@premai/api-sdk 1.0.42 → 1.0.44

package/dist/cli-claude.mjs

@@ -236,7 +236,7 @@ function interactivePickModel(models) {
 import express from "express";
 
 // src/anthropic/http.ts
-import { randomBytes as randomBytes3 } from "node:crypto";
+import { bytesToHex as bytesToHex3, randomBytes as randomBytes3 } from "@noble/ciphers/utils.js";
 var ANTHROPIC_VERSION_DEFAULT = "2023-06-01";
 var ANTHROPIC_VERSION_DATE = /^\d{4}-\d{2}-\d{2}$/;
 function isAnthropicApiVersionSupported(version) {
@@ -246,10 +246,10 @@ function isAnthropicApiVersionSupported(version) {
   return ANTHROPIC_VERSION_DATE.test(version);
 }
 function newAnthropicRequestId() {
-  return `req_${randomBytes3(12).toString("hex")}`;
+  return `req_${bytesToHex3(randomBytes3(12))}`;
 }
 function newAnthropicMessageId() {
-  return `msg_${randomBytes3(12).toString("hex")}`;
+  return `msg_${bytesToHex3(randomBytes3(12))}`;
 }
 function extractAnthropicApiKey(req) {
   const raw = req.headers["x-api-key"];
@@ -1136,7 +1136,7 @@ function registerAnthropicModelsRoute(router, deps) {
 import multer from "multer";
 
 // src/audio/index.ts
-import { bytesToHex as bytesToHex3, hexToBytes as hexToBytes3 } from "@noble/ciphers/utils.js";
+import { bytesToHex as bytesToHex4, hexToBytes as hexToBytes3 } from "@noble/ciphers/utils.js";
 
 // src/utils/attestation.ts
 var cachedPrem;
@@ -1378,13 +1378,13 @@ async function preprocessAudioRequest(body, encryptionKeys) {
   const { encrypted: encryptedFileName, nonce: fileNameNonce } = encryptPayload(sharedSecret, fileName);
   return {
     body: {
-      cipherText: bytesToHex3(cipherText),
-      encryptedInference: bytesToHex3(encrypted),
-      nonce: bytesToHex3(nonce),
-      fileNameNonce: bytesToHex3(fileNameNonce),
-      encryptedFileName: bytesToHex3(encryptedFileName),
-      fileNonce: bytesToHex3(fileNonce),
-      encryptedFile: bytesToHex3(encryptedFile),
+      cipherText: bytesToHex4(cipherText),
+      encryptedInference: bytesToHex4(encrypted),
+      nonce: bytesToHex4(nonce),
+      fileNameNonce: bytesToHex4(fileNameNonce),
+      encryptedFileName: bytesToHex4(encryptedFileName),
+      fileNonce: bytesToHex4(fileNonce),
+      encryptedFile: bytesToHex4(encryptedFile),
       model: body.model
     },
     sharedSecret
@@ -1424,13 +1424,13 @@ async function preprocessAudioTranslationRequest(body, encryptionKeys) {
   const { encrypted: encryptedFileName, nonce: fileNameNonce } = encryptPayload(sharedSecret, fileName);
   return {
     body: {
-      cipherText: bytesToHex3(cipherText),
-      encryptedInference: bytesToHex3(encrypted),
-      nonce: bytesToHex3(nonce),
-      fileNameNonce: bytesToHex3(fileNameNonce),
-      encryptedFileName: bytesToHex3(encryptedFileName),
-      fileNonce: bytesToHex3(fileNonce),
-      encryptedFile: bytesToHex3(encryptedFile),
+      cipherText: bytesToHex4(cipherText),
+      encryptedInference: bytesToHex4(encrypted),
+      nonce: bytesToHex4(nonce),
+      fileNameNonce: bytesToHex4(fileNameNonce),
+      encryptedFileName: bytesToHex4(encryptedFileName),
+      fileNonce: bytesToHex4(fileNonce),
+      encryptedFile: bytesToHex4(encryptedFile),
       model: body.model
     },
     sharedSecret
@@ -1508,7 +1508,7 @@ function createAudioClient(apiKey, encryptionKeys, requestTimeoutMs = DEFAULT_RE
 }
 
