@inco/js 0.6.9 → 0.7.1

package/dist/types/lite/index.d.ts

@@ -7,4 +7,3 @@ export * from './deployments.js';
 export * from './ecies.js';
 export * from './hadu.js';
 export * from './lightning.js';
-export * from './reencrypt.js';

package/dist/types/lite/lightning.d.ts

@@ -1,13 +1,14 @@
-import { Account, Chain, PublicClient, Transport, WalletClient } from 'viem';
+import { Account, Chain, GetContractReturnType, PublicClient, Transport, WalletClient } from 'viem';
 import { AllowanceVoucherWithSig } from '../advancedacl/types.js';
 import { AttestedComputeOP } from '../attestedcompute/types.js';
-import { DecryptionAttestation } from '../attesteddecrypt/index.js';
+import { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/index.js';
 import { Address, HexString } from '../binary.js';
-import { EciesScheme, Encryptor, PlaintextOf, SupportedFheType } from '../encryption/index.js';
+import { EciesScheme, SupportedFheType } from '../encryption/index.js';
+import { incoVerifierAbi } from '../generated/abis/verifier.js';
 import { lightningDeployments } from '../generated/lightning.js';
 import { localNodeLightningConfig } from '../generated/local-node.js';
+import { FheType } from '../handle.js';
 import { LocalNodeEnv } from '../local/index.js';
-import type { Reencryptor } from '../reencryption/index.js';
 import { BackoffConfig } from '../retry.js';
 import { Secp256k1Keypair } from './ecies.js';
 type TupleToUnion<T> = T extends readonly unknown[] ? T[number] : never;
@@ -23,6 +24,7 @@ export type SupportedNativeType = boolean | bigint | number;
 export type EncryptionContext = {
     accountAddress: string;
     dappAddress: string;
+    handleType: FheType;
 };
 export type DeploymentSlice = {
     executorAddress: string;
@@ -31,22 +33,35 @@ export type DeploymentSlice = {
 export type CustomConfig = {
     executorAddress: string;
     chainId: number;
-    covalidatorUrl: string;
+    covalidatorUrls: string[];
+    signers?: Address[];
     hostChainRpcUrl?: string;
     senderPrivateKey?: HexString;
 };
 export type CustomDeployment = DeploymentSlice & CustomConfig;
+export type IncoVerifierConfig = {
+    threshold: number;
+    signers: Address[];
+    eciesPubKey: HexString;
+};
+type LocalNodeEnvFileSource = {
+    filePath: string;
+};
 /**
  * The Lightning class provides a convenient way to interact with the Inco Lightning contract by binding to a specific
  * deployment.
  */
 export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
     private readonly _deployment;
-    readonly covalidatorUrl: string;
+    private readonly covalidatorUrls;
+    private readonly signers;
+    private readonly threshold;
+    private readonly eciesPubKey;
     readonly executorAddress: Address;
     readonly chainId: bigint;
     private readonly ephemeralKeypair;
-    private readonly kmsClient;
+    private readonly kmsQuorumClient;
+    private readonly encryptor;
     private constructor();
     /**
      * Get a Lightning instance bound to the latest Lightning deployment for the Base Sepolia testnet.
@@ -73,7 +88,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      *
      * @param filePath the path to the file containing the environment variables in dotenv format
      */
-    static localNodeFromEnv(filePath?: string): Promise<Lightning<CustomDeployment>>;
+    static localNodeFromEnv(source?: string | Buffer | LocalNodeEnvFileSource): Promise<Lightning<CustomDeployment>>;
     /**
      * Get a Lightning deployment by name or executor address on a particular chain.
      *
@@ -87,7 +102,6 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      *    additional fields past will be made available as part of the `deployment` property.
      */
     static custom<T extends CustomConfig>(config: T): Promise<Lightning<DeploymentSlice & T>>;
-    static getEciesPublicKey(client: PublicClient, executorAddress: Address): Promise<HexString>;
     /**
      * Get the latest deployment for a given pepper, which usually denotes a family of deployments distinct from their
      * version such as 'devnet', 'testnet', 'mainnet', etc.
@@ -102,7 +116,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * will not be compatible with the new version.
      *
      * @param pepper the pepper to use to filter the deployments
-     * @param chainId the chainId to use to filter the deployments
+     * @param chain the chain to use to filter the deployments
      */
     static latest<P extends Pepper>(pepper: P, chainId: ChainId): Promise<Lightning<Deployment>>;
     get deployment(): T;
@@ -112,17 +126,13 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * @param value a boolean or numeric value to encrypt
      * @param accountAddress the address of the account interacting with the dapp contract, normally an Externally Owned Account (EOA)
      * @param dappAddress the address of the dapp contract that interacts with the Inco Lightning contract or library
+     * @param handleType (optional) the handle type to be used for encrypting the value - this is required in case of non-default handle types
