@zelana/sdk 0.1.3 → 0.1.5

package/dist/index.js

@@ -1,27 +1,3 @@
-var __create = Object.create;
-var __getProtoOf = Object.getPrototypeOf;
-var __defProp = Object.defineProperty;
-var __getOwnPropNames = Object.getOwnPropertyNames;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
-var __toESM = (mod, isNodeMode, target) => {
-  target = mod != null ? __create(__getProtoOf(mod)) : {};
-  const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
-  for (let key of __getOwnPropNames(mod))
-    if (!__hasOwnProp.call(to, key))
-      __defProp(to, key, {
-        get: () => mod[key],
-        enumerable: true
-      });
-  return to;
-};
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined")
-    return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
-
 // node_modules/@noble/ed25519/index.js
 /*! noble-ed25519 - MIT License (c) 2019 Paul Miller (paulmillr.com) */
 var ed25519_CURVE = {
@@ -473,11 +449,18 @@ var wNAF = (n) => {
   return { p, f };
 };
 
+// node_modules/@noble/hashes/esm/crypto.js
+var crypto2 = typeof globalThis === "object" && "crypto" in globalThis ? globalThis.crypto : undefined;
+
 // node_modules/@noble/hashes/esm/utils.js
 /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 function isBytes2(a) {
   return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
 }
+function anumber(n) {
+  if (!Number.isSafeInteger(n) || n < 0)
+    throw new Error("positive integer expected, got " + n);
+}
 function abytes2(b, ...lengths) {
   if (!isBytes2(b))
     throw new Error("Uint8Array expected");
@@ -497,6 +480,12 @@ function aoutput(out, instance) {
     throw new Error("digestInto() expects output buffer of length at least " + min);
   }
 }
+function u8(arr) {
+  return new Uint8Array(arr.buffer, arr.byteOffset, arr.byteLength);
+}
+function u32(arr) {
+  return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
+}
 function clean(...arrays) {
   for (let i = 0;i < arrays.length; i++) {
     arrays[i].fill(0);
@@ -505,6 +494,21 @@ function clean(...arrays) {
 function createView(arr) {
   return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
 }
+function rotr(word, shift) {
+  return word << 32 - shift | word >>> shift;
+}
+var isLE = /* @__PURE__ */ (() => new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68)();
+function byteSwap(word) {
+  return word << 24 & 4278190080 | word << 8 & 16711680 | word >>> 8 & 65280 | word >>> 24 & 255;
+}
+var swap8IfBE = isLE ? (n) => n : (n) => byteSwap(n);
+function byteSwap32(arr) {
+  for (let i = 0;i < arr.length; i++) {
+    arr[i] = byteSwap(arr[i]);
+  }
+  return arr;
+}
+var swap32IfBE = isLE ? (u) => u : byteSwap32;
 function utf8ToBytes(str) {
   if (typeof str !== "string")
     throw new Error("string expected");
@@ -526,22 +530,39 @@ function createHasher(hashCons) {
   hashC.create = () => hashCons();
   return hashC;
 }
+function createXOFer(hashCons) {
+  const hashC = (msg, opts) => hashCons(opts).update(toBytes(msg)).digest();
+  const tmp = hashCons({});
+  hashC.outputLen = tmp.outputLen;
+  hashC.blockLen = tmp.blockLen;
+  hashC.create = (opts) => hashCons(opts);
+  return hashC;
+}
+function randomBytes2(bytesLength = 32) {
+  if (crypto2 && typeof crypto2.getRandomValues === "function") {
+    return crypto2.getRandomValues(new Uint8Array(bytesLength));
+  }
+  if (crypto2 && typeof crypto2.randomBytes === "function") {
+    return Uint8Array.from(crypto2.randomBytes(bytesLength));
+  }
+  throw new Error("crypto.getRandomValues must be defined");
+}
 
 // node_modules/@noble/hashes/esm/_md.js
-function setBigUint64(view, byteOffset, value, isLE) {
+function setBigUint64(view, byteOffset, value, isLE2) {
   if (typeof view.setBigUint64 === "function")
-    return view.setBigUint64(byteOffset, value, isLE);
+    return view.setBigUint64(byteOffset, value, isLE2);
   const _32n = BigInt(32);
   const _u32_max = BigInt(4294967295);
   const wh = Number(value >> _32n & _u32_max);
   const wl = Number(value & _u32_max);
-  const h2 = isLE ? 4 : 0;
-  const l = isLE ? 0 : 4;
-  view.setUint32(byteOffset + h2, wh, isLE);
-  view.setUint32(byteOffset + l, wl, isLE);
+  const h2 = isLE2 ? 4 : 0;
+  const l = isLE2 ? 0 : 4;
+  view.setUint32(byteOffset + h2, wh, isLE2);
+  view.setUint32(byteOffset + l, wl, isLE2);
 }
 class HashMD extends Hash {
-  constructor(blockLen, outputLen, padOffset, isLE) {
+  constructor(blockLen, outputLen, padOffset, isLE2) {
     super();
     this.finished = false;
     this.length = 0;
@@ -550,7 +571,7 @@ class HashMD extends Hash {
     this.blockLen = blockLen;
     this.outputLen = outputLen;
     this.padOffset = padOffset;
-    this.isLE = isLE;
+    this.isLE = isLE2;
     this.buffer = new Uint8Array(blockLen);
     this.view = createView(this.buffer);
   }
@@ -584,7 +605,7 @@ class HashMD extends Hash {
     aexists(this);
     aoutput(out, this);
     this.finished = true;
-    const { buffer, view, blockLen, isLE } = this;
+    const { buffer, view, blockLen, isLE: isLE2 } = this;
     let { pos } = this;
     buffer[pos++] = 128;
     clean(this.buffer.subarray(pos));
@@ -594,7 +615,7 @@ class HashMD extends Hash {
     }
     for (let i = pos;i < blockLen; i++)
       buffer[i] = 0;
-    setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);
+    setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE2);
     this.process(view, 0);
     const oview = createView(out);
     const len = this.outputLen;
@@ -605,7 +626,7 @@ class HashMD extends Hash {
     if (outLen > state.length)
       throw new Error("_sha2: outputLen bigger than state");
     for (let i = 0;i < outLen; i++)
-      oview.setUint32(4 * i, state[i], isLE);
+      oview.setUint32(4 * i, state[i], isLE2);
   }
   digest() {
     const { buffer, outputLen } = this;
@@ -630,6 +651,16 @@ class HashMD extends Hash {
     return this._cloneInto();
   }
 }
+var SHA256_IV = /* @__PURE__ */ Uint32Array.from([
+  1779033703,
+  3144134277,
+  1013904242,
+  2773480762,
+  1359893119,
+  2600822924,
+  528734635,
+  1541459225
+]);
 var SHA512_IV = /* @__PURE__ */ Uint32Array.from([
   1779033703,
   4089235720,
@@ -1017,7 +1048,7 @@ function bytesEqual(a, b) {
   }
   return true;
 }
-function randomBytes2(length) {
+function randomBytes3(length) {
   const bytes = new Uint8Array(length);
   if (typeof crypto !== "undefined" && crypto.getRandomValues) {
     crypto.getRandomValues(bytes);
@@ -1030,8 +1061,27 @@ function randomBytes2(length) {
 }
 
 // src/keypair.ts
-var TRANSFER_DOMAIN = new TextEncoder().encode("ZELANA_L2_TRANSFER:");
-var WITHDRAW_DOMAIN = new TextEncoder().encode("ZELANA_L2_WITHDRAW:");
+function buildTransferMessage(from, to, amount, nonce, chainId) {
+  return `Zelana L2 Transfer
+
+From: ${bytesToHex2(from)}
+To: ${bytesToHex2(to)}
+Amount: ${amount.toString()} lamports
+Nonce: ${nonce.toString()}
+Chain ID: ${chainId.toString()}
+
+Sign to authorize this L2 transfer.`;
+}
+function buildWithdrawMessage(from, toL1Address, amount, nonce) {
+  return `Zelana L2 Withdrawal
+
+From: ${bytesToHex2(from)}
+To L1: ${bytesToBase58(toL1Address)}
+Amount: ${amount.toString()} lamports
+Nonce: ${nonce.toString()}
+
+Sign to authorize this withdrawal to Solana L1.`;
+}
 etc.sha512Sync = (...m) => sha5122(etc.concatBytes(...m));
 
 class Keypair {
@@ -1042,7 +1092,7 @@ class Keypair {
     this._publicKey = publicKey;
   }
   static generate() {
-    const secretKey = randomBytes2(32);
+    const secretKey = randomBytes3(32);
     const publicKey = getPublicKey(secretKey);
     return new Keypair(secretKey, publicKey);
   }
@@ -1088,7 +1138,8 @@ class Keypair {
     }
   }
   async signTransfer(to, amount, nonce, chainId = BigInt(1)) {
-    const message = concatBytes2(TRANSFER_DOMAIN, this._publicKey, to, u64ToLeBytes(amount), u64ToLeBytes(nonce), u64ToLeBytes(chainId));
