@inco/lightning-js 0.0.0-bootstrap.0

package/dist/esm/generated/local-node.d.ts

@@ -0,0 +1,50 @@
+export declare const localNodeLightningConfig: {
+    readonly mainnet: {
+        readonly executorAddress: "0x4b9911b0191B0b6a6eA8F2Ed562e20Cff5AC8624";
+        readonly chainId: 31337;
+        readonly covalidatorUrls: readonly ["http://localhost:50055"];
+        readonly signers: readonly ["0xDD166476574D64D54A8d65810478007eDccc1d1d"];
+        readonly hostChainRpcUrls: readonly ["http://localhost:8545"];
+        readonly senderPrivateKey: "0x7f2a092a3ecab2e11400fc235b8d3d6b76fb7ec14c71b64baf5a6885a36c1b3a";
+    };
+    readonly demonet: {
+        readonly executorAddress: "0xad9Af2e804FbF14d69391167F1FCDf918A3980fb";
+        readonly chainId: 31337;
+        readonly covalidatorUrls: readonly ["http://localhost:50055"];
+        readonly signers: readonly ["0x9cDbDc8E83F84B9D6d3c19356B8C590f0CE1F549"];
+        readonly hostChainRpcUrls: readonly ["http://localhost:8545"];
+        readonly senderPrivateKey: "0x8e6681c7870f0adc53511b6f38515a5b0f4e3a3fa62a62505f58c61e64c92497";
+    };
+    readonly testnet: {
+        readonly executorAddress: "0xe9CB49A5b16C6D4a093E5900AA8b450FD40541B6";
+        readonly chainId: 31337;
+        readonly covalidatorUrls: readonly ["http://localhost:50055"];
+        readonly signers: readonly ["0x8A853ACC000D50bfb59e1D04635959957e28Db38"];
+        readonly hostChainRpcUrls: readonly ["http://localhost:8545"];
+        readonly senderPrivateKey: "0x835c46722a63e5132eaf24d0a1dad8689d43b85bdcc0e592c23e55fa603895d7";
+    };
+    readonly devnet: {
+        readonly executorAddress: "0xB3C06f0Ed967a7E366ba31C67927DDf93d7c1154";
+        readonly chainId: 31337;
+        readonly covalidatorUrls: readonly ["http://localhost:50055"];
+        readonly signers: readonly ["0x29C5a8C17d8c0A2B2036365EA6908291A35dDadF"];
+        readonly hostChainRpcUrls: readonly ["http://localhost:8545"];
+        readonly senderPrivateKey: "0xbea2b6c911de6a581e7e5fab9da94edbb00c5ddba7ab1645c100b012997c842e";
+    };
+    readonly alphanet: {
+        readonly executorAddress: "0xc0d693DeEF0A91CE39208676b6da09B822abd199";
+        readonly chainId: 31337;
+        readonly covalidatorUrls: readonly ["http://localhost:50055"];
+        readonly signers: readonly ["0x8E873085348a3406A07907E5d1465B9824bA07cd"];
+        readonly hostChainRpcUrls: readonly ["http://localhost:8545"];
+        readonly senderPrivateKey: "0x279c172cf3638a79642daa5f7666c600befde318550d7579cf96280920e318b6";
+    };
+    readonly scratch: {
+        readonly executorAddress: "0xb390b23b8fa1761a85035E7C135bf93713d1d4d1";
+        readonly chainId: 31337;
+        readonly covalidatorUrls: readonly ["http://localhost:50055"];
+        readonly signers: readonly ["0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266"];
+        readonly hostChainRpcUrls: readonly ["http://127.0.0.1:8567"];
+        readonly senderPrivateKey: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80";
+    };
+};

