@rialo/ts-cdk 0.2.0-alpha.1 → 0.2.0-alpha.2

package/dist/index.mjs

@@ -1,6 +1,3 @@
-import { Chacha20Poly1305 } from '@hpke/chacha20poly1305';
-import { CipherSuite, HkdfSha256, DhkemX25519HkdfSha256 } from '@hpke/core';
-
 var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
@@ -5481,302 +5478,6 @@ var RialoError = class _RialoError extends Error {
   }
 };
 
-// src/rex/errors.ts
-var HpkeErrorCode = /* @__PURE__ */ ((HpkeErrorCode2) => {
-  HpkeErrorCode2["INVALID_KEY_LENGTH"] = "INVALID_KEY_LENGTH";
-  HpkeErrorCode2["CIPHERTEXT_TOO_SHORT"] = "CIPHERTEXT_TOO_SHORT";
-  HpkeErrorCode2["ENCRYPTION_FAILED"] = "ENCRYPTION_FAILED";
-  HpkeErrorCode2["BORSH_DESERIALIZE_FAILED"] = "BORSH_DESERIALIZE_FAILED";
-  HpkeErrorCode2["INVALID_ORACLE_VALUE"] = "INVALID_ORACLE_VALUE";
-  return HpkeErrorCode2;
-})(HpkeErrorCode || {});
-var HpkeError = class _HpkeError extends Error {
-  code;
-  cause;
-  constructor(code, message, cause) {
-    super(message);
-    this.name = "HpkeError";
-    this.code = code;
-    this.cause = cause;
-    if (Error.captureStackTrace) {
-      Error.captureStackTrace(this, _HpkeError);
-    }
-  }
-  /**
-   * Create an error for invalid key length.
-   *
-   * @param expected - Expected key length in bytes
-   * @param actual - Actual key length in bytes
-   * @param keyType - Description of the key type (e.g., "REX public key")
-   */
-  static invalidKeyLength(expected, actual, keyType) {
-    return new _HpkeError(
-      "INVALID_KEY_LENGTH" /* INVALID_KEY_LENGTH */,
-      `Invalid ${keyType} length: expected ${expected} bytes, got ${actual}`
-    );
-  }
-  /**
-   * Create an error for ciphertext that is too short.
-   *
-   * @param minLength - Minimum required length
-   * @param actual - Actual length
-   */
-  static ciphertextTooShort(minLength, actual) {
-    return new _HpkeError(
-      "CIPHERTEXT_TOO_SHORT" /* CIPHERTEXT_TOO_SHORT */,
-      `Ciphertext too short: minimum ${minLength} bytes required, got ${actual}`
-    );
-  }
-  /**
-   * Create an error for encryption failure.
-   *
-   * @param cause - The underlying error
-   */
-  static encryptionFailed(cause) {
-    return new _HpkeError(
-      "ENCRYPTION_FAILED" /* ENCRYPTION_FAILED */,
-      `HPKE encryption failed: ${cause.message}`,
-      cause
-    );
-  }
-  /**
-   * Create an error for Borsh deserialization failure.
-   *
-   * @param cause - The underlying error
-   */
-  static borshDeserializeFailed(cause) {
-    return new _HpkeError(
-      "BORSH_DESERIALIZE_FAILED" /* BORSH_DESERIALIZE_FAILED */,
-      `Borsh deserialization failed: ${cause.message}`,
-      cause
-    );
-  }
-  /**
-   * Create an error for invalid RexValue variant.
-   *
-   * @param variant - The invalid variant byte
-   */
-  static invalidRexValue(variant) {
-    return new _HpkeError(
-      "INVALID_ORACLE_VALUE" /* INVALID_ORACLE_VALUE */,
-      `Invalid RexValue variant: ${variant}`
-    );
-  }
-};
-
-// src/rex/constants.ts
-var USER_SECRET_AAD = new TextEncoder().encode("rex-secret-v1");
-var SECRET_SHARING_HPKE_INFO = new TextEncoder().encode(
-  "rialo/tee/secret-sharing-hpke/v1"
-);
-var X25519_PUBLIC_KEY_LENGTH = 32;
-var ED25519_PUBLIC_KEY_LENGTH = 32;
-var HPKE_ENC_LENGTH = 32;
-var CHACHA20_POLY1305_TAG_LENGTH = 16;
-var HPKE_OVERHEAD_LENGTH = HPKE_ENC_LENGTH + CHACHA20_POLY1305_TAG_LENGTH;
-
-// src/rex/rex-value.ts
-var RexValueVariant = /* @__PURE__ */ ((RexValueVariant2) => {
-  RexValueVariant2[RexValueVariant2["Plain"] = 0] = "Plain";
-  RexValueVariant2[RexValueVariant2["Encrypted"] = 1] = "Encrypted";
-  return RexValueVariant2;
-})(RexValueVariant || {});
-var RexValue = class _RexValue {
-  variant;
-  data;
-  constructor(variant, data) {
-    this.variant = variant;
-    this.data = data;
-  }
-  /**
-   * Create a plain (unencrypted) RexValue from raw bytes.
