@opendatalabs/vana-sdk 0.1.0-alpha.d6bebb0 → 0.1.0-alpha.e0e85d7

package/dist/browser.js

@@ -0,0 +1,822 @@
+var __defProp = Object.defineProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+
+// src/platform/shared/pgp-utils.ts
+var STANDARD_PGP_CONFIG = {
+  preferredCompressionAlgorithm: 2,
+  // zlib (openpgp.enums.compression.zlib)
+  preferredSymmetricAlgorithm: 7
+  // aes256 (openpgp.enums.symmetric.aes256)
+};
+function processPGPKeyOptions(options) {
+  return {
+    name: options?.name || "Vana User",
+    email: options?.email || "user@vana.org",
+    passphrase: options?.passphrase
+  };
+}
+function getPGPKeyGenParams(options) {
+  const { name, email, passphrase } = processPGPKeyOptions(options);
+  return {
+    type: "rsa",
+    rsaBits: 2048,
+    userIDs: [{ name, email }],
+    passphrase,
+    config: STANDARD_PGP_CONFIG
+  };
+}
+
+// src/platform/shared/error-utils.ts
+function wrapCryptoError(operation, error) {
+  const message = error instanceof Error ? error.message : "Unknown error";
+  return new Error(`${operation} failed: ${message}`);
+}
+
+// src/utils/lazy-import.ts
+function lazyImport(importFn) {
+  let cached = null;
+  return () => {
+    if (!cached) {
+      cached = importFn().catch((err) => {
+        cached = null;
+        throw new Error("Failed to load module", { cause: err });
+      });
+    }
+    return cached;
+  };
+}
+
+// src/utils/crypto-utils.ts
+import { toHex, fromHex } from "viem";
+function concatBytes(...arrays) {
+  const totalLength = arrays.reduce((sum, arr) => sum + arr.length, 0);
+  const result = new Uint8Array(totalLength);
+  let offset = 0;
+  for (const arr of arrays) {
+    result.set(arr, offset);
+    offset += arr.length;
+  }
+  return result;
+}
+function hexToBytes(hex) {
+  const prefixedHex = hex.startsWith("0x") ? hex : `0x${hex}`;
+  return fromHex(prefixedHex, "bytes");
+}
+function bytesToHex(bytes) {
+  return toHex(bytes).slice(2);
+}
+function processWalletPublicKey(publicKey) {
+  const publicKeyHex = typeof publicKey === "string" ? publicKey.startsWith("0x") ? publicKey.slice(2) : publicKey : bytesToHex(publicKey);
+  const publicKeyBytes = hexToBytes(publicKeyHex);
+  return publicKeyBytes.length === 64 ? concatBytes(new Uint8Array([4]), publicKeyBytes) : publicKeyBytes;
+}
+function processWalletPrivateKey(privateKey) {
+  const privateKeyHex = typeof privateKey === "string" ? privateKey.startsWith("0x") ? privateKey.slice(2) : privateKey : bytesToHex(privateKey);
+  return hexToBytes(privateKeyHex);
+}
+function parseEncryptedDataBuffer(encryptedBuffer) {
+  return {
+    iv: encryptedBuffer.slice(0, 16),
+    ephemPublicKey: encryptedBuffer.slice(16, 81),
+    // 65 bytes for uncompressed public key
+    ciphertext: encryptedBuffer.slice(81, -32),
+    mac: encryptedBuffer.slice(-32)
+  };
+}
+
+// src/crypto/services/WalletKeyEncryptionService.ts
+import { stringToBytes, bytesToString } from "viem";
+var WalletKeyEncryptionService = class {
+  constructor(config) {
+    __publicField(this, "eciesProvider");
+    this.eciesProvider = config.eciesProvider;
+  }
+  /**
+   * Encrypts data using a wallet's public key.
+   *
+   * @param data - The plaintext message to encrypt for the wallet owner.
+   * @param publicKey - The recipient wallet's public key for encryption.
+   * @returns A promise that resolves to the encrypted data as a hex string.
+   * @throws {Error} When encryption fails due to invalid key format.
