@inco/js 0.9.0-devnet-test-10 → 0.10.0-devnet-2

package/dist/esm/lite/types.d.ts

@@ -0,0 +1,47 @@
+import type { HexString } from '../binary.js';
+import type { BackoffConfig } from '../retry.js';
+import type { XwingKeypair } from './xwing.js';
+/**
+ * Options for attested methods when no reencrypt keys are provided.
+ * The KMS generates an ephemeral keypair and returns plaintext.
+ */
+export type AttestedOptsEphemeral = {
+    reencryptPubKey?: never;
+    reencryptKeypair?: never;
+    backoffConfig?: Partial<BackoffConfig>;
+};
+/**
+ * Options for attested methods when only a reencrypt public key is provided.
+ * The KMS encrypts the result under the provided key; caller receives ciphertext.
+ */
+export type AttestedOptsEncrypted = {
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair?: never;
+    backoffConfig?: Partial<BackoffConfig>;
+};
+/**
+ * Options for attested methods when both a reencrypt key and keypair are provided.
+ * The KMS reencrypts under the public key; the SDK decrypts locally using the keypair.
+ */
+export type AttestedOptsDecrypted = {
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair: XwingKeypair;
+    backoffConfig?: Partial<BackoffConfig>;
+};
+/** Union of all valid opts for attestedDecrypt / attestedCompute. */
+export type AttestedOpts = AttestedOptsEphemeral | AttestedOptsEncrypted | AttestedOptsDecrypted;
+/** Extends the base opts with voucher-specific fields for WithVoucher methods. */
+export type AttestedWithVoucherOptsEphemeral = AttestedOptsEphemeral & {
+    requesterArgData?: HexString;
+};
+export type AttestedWithVoucherOptsEncrypted = AttestedOptsEncrypted & {
+    requesterArgData?: HexString;
+};
+export type AttestedWithVoucherOptsDecrypted = AttestedOptsDecrypted & {
+    requesterArgData?: HexString;
+};
+export type AttestedWithVoucherOpts = AttestedWithVoucherOptsEphemeral | AttestedWithVoucherOptsEncrypted | AttestedWithVoucherOptsDecrypted;
+/** Options for attestedReveal. */
+export type AttestedRevealOpts = {
+    backoffConfig?: Partial<BackoffConfig>;
+};

package/dist/esm/lite/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGl0ZS90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIn0=

package/dist/esm/lite/xwing.d.ts

@@ -5,8 +5,33 @@ import { PubKeyEncodable } from '../reencryption/index.js';
  * Combining ML-KEM-768 (1184 bytes) and X25519 (32 bytes).
  */
 export declare const XWING_PUBLIC_KEY_SIZE: number;
+/**
+ * WARNING: TEST KEY - DO NOT USE IN PRODUCTION
+ * This is a well-known test seed (all zeros) that provides NO security.
+ * Anyone can derive the private key from this seed and decrypt all data.
+ * Only use for local development and testing.
+ */
 export declare const TEST_NETWORK_SEED_KEY = "0x0000000000000000000000000000000000000000000000000000000000000000";
+/**
+ * WARNING: TEST KEY - DO NOT USE IN PRODUCTION
+ * This is the public key derived from TEST_NETWORK_SEED_KEY (all zeros).
+ * Data encrypted with this key can be decrypted by anyone who knows the seed.
+ * Only use for local development and testing.
+ *
+ * Generated from Go with seed of all zeros using HPKE layer: hpke.KEM_XWING.Scheme().DeriveKeyPair(seed)
+ * This matches the key used in covalidator's GetXwingPrivateKeyForTesting() via DeriveXwingPrivateKey
+ */
 export declare const TEST_NETWORK_XWING_PUBKEY = "0xca882388911c7c762aafc20debd63e845b3bed28c9d5262cdea7771fb31bd660a1ae7b395a9a7df3d12c7b118e8eda5057572c1ba05cd9b635edf33dabca4cac7291e0848f19c20e5beb850c3818f3543d49b3a5c729cb86a28fda539775d04feda112fe0c81d138aaf623aea7d507a4e826e890105db6065a44aba76a10d771c00d1b33f4ac51869806aae18eada68f19047024542d64a7aa1c91a5e1aa49d93613b5224b415bcc7aa166e4b55033438d20c641f9664fdb1689b53208181463e3d1325d46b30f07c5945b7e3fa1418bf833d975258461b294664eaf60795964924a280729c10a37fc6e967440bdd55d4ca53596286383481291152365303d44517cef369c00933b0b30368a230353e729c031075e8388673678a56b3ba84a165b28096ee9bd684483e1844258b451c365c41fa534152a3b64120041450128e960c7d6437d717ee266bdde7aaeec225ed93b958d188e97407349f1382976ca47d761ecc59a6f394487eb015c083abb490584677240eb47f838c838568a496119378b8bb81484610a50792b5d9c9939db188e7d0249d3cb918c436f111a2898849b286b0743a22c57464c709c5eaceac1ba493adca3328c0b14b5e38d3aea74e328b622b17e7181c35ad11c2103bdb7f2b209d93dcbc4ab61a06bc37139e6d2b7a06c5b7e9267bef3a8918a706f793271a5acc2574532da79e5a10cf074b998147a3c43586a411a513bba0d11cc19a36c83b19277f28022c88b120abfdba7076a8263e05336e3245aef7033eb3c762b5bbfa5791ac960398b649d5cbb652ddc6b2398143a0861ab3b410b696328879c099098adf819fbf7ac170030e86675e7f45c22ac9e1cf52c3102487bb0b91ab592afdc69c6e3a9b71876b86260b6c736b8291098f1130d3b763525cbad540ce2d042eacb6ed43b7bcba898f712c412f26066e09945f44ec7026c8ef959831abc10719d2017a12a41728b41c02371a5f5756ebc79406be708ea41bbd21563c874a0b791a3b4e4224a609967004f065c5ab4f3b4c61cb35df70573269da53179c3701fc5205f61974426f9b794c1b5826494b70842b6920c17752029369264dc8590b898b85c9d89a258e1f46c1b0490efd17c485cb51687cea272041e90b8e629521d3c5e3fa7518161bad7a159295b63cc6c0077897b53d47db8bc0ecb820f550705b65715a1a1094d04854f56acd26aa0baa10cb8447fad6211f53105796a42882328e6852e8de821c283b51eaab9bc95c4dc53615626049d63b1f9a457193805276b1905b0ab39353b5cf91fdd6023d4d816aef9cce4a3cfb3d12190172df221ae61d427563a098cc60e3dc9997ef54959180be5dc64a911157db6be3a01be2ee343caab33b8729abf0c50c674758c511291941fceac646232920907c2e88b9ec10211161729c797643a553a6ae5c4b7483c04e3263bd291e311c609071348b7c3310aa97d6b8318e0a4afe8399fa22f951049a9bb8860f7c69a333d3cc1aaf0129ab560713bf29eb3a01f9a276c78e54e3a3648b2447c80242b271b11406866389426d8b59796540d6b5702092ab21ee217c075cfc0c17ef826ce9ea29b9e61617457a5b1aaa23a58615dc53c59183beb36ea19498c21820b70ab47adeb678f1c52bf8768b3597b608ea1a8a15cd62e8a29bec4a1ac248ef9f02de0144bca06025f95a42bd6c8eaaaaaa2366328561d";
+/**
+ * Check if a byte array matches the test seed key.
+ * Logs a warning if it does.
+ */
+export declare function warnIfTestSeed(seed: Uint8Array): boolean;
+/**
+ * Check if a byte array matches the test public key.
+ * Logs a warning if it does.
+ */
+export declare function warnIfTestPubKey(pubKeyBytes: Uint8Array): boolean;
 /**
  * X-Wing keypair interface.
  * X-Wing is a post-quantum hybrid KEM combining ML-KEM-768 and X25519.
@@ -72,7 +97,7 @@ export type XwingDecryptorArgs = {
 /**
  * Encrypt using X-Wing HPKE (RFC 9180) with ChaCha20-Poly1305 AEAD.
  *
- * Output format: encappedKey (1184 bytes) || ciphertext (variable length)
+ * Output format: encappedKey (1120 bytes) || ciphertext (variable length)
  *
  * @param pubKeyA - Recipient's public key
  * @param msg - Message to encrypt
@@ -84,7 +109,7 @@ export declare function encrypt(pubKeyA: CryptoKey, msg: Uint8Array, aad?: Uint8
 /**
  * Decrypt using X-Wing HPKE (RFC 9180) with ChaCha20-Poly1305 AEAD.
  *
- * Input format: encappedKey (1184 bytes) || ciphertext (variable length)
+ * Input format: encappedKey (1120 bytes) || ciphertext (variable length)
  *
  * @param privKeyA - Recipient's private key
  * @param encryptedData - Encrypted data (encappedKey || ciphertext)
@@ -121,3 +146,9 @@ export declare function getXwingEncryptor({ pubKeyA, }: XwingEncryptorArgs): Enc
  * @returns Decryptor function
  */
 export declare function getXwingDecryptor({ privKeyA, }: XwingDecryptorArgs): Decryptor<XwingScheme>;
+/**
+ * Returns true if the raw public key bytes match the public key encoded by the keypair.
+ * Used to catch caller mistakes before sending the keypair to the covalidator, where a
+ * mismatch would produce a cryptic signature error instead of a clear failure.
+ */
+export declare function reencryptPublicKeysMatch(reencryptPubKey: Uint8Array, reencryptKeypair: XwingKeypair): boolean;

