@monolythium/core-sdk 0.4.18 → 0.4.19

package/dist/crypto/index.d.cts

@@ -1,5 +1,5 @@
-import { I as MlDsa65Backend } from '../submission-Cr6u_2he.cjs';
-export { kb as ADDRESS_DERIVATION_DOMAIN, kc as CLUSTER_MLKEM_SHAMIR, kd as CLUSTER_MLKEM_SHAMIR_ALGO, ke as ClusterSealKeyEntryInput, K as ClusterSealKeys, L as ClusterSealKeysSource, kf as DKG_AEAD_TAG_LEN, kg as DKG_NONCE_LEN, kh as DecryptHint, ki as ENCRYPTED_SUBMISSION_UNAVAILABLE_MESSAGE, kj as ENUM_VARIANT_INDEX_ML_DSA_65, kk as EncryptedEnvelope, kl as EncryptedSubmission, E as EncryptionKey, km as JsonRpcCallClient, kn as LythiumSealEnvelope, ko as ML_DSA_65_PUBLIC_KEY_LEN, kp as ML_DSA_65_SEED_LEN, kq as ML_DSA_65_SIGNATURE_LEN, kr as ML_DSA_65_SIGNING_KEY_LEN, ks as ML_KEM_768_CIPHERTEXT_LEN, kt as ML_KEM_768_ENCAPSULATION_KEY_LEN, ku as ML_KEM_768_SHARED_SECRET_LEN, F as MempoolClass, D as NativeEvmTxFields, kv as NativeTxExtension, kw as NativeTxExtensionDescriptor, kx as NativeTxExtensionLike, ky as NonceAad, kz as OperatorSealKeypair, kA as PlaintextSubmission, kB as SEAL_COMMIT_LEN, kC as SEAL_DK_LEN, kD as SEAL_EK_LEN, kE as SEAL_KEM_CT_LEN, kF as SEAL_KEM_SEED_LEN, kG as SEAL_KEY_LEN, kH as SEAL_NONCE_LEN, kI as SEAL_SHARE_LEN, kJ as SEAL_TAG_LEN, kK as STANDARD_ALGO_NUMBER_ML_DSA_65, kL as SealRandomSource, kM as SealRecipient, kN as SealedSubmission, kO as bincodeDecryptHint, kP as bincodeEncryptedEnvelope, kQ as bincodeNonceAad, kR as bincodeSignedTransaction, kS as buildEncryptedEnvelope, kT as buildEncryptedSubmission, kU as buildPlaintextSubmission, kV as cryptoRandomSource, kW as encodeMlDsa65Opaque, kX as encodeSealEnvelope, kY as encodeTransactionForHash, kZ as encryptInnerTx, k_ as fetchEncryptionKey, k$ as generateOperatorSealKeypair, l0 as getClusterSealKeys, l1 as mlDsa65AddressBytes, l2 as mlDsa65AddressFromPublicKey, l3 as outerSigDigest, l4 as parseClusterSealKeys, l5 as sealRosterHash, l6 as sealToCluster, l7 as sealTransaction, l8 as submitEncryptedEnvelope, l9 as submitPlaintextTransaction, la as submitSealedTransaction, lb as submitTransactionWithPrivacy } from '../submission-Cr6u_2he.cjs';
+import { L as MlDsa65Backend } from '../submission-B4FmDnm_.cjs';
+export { kb as ADDRESS_DERIVATION_DOMAIN, kc as CLUSTER_MLKEM_SHAMIR, kd as CLUSTER_MLKEM_SHAMIR_ALGO, ke as ClusterSealKeyEntryInput, U as ClusterSealKeys, V as ClusterSealKeysSource, kf as DKG_AEAD_TAG_LEN, kg as DKG_NONCE_LEN, kh as DecryptHint, ki as ENCRYPTED_SUBMISSION_UNAVAILABLE_MESSAGE, kj as ENUM_VARIANT_INDEX_ML_DSA_65, kk as EncryptedEnvelope, kl as EncryptedSubmission, I as EncryptionKey, km as JsonRpcCallClient, kn as LythiumSealEnvelope, ko as ML_DSA_65_PUBLIC_KEY_LEN, kp as ML_DSA_65_SEED_LEN, kq as ML_DSA_65_SIGNATURE_LEN, kr as ML_DSA_65_SIGNING_KEY_LEN, ks as ML_KEM_768_CIPHERTEXT_LEN, kt as ML_KEM_768_ENCAPSULATION_KEY_LEN, ku as ML_KEM_768_SHARED_SECRET_LEN, J