@inco/js 0.1.31 → 0.1.33

package/dist/lite/lightning.js

@@ -0,0 +1,179 @@
+import { hexToBytes } from 'viem';
+import { baseSepolia } from 'viem/chains';
+import { HexString, parseAddress } from '../binary';
+import { encryptionSchemes } from '../encryption';
+import { lightningDeployments } from '../generated/lightning';
+import { localNodeLightningConfig } from '../generated/local-node';
+import { handleTypes } from '../handle';
+import { parse } from '../schema';
+import { decodeSecp256k1PublicKey, generateSecp256k1Keypair, getEciesEncryptor } from './ecies';
+import { getKmsClient, incoLiteReencryptor } from './reencrypt';
+/**
+ * The Lightning class provides a convenient way to interact with the Inco Lightning contract by binding to a specific
+ * deployment.
+ */
+export class Lightning {
+    _deployment;
+    covalidatorUrl;
+    executorAddress;
+    eciesPublicKey;
+    chainId;
+    encryptor;
+    ephemeralKeypair;
+    kmsClient;
+    constructor(_deployment, covalidatorUrl) {
+        this._deployment = _deployment;
+        this.covalidatorUrl = covalidatorUrl;
+        this.executorAddress = parseAddress(_deployment.executorAddress);
+        this.eciesPublicKey = parse(HexString, _deployment.eciesPublicKey);
+        this.chainId = BigInt(_deployment.chainId);
+        this.ephemeralKeypair = generateSecp256k1Keypair();
+        this.kmsClient = getKmsClient(covalidatorUrl);
+        this.encryptor = getEciesEncryptor({
+            scheme: encryptionSchemes.ecies,
+            pubKeyA: decodeSecp256k1PublicKey(hexToBytes(parse(HexString, _deployment.eciesPublicKey))),
+            privKeyB: this.ephemeralKeypair,
+        });
+    }
+    /**
+     * Get a Lightning instance bound to the latest Lightning deployment for the Base Sepolia testnet.
+     */
+    static baseSepoliaTestnet() {
+        return Lightning.latest('testnet', baseSepolia.id);
+    }
+    /**
+     * Get a Lightning instance bound to our canonical Anvil-based test node and test Covalidator node
+     *
+     * These can be run in docker-compose using images pushed to dockerhub as:
+     *   - inconetwork/local-node-anvil
+     *   - inconetwork/local-node-covalidator
+     *
+     * See the sample docker-compose file here: https://github.com/Inco-fhevm/lightning-rod/blob/main/docker-compose.yaml
+     *
+     */
+    static localNode() {
+        return Lightning.custom(localNodeLightningConfig);
+    }
+    /**
+     * Get a Lightning deployment by name or executor address on a particular chain.
+     *
+     * @param id this is an object containing either the pair of name and chainId or the executorAddress and chainId
+     */
+    static at(id) {
+        const deployment = this.isIdByName(id)
+            ? lightningDeployments.find((d) => d.name === id.name && d.chainId === id.chainId)
+            : lightningDeployments.find((d) => d.executorAddress === id.executorAddress && d.chainId === id.chainId);
+        if (!deployment) {
+            throw new Error(`No deployment found for ${JSON.stringify(id)}`);
+        }
+        return new Lightning(deployment, Lightning.getCovalidatorUrl(deployment));
+    }
+    /**
+     * Get a Lightning deployment for a local or custom node
+     *
+     * @param config this is an object containing the executorAddress, eciesPublicKey, chainId and covalidatorUrl.
+     *    additional fields past will be made available as part of the `deployment` property.
+     */
+    static custom(config) {
+        return new Lightning(config, config.covalidatorUrl);
+    }
+    /**
+     * Get the latest deployment for a given pepper, which usually denotes a family of deployments distinct from their
+     * version such as 'devnet', 'testnet', 'mainnet', etc.
+     *
+     * @param pepper the pepper to use to filter the deployments
+     * @param chainId the chainId to use to filter the deployments
+     */
+    static latestDeployment(pepper, chainId) {
+        // Deployments are sorted so we are guaranteed to get the latest first
+        const latestByPepper = lightningDeployments.find((d) => d.pepper === pepper && d.chainId === chainId);
+        if (!latestByPepper) {
+            // This should not actually happen provided this file compiles since we are extracting the available peppers
+            // from the const itself
+            throw new Error(`No deployment found for pepper ${pepper}`);
+        }
+        return latestByPepper;
+    }
+    /**
+     * Get the latest Lightning deployment for a given pepper amd chainId unconditionally.
+     * Note that if you upgrade the library the latest deployment may change and contracts deployed to a previous version
+     * will not be compatible with the new version.
