@cofhe/sdk 0.1.0 → 0.2.0

package/dist/chunk-UGBVZNRT.js

@@ -0,0 +1,818 @@
+import { isAddress, zeroAddress, keccak256, toHex, parseAbi } from 'viem';
+import * as nacl from 'tweetnacl';
+import { z } from 'zod';
+import { createStore } from 'zustand/vanilla';
+import { persist } from 'zustand/middleware';
+import { produce } from 'immer';
+
+// permits/permit.ts
+
+// permits/utils.ts
+var fromHexString = (hexString) => {
+  const cleanString = hexString.length % 2 === 1 ? `0${hexString}` : hexString;
+  const arr = cleanString.replace(/^0x/, "").match(/.{1,2}/g);
+  if (!arr)
+    return new Uint8Array();
+  return new Uint8Array(arr.map((byte) => parseInt(byte, 16)));
+};
+var toHexString = (bytes) => bytes.reduce((str, byte) => str + byte.toString(16).padStart(2, "0"), "");
+function toBigInt(value) {
+  if (typeof value === "string") {
+    return BigInt(value);
+  } else if (typeof value === "number") {
+    return BigInt(value);
+  } else if (typeof value === "object") {
+    return BigInt("0x" + toHexString(value));
+  } else {
+    return value;
+  }
+}
+function toBeArray(value) {
+  const bigIntValue = typeof value === "number" ? BigInt(value) : value;
+  const hex = bigIntValue.toString(16);
+  const paddedHex = hex.length % 2 === 0 ? hex : "0" + hex;
+  return fromHexString(paddedHex);
+}
+function isString(value) {
+  if (typeof value !== "string") {
+    throw new Error(`Expected value which is \`string\`, received value of type \`${typeof value}\`.`);
+  }
+}
+function isNumber(value) {
+  const is = typeof value === "number" && !Number.isNaN(value);
+  if (!is) {
+    throw new Error(`Expected value which is \`number\`, received value of type \`${typeof value}\`.`);
+  }
+}
+function isBigIntOrNumber(value) {
+  const is = typeof value === "bigint";
+  if (!is) {
+    try {
+      isNumber(value);
+    } catch (e) {
+      throw new Error(`Value ${value} is not a number or bigint: ${typeof value}`);
+    }
+  }
+}
+function is0xPrefixed(value) {
+  return value.startsWith("0x");
+}
+
+// permits/sealing.ts
+var PRIVATE_KEY_LENGTH = 64;
+var PUBLIC_KEY_LENGTH = 64;
+var SealingKey = class _SealingKey {
+  /**
+   * The private key used for decryption.
+   */
+  privateKey;
+  /**
+   * The public key used for encryption.
+   */
+  publicKey;
+  /**
+   * Constructs a SealingKey instance with the given private and public keys.
+   *
+   * @param {string} privateKey - The private key used for decryption.
+   * @param {string} publicKey - The public key used for encryption.
+   * @throws Will throw an error if the provided keys lengths do not match
+   *         the required lengths for private and public keys.
+   */
+  constructor(privateKey, publicKey) {
+    if (privateKey.length !== PRIVATE_KEY_LENGTH) {
+      throw new Error(`Private key must be of length ${PRIVATE_KEY_LENGTH}`);
+    }
+    if (publicKey.length !== PUBLIC_KEY_LENGTH) {
+      throw new Error(`Public key must be of length ${PUBLIC_KEY_LENGTH}`);
+    }
+    this.privateKey = privateKey;
+    this.publicKey = publicKey;
+  }
+  unseal = (parsedData) => {
+    const nonce = parsedData.nonce instanceof Uint8Array ? parsedData.nonce : new Uint8Array(parsedData.nonce);
+    const ephemPublicKey = parsedData.public_key instanceof Uint8Array ? parsedData.public_key : new Uint8Array(parsedData.public_key);
+    const dataToDecrypt = parsedData.data instanceof Uint8Array ? parsedData.data : new Uint8Array(parsedData.data);
+    const privateKeyBytes = fromHexString(this.privateKey);
+    const decryptedMessage = nacl.box.open(dataToDecrypt, nonce, ephemPublicKey, privateKeyBytes);
+    if (!decryptedMessage) {
+      throw new Error("Failed to decrypt message");
+    }
+    return toBigInt(decryptedMessage);
+  };
+  /**
+   * Serializes the SealingKey to a JSON object.
+   */
+  serialize = () => {
+    return {
+      privateKey: this.privateKey,
+      publicKey: this.publicKey
+    };
+  };
+  /**
+   * Deserializes the SealingKey from a JSON object.
+   */
+  static deserialize = (privateKey, publicKey) => {
+    return new _SealingKey(privateKey, publicKey);
+  };
+  /**
+   * Seals (encrypts) the provided message for a receiver with the specified public key.
