@cofhe/sdk 0.0.0-alpha-20260409113701

package/dist/clientTypes-flH1ju82.d.ts

@@ -0,0 +1,998 @@
+import { WalletClient, PublicClient, Hex } from 'viem';
+import { C as CofheChain } from './types-YiAC4gig.js';
+import { z } from 'zod';
+import { P as Permit, S as SerializedPermit, C as CreateSelfPermitOptions, m as SelfPermit, d as CreateSharingPermitOptions, n as SharingPermit, I as ImportSharedPermitOptions, R as RecipientPermit, o as PermitHashFields, g as PermitUtils } from './permit-jRirYqFt.js';
+import { StoreApi } from 'zustand/vanilla';
+
+type TfheInitializer = () => Promise<boolean>;
+interface IStorage {
+    getItem: (name: string) => Promise<any>;
+    setItem: (name: string, value: any) => Promise<void>;
+    removeItem: (name: string) => Promise<void>;
+}
+type Primitive = null | undefined | string | number | boolean | symbol | bigint;
+type LiteralToPrimitive<T> = T extends number ? number : T extends bigint ? bigint : T extends string ? string : T extends boolean ? boolean : T extends symbol ? symbol : T extends null ? null : T extends undefined ? undefined : never;
+declare const FheTypeValues: readonly ["bool", "uint8", "uint16", "uint32", "uint64", "uint128", "address"];
+type FheTypeValue = (typeof FheTypeValues)[number];
+declare enum FheTypes {
+    Bool = 0,
+    Uint4 = 1,
+    Uint8 = 2,
+    Uint16 = 3,
+    Uint32 = 4,
+    Uint64 = 5,
+    Uint128 = 6,
+    Uint160 = 7,
+    Uint256 = 8,
+    Uint512 = 9,
+    Uint1024 = 10,
+    Uint2048 = 11,
+    Uint2 = 12,
+    Uint6 = 13,
+    Uint10 = 14,
+    Uint12 = 15,
+    Uint14 = 16,
+    Int2 = 17,
+    Int4 = 18,
+    Int6 = 19,
+    Int8 = 20,
+    Int10 = 21,
+    Int12 = 22,
+    Int14 = 23,
+    Int16 = 24,
+    Int32 = 25,
+    Int64 = 26,
+    Int128 = 27,
+    Int160 = 28,
+    Int256 = 29
+}
+/**
+ * List of All FHE uint types (excludes bool and address)
+ */
+declare const FheUintUTypes: readonly [FheTypes.Uint8, FheTypes.Uint16, FheTypes.Uint32, FheTypes.Uint64, FheTypes.Uint128];
+type FheUintUTypesType = (typeof FheUintUTypes)[number];
+/**
+ * List of All FHE types (uints, bool, and address)
+ */
+declare const FheAllUTypes: readonly [FheTypes.Bool, FheTypes.Uint8, FheTypes.Uint16, FheTypes.Uint32, FheTypes.Uint64, FheTypes.Uint128, FheTypes.Uint160];
+type EncryptedNumber = {
+    data: Uint8Array;
+    securityZone: number;
+};
+type EncryptedItemInput<TSignature = string> = {
+    ctHash: bigint;
+    securityZone: number;
+    utype: FheTypes;
+    signature: TSignature;
+};
+declare function assertCorrectEncryptedItemInput(input: EncryptedItemInput): asserts input is EncryptedItemInput<`0x${string}`>;
+type EncryptedBoolInput = EncryptedItemInput & {
+    utype: FheTypes.Bool;
+};
+type EncryptedUint8Input = EncryptedItemInput & {
+    utype: FheTypes.Uint8;
+};
+type EncryptedUint16Input = EncryptedItemInput & {
+    utype: FheTypes.Uint16;
+};
+type EncryptedUint32Input = EncryptedItemInput & {
+    utype: FheTypes.Uint32;
+};
+type EncryptedUint64Input = EncryptedItemInput & {
+    utype: FheTypes.Uint64;
+};
+type EncryptedUint128Input = EncryptedItemInput & {
+    utype: FheTypes.Uint128;
+};
+type EncryptedAddressInput = EncryptedItemInput & {
+    utype: FheTypes.Uint160;
+};
+type EncryptableBase<U extends FheTypes, D> = {
+    data: D;
+    securityZone: number;
+    utype: U;
+};
+type EncryptableBool = EncryptableBase<FheTypes.Bool, boolean>;
+type EncryptableUint8 = EncryptableBase<FheTypes.Uint8, string | bigint>;
+type EncryptableUint16 = EncryptableBase<FheTypes.Uint16, string | bigint>;
+type EncryptableUint32 = EncryptableBase<FheTypes.Uint32, string | bigint>;
+type EncryptableUint64 = EncryptableBase<FheTypes.Uint64, string | bigint>;
+type EncryptableUint128 = EncryptableBase<FheTypes.Uint128, string | bigint>;
+type EncryptableAddress = EncryptableBase<FheTypes.Uint160, string | bigint>;
+declare function createEncryptableByLiteral(type: 'bool', data: EncryptableBool['data'], securityZone?: number): EncryptableBool;
+declare function createEncryptableByLiteral(type: 'address', data: EncryptableAddress['data'], securityZone?: number): EncryptableAddress;
+declare function createEncryptableByLiteral(type: 'uint8', data: EncryptableUint8['data'], securityZone?: number): EncryptableUint8;
+declare function createEncryptableByLiteral(type: 'uint16', data: EncryptableUint16['data'], securityZone?: number): EncryptableUint16;
+declare function createEncryptableByLiteral(type: 'uint32', data: EncryptableUint32['data'], securityZone?: number): EncryptableUint32;
+declare function createEncryptableByLiteral(type: 'uint64', data: EncryptableUint64['data'], securityZone?: number): EncryptableUint64;
