react-native-zcash 0.9.13 → 0.10.1-beta.1

package/ios/zcashlc.h

@@ -3,38 +3,129 @@
 #include <stdint.h>
 #include <stdlib.h>
 
+/**
+ * Specifies how a "spend max" request should be evaluated.
+ */
+typedef enum FfiMaxSpendMode {
+  /**
+   * `MaxSpendable` will target to spend all _currently_ spendable funds where it
+   * could be the case that the wallet has received other funds that are not
+   * confirmed and therefore not spendable yet and the caller evaluates that as
+   * an acceptable scenario.
+   */
+  MaxSpendable,
+  /**
+   * `Everything` will target to spend **all funds** and will fail if there are
+   * unspendable funds in the wallet or if the wallet is not yet synced.
+   */
+  Everything,
+} FfiMaxSpendMode;
+
+/**
+ * A type describing the mined-ness of transactions that should be returned in response to a
+ * [`TransactionDataRequest`].
+ *
+ */
+typedef enum TransactionStatusFilter {
+  /**
+   * Only mined transactions should be returned.
+   */
+  TransactionStatusFilter_Mined,
+  /**
+   * Only mempool transactions should be returned.
+   */
+  TransactionStatusFilter_Mempool,
+  /**
+   * Both mined transactions and transactions in the mempool should be returned.
+   */
+  TransactionStatusFilter_All,
+} TransactionStatusFilter;
+
+/**
+ * A type used to filter transactions to be returned in response to a [`TransactionDataRequest`],
+ * in terms of the spentness of the transaction's transparent outputs.
+ *
+ */
+typedef enum OutputStatusFilter {
+  /**
+   * Only transactions that have currently-unspent transparent outputs should be returned.
+   */
+  OutputStatusFilter_Unspent,
+  /**
+   * All transactions corresponding to the data request should be returned, irrespective of
+   * whether or not those transactions produce transparent outputs that are currently unspent.
+   */
+  OutputStatusFilter_All,
+} OutputStatusFilter;
+
+/**
+ * What level of sleep to put a Tor client into.
+ */
+typedef enum TorDormantMode {
+  /**
+   * The client functions as normal, and background tasks run periodically.
+   */
+  Normal,
+  /**
+   * Background tasks are suspended, conserving CPU usage. Attempts to use the client will
+   * wake it back up again.
+   */
+  Soft,
+} TorDormantMode;
+
+/**
+ * A struct that contains a ZIP 325 Account Metadata Key.
+ */
+typedef struct FfiAccountMetadataKey FfiAccountMetadataKey;
+
+typedef struct LwdConn LwdConn;
+
 typedef struct TorRuntime TorRuntime;
 
 /**
- * A struct that contains details about an account in the wallet.
+ * A struct that contains a 16-byte account uuid.
  */
-typedef struct FfiAccount {
-  uint8_t seed_fingerprint[32];
-  uint32_t account_index;
-} FfiAccount;
+typedef struct FfiUuid {
+  uint8_t uuid_bytes[16];
+} FfiUuid;
 
 /**
  * A struct that contains a pointer to, and length information for, a heap-allocated
- * slice of [`FfiAccount`] values.
+ * slice of [`Uuid`] values.
  *
  * # Safety
  *
- * - `ptr` must be non-null and must be valid for reads for `len * mem::size_of::<FfiAccount>()`
+ * - `ptr` must be non-null and must be valid for reads for `len * mem::size_of::<Uuid>()`
  *   many bytes, and it must be properly aligned. This means in particular:
  *   - The entire memory range pointed to by `ptr` must be contained within a single allocated
  *     object. Slices can never span across multiple allocated objects.
  *   - `ptr` must be non-null and aligned even for zero-length slices.
  *   - `ptr` must point to `len` consecutive properly initialized values of type
- *     [`FfiAccount`].
- * - The total size `len * mem::size_of::<FfiAccount>()` of the slice pointed to
+ *     [`Uuid`].
+ * - The total size `len * mem::size_of::<Uuid>()` of the slice pointed to
  *   by `ptr` must be no larger than isize::MAX. See the safety documentation of pointer::offset.
- * - See the safety documentation of [`FfiAccount`]
  */
 typedef struct FfiAccounts {
-  struct FfiAccount *ptr;
+  struct FfiUuid *ptr;
   uintptr_t len;
 } FfiAccounts;
 
+/**
+ * A struct that contains a 16-byte account uuid along with key derivation metadata for that
+ * account.
+ *
+ * A returned value containing the all-zeros seed fingerprint and/or u32::MAX for the
+ * hd_account_index indicates that no derivation metadata is available.
+ */
+typedef struct FfiAccount {
+  uint8_t uuid_bytes[16];
+  char *account_name;
+  char *key_source;
+  uint8_t seed_fingerprint[32];
+  uint32_t hd_account_index;
+  char *ufvk;
+} FfiAccount;
+
 /**
  * A struct that contains an account identifier along with a pointer to the binary encoding
  * of an associated key.
@@ -44,11 +135,21 @@ typedef struct FfiAccounts {
  * - `encoding` must be non-null and must point to an array of `encoding_len` bytes.
  */
 typedef struct FFIBinaryKey {
-  uint32_t account_id;
+  uint8_t account_uuid[16];
   uint8_t *encoding;
   uintptr_t encoding_len;
 } FFIBinaryKey;
 
+/**
+ * A single-use transparent address, along with metadata about the address's use within the
+ * wallet's ephemeral gap limit.
+ */
+typedef struct FfiSingleUseTaddr {
+  char *address;
+  uint32_t gap_position;
+  uint32_t gap_limit;
+} FfiSingleUseTaddr;
+
 /**
  * A struct that contains an account identifier along with a pointer to the string encoding
  * of an associated key.
@@ -58,32 +159,64 @@ typedef struct FFIBinaryKey {
  * - `encoding` must be non-null and must point to a null-terminated UTF-8 string.
  */
 typedef struct FFIEncodedKey {
-  uint32_t account_id;
+  uint8_t account_uuid[16];
   char *encoding;
 } FFIEncodedKey;
 
 /**
  * A struct that contains a pointer to, and length information for, a heap-allocated
- * slice of [`FFIEncodedKey`] values.
+ * slice of [`EncodedKey`] values.
  *
  * # Safety
  *
- * - `ptr` must be non-null and must be valid for reads for `len * mem::size_of::<FFIEncodedKey>()`
+ * - `ptr` must be non-null and must be valid for reads for `len * mem::size_of::<EncodedKey>()`
  *   many bytes, and it must be properly aligned. This means in particular:
  *   - The entire memory range pointed to by `ptr` must be contained within a single allocated
  *     object. Slices can never span across multiple allocated objects.
  *   - `ptr` must be non-null and aligned even for zero-length slices.
  *   - `ptr` must point to `len` consecutive properly initialized values of type
- *     [`FFIEncodedKey`].
- * - The total size `len * mem::size_of::<FFIEncodedKey>()` of the slice pointed to
+ *     [`EncodedKey`].
+ * - The total size `len * mem::size_of::<EncodedKey>()` of the slice pointed to
  *   by `ptr` must be no larger than isize::MAX. See the safety documentation of pointer::offset.
- * - See the safety documentation of [`FFIEncodedKey`]
+ * - See the safety documentation of [`EncodedKey`]
  */
 typedef struct FFIEncodedKeys {
   struct FFIEncodedKey *ptr;
   uintptr_t len;
 } FFIEncodedKeys;
 
+/**
+ * A description of the policy that is used to determine what notes are available for spending,
+ * based upon the number of confirmations (the number of blocks in the chain since and including
+ * the block in which a note was produced.)
+ *
+ * See [`ZIP 315`] for details including the definitions of "trusted" and "untrusted" notes.
+ *
+ * # Note
+ *
+ * `trusted` and `untrusted` are both meant to be non-zero values.
+ * `0` will be treated as a request for a default value.
+ *
+ * [`ZIP 315`]: https://zips.z.cash/zip-0315
+ */
+typedef struct ConfirmationsPolicy {
+  /**
+   * The number of confirmations required before trusted notes may be spent. NonZero, set this
+   * and `untrusted` to zero to accept the default value for each.
+   */
+  uint32_t trusted;
+  /**
+   * The number of confirmations required before untrusted notes may be spent. NonZero, set this
+   * and `trusted` both to zero to accept the default value for each.
+   */
+  uint32_t untrusted;
+  /**
+   * A flag that enables selection of zero-conf transparent UTXOs for spends in shielding
+   * transactions.
+   */
+  bool allow_zero_conf_shielding;
+} ConfirmationsPolicy;
+
 /**
  * A struct that contains a subtree root.
  *
@@ -102,21 +235,21 @@ typedef struct FfiSubtreeRoot {
 
 /**
  * A struct that contains a pointer to, and length information for, a heap-allocated
- * slice of [`FfiSubtreeRoot`] values.
+ * slice of [`SubtreeRoot`] values.
  *
  * # Safety
  *
- * - `ptr` must be non-null and must be valid for reads for `len * mem::size_of::<FfiSubtreeRoot>()`
+ * - `ptr` must be non-null and must be valid for reads for `len * mem::size_of::<SubtreeRoot>()`
  *   many bytes, and it must be properly aligned. This means in particular:
  *   - The entire memory range pointed to by `ptr` must be contained within a single
  *     allocated object. Slices can never span across multiple allocated objects.
  *   - `ptr` must be non-null and aligned even for zero-length slices.
  *   - `ptr` must point to `len` consecutive properly initialized values of type
- *     [`FfiSubtreeRoot`].
- * - The total size `len * mem::size_of::<FfiSubtreeRoot>()` of the slice pointed to
+ *     [`SubtreeRoot`].
+ * - The total size `len * mem::size_of::<SubtreeRoot>()` of the slice pointed to
  *   by `ptr` must be no larger than isize::MAX. See the safety documentation of
  *   `pointer::offset`.
- * - See the safety documentation of [`FfiSubtreeRoot`]
+ * - See the safety documentation of [`SubtreeRoot`]
  */
 typedef struct FfiSubtreeRoots {
   struct FfiSubtreeRoot *ptr;
@@ -152,7 +285,7 @@ typedef struct FfiBalance {
  * The sum of this struct's fields is the total balance of the account.
  */
 typedef struct FfiAccountBalance {
-  uint32_t account_id;
+  uint8_t account_uuid[16];
   /**
    * The value of unspent Sapling outputs belonging to the account.
    */
@@ -198,18 +331,20 @@ typedef struct FfiScanProgress {
  * # Safety
  *
  * - `account_balances` must be non-null and must be valid for reads for
- *   `account_balances_len * mem::size_of::<FfiAccountBalance>()` many bytes, and it must
+ *   `account_balances_len * mem::size_of::<AccountBalance>()` many bytes, and it must
  *   be properly aligned. This means in particular:
  *   - The entire memory range pointed to by `account_balances` must be contained within
  *     a single allocated object. Slices can never span across multiple allocated objects.
  *   - `account_balances` must be non-null and aligned even for zero-length slices.
  *   - `account_balances` must point to `len` consecutive properly initialized values of
- *     type [`FfiAccountBalance`].
- * - The total size `account_balances_len * mem::size_of::<FfiAccountBalance>()` of the
+ *     type [`AccountBalance`].
+ * - The total size `account_balances_len * mem::size_of::<AccountBalance>()` of the
  *   slice pointed to by `account_balances` must be no larger than `isize::MAX`. See the
  *   safety documentation of `pointer::offset`.
  * - `scan_progress` must, if non-null, point to a struct having the layout of
- *   [`FfiScanProgress`].
+ *   [`ScanProgress`].
+ * - `recovery_progress` must, if non-null, point to a struct having the layout of
+ *   [`ScanProgress`].
  */
 typedef struct FfiWalletSummary {
   struct FfiAccountBalance *account_balances;
@@ -217,6 +352,7 @@ typedef struct FfiWalletSummary {
   int32_t chain_tip_height;
   int32_t fully_scanned_height;
   struct FfiScanProgress *scan_progress;
+  struct FfiScanProgress *recovery_progress;
   uint64_t next_sapling_subtree_index;
   uint64_t next_orchard_subtree_index;
 } FfiWalletSummary;
@@ -233,18 +369,18 @@ typedef struct FfiScanRange {
 
