@unionlabs/payments 0.1.0

package/dist/cli.cjs

@@ -0,0 +1,3031 @@
+#!/usr/bin/env node
+'use strict';
+
+var commander = require('commander');
+var fs = require('fs');
+var V = require('viem');
+var accounts = require('viem/accounts');
+var connect = require('@connectrpc/connect');
+var connectWeb = require('@connectrpc/connect-web');
+var protobuf = require('@bufbuild/protobuf');
+var codegenv2 = require('@bufbuild/protobuf/codegenv2');
+var effect = require('effect');
+var chains = require('viem/chains');
+
+function _interopNamespace(e) {
+  if (e && e.__esModule) return e;
+  var n = Object.create(null);
+  if (e) {
+    Object.keys(e).forEach(function (k) {
+      if (k !== 'default') {
+        var d = Object.getOwnPropertyDescriptor(e, k);
+        Object.defineProperty(n, k, d.get ? d : {
+          enumerable: true,
+          get: function () { return e[k]; }
+        });
+      }
+    });
+  }
+  n.default = e;
+  return Object.freeze(n);
+}
+
+var V__namespace = /*#__PURE__*/_interopNamespace(V);
+
+// src/poseidon2.ts
+var PRIME = 0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001n;
+var NULLIFIER_DOMAIN = 0xdeadn;
+var ADDRESS_DOMAIN = 0xdeafn;
+var RC_EXT_0 = [
+  [
+    0x1da4d6adfb0d0b494584f763db50a81908580a5f5e295e168b9b8d31770fac4fn,
+    0x0946129a2e33b4e819707a56a3b3790eab80d0a0c7a0c63451fab2a59acc074cn
+  ],
+  [
+    0x2a39b9d5376afd35580abd6952986570867b87303b07140268794dad4b8f82ean,
+    0x27605717d1245c20c546b3c7014e5fa3e4a70e66ecd6de5d32448eea5e3069b2n
+  ],
+  [
+    0x24c896cb2594e17b973653193a470ed7e771ebb09a228d638e50809c03773632n,
+    0x0911096c45dd9cda0d61d783957003db6d8701c7869a919ad8042e1b7d597a49n
+  ]
+];
+var RC_INT = [
+  0x26ff6166f1e4b99e27eee6d352a8ce26f1daba01aad28021f11f38a70603afdcn,
+  // 3
+  0x008e2faedcf76d08ad6591ff90e50fea79bcb5e18cfb7d954d5b89437bf64b7en,
+  // 4
+  0x19c9da2379b598ace3ad4d1872470830f6184a3cec71eeb632f98820eb353d78n,
+  // 5
+  0x0f7c4eb15d8b0b62a8f6a090ec9610a2ab3dfcdb57e2539aa459a40583dfe96bn,
+  // 6
+  0x18b99417dc26b5e079750eba282362d1d46900b47dd5ff809171588b08ac3983n,
+  // 7
+  0x1ee044081160b3eee2d4493feab82141c73f1c054b76320a8848af08a8d91a26n,
+  // 8
+  0x29bb95c8763efd3e0e87f5df12ee8a150455b6d7a14780d19122220366c258dcn,
+  // 9
+  0x22c23eec9cb13ff8a3ee9a363d740653215e8991f7f9ec12067b4705e9a5c9fbn,
+  // 10
+  0x23589e033a31a667680c8b18926c3be09115c7644c4f905cc7deefc1690b42dcn,
+  // 11
+  0x304e99b887f2e1e92c9c0cde5f2bdd4764f60b98a219f1f0dd64ec938a6a247cn,
+  // 12
+  0x22e817865236ad3a76fbe88bbdf31fcae792f326271d53a3a493b2de7f7d8b4cn,
+  // 13
+  0x10c9efe573e86fa5b238a3f5c70a00bf02bc7dcfcc4878e026b77c881dc8b1c9n,
+  // 14
+  0x0a94f16be920d85f4d6f80e745c6bddbc084f309edffef023ea283c72b89bbb6n,
+  // 15
+  0x23ed72b4d01d14e3c7888fedb770494abc2c1ea81d6465b5df3da0ebcd69101an,
+  // 16
+  0x17c5115640e4cebeed0e6cbb511ac38498df815a77cb162de8d8f1022eb6bb74n,
+  // 17
+  0x2e507fcca290d0d9cf765245750eb04773e09e1fc813959fb99680a82772e4fcn,
+  // 18
+  0x0d4a98999f5b39176af6cce65c8d12162433f055cb71d70dfc8803013292bbbfn,
+  // 19
+  0x238d8022cc09c21ab3c01261a03dc125321d829e22a7a3b7a1bd3c335eccfa21n,
+  // 20
+  0x010cd8e4c2b7051cb81dc8292e35d8e943ce365613d5b39770e454ed9f4ae165n,
+  // 21
+  0x088027e54f2a3604b11178cf0ea3c6aa861173a90fb231238e03539590ecc027n,
+  // 22
+  0x1b840f5311a2b1d4b4cd7aa7e5a9a6d161165468daa938108302b73e464819dbn,
+  // 23
+  0x2bf51a5da1828a1cf9b764b1e16c15929a3a346e44198ea0cb366fcd8db78dc1n,
+  // 24
+  0x206ad089d8d296ffe68a6a86767a7fe726b8872f9c7beef9d56a3a50f6f23827n,
+  // 25
+  0x24d19193171494fa1a54e0a99ac16d05eaec4b6d617c7c199fc07ff88eac550cn,
+  // 26
+  0x1dd654a2ca9d9f24f33d88246a40dfb32c40662278b9c0b995d9f9fbaf152138n,
+  // 27
+  0x0d171025c925f6e259d20ecbd3a601108c85f05b0fe7793b8acf57f3789785e4n,
+  // 28
+  0x055bef435a43aec245cd99ccb0f7c8791d9e8cf2b80d95dd98b9908fed877d55n,
+  // 29
+  0x10d2ac8c61c8a2e88a2a3f42d9359a14be63d0ad4cfd9f203b75765d0e595f0en,
+  // 30
+  0x103479710e70996982a84057ec3ba6b2254d7966ddc41e85296e3d0790dcfa56n,
+  // 31
+  0x2a366f0448fda3c05914ffb48c765da8de96f9aa340db1638225f8372921807bn,
+  // 32
+  0x16be0fb8ef62da17919b6e0378d00594153bb8899aeb686c04626b63285837a4n,
+  // 33
+  0x0417038500e9d06c60abbc7f0d0d24c32dec8a0b2aa5a4d52cfd8c78a15bc370n,
+  // 34
+  0x26a6873b43ffd2ccf66ec6f4493ff9b54f4d76480bc486a3e5a0308fdd013812n,
+  // 35
+  0x0a3314a838f32630a96251914fe5ad262f3db9b2aa8aa9f7391922d36278c498n,
+  // 36
+  0x0fde0c5429a6beb07f462d4821f48f86aeadb46a090b15a044f4b59399027da4n,
+  // 37
+  0x0abc2d5049972a6b9b357e4163793b0bb517e1eb535a984df11a1c89cda2c8a9n,
+  // 38
+  0x0dab51d6e3ebfa661d21722fb21e55051b427a5f173f7f17735205dbb77c464en,
+  // 39
+  0x29c36622598b511d51af6cc37123652fb21be5c2d68fb8efe9b92e70a8c1ae03n,
+  // 40
+  0x2c03ec80adac2a33ae846bc0b700d0bcc41c4096e53ac6990d6bbe7ea2fbc85cn,
+  // 41
+  0x0918fdbe9cf3a59fbdb4c6852d065105317303116017d893b8b521e3cebe1e0dn,
+  // 42
+  0x1f19ec22e69ca33f599dd13cd7e495a8176a79df4f7acf79a9d2135acabe2359n,
+  // 43
+  0x1c4b037c8ae85ee1eb32b872eb7f76928c4c76b29ceb001346447b2911080704n,
+  // 44
+  0x2b68900ed906616d6c826d0bde341766ba3131e04d420de5af0a69c534efd8dbn,
+  // 45
+  0x20ca92aa222fcc69448f8dac653c8daaa180ff6dfb397cef723d4f0c782bc7f0n,
+  // 46
+  0x10d22d05bdff6bb375276fc82057db337045a5ab7ac053941f6186289b66b2b6n,
+  // 47
+  0x0b1ffdbb529367bb98f32ba45784cb435aa910b4a00636d1e5ca79e88bdd6cd9n,
+  // 48
+  0x2da32b38e7984bc2ed757ec705eccf8282c7b4f82e5e515f6f89bcc33022ce9fn,
+  // 49
+  0x042593ad87403f6d2674b8b55a886725b87eb33958031e94d292cecc6abed1bbn,
+  // 50
+  0x181fa1b4d067783a19d7367bf49b3f01051faedab463a6de9308fbd6e7d419f1n,
+  // 51
+  0x15aaa6cc9b7900b15683c95515c26028a8e35b00ed8a815c34927188c60de660n
+  // 52
+];
+var RC_EXT_1 = [
+  [
+    0x1bf28a93209084bbbc63234f057254c280b1a636f5a0eced6787320212f75a7an,
+    0x1cdb8c8bee5426f02cd9e229776118f156273b312f805c8e6f8c9d81a620cb6fn
+  ],
+  [
+    0x08299c0abf196d53162e0facb5f1876f516df2505cc387a0f8ea0e8760d5ca7en,
+    0x221643d205fe82778a7b7b58cb65c4962d76c0072cabd1124117269d7c710b8an
+  ],
+  [
+    0x2d036a95f81cf49bb7a0143a28c88767f6bd10c3f74b22db487920d43343dbffn,
+    0x08a50897c06aafe6ea414fb1bceca2267cd4a39486729fbc6d5d1bb7a172ebd2n
+  ]
+];
+function addMod(a, b) {
+  return ((a + b) % PRIME + PRIME) % PRIME;
+}
+function mulMod(a, b) {
+  return (a * b % PRIME + PRIME) % PRIME;
+}
+function sbox(x) {
+  const x2 = mulMod(x, x);
+  const x4 = mulMod(x2, x2);
+  return mulMod(x4, x);
+}
+function matMulExternal(s0, s1) {
+  const sum = addMod(s0, s1);
+  return [addMod(sum, s0), addMod(sum, s1)];
+}
+function matMulInternal(s0, s1) {
+  const sum = addMod(s0, s1);
+  return [addMod(s0, sum), addMod(addMod(s1, s1), sum)];
+}
+function permutation(state0, state1) {
+  let s0 = state0;
+  let s1 = state1;
+  [s0, s1] = matMulExternal(s0, s1);
+  for (let i = 0; i < 3; i++) {
+    s0 = addMod(s0, RC_EXT_0[i][0]);
+    s1 = addMod(s1, RC_EXT_0[i][1]);
+    s0 = sbox(s0);
+    s1 = sbox(s1);
+    [s0, s1] = matMulExternal(s0, s1);
+  }
+  for (let i = 0; i < 50; i++) {
+    s0 = addMod(s0, RC_INT[i]);
+    s0 = sbox(s0);
+    [s0, s1] = matMulInternal(s0, s1);
+  }
+  for (let i = 0; i < 3; i++) {
+    s0 = addMod(s0, RC_EXT_1[i][0]);
+    s1 = addMod(s1, RC_EXT_1[i][1]);
+    s0 = sbox(s0);
+    s1 = sbox(s1);
+    [s0, s1] = matMulExternal(s0, s1);
+  }
+  return [s0, s1];
+}
+function poseidon2Hash(inputs) {
+  let hashState = 0n;
+  for (const block of inputs) {
+    const [, permutedState1] = permutation(hashState, block);
+    hashState = addMod(block, permutedState1);
+  }
+  return hashState;
+}
+function hexToBigInt(hex) {
+  return BigInt(hex);
+}
+function validateSecret(secret) {
+  if (secret >= PRIME) {
+    throw new Error(
+      `Secret must be less than the BN254 scalar field prime (${PRIME.toString(16)})`
+    );
+  }
+  if (secret < 0n) {
+    throw new Error("Secret must be non-negative");
+  }
+}
+function addressToBigInt(address) {
+  return BigInt(address);
+}
+function computeNullifier(secret, dstChainId) {
+  const secretBigInt = hexToBigInt(secret);
+  validateSecret(secretBigInt);
+  return poseidon2Hash([NULLIFIER_DOMAIN, dstChainId, secretBigInt]);
+}
+function generatePaymentKey() {
+  while (true) {
+    const bytes = new Uint8Array(32);
+    crypto.getRandomValues(bytes);
+    const value = BigInt(
+      "0x" + Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("")
+    );
+    if (value < PRIME) {
+      return "0x" + Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+    }
+  }
+}
+function computeUnspendableAddress(secret, dstChainId, beneficiaries) {
+  const secretBigInt = hexToBigInt(secret);
+  validateSecret(secretBigInt);
+  const hash = poseidon2Hash([
+    ADDRESS_DOMAIN,
+    dstChainId,
+    secretBigInt,
+    addressToBigInt(beneficiaries[0]),
+    addressToBigInt(beneficiaries[1]),
+    addressToBigInt(beneficiaries[2]),
+    addressToBigInt(beneficiaries[3])
+  ]);
+  const addressMask = (1n << 160n) - 1n;
+  const addressBigInt = hash & addressMask;
+  return `0x${addressBigInt.toString(16).padStart(40, "0")}`;
+}
+var DEFAULT_CONFIG_PATH = "./private-payments.config.json";
+function loadConfig(configPath) {
+  const path = configPath ?? DEFAULT_CONFIG_PATH;
+  if (!fs.existsSync(path)) {
+    throw new Error(`Config file not found: ${path}
+Create a private-payments.config.json file or specify --config <path>`);
+  }
+  try {
+    const content = fs.readFileSync(path, "utf-8");
+    const config = JSON.parse(content);
+    const required = [
+      "proverUrl",
+      "sourceRpcUrl",
+      "destinationRpcUrl",
+      "srcZAssetAddress",
+      "dstZAssetAddress",
+      "sourceChainId",
+      "destinationChainId"
+    ];
+    for (const field of required) {
+      if (config[field] === void 0) {
+        throw new Error(`Missing required field in config: ${field}`);
+      }
+    }
+    return config;
+  } catch (e) {
+    if (e instanceof SyntaxError) {
+      throw new Error(`Invalid JSON in config file: ${path}`);
+    }
+    throw e;
+  }
+}
+
+// src/cli/utils.ts
+var ZERO_ADDRESS = "0x0000000000000000000000000000000000000000";
+function parseBeneficiaries(input) {
+  if (!input || input.trim() === "") {
+    return [];
+  }
+  const addresses = input.split(",").map((s) => s.trim().toLowerCase());
+  if (addresses.length > 4) {
+    throw new Error("Maximum 4 beneficiaries allowed");
+  }
+  for (const addr of addresses) {
+    if (!isValidAddress(addr)) {
+      throw new Error(`Invalid address: ${addr}`);
+    }
+  }
+  return addresses;
+}
+function padBeneficiaries(beneficiaries) {
+  return [
+    beneficiaries[0] ?? ZERO_ADDRESS,
+    beneficiaries[1] ?? ZERO_ADDRESS,
+    beneficiaries[2] ?? ZERO_ADDRESS,
+    beneficiaries[3] ?? ZERO_ADDRESS
+  ];
+}
+function parseClientIds(input) {
+  const ids = input.split(",").map((s) => {
+    const id = parseInt(s.trim(), 10);
+    if (isNaN(id) || id < 0) {
+      throw new Error(`Invalid client ID: ${s}`);
+    }
+    return id;
+  });
+  if (ids.length === 0) {
+    throw new Error("At least one client ID is required");
+  }
+  return ids;
+}
+function validateSecret2(secret) {
+  if (!secret.startsWith("0x")) {
+    throw new Error("Secret must start with 0x");
+  }
+  if (secret.length !== 66) {
+    throw new Error("Secret must be 32 bytes (66 characters with 0x prefix)");
+  }
+  if (!/^0x[0-9a-fA-F]{64}$/.test(secret)) {
+    throw new Error("Secret must be a valid hex string");
+  }
+  return secret.toLowerCase();
+}
+function isValidAddress(address) {
+  return /^0x[0-9a-fA-F]{40}$/.test(address);
+}
+function validateAddress(address, name) {
+  if (!isValidAddress(address)) {
+    throw new Error(`Invalid ${name} address: ${address}`);
+  }
+  return address.toLowerCase();
+}
+function formatAmount(amount, decimals, symbol) {
+  const divisor = 10n ** BigInt(decimals);
+  const whole = amount / divisor;
+  const fraction = amount % divisor;
