@elisym/sdk 0.25.0 → 0.25.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.cts CHANGED
@@ -50,6 +50,51 @@ declare const FileTransportSchema: z.ZodDiscriminatedUnion<"kind", [z.ZodObject<
50
50
  }, {
51
51
  kind: "iroh";
52
52
  ticket: string;
53
+ }>, z.ZodObject<{
54
+ kind: z.ZodLiteral<"blossom">;
55
+ /** Public HTTP(S) URL of the CIPHERTEXT blob on a Blossom relay. */
56
+ url: z.ZodString;
57
+ /** sha256 (lowercase hex) of the ciphertext - what the relay stores and addresses. */
58
+ sha256: z.ZodString;
59
+ /**
60
+ * Hybrid-encryption parameters. The file bytes are AES-256-GCM encrypted with a random
61
+ * content key; that key is NIP-44-wrapped to the recipient. `name`/`mime`/`size` on the
62
+ * attachment describe the PLAINTEXT and live only inside the (encrypted) envelope - never
63
+ * sent to the relay (the relay only ever sees opaque ciphertext).
64
+ */
65
+ enc: z.ZodObject<{
66
+ alg: z.ZodLiteral<"AES-256-GCM">;
67
+ /** base64 12-byte GCM IV (non-secret). */
68
+ iv: z.ZodString;
69
+ /** NIP-44-wrapped content key. */
70
+ key: z.ZodString;
71
+ }, "strip", z.ZodTypeAny, {
72
+ alg: "AES-256-GCM";
73
+ iv: string;
74
+ key: string;
75
+ }, {
76
+ alg: "AES-256-GCM";
77
+ iv: string;
78
+ key: string;
79
+ }>;
80
+ }, "strip", z.ZodTypeAny, {
81
+ kind: "blossom";
82
+ url: string;
83
+ sha256: string;
84
+ enc: {
85
+ alg: "AES-256-GCM";
86
+ iv: string;
87
+ key: string;
88
+ };
89
+ }, {
90
+ kind: "blossom";
91
+ url: string;
92
+ sha256: string;
93
+ enc: {
94
+ alg: "AES-256-GCM";
95
+ iv: string;
96
+ key: string;
97
+ };
53
98
  }>]>;
54
99
  declare const FileAttachmentSchema: z.ZodObject<{
55
100
  /** Display name only. Never used to derive a filesystem path (callers sanitize). */
@@ -57,37 +102,62 @@ declare const FileAttachmentSchema: z.ZodObject<{
57
102
  /** Declared size in bytes (display/hint only; enforcement is on actual streamed bytes). */
58
103
  size: z.ZodNumber;
59
104
  mime: z.ZodString;
60
- /** Ordered by sender preference; at least one. */
61
- transports: z.ZodArray<z.ZodDiscriminatedUnion<"kind", [z.ZodObject<{
62
- kind: z.ZodLiteral<"iroh">;
63
- /** Opaque iroh `BlobTicket` string. Parsed into a real ticket only at fetch time. */
64
- ticket: z.ZodString;
65
- }, "strip", z.ZodTypeAny, {
105
+ /**
106
+ * Ordered by sender preference; at least one KNOWN transport. Parsed leniently: unknown
107
+ * transport `kind`s are dropped (not rejected) so adding a new transport never makes an older
108
+ * decoder throw away the whole envelope - it just ignores the kinds it doesn't know and uses
109
+ * the ones it does. At least one known transport must survive, else the attachment is invalid.
