@emblemvault/auth-sdk 2.3.16 → 2.3.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/dist/crypto/index.d.ts +50 -0
  2. package/dist/crypto/index.d.ts.map +1 -0
  3. package/dist/crypto/index.js +2 -0
  4. package/dist/crypto/index.js.map +1 -0
  5. package/dist/crypto/index.mjs +2 -0
  6. package/dist/crypto/index.mjs.map +1 -0
  7. package/dist/crypto/types.d.ts +41 -0
  8. package/dist/crypto/types.d.ts.map +1 -0
  9. package/dist/emblem-auth.min.js.map +1 -1
  10. package/dist/emblem-auth.umd.js.map +1 -1
  11. package/dist/index.js.map +1 -1
  12. package/dist/index.mjs.map +1 -1
  13. package/dist/signers/ethers.js.map +1 -1
  14. package/dist/signers/ethers.mjs.map +1 -1
  15. package/dist/signers/index.js +1 -1
  16. package/dist/signers/index.js.map +1 -1
  17. package/dist/signers/index.mjs +1 -1
  18. package/dist/signers/index.mjs.map +1 -1
  19. package/dist/signers/validation.d.ts.map +1 -1
  20. package/dist/signers/viem.js.map +1 -1
  21. package/dist/signers/viem.mjs.map +1 -1
  22. package/dist/signers/web3.js.map +1 -1
  23. package/dist/signers/web3.mjs.map +1 -1
  24. package/dist/types/index.d.ts +1 -0
  25. package/dist/types/index.d.ts.map +1 -1
  26. package/package.json +6 -1
package/dist/crypto/index.d.ts ADDED
@@ -0,0 +1,50 @@
1
+ import type { EncryptConfig, EncryptResult, DecryptConfig } from './types';
2
+ export type { EncryptConfig, EncryptResult, DecryptConfig } from './types';
3
+ export type { DecryptResult, DecryptBinaryResult } from './types';
4
+ /**
5
+ * Encrypt a string using the Emblem encryption service.
6
+ *
7
+ * If `options.address` or `options.tokenId` are not provided, they will be
8
+ * resolved automatically from the authenticated vault info.
9
+ *
10
+ * @param data - The plaintext string to encrypt
11
+ * @param options - Encryption configuration including auth config
12
+ * @returns The encrypted ciphertext and data hash (needed for decryption)
13
+ */
14
+ export declare function encrypt(data: string, options: EncryptConfig): Promise<EncryptResult>;
15
+ /**
16
+ * Encrypt binary data (Uint8Array) using the Emblem encryption service.
17
+ *
18
+ * The binary data is Base64-encoded with a marker prefix so that decryptBinary()
19
+ * can distinguish it from plain text and decode it back to a Uint8Array.
20
+ *
21
+ * @param data - The binary data to encrypt
22
+ * @param options - Encryption configuration including auth config
23
+ * @returns The encrypted ciphertext and data hash (needed for decryption)
24
+ */
25
+ export declare function encryptBinary(data: Uint8Array, options: EncryptConfig): Promise<EncryptResult>;
26
+ /**
27
+ * Decrypt ciphertext using the Emblem decryption service.
28
+ *
29
+ * If `options.address` or `options.tokenId` are not provided, they will be
30
+ * resolved automatically from the authenticated vault info.
31
+ *
32
+ * If the decrypted string starts with the binary marker ("b64:"), the marker is
33
+ * stripped and the raw Base64 string is returned.
34
+ *
35
+ * @param options - Decryption configuration including ciphertext and hash
36
+ * @returns The decrypted plaintext string
37
+ */
38
+ export declare function decrypt(options: DecryptConfig): Promise<string>;
39
+ /**
40
+ * Decrypt ciphertext and return the result as a Uint8Array.
41
+ *
42
+ * If the decrypted data was originally encrypted with encryptBinary(), the
43
+ * binary marker is detected and the Base64 payload is decoded back to bytes.
44
+ * Otherwise the decrypted string is encoded as UTF-8 bytes as a fallback.
45
+ *
46
+ * @param options - Decryption configuration including ciphertext and hash
47
+ * @returns The decrypted binary data as a Uint8Array
48
+ */
49
+ export declare function decryptBinary(options: DecryptConfig): Promise<Uint8Array>;
50
+ //# sourceMappingURL=index.d.ts.map
package/dist/crypto/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAK3E,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC3E,YAAY,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAwClE;;;;;;;;;GASG;AACH,wBAAsB,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC,CAiC1F;AAED;;;;;;;;;GASG;AACH,wBAAsB,aAAa,CACjC,IAAI,EAAE,UAAU,EAChB,OAAO,EAAE,aAAa,GACrB,OAAO,CAAC,aAAa,CAAC,CAUxB;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,OAAO,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,MAAM,CAAC,CAyCrE;AAED;;;;;;;;;GASG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,UAAU,CAAC,CA2C/E"}
package/dist/crypto/index.js ADDED
@@ -0,0 +1,2 @@
1
+ "use strict";async function t(t,e,r){const n=r.baseUrl??"https://api.emblemvault.ai",o=await async function(t){if("function"==typeof t.getAuthHeaders){const e=await t.getAuthHeaders();if(e&&"object"==typeof e)return e}const e=t.jwt??("function"==typeof t.getJwt?await t.getJwt():void 0)??t.sdk?.getSession()?.authToken??void 0;if(e)return{Authorization:`Bearer ${e}`};if(t.apiKey)return{"x-api-key":t.apiKey};throw new Error("No authentication available: provide jwt, getJwt(), getAuthHeaders(), sdk, or apiKey")}(r),i=await fetch(`${n}${t}`,{method:"POST",headers:{"content-type":"application/json",...o},body:JSON.stringify(e,(t,e)=>"bigint"==typeof e?e.toString():e)});if(!i.ok){const t=await i.text().catch(()=>"");throw new Error(function(t,e){let r=`Emblem signer error ${t}`;return t>=500?r+=": Internal server error":401===t||403===t?r+=": Authentication failed":404===t?r+=": Resource not found":405===t?r+=": Method not allowed":e&&(r+=`: ${e.substring(0,200)}`),r}(i.status,t))}return i.json()}function e(t){const e=!!t.jwt,r="function"==typeof t.getJwt,n="function"==typeof t.getAuthHeaders,o=!!t.sdk&&"function"==typeof t.sdk.getSession,i=!!t.apiKey;if(!(e||r||n||o||i))throw new Error("Authentication required: provide jwt, getJwt(), getAuthHeaders(), sdk, or apiKey");t.baseUrl&&function(t){if(t){if(!t.startsWith("http://")&&!t.startsWith("https://"))throw new Error("baseUrl must be a valid HTTP(S) URL");!t.startsWith("http://")||t.includes("localhost")||t.includes("127.0.0.1")||console.warn("[Emblem Security Warning] baseUrl uses HTTP instead of HTTPS. This is insecure for production use.")}}(t.baseUrl),t.debugSecurity&&console.log("[Emblem Security Debug]",{environment:"undefined"!=typeof window&&"undefined"!=typeof document?"browser":"node",hasBaseUrl:!!t.baseUrl,timestamp:(new Date).toISOString()})}Object.defineProperty(exports,"__esModule",{value:!0});const r="b64:";async function n(e){const r=await async function(e){const r=await t("/vault/info",{},e);if(!r||!r.vaultId||!r.evmAddress)throw new Error("Invalid vault info response: missing required fields");if(!String(r.evmAddress).startsWith("0x"))throw new Error("Invalid evmAddress format in response");return{vaultId:r.vaultId,tokenId:r.vaultId,address:r.address||"",evmAddress:r.evmAddress,created_by:r.created_by}}(e);if(!r.evmAddress)throw new Error("Could not resolve vault EVM address");if(!r.vaultId)throw new Error("Could not resolve vault tokenId");return{address:r.evmAddress,tokenId:r.vaultId}}async function o(r,o){if(!r)throw new Error("Data to encrypt must be a non-empty string");if(!o||!o.config)throw new Error("EncryptConfig with a valid config is required");e(o.config);let{address:i,tokenId:a}=o;if(!i||!a){const t=await n(o.config);i=i??t.address,a=a??t.tokenId}const s=await t("/encrypt",{text:r,address:i,tokenId:a},o.config);if(!s||!s.ciphertext||!s.dataToEncryptHash)throw new Error("Invalid encrypt response: missing ciphertext or dataToEncryptHash");return{ciphertext:s.ciphertext,dataToEncryptHash:s.dataToEncryptHash}}exports.decrypt=async function(o){if(!o||!o.config)throw new Error("DecryptConfig with a valid config is required");if(!o.ciphertext)throw new Error("ciphertext is required for decryption");if(!o.dataToEncryptHash)throw new Error("dataToEncryptHash is required for decryption");e(o.config);let{address:i,tokenId:a}=o;if(!i||!a){const t=await n(o.config);i=i??t.address,a=a??t.tokenId}const s=await t("/decrypt",{address:i,tokenId:a,ciphertext:o.ciphertext,dataToEncryptHash:o.dataToEncryptHash},o.config);if(!s||"string"!