-   *
-   * @param data - The raw byte data
-   * @returns A new RexValue with Plain variant
-   */
-  static plain(data) {
-    return new _RexValue(0 /* Plain */, data);
-  }
-  /**
-   * Create a plain (unencrypted) RexValue from a UTF-8 string.
-   *
-   * @param s - The string to encode
-   * @returns A new RexValue with Plain variant
-   */
-  static plainString(s) {
-    return new _RexValue(
-      0 /* Plain */,
-      new TextEncoder().encode(s)
-    );
-  }
-  /**
-   * Create an encrypted RexValue from HPKE ciphertext.
-   *
-   * @param ciphertext - The HPKE-encrypted ciphertext (enc || ct || tag)
-   * @returns A new RexValue with Encrypted variant
-   */
-  static encrypted(ciphertext) {
-    return new _RexValue(1 /* Encrypted */, ciphertext);
-  }
-  /**
-   * Check if this is a plain (unencrypted) value.
-   */
-  isPlain() {
-    return this.variant === 0 /* Plain */;
-  }
-  /**
-   * Check if this is an encrypted value.
-   */
-  isEncrypted() {
-    return this.variant === 1 /* Encrypted */;
-  }
-  /**
-   * Get the variant type.
-   */
-  getVariant() {
-    return this.variant;
-  }
-  /**
-   * Get the raw bytes (plaintext or ciphertext).
-   *
-   * For Plain values, returns the plaintext.
-   * For Encrypted values, returns the ciphertext.
-   */
-  asBytes() {
-    return this.data;
-  }
-  /**
-   * Try to decode the plain value as a UTF-8 string.
-   *
-   * @returns The decoded string, or null if encrypted or not valid UTF-8
-   */
-  asString() {
-    if (!this.isPlain()) {
-      return null;
-    }
-    try {
-      return new TextDecoder("utf-8", { fatal: true }).decode(this.data);
-    } catch {
-      return null;
-    }
-  }
-  /**
-   * Serialize to Borsh format.
-   *
-   * Format: `[variant: u8] [length: u32 LE] [data bytes]`
-   *
-   * @returns The Borsh-serialized bytes
-   */
-  toBorsh() {
-    const result = new Uint8Array(1 + 4 + this.data.length);
-    result[0] = this.variant;
-    const dataView = new DataView(result.buffer);
-    dataView.setUint32(1, this.data.length, true);
-    result.set(this.data, 5);
-    return result;
-  }
-  /**
-   * Deserialize from Borsh format.
-   *
-   * @param data - The Borsh-serialized bytes
-   * @returns A new RexValue
-   * @throws {HpkeError} If deserialization fails
-   */
-  static fromBorsh(data) {
-    if (data.length < 5) {
-      throw HpkeError.borshDeserializeFailed(
-        new Error(`Buffer too short: expected at least 5 bytes, got ${data.length}`)
-      );
-    }
-    const variant = data[0];
-    if (variant !== 0 /* Plain */ && variant !== 1 /* Encrypted */) {
-      throw HpkeError.invalidRexValue(variant);
-    }
-    const dataView = new DataView(data.buffer, data.byteOffset, data.byteLength);
-    const length = dataView.getUint32(1, true);
-    if (data.length < 5 + length) {
-      throw HpkeError.borshDeserializeFailed(
-        new Error(`Buffer too short: expected ${5 + length} bytes, got ${data.length}`)
-      );
-    }
-    const payload = data.slice(5, 5 + length);
-    return new _RexValue(variant, payload);
-  }
-};
-var hpkeSuite = new CipherSuite({
-  kem: new DhkemX25519HkdfSha256(),
-  kdf: new HkdfSha256(),
-  aead: new Chacha20Poly1305()
-});
-function buildAad(senderPubkey) {
-  const aad = new Uint8Array(USER_SECRET_AAD.length + senderPubkey.length);
-  aad.set(USER_SECRET_AAD, 0);
-  aad.set(senderPubkey, USER_SECRET_AAD.length);
-  return aad;
-}
-async function hpkeEncrypt(rexPubkey, data, senderPubkey) {
