@inco/lightning-js 0.0.0-bootstrap.0

package/dist/esm/viem.js

@@ -0,0 +1,32 @@
+import { anvil, base, baseSepolia, mainnet, monadTestnet, plasmaTestnet, sepolia, worldchainSepolia, } from 'viem/chains';
+import { getSupportedChain } from './chain.js';
+/** Map of supported chain short names to their viem chain objects. */
+export const chains = {
+    mainnet,
+    base,
+    sepolia,
+    baseSepolia,
+    monadTestnet,
+    plasmaTestnet,
+    anvil,
+    worldchainSepolia,
+};
+/**
+ * Resolves a {@link Chainish} value to a viem {@link Chain} object.
+ *
+ * Accepts a chain ID (`number` or `bigint`), an object with an `id` field,
+ * or a chain short name (e.g. `"baseSepolia"`).
+ *
+ * @param chainish - The chain identifier to resolve.
+ * @returns The matching `viem` chain object.
+ * @throws If no supported chain matches the given identifier.
+ */
+export function getViemChain(chainish) {
+    const { name } = getSupportedChain(chainish);
+    const chain = chains[name];
+    if (!chain) {
+        throw new Error(`Unable to get viem chain: ${name}`);
+    }
+    return chain;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmllbS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy92aWVtLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sRUFDTCxLQUFLLEVBQ0wsSUFBSSxFQUNKLFdBQVcsRUFDWCxPQUFPLEVBQ1AsWUFBWSxFQUNaLGFBQWEsRUFDYixPQUFPLEVBQ1AsaUJBQWlCLEdBQ2xCLE1BQU0sYUFBYSxDQUFDO0FBQ3JCLE9BQU8sRUFBWSxpQkFBaUIsRUFBRSxNQUFNLFlBQVksQ0FBQztBQU16RCxzRUFBc0U7QUFDdEUsTUFBTSxDQUFDLE1BQU0sTUFBTSxHQUFHO0lBQ3BCLE9BQU87SUFDUCxJQUFJO0lBQ0osT0FBTztJQUNQLFdBQVc7SUFDWCxZQUFZO0lBQ1osYUFBYTtJQUNiLEtBQUs7SUFDTCxpQkFBaUI7Q0FDbEIsQ0FBQztBQUVGOzs7Ozs7Ozs7R0FTRztBQUNILE1BQU0sVUFBVSxZQUFZLENBQUMsUUFBa0I7SUFDN0MsTUFBTSxFQUFFLElBQUksRUFBRSxHQUFHLGlCQUFpQixDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQzdDLE1BQU0sS0FBSyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUMzQixJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksS0FBSyxDQUFDLDZCQUE2QixJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFDRCxPQUFPLEtBQUssQ0FBQztBQUNmLENBQUMifQ==

package/dist/types/advancedacl/index.d.ts

@@ -0,0 +1,2 @@
+export * from './session-key.js';
+export * from './types.js';

