@wireapp/core-crypto 1.0.1 → 1.1.0

package/platforms/web/corecrypto.d.ts

@@ -1,3 +1,53 @@
+declare enum Ciphersuite {
+	/**
+	* DH KEM x25519 | AES-GCM 128 | SHA2-256 | Ed25519
+	*/
+	MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 = 1,
+	/**
+	* DH KEM P256 | AES-GCM 128 | SHA2-256 | EcDSA P256
+	*/
+	MLS_128_DHKEMP256_AES128GCM_SHA256_P256 = 2,
+	/**
+	* DH KEM x25519 | Chacha20Poly1305 | SHA2-256 | Ed25519
+	*/
+	MLS_128_DHKEMX25519_CHACHA20POLY1305_SHA256_Ed25519 = 3,
+	/**
+	* DH KEM x448 | AES-GCM 256 | SHA2-512 | Ed448
+	*/
+	MLS_256_DHKEMX448_AES256GCM_SHA512_Ed448 = 4,
+	/**
+	* DH KEM P521 | AES-GCM 256 | SHA2-512 | EcDSA P521
+	*/
+	MLS_256_DHKEMP521_AES256GCM_SHA512_P521 = 5,
+	/**
+	* DH KEM x448 | Chacha20Poly1305 | SHA2-512 | Ed448
+	*/
+	MLS_256_DHKEMX448_CHACHA20POLY1305_SHA512_Ed448 = 6,
+	/**
+	* DH KEM P384 | AES-GCM 256 | SHA2-384 | EcDSA P384
+	*/
+	MLS_256_DHKEMP384_AES256GCM_SHA384_P384 = 7
+}
+declare enum WirePolicy {
+	/**
+	* Handshake messages are never encrypted
+	*/
+	Plaintext = 1,
+	/**
+	* Handshake messages are always encrypted
+	*/
+	Ciphertext = 2
+}
+declare enum CredentialType {
+	/**
+	* Just a KeyPair
+	*/
+	Basic = 1,
+	/**
+	* A certificate obtained through e2e identity enrollment process
+	*/
+	X509 = 2
+}
 /**
 * For creating a challenge.
 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5.1
@@ -19,6 +69,635 @@ export class AcmeChallenge {
 	readonly url: string;
 }
 /**
+* see [core_crypto::prelude::MlsConversationConfiguration]
+*/
+declare class ConversationConfiguration {
+	free(): void;
+	/**
+	* @param {Ciphersuite | undefined} [ciphersuite]
+	* @param {(Uint8Array)[] | undefined} [external_senders]
+	* @param {number | undefined} [key_rotation_span]
+	* @param {WirePolicy | undefined} [wire_policy]
+	*/
+	constructor(ciphersuite?: Ciphersuite, external_senders?: (Uint8Array)[], key_rotation_span?: number, wire_policy?: WirePolicy);
+}
+/**
+*/
+declare class CoreCryptoContext {
+	free(): void;
+	/**
+	* Returns: [`WasmCryptoResult<()>`]
+	*
+	* see [core_crypto::context::CentralContext::set_data]
+	* @param {Uint8Array} data
+	* @returns {Promise<any>}
+	*/
+	set_data(data: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<Option<js_sys::Uint8Array>>`]
+	*
+	* see [core_crypto::context::CentralContext::get_data]
+	* @returns {Promise<any>}
+	*/
+	get_data(): Promise<any>;
+	/**
+	* see [core_crypto::mls::context::CentralContext::mls_init]
+	* @param {Uint8Array} client_id
+	* @param {Uint16Array} ciphersuites
+	* @param {number | undefined} [nb_key_package]
+	* @returns {Promise<any>}
+	*/
+	mls_init(client_id: Uint8Array, ciphersuites: Uint16Array, nb_key_package?: number): Promise<any>;
+	/**
+	* Returns [`WasmCryptoResult<Vec<u8>>`]
+	*
+	* See [core_crypto::mls::context::CentralContext::mls_generate_keypairs]
+	* @param {Uint16Array} ciphersuites
+	* @returns {Promise<any>}
+	*/
+	mls_generate_keypair(ciphersuites: Uint16Array): Promise<any>;
+	/**
+	* Returns [`WasmCryptoResult<()>`]
+	*
+	* See [core_crypto::mls::context::CentralContext::mls_init_with_client_id]
+	* @param {Uint8Array} client_id
+	* @param {(Uint8Array)[]} signature_public_keys
+	* @param {Uint16Array} ciphersuites
+	* @returns {Promise<any>}
+	*/
+	mls_init_with_client_id(client_id: Uint8Array, signature_public_keys: (Uint8Array)[], ciphersuites: Uint16Array): Promise<any>;
+	/**
+	* Returns:: [`WasmCryptoResult<js_sys::Uint8Array>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::client_public_key]
+	* @param {Ciphersuite} ciphersuite
+	* @param {CredentialType} credential_type
+	* @returns {Promise<any>}
+	*/
+	client_public_key(ciphersuite: Ciphersuite, credential_type: CredentialType): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<js_sys::Array<js_sys::Uint8Array>>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::get_or_create_client_keypackages]
+	* @param {Ciphersuite} ciphersuite
+	* @param {CredentialType} credential_type
+	* @param {number} amount_requested
+	* @returns {Promise<any>}
+	*/
+	client_keypackages(ciphersuite: Ciphersuite, credential_type: CredentialType, amount_requested: number): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<usize>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::client_valid_key_packages_count]
+	* @param {Ciphersuite} ciphersuite
+	* @param {CredentialType} credential_type
+	* @returns {Promise<any>}
+	*/
+	client_valid_keypackages_count(ciphersuite: Ciphersuite, credential_type: CredentialType): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<usize>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::delete_keypackages]
+	* @param {(Uint8Array)[]} refs
+	* @returns {Promise<any>}
+	*/
+	delete_keypackages(refs: (Uint8Array)[]): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<()>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::new_conversation]
+	* @param {Uint8Array} conversation_id
+	* @param {CredentialType} creator_credential_type
+	* @param {ConversationConfiguration} config
+	* @returns {Promise<any>}
+	*/
+	create_conversation(conversation_id: Uint8Array, creator_credential_type: CredentialType, config: ConversationConfiguration): Promise<any>;
+	/**
+	* Returns [`WasmCryptoResult<u64>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::conversation_epoch]
+	* @param {Uint8Array} conversation_id
+	* @returns {Promise<any>}
+	*/
+	conversation_epoch(conversation_id: Uint8Array): Promise<any>;
+	/**
+	* Returns [`WasmCryptoResult<Ciphersuite>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::conversation_ciphersuite]
+	* @param {Uint8Array} conversation_id
+	* @returns {Promise<any>}
+	*/
+	conversation_ciphersuite(conversation_id: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`bool`]
+	*
+	* see [core_crypto::mls::context::CentralContext::conversation_exists]
+	* @param {Uint8Array} conversation_id
+	* @returns {Promise<any>}
+	*/
+	conversation_exists(conversation_id: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<Uint8Array>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::process_raw_welcome_message]
+	* @param {Uint8Array} welcome_message
+	* @param {CustomConfiguration} custom_configuration
+	* @returns {Promise<any>}
+	*/
+	process_welcome_message(welcome_message: Uint8Array, custom_configuration: CustomConfiguration): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<Option<MemberAddedMessages>>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::add_members_to_conversation]
+	* @param {Uint8Array} conversation_id
+	* @param {(Uint8Array)[]} key_packages
+	* @returns {Promise<any>}
+	*/
+	add_clients_to_conversation(conversation_id: Uint8Array, key_packages: (Uint8Array)[]): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<Option<js_sys::Uint8Array>>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::remove_members_from_conversation]
+	* @param {Uint8Array} conversation_id
+	* @param {(Uint8Array)[]} clients
+	* @returns {Promise<any>}
+	*/
+	remove_clients_from_conversation(conversation_id: Uint8Array, clients: (Uint8Array)[]): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<()>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::mark_conversation_as_child_of]
+	* @param {Uint8Array} child_id
+	* @param {Uint8Array} parent_id
+	* @returns {Promise<any>}
+	*/
+	mark_conversation_as_child_of(child_id: Uint8Array, parent_id: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<CommitBundle>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::update_keying_material]
+	* @param {Uint8Array} conversation_id
+	* @returns {Promise<any>}
+	*/
+	update_keying_material(conversation_id: Uint8Array): Promise<any>;
+	/**
+	* see [core_crypto::mls::context::CentralContext::commit_pending_proposals]
+	* @param {Uint8Array} conversation_id
+	* @returns {Promise<any>}
+	*/
+	commit_pending_proposals(conversation_id: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<()>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::wipe_conversation]
+	* @param {Uint8Array} conversation_id
+	* @returns {Promise<any>}
+	*/
+	wipe_conversation(conversation_id: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<DecryptedMessage>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::decrypt_message]
+	* @param {Uint8Array} conversation_id
+	* @param {Uint8Array} payload
+	* @returns {Promise<any>}
+	*/
+	decrypt_message(conversation_id: Uint8Array, payload: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<Uint8Array>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::encrypt_message]
+	* @param {Uint8Array} conversation_id
+	* @param {Uint8Array} message
+	* @returns {Promise<any>}
+	*/
+	encrypt_message(conversation_id: Uint8Array, message: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<js_sys::Uint8Array>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::new_add_proposal]
+	* @param {Uint8Array} conversation_id
+	* @param {Uint8Array} keypackage
+	* @returns {Promise<any>}
+	*/
+	new_add_proposal(conversation_id: Uint8Array, keypackage: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<js_sys::Uint8Array>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::new_update_proposal]
+	* @param {Uint8Array} conversation_id
+	* @returns {Promise<any>}
+	*/
+	new_update_proposal(conversation_id: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<js_sys::Uint8Array>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::new_remove_proposal]
+	* @param {Uint8Array} conversation_id
+	* @param {Uint8Array} client_id
+	* @returns {Promise<any>}
+	*/
+	new_remove_proposal(conversation_id: Uint8Array, client_id: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<js_sys::Uint8Array>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::new_external_add_proposal]
+	* @param {Uint8Array} conversation_id
+	* @param {number} epoch
+	* @param {Ciphersuite} ciphersuite
+	* @param {CredentialType} credential_type
+	* @returns {Promise<any>}
+	*/
+	new_external_add_proposal(conversation_id: Uint8Array, epoch: number, ciphersuite: Ciphersuite, credential_type: CredentialType): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<ConversationInitBundle>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::join_by_external_commit]
+	* @param {Uint8Array} group_info
+	* @param {CustomConfiguration} custom_configuration
+	* @param {CredentialType} credential_type
+	* @returns {Promise<any>}
+	*/
+	join_by_external_commit(group_info: Uint8Array, custom_configuration: CustomConfiguration, credential_type: CredentialType): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<()>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::merge_pending_group_from_external_commit]
+	* @param {Uint8Array} conversation_id
+	* @returns {Promise<any>}
+	*/
+	merge_pending_group_from_external_commit(conversation_id: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<()>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::clear_pending_group_from_external_commit]
+	* @param {Uint8Array} conversation_id
+	* @returns {Promise<any>}
+	*/
+	clear_pending_group_from_external_commit(conversation_id: Uint8Array): Promise<any>;
+	/**
+	* see [core_crypto::mls::context::CentralContext::commit_accepted]
+	* @param {Uint8Array} conversation_id
+	* @returns {Promise<any>}
+	*/
+	commit_accepted(conversation_id: Uint8Array): Promise<any>;
+	/**
+	* see [core_crypto::mls::context::CentralContext::clear_pending_proposal]
+	* @param {Uint8Array} conversation_id
+	* @param {Uint8Array} proposal_ref
+	* @returns {Promise<any>}
+	*/
+	clear_pending_proposal(conversation_id: Uint8Array, proposal_ref: Uint8Array): Promise<any>;
+	/**
+	* see [core_crypto::mls::context::CentralContext::clear_pending_commit]
+	* @param {Uint8Array} conversation_id
+	* @returns {Promise<any>}
+	*/
+	clear_pending_commit(conversation_id: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<js_sys::Uint8Array>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::random_bytes]
+	* @param {number} len
+	* @returns {Promise<any>}
+	*/
+	random_bytes(len: number): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<Vec<u8>>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::export_secret_key]
+	* @param {Uint8Array} conversation_id
+	* @param {number} key_length
+	* @returns {Promise<any>}
+	*/
+	export_secret_key(conversation_id: Uint8Array, key_length: number): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<Vec<u8>>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::get_external_sender]
+	* @param {Uint8Array} id
+	* @returns {Promise<any>}
+	*/
+	get_external_sender(id: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<Box<[js_sys::Uint8Array]>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::get_client_ids]
+	* @param {Uint8Array} conversation_id
+	* @returns {Promise<any>}
+	*/
+	get_client_ids(conversation_id: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<()>`]
+	*
+	* See [core_crypto::context::CentralContext::proteus_session_from_prekey]
+	* @param {string} session_id
+	* @param {Uint8Array} prekey
+	* @returns {Promise<any>}
+	*/
+	proteus_session_from_prekey(session_id: string, prekey: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<Vec<u8>>`]
+	*
+	* See [core_crypto::context::CentralContext::proteus_session_from_message]
+	* @param {string} session_id
+	* @param {Uint8Array} envelope
+	* @returns {Promise<any>}
+	*/
+	proteus_session_from_message(session_id: string, envelope: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<()>`]
+	*
+	* /// **Note**: This isn't usually needed as persisting sessions happens automatically when decrypting/encrypting messages and initializing Sessions
+	*