as MempoolClass, H as NativeEvmTxFields, kv as NativeTxExtension, kw as NativeTxExtensionDescriptor, kx as NativeTxExtensionLike, ky as NonceAad, kz as OperatorSealKeypair, kA as PlaintextSubmission, kB as SEAL_COMMIT_LEN, kC as SEAL_DK_LEN, kD as SEAL_EK_LEN, kE as SEAL_KEM_CT_LEN, kF as SEAL_KEM_SEED_LEN, kG as SEAL_KEY_LEN, kH as SEAL_NONCE_LEN, kI as SEAL_SHARE_LEN, kJ as SEAL_TAG_LEN, kK as STANDARD_ALGO_NUMBER_ML_DSA_65, kL as SealRandomSource, kM as SealRecipient, kN as SealedSubmission, kO as bincodeDecryptHint, kP as bincodeEncryptedEnvelope, kQ as bincodeNonceAad, kR as bincodeSignedTransaction, kS as buildEncryptedEnvelope, kT as buildEncryptedSubmission, kU as buildPlaintextSubmission, kV as cryptoRandomSource, kW as encodeMlDsa65Opaque, kX as encodeSealEnvelope, kY as encodeTransactionForHash, kZ as encryptInnerTx, k_ as fetchEncryptionKey, k$ as generateOperatorSealKeypair, l0 as getClusterSealKeys, l1 as mlDsa65AddressBytes, l2 as mlDsa65AddressFromPublicKey, l3 as outerSigDigest, l4 as parseClusterSealKeys, l5 as sealRosterHash, l6 as sealToCluster, l7 as sealTransaction, l8 as submitEncryptedEnvelope, l9 as submitPlaintextTransaction, la as submitSealedTransaction, lb as submitTransactionWithPrivacy } from '../submission-B4FmDnm_.cjs';
 
 declare class BincodeWriter {
     #private;

package/dist/crypto/index.d.ts

@@ -1,5 +1,5 @@
-import { I as MlDsa65Backend } from '../submission-Cr6u_2he.js';
-export { kb as ADDRESS_DERIVATION_DOMAIN, kc as CLUSTER_MLKEM_SHAMIR, kd as CLUSTER_MLKEM_SHAMIR_ALGO, ke as ClusterSealKeyEntryInput, K as ClusterSealKeys, L as ClusterSealKeysSource, kf as DKG_AEAD_TAG_LEN, kg as DKG_NONCE_LEN, kh as DecryptHint, ki as ENCRYPTED_SUBMISSION_UNAVAILABLE_MESSAGE, kj as ENUM_VARIANT_INDEX_ML_DSA_65, kk as EncryptedEnvelope, kl as EncryptedSubmission, E as EncryptionKey, km as JsonRpcCallClient, kn as LythiumSealEnvelope, ko as ML_DSA_65_PUBLIC_KEY_LEN, kp as ML_DSA_65_SEED_LEN, kq as ML_DSA_65_SIGNATURE_LEN, kr as ML_DSA_65_SIGNING_KEY_LEN, ks as ML_KEM_768_CIPHERTEXT_LEN, kt as ML_KEM_768_ENCAPSULATION_KEY_LEN, ku as ML_KEM_768_SHARED_SECRET_LEN, F as MempoolClass, D as NativeEvmTxFields, kv as NativeTxExtension, kw as NativeTxExtensionDescriptor, kx as NativeTxExtensionLike, ky as NonceAad, kz as OperatorSealKeypair, kA as PlaintextSubmission, kB as SEAL_COMMIT_LEN, kC as SEAL_DK_LEN, kD as SEAL_EK_LEN, kE as SEAL_KEM_CT_LEN, kF as SEAL_KEM_SEED_LEN, kG as SEAL_KEY_LEN, kH as SEAL_NONCE_LEN, kI as SEAL_SHARE_LEN, kJ as SEAL_TAG_LEN, kK as STANDARD_ALGO_NUMBER_ML_DSA_65, kL as SealRandomSource, kM as SealRecipient, kN as SealedSubmission, kO as bincodeDecryptHint, kP as bincodeEncryptedEnvelope, kQ as bincodeNonceAad, kR as bincodeSignedTransaction, kS as buildEncryptedEnvelope, kT as buildEncryptedSubmission, kU as buildPlaintextSubmission, kV as cryptoRandomSource, kW