+declare function createEncryptableByLiteral(type: 'uint128', data: EncryptableUint128['data'], securityZone?: number): EncryptableUint128;
+declare function createEncryptableByLiteral(type: FheTypeValue, data: EncryptableItem['data'], securityZone?: number): EncryptableItem;
+declare const Encryptable: {
+    create: typeof createEncryptableByLiteral;
+    bool: (data: EncryptableBool["data"], securityZone?: number | undefined) => {
+        data: boolean;
+        securityZone: number;
+        utype: FheTypes.Bool;
+    };
+    address: (data: EncryptableAddress["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint160;
+    };
+    uint8: (data: EncryptableUint8["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint8;
+    };
+    uint16: (data: EncryptableUint16["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint16;
+    };
+    uint32: (data: EncryptableUint32["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint32;
+    };
+    uint64: (data: EncryptableUint64["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint64;
+    };
+    uint128: (data: EncryptableUint128["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint128;
+    };
+};
+type EncryptableItem = EncryptableBool | EncryptableUint8 | EncryptableUint16 | EncryptableUint32 | EncryptableUint64 | EncryptableUint128 | EncryptableAddress;
+type EncryptableToEncryptedItemInputMap<E extends EncryptableItem> = E extends EncryptableBool ? EncryptedBoolInput : E extends EncryptableUint8 ? EncryptedUint8Input : E extends EncryptableUint16 ? EncryptedUint16Input : E extends EncryptableUint32 ? EncryptedUint32Input : E extends EncryptableUint64 ? EncryptedUint64Input : E extends EncryptableUint128 ? EncryptedUint128Input : E extends EncryptableAddress ? EncryptedAddressInput : never;
+type EncryptedItemInputs<T> = T extends Primitive ? LiteralToPrimitive<T> : T extends EncryptableItem ? EncryptableToEncryptedItemInputMap<T> : {
+    [K in keyof T]: EncryptedItemInputs<T[K]>;
+};
+declare function isEncryptableItem(value: unknown): value is EncryptableItem;
+declare enum EncryptStep {
+    InitTfhe = "initTfhe",
+    FetchKeys = "fetchKeys",
+    Pack = "pack",
+    Prove = "prove",
+    Verify = "verify"
+}
+declare function isLastEncryptionStep(step: EncryptStep): boolean;
+type EncryptStepCallbackContext = Record<string, any> & {
+    isStart: boolean;
+    isEnd: boolean;
+    duration: number;
+};
+type EncryptStepCallbackFunction = (state: EncryptStep, context?: EncryptStepCallbackContext) => void;
+type DecryptEndpoint = 'decrypt' | 'sealoutput';
+type DecryptPollCallbackContext = {
+    operation: DecryptEndpoint;
+    requestId: string;
+    attemptIndex: number;
+    elapsedMs: number;
+    intervalMs: number;
+    timeoutMs: number;
+};
+type DecryptPollCallbackFunction = (context: DecryptPollCallbackContext) => void;
+/**
+ * Decrypted plaintext value returned by view-decryption helpers.
+ *
+ * This is a scalar JS value (not a wrapper object):
+ * - `boolean` for `FheTypes.Bool`
+ * - checksummed address `string` for `FheTypes.Uint160`
+ * - `bigint` for supported integer utypes
+ */
+type UnsealedItem<U extends FheTypes> = U extends FheTypes.Bool ? boolean : U extends FheTypes.Uint160 ? string : U extends FheUintUTypesType ? bigint : never;
+
+/**
+ * Usable config type inferred from the schema
+ */
+type CofheConfig = {
+    /** Environment that the SDK is running in */
+    environment: 'node' | 'hardhat' | 'web' | 'react';
+    /** List of supported chains */
+    supportedChains: CofheChain[];
+    /** Default permit expiration in seconds, default is 30 days */
+    defaultPermitExpiration: number;
+    /**
+     * Storage scheme for the fetched fhe keys
+     * FHE keys are large, and caching prevents re-fetching them on each encryptInputs call
+     * (defaults to indexedDB on web, filesystem on node)
+     */
+    fheKeyStorage: IStorage | null;
+    /**
+     * Whether to use Web Workers for ZK proof generation (web platform only)
+     * When enabled, heavy WASM computation is offloaded to prevent UI freezing
+     * Default: true
+     */
+    useWorkers: boolean;
+    /** Mocks configs */
+    mocks: {
+        /**
+         * Length of the simulated seal output delay in milliseconds
+         * Default 1000ms on web
+         * Default 0ms on hardhat (will be called during tests no need for fake delay)
+         */
+        decryptDelay: number;
+        /**
+         * Simulated delay(s) in milliseconds for each step of encryptInputs in mock mode.
+         * A single number applies the same delay to all five steps (InitTfhe, FetchKeys, Pack, Prove, Verify).
+         * A tuple of five numbers applies a per-step delay: [InitTfhe, FetchKeys, Pack, Prove, Verify].