=typeof s.decryptedString)throw new Error("Invalid decrypt response: missing decryptedString");let d=s.decryptedString;return d.startsWith(r)&&(d=d.slice(4)),d},exports.decryptBinary=async function(o){if(!o||!o.config)throw new Error("DecryptConfig with a valid config is required");if(!o.ciphertext)throw new Error("ciphertext is required for decryption");if(!o.dataToEncryptHash)throw new Error("dataToEncryptHash is required for decryption");e(o.config);let{address:i,tokenId:a}=o;if(!i||!a){const t=await n(o.config);i=i??t.address,a=a??t.tokenId}const s=await t("/decrypt",{address:i,tokenId:a,ciphertext:o.ciphertext,dataToEncryptHash:o.dataToEncryptHash},o.config);if(!s||"string"!=typeof s.decryptedString)throw new Error("Invalid decrypt response: missing decryptedString");const d=s.decryptedString;if(d.startsWith(r)){return function(t){if("function"==typeof atob){const e=atob(t),r=new Uint8Array(e.length);for(let t=0;t<e.length;t++)r[t]=e.charCodeAt(t);return r}if("undefined"!=typeof Buffer){const e=Buffer.from(t,"base64");return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}throw new Error("No Base64 decoding method available in this environment")}(d.slice(4))}return(new TextEncoder).encode(d)},exports.encrypt=o,exports.encryptBinary=async function(t,e){if(!(t&&t instanceof Uint8Array))throw new Error("Data must be a Uint8Array");const n=function(t){if("function"==typeof btoa){let e="";for(let r=0;r<t.length;r++)e+=String.fromCharCode(t[r]);return btoa(e)}if("undefined"!=typeof Buffer)return Buffer.from(t).toString("base64");throw new Error("No Base64 encoding method available in this environment")}(t);return o(`${r}${n}`,e)};
2
+ //# sourceMappingURL=index.js.map
package/dist/crypto/index.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sources":["../../src/signers/http.ts","../../src/signers/validation.ts","../../src/crypto/index.ts","../../src/signers/vault.ts"],"sourcesContent":["import type { SignerConfig } from '../types/signers';\n\nfunction sanitizeErrorMessage(status: number, text: string): string {\n // Sanitize error messages to avoid leaking sensitive server information\n let errorMessage = `Emblem signer error ${status}`;\n\n if (status >= 500) {\n errorMessage += ': Internal server error';\n } else if (status === 401 || status === 403) {\n errorMessage += ': Authentication failed';\n } else if (status === 404) {\n errorMessage += ': Resource not found';\n } else if (status === 405) {\n errorMessage += ': Method not allowed';\n } else if (text) {\n // For 4xx client errors, include limited error details\n errorMessage += `: ${text.substring(0, 200)}`; // Limit to 200 chars\n }\n\n return errorMessage;\n}\n\nasync function resolveAuthHeaders(config: SignerConfig): Promise<Record<string, string>> {\n // Priority: custom headers -> jwt/getJwt/sdk -> apiKey (deprecated)\n if (typeof config.getAuthHeaders === 'function') {\n const h = await config.getAuthHeaders();\n if (h && typeof h === 'object') return h;\n }\n\n const tok =\n config.jwt ??\n (typeof config.getJwt === 'function' ? await config.getJwt() : undefined) ??\n config.sdk?.getSession()?.authToken ??\n undefined;\n\n if (tok) {\n return { Authorization: `Bearer ${tok}` };\n }\n\n // apiKey is deprecated but still supported as fallback\n if (config.apiKey) {\n return { 'x-api-key': config.apiKey };\n }\n\n throw new Error(\n 'No authentication available: provide jwt, getJwt(), getAuthHeaders(), sdk, or apiKey'\n );\n}\n\nexport async function emblemPost<T = unknown>(\n path: string,\n body: unknown,\n config: SignerConfig\n): Promise<T> {\n const baseUrl = config.baseUrl ?? 'https://api.emblemvault.ai';\n const authHeaders = await resolveAuthHeaders(config);\n const res = await fetch(`${baseUrl}${path}`, {\n method: 'POST',\n headers: {\n 'content-type': 'application/json',\n ...authHeaders,\n },\n body: JSON.stringify(body, (_key: string, value: unknown) =>\n typeof value === 'bigint' ? value.toString() : value\n ),\n });\n\n if (!res.ok) {\n const text = await res.text().catch(() => '');\n throw new Error(sanitizeErrorMessage(res.status, text));\n }\n\n return res.json() as Promise<T>;\n}\n\nexport async function emblemGet<T = unknown>(path: string, config: SignerConfig): Promise<T> {\n const baseUrl = config.baseUrl ?? 'https://api.emblemvault.ai';\n const authHeaders = await resolveAuthHeaders(config);\n const res = await fetch(`${baseUrl}${path}`, {\n method: 'GET',\n headers: authHeaders,\n });\n\n if (!res.ok) {\n const text = await res.text().catch(() => '');\n throw new Error(sanitizeErrorMessage(res.status, text));\n }\n\n return res.json() as Promise<T>;\n}\n","import type { SignerConfig } from '../types/signers';\n\n/**\n * Environment detection utilities for warning about unsafe usage patterns\n */\n\n/**\n * Detect if code is running in a browser environment\n */\nexport function isBrowserEnvironment(): boolean {\n return typeof window !== 'undefined' && typeof document !== 'undefined';\n}\n\n/**\n * Check if we're in a Node.js server environment\n */\nexport function isNodeEnvironment(): boolean {\n return (\n typeof process !== 'undefined' && process.versions != null && process.versions.node != null\n );\n}\n\n/**\n * Validate baseUrl format\n */\nexport function validateBaseUrl(baseUrl?: string): void {\n if (!baseUrl) return; // undefined is ok, will use default\n\n if (!baseUrl.startsWith('http://') && !baseUrl.startsWith('https://')) {\n throw new Error('baseUrl must be a valid HTTP(S) URL');\n }\n\n // Warn about http (not https)\n if (\n baseUrl.startsWith('http://') &&\n !baseUrl.includes('localhost') &&\n !baseUrl.includes('127.0.0.1')\n ) {\n console.warn(\n '[Emblem Security Warning] baseUrl uses HTTP instead of HTTPS. This is insecure for production use.'\n );\n }\n}\n\n/**\n * Validate Ethereum address format\n */\nexport function validateEthereumAddress(address: string): void {\n if (!address || typeof address !== 'string') {\n throw new Error('Address is required');\n }\n\n if (!address.startsWith('0x')) {\n throw new Error('Address must start with 0x');\n }\n\n if (!/^0x[0-9a-fA-F]{40}$/.test(address)) {\n throw new Error('Invalid Ethereum address format');\n }\n}\n\n/**\n * Validate vault ID\n */\nexport function validateVaultId(vaultId: string): void {\n if (!vaultId || typeof vaultId !