package/dist/esm/generated/local-node.js

@@ -0,0 +1,104 @@
+// ============================================================================
+// WARNING: LOCAL DEVELOPMENT ONLY - DO NOT USE IN PRODUCTION
+// ============================================================================
+//
+// This file contains TEST KEYS that are publicly known and have no value.
+//
+// SECURITY NOTICE: All URLs in this configuration use HTTP (unencrypted).
+// This is acceptable ONLY for localhost connections where traffic never
+// leaves the local machine.
+//
+// DO NOT modify these URLs to point to non-localhost addresses without
+// switching to HTTPS. Using HTTP with remote hosts exposes sensitive data
+// (including private keys and transaction data) to network interception.
+//
+// For production or any non-local environment, use the appropriate
+// network configuration files which enforce HTTPS for all remote connections.
+// ============================================================================
+export const localNodeLightningConfig = {
+    "mainnet": {
+        "executorAddress": "0x4b9911b0191B0b6a6eA8F2Ed562e20Cff5AC8624",
+        "chainId": 31337,
+        "covalidatorUrls": [
+            "http://localhost:50055"
+        ],
+        "signers": [
+            "0xDD166476574D64D54A8d65810478007eDccc1d1d"
+        ],
+        "hostChainRpcUrls": [
+            "http://localhost:8545"
+        ],
+        "senderPrivateKey": "0x7f2a092a3ecab2e11400fc235b8d3d6b76fb7ec14c71b64baf5a6885a36c1b3a"
+    },
+    "demonet": {
+        "executorAddress": "0xad9Af2e804FbF14d69391167F1FCDf918A3980fb",
+        "chainId": 31337,
+        "covalidatorUrls": [
+            "http://localhost:50055"
+        ],
+        "signers": [
+            "0x9cDbDc8E83F84B9D6d3c19356B8C590f0CE1F549"
+        ],
+        "hostChainRpcUrls": [
+            "http://localhost:8545"
+        ],
+        "senderPrivateKey": "0x8e6681c7870f0adc53511b6f38515a5b0f4e3a3fa62a62505f58c61e64c92497"
+    },
+    "testnet": {
+        "executorAddress": "0xe9CB49A5b16C6D4a093E5900AA8b450FD40541B6",
+        "chainId": 31337,
+        "covalidatorUrls": [
+            "http://localhost:50055"
+        ],
+        "signers": [
+            "0x8A853ACC000D50bfb59e1D04635959957e28Db38"
+        ],
+        "hostChainRpcUrls": [
+            "http://localhost:8545"
+        ],
+        "senderPrivateKey": "0x835c46722a63e5132eaf24d0a1dad8689d43b85bdcc0e592c23e55fa603895d7"
+    },
+    "devnet": {
+        "executorAddress": "0xB3C06f0Ed967a7E366ba31C67927DDf93d7c1154",
+        "chainId": 31337,
+        "covalidatorUrls": [
+            "http://localhost:50055"
+        ],
+        "signers": [
+            "0x29C5a8C17d8c0A2B2036365EA6908291A35dDadF"
+        ],
+        "hostChainRpcUrls": [
+            "http://localhost:8545"
+        ],
+        "senderPrivateKey": "0xbea2b6c911de6a581e7e5fab9da94edbb00c5ddba7ab1645c100b012997c842e"
+    },
+    "alphanet": {
+        "executorAddress": "0xc0d693DeEF0A91CE39208676b6da09B822abd199",
+        "chainId": 31337,
+        "covalidatorUrls": [
+            "http://localhost:50055"
+        ],
+        "signers": [
+            "0x8E873085348a3406A07907E5d1465B9824bA07cd"
+        ],
+        "hostChainRpcUrls": [
+            "http://localhost:8545"
+        ],
+        "senderPrivateKey": "0x279c172cf3638a79642daa5f7666c600befde318550d7579cf96280920e318b6"
+    },
+    "scratch": {
+        "executorAddress": "0xb390b23b8fa1761a85035E7C135bf93713d1d4d1",
+        "chainId": 31337,
+        "covalidatorUrls": [
+            "http://localhost:50055"
+        ],
+        "signers": [
+            "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266"
+        ],
+        "hostChainRpcUrls": [
+            "http://127.0.0.1:8567"
+        ],
+        "senderPrivateKey": "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"
+    }
+};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibG9jYWwtbm9kZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9nZW5lcmF0ZWQvbG9jYWwtbm9kZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSwrRUFBK0U7QUFDL0UsNkRBQTZEO0FBQzdELCtFQUErRTtBQUMvRSxFQUFFO0FBQ0YsMEVBQTBFO0FBQzFFLEVBQUU7QUFDRiwwRUFBMEU7QUFDMUUsd0VBQXdFO0FBQ3hFLDRCQUE0QjtBQUM1QixFQUFFO0FBQ0YsdUVBQXVFO0FBQ3ZFLDBFQUEwRTtBQUMxRSx5RUFBeUU7QUFDekUsRUFBRTtBQUNGLG1FQUFtRTtBQUNuRSw4RUFBOEU7QUFDOUUsK0VBQStFO0FBRS9FLE1BQU0sQ0FBQyxNQUFNLHdCQUF3QixHQUFHO0lBQ3RDLFNBQVMsRUFBRTtRQUNULGlCQUFpQixFQUFFLDRDQUE0QztRQUMvRCxTQUFTLEVBQUUsS0FBSztRQUNoQixpQkFBaUIsRUFBRTtZQUNqQix3QkFBd0I7U0FDekI7UUFDRCxTQUFTLEVBQUU7WUFDVCw0Q0FBNEM7U0FDN0M7UUFDRCxrQkFBa0IsRUFBRTtZQUNsQix1QkFBdUI7U0FDeEI7UUFDRCxrQkFBa0IsRUFBRSxvRUFBb0U7S0FDekY7SUFDRCxTQUFTLEVBQUU7UUFDVCxpQkFBaUIsRUFBRSw0Q0FBNEM7UUFDL0QsU0FBUyxFQUFFLEtBQUs7UUFDaEIsaUJBQWlCLEVBQUU7WUFDakIsd0JBQXdCO1NBQ3pCO1FBQ0QsU0FBUyxFQUFFO1lBQ1QsNENBQTRDO1NBQzdDO1FBQ0Qsa0JBQWtCLEVBQUU7WUFDbEIsdUJBQXVCO1NBQ3hCO1FBQ0Qsa0JBQWtCLEVBQUUsb0VBQW9FO0tBQ3pGO0lBQ0QsU0FBUyxFQUFFO1FBQ1QsaUJBQWlCLEVBQUUsNENBQTRDO1FBQy9ELFNBQVMsRUFBRSxLQUFLO1FBQ2hCLGlCQUFpQixFQUFFO1lBQ2pCLHdCQUF3QjtTQUN6QjtRQUNELFNBQVMsRUFBRTtZQUNULDRDQUE0QztTQUM3QztRQUNELGtCQUFrQixFQUFFO1lBQ2xCLHVCQUF1QjtTQUN4QjtRQUNELGtCQUFrQixFQUFFLG9FQUFvRTtLQUN6RjtJQUNELFFBQVEsRUFBRTtRQUNSLGlCQUFpQixFQUFFLDRDQUE0QztRQUMvRCxTQUFTLEVBQUUsS0FBSztRQUNoQixpQkFBaUIsRUFBRTtZQUNqQix3QkFBd0I7U0FDekI7UUFDRCxTQUFTLEVBQUU7WUFDVCw0Q0FBNEM7U0FDN0M7UUFDRCxrQkFBa0IsRUFBRTtZQUNsQix1QkFBdUI7U0FDeEI7UUFDRCxrQkFBa0IsRUFBRSxvRUFBb0U7S0FDekY7SUFDRCxVQUFVLEVBQUU7UUFDVixpQkFBaUIsRUFBRSw0Q0FBNEM7UUFDL0QsU0FBUyxFQUFFLEtBQUs7UUFDaEIsaUJBQWlCLEVBQUU7WUFDakIsd0JBQXdCO1NBQ3pCO1FBQ0QsU0FBUyxFQUFFO1lBQ1QsNENBQTRDO1NBQzdDO1FBQ0Qsa0JBQWtCLEVBQUU7WUFDbEIsdUJBQXVCO1NBQ3hCO1FBQ0Qsa0JBQWtCLEVBQUUsb0VBQW9FO0tBQ3pGO0lBQ0QsU0FBUyxFQUFFO1FBQ1QsaUJBQWlCLEVBQUUsNENBQTRDO1FBQy9ELFNBQVMsRUFBRSxLQUFLO1FBQ2hCLGlCQUFpQixFQUFFO1lBQ2pCLHdCQUF3QjtTQUN6QjtRQUNELFNBQVMsRUFBRTtZQUNULDRDQUE0QztTQUM3QztRQUNELGtCQUFrQixFQUFFO1lBQ2xCLHVCQUF1QjtTQUN4QjtRQUNELGtCQUFrQixFQUFFLG9FQUFvRTtLQUN6RjtDQUNPLENBQUMifQ==

