@reclaimprotocol/attestor-core 3.1.1 → 4.0.1

package/lib/types/client.d.ts

@@ -1,4 +1,6 @@
-import type { InitRequest, RPCMessage, RPCMessages, ServiceSignatureType, TunnelMessage } from '../proto/api';
+import type { IncomingMessage } from 'http';
+import type { AuthenticationRequest, InitRequest, InitResponse, RPCMessage, RPCMessages, ServiceSignatureType, TunnelMessage } from '../proto/api';
+import type { BGPListener } from '../types/bgp';
 import type { Logger } from '../types/general';
 import type { RPCEvent, RPCEventMap, RPCEventType, RPCRequestData, RPCResponseData, RPCType } from '../types/rpc';
 import type { TCPSocketProperties, Tunnel } from '../types/tunnel';
@@ -8,12 +10,30 @@ import type { WebSocket as WSWebSocket } from 'ws';
  * WebSocket or the WebSocket from the `ws` package.
  */
 export type AnyWebSocket = WebSocket | WSWebSocket;
-export type AnyWebSocketConstructor = new (url: string | URL) => AnyWebSocket;
+export type MakeWebSocket = (url: string | URL) => AnyWebSocket;
+export type AcceptNewConnectionOpts = {
+    req: IncomingMessage;
+    logger: Logger;
+    bgpListener?: BGPListener;
+};
+export type IAttestorClientInitParams = {
+    /**
+     * Attestor WS URL
+     */
+    url: string | URL;
+    /**
+     * If the attestor being connected to has authentication
+     * enabled, provide the authentication request here, or a
+     * function that will return the authentication request.
+     */
+    authRequest?: AuthenticationRequest | (() => Promise<AuthenticationRequest>);
+};
 export type IAttestorClientCreateOpts = {
     /**
      * Attestor WS URL
      */
     url: string | URL;
+    authRequest?: AuthenticationRequest;
     signatureType?: ServiceSignatureType;
     logger?: Logger;
     /**
@@ -26,7 +46,7 @@ export type IAttestorClientCreateOpts = {
      * Provide a custom WebSocket implementation,
      * will use the native WebSocket if not provided.
      */
-    Websocket?: AnyWebSocketConstructor;
+    makeWebSocket?: MakeWebSocket;
 };
 /**
  * Base layer for the WebSocket connection on
@@ -101,8 +121,11 @@ export declare class IAttestorServerSocket extends IAttestorSocket {
      * If the tunnel does not exist, it will throw an error.
      */
     getTunnel(tunnelId: TunnelMessage['tunnelId']): Tunnel<TCPSocketProperties>;
+    removeTunnel(tunnelId: TunnelMessage['tunnelId']): void;
+    bgpListener?: BGPListener;
 }
 export declare class IAttestorClient extends IAttestorSocket {
+    initResponse?: InitResponse;
     constructor(opts: IAttestorClientCreateOpts);
     /**
      * Waits for a particular message to come in.
@@ -124,6 +147,10 @@ interface WebSocketWithServerSocket {
      * Our RPC socket instance
      */
     serverSocket?: IAttestorServerSocket;
+    /**
+     * Just promisified send
+     */
+    sendPromise?: (data: Uint8Array) => Promise<void>;
 }
 declare module 'ws' {
     namespace WebSocket {

package/lib/types/general.d.ts

@@ -1,4 +1,5 @@
 import type { Logger as TLSLogger, TLSPacketContext, TLSProtocolVersion } from '@reclaimprotocol/tls';
+import type { TOPRFProofParams } from '../types/zk';
 /**
  * Represents a slice of any array or string
  */
@@ -6,6 +7,16 @@ export type ArraySlice = {
     fromIndex: number;
     toIndex: number;
 };
+export type RedactedOrHashedArraySlice = {
+    fromIndex: number;
+    toIndex: number;
+    /**
+     * By default, the the data is redacted. Instead if you'd like
+     * a deterministic hash, set this to 'oprf'
+     * @default undefined
+     */
+    hash?: 'oprf';
+};
 export type Logger = TLSLogger & {
     child: (opts: {
         [_: string]: any;
@@ -15,6 +26,7 @@ export type LogLevel = 'debug' | 'info' | 'warn' | 'error' | 'trace' | 'fatal';
 export type ZKRevealInfo = {
     type: 'zk';
     redactedPlaintext: Uint8Array;
+    toprfs?: TOPRFProofParams[];
 };
 export type MessageRevealInfo = {
     type: 'complete';

package/lib/types/handlers.d.ts

@@ -1,7 +1,7 @@
-import { Transaction } from 'elastic-apm-node';
-import { IAttestorServerSocket } from '../types/client';
-import { Logger } from '../types/general';
-import { RPCRequestData, RPCResponseData, RPCType } from '../types/rpc';
+import type { Transaction } from 'elastic-apm-node';
+import type { IAttestorServerSocket } from '../types/client';
+import type { Logger } from '../types/general';
+import type { RPCRequestData, RPCResponseData, RPCType } from '../types/rpc';
 export type RPCHandlerMetadata = {
     logger: Logger;
     tx?: Transaction;

package/lib/types/index.d.ts

@@ -7,3 +7,4 @@ export * from './client';
 export * from './rpc';
 export * from './tunnel';
 export * from './handlers';
+export * from './bgp';

package/lib/types/index.js

@@ -23,4 +23,5 @@ __exportStar(require("./client"), exports);
 __exportStar(require("./rpc"), exports);
 __exportStar(require("./tunnel"), exports);
 __exportStar(require("./handlers"), exports);
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvdHlwZXMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDhDQUEyQjtBQUMzQiw0Q0FBeUI7QUFDekIsK0NBQTRCO0FBQzVCLDJDQUF3QjtBQUN4Qix1Q0FBb0I7QUFDcEIsMkNBQXdCO0FBQ3hCLHdDQUFxQjtBQUNyQiwyQ0FBd0I7QUFDeEIsNkNBQTBCIn0=
+__exportStar(require("./bgp"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvdHlwZXMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDhDQUEyQjtBQUMzQiw0Q0FBeUI7QUFDekIsK0NBQTRCO0FBQzVCLDJDQUF3QjtBQUN4Qix1Q0FBb0I7QUFDcEIsMkNBQXdCO0FBQ3hCLHdDQUFxQjtBQUNyQiwyQ0FBd0I7QUFDeEIsNkNBQTBCO0FBQzFCLHdDQUFxQiJ9

