@rialo/ts-cdk 0.2.0-alpha.1 → 0.2.0-alpha.2

package/dist/index.js

@@ -1,8 +1,5 @@
 'use strict';
 
-var chacha20poly1305 = require('@hpke/chacha20poly1305');
-var core = require('@hpke/core');
-
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
@@ -5483,302 +5480,6 @@ var RialoError = class _RialoError extends Error {
   }
 };
 
-// src/rex/errors.ts
-var HpkeErrorCode = /* @__PURE__ */ ((HpkeErrorCode2) => {
-  HpkeErrorCode2["INVALID_KEY_LENGTH"] = "INVALID_KEY_LENGTH";
-  HpkeErrorCode2["CIPHERTEXT_TOO_SHORT"] = "CIPHERTEXT_TOO_SHORT";
-  HpkeErrorCode2["ENCRYPTION_FAILED"] = "ENCRYPTION_FAILED";
-  HpkeErrorCode2["BORSH_DESERIALIZE_FAILED"] = "BORSH_DESERIALIZE_FAILED";
-  HpkeErrorCode2["INVALID_ORACLE_VALUE"] = "INVALID_ORACLE_VALUE";
-  return HpkeErrorCode2;
-})(HpkeErrorCode || {});
-var HpkeError = class _HpkeError extends Error {
-  code;
-  cause;
-  constructor(code, message, cause) {
-    super(message);
-    this.name = "HpkeError";
-    this.code = code;
-    this.cause = cause;
-    if (Error.captureStackTrace) {
-      Error.captureStackTrace(this, _HpkeError);
-    }
-  }
-  /**
-   * Create an error for invalid key length.
-   *
-   * @param expected - Expected key length in bytes
-   * @param actual - Actual key length in bytes
-   * @param keyType - Description of the key type (e.g., "REX public key")
-   */
-  static invalidKeyLength(expected, actual, keyType) {
-    return new _HpkeError(
-      "INVALID_KEY_LENGTH" /* INVALID_KEY_LENGTH */,
-      `Invalid ${keyType} length: expected ${expected} bytes, got ${actual}`
-    );
-  }
-  /**
-   * Create an error for ciphertext that is too short.
-   *
-   * @param minLength - Minimum required length
-   * @param actual - Actual length
-   */
-  static ciphertextTooShort(minLength, actual) {
-    return new _HpkeError(
-      "CIPHERTEXT_TOO_SHORT" /* CIPHERTEXT_TOO_SHORT */,
-      `Ciphertext too short: minimum ${minLength} bytes required, got ${actual}`
-    );
-  }
-  /**
-   * Create an error for encryption failure.
-   *
-   * @param cause - The underlying error
-   */
-  static encryptionFailed(cause) {
-    return new _HpkeError(
-      "ENCRYPTION_FAILED" /* ENCRYPTION_FAILED */,
-      `HPKE encryption failed: ${cause.message}`,
-      cause
-    );
-  }
-  /**
-   * Create an error for Borsh deserialization failure.
-   *
-   * @param cause - The underlying error
-   */
-  static borshDeserializeFailed(cause) {
-    return new _HpkeError(
-      "BORSH_DESERIALIZE_FAILED" /* BORSH_DESERIALIZE_FAILED */,
-      `Borsh deserialization failed: ${cause.message}`,
-      cause
-    );
-  }
-  /**
-   * Create an error for invalid RexValue variant.
-   *
-   * @param variant - The invalid variant byte
-   */
-  static invalidRexValue(variant) {
-    return new _HpkeError(
-      "INVALID_ORACLE_VALUE" /* INVALID_ORACLE_VALUE */,
-      `Invalid RexValue variant: ${variant}`
-    );
-  }
-};
-
-// src/rex/constants.ts
-var USER_SECRET_AAD = new TextEncoder().encode("rex-secret-v1");
-var SECRET_SHARING_HPKE_INFO = new TextEncoder().encode(
-  "rialo/tee/secret-sharing-hpke/v1"
-);
-var X25519_PUBLIC_KEY_LENGTH = 32;
-var ED25519_PUBLIC_KEY_LENGTH = 32;
-var HPKE_ENC_LENGTH = 32;
-var CHACHA20_POLY1305_TAG_LENGTH = 16;
-var HPKE_OVERHEAD_LENGTH = HPKE_ENC_LENGTH + CHACHA20_POLY1305_TAG_LENGTH;
-
-// src/rex/rex-value.ts
-var RexValueVariant = /* @__PURE__ */ ((RexValueVariant2) => {
-  RexValueVariant2[RexValueVariant2["Plain"] = 0] = "Plain";
-  RexValueVariant2[RexValueVariant2["Encrypted"] = 1] = "Encrypted";
-  return RexValueVariant2;
-})(RexValueVariant || {});
-var RexValue = class _RexValue {
-  variant;
-  data;
-  constructor(variant, data) {
-    this.variant = variant;
-    this.data = data;
-  }
-  /**
-   * Create a plain (unencrypted) RexValue from raw bytes.