package/dist/esm/handle.d.ts

@@ -0,0 +1,123 @@
+import { Schema } from 'effect';
+import { HexString } from './binary.js';
+/** Current handle version byte, appended as the last byte of every handle. */
+export declare const HANDLE_VERSION = 0;
+/**
+ * Domain separators for handle derivation. Must be kept in sync with Solidity
+ * (contracts/lightning/src/Types.sol) and Go (pkg/hostchain/handle.go). Prefixing every
+ * keccak256 preimage with a unique constant string makes cross-derivation-path
+ * collision resistance structural rather than incidental.
+ */
+export declare const SEP_INPUT_HANDLE = "inco/handle/input-handle";
+export declare const SEP_INPUT_CONTEXT = "inco/handle/input-context";
+export declare const SEP_OP_RESULT = "inco/handle/op-result";
+export declare const SEP_ELIST_OP_RESULT = "inco/handle/elist-result";
+export declare const BYTE_ELIST_ELEMENT_TYPE_INDEX = 29;
+/**
+ * Map of ENCRYPTION type names to their integer identifiers.
+ *
+ * Keys provide a semantic interpretation over the underlying integral type.
+ * For example, `ebool` interprets a `uint16` as a boolean, `ebytes64` interprets
+ * a `uint512` as a 64-byte array, etc.
+ */
+export declare const handleTypes: Readonly<{
+    ebool: 0;
+    euint4: 1;
+    euint8: 2;
+    euint16: 3;
+    euint32: 4;
+    euint64: 5;
+    euint128: 6;
+    euint160: 7;
+    euint256: 8;
+    ebytes64: 9;
+    ebytes128: 10;
+    ebytes256: 11;
+}>;
+/** Schema that validates a string is one of the known ENCRYPTION type names (e.g. `"ebool"`, `"euint256"`). */
+export declare const HandleTypeName: Schema.SchemaClass<"ebool" | "euint4" | "euint8" | "euint16" | "euint32" | "euint64" | "euint128" | "euint160" | "euint256" | "ebytes64" | "ebytes128" | "ebytes256", "ebool" | "euint4" | "euint8" | "euint16" | "euint32" | "euint64" | "euint128" | "euint160" | "euint256" | "ebytes64" | "ebytes128" | "ebytes256", never>;
+/** A valid ENCRYPTION type name string (e.g. `"ebool"`, `"euint32"`, `"ebytes64"`). */
+export type HandleTypeName = typeof HandleTypeName.Type;
+/** The typeof {@link handleTypes} — mapping from ENCRYPTION type names to integer IDs. */
+export type HandleTypes = typeof handleTypes;
+/** Integer identifier of an ENCRYPTION type (0–11), corresponding to a {@link HandleTypeName}. */
+export type TeeType = HandleTypes[keyof HandleTypes];
+/**
+ * Type guard that checks whether a number is a valid {@link TeeType} identifier.
+ * @param value - The number to check.
+ * @returns `true` if `value` is a known ENCRYPTION type integer (0–11).
+ */
+export declare function isTeeType(value: number): value is TeeType;
+/** Schema for the context required to compute a deterministic ENCRYPTION handle. */
+export declare const InputContext: Schema.Struct<{
+    hostChainId: typeof Schema.BigInt;
+    aclAddress: Schema.TemplateLiteral<`0x${string}`>;
+    userAddress: Schema.TemplateLiteral<`0x${string}`>;
+    contractAddress: Schema.TemplateLiteral<`0x${string}`>;
+    version: typeof Schema.Number;
+    inputType: typeof Schema.Number;
+}>;
+/** Context fields (chain ID, ACL address, user/contract addresses, version, on-chain inputType) used to derive a deterministic handle. */
+export type InputContext = typeof InputContext.Type;
+/**
+ * A 32-byte hex string representing an ENCRYPTION ciphertext handle.
+ *
+ * Format: `keccak_hash[0:29] || index_handle || handle_type || handle_version`
+ *
+ * @see pkg/hostchain/handle.md for the handle format spec.
+ */
+export type Handle = HexString;
+/**
+ * Expected length of a handle in bytes.
+ * Handle format: 29 bytes hash + 1 byte index + 1 byte type + 1 byte version = 32 bytes
+ */
+export declare const HANDLE_LENGTH_BYTES = 32;
+/**
+ * Validates handle integrity by checking format, length, and version.
+ * Matches the validation in Go's HandleFromBytes (pkg/hostchain/handle.go).
+ * @param handle - The handle to validate
+ * @throws Error if handle is malformed (wrong format, length, or unsupported version)
+ */
+export declare function validateHandle(handle: HexString): void;
+/**
+ * Extracts the {@link TeeType} from byte 30 of a validated handle.
+ * @param handle - A 32-byte hex handle string.
+ * @returns The ENCRYPTION type identifier stored in the handle.
+ * @throws If the handle is malformed or contains an invalid ENCRYPTION type.
+ * @see pkg/hostchain/handle.md for the handle format spec.
+ */
+export declare function getHandleType(handle: HexString): TeeType;
+/**
+ * Extracts the elist element {@link TeeType} from byte 29 of a validated handle.
+ * @param handle - A 32-byte hex handle string for an elist.
+ * @returns The ENCRYPTION type identifier of the elist elements.
+ * @throws If the handle is malformed or contains an invalid ENCRYPTION type at byte 29.
+ */
+export declare function getEListElementType(handle: HexString): TeeType;
+/**
+ * Computes the final handle for an input based on the ciphertext and the input context, matches the handle generation
+ * in Go and Solidity.
+ *
+ * @param ciphertext Note this is different from the input which has the external handle prepended
+ * @param indexHandle
+ * @param handleType
+ * @param handleVersion
+ * @param context
+ */
+export declare function computeHandle({ ciphertext, indexHandle, handleType, handleVersion, context, }: {
+    ciphertext: Uint8Array;
+    indexHandle: number;
+    handleType: TeeType;
+    handleVersion: number;
+    context: InputContext;
+}): Buffer;
+/**
+ * Computes the Keccak-256 hash of an ABI-packed {@link InputContext}.
+ *
+ * The context is packed as: `"evm/" || SEP_INPUT_CONTEXT || HANDLE_VERSION || inputType ||
+ *   chainId || aclAddress || userAddress || contractAddress || version`.
+ *
+ * @param context - The input context to hash.
+ * @returns A 32-byte `Buffer` containing the Keccak-256 digest.
+ */
+export declare function hashInputContext(context: InputContext): Buffer;

