effect 4.0.0-beta.44 → 4.0.0-beta.46

package/src/unstable/eventlog/EventLogRemote.ts

@@ -1,22 +1,35 @@
 /**
  * @since 4.0.0
  */
+import * as Cache from "../../Cache.ts"
 import * as Context from "../../Context.ts"
 import * as Data from "../../Data.ts"
-import * as Deferred from "../../Deferred.ts"
 import * as Effect from "../../Effect.ts"
-import * as Exit from "../../Exit.ts"
 import * as Layer from "../../Layer.ts"
+import * as Predicate from "../../Predicate.ts"
 import * as Queue from "../../Queue.ts"
-import * as RcMap from "../../RcMap.ts"
-import * as Schedule from "../../Schedule.ts"
-import * as Schema from "../../Schema.ts"
+import * as Redacted from "../../Redacted.ts"
+import type * as Schema from "../../Schema.ts"
 import type * as Scope from "../../Scope.ts"
-import * as Msgpack from "../encoding/Msgpack.ts"
-import * as Socket from "../socket/Socket.ts"
-import { type Entry, EntryId, RemoteEntry, RemoteId } from "./EventJournal.ts"
-import type { Identity } from "./EventLog.ts"
-import { EncryptedEntry, EncryptedRemoteEntry, EventLogEncryption, layerSubtle } from "./EventLogEncryption.ts"
+import * as RpcClient from "../rpc/RpcClient.ts"
+import type { RpcClientError } from "../rpc/RpcClientError.ts"
+import type * as RpcGroup from "../rpc/RpcGroup.ts"
+import type { Entry, RemoteEntry, RemoteId } from "./EventJournal.ts"
+import { type Identity, Registry } from "./EventLog.ts"
+import { EventLogEncryption, layerSubtle } from "./EventLogEncryption.ts"
+import {
+  Authenticate,
+  ChangesRpc,
+  ChunkedMessage,
+  type EventLogProtocolError,
+  EventLogRemoteRpcs,
+  type HelloResponse,
+  type StoreId,
+  WriteEntries,
+  WriteEntriesUnencrypted
+} from "./EventLogMessage.ts"
+import { encodeSessionAuthPayload, signSessionAuthPayloadBytes } from "./EventLogSessionAuth.ts"
+import { makeGetIdentityRootSecretMaterial } from "./internal/identityRootSecretDerivation.ts"
 
 /**
  * @since 4.0.0
@@ -24,217 +37,21 @@ import { EncryptedEntry, EncryptedRemoteEntry, EventLogEncryption, layerSubtle }
  */
 export class EventLogRemote extends Context.Service<EventLogRemote, {
   readonly id: RemoteId
-  readonly changes: (
-    identity: Identity["Service"],
-    startSequence: number
-  ) => Effect.Effect<Queue.Dequeue<RemoteEntry>, never, Scope.Scope>
-  readonly write: (identity: Identity["Service"], entries: ReadonlyArray<Entry>) => Effect.Effect<void>
+  readonly changes: (options: {
+    readonly identity: Identity["Service"]
+    readonly storeId: StoreId
+    readonly startSequence: number
+  }) => Effect.Effect<Queue.Dequeue<RemoteEntry, EventLogRemoteError>, never, Scope.Scope>
+  readonly write: (options: {
+    readonly identity: Identity["Service"]
+    readonly storeId: StoreId
+    readonly entries: ReadonlyArray<Entry>
+  }) => Effect.Effect<void, EventLogRemoteError>
+  readonly whenAuthenticated: <A, E, R>(
+    effect: Effect.Effect<A, E, R>
+  ) => Effect.Effect<A, E | EventLogRemoteError, R | Identity>
 }>()("effect/eventlog/EventLogRemote") {}
 