+	* See [core_crypto::context::CentralContext::proteus_session_save]
+	* @param {string} session_id
+	* @returns {Promise<any>}
+	*/
+	proteus_session_save(session_id: string): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<()>`]
+	*
+	* See [core_crypto::context::CentralContext::proteus_session_delete]
+	* @param {string} session_id
+	* @returns {Promise<any>}
+	*/
+	proteus_session_delete(session_id: string): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<bool>`]
+	*
+	* See [core_crypto::context::CentralContext::proteus_session_exists]
+	* @param {string} session_id
+	* @returns {Promise<any>}
+	*/
+	proteus_session_exists(session_id: string): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<Vec<u8>>`]
+	*
+	* See [core_crypto::context::CentralContext::proteus_decrypt]
+	* @param {string} session_id
+	* @param {Uint8Array} ciphertext
+	* @returns {Promise<any>}
+	*/
+	proteus_decrypt(session_id: string, ciphertext: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<js_sys::Uint8Array>`]
+	*
+	* See [core_crypto::context::CentralContext::proteus_encrypt]
+	* @param {string} session_id
+	* @param {Uint8Array} plaintext
+	* @returns {Promise<any>}
+	*/
+	proteus_encrypt(session_id: string, plaintext: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<js_sys::Map<string, Uint8Array>>`]
+	*
+	* See [core_crypto::context::CentralContext::proteus_encrypt_batched]
+	* @param {(string)[]} sessions
+	* @param {Uint8Array} plaintext
+	* @returns {Promise<any>}
+	*/
+	proteus_encrypt_batched(sessions: (string)[], plaintext: Uint8Array): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<Uint8Array>`]
+	*
+	* See [core_crypto::context::CentralContext::proteus_new_prekey]
+	* @param {number} prekey_id
+	* @returns {Promise<any>}
+	*/
+	proteus_new_prekey(prekey_id: number): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<ProteusAutoPrekeyBundle>`]
+	*
+	* See [core_crypto::context::CentralContext::proteus_new_prekey_auto]
+	* @returns {Promise<any>}
+	*/
+	proteus_new_prekey_auto(): Promise<any>;
+	/**
+	* Returns [`WasmCryptoResult<Uint8Array>`]
+	*
+	* See [core_crypto::context::CentralContext::proteus_last_resort_prekey]
+	* @returns {Promise<any>}
+	*/
+	proteus_last_resort_prekey(): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<u16>`]
+	*
+	* See [core_crypto::context::CentralContext::proteus_last_resort_prekey_id]
+	* @returns {number}
+	*/
+	static proteus_last_resort_prekey_id(): number;
+	/**
+	* Returns: [`WasmCryptoResult<String>`]
+	*
+	* See [core_crypto::context::CentralContext::proteus_fingerprint]
+	* @returns {Promise<string>}
+	*/
+	proteus_fingerprint(): Promise<string>;
+	/**
+	* Returns: [`WasmCryptoResult<String>`]
+	*
+	* see [core_crypto::proteus::ProteusCentral::fingerprint_local]
+	* @param {string} session_id
+	* @returns {Promise<string>}
+	*/
+	proteus_fingerprint_local(session_id: string): Promise<string>;
+	/**
+	* Returns: [`WasmCryptoResult<String>`]
+	*
+	* See [core_crypto::context::CentralContext::proteus_fingerprint_remote]
+	* @param {string} session_id
+	* @returns {Promise<string>}
+	*/
+	proteus_fingerprint_remote(session_id: string): Promise<string>;
+	/**
+	* Returns: [`WasmCryptoResult<String>`]
+	*
+	* See [core_crypto::proteus::ProteusCentral::fingerprint_prekeybundle]
+	* @param {Uint8Array} prekey
+	* @returns {string}
+	*/
+	static proteus_fingerprint_prekeybundle(prekey: Uint8Array): string;
+	/**
+	* Returns: [`WasmCryptoResult<()>`]
+	*
+	* See [core_crypto::context::CentralContext::proteus_cryptobox_migrate]
+	* @param {string} path
+	* @returns {Promise<any>}
+	*/
+	proteus_cryptobox_migrate(path: string): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<u32>`]
+	*
+	* NOTE: This will clear the last error code.
+	* @returns {Promise<any>}
+	*/
+	proteus_last_error_code(): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<E2eiEnrollment>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::e2ei_new_enrollment]
+	* @param {string} client_id
+	* @param {string} display_name
+	* @param {string} handle
+	* @param {string | undefined} team
+	* @param {number} expiry_sec
+	* @param {Ciphersuite} ciphersuite
+	* @returns {Promise<any>}
+	*/
+	e2ei_new_enrollment(client_id: string, display_name: string, handle: string, team: string | undefined, expiry_sec: number, ciphersuite: Ciphersuite): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<E2eiEnrollment>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::e2ei_new_activation_enrollment]
+	* @param {string} display_name
+	* @param {string} handle
+	* @param {string | undefined} team
+	* @param {number} expiry_sec
+	* @param {Ciphersuite} ciphersuite
+	* @returns {Promise<any>}
+	*/
+	e2ei_new_activation_enrollment(display_name: string, handle: string, team: string | undefined, expiry_sec: number, ciphersuite: Ciphersuite): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<E2eiEnrollment>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::e2ei_new_rotate_enrollment]
+	* @param {string | undefined} display_name
+	* @param {string | undefined} handle
+	* @param {string | undefined} team
+	* @param {number} expiry_sec
+	* @param {Ciphersuite} ciphersuite
+	* @returns {Promise<any>}
+	*/
+	e2ei_new_rotate_enrollment(display_name: string | undefined, handle: string | undefined, team: string | undefined, expiry_sec: number, ciphersuite: Ciphersuite): Promise<any>;
+	/**
+	* See [core_crypto::mls::context::CentralContext::e2ei_dump_pki_env]
+	* @returns {Promise<Promise<any>>}
+	*/
+	e2ei_dump_pki_env(): Promise<Promise<any>>;
+	/**
+	* See [core_crypto::mls::context::CentralContext::e2ei_is_pki_env_setup]
+	* @returns {Promise<Promise<any>>}
+	*/
+	e2ei_is_pki_env_setup(): Promise<Promise<any>>;
+	/**
+	* See [core_crypto::mls::context::CentralContext::e2ei_register_acme_ca]
+	* @param {string} trust_anchor_pem
+	* @returns {Promise<Promise<any>>}
+	*/
+	e2ei_register_acme_ca(trust_anchor_pem: string): Promise<Promise<any>>;
+	/**
+	* See [core_crypto::mls::context::CentralContext::e2ei_register_intermediate_ca]
+	* @param {string} cert_pem
+	* @returns {Promise<Promise<any>>}
+	*/
+	e2ei_register_intermediate_ca(cert_pem: string): Promise<Promise<any>>;
+	/**
+	* See [core_crypto::mls::context::CentralContext::e2ei_register_crl]
+	* @param {string} crl_dp
+	* @param {Uint8Array} crl_der
+	* @returns {Promise<Promise<any>>}
+	*/
+	e2ei_register_crl(crl_dp: string, crl_der: Uint8Array): Promise<Promise<any>>;
+	/**
+	* see [core_crypto::mls::context::CentralContext::e2ei_mls_init_only]
+	* @param {FfiWireE2EIdentity} enrollment
+	* @param {string} certificate_chain
+	* @param {number | undefined} [nb_key_package]
+	* @returns {Promise<any>}
+	*/
+	e2ei_mls_init_only(enrollment: FfiWireE2EIdentity, certificate_chain: string, nb_key_package?: number): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<CommitBundle>`]
+	* see [core_crypto::context::CentralContext::e2ei_rotate]
+	* @param {Uint8Array} conversation_id
+	* @returns {Promise<any>}
+	*/
+	e2ei_rotate(conversation_id: Uint8Array): Promise<any>;
+	/**
+	* see [core_crypto::mls::context::CentralContext::e2ei_rotate_all]
+	* @param {FfiWireE2EIdentity} enrollment
+	* @param {string} certificate_chain
+	* @param {number} new_key_packages_count
+	* @returns {Promise<any>}
+	*/
+	e2ei_rotate_all(enrollment: FfiWireE2EIdentity, certificate_chain: string, new_key_packages_count: number): Promise<any>;
+	/**
+	* see [core_crypto::mls::context::CentralContext::e2ei_enrollment_stash]
+	* @param {FfiWireE2EIdentity} enrollment
+	* @returns {Promise<any>}
+	*/
+	e2ei_enrollment_stash(enrollment: FfiWireE2EIdentity): Promise<any>;
+	/**
+	* see [core_crypto::mls::context::CentralContext::e2ei_enrollment_stash_pop]
+	* @param {Uint8Array} handle
+	* @returns {Promise<any>}
+	*/
+	e2ei_enrollment_stash_pop(handle: Uint8Array): Promise<any>;
+	/**
+	* Returns [`WasmCryptoResult<u8>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::e2ei_conversation_state]
+	* @param {Uint8Array} conversation_id
+	* @returns {Promise<any>}
+	*/
+	e2ei_conversation_state(conversation_id: Uint8Array): Promise<any>;
+	/**
+	* Returns [`WasmCryptoResult<bool>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::e2ei_is_enabled]
+	* @param {Ciphersuite} ciphersuite
+	* @returns {Promise<any>}
+	*/
+	e2ei_is_enabled(ciphersuite: Ciphersuite): Promise<any>;
+	/**
+	* Returns [`WasmCryptoResult<Vec<WireIdentity>>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::get_device_identities]
+	* @param {Uint8Array} conversation_id
+	* @param {(Uint8Array)[]} device_ids
+	* @returns {Promise<any>}
+	*/
+	get_device_identities(conversation_id: Uint8Array, device_ids: (Uint8Array)[]): Promise<any>;
+	/**
+	* Returns [`WasmCryptoResult<HashMap<String, Vec<WireIdentity>>>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::get_user_identities]
+	* @param {Uint8Array} conversation_id
+	* @param {(string)[]} user_ids
+	* @returns {Promise<any>}
+	*/
+	get_user_identities(conversation_id: Uint8Array, user_ids: (string)[]): Promise<any>;
+	/**
+	* Returns: [`WasmCryptoResult<u8>`]
+	*
+	* see [core_crypto::mls::context::CentralContext::get_credential_in_use]
+	* @param {Uint8Array} group_info
+	* @param {CredentialType} credential_type
+	* @returns {Promise<any>}
+	*/
+	get_credential_in_use(group_info: Uint8Array, credential_type: CredentialType): Promise<any>;
+}
+declare class CoreCryptoWasmLogger {
+	free(): void;
+	/**
+	* @param {Function} logger
+	* @param {any} ctx
+	*/
+	constructor(logger: Function, ctx: any);
+}
+/**
+* see [core_crypto::prelude::MlsCustomConfiguration]
+*/
+declare class CustomConfiguration {
+	free(): void;
+	/**
+	* @param {number | undefined} [key_rotation_span]
+	* @param {WirePolicy | undefined} [wire_policy]
+	*/
+	constructor(key_rotation_span?: number, wire_policy?: WirePolicy);
+}
+/**
 * Dump of the PKI environemnt as PEM
 */
 export class E2eiDumpedPkiEnv {
@@ -36,6 +715,116 @@ export class E2eiDumpedPkiEnv {
 	*/
 	readonly root_ca: string;
 }
+declare class FfiWireE2EIdentity {
+	free(): void;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::directory_response]
+	* @param {Uint8Array} directory
+	* @returns {Promise<any>}
+	*/
+	directory_response(directory: Uint8Array): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::new_account_request]
+	* @param {string} previous_nonce
+	* @returns {Promise<any>}
+	*/
+	new_account_request(previous_nonce: string): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::new_account_response]
+	* @param {Uint8Array} account
+	* @returns {Promise<any>}
+	*/
+	new_account_response(account: Uint8Array): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::new_order_request]
+	* @param {string} previous_nonce
+	* @returns {Promise<any>}
+	*/
+	new_order_request(previous_nonce: string): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::new_order_response]
+	* @param {Uint8Array} order
+	* @returns {Promise<any>}
+	*/
+	new_order_response(order: Uint8Array): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::new_authz_request]
+	* @param {string} url
+	* @param {string} previous_nonce
+	* @returns {Promise<any>}
+	*/
+	new_authz_request(url: string, previous_nonce: string): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::new_authz_response]
+	* @param {Uint8Array} authz
+	* @returns {Promise<any>}
+	*/
+	new_authz_response(authz: Uint8Array): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::create_dpop_token]
+	* @param {number} expiry_secs
+	* @param {string} backend_nonce
+	* @returns {Promise<any>}
+	*/
+	create_dpop_token(expiry_secs: number, backend_nonce: string): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::new_dpop_challenge_request]
+	* @param {string} access_token
+	* @param {string} previous_nonce
+	* @returns {Promise<any>}
+	*/
+	new_dpop_challenge_request(access_token: string, previous_nonce: string): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::new_dpop_challenge_response]
+	* @param {Uint8Array} challenge
+	* @returns {Promise<any>}
+	*/
+	new_dpop_challenge_response(challenge: Uint8Array): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::new_oidc_challenge_request]
+	* @param {string} id_token
+	* @param {string} previous_nonce
+	* @returns {Promise<any>}
+	*/
+	new_oidc_challenge_request(id_token: string, previous_nonce: string): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::new_oidc_challenge_response]
+	* @param {Uint8Array} challenge
+	* @returns {Promise<any>}
+	*/
+	new_oidc_challenge_response(challenge: Uint8Array): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::check_order_request]
+	* @param {string} order_url
+	* @param {string} previous_nonce
+	* @returns {Promise<any>}
+	*/
+	check_order_request(order_url: string, previous_nonce: string): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::check_order_response]
+	* @param {Uint8Array} order
+	* @returns {Promise<any>}
+	*/
+	check_order_response(order: Uint8Array): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::finalize_request]
+	* @param {string} previous_nonce
+	* @returns {Promise<any>}
+	*/
+	finalize_request(previous_nonce: string): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::finalize_response]
+	* @param {Uint8Array} finalize
+	* @returns {Promise<any>}
+	*/
+	finalize_response(finalize: Uint8Array): Promise<any>;
+	/**
+	* See [core_crypto::e2e_identity::WireE2eIdentity::certificate_request]
+	* @param {string} previous_nonce
+	* @returns {Promise<any>}
+	*/
+	certificate_request(previous_nonce: string): Promise<any>;
+}
 /**
 * Result of an authorization creation.
