@inco/lightning-js 0.0.0-bootstrap.0

package/dist/esm/attestedcompute/attested-compute.js

@@ -0,0 +1,76 @@
+import { create } from '@bufbuild/protobuf';
+import { bytesToHex, hexToBytes } from 'viem';
+import { decryptEncryptedAttestations, validateHandle, } from '../attesteddecrypt/attested-decrypt.js';
+import { bigintToBytes32 } from '../binary.js';
+import { fetchEip712DomainVersion } from '../eip712/eip712.js';
+import { AttestedComputeRequestSchema, } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
+import { reencryptPublicKeysMatch } from '../lite/xwing.js';
+import { createEIP712Payload } from '../reencryption/eip712.js';
+import { AttestedComputeError } from './types.js';
+export const ATTESTED_COMPUTE_DOMAIN_NAME = 'IncoAttestedCompute';
+export async function attestedCompute({ executorAddress, lhsHandle, op, rhsPlaintext, backoffConfig, walletClient, kmsQuorumClient, chainId, reencryptPubKey, reencryptKeypair, }) {
+    try {
+        validateHandle(lhsHandle);
+        if (reencryptPubKey &&
+            reencryptKeypair &&
+            !reencryptPublicKeysMatch(reencryptPubKey, reencryptKeypair)) {
+            throw new AttestedComputeError('reencryptPubKey does not match reencryptKeypair public key');
+        }
+        const rhsPlaintextBig = typeof rhsPlaintext === 'boolean'
+            ? rhsPlaintext
+                ? 1n
+                : 0n
+            : BigInt(rhsPlaintext);
+        const eip712DomainVersion = await fetchEip712DomainVersion(executorAddress, walletClient);
+        // Create the EIP712 payload for the handles to decrypt
+        const eip712Payload = createEIP712Payload({
+            chainId: BigInt(chainId),
+            primaryType: 'AttestedComputeRequest',
+            primaryTypeFields: [
+                { name: 'op', type: 'uint8' },
+                { name: 'lhsHandle', type: 'bytes32' },
+                { name: 'rhsPlaintext', type: 'bytes32' },
+                { name: 'publicKey', type: 'bytes' },
+            ],
+            message: {
+                op: op,
+                lhsHandle: lhsHandle,
+                rhsPlaintext: bigintToBytes32(rhsPlaintextBig),
+                publicKey: bytesToHex(reencryptPubKey ? reencryptPubKey : new Uint8Array()),
+            },
+            domainName: ATTESTED_COMPUTE_DOMAIN_NAME,
+            domainVersion: eip712DomainVersion,
+        });
+        // Sign the EIP712 message
+        const eip712Signature = await walletClient.signTypedData(eip712Payload);
+        const attestedComputeRequest = create(AttestedComputeRequestSchema, {
+            userAddress: walletClient.account.address,
+            reencryptPubKey: reencryptPubKey ? reencryptPubKey : new Uint8Array(),
+            op: op,
+            lhsHandle: lhsHandle,
+            rhsPlaintext: rhsPlaintextBig.toString(16),
+            eip712Signature: hexToBytes(eip712Signature),
+            aclProof: {
+                proof: {
+                    case: 'incoLiteBasicAclProof',
+                    value: {},
+                },
+            },
+        });
+        // Envelope signatures are verified against the on-chain authorized signer set
+        let decryptionAttestation = await kmsQuorumClient.attestedCompute(attestedComputeRequest, executorAddress, walletClient, backoffConfig, reencryptKeypair);
+        // Decrypt encrypted attestations and verify inner DecryptionAttestation signatures
+        if (reencryptPubKey && reencryptKeypair) {
+            const [decryptedAttestation] = await decryptEncryptedAttestations([decryptionAttestation], reencryptKeypair);
+            return decryptedAttestation;
+        }
+        return decryptionAttestation;
+    }
+    catch (error) {
+        if (error instanceof AttestedComputeError) {
+            throw error;
+        }
+        throw new AttestedComputeError('Failed to perform attested compute', error);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXR0ZXN0ZWQtY29tcHV0ZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9hdHRlc3RlZGNvbXB1dGUvYXR0ZXN0ZWQtY29tcHV0ZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sb0JBQW9CLENBQUM7QUFFNUMsT0FBTyxFQUFFLFVBQVUsRUFBRSxVQUFVLEVBQUUsTUFBTSxNQUFNLENBQUM7QUFDOUMsT0FBTyxFQUNMLDRCQUE0QixFQUM1QixjQUFjLEdBQ2YsTUFBTSx3Q0FBd0MsQ0FBQztBQUtoRCxPQUFPLEVBQUUsZUFBZSxFQUFhLE1BQU0sY0FBYyxDQUFDO0FBRTFELE9BQU8sRUFBRSx3QkFBd0IsRUFBRSxNQUFNLHFCQUFxQixDQUFDO0FBSy9ELE9BQU8sRUFFTCw0QkFBNEIsR0FDN0IsTUFBTSxvREFBb0QsQ0FBQztBQUU1RCxPQUFPLEVBQUUsd0JBQXdCLEVBQXFCLE1BQU0sa0JBQWtCLENBQUM7QUFDL0UsT0FBTyxFQUFFLG1CQUFtQixFQUFFLE1BQU0sMkJBQTJCLENBQUM7QUFFaEUsT0FBTyxFQUFFLG9CQUFvQixFQUFxQixNQUFNLFlBQVksQ0FBQztBQUVyRSxNQUFNLENBQUMsTUFBTSw0QkFBNEIsR0FBRyxxQkFBcUIsQ0FBQztBQThGbEUsTUFBTSxDQUFDLEtBQUssVUFBVSxlQUFlLENBQTZCLEVBQ2hFLGVBQWUsRUFDZixTQUFTLEVBQ1QsRUFBRSxFQUNGLFlBQVksRUFDWixhQUFhLEVBQ2IsWUFBWSxFQUNaLGVBQWUsRUFDZixPQUFPLEVBQ1AsZUFBZSxFQUNmLGdCQUFnQixHQVlqQjtJQUlDLElBQUksQ0FBQztRQUNILGNBQWMsQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUUxQixJQUNFLGVBQWU7WUFDZixnQkFBZ0I7WUFDaEIsQ0FBQyx3QkFBd0IsQ0FBQyxlQUFlLEVBQUUsZ0JBQWdCLENBQUMsRUFDNUQsQ0FBQztZQUNELE1BQU0sSUFBSSxvQkFBb0IsQ0FDNUIsNERBQTRELENBQzdELENBQUM7UUFDSixDQUFDO1FBRUQsTUFBTSxlQUFlLEdBQ25CLE9BQU8sWUFBWSxLQUFLLFNBQVM7WUFDL0IsQ0FBQyxDQUFDLFlBQVk7Z0JBQ1osQ0FBQyxDQUFDLEVBQUU7Z0JBQ0osQ0FBQyxDQUFDLEVBQUU7WUFDTixDQUFDLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDO1FBRTNCLE1BQU0sbUJBQW1CLEdBQUcsTUFBTSx3QkFBd0IsQ0FDeEQsZUFBZSxFQUNmLFlBQVksQ0FDYixDQUFDO1FBRUYsdURBQXVEO1FBQ3ZELE1BQU0sYUFBYSxHQUFHLG1CQUFtQixDQUFDO1lBQ3hDLE9BQU8sRUFBRSxNQUFNLENBQUMsT0FBTyxDQUFDO1lBQ3hCLFdBQVcsRUFBRSx3QkFBd0I7WUFDckMsaUJBQWlCLEVBQUU7Z0JBQ2pCLEVBQUUsSUFBSSxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFO2dCQUM3QixFQUFFLElBQUksRUFBRSxXQUFXLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRTtnQkFDdEMsRUFBRSxJQUFJLEVBQUUsY0FBYyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUU7Z0JBQ3pDLEVBQUUsSUFBSSxFQUFFLFdBQVcsRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFO2FBQ3JDO1lBQ0QsT0FBTyxFQUFFO2dCQUNQLEVBQUUsRUFBRSxFQUFFO2dCQUNOLFNBQVMsRUFBRSxTQUFTO2dCQUNwQixZQUFZLEVBQUUsZUFBZSxDQUFDLGVBQWUsQ0FBQztnQkFDOUMsU0FBUyxFQUFFLFVBQVUsQ0FDbkIsZUFBZSxDQUFDLENBQUMsQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFDLElBQUksVUFBVSxFQUFFLENBQ3JEO2FBQ0Y7WUFDRCxVQUFVLEVBQUUsNEJBQTRCO1lBQ3hDLGFBQWEsRUFBRSxtQkFBbUI7U0FDbkMsQ0FBQyxDQUFDO1FBRUgsMEJBQTBCO1FBQzFCLE1BQU0sZUFBZSxHQUFHLE1BQU0sWUFBWSxDQUFDLGFBQWEsQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUV4RSxNQUFNLHNCQUFzQixHQUEyQixNQUFNLENBQzNELDRCQUE0QixFQUM1QjtZQUNFLFdBQVcsRUFBRSxZQUFZLENBQUMsT0FBTyxDQUFDLE9BQU87WUFDekMsZUFBZSxFQUFFLGVBQWUsQ0FBQyxDQUFDLENBQUMsZUFBZSxDQUFDLENBQUMsQ0FBQyxJQUFJLFVBQVUsRUFBRTtZQUNyRSxFQUFFLEVBQUUsRUFBRTtZQUNOLFNBQVMsRUFBRSxTQUFTO1lBQ3BCLFlBQVksRUFBRSxlQUFlLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztZQUMxQyxlQUFlLEVBQUUsVUFBVSxDQUFDLGVBQWUsQ0FBQztZQUM1QyxRQUFRLEVBQUU7Z0JBQ1IsS0FBSyxFQUFFO29CQUNMLElBQUksRUFBRSx1QkFBdUI7b0JBQzdCLEtBQUssRUFBRSxFQUFFO2lCQUNWO2FBQ0Y7U0FDRixDQUNGLENBQUM7UUFFRiw4RUFBOEU7UUFDOUUsSUFBSSxxQkFBcUIsR0FBRyxNQUFNLGVBQWUsQ0FBQyxlQUFlLENBQy9ELHNCQUFzQixFQUN0QixlQUFlLEVBQ2YsWUFBWSxFQUNaLGFBQWEsRUFDYixnQkFBZ0IsQ0FDakIsQ0FBQztRQUVGLG1GQUFtRjtRQUNuRixJQUFJLGVBQWUsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3hDLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxHQUFHLE1BQU0sNEJBQTRCLENBQy9ELENBQUMscUJBQXFCLENBQUMsRUFDdkIsZ0JBQWdCLENBQ2pCLENBQUM7WUFDRixPQUFPLG9CQUFrRSxDQUFDO1FBQzVFLENBQUM7UUFFRCxPQUFPLHFCQUVnRCxDQUFDO0lBQzFELENBQUM7SUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1FBQ2YsSUFBSSxLQUFLLFlBQVksb0JBQW9CLEVBQUUsQ0FBQztZQUMxQyxNQUFNLEtBQUssQ0FBQztRQUNkLENBQUM7UUFDRCxNQUFNLElBQUksb0JBQW9CLENBQUMsb0NBQW9DLEVBQUUsS0FBSyxDQUFDLENBQUM7SUFDOUUsQ0FBQztBQUNILENBQUMifQ==