+    const messageText = buildTransferMessage(this._publicKey, to, amount, nonce, chainId);
+    const message = new TextEncoder().encode(messageText);
     const signature = await this.sign(message);
     return {
       from: this.publicKey,
@@ -1101,7 +1152,8 @@ class Keypair {
     };
   }
   async signWithdrawal(toL1Address, amount, nonce) {
-    const message = concatBytes2(WITHDRAW_DOMAIN, this._publicKey, toL1Address, u64ToLeBytes(amount), u64ToLeBytes(nonce));
+    const messageText = buildWithdrawMessage(this._publicKey, toL1Address, amount, nonce);
+    const message = new TextEncoder().encode(messageText);
     const signature = await this.sign(message);
     return {
       from: this.publicKey,
@@ -1266,7 +1318,9 @@ class ApiClient {
     return {
       accountId: resp.account_id,
       balance: BigInt(resp.balance),
-      nonce: BigInt(resp.nonce)
+      nonce: BigInt(resp.nonce),
+      pendingBalance: resp.pending_balance !== undefined ? BigInt(resp.pending_balance) : undefined,
+      pendingNonce: resp.pending_nonce !== undefined ? BigInt(resp.pending_nonce) : undefined
     };
   }
   async getAccountByPubkey(pubkey) {
@@ -1331,7 +1385,8 @@ class ApiClient {
       nullifier: Array.from(request.nullifier),
       commitment: Array.from(request.commitment),
       ciphertext: Array.from(request.ciphertext),
-      ephemeral_key: Array.from(request.ephemeralKey)
+      ephemeral_key: Array.from(request.ephemeralKey),
+      nonce: request.nonce ? Array.from(request.nonce) : undefined
     });
     return {
       txHash: resp.tx_hash,
@@ -1360,6 +1415,7 @@ class ApiClient {
         position: n.position,
         commitment: n.commitment,
         value: BigInt(n.value),
+        blinding: n.blinding,
         memo: n.memo
       })),
       scannedTo: resp.scanned_to
@@ -1526,11 +1582,11 @@ class ZelanaClient {
   }
   async getBalance() {
     const account = await this.getAccount();
-    return account.balance;
+    return account.pendingBalance ?? account.balance;
   }
   async getNonce() {
     const account = await this.getAccount();
-    return account.nonce;
+    return account.pendingNonce ?? account.nonce;
   }
   async transfer(to, amount, nonce) {
     if (!this.signer) {
@@ -1630,9 +1686,1471 @@ class ZelanaClient {
 function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
+// node_modules/@noble/curves/node_modules/@noble/hashes/utils.js
+/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+function isBytes3(a) {
+  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+}
+function anumber2(n, title = "") {
+  if (!Number.isSafeInteger(n) || n < 0) {
+    const prefix = title && `"${title}" `;
+    throw new Error(`${prefix}expected integer >= 0, got ${n}`);
+  }
+}
+function abytes3(value, length, title = "") {
+  const bytes = isBytes3(value);
+  const len = value?.length;
+  const needsLen = length !== undefined;
+  if (!bytes || needsLen && len !== length) {
+    const prefix = title && `"${title}" `;
+    const ofLen = needsLen ? ` of length ${length}` : "";
+    const got = bytes ? `length=${len}` : `type=${typeof value}`;
+    throw new Error(prefix + "expected Uint8Array" + ofLen + ", got " + got);
+  }
+  return value;
+}
+var hasHexBuiltin = /* @__PURE__ */ (() => typeof Uint8Array.from([]).toHex === "function" && typeof Uint8Array.fromHex === "function")();
+var hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, "0"));
+function bytesToHex3(bytes) {
+  abytes3(bytes);
+  if (hasHexBuiltin)
+    return bytes.toHex();
+  let hex = "";
+  for (let i = 0;i < bytes.length; i++) {
+    hex += hexes[bytes[i]];
+  }
+  return hex;
+}
+var asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
+function asciiToBase16(ch) {
+  if (ch >= asciis._0 && ch <= asciis._9)
+    return ch - asciis._0;
+  if (ch >= asciis.A && ch <= asciis.F)
+    return ch - (asciis.A - 10);
+  if (ch >= asciis.a && ch <= asciis.f)
+    return ch - (asciis.a - 10);
+  return;
+}
+function hexToBytes4(hex) {
+  if (typeof hex !== "string")
+    throw new Error("hex string expected, got " + typeof hex);
+  if (hasHexBuiltin)
+    return Uint8Array.fromHex(hex);
+  const hl = hex.length;
+  const al = hl / 2;
+  if (hl % 2)
+    throw new Error("hex string expected, got unpadded hex of length " + hl);
+  const array = new Uint8Array(al);
+  for (let ai = 0, hi = 0;ai < al; ai++, hi += 2) {
+    const n1 = asciiToBase16(hex.charCodeAt(hi));
+    const n2 = asciiToBase16(hex.charCodeAt(hi + 1));
+    if (n1 === undefined || n2 === undefined) {
+      const char = hex[hi] + hex[hi + 1];
+      throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi);
+    }
+    array[ai] = n1 * 16 + n2;
+  }
+  return array;
+}
+function randomBytes4(bytesLength = 32) {
+  const cr2 = typeof globalThis === "object" ? globalThis.crypto : null;
+  if (typeof cr2?.getRandomValues !== "function")
+    throw new Error("crypto.getRandomValues must be defined");
+  return cr2.getRandomValues(new Uint8Array(bytesLength));
+}
+
+// node_modules/@noble/curves/utils.js
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+var _0n = /* @__PURE__ */ BigInt(0);
+function abignumber(n) {
+  if (typeof n === "bigint") {
+    if (!isPosBig(n))
+      throw new Error("positive bigint expected, got " + n);
+  } else
+    anumber2(n);
+  return n;
+}
+function hexToNumber(hex) {
+  if (typeof hex !== "string")
+    throw new Error("hex string expected, got " + typeof hex);
+  return hex === "" ? _0n : BigInt("0x" + hex);
+}
+function bytesToNumberLE(bytes) {
+  return hexToNumber(bytesToHex3(copyBytes(abytes3(bytes)).reverse()));
+}
+function numberToBytesBE(n, len) {
+  anumber2(len);
+  n = abignumber(n);
+  const res = hexToBytes4(n.toString(16).padStart(len * 2, "0"));
+  if (res.length !== len)
+    throw new Error("number too large");
+  return res;
+}
+function numberToBytesLE(n, len) {
+  return numberToBytesBE(n, len).reverse();
+}
+function copyBytes(bytes) {
+  return Uint8Array.from(bytes);
+}
+var isPosBig = (n) => typeof n === "bigint" && _0n <= n;
+function inRange(n, min, max) {
+  return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max;
+}
+function aInRange(title, n, min, max) {
+  if (!inRange(n, min, max))
+    throw new Error("expected valid " + title + ": " + min + " <= n < " + max + ", got " + n);
+}
+function validateObject(object, fields = {}, optFields = {}) {
+  if (!object || typeof object !== "object")
+    throw new Error("expected valid options object");
+  function checkField(fieldName, expectedType, isOpt) {
+    const val = object[fieldName];
+    if (isOpt && val === undefined)
+      return;
+    const current = typeof val;
+    if (current !== expectedType || val === null)
+      throw new Error(`param "${fieldName}" is invalid: expected ${expectedType}, got ${current}`);
+  }
+  const iter = (f, isOpt) => Object.entries(f).forEach(([k, v]) => checkField(k, v, isOpt));
+  iter(fields, false);
+  iter(optFields, true);
+}
+
+// node_modules/@noble/curves/abstract/modular.js
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+var _0n2 = /* @__PURE__ */ BigInt(0);
+function mod(a, b) {
+  const result = a % b;
+  return result >= _0n2 ? result : b + result;
+}
+function pow22(x, power, modulo) {
+  let res = x;
+  while (power-- > _0n2) {
+    res *= res;
+    res %= modulo;
+  }
+  return res;
+}
+
+// node_modules/@noble/curves/abstract/curve.js
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+var pointPrecomputes = new WeakMap;
+var pointWindowSizes = new WeakMap;
+function createKeygen(randomSecretKey, getPublicKey2) {
+  return function keygen(seed) {
+    const secretKey = randomSecretKey(seed);
+    return { secretKey, publicKey: getPublicKey2(secretKey) };
+  };
+}
+
+// node_modules/@noble/curves/abstract/montgomery.js
