npm - @wireapp/core-crypto - Versions diffs - 9.3.4 → 10.0.0-pre.11 - Mend

@wireapp/core-crypto 9.3.4 → 10.0.0-pre.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/browser/autogenerated/wasm-bindgen/index_bg.wasm +0 -0
package/dist/browser/autogenerated/wasm-bindgen/index_bg.wasm.d.ts +920 -0
package/dist/browser/corecrypto.d.ts +3875 -0
package/dist/browser/corecrypto.js +10522 -0
package/dist/native/corecrypto.d.ts +3848 -0
package/dist/native/corecrypto.js +8970 -0
package/dist/native/libcore_crypto_ffi.dylib +0 -0
package/dist/native/libcore_crypto_ffi.so +0 -0
package/package.json +44 -52
package/README.md +0 -5
package/src/autogenerated/core-crypto-ffi_bg.wasm +0 -0
package/src/autogenerated/core-crypto-ffi_bg.wasm.d.ts +0 -278
package/src/corecrypto.d.ts +0 -2567
package/src/corecrypto.js +0 -4329

package/dist/browser/corecrypto.d.ts ADDED Viewed

@@ -0,0 +1,3875 @@
+// Generated by dts-bundle-generator v9.5.1
+import { UniffiAbstractObject, UniffiGcObject, UniffiHandle, destructorGuardSymbol, pointerLiteralSymbol, uniffiTypeNameSymbol, variantOrdinalSymbol } from '@ubjs/core';
+/**
+ * Returns build metadata for CoreCrypto.
+ */
+export declare function buildMetadata(): BuildMetadata;
+/**
+ * Get an instance of the default cipher suite.
+ */
+export declare function cipherSuiteDefault(): CipherSuite;
+/**
+ * Construct a cipher suite enum instance from its discriminant.
+ */
+export declare function cipherSuiteFromU16(discriminant: number): CipherSuite;
+/**
+ * Updates the key of the CoreCrypto database.
+ *
+ * This function is intended to be called only once, when migrating from CoreCrypto 5.x to 6.x.
+ */
+export declare function migrateDatabaseKeyTypeToBytes(path: string, oldKey: string, newKey: DatabaseKeyLike, asyncOpts_?: {
+	signal: AbortSignal;
+}): Promise<void>;
+/**
+ * Returns the Proteus last resort prekey ID.
+ *
+ * The last resort prekey is a special prekey retained after all other prekeys have been consumed,
+ * ensuring a session can always be established. Its ID is always `u16::MAX` (65535).
+ */
+declare function proteusLastResortPrekeyIdFfi(): number;
+/**
+ * Initializes the logger.
+ */
+export declare function setLogger(logger: CoreCryptoLogger): void;
+/**
+ * Sets the maximum log level forwarded to the logger.
+ */
+export declare function setMaxLogLevel(level: CoreCryptoLogLevel): void;
+/**
+ * The version of `core-crypto`.
+ */
+export declare function version(): string;
+type UuidLike = Uuid;
+/**
+ * A Uuid.
+ */
+export declare class Uuid extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "Uuid";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Parse a `Uuid` from a string.
+	 */
+	constructor(uuid: string);
+	equals(other: Uuid): boolean;
+	hashCode(): bigint;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is Uuid;
+}
+type DeviceIdLike = DeviceId;
+/**
+ * A Device ID.
+ */
+export declare class DeviceId extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "DeviceId";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * New device id from an unsigned 64-bit integer.
+	 */
+	constructor(id: bigint);
+	/**
+	 * Construct a `DeviceId` from 8 bytes encoded as a hex string.
+	 */
+	static fromHexString(hexString: string): DeviceIdLike;
+	/**
+	 * Encode the `DeviceId` as a 16-character lowercase hex string, with leading 0s.
+	 */
+	toHexString(): string;
+	/**
+	 * Get the number corresponding to this `DeviceId`.
+	 */
+	toU64(): bigint;
+	equals(other: DeviceId): boolean;
+	hashCode(): bigint;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is DeviceId;
+}
+/**
+ * This directly represents a `ClientId` of the `<userid>-<device-id>@<domain>` format.
+ * Instantiate via [ClientId::deserialize].
+ */
+export type DeserializedClientId = {
+	/**
+	 * The client id this was deserialized from
+	 */
+	clientId: ClientIdLike;
+	/**
+	 * The user id component
+	 */
+	userId: UuidLike;
+	/**
+	 * The device id component
+	 */
+	deviceId: DeviceIdLike;
+	/**
+	 * The domain
+	 */
+	domain: string;
+};
+/**
+ * Generated factory for {@link DeserializedClientId} record objects.
+ */
+export declare const DeserializedClientId: Readonly<{
+	create: (partial: Partial<DeserializedClientId> & Required<Omit<DeserializedClientId, never>>) => DeserializedClientId;
+	new: (partial: Partial<DeserializedClientId> & Required<Omit<DeserializedClientId, never>>) => DeserializedClientId;
+	defaults: () => Partial<DeserializedClientId>;
+}>;
+type ClientIdLike = ClientId;
+/**
+ * A unique identifier for an MLS client.
+ *
+ * Each app instance a user is running, such as desktop or mobile, is a separate client
+ * with its own client id. A single user may therefore have multiple clients.
+ * More information: <https://messaginglayersecurity.rocks/mls-architecture/draft-ietf-mls-architecture.html#name-group-members-and-clients>
+ */
+export declare class ClientId extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "ClientId";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Create a new client id.
+	 */
+	constructor(userId: UuidLike, deviceId: DeviceIdLike, domain: string);
+	/**
+	 * Copy the wrapped data into a new byte array.
+	 */
+	copyBytes(): Uint8Array;
+	/**
+	 * Copy the wrapped data into a direct representation of the `<user-id>:<device-id>@<domain>` format.
+	 */
+	deserialize(): DeserializedClientId;
+	equals(other: ClientId): boolean;
+	hashCode(): bigint;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is ClientId;
+}
+/**
+ * The standalone status of a device credential in an MLS group at a given moment.
+ *
+ * This does not represent states where a device is not using MLS or end-to-end identity.
+ */
+export declare enum DeviceStatus {
+	/**
+	 * The device credential is valid.
+	 */
+	Valid = 1,
+	/**
+	 * The device credential's certificate has expired.
+	 */
+	Expired = 2,
+	/**
+	 * The device credential's certificate has been revoked.
+	 *
+	 * Note: revocation is not yet implemented.
+	 */
+	Revoked = 3
+}
+/**
+ * The type of credential used to authenticate an MLS client's identity.
+ */
+export declare enum CredentialType {
+	/**
+	 * A basic credential backed by a raw key pair, without any certificate infrastructure.
+	 */
+	Basic = 1,
+	/**
+	 * An X509 certificate credential, typically obtained through the end-to-end identity enrollment process.
+	 */
+	X509 = 2
+}
+/**
+ * Typealias from the type name used in the UDL file to the builtin type.  This
+ * is needed because the UDL type name is used in function/method signatures.
+ */
+export type Timestamp = Date;
+/**
+ * Fields from a `WireIdentity` that are specific to X509 credentials.
+ */
+export type X509Identity = {
+	/**
+	 * User handle e.g. `john_wire`
+	 */
+	handle: string;
+	/**
+	 * Name as displayed in the messaging application e.g. `John Fitzgerald Kennedy`
+	 */
+	displayName: string;
+	/**
+	 * DNS domain for which this identity proof was generated e.g. `whitehouse.gov`
+	 */
+	domain: string;
+	/**
+	 * PEM-encoded X509 certificate identifying this client in the MLS group.
+	 */
+	certificate: string;
+	/**
+	 * X509 certificate serial number
+	 */
+	serialNumber: string;
+	/**
+	 * Certificate validity start time (the X509 notBefore field).
+	 */
+	notBefore: Timestamp;
+	/**
+	 * Certificate validity end time (the X509 notAfter field).
+	 */
+	notAfter: Timestamp;
+};
+/**
+ * Generated factory for {@link X509Identity} record objects.
+ */
+export declare const X509Identity: Readonly<{
+	create: (partial: Partial<X509Identity> & Required<Omit<X509Identity, never>>) => X509Identity;
+	new: (partial: Partial<X509Identity> & Required<Omit<X509Identity, never>>) => X509Identity;
+	defaults: () => Partial<X509Identity>;
+}>;
+/**
+ * The identity claims identifying a client.
+ *
+ * Those claims are verifiable by any member in the group.
+ */
+export type WireIdentity = {
+	/**
+	 * Unique client identifier e.g. `T4Coy4vdRzianwfOgXpn6A:6add501bacd1d90e@whitehouse.gov`
+	 */
+	clientId?: ClientIdLike;
+	/**
+	 * Status of the credential at the moment this object is created.
+	 */
+	status: DeviceStatus;
+	/**
+	 * MLS thumbprint
+	 */
+	thumbprint: string;
+	/**
+	 * Indicates whether the credential is Basic or X509.
+	 */
+	credentialType: CredentialType;
+	/**
+	 * The X509 certificate details; populated only when `credential_type` is X509.
+	 */
+	x509Identity?: X509Identity;
+};
+/**
+ * Generated factory for {@link WireIdentity} record objects.
+ */
+export declare const WireIdentity: Readonly<{
+	create: (partial: Partial<WireIdentity> & Required<Omit<WireIdentity, "clientId" | "x509Identity">>) => WireIdentity;
+	new: (partial: Partial<WireIdentity> & Required<Omit<WireIdentity, "clientId" | "x509Identity">>) => WireIdentity;
+	defaults: () => Partial<WireIdentity>;
+}>;
+/**
+ * A decrypted message that was buffered due to out-of-order delivery by the distribution service.
+ *
+ * These are returned in the `buffered_messages` field of a `DecryptedMessage` when a commit is
+ * processed. They represent messages for the new epoch that arrived before the commit that created it.
