@inco/js 0.9.0-devnet-test-10 → 0.10.0-devnet-2

package/dist/cjs/lite/types.d.ts

@@ -0,0 +1,47 @@
+import type { HexString } from '../binary.js';
+import type { BackoffConfig } from '../retry.js';
+import type { XwingKeypair } from './xwing.js';
+/**
+ * Options for attested methods when no reencrypt keys are provided.
+ * The KMS generates an ephemeral keypair and returns plaintext.
+ */
+export type AttestedOptsEphemeral = {
+    reencryptPubKey?: never;
+    reencryptKeypair?: never;
+    backoffConfig?: Partial<BackoffConfig>;
+};
+/**
+ * Options for attested methods when only a reencrypt public key is provided.
+ * The KMS encrypts the result under the provided key; caller receives ciphertext.
+ */
+export type AttestedOptsEncrypted = {
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair?: never;
+    backoffConfig?: Partial<BackoffConfig>;
+};
+/**
+ * Options for attested methods when both a reencrypt key and keypair are provided.
+ * The KMS reencrypts under the public key; the SDK decrypts locally using the keypair.
+ */
+export type AttestedOptsDecrypted = {
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair: XwingKeypair;
+    backoffConfig?: Partial<BackoffConfig>;
+};
+/** Union of all valid opts for attestedDecrypt / attestedCompute. */
+export type AttestedOpts = AttestedOptsEphemeral | AttestedOptsEncrypted | AttestedOptsDecrypted;
+/** Extends the base opts with voucher-specific fields for WithVoucher methods. */
+export type AttestedWithVoucherOptsEphemeral = AttestedOptsEphemeral & {
+    requesterArgData?: HexString;
+};
+export type AttestedWithVoucherOptsEncrypted = AttestedOptsEncrypted & {
+    requesterArgData?: HexString;
+};
+export type AttestedWithVoucherOptsDecrypted = AttestedOptsDecrypted & {
+    requesterArgData?: HexString;
+};
+export type AttestedWithVoucherOpts = AttestedWithVoucherOptsEphemeral | AttestedWithVoucherOptsEncrypted | AttestedWithVoucherOptsDecrypted;
+/** Options for attestedReveal. */
+export type AttestedRevealOpts = {
+    backoffConfig?: Partial<BackoffConfig>;
+};

package/dist/cjs/lite/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGl0ZS90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIn0=

package/dist/cjs/lite/xwing.d.ts

@@ -5,8 +5,33 @@ import { PubKeyEncodable } from '../reencryption/index.js';
  * Combining ML-KEM-768 (1184 bytes) and X25519 (32 bytes).
  */
 export declare const XWING_PUBLIC_KEY_SIZE: number;
+/**
+ * WARNING: TEST KEY - DO NOT USE IN PRODUCTION
+ * This is a well-known test seed (all zeros) that provides NO security.
+ * Anyone can derive the private key from this seed and decrypt all data.
+ * Only use for local development and testing.
+ */
 export declare const TEST_NETWORK_SEED_KEY = "0x0000000000000000000000000000000000000000000000000000000000000000";
+/**
+ * WARNING: TEST KEY - DO NOT USE IN PRODUCTION
+ * This is the public key derived from TEST_NETWORK_SEED_KEY (all zeros).
+ * Data encrypted with this key can be decrypted by anyone who knows the seed.
+ * Only use for local development and testing.
+ *
+ * Generated from Go with seed of all zeros using HPKE layer: hpke.KEM_XWING.Scheme().DeriveKeyPair(seed)
+ * This matches the key used in covalidator's GetXwingPrivateKeyForTesting() via DeriveXwingPrivateKey
+ */
 export declare const TEST_NETWORK_XWING_PUBKEY = "0xca882388911c7c762aafc20debd63e845b3bed28c9d5262cdea7771fb31bd660a1ae7b395a9a7df3d12c7b118e8eda5057572c1ba05cd9b635edf33dabca4cac7291e0848f19c20e5beb850c3818f3543d49b3a5c729cb86a28fda539775d04feda112fe0c81d138aaf623aea7d507a4e826e890105db6065a44aba76a10d771c00d1b33f4ac51869806aae18eada68f19047024542d64a7aa1c91a5e1aa49d93613b5224b415bcc7aa166e4b55033438d20c641f9664fdb1689b53208181463e3d1325d46b30f07c5945b7e3fa1418bf833d975258461b294664eaf60795964924a280729c10a37fc6e967440bdd55d4ca53596286383481291152365303d44517cef369c00933b0b30368a230353e729c031075e8388673678a56b3ba84a165b28096ee9bd684483e1844258b451c365c41fa534152a3b64120041450128e960c7d6437d717ee266bdde7aaeec225ed93b958d188e97407349f1382976ca47d761ecc59a6f394487eb015c083abb490584677240eb47f838c838568a496119378b8bb81484610a50792b5d9c9939db188e7d0249d3cb918c436f111a2898849b286b0743a22c57464c709c5eaceac1ba493adca3328c0b14b5e38d3aea74e328b622b17e7181c35ad11c2103bdb7f2b209d93dcbc4ab61a06bc37139e6d2b7a06c5b7e9267bef3a8918a706f793271a5acc2574532da79e5a10cf074b998147a3c43586a411a513bba0d11cc19a36c83b19277f28022c88b120abfdba7076a8263e05336e3245aef7033eb3c762b5bbfa5791ac960398b649d5cbb652ddc6b2398143a0861ab3b410b696328879c099098adf819fbf7ac170030e86675e7f45c22ac9e1cf52c3102487bb0b91ab592afdc69c6e3a9b71876b86260b6c736b8291098f1130d3b763525cbad540ce2d042eacb6ed43b7bcba898f712c412f26066e09945f44ec7026c8ef959831abc10719d2017a12a41728b41c02371a5f5756ebc79406be708ea41bbd21563c874a0b791a3b4e4224a609967004f065c5ab4f3b4c61cb35df70573269da53179c3701fc5205f61974426f9b794c1b5826494b70842b6920c17752029369264dc8590b898b85c9d89a258e1f46c1b0490efd17c485cb51687cea272041e90b8e629521d3c5e3fa7518161bad7a159295b63cc6c0077897b53d47db8bc0ecb820f550705b65715a1a1094d04854f56acd26aa0baa10cb8447fad6211f53105796a42882328e6852e8de821c283b51eaab9bc95c4dc53615626049d63b1f9a457193805276b1905b0ab39353b5cf91fdd6023d4d816aef9cce4a3cfb3d12190172df221ae61d427563a098cc60e3dc9997ef54959180be5dc64a911157db6be3a01be2ee343caab33b8729abf0c50c674758c511291941fceac646232920907c2e88b9ec10211161729c797643a553a6ae5c4b7483c04e3263bd291e311c609071348b7c3310aa97d6b8318e0a4afe8399fa22f951049a9bb8860f7c69a333d3cc1aaf0129ab560713bf29eb3a01f9a276c78e54e3a3648b2447c80242b271b11406866389426d8b59796540d6b5702092ab21ee217c075cfc0c17ef826ce9ea29b9e61617457a5b1aaa23a58615dc53c59183beb36ea19498c21820b70ab47adeb678f1c52bf8768b3597b608ea1a8a15cd62e8a29bec4a1ac248ef9f02de0144bca06025f95a42bd6c8eaaaaaa2366328561d";
+/**
+ * Check if a byte array matches the test seed key.
+ * Logs a warning if it does.
+ */
+export declare function warnIfTestSeed(seed: Uint8Array): boolean;
+/**
+ * Check if a byte array matches the test public key.
+ * Logs a warning if it does.
+ */
+export declare function warnIfTestPubKey(pubKeyBytes: Uint8Array): boolean;
 /**
  * X-Wing keypair interface.
  * X-Wing is a post-quantum hybrid KEM combining ML-KEM-768 and X25519.
@@ -72,7 +97,7 @@ export type XwingDecryptorArgs = {
 /**
  * Encrypt using X-Wing HPKE (RFC 9180) with ChaCha20-Poly1305 AEAD.
  *
- * Output format: encappedKey (1184 bytes) || ciphertext (variable length)
+ * Output format: encappedKey (1120 bytes) || ciphertext (variable length)
  *
  * @param pubKeyA - Recipient's public key
  * @param msg - Message to encrypt
@@ -84,7 +109,7 @@ export declare function encrypt(pubKeyA: CryptoKey, msg: Uint8Array, aad?: Uint8
 /**
  * Decrypt using X-Wing HPKE (RFC 9180) with ChaCha20-Poly1305 AEAD.
  *
- * Input format: encappedKey (1184 bytes) || ciphertext (variable length)
+ * Input format: encappedKey (1120 bytes) || ciphertext (variable length)
  *
  * @param privKeyA - Recipient's private key
  * @param encryptedData - Encrypted data (encappedKey || ciphertext)
@@ -121,3 +146,9 @@ export declare function getXwingEncryptor({ pubKeyA, }: XwingEncryptorArgs): Enc
  * @returns Decryptor function
  */
 export declare function getXwingDecryptor({ privKeyA, }: XwingDecryptorArgs): Decryptor<XwingScheme>;
+/**
+ * Returns true if the raw public key bytes match the public key encoded by the keypair.
+ * Used to catch caller mistakes before sending the keypair to the covalidator, where a
+ * mismatch would produce a cryptic signature error instead of a clear failure.
+ */
+export declare function reencryptPublicKeysMatch(reencryptPubKey: Uint8Array, reencryptKeypair: XwingKeypair): boolean;

