o1js 1.3.0 → 1.3.1

package/dist/node/index.cjs

@@ -4584,13 +4584,7 @@ function constraintSystemToJS(cs) {
       printGates(gates);
     },
     summary() {
-      let gateTypes = {};
-      gateTypes["Total rows"] = rows;
-      for (let gate of gates) {
-        gateTypes[gate.type] ??= 0;
-        gateTypes[gate.type]++;
-      }
-      return gateTypes;
+      return summarizeGates(gates);
     }
   };
 }
@@ -4601,6 +4595,15 @@ function gatesFromJson(cs) {
   });
   return { publicInputSize: cs.public_input_size, gates };
 }
+function summarizeGates(gates) {
+  let gateTypes = {};
+  gateTypes["Total rows"] = gates.length;
+  for (let gate of gates) {
+    gateTypes[gate.type] ??= 0;
+    gateTypes[gate.type]++;
+  }
+  return gateTypes;
+}
 function printGates(gates) {
   for (let i = 0, n = gates.length; i < n; i++) {
     let { type, wires, coeffs } = gates[i];
@@ -6131,6 +6134,8 @@ and Provable.asProver() blocks, which execute outside the proof.
    * ```
    */
   static from(value) {
+    if (value instanceof _Unconstrained)
+      return value;
     return new _Unconstrained(true, value);
   }
   /**
@@ -7259,7 +7264,7 @@ var Field3 = class _Field {
    * ```ts
    * const someField = Field(42);
    * const inverse = someField.inv();
-   * inverse.assertEquals(Field(1).div(example)); // This statement is always true regardless of the value of `someField`
+   * inverse.assertEquals(Field(1).div(someField)); // This statement is always true regardless of the value of `someField`
    * ```
    *
    * **Warning**: This is a modular inverse. See {@link div} method for more details.
@@ -7493,7 +7498,7 @@ var Field3 = class _Field {
    * Assert that this {@link Field} is less than another "field-like" value.
    *
    * Note: This uses fewer constraints than `x.lessThan(y).assertTrue()`.
-   * See {@link Field.lessThan} for more details.
+   * See {@link lessThan} for more details.
    *
    * **Important**: If an assertion fails, the code throws an error.
    *
@@ -11424,7 +11429,7 @@ var Sign3 = class _Sign extends CircuitValue {
     return new _Sign(Field4(-1));
   }
   static check(x) {
-    x.value.square().assertEquals(Field4(1));
+    x.value.square().assertEquals(1);
   }
   static empty() {
     return _Sign.one;
@@ -11449,7 +11454,10 @@ var Sign3 = class _Sign extends CircuitValue {
     return new _Sign(this.value.mul(y.value));
   }
   isPositive() {
-    return this.value.equals(Field4(1));
+    return this.value.equals(1);
+  }
+  isNegative() {
+    return this.value.equals(-1);
   }
   toString() {
     return this.value.toString();
@@ -11502,9 +11510,9 @@ var Int64 = class _Int64 extends CircuitValue {
     let isValidNegative = Field4.ORDER - xBigInt < TWO64;
     if (!isValidPositive && !isValidNegative)
       throw Error(`Int64: Expected a value between (-2^64, 2^64), got ${x}`);
-    let magnitude = Field4(isValidPositive ? x.toString() : x.neg().toString());
+    let magnitude = (isValidPositive ? x : x.neg()).toConstant();
     let sign3 = isValidPositive ? Sign3.one : Sign3.minusOne;
-    return new _Int64(new UInt642(magnitude.value), sign3);
+    return new _Int64(UInt642.Unsafe.fromField(magnitude), sign3);
   }
   // this doesn't check ranges because we assume they're already checked on UInts
   /**
@@ -11578,13 +11586,20 @@ var Int64 = class _Int64 extends CircuitValue {
     xInt.toField().assertEquals(x);
     return xInt;
   }
+  /**
+   * @deprecated Use {@link negV2()} instead.
+   * The current implementation will not be backwards-compatible with v2.
+   */
+  neg() {
+    return new _Int64(this.magnitude, this.sgn.neg());
+  }
   /**
    * Negates the value.
    *
    * `Int64.from(5).neg()` will turn into `Int64.from(-5)`
    */
-  neg() {
-    return new _Int64(this.magnitude, this.sgn.neg());
+  negV2() {
+    return Provable.if(this.magnitude.value.equals(0), _Int64.zero, new _Int64(this.magnitude, this.sgn.neg()));
   }
   /**
    * Addition with overflow checking.
@@ -11612,7 +11627,7 @@ var Int64 = class _Int64 extends CircuitValue {
    *
    * `x.div(y)` returns the floor of `x / y`, that is, the greatest
    * `z` such that `z * y <= x`.
-   *
+   * On negative numbers, this rounds towards zero.
    */
   div(y) {
     let y_ = _Int64.from(y);
@@ -11620,16 +11635,28 @@ var Int64 = class _Int64 extends CircuitValue {
     let sign3 = this.sgn.mul(y_.sgn);
     return new _Int64(quotient, sign3);
   }
+  /**
+   * @deprecated Use {@link modV2()} instead.
+   * This implementation is vulnerable whenever `this` is zero.
+   * It allows the prover to return `y` instead of 0 as the result.
+   */
+  mod(y) {
+    let y_ = UInt642.from(y);
+    let rest = this.magnitude.divMod(y_).rest.value;
+    rest = Provable.if(this.isPositive(), rest, y_.value.sub(rest));
+    return new _Int64(new UInt642(rest.value));
+  }
   /**
    * Integer remainder.
    *
    * `x.mod(y)` returns the value `z` such that `0 <= z < y` and
    * `x - z` is divisible by `y`.
    */
-  mod(y) {
+  modV2(y) {
     let y_ = UInt642.from(y);
     let rest = this.magnitude.divMod(y_).rest.value;
-    rest = Provable.if(this.isPositive(), rest, y_.value.sub(rest));
+    let isNonNegative = this.magnitude.equals(UInt642.zero).or(this.sgn.isPositive());
+    rest = Provable.if(isNonNegative, rest, y_.value.sub(rest));
     return new _Int64(new UInt642(rest.value));
   }
   /**
@@ -11647,11 +11674,40 @@ var Int64 = class _Int64 extends CircuitValue {
     this.toField().assertEquals(y_.toField(), message);
   }
   /**
-   * Checks if the value is positive.
+   * @deprecated Use {@link isPositiveV2} instead.
+   * The current implementation actually tests for non-negativity, but is wrong for the negative representation of 0.
    */
   isPositive() {
     return this.sgn.isPositive();
   }
+  /**
+   * Checks if the value is positive (x > 0).
+   */
+  isPositiveV2() {
+    return this.magnitude.equals(UInt642.zero).not().and(this.sgn.isPositive());
+  }
+  // TODO add this when `checkV2` is enabled
+  // then it will be the correct logic; right now it would be misleading
+  /**
+   * Checks if the value is non-negative (x >= 0).
+   */
+  // isNonNegativeV2() {
+  //   return this.sgn.isPositive();
+  // }
+  // TODO add this when `checkV2` is enabled
+  // then it will be the correct logic; right now it would be misleading
+  /**
+   * Checks if the value is negative (x < 0).
+   */
+  // isNegative() {
+  //   return this.sgn.isNegative();
+  // }
+  // TODO enable this check method in v2, to force a unique representation of 0
+  static checkV2({ magnitude, sgn }) {
+    UInt642.check(magnitude);
+    Sign3.check(sgn);
+    magnitude.value.add(sgn.value).assertNotEquals(-1, "Int64: 0 must have positive sign");
+  }
 };
 (0, import_tslib3.__decorate)([
   prop,
@@ -14116,7 +14172,7 @@ function equals2(p1, p22, Curve) {
   let yEquals = ForeignField.equals(p1.y, p22.y, Curve.modulus);
   return xEquals.and(yEquals);
 }
-function verifyEcdsa(Curve, signature, msgHash, publicKey, config = { G: { windowSize: 4 }, P: { windowSize: 4 } }) {
+function verifyEcdsaGeneric(Curve, signature, msgHash, publicKey, multiScalarMul2, config = { G: { windowSize: 4 }, P: { windowSize: 4 } }) {
   if (EcdsaSignature.isConstant(signature) && Field32.isConstant(msgHash) && Point.isConstant(publicKey)) {
     let isValid = verifyEcdsaConstant(Curve, EcdsaSignature.toBigint(signature), Field32.toBigint(msgHash), Point.toBigint(publicKey));
     return new Bool3(isValid);
@@ -14127,11 +14183,17 @@ function verifyEcdsa(Curve, signature, msgHash, publicKey, config = { G: { windo
   let u1 = ForeignField.mul(msgHash, sInv, Curve.order);
   let u2 = ForeignField.mul(r, sInv, Curve.order);
   let G = Point.from(Curve.one);
-  let R = multiScalarMul([u1, u2], [G, publicKey], Curve, config && [config.G, config.P], "assert-nonzero", config?.ia);
+  let R = multiScalarMul2([u1, u2], [G, publicKey], Curve, config && [config.G, config.P], "assert-nonzero", config?.ia);
   let Rx = ForeignField.mul(R.x, Field32.from(1n), Curve.order);
   ForeignField.assertLessThan(Rx, Curve.order);
   return Provable.equal(Field32.provable, Rx, r);
 }
+function verifyEcdsa(Curve, signature, msgHash, publicKey, config = { G: { windowSize: 4 }, P: { windowSize: 4 } }) {
+  return verifyEcdsaGeneric(Curve, signature, msgHash, publicKey, (scalars, points, Curve2, configs, mode, ia) => multiScalarMul(scalars, points, Curve2, configs, mode, ia, true), config);
+}
+function verifyEcdsaV2(Curve, signature, msgHash, publicKey, config = { G: { windowSize: 4 }, P: { windowSize: 3 } }) {
+  return verifyEcdsaGeneric(Curve, signature, msgHash, publicKey, (scalars, points, Curve2, configs, mode, ia) => multiScalarMul(scalars, points, Curve2, configs, mode, ia, false), config);
+}
 function verifyEcdsaConstant(Curve, { r, s }, msgHash, publicKey) {
   let pk = Curve.from(publicKey);
   if (Curve.equal(pk, Curve.zero))
@@ -14151,28 +14213,35 @@ function verifyEcdsaConstant(Curve, { r, s }, msgHash, publicKey) {
     return false;
   return Curve.Scalar.equal(R.x, r);
 }
-function multiScalarMul(scalars, points, Curve, tableConfigs = [], mode = "assert-nonzero", ia) {
+function multiScalarMulConstant(scalars, points, Curve, mode = "assert-nonzero") {
   let n = points.length;
   assert3(scalars.length === n, "Points and scalars lengths must match");
   assertPositiveInteger(n, "Expected at least 1 point and scalar");
   let useGlv = Curve.hasEndomorphism;
-  if (scalars.every(Field32.isConstant) && points.every(Point.isConstant)) {
-    let s = scalars.map(Field32.toBigint);
-    let P = points.map(Point.toBigint);
-    let sum3 = Curve.zero;
-    for (let i = 0; i < n; i++) {
-      if (useGlv) {
-        sum3 = Curve.add(sum3, Curve.Endo.scale(P[i], s[i]));
-      } else {
-        sum3 = Curve.add(sum3, Curve.scale(P[i], s[i]));
-      }
-    }
-    if (mode === "assert-zero") {
-      assert3(sum3.infinity, "scalar multiplication: expected zero result");
-      return Point.from(Curve.zero);
+  let s = scalars.map(Field32.toBigint);
+  let P = points.map(Point.toBigint);
+  let sum2 = Curve.zero;
+  for (let i = 0; i < n; i++) {
+    if (useGlv) {
+      sum2 = Curve.add(sum2, Curve.Endo.scale(P[i], s[i]));
+    } else {
+      sum2 = Curve.add(sum2, Curve.scale(P[i], s[i]));
     }
-    assert3(!sum3.infinity, "scalar multiplication: expected non-zero result");
-    return Point.from(sum3);
+  }
+  if (mode === "assert-zero") {
+    assert3(sum2.infinity, "scalar multiplication: expected zero result");
+    return Point.from(Curve.zero);
+  }
+  assert3(!sum2.infinity, "scalar multiplication: expected non-zero result");
+  return Point.from(sum2);
+}
+function multiScalarMul(scalars, points, Curve, tableConfigs = [], mode = "assert-nonzero", ia, hashed = true) {
+  let n = points.length;
+  assert3(scalars.length === n, "Points and scalars lengths must match");
+  assertPositiveInteger(n, "Expected at least 1 point and scalar");
+  let useGlv = Curve.hasEndomorphism;
+  if (scalars.every(Field32.isConstant) && points.every(Point.isConstant)) {
+    return multiScalarMulConstant(scalars, points, Curve, mode);
   }
   let windowSizes = points.map((_, i) => tableConfigs[i]?.windowSize ?? 1);
   let tables = points.map((P, i) => getPointTable(Curve, P, windowSizes[i], tableConfigs[i]?.multiples));
@@ -14212,15 +14281,23 @@ function multiScalarMul(scalars, points, Curve, tableConfigs = [], mode = "asser
   }
   let scalarChunks = scalars.map((s, i) => sliceField3(s, { maxBits, chunkSize: windowSizes[i] }));
   const HashedPoint = Hashed.create(Point.provable);
-  let hashedTables = tables.map((table) => table.map((point) => HashedPoint.hash(point)));
   ia ??= initialAggregator(Curve);
   let sum2 = Point.from(ia);
+  let hashedTables = [];
+  if (hashed) {
+    hashedTables = tables.map((table) => table.map((point) => HashedPoint.hash(point)));
+  }
   for (let i = maxBits - 1; i >= 0; i--) {
     for (let j = 0; j < n; j++) {
       let windowSize = windowSizes[j];
       if (i % windowSize === 0) {
         let sj = scalarChunks[j][i / windowSize];
-        let sjP = windowSize === 1 ? points[j] : arrayGetGeneric(HashedPoint.provable, hashedTables[j], sj).unhash();
+        let sjP;
+        if (hashed) {
+          sjP = windowSize === 1 ? points[j] : arrayGetGeneric(HashedPoint.provable, hashedTables[j], sj).unhash();
+        } else {
+          sjP = windowSize === 1 ? points[j] : arrayGetGeneric(Point.provable, tables[j], sj);
+        }
         let added = add2(sum2, sjP, Curve);
         sum2 = Provable.if(sj.equals(0), Point.provable, sum2, added);
       }
@@ -14389,6 +14466,7 @@ var EcdsaSignature = {
 var Ecdsa = {
   sign: signEcdsa,
   verify: verifyEcdsa,
+  verifyV2: verifyEcdsaV2,
   Signature: EcdsaSignature
 };
 function reduceMrcStack(xs) {
@@ -14967,6 +15045,14 @@ var EcdsaSignature2 = class {
   toBigInt() {
     return { r: this.r.toBigInt(), s: this.s.toBigInt() };
   }
+  /**
+   * @deprecated There is a security vulnerability in this method. Use {@link verifyV2} instead.