package/dist/types/advancedacl/session-key.d.ts

@@ -0,0 +1,95 @@
+import { type Account, type Address, type Chain, type Hex, PublicClient, type Transport, type WalletClient } from 'viem';
+import type { PrivateKeyAccount } from 'viem/accounts';
+import { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/index.js';
+import { SupportedChainId } from '../chain.js';
+import { EncryptionScheme, SupportedTeeType } from '../encryption/encryption.js';
+import { HexString } from '../index.js';
+import { type XwingKeypair } from '../lite/xwing.js';
+import { BackoffConfig } from '../retry.js';
+import type { AllowanceVoucher, AllowanceVoucherWithSig } from './types.js';
+import { AttestedComputeOP } from '../attestedcompute/types.js';
+import { KmsQuorumClient } from '../kms/quorumClient.js';
+export declare const SESSION_KEY_WARNING = "Inco Warning: signing this message may leak your private data, including from unrelated apps. Sign only if you fully trust this app.";
+export interface Session {
+    decrypter: Address;
+    expiresAt: bigint;
+}
+export declare function createAllowanceVoucher(incoLiteAddress: Address, sharerWalletClient: WalletClient<Transport, Chain, Account>, verifyingContract: Address, callFunction: Hex, sharerArgData: Hex): Promise<AllowanceVoucher>;
+export interface GrantSessionKeyArgs {
+    chainId: bigint;
+    incoLiteAddress: Address;
+    sessionVerifierContractAddress: Address;
+    granteeAddress: Address;
+    sharerWalletClient: WalletClient<Transport, Chain, Account>;
+    expiresAt: Date;
+}
+export interface GrantSessionKeyCustomVerifierArgs {
+    chainId: bigint;
+    incoLiteAddress: Address;
+    sessionVerifierContractAddress: Address;
+    sharerWalletClient: WalletClient<Transport, Chain, Account>;
+    sharerArgData: Hex;
+}
+export declare function grantSessionKey({ chainId, incoLiteAddress, sessionVerifierContractAddress, granteeAddress, sharerWalletClient, expiresAt, }: GrantSessionKeyArgs): Promise<AllowanceVoucherWithSig>;
+export declare function grantSessionKeyCustomVerifier({ chainId, incoLiteAddress, sessionVerifierContractAddress, sharerWalletClient, sharerArgData, }: GrantSessionKeyCustomVerifierArgs): Promise<AllowanceVoucherWithSig>;
+export declare function updateActiveVouchersSessionNonce(incoLiteAddress: Address, sharerWalletClient: WalletClient<Transport, Chain, Account>): Promise<`0x${string}`>;
+export interface SessionKeyAttestedComputeArgs {
+    chainId: SupportedChainId;
+    ephemeralAccount: PrivateKeyAccount;
+    kmsQuorumClient: KmsQuorumClient;
+    allowanceVoucherWithSig: AllowanceVoucherWithSig;
+    lhsHandle: HexString;
+    op: AttestedComputeOP;
+    rhsPlaintext: bigint | boolean;
+    requesterArgData?: Hex | undefined;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    ethClient: PublicClient<Transport, Chain>;
+    executorAddress: HexString;
+    reencryptPubKey?: Uint8Array | undefined;
+    reencryptKeypair?: XwingKeypair | undefined;
+}
+export declare function sessionKeyAttestedCompute<T extends SupportedTeeType>({ lhsHandle, op, rhsPlaintext, backoffConfig, chainId, kmsQuorumClient, ephemeralAccount, allowanceVoucherWithSig, requesterArgData, ethClient, executorAddress, reencryptPubKey, reencryptKeypair, }: SessionKeyAttestedComputeArgs): Promise<DecryptionAttestation<EncryptionScheme, SupportedTeeType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedTeeType>>;
+export interface SessionKeyAttestedDecryptArgs {
+    chainId: SupportedChainId;
+    ephemeralAccount: PrivateKeyAccount;
+    kmsQuorumClient: KmsQuorumClient;
+    allowanceVoucherWithSig: AllowanceVoucherWithSig;
+    handles: HexString[];
+    requesterArgData?: Hex | undefined;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    reencryptPubKey?: Uint8Array | undefined;
+    reencryptKeypair?: XwingKeypair | undefined;
+    ethClient: PublicClient<Transport, Chain>;
+    executorAddress: HexString;
+}
+/**
+ * Performs attested decrypts using a voucher-backed session key.
+ *
+ * @example Plaintext results
+ * ```ts
+ * const attestations = await sessionKeyAttestedDecrypt({
+ *   chainId,
+ *   kmsConnectRpcEndpointOrClient: covalidatorUrl,
+ *   allowanceVoucherWithSig: voucher,
+ *   ephemeralAccount,
+ *   handles,
+ * });
+ * console.log(attestations[0].plaintext.value);
+ * ```
+ *
+ * @example Encrypted results
+ * ```ts
+ * const encryptedResults = await sessionKeyAttestedDecrypt({
+ *   chainId,
+ *   kmsConnectRpcEndpointOrClient: covalidatorUrl,
+ *   allowanceVoucherWithSig: voucher,
+ *   ephemeralAccount,
+ *   handles,
+ *   reencryptPubKey: recipientPubKey,
+ * });
+ * console.log(
+ *   encryptedResults[0].encryptedPlaintext.ciphertext.value,
+ * );
+ * ```
+ */
+export declare function sessionKeyAttestedDecrypt({ chainId, kmsQuorumClient, handles, ephemeralAccount, allowanceVoucherWithSig, requesterArgData, backoffConfig, reencryptPubKey, reencryptKeypair, ethClient, executorAddress, }: SessionKeyAttestedDecryptArgs): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedTeeType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedTeeType>>>;