package/dist/esm/lite/xwing.js

@@ -13,12 +13,49 @@ const xwingKem = new XWing();
  * Combining ML-KEM-768 (1184 bytes) and X25519 (32 bytes).
  */
 export const XWING_PUBLIC_KEY_SIZE = xwingKem.publicKeySize;
-// Test network private key for testing
+/**
+ * WARNING: TEST KEY - DO NOT USE IN PRODUCTION
+ * This is a well-known test seed (all zeros) that provides NO security.
+ * Anyone can derive the private key from this seed and decrypt all data.
+ * Only use for local development and testing.
+ */
 export const TEST_NETWORK_SEED_KEY = '0x0000000000000000000000000000000000000000000000000000000000000000';
-// Test network X-Wing public key (1216 bytes)
-// Generated from Go with seed of all zeros using HPKE layer: hpke.KEM_XWING.Scheme().DeriveKeyPair(seed)
-// This matches the key used in covalidator's GetXwingPrivateKeyForTesting() via DeriveXwingPrivateKey
+const TEST_NETWORK_SEED_BYTES = bytesFromHexString(TEST_NETWORK_SEED_KEY);
+/**
+ * WARNING: TEST KEY - DO NOT USE IN PRODUCTION
+ * This is the public key derived from TEST_NETWORK_SEED_KEY (all zeros).
+ * Data encrypted with this key can be decrypted by anyone who knows the seed.
+ * Only use for local development and testing.
+ *
+ * Generated from Go with seed of all zeros using HPKE layer: hpke.KEM_XWING.Scheme().DeriveKeyPair(seed)
+ * This matches the key used in covalidator's GetXwingPrivateKeyForTesting() via DeriveXwingPrivateKey
+ */
 export const TEST_NETWORK_XWING_PUBKEY = '0xca882388911c7c762aafc20debd63e845b3bed28c9d5262cdea7771fb31bd660a1ae7b395a9a7df3d12c7b118e8eda5057572c1ba05cd9b635edf33dabca4cac7291e0848f19c20e5beb850c3818f3543d49b3a5c729cb86a28fda539775d04feda112fe0c81d138aaf623aea7d507a4e826e890105db6065a44aba76a10d771c00d1b33f4ac51869806aae18eada68f19047024542d64a7aa1c91a5e1aa49d93613b5224b415bcc7aa166e4b55033438d20c641f9664fdb1689b53208181463e3d1325d46b30f07c5945b7e3fa1418bf833d975258461b294664eaf60795964924a280729c10a37fc6e967440bdd55d4ca53596286383481291152365303d44517cef369c00933b0b30368a230353e729c031075e8388673678a56b3ba84a165b28096ee9bd684483e1844258b451c365c41fa534152a3b64120041450128e960c7d6437d717ee266bdde7aaeec225ed93b958d188e97407349f1382976ca47d761ecc59a6f394487eb015c083abb490584677240eb47f838c838568a496119378b8bb81484610a50792b5d9c9939db188e7d0249d3cb918c436f111a2898849b286b0743a22c57464c709c5eaceac1ba493adca3328c0b14b5e38d3aea74e328b622b17e7181c35ad11c2103bdb7f2b209d93dcbc4ab61a06bc37139e6d2b7a06c5b7e9267bef3a8918a706f793271a5acc2574532da79e5a10cf074b998147a3c43586a411a513bba0d11cc19a36c83b19277f28022c88b120abfdba7076a8263e05336e3245aef7033eb3c762b5bbfa5791ac960398b649d5cbb652ddc6b2398143a0861ab3b410b696328879c099098adf819fbf7ac170030e86675e7f45c22ac9e1cf52c3102487bb0b91ab592afdc69c6e3a9b71876b86260b6c736b8291098f1130d3b763525cbad540ce2d042eacb6ed43b7bcba898f712c412f26066e09945f44ec7026c8ef959831abc10719d2017a12a41728b41c02371a5f5756ebc79406be708ea41bbd21563c874a0b791a3b4e4224a609967004f065c5ab4f3b4c61cb35df70573269da53179c3701fc5205f61974426f9b794c1b5826494b70842b6920c17752029369264dc8590b898b85c9d89a258e1f46c1b0490efd17c485cb51687cea272041e90b8e629521d3c5e3fa7518161bad7a159295b63cc6c0077897b53d47db8bc0ecb820f550705b65715a1a1094d04854f56acd26aa0baa10cb8447fad6211f53105796a42882328e6852e8de821c283b51eaab9bc95c4dc53615626049d63b1f9a457193805276b1905b0ab39353b5cf91fdd6023d4d816aef9cce4a3cfb3d12190172df221ae61d427563a098cc60e3dc9997ef54959180be5dc64a911157db6be3a01be2ee343caab33b8729abf0c50c674758c511291941fceac646232920907c2e88b9ec10211161729c797643a553a6ae5c4b7483c04e3263bd291e311c609071348b7c3310aa97d6b8318e0a4afe8399fa22f951049a9bb8860f7c69a333d3cc1aaf0129ab560713bf29eb3a01f9a276c78e54e3a3648b2447c80242b271b11406866389426d8b59796540d6b5702092ab21ee217c075cfc0c17ef826ce9ea29b9e61617457a5b1aaa23a58615dc53c59183beb36ea19498c21820b70ab47adeb678f1c52bf8768b3597b608ea1a8a15cd62e8a29bec4a1ac248ef9f02de0144bca06025f95a42bd6c8eaaaaaa2366328561d';
+const TEST_NETWORK_PUBKEY_BYTES = bytesFromHexString(TEST_NETWORK_XWING_PUBKEY);
+/**
+ * Check if a byte array matches the test seed key.
+ * Logs a warning if it does.
+ */
+export function warnIfTestSeed(seed) {
+    const isTestSeed = seed.every((byte, i) => byte === TEST_NETWORK_SEED_BYTES[i]);
+    if (isTestSeed) {
+        console.warn('WARNING: Using TEST_NETWORK_SEED_KEY. This key provides no security ' +
+            'and should only be used for local development and testing.');
+    }
+    return isTestSeed;
+}
+/**
+ * Check if a byte array matches the test public key.
+ * Logs a warning if it does.
+ */
+export function warnIfTestPubKey(pubKeyBytes) {
+    const isTestPubKey = pubKeyBytes.every((byte, i) => byte === TEST_NETWORK_PUBKEY_BYTES[i]);
+    if (isTestPubKey) {
+        console.warn('WARNING: Using TEST_NETWORK_XWING_PUBKEY. Data encrypted with this key ' +
+            'can be decrypted by anyone. Only use for local development and testing.');
+    }
+    return isTestPubKey;
+}
 /**
  * Create HPKE cipher suite with X-Wing KEM, HKDF-SHA256, and ChaCha20-Poly1305 AEAD.
  * This configuration provides post-quantum security with hybrid classical/PQ encryption.
@@ -47,6 +84,7 @@ export async function deriveXwingKeypairFromSeed(seed) {
     if (seed.length !== 32) {
         throw new Error(`Invalid X-Wing seed length: expected 32 bytes, got ${seed.length}`);
     }
+    warnIfTestSeed(seed);
     const suite = await createXwingSuite();
     // Create a fresh ArrayBuffer copy to avoid SharedArrayBuffer issues
     const seedCopy = new Uint8Array(seed);
@@ -90,6 +128,7 @@ export async function decodeXwingPublicKey(pubKeyBytes) {
     if (pubKeyBytes.length !== suite.kem.publicKeySize) {
         throw new Error(`Invalid X-Wing public key length: expected ${XWING_PUBLIC_KEY_SIZE} bytes, got ${pubKeyBytes.length}`);
     }
+    warnIfTestPubKey(pubKeyBytes);
     // Create a fresh ArrayBuffer copy to avoid SharedArrayBuffer issues
     const pubKeyCopy = new Uint8Array(pubKeyBytes);
     return await suite.kem.deserializePublicKey(pubKeyCopy.buffer);
@@ -117,7 +156,7 @@ export async function encodeXwingPublicKey(publicKey) {
 /**
  * Encrypt using X-Wing HPKE (RFC 9180) with ChaCha20-Poly1305 AEAD.
  *
- * Output format: encappedKey (1184 bytes) || ciphertext (variable length)
+ * Output format: encappedKey (1120 bytes) || ciphertext (variable length)
  *
  * @param pubKeyA - Recipient's public key
  * @param msg - Message to encrypt
@@ -127,6 +166,9 @@ export async function encodeXwingPublicKey(publicKey) {
  */
 export async function encrypt(pubKeyA, msg, aad = new Uint8Array(0), info = new Uint8Array(0)) {
     const suite = await createXwingSuite();
+    // Warn if using the insecure test public key
+    const pubKeyBytes = new Uint8Array(await suite.kem.serializePublicKey(pubKeyA));
+    warnIfTestPubKey(pubKeyBytes);
     // Create fresh ArrayBuffer copies to avoid SharedArrayBuffer issues
     const infoCopy = new Uint8Array(info);
     const sender = await suite.createSenderContext({
@@ -146,7 +188,7 @@ export async function encrypt(pubKeyA, msg, aad = new Uint8Array(0), info = new
 /**
  * Decrypt using X-Wing HPKE (RFC 9180) with ChaCha20-Poly1305 AEAD.
  *
- * Input format: encappedKey (1184 bytes) || ciphertext (variable length)
+ * Input format: encappedKey (1120 bytes) || ciphertext (variable length)
  *
  * @param privKeyA - Recipient's private key
  * @param encryptedData - Encrypted data (encappedKey || ciphertext)
@@ -260,4 +302,14 @@ export function getXwingDecryptor({ privKeyA, }) {
         return bytesToPlaintext(computable.value.value, encryptionSchemes.xwing, typ);
     };
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoieHdpbmcuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGl0ZS94d2luZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSx3QkFBd0IsQ0FBQztBQUMxRCxPQUFPLEVBQUUsV0FBVyxFQUFFLFVBQVUsRUFBRSxNQUFNLFlBQVksQ0FBQztBQUNyRCxPQUFPLEVBQUUsS0FBSyxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDL0MsT0FBTyxFQUFFLFNBQVMsRUFBRSxrQkFBa0IsRUFBRSxVQUFVLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDekUsT0FBTyxFQUNMLGdCQUFnQixFQUVoQixxQkFBcUIsRUFFckIscUJBQXFCLEVBQ3JCLGlCQUFpQixFQUdqQix1QkFBdUIsRUFHdkIsZ0JBQWdCLEdBRWpCLE1BQU0sNkJBQTZCLENBQUM7QUFDckMsT0FBTyxFQUFFLGFBQWEsRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUUvRCxPQUFPLEVBQUUsS0FBSyxFQUFFLE1BQU0sY0FBYyxDQUFDO0FBQ3JDLE9BQU8sRUFBRSxXQUFXLEVBQUUsV0FBVyxFQUFFLE1BQU0sV0FBVyxDQUFDO0FBRXJELHdDQUF3QztBQUN4QyxNQUFNLFFBQVEsR0FBRyxJQUFJLEtBQUssRUFBRSxDQUFDO0FBRTdCOzs7R0FHRztBQUNILE1BQU0sQ0FBQyxNQUFNLHFCQUFxQixHQUFHLFFBQVEsQ0FBQyxhQUFhLENBQUM7QUFFNUQsdUNBQXVDO0FBQ3ZDLE1BQU0sQ0FBQyxNQUFNLHFCQUFxQixHQUNoQyxvRUFBb0UsQ0FBQztBQUV2RSw4Q0FBOEM7QUFDOUMseUdBQXlHO0FBQ3pHLHNHQUFzRztBQUN0RyxNQUFNLENBQUMsTUFBTSx5QkFBeUIsR0FDcEMsbzRFQUFvNEUsQ0FBQztBQWV2NEU7Ozs7O0dBS0c7QUFDSCxLQUFLLFVBQVUsZ0JBQWdCO0lBQzdCLE1BQU0sR0FBRyxHQUFHLElBQUksS0FBSyxFQUFFLENBQUM7SUFDeEIscUVBQXFFO0lBQ3JFLGlGQUFpRjtJQUNqRixNQUFNLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQztJQUNuQixPQUFPLElBQUksV0FBVyxDQUFDO1FBQ3JCLEdBQUc7UUFDSCxHQUFHLEVBQUUsSUFBSSxVQUFVLEVBQUU7UUFDckIsSUFBSSxFQUFFLElBQUksZ0JBQWdCLEVBQUU7S0FDN0IsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVEOzs7Ozs7R0FNRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsMEJBQTBCLENBQzlDLElBQWdCO0lBRWhCLElBQUksSUFBSSxDQUFDLE1BQU0sS0FBSyxFQUFFLEVBQUUsQ0FBQztRQUN2QixNQUFNLElBQUksS0FBSyxDQUNiLHNEQUFzRCxJQUFJLENBQUMsTUFBTSxFQUFFLENBQ3BFLENBQUM7SUFDSixDQUFDO0lBRUQsTUFBTSxLQUFLLEdBQUcsTUFBTSxnQkFBZ0IsRUFBRSxDQUFDO0lBQ3ZDLG9FQUFvRTtJQUNwRSxNQUFNLFFBQVEsR0FBRyxJQUFJLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUV0QyxNQUFNLE9BQU8sR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUMvRCxNQUFNLGNBQWMsR0FBRyxJQUFJLFVBQVUsQ0FDbkMsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FDdEQsQ0FBQztJQUVGLE9BQU87UUFDTCxNQUFNLEVBQUUsaUJBQWlCLENBQUMsS0FBSztRQUMvQixTQUFTLEVBQUUsT0FBTyxDQUFDLFNBQVM7UUFDNUIsVUFBVSxFQUFFLE9BQU8sQ0FBQyxVQUFVO1FBQzlCLGVBQWU7WUFDYixPQUFPLGNBQWMsQ0FBQztRQUN4QixDQUFDO0tBQ0YsQ0FBQztBQUNKLENBQUM7QUFFRDs7OztHQUlHO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxvQkFBb0I7SUFDeEMsTUFBTSxLQUFLLEdBQUcsTUFBTSxnQkFBZ0IsRUFBRSxDQUFDO0lBQ3ZDLE1BQU0sT0FBTyxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxlQUFlLEVBQUUsQ0FBQztJQUNsRCxNQUFNLGNBQWMsR0FBRyxJQUFJLFVBQVUsQ0FDbkMsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FDdEQsQ0FBQztJQUVGLE9BQU87UUFDTCxNQUFNLEVBQUUsaUJBQWlCLENBQUMsS0FBSztRQUMvQixTQUFTLEVBQUUsT0FBTyxDQUFDLFNBQVM7UUFDNUIsVUFBVSxFQUFFLE9BQU8sQ0FBQyxVQUFVO1FBQzlCLGVBQWU7WUFDYixPQUFPLGNBQWMsQ0FBQztRQUN4QixDQUFDO0tBQ0YsQ0FBQztBQUNKLENBQUM7QUFFRDs7Ozs7R0FLRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsb0JBQW9CLENBQ3hDLFdBQXVCO0lBRXZCLE1BQU0sS0FBSyxHQUFHLE1BQU0sZ0JBQWdCLEVBQUUsQ0FBQztJQUN2QyxJQUFJLFdBQVcsQ0FBQyxNQUFNLEtBQUssS0FBSyxDQUFDLEdBQUcsQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUNuRCxNQUFNLElBQUksS0FBSyxDQUNiLDhDQUE4QyxxQkFBcUIsZUFBZSxXQUFXLENBQUMsTUFBTSxFQUFFLENBQ3ZHLENBQUM7SUFDSixDQUFDO0lBQ0Qsb0VBQW9FO0lBQ3BFLE1BQU0sVUFBVSxHQUFHLElBQUksVUFBVSxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBRS9DLE9BQU8sTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLG9CQUFvQixDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQztBQUNqRSxDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxxQkFBcUIsQ0FDekMsSUFBZ0I7SUFFaEIsT0FBTyxNQUFNLDBCQUEwQixDQUFDLElBQUksQ0FBQyxDQUFDO0FBQ2hELENBQUM7QUFFRDs7Ozs7R0FLRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsb0JBQW9CLENBQ3hDLFNBQW9CO0lBRXBCLE1BQU0sS0FBSyxHQUFHLE1BQU0sZ0JBQWdCLEVBQUUsQ0FBQztJQUN2QyxPQUFPLElBQUksVUFBVSxDQUFDLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDO0FBQ3ZFLENBQUM7QUFrQkQ7Ozs7Ozs7Ozs7R0FVRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsT0FBTyxDQUMzQixPQUFrQixFQUNsQixHQUFlLEVBQ2YsTUFBa0IsSUFBSSxVQUFVLENBQUMsQ0FBQyxDQUFDLEVBQ25DLE9BQW1CLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQztJQUVwQyxNQUFNLEtBQUssR0FBRyxNQUFNLGdCQUFnQixFQUFFLENBQUM7SUFFdkMsb0VBQW9FO0lBQ3BFLE1BQU0sUUFBUSxHQUFHLElBQUksVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBRXRDLE1BQU0sTUFBTSxHQUFHLE1BQU0sS0FBSyxDQUFDLG1CQUFtQixDQUFDO1FBQzdDLGtCQUFrQixFQUFFLE9BQU87UUFDM0IsSUFBSSxFQUFFLFFBQVEsQ0FBQyxNQUFNO0tBQ3RCLENBQUMsQ0FBQztJQUVILE1BQU0sT0FBTyxHQUFHLElBQUksVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3BDLE1BQU0sT0FBTyxHQUFHLElBQUksVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBRXBDLE1BQU0sVUFBVSxHQUFHLE1BQU0sTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUNyRSxNQUFNLFdBQVcsR0FBRyxNQUFNLENBQUMsR0FBRyxDQUFDO0lBRS9CLHlDQUF5QztJQUN6QyxNQUFNLE1BQU0sR0FBRyxJQUFJLFVBQVUsQ0FBQyxXQUFXLENBQUMsVUFBVSxHQUFHLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUM5RSxNQUFNLENBQUMsR0FBRyxDQUFDLElBQUksVUFBVSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQzNDLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxVQUFVLENBQUMsVUFBVSxDQUFDLEVBQUUsV0FBVyxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBRS9ELE9BQU8sTUFBTSxDQUFDO0FBQ2hCLENBQUM7QUFFRDs7Ozs7Ozs7OztHQVVHO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxPQUFPLENBQzNCLFFBQXNCLEVBQ3RCLGFBQXlCLEVBQ3pCLE1BQWtCLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxFQUNuQyxPQUFtQixJQUFJLFVBQVUsQ0FBQyxDQUFDLENBQUM7SUFFcEMsTUFBTSxLQUFLLEdBQUcsTUFBTSxnQkFBZ0IsRUFBRSxDQUFDO0lBRXZDLDRDQUE0QztJQUM1QyxNQUFNLGVBQWUsR0FBRyxLQUFLLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQztJQUMxQyxJQUFJLGFBQWEsQ0FBQyxNQUFNLEdBQUcsZUFBZSxFQUFFLENBQUM7UUFDM0MsTUFBTSxJQUFJLEtBQUssQ0FDYiwyREFBMkQsZUFBZSxlQUFlLGFBQWEsQ0FBQyxNQUFNLEVBQUUsQ0FDaEgsQ0FBQztJQUNKLENBQUM7SUFFRCxtQ0FBbUM7SUFDbkMsTUFBTSxXQUFXLEdBQUcsYUFBYSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsZUFBZSxDQUFDLENBQUM7SUFDNUQsTUFBTSxVQUFVLEdBQUcsYUFBYSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUV4RCxvRUFBb0U7SUFDcEUsTUFBTSxRQUFRLEdBQUcsSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDdEMsTUFBTSxPQUFPLEdBQUcsSUFBSSxVQUFVLENBQUMsV0FBVyxDQUFDLENBQUM7SUFFNUMsTUFBTSxTQUFTLEdBQUcsTUFBTSxLQUFLLENBQUMsc0JBQXNCLENBQUM7UUFDbkQsWUFBWSxFQUFFLFFBQVEsQ0FBQyxVQUFVO1FBQ2pDLEdBQUcsRUFBRSxPQUFPLENBQUMsTUFBTTtRQUNuQixJQUFJLEVBQUUsUUFBUSxDQUFDLE1BQU07S0FDdEIsQ0FBQyxDQUFDO0lBRUgsTUFBTSxNQUFNLEdBQUcsSUFBSSxVQUFVLENBQUMsVUFBVSxDQUFDLENBQUM7SUFDMUMsTUFBTSxPQUFPLEdBQUcsSUFBSSxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUM7SUFFcEMsTUFBTSxTQUFTLEdBQUcsTUFBTSxTQUFTLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBRXRFLE9BQU8sSUFBSSxVQUFVLENBQUMsU0FBUyxDQUFDLENBQUM7QUFDbkMsQ0FBQztBQUVEOzs7Ozs7Ozs7Ozs7R0FZRztBQUNILE1BQU0sVUFBVSxpQkFBaUIsQ0FBQyxFQUNoQyxPQUFPLEdBQ1k7SUFDbkIsT0FBTyxLQUFLLEVBQThCLEVBQ3hDLFNBQVMsRUFDVCxPQUFPLEdBQ2dDLEVBRXZDLEVBQUU7UUFDRixJQUFJLFNBQVMsQ0FBQyxNQUFNLEtBQUssaUJBQWlCLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDakQsTUFBTSxJQUFJLEtBQUssQ0FDYix5QkFBeUIsdUJBQXVCLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxrQ0FBa0MsQ0FDckcsQ0FBQztRQUNKLENBQUM7UUFFRCxnREFBZ0Q7UUFDaEQsTUFBTSwyQkFBMkIsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUM3QyxXQUFXLENBQUMsRUFBRSxTQUFTLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FDcEMsQ0FBQztRQUVGLGdEQUFnRDtRQUNoRCxNQUFNLEdBQUcsR0FBRyxJQUFJLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUM5QixNQUFNLElBQUksR0FBRyxJQUFJLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUMvQixNQUFNLEVBQUUsR0FBRyxNQUFNLE9BQU8sQ0FBQyxPQUFPLEVBQUUsMkJBQTJCLEVBQUUsR0FBRyxFQUFFLElBQUksQ0FBQyxDQUFDO1FBRTFFLHVEQUF1RDtRQUN2RCxNQUFNLFNBQVMsR0FBRyxnQkFBZ0IsQ0FBQztZQUNqQyxVQUFVLEVBQUUsRUFBRTtZQUNkLFVBQVUsRUFBRSxTQUFTLENBQUMsSUFBSTtZQUMxQixXQUFXLEVBQUUsQ0FBQztZQUNkLGFBQWEsRUFBRSxDQUFDO1NBQ2pCLENBQUMsQ0FBQztRQUVILE1BQU0sTUFBTSxHQUFHLGFBQWEsQ0FBQztZQUMzQixTQUFTO1lBQ1QsT0FBTyxFQUFFLE9BQU87U0FDakIsQ0FBQyxDQUFDO1FBRUgsT0FBTztZQUNMLFNBQVMsRUFBRSxTQUFTLENBQUMsU0FBUyxDQUFDO1lBQy9CLE1BQU0sRUFBRSxTQUFTLENBQUMsTUFBTSxDQUFDO1lBQ3pCLE9BQU87WUFDUCxVQUFVLEVBQUU7Z0JBQ1YsTUFBTSxFQUFFLGlCQUFpQixDQUFDLEtBQUs7Z0JBQy9CLElBQUksRUFBRSxTQUFTLENBQUMsSUFBSTtnQkFDcEIsMERBQTBEO2dCQUMxRCxLQUFLLEVBQUUscUJBQXFCLENBQzFCLE9BQU8sQ0FBQyxPQUFPLEVBQ2YsVUFBVSxDQUFDLE1BQU0sQ0FBQyxFQUNsQixVQUFVLENBQUMsRUFBRSxDQUFDLENBQ2Y7YUFDRjtTQUNGLENBQUM7SUFDSixDQUFDLENBQUM7QUFDSixDQUFDO0FBRUQ7Ozs7Ozs7Ozs7OztHQVlHO0FBQ0gsTUFBTSxVQUFVLGlCQUFpQixDQUFDLEVBQ2hDLFFBQVEsR0FDVztJQUNuQixPQUFPLEtBQUssRUFBOEIsRUFDeEMsTUFBTSxFQUNOLEtBQUssR0FDd0IsRUFBd0MsRUFBRTtRQUN2RSxJQUFJLE1BQU0sS0FBSyxpQkFBaUIsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUN2QyxNQUFNLElBQUksS0FBSyxDQUNiLDBCQUEwQix1QkFBdUIsQ0FBQyxNQUFNLENBQUMsa0NBQWtDLENBQzVGLENBQUM7UUFDSixDQUFDO1FBRUQsOEJBQThCO1FBQzlCLE1BQU0sRUFBRSxVQUFVLEVBQUUsR0FBRyxxQkFBcUIsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUVwRCxnREFBZ0Q7UUFDaEQsTUFBTSxHQUFHLEdBQUcsSUFBSSxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDOUIsTUFBTSxJQUFJLEdBQUcsSUFBSSxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDL0IsTUFBTSxLQUFLLEdBQUcsTUFBTSxPQUFPLENBQ3pCLFFBQVEsRUFDUixrQkFBa0IsQ0FBQyxVQUFVLENBQUMsRUFDOUIsR0FBRyxFQUNILElBQUksQ0FDTCxDQUFDO1FBRUYsOEJBQThCO1FBQzlCLE1BQU0sT0FBTyxHQUFHLFdBQVcsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUNuQyxNQUFNLFVBQVUsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDO1FBRWpDLElBQUksVUFBVSxDQUFDLElBQUksS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUNqQyxNQUFNLElBQUksS0FBSyxDQUNiLGlIQUFpSCxDQUNsSCxDQUFDO1FBQ0osQ0FBQztRQUVELCtCQUErQjtRQUMvQixNQUFNLEdBQUcsR0FBRyxLQUFLLENBQUMsZ0JBQWdCLEVBQUUsVUFBVSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUMzRCxPQUFPLGdCQUFnQixDQUNyQixVQUFVLENBQUMsS0FBSyxDQUFDLEtBQUssRUFDdEIsaUJBQWlCLENBQUMsS0FBSyxFQUN2QixHQUFHLENBQzJCLENBQUM7SUFDbkMsQ0FBQyxDQUFDO0FBQ0osQ0FBQyJ9
+/**
+ * Returns true if the raw public key bytes match the public key encoded by the keypair.
+ * Used to catch caller mistakes before sending the keypair to the covalidator, where a
+ * mismatch would produce a cryptic signature error instead of a clear failure.
+ */
+export function reencryptPublicKeysMatch(reencryptPubKey, reencryptKeypair) {
+    const keypairPubKey = reencryptKeypair.encodePublicKey();
+    return (keypairPubKey.length === reencryptPubKey.length &&
+        keypairPubKey.every((byte, i) => byte === reencryptPubKey[i]));
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoieHdpbmcuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbGl0ZS94d2luZy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSx3QkFBd0IsQ0FBQztBQUMxRCxPQUFPLEVBQUUsV0FBVyxFQUFFLFVBQVUsRUFBRSxNQUFNLFlBQVksQ0FBQztBQUNyRCxPQUFPLEVBQUUsS0FBSyxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDL0MsT0FBTyxFQUFFLFNBQVMsRUFBRSxrQkFBa0IsRUFBRSxVQUFVLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDekUsT0FBTyxFQUNMLGdCQUFnQixFQUVoQixxQkFBcUIsRUFFckIscUJBQXFCLEVBQ3JCLGlCQUFpQixFQUdqQix1QkFBdUIsRUFHdkIsZ0JBQWdCLEdBRWpCLE1BQU0sNkJBQTZCLENBQUM7QUFDckMsT0FBTyxFQUFFLGFBQWEsRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUUvRCxPQUFPLEVBQUUsS0FBSyxFQUFFLE1BQU0sY0FBYyxDQUFDO0FBQ3JDLE9BQU8sRUFBRSxXQUFXLEVBQUUsV0FBVyxFQUFFLE1BQU0sV0FBVyxDQUFDO0FBRXJELHdDQUF3QztBQUN4QyxNQUFNLFFBQVEsR0FBRyxJQUFJLEtBQUssRUFBRSxDQUFDO0FBRTdCOzs7R0FHRztBQUNILE1BQU0sQ0FBQyxNQUFNLHFCQUFxQixHQUFHLFFBQVEsQ0FBQyxhQUFhLENBQUM7QUFFNUQ7Ozs7O0dBS0c7QUFDSCxNQUFNLENBQUMsTUFBTSxxQkFBcUIsR0FDaEMsb0VBQW9FLENBQUM7QUFFdkUsTUFBTSx1QkFBdUIsR0FBRyxrQkFBa0IsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0FBRTFFOzs7Ozs7OztHQVFHO0FBQ0gsTUFBTSxDQUFDLE1BQU0seUJBQXlCLEdBQ3BDLG80RUFBbzRFLENBQUM7QUFFdjRFLE1BQU0seUJBQXlCLEdBQUcsa0JBQWtCLENBQUMseUJBQXlCLENBQUMsQ0FBQztBQUVoRjs7O0dBR0c7QUFDSCxNQUFNLFVBQVUsY0FBYyxDQUFDLElBQWdCO0lBQzdDLE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQzNCLENBQUMsSUFBSSxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsSUFBSSxLQUFLLHVCQUF1QixDQUFDLENBQUMsQ0FBQyxDQUNqRCxDQUFDO0lBQ0YsSUFBSSxVQUFVLEVBQUUsQ0FBQztRQUNmLE9BQU8sQ0FBQyxJQUFJLENBQ1Ysc0VBQXNFO1lBQ3BFLDREQUE0RCxDQUMvRCxDQUFDO0lBQ0osQ0FBQztJQUNELE9BQU8sVUFBVSxDQUFDO0FBQ3BCLENBQUM7QUFFRDs7O0dBR0c7QUFDSCxNQUFNLFVBQVUsZ0JBQWdCLENBQUMsV0FBdUI7SUFDdEQsTUFBTSxZQUFZLEdBQUcsV0FBVyxDQUFDLEtBQUssQ0FDcEMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxJQUFJLEtBQUsseUJBQXlCLENBQUMsQ0FBQyxDQUFDLENBQ25ELENBQUM7SUFDRixJQUFJLFlBQVksRUFBRSxDQUFDO1FBQ2pCLE9BQU8sQ0FBQyxJQUFJLENBQ1YseUVBQXlFO1lBQ3ZFLHlFQUF5RSxDQUM1RSxDQUFDO0lBQ0osQ0FBQztJQUNELE9BQU8sWUFBWSxDQUFDO0FBQ3RCLENBQUM7QUFlRDs7Ozs7R0FLRztBQUNILEtBQUssVUFBVSxnQkFBZ0I7SUFDN0IsTUFBTSxHQUFHLEdBQUcsSUFBSSxLQUFLLEVBQUUsQ0FBQztJQUN4QixxRUFBcUU7SUFDckUsaUZBQWlGO0lBQ2pGLE1BQU0sR0FBRyxDQUFDLE1BQU0sRUFBRSxDQUFDO0lBQ25CLE9BQU8sSUFBSSxXQUFXLENBQUM7UUFDckIsR0FBRztRQUNILEdBQUcsRUFBRSxJQUFJLFVBQVUsRUFBRTtRQUNyQixJQUFJLEVBQUUsSUFBSSxnQkFBZ0IsRUFBRTtLQUM3QixDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSwwQkFBMEIsQ0FDOUMsSUFBZ0I7SUFFaEIsSUFBSSxJQUFJLENBQUMsTUFBTSxLQUFLLEVBQUUsRUFBRSxDQUFDO1FBQ3ZCLE1BQU0sSUFBSSxLQUFLLENBQ2Isc0RBQXNELElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FDcEUsQ0FBQztJQUNKLENBQUM7SUFFRCxjQUFjLENBQUMsSUFBSSxDQUFDLENBQUM7SUFFckIsTUFBTSxLQUFLLEdBQUcsTUFBTSxnQkFBZ0IsRUFBRSxDQUFDO0lBQ3ZDLG9FQUFvRTtJQUNwRSxNQUFNLFFBQVEsR0FBRyxJQUFJLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUV0QyxNQUFNLE9BQU8sR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUMvRCxNQUFNLGNBQWMsR0FBRyxJQUFJLFVBQVUsQ0FDbkMsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FDdEQsQ0FBQztJQUVGLE9BQU87UUFDTCxNQUFNLEVBQUUsaUJBQWlCLENBQUMsS0FBSztRQUMvQixTQUFTLEVBQUUsT0FBTyxDQUFDLFNBQVM7UUFDNUIsVUFBVSxFQUFFLE9BQU8sQ0FBQyxVQUFVO1FBQzlCLGVBQWU7WUFDYixPQUFPLGNBQWMsQ0FBQztRQUN4QixDQUFDO0tBQ0YsQ0FBQztBQUNKLENBQUM7QUFFRDs7OztHQUlHO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxvQkFBb0I7SUFDeEMsTUFBTSxLQUFLLEdBQUcsTUFBTSxnQkFBZ0IsRUFBRSxDQUFDO0lBQ3ZDLE1BQU0sT0FBTyxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxlQUFlLEVBQUUsQ0FBQztJQUNsRCxNQUFNLGNBQWMsR0FBRyxJQUFJLFVBQVUsQ0FDbkMsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FDdEQsQ0FBQztJQUVGLE9BQU87UUFDTCxNQUFNLEVBQUUsaUJBQWlCLENBQUMsS0FBSztRQUMvQixTQUFTLEVBQUUsT0FBTyxDQUFDLFNBQVM7UUFDNUIsVUFBVSxFQUFFLE9BQU8sQ0FBQyxVQUFVO1FBQzlCLGVBQWU7WUFDYixPQUFPLGNBQWMsQ0FBQztRQUN4QixDQUFDO0tBQ0YsQ0FBQztBQUNKLENBQUM7QUFFRDs7Ozs7R0FLRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsb0JBQW9CLENBQ3hDLFdBQXVCO0lBRXZCLE1BQU0sS0FBSyxHQUFHLE1BQU0sZ0JBQWdCLEVBQUUsQ0FBQztJQUN2QyxJQUFJLFdBQVcsQ0FBQyxNQUFNLEtBQUssS0FBSyxDQUFDLEdBQUcsQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUNuRCxNQUFNLElBQUksS0FBSyxDQUNiLDhDQUE4QyxxQkFBcUIsZUFBZSxXQUFXLENBQUMsTUFBTSxFQUFFLENBQ3ZHLENBQUM7SUFDSixDQUFDO0lBRUQsZ0JBQWdCLENBQUMsV0FBVyxDQUFDLENBQUM7SUFFOUIsb0VBQW9FO0lBQ3BFLE1BQU0sVUFBVSxHQUFHLElBQUksVUFBVSxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBRS9DLE9BQU8sTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLG9CQUFvQixDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQztBQUNqRSxDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsTUFBTSxDQUFDLEtBQUssVUFBVSxxQkFBcUIsQ0FDekMsSUFBZ0I7SUFFaEIsT0FBTyxNQUFNLDBCQUEwQixDQUFDLElBQUksQ0FBQyxDQUFDO0FBQ2hELENBQUM7QUFFRDs7Ozs7R0FLRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsb0JBQW9CLENBQ3hDLFNBQW9CO0lBRXBCLE1BQU0sS0FBSyxHQUFHLE1BQU0sZ0JBQWdCLEVBQUUsQ0FBQztJQUN2QyxPQUFPLElBQUksVUFBVSxDQUFDLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDO0FBQ3ZFLENBQUM7QUFrQkQ7Ozs7Ozs7Ozs7R0FVRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsT0FBTyxDQUMzQixPQUFrQixFQUNsQixHQUFlLEVBQ2YsTUFBa0IsSUFBSSxVQUFVLENBQUMsQ0FBQyxDQUFDLEVBQ25DLE9BQW1CLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQztJQUVwQyxNQUFNLEtBQUssR0FBRyxNQUFNLGdCQUFnQixFQUFFLENBQUM7SUFFdkMsNkNBQTZDO0lBQzdDLE1BQU0sV0FBVyxHQUFHLElBQUksVUFBVSxDQUNoQyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLENBQzVDLENBQUM7SUFDRixnQkFBZ0IsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUU5QixvRUFBb0U7SUFDcEUsTUFBTSxRQUFRLEdBQUcsSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUM7SUFFdEMsTUFBTSxNQUFNLEdBQUcsTUFBTSxLQUFLLENBQUMsbUJBQW1CLENBQUM7UUFDN0Msa0JBQWtCLEVBQUUsT0FBTztRQUMzQixJQUFJLEVBQUUsUUFBUSxDQUFDLE1BQU07S0FDdEIsQ0FBQyxDQUFDO0lBRUgsTUFBTSxPQUFPLEdBQUcsSUFBSSxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDcEMsTUFBTSxPQUFPLEdBQUcsSUFBSSxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUM7SUFFcEMsTUFBTSxVQUFVLEdBQUcsTUFBTSxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3JFLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxHQUFHLENBQUM7SUFFL0IseUNBQXlDO0lBQ3pDLE1BQU0sTUFBTSxHQUFHLElBQUksVUFBVSxDQUFDLFdBQVcsQ0FBQyxVQUFVLEdBQUcsVUFBVSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQzlFLE1BQU0sQ0FBQyxHQUFHLENBQUMsSUFBSSxVQUFVLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDM0MsTUFBTSxDQUFDLEdBQUcsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsRUFBRSxXQUFXLENBQUMsVUFBVSxDQUFDLENBQUM7SUFFL0QsT0FBTyxNQUFNLENBQUM7QUFDaEIsQ0FBQztBQUVEOzs7Ozs7Ozs7O0dBVUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLE9BQU8sQ0FDM0IsUUFBc0IsRUFDdEIsYUFBeUIsRUFDekIsTUFBa0IsSUFBSSxVQUFVLENBQUMsQ0FBQyxDQUFDLEVBQ25DLE9BQW1CLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQztJQUVwQyxNQUFNLEtBQUssR0FBRyxNQUFNLGdCQUFnQixFQUFFLENBQUM7SUFFdkMsNENBQTRDO0lBQzVDLE1BQU0sZUFBZSxHQUFHLEtBQUssQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDO0lBQzFDLElBQUksYUFBYSxDQUFDLE1BQU0sR0FBRyxlQUFlLEVBQUUsQ0FBQztRQUMzQyxNQUFNLElBQUksS0FBSyxDQUNiLDJEQUEyRCxlQUFlLGVBQWUsYUFBYSxDQUFDLE1BQU0sRUFBRSxDQUNoSCxDQUFDO0lBQ0osQ0FBQztJQUVELG1DQUFtQztJQUNuQyxNQUFNLFdBQVcsR0FBRyxhQUFhLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxlQUFlLENBQUMsQ0FBQztJQUM1RCxNQUFNLFVBQVUsR0FBRyxhQUFhLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FBQyxDQUFDO0lBRXhELG9FQUFvRTtJQUNwRSxNQUFNLFFBQVEsR0FBRyxJQUFJLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUN0QyxNQUFNLE9BQU8sR0FBRyxJQUFJLFVBQVUsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUU1QyxNQUFNLFNBQVMsR0FBRyxNQUFNLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQztRQUNuRCxZQUFZLEVBQUUsUUFBUSxDQUFDLFVBQVU7UUFDakMsR0FBRyxFQUFFLE9BQU8sQ0FBQyxNQUFNO1FBQ25CLElBQUksRUFBRSxRQUFRLENBQUMsTUFBTTtLQUN0QixDQUFDLENBQUM7SUFFSCxNQUFNLE1BQU0sR0FBRyxJQUFJLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUMxQyxNQUFNLE9BQU8sR0FBRyxJQUFJLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUVwQyxNQUFNLFNBQVMsR0FBRyxNQUFNLFNBQVMsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7SUFFdEUsT0FBTyxJQUFJLFVBQVUsQ0FBQyxTQUFTLENBQUMsQ0FBQztBQUNuQyxDQUFDO0FBRUQ7Ozs7Ozs7Ozs7OztHQVlHO0FBQ0gsTUFBTSxVQUFVLGlCQUFpQixDQUFDLEVBQ2hDLE9BQU8sR0FDWTtJQUNuQixPQUFPLEtBQUssRUFBOEIsRUFDeEMsU0FBUyxFQUNULE9BQU8sR0FDZ0MsRUFFdkMsRUFBRTtRQUNGLElBQUksU0FBUyxDQUFDLE1BQU0sS0FBSyxpQkFBaUIsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNqRCxNQUFNLElBQUksS0FBSyxDQUNiLHlCQUF5Qix1QkFBdUIsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLGtDQUFrQyxDQUNyRyxDQUFDO1FBQ0osQ0FBQztRQUVELGdEQUFnRDtRQUNoRCxNQUFNLDJCQUEyQixHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQzdDLFdBQVcsQ0FBQyxFQUFFLFNBQVMsRUFBRSxPQUFPLEVBQUUsQ0FBQyxDQUNwQyxDQUFDO1FBRUYsZ0RBQWdEO1FBQ2hELE1BQU0sR0FBRyxHQUFHLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQzlCLE1BQU0sSUFBSSxHQUFHLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQy9CLE1BQU0sRUFBRSxHQUFHLE1BQU0sT0FBTyxDQUFDLE9BQU8sRUFBRSwyQkFBMkIsRUFBRSxHQUFHLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFFMUUsdURBQXVEO1FBQ3ZELE1BQU0sU0FBUyxHQUFHLGdCQUFnQixDQUFDO1lBQ2pDLFVBQVUsRUFBRSxFQUFFO1lBQ2QsVUFBVSxFQUFFLFNBQVMsQ0FBQyxJQUFJO1lBQzFCLFdBQVcsRUFBRSxDQUFDO1lBQ2QsYUFBYSxFQUFFLENBQUM7U0FDakIsQ0FBQyxDQUFDO1FBRUgsTUFBTSxNQUFNLEdBQUcsYUFBYSxDQUFDO1lBQzNCLFNBQVM7WUFDVCxPQUFPLEVBQUUsT0FBTztTQUNqQixDQUFDLENBQUM7UUFFSCxPQUFPO1lBQ0wsU0FBUyxFQUFFLFNBQVMsQ0FBQyxTQUFTLENBQUM7WUFDL0IsTUFBTSxFQUFFLFNBQVMsQ0FBQyxNQUFNLENBQUM7WUFDekIsT0FBTztZQUNQLFVBQVUsRUFBRTtnQkFDVixNQUFNLEVBQUUsaUJBQWlCLENBQUMsS0FBSztnQkFDL0IsSUFBSSxFQUFFLFNBQVMsQ0FBQyxJQUFJO2dCQUNwQiwwREFBMEQ7Z0JBQzFELEtBQUssRUFBRSxxQkFBcUIsQ0FDMUIsT0FBTyxDQUFDLE9BQU8sRUFDZixVQUFVLENBQUMsTUFBTSxDQUFDLEVBQ2xCLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FDZjthQUNGO1NBQ0YsQ0FBQztJQUNKLENBQUMsQ0FBQztBQUNKLENBQUM7QUFFRDs7Ozs7Ozs7Ozs7O0dBWUc7QUFDSCxNQUFNLFVBQVUsaUJBQWlCLENBQUMsRUFDaEMsUUFBUSxHQUNXO0lBQ25CLE9BQU8sS0FBSyxFQUE4QixFQUN4QyxNQUFNLEVBQ04sS0FBSyxHQUN3QixFQUF3QyxFQUFFO1FBQ3ZFLElBQUksTUFBTSxLQUFLLGlCQUFpQixDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ3ZDLE1BQU0sSUFBSSxLQUFLLENBQ2IsMEJBQTBCLHVCQUF1QixDQUFDLE1BQU0sQ0FBQyxrQ0FBa0MsQ0FDNUYsQ0FBQztRQUNKLENBQUM7UUFFRCw4QkFBOEI7UUFDOUIsTUFBTSxFQUFFLFVBQVUsRUFBRSxHQUFHLHFCQUFxQixDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRXBELGdEQUFnRDtRQUNoRCxNQUFNLEdBQUcsR0FBRyxJQUFJLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUM5QixNQUFNLElBQUksR0FBRyxJQUFJLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUMvQixNQUFNLEtBQUssR0FBRyxNQUFNLE9BQU8sQ0FDekIsUUFBUSxFQUNSLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxFQUM5QixHQUFHLEVBQ0gsSUFBSSxDQUNMLENBQUM7UUFFRiw4QkFBOEI7UUFDOUIsTUFBTSxPQUFPLEdBQUcsV0FBVyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ25DLE1BQU0sVUFBVSxHQUFHLE9BQU8sQ0FBQyxLQUFLLENBQUM7UUFFakMsSUFBSSxVQUFVLENBQUMsSUFBSSxLQUFLLFFBQVEsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQ2IsaUhBQWlILENBQ2xILENBQUM7UUFDSixDQUFDO1FBRUQsK0JBQStCO1FBQy9CLE1BQU0sR0FBRyxHQUFHLEtBQUssQ0FBQyxnQkFBZ0IsRUFBRSxVQUFVLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzNELE9BQU8sZ0JBQWdCLENBQ3JCLFVBQVUsQ0FBQyxLQUFLLENBQUMsS0FBSyxFQUN0QixpQkFBaUIsQ0FBQyxLQUFLLEVBQ3ZCLEdBQUcsQ0FDMkIsQ0FBQztJQUNuQyxDQUFDLENBQUM7QUFDSixDQUFDO0FBRUQ7Ozs7R0FJRztBQUNILE1BQU0sVUFBVSx3QkFBd0IsQ0FDdEMsZUFBMkIsRUFDM0IsZ0JBQThCO0lBRTlCLE1BQU0sYUFBYSxHQUFHLGdCQUFnQixDQUFDLGVBQWUsRUFBRSxDQUFDO0lBQ3pELE9BQU8sQ0FDTCxhQUFhLENBQUMsTUFBTSxLQUFLLGVBQWUsQ0FBQyxNQUFNO1FBQy9DLGFBQWEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxJQUFJLEtBQUssZUFBZSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQzlELENBQUM7QUFDSixDQUFDIn0=

