@storacha/encrypt-upload-client 0.0.8-0

package/dist/handlers/decrypt-handler.js

@@ -0,0 +1,127 @@
+import { Wallet } from 'ethers';
+import { CID } from 'multiformats';
+import { CarIndexer } from '@ipld/car';
+import { exporter } from 'ipfs-unixfs-exporter';
+import { MemoryBlockstore } from 'blockstore-core';
+import { base64 } from 'multiformats/bases/base64';
+import * as Lit from '../protocols/lit.js';
+import * as Type from '../types.js';
+import * as EncryptedMetadata from '../core/encrypted-metadata.js';
+import { createDecryptWrappedInvocation } from '../utils.js';
+/**
+ *
+ * @param {import('@storacha/client').Client} storachaClient - The Storacha client
+ * @param {import('@lit-protocol/lit-node-client').LitNodeClient} litClient - The Lit client
+ * @param {Type.CryptoAdapter} cryptoAdapter - The crypto adapter responsible for performing
+ * encryption and decryption operations.
+ * @param {URL} gatewayURL - The IPFS gateway URL
+ * @param {Wallet} wallet - The wallet to use to decrypt the file
+ * @param {Type.AnyLink} cid - The link to the file to retrieve
+ * @param {Uint8Array} delegationCAR - The delegation that gives permission to decrypt the file
+ */
+export const retrieveAndDecrypt = async (storachaClient, litClient, cryptoAdapter, gatewayURL, wallet, cid, delegationCAR) => {
+    const encryptedMetadataCar = await getCarFileFromGateway(gatewayURL, cid.toString());
+    const { encryptedDataCID, identityBoundCiphertext, plaintextKeyHash, accessControlConditions, } = extractEncryptedMetadata(encryptedMetadataCar);
+    const spaceDID = /** @type {`did:key:${string}`} */ (accessControlConditions[0].parameters[1]);
+    const encryptedData = await getEncryptedDataFromCar(encryptedMetadataCar, encryptedDataCID);
+    /**
+     * TODO: check if the wallet has capacity credits, if not get it
+     */
+    // TODO: store the session signature (https://developer.litprotocol.com/intro/first-request/generating-session-sigs#nodejs)
+    const sessionSigs = await Lit.getSessionSigs(litClient, {
+        wallet,
+        dataToEncryptHash: plaintextKeyHash,
+        expiration: new Date(Date.now() + 1000 * 60 * 5).toISOString(), // 5 min
+        accessControlConditions: 
+        /** @type import('@lit-protocol/types').AccessControlConditions */ (
+        /** @type {unknown} */ (accessControlConditions)),
+    });
+    const wrappedInvocationJSON = await createDecryptWrappedInvocation({
+        delegationCAR,
+        spaceDID,
+        resourceCID: cid,
+        issuer: storachaClient.agent.issuer,
+        audience: storachaClient.defaultProvider(),
+        expiration: new Date(Date.now() + 1000 * 60 * 10).getTime(), // 10 min
+    });
+    const decryptKey = await Lit.executeUcanValidatoinAction(litClient, {
+        sessionSigs,
+        spaceDID,
+        identityBoundCiphertext,
