@mysten/seal 1.0.1 → 1.1.1

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @mysten/seal
 
+## 1.1.1
+
+### Patch Changes
+
+- 43e69f8: Add embedded LLM-friendly docs to published packages
+- Updated dependencies [43e69f8]
+- Updated dependencies [e51dc5d]
+  - @mysten/bcs@2.0.3
+  - @mysten/sui@2.8.0
+
+## 1.1.0
+
+### Minor Changes
+
+- 8957bc4: [seal] use vector instead of vecmap for partial key servers
+
 ## 1.0.1
 
 ### Patch Changes

package/dist/bcs.mjs

@@ -60,10 +60,7 @@ const ServerType = bcs$1.enum("ServerType", {
 	Committee: bcs$1.struct("Committee", {
 		version: bcs$1.u32(),
 		threshold: bcs$1.u16(),
-		partialKeyServers: bcs$1.vector(bcs$1.struct("VecMapEntry", {
-			key: bcs$1.Address,
-			value: PartialKeyServer
-		}))
+		partialKeyServers: bcs$1.vector(PartialKeyServer)
 	})
 });
 /**

package/dist/bcs.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"bcs.mjs","names":["bcs"],"sources":["../src/bcs.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex, toHex } from '@mysten/bcs';\nimport { bcs } from '@mysten/sui/bcs';\n\nexport const IBEEncryptions = bcs.enum('IBEEncryptions', {\n\tBonehFranklinBLS12381: bcs.struct('BonehFranklinBLS12381', {\n\t\tnonce: bcs.bytes(96),\n\t\tencryptedShares: bcs.vector(bcs.bytes(32)),\n\t\tencryptedRandomness: bcs.bytes(32),\n\t}),\n});\n\nexport const Ciphertext = bcs.enum('Ciphertext', {\n\tAes256Gcm: bcs.struct('Aes256Gcm', {\n\t\tblob: bcs.byteVector(),\n\t\taad: bcs.option(bcs.byteVector()),\n\t}),\n\tHmac256Ctr: bcs.struct('Hmac256Ctr', {\n\t\tblob: bcs.byteVector(),\n\t\taad: bcs.option(bcs.byteVector()),\n\t\tmac: bcs.bytes(32),\n\t}),\n\tPlain: bcs.struct('Plain', {}),\n});\n\n/**\n * The encrypted object format. Should be aligned with the Rust implementation.\n */\nexport const EncryptedObject = bcs.struct('EncryptedObject', {\n\tversion: bcs.u8(),\n\tpackageId: bcs.Address,\n\tid: bcs.byteVector().transform({\n\t\toutput: (val) => toHex(val),\n\t\tinput: (val: string) => fromHex(val),\n\t}),\n\tservices: bcs.vector(bcs.tuple([bcs.Address, bcs.u8()])),\n\tthreshold: bcs.u8(),\n\tencryptedShares: IBEEncryptions,\n\tciphertext: Ciphertext,\n});\n\n/**\n * The Move struct for the KeyServerV1 object.