@joclaim/attestor-core 0.2.0 → 0.2.3

package/lib/utils/http-parser.js

@@ -0,0 +1,246 @@
+import { asciiToUint8Array, concatenateUint8Arrays } from '@joclaim/tls';
+import { findIndexInUint8Array, uint8ArrayToStr } from '../utils/generics.js';
+import { REDACTION_CHAR_CODE } from '../utils/redactions.js';
+const HTTP_HEADER_LINE_END = asciiToUint8Array('\r\n');
+/**
+ * parses http/1.1 responses
+ */
+export function makeHttpResponseParser() {
+    /** the HTTP response data */
+    const res = {
+        statusCode: 0,
+        statusMessage: '',
+        headers: {},
+        body: new Uint8Array(),
+        complete: false,
+        headersComplete: false,
+        headerIndices: new Map(),
+        headerEndIdx: 0
+    };
+    let remainingBodyBytes = 0;
+    let isChunked = false;
+    let remaining = new Uint8Array();
+    let currentByteIdx = 0;
+    return {
+        res,
+        /**
+         * Parse the next chunk of data
+         * @param data the data to parse
+         */
+        onChunk(data) {
+            // concatenate the remaining data from the last chunk
+            remaining = concatenateUint8Arrays([remaining, data]);
+            // if we don't have the headers yet, keep reading lines
+            // as each header is in a line
+            if (!res.headersComplete) {
+                for (let line = getLine(); typeof line !== 'undefined'; line = getLine()) {
+                    // first line is the HTTP version, status code & message
+                    if (!res.statusCode) {
+                        const [, statusCode, statusMessage] = line.match(/HTTP\/\d\.\d (\d+) (.*)/) || [];
+                        res.statusCode = Number(statusCode);
+                        res.statusMessage = statusMessage;
+                        res.statusLineEndIndex = currentByteIdx - HTTP_HEADER_LINE_END.length;
+                    }
+                    else if (line === '') { // empty line signifies end of headers
+                        res.headersComplete = true;
+                        res.headerEndIdx = currentByteIdx - 4;
+                        // if the response is chunked, we need to process the body differently
+                        if (res.headers['transfer-encoding']?.includes('chunked')) {
+                            isChunked = true;
+                            res.chunks = [];
+                            break;
+                            // if the response has a content-length, we know how many bytes to read
+                        }
+                        else if (res.headers['content-length']) {
+                            remainingBodyBytes = Number(res.headers['content-length']);
+                            break;
+                        }
+                        else {
+                            remainingBodyBytes = -1;
+                            break;
+                            // otherwise,
+                            // no content-length, no chunked transfer encoding
+                            // means wait till the stream ends
+                            // https://stackoverflow.com/a/11376887
+                        }
+                    }
+                    else if (!res.complete) { // parse the header
+                        const [key, value] = line.split(': ');
+                        res.headers[key.toLowerCase()] = value;
+                        res.headerIndices[key.toLowerCase()] = {
+                            fromIndex: currentByteIdx - line.length - HTTP_HEADER_LINE_END.length,
+                            toIndex: currentByteIdx - HTTP_HEADER_LINE_END.length
+                        };
+                    }
+                    else {
+                        throw new Error('got more data after response was complete');
+                    }
+                }
+            }
+            if (res.headersComplete) {
+                if (remainingBodyBytes) {
+                    readBody();
+                    // if no more body bytes to read,
+                    // and the response was not chunked we're done
+                    if (!remainingBodyBytes && !isChunked) {
+                        res.complete = true;
+                    }
+                }
+                if (res.headers['content-length'] === '0') {
+                    res.complete = true;
+                }
+                if (isChunked) {
+                    for (let line = getLine(); typeof line !== 'undefined'; line = getLine()) {
+                        if (line === '') {
+                            continue;
+                        }
+                        const chunkSize = Number.parseInt(line, 16);
+                        // if chunk size is 0, we're done
+                        if (!chunkSize) {
+                            res.complete = true;
+                            continue;
+                        }
+                        res.chunks?.push({
+                            fromIndex: currentByteIdx,
+                            toIndex: currentByteIdx + chunkSize,
+                        });
+                        // otherwise read the chunk