 /**
  * A struct that contains a pointer to, and length information for, a heap-allocated
- * slice of [`FfiScanRange`] values.
+ * slice of [`ScanRange`] values.
  *
  * # Safety
  *
- * - `ptr` must be non-null and must be valid for reads for `len * mem::size_of::<FfiScanRange>()`
+ * - `ptr` must be non-null and must be valid for reads for `len * mem::size_of::<ScanRange>()`
  *   many bytes, and it must be properly aligned. This means in particular:
  *   - The entire memory range pointed to by `ptr` must be contained within a single
  *     allocated object. Slices can never span across multiple allocated objects.
  *   - `ptr` must be non-null and aligned even for zero-length slices.
  *   - `ptr` must point to `len` consecutive properly initialized values of type
- *     [`FfiScanRange`].
- * - The total size `len * mem::size_of::<FfiScanRange>()` of the slice pointed to
+ *     [`ScanRange`].
+ * - The total size `len * mem::size_of::<ScanRange>()` of the slice pointed to
  *   by `ptr` must be no larger than isize::MAX. See the safety documentation of
  *   `pointer::offset`.
  */
@@ -316,10 +452,12 @@ typedef struct FfiBoxedSlice {
  *   by `ptr` must be no larger than isize::MAX. See the safety documentation of
  *   `pointer::offset`.
  */
-typedef struct FfiTxIds {
+typedef struct FfiSymmetricKeys {
   uint8_t (*ptr)[32];
   uintptr_t len;
-} FfiTxIds;
+} FfiSymmetricKeys;
+
+typedef struct FfiSymmetricKeys FfiTxIds;
 
 /**
  * Metadata about the status of a transaction obtained by inspecting the chain state.
@@ -402,18 +540,51 @@ enum FfiTransactionDataRequest_Tag {
    *
    * [`GetTaddressTxids`]: crate::proto::service::compact_tx_streamer_client::CompactTxStreamerClient::get_taddress_txids
    */
-  SpendsFromAddress,
+  TransactionsInvolvingAddress,
 };
 typedef uint8_t FfiTransactionDataRequest_Tag;
 
-typedef struct SpendsFromAddress_Body {
+typedef struct TransactionsInvolvingAddress_Body {
+  /**
+   * The address to request transactions and/or UTXOs for.
+   */
   char *address;
+  /**
+   * Only transactions mined at heights greater than or equal to this height should be
+   * returned.
+   */
   uint32_t block_range_start;
   /**
-   * An optional end height; no end height is represented as `-1`
+   * Only transactions mined at heights less than this height should be returned.
+   *
+   * Either a `u32` value, or `-1` representing no end height.
    */
   int64_t block_range_end;
-} SpendsFromAddress_Body;
+  /**
+   * If `request_at` is non-negative, the caller evaluating this request should attempt to
+   * retrieve transaction data related to the specified address at a time that is as close
+   * as practical to the specified instant, and in a fashion that decorrelates this request
+   * to a light wallet server from other requests made by the same caller.
+   *
+   * `-1` is the only negative value, meaning "unset".
+   *
+   * This may be ignored by callers that are able to satisfy the request without exposing
+   * correlations between addresses to untrusted parties; for example, a wallet application
+   * that uses a private, trusted-for-privacy supplier of chain data can safely ignore this
+   * field.
+   */
+  int64_t request_at;
+  /**
+   * The caller should respond to this request only with transactions that conform to the
+   * specified transaction status filter.
+   */
+  enum TransactionStatusFilter tx_status_filter;
+  /**
+   * The caller should respond to this request only with transactions containing outputs
+   * that conform to the specified output status filter.
+   */
+  enum OutputStatusFilter output_status_filter;
+} TransactionsInvolvingAddress_Body;
 
 typedef struct FfiTransactionDataRequest {
   FfiTransactionDataRequest_Tag tag;
@@ -424,32 +595,94 @@ typedef struct FfiTransactionDataRequest {
     struct {
       uint8_t enhancement[32];
     };
-    SpendsFromAddress_Body spends_from_address;
+    TransactionsInvolvingAddress_Body transactions_involving_address;
   };
 } FfiTransactionDataRequest;
 
 /**
  * A struct that contains a pointer to, and length information for, a heap-allocated
- * slice of [`FfiTransactionDataRequest`] values.
+ * slice of [`TransactionDataRequest`] values.
  *
  * # Safety
  *
- * - `ptr` must be non-null and must be valid for reads for `len * mem::size_of::<FfiTransactionDataRequest>()`
+ * - `ptr` must be non-null and must be valid for reads for `len * mem::size_of::<TransactionDataRequest>()`
  *   many bytes, and it must be properly aligned. This means in particular:
  *   - The entire memory range pointed to by `ptr` must be contained within a single allocated
  *     object. Slices can never span across multiple allocated objects.
  *   - `ptr` must be non-null and aligned even for zero-length slices.
  *   - `ptr` must point to `len` consecutive properly initialized values of type
- *     [`FfiTransactionDataRequest`].
- * - The total size `len * mem::size_of::<FfiTransactionDataRequest>()` of the slice pointed to
+ *     [`TransactionDataRequest`].
+ * - The total size `len * mem::size_of::<TransactionDataRequest>()` of the slice pointed to
  *   by `ptr` must be no larger than isize::MAX. See the safety documentation of pointer::offset.
- * - See the safety documentation of [`FfiTransactionDataRequest`]
+ * - See the safety documentation of [`TransactionDataRequest`]
  */
 typedef struct FfiTransactionDataRequests {
   struct FfiTransactionDataRequest *ptr;
   uintptr_t len;
 } FfiTransactionDataRequests;
 
+/**
+ * An HTTP header from a response.
+ *
+ * Memory is managed by Rust.
+ */
+typedef struct FfiHttpResponseHeader {
+  /**
+   * The header name as a C string.
+   */
+  char *name;
+  /**
+   * The header value as a C string.
+   */
+  char *value;
+} FfiHttpResponseHeader;
+
+/**
+ * A struct that contains an HTTP response.
+ */
+typedef struct FfiHttpResponseBytes {
+  /**
+   * The response's status.
+   */
+  uint16_t status;
+  /**
+   * The response's version.
+   */
+  char *version;
+  /**
+   * A pointer to a list of the response's headers.
+   */
+  struct FfiHttpResponseHeader *headers_ptr;
+  /**
+   * The length of the data in `headers_ptr`.
+   */
+  uintptr_t headers_len;
+  /**
+   * A pointer to the HTTP body bytes.
+   */
+  uint8_t *body_ptr;
+  /**
+   * The length of the data in `body_ptr`.
+   */
+  uintptr_t body_len;
+} FfiHttpResponseBytes;
+
+/**
+ * An HTTP header for a request.
+ *
+ * Memory is managed by Swift.
+ */
+typedef struct FfiHttpRequestHeader {
+  /**
+   * The header name as a C string.
+   */
+  const char *name;
+  /**
+   * The header value as a C string.
+   */
+  const char *value;
+} FfiHttpRequestHeader;
+
 /**
  * A decimal suitable for converting into an `NSDecimalNumber`.
  */
@@ -459,6 +692,42 @@ typedef struct Decimal {
   bool is_sign_negative;
 } Decimal;
 
+/**
+ * The result of checking for UTXOs received by an ephemeral address.
+ *
+ */
+enum FfiAddressCheckResult_Tag {
+  /**
+   * No UTXOs were found as a result of the check.
+   */
+  FfiAddressCheckResult_NotFound,
+  /**
+   * UTXOs were found for the given address.
+   */
+  FfiAddressCheckResult_Found,
+};
+typedef uint8_t FfiAddressCheckResult_Tag;
+
+typedef struct FfiAddressCheckResult_Found_Body {
+  char *address;
+} FfiAddressCheckResult_Found_Body;
+
+typedef struct FfiAddressCheckResult {
+  FfiAddressCheckResult_Tag tag;
+  union {
+    FfiAddressCheckResult_Found_Body found;
+  };
+} FfiAddressCheckResult;
+
+/**
+ * A struct that contains a Zcash unified address, along with the diversifier index used to
+ * generate that address.
+ */
+typedef struct FfiAddress {
+  char *address;
+  uint8_t diversifier_index_bytes[11];
+} FfiAddress;
+
 /**
  * Initializes global Rust state, such as the logging infrastructure and threadpools.
  *
@@ -543,16 +812,6 @@ int32_t zcashlc_init_data_database(const uint8_t *db_data,
                                    uintptr_t seed_len,
                                    uint32_t network_id);
 
-/**
- * Frees an array of FfiAccounts values as allocated by `zcashlc_list_accounts`.
- *
- * # Safety
- *
- * - `ptr` must be non-null and must point to a struct having the layout of [`FfiAccounts`].
- *   See the safety documentation of [`FfiAccounts`].
- */
-void zcashlc_free_accounts(struct FfiAccounts *ptr);
-
 /**
  * Returns a list of the accounts in the wallet.
  *
@@ -572,14 +831,28 @@ struct FfiAccounts *zcashlc_list_accounts(const uint8_t *db_data,
                                           uint32_t network_id);
 
 /**
- * Frees a FFIBinaryKey value
+ * Returns the account data for the specified account identifier, or the [`ffi::Account::NOT_FOUND`]
+ * sentinel value if the account id does not correspond to an account in the wallet.
  *
  * # Safety
  *
- * - `ptr` must be non-null and must point to a struct having the layout of [`FFIBinaryKey`].
- *   See the safety documentation of [`FFIBinaryKey`].
+ * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
+ *   alignment of `1`. Its contents must be a string representing a valid system path in the
+ *   operating system's preferred representation.
+ * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
+ * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ * - `account_uuid_bytes` must be non-null and valid for reads for 16 bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `account_uuid_bytes` must not be mutated for the duration of the
+ *   function call.
+ * - Call [`zcashlc_free_account`] to free the memory associated with the returned pointer
+ *   when done using it.
  */
-void zcashlc_free_binary_key(struct FFIBinaryKey *ptr);
+struct FfiAccount *zcashlc_get_account(const uint8_t *db_data,
+                                       uintptr_t db_data_len,
+                                       uint32_t network_id,
+                                       const uint8_t *account_uuid_bytes);
 
 /**
  * Adds the next available account-level spend authority, given the current set of [ZIP 316]
@@ -610,6 +883,11 @@ void zcashlc_free_binary_key(struct FFIBinaryKey *ptr);
  * - The memory referenced by `seed` must not be mutated for the duration of the function call.
  * - The total size `seed_len` must be no larger than `isize::MAX`. See the safety documentation
  *   of pointer::offset.
+ * - `treestate` must be non-null and valid for reads for `treestate_len` bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `treestate` must not be mutated for the duration of the function call.
+ * - The total size `treestate_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
  * - Call [`zcashlc_free_binary_key`] to free the memory associated with the returned pointer when
  *   you are finished using it.
  *
@@ -622,7 +900,53 @@ struct FFIBinaryKey *zcashlc_create_account(const uint8_t *db_data,
                                             const uint8_t *treestate,
                                             uintptr_t treestate_len,
                                             int64_t recover_until,
-                                            uint32_t network_id);
+                                            uint32_t network_id,
+                                            const char *account_name,
+                                            const char *key_source);
+
+/**
+ * Adds a new account to the wallet by importing the UFVK that will be used to detect incoming
+ * payments.
+ *
+ * Derivation metadata may optionally be included. To indicate that no derivation metadata is
+ * available, the `seed_fingerprint` argument should be set to the null pointer and
+ * `hd_account_index` should be set to the value `u32::MAX`. Derivation metadata will not be
+ * stored unless both the seed fingerprint and the HD account index are provided.
+ *
+ * Returns the globally unique identifier for the account.
+ *
+ * # Safety
+ *
+ * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
+ *   alignment of `1`. Its contents must be a string representing a valid system path in the
+ *   operating system's preferred representation.
+ * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
+ * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ * - `ufvk` must be non-null and must point to a null-terminated UTF-8 string.
+ * - `treestate` must be non-null and valid for reads for `treestate_len` bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `treestate` must not be mutated for the duration of the function call.
+ * - The total size `treestate_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ * - `seed_fingerprint` must either be either null or valid for reads for 32 bytes, and it must
+ *   have an alignment of `1`.
+ *
+ * - Call [`zcashlc_free_ffi_uuid`] to free the memory associated with the returned pointer when
+ *   you are finished using it.
+ */
+struct FfiUuid *zcashlc_import_account_ufvk(const uint8_t *db_data,
+                                            uintptr_t db_data_len,
+                                            const char *ufvk,
+                                            const uint8_t *treestate,
+                                            uintptr_t treestate_len,
+                                            int64_t recover_until,
+                                            uint32_t network_id,
+                                            uint32_t purpose,
+                                            const char *account_name,
+                                            const char *key_source,
+                                            const uint8_t *seed_fingerprint,
+                                            uint32_t hd_account_index_raw);
 
 /**
  * Checks whether the given seed is relevant to any of the accounts in the wallet.
@@ -653,57 +977,68 @@ int8_t zcashlc_is_seed_relevant_to_any_derived_account(const uint8_t *db_data,
                                                        uint32_t network_id);
 