110
+ */
111
+ transports: z.ZodEffects<z.ZodEffects<z.ZodArray<z.ZodUnknown, "many">, ({
66
112
  kind: "iroh";
67
113
  ticket: string;
68
- }, {
114
+ } | {
115
+ kind: "blossom";
116
+ url: string;
117
+ sha256: string;
118
+ enc: {
119
+ alg: "AES-256-GCM";
120
+ iv: string;
121
+ key: string;
122
+ };
123
+ })[], unknown[]>, ({
69
124
  kind: "iroh";
70
125
  ticket: string;
71
- }>]>, "many">;
126
+ } | {
127
+ kind: "blossom";
128
+ url: string;
129
+ sha256: string;
130
+ enc: {
131
+ alg: "AES-256-GCM";
132
+ iv: string;
133
+ key: string;
134
+ };
135
+ })[], unknown[]>;
72
136
  /** Optional provider hint (unix seconds) for when seeding may stop. */
73
137
  seedingExpiresAt: z.ZodOptional<z.ZodNumber>;
74
138
  }, "strip", z.ZodTypeAny, {
75
139
  name: string;
76
140
  size: number;
77
141
  mime: string;
78
- transports: {
142
+ transports: ({
79
143
  kind: "iroh";
80
144
  ticket: string;
81
- }[];
145
+ } | {
146
+ kind: "blossom";
147
+ url: string;
148
+ sha256: string;
149
+ enc: {
150
+ alg: "AES-256-GCM";
151
+ iv: string;
152
+ key: string;
153
+ };
154
+ })[];
82
155
  seedingExpiresAt?: number | undefined;
83
156
  }, {
84
157
  name: string;
85
158
  size: number;
86
159
  mime: string;
87
- transports: {
88
- kind: "iroh";
89
- ticket: string;
90
- }[];
160
+ transports: unknown[];
91
161
  seedingExpiresAt?: number | undefined;
92
162
  }>;
93
163
  declare const JobPayloadEnvelopeSchema: z.ZodObject<{
@@ -99,39 +169,128 @@ declare const JobPayloadEnvelopeSchema: z.ZodObject<{
99
169
  /** Declared size in bytes (display/hint only; enforcement is on actual streamed bytes). */
100
170
  size: z.ZodNumber;
101
171
  mime: z.ZodString;
102
- /** Ordered by sender preference; at least one. */
103
- transports: z.ZodArray<z.ZodDiscriminatedUnion<"kind", [z.ZodObject<{
104
- kind: z.ZodLiteral<"iroh">;
105
- /** Opaque iroh `BlobTicket` string. Parsed into a real ticket only at fetch time. */
106
- ticket: z.ZodString;
107
- }, "strip", z.ZodTypeAny, {
172
+ /**
173
+ * Ordered by sender preference; at least one KNOWN transport. Parsed leniently: unknown
174
+ * transport `kind`s are dropped (not rejected) so adding a new transport never makes an older
175
+ * decoder throw away the whole envelope - it just ignores the kinds it doesn't know and uses
176
+ * the ones it does. At least one known transport must survive, else the attachment is invalid.
177
+ */
178
+ transports: z.ZodEffects<z.ZodEffects<z.ZodArray<z.ZodUnknown, "many">, ({
108
179
  kind: "iroh";
109
180
  ticket: string;
110
- }, {
181
+ } | {
182
+ kind: "blossom";
183
+ url: string;
184
+ sha256: string;
185
+ enc: {
186
+ alg: "AES-256-GCM";
187
+ iv: string;
188
+ key: string;
189
+ };
190
+ })[], unknown[]>, ({
111
191
  kind: "iroh";
112
192
  ticket: string;
113
- }>]>, "many">;
193
+ } | {
194
+ kind: "blossom";
195
+ url: string;
196
+ sha256: string;
197
+ enc: {
198
+ alg: "AES-256-GCM";
199
+ iv: string;
200
+ key: string;
201
+ };
202
+ })[], unknown[]>;
114
203
  /** Optional provider hint (unix seconds) for when seeding may stop. */
115
204
  seedingExpiresAt: z.ZodOptional<z.ZodNumber>;
116
205
  }, "strip", z.ZodTypeAny, {
117
206
  name: string;
118
207
  size: number;
119
208
  mime: string;
120
- transports: {
209
+ transports: ({
121
210
  kind: "iroh";
122
211
  ticket: string;
123
- }[];
212
+ } | {
213
+ kind: "blossom";
214
+ url: string;
215
+ sha256: string;
216
+ enc: {
217
+ alg: "AES-256-GCM";
218
+ iv: string;
219
+ key: string;
220
+ };
221
+ })[];
124
222
  seedingExpiresAt?: number | undefined;
125
223
  }, {
126
224
  name: string;
127
225
  size: number;
128
226
  mime: string;
129
- transports: {
227
+ transports: unknown[];
228
+ seedingExpiresAt?: number | undefined;
229
+ }>>;
230
+ attachments: z.ZodOptional<z.ZodArray<z.ZodObject<{
231
+ /** Display name only. Never used to derive a filesystem path (callers sanitize). */
232
+ name: z.ZodString;
233
+ /** Declared size in bytes (display/hint only; enforcement is on actual streamed bytes). */
234
+ size: z.ZodNumber;
235
+ mime: z.ZodString;
236
+ /**
237
+ * Ordered by sender preference; at least one KNOWN transport. Parsed leniently: unknown
238
+ * transport `kind`s are dropped (not rejected) so adding a new transport never makes an older
239
+ * decoder throw away the whole envelope - it just ignores the kinds it doesn't know and uses
240
+ * the ones it does. At least one known transport must survive, else the attachment is invalid.
