@stellar/stellar-sdk 16.0.0-rc.1 → 16.0.0-rc.2

package/dist/stellar-sdk.js

@@ -9279,6 +9279,9 @@
   // Reduce any little-endian byte string modulo the subgroup order; the `hash` name reflects the
   // common caller shape, not an input restriction.
   const modL_LE = (hash) => modN(bytesToNumberLE(hash)); // modulo L; but little-endian
+  // Both sync and async SHA-512 slots are exported/configurable; use `callHash(...)` for both so
+  // missing async overrides fail explicitly, then validate the returned digest type/length.
+  const sha512a = (...m) => Promise.resolve(callHash('sha512Async')(concatBytes(...m))).then(checkDigest);
   const sha512s = (...m) => checkDigest(callHash('sha512')(concatBytes(...m)));
   // RFC8032 5.1.5. Split the 64-byte hashed seed into the clamped scalar half and nonce prefix.
   const hash2extK = (hashed) => {
@@ -9296,6 +9299,8 @@
       const pointBytes = point.toBytes(); // point serialized to Uint8Array
       return { head, prefix, scalar, point, pointBytes };
   };
+  // RFC8032 5.1.5; getPublicKey async, sync. Hash priv key and extract point.
+  const getExtendedPublicKeyAsync = (secretKey) => sha512a(abytes(secretKey, L)).then(hash2extK);
   const getExtendedPublicKey = (secretKey) => hash2extK(sha512s(abytes(secretKey, L)));
   /**
    * Creates a 32-byte Ed25519 public key from the RFC 8032 32-byte secret-key seed.
@@ -9467,28 +9472,24 @@
       return abytes(seed, L);
   };
   /**
-   * Generates a secret/public keypair.
-   * @param seed - Optional 32-byte Ed25519 secret-key seed, returned verbatim as `secretKey`.
-   * @returns Keypair with `secretKey` and `publicKey`.
-   * @throws If synchronous SHA-512 has not been configured in `hashes`. {@link Error}
-   * @throws On wrong argument types. {@link TypeError}
-   * @throws On wrong argument ranges or values. {@link RangeError}
+   * Ed25519-specific key utilities.
+   * `utils.getExtendedPublicKey*` expose secret-derived internals (`head`, `prefix`, `scalar`, and
+   * point objects), not just public-key bytes.
    * @example
-   * Generate a new keypair through the synchronous API after wiring SHA-512.
+   * Generate a new Ed25519 secret key and derive the matching public key.
    *
    * ```ts
    * import * as ed from '@noble/ed25519';
-   * import { sha512 } from '@noble/hashes/sha2.js';
    *
-   * ed.hashes.sha512 = sha512;
-   * const { secretKey, publicKey } = ed.keygen();
+   * const secretKey = ed.utils.randomSecretKey();
+   * const publicKey = await ed.getPublicKeyAsync(secretKey);
    * ```
    */
-  const keygen = (seed) => {
-      const secretKey = randomSecretKey(seed);
-      const publicKey = getPublicKey(secretKey);
-      return { secretKey, publicKey };
-  };
+  const utils = /* @__PURE__ */ Object.freeze({
+      getExtendedPublicKeyAsync: getExtendedPublicKeyAsync,
+      getExtendedPublicKey: getExtendedPublicKey,
+      randomSecretKey: randomSecretKey,
+  });
   // ## Precomputes
   // --------------
   const W = 8; // W is window size
@@ -10666,7 +10667,7 @@
      * Create a random `Keypair` object.
      */
     static random() {
-      const { secretKey } = keygen();
+      const secretKey = utils.randomSecretKey();
       return this.fromRawEd25519Seed(bufferExports.Buffer.from(secretKey));
     }
     /** Returns this public key as an xdr.AccountId. */
@@ -19282,7 +19283,8 @@
       validUntilLedgerSeq,
       invocation,
       networkPassphrase,
-      publicKey = ""
+      publicKey = "",
+      authV2 = false
     } = params;
     const kp = Keypair.random().rawPublicKey();
     const nonce = new types.Int64(bytesToInt64(kp));
@@ -19290,18 +19292,17 @@
     if (!pk) {
       throw new Error(`authorizeInvocation requires publicKey parameter`);
     }
+    const addressCredentials = new types.SorobanAddressCredentials({
+      address: new Address(pk).toScAddress(),
+      nonce,
+      signatureExpirationLedger: 0,
+      // replaced
+      signature: types.ScVal.scvVec([])
+      // replaced
+    });
     const entry = new types.SorobanAuthorizationEntry({
       rootInvocation: invocation,
-      credentials: types.SorobanCredentials.sorobanCredentialsAddressV2(
-        new types.SorobanAddressCredentials({
-          address: new Address(pk).toScAddress(),
-          nonce,
-          signatureExpirationLedger: 0,
-          // replaced
-          signature: types.ScVal.scvVec([])
-          // replaced
-        })
-      )
+      credentials: authV2 ? types.SorobanCredentials.sorobanCredentialsAddressV2(addressCredentials) : types.SorobanCredentials.sorobanCredentialsAddress(addressCredentials)
     });
     return authorizeEntry(entry, signer, validUntilLedgerSeq, networkPassphrase);
   }
@@ -20876,7 +20877,7 @@ ${value}`, dataLines++;
     return doc && typeof doc == "object" && "baseURI" in doc && typeof doc.baseURI == "string" ? doc.baseURI : void 0;
   }
 
