@keyhive/keyhive 0.1.0-alpha.3 → 0.1.0-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,59 +1,25 @@
1
1
  /* tslint:disable */
2
2
  /* eslint-disable */
3
3
  export const memory: WebAssembly.Memory;
4
- export const __wbg_allagentevents_free: (a: number, b: number) => void;
5
- export const __wbg_ciphertextstore_free: (a: number, b: number) => void;
4
+ export const __wbg_signedcgkaoperation_free: (a: number, b: number) => void;
5
+ export const signedcgkaoperation_delegation: (a: number) => number;
6
+ export const signedcgkaoperation_signature: (a: number) => [number, number];
7
+ export const signedcgkaoperation_verify: (a: number) => number;
8
+ export const signedcgkaoperation_verifyingKey: (a: number) => [number, number];
6
9
  export const __wbg_invocation_free: (a: number, b: number) => void;
7
10
  export const __wbg_signedinvocation_free: (a: number, b: number) => void;
8
- export const allagentevents_agentCgkaSources: (a: number) => any;
9
- export const allagentevents_agentMembershipSources: (a: number) => any;
10
- export const allagentevents_agentPrekeySources: (a: number) => any;
11
- export const allagentevents_cgkaSources: (a: number) => any;
12
- export const allagentevents_events: (a: number) => any;
13
- export const allagentevents_membershipSources: (a: number) => any;
14
- export const allagentevents_prekeySources: (a: number) => any;
15
- export const ciphertextstore_newFromWebStorage: (a: any) => number;
16
- export const ciphertextstore_newInMemory: () => number;
17
- export const __wbg_archive_free: (a: number, b: number) => void;
18
- export const __wbg_signed_free: (a: number, b: number) => void;
19
- export const __wbg_stats_free: (a: number, b: number) => void;
20
- export const archive_toBytes: (a: number) => [number, number, number, number];
21
- export const archive_tryToKeyhive: (a: number, b: number, c: number, d: any) => any;
22
- export const archive_try_from_bytes: (a: number, b: number) => [number, number, number];
23
- export const signed_fromBytes: (a: number, b: number) => [number, number, number];
24
- export const signed_payload: (a: number) => [number, number];
25
- export const signed_signature: (a: number) => [number, number];
26
- export const signed_toBytes: (a: number) => [number, number, number, number];
27
- export const signed_verify: (a: number) => number;
28
- export const signed_verifyingKey: (a: number) => [number, number];
29
- export const stats_activePrekeyCount: (a: number) => bigint;
30
- export const stats_cgkaOperations: (a: number) => bigint;
31
- export const stats_delegations: (a: number) => bigint;
32
- export const stats_docs: (a: number) => bigint;
33
- export const stats_groups: (a: number) => bigint;
34
- export const stats_individuals: (a: number) => bigint;
35
- export const stats_pendingCgkaOperation: (a: number) => bigint;
36
- export const stats_pendingCgkaOperationByActive: (a: number) => bigint;
37
- export const stats_pendingDelegated: (a: number) => bigint;
38
- export const stats_pendingDelegatedByActive: (a: number) => bigint;
39
- export const stats_pendingPrekeyRotated: (a: number) => bigint;
40
- export const stats_pendingPrekeyRotatedByActive: (a: number) => bigint;
41
- export const stats_pendingPrekeysExpanded: (a: number) => bigint;
42
- export const stats_pendingPrekeysExpandedByActive: (a: number) => bigint;
43
- export const stats_pendingRevoked: (a: number) => bigint;
44
- export const stats_pendingRevokedByActive: (a: number) => bigint;
45
- export const stats_prekeyRotations: (a: number) => bigint;
46
- export const stats_prekeysExpanded: (a: number) => bigint;
47
- export const stats_revocations: (a: number) => bigint;
48
- export const stats_totalOps: (a: number) => bigint;
49
- export const stats_totalPendingOps: (a: number) => bigint;
11
+ export const symmetricDecrypt: (a: number, b: number, c: number, d: number) => [number, number, number, number];
12
+ export const symmetricEncrypt: (a: number, b: number, c: number, d: number, e: number, f: number) => [number, number, number, number];
50
13
  export const __wbg_agent_free: (a: number, b: number) => void;
51