 // src/files/index.ts
-import { bytesToHex as bytesToHex4, hexToBytes as hexToBytes4, randomBytes as randomBytes4 } from "@noble/ciphers/utils.js";
+import { bytesToHex as bytesToHex5, hexToBytes as hexToBytes4, randomBytes as randomBytes4 } from "@noble/ciphers/utils.js";
 import { sha256 as sha2562 } from "@noble/hashes/sha2.js";
 import { isValid, parseISO } from "date-fns";
 import { z } from "zod";
@@ -1678,13 +1678,13 @@ async function prepareEncryptedPayload(dekStore, options, apiKey, clientKEK, tim
   const wrappedDEK = wrapDEK(_clientKEK, dek);
   const clientKID = clientKEK ? getClientKID(clientKEK) : getClientKID();
   const filePayload = {
-    client_hash: bytesToHex4(sha2562(fileBytes)),
-    encrypted_content: bytesToHex4(encryptedFile),
+    client_hash: bytesToHex5(sha2562(fileBytes)),
+    encrypted_content: bytesToHex5(encryptedFile),
     encrypted_name: encryptedName,
     kid: clientKID,
     mime_type: encryptedMimeType,
     version: "2",
-    wrapped_dek: bytesToHex4(wrappedDEK)
+    wrapped_dek: bytesToHex5(wrappedDEK)
   };
   if (options.ragIndex) {
     await addRagIndexToPayload(dekStore, dek, filePayload, apiKey, clientKEK, timeoutMs);
@@ -1699,7 +1699,7 @@ async function addRagIndexToPayload(dekStore, dek, filePayload, apiKey, clientKE
     const wrappedRagDEK = wrapDEK(_clientKEK, ragDEK);
     dekStore.ragDEK = wrappedRagDEK;
     try {
-      await saveRagDEKToBackend(apiKey, bytesToHex4(wrappedRagDEK), timeoutMs);
+      await saveRagDEKToBackend(apiKey, bytesToHex5(wrappedRagDEK), timeoutMs);
     } catch (error) {
       console.error("Warning: Failed to save RAG DEK to backend:", error);
     }
@@ -1710,11 +1710,11 @@ async function addRagIndexToPayload(dekStore, dek, filePayload, apiKey, clientKE
   const { cipherText, sharedSecret } = createMLKEMEncapsulation(enclavePublicKey);
   const { encrypted: encryptedFileDEK, nonce: fileNonce } = encryptPayload(sharedSecret, dek);
   const { encrypted: encryptedRagDEK, nonce: ragDEKNonce } = encryptPayload(sharedSecret, ragDEK);
-  filePayload.encrypted_file_dek = bytesToHex4(encryptedFileDEK);
-  filePayload.encrypted_rag_dek = bytesToHex4(encryptedRagDEK);
-  filePayload.file_nonce = bytesToHex4(fileNonce);
-  filePayload.rag_dek_nonce = bytesToHex4(ragDEKNonce);
-  filePayload.cipher_text = bytesToHex4(cipherText);
+  filePayload.encrypted_file_dek = bytesToHex5(encryptedFileDEK);
+  filePayload.encrypted_rag_dek = bytesToHex5(encryptedRagDEK);
+  filePayload.file_nonce = bytesToHex5(fileNonce);
+  filePayload.rag_dek_nonce = bytesToHex5(ragDEKNonce);
+  filePayload.cipher_text = bytesToHex5(cipherText);
 }
 async function performUpload(apiKey, filePayload, controller) {
   const uploadResponse = await fetch(`${endpoints.proxy}/files/encrypted/upload`, {
@@ -1925,12 +1925,12 @@ async function indexFiles(apiKey, dekStore, options, clientKEK, timeoutMs = DEFA
     const { encrypted: encryptedRagDEK, nonce: ragDEKNonce } = encryptPayload(sharedSecret, ragDEK);
     return {
       file_id: file.fileId,
-      encrypted_file_dek: bytesToHex4(encryptedFileDEK),
-      encrypted_rag_dek: bytesToHex4(encryptedRagDEK),
-      file_nonce: bytesToHex4(fileNonce),
-      rag_dek_nonce: bytesToHex4(ragDEKNonce),
+      encrypted_file_dek: bytesToHex5(encryptedFileDEK),
+      encrypted_rag_dek: bytesToHex5(encryptedRagDEK),
+      file_nonce: bytesToHex5(fileNonce),
+      rag_dek_nonce: bytesToHex5(ragDEKNonce),
       s3_r2_path: file.filePath,
-      cipher_text: bytesToHex4(cipherText)
+      cipher_text: bytesToHex5(cipherText)
     };
   });
   const controller = new AbortController;
@@ -1983,9 +1983,9 @@ async function deleteIndex(apiKey, dekStore, options, clientKEK, timeoutMs = DEF
         "Content-Type": "application/json"
       },
       body: JSON.stringify({
-        cipher_text: bytesToHex4(cipherText),
-        encrypted_rag_dek: bytesToHex4(encryptedRagDEK),
-        rag_dek_nonce: bytesToHex4(ragDEKNonce),
+        cipher_text: bytesToHex5(cipherText),
+        encrypted_rag_dek: bytesToHex5(encryptedRagDEK),
+        rag_dek_nonce: bytesToHex5(ragDEKNonce),
         fileIds: options.fileIds
       }),
       signal: controller.signal
@@ -2061,16 +2061,16 @@ function createModelsClient(apiKey, timeoutMs = DEFAULT_REQUEST_TIMEOUT_MS) {
 }
 
