@unlink-xyz/core 0.1.2 → 0.1.3-canary.0877bfe

package/dist/transactions/transact.js

@@ -1,59 +1,31 @@
-import { poseidon } from "@railgun-community/circomlibjs";
 import { AbiCoder, Interface, keccak256 } from "ethers";
 import { createBroadcasterClient } from "../clients/broadcaster.js";
+import { resolveFetch } from "../clients/http.js";
 import { createIndexerClient } from "../clients/indexer.js";
-import { serviceConfig } from "../config.js";
-import { CoreError } from "../errors.js";
+import { createServiceConfig } from "../config.js";
+import { poseidon } from "../crypto-adapters/index.js";
+import { CoreError, ProofError, ValidationError } from "../errors.js";
 import { proveTransaction } from "../prover/index.js";
-import { createMerkleTrees, DEFAULT_JOB_TIMEOUT_MS, rebuildTreeFromStore, } from "../state/index.js";
-import { isNotFoundError, sleep } from "../utils/async.js";
-import { ensureBigint, formatUint256, parseHexToBigInt, } from "../utils/bigint.js";
+import { DEFAULT_JOB_TIMEOUT_MS, rebuildTreeFromStore, resolveMerkleTrees, } from "../state/index.js";
+import { isNotFoundError, sleep, withTimeout } from "../utils/async.js";
+import { formatUint256, parseHexToBigInt } from "../utils/bigint.js";
 import { deriveCommitment, encryptNote } from "../utils/crypto.js";
 import { DEFAULT_POLL_INTERVAL_MS, DEFAULT_POLL_TIMEOUT_MS, MAX_POLL_INTERVAL_MS, } from "../utils/polling.js";
 import { signTransactMessage } from "../utils/signature.js";
-import { ensureAddress, ensureChainId, ensureNoteCommitmentInput, ensureWithdrawalInput, SNARK_SCALAR_FIELD, } from "../utils/validators.js";
-export const TRANSACT_ABI = "function transact(((uint256[2] pA, uint256[2][2] pB, uint256[2] pC) proof, uint256 merkleRoot, uint256[] nullifierHashes, uint256[] newCommitments, (uint64 chainID, address poolAddress) context, (uint256 npk, uint256 amount, address token) withdrawal, (uint256[3] data)[] ciphertexts)[] _transactions)";
+import { SNARK_SCALAR_FIELD } from "../utils/validators.js";
+export const TRANSACT_ABI = "function transact(((uint256[2] pA, uint256[2][2] pB, uint256[2] pC) proof, uint256 merkleRoot, uint256[] nullifierHashes, uint256[] newCommitments, (uint64 chainId, address poolAddress) context, (uint256 npk, uint256 amount, address token) withdrawal, (uint256[3] data)[] ciphertexts)[] _transactions)";
+/** Default timeout for proof generation in milliseconds (60 seconds) */
+export const DEFAULT_PROOF_TIMEOUT_MS = 60_000;
 const transactInterface = new Interface([TRANSACT_ABI]);
-function validateTransactRequest(request) {
-    ensureChainId(request.chainId);
-    ensureAddress("pool address", request.poolAddress);
-    ensureAddress("token", request.token);
-    ensureBigint("nullifyingKey", request.zkAccount.nullifyingKey);
-    if (!Array.isArray(request.inputs) || request.inputs.length === 0) {
-        throw new CoreError("at least one input note is required");
-    }
-    request.inputs.forEach((input, idx) => {
-        if (!Number.isInteger(input.index) || input.index < 0) {
-            throw new CoreError(`inputs[${idx}].index must be a non-negative integer`);
-        }
-    });
-    ensureWithdrawalInput("request.withdrawal", request.withdrawal);
-    request.outputs.forEach((output, idx) => {
-        if (output.mpk < 0n) {
-            throw new CoreError(`outputs[${idx}].mpk must be non-negative`);
-        }
-        if (output.random < 0n) {
-            throw new CoreError(`outputs[${idx}].random must be non-negative`);
-        }
-        ensureNoteCommitmentInput(`outputs[${idx}]`, {
-            npk: poseidon([output.mpk, output.random]),
-            amount: output.amount,
-            token: output.token,
-        });
-    });
-}
-/**
- * Computes the bound parameters hash from chain ID, pool address, and withdrawal parameters.
- * This hash binds the transaction to specific chain and withdrawal context.