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+var _0n3 = BigInt(0);
+var _1n = BigInt(1);
+var _2n = BigInt(2);
+function validateOpts(curve) {
+  validateObject(curve, {
+    adjustScalarBytes: "function",
+    powPminus2: "function"
+  });
+  return Object.freeze({ ...curve });
+}
+function montgomery(curveDef) {
+  const CURVE = validateOpts(curveDef);
+  const { P: P2, type, adjustScalarBytes, powPminus2, randomBytes: rand } = CURVE;
+  const is25519 = type === "x25519";
+  if (!is25519 && type !== "x448")
+    throw new Error("invalid type");
+  const randomBytes_ = rand || randomBytes4;
+  const montgomeryBits = is25519 ? 255 : 448;
+  const fieldLen = is25519 ? 32 : 56;
+  const Gu = is25519 ? BigInt(9) : BigInt(5);
+  const a24 = is25519 ? BigInt(121665) : BigInt(39081);
+  const minScalar = is25519 ? _2n ** BigInt(254) : _2n ** BigInt(447);
+  const maxAdded = is25519 ? BigInt(8) * _2n ** BigInt(251) - _1n : BigInt(4) * _2n ** BigInt(445) - _1n;
+  const maxScalar = minScalar + maxAdded + _1n;
+  const modP = (n) => mod(n, P2);
+  const GuBytes = encodeU(Gu);
+  function encodeU(u) {
+    return numberToBytesLE(modP(u), fieldLen);
+  }
+  function decodeU(u) {
+    const _u = copyBytes(abytes3(u, fieldLen, "uCoordinate"));
+    if (is25519)
+      _u[31] &= 127;
+    return modP(bytesToNumberLE(_u));
+  }
+  function decodeScalar(scalar) {
+    return bytesToNumberLE(adjustScalarBytes(copyBytes(abytes3(scalar, fieldLen, "scalar"))));
+  }
+  function scalarMult(scalar, u) {
+    const pu = montgomeryLadder(decodeU(u), decodeScalar(scalar));
+    if (pu === _0n3)
+      throw new Error("invalid private or public key received");
+    return encodeU(pu);
+  }
+  function scalarMultBase(scalar) {
+    return scalarMult(scalar, GuBytes);
+  }
+  const getPublicKey2 = scalarMultBase;
+  const getSharedSecret = scalarMult;
+  function cswap(swap, x_2, x_3) {
+    const dummy = modP(swap * (x_2 - x_3));
+    x_2 = modP(x_2 - dummy);
+    x_3 = modP(x_3 + dummy);
+    return { x_2, x_3 };
+  }
+  function montgomeryLadder(u, scalar) {
+    aInRange("u", u, _0n3, P2);
+    aInRange("scalar", scalar, minScalar, maxScalar);
+    const k = scalar;
+    const x_1 = u;
+    let x_2 = _1n;
+    let z_2 = _0n3;
+    let x_3 = u;
+    let z_3 = _1n;
+    let swap = _0n3;
+    for (let t = BigInt(montgomeryBits - 1);t >= _0n3; t--) {
+      const k_t = k >> t & _1n;
+      swap ^= k_t;
+      ({ x_2, x_3 } = cswap(swap, x_2, x_3));
+      ({ x_2: z_2, x_3: z_3 } = cswap(swap, z_2, z_3));
+      swap = k_t;
+      const A = x_2 + z_2;
+      const AA = modP(A * A);
+      const B = x_2 - z_2;
+      const BB = modP(B * B);
+      const E = AA - BB;
+      const C2 = x_3 + z_3;
+      const D = x_3 - z_3;
+      const DA = modP(D * A);
+      const CB = modP(C2 * B);
+      const dacb = DA + CB;
+      const da_cb = DA - CB;
+      x_3 = modP(dacb * dacb);
+      z_3 = modP(x_1 * modP(da_cb * da_cb));
+      x_2 = modP(AA * BB);
+      z_2 = modP(E * (AA + modP(a24 * E)));
+    }
+    ({ x_2, x_3 } = cswap(swap, x_2, x_3));
+    ({ x_2: z_2, x_3: z_3 } = cswap(swap, z_2, z_3));
+    const z2 = powPminus2(z_2);
+    return modP(x_2 * z2);
+  }
+  const lengths = {
+    secretKey: fieldLen,
+    publicKey: fieldLen,
+    seed: fieldLen
+  };
+  const randomSecretKey = (seed = randomBytes_(fieldLen)) => {
+    abytes3(seed, lengths.seed, "seed");
+    return seed;
+  };
+  const utils = { randomSecretKey };
+  return Object.freeze({
+    keygen: createKeygen(randomSecretKey, getPublicKey2),
+    getSharedSecret,
+    getPublicKey: getPublicKey2,
+    scalarMult,
+    scalarMultBase,
+    utils,
+    GuBytes: GuBytes.slice(),
+    lengths
+  });
+}
+
+// node_modules/@noble/curves/ed25519.js
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+var _1n2 = BigInt(1);
+var _2n2 = BigInt(2);
+var _3n = /* @__PURE__ */ BigInt(3);
+var _5n = BigInt(5);
+var _8n = BigInt(8);
+var ed25519_CURVE_p = BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed");
+function ed25519_pow_2_252_3(x) {
+  const _10n = BigInt(10), _20n = BigInt(20), _40n = BigInt(40), _80n = BigInt(80);
+  const P2 = ed25519_CURVE_p;
+  const x2 = x * x % P2;
+  const b2 = x2 * x % P2;
+  const b4 = pow22(b2, _2n2, P2) * b2 % P2;
+  const b5 = pow22(b4, _1n2, P2) * x % P2;
+  const b10 = pow22(b5, _5n, P2) * b5 % P2;
+  const b20 = pow22(b10, _10n, P2) * b10 % P2;
+  const b40 = pow22(b20, _20n, P2) * b20 % P2;
+  const b80 = pow22(b40, _40n, P2) * b40 % P2;
+  const b160 = pow22(b80, _80n, P2) * b80 % P2;
+  const b240 = pow22(b160, _80n, P2) * b80 % P2;
+  const b250 = pow22(b240, _10n, P2) * b10 % P2;
+  const pow_p_5_8 = pow22(b250, _2n2, P2) * x % P2;
+  return { pow_p_5_8, b2 };
+}
+function adjustScalarBytes(bytes) {
+  bytes[0] &= 248;
+  bytes[31] &= 127;
+  bytes[31] |= 64;
+  return bytes;
+}
+var x25519 = /* @__PURE__ */ (() => {
+  const P2 = ed25519_CURVE_p;
+  return montgomery({
+    P: P2,
+    type: "x25519",
+    powPminus2: (x) => {
+      const { pow_p_5_8, b2 } = ed25519_pow_2_252_3(x);
+      return mod(pow22(pow_p_5_8, _3n, P2) * b2, P2);
+    },
+    adjustScalarBytes
+  });
+})();
+
+// node_modules/@noble/ciphers/utils.js
+/*! noble-ciphers - MIT License (c) 2023 Paul Miller (paulmillr.com) */
+function isBytes4(a) {
+  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+}
+function abool(b) {
+  if (typeof b !== "boolean")
+    throw new Error(`boolean expected, not ${b}`);
+}
+function anumber3(n) {
+  if (!Number.isSafeInteger(n) || n < 0)
+    throw new Error("positive integer expected, got " + n);
+}
+function abytes4(value, length, title = "") {
+  const bytes = isBytes4(value);
+  const len = value?.length;
+  const needsLen = length !== undefined;
+  if (!bytes || needsLen && len !== length) {
+    const prefix = title && `"${title}" `;
+    const ofLen = needsLen ? ` of length ${length}` : "";
+    const got = bytes ? `length=${len}` : `type=${typeof value}`;
+    throw new Error(prefix + "expected Uint8Array" + ofLen + ", got " + got);
+  }
+  return value;
+}
+function aexists2(instance, checkFinished = true) {
+  if (instance.destroyed)
+    throw new Error("Hash instance has been destroyed");
+  if (checkFinished && instance.finished)
+    throw new Error("Hash#digest() has already been called");
+}
+function aoutput2(out, instance) {
+  abytes4(out, undefined, "output");
+  const min = instance.outputLen;
+  if (out.length < min) {
+    throw new Error("digestInto() expects output buffer of length at least " + min);
+  }
+}
+function u322(arr) {
+  return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
+}
+function clean2(...arrays) {
+  for (let i = 0;i < arrays.length; i++) {
+    arrays[i].fill(0);
+  }
+}
+function createView2(arr) {
+  return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
+}
+var isLE2 = /* @__PURE__ */ (() => new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68)();
+function checkOpts(defaults, opts) {
+  if (opts == null || typeof opts !== "object")
+    throw new Error("options must be defined");
+  const merged = Object.assign(defaults, opts);
+  return merged;
+}
+function equalBytes(a, b) {
+  if (a.length !== b.length)
+    return false;
+  let diff = 0;
+  for (let i = 0;i < a.length; i++)
+    diff |= a[i] ^ b[i];
+  return diff === 0;
+}
+var wrapCipher = (params, constructor) => {
+  function wrappedCipher(key, ...args) {
+    abytes4(key, undefined, "key");
+    if (!isLE2)
+      throw new Error("Non little-endian hardware is not yet supported");
+    if (params.nonceLength !== undefined) {
+      const nonce = args[0];
+      abytes4(nonce, params.varSizeNonce ? undefined : params.nonceLength, "nonce");
+    }
+    const tagl = params.tagLength;
+    if (tagl && args[1] !== undefined)