package/dist/esm/attestedcompute/types.d.ts

@@ -0,0 +1,35 @@
+import type { DecryptionAttestation } from '../attesteddecrypt/types.js';
+import { HexString } from '../binary.js';
+import { EncryptionScheme, SupportedTeeType } from '../encryption/encryption.js';
+import { SupportedScalarBinaryOp } from '../generated/es/inco/kms/lite/v1/types_pb.js';
+import type { BackoffConfig } from '../retry.js';
+/**
+ * Supported attested compute operations.
+ */
+export declare const AttestedComputeSupportedOps: {
+    readonly Eq: SupportedScalarBinaryOp.TEE_EQ;
+    readonly Ne: SupportedScalarBinaryOp.TEE_NE;
+    readonly Ge: SupportedScalarBinaryOp.TEE_GE;
+    readonly Gt: SupportedScalarBinaryOp.TEE_GT;
+    readonly Le: SupportedScalarBinaryOp.TEE_LE;
+    readonly Lt: SupportedScalarBinaryOp.TEE_LT;
+};
+/**
+ * This type represents all the supported operations for attested compute.
+ */
+export type AttestedComputeOP = (typeof AttestedComputeSupportedOps)[keyof typeof AttestedComputeSupportedOps];
+/**
+ * Custom error class for attested compute operations.
+ */
+export declare class AttestedComputeError extends Error {
+    readonly cause?: unknown | undefined;
+    constructor(message: string, cause?: unknown | undefined);
+}
+export type AttestedCompute<S extends EncryptionScheme> = <T extends SupportedTeeType>(args: AttestedComputeFnArgs<S, T>) => Promise<DecryptionAttestation<S, T>>;
+export type AttestedComputeFnArgs<S extends EncryptionScheme, T extends SupportedTeeType> = {
+    /** The handle to compute on */
+    lhsHandle: HexString;
+    op: AttestedComputeOP;
+    rhsPlaintext: bigint | boolean;
+    backoffConfig?: Partial<BackoffConfig>;
+};

package/dist/esm/attestedcompute/types.js

@@ -0,0 +1,42 @@
+import { SupportedScalarBinaryOp } from '../generated/es/inco/kms/lite/v1/types_pb.js';
+/**
+ * Supported attested compute operations.
+ */
+export const AttestedComputeSupportedOps = {
+    /*
+    Add: SupportedScalarBinaryOp.TEE_ADD,
+    Sub: SupportedScalarBinaryOp.TEE_SUB,
+    Mul: SupportedScalarBinaryOp.TEE_MUL,
+    Div: SupportedScalarBinaryOp.TEE_DIV,
+    Rem: SupportedScalarBinaryOp.TEE_REM,
+    BitAnd: SupportedScalarBinaryOp.TEE_BIT_AND,
+    BitOr: SupportedScalarBinaryOp.TEE_BIT_OR,
+    BitXor: SupportedScalarBinaryOp.TEE_BIT_XOR,
+    Shl: SupportedScalarBinaryOp.TEE_SHL,
+    Shr: SupportedScalarBinaryOp.TEE_SHR,
+    Rotl: SupportedScalarBinaryOp.TEE_ROTL,
+    Rotr: SupportedScalarBinaryOp.TEE_ROTR,
+    */
+    Eq: SupportedScalarBinaryOp.TEE_EQ,
+    Ne: SupportedScalarBinaryOp.TEE_NE,
+    Ge: SupportedScalarBinaryOp.TEE_GE,
+    Gt: SupportedScalarBinaryOp.TEE_GT,
+    Le: SupportedScalarBinaryOp.TEE_LE,
+    Lt: SupportedScalarBinaryOp.TEE_LT,
+    /*
+    Min: SupportedScalarBinaryOp.TEE_MIN,
+    Max: SupportedScalarBinaryOp.TEE_MAX,
+    */
+};
+/**
+ * Custom error class for attested compute operations.
+ */
+export class AttestedComputeError extends Error {
+    cause;
+    constructor(message, cause) {
+        super(message);
+        this.cause = cause;
+        this.name = 'AttestedComputeError';
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXR0ZXN0ZWRjb21wdXRlL3R5cGVzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQU1BLE9BQU8sRUFBRSx1QkFBdUIsRUFBRSxNQUFNLDhDQUE4QyxDQUFDO0FBR3ZGOztHQUVHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sMkJBQTJCLEdBQUc7SUFDekM7Ozs7Ozs7Ozs7Ozs7TUFhRTtJQUNGLEVBQUUsRUFBRSx1QkFBdUIsQ0FBQyxNQUFNO0lBQ2xDLEVBQUUsRUFBRSx1QkFBdUIsQ0FBQyxNQUFNO0lBQ2xDLEVBQUUsRUFBRSx1QkFBdUIsQ0FBQyxNQUFNO0lBQ2xDLEVBQUUsRUFBRSx1QkFBdUIsQ0FBQyxNQUFNO0lBQ2xDLEVBQUUsRUFBRSx1QkFBdUIsQ0FBQyxNQUFNO0lBQ2xDLEVBQUUsRUFBRSx1QkFBdUIsQ0FBQyxNQUFNO0lBQ2xDOzs7TUFHRTtDQUNNLENBQUM7QUFRWDs7R0FFRztBQUNILE1BQU0sT0FBTyxvQkFBcUIsU0FBUSxLQUFLO0lBRzNCO0lBRmxCLFlBQ0UsT0FBZSxFQUNDLEtBQWU7UUFFL0IsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRkMsVUFBSyxHQUFMLEtBQUssQ0FBVTtRQUcvQixJQUFJLENBQUMsSUFBSSxHQUFHLHNCQUFzQixDQUFDO0lBQ3JDLENBQUM7Q0FDRiJ9