 * @see https://www.rfc-editor.org/rfc/rfc8555.html#section-7.5
@@ -62,12 +851,687 @@ export class NewAcmeAuthz {
 export class NewAcmeOrder {
 	free(): void;
 	/**
-	*/
-	readonly authorizations: (Uint8Array)[];
+	*/
+	readonly authorizations: (Uint8Array)[];
+	/**
+	* Contains raw JSON data of this order. This is parsed by the underlying Rust library hence should not be accessed
+	*/
+	readonly delegate: Uint8Array;
+}
+declare class WireIdentity {
+	free(): void;
+	/**
+	*/
+	readonly client_id: string;
+	/**
+	*/
+	readonly credential_type: number;
+	/**
+	*/
+	readonly status: number;
+	/**
+	*/
+	readonly thumbprint: string;
+	/**
+	*/
+	readonly x509_identity: X509Identity | undefined;
+}
+declare class X509Identity {
+	free(): void;
+	/**
+	*/
+	readonly certificate: string;
+	/**
+	*/
+	readonly display_name: string;
+	/**
+	*/
+	readonly domain: string;
+	/**
+	*/
+	readonly handle: string;
+	/**
+	*/
+	readonly not_after: bigint;
+	/**
+	*/
+	readonly not_before: bigint;
+	/**
+	*/
+	readonly serial_number: string;
+}
+declare class CoreCryptoContext$1 {
+	#private;
+	/** @hidden */
+	private constructor();
+	/** @hidden */
+	static fromFfiContext(ctx: CoreCryptoContext): CoreCryptoContext$1;
+	/**
+	 * Set arbitrary data to be retrieved by {@link getData}.
+	 * This is meant to be used as a check point at the end of a transaction.
+	 * The data should be limited to a reasonable size.
+	 */
+	setData(data: Uint8Array): Promise<void>;
+	/**
+	 * Get data if it has previously been set by {@link setData}, or `undefined` otherwise.
+	 * This is meant to be used as a check point at the end of a transaction.
+	 */
+	getData(): Promise<Uint8Array | undefined>;
+	/**
+	 * Use this after {@link CoreCrypto.deferredInit} when you have a clientId. It initializes MLS.
+	 *
+	 * @param clientId - {@link CoreCryptoParams#clientId} but required
+	 * @param ciphersuites - All the ciphersuites supported by this MLS client
+	 * @param nbKeyPackage - number of initial KeyPackage to create when initializing the client
+	 */
+	mlsInit(clientId: ClientId, ciphersuites: Ciphersuite$1[], nbKeyPackage?: number): Promise<void>;
+	/**
+	 * Generates a MLS KeyPair/CredentialBundle with a temporary, random client ID.
+	 * This method is designed to be used in conjunction with {@link CoreCryptoContext.mlsInitWithClientId} and represents the first step in this process
+	 *
+	 * @param ciphersuites - All the ciphersuites supported by this MLS client
+	 * @returns This returns the TLS-serialized identity key (i.e. the signature keypair's public key)
+	 */
+	mlsGenerateKeypair(ciphersuites: Ciphersuite$1[]): Promise<Uint8Array[]>;
+	/**
+	 * Updates the current temporary Client ID with the newly provided one. This is the second step in the externally-generated clients process
+	 *
+	 * Important: This is designed to be called after {@link CoreCryptoContext.mlsGenerateKeypair}
+	 *
+	 * @param clientId - The newly-allocated client ID by the MLS Authentication Service
+	 * @param signaturePublicKeys - The public key you were given at the first step; This is for authentication purposes
+	 * @param ciphersuites - All the ciphersuites supported by this MLS client
+	 */
+	mlsInitWithClientId(clientId: ClientId, signaturePublicKeys: Uint8Array[], ciphersuites: Ciphersuite$1[]): Promise<void>;
+	/**
+	 * Checks if the Client is member of a given conversation and if the MLS Group is loaded up
+	 *
+	 * @returns Whether the given conversation ID exists
+	 *
+	 * @example
+	 * ```ts
+	 *  const cc = await CoreCrypto.init({ databaseName: "test", key: "test", clientId: "test" });
+	 *  const encoder = new TextEncoder();
+	 *  if (await cc.conversationExists(encoder.encode("my super chat"))) {
+	 *    // Do something
+	 *  } else {
+	 *    // Do something else
+	 *  }
+	 * ```
+	 */
+	conversationExists(conversationId: ConversationId): Promise<boolean>;
+	/**
+	 * Marks a conversation as child of another one
+	 * This will mostly affect the behavior of the callbacks (the parentConversationClients parameter will be filled)
+	 *
+	 * @param childId - conversation identifier of the child conversation
+	 * @param parentId - conversation identifier of the parent conversation
+	 */
+	markConversationAsChildOf(childId: ConversationId, parentId: ConversationId): Promise<void>;
+	/**
+	 * Returns the current epoch of a conversation
+	 *
+	 * @returns the epoch of the conversation
+	 *
+	 * @example
+	 * ```ts
+	 *  const cc = await CoreCrypto.init({ databaseName: "test", key: "test", clientId: "test" });
+	 *  const encoder = new TextEncoder();
+	 *  console.log(await cc.conversationEpoch(encoder.encode("my super chat")))
+	 * ```
+	 */
+	conversationEpoch(conversationId: ConversationId): Promise<number>;
+	/**
+	 * Returns the ciphersuite of a conversation
+	 *
+	 * @returns the ciphersuite of the conversation
+	 */
+	conversationCiphersuite(conversationId: ConversationId): Promise<Ciphersuite$1>;
+	/**
+	 * Wipes and destroys the local storage of a given conversation / MLS group
+	 *
+	 * @param conversationId - The ID of the conversation to remove
+	 */
+	wipeConversation(conversationId: ConversationId): Promise<void>;
+	/**
+	 * Creates a new conversation with the current client being the sole member
+	 * You will want to use {@link addClientsToConversation} afterwards to add clients to this conversation
+	 *
+	 * @param conversationId - The conversation ID; You can either make them random or let the backend attribute MLS group IDs
+	 * @param creatorCredentialType - kind of credential the creator wants to create the group with
+	 * @param configuration - configuration of the MLS group
+	 * @param configuration.ciphersuite - The {@link Ciphersuite} that is chosen to be the group's
+	 * @param configuration.externalSenders - Array of Client IDs that are qualified as external senders within the group
+	 * @param configuration.custom - {@link CustomConfiguration}
+	 */
+	createConversation(conversationId: ConversationId, creatorCredentialType: CredentialType$1, configuration?: ConversationConfiguration$1): Promise<any>;
+	/**
+	 * Decrypts a message for a given conversation.
+	 *
+	 * Note: you should catch & ignore the following error reasons:
+	 * * "We already decrypted this message once"
+	 * * "You tried to join with an external commit but did not merge it yet. We will reapply this message for you when you merge your external commit"
+	 * * "Incoming message is for a future epoch. We will buffer it until the commit for that epoch arrives"
+	 *
+	 * @param conversationId - The ID of the conversation
+	 * @param payload - The encrypted message buffer
+	 *
+	 * @returns a {@link DecryptedMessage}. Note that {@link DecryptedMessage#message} is `undefined` when the encrypted payload contains a system message such a proposal or commit
+	 */
+	decryptMessage(conversationId: ConversationId, payload: Uint8Array): Promise<DecryptedMessage>;
+	/**
+	 * Encrypts a message for a given conversation
+	 *
+	 * @param conversationId - The ID of the conversation
+	 * @param message - The plaintext message to encrypt
+	 *
+	 * @returns The encrypted payload for the given group. This needs to be fanned out to the other members of the group.
+	 */
+	encryptMessage(conversationId: ConversationId, message: Uint8Array): Promise<Uint8Array>;
+	/**
+	 * Ingest a TLS-serialized MLS welcome message to join an existing MLS group
+	 *
+	 * Important: you have to catch the error with this reason "Although this Welcome seems valid, the local KeyPackage
+	 * it references has already been deleted locally. Join this group with an external commit", ignore it and then try
+	 * to join this group with an external commit.
+	 *
+	 * @param welcomeMessage - TLS-serialized MLS Welcome message
+	 * @param configuration - configuration of the MLS group
+	 * @returns The conversation ID of the newly joined group. You can use the same ID to decrypt/encrypt messages
+	 */
+	processWelcomeMessage(welcomeMessage: Uint8Array, configuration?: CustomConfiguration$1): Promise<WelcomeBundle>;
+	/**
+	 * Get the client's public signature key. To upload to the DS for further backend side validation
+	 *
+	 * @param ciphersuite - of the signature key to get
+	 * @param credentialType - of the public key to look for
+	 * @returns the client's public signature key
+	 */
+	clientPublicKey(ciphersuite: Ciphersuite$1, credentialType: CredentialType$1): Promise<Uint8Array>;
+	/**
+	 *
+	 * @param ciphersuite - of the KeyPackages to count
+	 * @param credentialType - of the KeyPackages to count
+	 * @returns The amount of valid, non-expired KeyPackages that are persisted in the backing storage
+	 */
+	clientValidKeypackagesCount(ciphersuite: Ciphersuite$1, credentialType: CredentialType$1): Promise<number>;
+	/**
+	 * Fetches a requested amount of keypackages
+	 *
+	 * @param ciphersuite - of the KeyPackages to generate
+	 * @param credentialType - of the KeyPackages to generate
+	 * @param amountRequested - The amount of keypackages requested
+	 * @returns An array of length `amountRequested` containing TLS-serialized KeyPackages
+	 */
+	clientKeypackages(ciphersuite: Ciphersuite$1, credentialType: CredentialType$1, amountRequested: number): Promise<Array<Uint8Array>>;
+	/**
+	 * Prunes local KeyPackages after making sure they also have been deleted on the backend side
+	 * You should only use this after {@link CoreCryptoContext.e2eiRotateAll}
+	 *
+	 * @param refs - KeyPackage references to delete obtained from a {RotateBundle}
+	 */
+	deleteKeypackages(refs: Uint8Array[]): Promise<void>;
+	/**
+	 * Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation.
+	 *
+	 * **CAUTION**: {@link CoreCryptoContext.commitAccepted} **HAS TO** be called afterward **ONLY IF** the Delivery Service responds
+	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
+	 * epoch, use new encryption secrets etc...
+	 *
+	 * @param conversationId - The ID of the conversation
+	 * @param keyPackages - KeyPackages of the new clients to add
+	 *
+	 * @returns A {@link CommitBundle}
+	 */
+	addClientsToConversation(conversationId: ConversationId, keyPackages: Uint8Array[]): Promise<MemberAddedMessages>;
+	/**
+	 * Removes the provided clients from a conversation; Assuming those clients exist and the current client is allowed
+	 * to do so, otherwise this operation does nothing.
+	 *
+	 * **CAUTION**: {@link CoreCryptoContext.commitAccepted} **HAS TO** be called afterward **ONLY IF** the Delivery Service responds
+	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
+	 * epoch, use new encryption secrets etc...
+	 *
+	 * @param conversationId - The ID of the conversation
+	 * @param clientIds - Array of Client IDs to remove.
+	 *
+	 * @returns A {@link CommitBundle}
+	 */
+	removeClientsFromConversation(conversationId: ConversationId, clientIds: ClientId[]): Promise<CommitBundle>;
+	/**
+	 * Creates an update commit which forces every client to update their LeafNode in the conversation
+	 *
+	 * **CAUTION**: {@link CoreCryptoContext.commitAccepted} **HAS TO** be called afterward **ONLY IF** the Delivery Service responds
+	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
+	 * epoch, use new encryption secrets etc...
+	 *
+	 * @param conversationId - The ID of the conversation
+	 *
+	 * @returns A {@link CommitBundle}
+	 */
+	updateKeyingMaterial(conversationId: ConversationId): Promise<CommitBundle>;
+	/**
+	 * Commits the local pending proposals and returns the {@link CommitBundle} object containing what can result from this operation.
+	 *
+	 * **CAUTION**: {@link CoreCryptoContext.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
+	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
+	 * epoch, use new encryption secrets etc...
+	 *
+	 * @param conversationId - The ID of the conversation
+	 *
+	 * @returns A {@link CommitBundle} or `undefined` when there was no pending proposal to commit
+	 */
+	commitPendingProposals(conversationId: ConversationId): Promise<CommitBundle | undefined>;
+	/**
+	 * Creates a new proposal for the provided Conversation ID
+	 *
+	 * @param proposalType - The type of proposal, see {@link ProposalType}
+	 * @param args - The arguments of the proposal, see {@link ProposalArgs}, {@link AddProposalArgs} or {@link RemoveProposalArgs}
+	 *
+	 * @returns A {@link ProposalBundle} containing the Proposal and its reference in order to roll it back if necessary
+	 */
+	newProposal(proposalType: ProposalType, args: ProposalArgs | AddProposalArgs | RemoveProposalArgs): Promise<ProposalBundle>;
+	/**
+	 * Creates a new external Add proposal for self client to join a conversation.