+        plaintextKeyHash,
+        accessControlConditions,
+        wrappedInvocationJSON,
+    });
+    return decryptFileWithKey(cryptoAdapter, decryptKey, encryptedData);
+};
+/**
+ * @param {Type.CryptoAdapter} cryptoAdapter - The crypto adapter responsible for performing
+ * encryption and decryption operations.
+ * @param {string} combinedKey
+ * @param {Uint8Array} content
+ */
+export function decryptFileWithKey(cryptoAdapter, combinedKey, content) {
+    // Split the decrypted data back into key and initializationVector
+    const decryptedKeyData = base64.decode(combinedKey);
+    const symmetricKey = decryptedKeyData.subarray(0, 32);
+    const initializationVector = decryptedKeyData.subarray(32);
+    // Create a ReadableStream from the Uint8Array
+    const contentStream = new ReadableStream({
+        start(controller) {
+            controller.enqueue(content);
+            controller.close();
+        },
+    });
+    const decryptedStream = cryptoAdapter.decryptStream(contentStream, symmetricKey, initializationVector);
+    return decryptedStream;
+}
+/**
+ *
+ * @param {URL} gatewayURL
+ * @param {string} cid
+ */
+const getCarFileFromGateway = async (gatewayURL, cid) => {
+    const url = new URL(`/ipfs/${cid}?format=car`, gatewayURL);
+    const response = await fetch(url);
+    if (!response.ok) {
+        throw new Error(`Failed to fetch: ${response.status} ${response.statusText}`);
+    }
+    const car = new Uint8Array(await response.arrayBuffer());
+    return car;
+};
+/**
+ *
+ * @param {Uint8Array} car
+ */
+const extractEncryptedMetadata = (car) => {
+    const encryptedContentResult = EncryptedMetadata.extract(car);
+    if (encryptedContentResult.error) {
+        throw encryptedContentResult.error;
+    }
+    let encryptedContent = encryptedContentResult.ok.toJSON();
+    return encryptedContent;
+};
+/**
+ *
+ * @param {Uint8Array} car
+ * @param {string} encryptedDataCID
+ */
+const getEncryptedDataFromCar = async (car, encryptedDataCID) => {
+    // NOTE: convert CAR to a block store
+    const iterable = await CarIndexer.fromBytes(car);
+    const blockstore = new MemoryBlockstore();
+    for await (const { cid, blockLength, blockOffset } of iterable) {
+        const blockBytes = car.slice(blockOffset, blockOffset + blockLength);
+        await blockstore.put(cid, blockBytes);
+    }
+    // NOTE: get the encrypted Data from the CAR file
+    const encryptedDataEntry = await exporter(CID.parse(encryptedDataCID), blockstore);
+    const encryptedDataBytes = new Uint8Array(Number(encryptedDataEntry.size));
+    let offset = 0;
+    for await (const chunk of encryptedDataEntry.content()) {
+        encryptedDataBytes.set(chunk, offset);
+        offset += chunk.length;
+    }
+    return encryptedDataBytes;
+};
+//# sourceMappingURL=decrypt-handler.js.map