 /**
- * Frees an array of FFIEncodedKeys values as allocated by `zcashlc_derive_unified_viewing_keys_from_seed`
- *
- * # Safety
+ * Deletes the specified account, and all transactions that exclusively involve it, from the
+ * wallet database.
  *
- * - `ptr` must be non-null and must point to a struct having the layout of [`FFIEncodedKeys`].
- *   See the safety documentation of [`FFIEncodedKeys`].
- */
-void zcashlc_free_keys(struct FFIEncodedKeys *ptr);
-
-/**
- * Derives and returns a unified spending key from the given seed for the given account ID.
+ * WARNING: This is a destructive operation and may result in the permanent loss of
+ * potentially important information that is not recoverable from chain data, including:
+ * * Data about transactions sent by the account for which [`OvkPolicy::Discard`] (or
+ *   [`OvkPolicy::Custom`] with random OVKs) was used;
+ * * Data related to transactions that the account attempted to send that expired or were
+ *   otherwise invalidated without having been mined in the main chain;
+ * * Data related to transactions that were observed in the mempool as having inputs or
+ *   outputs that involved the account, but that were never mined in the main chain;
+ * * Data related to transactions that were received by the wallet in a mined block, where
+ *   that block was later un-mined in a chain reorg and the transaction was either invalidated
+ *   or was never re-mined.
  *
- * Returns the binary encoding of the spending key. The caller should manage the memory of (and
- * store, if necessary) the returned spending key in a secure fashion.
+ * Returns `true` on success, or `false` if an error is raised.
  *
  * # Safety
  *
+ * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
+ *   alignment of `1`. Its contents must be a string representing a valid system path in the
+ *   operating system's preferred representation.
+ * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
+ * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
  * - `seed` must be non-null and valid for reads for `seed_len` bytes, and it must have an
  *   alignment of `1`.
- * - The memory referenced by `seed` must not be mutated for the duration of the function call.
- * - The total size `seed_len` must be no larger than `isize::MAX`. See the safety documentation
- *   of pointer::offset.
- * - Call `zcashlc_free_binary_key` to free the memory associated with the returned pointer when
- *   you are finished using it.
+ *
+ * [`OvkPolicy::Discard`]: zcash_client_backend::wallet::OvkPolicy::Discard
+ * [`OvkPolicy::Custom`]: zcash_client_backend::wallet::OvkPolicy::Custom
  */
-struct FFIBinaryKey *zcashlc_derive_spending_key(const uint8_t *seed,
-                                                 uintptr_t seed_len,
-                                                 int32_t account,
-                                                 uint32_t network_id);
+bool zcashlc_delete_account(const uint8_t *db_data,
+                            uintptr_t db_data_len,
+                            uint32_t network_id,
+                            const uint8_t *account_uuid_bytes);
 
 /**
- * Obtains the unified full viewing key for the given binary-encoded unified spending key
- * and returns the resulting encoded UFVK string. `usk_ptr` should point to an array of `usk_len`
- * bytes containing a unified spending key encoded as returned from the `zcashlc_create_account`
- * or `zcashlc_derive_spending_key` functions.
+ * Returns the most-recently-generated unified payment address for the specified account.
  *
  * # Safety
  *
- * - `usk_ptr` must be non-null and must point to an array of `usk_len` bytes.
- * - The memory referenced by `usk_ptr` must not be mutated for the duration of the function call.
- * - The total size `usk_len` must be no larger than `isize::MAX`. See the safety documentation
- *   of pointer::offset.
+ * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
+ *   alignment of `1`. Its contents must be a string representing a valid system path in the
+ *   operating system's preferred representation.
+ * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
+ * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ * - `account_uuid_bytes` must be non-null and valid for reads for 16 bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `account_uuid_bytes` must not be mutated for the duration of the
+ *   function call.
  * - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
- *   when you are done using it.
+ *   when done using it.
  */
-char *zcashlc_spending_key_to_full_viewing_key(const uint8_t *usk_ptr,
-                                               uintptr_t usk_len,
-                                               uint32_t network_id);
+char *zcashlc_get_current_address(const uint8_t *db_data,
+                                  uintptr_t db_data_len,
+                                  const uint8_t *account_uuid_bytes,
+                                  uint32_t network_id);
 
 /**
- * Returns the most-recently-generated unified payment address for the specified account.
+ * Generates and returns an ephemeral address for one-time use, such as when receiving a swap from
+ * a decentralized exchange.
  *
  * # Safety
  *
@@ -713,17 +1048,31 @@ char *zcashlc_spending_key_to_full_viewing_key(const uint8_t *usk_ptr,
  * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
  * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
  *   documentation of pointer::offset.
- * - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
+ * - `account_uuid_bytes` must be non-null and valid for reads for 16 bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `account_uuid_bytes` must not be mutated for the duration of the
+ *   function call.
+ * - Call [`zcashlc_free_single_use_address`] to free the memory associated with the returned pointer
  *   when done using it.
  */
-char *zcashlc_get_current_address(const uint8_t *db_data,
-                                  uintptr_t db_data_len,
-                                  int32_t account,
-                                  uint32_t network_id);
+struct FfiSingleUseTaddr *zcashlc_get_single_use_taddr(const uint8_t *db_data,
+                                                       uintptr_t db_data_len,
+                                                       uint32_t network_id,
+                                                       const uint8_t *account_uuid_bytes);
 
 /**
  * Returns a newly-generated unified payment address for the specified account, with the next
- * available diversifier.
+ * available diversifier and the specified set of receivers.
+ *
+ * The set of receivers to include in the generated address is specified by a byte which may have
+ * any of the following bits set:
+ * * P2PKH = 0b00000001
+ * * SAPLING = 0b00000100
+ * * ORCHARD = 0b00001000
+ *
+ * For each bit set, a corresponding receiver will be required to be generated. If no
+ * corresponding viewing key exists in the wallet for a required receiver, this will return an
+ * error. At present, p2pkh-only unified addresses are not supported.
  *
  * # Safety
  *
@@ -733,17 +1082,23 @@ char *zcashlc_get_current_address(const uint8_t *db_data,
  * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
  * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
  *   documentation of pointer::offset.
+ * - `account_uuid_bytes` must be non-null and valid for reads for 16 bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `account_uuid_bytes` must not be mutated for the duration of the
+ *   function call.
  * - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
  *   when done using it.
  */
 char *zcashlc_get_next_available_address(const uint8_t *db_data,
                                          uintptr_t db_data_len,
-                                         int32_t account,
-                                         uint32_t network_id);
+                                         const uint8_t *account_uuid_bytes,
+                                         uint32_t network_id,
+                                         uint32_t receiver_flags);
 
 /**
- * Returns a list of the transparent receivers for the diversified unified addresses that have
- * been allocated for the provided account.
+ * Returns a list of the transparent addresses that have been allocated for the provided account,
+ * including potentially-unrevealed public-scope and private-scope (change) addresses within the
+ * gap limit, which is currently set to 10 for public-scope addresses and 5 for change addresses.
  *
  * # Safety
  *
@@ -753,144 +1108,42 @@ char *zcashlc_get_next_available_address(const uint8_t *db_data,
  * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
  * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
  *   documentation of pointer::offset.
+ * - `account_uuid_bytes` must be non-null and valid for reads for 16 bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `account_uuid_bytes` must not be mutated for the duration of the
+ *   function call.
  * - Call [`zcashlc_free_keys`] to free the memory associated with the returned pointer
  *   when done using it.
  */
 struct FFIEncodedKeys *zcashlc_list_transparent_receivers(const uint8_t *db_data,
                                                           uintptr_t db_data_len,
-                                                          int32_t account_id,
+                                                          const uint8_t *account_uuid_bytes,
                                                           uint32_t network_id);
 
 /**
- * Extracts the typecodes of the receivers within the given Unified Address.
- *
- * Returns a pointer to a slice of typecodes. `len_ret` is set to the length of the
- * slice.
- *
- * See the following sections of ZIP 316 for details on how to interpret typecodes:
- * - [List of known typecodes](https://zips.z.cash/zip-0316#encoding-of-unified-addresses)
- * - [Adding new types](https://zips.z.cash/zip-0316#adding-new-types)
- * - [Metadata Items](https://zips.z.cash/zip-0316#metadata-items)
+ * Returns the verified transparent balance for `address`, which ignores utxos that have been
+ * received too recently and are not yet deemed spendable according to `confirmations_policy`.
  *
  * # Safety
  *
- * - `ua` must be non-null and must point to a null-terminated UTF-8 string containing an
- *   encoded Unified Address.
- * - Call [`zcashlc_free_typecodes`] to free the memory associated with the returned
- *   pointer when done using it.
+ * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
+ *   alignment of `1`. Its contents must be a string representing a valid system path in the
+ *   operating system's preferred representation.
+ * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
+ * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ * - `address` must be non-null and must point to a null-terminated UTF-8 string.
+ * - The memory referenced by `address` must not be mutated for the duration of the function call.
  */
-uint32_t *zcashlc_get_typecodes_for_unified_address_receivers(const char *ua, uintptr_t *len_ret);
+int64_t zcashlc_get_verified_transparent_balance(const uint8_t *db_data,
+                                                 uintptr_t db_data_len,
+                                                 const char *address,
+                                                 uint32_t network_id,
+                                                 struct ConfirmationsPolicy confirmations_policy);
 
 /**
- * Frees a list of typecodes previously obtained from the FFI.
- *
- * # Safety
- *
- * - `data` and `len` must have been obtained from
- *   [`zcashlc_get_typecodes_for_unified_address_receivers`].
- */
-void zcashlc_free_typecodes(uint32_t *data, uintptr_t len);
-
-/**
- * Returns the transparent receiver within the given Unified Address, if any.
- *
- * # Safety
- *
- * - `ua` must be non-null and must point to a null-terminated UTF-8 string.
- * - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
- *   when done using it.
- */
-char *zcashlc_get_transparent_receiver_for_unified_address(const char *ua);
-
-/**
- * Returns the Sapling receiver within the given Unified Address, if any.
- *
- * # Safety
- *
- * - `ua` must be non-null and must point to a null-terminated UTF-8 string.
- * - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
- *   when done using it.
- */
-char *zcashlc_get_sapling_receiver_for_unified_address(const char *ua);
-
-/**
- * Returns the network type and address kind for the given address string,
- * if the address is a valid Zcash address.
- *
- * Address kind codes are as follows:
- * * p2pkh: 0
- * * p2sh: 1
- * * sapling: 2
- * * unified: 3
- * * tex: 4
- *
- * # Safety
- *
- * - `address` must be non-null and must point to a null-terminated UTF-8 string.
- * - The memory referenced by `address` must not be mutated for the duration of the function call.
- */
-bool zcashlc_get_address_metadata(const char *address,
-                                  uint32_t *network_id_ret,
-                                  uint32_t *addr_kind_ret);
-
-/**
- * Returns true when the provided key decodes to a valid Sapling extended spending key for the
- * specified network, false in any other case.
- *
- * # Safety
- *
- * - `extsk` must be non-null and must point to a null-terminated UTF-8 string.
- * - The memory referenced by `extsk` must not be mutated for the duration of the function call.
- */
-bool zcashlc_is_valid_sapling_extended_spending_key(const char *extsk, uint32_t network_id);
-
-/**
- * Returns true when the provided key decodes to a valid Sapling extended full viewing key for the
- * specified network, false in any other case.
- *
- * # Safety
- *
- * - `key` must be non-null and must point to a null-terminated UTF-8 string.
- * - The memory referenced by `key` must not be mutated for the duration of the function call.
- */
-bool zcashlc_is_valid_viewing_key(const char *key, uint32_t network_id);
-
-/**
- * Returns true when the provided key decodes to a valid unified full viewing key for the
- * specified network, false in any other case.
- *
- * # Safety
- *
- * - `ufvk` must be non-null and must point to a null-terminated UTF-8 string.
- * - The memory referenced by `ufvk` must not be mutated for the duration of the
- *   function call.
- */
-bool zcashlc_is_valid_unified_full_viewing_key(const char *ufvk, uint32_t network_id);
-
-/**
- * Returns the verified transparent balance for `address`, which ignores utxos that have been
- * received too recently and are not yet deemed spendable according to `min_confirmations`.
- *
- * # Safety
- *
- * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
- *   alignment of `1`. Its contents must be a string representing a valid system path in the
- *   operating system's preferred representation.
- * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
- * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
- *   documentation of pointer::offset.
- * - `address` must be non-null and must point to a null-terminated UTF-8 string.
- * - The memory referenced by `address` must not be mutated for the duration of the function call.
- */
-int64_t zcashlc_get_verified_transparent_balance(const uint8_t *db_data,
-                                                 uintptr_t db_data_len,
-                                                 const char *address,
-                                                 uint32_t network_id,
-                                                 uint32_t min_confirmations);
-
-/**
- * Returns the verified transparent balance for `account`, which ignores utxos that have been
- * received too recently and are not yet deemed spendable according to `min_confirmations`.
+ * Returns the verified transparent balance for `account`, which ignores utxos that have been
+ * received too recently and are not yet deemed spendable according to `confirmations_policy`.
  *
  * # Safety
  *
@@ -900,14 +1153,16 @@ int64_t zcashlc_get_verified_transparent_balance(const uint8_t *db_data,
  * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
  * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
  *   documentation of pointer::offset.
- * - `address` must be non-null and must point to a null-terminated UTF-8 string.
- * - The memory referenced by `address` must not be mutated for the duration of the function call.
+ * - `account_uuid_bytes` must be non-null and valid for reads for 16 bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `account_uuid_bytes` must not be mutated for the duration of the
+ *   function call.
  */
 int64_t zcashlc_get_verified_transparent_balance_for_account(const uint8_t *db_data,
                                                              uintptr_t db_data_len,
                                                              uint32_t network_id,
-                                                             int32_t account,
-                                                             uint32_t min_confirmations);
+                                                             const uint8_t *account_uuid_bytes,
+                                                             struct ConfirmationsPolicy confirmations_policy);
 