- export const __wbg_document_free: (a: number, b: number) => void;
14
+ export const __wbg_allagentevents_free: (a: number, b: number) => void;
15
+ export const __wbg_ciphertextstore_free: (a: number, b: number) => void;
16
+ export const __wbg_doccontentrefs_free: (a: number, b: number) => void;
52
17
  export const __wbg_encryptedcontentwithupdate_free: (a: number, b: number) => void;
53
- export const __wbg_group_free: (a: number, b: number) => void;
54
18
  export const __wbg_individual_free: (a: number, b: number) => void;
55
19
  export const __wbg_keyhive_free: (a: number, b: number) => void;
56
20
  export const __wbg_peer_free: (a: number, b: number) => void;
21
+ export const __wbg_revocation_free: (a: number, b: number) => void;
22
+ export const __wbg_stats_free: (a: number, b: number) => void;
57
23
  export const agent_id: (a: number) => number;
58
24
  export const agent_isDocument: (a: number) => number;
59
25
  export const agent_isGroup: (a: number) => number;
@@ -61,21 +27,23 @@ export const agent_isIndividual: (a: number) => number;
61
27
  export const agent_keyOpHashes: (a: number) => any;
62
28
  export const agent_keyOps: (a: number) => any;
63
29
  export const agent_toString: (a: number) => [number, number];
64
- export const document___wasm_refgen_toJsDocument: (a: number) => number;
65
- export const document_doc_id: (a: number) => number;
66
- export const document_id: (a: number) => number;
67
- export const document_members: (a: number) => any;
68
- export const document_toAgent: (a: number) => number;
69
- export const document_toMembered: (a: number) => number;
70
- export const document_toPeer: (a: number) => number;
30
+ export const allagentevents_agentCgkaSources: (a: number) => any;
31
+ export const allagentevents_agentMembershipSources: (a: number) => any;
32
+ export const allagentevents_agentPrekeySources: (a: number) => any;
33
+ export const allagentevents_cgkaSources: (a: number) => any;
34
+ export const allagentevents_events: (a: number) => any;
35
+ export const allagentevents_membershipSources: (a: number) => any;
36
+ export const allagentevents_prekeySources: (a: number) => any;
37
+ export const ciphertextstore_newFromWebStorage: (a: any) => number;
38
+ export const ciphertextstore_newInMemory: () => number;
39
+ export const doccontentrefs_addChangeId: (a: number, b: number) => any;
40
+ export const doccontentrefs_change_hashes: (a: number) => any;
41
+ export const doccontentrefs_docId: (a: number) => number;
42
+ export const doccontentrefs_new: (a: number, b: number, c: number) => [number, number, number];
43
+ export const encryptedcontentwithupdate_applicationSecret: (a: number) => [number, number];
71
44
  export const encryptedcontentwithupdate_encrypted_content: (a: number) => number;
72
45
  export const encryptedcontentwithupdate_update_op: (a: number) => number;
73
- export const group___wasm_refgen_toJsGroup: (a: number) => number;
74
- export const group_members: (a: number) => any;
75
- export const group_toAgent: (a: number) => number;
76
- export const group_toMembered: (a: number) => number;
77
- export const group_toPeer: (a: number) => number;
78
- export const individual_individualId: (a: number) => number;
46
+ export const individual_id: (a: number) => number;
79
47
  export const individual_pickPrekey: (a: number, b: number) => any;
80
48
  export const individual_toAgent: (a: number) => number;
81
49
  export const individual_toPeer: (a: number) => number;
@@ -102,7 +70,7 @@ export const keyhive_importPrekeySecrets: (a: number, b: number, c: number) => a
102
70
  export const keyhive_individual: (a: number) => any;
103
71
  export const keyhive_ingestArchive: (a: number, b: number) => any;
104
72
  export const keyhive_ingestEventsBytes: (a: number, b: any) => any;
105
- export const keyhive_init: (a: number, b: number, c: any, d: number) => any;
73
+ export const keyhive_init: (a: number, b: number, c: any) => any;
106
74
  export const keyhive_intoArchive: (a: number) => any;
107
75
  export const keyhive_membershipOpsForAgent: (a: number, b: number) => any;
108
76
  export const keyhive_pendingEventHashes: (a: number) => any;