package/dist/types/advancedacl/types.d.ts

@@ -0,0 +1,16 @@
+import { Address, Hex } from 'viem';
+export type AllowanceVoucher = {
+    sessionNonce: Hex;
+    verifyingContract: Address;
+    callFunction: Hex;
+    sharerArgData: Hex;
+    warning: string;
+};
+export interface AllowanceVoucherWithSig {
+    sharer: Address;
+    voucher: AllowanceVoucher;
+    voucherSignature: Hex;
+}
+export interface AllowanceProof extends AllowanceVoucherWithSig {
+    requesterArgData: Uint8Array;
+}

package/dist/types/attestedcompute/attested-compute.d.ts

@@ -0,0 +1,65 @@
+import type { Account, Chain, Transport, WalletClient } from 'viem';
+import { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/types.js';
+import { HexString } from '../binary.js';
+import { SupportedChainId } from '../chain.js';
+import type { EncryptionScheme, SupportedTeeType } from '../encryption/encryption.js';
+import { KmsQuorumClient } from '../kms/quorumClient.js';
+import { type XwingKeypair } from '../lite/xwing.js';
+import type { BackoffConfig } from '../retry.js';
+import { AttestedComputeOP } from './types.js';
+export declare const ATTESTED_COMPUTE_DOMAIN_NAME = "IncoAttestedCompute";
+/**
+ * Arguments for creating an attested compute.
+ */
+export interface IncoLiteAttestedComputeArgs {
+    /** The wallet used to interact with the blockchain and sign the compute request */
+    walletClient: WalletClient<Transport, Chain, Account>;
+    /** The KMS quorum client instance */
+    kmsQuorumClient: KmsQuorumClient;
+    /** The chain ID to use */
+    chainId: SupportedChainId;
+}
+/**
+ * Creates an attested compute function that can decrypt handles with an attached attestation from the covalidator.
+ * @param args - The arguments for creating the attested compute function
+ * @returns A function that can perform binary operation on a handle and return an attestation
+ * @throws {AttestedComputeError} If the creation fails
+ *
+ * @todo Support multiple operations in a single request.
+ */
+export declare function attestedCompute<T extends SupportedTeeType>({ executorAddress, lhsHandle, op, rhsPlaintext, backoffConfig, walletClient, kmsQuorumClient, chainId, reencryptPubKey, reencryptKeypair, }: {
+    executorAddress: HexString;
+    lhsHandle: HexString;
+    op: AttestedComputeOP;
+    rhsPlaintext: bigint | boolean;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    kmsQuorumClient: KmsQuorumClient;
+    chainId: SupportedChainId;
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair: XwingKeypair;
+}): Promise<DecryptionAttestation<EncryptionScheme, T>>;
+export declare function attestedCompute<T extends SupportedTeeType>({ executorAddress, lhsHandle, op, rhsPlaintext, backoffConfig, walletClient, kmsQuorumClient, chainId, reencryptPubKey, }: {
+    executorAddress: HexString;
+    lhsHandle: HexString;
+    op: AttestedComputeOP;
+    rhsPlaintext: bigint | boolean;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    kmsQuorumClient: KmsQuorumClient;
+    chainId: SupportedChainId;
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair?: never;
+}): Promise<EncryptedDecryptionAttestation<EncryptionScheme, T>>;
+export declare function attestedCompute<T extends SupportedTeeType>({ executorAddress, lhsHandle, op, rhsPlaintext, backoffConfig, walletClient, kmsQuorumClient, chainId, }: {
+    executorAddress: HexString;
+    lhsHandle: HexString;
+    op: AttestedComputeOP;
+    rhsPlaintext: bigint | boolean;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    kmsQuorumClient: KmsQuorumClient;
+    chainId: SupportedChainId;
+    reencryptPubKey?: never;
+    reencryptKeypair?: never;
+}): Promise<DecryptionAttestation<EncryptionScheme, T>>;

