@aptos-labs/ts-sdk 1.15.0-win.2 → 1.16.0-zeta.0

package/src/account/KeylessAccount.ts

@@ -0,0 +1,366 @@
+// Copyright © Aptos Foundation
+// SPDX-License-Identifier: Apache-2.0
+
+import { JwtPayload, jwtDecode } from "jwt-decode";
+import { JwksClient } from "jwks-rsa";
+import EventEmitter from "eventemitter3";
+import { EphemeralCertificateVariant, HexInput, SigningScheme } from "../types";
+import { AccountAddress } from "../core/accountAddress";
+import {
+  AnyPublicKey,
+  AnySignature,
+  KeylessPublicKey,
+  KeylessSignature,
+  EphemeralCertificate,
+  Signature,
+  ZeroKnowledgeSig,
+  ZkProof,
+} from "../core/crypto";
+
+import { Account } from "./Account";
+import { EphemeralKeyPair } from "./EphemeralKeyPair";
+import { Hex } from "../core/hex";
+import { AccountAuthenticatorSingleKey } from "../transactions/authenticator/account";
+import { Deserializer, Serializable, Serializer } from "../bcs";
+import {
+  deriveTransactionType,
+  generateSigningMessageForBcsCryptoHashable,
+} from "../transactions/transactionBuilder/signingMessage";
+import { AnyRawTransaction, AnyRawTransactionInstance } from "../transactions/types";
+import { AptosApiError } from "../client/types";
+import { AptsoDomainSeparator, CryptoHashable } from "../bcs/cryptoHasher";
+import { base64UrlDecode } from "../utils/helpers";
+
+export const IssuerToJwkEndpoint: Record<string, string> = {
+  "https://accounts.google.com": "https://www.googleapis.com/oauth2/v3/certs",
+};
+
+export enum KeylessErrorType {
+  JWK_EXPIRED,
+  EPK_EXPIRED,
+  PROOF_NOT_FOUND,
+  UNKNOWN_INVALID_SIGNATURE,
+  UNKNOWN,
+}
+export class KeylessError extends Error {
+  readonly type: KeylessErrorType;
+
+  constructor(type: KeylessErrorType) {
+    super();
+    this.type = type;
+  }
+
+  static async fromAptosApiError(error: AptosApiError, signer: KeylessAccount): Promise<KeylessError> {
+    if (!error.data.message.includes("INVALID_SIGNATURE")) {
+      return new KeylessError(KeylessErrorType.UNKNOWN);
+    }
+    if (signer.isExpired()) {
+      return new KeylessError(KeylessErrorType.EPK_EXPIRED);
+    }
+    if (!(await signer.checkJwkValidity())) {
+      return new KeylessError(KeylessErrorType.JWK_EXPIRED);
+    }
+    return new KeylessError(KeylessErrorType.UNKNOWN_INVALID_SIGNATURE);
+  }
+}
+
+export class KeylessAccount extends Serializable implements Account {
+  static readonly PEPPER_LENGTH: number = 31;
+
+  readonly publicKey: KeylessPublicKey;
+
+  readonly ephemeralKeyPair: EphemeralKeyPair;
+
+  readonly uidKey: string;
+
+  readonly uidVal: string;
+
+  readonly aud: string;
+
+  readonly pepper: Uint8Array;
+
+  readonly accountAddress: AccountAddress;
+
+  proof: ZeroKnowledgeSig | undefined;
+
+  readonly proofOrPromise: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>;
+
+  readonly signingScheme: SigningScheme;
+
+  private jwt: string;
+
+  private isJwtValid: boolean;
+
+  readonly emitter: EventEmitter<ProofFetchEvents>;
+
+  constructor(args: {
+    address?: AccountAddress;
+    ephemeralKeyPair: EphemeralKeyPair;
+    iss: string;
+    uidKey: string;
+    uidVal: string;
+    aud: string;
+    pepper: HexInput;
+    proofOrFetcher: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>;
+    proofFetchCallback?: ProofFetchCallback;
+    jwt: string;
+  }) {
+    super();
+    const { address, ephemeralKeyPair, uidKey, uidVal, aud, pepper, proofOrFetcher, proofFetchCallback, jwt } = args;
+    this.ephemeralKeyPair = ephemeralKeyPair;
+    this.publicKey = KeylessPublicKey.create(args);
+    this.accountAddress = address ? AccountAddress.from(address) : this.publicKey.authKey().derivedAddress();
+    this.uidKey = uidKey;
+    this.uidVal = uidVal;
+    this.aud = aud;
+    this.jwt = jwt;
+    this.emitter = new EventEmitter<ProofFetchEvents>();
+    this.proofOrPromise = proofOrFetcher;
+    if (proofOrFetcher instanceof ZeroKnowledgeSig) {
+      this.proof = proofOrFetcher;
+    } else {