-  if (rexPubkey.length !== X25519_PUBLIC_KEY_LENGTH) {
-    throw HpkeError.invalidKeyLength(
-      X25519_PUBLIC_KEY_LENGTH,
-      rexPubkey.length,
-      "REX public key"
-    );
-  }
-  if (senderPubkey.length !== ED25519_PUBLIC_KEY_LENGTH) {
-    throw HpkeError.invalidKeyLength(
-      ED25519_PUBLIC_KEY_LENGTH,
-      senderPubkey.length,
-      "sender public key"
-    );
-  }
-  try {
-    const recipientKey = await hpkeSuite.kem.importKey(
-      "raw",
-      rexPubkey.buffer.slice(
-        rexPubkey.byteOffset,
-        rexPubkey.byteOffset + rexPubkey.byteLength
-      )
-    );
-    const sender = await hpkeSuite.createSenderContext({
-      recipientPublicKey: recipientKey,
-      info: SECRET_SHARING_HPKE_INFO.buffer.slice(
-        SECRET_SHARING_HPKE_INFO.byteOffset,
-        SECRET_SHARING_HPKE_INFO.byteOffset + SECRET_SHARING_HPKE_INFO.byteLength
-      )
-    });
-    const aad = buildAad(senderPubkey);
-    const ciphertext = await sender.seal(
-      data.buffer.slice(
-        data.byteOffset,
-        data.byteOffset + data.byteLength
-      ),
-      aad.buffer.slice(
-        aad.byteOffset,
-        aad.byteOffset + aad.byteLength
-      )
-    );
-    const enc = new Uint8Array(sender.enc);
-    const result = new Uint8Array(enc.length + ciphertext.byteLength);
-    result.set(enc, 0);
-    result.set(new Uint8Array(ciphertext), enc.length);
-    return result;
-  } catch (error) {
-    throw HpkeError.encryptionFailed(
-      error instanceof Error ? error : new Error(String(error))
-    );
-  }
-}
-async function encryptForRex(rexPubkey, data, senderPubkey) {
-  const ciphertext = await hpkeEncrypt(rexPubkey, data, senderPubkey);
-  return RexValue.encrypted(ciphertext);
-}
-function getCiphertextLength(plaintextLength) {
-  return HPKE_OVERHEAD_LENGTH + plaintextLength;
-}
-function isValidCiphertextLength(ciphertext) {
-  return ciphertext.length >= HPKE_OVERHEAD_LENGTH;
-}
-
 // src/rpc/errors.ts
 var RpcErrorCode = /* @__PURE__ */ ((RpcErrorCode2) => {
   RpcErrorCode2["REQUEST_TIMEOUT"] = "REQUEST_TIMEOUT";
@@ -6464,64 +6165,6 @@ var QueryRpcClient = class extends BaseRpcClient {
       blockNumber: BigInt(tx.block_number)
     }));
   }
-  /**
-   * Retrieve the REX X25519 public key for secret sharing encryption.
-   *
-   * This key is used for HPKE encryption when sending encrypted data
-   * that should only be decryptable within the REX execution environment.
-   *
-   * @returns The REX X25519 public key as a 32-byte Uint8Array
-   *
-   * @example
-   * ```typescript
-   * import { encryptForRex } from "@rialo/ts-cdk";
-   *
-   * // Get the REX public key
-   * const rexPubkey = await client.getSecretSharingPubkey();
-   *
-   * // Use it for HPKE encryption
-   * const encrypted = await encryptForRex(
-   *   rexPubkey,
-   *   new TextEncoder().encode("secret data"),
-   *   keypair.publicKey.toBytes()
-   * );
-   * ```
-   */
-  async getSecretSharingPubkey() {
-    const result = await this.call(
-      "getSecretSharingPubkey",
-      []
-    );
-    const hexString = result.public_key;
-    const bytes = new Uint8Array(hexString.length / 2);
-    for (let i = 0; i < bytes.length; i++) {
-      bytes[i] = Number.parseInt(hexString.slice(i * 2, i * 2 + 2), 16);
-    }
-    return bytes;
-  }
-  /**
-   * Get the config hash prefix for replay protection.
-   *
-   * Returns the first 64 bits of the config hash, which is used
-   * for transaction replay protection across chains.