+     *                    default handle types:
+     *                      - boolean -> handleTypes.ebool
+     *                      - number | bigint -> handleTypes.euint256
+     * @returns a promise that resolves to the encrypted value as a HexString
      */
-    encrypt<T extends SupportedNativeType>(value: T, { accountAddress, dappAddress }: EncryptionContext, encryptor: Encryptor<EciesScheme>): Promise<HexString>;
-    /**
-     * Obtain a reencryptor for a particular Externally Owned Account (EOA) to request decrypted values.
-     * The account associated with the walletClient must have permissions to decrypt the handle or ciphertext passed
-     * to the reencryptor function.
-     *
-     * @param walletClient the wallet client to use for signing the reencrypt request.
-     */
-    getReencryptor(walletClient: WalletClient<Transport, Chain, Account>): Promise<Reencryptor<EciesScheme>>;
-    getEncryptor(eciesPubkey: HexString): Encryptor<EciesScheme>;
+    encrypt<T extends SupportedNativeType>(value: T, { accountAddress, dappAddress, handleType }: EncryptionContext): Promise<HexString>;
     /**
      * Grants a session key allowance voucher for secure reencryption operations.
      *
@@ -147,24 +157,6 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * ```
      */
     grantSessionKeyAllowanceVoucher(walletClient: WalletClient<Transport, Chain, Account>, granteeAddress: string, expiresAt: Date, sessionVerifierAddress: string): Promise<AllowanceVoucherWithSig>;
-    /**
-     * Creates a session key reencryptor for secure data reencryption operations.
-     *
-     * This method returns a reencryptor instance that can be used to perform reencryption
-     * operations using session keys. The reencryptor is configured with the provided
-     * allowance voucher and ephemeral keypair for secure communication.
-     *
-     * @param allowanceVoucherWithSig - The signed allowance voucher obtained from grantSessionKeyAllowanceVoucher
-     * @param ephemeralKeypair - The ephemeral keypair used for secure communication with the KMS make sure it has allowance to voucher
-     * @returns A reencryptor instance configured for session key operations
-     *
-     * @example
-     * ```typescript
-     * const reencryptor = await lightning.getSessionKeyRencryptor(voucher, ephemeralKeypair);
-     * const decryptedValue = await reencryptor({handle: resultHandle});
-     * ```
-     */
-    getSessionKeyRencryptor(allowanceVoucherWithSig: AllowanceVoucherWithSig, ephemeralKeypair: Secp256k1Keypair): Promise<(<T_1 extends SupportedFheType>({ handle, }: import("../reencryption/types.js").ReencryptFnArgs<EciesScheme, T_1>) => Promise<PlaintextOf<1, 0 | 5 | 7 | 8>>)>;
     /**
      * Updates the active session nonce for the given wallet client.
      *
@@ -176,35 +168,68 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      */
     updateActiveVouchersSessionNonce(walletClient: WalletClient<Transport, Chain, Account>): Promise<HexString>;
     /**
-     * Get an attested decryptor for the given wallet client.
+     * Requests attested decrypts signed by the covalidator using a wallet client.
      *
-     * @param walletClient - The wallet client used for signing the attested decrypt request
-     * @param handles - The handles to decrypt
-     * @param backoffConfig - The backoff configuration for the attested decrypt request
-     * @returns The decryption attestations
+     * @param walletClient Wallet used to sign the EIP-712 request.
+     * @param handles 32-byte handles to decrypt.
+     * @param backoffConfig Optional retry configuration.
      *
-     * @example
-     * ```typescript
-     * const response = await lightning.attestedDecrypt(walletClient, [handle1, handle2]);
-     * const { plaintext, covalidatorSignature } = response[0];
+     * @example Plaintext results
+     * ```ts
+     * const attestations = await lightning.attestedDecrypt(walletClient, [handle]);
+     * console.log(attestations[0].plaintext.value);
+     * ```
+     *
+     * @example Reencrypt for a delegate
+     * ```ts
+     * const encrypted = await lightning.attestedDecrypt(walletClient, [handle], delegatePubKey);
+     * console.log(encrypted[0].encryptedPlaintext.ciphertext.value);
+     * ```
+     *
+     * @example Reencrypt and decrypt locally
+     * ```ts
+     * const decrypted = await lightning.attestedDecrypt(
+     *   walletClient,
+     *   [handle],
+     *   keypair.encodePublicKey(),
+     *   keypair,
+     * );
+     * console.log(decrypted[0].plaintext.value);
      * ```
      */
     attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
+    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, backoffConfig?: Partial<BackoffConfig>): Promise<Array<EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>>;
+    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
     /**
-     * @notice Attested decryption using a session key.
-     * @dev This method is used when you want to perform attested decryption
-     *      via an ephemeral session key and an allowance voucher. The session