- */
-function computeBoundParamsHash(chainId, poolAddress) {
-    const chainIdBigInt = BigInt(chainId);
-    const poolAddressBigInt = BigInt(poolAddress);
-    const hashInput = [chainIdBigInt, poolAddressBigInt];
+const DEFAULT_WITHDRAWAL = {
+    npk: 0n,
+    amount: 0n,
+    token: "0x0000000000000000000000000000000000000000",
+};
+export function computeBoundParamsHash(chainId, poolAddress) {
     const coder = AbiCoder.defaultAbiCoder();
-    const input = coder.encode(["uint64", "uint160"], hashInput);
-    const result = keccak256(input);
-    return parseHexToBigInt(result) % SNARK_SCALAR_FIELD;
+    const encoded = coder.encode(["uint64", "uint160"], [BigInt(chainId), BigInt(poolAddress)]);
+    return parseHexToBigInt(keccak256(encoded)) % SNARK_SCALAR_FIELD;
 }
 export function serializeWitness(proof, index) {
     return {
@@ -64,498 +36,412 @@ export function serializeWitness(proof, index) {
         leafIndex: index,
     };
 }
-export function deserializeWitness(serialized) {
+export function deserializeWitness(s) {
     return {
-        root: parseHexToBigInt(serialized.root),
-        leaf: parseHexToBigInt(serialized.leaf),
-        siblings: serialized.pathElements.map((level) => level.map((node) => parseHexToBigInt(node))),
-        pathIndices: serialized.pathIndices,
-        leafIndex: serialized.leafIndex,
+        root: parseHexToBigInt(s.root),
+        leaf: parseHexToBigInt(s.leaf),
+        siblings: s.pathElements.map((level) => level.map(parseHexToBigInt)),
+        pathIndices: s.pathIndices,
+        leafIndex: s.leafIndex,
     };
 }
 /**
- * Simulates the transact pipeline: builds Merkle witnesses, derives nullifiers, and updates local state.
+ * Build proof for a single transaction item.
+ * This is the core proof generation logic extracted for parallelization.
  */
-export function createTransactService(stateStore, options = {}) {
-    if (!stateStore) {
-        throw new Error("stateStore dependency is required");
+async function buildSingleTransactionProof(store, account, chainId, poolAddress, tx, trees, baseIndex, opts) {
+    if (!tx.inputs?.length)
+        throw new ValidationError("at least one input note is required");
+    // Build input contexts (witnesses + nullifiers)
+    const contexts = [];
+    let merkleRoot;
+    for (const input of tx.inputs) {
+        const note = await store.getNote(chainId, input.index);
+        if (!note)
+            throw new ValidationError(`note ${input.index} not found`);
+        if (note.spentAt !== undefined)
+            throw new ValidationError(`note ${input.index} already spent`);
+        const tree = trees.getOrCreate(chainId);
+        if (input.index >= tree.getLeafCount())
+            throw new ValidationError(`note ${input.index} out of range`);
+        const witness = tree.createMerkleProof(input.index);
+        const root = formatUint256(BigInt(witness.root));
+        if (merkleRoot && merkleRoot !== root)
+            throw new ValidationError("inputs must share same merkle root");
+        merkleRoot = root;
+        const nullifier = poseidon([account.nullifyingKey, BigInt(input.index)]);
+        contexts.push({
+            index: input.index,
+            nullifier,
+            nullifierHex: formatUint256(nullifier),
+            witness,
+        });
     }
-    const trees = options.merkleTrees ?? createMerkleTrees();
-    const fetchImpl = options.fetch ?? (typeof fetch === "function" ? fetch : undefined);
-    const broadcasterClient = fetchImpl
-        ? createBroadcasterClient(serviceConfig.broadcasterBaseUrl, {
-            fetch: fetchImpl,
+    // Compute output commitments for regular notes
+    const outputs = tx.outputs.map((o, i) => {
+        const commitment = deriveCommitment({
+            npk: poseidon([o.mpk, o.random]),
+            amount: o.amount,
+            token: o.token,
+        });
+        return {
+            value: commitment,
+            hex: formatUint256(commitment),
+            index: baseIndex + i,
+        };
+    });
+    // Handle withdrawal
+    const withdrawal = tx.withdrawal ?? DEFAULT_WITHDRAWAL;
+    const hasWithdrawal = withdrawal.amount > 0n;
+    if (hasWithdrawal && withdrawal.token !== tx.token) {
+        throw new ValidationError("Withdrawal token must match transaction token");
+    }
+    const withdrawalCommitment = hasWithdrawal
+        ? deriveCommitment({
+            npk: withdrawal.npk,
+            amount: withdrawal.amount,
+            token: withdrawal.token,
         })
         : null;
-    const indexerClient = fetchImpl
-        ? createIndexerClient(serviceConfig.indexerBaseUrl, { fetch: fetchImpl })
+    // Build arrays for circuit
+    const allCommitmentsOut = hasWithdrawal
+        ? [...outputs.map((o) => o.value), withdrawalCommitment]
+        : outputs.map((o) => o.value);
+    const allNpkOut = hasWithdrawal
+        ? [...tx.outputs.map((o) => poseidon([o.mpk, o.random])), withdrawal.npk]
+        : tx.outputs.map((o) => poseidon([o.mpk, o.random]));
+    const allValueOut = hasWithdrawal
+        ? [...tx.outputs.map((o) => o.amount), withdrawal.amount]
+        : tx.outputs.map((o) => o.amount);
+    // Build prover input
+    const boundParams = computeBoundParamsHash(chainId, poolAddress);
+    const pubSignals = [
+        parseHexToBigInt(merkleRoot),
+        boundParams,
+        ...contexts.map((c) => c.nullifier),
+        ...allCommitmentsOut,
+    ];
+    const inputNotes = await Promise.all(tx.inputs.map((i) => store.getNote(chainId, i.index).then((n) => n)));
+    const sig = signTransactMessage(account.spendingKeyPair.privateKey, poseidon(pubSignals));
+    const proofInput = {
+        merkleRoot: parseHexToBigInt(merkleRoot),
+        boundParamsHash: boundParams,
+        nullifiers: contexts.map((c) => c.nullifier),
+        commitmentsOut: allCommitmentsOut,
+        token: BigInt(tx.token),
+        publicKey: account.spendingKeyPair.pubkey,
+        signature: [sig.R8[0], sig.R8[1], sig.S],
+        randomIn: inputNotes.map((n) => BigInt(n.random)),
+        valueIn: inputNotes.map((n) => BigInt(n.value)),
+        pathElements: contexts.map((c) => c.witness.siblings.map((level) => level.map((s) => s))),