+                        remainingBodyBytes = chunkSize;
+                        readBody();
+                        // if we read all the data we had,
+                        // but there's still data left,
+                        // break the loop and wait for the next chunk
+                        if (remainingBodyBytes) {
+                            break;
+                        }
+                    }
+                }
+            }
+        },
+        /**
+         * Call to prevent further parsing; indicating the end of the request
+         * Checks that the response is valid & complete, otherwise throws an error
+         */
+        streamEnded() {
+            if (!res.headersComplete) {
+                throw new Error('stream ended before headers were complete');
+            }
+            if (remaining.length) {
+                throw new Error('stream ended before remaining data arrived');
+            }
+            if (remainingBodyBytes > 0) {
+                throw new Error('stream ended before all body bytes were received');
+            }
+            res.complete = true;
+        }
+    };
+    function readBody() {
+        if (res.complete) {
+            throw new Error('got more data after response was complete');
+        }
+        if (!res.bodyStartIndex) {
+            res.bodyStartIndex = currentByteIdx;
+        }
+        let bytesToCopy;
+        if (remainingBodyBytes === -1) {
+            // all bytes are body bytes
+            bytesToCopy = remaining.length;
+        }
+        else {
+            // take the number of bytes we need to read, or the number of bytes remaining
+            // and append to the bytes of the body
+            bytesToCopy = Math.min(remainingBodyBytes, remaining.length);
+            remainingBodyBytes -= bytesToCopy;
+        }
+        res.body = concatenateUint8Arrays([
+            res.body,
+            remaining.slice(0, bytesToCopy)
+        ]);
+        remaining = remaining.slice(bytesToCopy);
+        currentByteIdx += bytesToCopy;
+    }
+    function getLine() {
+        // find end of line, if it exists
+        // otherwise return undefined
+        const idx = findIndexInUint8Array(remaining, HTTP_HEADER_LINE_END);
+        if (idx === -1) {
+            return undefined;
+        }
+        const line = uint8ArrayToStr(remaining.slice(0, idx));
+        remaining = remaining.slice(idx + HTTP_HEADER_LINE_END.length);
+        currentByteIdx += idx + HTTP_HEADER_LINE_END.length;
+        return line;
+    }
+}
+/**
+ * Read the HTTP request from a TLS receipt transcript.
+ * @param receipt the transcript to read from or application messages if they were extracted beforehand
+ * @returns the parsed HTTP request
+ */
+export function getHttpRequestDataFromTranscript(receipt) {
+    const clientMsgs = receipt
+        .filter(s => s.sender === 'client');
+    // if the first message is redacted, we can't parse it
+    // as we don't know what the request was
+    if (clientMsgs[0].message[0] === REDACTION_CHAR_CODE) {
+        throw new Error('First client message request is redacted. Cannot parse');
+    }
+    const request = {
+        method: '',
+        url: '',
+        protocol: '',
+        headers: {}
+    };
+    let requestBuffer = concatenateUint8Arrays(clientMsgs.map(m => m.message));
+    // keep reading lines until we get to the end of the headers
+    for (let line = getLine(); typeof line !== 'undefined'; line = getLine()) {
+        if (line === '') {
+            break;
+        }
+        if (!request.method) {
+            const [, method, url, protocol] = line.match(/(\w+) (.*) (.*)/) || [];
+            request.method = method.toLowerCase();
+            request.url = url;
+            request.protocol = protocol;
+        }
+        else {
+            let keyIdx = line.indexOf(':');
+            if (keyIdx === -1) {
+                keyIdx = line.length - 1;
+            }
+            const key = line.slice(0, keyIdx)
+                .toLowerCase()
+                .trim();
+            const value = line.slice(keyIdx + 1)
+                .trim();
+            const oldValue = request.headers[key];
+            if (typeof oldValue === 'string') {
+                request.headers[key] = [oldValue, value];
+            }
+            else if (Array.isArray(oldValue)) {
+                oldValue.push(value);
+            }
+            else {
+                request.headers[key] = value;
+            }
+        }
+    }
+    //the rest is request body
+    if (requestBuffer.length) {
+        request.body = requestBuffer;
+    }
+    if (!request.method) {
+        throw new Error('Client request is incomplete');
+    }
+    return request;
+    function getLine() {
+        const idx = findIndexInUint8Array(requestBuffer, HTTP_HEADER_LINE_END);
+        if (idx === -1) {
+            return undefined;
+        }
+        const line = uint8ArrayToStr(requestBuffer.slice(0, idx));
+        requestBuffer = requestBuffer
+            .slice(idx + HTTP_HEADER_LINE_END.length);
+        return line;
+    }
+}