+      if (proofFetchCallback === undefined) {
+        throw new Error("Must provide callback for async proof fetch");
+      }
+      this.emitter.on("proofFetchFinish", async (status) => {
+        await proofFetchCallback(status);
+        this.emitter.removeAllListeners();
+      });
+      this.init(proofOrFetcher);
+    }
+    this.signingScheme = SigningScheme.SingleKey;
+    const pepperBytes = Hex.fromHexInput(pepper).toUint8Array();
+    if (pepperBytes.length !== KeylessAccount.PEPPER_LENGTH) {
+      throw new Error(`Pepper length in bytes should be ${KeylessAccount.PEPPER_LENGTH}`);
+    }
+    this.pepper = pepperBytes;
+    this.isJwtValid = true;
+  }
+
+  /**
+   * This initializes the asyncronous proof fetch
+   * @return
+   */
+  async init(promise: Promise<ZeroKnowledgeSig>) {
+    try {
+      this.proof = await promise;
+      this.emitter.emit("proofFetchFinish", { status: "Success" });
+    } catch (error) {
+      if (error instanceof Error) {
+        this.emitter.emit("proofFetchFinish", { status: "Failed", error: error.toString() });
+      } else {
+        this.emitter.emit("proofFetchFinish", { status: "Failed", error: "Unknown" });
+      }
+    }
+  }
+
+  serialize(serializer: Serializer): void {
+    serializer.serializeStr(this.jwt);
+    serializer.serializeStr(this.uidKey);
+    serializer.serializeFixedBytes(this.pepper);
+    this.ephemeralKeyPair.serialize(serializer);
+    if (this.proof === undefined) {
+      throw new Error("Connot serialize - proof undefined");
+    }
+    this.proof.serialize(serializer);
+  }
+
+  static deserialize(deserializer: Deserializer): KeylessAccount {
+    const jwt = deserializer.deserializeStr();
+    const uidKey = deserializer.deserializeStr();
+    const pepper = deserializer.deserializeFixedBytes(31);
+    const ephemeralKeyPair = EphemeralKeyPair.deserialize(deserializer);
+    const proof = ZeroKnowledgeSig.deserialize(deserializer);
+    return KeylessAccount.fromJWTAndProof({
+      proof,
+      pepper,
+      uidKey,
+      jwt,
+      ephemeralKeyPair,
+    });
+  }
+
+  /**
+   * Checks if the proof is expired.  If so the account must be rederived with a new EphemeralKeyPair
+   * and JWT token.
+   * @return boolean
+   */
+  isExpired(): boolean {
+    return this.ephemeralKeyPair.isExpired();
+  }
+
+  /**
+   * Checks if the the JWK used to verify the token still exists on the issuer's JWK uri.
+   * Caches the result.
+   * @return boolean
+   */
+  async checkJwkValidity(): Promise<boolean> {
+    if (!this.isJwtValid) {
+      return false;
+    }
+    const jwtHeader = jwtDecode(this.jwt, { header: true });
+    const client = new JwksClient({
+      jwksUri: IssuerToJwkEndpoint[this.publicKey.iss],
+    });
+    try {
+      await client.getSigningKey(jwtHeader.kid);
+      return true;
+    } catch (error) {
+      this.isJwtValid = false;
+      return false;
+    }
+  }
+
+  /**
+   * Sign a message using Keyless.
+   * @param message the message to sign, as binary input
+   * @return the AccountAuthenticator containing the signature, together with the account's public key
+   */
+  signWithAuthenticator(message: HexInput): AccountAuthenticatorSingleKey {
+    const signature = new AnySignature(this.sign(message));
+    const publicKey = new AnyPublicKey(this.publicKey);
+    return new AccountAuthenticatorSingleKey(publicKey, signature);
+  }
+
+  /**
+   * Sign a transaction using Keyless.
+   * @param transaction the raw transaction
+   * @return the AccountAuthenticator containing the signature of the transaction, together with the account's public key
+   */
+  signTransactionWithAuthenticator(transaction: AnyRawTransaction): AccountAuthenticatorSingleKey {
+    const signature = new AnySignature(this.signTransaction(transaction));
+    const publicKey = new AnyPublicKey(this.publicKey);
+    return new AccountAuthenticatorSingleKey(publicKey, signature);
+  }
+
+  /**