241
+ */
242
+ transports: z.ZodEffects<z.ZodEffects<z.ZodArray<z.ZodUnknown, "many">, ({
243
+ kind: "iroh";
244
+ ticket: string;
245
+ } | {
246
+ kind: "blossom";
247
+ url: string;
248
+ sha256: string;
249
+ enc: {
250
+ alg: "AES-256-GCM";
251
+ iv: string;
252
+ key: string;
253
+ };
254
+ })[], unknown[]>, ({
255
+ kind: "iroh";
256
+ ticket: string;
257
+ } | {
258
+ kind: "blossom";
259
+ url: string;
260
+ sha256: string;
261
+ enc: {
262
+ alg: "AES-256-GCM";
263
+ iv: string;
264
+ key: string;
265
+ };
266
+ })[], unknown[]>;
267
+ /** Optional provider hint (unix seconds) for when seeding may stop. */
268
+ seedingExpiresAt: z.ZodOptional<z.ZodNumber>;
269
+ }, "strip", z.ZodTypeAny, {
270
+ name: string;
271
+ size: number;
272
+ mime: string;
273
+ transports: ({
130
274
  kind: "iroh";
131
275
  ticket: string;
132
- }[];
276
+ } | {
277
+ kind: "blossom";
278
+ url: string;
279
+ sha256: string;
280
+ enc: {
281
+ alg: "AES-256-GCM";
282
+ iv: string;
283
+ key: string;
284
+ };
285
+ })[];
133
286
  seedingExpiresAt?: number | undefined;
134
- }>>;
287
+ }, {
288
+ name: string;
289
+ size: number;
290
+ mime: string;
291
+ transports: unknown[];
292
+ seedingExpiresAt?: number | undefined;
293
+ }>, "many">>;
135
294
  }, "strip", z.ZodTypeAny, {
136
295
  v: "elisym-job/1";
137
296
  text?: string | undefined;
@@ -139,12 +298,40 @@ declare const JobPayloadEnvelopeSchema: z.ZodObject<{
139
298
  name: string;
140
299
  size: number;
141
300
  mime: string;
142
- transports: {
301
+ transports: ({
143
302
  kind: "iroh";
144
303
  ticket: string;
145
- }[];
304
+ } | {
305
+ kind: "blossom";
306
+ url: string;
307
+ sha256: string;
308
+ enc: {
309
+ alg: "AES-256-GCM";
310
+ iv: string;
311
+ key: string;
312
+ };
313
+ })[];
146
314
  seedingExpiresAt?: number | undefined;
147
315
  } | undefined;
316
+ attachments?: {
317
+ name: string;
318
+ size: number;
319
+ mime: string;
320
+ transports: ({
321
+ kind: "iroh";
322
+ ticket: string;
323
+ } | {
324
+ kind: "blossom";
325
+ url: string;
326
+ sha256: string;
327
+ enc: {
328
+ alg: "AES-256-GCM";
329
+ iv: string;
330
+ key: string;
331
+ };
332
+ })[];
333
+ seedingExpiresAt?: number | undefined;
334
+ }[] | undefined;
148
335
  }, {
149
336
  v: "elisym-job/1";
150
337
  text?: string | undefined;
@@ -152,21 +339,50 @@ declare const JobPayloadEnvelopeSchema: z.ZodObject<{
152
339
  name: string;
153
340
  size: number;
154
341
  mime: string;
155
- transports: {
156
- kind: "iroh";
157
- ticket: string;
158
- }[];
342
+ transports: unknown[];
159
343
  seedingExpiresAt?: number | undefined;
160
344
  } | undefined;
345
+ attachments?: {
346
+ name: string;
347
+ size: number;
348
+ mime: string;
349
+ transports: unknown[];
350
+ seedingExpiresAt?: number | undefined;
351
+ }[] | undefined;
161
352
  }>;
162
353
  type FileTransport = z.infer<typeof FileTransportSchema>;
163
354
  type FileAttachment = z.infer<typeof FileAttachmentSchema>;
164
355
  type JobPayloadEnvelope = z.infer<typeof JobPayloadEnvelopeSchema>;
165
- /** Decoded job payload: a free-text note and/or a file attachment. */
356
+ /** The kinds of file transport a job can use ('iroh' | 'blossom'). */
357
+ type TransportKind = FileTransport['kind'];
358
+ /** Public job-request tag advertising which transports a customer can RECEIVE output on. */
359
+ declare const ACCEPT_TRANSPORTS_TAG = "accept";
360
+ /**
361
+ * Build the `['accept', ...kinds]` job-request tag from a client's RECEIVE-capable transports.