+   */
+  verify(message, publicKey) {
+    let msgHashBytes = Keccak.ethereum(message);
+    let msgHash = keccakOutputToScalar(msgHashBytes, this.Constructor.Curve);
+    return this.verifySignedHash(msgHash, publicKey);
+  }
   /**
    * Verify the ECDSA signature given the message (an array of bytes) and public key (a {@link Curve} point).
    *
@@ -15001,10 +15087,18 @@ var EcdsaSignature2 = class {
    * isValid.assertTrue('signature verifies');
    * ```
    */
-  verify(message, publicKey) {
+  verifyV2(message, publicKey) {
     let msgHashBytes = Keccak.ethereum(message);
     let msgHash = keccakOutputToScalar(msgHashBytes, this.Constructor.Curve);
-    return this.verifySignedHash(msgHash, publicKey);
+    return this.verifySignedHashV2(msgHash, publicKey);
+  }
+  /**
+   * @deprecated There is a security vulnerability in this method. Use {@link verifySignedHashV2} instead.
+   */
+  verifySignedHash(msgHash, publicKey) {
+    let msgHash_ = this.Constructor.Curve.Scalar.from(msgHash);
+    let publicKey_ = this.Constructor.Curve.from(publicKey);
+    return Ecdsa.verify(this.Constructor.Curve.Bigint, toObject(this), msgHash_.value, toPoint(publicKey_));
   }
   /**
    * Verify the ECDSA signature given the message hash (a {@link Scalar}) and public key (a {@link Curve} point).
@@ -15013,10 +15107,10 @@ var EcdsaSignature2 = class {
    * In contrast, this method just takes the message hash (a curve scalar) as input, giving you flexibility in
    * choosing the hashing algorithm.
    */
-  verifySignedHash(msgHash, publicKey) {
+  verifySignedHashV2(msgHash, publicKey) {
     let msgHash_ = this.Constructor.Curve.Scalar.from(msgHash);
     let publicKey_ = this.Constructor.Curve.from(publicKey);
-    return Ecdsa.verify(this.Constructor.Curve.Bigint, toObject(this), msgHash_.value, toPoint(publicKey_));
+    return Ecdsa.verifyV2(this.Constructor.Curve.Bigint, toObject(this), msgHash_.value, toPoint(publicKey_));
   }
   /**
    * Create an {@link EcdsaSignature} by signing a message with a private key.
@@ -15878,7 +15972,7 @@ function createEvents({ Field: Field5, Poseidon: Poseidon3 }) {
   function emptyHashWithPrefix2(prefix) {
     return salt2(prefix)[0];
   }
-  const Events3 = {
+  const Events4 = {
     empty() {
       let hash3 = emptyHashWithPrefix2("MinaZkappEventsEmpty");
       return { hash: hash3, data: [] };
@@ -15889,16 +15983,16 @@ function createEvents({ Field: Field5, Poseidon: Poseidon3 }) {
       return { hash: hash3, data: [event, ...events.data] };
     },
     fromList(events) {
-      return [...events].reverse().reduce(Events3.pushEvent, Events3.empty());
+      return [...events].reverse().reduce(Events4.pushEvent, Events4.empty());
     },
     hash(events) {
-      return Events3.fromList(events).hash;
+      return Events4.fromList(events).hash;
     }
   };
   const EventsProvable = {
-    ...Events3,
+    ...Events4,
     ...dataAsHash({
-      empty: Events3.empty,
+      empty: Events4.empty,
       toValue(data) {
         return data.map((row) => row.map((e) => Field5.toBigint(e)));
       },
@@ -15910,13 +16004,13 @@ function createEvents({ Field: Field5, Poseidon: Poseidon3 }) {
       },
       fromJSON(json) {
         let data = json.map((row) => row.map((e) => Field5.fromJSON(e)));
-        let hash3 = Events3.hash(data);
+        let hash3 = Events4.hash(data);
         return { data, hash: hash3 };
       },
       Field: Field5
     })
   };
-  const Actions3 = {
+  const Actions4 = {
     // same as events but w/ different hash prefixes
     empty() {
       let hash3 = emptyHashWithPrefix2("MinaZkappActionsEmpty");
@@ -15931,7 +16025,7 @@ function createEvents({ Field: Field5, Poseidon: Poseidon3 }) {
       return { hash: hash3, data: [event, ...actions.data] };
     },
     fromList(events) {
-      return [...events].reverse().reduce(Actions3.pushEvent, Actions3.empty());
+      return [...events].reverse().reduce(Actions4.pushEvent, Actions4.empty());
     },
     hash(events) {
       return this.fromList(events).hash;
@@ -15948,9 +16042,9 @@ function createEvents({ Field: Field5, Poseidon: Poseidon3 }) {
     }
   };
   const ActionsProvable = {
-    ...Actions3,
+    ...Actions4,
     ...dataAsHash({
-      empty: Actions3.empty,
+      empty: Actions4.empty,
       toValue(data) {
         return data.map((row) => row.map((e) => Field5.toBigint(e)));
       },
@@ -15962,7 +16056,7 @@ function createEvents({ Field: Field5, Poseidon: Poseidon3 }) {
       },
       fromJSON(json) {
         let data = json.map((row) => row.map((e) => Field5.fromJSON(e)));
-        let hash3 = Actions3.hash(data);
+        let hash3 = Actions4.hash(data);
         return { data, hash: hash3 };
       },
       Field: Field5
@@ -18949,157 +19043,815 @@ function Option(type) {
   };
 }
 
-// dist/node/lib/mina/mina.js
-var mina_exports = {};
-__export(mina_exports, {
-  LocalBlockchain: () => LocalBlockchain,
-  Network: () => Network2,
-  TestPublicKey: () => TestPublicKey,
-  Transaction: () => Transaction,
-  activeInstance: () => activeInstance,
-  currentSlot: () => currentSlot,
-  currentTransaction: () => currentTransaction,
-  faucet: () => faucet,
-  fetchActions: () => fetchActions,
-  fetchEvents: () => fetchEvents,
-  filterGroups: () => filterGroups,
-  getAccount: () => getAccount,
-  getActions: () => getActions,
-  getBalance: () => getBalance,
-  getNetworkConstants: () => getNetworkConstants,
-  getNetworkId: () => getNetworkId,
-  getNetworkState: () => getNetworkState,
-  getProofsEnabled: () => getProofsEnabled,
-  hasAccount: () => hasAccount,
-  sender: () => sender,
-  setActiveInstance: () => setActiveInstance,
-  transaction: () => transaction,
-  waitForFunding: () => waitForFunding
-});
-
-// dist/node/lib/mina/mina-instance.js
-var defaultAccountCreationFee = 1e9;
-var defaultNetworkConstants = {
-  genesisTimestamp: UInt642.from(0),
-  slotTime: UInt642.from(3 * 60 * 1e3),
-  accountCreationFee: UInt642.from(defaultAccountCreationFee)
-};
-var ZkappStateLength = 8;
-var activeInstance = {
-  getNetworkConstants: () => defaultNetworkConstants,
-  currentSlot: noActiveInstance,
-  hasAccount: noActiveInstance,
-  getAccount: noActiveInstance,
-  getNetworkState: noActiveInstance,
-  sendTransaction: noActiveInstance,
-  transaction: noActiveInstance,
-  fetchEvents: noActiveInstance,
-  fetchActions: noActiveInstance,
-  getActions: noActiveInstance,
-  proofsEnabled: true,
-  getNetworkId: () => "testnet"
-};
-function setActiveInstance(m) {
-  activeInstance = m;
-}
-function noActiveInstance() {
-  throw Error("Must call Mina.setActiveInstance first");
-}
-function currentSlot() {
-  return activeInstance.currentSlot();
-}
-function getAccount(publicKey, tokenId) {
-  return activeInstance.getAccount(publicKey, tokenId);
-}
-function hasAccount(publicKey, tokenId) {
-  return activeInstance.hasAccount(publicKey, tokenId);
-}
-function getNetworkId() {
-  return activeInstance.getNetworkId();
-}
-function getNetworkConstants() {
-  return activeInstance.getNetworkConstants();
-}
-function getNetworkState() {
-  return activeInstance.getNetworkState();
-}
-function getBalance(publicKey, tokenId) {
-  return activeInstance.getAccount(publicKey, tokenId).balance;
-}
-async function fetchEvents(publicKey, tokenId, filterOptions = {}) {
-  return await activeInstance.fetchEvents(publicKey, tokenId, filterOptions);
-}
-async function fetchActions(publicKey, actionStates, tokenId) {
-  return await activeInstance.fetchActions(publicKey, actionStates, tokenId);
-}
-function getActions(publicKey, actionStates, tokenId) {
-  return activeInstance.getActions(publicKey, actionStates, tokenId);
-}
-function getProofsEnabled() {
-  return activeInstance.proofsEnabled;
-}
-
-// dist/node/lib/mina/precondition.js
-var NetworkPrecondition = {
-  ignoreAll() {
-    let stakingEpochData = {
-      ledger: { hash: ignore(Field4(0)), totalCurrency: ignore(uint64()) },
-      seed: ignore(Field4(0)),
-      startCheckpoint: ignore(Field4(0)),
-      lockCheckpoint: ignore(Field4(0)),
-      epochLength: ignore(uint32())
-    };
-    let nextEpochData = cloneCircuitValue(stakingEpochData);
-    return {
-      snarkedLedgerHash: ignore(Field4(0)),
-      blockchainLength: ignore(uint32()),
-      minWindowDensity: ignore(uint32()),
-      totalCurrency: ignore(uint64()),
-      globalSlotSinceGenesis: ignore(uint32()),
-      stakingEpochData,
-      nextEpochData
-    };
+// dist/node/lib/provable/merkle-tree.js
+var MerkleTree = class _MerkleTree {
+  /**
+   * Creates a new, empty [Merkle Tree](https://en.wikipedia.org/wiki/Merkle_tree).