package/dist/cjs/lite/xwing.js

@@ -1,6 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.TEST_NETWORK_XWING_PUBKEY = exports.TEST_NETWORK_SEED_KEY = exports.XWING_PUBLIC_KEY_SIZE = void 0;
+exports.warnIfTestSeed = warnIfTestSeed;
+exports.warnIfTestPubKey = warnIfTestPubKey;
 exports.deriveXwingKeypairFromSeed = deriveXwingKeypairFromSeed;
 exports.generateXwingKeypair = generateXwingKeypair;
 exports.decodeXwingPublicKey = decodeXwingPublicKey;
@@ -10,6 +12,7 @@ exports.encrypt = encrypt;
 exports.decrypt = decrypt;
 exports.getXwingEncryptor = getXwingEncryptor;
 exports.getXwingDecryptor = getXwingDecryptor;
+exports.reencryptPublicKeysMatch = reencryptPublicKeysMatch;
 const chacha20poly1305_1 = require("@hpke/chacha20poly1305");
 const core_1 = require("@hpke/core");
 const hybridkem_x_wing_1 = require("@hpke/hybridkem-x-wing");
@@ -25,12 +28,49 @@ const xwingKem = new hybridkem_x_wing_1.XWing();
  * Combining ML-KEM-768 (1184 bytes) and X25519 (32 bytes).
  */
 exports.XWING_PUBLIC_KEY_SIZE = xwingKem.publicKeySize;
-// Test network private key for testing
+/**
+ * WARNING: TEST KEY - DO NOT USE IN PRODUCTION
+ * This is a well-known test seed (all zeros) that provides NO security.
+ * Anyone can derive the private key from this seed and decrypt all data.
+ * Only use for local development and testing.
+ */
 exports.TEST_NETWORK_SEED_KEY = '0x0000000000000000000000000000000000000000000000000000000000000000';
-// Test network X-Wing public key (1216 bytes)
-// Generated from Go with seed of all zeros using HPKE layer: hpke.KEM_XWING.Scheme().DeriveKeyPair(seed)
-// This matches the key used in covalidator's GetXwingPrivateKeyForTesting() via DeriveXwingPrivateKey
+const TEST_NETWORK_SEED_BYTES = (0, binary_js_1.bytesFromHexString)(exports.TEST_NETWORK_SEED_KEY);
+/**
+ * WARNING: TEST KEY - DO NOT USE IN PRODUCTION
+ * This is the public key derived from TEST_NETWORK_SEED_KEY (all zeros).
+ * Data encrypted with this key can be decrypted by anyone who knows the seed.
+ * Only use for local development and testing.
+ *
+ * Generated from Go with seed of all zeros using HPKE layer: hpke.KEM_XWING.Scheme().DeriveKeyPair(seed)
+ * This matches the key used in covalidator's GetXwingPrivateKeyForTesting() via DeriveXwingPrivateKey
+ */
 exports.TEST_NETWORK_XWING_PUBKEY = '0xca882388911c7c762aafc20debd63e845b3bed28c9d5262cdea7771fb31bd660a1ae7b395a9a7df3d12c7b118e8eda5057572c1ba05cd9b635edf33dabca4cac7291e0848f19c20e5beb850c3818f3543d49b3a5c729cb86a28fda539775d04feda112fe0c81d138aaf623aea7d507a4e826e890105db6065a44aba76a10d771c00d1b33f4ac51869806aae18eada68f19047024542d64a7aa1c91a5e1aa49d93613b5224b415bcc7aa166e4b55033438d20c641f9664fdb1689b53208181463e3d1325d46b30f07c5945b7e3fa1418bf833d975258461b294664eaf60795964924a280729c10a37fc6e967440bdd55d4ca53596286383481291152365303d44517cef369c00933b0b30368a230353e729c031075e8388673678a56b3ba84a165b28096ee9bd684483e1844258b451c365c41fa534152a3b64120041450128e960c7d6437d717ee266bdde7aaeec225ed93b958d188e97407349f1382976ca47d761ecc59a6f394487eb015c083abb490584677240eb47f838c838568a496119378b8bb81484610a50792b5d9c9939db188e7d0249d3cb918c436f111a2898849b286b0743a22c57464c709c5eaceac1ba493adca3328c0b14b5e38d3aea74e328b622b17e7181c35ad11c2103bdb7f2b209d93dcbc4ab61a06bc37139e6d2b7a06c5b7e9267bef3a8918a706f793271a5acc2574532da79e5a10cf074b998147a3c43586a411a513bba0d11cc19a36c83b19277f28022c88b120abfdba7076a8263e05336e3245aef7033eb3c762b5bbfa5791ac960398b649d5cbb652ddc6b2398143a0861ab3b410b696328879c099098adf819fbf7ac170030e86675e7f45c22ac9e1cf52c3102487bb0b91ab592afdc69c6e3a9b71876b86260b6c736b8291098f1130d3b763525cbad540ce2d042eacb6ed43b7bcba898f712c412f26066e09945f44ec7026c8ef959831abc10719d2017a12a41728b41c02371a5f5756ebc79406be708ea41bbd21563c874a0b791a3b4e4224a609967004f065c5ab4f3b4c61cb35df70573269da53179c3701fc5205f61974426f9b794c1b5826494b70842b6920c17752029369264dc8590b898b85c9d89a258e1f46c1b0490efd17c485cb51687cea272041e90b8e629521d3c5e3fa7518161bad7a159295b63cc6c0077897b53d47db8bc0ecb820f550705b65715a1a1094d04854f56acd26aa0baa10cb8447fad6211f53105796a42882328e6852e8de821c283b51eaab9bc95c4dc53615626049d63b1f9a457193805276b1905b0ab39353b5cf91fdd6023d4d816aef9cce4a3cfb3d12190172df221ae61d427563a098cc60e3dc9997ef54959180be5dc64a911157db6be3a01be2ee343caab33b8729abf0c50c674758c511291941fceac646232920907c2e88b9ec10211161729c797643a553a6ae5c4b7483c04e3263bd291e311c609071348b7c3310aa97d6b8318e0a4afe8399fa22f951049a9bb8860f7c69a333d3cc1aaf0129ab560713bf29eb3a01f9a276c78e54e3a3648b2447c80242b271b11406866389426d8b59796540d6b5702092ab21ee217c075cfc0c17ef826ce9ea29b9e61617457a5b1aaa23a58615dc53c59183beb36ea19498c21820b70ab47adeb678f1c52bf8768b3597b608ea1a8a15cd62e8a29bec4a1ac248ef9f02de0144bca06025f95a42bd6c8eaaaaaa2366328561d';
+const TEST_NETWORK_PUBKEY_BYTES = (0, binary_js_1.bytesFromHexString)(exports.TEST_NETWORK_XWING_PUBKEY);
+/**
+ * Check if a byte array matches the test seed key.
+ * Logs a warning if it does.
+ */
+function warnIfTestSeed(seed) {
+    const isTestSeed = seed.every((byte, i) => byte === TEST_NETWORK_SEED_BYTES[i]);
+    if (isTestSeed) {
+        console.warn('WARNING: Using TEST_NETWORK_SEED_KEY. This key provides no security ' +
+            'and should only be used for local development and testing.');
+    }
+    return isTestSeed;
+}
+/**
+ * Check if a byte array matches the test public key.
+ * Logs a warning if it does.
+ */
+function warnIfTestPubKey(pubKeyBytes) {
+    const isTestPubKey = pubKeyBytes.every((byte, i) => byte === TEST_NETWORK_PUBKEY_BYTES[i]);
+    if (isTestPubKey) {
+        console.warn('WARNING: Using TEST_NETWORK_XWING_PUBKEY. Data encrypted with this key ' +
+            'can be decrypted by anyone. Only use for local development and testing.');
+    }
+    return isTestPubKey;
+}
 /**
  * Create HPKE cipher suite with X-Wing KEM, HKDF-SHA256, and ChaCha20-Poly1305 AEAD.
  * This configuration provides post-quantum security with hybrid classical/PQ encryption.
@@ -59,6 +99,7 @@ async function deriveXwingKeypairFromSeed(seed) {
     if (seed.length !== 32) {
         throw new Error(`Invalid X-Wing seed length: expected 32 bytes, got ${seed.length}`);
     }
+    warnIfTestSeed(seed);
     const suite = await createXwingSuite();
     // Create a fresh ArrayBuffer copy to avoid SharedArrayBuffer issues
     const seedCopy = new Uint8Array(seed);
@@ -102,6 +143,7 @@ async function decodeXwingPublicKey(pubKeyBytes) {
     if (pubKeyBytes.length !== suite.kem.publicKeySize) {
         throw new Error(`Invalid X-Wing public key length: expected ${exports.XWING_PUBLIC_KEY_SIZE} bytes, got ${pubKeyBytes.length}`);
     }
+    warnIfTestPubKey(pubKeyBytes);
     // Create a fresh ArrayBuffer copy to avoid SharedArrayBuffer issues
     const pubKeyCopy = new Uint8Array(pubKeyBytes);
     return await suite.kem.deserializePublicKey(pubKeyCopy.buffer);
@@ -129,7 +171,7 @@ async function encodeXwingPublicKey(publicKey) {
 /**
  * Encrypt using X-Wing HPKE (RFC 9180) with ChaCha20-Poly1305 AEAD.
  *
- * Output format: encappedKey (1184 bytes) || ciphertext (variable length)
+ * Output format: encappedKey (1120 bytes) || ciphertext (variable length)
  *
  * @param pubKeyA - Recipient's public key
  * @param msg - Message to encrypt
@@ -139,6 +181,9 @@ async function encodeXwingPublicKey(publicKey) {
  */
 async function encrypt(pubKeyA, msg, aad = new Uint8Array(0), info = new Uint8Array(0)) {
     const suite = await createXwingSuite();
+    // Warn if using the insecure test public key
+    const pubKeyBytes = new Uint8Array(await suite.kem.serializePublicKey(pubKeyA));
+    warnIfTestPubKey(pubKeyBytes);
     // Create fresh ArrayBuffer copies to avoid SharedArrayBuffer issues
     const infoCopy = new Uint8Array(info);
     const sender = await suite.createSenderContext({
@@ -158,7 +203,7 @@ async function encrypt(pubKeyA, msg, aad = new Uint8Array(0), info = new Uint8Ar
 /**
  * Decrypt using X-Wing HPKE (RFC 9180) with ChaCha20-Poly1305 AEAD.
  *
- * Input format: encappedKey (1184 bytes) || ciphertext (variable length)
+ * Input format: encappedKey (1120 bytes) || ciphertext (variable length)
  *
  * @param privKeyA - Recipient's private key
  * @param encryptedData - Encrypted data (encappedKey || ciphertext)
@@ -272,4 +317,14 @@ function getXwingDecryptor({ privKeyA, }) {
         return (0, encryption_js_1.bytesToPlaintext)(computable.value.value, encryption_js_1.encryptionSchemes.xwing, typ);
     };