+	 */
+	newExternalProposal(externalProposalType: ExternalProposalType, args: ExternalAddProposalArgs): Promise<Uint8Array>;
+	/**
+	 * Allows to create an external commit to "apply" to join a group through its GroupInfo.
+	 *
+	 * If the Delivery Service accepts the external commit, you have to {@link CoreCryptoContext.mergePendingGroupFromExternalCommit}
+	 * in order to get back a functional MLS group. On the opposite, if it rejects it, you can either retry by just
+	 * calling again {@link CoreCryptoContext.joinByExternalCommit}, no need to {@link CoreCryptoContext.clearPendingGroupFromExternalCommit}.
+	 * If you want to abort the operation (too many retries or the user decided to abort), you can use
+	 * {@link CoreCryptoContext.clearPendingGroupFromExternalCommit} in order not to bloat the user's storage but nothing
+	 * bad can happen if you forget to except some storage space wasted.
+	 *
+	 * @param groupInfo - a TLS encoded GroupInfo fetched from the Delivery Service
+	 * @param credentialType - kind of Credential to use for joining this group. If {@link CredentialType.Basic} is
+	 * chosen and no Credential has been created yet for it, a new one will be generated.
+	 * @param configuration - configuration of the MLS group
+	 * When {@link CredentialType.X509} is chosen, it fails when no Credential has been created for the given {@link Ciphersuite}.
+	 * @returns see {@link ConversationInitBundle}
+	 */
+	joinByExternalCommit(groupInfo: Uint8Array, credentialType: CredentialType$1, configuration?: CustomConfiguration$1): Promise<ConversationInitBundle>;
+	/**
+	 * This merges the commit generated by {@link CoreCryptoContext.joinByExternalCommit}, persists the group permanently
+	 * and deletes the temporary one. This step makes the group operational and ready to encrypt/decrypt message
+	 *
+	 * @param conversationId - The ID of the conversation
+	 * @returns eventually decrypted buffered messages if any
+	 */
+	mergePendingGroupFromExternalCommit(conversationId: ConversationId): Promise<BufferedDecryptedMessage[] | undefined>;
+	/**
+	 * In case the external commit generated by {@link CoreCryptoContext.joinByExternalCommit} is rejected by the Delivery Service, and we
+	 * want to abort this external commit once for all, we can wipe out the pending group from the keystore in order
+	 * not to waste space
+	 *
+	 * @param conversationId - The ID of the conversation
+	 */
+	clearPendingGroupFromExternalCommit(conversationId: ConversationId): Promise<void>;
+	/**
+	 * Allows to mark the latest commit produced as "accepted" and be able to safely merge it into the local group state
+	 *
+	 * @param conversationId - The group's ID
+	 * @returns the messages from current epoch which had been buffered, if any
+	 */
+	commitAccepted(conversationId: ConversationId): Promise<BufferedDecryptedMessage[] | undefined>;
+	/**
+	 * Allows to remove a pending proposal (rollback). Use this when backend rejects the proposal you just sent e.g. if permissions have changed meanwhile.
+	 *
+	 * **CAUTION**: only use this when you had an explicit response from the Delivery Service
+	 * e.g. 403 or 409. Do not use otherwise e.g. 5xx responses, timeout etc…
+	 *
+	 * @param conversationId - The group's ID
+	 * @param proposalRef - A reference to the proposal to delete. You get one when using {@link CoreCryptoContext.newProposal}
+	 */
+	clearPendingProposal(conversationId: ConversationId, proposalRef: ProposalRef): Promise<void>;
+	/**
+	 * Allows to remove a pending commit (rollback). Use this when backend rejects the commit you just sent e.g. if permissions have changed meanwhile.
+	 *
+	 * **CAUTION**: only use this when you had an explicit response from the Delivery Service
+	 * e.g. 403. Do not use otherwise e.g. 5xx responses, timeout etc..
+	 * **DO NOT** use when Delivery Service responds 409, pending state will be renewed
+	 * in {@link CoreCryptoContext.decryptMessage}
+	 *
+	 * @param conversationId - The group's ID
+	 */
+	clearPendingCommit(conversationId: ConversationId): Promise<void>;
+	/**
+	 * Derives a new key from the group
+	 *
+	 * @param conversationId - The group's ID
+	 * @param keyLength - the length of the key to be derived. If the value is higher than the
+	 * bounds of `u16` or the context hash * 255, an error will be returned
+	 *
+	 * @returns A `Uint8Array` representing the derived key
+	 */
+	exportSecretKey(conversationId: ConversationId, keyLength: number): Promise<Uint8Array>;
+	/**
+	 * Returns the raw public key of the single external sender present in this group.
+	 * This should be used to initialize a subconversation
+	 *
+	 * @param conversationId - The group's ID
+	 *
+	 * @returns A `Uint8Array` representing the external sender raw public key
+	 */
+	getExternalSender(conversationId: ConversationId): Promise<Uint8Array>;
+	/**
+	 * Returns all clients from group's members
+	 *
+	 * @param conversationId - The group's ID
+	 *
+	 * @returns A list of clients from the members of the group
+	 */
+	getClientIds(conversationId: ConversationId): Promise<ClientId[]>;
+	/**
+	 * Allows {@link CoreCryptoContext} to act as a CSPRNG provider
+	 * @note The underlying CSPRNG algorithm is ChaCha20 and takes in account the external seed provider.
+	 *
+	 * @param length - The number of bytes to be returned in the `Uint8Array`
+	 *
+	 * @returns A `Uint8Array` buffer that contains `length` cryptographically-secure random bytes
+	 */
+	randomBytes(length: number): Promise<Uint8Array>;
+	/**
+	 * Create a Proteus session using a prekey
+	 *
+	 * @param sessionId - ID of the Proteus session
+	 * @param prekey - CBOR-encoded Proteus prekey of the other client
+	 */
+	proteusSessionFromPrekey(sessionId: string, prekey: Uint8Array): Promise<void>;
+	/**
+	 * Create a Proteus session from a handshake message
+	 *
+	 * @param sessionId - ID of the Proteus session
+	 * @param envelope - CBOR-encoded Proteus message
+	 *
+	 * @returns A `Uint8Array` containing the message that was sent along with the session handshake
+	 */
+	proteusSessionFromMessage(sessionId: string, envelope: Uint8Array): Promise<Uint8Array>;
+	/**
+	 * Locally persists a session to the keystore
+	 *
+	 * **Note**: This isn't usually needed as persisting sessions happens automatically when decrypting/encrypting messages and initializing Sessions
+	 *
+	 * @param sessionId - ID of the Proteus session
+	 */
+	proteusSessionSave(sessionId: string): Promise<void>;
+	/**
+	 * Deletes a session
+	 * Note: this also deletes the persisted data within the keystore
+	 *
+	 * @param sessionId - ID of the Proteus session
+	 */
+	proteusSessionDelete(sessionId: string): Promise<void>;
+	/**
+	 * Checks if a session exists
+	 *
+	 * @param sessionId - ID of the Proteus session
+	 *
+	 * @returns whether the session exists or not
+	 */
+	proteusSessionExists(sessionId: string): Promise<boolean>;
+	/**
+	 * Decrypt an incoming message for an existing Proteus session
+	 *
+	 * @param sessionId - ID of the Proteus session
+	 * @param ciphertext - CBOR encoded, encrypted proteus message
+	 * @returns The decrypted payload contained within the message
+	 */
+	proteusDecrypt(sessionId: string, ciphertext: Uint8Array): Promise<Uint8Array>;
+	/**
+	 * Encrypt a message for a given Proteus session
+	 *
+	 * @param sessionId - ID of the Proteus session
+	 * @param plaintext - payload to encrypt
+	 * @returns The CBOR-serialized encrypted message
+	 */
+	proteusEncrypt(sessionId: string, plaintext: Uint8Array): Promise<Uint8Array>;
+	/**
+	 * Batch encryption for proteus messages
+	 * This is used to minimize FFI roundtrips when used in the context of a multi-client session (i.e. conversation)
+	 *
+	 * @param sessions - List of Proteus session IDs to encrypt the message for
+	 * @param plaintext - payload to encrypt
+	 * @returns A map indexed by each session ID and the corresponding CBOR-serialized encrypted message for this session
+	 */
+	proteusEncryptBatched(sessions: string[], plaintext: Uint8Array): Promise<Map<string, Uint8Array>>;
+	/**
+	 * Creates a new prekey with the requested ID.
+	 *
+	 * @param prekeyId - ID of the PreKey to generate. This cannot be bigger than a u16
+	 * @returns: A CBOR-serialized version of the PreKeyBundle corresponding to the newly generated and stored PreKey
+	 */
+	proteusNewPrekey(prekeyId: number): Promise<Uint8Array>;
+	/**
+	 * Creates a new prekey with an automatically generated ID..
+	 *
+	 * @returns A CBOR-serialized version of the PreKeyBundle corresponding to the newly generated and stored PreKey accompanied by its ID
+	 */
+	proteusNewPrekeyAuto(): Promise<ProteusAutoPrekeyBundle>;
+	/**
+	 * Proteus last resort prekey stuff
+	 *
+	 * @returns A CBOR-serialize version of the PreKeyBundle associated with the last resort PreKey (holding the last resort prekey id)
+	 */
+	proteusLastResortPrekey(): Promise<Uint8Array>;
+	/**
+	 * @returns The last resort PreKey id
+	 */
+	static proteusLastResortPrekeyId(): number;
+	/**
+	 * Proteus public key fingerprint
+	 * It's basically the public key encoded as an hex string
+	 *
+	 * @returns Hex-encoded public key string
+	 */
+	proteusFingerprint(): Promise<string>;
+	/**
+	 * Proteus session local fingerprint
+	 *
+	 * @param sessionId - ID of the Proteus session
+	 * @returns Hex-encoded public key string
+	 */
+	proteusFingerprintLocal(sessionId: string): Promise<string>;
+	/**
+	 * Proteus session remote fingerprint
+	 *
+	 * @param sessionId - ID of the Proteus session
+	 * @returns Hex-encoded public key string
+	 */
+	proteusFingerprintRemote(sessionId: string): Promise<string>;
+	/**
+	 * Hex-encoded fingerprint of the given prekey
+	 *
+	 * @param prekey - the prekey bundle to get the fingerprint from
+	 * @returns Hex-encoded public key string
+	 **/
+	static proteusFingerprintPrekeybundle(prekey: Uint8Array): string;
+	/**
+	 * Imports all the data stored by Cryptobox into the CoreCrypto keystore
+	 *
+	 * @param storeName - The name of the IndexedDB store where the data is stored
+	 */
+	proteusCryptoboxMigrate(storeName: string): Promise<void>;
+	/**
+	 * Note: this call clears out the code and resets it to 0 (aka no error)
+	 * @returns the last proteus error code that occured.
+	 */
+	proteusLastErrorCode(): Promise<number>;
+	/**
+	 * Creates an enrollment instance with private key material you can use in order to fetch
+	 * a new x509 certificate from the acme server.
+	 *
+	 * @param clientId - client identifier e.g. `b7ac11a4-8f01-4527-af88-1c30885a7931:6add501bacd1d90e@example.com`
+	 * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
+	 * @param handle - user handle e.g. `alice.smith.qa@example.com`
+	 * @param expirySec - generated x509 certificate expiry
+	 * @param ciphersuite - for generating signing key material
+	 * @param team - name of the Wire team a user belongs to
+	 * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCryptoContext.e2eiMlsInitOnly}
+	 */
+	e2eiNewEnrollment(clientId: string, displayName: string, handle: string, expirySec: number, ciphersuite: Ciphersuite$1, team?: string): Promise<E2eiEnrollment>;
+	/**
+	 * Generates an E2EI enrollment instance for a "regular" client (with a Basic credential) willing to migrate to E2EI.
+	 * Once the enrollment is finished, use the instance in {@link CoreCryptoContext.e2eiRotateAll} to do the rotation.
+	 *
+	 * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
+	 * @param handle - user handle e.g. `alice.smith.qa@example.com`
+	 * @param expirySec - generated x509 certificate expiry
+	 * @param ciphersuite - for generating signing key material
+	 * @param team - name of the Wire team a user belongs to
+	 * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCryptoContext.e2eiRotateAll}
+	 */
+	e2eiNewActivationEnrollment(displayName: string, handle: string, expirySec: number, ciphersuite: Ciphersuite$1, team?: string): Promise<E2eiEnrollment>;
+	/**
+	 * Generates an E2EI enrollment instance for a E2EI client (with a X509 certificate credential)
+	 * having to change/rotate their credential, either because the former one is expired or it
+	 * has been revoked. It lets you change the DisplayName or the handle
+	 * if you need to. Once the enrollment is finished, use the instance in {@link CoreCryptoContext.e2eiRotateAll} to do the rotation.