+   *
+   * @example
+   * ```typescript
+   * const encrypted = await processor.encryptWithWalletPublicKey(
+   *   "Secret message",
+   *   "0x04..." // 65-byte uncompressed public key
+   * );
+   * console.log(`Encrypted: ${encrypted}`);
+   * ```
+   */
+  async encryptWithWalletPublicKey(data, publicKey) {
+    const publicKeyBytes = processWalletPublicKey(publicKey);
+    const dataBytes = stringToBytes(data);
+    const encrypted = await this.eciesProvider.encrypt(
+      publicKeyBytes,
+      dataBytes
+    );
+    const result = concatBytes(
+      encrypted.iv,
+      encrypted.ephemPublicKey,
+      encrypted.ciphertext,
+      encrypted.mac
+    );
+    return bytesToHex(result);
+  }
+  /**
+   * Decrypts data using a wallet's private key.
+   *
+   * @param encryptedData - The hex-encoded encrypted data to decrypt.
+   * @param privateKey - The wallet's private key for decryption.
+   * @returns A promise that resolves to the decrypted plaintext message.
+   * @throws {Error} When decryption fails due to invalid data or key format.
+   *
+   * @example
+   * ```typescript
+   * const decrypted = await processor.decryptWithWalletPrivateKey(
+   *   encryptedHexString,
+   *   "0x..." // 32-byte private key
+   * );
+   * console.log(`Decrypted: ${decrypted}`);
+   * ```
+   */
+  async decryptWithWalletPrivateKey(encryptedData, privateKey) {
+    const privateKeyBytes = processWalletPrivateKey(privateKey);
+    const encryptedBytes = hexToBytes(encryptedData);
+    const encrypted = parseEncryptedDataBuffer(encryptedBytes);
+    const decrypted = await this.eciesProvider.decrypt(
+      privateKeyBytes,
+      encrypted
+    );
+    return bytesToString(decrypted);
+  }
+  /**
+   * Encrypts a Uint8Array with a wallet public key
+   *
+   * @param data - Binary data to encrypt
+   * @param publicKey - Public key as hex string or Uint8Array
+   * @returns Encrypted data structure
+   */
+  async encryptBinary(data, publicKey) {
+    const publicKeyBytes = processWalletPublicKey(publicKey);
+    return this.eciesProvider.encrypt(publicKeyBytes, data);
+  }
+  /**
+   * Decrypts to a Uint8Array with a wallet private key
+   *
+   * @param encrypted - Encrypted data structure
+   * @param privateKey - Private key as hex string or Uint8Array
+   * @returns Decrypted binary data
+   */
+  async decryptBinary(encrypted, privateKey) {
+    const privateKeyBytes = processWalletPrivateKey(privateKey);
+    return this.eciesProvider.decrypt(privateKeyBytes, encrypted);
+  }
+  /**
+   * Gets the underlying ECIES provider
+   *
+   * @returns The ECIES provider instance
+   */
+  getECIESProvider() {
+    return this.eciesProvider;
+  }
+};
+
+// src/platform/browser.ts
+import { toHex as toHex2, fromHex as fromHex2, stringToBytes as stringToBytes2, bytesToString as bytesToString2 } from "viem";
+
+// src/crypto/ecies/utils.ts
+function concatBytes2(...arrays) {
+  const totalLength = arrays.reduce((sum, arr) => sum + arr.length, 0);
+  const result = new Uint8Array(totalLength);
+  let offset = 0;
+  for (const arr of arrays) {
+    result.set(arr, offset);
+    offset += arr.length;
+  }
+  return result;
+}
+function constantTimeEqual(a, b) {
+  if (a.length !== b.length) return false;
+  let result = 0;
+  for (let i = 0; i < a.length; i++) {
+    result |= a[i] ^ b[i];
+  }
+  return result === 0;
+}
+
+// src/platform/browser.ts
+import * as secp256k12 from "@noble/secp256k1";
+
+// src/crypto/ecies/browser.ts
+import * as secp256k1 from "@noble/secp256k1";
+
+// src/crypto/ecies/constants.ts
+var CURVE = {
+  /** The elliptic curve used (secp256k1 - same as Bitcoin/Ethereum) */
+  name: "secp256k1",
+  /** Private key length in bytes */
+  PRIVATE_KEY_LENGTH: 32,