package/dist/esm/attesteddecrypt/attested-decrypt.d.ts

@@ -0,0 +1,61 @@
+import type { Account, Chain, Transport, WalletClient } from 'viem';
+import { type HexString } from '../binary.js';
+import { type SupportedChainId } from '../chain.js';
+import { EncryptionScheme, type SupportedTeeType } from '../encryption/encryption.js';
+import { type HandleWithProof } from '../generated/es/inco/kms/lite/v1/types_pb.js';
+import { validateHandle } from '../handle.js';
+import { KmsQuorumClient } from '../kms/quorumClient.js';
+import type { XwingKeypair } from '../lite/xwing.js';
+import type { BackoffConfig } from '../retry.js';
+import { type DecryptionAttestation, type EncryptedDecryptionAttestation } from './types.js';
+export { validateHandle };
+export declare const ATTESTED_DECRYPT_DOMAIN_NAME = "IncoAttestedDecrypt";
+/**
+ * Arguments for creating an attested decrypt request.
+ */
+export interface IncoLiteAttestedDecryptorArgs {
+    /** The wallet used to interact with the blockchain and sign the decrypt request */
+    walletClient: WalletClient<Transport, Chain, Account>;
+    /** The KMS quorum client instance */
+    kmsQuorumClient: KmsQuorumClient;
+    /** The chain ID to use */
+    chainId: SupportedChainId;
+}
+/**
+ * Decrypt multiple handles in a single attested request.
+ * Returns an array of attestations aligned with the response ordering.
+ *
+ * @param args - The arguments for creating the attested decrypt function
+ * @returns A function that can decrypt handles and return an attestation
+ * @throws {AttestedDecryptError} If the creation fails
+ */
+export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, reencryptPubKey, reencryptKeypair, kmsQuorumClient, executorAddress, }: {
+    handles: HexString[];
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    chainId: SupportedChainId;
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair: XwingKeypair;
+    kmsQuorumClient: KmsQuorumClient;
+    executorAddress: HexString;
+}): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedTeeType>>>;
+/**
+ * Decrypt multiple handles in a single attested request.
+ * Returns an array of attestations aligned with the response ordering.
+ *
+ * @param args - The arguments for creating the attested decrypt function
+ * @returns A function that can decrypt handles and return an attestation
+ * @throws {AttestedDecryptError} If the creation fails
+ */
+export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, reencryptPubKey, kmsQuorumClient, executorAddress, }: {
+    handles: HexString[];
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    chainId: SupportedChainId;
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair?: never;
+    kmsQuorumClient: KmsQuorumClient;
+    executorAddress: HexString;
+}): Promise<Array<EncryptedDecryptionAttestation<EncryptionScheme, SupportedTeeType>>>;
+export declare function buildHandlesWithProofs(handles: HexString[]): Array<HandleWithProof>;
+export declare function decryptEncryptedAttestations(attestations: Array<DecryptionAttestation<EncryptionScheme, SupportedTeeType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedTeeType>>, reencryptKeypair: XwingKeypair): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedTeeType>>>;