+        leavesIndices: contexts.map((c) => BigInt(c.index)),
+        nullifyingKey: account.nullifyingKey,
+        npkOut: allNpkOut,
+        valueOut: allValueOut,
+    };
+    const proofTimeoutMs = opts.proofTimeoutMs ?? DEFAULT_PROOF_TIMEOUT_MS;
+    const txProof = await withTimeout(proveTransaction(proofInput, { rpcUrl: opts.rpcUrl }), proofTimeoutMs, new ProofError(`Proof generation timed out after ${proofTimeoutMs}ms`)).catch((e) => {
+        if (e instanceof ProofError)
+            throw e;
+        throw new ProofError(`Proof generation failed: ${e.message}`);
+    });
+    const proof = {
+        pA: [BigInt(txProof.proof.pi_a[0]), BigInt(txProof.proof.pi_a[1])],
+        pB: [
+            [BigInt(txProof.proof.pi_b[0][1]), BigInt(txProof.proof.pi_b[0][0])],
+            [BigInt(txProof.proof.pi_b[1][1]), BigInt(txProof.proof.pi_b[1][0])],
+        ],
+        pC: [BigInt(txProof.proof.pi_c[0]), BigInt(txProof.proof.pi_c[1])],
+        pubSignals,
+    };
+    return {
+        proof,
+        witnesses: contexts.map((c) => c.witness),
+        nullifiers: contexts.map((c) => c.nullifierHex),
+        predictedCommitments: outputs.map((o) => o.hex),
+        merkleRoot: merkleRoot,
+        token: tx.token,
+        withdrawal,
+        ciphertexts: tx.outputs.map((note) => ({
+            data: encryptNote(note).data,
+        })),
+        contexts,
+        outputs,
+        inputNotes,
+    };
+}
+// ============================================================================
+// Public API
+// ============================================================================
+/**
+ * Execute private transaction(s): build ZK proofs (in parallel), encrypt outputs, and broadcast.
+ * Accepts 1 or more transactions - single tx just passes [{...}].
+ */
+export async function transact(store, req, opts) {
+    if (!req.transactions?.length)
+        throw new ValidationError("at least one transaction is required");
+    const serviceConfig = createServiceConfig(opts.rpcUrl);
+    const trees = resolveMerkleTrees(opts);
+    const fetchFn = resolveFetch(opts.fetch);
+    const broadcaster = fetchFn
+        ? createBroadcasterClient(serviceConfig.broadcasterBaseUrl, {
+            fetch: fetchFn,
+        })
         : null;
-    const pollIntervalMs = Math.min(options.pollIntervalMs ?? DEFAULT_POLL_INTERVAL_MS, MAX_POLL_INTERVAL_MS);
-    const pollTimeoutMs = options.pollTimeoutMs ?? DEFAULT_POLL_TIMEOUT_MS;
-    // Gather witnesses and nullifiers for each input note; also guards against stale or inconsistent state.
-    async function buildInputContexts(request) {
-        const contexts = [];
-        let sharedRoot;
-        for (const [idx, input] of request.inputs.entries()) {
-            if (!Number.isInteger(input.index) || input.index < 0) {
-                throw new CoreError(`inputs[${idx}].index must be a non-negative integer`);
-            }
-            const note = await stateStore.getNote(request.chainId, input.index);
-            if (!note) {
-                throw new CoreError(`note ${input.index} not found for chain`);
-            }
-            if (note.spentAt !== undefined) {
-                throw new CoreError(`note ${input.index} is already spent`);
-            }
-            const tree = trees.getOrCreate(request.chainId);
-            if (input.index >= tree.getLeafCount()) {
-                throw new CoreError(`note ${input.index} out of range for tree`);
-            }
-            const proof = tree.createMerkleProof(input.index);
-            const proofRoot = formatUint256(BigInt(proof.root));
-            if (!sharedRoot) {
-                sharedRoot = proofRoot;
-            }
-            else if (sharedRoot !== proofRoot) {
-                throw new CoreError("input notes must share the same Merkle root");
-            }
-            const mpk = parseHexToBigInt(note.mpk);
-            const random = parseHexToBigInt(note.random);
-            const derivedNpk = poseidon([mpk, random]);
-            const storedNpk = parseHexToBigInt(note.npk);
-            if (storedNpk !== derivedNpk) {
-                throw new CoreError(`note ${input.index} npk mismatch`);
-            }
-            const amount = BigInt(note.value);
-            if (amount < 0n) {
-                throw new CoreError(`note ${input.index} amount must be non-negative`);
-            }
-            ensureAddress("note token", note.token);
-            const tokenScalar = BigInt(note.token);
-            const commitment = poseidon([derivedNpk, tokenScalar, amount]);
-            const storedCommitment = parseHexToBigInt(note.commitment);
-            if (storedCommitment !== commitment) {
-                throw new CoreError(`note ${input.index} commitment mismatch`);
-            }
-            const proofLeaf = BigInt(proof.leaf);
-            if (proofLeaf !== storedCommitment) {
-                throw new CoreError(`note ${input.index} proof leaf mismatch`);
-            }
-            const nullifierValue = poseidon([
-                request.zkAccount.nullifyingKey,
-                BigInt(input.index),
-            ]);
-            const context = {
-                index: input.index,
-                nullifier: {
-                    value: nullifierValue,
-                    hex: formatUint256(nullifierValue),
-                },
-                witness: proof,
-            };
-            contexts.push(context);
-        }
-        if (!sharedRoot) {
-            throw new CoreError("at least one input note is required");
-        }
-        return { root: sharedRoot, contexts };
+    const pollInterval = Math.min(opts.pollIntervalMs ?? DEFAULT_POLL_INTERVAL_MS, MAX_POLL_INTERVAL_MS);
+    const pollTimeout = opts.pollTimeoutMs ?? DEFAULT_POLL_TIMEOUT_MS;
+    await rebuildTreeFromStore({
+        chainId: req.chainId,
+        trees,
+        loadLeaf: store.getLeaf.bind(store),
+    });
+    // Calculate base indices for each transaction's outputs
+    let baseIndex = trees.getLeafCount(req.chainId);
+    const baseIndices = [];
+    for (const tx of req.transactions) {
+        baseIndices.push(baseIndex);
+        baseIndex += tx.outputs.length;
     }
-    // Record the nullifiers and mark each consumed note as spent at the same timestamp.