package/dist/esm/handle.js

@@ -0,0 +1,212 @@
+import { Schema } from 'effect';
+import { Keccak } from 'sha3';
+import { encodePacked, hexToBytes, toHex } from 'viem';
+import { HexString } from './binary.js';
+/** Current handle version byte, appended as the last byte of every handle. */
+export const HANDLE_VERSION = 0;
+/**
+ * Domain separators for handle derivation. Must be kept in sync with Solidity
+ * (contracts/lightning/src/Types.sol) and Go (pkg/hostchain/handle.go). Prefixing every
+ * keccak256 preimage with a unique constant string makes cross-derivation-path
+ * collision resistance structural rather than incidental.
+ */
+export const SEP_INPUT_HANDLE = 'inco/handle/input-handle';
+export const SEP_INPUT_CONTEXT = 'inco/handle/input-context';
+export const SEP_OP_RESULT = 'inco/handle/op-result';
+export const SEP_ELIST_OP_RESULT = 'inco/handle/elist-result';
+// The index of the byte in the handle where elist element type is stored
+export const BYTE_ELIST_ELEMENT_TYPE_INDEX = 29;
+/**
+ * Map of ENCRYPTION type names to their integer identifiers.
+ *
+ * Keys provide a semantic interpretation over the underlying integral type.
+ * For example, `ebool` interprets a `uint16` as a boolean, `ebytes64` interprets
+ * a `uint512` as a 64-byte array, etc.
+ */
+export const handleTypes = Object.freeze({
+    ebool: 0,
+    euint4: 1,
+    euint8: 2,
+    euint16: 3,
+    euint32: 4,
+    euint64: 5,
+    euint128: 6,
+    euint160: 7,
+    euint256: 8,
+    ebytes64: 9,
+    ebytes128: 10,
+    ebytes256: 11,
+});
+const handleNames = Object.keys(handleTypes);
+/** Schema that validates a string is one of the known ENCRYPTION type names (e.g. `"ebool"`, `"euint256"`). */
+export const HandleTypeName = Schema.Literal(...handleNames);
+/**
+ * Type guard that checks whether a number is a valid {@link TeeType} identifier.
+ * @param value - The number to check.
+ * @returns `true` if `value` is a known ENCRYPTION type integer (0–11).
+ */
+export function isTeeType(value) {
+    return Object.values(handleTypes).includes(value);
+}
+/** Schema for the context required to compute a deterministic ENCRYPTION handle. */
+export const InputContext = Schema.Struct({
+    hostChainId: Schema.BigInt,
+    aclAddress: HexString,
+    userAddress: HexString,
+    contractAddress: HexString,
+    version: Schema.Number,
+    inputType: Schema.Number,
+});
+/**
+ * Expected length of a handle in bytes.
+ * Handle format: 29 bytes hash + 1 byte index + 1 byte type + 1 byte version = 32 bytes
+ */
+export const HANDLE_LENGTH_BYTES = 32;
+/**
+ * Validates handle integrity by checking format, length, and version.
+ * Matches the validation in Go's HandleFromBytes (pkg/hostchain/handle.go).
+ * @param handle - The handle to validate
+ * @throws Error if handle is malformed (wrong format, length, or unsupported version)
+ */
+export function validateHandle(handle) {
+    // Check format: must start with 0x prefix and have correct length
+    if (!handle.startsWith('0x') ||
+        handle.length !== 2 + 2 * HANDLE_LENGTH_BYTES) {
+        throw new Error(`Invalid handle format: must be a ${HANDLE_LENGTH_BYTES}-byte hex string with 0x prefix`);
+    }
+    const handleBytes = hexToBytes(handle);
+    // Validate handle version (byte 31 must match HANDLE_VERSION)
+    const handleVersion = handleBytes[31];
+    if (handleVersion !== HANDLE_VERSION) {
+        throw new Error(`Unsupported handle version: expected ${HANDLE_VERSION}, got ${handleVersion} for handle ${handle}`);
+    }
+}
+/**
+ * Extracts the {@link TeeType} from byte 30 of a validated handle.
+ * @param handle - A 32-byte hex handle string.
+ * @returns The ENCRYPTION type identifier stored in the handle.
+ * @throws If the handle is malformed or contains an invalid ENCRYPTION type.
+ * @see pkg/hostchain/handle.md for the handle format spec.
+ */
+export function getHandleType(handle) {
+    // Validate handle integrity before extracting type
+    validateHandle(handle);
+    const handleBytes = hexToBytes(handle);
+    const handleType = handleBytes[30];
+    if (!isTeeType(handleType)) {
+        throw new Error(`Invalid handle type ${handleType} for handle ${handle}`);
+    }
+    return handleType;
+}
+/**
+ * Extracts the elist element {@link TeeType} from byte 29 of a validated handle.
+ * @param handle - A 32-byte hex handle string for an elist.
+ * @returns The ENCRYPTION type identifier of the elist elements.
+ * @throws If the handle is malformed or contains an invalid ENCRYPTION type at byte 29.
+ */
+export function getEListElementType(handle) {
+    validateHandle(handle);
+    const handleBytes = hexToBytes(handle);
+    const elementType = handleBytes[BYTE_ELIST_ELEMENT_TYPE_INDEX];
+    if (!isTeeType(elementType)) {
+        throw new Error(`Invalid elist element type ${elementType} for handle ${handle}`);
+    }
+    return elementType;