 /**
  * Returns the balance for `address`, including all UTXOs that we know about.
@@ -939,13 +1194,15 @@ int64_t zcashlc_get_total_transparent_balance(const uint8_t *db_data,
  * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
  * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
  *   documentation of pointer::offset.
- * - `address` must be non-null and must point to a null-terminated UTF-8 string.
- * - The memory referenced by `address` must not be mutated for the duration of the function call.
+ * - `account_uuid_bytes` must be non-null and valid for reads for 16 bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `account_uuid_bytes` must not be mutated for the duration of the
+ *   function call.
  */
 int64_t zcashlc_get_total_transparent_balance_for_account(const uint8_t *db_data,
                                                           uintptr_t db_data_len,
                                                           uint32_t network_id,
-                                                          int32_t account);
+                                                          const uint8_t *account_uuid_bytes);
 
 /**
  * Returns the memo for a note by copying the corresponding bytes to the received
@@ -971,28 +1228,6 @@ bool zcashlc_get_memo(const uint8_t *db_data,
                       uint8_t *memo_bytes_ret,
                       uint32_t network_id);
 
-/**
- * Returns the memo for a note, if it is known and a valid UTF-8 string.
- *
- * # Safety
- *
- * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
- *   alignment of `1`. Its contents must be a string representing a valid system path in the
- *   operating system's preferred representation.
- * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
- * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
- *   documentation of pointer::offset.
- * - `txid_bytes` must be non-null and valid for reads for 32 bytes, and it must have an alignment
- *   of `1`.
- * - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
- *   when done using it.
- */
-char *zcashlc_get_memo_as_utf8(const uint8_t *db_data,
-                               uintptr_t db_data_len,
-                               const uint8_t *txid_bytes,
-                               uint16_t output_index,
-                               uint32_t network_id);
-
 /**
  * Returns a ZIP-32 signature of the given seed bytes.
  *
@@ -1163,31 +1398,13 @@ int64_t zcashlc_max_scanned_height(const uint8_t *db_data,
  *   function call.
  * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
  *   documentation of pointer::offset.
+ * - Call [`zcashlc_free_wallet_summary`] to free the memory associated with the returned
+ *   pointer when done using it.
  */
 struct FfiWalletSummary *zcashlc_get_wallet_summary(const uint8_t *db_data,
                                                     uintptr_t db_data_len,
                                                     uint32_t network_id,
-                                                    uint32_t min_confirmations);
-
-/**
- * Frees an [`FfiWalletSummary`] value.
- *
- * # Safety
- *
- * - `ptr` must be non-null and must point to a struct having the layout of [`FfiWalletSummary`].
- *   See the safety documentation of [`FfiWalletSummary`].
- */
-void zcashlc_free_wallet_summary(struct FfiWalletSummary *ptr);
-
-/**
- * Frees an array of FfiScanRanges values as allocated by `zcashlc_derive_unified_viewing_keys_from_seed`
- *
- * # Safety
- *
- * - `ptr` must be non-null and must point to a struct having the layout of [`FfiScanRanges`].
- *   See the safety documentation of [`FfiScanRanges`].
- */
-void zcashlc_free_scan_ranges(struct FfiScanRanges *ptr);
+                                                    struct ConfirmationsPolicy confirmations_policy);
 
 /**
  * Returns a list of suggested scan ranges based upon the current wallet state.
@@ -1256,15 +1473,6 @@ struct FfiScanSummary *zcashlc_scan_blocks(const uint8_t *fs_block_cache_root,
                                            uint32_t scan_limit,
                                            uint32_t network_id);
 
-/**
- * Frees an [`FfiScanSummary`] value.
- *
- * # Safety
- *
- * - `ptr` must be non-null and must point to a struct having the layout of [`FfiScanSummary`].
- */
-void zcashlc_free_scan_summary(struct FfiScanSummary *ptr);
-
 /**
  * Inserts a UTXO into the wallet database.
  *
@@ -1331,8 +1539,8 @@ bool zcashlc_init_block_metadata_db(const uint8_t *fs_block_db_root,
  * - The total size `fs_block_db_root_len` must be no larger than `isize::MAX`. See the safety
  *   documentation of pointer::offset.
  * - Block metadata represented in `blocks_meta` must be non-null. Caller must guarantee that the
- * memory reference by this pointer is not freed up, dereferenced or invalidated while this function
- * is invoked.
+ *   memory reference by this pointer is not freed up, dereferenced or invalidated while this
+ *   function is invoked.
  */
 bool zcashlc_write_block_metadata(const uint8_t *fs_block_db_root,
                                   uintptr_t fs_block_db_root_len,
@@ -1395,23 +1603,16 @@ int32_t zcashlc_latest_cached_block_height(const uint8_t *fs_block_db_root,
  * - The memory referenced by `tx` must not be mutated for the duration of the function call.
  * - The total size `tx_len` must be no larger than `isize::MAX`. See the safety
  *   documentation of pointer::offset.
+ * - `txid_ret` must be non-null and valid for writes of 32 bytes with an alignment of 1.
+ *   On successful execution this will contain the txid of the decrypted transaction.
  */
 int32_t zcashlc_decrypt_and_store_transaction(const uint8_t *db_data,
                                               uintptr_t db_data_len,
                                               const uint8_t *tx,
                                               uintptr_t tx_len,
                                               int64_t mined_height,
-                                              uint32_t network_id);
-
-/**
- * Frees an [`FfiBoxedSlice`].
- *
- * # Safety
- *
- * - `ptr` must be non-null and must point to a struct having the layout of
- *   [`FfiBoxedSlice`]. See the safety documentation of [`FfiBoxedSlice`].
- */
-void zcashlc_free_boxed_slice(struct FfiBoxedSlice *ptr);
+                                              uint32_t network_id,
+                                              uint8_t *txid_ret);
 
 /**
  * Select transaction inputs, compute fees, and construct a proposal for a transaction
@@ -1426,21 +1627,56 @@ void zcashlc_free_boxed_slice(struct FfiBoxedSlice *ptr);
  * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
  * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
  *   documentation of pointer::offset.
+ * - `account_uuid_bytes` must be non-null and valid for reads for 16 bytes, and it must have an alignment
+ *   of `1`.
+ * - The memory referenced by `account_uuid_bytes` must not be mutated for the duration of the
+ *   function call.
  * - `to` must be non-null and must point to a null-terminated UTF-8 string.
  * - `memo` must either be null (indicating an empty memo or a transparent recipient) or point to a
- *    512-byte array.
+ *   512-byte array.
  * - Call [`zcashlc_free_boxed_slice`] to free the memory associated with the returned
  *   pointer when done using it.
  */
 struct FfiBoxedSlice *zcashlc_propose_transfer(const uint8_t *db_data,
                                                uintptr_t db_data_len,
-                                               int32_t account,
+                                               const uint8_t *account_uuid_bytes,
                                                const char *to,
                                                int64_t value,
                                                const uint8_t *memo,
                                                uint32_t network_id,
-                                               uint32_t min_confirmations,
-                                               bool use_zip317_fees);
+                                               struct ConfirmationsPolicy confirmations_policy);
+
+/**
+ * Selects all spendable transaction inputs, computes fees, and constructs a proposal for a transaction
+ * that can then be authorized and made ready for submission to the network with
+ * `zcashlc_create_proposed_transaction`.
+ *
+ * # Safety
+ *
+ * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
+ *   alignment of `1`. Its contents must be a string representing a valid system path in the
+ *   operating system's preferred representation.
+ * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
+ * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ * - `account_uuid_bytes` must be non-null and valid for reads for 16 bytes, and it must have an alignment
+ *   of `1`.
+ * - The memory referenced by `account_uuid_bytes` must not be mutated for the duration of the
+ *   function call.
+ * - `to` must be non-null and must point to a null-terminated UTF-8 string.
+ * - `memo` must either be null (indicating an empty memo or a transparent recipient) or point to a
+ *   512-byte array.
+ * - Call [`zcashlc_free_boxed_slice`] to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct FfiBoxedSlice *zcashlc_propose_send_max_transfer(const uint8_t *db_data,
+                                                        uintptr_t db_data_len,
+                                                        uint32_t network_id,
+                                                        const uint8_t *account_uuid_bytes,
+                                                        const char *to,
+                                                        const uint8_t *memo,
+                                                        enum FfiMaxSpendMode mode,
+                                                        struct ConfirmationsPolicy confirmations_policy);
 
 /**
  * Select transaction inputs, compute fees, and construct a proposal for a transaction
@@ -1455,20 +1691,23 @@ struct FfiBoxedSlice *zcashlc_propose_transfer(const uint8_t *db_data,
  * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
  * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
  *   documentation of pointer::offset.
+ * - `account_uuid_bytes` must be non-null and valid for reads for 16 bytes, and it must have an alignment
+ *   of `1`.
+ * - The memory referenced by `account_uuid_bytes` must not be mutated for the duration of the
+ *   function call.
  * - `payment_uri` must be non-null and must point to a null-terminated UTF-8 string.
  * - `network_id` a u32. 0 for Testnet and 1 for Mainnet
- * - `min_confirmations` number of confirmations of the funds to spend
+ * - `confirmations_policy` number of trusted/untrusted confirmations of the funds to spend
  * - `use_zip317_fees` `true` to use ZIP-317 fees.
  * - Call [`zcashlc_free_boxed_slice`] to free the memory associated with the returned
  *   pointer when done using it.
  */
 struct FfiBoxedSlice *zcashlc_propose_transfer_from_uri(const uint8_t *db_data,
                                                         uintptr_t db_data_len,
-                                                        int32_t account,
+                                                        const uint8_t *account_uuid_bytes,
                                                         const char *payment_uri,
                                                         uint32_t network_id,
-                                                        uint32_t min_confirmations,
-                                                        bool use_zip317_fees);
+                                                        struct ConfirmationsPolicy confirmations_policy);
 
 int32_t zcashlc_branch_id_for_height(int32_t height, uint32_t network_id);
 
@@ -1484,7 +1723,29 @@ void zcashlc_string_free(char *s);
 /**
  * Select transaction inputs, compute fees, and construct a proposal for a shielding
  * transaction that can then be authorized and made ready for submission to the network
- * with `zcashlc_create_proposed_transaction`.
+ * with `zcashlc_create_proposed_transaction`. If there are no receivers (as selected
+ * by `transparent_receiver`) for which at least `shielding_threshold` of value is
+ * available to shield, fail with an error.
+ *
+ * # Parameters
+ *
+ * - db_data: A string represented as a sequence of UTF-8 bytes.
+ * - db_data_len: The length of `db_data`, in bytes.
+ * - account_uuid_bytes: a 16-byte array representing the UUID for an account
+ * - memo: `null` to represent "no memo", or a pointer to an array containing exactly 512 bytes.
+ * - shielding_threshold: the minimum value to be shielded for each receiver.
+ * - transparent_receiver: `null` to represent "all receivers with shieldable funds", or a single
+ *   transparent address for which to shield funds. WARNING: Note that calling this with `null`
+ *   will leak the fact that all the addresses from which funds are drawn in the shielding
+ *   transaction belong to the same wallet *ON CHAIN*. This immutably reveals the shared ownership
+ *   of these addresses to all blockchain observers. If a caller wishes to avoid such linkability,
+ *   they should not pass `null` for this parameter; however, note that temporal correlations can
+ *   also heuristically be used to link addresses on-chain if funds from multiple addresses are
+ *   individually shielded in transactions that may be temporally clustered. Keeping transparent
+ *   activity private is very difficult; caveat emptor.
+ * - network_id: The identifier for the network in use: 0 for testnet, 1 for mainnet.
+ * - confirmations_policy: The minimum number of confirmations that are required for a UTXO to be considered
+ *   for shielding.
  *
  * # Safety
  *
@@ -1494,29 +1755,22 @@ void zcashlc_string_free(char *s);
  * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
  * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
  *   documentation of pointer::offset.
+ * - `account_uuid_bytes` must be non-null and valid for reads for 16 bytes, and it must have an alignment
+ *   of `1`.
+ * - The memory referenced by `account_uuid_bytes` must not be mutated for the duration of the
+ *   function call.
  * - `shielding_threshold` a non-negative shielding threshold amount in zatoshi
  * - Call [`zcashlc_free_boxed_slice`] to free the memory associated with the returned
  *   pointer when done using it.
  */
 struct FfiBoxedSlice *zcashlc_propose_shielding(const uint8_t *db_data,
                                                 uintptr_t db_data_len,
-                                                int32_t account,
+                                                const uint8_t *account_uuid_bytes,
                                                 const uint8_t *memo,
                                                 uint64_t shielding_threshold,
                                                 const char *transparent_receiver,
                                                 uint32_t network_id,
-                                                uint32_t min_confirmations,
-                                                bool use_zip317_fees);
-
-/**
- * Frees an array of FfiTxIds values as allocated by `zcashlc_create_proposed_transactions`.
- *
- * # Safety
- *
- * - `ptr` must be non-null and must point to a struct having the layout of [`FfiTxIds`].
- *   See the safety documentation of [`FfiTxIds`].
- */
-void zcashlc_free_txids(struct FfiTxIds *ptr);
+                                                struct ConfirmationsPolicy confirmations_policy);
 