+	 *
+	 * @param expirySec - generated x509 certificate expiry
+	 * @param ciphersuite - for generating signing key material
+	 * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
+	 * @param handle - user handle e.g. `alice.smith.qa@example.com`
+	 * @param team - name of the Wire team a user belongs to
+	 * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCryptoContext.e2eiRotateAll}
+	 */
+	e2eiNewRotateEnrollment(expirySec: number, ciphersuite: Ciphersuite$1, displayName?: string, handle?: string, team?: string): Promise<E2eiEnrollment>;
+	/**
+	 * Use this method to initialize end-to-end identity when a client signs up and the grace period is already expired ;
+	 * that means he cannot initialize with a Basic credential
+	 *
+	 * @param enrollment - the enrollment instance used to fetch the certificates
+	 * @param certificateChain - the raw response from ACME server
+	 * @param nbKeyPackage - number of initial KeyPackage to create when initializing the client
+	 * @returns a MlsClient initialized with only a x509 credential
+	 */
+	e2eiMlsInitOnly(enrollment: E2eiEnrollment, certificateChain: string, nbKeyPackage?: number): Promise<string[] | undefined>;
+	/**
+	 * Dumps the PKI environment as PEM
+	 *
+	 * @returns a struct with different fields representing the PKI environment as PEM strings
+	 */
+	e2eiDumpPKIEnv(): Promise<E2eiDumpedPkiEnv | undefined>;
+	/**
+	 * @returns whether the E2EI PKI environment is setup (i.e. Root CA, Intermediates, CRLs)
+	 */
+	e2eiIsPKIEnvSetup(): Promise<boolean>;
+	/**
+	 * Registers a Root Trust Anchor CA for the use in E2EI processing.
+	 *
+	 * Please note that without a Root Trust Anchor, all validations *will* fail;
+	 * So this is the first step to perform after initializing your E2EI client
+	 *
+	 * @param trustAnchorPEM - PEM certificate to anchor as a Trust Root
+	 */
+	e2eiRegisterAcmeCA(trustAnchorPEM: string): Promise<void>;
+	/**
+	 * Registers an Intermediate CA for the use in E2EI processing.
+	 *
+	 * Please note that a Root Trust Anchor CA is needed to validate Intermediate CAs;
+	 * You **need** to have a Root CA registered before calling this
+	 *
+	 * @param certPEM - PEM certificate to register as an Intermediate CA
+	 */
+	e2eiRegisterIntermediateCA(certPEM: string): Promise<string[] | undefined>;
+	/**
+	 * Registers a CRL for the use in E2EI processing.
+	 *
+	 * Please note that a Root Trust Anchor CA is needed to validate CRLs;
+	 * You **need** to have a Root CA registered before calling this
+	 *
+	 * @param crlDP - CRL Distribution Point; Basically the URL you fetched it from
+	 * @param crlDER - DER representation of the CRL
+	 *
+	 * @returns a {@link CRLRegistration} with the dirty state of the new CRL (see struct) and its expiration timestamp
+	 */
+	e2eiRegisterCRL(crlDP: string, crlDER: Uint8Array): Promise<CRLRegistration>;
+	/**
+	 * Creates an update commit which replaces your leaf containing basic credentials with a leaf node containing x509 credentials in the conversation.
+	 *
+	 * NOTE: you can only call this after you've completed the enrollment for an end-to-end identity, calling this without
+	 * a valid end-to-end identity will result in an error.
+	 *
+	 * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterward **ONLY IF** the Delivery Service responds
+	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
+	 * epoch, use new encryption secrets etc...
+	 *
+	 * @param conversationId - The ID of the conversation
+	 *
+	 * @returns A {@link CommitBundle}
+	 */
+	e2eiRotate(conversationId: ConversationId): Promise<CommitBundle>;
+	/**
+	 * Creates a commit in all local conversations for changing the credential. Requires first
+	 * having enrolled a new X509 certificate with either {@link CoreCryptoContext.e2eiNewActivationEnrollment}
+	 * or {@link CoreCryptoContext.e2eiNewRotateEnrollment}
+	 *
+	 * @param enrollment - the enrollment instance used to fetch the certificates
+	 * @param certificateChain - the raw response from ACME server
+	 * @param newKeyPackageCount - number of KeyPackages with new identity to generate
+	 * @returns a {@link RotateBundle} with commits to fan-out to other group members, KeyPackages to upload and old ones to delete
+	 */
+	e2eiRotateAll(enrollment: E2eiEnrollment, certificateChain: string, newKeyPackageCount: number): Promise<RotateBundle>;
+	/**
+	 * Allows persisting an active enrollment (for example while redirecting the user during OAuth) in order to resume
+	 * it later with {@link e2eiEnrollmentStashPop}
+	 *
+	 * @param enrollment the enrollment instance to persist
+	 * @returns a handle to fetch the enrollment later with {@link e2eiEnrollmentStashPop}
+	 */
+	e2eiEnrollmentStash(enrollment: E2eiEnrollment): Promise<Uint8Array>;
+	/**
+	 * Fetches the persisted enrollment and deletes it from the keystore
+	 *
+	 * @param handle returned by {@link e2eiEnrollmentStash}
+	 * @returns the persisted enrollment instance
+	 */
+	e2eiEnrollmentStashPop(handle: Uint8Array): Promise<E2eiEnrollment>;
+	/**
+	 * Indicates when to mark a conversation as not verified i.e. when not all its members have a X509.
+	 * Credential generated by Wire's end-to-end identity enrollment
+	 *
+	 * @param conversationId The group's ID
+	 * @returns the conversation state given current members
+	 */
+	e2eiConversationState(conversationId: ConversationId): Promise<E2eiConversationState>;
+	/**
+	 * Returns true when end-to-end-identity is enabled for the given Ciphersuite
+	 *
+	 * @param ciphersuite of the credential to check
+	 * @returns true if end-to-end identity is enabled for the given ciphersuite
+	 */
+	e2eiIsEnabled(ciphersuite: Ciphersuite$1): Promise<boolean>;
+	/**
+	 * From a given conversation, get the identity of the members supplied. Identity is only present for members with a
+	 * Certificate Credential (after turning on end-to-end identity).
+	 *
+	 * @param conversationId - identifier of the conversation
+	 * @param deviceIds - identifiers of the devices
+	 * @returns identities or if no member has a x509 certificate, it will return an empty List
+	 */
+	getDeviceIdentities(conversationId: ConversationId, deviceIds: ClientId[]): Promise<WireIdentity$1[]>;
+	/**
+	 * From a given conversation, get the identity of the users (device holders) supplied.
+	 * Identity is only present for devices with a Certificate Credential (after turning on end-to-end identity).
+	 * If no member has a x509 certificate, it will return an empty Vec.
+	 *
+	 * @param conversationId - identifier of the conversation
+	 * @param userIds - user identifiers hyphenated UUIDv4 e.g. 'bd4c7053-1c5a-4020-9559-cd7bf7961954'
+	 * @returns a Map with all the identities for a given users. Consumers are then recommended to reduce those identities to determine the actual status of a user.
+	 */
+	getUserIdentities(conversationId: ConversationId, userIds: string[]): Promise<Map<string, WireIdentity$1[]>>;
 	/**
-	* Contains raw JSON data of this order. This is parsed by the underlying Rust library hence should not be accessed
-	*/
-	readonly delegate: Uint8Array;
+	 * Gets the e2ei conversation state from a `GroupInfo`. Useful to check if the group has e2ei
+	 * turned on or not before joining it.
+	 *
+	 * @param groupInfo - a TLS encoded GroupInfo fetched from the Delivery Service
+	 * @param credentialType - kind of Credential to check usage of. Defaults to X509 for now as no other value will give any result.
+	 * @returns see {@link E2eiConversationState}
+	 */
+	getCredentialInUse(groupInfo: Uint8Array, credentialType?: CredentialType$1): Promise<E2eiConversationState>;
 }
 /**
  * Error wrapper that takes care of extracting rich error details across the FFI (through JSON parsing)
@@ -83,14 +1547,14 @@ export declare class CoreCryptoError extends Error {
 	proteusErrorCode: number;
 	private constructor();
 	private static fallback;
-	static build(msg: string, ...params: any[]): CoreCryptoError | Error;
+	static build(msg: string, ...params: unknown[]): CoreCryptoError | Error;
 	static fromStdError(e: Error): CoreCryptoError | Error;
 	static asyncMapErr<T>(p: Promise<T>): Promise<T>;
 }
 /**
  * see [core_crypto::prelude::CiphersuiteName]
  */
-export declare enum Ciphersuite {
+declare enum Ciphersuite$1 {
 	/**
 	 * DH KEM x25519 | AES-GCM 128 | SHA2-256 | Ed25519
 	 */
@@ -120,7 +1584,7 @@ export declare enum Ciphersuite {
 	 */
 	MLS_256_DHKEMP384_AES256GCM_SHA384_P384 = 7
 }
-export declare enum CredentialType {
+declare enum CredentialType$1 {
 	/**
 	 * Just a KeyPair
 	 */
@@ -133,11 +1597,11 @@ export declare enum CredentialType {
 /**
  * Configuration object for new conversations
  */
-export interface ConversationConfiguration {
+interface ConversationConfiguration$1 {
 	/**
 	 * Conversation ciphersuite
 	 */
-	ciphersuite?: Ciphersuite;
+	ciphersuite?: Ciphersuite$1;
 	/**
 	 * List of client IDs that are allowed to be external senders of commits
 	 */
@@ -145,12 +1609,12 @@ export interface ConversationConfiguration {
 	/**
 	 * Implementation specific configuration
 	 */
-	custom?: CustomConfiguration;
+	custom?: CustomConfiguration$1;
 }
 /**
  * see [core_crypto::prelude::MlsWirePolicy]
  */
-export declare enum WirePolicy {
+declare enum WirePolicy$1 {
 	/**
 	 * Handshake messages are never encrypted
 	 */
@@ -163,7 +1627,7 @@ export declare enum WirePolicy {
 /**
  * Implementation specific configuration object for a conversation
  */
-export interface CustomConfiguration {
+interface CustomConfiguration$1 {
 	/**
 	 * Duration in seconds after which we will automatically force a self_update commit
 	 * Note: This isn't currently implemented
@@ -173,7 +1637,7 @@ export interface CustomConfiguration {
 	 * Defines if handshake messages are encrypted or not
 	 * Note: Ciphertext is not currently supported by wire-server
 	 */
-	wirePolicy?: WirePolicy;
+	wirePolicy?: WirePolicy$1;
 }
 /**
  * Alias for conversation IDs.
@@ -370,7 +1834,7 @@ export interface CoreCryptoParams extends CoreCryptoDeferredParams {
 	/**
 	 * All the ciphersuites this MLS client can support
 	 */
-	ciphersuites: Ciphersuite[];
+	ciphersuites: Ciphersuite$1[];
 	/**
 	 * Number of initial KeyPackage to create when initializing the client
 	 */
@@ -454,7 +1918,7 @@ export interface DecryptedMessage {
 	 * Only present when the credential is a x509 certificate
 	 * Present for all messages
 	 */
-	identity?: WireIdentity;
+	identity?: WireIdentity$1;
 	/**
 	 * Only set when the decrypted message is a commit.
 	 * Contains buffered messages for next epoch which were received before the commit creating the epoch
@@ -497,7 +1961,7 @@ export interface BufferedDecryptedMessage {
 	/**
 	 * see {@link DecryptedMessage.identity}
 	 */
-	identity?: WireIdentity;
+	identity?: WireIdentity$1;
 	/**
 	 * see {@link DecryptedMessage.crlNewDistributionPoints}
 	 */
@@ -507,7 +1971,7 @@ export interface BufferedDecryptedMessage {
  * Represents the identity claims identifying a client
  * Those claims are verifiable by any member in the group
  */
-export interface WireIdentity {
+interface WireIdentity$1 {
 	/**
 	 * Unique client identifier
 	 */
@@ -523,16 +1987,16 @@ export interface WireIdentity {
 	/**
 	 * Indicates whether the credential is Basic or X509
 	 */
-	credentialType: CredentialType;
+	credentialType: CredentialType$1;
 	/**
 	 * In case {@link credentialType} is {@link CredentialType.X509} this is populated
 	 */
-	x509Identity?: X509Identity;
+	x509Identity?: X509Identity$1;
 }
 /**
  * Represents the parts of {@link WireIdentity} that are specific to a X509 certificate (and not a Basic one).
  */
-export interface X509Identity {
+interface X509Identity$1 {
 	/**
 	 * User handle e.g. `john_wire`
 	 */
@@ -562,6 +2026,8 @@ export interface X509Identity {
 	 */
 	notAfter: bigint;
 }
+export declare function normalizeEnum<T>(enumType: T, value: number): T[keyof T];
+export declare const mapWireIdentity: (ffiIdentity?: WireIdentity) => WireIdentity$1 | undefined;
 export interface AcmeDirectory {
 	/**
 	 * URL for fetching a new nonce. Use this only for creating a new account.
@@ -703,12 +2169,12 @@ export interface ExternalAddProposalArgs extends ExternalProposalArgs {
 	/**
 	 * {@link Ciphersuite} to propose to join the MLS group with.
 	 */
-	ciphersuite: Ciphersuite;
+	ciphersuite: Ciphersuite$1;
 	/**
 	 * Fails when it is {@link CredentialType.X509} and no Credential has been created
 	 * for it beforehand with {@link CoreCrypto.e2eiMlsInit} or variants.
 	 */
-	credentialType: CredentialType;
+	credentialType: CredentialType$1;
 }
 export interface CoreCryptoCallbacks {
 	/**
@@ -771,8 +2237,10 @@ export declare enum CoreCryptoLogLevel {
  * Initializes the global logger for Core Crypto and registers the callback. Can be called only once
  * @param logger - the interface to be called when something is going to be logged
  * @param level - the max level that should be logged
+ *
+ * NOTE: you must call this after `await CoreCrypto.init(params)` or `await CoreCrypto.deferredInit(params)`.