+ */
+export type BufferedDecryptedMessage = {
+	/**
+	 * Decrypted plaintext
+	 */
+	message?: Uint8Array;
+	/**
+	 * False if processing this message caused the client to be removed from the group, i.e. due to a Remove commit.
+	 */
+	isActive: boolean;
+	/**
+	 * Commit delay in seconds.
+	 *
+	 * When set, clients must delay this long before processing a commit.
+	 * This reduces load on the backend, which otherwise would receive epoch change notifications from all clients
+	 * simultaneously.
+	 */
+	commitDelay?: bigint;
+	/**
+	 * `ClientId` of the sender of the message being decrypted. Only present for application messages.
+	 */
+	senderClientId?: ClientIdLike;
+	/**
+	 * Identity claims present in the sender credential.
+	 */
+	identity: WireIdentity;
+};
+/**
+ * Generated factory for {@link BufferedDecryptedMessage} record objects.
+ */
+export declare const BufferedDecryptedMessage: Readonly<{
+	create: (partial: Partial<BufferedDecryptedMessage> & Required<Omit<BufferedDecryptedMessage, "message" | "commitDelay" | "senderClientId">>) => BufferedDecryptedMessage;
+	new: (partial: Partial<BufferedDecryptedMessage> & Required<Omit<BufferedDecryptedMessage, "message" | "commitDelay" | "senderClientId">>) => BufferedDecryptedMessage;
+	defaults: () => Partial<BufferedDecryptedMessage>;
+}>;
+/**
+ * Metadata describing the conditions of the build of this software.
+ */
+export type BuildMetadata = {
+	/**
+	 * Build timestamp
+	 */
+	timestamp: string;
+	/**
+	 * Whether this build was in Debug mode (true) or Release mode (false).
+	 */
+	cargoDebug: string;
+	/**
+	 * Features enabled for this build.
+	 */
+	cargoFeatures: string;
+	/**
+	 * Optimization level
+	 */
+	optLevel: string;
+	/**
+	 * Build target triple
+	 */
+	targetTriple: string;
+	/**
+	 * Git branch
+	 */
+	gitBranch: string;
+	/**
+	 * Output of `git describe`
+	 */
+	gitDescribe: string;
+	/**
+	 * Hash of current git commit
+	 */
+	gitSha: string;
+	/**
+	 * `true` when the source code differed from the commit at the most recent git hash.
+	 */
+	gitDirty: string;
+};
+/**
+ * Generated factory for {@link BuildMetadata} record objects.
+ */
+export declare const BuildMetadata: Readonly<{
+	create: (partial: Partial<BuildMetadata> & Required<Omit<BuildMetadata, never>>) => BuildMetadata;
+	new: (partial: Partial<BuildMetadata> & Required<Omit<BuildMetadata, never>>) => BuildMetadata;
+	defaults: () => Partial<BuildMetadata>;
+}>;
+export declare enum MlsError_Tags {
+	ConversationAlreadyExists = "ConversationAlreadyExists",
+	DuplicateMessage = "DuplicateMessage",
+	BufferedFutureMessage = "BufferedFutureMessage",
+	WrongEpoch = "WrongEpoch",
+	BufferedCommit = "BufferedCommit",
+	MessageEpochTooOld = "MessageEpochTooOld",
+	SelfCommitIgnored = "SelfCommitIgnored",
+	UnmergedPendingGroup = "UnmergedPendingGroup",
+	StaleProposal = "StaleProposal",
+	StaleCommit = "StaleCommit",
+	OrphanWelcome = "OrphanWelcome",
+	MessageRejected = "MessageRejected",
+	Other = "Other"
+}
+/**
+ * Errors produced by the MLS layer.
+ */
+export declare const MlsError: Readonly<{
+	instanceOf: (obj: any) => obj is MlsError;
+	ConversationAlreadyExists: {
+		new (inner: {
+			conversationId: Uint8Array;
+		}): {
+			readonly tag: MlsError_Tags.ConversationAlreadyExists;
+			readonly inner: Readonly<{
+				conversationId: Uint8Array;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			conversationId: Uint8Array;
+		}): {
+			readonly tag: MlsError_Tags.ConversationAlreadyExists;
+			readonly inner: Readonly<{
+				conversationId: Uint8Array;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.ConversationAlreadyExists;
+			readonly inner: Readonly<{
+				conversationId: Uint8Array;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.ConversationAlreadyExists;
+			readonly inner: Readonly<{
+				conversationId: Uint8Array;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: MlsError_Tags.ConversationAlreadyExists;
+			readonly inner: Readonly<{
+				conversationId: Uint8Array;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			conversationId: Uint8Array;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	DuplicateMessage: {
+		new (): {
+			readonly tag: MlsError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	BufferedFutureMessage: {
+		new (): {
+			readonly tag: MlsError_Tags.BufferedFutureMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.BufferedFutureMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.BufferedFutureMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.BufferedFutureMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	WrongEpoch: {
+		new (): {
+			readonly tag: MlsError_Tags.WrongEpoch;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.WrongEpoch;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.WrongEpoch;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.WrongEpoch;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	BufferedCommit: {
+		new (): {
+			readonly tag: MlsError_Tags.BufferedCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.BufferedCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.BufferedCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.BufferedCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	MessageEpochTooOld: {
+		new (): {
+			readonly tag: MlsError_Tags.MessageEpochTooOld;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.MessageEpochTooOld;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.MessageEpochTooOld;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.MessageEpochTooOld;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	SelfCommitIgnored: {
+		new (): {
+			readonly tag: MlsError_Tags.SelfCommitIgnored;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.SelfCommitIgnored;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.SelfCommitIgnored;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.SelfCommitIgnored;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	UnmergedPendingGroup: {
+		new (): {
+			readonly tag: MlsError_Tags.UnmergedPendingGroup;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.UnmergedPendingGroup;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.UnmergedPendingGroup;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.UnmergedPendingGroup;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	StaleProposal: {
+		new (): {
+			readonly tag: MlsError_Tags.StaleProposal;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.StaleProposal;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.StaleProposal;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.StaleProposal;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	StaleCommit: {
+		new (): {
+			readonly tag: MlsError_Tags.StaleCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.StaleCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.StaleCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.StaleCommit;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	OrphanWelcome: {
+		new (): {
+			readonly tag: MlsError_Tags.OrphanWelcome;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: MlsError_Tags.OrphanWelcome;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.OrphanWelcome;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.OrphanWelcome;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	MessageRejected: {
+		new (inner: {
+			reason: string;
+		}): {
+			readonly tag: MlsError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			reason: string;
+		}): {
+			readonly tag: MlsError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: MlsError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			reason: string;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	Other: {
+		new (inner: {
+			msg: string;
+		}): {
+			readonly tag: MlsError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			msg: string;
+		}): {
+			readonly tag: MlsError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: MlsError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			msg: string;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+}>;
+/**
+ * Errors produced by the MLS layer.
+ */
+export type MlsError = InstanceType<(typeof MlsError)["ConversationAlreadyExists" | "DuplicateMessage" | "BufferedFutureMessage" | "WrongEpoch" | "BufferedCommit" | "MessageEpochTooOld" | "SelfCommitIgnored" | "UnmergedPendingGroup" | "StaleProposal" | "StaleCommit" | "OrphanWelcome" | "MessageRejected" | "Other"]>;
+export declare enum ProteusError_Tags {
+	SessionNotFound = "SessionNotFound",
+	DuplicateMessage = "DuplicateMessage",
+	RemoteIdentityChanged = "RemoteIdentityChanged",
+	Other = "Other"
+}
+/**
+ * Errors produced by the Proteus layer.
+ */
+export declare const ProteusError: Readonly<{
+	instanceOf: (obj: any) => obj is ProteusError;
+	SessionNotFound: {
+		new (): {
+			readonly tag: ProteusError_Tags.SessionNotFound;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: ProteusError_Tags.SessionNotFound;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: ProteusError_Tags.SessionNotFound;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: ProteusError_Tags.SessionNotFound;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	DuplicateMessage: {
+		new (): {
+			readonly tag: ProteusError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: ProteusError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: ProteusError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: ProteusError_Tags.DuplicateMessage;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	RemoteIdentityChanged: {
+		new (): {
+			readonly tag: ProteusError_Tags.RemoteIdentityChanged;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(): {
+			readonly tag: ProteusError_Tags.RemoteIdentityChanged;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: ProteusError_Tags.RemoteIdentityChanged;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: ProteusError_Tags.RemoteIdentityChanged;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	Other: {
+		new (inner: {
+			errorCode: number;
+		}): {
+			readonly tag: ProteusError_Tags.Other;
+			readonly inner: Readonly<{
+				errorCode: number;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			errorCode: number;
+		}): {
+			readonly tag: ProteusError_Tags.Other;
+			readonly inner: Readonly<{
+				errorCode: number;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: ProteusError_Tags.Other;
+			readonly inner: Readonly<{
+				errorCode: number;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: ProteusError_Tags.Other;
+			readonly inner: Readonly<{
+				errorCode: number;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: ProteusError_Tags.Other;
+			readonly inner: Readonly<{
+				errorCode: number;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "ProteusError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			errorCode: number;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+}>;
+/**
+ * Errors produced by the Proteus layer.
+ */
+export type ProteusError = InstanceType<(typeof ProteusError)["SessionNotFound" | "DuplicateMessage" | "RemoteIdentityChanged" | "Other"]>;
+export declare enum CoreCryptoError_Tags {
+	Mls = "Mls",
+	Proteus = "Proteus",
+	E2ei = "E2ei",
+	TransactionFailed = "TransactionFailed",
+	Other = "Other"
+}
+/**
+ * The primary error type returned across the CoreCrypto FFI boundary.