== 'string') {\n throw new Error('vaultId is required');\n }\n\n if (vaultId.trim() === '') {\n throw new Error('vaultId cannot be empty');\n }\n}\n\n/**\n * Safe number conversion with bounds checking\n */\nexport function toSafeNumber(value: unknown, fieldName: string): number {\n const num = Number(value);\n\n if (!Number.isSafeInteger(num)) {\n throw new Error(\n `${fieldName} value ${value} exceeds safe integer range (max: ${Number.MAX_SAFE_INTEGER})`\n );\n }\n\n return num;\n}\n\n/**\n * Extended config with security options\n */\nexport interface SignerSecurityConfig extends SignerConfig {\n /**\n * Enable debug logging for security-related checks\n * @default false\n */\n debugSecurity?: boolean;\n}\n\n/**\n * Validate signer configuration\n */\nexport function validateSignerConfig(config: SignerSecurityConfig): void {\n // Validate auth: require at least one method\n const hasJwt = !!config.jwt;\n const hasGetJwt = typeof config.getJwt === 'function';\n const hasHeaders = typeof config.getAuthHeaders === 'function';\n const hasSdk = !!config.sdk && typeof config.sdk.getSession === 'function';\n const hasApiKey = !!config.apiKey;\n\n if (!hasJwt && !hasGetJwt && !hasHeaders && !hasSdk && !hasApiKey) {\n throw new Error('Authentication required: provide jwt, getJwt(), getAuthHeaders(), sdk, or apiKey');\n }\n\n // Validate baseUrl if provided\n if (config.baseUrl) {\n validateBaseUrl(config.baseUrl);\n }\n\n // Security audit logging\n if (config.debugSecurity) {\n console.log('[Emblem Security Debug]', {\n environment: isBrowserEnvironment() ? 'browser' : 'node',\n hasBaseUrl: !!config.baseUrl,\n timestamp: new Date().toISOString(),\n });\n }\n}\n","import type { SignerConfig } from '../types/signers';\nimport type { EncryptConfig, EncryptResult, DecryptConfig } from './types';\nimport { emblemPost } from '../signers/http';\nimport { validateSignerConfig } from '../signers/validation';\nimport { fetchVaultInfo } from '../signers/vault';\n\nexport type { EncryptConfig, EncryptResult, DecryptConfig } from './types';\nexport type { DecryptResult, DecryptBinaryResult } from './types';\n\n/** Binary marker prefix used to distinguish binary data from plain text */\nconst BINARY_MARKER = 'b64:';\n\n/** Response shape from POST /encrypt */\ninterface EncryptApiResponse {\n success: boolean;\n ciphertext: string;\n dataToEncryptHash: string;\n}\n\n/** Response shape from POST /decrypt */\ninterface DecryptApiResponse {\n success: boolean;\n decryptedString: string;\n}\n\n/**\n * Resolve vault address and tokenId from the signer config.\n * Uses fetchVaultInfo to retrieve the vault's EVM address and vaultId.\n */\nasync function resolveVaultDetails(\n config: SignerConfig\n): Promise<{ address: string; tokenId: string }> {\n const vaultInfo = await fetchVaultInfo(config);\n\n if (!vaultInfo.evmAddress) {\n throw new Error('Could not resolve vault EVM address');\n }\n if (!vaultInfo.vaultId) {\n throw new Error('Could not resolve vault tokenId');\n }\n\n return {\n address: vaultInfo.evmAddress,\n tokenId: vaultInfo.vaultId,\n };\n}\n\n/**\n * Encrypt a string using the Emblem encryption service.\n *\n * If `options.address` or `options.tokenId` are not provided, they will be\n * resolved automatically from the authenticated vault info.\n *\n * @param data - The plaintext string to encrypt\n * @param options - Encryption configuration including auth config\n * @returns The encrypted ciphertext and data hash (needed for decryption)\n */\nexport async function encrypt(data: string, options: EncryptConfig): Promise<EncryptResult> {\n if (!data) {\n throw new Error('Data to encrypt must be a non-empty string');\n }\n if (!options || !options.config) {\n throw new Error('EncryptConfig with a valid config is required');\n }\n\n validateSignerConfig(options.config);\n\n let { address, tokenId } = options;\n\n // Resolve address/tokenId from vault if not explicitly provided\n if (!address || !tokenId) {\n const vaultDetails = await resolveVaultDetails(options.config);\n address = address ?? vaultDetails.address;\n tokenId = tokenId ?? vaultDetails.tokenId;\n }\n\n const response = await emblemPost<EncryptApiResponse>('/encrypt', {\n text: data,\n address,\n tokenId,\n }, options.config);\n\n if (!response || !response.ciphertext || !response.dataToEncryptHash) {\n throw new Error('Invalid encrypt response: missing ciphertext or dataToEncryptHash');\n }\n\n return {\n ciphertext: response.ciphertext,\n dataToEncryptHash: response.dataToEncryptHash,\n };\n}\n\n/**\n * Encrypt binary data (Uint8Array) using the Emblem encryption service.\n *\n * The binary data is Base64-encoded with a marker prefix so that decryptBinary()\n * can distinguish it from plain text and decode it back to a Uint8Array.\n *\n * @param data - The binary data to encrypt\n * @param options - Encryption configuration including auth config\n * @returns The encrypted ciphertext and data hash (needed for decryption)\n */\nexport async function encryptBinary(\n data: Uint8Array,\n options: EncryptConfig\n): Promise<EncryptResult> {\n if (!data || !(data instanceof Uint8Array)) {\n throw new Error('Data must be a Uint8Array');\n }\n\n // Base64-encode the binary data and prepend the marker\n const base64 = uint8ArrayToBase64(data);\n const encoded = `${BINARY_MARKER}${base64}`;\n\n return encrypt(encoded, options);\n}\n\n/**\n * Decrypt ciphertext using the Emblem decryption service.\n *\n * If `options.address` or `options.tokenId` are not provided, they will be\n * resolved automatically from the authenticated vault info.\n *\n * If the decrypted string starts with the binary marker (\"b64:\"), the marker is\n * stripped and the raw Base64 string is returned.\n *\n * @param options - Decryption configuration including ciphertext and hash\n * @returns The decrypted plaintext string\n */\nexport async function decrypt(options: DecryptConfig): Promise<string> {\n if (!options || !options.config) {\n throw new Error('DecryptConfig with a valid config is required');\n }\n if (!options.ciphertext) {\n throw new Error('ciphertext is required for decryption');\n }\n if (!options.dataToEncryptHash) {\n throw new Error('dataToEncryptHash is required for decryption');\n }\n\n validateSignerConfig(options.config);\n\n let { address, tokenId } = options;\n\n // Resolve address/tokenId from vault if not explicitly provided\n if (!address || !tokenId) {\n const vaultDetails = await resolveVaultDetails(options.config);\n address = address ?? vaultDetails.address;\n tokenId = tokenId ?? vaultDetails.tokenId;\n }\n\n const response = await emblemPost<DecryptApiResponse>('/decrypt', {\n address,\n tokenId,\n ciphertext: options.ciphertext,\n dataToEncryptHash: options.dataToEncryptHash,\n }, options.config);\n\n if (!response || typeof response.decryptedString !== 'string') {\n throw new Error('Invalid decrypt response: missing decryptedString');\n }\n\n let result = response.decryptedString;\n\n // Strip binary marker if present (for users who just want the base64 string)\n if (result.startsWith(BINARY_MARKER)) {\n result = result.slice(BINARY_MARKER.length);\n }\n\n return result;\n}\n\n/**\n * Decrypt ciphertext and return the result as a Uint8Array.\n *\n * If the decrypted data was originally encrypted with encryptBinary(), the\n * binary marker is detected and the Base64 payload is decoded back to bytes.\n * Otherwise the decrypted string is encoded as UTF-8 bytes as a fallback.\n *\n * @param options - Decryption configuration including ciphertext and hash\n * @returns The decrypted binary data as a Uint8Array\n */\nexport async function decryptBinary(options: DecryptConfig): Promise<Uint8Array> {\n if (!options || !options.config) {\n throw new Error('DecryptConfig with a valid config is required');\n }\n if (!options.ciphertext) {\n throw new Error('ciphertext is required for decryption');\n }\n if (!options.dataToEncryptHash) {\n throw new Error('dataToEncryptHash is required for decryption');\n }\n\n validateSignerConfig(options.config);\n\n // Perform decryption using the raw API to check the marker ourselves\n let { address, tokenId } = options;\n\n if (!address || !tokenId) {\n const vaultDetails = await resolveVaultDetails(options.config);\n address = address ?? vaultDetails.address;\n tokenId = tokenId ?? vaultDetails.tokenId;\n }\n\n const response = await emblemPost<DecryptApiResponse>('/decrypt', {\n address,\n tokenId,\n ciphertext: options.ciphertext,\n dataToEncryptHash: options.dataToEncryptHash,\n }, options.config);\n\n if (!response || typeof response.decryptedString !