-    async function persistNullifiersAndSpend(chainId, contexts, timestamp) {
-        await Promise.all(contexts.map((context) => Promise.all([
-            stateStore.putNullifier({
-                chainId,
-                nullifier: context.nullifier.hex,
-                noteIndex: context.index,
-            }),
-            stateStore.markNoteSpent(chainId, context.index, timestamp),
-        ])));
+    // Generate proofs in PARALLEL for all transactions
+    const proofPromises = req.transactions.map((tx, i) => buildSingleTransactionProof(store, req.account, req.chainId, req.poolAddress, tx, trees, baseIndices[i], opts));
+    const results = await Promise.all(proofPromises);
+    // Build combined calldata
+    const calldata = transactInterface.encodeFunctionData("transact", [
+        results.map((r) => ({
+            proof: { pA: r.proof.pA, pB: r.proof.pB, pC: r.proof.pC },
+            merkleRoot: parseHexToBigInt(r.merkleRoot),
+            nullifierHashes: r.contexts.map((c) => c.nullifier),
+            newCommitments: r.proof.pubSignals.slice(2 + r.contexts.length),
+            context: { chainId: BigInt(req.chainId), poolAddress: req.poolAddress },
+            withdrawal: r.withdrawal,
+            ciphertexts: r.ciphertexts,
+        })),
+    ]);
+    const relayId = globalThis.crypto?.randomUUID?.() ?? `tx-${Date.now().toString(16)}`;
+    // Determine if this is a withdrawal (any transaction has withdrawal)
+    const hasAnyWithdrawal = results.some((r) => r.withdrawal.amount > 0n);
+    const historyKind = hasAnyWithdrawal ? "Withdraw" : "Send";
+    // Compute net deltas per token for history preview
+    const deltasByToken = new Map();
+    for (let i = 0; i < req.transactions.length; i++) {
+        const tx = req.transactions[i];
+        const r = results[i];
+        const totalOutputsToRecipients = tx.outputs
+            .filter((o) => o.owner === "recipient")
+            .reduce((sum, o) => sum + o.amount, 0n);
+        // For withdrawals: user loses the withdrawal amount
+        // For sends: user loses what they send to recipients (change returns to them)
+        const netDelta = r.withdrawal.amount > 0n
+            ? -r.withdrawal.amount
+            : -totalOutputsToRecipients;
+        const existing = deltasByToken.get(tx.token) ?? 0n;
+        deltasByToken.set(tx.token, existing + netDelta);
     }
-    /**
-     * Derive commitments and assign provisional indexes without mutating local state.
-     * The local tree length stands in for the on-chain leaf count when predicting indices.