package/lib/types/providers.d.ts

@@ -1,6 +1,6 @@
 import type { TLSConnectionOptions } from '@reclaimprotocol/tls';
-import type { ProviderClaimData } from '../proto/api';
-import type { ArraySlice } from '../types/general';
+import type { AttestorVersion, ProviderClaimData } from '../proto/api';
+import type { ArraySlice, Logger, RedactedOrHashedArraySlice } from '../types/general';
 import type { ProvidersConfig } from '../types/providers.gen';
 import type { Transcript } from '../types/tunnel';
 export type AttestorData = {
@@ -22,7 +22,22 @@ export type ProviderName = keyof ProvidersConfig;
 export type ProviderParams<T extends ProviderName> = ProvidersConfig[T]['parameters'];
 export type ProviderSecretParams<T extends ProviderName> = ProvidersConfig[T]['secretParameters'];
 export type RedactionMode = 'key-update' | 'zk';
-export type ProviderField<Params, T> = T | ((params: Params) => T);
+export type ProviderField<Params, SecretParams, T> = T | ((params: Params, secretParams?: SecretParams) => T);
+export type ProviderCtx = {
+    version: AttestorVersion;
+};
+type GetResponseRedactionsOpts<P> = {
+    response: Uint8Array;
+    params: P;
+    logger: Logger;
+    ctx: ProviderCtx;
+};
+type AssertValidProviderReceipt<P> = {
+    receipt: Transcript<Uint8Array>;
+    params: P;
+    logger: Logger;
+    ctx: ProviderCtx;
+};
 /**
  * Generic interface for a provider that can be used to verify
  * claims on a TLS receipt
@@ -43,16 +58,16 @@ export interface Provider<N extends ProviderName, Params = ProviderParams<N>, Se
      *
      * Eg. "www.google.com:443", (p) => p.url.host
      * */
-    hostPort: ProviderField<Params, string>;
+    hostPort: ProviderField<Params, SecretParams, string>;
     /**
      * Which geo location to send the request from
      * Provide 2 letter country code, or a function
      * that returns the country code
      * @example "US", "IN"
      */
-    geoLocation?: ProviderField<Params, string | undefined>;
+    geoLocation?: ProviderField<Params, SecretParams, string | undefined>;
     /** extra options to pass to the client like root CA certificates */
-    additionalClientOptions?: ProviderField<Params, TLSConnectionOptions | undefined>;
+    additionalClientOptions?: ProviderField<Params, SecretParams, TLSConnectionOptions | undefined>;
     /**
      * default redaction mode to use. If not specified,
      * the default is 'key-update'.
@@ -62,9 +77,9 @@ export interface Provider<N extends ProviderName, Params = ProviderParams<N>, Se
      *
      * @default 'key-update'
      */
-    writeRedactionMode?: ProviderField<Params, RedactionMode | undefined>;
+    writeRedactionMode?: ProviderField<Params, SecretParams, RedactionMode | undefined>;
     /** generate the raw request to be sent to through the TLS receipt */
-    createRequest(secretParams: SecretParams, params: Params): CreateRequestResult;
+    createRequest(secretParams: SecretParams, params: Params, logger: Logger): CreateRequestResult;
     /**
      * Return the slices of the response to redact
      * Eg. if the response is "hello my secret is xyz",
@@ -74,7 +89,7 @@ export interface Provider<N extends ProviderName, Params = ProviderParams<N>, Se
      * This is run on the client side, to selct which portions of
      * the server response to send to the attestor
      * */
-    getResponseRedactions?(response: Uint8Array, params: Params): ArraySlice[];
+    getResponseRedactions?(opts: GetResponseRedactionsOpts<Params>): RedactedOrHashedArraySlice[];
     /**
      * verify a generated TLS receipt against given parameters
      * to ensure the receipt does contain the claims the
@@ -88,7 +103,7 @@ export interface Provider<N extends ProviderName, Params = ProviderParams<N>, Se
        *  Optionally return parameters extracted from the receipt
        *  that will then be included in the claim context
      * */
-    assertValidProviderReceipt(receipt: Transcript<Uint8Array>, params: Params): void | Promise<void> | {
+    assertValidProviderReceipt(opts: AssertValidProviderReceipt<Params>): void | Promise<void> | {
         extractedParameters: {
             [key: string]: string;
         };

