@rialo/ts-cdk 0.1.10 → 0.2.0-alpha.1

package/dist/index.d.ts

@@ -1,139 +1,4 @@
-/**
- * Error handling for the Rialo CDK.
- *
- * This module defines the common error types used throughout the Rialo CDK.
- * It provides a centralized error handling mechanism for all operations.
- */
-/**
- * Structured RPC error information parsed from JSON-RPC error responses.
- */
-interface RpcErrorDetails$1 {
-    /** HTTP status code (e.g., 200, 422, 500) */
-    status?: number;
-    /** JSON-RPC error code (e.g., -32002) */
-    code: number;
-    /** Human-readable error message */
-    message: string;
-}
-/**
- * Error types for different subsystems in the Rialo CDK.
- */
-declare enum RialoErrorType {
-    /** Errors related to file or system I/O operations */
-    IO = "IO",
-    /** Errors occurring during RPC communication with blockchain nodes */
-    RPC = "RPC",
-    /** Errors related to public key parsing or validation */
-    PARSE_PUBKEY = "PARSE_PUBKEY",
-    /** Errors related to blockhash parsing or validation */
-    INVALID_BLOCKHASH_FORMAT = "INVALID_BLOCKHASH_FORMAT",
-    /** Errors related to wallet operations such as creation, loading, or signing */
-    WALLET = "WALLET",
-    /** Errors related to configuration loading, parsing, or validation */
-    CONFIG = "CONFIG",
-    /** Errors occurring during transaction building, signing, or submission */
-    TRANSACTION = "TRANSACTION",
-    /** Network-related errors, including HTTP client errors */
-    NETWORK = "NETWORK",
-    /** Errors related to password handling, validation, or verification */
-    PASSWORD = "PASSWORD",
-    /** Errors related to encryption or decryption operations */
-    ENCRYPTION = "ENCRYPTION",
-    /** Errors occurring during JSON parsing, serialization, or deserialization */
-    JSON = "JSON",
-    /** Errors related to BIP32 key derivation */
-    BIP32 = "BIP32",
-    /** Errors related to invalid input parameters or data */
-    INVALID_INPUT = "INVALID_INPUT",
-    /** Errors related to serialization/deserialization */
-    SERIALIZATION = "SERIALIZATION"
-}
-/**
- * Base error class for all Rialo CDK errors.
- *
- * Provides structured error handling with type categorization and optional
- * cause tracking for error chains. Use the static factory methods for
- * consistent error creation across the SDK.
- *
- * @example
- * ```typescript
- * // Create typed errors using factory methods
- * throw RialoError.invalidInput("Amount must be positive");
- * throw RialoError.network("Connection failed", originalError);
- * throw RialoError.rpc({ code: -32002, message: "Invalid params" });
- *
- * // Handle errors with type information
- * try {
- *   await client.sendTransaction(tx);
- * } catch (error) {
- *   if (error instanceof RialoError && error.type === RialoErrorType.NETWORK) {
- *     console.log("Network error, retrying...");
- *   }
- * }
- * ```
- */
-declare class RialoError extends Error {
-    readonly type: RialoErrorType;
-    readonly cause?: Error;
-    readonly details?: RpcErrorDetails$1;
-    constructor(type: RialoErrorType, message: string, cause?: Error, details?: RpcErrorDetails$1);
-    /**
-     * Creates an IO error.
-     */
-    static io(message: string, cause?: Error): RialoError;
-    /**
-     * Creates an RPC error.
-     */
-    static rpc(details: RpcErrorDetails$1): RialoError;
-    /**
-     * Creates a public key parsing error.
-     */
-    static parsePubkey(message: string): RialoError;
-    /**
-     * Creates a blockhash format error.
-     */
-    static invalidBlockhash(message: string): RialoError;
-    /**
-     * Creates a wallet error.
-     */
-    static wallet(message: string): RialoError;
-    /**
-     * Creates a configuration error.
-     */
-    static config(message: string): RialoError;
-    /**
-     * Creates a transaction error.
-     */
-    static transaction(message: string): RialoError;
-    /**
-     * Creates a network error.
-     */
-    static network(message: string, cause?: Error): RialoError;
-    /**
-     * Creates a password error.
-     */
-    static password(message: string): RialoError;
-    /**
-     * Creates an encryption error.
-     */
-    static encryption(message: string): RialoError;
-    /**
-     * Creates a JSON error.
-     */
-    static json(message: string, cause?: Error): RialoError;
-    /**
-     * Creates a BIP32 error.
-     */
-    static bip32(message: string): RialoError;
-    /**
-     * Creates an invalid input error.
-     */
-    static invalidInput(message: string): RialoError;
-    /**
-     * Creates a serialization error.
-     */
-    static serialization(message: string): RialoError;
-}
+export { field, fixedArray, option, vec } from '@dao-xyz/borsh';
 
 interface HttpTransportConfig {
     /** Request timeout in milliseconds */
@@ -228,10 +93,13 @@ declare const URL_TESTNET: string;
 declare const URL_DEVNET: string;
 /** Rialo localnet RPC URL */
 declare const URL_LOCALNET: string;
+/** Rialo shitnet RPC URL */
+declare const URL_SHITNET: string;
 declare const RIALO_MAINNET_CHAIN: ChainDefinition;
 declare const RIALO_TESTNET_CHAIN: ChainDefinition;
 declare const RIALO_DEVNET_CHAIN: ChainDefinition;
 declare const RIALO_LOCALNET_CHAIN: ChainDefinition;
+declare const RIALO_SHITNET_CHAIN: ChainDefinition;
 /** System program ID */
 declare const SYSTEM_PROGRAM_ID: string;
 /** Base derivation path for Rialo wallets (BIP44 coin type 756) */
@@ -252,7 +120,12 @@ declare enum CryptoErrorCode {
     INVALID_BLOCKHASH = "INVALID_BLOCKHASH",
     INVALID_MNEMONIC = "INVALID_MNEMONIC",
     KEY_DERIVATION_FAILED = "KEY_DERIVATION_FAILED",
-    KEYPAIR_DISPOSED = "KEYPAIR_DISPOSED"
+    KEYPAIR_DISPOSED = "KEYPAIR_DISPOSED",
+    MAX_SEED_LENGTH_EXCEEDED = "MAX_SEED_LENGTH_EXCEEDED",
+    MAX_SEEDS_EXCEEDED = "MAX_SEEDS_EXCEEDED",
+    INVALID_SEEDS_ON_CURVE = "INVALID_SEEDS_ON_CURVE",
+    NO_VIABLE_BUMP_SEED = "NO_VIABLE_BUMP_SEED",
+    INVALID_SEED = "INVALID_SEED"
 }
 /**
  * Error class for cryptographic operations.
@@ -316,6 +189,18 @@ declare class Signature {
     toJSON(): string;
 }
 
+/**
+ * A seed for PDA derivation - string (UTF-8) or raw bytes.
+ */
+type Seed = string | Uint8Array;
+/**
+ * Bump seed (0-255) that pushes derived address off the Ed25519 curve.
+ */
+type Bump = number;
+/**
+ * Result of PDA derivation: [address, bump].
+ */
+type PDA = readonly [PublicKey, Bump];
 /**
  * Represents a 32-byte Ed25519 public key.
  *
@@ -350,6 +235,80 @@ declare class PublicKey {
      * @throws {CryptoError} If string is invalid or decodes to wrong length
      */
     static fromString(str: string): PublicKey;
+    /**
+     * Derives a program address from seeds and a program ID.
+     *
+     * @remarks
+     * This is the low-level derivation function. It will throw if the resulting
+     * address falls on the Ed25519 curve. For most use cases, prefer
+     * {@link findProgramAddress} which automatically finds a valid bump seed.
+     *
+     * Use this method when you already know the bump seed (e.g., stored on-chain
+     * or passed from a previous computation) for better performance.
+     *
+     * @param seeds - Array of seeds (strings or byte arrays, max 16 seeds, each max 32 bytes)
+     * @param programId - The program that will own this PDA
+     * @returns The derived public key
+     * @throws {CryptoError} If seeds exceed limits or result is on curve
+     *
+     * @example
+     * ```typescript
+     * // With known bump seed (most efficient for verification)
+     * const pda = PublicKey.createProgramAddress(
+     *   ["metadata", mintPubkey.toBytes(), new Uint8Array([254])],
+     *   metadataProgramId
+     * );
+     * ```
+     */
+    static createProgramAddress(seeds: Seed[], programId: PublicKey): PublicKey;
+    /**
+     * Finds a valid program derived address by searching for a bump seed.
+     *
+     * @remarks
+     * Iterates from bump 255 down to 0, returning the first combination that
+     * produces an address off the Ed25519 curve. The bump seed should be stored
+     * or passed to programs to allow efficient verification via {@link createProgramAddress}.
+     *
+     * @param seeds - Array of seeds (max 16 seeds, each max 32 bytes)
+     * @param programId - The program that will own this PDA
+     * @returns Tuple of [PublicKey, Bump] where bump is 0-255
+     * @throws {CryptoError} If no valid bump found (extremely rare) or seeds invalid
+     *
+     * @example
+     * ```typescript
+     * const [vaultPda, vaultBump] = PublicKey.findProgramAddress(
+     *   ["vault", userPubkey.toBytes()],
+     *   programId
+     * );
+     *
+     * // Store bump for later use
+     * console.log(`Vault: ${vaultPda}, Bump: ${vaultBump}`);
+     * ```
+     */
+    static findProgramAddress(seeds: Seed[], programId: PublicKey): PDA;
+    /**
+     * Creates a derived address from a base address, seed string, and program ID.
+     *
+     * @remarks
+     * Unlike PDAs, this derivation CAN produce addresses on the curve.
+     * This is useful for creating deterministic addresses that a user can sign for,
+     * where the base address's private key holder can sign transactions.
+     *
+     * @param baseAddress - The base public key (signer)
+     * @param seed - A seed string (max 32 bytes when UTF-8 encoded)
+     * @param programId - The program that will own the derived account
+     * @returns The derived address
+     *
+     * @example
+     * ```typescript
+     * const derivedAddress = PublicKey.createWithSeed(
+     *   userPubkey,
+     *   "savings-account",
+     *   systemProgramId
+     * );
+     * ```
+     */
+    static createWithSeed(baseAddress: PublicKey, seed: string, programId: PublicKey): PublicKey;
     /**
      * Returns a copy of the raw bytes.
      */
@@ -377,6 +336,12 @@ declare class PublicKey {
      * ```
      */
     verify(message: Uint8Array, signature: Signature): boolean;
+    /**
+     * Checks if the public key is on the Ed25519 curve.
+     *
+     * @returns True if the public key is on the curve, false otherwise
+     */
+    isOnCurve(): boolean;
     /**
      * JSON serialization (returns base58 string).
      */
@@ -599,674 +564,536 @@ declare class Mnemonic {
 }
 
 /**
- * Metadata about an account in a transaction.
- */
-interface AccountMeta {
-    /** Account public key */
-    readonly pubkey: PublicKey;
-    /** Whether this account must sign the transaction */
-    readonly isSigner: boolean;
-    /** Whether this account's data will be modified */
-    readonly isWritable: boolean;
-}
-/**
- * An instruction to execute on-chain.
+ * Checks if a 32-byte array represents a valid point on the Ed25519 curve.
+ *
+ * This is used for PDA (Program Derived Address) derivation, where valid PDAs
+ * must NOT be on the curve to ensure they can only be signed by the program.
+ *
+ * @param bytes - 32-byte public key or hash to check
+ * @returns true if the bytes represent a valid Ed25519 point, false otherwise
+ *
+ * @example
+ * ```typescript
+ * const hash = sha256(data);
+ * if (!isOnCurve(hash)) {
+ *   // Valid PDA - not on curve
+ * }
+ * ```
  */
-interface Instruction {
-    /** Program that will execute this instruction */
-    readonly programId: PublicKey;
-    /** Accounts used by this instruction */
-    readonly accounts: readonly AccountMeta[];
-    /** Instruction-specific data */
-    readonly data: Uint8Array;
-}
+declare function isOnCurve(bytes: Uint8Array): boolean;
 /**
- * Message header containing signature requirements.
+ * Converts a seed to a 32-byte array.
+ *
+ * @param seed - Seed to convert
+ * @returns 32-byte array
  */
-interface MessageHeader {
-    /** Number of signatures required */
-    readonly numRequiredSignatures: number;
-    /** Number of read-only signed accounts */
-    readonly numReadonlySignedAccounts: number;
-    /** Number of read-only unsigned accounts */
-    readonly numReadonlyUnsignedAccounts: number;
-}
+declare function seedToBytes(seed: Seed): Uint8Array;
 /**
- * Compiled instruction with account indices.
+ * Concatenates multiple byte arrays into a single byte array.
+ *
+ * @param arrays - Byte arrays to concatenate
+ * @returns Concatenated byte array
  */
-interface CompiledInstruction {
-    /** Index of program in account keys array */
-    readonly programIdIndex: number;
-    /** Indices of accounts in account keys array */
-    readonly accountKeyIndexes: readonly number[];
-    /** Instruction data */
-    readonly data: Uint8Array;
-}
+declare function concatBytes(...arrays: Uint8Array[]): Uint8Array;
 
 /**
- * Account metadata table for deduplication and sorting.
- * Avoids: Complex account sorting logic scattered throughout builder
+ * Error handling for the Rialo CDK.
