\n            elem.hash(state);\n        }\n    }\n}\n\nimpl<A, B> Hash for (A, B)\nwhere\n    A: Hash,\n    B: Hash,\n{\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        self.0.hash(state);\n        self.1.hash(state);\n    }\n}\n\nimpl<A, B, C> Hash for (A, B, C)\nwhere\n    A: Hash,\n    B: Hash,\n    C: Hash,\n{\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        self.0.hash(state);\n        self.1.hash(state);\n        self.2.hash(state);\n    }\n}\n\nimpl<A, B, C, D> Hash for (A, B, C, D)\nwhere\n    A: Hash,\n    B: Hash,\n    C: Hash,\n    D: Hash,\n{\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        self.0.hash(state);\n        self.1.hash(state);\n        self.2.hash(state);\n        self.3.hash(state);\n    }\n}\n\nimpl<A, B, C, D, E> Hash for (A, B, C, D, E)\nwhere\n    A: Hash,\n    B: Hash,\n    C: Hash,\n    D: Hash,\n    E: Hash,\n{\n    fn hash<H>(self, state: &mut H)\n    where\n        H: Hasher,\n    {\n        self.0.hash(state);\n        self.1.hash(state);\n        self.2.hash(state);\n        self.3.hash(state);\n        self.4.hash(state);\n    }\n}\n\n// Some test vectors for Pedersen hash and Pedersen Commitment.\n// They have been generated using the same functions so the tests are for now useless\n// but they will be useful when we switch to Noir implementation.\n#[test]\nfn assert_pedersen() {\n    assert_eq(\n        pedersen_hash_with_separator([1], 1),\n        0x1b3f4b1a83092a13d8d1a59f7acb62aba15e7002f4440f2275edb99ebbc2305f,\n    );\n    assert_eq(\n        pedersen_commitment_with_separator([1], 1),\n        EmbeddedCurvePoint {\n            x: 0x054aa86a73cb8a34525e5bbed6e43ba1198e860f5f3950268f71df4591bde402,\n            y: 0x209dcfbf2cfb57f9f6046f44d71ac6faf87254afc7407c04eb621a6287cac126,\n            is_infinite: false,\n        },\n    );\n\n    assert_eq(\n        pedersen_hash_with_separator([1, 2], 2),\n        0x26691c129448e9ace0c66d11f0a16d9014a9e8498ee78f4d69f0083168188255,\n    );\n    assert_eq(\n        pedersen_commitment_with_separator([1, 2], 2),\n        EmbeddedCurvePoint {\n            x: 0x2e2b3b191e49541fe468ec6877721d445dcaffe41728df0a0eafeb15e87b0753,\n            y: 0x2ff4482400ad3a6228be17a2af33e2bcdf41be04795f9782bd96efe7e24f8778,\n            is_infinite: false,\n        },\n    );\n    assert_eq(\n        pedersen_hash_with_separator([1, 2, 3], 3),\n        0x0bc694b7a1f8d10d2d8987d07433f26bd616a2d351bc79a3c540d85b6206dbe4,\n    );\n    assert_eq(\n        pedersen_commitment_with_separator([1, 2, 3], 3),\n        EmbeddedCurvePoint {\n            x: 0x1fee4e8cf8d2f527caa2684236b07c4b1bad7342c01b0f75e9a877a71827dc85,\n            y: 0x2f9fedb9a090697ab69bf04c8bc15f7385b3e4b68c849c1536e5ae15ff138fd1,\n            is_infinite: false,\n        },\n    );\n    assert_eq(\n        pedersen_hash_with_separator([1, 2, 3, 4], 4),\n        0xdae10fb32a8408521803905981a2b300d6a35e40e798743e9322b223a5eddc,\n    );\n    assert_eq(\n        pedersen_commitment_with_separator([1, 2, 3, 4], 4),\n        EmbeddedCurvePoint {\n            x: 0x07ae3e202811e1fca39c2d81eabe6f79183978e6f12be0d3b8eda095b79bdbc9,\n            y: 0x0afc6f892593db6fbba60f2da558517e279e0ae04f95758587760ba193145014,\n            is_infinite: false,\n        },\n    );\n    assert_eq(\n        pedersen_hash_with_separator([1, 2, 3, 4, 5], 5),\n        0xfc375b062c4f4f0150f7100dfb8d9b72a6d28582dd9512390b0497cdad9c22,\n    );\n    assert_eq(\n        pedersen_commitment_with_separator([1, 2, 3, 4, 5], 5),\n        EmbeddedCurvePoint {\n            x: 0x1754b12bd475a6984a1094b5109eeca9838f4f81ac89c5f0a41dbce53189bb29,\n            y: 0x2da030e3cfcdc7ddad80eaf2599df6692cae0717d4e9f7bfbee8d073d5d278f7,\n            is_infinite: false,\n        },\n    );\n    assert_eq(\n        pedersen_hash_with_separator([1, 2, 3, 4, 5, 6], 6),\n        0x1696ed13dc2730062a98ac9d8f9de0661bb98829c7582f699d0273b18c86a572,\n    );\n    assert_eq(\n        pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6], 6),\n        EmbeddedCurvePoint {\n            x: 0x190f6c0e97ad83e1e28da22a98aae156da083c5a4100e929b77e750d3106a697,\n            y: 