-   *
-   * @param data - The raw byte data
-   * @returns A new RexValue with Plain variant
-   */
-  static plain(data) {
-    return new _RexValue(0 /* Plain */, data);
-  }
-  /**
-   * Create a plain (unencrypted) RexValue from a UTF-8 string.
-   *
-   * @param s - The string to encode
-   * @returns A new RexValue with Plain variant
-   */
-  static plainString(s) {
-    return new _RexValue(
-      0 /* Plain */,
-      new TextEncoder().encode(s)
-    );
-  }
-  /**
-   * Create an encrypted RexValue from HPKE ciphertext.
-   *
-   * @param ciphertext - The HPKE-encrypted ciphertext (enc || ct || tag)
-   * @returns A new RexValue with Encrypted variant
-   */
-  static encrypted(ciphertext) {
-    return new _RexValue(1 /* Encrypted */, ciphertext);
-  }
-  /**
-   * Check if this is a plain (unencrypted) value.
-   */
-  isPlain() {
-    return this.variant === 0 /* Plain */;
-  }
-  /**
-   * Check if this is an encrypted value.
-   */
-  isEncrypted() {
-    return this.variant === 1 /* Encrypted */;
-  }
-  /**
-   * Get the variant type.
-   */
-  getVariant() {
-    return this.variant;
-  }
-  /**
-   * Get the raw bytes (plaintext or ciphertext).
-   *
-   * For Plain values, returns the plaintext.
-   * For Encrypted values, returns the ciphertext.
-   */
-  asBytes() {
-    return this.data;
-  }
-  /**
-   * Try to decode the plain value as a UTF-8 string.
-   *
-   * @returns The decoded string, or null if encrypted or not valid UTF-8
-   */
-  asString() {
-    if (!this.isPlain()) {
-      return null;
-    }
-    try {
-      return new TextDecoder("utf-8", { fatal: true }).decode(this.data);
-    } catch {
-      return null;
-    }
-  }
-  /**
-   * Serialize to Borsh format.
-   *
-   * Format: `[variant: u8] [length: u32 LE] [data bytes]`
-   *
-   * @returns The Borsh-serialized bytes
-   */
-  toBorsh() {
-    const result = new Uint8Array(1 + 4 + this.data.length);
-    result[0] = this.variant;
-    const dataView = new DataView(result.buffer);
-    dataView.setUint32(1, this.data.length, true);
-    result.set(this.data, 5);
-    return result;
-  }
-  /**
-   * Deserialize from Borsh format.
-   *
-   * @param data - The Borsh-serialized bytes
-   * @returns A new RexValue
-   * @throws {HpkeError} If deserialization fails
-   */
-  static fromBorsh(data) {
-    if (data.length < 5) {
-      throw HpkeError.borshDeserializeFailed(
-        new Error(`Buffer too short: expected at least 5 bytes, got ${data.length}`)
-      );
-    }
-    const variant = data[0];
-    if (variant !== 0 /* Plain */ && variant !== 1 /* Encrypted */) {
-      throw HpkeError.invalidRexValue(variant);
-    }
-    const dataView = new DataView(data.buffer, data.byteOffset, data.byteLength);
-    const length = dataView.getUint32(1, true);
-    if (data.length < 5 + length) {
-      throw HpkeError.borshDeserializeFailed(
-        new Error(`Buffer too short: expected ${5 + length} bytes, got ${data.length}`)
-      );
-    }
-    const payload = data.slice(5, 5 + length);
-    return new _RexValue(variant, payload);
-  }
-};
-var hpkeSuite = new core.CipherSuite({
-  kem: new core.DhkemX25519HkdfSha256(),
-  kdf: new core.HkdfSha256(),
-  aead: new chacha20poly1305.Chacha20Poly1305()
-});
-function buildAad(senderPubkey) {
-  const aad = new Uint8Array(USER_SECRET_AAD.length + senderPubkey.length);
-  aad.set(USER_SECRET_AAD, 0);
-  aad.set(senderPubkey, USER_SECRET_AAD.length);
-  return aad;
-}
-async function hpkeEncrypt(rexPubkey, data, senderPubkey) {