package/lib/utils/index.d.ts

@@ -0,0 +1,13 @@
+export * from './generics.ts';
+export * from './logger.ts';
+export * from './redactions.ts';
+export * from './http-parser.ts';
+export * from './zk.ts';
+export * from './claims.ts';
+export * from './error.ts';
+export * from './prepare-packets.ts';
+export * from './signatures/index.ts';
+export * from './auth.ts';
+export * from './b64-json.ts';
+export * from './bgp-listener.ts';
+export * from './tls.ts';

package/lib/utils/index.js

@@ -0,0 +1,13 @@
+export * from "./generics.js";
+export * from "./logger.js";
+export * from "./redactions.js";
+export * from "./http-parser.js";
+export * from "./zk.js";
+export * from "./claims.js";
+export * from "./error.js";
+export * from "./prepare-packets.js";
+export * from "./signatures/index.js";
+export * from "./auth.js";
+export * from "./b64-json.js";
+export * from "./bgp-listener.js";
+export * from "./tls.js";

package/lib/utils/logger.d.ts

@@ -0,0 +1,13 @@
+import type { LogLevel } from '../types/index.js';
+export declare let logger: import("pino").Logger<never, boolean>;
+/**
+ * Creates a logger instance with optional redaction of PII.
+ * Replaces default logger
+ * See PII_PROPERTIES for the list of properties that will be redacted.
+ *
+ * @param redactPii - whether to redact PII from logs
+ * @param level - the log level to use
+ * @param onLog - a callback to call when a log is written
+ */
+export declare function makeLogger(redactPii: boolean, level?: LogLevel, onLog?: (level: LogLevel, log: any) => void): import("pino").Logger<never, boolean>;
+export declare function redact(json: any): any;

package/lib/utils/logger.js

@@ -0,0 +1,91 @@
+import { pino, stdTimeFunctions } from 'pino';
+import { getEnvVariable } from '../utils/env.js';
+const PII_PROPERTIES = ['ownerPrivateKey', 'secretParams'];
+const redactedText = '[REDACTED]';
+const envLevel = getEnvVariable('LOG_LEVEL');
+export let logger = pino();
+makeLogger(false, envLevel);
+/**
+ * Creates a logger instance with optional redaction of PII.
+ * Replaces default logger
+ * See PII_PROPERTIES for the list of properties that will be redacted.
+ *
+ * @param redactPii - whether to redact PII from logs
+ * @param level - the log level to use
+ * @param onLog - a callback to call when a log is written
+ */
+export function makeLogger(redactPii, level, onLog) {
+    const opts = {
+        // Log human readable time stamps instead of epoch time
+        timestamp: stdTimeFunctions.isoTime,
+    };
+    if (redactPii) {
+        opts.formatters = { log: redact };
+        opts.serializers = { redact };
+        opts.browser = {
+            write: {
+                fatal: log => writeLog('fatal', log),
+                error: log => writeLog('error', log),
+                warn: log => writeLog('warn', log),
+                info: log => writeLog('info', log),
+                debug: log => writeLog('debug', log),
+                trace: log => writeLog('trace', log),
+            }
+        };
+    }
+    const pLogger = pino(opts);
+    pLogger.level = level || 'info';
+    logger = pLogger;
+    return pLogger;
+    function writeLog(level, log) {
+        log = redact(log);
+        const { msg, ...obj } = log;
+        if (console[level]) {
+            console[level](obj, msg);
+        }
+        else {
+            console.log(obj, msg);
+        }
+        onLog?.(level, log);
+    }
+}
+function isObjectProperty(property) {
+    return (typeof property) === 'object'
+        && !Array.isArray(property)
+        && property !== null;
+}
+function getReplacer() {
+    // Store references to previously visited objects
+    const references = new WeakSet();
+    return function (key, value) {
+        const isObject = (typeof value) === 'object' && value !== null;
+        if (isObject) {
+            if (references.has(value)) {
+                return '[CIRCULAR]';
+            }
+            references.add(value);
+        }
+        return value;
+    };
+}
+export function redact(json) {
+    const isObject = isObjectProperty(json);
+    if (!isObject && !Array.isArray(json)) {
+        return json;
+    }
+    const redacted = JSON.parse(JSON.stringify(json, getReplacer()));
+    for (const prop in redacted) {
+        if (PII_PROPERTIES.includes(prop)) {
+            redacted[prop] = redactedText;
+        }
+        if (Array.isArray(redacted[prop])) {
+            for (const [index, value] of redacted[prop].entries()) {
+                redacted[prop][index] = redact(value);
+            }
+        }
+        else if (isObjectProperty(redacted[prop])) {
+            redacted[prop] = redact(redacted[prop]);
+        }
+    }
+    return redacted;
+}