362
+ * Drops unknown kinds and dedupes, preserving the client's preference order.
363
+ */
364
+ declare function buildAcceptTransportsTag(kinds: TransportKind[]): string[];
365
+ /**
366
+ * Read accepted transports from an event's tags. Returns the ordered, deduped, known kinds, or
367
+ * `undefined` when there is no `accept` tag or it carries no known kind - both normalize to the
368
+ * provider's default (seed all transports). Lenient: unknown kinds (from a newer client) are ignored
369
+ * so this never strands a job.
370
+ */
371
+ declare function readAcceptedTransports(tags: string[][]): TransportKind[] | undefined;
372
+ /** Decoded job payload: a free-text note and/or file attachment(s). */
166
373
  interface DecodedJobPayload {
167
374
  text?: string;
375
+ /** Legacy single attachment (also mirrors `attachments[0]`). */
168
376
  attachment?: FileAttachment;
377
+ /** All attachments when a job carries multiple files. */
378
+ attachments?: FileAttachment[];
169
379
  }
380
+ /**
381
+ * Normalize a decoded payload to the full attachment list, treating the legacy
382
+ * single `attachment` as a 1-element list. Use this everywhere instead of reading
383
+ * `.attachment`/`.attachments` directly, so single- and multi-file are uniform.
384
+ */
385
+ declare function attachmentsOf(decoded: DecodedJobPayload): FileAttachment[];
170
386
  /**
171
387
  * Serialize a job payload into the envelope string that goes (encrypted) into a
172
388
  * Nostr event's `content`. Used only when an attachment is present; plain-text
@@ -208,6 +424,13 @@ interface CapabilityCard {
208
424
  inputMime?: string;
209
425
  /** MIME of a file result the capability produces (from `output_mime`). */
210
426
  outputMime?: string;
427
+ /**
428
+ * Whether a file-input capability ALSO accepts a text prompt (from `input_text`):
429
+ * `'none'` = file only, `'optional'` = file + optional note, `'required'` = both.
430
+ * Discovery hint; the web app shows/hides its text box accordingly. Only meaningful
431
+ * with `inputMime`. Untrusted - gate on it, never render the raw value.
432
+ */
433
+ inputText?: 'required' | 'optional' | 'none';
211
434
  }
212
435
  /** Payment info embedded in capability card (legacy format for on-network events). */
213
436
  interface PaymentInfo {
@@ -329,16 +552,23 @@ interface SubmitJobOptions {
329
552
  * itself travels out-of-band (P2P via iroh), not in the Nostr event.
330
553
  */
331
554
  attachment?: FileAttachment;
555
+ /**
556
+ * Ordered (by client preference) transports this customer can RECEIVE output on. Published as a
557
+ * public `accept` tag. When omitted, providers default to seeding all transports (back-compat);
558
+ * advertising `['iroh']` makes a provider skip the (encrypted-Blossom) upload it can't use.
559
+ */
560
+ acceptTransports?: TransportKind[];
332
561
  }
333
562
  interface JobUpdateCallbacks {
334
563
  onFeedback?: (status: string, amount?: number, paymentRequest?: string, senderPubkey?: string) => void;
335
564
  /**
336
565
  * Fired on a job result. `content` is the result text (for a file result, the
337
- * envelope's text note, or `''`); `attachment` is the file descriptor when the
338
- * result carries a file. The file is fetched separately (P2P via iroh), never
339
- * inlined here.
566
+ * envelope's text note, or `''`); `attachment` is the FIRST file descriptor
567
+ * (= `attachments[0]`, kept for back-compat); `attachments` is the full list for
568
+ * a multi-file result. Files are fetched separately (P2P via iroh / Blossom),
569
+ * never inlined here.