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoieHdpbmcuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGl0ZS94d2luZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFpRkEsZ0VBMEJDO0FBT0Qsb0RBZUM7QUFRRCxvREFhQztBQVNELHNEQUlDO0FBUUQsb0RBS0M7QUE2QkQsMEJBNEJDO0FBYUQsMEJBb0NDO0FBZUQsOENBc0RDO0FBZUQsOENBNENDO0FBMVpELDZEQUEwRDtBQUMxRCxxQ0FBcUQ7QUFDckQsNkRBQStDO0FBQy9DLDRDQUF5RTtBQUN6RSwrREFjcUM7QUFDckMsNENBQStEO0FBRS9ELDRDQUFxQztBQUNyQyx1Q0FBcUQ7QUFFckQsd0NBQXdDO0FBQ3hDLE1BQU0sUUFBUSxHQUFHLElBQUksd0JBQUssRUFBRSxDQUFDO0FBRTdCOzs7R0FHRztBQUNVLFFBQUEscUJBQXFCLEdBQUcsUUFBUSxDQUFDLGFBQWEsQ0FBQztBQUU1RCx1Q0FBdUM7QUFDMUIsUUFBQSxxQkFBcUIsR0FDaEMsb0VBQW9FLENBQUM7QUFFdkUsOENBQThDO0FBQzlDLHlHQUF5RztBQUN6RyxzR0FBc0c7QUFDekYsUUFBQSx5QkFBeUIsR0FDcEMsbzRFQUFvNEUsQ0FBQztBQWV2NEU7Ozs7O0dBS0c7QUFDSCxLQUFLLFVBQVUsZ0JBQWdCO0lBQzdCLE1BQU0sR0FBRyxHQUFHLElBQUksd0JBQUssRUFBRSxDQUFDO0lBQ3hCLHFFQUFxRTtJQUNyRSxpRkFBaUY7SUFDakYsTUFBTSxHQUFHLENBQUMsTUFBTSxFQUFFLENBQUM7SUFDbkIsT0FBTyxJQUFJLGtCQUFXLENBQUM7UUFDckIsR0FBRztRQUNILEdBQUcsRUFBRSxJQUFJLGlCQUFVLEVBQUU7UUFDckIsSUFBSSxFQUFFLElBQUksbUNBQWdCLEVBQUU7S0FDN0IsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVEOzs7Ozs7R0FNRztBQUNJLEtBQUssVUFBVSwwQkFBMEIsQ0FDOUMsSUFBZ0I7SUFFaEIsSUFBSSxJQUFJLENBQUMsTUFBTSxLQUFLLEVBQUUsRUFBRSxDQUFDO1FBQ3ZCLE1BQU0sSUFBSSxLQUFLLENBQ2Isc0RBQXNELElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FDcEUsQ0FBQztJQUNKLENBQUM7SUFFRCxNQUFNLEtBQUssR0FBRyxNQUFNLGdCQUFnQixFQUFFLENBQUM7SUFDdkMsb0VBQW9FO0lBQ3BFLE1BQU0sUUFBUSxHQUFHLElBQUksVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBRXRDLE1BQU0sT0FBTyxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQy9ELE1BQU0sY0FBYyxHQUFHLElBQUksVUFBVSxDQUNuQyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUN0RCxDQUFDO0lBRUYsT0FBTztRQUNMLE1BQU0sRUFBRSxpQ0FBaUIsQ0FBQyxLQUFLO1FBQy9CLFNBQVMsRUFBRSxPQUFPLENBQUMsU0FBUztRQUM1QixVQUFVLEVBQUUsT0FBTyxDQUFDLFVBQVU7UUFDOUIsZUFBZTtZQUNiLE9BQU8sY0FBYyxDQUFDO1FBQ3hCLENBQUM7S0FDRixDQUFDO0FBQ0osQ0FBQztBQUVEOzs7O0dBSUc7QUFDSSxLQUFLLFVBQVUsb0JBQW9CO0lBQ3hDLE1BQU0sS0FBSyxHQUFHLE1BQU0sZ0JBQWdCLEVBQUUsQ0FBQztJQUN2QyxNQUFNLE9BQU8sR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsZUFBZSxFQUFFLENBQUM7SUFDbEQsTUFBTSxjQUFjLEdBQUcsSUFBSSxVQUFVLENBQ25DLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLENBQ3RELENBQUM7SUFFRixPQUFPO1FBQ0wsTUFBTSxFQUFFLGlDQUFpQixDQUFDLEtBQUs7UUFDL0IsU0FBUyxFQUFFLE9BQU8sQ0FBQyxTQUFTO1FBQzVCLFVBQVUsRUFBRSxPQUFPLENBQUMsVUFBVTtRQUM5QixlQUFlO1lBQ2IsT0FBTyxjQUFjLENBQUM7UUFDeEIsQ0FBQztLQUNGLENBQUM7QUFDSixDQUFDO0FBRUQ7Ozs7O0dBS0c7QUFDSSxLQUFLLFVBQVUsb0JBQW9CLENBQ3hDLFdBQXVCO0lBRXZCLE1BQU0sS0FBSyxHQUFHLE1BQU0sZ0JBQWdCLEVBQUUsQ0FBQztJQUN2QyxJQUFJLFdBQVcsQ0FBQyxNQUFNLEtBQUssS0FBSyxDQUFDLEdBQUcsQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUNuRCxNQUFNLElBQUksS0FBSyxDQUNiLDhDQUE4Qyw2QkFBcUIsZUFBZSxXQUFXLENBQUMsTUFBTSxFQUFFLENBQ3ZHLENBQUM7SUFDSixDQUFDO0lBQ0Qsb0VBQW9FO0lBQ3BFLE1BQU0sVUFBVSxHQUFHLElBQUksVUFBVSxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBRS9DLE9BQU8sTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLG9CQUFvQixDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQztBQUNqRSxDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0ksS0FBSyxVQUFVLHFCQUFxQixDQUN6QyxJQUFnQjtJQUVoQixPQUFPLE1BQU0sMEJBQTBCLENBQUMsSUFBSSxDQUFDLENBQUM7QUFDaEQsQ0FBQztBQUVEOzs7OztHQUtHO0FBQ0ksS0FBSyxVQUFVLG9CQUFvQixDQUN4QyxTQUFvQjtJQUVwQixNQUFNLEtBQUssR0FBRyxNQUFNLGdCQUFnQixFQUFFLENBQUM7SUFDdkMsT0FBTyxJQUFJLFVBQVUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsa0JBQWtCLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQztBQUN2RSxDQUFDO0FBa0JEOzs7Ozs7Ozs7O0dBVUc7QUFDSSxLQUFLLFVBQVUsT0FBTyxDQUMzQixPQUFrQixFQUNsQixHQUFlLEVBQ2YsTUFBa0IsSUFBSSxVQUFVLENBQUMsQ0FBQyxDQUFDLEVBQ25DLE9BQW1CLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQztJQUVwQyxNQUFNLEtBQUssR0FBRyxNQUFNLGdCQUFnQixFQUFFLENBQUM7SUFFdkMsb0VBQW9FO0lBQ3BFLE1BQU0sUUFBUSxHQUFHLElBQUksVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBRXRDLE1BQU0sTUFBTSxHQUFHLE1BQU0sS0FBSyxDQUFDLG1CQUFtQixDQUFDO1FBQzdDLGtCQUFrQixFQUFFLE9BQU87UUFDM0IsSUFBSSxFQUFFLFFBQVEsQ0FBQyxNQUFNO0tBQ3RCLENBQUMsQ0FBQztJQUVILE1BQU0sT0FBTyxHQUFHLElBQUksVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3BDLE1BQU0sT0FBTyxHQUFHLElBQUksVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBRXBDLE1BQU0sVUFBVSxHQUFHLE1BQU0sTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUNyRSxNQUFNLFdBQVcsR0FBRyxNQUFNLENBQUMsR0FBRyxDQUFDO0lBRS9CLHlDQUF5QztJQUN6QyxNQUFNLE1BQU0sR0FBRyxJQUFJLFVBQVUsQ0FBQyxXQUFXLENBQUMsVUFBVSxHQUFHLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUM5RSxNQUFNLENBQUMsR0FBRyxDQUFDLElBQUksVUFBVSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQzNDLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxVQUFVLENBQUMsVUFBVSxDQUFDLEVBQUUsV0FBVyxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBRS9ELE9BQU8sTUFBTSxDQUFDO0FBQ2hCLENBQUM7QUFFRDs7Ozs7Ozs7OztHQVVHO0FBQ0ksS0FBSyxVQUFVLE9BQU8sQ0FDM0IsUUFBc0IsRUFDdEIsYUFBeUIsRUFDekIsTUFBa0IsSUFBSSxVQUFVLENBQUMsQ0FBQyxDQUFDLEVBQ25DLE9BQW1CLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQztJQUVwQyxNQUFNLEtBQUssR0FBRyxNQUFNLGdCQUFnQixFQUFFLENBQUM7SUFFdkMsNENBQTRDO0lBQzVDLE1BQU0sZUFBZSxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDO0lBQzFDLElBQUksYUFBYSxDQUFDLE1BQU0sR0FBRyxlQUFlLEVBQUUsQ0FBQztRQUMzQyxNQUFNLElBQUksS0FBSyxDQUNiLDJEQUEyRCxlQUFlLGVBQWUsYUFBYSxDQUFDLE1BQU0sRUFBRSxDQUNoSCxDQUFDO0lBQ0osQ0FBQztJQUVELG1DQUFtQztJQUNuQyxNQUFNLFdBQVcsR0FBRyxhQUFhLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxlQUFlLENBQUMsQ0FBQztJQUM1RCxNQUFNLFVBQVUsR0FBRyxhQUFhLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FBQyxDQUFDO0lBRXhELG9FQUFvRTtJQUNwRSxNQUFNLFFBQVEsR0FBRyxJQUFJLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUN0QyxNQUFNLE9BQU8sR0FBRyxJQUFJLFVBQVUsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUU1QyxNQUFNLFNBQVMsR0FBRyxNQUFNLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQztRQUNuRCxZQUFZLEVBQUUsUUFBUSxDQUFDLFVBQVU7UUFDakMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxNQUFNO1FBQ25CLElBQUksRUFBRSxRQUFRLENBQUMsTUFBTTtLQUN0QixDQUFDLENBQUM7SUFFSCxNQUFNLE1BQU0sR0FBRyxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUMxQyxNQUFNLE9BQU8sR0FBRyxJQUFJLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUVwQyxNQUFNLFNBQVMsR0FBRyxNQUFNLFNBQVMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7SUFFdEUsT0FBTyxJQUFJLFVBQVUsQ0FBQyxTQUFTLENBQUMsQ0FBQztBQUNuQyxDQUFDO0FBRUQ7Ozs7Ozs7Ozs7OztHQVlHO0FBQ0gsU0FBZ0IsaUJBQWlCLENBQUMsRUFDaEMsT0FBTyxHQUNZO0lBQ25CLE9BQU8sS0FBSyxFQUE4QixFQUN4QyxTQUFTLEVBQ1QsT0FBTyxHQUNnQyxFQUV2QyxFQUFFO1FBQ0YsSUFBSSxTQUFTLENBQUMsTUFBTSxLQUFLLGlDQUFpQixDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ2pELE1BQU0sSUFBSSxLQUFLLENBQ2IseUJBQXlCLElBQUEsdUNBQXVCLEVBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxrQ0FBa0MsQ0FDckcsQ0FBQztRQUNKLENBQUM7UUFFRCxnREFBZ0Q7UUFDaEQsTUFBTSwyQkFBMkIsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUM3QyxJQUFBLHFCQUFXLEVBQUMsRUFBRSxTQUFTLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FDcEMsQ0FBQztRQUVGLGdEQUFnRDtRQUNoRCxNQUFNLEdBQUcsR0FBRyxJQUFJLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUM5QixNQUFNLElBQUksR0FBRyxJQUFJLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUMvQixNQUFNLEVBQUUsR0FBRyxNQUFNLE9BQU8sQ0FBQyxPQUFPLEVBQUUsMkJBQTJCLEVBQUUsR0FBRyxFQUFFLElBQUksQ0FBQyxDQUFDO1FBRTFFLHVEQUF1RDtRQUN2RCxNQUFNLFNBQVMsR0FBRyxJQUFBLDRCQUFnQixFQUFDO1lBQ2pDLFVBQVUsRUFBRSxFQUFFO1lBQ2QsVUFBVSxFQUFFLFNBQVMsQ0FBQyxJQUFJO1lBQzFCLFdBQVcsRUFBRSxDQUFDO1lBQ2QsYUFBYSxFQUFFLENBQUM7U0FDakIsQ0FBQyxDQUFDO1FBRUgsTUFBTSxNQUFNLEdBQUcsSUFBQSx5QkFBYSxFQUFDO1lBQzNCLFNBQVM7WUFDVCxPQUFPLEVBQUUsT0FBTztTQUNqQixDQUFDLENBQUM7UUFFSCxPQUFPO1lBQ0wsU0FBUyxFQUFFLElBQUEscUJBQVMsRUFBQyxTQUFTLENBQUM7WUFDL0IsTUFBTSxFQUFFLElBQUEscUJBQVMsRUFBQyxNQUFNLENBQUM7WUFDekIsT0FBTztZQUNQLFVBQVUsRUFBRTtnQkFDVixNQUFNLEVBQUUsaUNBQWlCLENBQUMsS0FBSztnQkFDL0IsSUFBSSxFQUFFLFNBQVMsQ0FBQyxJQUFJO2dCQUNwQiwwREFBMEQ7Z0JBQzFELEtBQUssRUFBRSxJQUFBLHFDQUFxQixFQUMxQixPQUFPLENBQUMsT0FBTyxFQUNmLElBQUEsc0JBQVUsRUFBQyxNQUFNLENBQUMsRUFDbEIsSUFBQSxzQkFBVSxFQUFDLEVBQUUsQ0FBQyxDQUNmO2FBQ0Y7U0FDRixDQUFDO0lBQ0osQ0FBQyxDQUFDO0FBQ0osQ0FBQztBQUVEOzs7Ozs7Ozs7Ozs7R0FZRztBQUNILFNBQWdCLGlCQUFpQixDQUFDLEVBQ2hDLFFBQVEsR0FDVztJQUNuQixPQUFPLEtBQUssRUFBOEIsRUFDeEMsTUFBTSxFQUNOLEtBQUssR0FDd0IsRUFBd0MsRUFBRTtRQUN2RSxJQUFJLE1BQU0sS0FBSyxpQ0FBaUIsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUN2QyxNQUFNLElBQUksS0FBSyxDQUNiLDBCQUEwQixJQUFBLHVDQUF1QixFQUFDLE1BQU0sQ0FBQyxrQ0FBa0MsQ0FDNUYsQ0FBQztRQUNKLENBQUM7UUFFRCw4QkFBOEI7UUFDOUIsTUFBTSxFQUFFLFVBQVUsRUFBRSxHQUFHLElBQUEscUNBQXFCLEVBQUMsS0FBSyxDQUFDLENBQUM7UUFFcEQsZ0RBQWdEO1FBQ2hELE1BQU0sR0FBRyxHQUFHLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQzlCLE1BQU0sSUFBSSxHQUFHLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQy9CLE1BQU0sS0FBSyxHQUFHLE1BQU0sT0FBTyxDQUN6QixRQUFRLEVBQ1IsSUFBQSw4QkFBa0IsRUFBQyxVQUFVLENBQUMsRUFDOUIsR0FBRyxFQUNILElBQUksQ0FDTCxDQUFDO1FBRUYsOEJBQThCO1FBQzlCLE1BQU0sT0FBTyxHQUFHLElBQUEscUJBQVcsRUFBQyxLQUFLLENBQUMsQ0FBQztRQUNuQyxNQUFNLFVBQVUsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDO1FBRWpDLElBQUksVUFBVSxDQUFDLElBQUksS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUNqQyxNQUFNLElBQUksS0FBSyxDQUNiLGlIQUFpSCxDQUNsSCxDQUFDO1FBQ0osQ0FBQztRQUVELCtCQUErQjtRQUMvQixNQUFNLEdBQUcsR0FBRyxJQUFBLGlCQUFLLEVBQUMsZ0NBQWdCLEVBQUUsVUFBVSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMzRCxPQUFPLElBQUEsZ0NBQWdCLEVBQ3JCLFVBQVUsQ0FBQyxLQUFLLENBQUMsS0FBSyxFQUN0QixpQ0FBaUIsQ0FBQyxLQUFLLEVBQ3ZCLEdBQUcsQ0FDMkIsQ0FBQztJQUNuQyxDQUFDLENBQUM7QUFDSixDQUFDIn0=
+/**
+ * Returns true if the raw public key bytes match the public key encoded by the keypair.
+ * Used to catch caller mistakes before sending the keypair to the covalidator, where a
+ * mismatch would produce a cryptic signature error instead of a clear failure.
+ */
+function reencryptPublicKeysMatch(reencryptPubKey, reencryptKeypair) {
+    const keypairPubKey = reencryptKeypair.encodePublicKey();
+    return (keypairPubKey.length === reencryptPubKey.length &&
+        keypairPubKey.every((byte, i) => byte === reencryptPubKey[i]));