@@ -114,6 +82,7 @@ export const keyhive_rotatePrekey: (a: number, b: number) => any;
114
82
  export const keyhive_stats: (a: number) => any;
115
83
  export const keyhive_toArchive: (a: number) => any;
116
84
  export const keyhive_tryDecrypt: (a: number, b: number, c: number) => any;
85
+ export const keyhive_tryDecryptWithKey: (a: number, b: number, c: number) => any;
117
86
  export const keyhive_tryEncrypt: (a: number, b: number, c: number, d: number, e: number, f: number, g: number) => any;
118
87
  export const keyhive_tryEncryptArchive: (a: number, b: number, c: number, d: number, e: number, f: number, g: number) => any;
119
88
  export const keyhive_tryPcsKeyHash: (a: number, b: number) => any;
@@ -124,41 +93,34 @@ export const peer_isDocument: (a: number) => number;
124
93
  export const peer_isGroup: (a: number) => number;
125
94
  export const peer_isIndividual: (a: number) => number;
126
95
  export const peer_toString: (a: number) => [number, number];
127
- export const setPanicHook: () => void;
128
- export const group_groupId: (a: number) => number;
129
- export const group_id: (a: number) => number;
130
- export const individual_id: (a: number) => number;
131
- export const peer_id: (a: number) => number;
132
- export const __wbg_signedcgkaoperation_free: (a: number, b: number) => void;
133
- export const signedcgkaoperation_delegation: (a: number) => number;
134
- export const signedcgkaoperation_signature: (a: number) => [number, number];
135
- export const signedcgkaoperation_verify: (a: number) => number;
136
- export const signedcgkaoperation_verifyingKey: (a: number) => [number, number];
137
- export const __wbg_cannotparseidentifier_free: (a: number, b: number) => void;
138
- export const __wbg_changeid_free: (a: number, b: number) => void;
139
- export const __wbg_doccontentrefs_free: (a: number, b: number) => void;
140
- export const __wbg_identifier_free: (a: number, b: number) => void;
141
- export const __wbg_revocation_free: (a: number, b: number) => void;
142
- export const __wbg_sharekey_free: (a: number, b: number) => void;
143
- export const __wbg_signedrevocation_free: (a: number, b: number) => void;
144
- export const changeid___wasm_refgen_toJsChangeId: (a: number) => number;
145
- export const changeid_bytes: (a: number) => [number, number];
146
- export const changeid_new: (a: number, b: number) => number;
147
- export const doccontentrefs_addChangeId: (a: number, b: number) => any;
148
- export const doccontentrefs_change_hashes: (a: number) => any;
149
- export const doccontentrefs_docId: (a: number) => number;
150
- export const doccontentrefs_new: (a: number, b: number, c: number) => [number, number, number];
151
- export const identifier_new: (a: number, b: number) => [number, number, number];
152
- export const identifier_publicId: () => number;
153
- export const identifier_toBytes: (a: number) => [number, number];
154
96
  export const revocation_after: (a: number) => number;
155
97
  export const revocation_proof: (a: number) => number;
156
98
  export const revocation_revoked: (a: number) => number;
157
99
  export const revocation_subject_id: (a: number) => number;
158
- export const signedrevocation_delegation: (a: number) => number;
159
- export const signedrevocation_signature: (a: number) => [number, number];
160
- export const signedrevocation_verify: (a: number) => number;
161
- export const signedrevocation_verifyingKey: (a: number) => [number, number];
100
+ export const setPanicHook: () => void;
101
+ export const stats_activePrekeyCount: (a: number) => bigint;
102
+ export const stats_cgkaOperations: (a: number) => bigint;
103
+ export const stats_delegations: (a: number) => bigint;
104
+ export const stats_docs: (a: number) => bigint;
105
+ export const stats_groups: (a: number) => bigint;
106
+ export const stats_individuals: (a: number) => bigint;
107
+ export const stats_pendingCgkaOperation: (a: number) => bigint;
108
+ export const stats_pendingCgkaOperationByActive: (a: number) => bigint;
109
+ export const stats_pendingDelegated: (a: number) => bigint;
110