+   * @param height The height of Merkle Tree.
+   * @returns A new MerkleTree
+   */
+  constructor(height) {
+    this.height = height;
+    this.nodes = {};
+    this.zeroes = new Array(height);
+    this.zeroes[0] = Field4(0);
+    for (let i = 1; i < height; i += 1) {
+      this.zeroes[i] = Poseidon2.hash([this.zeroes[i - 1], this.zeroes[i - 1]]);
+    }
   }
-};
-function ignore(dummy) {
-  return { isSome: Bool4(false), value: dummy };
-}
-var uint32 = () => ({ lower: UInt322.from(0), upper: UInt322.MAXINT() });
-var uint64 = () => ({ lower: UInt642.from(0), upper: UInt642.MAXINT() });
-var AccountPrecondition = {
-  ignoreAll() {
-    let appState = [];
-    for (let i = 0; i < ZkappStateLength; ++i) {
-      appState.push(ignore(Field4(0)));
+  /**
+   * Return a new MerkleTree with the same contents as this one.
+   */
+  clone() {
+    let newTree = new _MerkleTree(this.height);
+    for (let [level, nodes] of Object.entries(this.nodes)) {
+      newTree.nodes[level] = { ...nodes };
     }
-    return {
-      balance: ignore(uint64()),
-      nonce: ignore(uint32()),
-      receiptChainHash: ignore(Field4(0)),
-      delegate: ignore(PublicKey2.empty()),
-      state: appState,
-      actionState: ignore(Actions.emptyActionState()),
-      provedState: ignore(Bool4(false)),
-      isNew: ignore(Bool4(false))
-    };
+    return newTree;
   }
-};
-var GlobalSlotPrecondition = {
-  ignoreAll() {
-    return ignore(uint32());
+  /**
+   * Returns a node which lives at a given index and level.
+   * @param level Level of the node.
+   * @param index Index of the node.
+   * @returns The data of the node.
+   */
+  getNode(level, index) {
+    return this.nodes[level]?.[index.toString()] ?? this.zeroes[level];
   }
-};
-var Preconditions = {
-  ignoreAll() {
-    return {
-      account: AccountPrecondition.ignoreAll(),
-      network: NetworkPrecondition.ignoreAll(),
-      validWhile: GlobalSlotPrecondition.ignoreAll()
-    };
+  /**
+   * Returns a leaf at a given index.
+   * @param index Index of the leaf.
+   * @returns The data of the leaf.
+   */
+  getLeaf(key) {
+    return this.getNode(0, key);
   }
-};
-function preconditions(accountUpdate, isSelf) {
-  initializePreconditions(accountUpdate, isSelf);
+  /**
+   * Returns the root of the [Merkle Tree](https://en.wikipedia.org/wiki/Merkle_tree).
+   * @returns The root of the Merkle Tree.
+   */
+  getRoot() {
+    return this.getNode(this.height - 1, 0n);
+  }
+  // TODO: this allows to set a node at an index larger than the size. OK?
+  setNode(level, index, value) {
+    (this.nodes[level] ??= {})[index.toString()] = value;
+  }
+  // TODO: if this is passed an index bigger than the max, it will set a couple of out-of-bounds nodes but not affect the real Merkle root. OK?
+  /**
+   * Sets the value of a leaf node at a given index to a given value.
+   * @param index Position of the leaf node.
+   * @param leaf New value.
+   */
+  setLeaf(index, leaf) {
+    if (index >= this.leafCount) {
+      throw new Error(`index ${index} is out of range for ${this.leafCount} leaves.`);
+    }
+    this.setNode(0, index, leaf);
+    let currIndex = index;
+    for (let level = 1; level < this.height; level++) {
+      currIndex /= 2n;
+      const left = this.getNode(level - 1, currIndex * 2n);
+      const right = this.getNode(level - 1, currIndex * 2n + 1n);
+      this.setNode(level, currIndex, Poseidon2.hash([left, right]));
+    }
+  }
+  /**
+   * Returns the witness (also known as [Merkle Proof or Merkle Witness](https://computersciencewiki.org/index.php/Merkle_proof)) for the leaf at the given index.
+   * @param index Position of the leaf node.
+   * @returns The witness that belongs to the leaf.
+   */
+  getWitness(index) {
+    if (index >= this.leafCount) {
+      throw new Error(`index ${index} is out of range for ${this.leafCount} leaves.`);
+    }
+    const witness2 = [];
+    for (let level = 0; level < this.height - 1; level++) {
+      const isLeft = index % 2n === 0n;
+      const sibling = this.getNode(level, isLeft ? index + 1n : index - 1n);
+      witness2.push({ isLeft, sibling });
+      index /= 2n;
+    }
+    return witness2;
+  }
+  // TODO: this will always return true if the merkle tree was constructed normally; seems to be only useful for testing. remove?
+  /**
+   * Checks if the witness that belongs to the leaf at the given index is a valid witness.
+   * @param index Position of the leaf node.
+   * @returns True if the witness for the leaf node is valid.
+   */
+  validate(index) {
+    const path = this.getWitness(index);
+    let hash3 = this.getNode(0, index);
+    for (const node of path) {
+      hash3 = Poseidon2.hash(node.isLeft ? [hash3, node.sibling] : [node.sibling, hash3]);
+    }
+    return hash3.toString() === this.getRoot().toString();
+  }
+  // TODO: should this take an optional offset? should it fail if the array is too long?
+  /**
+   * Fills all leaves of the tree.
+   * @param leaves Values to fill the leaves with.
+   */
+  fill(leaves) {
+    leaves.forEach((value, index) => {
+      this.setLeaf(BigInt(index), value);
+    });
+  }
+  /**
+   * Returns the amount of leaf nodes.
+   * @returns Amount of leaf nodes.
+   */
+  get leafCount() {
+    return 2n ** BigInt(this.height - 1);
+  }
+};
+var BaseMerkleWitness = class extends CircuitValue {
+  height() {
+    return this.constructor.height;
+  }
+  /**
+   * Takes a {@link Witness} and turns it into a circuit-compatible Witness.
+   * @param witness Witness.
+   * @returns A circuit-compatible Witness.
+   */
+  constructor(witness2) {
+    super();
+    let height = witness2.length + 1;
+    if (height !== this.height()) {
+      throw Error(`Length of witness ${height}-1 doesn't match static tree height ${this.height()}.`);
+    }
+    this.path = witness2.map((item) => item.sibling);
+    this.isLeft = witness2.map((item) => Bool4(item.isLeft));
+  }
+  /**
+   * Calculates a root depending on the leaf value.
+   * @param leaf Value of the leaf node that belongs to this Witness.
+   * @returns The calculated root.
+   */
+  calculateRoot(leaf) {
+    let hash3 = leaf;
+    let n = this.height();
+    for (let i = 1; i < n; ++i) {
+      let isLeft = this.isLeft[i - 1];
+      const [left, right] = conditionalSwap(isLeft, hash3, this.path[i - 1]);
+      hash3 = Poseidon2.hash([left, right]);
+    }
+    return hash3;
+  }
+  /**
+   * Calculates the index of the leaf node that belongs to this Witness.
+   * @returns Index of the leaf.
+   */
+  calculateIndex() {
+    let powerOfTwo = Field4(1);
+    let index = Field4(0);
+    let n = this.height();
+    for (let i = 1; i < n; ++i) {
+      index = Provable.if(this.isLeft[i - 1], index, index.add(powerOfTwo));
+      powerOfTwo = powerOfTwo.mul(2);
+    }
+    return index;
+  }
+};
+function MerkleWitness(height) {
+  class MerkleWitness_ extends BaseMerkleWitness {
+  }
+  MerkleWitness_.height = height;
+  arrayProp(Field4, height - 1)(MerkleWitness_.prototype, "path");
+  arrayProp(Bool4, height - 1)(MerkleWitness_.prototype, "isLeft");
+  return MerkleWitness_;
+}
+function conditionalSwap(b2, x, y) {
+  let m = b2.toField().mul(x.sub(y));
+  const x_ = y.add(m);
+  const y_ = x.sub(m);
+  return [x_, y_];
+}
+
+// dist/node/lib/provable/merkle-tree-indexed.js
+function IndexedMerkleMap(height) {
+  var _a;
+  assert3(height > 0, "height must be positive");
+  assert3(height < 53, "height must be less than 53, so that we can use 64-bit floats to represent indices.");
+  return _a = class IndexedMerkleMap extends IndexedMerkleMapBase {
+    get height() {
+      return height;
+    }
+  }, _a.provable = provableFromClass(_a, provableBase), _a;
+}
+var provableBase = {
+  root: Field4,
+  length: Field4,
+  data: Unconstrained.provableWithEmpty({
+    nodes: [],
+    sortedLeaves: []
+  })
+};
+var IndexedMerkleMapBase = class _IndexedMerkleMapBase {
+  // static data defining constraints
+  get height() {
+    throw Error("Height must be defined in a subclass");
+  }
+  /**
+   * Creates a new, empty Indexed Merkle Map.
+   */
+  constructor() {
+    let height = this.height;
+    let nodes = Array(height);
+    for (let level = 0; level < height; level++) {
+      nodes[level] = [];
+    }
+    let firstLeaf = _IndexedMerkleMapBase._firstLeaf;
+    let firstNode = Leaf.hashNode(firstLeaf).toBigInt();
+    let root = Nodes.setLeaf(nodes, 0, firstNode);
+    this.root = Field4(root);
+    this.length = Field4(1);
+    this.data = Unconstrained.from({ nodes, sortedLeaves: [firstLeaf] });
+  }
+  /**
+   * Clone the entire Merkle map.
+   *
+   * This method is provable.
+   */
+  clone() {
+    let cloned = new this.constructor();
+    cloned.root = this.root;
+    cloned.length = this.length;
+    cloned.data.updateAsProver(() => {
+      let { nodes, sortedLeaves } = this.data.get();
+      return {
+        nodes: nodes.map((row) => [...row]),
+        sortedLeaves: [...sortedLeaves]
+      };
+    });
+    return cloned;
+  }
+  /**
+   * Overwrite the entire Merkle map with another one.
