@cofhe/mock-contracts 0.0.0-alpha-20260409113701

package/contracts/MockThresholdNetwork.sol

@@ -0,0 +1,199 @@
+// SPDX-License-Identifier: BSD-3-Clause-Clear
+// solhint-disable one-contract-per-file
+
+// NOTE: This file was renamed from `MockQueryDecrypter.sol` to `MockThresholdNetwork.sol`
+// to better reflect that it mocks threshold-network-style decryption/sealing behavior
+// in local/testing environments.
+
+pragma solidity >=0.8.19 <0.9.0;
+
+import { MockACL } from './MockACL.sol';
+import { MockTaskManager } from './MockTaskManager.sol';
+import { Permission, MockPermissioned } from './Permissioned.sol';
+
+contract MockThresholdNetwork {
+  MockTaskManager public mockTaskManager;
+  MockACL public mockAcl;
+
+  error NotAllowed();
+  error SealingKeyMissing();
+  error SealingKeyInvalid();
+
+  function initialize(address _taskManager, address _acl) public {
+    mockTaskManager = MockTaskManager(_taskManager);
+    mockAcl = MockACL(_acl);
+  }
+
+  // EXISTENCE
+
+  function exists() public pure returns (bool) {
+    return true;
+  }
+
+  // BODY
+
+  function queryDecrypt(
+    uint256 ctHash,
+    uint256,
+    Permission memory permission
+  ) public view returns (bool allowed, string memory error, uint256) {
+    bool isAllowed;
+    try mockAcl.isAllowedWithPermission(permission, ctHash) returns (bool _isAllowed) {
+      isAllowed = _isAllowed;
+    } catch Error(string memory reason) {
+      // Handle string error messages
+      return (false, reason, 0);
+    } catch Panic(uint /*errorCode*/) {
+      // Handle panic errors
+      return (false, 'Panic', 0);
+    } catch (bytes memory lowLevelData) {
+      return (false, decodeLowLevelReversion(lowLevelData), 0);
+    }
+
+    if (!isAllowed) return (false, 'NotAllowed', 0);
+
+    return (true, '', mockTaskManager.mockStorage(ctHash));
+  }
+
+  function seal(uint256 input, bytes32 key) public pure returns (bytes32) {
+    return bytes32(input) ^ key;
+  }
+
+  function unseal(bytes32 hashed, bytes32 key) public pure returns (uint256) {
+    return uint256(hashed ^ key);
+  }
+
+  // changed function name from 'testQueryDecrypt'
+  // Foundry was trying to run fuzz tests on it
+  function mockQueryDecrypt(
+    uint256 ctHash,
+    uint256,
+    address issuer
+  ) public view returns (bool allowed, string memory error, uint256) {
+    bool isAllowed;
+    try mockAcl.isAllowed(ctHash, issuer) returns (bool _isAllowed) {
+      isAllowed = _isAllowed;
+    } catch Error(string memory reason) {
+      // Handle string error messages
+      return (false, reason, 0);
+    } catch Panic(uint /*errorCode*/) {
+      // Handle panic errors
+      return (false, 'Panic', 0);
+    } catch (bytes memory lowLevelData) {
+      return (false, decodeLowLevelReversion(lowLevelData), 0);
+    }
+
+    if (!isAllowed) return (false, 'NotAllowed', 0);
+
+    uint256 value = mockTaskManager.mockStorage(ctHash);
+    return (true, '', value);
+  }
+
+  function querySealOutput(
+    uint256 ctHash,
+    uint256,
+    Permission memory permission
+  ) public view returns (bool allowed, string memory error, bytes32) {
+    if (permission.sealingKey == bytes32(0)) revert SealingKeyMissing();
+
+    bool isAllowed;
+    try mockAcl.isAllowedWithPermission(permission, ctHash) returns (bool _isAllowed) {
+      isAllowed = _isAllowed;
+    } catch Error(string memory reason) {
+      // Handle string error messages
+      return (false, reason, bytes32(0));
+    } catch Panic(uint /*errorCode*/) {
+      // Handle panic errors
+      return (false, 'Panic', bytes32(0));
+    } catch (bytes memory lowLevelData) {
+      return (false, decodeLowLevelReversion(lowLevelData), bytes32(0));
+    }
+
+    if (!isAllowed) return (false, 'NotAllowed', bytes32(0));
+
+    uint256 value = mockTaskManager.mockStorage(ctHash);
+    return (true, '', seal(value, permission.sealingKey));
+  }
+
+  // DECRYPT FOR TX
+
