@wireapp/core-crypto 9.3.3 → 10.0.0-pre.10

package/dist/native/corecrypto.d.ts

@@ -0,0 +1,3802 @@
+// Generated by dts-bundle-generator v9.5.1
+
+import { UniffiAbstractObject, UniffiGcObject, UniffiHandle, destructorGuardSymbol, pointerLiteralSymbol, uniffiTypeNameSymbol, variantOrdinalSymbol } from '@ubjs/core';
+
+/**
+ * Returns build metadata for CoreCrypto.
+ */
+export declare function buildMetadata(): BuildMetadata;
+/**
+ * Get an instance of the default cipher suite.
+ */
+export declare function cipherSuiteDefault(): CipherSuite;
+/**
+ * Construct a cipher suite enum instance from its discriminant.
+ */
+export declare function cipherSuiteFromU16(discriminant: number): CipherSuite;
+/**
+ * Updates the key of the CoreCrypto database.
+ *
+ * This function is intended to be called only once, when migrating from CoreCrypto 5.x to 6.x.
+ */
+export declare function migrateDatabaseKeyTypeToBytes(path: string, oldKey: string, newKey: DatabaseKeyLike, asyncOpts_?: {
+	signal: AbortSignal;
+}): Promise<void>;
+/**
+ * Returns the Proteus last resort prekey ID.
+ *
+ * The last resort prekey is a special prekey retained after all other prekeys have been consumed,
+ * ensuring a session can always be established. Its ID is always `u16::MAX` (65535).
+ */
+declare function proteusLastResortPrekeyIdFfi(): number;
+/**
+ * Initializes the logger.
+ */
+export declare function setLogger(logger: CoreCryptoLogger): void;
+/**
+ * Sets the maximum log level forwarded to the logger.
+ */
+export declare function setMaxLogLevel(level: CoreCryptoLogLevel): void;
+/**
+ * The version of `core-crypto`.
+ */
+export declare function version(): string;
+/**
+ * This directly represents a `ClientId` of the `<userid>-<device-id>@<domain>` format.
+ * Instantiate via [ClientId::deserialize].
+ */
+export type DeserializedClientId = {
+	/**
+	 * The client id this was deserialized from
+	 */
+	clientId: ClientIdLike;
+	/**
+	 * The string representation of a UUID
+	 */
+	userId: string;
+	/**
+	 * A hex-encoded unsigned 64-bit integer
+	 */
+	deviceId: string;
+	/**
+	 * The domain
+	 */
+	domain: string;
+};
+/**
+ * Generated factory for {@link DeserializedClientId} record objects.
+ */
+export declare const DeserializedClientId: Readonly<{
+	create: (partial: Partial<DeserializedClientId> & Required<Omit<DeserializedClientId, never>>) => DeserializedClientId;
+	new: (partial: Partial<DeserializedClientId> & Required<Omit<DeserializedClientId, never>>) => DeserializedClientId;
+	defaults: () => Partial<DeserializedClientId>;
+}>;
+type ClientIdLike = ClientId;
+/**
+ * A unique identifier for an MLS client.
+ *
+ * Each app instance a user is running, such as desktop or mobile, is a separate client
+ * with its own client id. A single user may therefore have multiple clients.
+ * More information: <https://messaginglayersecurity.rocks/mls-architecture/draft-ietf-mls-architecture.html#name-group-members-and-clients>
+ */
+export declare class ClientId extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "ClientId";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Create a new client id.
+	 */
+	constructor(userId: string, deviceId: string, domain: string);
+	/**
+	 * Copy the wrapped data into a new byte array.
+	 */
+	copyBytes(): Uint8Array;
+	/**
+	 * Copy the wrapped data into a direct representation of the `<userid>-<device-id>@<domain>` format.
+	 */
+	deserialize(): DeserializedClientId;
+	equals(other: ClientId): boolean;
+	hashCode(): bigint;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is ClientId;
+}
+/**
+ * The standalone status of a device credential in an MLS group at a given moment.
+ *
+ * This does not represent states where a device is not using MLS or end-to-end identity.
+ */
+export declare enum DeviceStatus {
+	/**
+	 * The device credential is valid.
+	 */
+	Valid = 1,
+	/**
+	 * The device credential's certificate has expired.
+	 */
+	Expired = 2,
+	/**
+	 * The device credential's certificate has been revoked.
+	 *
+	 * Note: revocation is not yet implemented.
+	 */
+	Revoked = 3
+}
+/**
+ * The type of credential used to authenticate an MLS client's identity.
+ */
+export declare enum CredentialType {
+	/**
+	 * A basic credential backed by a raw key pair, without any certificate infrastructure.
+	 */
+	Basic = 1,
+	/**
+	 * An X509 certificate credential, typically obtained through the end-to-end identity enrollment process.
+	 */
+	X509 = 2
+}
+/**
+ * Typealias from the type name used in the UDL file to the builtin type.  This
+ * is needed because the UDL type name is used in function/method signatures.
+ */
+export type Timestamp = Date;
+/**
+ * Fields from a `WireIdentity` that are specific to X509 credentials.
+ */
+export type X509Identity = {
+	/**
+	 * User handle e.g. `john_wire`
+	 */
+	handle: string;
+	/**
+	 * Name as displayed in the messaging application e.g. `John Fitzgerald Kennedy`
+	 */
+	displayName: string;
+	/**
+	 * DNS domain for which this identity proof was generated e.g. `whitehouse.gov`
+	 */
+	domain: string;
+	/**
+	 * PEM-encoded X509 certificate identifying this client in the MLS group.
+	 */
+	certificate: string;
+	/**
+	 * X509 certificate serial number
+	 */
+	serialNumber: string;
+	/**
+	 * Certificate validity start time (the X509 notBefore field).
+	 */
+	notBefore: Timestamp;
+	/**
+	 * Certificate validity end time (the X509 notAfter field).
+	 */
+	notAfter: Timestamp;
+};
+/**
+ * Generated factory for {@link X509Identity} record objects.
+ */
+export declare const X509Identity: Readonly<{
+	create: (partial: Partial<X509Identity> & Required<Omit<X509Identity, never>>) => X509Identity;
+	new: (partial: Partial<X509Identity> & Required<Omit<X509Identity, never>>) => X509Identity;
+	defaults: () => Partial<X509Identity>;
+}>;
+/**
+ * The identity claims identifying a client.
+ *
+ * Those claims are verifiable by any member in the group.
+ */
+export type WireIdentity = {
+	/**
+	 * Unique client identifier e.g. `T4Coy4vdRzianwfOgXpn6A:6add501bacd1d90e@whitehouse.gov`
+	 */
+	clientId?: ClientIdLike;
+	/**
+	 * Status of the credential at the moment this object is created.
+	 */
+	status: DeviceStatus;
+	/**
+	 * MLS thumbprint
+	 */
+	thumbprint: string;
+	/**
+	 * Indicates whether the credential is Basic or X509.
+	 */
+	credentialType: CredentialType;
+	/**
+	 * The X509 certificate details; populated only when `credential_type` is X509.
+	 */
+	x509Identity?: X509Identity;
+};
+/**
+ * Generated factory for {@link WireIdentity} record objects.
+ */
+export declare const WireIdentity: Readonly<{
+	create: (partial: Partial<WireIdentity> & Required<Omit<WireIdentity, "clientId" | "x509Identity">>) => WireIdentity;
+	new: (partial: Partial<WireIdentity> & Required<Omit<WireIdentity, "clientId" | "x509Identity">>) => WireIdentity;
+	defaults: () => Partial<WireIdentity>;
+}>;
+/**
+ * A decrypted message that was buffered due to out-of-order delivery by the distribution service.
+ *
+ * These are returned in the `buffered_messages` field of a `DecryptedMessage` when a commit is
+ * processed. They represent messages for the new epoch that arrived before the commit that created it.
+ */
+export type BufferedDecryptedMessage = {
+	/**
+	 * Decrypted plaintext
+	 */
+	message?: Uint8Array;
+	/**
+	 * False if processing this message caused the client to be removed from the group, i.e. due to a Remove commit.
+	 */
+	isActive: boolean;
+	/**
+	 * Commit delay in seconds.
+	 *
+	 * When set, clients must delay this long before processing a commit.
+	 * This reduces load on the backend, which otherwise would receive epoch change notifications from all clients
+	 * simultaneously.
+	 */
+	commitDelay?: bigint;
+	/**
+	 * `ClientId` of the sender of the message being decrypted. Only present for application messages.
+	 */
+	senderClientId?: ClientIdLike;
+	/**
+	 * Identity claims present in the sender credential.
+	 */
+	identity: WireIdentity;
+};
+/**
+ * Generated factory for {@link BufferedDecryptedMessage} record objects.
+ */
+export declare const BufferedDecryptedMessage: Readonly<{
+	create: (partial: Partial<BufferedDecryptedMessage> & Required<Omit<BufferedDecryptedMessage, "message" | "commitDelay" | "senderClientId">>) => BufferedDecryptedMessage;
+	new: (partial: Partial<BufferedDecryptedMessage> & Required<Omit<BufferedDecryptedMessage, "message" | "commitDelay" | "senderClientId">>) => BufferedDecryptedMessage;
+	defaults: () => Partial<BufferedDecryptedMessage>;
+}>;
+/**
+ * Metadata describing the conditions of the build of this software.