+   *
+   * This method is provable.
+   */
+  overwrite(other) {
+    this.overwriteIf(true, other);
+  }
+  /**
+   * Overwrite the entire Merkle map with another one, if the condition is true.
+   *
+   * This method is provable.
+   */
+  overwriteIf(condition, other) {
+    condition = Bool4(condition);
+    this.root = Provable.if(condition, other.root, this.root);
+    this.length = Provable.if(condition, other.length, this.length);
+    this.data.updateAsProver(() => Bool4(condition).toBoolean() ? other.clone().data.get() : this.data.get());
+  }
+  /**
+   * Insert a new leaf `(key, value)`.
+   *
+   * Proves that `key` doesn't exist yet.
+   */
+  insert(key, value) {
+    key = Field4(key);
+    value = Field4(value);
+    let index = this.length;
+    let indexBits = index.toBits(this.height - 1);
+    let low = Provable.witness(Leaf, () => this._findLeaf(key).low);
+    let lowPath = this._proveInclusion(low, "Invalid low node (root)");
+    assertStrictlyBetween(low.key, key, low.nextKey, "Key already exists in the tree");
+    let newLow = { ...low, nextKey: key };
+    this.root = this._proveUpdate(newLow, lowPath);
+    this._setLeafUnconstrained(true, newLow);
+    let leaf = Leaf.nextAfter(newLow, index, {
+      key,
+      value,
+      nextKey: low.nextKey
+    });
+    let path = this._proveEmpty(indexBits);
+    this.root = this._proveUpdate(leaf, path);
+    this.length = this.length.add(1);
+    this._setLeafUnconstrained(false, leaf);
+  }
+  /**
+   * Update an existing leaf `(key, value)`.
+   *
+   * Proves that the `key` exists.
+   *
+   * Returns the previous value.
+   */
+  update(key, value) {
+    key = Field4(key);
+    value = Field4(value);
+    let self = Provable.witness(Leaf, () => this._findLeaf(key).self);
+    let path = this._proveInclusion(self, "Key does not exist in the tree");
+    self.key.assertEquals(key, "Invalid leaf (key)");
+    let newSelf = { ...self, value };
+    this.root = this._proveUpdate(newSelf, path);
+    this._setLeafUnconstrained(true, newSelf);
+    return self.value;
+  }
+  /**
+   * Perform _either_ an insertion or update, depending on whether the key exists.
+   *
+   * Note: This method is handling both the `insert()` and `update()` case at the same time, so you
+   * can use it if you don't know whether the key exists or not.
+   *
+   * However, this comes at an efficiency cost, so prefer to use `insert()` or `update()` if you know whether the key exists.
+   *
+   * Returns the previous value, as an option (which is `None` if the key didn't exist before).
+   */
+  set(key, value) {
+    key = Field4(key);
+    value = Field4(value);
+    let { low, self } = Provable.witness(LeafPair, () => this._findLeaf(key));
+    let lowPath = this._proveInclusion(low, "Invalid low node (root)");
+    assertBetween(low.key, key, low.nextKey, "Invalid low node (key)");
+    let keyExists = low.nextKey.equals(key);
+    let index = Provable.witness(Field4, () => self.index.get());
+    index = Provable.if(keyExists, index, this.length);
+    let indexBits = index.toBits(this.height - 1);
+    let newLow = { ...low, nextKey: key };
+    this.root = this._proveUpdate(newLow, lowPath);
+    this._setLeafUnconstrained(true, newLow);
+    let path = this._proveInclusionOrEmpty(keyExists, indexBits, self, "Invalid leaf (root)");
+    assert3(keyExists.implies(self.key.equals(key)), "Invalid leaf (key)");
+    let newLeaf = Leaf.nextAfter(newLow, index, {
+      key,
+      value,
+      nextKey: Provable.if(keyExists, self.nextKey, low.nextKey)
+    });
+    this.root = this._proveUpdate(newLeaf, path);
+    this.length = Provable.if(keyExists, this.length, this.length.add(1));
+    this._setLeafUnconstrained(keyExists, newLeaf);
+    return new OptionField({ isSome: keyExists, value: self.value });
+  }
+  /**
+   * Get a value from a key.
+   *
+   * Proves that the key already exists in the map yet and fails otherwise.
+   */
+  get(key) {
+    key = Field4(key);
+    let self = Provable.witness(Leaf, () => this._findLeaf(key).self);
+    this._proveInclusion(self, "Key does not exist in the tree");
+    self.key.assertEquals(key, "Invalid leaf (key)");
+    return self.value;
+  }
+  /**
+   * Get a value from a key.
+   *
+   * Returns an option which is `None` if the key doesn't exist. (In that case, the option's value is unconstrained.)
+   *
+   * Note that this is more flexible than `get()` and allows you to handle the case where the key doesn't exist.
+   * However, it uses about twice as many constraints for that reason.
+   */
+  getOption(key) {
+    key = Field4(key);
+    let { low, self } = Provable.witness(LeafPair, () => this._findLeaf(key));
+    this._proveInclusion(low, "Invalid low node (root)");
+    assertBetween(low.key, key, low.nextKey, "Invalid low node (key)");
+    let keyExists = low.nextKey.equals(key);
+    this._proveInclusionIf(keyExists, self, "Invalid leaf (root)");
+    assert3(keyExists.implies(self.key.equals(key)), "Invalid leaf (key)");
+    return new OptionField({ isSome: keyExists, value: self.value });
+  }
+  // methods to check for inclusion for a key without being concerned about the value
+  /**
+   * Prove that the given key exists in the map.
+   */
+  assertIncluded(key, message) {
+    key = Field4(key);
+    let self = Provable.witness(Leaf, () => this._findLeaf(key).self);
+    this._proveInclusion(self, message ?? "Key does not exist in the tree");
+    self.key.assertEquals(key, "Invalid leaf (key)");
+  }
+  /**
+   * Prove that the given key does not exist in the map.
+   */
+  assertNotIncluded(key, message) {
+    key = Field4(key);
+    let low = Provable.witness(Leaf, () => this._findLeaf(key).low);
+    this._proveInclusion(low, "Invalid low node (root)");
+    assertStrictlyBetween(low.key, key, low.nextKey, message ?? "Key already exists in the tree");
+  }
+  /**
+   * Check whether the given key exists in the map.
+   */
+  isIncluded(key) {
+    key = Field4(key);
+    let low = Provable.witness(Leaf, () => this._findLeaf(key).low);
+    this._proveInclusion(low, "Invalid low node (root)");
+    assertBetween(low.key, key, low.nextKey, "Invalid low node (key)");
+    return low.nextKey.equals(key);
+  }
+  // helper methods
+  /**
+   * Helper method to prove inclusion of a leaf in the tree.
+   */
+  _proveInclusion(leaf, message) {
+    let node = Leaf.hashNode(leaf);
+    let { root, path } = this._computeRoot(node, leaf.index);
+    root.assertEquals(this.root, message ?? "Leaf is not included in the tree");
+    return path;
+  }
+  /**
+   * Helper method to conditionally prove inclusion of a leaf in the tree.
+   */
+  _proveInclusionIf(condition, leaf, message) {
+    let node = Leaf.hashNode(leaf);
+    let { root } = this._computeRoot(node, leaf.index);
+    assert3(condition.implies(root.equals(this.root)), message ?? "Leaf is not included in the tree");
+  }
+  /**
+   * Helper method to prove inclusion of an empty leaf in the tree.
+   *
+   * This validates the path against the current root, so that we can use it to insert a new leaf.
+   */
+  _proveEmpty(index) {
+    let node = Field4(0n);
+    let { root, path } = this._computeRoot(node, index);
+    root.assertEquals(this.root, "Leaf is not empty");
+    return path;
+  }
+  /**
+   * Helper method to conditionally prove inclusion of a leaf in the tree.
+   *
+   * If the condition is false, we prove that the tree contains an empty leaf instead.
+   */
+  _proveInclusionOrEmpty(condition, index, leaf, message) {
+    let node = Provable.if(condition, Leaf.hashNode(leaf), Field4(0n));
+    let { root, path } = this._computeRoot(node, index);
+    root.assertEquals(this.root, message ?? "Leaf is not included in the tree");
+    return path;
+  }
+  /**
+   * Helper method to update the root against a previously validated path.
+   *
+   * Returns the new root.
+   */
+  _proveUpdate(leaf, path) {
+    let node = Leaf.hashNode(leaf);
+    let { root } = this._computeRoot(node, path.index, path.witness);
+    return root;
+  }
+  /**
+   * Helper method to compute the root given a leaf node and its index.
+   *
+   * The index can be given as a `Field` or as an array of bits.
+   */
+  _computeRoot(node, index, witness2) {
+    let indexBits = index instanceof Unconstrained ? Provable.witness(Provable.Array(Bool4, this.height - 1), () => Field4(index.get()).toBits(this.height - 1)) : index;
+    let witness_ = witness2 ?? Provable.witnessFields(this.height - 1, () => {
+      let witness3 = [];
+      let index2 = Number(Field4.fromBits(indexBits));
+      let { nodes } = this.data.get();
+      for (let level = 0; level < this.height - 1; level++) {
+        let i = index2 % 2 === 0 ? index2 + 1 : index2 - 1;
+        let sibling = Nodes.getNode(nodes, level, i, false);
+        witness3.push(sibling);
+        index2 >>= 1;
+      }
+      return witness3;
+    });
+    assert3(indexBits.length === this.height - 1, "Invalid index size");
+    assert3(witness_.length === this.height - 1, "Invalid witness size");
+    for (let level = 0; level < this.height - 1; level++) {
+      let isRight = indexBits[level];
+      let sibling = witness_[level];
+      let [right, left] = conditionalSwap(isRight, node, sibling);
+      node = Poseidon2.hash([left, right]);
+    }
+    return { root: node, path: { witness: witness_, index: indexBits } };
+  }
+  /**
+   * Given a key, returns both the low node and the leaf that contains the key.
+   *
+   * If the key does not exist, a dummy value is returned for the leaf.
+   *
+   * Can only be called outside provable code.