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoieHdpbmcuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGl0ZS94d2luZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUE4REEsd0NBV0M7QUFNRCw0Q0FXQztBQXdDRCxnRUE0QkM7QUFPRCxvREFlQztBQVFELG9EQWdCQztBQVNELHNEQUlDO0FBUUQsb0RBS0M7QUE2QkQsMEJBa0NDO0FBYUQsMEJBb0NDO0FBZUQsOENBc0RDO0FBZUQsOENBNENDO0FBT0QsNERBU0M7QUF0ZUQsNkRBQTBEO0FBQzFELHFDQUFxRDtBQUNyRCw2REFBK0M7QUFDL0MsNENBQXlFO0FBQ3pFLCtEQWNxQztBQUNyQyw0Q0FBK0Q7QUFFL0QsNENBQXFDO0FBQ3JDLHVDQUFxRDtBQUVyRCx3Q0FBd0M7QUFDeEMsTUFBTSxRQUFRLEdBQUcsSUFBSSx3QkFBSyxFQUFFLENBQUM7QUFFN0I7OztHQUdHO0FBQ1UsUUFBQSxxQkFBcUIsR0FBRyxRQUFRLENBQUMsYUFBYSxDQUFDO0FBRTVEOzs7OztHQUtHO0FBQ1UsUUFBQSxxQkFBcUIsR0FDaEMsb0VBQW9FLENBQUM7QUFFdkUsTUFBTSx1QkFBdUIsR0FBRyxJQUFBLDhCQUFrQixFQUFDLDZCQUFxQixDQUFDLENBQUM7QUFFMUU7Ozs7Ozs7O0dBUUc7QUFDVSxRQUFBLHlCQUF5QixHQUNwQyxvNEVBQW80RSxDQUFDO0FBRXY0RSxNQUFNLHlCQUF5QixHQUFHLElBQUEsOEJBQWtCLEVBQUMsaUNBQXlCLENBQUMsQ0FBQztBQUVoRjs7O0dBR0c7QUFDSCxTQUFnQixjQUFjLENBQUMsSUFBZ0I7SUFDN0MsTUFBTSxVQUFVLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FDM0IsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxJQUFJLEtBQUssdUJBQXVCLENBQUMsQ0FBQyxDQUFDLENBQ2pELENBQUM7SUFDRixJQUFJLFVBQVUsRUFBRSxDQUFDO1FBQ2YsT0FBTyxDQUFDLElBQUksQ0FDVixzRUFBc0U7WUFDcEUsNERBQTRELENBQy9ELENBQUM7SUFDSixDQUFDO0lBQ0QsT0FBTyxVQUFVLENBQUM7QUFDcEIsQ0FBQztBQUVEOzs7R0FHRztBQUNILFNBQWdCLGdCQUFnQixDQUFDLFdBQXVCO0lBQ3RELE1BQU0sWUFBWSxHQUFHLFdBQVcsQ0FBQyxLQUFLLENBQ3BDLENBQUMsSUFBSSxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsSUFBSSxLQUFLLHlCQUF5QixDQUFDLENBQUMsQ0FBQyxDQUNuRCxDQUFDO0lBQ0YsSUFBSSxZQUFZLEVBQUUsQ0FBQztRQUNqQixPQUFPLENBQUMsSUFBSSxDQUNWLHlFQUF5RTtZQUN2RSx5RUFBeUUsQ0FDNUUsQ0FBQztJQUNKLENBQUM7SUFDRCxPQUFPLFlBQVksQ0FBQztBQUN0QixDQUFDO0FBZUQ7Ozs7O0dBS0c7QUFDSCxLQUFLLFVBQVUsZ0JBQWdCO0lBQzdCLE1BQU0sR0FBRyxHQUFHLElBQUksd0JBQUssRUFBRSxDQUFDO0lBQ3hCLHFFQUFxRTtJQUNyRSxpRkFBaUY7SUFDakYsTUFBTSxHQUFHLENBQUMsTUFBTSxFQUFFLENBQUM7SUFDbkIsT0FBTyxJQUFJLGtCQUFXLENBQUM7UUFDckIsR0FBRztRQUNILEdBQUcsRUFBRSxJQUFJLGlCQUFVLEVBQUU7UUFDckIsSUFBSSxFQUFFLElBQUksbUNBQWdCLEVBQUU7S0FDN0IsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVEOzs7Ozs7R0FNRztBQUNJLEtBQUssVUFBVSwwQkFBMEIsQ0FDOUMsSUFBZ0I7SUFFaEIsSUFBSSxJQUFJLENBQUMsTUFBTSxLQUFLLEVBQUUsRUFBRSxDQUFDO1FBQ3ZCLE1BQU0sSUFBSSxLQUFLLENBQ2Isc0RBQXNELElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FDcEUsQ0FBQztJQUNKLENBQUM7SUFFRCxjQUFjLENBQUMsSUFBSSxDQUFDLENBQUM7SUFFckIsTUFBTSxLQUFLLEdBQUcsTUFBTSxnQkFBZ0IsRUFBRSxDQUFDO0lBQ3ZDLG9FQUFvRTtJQUNwRSxNQUFNLFFBQVEsR0FBRyxJQUFJLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUV0QyxNQUFNLE9BQU8sR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUMvRCxNQUFNLGNBQWMsR0FBRyxJQUFJLFVBQVUsQ0FDbkMsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FDdEQsQ0FBQztJQUVGLE9BQU87UUFDTCxNQUFNLEVBQUUsaUNBQWlCLENBQUMsS0FBSztRQUMvQixTQUFTLEVBQUUsT0FBTyxDQUFDLFNBQVM7UUFDNUIsVUFBVSxFQUFFLE9BQU8sQ0FBQyxVQUFVO1FBQzlCLGVBQWU7WUFDYixPQUFPLGNBQWMsQ0FBQztRQUN4QixDQUFDO0tBQ0YsQ0FBQztBQUNKLENBQUM7QUFFRDs7OztHQUlHO0FBQ0ksS0FBSyxVQUFVLG9CQUFvQjtJQUN4QyxNQUFNLEtBQUssR0FBRyxNQUFNLGdCQUFnQixFQUFFLENBQUM7SUFDdkMsTUFBTSxPQUFPLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLGVBQWUsRUFBRSxDQUFDO0lBQ2xELE1BQU0sY0FBYyxHQUFHLElBQUksVUFBVSxDQUNuQyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUN0RCxDQUFDO0lBRUYsT0FBTztRQUNMLE1BQU0sRUFBRSxpQ0FBaUIsQ0FBQyxLQUFLO1FBQy9CLFNBQVMsRUFBRSxPQUFPLENBQUMsU0FBUztRQUM1QixVQUFVLEVBQUUsT0FBTyxDQUFDLFVBQVU7UUFDOUIsZUFBZTtZQUNiLE9BQU8sY0FBYyxDQUFDO1FBQ3hCLENBQUM7S0FDRixDQUFDO0FBQ0osQ0FBQztBQUVEOzs7OztHQUtHO0FBQ0ksS0FBSyxVQUFVLG9CQUFvQixDQUN4QyxXQUF1QjtJQUV2QixNQUFNLEtBQUssR0FBRyxNQUFNLGdCQUFnQixFQUFFLENBQUM7SUFDdkMsSUFBSSxXQUFXLENBQUMsTUFBTSxLQUFLLEtBQUssQ0FBQyxHQUFHLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDbkQsTUFBTSxJQUFJLEtBQUssQ0FDYiw4Q0FBOEMsNkJBQXFCLGVBQWUsV0FBVyxDQUFDLE1BQU0sRUFBRSxDQUN2RyxDQUFDO0lBQ0osQ0FBQztJQUVELGdCQUFnQixDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBRTlCLG9FQUFvRTtJQUNwRSxNQUFNLFVBQVUsR0FBRyxJQUFJLFVBQVUsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUUvQyxPQUFPLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxvQkFBb0IsQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUM7QUFDakUsQ0FBQztBQUVEOzs7Ozs7R0FNRztBQUNJLEtBQUssVUFBVSxxQkFBcUIsQ0FDekMsSUFBZ0I7SUFFaEIsT0FBTyxNQUFNLDBCQUEwQixDQUFDLElBQUksQ0FBQyxDQUFDO0FBQ2hELENBQUM7QUFFRDs7Ozs7R0FLRztBQUNJLEtBQUssVUFBVSxvQkFBb0IsQ0FDeEMsU0FBb0I7SUFFcEIsTUFBTSxLQUFLLEdBQUcsTUFBTSxnQkFBZ0IsRUFBRSxDQUFDO0lBQ3ZDLE9BQU8sSUFBSSxVQUFVLENBQUMsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLGtCQUFrQixDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7QUFDdkUsQ0FBQztBQWtCRDs7Ozs7Ozs7OztHQVVHO0FBQ0ksS0FBSyxVQUFVLE9BQU8sQ0FDM0IsT0FBa0IsRUFDbEIsR0FBZSxFQUNmLE1BQWtCLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxFQUNuQyxPQUFtQixJQUFJLFVBQVUsQ0FBQyxDQUFDLENBQUM7SUFFcEMsTUFBTSxLQUFLLEdBQUcsTUFBTSxnQkFBZ0IsRUFBRSxDQUFDO0lBRXZDLDZDQUE2QztJQUM3QyxNQUFNLFdBQVcsR0FBRyxJQUFJLFVBQVUsQ0FDaEMsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxDQUM1QyxDQUFDO0lBQ0YsZ0JBQWdCLENBQUMsV0FBVyxDQUFDLENBQUM7SUFFOUIsb0VBQW9FO0lBQ3BFLE1BQU0sUUFBUSxHQUFHLElBQUksVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBRXRDLE1BQU0sTUFBTSxHQUFHLE1BQU0sS0FBSyxDQUFDLG1CQUFtQixDQUFDO1FBQzdDLGtCQUFrQixFQUFFLE9BQU87UUFDM0IsSUFBSSxFQUFFLFFBQVEsQ0FBQyxNQUFNO0tBQ3RCLENBQUMsQ0FBQztJQUVILE1BQU0sT0FBTyxHQUFHLElBQUksVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3BDLE1BQU0sT0FBTyxHQUFHLElBQUksVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBRXBDLE1BQU0sVUFBVSxHQUFHLE1BQU0sTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUNyRSxNQUFNLFdBQVcsR0FBRyxNQUFNLENBQUMsR0FBRyxDQUFDO0lBRS9CLHlDQUF5QztJQUN6QyxNQUFNLE1BQU0sR0FBRyxJQUFJLFVBQVUsQ0FBQyxXQUFXLENBQUMsVUFBVSxHQUFHLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUM5RSxNQUFNLENBQUMsR0FBRyxDQUFDLElBQUksVUFBVSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQzNDLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxVQUFVLENBQUMsVUFBVSxDQUFDLEVBQUUsV0FBVyxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBRS9ELE9BQU8sTUFBTSxDQUFDO0FBQ2hCLENBQUM7QUFFRDs7Ozs7Ozs7OztHQVVHO0FBQ0ksS0FBSyxVQUFVLE9BQU8sQ0FDM0IsUUFBc0IsRUFDdEIsYUFBeUIsRUFDekIsTUFBa0IsSUFBSSxVQUFVLENBQUMsQ0FBQyxDQUFDLEVBQ25DLE9BQW1CLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQztJQUVwQyxNQUFNLEtBQUssR0FBRyxNQUFNLGdCQUFnQixFQUFFLENBQUM7SUFFdkMsNENBQTRDO0lBQzVDLE1BQU0sZUFBZSxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDO0lBQzFDLElBQUksYUFBYSxDQUFDLE1BQU0sR0FBRyxlQUFlLEVBQUUsQ0FBQztRQUMzQyxNQUFNLElBQUksS0FBSyxDQUNiLDJEQUEyRCxlQUFlLGVBQWUsYUFBYSxDQUFDLE1BQU0sRUFBRSxDQUNoSCxDQUFDO0lBQ0osQ0FBQztJQUVELG1DQUFtQztJQUNuQyxNQUFNLFdBQVcsR0FBRyxhQUFhLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxlQUFlLENBQUMsQ0FBQztJQUM1RCxNQUFNLFVBQVUsR0FBRyxhQUFhLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FBQyxDQUFDO0lBRXhELG9FQUFvRTtJQUNwRSxNQUFNLFFBQVEsR0FBRyxJQUFJLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUN0QyxNQUFNLE9BQU8sR0FBRyxJQUFJLFVBQVUsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUU1QyxNQUFNLFNBQVMsR0FBRyxNQUFNLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQztRQUNuRCxZQUFZLEVBQUUsUUFBUSxDQUFDLFVBQVU7UUFDakMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxNQUFNO1FBQ25CLElBQUksRUFBRSxRQUFRLENBQUMsTUFBTTtLQUN0QixDQUFDLENBQUM7SUFFSCxNQUFNLE1BQU0sR0FBRyxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUMxQyxNQUFNLE9BQU8sR0FBRyxJQUFJLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUVwQyxNQUFNLFNBQVMsR0FBRyxNQUFNLFNBQVMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7SUFFdEUsT0FBTyxJQUFJLFVBQVUsQ0FBQyxTQUFTLENBQUMsQ0FBQztBQUNuQyxDQUFDO0FBRUQ7Ozs7Ozs7Ozs7OztHQVlHO0FBQ0gsU0FBZ0IsaUJBQWlCLENBQUMsRUFDaEMsT0FBTyxHQUNZO0lBQ25CLE9BQU8sS0FBSyxFQUE4QixFQUN4QyxTQUFTLEVBQ1QsT0FBTyxHQUNnQyxFQUV2QyxFQUFFO1FBQ0YsSUFBSSxTQUFTLENBQUMsTUFBTSxLQUFLLGlDQUFpQixDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ2pELE1BQU0sSUFBSSxLQUFLLENBQ2IseUJBQXlCLElBQUEsdUNBQXVCLEVBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxrQ0FBa0MsQ0FDckcsQ0FBQztRQUNKLENBQUM7UUFFRCxnREFBZ0Q7UUFDaEQsTUFBTSwyQkFBMkIsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUM3QyxJQUFBLHFCQUFXLEVBQUMsRUFBRSxTQUFTLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FDcEMsQ0FBQztRQUVGLGdEQUFnRDtRQUNoRCxNQUFNLEdBQUcsR0FBRyxJQUFJLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUM5QixNQUFNLElBQUksR0FBRyxJQUFJLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUMvQixNQUFNLEVBQUUsR0FBRyxNQUFNLE9BQU8sQ0FBQyxPQUFPLEVBQUUsMkJBQTJCLEVBQUUsR0FBRyxFQUFFLElBQUksQ0FBQyxDQUFDO1FBRTFFLHVEQUF1RDtRQUN2RCxNQUFNLFNBQVMsR0FBRyxJQUFBLDRCQUFnQixFQUFDO1lBQ2pDLFVBQVUsRUFBRSxFQUFFO1lBQ2QsVUFBVSxFQUFFLFNBQVMsQ0FBQyxJQUFJO1lBQzFCLFdBQVcsRUFBRSxDQUFDO1lBQ2QsYUFBYSxFQUFFLENBQUM7U0FDakIsQ0FBQyxDQUFDO1FBRUgsTUFBTSxNQUFNLEdBQUcsSUFBQSx5QkFBYSxFQUFDO1lBQzNCLFNBQVM7WUFDVCxPQUFPLEVBQUUsT0FBTztTQUNqQixDQUFDLENBQUM7UUFFSCxPQUFPO1lBQ0wsU0FBUyxFQUFFLElBQUEscUJBQVMsRUFBQyxTQUFTLENBQUM7WUFDL0IsTUFBTSxFQUFFLElBQUEscUJBQVMsRUFBQyxNQUFNLENBQUM7WUFDekIsT0FBTztZQUNQLFVBQVUsRUFBRTtnQkFDVixNQUFNLEVBQUUsaUNBQWlCLENBQUMsS0FBSztnQkFDL0IsSUFBSSxFQUFFLFNBQVMsQ0FBQyxJQUFJO2dCQUNwQiwwREFBMEQ7Z0JBQzFELEtBQUssRUFBRSxJQUFBLHFDQUFxQixFQUMxQixPQUFPLENBQUMsT0FBTyxFQUNmLElBQUEsc0JBQVUsRUFBQyxNQUFNLENBQUMsRUFDbEIsSUFBQSxzQkFBVSxFQUFDLEVBQUUsQ0FBQyxDQUNmO2FBQ0Y7U0FDRixDQUFDO0lBQ0osQ0FBQyxDQUFDO0FBQ0osQ0FBQztBQUVEOzs7Ozs7Ozs7Ozs7R0FZRztBQUNILFNBQWdCLGlCQUFpQixDQUFDLEVBQ2hDLFFBQVEsR0FDVztJQUNuQixPQUFPLEtBQUssRUFBOEIsRUFDeEMsTUFBTSxFQUNOLEtBQUssR0FDd0IsRUFBd0MsRUFBRTtRQUN2RSxJQUFJLE1BQU0sS0FBSyxpQ0FBaUIsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUN2QyxNQUFNLElBQUksS0FBSyxDQUNiLDBCQUEwQixJQUFBLHVDQUF1QixFQUFDLE1BQU0sQ0FBQyxrQ0FBa0MsQ0FDNUYsQ0FBQztRQUNKLENBQUM7UUFFRCw4QkFBOEI7UUFDOUIsTUFBTSxFQUFFLFVBQVUsRUFBRSxHQUFHLElBQUEscUNBQXFCLEVBQUMsS0FBSyxDQUFDLENBQUM7UUFFcEQsZ0RBQWdEO1FBQ2hELE1BQU0sR0FBRyxHQUFHLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQzlCLE1BQU0sSUFBSSxHQUFHLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQy9CLE1BQU0sS0FBSyxHQUFHLE1BQU0sT0FBTyxDQUN6QixRQUFRLEVBQ1IsSUFBQSw4QkFBa0IsRUFBQyxVQUFVLENBQUMsRUFDOUIsR0FBRyxFQUNILElBQUksQ0FDTCxDQUFDO1FBRUYsOEJBQThCO1FBQzlCLE1BQU0sT0FBTyxHQUFHLElBQUEscUJBQVcsRUFBQyxLQUFLLENBQUMsQ0FBQztRQUNuQyxNQUFNLFVBQVUsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDO1FBRWpDLElBQUksVUFBVSxDQUFDLElBQUksS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUNqQyxNQUFNLElBQUksS0FBSyxDQUNiLGlIQUFpSCxDQUNsSCxDQUFDO1FBQ0osQ0FBQztRQUVELCtCQUErQjtRQUMvQixNQUFNLEdBQUcsR0FBRyxJQUFBLGlCQUFLLEVBQUMsZ0NBQWdCLEVBQUUsVUFBVSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMzRCxPQUFPLElBQUEsZ0NBQWdCLEVBQ3JCLFVBQVUsQ0FBQyxLQUFLLENBQUMsS0FBSyxFQUN0QixpQ0FBaUIsQ0FBQyxLQUFLLEVBQ3ZCLEdBQUcsQ0FDMkIsQ0FBQztJQUNuQyxDQUFDLENBQUM7QUFDSixDQUFDO0FBRUQ7Ozs7R0FJRztBQUNILFNBQWdCLHdCQUF3QixDQUN0QyxlQUEyQixFQUMzQixnQkFBOEI7SUFFOUIsTUFBTSxhQUFhLEdBQUcsZ0JBQWdCLENBQUMsZUFBZSxFQUFFLENBQUM7SUFDekQsT0FBTyxDQUNMLGFBQWEsQ0FBQyxNQUFNLEtBQUssZUFBZSxDQUFDLE1BQU07UUFDL0MsYUFBYSxDQUFDLEtBQUssQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDLElBQUksS0FBSyxlQUFlLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FDOUQsQ0FBQztBQUNKLENBQUMifQ==