+ */
+export declare const CoreCryptoError: Readonly<{
+	instanceOf: (obj: any) => obj is CoreCryptoError;
+	Mls: {
+		new (inner: {
+			mlsError: MlsError;
+		}): {
+			readonly tag: CoreCryptoError_Tags.Mls;
+			readonly inner: Readonly<{
+				mlsError: MlsError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			mlsError: MlsError;
+		}): {
+			readonly tag: CoreCryptoError_Tags.Mls;
+			readonly inner: Readonly<{
+				mlsError: MlsError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.Mls;
+			readonly inner: Readonly<{
+				mlsError: MlsError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.Mls;
+			readonly inner: Readonly<{
+				mlsError: MlsError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: CoreCryptoError_Tags.Mls;
+			readonly inner: Readonly<{
+				mlsError: MlsError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			mlsError: MlsError;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	Proteus: {
+		new (inner: {
+			exception: ProteusError;
+		}): {
+			readonly tag: CoreCryptoError_Tags.Proteus;
+			readonly inner: Readonly<{
+				exception: ProteusError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			exception: ProteusError;
+		}): {
+			readonly tag: CoreCryptoError_Tags.Proteus;
+			readonly inner: Readonly<{
+				exception: ProteusError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.Proteus;
+			readonly inner: Readonly<{
+				exception: ProteusError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.Proteus;
+			readonly inner: Readonly<{
+				exception: ProteusError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: CoreCryptoError_Tags.Proteus;
+			readonly inner: Readonly<{
+				exception: ProteusError;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			exception: ProteusError;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	E2ei: {
+		new (inner: {
+			e2eiError: string;
+		}): {
+			readonly tag: CoreCryptoError_Tags.E2ei;
+			readonly inner: Readonly<{
+				e2eiError: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			e2eiError: string;
+		}): {
+			readonly tag: CoreCryptoError_Tags.E2ei;
+			readonly inner: Readonly<{
+				e2eiError: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.E2ei;
+			readonly inner: Readonly<{
+				e2eiError: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.E2ei;
+			readonly inner: Readonly<{
+				e2eiError: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: CoreCryptoError_Tags.E2ei;
+			readonly inner: Readonly<{
+				e2eiError: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			e2eiError: string;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	TransactionFailed: {
+		new (inner: {
+			error: string;
+		}): {
+			readonly tag: CoreCryptoError_Tags.TransactionFailed;
+			readonly inner: Readonly<{
+				error: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			error: string;
+		}): {
+			readonly tag: CoreCryptoError_Tags.TransactionFailed;
+			readonly inner: Readonly<{
+				error: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.TransactionFailed;
+			readonly inner: Readonly<{
+				error: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.TransactionFailed;
+			readonly inner: Readonly<{
+				error: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: CoreCryptoError_Tags.TransactionFailed;
+			readonly inner: Readonly<{
+				error: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			error: string;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	Other: {
+		new (inner: {
+			msg: string;
+		}): {
+			readonly tag: CoreCryptoError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			msg: string;
+		}): {
+			readonly tag: CoreCryptoError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: CoreCryptoError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: CoreCryptoError_Tags.Other;
+			readonly inner: Readonly<{
+				msg: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "CoreCryptoError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			msg: string;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+}>;
+/**
+ * The primary error type returned across the CoreCrypto FFI boundary.
+ */
+export type CoreCryptoError = InstanceType<(typeof CoreCryptoError)["Mls" | "Proteus" | "E2ei" | "TransactionFailed" | "Other"]>;
+type WelcomeLike = Welcome;
+/**
+ * A TLS-serialized Welcome message.
+ *
+ * This structure is defined in RFC 9420:
+ * <https://www.rfc-editor.org/rfc/rfc9420.html#joining-via-welcome-message>.
+ */
+export declare class Welcome extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "Welcome";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Fallibly instantiate an instance from a byte array.
+	 */
+	constructor(bytes: Uint8Array);
+	/**
+	 * TLS-serialize this message
+	 */
+	serialize(): Uint8Array;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is Welcome;
+}
+/**
+ * How a `GroupInfo` is encrypted in a commit bundle.
+ */
+declare enum MlsGroupInfoEncryptionType {
+	/**
+	 * Unencrypted `GroupInfo`
+	 */
+	Plaintext = 1,
+	/**
+	 * `GroupInfo` encrypted in a JWE
+	 */
+	JweEncrypted = 2
+}
+/**
+ * How the ratchet tree is represented in a `GroupInfo`.
+ */
+declare enum MlsRatchetTreeType {
+	/**
+	 * The full ratchet tree is included.
+	 */
+	Full = 1,
+	/**
+	 * Only changes since the previous epoch are included.
+	 *
+	 * Not yet implemented. See the draft proposal:
+	 * <https://github.com/rohan-wire/ietf-drafts/blob/main/mahy-mls-ratchet-tree-delta/draft-mahy-mls-ratchet-tree-delta.md>
+	 */
+	Delta = 2,
+	/**
+	 * The ratchet tree is identified by an external reference rather than included inline.
+	 */
+	ByRef = 3
+}
+/**
+ * A `GroupInfo` with associated metadata.
+ */
+export type GroupInfoBundle = {
+	/**
+	 * How the group info is encrypted.
+	 */
+	encryptionType: MlsGroupInfoEncryptionType;
+	/**
+	 * What kind of ratchet tree is used.
+	 */
+	ratchetTreeType: MlsRatchetTreeType;
+	/**
+	 * The group info payload.
+	 */
+	payload: Uint8Array;
+};
+/**
+ * Generated factory for {@link GroupInfoBundle} record objects.
+ */
+export declare const GroupInfoBundle: Readonly<{
+	create: (partial: Partial<GroupInfoBundle> & Required<Omit<GroupInfoBundle, never>>) => GroupInfoBundle;
+	new: (partial: Partial<GroupInfoBundle> & Required<Omit<GroupInfoBundle, never>>) => GroupInfoBundle;
+	defaults: () => Partial<GroupInfoBundle>;
+}>;
+/**
+ * Information returned when a commit is created.
+ */
+export type CommitBundle = {
+	/**
+	 * A welcome message, present when there are pending Add proposals.
+	 */
+	welcome?: WelcomeLike;
+	/**
+	 * The MLS commit message.
+	 */
+	commit: Uint8Array;
+	/**
+	 * The `GroupInfo` associated with this commit.
+	 */
+	groupInfo: GroupInfoBundle;
+	/**
+	 * An encrypted message to fan out to all other conversation members in the new epoch.
+	 */
+	encryptedMessage?: Uint8Array;
+};
+/**
+ * Generated factory for {@link CommitBundle} record objects.
+ */
+export declare const CommitBundle: Readonly<{
+	create: (partial: Partial<CommitBundle> & Required<Omit<CommitBundle, "welcome" | "encryptedMessage">>) => CommitBundle;
+	new: (partial: Partial<CommitBundle> & Required<Omit<CommitBundle, "welcome" | "encryptedMessage">>) => CommitBundle;
+	defaults: () => Partial<CommitBundle>;
+}>;
+/**
+ * A decrypted message and various associated metadata.
+ */
+export type DecryptedMessage = {
+	/**
+	 * Decrypted plaintext
+	 */
+	message?: Uint8Array;
+	/**
+	 * False if processing this message caused the client to be removed from the group, i.e. due to a Remove commit.
+	 */
+	isActive: boolean;
+	/**
+	 * Commit delay in seconds.
+	 *
+	 * When set, clients must delay this long before processing a commit.
+	 * This reduces load on the backend, which otherwise would receive epoch change notifications from all clients
+	 * simultaneously.
+	 */
+	commitDelay?: bigint;
+	/**
+	 * `ClientId` of the sender of the message being decrypted. Only present for application messages.
+	 */
+	senderClientId?: ClientIdLike;
+	/**
+	 * Identity claims present in the sender credential.
+	 */
+	identity: WireIdentity;
+	/**
+	 * Only set when the decrypted message is a commit.
+	 *
+	 * Contains buffered messages for next epoch which were received before the commit creating the epoch
+	 * because the DS did not fan them out in order.
+	 */
+	bufferedMessages?: Array<BufferedDecryptedMessage>;
+};
+/**
+ * Generated factory for {@link DecryptedMessage} record objects.
+ */
+export declare const DecryptedMessage: Readonly<{
+	create: (partial: Partial<DecryptedMessage> & Required<Omit<DecryptedMessage, "message" | "commitDelay" | "senderClientId" | "bufferedMessages">>) => DecryptedMessage;
+	new: (partial: Partial<DecryptedMessage> & Required<Omit<DecryptedMessage, "message" | "commitDelay" | "senderClientId" | "bufferedMessages">>) => DecryptedMessage;
+	defaults: () => Partial<DecryptedMessage>;
+}>;
+/**
+ * A `HistorySecret` encodes sufficient client state that it can be used to instantiate an
+ * ephemeral client.
+ */
+export type HistorySecret = {
+	/**
+	 * Client id of the associated history client.
+	 */
+	clientId: ClientIdLike;
+	/**
+	 * Opaque secret data sufficient to reconstruct a history client.
+	 */
+	data: Uint8Array;
+};
+/**
+ * Generated factory for {@link HistorySecret} record objects.
+ */
+export declare const HistorySecret: Readonly<{
+	create: (partial: Partial<HistorySecret> & Required<Omit<HistorySecret, never>>) => HistorySecret;
+	new: (partial: Partial<HistorySecret> & Required<Omit<HistorySecret, never>>) => HistorySecret;
+	defaults: () => Partial<HistorySecret>;
+}>;
+/**
+ * An HttpHeader used for PKI hooks.
+ */
+export type HttpHeader = {
+	/**
+	 * Header name
+	 */
+	name: string;
+	/**
+	 * Header value
+	 */
+	value: string;
+};
+/**
+ * Generated factory for {@link HttpHeader} record objects.