0x1f4b60f34ef91221a0b49756fa0705da93311a61af73d37a0c458877706616fb,\n            is_infinite: false,\n        },\n    );\n    assert_eq(\n        pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7], 7),\n        0x128c0ff144fc66b6cb60eeac8a38e23da52992fc427b92397a7dffd71c45ede3,\n    );\n    assert_eq(\n        pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7], 7),\n        EmbeddedCurvePoint {\n            x: 0x015441e9d29491b06563fac16fc76abf7a9534c715421d0de85d20dbe2965939,\n            y: 0x1d2575b0276f4e9087e6e07c2cb75aa1baafad127af4be5918ef8a2ef2fea8fc,\n            is_infinite: false,\n        },\n    );\n    assert_eq(\n        pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7, 8], 8),\n        0x2f960e117482044dfc99d12fece2ef6862fba9242be4846c7c9a3e854325a55c,\n    );\n    assert_eq(\n        pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7, 8], 8),\n        EmbeddedCurvePoint {\n            x: 0x1657737676968887fceb6dd516382ea13b3a2c557f509811cd86d5d1199bc443,\n            y: 0x1f39f0cb569040105fa1e2f156521e8b8e08261e635a2b210bdc94e8d6d65f77,\n            is_infinite: false,\n        },\n    );\n    assert_eq(\n        pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9], 9),\n        0x0c96db0790602dcb166cc4699e2d306c479a76926b81c2cb2aaa92d249ec7be7,\n    );\n    assert_eq(\n        pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9], 9),\n        EmbeddedCurvePoint {\n            x: 0x0a3ceae42d14914a432aa60ec7fded4af7dad7dd4acdbf2908452675ec67e06d,\n            y: 0xfc19761eaaf621ad4aec9a8b2e84a4eceffdba78f60f8b9391b0bd9345a2f2,\n            is_infinite: false,\n        },\n    );\n    assert_eq(\n        pedersen_hash_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9, 10], 10),\n        0x2cd37505871bc460a62ea1e63c7fe51149df5d0801302cf1cbc48beb8dff7e94,\n    );\n    assert_eq(\n        pedersen_commitment_with_separator([1, 2, 3, 4, 5, 6, 7, 8, 9, 10], 10),\n        EmbeddedCurvePoint {\n            x: 0x2fb3f8b3d41ddde007c8c3c62550f9a9380ee546fcc639ffbb3fd30c8d8de30c,\n            y: 0x300783be23c446b11a4c0fabf6c91af148937cea15fcf5fb054abf7f752ee245,\n            is_infinite: false,\n        },\n    );\n}\n', path: "std/hash/mod.nr" }, "50": { source: `/// Fulfillment Proof Circuit
+///
+/// Proves: "The solver correctly executed the intent and delivered
+/// the required output to the recipient, without revealing execution
+/// path, liquidity sources, or intermediate transactions."
+///
+/// @see docs/specs/FULFILLMENT-PROOF.md
+use std::hash::pedersen_hash;
+use std::hash::pedersen_commitment;
+use std::ecdsa_secp256k1::verify_signature;
+// --- Main Circuit ---
+/// Main fulfillment proof entry point
+///
+/// Public inputs: intent_hash, output_commitment, recipient_stealth,
+///                min_output_amount, solver_id, fulfillment_time, expiry
+/// Private inputs: output_amount, output_blinding, attestation data, solver_secret
+///
+/// Constraints:
+/// 1. output_amount >= min_output_amount (range proof via u64)
+/// 2. output_commitment = Pedersen(output_amount, output_blinding)
+/// 3. Oracle attestation is valid and matches claimed values
+/// 4. Solver is authorized (solver_id derived from solver_secret)
+/// 5. fulfillment_time <= expiry
+pub fn main(
+    // Public inputs
+    intent_hash: pub Field,
+    output_commitment_x: pub Field,
+    output_commitment_y: pub Field,
+    recipient_stealth: pub Field,
+    min_output_amount: pub u64,
+    solver_id: pub Field,
+    fulfillment_time: pub u64,
+    expiry: pub u64,
+    // Private inputs
+    output_amount: u64,
+    output_blinding: Field,
+    solver_secret: Field,
+    // Oracle attestation (private)
+    attestation_recipient: Field,
+    attestation_amount: u64,
+    attestation_tx_hash: Field,
+    attestation_block: u64,
+    oracle_signature: [u8; 64],
+    oracle_message_hash: [u8; 32],
+    oracle_pub_key_x: [u8; 32],
+    oracle_pub_key_y: [u8; 32],
+) {
+    // Constraint 1: Output meets minimum requirement
+    // Range proof is implicit via u64 type comparison
+    assert(output_amount >= min_output_amount, "Output below minimum");
+    // Constraint 2: Output commitment is valid