package/dist/types/attestedcompute/types.d.ts

@@ -0,0 +1,35 @@
+import type { DecryptionAttestation } from '../attesteddecrypt/types.js';
+import { HexString } from '../binary.js';
+import { EncryptionScheme, SupportedTeeType } from '../encryption/encryption.js';
+import { SupportedScalarBinaryOp } from '../generated/es/inco/kms/lite/v1/types_pb.js';
+import type { BackoffConfig } from '../retry.js';
+/**
+ * Supported attested compute operations.
+ */
+export declare const AttestedComputeSupportedOps: {
+    readonly Eq: SupportedScalarBinaryOp.TEE_EQ;
+    readonly Ne: SupportedScalarBinaryOp.TEE_NE;
+    readonly Ge: SupportedScalarBinaryOp.TEE_GE;
+    readonly Gt: SupportedScalarBinaryOp.TEE_GT;
+    readonly Le: SupportedScalarBinaryOp.TEE_LE;
+    readonly Lt: SupportedScalarBinaryOp.TEE_LT;
+};
+/**
+ * This type represents all the supported operations for attested compute.
+ */
+export type AttestedComputeOP = (typeof AttestedComputeSupportedOps)[keyof typeof AttestedComputeSupportedOps];
+/**
+ * Custom error class for attested compute operations.
+ */
+export declare class AttestedComputeError extends Error {
+    readonly cause?: unknown | undefined;
+    constructor(message: string, cause?: unknown | undefined);
+}
+export type AttestedCompute<S extends EncryptionScheme> = <T extends SupportedTeeType>(args: AttestedComputeFnArgs<S, T>) => Promise<DecryptionAttestation<S, T>>;
+export type AttestedComputeFnArgs<S extends EncryptionScheme, T extends SupportedTeeType> = {
+    /** The handle to compute on */
+    lhsHandle: HexString;
+    op: AttestedComputeOP;
+    rhsPlaintext: bigint | boolean;
+    backoffConfig?: Partial<BackoffConfig>;
+};

package/dist/types/attesteddecrypt/attested-decrypt.d.ts

@@ -0,0 +1,61 @@
+import type { Account, Chain, Transport, WalletClient } from 'viem';
+import { type HexString } from '../binary.js';
+import { type SupportedChainId } from '../chain.js';
+import { EncryptionScheme, type SupportedTeeType } from '../encryption/encryption.js';
+import { type HandleWithProof } from '../generated/es/inco/kms/lite/v1/types_pb.js';
+import { validateHandle } from '../handle.js';
+import { KmsQuorumClient } from '../kms/quorumClient.js';
+import type { XwingKeypair } from '../lite/xwing.js';
+import type { BackoffConfig } from '../retry.js';
+import { type DecryptionAttestation, type EncryptedDecryptionAttestation } from './types.js';
+export { validateHandle };
+export declare const ATTESTED_DECRYPT_DOMAIN_NAME = "IncoAttestedDecrypt";
+/**
+ * Arguments for creating an attested decrypt request.
+ */
+export interface IncoLiteAttestedDecryptorArgs {
+    /** The wallet used to interact with the blockchain and sign the decrypt request */
+    walletClient: WalletClient<Transport, Chain, Account>;
+    /** The KMS quorum client instance */
+    kmsQuorumClient: KmsQuorumClient;
+    /** The chain ID to use */
+    chainId: SupportedChainId;
+}
+/**
+ * Decrypt multiple handles in a single attested request.
+ * Returns an array of attestations aligned with the response ordering.
+ *
+ * @param args - The arguments for creating the attested decrypt function
+ * @returns A function that can decrypt handles and return an attestation
+ * @throws {AttestedDecryptError} If the creation fails
+ */
+export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, reencryptPubKey, reencryptKeypair, kmsQuorumClient, executorAddress, }: {
+    handles: HexString[];
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    chainId: SupportedChainId;
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair: XwingKeypair;
+    kmsQuorumClient: KmsQuorumClient;
+    executorAddress: HexString;
+}): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedTeeType>>>;
+/**
+ * Decrypt multiple handles in a single attested request.
+ * Returns an array of attestations aligned with the response ordering.
+ *
+ * @param args - The arguments for creating the attested decrypt function
+ * @returns A function that can decrypt handles and return an attestation
+ * @throws {AttestedDecryptError} If the creation fails
+ */
+export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, reencryptPubKey, kmsQuorumClient, executorAddress, }: {
+    handles: HexString[];
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    chainId: SupportedChainId;
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair?: never;
+    kmsQuorumClient: KmsQuorumClient;
+    executorAddress: HexString;
+}): Promise<Array<EncryptedDecryptionAttestation<EncryptionScheme, SupportedTeeType>>>;
+export declare function buildHandlesWithProofs(handles: HexString[]): Array<HandleWithProof>;
+export declare function decryptEncryptedAttestations(attestations: Array<DecryptionAttestation<EncryptionScheme, SupportedTeeType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedTeeType>>, reencryptKeypair: XwingKeypair): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedTeeType>>>;

package/dist/types/attesteddecrypt/index.d.ts

@@ -0,0 +1 @@
+export * from './types.js';

package/dist/types/attesteddecrypt/types.d.ts

@@ -0,0 +1,27 @@
+import type { HexString } from '../binary.js';
+import type { EncryptionScheme, EncryptResultOf, PlaintextOf, SupportedTeeType } from '../encryption/encryption.js';
+import type { BackoffConfig } from '../retry.js';
+/**
+ * Custom error class for attested decrypt operations.
+ */
+export declare class AttestedDecryptError extends Error {
+    readonly cause?: unknown | undefined;
+    constructor(message: string, cause?: unknown | undefined);
+}
+export type DecryptionAttestation<S extends EncryptionScheme, T extends SupportedTeeType> = {
+    handle: HexString;
+    plaintext: PlaintextOf<S, T>;
+    covalidatorSignatures: Uint8Array[];
+};
+export type EncryptedDecryptionAttestation<S extends EncryptionScheme, T extends SupportedTeeType> = {
+    handle: HexString;
+    encryptedPlaintext: EncryptResultOf<S, T>;
+    encryptedSignatures: Uint8Array[];
+    covalidatorSignatures: Uint8Array[];
+};
+export type AttestedDecryptor<S extends EncryptionScheme> = <T extends SupportedTeeType>(args: AttestedDecryptFnArgs<S, T>) => Promise<DecryptionAttestation<S, T>>;
+export type AttestedDecryptFnArgs<S extends EncryptionScheme, T extends SupportedTeeType> = {
+    /** The handle to decrypt */
+    handle: HexString;
+    backoffConfig?: Partial<BackoffConfig>;
+};

package/dist/types/attestedreveal/attested-reveal.d.ts

@@ -0,0 +1,21 @@
+import type { Chain, PublicClient, Transport } from 'viem';
+import type { DecryptionAttestation } from '../attesteddecrypt/types.js';
+import type { HexString } from '../binary.js';
+import type { EncryptionScheme, SupportedTeeType } from '../encryption/encryption.js';
+import type { KmsQuorumClient } from '../kms/quorumClient.js';
+import type { BackoffConfig } from '../retry.js';
+/**
+ * Reveal multiple handles in a single attested request without wallet authentication.
+ * Returns an array of plaintext attestations aligned with the response ordering.
+ *
+ * @param args - The arguments for the attested reveal request
+ * @returns An array of decryption attestations
+ * @throws {AttestedRevealError} If the reveal fails
+ */
+export declare function attestedReveal({ handles, kmsQuorumClient, executorAddress, publicClient, backoffConfig, }: {
+    handles: HexString[];
+    kmsQuorumClient: KmsQuorumClient;
+    executorAddress: HexString;
+    publicClient: PublicClient<Transport, Chain>;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+}): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedTeeType>>>;

package/dist/types/attestedreveal/index.d.ts

@@ -0,0 +1,2 @@
+export { attestedReveal } from './attested-reveal.js';
+export * from './types.js';

package/dist/types/attestedreveal/types.d.ts

@@ -0,0 +1,4 @@
+export declare class AttestedRevealError extends Error {
+    readonly cause?: unknown | undefined;
+    constructor(message: string, cause?: unknown | undefined);
+}