-/**
- * @since 4.0.0
- * @category protocol
- */
-export class Hello extends Schema.Class<Hello>("effect/eventlog/EventLogRemote/Hello")({
-  _tag: Schema.tag("Hello"),
-  remoteId: RemoteId
-}) {}
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export class ChunkedMessage extends Schema.Class<ChunkedMessage>("effect/eventlog/EventLogRemote/ChunkedMessage")({
-  _tag: Schema.tag("ChunkedMessage"),
-  id: Schema.Number,
-  part: Schema.Tuple([Schema.Number, Schema.Number]),
-  data: Schema.Uint8Array
-}) {
-  /**
-   * @since 4.0.0
-   */
-  static split(id: number, data: Uint8Array): ReadonlyArray<ChunkedMessage> {
-    const parts = Math.ceil(data.byteLength / constChunkSize)
-    const result: Array<ChunkedMessage> = new Array(parts)
-    for (let i = 0; i < parts; i++) {
-      const start = i * constChunkSize
-      const end = Math.min((i + 1) * constChunkSize, data.byteLength)
-      result[i] = new ChunkedMessage({
-        _tag: "ChunkedMessage",
-        id,
-        part: [i, parts],
-        data: data.subarray(start, end)
-      })
-    }
-    return result
-  }
-
-  /**
-   * @since 4.0.0
-   */
-  static join(
-    map: Map<number, {
-      readonly parts: Array<Uint8Array>
-      count: number
-      bytes: number
-    }>,
-    part: ChunkedMessage
-  ): Uint8Array | undefined {
-    const [index, total] = part.part
-    let entry = map.get(part.id)
-    if (!entry) {
-      entry = {
-        parts: new Array(total),
-        count: 0,
-        bytes: 0
-      }
-      map.set(part.id, entry)
-    }
-    entry.parts[index] = part.data
-    entry.count++
-    entry.bytes += part.data.byteLength
-    if (entry.count !== total) {
-      return
-    }
-    const data = new Uint8Array(entry.bytes)
-    let offset = 0
-    for (const part of entry.parts) {
-      data.set(part, offset)
-      offset += part.byteLength
-    }
-    map.delete(part.id)
-    return data
-  }
-}
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export class WriteEntries extends Schema.Class<WriteEntries>("effect/eventlog/EventLogRemote/WriteEntries")({
-  _tag: Schema.tag("WriteEntries"),
-  publicKey: Schema.String,
-  id: Schema.Number,
-  iv: Schema.Uint8Array,
-  encryptedEntries: Schema.Array(EncryptedEntry)
-}) {}
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export class Ack extends Schema.Class<Ack>("effect/eventlog/EventLogRemote/Ack")({
-  _tag: Schema.tag("Ack"),
-  id: Schema.Number,
-  sequenceNumbers: Schema.Array(Schema.Number)
-}) {}
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export class RequestChanges extends Schema.Class<RequestChanges>("effect/eventlog/EventLogRemote/RequestChanges")({
-  _tag: Schema.tag("RequestChanges"),
-  publicKey: Schema.String,
-  startSequence: Schema.Number
-}) {}
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export class Changes extends Schema.Class<Changes>("effect/eventlog/EventLogRemote/Changes")({
-  _tag: Schema.tag("Changes"),
-  publicKey: Schema.String,
-  entries: Schema.Array(EncryptedRemoteEntry)
-}) {}
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export class StopChanges extends Schema.Class<StopChanges>("effect/eventlog/EventLogRemote/StopChanges")({
-  _tag: Schema.tag("StopChanges"),
-  publicKey: Schema.String
-}) {}
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export class Ping extends Schema.Class<Ping>("effect/eventlog/EventLogRemote/Ping")({
-  _tag: Schema.tag("Ping"),
-  id: Schema.Number
-}) {}
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export class Pong extends Schema.Class<Pong>("effect/eventlog/EventLogRemote/Pong")({
-  _tag: Schema.tag("Pong"),
-  id: Schema.Number
-}) {}
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export const ProtocolRequest = Schema.Union([WriteEntries, RequestChanges, StopChanges, ChunkedMessage, Ping])
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export const ProtocolRequestMsgpack = Msgpack.schema(ProtocolRequest)
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export const decodeRequest = Schema.decodeUnknownEffect(ProtocolRequestMsgpack)
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export const encodeRequest = Schema.encodeUnknownEffect(ProtocolRequestMsgpack)
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export const ProtocolResponse = Schema.Union([Hello, Ack, Changes, ChunkedMessage, Pong])
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export const ProtocolResponseMsgpack = Msgpack.schema(ProtocolResponse)
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export const decodeResponse = Schema.decodeUnknownEffect(ProtocolResponseMsgpack)
-
-/**
- * @since 4.0.0
- * @category protocol
- */
-export const encodeResponse = Schema.encodeUnknownEffect(ProtocolResponseMsgpack)
-
-/**
- * @since 4.0.0
- * @category change
- */
-export class RemoteAdditions extends Schema.Class<RemoteAdditions>("effect/eventlog/EventLogRemote/RemoteAdditions")({
-  _tag: Schema.tag("RemoteAdditions"),
-  entries: Schema.Array(RemoteEntry)
-}) {}
-
-const constChunkSize = 512_000
-
 /**
  * @since 4.0.0
  * @category errors
@@ -244,230 +61,266 @@ export class EventLogRemoteError extends Data.TaggedError("EventLogRemoteError")
   readonly cause: unknown
 }> {}
 