340
570
  */
341
- onResult?: (content: string, eventId: string, attachment?: FileAttachment) => void;
571
+ onResult?: (content: string, eventId: string, attachment?: FileAttachment, attachments?: FileAttachment[]) => void;
342
572
  onError?: (error: string) => void;
343
573
  /**
344
574
  * Fired when the result wait window expires without a result - a distinct,
@@ -553,6 +783,15 @@ declare class BlossomService {
553
783
  private serverUrl;
554
784
  private fallback?;
555
785
  constructor(serverUrl?: string, fallback?: BlossomUploadFallback | undefined);
786
+ /**
787
+ * The content-addressed GET URL for a blob, derivable from its sha256 BEFORE
788
+ * upload (BUD-01: `<serverUrl>/<sha256>`, no extension for our octet-stream
789
+ * ciphertext uploads - same form `delete` addresses by). Lets a caller build a
790
+ * complete attachment descriptor and defer the actual byte upload (the descriptor
791
+ * is submitted first, the bytes PUT later). `upload()` re-verifies the server
792
+ * returns this exact url.
793
+ */
794
+ contentUrl(sha256: string): string;
556
795
  /**
557
796
  * Upload a file to the Blossom server, returning its descriptor. On any failure, falls
558
797
  * back to the configured uploader (if any) and returns a normalized descriptor with
@@ -561,6 +800,15 @@ declare class BlossomService {
561
800
  upload(identity: ElisymIdentity, file: Blob): Promise<BlobDescriptor>;
562
801
  /** Delete a blob by sha256 (BUD-02). Blossom only - there is no fallback for deletes. */
563
802
  delete(identity: ElisymIdentity, sha256: string): Promise<void>;
803
+ /**
804
+ * Download a public blob (BUD-01 GET, no auth). Bounds memory on the ACTUAL streamed bytes (never
805
+ * the declared Content-Length) and verifies the sha256 when `expectedSha256` is given. Browser-safe.
806
+ */
807
+ download(url: string, opts?: {
808
+ maxBytes?: number;
809
+ timeoutMs?: number;
810
+ expectedSha256?: string;
811
+ }): Promise<Uint8Array>;
564
812
  private uploadToBlossom;
565
813
  private authHeader;
566
814
  }
@@ -763,14 +1011,14 @@ declare class MarketplaceService {
763
1011
  */
764
1012
  subscribeToJobRequests(identity: ElisymIdentity, kinds: number[], onRequest: (event: Event) => void): SubCloser;
765
1013
  /** Submit a job result with NIP-44 encrypted content. Result kind is derived from the request kind. */
766
- submitJobResult(identity: ElisymIdentity, requestEvent: Event, content: string, amount?: number, attachment?: FileAttachment): Promise<string>;
1014
+ submitJobResult(identity: ElisymIdentity, requestEvent: Event, content: string, amount?: number, attachments?: FileAttachment[]): Promise<string>;
767
1015
  /**
768
1016
  * Submit a job result with retry and exponential backoff.
769
1017
  * Retries on publish failures (e.g. relay disconnects).
770
1018
  * With maxAttempts=3: try, ~1s, try, ~2s, try, throw.
771
1019
  * Jitter: 0.5x-1.0x of calculated delay.