+      abytes4(args[1], undefined, "AAD");
+    const cipher = constructor(key, ...args);
+    const checkOutput = (fnLength, output) => {
+      if (output !== undefined) {
+        if (fnLength !== 2)
+          throw new Error("cipher output not supported");
+        abytes4(output, undefined, "output");
+      }
+    };
+    let called = false;
+    const wrCipher = {
+      encrypt(data, output) {
+        if (called)
+          throw new Error("cannot encrypt() twice with same key + nonce");
+        called = true;
+        abytes4(data);
+        checkOutput(cipher.encrypt.length, output);
+        return cipher.encrypt(data, output);
+      },
+      decrypt(data, output) {
+        abytes4(data);
+        if (tagl && data.length < tagl)
+          throw new Error('"ciphertext" expected length bigger than tagLength=' + tagl);
+        checkOutput(cipher.decrypt.length, output);
+        return cipher.decrypt(data, output);
+      }
+    };
+    return wrCipher;
+  }
+  Object.assign(wrappedCipher, params);
+  return wrappedCipher;
+};
+function getOutput(expectedLength, out, onlyAligned = true) {
+  if (out === undefined)
+    return new Uint8Array(expectedLength);
+  if (out.length !== expectedLength)
+    throw new Error('"output" expected Uint8Array of length ' + expectedLength + ", got: " + out.length);
+  if (onlyAligned && !isAligned32(out))
+    throw new Error("invalid output, must be aligned");
+  return out;
+}
+function u64Lengths(dataLength, aadLength, isLE3) {
+  abool(isLE3);
+  const num = new Uint8Array(16);
+  const view = createView2(num);
+  view.setBigUint64(0, BigInt(aadLength), isLE3);
+  view.setBigUint64(8, BigInt(dataLength), isLE3);
+  return num;
+}
+function isAligned32(bytes) {
+  return bytes.byteOffset % 4 === 0;
+}
+function copyBytes2(bytes) {
+  return Uint8Array.from(bytes);
+}
+
+// node_modules/@noble/ciphers/_arx.js
+var encodeStr = (str) => Uint8Array.from(str.split(""), (c) => c.charCodeAt(0));
+var sigma16 = encodeStr("expand 16-byte k");
+var sigma32 = encodeStr("expand 32-byte k");
+var sigma16_32 = u322(sigma16);
+var sigma32_32 = u322(sigma32);
+function rotl(a, b) {
+  return a << b | a >>> 32 - b;
+}
+function isAligned322(b) {
+  return b.byteOffset % 4 === 0;
+}
+var BLOCK_LEN = 64;
+var BLOCK_LEN32 = 16;
+var MAX_COUNTER = 2 ** 32 - 1;
+var U32_EMPTY = Uint32Array.of();
+function runCipher(core, sigma, key, nonce, data, output, counter, rounds) {
+  const len = data.length;
+  const block = new Uint8Array(BLOCK_LEN);
+  const b32 = u322(block);
+  const isAligned = isAligned322(data) && isAligned322(output);
+  const d32 = isAligned ? u322(data) : U32_EMPTY;
+  const o32 = isAligned ? u322(output) : U32_EMPTY;
+  for (let pos = 0;pos < len; counter++) {
+    core(sigma, key, nonce, b32, counter, rounds);
+    if (counter >= MAX_COUNTER)
+      throw new Error("arx: counter overflow");
+    const take = Math.min(BLOCK_LEN, len - pos);
+    if (isAligned && take === BLOCK_LEN) {
+      const pos32 = pos / 4;
+      if (pos % 4 !== 0)
+        throw new Error("arx: invalid block position");
+      for (let j = 0, posj;j < BLOCK_LEN32; j++) {
+        posj = pos32 + j;
+        o32[posj] = d32[posj] ^ b32[j];
+      }
+      pos += BLOCK_LEN;
+      continue;
+    }
+    for (let j = 0, posj;j < take; j++) {
+      posj = pos + j;
+      output[posj] = data[posj] ^ block[j];
+    }
+    pos += take;
+  }
+}
+function createCipher(core, opts) {
+  const { allowShortKeys, extendNonceFn, counterLength, counterRight, rounds } = checkOpts({ allowShortKeys: false, counterLength: 8, counterRight: false, rounds: 20 }, opts);
+  if (typeof core !== "function")
+    throw new Error("core must be a function");
+  anumber3(counterLength);
+  anumber3(rounds);
+  abool(counterRight);
+  abool(allowShortKeys);
+  return (key, nonce, data, output, counter = 0) => {
+    abytes4(key, undefined, "key");
+    abytes4(nonce, undefined, "nonce");
+    abytes4(data, undefined, "data");
+    const len = data.length;
+    if (output === undefined)
+      output = new Uint8Array(len);
+    abytes4(output, undefined, "output");
+    anumber3(counter);
+    if (counter < 0 || counter >= MAX_COUNTER)
+      throw new Error("arx: counter overflow");
+    if (output.length < len)
+      throw new Error(`arx: output (${output.length}) is shorter than data (${len})`);
+    const toClean = [];
+    let l = key.length;
+    let k;
+    let sigma;
+    if (l === 32) {
+      toClean.push(k = copyBytes2(key));
+      sigma = sigma32_32;
+    } else if (l === 16 && allowShortKeys) {
+      k = new Uint8Array(32);
+      k.set(key);
+      k.set(key, 16);
+      sigma = sigma16_32;
+      toClean.push(k);
+    } else {
+      abytes4(key, 32, "arx key");
+      throw new Error("invalid key size");
+    }
+    if (!isAligned322(nonce))
+      toClean.push(nonce = copyBytes2(nonce));
+    const k32 = u322(k);
+    if (extendNonceFn) {
+      if (nonce.length !== 24)
+        throw new Error(`arx: extended nonce must be 24 bytes`);
+      extendNonceFn(sigma, k32, u322(nonce.subarray(0, 16)), k32);
+      nonce = nonce.subarray(16);
+    }
+    const nonceNcLen = 16 - counterLength;
+    if (nonceNcLen !== nonce.length)
+      throw new Error(`arx: nonce must be ${nonceNcLen} or 16 bytes`);
+    if (nonceNcLen !== 12) {
+      const nc = new Uint8Array(12);
+      nc.set(nonce, counterRight ? 0 : 12 - nonce.length);
+      nonce = nc;
+      toClean.push(nonce);
+    }
+    const n32 = u322(nonce);
+    runCipher(core, sigma, k32, n32, data, output, counter, rounds);
+    clean2(...toClean);
+    return output;
+  };
+}
+
+// node_modules/@noble/ciphers/_poly1305.js
+function u8to16(a, i) {
+  return a[i++] & 255 | (a[i++] & 255) << 8;
+}
+class Poly1305 {
+  blockLen = 16;
+  outputLen = 16;
+  buffer = new Uint8Array(16);
+  r = new Uint16Array(10);
+  h = new Uint16Array(10);
+  pad = new Uint16Array(8);
+  pos = 0;
+  finished = false;
+  constructor(key) {
+    key = copyBytes2(abytes4(key, 32, "key"));
+    const t0 = u8to16(key, 0);
+    const t1 = u8to16(key, 2);
+    const t2 = u8to16(key, 4);
+    const t3 = u8to16(key, 6);
+    const t4 = u8to16(key, 8);
+    const t5 = u8to16(key, 10);
+    const t6 = u8to16(key, 12);
+    const t7 = u8to16(key, 14);
+    this.r[0] = t0 & 8191;
+    this.r[1] = (t0 >>> 13 | t1 << 3) & 8191;
+    this.r[2] = (t1 >>> 10 | t2 << 6) & 7939;
+    this.r[3] = (t2 >>> 7 | t3 << 9) & 8191;
+    this.r[4] = (t3 >>> 4 | t4 << 12) & 255;
+    this.r[5] = t4 >>> 1 & 8190;
+    this.r[6] = (t4 >>> 14 | t5 << 2) & 8191;
+    this.r[7] = (t5 >>> 11 | t6 << 5) & 8065;
+    this.r[8] = (t6 >>> 8 | t7 << 8) & 8191;
+    this.r[9] = t7 >>> 5 & 127;
+    for (let i = 0;i < 8; i++)
+      this.pad[i] = u8to16(key, 16 + 2 * i);
+  }
+  process(data, offset, isLast = false) {
+    const hibit = isLast ? 0 : 1 << 11;
+    const { h: h2, r } = this;
+    const r0 = r[0];
+    const r1 = r[1];
+    const r2 = r[2];
+    const r3 = r[3];
+    const r4 = r[4];
+    const r5 = r[5];
+    const r6 = r[6];
+    const r7 = r[7];
+    const r8 = r[8];
+    const r9 = r[9];
+    const t0 = u8to16(data, offset + 0);
+    const t1 = u8to16(data, offset + 2);
+    const t2 = u8to16(data, offset + 4);
+    const t3 = u8to16(data, offset + 6);
+    const t4 = u8to16(data, offset + 8);
+    const t5 = u8to16(data, offset + 10);
+    const t6 = u8to16(data, offset + 12);
+    const t7 = u8to16(data, offset + 14);
+    let h0 = h2[0] + (t0 & 8191);
+    let h1 = h2[1] + ((t0 >>> 13 | t1 << 3) & 8191);
+    let h22 = h2[2] + ((t1 >>> 10 | t2 << 6) & 8191);
+    let h3 = h2[3] + ((t2 >>> 7 | t3 << 9) & 8191);
+    let h4 = h2[4] + ((t3 >>> 4 | t4 << 12) & 8191);
+    let h5 = h2[5] + (t4 >>> 1 & 8191);
+    let h6 = h2[6] + ((t4 >>> 14 | t5 << 2) & 8191);