package/lib/utils/prepare-packets.d.ts

@@ -0,0 +1,16 @@
+import type { CipherSuite, TLSPacketContext } from '@joclaim/tls';
+import type { ClaimTunnelRequest_TranscriptMessage as TranscriptMessage } from '../proto/api.js';
+import type { CompleteTLSPacket, Logger, MessageRevealInfo, PrepareZKProofsBaseOpts, Transcript } from '../types/index.js';
+export type PreparePacketsForRevealOpts = {
+    cipherSuite: CipherSuite;
+    logger: Logger;
+    /**
+     * Progress of Zk proof generation
+     */
+    onZkProgress?(blocksDone: number, totalBlocks: number): void;
+} & PrepareZKProofsBaseOpts;
+/**
+ * Prepares the packets for reveal to the server
+ * according to the specified reveal type
+ */
+export declare function preparePacketsForReveal(tlsTranscript: Transcript<CompleteTLSPacket>, reveals: Map<TLSPacketContext, MessageRevealInfo>, { onZkProgress, ...opts }: PreparePacketsForRevealOpts): Promise<TranscriptMessage[]>;

package/lib/utils/prepare-packets.js

@@ -0,0 +1,62 @@
+import { concatenateUint8Arrays, crypto } from '@joclaim/tls';
+import { TranscriptMessageSenderType } from '../proto/api.js';
+import { makeZkProofGenerator } from '../utils/zk.js';
+/**
+ * Prepares the packets for reveal to the server
+ * according to the specified reveal type
+ */
+export async function preparePacketsForReveal(tlsTranscript, reveals, { onZkProgress, ...opts }) {
+    const transcript = [];
+    const proofGenerator = await makeZkProofGenerator(opts);
+    let zkPacketsDone = 0;
+    await Promise.all(tlsTranscript.map(async ({ message, sender }, i) => {
+        const msg = {
+            sender: sender === 'client'
+                ? TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_CLIENT
+                : TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_SERVER,
+            message: message.data,
+            reveal: undefined
+        };
+        transcript.push(msg);
+        const reveal = reveals.get(message);
+        if (!reveal || message.type === 'plaintext') {
+            return;
+        }
+        switch (reveal?.type) {
+            case 'complete':
+                msg.reveal = {
+                    directReveal: {
+                        key: await crypto.exportKey(message.encKey),
+                        iv: message.fixedIv,
+                        recordNumber: message.recordNumber,
+                    },
+                };
+                break;
+            case 'zk':
+                // the redacted section can be smaller than the actual
+                // plaintext encrypted, in case of TLS1.3 as it has a
+                // content type suffix
+                reveal.redactedPlaintext = concatenateUint8Arrays([
+                    reveal.redactedPlaintext,
+                    message.plaintext.slice(reveal.redactedPlaintext.length)
+                ]);
+                await proofGenerator.addPacketToProve(message, reveal, (proofs, toprfs) => (msg.reveal = { zkReveal: { proofs, toprfs } }), () => {
+                    const next = tlsTranscript
+                        .slice(i + 1)
+                        .find(t => t.sender === sender);
+                    return next?.message;
+                });
+                break;
+            default:
+                // no reveal
+                break;
+        }
+    }));
+    const zkPacketsTotal = proofGenerator.getTotalChunksToProve();
+    onZkProgress?.(zkPacketsDone, zkPacketsTotal);
+    await proofGenerator.generateProofs(() => {
+        zkPacketsDone += 1;
+        onZkProgress?.(zkPacketsDone, zkPacketsTotal);
+    });
+    return transcript;
+}