+ */
+export type BuildMetadata = {
+	/**
+	 * Build timestamp
+	 */
+	timestamp: string;
+	/**
+	 * Whether this build was in Debug mode (true) or Release mode (false).
+	 */
+	cargoDebug: string;
+	/**
+	 * Features enabled for this build.
+	 */
+	cargoFeatures: string;
+	/**
+	 * Optimization level
+	 */
+	optLevel: string;
+	/**
+	 * Build target triple
+	 */
+	targetTriple: string;
+	/**
+	 * Git branch
+	 */
+	gitBranch: string;
+	/**
+	 * Output of `git describe`
+	 */
+	gitDescribe: string;
+	/**
+	 * Hash of current git commit
+	 */
+	gitSha: string;
+	/**
+	 * `true` when the source code differed from the commit at the most recent git hash.
+	 */
+	gitDirty: string;
+};
+/**
+ * Generated factory for {@link BuildMetadata} record objects.
+ */
+export declare const BuildMetadata: Readonly<{
+	create: (partial: Partial<BuildMetadata> & Required<Omit<BuildMetadata, never>>) => BuildMetadata;
+	new: (partial: Partial<BuildMetadata> & Required<Omit<BuildMetadata, never>>) => BuildMetadata;
+	defaults: () => Partial<BuildMetadata>;
+}>;
+export declare enum MlsError_Tags {
+	ConversationAlreadyExists = "ConversationAlreadyExists",
+	DuplicateMessage = "DuplicateMessage",
+	BufferedFutureMessage = "BufferedFutureMessage",
+	WrongEpoch = "WrongEpoch",
+	BufferedCommit = "BufferedCommit",
+	MessageEpochTooOld = "MessageEpochTooOld",
+	SelfCommitIgnored = "SelfCommitIgnored",
+	UnmergedPendingGroup = "UnmergedPendingGroup",
+	StaleProposal = "StaleProposal",
+	StaleCommit = "StaleCommit",
+	OrphanWelcome = "OrphanWelcome",
+	MessageRejected = "MessageRejected",
+	Other = "Other"
+}
+/**
+ * Errors produced by the MLS layer.
+ */
+export declare const MlsError: Readonly<{
+	instanceOf: (obj: any) => obj is MlsError;
+	ConversationAlreadyExists: {
+		new (inner: {
+			conversationId: Uint8Array;
+		}): {
+			readonly tag: MlsError_Tags.ConversationAlreadyExists;
+			readonly inner: Readonly<{
+				conversationId: Uint8Array;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			conversationId: Uint8Array;
+		}): {
+			readonly tag: MlsError_Tags.ConversationAlreadyExists;
+			readonly inner: Readonly<{
+				conversationId: Uint8Array;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.ConversationAlreadyExists;
+			readonly inner: Readonly<{
+				conversationId: Uint8Array;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.ConversationAlreadyExists;
+			readonly inner: Readonly<{
+				conversationId: Uint8Array;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: MlsError_Tags.ConversationAlreadyExists;
+			readonly inner: Readonly<{
+				conversationId: Uint8Array;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			conversationId: Uint8Array;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	DuplicateMessage: {
+		new (): {
+			readonly tag: MlsError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	BufferedFutureMessage: {
+		new (): {
+			readonly tag: MlsError_Tags.BufferedFutureMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.BufferedFutureMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.BufferedFutureMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.BufferedFutureMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	WrongEpoch: {
+		new (): {
+			readonly tag: MlsError_Tags.WrongEpoch;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.WrongEpoch;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.WrongEpoch;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.WrongEpoch;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	BufferedCommit: {
+		new (): {
+			readonly tag: MlsError_Tags.BufferedCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.BufferedCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.BufferedCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.BufferedCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	MessageEpochTooOld: {
+		new (): {
+			readonly tag: MlsError_Tags.MessageEpochTooOld;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.MessageEpochTooOld;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.MessageEpochTooOld;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.MessageEpochTooOld;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	SelfCommitIgnored: {
+		new (): {
+			readonly tag: MlsError_Tags.SelfCommitIgnored;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.SelfCommitIgnored;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.SelfCommitIgnored;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.SelfCommitIgnored;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	UnmergedPendingGroup: {
+		new (): {
+			readonly tag: MlsError_Tags.UnmergedPendingGroup;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.UnmergedPendingGroup;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.UnmergedPendingGroup;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.UnmergedPendingGroup;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	StaleProposal: {
+		new (): {
+			readonly tag: MlsError_Tags.StaleProposal;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.StaleProposal;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.StaleProposal;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.StaleProposal;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	StaleCommit: {
+		new (): {
+			readonly tag: MlsError_Tags.StaleCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.StaleCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.StaleCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.StaleCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	OrphanWelcome: {
+		new (): {
+			readonly tag: MlsError_Tags.OrphanWelcome;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.OrphanWelcome;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.OrphanWelcome;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.OrphanWelcome;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	MessageRejected: {
+		new (inner: {
+			reason: string;
+		}): {
+			readonly tag: MlsError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			reason: string;
+		}): {
+			readonly tag: MlsError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: MlsError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			reason: string;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	Other: {
+		new (inner: {
+			msg: string;
+		}): {
+			readonly tag: MlsError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			msg: string;
+		}): {
+			readonly tag: MlsError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: MlsError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			msg: string;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+}>;
+/**
+ * Errors produced by the MLS layer.
+ */
+export type MlsError = InstanceType<(typeof MlsError)["ConversationAlreadyExists" | "DuplicateMessage" | "BufferedFutureMessage" | "WrongEpoch" | "BufferedCommit" | "MessageEpochTooOld" | "SelfCommitIgnored" | "UnmergedPendingGroup" | "StaleProposal" | "StaleCommit" | "OrphanWelcome" | "MessageRejected" | "Other"]>;
+export declare enum ProteusError_Tags {
+	SessionNotFound = "SessionNotFound",
+	DuplicateMessage = "DuplicateMessage",
+	RemoteIdentityChanged = "RemoteIdentityChanged",
+	Other = "Other"
+}
+/**
+ * Errors produced by the Proteus layer.
+ */
+export declare const ProteusError: Readonly<{
+	instanceOf: (obj: any) => obj is ProteusError;
+	SessionNotFound: {
+		new (): {
+			readonly tag: ProteusError_Tags.SessionNotFound;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: ProteusError_Tags.SessionNotFound;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: ProteusError_Tags.SessionNotFound;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: ProteusError_Tags.SessionNotFound;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	DuplicateMessage: {
+		new (): {
+			readonly tag: ProteusError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: ProteusError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: ProteusError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: ProteusError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	RemoteIdentityChanged: {
+		new (): {
+			readonly tag: ProteusError_Tags.RemoteIdentityChanged;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: ProteusError_Tags.RemoteIdentityChanged;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: ProteusError_Tags.RemoteIdentityChanged;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: ProteusError_Tags.RemoteIdentityChanged;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	Other: {
+		new (inner: {
+			errorCode: number;
+		}): {
+			readonly tag: ProteusError_Tags.Other;
+			readonly inner: Readonly<{
+				errorCode: number;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			errorCode: number;
+		}): {
+			readonly tag: ProteusError_Tags.Other;
+			readonly inner: Readonly<{
+				errorCode: number;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: ProteusError_Tags.Other;
+			readonly inner: Readonly<{
+				errorCode: number;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: ProteusError_Tags.Other;
+			readonly inner: Readonly<{
+				errorCode: number;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: ProteusError_Tags.Other;
+			readonly inner: Readonly<{
+				errorCode: number;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			errorCode: number;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+}>;
+/**
+ * Errors produced by the Proteus layer.
+ */
+export type ProteusError = InstanceType<(typeof ProteusError)["SessionNotFound" | "DuplicateMessage" | "RemoteIdentityChanged" | "Other"]>;
+export declare enum CoreCryptoError_Tags {
+	Mls = "Mls",
+	Proteus = "Proteus",
+	E2ei = "E2ei",
+	TransactionFailed = "TransactionFailed",
+	Other = "Other"
+}
+/**
+ * The primary error type returned across the CoreCrypto FFI boundary.