+    let h7 = h2[7] + ((t5 >>> 11 | t6 << 5) & 8191);
+    let h8 = h2[8] + ((t6 >>> 8 | t7 << 8) & 8191);
+    let h9 = h2[9] + (t7 >>> 5 | hibit);
+    let c = 0;
+    let d0 = c + h0 * r0 + h1 * (5 * r9) + h22 * (5 * r8) + h3 * (5 * r7) + h4 * (5 * r6);
+    c = d0 >>> 13;
+    d0 &= 8191;
+    d0 += h5 * (5 * r5) + h6 * (5 * r4) + h7 * (5 * r3) + h8 * (5 * r2) + h9 * (5 * r1);
+    c += d0 >>> 13;
+    d0 &= 8191;
+    let d1 = c + h0 * r1 + h1 * r0 + h22 * (5 * r9) + h3 * (5 * r8) + h4 * (5 * r7);
+    c = d1 >>> 13;
+    d1 &= 8191;
+    d1 += h5 * (5 * r6) + h6 * (5 * r5) + h7 * (5 * r4) + h8 * (5 * r3) + h9 * (5 * r2);
+    c += d1 >>> 13;
+    d1 &= 8191;
+    let d2 = c + h0 * r2 + h1 * r1 + h22 * r0 + h3 * (5 * r9) + h4 * (5 * r8);
+    c = d2 >>> 13;
+    d2 &= 8191;
+    d2 += h5 * (5 * r7) + h6 * (5 * r6) + h7 * (5 * r5) + h8 * (5 * r4) + h9 * (5 * r3);
+    c += d2 >>> 13;
+    d2 &= 8191;
+    let d3 = c + h0 * r3 + h1 * r2 + h22 * r1 + h3 * r0 + h4 * (5 * r9);
+    c = d3 >>> 13;
+    d3 &= 8191;
+    d3 += h5 * (5 * r8) + h6 * (5 * r7) + h7 * (5 * r6) + h8 * (5 * r5) + h9 * (5 * r4);
+    c += d3 >>> 13;
+    d3 &= 8191;
+    let d4 = c + h0 * r4 + h1 * r3 + h22 * r2 + h3 * r1 + h4 * r0;
+    c = d4 >>> 13;
+    d4 &= 8191;
+    d4 += h5 * (5 * r9) + h6 * (5 * r8) + h7 * (5 * r7) + h8 * (5 * r6) + h9 * (5 * r5);
+    c += d4 >>> 13;
+    d4 &= 8191;
+    let d5 = c + h0 * r5 + h1 * r4 + h22 * r3 + h3 * r2 + h4 * r1;
+    c = d5 >>> 13;
+    d5 &= 8191;
+    d5 += h5 * r0 + h6 * (5 * r9) + h7 * (5 * r8) + h8 * (5 * r7) + h9 * (5 * r6);
+    c += d5 >>> 13;
+    d5 &= 8191;
+    let d6 = c + h0 * r6 + h1 * r5 + h22 * r4 + h3 * r3 + h4 * r2;
+    c = d6 >>> 13;
+    d6 &= 8191;
+    d6 += h5 * r1 + h6 * r0 + h7 * (5 * r9) + h8 * (5 * r8) + h9 * (5 * r7);
+    c += d6 >>> 13;
+    d6 &= 8191;
+    let d7 = c + h0 * r7 + h1 * r6 + h22 * r5 + h3 * r4 + h4 * r3;
+    c = d7 >>> 13;
+    d7 &= 8191;
+    d7 += h5 * r2 + h6 * r1 + h7 * r0 + h8 * (5 * r9) + h9 * (5 * r8);
+    c += d7 >>> 13;
+    d7 &= 8191;
+    let d8 = c + h0 * r8 + h1 * r7 + h22 * r6 + h3 * r5 + h4 * r4;
+    c = d8 >>> 13;
+    d8 &= 8191;
+    d8 += h5 * r3 + h6 * r2 + h7 * r1 + h8 * r0 + h9 * (5 * r9);
+    c += d8 >>> 13;
+    d8 &= 8191;
+    let d9 = c + h0 * r9 + h1 * r8 + h22 * r7 + h3 * r6 + h4 * r5;
+    c = d9 >>> 13;
+    d9 &= 8191;
+    d9 += h5 * r4 + h6 * r3 + h7 * r2 + h8 * r1 + h9 * r0;
+    c += d9 >>> 13;
+    d9 &= 8191;
+    c = (c << 2) + c | 0;
+    c = c + d0 | 0;
+    d0 = c & 8191;
+    c = c >>> 13;
+    d1 += c;
+    h2[0] = d0;
+    h2[1] = d1;
+    h2[2] = d2;
+    h2[3] = d3;
+    h2[4] = d4;
+    h2[5] = d5;
+    h2[6] = d6;
+    h2[7] = d7;
+    h2[8] = d8;
+    h2[9] = d9;
+  }
+  finalize() {
+    const { h: h2, pad } = this;
+    const g = new Uint16Array(10);
+    let c = h2[1] >>> 13;
+    h2[1] &= 8191;
+    for (let i = 2;i < 10; i++) {
+      h2[i] += c;
+      c = h2[i] >>> 13;
+      h2[i] &= 8191;
+    }
+    h2[0] += c * 5;
+    c = h2[0] >>> 13;
+    h2[0] &= 8191;
+    h2[1] += c;
+    c = h2[1] >>> 13;
+    h2[1] &= 8191;
+    h2[2] += c;
+    g[0] = h2[0] + 5;
+    c = g[0] >>> 13;
+    g[0] &= 8191;
+    for (let i = 1;i < 10; i++) {
+      g[i] = h2[i] + c;
+      c = g[i] >>> 13;
+      g[i] &= 8191;
+    }
+    g[9] -= 1 << 13;
+    let mask = (c ^ 1) - 1;
+    for (let i = 0;i < 10; i++)
+      g[i] &= mask;
+    mask = ~mask;
+    for (let i = 0;i < 10; i++)
+      h2[i] = h2[i] & mask | g[i];
+    h2[0] = (h2[0] | h2[1] << 13) & 65535;
+    h2[1] = (h2[1] >>> 3 | h2[2] << 10) & 65535;
+    h2[2] = (h2[2] >>> 6 | h2[3] << 7) & 65535;
+    h2[3] = (h2[3] >>> 9 | h2[4] << 4) & 65535;
+    h2[4] = (h2[4] >>> 12 | h2[5] << 1 | h2[6] << 14) & 65535;
+    h2[5] = (h2[6] >>> 2 | h2[7] << 11) & 65535;
+    h2[6] = (h2[7] >>> 5 | h2[8] << 8) & 65535;
+    h2[7] = (h2[8] >>> 8 | h2[9] << 5) & 65535;
+    let f = h2[0] + pad[0];
+    h2[0] = f & 65535;
+    for (let i = 1;i < 8; i++) {
+      f = (h2[i] + pad[i] | 0) + (f >>> 16) | 0;
+      h2[i] = f & 65535;
+    }
+    clean2(g);
+  }
+  update(data) {
+    aexists2(this);
+    abytes4(data);
+    data = copyBytes2(data);
+    const { buffer, blockLen } = this;
+    const len = data.length;
+    for (let pos = 0;pos < len; ) {
+      const take = Math.min(blockLen - this.pos, len - pos);
+      if (take === blockLen) {
+        for (;blockLen <= len - pos; pos += blockLen)
+          this.process(data, pos);
+        continue;
+      }
+      buffer.set(data.subarray(pos, pos + take), this.pos);
+      this.pos += take;
+      pos += take;
+      if (this.pos === blockLen) {
+        this.process(buffer, 0, false);
+        this.pos = 0;
+      }
+    }
+    return this;
+  }
+  destroy() {
+    clean2(this.h, this.r, this.buffer, this.pad);
+  }
+  digestInto(out) {
+    aexists2(this);
+    aoutput2(out, this);
+    this.finished = true;
+    const { buffer, h: h2 } = this;
+    let { pos } = this;
+    if (pos) {
+      buffer[pos++] = 1;
+      for (;pos < 16; pos++)
+        buffer[pos] = 0;
+      this.process(buffer, 0, true);
+    }
+    this.finalize();
+    let opos = 0;
+    for (let i = 0;i < 8; i++) {
+      out[opos++] = h2[i] >>> 0;
+      out[opos++] = h2[i] >>> 8;
+    }
+    return out;
+  }
+  digest() {
+    const { buffer, outputLen } = this;
+    this.digestInto(buffer);
+    const res = buffer.slice(0, outputLen);
+    this.destroy();
+    return res;
+  }
+}
+function wrapConstructorWithKey(hashCons) {
+  const hashC = (msg, key) => hashCons(key).update(msg).digest();
+  const tmp = hashCons(new Uint8Array(32));
+  hashC.outputLen = tmp.outputLen;
+  hashC.blockLen = tmp.blockLen;
+  hashC.create = (key) => hashCons(key);
+  return hashC;
+}
+var poly1305 = /* @__PURE__ */ (() => wrapConstructorWithKey((key) => new Poly1305(key)))();
+
+// node_modules/@noble/ciphers/chacha.js
+function chachaCore(s, k, n, out, cnt, rounds = 20) {
+  let y00 = s[0], y01 = s[1], y02 = s[2], y03 = s[3], y04 = k[0], y05 = k[1], y06 = k[2], y07 = k[3], y08 = k[4], y09 = k[5], y10 = k[6], y11 = k[7], y12 = cnt, y13 = n[0], y14 = n[1], y15 = n[2];
+  let x00 = y00, x01 = y01, x02 = y02, x03 = y03, x04 = y04, x05 = y05, x06 = y06, x07 = y07, x08 = y08, x09 = y09, x10 = y10, x11 = y11, x12 = y12, x13 = y13, x14 = y14, x15 = y15;
+  for (let r = 0;r < rounds; r += 2) {
+    x00 = x00 + x04 | 0;
+    x12 = rotl(x12 ^ x00, 16);
+    x08 = x08 + x12 | 0;
+    x04 = rotl(x04 ^ x08, 12);
+    x00 = x00 + x04 | 0;
+    x12 = rotl(x12 ^ x00, 8);
+    x08 = x08 + x12 | 0;
+    x04 = rotl(x04 ^ x08, 7);
+    x01 = x01 + x05 | 0;
+    x13 = rotl(x13 ^ x01, 16);
+    x09 = x09 + x13 | 0;
+    x05 = rotl(x05 ^ x09, 12);
+    x01 = x01 + x05 | 0;
+    x13 = rotl(x13 ^ x01, 8);
+    x09 = x09 + x13 | 0;
+    x05 = rotl(x05 ^ x09, 7);
+    x02 = x02 + x06 | 0;
+    x14 = rotl(x14 ^ x02, 16);
+    x10 = x10 + x14 | 0;
+    x06 = rotl(x06 ^ x10, 12);
+    x02 = x02 + x06 | 0;
+    x14 = rotl(x14 ^ x02, 8);
+    x10 = x10 + x14 | 0;
+    x06 = rotl(x06 ^ x10, 7);
+    x03 = x03 + x07 | 0;
+    x15 = rotl(x15 ^ x03, 16);
+    x11 = x11 + x15 | 0;
+    x07 = rotl(x07 ^ x11, 12);
+    x03 = x03 + x07 | 0;
+    x15 = rotl(x15 ^ x03, 8);
+    x11 = x11 + x15 | 0;
+    x07 = rotl(x07 ^ x11, 7);
+    x00 = x00 + x05 | 0;
+    x15 = rotl(x15 ^ x00, 16);
+    x10 = x10 + x15 | 0;
+    x05 = rotl(x05 ^ x10, 12);
+    x00 = x00 + x05 | 0;
+    x15 = rotl(x15 ^ x00, 8);
+    x10 = x10 + x15 | 0;
+    x05 = rotl(x05 ^ x10, 7);
+    x01 = x01 + x06 | 0;
+    x12 = rotl(x12 ^ x01, 16);
+    x11 = x11 + x12 | 0;
+    x06 = rotl(x06 ^ x11, 12);
+    x01 = x01 + x06 | 0;
+    x12 = rotl(x12 ^ x01, 8);
+    x11 = x11 + x12 | 0;
+    x06 = rotl(x06 ^ x11, 7);
+    x02 = x02 + x07 | 0;
+    x13 = rotl(x13 ^ x02, 16);