+ *
+ * This module defines the common error types used throughout the Rialo CDK.
+ * It provides a centralized error handling mechanism for all operations.
  */
-
 /**
- * Internal account entry with aggregated metadata.
+ * Structured RPC error information parsed from JSON-RPC error responses.
  */
-interface AccountEntry {
-    pubkey: PublicKey;
-    isSigner: boolean;
-    isWritable: boolean;
+interface RpcErrorDetails$1 {
+    /** HTTP status code (e.g., 200, 422, 500) */
+    status?: number;
+    /** JSON-RPC error code (e.g., -32002) */
+    code: number;
+    /** Human-readable error message */
+    message: string;
 }
 /**
- * Manages account deduplication and sorting for transaction messages.
- *
- * Accounts are sorted according to these rules:
- * 1. Signer + writable accounts first
- * 2. Then signer + readonly accounts
- * 3. Then non-signer + writable accounts
- * 4. Finally non-signer + readonly accounts
- * 5. Within each group, sort by public key bytes
- *
- * This matches Solana's account sorting rules for compatibility.
+ * Error types for different subsystems in the Rialo CDK.
  */
-declare class AccountMetaTable {
-    private readonly accounts;
-    private readonly accountOrder;
-    /**
-     * Add or update an account in the table.
-     * If account already exists, merges signer/writable flags (OR operation).
-     */
-    add(meta: AccountMeta): void;
+declare enum RialoErrorType {
+    /** Errors related to file or system I/O operations */
+    IO = "IO",
+    /** Errors occurring during RPC communication with blockchain nodes */
+    RPC = "RPC",
+    /** Errors related to public key parsing or validation */
+    PARSE_PUBKEY = "PARSE_PUBKEY",
+    /** Errors related to blockhash parsing or validation */
+    INVALID_BLOCKHASH_FORMAT = "INVALID_BLOCKHASH_FORMAT",
+    /** Errors related to wallet operations such as creation, loading, or signing */
+    WALLET = "WALLET",
+    /** Errors related to configuration loading, parsing, or validation */
+    CONFIG = "CONFIG",
+    /** Errors occurring during transaction building, signing, or submission */
+    TRANSACTION = "TRANSACTION",
+    /** Network-related errors, including HTTP client errors */
+    NETWORK = "NETWORK",
+    /** Errors related to password handling, validation, or verification */
+    PASSWORD = "PASSWORD",
+    /** Errors related to encryption or decryption operations */
+    ENCRYPTION = "ENCRYPTION",
+    /** Errors occurring during JSON parsing, serialization, or deserialization */
+    JSON = "JSON",
+    /** Errors related to BIP32 key derivation */
+    BIP32 = "BIP32",
+    /** Errors related to invalid input parameters or data */
+    INVALID_INPUT = "INVALID_INPUT",
+    /** Errors related to serialization/deserialization */
+    SERIALIZATION = "SERIALIZATION"
+}
+/**
+ * Base error class for all Rialo CDK errors.
+ *
+ * Provides structured error handling with type categorization and optional
+ * cause tracking for error chains. Use the static factory methods for
+ * consistent error creation across the SDK.
+ *
+ * @example
+ * ```typescript
+ * // Create typed errors using factory methods
+ * throw RialoError.invalidInput("Amount must be positive");
+ * throw RialoError.network("Connection failed", originalError);
+ * throw RialoError.rpc({ code: -32002, message: "Invalid params" });
+ *
+ * // Handle errors with type information
+ * try {
+ *   await client.sendTransaction(tx);
+ * } catch (error) {
+ *   if (error instanceof RialoError && error.type === RialoErrorType.NETWORK) {
+ *     console.log("Network error, retrying...");
+ *   }
+ * }
+ * ```
+ */
+declare class RialoError extends Error {
+    readonly type: RialoErrorType;
+    readonly cause?: Error;
+    readonly details?: RpcErrorDetails$1;
+    constructor(type: RialoErrorType, message: string, cause?: Error, details?: RpcErrorDetails$1);
     /**
-     * Add multiple accounts at once.
+     * Creates an IO error.
      */
-    addAll(metas: readonly AccountMeta[]): void;
+    static io(message: string, cause?: Error): RialoError;
     /**
-     * Get the index of an account in the sorted order.
-     * Returns -1 if account not found.
+     * Creates an RPC error.
      */
-    getIndex(pubkey: PublicKey): number;
+    static rpc(details: RpcErrorDetails$1): RialoError;
     /**
-     * Get sorted accounts according to transaction rules.
+     * Creates a public key parsing error.
      */
-    getSortedAccounts(): readonly AccountEntry[];
+    static parsePubkey(message: string): RialoError;
     /**
-     * Get the message header based on sorted accounts.
+     * Creates a blockhash format error.
      */
-    getHeader(): MessageHeader;
+    static invalidBlockhash(message: string): RialoError;
     /**
-     * Get sorted public keys.
+     * Creates a wallet error.
      */
-    getPublicKeys(): readonly PublicKey[];
+    static wallet(message: string): RialoError;
     /**
-     * Get number of accounts in table.
+     * Creates a configuration error.
      */
-    size(): number;
+    static config(message: string): RialoError;
+    /**
+     * Creates a transaction error.
+     */
+    static transaction(message: string): RialoError;
+    /**
+     * Creates a network error.
+     */
+    static network(message: string, cause?: Error): RialoError;
+    /**
+     * Creates a password error.
+     */
+    static password(message: string): RialoError;
+    /**
+     * Creates an encryption error.
+     */
+    static encryption(message: string): RialoError;
+    /**
+     * Creates a JSON error.
+     */
+    static json(message: string, cause?: Error): RialoError;
+    /**
+     * Creates a BIP32 error.
+     */
+    static bip32(message: string): RialoError;
+    /**
+     * Creates an invalid input error.
+     */
+    static invalidInput(message: string): RialoError;
+    /**
+     * Creates a serialization error.
+     */
+    static serialization(message: string): RialoError;
 }
 
 /**
- * Error codes for transaction operations.
+ * Error codes for HPKE encryption operations.
  */
-declare enum TransactionErrorCode {
-    INVALID_INSTRUCTION = "INVALID_INSTRUCTION",
-    INVALID_ACCOUNT_META = "INVALID_ACCOUNT_META",
-    NO_INSTRUCTIONS = "NO_INSTRUCTIONS",
-    DUPLICATE_ACCOUNT = "DUPLICATE_ACCOUNT",
-    MISSING_SIGNATURE = "MISSING_SIGNATURE",
-    INVALID_SIGNATURE = "INVALID_SIGNATURE",
-    SIGNATURE_OUT_OF_BOUNDS = "SIGNATURE_OUT_OF_BOUNDS",
-    SIGNER_NOT_FOUND = "SIGNER_NOT_FOUND",
-    ALREADY_SIGNED = "ALREADY_SIGNED",
-    INVALID_MESSAGE_FORMAT = "INVALID_MESSAGE_FORMAT",
-    INSUFFICIENT_DATA = "INSUFFICIENT_DATA",
-    SERIALIZATION_FAILED = "SERIALIZATION_FAILED",
-    SIMULATION_FAILED = "SIMULATION_FAILED",
-    INSUFFICIENT_FUNDS = "INSUFFICIENT_FUNDS",
-    BLOCKHASH_EXPIRED = "BLOCKHASH_EXPIRED"
+declare enum HpkeErrorCode {
+    /** Key length does not match expected size */
+    INVALID_KEY_LENGTH = "INVALID_KEY_LENGTH",
+    /** Ciphertext is shorter than minimum required length */
+    CIPHERTEXT_TOO_SHORT = "CIPHERTEXT_TOO_SHORT",
+    /** HPKE encryption operation failed */
+    ENCRYPTION_FAILED = "ENCRYPTION_FAILED",
+    /** Failed to deserialize Borsh data */
+    BORSH_DESERIALIZE_FAILED = "BORSH_DESERIALIZE_FAILED",
+    /** RexValue has invalid variant byte */
+    INVALID_ORACLE_VALUE = "INVALID_ORACLE_VALUE"
 }
 /**
- * Error class for transaction operations with structured error information.
+ * Error class for HPKE encryption operations.
+ *
+ * Provides detailed error information for encryption failures,
+ * including error codes and contextual details.
  */
-declare class TransactionError extends Error {
-    readonly code: TransactionErrorCode;
-    readonly details?: Record<string, unknown> | undefined;
-    constructor(code: TransactionErrorCode, message: string, details?: Record<string, unknown> | undefined);
-    static noInstructions(): TransactionError;
-    static signerNotFound(pubkey: string): TransactionError;
-    static missingSignature(index: number, pubkey: string): TransactionError;
-    static simulationFailed(logs: string[], error: string): TransactionError;
-    static insufficientFunds(required: bigint, available: bigint): TransactionError;
-    toJSON(): {
-        code: TransactionErrorCode;
-        message: string;
-        details?: Record<string, unknown>;
-    };
+declare class HpkeError extends Error {
+    readonly code: HpkeErrorCode;
+    readonly cause?: Error;
+    constructor(code: HpkeErrorCode, message: string, cause?: Error);
+    /**
+     * Create an error for invalid key length.
+     *
+     * @param expected - Expected key length in bytes
+     * @param actual - Actual key length in bytes
+     * @param keyType - Description of the key type (e.g., "REX public key")
+     */
+    static invalidKeyLength(expected: number, actual: number, keyType: string): HpkeError;
+    /**
+     * Create an error for ciphertext that is too short.
+     *
+     * @param minLength - Minimum required length
+     * @param actual - Actual length
+     */
+    static ciphertextTooShort(minLength: number, actual: number): HpkeError;
+    /**
+     * Create an error for encryption failure.
+     *
+     * @param cause - The underlying error
+     */
+    static encryptionFailed(cause: Error): HpkeError;
+    /**
+     * Create an error for Borsh deserialization failure.
+     *
+     * @param cause - The underlying error
+     */
+    static borshDeserializeFailed(cause: Error): HpkeError;
+    /**
+     * Create an error for invalid RexValue variant.
+     *
+     * @param variant - The invalid variant byte
+     */
+    static invalidRexValue(variant: number): HpkeError;
 }
 
 /**
- * Create an instruction with Borsh-encoded data.
+ * Constants for REX HPKE encryption.
  *
- * @example
- * ```typescript
- * // Define your instruction data class
- * class MyInstructionData {
- *   @field({ type: 'u8' })
- *   instruction: number;
+ * These constants MUST match the Rust implementation exactly:
+ * - `crates/tee/secret-sharing/src/constants.rs`
  *
- *   @field({ type: 'u64' })
- *   amount: bigint;
+ * @module
+ */
+/**
+ * Additional Authenticated Data (AAD) prefix for user secrets.
  *
- *   @field({ type: option('string') })
- *   memo?: string;
- * }
+ * This 13-byte string is prepended to the sender's public key to form
+ * the complete AAD for HPKE encryption. It provides domain separation
+ * to prevent cross-protocol attacks.
  *
- * // Create instruction
- * const instruction = createBorshInstruction({
- *   programId: myProgramId,
- *   accounts: [
- *     { pubkey: account1, isSigner: true, isWritable: true },
- *     { pubkey: account2, isSigner: false, isWritable: false },
- *   ],
- *   data: new MyInstructionData({
- *     instruction: 5,
- *     amount: 1000n,
- *     memo: "Hello, Rialo!",
- *   }),
- * });
- * ```
+ * Format: `USER_SECRET_AAD || senderPubkey` = 45 bytes total AAD
+ *
+ * @remarks
+ * Must match Rust: `pub const USER_SECRET_AAD: &[u8] = b"rex-secret-v1";`
  */
-declare function createBorshInstruction<T>(params: {
-    programId: PublicKey;
-    accounts: AccountMeta[];
-    data: T;
-}): Instruction;
+declare const USER_SECRET_AAD: Uint8Array<ArrayBuffer>;
 /**
- * Helper for creating Borsh-serialized instruction data from a plain object.
+ * HPKE info string for secret sharing context.
  *
- * This is useful when you don't want to define a class with decorators.
+ * This 32-byte string is used as the `info` parameter in HPKE encryption,
+ * providing domain separation for secret sharing operations.
  *
- * @example
- * ```typescript
- * const data = encodeBorshData({
- *   instruction: { type: 'u8', value: 1 },
- *   amount: { type: 'u64', value: 1000n },
- *   recipient: { type: fixedArray('u8', 32), value: recipientBytes },
- * });
- * ```
+ * @remarks
+ * Must match Rust: `pub const SECRET_SHARING_HPKE_INFO: &[u8; 32] = b"rialo/tee/secret-sharing-hpke/v1";`
  */
-declare function encodeBorshData(_schema: Record<string, {
-    type: unknown;
-    value: unknown;
-}>): Uint8Array;
+declare const SECRET_SHARING_HPKE_INFO: Uint8Array<ArrayBuffer>;
+/**
+ * Length of an X25519 public key in bytes.
+ *
+ * Used for the REX encryption public key (secret sharing key).
+ */
+declare const X25519_PUBLIC_KEY_LENGTH = 32;
+/**
+ * Length of an Ed25519 public key in bytes.
+ *
+ * Used for sender identity binding in AAD construction.
+ */
+declare const ED25519_PUBLIC_KEY_LENGTH = 32;
+/**
+ * Length of the HPKE encapsulated key (enc) in bytes.
+ *
+ * For X25519, this is always 32 bytes.