+ export const stats_pendingDelegatedByActive: (a: number) => bigint;
111
+ export const stats_pendingPrekeyRotated: (a: number) => bigint;
112
+ export const stats_pendingPrekeyRotatedByActive: (a: number) => bigint;
113
+ export const stats_pendingPrekeysExpanded: (a: number) => bigint;
114
+ export const stats_pendingPrekeysExpandedByActive: (a: number) => bigint;
115
+ export const stats_pendingRevoked: (a: number) => bigint;
116
+ export const stats_pendingRevokedByActive: (a: number) => bigint;
117
+ export const stats_prekeyRotations: (a: number) => bigint;
118
+ export const stats_prekeysExpanded: (a: number) => bigint;
119
+ export const stats_revocations: (a: number) => bigint;
120
+ export const stats_totalOps: (a: number) => bigint;
121
+ export const stats_totalPendingOps: (a: number) => bigint;
122
+ export const individual_individualId: (a: number) => number;
123
+ export const peer_id: (a: number) => number;
162
124
  export const __wbg_access_free: (a: number, b: number) => void;
163
125
  export const __wbg_cannotparseed25519signingkey_free: (a: number, b: number) => void;
164
126
  export const __wbg_cgkaoperation_free: (a: number, b: number) => void;
@@ -168,6 +130,7 @@ export const __wbg_encrypted_free: (a: number, b: number) => void;
168
130
  export const __wbg_event_free: (a: number, b: number) => void;
169
131
  export const __wbg_generatewebcryptoerror_free: (a: number, b: number) => void;
170
132
  export const __wbg_groupid_free: (a: number, b: number) => void;
133
+ export const __wbg_individualid_free: (a: number, b: number) => void;
171
134
  export const __wbg_signer_free: (a: number, b: number) => void;
172
135
  export const access_toString: (a: number) => [number, number];
173
136
  export const access_tryFromString: (a: number, b: number) => number;
@@ -185,6 +148,7 @@ export const documentid_toJsValue: (a: number) => any;
185
148
  export const documentid_toString: (a: number) => [number, number];
186
149
  export const encrypted_ciphertext: (a: number) => [number, number];
187
150
  export const encrypted_content_ref: (a: number) => [number, number];
151
+ export const encrypted_decryptWithKey: (a: number, b: number, c: number) => [number, number, number, number];
188
152
  export const encrypted_fromBytes: (a: number, b: number) => [number, number, number];
189
153
  export const encrypted_nonce: (a: number) => [number, number];
190
154
  export const encrypted_pcs_key_hash: (a: number) => [number, number];
@@ -198,6 +162,7 @@ export const event_tryIntoSignedRevocation: (a: number) => number;
198
162
  export const event_variant: (a: number) => [number, number];
199
163
  export const generatewebcryptoerror_message: (a: number) => [number, number];
200
164
  export const groupid_toString: (a: number) => [number, number];
165
+ export const individualid_bytes: (a: number) => [number, number];
201
166
  export const signer_clone: (a: number) => number;
202
167
  export const signer_generate: () => any;
203
168
  export const signer_generateMemory: () => number;
@@ -208,39 +173,81 @@ export const signer_variant: (a: number) => [number, number];
208
173
  export const signer_verifyingKey: (a: number) => [number, number];
209
174
  export const signer_webCryptoSigner: (a: any) => any;
210
175
  export const encrypted_toBytes: (a: number) => [number, number];
211
- export const __wbg_addmemberupdate_free: (a: number, b: number) => void;
176
+ export const __wbg_archive_free: (a: number, b: number) => void;
177
+ export const __wbg_cannotparseidentifier_free: (a: number, b: number) => void;
212
178
  export const __wbg_capability_free: (a: number, b: number) => void;
213
- export const __wbg_delegation_free: (a: number, b: number) => void;
214
- export const __wbg_history_free: (a: number, b: number) => void;
215
- export const __wbg_individualid_free: (a: number, b: number) => void;
179
+ export const __wbg_changeid_free: (a: number, b: number) => void;
180
+ export const __wbg_identifier_free: (a: number, b: number) => void;
216
181
  export const __wbg_membered_free: (a: number, b: number) => void;
217
182
  export const __wbg_membership_free: (a: number, b: number) => void;