+  /** Compressed public key length in bytes (0x02 or 0x03 prefix + 32 bytes) */
+  COMPRESSED_PUBLIC_KEY_LENGTH: 33,
+  /** Uncompressed public key length in bytes (0x04 prefix + 64 bytes) */
+  UNCOMPRESSED_PUBLIC_KEY_LENGTH: 65,
+  /** ECDH shared secret X coordinate length */
+  SHARED_SECRET_LENGTH: 32,
+  /** Public key prefixes */
+  PREFIX: {
+    /** Uncompressed public key prefix */
+    UNCOMPRESSED: 4,
+    /** Compressed public key prefix for even Y */
+    COMPRESSED_EVEN: 2,
+    /** Compressed public key prefix for odd Y */
+    COMPRESSED_ODD: 3
+  },
+  /** X coordinate starts at byte 1 (after prefix) */
+  X_COORDINATE_OFFSET: 1,
+  /** X coordinate ends at byte 33 (1 + 32) */
+  X_COORDINATE_END: 33
+};
+var CIPHER = {
+  /** Cipher algorithm - must match eccrypto */
+  algorithm: "aes-256-cbc",
+  /** AES key length in bytes */
+  KEY_LENGTH: 32,
+  /** Initialization vector length in bytes */
+  IV_LENGTH: 16,
+  /** Block size for AES */
+  BLOCK_SIZE: 16
+};
+var KDF = {
+  /** Hash algorithm for key derivation - must match eccrypto */
+  algorithm: "sha512",
+  /** Output length of SHA-512 in bytes */
+  OUTPUT_LENGTH: 64,
+  /** Encryption key slice (first 32 bytes of KDF output) */
+  ENCRYPTION_KEY_OFFSET: 0,
+  ENCRYPTION_KEY_LENGTH: 32,
+  /** MAC key slice (last 32 bytes of KDF output) */
+  MAC_KEY_OFFSET: 32,
+  MAC_KEY_LENGTH: 32
+};
+var MAC = {
+  /** MAC algorithm - must match eccrypto */
+  algorithm: "sha256",
+  /** HMAC-SHA256 output length in bytes */
+  LENGTH: 32
+};
+var FORMAT = {
+  /** Offsets for each component in serialized format */
+  IV_OFFSET: 0,
+  IV_LENGTH: CIPHER.IV_LENGTH,
+  /** Ephemeral public key (always uncompressed in eccrypto format) */
+  EPHEMERAL_KEY_OFFSET: CIPHER.IV_LENGTH,
+  EPHEMERAL_KEY_LENGTH: CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,
+  /** Ciphertext starts after IV and ephemeral key */
+  CIPHERTEXT_OFFSET: CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH,
+  /** MAC is always the last 32 bytes */
+  MAC_LENGTH: MAC.LENGTH,
+  /** Minimum size of encrypted data (IV + ephemKey + MAC, no ciphertext) */
+  MIN_ENCRYPTED_LENGTH: CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH + MAC.LENGTH,
+  /**
+   * Helper to calculate total length of encrypted data
+   *
+   * @param ciphertextLength - Length of the ciphertext portion
+   * @returns Total length including all components
+   */
+  getTotalLength: (ciphertextLength) => CIPHER.IV_LENGTH + CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH + ciphertextLength + MAC.LENGTH
+};
+
+// src/crypto/ecies/interface.ts
+var ECIESError = class extends Error {
+  constructor(message, code, cause) {
+    super(message);
+    this.code = code;
+    this.cause = cause;
+    this.name = "ECIESError";
+  }
+};
+function isECIESEncrypted(obj) {
+  if (!obj || typeof obj !== "object") return false;
+  const enc = obj;
+  const isUint8Array = (value) => {
+    return value instanceof Uint8Array || typeof Buffer !== "undefined" && Buffer.isBuffer(value);
+  };
+  return isUint8Array(enc.iv) && enc.iv.length === CIPHER.IV_LENGTH && isUint8Array(enc.ephemPublicKey) && (enc.ephemPublicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH || enc.ephemPublicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) && isUint8Array(enc.ciphertext) && enc.ciphertext.length > 0 && isUint8Array(enc.mac) && enc.mac.length === MAC.LENGTH;
+}
+
+// src/crypto/ecies/base.ts
+var _BaseECIESUint8 = class _BaseECIESUint8 {
+  /**
+   * Normalizes a public key to uncompressed format.
+   *
+   * @param publicKey - Public key in any format.
+   * @returns Uncompressed public key (65 bytes).
+   * @throws {ECIESError} If key format is invalid.