+ */
+export declare const CoreCryptoError: Readonly<{
+	instanceOf: (obj: any) => obj is CoreCryptoError;
+	Mls: {
+		new (inner: {
+			mlsError: MlsError;
+		}): {
+			readonly tag: CoreCryptoError_Tags.Mls;
+			readonly inner: Readonly<{
+				mlsError: MlsError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			mlsError: MlsError;
+		}): {
+			readonly tag: CoreCryptoError_Tags.Mls;
+			readonly inner: Readonly<{
+				mlsError: MlsError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.Mls;
+			readonly inner: Readonly<{
+				mlsError: MlsError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.Mls;
+			readonly inner: Readonly<{
+				mlsError: MlsError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: CoreCryptoError_Tags.Mls;
+			readonly inner: Readonly<{
+				mlsError: MlsError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			mlsError: MlsError;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	Proteus: {
+		new (inner: {
+			exception: ProteusError;
+		}): {
+			readonly tag: CoreCryptoError_Tags.Proteus;
+			readonly inner: Readonly<{
+				exception: ProteusError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			exception: ProteusError;
+		}): {
+			readonly tag: CoreCryptoError_Tags.Proteus;
+			readonly inner: Readonly<{
+				exception: ProteusError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.Proteus;
+			readonly inner: Readonly<{
+				exception: ProteusError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.Proteus;
+			readonly inner: Readonly<{
+				exception: ProteusError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: CoreCryptoError_Tags.Proteus;
+			readonly inner: Readonly<{
+				exception: ProteusError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			exception: ProteusError;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	E2ei: {
+		new (inner: {
+			e2eiError: string;
+		}): {
+			readonly tag: CoreCryptoError_Tags.E2ei;
+			readonly inner: Readonly<{
+				e2eiError: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			e2eiError: string;
+		}): {
+			readonly tag: CoreCryptoError_Tags.E2ei;
+			readonly inner: Readonly<{
+				e2eiError: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.E2ei;
+			readonly inner: Readonly<{
+				e2eiError: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.E2ei;
+			readonly inner: Readonly<{
+				e2eiError: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: CoreCryptoError_Tags.E2ei;
+			readonly inner: Readonly<{
+				e2eiError: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			e2eiError: string;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	TransactionFailed: {
+		new (inner: {
+			error: string;
+		}): {
+			readonly tag: CoreCryptoError_Tags.TransactionFailed;
+			readonly inner: Readonly<{
+				error: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			error: string;
+		}): {
+			readonly tag: CoreCryptoError_Tags.TransactionFailed;
+			readonly inner: Readonly<{
+				error: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.TransactionFailed;
+			readonly inner: Readonly<{
+				error: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.TransactionFailed;
+			readonly inner: Readonly<{
+				error: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: CoreCryptoError_Tags.TransactionFailed;
+			readonly inner: Readonly<{
+				error: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			error: string;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	Other: {
+		new (inner: {
+			msg: string;
+		}): {
+			readonly tag: CoreCryptoError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			msg: string;
+		}): {
+			readonly tag: CoreCryptoError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: CoreCryptoError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			msg: string;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+}>;
+/**
+ * The primary error type returned across the CoreCrypto FFI boundary.
+ */
+export type CoreCryptoError = InstanceType<(typeof CoreCryptoError)["Mls" | "Proteus" | "E2ei" | "TransactionFailed" | "Other"]>;
+type WelcomeLike = Welcome;
+/**
+ * A TLS-serialized Welcome message.
+ *
+ * This structure is defined in RFC 9420:
+ * <https://www.rfc-editor.org/rfc/rfc9420.html#joining-via-welcome-message>.
+ */
+export declare class Welcome extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "Welcome";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Fallibly instantiate an instance from a byte array.
+	 */
+	constructor(bytes: Uint8Array);
+	/**
+	 * TLS-serialize this message
+	 */
+	serialize(): Uint8Array;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is Welcome;
+}
+/**
+ * How a `GroupInfo` is encrypted in a commit bundle.
+ */
+declare enum MlsGroupInfoEncryptionType {
+	/**
+	 * Unencrypted `GroupInfo`
+	 */
+	Plaintext = 1,
+	/**
+	 * `GroupInfo` encrypted in a JWE
+	 */
+	JweEncrypted = 2
+}
+/**
+ * How the ratchet tree is represented in a `GroupInfo`.
+ */
+declare enum MlsRatchetTreeType {
+	/**
+	 * The full ratchet tree is included.
+	 */
+	Full = 1,
+	/**
+	 * Only changes since the previous epoch are included.
+	 *
+	 * Not yet implemented. See the draft proposal:
+	 * <https://github.com/rohan-wire/ietf-drafts/blob/main/mahy-mls-ratchet-tree-delta/draft-mahy-mls-ratchet-tree-delta.md>
+	 */
+	Delta = 2,
+	/**
+	 * The ratchet tree is identified by an external reference rather than included inline.
+	 */
+	ByRef = 3
+}
+/**
+ * A `GroupInfo` with associated metadata.
+ */
+export type GroupInfoBundle = {
+	/**
+	 * How the group info is encrypted.
+	 */
+	encryptionType: MlsGroupInfoEncryptionType;
+	/**
+	 * What kind of ratchet tree is used.
+	 */
+	ratchetTreeType: MlsRatchetTreeType;
+	/**
+	 * The group info payload.
+	 */
+	payload: Uint8Array;
+};
+/**
+ * Generated factory for {@link GroupInfoBundle} record objects.
+ */
+export declare const GroupInfoBundle: Readonly<{
+	create: (partial: Partial<GroupInfoBundle> & Required<Omit<GroupInfoBundle, never>>) => GroupInfoBundle;
+	new: (partial: Partial<GroupInfoBundle> & Required<Omit<GroupInfoBundle, never>>) => GroupInfoBundle;
+	defaults: () => Partial<GroupInfoBundle>;
+}>;
+/**
+ * Information returned when a commit is created.
+ */
+export type CommitBundle = {
+	/**
+	 * A welcome message, present when there are pending Add proposals.
+	 */
+	welcome?: WelcomeLike;
+	/**
+	 * The MLS commit message.
+	 */
+	commit: Uint8Array;
+	/**
+	 * The `GroupInfo` associated with this commit.
+	 */
+	groupInfo: GroupInfoBundle;
+	/**
+	 * An encrypted message to fan out to all other conversation members in the new epoch.
+	 */
+	encryptedMessage?: Uint8Array;
+};
+/**
+ * Generated factory for {@link CommitBundle} record objects.
+ */
+export declare const CommitBundle: Readonly<{
+	create: (partial: Partial<CommitBundle> & Required<Omit<CommitBundle, "welcome" | "encryptedMessage">>) => CommitBundle;
+	new: (partial: Partial<CommitBundle> & Required<Omit<CommitBundle, "welcome" | "encryptedMessage">>) => CommitBundle;
+	defaults: () => Partial<CommitBundle>;
+}>;
+/**
+ * A decrypted message and various associated metadata.
+ */
+export type DecryptedMessage = {
+	/**
+	 * Decrypted plaintext
+	 */
+	message?: Uint8Array;
+	/**
+	 * False if processing this message caused the client to be removed from the group, i.e. due to a Remove commit.
+	 */
+	isActive: boolean;
+	/**
+	 * Commit delay in seconds.
+	 *
+	 * When set, clients must delay this long before processing a commit.
+	 * This reduces load on the backend, which otherwise would receive epoch change notifications from all clients
+	 * simultaneously.
+	 */
+	commitDelay?: bigint;
+	/**
+	 * `ClientId` of the sender of the message being decrypted. Only present for application messages.
+	 */
+	senderClientId?: ClientIdLike;
+	/**
+	 * Identity claims present in the sender credential.
+	 */
+	identity: WireIdentity;
+	/**
+	 * Only set when the decrypted message is a commit.
+	 *
+	 * Contains buffered messages for next epoch which were received before the commit creating the epoch
+	 * because the DS did not fan them out in order.
+	 */
+	bufferedMessages?: Array<BufferedDecryptedMessage>;
+};
+/**
+ * Generated factory for {@link DecryptedMessage} record objects.
+ */
+export declare const DecryptedMessage: Readonly<{
+	create: (partial: Partial<DecryptedMessage> & Required<Omit<DecryptedMessage, "message" | "commitDelay" | "senderClientId" | "bufferedMessages">>) => DecryptedMessage;
+	new: (partial: Partial<DecryptedMessage> & Required<Omit<DecryptedMessage, "message" | "commitDelay" | "senderClientId" | "bufferedMessages">>) => DecryptedMessage;
+	defaults: () => Partial<DecryptedMessage>;
+}>;
+/**
+ * A `HistorySecret` encodes sufficient client state that it can be used to instantiate an
+ * ephemeral client.
+ */
+export type HistorySecret = {
+	/**
+	 * Client id of the associated history client.
+	 */
+	clientId: ClientIdLike;
+	/**
+	 * Opaque secret data sufficient to reconstruct a history client.
+	 */
+	data: Uint8Array;
+};
+/**
+ * Generated factory for {@link HistorySecret} record objects.
+ */
+export declare const HistorySecret: Readonly<{
+	create: (partial: Partial<HistorySecret> & Required<Omit<HistorySecret, never>>) => HistorySecret;
+	new: (partial: Partial<HistorySecret> & Required<Omit<HistorySecret, never>>) => HistorySecret;
+	defaults: () => Partial<HistorySecret>;
+}>;
+/**
+ * An HttpHeader used for PKI hooks.
+ */
+export type HttpHeader = {
+	/**
+	 * Header name
+	 */
+	name: string;
+	/**
+	 * Header value
+	 */
+	value: string;
+};
+/**
+ * Generated factory for {@link HttpHeader} record objects.
+ */
+export declare const HttpHeader: Readonly<{
+	create: (partial: Partial<HttpHeader> & Required<Omit<HttpHeader, never>>) => HttpHeader;
+	new: (partial: Partial<HttpHeader> & Required<Omit<HttpHeader, never>>) => HttpHeader;
+	defaults: () => Partial<HttpHeader>;
+}>;
+/**
+ * An HttpResponse used for PKI hooks.
+ */
+export type HttpResponse = {
+	/**
+	 * HTTP status code
+	 */
+	status: number;
+	/**
+	 * List of header fields
+	 */
+	headers: Array<HttpHeader>;
+	/**
+	 * HTTP body
+	 */
+	body: Uint8Array;
+};
+/**
+ * Generated factory for {@link HttpResponse} record objects.