-  if (rexPubkey.length !== X25519_PUBLIC_KEY_LENGTH) {
-    throw HpkeError.invalidKeyLength(
-      X25519_PUBLIC_KEY_LENGTH,
-      rexPubkey.length,
-      "REX public key"
-    );
-  }
-  if (senderPubkey.length !== ED25519_PUBLIC_KEY_LENGTH) {
-    throw HpkeError.invalidKeyLength(
-      ED25519_PUBLIC_KEY_LENGTH,
-      senderPubkey.length,
-      "sender public key"
-    );
-  }
-  try {
-    const recipientKey = await hpkeSuite.kem.importKey(
-      "raw",
-      rexPubkey.buffer.slice(
-        rexPubkey.byteOffset,
-        rexPubkey.byteOffset + rexPubkey.byteLength
-      )
-    );
-    const sender = await hpkeSuite.createSenderContext({
-      recipientPublicKey: recipientKey,
-      info: SECRET_SHARING_HPKE_INFO.buffer.slice(
-        SECRET_SHARING_HPKE_INFO.byteOffset,
-        SECRET_SHARING_HPKE_INFO.byteOffset + SECRET_SHARING_HPKE_INFO.byteLength
-      )
-    });
-    const aad = buildAad(senderPubkey);
-    const ciphertext = await sender.seal(
-      data.buffer.slice(
-        data.byteOffset,
-        data.byteOffset + data.byteLength
-      ),
-      aad.buffer.slice(
-        aad.byteOffset,
-        aad.byteOffset + aad.byteLength
-      )
-    );
-    const enc = new Uint8Array(sender.enc);
-    const result = new Uint8Array(enc.length + ciphertext.byteLength);
-    result.set(enc, 0);
-    result.set(new Uint8Array(ciphertext), enc.length);
-    return result;
-  } catch (error) {
-    throw HpkeError.encryptionFailed(
-      error instanceof Error ? error : new Error(String(error))
-    );
-  }
-}
-async function encryptForRex(rexPubkey, data, senderPubkey) {
-  const ciphertext = await hpkeEncrypt(rexPubkey, data, senderPubkey);
-  return RexValue.encrypted(ciphertext);
-}
-function getCiphertextLength(plaintextLength) {
-  return HPKE_OVERHEAD_LENGTH + plaintextLength;
-}
-function isValidCiphertextLength(ciphertext) {
-  return ciphertext.length >= HPKE_OVERHEAD_LENGTH;
-}
-
 // src/rpc/errors.ts
 var RpcErrorCode = /* @__PURE__ */ ((RpcErrorCode2) => {
   RpcErrorCode2["REQUEST_TIMEOUT"] = "REQUEST_TIMEOUT";
@@ -6466,64 +6167,6 @@ var QueryRpcClient = class extends BaseRpcClient {
       blockNumber: BigInt(tx.block_number)
     }));
   }
-  /**
-   * Retrieve the REX X25519 public key for secret sharing encryption.
-   *
-   * This key is used for HPKE encryption when sending encrypted data
-   * that should only be decryptable within the REX execution environment.
-   *
-   * @returns The REX X25519 public key as a 32-byte Uint8Array
-   *
-   * @example
-   * ```typescript
-   * import { encryptForRex } from "@rialo/ts-cdk";
-   *
-   * // Get the REX public key
-   * const rexPubkey = await client.getSecretSharingPubkey();
-   *
-   * // Use it for HPKE encryption
-   * const encrypted = await encryptForRex(
-   *   rexPubkey,
-   *   new TextEncoder().encode("secret data"),
-   *   keypair.publicKey.toBytes()
-   * );
-   * ```
-   */
-  async getSecretSharingPubkey() {
-    const result = await this.call(
-      "getSecretSharingPubkey",
-      []
-    );
-    const hexString = result.public_key;
-    const bytes = new Uint8Array(hexString.length / 2);
-    for (let i = 0; i < bytes.length; i++) {
-      bytes[i] = Number.parseInt(hexString.slice(i * 2, i * 2 + 2), 16);
-    }
-    return bytes;
-  }
-  /**
-   * Get the config hash prefix for replay protection.
-   *
-   * Returns the first 64 bits of the config hash, which is used
-   * for transaction replay protection across chains.