 // src/rvenc/index.ts
-import { bytesToHex as bytesToHex5, hexToBytes as hexToBytes5 } from "@noble/ciphers/utils.js";
+import { bytesToHex as bytesToHex6, hexToBytes as hexToBytes5 } from "@noble/ciphers/utils.js";
 import OpenAI from "openai";
 function preprocessRequest(body, encryptionKeys) {
   const { cipherText, sharedSecret } = encryptionKeys;
   const { encrypted, nonce } = encryptPayload(sharedSecret, body);
   return {
     body: {
-      cipherText: bytesToHex5(cipherText),
-      encryptedInference: bytesToHex5(encrypted),
-      nonce: bytesToHex5(nonce),
+      cipherText: bytesToHex6(cipherText),
+      encryptedInference: bytesToHex6(encrypted),
+      nonce: bytesToHex6(nonce),
       model: body.model,
       stream: body.stream === true
     },
@@ -2227,7 +2227,7 @@ async function* createDecryptedStreamGenerator(reader, sharedSecret, nonce, maxB
 }
 
 // src/tools/index.ts
-import { bytesToHex as bytesToHex6, hexToBytes as hexToBytes6, randomBytes as randomBytes5 } from "@noble/ciphers/utils.js";
+import { bytesToHex as bytesToHex7, hexToBytes as hexToBytes6, randomBytes as randomBytes5 } from "@noble/ciphers/utils.js";
 var FILE_OUTPUT_TOOLS = ["generateImage", "audioGenerateFromText", "createFileForUser"];
 var FILE_INPUT_TOOLS = [
   "imageDescribeAndCaption",
@@ -2328,9 +2328,9 @@ async function callSimpleTool(toolName, params, apiKey, timeoutMs, attest2) {
   const { cipherText, sharedSecret } = createMLKEMEncapsulation(enclavePublicKey);
   const { encrypted, nonce } = encryptPayload(sharedSecret, params);
   const body = {
-    cipherText: bytesToHex6(cipherText),
-    encryptedParams: bytesToHex6(encrypted),
-    nonce: bytesToHex6(nonce)
+    cipherText: bytesToHex7(cipherText),
+    encryptedParams: bytesToHex7(encrypted),
+    nonce: bytesToHex7(nonce)
   };
   const response = await callToolRequest(toolName, body, apiKey, timeoutMs, attest2);
   return decryptPayload(response.encryptedResponse, sharedSecret, hexToBytes6(response.nonce));
@@ -2345,13 +2345,13 @@ async function callFileOutputTool(toolName, params, apiKey, dekStore, clientKEK,
   const wrappedDEK = wrapDEK(_clientKEK, dek);
   const clientKID = clientKEK ? getClientKID(clientKEK) : getClientKID();
   const body = {
-    cipherText: bytesToHex6(cipherText),
-    encryptedParams: bytesToHex6(encrypted),
-    nonce: bytesToHex6(nonce),
-    encryptedDEK: bytesToHex6(encryptedDEK),
-    dekNonce: bytesToHex6(dekNonce),
+    cipherText: bytesToHex7(cipherText),
+    encryptedParams: bytesToHex7(encrypted),
+    nonce: bytesToHex7(nonce),
+    encryptedDEK: bytesToHex7(encryptedDEK),
+    dekNonce: bytesToHex7(dekNonce),
     kid: clientKID,
-    wrappedDEK: bytesToHex6(wrappedDEK)
+    wrappedDEK: bytesToHex7(wrappedDEK)
   };
   const response = await callToolRequest(toolName, body, apiKey, timeoutMs, attest2);
   const result = await downloadAndDecryptFile(response, dek, apiKey, timeoutMs);
@@ -2386,13 +2386,13 @@ async function callFileInputTool(toolName, params, apiKey, dekStore, clientKEK,
   }
   const { encrypted: encryptedFileDEK, nonce: fileDEKNonce } = encryptPayload(sharedSecret, fileDEK);
   const body = {
-    cipherText: bytesToHex6(cipherText),
-    nonce: bytesToHex6(nonce),
+    cipherText: bytesToHex7(cipherText),
+    nonce: bytesToHex7(nonce),
     fileId: params.fileId,
-    encryptedDEK: bytesToHex6(encryptedDEK),
-    dekNonce: bytesToHex6(dekNonce),
-    encryptedFileDEK: bytesToHex6(encryptedFileDEK),
-    fileDEKNonce: bytesToHex6(fileDEKNonce)
+    encryptedDEK: bytesToHex7(encryptedDEK),
+    dekNonce: bytesToHex7(dekNonce),
+    encryptedFileDEK: bytesToHex7(encryptedFileDEK),
+    fileDEKNonce: bytesToHex7(fileDEKNonce)
   };
   const response = await callToolRequest(toolName, body, apiKey, timeoutMs, attest2);
   return decryptPayload(response.encryptedResponse, sharedSecret, hexToBytes6(response.nonce));
@@ -2420,8 +2420,8 @@ async function callRagTool(toolName, params, apiKey, dekStore, clientKEK, timeou
     const { encrypted: encryptedFileDEK, nonce: fileDEKNonce } = encryptPayload(sharedSecret, unwrappedFileDEK);
     acc.push({
       fileId,
-      encryptedDEK: bytesToHex6(encryptedFileDEK),
-      nonce: bytesToHex6(fileDEKNonce)
+      encryptedDEK: bytesToHex7(encryptedFileDEK),
+      nonce: bytesToHex7(fileDEKNonce)
     });
     return acc;
   }, []);
@@ -2435,16 +2435,16 @@ async function callRagTool(toolName, params, apiKey, dekStore, clientKEK, timeou
   const { encrypted: encryptedRagDEK, nonce: ragDEKNonce } = encryptPayload(sharedSecret, ragDEK);
   const { encrypted: encryptedRagVersion, nonce: ragVersionNonce } = encryptPayload(sharedSecret, dekStore.ragVersion);
   const body = {
-    cipherText: bytesToHex6(cipherText),
-    encryptedParams: bytesToHex6(encrypted),
-    nonce: bytesToHex6(nonce),
-    encryptedDEK: bytesToHex6(encryptedDEK),
-    dekNonce: bytesToHex6(dekNonce),
+    cipherText: bytesToHex7(cipherText),
+    encryptedParams: bytesToHex7(encrypted),
+    nonce: bytesToHex7(nonce),
+    encryptedDEK: bytesToHex7(encryptedDEK),
+    dekNonce: bytesToHex7(dekNonce),
     encryptedFileDEKs,
-    encryptedRagDEK: bytesToHex6(encryptedRagDEK),
-    ragDEKNonce: bytesToHex6(ragDEKNonce),
-    encryptedRagVersion: bytesToHex6(encryptedRagVersion),
-    ragVersionNonce: bytesToHex6(ragVersionNonce)
+    encryptedRagDEK: bytesToHex7(encryptedRagDEK),
+    ragDEKNonce: bytesToHex7(ragDEKNonce),
+    encryptedRagVersion: bytesToHex7(encryptedRagVersion),
+    ragVersionNonce: bytesToHex7(ragVersionNonce)
   };
   const response = await callToolRequest(toolName, body, apiKey, timeoutMs, attest2);
   return decryptPayload(response.encryptedResponse, sharedSecret, hexToBytes6(response.nonce));