+  const fractionStr = fraction.toString().padStart(decimals, "0");
+  const trimmedFraction = fractionStr.replace(/0+$/, "");
+  const formatted = trimmedFraction ? `${whole}.${trimmedFraction}` : whole.toString();
+  return symbol ? `${formatted} ${symbol}` : formatted;
+}
+function getExplorerUrl(chainId, txHash) {
+  const explorers = {
+    1: "https://etherscan.io",
+    8453: "https://basescan.org",
+    42161: "https://arbiscan.io",
+    10: "https://optimistic.etherscan.io",
+    137: "https://polygonscan.com"
+  };
+  const explorer = explorers[chainId];
+  if (explorer) {
+    return `${explorer}/tx/${txHash}`;
+  }
+  return txHash;
+}
+
+// src/cli/commands/generate.ts
+var generateCommand = new commander.Command("generate").description(
+  "Generate a new unspendable address (generates random secret by default)"
+).option(
+  "--secret <hex>",
+  "Use existing 32-byte secret (0x-prefixed hex) instead of generating"
+).option(
+  "--beneficiaries <addresses>",
+  "Comma-separated beneficiary addresses (max 4, empty = unbounded)"
+).option(
+  "--config <path>",
+  "Path to config file",
+  "./private-payments.config.json"
+).action(async (options) => {
+  try {
+    const config = loadConfig(options.config);
+    const secret = options.secret ? validateSecret2(options.secret) : generatePaymentKey();
+    const isNewSecret = !options.secret;
+    const beneficiaries = parseBeneficiaries(options.beneficiaries);
+    const paddedBeneficiaries = padBeneficiaries(beneficiaries);
+    const depositAddress = computeUnspendableAddress(
+      secret,
+      BigInt(config.destinationChainId),
+      paddedBeneficiaries
+    );
+    const nullifier = computeNullifier(
+      secret,
+      BigInt(config.destinationChainId)
+    );
+    const isUnbounded = beneficiaries.length === 0;
+    if (isNewSecret) {
+      console.log("Secret:", secret);
+      console.log("");
+      console.log(
+        "WARNING: Save this secret! It is required to redeem funds."
+      );
+      console.log("");
+    }
+    console.log("Deposit Address:", depositAddress);
+    console.log(
+      "Nullifier:",
+      "0x" + nullifier.toString(16).padStart(64, "0")
+    );
+    console.log(
+      "Mode:",
+      isUnbounded ? "Unbounded (any beneficiary allowed)" : `Bounded (${beneficiaries.length} beneficiaries)`
+    );
+    if (!isUnbounded) {
+      console.log("Beneficiaries:");
+      for (const addr of beneficiaries) {
+        console.log(`  - ${addr}`);
+      }
+    }
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+var ERC20_ABI = [
+  {
+    inputs: [{ name: "account", type: "address" }],
+    name: "balanceOf",
+    outputs: [{ name: "", type: "uint256" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "decimals",
+    outputs: [{ name: "", type: "uint8" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "symbol",
+    outputs: [{ name: "", type: "string" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [
+      { name: "spender", type: "address" },
+      { name: "amount", type: "uint256" }
+    ],
+    name: "approve",
+    outputs: [{ name: "", type: "bool" }],
+    stateMutability: "nonpayable",
+    type: "function"
+  },
+  {
+    inputs: [
+      { name: "to", type: "address" },
+      { name: "amount", type: "uint256" }
+    ],
+    name: "transfer",
+    outputs: [{ name: "", type: "bool" }],
+    stateMutability: "nonpayable",
+    type: "function"
+  },
+  {
+    inputs: [
+      { name: "from", type: "address" },
+      { name: "to", type: "address" },
+      { name: "amount", type: "uint256" }
+    ],
+    name: "transferFrom",
+    outputs: [{ name: "", type: "bool" }],
+    stateMutability: "nonpayable",
+    type: "function"
+  }
+];
+var IBC_STORE_ABI = [
+  {
+    inputs: [{ name: "clientId", type: "uint32" }],
+    name: "getClient",
+    outputs: [{ name: "", type: "address" }],
+    stateMutability: "view",
+    type: "function"
+  }
+];
+var LIGHT_CLIENT_ABI = [
+  {
+    inputs: [{ name: "clientId", type: "uint32" }],
+    name: "getLatestHeight",
+    outputs: [{ name: "", type: "uint64" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [
+      { name: "clientId", type: "uint32" },
+      { name: "height", type: "uint64" }
+    ],
+    name: "getConsensusState",
+    outputs: [{ name: "", type: "bytes" }],
+    stateMutability: "view",
+    type: "function"
+  }
+];
+var ZASSET_ABI = [
+  {
+    inputs: [{ name: "nullifier", type: "uint256" }],
+    name: "nullifierBalance",
+    outputs: [{ name: "", type: "uint256" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [{ name: "clientId", type: "uint32" }],
+    name: "counterparty",
+    outputs: [
+      {
+        components: [
+          { name: "tokenAddressKey", type: "bytes32" },
+          { name: "balanceSlot", type: "bytes32" }
+        ],
+        type: "tuple"
+      }
+    ],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "ibcHandler",
+    outputs: [{ name: "", type: "address" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [{ name: "clientId", type: "uint32" }],
+    name: "stateRootIndex",
+    outputs: [{ name: "", type: "uint256" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [],
+    name: "underlying",
+    outputs: [{ name: "", type: "address" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [{ name: "amount", type: "uint256" }],
+    name: "deposit",
+    outputs: [],
+    stateMutability: "nonpayable",
+    type: "function"
+  },
+  {
+    inputs: [
+      { name: "to", type: "address" },
+      { name: "amount", type: "uint256" }
+    ],
+    name: "transfer",
+    outputs: [{ name: "", type: "bool" }],
+    stateMutability: "nonpayable",
+    type: "function"
+  },
+  {
+    inputs: [
+      { name: "proof", type: "uint256[8]" },
+      { name: "commitments", type: "uint256[2]" },
+      { name: "commitmentPok", type: "uint256[2]" },
+      {
+        name: "lightClients",
+        type: "tuple[]",
+        components: [
+          { name: "clientId", type: "uint32" },
+          { name: "height", type: "uint64" }
+        ]
+      },
+      { name: "nullifier", type: "uint256" },
+      { name: "value", type: "uint256" },
+      { name: "beneficiary", type: "address" },
+      { name: "attestedMessage", type: "bytes32" },
+      { name: "signature", type: "bytes" }
+    ],
+    name: "redeem",
+    outputs: [],
+    stateMutability: "nonpayable",
+    type: "function"
+  },
+  {
+    anonymous: false,
+    inputs: [
+      { indexed: true, name: "from", type: "address" },
+      { indexed: true, name: "to", type: "address" },
+      { indexed: false, name: "value", type: "uint256" }
+    ],
+    name: "Transfer",
+    type: "event"
+  },
+  {
+    anonymous: false,
+    inputs: [
+      { indexed: true, name: "nullifier", type: "uint256" },
+      { indexed: true, name: "redeemAmount", type: "uint256" },
+      { indexed: true, name: "beneficiary", type: "address" }
+    ],
+    name: "Redeemed",
+    type: "event"
+  }
+];
+var IBC_HANDLER_ABI = [
+  {
+    inputs: [
+      {
+        components: [
+          { name: "clientId", type: "uint32" },
+          { name: "clientMessage", type: "bytes" },
+          { name: "relayer", type: "address" }
+        ],
+        name: "msg_",
+        type: "tuple"
+      }
+    ],
+    name: "updateClient",
+    outputs: [],
+    stateMutability: "nonpayable",
+    type: "function"
+  }
+];
+var RpcClient = class {
+  client;
+  constructor(rpcUrl) {
+    this.client = V.createPublicClient({
+      transport: V.http(rpcUrl)
+    });
+  }
+  getClient() {
+    return this.client;
+  }
+  async getChainId() {
+    return BigInt(await this.client.getChainId());
+  }
+  async getLatestBlockNumber() {
+    return this.client.getBlockNumber();
+  }
+  async getBalance(tokenAddress, accountAddress, blockNumber) {
+    return this.client.readContract({
+      address: tokenAddress,
+      abi: ERC20_ABI,
+      functionName: "balanceOf",
+      args: [accountAddress],
+      blockNumber
+    });
+  }
+  async getDecimals(tokenAddress) {
+    return this.client.readContract({
+      address: tokenAddress,
+      abi: ERC20_ABI,
+      functionName: "decimals"
+    });
+  }
+  async getSymbol(tokenAddress) {
+    return this.client.readContract({
+      address: tokenAddress,
+      abi: ERC20_ABI,
+      functionName: "symbol"
+    });
+  }
+  async getLightClientAddress(ibcStoreAddress, clientId) {
+    return this.client.readContract({
+      address: ibcStoreAddress,
+      abi: IBC_STORE_ABI,
+      functionName: "getClient",
+      args: [clientId]
+    });
+  }
+  async getLatestHeight(lightClientAddress, clientId) {
+    return this.client.readContract({
+      address: lightClientAddress,
+      abi: LIGHT_CLIENT_ABI,
+      functionName: "getLatestHeight",
+      args: [clientId]
+    });
+  }
+  /**
+   * Get consensus state, extracting the state root at the given byte index
+   */
+  async getConsensusState(lightClientAddress, clientId, height, stateRootIndex) {
+    const consensusBytes = await this.client.readContract({
+      address: lightClientAddress,
+      abi: LIGHT_CLIENT_ABI,
+      functionName: "getConsensusState",
+      args: [clientId, height]
+    });
+    const bytes = V.hexToBytes(consensusBytes);
+    const idx = Number(stateRootIndex);
+    const stateRoot = V.bytesToHex(bytes.slice(idx, idx + 32));
+    return { stateRoot };
+  }
+  async getNullifierBalance(zassetAddress, nullifier) {
+    return this.client.readContract({
+      address: zassetAddress,
+      abi: ZASSET_ABI,
+      functionName: "nullifierBalance",
+      args: [nullifier]
+    });
+  }
+  async getCounterparty(zassetAddress, clientId) {
+    const result = await this.client.readContract({
+      address: zassetAddress,
+      abi: ZASSET_ABI,
+      functionName: "counterparty",
+      args: [clientId]
+    });
+    return {
+      tokenAddressKey: result.tokenAddressKey,
+      balanceSlot: result.balanceSlot
+    };
+  }
+  async getIbcHandlerAddress(zassetAddress) {
+    return this.client.readContract({
+      address: zassetAddress,
+      abi: ZASSET_ABI,
+      functionName: "ibcHandler"
+    });
+  }
+  async getStateRootIndex(zassetAddress, clientId) {
+    return this.client.readContract({
+      address: zassetAddress,
+      abi: ZASSET_ABI,
+      functionName: "stateRootIndex",
+      args: [clientId]
+    });
+  }
+  async getProof(address, storageKeys, blockNumber) {
+    return this.client.getProof({
+      address,
+      storageKeys,
+      blockNumber
+    });
+  }
+  async getBlock(blockNumber) {
+    return this.client.getBlock({ blockNumber });
+  }
+  /**
+   * Get redemption history for a nullifier by querying Redeemed events
+   */
+  async getRedemptionHistory(zassetAddress, nullifier, fromBlock, toBlock) {
+    const logs = await this.client.getLogs({
+      address: zassetAddress,
+      event: {
+        type: "event",
+        name: "Redeemed",
+        inputs: [
+          { indexed: true, name: "nullifier", type: "uint256" },
+          { indexed: true, name: "redeemAmount", type: "uint256" },
+          { indexed: true, name: "beneficiary", type: "address" }
+        ]
+      },
+      args: {
+        nullifier
+      },
+      fromBlock: fromBlock ?? "earliest",
+      toBlock: toBlock ?? "latest"
+    });
+    return logs.map((log) => ({
+      txHash: log.transactionHash,
+      blockNumber: log.blockNumber,
+      redeemAmount: log.args.redeemAmount,
+      beneficiary: log.args.beneficiary
+    }));
+  }
+};
+function computeStorageSlot(address, mappingSlot) {
+  const paddedAddress = V.padHex(address, { size: 32 });
+  const paddedSlot = V.padHex(V.toHex(mappingSlot), { size: 32 });
+  return V.keccak256(V.encodePacked(["bytes32", "bytes32"], [paddedAddress, paddedSlot]));
+}
+async function fetchLightClients(dstClient, zassetAddress, clientIds) {
+  const ibcHandlerAddress = await dstClient.getIbcHandlerAddress(zassetAddress);
+  const results = [];
+  for (const clientId of clientIds) {
+    try {