+    x08 = x08 + x13 | 0;
+    x07 = rotl(x07 ^ x08, 12);
+    x02 = x02 + x07 | 0;
+    x13 = rotl(x13 ^ x02, 8);
+    x08 = x08 + x13 | 0;
+    x07 = rotl(x07 ^ x08, 7);
+    x03 = x03 + x04 | 0;
+    x14 = rotl(x14 ^ x03, 16);
+    x09 = x09 + x14 | 0;
+    x04 = rotl(x04 ^ x09, 12);
+    x03 = x03 + x04 | 0;
+    x14 = rotl(x14 ^ x03, 8);
+    x09 = x09 + x14 | 0;
+    x04 = rotl(x04 ^ x09, 7);
+  }
+  let oi = 0;
+  out[oi++] = y00 + x00 | 0;
+  out[oi++] = y01 + x01 | 0;
+  out[oi++] = y02 + x02 | 0;
+  out[oi++] = y03 + x03 | 0;
+  out[oi++] = y04 + x04 | 0;
+  out[oi++] = y05 + x05 | 0;
+  out[oi++] = y06 + x06 | 0;
+  out[oi++] = y07 + x07 | 0;
+  out[oi++] = y08 + x08 | 0;
+  out[oi++] = y09 + x09 | 0;
+  out[oi++] = y10 + x10 | 0;
+  out[oi++] = y11 + x11 | 0;
+  out[oi++] = y12 + x12 | 0;
+  out[oi++] = y13 + x13 | 0;
+  out[oi++] = y14 + x14 | 0;
+  out[oi++] = y15 + x15 | 0;
+}
+function hchacha(s, k, i, out) {
+  let x00 = s[0], x01 = s[1], x02 = s[2], x03 = s[3], x04 = k[0], x05 = k[1], x06 = k[2], x07 = k[3], x08 = k[4], x09 = k[5], x10 = k[6], x11 = k[7], x12 = i[0], x13 = i[1], x14 = i[2], x15 = i[3];
+  for (let r = 0;r < 20; r += 2) {
+    x00 = x00 + x04 | 0;
+    x12 = rotl(x12 ^ x00, 16);
+    x08 = x08 + x12 | 0;
+    x04 = rotl(x04 ^ x08, 12);
+    x00 = x00 + x04 | 0;
+    x12 = rotl(x12 ^ x00, 8);
+    x08 = x08 + x12 | 0;
+    x04 = rotl(x04 ^ x08, 7);
+    x01 = x01 + x05 | 0;
+    x13 = rotl(x13 ^ x01, 16);
+    x09 = x09 + x13 | 0;
+    x05 = rotl(x05 ^ x09, 12);
+    x01 = x01 + x05 | 0;
+    x13 = rotl(x13 ^ x01, 8);
+    x09 = x09 + x13 | 0;
+    x05 = rotl(x05 ^ x09, 7);
+    x02 = x02 + x06 | 0;
+    x14 = rotl(x14 ^ x02, 16);
+    x10 = x10 + x14 | 0;
+    x06 = rotl(x06 ^ x10, 12);
+    x02 = x02 + x06 | 0;
+    x14 = rotl(x14 ^ x02, 8);
+    x10 = x10 + x14 | 0;
+    x06 = rotl(x06 ^ x10, 7);
+    x03 = x03 + x07 | 0;
+    x15 = rotl(x15 ^ x03, 16);
+    x11 = x11 + x15 | 0;
+    x07 = rotl(x07 ^ x11, 12);
+    x03 = x03 + x07 | 0;
+    x15 = rotl(x15 ^ x03, 8);
+    x11 = x11 + x15 | 0;
+    x07 = rotl(x07 ^ x11, 7);
+    x00 = x00 + x05 | 0;
+    x15 = rotl(x15 ^ x00, 16);
+    x10 = x10 + x15 | 0;
+    x05 = rotl(x05 ^ x10, 12);
+    x00 = x00 + x05 | 0;
+    x15 = rotl(x15 ^ x00, 8);
+    x10 = x10 + x15 | 0;
+    x05 = rotl(x05 ^ x10, 7);
+    x01 = x01 + x06 | 0;
+    x12 = rotl(x12 ^ x01, 16);
+    x11 = x11 + x12 | 0;
+    x06 = rotl(x06 ^ x11, 12);
+    x01 = x01 + x06 | 0;
+    x12 = rotl(x12 ^ x01, 8);
+    x11 = x11 + x12 | 0;
+    x06 = rotl(x06 ^ x11, 7);
+    x02 = x02 + x07 | 0;
+    x13 = rotl(x13 ^ x02, 16);
+    x08 = x08 + x13 | 0;
+    x07 = rotl(x07 ^ x08, 12);
+    x02 = x02 + x07 | 0;
+    x13 = rotl(x13 ^ x02, 8);
+    x08 = x08 + x13 | 0;
+    x07 = rotl(x07 ^ x08, 7);
+    x03 = x03 + x04 | 0;
+    x14 = rotl(x14 ^ x03, 16);
+    x09 = x09 + x14 | 0;
+    x04 = rotl(x04 ^ x09, 12);
+    x03 = x03 + x04 | 0;
+    x14 = rotl(x14 ^ x03, 8);
+    x09 = x09 + x14 | 0;
+    x04 = rotl(x04 ^ x09, 7);
+  }
+  let oi = 0;
+  out[oi++] = x00;
+  out[oi++] = x01;
+  out[oi++] = x02;
+  out[oi++] = x03;
+  out[oi++] = x12;
+  out[oi++] = x13;
+  out[oi++] = x14;
+  out[oi++] = x15;
+}
+var chacha20 = /* @__PURE__ */ createCipher(chachaCore, {
+  counterRight: false,
+  counterLength: 4,
+  allowShortKeys: false
+});
+var xchacha20 = /* @__PURE__ */ createCipher(chachaCore, {
+  counterRight: false,
+  counterLength: 8,
+  extendNonceFn: hchacha,
+  allowShortKeys: false
+});
+var ZEROS16 = /* @__PURE__ */ new Uint8Array(16);
+var updatePadded = (h2, msg) => {
+  h2.update(msg);
+  const leftover = msg.length % 16;
+  if (leftover)
+    h2.update(ZEROS16.subarray(leftover));
+};
+var ZEROS32 = /* @__PURE__ */ new Uint8Array(32);
+function computeTag(fn, key, nonce, ciphertext, AAD) {
+  if (AAD !== undefined)
+    abytes4(AAD, undefined, "AAD");
+  const authKey = fn(key, nonce, ZEROS32);
+  const lengths = u64Lengths(ciphertext.length, AAD ? AAD.length : 0, true);
+  const h2 = poly1305.create(authKey);
+  if (AAD)
+    updatePadded(h2, AAD);
+  updatePadded(h2, ciphertext);
+  h2.update(lengths);
+  const res = h2.digest();
+  clean2(authKey, lengths);
+  return res;
+}
+var _poly1305_aead = (xorStream) => (key, nonce, AAD) => {
+  const tagLength = 16;
+  return {
+    encrypt(plaintext, output) {
+      const plength = plaintext.length;
+      output = getOutput(plength + tagLength, output, false);
+      output.set(plaintext);
+      const oPlain = output.subarray(0, -tagLength);
+      xorStream(key, nonce, oPlain, oPlain, 1);
+      const tag = computeTag(xorStream, key, nonce, oPlain, AAD);
+      output.set(tag, plength);
+      clean2(tag);
+      return output;
+    },
+    decrypt(ciphertext, output) {
+      output = getOutput(ciphertext.length - tagLength, output, false);
+      const data = ciphertext.subarray(0, -tagLength);
+      const passedTag = ciphertext.subarray(-tagLength);
+      const tag = computeTag(xorStream, key, nonce, data, AAD);
+      if (!equalBytes(passedTag, tag))
+        throw new Error("invalid tag");
+      output.set(ciphertext.subarray(0, -tagLength));
+      xorStream(key, nonce, output, output, 1);
+      clean2(tag);
+      return output;
+    }
+  };
+};
+var chacha20poly1305 = /* @__PURE__ */ wrapCipher({ blockSize: 64, nonceLength: 12, tagLength: 16 }, _poly1305_aead(chacha20));
+var xchacha20poly1305 = /* @__PURE__ */ wrapCipher({ blockSize: 64, nonceLength: 24, tagLength: 16 }, _poly1305_aead(xchacha20));
+
+// node_modules/@noble/hashes/esm/_blake.js
+function G1s(a, b, c, d, x) {
+  a = a + b + x | 0;
+  d = rotr(d ^ a, 16);
+  c = c + d | 0;
+  b = rotr(b ^ c, 12);
+  return { a, b, c, d };
+}
+function G2s(a, b, c, d, x) {
+  a = a + b + x | 0;
+  d = rotr(d ^ a, 8);
+  c = c + d | 0;
+  b = rotr(b ^ c, 7);
+  return { a, b, c, d };
+}
+
+// node_modules/@noble/hashes/esm/blake2.js
+class BLAKE2 extends Hash {
+  constructor(blockLen, outputLen) {
+    super();
+    this.finished = false;
+    this.destroyed = false;
+    this.length = 0;
+    this.pos = 0;
+    anumber(blockLen);
+    anumber(outputLen);
+    this.blockLen = blockLen;
+    this.outputLen = outputLen;
+    this.buffer = new Uint8Array(blockLen);
+    this.buffer32 = u32(this.buffer);
+  }
+  update(data) {
+    aexists(this);
+    data = toBytes(data);
+    abytes2(data);
+    const { blockLen, buffer, buffer32 } = this;
+    const len = data.length;
+    const offset = data.byteOffset;
+    const buf = data.buffer;
+    for (let pos = 0;pos < len; ) {
+      if (this.pos === blockLen) {
+        swap32IfBE(buffer32);
+        this.compress(buffer32, 0, false);
+        swap32IfBE(buffer32);
+        this.pos = 0;
+      }
+      const take = Math.min(blockLen - this.pos, len - pos);
+      const dataOffset = offset + pos;
+      if (take === blockLen && !(dataOffset % 4) && pos + take < len) {
+        const data32 = new Uint32Array(buf, dataOffset, Math.floor((len - pos) / 4));
+        swap32IfBE(data32);
+        for (let pos32 = 0;pos + blockLen < len; pos32 += buffer32.length, pos += blockLen) {
+          this.length += blockLen;
+          this.compress(data32, pos32, false);
+        }
+        swap32IfBE(data32);
+        continue;
+      }
+      buffer.set(data.subarray(pos, pos + take), this.pos);
+      this.pos += take;
+      this.length += take;
+      pos += take;
+    }
+    return this;
+  }
+  digestInto(out) {
+    aexists(this);
+    aoutput(out, this);
+    const { pos, buffer32 } = this;
+    this.finished = true;
+    clean(this.buffer.subarray(pos));
+    swap32IfBE(buffer32);
+    this.compress(buffer32, 0, true);
+    swap32IfBE(buffer32);
+    const out32 = u32(out);
+    this.get().forEach((v, i) => out32[i] = swap8IfBE(v));
+  }
+  digest() {