+const getIdentityRootSecretMaterial = makeGetIdentityRootSecretMaterial(globalThis.crypto)
+
+const makeAuthenticate = Effect.fnUntraced(function*(options: {
+  readonly identity: Identity["Service"]
+  readonly hello: HelloResponse
+}) {
+  const rootSecretMaterial = yield* getIdentityRootSecretMaterial(options.identity)
+  const payload = yield* encodeSessionAuthPayload({
+    remoteId: options.hello.remoteId,
+    challenge: options.hello.challenge,
+    publicKey: options.identity.publicKey,
+    signingPublicKey: rootSecretMaterial.signingPublicKey
+  })
+  const signature = yield* signSessionAuthPayloadBytes({
+    payload,
+    signingPrivateKey: Redacted.value(rootSecretMaterial.signingPrivateKey)
+  })
+
+  return new Authenticate({
+    publicKey: options.identity.publicKey,
+    signingPublicKey: rootSecretMaterial.signingPublicKey,
+    signature,
+    algorithm: "Ed25519"
+  })
+})
+
 /**
  * @since 4.0.0
- * @category entry
+ * @category RpcClient
  */
-export const RemoteEntryChange = Schema.Tuple([RemoteId, Schema.Array(EntryId)])
+export class EventLogRemoteClient extends Context.Service<
+  EventLogRemoteClient,
+  RpcClient.RpcClient<RpcGroup.Rpcs<typeof EventLogRemoteRpcs>, RpcClientError>
+>()(
+  "effect/unstable/eventlog/EventLogRemote/EventLogRemoteClient"
+) {
+  static readonly layer = Layer.effect(
+    EventLogRemoteClient,
+    RpcClient.make(EventLogRemoteRpcs, {
+      disableTracing: true
+    })
+  )
+}
 
 /**
  * @since 4.0.0
  * @category constructors
  */
-export const fromSocket = (options?: {
-  readonly disablePing?: boolean
-}): Effect.Effect<EventLogRemote["Service"], never, Scope.Scope | EventLogEncryption | Socket.Socket> =>
-  Effect.gen(function*() {
-    const socket = yield* Socket.Socket
-    const encryption = yield* EventLogEncryption
-    const writeRaw = yield* socket.writer
+export const makeWith = Effect.fnUntraced(function*({ encodeWrite, decodeChanges }: {
+  readonly encodeWrite: (options: {
+    readonly identity: Identity["Service"]
+    readonly entries: ReadonlyArray<Entry>
+    readonly storeId: StoreId
+  }) => Effect.Effect<Uint8Array<ArrayBuffer>, Schema.SchemaError>
+  readonly decodeChanges: (
+    identity: Identity["Service"],
+    data: Uint8Array<ArrayBuffer>
+  ) => Effect.Effect<ReadonlyArray<RemoteEntry>, Schema.SchemaError>
+}): Effect.fn.Return<EventLogRemote["Service"], EventLogRemoteError, Scope.Scope | EventLogRemoteClient | Registry> {
+  const client = yield* EventLogRemoteClient
+  const registry = yield* Registry
+
+  let hello: HelloResponse | null = yield* client["EventLog.Hello"]().pipe(
+    Effect.mapError((cause) => new EventLogRemoteError({ method: "hello", cause }))
+  )
 