+   * Waits for asyncronous proof fetching to finish.
+   * @return
+   */
+  async waitForProofFetch() {
+    if (this.proofOrPromise instanceof Promise) {
+      await this.proofOrPromise;
+    }
+  }
+
+  /**
+   * Sign the given message using Keyless.
+   * @param message in HexInput format
+   * @returns Signature
+   */
+  sign(data: HexInput): KeylessSignature {
+    const { expiryDateSecs } = this.ephemeralKeyPair;
+    if (this.isExpired()) {
+      throw new KeylessError(KeylessErrorType.EPK_EXPIRED);
+    }
+    if (this.proof === undefined) {
+      throw new KeylessError(KeylessErrorType.PROOF_NOT_FOUND);
+    }
+    if (!this.isJwtValid) {
+      throw new KeylessError(KeylessErrorType.JWK_EXPIRED);
+    }
+    const ephemeralPublicKey = this.ephemeralKeyPair.getPublicKey();
+    const ephemeralSignature = this.ephemeralKeyPair.sign(data);
+
+    return new KeylessSignature({
+      jwtHeader: base64UrlDecode(this.jwt.split(".")[0]),
+      ephemeralCertificate: new EphemeralCertificate(this.proof, EphemeralCertificateVariant.ZkProof),
+      expiryDateSecs,
+      ephemeralPublicKey,
+      ephemeralSignature,
+    });
+  }
+
+  /**
+   * Sign the given transaction with Keyless.
+   * Signs the transaction and proof to guard against proof malleability.
+   * @param transaction the transaction to be signed
+   * @returns KeylessSignature
+   */
+  signTransaction(transaction: AnyRawTransaction): KeylessSignature {
+    if (this.proof === undefined) {
+      throw new Error("Proof not found");
+    }
+    const raw = deriveTransactionType(transaction);
+    const txnAndProof = new TransactionAndProof(raw, this.proof.proof);
+    const signMess = generateSigningMessageForBcsCryptoHashable(txnAndProof);
+    return this.sign(signMess);
+  }
+
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars, class-methods-use-this
+  verifySignature(args: { message: HexInput; signature: Signature }): boolean {
+    throw new Error("Not implemented");
+  }
+
+  static fromBytes(bytes: Uint8Array): KeylessAccount {
+    return KeylessAccount.deserialize(new Deserializer(bytes));
+  }
+
+  static fromJWTAndProof(args: {
+    proof: ZeroKnowledgeSig | Promise<ZeroKnowledgeSig>;
+    jwt: string;
+    ephemeralKeyPair: EphemeralKeyPair;
+    pepper: HexInput;
+    uidKey?: string;
+    proofFetchCallback?: ProofFetchCallback;
+  }): KeylessAccount {
+    const { proof, jwt, ephemeralKeyPair, pepper, proofFetchCallback } = args;
+    const uidKey = args.uidKey ?? "sub";
+
+    const jwtPayload = jwtDecode<JwtPayload & { [key: string]: string }>(jwt);
+    const iss = jwtPayload.iss!;
+    if (typeof jwtPayload.aud !== "string") {
+      throw new Error("aud was not found or an array of values");
+    }
+    const aud = jwtPayload.aud!;
+    const uidVal = jwtPayload[uidKey];
+    return new KeylessAccount({
+      proofOrFetcher: proof,
+      ephemeralKeyPair,
+      iss,
+      uidKey,
+      uidVal,
+      aud,
+      pepper,
+      jwt,
+      proofFetchCallback,
+    });
+  }
+}
+
+export class TransactionAndProof extends CryptoHashable {
+  transaction: AnyRawTransactionInstance;
+
+  proof?: ZkProof;
+
+  domainSeparator: AptsoDomainSeparator;
+
+  constructor(transaction: AnyRawTransactionInstance, proof?: ZkProof) {
+    super();
+    this.transaction = transaction;
+    this.proof = proof;
+    this.domainSeparator = "APTOS::TransactionAndProof"
+  }
+
+  serialize(serializer: Serializer): void {
+    serializer.serializeFixedBytes(this.transaction.bcsToBytes());
+    serializer.serializeOption(this.proof);
+  }
+}
+
+export type ProofFetchSuccess = {
+  status: "Success";
+};
+
+export type ProofFetchFailure = {
+  status: "Failed";
+  error: string;
+};
+
+export type ProofFetchStatus = ProofFetchSuccess | ProofFetchFailure;
+
+export type ProofFetchCallback = (status: ProofFetchStatus) => Promise<void>;
+
+export interface ProofFetchEvents {
+  proofFetchFinish: (status: ProofFetchStatus) => void;
+}