+    const { buffer, outputLen } = this;
+    this.digestInto(buffer);
+    const res = buffer.slice(0, outputLen);
+    this.destroy();
+    return res;
+  }
+  _cloneInto(to) {
+    const { buffer, length, finished, destroyed, outputLen, pos } = this;
+    to || (to = new this.constructor({ dkLen: outputLen }));
+    to.set(...this.get());
+    to.buffer.set(buffer);
+    to.destroyed = destroyed;
+    to.finished = finished;
+    to.length = length;
+    to.pos = pos;
+    to.outputLen = outputLen;
+    return to;
+  }
+  clone() {
+    return this._cloneInto();
+  }
+}
+function compress(s, offset, msg, rounds, v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15) {
+  let j = 0;
+  for (let i = 0;i < rounds; i++) {
+    ({ a: v0, b: v4, c: v8, d: v12 } = G1s(v0, v4, v8, v12, msg[offset + s[j++]]));
+    ({ a: v0, b: v4, c: v8, d: v12 } = G2s(v0, v4, v8, v12, msg[offset + s[j++]]));
+    ({ a: v1, b: v5, c: v9, d: v13 } = G1s(v1, v5, v9, v13, msg[offset + s[j++]]));
+    ({ a: v1, b: v5, c: v9, d: v13 } = G2s(v1, v5, v9, v13, msg[offset + s[j++]]));
+    ({ a: v2, b: v6, c: v10, d: v14 } = G1s(v2, v6, v10, v14, msg[offset + s[j++]]));
+    ({ a: v2, b: v6, c: v10, d: v14 } = G2s(v2, v6, v10, v14, msg[offset + s[j++]]));
+    ({ a: v3, b: v7, c: v11, d: v15 } = G1s(v3, v7, v11, v15, msg[offset + s[j++]]));
+    ({ a: v3, b: v7, c: v11, d: v15 } = G2s(v3, v7, v11, v15, msg[offset + s[j++]]));
+    ({ a: v0, b: v5, c: v10, d: v15 } = G1s(v0, v5, v10, v15, msg[offset + s[j++]]));
+    ({ a: v0, b: v5, c: v10, d: v15 } = G2s(v0, v5, v10, v15, msg[offset + s[j++]]));
+    ({ a: v1, b: v6, c: v11, d: v12 } = G1s(v1, v6, v11, v12, msg[offset + s[j++]]));
+    ({ a: v1, b: v6, c: v11, d: v12 } = G2s(v1, v6, v11, v12, msg[offset + s[j++]]));
+    ({ a: v2, b: v7, c: v8, d: v13 } = G1s(v2, v7, v8, v13, msg[offset + s[j++]]));
+    ({ a: v2, b: v7, c: v8, d: v13 } = G2s(v2, v7, v8, v13, msg[offset + s[j++]]));
+    ({ a: v3, b: v4, c: v9, d: v14 } = G1s(v3, v4, v9, v14, msg[offset + s[j++]]));
+    ({ a: v3, b: v4, c: v9, d: v14 } = G2s(v3, v4, v9, v14, msg[offset + s[j++]]));
+  }
+  return { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 };
+}
+
+// node_modules/@noble/hashes/esm/blake3.js
+var B3_Flags = {
+  CHUNK_START: 1,
+  CHUNK_END: 2,
+  PARENT: 4,
+  ROOT: 8,
+  KEYED_HASH: 16,
+  DERIVE_KEY_CONTEXT: 32,
+  DERIVE_KEY_MATERIAL: 64
+};
+var B3_IV = SHA256_IV.slice();
+var B3_SIGMA = /* @__PURE__ */ (() => {
+  const Id = Array.from({ length: 16 }, (_, i) => i);
+  const permute = (arr) => [2, 6, 3, 10, 7, 0, 4, 13, 1, 11, 12, 5, 9, 14, 15, 8].map((i) => arr[i]);
+  const res = [];
+  for (let i = 0, v = Id;i < 7; i++, v = permute(v))
+    res.push(...v);
+  return Uint8Array.from(res);
+})();
+
+class BLAKE3 extends BLAKE2 {
+  constructor(opts = {}, flags = 0) {
+    super(64, opts.dkLen === undefined ? 32 : opts.dkLen);
+    this.chunkPos = 0;
+    this.chunksDone = 0;
+    this.flags = 0 | 0;
+    this.stack = [];
+    this.posOut = 0;
+    this.bufferOut32 = new Uint32Array(16);
+    this.chunkOut = 0;
+    this.enableXOF = true;
+    const { key, context } = opts;
+    const hasContext = context !== undefined;
+    if (key !== undefined) {
+      if (hasContext)
+        throw new Error('Only "key" or "context" can be specified at same time');
+      const k = toBytes(key).slice();
+      abytes2(k, 32);
+      this.IV = u32(k);
+      swap32IfBE(this.IV);
+      this.flags = flags | B3_Flags.KEYED_HASH;
+    } else if (hasContext) {
+      const ctx = toBytes(context);
+      const contextKey = new BLAKE3({ dkLen: 32 }, B3_Flags.DERIVE_KEY_CONTEXT).update(ctx).digest();
+      this.IV = u32(contextKey);
+      swap32IfBE(this.IV);
+      this.flags = flags | B3_Flags.DERIVE_KEY_MATERIAL;
+    } else {
+      this.IV = B3_IV.slice();
+      this.flags = flags;
+    }
+    this.state = this.IV.slice();
+    this.bufferOut = u8(this.bufferOut32);
+  }
+  get() {
+    return [];
+  }
+  set() {}
+  b2Compress(counter, flags, buf, bufPos = 0) {
+    const { state: s, pos } = this;
+    const { h: h2, l } = fromBig(BigInt(counter), true);
+    const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = compress(B3_SIGMA, bufPos, buf, 7, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7], B3_IV[0], B3_IV[1], B3_IV[2], B3_IV[3], h2, l, pos, flags);
+    s[0] = v0 ^ v8;
+    s[1] = v1 ^ v9;
+    s[2] = v2 ^ v10;
+    s[3] = v3 ^ v11;
+    s[4] = v4 ^ v12;
+    s[5] = v5 ^ v13;
+    s[6] = v6 ^ v14;
+    s[7] = v7 ^ v15;
+  }
+  compress(buf, bufPos = 0, isLast = false) {
+    let flags = this.flags;
+    if (!this.chunkPos)
+      flags |= B3_Flags.CHUNK_START;
+    if (this.chunkPos === 15 || isLast)
+      flags |= B3_Flags.CHUNK_END;
+    if (!isLast)
+      this.pos = this.blockLen;
+    this.b2Compress(this.chunksDone, flags, buf, bufPos);
+    this.chunkPos += 1;
+    if (this.chunkPos === 16 || isLast) {
+      let chunk = this.state;
+      this.state = this.IV.slice();
+      for (let last, chunks = this.chunksDone + 1;isLast || !(chunks & 1); chunks >>= 1) {
+        if (!(last = this.stack.pop()))
+          break;
+        this.buffer32.set(last, 0);
+        this.buffer32.set(chunk, 8);
+        this.pos = this.blockLen;
+        this.b2Compress(0, this.flags | B3_Flags.PARENT, this.buffer32, 0);
+        chunk = this.state;
+        this.state = this.IV.slice();
+      }
+      this.chunksDone++;
+      this.chunkPos = 0;
+      this.stack.push(chunk);
+    }
+    this.pos = 0;
+  }
+  _cloneInto(to) {
+    to = super._cloneInto(to);
+    const { IV, flags, state, chunkPos, posOut, chunkOut, stack, chunksDone } = this;
+    to.state.set(state.slice());
+    to.stack = stack.map((i) => Uint32Array.from(i));
+    to.IV.set(IV);
+    to.flags = flags;
+    to.chunkPos = chunkPos;
+    to.chunksDone = chunksDone;
+    to.posOut = posOut;
+    to.chunkOut = chunkOut;
+    to.enableXOF = this.enableXOF;
+    to.bufferOut32.set(this.bufferOut32);
+    return to;
+  }
+  destroy() {
+    this.destroyed = true;
+    clean(this.state, this.buffer32, this.IV, this.bufferOut32);
+    clean(...this.stack);
+  }
+  b2CompressOut() {
+    const { state: s, pos, flags, buffer32, bufferOut32: out32 } = this;
+    const { h: h2, l } = fromBig(BigInt(this.chunkOut++));
+    swap32IfBE(buffer32);
+    const { v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, v12, v13, v14, v15 } = compress(B3_SIGMA, 0, buffer32, 7, s[0], s[1], s[2], s[3], s[4], s[5], s[6], s[7], B3_IV[0], B3_IV[1], B3_IV[2], B3_IV[3], l, h2, pos, flags);
+    out32[0] = v0 ^ v8;
+    out32[1] = v1 ^ v9;
+    out32[2] = v2 ^ v10;
+    out32[3] = v3 ^ v11;
+    out32[4] = v4 ^ v12;
+    out32[5] = v5 ^ v13;
+    out32[6] = v6 ^ v14;
+    out32[7] = v7 ^ v15;
+    out32[8] = s[0] ^ v8;
+    out32[9] = s[1] ^ v9;
+    out32[10] = s[2] ^ v10;
+    out32[11] = s[3] ^ v11;
+    out32[12] = s[4] ^ v12;
+    out32[13] = s[5] ^ v13;
+    out32[14] = s[6] ^ v14;
+    out32[15] = s[7] ^ v15;
+    swap32IfBE(buffer32);
+    swap32IfBE(out32);
+    this.posOut = 0;
+  }
+  finish() {
+    if (this.finished)
+      return;
+    this.finished = true;
+    clean(this.buffer.subarray(this.pos));
+    let flags = this.flags | B3_Flags.ROOT;
+    if (this.stack.length) {
+      flags |= B3_Flags.PARENT;
+      swap32IfBE(this.buffer32);
+      this.compress(this.buffer32, 0, true);
+      swap32IfBE(this.buffer32);
+      this.chunksDone = 0;
+      this.pos = this.blockLen;
+    } else {
+      flags |= (!this.chunkPos ? B3_Flags.CHUNK_START : 0) | B3_Flags.CHUNK_END;
+    }
+    this.flags = flags;
+    this.b2CompressOut();
+  }
+  writeInto(out) {
+    aexists(this, false);
+    abytes2(out);
+    this.finish();
+    const { blockLen, bufferOut } = this;
+    for (let pos = 0, len = out.length;pos < len; ) {