-     */
-    function computeAssignedCommitments(chainId, outputs = []) {
-        const baseIndex = trees.getLeafCount(chainId);
-        return outputs.map((output, idx) => {
-            const commitment = deriveCommitment({
-                npk: poseidon([output.mpk, output.random]),
-                amount: output.amount,
-                token: output.token,
-            });
+    const jobBase = {
+        relayId,
+        chainId: req.chainId,
+        status: "pending",
+        txHash: null,
+        createdAt: Date.now(),
+        timeoutMs: DEFAULT_JOB_TIMEOUT_MS,
+        poolAddress: req.poolAddress,
+        calldata,
+        transactions: results.map((r, i) => {
+            const tx = req.transactions[i];
             return {
-                value: commitment,
-                hex: formatUint256(commitment),
-                index: baseIndex + idx,
-            };
-        });
-    }
-    async function waitForIndexedCommitments(chainId, outputs) {
-        if (!indexerClient) {
-            return [];
-        }
-        const pending = new Set(outputs.map((output) => output.hex.toLowerCase()));
-        const records = new Map();
-        let delay = pollIntervalMs;
-        const deadline = Date.now() + pollTimeoutMs;
-        while (pending.size > 0 && Date.now() <= deadline) {
-            for (const commitment of [...pending]) {
-                const record = await indexerClient
-                    .getCommitment({ chainId, commitment })
-                    .catch((err) => {
-                    if (!isNotFoundError(err)) {
-                        throw err;
+                token: tx.token,
+                nullifiers: r.nullifiers,
+                predictedCommitments: r.outputs.map((o) => ({ hex: o.hex })),
+                withdrawal: r.withdrawal.amount > 0n
+                    ? {
+                        amount: r.withdrawal.amount.toString(),
+                        recipient: r.withdrawal.npk.toString(),
                     }
-                    return null;
-                });
-                if (record) {
-                    const key = record.commitment.toLowerCase();
-                    records.set(key, record);
-                    pending.delete(commitment);
-                }
-            }
-            if (pending.size === 0) {
-                break;
-            }
-            await sleep(delay);
-            delay = Math.min(delay * 2, MAX_POLL_INTERVAL_MS);
-        }
-        if (pending.size > 0) {
-            throw new CoreError("commitments not found in indexer before timeout");
-        }
-        return outputs.map((output) => {
-            const key = output.hex.toLowerCase();
-            const record = records.get(key);
-            if (!record) {
-                throw new CoreError(`missing indexed commitment ${output.hex} after fetch`);
-            }
-            return record;
+                    : undefined,
+            };
+        }),
+        historyPreview: {
+            kind: historyKind,
+            amounts: [...deltasByToken.entries()].map(([token, delta]) => ({
+                token,
+                delta: delta.toString(),
+            })),
+        },
+    };
+    const job = hasAnyWithdrawal
+        ? { ...jobBase, kind: "withdraw" }
+        : { ...jobBase, kind: "transfer" };
+    // Submit to broadcaster
+    let txHash = null;
+    if (broadcaster) {
+        const submission = await broadcaster.submitRelay({
+            clientTxId: relayId,
+            chainId: req.chainId,
+            payload: { kind: "call_data", to: req.poolAddress, data: calldata },
         });
-    }
-    async function submitAndAwaitBroadcasterRelay(relayId, pending) {
-        if (!broadcasterClient) {
-            return;
-        }
-        if (!pending.broadcasterRelayId) {
-            const submission = await broadcasterClient.submitRelay({
-                clientTxId: relayId,
-                chainId: pending.chainId,
-                payload: {
-                    kind: "call_data",
-                    to: pending.poolAddress,
-                    data: pending.calldata,
-                },
+        if (!submission.accepted) {
+            await store.putJob({
+                ...job,
+                status: "failed",
+                lastCheckedAt: Date.now(),
+                error: submission.message ?? "broadcaster rejected",
             });
-            if (!submission.accepted) {
-                throw new CoreError(submission.message ??
-                    "broadcaster rejected transaction relay submission");
-            }
-            pending.broadcasterRelayId = submission.id;
+            throw new CoreError(submission.message ?? "broadcaster rejected");
         }
-        const deadline = Date.now() + pollTimeoutMs;
+        const deadline = Date.now() + pollTimeout;
         while (Date.now() <= deadline) {
-            const status = await broadcasterClient.getRelayStatus(pending.broadcasterRelayId);
+            const status = await broadcaster.getRelayStatus(relayId);
             if (status.state === "succeeded") {
-                pending.txHash = status.txHash ?? pending.txHash ?? null;
-                return;
+                txHash = status.txHash ?? null;
+                break;
             }
             if (status.state === "failed" || status.state === "dead") {
+                await store.putJob({
+                    ...job,
+                    status: "failed",
+                    lastCheckedAt: Date.now(),
+                    error: status.error ?? "broadcaster relay failed",
+                });
                 throw new CoreError(status.error ?? "broadcaster relay failed");
             }
-            await sleep(pollIntervalMs);
+            await sleep(pollInterval);
+        }
+        if (!txHash && Date.now() > deadline) {
+            await store.putJob({
+                ...job,
+                status: "failed",
+                lastCheckedAt: Date.now(),
+                error: "broadcaster relay timed out",
+            });
+            throw new CoreError("broadcaster relay timed out");
         }
-        throw new CoreError("broadcaster relay timed out");
     }
-    async function applyIndexerUpdates(chainId, records) {
-        const applied = [];
-        const sorted = [...records].sort((a, b) => a.index - b.index);
-        for (const entry of sorted) {
-            const value = parseHexToBigInt(entry.commitment);
-            const currentCount = trees.getLeafCount(chainId);
-            if (entry.index < currentCount) {
-                const proof = trees.createMerkleProof(chainId, entry.index);
-                if (BigInt(proof.leaf) !== value) {
-                    throw new CoreError(`existing leaf mismatch at index ${entry.index}, stored ${proof.leaf.toString(16)}, indexed ${entry.commitment}`);
-                }
-                applied.push({
-                    value,
-                    hex: entry.commitment,
-                    index: entry.index,
-                    root: entry.root,
+    await store.putJob({
+        ...job,
+        status: "broadcasting",
+        txHash,
+    });
+    // Build result with individual transaction results
+    const transactionResults = results.map((r) => ({
+        proof: r.proof,
+        witnesses: r.witnesses,
+        nullifiers: r.nullifiers,
+        predictedCommitments: r.predictedCommitments,
+    }));
+    return {
+        relayId,
+        calldata,
+        transactions: transactionResults,
+    };
+}
+/**
+ * Wait for a pending transaction to be indexed and update local state.