+ */
+export declare const HttpResponse: Readonly<{
+	create: (partial: Partial<HttpResponse> & Required<Omit<HttpResponse, never>>) => HttpResponse;
+	new: (partial: Partial<HttpResponse> & Required<Omit<HttpResponse, never>>) => HttpResponse;
+	defaults: () => Partial<HttpResponse>;
+}>;
+/**
+ * Encapsulates a prekey id and a CBOR-serialized prekey.
+ */
+export type ProteusAutoPrekeyBundle = {
+	/**
+	 * Prekey id (automatically incremented)
+	 */
+	id: number;
+	/**
+	 * CBOR serialization of prekey
+	 */
+	pkb: Uint8Array;
+};
+/**
+ * Generated factory for {@link ProteusAutoPrekeyBundle} record objects.
+ */
+export declare const ProteusAutoPrekeyBundle: Readonly<{
+	create: (partial: Partial<ProteusAutoPrekeyBundle> & Required<Omit<ProteusAutoPrekeyBundle, never>>) => ProteusAutoPrekeyBundle;
+	new: (partial: Partial<ProteusAutoPrekeyBundle> & Required<Omit<ProteusAutoPrekeyBundle, never>>) => ProteusAutoPrekeyBundle;
+	defaults: () => Partial<ProteusAutoPrekeyBundle>;
+}>;
+/**
+ * MLS cipher suites
+ */
+export declare enum CipherSuite {
+	/**
+	 * DH KEM x25519 | AES-GCM 128 | SHA2-256 | Ed25519
+	 */
+	Mls128Dhkemx25519Aes128gcmSha256Ed25519 = 1,
+	/**
+	 * DH KEM P256 | AES-GCM 128 | SHA2-256 | EcDSA P256
+	 */
+	Mls128Dhkemp256Aes128gcmSha256P256 = 2,
+	/**
+	 * DH KEM x25519 | Chacha20Poly1305 | SHA2-256 | Ed25519
+	 */
+	Mls128Dhkemx25519Chacha20poly1305Sha256Ed25519 = 3,
+	/**
+	 * DH KEM x448 | AES-GCM 256 | SHA2-512 | Ed448
+	 */
+	Mls256Dhkemx448Aes256gcmSha512Ed448 = 4,
+	/**
+	 * DH KEM P521 | AES-GCM 256 | SHA2-512 | EcDSA P521
+	 */
+	Mls256Dhkemp521Aes256gcmSha512P521 = 5,
+	/**
+	 * DH KEM x448 | Chacha20Poly1305 | SHA2-512 | Ed448
+	 */
+	Mls256Dhkemx448Chacha20poly1305Sha512Ed448 = 6,
+	/**
+	 * DH KEM P384 | AES-GCM 256 | SHA2-384 | EcDSA P384
+	 */
+	Mls256Dhkemp384Aes256gcmSha384P384 = 7
+}
+/**
+ * Configuration for an X509 credential acquisition flow.
+ */
+export type X509CredentialAcquisitionConfiguration = {
+	/**
+	 * ACME directory URL.
+	 */
+	acmeDirectoryUrl: string;
+	/**
+	 * Ciphersuite of the acquired credential.
+	 */
+	cipherSuite: CipherSuite;
+	/**
+	 * User-visible display name.
+	 */
+	displayName: string;
+	/**
+	 * Wire client id for the device acquiring the credential.
+	 */
+	clientId: ClientIdLike;
+	/**
+	 * Wire handle without the domain suffix.
+	 */
+	handle: string;
+	/**
+	 * Wire domain.
+	 */
+	domain: string;
+	/**
+	 * Optional Wire team id.
+	 */
+	team?: string;
+	/**
+	 * Certificate validity period in seconds.
+	 */
+	validityPeriodSecs: bigint;
+};
+/**
+ * Generated factory for {@link X509CredentialAcquisitionConfiguration} record objects.
+ */
+export declare const X509CredentialAcquisitionConfiguration: Readonly<{
+	create: (partial: Partial<X509CredentialAcquisitionConfiguration> & Required<Omit<X509CredentialAcquisitionConfiguration, "team">>) => X509CredentialAcquisitionConfiguration;
+	new: (partial: Partial<X509CredentialAcquisitionConfiguration> & Required<Omit<X509CredentialAcquisitionConfiguration, "team">>) => X509CredentialAcquisitionConfiguration;
+	defaults: () => Partial<X509CredentialAcquisitionConfiguration>;
+}>;
+/**
+ * Defines the log level for CoreCrypto.
+ */
+export declare enum CoreCryptoLogLevel {
+	Off = 1,
+	Trace = 2,
+	Debug = 3,
+	Info = 4,
+	Warn = 5,
+	Error = 6
+}
+/**
+ * The end-to-end identity verification state of a conversation.
+ *
+ * Note: this does not check pending state (pending commit, pending proposals), so it does not
+ * consider members about to be added or removed.
+ */
+export declare enum E2eiConversationState {
+	/**
+	 * All clients have a valid E2EI certificate.
+	 */
+	Verified = 1,
+	/**
+	 * Some clients are either still using Basic credentials or their certificate has expired.
+	 */
+	NotVerified = 2,
+	/**
+	 * All clients are still using Basic credentials.
+	 *
+	 * Note: if all clients have expired certificates, `NotVerified` is returned instead.
+	 */
+	NotEnabled = 3
+}
+export declare enum EpochChangedReportingError_Tags {
+	Ffi = "Ffi"
+}
+/**
+ * An error returned by an `EpochObserver` callback implementation.
+ */
+export declare const EpochChangedReportingError: {
+	Ffi: {
+		new (message: string): {
+			readonly tag: EpochChangedReportingError_Tags.Ffi;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [uniffiTypeNameSymbol]: string;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [variantOrdinalSymbol]: 1;
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(e: any): e is {
+			readonly tag: EpochChangedReportingError_Tags.Ffi;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [uniffiTypeNameSymbol]: string;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [variantOrdinalSymbol]: 1;
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	instanceOf: (e: any) => e is EpochChangedReportingError;
+};
+/**
+ * An error returned by an `EpochObserver` callback implementation.
+ */
+export type EpochChangedReportingError = InstanceType<(typeof EpochChangedReportingError)["Ffi"]>;
+/**
+ * HttpMethod used for PKI hooks.
+ */
+export declare enum HttpMethod {
+	/**
+	 * GET
+	 */
+	Get = 0,
+	/**
+	 * POST
+	 */
+	Post = 1,
+	/**
+	 * PUT
+	 */
+	Put = 2,
+	/**
+	 * DELETE
+	 */
+	Delete = 3,
+	/**
+	 * PATCH
+	 */
+	Patch = 4,
+	/**
+	 * HEAD
+	 */
+	Head = 5
+}
+export declare enum LoggingError_Tags {
+	Ffi = "Ffi"
+}
+/**
+ * An error returned by a `CoreCryptoLogger` callback implementation.
+ */
+export declare const LoggingError: {
+	Ffi: {
+		new (message: string): {
+			readonly tag: LoggingError_Tags.Ffi;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [uniffiTypeNameSymbol]: string;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [variantOrdinalSymbol]: 1;
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(e: any): e is {
+			readonly tag: LoggingError_Tags.Ffi;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [uniffiTypeNameSymbol]: string;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [variantOrdinalSymbol]: 1;
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	instanceOf: (e: any) => e is LoggingError;
+};
+/**
+ * An error returned by a `CoreCryptoLogger` callback implementation.
+ */
+export type LoggingError = InstanceType<(typeof LoggingError)["Ffi"]>;
+declare enum MlsTransportError_Tags {
+	MessageRejected = "MessageRejected"
+}
+/**
+ * Errors returned by MLS transport callbacks exposed through FFI.
+ */
+export declare const MlsTransportError: Readonly<{
+	instanceOf: (obj: any) => obj is MlsTransportError;
+	MessageRejected: {
+		new (inner: {
+			reason: string;
+		}): {
+			readonly tag: MlsTransportError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsTransportError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			reason: string;
+		}): {
+			readonly tag: MlsTransportError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsTransportError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsTransportError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsTransportError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsTransportError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsTransportError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: MlsTransportError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsTransportError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			reason: string;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+}>;
+/**
+ * Errors returned by MLS transport callbacks exposed through FFI.
+ */
+export type MlsTransportError = InstanceType<(typeof MlsTransportError)["MessageRejected"]>;
+declare enum NewHistoryClientReportingError_Tags {
+	Ffi = "Ffi"
+}
+/**
+ * An error returned by a `HistoryObserver` callback implementation.
+ */
+export declare const NewHistoryClientReportingError: {
+	Ffi: {
+		new (message: string): {
+			readonly tag: NewHistoryClientReportingError_Tags.Ffi;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [uniffiTypeNameSymbol]: string;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [variantOrdinalSymbol]: 1;
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(e: any): e is {
+			readonly tag: NewHistoryClientReportingError_Tags.Ffi;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [uniffiTypeNameSymbol]: string;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [variantOrdinalSymbol]: 1;
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	instanceOf: (e: any) => e is NewHistoryClientReportingError;
+};
+/**
+ * An error returned by a `HistoryObserver` callback implementation.