package/dist/cli.mjs

@@ -9,7 +9,7 @@ import { parseArgs } from "node:util";
 import express from "express";
 
 // src/anthropic/http.ts
-import { randomBytes } from "node:crypto";
+import { bytesToHex, randomBytes } from "@noble/ciphers/utils.js";
 var ANTHROPIC_VERSION_DEFAULT = "2023-06-01";
 var ANTHROPIC_VERSION_DATE = /^\d{4}-\d{2}-\d{2}$/;
 function isAnthropicApiVersionSupported(version) {
@@ -19,10 +19,10 @@ function isAnthropicApiVersionSupported(version) {
   return ANTHROPIC_VERSION_DATE.test(version);
 }
 function newAnthropicRequestId() {
-  return `req_${randomBytes(12).toString("hex")}`;
+  return `req_${bytesToHex(randomBytes(12))}`;
 }
 function newAnthropicMessageId() {
-  return `msg_${randomBytes(12).toString("hex")}`;
+  return `msg_${bytesToHex(randomBytes(12))}`;
 }
 function extractAnthropicApiKey(req) {
   const raw = req.headers["x-api-key"];
@@ -909,7 +909,7 @@ function registerAnthropicModelsRoute(router, deps) {
 import multer from "multer";
 
 // src/audio/index.ts
-import { bytesToHex as bytesToHex2, hexToBytes as hexToBytes2 } from "@noble/ciphers/utils.js";
+import { bytesToHex as bytesToHex3, hexToBytes as hexToBytes2 } from "@noble/ciphers/utils.js";
 