772
1020
  */
773
- submitJobResultWithRetry(identity: ElisymIdentity, requestEvent: Event, content: string, amount?: number, maxAttempts?: number, baseDelayMs?: number, attachment?: FileAttachment): Promise<string>;
1021
+ submitJobResultWithRetry(identity: ElisymIdentity, requestEvent: Event, content: string, amount?: number, maxAttempts?: number, baseDelayMs?: number, attachments?: FileAttachment[]): Promise<string>;
774
1022
  /** Submit payment-required feedback with a payment request. */
775
1023
  submitPaymentRequiredFeedback(identity: ElisymIdentity, requestEvent: Event, amount: number, paymentRequestJson: string): Promise<void>;
776
1024
  /** Submit processing feedback to notify customer that work has started. */
@@ -909,6 +1157,92 @@ declare class ElisymClient {
909
1157
  close(): void;
910
1158
  }
911
1159
 
1160
+ type BlossomTransport = Extract<FileTransport, {
1161
+ kind: 'blossom';
1162
+ }>;
1163
+ interface BlossomBlobTransport {
1164
+ /** Encrypt `bytes` to `recipientPubkey`, upload the ciphertext, return a `blossom` transport member. */
1165
+ seedBytes(args: {
1166
+ bytes: Uint8Array;
1167
+ recipientPubkey: string;
1168
+ }): Promise<BlossomTransport>;
1169
+ /** Download the ciphertext (bounded + sha256-verified) and decrypt it (sent by `senderPubkey`). */
1170
+ fetchToBytes(args: {
1171
+ transport: BlossomTransport;
1172
+ senderPubkey: string;
1173
+ maxBytes?: number;
1174
+ }): Promise<Uint8Array>;
1175
+ }
1176
+ declare function createBlossomTransport(opts: {
1177
+ blossom: BlossomService;
1178
+ identity: ElisymIdentity;
1179
+ }): BlossomBlobTransport;
1180
+
1181
+ /**
1182
+ * Encrypt `file` to `providerPubkey` and build a complete `FileAttachment` WITHOUT uploading the bytes
1183
+ * yet. Because Blossom is content-addressed, the blob URL is derivable from the ciphertext sha256, so the
1184
+ * caller can submit the job request with this descriptor and DEFER the byte upload (via the returned
1185
+ * `upload()`) until the customer commits - e.g. after the provider quotes a price, so an unresponsive
1186
+ * provider never costs a wasted upload. TARGETED jobs only (a recipient pubkey is required to encrypt).
1187
+ *
1188
+ * `upload()` PUTs the ciphertext and verifies the server returns the precomputed url/sha256 (the request
1189
+ * already carries them, so a mismatch must fail loudly - pre-commit - rather than 404 the provider).
1190
+ */
1191
+ declare function prepareEncryptedFileInput(args: {
1192
+ file: Blob & {
1193
+ name?: string;
1194
+ };
1195
+ providerPubkey: string;
1196
+ identity: ElisymIdentity;
1197
+ blossom: BlossomService;
1198
+ }): Promise<{
1199
+ attachment: FileAttachment;
1200
+ upload: () => Promise<void>;
1201
+ }>;
1202
+ /**
1203
+ * Encrypt `file` to `providerPubkey` AND upload it immediately, returning the `FileAttachment`
1204
+ * (prepare + upload in one step). Use `prepareEncryptedFileInput` when you want to defer the upload.
1205
+ */
1206
+ declare function buildEncryptedFileInput(args: {
1207
+ file: Blob & {
1208
+ name?: string;
1209
+ };
1210
+ providerPubkey: string;
1211
+ identity: ElisymIdentity;
1212
+ blossom: BlossomService;
1213
+ }): Promise<FileAttachment>;
1214
+ /**
1215
+ * Download + decrypt a `blossom` file output from an attachment (sent by `providerPubkey`). Returns the
1216
+ * plaintext bytes plus the envelope-carried name/mime. Throws if there is no blossom transport.
1217
+ */
1218
+ declare function fetchEncryptedFileOutput(args: {
1219
+ attachment: FileAttachment;
1220
+ providerPubkey: string;
1221
+ identity: ElisymIdentity;
1222
+ blossom: BlossomService;
1223
+ maxBytes?: number;
1224
+ }): Promise<{
1225
+ bytes: Uint8Array;
1226
+ name: string;
1227
+ mime: string;
1228
+ }>;
1229
+
1230
+ interface EncryptedBytes {
1231
+ /** AES-256-GCM ciphertext with the 16-byte auth tag appended (WebCrypto layout). */
1232
+ ciphertext: Uint8Array;
1233
+ /** NIP-44-wrapped content key (sender secret key -> recipient pubkey). */
1234
+ wrappedKey: string;
1235
+ /** base64 GCM IV (non-secret). */
1236
+ iv: string;
1237
+ }
1238
+ /** Encrypt `bytes` so that only `recipientPubkey` (with the sender's pubkey) can decrypt. */
1239
+ declare function encryptBytesForRecipient(bytes: Uint8Array, senderSk: Uint8Array, recipientPubkey: string): Promise<EncryptedBytes>;
1240
+ /**
1241
+ * Decrypt bytes produced by `encryptBytesForRecipient`. Throws on any tamper (GCM auth tag), a
1242
+ * corrupted/forged wrapped key (NIP-44 MAC), or the wrong receiver/sender key pair.