package/dist/types/binary.d.ts

@@ -0,0 +1,104 @@
+import { Schema } from 'effect';
+import { Hex } from 'viem';
+/** Schema for a `0x`-prefixed hex string. */
+export declare const HexString: Schema.TemplateLiteral<`0x${string}`>;
+/** A `0x`-prefixed hex-encoded string (e.g. `"0xdeadbeef"`). */
+export type HexString = typeof HexString.Type;
+/** A value that can represent raw bytes — either a hex string or a `Uint8Array`. */
+export type BytesIsh = string | Uint8Array;
+/**
+ * Converts a `Uint8Array` to a `bigint`. Returns `0n` for empty arrays.
+ * @param byteArray - The byte array to convert.
+ * @returns The unsigned big-endian integer representation of the bytes.
+ */
+export declare function bytesToBigInt(byteArray: Uint8Array): bigint;
+/**
+ * Converts a `Buffer` to a `bigint`.
+ * @param buffer - The buffer to convert.
+ * @returns The unsigned big-endian integer representation of the buffer.
+ */
+export declare function bufferToBigInt(buffer: Buffer): bigint;
+/**
+ * Converts a `bigint` to a 32-byte `Buffer`, zero-padded on the left.
+ * @param value - The bigint to convert.
+ * @returns A 32-byte big-endian buffer.
+ * @throws If the bigint is negative or too large to fit in 32 bytes.
+ */
+export declare function bigintToBytes(value: bigint): Buffer;
+/**
+ * Converts a `bigint` to a {@link Bytes32} hex string, left-padded to 32 bytes.
+ * @param value - The bigint to convert.
+ * @returns A `Bytes32` hex string.
+ * @throws If the bigint is negative or too large to fit in 32 bytes.
+ */
+export declare function bigintToBytes32(value: bigint): Bytes32;
+/**
+ * Left-pads a byte array with zeros to the specified length.
+ * @param bs - The byte array to pad.
+ * @param n - The desired total length in bytes.
+ * @returns A new `Buffer` of length `n` with `bs` right-aligned.
+ * @throws If `bs` is longer than `n` (would require truncation).
+ */
+export declare function padLeft(bs: Uint8Array, n: number): Buffer;
+/**
+ * Parses a {@link BytesIsh} value as a 32-byte value and converts it to a `bigint`.
+ * @param bs - A hex string or `Uint8Array` representing exactly 32 bytes.
+ * @returns The `bigint` representation of the 32-byte value.
+ * @throws If the input is not exactly 32 bytes.
+ */
+export declare function bytes32ToBigint(bs: BytesIsh): bigint;
+/**
+ * Decodes a hex string into a `Buffer`. Handles both `0x`-prefixed and bare hex strings.
+ * @param hexString - The hex string to decode.
+ * @returns A `Buffer` containing the decoded bytes.
+ */
+export declare function bytesFromHexString(hexString: string): Buffer;
+/**
+ * Asserts that a string is a valid `0x`-prefixed hex string and narrows its type to `Hex`.
+ * @param value - The string to validate.
+ * @returns The input typed as `Hex`.
+ * @throws If `value` is not a valid hex string.
+ */
+export declare function mustBeHex(value: string): Hex;
+/**
+ * Normalises a string to a `0x`-prefixed `Hex` value, adding the prefix if missing.
+ * @param value - A hex string, with or without a `0x` prefix.
+ * @returns The `0x`-prefixed `Hex` string.
+ * @throws If the resulting string is not valid hex.
+ */
+export declare function normaliseToHex(value: string): Hex;
+/**
+ * Encodes a `Uint8Array` as a `0x`-prefixed hex string.
+ * @param bs - The byte array to encode.
+ * @returns A `Hex` string representation of the bytes.
+ */
+export declare function bytesToHex(bs: Uint8Array): Hex;
+/** Schema for a 32-byte (66-character with `0x` prefix) hex string, branded as `Bytes32`. Accepts both hex strings and `Uint8Array` inputs. */
+export declare const Bytes32: Schema.brand<Schema.filter<Schema.transformOrFail<Schema.Union<[typeof Schema.String, Schema.refine<object & Uint8Array<ArrayBufferLike>, Schema.Schema<object, object, never>>]>, Schema.TemplateLiteral<`0x${string}`>, never>>, "Bytes32">;
+/**
+ * Parses and validates a {@link BytesIsh} value as a {@link Bytes32}.
+ * @param x - A hex string or `Uint8Array` to parse.
+ * @returns A validated `Bytes32` value.
+ * @throws If the input is not exactly 32 bytes.
+ */
+export declare function asBytes32(x: BytesIsh): Bytes32;
+/** A branded 32-byte hex string type (`0x` + 64 hex characters). */
+export type Bytes32 = typeof Bytes32.Type;
+/** A branded 20-byte Ethereum address type (`0x` + 40 hex characters). */
+export type Address = typeof Address.Type;
+/** Schema for a 20-byte `0x`-prefixed Ethereum address, branded as `Address`. */
+export declare const Address: Schema.brand<Schema.filter<Schema.TemplateLiteral<`0x${string}`>>, "Address">;
+/**
+ * Parses and validates a string as an Ethereum {@link Address} (20-byte, `0x`-prefixed).
+ * @param address - The string to parse.
+ * @returns A validated `Address` value.
+ * @throws If the input is not a valid 20-byte hex address.
+ */
+export declare function parseAddress(address: string): Address;
+/**
+ * Parses and validates a string as a {@link HexString} (`0x`-prefixed).
+ * @param hex - The string to parse.
+ * @returns A validated `HexString` value.
+ * @throws If the input is not a valid `0x`-prefixed hex string.
+ */
+export declare function parseHex(hex: string): HexString;