== 'string') {\n throw new Error('Invalid decrypt response: missing decryptedString');\n }\n\n const decrypted = response.decryptedString;\n\n // If the binary marker is present, decode the Base64 payload\n if (decrypted.startsWith(BINARY_MARKER)) {\n const base64 = decrypted.slice(BINARY_MARKER.length);\n return base64ToUint8Array(base64);\n }\n\n // Fallback: encode the plain string as UTF-8 bytes\n return new TextEncoder().encode(decrypted);\n}\n\n/* ------------------------------------------------------------------ */\n/* Base64 helpers (environment-agnostic: works in Node and browsers) */\n/* ------------------------------------------------------------------ */\n\nfunction uint8ArrayToBase64(bytes: Uint8Array): string {\n // Use btoa if available (browsers + Node 16+)\n if (typeof btoa === 'function') {\n let binary = '';\n for (let i = 0; i < bytes.length; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary);\n }\n\n // Node.js Buffer fallback\n if (typeof Buffer !== 'undefined') {\n return Buffer.from(bytes).toString('base64');\n }\n\n throw new Error('No Base64 encoding method available in this environment');\n}\n\nfunction base64ToUint8Array(base64: string): Uint8Array {\n // Use atob if available (browsers + Node 16+)\n if (typeof atob === 'function') {\n const binary = atob(base64);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n }\n\n // Node.js Buffer fallback\n if (typeof Buffer !== 'undefined') {\n const buf = Buffer.from(base64, 'base64');\n return new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength);\n }\n\n throw new Error('No Base64 decoding method available in this environment');\n}\n","import type { SignerConfig, SignerVaultInfo, Hex } from '../types/signers';\nimport { emblemPost } from './http';\n\nexport async function fetchVaultInfo(config: SignerConfig): Promise<SignerVaultInfo> {\n // Note: The server only supports POST for /vault/info\n const data: Partial<{\n vaultId: string;\n address: string;\n evmAddress: Hex;\n created_by?: string;\n }> = await emblemPost('/vault/info', {}, config);\n\n // Validate required response data (vaultId + evmAddress are required for EVM)\n if (!data || !data.vaultId || !data.evmAddress) {\n throw new Error('Invalid vault info response: missing required fields');\n }\n\n if (!String(data.evmAddress).startsWith('0x')) {\n throw new Error('Invalid evmAddress format in response');\n }\n\n return {\n vaultId: data.vaultId,\n tokenId: data.vaultId,\n address: data.address || '', // Solana address may be absent; keep optional\n evmAddress: data.evmAddress as Hex,\n created_by: data.created_by,\n };\n}\n"],"names":["async","emblemPost","path","body","config","baseUrl","authHeaders","getAuthHeaders","h","tok","jwt","getJwt","undefined","sdk","getSession","authToken","Authorization","apiKey","Error","resolveAuthHeaders","res","fetch","method","headers","JSON","stringify","_key","value","toString","ok","text","catch","status","errorMessage","substring","sanitizeErrorMessage","json","validateSignerConfig","hasJwt","hasGetJwt","hasHeaders","hasSdk","hasApiKey","startsWith","includes","console","warn","validateBaseUrl","debugSecurity","log","environment","window","document","hasBaseUrl","timestamp","Date","toISOString","BINARY_MARKER","resolveVaultDetails","vaultInfo","data","vaultId","evmAddress","String","tokenId","address","created_by","fetchVaultInfo","encrypt","options","vaultDetails","response","ciphertext","dataToEncryptHash","decryptedString","result","slice","decrypted","base64","atob","binary","bytes","Uint8Array","length","i","charCodeAt","Buffer","buf","from","buffer","byteOffset","byteLength","base64ToUint8Array","TextEncoder","encode","btoa","fromCharCode","uint8ArrayToBase64"],"mappings":"aAiDOA,eAAeC,EACpBC,EACAC,EACAC,GAEA,MAAMC,EAAUD,EAAOC,SAAW,6BAC5BC,QAjCRN,eAAkCI,GAEhC,GAAqC,mBAA1BA,EAAOG,eAA+B,CAC/C,MAAMC,QAAUJ,EAAOG,iBACvB,GAAIC,GAAkB,iBAANA,EAAgB,OAAOA,CACxC,CAED,MAAMC,EACJL,EAAOM,MACmB,mBAAlBN,EAAOO,aAA8BP,EAAOO,cAAWC,IAC/DR,EAAOS,KAAKC,cAAcC,gBAC1BH,EAEF,GAAIH,EACF,MAAO,CAAEO,cAAe,UAAUP,KAIpC,GAAIL,EAAOa,OACT,MAAO,CAAE,YAAab,EAAOa,QAG/B,MAAM,IAAIC,MACR,uFAEJ,CAQ4BC,CAAmBf,GACvCgB,QAAYC,MAAM,GAAGhB,IAAUH,IAAQ,CAC3CoB,OAAQ,OACRC,QAAS,CACP,eAAgB,sBACbjB,GAELH,KAAMqB,KAAKC,UAAUtB,EAAM,CAACuB,EAAcC,IACvB,iBAAVA,EAAqBA,EAAMC,WAAaD,KAInD,IAAKP,EAAIS,GAAI,CACX,MAAMC,QAAaV,EAAIU,OAAOC,MAAM,IAAM,IAC1C,MAAM,IAAIb,MAnEd,SAA8Bc,EAAgBF,GAE5C,IAAIG,EAAe,uBAAuBD,IAe1C,OAbIA,GAAU,IACZC,GAAgB,0BACI,MAAXD,GAA6B,MAAXA,EAC3BC,GAAgB,0BACI,MAAXD,EACTC,GAAgB,uBACI,MAAXD,EACTC,GAAgB,uBACPH,IAETG,GAAgB,KAAKH,EAAKI,UAAU,EAAG,QAGlCD,CACT,CAiDoBE,CAAqBf,EAAIY,OAAQF,GAClD,CAED,OAAOV,EAAIgB,MACb,CC8BM,SAAUC,EAAqBjC,GAEnC,MAAMkC,IAAWlC,EAAOM,IAClB6B,EAAqC,mBAAlBnC,EAAOO,OAC1B6B,EAA8C,mBAA1BpC,EAAOG,eAC3BkC,IAAWrC,EAAOS,KAAwC,mBAA1BT,EAAOS,IAAIC,WAC3C4B,IAActC,EAAOa,OAE3B,KAAKqB,GAAWC,GAAcC,GAAeC,GAAWC,GACtD,MAAM,IAAIxB,MAAM,oFAIdd,EAAOC,SA3FP,SAA0BA,GAC9B,GAAKA,EAAL,CAEA,IAAKA,EAAQsC,WAAW,aAAetC,EAAQsC,WAAW,YACxD,MAAM,IAAIzB,MAAM,wCAKhBb,EAAQsC,WAAW,YAClBtC,EAAQuC,SAAS,cACjBvC,EAAQuC,SAAS,cAElBC,QAAQC,KACN,qGAbiB,CAgBvB,CA2EIC,CAAgB3C,EAAOC,SAIrBD,EAAO4C,eACTH,QAAQI,IAAI,0BAA2B,CACrCC,YAjHqB,oBAAXC,QAA8C,oBAAbC,SAiHL,UAAY,OAClDC,aAAcjD,EAAOC,QACrBiD,WAAW,IAAIC,MAAOC,eAG5B,wDCtHA,MAAMC,EAAgB,OAmBtBzD,eAAe0D,EACbtD,GAEA,MAAMuD,QC7BD3D,eAA8BI,GAEnC,MAAMwD,QAKK3D,EAAW,cAAe,CAAE,EAAEG,GAGzC,IAAKwD,IAASA,EAAKC,UAAYD,EAAKE,WAClC,MAAM,IAAI5C,MAAM,wDAGlB,IAAK6C,OAAOH,EAAKE,YAAYnB,WAAW,MACtC,MAAM,IAAIzB,MAAM,yCAGlB,MAAO,CACL2C,QAASD,EAAKC,QACdG,QAASJ,EAAKC,QACdI,QAASL,EAAKK,SAAW,GACzBH,WAAYF,EAAKE,WACjBI,WAAYN,EAAKM,WAErB,CDI0BC,CAAe/D,GAEvC,IAAKuD,EAAUG,WACb,MAAM,IAAI5C,MAAM,uCAElB,IAAKyC,EAAUE,QACb,MAAM,IAAI3C,MAAM,mCAGlB,MAAO,CACL+C,QAASN,EAAUG,WACnBE,QAASL,EAAUE,QAEvB,CAYO7D,eAAeoE,EAAQR,EAAcS,GAC1C,IAAKT,EACH,MAAM,IAAI1C,MAAM,8CAElB,IAAKmD,IAAYA,EAAQjE,OACvB,MAAM,IAAIc,MAAM,iDAGlBmB,EAAqBgC,EAAQjE,QAE7B,IAAI6D,QAAEA,EAAOD,QAAEA,GAAYK,EAG3B,IAAKJ,IAAYD,EAAS,CACxB,MAAMM,QAAqBZ,EAAoBW,EAAQjE,QACvD6D,EAAUA,GAAWK,EAAaL,QAClCD,EAAUA,GAAWM,EAAaN,OACnC,CAED,MAAMO,QAAiBtE,EAA+B,WAAY,CAChE6B,KAAM8B,EACNK,UACAD,WACCK,EAAQjE,QAEX,IAAKmE,IAAaA,EAASC,aAAeD,EAASE,kBACjD,MAAM,IAAIvD,MAAM,qEAGlB,MAAO,CACLsD,WAAYD,EAASC,WACrBC,kBAAmBF,EAASE,kBAEhC,iBAuCOzE,eAAuBqE,GAC5B,IAAKA,IAAYA,EAAQjE,OACvB,MAAM,IAAIc,MAAM,iDAElB,IAAKmD,EAAQG,WACX,MAAM,IAAItD,MAAM,yCAElB,IAAKmD,EAAQI,kBACX,MAAM,IAAIvD,MAAM,gDAGlBmB,EAAqBgC,EAAQjE,QAE7B,IAAI6D,QAAEA,EAAOD,QAAEA,GAAYK,EAG3B,IAAKJ,IAAYD,EAAS,CACxB,MAAMM,QAAqBZ,EAAoBW,EAAQjE,QACvD6D,EAAUA,GAAWK,EAAaL,QAClCD,EAAUA,GAAWM,EAAaN,OACnC,CAED,MAAMO,QAAiBtE,EAA+B,WAAY,CAChEgE,UACAD,UACAQ,WAAYH,EAAQG,WACpBC,kBAAmBJ,EAAQI,mBAC1BJ,EAAQjE,QAEX,IAAKmE,GAAgD,iBAA7BA,EAASG,gBAC/B,MAAM,IAAIxD,MAAM,qDAGlB,IAAIyD,EAASJ,EAASG,gBAOtB,OAJIC,EAAOhC,WAAWc,KACpBkB,EAASA,EAAOC,MAAMnB,IAGjBkB,CACT,wBAYO3E,eAA6BqE,GAClC,IAAKA,IAAYA,EAAQjE,OACvB,MAAM,IAAIc,MAAM,iDAElB,IAAKmD,EAAQG,WACX,MAAM,IAAItD,MAAM,yCAElB,IAAKmD,EAAQI,kBACX,MAAM,IAAIvD,MAAM,gDAGlBmB,EAAqBgC,EAAQjE,QAG7B,IAAI6D,QAAEA,EAAOD,QAAEA,GAAYK,EAE3B,IAAKJ,IAAYD,EAAS,CACxB,MAAMM,QAAqBZ,EAAoBW,EAAQjE,QACvD6D,EAAUA,GAAWK,EAAaL,QAClCD,EAAUA,GAAWM,EAAaN,OACnC,CAED,MAAMO,QAAiBtE,EAA+B,WAAY,CAChEgE,UACAD,UACAQ,WAAYH,EAAQG,WACpBC,kBAAmBJ,EAAQI,mBAC1BJ,EAAQjE,QAEX,IAAKmE,GAAgD,iBAA7BA,EAASG,gBAC/B,MAAM,IAAIxD,MAAM,qDAGlB,MAAM2D,EAAYN,EAASG,gBAG3B,GAAIG,EAAUlC,WAAWc,GAAgB,CAEvC,OA6BJ,SAA4BqB,GAE1B,GAAoB,mBAATC,KAAqB,CAC9B,MAAMC,EAASD,KAAKD,GACdG,EAAQ,IAAIC,WAAWF,EAAOG,QACpC,IAAK,IAAIC,EAAI,EAAGA,EAAIJ,EAAOG,OAAQC,IACjCH,EAAMG,GAAKJ,EAAOK,WAAWD,GAE/B,OAAOH,CACR,CAGD,GAAsB,oBAAXK,OAAwB,CACjC,MAAMC,EAAMD,OAAOE,KAAKV,EAAQ,UAChC,OAAO,IAAII,WAAWK,EAAIE,OAAQF,EAAIG,WAAYH,EAAII,WACvD,CAED,MAAM,IAAIzE,MAAM,0DAClB,CA/CW0E,CADQf,EAAUD,MAAMnB,GAEhC,CAGD,OAAO,IAAIoC,aAAcC,OAAOjB,EAClC,0CA3HO7E,eACL4D,EACAS,GAEA,KAAKT,GAAUA,aAAgBsB,YAC7B,MAAM,IAAIhE,MAAM,6BAIlB,MAAM4D,EAwHR,SAA4BG,GAE1B,GAAoB,mBAATc,KAAqB,CAC9B,IAAIf,EAAS,GACb,IAAK,IAAII,EAAI,EAAGA,EAAIH,EAAME,OAAQC,IAChCJ,GAAUjB,OAAOiC,aAAaf,EAAMG,IAEtC,OAAOW,KAAKf,EACb,CAGD,GAAsB,oBAAXM,OACT,OAAOA,OAAOE,KAAKP,GAAOrD,SAAS,UAGrC,MAAM,IAAIV,MAAM,0DAClB,CAxIiB+E,CAAmBrC,GAGlC,OAAOQ,EAFS,GAAGX,IAAgBqB,IAEXT,EAC1B"}