package/dist/esm/local/local-node.d.ts

@@ -1,4 +1,10 @@
 import { Schema } from 'effect';
+/**
+ * Schema for the environment variables required to connect to a local Inco node.
+ *
+ * Includes executor/sender addresses, keys, covalidator settings, and optional
+ * remote compute-server overrides. Typically populated from a `.env` file.
+ */
 export declare const LocalNodeEnv: Schema.Struct<{
     DEPLOYER_ADDRESS: Schema.brand<Schema.filter<Schema.TemplateLiteral<`0x${string}`>>, "Address">;
     STATE_DUMP: typeof Schema.String;
@@ -14,6 +20,18 @@ export declare const LocalNodeEnv: Schema.Struct<{
     COVALIDATOR_HOST_CHAIN_ID: Schema.optional<typeof Schema.String>;
     COVALIDATOR_URL: Schema.optional<typeof Schema.String>;
     COVALIDATOR_HOST_CHAIN_RPC_URL: Schema.optional<typeof Schema.String>;
+    COVALIDATOR_COMPUTE_TYPE: Schema.optional<typeof Schema.String>;
+    COVALIDATOR_STORAGE_KEY: Schema.optional<Schema.TemplateLiteral<`0x${string}`>>;
 }>;
+/** Parsed local node environment configuration. */
 export type LocalNodeEnv = typeof LocalNodeEnv.Type;
+/**
+ * Parses a dotenv-formatted string or `Buffer` into a validated {@link LocalNodeEnv}.
+ *
+ * Falls back to `process.env` when no argument is provided.
+ *
+ * @param envFileOrObj - A dotenv-formatted string, `Buffer`, or `undefined` to use `process.env`.
+ * @returns A validated `LocalNodeEnv` object.
+ * @throws If required environment variables are missing or invalid.
+ */
 export declare function parseLocalEnv(envFileOrObj?: string | Buffer): LocalNodeEnv;