package/dist/esm/attesteddecrypt/attested-decrypt.js

@@ -0,0 +1,112 @@
+import { create } from '@bufbuild/protobuf';
+import { hexToBytes } from 'viem';
+import { bytesToBigInt } from '../binary.js';
+import { buildEip712Payload, signEip712 } from '../eip712/eip712.js';
+import { bigintToPlaintext, encryptionSchemes, } from '../encryption/encryption.js';
+import { AttestedDecryptRequestSchema, } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
+import { HandleWithProofSchema, } from '../generated/es/inco/kms/lite/v1/types_pb.js';
+import { getHandleType, validateHandle } from '../handle.js';
+import { decrypt, reencryptPublicKeysMatch } from '../lite/xwing.js';
+import { AttestedDecryptError, } from './types.js';
+export { validateHandle };
+export const ATTESTED_DECRYPT_DOMAIN_NAME = 'IncoAttestedDecrypt';
+/**
+ * Decrypt multiple handles in a single attested request.
+ * Returns an array of attestations aligned with the response ordering.
+ *
+ * @param args - The arguments for creating the attested decrypt function
+ * @returns A function that can decrypt handles and return an attestation
+ * @throws {AttestedDecryptError} If the creation fails
+ */
+export async function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, reencryptPubKey, reencryptKeypair, kmsQuorumClient, executorAddress, }) {
+    try {
+        handles.forEach(validateHandle);
+        if (!reencryptPubKey) {
+            throw new AttestedDecryptError('Reencrypt public key is required');
+        }
+        if (reencryptKeypair &&
+            !reencryptPublicKeysMatch(reencryptPubKey, reencryptKeypair)) {
+            throw new AttestedDecryptError('reencryptPubKey does not match reencryptKeypair public key');
+        }
+        const eip712Payload = await buildEip712Payload({
+            executorAddress,
+            ethClient: walletClient,
+            chainId,
+            handles,
+            reencryptPubKey,
+        });
+        const eip712SignatureHex = await signEip712(walletClient, eip712Payload);
+        const handlesWithProofs = buildHandlesWithProofs(handles);
+        const attestedDecryptRequest = buildAttestedDecryptRequest({
+            userAddress: walletClient.account.address,
+            handlesWithProofs,
+            eip712Signature: hexToBytes(eip712SignatureHex),
+            reencryptPubKey,
+        });
+        // Call quorum client which returns aggregated attestations directly
+        // The quorum client handles retry logic internally for each KMS client
+        // Envelope signatures are verified against the on-chain authorized signer set
+        const response = await kmsQuorumClient.attestedDecrypt(attestedDecryptRequest, executorAddress, walletClient, backoffConfig, reencryptKeypair);
+        // If reencryptPubKey is provided with a keypair, decrypt the encrypted attestations
+        // and verify the inner DecryptionAttestation signatures
+        if (reencryptPubKey !== undefined && reencryptKeypair) {
+            return decryptEncryptedAttestations(response, reencryptKeypair);
+        }
+        return response;
+    }
+    catch (error) {
+        if (error instanceof AttestedDecryptError) {
+            throw error;
+        }
+        throw new AttestedDecryptError('Failed to decrypt handles', error);
+    }
+}
+export function buildHandlesWithProofs(handles) {
+    return handles.map((handle) => {
+        return create(HandleWithProofSchema, {
+            handle: handle,
+            aclProof: {
+                proof: {
+                    case: 'incoLiteBasicAclProof',
+                    value: {},
+                },
+            },
+        });
+    });
+}
+function buildAttestedDecryptRequest(params) {
+    return create(AttestedDecryptRequestSchema, {
+        userAddress: params.userAddress,
+        handlesWithProofs: params.handlesWithProofs,
+        eip712Signature: params.eip712Signature,
+        reencryptPubKey: params.reencryptPubKey ?? new Uint8Array(),
+    });
+}
+export async function decryptEncryptedAttestations(attestations, reencryptKeypair) {
+    return Promise.all(attestations.map(async (att) => {
+        // If already a plaintext attestation, return as-is
+        if ('plaintext' in att && att.plaintext !== undefined) {
+            return att;
+        }
+        // Otherwise, decrypt the encrypted attestation
+        if ('encryptedPlaintext' in att && att.encryptedPlaintext !== undefined) {
+            const encryptedAtt = att;
+            const ct = hexToBytes(encryptedAtt.encryptedPlaintext.ciphertext.value);
+            const plaintextBytes = await decrypt(reencryptKeypair, ct);
+            const bigIntValue = bytesToBigInt(plaintextBytes);
+            const handleType = getHandleType(encryptedAtt.handle);
+            // Decrypt the encrypted signatures (which are signatures for the original plaintext)
+            // The covalidatorSignatures are for the reencryption struct, not the plaintext
+            const decryptedSignatures = await Promise.all(encryptedAtt.encryptedSignatures.map(async (encryptedSig) => {
+                return await decrypt(reencryptKeypair, encryptedSig);
+            }));
+            return {
+                handle: encryptedAtt.handle,
+                plaintext: bigintToPlaintext(encryptionSchemes.xwing, handleType, bigIntValue),
