npm - @rialo/ts-cdk - Versions diffs - 0.2.0-alpha.1 → 0.2.0-alpha.2 - Mend

@rialo/ts-cdk 0.2.0-alpha.1 → 0.2.0-alpha.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -733,341 +733,6 @@ declare class RialoError extends Error {
     static serialization(message: string): RialoError;
 }
-/**
- * Error codes for HPKE encryption operations.
- */
-declare enum HpkeErrorCode {
-    /** Key length does not match expected size */
-    INVALID_KEY_LENGTH = "INVALID_KEY_LENGTH",
-    /** Ciphertext is shorter than minimum required length */
-    CIPHERTEXT_TOO_SHORT = "CIPHERTEXT_TOO_SHORT",
-    /** HPKE encryption operation failed */
-    ENCRYPTION_FAILED = "ENCRYPTION_FAILED",
-    /** Failed to deserialize Borsh data */
-    BORSH_DESERIALIZE_FAILED = "BORSH_DESERIALIZE_FAILED",
-    /** RexValue has invalid variant byte */
-    INVALID_ORACLE_VALUE = "INVALID_ORACLE_VALUE"
-}
-/**
- * Error class for HPKE encryption operations.
- *
- * Provides detailed error information for encryption failures,
- * including error codes and contextual details.
- */
-declare class HpkeError extends Error {
-    readonly code: HpkeErrorCode;
-    readonly cause?: Error;
-    constructor(code: HpkeErrorCode, message: string, cause?: Error);
-    /**
-     * Create an error for invalid key length.
-     *
-     * @param expected - Expected key length in bytes
-     * @param actual - Actual key length in bytes
-     * @param keyType - Description of the key type (e.g., "REX public key")
-     */
-    static invalidKeyLength(expected: number, actual: number, keyType: string): HpkeError;
-    /**
-     * Create an error for ciphertext that is too short.
-     *
-     * @param minLength - Minimum required length
-     * @param actual - Actual length
-     */
-    static ciphertextTooShort(minLength: number, actual: number): HpkeError;
-    /**
-     * Create an error for encryption failure.
-     *
-     * @param cause - The underlying error
-     */
-    static encryptionFailed(cause: Error): HpkeError;
-    /**
-     * Create an error for Borsh deserialization failure.
-     *
-     * @param cause - The underlying error
-     */
-    static borshDeserializeFailed(cause: Error): HpkeError;
-    /**
-     * Create an error for invalid RexValue variant.
-     *
-     * @param variant - The invalid variant byte
-     */
-    static invalidRexValue(variant: number): HpkeError;
-}
-/**
- * Constants for REX HPKE encryption.
- *
- * These constants MUST match the Rust implementation exactly:
- * - `crates/tee/secret-sharing/src/constants.rs`
- *
- * @module
- */
-/**
- * Additional Authenticated Data (AAD) prefix for user secrets.
- *
- * This 13-byte string is prepended to the sender's public key to form
- * the complete AAD for HPKE encryption. It provides domain separation
- * to prevent cross-protocol attacks.
- *
- * Format: `USER_SECRET_AAD || senderPubkey` = 45 bytes total AAD
- *
- * @remarks
- * Must match Rust: `pub const USER_SECRET_AAD: &[u8] = b"rex-secret-v1";`
- */
-declare const USER_SECRET_AAD: Uint8Array<ArrayBuffer>;
-/**
- * HPKE info string for secret sharing context.
- *
- * This 32-byte string is used as the `info` parameter in HPKE encryption,
- * providing domain separation for secret sharing operations.
- *
- * @remarks
- * Must match Rust: `pub const SECRET_SHARING_HPKE_INFO: &[u8; 32] = b"rialo/tee/secret-sharing-hpke/v1";`
- */
-declare const SECRET_SHARING_HPKE_INFO: Uint8Array<ArrayBuffer>;
-/**
- * Length of an X25519 public key in bytes.
- *
- * Used for the REX encryption public key (secret sharing key).
- */
-declare const X25519_PUBLIC_KEY_LENGTH = 32;
-/**
- * Length of an Ed25519 public key in bytes.
- *
- * Used for sender identity binding in AAD construction.
- */
-declare const ED25519_PUBLIC_KEY_LENGTH = 32;
-/**
- * Length of the HPKE encapsulated key (enc) in bytes.
- *
- * For X25519, this is always 32 bytes.
- */
-declare const HPKE_ENC_LENGTH = 32;
-/**
- * Length of the ChaCha20-Poly1305 authentication tag in bytes.