1243
+ */
1244
+ declare function decryptBytesFromSender(ciphertext: Uint8Array, wrappedKey: string, iv: string, receiverSk: Uint8Array, senderPubkey: string): Promise<Uint8Array>;
1245
+
912
1246
  /**
913
1247
  * Customer-facing error feedback that arrives via `subscribeToJobUpdates`'s
914
1248
  * `onError` callback can come from many places:
@@ -1519,7 +1853,9 @@ declare const DEFAULTS: {
1519
1853
  readonly QUERY_MAX_CONCURRENCY: 6;
1520
1854
  readonly VERIFY_SIGNATURE_LIMIT: 25;
1521
1855
  readonly IROH_FETCH_TIMEOUT_MS: 300000;
1856
+ readonly IROH_SEED_TIMEOUT_MS: 120000;
1522
1857
  readonly BLOSSOM_UPLOAD_TIMEOUT_MS: 300000;
1858
+ readonly BLOSSOM_FETCH_TIMEOUT_MS: 300000;
1523
1859
  };
1524
1860
  /** Protocol limits for input validation. */
1525
1861
  declare const LIMITS: {
@@ -1528,6 +1864,7 @@ declare const LIMITS: {
1528
1864
  readonly MAX_ENCRYPTED_INLINE_BYTES: 60000;
1529
1865
  readonly MAX_REINLINE_TEXT_BYTES: 4194304;
1530
1866
  readonly MAX_FILE_SIZE: 1073741824;
1867
+ readonly MAX_BLOSSOM_ENCRYPTED_BYTES: 104857600;
1531
1868
  readonly MAX_TIMEOUT_SECS: 600;
1532
1869
  readonly MAX_EXECUTION_SECS: 2147483;
1533
1870
  readonly MAX_CAPABILITIES: 20;
@@ -1548,4 +1885,4 @@ declare const LIMITS: {
1548
1885
  */
1549
1886
  declare function utf8ByteLength(value: string): number;
1550
1887
 
1551
- export { type Agent, type AgentPolicy, type AggregateNetworkStatsOptions, Asset, type BlobDescriptor, BlossomService, type BlossomUploadFallback, BoundedSet, type BuildTransactionOptions, type CapabilityCard, DEFAULTS, DEFAULT_KIND_OFFSET, DEFAULT_REDACT_PATHS, type DecodedJobPayload, DiscoveryService, ELISYM_PROTOCOL_TAG, ENVELOPE_VERSION, ElisymClient, type ElisymClientConfig, type ElisymClientFullConfig, ElisymIdentity, type EstimatePriorityFeeOptions, type EstimateSolFeeOptions, type FileAttachment, type FileTransport, type GetProtocolConfigOptions, INPUT_REDACT_PATHS, type Job, type JobErrorKind, type JobPayloadEnvelope, type JobStatus, type JobSubscriptionOptions, type JobUpdateCallbacks, JobWaitTimeoutError, KIND_APP_HANDLER, KIND_JOB_FEEDBACK, KIND_JOB_REQUEST, KIND_JOB_REQUEST_BASE, KIND_JOB_RESULT, KIND_JOB_RESULT_BASE, KIND_LONG_FORM_ARTICLE, KIND_PING, KIND_PONG, LAMPORTS_PER_SOL, LIMITS, MarketplaceService, MediaService, type Network, type NetworkBaselineEstimate, type NetworkBaselineOptions, type NetworkStats, type NetworkStatsResult, NostrPool, type OnchainNetworkStats, POLICY_D_TAG_PREFIX, POLICY_TYPE_REGEX, POLICY_T_TAG, PROTOCOL_PROGRAM_ID_DEVNET, type ParseOptions, type ParseResult, type ParsedPaymentRequest, type PaymentAssetRef, type PaymentInfo, type PaymentRequestData, PaymentRequestSchema, type PaymentStrategy, type PaymentValidationCode, type PaymentValidationError, type PingResult, PingService, PoliciesService, type PolicyInput, type ProtocolCluster, type ProtocolConfig, type ProtocolConfigInput, type QuickVerifyReason, type QuickVerifyResult, RELAYS, type RankKey, SECRET_REDACT_PATHS, type Signer, type SolFeeEstimate, SolanaPaymentStrategy, type SubCloser, type SubmitJobOptions, type VerifyOptions, type