+      const lightClientAddress = await dstClient.getLightClientAddress(
+        ibcHandlerAddress,
+        clientId
+      );
+      const height = await dstClient.getLatestHeight(lightClientAddress, clientId);
+      const stateRootIndex = await dstClient.getStateRootIndex(zassetAddress, clientId);
+      const { stateRoot } = await dstClient.getConsensusState(
+        lightClientAddress,
+        clientId,
+        height,
+        stateRootIndex
+      );
+      results.push({ clientId, height, stateRoot });
+    } catch {
+      continue;
+    }
+  }
+  return results;
+}
+async function fetchMptProof(srcClient, tokenAddress, storageSlot, blockNumber) {
+  const proof = await srcClient.getProof(tokenAddress, [storageSlot], blockNumber);
+  let storageProof = [];
+  let storageValue = "0x0";
+  if (proof.storageProof.length > 0 && proof.storageProof[0]) {
+    storageProof = proof.storageProof[0].proof;
+    storageValue = V.toHex(proof.storageProof[0].value);
+  }
+  return {
+    accountProof: proof.accountProof,
+    storageProof,
+    storageValue,
+    storageRoot: proof.storageHash
+  };
+}
+function deterministicShuffleClients(clients, secret) {
+  if (clients.length <= 1) {
+    return [...clients];
+  }
+  const secretBytes = V.hexToBytes(secret);
+  const heightsBytes = new Uint8Array(clients.length * 8);
+  for (let i = 0; i < clients.length; i++) {
+    const view = new DataView(heightsBytes.buffer, i * 8, 8);
+    view.setBigUint64(0, clients[i].height, false);
+  }
+  const combined = new Uint8Array(secretBytes.length + heightsBytes.length);
+  combined.set(secretBytes, 0);
+  combined.set(heightsBytes, secretBytes.length);
+  const seedHex = V.sha256(combined);
+  const seed = V.hexToBytes(seedHex);
+  const shuffled = [...clients];
+  let seedIndex = 0;
+  for (let i = shuffled.length - 1; i > 0; i--) {
+    const randomByte = seed[seedIndex % seed.length];
+    seedIndex++;
+    const j = randomByte % (i + 1);
+    [shuffled[i], shuffled[j]] = [shuffled[j], shuffled[i]];
+  }
+  return shuffled;
+}
+function parseProofJson(proofJsonBytes) {
+  const jsonStr = new TextDecoder().decode(proofJsonBytes);
+  const raw = JSON.parse(jsonStr);
+  const commitments = raw.commitments ?? ["0x0", "0x0"];
+  return {
+    proof: raw.proof,
+    commitments,
+    commitmentPok: raw.commitmentPok,
+    publicInputs: raw.publicInputs ?? []
+  };
+}
+function proofJsonToRedeemParams(proofJson, metadata) {
+  const parseBigInt = (s) => {
+    if (s.startsWith("0x")) {
+      return V.hexToBigInt(s);
+    }
+    return BigInt(s);
+  };
+  return {
+    proof: proofJson.proof.map(parseBigInt),
+    commitments: proofJson.commitments.map(parseBigInt),
+    commitmentPok: proofJson.commitmentPok.map(parseBigInt),
+    lightClients: metadata.lightClients.map((lc) => ({
+      clientId: lc.clientId,
+      height: lc.height
+    })),
+    nullifier: metadata.nullifier,
+    value: metadata.value,
+    beneficiary: metadata.beneficiary,
+    attestedMessage: metadata.attestedMessage,
+    signature: metadata.signature
+  };
+}
+async function submitRedeem(zassetAddress, params, walletClient) {
+  if (!walletClient.account) {
+    throw new Error("WalletClient must have an account");
+  }
+  if (!walletClient.chain) {
+    throw new Error("WalletClient must have a chain configured");
+  }
+  const hash = await walletClient.writeContractSync({
+    address: zassetAddress,
+    abi: ZASSET_ABI,
+    functionName: "redeem",
+    args: [
+      params.proof,
+      params.commitments,
+      params.commitmentPok,
+      params.lightClients,
+      params.nullifier,
+      params.value,
+      params.beneficiary,
+      params.attestedMessage,
+      params.signature
+    ],
+    chain: walletClient.chain,
+    account: walletClient.account
+  }).then((x) => x.transactionHash);
+  return hash;
+}
+function rlpEncodeBlockHeader(block) {
+  const toRlpHex = (value) => {
+    if (value === void 0 || value === null || value === 0n || value === 0) {
+      return "0x";
+    }
+    let hex = typeof value === "bigint" ? value.toString(16) : value.toString(16);
+    if (hex.length % 2 !== 0) {
+      hex = "0" + hex;
+    }
+    return `0x${hex}`;
+  };
+  const headerFields = [
+    block.parentHash,
+    block.sha3Uncles,
+    block.miner,
+    block.stateRoot,
+    block.transactionsRoot,
+    block.receiptsRoot,
+    block.logsBloom ?? "0x" + "00".repeat(256),
+    toRlpHex(block.difficulty),
+    toRlpHex(block.number),
+    toRlpHex(block.gasLimit),
+    toRlpHex(block.gasUsed),
+    toRlpHex(block.timestamp),
+    block.extraData,
+    block.mixHash ?? "0x0000000000000000000000000000000000000000000000000000000000000000",
+    block.nonce ?? "0x0000000000000000"
+  ];
+  if (block.baseFeePerGas !== void 0 && block.baseFeePerGas !== null) {
+    headerFields.push(toRlpHex(block.baseFeePerGas));
+  }
+  if (block.withdrawalsRoot) {
+    headerFields.push(block.withdrawalsRoot);
+  }
+  if (block.blobGasUsed !== void 0 && block.blobGasUsed !== null) {
+    headerFields.push(toRlpHex(block.blobGasUsed));
+  }
+  if (block.excessBlobGas !== void 0 && block.excessBlobGas !== null) {
+    headerFields.push(toRlpHex(block.excessBlobGas));
+  }
+  if (block.parentBeaconBlockRoot) {
+    headerFields.push(block.parentBeaconBlockRoot);
+  }
+  const blockAny = block;
+  if (blockAny.requestsHash) {
+    headerFields.push(blockAny.requestsHash);
+  }
+  const rlpEncoded = V.toRlp(headerFields);
+  const computedHash = V.keccak256(rlpEncoded);
+  if (computedHash !== block.hash) {
+    throw new Error(
+      `RLP encoding mismatch: computed hash ${computedHash} does not match block hash ${block.hash}. Block number: ${block.number}, fields count: ${headerFields.length}`
+    );
+  }
+  return rlpEncoded;
+}
+async function updateLoopbackClient(rpcUrl, ibcHandlerAddress, clientId, height, walletClient) {
+  if (!walletClient.account) {
+    throw new Error("WalletClient must have an account");
+  }
+  if (!walletClient.chain) {
+    throw new Error("WalletClient must have a chain configured");
+  }
+  const publicClient = V.createPublicClient({
+    transport: V.http(rpcUrl)
+  });
+  const chainId = await publicClient.getChainId();
+  const blockNumber = height === "latest" ? await publicClient.getBlockNumber() : height;
+  const block = await publicClient.getBlock({ blockNumber });
+  if (!block.number) {
+    throw new Error("Block number is null");
+  }
+  const rlpEncodedHeader = rlpEncodeBlockHeader(block);
+  const clientMessage = V.encodeAbiParameters(
+    [
+      { type: "uint64", name: "height" },
+      { type: "bytes", name: "encodedHeader" }
+    ],
+    [block.number, rlpEncodedHeader]
+  );
+  let currentBlock = await publicClient.getBlockNumber();
+  while (currentBlock <= blockNumber) {
+    await new Promise((resolve) => setTimeout(resolve, 1e3));
+    currentBlock = await publicClient.getBlockNumber();
+  }
+  const txHash = await walletClient.writeContractSync({
+    address: ibcHandlerAddress,
+    abi: IBC_HANDLER_ABI,
+    functionName: "updateClient",
+    args: [
+      {
+        clientId,
+        clientMessage,
+        relayer: walletClient.account.address
+      }
+    ],
+    chain: walletClient.chain,
+    account: walletClient.account
+  }).then((x) => x.transactionHash);
+  return {
+    txHash,
+    blockNumber: block.number,
+    stateRoot: block.stateRoot,
+    chainId: BigInt(chainId)
+  };
+}
+async function depositToZAsset(rpcUrl, zAssetAddress, depositAddress, amount, walletClient) {
+  if (!walletClient.account) {
+    throw new Error("WalletClient must have an account");
+  }
+  if (!walletClient.chain) {
+    throw new Error("WalletClient must have a chain configured");
+  }
+  const publicClient = V.createPublicClient({
+    transport: V.http(rpcUrl)
+  });
+  const chainId = await publicClient.getChainId();
+  const underlyingToken = await publicClient.readContract({
+    address: zAssetAddress,
+    abi: ZASSET_ABI,
+    functionName: "underlying"
+  });
+  if (underlyingToken === "0x0000000000000000000000000000000000000000") {
+    throw new Error("ZAsset is not a wrapped token (underlying is zero address)");
+  }
+  const approveReceipt = await walletClient.writeContractSync({
+    address: underlyingToken,
+    abi: ERC20_ABI,
+    functionName: "approve",
+    args: [zAssetAddress, amount],
+    chain: walletClient.chain,
+    account: walletClient.account
+  });
+  if (approveReceipt.status === "reverted") {
+    throw new Error(`Approve transaction reverted: ${approveReceipt.transactionHash}`);
+  }
+  const depositReceipt = await walletClient.writeContractSync({
+    address: zAssetAddress,
+    abi: ZASSET_ABI,
+    functionName: "deposit",
+    args: [amount],
+    chain: walletClient.chain,
+    account: walletClient.account
+  });
+  if (depositReceipt.status === "reverted") {
+    throw new Error(`Deposit transaction reverted: ${depositReceipt.transactionHash}`);
+  }
+  const transferReceipt = await walletClient.writeContractSync({
+    address: zAssetAddress,
+    abi: ZASSET_ABI,
+    functionName: "transfer",
+    args: [depositAddress, amount],
+    chain: walletClient.chain,
+    account: walletClient.account
+  });
+  if (transferReceipt.status === "reverted") {
+    throw new Error(`Transfer transaction reverted: ${transferReceipt.transactionHash}`);
+  }
+  return {
+    txHash: transferReceipt.transactionHash,
+    underlyingToken,
+    chainId: BigInt(chainId)
+  };
+}
+var file_prover = /* @__PURE__ */ codegenv2.fileDesc("Cgxwcm92ZXIucHJvdG8SBnByb3ZlciI0CgxQcm9vZlJlcXVlc3QSJAoHd2l0bmVzcxgBIAEoCzITLnByb3Zlci5XaXRuZXNzRGF0YSK1AgoLV2l0bmVzc0RhdGESDgoGc2VjcmV0GAEgASgJEhQKDGRzdF9jaGFpbl9pZBgCIAEoBBIVCg1iZW5lZmljaWFyaWVzGAMgAygJEhMKC2JlbmVmaWNpYXJ5GAQgASgJEhUKDXJlZGVlbV9hbW91bnQYBSABKAkSGAoQYWxyZWFkeV9yZWRlZW1lZBgGIAEoCRIuCg1saWdodF9jbGllbnRzGAcgAygLMhcucHJvdmVyLkxpZ2h0Q2xpZW50RGF0YRIdChVzZWxlY3RlZF9jbGllbnRfaW5kZXgYCCABKA0SJwoJbXB0X3Byb29mGAkgASgLMhQucHJvdmVyLk1QVFByb29mRGF0YRIVCg10b2tlbl9hZGRyZXNzGAogASgJEhQKDG1hcHBpbmdfc2xvdBgLIAEoCSJICg9MaWdodENsaWVudERhdGESEQoJY2xpZW50X2lkGAEgASgNEg4KBmhlaWdodBgCIAEoBBISCgpzdGF0ZV9yb290GAMgASgJImkKDE1QVFByb29mRGF0YRIVCg1hY2NvdW50X3Byb29mGAEgAygJEhUKDXN0b3JhZ2VfcHJvb2YYAiADKAkSFQoNc3RvcmFnZV92YWx1ZRgDIAEoCRIUCgxzdG9yYWdlX3Jvb3QYBCABKAkifAoMUG9sbFJlc3BvbnNlEiIKB3BlbmRpbmcYASABKAsyDy5wcm92ZXIuUGVuZGluZ0gAEhwKBGRvbmUYAiABKAsyDC5wcm92ZXIuRG9uZUgAEiAKBmZhaWxlZBgDIAEoCzIOLnByb3Zlci5GYWlsZWRIAEIICgZyZXN1bHQiCQoHUGVuZGluZyIuCgREb25lEhIKCnByb29mX2pzb24YASABKAwSEgoKY3JlYXRlZF9hdBgCIAEoAyIfCgZGYWlsZWQSFQoNZXJyb3JfbWVzc2FnZRgBIAEoCSIRCg9WZXJpZmllclJlcXVlc3QiLQoQVmVyaWZpZXJSZXNwb25zZRIZChF2ZXJpZmllcl9jb250cmFjdBgBIAEoCTKIAQoNUHJvdmVyU2VydmljZRIyCgRQb2xsEhQucHJvdmVyLlByb29mUmVxdWVzdBoULnByb3Zlci5Qb2xsUmVzcG9uc2USQwoORXhwb3J0VmVyaWZpZXISFy5wcm92ZXIuVmVyaWZpZXJSZXF1ZXN0GhgucHJvdmVyLlZlcmlmaWVyUmVzcG9uc2VCHFoacHJpdmF0ZS10cmFuc2Zlci9hcGkvcHJvdG9iBnByb3RvMw");
+var ProofRequestSchema = /* @__PURE__ */ codegenv2.messageDesc(file_prover, 0);
+var WitnessDataSchema = /* @__PURE__ */ codegenv2.messageDesc(file_prover, 1);
+var LightClientDataSchema = /* @__PURE__ */ codegenv2.messageDesc(file_prover, 2);
+var MPTProofDataSchema = /* @__PURE__ */ codegenv2.messageDesc(file_prover, 3);
+var ProverService = /* @__PURE__ */ codegenv2.serviceDesc(file_prover, 0);
+
+// src/prover.ts
+var ProverClient = class {
+  client;
+  pollIntervalMs;
+  maxPollAttempts;
+  constructor(proverUrl, options) {
+    const transport = connectWeb.createGrpcWebTransport({
+      baseUrl: proverUrl
+    });
+    this.client = connect.createClient(ProverService, transport);
+    this.pollIntervalMs = options?.pollIntervalMs ?? 2e3;
+    this.maxPollAttempts = options?.maxPollAttempts ?? 300;
+  }
+  /**
+   * Generate a proof by sending witness data to the prover server
+   *
+   * The server handles witness transformation internally, so we send
+   * the structured WitnessData instead of pre-serialized circuit witness bytes.