+   */
+  _findLeaf(key_) {
+    let key = typeof key_ === "bigint" ? key_ : key_.toBigInt();
+    assert3(key >= 0n, "key must be positive");
+    let leaves = this.data.get().sortedLeaves;
+    if (key === 0n)
+      return {
+        low: Leaf.fromStored(leaves[leaves.length - 1], leaves.length - 1),
+        self: Leaf.fromStored(leaves[0], 0)
+      };
+    let { lowIndex, foundValue } = bisectUnique(key, (i) => leaves[i].key, leaves.length);
+    let iLow = foundValue ? lowIndex - 1 : lowIndex;
+    let low = Leaf.fromStored(leaves[iLow], iLow);
+    let iSelf = foundValue ? lowIndex : 0;
+    let selfBase = foundValue ? leaves[lowIndex] : Leaf.toStored(Leaf.empty());
+    let self = Leaf.fromStored(selfBase, iSelf);
+    return { low, self };
+  }
+  /**
+   * Update or append a leaf in our internal data structures
+   */
+  _setLeafUnconstrained(leafExists, leaf) {
+    Provable.asProver(() => {
+      let { nodes, sortedLeaves } = this.data.get();
+      let i = leaf.index.get();
+      Nodes.setLeaf(nodes, i, Leaf.hashNode(leaf).toBigInt());
+      let leafValue = Leaf.toStored(leaf);
+      let iSorted = leaf.sortedIndex.get();
+      if (Bool4(leafExists).toBoolean()) {
+        sortedLeaves[iSorted % sortedLeaves.length] = leafValue;
+      } else {
+        sortedLeaves.splice(iSorted, 0, leafValue);
+      }
+    });
+  }
+};
+IndexedMerkleMapBase.provable = void 0;
+IndexedMerkleMapBase._firstLeaf = {
+  key: 0n,
+  value: 0n,
+  // the 0 key encodes the minimum and maximum at the same time
+  // so, if a second node is inserted, it will get `nextKey = 0`, and thus point to the first node
+  nextKey: 0n,
+  index: 0
+};
+var Nodes;
+(function(Nodes2) {
+  function setLeaf(nodes, index, leaf) {
+    nodes[0][index] = leaf;
+    let height = nodes.length;
+    for (let level = 0; level < height - 1; level++) {
+      let isLeft = index % 2 === 0;
+      index = Math.floor(index / 2);
+      let left = getNode(nodes, level, index * 2, isLeft);
+      let right = getNode(nodes, level, index * 2 + 1, !isLeft);
+      nodes[level + 1][index] = Poseidon.hash([left, right]);
+    }
+    return getNode(nodes, height - 1, 0, true);
+  }
+  Nodes2.setLeaf = setLeaf;
+  function getNode(nodes, level, index, nonEmpty) {
+    let node = nodes[level]?.[index];
+    if (node === void 0) {
+      if (nonEmpty)
+        throw Error(`node at level=${level}, index=${index} was expected to be known, but isn't.`);
+      node = empty4(level);
+    }
+    return node;
+  }
+  Nodes2.getNode = getNode;
+  const emptyNodes = [0n];
+  function empty4(level) {
+    for (let i = emptyNodes.length; i <= level; i++) {
+      let zero2 = emptyNodes[i - 1];
+      emptyNodes[i] = Poseidon.hash([zero2, zero2]);
+    }
+    return emptyNodes[level];
+  }
+  Nodes2.empty = empty4;
+})(Nodes || (Nodes = {}));
+var BaseLeaf = class extends Struct({
+  key: Field4,
+  value: Field4,
+  nextKey: Field4
+}) {
+};
+var Leaf = class extends Struct({
+  value: Field4,
+  key: Field4,
+  nextKey: Field4,
+  // auxiliary data that tells us where the leaf is stored
+  index: Unconstrained.provableWithEmpty(0),
+  sortedIndex: Unconstrained.provableWithEmpty(0)
+}) {
+  /**
+   * Compute a leaf node: the hash of a leaf that becomes part of the Merkle tree.
+   */
+  static hashNode(leaf) {
+    return Poseidon2.hashPacked(BaseLeaf, BaseLeaf.fromValue(leaf));
+  }
+  /**
+   * Create a new leaf, given its low node and index.
+   */
+  static nextAfter(low, index, leaf) {
+    return {
+      key: leaf.key,
+      value: leaf.value,
+      nextKey: leaf.nextKey,
+      index: Unconstrained.witness(() => Number(index)),
+      sortedIndex: Unconstrained.witness(() => low.sortedIndex.get() + 1)
+    };
+  }
+  // convert to/from internally stored format
+  static toStored(leaf) {
+    return {
+      key: leaf.key.toBigInt(),
+      value: leaf.value.toBigInt(),
+      nextKey: leaf.nextKey.toBigInt(),
+      index: leaf.index.get()
+    };
+  }
+  static fromStored(leaf, sortedIndex) {
+    return {
+      ...leaf,
+      index: Unconstrained.from(leaf.index),
+      sortedIndex: Unconstrained.from(sortedIndex)
+    };
+  }
+};
+var LeafPair = class extends Struct({ low: Leaf, self: Leaf }) {
+};
+var OptionField = class extends Option(Field4) {
+};
+function bisectUnique(target, getValue, length) {
+  let [iLow, iHigh] = [0, length - 1];
+  if (getValue(iLow) > target)
+    return { lowIndex: -1, foundValue: false };
+  if (getValue(iHigh) < target)
+    return { lowIndex: iHigh, foundValue: false };
+  while (iHigh !== iLow) {
+    let iMid = Math.ceil((iLow + iHigh) / 2);
+    if (getValue(iMid) <= target) {
+      iLow = iMid;
+    } else {
+      iHigh = iMid - 1;
+    }
+  }
+  return { lowIndex: iLow, foundValue: getValue(iLow) === target };
+}
+function assertStrictlyBetween(low, x, high, message) {
+  x.assertNotEquals(0n, message ?? "0 is not in any strict range");
+  low.assertLessThan(x, message);
+  let highIsZero = high.equals(0n);
+  let xSafe = Provable.witness(Field4, () => highIsZero.toBoolean() ? 0n : x);
+  let highSafe = Provable.witness(Field4, () => highIsZero.toBoolean() ? 1n : high);
+  xSafe.assertLessThan(highSafe, message);
+  assert3(xSafe.equals(x).or(highIsZero), message);
+  assert3(highSafe.equals(high).or(highIsZero), message);
+}
+function assertBetween(low, x, high, message) {
+  let xIsZero = x.equals(0n);
+  let lowSafe = Provable.witness(Field4, () => xIsZero.toBoolean() ? 0n : low);
+  let xSafe1 = Provable.witness(Field4, () => xIsZero.toBoolean() ? 1n : x);
+  lowSafe.assertLessThan(xSafe1, message);
+  assert3(lowSafe.equals(low).or(xIsZero), message);
+  assert3(xSafe1.equals(x).or(xIsZero), message);
+  let highIsZero = high.equals(0n);
+  let xSafe0 = Provable.witness(Field4, () => highIsZero.toBoolean() ? 0n : x);
+  xSafe0.assertLessThanOrEqual(high, message);
+  assert3(xSafe0.equals(x).or(highIsZero), message);
+}
+
+// dist/node/lib/mina/mina.js
+var mina_exports = {};
+__export(mina_exports, {
+  LocalBlockchain: () => LocalBlockchain,
+  Network: () => Network2,
+  TestPublicKey: () => TestPublicKey,
+  Transaction: () => Transaction,
+  activeInstance: () => activeInstance,
+  currentSlot: () => currentSlot,
+  currentTransaction: () => currentTransaction,
+  faucet: () => faucet,
+  fetchActions: () => fetchActions,
+  fetchEvents: () => fetchEvents,
+  filterGroups: () => filterGroups,
+  getAccount: () => getAccount,
+  getActions: () => getActions,
+  getBalance: () => getBalance,
+  getNetworkConstants: () => getNetworkConstants,
+  getNetworkId: () => getNetworkId,
+  getNetworkState: () => getNetworkState,
+  getProofsEnabled: () => getProofsEnabled,
+  hasAccount: () => hasAccount,
+  sender: () => sender,
+  setActiveInstance: () => setActiveInstance,
+  transaction: () => transaction,
+  waitForFunding: () => waitForFunding
+});
+
+// dist/node/lib/mina/mina-instance.js
+var defaultAccountCreationFee = 1e9;
+var defaultNetworkConstants = {
+  genesisTimestamp: UInt642.from(0),
+  slotTime: UInt642.from(3 * 60 * 1e3),
+  accountCreationFee: UInt642.from(defaultAccountCreationFee)
+};
+var ZkappStateLength = 8;
+var activeInstance = {
+  getNetworkConstants: () => defaultNetworkConstants,
+  currentSlot: noActiveInstance,
+  hasAccount: noActiveInstance,
+  getAccount: noActiveInstance,
+  getNetworkState: noActiveInstance,
+  sendTransaction: noActiveInstance,
+  transaction: noActiveInstance,
+  fetchEvents: noActiveInstance,
+  fetchActions: noActiveInstance,
+  getActions: noActiveInstance,
+  proofsEnabled: true,
+  getNetworkId: () => "testnet"
+};
+function setActiveInstance(m) {
+  activeInstance = m;
+}
+function noActiveInstance() {
+  throw Error("Must call Mina.setActiveInstance first");
+}
+function currentSlot() {
+  return activeInstance.currentSlot();
+}
+function getAccount(publicKey, tokenId) {
+  return activeInstance.getAccount(publicKey, tokenId);
+}
+function hasAccount(publicKey, tokenId) {
+  return activeInstance.hasAccount(publicKey, tokenId);
+}
+function getNetworkId() {
+  return activeInstance.getNetworkId();
+}
+function getNetworkConstants() {
+  return activeInstance.getNetworkConstants();
+}
+function getNetworkState() {
+  return activeInstance.getNetworkState();
+}
+function getBalance(publicKey, tokenId) {
+  return activeInstance.getAccount(publicKey, tokenId).balance;
+}
+async function fetchEvents(publicKey, tokenId, filterOptions = {}) {
+  return await activeInstance.fetchEvents(publicKey, tokenId, filterOptions);
+}
+async function fetchActions(publicKey, actionStates, tokenId) {
+  return await activeInstance.fetchActions(publicKey, actionStates, tokenId);
+}
+function getActions(publicKey, actionStates, tokenId) {
+  return activeInstance.getActions(publicKey, actionStates, tokenId);
+}
+function getProofsEnabled() {
+  return activeInstance.proofsEnabled;
+}
+
+// dist/node/lib/mina/precondition.js
+var NetworkPrecondition = {
+  ignoreAll() {
+    let stakingEpochData = {
+      ledger: { hash: ignore(Field4(0)), totalCurrency: ignore(uint64()) },
+      seed: ignore(Field4(0)),
+      startCheckpoint: ignore(Field4(0)),
+      lockCheckpoint: ignore(Field4(0)),
+      epochLength: ignore(uint32())
+    };
+    let nextEpochData = cloneCircuitValue(stakingEpochData);
+    return {
+      snarkedLedgerHash: ignore(Field4(0)),
+      blockchainLength: ignore(uint32()),
+      minWindowDensity: ignore(uint32()),
+      totalCurrency: ignore(uint64()),
+      globalSlotSinceGenesis: ignore(uint32()),
+      stakingEpochData,
+      nextEpochData
+    };
+  }
+};
+function ignore(dummy) {
+  return { isSome: Bool4(false), value: dummy };
+}
+var uint32 = () => ({ lower: UInt322.from(0), upper: UInt322.MAXINT() });
+var uint64 = () => ({ lower: UInt642.from(0), upper: UInt642.MAXINT() });
+var AccountPrecondition = {
+  ignoreAll() {
+    let appState = [];
+    for (let i = 0; i < ZkappStateLength; ++i) {
+      appState.push(ignore(Field4(0)));
+    }
+    return {
+      balance: ignore(uint64()),
+      nonce: ignore(uint32()),
+      receiptChainHash: ignore(Field4(0)),
+      delegate: ignore(PublicKey2.empty()),
+      state: appState,
+      actionState: ignore(Actions.emptyActionState()),
+      provedState: ignore(Bool4(false)),
+      isNew: ignore(Bool4(false))
+    };
+  }
+};
+var GlobalSlotPrecondition = {
+  ignoreAll() {
+    return ignore(uint32());
+  }
+};
+var Preconditions = {
+  ignoreAll() {
+    return {
+      account: AccountPrecondition.ignoreAll(),
+      network: NetworkPrecondition.ignoreAll(),
+      validWhile: GlobalSlotPrecondition.ignoreAll()
+    };
+  }
+};
+function preconditions(accountUpdate, isSelf) {
+  initializePreconditions(accountUpdate, isSelf);
   return {
     account: Account3(accountUpdate),
     network: Network(accountUpdate),
@@ -19599,6 +20351,26 @@ var TransactionVersion3 = {
   current: () => UInt322.from(protocolVersions.txnVersion)
 };
 var zkAppProver = Prover();
+var Events3 = {
+  ...Events,
+  pushEvent(events, event) {
+    events = Events.pushEvent(events, event);