+                covalidatorSignatures: decryptedSignatures,
+            };
+        }
+        throw new AttestedDecryptError('Attestation is neither plaintext nor encrypted');
+    }));
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXR0ZXN0ZWQtZGVjcnlwdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9hdHRlc3RlZGRlY3J5cHQvYXR0ZXN0ZWQtZGVjcnlwdC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sb0JBQW9CLENBQUM7QUFFNUMsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLE1BQU0sQ0FBQztBQUNsQyxPQUFPLEVBQUUsYUFBYSxFQUFrQixNQUFNLGNBQWMsQ0FBQztBQUU3RCxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsVUFBVSxFQUFFLE1BQU0scUJBQXFCLENBQUM7QUFDckUsT0FBTyxFQUNMLGlCQUFpQixFQUVqQixpQkFBaUIsR0FFbEIsTUFBTSw2QkFBNkIsQ0FBQztBQUNyQyxPQUFPLEVBRUwsNEJBQTRCLEdBQzdCLE1BQU0sb0RBQW9ELENBQUM7QUFDNUQsT0FBTyxFQUVMLHFCQUFxQixHQUN0QixNQUFNLDhDQUE4QyxDQUFDO0FBQ3RELE9BQU8sRUFBRSxhQUFhLEVBQUUsY0FBYyxFQUFFLE1BQU0sY0FBYyxDQUFDO0FBRzdELE9BQU8sRUFBRSxPQUFPLEVBQUUsd0JBQXdCLEVBQUUsTUFBTSxrQkFBa0IsQ0FBQztBQUVyRSxPQUFPLEVBQ0wsb0JBQW9CLEdBR3JCLE1BQU0sWUFBWSxDQUFDO0FBQ3BCLE9BQU8sRUFBRSxjQUFjLEVBQUUsQ0FBQztBQUUxQixNQUFNLENBQUMsTUFBTSw0QkFBNEIsR0FBRyxxQkFBcUIsQ0FBQztBQXlFbEU7Ozs7Ozs7R0FPRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsZUFBZSxDQUFDLEVBQ3BDLE9BQU8sRUFDUCxhQUFhLEVBQ2IsWUFBWSxFQUNaLE9BQU8sRUFDUCxlQUFlLEVBQ2YsZ0JBQWdCLEVBQ2hCLGVBQWUsRUFDZixlQUFlLEdBVWhCO0lBTUMsSUFBSSxDQUFDO1FBQ0gsT0FBTyxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsQ0FBQztRQUVoQyxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7WUFDckIsTUFBTSxJQUFJLG9CQUFvQixDQUFDLGtDQUFrQyxDQUFDLENBQUM7UUFDckUsQ0FBQztRQUVELElBQ0UsZ0JBQWdCO1lBQ2hCLENBQUMsd0JBQXdCLENBQUMsZUFBZSxFQUFFLGdCQUFnQixDQUFDLEVBQzVELENBQUM7WUFDRCxNQUFNLElBQUksb0JBQW9CLENBQzVCLDREQUE0RCxDQUM3RCxDQUFDO1FBQ0osQ0FBQztRQUVELE1BQU0sYUFBYSxHQUFHLE1BQU0sa0JBQWtCLENBQUM7WUFDN0MsZUFBZTtZQUNmLFNBQVMsRUFBRSxZQUFZO1lBQ3ZCLE9BQU87WUFDUCxPQUFPO1lBQ1AsZUFBZTtTQUNoQixDQUFDLENBQUM7UUFFSCxNQUFNLGtCQUFrQixHQUFHLE1BQU0sVUFBVSxDQUFDLFlBQVksRUFBRSxhQUFhLENBQUMsQ0FBQztRQUV6RSxNQUFNLGlCQUFpQixHQUFHLHNCQUFzQixDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRTFELE1BQU0sc0JBQXNCLEdBQUcsMkJBQTJCLENBQUM7WUFDekQsV0FBVyxFQUFFLFlBQVksQ0FBQyxPQUFPLENBQUMsT0FBTztZQUN6QyxpQkFBaUI7WUFDakIsZUFBZSxFQUFFLFVBQVUsQ0FBQyxrQkFBa0IsQ0FBQztZQUMvQyxlQUFlO1NBQ2hCLENBQUMsQ0FBQztRQUVILG9FQUFvRTtRQUNwRSx1RUFBdUU7UUFDdkUsOEVBQThFO1FBQzlFLE1BQU0sUUFBUSxHQUFHLE1BQU0sZUFBZSxDQUFDLGVBQWUsQ0FDcEQsc0JBQXNCLEVBQ3RCLGVBQWUsRUFDZixZQUFZLEVBQ1osYUFBYSxFQUNiLGdCQUFnQixDQUNqQixDQUFDO1FBRUYsb0ZBQW9GO1FBQ3BGLHdEQUF3RDtRQUN4RCxJQUFJLGVBQWUsS0FBSyxTQUFTLElBQUksZ0JBQWdCLEVBQUUsQ0FBQztZQUN0RCxPQUFPLDRCQUE0QixDQUFDLFFBQVEsRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDO1FBQ2xFLENBQUM7UUFFRCxPQUFPLFFBQVEsQ0FBQztJQUNsQixDQUFDO0lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztRQUNmLElBQUksS0FBSyxZQUFZLG9CQUFvQixFQUFFLENBQUM7WUFDMUMsTUFBTSxLQUFLLENBQUM7UUFDZCxDQUFDO1FBQ0QsTUFBTSxJQUFJLG9CQUFvQixDQUFDLDJCQUEyQixFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQ3JFLENBQUM7QUFDSCxDQUFDO0FBRUQsTUFBTSxVQUFVLHNCQUFzQixDQUNwQyxPQUFvQjtJQUVwQixPQUFPLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRTtRQUM1QixPQUFPLE1BQU0sQ0FBQyxxQkFBcUIsRUFBRTtZQUNuQyxNQUFNLEVBQUUsTUFBTTtZQUNkLFFBQVEsRUFBRTtnQkFDUixLQUFLLEVBQUU7b0JBQ0wsSUFBSSxFQUFFLHVCQUF1QjtvQkFDN0IsS0FBSyxFQUFFLEVBQUU7aUJBQ1Y7YUFDRjtTQUNGLENBQUMsQ0FBQztJQUNMLENBQUMsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVELFNBQVMsMkJBQTJCLENBQUMsTUFLcEM7SUFDQyxPQUFPLE1BQU0sQ0FBQyw0QkFBNEIsRUFBRTtRQUMxQyxXQUFXLEVBQUUsTUFBTSxDQUFDLFdBQVc7UUFDL0IsaUJBQWlCLEVBQUUsTUFBTSxDQUFDLGlCQUFpQjtRQUMzQyxlQUFlLEVBQUUsTUFBTSxDQUFDLGVBQWU7UUFDdkMsZUFBZSxFQUFFLE1BQU0sQ0FBQyxlQUFlLElBQUksSUFBSSxVQUFVLEVBQUU7S0FDNUQsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVELE1BQU0sQ0FBQyxLQUFLLFVBQVUsNEJBQTRCLENBQ2hELFlBR0MsRUFDRCxnQkFBOEI7SUFFOUIsT0FBTyxPQUFPLENBQUMsR0FBRyxDQUNoQixZQUFZLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxHQUFHLEVBQUUsRUFBRTtRQUM3QixtREFBbUQ7UUFDbkQsSUFBSSxXQUFXLElBQUksR0FBRyxJQUFJLEdBQUcsQ0FBQyxTQUFTLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDdEQsT0FBTyxHQUFnRSxDQUFDO1FBQzFFLENBQUM7UUFFRCwrQ0FBK0M7UUFDL0MsSUFBSSxvQkFBb0IsSUFBSSxHQUFHLElBQUksR0FBRyxDQUFDLGtCQUFrQixLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ3hFLE1BQU0sWUFBWSxHQUFHLEdBR3BCLENBQUM7WUFDRixNQUFNLEVBQUUsR0FBRyxVQUFVLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUV4RSxNQUFNLGNBQWMsR0FBRyxNQUFNLE9BQU8sQ0FBQyxnQkFBZ0IsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUMzRCxNQUFNLFdBQVcsR0FBRyxhQUFhLENBQUMsY0FBYyxDQUFDLENBQUM7WUFDbEQsTUFBTSxVQUFVLEdBQUcsYUFBYSxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUV0RCxxRkFBcUY7WUFDckYsK0VBQStFO1lBQy9FLE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUMzQyxZQUFZLENBQUMsbUJBQW1CLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxZQUFZLEVBQUUsRUFBRTtnQkFDMUQsT0FBTyxNQUFNLE9BQU8sQ0FBQyxnQkFBZ0IsRUFBRSxZQUFZLENBQUMsQ0FBQztZQUN2RCxDQUFDLENBQUMsQ0FDSCxDQUFDO1lBRUYsT0FBTztnQkFDTCxNQUFNLEVBQUUsWUFBWSxDQUFDLE1BQU07Z0JBQzNCLFNBQVMsRUFBRSxpQkFBaUIsQ0FDMUIsaUJBQWlCLENBQUMsS0FBSyxFQUN2QixVQUE4QixFQUM5QixXQUFXLENBQ1o7Z0JBQ0QscUJBQXFCLEVBQUUsbUJBQW1CO2FBQ2tCLENBQUM7UUFDakUsQ0FBQztRQUVELE1BQU0sSUFBSSxvQkFBb0IsQ0FDNUIsZ0RBQWdELENBQ2pELENBQUM7SUFDSixDQUFDLENBQUMsQ0FDSCxDQUFDO0FBQ0osQ0FBQyJ9