+   */
+  async generateProof(witness) {
+    const protoWitness = this.witnessToProto(witness);
+    const request = protobuf.create(ProofRequestSchema, {
+      witness: protoWitness
+    });
+    let attempts = 0;
+    while (attempts < this.maxPollAttempts) {
+      try {
+        const response = await this.client.poll(request);
+        switch (response.result.case) {
+          case "done":
+            return {
+              success: true,
+              proofJson: response.result.value.proofJson,
+              createdAt: new Date(Number(response.result.value.createdAt) * 1e3)
+            };
+          case "failed":
+            return {
+              success: false,
+              error: response.result.value.errorMessage
+            };
+          case "pending":
+            await this.sleep(this.pollIntervalMs);
+            attempts++;
+            break;
+          default:
+            await this.sleep(this.pollIntervalMs);
+            attempts++;
+        }
+      } catch (error) {
+        return {
+          success: false,
+          error: `RPC error: ${error instanceof Error ? error.message : String(error)}`
+        };
+      }
+    }
+    return {
+      success: false,
+      error: "Proof generation timed out"
+    };
+  }
+  /**
+   * Export the verifier contract from the prover server
+   */
+  async exportVerifier() {
+    const response = await this.client.exportVerifier({});
+    return response.verifierContract;
+  }
+  witnessToProto(witness) {
+    return protobuf.create(WitnessDataSchema, {
+      secret: witness.secret,
+      dstChainId: witness.dstChainId,
+      beneficiaries: [...witness.beneficiaries],
+      beneficiary: witness.beneficiary,
+      redeemAmount: witness.redeemAmount.toString(),
+      alreadyRedeemed: witness.alreadyRedeemed.toString(),
+      lightClients: witness.lightClients.map(
+        (lc) => protobuf.create(LightClientDataSchema, {
+          clientId: lc.clientId,
+          height: lc.height,
+          stateRoot: lc.stateRoot
+        })
+      ),
+      selectedClientIndex: witness.selectedClientIndex,
+      mptProof: protobuf.create(MPTProofDataSchema, {
+        accountProof: [...witness.mptProof.accountProof],
+        storageProof: [...witness.mptProof.storageProof],
+        storageValue: witness.mptProof.storageValue,
+        storageRoot: witness.mptProof.storageRoot
+      }),
+      tokenAddress: witness.srcZAssetAddress,
+      mappingSlot: witness.mappingSlot
+    });
+  }
+  sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+};
+
+// src/attestation.ts
+var AttestationClient = class {
+  baseUrl;
+  apiKey;
+  constructor(baseUrl, apiKey) {
+    this.baseUrl = baseUrl.replace(/\/$/, "");
+    this.apiKey = apiKey;
+  }
+  async getAttestation(unspendableAddress, beneficiary) {
+    const request = {
+      unspendableAddress,
+      beneficiary
+    };
+    const headers = {
+      "Content-Type": "application/json"
+    };
+    headers["x-api-key"] = this.apiKey;
+    const response = await fetch(this.baseUrl, {
+      method: "POST",
+      headers,
+      body: JSON.stringify(request)
+    });
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(`Attestation service error: ${response.status} ${errorText}`);
+    }
+    const data = await response.json();
+    const r = data.signature.r.slice(2);
+    const s = data.signature.s.slice(2);
+    const v = data.signature.v.toString(16).padStart(2, "0");
+    const signature = `0x${r}${s}${v}`;
+    return {
+      attestedMessage: data.hash,
+      signature
+    };
+  }
+};
+var publicClientLayer = (tag) => (...options) => effect.Layer.effect(
+  tag,
+  effect.pipe(
+    effect.Effect.try({
+      try: () => V__namespace.createPublicClient(...options),
+      catch: (err) => new CreatePublicClientError({
+        cause: err
+      })
+    }),
+    effect.Effect.map((client) => ({ client }))
+  )
+);
+var walletClientLayer = (tag) => (options) => effect.Layer.effect(
+  tag,
+  effect.pipe(
+    effect.Effect.try({
+      try: () => V__namespace.createWalletClient(options),
+      catch: (err) => new CreateWalletClientError({
+        cause: err
+      })
+    }),
+    effect.Effect.map((client) => ({ client, account: options.account, chain: options.chain }))
+  )
+);
+var WaitForTransactionReceiptError = class extends effect.Data.TaggedError(
+  "WaitForTransactionReceiptError"
+) {
+};
+var waitForTransactionReceipt = effect.Effect.fn("waitForTransactionReceipt")(
+  (hash) => effect.pipe(
+    PublicClient,
+    effect.Effect.andThen(
+      ({ client }) => effect.Effect.tryPromise({
+        try: () => client.waitForTransactionReceipt({ hash }),
+        catch: (err) => new WaitForTransactionReceiptError({
+          cause: err
+        })
+      })
+    )
+  )
+);
+var readContract = effect.Effect.fn("readContract")(
+  (params) => effect.pipe(
+    PublicClient,
+    effect.Effect.andThen(
+      ({ client }) => effect.Effect.tryPromise({
+        try: () => client.readContract(params),
+        catch: (error) => new ReadContractError({
+          cause: error
+        })
+      })
+    )
+  )
+);
+var writeContract = effect.Effect.fn("writeContract")(
+  (params) => effect.pipe(
+    WalletClient,
+    effect.Effect.andThen(
+      ({ client }) => effect.Effect.tryPromise({
+        try: () => client.writeContract(params),
+        catch: (error) => new WriteContractError({
+          cause: error
+        })
+      })
+    )
+  )
+);
+effect.Effect.fn("writeContract")(
+  (params) => effect.pipe(
+    WalletClient,
+    effect.Effect.andThen(
+      ({ client }) => effect.Effect.tryPromise({
+        try: () => client.writeContract(params),
+        catch: (error) => new WriteContractError({
+          cause: error
+        })
+      })
+    )
+  )
+);
+(class _ChannelDestination extends effect.Context.Tag("@unionlabs/sdk/Evm/ChannelDestination")() {
+  static Live = effect.flow(
+    _ChannelDestination.of,
+    effect.Layer.succeed(this)
+  );
+});
+(class _ChannelSource extends effect.Context.Tag("@unionlabs/sdk/Evm/ChannelSource")() {
+  static Live = effect.flow(
+    _ChannelSource.of,
+    effect.Layer.succeed(this)
+  );
+});
+(class extends effect.Context.Tag("@unionlabs/sdk/Evm/PublicClientSource")() {
+  static Live = publicClientLayer(this);
+});
+(class extends effect.Context.Tag("@unionlabs/sdk/Evm/PublicClientDestination")() {
+  static Live = publicClientLayer(this);
+});
+var PublicClient = class extends effect.Context.Tag("@unionlabs/sdk-evm/Evm/PublicClient")() {
+  static Live = publicClientLayer(this);
+};
+var WalletClient = class extends effect.Context.Tag("@unionlabs/sdk/Evm/WalletClient")() {
+  static Live = walletClientLayer(this);
+};
+var ReadContractError = class extends effect.Data.TaggedError("@unionlabs/sdk/Evm/ReadContractError") {
+};
+var WriteContractError = class extends effect.Data.TaggedError("@unionlabs/sdk/Evm/WriteContractError") {
+};
+(class extends effect.Data.TaggedError("@unionlabs/sdk/Evm/SimulateContractError") {
+});
+var CreatePublicClientError = class extends effect.Data.TaggedError("@unionlabs/sdk/Evm/CreatePublicClientError") {
+};
+var CreateWalletClientError = class extends effect.Data.TaggedError("@unionlabs/sdk/Evm/CreateWalletClientError") {
+};
+
+// src/client.ts
+var ZERO_ADDRESS2 = "0x0000000000000000000000000000000000000000";
+var commonRetry = {
+  schedule: effect.Schedule.linear(effect.Duration.seconds(2)),
+  times: 6
+};
+var UnionPrivatePayments = class {
+  config;
+  srcClient;
+  dstClient;
+  proverClient;
+  constructor(config) {
+    this.config = config;
+    this.srcClient = new RpcClient(config.sourceRpcUrl);
+    this.dstClient = new RpcClient(config.destinationRpcUrl);
+    this.proverClient = new ProverClient(config.proverUrl);
+  }
+  /**
+   * Get the deposit address for a given secret and beneficiaries
+   *
+   * The returned address is an "unspendable" address derived from the secret.
+   * Tokens sent to this address can only be redeemed via ZK proof.
+   *
+   * @param secret - The 32-byte secret as a hex string
+   * @param beneficiaries - Array of 1-4 beneficiary addresses (remaining slots zero-padded)
+   * @returns The unspendable deposit address
+   */
+  getDepositAddress(secret, beneficiaries) {
+    const paddedBeneficiaries = this.padBeneficiaries(beneficiaries);
+    return computeUnspendableAddress(
+      secret,
+      this.config.destinationChainId,
+      paddedBeneficiaries
+    );
+  }
+  /**
+   * Get the nullifier for a given paymentKey
+   *
+   * The nullifier is used to prevent double-spending. Each (paymentKey, chainId) pair
+   * produces a unique nullifier that is recorded on-chain when funds are redeemed.
+   *
+   * @param paymentKey - The 32-byte paymentKey as a hex string
+   * @returns The nullifier as a bigint
+   */
+  getNullifier(paymentKey) {
+    return computeNullifier(paymentKey, this.config.destinationChainId);
+  }
+  /**
+   * Get balance information
+   *
+   * Returns:
+   * - confirmed: balance visible to light client (provable)
+   * - redeemed: amount already redeemed via nullifier
+   * - available: amount that can be redeemed now (confirmed - redeemed)
+   * - pending: deposits not yet visible to light client
+   *
+   * @param options - Options for getting balance
+   * @returns Balance information
+   */
+  async getBalance(options) {
+    const { depositAddress, nullifier, clientId } = options;
+    const ibcHandlerAddress = await this.dstClient.getIbcHandlerAddress(
+      this.config.dstZAssetAddress
+    );
+    const lightClientAddress = await this.dstClient.getLightClientAddress(
+      ibcHandlerAddress,
+      clientId
+    );
+    const lightClientHeight = await this.dstClient.getLatestHeight(
+      lightClientAddress,
+      clientId
+    );
+    const balance = await this.getBalanceAtHeight(
+      depositAddress,
+      nullifier,
+      lightClientHeight
+    );
+    return {
+      ...balance,
+      lightClientHeight
+    };
+  }
+  /**
+   * Get balance information at a specific block height
+   *
+   * @param depositAddress - The deposit address (unspendable address)
+   * @param nullifier - The nullifier for this secret
+   * @param height - The block height to query confirmed balance at
+   * @returns Balance information at the given height
+   */
+  async getBalanceAtHeight(depositAddress, nullifier, height) {
+    const latestHeight = await this.srcClient.getLatestBlockNumber();
+    const [balanceAtTip, confirmed, redeemed] = await Promise.all([
+      this.srcClient.getBalance(this.config.srcZAssetAddress, depositAddress),
+      this.srcClient.getBalance(
+        this.config.srcZAssetAddress,
+        depositAddress,
+        height
+      ),
+      this.dstClient.getNullifierBalance(
+        this.config.dstZAssetAddress,
+        nullifier
+      )
+    ]);
+    const available = confirmed > redeemed ? confirmed - redeemed : 0n;
+    const pending = balanceAtTip > confirmed ? balanceAtTip - confirmed : 0n;
+    return {
+      confirmed,
+      redeemed,
+      available,
+      pending,
+      latestHeight
+    };
+  }
+  /**
+   * Generate a proof for redeeming funds
+   *
+   * This method:
+   * 1. Fetches light client data from the destination chain
+   * 2. Deterministically shuffles clients for privacy
+   * 3. Fetches MPT proof from the source chain
+   * 4. Builds the witness data
+   * 5. Sends the witness to the prover server
+   * 6. Polls until the proof is ready
+   *
+   * @param secret - The 32-byte secret as a hex string
+   * @param beneficiaries - Array of 0-4 beneficiary addresses (empty array = unbounded mode)
+   * @param beneficiary - The beneficiary address to redeem to
+   * @param amount - Amount to redeem
+   * @param clientIds - Light client IDs to include in the proof (for anonymity set)
+   * @param selectedClientId - The specific light client ID to use for the proof
+   * @returns GenerateProofResult containing proof result and client-side metadata
+   */
+  async generateProof(secret, beneficiaries, beneficiary, amount, clientIds, selectedClientId) {
+    if (!clientIds.includes(selectedClientId)) {
+      return {
+        proof: {
+          success: false,
+          error: `selectedClientId ${selectedClientId} not in clientIds`
+        }
+      };
+    }
+    if (beneficiary === ZERO_ADDRESS2) {
+      return {
+        proof: {
+          success: false,
+          error: "Beneficiary address cannot be zero"
+        }
+      };
+    }
+    const paddedBeneficiaries = this.padBeneficiaries(beneficiaries);
+    const depositAddress = this.getDepositAddress(secret, beneficiaries);
+    const lightClients = await fetchLightClients(
+      this.dstClient,
+      this.config.dstZAssetAddress,
+      clientIds
+    );
+    if (lightClients.length === 0) {
+      return {
+        proof: {
+          success: false,
+          error: "No valid light clients found"
+        }
+      };
+    }
+    const shuffled = deterministicShuffleClients(lightClients, secret);
+    const selectedClientIndex = shuffled.findIndex(
+      (c) => c.clientId === selectedClientId
+    );
+    if (selectedClientIndex === -1) {
+      return {
+        proof: {
+          success: false,
+          error: `Client ${selectedClientId} not found after fetching`
+        }
+      };
+    }
+    const selectedClient = shuffled[selectedClientIndex];
+    const { tokenAddressKey, balanceSlot } = await this.dstClient.getCounterparty(
+      this.config.dstZAssetAddress,
+      selectedClientId
+    );
+    const ZERO_BYTES32 = "0x0000000000000000000000000000000000000000000000000000000000000000";
+    if (balanceSlot === ZERO_BYTES32 || tokenAddressKey === ZERO_BYTES32) {
+      return {
+        proof: {
+          success: false,
+          error: `Light client ${selectedClientId} is not configured as a counterparty on the destination ZAsset. Please call setCounterparty() on the ZAsset contract first.`
+        }
+      };
+    }
+    const mappingSlot = V.hexToBigInt(balanceSlot);
+    const nullifier = this.getNullifier(secret);
+    const balance = await this.getBalanceAtHeight(
+      depositAddress,
+      nullifier,
+      selectedClient.height
+    );
+    if (amount > balance.available) {
+      return {
+        proof: {
+          success: false,
+          error: `Insufficient available balance. Requested: ${amount}, Available: ${balance.available} (Confirmed at height ${selectedClient.height}: ${balance.confirmed}, Already redeemed: ${balance.redeemed})`
+        }
+      };
+    }
+    const storageSlot = computeStorageSlot(depositAddress, mappingSlot);
+    const mptProof = await fetchMptProof(
+      this.srcClient,
+      this.config.srcZAssetAddress,
+      storageSlot,
+      selectedClient.height
+    );
+    const witness = {
+      secret,
+      dstChainId: this.config.destinationChainId,
+      beneficiaries: paddedBeneficiaries,
+      beneficiary,
+      redeemAmount: amount,
+      alreadyRedeemed: balance.redeemed,
+      lightClients: shuffled,
+      selectedClientIndex,
+      mptProof,
+      srcZAssetAddress: this.config.srcZAssetAddress,
+      mappingSlot: `0x${mappingSlot.toString(16)}`
+    };
+    const proofResult = await this.proverClient.generateProof(witness);
+    if (proofResult.success) {
+      return {
+        proof: proofResult,
+        metadata: {
+          depositAddress,
+          beneficiary,
+          value: amount,
+          lightClients: shuffled,
+          nullifier
+        }
+      };
+    }
+    return { proof: proofResult };
+  }
+  /**
+   * Export the verifier contract from the prover server
+   *
+   * The verifier contract is used to verify proofs on-chain.