as encodeMlDsa65Opaque, kX as encodeSealEnvelope, kY as encodeTransactionForHash, kZ as encryptInnerTx, k_ as fetchEncryptionKey, k$ as generateOperatorSealKeypair, l0 as getClusterSealKeys, l1 as mlDsa65AddressBytes, l2 as mlDsa65AddressFromPublicKey, l3 as outerSigDigest, l4 as parseClusterSealKeys, l5 as sealRosterHash, l6 as sealToCluster, l7 as sealTransaction, l8 as submitEncryptedEnvelope, l9 as submitPlaintextTransaction, la as submitSealedTransaction, lb as submitTransactionWithPrivacy } from '../submission-Cr6u_2he.js';
+import { L as MlDsa65Backend } from '../submission-B4FmDnm_.js';
+export { kb as ADDRESS_DERIVATION_DOMAIN, kc as CLUSTER_MLKEM_SHAMIR, kd as CLUSTER_MLKEM_SHAMIR_ALGO, ke as ClusterSealKeyEntryInput, U as ClusterSealKeys, V as ClusterSealKeysSource, kf as DKG_AEAD_TAG_LEN, kg as DKG_NONCE_LEN, kh as DecryptHint, ki as ENCRYPTED_SUBMISSION_UNAVAILABLE_MESSAGE, kj as ENUM_VARIANT_INDEX_ML_DSA_65, kk as EncryptedEnvelope, kl as EncryptedSubmission, I as EncryptionKey, km as JsonRpcCallClient, kn as LythiumSealEnvelope, ko as ML_DSA_65_PUBLIC_KEY_LEN, kp as ML_DSA_65_SEED_LEN, kq as ML_DSA_65_SIGNATURE_LEN, kr as ML_DSA_65_SIGNING_KEY_LEN, ks as ML_KEM_768_CIPHERTEXT_LEN, kt as ML_KEM_768_ENCAPSULATION_KEY_LEN, ku as ML_KEM_768_SHARED_SECRET_LEN, J as MempoolClass, H as NativeEvmTxFields, kv as NativeTxExtension, kw as NativeTxExtensionDescriptor, kx as NativeTxExtensionLike, ky as NonceAad, kz as OperatorSealKeypair, kA as PlaintextSubmission, kB as SEAL_COMMIT_LEN, kC as SEAL_DK_LEN, kD as SEAL_EK_LEN, kE as SEAL_KEM_CT_LEN, kF as SEAL_KEM_SEED_LEN, kG as SEAL_KEY_LEN, kH as SEAL_NONCE_LEN, kI as SEAL_SHARE_LEN, kJ as SEAL_TAG_LEN, kK as STANDARD_ALGO_NUMBER_ML_DSA_65, kL as SealRandomSource, kM as SealRecipient, kN as SealedSubmission, kO as bincodeDecryptHint, kP as bincodeEncryptedEnvelope, kQ as bincodeNonceAad, kR as bincodeSignedTransaction, kS as buildEncryptedEnvelope, kT as buildEncryptedSubmission, kU as buildPlaintextSubmission, kV as cryptoRandomSource, kW as encodeMlDsa65Opaque, kX as encodeSealEnvelope, kY as encodeTransactionForHash, kZ as encryptInnerTx, k_ as fetchEncryptionKey, k$ as generateOperatorSealKeypair, l0 as getClusterSealKeys, l1 as mlDsa65AddressBytes, l2 as mlDsa65AddressFromPublicKey, l3 as outerSigDigest, l4 as parseClusterSealKeys, l5 as sealRosterHash, l6 as sealToCluster, l7 as sealTransaction, l8 as submitEncryptedEnvelope, l9 as submitPlaintextTransaction, la as submitSealedTransaction, lb as submitTransactionWithPrivacy } from '../submission-B4FmDnm_.js';
 
 declare class BincodeWriter {
     #private;

package/dist/index.cjs

@@ -7510,6 +7510,92 @@ function concatBytes5(...parts) {
   }
   return out;
 }
+
+// src/operator-trust.ts
+var GENESIS_HASH_RE = /^0x[0-9a-fA-F]{64}$/;
+var QUARANTINED_RPC_CODE = -32047;
+function normaliseHash(input) {