+ */
+declare const HPKE_ENC_LENGTH = 32;
+/**
+ * Length of the ChaCha20-Poly1305 authentication tag in bytes.
+ */
+declare const CHACHA20_POLY1305_TAG_LENGTH = 16;
+/**
+ * Total overhead added by HPKE encryption.
+ *
+ * This is the additional bytes beyond the plaintext:
+ * - enc (32 bytes): Encapsulated ephemeral public key
+ * - tag (16 bytes): ChaCha20-Poly1305 authentication tag
+ *
+ * Ciphertext length = plaintext length + 48 bytes
+ */
+declare const HPKE_OVERHEAD_LENGTH: number;
 
 /**
- * System program instruction types.
+ * Variant discriminator for RexValue Borsh serialization.
  */
-declare enum SystemInstruction {
-    CreateAccount = 0,
-    Assign = 1,
-    Transfer = 2,
-    CreateAccountWithSeed = 3,
-    AdvanceNonceAccount = 4,
-    WithdrawNonceAccount = 5,
-    InitializeNonceAccount = 6,
-    AuthorizeNonceAccount = 7,
-    Allocate = 8,
-    AllocateWithSeed = 9,
-    AssignWithSeed = 10,
-    TransferWithSeed = 11
+declare enum RexValueVariant {
+    /** Plain (unencrypted) data variant */
+    Plain = 0,
+    /** Encrypted data variant */
+    Encrypted = 1
 }
 /**
- * Create a transfer instruction.
+ * Represents an rex value that can be plain or encrypted.
  *
- * Transfers native tokens from one account to another.
+ * This class provides Borsh-compatible serialization that matches
+ * the Rust `RexValue` enum:
  *
- * @param from - Source account (must be signer)
- * @param to - Destination account
- * @param amount - Amount to transfer in smallest denomination (lamports)
+ * ```rust
+ * pub enum RexValue {
+ *     Plain(Vec<u8>),
+ *     Encrypted(Vec<u8>),
+ * }
+ * ```
+ *
+ * ## Borsh Format
+ *
+ * - Plain: `[0x00] [length: u32 LE] [data bytes]`
+ * - Encrypted: `[0x01] [length: u32 LE] [ciphertext bytes]`
  *
  * @example
  * ```typescript
- * const instruction = transferInstruction(fromPubkey, toPubkey, 1_000_000n);
+ * // Plain value (unencrypted)
+ * const plain = RexValue.plain(new TextEncoder().encode("hello"));
  *
- * const tx = TransactionBuilder.create()
- *   .setPayer(fromPubkey)
- *   .addInstruction(instruction)
- *   .build();
- * ```
- */
-declare function transferInstruction(from: PublicKey, to: PublicKey, amount: bigint): Instruction;
-/**
- * Create an account creation instruction.
- *
- * @param from - Funding account (must be signer)
- * @param newAccount - New account to create (must be signer)
- * @param lamports - Initial balance for new account
- * @param space - Number of bytes to allocate for account data
- * @param owner - Program that will own the new account
- */
-declare function createAccount(from: PublicKey, newAccount: PublicKey, lamports: bigint, space: bigint, owner: PublicKey): Instruction;
-
-/**
- * An unsigned transaction message ready to be signed.
- *
- * This is the data that gets signed by transaction signers.
- * It's immutable to prevent accidental modification after creation.
+ * // Encrypted value (via HPKE)
+ * const encrypted = RexValue.encrypted(ciphertextBytes);
  *
- * @example
- * ```typescript
- * const message = MessageBuilder.create()
- *   .setPayer(payer)
- *   .setValidFrom(validFrom)
- *   .addInstruction(transferInstruction)
- *   .build();
+ * // Serialize to Borsh
+ * const borsh = plain.toBorsh();
  *
- * // Serialize for signing
- * const messageBytes = message.serialize();
+ * // Deserialize from Borsh
+ * const restored = RexValue.fromBorsh(borsh);
  * ```
  */
-declare class Message {
-    /** Message header with signature requirements */
-    readonly header: MessageHeader;
-    /** All account public keys referenced in the transaction */
-    readonly accountKeys: readonly PublicKey[];
-    /** Transaction valid from (milliseconds since Unix epoch) */
-    validFrom?: bigint;
-    /** Compiled instructions with account indices */
-    readonly instructions: readonly CompiledInstruction[];
-    /** Cached serialized bytes */
-    private serializedCache?;
-    constructor(header: MessageHeader, accountKeys: readonly PublicKey[], validFrom: bigint, instructions: readonly CompiledInstruction[]);
+declare class RexValue {
+    private readonly variant;
+    private readonly data;
+    private constructor();
     /**
-     * Serialize message to bytes for signing.
-     * Result is cached for performance.
+     * Create a plain (unencrypted) RexValue from raw bytes.
+     *
+     * @param data - The raw byte data
+     * @returns A new RexValue with Plain variant
      */
-    serialize(): Uint8Array;
+    static plain(data: Uint8Array): RexValue;
     /**
-     * Deserialize a message from wire format.
+     * Create a plain (unencrypted) RexValue from a UTF-8 string.
      *
-     * @param data - Serialized message bytes
-     * @returns Deserialized Message
+     * @param s - The string to encode
+     * @returns A new RexValue with Plain variant
      */
-    static deserialize(data: Uint8Array): Message;
-    private serializeInternal;
-    private serializeCompactArray;
-    private serializeCompactU16;
+    static plainString(s: string): RexValue;
     /**
-     * Get all signers required for this message.
+     * Create an encrypted RexValue from HPKE ciphertext.
+     *
+     * @param ciphertext - The HPKE-encrypted ciphertext (enc || ct || tag)
+     * @returns A new RexValue with Encrypted variant
      */
-    getSigners(): readonly PublicKey[];
+    static encrypted(ciphertext: Uint8Array): RexValue;
     /**
-     * Check if a public key is a required signer.
+     * Check if this is a plain (unencrypted) value.
      */
-    isSignerRequired(pubkey: PublicKey): boolean;
+    isPlain(): boolean;
     /**
-     * Get the index of a signer in the signers array.
-     * Returns -1 if not a signer.
+     * Check if this is an encrypted value.
      */
-    getSignerIndex(pubkey: PublicKey): number;
+    isEncrypted(): boolean;
+    /**
+     * Get the variant type.
+     */
+    getVariant(): RexValueVariant;
+    /**
+     * Get the raw bytes (plaintext or ciphertext).
+     *
+     * For Plain values, returns the plaintext.
+     * For Encrypted values, returns the ciphertext.
+     */
+    asBytes(): Uint8Array;
+    /**
+     * Try to decode the plain value as a UTF-8 string.
+     *
+     * @returns The decoded string, or null if encrypted or not valid UTF-8
+     */
+    asString(): string | null;
+    /**
+     * Serialize to Borsh format.
+     *
+     * Format: `[variant: u8] [length: u32 LE] [data bytes]`
+     *
+     * @returns The Borsh-serialized bytes
+     */
+    toBorsh(): Uint8Array;
+    /**
+     * Deserialize from Borsh format.
+     *
+     * @param data - The Borsh-serialized bytes
+     * @returns A new RexValue
+     * @throws {HpkeError} If deserialization fails
+     */
+    static fromBorsh(data: Uint8Array): RexValue;
 }
 
 /**
- * Interface for signing messages and transactions.
+ * Encrypt data using HPKE for REX secret sharing.
  *
- * Enables multiple signing strategies:
- * - **KeypairSigner**: Local keypair signing
- * - **Browser Wallet**: Browser extension integration
- * - **Hardware Wallet**: Ledger, Trezor, etc.
- * - **Remote Signer**: API-based signing services
+ * This function performs HPKE encryption using the Base mode with:
+ * - X25519 for key encapsulation
+ * - HKDF-SHA256 for key derivation
+ * - ChaCha20-Poly1305 for authenticated encryption
  *
- * @example
- * ```typescript
- * // Browser wallet implementation
- * class BrowserWalletSigner implements Signer {
- *   async getPublicKey(): Promise<PublicKey> {
- *     const pubkey = await window.rialoWallet.getPublicKey();
- *     return PublicKey.fromString(pubkey);
- *   }
+ * The output format is: `enc (32 bytes) || ciphertext || tag (16 bytes)`
  *
- *   async signMessage(message: Uint8Array): Promise<Signature> {
- *     const sig = await window.rialoWallet.signMessage(message);
- *     return Signature.fromBytes(sig);
- *   }
- * }
+ * @param rexPubkey - The REX X25519 public key (32 bytes)
+ * @param data - The plaintext data to encrypt
+ * @param senderPubkey - The sender's Ed25519 public key (32 bytes) for AAD construction
+ * @returns The encrypted ciphertext including enc and tag
+ * @throws {HpkeError} If key lengths are invalid or encryption fails
  *
- * // Usage
- * const signer = new BrowserWalletSigner();
- * const publicKey = await signer.getPublicKey();
- * const signature = await signer.signMessage(message);
+ * @example
+ * ```typescript
+ * const rexPubkey = await client.getSecretSharingPubkey();
+ * const ciphertext = await hpkeEncrypt(
+ *   rexPubkey,
+ *   new TextEncoder().encode("secret data"),
+ *   keypair.publicKey.toBytes()
+ * );
  * ```
  */
-interface Signer {
-    /**
-     * Retrieves the signer's public key.
-     *
-     * **Note**: May trigger wallet connection prompts for browser wallets.
-     */
-    getPublicKey(): Promise<PublicKey>;
-    /**
-     * Signs arbitrary message bytes.
-     *
-     * @param message - Message bytes to sign
-     * @returns Ed25519 signature over the message
-     */
-    signMessage(message: Uint8Array): Promise<Signature>;
-}
-
+declare function hpkeEncrypt(rexPubkey: Uint8Array, data: Uint8Array, senderPubkey: Uint8Array): Promise<Uint8Array>;
 /**
- * Signer implementation using a local Ed25519 keypair.
+ * Encrypt data for REX and wrap it in an RexValue.
  *
- * Provides synchronous signing without external dependencies.
- * Suitable for server-side applications, CLIs, and testing.
+ * This is a convenience function that combines:
+ * 1. HPKE encryption using `hpkeEncrypt`
+ * 2. Wrapping the ciphertext in an `RexValue.encrypted`
+ *
+ * The resulting RexValue can be serialized to Borsh and sent to the network.
+ *
+ * @param rexPubkey - The REX X25519 public key (32 bytes)
+ * @param data - The plaintext data to encrypt
+ * @param senderPubkey - The sender's Ed25519 public key (32 bytes)
+ * @returns An RexValue containing the encrypted ciphertext
+ * @throws {HpkeError} If key lengths are invalid or encryption fails
  *
  * @example
  * ```typescript
- * import { Keypair, KeypairSigner } from '@rialo/ts-cdk';
+ * import { RpcClient, Keypair } from "@rialo/ts-cdk";
+ * import { encryptForRex, RexValue } from "@rialo/ts-cdk/rex";
  *
- * // Generate new keypair
+ * // Get REX public key from the network
+ * const client = new RpcClient("https://rpc.rialo.xyz");
+ * const rexPubkey = await client.getSecretSharingPubkey();
+ *
+ * // Create keypair for signing
  * const keypair = Keypair.generate();
- * const signer = new KeypairSigner(keypair);
  *
- * // Or from mnemonic
- * const mnemonic = Mnemonic.generate();
- * const keypair = await mnemonic.toKeypair(0);
- * const signer = new KeypairSigner(keypair);
+ * // Encrypt secret data
+ * const oracleValue = await encryptForRex(
+ *   rexPubkey,
+ *   new TextEncoder().encode("my secret API key"),
+ *   keypair.publicKey.toBytes()
+ * );
  *
- * // Sign messages
- * const publicKey = await signer.getPublicKey();
- * const signature = await signer.signMessage(message);
+ * // The RexValue can now be serialized and used in transactions
+ * const borshBytes = oracleValue.toBorsh();
  * ```
  */
-declare class KeypairSigner implements Signer {
-    private readonly keypair;
-    constructor(keypair: Keypair);
-    /**
-     * Returns the keypair's public key.
-     */
-    getPublicKey(): Promise<PublicKey>;
-    /**
-     * Signs a message using the keypair's private key.
-     */
-    signMessage(message: Uint8Array): Promise<Signature>;
-}
-
+declare function encryptForRex(rexPubkey: Uint8Array, data: Uint8Array, senderPubkey: Uint8Array): Promise<RexValue>;
 /**
- * A transaction with zero or more signatures.
+ * Calculate the expected ciphertext length for a given plaintext length.
  *
- * Transactions are immutable - signing methods return new instances.
- * This prevents accidental modification and signature tampering.
+ * The ciphertext consists of:
+ * - enc (32 bytes): Encapsulated ephemeral public key
+ * - ciphertext (plaintext.length bytes): Encrypted data
+ * - tag (16 bytes): ChaCha20-Poly1305 authentication tag
+ *
+ * @param plaintextLength - Length of the plaintext in bytes
+ * @returns Expected ciphertext length
  *
  * @example
  * ```typescript
- * // Simple signing
- * const tx = builder.build();
- * const signed = tx.sign(keypair);
+ * const ciphertextLen = getCiphertextLength(100);
+ * console.log(ciphertextLen); // 148 (32 + 100 + 16)
+ * ```
+ */
+declare function getCiphertextLength(plaintextLength: number): number;
+/**
+ * Validate that a ciphertext has a valid length.