 /**
  * Creates a transaction from the given proposal.
@@ -1528,6 +1782,14 @@ void zcashlc_free_txids(struct FfiTxIds *ptr);
  * Do not call this multiple times in parallel, or you will generate transactions that
  * double-spend the same notes.
  *
+ * # Parameters
+ * - `spend_params`: A pointer to a buffer containing the operating system path of the Sapling
+ *   spend proving parameters, in the operating system's preferred path representation.
+ * - `spend_params_len`: the length of the `spend_params` buffer.
+ * - `output_params`: A pointer to a buffer containing the operating system path of the Sapling
+ *   output proving parameters, in the operating system's preferred path representation.
+ * - `output_params_len`: the length of the `output_params` buffer.
+ *
  * # Safety
  *
  * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must
@@ -1550,94 +1812,297 @@ void zcashlc_free_txids(struct FfiTxIds *ptr);
  *   function call.
  * - The total size `usk_len` must be no larger than `isize::MAX`. See the safety
  *   documentation of `pointer::offset`.
- * - `to` must be non-null and must point to a null-terminated UTF-8 string.
- * - `memo` must either be null (indicating an empty memo or a transparent recipient) or
- *   point to a 512-byte array.
  * - `spend_params` must be non-null and valid for reads for `spend_params_len` bytes,
- *   and it must have an alignment of `1`. Its contents must be the Sapling spend proving
- *   parameters.
+ *   and it must have an alignment of `1`.
  * - The memory referenced by `spend_params` must not be mutated for the duration of the
  *   function call.
  * - The total size `spend_params_len` must be no larger than `isize::MAX`. See the safety
  *   documentation of `pointer::offset`.
  * - `output_params` must be non-null and valid for reads for `output_params_len` bytes,
- *   and it must have an alignment of `1`. Its contents must be the Sapling output
- *   proving parameters.
+ *   and it must have an alignment of `1`.
  * - The memory referenced by `output_params` must not be mutated for the duration of the
  *   function call.
  * - The total size `output_params_len` must be no larger than `isize::MAX`. See the safety
  *   documentation of pointer::offset.
  */
-struct FfiTxIds *zcashlc_create_proposed_transactions(const uint8_t *db_data,
-                                                      uintptr_t db_data_len,
-                                                      const uint8_t *proposal_ptr,
-                                                      uintptr_t proposal_len,
-                                                      const uint8_t *usk_ptr,
-                                                      uintptr_t usk_len,
-                                                      const uint8_t *spend_params,
-                                                      uintptr_t spend_params_len,
-                                                      const uint8_t *output_params,
-                                                      uintptr_t output_params_len,
-                                                      uint32_t network_id);
+FfiTxIds *zcashlc_create_proposed_transactions(const uint8_t *db_data,
+                                               uintptr_t db_data_len,
+                                               const uint8_t *proposal_ptr,
+                                               uintptr_t proposal_len,
+                                               const uint8_t *usk_ptr,
+                                               uintptr_t usk_len,
+                                               const uint8_t *spend_params,
+                                               uintptr_t spend_params_len,
+                                               const uint8_t *output_params,
+                                               uintptr_t output_params_len,
+                                               uint32_t network_id);
 
 /**
- * Sets the transaction status to the provided value.
+ * Creates a partially-constructed (unsigned without proofs) transaction from the given proposal.
+ *
+ * Returns the partially constructed transaction in the `postcard` format generated by the `pczt`
+ * crate.
+ *
+ * Do not call this multiple times in parallel, or you will generate pczt instances that, if
+ * finalized, would double-spend the same notes.
+ *
+ * # Parameters
+ * - `db_data`: A pointer to a buffer containing the operating system path of the wallet database,
+ *   in the operating system's preferred path representation.
+ * - `db_data_len`: The length of the `db_data` buffer.
+ * - `proposal_ptr`: A pointer to a buffer containing an encoded `Proposal` protobuf.
+ * - `proposal_len`: The length of the `proposal_ptr` buffer.
+ * - `account_uuid_bytes`: A pointer to the 16-byte representaion of the account UUID.
  *
  * # Safety
  *
- * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must
- *   have an alignment of `1`. Its contents must be a string representing a valid system
- *   path in the operating system's preferred representation.
- * - The memory referenced by `db_data` must not be mutated for the duration of the
- *   function call.
+ * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
  * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
- *   documentation of pointer::offset.
- * - `txid_bytes` must be non-null and valid for reads for `db_data_len` bytes, and it must have
- *   an alignment of `1`.
- * - The memory referenced by `txid_bytes_len` must not be mutated for the duration of the
+ *   documentation of `pointer::offset`.
+ * - `proposal_ptr` must be non-null and valid for reads for `proposal_len` bytes, and it
+ *   must have an alignment of `1`.
+ * - The memory referenced by `proposal_ptr` must not be mutated for the duration of the
  *   function call.
- * - The total size `txid_bytes_len` must be no larger than `isize::MAX`. See the safety
- *   documentation of pointer::offset.
+ * - The total size `proposal_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of `pointer::offset`.
+ * - `account_uuid_bytes` must be non-null and valid for reads for 16 bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `account_uuid_bytes` must not be mutated for the duration of the
+ *   function call.
+ * - Call [`zcashlc_free_boxed_slice`] to free the memory associated with the returned
+ *   pointer when done using it.
  */
-void zcashlc_set_transaction_status(const uint8_t *db_data,
-                                    uintptr_t db_data_len,
-                                    uint32_t network_id,
-                                    const uint8_t *txid_bytes,
-                                    uintptr_t txid_bytes_len,
-                                    struct FfiTransactionStatus status);
+struct FfiBoxedSlice *zcashlc_create_pczt_from_proposal(const uint8_t *db_data,
+                                                        uintptr_t db_data_len,
+                                                        uint32_t network_id,
+                                                        const uint8_t *proposal_ptr,
+                                                        uintptr_t proposal_len,
+                                                        const uint8_t *account_uuid_bytes);
 
 /**
- * Frees an array of FfiTransactionDataRequest values as allocated by `zcashlc_transaction_data_requests`.
+ * Redacts information from the given PCZT that is unnecessary for the Signer role.
+ *
+ * Returns the updated PCZT in its serialized format.
+ *
+ * # Parameters
+ * - `pczt_ptr`: A pointer to a byte array containing the encoded partially-constructed
+ *   transaction to be redacted.
+ * - `pczt_len`: The length of the `pczt_ptr` buffer.
  *
  * # Safety
  *
- * - `ptr` if `ptr` is non-null it must point to a struct having the layout of [`FfiTransactionDataRequests`].
- *   See the safety documentation of [`FfiTransactionDataRequests`].
+ * - `pczt_ptr` must be non-null and valid for reads for `pczt_len` bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `pczt_ptr` must not be mutated for the duration of the function
+ *   call.
+ * - The total size `pczt_len` must be no larger than `isize::MAX`. See the safety documentation
+ *   of `pointer::offset`.
+ * - Call [`zcashlc_free_boxed_slice`] to free the memory associated with the returned
+ *   pointer when done using it.
  */
-void zcashlc_free_transaction_data_requests(struct FfiTransactionDataRequests *ptr);
+struct FfiBoxedSlice *zcashlc_redact_pczt_for_signer(const uint8_t *pczt_ptr, uintptr_t pczt_len);
 
 /**
- * Returns a list of transaction data requests that the network client should satisfy.
+ * Returns `true` if this PCZT requires Sapling proofs (and thus the caller needs to have
+ * downloaded them). If the PCZT is invalid, `false` will be returned.
+ *
+ * # Parameters
+ * - `pczt_ptr`: A pointer to a byte array containing the encoded partially-constructed
+ *   transaction to be redacted.
+ * - `pczt_len`: The length of the `pczt_ptr` buffer.
  *
  * # Safety
  *
- * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
- *   alignment of `1`. Its contents must be a string representing a valid system path in the
- *   operating system's preferred representation.
- * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
- * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
- *   documentation of pointer::offset.
- * - Call [`zcashlc_free_transaction_data_requests`] to free the memory associated with the
- *   returned pointer when done using it.
+ * - `pczt_ptr` must be non-null and valid for reads for `pczt_len` bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `pczt_ptr` must not be mutated for the duration of the function
+ *   call.
+ * - The total size `pczt_len` must be no larger than `isize::MAX`. See the safety documentation
+ *   of `pointer::offset`.
  */
-struct FfiTransactionDataRequests *zcashlc_transaction_data_requests(const uint8_t *db_data,
-                                                                     uintptr_t db_data_len,
-                                                                     uint32_t network_id);
+bool zcashlc_pczt_requires_sapling_proofs(const uint8_t *pczt_ptr, uintptr_t pczt_len);
 