- */
-declare const CHACHA20_POLY1305_TAG_LENGTH = 16;
-/**
- * Total overhead added by HPKE encryption.
- *
- * This is the additional bytes beyond the plaintext:
- * - enc (32 bytes): Encapsulated ephemeral public key
- * - tag (16 bytes): ChaCha20-Poly1305 authentication tag
- *
- * Ciphertext length = plaintext length + 48 bytes
- */
-declare const HPKE_OVERHEAD_LENGTH: number;
-/**
- * Variant discriminator for RexValue Borsh serialization.
- */
-declare enum RexValueVariant {
-    /** Plain (unencrypted) data variant */
-    Plain = 0,
-    /** Encrypted data variant */
-    Encrypted = 1
-}
-/**
- * Represents an rex value that can be plain or encrypted.
- *
- * This class provides Borsh-compatible serialization that matches
- * the Rust `RexValue` enum:
- *
- * ```rust
- * pub enum RexValue {
- *     Plain(Vec<u8>),
- *     Encrypted(Vec<u8>),
- * }
- * ```
- *
- * ## Borsh Format
- *
- * - Plain: `[0x00] [length: u32 LE] [data bytes]`
- * - Encrypted: `[0x01] [length: u32 LE] [ciphertext bytes]`
- *
- * @example
- * ```typescript
- * // Plain value (unencrypted)
- * const plain = RexValue.plain(new TextEncoder().encode("hello"));
- *
- * // Encrypted value (via HPKE)
- * const encrypted = RexValue.encrypted(ciphertextBytes);
- *
- * // Serialize to Borsh
- * const borsh = plain.toBorsh();
- *
- * // Deserialize from Borsh
- * const restored = RexValue.fromBorsh(borsh);
- * ```
- */
-declare class RexValue {
-    private readonly variant;
-    private readonly data;
-    private constructor();
-    /**
-     * Create a plain (unencrypted) RexValue from raw bytes.
-     *
-     * @param data - The raw byte data
-     * @returns A new RexValue with Plain variant
-     */
-    static plain(data: Uint8Array): RexValue;
-    /**
-     * Create a plain (unencrypted) RexValue from a UTF-8 string.
-     *
-     * @param s - The string to encode
-     * @returns A new RexValue with Plain variant
-     */
-    static plainString(s: string): RexValue;
-    /**
-     * Create an encrypted RexValue from HPKE ciphertext.
-     *
-     * @param ciphertext - The HPKE-encrypted ciphertext (enc || ct || tag)
-     * @returns A new RexValue with Encrypted variant
-     */
-    static encrypted(ciphertext: Uint8Array): RexValue;
-    /**
-     * Check if this is a plain (unencrypted) value.
-     */
-    isPlain(): boolean;
-    /**
-     * Check if this is an encrypted value.
-     */
-    isEncrypted(): boolean;
-    /**
-     * Get the variant type.
-     */
-    getVariant(): RexValueVariant;
-    /**
-     * Get the raw bytes (plaintext or ciphertext).
-     *
-     * For Plain values, returns the plaintext.
-     * For Encrypted values, returns the ciphertext.
-     */
-    asBytes(): Uint8Array;
-    /**
-     * Try to decode the plain value as a UTF-8 string.
-     *
-     * @returns The decoded string, or null if encrypted or not valid UTF-8
-     */
-    asString(): string | null;
-    /**
-     * Serialize to Borsh format.
-     *
-     * Format: `[variant: u8] [length: u32 LE] [data bytes]`
-     *
-     * @returns The Borsh-serialized bytes
-     */
-    toBorsh(): Uint8Array;
-    /**
-     * Deserialize from Borsh format.
-     *
-     * @param data - The Borsh-serialized bytes
-     * @returns A new RexValue
-     * @throws {HpkeError} If deserialization fails
-     */
-    static fromBorsh(data: Uint8Array): RexValue;
-}
-/**
- * Encrypt data using HPKE for REX secret sharing.
- *
- * This function performs HPKE encryption using the Base mode with:
- * - X25519 for key encapsulation
- * - HKDF-SHA256 for key derivation
- * - ChaCha20-Poly1305 for authenticated encryption
- *
- * The output format is: `enc (32 bytes) || ciphertext || tag (16 bytes)`
- *
- * @param rexPubkey - The REX X25519 public key (32 bytes)
- * @param data - The plaintext data to encrypt
- * @param senderPubkey - The sender's Ed25519 public key (32 bytes) for AAD construction
- * @returns The encrypted ciphertext including enc and tag
- * @throws {HpkeError} If key lengths are invalid or encryption fails
- *
- * @example
- * ```typescript
- * const rexPubkey = await client.getSecretSharingPubkey();
- * const ciphertext = await hpkeEncrypt(
- *   rexPubkey,
- *   new TextEncoder().encode("secret data"),
- *   keypair.publicKey.toBytes()
- * );
- * ```
- */
-declare function hpkeEncrypt(rexPubkey: Uint8Array, data: Uint8Array, senderPubkey: Uint8Array): Promise<Uint8Array>;
-/**
- * Encrypt data for REX and wrap it in an RexValue.