package/dist/esm/attesteddecrypt/index.d.ts

@@ -0,0 +1 @@
+export * from './types.js';

package/dist/esm/attesteddecrypt/index.js

@@ -0,0 +1,2 @@
+export * from './types.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXR0ZXN0ZWRkZWNyeXB0L2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsWUFBWSxDQUFDIn0=

package/dist/esm/attesteddecrypt/types.d.ts

@@ -0,0 +1,27 @@
+import type { HexString } from '../binary.js';
+import type { EncryptionScheme, EncryptResultOf, PlaintextOf, SupportedTeeType } from '../encryption/encryption.js';
+import type { BackoffConfig } from '../retry.js';
+/**
+ * Custom error class for attested decrypt operations.
+ */
+export declare class AttestedDecryptError extends Error {
+    readonly cause?: unknown | undefined;
+    constructor(message: string, cause?: unknown | undefined);
+}
+export type DecryptionAttestation<S extends EncryptionScheme, T extends SupportedTeeType> = {
+    handle: HexString;
+    plaintext: PlaintextOf<S, T>;
+    covalidatorSignatures: Uint8Array[];
+};
+export type EncryptedDecryptionAttestation<S extends EncryptionScheme, T extends SupportedTeeType> = {
+    handle: HexString;
+    encryptedPlaintext: EncryptResultOf<S, T>;
+    encryptedSignatures: Uint8Array[];
+    covalidatorSignatures: Uint8Array[];
+};
+export type AttestedDecryptor<S extends EncryptionScheme> = <T extends SupportedTeeType>(args: AttestedDecryptFnArgs<S, T>) => Promise<DecryptionAttestation<S, T>>;
+export type AttestedDecryptFnArgs<S extends EncryptionScheme, T extends SupportedTeeType> = {
+    /** The handle to decrypt */
+    handle: HexString;
+    backoffConfig?: Partial<BackoffConfig>;
+};