+  function _isAllowedWithPermit(
+    uint256 ctHash,
+    Permission memory permission
+  ) internal view returns (bool isAllowed, string memory error) {
+    try mockTaskManager.isAllowedWithPermission(permission, ctHash) returns (bool _isAllowed) {
+      isAllowed = _isAllowed;
+    } catch Error(string memory reason) {
+      return (false, reason);
+    } catch Panic(uint /*errorCode*/) {
+      return (false, 'Panic');
+    } catch (bytes memory lowLevelData) {
+      return (false, decodeLowLevelReversion(lowLevelData));
+    }
+
+    if (!isAllowed) return (false, 'NotAllowed');
+    return (true, '');
+  }
+
+  function _isAllowedWithoutPermit(uint256 ctHash) internal view returns (bool isAllowed, string memory error) {
+    try mockAcl.globalAllowed(ctHash) returns (bool _isAllowed) {
+      isAllowed = _isAllowed;
+    } catch Error(string memory reason) {
+      return (false, reason);
+    } catch Panic(uint /*errorCode*/) {
+      return (false, 'Panic');
+    } catch (bytes memory lowLevelData) {
+      return (false, decodeLowLevelReversion(lowLevelData));
+    }
+
+    if (!isAllowed) return (false, 'NotAllowed');
+    return (true, '');
+  }
+
+  /// @notice Decrypt a ciphertext for a transaction using a permit.
+  function decryptForTxWithPermit(
+    uint256 ctHash,
+    Permission memory permission
+  ) public view returns (bool allowed, string memory error, uint256 decryptedValue) {
+    if (permission.issuer == address(0)) {
+      return (false, 'PermissionMissing', 0);
+    }
+
+    (bool isAllowed, string memory err) = _isAllowedWithPermit(ctHash, permission);
+    if (!isAllowed) return (false, err, 0);
+
+    uint256 value = mockTaskManager.mockStorage(ctHash);
+    return (true, '', value);
+  }
+
+  /// @notice Decrypt a ciphertext for a transaction using global allowance (no permit).
+  function decryptForTxWithoutPermit(
+    uint256 ctHash
+  ) public view returns (bool allowed, string memory error, uint256 decryptedValue) {
+    (bool isAllowed, string memory err) = _isAllowedWithoutPermit(ctHash);
+    if (!isAllowed) return (false, err, 0);
+
+    uint256 value = mockTaskManager.mockStorage(ctHash);
+    return (true, '', value);
+  }
+
+  // UTIL
+
+  function decodeLowLevelReversion(bytes memory data) public pure returns (string memory error) {
+    bytes4 selector = bytes4(data);
+    if (selector == MockPermissioned.PermissionInvalid_Expired.selector) {
+      return 'PermissionInvalid_Expired';
+    }
+    if (selector == MockPermissioned.PermissionInvalid_IssuerSignature.selector) {
+      return 'PermissionInvalid_IssuerSignature';
+    }
+    if (selector == MockPermissioned.PermissionInvalid_RecipientSignature.selector) {
+      return 'PermissionInvalid_RecipientSignature';
+    }
+    if (selector == MockPermissioned.PermissionInvalid_Disabled.selector) {
+      return 'PermissionInvalid_Disabled';
+    }
+    // Handle other errors
+    return 'Low Level Error';
+  }
+}

package/contracts/MockZkVerifier.sol

@@ -0,0 +1,140 @@
+// SPDX-License-Identifier: BSD-3-Clause-Clear
+// solhint-disable one-contract-per-file
+
+pragma solidity >=0.8.19 <0.9.0;
+
+import { TASK_MANAGER_ADDRESS } from '@fhenixprotocol/cofhe-contracts/FHE.sol';
+import { EncryptedInput } from '@fhenixprotocol/cofhe-contracts/ICofhe.sol';
+import { MockTaskManager } from './MockTaskManager.sol';
+
+contract MockZkVerifier {
+  // TMCommon
+  uint256 constant hashMaskForMetadata = type(uint256).max - type(uint16).max; // 2 bytes reserved for metadata
+  uint256 constant uintTypeMask = (type(uint8).max >> 1); // 0x7f - 7 bits reserved for uint type in the one before last byte
+  uint256 constant triviallyEncryptedMask = type(uint8).max - uintTypeMask; //0x80  1 bit reserved for isTriviallyEncrypted
+
+  // Specific
+  uint256 salt = 0;
+  error InvalidInputs();
+
+  // EXISTENCE
+
+  function exists() public pure returns (bool) {
+    return true;
+  }
+