  *
- * // Method chaining
- * const signed = tx
- *   .sign(keypair1)
- *   .sign(keypair2)
- *   .sign(keypair3);
+ * A valid HPKE ciphertext must be at least 48 bytes (32 enc + 16 tag).
  *
- * // Multi-sig convenience
- * const signed = tx.signAll([keypair1, keypair2, keypair3]);
+ * @param ciphertext - The ciphertext to validate
+ * @returns true if the ciphertext length is valid
+ *
+ * @example
+ * ```typescript
+ * if (!isValidCiphertextLength(ciphertext)) {
+ *   throw new Error("Ciphertext too short");
+ * }
  * ```
  */
-declare class Transaction {
-    /** The unsigned message */
-    private readonly message;
-    /** Signatures (64 bytes each), aligned with message.header.numRequiredSignatures */
-    private readonly signatures;
-    private constructor();
-    /**
-     * Create an unsigned transaction from a message.
-     * All signature slots are initialized to zero.
-     *
-     * @internal - Users should use TransactionBuilder instead
-     */
-    static fromMessage(message: Message): Transaction;
-    /**
-     * Create transaction from message and existing signatures.
-     * @internal
-     */
-    static fromMessageAndSignatures(message: Message, signatures: readonly Uint8Array[]): Transaction;
-    /**
-     * Deserialize a transaction from wire format.
-     */
-    static deserialize(data: Uint8Array): Transaction;
-    getMessage(): Message;
-    /**
-     * Sign the transaction with a keypair.
-     * Returns a NEW Transaction instance.
-     *
-     * @param keypair - Keypair to sign with
-     * @returns New Transaction instance with signature added
-     *
-     * @example
-     * ```typescript
-     * const signedTx = tx.sign(keypair);
-     * await client.sendTransaction(signedTx.serialize());
-     * ```
-     */
-    sign(keypair: Keypair): Transaction;
-    /**
-     * Sign with multiple keypairs at once.
-     * Returns a NEW Transaction instance.
-     *
-     * @example
-     * ```typescript
-     * const signed = tx.signAll([keypair1, keypair2, keypair3]);
-     * ```
-     */
-    signAll(keypairs: Keypair[]): Transaction;
+declare function isValidCiphertextLength(ciphertext: Uint8Array): boolean;
+
+/**
+ * Base client with JSON-RPC protocol handling.
+ *
+ * All specific clients (QueryClient, TransactionClient) extend this.
+ */
+declare class BaseRpcClient {
+    protected readonly transport: HttpTransport;
+    private requestId;
+    constructor(transport: HttpTransport);
     /**
-     * Sign the transaction with a Signer interface (async).
-     * Returns a NEW Transaction instance.
+     * Makes a JSON-RPC 2.0 method call with type safety.
      *
-     * @example
-     * ```typescript
-     * const signedTx = await tx.signWith(browserWallet);
-     * ```
+     * Handles request serialization, response validation, and error mapping.
      */
-    signWith(signer: Signer): Promise<Transaction>;
+    protected call<T>(method: string, params?: unknown[]): Promise<T>;
     /**
-     * Sign with multiple signers.
-     * Returns a NEW Transaction instance.
+     * Validate JSON-RPC response structure
      */
-    signAllWith(signers: Signer[]): Promise<Transaction>;
+    private isValidJsonRpcResponse;
     /**
-     * Partially sign the transaction (for multi-sig transactions).
-     * Returns a NEW Transaction instance.
-     *
-     * @example
-     * ```typescript
-     * const signedTx = tx
-     *   .partialSign(signer1)
-     *   .partialSign(signer2);
-     * ```
+     * Generates the next request ID with Overflow Protection.
+     * @returns The next request ID.
      */
-    partialSign(keypair: Keypair): Transaction;
+    private nextRequestId;
     /**
-     * Partially sign with a Signer interface (async).
-     * Returns a NEW Transaction instance.
-     */
-    partialSignWith(signer: Signer): Promise<Transaction>;
-    /**
-     * Add a signature at a specific index.
-     * Returns a NEW Transaction instance.
-     *
-     * Most users should use sign() or signAll() instead.
-     */
-    addSignature(index: number, signature: Signature | Uint8Array): Transaction;
-    /**
-     * Add a signature for a specific public key.
-     * Returns a NEW Transaction instance.
-     *
-     * Most users should use sign() or signAll() instead.
-     */
-    addSignatureForPubkey(pubkey: PublicKey, signature: Signature | Uint8Array): Transaction;
-    /**
-     * Check if transaction is fully signed (all signatures present).
-     */
-    isSigned(): boolean;
-    /**
-     * Check if a specific signature slot is filled.
-     */
-    isSignaturePresent(index: number): boolean;
-    /**
-     * Get all signatures (returns copies to prevent mutation).
-     */
-    getSignatures(): readonly Uint8Array[];
-    /**
-     * Get a specific signature (returns copy).
-     */
-    getSignature(index: number): Uint8Array;
-    /**
-     * Get a specific signature for a public key.
-     */
-    getSignatureForPubkey(pubkey: PublicKey): Uint8Array;
-    /**
-     * Get required signers for this transaction.
-     */
-    getSigners(): readonly PublicKey[];
-    /**
-     * Get the number of required signatures.
-     */
-    getRequiredSignatureCount(): number;
-    /**
-     * Throw an error if the transaction is not fully signed.
-     *
-     * @throws {TransactionError} If transaction is not fully signed
-     *
-     * @example
-     * ```typescript
-     * signedTx.ensureSigned(); // Throws if not signed
-     * await client.sendTransaction(signedTx.serialize());
-     * ```
-     */
-    ensureSigned(): void;
-    /**
-     * Serialize transaction to wire format.
-     */
-    serialize(): Uint8Array;
-}
-
-/**
- * Fluent API for building transactions.
- * Returns Transaction directly (not Message).
- */
-
-/**
- * Builder for creating transactions with a fluent API.
- *
- * Provides an intuitive interface for constructing transactions.
- * Call build() to get an unsigned Transaction ready for signing.
- *
- * @example
- * ```typescript
- * // Simple transfer
- * const tx = TransactionBuilder.create()
- *   .setPayer(payer)
- *   .setValidFrom(validFrom)
- *   .addInstruction(transfer(from, to, 1_000_000n))
- *   .build();
- *
- * const signedTx = tx.sign(keypair);
- * await client.transaction.sendTransaction(signedTx.serialize());
- * ```
- *
- * @example
- * ```typescript
- * // Multi-instruction transaction
- * const tx = TransactionBuilder.create()
- *   .setPayer(payer)
- *   .setValidFrom(validFrom)
- *   .addInstruction(transfer(from, to, 1_000_000n))
- *   .addInstruction(memoInstruction("Payment for invoice #123"))
- *   .build();
- * ```
- */
-declare class TransactionBuilder {
-    private payer?;
-    private validFrom?;
-    private readonly instructions;
-    private constructor();
-    /**
-     * Create a new transaction builder.
-     */
-    static create(): TransactionBuilder;
-    /**
-     * Set the fee payer for this transaction.
-     *
-     * The payer will be the first account and must sign the transaction.
-     * The payer pays for transaction fees.
-     *
-     * @param payer - Public key of the fee payer
-     */
-    setPayer(payer: PublicKey): this;
-    /**
-     * Set the Transaction valid from.
-     *
-     * This is the time the transaction is valid from, in milliseconds since Unix epoch.
-     * It can be used for additional replay protection or auditing.
-     *
-     * @param validFrom - Transaction valid from in milliseconds since Unix epoch
-     */
-    setValidFrom(validFrom: bigint): this;
-    /**
-     * Add an instruction to the transaction.
-     *
-     * @param instruction - Instruction to add
-     */
-    addInstruction(instruction: Instruction): this;
-    /**
-     * Add multiple instructions at once.
-     *
-     * @param instructions - Array of instructions to add
-     */
-    addInstructions(instructions: readonly Instruction[]): this;
-    /**
-     * Build the transaction (unsigned).
-     *
-     * Returns an unsigned Transaction that's ready to be signed.
-     *
-     * @returns Unsigned Transaction
-     * @throws {TransactionError} If payer, valid_from, or instructions are missing
-     *
-     * @example
-     * ```typescript
-     * const tx = builder.build();
-     * const signedTx = tx.sign(keypair);
-     * ```
-     */
-    build(): Transaction;
-}
-
-/**
- * Base client with JSON-RPC protocol handling.
- *
- * All specific clients (QueryClient, TransactionClient) extend this.
- */
-declare class BaseRpcClient {
-    protected readonly transport: HttpTransport;
-    private requestId;
-    constructor(transport: HttpTransport);
-    /**
-     * Makes a JSON-RPC 2.0 method call with type safety.
-     *
-     * Handles request serialization, response validation, and error mapping.
-     */
-    protected call<T>(method: string, params?: unknown[]): Promise<T>;
-    /**
-     * Validate JSON-RPC response structure
-     */
-    private isValidJsonRpcResponse;
-    /**
-     * Generates the next request ID with Overflow Protection.
-     * @returns The next request ID.
-     */
-    private nextRequestId;
-    /**
-     * Returns the configured RPC endpoint URL.
+     * Returns the configured RPC endpoint URL.
      */
     getUrl(): string;
 }
@@ -1328,48 +1155,136 @@ interface EpochInfoResponse {
     transactionCount?: bigint;
 }
 /**
- * Fee for message response.
+ * Subscription kind.
+ */
+type SubscriptionKind = "Persistent" | "OneShot";
+/**
+ * Subscription data.
+ */
+interface Subscription {
+    /** Type of subscription */
+    kind: SubscriptionKind;
+    /** Topic for the subscription */
+    topic: string;
+    /** Instructions to execute when triggered */
+    instructions: unknown[];
+    /** Subscriber public key (base58) */
+    subscriber: string;
+    /** Event account public key (base58) */
+    eventAccount?: string;
+    /** Timestamp range [start, end] */
+    timestampRange?: [bigint, bigint];
+}
+/**
+ * Triggered transaction data.
  */
-interface GetFeeForMessageResponse {
-    /** Fee in smallest denomination */
-    value: bigint;
+interface TriggeredTransaction {
+    /** Transaction signature (base58) */
+    signature: string;
+    /** Block number where the transaction was executed */
+    blockNumber: bigint;
 }
 /**
- * Multiple accounts response.
+ * Get workflow lineage request.
  */
-interface MultipleAccountsResponse {
-    /** Array of account information */
-    value: Array<AccountInfo | null>;
+interface GetWorkflowLineageRequest {
+    /** Root transaction signature (base58) */
+    signature: string;
+    /** Maximum depth to traverse (1-100, default 3) */
+    maxDepth?: number;
+    /** Whether to include event details */
+    includeEvents?: boolean;
 }
 /**
- * Get subscriptions response.
+ * Event data from a workflow trigger.
  */
-interface GetSubscriptionsResponse {
-    /** Array of subscription data */
-    subscriptions: Array<Record<string, unknown>>;
+interface EventData {
+    /** Event topic */
+    topic: string;
+    /** Event attributes */
+    attributes: Record<string, unknown>;
 }
 /**
- * Get triggered transactions response.
+ * Timestamp range.
  */
-interface GetTriggeredTransactionsResponse {
-    /** Array of triggered transaction data */
-    transactions: Array<Record<string, unknown>>;
+interface TimestampRange {
+    /** Start timestamp (unix) */
+    from: bigint;
+    /** End timestamp (unix) */
+    to: bigint;
 }
 /**
- * Get workflow lineage request.
+ * Information about what triggered a workflow transaction.
+ */
+interface TriggerInfo {
+    /** Event that triggered the transaction */
+    event: EventData;
+    /** Subscription public key (base58) */
+    subscriptionPubkey: string;
+    /** Timestamp range for the trigger */
+    timestampRange?: TimestampRange;
+    /** Event account public key (base58) */
+    eventAccount?: string;
+}
+/**
+ * Transaction node data within a workflow.
  */
-interface GetWorkflowLineageRequest {
-    /** Workflow account public key */
-    workflowAccount: PublicKey;
-    /** Optional limit on results */
-    limit?: number;
+interface TransactionNodeData {
+    /** Block height */
+    blockHeight: bigint;
+    /** Timestamp (unix) */
+    timestamp: bigint;
+    /** Whether the transaction succeeded */
+    success: boolean;
+    /** Number of instructions */
+    instructionCount: number;
+    /** Program IDs of instructions (base58) */
+    instructionProgramIds: string[];
+}
+/**
+ * A node in the workflow lineage tree.
+ */
+interface WorkflowNode {
+    /** Transaction signature (base58) */
+    id: string;
+    /** Distance from root transaction */
+    depth: number;
+    /** Transaction data */
+    data: TransactionNodeData;
+    /** Subscriptions on this transaction */
+    subscriptions: Subscription[];
+    /** What triggered this transaction */
+    triggeredBy?: TriggerInfo;
+    /** Child transaction signatures (base58) */
+    workflowChildren: string[];
+    /** Whether there are more children not shown */
+    hasMoreChildren: boolean;
+}
+/**
+ * Workflow lineage tree.
+ */
+interface WorkflowLineage {
+    /** Nodes in the workflow tree */
+    workflowNodes: WorkflowNode[];
 }
+/**
+ * Reason for truncating workflow lineage traversal.
+ */
+type TruncationReason = "MaxDepth" | "MaxNodes" | "None";
 /**
  * Get workflow lineage response.