-   *
-   * @returns The config hash prefix as a bigint
-   *
-   * @example
-   * ```typescript
-   * const configHashPrefix = await client.getConfigHashPrefix();
-   * const tx = TransactionBuilder.create()
-   *   .setPayer(payer)
-   *   .setValidFrom(validFrom)
-   *   .setConfigHashPrefix(configHashPrefix)
-   *   .addInstruction(instruction)
-   *   .build();
-   * ```
-   */
-  async getConfigHashPrefix() {
-    const result = await this.call("getRecentValidatorConfigHash", [{}]);
-    return BigInt(result.config_hash_prefix);
-  }
 };
 
 // src/rpc/clients/transaction-client.ts
@@ -9333,17 +8976,14 @@ var Message = class _Message {
   accountKeys;
   /** Transaction valid from (milliseconds since Unix epoch) */
   validFrom;
-  /** Config hash prefix for replay protection across chains */
-  configHashPrefix;
   /** Compiled instructions with account indices */
   instructions;
   /** Cached serialized bytes */
   serializedCache;
-  constructor(header, accountKeys, validFrom, configHashPrefix, instructions) {
+  constructor(header, accountKeys, validFrom, instructions) {
     this.header = Object.freeze({ ...header });
     this.accountKeys = Object.freeze([...accountKeys]);
     this.validFrom = validFrom;
-    this.configHashPrefix = configHashPrefix;
     this.instructions = Object.freeze(
       instructions.map((ix) => Object.freeze({ ...ix }))
     );
@@ -9403,18 +9043,6 @@ var Message = class _Message {
       new DataView(validFromBytes.buffer).getBigUint64(0, true)
     );
     cursor += 8;
-    if (data.length < cursor + 8) {
-      throw new TransactionError(
-        "INSUFFICIENT_DATA" /* INSUFFICIENT_DATA */,
-        "Insufficient data for configHashPrefix"
-      );
-    }
-    const configHashPrefixBytes = data.slice(cursor, cursor + 8);
-    const configHashPrefix = BigInt.asUintN(
-      64,
-      new DataView(configHashPrefixBytes.buffer).getBigUint64(0, true)
-    );
-    cursor += 8;
     const [instructionsLength, newCursor2] = deserializeCompactU16(
       data,
       cursor
@@ -9460,7 +9088,7 @@ var Message = class _Message {
         data: instructionData
       });
     }
-    return new _Message(header, accountKeys, validFrom, configHashPrefix, instructions);
+    return new _Message(header, accountKeys, validFrom, instructions);
   }
   serializeInternal() {
     const buffer = [];
@@ -9477,13 +9105,6 @@ var Message = class _Message {
       true
     );
     buffer.push(...new Uint8Array(validFromBuffer));
-    const configHashPrefixBuffer = new ArrayBuffer(8);
-    new DataView(configHashPrefixBuffer).setBigUint64(
-      0,
-      this.configHashPrefix,
-      true
-    );
-    buffer.push(...new Uint8Array(configHashPrefixBuffer));
     this.serializeCompactArray(buffer, this.instructions, (buf, ix) => {
       buf.push(ix.programIdIndex);
       this.serializeCompactArray(buf, ix.accountKeyIndexes, (b, idx) => {
@@ -9868,7 +9489,6 @@ var Transaction = class _Transaction {
 var TransactionBuilder = class _TransactionBuilder {
   payer;
   validFrom;
-  configHashPrefix;
   instructions = [];
   constructor() {
   }
@@ -9902,18 +9522,6 @@ var TransactionBuilder = class _TransactionBuilder {
     this.validFrom = validFrom;
     return this;
   }
-  /**
-   * Set the config hash prefix for replay protection.
-   *
-   * This is the first 64 bits of the config hash, used to ensure
-   * transactions cannot be replayed on different chains.
-   *
-   * @param configHashPrefix - config hash prefix as a u64
-   */
-  setConfigHashPrefix(configHashPrefix) {
-    this.configHashPrefix = configHashPrefix;
-    return this;
-  }
   /**
    * Add an instruction to the transaction.
    *
@@ -9959,12 +9567,6 @@ var TransactionBuilder = class _TransactionBuilder {
         "Transaction must have a valid from. Use setValidFrom() to set the valid from."
       );
     }
-    if (this.configHashPrefix === void 0) {
-      throw new TransactionError(
-        "INVALID_MESSAGE_FORMAT" /* INVALID_MESSAGE_FORMAT */,
-        "Transaction must have a config hash prefix. Use setConfigHashPrefix() to set the config hash prefix."