\n */\nexport const KeyServerMoveV1 = bcs.struct('KeyServerV1', {\n\tname: bcs.string(),\n\turl: bcs.string(),\n\tkeyType: bcs.u8(),\n\tpk: bcs.byteVector(),\n});\n\n/**\n * The Move struct for PartialKeyServer.\n */\nexport const PartialKeyServer = bcs.struct('PartialKeyServer', {\n\tname: bcs.string(),\n\turl: bcs.string(),\n\tpartialPk: bcs.byteVector(),\n\tpartyId: bcs.u16(),\n});\n\n/**\n * The Move enum for ServerType (V2).\n */\nexport const ServerType = bcs.enum('ServerType', {\n\tIndependent: bcs.struct('Independent', {\n\t\turl: bcs.string(),\n\t}),\n\tCommittee: bcs.struct('Committee', {\n\t\tversion: bcs.u32(),\n\t\tthreshold: bcs.u16(),\n\t\tpartialKeyServers: bcs.vector(\n\t\t\tbcs.struct('VecMapEntry', {\n\t\t\t\tkey: bcs.Address,\n\t\t\t\tvalue: PartialKeyServer,\n\t\t\t}),\n\t\t),\n\t}),\n});\n\n/**\n * The Move struct for the KeyServerV2 object.\n */\nexport const KeyServerMoveV2 = bcs.struct('KeyServerV2', {\n\tname: bcs.string(),\n\tkeyType: bcs.u8(),\n\tpk: bcs.byteVector(),\n\tserverType: ServerType,\n});\n\n/**\n * The Move struct for the parent object.\n */\nexport const KeyServerMove = bcs.struct('KeyServer', {\n\tid: bcs.Address,\n\tfirstVersion: bcs.u64(), // latest version\n\tlastVersion: bcs.u64(), // oldest version\n});\n"],"mappings":";;;;AAMA,MAAa,iBAAiBA,MAAI,KAAK,kBAAkB,EACxD,uBAAuBA,MAAI,OAAO,yBAAyB;CAC1D,OAAOA,MAAI,MAAM,GAAG;CACpB,iBAAiBA,MAAI,OAAOA,MAAI,MAAM,GAAG,CAAC;CAC1C,qBAAqBA,MAAI,MAAM,GAAG;CAClC,CAAC,EACF,CAAC;AAEF,MAAa,aAAaA,MAAI,KAAK,cAAc;CAChD,WAAWA,MAAI,OAAO,aAAa;EAClC,MAAMA,MAAI,YAAY;EACtB,KAAKA,MAAI,OAAOA,MAAI,YAAY,CAAC;EACjC,CAAC;CACF,YAAYA,MAAI,OAAO,cAAc;EACpC,MAAMA,MAAI,YAAY;EACtB,KAAKA,MAAI,OAAOA,MAAI,YAAY,CAAC;EACjC,KAAKA,MAAI,MAAM,GAAG;EAClB,CAAC;CACF,OAAOA,MAAI,OAAO,SAAS,EAAE,CAAC;CAC9B,CAAC;;;;AAKF,MAAa,kBAAkBA,MAAI,OAAO,mBAAmB;CAC5D,SAASA,MAAI,IAAI;CACjB,WAAWA,MAAI;CACf,IAAIA,MAAI,YAAY,CAAC,UAAU;EAC9B,SAAS,QAAQ,MAAM,IAAI;EAC3B,QAAQ,QAAgB,QAAQ,IAAI;EACpC,CAAC;CACF,UAAUA,MAAI,OAAOA,MAAI,MAAM,CAACA,MAAI,SAASA,MAAI,IAAI,CAAC,CAAC,CAAC;CACxD,WAAWA,MAAI,IAAI;CACnB,iBAAiB;CACjB,YAAY;CACZ,CAAC;;;;AAKF,MAAa,kBAAkBA,MAAI,OAAO,eAAe;CACxD,MAAMA,MAAI,QAAQ;CAClB,KAAKA,MAAI,QAAQ;CACjB,SAASA,MAAI,IAAI;CACjB,IAAIA,MAAI,YAAY;CACpB,CAAC;;;;AAKF,MAAa,mBAAmBA,MAAI,OAAO,oBAAoB;CAC9D,MAAMA,MAAI,QAAQ;CAClB,KAAKA,MAAI,QAAQ;CACjB,WAAWA,MAAI,YAAY;CAC3B,SAASA,MAAI,KAAK;CAClB,CAAC;;;;AAKF,MAAa,aAAaA,MAAI,KAAK,cAAc;CAChD,aAAaA,MAAI,OAAO,eAAe,EACtC,KAAKA,MAAI,QAAQ,EACjB,CAAC;CACF,WAAWA,MAAI,OAAO,aAAa;EAClC,SAASA,MAAI,KAAK;EAClB,WAAWA,MAAI,KAAK;EACpB,mBAAmBA,MAAI,OACtBA,MAAI,OAAO,eAAe;GACzB,KAAKA,MAAI;GACT,OAAO;GACP,CAAC,CACF;EACD,CAAC;CACF,CAAC;;;;AAKF,MAAa,kBAAkBA,MAAI,OAAO,eAAe;CACxD,MAAMA,MAAI,QAAQ;CAClB,SAASA,MAAI,IAAI;CACjB,IAAIA,MAAI,YAAY;CACpB,YAAY;CACZ,CAAC;;;;AAKF,MAAa,gBAAgBA,MAAI,OAAO,aAAa;CACpD,IAAIA,MAAI;CACR,cAAcA,MAAI,KAAK;CACvB,aAAaA,MAAI,KAAK;CACtB,CAAC"}
+{"version":3,"file":"bcs.mjs","names":["bcs"],"sources":["../src/bcs.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromHex, toHex } from '@mysten/bcs';\nimport { bcs } from '@mysten/sui/bcs';\n\nexport const IBEEncryptions = bcs.enum('IBEEncryptions', {\n\tBonehFranklinBLS12381: bcs.struct('BonehFranklinBLS12381', {\n\t\tnonce: bcs.bytes(96),\n\t\tencryptedShares: bcs.vector(bcs.bytes(32)),\n\t\tencryptedRandomness: bcs.bytes(32),\n\t}),\n});\n\nexport const Ciphertext = bcs.enum('Ciphertext', {\n\tAes256Gcm: bcs.struct('Aes256Gcm', {\n\t\tblob: bcs.byteVector(),\n\t\taad: bcs.option(bcs.byteVector()),\n\t}),\n\tHmac256Ctr: bcs.struct('Hmac256Ctr', {\n\t\tblob: bcs.byteVector(),\n\t\taad: bcs.option(bcs.byteVector()),\n\t\tmac: bcs.bytes(32),\n\t}),\n\tPlain: bcs.struct('Plain', {}),\n});\n\n/**\n * The encrypted object format. Should be aligned with the Rust implementation.\n */\nexport const EncryptedObject = bcs.struct('EncryptedObject', {\n\tversion: bcs.u8(),\n\tpackageId: bcs.Address,\n\tid: bcs.byteVector().transform({\n\t\toutput: (val) => toHex(val),\n\t\tinput: (val: string) => fromHex(val),\n\t}),\n\tservices: bcs.vector(bcs.tuple([bcs.Address, bcs.u8()])),\n\tthreshold: bcs.u8(),\n\tencryptedShares: IBEEncryptions,\n\tciphertext: Ciphertext,\n});\n\n/**\n * The Move struct for the KeyServerV1 object.\n */\nexport const KeyServerMoveV1 = bcs.struct('KeyServerV1', {\n\tname: bcs.string(),\n\turl: bcs.string(),\n\tkeyType: bcs.u8(),\n\tpk: bcs.byteVector(),\n});\n\n/**\n * The Move struct for PartialKeyServer.\n */\nexport const PartialKeyServer = bcs.struct('PartialKeyServer', {\n\tname: bcs.string(),\n\turl: bcs.string(),\n\tpartialPk: bcs.byteVector(),\n\tpartyId: bcs.u16(),\n});\n\n/**\n * The Move enum for ServerType (V2).