  */
 interface GetWorkflowLineageResponse {
-    /** Workflow lineage data */
-    lineage: Array<Record<string, unknown>>;
+    /** Workflow lineage tree */
+    lineage: WorkflowLineage;
+    /** Leaf transaction signatures (base58) */
+    leaves: string[];
+    /** Whether traversal was truncated */
+    truncated: boolean;
+    /** Reason for truncation */
+    truncationReason: TruncationReason;
+    /** Hints for continuing traversal (base58 signatures) */
+    continuationHints: string[];
 }
 /**
  * Get signatures for address configuration.
@@ -1383,55 +1298,18 @@ interface GetSignaturesForAddressConfig {
     until?: string;
 }
 /**
- * Get signatures for address response.
- */
-interface GetSignaturesForAddressResponse {
-    context: {
-        slot: bigint;
-        apiVersion: string;
-    };
-    /** Array of signature information */
-    value: Array<{
-        signature: string;
-        blockHeight: bigint;
-        blockTime: bigint;
-        err?: string;
-    }>;
-}
-/**
- * Is blockhash valid response.
+ * Signature information.
  */
-interface IsBlockhashValidResponse {
-    /** Whether the blockhash is valid */
-    value: boolean;
+interface SignatureInfo {
+    signature: string;
+    blockHeight: bigint;
+    blockTime: bigint;
+    err?: string;
 }
 /**
  * Get health response.
  */
 type GetHealthResponse = "ok" | string;
-/**
- * Get validator health response.
- */
-type GetValidatorHealthResponse = "ok" | string;
-/**
- * Get connected full nodes response.
- */
-interface GetConnectedFullNodesResponse {
-    /** Array of connected nodes */
-    nodes: Array<{
-        publicKey: string;
-        connectedTime: bigint;
-    }>;
-}
-/**
- * Get transactions configuration.
- */
-interface GetTransactionsConfig {
-    /** Maximum number of transactions to return */
-    limit?: number;
-    /** Encoding format */
-    encoding?: "json" | "base58" | "base64";
-}
 /**
  * Get transactions response.
  */
@@ -1475,6 +1353,61 @@ interface ConfirmedTransaction {
     /** Error message if transaction failed */
     err?: string;
 }
+/**
+ * Configuration for getAccountsByOwner.
+ */
+interface GetAccountsByOwnerConfig {
+    /** Maximum number of accounts to return */
+    limit?: number;
+    /** Cursor for pagination (base58 pubkey) */
+    after?: string;
+}
+/**
+ * Filter for getAccountsByOwner.
+ * Matches Rust serde serialization format.
+ */
+type AccountFilter = {
+    type: "programAccounts";
+} | {
+    type: "tokenAccounts";
+    mint?: string;
+};
+/**
+ * An account owned by a program or address.
+ */
+interface OwnerAccount {
+    /** Account public key */
+    pubkey: PublicKey;
+    /** Account information */
+    account: AccountInfo;
+}
+/**
+ * Pagination information.
+ */
+interface PaginationInfo {
+    /** Whether there are more results */
+    hasMore: boolean;
+    /** Cursor for next page (base58 pubkey) */
+    nextCursor?: string;
+}
+/**
+ * Get accounts by owner response.
+ */
+interface GetAccountsByOwnerResponse {
+    /** Array of owned accounts */
+    value: OwnerAccount[];
+    /** Pagination information */
+    pagination?: PaginationInfo;
+}
+/**
+ * Get secret sharing public key response.
+ *
+ * Contains the TEE's X25519 public key for HPKE encryption.
+ */
+interface GetSecretSharingPubkeyResponse {
+    /** The TEE's X25519 public key as a hex-encoded string */
+    public_key: string;
+}
 
 /**
  * Main Rialo RPC client for blockchain interactions.
@@ -1536,7 +1469,7 @@ declare class RialoClient {
     /**
      * Retrieves the signatures for an address.
      */
-    getSignaturesForAddress(address: PublicKey, config?: GetSignaturesForAddressConfig): Promise<GetSignaturesForAddressResponse>;
+    getSignaturesForAddress(address: PublicKey, config?: GetSignaturesForAddressConfig): Promise<SignatureInfo[]>;
     /**
      * Retrieves detailed information about a transaction.
      *
@@ -1609,6 +1542,59 @@ declare class RialoClient {
      * **Note**: Only available on devnet and testnet.
      */
     requestAirdropAndConfirm(pubkey: PublicKey, amount: bigint, options?: ConfirmTransactionOptions): Promise<ConfirmedTransaction>;
+    /**
+     * Calculate the minimum balance required for an account to be rent-exempt.
+     *
+     * @param accountDataSize - The size of the account data in bytes
+     * @returns The minimum balance in kelvins required for rent exemption
+     */
+    getMinimumBalanceForRentExemption(accountDataSize: number): Promise<bigint>;
+    /**
+     * Get the fee required to process a specific message.
+     *
+     * @param message - Base64-encoded serialized versioned message
+     * @returns Fee in kelvins, or null if message is invalid
+     */
+    getFeeForMessage(message: string): Promise<bigint | null>;
+    /**
+     * Get information for multiple accounts in a single request.
+     *
+     * @param pubkeys - Array of public keys to query (1-100)
+     * @returns Account information for each address
+     */
+    getMultipleAccounts(pubkeys: PublicKey[]): Promise<Array<AccountInfo | null>>;
+    /**
+     * Get all accounts owned by a specific program or address.
+     *
+     * @param owner - Program ID or owner public key
+     * @param filter - Filter type (ProgramAccounts or TokenAccounts)
+     * @param config - Optional configuration for pagination and encoding
+     * @returns Accounts owned by the specified owner
+     */
+    getAccountsByOwner(owner: PublicKey, filter?: AccountFilter, config?: GetAccountsByOwnerConfig): Promise<GetAccountsByOwnerResponse>;
+    /**
+     * Get workflow lineage information for tracking execution history.
+     *
+     * @param request - Workflow lineage request with signature and options
+     * @returns Workflow lineage tree with nodes and metadata
+     */
+    getWorkflowLineage(request: GetWorkflowLineageRequest): Promise<GetWorkflowLineageResponse>;
+    /**
+     * Get subscription for a given subscriber address and nonce.
+     *
+     * @param subscriber - The subscriber's public key
+     * @param nonce - The nonce identifying the subscription
+     * @returns The subscription for the subscriber and nonce
+     */
+    getSubscription(subscriber: PublicKey, nonce: string): Promise<Subscription>;
+    /**
+     * Get transactions triggered by a subscription account.
+     *
+     * @param subscriptionAccount - The subscription account public key
+     * @param limit - Optional limit on transactions returned
+     * @returns Triggered transactions for the subscription
+     */
+    getTriggeredTransactions(subscriptionAccount: PublicKey, limit?: number): Promise<TriggeredTransaction[]>;
 }
 
 /**
@@ -1688,7 +1674,7 @@ declare class QueryRpcClient extends BaseRpcClient {
      * });
      * ```
      */
-    getSignaturesForAddress(address: PublicKey, config?: GetSignaturesForAddressConfig): Promise<GetSignaturesForAddressResponse>;
+    getSignaturesForAddress(address: PublicKey, config?: GetSignaturesForAddressConfig): Promise<SignatureInfo[]>;
     /**
      * Retrieve detailed information about a confirmed transaction.
      *
@@ -1780,8 +1766,175 @@ declare class QueryRpcClient extends BaseRpcClient {
      * ```
      */
     getHealth(): Promise<"ok" | string>;
-}
-
+    /**
+     * Calculate the minimum balance required for an account to be rent-exempt.
+     *
+     * Accounts with at least this balance are exempt from paying rent.
+     *
+     * @param accountDataSize - The size of the account data in bytes
+     * @returns The minimum balance in kelvins required for rent exemption
+     *
+     * @example
+     * ```typescript
+     * const minBalance = await client.getMinimumBalanceForRentExemption(128);
+     * console.log(`Need at least ${minBalance} kelvins for 128 bytes`);
+     * ```
+     */
+    getMinimumBalanceForRentExemption(accountDataSize: number): Promise<bigint>;
+    /**
+     * Get the fee required to process a specific message.
+     *
+     * @param message - Base64-encoded serialized versioned message
+     * @returns Fee in kelvins, or null if message is invalid
+     *
+     * @example
+     * ```typescript
+     * const fee = await client.getFeeForMessage(base64Message);
+     * if (fee !== null) {
+     *   console.log(`Fee: ${fee} kelvins`);
+     * }
+     * ```
+     */
+    getFeeForMessage(message: string): Promise<bigint | null>;
+    /**
+     * Get information for multiple accounts in a single request.
+     *
+     * Useful for batch operations and reducing RPC calls.
+     *
+     * @param pubkeys - Array of public keys to query (1-100)
+     * @returns Account information for each address (null for non-existent accounts)
+     *
+     * @example
+     * ```typescript
+     * const accounts = await client.getMultipleAccounts([pubkey1, pubkey2]);
+     * accounts.value.forEach((account, i) => {
+     *   if (account) {
+     *     console.log(`Account ${i}: ${account.balance} kelvins`);
+     *   }
+     * });
+     * ```
+     */
+    getMultipleAccounts(pubkeys: PublicKey[]): Promise<Array<AccountInfo | null>>;
+    /**
+     * Get all accounts owned by a specific program or address.
+     *
+     * Essential for querying token accounts, program data, and more.
+     *
+     * @param owner - Program ID or owner public key
+     * @param filter - Filter type (ProgramAccounts or TokenAccounts)
+     * @param config - Optional configuration for pagination and encoding
+     * @returns Accounts owned by the specified owner with pagination info
+     *
+     * @example
+     * ```typescript
+     * const result = await client.getAccountsByOwner(programId);
+     * console.log(`Found ${result.value.length} accounts`);
+     * result.value.forEach(({ pubkey, account }) => {
+     *   console.log(`${pubkey}: ${account.balance} kelvins`);
+     * });
+     * ```
+     */
+    getAccountsByOwner(owner: PublicKey, filter?: AccountFilter, config?: GetAccountsByOwnerConfig): Promise<GetAccountsByOwnerResponse>;
+    /**
+     * Get workflow lineage information for tracking execution history.
+     *
+     * Returns the tree of transactions spawned from a root transaction
+     * through subscriptions and triggers.
+     *
+     * @param request - Workflow lineage request with signature and options
+     * @returns Workflow lineage tree with nodes and metadata
+     *
+     * @example
+     * ```typescript
+     * const lineage = await client.getWorkflowLineage({
+     *   signature: rootTxSignature,
+     *   maxDepth: 5,
+     * });
+     * console.log(`Found ${lineage.lineage.workflowNodes.length} nodes`);
+     * ```
+     */
+    getWorkflowLineage(request: GetWorkflowLineageRequest): Promise<GetWorkflowLineageResponse>;
+    /**
+     * Get subscriptions for a given subscriber address.
+     *
+     * Returns subscriptions that will trigger transactions when matching events occur.
+     *
+     * @param subscriber - The subscriber's public key
+     * @param nonce - The nonce identifying the subscription
+     * @returns The subscription for the subscriber and nonce
+     *
+     * @example
+     * ```typescript
+     * const subscription = await client.getSubscription(subscriberPubkey, "my-nonce");
+     * console.log(`Topic: ${subscription.topic}, Kind: ${subscription.kind}`);
+     * ```
+     */
+    getSubscription(subscriber: PublicKey, nonce: string): Promise<Subscription>;
+    /**
+     * Get transactions triggered by a subscription account.
+     *
+     * Returns the history of transactions that were automatically executed
+     * in response to subscription matches.
+     *
+     * @param subscriptionAccount - The subscription account public key
+     * @param limit - Optional limit on transactions returned
+     * @returns Triggered transactions for the subscription
+     *
+     * @example
+     * ```typescript
+     * const result = await client.getTriggeredTransactions(subscriptionPubkey, 10);
+     * result.transactions.forEach(tx => {
+     *   console.log(`Signature: ${tx.signature}, Block: ${tx.blockNumber}`);
+     * });
+     * ```
+     */
+    getTriggeredTransactions(subscriptionAccount: PublicKey, limit?: number): Promise<TriggeredTransaction[]>;
+    /**
+     * Retrieve the REX X25519 public key for secret sharing encryption.
+     *
+     * This key is used for HPKE encryption when sending encrypted data
+     * that should only be decryptable within the REX execution environment.
+     *
+     * @returns The REX X25519 public key as a 32-byte Uint8Array
+     *
+     * @example
+     * ```typescript
+     * import { encryptForRex } from "@rialo/ts-cdk";
+     *
+     * // Get the REX public key
+     * const rexPubkey = await client.getSecretSharingPubkey();
+     *
+     * // Use it for HPKE encryption
+     * const encrypted = await encryptForRex(
+     *   rexPubkey,
+     *   new TextEncoder().encode("secret data"),
+     *   keypair.publicKey.toBytes()
+     * );
+     * ```
+     */
+    getSecretSharingPubkey(): Promise<Uint8Array>;
+    /**
+     * Get the config hash prefix for replay protection.
+     *
+     * Returns the first 64 bits of the config hash, which is used
+     * for transaction replay protection across chains.