package/dist/handlers/encrypt-handler.d.ts

@@ -0,0 +1,3 @@
+export function encryptAndUpload(storachaClient: import("@storacha/client").Client, litClient: import("@lit-protocol/lit-node-client").LitNodeClient, cryptoAdapter: Type.CryptoAdapter, file: Type.BlobLike): Promise<Type.AnyLink>;
+import * as Type from '../types.js';
+//# sourceMappingURL=encrypt-handler.d.ts.map

package/dist/handlers/encrypt-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypt-handler.d.ts","sourceRoot":"","sources":["../../src/handlers/encrypt-handler.js"],"names":[],"mappings":"AAkBO,iDAPI,OAAO,kBAAkB,EAAE,MAAM,aACjC,OAAO,+BAA+B,EAAE,aAAa,iBACrD,IAAI,CAAC,aAAa,QAElB,IAAI,CAAC,QAAQ,GACX,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CA4BjC;sBAxCqB,aAAa"}

package/dist/handlers/encrypt-handler.js

@@ -0,0 +1,87 @@
+import { CARWriterStream } from 'carstream';
+import { base64 } from 'multiformats/bases/base64';
+import { createFileEncoderStream } from '@storacha/upload-client/unixfs';
+import * as Type from '../types.js';
+import * as Lit from '../protocols/lit.js';
+import * as EncryptedMetadata from '../core/encrypted-metadata.js';
+/**
+ * Encrypt and upload a file to the Storacha network
+ *
+ * @param {import('@storacha/client').Client} storachaClient - The Storacha client
+ * @param {import('@lit-protocol/lit-node-client').LitNodeClient} litClient - The Lit client
+ * @param {Type.CryptoAdapter} cryptoAdapter - The crypto adapter responsible for performing
+ * encryption and decryption operations.
+ * @param {Type.BlobLike} file - The file to upload
+ * @returns {Promise<Type.AnyLink>} - The link to the uploaded file
+ */
+export const encryptAndUpload = async (storachaClient, litClient, cryptoAdapter, file) => {
+    const spaceDID = /** @type {Type.SpaceDID | undefined} */ (storachaClient.agent.currentSpace());
+    if (!spaceDID)
+        throw new Error('No space selected!');
+    const accessControlConditions = Lit.getAccessControlConditions(spaceDID);
+    const encryptedPayload = await encryptFile(litClient, cryptoAdapter, file, accessControlConditions);
+    const rootCid = await uploadEncryptedMetadata(storachaClient, encryptedPayload, accessControlConditions);
+    return rootCid;
+};
+/**
+ * Upload encrypted metadata to the Storacha network
+ *
+ * @param {import('@storacha/client').Client} storachaClient - The Storacha client
+ * @param {Type.EncryptedPayload} encryptedPayload - The encrypted payload
+ * @param {import('@lit-protocol/types').AccessControlConditions} accessControlConditions - The access control conditions
+ * @returns {Promise<Type.AnyLink>} - The link to the uploaded metadata
+ */
+const uploadEncryptedMetadata = async (storachaClient, encryptedPayload, accessControlConditions) => {
+    const { identityBoundCiphertext, plaintextKeyHash, encryptedBlobLike } = encryptedPayload;
+    return storachaClient.uploadCAR({
+        stream() {
+            /** @type {any} */
+            let root;
+            return createFileEncoderStream(encryptedBlobLike)
+                .pipeThrough(new TransformStream({
+                transform(block, controller) {
+                    root = block;
+                    controller.enqueue(block);
+                },
+                async flush(controller) {
+                    if (!root)
+                        throw new Error('missing root block');
+                    /** @type {Type.EncryptedMetadataInput} */
+                    const uploadData = {
+                        encryptedDataCID: root.cid.toString(),
+                        identityBoundCiphertext,
+                        plaintextKeyHash,
+                        accessControlConditions: /** @type {[Record<string, any>]} */ (
+                        /** @type {unknown} */ (accessControlConditions)),
+                    };
+                    const encryptedMetadata = EncryptedMetadata.create(uploadData);
+                    const { cid, bytes } = await encryptedMetadata.archiveBlock();
+                    controller.enqueue({ cid, bytes });
+                },
+            }))
+                .pipeThrough(new CARWriterStream());
+        },
+    });
+};
+/**
+ * Encrypt a file
+ *
+ * @param {import('@lit-protocol/lit-node-client').LitNodeClient} litClient - The Lit client
+ * @param {Type.CryptoAdapter} cryptoAdapter - The crypto adapter responsible for performing
+ * encryption and decryption operations.
+ * @param {Type.BlobLike} file - The file to encrypt
+ * @param {import('@lit-protocol/types').AccessControlConditions} accessControlConditions - The access control conditions
+ * @returns {Promise<Type.EncryptedPayload>} - The encrypted file
+ */
+const encryptFile = async (litClient, cryptoAdapter, file, accessControlConditions) => {
+    const { key, iv, encryptedStream } = cryptoAdapter.encryptStream(file);
+    // Combine key and initializationVector for Lit encryption
+    const dataToEncrypt = base64.encode(new Uint8Array([...key, ...iv]));
+    const { ciphertext, dataToEncryptHash } = await Lit.encryptString({ dataToEncrypt, accessControlConditions }, litClient);
+    return {
+        identityBoundCiphertext: ciphertext,
+        plaintextKeyHash: dataToEncryptHash,
+        encryptedBlobLike: { stream: () => encryptedStream },
+    };
+};
+//# sourceMappingURL=encrypt-handler.js.map

package/dist/index.d.ts

@@ -0,0 +1,4 @@
+export { Wallet } from "ethers";
+export { create } from "./core/client.js";
+export { NodeCryptoAdapter } from "./crypto-adapters/node-crypto-adapter.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.js"],"names":[],"mappings":""}

package/dist/index.js

@@ -0,0 +1,4 @@
+export { Wallet } from 'ethers';
+export { create } from './core/client.js';
+export { NodeCryptoAdapter } from './crypto-adapters/node-crypto-adapter.js';
+//# sourceMappingURL=index.js.map