+  // HASHING
+
+  function getByteForTrivialAndType(bool isTrivial, uint8 uintType) internal pure returns (uint256) {
+    /// @dev first bit for isTriviallyEncrypted
+    /// @dev last 7 bits for uintType
+
+    return uint256(((isTrivial ? triviallyEncryptedMask : 0x00) | (uintType & uintTypeMask)));
+  }
+
+  function _appendMetadata(
+    uint256 preCtHash,
+    uint8 securityZone,
+    uint8 uintType,
+    bool isTrivial
+  ) internal pure returns (uint256 result) {
+    result = preCtHash & hashMaskForMetadata;
+    uint256 metadata = (getByteForTrivialAndType(isTrivial, uintType) << 8) | (uint256(uint8(int8(securityZone)))); /// @dev 8 bits for type, 8 bits for securityZone
+    result = result | metadata;
+  }
+
+  function uint256ToBytes32(uint256 value) internal pure returns (bytes memory) {
+    bytes memory result = new bytes(32);
+    assembly {
+      mstore(add(result, 32), value)
+    }
+    return result;
+  }
+
+  function _calcPlaceholderKey(
+    address user,
+    uint8 utype,
+    uint8 securityZone,
+    uint256 input
+  ) internal view returns (uint256) {
+    bytes memory combined = bytes.concat(uint256ToBytes32(input));
+    combined = bytes.concat(combined, uint256ToBytes32(uint256(uint160(user))));
+    combined = bytes.concat(combined, keccak256(abi.encodePacked(salt)));
+
+    // Calculate Keccak256 hash
+    bytes32 ctHash = keccak256(combined);
+
+    return _appendMetadata(uint256(ctHash), securityZone, utype, false);
+  }
+
+  // CORE
+
+  function zkVerifyCalcCtHashesPacked(
+    uint256[] memory values,
+    uint8[] memory utypes,
+    address user,
+    uint8 securityZone,
+    uint256 chainId
+  ) public view returns (uint256[] memory ctHashes) {
+    if (utypes.length != values.length) {
+      revert InvalidInputs();
+    }
+
+    ctHashes = new uint256[](utypes.length);
+
+    for (uint256 i = 0; i < utypes.length; i++) {
+      ctHashes[i] = zkVerifyCalcCtHash(values[i], utypes[i], user, securityZone, chainId);
+    }
+  }
+
+  function zkVerifyCalcCtHash(
+    uint256 value,
+    uint8 utype,
+    address user,
+    uint8 securityZone,
+    uint256
+  ) public view returns (uint256 ctHash) {
+    ctHash = _calcPlaceholderKey(user, utype, securityZone, value);
+  }
+
+  function insertPackedCtHashes(uint256[] memory ctHashes, uint256[] memory values) public {
+    for (uint256 i = 0; i < ctHashes.length; i++) {
+      insertCtHash(ctHashes[i], values[i]);
+    }
+  }
+
+  function insertCtHash(uint256 ctHash, uint256 value) public {
+    MockTaskManager(TASK_MANAGER_ADDRESS).MOCK_setInEuintKey(ctHash, value);
+    salt += 1;
+  }
+
+  function zkVerifyPacked(
+    uint256[] memory values,
+    uint8[] memory utypes,
+    address user,
+    uint8 securityZone,
+    uint256 chainId
+  ) public returns (EncryptedInput[] memory inputs) {
+    if (utypes.length != values.length) {
+      revert InvalidInputs();
+    }
+
+    inputs = new EncryptedInput[](utypes.length);
+
+    for (uint256 i = 0; i < utypes.length; i++) {
+      inputs[i] = zkVerify(values[i], utypes[i], user, securityZone, chainId);
+    }
+  }
+
+  function zkVerify(
+    uint256 value,
+    uint8 utype,
+    address user,
+    uint8 securityZone,
+    uint256
+  ) public returns (EncryptedInput memory) {
+    uint256 ctHash = _calcPlaceholderKey(user, utype, securityZone, value);
+    insertCtHash(ctHash, value);
+    return EncryptedInput({ ctHash: ctHash, securityZone: securityZone, utype: utype, signature: hex'' });
+  }
+}

package/contracts/Permissioned.sol

@@ -0,0 +1,213 @@
+// solhint-disable func-name-mixedcase
+// SPDX-License-Identifier: MIT
+pragma solidity >=0.8.19 <0.9.0;
+
+import {SignatureChecker} from "@openzeppelin/contracts/utils/cryptography/SignatureChecker.sol";
+import {EIP712} from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
+
+/**
+ * @dev Permission body that must be passed to a contract to allow access to sensitive data.