+   */
+  normalizePublicKey(publicKey) {
+    if (_BaseECIESUint8.validatedKeys.has(publicKey)) {
+      return publicKey;
+    }
+    if (publicKey.length === CURVE.UNCOMPRESSED_PUBLIC_KEY_LENGTH) {
+      if (publicKey[0] !== CURVE.PREFIX.UNCOMPRESSED) {
+        throw new ECIESError(
+          "Invalid uncompressed public key prefix",
+          "INVALID_KEY"
+        );
+      }
+      if (!this.validatePublicKey(publicKey)) {
+        throw new ECIESError("Invalid public key", "INVALID_KEY");
+      }
+      _BaseECIESUint8.validatedKeys.set(publicKey, true);
+      return publicKey;
+    }
+    if (publicKey.length === CURVE.COMPRESSED_PUBLIC_KEY_LENGTH) {
+      const decompressed = this.decompressPublicKey(publicKey);
+      if (!decompressed) {
+        throw new ECIESError("Failed to decompress public key", "INVALID_KEY");
+      }
+      _BaseECIESUint8.validatedKeys.set(decompressed, true);
+      return decompressed;
+    }
+    throw new ECIESError(
+      `Invalid public key length: ${publicKey.length}`,
+      "INVALID_KEY"
+    );
+  }
+  /**
+   * Encrypts data using ECIES.
+   *
+   * @param publicKey - The recipient's public key (compressed or uncompressed)
+   * @param message - The data to encrypt
+   * @returns Promise resolving to encrypted data structure
+   */
+  async encrypt(publicKey, message) {
+    try {
+      if (!(publicKey instanceof Uint8Array)) {
+        throw new ECIESError("Public key must be a Uint8Array", "INVALID_KEY");
+      }
+      if (!(message instanceof Uint8Array)) {
+        throw new ECIESError(
+          "Message must be a Uint8Array",
+          "ENCRYPTION_FAILED"
+        );
+      }
+      if (publicKey.length === 0) {
+        throw new ECIESError("Public key cannot be empty", "INVALID_KEY");
+      }
+      const pubKey = this.normalizePublicKey(publicKey);
+      let ephemeralPrivateKey;
+      do {
+        ephemeralPrivateKey = this.generateRandomBytes(
+          CURVE.PRIVATE_KEY_LENGTH
+        );
+      } while (!this.verifyPrivateKey(ephemeralPrivateKey));
+      const ephemeralPublicKey = this.createPublicKey(
+        ephemeralPrivateKey,
+        false
+      );
+      if (!ephemeralPublicKey) {
+        throw new ECIESError(
+          "Failed to generate ephemeral public key",
+          "ENCRYPTION_FAILED"
+        );
+      }
+      const sharedSecret = this.performECDH(pubKey, ephemeralPrivateKey);
+      const kdf = this.sha512(sharedSecret);
+      const encryptionKey = kdf.slice(
+        KDF.ENCRYPTION_KEY_OFFSET,
+        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH
+      );
+      const macKey = kdf.slice(
+        KDF.MAC_KEY_OFFSET,
+        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH
+      );
+      const iv = this.generateRandomBytes(CIPHER.IV_LENGTH);
+      const ciphertext = await this.aesEncrypt(encryptionKey, iv, message);
+      const macData = concatBytes2(iv, ephemeralPublicKey, ciphertext);
+      const mac = this.hmacSha256(macKey, macData);
+      this.clearBuffer(ephemeralPrivateKey);
+      this.clearBuffer(sharedSecret);
+      this.clearBuffer(kdf);
+      return {
+        iv,
+        ephemPublicKey: ephemeralPublicKey,
+        ciphertext,
+        mac
+      };
+    } catch (error) {
+      if (error instanceof ECIESError) throw error;
+      throw new ECIESError(
+        `Encryption failed: ${error instanceof Error ? error.message : "Unknown error"}`,
+        "ENCRYPTION_FAILED",
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+  /**
+   * Decrypts ECIES encrypted data.