+ */
+export async function syncTransact(store, relayId, opts) {
+    const record = await store.getJob(relayId);
+    if (!record || (record.kind !== "transfer" && record.kind !== "withdraw"))
+        throw new CoreError(`unknown pool transaction relay ${relayId}`);
+    const job = record;
+    const serviceConfig = createServiceConfig(opts.rpcUrl);
+    const trees = resolveMerkleTrees(opts);
+    const fetchFn = resolveFetch(opts.fetch);
+    const indexer = fetchFn
+        ? createIndexerClient(serviceConfig.indexerBaseUrl, { fetch: fetchFn })
+        : null;
+    const pollInterval = Math.min(opts.pollIntervalMs ?? DEFAULT_POLL_INTERVAL_MS, MAX_POLL_INTERVAL_MS);
+    const pollTimeout = opts.pollTimeoutMs ?? DEFAULT_POLL_TIMEOUT_MS;
+    await rebuildTreeFromStore({
+        chainId: job.chainId,
+        trees,
+        loadLeaf: store.getLeaf.bind(store),
+    });
+    // Collect all predicted commitments from all transactions
+    const allPredictedOutputs = job.transactions.flatMap((tx) => tx.predictedCommitments.map((c) => c.hex));
+    // Wait for indexed commitments
+    const indexed = [];
+    if (indexer && allPredictedOutputs.length > 0) {
+        const pending = new Set(allPredictedOutputs.map((h) => h.toLowerCase()));
+        const deadline = Date.now() + pollTimeout;
+        let delay = pollInterval;
+        while (pending.size > 0 && Date.now() <= deadline) {
+            for (const hex of [...pending]) {
+                const rec = await indexer
+                    .getCommitment({ chainId: job.chainId, commitment: hex })
+                    .catch((e) => {
+                    if (!isNotFoundError(e))
+                        throw e;
+                    return null;
                 });
-                continue;
-            }
-            if (entry.index > currentCount) {
-                throw new CoreError(`local merkle tree gap, expected next index ${currentCount}, got indexed ${entry.index}`);
+                if (rec) {
+                    indexed.push(rec);
+                    pending.delete(hex);
+                }
             }
-            // Replay the commitment into the local Merkle tree and ensure the assigned index matches reality.
-            const { index, root } = trees.addLeaf(chainId, value);
-            if (index !== entry.index) {
-                throw new CoreError(`local merkle tree desynchronized, indexed ${entry.index}, local ${index}`);
+            if (pending.size > 0) {
+                await sleep(delay);
+                delay = Math.min(delay * 2, MAX_POLL_INTERVAL_MS);
             }
-            applied.push({
-                value,
-                hex: entry.commitment,
-                index,
-                root,
+        }
+        if (pending.size > 0) {
+            await store.putJob({
+                ...job,
+                status: "failed",
+                lastCheckedAt: Date.now(),
+                error: "commitments not indexed before timeout",
             });
-            await Promise.all([
-                stateStore.putLeaf({
-                    chainId,
-                    index,
-                    commitment: entry.commitment,
-                }),
-                stateStore.putRoot({
-                    chainId,
-                    root,
-                }),
-            ]);
+            throw new CoreError("commitments not indexed before timeout");
         }
-        return applied;
-    }
-    async function persistTransactSuccess(job, pending, persisted) {
-        await stateStore.putRoot({
-            chainId: pending.chainId,
-            root: persisted.latestRoot,
-        });
-        await stateStore.putPendingJob({
-            ...job,
-            status: "succeeded",
-            broadcasterRelayId: pending.broadcasterRelayId ?? job.broadcasterRelayId,
-            txHash: pending.txHash ?? job.txHash ?? null,
-            lastCheckedAt: Date.now(),
-            predictedOutputs: job.predictedOutputs.map((output) => {
-                const matched = persisted.rootedCommitments.find((rc) => rc.hex.toLowerCase() === output.hex.toLowerCase());
-                return {
-                    ...output,
-                    index: matched?.index ?? output.index,
-                    root: matched?.root ?? output.root,
-                };
-            }),
-            expectedRoot: persisted.latestRoot,
-        });
     }
-    const allocateRelayId = () => {
-        if (typeof globalThis.crypto?.randomUUID === "function") {
-            return globalThis.crypto.randomUUID();
+    // Get latest root from indexed records (syncChain handles actual storage)
+    const sortedIndexed = indexed.sort((a, b) => a.index - b.index);
+    const latestRoot = sortedIndexed.at(-1)?.root ?? trees.getRoot(job.chainId);
+    // Collect all nullifiers from all transactions and mark notes as spent
+    const allNullifiers = job.transactions.flatMap((tx) => tx.nullifiers);
+    const timestamp = Date.now();
+    // Look up note indices by matching nullifiers to notes in the store
+    const allNotes = await store.listNotes({
+        chainId: job.chainId,
+        includeSpent: true,
+    });
+    const nullifierToNoteIndex = new Map();
+    for (const note of allNotes) {
+        if (note.nullifier) {
+            nullifierToNoteIndex.set(note.nullifier, note.index);
         }
-        return `transact-${Date.now().toString(16)}-${Math.floor(Math.random() * 1e6)}`;
-    };
-    return {
-        async transact(request) {
-            validateTransactRequest(request);
-            await rebuildTreeFromStore({
-                chainId: request.chainId,
-                trees,
-                loadLeaf: stateStore.getLeaf.bind(stateStore),
-            });
-            const { root, contexts } = await buildInputContexts(request);
-            const assignedOutputs = computeAssignedCommitments(request.chainId, request.outputs);
-            // Compute bound parameters hash
-            const boundParamsHash = computeBoundParamsHash(request.chainId, request.poolAddress);