-     *      key setup is typically faster and more flexible than using a wallet.
+     * Requests attested decrypts using a voucher-backed session key.
+     *
+     * @param ephemeralKeypair Session keypair matching the voucher grantee.
+     * @param allowanceVoucherWithSig Signed allowance voucher.
+     * @param handles Handles to decrypt.
+     * @param options Optional reencryption/backoff configuration.
      *
-     * @param ephemeralKeypair The ephemeral Secp256k1 keypair used for secure communication.
-     * @param allowanceVoucherWithSig The signed allowance voucher, obtained from
-     *        `grantSessionKeyAllowanceVoucher`, proving the session key's decryption rights.
-     * @param handles The encrypted handles to be decrypted.
-     * @param backoffConfig Optional configuration for retry and backoff strategy.
+     * @example Plaintext results
+     * ```ts
+     * const attestations = await lightning.attestedDecryptWithVoucher(
+     *   ephemeralKeypair,
+     *   voucher,
+     *   [handle],
+     * );
+     * ```
      *
-     * @returns A promise that resolves to an array of decryption attestations.
+     * @example Reencrypt for a delegate
+     * ```ts
+     * const encrypted = await lightning.attestedDecryptWithVoucher(
+     *   ephemeralKeypair,
+     *   voucher,
+     *   [handle],
+     *   { reencryptPubKey: delegateKeypair.encodePublicKey() },
+     * );
+     * ```
      */
-    attestedDecrypt(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, handles: HexString[], backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
+    attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, handles: HexString[], backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
+    attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, handles: HexString[], reencryptPubKey: Uint8Array, backoffConfig?: Partial<BackoffConfig>): Promise<Array<EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>>;
+    attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
     /**
      * Get an attested compute for the given wallet client.
      *
@@ -227,22 +252,20 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      */
     attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType>>;
     /**
-     * @notice Attested compute using a session key.
-     * @dev This method is used when you want to perform attested compute
-     *      via an ephemeral session key and an allowance voucher. The session
-     *      key setup is typically faster and more flexible than using a wallet.
-     *
-     * @param ephemeralKeypair The ephemeral Secp256k1 keypair used for secure communication.
-     * @param lhsHandle The handle to compute on
-     * @param op The operation to perform
-     * @param rhsPlaintext The plaintext to compute with
-     * @param allowanceVoucherWithSig The signed allowance voucher, obtained from
-     *        `grantSessionKeyAllowanceVoucher`, proving the session key's compute rights.
-     * @param backoffConfig Optional configuration for retry and backoff strategy.
+     * Performs attested compute via a voucher-backed session key.
      *
-     * @returns A promise that resolves to a compute attestation.
+     * @example
+     * ```ts
+     * const attestation = await lightning.attestedComputeWithVoucher(
+     *   ephemeralKeypair,
+     *   voucher,
+     *   lhsHandle,
+     *   AttestedComputeSupportedOps.Eq,
+     *   true,
+     * );
+     * ```
      */
-    attestedCompute(ephemeralKeypair: Secp256k1Keypair, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, allowanceVoucherWithSig: AllowanceVoucherWithSig, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType>>;
+    attestedComputeWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType>>;
     /**
      * Get an decryption of publicly revealed handles.
      *
@@ -260,10 +283,23 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
     /**
      * Get the GRPC endpoint for the covalidator that services this deployment.
      */
-    static getCovalidatorUrl(deployment: DeploymentSlice & {
+    static getCovalidatorUrls(deployment: DeploymentSlice & {
         pepper: string;
-    }): string;
+    }, threshold: number): string[];
     private static isIdByName;
     private static plaintextFromValue;
+    static getEciesPublicKey(client: PublicClient, executorAddress: Address): Promise<HexString>;
+    static getIncoVerifierContract(client: PublicClient, executorAddress: Address): Promise<GetContractReturnType<typeof incoVerifierAbi, PublicClient, Address>>;
+    /**
+     * Retrieves the verifier contract details including threshold, signers, and ECIES public key from the Inco Verifier contract.
+     *
+     * @param executorAddress The address of the Inco Lightning executor contract.
+     * @param client The public client to interact with the blockchain.
+     * @returns An object containing the threshold, signers, and ECIES public key.
+     */
+    private static getVerifierContractDetails;
+    private static getChainConfig;
+    private static supportsThresholdRetrieval;
+    private static getDefaultThresholdAndSigners;
 }
 export {};