package/lib/utils/redactions.d.ts

@@ -0,0 +1,62 @@
+import type { ArraySlice, RedactedOrHashedArraySlice, TOPRFProofParams } from '../types/index.js';
+export declare const REDACTION_CHAR = "*";
+export declare const REDACTION_CHAR_CODE: number;
+type SliceWithReveal<T> = {
+    block: T;
+    redactedPlaintext: Uint8Array;
+    /**
+     * If the block has some TOPRF claims -- they'll be set here
+     */
+    toprfs?: TOPRFProofParams[];
+    /**
+     * If text was replaced in the previous block w TOPRF but
+     * it overshot into this block. The "length" specifies how much
+     * of it got overshot into this block
+     */
+    overshotToprfFromPrevBlock?: {
+        length: number;
+    };
+};
+export type RevealedSlices<T> = 'all' | SliceWithReveal<T>[];
+/**
+ * Check if a redacted string is congruent with the original string.
+ * @param redacted the redacted content, redacted content is replaced by '*'
+ * @param original the original content
+ */
+export declare function isRedactionCongruent<T extends string | Uint8Array>(redacted: T, original: T): boolean;
+/**
+ * Is the string fully redacted?
+ */
+export declare function isFullyRedacted<T extends string | Uint8Array>(redacted: T): boolean;
+/**
+ * Given some plaintext blocks and a redaction function, return the blocks that
+ * need to be revealed to the other party
+ *
+ * Use case: we get the response for a request in several blocks, and want to redact
+ * pieces that go through multiple blocks. We can use this function to get the
+ * blocks that need to be revealed to the other party
+ *
+ * @example if we received ["secret is 12","345","678. Thanks"]. We'd want
+ * to redact the "12345678" and reveal the rest. We'd pass in the blocks and
+ * the redact function will return the redactions, namely [10,19].
+ * The function will return the blocks ["secret is **","***. Thanks"].
+ * The middle block is fully redacted, so it's not returned
+ *
+ * @param blocks blocks to reveal
+ * @param redact function that returns the redactions
+ * @returns blocks to reveal
+ */
+export declare function getBlocksToReveal<T extends {
+    plaintext: Uint8Array;
+}>(blocks: T[], redact: (total: Uint8Array) => RedactedOrHashedArraySlice[], performOprf: (plaintext: Uint8Array) => Promise<TOPRFProofParams>): Promise<"all" | SliceWithReveal<T>[]>;
+/**
+ * Redact the following slices from the total
+ */
+export declare function redactSlices(total: Uint8Array, slices: ArraySlice[]): Uint8Array<ArrayBuffer>;
+/**
+ * Converts the binary hash to an ASCII string of the expected length.
+ * If the hash is shorter than the expected length, it will be padded with
+ * '0' characters. If it's longer, it will be truncated.
+ */
+export declare function binaryHashToStr(hash: Uint8Array, expLength: number): string;
+export {};