+ */
+export type NewHistoryClientReportingError = InstanceType<(typeof NewHistoryClientReportingError)["Ffi"]>;
+declare enum PkiEnvironmentHooksError_Tags {
+	Error = "Error"
+}
+/**
+ * An error returned by a `PkiEnvironmentHooks` callback implementation.
+ */
+export declare const PkiEnvironmentHooksError: Readonly<{
+	instanceOf: (obj: any) => obj is PkiEnvironmentHooksError;
+	Error: {
+		new (inner: {
+			reason: string;
+		}): {
+			readonly tag: PkiEnvironmentHooksError_Tags.Error;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "PkiEnvironmentHooksError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			reason: string;
+		}): {
+			readonly tag: PkiEnvironmentHooksError_Tags.Error;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "PkiEnvironmentHooksError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: PkiEnvironmentHooksError_Tags.Error;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "PkiEnvironmentHooksError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: PkiEnvironmentHooksError_Tags.Error;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "PkiEnvironmentHooksError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: PkiEnvironmentHooksError_Tags.Error;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "PkiEnvironmentHooksError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			reason: string;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+}>;
+/**
+ * An error returned by a `PkiEnvironmentHooks` callback implementation.
+ */
+export type PkiEnvironmentHooksError = InstanceType<(typeof PkiEnvironmentHooksError)["Error"]>;
+/**
+ * Signature schemes supported by MLS, as defined in RFC 9420.
+ */
+export declare enum SignatureScheme {
+	/**
+	 * ECDSA with secp256r1 (P-256) and SHA-256
+	 */
+	EcdsaSecp256r1Sha256 = 1027,
+	/**
+	 * ECDSA with secp384r1 (P-384) and SHA-384
+	 */
+	EcdsaSecp384r1Sha384 = 1283,
+	/**
+	 * ECDSA with secp521r1 (P-521) and SHA-512
+	 */
+	EcdsaSecp521r1Sha512 = 1539,
+	/**
+	 * Deterministic EdDSA with Curve25519 (Ed25519)
+	 */
+	Ed25519 = 2055,
+	/**
+	 * Deterministic EdDSA with Curve448 (Ed448)
+	 */
+	Ed448 = 2056
+}
+/**
+ * Typealias from the type name used in the UDL file to the builtin type.  This
+ * is needed because the UDL type name is used in function/method signatures.
+ */
+export type MlsTransportData = Uint8Array;
+type ConversationIdLike = ConversationId;
+/**
+ * A unique identifier for a single conversation.
+ *
+ * The backend provides an opaque string identifying a new conversation.
+ * Construct an instance of this newtype to pass that identifier to Rust.
+ */
+export declare class ConversationId extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "ConversationId";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Infallibly instantiate an instance from a byte array.
+	 */
+	constructor(bytes: Uint8Array);
+	/**
+	 * Copy the wrapped data into a new byte array.
+	 */
+	copyBytes(): Uint8Array;
+	toString(): string;
+	toDebugString(): string;
+	equals(other: ConversationId): boolean;
+	hashCode(): bigint;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is ConversationId;
+}
+type KeyPackageRefLike = KeyPackageRef;
+/**
+ * A lightweight distinct reference to a `KeyPackage`, sufficient to uniquely identify it.
+ *
+ * This contains some metadata to assist in sorting and filtering refs without needing to perform the
+ * relatively heavy operation of converting to a full keypackage.
+ */
+export declare class KeyPackageRef extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "KeyPackageRef";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	private constructor();
+	/**
+	 * Get the cipher_suite associated with this key package ref.
+	 */
+	cipherSuite(): CipherSuite;
+	/**
+	 * Get the credential type associated with this key package ref.
+	 */
+	credentialType(): CredentialType;
+	/**
+	 * Get the bytes of the hash reference to a keypackage.
+	 */
+	hashRef(): Uint8Array;
+	/**
+	 * Returns true if this keypackage's lifetime has not expired, or if no lifetime is present.
+	 */
+	isValid(): boolean;
+	/**
+	 * Get the signature scheme associated with this key package ref.
+	 */
+	signatureScheme(): SignatureScheme;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is KeyPackageRef;
+}
+type KeyPackageLike = KeyPackage;
+/**
+ * A signed object describing a client's identity and capabilities.
+ *
+ * Includes a public key that can be used to encrypt to that client.
+ * Other clients can use a client's KeyPackage to introduce that client to a new group.
+ */
+export declare class KeyPackage extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "KeyPackage";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Construct a new `Keypackage` from a byte array.
+	 */
+	constructor(bytes: Uint8Array);
+	/**
+	 * Convert this to a reference.
+	 */
+	ref(): KeyPackageRefLike;
+	/**
+	 * Serialize this to a byte vector.
+	 */
+	serialize(): Uint8Array;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is KeyPackage;
+}
+type CredentialLike = Credential$1;
+/**
+ * A cryptographic credential.
+ *
+ * This is tied to a particular client via either its client id or certificate bundle,
+ * depending on its credential type, but is independent of any client instance or storage.
+ *
+ * To attach a credential to a client instance and store it, call `add_credential` on a `CoreCryptoContext`.
+ */
+declare class Credential$1 extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "Credential";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	private constructor();
+	/**
+	 * Generate a basic credential.
+	 *
+	 * The result is independent of any client instance and the database; it lives in memory only.
+	 */
+	static basic(cipherSuite: CipherSuite, clientId: ClientIdLike): CredentialLike;
+	/**
+	 * Get the earliest possible validity of this credential, expressed as seconds after the unix epoch.
+	 *
+	 * Basic credentials have no defined earliest validity and will always return 0.
+	 */
+	earliestValidity(): bigint;
+	/**
+	 * Export a PEM string containing the public portion of this credential.
+	 *
+	 * - Basic credentials export their public key.
+	 * - x509 credentials export the full certificate chain. This enables external tools such as `openssl` to validate
+	 * the certificate chain.
+	 */
+	exportPem(): string;
+	/**
+	 * Get the signature scheme of this credential.
+	 */
+	signatureScheme(): SignatureScheme;
+	/**
+	 * Get the type of this credential.
+	 */
+	type(): CredentialType;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is Credential$1;
+}
+type CredentialRefLike = CredentialRef;
+/**
+ * A compact reference to a credential that has been persisted in CoreCrypto.
+ *
+ * Credentials can be quite large; this type avoids passing them back and forth across the FFI
+ * boundary more than strictly required.
+ *
+ * Created by calling `add_credential` on a `CoreCryptoContext`.
+ *
+ * This reference is not a literal in-memory reference.
+ * It is instead the key from which a credential can be retrieved,
+ * and is stable over time and across the FFI boundary.
+ */
+export declare class CredentialRef extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "CredentialRef";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	private constructor();
+	/**
+	 * Get the cipher suite of this credential ref.
+	 */
+	cipherSuite(): CipherSuite;
+	/**
+	 * Get the client id associated with this credential ref.
+	 */
+	clientId(): ClientIdLike;
+	/**
+	 * Get the earliest possible validity of this credential, expressed as seconds after the unix epoch.
+	 *
+	 * Basic credentials have no defined earliest validity and will always return 0.
+	 */
+	earliestValidity(): bigint;
+	/**
+	 * Get the SHA256 hash of the public key associated with this credential ref.
+	 */
+	publicKeyHash(): Uint8Array;
+	/**
+	 * Get the signature scheme of this credential ref.
+	 */
+	signatureScheme(): SignatureScheme;
+	/**
+	 * Get the type of this credential ref.
+	 */
+	type(): CredentialType;
+	toDebugString(): string;
+	toString(): string;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is CredentialRef;
+}
+type ExternalSenderLike = ExternalSender;
+/**
+ * A RFC 9420 External Sender
+ *
+ * This can be used to initialize a subconversation.
+ */
+export declare class ExternalSender extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "ExternalSender";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	private constructor();
+	/**
+	 * Parse an external sender.
+	 *
+	 * This first attempts to parse this as a JWK per `parse_jwk`,
+	 * and falls back to `parse_public_key` if the former method fails.
+	 */
+	static parse(key: Uint8Array, signatureScheme: SignatureScheme): ExternalSenderLike;
+	/**
+	 * Parse an external sender given a JWK.
+	 *
+	 * This expects a raw json serialized JWK. It works with any Signature scheme.
+	 */
+	static parseJwk(jwk: Uint8Array): ExternalSenderLike;
+	/**
+	 * Parse an external sender given a raw public key.
+	 *
+	 * This supports the legacy behaviour where the server was providing the external sender public key
+	 * raw.
+	 */
+	static parsePublicKey(key: Uint8Array, signatureScheme: SignatureScheme): ExternalSenderLike;
+	/**
+	 * Serialize this external sender into a byte vector.
+	 *
+	 * This produces the public key and matches `parse_public_key`.
+	 */
+	serialize(): Uint8Array;
+	equals(other: ExternalSender): boolean;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is ExternalSender;
+}
+type SecretKeyLike = SecretKey;
+/**
+ * A secret key derived from the group secret.
+ *
+ * This is intended to be used for AVS.
+ */
+export declare class SecretKey extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "SecretKey";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Infallibly instantiate an instance from a byte array.
+	 */
+	constructor(bytes: Uint8Array);
+	/**
+	 * Copy the wrapped data into a new byte array.