package/dist/cjs/local/local-node.d.ts

@@ -1,4 +1,10 @@
 import { Schema } from 'effect';
+/**
+ * Schema for the environment variables required to connect to a local Inco node.
+ *
+ * Includes executor/sender addresses, keys, covalidator settings, and optional
+ * remote compute-server overrides. Typically populated from a `.env` file.
+ */
 export declare const LocalNodeEnv: Schema.Struct<{
     DEPLOYER_ADDRESS: Schema.brand<Schema.filter<Schema.TemplateLiteral<`0x${string}`>>, "Address">;
     STATE_DUMP: typeof Schema.String;
@@ -14,6 +20,18 @@ export declare const LocalNodeEnv: Schema.Struct<{
     COVALIDATOR_HOST_CHAIN_ID: Schema.optional<typeof Schema.String>;
     COVALIDATOR_URL: Schema.optional<typeof Schema.String>;
     COVALIDATOR_HOST_CHAIN_RPC_URL: Schema.optional<typeof Schema.String>;
+    COVALIDATOR_COMPUTE_TYPE: Schema.optional<typeof Schema.String>;
+    COVALIDATOR_STORAGE_KEY: Schema.optional<Schema.TemplateLiteral<`0x${string}`>>;
 }>;
+/** Parsed local node environment configuration. */
 export type LocalNodeEnv = typeof LocalNodeEnv.Type;
+/**
+ * Parses a dotenv-formatted string or `Buffer` into a validated {@link LocalNodeEnv}.
+ *
+ * Falls back to `process.env` when no argument is provided.
+ *
+ * @param envFileOrObj - A dotenv-formatted string, `Buffer`, or `undefined` to use `process.env`.
+ * @returns A validated `LocalNodeEnv` object.
+ * @throws If required environment variables are missing or invalid.
+ */
 export declare function parseLocalEnv(envFileOrObj?: string | Buffer): LocalNodeEnv;