183
+ export const __wbg_sharekey_free: (a: number, b: number) => void;
184
+ export const __wbg_signed_free: (a: number, b: number) => void;
218
185
  export const __wbg_signeddelegation_free: (a: number, b: number) => void;
219
- export const __wbg_summary_free: (a: number, b: number) => void;
220
- export const addmemberupdate_delegation: (a: number) => number;
221
- export const addmemberupdate_leafSecrets: (a: number) => [number, number];
186
+ export const __wbg_signedrevocation_free: (a: number, b: number) => void;
187
+ export const archive_toBytes: (a: number) => [number, number, number, number];
188
+ export const archive_tryToKeyhive: (a: number, b: number, c: number, d: any) => any;
189
+ export const archive_try_from_bytes: (a: number, b: number) => [number, number, number];
222
190
  export const capability_can: (a: number) => number;
223
191
  export const capability_proof: (a: number) => number;
224
192
  export const capability_who: (a: number) => number;
225
- export const delegation_after: (a: number) => number;
226
- export const delegation_can: (a: number) => number;
227
- export const delegation_delegate: (a: number) => number;
228
- export const delegation_proof: (a: number) => number;
229
- export const history_contentRefs: (a: number) => [number, number];
230
- export const history_delegations: (a: number) => [number, number];
231
- export const history_revocations: (a: number) => [number, number];
232
- export const individualid_bytes: (a: number) => [number, number];
193
+ export const changeid___wasm_refgen_toJsChangeId: (a: number) => number;
194
+ export const changeid_bytes: (a: number) => [number, number];
195
+ export const changeid_new: (a: number, b: number) => number;
196
+ export const identifier_new: (a: number, b: number) => [number, number, number];
197
+ export const identifier_publicId: () => number;
198
+ export const identifier_toBytes: (a: number) => [number, number];
233
199
  export const membership_can: (a: number) => number;
234
200
  export const membership_who: (a: number) => number;
201
+ export const signed_fromBytes: (a: number, b: number) => [number, number, number];
202
+ export const signed_payload: (a: number) => [number, number];
203
+ export const signed_signature: (a: number) => [number, number];
204
+ export const signed_toBytes: (a: number) => [number, number, number, number];
205
+ export const signed_verify: (a: number) => number;
206
+ export const signed_verifyingKey: (a: number) => [number, number];
235
207
  export const signeddelegation_delegation: (a: number) => number;
236
208
  export const signeddelegation_signature: (a: number) => [number, number];
237
209
  export const signeddelegation_subjectId: (a: number) => number;
238
210
  export const signeddelegation_verify: (a: number) => number;
239
211
  export const signeddelegation_verifyingKey: (a: number) => [number, number];
212
+ export const signedrevocation_delegation: (a: number) => number;
213
+ export const signedrevocation_signature: (a: number) => [number, number];
214
+ export const signedrevocation_verify: (a: number) => number;
215
+ export const signedrevocation_verifyingKey: (a: number) => [number, number];
216
+ export const __wbg_addmemberupdate_free: (a: number, b: number) => void;
217
+ export const __wbg_decryptedwithkey_free: (a: number, b: number) => void;
218
+ export const __wbg_delegation_free: (a: number, b: number) => void;
219
+ export const __wbg_document_free: (a: number, b: number) => void;
220
+ export const __wbg_group_free: (a: number, b: number) => void;
221
+ export const __wbg_history_free: (a: number, b: number) => void;
222
+ export const __wbg_summary_free: (a: number, b: number) => void;
223
+ export const addmemberupdate_delegation: (a: number) => number;
224
+ export const decryptedwithkey_applicationSecret: (a: number) => [number, number];
225
+ export const decryptedwithkey_plaintext: (a: number) => [number, number];
226
+ export const delegation_after: (a: number) => number;
227
+ export const delegation_can: (a: number) => number;
228
+ export const delegation_delegate: (a: number) => number;
229