package/dist/protocols/lit.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Get a LitClient instance.
+ */
+export function getLitClient(): Promise<LitNodeClient>;
+/**
+ * @param {LitNodeClient} litClient
+ * @param {Type.SessionSignatureOptions} param0
+ * @returns {Promise<import('@lit-protocol/types').SessionSigsMap>}
+ */
+export function getSessionSigs(litClient: LitNodeClient, { wallet, accessControlConditions, dataToEncryptHash, expiration, capabilityAuthSigs, }: Type.SessionSignatureOptions): Promise<import("@lit-protocol/types").SessionSigsMap>;
+export { encryptString } from "@lit-protocol/encryption";
+export function getAccessControlConditions(spaceDID: import("@ucanto/core/schema").Schema<`did:key:${string}` & `did:${string}` & import("multiformats").Phantom<{
+    protocol: "did:";
+}>, any>): import("@lit-protocol/types").AccessControlConditions;
+export function executeUcanValidatoinAction(litClient: LitNodeClient, options: Type.ExecuteUcanValidationOptions): Promise<any>;
+import { LitNodeClient } from '@lit-protocol/lit-node-client';
+import * as Type from '../types.js';
+//# sourceMappingURL=lit.d.ts.map

package/dist/protocols/lit.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"lit.d.ts","sourceRoot":"","sources":["../../src/protocols/lit.js"],"names":[],"mappings":"AAsCA;;GAEG;AACH,uDAQC;AAED;;;;GAIG;AACH,0CAJW,aAAa,2FACb,IAAI,CAAC,uBAAuB,GAC1B,OAAO,CAAC,OAAO,qBAAqB,EAAE,cAAc,CAAC,CAsDjE;;AAtFM;;WAFM,OAAO,qBAAqB,EAAE,uBAAuB,CAgBjE;AAgFM,uDAJI,aAAa,WACb,IAAI,CAAC,4BAA4B,gBA4B3C;8BA7I6B,+BAA+B;sBAUvC,aAAa"}

package/dist/protocols/lit.js

@@ -0,0 +1,106 @@
+import { LitNodeClient } from '@lit-protocol/lit-node-client';
+import { LIT_ABILITY } from '@lit-protocol/constants';
+import { generateAuthSig, LitActionResource, createSiweMessage, LitAccessControlConditionResource, } from '@lit-protocol/auth-helpers';
+import env from '../config/env.js';
+import * as Type from '../types.js';
+import { STORACHA_LIT_ACTION_CID } from '../config/constants.js';
+export { encryptString } from '@lit-protocol/encryption';
+/**
+ * Create access control conditions required to use Lit Protocol.
+ * This ensures that the Storacha Lit Action is used to validate decryption permissions for the specified space DID.
+ *
+ * @param {Type.SpaceDID} spaceDID - The DID of the space
+ * @returns {import('@lit-protocol/types').AccessControlConditions} - The access control conditions
+ */
+export const getAccessControlConditions = (spaceDID) => {
+    return [
+        {
+            contractAddress: '',
+            standardContractType: '',
+            chain: 'ethereum',
+            method: '',
+            parameters: [':currentActionIpfsId', spaceDID],
+            returnValueTest: {
+                comparator: '=',
+                value: STORACHA_LIT_ACTION_CID,
+            },
+        },
+    ];
+};
+/**
+ * Get a LitClient instance.
+ */
+export async function getLitClient() {
+    const litNodeClient = new LitNodeClient({
+        litNetwork: env.LIT_NETWORK,
+        debug: env.LIT_DEBUG,
+    });
+    await litNodeClient.connect();
+    return litNodeClient;
+}
+/**
+ * @param {LitNodeClient} litClient
+ * @param {Type.SessionSignatureOptions} param0
+ * @returns {Promise<import('@lit-protocol/types').SessionSigsMap>}
+ */
+export async function getSessionSigs(litClient, { wallet, accessControlConditions, dataToEncryptHash, expiration, capabilityAuthSigs, }) {
+    const accsResourceString = await LitAccessControlConditionResource.generateResourceString(accessControlConditions, dataToEncryptHash);
+    const sessionSigs = await litClient.getSessionSigs({
+        chain: 'ethereum',
+        capabilityAuthSigs,
+        expiration,
+        resourceAbilityRequests: [
+            {
+                resource: new LitAccessControlConditionResource(accsResourceString),
+                ability: LIT_ABILITY.AccessControlConditionDecryption,
+            },
+            {
+                resource: new LitActionResource('*'),
+                ability: LIT_ABILITY.LitActionExecution,
+            },
+        ],
+        authNeededCallback: async ({ uri, expiration, resourceAbilityRequests, }) => {
+            const toSign = await createSiweMessage({
+                uri,
+                expiration,
+                resources: resourceAbilityRequests,
+                walletAddress: wallet.address,
+                nonce: await litClient.getLatestBlockhash(),
+                litNodeClient: litClient,
+            });
+            return await generateAuthSig({
+                signer: wallet,
+                toSign,
+            });
+        },
+    });
+    return sessionSigs;
+}
+/**
+ *
+ * @param {LitNodeClient} litClient
+ * @param {Type.ExecuteUcanValidationOptions} options
+ * @returns
+ */
+export const executeUcanValidatoinAction = async (litClient, options) => {
+    const { sessionSigs, ...jsParams } = options;
+    const litActionResponse = await litClient.executeJs({
+        ipfsId: STORACHA_LIT_ACTION_CID,
+        sessionSigs,
+        jsParams,
+    });
+    if (!litActionResponse.response) {
+        throw new Error('Error getting lit action response.');
+    }
+    const parsedResponse = JSON.parse(
+    /** @type string*/ (litActionResponse.response));
+    const decryptedData = parsedResponse.decryptedString;
+    if (!decryptedData) {
+        let errorMsg;
+        if (parsedResponse.error)
+            errorMsg = parsedResponse.error;
+        throw new Error(`Decrypted data does not exist! Error message: ${errorMsg}`);
+    }
+    return decryptedData;
+};
+//# sourceMappingURL=lit.js.map