+ *
+ * The minimum permission to access a user's own data requires the fields
+ * < issuer, expiration, sealingKey, issuerSignature >
+ *
+ *   ---
+ *
+ * If not sharing the permission, `issuer` signs a signature using the fields:
+ *     < issuer, expiration, sealingKey, issuerSignature >
+ * This signature can now be used by `issuer` to access their own encrypted data.
+ *
+ *   ---
+ *
+ * Sharing a permission is a two step process: `issuer` completes step 1, and `recipient` completes step 2.
+ *
+ * 1:
+ * `issuer` creates a permission with `recipient` populated with the address of the user to give access to.
+ * `issuer` does not include a `sealingKey` in the permission, it will be populated by the `recipient`.
+ * `issuer` signs a signature including the fields: (note: `sealingKey` is absent in this signature)
+ *     < issuer, expiration, sealingKey, issuerSignature >
+ * `issuer` packages the permission data and `issuerSignature` and shares it with `recipient`
+ *     ** None of this data is sensitive, and can be shared as cleartext **
+ *
+ * 2:
+ * `recipient` adds their `sealingKey` to the data received from `issuer`
+ * `recipient` signs a signature including the fields:
+ *     < sealingKey, issuerSignature >
+ * `recipient` can now use the completed Permission to access `issuer`s encrypted data.
+ *
+ *   ---
+ *
+ * `validatorId` and `validatorContract` are optional and can be used together to
+ * increase security and control by disabling a permission after it has been created.
+ * Useful when sharing permits to provide external access to sensitive data (eg auditors).
+ */
+struct Permission {
+    // (base) User that initially created the permission, target of data fetching
+    address issuer;
+    // (base) Expiration timestamp
+    uint64 expiration;
+    // (sharing) The user that this permission will be shared with
+    // ** optional, use `address(0)` to disable **
+    address recipient;
+    // (issuer defined validation) An id used to query a contract to check this permissions validity
+    // ** optional, use `0` to disable **
+    uint256 validatorId;
+    // (issuer defined validation) The contract to query to determine permission validity
+    // ** optional, user `address(0)` to disable **
+    address validatorContract;
+    // (base) The publicKey of a sealingPair used to re-encrypt `issuer`s confidential data
+    //   (non-sharing) Populated by `issuer`
+    //   (sharing)     Populated by `recipient`
+    bytes32 sealingKey;
+    // (base) `signTypedData` signature created by `issuer`.
+    // (base) Shared- and Self- permissions differ in signature format: (`sealingKey` absent in shared signature)
+    //   (non-sharing) < issuer, expiration, recipient, validatorId, validatorContract, sealingKey >
+    //   (sharing)     < issuer, expiration, recipient, validatorId, validatorContract >
+    bytes issuerSignature;
+    // (sharing) `signTypedData` signature created by `recipient` with format:
+    // (sharing) < sealingKey, issuerSignature>
+    // ** required for shared permits **
+    bytes recipientSignature;
+}
+
+/// @dev Minimum required interface to create a custom permission validator.
+/// Permission validators are optional, and provide extra security and control when sharing permits.
+interface IPermissionCustomIdValidator {
+    /// @dev Checks whether a permission is valid, returning `false` disables the permission.
+    function disabled(address issuer, uint256 id) external view returns (bool);
+}
+
+contract MockPermissioned is EIP712 {
+    using PermissionUtils for Permission;
+
+    constructor() EIP712("ACL", "1") {}
+
+    /// @dev Emitted when `permission.expiration` is in the past (< block.timestamp)
+    error PermissionInvalid_Expired();
+
+    /// @dev Emitted when `issuerSignature` is malformed or was not signed by `permission.issuer`
+    error PermissionInvalid_IssuerSignature();
+
+    /// @dev Emitted when `recipientSignature` is malformed or was not signed by `permission.recipient`
+    error PermissionInvalid_RecipientSignature();
+
+    /// @dev Emitted when `validatorContract` returned `false` indicating that this permission has been externally disabled
+    error PermissionInvalid_Disabled();
+
+    /// @dev Validate's a `permissions` access of sensitive data.