+      if (this.posOut >= blockLen)
+        this.b2CompressOut();
+      const take = Math.min(blockLen - this.posOut, len - pos);
+      out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);
+      this.posOut += take;
+      pos += take;
+    }
+    return out;
+  }
+  xofInto(out) {
+    if (!this.enableXOF)
+      throw new Error("XOF is not possible after digest call");
+    return this.writeInto(out);
+  }
+  xof(bytes) {
+    anumber(bytes);
+    return this.xofInto(new Uint8Array(bytes));
+  }
+  digestInto(out) {
+    aoutput(out, this);
+    if (this.finished)
+      throw new Error("digest() was already called");
+    this.enableXOF = false;
+    this.writeInto(out);
+    this.destroy();
+    return out;
+  }
+  digest() {
+    return this.digestInto(new Uint8Array(this.outputLen));
+  }
+}
+var blake3 = /* @__PURE__ */ createXOFer((opts) => new BLAKE3(opts));
+
+// src/encryption.ts
+function deriveNoteKey(sharedSecret, ephemeralPk) {
+  const context = new TextEncoder().encode("zelana-note-v1");
+  const input = new Uint8Array(sharedSecret.length + ephemeralPk.length);
+  input.set(sharedSecret, 0);
+  input.set(ephemeralPk, sharedSecret.length);
+  return blake3(input, { context });
+}
+function serializePlaintext(pt) {
+  const memoLen = pt.memo?.length ?? 0;
+  const bytes = new Uint8Array(8 + 32 + 2 + memoLen);
+  const view = new DataView(bytes.buffer);
+  view.setBigUint64(0, pt.value, true);
+  bytes.set(pt.randomness, 8);
+  view.setUint16(40, memoLen, true);
+  if (pt.memo && memoLen > 0) {
+    bytes.set(pt.memo.slice(0, 512), 42);
+  }
+  return bytes;
+}
+function deserializePlaintext(bytes) {
+  if (bytes.length < 42) {
+    return null;
+  }
+  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
+  const value = view.getBigUint64(0, true);
+  const randomness = bytes.slice(8, 40);
+  const memoLen = view.getUint16(40, true);
+  if (bytes.length < 42 + memoLen) {
+    return null;
+  }
+  const memo = memoLen > 0 ? bytes.slice(42, 42 + memoLen) : undefined;
+  return { value, randomness, memo };
+}
+function encryptNote(value, randomness, recipientPk, memo) {
+  const ephemeralSk = randomBytes2(32);
+  const ephemeralPk = x25519.getPublicKey(ephemeralSk);
+  const sharedSecret = x25519.getSharedSecret(ephemeralSk, recipientPk);
+  const encryptionKey = deriveNoteKey(sharedSecret, ephemeralPk);
+  const plaintext = serializePlaintext({
+    value,
+    randomness: new Uint8Array(randomness),
+    memo: memo?.slice(0, 512)
+  });
+  const nonce = randomBytes2(12);
+  const cipher = chacha20poly1305(encryptionKey, nonce);
+  const ciphertext = cipher.encrypt(plaintext);
+  return {
+    ephemeralPk,
+    nonce,
+    ciphertext
+  };
+}
+function decryptNote(encrypted, recipientSk) {
+  try {
+    const sharedSecret = x25519.getSharedSecret(recipientSk, encrypted.ephemeralPk);
+    const encryptionKey = deriveNoteKey(sharedSecret, encrypted.ephemeralPk);
+    const cipher = chacha20poly1305(encryptionKey, encrypted.nonce);
+    const plaintext = cipher.decrypt(encrypted.ciphertext);
+    const pt = deserializePlaintext(plaintext);
+    if (!pt) {
+      return null;
+    }
+    return {
+      value: pt.value,
+      randomness: pt.randomness,
+      memo: pt.memo
+    };
+  } catch {
+    return null;
+  }
+}
+function serializeEncryptedNote(note) {
+  const bytes = new Uint8Array(32 + 12 + note.ciphertext.length);
+  bytes.set(note.ephemeralPk, 0);
+  bytes.set(note.nonce, 32);
+  bytes.set(note.ciphertext, 44);
+  return bytes;
+}
+function deserializeEncryptedNote(bytes) {
+  if (bytes.length < 44 + 42 + 16) {
+    return null;
+  }
+  return {
+    ephemeralPk: bytes.slice(0, 32),
+    nonce: bytes.slice(32, 44),
+    ciphertext: bytes.slice(44)
+  };
+}
+function x25519PublicKey(secretKey) {
+  return x25519.getPublicKey(secretKey);
+}
+
 // src/shielded.ts
 function generateShieldedKeys() {
-  const spendingKey = randomBytes2(32);
+  const spendingKey = randomBytes3(32);
   const viewingKey = deriveViewingKey(spendingKey);
   const publicKey = derivePublicKey(spendingKey);
   return { spendingKey, viewingKey, publicKey };
@@ -1655,7 +3173,7 @@ function derivePublicKey(spendingKey) {
 function createNote(value, ownerPk, position) {
   return {
     value,
-    randomness: randomBytes2(32),
+    randomness: randomBytes3(32),
     ownerPk: new Uint8Array(ownerPk),
     position
   };
@@ -1752,7 +3270,7 @@ class ShieldedTransactionBuilder {
       const commitment = computeCommitment(note);
       return { note, commitment, memo: output.memo };
     });
-    const encryptedOutputs = outputsWithCommitments.map((o) => encryptNote(o.note, o.memo));
+    const encryptedOutputs = outputsWithCommitments.map((o) => encryptNote2(o.note, o.note.ownerPk, o.memo));
     return {
       nullifiers: inputsWithNullifiers.map((i) => i.nullifier),
       commitments: outputsWithCommitments.map((o) => o.commitment),
@@ -1774,29 +3292,14 @@ class ShieldedTransactionBuilder {
     return this;
   }
 }
-function encryptNote(note, memo) {
-  const ephemeralPk = randomBytes2(32);
-  const nonce = randomBytes2(12);
-  const plaintext = concatBytes2(u64ToLeBytes(note.value), note.randomness, memo ? new Uint8Array([...u16ToLeBytes(memo.length), ...memo]) : new Uint8Array([0, 0]));
-  const key = sha5122(concatBytes2(ephemeralPk, note.ownerPk)).slice(0, 32);
-  const ciphertext = xorEncrypt(plaintext, key, nonce);
+function encryptNote2(note, recipientViewingPk, memo) {
+  const encrypted = encryptNote(note.value, note.randomness, recipientViewingPk, memo);
   return {
-    ephemeralPk,
-    nonce,
-    ciphertext
+    ephemeralPk: encrypted.ephemeralPk,
+    nonce: encrypted.nonce,
+    ciphertext: encrypted.ciphertext
   };
 }
-function xorEncrypt(data, key, nonce) {
-  const stream = sha5122(concatBytes2(key, nonce));
-  const result = new Uint8Array(data.length);
-  for (let i = 0;i < data.length; i++) {
-    result[i] = data[i] ^ stream[i % stream.length];
-  }
-  return result;
-}
-function u16ToLeBytes(value) {
-  return new Uint8Array([value & 255, value >> 8 & 255]);
-}
 function tryDecryptNote(encrypted, viewingKey, ownerPk, position) {
   return null;
 }
@@ -1835,18 +3338,19 @@ class OwnershipProver {
     this.initialized = true;
   }
   async loadWasmModule(wasmUrl) {
+    if (wasmUrl) {
+      const importFn = new Function("url", "return import(url)");
+      const module = await importFn(wasmUrl);
+      await module.default();
+      return module;
+    }
     try {
-      const module = await import("zelana-ownership-prover");
+      const dynamicImport = new Function("specifier", "return import(specifier)");
+      const module = await dynamicImport("zelana-ownership-prover");
       await module.default();
       return module;
     } catch {
-      if (wasmUrl) {
-        const importFn = new Function("url", "return import(url)");
-        const module = await importFn(wasmUrl);
-        await module.default();
-        return module;
-      }
-      throw new Error("Could not load WASM module");
+      throw new Error("Could not load WASM module. Please provide a wasmUrl or install zelana-ownership-prover.");
     }
   }
   async loadNoirCircuit(circuitUrl) {
@@ -1991,17 +3495,22 @@ class MockOwnershipProver extends OwnershipProver {
 }
 var mockProver = new MockOwnershipProver;
 export {
+  x25519PublicKey,
   u64ToLeBytes,
   tryDecryptNote,
   shieldedKeysFromSpendingKey,
   shielded,
-  randomBytes2 as randomBytes,
+  serializeEncryptedNote,
+  randomBytes3 as randomBytes,
   noteWithRandomness,
   mockProver,
   leBytesToU64,
   hexToBytes2 as hexToBytes,
   getProver,
   generateShieldedKeys,
+  encryptNote,
+  deserializeEncryptedNote,
+  decryptNote,
   createNote,
   concatBytes2 as concatBytes,
   computeOwnershipWitness,