+   *
+   * @param privateKey - The recipient's private key (32 bytes)
+   * @param encrypted - The encrypted data structure from encrypt()
+   * @returns Promise resolving to the original plaintext
+   */
+  async decrypt(privateKey, encrypted) {
+    try {
+      if (!(privateKey instanceof Uint8Array)) {
+        throw new ECIESError("Private key must be a Uint8Array", "INVALID_KEY");
+      }
+      if (!isECIESEncrypted(encrypted)) {
+        throw new ECIESError(
+          "Invalid encrypted data structure",
+          "DECRYPTION_FAILED"
+        );
+      }
+      if (privateKey.length !== CURVE.PRIVATE_KEY_LENGTH) {
+        throw new ECIESError(
+          `Invalid private key length: ${privateKey.length}`,
+          "INVALID_KEY"
+        );
+      }
+      if (!this.verifyPrivateKey(privateKey)) {
+        throw new ECIESError("Invalid private key", "INVALID_KEY");
+      }
+      const ephemeralPublicKey = this.normalizePublicKey(
+        encrypted.ephemPublicKey
+      );
+      const sharedSecret = this.performECDH(ephemeralPublicKey, privateKey);
+      const kdf = this.sha512(sharedSecret);
+      const encryptionKey = kdf.slice(
+        KDF.ENCRYPTION_KEY_OFFSET,
+        KDF.ENCRYPTION_KEY_OFFSET + KDF.ENCRYPTION_KEY_LENGTH
+      );
+      const macKey = kdf.slice(
+        KDF.MAC_KEY_OFFSET,
+        KDF.MAC_KEY_OFFSET + KDF.MAC_KEY_LENGTH
+      );
+      const macData = concatBytes2(
+        encrypted.iv,
+        encrypted.ephemPublicKey,
+        encrypted.ciphertext
+      );
+      const expectedMac = this.hmacSha256(macKey, macData);
+      if (!constantTimeEqual(encrypted.mac, expectedMac)) {
+        throw new ECIESError("MAC verification failed", "MAC_MISMATCH");
+      }
+      const decrypted = await this.aesDecrypt(
+        encryptionKey,
+        encrypted.iv,
+        encrypted.ciphertext
+      );
+      this.clearBuffer(sharedSecret);
+      this.clearBuffer(kdf);
+      return decrypted;
+    } catch (error) {
+      if (error instanceof ECIESError) throw error;
+      throw new ECIESError(
+        `Decryption failed: ${error instanceof Error ? error.message : "Unknown error"}`,
+        "DECRYPTION_FAILED",
+        error instanceof Error ? error : void 0
+      );
+    }
+  }
+  /**
+   * Clears sensitive data from memory using multi-pass overwrite.
+   *
+   * @remarks
+   * Uses multiple passes with different patterns to make it harder
+   * for JIT compilers to optimize away the operation. While not
+   * guaranteed in JavaScript, this is a best-effort approach to
+   * clear sensitive data from memory.
+   *
+   * @param buffer - The buffer to clear
+   */
+  clearBuffer(buffer) {
+    if (buffer && buffer.length > 0) {
+      buffer.fill(0);
+      buffer.fill(255);
+      buffer.fill(170);
+      buffer.fill(0);
+      for (let i = 0; i < buffer.length; i++) {
+        buffer[i] = i & 255 ^ 90;
+      }
+      buffer.fill(0);
+    }
+  }
+};
+// Cache for validated public keys to avoid repeated validation
+__publicField(_BaseECIESUint8, "validatedKeys", /* @__PURE__ */ new WeakMap());
+var BaseECIESUint8 = _BaseECIESUint8;
+
+// src/crypto/ecies/browser.ts
+import { hmac } from "@noble/hashes/hmac";
+import { sha256, sha512 as nobleSha512 } from "@noble/hashes/sha2";
+var BrowserECIESUint8Provider = class extends BaseECIESUint8 {
+  generateRandomBytes(length) {
+    const bytes = new Uint8Array(length);
+    crypto.getRandomValues(bytes);
+    return bytes;
+  }
+  verifyPrivateKey(privateKey) {
+    try {
+      return secp256k1.utils.isValidPrivateKey(privateKey);
+    } catch {
+      return false;
+    }
+  }
+  createPublicKey(privateKey, compressed) {
+    try {
+      return secp256k1.getPublicKey(privateKey, compressed);
+    } catch {
+      return null;
+    }
+  }
+  validatePublicKey(publicKey) {
+    try {
+      secp256k1.Point.fromHex(publicKey);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  decompressPublicKey(publicKey) {
+    try {
+      const point = secp256k1.Point.fromHex(publicKey);