-            // Public signals must match the circuit's public input order:
-            // [merkleRoot, boundParamsHash, ...nullifiers, ...commitmentsOut]
-            const pubSignals = [
-                parseHexToBigInt(root),
-                boundParamsHash,
-                ...contexts.map((context) => context.nullifier.value),
-                ...assignedOutputs.map((output) => output.value),
-            ];
-            // Retrieve input notes to access random and value fields
-            const inputNotes = await Promise.all(request.inputs.map(async (input) => {
-                const note = await stateStore.getNote(request.chainId, input.index);
-                if (!note) {
-                    throw new CoreError(`note ${input.index} not found for chain`);
-                }
-                return note;
-            }));
-            // Generate signature over the message (hash of public signals)
-            const message = poseidon(pubSignals);
-            const signature = signTransactMessage(request.zkAccount.spendingKeyPair.privateKey, message);
-            // Construct the complete raw input for the prover
-            const rawInput = {
-                merkleRoot: root,
-                boundParamsHash: boundParamsHash.toString(),
-                nullifiers: contexts.map((c) => c.nullifier.hex),
-                commitmentsOut: assignedOutputs.map((o) => o.hex),
-                token: request.token,
-                publicKey: request.zkAccount.spendingKeyPair.pubkey.map((pk) => pk.toString()),
-                signature: [
-                    signature.R8[0].toString(),
-                    signature.R8[1].toString(),
-                    signature.S.toString(),
-                ],
-                randomIn: inputNotes.map((note) => note.random),
-                valueIn: inputNotes.map((note) => note.value),
-                pathElements: contexts.map((c) => c.witness.siblings.map((s) => s.toString())),
-                leavesIndices: contexts.map((c) => c.index),
-                nullifyingKey: formatUint256(request.zkAccount.nullifyingKey),
-                npkOut: request.outputs.map((o) => formatUint256(poseidon([o.mpk, o.random]))),
-                valueOut: request.outputs.map((o) => o.amount.toString()),
-            };
-            const proofInput = {
-                merkleRoot: BigInt(rawInput.merkleRoot),
-                boundParamsHash: BigInt(rawInput.boundParamsHash),
-                nullifiers: rawInput.nullifiers.map((n) => BigInt(n)),
-                commitmentsOut: rawInput.commitmentsOut.map((c) => BigInt(c)),
-                token: BigInt(rawInput.token),
-                publicKey: rawInput.publicKey.map((pk) => BigInt(pk)),
-                signature: rawInput.signature.map((s) => BigInt(s)),
-                randomIn: rawInput.randomIn.map((r) => BigInt(r)),
-                valueIn: rawInput.valueIn.map((v) => BigInt(v)),
-                pathElements: rawInput.pathElements.map((pe) => pe.map((e) => BigInt(e))),
-                leavesIndices: rawInput.leavesIndices.map((i) => BigInt(i)),
-                nullifyingKey: BigInt(rawInput.nullifyingKey),
-                npkOut: rawInput.npkOut.map((npk) => BigInt(npk)),
-                valueOut: rawInput.valueOut.map((v) => BigInt(v)),
-            };
-            const txProof = await proveTransaction(proofInput).catch((e) => {
-                throw new CoreError(`Proof generation failed: ${e.message}`);
-            });
-            ensureWithdrawalInput("request.withdrawal", request.withdrawal);
-            const proof = {
-                pA: [BigInt(txProof.proof.pi_a[0]), BigInt(txProof.proof.pi_a[1])],
-                pB: [
-                    [
-                        BigInt(txProof.proof.pi_b[0][1]),
-                        BigInt(txProof.proof.pi_b[0][0]),
-                    ],
-                    [
-                        BigInt(txProof.proof.pi_b[1][1]),
-                        BigInt(txProof.proof.pi_b[1][0]),
-                    ],
-                ],
-                pC: [BigInt(txProof.proof.pi_c[0]), BigInt(txProof.proof.pi_c[1])],
-                pubSignals,
-            };
-            const calldata = transactInterface.encodeFunctionData("transact", [
-                [
-                    {
-                        proof: { ...proof, pubSignals: undefined },
-                        merkleRoot: parseHexToBigInt(root),
-                        nullifierHashes: contexts.map((context) => context.nullifier.value),
-                        newCommitments: assignedOutputs.map((output) => output.value),
-                        context: {
-                            chainID: BigInt(request.chainId),
-                            poolAddress: request.poolAddress,
-                        },
-                        withdrawal: request.withdrawal,
-                        ciphertexts: request.outputs.map((note) => ({
-                            data: encryptNote(note).data,
-                        })),
-                    },
-                ],
-            ]);
-            const relayId = allocateRelayId();
-            const job = {
-                relayId,
-                kind: "transact",
-                chainId: request.chainId,
-                status: "pending",
-                broadcasterRelayId: null,
-                txHash: null,
-                createdAt: Date.now(),
-                timeoutMs: DEFAULT_JOB_TIMEOUT_MS,
-                poolAddress: request.poolAddress,
-                calldata,
-                contexts: contexts.map((context) => ({
-                    index: context.index,
-                    nullifier: context.nullifier.hex,
-                    witness: serializeWitness(context.witness, context.index),
-                    root,
-                })),
-                predictedOutputs: assignedOutputs.map((output) => ({
-                    hex: output.hex,
-                    index: output.index,
-                })),
-                expectedRoot: root,
-            };
-            // Submit to broadcaster immediately so reconciliation never has to send the relay.