- *
- * This is a convenience function that combines:
- * 1. HPKE encryption using `hpkeEncrypt`
- * 2. Wrapping the ciphertext in an `RexValue.encrypted`
- *
- * The resulting RexValue can be serialized to Borsh and sent to the network.
- *
- * @param rexPubkey - The REX X25519 public key (32 bytes)
- * @param data - The plaintext data to encrypt
- * @param senderPubkey - The sender's Ed25519 public key (32 bytes)
- * @returns An RexValue containing the encrypted ciphertext
- * @throws {HpkeError} If key lengths are invalid or encryption fails
- *
- * @example
- * ```typescript
- * import { RpcClient, Keypair } from "@rialo/ts-cdk";
- * import { encryptForRex, RexValue } from "@rialo/ts-cdk/rex";
- *
- * // Get REX public key from the network
- * const client = new RpcClient("https://rpc.rialo.xyz");
- * const rexPubkey = await client.getSecretSharingPubkey();
- *
- * // Create keypair for signing
- * const keypair = Keypair.generate();
- *
- * // Encrypt secret data
- * const oracleValue = await encryptForRex(
- *   rexPubkey,
- *   new TextEncoder().encode("my secret API key"),
- *   keypair.publicKey.toBytes()
- * );
- *
- * // The RexValue can now be serialized and used in transactions
- * const borshBytes = oracleValue.toBorsh();
- * ```
- */
-declare function encryptForRex(rexPubkey: Uint8Array, data: Uint8Array, senderPubkey: Uint8Array): Promise<RexValue>;
-/**
- * Calculate the expected ciphertext length for a given plaintext length.
- *
- * The ciphertext consists of:
- * - enc (32 bytes): Encapsulated ephemeral public key
- * - ciphertext (plaintext.length bytes): Encrypted data
- * - tag (16 bytes): ChaCha20-Poly1305 authentication tag
- *
- * @param plaintextLength - Length of the plaintext in bytes
- * @returns Expected ciphertext length
- *
- * @example
- * ```typescript
- * const ciphertextLen = getCiphertextLength(100);
- * console.log(ciphertextLen); // 148 (32 + 100 + 16)
- * ```
- */
-declare function getCiphertextLength(plaintextLength: number): number;
-/**
- * Validate that a ciphertext has a valid length.
- *
- * A valid HPKE ciphertext must be at least 48 bytes (32 enc + 16 tag).
- *
- * @param ciphertext - The ciphertext to validate
- * @returns true if the ciphertext length is valid
- *
- * @example
- * ```typescript
- * if (!isValidCiphertextLength(ciphertext)) {
- *   throw new Error("Ciphertext too short");
- * }
- * ```
- */
-declare function isValidCiphertextLength(ciphertext: Uint8Array): boolean;
 /**
  * Base client with JSON-RPC protocol handling.
  *
@@ -1399,15 +1064,6 @@ interface GetAccountsByOwnerResponse {
     /** Pagination information */
     pagination?: PaginationInfo;
 }
-/**
- * Get secret sharing public key response.
- *
- * Contains the TEE's X25519 public key for HPKE encryption.
- */
-interface GetSecretSharingPubkeyResponse {
-    /** The TEE's X25519 public key as a hex-encoded string */
-    public_key: string;
-}
 /**
  * Main Rialo RPC client for blockchain interactions.
@@ -1889,50 +1545,6 @@ declare class QueryRpcClient extends BaseRpcClient {
      * ```
      */
     getTriggeredTransactions(subscriptionAccount: PublicKey, limit?: number): Promise<TriggeredTransaction[]>;
-    /**
-     * Retrieve the REX X25519 public key for secret sharing encryption.
-     *
-     * This key is used for HPKE encryption when sending encrypted data
-     * that should only be decryptable within the REX execution environment.