-    const writeRequest = (request: typeof ProtocolRequest.Type) =>
-      Effect.gen(function*() {
-        const data = yield* encodeRequest(request)
-        if (request._tag !== "WriteEntries" || data.byteLength <= constChunkSize) {
-          return yield* writeRaw(data)
-        }
-        const id = request.id
-        for (const part of ChunkedMessage.split(id, data)) {
-          yield* writeRaw(yield* encodeRequest(part))
-        }
+  const identities = new Map<string, Identity["Service"]>()
+  const ensureIdentity = (identity: Identity["Service"]) => {
+    let entry = identities.get(identity.publicKey)
+    if (!entry) {
+      entry = identity
+      identities.set(identity.publicKey, entry)
+    }
+    return entry
+  }
+
+  const authCache = yield* Cache.make({
+    lookup: Effect.fnUntraced(function*(publicKey: string) {
+      const identity = identities.get(publicKey)!
+      hello ??= yield* client["EventLog.Hello"]().pipe(
+        Effect.mapError((cause) => new EventLogRemoteError({ method: "hello", cause }))
+      )
+      const authenticate = yield* makeAuthenticate({
+        identity,
+        hello
       })
+      yield* client["EventLog.Authenticate"](authenticate)
+    }, Effect.mapError((cause) => new EventLogRemoteError({ method: "authenticate", cause }))),
+    capacity: Number.MAX_SAFE_INTEGER
+  })
 
-    let pendingCounter = 0
-    const pending = new Map<number, {
-      readonly entries: ReadonlyArray<Entry>
-      readonly deferred: Deferred.Deferred<void>
-      readonly publicKey: string
-    }>()
-    const chunks = new Map<number, {
-      readonly parts: Array<Uint8Array>
-      count: number
-      bytes: number
-    }>()
+  const ensureAuthenticated = (identity: Identity["Service"]) => {
+    ensureIdentity(identity)
+    return Cache.get(authCache, identity.publicKey)
+  }
 
-    const subscriptions = yield* RcMap.make({
-      lookup: (publicKey: string) =>
-        Effect.acquireRelease(
-          Queue.make<RemoteEntry>(),
-          (queue) =>
-            Queue.shutdown(queue).pipe(
-              Effect.andThen(Effect.ignore(writeRequest(new StopChanges({ publicKey }))))
-            )
+  const retryForbidden = <A, E, R>(
+    effect: Effect.Effect<A, E, R>,
+    options: {
+      readonly identity: Identity["Service"]
+    }
+  ) =>
+    Effect.retry(effect, {
+      while(e) {
+        hello = null
+        const isForbidden = Predicate.isTagged(e, "EventLogProtocolError") &&
+          (e as any as EventLogProtocolError).code === "Forbidden"
+        return Cache.invalidate(authCache, options.identity.publicKey).pipe(
+          Effect.as(isForbidden)
         )
+      },
+      times: 5
     })
-    const identities = new Map<string, Identity["Service"]>()
-    const badPing = yield* Deferred.make<never, Error>()
-    const remoteId = yield* Deferred.make<RemoteId>()
 
-    let latestPing = 0
-    let latestPong = 0
+  let chunkedIdCounter = 0
 
-    if (options?.disablePing !== true) {
-      yield* Effect.suspend(() => {
-        if (latestPing !== latestPong) {
-          return Deferred.fail(badPing, new Error("Ping timeout"))
+  const remote = EventLogRemote.of({
+    id: hello.remoteId,
+    write: Effect.fnUntraced(
+      function*(options) {
+        yield* ensureAuthenticated(options.identity)
+        const encoded = yield* encodeWrite(options)
+        if (encoded.byteLength <= ChunkedMessage.chunkSize) {
+          return yield* client["EventLog.WriteSingle"]({ data: encoded })
+        }
+        for (const part of ChunkedMessage.split(chunkedIdCounter++, encoded)) {
+          yield* client["EventLog.WriteChunked"](part)
+        }
+      },
+      retryForbidden,
+      Effect.mapError((cause) => new EventLogRemoteError({ method: "write", cause }))
+    ),
+    changes: Effect.fnUntraced(function*(options) {
+      const outgoing = yield* Queue.make<RemoteEntry, EventLogRemoteError>()
+
+      yield* Effect.gen(function*() {
+        yield* ensureAuthenticated(options.identity)
+
+        const chunkedState = ChunkedMessage.initialJoinState()
+        const incoming = yield* client["EventLog.Changes"]({
+          publicKey: options.identity.publicKey,
+          storeId: options.storeId,
+          startSequence: options.startSequence
+        }, { asQueue: true })
+
+        while (true) {
+          const parts = yield* Queue.takeAll(incoming)
+          for (let i = 0; i < parts.length; i++) {
+            const part = parts[i]
+            if (part._tag === "Single") {
+              yield* Queue.offerAll(outgoing, yield* decodeChanges(options.identity, part.data))
+              continue
+            }
+            const data = ChunkedMessage.join(chunkedState, part)
+            if (!data) continue
+            yield* Queue.offerAll(outgoing, yield* decodeChanges(options.identity, data))
+          }
         }
-        return writeRequest(new Ping({ id: ++latestPing }))
       }).pipe(
-        Effect.delay("10 seconds"),
-        Effect.ignore,
-        Effect.forever,
-        Effect.interruptible,
+        (effect) => retryForbidden(effect, options),
+        Effect.mapError((cause) => {
+          if (cause._tag === "EventLogRemoteError") {
+            return cause
+          }
+          return new EventLogRemoteError({
+            method: "changes",
+            cause
+          })
+        }),
+        Effect.catchCause((cause) => Queue.failCause(outgoing, cause)),
         Effect.forkScoped
       )
-    }
 