-   *
-   * @returns The config hash prefix as a bigint
-   *
-   * @example
-   * ```typescript
-   * const configHashPrefix = await client.getConfigHashPrefix();
-   * const tx = TransactionBuilder.create()
-   *   .setPayer(payer)
-   *   .setValidFrom(validFrom)
-   *   .setConfigHashPrefix(configHashPrefix)
-   *   .addInstruction(instruction)
-   *   .build();
-   * ```
-   */
-  async getConfigHashPrefix() {
-    const result = await this.call("getRecentValidatorConfigHash", [{}]);
-    return BigInt(result.config_hash_prefix);
-  }
 };
 
 // src/rpc/clients/transaction-client.ts
@@ -9335,17 +8978,14 @@ var Message = class _Message {
   accountKeys;
   /** Transaction valid from (milliseconds since Unix epoch) */
   validFrom;
-  /** Config hash prefix for replay protection across chains */
-  configHashPrefix;
   /** Compiled instructions with account indices */
   instructions;
   /** Cached serialized bytes */
   serializedCache;
-  constructor(header, accountKeys, validFrom, configHashPrefix, instructions) {
+  constructor(header, accountKeys, validFrom, instructions) {
     this.header = Object.freeze({ ...header });
     this.accountKeys = Object.freeze([...accountKeys]);
     this.validFrom = validFrom;
-    this.configHashPrefix = configHashPrefix;
     this.instructions = Object.freeze(
       instructions.map((ix) => Object.freeze({ ...ix }))
     );
@@ -9405,18 +9045,6 @@ var Message = class _Message {
       new DataView(validFromBytes.buffer).getBigUint64(0, true)
     );
     cursor += 8;
-    if (data.length < cursor + 8) {
-      throw new TransactionError(
-        "INSUFFICIENT_DATA" /* INSUFFICIENT_DATA */,
-        "Insufficient data for configHashPrefix"
-      );
-    }
-    const configHashPrefixBytes = data.slice(cursor, cursor + 8);
-    const configHashPrefix = BigInt.asUintN(
-      64,
-      new DataView(configHashPrefixBytes.buffer).getBigUint64(0, true)
-    );
-    cursor += 8;
     const [instructionsLength, newCursor2] = deserializeCompactU16(
       data,
       cursor
@@ -9462,7 +9090,7 @@ var Message = class _Message {
         data: instructionData
       });
     }
-    return new _Message(header, accountKeys, validFrom, configHashPrefix, instructions);
+    return new _Message(header, accountKeys, validFrom, instructions);
   }
   serializeInternal() {
     const buffer = [];
@@ -9479,13 +9107,6 @@ var Message = class _Message {
       true
     );
     buffer.push(...new Uint8Array(validFromBuffer));
-    const configHashPrefixBuffer = new ArrayBuffer(8);
-    new DataView(configHashPrefixBuffer).setBigUint64(
-      0,
-      this.configHashPrefix,
-      true
-    );
-    buffer.push(...new Uint8Array(configHashPrefixBuffer));
     this.serializeCompactArray(buffer, this.instructions, (buf, ix) => {
       buf.push(ix.programIdIndex);
       this.serializeCompactArray(buf, ix.accountKeyIndexes, (b, idx) => {
@@ -9870,7 +9491,6 @@ var Transaction = class _Transaction {
 var TransactionBuilder = class _TransactionBuilder {
   payer;
   validFrom;
-  configHashPrefix;
   instructions = [];
   constructor() {
   }
@@ -9904,18 +9524,6 @@ var TransactionBuilder = class _TransactionBuilder {
     this.validFrom = validFrom;
     return this;
   }
-  /**
-   * Set the config hash prefix for replay protection.
-   *
-   * This is the first 64 bits of the config hash, used to ensure
-   * transactions cannot be replayed on different chains.
-   *
-   * @param configHashPrefix - config hash prefix as a u64
-   */
-  setConfigHashPrefix(configHashPrefix) {
-    this.configHashPrefix = configHashPrefix;
-    return this;
-  }
   /**
    * Add an instruction to the transaction.
    *
@@ -9961,12 +9569,6 @@ var TransactionBuilder = class _TransactionBuilder {
         "Transaction must have a valid from. Use setValidFrom() to set the valid from."
       );
     }
-    if (this.configHashPrefix === void 0) {
-      throw new TransactionError(
-        "INVALID_MESSAGE_FORMAT" /* INVALID_MESSAGE_FORMAT */,
-        "Transaction must have a config hash prefix. Use setConfigHashPrefix() to set the config hash prefix."