-     *
-     * @returns The REX X25519 public key as a 32-byte Uint8Array
-     *
-     * @example
-     * ```typescript
-     * import { encryptForRex } from "@rialo/ts-cdk";
-     *
-     * // Get the REX public key
-     * const rexPubkey = await client.getSecretSharingPubkey();
-     *
-     * // Use it for HPKE encryption
-     * const encrypted = await encryptForRex(
-     *   rexPubkey,
-     *   new TextEncoder().encode("secret data"),
-     *   keypair.publicKey.toBytes()
-     * );
-     * ```
-     */
-    getSecretSharingPubkey(): Promise<Uint8Array>;
-    /**
-     * Get the config hash prefix for replay protection.
-     *
-     * Returns the first 64 bits of the config hash, which is used
-     * for transaction replay protection across chains.
-     *
-     * @returns The config hash prefix as a bigint
-     *
-     * @example
-     * ```typescript
-     * const configHashPrefix = await client.getConfigHashPrefix();
-     * const tx = TransactionBuilder.create()
-     *   .setPayer(payer)
-     *   .setValidFrom(validFrom)
-     *   .setConfigHashPrefix(configHashPrefix)
-     *   .addInstruction(instruction)
-     *   .build();
-     * ```
-     */
-    getConfigHashPrefix(): Promise<bigint>;
 }
 /**
@@ -2941,13 +2553,11 @@ declare class Message {
     readonly accountKeys: readonly PublicKey[];
     /** Transaction valid from (milliseconds since Unix epoch) */
     validFrom?: bigint;
-    /** Config hash prefix for replay protection across chains */
-    readonly configHashPrefix: bigint;
     /** Compiled instructions with account indices */
     readonly instructions: readonly CompiledInstruction[];
     /** Cached serialized bytes */
     private serializedCache?;
-    constructor(header: MessageHeader, accountKeys: readonly PublicKey[], validFrom: bigint, configHashPrefix: bigint, instructions: readonly CompiledInstruction[]);
+    constructor(header: MessageHeader, accountKeys: readonly PublicKey[], validFrom: bigint, instructions: readonly CompiledInstruction[]);
     /**
      * Serialize message to bytes for signing.
      * Result is cached for performance.
@@ -3177,7 +2787,6 @@ declare class Transaction {
 declare class TransactionBuilder {
     private payer?;
     private validFrom?;
-    private configHashPrefix?;
     private readonly instructions;
     private constructor();
     /**
@@ -3202,15 +2811,6 @@ declare class TransactionBuilder {
      * @param validFrom - Transaction valid from in milliseconds since Unix epoch
      */
     setValidFrom(validFrom: bigint): this;
-    /**
-     * Set the config hash prefix for replay protection.
-     *
-     * This is the first 64 bits of the config hash, used to ensure
-     * transactions cannot be replayed on different chains.
-     *
-     * @param configHashPrefix - config hash prefix as a u64
-     */
-    setConfigHashPrefix(configHashPrefix: bigint): this;
     /**
      * Add an instruction to the transaction.
      *
@@ -3284,4 +2884,4 @@ declare function getMainnetUrl(): string;
  */
 declare function getLocalnetUrl(): string;
-export { type AccountFilter, type AccountInfo, type AccountMeta, AccountMetaTable, BASE_DERIVATION_PATH, BaseRpcClient, BincodeReader, type BincodeSchema, BincodeWriter, type Bump, CHACHA20_POLY1305_TAG_LENGTH, type ChainDefinition, type CompiledInstruction, type ConfirmTransactionOptions, type ConfirmedTransaction, CryptoError, CryptoErrorCode, DEFAULT_NUM_ACCOUNTS, ED25519_PUBLIC_KEY_LENGTH, type EnumVariant, type EpochInfoResponse, type EventData, type GetAccountsByOwnerConfig, type GetAccountsByOwnerResponse, type GetHealthResponse, type GetSecretSharingPubkeyResponse, type GetSignaturesForAddressConfig, type GetTransactionsResponse, type GetWorkflowLineageRequest, type GetWorkflowLineageResponse, HPKE_ENC_LENGTH, HPKE_OVERHEAD_LENGTH, HpkeError, HpkeErrorCode, HttpTransport, type HttpTransportConfig, type IdentifierString, type InferSchema, type