-            const pendingForBroadcast = {
-                chainId: job.chainId,
-                root,
-                contexts,
-                assignedOutputs,
-                poolAddress: job.poolAddress,
-                calldata: job.calldata,
-                broadcasterRelayId: job.broadcasterRelayId,
-                txHash: job.txHash,
-            };
-            await submitAndAwaitBroadcasterRelay(relayId, pendingForBroadcast);
-            await stateStore.putPendingJob({
+    }
+    // Resolve every nullifier to its note index, fail fast if any is unknown
+    const resolved = [];
+    for (const nullifier of allNullifiers) {
+        const noteIndex = nullifierToNoteIndex.get(nullifier);
+        if (noteIndex === undefined) {
+            const short = nullifier.slice(0, 10) + "…";
+            const error = `Unknown nullifier ${short} - note not found in local state. This may indicate a sync issue.`;
+            await store.putJob({
                 ...job,
-                status: "broadcasting",
-                broadcasterRelayId: pendingForBroadcast.broadcasterRelayId,
-                txHash: pendingForBroadcast.txHash,
-            });
-            return {
-                relayId,
-                calldata,
-                proof,
-                witnesses: contexts.map((context) => context.witness),
-                nullifiers: contexts.map((context) => context.nullifier.hex),
-                predictedCommitments: assignedOutputs.map((output) => output.hex),
-            };
-        },
-        async syncPendingTransact(relayId) {
-            const job = await stateStore.getPendingJob(relayId);
-            if (!job || job.kind !== "transact") {
-                throw new Error(`unknown transact relay ${relayId}`);
-            }
-            const contexts = job.contexts.map((context) => ({
-                index: context.index,
-                nullifier: {
-                    value: parseHexToBigInt(context.nullifier),
-                    hex: context.nullifier,
-                },
-                witness: deserializeWitness(context.witness),
-            }));
-            const assignedOutputs = job.predictedOutputs.map((output) => ({
-                hex: output.hex,
-                value: parseHexToBigInt(output.hex),
-                index: output.index,
-            }));
-            const pending = {
-                chainId: job.chainId,
-                root: job.expectedRoot ??
-                    job.contexts[0]?.root ??
-                    trees.getRoot(job.chainId),
-                contexts,
-                assignedOutputs,
-                poolAddress: job.poolAddress,
-                calldata: job.calldata,
-                broadcasterRelayId: job.broadcasterRelayId ?? null,
-                txHash: job.txHash ?? null,
-            };
-            await rebuildTreeFromStore({
-                chainId: job.chainId,
-                trees,
-                loadLeaf: stateStore.getLeaf.bind(stateStore),
-            });
-            await stateStore.putRoot({
-                chainId: pending.chainId,
-                root: pending.root,
-            });
-            const indexedRecords = await waitForIndexedCommitments(pending.chainId, pending.assignedOutputs);
-            const rootedCommitments = await applyIndexerUpdates(pending.chainId, indexedRecords);
-            const timestamp = Date.now();
-            await persistNullifiersAndSpend(pending.chainId, pending.contexts, timestamp);
-            const lastCommitment = rootedCommitments[rootedCommitments.length - 1] ?? null;
-            const latestRoot = lastCommitment
-                ? lastCommitment.root
-                : trees.getRoot(pending.chainId);
-            await persistTransactSuccess(job, pending, {
-                rootedCommitments,
-                latestRoot,
+                status: "failed",
+                lastCheckedAt: Date.now(),
+                error,
             });
-            return {
-                chainId: pending.chainId,
-                root: latestRoot,
-                nullifiers: pending.contexts.map((context) => context.nullifier.hex),
-                newCommitments: rootedCommitments.map((output) => output.hex),
-                txHash: pending.txHash ?? undefined,
-                indexedCommitments: indexedRecords,
-            };
-        },
+            throw new CoreError(error);
+        }
+        resolved.push({ nullifier, noteIndex });
+    }
+    const txHash = job.txHash ?? undefined;
+    await Promise.all(resolved.flatMap(({ nullifier, noteIndex }) => [
+        store.putNullifier({ chainId: job.chainId, nullifier, noteIndex }),
+        store.markNoteSpent(job.chainId, noteIndex, timestamp, txHash),
+    ]));
+    await store.putJob({
+        ...job,
+        status: "succeeded",
+        lastCheckedAt: timestamp,
+    });
+    return {
+        chainId: job.chainId,
+        root: latestRoot,
+        nullifiers: allNullifiers,
+        newCommitments: indexed.map((r) => r.commitment),
+        txHash: job.txHash ?? undefined,
+        indexedCommitments: indexed,
     };
 }