package/lib/types/providers.gen.d.ts

@@ -6,7 +6,7 @@ export interface HttpProviderParameters {
     url: string;
     method: "GET" | "POST" | "PUT" | "PATCH";
     /**
-     * Specify the geographical location from where to proxy the request. 2-letter ISO country code
+     * Specify the geographical location from where to proxy the request. 2-letter ISO country code or parameter (public or secret)
      */
     geoLocation?: string;
     /**
@@ -68,6 +68,13 @@ export interface HttpProviderParameters {
          * select a regex match from the response
          */
         regex?: string;
+        /**
+         * If provided, the value inside will be hashed instead of being redacted. Useful for cases where the data inside is an identifiying piece of information that you don't want to reveal to the attestor, eg. an email address.
+         * If the hash function produces more bytes than the original value, the hash will be truncated.
+         * Eg. if hash is enabled, the original value is "hello", and hashed is "a1b2c", then the attestor will only see "a1b2c".
+         * Note: if a regex with named groups is provided, only the named groups will be hashed.
+         */
+        hash?: "oprf";
     }[];
     /**
      * A map of parameter values which are user in form of {{param}} in URL, responseMatches, responseRedactions, body, geolocation. Those in URL, responseMatches & geo will be put into context and signed This value will NOT be included in provider hash
@@ -93,7 +100,6 @@ export declare const HttpProviderParametersJson: {
         geoLocation: {
             type: string;
             nullable: boolean;
-            pattern: string;
             description: string;
         };
         headers: {
@@ -182,6 +188,11 @@ export declare const HttpProviderParametersJson: {
                         nullable: boolean;
                         description: string;
                     };
+                    hash: {
+                        type: string;
+                        description: string;
+                        enum: string[];
+                    };
                 };
                 additionalProperties: boolean;
             };
@@ -256,10 +267,6 @@ export interface ProvidersConfig {
         parameters: HttpProviderParameters;
         secretParameters: HttpProviderSecretParameters;
     };
-    httpb64: {
-        parameters: HttpProviderParameters;
-        secretParameters: HttpProviderSecretParameters;
-    };
 }
 export declare const PROVIDER_SCHEMAS: {
     http: {
@@ -280,7 +287,6 @@ export declare const PROVIDER_SCHEMAS: {
                 geoLocation: {
                     type: string;
                     nullable: boolean;
-                    pattern: string;
                     description: string;
                 };
                 headers: {
@@ -369,158 +375,11 @@ export declare const PROVIDER_SCHEMAS: {
                                 nullable: boolean;
                                 description: string;
                             };
-                        };
-                        additionalProperties: boolean;
-                    };
-                };
-                paramValues: {
-                    type: string;
-                    description: string;
-                    additionalProperties: {
-                        type: string;
-                    };
-                };
-            };
-            additionalProperties: boolean;
-        };
-        secretParameters: {
-            title: string;
-            type: string;
-            description: string;
-            properties: {
-                cookieStr: {
-                    type: string;
-                    description: string;
-                };
-                authorisationHeader: {
-                    type: string;
-                    description: string;
-                };
-                headers: {
-                    type: string;
-                    description: string;
-                    additionalProperties: {
-                        type: string;
-                    };
-                };
-                paramValues: {
-                    type: string;
-                    description: string;
-                    additionalProperties: {
-                        type: string;
-                    };
-                };
-            };
-            additionalProperties: boolean;
-        };
-    };
-    httpb64: {
-        parameters: {
-            title: string;
-            type: string;
-            required: string[];
-            properties: {
-                url: {
-                    type: string;
-                    format: string;
-                    description: string;
-                };
-                method: {
-                    type: string;
-                    enum: string[];
-                };
-                geoLocation: {
-                    type: string;
-                    nullable: boolean;
-                    pattern: string;
-                    description: string;
-                };
-                headers: {
-                    type: string;
-                    description: string;
-                    additionalProperties: {
-                        type: string;
-                    };
-                };
-                body: {
-                    description: string;
-                    oneOf: ({
-                        type: string;
-                        format: string;
-                    } | {
-                        type: string;
-                        format?: undefined;
-                    })[];
-                };
-                writeRedactionMode: {
-                    type: string;
-                    description: string;
-                    enum: string[];
-                };
-                additionalClientOptions: {
-                    type: string;
-                    description: string;
-                    nullable: boolean;
-                    properties: {
-                        supportedProtocolVersions: {
-                            type: string;
-                            minItems: number;
-                            uniqueItems: boolean;
-                            items: {
-                                type: string;
-                                enum: string[];
-                            };
-                        };
-                    };
-                };
-                responseMatches: {
-                    type: string;
-                    minItems: number;
-                    uniqueItems: boolean;
-                    description: string;
-                    items: {
-                        type: string;
-                        required: string[];
-                        properties: {
-                            value: {
-                                type: string;
-                                description: string;
-                            };
-                            type: {
+                            hash: {
                                 type: string;
                                 description: string;
                                 enum: string[];
                             };
-                            invert: {
-                                type: string;
-                                description: string;
-                            };
-                        };
-                        additionalProperties: boolean;
-                    };
-                };
-                responseRedactions: {
-                    type: string;
-                    uniqueItems: boolean;
-                    description: string;
-                    items: {
-                        type: string;
-                        properties: {
-                            xPath: {
-                                type: string;
-                                nullable: boolean;
-                                description: string;
-                            };
-                            jsonPath: {
-                                type: string;
-                                nullable: boolean;
-                                description: string;
-                            };
-                            regex: {
-                                type: string;
-                                nullable: boolean;
-                                description: string;
-                            };
                         };
                         additionalProperties: boolean;
                     };