+         * Default: [100, 100, 100, 500, 500]
+         */
+        encryptDelay: number | [number, number, number, number, number];
+    };
+    _internal?: CofheInternalConfig;
+};
+type CofheInternalConfig = {
+    zkvWalletClient?: WalletClient;
+};
+/**
+ * Zod schema for configuration validation
+ */
+declare const CofheConfigSchema: z.ZodObject<{
+    environment: z.ZodDefault<z.ZodOptional<z.ZodEnum<{
+        hardhat: "hardhat";
+        node: "node";
+        web: "web";
+        react: "react";
+    }>>>;
+    supportedChains: z.ZodArray<z.ZodCustom<{
+        id: number;
+        name: string;
+        network: string;
+        coFheUrl: string;
+        verifierUrl: string;
+        thresholdNetworkUrl: string;
+        environment: "MOCK" | "TESTNET" | "MAINNET";
+    }, {
+        id: number;
+        name: string;
+        network: string;
+        coFheUrl: string;
+        verifierUrl: string;
+        thresholdNetworkUrl: string;
+        environment: "MOCK" | "TESTNET" | "MAINNET";
+    }>>;
+    defaultPermitExpiration: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    fheKeyStorage: z.ZodDefault<z.ZodUnion<[z.ZodObject<{
+        getItem: z.ZodCustom<(name: string) => Promise<any>, (name: string) => Promise<any>>;
+        setItem: z.ZodCustom<(name: string, value: any) => Promise<void>, (name: string, value: any) => Promise<void>>;
+        removeItem: z.ZodCustom<(name: string) => Promise<void>, (name: string) => Promise<void>>;
+    }, z.core.$strip>, z.ZodNull]>>;
+    useWorkers: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    mocks: z.ZodDefault<z.ZodOptional<z.ZodObject<{
+        decryptDelay: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+        encryptDelay: z.ZodDefault<z.ZodOptional<z.ZodUnion<readonly [z.ZodNumber, z.ZodTuple<[z.ZodNumber, z.ZodNumber, z.ZodNumber, z.ZodNumber, z.ZodNumber], null>]>>>;
+    }, z.core.$strip>>>;
+    _internal: z.ZodOptional<z.ZodObject<{
+        zkvWalletClient: z.ZodOptional<z.ZodAny>;
+    }, z.core.$strip>>;
+}, z.core.$strip>;
+/**
+ * Input config type inferred from the schema
+ */
+type CofheInputConfig = z.input<typeof CofheConfigSchema>;
+/**
+ * Creates and validates a cofhe configuration (base implementation)
+ * @param config - The configuration object to validate
+ * @returns The validated configuration
+ * @throws {Error} If the configuration is invalid
+ */
+declare function createCofheConfigBase(config: CofheInputConfig): CofheConfig;
+/**
+ * Access the CofheConfig object directly by providing the key.
+ * This is powerful when you use OnchainKit utilities outside of the React context.
+ */
+declare const getCofheConfigItem: <K extends keyof CofheConfig>(config: CofheConfig, key: K) => CofheConfig[K];
+
+/**
+ * Base parameters that all builders need
+ */
+type BaseBuilderParams = {
+    config: CofheConfig | undefined;
+    publicClient: PublicClient | undefined;
+    walletClient: WalletClient | undefined;
+    chainId: number | undefined;
+    account: string | undefined;
+    requireConnected: (() => void) | undefined;
+};
+/**
+ * Abstract base class for builders that provides common functionality
+ * for working with clients, config, and chain IDs
+ */
+declare abstract class BaseBuilder {
+    protected config: CofheConfig;
+    protected publicClient: PublicClient | undefined;
+    protected walletClient: WalletClient | undefined;
+    protected chainId: number | undefined;
+    protected account: string | undefined;
+    constructor(params: BaseBuilderParams);
+    /**
+     * Asserts that this.chainId is populated
+     * @throws {CofheError} If chainId is not set
+     */
+    protected assertChainId(): asserts this is this & {
+        chainId: number;
+    };
+    /**
+     * Asserts that this.account is populated
+     * @throws {CofheError} If account is not set
+     */
+    protected assertAccount(): asserts this is this & {
+        account: string;
+    };
+    /**
+     * Asserts that this.publicClient is populated
+     * @throws {CofheError} If publicClient is not set
+     */
+    protected assertPublicClient(): asserts this is this & {
+        publicClient: PublicClient;
+    };
+    /**
+     * Asserts that this.walletClient is populated
+     * @throws {CofheError} If walletClient is not set
+     */
+    protected assertWalletClient(): asserts this is this & {
+        walletClient: WalletClient;
+    };
+}
+
+/**
+ * API
+ *
+ * await client.decryptForView(ctHash, utype)
+ *   .setChainId(chainId)
+ *   .setAccount(account)
+ *   .withPermit()              // optional (active permit)
+ *   // or .withPermit(permitHash) / .withPermit(permit)
+ *   .execute()
+ *
+ * If chainId not set, uses client's chainId
+ * If account not set, uses client's account
+ * withPermit() uses chainId + account to get the active permit.
+ * withPermit(permitHash) fetches that permit using chainId + account.
+ * withPermit(permit) uses the provided permit regardless of chainId/account.
+ *
+ * Note: decryptForView always requires a permit (no global-allowance mode).
+ *
+ * Returns the unsealed item.
+ */
+type DecryptForViewBuilderParams<U extends FheTypes> = BaseBuilderParams & {
+    ctHash: bigint | string;
+    utype: U;
+    permitHash?: string;
+    permit?: Permit;
+};
+declare class DecryptForViewBuilder<U extends FheTypes> extends BaseBuilder {
+    private ctHash;
+    private utype;
+    private permitHash?;
+    private permit?;
+    private pollCallback?;
+    constructor(params: DecryptForViewBuilderParams<U>);
+    /**
+     * @param chainId - Chain to decrypt values from. Used to fetch the threshold network URL and use the correct permit.
+     *
+     * If not provided, the chainId will be fetched from the connected publicClient.
+     *
+     * Example:
+     * ```typescript
+     * const unsealed = await client.decryptForView(ctHash, utype)
+     *   .setChainId(11155111)
+     *   .execute();
+     * ```
+     *
+     * @returns The chainable DecryptForViewBuilder instance.