+   * It is circuit-specific and does not change between proofs.
+   *
+   * @returns The Solidity verifier contract source code
+   */
+  async exportVerifier() {
+    return this.proverClient.exportVerifier();
+  }
+  /**
+   * Get source ZAsset token information
+   *
+   * @returns Token symbol and decimals
+   */
+  async getSrcZAssetInfo() {
+    const [symbol, decimals] = await Promise.all([
+      this.srcClient.getSymbol(this.config.srcZAssetAddress),
+      this.srcClient.getDecimals(this.config.srcZAssetAddress)
+    ]);
+    return { symbol, decimals };
+  }
+  /**
+   * Get destination ZAsset token information
+   *
+   * @returns Token symbol and decimals
+   */
+  async getDstZAssetInfo() {
+    const [symbol, decimals] = await Promise.all([
+      this.dstClient.getSymbol(this.config.dstZAssetAddress),
+      this.dstClient.getDecimals(this.config.dstZAssetAddress)
+    ]);
+    return { symbol, decimals };
+  }
+  /**
+   * Deposit underlying tokens to ZAsset and transfer to deposit address
+   *
+   * Executes 3 transactions: approve → deposit → transfer.
+   * The wallet client must be connected to the source chain.
+   *
+   * @param secret - The 32-byte secret as a hex string
+   * @param beneficiaries - Array of 0-4 beneficiary addresses
+   * @param amount - Amount to deposit (in underlying token's smallest unit)
+   * @param walletClient - viem WalletClient with account and chain configured
+   * @returns Transaction hash, deposit address, underlying token, and chain ID
+   */
+  async deposit(options) {
+    const { paymentKey, beneficiaries, amount, walletClient } = options;
+    if (!walletClient.account) {
+      throw new Error("WalletClient must have an account");
+    }
+    if (!walletClient.chain) {
+      throw new Error("WalletClient must have a chain configured");
+    }
+    return effect.Effect.gen(this, function* () {
+      const depositAddress = this.getDepositAddress(paymentKey, beneficiaries);
+      const underlyingToken = yield* effect.pipe(
+        readContract({
+          address: this.config.srcZAssetAddress,
+          abi: [
+            {
+              inputs: [],
+              name: "underlying",
+              outputs: [{ name: "", type: "address" }],
+              stateMutability: "view",
+              type: "function"
+            }
+          ],
+          functionName: "underlying"
+        }),
+        effect.Effect.retry(commonRetry),
+        effect.Effect.provideService(PublicClient, {
+          client: this.srcClient.getClient()
+        })
+      );
+      if (underlyingToken === ZERO_ADDRESS2) {
+        return yield* effect.Effect.fail(
+          Error("ZAsset is not a wrapped token (underlying is zero address)")
+        );
+      }
+      const ERC20_ABI2 = [
+        {
+          inputs: [
+            { name: "spender", type: "address" },
+            { name: "amount", type: "uint256" }
+          ],
+          name: "approve",
+          outputs: [{ name: "", type: "bool" }],
+          stateMutability: "nonpayable",
+          type: "function"
+        }
+      ];
+      const ZASSET_ABI2 = [
+        {
+          inputs: [{ name: "amount", type: "uint256" }],
+          name: "deposit",
+          outputs: [],
+          stateMutability: "nonpayable",
+          type: "function"
+        },
+        {
+          inputs: [
+            { name: "to", type: "address" },
+            { name: "amount", type: "uint256" }
+          ],
+          name: "transfer",
+          outputs: [{ name: "", type: "bool" }],
+          stateMutability: "nonpayable",
+          type: "function"
+        }
+      ];
+      const approveHash = yield* effect.pipe(
+        writeContract({
+          address: underlyingToken,
+          abi: ERC20_ABI2,
+          functionName: "approve",
+          args: [this.config.srcZAssetAddress, amount],
+          chain: walletClient.chain,
+          account: walletClient.account
+        }),
+        effect.Effect.retry(commonRetry)
+      );
+      const approveReceipt = yield* effect.pipe(
+        waitForTransactionReceipt(approveHash),
+        effect.Effect.retry(commonRetry)
+      );
+      if (approveReceipt.status === "reverted") {
+        return yield* effect.Effect.fail(
+          Error(`Approve transaction reverted: ${approveHash}`)
+        );
+      }
+      const depositHash = yield* effect.pipe(
+        writeContract({
+          address: this.config.srcZAssetAddress,
+          abi: ZASSET_ABI2,
+          functionName: "deposit",
+          args: [amount],
+          chain: walletClient.chain,
+          account: walletClient.account
+        }),
+        effect.Effect.retry(commonRetry)
+      );
+      const depositReceipt = yield* waitForTransactionReceipt(depositHash).pipe(effect.Effect.retry(commonRetry));
+      if (depositReceipt.status === "reverted") {
+        throw new Error(`Deposit transaction reverted: ${depositHash}`);
+      }
+      const transferHash = yield* effect.pipe(
+        writeContract({
+          address: this.config.srcZAssetAddress,
+          abi: ZASSET_ABI2,
+          functionName: "transfer",
+          args: [depositAddress, amount],
+          chain: walletClient.chain,
+          account: walletClient.account
+        }),
+        effect.Effect.retry(commonRetry)
+      );
+      const transferReceipt = yield* waitForTransactionReceipt(transferHash);
+      if (transferReceipt.status === "reverted") {
+        throw new Error(`Transfer transaction reverted: ${transferHash}`);
+      }
+      return {
+        txHash: transferHash,
+        depositAddress,
+        underlyingToken,
+        chainId: this.config.sourceChainId,
+        height: transferReceipt.blockNumber
+      };
+    }).pipe(
+      effect.Effect.provide(
+        PublicClient.Live({
+          chain: options.walletClient.chain,
+          transport: V.http(this.config.sourceRpcUrl)
+        })
+      ),
+      effect.Effect.provideService(WalletClient, {
+        client: options.walletClient,
+        account: options.walletClient.account,
+        chain: options.walletClient.chain
+      }),
+      effect.Effect.runPromise
+    );
+  }
+  /**
+   * Deposit underlying tokens to ZAsset and transfer to deposit address
+   *
+   * Executes 3 transactions: approve → deposit → transfer.
+   * The wallet client must be connected to the source chain.
+   *
+   * @param secret - The 32-byte secret as a hex string
+   * @param beneficiaries - Array of 0-4 beneficiary addresses
+   * @param amount - Amount to deposit (in underlying token's smallest unit)
+   * @param walletClient - viem WalletClient with account and chain configured
+   * @returns Transaction hash, deposit address, underlying token, and chain ID
+   */
+  async unsafeDeposit(options) {
+    const { paymentKey, beneficiaries, amount, walletClient } = options;
+    if (!walletClient.account) {
+      throw new Error("WalletClient must have an account");
+    }
+    if (!walletClient.chain) {
+      throw new Error("WalletClient must have a chain configured");
+    }
+    const depositAddress = this.getDepositAddress(paymentKey, beneficiaries);
+    const publicClient = V.createPublicClient({
+      chain: walletClient.chain,
+      transport: V.http(this.config.sourceRpcUrl)
+    });
+    const underlyingToken = await this.srcClient.getClient().readContract({
+      address: this.config.srcZAssetAddress,
+      abi: [
+        {
+          inputs: [],
+          name: "underlying",
+          outputs: [{ name: "", type: "address" }],
+          stateMutability: "view",
+          type: "function"
+        }
+      ],
+      functionName: "underlying"
+    });
+    if (underlyingToken === ZERO_ADDRESS2) {
+      throw new Error(
+        "ZAsset is not a wrapped token (underlying is zero address)"
+      );
+    }
+    const ERC20_ABI2 = [
+      {
+        inputs: [
+          { name: "spender", type: "address" },
+          { name: "amount", type: "uint256" }
+        ],
+        name: "approve",
+        outputs: [{ name: "", type: "bool" }],
+        stateMutability: "nonpayable",
+        type: "function"
+      }
+    ];
+    const ZASSET_ABI2 = [
+      {
+        inputs: [{ name: "amount", type: "uint256" }],
+        name: "deposit",
+        outputs: [],
+        stateMutability: "nonpayable",
+        type: "function"
+      },
+      {
+        inputs: [
+          { name: "to", type: "address" },
+          { name: "amount", type: "uint256" }
+        ],
+        name: "transfer",
+        outputs: [{ name: "", type: "bool" }],
+        stateMutability: "nonpayable",
+        type: "function"
+      }
+    ];
+    const approveHash = await walletClient.writeContractSync({
+      address: underlyingToken,
+      abi: ERC20_ABI2,
+      functionName: "approve",
+      args: [this.config.srcZAssetAddress, amount],
+      chain: walletClient.chain,
+      account: walletClient.account
+    }).then((x) => x.transactionHash);
+    const approveReceipt = await publicClient.waitForTransactionReceipt({
+      hash: approveHash
+    });
+    if (approveReceipt.status === "reverted") {
+      throw new Error(`Approve transaction reverted: ${approveHash}`);
+    }
+    const depositHash = await walletClient.writeContractSync({
+      address: this.config.srcZAssetAddress,
+      abi: ZASSET_ABI2,
+      functionName: "deposit",
+      args: [amount],
+      chain: walletClient.chain,
+      account: walletClient.account
+    }).then((x) => x.transactionHash);
+    const depositReceipt = await publicClient.waitForTransactionReceipt({
+      hash: depositHash
+    });
+    if (depositReceipt.status === "reverted") {
+      throw new Error(`Deposit transaction reverted: ${depositHash}`);
+    }
+    const transferHash = await walletClient.writeContractSync({
+      address: this.config.srcZAssetAddress,
+      abi: ZASSET_ABI2,
+      functionName: "transfer",
+      args: [depositAddress, amount],
+      chain: walletClient.chain,
+      account: walletClient.account
+    }).then((x) => x.transactionHash);
+    const transferReceipt = await publicClient.waitForTransactionReceipt({
+      hash: transferHash
+    });
+    if (transferReceipt.status === "reverted") {
+      throw new Error(`Transfer transaction reverted: ${transferHash}`);
+    }
+    return {
+      txHash: transferHash,
+      depositAddress,
+      underlyingToken,
+      chainId: this.config.sourceChainId,
+      height: transferReceipt.blockNumber
+    };
+  }
+  /**
+   * Update loopback light client to a specific block height
+   *
+   * Fetches the IBC handler address internally from the destination ZAsset.
+   * The wallet client must be connected to the destination chain.