-      );
-    }
     if (this.instructions.length === 0) {
       throw TransactionError.noInstructions();
     }
@@ -10015,7 +9617,6 @@ var TransactionBuilder = class _TransactionBuilder {
       header,
       accountKeys,
       this.validFrom,
-      this.configHashPrefix,
       compiledInstructions
     );
     return Transaction.fromMessage(message);
@@ -10124,15 +9725,9 @@ exports.BASE_DERIVATION_PATH = BASE_DERIVATION_PATH;
 exports.BaseRpcClient = BaseRpcClient;
 exports.BincodeReader = BincodeReader;
 exports.BincodeWriter = BincodeWriter;
-exports.CHACHA20_POLY1305_TAG_LENGTH = CHACHA20_POLY1305_TAG_LENGTH;
 exports.CryptoError = CryptoError;
 exports.CryptoErrorCode = CryptoErrorCode;
 exports.DEFAULT_NUM_ACCOUNTS = DEFAULT_NUM_ACCOUNTS;
-exports.ED25519_PUBLIC_KEY_LENGTH = ED25519_PUBLIC_KEY_LENGTH;
-exports.HPKE_ENC_LENGTH = HPKE_ENC_LENGTH;
-exports.HPKE_OVERHEAD_LENGTH = HPKE_OVERHEAD_LENGTH;
-exports.HpkeError = HpkeError;
-exports.HpkeErrorCode = HpkeErrorCode;
 exports.HttpTransport = HttpTransport;
 exports.KELVIN_PER_RLO = KELVIN_PER_RLO;
 exports.Keypair = Keypair;
@@ -10147,15 +9742,12 @@ exports.RIALO_LOCALNET_CHAIN = RIALO_LOCALNET_CHAIN;
 exports.RIALO_MAINNET_CHAIN = RIALO_MAINNET_CHAIN;
 exports.RIALO_SHITNET_CHAIN = RIALO_SHITNET_CHAIN;
 exports.RIALO_TESTNET_CHAIN = RIALO_TESTNET_CHAIN;
-exports.RexValue = RexValue;
-exports.RexValueVariant = RexValueVariant;
 exports.RialoClient = RialoClient;
 exports.RialoError = RialoError;
 exports.RialoErrorType = RialoErrorType;
 exports.RpcError = RpcError;
 exports.RpcErrorCode = RpcErrorCode;
 exports.SECRET_KEY_LENGTH = SECRET_KEY_LENGTH;
-exports.SECRET_SHARING_HPKE_INFO = SECRET_SHARING_HPKE_INFO;
 exports.SIGNATURE_LENGTH = SIGNATURE_LENGTH;
 exports.SYSTEM_PROGRAM_ID = SYSTEM_PROGRAM_ID;
 exports.Schema = Schema;
@@ -10171,8 +9763,6 @@ exports.URL_LOCALNET = URL_LOCALNET;
 exports.URL_MAINNET = URL_MAINNET;
 exports.URL_SHITNET = URL_SHITNET;
 exports.URL_TESTNET = URL_TESTNET;
-exports.USER_SECRET_AAD = USER_SECRET_AAD;
-exports.X25519_PUBLIC_KEY_LENGTH = X25519_PUBLIC_KEY_LENGTH;
 exports.allocateInstruction = allocateInstruction;
 exports.assignInstruction = assignInstruction;
 exports.calculateBackoff = calculateBackoff;
@@ -10185,19 +9775,15 @@ exports.deserializeBorsh = deserializeBorsh;
 exports.deserializeCompactU16 = deserializeCompactU162;
 exports.deserializeStrict = deserializeStrict;
 exports.encodeBorshData = encodeBorshData;
-exports.encryptForRex = encryptForRex;
 exports.field = field;
 exports.fixedArray = fixedArray;
 exports.fromBase64 = fromBase64;
-exports.getCiphertextLength = getCiphertextLength;
 exports.getDefaultRialoClientConfig = getDefaultRialoClientConfig;
 exports.getDevnetUrl = getDevnetUrl;
 exports.getLocalnetUrl = getLocalnetUrl;
 exports.getMainnetUrl = getMainnetUrl;
 exports.getTestnetUrl = getTestnetUrl;
-exports.hpkeEncrypt = hpkeEncrypt;
 exports.isOnCurve = isOnCurve;
-exports.isValidCiphertextLength = isValidCiphertextLength;
 exports.option = option;
 exports.seedToBytes = seedToBytes;
 exports.serialize = serialize;