+	 */
+	copyBytes(): Uint8Array;
+	toString(): string;
+	equals(other: SecretKey): boolean;
+	hashCode(): bigint;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is SecretKey;
+}
+type GroupInfoLike = GroupInfo;
+/**
+ * MLS Group Information
+ *
+ * This is used when joining by external commit.
+ * It can be found within the `GroupInfoBundle` within a `CommitBundle`.
+ */
+export declare class GroupInfo extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "GroupInfo";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Fallibly instantiate an instance from a TLS-serialized byte array.
+	 */
+	constructor(bytes: Uint8Array);
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is GroupInfo;
+}
+/**
+ * Used by CoreCrypto to send commits or application messages to the delivery service.
+ *
+ * This trait must be implemented before calling any functions that produce commits.
+ */
+export interface MlsTransport {
+	/**
+	 * Send a commit bundle to the corresponding endpoint.
+	 */
+	sendCommitBundle(commitBundle: CommitBundle, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Prepare a history secret before transmission.
+	 */
+	prepareForTransport(historySecret: HistorySecret, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<MlsTransportData>;
+}
+type CoreCryptoContextLike = CoreCryptoContext;
+declare class CoreCryptoContext extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "CoreCryptoContext";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * This is only needed to allow TS inheritance and should be hidden from library consumers.
+	 */
+	constructor(instance: CoreCryptoContextLike);
+	/**
+	 * Adds members to the conversation using their key packages, sending the resulting commit via the transport.
+	 */
+	addClientsToConversation(conversationId: ConversationIdLike, keyPackages: Array<KeyPackageLike>, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Adds a `Credential` to this client.
+	 *
+	 * Note that while an arbitrary number of credentials can be generated,
+	 * those which are added to a CoreCrypto instance must be distinct in credential type,
+	 * signature scheme, and the timestamp of creation. This timestamp has only
+	 * 1 second of resolution, limiting the number of credentials which
+	 * can be added. This is a known limitation and will be relaxed in the future.
+	 */
+	addCredential(credential: CredentialLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<CredentialRefLike>;
+	/**
+	 * Check all X509 credentials for expiration and revocation
+	 *
+	 * This function must be called at least once every 24 hours. It is recommended to do this during an idle period,
+	 * because in case x509 credentials are used, HTTP requests are done to fetch new certificate revocation lists.
+	 */
+	checkCredentials(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Commits all pending proposals in the conversation, sending the resulting commit via the transport.
+	 */
+	commitPendingProposals(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Returns the cipher suite in use for the given conversation.
+	 */
+	conversationCipherSuite(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<CipherSuite>;
+	/**
+	 * Get the credential ref for the given conversation.
+	 */
+	conversationCredential(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<CredentialRefLike>;
+	/**
+	 * Returns the current MLS epoch of the given conversation.
+	 */
+	conversationEpoch(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<bigint>;
+	/**
+	 * Returns true if a conversation with the given id exists in the local state.
+	 */
+	conversationExists(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Creates a new MLS group with the given conversation ID, using the specified credential.
+	 */
+	createConversation(conversationId: ConversationIdLike, credentialRef: CredentialRefLike, externalSender?: ExternalSenderLike | undefined, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Decrypts an MLS message received in the given conversation.
+	 * **Note**: this will discard any local pending operations.
+	 */
+	decryptMessage(conversationId: ConversationIdLike, payload: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<DecryptedMessage>;
+	/**
+	 * Disables history sharing for the given conversation.
+	 */
+	disableHistorySharing(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Returns the end-to-end identity verification state of the given conversation.
+	 */
+	e2eiConversationState(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<E2eiConversationState>;
+	/**
+	 * Returns true if end-to-end identity is enabled for the given cipher_suite.
+	 */
+	e2eiIsEnabled(cipherSuite: CipherSuite, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Enables history sharing for the given conversation.
+	 */
+	enableHistorySharing(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Encrypts a plaintext message for all members of the given conversation.
+	 */
+	encryptMessage(conversationId: ConversationIdLike, message: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Derives and exports a secret of `key_length` bytes for the given conversation.
+	 *
+	 * The secret is derived from the MLS key schedule's exporter mechanism (RFC 9420 §8.5),
+	 * which produces output bound to the current group state and epoch. The exported value
+	 * changes whenever the epoch advances.
+	 */
+	exportSecretKey(conversationId: ConversationIdLike, keyLength: number, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<SecretKeyLike>;
+	/**
+	 * Generate a `KeyPackage` from the referenced credential.
+	 *
+	 * Makes no attempt to look up or prune existing keypackages.
+	 *
+	 * If `lifetime` is set, the keypackages will expire that span into the future.
+	 * If it is unset, a default lifetime of approximately 3 months is used.
+	 */
+	generateKeyPackage(credentialRef: CredentialRefLike, lifetime?: number | undefined, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<KeyPackageLike>;
+	/**
+	 * Returns the client ids of all members of the given conversation.
+	 */
+	getClientIds(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Array<ClientIdLike>>;
+	/**
+	 * Returns data previously stored by `set_data`, or `None` if no data has been stored.
+	 */
+	getData(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array | undefined>;
+	/**
+	 * Returns the E2EI identity claims for the specified devices in the given conversation.
+	 */
+	getDeviceIdentities(conversationId: ConversationIdLike, deviceIds: Array<ClientIdLike>, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Array<WireIdentity>>;
+	/**
+	 * Returns the serialized public key of the external sender for the given conversation.
+	 */
+	getExternalSender(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<ExternalSenderLike>;
+	/**
+	 * Get a reference to each `KeyPackage` in the database.
+	 */
+	getKeyPackages(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Array<KeyPackageRefLike>>;
+	/**
+	 * Returns the E2EI identity claims for the specified users in the given conversation, grouped by user ID.
+	 */
+	getUserIdentities(conversationId: ConversationIdLike, userIds: Array<string>, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Map<string, Array<WireIdentity>>>;
+	/**
+	 * Joins an existing conversation by constructing an external commit from the given group info.
+	 */
+	joinByExternalCommit(groupInfo: GroupInfoLike, credentialRef: CredentialRefLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<ConversationIdLike>;
+	/**
+	 * Initializes the MLS client with the given client ID and message transport.
+	 *
+	 * In general this method should be called at most once per core-crypto instance.
+	 * Calling it multiple times with the same parameters should silently succeed, but this is not
+	 * a supported or tested mode of operation.
+	 * Calling it multiple times with varying parameters might succeed, but this is not a supported or tested mode of
+	 * operation.
+	 */
+	mlsInit(clientId: ClientIdLike, transport: MlsTransport, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Joins a conversation by processing an MLS Welcome message, returning the new conversation's ID.
+	 */
+	processWelcomeMessage(welcomeMessage: WelcomeLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<ConversationIdLike>;
+	/**
+	 * Decrypts a Proteus ciphertext in the given session, returning the plaintext.
+	 */
+	proteusDecrypt(sessionId: string, ciphertext: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Decrypt a message whether or not the proteus session already exists, and saves the session.
+	 *
+	 * This is intended to replace simple usages of `proteusDecrypt`.
+	 *
+	 * However, when decrypting large numbers of messages in a single session, the existing methods
+	 * may be more efficient.
+	 */
+	proteusDecryptSafe(sessionId: string, ciphertext: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Encrypts a plaintext message in the given Proteus session.
+	 */
+	proteusEncrypt(sessionId: string, plaintext: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Encrypts a plaintext message in multiple Proteus sessions, returning a map from session ID to ciphertext.
+	 */
+	proteusEncryptBatched(sessions: Array<string>, plaintext: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Map<string, Uint8Array>>;
+	/**
+	 * Returns the hex-encoded public key fingerprint of this device's Proteus identity.
+	 */
+	proteusFingerprint(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Returns the hex-encoded local public key fingerprint for the Proteus session with the given ID.
+	 */
+	proteusFingerprintLocal(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Returns the hex-encoded remote public key fingerprint for the Proteus session with the given ID.
+	 */
+	proteusFingerprintRemote(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Initializes the Proteus client.
+	 *
+	 * In general this method should be called at most once per core-crypto instance.
+	 * Calling it multiple times with the same parameters should silently succeed, but this is not
+	 * a supported or tested mode of operation.
+	 * Calling it multiple times with varying parameters might succeed, but this is not a supported or tested mode of
+	 * operation.
+	 */
+	proteusInit(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Returns the CBOR-serialized last resort prekey bundle, creating it if it does not yet exist.
+	 */
+	proteusLastResortPrekey(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Creates a new Proteus prekey with the given ID and returns its CBOR-serialized bundle.
+	 *
+	 * Warning: the Proteus client must be initialized with `proteus_init` first or an error will be returned.
+	 */
+	proteusNewPrekey(prekeyId: number, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Creates a new Proteus prekey with an automatically assigned ID and returns its CBOR-serialized bundle.
+	 *
+	 * Warning: the Proteus client must be initialized with `proteus_init` first or an error will be returned.
+	 */
+	proteusNewPrekeyAuto(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<ProteusAutoPrekeyBundle>;
+	/**
+	 * Deletes the Proteus session with the given ID from local storage.
+	 */
+	proteusSessionDelete(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Returns true if a Proteus session with the given ID exists in local storage.