+    Provable.asProver(() => {
+      events.data[0] = events.data[0].map((e) => Field4(Field4.toBigint(e)));
+    });
+    return events;
+  }
+};
+var Actions3 = {
+  ...Actions,
+  pushEvent(actions, action) {
+    actions = Actions.pushEvent(actions, action);
+    Provable.asProver(() => {
+      actions.data[0] = actions.data[0].map((e) => Field4(Field4.toBigint(e)));
+    });
+    return actions;
+  }
+};
 var True = () => Bool4(true);
 var False = () => Bool4(false);
 var VerificationKeyPermission = class _VerificationKeyPermission {
@@ -20337,8 +21109,8 @@ var AccountUpdate3 = class _AccountUpdate {
     return pretty;
   }
 };
-AccountUpdate3.Actions = Actions;
-AccountUpdate3.Events = Events;
+AccountUpdate3.Actions = Actions3;
+AccountUpdate3.Events = Events3;
 AccountUpdate3.signingInfo = provable({
   isSameAsFeePayer: Bool4,
   nonce: UInt322
@@ -20878,7 +21650,7 @@ function newAccount(accountId2) {
   account.permissions = Permissions.initial();
   return account;
 }
-function parseFetchedAccount({ account }) {
+function parseFetchedAccount(account) {
   const { publicKey, nonce, zkappState, balance, permissions, timing: { cliffAmount, cliffTime, initialMinimumBalance, vestingIncrement, vestingPeriod }, delegateAccount, receiptChainHash, actionState, token, tokenSymbol, verificationKey, provedState, zkappUri } = account;
   let hasZkapp = zkappState !== null || verificationKey !== null || actionState !== null || zkappUri !== null || provedState;
   let partialAccount = {
@@ -21214,7 +21986,7 @@ async function fetchAccountInternal(accountInfo, graphqlEndpoint = networkConfig
   let [response, error] = await makeGraphqlRequest(accountQuery(publicKey, tokenId ?? TokenId4.toBase58(TokenId4.default)), graphqlEndpoint, networkConfig.minaFallbackEndpoints, config);
   if (error !== void 0)
     return { account: void 0, error };
-  let fetchedAccount = response?.data;
+  let fetchedAccount = response?.data?.account;
   if (!fetchedAccount) {
     return {
       account: void 0,
@@ -21239,8 +22011,11 @@ var accountsToFetch = {};
 var networksToFetch = {};
 var actionsToFetch = {};
 var genesisConstantsCache = {};
+var emptyKey = PublicKey2.empty().toBase58();
 function markAccountToBeFetched(publicKey, tokenId, graphqlEndpoint) {
   let publicKeyBase58 = publicKey.toBase58();
+  if (publicKeyBase58 === emptyKey)
+    return;
   let tokenBase58 = TokenId4.toBase58(tokenId);
   accountsToFetch[`${publicKeyBase58};${tokenBase58};${graphqlEndpoint}`] = {
     publicKey: publicKeyBase58,
@@ -21587,8 +22362,8 @@ var Lightnet;
   Lightnet2.listAcquiredKeyPairs = listAcquiredKeyPairs;
 })(Lightnet || (Lightnet = {}));
 function updateActionState(actions, actionState) {
-  let actionHash = Actions.fromJSON(actions).hash;
-  return Actions.updateSequenceState(actionState, actionHash);
+  let actionHash = Actions3.fromJSON(actions).hash;
+  return Actions3.updateSequenceState(actionState, actionHash);
 }
 async function makeGraphqlRequest(query, graphqlEndpoint = networkConfig.minaEndpoint, fallbackEndpoints, { timeout = defaultTimeout } = {}) {
   if (graphqlEndpoint === "none")
@@ -22430,10 +23205,10 @@ async function LocalBlockchain({ proofsEnabled = true, enforceTransactionLimits
           }
           let storedActions = actions[addr]?.[tokenId];
           let latestActionState_ = storedActions?.[storedActions.length - 1]?.hash;
-          let latestActionState = latestActionState_ !== void 0 ? Field4(latestActionState_) : Actions.emptyActionState();
+          let latestActionState = latestActionState_ !== void 0 ? Field4(latestActionState_) : Actions3.emptyActionState();
           actions[addr] ??= {};
           if (p3.body.actions.data.length > 0) {
-            let newActionState = Actions.updateSequenceState(latestActionState, p3.body.actions.hash);
+            let newActionState = Actions3.updateSequenceState(latestActionState, p3.body.actions.hash);
             actions[addr][tokenId] ??= [];
             actions[addr][tokenId].push({
               actions: pJson.body.actions,
@@ -22499,7 +23274,7 @@ ${pendingTransaction2.errors.join("\n")}`);
     getActions(publicKey, actionStates, tokenId = TokenId4.default) {
       let currentActions = actions?.[publicKey.toBase58()]?.[TokenId4.toBase58(tokenId)] ?? [];
       let { fromActionState, endActionState } = actionStates ?? {};
-      let emptyState = Actions.emptyActionState();
+      let emptyState = Actions3.emptyActionState();
       if (endActionState?.equals(emptyState).toBoolean())
         return [];
       let start = fromActionState?.equals(emptyState).toBoolean() ? void 0 : fromActionState?.toString();
@@ -23197,7 +23972,7 @@ function getStateContexts(sc) {
 // dist/node/lib/mina/actions/reducer.js
 var Reducer = Object.defineProperty(function(reducer) {
   return reducer;
-}, "initialActionState", { get: Actions.emptyActionState });
+}, "initialActionState", { get: Actions3.emptyActionState });
 function getReducer(contract) {
   let reducer = (contract._ ??= {}).reducer;
   if (reducer === void 0)
@@ -23210,7 +23985,7 @@ class ${contract.constructor.name} extends SmartContract {
     dispatch(action) {
       let accountUpdate = contract.self;
       let eventFields = reducer.actionType.toFields(action);
-      accountUpdate.body.actions = Actions.pushEvent(accountUpdate.body.actions, eventFields);
+      accountUpdate.body.actions = Actions3.pushEvent(accountUpdate.body.actions, eventFields);
     },
     reduce(actionLists, stateType, reduce, state3, { maxUpdatesWithActions = 32, maxActionsPerUpdate = 1, skipActionStatePrecondition = false } = {}) {
       Provable.asProver(() => {
@@ -23255,17 +24030,17 @@ class ${contract.constructor.name} extends SmartContract {
     },
     getActions(config) {
       const Action = reducer.actionType;
-      const emptyHash2 = Actions.empty().hash;
-      const nextHash = (hash3, action) => Actions.pushEvent({ hash: hash3, data: [] }, Action.toFields(action)).hash;
+      const emptyHash2 = Actions3.empty().hash;
+      const nextHash = (hash3, action) => Actions3.pushEvent({ hash: hash3, data: [] }, Action.toFields(action)).hash;
       class ActionList2 extends MerkleList.create(Action, nextHash, emptyHash2) {
       }
       class MerkleActions extends MerkleList.create(
         ActionList2.provable,
-        (hash3, actions2) => Actions.updateSequenceState(hash3, actions2.hash),
+        (hash3, actions2) => Actions3.updateSequenceState(hash3, actions2.hash),
         // if no "start" action hash was specified, this means we are fetching the entire history of actions, which started from the empty action state hash
         // otherwise we are only fetching a part of the history, which starts at `fromActionState`
         // TODO does this show that `emptyHash` should be part of the instance, not the class? that would make the provable representation bigger though
-        config?.fromActionState ?? Actions.emptyActionState()
+        config?.fromActionState ?? Actions3.emptyActionState()
       ) {
       }
       let actions = Provable.witness(MerkleActions.provable, () => {
@@ -23860,7 +24635,7 @@ class ${this.constructor.name} extends SmartContract {
     } else {
       eventFields = [Field4(eventNumber), ...eventType.toFields(event)];
     }
-    accountUpdate.body.events = Events.pushEvent(accountUpdate.body.events, eventFields);
+    accountUpdate.body.events = Events3.pushEvent(accountUpdate.body.events, eventFields);
   }
   /**
    * Asynchronously fetches events emitted by this {@link SmartContract} and returns an array of events with their corresponding types.
@@ -24485,192 +25260,6 @@ function fillWithNull([...values], length) {
   return values;
 }
 
-// dist/node/lib/provable/merkle-tree.js
-var MerkleTree = class _MerkleTree {
-  /**
-   * Creates a new, empty [Merkle Tree](https://en.wikipedia.org/wiki/Merkle_tree).
-   * @param height The height of Merkle Tree.
-   * @returns A new MerkleTree
-   */
-  constructor(height) {
-    this.height = height;
-    this.nodes = {};
-    this.zeroes = new Array(height);
-    this.zeroes[0] = Field4(0);
-    for (let i = 1; i < height; i += 1) {
-      this.zeroes[i] = Poseidon2.hash([this.zeroes[i - 1], this.zeroes[i - 1]]);
-    }
-  }
-  /**
-   * Return a new MerkleTree with the same contents as this one.
-   */
-  clone() {
-    let newTree = new _MerkleTree(this.height);
-    for (let [level, nodes] of Object.entries(this.nodes)) {
-      newTree.nodes[level] = { ...nodes };
-    }
-    return newTree;
-  }
-  /**
-   * Returns a node which lives at a given index and level.
-   * @param level Level of the node.
-   * @param index Index of the node.
-   * @returns The data of the node.
-   */
-  getNode(level, index) {
-    return this.nodes[level]?.[index.toString()] ?? this.zeroes[level];
-  }
-  /**
-   * Returns a leaf at a given index.
-   * @param index Index of the leaf.
-   * @returns The data of the leaf.
-   */
-  getLeaf(key) {
-    return this.getNode(0, key);
-  }
-  /**
-   * Returns the root of the [Merkle Tree](https://en.wikipedia.org/wiki/Merkle_tree).
-   * @returns The root of the Merkle Tree.
-   */
-  getRoot() {
-    return this.getNode(this.height - 1, 0n);
-  }
-  // TODO: this allows to set a node at an index larger than the size. OK?
-  setNode(level, index, value) {
-    (this.nodes[level] ??= {})[index.toString()] = value;
-  }
-  // TODO: if this is passed an index bigger than the max, it will set a couple of out-of-bounds nodes but not affect the real Merkle root. OK?
-  /**
-   * Sets the value of a leaf node at a given index to a given value.
-   * @param index Position of the leaf node.
-   * @param leaf New value.
-   */
-  setLeaf(index, leaf) {
-    if (index >= this.leafCount) {
-      throw new Error(`index ${index} is out of range for ${this.leafCount} leaves.`);
-    }
-    this.setNode(0, index, leaf);
-    let currIndex = index;
-    for (let level = 1; level < this.height; level++) {
-      currIndex /= 2n;
-      const left = this.getNode(level - 1, currIndex * 2n);
-      const right = this.getNode(level - 1, currIndex * 2n + 1n);
-      this.setNode(level, currIndex, Poseidon2.hash([left, right]));
-    }
-  }
-  /**
-   * Returns the witness (also known as [Merkle Proof or Merkle Witness](https://computersciencewiki.org/index.php/Merkle_proof)) for the leaf at the given index.
-   * @param index Position of the leaf node.
-   * @returns The witness that belongs to the leaf.
-   */
-  getWitness(index) {
-    if (index >= this.leafCount) {
-      throw new Error(`index ${index} is out of range for ${this.leafCount} leaves.`);
-    }
-    const witness2 = [];
-    for (let level = 0; level < this.height - 1; level++) {
-      const isLeft = index % 2n === 0n;
-      const sibling = this.getNode(level, isLeft ? index + 1n : index - 1n);
-      witness2.push({ isLeft, sibling });
-      index /= 2n;
-    }
-    return witness2;
-  }
-  // TODO: this will always return true if the merkle tree was constructed normally; seems to be only useful for testing. remove?