package/dist/crypto/index.mjs ADDED
@@ -0,0 +1,2 @@
1
+ async function t(t,e,r){const n=r.baseUrl??"https://api.emblemvault.ai",o=await async function(t){if("function"==typeof t.getAuthHeaders){const e=await t.getAuthHeaders();if(e&&"object"==typeof e)return e}const e=t.jwt??("function"==typeof t.getJwt?await t.getJwt():void 0)??t.sdk?.getSession()?.authToken??void 0;if(e)return{Authorization:`Bearer ${e}`};if(t.apiKey)return{"x-api-key":t.apiKey};throw new Error("No authentication available: provide jwt, getJwt(), getAuthHeaders(), sdk, or apiKey")}(r),i=await fetch(`${n}${t}`,{method:"POST",headers:{"content-type":"application/json",...o},body:JSON.stringify(e,(t,e)=>"bigint"==typeof e?e.toString():e)});if(!i.ok){const t=await i.text().catch(()=>"");throw new Error(function(t,e){let r=`Emblem signer error ${t}`;return t>=500?r+=": Internal server error":401===t||403===t?r+=": Authentication failed":404===t?r+=": Resource not found":405===t?r+=": Method not allowed":e&&(r+=`: ${e.substring(0,200)}`),r}(i.status,t))}return i.json()}function e(t){const e=!!t.jwt,r="function"==typeof t.getJwt,n="function"==typeof t.getAuthHeaders,o=!!t.sdk&&"function"==typeof t.sdk.getSession,i=!!t.apiKey;if(!(e||r||n||o||i))throw new Error("Authentication required: provide jwt, getJwt(), getAuthHeaders(), sdk, or apiKey");t.baseUrl&&function(t){if(t){if(!t.startsWith("http://")&&!t.startsWith("https://"))throw new Error("baseUrl must be a valid HTTP(S) URL");!t.startsWith("http://")||t.includes("localhost")||t.includes("127.0.0.1")||console.warn("[Emblem Security Warning] baseUrl uses HTTP instead of HTTPS. This is insecure for production use.")}}(t.baseUrl),t.debugSecurity&&console.log("[Emblem Security Debug]",{environment:"undefined"!=typeof window&&"undefined"!=typeof document?"browser":"node",hasBaseUrl:!!t.baseUrl,timestamp:(new Date).toISOString()})}const r="b64:";async function n(e){const r=await async function(e){const r=await t("/vault/info",{},e);if(!r||!r.vaultId||!r.evmAddress)throw new Error("Invalid vault info response: missing required fields");if(!String(r.evmAddress).startsWith("0x"))throw new Error("Invalid evmAddress format in response");return{vaultId:r.vaultId,tokenId:r.vaultId,address:r.address||"",evmAddress:r.evmAddress,created_by:r.created_by}}(e);if(!r.evmAddress)throw new Error("Could not resolve vault EVM address");if(!r.vaultId)throw new Error("Could not resolve vault tokenId");return{address:r.evmAddress,tokenId:r.vaultId}}async function o(r,o){if(!r)throw new Error("Data to encrypt must be a non-empty string");if(!o||!o.config)throw new Error("EncryptConfig with a valid config is required");e(o.config);let{address:i,tokenId:a}=o;if(!i||!a){const t=await n(o.config);i=i??t.address,a=a??t.tokenId}const s=await t("/encrypt",{text:r,address:i,tokenId:a},o.config);if(!s||!s.ciphertext||!s.dataToEncryptHash)throw new Error("Invalid encrypt response: missing ciphertext or dataToEncryptHash");return{ciphertext:s.ciphertext,dataToEncryptHash:s.dataToEncryptHash}}async function i(t,e){if(!(t&&t instanceof Uint8Array))throw new Error("Data must be a Uint8Array");const n=function(t){if("function"==typeof btoa){let e="";for(let r=0;r<t.length;r++)e+=String.fromCharCode(t[r]);return btoa(e)}if("undefined"!=typeof Buffer)return Buffer.from(t).toString("base64");throw new Error("No Base64 encoding method available in this environment")}(t);return o(`${r}${n}`,e)}async function a(o){if(!o||!o.config)throw new Error("DecryptConfig with a valid config is required");if(!o.ciphertext)throw new Error("ciphertext is required for decryption");if(!o.dataToEncryptHash)throw new Error("dataToEncryptHash is required for decryption");e(o.config);let{address:i,tokenId:a}=o;if(!i||!a){const t=await n(o.config);i=i??t.address,a=a??t.tokenId}const s=await t("/decrypt",{address:i,tokenId:a,ciphertext:o.ciphertext,dataToEncryptHash:o.dataToEncryptHash},o.config);if(!s||"string"!=typeof s.decryptedString)throw new Error("Invalid decrypt response: missing decryptedString");let d=s.decryptedString;return d.startsWith(r)&&(d=d.slice(4)),d}async function s(o){if(!o||!o.config)throw new Error("DecryptConfig with a valid config is required");if(!o.ciphertext)throw new Error("ciphertext is required for decryption");if(!o.dataToEncryptHash)throw new Error("dataToEncryptHash is required for decryption");e(o.config);let{address:i,tokenId:a}=o;if(!i||!a){const t=await n(o.config);i=i??t.address,a=a??t.tokenId}const s=await t("/decrypt",{address:i,tokenId:a,ciphertext:o.ciphertext,dataToEncryptHash:o.dataToEncryptHash},o.config);if(!s||"string"!=typeof s.decryptedString)throw new Error("Invalid decrypt response: missing decryptedString");const d=s.decryptedString;if(d.startsWith(r)){return function(t){if("function"==typeof atob){const e=atob(t),r=new Uint8Array(e.length);for(let t=0;t<e.length;t++)r[t]=e.charCodeAt(t);return r}if("undefined"!=typeof Buffer){const e=Buffer.from(t,"base64");return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}throw new Error("No Base64 decoding method available in this environment")}(d.slice(4))}return(new TextEncoder).encode(d)}export{a as decrypt,s as decryptBinary,o as encrypt,i as encryptBinary};
2
+ //# sourceMappingURL=index.mjs.map
package/dist/crypto/index.mjs.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.mjs","sources":["../../src/signers/http.ts","../../src/signers/validation.ts","../../src/crypto/index.ts","../../src/signers/vault.ts"],"sourcesContent":["import type { SignerConfig } from '../types/signers';\n\nfunction sanitizeErrorMessage(status: number, text: string): string {\n // Sanitize error messages to avoid leaking sensitive server information\n let errorMessage = `Emblem signer error ${status}`;\n\n if (status >= 500) {\n errorMessage += ': Internal server error';\n } else if (status === 401 || status === 403) {\n errorMessage += ': Authentication failed';\n } else if (status === 404) {\n errorMessage += ': Resource not found';\n } else if (status === 405) {\n errorMessage += ': Method not allowed';\n } else if (text) {\n // For 4xx client errors, include limited error details\n errorMessage += `: ${text.substring(0, 200)}`; // Limit to 200 chars\n }\n\n return errorMessage;\n}\n\nasync function resolveAuthHeaders(config: SignerConfig): Promise<Record<string, string>> {\n // Priority: custom headers -> jwt/getJwt/sdk -> apiKey (deprecated)\n if (typeof config.getAuthHeaders === 'function') {\n const h = await config.getAuthHeaders();\n if (h && typeof h === 'object') return h;\n }\n\n const tok =\n config.jwt ??\n (typeof config.getJwt === 'function' ? await config.getJwt() : undefined) ??