+ */
+export declare const HttpHeader: Readonly<{
+	create: (partial: Partial<HttpHeader> & Required<Omit<HttpHeader, never>>) => HttpHeader;
+	new: (partial: Partial<HttpHeader> & Required<Omit<HttpHeader, never>>) => HttpHeader;
+	defaults: () => Partial<HttpHeader>;
+}>;
+/**
+ * An HttpResponse used for PKI hooks.
+ */
+export type HttpResponse = {
+	/**
+	 * HTTP status code
+	 */
+	status: number;
+	/**
+	 * List of header fields
+	 */
+	headers: Array<HttpHeader>;
+	/**
+	 * HTTP body
+	 */
+	body: Uint8Array;
+};
+/**
+ * Generated factory for {@link HttpResponse} record objects.
+ */
+export declare const HttpResponse: Readonly<{
+	create: (partial: Partial<HttpResponse> & Required<Omit<HttpResponse, never>>) => HttpResponse;
+	new: (partial: Partial<HttpResponse> & Required<Omit<HttpResponse, never>>) => HttpResponse;
+	defaults: () => Partial<HttpResponse>;
+}>;
+/**
+ * Encapsulates a prekey id and a CBOR-serialized prekey.
+ */
+export type ProteusAutoPrekeyBundle = {
+	/**
+	 * Prekey id (automatically incremented)
+	 */
+	id: number;
+	/**
+	 * CBOR serialization of prekey
+	 */
+	pkb: Uint8Array;
+};
+/**
+ * Generated factory for {@link ProteusAutoPrekeyBundle} record objects.
+ */
+export declare const ProteusAutoPrekeyBundle: Readonly<{
+	create: (partial: Partial<ProteusAutoPrekeyBundle> & Required<Omit<ProteusAutoPrekeyBundle, never>>) => ProteusAutoPrekeyBundle;
+	new: (partial: Partial<ProteusAutoPrekeyBundle> & Required<Omit<ProteusAutoPrekeyBundle, never>>) => ProteusAutoPrekeyBundle;
+	defaults: () => Partial<ProteusAutoPrekeyBundle>;
+}>;
+/**
+ * MLS cipher suites
+ */
+export declare enum CipherSuite {
+	/**
+	 * DH KEM x25519 | AES-GCM 128 | SHA2-256 | Ed25519
+	 */
+	Mls128Dhkemx25519Aes128gcmSha256Ed25519 = 1,
+	/**
+	 * DH KEM P256 | AES-GCM 128 | SHA2-256 | EcDSA P256
+	 */
+	Mls128Dhkemp256Aes128gcmSha256P256 = 2,
+	/**
+	 * DH KEM x25519 | Chacha20Poly1305 | SHA2-256 | Ed25519
+	 */
+	Mls128Dhkemx25519Chacha20poly1305Sha256Ed25519 = 3,
+	/**
+	 * DH KEM x448 | AES-GCM 256 | SHA2-512 | Ed448
+	 */
+	Mls256Dhkemx448Aes256gcmSha512Ed448 = 4,
+	/**
+	 * DH KEM P521 | AES-GCM 256 | SHA2-512 | EcDSA P521
+	 */
+	Mls256Dhkemp521Aes256gcmSha512P521 = 5,
+	/**
+	 * DH KEM x448 | Chacha20Poly1305 | SHA2-512 | Ed448
+	 */
+	Mls256Dhkemx448Chacha20poly1305Sha512Ed448 = 6,
+	/**
+	 * DH KEM P384 | AES-GCM 256 | SHA2-384 | EcDSA P384
+	 */
+	Mls256Dhkemp384Aes256gcmSha384P384 = 7
+}
+/**
+ * Configuration for an X509 credential acquisition flow.
+ */
+export type X509CredentialAcquisitionConfiguration = {
+	/**
+	 * ACME directory URL.
+	 */
+	acmeDirectoryUrl: string;
+	/**
+	 * Ciphersuite of the acquired credential.
+	 */
+	cipherSuite: CipherSuite;
+	/**
+	 * User-visible display name.
+	 */
+	displayName: string;
+	/**
+	 * Wire client id for the device acquiring the credential.
+	 */
+	clientId: ClientIdLike;
+	/**
+	 * Wire handle without the domain suffix.
+	 */
+	handle: string;
+	/**
+	 * Wire domain.
+	 */
+	domain: string;
+	/**
+	 * Optional Wire team id.
+	 */
+	team?: string;
+	/**
+	 * Certificate validity period in seconds.
+	 */
+	validityPeriodSecs: bigint;
+};
+/**
+ * Generated factory for {@link X509CredentialAcquisitionConfiguration} record objects.
+ */
+export declare const X509CredentialAcquisitionConfiguration: Readonly<{
+	create: (partial: Partial<X509CredentialAcquisitionConfiguration> & Required<Omit<X509CredentialAcquisitionConfiguration, "team">>) => X509CredentialAcquisitionConfiguration;
+	new: (partial: Partial<X509CredentialAcquisitionConfiguration> & Required<Omit<X509CredentialAcquisitionConfiguration, "team">>) => X509CredentialAcquisitionConfiguration;
+	defaults: () => Partial<X509CredentialAcquisitionConfiguration>;
+}>;
+/**
+ * Defines the log level for CoreCrypto.
+ */
+export declare enum CoreCryptoLogLevel {
+	Off = 1,
+	Trace = 2,
+	Debug = 3,
+	Info = 4,
+	Warn = 5,
+	Error = 6
+}
+/**
+ * The end-to-end identity verification state of a conversation.
+ *
+ * Note: this does not check pending state (pending commit, pending proposals), so it does not
+ * consider members about to be added or removed.
+ */
+export declare enum E2eiConversationState {
+	/**
+	 * All clients have a valid E2EI certificate.
+	 */
+	Verified = 1,
+	/**
+	 * Some clients are either still using Basic credentials or their certificate has expired.
+	 */
+	NotVerified = 2,
+	/**
+	 * All clients are still using Basic credentials.
+	 *
+	 * Note: if all clients have expired certificates, `NotVerified` is returned instead.
+	 */
+	NotEnabled = 3
+}
+export declare enum EpochChangedReportingError_Tags {
+	Ffi = "Ffi"
+}
+/**
+ * An error returned by an `EpochObserver` callback implementation.
+ */
+export declare const EpochChangedReportingError: {
+	Ffi: {
+		new (message: string): {
+			readonly tag: EpochChangedReportingError_Tags.Ffi;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [uniffiTypeNameSymbol]: string;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [variantOrdinalSymbol]: 1;
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(e: any): e is {
+			readonly tag: EpochChangedReportingError_Tags.Ffi;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [uniffiTypeNameSymbol]: string;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [variantOrdinalSymbol]: 1;
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	instanceOf: (e: any) => e is EpochChangedReportingError;
+};
+/**
+ * An error returned by an `EpochObserver` callback implementation.
+ */
+export type EpochChangedReportingError = InstanceType<(typeof EpochChangedReportingError)["Ffi"]>;
+/**
+ * HttpMethod used for PKI hooks.
+ */
+export declare enum HttpMethod {
+	/**
+	 * GET
+	 */
+	Get = 0,
+	/**
+	 * POST
+	 */
+	Post = 1,
+	/**
+	 * PUT
+	 */
+	Put = 2,
+	/**
+	 * DELETE
+	 */
+	Delete = 3,
+	/**
+	 * PATCH
+	 */
+	Patch = 4,
+	/**
+	 * HEAD
+	 */
+	Head = 5
+}
+export declare enum LoggingError_Tags {
+	Ffi = "Ffi"
+}
+/**
+ * An error returned by a `CoreCryptoLogger` callback implementation.
+ */
+export declare const LoggingError: {
+	Ffi: {
+		new (message: string): {
+			readonly tag: LoggingError_Tags.Ffi;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [uniffiTypeNameSymbol]: string;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [variantOrdinalSymbol]: 1;
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(e: any): e is {
+			readonly tag: LoggingError_Tags.Ffi;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [uniffiTypeNameSymbol]: string;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [variantOrdinalSymbol]: 1;
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	instanceOf: (e: any) => e is LoggingError;
+};
+/**
+ * An error returned by a `CoreCryptoLogger` callback implementation.
+ */
+export type LoggingError = InstanceType<(typeof LoggingError)["Ffi"]>;
+declare enum MlsTransportError_Tags {
+	MessageRejected = "MessageRejected"
+}
+/**
+ * Errors returned by MLS transport callbacks exposed through FFI.
+ */
+export declare const MlsTransportError: Readonly<{
+	instanceOf: (obj: any) => obj is MlsTransportError;
+	MessageRejected: {
+		new (inner: {
+			reason: string;
+		}): {
+			readonly tag: MlsTransportError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsTransportError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			reason: string;
+		}): {
+			readonly tag: MlsTransportError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsTransportError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: MlsTransportError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsTransportError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: MlsTransportError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsTransportError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: MlsTransportError_Tags.MessageRejected;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "MlsTransportError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			reason: string;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+}>;
+/**
+ * Errors returned by MLS transport callbacks exposed through FFI.
+ */
+export type MlsTransportError = InstanceType<(typeof MlsTransportError)["MessageRejected"]>;
+declare enum NewHistoryClientReportingError_Tags {
+	Ffi = "Ffi"
+}
+/**
+ * An error returned by a `HistoryObserver` callback implementation.
+ */
+export declare const NewHistoryClientReportingError: {
+	Ffi: {
+		new (message: string): {
+			readonly tag: NewHistoryClientReportingError_Tags.Ffi;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [uniffiTypeNameSymbol]: string;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [variantOrdinalSymbol]: 1;
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(e: any): e is {
+			readonly tag: NewHistoryClientReportingError_Tags.Ffi;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [uniffiTypeNameSymbol]: string;
+			/**
+			 * @private
+			 * This field is private and should not be used.