 /**
- * Creates a Tor runtime.
+ * Adds proofs to the given PCZT.
  *
- * # Safety
+ * Returns the updated PCZT in its serialized format.
+ *
+ * # Parameters
+ * - `pczt_ptr`: A pointer to a byte array containing the encoded partially-constructed
+ *   transaction for which proofs will be computed.
+ * - `pczt_len`: The length of the `pczt_ptr` buffer.
+ * - `spend_params`: A pointer to a buffer containing the operating system path of the Sapling
+ *   spend proving parameters, in the operating system's preferred path representation.
+ * - `spend_params_len`: the length of the `spend_params` buffer.
+ * - `output_params`: A pointer to a buffer containing the operating system path of the Sapling
+ *   output proving parameters, in the operating system's preferred path representation.
+ * - `output_params_len`: the length of the `output_params` buffer.
+ *
+ * # Safety
+ *
+ * - `pczt_ptr` must be non-null and valid for reads for `pczt_len` bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `pczt_ptr` must not be mutated for the duration of the function
+ *   call.
+ * - The total size `pczt_len` must be no larger than `isize::MAX`. See the safety documentation
+ *   of `pointer::offset`.
+ * - `spend_params` must be non-null and valid for reads for `spend_params_len` bytes, and it must
+ *   have an alignment of `1`.
+ * - The memory referenced by `spend_params` must not be mutated for the duration of the function
+ *   call.
+ * - The total size `spend_params_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of `pointer::offset`.
+ * - `output_params` must be non-null and valid for reads for `output_params_len` bytes, and it
+ *   must have an alignment of `1`.
+ * - The memory referenced by `output_params` must not be mutated for the duration of the function
+ *   call.
+ * - The total size `output_params_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ * - Call [`zcashlc_free_boxed_slice`] to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct FfiBoxedSlice *zcashlc_add_proofs_to_pczt(const uint8_t *pczt_ptr,
+                                                 uintptr_t pczt_len,
+                                                 const uint8_t *spend_params,
+                                                 uintptr_t spend_params_len,
+                                                 const uint8_t *output_params,
+                                                 uintptr_t output_params_len);
+
+/**
+ * Takes a PCZT that has been separately proven and signed, finalizes it, and stores it
+ * in the wallet.
+ *
+ * Returns the txid of the completed transaction as a byte array.
+ *
+ * # Parameters
+ * - `db_data`: A pointer to a buffer containing the operating system path of the wallet database,
+ *   in the operating system's preferred path representation.
+ * - `db_data_len`: The length of the `db_data` buffer.
+ * - `pczt_with_proofs`: A pointer to a byte array containing the encoded partially-constructed
+ *   transaction to which proofs have been added.
+ * - `pczt_with_proofs_len`: The length of the `pczt_with_proofs` buffer.
+ * - `pczt_with_sigs_ptr`: A pointer to a byte array containing the encoded partially-constructed
+ *   transaction to which signatures have been added.
+ * - `pczt_with_sigs_len`: The length of the `pczt_with_sigs` buffer.
+ * - `spend_params`: A pointer to a buffer containing the operating system path of the Sapling
+ *   spend proving parameters, in the operating system's preferred path representation.
+ * - `spend_params_len`: the length of the `spend_params` buffer.
+ * - `output_params`: A pointer to a buffer containing the operating system path of the Sapling
+ *   output proving parameters, in the operating system's preferred path representation.
+ * - `output_params_len`: the length of the `output_params` buffer.
+ *
+ * # Safety
+ *
+ * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
+ * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of `pointer::offset`.
+ * - `pczt_with_proofs_ptr` must be non-null and valid for reads for `pczt_with_proofs_len` bytes,
+ *   and it must have an alignment of `1`.
+ * - The memory referenced by `pczt_with_proofs_ptr` must not be mutated for the duration of the
+ *   function call.
+ * - The total size `pczt_with_proofs_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of `pointer::offset`.
+ * - `pczt_with_sigs_ptr` must be non-null and valid for reads for `pczt_with_sigs_len` bytes, and
+ *   it must have an alignment of `1`.
+ * - The memory referenced by `pczt_with_sigs_ptr` must not be mutated for the duration of the
+ *   function call.
+ * - The total size `pczt_with_sigs_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of `pointer::offset`.
+ * - `spend_params` must either be null, or it must be valid for reads for `spend_params_len` bytes
+ *   and have an alignment of `1`.
+ * - The memory referenced by `spend_params` must not be mutated for the duration of the function
+ *   call.
+ * - The total size `spend_params_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of `pointer::offset`.
+ * - `output_params` must either be null, or it must be valid for reads for `output_params_len`
+ *   bytes and have an alignment of `1`.
+ * - The memory referenced by `output_params` must not be mutated for the duration of the function
+ *   call.
+ * - The total size `output_params_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ * - Call [`zcashlc_free_boxed_slice`] to free the memory associated with the returned pointer
+ *   when done using it.
+ */
+struct FfiBoxedSlice *zcashlc_extract_and_store_from_pczt(const uint8_t *db_data,
+                                                          uintptr_t db_data_len,
+                                                          uint32_t network_id,
+                                                          const uint8_t *pczt_with_proofs_ptr,
+                                                          uintptr_t pczt_with_proofs_len,
+                                                          const uint8_t *pczt_with_sigs_ptr,
+                                                          uintptr_t pczt_with_sigs_len,
+                                                          const uint8_t *spend_params,
+                                                          uintptr_t spend_params_len,
+                                                          const uint8_t *output_params,
+                                                          uintptr_t output_params_len);
+
+/**
+ * Sets the transaction status to the provided value.
+ *
+ * # Safety
+ *
+ * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must
+ *   have an alignment of `1`. Its contents must be a string representing a valid system
+ *   path in the operating system's preferred representation.
+ * - The memory referenced by `db_data` must not be mutated for the duration of the
+ *   function call.
+ * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ * - `txid_bytes` must be non-null and valid for reads for `db_data_len` bytes, and it must have
+ *   an alignment of `1`.
+ * - The memory referenced by `txid_bytes_len` must not be mutated for the duration of the
+ *   function call.
+ * - The total size `txid_bytes_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ */
+void zcashlc_set_transaction_status(const uint8_t *db_data,
+                                    uintptr_t db_data_len,
+                                    uint32_t network_id,
+                                    const uint8_t *txid_bytes,
+                                    uintptr_t txid_bytes_len,
+                                    struct FfiTransactionStatus status);
+
+/**
+ * Returns a list of transaction data requests that the network client should satisfy.
+ *
+ * # Safety
+ *
+ * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
+ *   alignment of `1`. Its contents must be a string representing a valid system path in the
+ *   operating system's preferred representation.
+ * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
+ * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ * - Call [`zcashlc_free_transaction_data_requests`] to free the memory associated with the
+ *   returned pointer when done using it.
+ */
+struct FfiTransactionDataRequests *zcashlc_transaction_data_requests(const uint8_t *db_data,
+                                                                     uintptr_t db_data_len,
+                                                                     uint32_t network_id);
+
+/**
+ * Detects notes with corrupt witnesses, and adds the block ranges corresponding to the corrupt
+ * ranges to the scan queue so that the ordinary scanning process will re-scan these ranges to fix
+ * the corruption in question.
+ *
+ * # Safety
+ *
+ * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
+ *   alignment of `1`. Its contents must be a string representing a valid system path in the
+ *   operating system's preferred representation.
+ * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
+ * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ */
+void zcashlc_fix_witnesses(const uint8_t *db_data, uintptr_t db_data_len, uint32_t network_id);
+
+/**
+ * Creates a Tor runtime.
+ *
+ * # Safety
  *
  * - `tor_dir` must be non-null and valid for reads for `tor_dir_len` bytes, and it must
  *   have an alignment of `1`. Its contents must be a string representing a valid system
@@ -1656,10 +2121,127 @@ struct TorRuntime *zcashlc_create_tor_runtime(const uint8_t *tor_dir, uintptr_t
  *
  * # Safety
  *
- * - If `ptr` is non-null, it must point to a struct having the layout of [`TorRuntime`].
+ * - If `ptr` is non-null, it must be a pointer returned by a `zcashlc_*` method with
+ *   return type `*mut TorRuntime` that has not previously been freed.
  */
 void zcashlc_free_tor_runtime(struct TorRuntime *ptr);
 