package/dist/types/local/local-node.d.ts

@@ -4,13 +4,12 @@ export declare const LocalNodeEnv: Schema.Struct<{
     STATE_DUMP: typeof Schema.String;
     EXECUTOR_ADDRESS: Schema.brand<Schema.filter<Schema.TemplateLiteral<`0x${string}`>>, "Address">;
     ECIES_PUBLIC_KEY: Schema.TemplateLiteral<`0x${string}`>;
-    CALLBACK_ADDRESS: Schema.TemplateLiteral<`0x${string}`>;
     SENDER_ADDRESS: Schema.brand<Schema.filter<Schema.TemplateLiteral<`0x${string}`>>, "Address">;
     SENDER_PRIVATE_KEY: Schema.TemplateLiteral<`0x${string}`>;
+    EIP712_SIGNER_ADDRESS: Schema.optional<Schema.TemplateLiteral<`0x${string}`>>;
     PEPPER: typeof Schema.String;
     COVALIDATOR_ECIES_PRIVATE_KEY: Schema.TemplateLiteral<`0x${string}`>;
     COVALIDATOR_EIP712_PRIVATE_SIGNING_KEY: Schema.TemplateLiteral<`0x${string}`>;
-    COVALIDATOR_CALLBACK_PRIVATE_KEY: Schema.TemplateLiteral<`0x${string}`>;
     COVALIDATOR_ACL_ADDR: Schema.brand<Schema.filter<Schema.TemplateLiteral<`0x${string}`>>, "Address">;
     COVALIDATOR_INCO_EXECUTOR_ADDR: Schema.brand<Schema.filter<Schema.TemplateLiteral<`0x${string}`>>, "Address">;
     COVALIDATOR_DECRYPTION_HANDLER_ADDR: Schema.brand<Schema.filter<Schema.TemplateLiteral<`0x${string}`>>, "Address">;

package/dist/types/test/mocks.d.ts

@@ -1,6 +1,7 @@
 import { Account, Chain, Transport, WalletClient } from 'viem';
 import { vi } from 'vitest';
 import { KmsClient } from '../kms/client.js';
+import { KmsQuorumClient } from '../kms/quorumClient.js';
 interface MinimalKmsClient {
     attestedCompute: ReturnType<typeof vi.fn>;
     attestedDecrypt: ReturnType<typeof vi.fn>;
@@ -8,5 +9,7 @@ interface MinimalKmsClient {
     reencrypt: ReturnType<typeof vi.fn>;
 }
 export declare function createMockKmsClient(): MinimalKmsClient & KmsClient;
+export declare function createMockQuorumClient(): KmsQuorumClient;
+export declare function setupMockInQuorumClient(quorumClient: KmsQuorumClient, mockKmsClient: MinimalKmsClient & KmsClient): void;
 export declare function createTestWalletClient(): WalletClient<Transport, Chain, Account>;
 export {};