+			 */
+			readonly [variantOrdinalSymbol]: 1;
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+	instanceOf: (e: any) => e is NewHistoryClientReportingError;
+};
+/**
+ * An error returned by a `HistoryObserver` callback implementation.
+ */
+export type NewHistoryClientReportingError = InstanceType<(typeof NewHistoryClientReportingError)["Ffi"]>;
+declare enum PkiEnvironmentHooksError_Tags {
+	Error = "Error"
+}
+/**
+ * An error returned by a `PkiEnvironmentHooks` callback implementation.
+ */
+export declare const PkiEnvironmentHooksError: Readonly<{
+	instanceOf: (obj: any) => obj is PkiEnvironmentHooksError;
+	Error: {
+		new (inner: {
+			reason: string;
+		}): {
+			readonly tag: PkiEnvironmentHooksError_Tags.Error;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "PkiEnvironmentHooksError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		"new"(inner: {
+			reason: string;
+		}): {
+			readonly tag: PkiEnvironmentHooksError_Tags.Error;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "PkiEnvironmentHooksError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		instanceOf(obj: any): obj is {
+			readonly tag: PkiEnvironmentHooksError_Tags.Error;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "PkiEnvironmentHooksError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		hasInner(obj: any): obj is {
+			readonly tag: PkiEnvironmentHooksError_Tags.Error;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "PkiEnvironmentHooksError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		};
+		getInner(obj: {
+			readonly tag: PkiEnvironmentHooksError_Tags.Error;
+			readonly inner: Readonly<{
+				reason: string;
+			}>;
+			/**
+			 * @private
+			 * This field is private and should not be used, use `tag` instead.
+			 */
+			readonly [uniffiTypeNameSymbol]: "PkiEnvironmentHooksError";
+			name: string;
+			message: string;
+			stack?: string;
+			cause?: unknown;
+		}): Readonly<{
+			reason: string;
+		}>;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		captureStackTrace(targetObject: object, constructorOpt?: Function): void;
+		prepareStackTrace(err: Error, stackTraces: NodeJS.CallSite[]): any;
+		stackTraceLimit: number;
+		isError(value: unknown): value is Error;
+	};
+}>;
+/**
+ * An error returned by a `PkiEnvironmentHooks` callback implementation.
+ */
+export type PkiEnvironmentHooksError = InstanceType<(typeof PkiEnvironmentHooksError)["Error"]>;
+/**
+ * Signature schemes supported by MLS, as defined in RFC 9420.
+ */
+export declare enum SignatureScheme {
+	/**
+	 * ECDSA with secp256r1 (P-256) and SHA-256
+	 */
+	EcdsaSecp256r1Sha256 = 1027,
+	/**
+	 * ECDSA with secp384r1 (P-384) and SHA-384
+	 */
+	EcdsaSecp384r1Sha384 = 1283,
+	/**
+	 * ECDSA with secp521r1 (P-521) and SHA-512
+	 */
+	EcdsaSecp521r1Sha512 = 1539,
+	/**
+	 * Deterministic EdDSA with Curve25519 (Ed25519)
+	 */
+	Ed25519 = 2055,
+	/**
+	 * Deterministic EdDSA with Curve448 (Ed448)
+	 */
+	Ed448 = 2056
+}
+/**
+ * Typealias from the type name used in the UDL file to the builtin type.  This
+ * is needed because the UDL type name is used in function/method signatures.
+ */
+export type MlsTransportData = Uint8Array;
+type ConversationIdLike = ConversationId;
+/**
+ * A unique identifier for a single conversation.
+ *
+ * The backend provides an opaque string identifying a new conversation.
+ * Construct an instance of this newtype to pass that identifier to Rust.
+ */
+export declare class ConversationId extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "ConversationId";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Infallibly instantiate an instance from a byte array.
+	 */
+	constructor(bytes: Uint8Array);
+	/**
+	 * Copy the wrapped data into a new byte array.
+	 */
+	copyBytes(): Uint8Array;
+	toString(): string;
+	toDebugString(): string;
+	equals(other: ConversationId): boolean;
+	hashCode(): bigint;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is ConversationId;
+}
+type KeyPackageRefLike = KeyPackageRef;
+/**
+ * A lightweight distinct reference to a `KeyPackage`, sufficient to uniquely identify it.
+ *
+ * This contains some metadata to assist in sorting and filtering refs without needing to perform the
+ * relatively heavy operation of converting to a full keypackage.
+ */
+export declare class KeyPackageRef extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "KeyPackageRef";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	private constructor();
+	/**
+	 * Get the cipher_suite associated with this key package ref.
+	 */
+	cipherSuite(): CipherSuite;
+	/**
+	 * Get the credential type associated with this key package ref.
+	 */
+	credentialType(): CredentialType;
+	/**
+	 * Get the bytes of the hash reference to a keypackage.
+	 */
+	hashRef(): Uint8Array;
+	/**
+	 * Returns true if this keypackage's lifetime has not expired, or if no lifetime is present.
+	 */
+	isValid(): boolean;
+	/**
+	 * Get the signature scheme associated with this key package ref.
+	 */
+	signatureScheme(): SignatureScheme;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is KeyPackageRef;
+}
+type KeyPackageLike = KeyPackage;
+/**
+ * A signed object describing a client's identity and capabilities.
+ *
+ * Includes a public key that can be used to encrypt to that client.
+ * Other clients can use a client's KeyPackage to introduce that client to a new group.
+ */
+export declare class KeyPackage extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "KeyPackage";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Construct a new `Keypackage` from a byte array.
+	 */
+	constructor(bytes: Uint8Array);
+	/**
+	 * Convert this to a reference.
+	 */
+	ref(): KeyPackageRefLike;
+	/**
+	 * Serialize this to a byte vector.
+	 */
+	serialize(): Uint8Array;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is KeyPackage;
+}
+type CredentialLike = Credential$1;
+/**
+ * A cryptographic credential.
+ *
+ * This is tied to a particular client via either its client id or certificate bundle,
+ * depending on its credential type, but is independent of any client instance or storage.
+ *
+ * To attach a credential to a client instance and store it, call `add_credential` on a `CoreCryptoContext`.
+ */
+declare class Credential$1 extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "Credential";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	private constructor();
+	/**
+	 * Generate a basic credential.
+	 *
+	 * The result is independent of any client instance and the database; it lives in memory only.
+	 */
+	static basic(cipherSuite: CipherSuite, clientId: ClientIdLike): CredentialLike;
+	/**
+	 * Get the earliest possible validity of this credential, expressed as seconds after the unix epoch.
+	 *
+	 * Basic credentials have no defined earliest validity and will always return 0.
+	 */
+	earliestValidity(): bigint;
+	/**
+	 * Export a PEM string containing the public portion of this credential.
+	 *
+	 * - Basic credentials export their public key.
+	 * - x509 credentials export the full certificate chain. This enables external tools such as `openssl` to validate
+	 * the certificate chain.
+	 */
+	exportPem(): string;
+	/**
+	 * Get the signature scheme of this credential.
+	 */
+	signatureScheme(): SignatureScheme;
+	/**
+	 * Get the type of this credential.
+	 */
+	type(): CredentialType;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is Credential$1;
+}
+type CredentialRefLike = CredentialRef;
+/**
+ * A compact reference to a credential that has been persisted in CoreCrypto.
+ *
+ * Credentials can be quite large; this type avoids passing them back and forth across the FFI
+ * boundary more than strictly required.
+ *
+ * Created by calling `add_credential` on a `CoreCryptoContext`.
+ *
+ * This reference is not a literal in-memory reference.
+ * It is instead the key from which a credential can be retrieved,
+ * and is stable over time and across the FFI boundary.
+ */
+export declare class CredentialRef extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "CredentialRef";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	private constructor();
+	/**
+	 * Get the cipher suite of this credential ref.
+	 */
+	cipherSuite(): CipherSuite;
+	/**
+	 * Get the client id associated with this credential ref.
+	 */
+	clientId(): ClientIdLike;
+	/**
+	 * Get the earliest possible validity of this credential, expressed as seconds after the unix epoch.
+	 *
+	 * Basic credentials have no defined earliest validity and will always return 0.
+	 */
+	earliestValidity(): bigint;
+	/**
+	 * Get the SHA256 hash of the public key associated with this credential ref.
+	 */
+	publicKeyHash(): Uint8Array;
+	/**
+	 * Get the signature scheme of this credential ref.
+	 */
+	signatureScheme(): SignatureScheme;
+	/**
+	 * Get the type of this credential ref.
+	 */
+	type(): CredentialType;
+	toDebugString(): string;
+	toString(): string;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is CredentialRef;
+}
+type ExternalSenderLike = ExternalSender;
+/**
+ * A RFC 9420 External Sender
+ *
+ * This can be used to initialize a subconversation.
+ */
+export declare class ExternalSender extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "ExternalSender";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	private constructor();
+	/**
+	 * Parse an external sender.
+	 *
+	 * This first attempts to parse this as a JWK per `parse_jwk`,
+	 * and falls back to `parse_public_key` if the former method fails.
+	 */
+	static parse(key: Uint8Array, signatureScheme: SignatureScheme): ExternalSenderLike;
+	/**
+	 * Parse an external sender given a JWK.
+	 *
+	 * This expects a raw json serialized JWK. It works with any Signature scheme.
+	 */
+	static parseJwk(jwk: Uint8Array): ExternalSenderLike;
+	/**
+	 * Parse an external sender given a raw public key.
+	 *
+	 * This supports the legacy behaviour where the server was providing the external sender public key
+	 * raw.
+	 */
+	static parsePublicKey(key: Uint8Array, signatureScheme: SignatureScheme): ExternalSenderLike;
+	/**
+	 * Serialize this external sender into a byte vector.
+	 *
+	 * This produces the public key and matches `parse_public_key`.