-    const handleMessage = (res: typeof ProtocolResponse.Type): Effect.Effect<void, unknown, Scope.Scope> => {
-      switch (res._tag) {
-        case "Hello": {
-          return Deferred.succeed(remoteId, res.remoteId).pipe(Effect.asVoid)
-        }
-        case "Ack": {
-          return Effect.gen(function*() {
-            const entry = pending.get(res.id)
-            if (!entry) return
-            pending.delete(res.id)
-            const { deferred, entries, publicKey } = entry
-            const remoteEntries = res.sequenceNumbers.map((sequenceNumber, i) => {
-              const entry = entries[i]
-              return new RemoteEntry({
-                remoteSequence: sequenceNumber,
-                entry
-              })
-            })
-            const queue = yield* RcMap.get(subscriptions, publicKey)
-            yield* Queue.offerAll(queue, remoteEntries)
-            yield* Deferred.done(deferred, Exit.void)
-          }).pipe(Effect.scoped)
-        }
-        case "Pong": {
-          latestPong = res.id
-          if (res.id === latestPing) {
-            return Effect.void
-          }
-          return Deferred.fail(badPing, new Error("Pong id mismatch")).pipe(
-            Effect.asVoid
-          )
-        }
-        case "Changes": {
-          return Effect.gen(function*() {
-            const queue = yield* RcMap.get(subscriptions, res.publicKey)
-            const identity = identities.get(res.publicKey)
-            if (!identity) {
-              return
-            }
-            const entries = yield* encryption.decrypt(identity, res.entries)
-            yield* Queue.offerAll(queue, entries)
-          }).pipe(Effect.scoped)
-        }
-        case "ChunkedMessage": {
-          const data = ChunkedMessage.join(chunks, res)
-          if (!data) return Effect.void
-          return Effect.scoped(
-            Effect.flatMap(decodeResponse(data), handleMessage)
-          )
-        }
-      }
-    }
+      return outgoing
+    }),
+    whenAuthenticated: (effect) =>
+      IdentityService.use((identity) => Effect.flatMap(ensureAuthenticated(identity), () => effect))
+  })
 
-    yield* socket.run((data) => Effect.flatMap(decodeResponse(data), handleMessage)).pipe(
-      Effect.raceFirst(Deferred.await(badPing)),
-      Effect.tapCause(Effect.logDebug),
-      Effect.retry({
-        schedule: Schedule.exponential(100).pipe(
-          Schedule.either(Schedule.spaced(5000))
-        )
-      }),
-      Effect.annotateLogs({
-        service: "EventLogRemote",
-        method: "fromSocket"
-      }),
-      Effect.forkScoped,
-      Effect.interruptible
-    )
+  yield* registry.registerRemote(remote)
 
-    const id = yield* Deferred.await(remoteId)
+  return remote
+})
 