+   *
+   * @returns Transaction hash, block number, state root, and chain ID
+   */
+  async updateLightClient(options) {
+    const { clientId, height, walletClient } = options;
+    if (!walletClient.account) {
+      throw new Error("WalletClient must have an account");
+    }
+    if (!walletClient.chain) {
+      throw new Error("WalletClient must have a chain configured");
+    }
+    return effect.Effect.gen(this, function* () {
+      const publicClient = V.createPublicClient({
+        chain: walletClient.chain,
+        transport: V.http(this.config.destinationRpcUrl)
+      });
+      const ibcHandlerAddress = yield* effect.Effect.tryPromise({
+        try: () => this.dstClient.getIbcHandlerAddress(this.config.dstZAssetAddress),
+        catch: (cause) => effect.Effect.fail(cause)
+      });
+      const blockNumber = height === "latest" ? yield* effect.pipe(
+        effect.Effect.tryPromise(() => publicClient.getBlockNumber()),
+        effect.Effect.retry(commonRetry)
+      ) : height;
+      const block = yield* effect.pipe(
+        effect.Effect.tryPromise(() => publicClient.getBlock({ blockNumber })),
+        effect.Effect.retry(commonRetry)
+      );
+      if (!block.number) {
+        throw new Error("Block number is null");
+      }
+      const toRlpHex = (value) => {
+        if (value === void 0 || value === null || value === 0n || value === 0) {
+          return "0x";
+        }
+        let hex = typeof value === "bigint" ? value.toString(16) : value.toString(16);
+        if (hex.length % 2 !== 0) {
+          hex = "0" + hex;
+        }
+        return `0x${hex}`;
+      };
+      const headerFields = [
+        block.parentHash,
+        block.sha3Uncles,
+        block.miner,
+        block.stateRoot,
+        block.transactionsRoot,
+        block.receiptsRoot,
+        block.logsBloom ?? "0x" + "00".repeat(256),
+        toRlpHex(block.difficulty),
+        toRlpHex(block.number),
+        toRlpHex(block.gasLimit),
+        toRlpHex(block.gasUsed),
+        toRlpHex(block.timestamp),
+        block.extraData,
+        block.mixHash ?? "0x0000000000000000000000000000000000000000000000000000000000000000",
+        block.nonce ?? "0x0000000000000000"
+      ];
+      if (block.baseFeePerGas !== void 0 && block.baseFeePerGas !== null) {
+        headerFields.push(toRlpHex(block.baseFeePerGas));
+      }
+      if (block.withdrawalsRoot) {
+        headerFields.push(block.withdrawalsRoot);
+      }
+      if (block.blobGasUsed !== void 0 && block.blobGasUsed !== null) {
+        headerFields.push(toRlpHex(block.blobGasUsed));
+      }
+      if (block.excessBlobGas !== void 0 && block.excessBlobGas !== null) {
+        headerFields.push(toRlpHex(block.excessBlobGas));
+      }
+      if (block.parentBeaconBlockRoot) {
+        headerFields.push(block.parentBeaconBlockRoot);
+      }
+      const blockAny = block;
+      if (blockAny.requestsHash) {
+        headerFields.push(blockAny.requestsHash);
+      }
+      const rlpEncoded = V.toRlp(headerFields);
+      const computedHash = V.keccak256(rlpEncoded);
+      if (computedHash !== block.hash) {
+        throw new Error(
+          `RLP encoding mismatch: computed hash ${computedHash} does not match block hash ${block.hash}`
+        );
+      }
+      const clientMessage = V.encodeAbiParameters(
+        [
+          { type: "uint64", name: "height" },
+          { type: "bytes", name: "encodedHeader" }
+        ],
+        [block.number, rlpEncoded]
+      );
+      const LIGHTCLIENT_ABI = [
+        {
+          inputs: [
+            { name: "caller", type: "address" },
+            { name: "clientId", type: "uint32" },
+            { name: "clientMessage", type: "bytes" },
+            { name: "relayer", type: "address" }
+          ],
+          name: "updateClient",
+          outputs: [],
+          stateMutability: "nonpayable",
+          type: "function"
+        }
+      ];
+      let currentBlock = yield* effect.pipe(
+        effect.Effect.tryPromise(() => publicClient.getBlockNumber()),
+        effect.Effect.retry(commonRetry)
+      );
+      while (currentBlock <= blockNumber) {
+        yield* effect.Effect.sleep("1 second");
+        currentBlock = yield* effect.Effect.tryPromise(
+          () => publicClient.getBlockNumber()
+        );
+      }
+      const loopbackClient = yield* effect.pipe(
+        readContract({
+          address: ibcHandlerAddress,
+          abi: IBC_STORE_ABI,
+          functionName: "getClient",
+          args: [clientId]
+        }),
+        effect.Effect.retry(commonRetry)
+      );
+      const txHash = yield* effect.pipe(
+        writeContract({
+          address: loopbackClient,
+          abi: LIGHTCLIENT_ABI,
+          functionName: "updateClient",
+          args: [
+            walletClient.account.address,
+            clientId,
+            clientMessage,
+            walletClient.account.address
+          ],
+          chain: walletClient.chain,
+          account: walletClient.account
+        }),
+        effect.Effect.retry(commonRetry)
+      );
+      const chainId = yield* effect.Effect.sync(() => this.config.destinationChainId);
+      return {
+        txHash,
+        blockNumber: block.number,
+        stateRoot: block.stateRoot,
+        chainId
+      };
+    }).pipe(
+      effect.Effect.provide(
+        PublicClient.Live({
+          chain: walletClient.chain,
+          transport: V.http(this.config.destinationRpcUrl)
+        })
+      ),
+      effect.Effect.provideService(WalletClient, {
+        client: options.walletClient,
+        account: options.walletClient.account,
+        chain: options.walletClient.chain
+      }),
+      effect.Effect.runPromise
+    );
+  }
+  /**
+   * Update loopback light client to a specific block height
+   *
+   * Fetches the IBC handler address internally from the destination ZAsset.
+   * The wallet client must be connected to the destination chain.
+   *
+   * @returns Transaction hash, block number, state root, and chain ID
+   */
+  async unsafeUpdateLightClient(options) {
+    const { clientId, height, walletClient } = options;
+    if (!walletClient.account) {
+      throw new Error("WalletClient must have an account");
+    }
+    if (!walletClient.chain) {
+      throw new Error("WalletClient must have a chain configured");
+    }
+    const publicClient = V.createPublicClient({
+      chain: walletClient.chain,
+      transport: V.http(this.config.destinationRpcUrl)
+    });
+    const ibcHandlerAddress = await this.dstClient.getIbcHandlerAddress(
+      this.config.dstZAssetAddress
+    );
+    const blockNumber = height === "latest" ? await publicClient.getBlockNumber() : height;
+    const block = await publicClient.getBlock({ blockNumber });
+    if (!block.number) {
+      throw new Error("Block number is null");
+    }
+    const toRlpHex = (value) => {
+      if (value === void 0 || value === null || value === 0n || value === 0) {
+        return "0x";
+      }
+      let hex = typeof value === "bigint" ? value.toString(16) : value.toString(16);
+      if (hex.length % 2 !== 0) {
+        hex = "0" + hex;
+      }
+      return `0x${hex}`;
+    };
+    const headerFields = [
+      block.parentHash,
+      block.sha3Uncles,
+      block.miner,
+      block.stateRoot,
+      block.transactionsRoot,
+      block.receiptsRoot,
+      block.logsBloom ?? "0x" + "00".repeat(256),
+      toRlpHex(block.difficulty),
+      toRlpHex(block.number),
+      toRlpHex(block.gasLimit),
+      toRlpHex(block.gasUsed),
+      toRlpHex(block.timestamp),
+      block.extraData,
+      block.mixHash ?? "0x0000000000000000000000000000000000000000000000000000000000000000",
+      block.nonce ?? "0x0000000000000000"
+    ];
+    if (block.baseFeePerGas !== void 0 && block.baseFeePerGas !== null) {
+      headerFields.push(toRlpHex(block.baseFeePerGas));
+    }
+    if (block.withdrawalsRoot) {
+      headerFields.push(block.withdrawalsRoot);
+    }
+    if (block.blobGasUsed !== void 0 && block.blobGasUsed !== null) {
+      headerFields.push(toRlpHex(block.blobGasUsed));
+    }
+    if (block.excessBlobGas !== void 0 && block.excessBlobGas !== null) {
+      headerFields.push(toRlpHex(block.excessBlobGas));
+    }
+    if (block.parentBeaconBlockRoot) {
+      headerFields.push(block.parentBeaconBlockRoot);
+    }
+    const blockAny = block;
+    if (blockAny.requestsHash) {
+      headerFields.push(blockAny.requestsHash);
+    }
+    const rlpEncoded = V.toRlp(headerFields);
+    const computedHash = V.keccak256(rlpEncoded);
+    if (computedHash !== block.hash) {
+      throw new Error(
+        `RLP encoding mismatch: computed hash ${computedHash} does not match block hash ${block.hash}`
+      );
+    }
+    const clientMessage = V.encodeAbiParameters(
+      [
+        { type: "uint64", name: "height" },
+        { type: "bytes", name: "encodedHeader" }
+      ],
+      [block.number, rlpEncoded]
+    );
+    const LIGHTCLIENT_ABI = [
+      {
+        inputs: [
+          { name: "caller", type: "address" },
+          { name: "clientId", type: "uint32" },
+          { name: "clientMessage", type: "bytes" },
+          { name: "relayer", type: "address" }
+        ],
+        name: "updateClient",
+        outputs: [],
+        stateMutability: "nonpayable",
+        type: "function"
+      }
+    ];
+    let currentBlock = await publicClient.getBlockNumber();
+    while (currentBlock <= blockNumber) {
+      await new Promise((resolve) => setTimeout(resolve, 1e3));
+      currentBlock = await publicClient.getBlockNumber();
+    }
+    const loopbackClient = await publicClient.readContract({
+      address: ibcHandlerAddress,
+      abi: IBC_STORE_ABI,
+      functionName: "getClient",
+      args: [clientId]
+    });
+    const txHash = await walletClient.writeContractSync({
+      address: loopbackClient,
+      abi: LIGHTCLIENT_ABI,
+      functionName: "updateClient",
+      args: [
+        walletClient.account.address,
+        clientId,
+        clientMessage,
+        walletClient.account.address
+      ],
+      chain: walletClient.chain,
+      account: walletClient.account
+    }).then((x) => x.transactionHash);
+    return {
+      txHash,
+      blockNumber: block.number,
+      stateRoot: block.stateRoot,
+      chainId: this.config.destinationChainId
+    };
+  }
+  /**
+   * Get redemption history for a secret
+   *
+   * Queries the Redeemed events filtered by the nullifier derived from the secret.
+   * This is a read-only operation that doesn't require a wallet.
+   *
+   * @param secret - The 32-byte secret as a hex string
+   * @param fromBlock - Start block number (default: earliest)
+   * @param toBlock - End block number (default: latest)
+   * @returns Array of redemption transactions
+   */
+  getRedemptionHistory(secret, fromBlock, toBlock) {
+    return effect.Effect.gen(this, function* () {
+      const nullifier = this.getNullifier(secret);
+      return yield* effect.pipe(
+        effect.Effect.tryPromise(
+          () => this.dstClient.getRedemptionHistory(
+            this.config.dstZAssetAddress,
+            nullifier,
+            fromBlock,
+            toBlock
+          )
+        ),
+        effect.Effect.retry(commonRetry)
+      );
+    }).pipe(effect.Effect.runPromise);
+  }
+  /**
+   * Get redemption history for a secret
+   *
+   * Queries the Redeemed events filtered by the nullifier derived from the secret.
+   * This is a read-only operation that doesn't require a wallet.
+   *
+   * @param secret - The 32-byte secret as a hex string
+   * @param fromBlock - Start block number (default: earliest)
+   * @param toBlock - End block number (default: latest)
+   * @returns Array of redemption transactions
+   */
+  async unsafeGetRedemptionHistory(secret, fromBlock, toBlock) {
+    const nullifier = this.getNullifier(secret);
+    return this.dstClient.getRedemptionHistory(
+      this.config.dstZAssetAddress,
+      nullifier,
+      fromBlock,
+      toBlock
+    );
+  }
+  /**
+   * Full redeem flow: generate proof + get attestation + submit transaction
+   *
+   * This method orchestrates the entire redemption process:
+   * 1. Generates a ZK proof via the prover server
+   * 2. Gets attestation from the attestation service
+   * 3. Submits the redeem transaction
+   *
+   * The wallet client must be connected to the destination chain.
+   *
+   * @returns Transaction hash, proof, and metadata
+   */
+  redeem(options) {
+    const {
+      paymentKey,
+      beneficiaries,
+      beneficiary,
+      amount,
+      clientIds,
+      selectedClientId,
+      walletClient,
+      unwrap = true
+    } = options;
+    const attestationUrl = this.config.attestorUrl;
+    const attestorApiKey = this.config.attestorApiKey;
+    if (!attestationUrl) {
+      throw Error(
+        "Attestation URL must be provided either in redeem options or ClientOptions"
+      );
+    }
+    if (!attestorApiKey) {
+      throw Error(
+        "Attestation API key must be provided either in redeem options or ClientOptions"
+      );
+    }
+    if (!walletClient.account) {
+      throw Error("WalletClient must have an account");
+    }
+    if (!walletClient.chain) {
+      throw Error("WalletClient must have a chain configured");
+    }
+    return effect.Effect.gen(this, function* () {
+      const proofResult = yield* effect.Effect.tryPromise({
+        try: () => this.generateProof(
+          paymentKey,
+          beneficiaries,
+          beneficiary,
+          amount,
+          clientIds,
+          selectedClientId
+        ),
+        catch: (cause) => effect.Effect.fail(cause)
+      }).pipe(effect.Effect.retry(commonRetry));
+      if (!proofResult.proof.success || !proofResult.proof.proofJson || !proofResult.metadata) {
+        return yield* effect.Effect.fail(
+          Error(proofResult.proof.error ?? "Proof generation failed")
+        );
+      }
+      const proofJson = parseProofJson(proofResult.proof.proofJson);
+      const metadata = proofResult.metadata;
+      const depositAddress = this.getDepositAddress(paymentKey, beneficiaries);
+      const attestationClient = new AttestationClient(
+        attestationUrl,
+        attestorApiKey
+      );
+      const attestationResponse = yield* effect.Effect.tryPromise({
+        try: () => attestationClient.getAttestation(depositAddress, beneficiary),
+        catch: (cause) => effect.Effect.fail(cause)
+      }).pipe(effect.Effect.retry(commonRetry));
+      const redeemParams = proofJsonToRedeemParams(proofJson, {
+        lightClients: metadata.lightClients,
+        nullifier: metadata.nullifier,
+        value: metadata.value,
+        beneficiary: metadata.beneficiary,
+        attestedMessage: attestationResponse.attestedMessage,
+        signature: attestationResponse.signature
+      });
+      const ZASSET_ABI2 = [
+        {
+          inputs: [
+            { name: "proof", type: "uint256[8]" },
+            { name: "commitments", type: "uint256[2]" },
+            { name: "commitmentPok", type: "uint256[2]" },
+            {
+              name: "lightClients",
+              type: "tuple[]",
+              components: [
+                { name: "clientId", type: "uint32" },
+                { name: "height", type: "uint64" }
+              ]
+            },
+            { name: "nullifier", type: "uint256" },
+            { name: "value", type: "uint256" },
+            { name: "beneficiary", type: "address" },
+            { name: "attestedMessage", type: "bytes32" },
+            { name: "signature", type: "bytes" },
+            { name: "unwrap", type: "bool" }
+          ],
+          name: "redeem",
+          outputs: [],
+          stateMutability: "nonpayable",
+          type: "function"
+        }
+      ];
+      const txHash = yield* effect.pipe(
+        writeContract({
+          address: this.config.dstZAssetAddress,
+          abi: ZASSET_ABI2,
+          functionName: "redeem",
+          args: [
+            redeemParams.proof,
+            redeemParams.commitments,
+            redeemParams.commitmentPok,
+            redeemParams.lightClients,
+            redeemParams.nullifier,
+            redeemParams.value,
+            redeemParams.beneficiary,
+            redeemParams.attestedMessage,
+            redeemParams.signature,
+            unwrap
+          ],
+          chain: walletClient.chain,
+          account: walletClient.account
+        }),
+        effect.Effect.retry(commonRetry)
+      );
+      return {
+        txHash,
+        proof: proofJson,
+        metadata
+      };
+    }).pipe(
+      effect.Effect.provide(
+        PublicClient.Live({
+          chain: options.walletClient.chain,
+          transport: V.http(this.config.destinationRpcUrl)
+        })
+      ),
+      effect.Effect.provideService(WalletClient, {
+        client: options.walletClient,
+        account: options.walletClient.account,
+        chain: options.walletClient.chain
+      }),
+      effect.Effect.runPromise
+    );
+  }
+  /**
+   * Full redeem flow: generate proof + get attestation + submit transaction
+   *
+   * This method orchestrates the entire redemption process:
+   * 1. Generates a ZK proof via the prover server
+   * 2. Gets attestation from the attestation service
+   * 3. Submits the redeem transaction
+   *
+   * The wallet client must be connected to the destination chain.