+/**
+ * Returns a new isolated `TorRuntime` handle.
+ *
+ * The two `TorRuntime`s will share internal state and configuration, but their streams
+ * will never share circuits with one another.
+ *
+ * Use this method when you want separate parts of your program to each have a
+ * `TorRuntime` handle, but where you don't want their activities to be linkable to one
+ * another over the Tor network.
+ *
+ * Calling this method is usually preferable to creating a completely separate
+ * `TorRuntime` instance, since it can share its internals with the existing `TorRuntime`.
+ *
+ * # Safety
+ *
+ * - `tor_runtime` must be a non-null pointer returned by a `zcashlc_*` method with
+ *   return type `*mut TorRuntime` that has not previously been freed.
+ * - `tor_runtime` must not be passed to two FFI calls at the same time.
+ * - Call [`zcashlc_free_tor_runtime`] to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct TorRuntime *zcashlc_tor_isolated_client(struct TorRuntime *tor_runtime);
+
+/**
+ * Changes the client's current dormant mode, putting background tasks to sleep or waking
+ * them up as appropriate.
+ *
+ * This can be used to conserve CPU usage if you aren’t planning on using the client for
+ * a while, especially on mobile platforms.
+ *
+ * See the [`ffi::TorDormantMode`] documentation for more details.
+ *
+ * # Safety
+ *
+ * - `tor_runtime` must be a non-null pointer returned by a `zcashlc_*` method with
+ *   return type `*mut TorRuntime` that has not previously been freed.
+ * - `tor_runtime` must not be passed to two FFI calls at the same time.
+ */
+bool zcashlc_tor_set_dormant(struct TorRuntime *tor_runtime, enum TorDormantMode mode);
+
+/**
+ * Makes an HTTP GET request over Tor.
+ *
+ * `retry_limit` is the maximum number of times that a failed request should be retried.
+ * You can disable retries by setting this to 0.
+ *
+ * # Safety
+ *
+ * - `tor_runtime` must be a non-null pointer returned by a `zcashlc_*` method with
+ *   return type `*mut TorRuntime` that has not previously been freed.
+ * - `tor_runtime` must not be passed to two FFI calls at the same time.
+ * - `url` must be non-null and must point to a null-terminated UTF-8 string.
+ * - `headers` must be non-null and valid for reads for
+ *   `headers_len * size_of::<ffi::HttpRequestHeader>()` bytes, and it must be properly
+ *   aligned. This means in particular:
+ *   - The entire memory range of this slice must be contained within a single allocated
+ *     object! Slices can never span across multiple allocated objects.
+ *   - `headers` must be non-null and aligned even for zero-length slices.
+ * - `headers` must point to `headers_len` consecutive properly initialized values of
+ *   type `ffi::HttpRequestHeader`.
+ * - The memory referenced by `headers` must not be mutated for the duration of the function
+ *   call.
+ * - The total size `headers_len * size_of::<ffi::HttpRequestHeader>()` of the slice must
+ *   be no larger than `isize::MAX`, and adding that size to `headers` must not "wrap
+ *   around" the address space.  See the safety documentation of pointer::offset.
+ * - Call [`zcashlc_free_http_response_bytes`] to free the memory associated with the
+ *   returned pointer when done using it.
+ */
+struct FfiHttpResponseBytes *zcashlc_tor_http_get(struct TorRuntime *tor_runtime,
+                                                  const char *url,
+                                                  const struct FfiHttpRequestHeader *headers,
+                                                  uintptr_t headers_len,
+                                                  uint8_t retry_limit);
+
+/**
+ * Makes an HTTP POST request over Tor.
+ *
+ * `retry_limit` is the maximum number of times that a failed request should be retried.
+ * You can disable retries by setting this to 0.
+ *
+ * # Safety
+ *
+ * - `tor_runtime` must be a non-null pointer returned by a `zcashlc_*` method with
+ *   return type `*mut TorRuntime` that has not previously been freed.
+ * - `tor_runtime` must not be passed to two FFI calls at the same time.
+ * - `url` must be non-null and must point to a null-terminated UTF-8 string.
+ * - `headers` must be non-null and valid for reads for
+ *   `headers_len * size_of::<ffi::HttpRequestHeader>()` bytes, and it must be properly
+ *   aligned. This means in particular:
+ *   - The entire memory range of this slice must be contained within a single allocated
+ *     object! Slices can never span across multiple allocated objects.
+ *   - `headers` must be non-null and aligned even for zero-length slices.
+ * - `headers` must point to `headers_len` consecutive properly initialized values of
+ *   type `ffi::HttpRequestHeader`.
+ * - The memory referenced by `headers` must not be mutated for the duration of the function
+ *   call.
+ * - The total size `headers_len * size_of::<ffi::HttpRequestHeader>()` of the slice must
+ *   be no larger than `isize::MAX`, and adding that size to `headers` must not "wrap
+ *   around" the address space.  See the safety documentation of pointer::offset.
+ * - `body` must be non-null and valid for reads for `body_len` bytes, and it must have
+ *   an alignment of `1`.
+ * - The memory referenced by `body` must not be mutated for the duration of the function
+ *   call.
+ * - The total size `body_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ * - Call [`zcashlc_free_http_response_bytes`] to free the memory associated with the
+ *   returned pointer when done using it.
+ */
+struct FfiHttpResponseBytes *zcashlc_tor_http_post(struct TorRuntime *tor_runtime,
+                                                   const char *url,
+                                                   const struct FfiHttpRequestHeader *headers,
+                                                   uintptr_t headers_len,
+                                                   const uint8_t *body,
+                                                   uintptr_t body_len,
+                                                   uint8_t retry_limit);
+
 /**
  * Fetches the current ZEC-USD exchange rate over Tor.
  *
@@ -1670,8 +2252,688 @@ void zcashlc_free_tor_runtime(struct TorRuntime *ptr);
  *
  * # Safety
  *
- * - `tor_runtime` must be non-null and point to a struct having the layout of
- *   [`TorRuntime`].
+ * - `tor_runtime` must be a non-null pointer returned by a `zcashlc_*` method with
+ *   return type `*mut TorRuntime` that has not previously been freed.
  * - `tor_runtime` must not be passed to two FFI calls at the same time.
  */
 struct Decimal zcashlc_get_exchange_rate_usd(struct TorRuntime *tor_runtime);
+
+/**
+ * Connects to the lightwalletd server at the given endpoint.
+ *
+ * Each connection returned by this method is isolated from any other Tor usage.
+ *
+ * # Safety
+ *
+ * - `tor_runtime` must be a non-null pointer returned by a `zcashlc_*` method with
+ *   return type `*mut TorRuntime` that has not previously been freed.
+ * - `tor_runtime` must not be passed to two FFI calls at the same time.
+ * - `endpoint` must be non-null and must point to a null-terminated UTF-8 string.
+ * - Call [`zcashlc_free_tor_lwd_conn`] to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct LwdConn *zcashlc_tor_connect_to_lightwalletd(struct TorRuntime *tor_runtime,
+                                                    const char *endpoint);
+
+/**
+ * Frees a Tor lightwalletd connection.
+ *
+ * # Safety
+ *
+ * - If `ptr` is non-null, it must be a pointer returned by a `zcashlc_*` method with
+ *   return type `*mut tor::LwdConn` that has not previously been freed.
+ */
+void zcashlc_free_tor_lwd_conn(struct LwdConn *ptr);
+
+/**
+ * Returns information about this lightwalletd instance and the blockchain.
+ *
+ * # Safety
+ *
+ * - `lwd_conn` must be a non-null pointer returned by a `zcashlc_*` method with
+ *   return type `*mut tor::LwdConn` that has not previously been freed.
+ * - `lwd_conn` must not be passed to two FFI calls at the same time.
+ * - Call [`zcashlc_free_boxed_slice`] to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct FfiBoxedSlice *zcashlc_tor_lwd_conn_get_info(struct LwdConn *lwd_conn);
+
+/**
+ * Fetches the height and hash of the block at the tip of the best chain.
+ *
+ * # Safety
+ *
+ * - `lwd_conn` must be a non-null pointer returned by a `zcashlc_*` method with
+ *   return type `*mut tor::LwdConn` that has not previously been freed.
+ * - `lwd_conn` must not be passed to two FFI calls at the same time.
+ * - `height_ret` must be non-null and valid for writes for 4 bytes, and it must have an
+ *   alignment of `1`.
+ * - Call [`zcashlc_free_boxed_slice`] to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct FfiBoxedSlice *zcashlc_tor_lwd_conn_latest_block(struct LwdConn *lwd_conn,
+                                                        uint32_t *height_ret);
+
+/**
+ * Fetches the transaction with the given ID.
+ *
+ * # Safety
+ *
+ * - `lwd_conn` must be a non-null pointer returned by a `zcashlc_*` method with
+ *   return type `*mut tor::LwdConn` that has not previously been freed.
+ * - `lwd_conn` must not be passed to two FFI calls at the same time.
+ * - `txid_bytes` must be non-null and valid for reads for 32 bytes, and it must have an
+ *   alignment of `1`.
+ * - `height_ret` must be non-null and valid for writes for 8 bytes, and it must have an
+ *   alignment of `1`.
+ * - Call [`zcashlc_free_boxed_slice`] to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct FfiBoxedSlice *zcashlc_tor_lwd_conn_fetch_transaction(struct LwdConn *lwd_conn,
+                                                             const uint8_t *txid_bytes,
+                                                             uint64_t *height_ret);
+
+/**
+ * Submits a transaction to the Zcash network via the given lightwalletd connection.
+ *
+ * # Safety
+ *
+ * - `lwd_conn` must be a non-null pointer returned by a `zcashlc_*` method with
+ *   return type `*mut tor::LwdConn` that has not previously been freed.
+ * - `lwd_conn` must not be passed to two FFI calls at the same time.
+ * - `tx` must be non-null and valid for reads for `tx_len` bytes, and it must have an
+ *   alignment of `1`.
+ * - The memory referenced by `tx` must not be mutated for the duration of the function call.
+ * - The total size `tx_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ */
+bool zcashlc_tor_lwd_conn_submit_transaction(struct LwdConn *lwd_conn,
+                                             const uint8_t *tx,
+                                             uintptr_t tx_len);
+
+/**
+ * Fetches the note commitment tree state corresponding to the given block height.
+ *
+ * # Safety
+ *
+ * - `lwd_conn` must be a non-null pointer returned by a `zcashlc_*` method with
+ *   return type `*mut tor::LwdConn` that has not previously been freed.
+ * - `lwd_conn` must not be passed to two FFI calls at the same time.
+ * - Call [`zcashlc_free_boxed_slice`] to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct FfiBoxedSlice *zcashlc_tor_lwd_conn_get_tree_state(struct LwdConn *lwd_conn,
+                                                          uint32_t height);
+
+/**
+ * Finds all transactions associated with the given transparent address within the given block
+ * range, and calls [`decrypt_and_store_transaction`] with each such transaction.
+ *
+ * The query to the light wallet server will cover the provided block range. The end height is
+ * optional; to omit the end height for the query range use the sentinel value `-1`. If any other
+ * value is specified, it must be in the range of a valid u32. Note that older versions of
+ * `lightwalletd` will return an error if the end height is not specified.
+ *
+ * Returns an [`ffi::AddressCheckResult`] if successful, or a null pointer in the case of an
+ * error.
+ *
+ * # Safety
+ *
+ * - `lwd_conn` must be a non-null pointer returned by a `zcashlc_*` method with
+ *   return type `*mut tor::LwdConn` that has not previously been freed.
+ * - `lwd_conn` must not be passed to two FFI calls at the same time.
+ * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
+ *   alignment of `1`. Its contents must be a string representing a valid system path in the
+ *   operating system's preferred representation.
+ * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
+ * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ * - Call [`zcashlc_free_address_check_result`] to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct FfiAddressCheckResult *zcashlc_tor_lwd_conn_update_transparent_address_transactions(struct LwdConn *lwd_conn,
+                                                                                           const uint8_t *db_data,
+                                                                                           uintptr_t db_data_len,
+                                                                                           uint32_t network_id,
+                                                                                           const char *address,
+                                                                                           uint32_t start,
+                                                                                           int64_t end);
+
+/**
+ * Checks to find any UTXOs associated with the given transparent address.
+ *
+ * This check will cover the block range starting at the exposure height for that address, if
+ * known, or otherwise at the birthday height of the specified account.
+ *
+ * Returns an [`ffi::AddressCheckResult`] if successful, or a null pointer in the case of an
+ * error.
+ *
+ * # Safety
+ *
+ * - `lwd_conn` must be a non-null pointer returned by a `zcashlc_*` method with
+ *   return type `*mut tor::LwdConn` that has not previously been freed.
+ * - `lwd_conn` must not be passed to two FFI calls at the same time.
+ * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
+ *   alignment of `1`. Its contents must be a string representing a valid system path in the
+ *   operating system's preferred representation.
+ * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
+ * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ * - Call [`zcashlc_free_address_check_result`] to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct FfiAddressCheckResult *zcashlc_tor_lwd_conn_fetch_utxos_by_address(struct LwdConn *lwd_conn,
+                                                                          const uint8_t *db_data,
+                                                                          uintptr_t db_data_len,
+                                                                          uint32_t network_id,
+                                                                          const uint8_t *account_uuid_bytes,
+                                                                          const char *address);
+
+/**
+ * Checks to find any single-use ephemeral addresses exposed in the past day that have not yet
+ * received funds, excluding any whose next check time is in the future. This will then choose the
+ * address that is most overdue for checking, retrieve any UTXOs for that address over Tor, and
+ * add them to the wallet database. If no such UTXOs are found, the check will be rescheduled
+ * following an expoential-backoff-with-jitter algorithm.
+ *
+ * Returns an [`ffi::AddressCheckResult`] if successful, or a null pointer in the case of an
+ * error.
+ *
+ * # Safety
+ *
+ * - `lwd_conn` must be a non-null pointer returned by a `zcashlc_*` method with
+ *   return type `*mut tor::LwdConn` that has not previously been freed.
+ * - `lwd_conn` must not be passed to two FFI calls at the same time.
+ * - `db_data` must be non-null and valid for reads for `db_data_len` bytes, and it must have an
+ *   alignment of `1`. Its contents must be a string representing a valid system path in the
+ *   operating system's preferred representation.
+ * - The memory referenced by `db_data` must not be mutated for the duration of the function call.
+ * - The total size `db_data_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of pointer::offset.
+ * - Call [`zcashlc_free_address_check_result`] to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct FfiAddressCheckResult *zcashlc_tor_lwd_conn_check_single_use_taddr(struct LwdConn *lwd_conn,
+                                                                          const uint8_t *db_data,
+                                                                          uintptr_t db_data_len,
+                                                                          uint32_t network_id,
+                                                                          const uint8_t *account_uuid_bytes);
+
+/**
+ * Returns the network type and address kind for the given address string,
+ * if the address is a valid Zcash address.
+ *
+ * Address kind codes are as follows:
+ * * p2pkh: 0
+ * * p2sh: 1
+ * * sapling: 2
+ * * unified: 3
+ * * tex: 4
+ *
+ * # Safety
+ *
+ * - `address` must be non-null and must point to a null-terminated UTF-8 string.
+ * - The memory referenced by `address` must not be mutated for the duration of the function call.
+ */
+bool zcashlc_get_address_metadata(const char *address,
+                                  uint32_t *network_id_ret,
+                                  uint32_t *addr_kind_ret);
+
+/**
+ * Extracts the typecodes of the receivers within the given Unified Address.
+ *
+ * Returns a pointer to a slice of typecodes. `len_ret` is set to the length of the
+ * slice.
+ *
+ * See the following sections of ZIP 316 for details on how to interpret typecodes:
+ * - [List of known typecodes](https://zips.z.cash/zip-0316#encoding-of-unified-addresses)
+ * - [Adding new types](https://zips.z.cash/zip-0316#adding-new-types)
+ * - [Metadata Items](https://zips.z.cash/zip-0316#metadata-items)
+ *
+ * # Safety
+ *
+ * - `ua` must be non-null and must point to a null-terminated UTF-8 string.
+ * - The memory referenced by `ua` must not be mutated for the duration of the function call.
+ * - Call [`zcashlc_free_typecodes`] to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+uint32_t *zcashlc_get_typecodes_for_unified_address_receivers(const char *ua, uintptr_t *len_ret);