+     */
+    setChainId(chainId: number): DecryptForViewBuilder<U>;
+    getChainId(): number | undefined;
+    /**
+     * @param account - Account to decrypt values from. Used to fetch the correct permit.
+     *
+     * If not provided, the account will be fetched from the connected walletClient.
+     *
+     * Example:
+     * ```typescript
+     * const unsealed = await client.decryptForView(ctHash, utype)
+     *   .setAccount('0x1234567890123456789012345678901234567890')
+     *   .execute();
+     * ```
+     *
+     * @returns The chainable DecryptForViewBuilder instance.
+     */
+    setAccount(account: string): DecryptForViewBuilder<U>;
+    getAccount(): string | undefined;
+    onPoll(callback: DecryptPollCallbackFunction): DecryptForViewBuilder<U>;
+    /**
+     * Select "use permit" mode (optional).
+     *
+     * - `withPermit(permit)` uses the provided permit.
+     * - `withPermit(permitHash)` fetches that permit.
+     * - `withPermit()` uses the active permit for the resolved `chainId + account`.
+     */
+    withPermit(): DecryptForViewBuilder<U>;
+    withPermit(permitHash: string): DecryptForViewBuilder<U>;
+    withPermit(permit: Permit): DecryptForViewBuilder<U>;
+    /**
+     * @param permitHash - Permit hash to decrypt values from. Used to fetch the correct permit.
+     *
+     * If not provided, the active permit for the chainId and account will be used.
+     * If `setPermit()` is called, it will be used regardless of chainId, account, or permitHash.
+     *
+     * Example:
+     * ```typescript
+     * const unsealed = await client.decryptForView(ctHash, utype)
+     *   .setPermitHash('0x1234567890123456789012345678901234567890')
+     *   .execute();
+     * ```
+     *
+     * @returns The chainable DecryptForViewBuilder instance.
+     */
+    /** @deprecated Use `withPermit(permitHash)` instead. */
+    setPermitHash(permitHash: string): DecryptForViewBuilder<U>;
+    getPermitHash(): string | undefined;
+    /**
+     * @param permit - Permit to decrypt values with. If provided, it will be used regardless of chainId, account, or permitHash.
+     *
+     * If not provided, the permit will be determined by chainId, account, and permitHash.
+     *
+     * Example:
+     * ```typescript
+     * const unsealed = await client.decryptForView(ctHash, utype)
+     *   .setPermit(permit)
+     *   .execute();
+     * ```
+     *
+     * @returns The chainable DecryptForViewBuilder instance.
+     */
+    /** @deprecated Use `withPermit(permit)` instead. */
+    setPermit(permit: Permit): DecryptForViewBuilder<U>;
+    getPermit(): Permit | undefined;
+    private getThresholdNetworkUrl;
+    private validateUtypeOrThrow;
+    private getResolvedPermit;
+    /**
+     * On hardhat, interact with MockZkVerifier contract instead of CoFHE
+     */
+    private mocksSealOutput;
+    /**
+     * In the production context, perform a true decryption with the CoFHE coprocessor.
+     */
+    private productionSealOutput;
+    /**
+     * Final step of the decryption process. MUST BE CALLED LAST IN THE CHAIN.
+     *
+     * This will:
+     * - Use a permit based on provided permit OR chainId + account + permitHash
+     * - Check permit validity
+     * - Call CoFHE `/sealoutput` with the permit, which returns a sealed (encrypted) item
+     * - Unseal the sealed item with the permit
+     * - Return the unsealed item
+     *
+     * Example:
+     * ```typescript
+     * const unsealed = await client.decryptForView(ctHash, utype)
+     *   .setChainId(11155111)      // optional
+     *   .setAccount('0x123...890') // optional
+     *   .withPermit()              // optional
+     *   .execute();                // execute
+     * ```
+     *
+     * @returns The unsealed item.
+     */
+    execute(): Promise<UnsealedItem<U>>;
+}
+
+type DecryptForTxBuilderParams = BaseBuilderParams & {
+    ctHash: bigint | string;
+};
+type DecryptForTxResult = {
+    ctHash: bigint | string;
+    decryptedValue: bigint;
+    signature: `0x${string}`;
+};
+/**
+ * Type-level gating:
+ * - The initial builder returned from `client.decryptForTx(...)` intentionally does not expose `execute()`.
+ * - Calling `withPermit(...)` or `withoutPermit()` returns a builder that *does* expose `execute()`, but no longer
+ *   exposes `withPermit/withoutPermit` (so you can't select twice, or switch modes).
+ */
+type DecryptForTxBuilderUnset = Omit<DecryptForTxBuilder, 'execute'>;
+type DecryptForTxBuilderSelected = Omit<DecryptForTxBuilder, 'withPermit' | 'withoutPermit'>;
+declare class DecryptForTxBuilder extends BaseBuilder {
+    private ctHash;
+    private permitHash?;
+    private permit?;
+    private permitSelection;
+    private pollCallback?;
+    constructor(params: DecryptForTxBuilderParams);
+    /**
+     * @param chainId - Chain to decrypt values from. Used to fetch the threshold network URL and use the correct permit.
+     *
+     * If not provided, the chainId will be fetched from the connected publicClient.
+     *
+     * Example:
+     * ```typescript
+     * const result = await decryptForTx(ctHash)
+     *   .setChainId(11155111)
+     *   .execute();
+     * ```
+     *
+     * @returns The chainable DecryptForTxBuilder instance.
+     */
+    setChainId(this: DecryptForTxBuilderUnset, chainId: number): DecryptForTxBuilderUnset;
+    setChainId(this: DecryptForTxBuilderSelected, chainId: number): DecryptForTxBuilderSelected;
+    getChainId(): number | undefined;
+    /**
+     * @param account - Account to decrypt values from. Used to fetch the correct permit.