+   *
+   * @returns Transaction hash, proof, and metadata
+   */
+  async unsafeRedeem(options) {
+    const {
+      paymentKey,
+      beneficiaries,
+      beneficiary,
+      amount,
+      clientIds,
+      selectedClientId,
+      walletClient,
+      unwrap = true
+    } = options;
+    const attestationUrl = this.config.attestorUrl;
+    const attestorApiKey = this.config.attestorApiKey;
+    if (!attestationUrl) {
+      throw new Error(
+        "Attestation URL must be provided either in redeem options or ClientOptions"
+      );
+    }
+    if (!attestorApiKey) {
+      throw new Error(
+        "Attestation API key must be provided either in redeem options or ClientOptions"
+      );
+    }
+    if (!walletClient.account) {
+      throw new Error("WalletClient must have an account");
+    }
+    if (!walletClient.chain) {
+      throw new Error("WalletClient must have a chain configured");
+    }
+    const proofResult = await this.generateProof(
+      paymentKey,
+      beneficiaries,
+      beneficiary,
+      amount,
+      clientIds,
+      selectedClientId
+    );
+    if (!proofResult.proof.success || !proofResult.proof.proofJson || !proofResult.metadata) {
+      throw new Error(proofResult.proof.error ?? "Proof generation failed");
+    }
+    const proofJson = parseProofJson(proofResult.proof.proofJson);
+    const metadata = proofResult.metadata;
+    const depositAddress = this.getDepositAddress(paymentKey, beneficiaries);
+    const attestationClient = new AttestationClient(
+      attestationUrl,
+      attestorApiKey
+    );
+    const attestationResponse = await attestationClient.getAttestation(
+      depositAddress,
+      beneficiary
+    );
+    const redeemParams = proofJsonToRedeemParams(proofJson, {
+      lightClients: metadata.lightClients,
+      nullifier: metadata.nullifier,
+      value: metadata.value,
+      beneficiary: metadata.beneficiary,
+      attestedMessage: attestationResponse.attestedMessage,
+      signature: attestationResponse.signature
+    });
+    const publicClient = V.createPublicClient({
+      chain: walletClient.chain,
+      transport: V.http(this.config.destinationRpcUrl)
+    });
+    const ZASSET_ABI2 = [
+      {
+        inputs: [
+          { name: "proof", type: "uint256[8]" },
+          { name: "commitments", type: "uint256[2]" },
+          { name: "commitmentPok", type: "uint256[2]" },
+          {
+            name: "lightClients",
+            type: "tuple[]",
+            components: [
+              { name: "clientId", type: "uint32" },
+              { name: "height", type: "uint64" }
+            ]
+          },
+          { name: "nullifier", type: "uint256" },
+          { name: "value", type: "uint256" },
+          { name: "beneficiary", type: "address" },
+          { name: "attestedMessage", type: "bytes32" },
+          { name: "signature", type: "bytes" },
+          { name: "unwrap", type: "bool" }
+        ],
+        name: "redeem",
+        outputs: [],
+        stateMutability: "nonpayable",
+        type: "function"
+      }
+    ];
+    const txHash = await walletClient.writeContractSync({
+      address: this.config.dstZAssetAddress,
+      abi: ZASSET_ABI2,
+      functionName: "redeem",
+      args: [
+        redeemParams.proof,
+        redeemParams.commitments,
+        redeemParams.commitmentPok,
+        redeemParams.lightClients,
+        redeemParams.nullifier,
+        redeemParams.value,
+        redeemParams.beneficiary,
+        redeemParams.attestedMessage,
+        redeemParams.signature,
+        unwrap
+      ],
+      chain: walletClient.chain,
+      account: walletClient.account
+    }).then((x) => x.transactionHash);
+    const receipt = await publicClient.waitForTransactionReceipt({
+      hash: txHash
+    });
+    if (receipt.status === "reverted") {
+      throw new Error(`Redeem transaction reverted: ${txHash}`);
+    }
+    return {
+      txHash,
+      proof: proofJson,
+      metadata
+    };
+  }
+  /**
+   * Pad beneficiaries array to exactly 4 addresses
+   * Empty array = unbounded mode (all zeros, any beneficiary allowed)
+   */
+  padBeneficiaries(beneficiaries) {
+    if (beneficiaries.length > 4) {
+      throw new Error("Maximum 4 beneficiaries allowed");
+    }
+    const padded = [
+      beneficiaries[0] ?? ZERO_ADDRESS2,
+      beneficiaries[1] ?? ZERO_ADDRESS2,
+      beneficiaries[2] ?? ZERO_ADDRESS2,
+      beneficiaries[3] ?? ZERO_ADDRESS2
+    ];
+    return padded;
+  }
+};
+
+// src/cli/commands/balance.ts
+var balanceCommand = new commander.Command("balance").description("Query balance via light client").requiredOption("--secret <hex>", "32-byte secret (0x-prefixed hex)").option(
+  "--beneficiaries <addresses>",
+  "Comma-separated beneficiary addresses"
+).requiredOption("--client-id <id>", "Light client ID to use").option(
+  "--config <path>",
+  "Path to config file",
+  "./private-payments.config.json"
+).action(async (options) => {
+  try {
+    const config = loadConfig(options.config);
+    const secret = validateSecret2(options.secret);
+    const beneficiaries = parseBeneficiaries(options.beneficiaries);
+    const clientId = parseInt(options.clientId, 10);
+    if (isNaN(clientId) || clientId < 0) {
+      throw new Error("Invalid light client ID");
+    }
+    const client = new UnionPrivatePayments({
+      proverUrl: config.proverUrl,
+      sourceRpcUrl: config.sourceRpcUrl,
+      destinationRpcUrl: config.destinationRpcUrl,
+      srcZAssetAddress: config.srcZAssetAddress,
+      dstZAssetAddress: config.dstZAssetAddress,
+      sourceChainId: BigInt(config.sourceChainId),
+      destinationChainId: BigInt(config.destinationChainId)
+    });
+    const depositAddress = client.getDepositAddress(
+      secret,
+      beneficiaries
+    );
+    const nullifier = client.getNullifier(secret);
+    console.log("Querying balance...");
+    console.log("Deposit Address:", depositAddress);
+    console.log("Light Client ID:", clientId);
+    const balance = await client.getBalance({
+      depositAddress,
+      nullifier,
+      clientId
+    });
+    const tokenInfo = await client.getSrcZAssetInfo();
+    console.log("");
+    console.log(`Latest height: ${balance.latestHeight}`);
+    console.log(`Light client height: ${balance.lightClientHeight}`);
+    console.log(
+      `Light client lag: ${balance.latestHeight - balance.lightClientHeight}`
+    );
+    console.log(`Balance:`);
+    console.log(
+      "  Pending:",
+      formatAmount(
+        balance.pending,
+        tokenInfo.decimals,
+        tokenInfo.symbol
+      )
+    );
+    console.log(
+      "  Confirmed:",
+      formatAmount(
+        balance.confirmed,
+        tokenInfo.decimals,
+        tokenInfo.symbol
+      )
+    );
+    console.log(
+      "  Redeemed:",
+      formatAmount(
+        balance.redeemed,
+        tokenInfo.decimals,
+        tokenInfo.symbol
+      )
+    );
+    console.log(
+      "  Available:",
+      formatAmount(
+        balance.available,
+        tokenInfo.decimals,
+        tokenInfo.symbol
+      )
+    );
+    console.log("");
+    console.log("Raw balance:");
+    console.log("  Pending:", balance.pending.toString());
+    console.log("  Confirmed:", balance.confirmed.toString());
+    console.log("  Redeemed:", balance.redeemed.toString());
+    console.log("  Available:", balance.available.toString());
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+var proveCommand = new commander.Command("prove").description("Generate ZK proof for redemption").requiredOption("--secret <hex>", "32-byte secret (0x-prefixed hex)").option("--beneficiaries <addresses>", "Comma-separated beneficiary addresses for address derivation").requiredOption("--beneficiary <address>", "Address to redeem to").requiredOption("--amount <value>", 'Amount to redeem in smallest units (e.g., "2000000" for 2 USDC)').requiredOption("--client-ids <ids>", "Comma-separated light client IDs for anonymity set").requiredOption("--selected-client <id>", "Which client ID to use for proof").option("--output <file>", "Save proof JSON to file (default: stdout)").option("--config <path>", "Path to config file", "./private-payments.config.json").action(async (options) => {
+  try {
+    const config = loadConfig(options.config);
+    const secret = validateSecret2(options.secret);
+    const beneficiaries = parseBeneficiaries(options.beneficiaries);
+    const beneficiary = validateAddress(options.beneficiary, "beneficiary");
+    const clientIds = parseClientIds(options.clientIds);
+    const selectedClientId = parseInt(options.selectedClient, 10);
+    if (isNaN(selectedClientId)) {
+      throw new Error("Invalid selected client ID");
+    }
+    if (!clientIds.includes(selectedClientId)) {
+      throw new Error(`Selected client ${selectedClientId} not in client IDs: ${clientIds.join(", ")}`);
+    }
+    const client = new UnionPrivatePayments({
+      proverUrl: config.proverUrl,
+      sourceRpcUrl: config.sourceRpcUrl,
+      destinationRpcUrl: config.destinationRpcUrl,
+      srcZAssetAddress: config.srcZAssetAddress,
+      dstZAssetAddress: config.dstZAssetAddress,
+      sourceChainId: BigInt(config.sourceChainId),
+      destinationChainId: BigInt(config.destinationChainId)
+    });
+    const amount = BigInt(options.amount);
+    console.error("Generating proof...");
+    console.error("  Secret:", secret.slice(0, 10) + "...");
+    console.error("  Beneficiary:", beneficiary);
+    console.error("  Amount:", amount.toString());
+    console.error("  Client IDs:", clientIds.join(", "));
+    console.error("  Selected Client:", selectedClientId);
+    const result = await client.generateProof(
+      secret,
+      beneficiaries,
+      beneficiary,
+      amount,
+      clientIds,
+      selectedClientId
+    );
+    if (!result.proof.success || !result.proof.proofJson || !result.metadata) {
+      throw new Error(result.proof.error ?? "Proof generation failed");
+    }
+    console.error("Proof generated successfully!");
+    const proofJson = parseProofJson(result.proof.proofJson);
+    const output = {
+      proof: proofJson,
+      metadata: {
+        depositAddress: result.metadata.depositAddress,
+        beneficiary: result.metadata.beneficiary,
+        value: result.metadata.value.toString(),
+        nullifier: "0x" + result.metadata.nullifier.toString(16).padStart(64, "0"),
+        lightClients: result.metadata.lightClients.map((lc) => ({
+          clientId: lc.clientId,
+          height: lc.height.toString(),
+          stateRoot: lc.stateRoot
+        }))
+      }
+    };
+    const jsonOutput = JSON.stringify(output, null, 2);
+    if (options.output) {
+      fs.writeFileSync(options.output, jsonOutput);
+      console.error(`Proof saved to: ${options.output}`);
+    } else {
+      console.log(jsonOutput);
+    }
+    console.error("");
+    console.error("Metadata:");
+    console.error("  Deposit Address:", result.metadata.depositAddress);
+    console.error("  Beneficiary:", result.metadata.beneficiary);
+    console.error("  Value:", result.metadata.value.toString());
+    console.error("  Nullifier:", "0x" + result.metadata.nullifier.toString(16).padStart(64, "0"));
+    console.error("  Light Clients:", result.metadata.lightClients.length);
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+var CHAIN_MAP = {
+  1: chains.mainnet,
+  8453: chains.base,
+  42161: chains.arbitrum,
+  10: chains.optimism,
+  137: chains.polygon
+};
+var redeemCommand = new commander.Command("redeem").description("Submit redemption transaction (with existing proof or generate on the fly)").option("--proof <file>", "Path to proof JSON file (from prove command)").option("--secret <hex>", "32-byte secret (0x-prefixed hex) - required if no --proof").option("--beneficiaries <addresses>", "Comma-separated beneficiary addresses for address derivation").option("--beneficiary <address>", "Address to redeem to - required if no --proof").option("--amount <value>", "Amount to redeem in smallest units - required if no --proof").option("--client-ids <ids>", "Comma-separated light client IDs for anonymity set - required if no --proof").option("--selected-client <id>", "Which client ID to use for proof - required if no --proof").option("--private-key <key>", "Private key to send transaction (or env SENDER_PRIVATE_KEY)").option("--config <path>", "Path to config file", "./private-payments.config.json").action(async (options) => {
+  try {
+    const config = loadConfig(options.config);
+    const privateKey = options.privateKey ?? process.env.SENDER_PRIVATE_KEY;
+    if (!privateKey) {
+      throw new Error("Private key required. Use --private-key or set SENDER_PRIVATE_KEY env var");
+    }
+    if (!privateKey.startsWith("0x")) {
+      throw new Error("Private key must start with 0x");
+    }
+    if (!config.attestorUrl) {
+      throw new Error("attestorUrl required in config for redemption");
+    }
+    if (!config.attestorApiKey) {
+      throw new Error("attestorApiKey required in config for redemption");
+    }
+    let proofData;
+    if (options.proof) {
+      const proofContent = fs.readFileSync(options.proof, "utf-8");
+      proofData = JSON.parse(proofContent);
+      console.log("Loading proof from:", options.proof);
+    } else {
+      if (!options.secret || !options.beneficiary || !options.amount || !options.clientIds || !options.selectedClient) {
+        throw new Error(