+
+/**
+ * Frees a list of typecodes previously obtained from the FFI.
+ *
+ * # Safety
+ *
+ * - `data` and `len` must have been obtained from
+ *   [`zcashlc_get_typecodes_for_unified_address_receivers`].
+ */
+void zcashlc_free_typecodes(uint32_t *data, uintptr_t len);
+
+/**
+ * Returns true when the provided key decodes to a valid Sapling extended spending key for the
+ * specified network, false in any other case.
+ *
+ * # Safety
+ *
+ * - `extsk` must be non-null and must point to a null-terminated UTF-8 string.
+ * - The memory referenced by `extsk` must not be mutated for the duration of the function call.
+ */
+bool zcashlc_is_valid_sapling_extended_spending_key(const char *extsk, uint32_t network_id);
+
+/**
+ * Returns true when the provided key decodes to a valid Sapling extended full viewing key for the
+ * specified network, false in any other case.
+ *
+ * # Safety
+ *
+ * - `key` must be non-null and must point to a null-terminated UTF-8 string.
+ * - The memory referenced by `key` must not be mutated for the duration of the function call.
+ */
+bool zcashlc_is_valid_viewing_key(const char *key, uint32_t network_id);
+
+/**
+ * Returns true when the provided key decodes to a valid unified full viewing key for the
+ * specified network, false in any other case.
+ *
+ * # Safety
+ *
+ * - `ufvk` must be non-null and must point to a null-terminated UTF-8 string.
+ * - The memory referenced by `ufvk` must not be mutated for the duration of the
+ *   function call.
+ */
+bool zcashlc_is_valid_unified_full_viewing_key(const char *ufvk, uint32_t network_id);
+
+/**
+ * Derives and returns a unified spending key from the given seed for the given account ID.
+ *
+ * Returns the binary encoding of the spending key. The caller should manage the memory of (and
+ * store, if necessary) the returned spending key in a secure fashion.
+ *
+ * # Safety
+ *
+ * - `seed` must be non-null and valid for reads for `seed_len` bytes.
+ * - The memory referenced by `seed` must not be mutated for the duration of the function call.
+ * - The total size `seed_len` must be no larger than `isize::MAX`. See the safety documentation
+ *   of `pointer::offset`.
+ * - Call `zcashlc_free_binary_key` to free the memory associated with the returned pointer when
+ *   you are finished using it.
+ */
+struct FfiBoxedSlice *zcashlc_derive_spending_key(const uint8_t *seed,
+                                                  uintptr_t seed_len,
+                                                  int32_t hd_account_index,
+                                                  uint32_t network_id);
+
+/**
+ * Obtains the unified full viewing key for the given binary-encoded unified spending key
+ * and returns the resulting encoded UFVK string. `usk_ptr` should point to an array of `usk_len`
+ * bytes containing a unified spending key encoded as returned from the `zcashlc_create_account`
+ * or `zcashlc_derive_spending_key` functions.
+ *
+ * # Safety
+ *
+ * - `usk_ptr` must be non-null and must point to an array of `usk_len` bytes.
+ * - The memory referenced by `usk_ptr` must not be mutated for the duration of the function call.
+ * - The total size `usk_len` must be no larger than `isize::MAX`. See the safety documentation
+ *   of `pointer::offset`.
+ * - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
+ *   when you are done using it.
+ */
+char *zcashlc_spending_key_to_full_viewing_key(const uint8_t *usk_ptr,
+                                               uintptr_t usk_len,
+                                               uint32_t network_id);
+
+/**
+ * Derives a unified address address for the provided UFVK, along with the diversifier at which it
+ * was derived; this may not be equal to the provided diversifier index if no valid Sapling
+ * address could be derived at that index. If the `diversifier_index_bytes` parameter is null, the
+ * default address for the UFVK is returned.
+ *
+ * # Safety
+ *
+ * - `ufvk` must be non-null and must point to a null-terminated UTF-8 string.
+ * - `diversifier_index_bytes must either be null or be valid for reads for 11 bytes and have an
+ *   alignment of `1`.
+ * - Call [`zcashlc_free_ffi_address`] to free the memory associated with the returned pointer
+ *   when done using it.
+ */
+struct FfiAddress *zcashlc_derive_address_from_ufvk(uint32_t network_id,
+                                                    const char *ufvk,
+                                                    const uint8_t *diversifier_index_bytes);
+
+/**
+ * Derives a unified address address for the provided UIVK, along with the diversifier at which it
+ * was derived; this may not be equal to the provided diversifier index if no valid Sapling
+ * address could be derived at that index. If the `diversifier_index_bytes` parameter is null, the
+ * default address for the UIVK is returned.
+ *
+ * # Safety
+ *
+ * - `uivk` must be non-null and must point to a null-terminated UTF-8 string.
+ * - `diversifier_index_bytes must either be null or be valid for reads for 11 bytes and have an
+ *   alignment of `1`.
+ * - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
+ *   when done using it.
+ */
+struct FfiAddress *zcashlc_derive_address_from_uivk(uint32_t network_id,
+                                                    const char *uivk,
+                                                    const uint8_t *diversifier_index_bytes);
+
+/**
+ * Returns the transparent receiver within the given Unified Address, if any.
+ *
+ * # Safety
+ *
+ * - `ua` must be non-null and must point to a null-terminated UTF-8 string.
+ * - The memory referenced by `ua` must not be mutated for the duration of the function call.
+ * - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
+ *   when done using it.
+ */
+char *zcashlc_get_transparent_receiver_for_unified_address(const char *ua);
+
+/**
+ * Returns the Sapling receiver within the given Unified Address, if any.
+ *
+ * # Safety
+ *
+ * - `ua` must be non-null and must point to a null-terminated UTF-8 string.
+ * - The memory referenced by `ua` must not be mutated for the duration of the function call.
+ * - Call [`zcashlc_string_free`] to free the memory associated with the returned pointer
+ *   when done using it.
+ */
+char *zcashlc_get_sapling_receiver_for_unified_address(const char *ua);
+
+/**
+ * Constructs an ffi::AccountMetadataKey from its parts.
+ *
+ * # Safety
+ *
+ * - `sk` must be non-null and valid for reads for 32 bytes, and it must have an alignment of `1`.
+ * - The memory referenced by `sk` must not be mutated for the duration of the function call.
+ * - `chain_code` must be non-null and valid for reads for 32 bytes, and it must have an alignment
+ *   of `1`.
+ * - The memory referenced by `chain_code` must not be mutated for the duration of the function
+ *   call.
+ * - Call [`zcashlc_free_account_metadata_key`] to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct FfiAccountMetadataKey *zcashlc_account_metadata_key_from_parts(const uint8_t *sk,
+                                                                      const uint8_t *chain_code);
+
+/**
+ * Derives a ZIP 325 Account Metadata Key from the given seed.
+ *
+ * # Safety
+ *
+ * - `seed` must be non-null and valid for reads for `seed_len` bytes.
+ * - The memory referenced by `seed` must not be mutated for the duration of the function call.
+ * - The total size `seed_len` must be no larger than `isize::MAX`. See the safety documentation
+ *   of `pointer::offset`.
+ * - Call [`zcashlc_free_account_metadata_key`] to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct FfiAccountMetadataKey *zcashlc_derive_account_metadata_key(const uint8_t *seed,
+                                                                  uintptr_t seed_len,
+                                                                  int32_t account,
+                                                                  uint32_t network_id);
+
+/**
+ * Derives a metadata key for private use from a ZIP 325 Account Metadata Key.
+ *
+ * - `ufvk` is the external UFVK for which a metadata key is required, or `null` if the
+ *   metadata key is "inherent" (for the same account as the Account Metadata Key).
+ * - `private_use_subject` is a globally unique non-empty sequence of at most 252 bytes
+ *   that identifies the desired private-use context.
+ *
+ * If `ufvk` is null, this function will return a single 32-byte metadata key.
+ *
+ * If `ufvk` is non-null, this function will return one metadata key for every FVK item
+ * contained within the UFVK, in preference order. As UFVKs may in general change over
+ * time (due to the inclusion of new higher-preference FVK items, or removal of older
+ * deprecated FVK items), private usage of these keys should always follow preference
+ * order:
+ * - For encryption-like private usage, the first key in the array should always be
+ *   used, and all other keys ignored.
+ * - For decryption-like private usage, each key in the array should be tried in turn
+ *   until metadata can be recovered, and then the metadata should be re-encrypted
+ *   under the first key.
+ *
+ * # Safety
+ *
+ * - `account_metadata_key` must be non-null and must point to a struct having the layout
+ *   of [`ffi::AccountMetadataKey`].
+ * - The memory referenced by `account_metadata_key` must not be mutated for the duration
+ *   of the function call.
+ * - If `ufvk` is non-null, it must point to a null-terminated UTF-8 string.
+ * - `private_use_subject` must be non-null and valid for reads for `private_use_subject_len`
+ *   bytes.
+ * - The memory referenced by `private_use_subject` must not be mutated for the duration
+ *   of the function call.
+ * - The total size `private_use_subject_len` must be no larger than `isize::MAX`. See
+ *   the safety documentation of `pointer::offset`.
+ * - Call `zcashlc_free_symmetric_keys` to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct FfiSymmetricKeys *zcashlc_derive_private_use_metadata_key(const struct FfiAccountMetadataKey *account_metadata_key,
+                                                                 const char *ufvk,
+                                                                 const uint8_t *private_use_subject,
+                                                                 uintptr_t private_use_subject_len,
+                                                                 uint32_t network_id);
+
+/**
+ * Derives and returns a ZIP 32 Arbitrary Key from the given seed at the "wallet level", i.e.
+ * directly from the seed with no ZIP 32 path applied.
+ *
+ * The resulting key will be the same across all networks (Zcash mainnet, Zcash testnet, OtherCoin
+ * mainnet, and so on). You can think of it as a context-specific seed fingerprint that can be used
+ * as (static) key material.
+ *
+ * `context_string` is a globally-unique non-empty sequence of at most 252 bytes that identifies
+ * the desired context.
+ *
+ * # Safety
+ *
+ * - `context_string` must be non-null and valid for reads for `context_string_len` bytes.
+ * - The memory referenced by `context_string` must not be mutated for the duration of the function
+ *   call.
+ * - The total size `context_string_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of `pointer::offset`.
+ * - `seed` must be non-null and valid for reads for `seed_len` bytes.
+ * - The memory referenced by `seed` must not be mutated for the duration of the function call.
+ * - The total size `seed_len` must be no larger than `isize::MAX`. See the safety documentation
+ *   of `pointer::offset`.
+ * - Call `zcashlc_free_boxed_slice` to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct FfiBoxedSlice *zcashlc_derive_arbitrary_wallet_key(const uint8_t *context_string,
+                                                          uintptr_t context_string_len,
+                                                          const uint8_t *seed,
+                                                          uintptr_t seed_len);
+
+/**
+ * Derives and returns a ZIP 32 Arbitrary Key from the given seed at the account level.
+ *
+ * `context_string` is a globally-unique non-empty sequence of at most 252 bytes that identifies
+ * the desired context.
+ *
+ * # Safety
+ *
+ * - `context_string` must be non-null and valid for reads for `context_string_len` bytes.
+ * - The memory referenced by `context_string` must not be mutated for the duration of the function
+ *   call.
+ * - The total size `context_string_len` must be no larger than `isize::MAX`. See the safety
+ *   documentation of `pointer::offset`.
+ * - `seed` must be non-null and valid for reads for `seed_len` bytes`.
+ * - The memory referenced by `seed` must not be mutated for the duration of the function call.
+ * - The total size `seed_len` must be no larger than `isize::MAX`. See the safety documentation
+ *   of `pointer::offset`.
+ * - Call `zcashlc_free_boxed_slice` to free the memory associated with the returned
+ *   pointer when done using it.
+ */
+struct FfiBoxedSlice *zcashlc_derive_arbitrary_account_key(const uint8_t *context_string,
+                                                           uintptr_t context_string_len,
+                                                           const uint8_t *seed,
+                                                           uintptr_t seed_len,
+                                                           int32_t account,
+                                                           uint32_t network_id);
+
+/**
+ * Frees an [`Account`] value
+ *
+ * # Safety
+ *
+ * - `ptr` must be non-null and must point to a struct having the layout of [`Account`].
+ */
+void zcashlc_free_account(struct FfiAccount *ptr);
+
+/**
+ * Frees a [`Uuid`] value
+ *
+ * # Safety
+ *
+ * - `ptr` must be non-null and must point to a struct having the layout of [`Uuid`].
+ */
+void zcashlc_free_ffi_uuid(struct FfiUuid *ptr);
+
+/**
+ * Frees an array of [`Uuid`] values as allocated by `zcashlc_list_accounts`.
+ *
+ * # Safety
+ *
+ * - `ptr` must be non-null and must point to a struct having the layout of [`Accounts`].
+ *   See the safety documentation of [`Accounts`].
+ */
+void zcashlc_free_accounts(struct FfiAccounts *ptr);
+
+/**
+ * Frees a [`BinaryKey`] value
+ *
+ * # Safety
+ *
+ * - `ptr` must be non-null and must point to a struct having the layout of [`BinaryKey`].
+ *   See the safety documentation of [`BinaryKey`].
+ */
+void zcashlc_free_binary_key(struct FFIBinaryKey *ptr);
+
+/**
+ * Frees an array of [`EncodedKey`] values as allocated by `zcashlc_list_transparent_receivers`.
+ *
+ * # Safety
+ *
+ * - `ptr` must be non-null and must point to a struct having the layout of [`EncodedKeys`].
+ *   See the safety documentation of [`EncodedKeys`].
+ */
+void zcashlc_free_keys(struct FFIEncodedKeys *ptr);
+
+/**
+ * Frees an [`WalletSummary`] value.
+ *
+ * # Safety
+ *
+ * - `ptr` must be non-null and must point to a struct having the layout of [`WalletSummary`].
+ *   See the safety documentation of [`WalletSummary`].
+ */
+void zcashlc_free_wallet_summary(struct FfiWalletSummary *ptr);
+
+/**
+ * Frees an array of [`ScanRange`] values as allocated by `zcashlc_suggest_scan_ranges`.
+ *
+ * # Safety
+ *
+ * - `ptr` must be non-null and must point to a struct having the layout of [`ScanRanges`].
+ *   See the safety documentation of [`ScanRanges`].
+ */
+void zcashlc_free_scan_ranges(struct FfiScanRanges *ptr);
+
+/**
+ * Frees a [`ScanSummary`] value.
+ *
+ * # Safety
+ *
+ * - `ptr` must be non-null and must point to a struct having the layout of [`ScanSummary`].
+ */
+void zcashlc_free_scan_summary(struct FfiScanSummary *ptr);
+
+/**
+ * Frees a [`BoxedSlice`].
+ *
+ * # Safety
+ *
+ * - `ptr` must be non-null and must point to a struct having the layout of
+ *   [`BoxedSlice`]. See the safety documentation of [`BoxedSlice`].
+ */
+void zcashlc_free_boxed_slice(struct FfiBoxedSlice *ptr);
+
+/**
+ * Frees an array of `[u8; 32]` values.
+ *
+ * # Safety
+ *
+ * - `ptr` must be non-null and must point to a struct having the layout of
+ *   [`SymmetricKeys`]. See the safety documentation of [`SymmetricKeys`].
+ */
+void zcashlc_free_symmetric_keys(struct FfiSymmetricKeys *ptr);
+
+/**
+ * Frees an array of `[u8; 32]` values as allocated by `zcashlc_create_proposed_transactions`.
+ *
+ * # Safety
+ *
+ * - `ptr` must be non-null and must point to a struct having the layout of [`TxIds`].
+ *   See the safety documentation of [`TxIds`].
+ */
+void zcashlc_free_txids(FfiTxIds *ptr);
+
+/**
+ * Frees an array of [`TransactionDataRequest`] values as allocated by `zcashlc_transaction_data_requests`.
+ *
+ * # Safety
+ *
+ * - `ptr` if `ptr` is non-null it must point to a struct having the layout of [`TransactionDataRequests`].
+ *   See the safety documentation of [`TransactionDataRequests`].
+ */
+void zcashlc_free_transaction_data_requests(struct FfiTransactionDataRequests *ptr);
+
+/**
+ * Frees an [`Address`] value
+ *
+ * # Safety
+ *
+ * - `ptr` must be non-null and must point to a struct having the layout of [`Address`].
+ */
+void zcashlc_free_ffi_address(struct FfiAddress *ptr);
+
+/**
+ * Frees an AccountMetadataKey value
+ *
+ * # Safety
+ *
+ * - `ptr` must either be null or point to a struct having the layout of [`AccountMetadataKey`].
+ */
+void zcashlc_free_account_metadata_key(struct FfiAccountMetadataKey *ptr);
+
+/**
+ * Frees an HttpResponseBytes value
+ *
+ * # Safety
+ *
+ * - `ptr` must either be null or point to a struct having the layout of [`HttpResponseBytes`].
+ */
+void zcashlc_free_http_response_bytes(struct FfiHttpResponseBytes *ptr);
+
+/**
+ * Frees an [`SingleUseTaddr`] value.
+ *
+ * # Safety
+ *
+ * - `ptr` must be non-null and must point to a struct having the layout of [`SingleUseTaddr`].
+ */
+void zcashlc_free_single_use_taddr(struct FfiSingleUseTaddr *ptr);
+
+/**
+ * Frees an [`AddressCheckResult`] value.
+ *
+ * # Safety
+ *
+ * - `ptr` must be non-null and must point to a struct having the layout of [`AddressCheckResult`].
+ */
+void zcashlc_free_address_check_result(struct FfiAddressCheckResult *ptr);