+    // C = Pedersen(output_amount, output_blinding)
+    let commitment = pedersen_commitment([output_amount as Field, output_blinding]);
+    assert(commitment.x == output_commitment_x, "Commitment X mismatch");
+    assert(commitment.y == output_commitment_y, "Commitment Y mismatch");
+    // Constraint 3a: Attestation matches claimed values
+    assert(attestation_recipient == recipient_stealth, "Recipient mismatch in attestation");
+    assert(attestation_amount == output_amount, "Amount mismatch in attestation");
+    // Constraint 3b: Oracle signature is valid
+    let valid_attestation = verify_signature(
+        oracle_pub_key_x,
+        oracle_pub_key_y,
+        oracle_signature,
+        oracle_message_hash
+    );
+    assert(valid_attestation, "Invalid oracle attestation signature");
+    // Constraint 4: Solver authorization
+    // solver_id = pedersen_hash(solver_secret)
+    let computed_solver_id = pedersen_hash([solver_secret]);
+    assert(computed_solver_id == solver_id, "Unauthorized solver");
+    // Constraint 5: Time constraint
+    assert(fulfillment_time <= expiry, "Fulfillment after expiry");
+    // Intent hash binding (ensures this proof is for this specific intent)
+    // The intent_hash is a public input, binding this proof to the intent
+    // No additional constraint needed - it's enforced by the verifier checking public inputs
+    let _ = intent_hash;
+    // Attestation metadata (tx_hash and block) are included for auditability
+    // but not strictly constrained in circuit (oracle signature covers them)
+    let _ = attestation_tx_hash;
+    let _ = attestation_block;
+}
+// --- Tests ---
+#[test]
+fn test_output_commitment() {
+    // Test that commitment is correctly computed
+    let output_amount: u64 = 1000000;
+    let output_blinding: Field = 0x123456789;
+    let commitment1 = pedersen_commitment([output_amount as Field, output_blinding]);
+    let commitment2 = pedersen_commitment([output_amount as Field, output_blinding]);
+    // Commitment should be deterministic
+    assert(commitment1.x == commitment2.x, "Commitment X should be deterministic");
+    assert(commitment1.y == commitment2.y, "Commitment Y should be deterministic");
+}
+#[test]
+fn test_solver_authorization() {
+    // Test solver_id derivation
+    let solver_secret: Field = 0x1234567890ABCDEF;
+    let solver_id1 = pedersen_hash([solver_secret]);
+    let solver_id2 = pedersen_hash([solver_secret]);
+    // Solver ID should be deterministic
+    assert(solver_id1 == solver_id2, "Solver ID should be deterministic");
+    // Different secret should give different solver_id
+    let different_secret: Field = 0xFEDCBA0987654321;
+    let different_id = pedersen_hash([different_secret]);
+    assert(solver_id1 != different_id, "Different secrets should give different solver IDs");
+}
+#[test]
+fn test_range_proof_passes() {
+    // Test that output >= min passes
+    let output_amount: u64 = 1050000;
+    let min_output_amount: u64 = 1000000;
+    assert(output_amount >= min_output_amount, "Output should be >= minimum");
+}
+#[test]
+fn test_time_constraint_valid() {
+    // Test valid time constraint
+    let fulfillment_time: u64 = 1732650000;
+    let expiry: u64 = 1732686400;
+    assert(fulfillment_time <= expiry, "Fulfillment time should be <= expiry");
+}
+#[test]
+fn test_time_constraint_edge_case() {
+    // Edge case: exactly at expiry should be valid
+    let fulfillment_time: u64 = 1732686400;
+    let expiry: u64 = 1732686400;
+    assert(fulfillment_time <= expiry, "Fulfillment at exactly expiry should be valid");
+}
+// NOTE: Full integration tests with ECDSA oracle signatures require TypeScript SDK
+// The NoirProofProvider will generate valid oracle signature test vectors
+`, path: "/Users/rz/local-dev/sip-protocol/packages/circuits/fulfillment_proof/src/main.nr" } };
+var expression_width = { Bounded: { width: 4 } };
+var fulfillment_proof_default = { noir_version, hash, abi, bytecode, debug_symbols, file_map, expression_width };
+export {
+  noir_version,
+  hash,
+  abi,
+  bytecode,
+  debug_symbols,
+  file_map,
+  expression_width,
+  fulfillment_proof_default
+};