-      );
-    }
     if (this.instructions.length === 0) {
       throw TransactionError.noInstructions();
     }
@@ -10013,7 +9615,6 @@ var TransactionBuilder = class _TransactionBuilder {
       header,
       accountKeys,
       this.validFrom,
-      this.configHashPrefix,
       compiledInstructions
     );
     return Transaction.fromMessage(message);
@@ -10117,6 +9718,6 @@ var KeypairSigner = class {
   (*! scure-bip39 - MIT License (c) 2022 Patricio Palladino, Paul Miller (paulmillr.com) *)
 */
 
-export { AccountMetaTable, BASE_DERIVATION_PATH, BaseRpcClient, BincodeReader, BincodeWriter, CHACHA20_POLY1305_TAG_LENGTH, CryptoError, CryptoErrorCode, DEFAULT_NUM_ACCOUNTS, ED25519_PUBLIC_KEY_LENGTH, HPKE_ENC_LENGTH, HPKE_OVERHEAD_LENGTH, HpkeError, HpkeErrorCode, HttpTransport, KELVIN_PER_RLO, Keypair, KeypairSigner, Message, Mnemonic, PUBLIC_KEY_LENGTH, PublicKey, QueryRpcClient, RIALO_DEVNET_CHAIN, RIALO_LOCALNET_CHAIN, RIALO_MAINNET_CHAIN, RIALO_SHITNET_CHAIN, RIALO_TESTNET_CHAIN, RexValue, RexValueVariant, RialoClient, RialoError, RialoErrorType, RpcError, RpcErrorCode, SECRET_KEY_LENGTH, SECRET_SHARING_HPKE_INFO, SIGNATURE_LENGTH, SYSTEM_PROGRAM_ID, Schema, Signature, SystemInstruction, Transaction, TransactionBuilder, TransactionError, TransactionErrorCode, TransactionRpcClient, URL_DEVNET, URL_LOCALNET, URL_MAINNET, URL_SHITNET, URL_TESTNET, USER_SECRET_AAD, X25519_PUBLIC_KEY_LENGTH, allocateInstruction, assignInstruction, calculateBackoff, concatBytes2 as concatBytes, createAccount, createBorshInstruction, createRialoClient, deserialize, deserializeBorsh, deserializeCompactU162 as deserializeCompactU16, deserializeStrict, encodeBorshData, encryptForRex, field, fixedArray, fromBase64, getCiphertextLength, getDefaultRialoClientConfig, getDevnetUrl, getLocalnetUrl, getMainnetUrl, getTestnetUrl, hpkeEncrypt, isOnCurve, isValidCiphertextLength, option, seedToBytes, serialize, serializeBorsh, serializeCompactU16, sleep, toBase64, transferInstruction, vec, writeCompactU16 };
+export { AccountMetaTable, BASE_DERIVATION_PATH, BaseRpcClient, BincodeReader, BincodeWriter, CryptoError, CryptoErrorCode, DEFAULT_NUM_ACCOUNTS, HttpTransport, KELVIN_PER_RLO, Keypair, KeypairSigner, Message, Mnemonic, PUBLIC_KEY_LENGTH, PublicKey, QueryRpcClient, RIALO_DEVNET_CHAIN, RIALO_LOCALNET_CHAIN, RIALO_MAINNET_CHAIN, RIALO_SHITNET_CHAIN, RIALO_TESTNET_CHAIN, RialoClient, RialoError, RialoErrorType, RpcError, RpcErrorCode, SECRET_KEY_LENGTH, SIGNATURE_LENGTH, SYSTEM_PROGRAM_ID, Schema, Signature, SystemInstruction, Transaction, TransactionBuilder, TransactionError, TransactionErrorCode, TransactionRpcClient, URL_DEVNET, URL_LOCALNET, URL_MAINNET, URL_SHITNET, URL_TESTNET, allocateInstruction, assignInstruction, calculateBackoff, concatBytes2 as concatBytes, createAccount, createBorshInstruction, createRialoClient, deserialize, deserializeBorsh, deserializeCompactU162 as deserializeCompactU16, deserializeStrict, encodeBorshData, field, fixedArray, fromBase64, getDefaultRialoClientConfig, getDevnetUrl, getLocalnetUrl, getMainnetUrl, getTestnetUrl, isOnCurve, option, seedToBytes, serialize, serializeBorsh, serializeCompactU16, sleep, toBase64, transferInstruction, vec, writeCompactU16 };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map