package/dist/esm/attesteddecrypt/types.js

@@ -0,0 +1,12 @@
+/**
+ * Custom error class for attested decrypt operations.
+ */
+export class AttestedDecryptError extends Error {
+    cause;
+    constructor(message, cause) {
+        super(message);
+        this.cause = cause;
+        this.name = 'AttestedDecryptError';
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXR0ZXN0ZWRkZWNyeXB0L3R5cGVzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQVNBOztHQUVHO0FBQ0gsTUFBTSxPQUFPLG9CQUFxQixTQUFRLEtBQUs7SUFHM0I7SUFGbEIsWUFDRSxPQUFlLEVBQ0MsS0FBZTtRQUUvQixLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7UUFGQyxVQUFLLEdBQUwsS0FBSyxDQUFVO1FBRy9CLElBQUksQ0FBQyxJQUFJLEdBQUcsc0JBQXNCLENBQUM7SUFDckMsQ0FBQztDQUNGIn0=

package/dist/esm/attestedreveal/attested-reveal.d.ts

@@ -0,0 +1,21 @@
+import type { Chain, PublicClient, Transport } from 'viem';
+import type { DecryptionAttestation } from '../attesteddecrypt/types.js';
+import type { HexString } from '../binary.js';
+import type { EncryptionScheme, SupportedTeeType } from '../encryption/encryption.js';
+import type { KmsQuorumClient } from '../kms/quorumClient.js';
+import type { BackoffConfig } from '../retry.js';
+/**
+ * Reveal multiple handles in a single attested request without wallet authentication.
+ * Returns an array of plaintext attestations aligned with the response ordering.
+ *
+ * @param args - The arguments for the attested reveal request
+ * @returns An array of decryption attestations
+ * @throws {AttestedRevealError} If the reveal fails
+ */
+export declare function attestedReveal({ handles, kmsQuorumClient, executorAddress, publicClient, backoffConfig, }: {
+    handles: HexString[];
+    kmsQuorumClient: KmsQuorumClient;
+    executorAddress: HexString;
+    publicClient: PublicClient<Transport, Chain>;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+}): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedTeeType>>>;

package/dist/esm/attestedreveal/attested-reveal.js

@@ -0,0 +1,28 @@
+import { create } from '@bufbuild/protobuf';
+import { AttestedRevealRequestSchema } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
+import { validateHandle } from '../handle.js';
+import { AttestedRevealError } from './types.js';
+/**
+ * Reveal multiple handles in a single attested request without wallet authentication.
+ * Returns an array of plaintext attestations aligned with the response ordering.
+ *
+ * @param args - The arguments for the attested reveal request
+ * @returns An array of decryption attestations
+ * @throws {AttestedRevealError} If the reveal fails
+ */
+export async function attestedReveal({ handles, kmsQuorumClient, executorAddress, publicClient, backoffConfig, }) {
+    try {
+        handles.forEach(validateHandle);
+        const attestedRevealRequest = create(AttestedRevealRequestSchema, {
+            handles,
+        });
+        return (await kmsQuorumClient.attestedReveal(attestedRevealRequest, executorAddress, publicClient, backoffConfig));
+    }
+    catch (error) {
+        if (error instanceof AttestedRevealError) {
+            throw error;
+        }
+        throw new AttestedRevealError('Failed to reveal handles', error);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXR0ZXN0ZWQtcmV2ZWFsLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2F0dGVzdGVkcmV2ZWFsL2F0dGVzdGVkLXJldmVhbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sb0JBQW9CLENBQUM7QUFRNUMsT0FBTyxFQUFFLDJCQUEyQixFQUFFLE1BQU0sb0RBQW9ELENBQUM7QUFDakcsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUc5QyxPQUFPLEVBQUUsbUJBQW1CLEVBQUUsTUFBTSxZQUFZLENBQUM7QUFFakQ7Ozs7Ozs7R0FPRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsY0FBYyxDQUFDLEVBQ25DLE9BQU8sRUFDUCxlQUFlLEVBQ2YsZUFBZSxFQUNmLFlBQVksRUFDWixhQUFhLEdBT2Q7SUFDQyxJQUFJLENBQUM7UUFDSCxPQUFPLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBRWhDLE1BQU0scUJBQXFCLEdBQUcsTUFBTSxDQUFDLDJCQUEyQixFQUFFO1lBQ2hFLE9BQU87U0FDUixDQUFDLENBQUM7UUFFSCxPQUFPLENBQUMsTUFBTSxlQUFlLENBQUMsY0FBYyxDQUMxQyxxQkFBcUIsRUFDckIsZUFBZSxFQUNmLFlBQVksRUFDWixhQUFhLENBQ2QsQ0FBcUUsQ0FBQztJQUN6RSxDQUFDO0lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztRQUNmLElBQUksS0FBSyxZQUFZLG1CQUFtQixFQUFFLENBQUM7WUFDekMsTUFBTSxLQUFLLENBQUM7UUFDZCxDQUFDO1FBQ0QsTUFBTSxJQUFJLG1CQUFtQixDQUFDLDBCQUEwQixFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQ25FLENBQUM7QUFDSCxDQUFDIn0=

package/dist/esm/attestedreveal/index.d.ts

@@ -0,0 +1,2 @@
+export { attestedReveal } from './attested-reveal.js';
+export * from './types.js';

package/dist/esm/attestedreveal/index.js

@@ -0,0 +1,3 @@
+export { attestedReveal } from './attested-reveal.js';
+export * from './types.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXR0ZXN0ZWRyZXZlYWwvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ3RELGNBQWMsWUFBWSxDQUFDIn0=

package/dist/esm/attestedreveal/types.d.ts

@@ -0,0 +1,4 @@
+export declare class AttestedRevealError extends Error {
+    readonly cause?: unknown | undefined;
+    constructor(message: string, cause?: unknown | undefined);
+}