+  return typeof input === "string" && GENESIS_HASH_RE.test(input) ? input.toLowerCase() : null;
+}
+function isQuarantineError(err) {
+  if (err instanceof SdkError && err.code === QUARANTINED_RPC_CODE) return true;
+  const message = err instanceof Error ? err.message : String(err);
+  return /quarantin/i.test(message);
+}
+async function verifyOperatorGenesis(client, expectedGenesisHash) {
+  const pinned = normaliseHash(expectedGenesisHash);
+  try {
+    const stats = await client.lythChainStats();
+    const observed = normaliseHash(stats.genesisHash);
+    if (observed === null) {
+      return { ok: false, observed: null, quarantined: false };
+    }
+    return { ok: pinned !== null && observed === pinned, observed, quarantined: false };
+  } catch (err) {
+    if (isQuarantineError(err)) {
+      return { ok: false, observed: null, quarantined: true };
+    }
+    return { ok: false, observed: null, quarantined: false };
+  }
+}
+var OperatorTrustError = class extends SdkError {
+  reason;
+  constructor(reason, message) {
+    super("endpoint", message);
+    this.name = "OperatorTrustError";
+    this.reason = reason;
+  }
+};
+async function selectTrustedOperator(chain, options = {}) {
+  if (chain.rpc.length === 0) {
+    throw new OperatorTrustError(
+      "unreachable",
+      `network ${chain.network} has no RPC endpoints`
+    );
+  }
+  const expectedChainId = BigInt(chain.chain_id);
+  let sawRegenesis = false;
+  let sawWrongChain = false;
+  let sawUntrusted = false;
+  let sawQuarantined = false;
+  const probes = chain.rpc.map(async (ep) => {
+    const client = new RpcClient(ep.url, options);
+    let chainId;
+    try {
+      chainId = await client.ethChainId();
+    } catch (err) {
+      if (isQuarantineError(err)) sawQuarantined = true;
+      throw err;
+    }
+    if (chainId !== expectedChainId) {
+      sawWrongChain = true;
+      throw new SdkError("endpoint", `${ep.url}: chain id ${chainId} != ${chain.chain_id}`);
+    }
+    const verdict = await verifyOperatorGenesis(client, chain.genesis_hash);
+    if (verdict.quarantined) {
+      sawQuarantined = true;
+      throw new SdkError("endpoint", `${ep.url}: quarantined`);
+    }
+    if (!verdict.ok) {
+      if (verdict.observed !== null) sawRegenesis = true;
+      else sawUntrusted = true;
+      throw new SdkError("endpoint", `${ep.url}: genesis not trusted`);
+    }
+    return client;
+  });
+  try {
+    return await Promise.any(probes);
+  } catch {
+    const reason = sawRegenesis ? "regenesis" : sawWrongChain ? "wrong-chain" : sawUntrusted ? "untrusted" : sawQuarantined ? "quarantined" : "unreachable";
+    throw new OperatorTrustError(
+      reason,
+      `no trusted operator for ${chain.network} (${reason})`
+    );
+  }
+}
+async function selectTrustedOperatorForNetwork(network = "testnet-69420", options = {}) {