package/dist/esm/local/local-node.js

@@ -1,5 +1,11 @@
 import { Schema } from 'effect';
 import { Address, HexString } from '../binary.js';
+/**
+ * Schema for the environment variables required to connect to a local Inco node.
+ *
+ * Includes executor/sender addresses, keys, covalidator settings, and optional
+ * remote compute-server overrides. Typically populated from a `.env` file.
+ */
 export const LocalNodeEnv = Schema.Struct({
     DEPLOYER_ADDRESS: Address,
     STATE_DUMP: Schema.String,
@@ -19,9 +25,18 @@ export const LocalNodeEnv = Schema.Struct({
     COVALIDATOR_HOST_CHAIN_ID: Schema.optional(Schema.String),
     COVALIDATOR_URL: Schema.optional(Schema.String),
     COVALIDATOR_HOST_CHAIN_RPC_URL: Schema.optional(Schema.String),
+    COVALIDATOR_COMPUTE_TYPE: Schema.optional(Schema.String),
+    COVALIDATOR_STORAGE_KEY: Schema.optional(HexString),
 });
-// Parses a local environment file or object into a LocalNodeEnv type.
-// If no file or object is provided, it defaults to process.env.
+/**
+ * Parses a dotenv-formatted string or `Buffer` into a validated {@link LocalNodeEnv}.
+ *
+ * Falls back to `process.env` when no argument is provided.
+ *
+ * @param envFileOrObj - A dotenv-formatted string, `Buffer`, or `undefined` to use `process.env`.
+ * @returns A validated `LocalNodeEnv` object.
+ * @throws If required environment variables are missing or invalid.
+ */
 export function parseLocalEnv(envFileOrObj) {
     const envObj = envFileOrObj ? readEnv(envFileOrObj) : process.env;
     return Schema.decodeUnknownSync(LocalNodeEnv)(envObj);
@@ -58,4 +73,4 @@ function parseEnv(envContent) {
     }
     return env;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibG9jYWwtbm9kZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9sb2NhbC9sb2NhbC1ub2RlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxRQUFRLENBQUM7QUFDaEMsT0FBTyxFQUFFLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFFbEQsTUFBTSxDQUFDLE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUM7SUFDeEMsZ0JBQWdCLEVBQUUsT0FBTztJQUN6QixVQUFVLEVBQUUsTUFBTSxDQUFDLE1BQU07SUFDekIsZ0JBQWdCLEVBQUUsT0FBTztJQUN6QixvQ0FBb0M7SUFDcEMsY0FBYyxFQUFFLE1BQU0sQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDO0lBQzFDLGNBQWMsRUFBRSxPQUFPO0lBQ3ZCLGtCQUFrQixFQUFFLFNBQVM7SUFDN0Isb0NBQW9DO0lBQ3BDLHFCQUFxQixFQUFFLE1BQU0sQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDO0lBQ2pELE1BQU0sRUFBRSxNQUFNLENBQUMsTUFBTTtJQUNyQixvQ0FBb0M7SUFDcEMsK0JBQStCLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUM7SUFDM0Qsb0NBQW9DO0lBQ3BDLHNDQUFzQyxFQUFFLE1BQU0sQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDO0lBQ2xFLDhCQUE4QixFQUFFLE9BQU87SUFDdkMseUJBQXlCLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDO0lBQ3pELGVBQWUsRUFBRSxNQUFNLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUM7SUFDL0MsOEJBQThCLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDO0NBQy9ELENBQUMsQ0FBQztBQUlILHNFQUFzRTtBQUN0RSxnRUFBZ0U7QUFDaEUsTUFBTSxVQUFVLGFBQWEsQ0FBQyxZQUE4QjtJQUMxRCxNQUFNLE1BQU0sR0FBRyxZQUFZLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQztJQUNsRSxPQUFPLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxZQUFZLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQztBQUN4RCxDQUFDO0FBRUQsU0FBUyxPQUFPLENBQUMsVUFBMkI7SUFDMUMsT0FBTyxRQUFRLENBQUMsVUFBVSxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUM7QUFDekMsQ0FBQztBQUVELG1GQUFtRjtBQUNuRixTQUFTLFFBQVEsQ0FBQyxVQUFrQjtJQUNsQyxJQUFJLEdBQUcsR0FBMkIsRUFBRSxDQUFDO0lBQ3JDLE1BQU0sS0FBSyxHQUFHLFVBQVUsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUM7SUFFckMsaUNBQWlDO0lBQ2pDLEtBQUssTUFBTSxJQUFJLElBQUksS0FBSyxFQUFFLENBQUM7UUFDekIsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ2hDLElBQUksV0FBVyxJQUFJLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ2hELE1BQU0sVUFBVSxHQUFHLFdBQVcsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDNUMsSUFBSSxVQUFVLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztnQkFDdEIsTUFBTSxHQUFHLEdBQUcsV0FBVyxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsVUFBVSxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7Z0JBQ3hELElBQUksS0FBSyxHQUFHLFdBQVcsQ0FBQyxTQUFTLENBQUMsVUFBVSxHQUFHLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUV6RCx1QkFBdUI7Z0JBQ3ZCLElBQ0UsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEtBQUssQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUM7b0JBQzlDLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsSUFBSSxLQUFLLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQzlDLENBQUM7b0JBQ0QsS0FBSyxHQUFHLEtBQUssQ0FBQyxTQUFTLENBQUMsQ0FBQyxFQUFFLEtBQUssQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUM7Z0JBQy9DLENBQUM7Z0JBRUQsR0FBRyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEtBQUssQ0FBQztZQUNuQixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRCx5REFBeUQ7SUFDekQsS0FBSyxNQUFNLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUMvQyxHQUFHLENBQUMsR0FBRyxDQUFDLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxjQUFjLEVBQUUsQ0FBQyxDQUFDLEVBQUUsT0FBZSxFQUFFLEVBQUU7WUFDOUQsT0FBTyxHQUFHLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDO1FBQzVCLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELE9BQU8sR0FBRyxDQUFDO0FBQ2IsQ0FBQyJ9
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibG9jYWwtbm9kZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9sb2NhbC9sb2NhbC1ub2RlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxRQUFRLENBQUM7QUFDaEMsT0FBTyxFQUFFLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFFbEQ7Ozs7O0dBS0c7QUFDSCxNQUFNLENBQUMsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQztJQUN4QyxnQkFBZ0IsRUFBRSxPQUFPO0lBQ3pCLFVBQVUsRUFBRSxNQUFNLENBQUMsTUFBTTtJQUN6QixnQkFBZ0IsRUFBRSxPQUFPO0lBQ3pCLG9DQUFvQztJQUNwQyxjQUFjLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUM7SUFDMUMsY0FBYyxFQUFFLE9BQU87SUFDdkIsa0JBQWtCLEVBQUUsU0FBUztJQUM3QixvQ0FBb0M7SUFDcEMscUJBQXFCLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUM7SUFDakQsTUFBTSxFQUFFLE1BQU0sQ0FBQyxNQUFNO0lBQ3JCLG9DQUFvQztJQUNwQywrQkFBK0IsRUFBRSxNQUFNLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQztJQUMzRCxvQ0FBb0M7SUFDcEMsc0NBQXNDLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUM7SUFDbEUsOEJBQThCLEVBQUUsT0FBTztJQUN2Qyx5QkFBeUIsRUFBRSxNQUFNLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUM7SUFDekQsZUFBZSxFQUFFLE1BQU0sQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQztJQUMvQyw4QkFBOEIsRUFBRSxNQUFNLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUM7SUFDOUQsd0JBQXdCLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDO0lBQ3hELHVCQUF1QixFQUFFLE1BQU0sQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDO0NBQ3BELENBQUMsQ0FBQztBQUtIOzs7Ozs7OztHQVFHO0FBQ0gsTUFBTSxVQUFVLGFBQWEsQ0FBQyxZQUE4QjtJQUMxRCxNQUFNLE1BQU0sR0FBRyxZQUFZLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQztJQUNsRSxPQUFPLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxZQUFZLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQztBQUN4RCxDQUFDO0FBRUQsU0FBUyxPQUFPLENBQUMsVUFBMkI7SUFDMUMsT0FBTyxRQUFRLENBQUMsVUFBVSxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUM7QUFDekMsQ0FBQztBQUVELG1GQUFtRjtBQUNuRixTQUFTLFFBQVEsQ0FBQyxVQUFrQjtJQUNsQyxJQUFJLEdBQUcsR0FBMkIsRUFBRSxDQUFDO0lBQ3JDLE1BQU0sS0FBSyxHQUFHLFVBQVUsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUM7SUFFckMsaUNBQWlDO0lBQ2pDLEtBQUssTUFBTSxJQUFJLElBQUksS0FBSyxFQUFFLENBQUM7UUFDekIsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ2hDLElBQUksV0FBVyxJQUFJLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ2hELE1BQU0sVUFBVSxHQUFHLFdBQVcsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDNUMsSUFBSSxVQUFVLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztnQkFDdEIsTUFBTSxHQUFHLEdBQUcsV0FBVyxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsVUFBVSxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7Z0JBQ3hELElBQUksS0FBSyxHQUFHLFdBQVcsQ0FBQyxTQUFTLENBQUMsVUFBVSxHQUFHLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUV6RCx1QkFBdUI7Z0JBQ3ZCLElBQ0UsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEtBQUssQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUM7b0JBQzlDLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsSUFBSSxLQUFLLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQzlDLENBQUM7b0JBQ0QsS0FBSyxHQUFHLEtBQUssQ0FBQyxTQUFTLENBQUMsQ0FBQyxFQUFFLEtBQUssQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUM7Z0JBQy9DLENBQUM7Z0JBRUQsR0FBRyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEtBQUssQ0FBQztZQUNuQixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRCx5REFBeUQ7SUFDekQsS0FBSyxNQUFNLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUMvQyxHQUFHLENBQUMsR0FBRyxDQUFDLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxjQUFjLEVBQUUsQ0FBQyxDQUFDLEVBQUUsT0FBZSxFQUFFLEVBQUU7WUFDOUQsT0FBTyxHQUFHLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxDQUFDO1FBQzVCLENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELE9BQU8sR0FBRyxDQUFDO0FBQ2IsQ0FBQyJ9

package/dist/esm/reencryption/eip712.d.ts

@@ -14,9 +14,36 @@ declare const baseEIP712: Schema.Struct<{
     }>>>;
 }>;
 type BaseEIP712 = typeof baseEIP712.Type;
+/**
+ * An EIP-712 typed data payload with a generic `message` field.
+ *
+ * Extends the base EIP-712 structure (domain, primaryType, types) with
+ * a strongly-typed `message` object for signing.
+ *
+ * @typeParam Message - The shape of the application-specific message to sign.
+ */
 export interface EIP712<Message extends object> extends BaseEIP712 {
     message: Message;
 }
+/**
+ * Creates an EIP-712 typed data payload for user signing.
+ *
+ * Used to verify the user controls the private key corresponding to the ephemeral
+ * public key embedded in the payload. The `message` keys must exactly match the
+ * `name` values in `primaryTypeFields`.
+ *
+ * @typeParam PrimaryType - The EIP-712 primary type name.
+ * @typeParam Message - The shape of the message to sign.
+ * @param params.chainId - The chain ID for the EIP-712 domain.
+ * @param params.primaryType - The primary type name (e.g. `"Reencrypt"`).
+ * @param params.primaryTypeFields - The field definitions for the primary type.
+ * @param params.message - The message object to sign (must match `primaryTypeFields`).
+ * @param params.verifyingContract - Optional verifying contract address for the domain.
+ * @param params.domainName - Human-readable name for the EIP-712 domain.
+ * @param params.domainVersion - Version string for the EIP-712 domain.
+ * @returns A complete {@link EIP712} payload ready for signing.
+ * @throws If message keys do not match `primaryTypeFields` names.
+ */
 export declare function createEIP712Payload<PrimaryType extends string, Message extends object>({ chainId, primaryType, primaryTypeFields, message, verifyingContract, domainName, domainVersion, }: {
     chainId: bigint;
     primaryType: PrimaryType;