package/dist/types/viem.d.ts

@@ -1,3 +1,4 @@
+import { Chain } from 'viem';
 import { Chainish } from './chain.js';
 export declare const chains: {
     sepolia: {
@@ -777,7 +778,4 @@ export declare const chains: {
         readonly network: "worldchain-sepolia";
     };
 };
-type ChainName = keyof typeof chains;
-export type ViemChain = (typeof chains)[ChainName];
-export declare function getViemChain(chainish: Chainish): ViemChain;
-export {};
+export declare function getViemChain(chainish: Chainish): Chain;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inco/js",
-  "version": "0.6.9",
+  "version": "0.7.1",
   "repository": "https://github.com/Inco-fhevm/inco-monorepo",
   "license": "Apache-2.0",
   "sideEffects": false,
@@ -96,7 +96,7 @@
     "effect": "^3.17.13",
     "elliptic": "^6.6.1",
     "sha3": "^2.1.4",
-    "viem": "^2.23.6"
+    "viem": "^2.39.3"
   },
   "devDependencies": {
     "@inco/pega": "0.0.0",
@@ -105,7 +105,7 @@
     "@vitest/coverage-istanbul": "3.1.1",
     "@wagmi/cli": "^2.2.0",
     "eslint": "^9.30.1",
-    "eslint-plugin-import": "^2.32.0",
+    "eslint-plugin-require-extensions": "^0.1.3",
     "ts-proto": "^2.6.1",
     "typescript": "^5.7.3",
     "vitest": "^3.0.4"
@@ -113,5 +113,8 @@
   "publishConfig": {
     "access": "public",
     "registry": "https://registry.npmjs.org/"
+  },
+  "browser": {
+    "fs/promises": false
   }
 }

package/dist/cjs/attestedreveal/attested-reveal.d.ts

@@ -1,21 +0,0 @@
-import { DecryptionAttestation } from '../attesteddecrypt/types.js';
-import { HexString } from '../binary.js';
-import { SupportedChainId } from '../chain.js';
-import { EciesScheme, SupportedFheType } from '../encryption/encryption.js';
-import type { KmsClient } from '../kms/client.js';
-import type { BackoffConfig } from '../retry.js';
-/**
- * Just like attestedDecrypt, attestedReveal multiple revealed handles in a single attested request.
- * Returns an array of attestations aligned with the response ordering.
- * Handles must be revealed ahead of time using the .reveal() on-chain call.
- *
- * @param args - The arguments for creating the attested reveal function
- * @returns A function that can reveal handles and return an attestation
- * @throws {AttestedRevealError} If the creation fails
- */
-export declare function attestedReveal({ handles, backoffConfig, chainId, kmsConnectRpcEndpointOrClient, }: {
-    handles: HexString[];
-    backoffConfig?: Partial<BackoffConfig> | undefined;
-    chainId: SupportedChainId;
-    kmsConnectRpcEndpointOrClient?: string | KmsClient;
-}): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;