\n */\nexport const ServerType = bcs.enum('ServerType', {\n\tIndependent: bcs.struct('Independent', {\n\t\turl: bcs.string(),\n\t}),\n\tCommittee: bcs.struct('Committee', {\n\t\tversion: bcs.u32(),\n\t\tthreshold: bcs.u16(),\n\t\tpartialKeyServers: bcs.vector(PartialKeyServer),\n\t}),\n});\n\n/**\n * The Move struct for the KeyServerV2 object.\n */\nexport const KeyServerMoveV2 = bcs.struct('KeyServerV2', {\n\tname: bcs.string(),\n\tkeyType: bcs.u8(),\n\tpk: bcs.byteVector(),\n\tserverType: ServerType,\n});\n\n/**\n * The Move struct for the parent object.\n */\nexport const KeyServerMove = bcs.struct('KeyServer', {\n\tid: bcs.Address,\n\tfirstVersion: bcs.u64(), // latest version\n\tlastVersion: bcs.u64(), // oldest version\n});\n"],"mappings":";;;;AAMA,MAAa,iBAAiBA,MAAI,KAAK,kBAAkB,EACxD,uBAAuBA,MAAI,OAAO,yBAAyB;CAC1D,OAAOA,MAAI,MAAM,GAAG;CACpB,iBAAiBA,MAAI,OAAOA,MAAI,MAAM,GAAG,CAAC;CAC1C,qBAAqBA,MAAI,MAAM,GAAG;CAClC,CAAC,EACF,CAAC;AAEF,MAAa,aAAaA,MAAI,KAAK,cAAc;CAChD,WAAWA,MAAI,OAAO,aAAa;EAClC,MAAMA,MAAI,YAAY;EACtB,KAAKA,MAAI,OAAOA,MAAI,YAAY,CAAC;EACjC,CAAC;CACF,YAAYA,MAAI,OAAO,cAAc;EACpC,MAAMA,MAAI,YAAY;EACtB,KAAKA,MAAI,OAAOA,MAAI,YAAY,CAAC;EACjC,KAAKA,MAAI,MAAM,GAAG;EAClB,CAAC;CACF,OAAOA,MAAI,OAAO,SAAS,EAAE,CAAC;CAC9B,CAAC;;;;AAKF,MAAa,kBAAkBA,MAAI,OAAO,mBAAmB;CAC5D,SAASA,MAAI,IAAI;CACjB,WAAWA,MAAI;CACf,IAAIA,MAAI,YAAY,CAAC,UAAU;EAC9B,SAAS,QAAQ,MAAM,IAAI;EAC3B,QAAQ,QAAgB,QAAQ,IAAI;EACpC,CAAC;CACF,UAAUA,MAAI,OAAOA,MAAI,MAAM,CAACA,MAAI,SAASA,MAAI,IAAI,CAAC,CAAC,CAAC;CACxD,WAAWA,MAAI,IAAI;CACnB,iBAAiB;CACjB,YAAY;CACZ,CAAC;;;;AAKF,MAAa,kBAAkBA,MAAI,OAAO,eAAe;CACxD,MAAMA,MAAI,QAAQ;CAClB,KAAKA,MAAI,QAAQ;CACjB,SAASA,MAAI,IAAI;CACjB,IAAIA,MAAI,YAAY;CACpB,CAAC;;;;AAKF,MAAa,mBAAmBA,MAAI,OAAO,oBAAoB;CAC9D,MAAMA,MAAI,QAAQ;CAClB,KAAKA,MAAI,QAAQ;CACjB,WAAWA,MAAI,YAAY;CAC3B,SAASA,MAAI,KAAK;CAClB,CAAC;;;;AAKF,MAAa,aAAaA,MAAI,KAAK,cAAc;CAChD,aAAaA,MAAI,OAAO,eAAe,EACtC,KAAKA,MAAI,QAAQ,EACjB,CAAC;CACF,WAAWA,MAAI,OAAO,aAAa;EAClC,SAASA,MAAI,KAAK;EAClB,WAAWA,MAAI,KAAK;EACpB,mBAAmBA,MAAI,OAAO,iBAAiB;EAC/C,CAAC;CACF,CAAC;;;;AAKF,MAAa,kBAAkBA,MAAI,OAAO,eAAe;CACxD,MAAMA,MAAI,QAAQ;CAClB,SAASA,MAAI,IAAI;CACjB,IAAIA,MAAI,YAAY;CACpB,YAAY;CACZ,CAAC;;;;AAKF,MAAa,gBAAgBA,MAAI,OAAO,aAAa;CACpD,IAAIA,MAAI;CACR,cAAcA,MAAI,KAAK;CACvB,aAAaA,MAAI,KAAK;CACtB,CAAC"}