package/dist/esm/reencryption/eip712.js

@@ -20,12 +20,25 @@ const baseEIP712 = Schema.Struct({
         })),
     }),
 });
-// This function creates the payload that will be signed by the user. It is used to verify that the
-// user has access to the private key that corresponds to the ephemeral public key in the payload.
-// If the last argument is provided, it will be used as the contract address.
-//
-// The `message` argument must have the same keys as the all the `name` values
-// in the `primaryTypeFields` argument.
+/**
+ * Creates an EIP-712 typed data payload for user signing.
+ *
+ * Used to verify the user controls the private key corresponding to the ephemeral
+ * public key embedded in the payload. The `message` keys must exactly match the
+ * `name` values in `primaryTypeFields`.
+ *
+ * @typeParam PrimaryType - The EIP-712 primary type name.
+ * @typeParam Message - The shape of the message to sign.
+ * @param params.chainId - The chain ID for the EIP-712 domain.
+ * @param params.primaryType - The primary type name (e.g. `"Reencrypt"`).
+ * @param params.primaryTypeFields - The field definitions for the primary type.
+ * @param params.message - The message object to sign (must match `primaryTypeFields`).
+ * @param params.verifyingContract - Optional verifying contract address for the domain.
+ * @param params.domainName - Human-readable name for the EIP-712 domain.
+ * @param params.domainVersion - Version string for the EIP-712 domain.
+ * @returns A complete {@link EIP712} payload ready for signing.
+ * @throws If message keys do not match `primaryTypeFields` names.
+ */
 export function createEIP712Payload({ chainId, primaryType, primaryTypeFields, message, verifyingContract, domainName, domainVersion, }) {
     const types = {
         // This refers to the domain the contract is hosted on.
@@ -71,4 +84,4 @@ export function createEIP712Payload({ chainId, primaryType, primaryTypeFields, m
     };
     return msgParams;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZWlwNzEyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JlZW5jcnlwdGlvbi9laXA3MTIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLFFBQVEsQ0FBQztBQUVoQyxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sY0FBYyxDQUFDO0FBRXpDLHlFQUF5RTtBQUN6RSwrQ0FBK0M7QUFDL0MsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQztJQUMvQixNQUFNLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQztRQUNwQixPQUFPLEVBQUUsTUFBTSxDQUFDLE1BQU07UUFDdEIsSUFBSSxFQUFFLE1BQU0sQ0FBQyxNQUFNO1FBQ25CLE9BQU8sRUFBRSxNQUFNLENBQUMsTUFBTTtRQUN0QixpQkFBaUIsRUFBRSxNQUFNLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQztRQUM3QywyRUFBMkU7UUFDM0Usc0JBQXNCO0tBQ3ZCLENBQUM7SUFDRixXQUFXLEVBQUUsTUFBTSxDQUFDLE1BQU07SUFDMUIsS0FBSyxFQUFFLE1BQU0sQ0FBQyxNQUFNLENBQUM7UUFDbkIsR0FBRyxFQUFFLE1BQU0sQ0FBQyxNQUFNO1FBQ2xCLEtBQUssRUFBRSxNQUFNLENBQUMsS0FBSyxDQUNqQixNQUFNLENBQUMsTUFBTSxDQUFDO1lBQ1osSUFBSSxFQUFFLE1BQU0sQ0FBQyxNQUFNO1lBQ25CLElBQUksRUFBRSxNQUFNLENBQUMsTUFBTTtTQUNwQixDQUFDLENBQ0g7S0FDRixDQUFDO0NBQ0gsQ0FBQyxDQUFDO0FBU0gsbUdBQW1HO0FBQ25HLGtHQUFrRztBQUNsRyw2RUFBNkU7QUFDN0UsRUFBRTtBQUNGLDhFQUE4RTtBQUM5RSx1Q0FBdUM7QUFDdkMsTUFBTSxVQUFVLG1CQUFtQixDQUdqQyxFQUNBLE9BQU8sRUFDUCxXQUFXLEVBQ1gsaUJBQWlCLEVBQ2pCLE9BQU8sRUFDUCxpQkFBaUIsRUFDakIsVUFBVSxFQUNWLGFBQWEsR0FTZDtJQUNDLE1BQU0sS0FBSyxHQUFHO1FBQ1osdURBQXVEO1FBQ3ZELFlBQVksRUFBRTtZQUNaLEVBQUUsSUFBSSxFQUFFLE1BQU0sRUFBRSxJQUFJLEVBQUUsUUFBUSxFQUFFO1lBQ2hDLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxJQUFJLEVBQUUsUUFBUSxFQUFFO1lBQ25DLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFO1NBQ3JDO1FBQ0Qsd0JBQXdCO1FBQ3hCLENBQUMsV0FBVyxDQUFDLEVBQUUsaUJBQWlCO0tBQ2pDLENBQUM7SUFFRixJQUFJLGlCQUFpQixFQUFFLENBQUM7UUFDdEIsS0FBSyxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsRUFBRSxJQUFJLEVBQUUsbUJBQW1CLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUM7SUFDMUUsQ0FBQztJQUVELHFFQUFxRTtJQUNyRSxNQUFNLFdBQVcsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQ3pDLE1BQU0scUJBQXFCLEdBQUcsaUJBQWlCLENBQUMsR0FBRyxDQUFDLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDM0UsSUFBSSxXQUFXLENBQUMsTUFBTSxLQUFLLHFCQUFxQixDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ3hELE1BQU0sSUFBSSxLQUFLLENBQUMsa0RBQWtELENBQUMsQ0FBQztJQUN0RSxDQUFDO0lBQ0QsS0FBSyxNQUFNLEdBQUcsSUFBSSxXQUFXLEVBQUUsQ0FBQztRQUM5QixJQUFJLENBQUMscUJBQXFCLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDekMsTUFBTSxJQUFJLEtBQUssQ0FDYixlQUFlLEdBQUcsdUNBQXVDLENBQzFELENBQUM7UUFDSixDQUFDO0lBQ0gsQ0FBQztJQUVELE1BQU0sU0FBUyxHQUFHO1FBQ2hCLEtBQUs7UUFDTCw2RkFBNkY7UUFDN0YsZ0dBQWdHO1FBQ2hHLHNCQUFzQjtRQUN0Qix5REFBeUQ7UUFDekQsV0FBVztRQUNYLE1BQU0sRUFBRTtZQUNOLHlFQUF5RTtZQUN6RSxJQUFJLEVBQUUsVUFBVTtZQUNoQixzQ0FBc0M7WUFDdEMsT0FBTyxFQUFFLGFBQWE7WUFDdEIsbURBQW1EO1lBQ25ELE9BQU87WUFDUCxpQkFBaUI7U0FDbEI7UUFDRCxPQUFPO0tBQ1IsQ0FBQztJQUVGLE9BQU8sU0FBUyxDQUFDO0FBQ25CLENBQUMifQ==
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZWlwNzEyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3JlZW5jcnlwdGlvbi9laXA3MTIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLFFBQVEsQ0FBQztBQUVoQyxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sY0FBYyxDQUFDO0FBRXpDLHlFQUF5RTtBQUN6RSwrQ0FBK0M7QUFDL0MsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQztJQUMvQixNQUFNLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQztRQUNwQixPQUFPLEVBQUUsTUFBTSxDQUFDLE1BQU07UUFDdEIsSUFBSSxFQUFFLE1BQU0sQ0FBQyxNQUFNO1FBQ25CLE9BQU8sRUFBRSxNQUFNLENBQUMsTUFBTTtRQUN0QixpQkFBaUIsRUFBRSxNQUFNLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQztRQUM3QywyRUFBMkU7UUFDM0Usc0JBQXNCO0tBQ3ZCLENBQUM7SUFDRixXQUFXLEVBQUUsTUFBTSxDQUFDLE1BQU07SUFDMUIsS0FBSyxFQUFFLE1BQU0sQ0FBQyxNQUFNLENBQUM7UUFDbkIsR0FBRyxFQUFFLE1BQU0sQ0FBQyxNQUFNO1FBQ2xCLEtBQUssRUFBRSxNQUFNLENBQUMsS0FBSyxDQUNqQixNQUFNLENBQUMsTUFBTSxDQUFDO1lBQ1osSUFBSSxFQUFFLE1BQU0sQ0FBQyxNQUFNO1lBQ25CLElBQUksRUFBRSxNQUFNLENBQUMsTUFBTTtTQUNwQixDQUFDLENBQ0g7S0FDRixDQUFDO0NBQ0gsQ0FBQyxDQUFDO0FBZ0JIOzs7Ozs7Ozs7Ozs7Ozs7Ozs7R0FrQkc7QUFDSCxNQUFNLFVBQVUsbUJBQW1CLENBR2pDLEVBQ0EsT0FBTyxFQUNQLFdBQVcsRUFDWCxpQkFBaUIsRUFDakIsT0FBTyxFQUNQLGlCQUFpQixFQUNqQixVQUFVLEVBQ1YsYUFBYSxHQVNkO0lBQ0MsTUFBTSxLQUFLLEdBQUc7UUFDWix1REFBdUQ7UUFDdkQsWUFBWSxFQUFFO1lBQ1osRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxRQUFRLEVBQUU7WUFDaEMsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxRQUFRLEVBQUU7WUFDbkMsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUU7U0FDckM7UUFDRCx3QkFBd0I7UUFDeEIsQ0FBQyxXQUFXLENBQUMsRUFBRSxpQkFBaUI7S0FDakMsQ0FBQztJQUVGLElBQUksaUJBQWlCLEVBQUUsQ0FBQztRQUN0QixLQUFLLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxFQUFFLElBQUksRUFBRSxtQkFBbUIsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQztJQUMxRSxDQUFDO0lBRUQscUVBQXFFO0lBQ3JFLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDekMsTUFBTSxxQkFBcUIsR0FBRyxpQkFBaUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUMzRSxJQUFJLFdBQVcsQ0FBQyxNQUFNLEtBQUsscUJBQXFCLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDeEQsTUFBTSxJQUFJLEtBQUssQ0FBQyxrREFBa0QsQ0FBQyxDQUFDO0lBQ3RFLENBQUM7SUFDRCxLQUFLLE1BQU0sR0FBRyxJQUFJLFdBQVcsRUFBRSxDQUFDO1FBQzlCLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN6QyxNQUFNLElBQUksS0FBSyxDQUNiLGVBQWUsR0FBRyx1Q0FBdUMsQ0FDMUQsQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxTQUFTLEdBQUc7UUFDaEIsS0FBSztRQUNMLDZGQUE2RjtRQUM3RixnR0FBZ0c7UUFDaEcsc0JBQXNCO1FBQ3RCLHlEQUF5RDtRQUN6RCxXQUFXO1FBQ1gsTUFBTSxFQUFFO1lBQ04seUVBQXlFO1lBQ3pFLElBQUksRUFBRSxVQUFVO1lBQ2hCLHNDQUFzQztZQUN0QyxPQUFPLEVBQUUsYUFBYTtZQUN0QixtREFBbUQ7WUFDbkQsT0FBTztZQUNQLGlCQUFpQjtTQUNsQjtRQUNELE9BQU87S0FDUixDQUFDO0lBRUYsT0FBTyxTQUFTLENBQUM7QUFDbkIsQ0FBQyJ9

package/dist/esm/reencryption/types.d.ts

@@ -4,18 +4,42 @@ import { CiphertextOf, EncryptionScheme, PlaintextOf, SupportedFheType } from '.
 import { Handle } from '../handle.js';
 import type { XwingKeypair } from '../lite/xwing.js';
 import type { BackoffConfig } from '../retry.js';
+/**
+ * The core reencryption function type. Takes a handle (and optional ciphertext) and returns
+ * the decrypted plaintext. Supports retry configuration for handles that are not yet available.
+ *
+ * @typeParam S - The encryption scheme (e.g. X-Wing).
+ */
 export type Reencryptor<S extends EncryptionScheme> = <T extends SupportedFheType>(args: ReencryptFnArgs<S, T>, backoffConfig?: Partial<BackoffConfig>) => Promise<PlaintextOf<S, T>>;
+/** Arguments required to construct a {@link Reencryptor}. */
 export interface ReencryptorArgs {
     chainId: bigint;
 }
+/**
+ * Arguments for a single reencryption call.
+ *
+ * @typeParam S - The encryption scheme.
+ * @typeParam T - The ENCRYPTION type of the ciphertext.
+ */
 export type ReencryptFnArgs<S extends EncryptionScheme, T extends SupportedFheType> = {
     handle: Handle;
+    /**
+     * Optional ciphertext hint. If provided, the reencrypt endpoint may use it directly
+     * instead of fetching from the covalidators.
+     */
     ciphertext?: CiphertextOf<S, T>;
 };
+/** Union of supported ephemeral keypair types for reencryption (currently X-Wing only). */
 export type SupportedEphemeralKeypairs = XwingKeypair;
+/** An object whose public key can be serialized to a `Uint8Array`. */
 export interface PubKeyEncodable {
     encodePublicKey(): Uint8Array;
 }
+/**
+ * A reencryption request to be sent to a reencrypt endpoint.
+ *
+ * @typeParam EKP - The type of ephemeral keypair used for the reencryption session.
+ */
 export interface ReencryptEndpointRequest<EKP extends SupportedEphemeralKeypairs> {
     userAddress: Address;
     handle: Handle;