  **/
-export declare function initLogger(logger: CoreCryptoLogger, level: CoreCryptoLogLevel, ctx?: any): void;
+export declare function initLogger(logger: CoreCryptoLogger, level: CoreCryptoLogLevel, ctx?: unknown): void;
 /**
  * Wrapper for the WASM-compiled version of CoreCrypto
  */
@@ -782,6 +2250,7 @@ export declare class CoreCrypto {
 	 * Should only be used internally
 	 */
 	inner(): unknown;
+	static setLogger(logger: CoreCryptoWasmLogger, level: CoreCryptoLogLevel): void;
 	/**
 	 * This is your entrypoint to initialize {@link CoreCrypto}!
 	 *
@@ -825,31 +2294,35 @@ export declare class CoreCrypto {
 	 */
 	static deferredInit({ databaseName, key, entropySeed, wasmFilePath, }: CoreCryptoDeferredParams): Promise<CoreCrypto>;
 	/**
-	 * Use this after {@link CoreCrypto.deferredInit} when you have a clientId. It initializes MLS.
+	 * Starts a new transaction in Core Crypto. If the callback succeeds, it will be committed,
+	 * otherwise, every operation performed with the context will be discarded.
 	 *
-	 * @param clientId - {@link CoreCryptoParams#clientId} but required
-	 * @param ciphersuites - All the ciphersuites supported by this MLS client
-	 * @param nbKeyPackage - number of initial KeyPackage to create when initializing the client
+	 * @param callback - The callback to execute within the transaction
+	 *
+	 * @returns the result of the callback will be returned from this call
 	 */
-	mlsInit(clientId: ClientId, ciphersuites: Ciphersuite[], nbKeyPackage?: number): Promise<void>;
+	transaction<R>(callback: (ctx: CoreCryptoContext$1) => Promise<R>): Promise<R>;
 	/**
-	 * Generates a MLS KeyPair/CredentialBundle with a temporary, random client ID.
-	 * This method is designed to be used in conjunction with {@link CoreCrypto.mlsInitWithClientId} and represents the first step in this process
+	 * See {@link CoreCryptoContext.mlsInit}.
 	 *
-	 * @param ciphersuites - All the ciphersuites supported by this MLS client
-	 * @returns This returns the TLS-serialized identity key (i.e. the signature keypair's public key)
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.mlsInit} instead.
 	 */
-	mlsGenerateKeypair(ciphersuites: Ciphersuite[]): Promise<Uint8Array[]>;
+	mlsInit(clientId: ClientId, ciphersuites: Ciphersuite$1[], nbKeyPackage?: number): Promise<void>;
 	/**
-	 * Updates the current temporary Client ID with the newly provided one. This is the second step in the externally-generated clients process
+	 * See {@link CoreCryptoContext.mlsGenerateKeypair}.
 	 *
-	 * Important: This is designed to be called after {@link CoreCrypto.mlsGenerateKeypair}
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.mlsGenerateKeypair} instead.
+	 */
+	mlsGenerateKeypair(ciphersuites: Ciphersuite$1[]): Promise<Uint8Array[]>;
+	/**
+	 * See {@link CoreCryptoContext.mlsInitWithClientId}.
 	 *
-	 * @param clientId - The newly-allocated client ID by the MLS Authentication Service
-	 * @param signaturePublicKeys - The public key you were given at the first step; This is for authentication purposes
-	 * @param ciphersuites - All the ciphersuites supported by this MLS client
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.mlsInitWithClientId} instead.
 	 */
-	mlsInitWithClientId(clientId: ClientId, signaturePublicKeys: Uint8Array[], ciphersuites: Ciphersuite[]): Promise<void>;
+	mlsInitWithClientId(clientId: ClientId, signaturePublicKeys: Uint8Array[], ciphersuites: Ciphersuite$1[]): Promise<void>;
 	/** @hidden */
 	private constructor();
 	/**
@@ -876,34 +2349,20 @@ export declare class CoreCrypto {
 	 *
 	 * @param callbacks - Any interface following the {@link CoreCryptoCallbacks} interface
 	 */
-	registerCallbacks(callbacks: CoreCryptoCallbacks, ctx?: any): Promise<void>;
+	registerCallbacks(callbacks: CoreCryptoCallbacks, ctx?: unknown): Promise<void>;
 	/**
-	 * Checks if the Client is member of a given conversation and if the MLS Group is loaded up
-	 *
-	 * @returns Whether the given conversation ID exists
-	 *
-	 * @example
-	 * ```ts
-	 *  const cc = await CoreCrypto.init({ databaseName: "test", key: "test", clientId: "test" });
-	 *  const encoder = new TextEncoder();
-	 *  if (await cc.conversationExists(encoder.encode("my super chat"))) {
-	 *    // Do something
-	 *  } else {
-	 *    // Do something else
-	 *  }
-	 * ```
+	 * See {@link CoreCryptoContext.conversationExists}.
 	 */
 	conversationExists(conversationId: ConversationId): Promise<boolean>;
 	/**
-	 * Marks a conversation as child of another one
-	 * This will mostly affect the behavior of the callbacks (the parentConversationClients parameter will be filled)
+	 * See {@link CoreCryptoContext.markConversationAsChildOf}.
 	 *
-	 * @param childId - conversation identifier of the child conversation
-	 * @param parentId - conversation identifier of the parent conversation
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.markConversationAsChildOf} instead.
 	 */
 	markConversationAsChildOf(childId: ConversationId, parentId: ConversationId): Promise<void>;
 	/**
-	 * Returns the current epoch of a conversation
+	 * See {@link CoreCryptoContext.conversationEpoch}.
 	 *
 	 * @returns the epoch of the conversation
 	 *
@@ -916,124 +2375,101 @@ export declare class CoreCrypto {
 	 */
 	conversationEpoch(conversationId: ConversationId): Promise<number>;
 	/**
-	 * Returns the ciphersuite of a conversation
+	 * See {@link CoreCryptoContext.conversationCiphersuite}.
 	 *
 	 * @returns the ciphersuite of the conversation
 	 */
-	conversationCiphersuite(conversationId: ConversationId): Promise<Ciphersuite>;
+	conversationCiphersuite(conversationId: ConversationId): Promise<Ciphersuite$1>;
 	/**
-	 * Wipes and destroys the local storage of a given conversation / MLS group
+	 * See {@link CoreCryptoContext.wipeConversation}.
 	 *
-	 * @param conversationId - The ID of the conversation to remove
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.wipeConversation} instead.
 	 */
 	wipeConversation(conversationId: ConversationId): Promise<void>;
 	/**
-	 * Creates a new conversation with the current client being the sole member
-	 * You will want to use {@link CoreCrypto.addClientsToConversation} afterwards to add clients to this conversation
+	 * See {@link CoreCryptoContext.createConversation}.
 	 *
-	 * @param conversationId - The conversation ID; You can either make them random or let the backend attribute MLS group IDs
-	 * @param creatorCredentialType - kind of credential the creator wants to create the group with
-	 * @param configuration - configuration of the MLS group
-	 * @param configuration.ciphersuite - The {@link Ciphersuite} that is chosen to be the group's
-	 * @param configuration.externalSenders - Array of Client IDs that are qualified as external senders within the group
-	 * @param configuration.custom - {@link CustomConfiguration}
+	 * @deprecated Create a transaction with {@link transaction}
+	 * and use {@link CoreCryptoContext.createConversation} instead.
 	 */
-	createConversation(conversationId: ConversationId, creatorCredentialType: CredentialType, configuration?: ConversationConfiguration): Promise<any>;
+	createConversation(conversationId: ConversationId, creatorCredentialType: CredentialType$1, configuration?: ConversationConfiguration$1): Promise<any>;
 	/**
-	 * Decrypts a message for a given conversation.
-	 *
-	 * Note: you should catch & ignore the following error reasons:
-	 * * "We already decrypted this message once"
-	 * * "You tried to join with an external commit but did not merge it yet. We will reapply this message for you when you merge your external commit"
-	 * * "Incoming message is for a future epoch. We will buffer it until the commit for that epoch arrives"
-	 *
-	 * @param conversationId - The ID of the conversation
-	 * @param payload - The encrypted message buffer
+	 * See {@link CoreCryptoContext.decryptMessage}.
 	 *
-	 * @returns a {@link DecryptedMessage}. Note that {@link DecryptedMessage#message} is `undefined` when the encrypted payload contains a system message such a proposal or commit
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.decryptMessage} instead.
 	 */
 	decryptMessage(conversationId: ConversationId, payload: Uint8Array): Promise<DecryptedMessage>;
 	/**
-	 * Encrypts a message for a given conversation
-	 *
-	 * @param conversationId - The ID of the conversation
-	 * @param message - The plaintext message to encrypt
+	 * See {@link CoreCryptoContext.encryptMessage}.
 	 *
-	 * @returns The encrypted payload for the given group. This needs to be fanned out to the other members of the group.
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.encryptMessage} instead.
 	 */
 	encryptMessage(conversationId: ConversationId, message: Uint8Array): Promise<Uint8Array>;
 	/**
-	 * Ingest a TLS-serialized MLS welcome message to join an existing MLS group
+	 * See {@link CoreCryptoContext.processWelcomeMessage}.
 	 *
-	 * Important: you have to catch the error with this reason "Although this Welcome seems valid, the local KeyPackage
-	 * it references has already been deleted locally. Join this group with an external commit", ignore it and then try
-	 * to join this group with an external commit.
-	 *
-	 * @param welcomeMessage - TLS-serialized MLS Welcome message
-	 * @param configuration - configuration of the MLS group
-	 * @returns The conversation ID of the newly joined group. You can use the same ID to decrypt/encrypt messages
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.processWelcomeMessage} instead.
 	 */
-	processWelcomeMessage(welcomeMessage: Uint8Array, configuration?: CustomConfiguration): Promise<WelcomeBundle>;
+	processWelcomeMessage(welcomeMessage: Uint8Array, configuration?: CustomConfiguration$1): Promise<WelcomeBundle>;
 	/**
-	 * Get the client's public signature key. To upload to the DS for further backend side validation
+	 * See {@link CoreCryptoContext.clientPublicKey}.
 	 *
 	 * @param ciphersuite - of the signature key to get
 	 * @param credentialType - of the public key to look for
 	 * @returns the client's public signature key
 	 */
-	clientPublicKey(ciphersuite: Ciphersuite, credentialType: CredentialType): Promise<Uint8Array>;
+	clientPublicKey(ciphersuite: Ciphersuite$1, credentialType: CredentialType$1): Promise<Uint8Array>;
 	/**
+	 * See {@link CoreCryptoContext.clientValidKeypackagesCount}.
 	 *
-	 * @param ciphersuite - of the KeyPackages to count
-	 * @param credentialType - of the KeyPackages to count
-	 * @returns The amount of valid, non-expired KeyPackages that are persisted in the backing storage
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.clientValidKeypackagesCount} instead.
 	 */
-	clientValidKeypackagesCount(ciphersuite: Ciphersuite, credentialType: CredentialType): Promise<number>;
+	clientValidKeypackagesCount(ciphersuite: Ciphersuite$1, credentialType: CredentialType$1): Promise<number>;
 	/**
-	 * Fetches a requested amount of keypackages
+	 * See {@link CoreCryptoContext.clientKeypackages}.
 	 *
-	 * @param ciphersuite - of the KeyPackages to generate
-	 * @param credentialType - of the KeyPackages to generate
-	 * @param amountRequested - The amount of keypackages requested
-	 * @returns An array of length `amountRequested` containing TLS-serialized KeyPackages
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.clientKeypackages} instead.
 	 */
-	clientKeypackages(ciphersuite: Ciphersuite, credentialType: CredentialType, amountRequested: number): Promise<Array<Uint8Array>>;
+	clientKeypackages(ciphersuite: Ciphersuite$1, credentialType: CredentialType$1, amountRequested: number): Promise<Array<Uint8Array>>;
 	/**
-	 * Prunes local KeyPackages after making sure they also have been deleted on the backend side
-	 * You should only use this after {@link CoreCrypto.e2eiRotateAll}
+	 * See {@link CoreCryptoContext.deleteKeypackages}.
 	 *
-	 * @param refs - KeyPackage references to delete obtained from a {RotateBundle}
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.deleteKeypackages} instead.
 	 */
 	deleteKeypackages(refs: Uint8Array[]): Promise<void>;
 	/**
-	 * Adds new clients to a conversation, assuming the current client has the right to add new clients to the conversation.
-	 *
-	 * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterward **ONLY IF** the Delivery Service responds
-	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
-	 * epoch, use new encryption secrets etc...
-	 *
-	 * @param conversationId - The ID of the conversation
-	 * @param keyPackages - KeyPackages of the new clients to add
+	 * See {@link CoreCryptoContext.addClientsToConversation}.
 	 *
-	 * @returns A {@link CommitBundle}
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.addClientsToConversation} instead.
 	 */
 	addClientsToConversation(conversationId: ConversationId, keyPackages: Uint8Array[]): Promise<MemberAddedMessages>;
 	/**
-	 * Removes the provided clients from a conversation; Assuming those clients exist and the current client is allowed
-	 * to do so, otherwise this operation does nothing.
-	 *
-	 * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterward **ONLY IF** the Delivery Service responds
-	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
-	 * epoch, use new encryption secrets etc...
-	 *
-	 * @param conversationId - The ID of the conversation
-	 * @param clientIds - Array of Client IDs to remove.
+	 * See {@link CoreCryptoContext.removeClientsFromConversation}.