+     *
+     * @param pepper the pepper to use to filter the deployments
+     * @param chainId the chainId to use to filter the deployments
+     */
+    static latest(pepper, chainId) {
+        return Lightning.at(Lightning.latestDeployment(pepper, chainId));
+    }
+    /*
+     * Get the latest deployment for a given pepper, which usually denotes a family of deployments distinct from their
+     * version such as 'devnet', 'testnet', 'mainnet', etc.
+     */
+    get deployment() {
+        return { ...this._deployment };
+    }
+    /**
+     * Encrypt a value using the public ECIES key of the Lightning deployment.
+     *
+     * @param value a boolean or numeric value to encrypt
+     * @param accountAddress the address of the account interacting with the dapp contract, normally an Externally Owned Account (EOA)
+     * @param dappAddress the address of the dapp contract that interacts with the Inco Lightning contract or library
+     */
+    async encrypt(value, { accountAddress, dappAddress }) {
+        const { ciphertext } = await this.encryptor({
+            plaintext: Lightning.plaintextFromValue(value),
+            context: {
+                hostChainId: this.chainId,
+                aclAddress: this.executorAddress,
+                userAddress: parseAddress(accountAddress),
+                contractAddress: parseAddress(dappAddress),
+            },
+        });
+        return ciphertext.value;
+    }
+    /**
+     * Obtain a reencryptor for a particular Externally Owned Account (EOA) to request decrypted values.
+     * The account associated with the walletClient must have permissions to decrypt the handle or ciphertext passed
+     * to the reencryptor function.
+     *
+     * @param walletClient the wallet client to use for signing the reencrypt request.
+     */
+    getReencryptor(walletClient) {
+        return incoLiteReencryptor({
+            walletClient,
+            kmsConnectRpcEndpointOrClient: this.kmsClient,
+            chainId: this.chainId,
+            ephemeralKeypair: this.ephemeralKeypair,
+        });
+    }
+    /**
+     * Get the GRPC endpoint for the covalidator that services this deployment.
+     */
+    static getCovalidatorUrl(deployment) {
+        const { executorAddress, chainId, pepper } = deployment;
+        return `https://${executorAddress.toLowerCase()}.${chainId}.${pepper}.inco.org`;
+    }
+    static isIdByName(id) {
+        return id.name !== undefined;
+    }
+    static plaintextFromValue(value) {
+        if (typeof value === 'boolean') {
+            return {
+                scheme: encryptionSchemes.ecies,
+                type: handleTypes.ebool,
+                value: value,
+            };
+        }
+        else if (typeof value === 'bigint' || typeof value === 'number') {
+            return {
+                scheme: encryptionSchemes.ecies,
+                type: handleTypes.euint256,
+                value: BigInt(value),
+            };
+        }
+        else {
+            throw new Error(`Unsupported type ${typeof value}`);
+        }