-    return {
-      id,
-      write: (identity, entries) =>
-        Effect.gen(function*() {
-          const encrypted = yield* encryption.encrypt(identity, entries)
-          const deferred = yield* Deferred.make<void>()
-          const id = pendingCounter++
-          pending.set(id, {
-            entries,
-            deferred,
-            publicKey: identity.publicKey
-          })
-          yield* Effect.orDie(writeRequest(
-            new WriteEntries({
-              publicKey: identity.publicKey,
-              id,
-              iv: encrypted.iv,
-              encryptedEntries: encrypted.encryptedEntries.map((encryptedEntry, i) => ({
-                entryId: entries[i].id,
-                encryptedEntry
-              }))
-            })
-          ))
-          yield* Deferred.await(deferred)
-        }),
-      changes: (identity, startSequence) =>
-        Effect.gen(function*() {
-          const queue = yield* RcMap.get(subscriptions, identity.publicKey)
-          identities.set(identity.publicKey, identity)
-          yield* Effect.orDie(writeRequest(
-            new RequestChanges({
-              publicKey: identity.publicKey,
-              startSequence
-            })
-          ))
-          return queue
-        })
-    }
-  })
+class IdentityService extends Context.Service<Identity, Identity["Service"]>()(
+  "effect/eventlog/EventLog/Identity" satisfies Identity["key"]
+) {}
 
 /**
  * @since 4.0.0
  * @category constructors
  */
-export const fromWebSocket = (
-  url: string,
-  options?: {
-    readonly disablePing?: boolean
-  }
-): Effect.Effect<EventLogRemote["Service"], never, Scope.Scope | EventLogEncryption | Socket.WebSocketConstructor> =>
-  Effect.gen(function*() {
-    const socket = yield* Socket.makeWebSocket(url)
-    return yield* fromSocket(options).pipe(
-      Effect.provideService(Socket.Socket, socket)
-    )
+export const makeEncrypted = Effect.gen(function*(): Effect.fn.Return<
+  EventLogRemote["Service"],
+  EventLogRemoteError,
+  Scope.Scope | EventLogRemoteClient | EventLogEncryption | Registry
+> {
+  const encryption = yield* EventLogEncryption
+
+  return yield* makeWith({
+    encodeWrite: (options) =>
+      encryption.encrypt(options.identity, options.entries).pipe(
+        Effect.flatMap((msg) =>
+          new WriteEntries({
+            publicKey: options.identity.publicKey,
+            storeId: options.storeId,
+            iv: msg.iv,
+            encryptedEntries: msg.encryptedEntries.map((entry, i) => ({
+              entryId: options.entries[i].id,
+              encryptedEntry: entry
+            }))
+          }).encoded
+        )
+      ),
+    decodeChanges: (identity, data) =>
+      ChangesRpc.decodeEncrypted(data).pipe(
+        Effect.flatMap((entries) => encryption.decrypt(identity, entries))
+      )
   })
+})
 
 /**
  * @since 4.0.0
- * @category layers
+ * @category constructors
  */
-export const layerWebSocket = (
-  url: string,
-  options?: {
-    readonly disablePing?: boolean
-  }
-): Layer.Layer<never, never, Socket.WebSocketConstructor | EventLogEncryption> =>
-  Layer.effectDiscard(fromWebSocket(url, options))
+export const makeUnencrypted: Effect.Effect<
+  EventLogRemote["Service"],
+  EventLogRemoteError,
+  Scope.Scope | EventLogRemoteClient | Registry
+> = makeWith({
+  encodeWrite: (options) =>
+    new WriteEntriesUnencrypted({
+      publicKey: options.identity.publicKey,
+      storeId: options.storeId,
+      entries: options.entries
+    }).encoded,
+  decodeChanges: (_identity, data) => ChangesRpc.decodeUnencrypted(data)
+})
 
 /**
  * @since 4.0.0
- * @category layers
+ * @category Layers
  */
-export const layerWebSocketBrowser = (
-  url: string,
-  options?: {
-    readonly disablePing?: boolean
-  }
-): Layer.Layer<never> =>
-  layerWebSocket(url, options).pipe(
-    Layer.provide([layerSubtle, Socket.layerWebSocketConstructorGlobal])
-  )
+export const layerEncrypted: Layer.Layer<
+  EventLogRemote,
+  EventLogRemoteError,
+  RpcClient.Protocol | Registry
+> = Layer.effect(EventLogRemote, makeEncrypted).pipe(
+  Layer.provide(EventLogRemoteClient.layer),
+  Layer.provide(layerSubtle)
+)
+
+/**
+ * @since 4.0.0
+ * @category Layers
+ */
+export const layerUnencrypted: Layer.Layer<
+  EventLogRemote,
+  EventLogRemoteError,
+  RpcClient.Protocol | Registry
+> = Layer.effect(EventLogRemote, makeUnencrypted).pipe(
+  Layer.provide(EventLogRemoteClient.layer)
+)