package/dist/types.d.ts

@@ -0,0 +1,82 @@
+import { Wallet } from 'ethers';
+import { UnknownLink } from 'multiformats';
+import { Client as StorachaClient } from '@storacha/client';
+import { Result, Failure, Block } from '@ucanto/interface';
+import { LitNodeClient } from '@lit-protocol/lit-node-client';
+import { AccessControlConditions, AuthSig, SessionSigsMap } from '@lit-protocol/types';
+import type { BlobLike, AnyLink, Signer, DID, SigAlg } from '@storacha/client/types';
+export type { IPLDBlock } from '@ucanto/interface';
+export type { SpaceDID } from '@storacha/capabilities/utils';
+export type { UnknownFormat } from '@storacha/capabilities/types';
+export type { Result, UnknownLink };
+export type { BlobLike, AnyLink };
+export interface EncryptedClient {
+    uploadEncryptedFile(file: BlobLike): Promise<AnyLink>;
+    retrieveAndDecryptFile(wallet: Wallet, cid: AnyLink, delegationCAR: Uint8Array): Promise<ReadableStream>;
+}
+export type EncryptedClientOptions = {
+    storachaClient: StorachaClient;
+    cryptoAdapter: CryptoAdapter;
+    litClient?: LitNodeClient;
+    gatewayURL?: URL;
+};
+export interface CryptoAdapter {
+    encryptStream(data: BlobLike): EncryptOutput;
+    decryptStream(encryptedData: ReadableStream, key: Uint8Array, iv: Uint8Array): ReadableStream;
+}
+export interface EncryptOutput {
+    key: Uint8Array;
+    iv: Uint8Array;
+    encryptedStream: ReadableStream;
+}
+export type EncryptedPayload = {
+    identityBoundCiphertext: string;
+    plaintextKeyHash: string;
+    encryptedBlobLike: BlobLike;
+};
+export type GenericAccessControlCondition = [Record<string, any>];
+export interface EncryptedMetadataInput {
+    encryptedDataCID: string;
+    identityBoundCiphertext: string;
+    plaintextKeyHash: string;
+    accessControlConditions: GenericAccessControlCondition;
+}
+export interface EncryptedMetadata {
+    encryptedDataCID: UnknownLink;
+    identityBoundCiphertext: Uint8Array;
+    plaintextKeyHash: Uint8Array;
+    accessControlConditions: GenericAccessControlCondition;
+}
+export interface EncryptedMetadataView extends EncryptedMetadata {
+    /** Encode it to a CAR file. */
+    archive(): Promise<Result<Uint8Array>>;
+    archiveBlock(): Promise<Block>;
+    toJSON(): EncryptedMetadataInput;
+}
+export interface DecodeFailure extends Failure {
+    name: 'DecodeFailure';
+}
+export interface SessionSignatureOptions {
+    wallet: Wallet;
+    accessControlConditions: AccessControlConditions;
+    dataToEncryptHash: string;
+    expiration?: string;
+    capabilityAuthSigs?: AuthSig[];
+}
+export interface CreateDecryptWrappedInvocationOptions {
+    delegationCAR: Uint8Array;
+    issuer: Signer<DID, SigAlg>;
+    audience: `did:${string}:${string}`;
+    spaceDID: `did:key:${string}`;
+    resourceCID: AnyLink;
+    expiration: number;
+}
+export interface ExecuteUcanValidationOptions {
+    sessionSigs: SessionSigsMap;
+    spaceDID: `did:key:${string}`;
+    identityBoundCiphertext: string;
+    plaintextKeyHash: string;