package/dist/version.mjs

@@ -1,5 +1,5 @@
 //#region src/version.ts
-const PACKAGE_VERSION = "1.0.1";
+const PACKAGE_VERSION = "1.1.1";
 
 //#endregion
 export { PACKAGE_VERSION };

package/dist/version.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"version.mjs","names":[],"sources":["../src/version.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '1.0.1';\n"],"mappings":";AAKA,MAAa,kBAAkB"}
+{"version":3,"file":"version.mjs","names":[],"sources":["../src/version.ts"],"sourcesContent":["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\n// This file is generated by genversion.mjs. Do not edit it directly.\n\nexport const PACKAGE_VERSION = '1.1.1';\n"],"mappings":";AAKA,MAAa,kBAAkB"}

package/docs/index.md

@@ -0,0 +1,83 @@
+# Seal SDK
+
+> Decentralized secrets management with threshold encryption on Sui
+
+> **Note:** This is a beta version of Seal. See https://github.com/MystenLabs/seal for more details.
+
+The Seal SDK provides threshold encryption capabilities for Sui applications, enabling secure data
+encryption with configurable key servers.
+
+## Installation
+
+```bash npm2yarn
+npm install --save @mysten/seal @mysten/sui
+```
+
+## Setup
+
+To use the Seal SDK, create a Sui client and extend it with the Seal extension:
+
+```ts
+const client = new SuiGrpcClient({
+	network: 'testnet',
+	baseUrl: 'https://fullnode.testnet.sui.io:443',
+}).$extend(
+	seal({
+		serverConfigs: [
+			{ objectId: '0x...keyserver1', weight: 1 },
+			{ objectId: '0x...keyserver2', weight: 1 },
+		],
+	}),
+);
+```
+
+## Configuration Options
+
+The `seal()` function accepts the following options:
+
+- **`serverConfigs`** (required) - Array of key server configurations with `objectId` and `weight`
+- **`verifyKeyServers`** (optional) - Whether to verify key server authenticity (default: `true`)
+- **`timeout`** (optional) - Timeout in milliseconds for network requests (default: `10000`)
+
+## Basic Usage
+
+### Encrypting Data
+
+```ts
+const data = new Uint8Array([1, 2, 3]);
+
+const { encryptedObject } = await client.seal.encrypt({
+	threshold: 2, // Number of key servers needed to decrypt
+	packageId: '0x...your-package-id',
+	id: '0x...your-object-id',
+	data,
+});
+```
+
+### Decrypting Data
+
+```ts
+// Create a session key for decryption
+const sessionKey = await SessionKey.create({
+	address: senderAddress,
+	packageId: '0x...your-package-id',
+	ttlMin: 10, // Time-to-live in minutes
+	signer: keypair,
+	suiClient: client,
+});
+
+// Build transaction bytes that call seal_approve
+const txBytes = await buildApprovalTransaction(/* ... */);
+
+// Decrypt the data
+const decryptedData = await client.seal.decrypt({
+	data: encryptedObject,
+	sessionKey,
+	txBytes,
+});
+```
+
+## Resources
+
+For detailed documentation on threshold encryption and key server setup, see the
+[Seal repository](https://github.com/MystenLabs/seal).

package/docs/llms-index.md

@@ -0,0 +1,6 @@
+# Seal
+
+> Use Seal, a decentralized secrets management service that secures your data using threshold
+> encryption and on-chain access control.
+
+- [Seal SDK](./index.md): Decentralized secrets management with threshold encryption on Sui

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mysten/seal",
-  "version": "1.0.1",
+  "version": "1.1.1",
   "description": "Seal SDK",
   "license": "Apache-2.0",
   "author": "Mysten Labs <build@mystenlabs.com>",
@@ -17,7 +17,8 @@
   "sideEffects": false,
   "files": [
     "CHANGELOG.md",
-    "dist"
+    "dist",
+    "docs"
   ],
   "repository": {
     "type": "git",
@@ -32,19 +33,20 @@
     "@types/node": "^25.0.8",
     "typescript": "^5.9.3",
     "vitest": "^4.0.17",
-    "@mysten/sui": "^2.3.2"
+    "@mysten/sui": "^2.8.0"
   },
   "dependencies": {
     "@noble/curves": "^2.0.1",
     "@noble/hashes": "^2.0.1",
-    "@mysten/bcs": "^2.0.2"
+    "@mysten/bcs": "^2.0.3"
   },
   "peerDependencies": {
-    "@mysten/sui": "^2.3.2"
+    "@mysten/sui": "^2.8.0"
   },
   "scripts": {
     "clean": "rm -rf tsconfig.tsbuildinfo ./dist",
     "build": "node genversion.mjs && rm -rf dist && tsc --noEmit && tsdown",
+    "build:docs": "tsx ../docs/scripts/build-docs.ts",
     "codegen:version": "node genversion.mjs",
     "vitest": "vitest",
     "test": "pnpm test:typecheck && pnpm test:unit",