-  const version$1 = "16.0.0-rc.1";
+  const version$1 = "16.0.0-rc.2";
   const SERVER_TIME_MAP = {};
   function toSeconds(ms) {
     return Math.floor(ms / 1e3);
@@ -22803,7 +22804,7 @@ ${value}`, dataLines++;
     Api2.isSimulationRaw = isSimulationRaw;
   })(Api || (Api = {}));
 
-  const version = "16.0.0-rc.1";
+  const version = "16.0.0-rc.2";
   function createHttpClient(headers) {
     return createFetchClient({
       headers: {
@@ -23882,6 +23883,11 @@ ${value}`, dataLines++;
      *    auth mode to use for simulation: `enforce` for enforcement mode,
      *    `record` for recording mode, or `record_allow_nonroot` for recording
      *    mode that allows non-root authorization
+     * @param authV2 - (optional) request `SOROBAN_CREDENTIALS_ADDRESS_V2`
+     *    (CAP-71) auth credentials from simulation instead of the legacy
+     *    `SOROBAN_CREDENTIALS_ADDRESS`. Defaults to `false`; only enable it for
+     *    networks that have activated CAP-71, as V2 credentials are otherwise
+     *    rejected.
      *
      * @returns An object with the
      *    cost, footprint, result/auth requirements (if applicable), and error of
@@ -23921,12 +23927,12 @@ ${value}`, dataLines++;
      * });
      * ```
      */
-    async simulateTransaction(tx, addlResources, authMode) {
-      return this._simulateTransaction(tx, addlResources, authMode).then(
+    async simulateTransaction(tx, addlResources, authMode, authV2 = false) {
+      return this._simulateTransaction(tx, addlResources, authMode, authV2).then(
         parseRawSimulation
       );
     }
-    async _simulateTransaction(transaction, addlResources, authMode) {
+    async _simulateTransaction(transaction, addlResources, authMode, authV2 = false) {
       return postObject(
         this.httpClient,
         this.serverURL.toString(),
@@ -23938,7 +23944,11 @@ ${value}`, dataLines++;
             resourceConfig: {
               instructionLeeway: addlResources.cpuInstructions
             }
-          }
+          },
+          // CAP-71: only request ADDRESS_V2 auth credentials when explicitly
+          // opted in. They are rejected by networks that have not activated
+          // CAP-71, so default to omitting the flag (legacy ADDRESS credentials).
+          ...authV2 && { authV2: true }
         }
       );
     }
@@ -25002,7 +25012,12 @@ All attempts to get the result: ${JSON.stringify(
       restore = restore ?? this.options.restore;
       delete this.simulationResult;
       delete this.simulationTransactionData;
-      this.simulation = await this.server.simulateTransaction(this.built);
+      this.simulation = await this.server.simulateTransaction(
+        this.built,
+        void 0,
+        void 0,
+        this.options.authV2
+      );
       if (restore && Api.isSimulationRestore(this.simulation)) {
         const account = await getAccount(this.options, this.server);
         const result = await this.restoreFootprint(
@@ -26953,7 +26968,7 @@ ${indent} */
           build: "tsc"
         },
         dependencies: {
-          "@stellar/stellar-sdk": `^${"16.0.0-rc.1"}`,
+          "@stellar/stellar-sdk": `^${"16.0.0-rc.2"}`,
           buffer: "6.0.3"
         },
         devDependencies: {