+    accessControlConditions: AccessControlConditions;
+    wrappedInvocationJSON: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC/B,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAC1C,OAAO,EAAE,MAAM,IAAI,cAAc,EAAE,MAAM,kBAAkB,CAAA;AAC3D,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAA;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,+BAA+B,CAAA;AAC7D,OAAO,EACL,uBAAuB,EACvB,OAAO,EACP,cAAc,EACf,MAAM,qBAAqB,CAAA;AAC5B,OAAO,KAAK,EACV,QAAQ,EACR,OAAO,EACP,MAAM,EACN,GAAG,EACH,MAAM,EACP,MAAM,wBAAwB,CAAA;AAE/B,YAAY,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAClD,YAAY,EAAE,QAAQ,EAAE,MAAM,8BAA8B,CAAA;AAC5D,YAAY,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAA;AACjE,YAAY,EAAE,MAAM,EAAE,WAAW,EAAE,CAAA;AACnC,YAAY,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAA;AAEjC,MAAM,WAAW,eAAe;IAC9B,mBAAmB,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IACrD,sBAAsB,CACpB,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,OAAO,EACZ,aAAa,EAAE,UAAU,GACxB,OAAO,CAAC,cAAc,CAAC,CAAA;CAC3B;AAED,MAAM,MAAM,sBAAsB,GAAG;IACnC,cAAc,EAAE,cAAc,CAAA;IAC9B,aAAa,EAAE,aAAa,CAAA;IAC5B,SAAS,CAAC,EAAE,aAAa,CAAA;IACzB,UAAU,CAAC,EAAE,GAAG,CAAA;CACjB,CAAA;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,CAAC,IAAI,EAAE,QAAQ,GAAG,aAAa,CAAA;IAC5C,aAAa,CACX,aAAa,EAAE,cAAc,EAC7B,GAAG,EAAE,UAAU,EACf,EAAE,EAAE,UAAU,GACb,cAAc,CAAA;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,EAAE,UAAU,CAAA;IACf,EAAE,EAAE,UAAU,CAAA;IACd,eAAe,EAAE,cAAc,CAAA;CAChC;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,uBAAuB,EAAE,MAAM,CAAA;IAC/B,gBAAgB,EAAE,MAAM,CAAA;IACxB,iBAAiB,EAAE,QAAQ,CAAA;CAC5B,CAAA;AAED,MAAM,MAAM,6BAA6B,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAA;AAEjE,MAAM,WAAW,sBAAsB;IACrC,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,MAAM,CAAA;IAC/B,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,6BAA6B,CAAA;CACvD;AAED,MAAM,WAAW,iBAAiB;IAChC,gBAAgB,EAAE,WAAW,CAAA;IAC7B,uBAAuB,EAAE,UAAU,CAAA;IACnC,gBAAgB,EAAE,UAAU,CAAA;IAC5B,uBAAuB,EAAE,6BAA6B,CAAA;CACvD;AAED,MAAM,WAAW,qBAAsB,SAAQ,iBAAiB;IAC9D,+BAA+B;IAC/B,OAAO,IAAI,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAA;IACtC,YAAY,IAAI,OAAO,CAAC,KAAK,CAAC,CAAA;IAC9B,MAAM,IAAI,sBAAsB,CAAA;CACjC;AAED,MAAM,WAAW,aAAc,SAAQ,OAAO;IAC5C,IAAI,EAAE,eAAe,CAAA;CACtB;AAED,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,MAAM,CAAA;IACd,uBAAuB,EAAE,uBAAuB,CAAA;IAChD,iBAAiB,EAAE,MAAM,CAAA;IACzB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,kBAAkB,CAAC,EAAE,OAAO,EAAE,CAAA;CAC/B;AAED,MAAM,WAAW,qCAAqC;IACpD,aAAa,EAAE,UAAU,CAAA;IACzB,MAAM,EAAE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAA;IAC3B,QAAQ,EAAE,OAAO,MAAM,IAAI,MAAM,EAAE,CAAA;IACnC,QAAQ,EAAE,WAAW,MAAM,EAAE,CAAA;IAC7B,WAAW,EAAE,OAAO,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,4BAA4B;IAC3C,WAAW,EAAE,cAAc,CAAA;IAC3B,QAAQ,EAAE,WAAW,MAAM,EAAE,CAAA;IAC7B,uBAAuB,EAAE,MAAM,CAAA;IAC/B,gBAAgB,EAAE,MAAM,CAAA;IACxB,uBAAuB,EAAE,uBAAuB,CAAA;IAChD,qBAAqB,EAAE,MAAM,CAAA;CAC9B"}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/utils.d.ts