+    /// `permission` may be invalid or unauthorized for the following reasons:
+    ///    - Expired:                  `permission.expiration` is in the past (< block.timestamp)
+    ///    - Issuer signature:         `issuerSignature` is malformed or was not signed by `permission.issuer`
+    ///    - Recipient signature:      `recipientSignature` is malformed or was not signed by `permission.recipient`
+    ///    - Disabled:                 `validatorContract` returned `false` indicating that this permission has been externally disabled
+    /// @param permission Permission struct containing data necessary to validate data access and seal for return.
+    ///
+    /// NOTE: Functions protected by `withPermission` should return ONLY the sensitive data of `permission.issuer`.
+    /// !! Returning data of `msg.sender` will leak sensitive values - `msg.sender` cannot be trusted in view functions !!
+    modifier withPermission(Permission memory permission) {
+        // Expiration
+        if (permission.expiration < block.timestamp)
+            revert PermissionInvalid_Expired();
+
+        // Issuer signature
+        if (
+            !SignatureChecker.isValidSignatureNow(
+                permission.issuer,
+                _hashTypedDataV4(permission.issuerHash()),
+                permission.issuerSignature
+            )
+        ) revert PermissionInvalid_IssuerSignature();
+
+        // (if applicable) Recipient signature
+        if (
+            permission.recipient != address(0) &&
+            !SignatureChecker.isValidSignatureNow(
+                permission.recipient,
+                _hashTypedDataV4(permission.recipientHash()),
+                permission.recipientSignature
+            )
+        ) revert PermissionInvalid_RecipientSignature();
+
+        // (if applicable) Externally disabled
+        if (
+            permission.validatorId != 0 &&
+            permission.validatorContract != address(0) &&
+            IPermissionCustomIdValidator(permission.validatorContract).disabled(
+                permission.issuer,
+                permission.validatorId
+            )
+        ) revert PermissionInvalid_Disabled();
+
+        _;
+    }
+
+    function hashTypedDataV4(
+        bytes32 structHash
+    ) public view virtual returns (bytes32) {
+        return _hashTypedDataV4(structHash);
+    }
+}
+
+/// @dev Internal utility library to improve the readability of PermissionedV2
+/// Primarily focused on signature type hashes
+library PermissionUtils {
+    function issuerHash(
+        Permission memory permission
+    ) internal pure returns (bytes32) {
+        if (permission.recipient == address(0))
+            return issuerSelfHash(permission);
+        return issuerSharedHash(permission);
+    }
+
+    function issuerSelfHash(
+        Permission memory permission
+    ) internal pure returns (bytes32) {
+        return
+            keccak256(
+                abi.encode(
+                    keccak256(
+                        "PermissionedV2IssuerSelf(address issuer,uint64 expiration,address recipient,uint256 validatorId,address validatorContract,bytes32 sealingKey)"
+                    ),
+                    permission.issuer,
+                    permission.expiration,
+                    permission.recipient,
+                    permission.validatorId,
+                    permission.validatorContract,
+                    permission.sealingKey
+                )
+            );
+    }
+
+    function issuerSharedHash(
+        Permission memory permission
+    ) internal pure returns (bytes32) {
+        return
+            keccak256(
+                abi.encode(
+                    keccak256(
+                        "PermissionedV2IssuerShared(address issuer,uint64 expiration,address recipient,uint256 validatorId,address validatorContract)"
+                    ),
+                    permission.issuer,
+                    permission.expiration,
+                    permission.recipient,
+                    permission.validatorId,
+                    permission.validatorContract
+                )
+            );
+    }
+
+    function recipientHash(
+        Permission memory permission
+    ) internal pure returns (bytes32) {
+        return
+            keccak256(
+                abi.encode(
+                    keccak256(
+                        "PermissionedV2Recipient(bytes32 sealingKey,bytes issuerSignature)"
+                    ),
+                    permission.sealingKey,
+                    keccak256(permission.issuerSignature)
+                )
+            );
+    }
+}

package/contracts/TestBed.sol

@@ -0,0 +1,98 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity ^0.8.13;
+
+import '@fhenixprotocol/cofhe-contracts/FHE.sol';
+
+/// @title TestBed
+/// @notice Minimal contract used to smoke-test CoFHE/FHE flows (mocks + permissions + decrypt plumbing).