+	 */
+	proteusSessionExists(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Creates a new Proteus session from an incoming encrypted message, returning the decrypted message payload.
+	 */
+	proteusSessionFromMessage(sessionId: string, envelope: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Creates a new Proteus session from the given prekey bundle bytes, stored under the given session ID.
+	 */
+	proteusSessionFromPrekey(sessionId: string, prekey: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Saves the Proteus session with the given ID to the keystore.
+	 *
+	 * Note: this is not usually needed, as sessions are persisted automatically when
+	 * decrypting or encrypting messages and when initializing sessions.
+	 */
+	proteusSessionSave(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Generates `len` random bytes from the cryptographically secure RNG.
+	 */
+	randomBytes(len: number, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Removes the specified clients from the conversation, sending the resulting commit via the transport.
+	 */
+	removeClientsFromConversation(conversationId: ConversationIdLike, clients: Array<ClientIdLike>, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Removes a `Credential` from this client.
+	 */
+	removeCredential(credentialRef: CredentialRefLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Remove a `KeyPackage` from the database.
+	 */
+	removeKeyPackage(kpRef: KeyPackageRefLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Remove all `KeyPackage`s associated with this credential ref.
+	 */
+	removeKeyPackagesFor(credentialRef: CredentialRefLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Set the credential ref for the given conversation.
+	 */
+	setConversationCredential(conversationId: ConversationIdLike, credentialRef: CredentialRefLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Stores arbitrary data to be used as a transaction checkpoint.
+	 *
+	 * The stored data can be retrieved via `get_data`. Keep the data size reasonable;
+	 * this is not a general-purpose key-value store.
+	 */
+	setData(data: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Updates this client's key material in the conversation by sending an update commit.
+	 */
+	updateKeyingMaterial(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Destroys the local state of the given conversation; it can no longer be used locally after this call.
+	 */
+	wipeConversation(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is CoreCryptoContext;
+}
+interface CoreCryptoCommand {
+	/**
+	 * Will be called inside a transaction in CoreCrypto
+	 */
+	execute(context: CoreCryptoContextLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+}
+type PkiEnvironmentLike = PkiEnvironment;
+/**
+ * The PKI environment used for certificate management during X509 credential acquisition.
+ */
+export declare class PkiEnvironment extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "PkiEnvironment";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	private constructor();
+	/**
+	 * Create a new PKI environment.
+	 */
+	static create(hooks: PkiEnvironmentHooks, database: DatabaseLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<PkiEnvironmentLike>;
+	/**
+	 * Add a PEM-encoded certificate as an intermediate certificate.
+	 */
+	addIntermediateCert(certPem: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Add a PEM-encoded certificate as a trust anchor.
+	 *
+	 * NOTE: currently we only support storing a single trust anchor, calling this method multiple
+	 * times will overwrite any previously added trust anchor.
+	 */
+	addTrustAnchor(certPem: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is PkiEnvironment;
+}
+/**
+ * An `EpochObserver` is notified whenever a conversation's epoch changes.
+ */
+export interface EpochObserver {
+	/**
+	 * This function will be called every time a conversation's epoch changes.
+	 *
+	 * The `epoch` parameter contains the new epoch number.
+	 *
+	 * Warning: this function must not block. Foreign implementors can spawn a task,
+	 * send on a channel, or take any other non-blocking approach, as long as the
+	 * operation completes quickly.
+	 *
+	 * Though the signature includes an error type, that error is only present because
+	 * it is required by `uniffi` in order to handle panics. This function should suppress
+	 * and ignore internal errors instead of propagating them, to the maximum extent possible.
+	 */
+	epochChanged(conversationId: ConversationIdLike, epoch: bigint, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+}
+/**
+ * A `HistoryObserver` is notified whenever a new history client is created.
+ */
+export interface HistoryObserver {
+	/**
+	 * This function will be called every time a new history client is created.
+	 *
+	 * The `secret` parameter is the secret associated with the new history client.
+	 *
+	 * Warning: this function must not block. Foreign implementors can spawn a task,
+	 * send on a channel, or take any other non-blocking approach, as long as the
+	 * operation completes quickly.
+	 *
+	 * Though the signature includes an error type, that error is only present because
+	 * it is required by `uniffi` in order to handle panics. This function should suppress
+	 * and ignore internal errors instead of propagating them, to the maximum extent possible.
+	 */
+	historyClientCreated(conversationId: ConversationIdLike, secret: HistorySecret, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+}
+type CoreCryptoFfiLike = CoreCryptoFfi;
+declare class CoreCryptoFfi extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "CoreCryptoFfi";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * This is only needed to allow TS inheritance and should be hidden from library consumers.
+	 */
+	constructor(instance: CoreCryptoFfiLike);
+	/**
+	 * Returns the cipher_suite in use for the given conversation.
+	 */
+	conversationCipherSuite(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<CipherSuite>;
+	/**
+	 * Get the credential ref for the given conversation.
+	 */
+	conversationCredential(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<CredentialRefLike>;
+	/**
+	 * Returns the current MLS epoch of the given conversation.
+	 */
+	conversationEpoch(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<bigint>;
+	/**
+	 * Returns true if a conversation with the given id exists in the local state.
+	 */
+	conversationExists(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Returns the end-to-end identity verification state of the given conversation.
+	 */
+	e2eiConversationState(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<E2eiConversationState>;
+	/**
+	 * Returns true if end-to-end identity is enabled for the given cipher_suite.
+	 */
+	e2eiIsEnabled(cipherSuite: CipherSuite, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Returns true if the PKI environment has been set up and its provider is configured.
+	 */
+	e2eiIsPkiEnvSetup(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Derives and exports a secret of `key_length` bytes for the given conversation.
+	 *
+	 * The secret is derived from the MLS key schedule's exporter mechanism (RFC 9420 §8.5),
+	 * which produces output bound to the current group state and epoch. The exported value
+	 * changes whenever the epoch advances.
+	 */
+	exportSecretKey(conversationId: ConversationIdLike, keyLength: number, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<SecretKeyLike>;
+	/**
+	 * Get all credentials from this client which match the provided parameters.
+	 *
+	 * Parameters which are unset or `None` match anything. Those with a particular value find only credentials
+	 * matching that value.
+	 */
+	findCredentialsFfi(clientId?: ClientIdLike | undefined, publicKey?: Uint8Array | undefined, cipherSuite?: CipherSuite | undefined, credentialType?: CredentialType | undefined, earliestValidity?: bigint | undefined, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Array<CredentialRefLike>>;
+	/**
+	 * Returns the client ids of all members of the given conversation.
+	 */
+	getClientIds(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Array<ClientIdLike>>;
+	/**
+	 * Get all credentials from this client.
+	 */
+	getCredentials(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Array<CredentialRefLike>>;
+	/**
+	 * Returns the E2EI identity claims for the specified devices in the given conversation.
+	 */
+	getDeviceIdentities(conversationId: ConversationIdLike, deviceIds: Array<ClientIdLike>, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Array<WireIdentity>>;
+	/**
+	 * Returns the external sender for the given conversation.
+	 */
+	getExternalSender(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<ExternalSenderLike>;
+	/**
+	 * Get the PKI environment of the CoreCrypto instance.
+	 *
+	 * Returns null if it is not set.
+	 */
+	getPkiEnvironment(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<PkiEnvironmentLike | undefined>;
+	/**
+	 * Returns the E2EI identity claims for the specified users in the given conversation, grouped by user ID.
+	 */
+	getUserIdentities(conversationId: ConversationIdLike, userIds: Array<string>, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Map<string, Array<WireIdentity>>>;
+	/**
+	 * Returns true if history sharing is currently enabled for the given conversation.
+	 */
+	isHistorySharingEnabled(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Returns the hex-encoded public key fingerprint of this device's Proteus identity.
+	 */
+	proteusFingerprint(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Returns the hex-encoded local public key fingerprint for the Proteus session with the given ID.
+	 */
+	proteusFingerprintLocal(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Returns the hex-encoded remote public key fingerprint for the Proteus session with the given ID.
+	 */
+	proteusFingerprintRemote(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Returns true if a Proteus session with the given ID exists in local storage.
+	 */
+	proteusSessionExists(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Get the public key associated with this credential
+	 */
+	publicKey(credentialRef: CredentialRefLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Add an epoch observer to this client.
+	 *
+	 * This function should be called 0 or 1 times in a session's lifetime. If called
+	 * when an epoch observer already exists, this will return an error.
+	 */
+	registerEpochObserver(epochObserver: EpochObserver, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Add a history observer to this client.
+	 *
+	 * This function should be called 0 or 1 times in a session's lifetime. If called
+	 * when a history observer already exists, this will return an error.
+	 */
+	registerHistoryObserver(historyObserver: HistoryObserver, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Set the PKI environment of the CoreCrypto instance.
+	 */
+	setPkiEnvironment(pkiEnvironment: PkiEnvironmentLike | undefined, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Starts a new transaction in Core Crypto. If the callback succeeds, it will be committed,
+	 * otherwise, every operation performed with the context will be discarded.