package/dist/esm/retry.d.ts

@@ -7,6 +7,20 @@ export type BackoffConfig = {
     backoffFactor: number;
     errHandler?: (error: Error, attempt: number) => 'stop' | 'continue';
 };
+/**
+ * Checks if an error is safe to retry.
+ * Only transient errors matching the allowlist should return true.
+ * All other errors fail fast to avoid masking security-critical failures.
+ *
+ * @param error - The error to check
+ * @returns true if the error is transient and safe to retry, false otherwise
+ */
+export declare function isRetryableError(error: Error): boolean;
+/**
+ * Default error handler that only retries known transient errors.
+ * Security-critical errors will fail fast.
+ */
+export declare function defaultRetryErrorHandler(error: Error): 'stop' | 'continue';
 /**
  * Helper function to implement exponential backoff retry logic.
  * @param fn - The function to retry

package/dist/esm/retry.js

@@ -1,3 +1,57 @@
+/**
+ * Allowlist of transient error patterns that are safe to retry.
+ * Each pattern includes a substring to match (case-insensitive) and a description.
+ *
+ * SECURITY: Only add patterns here for genuinely transient errors.
+ * Do NOT add patterns that could mask security-critical errors like:
+ * - Authentication failures
+ * - Permission denied
+ * - Signature validation errors
+ * - Invalid input/format errors
+ */
+const RETRYABLE_ERROR_PATTERNS = [
+    // Explicit retry suggestions from the server
+    {
+        pattern: 'try again later',
+        description: 'Server explicitly suggests retry',
+    },
+    // Network/connectivity issues
+    { pattern: 'timeout', description: 'Request timeout' },
+    { pattern: 'etimedout', description: 'Connection timeout' },
+    { pattern: 'econnreset', description: 'Connection reset' },
+    { pattern: 'econnrefused', description: 'Connection refused' },
+    // Service availability
+    { pattern: '503', description: 'Service unavailable (503)' },
+    { pattern: 'service unavailable', description: 'Service unavailable' },
+    // Data propagation delays (eventual consistency)
+    {
+        pattern: 'ciphertext too short',
+        description: 'Ciphertext not yet propagated to covalidator',
+    },
+];
+/**
+ * Checks if an error is safe to retry.
+ * Only transient errors matching the allowlist should return true.
+ * All other errors fail fast to avoid masking security-critical failures.
+ *
+ * @param error - The error to check
+ * @returns true if the error is transient and safe to retry, false otherwise
+ */
+export function isRetryableError(error) {
+    const message = error.message?.toLowerCase() ?? '';
+    return RETRYABLE_ERROR_PATTERNS.some(({ pattern }) => message.includes(pattern));
+}
+/**
+ * Default error handler that only retries known transient errors.
+ * Security-critical errors will fail fast.
+ */
+export function defaultRetryErrorHandler(error) {
+    if (isRetryableError(error)) {
+        console.warn(`Retrying after transient error: ${error.message}`);
+        return 'continue';
+    }
+    return 'stop';
+}
 /**
  * Helper function to implement exponential backoff retry logic.
  * @param fn - The function to retry
@@ -6,7 +60,7 @@
  */
 export async function retryWithBackoff(fn, { 
 // These default values will make it return an error after ~10s if the fn response is fast.
-maxRetries = 5, baseDelayInMs = 1000, backoffFactor = 1.5, errHandler = () => 'continue', } = {}) {
+maxRetries = 5, baseDelayInMs = 1000, backoffFactor = 1.5, errHandler = defaultRetryErrorHandler, } = {}) {
     let lastError;
     for (let attempt = 0; attempt < maxRetries; attempt++) {
         try {
@@ -25,4 +79,4 @@ maxRetries = 5, baseDelayInMs = 1000, backoffFactor = 1.5, errHandler = () => 'c
     }
     throw lastError;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmV0cnkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvcmV0cnkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBVUE7Ozs7O0dBS0c7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGdCQUFnQixDQUNwQyxFQUFvQixFQUNwQjtBQUNFLDJGQUEyRjtBQUMzRixVQUFVLEdBQUcsQ0FBQyxFQUNkLGFBQWEsR0FBRyxJQUFJLEVBQ3BCLGFBQWEsR0FBRyxHQUFHLEVBQ25CLFVBQVUsR0FBRyxHQUFHLEVBQUUsQ0FBQyxVQUFVLE1BQ0gsRUFBRTtJQUU5QixJQUFJLFNBQTRCLENBQUM7SUFFakMsS0FBSyxJQUFJLE9BQU8sR0FBRyxDQUFDLEVBQUUsT0FBTyxHQUFHLFVBQVUsRUFBRSxPQUFPLEVBQUUsRUFBRSxDQUFDO1FBQ3RELElBQUksQ0FBQztZQUNILE9BQU8sTUFBTSxFQUFFLEVBQUUsQ0FBQztRQUNwQixDQUFDO1FBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztZQUNmLFNBQVMsR0FBRyxLQUFjLENBQUM7WUFDM0IsSUFDRSxVQUFVLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxLQUFLLFVBQVU7Z0JBQzdDLE9BQU8sS0FBSyxVQUFVLEdBQUcsQ0FBQyxFQUMxQixDQUFDO2dCQUNELE1BQU07WUFDUixDQUFDO1lBQ0QsTUFBTSxLQUFLLEdBQUcsYUFBYSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsYUFBYSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQy9ELE1BQU0sTUFBTSxHQUFHLEtBQUssR0FBRyxDQUFDLEdBQUcsR0FBRyxJQUFJLENBQUMsTUFBTSxFQUFFLEdBQUcsR0FBRyxDQUFDLENBQUMsQ0FBQywwQ0FBMEM7WUFDOUYsTUFBTSxJQUFJLE9BQU8sQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBQzlELENBQUM7SUFDSCxDQUFDO0lBRUQsTUFBTSxTQUFTLENBQUM7QUFDbEIsQ0FBQyJ9
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmV0cnkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvcmV0cnkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBVUE7Ozs7Ozs7Ozs7R0FVRztBQUNILE1BQU0sd0JBQXdCLEdBR3pCO0lBQ0gsNkNBQTZDO0lBQzdDO1FBQ0UsT0FBTyxFQUFFLGlCQUFpQjtRQUMxQixXQUFXLEVBQUUsa0NBQWtDO0tBQ2hEO0lBRUQsOEJBQThCO0lBQzlCLEVBQUUsT0FBTyxFQUFFLFNBQVMsRUFBRSxXQUFXLEVBQUUsaUJBQWlCLEVBQUU7SUFDdEQsRUFBRSxPQUFPLEVBQUUsV0FBVyxFQUFFLFdBQVcsRUFBRSxvQkFBb0IsRUFBRTtJQUMzRCxFQUFFLE9BQU8sRUFBRSxZQUFZLEVBQUUsV0FBVyxFQUFFLGtCQUFrQixFQUFFO0lBQzFELEVBQUUsT0FBTyxFQUFFLGNBQWMsRUFBRSxXQUFXLEVBQUUsb0JBQW9CLEVBQUU7SUFFOUQsdUJBQXVCO0lBQ3ZCLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxXQUFXLEVBQUUsMkJBQTJCLEVBQUU7SUFDNUQsRUFBRSxPQUFPLEVBQUUscUJBQXFCLEVBQUUsV0FBVyxFQUFFLHFCQUFxQixFQUFFO0lBRXRFLGlEQUFpRDtJQUNqRDtRQUNFLE9BQU8sRUFBRSxzQkFBc0I7UUFDL0IsV0FBVyxFQUFFLDhDQUE4QztLQUM1RDtDQUNGLENBQUM7QUFFRjs7Ozs7OztHQU9HO0FBQ0gsTUFBTSxVQUFVLGdCQUFnQixDQUFDLEtBQVk7SUFDM0MsTUFBTSxPQUFPLEdBQUcsS0FBSyxDQUFDLE9BQU8sRUFBRSxXQUFXLEVBQUUsSUFBSSxFQUFFLENBQUM7SUFFbkQsT0FBTyx3QkFBd0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxFQUFFLE9BQU8sRUFBRSxFQUFFLEVBQUUsQ0FDbkQsT0FBTyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FDMUIsQ0FBQztBQUNKLENBQUM7QUFFRDs7O0dBR0c7QUFDSCxNQUFNLFVBQVUsd0JBQXdCLENBQUMsS0FBWTtJQUNuRCxJQUFJLGdCQUFnQixDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7UUFDNUIsT0FBTyxDQUFDLElBQUksQ0FBQyxtQ0FBbUMsS0FBSyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7UUFDakUsT0FBTyxVQUFVLENBQUM7SUFDcEIsQ0FBQztJQUNELE9BQU8sTUFBTSxDQUFDO0FBQ2hCLENBQUM7QUFFRDs7Ozs7R0FLRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsZ0JBQWdCLENBQ3BDLEVBQW9CLEVBQ3BCO0FBQ0UsMkZBQTJGO0FBQzNGLFVBQVUsR0FBRyxDQUFDLEVBQ2QsYUFBYSxHQUFHLElBQUksRUFDcEIsYUFBYSxHQUFHLEdBQUcsRUFDbkIsVUFBVSxHQUFHLHdCQUF3QixNQUNYLEVBQUU7SUFFOUIsSUFBSSxTQUE0QixDQUFDO0lBRWpDLEtBQUssSUFBSSxPQUFPLEdBQUcsQ0FBQyxFQUFFLE9BQU8sR0FBRyxVQUFVLEVBQUUsT0FBTyxFQUFFLEVBQUUsQ0FBQztRQUN0RCxJQUFJLENBQUM7WUFDSCxPQUFPLE1BQU0sRUFBRSxFQUFFLENBQUM7UUFDcEIsQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDZixTQUFTLEdBQUcsS0FBYyxDQUFDO1lBQzNCLElBQ0UsVUFBVSxDQUFDLFNBQVMsRUFBRSxPQUFPLENBQUMsS0FBSyxVQUFVO2dCQUM3QyxPQUFPLEtBQUssVUFBVSxHQUFHLENBQUMsRUFDMUIsQ0FBQztnQkFDRCxNQUFNO1lBQ1IsQ0FBQztZQUNELE1BQU0sS0FBSyxHQUFHLGFBQWEsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLGFBQWEsRUFBRSxPQUFPLENBQUMsQ0FBQztZQUMvRCxNQUFNLE1BQU0sR0FBRyxLQUFLLEdBQUcsQ0FBQyxHQUFHLEdBQUcsSUFBSSxDQUFDLE1BQU0sRUFBRSxHQUFHLEdBQUcsQ0FBQyxDQUFDLENBQUMsMENBQTBDO1lBQzlGLE1BQU0sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxPQUFPLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQztRQUM5RCxDQUFDO0lBQ0gsQ0FBQztJQUVELE1BQU0sU0FBUyxDQUFDO0FBQ2xCLENBQUMifQ==

package/dist/esm/test/mocks.d.ts

@@ -1,15 +1,20 @@
-import { Account, Chain, Transport, WalletClient } from 'viem';
+import { Account, Chain, PublicClient, Transport, WalletClient } from 'viem';
 import { vi } from 'vitest';
 import { KmsClient } from '../kms/client.js';
 import { KmsQuorumClient } from '../kms/quorumClient.js';
 interface MinimalKmsClient {
     attestedCompute: ReturnType<typeof vi.fn>;
     attestedDecrypt: ReturnType<typeof vi.fn>;
+    attestedReveal: ReturnType<typeof vi.fn>;
+    eListAttestedDecrypt: ReturnType<typeof vi.fn>;
+    eListAttestedReveal: ReturnType<typeof vi.fn>;
     key: ReturnType<typeof vi.fn>;
     reencrypt: ReturnType<typeof vi.fn>;
 }
 export declare function createMockKmsClient(): MinimalKmsClient & KmsClient;
 export declare function createMockQuorumClient(): KmsQuorumClient;
 export declare function setupMockInQuorumClient(quorumClient: KmsQuorumClient, mockKmsClient: MinimalKmsClient & KmsClient): void;
+export declare function createMockPublicClient(): PublicClient<Transport, Chain>;
 export declare function createTestWalletClient(): WalletClient<Transport, Chain, Account>;
+export declare function createFallbackWalletClient(): WalletClient<Transport, Chain, Account>;
 export {};