+  return selectTrustedOperator(getChainInfo(network), options);
+}
 var NO_EVM_RECEIPT_PROOF_SCHEMA = "mono.no_evm_receipt_proof.v1";
 var NO_EVM_RECEIPT_PROOF_TYPE = "canonicalReceiptsTranscript";
 var NO_EVM_RECEIPT_INCLUSION_PROOF_TYPE = "canonicalReceiptInclusion";
@@ -12434,6 +12520,7 @@ exports.OPERATOR_ROUTER_EVENT_SIGS = OPERATOR_ROUTER_EVENT_SIGS;
 exports.OPERATOR_ROUTER_SELECTORS = OPERATOR_ROUTER_SELECTORS;
 exports.OPERATOR_ROUTER_SIGS = OPERATOR_ROUTER_SIGS;
 exports.ORACLE_EVENT_SIGS = ORACLE_EVENT_SIGS;
+exports.OperatorTrustError = OperatorTrustError;
 exports.OracleEventError = OracleEventError;
 exports.PENDING_CHANGE_KIND_CODES = PENDING_CHANGE_KIND_CODES;
 exports.PRECOMPILE_ADDRESSES = PRECOMPILE_ADDRESSES;
@@ -12450,6 +12537,7 @@ exports.PUBKEY_REGISTRY_ML_DSA_65_PUBLIC_KEY_LEN = PUBKEY_REGISTRY_ML_DSA_65_PUB
 exports.PUBKEY_REGISTRY_SELECTORS = PUBKEY_REGISTRY_SELECTORS;
 exports.ProverMarketError = ProverMarketError;
 exports.PubkeyRegistryError = PubkeyRegistryError;
+exports.QUARANTINED_RPC_CODE = QUARANTINED_RPC_CODE;
 exports.REGISTRY_DEFAULT_EXECUTION_UNIT_LIMIT = REGISTRY_DEFAULT_EXECUTION_UNIT_LIMIT;
 exports.RESERVED_ADDRESS_HRPS = RESERVED_ADDRESS_HRPS;
 exports.RpcClient = RpcClient;
@@ -12751,6 +12839,7 @@ exports.isBridgeResumeCooldownActiveRevert = isBridgeResumeCooldownActiveRevert;
 exports.isConcreteServiceProbeStatus = isConcreteServiceProbeStatus;
 exports.isNativeDecodedEvent = isNativeDecodedEvent;
 exports.isNativeMarketOrderBookStreamPayload = isNativeMarketOrderBookStreamPayload;
+exports.isQuarantineError = isQuarantineError;
 exports.isSinglePublicServiceProbeMask = isSinglePublicServiceProbeMask;
 exports.isUnexpectedValueRevert = isUnexpectedValueRevert;
 exports.isValidNodeRegistryCapabilities = isValidNodeRegistryCapabilities;
@@ -12812,6 +12901,8 @@ exports.resolveMaxExecutionUnitPrice = resolveMaxExecutionUnitPrice;
 exports.resolveRegistryExecutionFee = resolveRegistryExecutionFee;
 exports.resolveStudioHostStatus = resolveStudioHostStatus;
 exports.selectBridgeTransferRoute = selectBridgeTransferRoute;
+exports.selectTrustedOperator = selectTrustedOperator;
+exports.selectTrustedOperatorForNetwork = selectTrustedOperatorForNetwork;
 exports.serviceMaskToBitIndex = serviceMaskToBitIndex;
 exports.serviceProbeStatusLabel = serviceProbeStatusLabel;
 exports.setDestinationRoot = setDestinationRoot;
@@ -12851,6 +12942,7 @@ exports.verifyNoEvmFinalityEvidenceMultisig = verifyNoEvmFinalityEvidenceMultisi
 exports.verifyNoEvmFinalityEvidenceThreshold = verifyNoEvmFinalityEvidenceThreshold;
 exports.verifyNoEvmReceiptProof = verifyNoEvmReceiptProof;
 exports.verifyNoEvmReceiptProofTrust = verifyNoEvmReceiptProofTrust;
+exports.verifyOperatorGenesis = verifyOperatorGenesis;
 exports.version = version;
 exports.vrfAddressHex = vrfAddressHex;
 //# sourceMappingURL=index.cjs.map