+ export const delegation_proof: (a: number) => number;
230
+ export const document___wasm_refgen_toJsDocument: (a: number) => number;
231
+ export const document_doc_id: (a: number) => number;
232
+ export const document_id: (a: number) => number;
233
+ export const document_members: (a: number) => any;
234
+ export const document_toAgent: (a: number) => number;
235
+ export const document_toMembered: (a: number) => number;
236
+ export const document_toPeer: (a: number) => number;
237
+ export const group___wasm_refgen_toJsGroup: (a: number) => number;
238
+ export const group_members: (a: number) => any;
239
+ export const group_toAgent: (a: number) => number;
240
+ export const group_toMembered: (a: number) => number;
241
+ export const group_toPeer: (a: number) => number;
242
+ export const history_contentRefs: (a: number) => [number, number];
243
+ export const history_delegations: (a: number) => [number, number];
244
+ export const history_revocations: (a: number) => [number, number];
240
245
  export const summary_access: (a: number) => number;
241
246
  export const summary_doc: (a: number) => number;
242
- export const wasm_bindgen__convert__closures_____invoke__hd575a1431d676418: (a: number, b: number, c: any) => [number, number];
243
- export const wasm_bindgen__convert__closures_____invoke__h1ce7fe53f08aa9a8: (a: number, b: number, c: any, d: any) => void;
247
+ export const group_groupId: (a: number) => number;
248
+ export const group_id: (a: number) => number;
249
+ export const wasm_bindgen__convert__closures_____invoke__h9887d5ab72723f8a: (a: number, b: number, c: any) => [number, number];
250
+ export const wasm_bindgen__convert__closures_____invoke__h58982df154245cbc: (a: number, b: number, c: any, d: any) => void;
244
251
  export const __wbindgen_malloc: (a: number, b: number) => number;
245
252
  export const __wbindgen_realloc: (a: number, b: number, c: number, d: number) => number;
246
253
  export const __wbindgen_exn_store: (a: number) => void;
@@ -10,23 +10,13 @@ export class Access {
10
10
  }
11
11
 
12
12
  /**
13
- * The result of adding a member: the membership delegation, plus any new leaf
14
- * secrets produced by auto-rekeying a non-forward-secret document on add.
13
+ * The result of adding a member: the membership delegation.
15
14
  */
16
15
  export class AddMemberUpdate {
17
16
  private constructor();
18
17
  free(): void;
19
18
  [Symbol.dispose](): void;
20
19
  readonly delegation: SignedDelegation;
21
- /**
22
- * New leaf secret keypairs from auto-rekeying a non-forward-secret document
23
- * when this reader was added, serialized as a
24
- * `BTreeMap<ShareKey, ShareSecretKey>` (the format `importPrekeySecrets`
25
- * accepts). A sibling instance of this identity (e.g. a tab and its
26
- * SharedWorker) installs them to derive the rotated key. `undefined` when
27
- * no rotation occurred (a forward-secret document).
28
- */
29
- readonly leafSecrets: Uint8Array | undefined;
30
20
  }
31
21
 
32
22
  export class Agent {
@@ -135,6 +125,23 @@ export class ContactCard {
135
125
  readonly shareKey: ShareKey;
136
126
  }
137
127
 
128
+ /**
129
+ * Plaintext plus the application secret key that decrypted it.
130
+ *
131
+ * The key lets the consumer recover the blob's external predecessor-secret
132
+ * chain and chain further encryptions onto it, without re-entering CGKA.
133
+ */
134
+ export class DecryptedWithKey {
135
+ private constructor();
136
+ free(): void;
137
+ [Symbol.dispose](): void;
138
+ /**
139
+ * The 32-byte application secret key used to decrypt this content.
140
+ */
141
+ readonly applicationSecret: Uint8Array;
142
+ readonly plaintext: Uint8Array;
143
+ }
144
+
138
145
  export class Delegation {
139
146
  private constructor();
140
147
  free(): void;
@@ -183,6 +190,12 @@ export class Encrypted {
183
190
  private constructor();
184
191
  free(): void;
185
192
  [Symbol.dispose](): void;
193
+ /**
194
+ * Decrypt this content with an explicit 32-byte application secret key,
195
+ * bypassing CGKA. The consumer uses this to follow the external
196
+ * predecessor-secret chain once it has recovered a blob's key.