package/lib/types/providers.gen.js

@@ -3,16 +3,12 @@
 /* Generated file. Do not edit */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PROVIDER_SCHEMAS = exports.HttpProviderSecretParametersJson = exports.HttpProviderParametersJson = void 0;
-exports.HttpProviderParametersJson = { "title": "HttpProviderParameters", "type": "object", "required": ["url", "method", "responseMatches"], "properties": { "url": { "type": "string", "format": "url", "description": "which URL does the request have to be made to Has to be a valid https URL for eg. https://amazon.in/orders?q=abcd" }, "method": { "type": "string", "enum": ["GET", "POST", "PUT", "PATCH"] }, "geoLocation": { "type": "string", "nullable": true, "pattern": "^[A-Za-z]{0,2}$", "description": "Specify the geographical location from where to proxy the request. 2-letter ISO country code" }, "headers": { "type": "object", "description": "Any additional headers to be sent with the request Note: these will be revealed to the attestor & won't be redacted from the transcript. To add hidden headers, use 'secretParams.headers' instead", "additionalProperties": { "type": "string" } }, "body": { "description": "Body of the HTTP request", "oneOf": [{ "type": "string", "format": "binary" }, { "type": "string" }] }, "writeRedactionMode": { "type": "string", "description": "If the API doesn't perform well with the \"key-update\" method of redaction, you can switch to \"zk\" mode by setting this to \"zk\"", "enum": ["zk", "key-update"] }, "additionalClientOptions": { "type": "object", "description": "Apply TLS configuration when creating the tunnel to the attestor.", "nullable": true, "properties": { "supportedProtocolVersions": { "type": "array", "minItems": 1, "uniqueItems": true, "items": { "type": "string", "enum": ["TLS1_2", "TLS1_3"] } } } }, "responseMatches": { "type": "array", "minItems": 1, "uniqueItems": true, "description": "The attestor will use this list to check that the redacted response does indeed match all the provided strings/regexes", "items": { "type": "object", "required": ["value", "type"], "properties": { "value": { "type": "string", "description": "\"regex\": the response must match the regex \"contains\": the response must contain the provided\n string exactly" }, "type": { "type": "string", "description": "The string/regex to match against", "enum": ["regex", "contains"] }, "invert": { "type": "boolean", "description": "Inverses the matching logic. Fail when match is found and proceed otherwise" } }, "additionalProperties": false } }, "responseRedactions": { "type": "array", "uniqueItems": true, "description": "which portions to select from a response. These are selected in order, xpath => jsonPath => regex * These redactions are done client side and only the selected portions are sent to the attestor. The attestor will only be able to see the selected portions alongside the first line of the HTTP response (i.e. \"HTTP/1.1 200 OK\") * To disable any redactions, pass an empty array", "items": { "type": "object", "properties": { "xPath": { "type": "string", "nullable": true, "description": "expect an HTML response, and to contain a certain xpath for eg. \"/html/body/div.a1/div.a2/span.a5\"" }, "jsonPath": { "type": "string", "nullable": true, "description": "expect a JSON response, retrieve the item at this path using dot notation for e.g. 'email.addresses.0'" }, "regex": { "type": "string", "nullable": true, "description": "select a regex match from the response" } }, "additionalProperties": false } }, "paramValues": { "type": "object", "description": "A map of parameter values which are user in form of {{param}} in URL, responseMatches, responseRedactions, body, geolocation. Those in URL, responseMatches & geo will be put into context and signed This value will NOT be included in provider hash", "additionalProperties": { "type": "string" } } }, "additionalProperties": false };
+exports.HttpProviderParametersJson = { "title": "HttpProviderParameters", "type": "object", "required": ["url", "method", "responseMatches"], "properties": { "url": { "type": "string", "format": "url", "description": "which URL does the request have to be made to Has to be a valid https URL for eg. https://amazon.in/orders?q=abcd" }, "method": { "type": "string", "enum": ["GET", "POST", "PUT", "PATCH"] }, "geoLocation": { "type": "string", "nullable": true, "description": "Specify the geographical location from where to proxy the request. 2-letter ISO country code or parameter (public or secret)" }, "headers": { "type": "object", "description": "Any additional headers to be sent with the request Note: these will be revealed to the attestor & won't be redacted from the transcript. To add hidden headers, use 'secretParams.headers' instead", "additionalProperties": { "type": "string" } }, "body": { "description": "Body of the HTTP request", "oneOf": [{ "type": "string", "format": "binary" }, { "type": "string" }] }, "writeRedactionMode": { "type": "string", "description": "If the API doesn't perform well with the \"key-update\" method of redaction, you can switch to \"zk\" mode by setting this to \"zk\"", "enum": ["zk", "key-update"] }, "additionalClientOptions": { "type": "object", "description": "Apply TLS configuration when creating the tunnel to the attestor.", "nullable": true, "properties": { "supportedProtocolVersions": { "type": "array", "minItems": 1, "uniqueItems": true, "items": { "type": "string", "enum": ["TLS1_2", "TLS1_3"] } } } }, "responseMatches": { "type": "array", "minItems": 1, "uniqueItems": true, "description": "The attestor will use this list to check that the redacted response does indeed match all the provided strings/regexes", "items": { "type": "object", "required": ["value", "type"], "properties": { "value": { "type": "string", "description": "\"regex\": the response must match the regex \"contains\": the response must contain the provided\n string