package/src/account/MultiKeyAccount.ts

@@ -7,6 +7,7 @@ import { AccountAddress } from "../core/accountAddress";
 import { HexInput, SigningScheme } from "../types";
 import { AccountAuthenticatorMultiKey } from "../transactions/authenticator/account";
 import { AnyRawTransaction } from "../transactions/types";
+import { KeylessAccount } from "./KeylessAccount";
 
 export interface VerifyMultiKeySignatureArgs {
   message: HexInput;
@@ -123,6 +124,16 @@ export class MultiKeyAccount implements Account {
     return new AccountAuthenticatorMultiKey(this.publicKey, this.signTransaction(transaction));
   }
 
+  /**
+   * Waits for any proofs on any KeylessAccount signers to be fetched. If the proof is fetched a syncronously, call this
+   * to ensure signing with the KeylessAccount does not fail as the proof must be ready.
+   * @return
+   */
+  async waitForProofFetch() {
+    const keylessSigners = this.signers.filter((signer) => signer instanceof KeylessAccount) as KeylessAccount[];
+    await Promise.all(keylessSigners.filter((signer) => signer.proof instanceof Promise).map((signer) => signer.proof));
+  }
+
   /**
    * Sign the given message using the MultiKeyAccount's signers
    * @param message in HexInput format

package/src/account/index.ts

@@ -1,4 +1,6 @@
 export * from "./Ed25519Account";
 export * from "./Account";
 export * from "./SingleKeyAccount";
+export * from "./EphemeralKeyPair";
+export * from "./KeylessAccount";
 export * from "./MultiKeyAccount";

package/src/api/aptos.ts

@@ -13,6 +13,7 @@ import { ANS } from "./ans";
 import { Staking } from "./staking";
 import { Transaction } from "./transaction";
 import { Table } from "./table";
+import { Keyless } from "./keyless";
 
 /**
  * This class is the main entry point into Aptos's
@@ -50,6 +51,8 @@ export class Aptos {
 
   readonly table: Table;
 
+  readonly keyless: Keyless;
+
   constructor(settings?: AptosConfig) {
     this.config = new AptosConfig(settings);
     this.account = new Account(this.config);
@@ -63,6 +66,7 @@ export class Aptos {
     this.staking = new Staking(this.config);
     this.transaction = new Transaction(this.config);
     this.table = new Table(this.config);
+    this.keyless = new Keyless(this.config);
   }
 }
 
@@ -77,6 +81,7 @@ export interface Aptos
     Faucet,
     FungibleAsset,
     General,
+    Keyless,
     Staking,
     Table,
     Omit<Transaction, "build" | "simulate" | "submit" | "batch"> {}
@@ -113,3 +118,4 @@ applyMixin(Aptos, General, "general");
 applyMixin(Aptos, Staking, "staking");
 applyMixin(Aptos, Transaction, "transaction");
 applyMixin(Aptos, Table, "table");
+applyMixin(Aptos, Keyless, "keyless");

package/src/api/aptosConfig.ts

@@ -3,7 +3,14 @@
 
 import aptosClient from "@aptos-labs/aptos-client";
 import { AptosSettings, ClientConfig, Client, FullNodeConfig, IndexerConfig, FaucetConfig } from "../types";
-import { NetworkToNodeAPI, NetworkToFaucetAPI, NetworkToIndexerAPI, Network } from "../utils/apiEndpoints";
+import {
+  NetworkToNodeAPI,
+  NetworkToFaucetAPI,
+  NetworkToIndexerAPI,
+  Network,
+  NetworkToPepperAPI,
+  NetworkToProverAPI,
+} from "../utils/apiEndpoints";
 import { AptosApiType } from "../utils/const";
 
 /**
@@ -34,6 +41,16 @@ export class AptosConfig {
    */
   readonly faucet?: string;
 