197
+ */
198
+ decryptWithKey(key: Uint8Array): Uint8Array;
186
199
  static fromBytes(bytes: Uint8Array): Encrypted;
187
200
  serialize(): Uint8Array;
188
201
  toBytes(): Uint8Array;
@@ -199,6 +212,13 @@ export class EncryptedContentWithUpdate {
199
212
  [Symbol.dispose](): void;
200
213
  encrypted_content(): Encrypted;
201
214
  update_op(): SignedCgkaOperation | undefined;
215
+ /**
216
+ * The 32-byte application secret key used to encrypt this content.
217
+ *
218
+ * Lets the consumer build the external predecessor-secret chain and chain
219
+ * further encryptions onto this blob.
220
+ */
221
+ readonly applicationSecret: Uint8Array;
202
222
  }
203
223
 
204
224
  export class Event {
@@ -334,14 +354,8 @@ export class Keyhive {
334
354
  ingestEventsBytes(events_bytes_array: Array<any>): Promise<Array<any>>;
335
355
  /**
336
356
  * Initialize a peer.
337
- *
338
- * `forward_secrecy` is this peer's policy for all documents it creates or
339
- * receives. When `false`, documents carry the CGKA predecessor key chain
340
- * (a member added later reads the whole prior history) and adding a reader
341
- * auto-rekeys (see `addMember`'s `leafSecrets`). When `true`, a member
342
- * added later cannot read content from before they joined.
343
357
  */
344
- static init(signer: Signer, ciphertext_store: CiphertextStore, event_handler: Function, forward_secrecy: boolean): Promise<Keyhive>;
358
+ static init(signer: Signer, ciphertext_store: CiphertextStore, event_handler: Function): Promise<Keyhive>;
345
359
  intoArchive(): Promise<Archive>;
346
360
  membershipOpsForAgent(agent: Agent): Promise<Map<any, any>>;
347
361
  pendingEventHashes(): Promise<Set<any>>;
@@ -353,6 +367,13 @@ export class Keyhive {
353
367
  stats(): Promise<Stats>;
354
368
  toArchive(): Promise<Archive>;
355
369
  tryDecrypt(doc: Document, encrypted: Encrypted): Promise<Uint8Array>;
370
+ /**
371
+ * Decrypt content and also return the 32-byte application secret key used.
372
+ *
373
+ * The consumer follows the external predecessor-secret chain from this key
374
+ * with `Encrypted.decryptWithKey`, avoiding further CGKA dives.
375
+ */
376
+ tryDecryptWithKey(doc: Document, encrypted: Encrypted): Promise<DecryptedWithKey>;
356
377
  tryEncrypt(doc: Document, content_ref: ChangeId, js_pred_refs: ChangeId[], content: Uint8Array): Promise<EncryptedContentWithUpdate>;
357
378
  tryEncryptArchive(doc: Document, content_ref: ChangeId, pred_refs: ChangeId[], content: Uint8Array): Promise<EncryptedContentWithUpdate>;
358
379
  tryPcsKeyHash(doc: Document): Promise<Uint8Array | undefined>;
@@ -514,3 +535,19 @@ export class Summary {
514
535
  * https://rustwasm.github.io/docs/wasm-pack/tutorials/npm-browser-packages/template-deep-dive/src-utils-rs.html#2-what-is-console_error_panic_hook
515
536
  */
516
537
  export function setPanicHook(): void;
538
+
539
+ /**
540
+ * Inverse of [`symmetric_encrypt`]. Reads `nonce(24) || ciphertext`.
541
+ */
542
+ export function symmetricDecrypt(key: Uint8Array, blob: Uint8Array): Uint8Array;
543
+
544
+ /**
545
+ * AEAD-encrypt `plaintext` under a 32-byte `key`.
546
+ *
547
+ * `associated_data` flavors the synthetic nonce (e.g. the document or content
548
+ * id) so identical plaintext under the same key in different contexts produces
549
+ * distinct ciphertext. Returns `nonce(24) || ciphertext` (the ciphertext
550
+ * includes the Poly1305 tag). The nonce is carried in the output, so
551
+ * [`symmetric_decrypt`] does not need the associated data.
552
+ */
553
+ export function symmetricEncrypt(key: Uint8Array, plaintext: Uint8Array, associated_data: Uint8Array): Uint8Array;