+	 */
+	serialize(): Uint8Array;
+	equals(other: ExternalSender): boolean;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is ExternalSender;
+}
+type SecretKeyLike = SecretKey;
+/**
+ * A secret key derived from the group secret.
+ *
+ * This is intended to be used for AVS.
+ */
+export declare class SecretKey extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "SecretKey";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Infallibly instantiate an instance from a byte array.
+	 */
+	constructor(bytes: Uint8Array);
+	/**
+	 * Copy the wrapped data into a new byte array.
+	 */
+	copyBytes(): Uint8Array;
+	toString(): string;
+	equals(other: SecretKey): boolean;
+	hashCode(): bigint;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is SecretKey;
+}
+type GroupInfoLike = GroupInfo;
+/**
+ * MLS Group Information
+ *
+ * This is used when joining by external commit.
+ * It can be found within the `GroupInfoBundle` within a `CommitBundle`.
+ */
+export declare class GroupInfo extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "GroupInfo";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Fallibly instantiate an instance from a TLS-serialized byte array.
+	 */
+	constructor(bytes: Uint8Array);
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is GroupInfo;
+}
+/**
+ * Used by CoreCrypto to send commits or application messages to the delivery service.
+ *
+ * This trait must be implemented before calling any functions that produce commits.
+ */
+export interface MlsTransport {
+	/**
+	 * Send a commit bundle to the corresponding endpoint.
+	 */
+	sendCommitBundle(commitBundle: CommitBundle, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Prepare a history secret before transmission.
+	 */
+	prepareForTransport(historySecret: HistorySecret, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<MlsTransportData>;
+}
+type CoreCryptoContextLike = CoreCryptoContext;
+declare class CoreCryptoContext extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "CoreCryptoContext";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * This is only needed to allow TS inheritance and should be hidden from library consumers.
+	 */
+	constructor(instance: CoreCryptoContextLike);
+	/**
+	 * Adds members to the conversation using their key packages, sending the resulting commit via the transport.
+	 */
+	addClientsToConversation(conversationId: ConversationIdLike, keyPackages: Array<KeyPackageLike>, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Adds a `Credential` to this client.
+	 *
+	 * Note that while an arbitrary number of credentials can be generated,
+	 * those which are added to a CoreCrypto instance must be distinct in credential type,
+	 * signature scheme, and the timestamp of creation. This timestamp has only
+	 * 1 second of resolution, limiting the number of credentials which
+	 * can be added. This is a known limitation and will be relaxed in the future.
+	 */
+	addCredential(credential: CredentialLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<CredentialRefLike>;
+	/**
+	 * Check all X509 credentials for expiration and revocation
+	 *
+	 * This function must be called at least once every 24 hours. It is recommended to do this during an idle period,
+	 * because in case x509 credentials are used, HTTP requests are done to fetch new certificate revocation lists.
+	 */
+	checkCredentials(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Commits all pending proposals in the conversation, sending the resulting commit via the transport.
+	 */
+	commitPendingProposals(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Returns the cipher suite in use for the given conversation.
+	 */
+	conversationCipherSuite(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<CipherSuite>;
+	/**
+	 * Get the credential ref for the given conversation.
+	 */
+	conversationCredential(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<CredentialRefLike>;
+	/**
+	 * Returns the current MLS epoch of the given conversation.
+	 */
+	conversationEpoch(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<bigint>;
+	/**
+	 * Returns true if a conversation with the given id exists in the local state.
+	 */
+	conversationExists(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Creates a new MLS group with the given conversation ID, using the specified credential.
+	 */
+	createConversation(conversationId: ConversationIdLike, credentialRef: CredentialRefLike, externalSender?: ExternalSenderLike | undefined, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Decrypts an MLS message received in the given conversation.
+	 * **Note**: this will discard any local pending operations.
+	 */
+	decryptMessage(conversationId: ConversationIdLike, payload: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<DecryptedMessage>;
+	/**
+	 * Disables history sharing for the given conversation.
+	 */
+	disableHistorySharing(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Returns the end-to-end identity verification state of the given conversation.
+	 */
+	e2eiConversationState(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<E2eiConversationState>;
+	/**
+	 * Returns true if end-to-end identity is enabled for the given cipher_suite.
+	 */
+	e2eiIsEnabled(cipherSuite: CipherSuite, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Enables history sharing for the given conversation.
+	 */
+	enableHistorySharing(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Encrypts a plaintext message for all members of the given conversation.
+	 */
+	encryptMessage(conversationId: ConversationIdLike, message: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Derives and exports a secret of `key_length` bytes for the given conversation.
+	 *
+	 * The secret is derived from the MLS key schedule's exporter mechanism (RFC 9420 §8.5),
+	 * which produces output bound to the current group state and epoch. The exported value
+	 * changes whenever the epoch advances.
+	 */
+	exportSecretKey(conversationId: ConversationIdLike, keyLength: number, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<SecretKeyLike>;
+	/**
+	 * Generate a `KeyPackage` from the referenced credential.
+	 *
+	 * Makes no attempt to look up or prune existing keypackages.
+	 *
+	 * If `lifetime` is set, the keypackages will expire that span into the future.
+	 * If it is unset, a default lifetime of approximately 3 months is used.
+	 */
+	generateKeyPackage(credentialRef: CredentialRefLike, lifetime?: number | undefined, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<KeyPackageLike>;
+	/**
+	 * Returns the client ids of all members of the given conversation.
+	 */
+	getClientIds(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Array<ClientIdLike>>;
+	/**
+	 * Returns data previously stored by `set_data`, or `None` if no data has been stored.
+	 */
+	getData(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array | undefined>;
+	/**
+	 * Returns the E2EI identity claims for the specified devices in the given conversation.
+	 */
+	getDeviceIdentities(conversationId: ConversationIdLike, deviceIds: Array<ClientIdLike>, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Array<WireIdentity>>;
+	/**
+	 * Returns the serialized public key of the external sender for the given conversation.
+	 */
+	getExternalSender(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<ExternalSenderLike>;
+	/**
+	 * Get a reference to each `KeyPackage` in the database.
+	 */
+	getKeyPackages(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Array<KeyPackageRefLike>>;
+	/**
+	 * Returns the E2EI identity claims for the specified users in the given conversation, grouped by user ID.
+	 */
+	getUserIdentities(conversationId: ConversationIdLike, userIds: Array<UuidLike>, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Map<UuidLike, Array<WireIdentity>>>;
+	/**
+	 * Joins an existing conversation by constructing an external commit from the given group info.
+	 */
+	joinByExternalCommit(groupInfo: GroupInfoLike, credentialRef: CredentialRefLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<ConversationIdLike>;
+	/**
+	 * Initializes the MLS client with the given client ID and message transport.
+	 *
+	 * In general this method should be called at most once per core-crypto instance.
+	 * Calling it multiple times with the same parameters should silently succeed, but this is not
+	 * a supported or tested mode of operation.
+	 * Calling it multiple times with varying parameters might succeed, but this is not a supported or tested mode of
+	 * operation.
+	 */
+	mlsInit(clientId: ClientIdLike, transport: MlsTransport, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Joins a conversation by processing an MLS Welcome message, returning the new conversation's ID.
+	 */
+	processWelcomeMessage(welcomeMessage: WelcomeLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<ConversationIdLike>;
+	/**
+	 * Decrypts a Proteus ciphertext in the given session, returning the plaintext.
+	 */
+	proteusDecrypt(sessionId: string, ciphertext: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Decrypt a message whether or not the proteus session already exists, and saves the session.
+	 *
+	 * This is intended to replace simple usages of `proteusDecrypt`.
+	 *
+	 * However, when decrypting large numbers of messages in a single session, the existing methods
+	 * may be more efficient.
+	 */
+	proteusDecryptSafe(sessionId: string, ciphertext: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Encrypts a plaintext message in the given Proteus session.
+	 */
+	proteusEncrypt(sessionId: string, plaintext: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Encrypts a plaintext message in multiple Proteus sessions, returning a map from session ID to ciphertext.
+	 */
+	proteusEncryptBatched(sessions: Array<string>, plaintext: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Map<string, Uint8Array>>;
+	/**
+	 * Returns the hex-encoded public key fingerprint of this device's Proteus identity.
+	 */
+	proteusFingerprint(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Returns the hex-encoded local public key fingerprint for the Proteus session with the given ID.
+	 */
+	proteusFingerprintLocal(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Returns the hex-encoded remote public key fingerprint for the Proteus session with the given ID.
+	 */
+	proteusFingerprintRemote(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Initializes the Proteus client.
+	 *
+	 * In general this method should be called at most once per core-crypto instance.
+	 * Calling it multiple times with the same parameters should silently succeed, but this is not
+	 * a supported or tested mode of operation.
+	 * Calling it multiple times with varying parameters might succeed, but this is not a supported or tested mode of
+	 * operation.
+	 */
+	proteusInit(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Returns the CBOR-serialized last resort prekey bundle, creating it if it does not yet exist.
+	 */
+	proteusLastResortPrekey(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Creates a new Proteus prekey with the given ID and returns its CBOR-serialized bundle.
+	 *
+	 * Warning: the Proteus client must be initialized with `proteus_init` first or an error will be returned.
+	 */
+	proteusNewPrekey(prekeyId: number, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Creates a new Proteus prekey with an automatically assigned ID and returns its CBOR-serialized bundle.
+	 *
+	 * Warning: the Proteus client must be initialized with `proteus_init` first or an error will be returned.
+	 */
+	proteusNewPrekeyAuto(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<ProteusAutoPrekeyBundle>;
+	/**
+	 * Deletes the Proteus session with the given ID from local storage.
+	 */
+	proteusSessionDelete(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Returns true if a Proteus session with the given ID exists in local storage.
+	 */
+	proteusSessionExists(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Creates a new Proteus session from an incoming encrypted message, returning the decrypted message payload.