+     *
+     * @returns The config hash prefix as a bigint
+     *
+     * @example
+     * ```typescript
+     * const configHashPrefix = await client.getConfigHashPrefix();
+     * const tx = TransactionBuilder.create()
+     *   .setPayer(payer)
+     *   .setValidFrom(validFrom)
+     *   .setConfigHashPrefix(configHashPrefix)
+     *   .addInstruction(instruction)
+     *   .build();
+     * ```
+     */
+    getConfigHashPrefix(): Promise<bigint>;
+}
+
 /**
  * Query client for read-only RPC operations.
  */
@@ -2031,6 +2184,1062 @@ declare function createRialoClient(config: RialoClientConfig): RialoClient;
  */
 declare function getDefaultRialoClientConfig(network: RialoNetwork): RialoClientConfig;
 
+/**
+ * Bincode deserialization reader
+ *
+ * Matches Rust's bincode crate with default configuration:
+ * - Little-endian byte order
+ * - Fixed-size integer encoding (no varint)
+ * - u64 length prefixes for dynamic collections
+ * - u32 enum variant indices
+ */
+declare class BincodeReader {
+    private view;
+    private offset;
+    private bytes;
+    constructor(data: Uint8Array);
+    getOffset(): number;
+    remaining(): number;
+    isExhausted(): boolean;
+    skip(bytes: number): this;
+    /**
+     * Peek at bytes without advancing the offset
+     */
+    peek(length: number): Uint8Array;
+    /**
+     * Reset reader to beginning
+     */
+    reset(): this;
+    /**
+     * Seek to specific offset
+     */
+    seek(offset: number): this;
+    readU8(): number;
+    readU16(): number;
+    readU32(): number;
+    readU64(): bigint;
+    readU128(): bigint;
+    readI8(): number;
+    readI16(): number;
+    readI32(): number;
+    readI64(): bigint;
+    readI128(): bigint;
+    readF32(): number;
+    readF64(): number;
+    readBool(): boolean;
+    readBytes(length: number): Uint8Array;
+    readFixedArray(length: number): Uint8Array;
+    readVecBytes(): Uint8Array;
+    readString(): string;
+    readVariant(): number;
+    readOption<T>(readValue: () => T): T | null;
+    readVec<T>(readElement: () => T): T[];
+    /**
+     * Read a tuple of fixed size with heterogeneous types
+     */
+    readTuple<T extends unknown[]>(readers: {
+        [K in keyof T]: () => T[K];
+    }): T;
+    readMap<K, V>(readKey: () => K, readValue: () => V): Map<K, V>;
+    /**
+     * Read length as u64 but validate it's within safe integer range
+     */
+    private readLength;
+    private ensureAvailable;
+}
+
+/**
+ * Type definitions for bincode schemas
+ *
+ * IMPORTANT: For structs and enums, field/variant order MUST match Rust definition order.
+ * Use arrays of tuples instead of objects to guarantee order preservation.
+ */
+type BincodeSchema = {
+    type: "u8";
+} | {
+    type: "u16";
+} | {
+    type: "u32";
+} | {
+    type: "u64";
+} | {
+    type: "u128";
+} | {
+    type: "i8";
+} | {
+    type: "i16";
+} | {
+    type: "i32";
+} | {
+    type: "i64";
+} | {
+    type: "i128";
+} | {
+    type: "f32";
+} | {
+    type: "f64";
+} | {
+    type: "bool";
+} | {
+    type: "string";
+} | {
+    type: "bytes";
+} | {
+    type: "unit";
+} | {
+    type: "fixedArray";
+    length: number;
+} | {
+    type: "vec";
+    element: BincodeSchema;
+} | {
+    type: "option";
+    inner: BincodeSchema;
+} | {
+    type: "tuple";
+    elements: BincodeSchema[];
+} | {
+    type: "struct";
+    fields: StructField[];
+} | {
+    type: "enum";
+    variants: EnumVariant[];
+} | {
+    type: "map";
+    key: BincodeSchema;
+    value: BincodeSchema;
+} | {
+    type: "pubkey";
+};
+/**
+ * Struct field definition - order matters!
+ */
+interface StructField {
+    name: string;
+    schema: BincodeSchema;
+}
+/**
+ * Enum variant definition - order matters!
+ */
+interface EnumVariant {
+    name: string;
+    schema: BincodeSchema | null;
+}
+declare const Schema: {
+    readonly u8: () => BincodeSchema;
+    readonly u16: () => BincodeSchema;
+    readonly u32: () => BincodeSchema;
+    readonly u64: () => BincodeSchema;
+    readonly u128: () => BincodeSchema;
+    readonly i8: () => BincodeSchema;
+    readonly i16: () => BincodeSchema;
+    readonly i32: () => BincodeSchema;
+    readonly i64: () => BincodeSchema;
+    readonly i128: () => BincodeSchema;
+    readonly f32: () => BincodeSchema;
+    readonly f64: () => BincodeSchema;
+    readonly bool: () => BincodeSchema;
+    readonly string: () => BincodeSchema;
+    readonly bytes: () => BincodeSchema;
+    readonly unit: () => BincodeSchema;
+    readonly fixedArray: (length: number) => BincodeSchema;
+    readonly vec: (element: BincodeSchema) => BincodeSchema;
+    readonly option: (inner: BincodeSchema) => BincodeSchema;
+    readonly tuple: (...elements: BincodeSchema[]) => BincodeSchema;
+    /**
+     * Define a struct with ordered fields
+     * @example
+     * Schema.struct([
+     *   ["id", Schema.u64()],
+     *   ["name", Schema.string()],
+     *   ["active", Schema.bool()],
+     * ])
+     */
+    readonly struct: (fields: [string, BincodeSchema][]) => BincodeSchema;
+    /**
+     * Define an enum with ordered variants
+     * @example
+     * Schema.enum([
+     *   ["None", null],
+     *   ["Some", Schema.u64()],
+     *   ["Error", Schema.string()],
+     * ])
+     */
+    readonly enum: (variants: [string, BincodeSchema | null][]) => BincodeSchema;
+    readonly map: (key: BincodeSchema, value: BincodeSchema) => BincodeSchema;
+    readonly pubkey: () => BincodeSchema;
+};
+/**
+ * Serialize a value according to a schema
+ */
+declare function serialize(schema: BincodeSchema, value: unknown): Uint8Array;
+/**
+ * Deserialize bytes according to a schema
+ */
+declare function deserialize<T>(schema: BincodeSchema, data: Uint8Array): T;
+/**
+ * Deserialize bytes with strict validation
+ */
+declare function deserializeStrict<T>(schema: BincodeSchema, data: Uint8Array): T;
+/**
+ * Infer TypeScript type from schema (for documentation purposes)
+ *
+ * Usage:
+ * const mySchema = Schema.struct([...]);
+ * type MyType = InferSchema<typeof mySchema>;
+ */
+type InferSchema<S extends BincodeSchema> = S extends {
+    type: "u8";
+} ? number : S extends {
+    type: "u16";
+} ? number : S extends {
+    type: "u32";
+} ? number : S extends {
+    type: "u64";
+} ? bigint : S extends {
+    type: "u128";
+} ? bigint : S extends {
+    type: "i8";
+} ? number : S extends {
+    type: "i16";
+} ? number : S extends {
+    type: "i32";
+} ? number : S extends {
+    type: "i64";
+} ? bigint : S extends {
+    type: "i128";
+} ? bigint : S extends {
+    type: "f32";
+} ? number : S extends {
+    type: "f64";
+} ? number : S extends {
+    type: "bool";
+} ? boolean : S extends {
+    type: "string";
+} ? string : S extends {
+    type: "bytes";
+} ? Uint8Array : S extends {
+    type: "unit";
+} ? undefined : S extends {
+    type: "fixedArray";
+} ? Uint8Array : S extends {
+    type: "pubkey";
+} ? Uint8Array : S extends {
+    type: "vec";
+    element: infer E;
+} ? E extends BincodeSchema ? InferSchema<E>[] : never : S extends {
+    type: "option";
+    inner: infer I;
+} ? I extends BincodeSchema ? InferSchema<I> | null : never : unknown;
+
+/**
+ * Bincode serialization writer
+ *
+ * Matches Rust's bincode crate with default configuration:
+ * - Little-endian byte order
+ * - Fixed-size integer encoding (no varint)
+ * - u64 length prefixes for dynamic collections
+ * - u32 enum variant indices
+ */
+declare class BincodeWriter {
+    private buffer;
+    private offset;
+    private view;
+    constructor(initialCapacity?: number);
+    writeU8(value: number): this;
+    writeU16(value: number): this;
+    writeU32(value: number): this;
+    writeU64(value: bigint | number): this;
+    writeU128(value: bigint): this;
+    writeI8(value: number): this;
+    writeI16(value: number): this;
+    writeI32(value: number): this;
+    writeI64(value: bigint): this;
+    writeI128(value: bigint): this;
+    writeF32(value: number): this;
+    writeF64(value: number): this;
+    writeBool(value: boolean): this;
+    writeBytes(bytes: Uint8Array): this;
+    writeFixedArray(bytes: Uint8Array, expectedLength?: number): this;
+    writeVecBytes(bytes: Uint8Array): this;
+    writeString(str: string): this;
+    writeVariant(index: number): this;
+    writeOption<T>(value: T | null | undefined, writeValue: (writer: BincodeWriter, val: T) => void): this;
+    writeVec<T>(items: T[], writeItem: (writer: BincodeWriter, item: T) => void): this;
+    /**
+     * Write a tuple (fixed-size heterogeneous collection)
+     */
+    writeTuple<T extends unknown[]>(items: T, writers: {
+        [K in keyof T]: (writer: BincodeWriter, val: T[K]) => void;
+    }): this;
+    writeMap<K, V>(map: Map<K, V>, writeKey: (writer: BincodeWriter, key: K) => void, writeValue: (writer: BincodeWriter, value: V) => void): this;
+    toBytes(): Uint8Array;
+    /**
+     * Get a view of the written bytes WITHOUT copying.
+     *
+     * ⚠️ WARNING: This returns a view into the internal buffer.
+     * The view becomes INVALID if:
+     * - The writer continues writing (may trigger resize)
+     * - The writer is cleared via clear()
+     *
+     * Use toBytes() for a safe copy, or use this only for immediate
+     * read-only access when performance is critical.
+     */
+    toView(): Uint8Array;
+    length(): number;
+    clear(): this;
+    /**
+     * Reserve additional capacity
+     */
+    reserve(additionalBytes: number): this;
+    private ensureCapacity;
+}
+
+/**
+ * Serializes data using Borsh (Binary Object Representation Serializer for Hashing) encoding.
+ *
+ * Borsh is efficient for complex types like enums, Options, vectors, and nested structs.
+ * Use the exported decorators (@field, @option, @vec) to define your data structures.
+ *
+ * @param data - Data object to serialize
+ * @returns Serialized bytes
+ *
+ * @example
+ * ```typescript
+ * import { serializeBorsh, field, option } from '@rialo/ts-cdk';
+ *
+ * class SwapInstruction {
+ *   @field({ type: 'u8' })
+ *   instruction: number;
+ *
+ *   @field({ type: 'u64' })
+ *   amountIn: bigint;
+ *
+ *   @field({ type: option('u64') })
+ *   minAmountOut?: bigint;
+ * }
+ *
+ * const data = serializeBorsh(new SwapInstruction({
+ *   instruction: 1,
+ *   amountIn: 1000n,
+ *   minAmountOut: 900n,
+ * }));
+ * ```
+ */
+declare function serializeBorsh<T>(data: T): Uint8Array;
+/**
+ * Deserializes Borsh-encoded data into a typed object.
+ *
+ * @param data - Borsh-encoded bytes
+ * @param type - Class constructor for the target type
+ * @returns Deserialized object instance
+ */
+declare function deserializeBorsh<T>(data: Uint8Array, type: new () => T): T;
+
+/**
+ * Serializes a u16 value into compact encoding.
+ *
+ * @param buffer - Output buffer to append bytes to
+ * @param value - Value to encode (0-65535)
+ * @throws {TransactionError} If value is out of range
+ */
+declare function serializeCompactU16(buffer: number[], value: number): void;
+/**
+ * Deserializes a compact-u16 value from bytes.
+ *
+ * @param data - Input byte array
+ * @param currentCursor - Starting position in the array
+ * @returns Tuple of [decoded value, new cursor position]
+ * @throws {TransactionError} If data is insufficient or malformed
+ */
+declare function deserializeCompactU16(data: Uint8Array, currentCursor: number): [number, number];
+/**
+ * Writes a compact-u16 value directly to a buffer (zero-copy).
+ *
+ * Optimized version for in-place writing without intermediate allocations.
+ *
+ * @param buffer - Target buffer
+ * @param offset - Starting position to write at
+ * @param value - Value to encode (0-127 only, uses 1-2 bytes)
+ * @returns New offset after writing
+ */
+declare function writeCompactU16(buffer: Uint8Array, offset: number, value: number): number;
+
+/**
+ * Interface for signing messages and transactions.
+ *
+ * Enables multiple signing strategies:
+ * - **KeypairSigner**: Local keypair signing
+ * - **Browser Wallet**: Browser extension integration
+ * - **Hardware Wallet**: Ledger, Trezor, etc.