-  /**
-   * Checks if the witness that belongs to the leaf at the given index is a valid witness.
-   * @param index Position of the leaf node.
-   * @returns True if the witness for the leaf node is valid.
-   */
-  validate(index) {
-    const path = this.getWitness(index);
-    let hash3 = this.getNode(0, index);
-    for (const node of path) {
-      hash3 = Poseidon2.hash(node.isLeft ? [hash3, node.sibling] : [node.sibling, hash3]);
-    }
-    return hash3.toString() === this.getRoot().toString();
-  }
-  // TODO: should this take an optional offset? should it fail if the array is too long?
-  /**
-   * Fills all leaves of the tree.
-   * @param leaves Values to fill the leaves with.
-   */
-  fill(leaves) {
-    leaves.forEach((value, index) => {
-      this.setLeaf(BigInt(index), value);
-    });
-  }
-  /**
-   * Returns the amount of leaf nodes.
-   * @returns Amount of leaf nodes.
-   */
-  get leafCount() {
-    return 2n ** BigInt(this.height - 1);
-  }
-};
-var BaseMerkleWitness = class extends CircuitValue {
-  height() {
-    return this.constructor.height;
-  }
-  /**
-   * Takes a {@link Witness} and turns it into a circuit-compatible Witness.
-   * @param witness Witness.
-   * @returns A circuit-compatible Witness.
-   */
-  constructor(witness2) {
-    super();
-    let height = witness2.length + 1;
-    if (height !== this.height()) {
-      throw Error(`Length of witness ${height}-1 doesn't match static tree height ${this.height()}.`);
-    }
-    this.path = witness2.map((item) => item.sibling);
-    this.isLeft = witness2.map((item) => Bool4(item.isLeft));
-  }
-  /**
-   * Calculates a root depending on the leaf value.
-   * @param leaf Value of the leaf node that belongs to this Witness.
-   * @returns The calculated root.
-   */
-  calculateRoot(leaf) {
-    let hash3 = leaf;
-    let n = this.height();
-    for (let i = 1; i < n; ++i) {
-      let isLeft = this.isLeft[i - 1];
-      const [left, right] = maybeSwap(isLeft, hash3, this.path[i - 1]);
-      hash3 = Poseidon2.hash([left, right]);
-    }
-    return hash3;
-  }
-  /**
-   * Calculates the index of the leaf node that belongs to this Witness.
-   * @returns Index of the leaf.
-   */
-  calculateIndex() {
-    let powerOfTwo = Field4(1);
-    let index = Field4(0);
-    let n = this.height();
-    for (let i = 1; i < n; ++i) {
-      index = Provable.if(this.isLeft[i - 1], index, index.add(powerOfTwo));
-      powerOfTwo = powerOfTwo.mul(2);
-    }
-    return index;
-  }
-};
-function MerkleWitness(height) {
-  class MerkleWitness_ extends BaseMerkleWitness {
-  }
-  MerkleWitness_.height = height;
-  arrayProp(Field4, height - 1)(MerkleWitness_.prototype, "path");
-  arrayProp(Bool4, height - 1)(MerkleWitness_.prototype, "isLeft");
-  return MerkleWitness_;
-}
-function maybeSwap(b2, x, y) {
-  let m = b2.toField().mul(x.sub(y));
-  const x_ = y.add(m);
-  const y_ = x.sub(m);
-  return [x_, y_];
-}
-
 // dist/node/lib/provable/merkle-map.js
 var import_tslib6 = require("tslib");
 var MerkleMap = class {
@@ -25080,7 +25669,7 @@ function pushAction(actionsHash, action) {
     MerkleLeaf.hash(action)
   ]);
 }
-var ActionList = class extends MerkleList.create(MerkleLeaf, pushAction, Actions.empty().hash) {
+var ActionList = class extends MerkleList.create(MerkleLeaf, pushAction, Actions3.empty().hash) {
 };
 var LinearizedAction = class extends Struct({
   action: MerkleLeaf,
@@ -25110,15 +25699,15 @@ var LinearizedAction = class extends Struct({
     ])[0];
   }
 };
-var LinearizedActionList = class extends MerkleList.create(LinearizedAction, (hash3, action) => Poseidon2.hash([hash3, LinearizedAction.hash(action)]), Actions.empty().hash) {
+var LinearizedActionList = class extends MerkleList.create(LinearizedAction, (hash3, action) => Poseidon2.hash([hash3, LinearizedAction.hash(action)]), Actions3.empty().hash) {
 };
 async function fetchMerkleLeaves(contract, config) {
   class MerkleActions extends MerkleList.create(
     ActionList.provable,
-    (hash3, actions) => Actions.updateSequenceState(hash3, actions.hash),
+    (hash3, actions) => Actions3.updateSequenceState(hash3, actions.hash),
     // if no "start" action hash was specified, this means we are fetching the entire history of actions, which started from the empty action state hash
     // otherwise we are only fetching a part of the history, which starts at `fromActionState`
-    config?.fromActionState ?? Actions.emptyActionState()
+    config?.fromActionState ?? Actions3.emptyActionState()
   ) {
   }
   let result = await fetchActions(contract.address, config, contract.tokenId);
@@ -25127,12 +25716,12 @@ async function fetchMerkleLeaves(contract, config) {
   let merkleLeafs = result.map((event) => event.actions.map((action) => MerkleLeaf.fromAction(action.map(Field4))));
   return MerkleActions.from(merkleLeafs.map((a2) => ActionList.fromReverse(a2)));
 }
-async function fetchMerkleMap(contract, endActionState) {
+async function fetchMerkleMap(height, contract, endActionState) {
   let result = await fetchActions(contract.address, { endActionState }, contract.tokenId);
   if ("error" in result)
     throw Error(JSON.stringify(result));
   let leaves = result.map((event) => event.actions.map((action) => MerkleLeaf.fromAction(action.map(Field4))).reverse());
-  let merkleMap = new MerkleTree(256);
+  let merkleMap = new (IndexedMerkleMap(height))();
   let valueMap = /* @__PURE__ */ new Map();
   updateMerkleMap(leaves, merkleMap, valueMap);
   return { merkleMap, valueMap };
@@ -25144,22 +25733,23 @@ function updateMerkleMap(updates, tree, valueMap) {
     let updates2 = [];
     for (let leaf of leaves) {
       let { key, value, usesPreviousValue, previousValue, prefix } = MerkleLeaf.toValue(leaf);
-      let isValidAction = !usesPreviousValue || intermediateTree.getLeaf(key).toBigInt() === previousValue;
+      let previous = intermediateTree.getOption(key).orElse(0n);
+      let isValidAction = !usesPreviousValue || previous.toBigInt() === previousValue;
       if (!isValidAction) {
         isValidUpdate = false;
         break;
       }
-      intermediateTree.setLeaf(key, Field4(value));
-      updates2.push({ key, value, fullValue: prefix.get() });
+      intermediateTree.set(key, value);
+      updates2.push({ key, fullValue: prefix.get() });
     }
     if (isValidUpdate) {
-      for (let { key, value, fullValue } of updates2) {
-        tree.setLeaf(key, Field4(value));
+      tree.overwrite(intermediateTree);
+      for (let { key, fullValue } of updates2) {
         if (valueMap)
           valueMap.set(key, fullValue);
       }
     } else {
-      intermediateTree = tree.clone();
+      intermediateTree.overwrite(tree);
     }
   }
 }
@@ -25179,21 +25769,18 @@ var OffchainStateCommitments = class _OffchainStateCommitments extends Struct({
   // actionState: ActionIterator.provable,
   actionState: Field4
 }) {
-  static empty() {
-    let emptyMerkleRoot = new MerkleMap().getRoot();
+  static emptyFromHeight(height) {
+    let emptyMerkleRoot = new (IndexedMerkleMap(height))().root;
     return new _OffchainStateCommitments({
       root: emptyMerkleRoot,
       actionState: Actions.emptyActionState()
     });
   }
 };
-var TREE_HEIGHT = 256;
-var MerkleMapWitness2 = class extends MerkleWitness(TREE_HEIGHT) {
-};
-function merkleUpdateBatch({ maxActionsPerBatch, maxActionsPerUpdate }, stateA, actions, tree) {
+function merkleUpdateBatch({ maxActionsPerProof, maxActionsPerUpdate }, stateA, actions, tree) {
   actions.currentHash.assertEquals(stateA.actionState);
   let linearActions = LinearizedActionList.empty();
-  for (let i = 0; i < maxActionsPerBatch; i++) {
+  for (let i = 0; i < maxActionsPerProof; i++) {
     let inner = actions.next().startIterating();
     let isAtEnd = Bool4(false);
     for (let i2 = 0; i2 < maxActionsPerUpdate; i2++) {
@@ -25208,55 +25795,43 @@ function merkleUpdateBatch({ maxActionsPerBatch, maxActionsPerUpdate }, stateA,
     inner.assertAtEnd(`Expected at most ${maxActionsPerUpdate} actions per account update.`);
   }
   actions.assertAtEnd();
-  let root = stateA.root;
-  let intermediateRoot = root;
-  let intermediateUpdates = [];
-  let intermediateTree = Unconstrained.witness(() => tree.get().clone());
+  stateA.root.assertEquals(tree.root);
+  let intermediateTree = tree.clone();
   let isValidUpdate = Bool4(true);
-  linearActions.forEach(maxActionsPerBatch, (element, isDummy) => {
+  linearActions.forEach(maxActionsPerProof, (element, isDummy) => {
     let { action, isCheckPoint } = element;
     let { key, value, usesPreviousValue, previousValue } = action;
-    let witness2 = Provable.witness(MerkleMapWitness2, () => new MerkleMapWitness2(intermediateTree.get().getWitness(key.toBigInt())));
-    let actualPreviousValue = Provable.witness(Field4, () => intermediateTree.get().getLeaf(key.toBigInt()));
-    witness2.calculateIndex().assertEquals(key, "key mismatch");
-    witness2.calculateRoot(actualPreviousValue).assertEquals(intermediateRoot, "root mismatch");
-    let matchesPreviousValue = actualPreviousValue.equals(previousValue);
+    key = Provable.if(isDummy, Field4(0n), key);
+    value = Provable.if(isDummy, Field4(0n), value);
+    let actualPreviousValue = intermediateTree.set(key, value);
+    let matchesPreviousValue = actualPreviousValue.orElse(0n).equals(previousValue);
     let isValidAction = usesPreviousValue.implies(matchesPreviousValue);
     isValidUpdate = isValidUpdate.and(isValidAction);
-    let newRoot = witness2.calculateRoot(value);
-    intermediateRoot = Provable.if(isDummy, intermediateRoot, newRoot);
-    root = Provable.if(isCheckPoint.and(isValidUpdate), intermediateRoot, root);
-    let wasValidUpdate = isValidUpdate;
+    tree.overwriteIf(isCheckPoint.and(isValidUpdate), intermediateTree);
     isValidUpdate = Provable.if(isCheckPoint, Bool4(true), isValidUpdate);
-    intermediateRoot = Provable.if(isCheckPoint, root, intermediateRoot);
-    Provable.asProver(() => {
-      if (isDummy.toBoolean())
-        return;
-      intermediateTree.get().setLeaf(key.toBigInt(), value.toConstant());
-      intermediateUpdates.push({ key, value });
-      if (isCheckPoint.toBoolean()) {
-        if (wasValidUpdate.toBoolean()) {
-          intermediateUpdates.forEach(({ key: key2, value: value2 }) => {
-            tree.get().setLeaf(key2.toBigInt(), value2.toConstant());
-          });
-        } else {
-          intermediateTree.set(tree.get().clone());
-        }
-        intermediateUpdates = [];
-      }
-    });
+    intermediateTree.overwriteIf(isCheckPoint, tree);
   });
-  return { root, actionState: actions.currentHash };
+  return { root: tree.root, actionState: actions.currentHash };
 }
 function OffchainStateRollup({
-  // 1 action uses about 7.5k constraints
-  // we can fit at most 7 * 7.5k = 52.5k constraints in one method next to proof verification
-  // => we use `maxActionsPerBatch = 6` to safely stay below the constraint limit
-  // the second parameter `maxActionsPerUpdate` only weakly affects # constraints, but has to be <= `maxActionsPerBatch`
-  // => so we set it to the same value
-  maxActionsPerBatch = 6,
-  maxActionsPerUpdate = 6
+  /**
+   * the constraints used in one batch proof with a height-31 tree are:
+   *
+   * 1967*A + 87*A*U + 2
+   *
+   * where A = maxActionsPerProof and U = maxActionsPerUpdate.