 // src/config.ts
 var endpoints = {
@@ -1061,7 +1061,7 @@ async function attest(apiKey, options = { enabled: true }) {
 // src/utils/crypto.ts
 import { aeskwp } from "@noble/ciphers/aes.js";
 import { xchacha20poly1305 } from "@noble/ciphers/chacha.js";
-import { bytesToHex, hexToBytes, managedNonce, randomBytes as randomBytes2 } from "@noble/ciphers/utils.js";
+import { bytesToHex as bytesToHex2, hexToBytes, managedNonce, randomBytes as randomBytes2 } from "@noble/ciphers/utils.js";
 import { sha256 } from "@noble/hashes/sha2.js";
 import { sha3_256 } from "@noble/hashes/sha3.js";
 import { XWing } from "@noble/post-quantum/hybrid.js";
@@ -1136,7 +1136,7 @@ function encryptWithDEK(dek, plaintext) {
 function encryptMetadataWithDEK(dek, metadata) {
   const encoded = new TextEncoder().encode(metadata);
   const encrypted = encryptWithDEK(dek, encoded);
-  return bytesToHex(encrypted);
+  return bytesToHex2(encrypted);
 }
 function wrapDEK(kek, dek) {
   const kw = aeskwp(kek);
@@ -1252,13 +1252,13 @@ async function preprocessAudioRequest(body, encryptionKeys) {
   const { encrypted: encryptedFileName, nonce: fileNameNonce } = encryptPayload(sharedSecret, fileName);
   return {
     body: {
-      cipherText: bytesToHex2(cipherText),
-      encryptedInference: bytesToHex2(encrypted),
-      nonce: bytesToHex2(nonce),
-      fileNameNonce: bytesToHex2(fileNameNonce),
-      encryptedFileName: bytesToHex2(encryptedFileName),
-      fileNonce: bytesToHex2(fileNonce),
-      encryptedFile: bytesToHex2(encryptedFile),
+      cipherText: bytesToHex3(cipherText),
+      encryptedInference: bytesToHex3(encrypted),
+      nonce: bytesToHex3(nonce),
+      fileNameNonce: bytesToHex3(fileNameNonce),
+      encryptedFileName: bytesToHex3(encryptedFileName),
+      fileNonce: bytesToHex3(fileNonce),
+      encryptedFile: bytesToHex3(encryptedFile),
       model: body.model
     },
     sharedSecret
@@ -1298,13 +1298,13 @@ async function preprocessAudioTranslationRequest(body, encryptionKeys) {
   const { encrypted: encryptedFileName, nonce: fileNameNonce } = encryptPayload(sharedSecret, fileName);
   return {
     body: {
-      cipherText: bytesToHex2(cipherText),
-      encryptedInference: bytesToHex2(encrypted),
-      nonce: bytesToHex2(nonce),
-      fileNameNonce: bytesToHex2(fileNameNonce),
-      encryptedFileName: bytesToHex2(encryptedFileName),
-      fileNonce: bytesToHex2(fileNonce),
-      encryptedFile: bytesToHex2(encryptedFile),
+      cipherText: bytesToHex3(cipherText),
+      encryptedInference: bytesToHex3(encrypted),
+      nonce: bytesToHex3(nonce),
+      fileNameNonce: bytesToHex3(fileNameNonce),
+      encryptedFileName: bytesToHex3(encryptedFileName),
+      fileNonce: bytesToHex3(fileNonce),
+      encryptedFile: bytesToHex3(encryptedFile),
       model: body.model
     },
     sharedSecret
@@ -1382,13 +1382,13 @@ function createAudioClient(apiKey, encryptionKeys, requestTimeoutMs = DEFAULT_RE
 }
 
 // src/files/index.ts
-import { bytesToHex as bytesToHex4, hexToBytes as hexToBytes4, randomBytes as randomBytes4 } from "@noble/ciphers/utils.js";
+import { bytesToHex as bytesToHex5, hexToBytes as hexToBytes4, randomBytes as randomBytes4 } from "@noble/ciphers/utils.js";
 import { sha256 as sha2562 } from "@noble/hashes/sha2.js";
 import { isValid, parseISO } from "date-fns";
 import { z } from "zod";
 
 // src/utils/dek-store.ts
-import { bytesToHex as bytesToHex3, hexToBytes as hexToBytes3, randomBytes as randomBytes3 } from "@noble/ciphers/utils.js";
+import { bytesToHex as bytesToHex4, hexToBytes as hexToBytes3, randomBytes as randomBytes3 } from "@noble/ciphers/utils.js";
 function initializeDEKStore(clientKEK) {
   const ragDEK = randomBytes3(32);
   const _clientKEK = clientKEK ? hexToBytes3(clientKEK) : getClientKEK();
@@ -1407,10 +1407,10 @@ function getClientKEK() {
 }
 function getClientKID(clientKEK) {
   if (clientKEK) {
-    return bytesToHex3(keyIdFromKEK(hexToBytes3(clientKEK)));
+    return bytesToHex4(keyIdFromKEK(hexToBytes3(clientKEK)));
   }
   const _clientKEK = getClientKEK();
-  return bytesToHex3(keyIdFromKEK(_clientKEK));
+  return bytesToHex4(keyIdFromKEK(_clientKEK));
 }
 