package/lib/utils/redactions.js

@@ -0,0 +1,148 @@
+import { base64Encode } from '@bufbuild/protobuf/wire';
+import { concatenateUint8Arrays } from '@joclaim/tls';
+export const REDACTION_CHAR = '*';
+export const REDACTION_CHAR_CODE = REDACTION_CHAR.charCodeAt(0);
+/**
+ * Check if a redacted string is congruent with the original string.
+ * @param redacted the redacted content, redacted content is replaced by '*'
+ * @param original the original content
+ */
+export function isRedactionCongruent(redacted, original) {
+    // eslint-disable-next-line unicorn/no-for-loop
+    for (let i = 0; i < redacted.length; i++) {
+        const element = redacted[i];
+        const areSame = element === original[i]
+            || (typeof element === 'string' && element === REDACTION_CHAR)
+            || (typeof element === 'number' && element === REDACTION_CHAR_CODE);
+        if (!areSame) {
+            return false;
+        }
+    }
+    return true;
+}
+/**
+ * Is the string fully redacted?
+ */
+export function isFullyRedacted(redacted) {
+    for (const element of redacted) {
+        if (element !== REDACTION_CHAR
+            && element !== REDACTION_CHAR_CODE) {
+            return false;
+        }
+    }
+    return true;
+}
+/**
+ * Given some plaintext blocks and a redaction function, return the blocks that
+ * need to be revealed to the other party
+ *
+ * Use case: we get the response for a request in several blocks, and want to redact
+ * pieces that go through multiple blocks. We can use this function to get the
+ * blocks that need to be revealed to the other party
+ *
+ * @example if we received ["secret is 12","345","678. Thanks"]. We'd want
+ * to redact the "12345678" and reveal the rest. We'd pass in the blocks and
+ * the redact function will return the redactions, namely [10,19].
+ * The function will return the blocks ["secret is **","***. Thanks"].
+ * The middle block is fully redacted, so it's not returned
+ *
+ * @param blocks blocks to reveal
+ * @param redact function that returns the redactions
+ * @returns blocks to reveal
+ */
+export async function getBlocksToReveal(blocks, redact, performOprf) {
+    const slicesWithReveal = blocks.map(block => ({
+        block,
+        // copy the plaintext to avoid mutating the original
+        redactedPlaintext: new Uint8Array(block.plaintext)
+    }));
+    const total = concatenateUint8Arrays(blocks.map(b => b.plaintext));
+    const redactions = redact(total);
+    if (!redactions.length) {
+        return 'all';
+    }
+    let blockIdx = 0;
+    let cursorInBlock = 0;
+    let cursor = 0;
+    for (const redaction of redactions) {
+        await redactBlocks(redaction);
+    }
+    // only reveal blocks that have some data to reveal,
+    // or are completely plaintext
+    return slicesWithReveal
+        .filter(s => !isFullyRedacted(s.redactedPlaintext));
+    async function redactBlocks(slice) {
+        while (cursor < slice.fromIndex) {
+            advance();
+        }
+        if (slice.hash) {
+            const plaintext = total.slice(slice.fromIndex, slice.toIndex);
+            const { nullifier, responses, mask } = await performOprf(plaintext);
+            // set the TOPRF claim on the first blocks this
+            // redaction covers
+            const toprf = {
+                nullifier,
+                responses,
+                dataLocation: {
+                    fromIndex: cursorInBlock,
+                    length: slice.toIndex - slice.fromIndex
+                },
+                mask,
+                plaintext
+            };
+            const startBlockIdx = blockIdx;
+            const block = slicesWithReveal[blockIdx];
+            block.toprfs ||= [];
+            block.toprfs.push(toprf);
+            const nullifierStr = binaryHashToStr(nullifier, toprf.dataLocation.length);
+            let i = 0;
+            let overshootLen = 0;
+            while (cursor < slice.toIndex) {
+                if (blockIdx !== startBlockIdx) {
+                    overshootLen += 1;
+                }
+                slicesWithReveal[blockIdx].redactedPlaintext[cursorInBlock]
+                    = nullifierStr.charCodeAt(i);
+                advance();
+                i += 1;
+            }
+            if (overshootLen) {
+                slicesWithReveal[blockIdx]
+                    .overshotToprfFromPrevBlock = { length: overshootLen };
+            }
+        }
+        while (cursor < slice.toIndex) {
+            slicesWithReveal[blockIdx]
+                .redactedPlaintext[cursorInBlock] = REDACTION_CHAR_CODE;
+            advance();
+        }
+    }
+    function advance() {
+        cursor += 1;
+        cursorInBlock += 1;
+        if (cursorInBlock >= blocks[blockIdx].plaintext.length) {
+            blockIdx += 1;
+            cursorInBlock = 0;
+        }
+    }
+}
+/**
+ * Redact the following slices from the total
+ */
+export function redactSlices(total, slices) {
+    const redacted = new Uint8Array(total);
+    for (const slice of slices) {
+        for (let i = slice.fromIndex; i < slice.toIndex; i++) {
+            redacted[i] = REDACTION_CHAR_CODE;
+        }
+    }
+    return redacted;
+}
+/**
+ * Converts the binary hash to an ASCII string of the expected length.
+ * If the hash is shorter than the expected length, it will be padded with
+ * '0' characters. If it's longer, it will be truncated.
+ */
+export function binaryHashToStr(hash, expLength) {
+    return base64Encode(hash).padEnd(expLength, '0').slice(0, expLength);
+}

package/lib/utils/retries.d.ts

@@ -0,0 +1,12 @@
+import type { Logger } from '../types/index.js';
+type RetryLoopOptions = {
+    maxRetries?: number;
+    logger: Logger;
+    shouldRetry: (error: Error) => boolean;
+};
+/**
+ * Execute a function, and upon failure -- retry
+ * based on specified options.
+ */
+export declare function executeWithRetries<T>(code: (attempt: number) => Promise<T>, { maxRetries, shouldRetry, logger, }: RetryLoopOptions): Promise<T>;
+export {};