 	 *
-	 * @returns A {@link CommitBundle}
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.removeClientsFromConversation} instead.
 	 */
 	removeClientsFromConversation(conversationId: ConversationId, clientIds: ClientId[]): Promise<CommitBundle>;
 	/**
-	 * Creates an update commit which forces every client to update their LeafNode in the conversation
+	 * See {@link CoreCryptoContext.updateKeyingMaterial}.
+	 *
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.updateKeyingMaterial} instead.
+	 */
+	updateKeyingMaterial(conversationId: ConversationId): Promise<CommitBundle>;
+	/**
+	 * Creates an update commit which replaces your leaf containing basic credentials with a leaf node containing x509 credentials in the conversation.
+	 *
+	 * NOTE: you can only call this after you've completed the enrollment for an end-to-end identity, calling this without
+	 * a valid end-to-end identity will result in an error.
 	 *
 	 * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterward **ONLY IF** the Delivery Service responds
 	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
@@ -1042,97 +2478,76 @@ export declare class CoreCrypto {
 	 * @param conversationId - The ID of the conversation
 	 *
 	 * @returns A {@link CommitBundle}
+	 *
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.e2eiRotate} instead.
 	 */
-	updateKeyingMaterial(conversationId: ConversationId): Promise<CommitBundle>;
+	e2eiRotate(conversationId: ConversationId): Promise<CommitBundle>;
 	/**
-	 * Commits the local pending proposals and returns the {@link CommitBundle} object containing what can result from this operation.
-	 *
-	 * **CAUTION**: {@link CoreCrypto.commitAccepted} **HAS TO** be called afterwards **ONLY IF** the Delivery Service responds
-	 * '200 OK' to the {@link CommitBundle} upload. It will "merge" the commit locally i.e. increment the local group
-	 * epoch, use new encryption secrets etc...
-	 *
-	 * @param conversationId - The ID of the conversation
+	 * See {@link CoreCryptoContext.commitPendingProposals}.
 	 *
-	 * @returns A {@link CommitBundle} or `undefined` when there was no pending proposal to commit
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.commitPendingProposals} instead.
 	 */
 	commitPendingProposals(conversationId: ConversationId): Promise<CommitBundle | undefined>;
 	/**
-	 * Creates a new proposal for the provided Conversation ID
-	 *
-	 * @param proposalType - The type of proposal, see {@link ProposalType}
-	 * @param args - The arguments of the proposal, see {@link ProposalArgs}, {@link AddProposalArgs} or {@link RemoveProposalArgs}
+	 * See {@link CoreCryptoContext.newProposal}.
 	 *
-	 * @returns A {@link ProposalBundle} containing the Proposal and its reference in order to roll it back if necessary
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.newProposal} instead.
 	 */
 	newProposal(proposalType: ProposalType, args: ProposalArgs | AddProposalArgs | RemoveProposalArgs): Promise<ProposalBundle>;
 	/**
-	 * Creates a new external Add proposal for self client to join a conversation.
+	 * See {@link CoreCryptoContext.newExternalProposal}.
+	 *
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.newExternalProposal} instead.
 	 */
 	newExternalProposal(externalProposalType: ExternalProposalType, args: ExternalAddProposalArgs): Promise<Uint8Array>;
 	/**
-	 * Allows to create an external commit to "apply" to join a group through its GroupInfo.
-	 *
-	 * If the Delivery Service accepts the external commit, you have to {@link CoreCrypto.mergePendingGroupFromExternalCommit}
-	 * in order to get back a functional MLS group. On the opposite, if it rejects it, you can either retry by just
-	 * calling again {@link CoreCrypto.joinByExternalCommit}, no need to {@link CoreCrypto.clearPendingGroupFromExternalCommit}.
-	 * If you want to abort the operation (too many retries or the user decided to abort), you can use
-	 * {@link CoreCrypto.clearPendingGroupFromExternalCommit} in order not to bloat the user's storage but nothing
-	 * bad can happen if you forget to except some storage space wasted.
+	 * See {@link CoreCryptoContext.joinByExternalCommit}.
 	 *
-	 * @param groupInfo - a TLS encoded GroupInfo fetched from the Delivery Service
-	 * @param credentialType - kind of Credential to use for joining this group. If {@link CredentialType.Basic} is
-	 * chosen and no Credential has been created yet for it, a new one will be generated.
-	 * @param configuration - configuration of the MLS group
-	 * When {@link CredentialType.X509} is chosen, it fails when no Credential has been created for the given {@link Ciphersuite}.
-	 * @returns see {@link ConversationInitBundle}
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.joinByExternalCommit} instead.
 	 */
-	joinByExternalCommit(groupInfo: Uint8Array, credentialType: CredentialType, configuration?: CustomConfiguration): Promise<ConversationInitBundle>;
+	joinByExternalCommit(groupInfo: Uint8Array, credentialType: CredentialType$1, configuration?: CustomConfiguration$1): Promise<ConversationInitBundle>;
 	/**
-	 * This merges the commit generated by {@link CoreCrypto.joinByExternalCommit}, persists the group permanently
-	 * and deletes the temporary one. This step makes the group operational and ready to encrypt/decrypt message
+	 * See {@link CoreCryptoContext.mergePendingGroupFromExternalCommit}.
 	 *
-	 * @param conversationId - The ID of the conversation
-	 * @returns eventually decrypted buffered messages if any
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.mergePendingGroupFromExternalCommit} instead.
 	 */
 	mergePendingGroupFromExternalCommit(conversationId: ConversationId): Promise<BufferedDecryptedMessage[] | undefined>;
 	/**
-	 * In case the external commit generated by {@link CoreCrypto.joinByExternalCommit} is rejected by the Delivery Service, and we
-	 * want to abort this external commit once for all, we can wipe out the pending group from the keystore in order
-	 * not to waste space
+	 * See {@link CoreCryptoContext.clearPendingGroupFromExternalCommit}.
 	 *
-	 * @param conversationId - The ID of the conversation
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.clearPendingGroupFromExternalCommit} instead.
 	 */
 	clearPendingGroupFromExternalCommit(conversationId: ConversationId): Promise<void>;
 	/**
-	 * Allows to mark the latest commit produced as "accepted" and be able to safely merge it into the local group state
+	 * See {@link CoreCryptoContext.commitAccepted}.
 	 *
-	 * @param conversationId - The group's ID
-	 * @returns the messages from current epoch which had been buffered, if any
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.commitAccepted} instead.
 	 */
 	commitAccepted(conversationId: ConversationId): Promise<BufferedDecryptedMessage[] | undefined>;
 	/**
-	 * Allows to remove a pending proposal (rollback). Use this when backend rejects the proposal you just sent e.g. if permissions have changed meanwhile.
+	 * See {@link CoreCryptoContext.clearPendingProposal}.
 	 *
-	 * **CAUTION**: only use this when you had an explicit response from the Delivery Service
-	 * e.g. 403 or 409. Do not use otherwise e.g. 5xx responses, timeout etc…
-	 *
-	 * @param conversationId - The group's ID
-	 * @param proposalRef - A reference to the proposal to delete. You get one when using {@link CoreCrypto.newProposal}
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.clearPendingProposal} instead.
 	 */
 	clearPendingProposal(conversationId: ConversationId, proposalRef: ProposalRef): Promise<void>;
 	/**
-	 * Allows to remove a pending commit (rollback). Use this when backend rejects the commit you just sent e.g. if permissions have changed meanwhile.
-	 *
-	 * **CAUTION**: only use this when you had an explicit response from the Delivery Service
-	 * e.g. 403. Do not use otherwise e.g. 5xx responses, timeout etc..
-	 * **DO NOT** use when Delivery Service responds 409, pending state will be renewed
-	 * in {@link CoreCrypto.decryptMessage}
+	 * See {@link CoreCryptoContext.clearPendingCommit}.
 	 *
-	 * @param conversationId - The group's ID
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.clearPendingCommit} instead.
 	 */
 	clearPendingCommit(conversationId: ConversationId): Promise<void>;
 	/**
-	 * Derives a new key from the group
+	 * See {@link CoreCryptoContext.exportSecretKey}.
 	 *
 	 * @param conversationId - The group's ID
 	 * @param keyLength - the length of the key to be derived. If the value is higher than the
@@ -1142,8 +2557,7 @@ export declare class CoreCrypto {
 	 */
 	exportSecretKey(conversationId: ConversationId, keyLength: number): Promise<Uint8Array>;
 	/**
-	 * Returns the raw public key of the single external sender present in this group.
-	 * This should be used to initialize a subconversation
+	 * See {@link CoreCryptoContext.getExternalSender}.
 	 *
 	 * @param conversationId - The group's ID
 	 *
@@ -1151,7 +2565,7 @@ export declare class CoreCrypto {
 	 */
 	getExternalSender(conversationId: ConversationId): Promise<Uint8Array>;
 	/**
-	 * Returns all clients from group's members
+	 * See {@link CoreCryptoContext.getClientIds}.
 	 *
 	 * @param conversationId - The group's ID
 	 *
@@ -1159,8 +2573,7 @@ export declare class CoreCrypto {
 	 */
 	getClientIds(conversationId: ConversationId): Promise<ClientId[]>;
 	/**
-	 * Allows {@link CoreCrypto} to act as a CSPRNG provider
-	 * @note The underlying CSPRNG algorithm is ChaCha20 and takes in account the external seed provider either at init time or provided with {@link CoreCrypto.reseedRng}
+	 * See {@link CoreCryptoContext.randomBytes}.
 	 *
 	 * @param length - The number of bytes to be returned in the `Uint8Array`
 	 *
@@ -1182,6 +2595,9 @@ export declare class CoreCrypto {
 	 *
 	 * @param sessionId - ID of the Proteus session
 	 * @param prekey - CBOR-encoded Proteus prekey of the other client
+	 *
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.proteusSessionFromPrekey} instead.
 	 */
 	proteusSessionFromPrekey(sessionId: string, prekey: Uint8Array): Promise<void>;
 	/**
@@ -1191,6 +2607,9 @@ export declare class CoreCrypto {
 	 * @param envelope - CBOR-encoded Proteus message
 	 *
 	 * @returns A `Uint8Array` containing the message that was sent along with the session handshake
+	 *
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.proteusSessionFromMessage} instead.
 	 */
 	proteusSessionFromMessage(sessionId: string, envelope: Uint8Array): Promise<Uint8Array>;
 	/**
@@ -1199,6 +2618,9 @@ export declare class CoreCrypto {
 	 * **Note**: This isn't usually needed as persisting sessions happens automatically when decrypting/encrypting messages and initializing Sessions
 	 *
 	 * @param sessionId - ID of the Proteus session
+	 *
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.proteusSessionSave} instead.
 	 */
 	proteusSessionSave(sessionId: string): Promise<void>;
 	/**
@@ -1206,6 +2628,9 @@ export declare class CoreCrypto {
 	 * Note: this also deletes the persisted data within the keystore
 	 *
 	 * @param sessionId - ID of the Proteus session
+	 *
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.proteusSessionDelete} instead.
 	 */
 	proteusSessionDelete(sessionId: string): Promise<void>;
 	/**
@@ -1222,6 +2647,9 @@ export declare class CoreCrypto {
 	 * @param sessionId - ID of the Proteus session
 	 * @param ciphertext - CBOR encoded, encrypted proteus message
 	 * @returns The decrypted payload contained within the message
+	 *
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.proteusDecrypt} instead.
 	 */
 	proteusDecrypt(sessionId: string, ciphertext: Uint8Array): Promise<Uint8Array>;
 	/**
@@ -1230,6 +2658,9 @@ export declare class CoreCrypto {
 	 * @param sessionId - ID of the Proteus session
 	 * @param plaintext - payload to encrypt
 	 * @returns The CBOR-serialized encrypted message
+	 *
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.proteusEncrypt} instead.
 	 */
 	proteusEncrypt(sessionId: string, plaintext: Uint8Array): Promise<Uint8Array>;
 	/**
@@ -1239,6 +2670,8 @@ export declare class CoreCrypto {
 	 * @param sessions - List of Proteus session IDs to encrypt the message for
 	 * @param plaintext - payload to encrypt
 	 * @returns A map indexed by each session ID and the corresponding CBOR-serialized encrypted message for this session
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.proteusEncryptBatched} instead.
 	 */
 	proteusEncryptBatched(sessions: string[], plaintext: Uint8Array): Promise<Map<string, Uint8Array>>;
 	/**
@@ -1246,18 +2679,27 @@ export declare class CoreCrypto {
 	 *
 	 * @param prekeyId - ID of the PreKey to generate. This cannot be bigger than a u16
 	 * @returns: A CBOR-serialized version of the PreKeyBundle corresponding to the newly generated and stored PreKey
+	 *
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.proteusNewPrekey} instead.
 	 */
 	proteusNewPrekey(prekeyId: number): Promise<Uint8Array>;
 	/**
 	 * Creates a new prekey with an automatically generated ID..
 	 *
 	 * @returns A CBOR-serialized version of the PreKeyBundle corresponding to the newly generated and stored PreKey accompanied by its ID
+	 *
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.proteusNewPrekeyAuto} instead.
 	 */
 	proteusNewPrekeyAuto(): Promise<ProteusAutoPrekeyBundle>;
 	/**
 	 * Proteus last resort prekey stuff
 	 *
 	 * @returns A CBOR-serialize version of the PreKeyBundle associated with the last resort PreKey (holding the last resort prekey id)
+	 *
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.proteusLastResortPrekey} instead.