 // src/files/index.ts
@@ -1580,13 +1580,13 @@ async function prepareEncryptedPayload(dekStore, options, apiKey, clientKEK, tim
   const wrappedDEK = wrapDEK(_clientKEK, dek);
   const clientKID = clientKEK ? getClientKID(clientKEK) : getClientKID();
   const filePayload = {
-    client_hash: bytesToHex4(sha2562(fileBytes)),
-    encrypted_content: bytesToHex4(encryptedFile),
+    client_hash: bytesToHex5(sha2562(fileBytes)),
+    encrypted_content: bytesToHex5(encryptedFile),
     encrypted_name: encryptedName,
     kid: clientKID,
     mime_type: encryptedMimeType,
     version: "2",
-    wrapped_dek: bytesToHex4(wrappedDEK)
+    wrapped_dek: bytesToHex5(wrappedDEK)
   };
   if (options.ragIndex) {
     await addRagIndexToPayload(dekStore, dek, filePayload, apiKey, clientKEK, timeoutMs);
@@ -1601,7 +1601,7 @@ async function addRagIndexToPayload(dekStore, dek, filePayload, apiKey, clientKE
     const wrappedRagDEK = wrapDEK(_clientKEK, ragDEK);
     dekStore.ragDEK = wrappedRagDEK;
     try {
-      await saveRagDEKToBackend(apiKey, bytesToHex4(wrappedRagDEK), timeoutMs);
+      await saveRagDEKToBackend(apiKey, bytesToHex5(wrappedRagDEK), timeoutMs);
     } catch (error) {
       console.error("Warning: Failed to save RAG DEK to backend:", error);
     }
@@ -1612,11 +1612,11 @@ async function addRagIndexToPayload(dekStore, dek, filePayload, apiKey, clientKE
   const { cipherText, sharedSecret } = createMLKEMEncapsulation(enclavePublicKey);
   const { encrypted: encryptedFileDEK, nonce: fileNonce } = encryptPayload(sharedSecret, dek);
   const { encrypted: encryptedRagDEK, nonce: ragDEKNonce } = encryptPayload(sharedSecret, ragDEK);
-  filePayload.encrypted_file_dek = bytesToHex4(encryptedFileDEK);
-  filePayload.encrypted_rag_dek = bytesToHex4(encryptedRagDEK);
-  filePayload.file_nonce = bytesToHex4(fileNonce);
-  filePayload.rag_dek_nonce = bytesToHex4(ragDEKNonce);
-  filePayload.cipher_text = bytesToHex4(cipherText);
+  filePayload.encrypted_file_dek = bytesToHex5(encryptedFileDEK);
+  filePayload.encrypted_rag_dek = bytesToHex5(encryptedRagDEK);
+  filePayload.file_nonce = bytesToHex5(fileNonce);
+  filePayload.rag_dek_nonce = bytesToHex5(ragDEKNonce);
+  filePayload.cipher_text = bytesToHex5(cipherText);
 }
 async function performUpload(apiKey, filePayload, controller) {
   const uploadResponse = await fetch(`${endpoints.proxy}/files/encrypted/upload`, {
@@ -1827,12 +1827,12 @@ async function indexFiles(apiKey, dekStore, options, clientKEK, timeoutMs = DEFA
     const { encrypted: encryptedRagDEK, nonce: ragDEKNonce } = encryptPayload(sharedSecret, ragDEK);
     return {
       file_id: file.fileId,
-      encrypted_file_dek: bytesToHex4(encryptedFileDEK),
-      encrypted_rag_dek: bytesToHex4(encryptedRagDEK),
-      file_nonce: bytesToHex4(fileNonce),
-      rag_dek_nonce: bytesToHex4(ragDEKNonce),
+      encrypted_file_dek: bytesToHex5(encryptedFileDEK),
+      encrypted_rag_dek: bytesToHex5(encryptedRagDEK),
+      file_nonce: bytesToHex5(fileNonce),
+      rag_dek_nonce: bytesToHex5(ragDEKNonce),
       s3_r2_path: file.filePath,
-      cipher_text: bytesToHex4(cipherText)
+      cipher_text: bytesToHex5(cipherText)
     };
   });
   const controller = new AbortController;
@@ -1885,9 +1885,9 @@ async function deleteIndex(apiKey, dekStore, options, clientKEK, timeoutMs = DEF
         "Content-Type": "application/json"
       },
       body: JSON.stringify({
-        cipher_text: bytesToHex4(cipherText),
-        encrypted_rag_dek: bytesToHex4(encryptedRagDEK),
-        rag_dek_nonce: bytesToHex4(ragDEKNonce),
+        cipher_text: bytesToHex5(cipherText),
+        encrypted_rag_dek: bytesToHex5(encryptedRagDEK),
+        rag_dek_nonce: bytesToHex5(ragDEKNonce),
         fileIds: options.fileIds
       }),
       signal: controller.signal
@@ -1963,16 +1963,16 @@ function createModelsClient(apiKey, timeoutMs = DEFAULT_REQUEST_TIMEOUT_MS) {
 }
 