\n config.sdk?.getSession()?.authToken ??\n undefined;\n\n if (tok) {\n return { Authorization: `Bearer ${tok}` };\n }\n\n // apiKey is deprecated but still supported as fallback\n if (config.apiKey) {\n return { 'x-api-key': config.apiKey };\n }\n\n throw new Error(\n 'No authentication available: provide jwt, getJwt(), getAuthHeaders(), sdk, or apiKey'\n );\n}\n\nexport async function emblemPost<T = unknown>(\n path: string,\n body: unknown,\n config: SignerConfig\n): Promise<T> {\n const baseUrl = config.baseUrl ?? 'https://api.emblemvault.ai';\n const authHeaders = await resolveAuthHeaders(config);\n const res = await fetch(`${baseUrl}${path}`, {\n method: 'POST',\n headers: {\n 'content-type': 'application/json',\n ...authHeaders,\n },\n body: JSON.stringify(body, (_key: string, value: unknown) =>\n typeof value === 'bigint' ? value.toString() : value\n ),\n });\n\n if (!res.ok) {\n const text = await res.text().catch(() => '');\n throw new Error(sanitizeErrorMessage(res.status, text));\n }\n\n return res.json() as Promise<T>;\n}\n\nexport async function emblemGet<T = unknown>(path: string, config: SignerConfig): Promise<T> {\n const baseUrl = config.baseUrl ?? 'https://api.emblemvault.ai';\n const authHeaders = await resolveAuthHeaders(config);\n const res = await fetch(`${baseUrl}${path}`, {\n method: 'GET',\n headers: authHeaders,\n });\n\n if (!res.ok) {\n const text = await res.text().catch(() => '');\n throw new Error(sanitizeErrorMessage(res.status, text));\n }\n\n return res.json() as Promise<T>;\n}\n","import type { SignerConfig } from '../types/signers';\n\n/**\n * Environment detection utilities for warning about unsafe usage patterns\n */\n\n/**\n * Detect if code is running in a browser environment\n */\nexport function isBrowserEnvironment(): boolean {\n return typeof window !== 'undefined' && typeof document !== 'undefined';\n}\n\n/**\n * Check if we're in a Node.js server environment\n */\nexport function isNodeEnvironment(): boolean {\n return (\n typeof process !== 'undefined' && process.versions != null && process.versions.node != null\n );\n}\n\n/**\n * Validate baseUrl format\n */\nexport function validateBaseUrl(baseUrl?: string): void {\n if (!baseUrl) return; // undefined is ok, will use default\n\n if (!baseUrl.startsWith('http://') && !baseUrl.startsWith('https://')) {\n throw new Error('baseUrl must be a valid HTTP(S) URL');\n }\n\n // Warn about http (not https)\n if (\n baseUrl.startsWith('http://') &&\n !baseUrl.includes('localhost') &&\n !baseUrl.includes('127.0.0.1')\n ) {\n console.warn(\n '[Emblem Security Warning] baseUrl uses HTTP instead of HTTPS. This is insecure for production use.'\n );\n }\n}\n\n/**\n * Validate Ethereum address format\n */\nexport function validateEthereumAddress(address: string): void {\n if (!address || typeof address !== 'string') {\n throw new Error('Address is required');\n }\n\n if (!address.startsWith('0x')) {\n throw new Error('Address must start with 0x');\n }\n\n if (!/^0x[0-9a-fA-F]{40}$/.test(address)) {\n throw new Error('Invalid Ethereum address format');\n }\n}\n\n/**\n * Validate vault ID\n */\nexport function validateVaultId(vaultId: string): void {\n if (!vaultId || typeof vaultId !== 'string') {\n throw new Error('vaultId is required');\n }\n\n if (vaultId.trim() === '') {\n throw new Error('vaultId cannot be empty');\n }\n}\n\n/**\n * Safe number conversion with bounds checking\n */\nexport function toSafeNumber(value: unknown, fieldName: string): number {\n const num = Number(value);\n\n if (!Number.isSafeInteger(num)) {\n throw new Error(\n `${fieldName} value ${value} exceeds safe integer range (max: ${Number.MAX_SAFE_INTEGER})`\n );\n }\n\n return num;\n}\n\n/**\n * Extended config with security options\n */\nexport interface SignerSecurityConfig extends SignerConfig {\n /**\n * Enable debug logging for security-related checks\n * @default false\n */\n debugSecurity?: boolean;\n}\n\n/**\n * Validate signer configuration\n */\nexport function validateSignerConfig(config: SignerSecurityConfig): void {\n // Validate auth: require at least one method\n const hasJwt = !!config.jwt;\n const hasGetJwt = typeof config.getJwt === 'function';\n const hasHeaders = typeof config.getAuthHeaders === 'function';\n const hasSdk = !!config.sdk && typeof config.sdk.getSession === 'function';\n const hasApiKey = !!config.apiKey;\n\n if (!hasJwt && !hasGetJwt && !hasHeaders && !hasSdk && !hasApiKey) {\n throw new Error('Authentication required: provide jwt, getJwt(), getAuthHeaders(), sdk, or apiKey');\n }\n\n // Validate baseUrl if provided\n if (config.baseUrl) {\n validateBaseUrl(config.baseUrl);\n }\n\n // Security audit logging\n if (config.debugSecurity) {\n console.log('[Emblem Security Debug]', {\n environment: isBrowserEnvironment() ? 'browser' : 'node',\n hasBaseUrl: !!config.baseUrl,\n timestamp: new Date().toISOString(),\n });\n }\n}\n","import type { SignerConfig } from '../types/signers';\nimport type { EncryptConfig, EncryptResult, DecryptConfig } from './types';\nimport { emblemPost } from '../signers/http';\nimport { validateSignerConfig } from '../signers/validation';\nimport { fetchVaultInfo } from '../signers/vault';\n\nexport type { EncryptConfig, EncryptResult, DecryptConfig } from './types';\nexport type { DecryptResult, DecryptBinaryResult } from './types';\n\n/** Binary marker prefix used to distinguish binary data from plain text */\nconst BINARY_MARKER = 'b64:';\n\n/** Response shape from POST /encrypt */\ninterface EncryptApiResponse {\n success: boolean;\n ciphertext: string;\n dataToEncryptHash: string;\n}\n\n/** Response shape from POST /decrypt */\ninterface DecryptApiResponse {\n success: boolean;\n decryptedString: string;\n}\n\n/**\n * Resolve vault address and tokenId from the signer config.\n * Uses fetchVaultInfo to retrieve the vault's EVM address and vaultId.\n */\nasync function resolveVaultDetails(\n config: SignerConfig\n): Promise<{ address: string; tokenId: string }> {\n const vaultInfo = await fetchVaultInfo(config);\n\n if (!vaultInfo.evmAddress) {\n throw new Error('Could not resolve vault EVM address');\n }\n if (!vaultInfo.vaultId) {\n throw new Error('Could not resolve vault tokenId');\n }\n\n return {\n address: vaultInfo.evmAddress,\n tokenId: vaultInfo.vaultId,\n };\n}\n\n/**\n * Encrypt a string using the Emblem encryption service.\n *\n * If `options.address` or `options.tokenId` are not provided, they will be\n * resolved automatically from the authenticated vault info.\n *\n * @param data - The plaintext string to encrypt\n * @param options - Encryption configuration including auth config\n * @returns The encrypted ciphertext and data hash (needed for decryption)\n */\nexport async function encrypt(data: string, options: EncryptConfig): Promise<EncryptResult> {\n if (!data) {\n throw new Error('Data to encrypt must be a non-empty string');\n }\n if (!options || !options.config) {\n throw new Error('EncryptConfig with a valid config is required');\n }\n\n validateSignerConfig(options.config);\n\n let { address, tokenId } = options;\n\n // Resolve address/tokenId from vault if not explicitly provided\n if (!address || !tokenId) {\n const vaultDetails = await resolveVaultDetails(options.config);\n address = address ?? vaultDetails.address;\n tokenId = tokenId ?? vaultDetails.tokenId;\n }\n\n const response = await emblemPost<EncryptApiResponse>('/encrypt', {\n text: data,\n address,\n tokenId,\n }, options.config);\n\n if (!response || !response.ciphertext || !response.dataToEncryptHash) {\n throw new Error('Invalid encrypt response: missing ciphertext or dataToEncryptHash');\n }\n\n return {\n ciphertext: response.ciphertext,\n dataToEncryptHash: response.dataToEncryptHash,\n };\n}\n\n/**\n * Encrypt binary data (Uint8Array) using the Emblem encryption service.