package/dist/esm/attestedreveal/types.js

@@ -0,0 +1,9 @@
+export class AttestedRevealError extends Error {
+    cause;
+    constructor(message, cause) {
+        super(message);
+        this.cause = cause;
+        this.name = 'AttestedRevealError';
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYXR0ZXN0ZWRyZXZlYWwvdHlwZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsTUFBTSxPQUFPLG1CQUFvQixTQUFRLEtBQUs7SUFHMUI7SUFGbEIsWUFDRSxPQUFlLEVBQ0MsS0FBZTtRQUUvQixLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7UUFGQyxVQUFLLEdBQUwsS0FBSyxDQUFVO1FBRy9CLElBQUksQ0FBQyxJQUFJLEdBQUcscUJBQXFCLENBQUM7SUFDcEMsQ0FBQztDQUNGIn0=

package/dist/esm/binary.d.ts

@@ -0,0 +1,104 @@
+import { Schema } from 'effect';
+import { Hex } from 'viem';
+/** Schema for a `0x`-prefixed hex string. */
+export declare const HexString: Schema.TemplateLiteral<`0x${string}`>;
+/** A `0x`-prefixed hex-encoded string (e.g. `"0xdeadbeef"`). */
+export type HexString = typeof HexString.Type;
+/** A value that can represent raw bytes — either a hex string or a `Uint8Array`. */
+export type BytesIsh = string | Uint8Array;
+/**
+ * Converts a `Uint8Array` to a `bigint`. Returns `0n` for empty arrays.
+ * @param byteArray - The byte array to convert.
+ * @returns The unsigned big-endian integer representation of the bytes.
+ */
+export declare function bytesToBigInt(byteArray: Uint8Array): bigint;
+/**
+ * Converts a `Buffer` to a `bigint`.
+ * @param buffer - The buffer to convert.
+ * @returns The unsigned big-endian integer representation of the buffer.
+ */
+export declare function bufferToBigInt(buffer: Buffer): bigint;
+/**
+ * Converts a `bigint` to a 32-byte `Buffer`, zero-padded on the left.
+ * @param value - The bigint to convert.
+ * @returns A 32-byte big-endian buffer.
+ * @throws If the bigint is negative or too large to fit in 32 bytes.
+ */
+export declare function bigintToBytes(value: bigint): Buffer;
+/**
+ * Converts a `bigint` to a {@link Bytes32} hex string, left-padded to 32 bytes.
+ * @param value - The bigint to convert.
+ * @returns A `Bytes32` hex string.
+ * @throws If the bigint is negative or too large to fit in 32 bytes.
+ */
+export declare function bigintToBytes32(value: bigint): Bytes32;
+/**
+ * Left-pads a byte array with zeros to the specified length.
+ * @param bs - The byte array to pad.
+ * @param n - The desired total length in bytes.
+ * @returns A new `Buffer` of length `n` with `bs` right-aligned.
+ * @throws If `bs` is longer than `n` (would require truncation).
+ */
+export declare function padLeft(bs: Uint8Array, n: number): Buffer;
+/**
+ * Parses a {@link BytesIsh} value as a 32-byte value and converts it to a `bigint`.
+ * @param bs - A hex string or `Uint8Array` representing exactly 32 bytes.
+ * @returns The `bigint` representation of the 32-byte value.
+ * @throws If the input is not exactly 32 bytes.
+ */
+export declare function bytes32ToBigint(bs: BytesIsh): bigint;
+/**
+ * Decodes a hex string into a `Buffer`. Handles both `0x`-prefixed and bare hex strings.
+ * @param hexString - The hex string to decode.
+ * @returns A `Buffer` containing the decoded bytes.
+ */
+export declare function bytesFromHexString(hexString: string): Buffer;
+/**
+ * Asserts that a string is a valid `0x`-prefixed hex string and narrows its type to `Hex`.
+ * @param value - The string to validate.
+ * @returns The input typed as `Hex`.
+ * @throws If `value` is not a valid hex string.
+ */
+export declare function mustBeHex(value: string): Hex;
+/**
+ * Normalises a string to a `0x`-prefixed `Hex` value, adding the prefix if missing.
+ * @param value - A hex string, with or without a `0x` prefix.
+ * @returns The `0x`-prefixed `Hex` string.
+ * @throws If the resulting string is not valid hex.
+ */
+export declare function normaliseToHex(value: string): Hex;
+/**
+ * Encodes a `Uint8Array` as a `0x`-prefixed hex string.
+ * @param bs - The byte array to encode.
+ * @returns A `Hex` string representation of the bytes.
+ */
+export declare function bytesToHex(bs: Uint8Array): Hex;
+/** Schema for a 32-byte (66-character with `0x` prefix) hex string, branded as `Bytes32`. Accepts both hex strings and `Uint8Array` inputs. */
+export declare const Bytes32: Schema.brand<Schema.filter<Schema.transformOrFail<Schema.Union<[typeof Schema.String, Schema.refine<object & Uint8Array<ArrayBufferLike>, Schema.Schema<object, object, never>>]>, Schema.TemplateLiteral<`0x${string}`>, never>>, "Bytes32">;
+/**
+ * Parses and validates a {@link BytesIsh} value as a {@link Bytes32}.
+ * @param x - A hex string or `Uint8Array` to parse.
+ * @returns A validated `Bytes32` value.
+ * @throws If the input is not exactly 32 bytes.
+ */
+export declare function asBytes32(x: BytesIsh): Bytes32;
+/** A branded 32-byte hex string type (`0x` + 64 hex characters). */
+export type Bytes32 = typeof Bytes32.Type;
+/** A branded 20-byte Ethereum address type (`0x` + 40 hex characters). */
+export type Address = typeof Address.Type;
+/** Schema for a 20-byte `0x`-prefixed Ethereum address, branded as `Address`. */
+export declare const Address: Schema.brand<Schema.filter<Schema.TemplateLiteral<`0x${string}`>>, "Address">;
+/**
+ * Parses and validates a string as an Ethereum {@link Address} (20-byte, `0x`-prefixed).
+ * @param address - The string to parse.
+ * @returns A validated `Address` value.
+ * @throws If the input is not a valid 20-byte hex address.
+ */
+export declare function parseAddress(address: string): Address;
+/**
+ * Parses and validates a string as a {@link HexString} (`0x`-prefixed).
+ * @param hex - The string to parse.
+ * @returns A validated `HexString` value.
+ * @throws If the input is not a valid `0x`-prefixed hex string.
+ */
+export declare function parseHex(hex: string): HexString;