VerifyResult, aggregateNetworkStats, assertExpiry, assertLamports, buildPaymentInstructions, calculateProtocolFee, classifyJobError, clearPriorityFeeCache, clearProtocolConfigCache, clearQuickVerifyCache, compareAgentsByRank, computeRankKey, createPaymentRequestWithOnchainConfig, decodeJobPayload, encodeJobPayload, estimateNetworkBaseline, estimatePriorityFeeMicroLamports, estimateSolFeeLamports, formatFeeBreakdown, formatNetworkBaseline, formatSol, getNetworkStats, getProtocolConfig, getProtocolProgramId, jobRequestKind, jobResultKind, makeCensor, nip44Decrypt, nip44Encrypt, parsePaymentRequest, pickPercentileFee, timeAgo, toDTag, truncateKey, utf8ByteLength, validateAgentName, validateExpiry, verifyJobPaymentQuick };
1888
+ export { ACCEPT_TRANSPORTS_TAG, type Agent, type AgentPolicy, type AggregateNetworkStatsOptions, Asset, type BlobDescriptor, type BlossomBlobTransport, BlossomService, type BlossomUploadFallback, BoundedSet, type BuildTransactionOptions, type CapabilityCard, DEFAULTS, DEFAULT_KIND_OFFSET, DEFAULT_REDACT_PATHS, type DecodedJobPayload, DiscoveryService, ELISYM_PROTOCOL_TAG, ENVELOPE_VERSION, ElisymClient, type ElisymClientConfig, type ElisymClientFullConfig, ElisymIdentity, type EncryptedBytes, type EstimatePriorityFeeOptions, type EstimateSolFeeOptions, type FileAttachment, type FileTransport, type GetProtocolConfigOptions, INPUT_REDACT_PATHS, type Job, type JobErrorKind, type JobPayloadEnvelope, type JobStatus, type JobSubscriptionOptions, type JobUpdateCallbacks, JobWaitTimeoutError, KIND_APP_HANDLER, KIND_JOB_FEEDBACK, KIND_JOB_REQUEST, KIND_JOB_REQUEST_BASE, KIND_JOB_RESULT, KIND_JOB_RESULT_BASE, KIND_LONG_FORM_ARTICLE, KIND_PING, KIND_PONG, LAMPORTS_PER_SOL, LIMITS, MarketplaceService, MediaService, type Network, type NetworkBaselineEstimate, type NetworkBaselineOptions, type NetworkStats, type NetworkStatsResult, NostrPool, type OnchainNetworkStats, POLICY_D_TAG_PREFIX, POLICY_TYPE_REGEX, POLICY_T_TAG, PROTOCOL_PROGRAM_ID_DEVNET, type ParseOptions, type ParseResult, type ParsedPaymentRequest, type PaymentAssetRef, type PaymentInfo, type PaymentRequestData, PaymentRequestSchema, type PaymentStrategy, type PaymentValidationCode, type PaymentValidationError, type PingResult, PingService, PoliciesService, type PolicyInput, type ProtocolCluster, type ProtocolConfig, type ProtocolConfigInput, type QuickVerifyReason, type QuickVerifyResult, RELAYS, type RankKey, SECRET_REDACT_PATHS, type Signer, type SolFeeEstimate, SolanaPaymentStrategy, type SubCloser, type SubmitJobOptions, type TransportKind, type VerifyOptions, type VerifyResult, aggregateNetworkStats, assertExpiry, assertLamports, attachmentsOf, buildAcceptTransportsTag, buildEncryptedFileInput, buildPaymentInstructions, calculateProtocolFee, classifyJobError, clearPriorityFeeCache, clearProtocolConfigCache, clearQuickVerifyCache, compareAgentsByRank, computeRankKey, createBlossomTransport, createPaymentRequestWithOnchainConfig, decodeJobPayload, decryptBytesFromSender, encodeJobPayload, encryptBytesForRecipient, estimateNetworkBaseline, estimatePriorityFeeMicroLamports, estimateSolFeeLamports, fetchEncryptedFileOutput, formatFeeBreakdown, formatNetworkBaseline, formatSol, getNetworkStats, getProtocolConfig, getProtocolProgramId, jobRequestKind, jobResultKind, makeCensor, nip44Decrypt, nip44Encrypt, parsePaymentRequest, pickPercentileFee, prepareEncryptedFileInput, readAcceptedTransports, timeAgo, toDTag, truncateKey, utf8ByteLength, validateAgentName, validateExpiry, verifyJobPaymentQuick };