package/dist/types/chain.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Map of supported chain short names to their chain IDs.
+ *
+ * @remarks This mirrors viem chain definitions without depending on viem directly,
+ * to work around Pulumi closure serialisation issues.
+ */
+export declare const supportedChains: {
+    readonly mainnet: 1;
+    readonly base: 8453;
+    readonly baseSepolia: 84532;
+    readonly sepolia: 11155111;
+    readonly monadTestnet: 10143;
+    readonly plasmaTestnet: 9746;
+    readonly worldchainSepolia: 4801;
+    readonly anvil: 31337;
+};
+type SupportedChains = typeof supportedChains;
+/** Numeric chain ID of a supported chain (e.g. `84532`, `11155111`). */
+export type SupportedChainId = SupportedChains[keyof SupportedChains];
+/** Short name of a supported chain (e.g. `"baseSepolia"`, `"sepolia"`). */
+export type SupportedChainName = keyof SupportedChains;
+/** A supported chain identified by both its short name and numeric ID. */
+export type SupportedChain = {
+    name: SupportedChainName;
+    id: SupportedChainId;
+};
+/** A value that can represent a number — either a `number` or a `bigint`. */
+export type Numberish = number | bigint;
+/** A flexible chain identifier: a chain ID (`number` | `bigint`), an object with an `id` field, or a chain short name. */
+export type Chainish = {
+    id: Numberish;
+} | Numberish | string;
+/**
+ * Map of supported chain IDs to their short names.
+ * Public networks use the `shortName` from https://github.com/ethereum-lists/chains.
+ * Local Anvil uses `31337` (same ID as GoChain Testnet in the registry) but the SDK labels it `anvil`.
+ */
+export declare const chainShortNames: Record<SupportedChainId, string>;
+/**
+ * Resolves a {@link Chainish} value to a {@link SupportedChain}.
+ *
+ * Accepts a chain ID (`number` or `bigint`), an object with an `id` field,
+ * or a chain short name (e.g. `"baseSepolia"`).
+ *
+ * @param chainish - The chain identifier to resolve.
+ * @returns The matching `SupportedChain` with both `name` and `id`.
+ * @throws If no supported chain matches the given identifier.
+ */
+export declare function getSupportedChain(chainish: Chainish): SupportedChain;
+export {};

package/dist/types/eip712/eip712.d.ts

@@ -0,0 +1,18 @@
+import type { Account, Chain, Transport, WalletClient } from 'viem';
+import type { HexString } from '../binary.js';
+import type { SupportedChainId } from '../chain.js';
+import { ViemClient } from '../viem.js';
+export declare function fetchEip712DomainVersion(executorAddress: HexString, ethClient: ViemClient): Promise<string>;
+export declare function buildEip712Payload(params: {
+    executorAddress: HexString;
+    ethClient: ViemClient;
+    chainId: SupportedChainId;
+    handles: HexString[];
+    reencryptPubKey: Uint8Array;
+}): Promise<import("../reencryption/eip712.js").EIP712<{
+    handles: `0x${string}`[];
+    publicKey: `0x${string}`;
+}>>;
+type WalletSignTypedDataParams = Parameters<WalletClient<Transport, Chain, Account>['signTypedData']>[0];
+export declare function signEip712(walletClient: WalletClient<Transport, Chain, Account>, eip712Payload: WalletSignTypedDataParams): Promise<`0x${string}`>;
+export {};

package/dist/types/eip712/index.d.ts

@@ -0,0 +1 @@
+export { buildEip712Payload, fetchEip712DomainVersion, signEip712, } from './eip712.js';