@@ -0,0 +1,15 @@
+/**
+ *
+ * @param {string} str
+ * @returns {Uint8Array}
+ */
+export function stringToBytes(str: string): Uint8Array;
+/**
+ *
+ * @param {Uint8Array} bytes
+ * @returns {string}
+ */
+export function bytesToString(bytes: Uint8Array): string;
+export function createDecryptWrappedInvocation({ delegationCAR, issuer, spaceDID, resourceCID, audience, expiration, }: Type.CreateDecryptWrappedInvocationOptions): Promise<import("@ucanto/server").ToString<Uint8Array<ArrayBufferLike>, string>>;
+import * as Type from './types.js';
+//# sourceMappingURL=utils.d.ts.map

package/dist/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.js"],"names":[],"mappings":"AA+CA;;;;GAIG;AACH,mCAHW,MAAM,GACJ,UAAU,CAItB;AAED;;;;GAIG;AACH,qCAHW,UAAU,GACR,MAAM,CAIlB;AApDM,wHAFI,IAAI,CAAC,qCAAqC,mFAoCpD;sBAxCqB,YAAY"}

package/dist/utils.js

@@ -0,0 +1,50 @@
+import { DID } from '@ucanto/server';
+import * as dagJSON from '@ipld/dag-json';
+import { extract } from '@ucanto/core/delegation';
+import * as Space from '@storacha/capabilities/space';
+import * as Type from './types.js';
+/**
+ *
+ * @param {Type.CreateDecryptWrappedInvocationOptions} param0
+ */
+export const createDecryptWrappedInvocation = async ({ delegationCAR, issuer, spaceDID, resourceCID, audience, expiration, }) => {
+    const delegation = await extract(delegationCAR);
+    if (delegation.error) {
+        throw delegation.error;
+    }
+    const invocationOptions = {
+        issuer,
+        audience: DID.parse(audience),
+        with: spaceDID,
+        nb: {
+            resource: resourceCID,
+        },
+        expiration: expiration,
+        proofs: [delegation.ok],
+    };
+    const decryptWrappedInvocation = await Space.decrypt
+        .invoke(invocationOptions)
+        .delegate();
+    const carEncoded = await decryptWrappedInvocation.archive();
+    if (carEncoded.error) {
+        throw carEncoded.error;
+    }
+    return dagJSON.stringify(carEncoded.ok);
+};
+/**
+ *
+ * @param {string} str
+ * @returns {Uint8Array}
+ */
+export function stringToBytes(str) {
+    return new TextEncoder().encode(str);
+}
+/**
+ *
+ * @param {Uint8Array} bytes
+ * @returns {string}
+ */
+export function bytesToString(bytes) {
+    return new TextDecoder().decode(bytes);
+}
+//# sourceMappingURL=utils.js.map