exactly" }, "type": { "type": "string", "description": "The string/regex to match against", "enum": ["regex", "contains"] }, "invert": { "type": "boolean", "description": "Inverses the matching logic. Fail when match is found and proceed otherwise" } }, "additionalProperties": false } }, "responseRedactions": { "type": "array", "uniqueItems": true, "description": "which portions to select from a response. These are selected in order, xpath => jsonPath => regex * These redactions are done client side and only the selected portions are sent to the attestor. The attestor will only be able to see the selected portions alongside the first line of the HTTP response (i.e. \"HTTP/1.1 200 OK\") * To disable any redactions, pass an empty array", "items": { "type": "object", "properties": { "xPath": { "type": "string", "nullable": true, "description": "expect an HTML response, and to contain a certain xpath for eg. \"/html/body/div.a1/div.a2/span.a5\"" }, "jsonPath": { "type": "string", "nullable": true, "description": "expect a JSON response, retrieve the item at this path using dot notation for e.g. 'email.addresses.0'" }, "regex": { "type": "string", "nullable": true, "description": "select a regex match from the response" }, "hash": { "type": "string", "description": "If provided, the value inside will be hashed instead of being redacted. Useful for cases where the data inside is an identifiying piece of information that you don't want to reveal to the attestor, eg. an email address.\nIf the hash function produces more bytes than the original value, the hash will be truncated.\nEg. if hash is enabled, the original value is \"hello\", and hashed is \"a1b2c\", then the attestor will only see \"a1b2c\".\nNote: if a regex with named groups is provided, only the named groups will be hashed.", "enum": ["oprf"] } }, "additionalProperties": false } }, "paramValues": { "type": "object", "description": "A map of parameter values which are user in form of {{param}} in URL, responseMatches, responseRedactions, body, geolocation. Those in URL, responseMatches & geo will be put into context and signed This value will NOT be included in provider hash", "additionalProperties": { "type": "string" } } }, "additionalProperties": false };
 exports.HttpProviderSecretParametersJson = { "title": "HttpProviderSecretParameters", "type": "object", "description": "Secret parameters to be used with HTTP provider. None of the values in this object will be shown to the attestor", "properties": { "cookieStr": { "type": "string", "description": "cookie string for authorisation." }, "authorisationHeader": { "type": "string", "description": "authorisation header value" }, "headers": { "type": "object", "description": "Headers that need to be hidden from the attestor", "additionalProperties": { "type": "string" } }, "paramValues": { "type": "object", "description": "A map of parameter values which are user in form of {{param}} in body these parameters will NOT be shown to attestor and extracted", "additionalProperties": { "type": "string" } } }, "additionalProperties": false };
 exports.PROVIDER_SCHEMAS = {
     http: {
         parameters: exports.HttpProviderParametersJson,
         secretParameters: exports.HttpProviderSecretParametersJson
     },
-    httpb64: {
-        parameters: exports.HttpProviderParametersJson,
-        secretParameters: exports.HttpProviderSecretParametersJson
-    },
 };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHJvdmlkZXJzLmdlbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy90eXBlcy9wcm92aWRlcnMuZ2VuLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSxvQkFBb0I7QUFDcEIsaUNBQWlDOzs7QUFrRnBCLFFBQUEsMEJBQTBCLEdBQUcsRUFBQyxPQUFPLEVBQUMsd0JBQXdCLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxVQUFVLEVBQUMsQ0FBQyxLQUFLLEVBQUMsUUFBUSxFQUFDLGlCQUFpQixDQUFDLEVBQUMsWUFBWSxFQUFDLEVBQUMsS0FBSyxFQUFDLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxRQUFRLEVBQUMsS0FBSyxFQUFDLGFBQWEsRUFBQyxtSEFBbUgsRUFBQyxFQUFDLFFBQVEsRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsTUFBTSxFQUFDLENBQUMsS0FBSyxFQUFDLE1BQU0sRUFBQyxLQUFLLEVBQUMsT0FBTyxDQUFDLEVBQUMsRUFBQyxhQUFhLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLFVBQVUsRUFBQyxJQUFJLEVBQUMsU0FBUyxFQUFDLGlCQUFpQixFQUFDLGFBQWEsRUFBQyw4RkFBOEYsRUFBQyxFQUFDLFNBQVMsRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsYUFBYSxFQUFDLG9NQUFvTSxFQUFDLHNCQUFzQixFQUFDLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxFQUFDLEVBQUMsTUFBTSxFQUFDLEVBQUMsYUFBYSxFQUFDLDBCQUEwQixFQUFDLE9BQU8sRUFBQyxDQUFDLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxRQUFRLEVBQUMsUUFBUSxFQUFDLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLENBQUMsRUFBQyxFQUFDLG9CQUFvQixFQUFDLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxhQUFhLEVBQUMsc0lBQXNJLEVBQUMsTUFBTSxFQUFDLENBQUMsSUFBSSxFQUFDLFlBQVksQ0FBQyxFQUFDLEVBQUMseUJBQXlCLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLGFBQWEsRUFBQyxtRUFBbUUsRUFBQyxVQUFVLEVBQUMsSUFBSSxFQUFDLFlBQVksRUFBQyxFQUFDLDJCQUEyQixFQUFDLEVBQUMsTUFBTSxFQUFDLE9BQU8sRUFBQyxVQUFVLEVBQUMsQ0FBQyxFQUFDLGFBQWEsRUFBQyxJQUFJLEVBQUMsT0FBTyxFQUFDLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxNQUFNLEVBQUMsQ0FBQyxRQUFRLEVBQUMsUUFBUSxDQUFDLEVBQUMsRUFBQyxFQUFDLEVBQUMsRUFBQyxpQkFBaUIsRUFBQyxFQUFDLE1BQU0sRUFBQyxPQUFPLEVBQUMsVUFBVSxFQUFDLENBQUMsRUFBQyxhQUFhLEVBQUMsSUFBSSxFQUFDLGFBQWEsRUFBQyx3SEFBd0gsRUFBQyxPQUFPLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLFVBQVUsRUFBQyxDQUFDLE9BQU8sRUFBQyxNQUFNLENBQUMsRUFBQyxZQUFZLEVBQUMsRUFBQyxPQUFPLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLGFBQWEsRUFBQyxvSEFBb0gsRUFBQyxFQUFDLE1BQU0sRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsYUFBYSxFQUFDLG1DQUFtQyxFQUFDLE1BQU0sRUFBQyxDQUFDLE9BQU8sRUFBQyxVQUFVLENBQUMsRUFBQyxFQUFDLFFBQVEsRUFBQyxFQUFDLE1BQU0sRUFBQyxTQUFTLEVBQUMsYUFBYSxFQUFDLDZFQUE2RSxFQUFDLEVBQUMsRUFBQyxzQkFBc0IsRUFBQyxLQUFLLEVBQUMsRUFBQyxFQUFDLG9CQUFvQixFQUFDLEVBQUMsTUFBTSxFQUFDLE9BQU8sRUFBQyxhQUFhLEVBQUMsSUFBSSxFQUFDLGFBQWEsRUFBQywwWEFBMFgsRUFBQyxPQUFPLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLFlBQVksRUFBQyxFQUFDLE9BQU8sRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsVUFBVSxFQUFDLElBQUksRUFBQyxhQUFhLEVBQUMsc0dBQXNHLEVBQUMsRUFBQyxVQUFVLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLFVBQVUsRUFBQyxJQUFJLEVBQUMsYUFBYSxFQUFDLHdHQUF3RyxFQUFDLEVBQUMsT0FBTyxFQUFDLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxVQUFVLEVBQUMsSUFBSSxFQUFDLGFBQWEsRUFBQyx3Q0FBd0MsRUFBQyxFQUFDLEVBQUMsc0JBQXNCLEVBQUMsS0FBSyxFQUFDLEVBQUMsRUFBQyxhQUFhLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLGFBQWEsRUFBQyx3UEFBd1AsRUFBQyxzQkFBc0IsRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsRUFBQyxFQUFDLEVBQUMsc0JBQXNCLEVBQUMsS0FBSyxFQUFDLENBQUE7QUEyQjkyRyxRQUFBLGdDQUFnQyxHQUFHLEVBQUMsT0FBTyxFQUFDLDhCQUE4QixFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsYUFBYSxFQUFDLGtIQUFrSCxFQUFDLFlBQVksRUFBQyxFQUFDLFdBQVcsRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsYUFBYSxFQUFDLGtDQUFrQyxFQUFDLEVBQUMscUJBQXFCLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLGFBQWEsRUFBQyw0QkFBNEIsRUFBQyxFQUFDLFNBQVMsRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsYUFBYSxFQUFDLGtEQUFrRCxFQUFDLHNCQUFzQixFQUFDLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxFQUFDLEVBQUMsYUFBYSxFQUFDLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxhQUFhLEVBQUMsb0lBQW9JLEVBQUMsc0JBQXNCLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLEVBQUMsRUFBQyxFQUFDLHNCQUFzQixFQUFDLEtBQUssRUFBQyxDQUFBO0FBWTV3QixRQUFBLGdCQUFnQixHQUFHO0lBQy9CLElBQUksRUFBRTtRQUNMLFVBQVUsRUFBRSxrQ0FBMEI7UUFDdEMsZ0JBQWdCLEVBQUUsd0NBQWdDO0tBQ2xEO0lBQ0EsT0FBTyxFQUFFO1FBQ1AsVUFBVSxFQUFFLGtDQUEwQjtRQUN0QyxnQkFBZ0IsRUFBRSx3Q0FBZ0M7S0FDbkQ7Q0FDRixDQUFBIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHJvdmlkZXJzLmdlbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy90eXBlcy9wcm92aWRlcnMuZ2VuLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSxvQkFBb0I7QUFDcEIsaUNBQWlDOzs7QUF5RnBCLFFBQUEsMEJBQTBCLEdBQUcsRUFBQyxPQUFPLEVBQUMsd0JBQXdCLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxVQUFVLEVBQUMsQ0FBQyxLQUFLLEVBQUMsUUFBUSxFQUFDLGlCQUFpQixDQUFDLEVBQUMsWUFBWSxFQUFDLEVBQUMsS0FBSyxFQUFDLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxRQUFRLEVBQUMsS0FBSyxFQUFDLGFBQWEsRUFBQyxtSEFBbUgsRUFBQyxFQUFDLFFBQVEsRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsTUFBTSxFQUFDLENBQUMsS0FBSyxFQUFDLE1BQU0sRUFBQyxLQUFLLEVBQUMsT0FBTyxDQUFDLEVBQUMsRUFBQyxhQUFhLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLFVBQVUsRUFBQyxJQUFJLEVBQUMsYUFBYSxFQUFDLDhIQUE4SCxFQUFDLEVBQUMsU0FBUyxFQUFDLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxhQUFhLEVBQUMsb01BQW9NLEVBQUMsc0JBQXNCLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLEVBQUMsRUFBQyxNQUFNLEVBQUMsRUFBQyxhQUFhLEVBQUMsMEJBQTBCLEVBQUMsT0FBTyxFQUFDLENBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLFFBQVEsRUFBQyxRQUFRLEVBQUMsRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsQ0FBQyxFQUFDLEVBQUMsb0JBQW9CLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLGFBQWEsRUFBQyxzSUFBc0ksRUFBQyxNQUFNLEVBQUMsQ0FBQyxJQUFJLEVBQUMsWUFBWSxDQUFDLEVBQUMsRUFBQyx5QkFBeUIsRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsYUFBYSxFQUFDLG1FQUFtRSxFQUFDLFVBQVUsRUFBQyxJQUFJLEVBQUMsWUFBWSxFQUFDLEVBQUMsMkJBQTJCLEVBQUMsRUFBQyxNQUFNLEVBQUMsT0FBTyxFQUFDLFVBQVUsRUFBQyxDQUFDLEVBQUMsYUFBYSxFQUFDLElBQUksRUFBQyxPQUFPLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLE1BQU0sRUFBQyxDQUFDLFFBQVEsRUFBQyxRQUFRLENBQUMsRUFBQyxFQUFDLEVBQUMsRUFBQyxFQUFDLGlCQUFpQixFQUFDLEVBQUMsTUFBTSxFQUFDLE9BQU8sRUFBQyxVQUFVLEVBQUMsQ0FBQyxFQUFDLGFBQWEsRUFBQyxJQUFJLEVBQUMsYUFBYSxFQUFDLHdIQUF3SCxFQUFDLE9BQU8sRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsVUFBVSxFQUFDLENBQUMsT0FBTyxFQUFDLE1BQU0sQ0FBQyxFQUFDLFlBQVksRUFBQyxFQUFDLE9BQU8sRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsYUFBYSxFQUFDLG9IQUFvSCxFQUFDLEVBQUMsTUFBTSxFQUFDLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxhQUFhLEVBQUMsbUNBQW1DLEVBQUMsTUFBTSxFQUFDLENBQUMsT0FBTyxFQUFDLFVBQVUsQ0FBQyxFQUFDLEVBQUMsUUFBUSxFQUFDLEVBQUMsTUFBTSxFQUFDLFNBQVMsRUFBQyxhQUFhLEVBQUMsNkVBQTZFLEVBQUMsRUFBQyxFQUFDLHNCQUFzQixFQUFDLEtBQUssRUFBQyxFQUFDLEVBQUMsb0JBQW9CLEVBQUMsRUFBQyxNQUFNLEVBQUMsT0FBTyxFQUFDLGFBQWEsRUFBQyxJQUFJLEVBQUMsYUFBYSxFQUFDLDBYQUEwWCxFQUFDLE9BQU8sRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsWUFBWSxFQUFDLEVBQUMsT0FBTyxFQUFDLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxVQUFVLEVBQUMsSUFBSSxFQUFDLGFBQWEsRUFBQyxzR0FBc0csRUFBQyxFQUFDLFVBQVUsRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsVUFBVSxFQUFDLElBQUksRUFBQyxhQUFhLEVBQUMsd0dBQXdHLEVBQUMsRUFBQyxPQUFPLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLFVBQVUsRUFBQyxJQUFJLEVBQUMsYUFBYSxFQUFDLHdDQUF3QyxFQUFDLEVBQUMsTUFBTSxFQUFDLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxhQUFhLEVBQUMsaWhCQUFpaEIsRUFBQyxNQUFNLEVBQUMsQ0FBQyxNQUFNLENBQUMsRUFBQyxFQUFDLEVBQUMsc0JBQXNCLEVBQUMsS0FBSyxFQUFDLEVBQUMsRUFBQyxhQUFhLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLGFBQWEsRUFBQyx3UEFBd1AsRUFBQyxzQkFBc0IsRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsRUFBQyxFQUFDLEVBQUMsc0JBQXNCLEVBQUMsS0FBSyxFQUFDLENBQUE7QUEyQjM3SCxRQUFBLGdDQUFnQyxHQUFHLEVBQUMsT0FBTyxFQUFDLDhCQUE4QixFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsYUFBYSxFQUFDLGtIQUFrSCxFQUFDLFlBQVksRUFBQyxFQUFDLFdBQVcsRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsYUFBYSxFQUFDLGtDQUFrQyxFQUFDLEVBQUMscUJBQXFCLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLGFBQWEsRUFBQyw0QkFBNEIsRUFBQyxFQUFDLFNBQVMsRUFBQyxFQUFDLE1BQU0sRUFBQyxRQUFRLEVBQUMsYUFBYSxFQUFDLGtEQUFrRCxFQUFDLHNCQUFzQixFQUFDLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxFQUFDLEVBQUMsYUFBYSxFQUFDLEVBQUMsTUFBTSxFQUFDLFFBQVEsRUFBQyxhQUFhLEVBQUMsb0lBQW9JLEVBQUMsc0JBQXNCLEVBQUMsRUFBQyxNQUFNLEVBQUMsUUFBUSxFQUFDLEVBQUMsRUFBQyxFQUFDLHNCQUFzQixFQUFDLEtBQUssRUFBQyxDQUFBO0FBUTV3QixRQUFBLGdCQUFnQixHQUFHO0lBQy9CLElBQUksRUFBRTtRQUNMLFVBQVUsRUFBRSxrQ0FBMEI7UUFDdEMsZ0JBQWdCLEVBQUUsd0NBQWdDO0tBQ2xEO0NBQ0QsQ0FBQSJ9