 	 */
 	proteusLastResortPrekey(): Promise<Uint8Array>;
 	/**
@@ -1296,6 +2738,9 @@ export declare class CoreCrypto {
 	 * Imports all the data stored by Cryptobox into the CoreCrypto keystore
 	 *
 	 * @param storeName - The name of the IndexedDB store where the data is stored
+	 *
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.proteusCryptoboxMigrate} instead.
 	 */
 	proteusCryptoboxMigrate(storeName: string): Promise<void>;
 	/**
@@ -1304,163 +2749,124 @@ export declare class CoreCrypto {
 	 */
 	proteusLastErrorCode(): Promise<number>;
 	/**
-	 * Creates an enrollment instance with private key material you can use in order to fetch
-	 * a new x509 certificate from the acme server.
+	 * See {@link CoreCryptoContext.e2eiNewEnrollment}.
 	 *
-	 * @param clientId - client identifier e.g. `b7ac11a4-8f01-4527-af88-1c30885a7931:6add501bacd1d90e@example.com`
-	 * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
-	 * @param handle - user handle e.g. `alice.smith.qa@example.com`
-	 * @param expirySec - generated x509 certificate expiry
-	 * @param ciphersuite - for generating signing key material
-	 * @param team - name of the Wire team a user belongs to
-	 * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCrypto.e2eiMlsInitOnly}
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.e2eiNewEnrollment} instead.
 	 */
-	e2eiNewEnrollment(clientId: string, displayName: string, handle: string, expirySec: number, ciphersuite: Ciphersuite, team?: string): Promise<E2eiEnrollment>;
+	e2eiNewEnrollment(clientId: string, displayName: string, handle: string, expirySec: number, ciphersuite: Ciphersuite$1, team?: string): Promise<E2eiEnrollment>;
 	/**
-	 * Generates an E2EI enrollment instance for a "regular" client (with a Basic credential) willing to migrate to E2EI.
-	 * Once the enrollment is finished, use the instance in {@link CoreCrypto.e2eiRotateAll} to do the rotation.
+	 * See {@link CoreCryptoContext.e2eiNewActivationEnrollment}.
 	 *
-	 * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
-	 * @param handle - user handle e.g. `alice.smith.qa@example.com`
-	 * @param expirySec - generated x509 certificate expiry
-	 * @param ciphersuite - for generating signing key material
-	 * @param team - name of the Wire team a user belongs to
-	 * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCrypto.e2eiRotateAll}
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.e2eiNewActivationEnrollment} instead.
 	 */
-	e2eiNewActivationEnrollment(displayName: string, handle: string, expirySec: number, ciphersuite: Ciphersuite, team?: string): Promise<E2eiEnrollment>;
+	e2eiNewActivationEnrollment(displayName: string, handle: string, expirySec: number, ciphersuite: Ciphersuite$1, team?: string): Promise<E2eiEnrollment>;
 	/**
-	 * Generates an E2EI enrollment instance for a E2EI client (with a X509 certificate credential)
-	 * having to change/rotate their credential, either because the former one is expired or it
-	 * has been revoked. It lets you change the DisplayName or the handle
-	 * if you need to. Once the enrollment is finished, use the instance in {@link CoreCrypto.e2eiRotateAll} to do the rotation.
+	 * See {@link CoreCryptoContext.e2eiNewRotateEnrollment}.
 	 *
-	 * @param expirySec - generated x509 certificate expiry
-	 * @param ciphersuite - for generating signing key material
-	 * @param displayName - human-readable name displayed in the application e.g. `Smith, Alice M (QA)`
-	 * @param handle - user handle e.g. `alice.smith.qa@example.com`
-	 * @param team - name of the Wire team a user belongs to
-	 * @returns The new {@link E2eiEnrollment} enrollment instance to use with {@link CoreCrypto.e2eiRotateAll}
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.e2eiNewRotateEnrollment} instead.
 	 */
-	e2eiNewRotateEnrollment(expirySec: number, ciphersuite: Ciphersuite, displayName?: string, handle?: string, team?: string): Promise<E2eiEnrollment>;
+	e2eiNewRotateEnrollment(expirySec: number, ciphersuite: Ciphersuite$1, displayName?: string, handle?: string, team?: string): Promise<E2eiEnrollment>;
 	/**
-	 * Use this method to initialize end-to-end identity when a client signs up and the grace period is already expired ;
-	 * that means he cannot initialize with a Basic credential
+	 * See {@link CoreCryptoContext.e2eiMlsInitOnly}.
 	 *
-	 * @param enrollment - the enrollment instance used to fetch the certificates
-	 * @param certificateChain - the raw response from ACME server
-	 * @param nbKeyPackage - number of initial KeyPackage to create when initializing the client
-	 * @returns a MlsClient initialized with only a x509 credential
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.e2eiMlsInitOnly} instead.
 	 */
 	e2eiMlsInitOnly(enrollment: E2eiEnrollment, certificateChain: string, nbKeyPackage?: number): Promise<string[] | undefined>;
 	/**
-	 * Dumps the PKI environment as PEM
+	 * See {@link CoreCryptoContext.e2eiDumpPKIEnv}.
 	 *
 	 * @returns a struct with different fields representing the PKI environment as PEM strings
 	 */
 	e2eiDumpPKIEnv(): Promise<E2eiDumpedPkiEnv | undefined>;
 	/**
+	 * See {@link CoreCryptoContext.e2eiIsPKIEnvSetup}.
 	 * @returns whether the E2EI PKI environment is setup (i.e. Root CA, Intermediates, CRLs)
 	 */
 	e2eiIsPKIEnvSetup(): Promise<boolean>;
 	/**
-	 * Registers a Root Trust Anchor CA for the use in E2EI processing.
-	 *
-	 * Please note that without a Root Trust Anchor, all validations *will* fail;
-	 * So this is the first step to perform after initializing your E2EI client
+	 * See {@link CoreCryptoContext.e2eiRegisterAcmeCA}.
 	 *
-	 * @param trustAnchorPEM - PEM certificate to anchor as a Trust Root
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.e2eiRegisterAcmeCA} instead.
 	 */
 	e2eiRegisterAcmeCA(trustAnchorPEM: string): Promise<void>;
 	/**
-	 * Registers an Intermediate CA for the use in E2EI processing.
-	 *
-	 * Please note that a Root Trust Anchor CA is needed to validate Intermediate CAs;
-	 * You **need** to have a Root CA registered before calling this
+	 * See {@link CoreCryptoContext.e2eiRegisterIntermediateCA}.
 	 *
-	 * @param certPEM - PEM certificate to register as an Intermediate CA
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.e2eiRegisterIntermediateCA} instead.
 	 */
 	e2eiRegisterIntermediateCA(certPEM: string): Promise<string[] | undefined>;
 	/**
-	 * Registers a CRL for the use in E2EI processing.
+	 * See {@link CoreCryptoContext.e2eiRegisterCRL}.
 	 *
-	 * Please note that a Root Trust Anchor CA is needed to validate CRLs;
-	 * You **need** to have a Root CA registered before calling this
-	 *
-	 * @param crlDP - CRL Distribution Point; Basically the URL you fetched it from
-	 * @param crlDER - DER representation of the CRL
-	 *
-	 * @returns a {@link CRLRegistration} with the dirty state of the new CRL (see struct) and its expiration timestamp
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.e2eiRegisterCRL} instead.
 	 */
 	e2eiRegisterCRL(crlDP: string, crlDER: Uint8Array): Promise<CRLRegistration>;
 	/**
-	 * Creates a commit in all local conversations for changing the credential. Requires first
-	 * having enrolled a new X509 certificate with either {@link CoreCrypto.e2eiNewActivationEnrollment}
-	 * or {@link CoreCrypto.e2eiNewRotateEnrollment}
+	 * See {@link CoreCryptoContext.e2eiRotateAll}.
 	 *
-	 * @param enrollment - the enrollment instance used to fetch the certificates
-	 * @param certificateChain - the raw response from ACME server
-	 * @param newKeyPackageCount - number of KeyPackages with new identity to generate
-	 * @returns a {@link RotateBundle} with commits to fan-out to other group members, KeyPackages to upload and old ones to delete
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.e2eiRotateAll} instead.
 	 */
 	e2eiRotateAll(enrollment: E2eiEnrollment, certificateChain: string, newKeyPackageCount: number): Promise<RotateBundle>;
 	/**
-	 * Allows persisting an active enrollment (for example while redirecting the user during OAuth) in order to resume
-	 * it later with {@link e2eiEnrollmentStashPop}
+	 * See {@link CoreCryptoContext.e2eiEnrollmentStash}.
 	 *
-	 * @param enrollment the enrollment instance to persist
-	 * @returns a handle to fetch the enrollment later with {@link e2eiEnrollmentStashPop}
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.e2eiEnrollmentStash} instead.
 	 */
 	e2eiEnrollmentStash(enrollment: E2eiEnrollment): Promise<Uint8Array>;
 	/**
-	 * Fetches the persisted enrollment and deletes it from the keystore
+	 * See {@link CoreCryptoContext.e2eiEnrollmentStashPop}.
 	 *
-	 * @param handle returned by {@link e2eiEnrollmentStash}
-	 * @returns the persisted enrollment instance
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.e2eiEnrollmentStashPop} instead.
 	 */
 	e2eiEnrollmentStashPop(handle: Uint8Array): Promise<E2eiEnrollment>;
 	/**
-	 * Indicates when to mark a conversation as not verified i.e. when not all its members have a X509.
-	 * Credential generated by Wire's end-to-end identity enrollment
+	 * See {@link CoreCryptoContext.e2eiConversationState}.
 	 *
-	 * @param conversationId The group's ID
-	 * @returns the conversation state given current members
+	 * @deprecated Create a transaction with {@link CoreCrypto.transaction}
+	 * and use {@link CoreCryptoContext.e2eiConversationState} instead.
 	 */
 	e2eiConversationState(conversationId: ConversationId): Promise<E2eiConversationState>;
 	/**
-	 * Returns true when end-to-end-identity is enabled for the given Ciphersuite
+	 * See {@link CoreCryptoContext.e2eiIsEnabled}.
 	 *
 	 * @param ciphersuite of the credential to check
 	 * @returns true if end-to-end identity is enabled for the given ciphersuite
 	 */
-	e2eiIsEnabled(ciphersuite: Ciphersuite): Promise<boolean>;
+	e2eiIsEnabled(ciphersuite: Ciphersuite$1): Promise<boolean>;
 	/**
-	 * From a given conversation, get the identity of the members supplied. Identity is only present for members with a
-	 * Certificate Credential (after turning on end-to-end identity).
+	 * See {@link CoreCryptoContext.getDeviceIdentities}.
 	 *
 	 * @param conversationId - identifier of the conversation
 	 * @param deviceIds - identifiers of the devices
 	 * @returns identities or if no member has a x509 certificate, it will return an empty List
 	 */
-	getDeviceIdentities(conversationId: ConversationId, deviceIds: ClientId[]): Promise<WireIdentity[]>;
+	getDeviceIdentities(conversationId: ConversationId, deviceIds: ClientId[]): Promise<WireIdentity$1[]>;
 	/**
-	 * From a given conversation, get the identity of the users (device holders) supplied.
-	 * Identity is only present for devices with a Certificate Credential (after turning on end-to-end identity).
-	 * If no member has a x509 certificate, it will return an empty Vec.
+	 * See {@link CoreCryptoContext.getUserIdentities}.
 	 *
 	 * @param conversationId - identifier of the conversation
 	 * @param userIds - user identifiers hyphenated UUIDv4 e.g. 'bd4c7053-1c5a-4020-9559-cd7bf7961954'
 	 * @returns a Map with all the identities for a given users. Consumers are then recommended to reduce those identities to determine the actual status of a user.
 	 */
-	getUserIdentities(conversationId: ConversationId, userIds: string[]): Promise<Map<string, WireIdentity[]>>;
+	getUserIdentities(conversationId: ConversationId, userIds: string[]): Promise<Map<string, WireIdentity$1[]>>;
 	/**
-	 * Gets the e2ei conversation state from a `GroupInfo`. Useful to check if the group has e2ei
-	 * turned on or not before joining it.
+	 * See {@link CoreCryptoContext.getCredentialInUse}.
 	 *
 	 * @param groupInfo - a TLS encoded GroupInfo fetched from the Delivery Service
 	 * @param credentialType - kind of Credential to check usage of. Defaults to X509 for now as no other value will give any result.
 	 * @returns see {@link E2eiConversationState}
 	 */
-	getCredentialInUse(groupInfo: Uint8Array, credentialType?: CredentialType): Promise<E2eiConversationState>;
+	getCredentialInUse(groupInfo: Uint8Array, credentialType?: CredentialType$1): Promise<E2eiConversationState>;
 	/**
 	 * Returns the current version of {@link CoreCrypto}
 	 *
@@ -1633,4 +3039,18 @@ export declare enum E2eiConversationState {
 	NotEnabled = 3
 }
 
+export {
+	Ciphersuite$1 as Ciphersuite,
+	ConversationConfiguration as ConversationConfigurationFfi,
+	ConversationConfiguration$1 as ConversationConfiguration,
+	CoreCryptoContext as CoreCryptoContextFfi,
+	CoreCryptoContext$1 as CoreCryptoContext,
+	CredentialType$1 as CredentialType,
+	CustomConfiguration as CustomConfigurationFfi,
+	CustomConfiguration$1 as CustomConfiguration,
+	WireIdentity$1 as WireIdentity,
+	WirePolicy$1 as WirePolicy,
+	X509Identity$1 as X509Identity,
+};
+
 export {};