package/package.json

@@ -0,0 +1,127 @@
+{
+  "name": "@storacha/encrypt-upload-client",
+  "type": "module",
+  "version": "0.0.8-0",
+  "license": "Apache-2.0 OR MIT",
+  "description": "Client for upload and download encrypted files",
+  "author": "Storacha",
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/storacha/upload-service.git",
+    "directory": "packages/encrypt-upload-client"
+  },
+  "keywords": [
+    "storacha",
+    "lit protocol",
+    "web3",
+    "storage",
+    "upload",
+    "store",
+    "encrypt",
+    "decrypt",
+    "IPLD",
+    "UCAN",
+    "IPFS"
+  ],
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "!dist/**/*.js.map"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./crypto/adapters": {
+      "types": "./dist/crypto-adapters/node-crypto-adapter.d.ts",
+      "import": "./dist/crypto-adapters/node-crypto-adapter.js"
+    },
+    "./types": "./dist/types.js"
+  },
+  "dependencies": {
+    "@ipld/car": "^5.4.0",
+    "@ipld/dag-cbor": "^9.0.6",
+    "@ipld/dag-json": "^10.2.3",
+    "@ipld/dag-ucan": "^3.4.5",
+    "@ipld/schema": "^6.0.6",
+    "@lit-protocol/auth-helpers": "^7.0.2",
+    "@lit-protocol/constants": "^7.0.2",
+    "@lit-protocol/contracts-sdk": "^7.0.2",
+    "@lit-protocol/encryption": "^7.0.2",
+    "@lit-protocol/lit-auth-client": "^7.0.3",
+    "@lit-protocol/lit-node-client": "^7.0.2",
+    "@ucanto/client": "^9.0.1",
+    "@ucanto/core": "^10.3.1",
+    "@ucanto/interface": "^10.2.0",
+    "@ucanto/principal": "^9.0.2",
+    "@ucanto/server": "^10.2.0",
+    "@ucanto/transport": "^9.1.1",
+    "@ucanto/validator": "^9.1.0",
+    "blockstore-core": "^3.0.0",
+    "carstream": "^2.1.0",
+    "dotenv": "^16.4.7",
+    "ethers": "5.7.1",
+    "ipfs-unixfs-exporter": "^10.0.0",
+    "multiformats": "^13.3.2",
+    "@storacha/capabilities": "^1.4.0",
+    "@storacha/upload-client": "^1.0.9",
+    "@storacha/client": "^1.2.4"
+  },
+  "devDependencies": {
+    "@lit-protocol/types": "^7.0.8",
+    "esbuild": "^0.25.1",
+    "typescript": "^5.7.3",
+    "@storacha/eslint-config": "^0.0.0"
+  },
+  "eslintConfig": {
+    "extends": [
+      "@storacha/eslint-config"
+    ],
+    "parserOptions": {
+      "project": "./tsconfig.json"
+    },
+    "env": {
+      "es2022": true,
+      "mocha": true,
+      "browser": true,
+      "node": true
+    },
+    "ignorePatterns": [
+      "dist",
+      "docs",
+      "docs-generated",
+      "coverage",
+      "src/types.js",
+      "*.min.js"
+    ]
+  },
+  "depcheck": {
+    "ignorePatterns": [
+      "dist"
+    ],
+    "ignores": [
+      "@typescript-eslint/eslint-plugin",
+      "@typescript-eslint/parser",
+      "assert",
+      "c8"
+    ]
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "engineStrict": true,
+  "scripts": {
+    "dev": "tsc --build --watch --preserveWatchOutput",
+    "clean": "rm -rf dist *.tsbuildinfo",
+    "lint": "tsc --build && eslint '**/*.{js,ts}' --ignore-pattern 'lit-actions/**' && prettier --check '**/*.{js,ts,yml,json}' --ignore-path ../../.gitignore",
+    "lint:fix": "tsc --build && eslint '**/*.{js,ts}' --fix && prettier --write '**/*.{js,ts,yml,json}' --ignore-path ../../.gitignore",
+    "build-actions": "node lit-actions/esbuild.js",
+    "attw": "attw --pack .",
+    "rc": "npm version prerelease --preid rc"
+  }
+}