package/lib/types/tunnel.d.ts

@@ -4,8 +4,8 @@ export type MakeTunnelBaseOpts<O> = O & {
     onMessage?(data: Uint8Array): void;
 };
 export type Tunnel<E> = E & {
-    write(data: Uint8Array): void;
-    close(err?: Error): void;
+    write(data: Uint8Array): void | Promise<void>;
+    close(err?: Error): void | Promise<void>;
 };
 export type MakeTunnelFn<O, E = {}> = (opts: MakeTunnelBaseOpts<O>) => (Tunnel<E> | Promise<Tunnel<E>>);
 export type Transcript<T> = {

package/lib/types/zk.d.ts

@@ -1,15 +1,23 @@
-import { EncryptionAlgorithm, ZKEngine, ZKOperator } from '@reclaimprotocol/zk-symmetric-crypto';
+import { EncryptionAlgorithm, OPRFOperator, ZKEngine, ZKOperator } from '@reclaimprotocol/zk-symmetric-crypto';
+import { TOPRFPayload } from '../proto/api';
 export type ZKOperators = {
     [E in EncryptionAlgorithm]?: ZKOperator;
 };
+export type OPRFOperators = {
+    [E in EncryptionAlgorithm]?: OPRFOperator;
+};
 export type PrepareZKProofsBaseOpts = {
     /** get ZK operator for specified algorithm */
     zkOperators?: ZKOperators;
+    oprfOperators?: OPRFOperators;
     /**
      * max number of ZK proofs to generate concurrently
-     * @default 1
+     * @default 10
      */
     zkProofConcurrency?: number;
-    maxZkChunks?: number;
     zkEngine?: ZKEngine;
 };
+export type TOPRFProofParams = TOPRFPayload & {
+    mask: Uint8Array;
+    plaintext: Uint8Array;
+};

package/lib/utils/auth.d.ts

@@ -0,0 +1,7 @@
+import { AuthenticatedUserData, AuthenticationRequest, ServiceSignatureType } from '../proto/api';
+export declare function assertValidAuthRequest(request: AuthenticationRequest | undefined, signatureType: ServiceSignatureType): Promise<void>;
+/**
+ * Create an authentication request with the given data and private key,
+ * which can then be used to authenticate with the service.
+ */
+export declare function createAuthRequest(_data: Partial<AuthenticatedUserData>, privateKey: string): Promise<AuthenticationRequest>;

package/lib/utils/auth.js

@@ -0,0 +1,64 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.assertValidAuthRequest = assertValidAuthRequest;
+exports.createAuthRequest = createAuthRequest;
+const ethers_1 = require("ethers");
+const config_1 = require("../config");
+const api_1 = require("../proto/api");
+const env_1 = require("../utils/env");
+const error_1 = require("../utils/error");
+const generics_1 = require("../utils/generics");
+const signatures_1 = require("../utils/signatures");
+async function assertValidAuthRequest(request, signatureType) {
+    const publicKey = (0, env_1.getEnvVariable)('AUTHENTICATION_PUBLIC_KEY');
+    // nothing to verify
+    if (!request) {
+        // if pub key is provided -- but user didn't attempt to
+        // authenticate, then we should throw an error
+        if (publicKey) {
+            throw new error_1.AttestorError('ERROR_AUTHENTICATION_FAILED', 'User must be authenticated');
+        }
+        return;
+    }
+    if (!publicKey) {
+        throw new error_1.AttestorError('ERROR_BAD_REQUEST', 'The attestor is not configured for authentication');
+    }
+    const { signature, data } = request;
+    if (!data) {
+        throw new error_1.AttestorError('ERROR_AUTHENTICATION_FAILED', 'Missing data in auth request');
+    }
+    if (data.expiresAt < (0, generics_1.unixTimestampSeconds)()) {
+        throw new error_1.AttestorError('ERROR_AUTHENTICATION_FAILED', 'Authentication request has expired');
+    }
+    const proto = api_1.AuthenticatedUserData.encode(data).finish();
+    const signatureAlg = signatures_1.SIGNATURES[signatureType];
+    const address = signatureAlg.getAddress(await ethers_1.ethers.utils.arrayify(publicKey));
+    const verified = await signatureAlg
+        .verify(proto, signature, address);
+    if (!verified) {
+        throw new error_1.AttestorError('ERROR_AUTHENTICATION_FAILED', 'Signature verification failed');
+    }
+}
+/**
+ * Create an authentication request with the given data and private key,
+ * which can then be used to authenticate with the service.
+ */
+async function createAuthRequest(_data, privateKey) {
+    const createdAt = (0, generics_1.unixTimestampSeconds)();
+    const data = {
+        createdAt,
+        expiresAt: createdAt + config_1.DEFAULT_AUTH_EXPIRY_S,
+        id: '',
+        hostWhitelist: [],
+        ..._data,
+    };
+    const proto = api_1.AuthenticatedUserData.encode(data).finish();
+    const signature = await signatures_1.SelectedServiceSignature
+        .sign(proto, privateKey);
+    const request = {
+        data,
+        signature
+    };
+    return request;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXV0aC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy91dGlscy9hdXRoLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBUUEsd0RBc0RDO0FBTUQsOENBcUJDO0FBekZELG1DQUErQjtBQUMvQix1Q0FBa0Q7QUFDbEQsdUNBQWtHO0FBQ2xHLHVDQUE4QztBQUM5QywyQ0FBK0M7QUFDL0MsaURBQXlEO0FBQ3pELHFEQUEyRTtBQUVwRSxLQUFLLFVBQVUsc0JBQXNCLENBQzNDLE9BQTBDLEVBQzFDLGFBQW1DO0lBRW5DLE1BQU0sU0FBUyxHQUFHLElBQUEsb0JBQWMsRUFBQywyQkFBMkIsQ0FBQyxDQUFBO0lBQzdELG9CQUFvQjtJQUNwQixJQUFHLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDYix1REFBdUQ7UUFDdkQsOENBQThDO1FBQzlDLElBQUcsU0FBUyxFQUFFLENBQUM7WUFDZCxNQUFNLElBQUkscUJBQWEsQ0FDdEIsNkJBQTZCLEVBQzdCLDRCQUE0QixDQUM1QixDQUFBO1FBQ0YsQ0FBQztRQUVELE9BQU07SUFDUCxDQUFDO0lBRUQsSUFBRyxDQUFDLFNBQVMsRUFBRSxDQUFDO1FBQ2YsTUFBTSxJQUFJLHFCQUFhLENBQ3RCLG1CQUFtQixFQUNuQixtREFBbUQsQ0FDbkQsQ0FBQTtJQUNGLENBQUM7SUFFRCxNQUFNLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxHQUFHLE9BQU8sQ0FBQTtJQUNuQyxJQUFHLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDVixNQUFNLElBQUkscUJBQWEsQ0FDdEIsNkJBQTZCLEVBQzdCLDhCQUE4QixDQUM5QixDQUFBO0lBQ0YsQ0FBQztJQUVELElBQUcsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFBLCtCQUFvQixHQUFFLEVBQUUsQ0FBQztRQUM1QyxNQUFNLElBQUkscUJBQWEsQ0FDdEIsNkJBQTZCLEVBQzdCLG9DQUFvQyxDQUNwQyxDQUFBO0lBQ0YsQ0FBQztJQUVELE1BQU0sS0FBSyxHQUFHLDJCQUFxQixDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQTtJQUN6RCxNQUFNLFlBQVksR0FBRyx1QkFBVSxDQUFDLGFBQWEsQ0FBQyxDQUFBO0lBQzlDLE1BQU0sT0FBTyxHQUFHLFlBQVksQ0FBQyxVQUFVLENBQ3RDLE1BQU0sZUFBTSxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLENBQ3RDLENBQUE7SUFDRCxNQUFNLFFBQVEsR0FBRyxNQUFNLFlBQVk7U0FDakMsTUFBTSxDQUFDLEtBQUssRUFBRSxTQUFTLEVBQUUsT0FBTyxDQUFDLENBQUE7SUFDbkMsSUFBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQ2QsTUFBTSxJQUFJLHFCQUFhLENBQ3RCLDZCQUE2QixFQUM3QiwrQkFBK0IsQ0FDL0IsQ0FBQTtJQUNGLENBQUM7QUFDRixDQUFDO0FBRUQ7OztHQUdHO0FBQ0ksS0FBSyxVQUFVLGlCQUFpQixDQUN0QyxLQUFxQyxFQUNyQyxVQUFrQjtJQUVsQixNQUFNLFNBQVMsR0FBRyxJQUFBLCtCQUFvQixHQUFFLENBQUE7SUFDeEMsTUFBTSxJQUFJLEdBQTBCO1FBQ25DLFNBQVM7UUFDVCxTQUFTLEVBQUUsU0FBUyxHQUFHLDhCQUFxQjtRQUM1QyxFQUFFLEVBQUUsRUFBRTtRQUNOLGFBQWEsRUFBRSxFQUFFO1FBQ2pCLEdBQUcsS0FBSztLQUNSLENBQUE7SUFDRCxNQUFNLEtBQUssR0FBRywyQkFBcUIsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsTUFBTSxFQUFFLENBQUE7SUFDekQsTUFBTSxTQUFTLEdBQUcsTUFBTSxxQ0FBd0I7U0FDOUMsSUFBSSxDQUFDLEtBQUssRUFBRSxVQUFVLENBQUMsQ0FBQTtJQUN6QixNQUFNLE9BQU8sR0FBMEI7UUFDdEMsSUFBSTtRQUNKLFNBQVM7S0FDVCxDQUFBO0lBRUQsT0FBTyxPQUFPLENBQUE7QUFDZixDQUFDIn0=