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibGlnaHRuaW5nLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2xpdGUvbGlnaHRuaW5nLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sRUFBa0IsVUFBVSxFQUEyQixNQUFNLE1BQU0sQ0FBQztBQUMzRSxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQzFDLE9BQU8sRUFBVyxTQUFTLEVBQUUsWUFBWSxFQUFFLE1BQU0sV0FBVyxDQUFDO0FBQzdELE9BQU8sRUFBZSxpQkFBaUIsRUFBMEIsTUFBTSxlQUFlLENBQUM7QUFFdkYsT0FBTyxFQUFFLG9CQUFvQixFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDOUQsT0FBTyxFQUFFLHdCQUF3QixFQUFFLE1BQU0seUJBQXlCLENBQUM7QUFDbkUsT0FBTyxFQUFFLFdBQVcsRUFBRSxNQUFNLFdBQVcsQ0FBQztBQUV4QyxPQUFPLEVBQUUsS0FBSyxFQUFFLE1BQU0sV0FBVyxDQUFDO0FBQ2xDLE9BQU8sRUFBRSx3QkFBd0IsRUFBRSx3QkFBd0IsRUFBRSxpQkFBaUIsRUFBb0IsTUFBTSxTQUFTLENBQUM7QUFDbEgsT0FBTyxFQUFFLFlBQVksRUFBRSxtQkFBbUIsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQXdDaEU7OztHQUdHO0FBQ0gsTUFBTSxPQUFPLFNBQVM7SUFVRDtJQUNEO0lBVkYsZUFBZSxDQUFVO0lBQ3pCLGNBQWMsQ0FBWTtJQUMxQixPQUFPLENBQVM7SUFFZixTQUFTLENBQXlCO0lBQ2xDLGdCQUFnQixDQUFtQjtJQUNuQyxTQUFTLENBQTRCO0lBRXRELFlBQ21CLFdBQWMsRUFDZixjQUFzQjtRQURyQixnQkFBVyxHQUFYLFdBQVcsQ0FBRztRQUNmLG1CQUFjLEdBQWQsY0FBYyxDQUFRO1FBRXRDLElBQUksQ0FBQyxlQUFlLEdBQUcsWUFBWSxDQUFDLFdBQVcsQ0FBQyxlQUFlLENBQUMsQ0FBQztRQUNqRSxJQUFJLENBQUMsY0FBYyxHQUFHLEtBQUssQ0FBQyxTQUFTLEVBQUUsV0FBVyxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBQ25FLElBQUksQ0FBQyxPQUFPLEdBQUcsTUFBTSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUUzQyxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsd0JBQXdCLEVBQUUsQ0FBQztRQUNuRCxJQUFJLENBQUMsU0FBUyxHQUFHLFlBQVksQ0FBQyxjQUFjLENBQUMsQ0FBQztRQUM5QyxJQUFJLENBQUMsU0FBUyxHQUFHLGlCQUFpQixDQUFDO1lBQ2pDLE1BQU0sRUFBRSxpQkFBaUIsQ0FBQyxLQUFLO1lBQy9CLE9BQU8sRUFBRSx3QkFBd0IsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLFNBQVMsRUFBRSxXQUFXLENBQUMsY0FBYyxDQUFDLENBQUMsQ0FBQztZQUMzRixRQUFRLEVBQUUsSUFBSSxDQUFDLGdCQUFnQjtTQUNoQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7O09BRUc7SUFDSCxNQUFNLENBQUMsa0JBQWtCO1FBQ3ZCLE9BQU8sU0FBUyxDQUFDLE1BQU0sQ0FBQyxTQUFTLEVBQUUsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQ3JELENBQUM7SUFFRDs7Ozs7Ozs7O09BU0c7SUFDSCxNQUFNLENBQUMsU0FBUztRQUNkLE9BQU8sU0FBUyxDQUFDLE1BQU0sQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsTUFBTSxDQUFDLEVBQUUsQ0FBQyxFQUFnQjtRQUN4QixNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLEVBQUUsQ0FBQztZQUNwQyxDQUFDLENBQUMsb0JBQW9CLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxLQUFLLEVBQUUsQ0FBQyxJQUFJLElBQUksQ0FBQyxDQUFDLE9BQU8sS0FBSyxFQUFFLENBQUMsT0FBTyxDQUFDO1lBQ2xGLENBQUMsQ0FBQyxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxlQUFlLEtBQUssRUFBRSxDQUFDLGVBQWUsSUFBSSxDQUFDLENBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUMzRyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDaEIsTUFBTSxJQUFJLEtBQUssQ0FBQywyQkFBMkIsSUFBSSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDbkUsQ0FBQztRQUNELE9BQU8sSUFBSSxTQUFTLENBQUMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxpQkFBaUIsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDO0lBQzVFLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNILE1BQU0sQ0FBQyxNQUFNLENBQXlCLE1BQVM7UUFDN0MsT0FBTyxJQUFJLFNBQVMsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ3RELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxNQUFNLENBQUMsZ0JBQWdCLENBQW1CLE1BQVMsRUFBRSxPQUFnQjtRQUNuRSxzRUFBc0U7UUFDdEUsTUFBTSxjQUFjLEdBQUcsb0JBQW9CLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxLQUFLLE1BQU0sSUFBSSxDQUFDLENBQUMsT0FBTyxLQUFLLE9BQU8sQ0FBQyxDQUFDO1FBQ3RHLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUNwQiw0R0FBNEc7WUFDNUcsd0JBQXdCO1lBQ3hCLE1BQU0sSUFBSSxLQUFLLENBQUMsa0NBQWtDLE1BQU0sRUFBRSxDQUFDLENBQUM7UUFDOUQsQ0FBQztRQUNELE9BQU8sY0FBYyxDQUFDO0lBQ3hCLENBQUM7SUFFRDs7Ozs7OztPQU9HO0lBQ0gsTUFBTSxDQUFDLE1BQU0sQ0FBbUIsTUFBUyxFQUFFLE9BQWdCO1FBQ3pELE9BQU8sU0FBUyxDQUFDLEVBQUUsQ0FBQyxTQUFTLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxDQUFDLENBQUM7SUFDbkUsQ0FBQztJQUVEOzs7T0FHRztJQUNILElBQUksVUFBVTtRQUNaLE9BQU8sRUFBRSxHQUFHLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsS0FBSyxDQUFDLE9BQU8sQ0FDWCxLQUFRLEVBQ1IsRUFBRSxjQUFjLEVBQUUsV0FBVyxFQUFxQjtRQUVsRCxNQUFNLEVBQUUsVUFBVSxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDO1lBQzFDLFNBQVMsRUFBRSxTQUFTLENBQUMsa0JBQWtCLENBQUMsS0FBSyxDQUFDO1lBQzlDLE9BQU8sRUFBRTtnQkFDUCxXQUFXLEVBQUUsSUFBSSxDQUFDLE9BQU87Z0JBQ3pCLFVBQVUsRUFBRSxJQUFJLENBQUMsZUFBZTtnQkFDaEMsV0FBVyxFQUFFLFlBQVksQ0FBQyxjQUFjLENBQUM7Z0JBQ3pDLGVBQWUsRUFBRSxZQUFZLENBQUMsV0FBVyxDQUFDO2FBQzNDO1NBQ0YsQ0FBQyxDQUFDO1FBQ0gsT0FBTyxVQUFVLENBQUMsS0FBSyxDQUFDO0lBQzFCLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxjQUFjLENBQUMsWUFBcUQ7UUFDbEUsT0FBTyxtQkFBbUIsQ0FBQztZQUN6QixZQUFZO1lBQ1osNkJBQTZCLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDN0MsT0FBTyxFQUFFLElBQUksQ0FBQyxPQUFPO1lBQ3JCLGdCQUFnQixFQUFFLElBQUksQ0FBQyxnQkFBZ0I7U0FDeEMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOztPQUVHO0lBQ0ksTUFBTSxDQUFDLGlCQUFpQixDQUFDLFVBQWdEO1FBQzlFLE1BQU0sRUFBRSxlQUFlLEVBQUUsT0FBTyxFQUFFLE1BQU0sRUFBRSxHQUFHLFVBQVUsQ0FBQztRQUN4RCxPQUFPLFdBQVcsZUFBZSxDQUFDLFdBQVcsRUFBRSxJQUFJLE9BQU8sSUFBSSxNQUFNLFdBQVcsQ0FBQztJQUNsRixDQUFDO0lBRU8sTUFBTSxDQUFDLFVBQVUsQ0FBQyxFQUFnQjtRQUN4QyxPQUFRLEVBQXVCLENBQUMsSUFBSSxLQUFLLFNBQVMsQ0FBQztJQUNyRCxDQUFDO0lBRU8sTUFBTSxDQUFDLGtCQUFrQixDQUMvQixLQUFRO1FBRVIsSUFBSSxPQUFPLEtBQUssS0FBSyxTQUFTLEVBQUUsQ0FBQztZQUMvQixPQUFPO2dCQUNMLE1BQU0sRUFBRSxpQkFBaUIsQ0FBQyxLQUFLO2dCQUMvQixJQUFJLEVBQUUsV0FBVyxDQUFDLEtBQUs7Z0JBQ3ZCLEtBQUssRUFBRSxLQUFLO2FBQ3NDLENBQUM7UUFDdkQsQ0FBQzthQUFNLElBQUksT0FBTyxLQUFLLEtBQUssUUFBUSxJQUFJLE9BQU8sS0FBSyxLQUFLLFFBQVEsRUFBRSxDQUFDO1lBQ2xFLE9BQU87Z0JBQ0wsTUFBTSxFQUFFLGlCQUFpQixDQUFDLEtBQUs7Z0JBQy9CLElBQUksRUFBRSxXQUFXLENBQUMsUUFBUTtnQkFDMUIsS0FBSyxFQUFFLE1BQU0sQ0FBQyxLQUFLLENBQUM7YUFDOEIsQ0FBQztRQUN2RCxDQUFDO2FBQU0sQ0FBQztZQUNOLE1BQU0sSUFBSSxLQUFLLENBQUMsb0JBQW9CLE9BQU8sS0FBSyxFQUFFLENBQUMsQ0FBQztRQUN0RCxDQUFDO0lBQ0gsQ0FBQztDQUNGIn0=

package/dist/lite/reencrypt.d.ts

@@ -21,3 +21,4 @@ export declare function defaultCovalidatorGrpc(chain: SupportedChain): string;
 export declare function pulumiCovalidatorGrpc(chain: SupportedChain): string;
 export declare function lightningDevnetCovalidatorGrpc(chain: SupportedChain): string;
 export declare function lightningTestnetCovalidatorGrpc(chain: SupportedChain): string;
+export declare function retryWithBackoff<T>(fn: () => Promise<T>, maxRetries?: number, baseDelayInMs?: number): Promise<T>;

package/dist/lite/reencrypt.js

@@ -0,0 +1,148 @@
+import { createClient } from '@connectrpc/connect';
+import { createConnectTransport } from '@connectrpc/connect-web';
+import { bytesToHex, hexToBytes } from 'viem';
+import { bytesToBigInt } from '../binary';
+import { getSupportedChain } from '../chain';
+import { bigintToPlaintext, encryptionSchemes } from '../encryption/encryption';
+import { KmsService } from '../generated/es/inco/kms/lite/v1/kms_service_pb';
+import { getHandleType } from '../handle';
+import { createEIP712Payload } from '../reencryption/eip712';
+import { decrypt, generateSecp256k1Keypair } from './ecies';
+// The domain constants used for basic reencrypts.