+}
+// Handle format reference (kept in sync with Solidity in contracts/lightning/src and Go in pkg/hostchain/handle.go):
+/// @dev handle format for user inputs:    keccak256(keccak256(CiphertextList) || index_handle)[0:29] || index_handle || handle_type || handle_version
+/// @dev handle format for op results:     keccak256(keccak256(rawCiphertextList) || index_handle)[0:30] || handle_type || handle_version
+/// @dev CiphertextList layout: 1 byte (= N) for handles_list size, N bytes for handles_types (1 per handle), followed by the original raw ciphertext list
+/**
+ * Computes the final handle for an input based on the ciphertext and the input context, matches the handle generation
+ * in Go and Solidity.
+ *
+ * @param ciphertext Note this is different from the input which has the external handle prepended
+ * @param indexHandle
+ * @param handleType
+ * @param handleVersion
+ * @param context
+ */
+export function computeHandle({ ciphertext, indexHandle, handleType, handleVersion, context, }) {
+    assertUint8(indexHandle);
+    assertUint8(handleType);
+    assertUint8(handleVersion);
+    if (handleVersion !== HANDLE_VERSION) {
+        throw new Error(`Unsupported handle version: expected ${HANDLE_VERSION}, got ${handleVersion}`);
+    }
+    const packed = encodePacked([
+        'string',
+        'uint8',
+        'uint8',
+        'uint32',
+        'bytes',
+        'uint8',
+        'string',
+        'uint256',
+        'address',
+        'address',
+        'address',
+        'uint16',
+    ], [
+        SEP_INPUT_HANDLE,
+        handleVersion,
+        handleType,
+        ciphertext.length,
+        toHex(ciphertext),
+        indexHandle,
+        // Note: The x/hostchain spec requires the chain ID to be prefixed with 'evm/' for EVM chains
+        'evm/',
+        context.hostChainId,
+        context.aclAddress,
+        context.userAddress,
+        context.contractAddress,
+        context.version,
+    ]);
+    const hash = new Keccak(256).update(Buffer.from(hexToBytes(packed))).digest();
+    const handle = Buffer.alloc(32);
+    hash.copy(handle, 0, 0, 29);
+    handle.writeUInt8(indexHandle, 29);
+    handle.writeUInt8(handleType, 30);
+    handle.writeUInt8(handleVersion, 31);
+    return handle;
+}
+/**
+ * Computes the Keccak-256 hash of an ABI-packed {@link InputContext}.
+ *
+ * The context is packed as: `"evm/" || SEP_INPUT_CONTEXT || HANDLE_VERSION || inputType ||
+ *   chainId || aclAddress || userAddress || contractAddress || version`.
+ *
+ * @param context - The input context to hash.
+ * @returns A 32-byte `Buffer` containing the Keccak-256 digest.
+ */
+export function hashInputContext(context) {
+    const packed = encodePacked([
+        'string',
+        'string',
+        'uint8',
+        'uint8',
+        'uint256',
+        'address',
+        'address',
+        'address',
+        'uint16',
+    ], [
+        // Note: The x/hostchain spec requires the chain ID to be prefixed with 'evm/' for EVM chains
+        'evm/',
+        SEP_INPUT_CONTEXT,
+        HANDLE_VERSION,
+        context.inputType,
+        context.hostChainId,
+        context.aclAddress,
+        context.userAddress,
+        context.contractAddress,
+        context.version,
+    ]);
+    return new Keccak(256).update(Buffer.from(hexToBytes(packed))).digest();
+}
+function assertUint8(value) {
+    if (!Number.isInteger(value) || value < 0 || value > 255) {
+        throw new Error(`Invalid uint8 value: ${value}`);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGFuZGxlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2hhbmRsZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sUUFBUSxDQUFDO0FBQ2hDLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxNQUFNLENBQUM7QUFDOUIsT0FBTyxFQUFFLFlBQVksRUFBRSxVQUFVLEVBQUUsS0FBSyxFQUFFLE1BQU0sTUFBTSxDQUFDO0FBQ3ZELE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFFeEMsOEVBQThFO0FBQzlFLE1BQU0sQ0FBQyxNQUFNLGNBQWMsR0FBRyxDQUFDLENBQUM7QUFFaEM7Ozs7O0dBS0c7QUFDSCxNQUFNLENBQUMsTUFBTSxnQkFBZ0IsR0FBRywwQkFBMEIsQ0FBQztBQUMzRCxNQUFNLENBQUMsTUFBTSxpQkFBaUIsR0FBRywyQkFBMkIsQ0FBQztBQUM3RCxNQUFNLENBQUMsTUFBTSxhQUFhLEdBQUcsdUJBQXVCLENBQUM7QUFDckQsTUFBTSxDQUFDLE1BQU0sbUJBQW1CLEdBQUcsMEJBQTBCLENBQUM7QUFDOUQseUVBQXlFO0FBQ3pFLE1BQU0sQ0FBQyxNQUFNLDZCQUE2QixHQUFHLEVBQUUsQ0FBQztBQUVoRDs7Ozs7O0dBTUc7QUFDSCxNQUFNLENBQUMsTUFBTSxXQUFXLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQztJQUN2QyxLQUFLLEVBQUUsQ0FBQztJQUNSLE1BQU0sRUFBRSxDQUFDO0lBQ1QsTUFBTSxFQUFFLENBQUM7SUFDVCxPQUFPLEVBQUUsQ0FBQztJQUNWLE9BQU8sRUFBRSxDQUFDO0lBQ1YsT0FBTyxFQUFFLENBQUM7SUFDVixRQUFRLEVBQUUsQ0FBQztJQUNYLFFBQVEsRUFBRSxDQUFDO0lBQ1gsUUFBUSxFQUFFLENBQUM7SUFDWCxRQUFRLEVBQUUsQ0FBQztJQUNYLFNBQVMsRUFBRSxFQUFFO0lBQ2IsU0FBUyxFQUFFLEVBQUU7Q0FDZCxDQUFDLENBQUM7QUFFSCxNQUFNLFdBQVcsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBaUMsQ0FBQztBQUU3RSwrR0FBK0c7QUFDL0csTUFBTSxDQUFDLE1BQU0