+  /**
+   * The optional hardcoded pepper service URL to send requests to instead of using the network
+   */
+  readonly pepper?: string;
+
+  /**
+   * The optional hardcoded prover service URL to send requests to instead of using the network
+   */
+  readonly prover?: string;
+
   /**
    * The optional hardcoded indexer URL to send requests to instead of using the network
    */
@@ -63,6 +80,8 @@ export class AptosConfig {
     this.network = settings?.network ?? Network.DEVNET;
     this.fullnode = settings?.fullnode;
     this.faucet = settings?.faucet;
+    this.pepper = settings?.pepper;
+    this.prover = settings?.prover;
     this.indexer = settings?.indexer;
     this.client = settings?.client ?? { provider: aptosClient };
     this.clientConfig = settings?.clientConfig ?? {};
@@ -95,8 +114,34 @@ export class AptosConfig {
         if (this.indexer !== undefined) return this.indexer;
         if (this.network === Network.CUSTOM) throw new Error("Please provide a custom indexer url");
         return NetworkToIndexerAPI[this.network];
+      case AptosApiType.PEPPER:
+        if (this.pepper !== undefined) return this.pepper;
+        if (this.network === Network.CUSTOM) throw new Error("Please provide a custom pepper service url");
+        return NetworkToPepperAPI[this.network];
+      case AptosApiType.PROVER:
+        if (this.prover !== undefined) return this.prover;
+        if (this.network === Network.CUSTOM) throw new Error("Please provide a custom prover service url");
+        return NetworkToProverAPI[this.network];
       default:
         throw Error(`apiType ${apiType} is not supported`);
     }
   }
+
+  /**
+   * Checks if the URL is a known pepper service endpoint
+   *
+   * @internal
+   * */
+  isPepperServiceRequest(url: string): boolean {
+    return NetworkToPepperAPI[this.network] === url;
+  }
+
+  /**
+   * Checks if the URL is a known prover service endpoint
+   *
+   * @internal
+   * */
+  isProverServiceRequest(url: string): boolean {
+    return NetworkToProverAPI[this.network] === url;
+  }
 }

package/src/api/keyless.ts

@@ -0,0 +1,48 @@
+// Copyright © Aptos Foundation
+// SPDX-License-Identifier: Apache-2.0
+
+import { EphemeralKeyPair, KeylessAccount, ProofFetchCallback } from "../account";
+import { deriveKeylessAccount, getPepper } from "../internal/keyless";
+import { HexInput } from "../types";
+import { AptosConfig } from "./aptosConfig";
+
+/**
+ * A class to query all `Keyless` related queries on Aptos.
+ */
+export class Keyless {
+  constructor(readonly config: AptosConfig) {}
+
+  /**
+   * Fetches the pepper from the Aptos pepper service API.
+   *
+   * @param args.jwt JWT token
+   * @param args.ephemeralKeyPair the EphemeralKeyPair used to generate the nonce in the JWT token
+   * @returns The pepper which is a Uint8Array of length 31.
+   */
+  async getPepper(args: { jwt: string; ephemeralKeyPair: EphemeralKeyPair }): Promise<Uint8Array> {
+    return getPepper({ aptosConfig: this.config, ...args });
+  }
+
+  /**
+   * Fetches the pepper from the Aptos pepper service API.
+   *
+   * @param args.jwt JWT token
+   * @param args.ephemeralKeyPair the EphemeralKeyPair used to generate the nonce in the JWT token
+   * @param args.uidKey a key in the JWT token to use to set the uidVal in the IdCommitment
+   * @param args.pepper the pepper
+   * @param args.extraFieldKey a key in the JWT token used to reveal a value on chain
+   * @param args.proofFetchCallback a callback function that if set, the fetch of the proof will be done asyncronously. Once
+   * if finishes the callback function will be called.
+   * @returns A KeylessAccount that can be used to sign transactions
+   */
+  async deriveKeylessAccount(args: {
+    jwt: string;
+    ephemeralKeyPair: EphemeralKeyPair;
+    uidKey?: string;
+    pepper?: HexInput;
+    extraFieldKey?: string;
+    proofFetchCallback?: ProofFetchCallback;
+  }): Promise<KeylessAccount> {
+    return deriveKeylessAccount({ aptosConfig: this.config, ...args });
+  }
+}

package/src/bcs/cryptoHasher.ts

@@ -0,0 +1,6 @@
+import { Serializable } from "./serializer";
+
+export type AptsoDomainSeparator = `APTOS::${string}`;
+export abstract class CryptoHashable extends Serializable {
+  abstract readonly domainSeparator: AptsoDomainSeparator;
+}

package/src/bcs/deserializer.ts

@@ -56,6 +56,46 @@ export class Deserializer {
     return textDecoder.decode(value);
   }
 