+// Note: for advanced ACL, since the signature is checked on-chain, the domain
+// and version must match the ones used in the contract. For basic ones, we use
+// a domain different than the one used on-chain
+const BASIC_REENCRYPT_DOMAIN = {
+    name: 'IncoReencryption',
+    version: '0.1.0',
+};
+// Create an EIP712 payload for the Inco Lite basic reencrypt.
+export function reencryptEIP712(chainId, ephemeralPubKey) {
+    return createEIP712Payload({
+        chainId,
+        primaryType: 'ReencryptionRequest',
+        primaryTypeFields: [{ name: 'publicKey', type: 'bytes' }],
+        message: {
+            publicKey: bytesToHex(ephemeralPubKey),
+        },
+        domainName: BASIC_REENCRYPT_DOMAIN.name,
+        domainVersion: BASIC_REENCRYPT_DOMAIN.version,
+    });
+}
+// Returns the Inco Lite Reencryptor, which can reencrypt a handle using the
+// Basic ACL.
+export async function incoLiteReencryptor({ kmsConnectRpcEndpointOrClient, chainId, walletClient, ephemeralKeypair, }) {
+    const kmsClient = getKmsClient(kmsConnectRpcEndpointOrClient || defaultCovalidatorGrpc(getSupportedChain(chainId)));
+    if (!ephemeralKeypair) {
+        ephemeralKeypair = await generateSecp256k1Keypair();
+    }
+    // Sign the EIP712 attesting that the user has access to the private key
+    // corresponding to the ephemeral public key.
+    const eip712Payload = reencryptEIP712(chainId, ephemeralKeypair.encodePublicKey());
+    // Using browser extensions, this step will prompt the user to sign the
+    // payload.
+    const eip712Signature = await walletClient.signTypedData(eip712Payload);
+    return async function reencrypt({ handle }) {
+        const ephemeralPubKey = ephemeralKeypair.encodePublicKey();
+        const reencryptRequest = {
+            $typeName: 'inco.kms.lite.v1.ReencryptRequest',
+            userAddress: walletClient.account.address,
+            ephemeralPubKey,
+            eip712Signature: hexToBytes(eip712Signature),
+            handlesWithProofs: [
+                {
+                    $typeName: 'inco.kms.lite.v1.HandleWithProof',
+                    handle,
+                    aclProof: {
+                        $typeName: 'inco.kms.lite.v1.ACLProof',
+                        // See advancedacl/session-key.ts for an example of using
+                        // Advanced ACL.
+                        proof: {
+                            case: 'incoLiteBasicAclProof',
+                            value: {
+                                $typeName: 'inco.kms.lite.v1.IncoLiteBasicACLProof',
+                            },
+                        },
+                    },
+                },
+            ],
+        };
+        try {
+            const response = await retryWithBackoff(() => kmsClient.reencrypt(reencryptRequest));
+            return decryptGrpcResponse(response, ephemeralKeypair, handle);
+        }
+        catch (error) {
+            console.log(error);
+            throw error;
+        }
+    };
+}
+// Helper function to get a KMS client from a string or a Client instance.
+export function getKmsClient(kmsConnectRpcEndpointOrClient) {
+    if (typeof kmsConnectRpcEndpointOrClient === 'string') {
+        const transport = createConnectTransport({
+            baseUrl: kmsConnectRpcEndpointOrClient,
+        });
+        return createClient(KmsService, transport);
+    }
+    return kmsConnectRpcEndpointOrClient;
+}
+// Decrypt using ECIES the ciphertext in the response.
+// Even though the proto specifies a list of ciphertexts, our JS SDK
+// currently only supports a single ciphertext.
+export async function decryptGrpcResponse(response, ephemeralKeypair, handle) {
+    const reencryptedCt = response.payload?.userCiphertexts[0];
+    if (!reencryptedCt) {
+        throw new Error('No reencrypted ciphertext in the response');
+    }
+    const plaintextBytes = await decrypt(ephemeralKeypair, reencryptedCt.ciphertext);
+    const plaintext = bytesToBigInt(plaintextBytes);
+    return bigintToPlaintext(encryptionSchemes.ecies, getHandleType(handle), plaintext);
+}
+// Helper function to return the default gRPC endpoint for the covalidator.
+// Currently, this returns the covalidator for the Inco Lightning public testnet.
+export function defaultCovalidatorGrpc(chain) {
+    return lightningTestnetCovalidatorGrpc(chain);
+}
+// Helper function to get the gRPC endpoint for the Denver covalidator on the
+// AWS (Pulumi) setup. This function is a convenience, and might disappear in
+// the future, if the denver testnet is no longer supported.