package/dist/cjs/local/local-node.js

@@ -4,6 +4,12 @@ exports.LocalNodeEnv = void 0;
 exports.parseLocalEnv = parseLocalEnv;
 const effect_1 = require("effect");
 const binary_js_1 = require("../binary.js");
+/**
+ * Schema for the environment variables required to connect to a local Inco node.
+ *
+ * Includes executor/sender addresses, keys, covalidator settings, and optional
+ * remote compute-server overrides. Typically populated from a `.env` file.
+ */
 exports.LocalNodeEnv = effect_1.Schema.Struct({
     DEPLOYER_ADDRESS: binary_js_1.Address,
     STATE_DUMP: effect_1.Schema.String,
@@ -23,9 +29,18 @@ exports.LocalNodeEnv = effect_1.Schema.Struct({
     COVALIDATOR_HOST_CHAIN_ID: effect_1.Schema.optional(effect_1.Schema.String),
     COVALIDATOR_URL: effect_1.Schema.optional(effect_1.Schema.String),
     COVALIDATOR_HOST_CHAIN_RPC_URL: effect_1.Schema.optional(effect_1.Schema.String),
+    COVALIDATOR_COMPUTE_TYPE: effect_1.Schema.optional(effect_1.Schema.String),
+    COVALIDATOR_STORAGE_KEY: effect_1.Schema.optional(binary_js_1.HexString),
 });
-// Parses a local environment file or object into a LocalNodeEnv type.
-// If no file or object is provided, it defaults to process.env.
+/**
+ * Parses a dotenv-formatted string or `Buffer` into a validated {@link LocalNodeEnv}.
+ *
+ * Falls back to `process.env` when no argument is provided.
+ *
+ * @param envFileOrObj - A dotenv-formatted string, `Buffer`, or `undefined` to use `process.env`.
+ * @returns A validated `LocalNodeEnv` object.
+ * @throws If required environment variables are missing or invalid.
+ */
 function parseLocalEnv(envFileOrObj) {
     const envObj = envFileOrObj ? readEnv(envFileOrObj) : process.env;
     return effect_1.Schema.decodeUnknownSync(exports.LocalNodeEnv)(envObj);
@@ -62,4 +77,4 @@ function parseEnv(envContent) {
     }
     return env;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibG9jYWwtbm9kZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9sb2NhbC9sb2NhbC1ub2RlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQTRCQSxzQ0FHQztBQS9CRCxtQ0FBZ0M7QUFDaEMsNENBQWtEO0FBRXJDLFFBQUEsWUFBWSxHQUFHLGVBQU0sQ0FBQyxNQUFNLENBQUM7SUFDeEMsZ0JBQWdCLEVBQUUsbUJBQU87SUFDekIsVUFBVSxFQUFFLGVBQU0sQ0FBQyxNQUFNO0lBQ3pCLGdCQUFnQixFQUFFLG1CQUFPO0lBQ3pCLG9DQUFvQztJQUNwQyxjQUFjLEVBQUUsZUFBTSxDQUFDLFFBQVEsQ0FBQyxxQkFBUyxDQUFDO0lBQzFDLGNBQWMsRUFBRSxtQkFBTztJQUN2QixrQkFBa0IsRUFBRSxxQkFBUztJQUM3QixvQ0FBb0M7SUFDcEMscUJBQXFCLEVBQUUsZUFBTSxDQUFDLFFBQVEsQ0FBQyxxQkFBUyxDQUFDO0lBQ2pELE1BQU0sRUFBRSxlQUFNLENBQUMsTUFBTTtJQUNyQixvQ0FBb0M7SUFDcEMsK0JBQStCLEVBQUUsZUFBTSxDQUFDLFFBQVEsQ0FBQyxxQkFBUyxDQUFDO0lBQzNELG9DQUFvQztJQUNwQyxzQ0FBc0MsRUFBRSxlQUFNLENBQUMsUUFBUSxDQUFDLHFCQUFTLENBQUM7SUFDbEUsOEJBQThCLEVBQUUsbUJBQU87SUFDdkMseUJBQXlCLEVBQUUsZUFBTSxDQUFDLFFBQVEsQ0FBQyxlQUFNLENBQUMsTUFBTSxDQUFDO0lBQ3pELGVBQWUsRUFBRSxlQUFNLENBQUMsUUFBUSxDQUFDLGVBQU0sQ0FBQyxNQUFNLENBQUM7SUFDL0MsOEJBQThCLEVBQUUsZUFBTSxDQUFDLFFBQVEsQ0FBQyxlQUFNLENBQUMsTUFBTSxDQUFDO0NBQy9ELENBQUMsQ0FBQztBQUlILHNFQUFzRTtBQUN0RSxnRUFBZ0U7QUFDaEUsU0FBZ0IsYUFBYSxDQUFDLFlBQThCO0lBQzFELE1BQU0sTUFBTSxHQUFHLFlBQVksQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDO0lBQ2xFLE9BQU8sZUFBTSxDQUFDLGlCQUFpQixDQUFDLG9CQUFZLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQztBQUN4RCxDQUFDO0FBRUQsU0FBUyxPQUFPLENBQUMsVUFBMkI7SUFDMUMsT0FBTyxRQUFRLENBQUMsVUFBVSxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUM7QUFDekMsQ0FBQztBQUVELG1GQUFtRjtBQUNuRixTQUFTLFFBQVEsQ0FBQyxVQUFrQjtJQUNsQyxJQUFJLEdBQUcsR0FBMkIsRUFBRSxDQUFDO0lBQ3JDLE1BQU0sS0FBSyxHQUFHLFVBQVUsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUM7SUFFckMsaUNBQWlDO0lBQ2pDLEtBQUssTUFBTSxJQUFJLElBQUksS0FBSyxFQUFFLENBQUM7UUFDekIsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ2hDLElBQUksV0FBVyxJQUFJLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ2hELE1BQU0sVUFBVSxHQUFHLFdBQVcsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDNUMsSUFBSSxVQUFVLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztnQkFDdEIsTUFBTSxHQUFHLEdBQUcsV0FBVyxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsVUFBVSxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7Z0JBQ3hELElBQUksS0FBSyxHQUFHLFdBQVcsQ0FBQyxTQUFTLENBQUMsVUFBVSxHQUFHLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUV6RCx1QkFBdUI7Z0JBQ3ZCLElBQ0UsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEtBQUssQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUM7b0JBQzlDLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsSUFBSSxLQUFLLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQzlDLENBQUM7b0JBQ0QsS0FBSyxHQUFHLEtBQUssQ0FBQyxTQUFTLENBQUMsQ0FBQyxFQUFFLEtBQUssQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUM7Z0JBQy9DLENBQUM7Z0JBRUQsR0FBRyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEtBQUssQ0FBQztZQUNuQixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRCx5REFBeUQ7SUFDekQsS0FBSyxNQUFNLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUMvQyxHQUFHLENBQUMsR0FBRyxDQUFDLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxjQUFjLEVBQUUsQ0FBQyxDQUFDLEVBQUUsT0FBZSxFQUFFLEVBQUU7WUFDOUQsT0FBTyxHQUFHLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDO1FBQzVCLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELE9BQU8sR0FBRyxDQUFDO0FBQ2IsQ0FBQyJ9
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibG9jYWwtbm9kZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9sb2NhbC9sb2NhbC1ub2RlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQTRDQSxzQ0FHQztBQS9DRCxtQ0FBZ0M7QUFDaEMsNENBQWtEO0FBRWxEOzs7OztHQUtHO0FBQ1UsUUFBQSxZQUFZLEdBQUcsZUFBTSxDQUFDLE1BQU0sQ0FBQztJQUN4QyxnQkFBZ0IsRUFBRSxtQkFBTztJQUN6QixVQUFVLEVBQUUsZUFBTSxDQUFDLE1BQU07SUFDekIsZ0JBQWdCLEVBQUUsbUJBQU87SUFDekIsb0NBQW9DO0lBQ3BDLGNBQWMsRUFBRSxlQUFNLENBQUMsUUFBUSxDQUFDLHFCQUFTLENBQUM7SUFDMUMsY0FBYyxFQUFFLG1CQUFPO0lBQ3ZCLGtCQUFrQixFQUFFLHFCQUFTO0lBQzdCLG9DQUFvQztJQUNwQyxxQkFBcUIsRUFBRSxlQUFNLENBQUMsUUFBUSxDQUFDLHFCQUFTLENBQUM7SUFDakQsTUFBTSxFQUFFLGVBQU0sQ0FBQyxNQUFNO0lBQ3JCLG9DQUFvQztJQUNwQywrQkFBK0IsRUFBRSxlQUFNLENBQUMsUUFBUSxDQUFDLHFCQUFTLENBQUM7SUFDM0Qsb0NBQW9DO0lBQ3BDLHNDQUFzQyxFQUFFLGVBQU0sQ0FBQyxRQUFRLENBQUMscUJBQVMsQ0FBQztJQUNsRSw4QkFBOEIsRUFBRSxtQkFBTztJQUN2Qyx5QkFBeUIsRUFBRSxlQUFNLENBQUMsUUFBUSxDQUFDLGVBQU0sQ0FBQyxNQUFNLENBQUM7SUFDekQsZUFBZSxFQUFFLGVBQU0sQ0FBQyxRQUFRLENBQUMsZUFBTSxDQUFDLE1BQU0sQ0FBQztJQUMvQyw4QkFBOEIsRUFBRSxlQUFNLENBQUMsUUFBUSxDQUFDLGVBQU0sQ0FBQyxNQUFNLENBQUM7SUFDOUQsd0JBQXdCLEVBQUUsZUFBTSxDQUFDLFFBQVEsQ0FBQyxlQUFNLENBQUMsTUFBTSxDQUFDO0lBQ3hELHVCQUF1QixFQUFFLGVBQU0sQ0FBQyxRQUFRLENBQUMscUJBQVMsQ0FBQztDQUNwRCxDQUFDLENBQUM7QUFLSDs7Ozs7Ozs7R0FRRztBQUNILFNBQWdCLGFBQWEsQ0FBQyxZQUE4QjtJQUMxRCxNQUFNLE1BQU0sR0FBRyxZQUFZLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQztJQUNsRSxPQUFPLGVBQU0sQ0FBQyxpQkFBaUIsQ0FBQyxvQkFBWSxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUM7QUFDeEQsQ0FBQztBQUVELFNBQVMsT0FBTyxDQUFDLFVBQTJCO0lBQzFDLE9BQU8sUUFBUSxDQUFDLFVBQVUsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO0FBQ3pDLENBQUM7QUFFRCxtRkFBbUY7QUFDbkYsU0FBUyxRQUFRLENBQUMsVUFBa0I7SUFDbEMsSUFBSSxHQUFHLEdBQTJCLEVBQUUsQ0FBQztJQUNyQyxNQUFNLEtBQUssR0FBRyxVQUFVLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBRXJDLGlDQUFpQztJQUNqQyxLQUFLLE1BQU0sSUFBSSxJQUFJLEtBQUssRUFBRSxDQUFDO1FBQ3pCLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUNoQyxJQUFJLFdBQVcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNoRCxNQUFNLFVBQVUsR0FBRyxXQUFXLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBQzVDLElBQUksVUFBVSxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUM7Z0JBQ3RCLE1BQU0sR0FBRyxHQUFHLFdBQVcsQ0FBQyxTQUFTLENBQUMsQ0FBQyxFQUFFLFVBQVUsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUN4RCxJQUFJLEtBQUssR0FBRyxXQUFXLENBQUMsU0FBUyxDQUFDLFVBQVUsR0FBRyxDQUFDLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztnQkFFekQsdUJBQXVCO2dCQUN2QixJQUNFLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsSUFBSSxLQUFLLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDO29CQUM5QyxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLElBQUksS0FBSyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUM5QyxDQUFDO29CQUNELEtBQUssR0FBRyxLQUFLLENBQUMsU0FBUyxDQUFDLENBQUMsRUFBRSxLQUFLLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDO2dCQUMvQyxDQUFDO2dCQUVELEdBQUcsQ0FBQyxHQUFHLENBQUMsR0FBRyxLQUFLLENBQUM7WUFDbkIsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRUQseURBQXlEO0lBQ3pELEtBQUssTUFBTSxDQUFDLEdBQUcsRUFBRSxLQUFLLENBQUMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7UUFDL0MsR0FBRyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQyxFQUFFLE9BQWUsRUFBRSxFQUFFO1lBQzlELE9BQU8sR0FBRyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUM1QixDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxPQUFPLEdBQUcsQ0FBQztBQUNiLENBQUMifQ==

package/dist/cjs/reencryption/eip712.d.ts

@@ -14,9 +14,36 @@ declare const baseEIP712: Schema.Struct<{
     }>>>;
 }>;
 type BaseEIP712 = typeof baseEIP712.Type;
+/**
+ * An EIP-712 typed data payload with a generic `message` field.
+ *
+ * Extends the base EIP-712 structure (domain, primaryType, types) with
+ * a strongly-typed `message` object for signing.
+ *
+ * @typeParam Message - The shape of the application-specific message to sign.
+ */
 export interface EIP712<Message extends object> extends BaseEIP712 {
     message: Message;
 }
+/**
+ * Creates an EIP-712 typed data payload for user signing.
+ *
+ * Used to verify the user controls the private key corresponding to the ephemeral
+ * public key embedded in the payload. The `message` keys must exactly match the
+ * `name` values in `primaryTypeFields`.
+ *
+ * @typeParam PrimaryType - The EIP-712 primary type name.
+ * @typeParam Message - The shape of the message to sign.
+ * @param params.chainId - The chain ID for the EIP-712 domain.
+ * @param params.primaryType - The primary type name (e.g. `"Reencrypt"`).
+ * @param params.primaryTypeFields - The field definitions for the primary type.
+ * @param params.message - The message object to sign (must match `primaryTypeFields`).
+ * @param params.verifyingContract - Optional verifying contract address for the domain.
+ * @param params.domainName - Human-readable name for the EIP-712 domain.
+ * @param params.domainVersion - Version string for the EIP-712 domain.
+ * @returns A complete {@link EIP712} payload ready for signing.
+ * @throws If message keys do not match `primaryTypeFields` names.
+ */
 export declare function createEIP712Payload<PrimaryType extends string, Message extends object>({ chainId, primaryType, primaryTypeFields, message, verifyingContract, domainName, domainVersion, }: {
     chainId: bigint;
     primaryType: PrimaryType;