+	 *
+	 * When calling this function from within Rust, async functions accepting a context
+	 * implement `CoreCryptoCommand`, so operations can be defined inline as follows:
+	 *
+	 * ```ignore
+	 * core_crypto.transaction(Arc::new(async |context| {
+	 * // your implementation here
+	 * Ok(())
+	 * }))?;
+	 * ```
+	 */
+	transactionFfi(command: CoreCryptoCommand, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is CoreCryptoFfi;
+}
+/**
+ * A callback interface for forwarding CoreCrypto log messages to the platform's logging system.
+ */
+export interface CoreCryptoLogger {
+	/**
+	 * CoreCrypto will call this method whenever it needs to log a message.
+	 *
+	 * This function catches panics and other unexpected errors. In those cases, it writes to `stderr`.
+	 */
+	log(level: CoreCryptoLogLevel, message: string, context: string | undefined): void;
+}
+type DatabaseKeyLike = DatabaseKey;
+/**
+ * A unique identifier for an MLS client.
+ *
+ * Each app instance a user is running, such as desktop or mobile, is a separate client
+ * with its own client id. A single user may therefore have multiple clients.
+ * More information: <https://messaginglayersecurity.rocks/mls-architecture/draft-ietf-mls-architecture.html#name-group-members-and-clients>
+ */
+export declare class DatabaseKey extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "DatabaseKey";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Fallibly instantiate an instance from a byte array.
+	 */
+	constructor(bytes: Uint8Array);
+	toDebugString(): string;
+	toString(): string;
+	equals(other: DatabaseKey): boolean;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is DatabaseKey;
+}
+type DatabaseLike = Database;
+/**
+ * The database acting as a core crypto keystore.
+ */
+export declare class Database extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "Database";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	private constructor();
+	/**
+	 * Create an in-memory database whose data will be lost when the instance is dropped.
+	 */
+	static inMemory(key: DatabaseKeyLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<DatabaseLike>;
+	/**
+	 * Open or create a database.
+	 */
+	static open(location: string, key: DatabaseKeyLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<DatabaseLike>;
+	/**
+	 * Get the location of the database.
+	 *
+	 * Returns null if the database is in-memory.
+	 */
+	getLocation(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string | undefined>;
+	/**
+	 * Updates the key of the database.
+	 *
+	 * This reencrypts it with the new key.
+	 */
+	updateKey(key: DatabaseKeyLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is Database;
+}
+/**
+ * Callbacks for external calls made by CoreCrypto during X509 credential acquisition.
+ *
+ * When communicating with the Identity Provider (IDP) and Wire server,
+ * CoreCrypto delegates to the client app by calling the relevant methods.
+ *
+ * Client App                 CoreCrypto                     Acme                     IDP
+ * |                           |                          |                        |
+ * | X509CredentialAcquisition().finalize()               |                        |
+ * |-------------------------->|                          |                        |
+ * |                           | GET acme/root.pem        |                        |
+ * |                           |------------------------> |                        |
+ * |                           | 200 OK                   |                        |
+ * |                           |<------------------------ |                        |
+ * | authenticate()            |                          |                        |
+ * |<--------------------------|                          |                        |
+ * |                           | Authentication flow      |                        |
+ * | ----------------------------------------------------------------------------> |
+ * |<----------------------------------------------------------------------------- |
+ * | return Success [PKiEnvironmentHooks.authenticate()]  |                        |
+ * |<--------------------------|                          |                        |
+ * |                           |  (excluded several calls for brevity)             |
+ * | return Success(Credential) [X509CredentialAcquisition().finalize()]           |
+ * |<--------------------------|                          |                        |
+ */
+export interface PkiEnvironmentHooks {
+	/**
+	 * Make an HTTP request.
+	 *
+	 * Used for requests to ACME servers, CRL distributors, etc.
+	 */
+	httpRequest(method: HttpMethod, url: string, headers: Array<HttpHeader>, body: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<HttpResponse>;
+	/**
+	 * Authenticate with the user's identity provider (IdP)
+	 *
+	 * The implementation should perform authentication using the authorization code flow
+	 * (<https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth>) with the PKCE
+	 * (<https://www.rfc-editor.org/rfc/rfc7636>) extension. As part of the authorization
+	 * request, the implementation should specify `key_auth` and `acme_aud` claims, along with
+	 * their values, in the `claims` parameter. This is to instruct the IdP to add the `key_auth`
+	 * and `acme_aud` claims to the ID token that will be returned as part of the access token.
+	 *
+	 * Once the authentication is completed successfully, the implementation should request
+	 * an access token from the IdP, extract the ID token from it and return it to the caller.
+	 */
+	authenticate(idp: string, keyAuth: string, acmeAud: string, acquisitionSnapshot: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Get a nonce from the backend.
+	 */
+	getBackendNonce(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Fetch an access token to be used for the DPoP challenge (`wire-dpop-01`)
+	 *
+	 * The implementation should take the provided DPoP token (`dpop`) and make a request to the
+	 * backend to obtain an access token, which should be returned to the caller.
+	 */
+	fetchBackendAccessToken(dpop: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+}
+type X509CredentialAcquisitionLike = X509CredentialAcquisition;
+declare class X509CredentialAcquisition extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "X509CredentialAcquisition";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Create a new credential acquisition
+	 */
+	constructor(pkiEnvironment: PkiEnvironmentLike, config: X509CredentialAcquisitionConfiguration);
+	/**
+	 * Deserialize a credential acquisition flow.
+	 */
+	static fromBytes(pkiEnvironment: PkiEnvironmentLike, bytes: Uint8Array): X509CredentialAcquisitionLike;
+	/**
+	 * Create a new credential acquisition from an existing credential. This API is temporary until our system
+	 * decouples client identities from a client's public signature key.
+	 * See <https://wearezeta.atlassian.net/wiki/x/RABtrQ>.
+	 *
+	 * Provide `core_crypto_database` if you're using distinct DB instances for `PkiEnvironment` and `CoreCrypto`.
+	 * Otherwise, the `PkiEnvironment`'s DB will be used to load the full credential.
+	 */
+	static newFromCredentialRef(pkiEnvironment: PkiEnvironmentLike, config: X509CredentialAcquisitionConfiguration, credentialRef: CredentialRefLike, coreCryptoDatabase: DatabaseLike | undefined, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<X509CredentialAcquisitionLike>;
+	/**
+	 * Complete the DPoP and OIDC challenges and return the acquired X509 credential.
+	 */
+	finalize(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<CredentialLike>;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is X509CredentialAcquisition;
+}
+declare class CoreCryptoContext$1 extends CoreCryptoContext {
+}
+export interface CredentialFindFilters {
+	clientId?: ClientId;
+	publicKey?: Uint8Array;
+	cipherSuite?: CipherSuite;
+	credentialType?: CredentialType;
+	earliestValidity?: bigint;
+}
+/**
+ * Wrapper for the WASM-compiled version of CoreCrypto
+ */
+export declare class CoreCrypto extends CoreCryptoFfi {
+	private constructor();
+	/**
+	 * Construct a new {@link CoreCrypto} instance.
+	 * MLS or proteus can be initialized  with {@link CoreCryptoContext.mlsInit} or
+	 * {@link CoreCryptoContext.proteusInit}, respectively.
+	 */
+	static new(database: Database): CoreCrypto;
+	/**
+	 * Instantiate a history client.
+	 *
+	 * This client exposes the full interface of {@link CoreCrypto}, but it should only be used to decrypt messages.
+	 * Other use is a logic error.
+	 */
+	static historyClient(historySecret: HistorySecret): Promise<CoreCrypto>;
+	/**
+	 * Starts a new transaction in Core Crypto. If the callback succeeds, it will be committed,
+	 * otherwise, every operation performed with the context will be discarded.
+	 *
+	 * @param callback - The callback to execute within the transaction
+	 *
+	 * @returns the result of the callback will be returned from this call
+	 */
+	transaction<R>(callback: (ctx: CoreCryptoContext$1) => Promise<R>): Promise<R>;
+	/**
+	 * Get those credentials known to this instance which match the provided filters
+	 *
+	 * @param findFilters a set of filters defining which credentials are of interest.
+	 */
+	findCredentials(findFilters: CredentialFindFilters): Promise<CredentialRef[]>;
+}
+declare class X509CredentialAcquisition$1 extends X509CredentialAcquisition {
+	/**
+	 * Create a new credential acquisition from an existing credential.
+	 * This API is temporary until our system decouples client identities from a client's public signature key.
+	 * See <https://wearezeta.atlassian.net/wiki/x/RABtrQ>.
+	 *
+	 * Provide `coreCryptoDatabase` if you're using distinct DB instances for `PkiEnvironment` and `CoreCrypto`.
+	 * Otherwise, the `PkiEnvironment`'s DB will be used to load the full credential.
+	 */
+	static newFromCredentialRef(pkiEnvironment: PkiEnvironmentLike, config: X509CredentialAcquisitionConfiguration, credentialRef: CredentialRefLike, coreCryptoDatabase?: DatabaseLike): Promise<X509CredentialAcquisition$1>;
+}
+
+export {
+	CoreCryptoContext$1 as CoreCryptoContext,
+	Credential$1 as Credential,
+	MlsGroupInfoEncryptionType as GroupInfoEncryptionType,
+	MlsRatchetTreeType as RatchetTreeType,
+	X509CredentialAcquisition$1 as X509CredentialAcquisition,
+	proteusLastResortPrekeyIdFfi as proteusLastResortPrekeyId,
+};
+
+export {};