+     *
+     * If not provided, the account will be fetched from the connected walletClient.
+     *
+     * Example:
+     * ```typescript
+     * const result = await decryptForTx(ctHash)
+     *   .setAccount('0x1234567890123456789012345678901234567890')
+     *   .execute();
+     * ```
+     *
+     * @returns The chainable DecryptForTxBuilder instance.
+     */
+    setAccount(this: DecryptForTxBuilderUnset, account: string): DecryptForTxBuilderUnset;
+    setAccount(this: DecryptForTxBuilderSelected, account: string): DecryptForTxBuilderSelected;
+    getAccount(): string | undefined;
+    onPoll(this: DecryptForTxBuilderUnset, callback: DecryptPollCallbackFunction): DecryptForTxBuilderUnset;
+    onPoll(this: DecryptForTxBuilderSelected, callback: DecryptPollCallbackFunction): DecryptForTxBuilderSelected;
+    /**
+     * Select "use permit" mode.
+     *
+     * - `withPermit(permit)` uses the provided permit.
+     * - `withPermit(permitHash)` fetches that permit.
+     * - `withPermit()` uses the active permit for the resolved `chainId + account`.
+     *
+     * Note: "global allowance" (no permit) is ONLY available via `withoutPermit()`.
+     */
+    withPermit(): DecryptForTxBuilderSelected;
+    withPermit(permitHash: string): DecryptForTxBuilderSelected;
+    withPermit(permit: Permit): DecryptForTxBuilderSelected;
+    /**
+     * Select "no permit" mode.
+     *
+     * This uses global allowance (no permit required) and sends an empty permission payload to `/decrypt`.
+     */
+    withoutPermit(): DecryptForTxBuilderSelected;
+    getPermit(): Permit | undefined;
+    getPermitHash(): string | undefined;
+    private getThresholdNetworkUrl;
+    private getResolvedPermit;
+    /**
+     * On hardhat, interact with MockThresholdNetwork contract
+     */
+    private mocksDecryptForTx;
+    /**
+     * In the production context, perform a true decryption with the CoFHE coprocessor.
+     */
+    private productionDecryptForTx;
+    /**
+     * Final step of the decryptForTx process. MUST BE CALLED LAST IN THE CHAIN.
+     *
+     * You must explicitly choose one permit mode before calling `execute()`:
+     * - `withPermit(permit)` / `withPermit(permitHash)` / `withPermit()` (active permit)
+     * - `withoutPermit()` (global allowance)
+     */
+    execute(): Promise<DecryptForTxResult>;
+}
+
+/**
+ * Worker function type for ZK proof generation
+ * Platform-specific implementations (web) can provide this to enable worker-based proofs
+ */
+type ZkProveWorkerFunction = (fheKeyHex: string, crsHex: string, items: EncryptableItem[], metadata: Uint8Array) => Promise<Uint8Array>;
+/**
+ * Message sent from main thread to worker to request proof generation
+ */
+interface ZkProveWorkerRequest {
+    id: string;
+    type: 'zkProve';
+    fheKeyHex: string;
+    crsHex: string;
+    items: Array<{
+        utype: string;
+        data: any;
+    }>;
+    metadata: number[];
+}
+/**
+ * Message sent from worker back to main thread with proof result
+ */
+interface ZkProveWorkerResponse {
+    id: string;
+    type: 'success' | 'error' | 'ready';
+    result?: number[];
+    error?: string;
+}
+type ZkProvenCiphertextList = {
+    serialize(): Uint8Array;
+};
+type ZkCompactPkeCrs = {
+    free(): void;
+    serialize(compress: boolean): Uint8Array;
+    safe_serialize(serialized_size_limit: bigint): Uint8Array;
+};
+type ZkCiphertextListBuilder = {
+    push_boolean(data: boolean): void;
+    push_u8(data: number): void;
+    push_u16(data: number): void;
+    push_u32(data: number): void;
+    push_u64(data: bigint): void;
+    push_u128(data: bigint): void;
+    push_u160(data: bigint): void;
+    build_with_proof_packed(crs: ZkCompactPkeCrs, metadata: Uint8Array, computeLoad: 1): ZkProvenCiphertextList;
+};
+type ZkBuilderAndCrsGenerator = (fhe: string, crs: string) => {
+    zkBuilder: ZkCiphertextListBuilder;
+    zkCrs: ZkCompactPkeCrs;
+};
+/**
+ * Generates ZK proof using Web Worker (offloads heavy WASM computation)
+ * Serializes items and calls the platform-specific worker function
+ * @param workerFn - Platform-specific worker function (provided by web/index.ts)
+ * @param fheKeyHex - Hex-encoded FHE public key for worker deserialization
+ * @param crsHex - Hex-encoded CRS for worker deserialization
+ * @param items - Encryptable items to pack in the worker
+ * @param metadata - Pre-constructed ZK PoK metadata
+ * @returns The serialized proven ciphertext list
+ */
+declare const zkProveWithWorker: (workerFn: ZkProveWorkerFunction, fheKeyHex: string, crsHex: string, items: EncryptableItem[], metadata: Uint8Array) => Promise<Uint8Array>;
+
+type ChainRecord<T> = Record<string, T>;
+type SecurityZoneRecord<T> = Record<number, T>;
+type KeysStore = {
+    fhe: ChainRecord<SecurityZoneRecord<string | undefined>>;
+    crs: ChainRecord<string | undefined>;
+};
+type KeysStorage = {
+    store: StoreApi<KeysStore>;
+    getFheKey: (chainId: number | undefined, securityZone?: number) => string | undefined;
+    getCrs: (chainId: number | undefined) => string | undefined;
+    setFheKey: (chainId: number, securityZone: number, key: string) => void;
+    setCrs: (chainId: number, crs: string) => void;
+    clearKeysStorage: () => Promise<void>;
+    rehydrateKeysStore: () => Promise<void>;
+};
+/**
+ * Creates a keys storage instance using the provided storage implementation
+ * @param storage - The storage implementation to use (IStorage interface), or null for non-persisted store
+ * @returns A KeysStorage instance with all utility methods
+ */
+declare function createKeysStore(storage: IStorage | null): KeysStorage;
+
+type FheKeyDeserializer = (buff: string) => void;
+/**
+ * Retrieves the FHE public key and the CRS from the provider.