sY0FBYyxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUMsR0FBRyxXQUFXLENBQUMsQ0FBQztBQVc3RDs7OztHQUlHO0FBQ0gsTUFBTSxVQUFVLFNBQVMsQ0FBQyxLQUFhO0lBQ3JDLE9BQU8sTUFBTSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsQ0FBQyxRQUFRLENBQUMsS0FBZ0IsQ0FBQyxDQUFDO0FBQy9ELENBQUM7QUFFRCxvRkFBb0Y7QUFDcEYsTUFBTSxDQUFDLE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUM7SUFDeEMsV0FBVyxFQUFFLE1BQU0sQ0FBQyxNQUFNO0lBQzFCLFVBQVUsRUFBRSxTQUFTO0lBQ3JCLFdBQVcsRUFBRSxTQUFTO0lBQ3RCLGVBQWUsRUFBRSxTQUFTO0lBQzFCLE9BQU8sRUFBRSxNQUFNLENBQUMsTUFBTTtJQUN0QixTQUFTLEVBQUUsTUFBTSxDQUFDLE1BQU07Q0FDekIsQ0FBQyxDQUFDO0FBaUJIOzs7R0FHRztBQUNILE1BQU0sQ0FBQyxNQUFNLG1CQUFtQixHQUFHLEVBQUUsQ0FBQztBQUV0Qzs7Ozs7R0FLRztBQUNILE1BQU0sVUFBVSxjQUFjLENBQUMsTUFBaUI7SUFDOUMsa0VBQWtFO0lBQ2xFLElBQ0UsQ0FBQyxNQUFNLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQztRQUN4QixNQUFNLENBQUMsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsbUJBQW1CLEVBQzdDLENBQUM7UUFDRCxNQUFNLElBQUksS0FBSyxDQUNiLG9DQUFvQyxtQkFBbUIsaUNBQWlDLENBQ3pGLENBQUM7SUFDSixDQUFDO0lBRUQsTUFBTSxXQUFXLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBRXZDLDhEQUE4RDtJQUM5RCxNQUFNLGFBQWEsR0FBRyxXQUFXLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDdEMsSUFBSSxhQUFhLEtBQUssY0FBYyxFQUFFLENBQUM7UUFDckMsTUFBTSxJQUFJLEtBQUssQ0FDYix3Q0FBd0MsY0FBYyxTQUFTLGFBQWEsZUFBZSxNQUFNLEVBQUUsQ0FDcEcsQ0FBQztJQUNKLENBQUM7QUFDSCxDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsTUFBTSxVQUFVLGFBQWEsQ0FBQyxNQUFpQjtJQUM3QyxtREFBbUQ7SUFDbkQsY0FBYyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBRXZCLE1BQU0sV0FBVyxHQUFHLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUN2QyxNQUFNLFVBQVUsR0FBRyxXQUFXLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDbkMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUMsRUFBRSxDQUFDO1FBQzNCLE1BQU0sSUFBSSxLQUFLLENBQUMsdUJBQXVCLFVBQVUsZUFBZSxNQUFNLEVBQUUsQ0FBQyxDQUFDO0lBQzVFLENBQUM7SUFDRCxPQUFPLFVBQVUsQ0FBQztBQUNwQixDQUFDO0FBRUQ7Ozs7O0dBS0c7QUFDSCxNQUFNLFVBQVUsbUJBQW1CLENBQUMsTUFBaUI7SUFDbkQsY0FBYyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBRXZCLE1BQU0sV0FBVyxHQUFHLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUN2QyxNQUFNLFdBQVcsR0FBRyxXQUFXLENBQUMsNkJBQTZCLENBQUMsQ0FBQztJQUMvRCxJQUFJLENBQUMsU0FBUyxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUM7UUFDNUIsTUFBTSxJQUFJLEtBQUssQ0FDYiw4QkFBOEIsV0FBVyxlQUFlLE1BQU0sRUFBRSxDQUNqRSxDQUFDO0lBQ0osQ0FBQztJQUNELE9BQU8sV0FBVyxDQUFDO0FBQ3JCLENBQUM7QUFFRCxxSEFBcUg7QUFDckgsc0pBQXNKO0FBQ3RKLHlJQUF5STtBQUN6SSwwSkFBMEo7QUFFMUo7Ozs7Ozs7OztHQVNHO0FBQ0gsTUFBTSxVQUFVLGFBQWEsQ0FBQyxFQUM1QixVQUFVLEVBQ1YsV0FBVyxFQUNYLFVBQVUsRUFDVixhQUFhLEVBQ2IsT0FBTyxHQU9SO0lBQ0MsV0FBVyxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQ3pCLFdBQVcsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUN4QixXQUFXLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDM0IsSUFBSSxhQUFhLEtBQUssY0FBYyxFQUFFLENBQUM7UUFDckMsTUFBTSxJQUFJLEtBQUssQ0FDYix3Q0FBd0MsY0FBYyxTQUFTLGFBQWEsRUFBRSxDQUMvRSxDQUFDO0lBQ0osQ0FBQztJQUNELE1BQU0sTUFBTSxHQUFHLFlBQVksQ0FDekI7UUFDRSxRQUFRO1FBQ1IsT0FBTztRQUNQLE9BQU87UUFDUCxRQUFRO1FBQ1IsT0FBTztRQUNQLE9BQU87UUFDUCxRQUFRO1FBQ1IsU0FBUztRQUNULFNBQVM7UUFDVCxTQUFTO1FBQ1QsU0FBUztRQUNULFFBQVE7S0FDVCxFQUNEO1FBQ0UsZ0JBQWdCO1FBQ2hCLGFBQWE7UUFDYixVQUFVO1FBQ1YsVUFBVSxDQUFDLE1BQU07UUFDakIsS0FBSyxDQUFDLFVBQVUsQ0FBQztRQUNqQixXQUFXO1FBQ1gsNkZBQTZGO1FBQzdGLE1BQU07UUFDTixPQUFPLENBQUMsV0FBVztRQUNuQixPQUFPLENBQUMsVUFBVTtRQUNsQixPQUFPLENBQUMsV0FBVztRQUNuQixPQUFPLENBQUMsZUFBZTtRQUN2QixPQUFPLENBQUMsT0FBTztLQUNoQixDQUNGLENBQUM7SUFDRixNQUFNLElBQUksR0FBRyxJQUFJLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDO0lBQzlFLE1BQU0sTUFBTSxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDaEMsSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUM1QixNQUFNLENBQUMsVUFBVSxDQUFDLFdBQVcsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUNuQyxNQUFNLENBQUMsVUFBVSxDQUFDLFVBQVUsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUNsQyxNQUFNLENBQUMsVUFBVSxDQUFDLGFBQWEsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUNyQyxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDO0FBRUQ7Ozs7Ozs7O0dBUUc7QUFDSCxNQUFNLFVBQVUsZ0JBQWdCLENBQUMsT0FBcUI7SUFDcEQsTUFBTSxNQUFNLEdBQUcsWUFBWSxDQUN6QjtRQUNFLFFBQVE7UUFDUixRQUFRO1FBQ1IsT0FBTztRQUNQLE9BQU87UUFDUCxTQUFTO1FBQ1QsU0FBUztRQUNULFNBQVM7UUFDVCxTQUFTO1FBQ1QsUUFBUTtLQUNULEVBQ0Q7UUFDRSw2RkFBNkY7UUFDN0YsTUFBTTtRQUNOLGlCQUFpQjtRQUNqQixjQUFjO1FBQ2QsT0FBTyxDQUFDLFNBQVM7UUFDakIsT0FBTyxDQUFDLFdBQVc7UUFDbkIsT0FBTyxDQUFDLFVBQVU7UUFDbEIsT0FBTyxDQUFDLFdBQVc7UUFDbkIsT0FBTyxDQUFDLGVBQWU7UUFDdkIsT0FBTyxDQUFDLE9BQU87S0FDaEIsQ0FDRixDQUFDO0lBQ0YsT0FBTyxJQUFJLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDO0FBQzFFLENBQUM7QUFFRCxTQUFTLFdBQVcsQ0FBQyxLQUFhO0lBQ2hDLElBQUksQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxJQUFJLEtBQUssR0FBRyxDQUFDLElBQUksS0FBSyxHQUFHLEdBQUcsRUFBRSxDQUFDO1FBQ3pELE1BQU0sSUFBSSxLQUFLLENBQUMsd0JBQXdCLEtBQUssRUFBRSxDQUFDLENBQUM7SUFDbkQsQ0FBQztBQUNILENBQUMifQ==