package/dist/cjs/attestedreveal/attested-reveal.js

@@ -1,69 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.attestedReveal = attestedReveal;
-const protobuf_1 = require("@bufbuild/protobuf");
-const binary_js_1 = require("../binary.js");
-const chain_js_1 = require("../chain.js");
-const encryption_js_1 = require("../encryption/encryption.js");
-const kms_service_pb_js_1 = require("../generated/es/inco/kms/lite/v1/kms_service_pb.js");
-const handle_js_1 = require("../handle.js");
-const client_js_1 = require("../kms/client.js");
-const retry_js_1 = require("../retry.js");
-const types_js_1 = require("./types.js");
-/**
- * Validates a handle format.
- * @param handle - The handle to validate
- * @throws {AttestedRevealError} If the handle format is invalid
- */
-function validateHandle(handle) {
-    if (!handle.startsWith('0x') || handle.length !== 2 + 2 * 32) {
-        throw new types_js_1.AttestedRevealError('Invalid handle format: must be a 32-byte hex string with 0x prefix');
-    }
-}
-/**
- * Just like attestedDecrypt, attestedReveal multiple revealed handles in a single attested request.
- * Returns an array of attestations aligned with the response ordering.
- * Handles must be revealed ahead of time using the .reveal() on-chain call.
- *
- * @param args - The arguments for creating the attested reveal function
- * @returns A function that can reveal handles and return an attestation
- * @throws {AttestedRevealError} If the creation fails
- */
-async function attestedReveal({ handles, backoffConfig, chainId, kmsConnectRpcEndpointOrClient, }) {
-    try {
-        handles.forEach(validateHandle);
-        const kmsClient = (0, client_js_1.getKmsClient)(kmsConnectRpcEndpointOrClient ||
-            (0, client_js_1.defaultCovalidatorGrpc)((0, chain_js_1.getSupportedChain)(chainId)));
-        const attestedRevealRequest = (0, protobuf_1.create)(kms_service_pb_js_1.AttestedRevealRequestSchema, {
-            handles: handles,
-        });
-        const response = await (0, retry_js_1.retryWithBackoff)(async () => {
-            return await kmsClient.attestedReveal(attestedRevealRequest);
-        }, backoffConfig);
-        if (response.decryptionAttestations.length !== handles.length) {
-            throw new types_js_1.AttestedRevealError(`Expected ${handles.length} decryption attestations in response, got ${response.decryptionAttestations.length}`);
-        }
-        const results = response.decryptionAttestations.map((att) => {
-            if (att.value === undefined) {
-                throw new types_js_1.AttestedRevealError('No value in attestation');
-            }
-            const plaintext = att.value.value;
-            const h = att.handle;
-            const handleType = (0, handle_js_1.getHandleType)(h);
-            const bigIntValue = (0, binary_js_1.bytesToBigInt)(plaintext.value);
-            return {
-                handle: h,
-                plaintext: (0, encryption_js_1.bigintToPlaintext)(encryption_js_1.encryptionSchemes.ecies, handleType, bigIntValue),
-                covalidatorSignature: att.signature,
-            };
-        });
-        return results;
-    }
-    catch (error) {
-        if (error instanceof types_js_1.AttestedRevealError) {
-            throw error;
-        }
-        throw new types_js_1.AttestedRevealError('Failed to reveal handles', error);
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXR0ZXN0ZWQtcmV2ZWFsLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2F0dGVzdGVkcmV2ZWFsL2F0dGVzdGVkLXJldmVhbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQTRDQSx3Q0E4REM7QUExR0QsaURBQTRDO0FBRTVDLDRDQUF3RDtBQUN4RCwwQ0FBa0U7QUFDbEUsK0RBS3FDO0FBQ3JDLDBGQUk0RDtBQUM1RCw0Q0FBNkM7QUFFN0MsZ0RBQXdFO0FBRXhFLDBDQUErQztBQUMvQyx5Q0FBaUQ7QUFFakQ7Ozs7R0FJRztBQUNILFNBQVMsY0FBYyxDQUFDLE1BQWM7SUFDcEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksTUFBTSxDQUFDLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDO1FBQzdELE1BQU0sSUFBSSw4QkFBbUIsQ0FDM0Isb0VBQW9FLENBQ3JFLENBQUM7SUFDSixDQUFDO0FBQ0gsQ0FBQztBQUVEOzs7Ozs7OztHQVFHO0FBQ0ksS0FBSyxVQUFVLGNBQWMsQ0FBQyxFQUNuQyxPQUFPLEVBQ1AsYUFBYSxFQUNiLE9BQU8sRUFDUCw2QkFBNkIsR0FNOUI7SUFDQyxJQUFJLENBQUM7UUFDSCxPQUFPLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBQ2hDLE1BQU0sU0FBUyxHQUFHLElBQUEsd0JBQVksRUFDNUIsNkJBQTZCO1lBQzNCLElBQUEsa0NBQXNCLEVBQUMsSUFBQSw0QkFBaUIsRUFBQyxPQUFPLENBQUMsQ0FBQyxDQUNyRCxDQUFDO1FBRUYsTUFBTSxxQkFBcUIsR0FBMEIsSUFBQSxpQkFBTSxFQUN6RCwrQ0FBMkIsRUFDM0I7WUFDRSxPQUFPLEVBQUUsT0FBTztTQUNqQixDQUNGLENBQUM7UUFFRixNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUEsMkJBQWdCLEVBQUMsS0FBSyxJQUFJLEVBQUU7WUFDakQsT0FBTyxNQUFNLFNBQVMsQ0FBQyxjQUFjLENBQUMscUJBQXFCLENBQUMsQ0FBQztRQUMvRCxDQUFDLEVBQUUsYUFBYSxDQUFDLENBQUM7UUFFbEIsSUFBSSxRQUFRLENBQUMsc0JBQXNCLENBQUMsTUFBTSxLQUFLLE9BQU8sQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUM5RCxNQUFNLElBQUksOEJBQW1CLENBQzNCLFlBQVksT0FBTyxDQUFDLE1BQU0sNkNBQTZDLFFBQVEsQ0FBQyxzQkFBc0IsQ0FBQyxNQUFNLEVBQUUsQ0FDaEgsQ0FBQztRQUNKLENBQUM7UUFFRCxNQUFNLE9BQU8sR0FDWCxRQUFRLENBQUMsc0JBQXNCLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUU7WUFDMUMsSUFBSSxHQUFHLENBQUMsS0FBSyxLQUFLLFNBQVMsRUFBRSxDQUFDO2dCQUM1QixNQUFNLElBQUksOEJBQW1CLENBQUMseUJBQXlCLENBQUMsQ0FBQztZQUMzRCxDQUFDO1lBQ0QsTUFBTSxTQUFTLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxLQUFrQixDQUFDO1lBQy9DLE1BQU0sQ0FBQyxHQUFHLEdBQUcsQ0FBQyxNQUFtQixDQUFDO1lBQ2xDLE1BQU0sVUFBVSxHQUFHLElBQUEseUJBQWEsRUFBQyxDQUFDLENBQUMsQ0FBQztZQUNwQyxNQUFNLFdBQVcsR0FBRyxJQUFBLHlCQUFhLEVBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQ25ELE9BQU87Z0JBQ0wsTUFBTSxFQUFFLENBQUM7Z0JBQ1QsU0FBUyxFQUFFLElBQUEsaUNBQWlCLEVBQzFCLGlDQUFpQixDQUFDLEtBQUssRUFDdkIsVUFBOEIsRUFDOUIsV0FBVyxDQUNaO2dCQUNELG9CQUFvQixFQUFFLEdBQUcsQ0FBQyxTQUFTO2FBQ3BDLENBQUM7UUFDSixDQUFDLENBQUMsQ0FBQztRQUVMLE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1FBQ2YsSUFBSSxLQUFLLFlBQVksOEJBQW1CLEVBQUUsQ0FBQztZQUN6QyxNQUFNLEtBQUssQ0FBQztRQUNkLENBQUM7UUFDRCxNQUFNLElBQUksOEJBQW1CLENBQUMsMEJBQTBCLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFDbkUsQ0FBQztBQUNILENBQUMifQ==