+	 */
+	proteusSessionFromMessage(sessionId: string, envelope: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Creates a new Proteus session from the given prekey bundle bytes, stored under the given session ID.
+	 */
+	proteusSessionFromPrekey(sessionId: string, prekey: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Saves the Proteus session with the given ID to the keystore.
+	 *
+	 * Note: this is not usually needed, as sessions are persisted automatically when
+	 * decrypting or encrypting messages and when initializing sessions.
+	 */
+	proteusSessionSave(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Generates `len` random bytes from the cryptographically secure RNG.
+	 */
+	randomBytes(len: number, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Removes the specified clients from the conversation, sending the resulting commit via the transport.
+	 */
+	removeClientsFromConversation(conversationId: ConversationIdLike, clients: Array<ClientIdLike>, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Removes a `Credential` from this client.
+	 */
+	removeCredential(credentialRef: CredentialRefLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Remove a `KeyPackage` from the database.
+	 */
+	removeKeyPackage(kpRef: KeyPackageRefLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Remove all `KeyPackage`s associated with this credential ref.
+	 */
+	removeKeyPackagesFor(credentialRef: CredentialRefLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Set the credential ref for the given conversation.
+	 */
+	setConversationCredential(conversationId: ConversationIdLike, credentialRef: CredentialRefLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Stores arbitrary data to be used as a transaction checkpoint.
+	 *
+	 * The stored data can be retrieved via `get_data`. Keep the data size reasonable;
+	 * this is not a general-purpose key-value store.
+	 */
+	setData(data: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Updates this client's key material in the conversation by sending an update commit.
+	 */
+	updateKeyingMaterial(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Destroys the local state of the given conversation; it can no longer be used locally after this call.
+	 */
+	wipeConversation(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is CoreCryptoContext;
+}
+interface CoreCryptoCommand {
+	/**
+	 * Will be called inside a transaction in CoreCrypto
+	 */
+	execute(context: CoreCryptoContextLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+}
+type PkiEnvironmentLike = PkiEnvironment;
+/**
+ * The PKI environment used for certificate management during X509 credential acquisition.
+ */
+export declare class PkiEnvironment extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "PkiEnvironment";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	private constructor();
+	/**
+	 * Create a new PKI environment.
+	 */
+	static create(hooks: PkiEnvironmentHooks, database: DatabaseLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<PkiEnvironmentLike>;
+	/**
+	 * Add a PEM-encoded certificate as an intermediate certificate.
+	 */
+	addIntermediateCert(certPem: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Add a PEM-encoded certificate as a trust anchor.
+	 *
+	 * NOTE: currently we only support storing a single trust anchor, calling this method multiple
+	 * times will overwrite any previously added trust anchor.
+	 */
+	addTrustAnchor(certPem: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is PkiEnvironment;
+}
+/**
+ * An `EpochObserver` is notified whenever a conversation's epoch changes.
+ */
+export interface EpochObserver {
+	/**
+	 * This function will be called every time a conversation's epoch changes.
+	 *
+	 * The `epoch` parameter contains the new epoch number.
+	 *
+	 * Warning: this function must not block. Foreign implementors can spawn a task,
+	 * send on a channel, or take any other non-blocking approach, as long as the
+	 * operation completes quickly.
+	 *
+	 * Though the signature includes an error type, that error is only present because
+	 * it is required by `uniffi` in order to handle panics. This function should suppress
+	 * and ignore internal errors instead of propagating them, to the maximum extent possible.
+	 */
+	epochChanged(conversationId: ConversationIdLike, epoch: bigint, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+}
+/**
+ * A `HistoryObserver` is notified whenever a new history client is created.
+ */
+export interface HistoryObserver {
+	/**
+	 * This function will be called every time a new history client is created.
+	 *
+	 * The `secret` parameter is the secret associated with the new history client.
+	 *
+	 * Warning: this function must not block. Foreign implementors can spawn a task,
+	 * send on a channel, or take any other non-blocking approach, as long as the
+	 * operation completes quickly.
+	 *
+	 * Though the signature includes an error type, that error is only present because
+	 * it is required by `uniffi` in order to handle panics. This function should suppress
+	 * and ignore internal errors instead of propagating them, to the maximum extent possible.
+	 */
+	historyClientCreated(conversationId: ConversationIdLike, secret: HistorySecret, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+}
+type CoreCryptoFfiLike = CoreCryptoFfi;
+declare class CoreCryptoFfi extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "CoreCryptoFfi";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * This is only needed to allow TS inheritance and should be hidden from library consumers.
+	 */
+	constructor(instance: CoreCryptoFfiLike);
+	/**
+	 * Returns the cipher_suite in use for the given conversation.
+	 */
+	conversationCipherSuite(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<CipherSuite>;
+	/**
+	 * Get the credential ref for the given conversation.
+	 */
+	conversationCredential(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<CredentialRefLike>;
+	/**
+	 * Returns the current MLS epoch of the given conversation.
+	 */
+	conversationEpoch(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<bigint>;
+	/**
+	 * Returns true if a conversation with the given id exists in the local state.
+	 */
+	conversationExists(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Returns the end-to-end identity verification state of the given conversation.
+	 */
+	e2eiConversationState(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<E2eiConversationState>;
+	/**
+	 * Returns true if end-to-end identity is enabled for the given cipher_suite.
+	 */
+	e2eiIsEnabled(cipherSuite: CipherSuite, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Returns true if the PKI environment has been set up and its provider is configured.
+	 */
+	e2eiIsPkiEnvSetup(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Derives and exports a secret of `key_length` bytes for the given conversation.
+	 *
+	 * The secret is derived from the MLS key schedule's exporter mechanism (RFC 9420 §8.5),
+	 * which produces output bound to the current group state and epoch. The exported value
+	 * changes whenever the epoch advances.
+	 */
+	exportSecretKey(conversationId: ConversationIdLike, keyLength: number, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<SecretKeyLike>;
+	/**
+	 * Get all credentials from this client which match the provided parameters.
+	 *
+	 * Parameters which are unset or `None` match anything. Those with a particular value find only credentials
+	 * matching that value.
+	 */
+	findCredentialsFfi(clientId?: ClientIdLike | undefined, publicKey?: Uint8Array | undefined, cipherSuite?: CipherSuite | undefined, credentialType?: CredentialType | undefined, earliestValidity?: bigint | undefined, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Array<CredentialRefLike>>;
+	/**
+	 * Returns the client ids of all members of the given conversation.
+	 */
+	getClientIds(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Array<ClientIdLike>>;
+	/**
+	 * Get all credentials from this client.
+	 */
+	getCredentials(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Array<CredentialRefLike>>;
+	/**
+	 * Returns the E2EI identity claims for the specified devices in the given conversation.
+	 */
+	getDeviceIdentities(conversationId: ConversationIdLike, deviceIds: Array<ClientIdLike>, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Array<WireIdentity>>;
+	/**
+	 * Returns the external sender for the given conversation.
+	 */
+	getExternalSender(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<ExternalSenderLike>;
+	/**
+	 * Get the PKI environment of the CoreCrypto instance.
+	 *
+	 * Returns null if it is not set.
+	 */
+	getPkiEnvironment(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<PkiEnvironmentLike | undefined>;
+	/**
+	 * Returns the E2EI identity claims for the specified users in the given conversation, grouped by user ID.
+	 */
+	getUserIdentities(conversationId: ConversationIdLike, userIds: Array<UuidLike>, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Map<UuidLike, Array<WireIdentity>>>;
+	/**
+	 * Returns true if history sharing is currently enabled for the given conversation.
+	 */
+	isHistorySharingEnabled(conversationId: ConversationIdLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Returns the hex-encoded public key fingerprint of this device's Proteus identity.
+	 */
+	proteusFingerprint(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Returns the hex-encoded local public key fingerprint for the Proteus session with the given ID.
+	 */
+	proteusFingerprintLocal(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Returns the hex-encoded remote public key fingerprint for the Proteus session with the given ID.
+	 */
+	proteusFingerprintRemote(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Returns true if a Proteus session with the given ID exists in local storage.
+	 */
+	proteusSessionExists(sessionId: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<boolean>;
+	/**
+	 * Get the public key associated with this credential
+	 */
+	publicKey(credentialRef: CredentialRefLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Generate `len` random bytes from the MLS session's cryptographically secure RNG.
+	 */
+	randomBytes(len: number, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<Uint8Array>;
+	/**
+	 * Add an epoch observer to this client.
+	 *
+	 * This function should be called 0 or 1 times in a session's lifetime. If called
+	 * when an epoch observer already exists, this will return an error.
+	 */
+	registerEpochObserver(epochObserver: EpochObserver, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Add a history observer to this client.
+	 *
+	 * This function should be called 0 or 1 times in a session's lifetime. If called
+	 * when a history observer already exists, this will return an error.
+	 */
+	registerHistoryObserver(historyObserver: HistoryObserver, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Re-seed the MLS session's CSPRNG with the provided entropy seed.
+	 */
+	reseed(seed: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Set the PKI environment of the CoreCrypto instance.
+	 */
+	setPkiEnvironment(pkiEnvironment: PkiEnvironmentLike | undefined, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Starts a new transaction in Core Crypto. If the callback succeeds, it will be committed,
+	 * otherwise, every operation performed with the context will be discarded.
+	 *
+	 * When calling this function from within Rust, async functions accepting a context
+	 * implement `CoreCryptoCommand`, so operations can be defined inline as follows:
+	 *
+	 * ```ignore
+	 * core_crypto.transaction(Arc::new(async |context| {
+	 * // your implementation here
+	 * Ok(())
+	 * }))?;
+	 * ```
+	 */
+	transactionFfi(command: CoreCryptoCommand, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is CoreCryptoFfi;
+}
+/**
+ * A callback interface for forwarding CoreCrypto log messages to the platform's logging system.