 // src/rvenc/index.ts
-import { bytesToHex as bytesToHex5, hexToBytes as hexToBytes5 } from "@noble/ciphers/utils.js";
+import { bytesToHex as bytesToHex6, hexToBytes as hexToBytes5 } from "@noble/ciphers/utils.js";
 import OpenAI from "openai";
 function preprocessRequest(body, encryptionKeys) {
   const { cipherText, sharedSecret } = encryptionKeys;
   const { encrypted, nonce } = encryptPayload(sharedSecret, body);
   return {
     body: {
-      cipherText: bytesToHex5(cipherText),
-      encryptedInference: bytesToHex5(encrypted),
-      nonce: bytesToHex5(nonce),
+      cipherText: bytesToHex6(cipherText),
+      encryptedInference: bytesToHex6(encrypted),
+      nonce: bytesToHex6(nonce),
       model: body.model,
       stream: body.stream === true
     },
@@ -2129,7 +2129,7 @@ async function* createDecryptedStreamGenerator(reader, sharedSecret, nonce, maxB
 }
 
 // src/tools/index.ts
-import { bytesToHex as bytesToHex6, hexToBytes as hexToBytes6, randomBytes as randomBytes5 } from "@noble/ciphers/utils.js";
+import { bytesToHex as bytesToHex7, hexToBytes as hexToBytes6, randomBytes as randomBytes5 } from "@noble/ciphers/utils.js";
 var FILE_OUTPUT_TOOLS = ["generateImage", "audioGenerateFromText", "createFileForUser"];
 var FILE_INPUT_TOOLS = [
   "imageDescribeAndCaption",
@@ -2230,9 +2230,9 @@ async function callSimpleTool(toolName, params, apiKey, timeoutMs, attest2) {
   const { cipherText, sharedSecret } = createMLKEMEncapsulation(enclavePublicKey);
   const { encrypted, nonce } = encryptPayload(sharedSecret, params);
   const body = {
-    cipherText: bytesToHex6(cipherText),
-    encryptedParams: bytesToHex6(encrypted),
-    nonce: bytesToHex6(nonce)
+    cipherText: bytesToHex7(cipherText),
+    encryptedParams: bytesToHex7(encrypted),
+    nonce: bytesToHex7(nonce)
   };
   const response = await callToolRequest(toolName, body, apiKey, timeoutMs, attest2);
   return decryptPayload(response.encryptedResponse, sharedSecret, hexToBytes6(response.nonce));
@@ -2247,13 +2247,13 @@ async function callFileOutputTool(toolName, params, apiKey, dekStore, clientKEK,
   const wrappedDEK = wrapDEK(_clientKEK, dek);
   const clientKID = clientKEK ? getClientKID(clientKEK) : getClientKID();
   const body = {
-    cipherText: bytesToHex6(cipherText),
-    encryptedParams: bytesToHex6(encrypted),
-    nonce: bytesToHex6(nonce),
-    encryptedDEK: bytesToHex6(encryptedDEK),
-    dekNonce: bytesToHex6(dekNonce),
+    cipherText: bytesToHex7(cipherText),
+    encryptedParams: bytesToHex7(encrypted),
+    nonce: bytesToHex7(nonce),
+    encryptedDEK: bytesToHex7(encryptedDEK),
+    dekNonce: bytesToHex7(dekNonce),
     kid: clientKID,
-    wrappedDEK: bytesToHex6(wrappedDEK)
+    wrappedDEK: bytesToHex7(wrappedDEK)
   };
   const response = await callToolRequest(toolName, body, apiKey, timeoutMs, attest2);
   const result = await downloadAndDecryptFile(response, dek, apiKey, timeoutMs);
@@ -2288,13 +2288,13 @@ async function callFileInputTool(toolName, params, apiKey, dekStore, clientKEK,
   }
   const { encrypted: encryptedFileDEK, nonce: fileDEKNonce } = encryptPayload(sharedSecret, fileDEK);
   const body = {
-    cipherText: bytesToHex6(cipherText),
-    nonce: bytesToHex6(nonce),
+    cipherText: bytesToHex7(cipherText),
+    nonce: bytesToHex7(nonce),
     fileId: params.fileId,
-    encryptedDEK: bytesToHex6(encryptedDEK),
-    dekNonce: bytesToHex6(dekNonce),
-    encryptedFileDEK: bytesToHex6(encryptedFileDEK),
-    fileDEKNonce: bytesToHex6(fileDEKNonce)
+    encryptedDEK: bytesToHex7(encryptedDEK),
+    dekNonce: bytesToHex7(dekNonce),
+    encryptedFileDEK: bytesToHex7(encryptedFileDEK),
+    fileDEKNonce: bytesToHex7(fileDEKNonce)
   };
   const response = await callToolRequest(toolName, body, apiKey, timeoutMs, attest2);
   return decryptPayload(response.encryptedResponse, sharedSecret, hexToBytes6(response.nonce));
@@ -2322,8 +2322,8 @@ async function callRagTool(toolName, params, apiKey, dekStore, clientKEK, timeou
     const { encrypted: encryptedFileDEK, nonce: fileDEKNonce } = encryptPayload(sharedSecret, unwrappedFileDEK);
     acc.push({
       fileId,
-      encryptedDEK: bytesToHex6(encryptedFileDEK),
-      nonce: bytesToHex6(fileDEKNonce)
+      encryptedDEK: bytesToHex7(encryptedFileDEK),
+      nonce: bytesToHex7(fileDEKNonce)
     });
     return acc;
   }, []);
@@ -2337,16 +2337,16 @@ async function callRagTool(toolName, params, apiKey, dekStore, clientKEK, timeou
   const { encrypted: encryptedRagDEK, nonce: ragDEKNonce } = encryptPayload(sharedSecret, ragDEK);
   const { encrypted: encryptedRagVersion, nonce: ragVersionNonce } = encryptPayload(sharedSecret, dekStore.ragVersion);
   const body = {
-    cipherText: bytesToHex6(cipherText),
-    encryptedParams: bytesToHex6(encrypted),
-    nonce: bytesToHex6(nonce),
-    encryptedDEK: bytesToHex6(encryptedDEK),
-    dekNonce: bytesToHex6(dekNonce),
+    cipherText: bytesToHex7(cipherText),
+    encryptedParams: bytesToHex7(encrypted),
+    nonce: bytesToHex7(nonce),
+    encryptedDEK: bytesToHex7(encryptedDEK),
+    dekNonce: bytesToHex7(dekNonce),
     encryptedFileDEKs,
-    encryptedRagDEK: bytesToHex6(encryptedRagDEK),
-    ragDEKNonce: bytesToHex6(ragDEKNonce),
-    encryptedRagVersion: bytesToHex6(encryptedRagVersion),
-    ragVersionNonce: bytesToHex6(ragVersionNonce)
+    encryptedRagDEK: bytesToHex7(encryptedRagDEK),
+    ragDEKNonce: bytesToHex7(ragDEKNonce),
+    encryptedRagVersion: bytesToHex7(encryptedRagVersion),
+    ragVersionNonce: bytesToHex7(ragVersionNonce)
   };
   const response = await callToolRequest(toolName, body, apiKey, timeoutMs, attest2);
   return decryptPayload(response.encryptedResponse, sharedSecret, hexToBytes6(response.nonce));