+ * If the key/crs already exists in the store it is returned, else it is fetched, stored, and returned
+ * @param {CofheConfig} config - The configuration object for the CoFHE client
+ * @param {number} chainId - The chain to fetch the FHE key for, if no chainId provided, undefined is returned
+ * @param securityZone - The security zone for which to retrieve the key (default 0).
+ * @param tfhePublicKeyDeserializer - The serializer for the FHE public key (used for validation).
+ * @param compactPkeCrsDeserializer - The serializer for the CRS (used for validation).
+ * @param keysStorage - The keys storage instance to use (optional)
+ * @returns {Promise<[[string, boolean], [string, boolean]]>} - A promise that resolves to [[fheKey, fheKeyFetchedFromCoFHE], [crs, crsFetchedFromCoFHE]]
+ */
+declare const fetchKeys: (config: CofheConfig, chainId: number, securityZone: number | undefined, tfhePublicKeyDeserializer: FheKeyDeserializer, compactPkeCrsDeserializer: FheKeyDeserializer, keysStorage?: KeysStorage | null) => Promise<[[string, boolean], [string, boolean]]>;
+
+type EncryptInputsBuilderParams<T extends EncryptableItem[]> = BaseBuilderParams & {
+    inputs: [...T];
+    securityZone?: number;
+    zkvWalletClient?: WalletClient | undefined;
+    tfhePublicKeyDeserializer: FheKeyDeserializer | undefined;
+    compactPkeCrsDeserializer: FheKeyDeserializer | undefined;
+    zkBuilderAndCrsGenerator: ZkBuilderAndCrsGenerator | undefined;
+    initTfhe: TfheInitializer | undefined;
+    zkProveWorkerFn: ZkProveWorkerFunction | undefined;
+    keysStorage: KeysStorage | undefined;
+};
+/**
+ * EncryptInputsBuilder exposes a builder pattern for encrypting inputs.
+ * account, securityZone, and chainId can be overridden in the builder.
+ * config, tfhePublicKeyDeserializer, compactPkeCrsDeserializer, and zkBuilderAndCrsGenerator are required to be set in the builder.
+ */
+declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuilder {
+    private securityZone;
+    private stepCallback?;
+    private inputItems;
+    private zkvWalletClient;
+    private tfhePublicKeyDeserializer;
+    private compactPkeCrsDeserializer;
+    private zkBuilderAndCrsGenerator;
+    private initTfhe;
+    private zkProveWorkerFn;
+    private keysStorage;
+    private useWorker;
+    private stepTimestamps;
+    constructor(params: EncryptInputsBuilderParams<T>);
+    /**
+     * @param account - Account that will create the tx using the encrypted inputs.
+     *
+     * If not provided, the account will be fetched from the connected walletClient.
+     *
+     * Example:
+     * ```typescript
+     * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
+     *   .setAccount("0x123")
+     *   .execute();
+     * ```
+     *
+     * @returns The chainable EncryptInputsBuilder instance.
+     */
+    setAccount(account: string): EncryptInputsBuilder<T>;
+    getAccount(): string | undefined;
+    /**
+     * @param chainId - Chain that will consume the encrypted inputs.
+     *
+     * If not provided, the chainId will be fetched from the connected publicClient.
+     *
+     * Example:
+     * ```typescript
+     * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
+     *   .setChainId(11155111)
+     *   .execute();
+     * ```
+     *
+     * @returns The chainable EncryptInputsBuilder instance.
+     */
+    setChainId(chainId: number): EncryptInputsBuilder<T>;
+    getChainId(): number | undefined;
+    /**
+     * @param securityZone - Security zone to encrypt the inputs for.
+     *
+     * If not provided, the default securityZone 0 will be used.
+     *
+     * Example:
+     * ```typescript
+     * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
+     *   .setSecurityZone(1)
+     *   .execute();
+     * ```
+     *
+     * @returns The chainable EncryptInputsBuilder instance.
+     */
+    setSecurityZone(securityZone: number): EncryptInputsBuilder<T>;
+    getSecurityZone(): number;
+    /**
+     * @param useWorker - Whether to use Web Workers for ZK proof generation.
+     *
+     * Overrides the config-level useWorkers setting for this specific encryption.
+     *
+     * Example:
+     * ```typescript
+     * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
+     *   .setUseWorker(false)
+     *   .execute();
+     * ```
+     *
+     * @returns The chainable EncryptInputsBuilder instance.
+     */
+    setUseWorker(useWorker: boolean): EncryptInputsBuilder<T>;
+    /**
+     * Gets the current worker configuration.
+     *
+     * @returns Whether Web Workers are enabled for this encryption.
+     *
+     * Example:
+     * ```typescript
+     * const builder = encryptInputs([Encryptable.uint128(10n)]);
+     * console.log(builder.getUseWorker()); // true (from config)
+     * builder.setUseWorker(false);
+     * console.log(builder.getUseWorker()); // false (overridden)
+     * ```
+     */
+    getUseWorker(): boolean;
+    /**
+     * @param callback - Function to be called with the encryption step.