+/// @dev This contract is intentionally simple and is primarily a convenience for Hardhat-based local
+///      development: the Hardhat plugin can deploy it automatically when `deployTestBed` is enabled.
+///
+///      In Foundry flows, nothing deploys or depends on this contract automatically — tests must
+///      instantiate it explicitly (this repository includes such Foundry tests). You may deploy/use it
+///      in `forge test` if you want a known-good reference target.
+///
+///      Important concepts:
+///      - `eNumber` is an on-chain encrypted handle type (`euint32`). In real CoFHE, this represents a ciphertext.
+///      - `numberHash` stores the unwrapped handle (`ctHash`) as a uint256 for easy inspection/assertions.
+///      - After every state update we call `FHE.allowThis(...)` and `FHE.allowSender(...)` so the contract
+///        and the transaction sender can continue operating on / decrypting the updated handle.
+contract TestBed {
+  euint32 public eNumber;
+  bytes32 public numberHash;
+
+  /// @notice Marker used by deploy scripts/tests to confirm the contract is deployed.
+  function exists() public pure returns (bool) {
+    return true;
+  }
+
+  /// @notice Sets `eNumber` from an encrypted input struct.
+  /// @dev Typically used when testing client-side encryption flows.
+  function setNumber(InEuint32 memory inNumber) public {
+    eNumber = FHE.asEuint32(inNumber);
+    numberHash = euint32.unwrap(eNumber);
+    FHE.allowThis(eNumber);
+    FHE.allowSender(eNumber);
+  }
+
+  /// @notice Convenience setter that casts a plaintext value into an encrypted handle.
+  /// @dev Useful for quick smoke tests that don't need pre-encryption.
+  function setNumberTrivial(uint32 inNumber) public {
+    eNumber = FHE.asEuint32(inNumber);
+    numberHash = euint32.unwrap(eNumber);
+    FHE.allowThis(eNumber);
+    FHE.allowSender(eNumber);
+  }
+
+  /// @notice Increments `eNumber` by 1 using FHE arithmetic.
+  function increment() public {
+    eNumber = FHE.add(eNumber, FHE.asEuint32(1));
+    FHE.allowThis(eNumber);
+    FHE.allowSender(eNumber);
+  }
+
+  /// @notice Adds an encrypted input to `eNumber`.
+  function add(InEuint32 memory inNumber) public {
+    eNumber = FHE.add(eNumber, FHE.asEuint32(inNumber));
+
+    FHE.allowThis(eNumber);
+    FHE.allowSender(eNumber);
+  }
+
+  /// @notice Subtracts an encrypted input from `eNumber`, clamped to 0 to avoid underflow.
+  function sub(InEuint32 memory inNumber) public {
+    euint32 inAsEuint32 = FHE.asEuint32(inNumber);
+    euint32 eSubOrZero = FHE.select(FHE.lte(inAsEuint32, eNumber), inAsEuint32, FHE.asEuint32(0));
+    eNumber = FHE.sub(eNumber, eSubOrZero);
+    FHE.allowThis(eNumber);
+    FHE.allowSender(eNumber);
+  }
+
+  /// @notice Multiplies `eNumber` by an encrypted input.
+  function mul(InEuint32 memory inNumber) public {
+    eNumber = FHE.mul(eNumber, FHE.asEuint32(inNumber));
+    FHE.allowThis(eNumber);
+    FHE.allowSender(eNumber);
+  }
+
+  /// @notice Requests decryption of `eNumber`.
+  /// @dev In real CoFHE this is asynchronous; in mocks it is simulated.
+  function decrypt() public {
+    FHE.decrypt(eNumber);
+  }
+
+  /// @notice Reads a decryption result (reverts if not ready depending on implementation).
+  function getDecryptResult(euint32 input1) public view returns (uint32) {
+    return FHE.getDecryptResult(input1);
+  }
+
+  /// @notice Reads a decryption result safely, returning a readiness flag.
+  function getDecryptResultSafe(euint32 input1) public view returns (uint32 value, bool decrypted) {
+    return FHE.getDecryptResultSafe(input1);
+  }
+
+  /// @notice Publishes a decrypt result for an encrypted handle.
+  function publishDecryptResult(euint32 input, uint32 result, bytes memory signature) external {
+    FHE.publishDecryptResult(input, result, signature);
+  }
+}