package/dist/esm/index.d.ts

@@ -0,0 +1,5 @@
+export * from './binary.js';
+export * from './chain.js';
+export { HANDLE_LENGTH_BYTES, HANDLE_VERSION, HandleTypeName, InputContext, getHandleType, handleTypes, isTeeType, validateHandle, type Handle, type HandleTypes, type TeeType, } from './handle.js';
+export * from './schema.js';
+export * from './viem.js';

package/dist/esm/index.js

@@ -0,0 +1,6 @@
+export * from './binary.js';
+export * from './chain.js';
+export { HANDLE_LENGTH_BYTES, HANDLE_VERSION, HandleTypeName, InputContext, getHandleType, handleTypes, isTeeType, validateHandle, } from './handle.js';
+export * from './schema.js';
+export * from './viem.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxhQUFhLENBQUM7QUFDNUIsY0FBYyxZQUFZLENBQUM7QUFDM0IsT0FBTyxFQUNMLG1CQUFtQixFQUNuQixjQUFjLEVBQ2QsY0FBYyxFQUNkLFlBQVksRUFDWixhQUFhLEVBQ2IsV0FBVyxFQUNYLFNBQVMsRUFDVCxjQUFjLEdBSWYsTUFBTSxhQUFhLENBQUM7QUFDckIsY0FBYyxhQUFhLENBQUM7QUFDNUIsY0FBYyxXQUFXLENBQUMifQ==

package/dist/esm/kms/client.d.ts

@@ -0,0 +1,12 @@
+import { type Client } from '@connectrpc/connect';
+import type { Address } from 'viem';
+import type { SupportedChain } from '../chain.js';
+import { KmsService } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
+export declare const TEST_DEFAULT_COVALIDATOR_SIGNER: Address;
+export type KmsClient = Client<typeof KmsService> & {
+    signerAddress: Address;
+};
+export declare function getKmsClient(kmsConnectRpcEndpointOrClient: string | KmsClient, signerAddress: Address): KmsClient;
+export declare function defaultCovalidatorGrpc(chain: SupportedChain): string;
+export declare function lightningDevnetCovalidatorGrpc(chain: SupportedChain): string;
+export declare function lightningTestnetCovalidatorGrpc(chain: SupportedChain): string;

package/dist/esm/kms/client.js

@@ -0,0 +1,40 @@
+import { createClient } from '@connectrpc/connect';
+import { createConnectTransport } from '@connectrpc/connect-web';
+import { KmsService } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
+// anvil zeroth address, while there is only one signer,
+// this does not matter, as we use these addresses for signer ordering
+// [WARNING] This is the default signer for the Inco Lightning public testnet.
+export const TEST_DEFAULT_COVALIDATOR_SIGNER = '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266';
+// Helper function to get a KMS client from a string or a Client instance.
+export function getKmsClient(kmsConnectRpcEndpointOrClient, signerAddress) {
+    if (typeof kmsConnectRpcEndpointOrClient === 'string') {
+        const transport = createConnectTransport({
+            baseUrl: kmsConnectRpcEndpointOrClient,
+        });
+        const client = createClient(KmsService, transport);
+        return Object.assign(client, { signerAddress });
+    }
+    return Object.assign(kmsConnectRpcEndpointOrClient, { signerAddress });
+}
+// Helper function to return the default gRPC endpoint for the covalidator.
+// Currently, this returns the covalidator for the Inco Lightning public testnet.
+export function defaultCovalidatorGrpc(chain) {
+    return lightningTestnetCovalidatorGrpc(chain);
+}
+// Helper function to get the devnet gRPC endpoint for the Inco Lightning covalidator.
+export function lightningDevnetCovalidatorGrpc(chain) {
+    return getCovalidatorGrpcHelper(chain, 'devnet', 'lightning');
+}
+// Helper function to get the testnet gRPC endpoint for the Inco Lightning covalidator.
+export function lightningTestnetCovalidatorGrpc(chain) {
+    return getCovalidatorGrpcHelper(chain, 'testnet', 'lightning');
+}
+// Convert camelCase to dash-case.
+function camelToDashCase(str) {
+    return str.replace(/([a-z])([A-Z])/g, '$1-$2').toLowerCase();
+}
+// Small helper, as our GCP covalidator URLs are in a specific format.
+function getCovalidatorGrpcHelper(chain, network, cluster) {
+    return `https://grpc.${camelToDashCase(chain.name)}.${cluster}.${network}.inco.org`;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xpZW50LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2ttcy9jbGllbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFlLFlBQVksRUFBRSxNQUFNLHFCQUFxQixDQUFDO0FBQ2hFLE9BQU8sRUFBRSxzQkFBc0IsRUFBRSxNQUFNLHlCQUF5QixDQUFDO0FBR2pFLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxvREFBb0QsQ0FBQztBQUVoRix3REFBd0Q7QUFDeEQsc0VBQXNFO0FBQ3RFLDhFQUE4RTtBQUM5RSxNQUFNLENBQUMsTUFBTSwrQkFBK0IsR0FDMUMsNENBQTRDLENBQUM7QUFJL0MsMEVBQTBFO0FBQzFFLE1BQU0sVUFBVSxZQUFZLENBQzFCLDZCQUFpRCxFQUNqRCxhQUFzQjtJQUV0QixJQUFJLE9BQU8sNkJBQTZCLEtBQUssUUFBUSxFQUFFLENBQUM7UUFDdEQsTUFBTSxTQUFTLEdBQUcsc0JBQXNCLENBQUM7WUFDdkMsT0FBTyxFQUFFLDZCQUE2QjtTQUN2QyxDQUFDLENBQUM7UUFDSCxNQUFNLE1BQU0sR0FBRyxZQUFZLENBQUMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBQ25ELE9BQU8sTUFBTSxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsRUFBRSxhQUFhLEVBQUUsQ0FBQyxDQUFDO0lBQ2xELENBQUM7SUFFRCxPQUFPLE1BQU0sQ0FBQyxNQUFNLENBQUMsNkJBQTZCLEVBQUUsRUFBRSxhQUFhLEVBQUUsQ0FBQyxDQUFDO0FBQ3pFLENBQUM7QUFFRCwyRUFBMkU7QUFDM0UsaUZBQWlGO0FBQ2pGLE1BQU0sVUFBVSxzQkFBc0IsQ0FBQyxLQUFxQjtJQUMxRCxPQUFPLCtCQUErQixDQUFDLEtBQUssQ0FBQyxDQUFDO0FBQ2hELENBQUM7QUFFRCxzRkFBc0Y7QUFDdEYsTUFBTSxVQUFVLDhCQUE4QixDQUFDLEtBQXFCO0lBQ2xFLE9BQU8sd0JBQXdCLENBQUMsS0FBSyxFQUFFLFFBQVEsRUFBRSxXQUFXLENBQUMsQ0FBQztBQUNoRSxDQUFDO0FBRUQsdUZBQXVGO0FBQ3ZGLE1BQU0sVUFBVSwrQkFBK0IsQ0FBQyxLQUFxQjtJQUNuRSxPQUFPLHdCQUF3QixDQUFDLEtBQUssRUFBRSxTQUFTLEVBQUUsV0FBVyxDQUFDLENBQUM7QUFDakUsQ0FBQztBQUVELGtDQUFrQztBQUNsQyxTQUFTLGVBQWUsQ0FBQyxHQUFXO0lBQ2xDLE9BQU8sR0FBRyxDQUFDLE9BQU8sQ0FBQyxpQkFBaUIsRUFBRSxPQUFPLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztBQUMvRCxDQUFDO0FBRUQsc0VBQXNFO0FBQ3RFLFNBQVMsd0JBQXdCLENBQy9CLEtBQXFCLEVBQ3JCLE9BQTZCLEVBQzdCLE9BQW9CO0lBRXBCLE9BQU8sZ0JBQWdCLGVBQWUsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksT0FBTyxJQUFJLE9BQU8sV0FBVyxDQUFDO0FBQ3RGLENBQUMifQ==