+     *
+     * Useful for debugging and tracking the progress of the encryption process.
+     * Useful for a UI element that shows the progress of the encryption process.
+     *
+     * Example:
+     * ```typescript
+     * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
+     *   .onStep((step: EncryptStep) => console.log(step))
+     *   .execute();
+     * ```
+     *
+     * @returns The EncryptInputsBuilder instance.
+     */
+    onStep(callback: EncryptStepCallbackFunction): EncryptInputsBuilder<T>;
+    getStepCallback(): EncryptStepCallbackFunction | undefined;
+    /**
+     * Fires the step callback if set
+     */
+    private fireStepStart;
+    private fireStepEnd;
+    /**
+     * zkVerifierUrl is included in the chains exported from @cofhe/sdk/chains for use in CofheConfig.supportedChains
+     * Users should generally not set this manually.
+     */
+    private getZkVerifierUrl;
+    /**
+     * initTfhe is a platform-specific dependency injected into core/createCofheClientBase by web/createCofheClient and node/createCofheClient
+     * web/ uses zama "tfhe"
+     * node/ uses zama "node-tfhe"
+     * Users should not set this manually.
+     */
+    private initTfheOrThrow;
+    /**
+     * Fetches the FHE key and CRS from the CoFHE API
+     * If the key/crs already exists in the store it is returned, else it is fetched, stored, and returned
+     */
+    private fetchFheKeyAndCrs;
+    /**
+     * Resolves the encryptDelay config into an array of 5 per-step delays.
+     * A single number is broadcast to all steps; a tuple is used as-is.
+     */
+    private resolveEncryptDelays;
+    /**
+     * @dev Encrypt against the cofheMocks instead of CoFHE
+     *
+     * In the cofheMocks, the MockZkVerifier contract is deployed on hardhat to a fixed address, this contract handles mocking the zk verifying.
+     * cofheMocksInsertPackedHashes - stores the ctHashes and their plaintext values for on-chain mocking of FHE operations.
+     * cofheMocksZkCreateProofSignatures - creates signatures to be included in the encrypted inputs. The signers address is known and verified in the mock contracts.
+     */
+    private mocksExecute;
+    /**
+     * In the production context, perform a true encryption with the CoFHE coprocessor.
+     */
+    private productionExecute;
+    /**
+     * Final step of the encryption process. MUST BE CALLED LAST IN THE CHAIN.
+     *
+     * This will:
+     * - Pack the encryptable items into a zk proof
+     * - Prove the zk proof
+     * - Verify the zk proof with CoFHE
+     * - Package and return the encrypted inputs
+     *
+     * Example:
+     * ```typescript
+     * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
+     *   .setAccount('0x123...890') // optional
+     *   .setChainId(11155111)      // optional
+     *   .execute();                // execute
+     * ```
+     *
+     * @returns The encrypted inputs.
+     */
+    execute(): Promise<[...EncryptedItemInputs<T>]>;
+}
+
+declare const permits: {
+    getSnapshot: () => {
+        permits: {
+            [x: number]: {
+                [x: string]: {
+                    [x: string]: SerializedPermit | undefined;
+                };
+            };
+        };
+        activePermitHash: {
+            [x: number]: {
+                [x: string]: string | undefined;
+            };
+        };
+    };
+    subscribe: (listener: (state: {
+        permits: {
+            [x: number]: {
+                [x: string]: {
+                    [x: string]: SerializedPermit | undefined;
+                };
+            };
+        };
+        activePermitHash: {
+            [x: number]: {
+                [x: string]: string | undefined;
+            };
+        };
+    }, prevState: {
+        permits: {
+            [x: number]: {
+                [x: string]: {
+                    [x: string]: SerializedPermit | undefined;
+                };
+            };
+        };
+        activePermitHash: {
+            [x: number]: {
+                [x: string]: string | undefined;
+            };
+        };
+    }) => void) => () => void;
+    createSelf: (options: CreateSelfPermitOptions, publicClient: PublicClient, walletClient: WalletClient) => Promise<SelfPermit>;
+    createSharing: (options: CreateSharingPermitOptions, publicClient: PublicClient, walletClient: WalletClient) => Promise<SharingPermit>;
+    importShared: (options: ImportSharedPermitOptions | string, publicClient: PublicClient, walletClient: WalletClient) => Promise<RecipientPermit>;
+    getOrCreateSelfPermit: (publicClient: PublicClient, walletClient: WalletClient, chainId?: number, account?: string, options?: CreateSelfPermitOptions) => Promise<Permit>;
+    getOrCreateSharingPermit: (publicClient: PublicClient, walletClient: WalletClient, options: CreateSharingPermitOptions, chainId?: number, account?: string) => Promise<Permit>;
+    getHash: (permit: PermitHashFields) => string;
+    serialize: (permit: Permit) => SerializedPermit;
+    deserialize: (serialized: SerializedPermit) => Permit;
+    getPermit: (chainId: number, account: string, hash: string) => Permit | undefined;
+    getPermits: (chainId: number, account: string) => Record<string, Permit>;
+    getActivePermit: (chainId: number, account: string) => Permit | undefined;
+    getActivePermitHash: (chainId: number, account: string) => string | undefined;
+    removePermit: (chainId: number, account: string, hash: string) => Promise<void>;
+    selectActivePermit: (chainId: number, account: string, hash: string) => void;
+    removeActivePermit: (chainId: number, account: string) => Promise<void>;
+};
+
+type CofheClient<TConfig extends CofheConfig = CofheConfig> = {
+    getSnapshot(): CofheClientConnectionState;
+    subscribe(listener: Listener): () => void;
+    readonly connection: CofheClientConnectionState;
+    readonly connected: boolean;
+    readonly connecting: boolean;
+    readonly config: TConfig;
+    connect(publicClient: PublicClient, walletClient: WalletClient): Promise<void>;
+    /**
+     * Clears the current connection state (account/chainId/clients) and marks the client as disconnected.