package/lib/utils/b64-json.d.ts

@@ -0,0 +1,2 @@
+export declare const B64_JSON_REPLACER: (key: string, value: any) => any;
+export declare const B64_JSON_REVIVER: (key: string, value: any) => any;

package/lib/utils/b64-json.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.B64_JSON_REVIVER = exports.B64_JSON_REPLACER = void 0;
+const utils_1 = require("ethers/lib/utils");
+const B64_JSON_REPLACER = (key, value) => {
+    if (value instanceof Uint8Array
+        || (typeof value === 'object'
+            && value
+            && 'buffer' in value
+            && value.buffer instanceof ArrayBuffer)) {
+        return { type: 'uint8array', value: utils_1.base64.encode(value) };
+    }
+    return value;
+};
+exports.B64_JSON_REPLACER = B64_JSON_REPLACER;
+const B64_JSON_REVIVER = (key, value) => {
+    if ((value === null || value === void 0 ? void 0 : value.type) === 'uint8array') {
+        return utils_1.base64.decode(value.value);
+    }
+    return value;
+};
+exports.B64_JSON_REVIVER = B64_JSON_REVIVER;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYjY0LWpzb24uanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvdXRpbHMvYjY0LWpzb24udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsNENBQXlDO0FBRWxDLE1BQU0saUJBQWlCLEdBQUcsQ0FBQyxHQUFXLEVBQUUsS0FBVSxFQUFFLEVBQUU7SUFDNUQsSUFDQyxLQUFLLFlBQVksVUFBVTtXQUN4QixDQUNGLE9BQU8sS0FBSyxLQUFLLFFBQVE7ZUFDdEIsS0FBSztlQUNMLFFBQVEsSUFBSSxLQUFLO2VBQ2pCLEtBQUssQ0FBQyxNQUFNLFlBQVksV0FBVyxDQUN0QyxFQUNBLENBQUM7UUFDRixPQUFPLEVBQUUsSUFBSSxFQUFFLFlBQVksRUFBRSxLQUFLLEVBQUUsY0FBTSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFBO0lBQzNELENBQUM7SUFFRCxPQUFPLEtBQUssQ0FBQTtBQUNiLENBQUMsQ0FBQTtBQWRZLFFBQUEsaUJBQWlCLHFCQWM3QjtBQUVNLE1BQU0sZ0JBQWdCLEdBQUcsQ0FBQyxHQUFXLEVBQUUsS0FBVSxFQUFFLEVBQUU7SUFDM0QsSUFBRyxDQUFBLEtBQUssYUFBTCxLQUFLLHVCQUFMLEtBQUssQ0FBRSxJQUFJLE1BQUssWUFBWSxFQUFFLENBQUM7UUFDakMsT0FBTyxjQUFNLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQTtJQUNsQyxDQUFDO0lBRUQsT0FBTyxLQUFLLENBQUE7QUFDYixDQUFDLENBQUE7QUFOWSxRQUFBLGdCQUFnQixvQkFNNUIifQ==

package/lib/utils/bgp-listener.d.ts

@@ -0,0 +1,7 @@
+import type { Logger } from 'pino';
+import { BGPListener } from '../types';
+/**
+ * Listens for BGP announcements and emits events whenever
+ * an announcement overlaps with a target IP.
+ */
+export declare function createBgpListener(logger: Logger): BGPListener;