package/dist/types/elistattesteddecrypt/elist-attested-decrypt.d.ts

@@ -0,0 +1,51 @@
+import type { Account, Chain, PublicClient, Transport, WalletClient } from 'viem';
+import { validateHandle } from '../attesteddecrypt/attested-decrypt.js';
+import { type HexString } from '../binary.js';
+import { type SupportedChainId } from '../chain.js';
+import { type EncryptionScheme, type SupportedTeeType } from '../encryption/encryption.js';
+import { KmsQuorumClient } from '../kms/quorumClient.js';
+import type { XwingKeypair } from '../lite/xwing.js';
+import type { BackoffConfig } from '../retry.js';
+import { type EListDecryptionAttestation, type EncryptedEListDecryptionAttestation } from './types.js';
+export { validateHandle };
+export declare function eListAttestedDecrypt({ handle, backoffConfig, walletClient, chainId, reencryptPubKey, reencryptKeypair, kmsQuorumClient, executorAddress, }: {
+    handle: HexString;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    chainId: SupportedChainId;
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair: XwingKeypair;
+    kmsQuorumClient: KmsQuorumClient;
+    executorAddress: HexString;
+}): Promise<EListDecryptionAttestation<EncryptionScheme, SupportedTeeType>>;
+export declare function eListAttestedDecrypt({ handle, backoffConfig, walletClient, chainId, reencryptPubKey, kmsQuorumClient, executorAddress, }: {
+    handle: HexString;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    chainId: SupportedChainId;
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair?: never;
+    kmsQuorumClient: KmsQuorumClient;
+    executorAddress: HexString;
+}): Promise<EncryptedEListDecryptionAttestation<EncryptionScheme, SupportedTeeType>>;
+export declare function eListAttestedDecrypt({ handle, backoffConfig, walletClient, chainId, kmsQuorumClient, executorAddress, }: {
+    handle: HexString;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    chainId: SupportedChainId;
+    reencryptPubKey?: never;
+    reencryptKeypair?: never;
+    kmsQuorumClient: KmsQuorumClient;
+    executorAddress: HexString;
+}): Promise<EListDecryptionAttestation<EncryptionScheme, SupportedTeeType>>;
+/**
+ * Reveal a single elist handle without wallet authentication.
+ * Returns plaintext values along with an attestation of the checksum.
+ */
+export declare function eListAttestedReveal({ handle, backoffConfig, kmsQuorumClient, executorAddress, publicClient, }: {
+    handle: HexString;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    kmsQuorumClient: KmsQuorumClient;
+    executorAddress: HexString;
+    publicClient: PublicClient<Transport, Chain>;
+}): Promise<EListDecryptionAttestation<EncryptionScheme, SupportedTeeType>>;

package/dist/types/elistattesteddecrypt/index.d.ts

@@ -0,0 +1,2 @@
+export { eListAttestedDecrypt, eListAttestedReveal, } from './elist-attested-decrypt.js';
+export * from './types.js';

package/dist/types/elistattesteddecrypt/types.d.ts

@@ -0,0 +1,31 @@
+import type { HexString } from '../binary.js';
+import type { EncryptionScheme, EncryptResultOf, PlaintextOf, SupportedTeeType } from '../encryption/encryption.js';
+import { handleTypes } from '../index.js';
+import type { BackoffConfig } from '../retry.js';
+/**
+ * Custom error class for elist attested decrypt operations.
+ */
+export declare class EListAttestedDecryptError extends Error {
+    readonly cause?: unknown | undefined;
+    constructor(message: string, cause?: unknown | undefined);
+}
+export type EListDecryptionAttestation<S extends EncryptionScheme, T extends SupportedTeeType> = {
+    handle: HexString;
+    commitmentProof: PlaintextOf<S, typeof handleTypes.euint256>;
+    values: PlaintextOf<S, T>[];
+    covalidatorSignatures: Uint8Array[];
+    commitments: Uint8Array[];
+};
+export type EncryptedEListDecryptionAttestation<S extends EncryptionScheme, T extends SupportedTeeType> = {
+    handle: HexString;
+    commitmentProof: PlaintextOf<S, typeof handleTypes.euint256>;
+    values: EncryptResultOf<S, T>[];
+    covalidatorSignatures: Uint8Array[];
+    commitments: Uint8Array[];
+};
+export type EListAttestedDecryptor<S extends EncryptionScheme> = <T extends SupportedTeeType>(args: EListAttestedDecryptFnArgs<S, T>) => Promise<EListDecryptionAttestation<S, T>>;
+export type EListAttestedDecryptFnArgs<S extends EncryptionScheme, T extends SupportedTeeType> = {
+    /** The handle to decrypt */
+    handle: HexString;
+    backoffConfig?: Partial<BackoffConfig>;
+};