package/dist/index.cjs

@@ -1638,7 +1638,7 @@ var core_default = createRvencClient;
 var import_express = __toESM(require("express"));
 
 // src/anthropic/http.ts
-var import_node_crypto = require("node:crypto");
+var import_utils7 = require("@noble/ciphers/utils.js");
 var ANTHROPIC_VERSION_DEFAULT = "2023-06-01";
 var ANTHROPIC_VERSION_DATE = /^\d{4}-\d{2}-\d{2}$/;
 function isAnthropicApiVersionSupported(version) {
@@ -1648,10 +1648,10 @@ function isAnthropicApiVersionSupported(version) {
   return ANTHROPIC_VERSION_DATE.test(version);
 }
 function newAnthropicRequestId() {
-  return `req_${import_node_crypto.randomBytes(12).toString("hex")}`;
+  return `req_${import_utils7.bytesToHex(import_utils7.randomBytes(12))}`;
 }
 function newAnthropicMessageId() {
-  return `msg_${import_node_crypto.randomBytes(12).toString("hex")}`;
+  return `msg_${import_utils7.bytesToHex(import_utils7.randomBytes(12))}`;
 }
 function extractAnthropicApiKey(req) {
   const raw = req.headers["x-api-key"];

package/dist/index.mjs

@@ -1553,7 +1553,7 @@ var core_default = createRvencClient;
 import express from "express";
 
 // src/anthropic/http.ts
-import { randomBytes as randomBytes5 } from "node:crypto";
+import { bytesToHex as bytesToHex7, randomBytes as randomBytes5 } from "@noble/ciphers/utils.js";
 var ANTHROPIC_VERSION_DEFAULT = "2023-06-01";
 var ANTHROPIC_VERSION_DATE = /^\d{4}-\d{2}-\d{2}$/;
 function isAnthropicApiVersionSupported(version) {
@@ -1563,10 +1563,10 @@ function isAnthropicApiVersionSupported(version) {
   return ANTHROPIC_VERSION_DATE.test(version);
 }
 function newAnthropicRequestId() {
-  return `req_${randomBytes5(12).toString("hex")}`;
+  return `req_${bytesToHex7(randomBytes5(12))}`;
 }
 function newAnthropicMessageId() {
-  return `msg_${randomBytes5(12).toString("hex")}`;
+  return `msg_${bytesToHex7(randomBytes5(12))}`;
 }
 function extractAnthropicApiKey(req) {
   const raw = req.headers["x-api-key"];