+export function pulumiCovalidatorGrpc(chain) {
+    return `https://grpc.${chain.name.toLowerCase()}.covalidator.denver.inco.org`;
+}
+// Helper function to get the devnet gRPC endpoint for the Inco Lightning covalidator.
+export function lightningDevnetCovalidatorGrpc(chain) {
+    return getCovalidatorGrpcHelper(chain, 'devnet', 'lightning');
+}
+// Helper function to get the testnet gRPC endpoint for the Inco Lightning covalidator.
+export function lightningTestnetCovalidatorGrpc(chain) {
+    return getCovalidatorGrpcHelper(chain, 'testnet', 'lightning');
+}
+// Convert camelCase to dash-case.
+function camelToDashCase(str) {
+    return str.replace(/([a-z])([A-Z])/g, '$1-$2').toLowerCase();
+}
+// Small helper, as our GCP covalidator URLs are in a specific format.
+function getCovalidatorGrpcHelper(chain, network, cluster) {
+    return `https://grpc.${camelToDashCase(chain.name)}.${cluster}.${network}.inco.org`;
+}
+// Helper function to implement exponential backoff retry logic
+export async function retryWithBackoff(fn, maxRetries = 3, baseDelayInMs = 1000) {
+    let lastError;
+    for (let attempt = 0; attempt < maxRetries; attempt++) {
+        try {
+            return await fn();
+        }
+        catch (error) {
+            lastError = error;
+            if (attempt === maxRetries - 1) {
+                break;
+            }
+            const delay = baseDelayInMs * Math.pow(2, attempt);
+            const jitter = delay * (0.8 + Math.random() * 0.4); // random jitter, 80% to 120% of the delay
+            await new Promise((resolve) => setTimeout(resolve, jitter));
+        }
+    }
+    throw lastError;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVlbmNyeXB0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2xpdGUvcmVlbmNyeXB0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBVSxZQUFZLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUMzRCxPQUFPLEVBQUUsc0JBQXNCLEVBQUUsTUFBTSx5QkFBeUIsQ0FBQztBQUNqRSxPQUFPLEVBQVcsVUFBVSxFQUFjLFVBQVUsRUFBMkIsTUFBTSxNQUFNLENBQUM7QUFDNUYsT0FBTyxFQUFFLGFBQWEsRUFBRSxNQUFNLFdBQVcsQ0FBQztBQUMxQyxPQUFPLEVBQUUsaUJBQWlCLEVBQWtCLE1BQU0sVUFBVSxDQUFDO0FBQzdELE9BQU8sRUFBRSxpQkFBaUIsRUFBZSxpQkFBaUIsRUFBb0IsTUFBTSwwQkFBMEIsQ0FBQztBQUMvRyxPQUFPLEVBQUUsVUFBVSxFQUF1QyxNQUFNLGlEQUFpRCxDQUFDO0FBQ2xILE9BQU8sRUFBRSxhQUFhLEVBQVUsTUFBTSxXQUFXLENBQUM7QUFFbEQsT0FBTyxFQUFFLG1CQUFtQixFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDN0QsT0FBTyxFQUFFLE9BQU8sRUFBRSx3QkFBd0IsRUFBb0IsTUFBTSxTQUFTLENBQUM7QUFpQjlFLGtEQUFrRDtBQUNsRCw4RUFBOEU7QUFDOUUsK0VBQStFO0FBQy9FLGdEQUFnRDtBQUNoRCxNQUFNLHNCQUFzQixHQUFHO0lBQzdCLElBQUksRUFBRSxrQkFBa0I7SUFDeEIsT0FBTyxFQUFFLE9BQU87Q0FDakIsQ0FBQztBQUVGLDhEQUE4RDtBQUM5RCxNQUFNLFVBQVUsZUFBZSxDQUFDLE9BQWUsRUFBRSxlQUEyQjtJQUMxRSxPQUFPLG1CQUFtQixDQUFDO1FBQ3pCLE9BQU87UUFDUCxXQUFXLEVBQUUscUJBQXFCO1FBQ2xDLGlCQUFpQixFQUFFLENBQUMsRUFBRSxJQUFJLEVBQUUsV0FBVyxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUUsQ0FBQztRQUN6RCxPQUFPLEVBQUU7WUFDUCxTQUFTLEVBQUUsVUFBVSxDQUFDLGVBQWUsQ0FBQztTQUN2QztRQUNELFVBQVUsRUFBRSxzQkFBc0IsQ0FBQyxJQUFJO1FBQ3ZDLGFBQWEsRUFBRSxzQkFBc0IsQ0FBQyxPQUFPO0tBQzlDLENBQUMsQ0FBQztBQUNMLENBQUM7QUFFRCw0RUFBNEU7QUFDNUUsYUFBYTtBQUNiLE1BQU0sQ0FBQyxLQUFLLFVBQVUsbUJBQW1CLENBQUMsRUFDeEMsNkJBQTZCLEVBQzdCLE9BQU8sRUFDUCxZQUFZLEVBQ1osZ0JBQWdCLEdBQ1E7SUFDeEIsTUFBTSxTQUFTLEdBQUcsWUFBWSxDQUFDLDZCQUE2QixJQUFJLHNCQUFzQixDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUNwSCxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztRQUN0QixnQkFBZ0IsR0FBRyxNQUFNLHdCQUF3QixFQUFFLENBQUM7SUFDdEQsQ0FBQztJQUVELHdFQUF3RTtJQUN4RSw2Q0FBNkM7SUFDN0MsTUFBTSxhQUFhLEdBQUcsZUFBZSxDQUFDLE9BQU8sRUFBRSxnQkFBZ0IsQ0FBQyxlQUFlLEVBQUUsQ0FBQyxDQUFDO0lBRW5GLHVFQUF1RTtJQUN2RSxXQUFXO0lBQ1gsTUFBTSxlQUFlLEdBQUcsTUFBTSxZQUFZLENBQUMsYUFBYSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBRXhFLE9BQU8sS0FBSyxVQUFVLFNBQVMsQ0FBNkIsRUFBRSxNQUFNLEVBQW1DO1FBQ3JHLE1BQU0sZUFBZSxHQUFHLGdCQUFnQixDQUFDLGVBQWUsRUFBRSxDQUFDO1FBQzNELE1BQU0sZ0JBQWdCLEdBQXFCO1lBQ3pDLFNBQVMsRUFBRSxtQ0FBbUM7WUFDOUMsV0FBVyxFQUFFLFlBQVksQ0FBQyxPQUFPLENBQUMsT0FBTztZQUN6QyxlQUFlO1lBQ2YsZUFBZSxFQUFFLFVBQVUsQ0FBQyxlQUFlLENBQUM7WUFDNUMsaUJBQWlCLEVBQUU7Z0JBQ2pCO29CQUNFLFNBQVMsRUFBRSxrQ0FBa0M7b0JBQzdDLE1BQU07b0JBQ04sUUFBUSxFQUFFO3dCQUNSLFNBQVMsRUFBRSwyQkFBMkI7d0JBQ3RDLHlEQUF5RDt3QkFDekQsZ0JBQWdCO3dCQUNoQixLQUFLLEVBQUU7NEJBQ0wsSUFBSSxFQUFFLHVCQUF1Qjs0QkFDN0IsS0FBSyxFQUFFO2dDQUNMLFNBQVMsRUFBRSx3Q0FBd0M7NkJBQ3BEO3lCQUNGO3FCQUNGO2lCQUNGO2FBQ0Y7U0FDRixDQUFDO1FBQ0YsSUFBSSxDQUFDO1lBQ0gsTUFBTSxRQUFRLEdBQUcsTUFBTSxnQkFBZ0IsQ0FBQyxHQUFHLEVBQUUsQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLGdCQUFnQixDQUFDLENBQUMsQ0FBQztZQUVyRixPQUFPLG1CQUFtQixDQUFDLFFBQVEsRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLENBQUMsQ0FBQztRQUNqRSxDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLE9BQU8sQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUM7WUFDbkIsTUFBTSxLQUFLLENBQUM7UUFDZCxDQUFDO0lBQ0gsQ0FBQyxDQUFDO0FBQ0osQ0FBQztBQUVELDBFQUEwRTtBQUMxRSxNQUFNLFVBQVUsWUFBWSxDQUMxQiw2QkFBaUU7SUFFakUsSUFBSSxPQUFPLDZCQUE2QixLQUFLLFFBQVEsRUFBRSxDQUFDO1FBQ3RELE1BQU0sU0FBUyxHQUFHLHNCQUFzQixDQUFDO1lBQ3ZDLE9BQU8sRUFBRSw2QkFBNkI7U0FDdkMsQ0FBQyxDQUFDO1FBQ0gsT0FBTyxZQUFZLENBQUMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQzdDLENBQUM7SUFFRCxPQUFPLDZCQUE2QixDQUFDO0FBQ3ZDLENBQUM7QUFFRCxzREFBc0Q7QUFDdEQsb0VBQW9FO0FBQ3BFLCtDQUErQztBQUMvQyxNQUFNLENBQUMsS0FBSyxVQUFVLG1CQUFtQixDQUN2QyxRQUEyQixFQUMzQixnQkFBa0MsRUFDbEMsTUFBYztJQUVkLE1BQU0sYUFBYSxHQUFHLFFBQVEsQ0FBQyxPQUFPLEVBQUUsZUFBZSxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQzNELElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUNuQixNQUFNLElBQUksS0FBSyxDQUFDLDJDQUEyQyxDQUFDLENBQUM7SUFDL0QsQ0FBQztJQUNELE1BQU0sY0FBYyxHQUFHLE1BQU0sT0FBTyxDQUFDLGdCQUFnQixFQUFFLGFBQWEsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUNqRixNQUFNLFNBQVMsR0FBRyxhQUFhLENBQUMsY0FBYyxDQUFDLENBQUM7SUFFaEQsT0FBTyxpQkFBaUIsQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLEVBQUUsYUFBYSxDQUFDLE1BQU0sQ0FBTSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0FBQzNGLENBQUM7QUFFRCwyRUFBMkU7QUFDM0UsaUZBQWlGO0FBQ2pGLE1BQU0sVUFBVSxzQkFBc0IsQ0FBQyxLQUFxQjtJQUMxRCxPQUFPLCtCQUErQixDQUFDLEtBQUssQ0FBQyxDQUFDO0FBQ2hELENBQUM7QUFFRCw2RUFBNkU7QUFDN0UsNkVBQTZFO0FBQzdFLDREQUE0RDtBQUM1RCxNQUFNLFVBQVUscUJBQXFCLENBQUMsS0FBcUI7SUFDekQsT0FBTyxnQkFBZ0IsS0FBSyxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsOEJBQThCLENBQUM7QUFDaEYsQ0FBQztBQUVELHNGQUFzRjtBQUN0RixNQUFNLFVBQVUsOEJBQThCLENBQUMsS0FBcUI7SUFDbEUsT0FBTyx3QkFBd0IsQ0FBQyxLQUFLLEVBQUUsUUFBUSxFQUFFLFdBQVcsQ0FBQyxDQUFDO0FBQ2hFLENBQUM7QUFFRCx1RkFBdUY7QUFDdkYsTUFBTSxVQUFVLCtCQUErQixDQUFDLEtBQXFCO0lBQ25FLE9BQU8sd0JBQXdCLENBQUMsS0FBSyxFQUFFLFNBQVMsRUFBRSxXQUFXLENBQUMsQ0FBQztBQUNqRSxDQUFDO0FBRUQsa0NBQWtDO0FBQ2xDLFNBQVMsZUFBZSxDQUFDLEdBQVc7SUFDbEMsT0FBTyxHQUFHLENBQUMsT0FBTyxDQUFDLGlCQUFpQixFQUFFLE9BQU8sQ0FBQyxDQUFDLFdBQVcsRUFBRSxDQUFDO0FBQy9ELENBQUM7QUFFRCxzRUFBc0U7QUFDdEUsU0FBUyx3QkFBd0IsQ0FBQyxLQUFxQixFQUFFLE9BQTZCLEVBQUUsT0FBb0I7SUFDMUcsT0FBTyxnQkFBZ0IsZUFBZSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxPQUFPLElBQUksT0FBTyxXQUFXLENBQUM7QUFDdEYsQ0FBQztBQUVELCtEQUErRDtBQUMvRCxNQUFNLENBQUMsS0FBSyxVQUFVLGdCQUFnQixDQUNwQyxFQUFvQixFQUNwQixhQUFxQixDQUFDLEVBQ3RCLGdCQUF3QixJQUFJO0lBRTVCLElBQUksU0FBNEIsQ0FBQztJQUVqQyxLQUFLLElBQUksT0FBTyxHQUFHLENBQUMsRUFBRSxPQUFPLEdBQUcsVUFBVSxFQUFFLE9BQU8sRUFBRSxFQUFFLENBQUM7UUFDdEQsSUFBSSxDQUFDO1lBQ0gsT0FBTyxNQUFNLEVBQUUsRUFBRSxDQUFDO1FBQ3BCLENBQUM7UUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1lBQ2YsU0FBUyxHQUFHLEtBQWMsQ0FBQztZQUMzQixJQUFJLE9BQU8sS0FBSyxVQUFVLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQy9CLE1BQU07WUFDUixDQUFDO1lBQ0QsTUFBTSxLQUFLLEdBQUcsYUFBYSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQ25ELE1BQU0sTUFBTSxHQUFHLEtBQUssR0FBRyxDQUFDLEdBQUcsR0FBRyxJQUFJLENBQUMsTUFBTSxFQUFFLEdBQUcsR0FBRyxDQUFDLENBQUMsQ0FBQywwQ0FBMEM7WUFDOUYsTUFBTSxJQUFJLE9BQU8sQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBQzlELENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxTQUFTLENBQUM7QUFDbEIsQ0FBQyJ9