+ * - **Remote Signer**: API-based signing services
+ *
+ * @example
+ * ```typescript
+ * // Browser wallet implementation
+ * class BrowserWalletSigner implements Signer {
+ *   async getPublicKey(): Promise<PublicKey> {
+ *     const pubkey = await window.rialoWallet.getPublicKey();
+ *     return PublicKey.fromString(pubkey);
+ *   }
+ *
+ *   async signMessage(message: Uint8Array): Promise<Signature> {
+ *     const sig = await window.rialoWallet.signMessage(message);
+ *     return Signature.fromBytes(sig);
+ *   }
+ * }
+ *
+ * // Usage
+ * const signer = new BrowserWalletSigner();
+ * const publicKey = await signer.getPublicKey();
+ * const signature = await signer.signMessage(message);
+ * ```
+ */
+interface Signer {
+    /**
+     * Retrieves the signer's public key.
+     *
+     * **Note**: May trigger wallet connection prompts for browser wallets.
+     */
+    getPublicKey(): Promise<PublicKey>;
+    /**
+     * Signs arbitrary message bytes.
+     *
+     * @param message - Message bytes to sign
+     * @returns Ed25519 signature over the message
+     */
+    signMessage(message: Uint8Array): Promise<Signature>;
+}
+
+/**
+ * Signer implementation using a local Ed25519 keypair.
+ *
+ * Provides synchronous signing without external dependencies.
+ * Suitable for server-side applications, CLIs, and testing.
+ *
+ * @example
+ * ```typescript
+ * import { Keypair, KeypairSigner } from '@rialo/ts-cdk';
+ *
+ * // Generate new keypair
+ * const keypair = Keypair.generate();
+ * const signer = new KeypairSigner(keypair);
+ *
+ * // Or from mnemonic
+ * const mnemonic = Mnemonic.generate();
+ * const keypair = await mnemonic.toKeypair(0);
+ * const signer = new KeypairSigner(keypair);
+ *
+ * // Sign messages
+ * const publicKey = await signer.getPublicKey();
+ * const signature = await signer.signMessage(message);
+ * ```
+ */
+declare class KeypairSigner implements Signer {
+    private readonly keypair;
+    constructor(keypair: Keypair);
+    /**
+     * Returns the keypair's public key.
+     */
+    getPublicKey(): Promise<PublicKey>;
+    /**
+     * Signs a message using the keypair's private key.
+     */
+    signMessage(message: Uint8Array): Promise<Signature>;
+}
+
+/**
+ * Metadata about an account in a transaction.
+ */
+interface AccountMeta {
+    /** Account public key */
+    readonly pubkey: PublicKey;
+    /** Whether this account must sign the transaction */
+    readonly isSigner: boolean;
+    /** Whether this account's data will be modified */
+    readonly isWritable: boolean;
+}
+/**
+ * An instruction to execute on-chain.
+ */
+interface Instruction {
+    /** Program that will execute this instruction */
+    readonly programId: PublicKey;
+    /** Accounts used by this instruction */
+    readonly accounts: readonly AccountMeta[];
+    /** Instruction-specific data */
+    readonly data: Uint8Array;
+}
+/**
+ * Message header containing signature requirements.
+ */
+interface MessageHeader {
+    /** Number of signatures required */
+    readonly numRequiredSignatures: number;
+    /** Number of read-only signed accounts */
+    readonly numReadonlySignedAccounts: number;
+    /** Number of read-only unsigned accounts */
+    readonly numReadonlyUnsignedAccounts: number;
+}
+/**
+ * Compiled instruction with account indices.
+ */
+interface CompiledInstruction {
+    /** Index of program in account keys array */
+    readonly programIdIndex: number;
+    /** Indices of accounts in account keys array */
+    readonly accountKeyIndexes: readonly number[];
+    /** Instruction data */
+    readonly data: Uint8Array;
+}
+
+/**
+ * Account metadata table for deduplication and sorting.
+ * Avoids: Complex account sorting logic scattered throughout builder
+ */
+
+/**
+ * Internal account entry with aggregated metadata.
+ */
+interface AccountEntry {
+    pubkey: PublicKey;
+    isSigner: boolean;
+    isWritable: boolean;
+}
+/**
+ * Manages account deduplication and sorting for transaction messages.
+ *
+ * Accounts are sorted according to these rules:
+ * 1. Signer + writable accounts first
+ * 2. Then signer + readonly accounts
+ * 3. Then non-signer + writable accounts
+ * 4. Finally non-signer + readonly accounts
+ * 5. Within each group, sort by public key bytes
+ *
+ * This matches Solana's account sorting rules for compatibility.
+ */
+declare class AccountMetaTable {
+    private readonly accounts;
+    private readonly accountOrder;
+    /**
+     * Add or update an account in the table.
+     * If account already exists, merges signer/writable flags (OR operation).
+     */
+    add(meta: AccountMeta): void;
+    /**
+     * Add multiple accounts at once.
+     */
+    addAll(metas: readonly AccountMeta[]): void;
+    /**
+     * Get the index of an account in the sorted order.
+     * Returns -1 if account not found.
+     */
+    getIndex(pubkey: PublicKey): number;
+    /**
+     * Get sorted accounts according to transaction rules.
+     */
+    getSortedAccounts(): readonly AccountEntry[];
+    /**
+     * Get the message header based on sorted accounts.
+     */
+    getHeader(): MessageHeader;
+    /**
+     * Get sorted public keys.
+     */
+    getPublicKeys(): readonly PublicKey[];
+    /**
+     * Get number of accounts in table.
+     */
+    size(): number;
+}
+
+/**
+ * Error codes for transaction operations.
+ */
+declare enum TransactionErrorCode {
+    INVALID_INSTRUCTION = "INVALID_INSTRUCTION",
+    INVALID_ACCOUNT_META = "INVALID_ACCOUNT_META",
+    NO_INSTRUCTIONS = "NO_INSTRUCTIONS",
+    DUPLICATE_ACCOUNT = "DUPLICATE_ACCOUNT",
+    MISSING_SIGNATURE = "MISSING_SIGNATURE",
+    INVALID_SIGNATURE = "INVALID_SIGNATURE",
+    SIGNATURE_OUT_OF_BOUNDS = "SIGNATURE_OUT_OF_BOUNDS",
+    SIGNER_NOT_FOUND = "SIGNER_NOT_FOUND",
+    ALREADY_SIGNED = "ALREADY_SIGNED",
+    INVALID_MESSAGE_FORMAT = "INVALID_MESSAGE_FORMAT",
+    INSUFFICIENT_DATA = "INSUFFICIENT_DATA",
+    SERIALIZATION_FAILED = "SERIALIZATION_FAILED",
+    SIMULATION_FAILED = "SIMULATION_FAILED",
+    INSUFFICIENT_FUNDS = "INSUFFICIENT_FUNDS",
+    BLOCKHASH_EXPIRED = "BLOCKHASH_EXPIRED"
+}
+/**
+ * Error class for transaction operations with structured error information.
+ */
+declare class TransactionError extends Error {
+    readonly code: TransactionErrorCode;
+    readonly details?: Record<string, unknown> | undefined;
+    constructor(code: TransactionErrorCode, message: string, details?: Record<string, unknown> | undefined);
+    static noInstructions(): TransactionError;
+    static signerNotFound(pubkey: string): TransactionError;
+    static missingSignature(index: number, pubkey: string): TransactionError;
+    static simulationFailed(logs: string[], error: string): TransactionError;
+    static insufficientFunds(required: bigint, available: bigint): TransactionError;
+    toJSON(): {
+        code: TransactionErrorCode;
+        message: string;
+        details?: Record<string, unknown>;
+    };
+}
+
+/**
+ * Create an instruction with Borsh-encoded data.
+ *
+ * @example
+ * ```typescript
+ * // Define your instruction data class
+ * class MyInstructionData {
+ *   @field({ type: 'u8' })
+ *   instruction: number;
+ *
+ *   @field({ type: 'u64' })
+ *   amount: bigint;
+ *
+ *   @field({ type: option('string') })
+ *   memo?: string;
+ * }
+ *
+ * // Create instruction
+ * const instruction = createBorshInstruction({
+ *   programId: myProgramId,
+ *   accounts: [
+ *     { pubkey: account1, isSigner: true, isWritable: true },
+ *     { pubkey: account2, isSigner: false, isWritable: false },
+ *   ],
+ *   data: new MyInstructionData({
+ *     instruction: 5,
+ *     amount: 1000n,
+ *     memo: "Hello, Rialo!",
+ *   }),
+ * });
+ * ```
+ */
+declare function createBorshInstruction<T>(params: {
+    programId: PublicKey;
+    accounts: AccountMeta[];
+    data: T;
+}): Instruction;
+/**
+ * Helper for creating Borsh-serialized instruction data from a plain object.
+ *
+ * This is useful when you don't want to define a class with decorators.
+ *
+ * @example
+ * ```typescript
+ * const data = encodeBorshData({
+ *   instruction: { type: 'u8', value: 1 },
+ *   amount: { type: 'u64', value: 1000n },
+ *   recipient: { type: fixedArray('u8', 32), value: recipientBytes },
+ * });
+ * ```
+ */
+declare function encodeBorshData(_schema: Record<string, {
+    type: unknown;
+    value: unknown;
+}>): Uint8Array;
+
+/**
+ * System program instruction types.
+ */
+declare enum SystemInstruction {
+    CreateAccount = 0,
+    Assign = 1,
+    Transfer = 2,
+    CreateAccountWithSeed = 3,
+    AdvanceNonceAccount = 4,
+    WithdrawNonceAccount = 5,
+    InitializeNonceAccount = 6,
+    AuthorizeNonceAccount = 7,
+    Allocate = 8,
+    AllocateWithSeed = 9,
+    AssignWithSeed = 10,
+    TransferWithSeed = 11
+}
+/**
+ * Create a transfer instruction.
+ *
+ * Transfers native tokens from one account to another.
+ *
+ * @param from - Source account (must be signer)
+ * @param to - Destination account
+ * @param amount - Amount to transfer in smallest denomination (kelvins)
+ *
+ * @example
+ * ```typescript
+ * const instruction = transferInstruction(fromPubkey, toPubkey, 1_000_000n);
+ *
+ * const tx = TransactionBuilder.create()
+ *   .setPayer(fromPubkey)
+ *   .addInstruction(instruction)
+ *   .build();
+ * ```
+ */
+declare function transferInstruction(from: PublicKey, to: PublicKey, amount: bigint): Instruction;
+/**
+ * Create an account creation instruction.
+ *
+ * @param from - Funding account (must be signer)
+ * @param newAccount - New account to create (must be signer)
+ * @param kelvins - Initial balance for new account
+ * @param space - Number of bytes to allocate for account data
+ * @param owner - Program that will own the new account
+ */
+declare function createAccount(from: PublicKey, newAccount: PublicKey, kelvins: bigint, space: bigint, owner: PublicKey): Instruction;
+/**
+ * Create an allocate instruction.
+ *
+ * Allocates space for an account's data. The account must be owned by
+ * the system program and must sign the transaction.
+ *
+ * @param account - Account to allocate space for (must be signer)
+ * @param space - Number of bytes to allocate
+ */
+declare function allocateInstruction(account: PublicKey, space: bigint): Instruction;
+/**
+ * Create an assign instruction.
+ *
+ * Changes the owner of an account. The account must currently be owned
+ * by the system program and must sign the transaction.
+ *
+ * @param account - Account to reassign (must be signer)
+ * @param owner - New owner program
+ */
+declare function assignInstruction(account: PublicKey, owner: PublicKey): Instruction;
+
+/**
+ * An unsigned transaction message ready to be signed.
+ *
+ * This is the data that gets signed by transaction signers.
+ * It's immutable to prevent accidental modification after creation.
+ *
+ * @example
+ * ```typescript
+ * const message = MessageBuilder.create()
+ *   .setPayer(payer)
+ *   .setValidFrom(validFrom)
+ *   .addInstruction(transferInstruction)
+ *   .build();
+ *
+ * // Serialize for signing
+ * const messageBytes = message.serialize();
+ * ```
+ */
+declare class Message {
+    /** Message header with signature requirements */
+    readonly header: MessageHeader;
+    /** All account public keys referenced in the transaction */
+    readonly accountKeys: readonly PublicKey[];
+    /** Transaction valid from (milliseconds since Unix epoch) */
+    validFrom?: bigint;
+    /** Config hash prefix for replay protection across chains */
+    readonly configHashPrefix: bigint;
+    /** Compiled instructions with account indices */
+    readonly instructions: readonly CompiledInstruction[];
+    /** Cached serialized bytes */
+    private serializedCache?;
+    constructor(header: MessageHeader, accountKeys: readonly PublicKey[], validFrom: bigint, configHashPrefix: bigint, instructions: readonly CompiledInstruction[]);
+    /**
+     * Serialize message to bytes for signing.
+     * Result is cached for performance.
+     */
+    serialize(): Uint8Array;
+    /**
+     * Deserialize a message from wire format.
+     *
+     * @param data - Serialized message bytes
+     * @returns Deserialized Message
+     */
+    static deserialize(data: Uint8Array): Message;
+    private serializeInternal;
+    private serializeCompactArray;
+    private serializeCompactU16;
+    /**
+     * Get all signers required for this message.
+     */
+    getSigners(): readonly PublicKey[];
+    /**
+     * Check if a public key is a required signer.
+     */
+    isSignerRequired(pubkey: PublicKey): boolean;
+    /**
+     * Get the index of a signer in the signers array.
+     * Returns -1 if not a signer.
+     */
+    getSignerIndex(pubkey: PublicKey): number;
+}
+
+/**
+ * A transaction with zero or more signatures.
+ *
+ * Transactions are immutable - signing methods return new instances.