package/dist/cjs/reencryption/eip712.js

@@ -23,12 +23,25 @@ const baseEIP712 = effect_1.Schema.Struct({
         })),
     }),
 });
-// This function creates the payload that will be signed by the user. It is used to verify that the
-// user has access to the private key that corresponds to the ephemeral public key in the payload.
-// If the last argument is provided, it will be used as the contract address.
-//
-// The `message` argument must have the same keys as the all the `name` values
-// in the `primaryTypeFields` argument.
+/**
+ * Creates an EIP-712 typed data payload for user signing.
+ *
+ * Used to verify the user controls the private key corresponding to the ephemeral
+ * public key embedded in the payload. The `message` keys must exactly match the
+ * `name` values in `primaryTypeFields`.
+ *
+ * @typeParam PrimaryType - The EIP-712 primary type name.
+ * @typeParam Message - The shape of the message to sign.
+ * @param params.chainId - The chain ID for the EIP-712 domain.
+ * @param params.primaryType - The primary type name (e.g. `"Reencrypt"`).
+ * @param params.primaryTypeFields - The field definitions for the primary type.
+ * @param params.message - The message object to sign (must match `primaryTypeFields`).
+ * @param params.verifyingContract - Optional verifying contract address for the domain.
+ * @param params.domainName - Human-readable name for the EIP-712 domain.
+ * @param params.domainVersion - Version string for the EIP-712 domain.
+ * @returns A complete {@link EIP712} payload ready for signing.
+ * @throws If message keys do not match `primaryTypeFields` names.
+ */
 function createEIP712Payload({ chainId, primaryType, primaryTypeFields, message, verifyingContract, domainName, domainVersion, }) {
     const types = {
         // This refers to the domain the contract is hosted on.
@@ -74,4 +87,4 @@ function createEIP712Payload({ chainId, primaryType, primaryTypeFields, message,
     };
     return msgParams;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZWlwNzEyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JlZW5jcnlwdGlvbi9laXA3MTIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUF3Q0Esa0RBcUVDO0FBN0dELG1DQUFnQztBQUVoQyw0Q0FBeUM7QUFFekMseUVBQXlFO0FBQ3pFLCtDQUErQztBQUMvQyxNQUFNLFVBQVUsR0FBRyxlQUFNLENBQUMsTUFBTSxDQUFDO0lBQy9CLE1BQU0sRUFBRSxlQUFNLENBQUMsTUFBTSxDQUFDO1FBQ3BCLE9BQU8sRUFBRSxlQUFNLENBQUMsTUFBTTtRQUN0QixJQUFJLEVBQUUsZUFBTSxDQUFDLE1BQU07UUFDbkIsT0FBTyxFQUFFLGVBQU0sQ0FBQyxNQUFNO1FBQ3RCLGlCQUFpQixFQUFFLGVBQU0sQ0FBQyxRQUFRLENBQUMscUJBQVMsQ0FBQztRQUM3QywyRUFBMkU7UUFDM0Usc0JBQXNCO0tBQ3ZCLENBQUM7SUFDRixXQUFXLEVBQUUsZUFBTSxDQUFDLE1BQU07SUFDMUIsS0FBSyxFQUFFLGVBQU0sQ0FBQyxNQUFNLENBQUM7UUFDbkIsR0FBRyxFQUFFLGVBQU0sQ0FBQyxNQUFNO1FBQ2xCLEtBQUssRUFBRSxlQUFNLENBQUMsS0FBSyxDQUNqQixlQUFNLENBQUMsTUFBTSxDQUFDO1lBQ1osSUFBSSxFQUFFLGVBQU0sQ0FBQyxNQUFNO1lBQ25CLElBQUksRUFBRSxlQUFNLENBQUMsTUFBTTtTQUNwQixDQUFDLENBQ0g7S0FDRixDQUFDO0NBQ0gsQ0FBQyxDQUFDO0FBU0gsbUdBQW1HO0FBQ25HLGtHQUFrRztBQUNsRyw2RUFBNkU7QUFDN0UsRUFBRTtBQUNGLDhFQUE4RTtBQUM5RSx1Q0FBdUM7QUFDdkMsU0FBZ0IsbUJBQW1CLENBR2pDLEVBQ0EsT0FBTyxFQUNQLFdBQVcsRUFDWCxpQkFBaUIsRUFDakIsT0FBTyxFQUNQLGlCQUFpQixFQUNqQixVQUFVLEVBQ1YsYUFBYSxHQVNkO0lBQ0MsTUFBTSxLQUFLLEdBQUc7UUFDWix1REFBdUQ7UUFDdkQsWUFBWSxFQUFFO1lBQ1osRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxRQUFRLEVBQUU7WUFDaEMsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxRQUFRLEVBQUU7WUFDbkMsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUU7U0FDckM7UUFDRCx3QkFBd0I7UUFDeEIsQ0FBQyxXQUFXLENBQUMsRUFBRSxpQkFBaUI7S0FDakMsQ0FBQztJQUVGLElBQUksaUJBQWlCLEVBQUUsQ0FBQztRQUN0QixLQUFLLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxFQUFFLElBQUksRUFBRSxtQkFBbUIsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQztJQUMxRSxDQUFDO0lBRUQscUVBQXFFO0lBQ3JFLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDekMsTUFBTSxxQkFBcUIsR0FBRyxpQkFBaUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUMzRSxJQUFJLFdBQVcsQ0FBQyxNQUFNLEtBQUsscUJBQXFCLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDeEQsTUFBTSxJQUFJLEtBQUssQ0FBQyxrREFBa0QsQ0FBQyxDQUFDO0lBQ3RFLENBQUM7SUFDRCxLQUFLLE1BQU0sR0FBRyxJQUFJLFdBQVcsRUFBRSxDQUFDO1FBQzlCLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN6QyxNQUFNLElBQUksS0FBSyxDQUNiLGVBQWUsR0FBRyx1Q0FBdUMsQ0FDMUQsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxTQUFTLEdBQUc7UUFDaEIsS0FBSztRQUNMLDZGQUE2RjtRQUM3RixnR0FBZ0c7UUFDaEcsc0JBQXNCO1FBQ3RCLHlEQUF5RDtRQUN6RCxXQUFXO1FBQ1gsTUFBTSxFQUFFO1lBQ04seUVBQXlFO1lBQ3pFLElBQUksRUFBRSxVQUFVO1lBQ2hCLHNDQUFzQztZQUN0QyxPQUFPLEVBQUUsYUFBYTtZQUN0QixtREFBbUQ7WUFDbkQsT0FBTztZQUNQLGlCQUFpQjtTQUNsQjtRQUNELE9BQU87S0FDUixDQUFDO0lBRUYsT0FBTyxTQUFTLENBQUM7QUFDbkIsQ0FBQyJ9
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZWlwNzEyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JlZW5jcnlwdGlvbi9laXA3MTIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUE0REEsa0RBcUVDO0FBaklELG1DQUFnQztBQUVoQyw0Q0FBeUM7QUFFekMseUVBQXlFO0FBQ3pFLCtDQUErQztBQUMvQyxNQUFNLFVBQVUsR0FBRyxlQUFNLENBQUMsTUFBTSxDQUFDO0lBQy9CLE1BQU0sRUFBRSxlQUFNLENBQUMsTUFBTSxDQUFDO1FBQ3BCLE9BQU8sRUFBRSxlQUFNLENBQUMsTUFBTTtRQUN0QixJQUFJLEVBQUUsZUFBTSxDQUFDLE1BQU07UUFDbkIsT0FBTyxFQUFFLGVBQU0sQ0FBQyxNQUFNO1FBQ3RCLGlCQUFpQixFQUFFLGVBQU0sQ0FBQyxRQUFRLENBQUMscUJBQVMsQ0FBQztRQUM3QywyRUFBMkU7UUFDM0Usc0JBQXNCO0tBQ3ZCLENBQUM7SUFDRixXQUFXLEVBQUUsZUFBTSxDQUFDLE1BQU07SUFDMUIsS0FBSyxFQUFFLGVBQU0sQ0FBQyxNQUFNLENBQUM7UUFDbkIsR0FBRyxFQUFFLGVBQU0sQ0FBQyxNQUFNO1FBQ2xCLEtBQUssRUFBRSxlQUFNLENBQUMsS0FBSyxDQUNqQixlQUFNLENBQUMsTUFBTSxDQUFDO1lBQ1osSUFBSSxFQUFFLGVBQU0sQ0FBQyxNQUFNO1lBQ25CLElBQUksRUFBRSxlQUFNLENBQUMsTUFBTTtTQUNwQixDQUFDLENBQ0g7S0FDRixDQUFDO0NBQ0gsQ0FBQyxDQUFDO0FBZ0JIOzs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FrQkc7QUFDSCxTQUFnQixtQkFBbUIsQ0FHakMsRUFDQSxPQUFPLEVBQ1AsV0FBVyxFQUNYLGlCQUFpQixFQUNqQixPQUFPLEVBQ1AsaUJBQWlCLEVBQ2pCLFVBQVUsRUFDVixhQUFhLEdBU2Q7SUFDQyxNQUFNLEtBQUssR0FBRztRQUNaLHVEQUF1RDtRQUN2RCxZQUFZLEVBQUU7WUFDWixFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsSUFBSSxFQUFFLFFBQVEsRUFBRTtZQUNoQyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLFFBQVEsRUFBRTtZQUNuQyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRTtTQUNyQztRQUNELHdCQUF3QjtRQUN4QixDQUFDLFdBQVcsQ0FBQyxFQUFFLGlCQUFpQjtLQUNqQyxDQUFDO0lBRUYsSUFBSSxpQkFBaUIsRUFBRSxDQUFDO1FBQ3RCLEtBQUssQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLEVBQUUsSUFBSSxFQUFFLG1CQUFtQixFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFDO0lBQzFFLENBQUM7SUFFRCxxRUFBcUU7SUFDckUsTUFBTSxXQUFXLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUN6QyxNQUFNLHFCQUFxQixHQUFHLGlCQUFpQixDQUFDLEdBQUcsQ0FBQyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQzNFLElBQUksV0FBVyxDQUFDLE1BQU0sS0FBSyxxQkFBcUIsQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUN4RCxNQUFNLElBQUksS0FBSyxDQUFDLGtEQUFrRCxDQUFDLENBQUM7SUFDdEUsQ0FBQztJQUNELEtBQUssTUFBTSxHQUFHLElBQUksV0FBVyxFQUFFLENBQUM7UUFDOUIsSUFBSSxDQUFDLHFCQUFxQixDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3pDLE1BQU0sSUFBSSxLQUFLLENBQ2IsZUFBZSxHQUFHLHVDQUF1QyxDQUMxRCxDQUFDO1FBQ0osQ0FBQztJQUNILENBQUM7SUFFRCxNQUFNLFNBQVMsR0FBRztRQUNoQixLQUFLO1FBQ0wsNkZBQTZGO1FBQzdGLGdHQUFnRztRQUNoRyxzQkFBc0I7UUFDdEIseURBQXlEO1FBQ3pELFdBQVc7UUFDWCxNQUFNLEVBQUU7WUFDTix5RUFBeUU7WUFDekUsSUFBSSxFQUFFLFVBQVU7WUFDaEIsc0NBQXNDO1lBQ3RDLE9BQU8sRUFBRSxhQUFhO1lBQ3RCLG1EQUFtRDtZQUNuRCxPQUFPO1lBQ1AsaUJBQWlCO1NBQ2xCO1FBQ0QsT0FBTztLQUNSLENBQUM7SUFFRixPQUFPLFNBQVMsQ0FBQztBQUNuQixDQUFDIn0=

package/dist/cjs/reencryption/types.d.ts

@@ -4,18 +4,42 @@ import { CiphertextOf, EncryptionScheme, PlaintextOf, SupportedFheType } from '.
 import { Handle } from '../handle.js';
 import type { XwingKeypair } from '../lite/xwing.js';
 import type { BackoffConfig } from '../retry.js';
+/**
+ * The core reencryption function type. Takes a handle (and optional ciphertext) and returns
+ * the decrypted plaintext. Supports retry configuration for handles that are not yet available.
+ *
+ * @typeParam S - The encryption scheme (e.g. X-Wing).
+ */
 export type Reencryptor<S extends EncryptionScheme> = <T extends SupportedFheType>(args: ReencryptFnArgs<S, T>, backoffConfig?: Partial<BackoffConfig>) => Promise<PlaintextOf<S, T>>;
+/** Arguments required to construct a {@link Reencryptor}. */
 export interface ReencryptorArgs {
     chainId: bigint;
 }
+/**
+ * Arguments for a single reencryption call.
+ *
+ * @typeParam S - The encryption scheme.
+ * @typeParam T - The ENCRYPTION type of the ciphertext.
+ */
 export type ReencryptFnArgs<S extends EncryptionScheme, T extends SupportedFheType> = {
     handle: Handle;
+    /**
+     * Optional ciphertext hint. If provided, the reencrypt endpoint may use it directly
+     * instead of fetching from the covalidators.
+     */
     ciphertext?: CiphertextOf<S, T>;
 };
+/** Union of supported ephemeral keypair types for reencryption (currently X-Wing only). */
 export type SupportedEphemeralKeypairs = XwingKeypair;
+/** An object whose public key can be serialized to a `Uint8Array`. */
 export interface PubKeyEncodable {
     encodePublicKey(): Uint8Array;
 }
+/**
+ * A reencryption request to be sent to a reencrypt endpoint.
+ *
+ * @typeParam EKP - The type of ephemeral keypair used for the reencryption session.
+ */
 export interface ReencryptEndpointRequest<EKP extends SupportedEphemeralKeypairs> {
     userAddress: Address;
     handle: Handle;