+          "When not using --proof, you must provide: --secret, --beneficiary, --amount, --client-ids, --selected-client"
+        );
+      }
+      const secret = validateSecret2(options.secret);
+      const beneficiaries = parseBeneficiaries(options.beneficiaries);
+      const beneficiary2 = validateAddress(options.beneficiary, "beneficiary");
+      const clientIds = parseClientIds(options.clientIds);
+      const selectedClientId = parseInt(options.selectedClient, 10);
+      if (isNaN(selectedClientId)) {
+        throw new Error("Invalid selected client ID");
+      }
+      if (!clientIds.includes(selectedClientId)) {
+        throw new Error(`Selected client ${selectedClientId} not in client IDs: ${clientIds.join(", ")}`);
+      }
+      const client = new UnionPrivatePayments({
+        proverUrl: config.proverUrl,
+        sourceRpcUrl: config.sourceRpcUrl,
+        destinationRpcUrl: config.destinationRpcUrl,
+        srcZAssetAddress: config.srcZAssetAddress,
+        dstZAssetAddress: config.dstZAssetAddress,
+        sourceChainId: BigInt(config.sourceChainId),
+        destinationChainId: BigInt(config.destinationChainId)
+      });
+      const amount = BigInt(options.amount);
+      console.log("Generating proof...");
+      console.log("  Secret:", secret.slice(0, 10) + "...");
+      console.log("  Beneficiary:", beneficiary2);
+      console.log("  Amount:", amount.toString());
+      console.log("  Client IDs:", clientIds.join(", "));
+      console.log("  Selected Client:", selectedClientId);
+      const result = await client.generateProof(
+        secret,
+        beneficiaries,
+        beneficiary2,
+        amount,
+        clientIds,
+        selectedClientId
+      );
+      if (!result.proof.success || !result.proof.proofJson || !result.metadata) {
+        throw new Error(result.proof.error ?? "Proof generation failed");
+      }
+      console.log("Proof generated successfully!");
+      const proofJson = parseProofJson(result.proof.proofJson);
+      proofData = {
+        proof: proofJson,
+        metadata: {
+          depositAddress: result.metadata.depositAddress,
+          beneficiary: result.metadata.beneficiary,
+          value: result.metadata.value.toString(),
+          nullifier: "0x" + result.metadata.nullifier.toString(16).padStart(64, "0"),
+          lightClients: result.metadata.lightClients.map((lc) => ({
+            clientId: lc.clientId,
+            height: lc.height.toString(),
+            stateRoot: lc.stateRoot
+          }))
+        }
+      };
+    }
+    const lightClients = proofData.metadata.lightClients.map((lc) => ({
+      clientId: lc.clientId,
+      height: BigInt(lc.height),
+      stateRoot: lc.stateRoot
+    }));
+    const nullifier = BigInt(proofData.metadata.nullifier);
+    const value = BigInt(proofData.metadata.value);
+    const beneficiary = proofData.metadata.beneficiary;
+    const depositAddress = proofData.metadata.depositAddress;
+    console.log("");
+    console.log("Redemption details:");
+    console.log("  Deposit Address:", depositAddress);
+    console.log("  Beneficiary:", beneficiary);
+    console.log("  Value:", value.toString());
+    console.log("  Nullifier:", proofData.metadata.nullifier);
+    console.log("  Light Clients:", lightClients.length);
+    console.log("");
+    console.log("Requesting attestation...");
+    const attestationClient = new AttestationClient(
+      config.attestorUrl,
+      config.attestorApiKey
+    );
+    const attestation = await attestationClient.getAttestation(depositAddress, beneficiary);
+    console.log("  Attested Message:", attestation.attestedMessage);
+    console.log("  Signature:", attestation.signature.slice(0, 20) + "...");
+    const redeemParams = proofJsonToRedeemParams(proofData.proof, {
+      lightClients,
+      nullifier,
+      value,
+      beneficiary,
+      attestedMessage: attestation.attestedMessage,
+      signature: attestation.signature
+    });
+    const chain = CHAIN_MAP[config.destinationChainId];
+    if (!chain) {
+      throw new Error(`Unsupported destination chain ID: ${config.destinationChainId}`);
+    }
+    const account = accounts.privateKeyToAccount(privateKey);
+    const walletClient = V.createWalletClient({
+      account,
+      chain,
+      transport: V.http(config.destinationRpcUrl)
+    });
+    console.log("");
+    console.log("Submitting redeem transaction...");
+    const txHash = await submitRedeem(
+      config.dstZAssetAddress,
+      redeemParams,
+      walletClient
+    );
+    console.log("");
+    console.log("Transaction submitted!");
+    console.log("Hash:", txHash);
+    console.log("Explorer:", getExplorerUrl(config.destinationChainId, txHash));
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+var updateClientCommand = new commander.Command("update-client").description("Update loopback light client to a specific block height").requiredOption("--rpc <url>", "RPC URL for the chain").requiredOption("--client-id <id>", "Light client ID to update").option("--height <height>", "Block height to update to (default: latest)", "latest").requiredOption("--ibc-handler <address>", "IBCHandler contract address").option("--private-key <key>", "Private key to send transaction (or env SENDER_PRIVATE_KEY)").action(async (options) => {
+  try {
+    const privateKey = options.privateKey ?? process.env.SENDER_PRIVATE_KEY;
+    if (!privateKey) {
+      throw new Error("Private key required. Use --private-key or set SENDER_PRIVATE_KEY env var");
+    }
+    if (!privateKey.startsWith("0x")) {
+      throw new Error("Private key must start with 0x");
+    }
+    const clientId = parseInt(options.clientId, 10);
+    if (isNaN(clientId)) {
+      throw new Error("Invalid client ID: must be a number");
+    }
+    const ibcHandlerAddress = options.ibcHandler;
+    if (!ibcHandlerAddress.startsWith("0x") || ibcHandlerAddress.length !== 42) {
+      throw new Error("Invalid IBC handler address");
+    }
+    const height = options.height === "latest" ? "latest" : BigInt(options.height);
+    const publicClient = V.createPublicClient({
+      transport: V.http(options.rpc)
+    });
+    const chainId = await publicClient.getChainId();
+    const account = accounts.privateKeyToAccount(privateKey);
+    const walletClient = V.createWalletClient({
+      account,
+      chain: { id: chainId },
+      transport: V.http(options.rpc)
+    });
+    console.log("Updating loopback light client...");
+    console.log("  RPC:", options.rpc);
+    console.log("  IBC Handler:", ibcHandlerAddress);
+    console.log("  Client ID:", clientId);
+    console.log("  Height:", height === "latest" ? "latest" : height.toString());
+    console.log("");
+    const result = await updateLoopbackClient(
+      options.rpc,
+      ibcHandlerAddress,
+      clientId,
+      height,
+      walletClient
+    );
+    console.log("Light client updated successfully!");
+    console.log("  Chain ID:", result.chainId.toString());
+    console.log("  Block Number:", result.blockNumber.toString());
+    console.log("  State Root:", result.stateRoot);
+    console.log("  Transaction:", result.txHash);
+    console.log("  Explorer:", getExplorerUrl(Number(result.chainId), result.txHash));
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+var depositCommand = new commander.Command("deposit").description("Wrap underlying tokens and deposit to ZAsset").requiredOption("--amount <amount>", 'Amount to deposit in smallest units (e.g., "50000000" for 50 USDC)').requiredOption("--secret <hex>", "32-byte secret to derive deposit address (0x-prefixed hex)").option("--beneficiaries <addresses>", "Comma-separated beneficiary addresses (max 4, empty = unbounded)").option("--private-key <key>", "Private key to sign transaction (or env SENDER_PRIVATE_KEY)").option("--config <path>", "Path to config file", "./private-payments.config.json").action(async (options) => {
+  try {
+    const privateKey = options.privateKey ?? process.env.SENDER_PRIVATE_KEY;
+    if (!privateKey) {
+      throw new Error("Private key required. Use --private-key or set SENDER_PRIVATE_KEY env var");
+    }
+    if (!privateKey.startsWith("0x")) {
+      throw new Error("Private key must start with 0x");
+    }
+    const config = loadConfig(options.config);
+    const secret = validateSecret2(options.secret);
+    const beneficiaries = parseBeneficiaries(options.beneficiaries);
+    const paddedBeneficiaries = padBeneficiaries(beneficiaries);
+    const rpcUrl = config.sourceRpcUrl;
+    const zAssetAddress = config.srcZAssetAddress;
+    const amount = BigInt(options.amount);
+    const depositAddress = computeUnspendableAddress(
+      secret,
+      BigInt(config.destinationChainId),
+      paddedBeneficiaries
+    );
+    const account = accounts.privateKeyToAccount(privateKey);
+    const walletClient = V.createWalletClient({
+      account,
+      chain: { id: config.sourceChainId },
+      transport: V.http(rpcUrl)
+    });
+    console.log("Depositing to ZAsset...");
+    console.log("  ZAsset:", zAssetAddress);
+    console.log("  Amount:", amount.toString());
+    console.log("  Deposit Address:", depositAddress);
+    console.log("");
+    const result = await depositToZAsset(
+      rpcUrl,
+      zAssetAddress,
+      depositAddress,
+      amount,
+      walletClient
+    );
+    console.log("");
+    console.log("Deposit complete!");
+    console.log("  Tx Hash:", result.txHash);
+    console.log("  Explorer:", getExplorerUrl(Number(result.chainId), result.txHash));
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+var historyCommand = new commander.Command("history").description("List redemption transactions for a secret").requiredOption("--secret <hex>", "32-byte secret (0x-prefixed hex)").option("--from-block <number>", "Start block number (default: earliest)").option("--to-block <number>", "End block number (default: latest)").option("--config <path>", "Path to config file", "./private-payments.config.json").action(async (options) => {
+  try {
+    const config = loadConfig(options.config);
+    const secret = validateSecret2(options.secret);
+    const client = new UnionPrivatePayments({
+      proverUrl: config.proverUrl,
+      sourceRpcUrl: config.sourceRpcUrl,
+      destinationRpcUrl: config.destinationRpcUrl,
+      srcZAssetAddress: config.srcZAssetAddress,
+      dstZAssetAddress: config.dstZAssetAddress,
+      sourceChainId: BigInt(config.sourceChainId),
+      destinationChainId: BigInt(config.destinationChainId)
+    });
+    const nullifier = client.getNullifier(secret);
+    const nullifierHex = "0x" + nullifier.toString(16).padStart(64, "0");
+    console.log("Querying redemption history...");
+    console.log("Nullifier:", nullifierHex);
+    console.log("");
+    const fromBlock = options.fromBlock ? BigInt(options.fromBlock) : void 0;
+    const toBlock = options.toBlock ? BigInt(options.toBlock) : void 0;
+    const dstRpcClient = new RpcClient(config.destinationRpcUrl);
+    const history = await dstRpcClient.getRedemptionHistory(
+      config.dstZAssetAddress,
+      nullifier,
+      fromBlock,
+      toBlock
+    );
+    if (history.length === 0) {
+      console.log("No redemptions found for this secret.");
+      return;
+    }
+    const tokenInfo = await client.getDstZAssetInfo();
+    console.log(`Found ${history.length} redemption${history.length > 1 ? "s" : ""}:`);
+    console.log("");
+    for (let i = 0; i < history.length; i++) {
+      const entry = history[i];
+      console.log(`#${i + 1}  Block: ${entry.blockNumber}`);
+      console.log(`    Tx: ${entry.txHash}`);
+      console.log(`    Amount: ${formatAmount(entry.redeemAmount, tokenInfo.decimals, tokenInfo.symbol)}`);
+      console.log(`    Beneficiary: ${entry.beneficiary}`);
+      console.log(`    Explorer: ${getExplorerUrl(config.destinationChainId, entry.txHash)}`);
+      console.log("");
+    }
+    const totalRedeemed = history.reduce((sum, h) => sum + h.redeemAmount, 0n);
+    console.log(`Total redeemed: ${formatAmount(totalRedeemed, tokenInfo.decimals, tokenInfo.symbol)}`);
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+var exportVerifierCommand = new commander.Command("export-verifier").description("Export the Solidity verifier contract from the prover server").option("--prover-url <url>", "Prover gRPC-web URL", "http://localhost:8080").option("--output <file>", "Save verifier to file (default: stdout)").action(async (options) => {
+  try {
+    const proverClient = new ProverClient(options.proverUrl);
+    console.error("Exporting verifier contract...");
+    console.error("  Prover URL:", options.proverUrl);
+    const verifierContract = await proverClient.exportVerifier();
+    if (options.output) {
+      fs.writeFileSync(options.output, verifierContract);
+      console.error(`Verifier saved to: ${options.output}`);
+    } else {
+      console.log(verifierContract);
+    }
+  } catch (e) {
+    console.error("Error:", e.message);
+    process.exit(1);
+  }
+});
+
+// src/cli.ts
+var program = new commander.Command();
+program.name("payments").description("CLI for Union Private Payments - privacy-preserving transfers using ZK proofs").version("0.1.0");
+program.addCommand(generateCommand);
+program.addCommand(balanceCommand);
+program.addCommand(proveCommand);
+program.addCommand(redeemCommand);
+program.addCommand(updateClientCommand);
+program.addCommand(depositCommand);
+program.addCommand(historyCommand);
+program.addCommand(exportVerifierCommand);
+program.parse();