+      return point.toRawBytes(false);
+    } catch {
+      return null;
+    }
+  }
+  performECDH(publicKey, privateKey) {
+    try {
+      const sharedPoint = secp256k1.getSharedSecret(
+        privateKey,
+        publicKey,
+        true
+      );
+      return sharedPoint.slice(1);
+    } catch (error) {
+      throw new Error(
+        `ECDH failed: ${error instanceof Error ? error.message : "Unknown error"}`
+      );
+    }
+  }
+  sha512(data) {
+    return nobleSha512(data);
+  }
+  hmacSha256(key, data) {
+    return hmac(sha256, key, data);
+  }
+  async aesEncrypt(key, iv, plaintext) {
+    const cryptoKey = await crypto.subtle.importKey(
+      "raw",
+      key,
+      { name: "AES-CBC" },
+      false,
+      ["encrypt"]
+    );
+    const encrypted = await crypto.subtle.encrypt(
+      { name: "AES-CBC", iv },
+      cryptoKey,
+      plaintext
+    );
+    return new Uint8Array(encrypted);
+  }
+  async aesDecrypt(key, iv, ciphertext) {
+    const cryptoKey = await crypto.subtle.importKey(
+      "raw",
+      key,
+      { name: "AES-CBC" },
+      false,
+      ["decrypt"]
+    );
+    const decrypted = await crypto.subtle.decrypt(
+      { name: "AES-CBC", iv },
+      cryptoKey,
+      ciphertext
+    );
+    return new Uint8Array(decrypted);
+  }
+};
+
+// src/platform/browser.ts
+var getOpenPGP = lazyImport(() => import("openpgp"));
+var BrowserCryptoAdapter = class {
+  constructor() {
+    __publicField(this, "eciesProvider", new BrowserECIESUint8Provider());
+    __publicField(this, "walletKeyEncryptionService", new WalletKeyEncryptionService({
+      eciesProvider: this.eciesProvider
+    }));
+  }
+  async encryptWithPublicKey(data, publicKeyHex) {
+    try {
+      const prefixedHex = publicKeyHex.startsWith("0x") ? publicKeyHex : `0x${publicKeyHex}`;
+      const publicKeyBytes = fromHex2(prefixedHex, "bytes");
+      const encrypted = await this.eciesProvider.encrypt(
+        publicKeyBytes,
+        stringToBytes2(data)
+      );
+      const result = concatBytes2(
+        encrypted.iv,
+        encrypted.ephemPublicKey,
+        encrypted.ciphertext,
+        encrypted.mac
+      );
+      return toHex2(result).slice(2);
+    } catch (error) {
+      throw wrapCryptoError("encryptWithPublicKey", error);
+    }
+  }
+  async decryptWithPrivateKey(encryptedData, privateKeyHex) {
+    try {
+      const encryptedHex = encryptedData.startsWith("0x") ? encryptedData : `0x${encryptedData}`;
+      const privateHex = privateKeyHex.startsWith("0x") ? privateKeyHex : `0x${privateKeyHex}`;
+      const encryptedBytes = fromHex2(encryptedHex, "bytes");
+      const privateKeyBytes = fromHex2(privateHex, "bytes");
+      const encrypted = parseEncryptedDataBuffer(encryptedBytes);
+      const decrypted = await this.eciesProvider.decrypt(
+        privateKeyBytes,
+        encrypted
+      );
+      return bytesToString2(decrypted);
+    } catch (error) {
+      throw wrapCryptoError("decryptWithPrivateKey", error);
+    }
+  }
+  async encryptWithWalletPublicKey(data, publicKey) {
+    try {
+      return await this.walletKeyEncryptionService.encryptWithWalletPublicKey(
+        data,
+        publicKey
+      );
+    } catch (error) {
+      throw wrapCryptoError("encryptWithWalletPublicKey", error);
+    }
+  }
+  async decryptWithWalletPrivateKey(encryptedData, privateKey) {
+    try {
+      return await this.walletKeyEncryptionService.decryptWithWalletPrivateKey(
+        encryptedData,
+        privateKey
+      );
+    } catch (error) {
+      throw wrapCryptoError("decryptWithWalletPrivateKey", error);
+    }
+  }
+  async generateKeyPair() {
+    try {
+      const privateKeyBytes = secp256k12.utils.randomPrivateKey();
+      const publicKeyBytes = secp256k12.getPublicKey(privateKeyBytes, true);
+      return {
+        privateKey: toHex2(privateKeyBytes).slice(2),
+        publicKey: toHex2(publicKeyBytes).slice(2)
+      };
+    } catch (error) {
+      throw wrapCryptoError("generateKeyPair", error);
+    }
+  }
+  async encryptWithPassword(data, password) {