+   *
+   * To determine defaults, we set U=4 which should cover most use cases while ensuring
+   * that the main loop which is independent of U dominates.
+   *
+   * Targeting ~50k constraints, to leave room for recursive verification, yields A=22.
+   */
+  maxActionsPerProof = 22,
+  maxActionsPerUpdate = 4,
+  logTotalCapacity = 30
 } = {}) {
+  class IndexedMerkleMapN extends IndexedMerkleMap(logTotalCapacity + 1) {
+  }
   let offchainStateRollup = ZkProgram({
     name: "merkle-map-rollup",
     publicInput: OffchainStateCommitments,
@@ -25267,9 +25842,9 @@ function OffchainStateRollup({
        */
       firstBatch: {
         // [actions, tree]
-        privateInputs: [ActionIterator.provable, Unconstrained.provable],
+        privateInputs: [ActionIterator.provable, IndexedMerkleMapN.provable],
         async method(stateA, actions, tree) {
-          return merkleUpdateBatch({ maxActionsPerBatch, maxActionsPerUpdate }, stateA, actions, tree);
+          return merkleUpdateBatch({ maxActionsPerProof, maxActionsPerUpdate }, stateA, actions, tree);
         }
       },
       /**
@@ -25279,14 +25854,14 @@ function OffchainStateRollup({
         // [actions, tree, proof]
         privateInputs: [
           ActionIterator.provable,
-          Unconstrained.provable,
+          IndexedMerkleMapN.provable,
           SelfProof
         ],
         async method(stateA, actions, tree, recursiveProof) {
           recursiveProof.verify();
           Provable.assertEqual(OffchainStateCommitments, recursiveProof.publicInput, stateA);
           let stateB = recursiveProof.publicOutput;
-          return merkleUpdateBatch({ maxActionsPerBatch, maxActionsPerUpdate }, stateB, actions, tree);
+          return merkleUpdateBatch({ maxActionsPerProof, maxActionsPerUpdate }, stateB, actions, tree);
         }
       }
     }
@@ -25304,34 +25879,38 @@ function OffchainStateRollup({
       return result;
     },
     async prove(tree, actions) {
-      assert3(tree.height === TREE_HEIGHT, "Tree height must match");
+      assert3(tree.height === logTotalCapacity + 1, "Tree height must match");
       if (getProofsEnabled())
         await this.compile();
       tree = tree.clone();
       let iterator = actions.startIterating();
       let inputState = new OffchainStateCommitments({
-        root: tree.getRoot(),
+        root: tree.root,
         actionState: iterator.currentHash
       });
       if (!getProofsEnabled()) {
         let actionsList = actions.data.get().map(({ element: actionsList2 }) => actionsList2.data.get().map(({ element }) => element).reverse()).reverse();
         updateMerkleMap(actionsList, tree);
         let finalState = new OffchainStateCommitments({
-          root: tree.getRoot(),
+          root: tree.root,
           actionState: iterator.hash
         });
         let proof2 = await RollupProof.dummy(inputState, finalState, 2, 15);
         return { proof: proof2, tree, nProofs: 0 };
       }
-      let slice = sliceActions(iterator, maxActionsPerBatch);
-      let proof = await offchainStateRollup.firstBatch(inputState, slice, Unconstrained.from(tree));
+      let slice = sliceActions(iterator, maxActionsPerProof);
+      let proof = await offchainStateRollup.firstBatch(inputState, slice, tree);
+      tree.root = proof.publicOutput.root;
+      tree.length = Field4(tree.data.get().sortedLeaves.length);
       let nProofs = 1;
       for (let i = 1; ; i++) {
         if (iterator.isAtEnd().toBoolean())
           break;
         nProofs++;
-        let slice2 = sliceActions(iterator, maxActionsPerBatch);
-        proof = await offchainStateRollup.nextBatch(inputState, slice2, Unconstrained.from(tree), proof);
+        let slice2 = sliceActions(iterator, maxActionsPerProof);
+        proof = await offchainStateRollup.nextBatch(inputState, slice2, tree, proof);
+        tree.root = proof.publicOutput.root;
+        tree.length = Field4(tree.data.get().sortedLeaves.length);
       }
       return { proof, tree, nProofs };
     }
@@ -25358,14 +25937,17 @@ function sliceActions(actions, batchSize) {
 }
 
 // dist/node/lib/mina/actions/offchain-state.js
-var MerkleWitness256 = MerkleWitness(256);
-function OffchainState(config) {
+function OffchainState(config, options) {
+  let { logTotalCapacity = 30, maxActionsPerUpdate = 4, maxActionsPerProof } = options ?? {};
+  const height = logTotalCapacity + 1;
+  class IndexedMerkleMapN extends IndexedMerkleMap(height) {
+  }
   let internal = {
     _contract: void 0,
     _merkleMap: void 0,
     _valueMap: void 0,
     get contract() {
-      assert3(internal._contract !== void 0, "Must call `setContractAccount()` first");
+      assert3(internal._contract !== void 0, "Must call `setContractInstance()` first");
       return internal._contract;
     }
   };
@@ -25379,12 +25961,16 @@ function OffchainState(config) {
       return { merkleMap: internal._merkleMap, valueMap: internal._valueMap };
     }
     let actionState = await onchainActionState();
-    let { merkleMap, valueMap } = await fetchMerkleMap(internal.contract, actionState);
+    let { merkleMap, valueMap } = await fetchMerkleMap(height, internal.contract, actionState);
     internal._merkleMap = merkleMap;
     internal._valueMap = valueMap;
     return { merkleMap, valueMap };
   };
-  let rollup = OffchainStateRollup();
+  let rollup = OffchainStateRollup({
+    logTotalCapacity,
+    maxActionsPerProof,
+    maxActionsPerUpdate
+  });
   function contract() {
     let ctx = smartContractContext.get();
     assert3(ctx !== null, "Offchain state methods must be called within a contract method");
@@ -25393,6 +25979,9 @@ function OffchainState(config) {
   }
   async function get2(key, valueType) {
     let stateRoot = contract().offchainState.getAndRequireEquals().root;
+    let map2 = await Provable.witnessAsync(IndexedMerkleMapN.provable, async () => (await merkleMaps()).merkleMap);
+    map2.root.assertEquals(stateRoot, "root mismatch");
+    let valueHash = map2.getOption(key);
     const optionType = Option(valueType);
     let value = await Provable.witnessAsync(optionType, async () => {
       let { valueMap } = await merkleMaps();
@@ -25403,15 +25992,9 @@ function OffchainState(config) {
       let value2 = fromActionWithoutHashes(valueType, valueFields);
       return optionType.from(value2);
     });
-    let witness2 = await Provable.witnessAsync(MerkleWitness256, async () => {
-      let { merkleMap } = await merkleMaps();
-      return new MerkleWitness256(merkleMap.getWitness(key.toBigInt()));
-    });
-    let valueHash = Provable.if(value.isSome, Poseidon2.hashPacked(valueType, value.value), Field4(0));
-    let actualKey = witness2.calculateIndex();
-    let actualRoot = witness2.calculateRoot(valueHash);
-    key.assertEquals(actualKey, "key mismatch");
-    stateRoot.assertEquals(actualRoot, "root mismatch");
+    let hashMatches = Poseidon2.hashPacked(valueType, value.value).equals(valueHash.value);
+    let bothNone = value.isSome.or(valueHash.isSome).not();
+    assert3(hashMatches.or(bothNone), "value hash mismatch");
     return value;
   }
   function field(index, type) {
@@ -25427,7 +26010,7 @@ function OffchainState(config) {
           value: type.fromValue(value)
         });
         let update = contract().self;
-        update.body.actions = Actions.pushEvent(update.body.actions, action);
+        update.body.actions = Actions3.pushEvent(update.body.actions, action);
       },
       update({ from, to }) {
         let action = toAction({
@@ -25439,7 +26022,7 @@ function OffchainState(config) {
           previousValue: optionType.fromValue(from)
         });
         let update = contract().self;
-        update.body.actions = Actions.pushEvent(update.body.actions, action);
+        update.body.actions = Actions3.pushEvent(update.body.actions, action);
       },
       async get() {
         let key = toKeyHash(prefix, void 0, void 0);
@@ -25460,7 +26043,7 @@ function OffchainState(config) {
           value: valueType.fromValue(value)
         });
         let update = contract().self;
-        update.body.actions = Actions.pushEvent(update.body.actions, action);
+        update.body.actions = Actions3.pushEvent(update.body.actions, action);
       },
       update(key, { from, to }) {
         let action = toAction({
@@ -25472,7 +26055,7 @@ function OffchainState(config) {
           previousValue: optionType.fromValue(from)
         });
         let update = contract().self;
-        update.body.actions = Actions.pushEvent(update.body.actions, action);
+        update.body.actions = Actions3.pushEvent(update.body.actions, action);
       },
       async get(key) {
         let keyHash = toKeyHash(prefix, keyType, key);
@@ -25494,7 +26077,7 @@ function OffchainState(config) {
         fromActionState: actionState
       });
       let result = await rollup.prove(merkleMap, actions);
-      let { merkleMap: newMerkleMap, valueMap: newValueMap } = await fetchMerkleMap(internal.contract);
+      let { merkleMap: newMerkleMap, valueMap: newValueMap } = await fetchMerkleMap(height, internal.contract);
       internal._merkleMap = newMerkleMap;
       internal._valueMap = newValueMap;
       return result.proof;
@@ -25510,11 +26093,15 @@ function OffchainState(config) {
     fields: Object.fromEntries(Object.entries(config).map(([key, kind], i) => [
       key,
       kind.kind === "offchain-field" ? field(i, kind.type) : map(i, kind.keyType, kind.valueType)
-    ]))
+    ])),
+    commitments() {
+      return State2(OffchainStateCommitments.emptyFromHeight(height));
+    }
   };
 }
 OffchainState.Map = OffchainMap;
 OffchainState.Field = OffchainField;
+OffchainState.Commitments = OffchainStateCommitments;
 function OffchainField(type) {
   return { kind: "offchain-field", type };
 }
@@ -25524,11 +26111,13 @@ function OffchainMap(key, value) {
 
 // dist/node/index.js
 var Experimental_ = {
-  memoizeWitness
+  memoizeWitness,
+  IndexedMerkleMap
 };
 var Experimental;
 (function(Experimental2) {
   Experimental2.memoizeWitness = Experimental_.memoizeWitness;
+  Experimental2.IndexedMerkleMap = Experimental_.IndexedMerkleMap;
   Experimental2.OffchainState = OffchainState;
   class OffchainStateCommitments2 extends OffchainStateCommitments {
   }