Instruction, KELVIN_PER_RLO, Keypair, KeypairSigner, Message, type MessageHeader, Mnemonic, type MnemonicStrength, type OwnerAccount, type PDA, PUBLIC_KEY_LENGTH, type PaginationInfo, PublicKey, QueryRpcClient, RIALO_DEVNET_CHAIN, RIALO_LOCALNET_CHAIN, RIALO_MAINNET_CHAIN, RIALO_SHITNET_CHAIN, RIALO_TESTNET_CHAIN, RexValue, RexValueVariant, RialoClient, type RialoClientConfig, RialoError, RialoErrorType, type RialoNetwork, RpcError, RpcErrorCode, type RpcErrorDetails$1 as RpcErrorDetails, SECRET_KEY_LENGTH, SECRET_SHARING_HPKE_INFO, SIGNATURE_LENGTH, SYSTEM_PROGRAM_ID, Schema, type Seed, type SendAndConfirmOptions, type SendTransactionOptions, Signature, type SignatureInfo, type SignatureStatus, type Signer, type StructField, type Subscription, type SubscriptionKind, SystemInstruction, type TimestampRange, Transaction, TransactionBuilder, TransactionError, TransactionErrorCode, type TransactionNodeData, type TransactionResponse, TransactionRpcClient, type TriggerInfo, type TriggeredTransaction, type TruncationReason, URL_DEVNET, URL_LOCALNET, URL_MAINNET, URL_SHITNET, URL_TESTNET, USER_SECRET_AAD, type WorkflowLineage, type WorkflowNode, X25519_PUBLIC_KEY_LENGTH, allocateInstruction, assignInstruction, calculateBackoff, concatBytes, createAccount, createBorshInstruction, createRialoClient, deserialize, deserializeBorsh, deserializeCompactU16, deserializeStrict, encodeBorshData, encryptForRex, fromBase64, getCiphertextLength, getDefaultRialoClientConfig, getDevnetUrl, getLocalnetUrl, getMainnetUrl, getTestnetUrl, hpkeEncrypt, isOnCurve, isValidCiphertextLength, seedToBytes, serialize, serializeBorsh, serializeCompactU16, sleep, toBase64, transferInstruction, writeCompactU16 };
+export { type AccountFilter, type AccountInfo, type AccountMeta, AccountMetaTable, BASE_DERIVATION_PATH, BaseRpcClient, BincodeReader, type BincodeSchema, BincodeWriter, type Bump, type ChainDefinition, type CompiledInstruction, type ConfirmTransactionOptions, type ConfirmedTransaction, CryptoError, CryptoErrorCode, DEFAULT_NUM_ACCOUNTS, type EnumVariant, type EpochInfoResponse, type EventData, type GetAccountsByOwnerConfig, type GetAccountsByOwnerResponse, type GetHealthResponse, type GetSignaturesForAddressConfig, type GetTransactionsResponse, type GetWorkflowLineageRequest, type GetWorkflowLineageResponse, HttpTransport, type HttpTransportConfig, type IdentifierString, type InferSchema, type Instruction, KELVIN_PER_RLO, Keypair, KeypairSigner, Message, type MessageHeader, Mnemonic, type MnemonicStrength, type OwnerAccount, type PDA, PUBLIC_KEY_LENGTH, type PaginationInfo, PublicKey, QueryRpcClient, RIALO_DEVNET_CHAIN, RIALO_LOCALNET_CHAIN, RIALO_MAINNET_CHAIN, RIALO_SHITNET_CHAIN, RIALO_TESTNET_CHAIN, RialoClient, type RialoClientConfig, RialoError, RialoErrorType, type RialoNetwork, RpcError, RpcErrorCode, type RpcErrorDetails$1 as RpcErrorDetails, SECRET_KEY_LENGTH, SIGNATURE_LENGTH, SYSTEM_PROGRAM_ID, Schema, type Seed, type SendAndConfirmOptions, type SendTransactionOptions, Signature, type SignatureInfo, type SignatureStatus, type Signer, type StructField, type Subscription, type SubscriptionKind, SystemInstruction, type TimestampRange, Transaction, TransactionBuilder, TransactionError, TransactionErrorCode, type TransactionNodeData, type TransactionResponse, TransactionRpcClient, type TriggerInfo, type TriggeredTransaction, type TruncationReason, URL_DEVNET, URL_LOCALNET, URL_MAINNET, URL_SHITNET, URL_TESTNET, type WorkflowLineage, type WorkflowNode, allocateInstruction, assignInstruction, calculateBackoff, concatBytes, createAccount, createBorshInstruction, createRialoClient, deserialize, deserializeBorsh, deserializeCompactU16, deserializeStrict, encodeBorshData, fromBase64, getDefaultRialoClientConfig, getDevnetUrl, getLocalnetUrl, getMainnetUrl, getTestnetUrl, isOnCurve, seedToBytes, serialize, serializeBorsh, serializeCompactU16, sleep, toBase64, transferInstruction, writeCompactU16 };