+  /**
+   * Deserializes a an optional string.
+   *
+   * BCS layout for Optional<String>: 0 if none, else 1 | string_length | string_content
+   * @example
+   * ```ts
+   * const deserializer = new Deserializer(new Uint8Array([0x00]));
+   * assert(deserializer.deserializeOptionStr() === undefined);
+   * const deserializer = new Deserializer(new Uint8Array([1, 8, 49, 50, 51, 52, 97, 98, 99, 100]));
+   * assert(deserializer.deserializeOptionStr() === "1234abcd");
+   * ```
+   */
+  deserializeOptionStr(): string | undefined {
+    const exists = this.deserializeUleb128AsU32();
+    if (exists === 1) {
+      return this.deserializeStr();
+    }
+    return undefined;
+  }
+
+  /**
+   * Deserializes a an optional string.
+   *
+   * BCS layout for Optional<String>: 0 if none, else 1 | string_length | string_content
+   * @example
+   * ```ts
+   * const deserializer = new Deserializer(new Uint8Array([0x00]));
+   * assert(deserializer.deserializeOptionStr() === undefined);
+   * const deserializer = new Deserializer(new Uint8Array([1, 8, 49, 50, 51, 52, 97, 98, 99, 100]));
+   * assert(deserializer.deserializeOptionStr() === "1234abcd");
+   * ```
+   */
+  deserializeOption<T>(cls: Deserializable<T>): T | undefined {
+    const exists = this.deserializeUleb128AsU32();
+    if (exists === 1) {
+      return this.deserialize(cls);
+    }
+    return undefined;
+  }
+
   /**
    * Deserializes an array of bytes.
    *

package/src/bcs/serializer.ts

@@ -316,6 +316,24 @@ export class Serializer {
       item.serialize(this);
     });
   }
+
+  serializeOption<T extends Serializable>(value?: T): void {
+    if (value === undefined) {
+      this.serializeU32AsUleb128(0);
+    } else {
+      this.serializeU32AsUleb128(1);
+      value.serialize(this);
+    }
+  }
+
+  serializeOptionStr(value?: string): void {
+    if (value === undefined) {
+      this.serializeU32AsUleb128(0);
+    } else {
+      this.serializeU32AsUleb128(1);
+      this.serializeStr(value);
+    }
+  }
 }
 
 export function ensureBoolean(value: unknown): asserts value is boolean {

package/src/cli/localNode.ts

@@ -1,5 +1,7 @@
 import { ChildProcessWithoutNullStreams, spawn } from "child_process";
 import kill from "tree-kill";
+import { platform } from "os";
+
 import { sleep } from "../utils/helpers";
 
 export class LocalNode {
@@ -40,7 +42,15 @@ export class LocalNode {
     const cliCommand = "npx";
     const cliArgs = ["aptos", "node", "run-local-testnet", "--force-restart", "--assume-yes", "--with-indexer-api"];
 
-    const childProcess = spawn(cliCommand, cliArgs);
+    const currentPlatform = platform();
+    let childProcess;
+    // Check if current OS is windows
+    if (currentPlatform === "win32") {
+      childProcess = spawn(cliCommand, cliArgs, { shell: true });
+    } else {
+      childProcess = spawn(cliCommand, cliArgs);
+    }
+
     this.process = childProcess;
 
     childProcess.stderr?.on("data", (data: any) => {

package/src/client/core.ts

@@ -106,6 +106,14 @@ export async function aptosRequest<Req extends {}, Res extends {}>(
     return result;
   }
 
+  if (result.status >= 500) {
+    throw new AptosApiError(options, result, `${response.data}`);
+  }
+
+  if (aptosConfig.isPepperServiceRequest(url) || aptosConfig.isProverServiceRequest(url)) {
+    throw new AptosApiError(options, result, `${response.data}`);
+  }
+
   let errorMessage: string;
 
   if (result && result.data && "message" in result.data && "error_code" in result.data) {

package/src/client/get.ts

@@ -89,6 +89,12 @@ export async function getAptosFullNode<Req extends {}, Res extends {}>(
   });
 }
 
+export async function getAptosPepperService<Req extends {}, Res extends {}>(
+  options: GetAptosRequestOptions,
+): Promise<AptosResponse<Req, Res>> {
+  return get<Req, Res>({ ...options, type: AptosApiType.PEPPER });
+}
+
 /// This function is a helper for paginating using a function wrapping an API
 export async function paginateWithCursor<Req extends Record<string, any>, Res extends Array<{}>>(
   options: GetAptosRequestOptions,