+ */
+export interface CoreCryptoLogger {
+	/**
+	 * CoreCrypto will call this method whenever it needs to log a message.
+	 *
+	 * This function catches panics and other unexpected errors. In those cases, it writes to `stderr`.
+	 */
+	log(level: CoreCryptoLogLevel, message: string, context: string | undefined): void;
+}
+type DatabaseKeyLike = DatabaseKey;
+/**
+ * A unique identifier for an MLS client.
+ *
+ * Each app instance a user is running, such as desktop or mobile, is a separate client
+ * with its own client id. A single user may therefore have multiple clients.
+ * More information: <https://messaginglayersecurity.rocks/mls-architecture/draft-ietf-mls-architecture.html#name-group-members-and-clients>
+ */
+export declare class DatabaseKey extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "DatabaseKey";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Fallibly instantiate an instance from a byte array.
+	 */
+	constructor(bytes: Uint8Array);
+	toDebugString(): string;
+	toString(): string;
+	equals(other: DatabaseKey): boolean;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is DatabaseKey;
+}
+type DatabaseLike = Database;
+/**
+ * The database acting as a core crypto keystore.
+ */
+export declare class Database extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "Database";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	private constructor();
+	/**
+	 * Create an in-memory database whose data will be lost when the instance is dropped.
+	 */
+	static inMemory(key: DatabaseKeyLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<DatabaseLike>;
+	/**
+	 * Open or create a database.
+	 */
+	static open(location: string, key: DatabaseKeyLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<DatabaseLike>;
+	/**
+	 * Close the database.
+	 *
+	 * Closing the database makes any `PkiEnvironment` and `CoreCrypto` instance created with it unusable.
+	 */
+	close(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	/**
+	 * Get the location of the database.
+	 *
+	 * Returns null if the database is in-memory.
+	 */
+	getLocation(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string | undefined>;
+	/**
+	 * Updates the key of the database.
+	 *
+	 * This reencrypts it with the new key.
+	 */
+	updateKey(key: DatabaseKeyLike, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<void>;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is Database;
+}
+/**
+ * Callbacks for external calls made by CoreCrypto during X509 credential acquisition.
+ *
+ * When communicating with the Identity Provider (IDP) and Wire server,
+ * CoreCrypto delegates to the client app by calling the relevant methods.
+ *
+ * Client App                 CoreCrypto                     Acme                     IDP
+ * |                           |                          |                        |
+ * | X509CredentialAcquisition().finalize()               |                        |
+ * |-------------------------->|                          |                        |
+ * |                           | GET acme/root.pem        |                        |
+ * |                           |------------------------> |                        |
+ * |                           | 200 OK                   |                        |
+ * |                           |<------------------------ |                        |
+ * | authenticate()            |                          |                        |
+ * |<--------------------------|                          |                        |
+ * |                           | Authentication flow      |                        |
+ * | ----------------------------------------------------------------------------> |
+ * |<----------------------------------------------------------------------------- |
+ * | return Success [PKiEnvironmentHooks.authenticate()]  |                        |
+ * |<--------------------------|                          |                        |
+ * |                           |  (excluded several calls for brevity)             |
+ * | return Success(Credential) [X509CredentialAcquisition().finalize()]           |
+ * |<--------------------------|                          |                        |
+ */
+export interface PkiEnvironmentHooks {
+	/**
+	 * Make an HTTP request.
+	 *
+	 * Used for requests to ACME servers, CRL distributors, etc.
+	 */
+	httpRequest(method: HttpMethod, url: string, headers: Array<HttpHeader>, body: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<HttpResponse>;
+	/**
+	 * Authenticate with the user's identity provider (IdP)
+	 *
+	 * The implementation should perform authentication using the authorization code flow
+	 * (<https://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth>) with the PKCE
+	 * (<https://www.rfc-editor.org/rfc/rfc7636>) extension. As part of the authorization
+	 * request, the implementation should specify `key_auth` and `acme_aud` claims, along with
+	 * their values, in the `claims` parameter. This is to instruct the IdP to add the `key_auth`
+	 * and `acme_aud` claims to the ID token that will be returned as part of the access token.
+	 *
+	 * Once the authentication is completed successfully, the implementation should request
+	 * an access token from the IdP, extract the ID token from it and return it to the caller.
+	 */
+	authenticate(idp: string, keyAuth: string, acmeAud: string, acquisitionSnapshot: Uint8Array, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Get a nonce from the backend.
+	 */
+	getBackendNonce(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+	/**
+	 * Fetch an access token to be used for the DPoP challenge (`wire-dpop-01`)
+	 *
+	 * The implementation should take the provided DPoP token (`dpop`) and make a request to the
+	 * backend to obtain an access token, which should be returned to the caller.
+	 */
+	fetchBackendAccessToken(dpop: string, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<string>;
+}
+type X509CredentialAcquisitionLike = X509CredentialAcquisition;
+declare class X509CredentialAcquisition extends UniffiAbstractObject {
+	readonly [uniffiTypeNameSymbol] = "X509CredentialAcquisition";
+	readonly [destructorGuardSymbol]: UniffiGcObject;
+	readonly [pointerLiteralSymbol]: UniffiHandle;
+	/**
+	 * Create a new credential acquisition
+	 */
+	constructor(pkiEnvironment: PkiEnvironmentLike, config: X509CredentialAcquisitionConfiguration);
+	/**
+	 * Deserialize a credential acquisition flow.
+	 */
+	static fromBytes(pkiEnvironment: PkiEnvironmentLike, bytes: Uint8Array): X509CredentialAcquisitionLike;
+	/**
+	 * Create a new credential acquisition from an existing credential. This API is temporary until our system
+	 * decouples client identities from a client's public signature key.
+	 * See <https://wearezeta.atlassian.net/wiki/x/RABtrQ>.
+	 *
+	 * Provide `core_crypto_database` if you're using distinct DB instances for `PkiEnvironment` and `CoreCrypto`.
+	 * Otherwise, the `PkiEnvironment`'s DB will be used to load the full credential.
+	 */
+	static newFromCredentialRef(pkiEnvironment: PkiEnvironmentLike, config: X509CredentialAcquisitionConfiguration, credentialRef: CredentialRefLike, coreCryptoDatabase: DatabaseLike | undefined, asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<X509CredentialAcquisitionLike>;
+	/**
+	 * Complete the DPoP and OIDC challenges and return the acquired X509 credential.
+	 */
+	finalize(asyncOpts_?: {
+		signal: AbortSignal;
+	}): Promise<CredentialLike>;
+	uniffiDestroy(): void;
+	static instanceOf(obj_: any): obj_ is X509CredentialAcquisition;
+}
+declare class CoreCryptoContext$1 extends CoreCryptoContext {
+}
+export interface CredentialFindFilters {
+	clientId?: ClientId;
+	publicKey?: Uint8Array;
+	cipherSuite?: CipherSuite;
+	credentialType?: CredentialType;
+	earliestValidity?: bigint;
+}
+/**
+ * Wrapper for the WASM-compiled version of CoreCrypto
+ */
+export declare class CoreCrypto extends CoreCryptoFfi {
+	private constructor();
+	/**
+	 * Construct a new {@link CoreCrypto} instance.
+	 * MLS or proteus can be initialized  with {@link CoreCryptoContext.mlsInit} or
+	 * {@link CoreCryptoContext.proteusInit}, respectively.
+	 */
+	static new(database: Database): CoreCrypto;
+	/**
+	 * Instantiate a history client.
+	 *
+	 * This client exposes the full interface of {@link CoreCrypto}, but it should only be used to decrypt messages.
+	 * Other use is a logic error.
+	 */
+	static historyClient(historySecret: HistorySecret): Promise<CoreCrypto>;
+	/**
+	 * Starts a new transaction in Core Crypto. If the callback succeeds, it will be committed,
+	 * otherwise, every operation performed with the context will be discarded.
+	 *
+	 * @param callback - The callback to execute within the transaction
+	 *
+	 * @returns the result of the callback will be returned from this call
+	 */
+	transaction<R>(callback: (ctx: CoreCryptoContext$1) => Promise<R>): Promise<R>;
+	/**
+	 * Get those credentials known to this instance which match the provided filters
+	 *
+	 * @param findFilters a set of filters defining which credentials are of interest.
+	 */
+	findCredentials(findFilters: CredentialFindFilters): Promise<CredentialRef[]>;
+}
+declare class X509CredentialAcquisition$1 extends X509CredentialAcquisition {
+	/**
+	 * Create a new credential acquisition from an existing credential.
+	 * This API is temporary until our system decouples client identities from a client's public signature key.
+	 * See <https://wearezeta.atlassian.net/wiki/x/RABtrQ>.
+	 *
+	 * Provide `coreCryptoDatabase` if you're using distinct DB instances for `PkiEnvironment` and `CoreCrypto`.
+	 * Otherwise, the `PkiEnvironment`'s DB will be used to load the full credential.
+	 */
+	static newFromCredentialRef(pkiEnvironment: PkiEnvironmentLike, config: X509CredentialAcquisitionConfiguration, credentialRef: CredentialRefLike, coreCryptoDatabase?: DatabaseLike): Promise<X509CredentialAcquisition$1>;
+}
+/**
+ * Initialises the wasm module necessary for running core crypto.
+ *
+ * @param location path where the wasm module is located.
+ *   If omitted the module is assumed be located at the root of the core crypto module.
+ */
+export declare function initWasmModule(location?: string | undefined): Promise<void>;
+export {
+	CoreCryptoContext$1 as CoreCryptoContext,
+	Credential$1 as Credential,
+	MlsGroupInfoEncryptionType as GroupInfoEncryptionType,
+	MlsRatchetTreeType as RatchetTreeType,
+	X509CredentialAcquisition$1 as X509CredentialAcquisition,
+	proteusLastResortPrekeyIdFfi as proteusLastResortPrekeyId,
+};
+export {};