+     *
+     * This does not delete persisted permits or stored FHE keys; it only resets the in-memory connection.
+     */
+    disconnect(): void;
+    /**
+     * Types docstring
+     */
+    encryptInputs<T extends EncryptableItem[]>(inputs: [...T]): EncryptInputsBuilder<[...T]>;
+    /**
+     * @deprecated Use `decryptForView` instead. Kept for backward compatibility.
+     */
+    decryptHandle<U extends FheTypes>(ctHash: bigint | string, utype: U): DecryptForViewBuilder<U>;
+    decryptForView<U extends FheTypes>(ctHash: bigint | string, utype: U): DecryptForViewBuilder<U>;
+    decryptForTx(ctHash: bigint | string): DecryptForTxBuilderUnset;
+    verifyDecryptResult(handle: bigint | string, cleartext: bigint, signature: Hex): Promise<boolean>;
+    permits: CofheClientPermits;
+};
+type CofheClientConnectionState = {
+    connected: boolean;
+    connecting: boolean;
+    connectError: unknown | undefined;
+    chainId: number | undefined;
+    account: `0x${string}` | undefined;
+    publicClient: PublicClient | undefined;
+    walletClient: WalletClient | undefined;
+};
+type Listener = (snapshot: CofheClientConnectionState) => void;
+type CofheClientPermitsClients = {
+    publicClient: PublicClient;
+    walletClient: WalletClient;
+};
+type CofheClientPermits = {
+    getSnapshot: typeof permits.getSnapshot;
+    subscribe: typeof permits.subscribe;
+    createSelf: (options: CreateSelfPermitOptions, clients?: CofheClientPermitsClients) => Promise<SelfPermit>;
+    createSharing: (options: CreateSharingPermitOptions, clients?: CofheClientPermitsClients) => Promise<SharingPermit>;
+    importShared: (options: ImportSharedPermitOptions | string, clients?: CofheClientPermitsClients) => Promise<RecipientPermit>;
+    getPermit: (hash: string, chainId?: number, account?: string) => Permit | undefined;
+    getPermits: (chainId?: number, account?: string) => Record<string, Permit>;
+    getActivePermit: (chainId?: number, account?: string) => Permit | undefined;
+    getActivePermitHash: (chainId?: number, account?: string) => string | undefined;
+    getOrCreateSelfPermit: (chainId?: number, account?: string, options?: CreateSelfPermitOptions) => Promise<Permit>;
+    getOrCreateSharingPermit: (options: CreateSharingPermitOptions, chainId?: number, account?: string) => Promise<Permit>;
+    selectActivePermit: (hash: string, chainId?: number, account?: string) => void;
+    removePermit: (hash: string, chainId?: number, account?: string) => void;
+    removeActivePermit: (chainId?: number, account?: string) => void;
+    getHash: typeof PermitUtils.getHash;
+    serialize: typeof PermitUtils.serialize;
+    deserialize: typeof PermitUtils.deserialize;
+};
+type CofheClientParams<TConfig extends CofheConfig> = {
+    config: TConfig;
+    zkBuilderAndCrsGenerator: ZkBuilderAndCrsGenerator;
+    tfhePublicKeyDeserializer: FheKeyDeserializer;
+    compactPkeCrsDeserializer: FheKeyDeserializer;
+    initTfhe: TfheInitializer;
+    zkProveWorkerFn?: ZkProveWorkerFunction;
+};
+
+export { DecryptForTxBuilder as $, type FheTypeValue as A, type DecryptPollCallbackContext as B, type CofheInputConfig as C, type DecryptPollCallbackFunction as D, type EncryptableItem as E, FheTypes as F, type DecryptEndpoint as G, type EncryptStepCallbackFunction as H, type IStorage as I, type EncryptStepCallbackContext as J, FheUintUTypes as K, type LiteralToPrimitive as L, FheAllUTypes as M, Encryptable as N, isEncryptableItem as O, type Primitive as P, EncryptStep as Q, isLastEncryptionStep as R, assertCorrectEncryptedItemInput as S, fetchKeys as T, type UnsealedItem as U, type FheKeyDeserializer as V, createKeysStore as W, type KeysStorage as X, type KeysStore as Y, EncryptInputsBuilder as Z, DecryptForViewBuilder as _, type CofheConfig as a, type DecryptForTxResult as a0, type ZkBuilderAndCrsGenerator as a1, type ZkProveWorkerFunction as a2, type ZkProveWorkerRequest as a3, type ZkProveWorkerResponse as a4, zkProveWithWorker as a5, type CofheClient as b, type CofheClientConnectionState as c, type CofheClientParams as d, createCofheConfigBase as e, type CofheInternalConfig as f, getCofheConfigItem as g, type CofheClientPermits as h, type EncryptableBool as i, type EncryptableUint8 as j, type EncryptableUint16 as k, type EncryptableUint32 as l, type EncryptableUint64 as m, type EncryptableUint128 as n, type EncryptableAddress as o, type EncryptedNumber as p, type EncryptedItemInput as q, type EncryptedBoolInput as r, type EncryptedUint8Input as s, type EncryptedUint16Input as t, type EncryptedUint32Input as u, type EncryptedUint64Input as v, type EncryptedUint128Input as w, type EncryptedAddressInput as x, type EncryptedItemInputs as y, type EncryptableToEncryptedItemInputMap as z };