\n *\n * The binary data is Base64-encoded with a marker prefix so that decryptBinary()\n * can distinguish it from plain text and decode it back to a Uint8Array.\n *\n * @param data - The binary data to encrypt\n * @param options - Encryption configuration including auth config\n * @returns The encrypted ciphertext and data hash (needed for decryption)\n */\nexport async function encryptBinary(\n data: Uint8Array,\n options: EncryptConfig\n): Promise<EncryptResult> {\n if (!data || !(data instanceof Uint8Array)) {\n throw new Error('Data must be a Uint8Array');\n }\n\n // Base64-encode the binary data and prepend the marker\n const base64 = uint8ArrayToBase64(data);\n const encoded = `${BINARY_MARKER}${base64}`;\n\n return encrypt(encoded, options);\n}\n\n/**\n * Decrypt ciphertext using the Emblem decryption service.\n *\n * If `options.address` or `options.tokenId` are not provided, they will be\n * resolved automatically from the authenticated vault info.\n *\n * If the decrypted string starts with the binary marker (\"b64:\"), the marker is\n * stripped and the raw Base64 string is returned.\n *\n * @param options - Decryption configuration including ciphertext and hash\n * @returns The decrypted plaintext string\n */\nexport async function decrypt(options: DecryptConfig): Promise<string> {\n if (!options || !options.config) {\n throw new Error('DecryptConfig with a valid config is required');\n }\n if (!options.ciphertext) {\n throw new Error('ciphertext is required for decryption');\n }\n if (!options.dataToEncryptHash) {\n throw new Error('dataToEncryptHash is required for decryption');\n }\n\n validateSignerConfig(options.config);\n\n let { address, tokenId } = options;\n\n // Resolve address/tokenId from vault if not explicitly provided\n if (!address || !tokenId) {\n const vaultDetails = await resolveVaultDetails(options.config);\n address = address ?? vaultDetails.address;\n tokenId = tokenId ?? vaultDetails.tokenId;\n }\n\n const response = await emblemPost<DecryptApiResponse>('/decrypt', {\n address,\n tokenId,\n ciphertext: options.ciphertext,\n dataToEncryptHash: options.dataToEncryptHash,\n }, options.config);\n\n if (!response || typeof response.decryptedString !== 'string') {\n throw new Error('Invalid decrypt response: missing decryptedString');\n }\n\n let result = response.decryptedString;\n\n // Strip binary marker if present (for users who just want the base64 string)\n if (result.startsWith(BINARY_MARKER)) {\n result = result.slice(BINARY_MARKER.length);\n }\n\n return result;\n}\n\n/**\n * Decrypt ciphertext and return the result as a Uint8Array.\n *\n * If the decrypted data was originally encrypted with encryptBinary(), the\n * binary marker is detected and the Base64 payload is decoded back to bytes.\n * Otherwise the decrypted string is encoded as UTF-8 bytes as a fallback.\n *\n * @param options - Decryption configuration including ciphertext and hash\n * @returns The decrypted binary data as a Uint8Array\n */\nexport async function decryptBinary(options: DecryptConfig): Promise<Uint8Array> {\n if (!options || !options.config) {\n throw new Error('DecryptConfig with a valid config is required');\n }\n if (!options.ciphertext) {\n throw new Error('ciphertext is required for decryption');\n }\n if (!options.dataToEncryptHash) {\n throw new Error('dataToEncryptHash is required for decryption');\n }\n\n validateSignerConfig(options.config);\n\n // Perform decryption using the raw API to check the marker ourselves\n let { address, tokenId } = options;\n\n if (!address || !tokenId) {\n const vaultDetails = await resolveVaultDetails(options.config);\n address = address ?? vaultDetails.address;\n tokenId = tokenId ?? vaultDetails.tokenId;\n }\n\n const response = await emblemPost<DecryptApiResponse>('/decrypt', {\n address,\n tokenId,\n ciphertext: options.ciphertext,\n dataToEncryptHash: options.dataToEncryptHash,\n }, options.config);\n\n if (!response || typeof response.decryptedString !== 'string') {\n throw new Error('Invalid decrypt response: missing decryptedString');\n }\n\n const decrypted = response.decryptedString;\n\n // If the binary marker is present, decode the Base64 payload\n if (decrypted.startsWith(BINARY_MARKER)) {\n const base64 = decrypted.slice(BINARY_MARKER.length);\n return base64ToUint8Array(base64);\n }\n\n // Fallback: encode the plain string as UTF-8 bytes\n return new TextEncoder().encode(decrypted);\n}\n\n/* ------------------------------------------------------------------ */\n/* Base64 helpers (environment-agnostic: works in Node and browsers) */\n/* ------------------------------------------------------------------ */\n\nfunction uint8ArrayToBase64(bytes: Uint8Array): string {\n // Use btoa if available (browsers + Node 16+)\n if (typeof btoa === 'function') {\n let binary = '';\n for (let i = 0; i < bytes.length; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary);\n }\n\n // Node.js Buffer fallback\n if (typeof Buffer !== 'undefined') {\n return Buffer.from(bytes).toString('base64');\n }\n\n throw new Error('No Base64 encoding method available in this environment');\n}\n\nfunction base64ToUint8Array(base64: string): Uint8Array {\n // Use atob if available (browsers + Node 16+)\n if (typeof atob === 'function') {\n const binary = atob(base64);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return bytes;\n }\n\n // Node.js Buffer fallback\n if (typeof Buffer !== 'undefined') {\n const buf = Buffer.from(base64, 'base64');\n return new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength);\n }\n\n throw new Error('No Base64 decoding method available in this environment');\n}\n","import type { SignerConfig, SignerVaultInfo, Hex } from '../types/signers';\nimport { emblemPost } from './http';\n\nexport async function fetchVaultInfo(config: SignerConfig): Promise<SignerVaultInfo> {\n // Note: The server only supports POST for /vault/info\n const data: Partial<{\n vaultId: string;\n address: string;\n evmAddress: Hex;\n created_by?: string;\n }> = await emblemPost('/vault/info', {}, config);\n\n // Validate required response data (vaultId + evmAddress are required for EVM)\n if (!data || !data.vaultId || !data.evmAddress) {\n throw new Error('Invalid vault info response: missing required fields');\n }\n\n if (!String(data.evmAddress).startsWith('0x')) {\n throw new Error('Invalid evmAddress format in response');\n }\n\n return {\n vaultId: data.vaultId,\n tokenId: data.vaultId,\n address: data.address || '', // Solana address may be absent; keep optional\n evmAddress: data.evmAddress as Hex,\n created_by: data.created_by,\n };\n}\n"],"names":["async","emblemPost","path","body","config","baseUrl","authHeaders","getAuthHeaders","h","tok","jwt","getJwt","undefined","sdk","getSession","authToken","Authorization","apiKey","Error","resolveAuthHeaders","res","fetch","method","headers","JSON","stringify","_key","value","toString","ok","text","catch","status","errorMessage","substring","sanitizeErrorMessage","json","validateSignerConfig","hasJwt","hasGetJwt","hasHeaders","hasSdk","hasApiKey","startsWith","includes","console","warn","validateBaseUrl","debugSecurity","log","environment","window","document","hasBaseUrl","timestamp","Date","toISOString","BINARY_MARKER","resolveVaultDetails","vaultInfo","data","vaultId","evmAddress","String","tokenId","address","created_by","fetchVaultInfo","encrypt","options","vaultDetails","response","ciphertext","dataToEncryptHash","encryptBinary","Uint8Array","base64","bytes","btoa","binary","i","length","fromCharCode","Buffer","from","uint8ArrayToBase64","decrypt","decryptedString","result","slice","decryptBinary","decrypted","atob","charCodeAt","buf","buffer","byteOffset","byteLength","base64ToUint8Array","TextEncoder","encode"],"mappings":"AAiDOA,eAAeC,EACpBC,EACAC,EACAC,GAEA,MAAMC,EAAUD,EAAOC,SAAW,6BAC5BC,QAjCRN,eAAkCI,GAEhC,GAAqC,mBAA1BA,EAAOG,eAA+B,CAC/C,MAAMC,QAAUJ,EAAOG,iBACvB,GAAIC,GAAkB,iBAANA,EAAgB,OAAOA,CACxC,CAED,MAAMC,EACJL,EAAOM,MACmB,mBAAlBN,EAAOO,aAA8BP,EAAOO,cAAWC,IAC/DR,EAAOS,KAAKC,cAAcC,gBAC1BH,EAEF,GAAIH,EACF,MAAO,CAAEO,cAAe,UAAUP,KAIpC,GAAIL,EAAOa,OACT,MAAO,CAAE,YAAab,EAAOa,QAG/B,MAAM,IAAIC,MACR,uFAEJ,CAQ4BC,CAAmBf,GACvCgB,QAAYC,MAAM,GAAGhB,IAAUH,IAAQ,CAC3CoB,OAAQ,OACRC,QAAS,CACP,eAAgB,sBACbjB,GAELH,KAAMqB,KAAKC,UAAUtB,EAAM,CAACuB,EAAcC,IACvB,iBAAVA,EAAqBA,EAAMC,WAAaD,KAInD,IAAKP,EAAIS,GAAI,CACX,MAAMC,QAAaV,EAAIU,OAAOC,MAAM,IAAM,IAC1C,MAAM,IAAIb,MAnEd,SAA8Bc,EAAgBF,GAE5C,IAAIG,EAAe,uBAAuBD,IAe1C,OAbIA,GAAU,IACZC,GAAgB,0BACI,MAAXD,GAA6B,MAAXA,EAC3BC,GAAgB,0BACI,MAAXD,EACTC,GAAgB,uBACI,MAAXD,EACTC,GAAgB,uBACPH,IAETG,GAAgB,KAAKH,EAAKI,UAAU,EAAG,QAGlCD,CACT,CAiDoBE,CAAqBf,EAAIY,OAAQF,GAClD,CAED,OAAOV,EAAIgB,MACb,CC8BM,SAAUC,EAAqBjC,GAEnC,MAAMkC,IAAWlC,EAAOM,IAClB6B,EAAqC,mBAAlBnC,EAAOO,OAC1B6B,EAA8C,mBAA1BpC,EAAOG,eAC3BkC,IAAWrC,EAAOS,KAAwC,mBAA1BT,EAAOS,IAAIC,WAC3C4B,IAActC,EAAOa,OAE3B,KAAKqB,GAAWC,GAAcC,GAAeC,GAAWC,GACtD,MAAM,IAAIxB,MAAM,oFAIdd,EAAOC,SA3FP,SAA0BA,GAC9B,GAAKA,EAAL,CAEA,IAAKA,EAAQsC,WAAW,aAAetC,EAAQsC,WAAW,YACxD,MAAM,IAAIzB,MAAM,wCAKhBb,EAAQsC,WAAW,YAClBtC,EAAQuC,SAAS,cACjBvC,EAAQuC,SAAS,cAElBC,QAAQC,KACN,qGAbiB,CAgBvB,CA2EIC,CAAgB3C,EAAOC,SAIrBD,EAAO4C,eACTH,QAAQI,IAAI,0BAA2B,CACrCC,YAjHqB,oBAAXC,QAA8C,oBAAbC,SAiHL,UAAY,OAClDC,aAAcjD,EAAOC,QACrBiD,WAAW,IAAIC,MAAOC,eAG5B,CCtHA,MAAMC,EAAgB,OAmBtBzD,eAAe0D,EACbtD,GAEA,MAAMuD,QC7BD3D,eAA8BI,GAEnC,MAAMwD,QAKK3D,EAAW,cAAe,CAAE,EAAEG,GAGzC,IAAKwD,IAASA,EAAKC,UAAYD,EAAKE,WAClC,MAAM,IAAI5C,MAAM,wDAGlB,IAAK6C,OAAOH,EAAKE,YAAYnB,WAAW,MACtC,MAAM,IAAIzB,MAAM,yCAGlB,MAAO,CACL2C,QAASD,EAAKC,QACdG,QAASJ,EAAKC,QACdI,QAASL,EAAKK,SAAW,GACzBH,WAAYF,EAAKE,WACjBI,WAAYN,EAAKM,WAErB,CDI0BC,CAAe/D,GAEvC,IAAKuD,EAAUG,WACb,MAAM,IAAI5C,MAAM,uCAElB,IAAKyC,EAAUE,QACb,MAAM,IAAI3C,MAAM,mCAGlB,MAAO,CACL+C,QAASN,EAAUG,WACnBE,QAASL,EAAUE,QAEvB,CAYO7D,eAAeoE,EAAQR,EAAcS,GAC1C,IAAKT,EACH,MAAM,IAAI1C,MAAM,8CAElB,IAAKmD,IAAYA,EAAQjE,OACvB,MAAM,IAAIc,MAAM,iDAGlBmB,EAAqBgC,EAAQjE,QAE7B,IAAI6D,QAAEA,EAAOD,QAAEA,GAAYK,EAG3B,IAAKJ,IAAYD,EAAS,CACxB,MAAMM,QAAqBZ,EAAoBW,EAAQjE,QACvD6D,EAAUA,GAAWK,EAAaL,QAClCD,EAAUA,GAAWM,EAAaN,OACnC,CAED,MAAMO,QAAiBtE,EAA+B,WAAY,CAChE6B,KAAM8B,EACNK,UACAD,WACCK,EAAQjE,QAEX,IAAKmE,IAAaA,EAASC,aAAeD,EAASE,kBACjD,MAAM,IAAIvD,MAAM,qEAGlB,MAAO,CACLsD,WAAYD,EAASC,WACrBC,kBAAmBF,EAASE,kBAEhC,CAYOzE,eAAe0E,EACpBd,EACAS,GAEA,KAAKT,GAAUA,aAAgBe,YAC7B,MAAM,IAAIzD,MAAM,6BAIlB,MAAM0D,EAwHR,SAA4BC,GAE1B,GAAoB,mBAATC,KAAqB,CAC9B,IAAIC,EAAS,GACb,IAAK,IAAIC,EAAI,EAAGA,EAAIH,EAAMI,OAAQD,IAChCD,GAAUhB,OAAOmB,aAAaL,EAAMG,IAEtC,OAAOF,KAAKC,EACb,CAGD,GAAsB,oBAAXI,OACT,OAAOA,OAAOC,KAAKP,GAAOjD,SAAS,UAGrC,MAAM,IAAIV,MAAM,0DAClB,CAxIiBmE,CAAmBzB,GAGlC,OAAOQ,EAFS,GAAGX,IAAgBmB,IAEXP,EAC1B,CAcOrE,eAAesF,EAAQjB,GAC5B,IAAKA,IAAYA,EAAQjE,OACvB,MAAM,IAAIc,MAAM,iDAElB,IAAKmD,EAAQG,WACX,MAAM,IAAItD,MAAM,yCAElB,IAAKmD,EAAQI,kBACX,MAAM,IAAIvD,MAAM,gDAGlBmB,EAAqBgC,EAAQjE,QAE7B,IAAI6D,QAAEA,EAAOD,QAAEA,GAAYK,EAG3B,IAAKJ,IAAYD,EAAS,CACxB,MAAMM,QAAqBZ,EAAoBW,EAAQjE,QACvD6D,EAAUA,GAAWK,EAAaL,QAClCD,EAAUA,GAAWM,EAAaN,OACnC,CAED,MAAMO,QAAiBtE,EAA+B,WAAY,CAChEgE,UACAD,UACAQ,WAAYH,EAAQG,WACpBC,kBAAmBJ,EAAQI,mBAC1BJ,EAAQjE,QAEX,IAAKmE,GAAgD,iBAA7BA,EAASgB,gBAC/B,MAAM,IAAIrE,MAAM,qDAGlB,IAAIsE,EAASjB,EAASgB,gBAOtB,OAJIC,EAAO7C,WAAWc,KACpB+B,EAASA,EAAOC,MAAMhC,IAGjB+B,CACT,CAYOxF,eAAe0F,EAAcrB,GAClC,IAAKA,IAAYA,EAAQjE,OACvB,MAAM,IAAIc,MAAM,iDAElB,IAAKmD,EAAQG,WACX,MAAM,IAAItD,MAAM,yCAElB,IAAKmD,EAAQI,kBACX,MAAM,IAAIvD,MAAM,gDAGlBmB,EAAqBgC,EAAQjE,QAG7B,IAAI6D,QAAEA,EAAOD,QAAEA,GAAYK,EAE3B,IAAKJ,IAAYD,EAAS,CACxB,MAAMM,QAAqBZ,EAAoBW,EAAQjE,QACvD6D,EAAUA,GAAWK,EAAaL,QAClCD,EAAUA,GAAWM,EAAaN,OACnC,CAED,MAAMO,QAAiBtE,EAA+B,WAAY,CAChEgE,UACAD,UACAQ,WAAYH,EAAQG,WACpBC,kBAAmBJ,EAAQI,mBAC1BJ,EAAQjE,QAEX,IAAKmE,GAAgD,iBAA7BA,EAASgB,gBAC/B,MAAM,IAAIrE,MAAM,qDAGlB,MAAMyE,EAAYpB,EAASgB,gBAG3B,GAAII,EAAUhD,WAAWc,GAAgB,CAEvC,OA6BJ,SAA4BmB,GAE1B,GAAoB,mBAATgB,KAAqB,CAC9B,MAAMb,EAASa,KAAKhB,GACdC,EAAQ,IAAIF,WAAWI,EAAOE,QACpC,IAAK,IAAID,EAAI,EAAGA,EAAID,EAAOE,OAAQD,IACjCH,EAAMG,GAAKD,EAAOc,WAAWb,GAE/B,OAAOH,CACR,CAGD,GAAsB,oBAAXM,OAAwB,CACjC,MAAMW,EAAMX,OAAOC,KAAKR,EAAQ,UAChC,OAAO,IAAID,WAAWmB,EAAIC,OAAQD,EAAIE,WAAYF,EAAIG,WACvD,CAED,MAAM,IAAI/E,MAAM,0DAClB,CA/CWgF,CADQP,EAAUF,MAAMhC,GAEhC,CAGD,OAAO,IAAI0C,aAAcC,OAAOT,EAClC"}
package/dist/crypto/types.d.ts ADDED
@@ -0,0 +1,41 @@
1
+ import type { SignerConfig } from '../types/signers';
2
+ /** Configuration for encryption operations */
3
+ export interface EncryptConfig {
4
+ /** The SignerConfig for authentication (same as signers use) */
5
+ config: SignerConfig;
6
+ /** Ethereum address for access control. Defaults to vault's EVM address if not provided */
7
+ address?: string;
8
+ /** Token ID for namespace isolation. Defaults to vault's tokenId if not provided */
9
+ tokenId?: string;
10
+ }
11
+ /** Result from an encryption operation */
12
+ export interface EncryptResult {
13
+ /** The encrypted ciphertext (Base64 encoded) */
14
+ ciphertext: string;
15
+ /** Hash of the encrypted data, needed for decryption */
16
+ dataToEncryptHash: string;
17
+ }
18
+ /** Configuration for decryption operations */
19
+ export interface DecryptConfig {
20
+ /** The SignerConfig for authentication */
21
+ config: SignerConfig;
22
+ /** The encrypted ciphertext from encrypt() */
23
+ ciphertext: string;
24
+ /** The hash returned from encrypt() */
25
+ dataToEncryptHash: string;
26
+ /** Ethereum address used during encryption. Defaults to vault's EVM address */
27
+ address?: string;
28
+ /** Token ID used during encryption. Defaults to vault's tokenId */
29
+ tokenId?: string;
30
+ }
31
+ /** Result from a decryption operation */
32
+ export interface DecryptResult {
33
+ /** The decrypted plaintext string */
34
+ data: string;
35
+ }
36
+ /** Result from a binary decryption operation */
37
+ export interface DecryptBinaryResult {
38
+ /** The decrypted binary data */
39
+ data: Uint8Array;
40
+ }
41
+ //# sourceMappingURL=types.d.ts.map
package/dist/crypto/types.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/crypto/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,8CAA8C;AAC9C,MAAM,WAAW,aAAa;IAC5B,gEAAgE;IAChE,MAAM,EAAE,YAAY,CAAC;IACrB,2FAA2F;IAC3F,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,oFAAoF;IACpF,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,0CAA0C;AAC1C,MAAM,WAAW,aAAa;IAC5B,gDAAgD;IAChD,UAAU,EAAE,MAAM,CAAC;IACnB,wDAAwD;IACxD,iBAAiB,EAAE,MAAM,CAAC;CAC3B;AAED,8CAA8C;AAC9C,MAAM,WAAW,aAAa;IAC5B,0CAA0C;IAC1C,MAAM,EAAE,YAAY,CAAC;IACrB,8CAA8C;IAC9C,UAAU,EAAE,MAAM,CAAC;IACnB,uCAAuC;IACvC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,+EAA+E;IAC/E,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,mEAAmE;IACnE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,yCAAyC;AACzC,MAAM,WAAW,aAAa;IAC5B,qCAAqC;IACrC,IAAI,EAAE,MAAM,CAAC;CACd;AAED,gDAAgD;AAChD,MAAM,WAAW,mBAAmB;IAClC,gCAAgC;IAChC,IAAI,EAAE,UAAU,CAAC;CAClB"}