package/dist/cjs/attestedreveal/index.d.ts

@@ -1 +0,0 @@
-export * from './types.js';

package/dist/cjs/attestedreveal/index.js

@@ -1,18 +0,0 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./types.js"), exports);
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXR0ZXN0ZWRyZXZlYWwvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDZDQUEyQiJ9

package/dist/cjs/attestedreveal/types.d.ts

@@ -1,7 +0,0 @@
-/**
- * Custom error class for attested reveal operations.
- */
-export declare class AttestedRevealError extends Error {
-    readonly cause?: unknown | undefined;
-    constructor(message: string, cause?: unknown | undefined);
-}

package/dist/cjs/attestedreveal/types.js

@@ -1,16 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.AttestedRevealError = void 0;
-/**
- * Custom error class for attested reveal operations.
- */
-class AttestedRevealError extends Error {
-    cause;
-    constructor(message, cause) {
-        super(message);
-        this.cause = cause;
-        this.name = 'AttestedRevealError';
-    }
-}
-exports.AttestedRevealError = AttestedRevealError;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXR0ZXN0ZWRyZXZlYWwvdHlwZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUE7O0dBRUc7QUFDSCxNQUFhLG1CQUFvQixTQUFRLEtBQUs7SUFHMUI7SUFGbEIsWUFDRSxPQUFlLEVBQ0MsS0FBZTtRQUUvQixLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7UUFGQyxVQUFLLEdBQUwsS0FBSyxDQUFVO1FBRy9CLElBQUksQ0FBQyxJQUFJLEdBQUcscUJBQXFCLENBQUM7SUFDcEMsQ0FBQztDQUNGO0FBUkQsa0RBUUMifQ==