package/dist/cjs/retry.d.ts

@@ -7,6 +7,20 @@ export type BackoffConfig = {
     backoffFactor: number;
     errHandler?: (error: Error, attempt: number) => 'stop' | 'continue';
 };
+/**
+ * Checks if an error is safe to retry.
+ * Only transient errors matching the allowlist should return true.
+ * All other errors fail fast to avoid masking security-critical failures.
+ *
+ * @param error - The error to check
+ * @returns true if the error is transient and safe to retry, false otherwise
+ */
+export declare function isRetryableError(error: Error): boolean;
+/**
+ * Default error handler that only retries known transient errors.
+ * Security-critical errors will fail fast.
+ */
+export declare function defaultRetryErrorHandler(error: Error): 'stop' | 'continue';
 /**
  * Helper function to implement exponential backoff retry logic.
  * @param fn - The function to retry

package/dist/cjs/retry.js

@@ -1,6 +1,62 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.isRetryableError = isRetryableError;
+exports.defaultRetryErrorHandler = defaultRetryErrorHandler;
 exports.retryWithBackoff = retryWithBackoff;
+/**
+ * Allowlist of transient error patterns that are safe to retry.
+ * Each pattern includes a substring to match (case-insensitive) and a description.
+ *
+ * SECURITY: Only add patterns here for genuinely transient errors.
+ * Do NOT add patterns that could mask security-critical errors like:
+ * - Authentication failures
+ * - Permission denied
+ * - Signature validation errors
+ * - Invalid input/format errors
+ */
+const RETRYABLE_ERROR_PATTERNS = [
+    // Explicit retry suggestions from the server
+    {
+        pattern: 'try again later',
+        description: 'Server explicitly suggests retry',
+    },
+    // Network/connectivity issues
+    { pattern: 'timeout', description: 'Request timeout' },
+    { pattern: 'etimedout', description: 'Connection timeout' },
+    { pattern: 'econnreset', description: 'Connection reset' },
+    { pattern: 'econnrefused', description: 'Connection refused' },
+    // Service availability
+    { pattern: '503', description: 'Service unavailable (503)' },
+    { pattern: 'service unavailable', description: 'Service unavailable' },
+    // Data propagation delays (eventual consistency)
+    {
+        pattern: 'ciphertext too short',
+        description: 'Ciphertext not yet propagated to covalidator',
+    },
+];
+/**
+ * Checks if an error is safe to retry.
+ * Only transient errors matching the allowlist should return true.
+ * All other errors fail fast to avoid masking security-critical failures.
+ *
+ * @param error - The error to check
+ * @returns true if the error is transient and safe to retry, false otherwise
+ */
+function isRetryableError(error) {
+    const message = error.message?.toLowerCase() ?? '';
+    return RETRYABLE_ERROR_PATTERNS.some(({ pattern }) => message.includes(pattern));
+}
+/**
+ * Default error handler that only retries known transient errors.
+ * Security-critical errors will fail fast.
+ */
+function defaultRetryErrorHandler(error) {
+    if (isRetryableError(error)) {
+        console.warn(`Retrying after transient error: ${error.message}`);
+        return 'continue';
+    }
+    return 'stop';
+}
 /**
  * Helper function to implement exponential backoff retry logic.
  * @param fn - The function to retry
@@ -9,7 +65,7 @@ exports.retryWithBackoff = retryWithBackoff;
  */
 async function retryWithBackoff(fn, { 
 // These default values will make it return an error after ~10s if the fn response is fast.
-maxRetries = 5, baseDelayInMs = 1000, backoffFactor = 1.5, errHandler = () => 'continue', } = {}) {
+maxRetries = 5, baseDelayInMs = 1000, backoffFactor = 1.5, errHandler = defaultRetryErrorHandler, } = {}) {
     let lastError;
     for (let attempt = 0; attempt < maxRetries; attempt++) {
         try {
@@ -28,4 +84,4 @@ maxRetries = 5, baseDelayInMs = 1000, backoffFactor = 1.5, errHandler = () => 'c
     }
     throw lastError;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmV0cnkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvcmV0cnkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFnQkEsNENBOEJDO0FBcENEOzs7OztHQUtHO0FBQ0ksS0FBSyxVQUFVLGdCQUFnQixDQUNwQyxFQUFvQixFQUNwQjtBQUNFLDJGQUEyRjtBQUMzRixVQUFVLEdBQUcsQ0FBQyxFQUNkLGFBQWEsR0FBRyxJQUFJLEVBQ3BCLGFBQWEsR0FBRyxHQUFHLEVBQ25CLFVBQVUsR0FBRyxHQUFHLEVBQUUsQ0FBQyxVQUFVLE1BQ0gsRUFBRTtJQUU5QixJQUFJLFNBQTRCLENBQUM7SUFFakMsS0FBSyxJQUFJLE9BQU8sR0FBRyxDQUFDLEVBQUUsT0FBTyxHQUFHLFVBQVUsRUFBRSxPQUFPLEVBQUUsRUFBRSxDQUFDO1FBQ3RELElBQUksQ0FBQztZQUNILE9BQU8sTUFBTSxFQUFFLEVBQUUsQ0FBQztRQUNwQixDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLFNBQVMsR0FBRyxLQUFjLENBQUM7WUFDM0IsSUFDRSxVQUFVLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxLQUFLLFVBQVU7Z0JBQzdDLE9BQU8sS0FBSyxVQUFVLEdBQUcsQ0FBQyxFQUMxQixDQUFDO2dCQUNELE1BQU07WUFDUixDQUFDO1lBQ0QsTUFBTSxLQUFLLEdBQUcsYUFBYSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsYUFBYSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQy9ELE1BQU0sTUFBTSxHQUFHLEtBQUssR0FBRyxDQUFDLEdBQUcsR0FBRyxJQUFJLENBQUMsTUFBTSxFQUFFLEdBQUcsR0FBRyxDQUFDLENBQUMsQ0FBQywwQ0FBMEM7WUFDOUYsTUFBTSxJQUFJLE9BQU8sQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBQzlELENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxTQUFTLENBQUM7QUFDbEIsQ0FBQyJ9
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmV0cnkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvcmV0cnkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUF3REEsNENBTUM7QUFNRCw0REFNQztBQVFELDRDQThCQztBQXRHRDs7Ozs7Ozs7OztHQVVHO0FBQ0gsTUFBTSx3QkFBd0IsR0FHekI7SUFDSCw2Q0FBNkM7SUFDN0M7UUFDRSxPQUFPLEVBQUUsaUJBQWlCO1FBQzFCLFdBQVcsRUFBRSxrQ0FBa0M7S0FDaEQ7SUFFRCw4QkFBOEI7SUFDOUIsRUFBRSxPQUFPLEVBQUUsU0FBUyxFQUFFLFdBQVcsRUFBRSxpQkFBaUIsRUFBRTtJQUN0RCxFQUFFLE9BQU8sRUFBRSxXQUFXLEVBQUUsV0FBVyxFQUFFLG9CQUFvQixFQUFFO0lBQzNELEVBQUUsT0FBTyxFQUFFLFlBQVksRUFBRSxXQUFXLEVBQUUsa0JBQWtCLEVBQUU7SUFDMUQsRUFBRSxPQUFPLEVBQUUsY0FBYyxFQUFFLFdBQVcsRUFBRSxvQkFBb0IsRUFBRTtJQUU5RCx1QkFBdUI7SUFDdkIsRUFBRSxPQUFPLEVBQUUsS0FBSyxFQUFFLFdBQVcsRUFBRSwyQkFBMkIsRUFBRTtJQUM1RCxFQUFFLE9BQU8sRUFBRSxxQkFBcUIsRUFBRSxXQUFXLEVBQUUscUJBQXFCLEVBQUU7SUFFdEUsaURBQWlEO0lBQ2pEO1FBQ0UsT0FBTyxFQUFFLHNCQUFzQjtRQUMvQixXQUFXLEVBQUUsOENBQThDO0tBQzVEO0NBQ0YsQ0FBQztBQUVGOzs7Ozs7O0dBT0c7QUFDSCxTQUFnQixnQkFBZ0IsQ0FBQyxLQUFZO0lBQzNDLE1BQU0sT0FBTyxHQUFHLEtBQUssQ0FBQyxPQUFPLEVBQUUsV0FBVyxFQUFFLElBQUksRUFBRSxDQUFDO0lBRW5ELE9BQU8sd0JBQXdCLENBQUMsSUFBSSxDQUFDLENBQUMsRUFBRSxPQUFPLEVBQUUsRUFBRSxFQUFFLENBQ25ELE9BQU8sQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQzFCLENBQUM7QUFDSixDQUFDO0FBRUQ7OztHQUdHO0FBQ0gsU0FBZ0Isd0JBQXdCLENBQUMsS0FBWTtJQUNuRCxJQUFJLGdCQUFnQixDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7UUFDNUIsT0FBTyxDQUFDLElBQUksQ0FBQyxtQ0FBbUMsS0FBSyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFDakUsT0FBTyxVQUFVLENBQUM7SUFDcEIsQ0FBQztJQUNELE9BQU8sTUFBTSxDQUFDO0FBQ2hCLENBQUM7QUFFRDs7Ozs7R0FLRztBQUNJLEtBQUssVUFBVSxnQkFBZ0IsQ0FDcEMsRUFBb0IsRUFDcEI7QUFDRSwyRkFBMkY7QUFDM0YsVUFBVSxHQUFHLENBQUMsRUFDZCxhQUFhLEdBQUcsSUFBSSxFQUNwQixhQUFhLEdBQUcsR0FBRyxFQUNuQixVQUFVLEdBQUcsd0JBQXdCLE1BQ1gsRUFBRTtJQUU5QixJQUFJLFNBQTRCLENBQUM7SUFFakMsS0FBSyxJQUFJLE9BQU8sR0FBRyxDQUFDLEVBQUUsT0FBTyxHQUFHLFVBQVUsRUFBRSxPQUFPLEVBQUUsRUFBRSxDQUFDO1FBQ3RELElBQUksQ0FBQztZQUNILE9BQU8sTUFBTSxFQUFFLEVBQUUsQ0FBQztRQUNwQixDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLFNBQVMsR0FBRyxLQUFjLENBQUM7WUFDM0IsSUFDRSxVQUFVLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxLQUFLLFVBQVU7Z0JBQzdDLE9BQU8sS0FBSyxVQUFVLEdBQUcsQ0FBQyxFQUMxQixDQUFDO2dCQUNELE1BQU07WUFDUixDQUFDO1lBQ0QsTUFBTSxLQUFLLEdBQUcsYUFBYSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsYUFBYSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQy9ELE1BQU0sTUFBTSxHQUFHLEtBQUssR0FBRyxDQUFDLEdBQUcsR0FBRyxJQUFJLENBQUMsTUFBTSxFQUFFLEdBQUcsR0FBRyxDQUFDLENBQUMsQ0FBQywwQ0FBMEM7WUFDOUYsTUFBTSxJQUFJLE9BQU8sQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBQzlELENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxTQUFTLENBQUM7QUFDbEIsQ0FBQyJ9

package/dist/cjs/test/mocks.d.ts

@@ -1,15 +1,20 @@
-import { Account, Chain, Transport, WalletClient } from 'viem';
+import { Account, Chain, PublicClient, Transport, WalletClient } from 'viem';
 import { vi } from 'vitest';
 import { KmsClient } from '../kms/client.js';
 import { KmsQuorumClient } from '../kms/quorumClient.js';
 interface MinimalKmsClient {
     attestedCompute: ReturnType<typeof vi.fn>;
     attestedDecrypt: ReturnType<typeof vi.fn>;
+    attestedReveal: ReturnType<typeof vi.fn>;
+    eListAttestedDecrypt: ReturnType<typeof vi.fn>;
+    eListAttestedReveal: ReturnType<typeof vi.fn>;
     key: ReturnType<typeof vi.fn>;
     reencrypt: ReturnType<typeof vi.fn>;
 }
 export declare function createMockKmsClient(): MinimalKmsClient & KmsClient;
 export declare function createMockQuorumClient(): KmsQuorumClient;
 export declare function setupMockInQuorumClient(quorumClient: KmsQuorumClient, mockKmsClient: MinimalKmsClient & KmsClient): void;
+export declare function createMockPublicClient(): PublicClient<Transport, Chain>;
 export declare function createTestWalletClient(): WalletClient<Transport, Chain, Account>;
+export declare function createFallbackWalletClient(): WalletClient<Transport, Chain, Account>;
 export {};