+    try {
+      const openpgp = await getOpenPGP();
+      const message = await openpgp.createMessage({ binary: data });
+      const encrypted = await openpgp.encrypt({
+        message,
+        passwords: [password],
+        format: "binary"
+      });
+      return new Uint8Array(encrypted);
+    } catch (error) {
+      throw wrapCryptoError("encryptWithPassword", error);
+    }
+  }
+  async decryptWithPassword(encryptedData, password) {
+    try {
+      const openpgp = await getOpenPGP();
+      const message = await openpgp.readMessage({
+        binaryMessage: encryptedData
+      });
+      const { data } = await openpgp.decrypt({
+        message,
+        passwords: [password],
+        format: "binary"
+      });
+      return new Uint8Array(data);
+    } catch (error) {
+      throw wrapCryptoError("decryptWithPassword", error);
+    }
+  }
+};
+var BrowserPGPAdapter = class {
+  async encrypt(data, publicKeyArmored) {
+    try {
+      const openpgp = await getOpenPGP();
+      const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
+      const encrypted = await openpgp.encrypt({
+        message: await openpgp.createMessage({ text: data }),
+        encryptionKeys: publicKey,
+        config: {
+          preferredCompressionAlgorithm: openpgp.enums.compression.zlib
+        }
+      });
+      return encrypted;
+    } catch (error) {
+      throw new Error(`PGP encryption failed: ${error}`);
+    }
+  }
+  async decrypt(encryptedData, privateKeyArmored) {
+    try {
+      const openpgp = await getOpenPGP();
+      const privateKey = await openpgp.readPrivateKey({
+        armoredKey: privateKeyArmored
+      });
+      const message = await openpgp.readMessage({
+        armoredMessage: encryptedData
+      });
+      const { data: decrypted } = await openpgp.decrypt({
+        message,
+        decryptionKeys: privateKey
+      });
+      return decrypted;
+    } catch (error) {
+      throw new Error(`PGP decryption failed: ${error}`);
+    }
+  }
+  async generateKeyPair(options) {
+    try {
+      const openpgp = await getOpenPGP();
+      const keyGenParams = getPGPKeyGenParams(options);
+      const { privateKey, publicKey } = await openpgp.generateKey(keyGenParams);
+      return { publicKey, privateKey };
+    } catch (error) {
+      throw wrapCryptoError("PGP key generation", error);
+    }
+  }
+};
+var BrowserHttpAdapter = class {
+  async fetch(url, options) {
+    return fetch(url, options);
+  }
+};
+var BrowserCacheAdapter = class {
+  constructor() {
+    __publicField(this, "prefix", "vana_cache_");
+  }
+  get(key) {
+    try {
+      if (typeof sessionStorage === "undefined") {
+        return null;
+      }
+      return sessionStorage.getItem(this.prefix + key);
+    } catch {
+      return null;
+    }
+  }
+  set(key, value) {
+    try {
+      if (typeof sessionStorage === "undefined") {
+        return;
+      }
+      sessionStorage.setItem(this.prefix + key, value);
+    } catch {
+    }
+  }
+  delete(key) {
+    try {
+      if (typeof sessionStorage === "undefined") {
+        return;
+      }
+      sessionStorage.removeItem(this.prefix + key);
+    } catch {
+    }
+  }
+  clear() {
+    try {
+      if (typeof sessionStorage === "undefined") {
+        return;
+      }
+      const keysToRemove = [];
+      for (let i = 0; i < sessionStorage.length; i++) {
+        const key = sessionStorage.key(i);
+        if (key?.startsWith(this.prefix)) {
+          keysToRemove.push(key);
+        }
+      }
+      keysToRemove.forEach((key) => sessionStorage.removeItem(key));
+    } catch {
+    }
+  }
+};
+var BrowserPlatformAdapter = class {
+  constructor() {
+    __publicField(this, "crypto", new BrowserCryptoAdapter());
+    __publicField(this, "pgp", new BrowserPGPAdapter());
+    __publicField(this, "http", new BrowserHttpAdapter());
+    __publicField(this, "cache", new BrowserCacheAdapter());
+    __publicField(this, "platform", "browser");
+  }
+};
+export {
+  BrowserPlatformAdapter
+};
+//# sourceMappingURL=browser.js.map