package/dist/esm/kms/quorumClient.d.ts

@@ -0,0 +1,65 @@
+import { type Address } from 'viem';
+import type { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/types.js';
+import { type EListDecryptionAttestation, type EncryptedEListDecryptionAttestation } from '../elistattesteddecrypt/types.js';
+import type { EncryptionScheme, SupportedTeeType } from '../encryption/encryption.js';
+import type { AttestedComputeRequest, AttestedDecryptRequest, AttestedRevealRequest, EListAttestedDecryptRequest, EListAttestedRevealRequest } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
+import { type XwingKeypair } from '../lite/xwing.js';
+import type { BackoffConfig } from '../retry.js';
+import { type KmsClient } from './client.js';
+import type { ViemClient } from '../viem.js';
+export declare class KmsQuorumClient {
+    private readonly kmss;
+    private readonly threshold;
+    private constructor();
+    private constructor();
+    /**
+     * Creates a KmsQuorumClient from an array of URLs.
+     * Requires signer addresses and threshold to be explicitly provided.
+     *
+     * @param urls - Array of KMS endpoint URLs
+     * @param signers - Array of signer addresses, must match the length of URLs
+     * @param threshold - Number of successful responses required (must be between 1 and urls.length)
+     * @throws {Error} If URLs array is empty, signers length doesn't match URLs length, or threshold is invalid
+     */
+    static fromUrls(urls: string[], signers: Address[], threshold: number): KmsQuorumClient;
+    /**
+     * Creates a KmsQuorumClient from an array of KmsClient instances.
+     * Each KmsClient must have a signerAddress property.
+     *
+     * @param kmsClients - Array of KMS client instances
+     * @param threshold - Number of successful responses required (must be between 1 and kmsClients.length)
+     * @throws {Error} If KMS clients array is empty or threshold is invalid
+     */
+    static fromKmsClients(kmsClients: KmsClient[], threshold: number): KmsQuorumClient;
+    attestedDecrypt(request: AttestedDecryptRequest, executorAddress: Address, client: ViemClient, backoffConfig?: Partial<BackoffConfig>, reencryptKeypair?: XwingKeypair): Promise<(DecryptionAttestation<EncryptionScheme, SupportedTeeType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedTeeType>)[]>;
+    attestedCompute(request: AttestedComputeRequest, executorAddress: Address, client: ViemClient, backoffConfig?: Partial<BackoffConfig>, reencryptKeypair?: XwingKeypair): Promise<DecryptionAttestation<EncryptionScheme, SupportedTeeType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedTeeType>>;
+    attestedReveal(request: AttestedRevealRequest, executorAddress: Address, client: ViemClient, backoffConfig?: Partial<BackoffConfig>): Promise<(DecryptionAttestation<EncryptionScheme, SupportedTeeType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedTeeType>)[]>;
+    eListAttestedDecrypt(request: EListAttestedDecryptRequest, executorAddress: Address, client: ViemClient, backoffConfig?: Partial<BackoffConfig>, reencryptKeypair?: XwingKeypair): Promise<EListDecryptionAttestation<EncryptionScheme, SupportedTeeType> | EncryptedEListDecryptionAttestation<EncryptionScheme, SupportedTeeType>>;
+    eListAttestedReveal(request: EListAttestedRevealRequest, executorAddress: Address, client: ViemClient, backoffConfig?: Partial<BackoffConfig>): Promise<EListDecryptionAttestation<EncryptionScheme, SupportedTeeType>>;
+    /**
+     * Generic method to execute a KMS operation across all clients with retry and threshold logic.
+     * Returns results with both the response and signer address.
+     */
+    private executeKmsOperationWithThreshold;
+    /**
+     * Collects signatures from responses and sorts them by signer address (ascending).
+     * This is required by SignatureVerifier.
+     */
+    private collectAndSortSignatures;
+    /**
+     * Builds a plaintext attestation from a DecryptionAttestation proto message.
+     */
+    private buildPlaintextAttestation;
+    private buildAggregatedAttestations;
+    private buildAggregatedComputeAttestation;
+    private buildAggregatedEListAttestation;
+    /**
+     * Verifies proof hashes at two levels:
+     * 1. Aggregate: keccak256(concat(proofHashes)) must equal the attested commitmentProof
+     * 2. Per-element:
+     *    - For plaintext (reveal): proofHash[i] = keccak256(value[i])
+     *    - For reencryption (decrypt): proofHash[i] = keccak256(commitment[i] || plaintext[i])
+     *      — requires reencryptKeypair to decrypt the ciphertext first.
+     */
+    private verifyElementProofHashes;
+}