+ * This prevents accidental modification and signature tampering.
+ *
+ * @example
+ * ```typescript
+ * // Simple signing
+ * const tx = builder.build();
+ * const signed = tx.sign(keypair);
+ *
+ * // Method chaining
+ * const signed = tx
+ *   .sign(keypair1)
+ *   .sign(keypair2)
+ *   .sign(keypair3);
+ *
+ * // Multi-sig convenience
+ * const signed = tx.signAll([keypair1, keypair2, keypair3]);
+ * ```
+ */
+declare class Transaction {
+    /** The unsigned message */
+    private readonly message;
+    /** Signatures (64 bytes each), aligned with message.header.numRequiredSignatures */
+    private readonly signatures;
+    private constructor();
+    /**
+     * Create an unsigned transaction from a message.
+     * All signature slots are initialized to zero.
+     *
+     * @internal - Users should use TransactionBuilder instead
+     */
+    static fromMessage(message: Message): Transaction;
+    /**
+     * Create transaction from message and existing signatures.
+     * @internal
+     */
+    static fromMessageAndSignatures(message: Message, signatures: readonly Uint8Array[]): Transaction;
+    /**
+     * Deserialize a transaction from wire format.
+     */
+    static deserialize(data: Uint8Array): Transaction;
+    getMessage(): Message;
+    /**
+     * Sign the transaction with a keypair.
+     * Returns a NEW Transaction instance.
+     *
+     * @param keypair - Keypair to sign with
+     * @returns New Transaction instance with signature added
+     *
+     * @example
+     * ```typescript
+     * const signedTx = tx.sign(keypair);
+     * await client.sendTransaction(signedTx.serialize());
+     * ```
+     */
+    sign(keypair: Keypair): Transaction;
+    /**
+     * Sign with multiple keypairs at once.
+     * Returns a NEW Transaction instance.
+     *
+     * @example
+     * ```typescript
+     * const signed = tx.signAll([keypair1, keypair2, keypair3]);
+     * ```
+     */
+    signAll(keypairs: Keypair[]): Transaction;
+    /**
+     * Sign the transaction with a Signer interface (async).
+     * Returns a NEW Transaction instance.
+     *
+     * @example
+     * ```typescript
+     * const signedTx = await tx.signWith(browserWallet);
+     * ```
+     */
+    signWith(signer: Signer): Promise<Transaction>;
+    /**
+     * Sign with multiple signers.
+     * Returns a NEW Transaction instance.
+     */
+    signAllWith(signers: Signer[]): Promise<Transaction>;
+    /**
+     * Partially sign the transaction (for multi-sig transactions).
+     * Returns a NEW Transaction instance.
+     *
+     * @example
+     * ```typescript
+     * const signedTx = tx
+     *   .partialSign(signer1)
+     *   .partialSign(signer2);
+     * ```
+     */
+    partialSign(keypair: Keypair): Transaction;
+    /**
+     * Partially sign with a Signer interface (async).
+     * Returns a NEW Transaction instance.
+     */
+    partialSignWith(signer: Signer): Promise<Transaction>;
+    /**
+     * Add a signature at a specific index.
+     * Returns a NEW Transaction instance.
+     *
+     * Most users should use sign() or signAll() instead.
+     */
+    addSignature(index: number, signature: Signature | Uint8Array): Transaction;
+    /**
+     * Add a signature for a specific public key.
+     * Returns a NEW Transaction instance.
+     *
+     * Most users should use sign() or signAll() instead.
+     */
+    addSignatureForPubkey(pubkey: PublicKey, signature: Signature | Uint8Array): Transaction;
+    /**
+     * Check if transaction is fully signed (all signatures present).
+     */
+    isSigned(): boolean;
+    /**
+     * Check if a specific signature slot is filled.
+     */
+    isSignaturePresent(index: number): boolean;
+    /**
+     * Get all signatures (returns copies to prevent mutation).
+     */
+    getSignatures(): readonly Uint8Array[];
+    /**
+     * Get a specific signature (returns copy).
+     */
+    getSignature(index: number): Uint8Array;
+    /**
+     * Get a specific signature for a public key.
+     */
+    getSignatureForPubkey(pubkey: PublicKey): Uint8Array;
+    /**
+     * Get required signers for this transaction.
+     */
+    getSigners(): readonly PublicKey[];
+    /**
+     * Get the number of required signatures.
+     */
+    getRequiredSignatureCount(): number;
+    /**
+     * Throw an error if the transaction is not fully signed.
+     *
+     * @throws {TransactionError} If transaction is not fully signed
+     *
+     * @example
+     * ```typescript
+     * signedTx.ensureSigned(); // Throws if not signed
+     * await client.sendTransaction(signedTx.serialize());
+     * ```
+     */
+    ensureSigned(): void;
+    /**
+     * Serialize transaction to wire format.
+     */
+    serialize(): Uint8Array;
+}
+
+/**
+ * Fluent API for building transactions.
+ * Returns Transaction directly (not Message).
+ */
+
+/**
+ * Builder for creating transactions with a fluent API.
+ *
+ * Provides an intuitive interface for constructing transactions.
+ * Call build() to get an unsigned Transaction ready for signing.
+ *
+ * @example
+ * ```typescript
+ * // Simple transfer
+ * const tx = TransactionBuilder.create()
+ *   .setPayer(payer)
+ *   .setValidFrom(validFrom)
+ *   .addInstruction(transfer(from, to, 1_000_000n))
+ *   .build();
+ *
+ * const signedTx = tx.sign(keypair);
+ * await client.transaction.sendTransaction(signedTx.serialize());
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // Multi-instruction transaction
+ * const tx = TransactionBuilder.create()
+ *   .setPayer(payer)
+ *   .setValidFrom(validFrom)
+ *   .addInstruction(transfer(from, to, 1_000_000n))
+ *   .addInstruction(memoInstruction("Payment for invoice #123"))
+ *   .build();
+ * ```
+ */
+declare class TransactionBuilder {
+    private payer?;
+    private validFrom?;
+    private configHashPrefix?;
+    private readonly instructions;
+    private constructor();
+    /**
+     * Create a new transaction builder.
+     */
+    static create(): TransactionBuilder;
+    /**
+     * Set the fee payer for this transaction.
+     *
+     * The payer will be the first account and must sign the transaction.
+     * The payer pays for transaction fees.
+     *
+     * @param payer - Public key of the fee payer
+     */
+    setPayer(payer: PublicKey): this;
+    /**
+     * Set the Transaction valid from.
+     *
+     * This is the time the transaction is valid from, in milliseconds since Unix epoch.
+     * It can be used for additional replay protection or auditing.
+     *
+     * @param validFrom - Transaction valid from in milliseconds since Unix epoch
+     */
+    setValidFrom(validFrom: bigint): this;
+    /**
+     * Set the config hash prefix for replay protection.
+     *
+     * This is the first 64 bits of the config hash, used to ensure
+     * transactions cannot be replayed on different chains.
+     *
+     * @param configHashPrefix - config hash prefix as a u64
+     */
+    setConfigHashPrefix(configHashPrefix: bigint): this;
+    /**
+     * Add an instruction to the transaction.
+     *
+     * @param instruction - Instruction to add
+     */
+    addInstruction(instruction: Instruction): this;
+    /**
+     * Add multiple instructions at once.
+     *
+     * @param instructions - Array of instructions to add
+     */
+    addInstructions(instructions: readonly Instruction[]): this;
+    /**
+     * Build the transaction (unsigned).
+     *
+     * Returns an unsigned Transaction that's ready to be signed.
+     *
+     * @returns Unsigned Transaction
+     * @throws {TransactionError} If payer, valid_from, or instructions are missing
+     *
+     * @example
+     * ```typescript
+     * const tx = builder.build();
+     * const signedTx = tx.sign(keypair);
+     * ```
+     */
+    build(): Transaction;
+}
+
 /**
  * Converts bytes to base64 string.
  *
@@ -2075,4 +3284,4 @@ declare function getMainnetUrl(): string;
  */
 declare function getLocalnetUrl(): string;
 
-export { type AccountInfo, type AccountMeta, AccountMetaTable, BASE_DERIVATION_PATH, BaseRpcClient, type ChainDefinition, type CompiledInstruction, type ConfirmTransactionOptions, type ConfirmedTransaction, CryptoError, CryptoErrorCode, DEFAULT_NUM_ACCOUNTS, type EpochInfoResponse, type GetConnectedFullNodesResponse, type GetFeeForMessageResponse, type GetHealthResponse, type GetSignaturesForAddressConfig, type GetSignaturesForAddressResponse, type GetSubscriptionsResponse, type GetTransactionsConfig, type GetTransactionsResponse, type GetTriggeredTransactionsResponse, type GetValidatorHealthResponse, type GetWorkflowLineageRequest, type GetWorkflowLineageResponse, HttpTransport, type HttpTransportConfig, type IdentifierString, type Instruction, type IsBlockhashValidResponse, KELVIN_PER_RLO, Keypair, KeypairSigner, Message, type MessageHeader, Mnemonic, type MnemonicStrength, type MultipleAccountsResponse, PUBLIC_KEY_LENGTH, PublicKey, QueryRpcClient, RIALO_DEVNET_CHAIN, RIALO_LOCALNET_CHAIN, RIALO_MAINNET_CHAIN, RIALO_TESTNET_CHAIN, RialoClient, type RialoClientConfig, RialoError, RialoErrorType, type RialoNetwork, RpcError, RpcErrorCode, type RpcErrorDetails$1 as RpcErrorDetails, SECRET_KEY_LENGTH, SIGNATURE_LENGTH, SYSTEM_PROGRAM_ID, type SendAndConfirmOptions, type SendTransactionOptions, Signature, type SignatureStatus, type Signer, SystemInstruction, Transaction, TransactionBuilder, TransactionError, TransactionErrorCode, type TransactionResponse, TransactionRpcClient, URL_DEVNET, URL_LOCALNET, URL_MAINNET, URL_TESTNET, calculateBackoff, createAccount, createBorshInstruction, createRialoClient, encodeBorshData, fromBase64, getDefaultRialoClientConfig, getDevnetUrl, getLocalnetUrl, getMainnetUrl, getTestnetUrl, sleep, toBase64, transferInstruction };
+export { type AccountFilter, type AccountInfo, type AccountMeta, AccountMetaTable, BASE_DERIVATION_PATH, BaseRpcClient, BincodeReader, type BincodeSchema, BincodeWriter, type Bump, CHACHA20_POLY1305_TAG_LENGTH, type ChainDefinition, type CompiledInstruction, type ConfirmTransactionOptions, type ConfirmedTransaction, CryptoError, CryptoErrorCode, DEFAULT_NUM_ACCOUNTS, ED25519_PUBLIC_KEY_LENGTH, type EnumVariant, type EpochInfoResponse, type EventData, type GetAccountsByOwnerConfig, type GetAccountsByOwnerResponse, type GetHealthResponse, type GetSecretSharingPubkeyResponse, type GetSignaturesForAddressConfig, type GetTransactionsResponse, type GetWorkflowLineageRequest, type GetWorkflowLineageResponse, HPKE_ENC_LENGTH, HPKE_OVERHEAD_LENGTH, HpkeError, HpkeErrorCode, HttpTransport, type HttpTransportConfig, type IdentifierString, type InferSchema, type Instruction, KELVIN_PER_RLO, Keypair, KeypairSigner, Message, type MessageHeader, Mnemonic, type MnemonicStrength, type OwnerAccount, type PDA, PUBLIC_KEY_LENGTH, type PaginationInfo, PublicKey, QueryRpcClient, RIALO_DEVNET_CHAIN, RIALO_LOCALNET_CHAIN, RIALO_MAINNET_CHAIN, RIALO_SHITNET_CHAIN, RIALO_TESTNET_CHAIN, RexValue, RexValueVariant, RialoClient, type RialoClientConfig, RialoError, RialoErrorType, type RialoNetwork, RpcError, RpcErrorCode, type RpcErrorDetails$1 as RpcErrorDetails, SECRET_KEY_LENGTH, SECRET_SHARING_HPKE_INFO, SIGNATURE_LENGTH, SYSTEM_PROGRAM_ID, Schema, type Seed, type SendAndConfirmOptions, type SendTransactionOptions, Signature, type SignatureInfo, type SignatureStatus, type Signer, type StructField, type Subscription, type SubscriptionKind, SystemInstruction, type TimestampRange, Transaction, TransactionBuilder, TransactionError, TransactionErrorCode, type TransactionNodeData, type TransactionResponse, TransactionRpcClient, type TriggerInfo, type TriggeredTransaction, type TruncationReason, URL_DEVNET, URL_LOCALNET, URL_MAINNET, URL_SHITNET, URL_TESTNET, USER_SECRET_AAD, type WorkflowLineage, type WorkflowNode, X25519_PUBLIC_KEY_LENGTH, allocateInstruction, assignInstruction, calculateBackoff, concatBytes, createAccount, createBorshInstruction, createRialoClient, deserialize, deserializeBorsh, deserializeCompactU16, deserializeStrict, encodeBorshData, encryptForRex, fromBase64, getCiphertextLength, getDefaultRialoClientConfig, getDevnetUrl, getLocalnetUrl, getMainnetUrl, getTestnetUrl, hpkeEncrypt, isOnCurve, isValidCiphertextLength, seedToBytes, serialize, serializeBorsh, serializeCompactU16, sleep, toBase64, transferInstruction, writeCompactU16 };