+   *
+   * @param {bigint | number} value - The message to be encrypted.
+   * @param {string} publicKey - The public key of the intended recipient.
+   * @returns string - The encrypted message in hexadecimal format.
+   * @static
+   * @throws Will throw if the provided publicKey or value do not meet defined preconditions.
+   */
+  static seal = (value, publicKey) => {
+    isString(publicKey);
+    isBigIntOrNumber(value);
+    const ephemeralKeyPair = nacl.box.keyPair();
+    const nonce = nacl.randomBytes(nacl.box.nonceLength);
+    const encryptedMessage = nacl.box(toBeArray(value), nonce, fromHexString(publicKey), ephemeralKeyPair.secretKey);
+    return {
+      data: encryptedMessage,
+      public_key: ephemeralKeyPair.publicKey,
+      nonce
+    };
+  };
+};
+var GenerateSealingKey = () => {
+  const sodiumKeypair = nacl.box.keyPair();
+  return new SealingKey(toHexString(sodiumKeypair.secretKey), toHexString(sodiumKeypair.publicKey));
+};
+var SerializedSealingPair = z.object({
+  privateKey: z.string(),
+  publicKey: z.string()
+});
+var DEFAULT_EXPIRATION_FN = () => Math.round(Date.now() / 1e3) + 7 * 24 * 60 * 60;
+var zPermitWithDefaults = z.object({
+  name: z.string().optional().default("Unnamed Permit"),
+  type: z.enum(["self", "sharing", "recipient"]),
+  issuer: z.string().refine((val) => isAddress(val), {
+    message: "Permit issuer :: invalid address"
+  }).refine((val) => val !== zeroAddress, {
+    message: "Permit issuer :: must not be zeroAddress"
+  }),
+  expiration: z.number().optional().default(DEFAULT_EXPIRATION_FN),
+  recipient: z.string().optional().default(zeroAddress).refine((val) => isAddress(val), {
+    message: "Permit recipient :: invalid address"
+  }),
+  validatorId: z.number().optional().default(0),
+  validatorContract: z.string().optional().default(zeroAddress).refine((val) => isAddress(val), {
+    message: "Permit validatorContract :: invalid address"
+  }),
+  issuerSignature: z.string().optional().default("0x"),
+  recipientSignature: z.string().optional().default("0x")
+});
+var zPermitWithSealingPair = zPermitWithDefaults.extend({
+  sealingPair: SerializedSealingPair.optional()
+});
+var ValidatorContractRefinement = [
+  (data) => data.validatorId !== 0 && data.validatorContract !== zeroAddress || data.validatorId === 0 && data.validatorContract === zeroAddress,
+  {
+    message: "Permit external validator :: validatorId and validatorContract must either both be set or both be unset.",
+    path: ["validatorId", "validatorContract"]
+  }
+];
+var SelfPermitOptionsValidator = z.object({
+  type: z.literal("self").optional().default("self"),
+  issuer: z.string().refine((val) => isAddress(val), {
+    message: "Self permit issuer :: invalid address"
+  }).refine((val) => is0xPrefixed(val), {
+    message: "Self permit issuer :: must be 0x prefixed"
+  }).refine((val) => val !== zeroAddress, {
+    message: "Self permit issuer :: must not be zeroAddress"
+  }),
+  name: z.string().optional().default("Unnamed Permit"),
+  expiration: z.number().optional().default(DEFAULT_EXPIRATION_FN),
+  recipient: z.string().optional().default(zeroAddress).refine((val) => isAddress(val), {
+    message: "Self permit recipient :: invalid address"
+  }).refine((val) => is0xPrefixed(val), {
+    message: "Self permit recipient :: must be 0x prefixed"
+  }).refine((val) => val === zeroAddress, {
+    message: "Self permit recipient :: must be zeroAddress"
+  }),
+  validatorId: z.number().optional().default(0),
+  validatorContract: z.string().optional().default(zeroAddress).refine((val) => isAddress(val), {
+    message: "Self permit validatorContract :: invalid address"
+  }),
+  issuerSignature: z.string().optional().default("0x").refine((val) => is0xPrefixed(val), {
+    message: "Self permit issuerSignature :: must be 0x prefixed"
+  }),
+  recipientSignature: z.string().optional().default("0x").refine((val) => is0xPrefixed(val), {
+    message: "Self permit recipientSignature :: must be 0x prefixed"
+  })
+}).refine(...ValidatorContractRefinement);
+var SelfPermitValidator = zPermitWithSealingPair.refine((data) => data.type === "self", {
+  message: "Self permit :: type must be 'self'"
+}).refine((data) => data.recipient === zeroAddress, {
+  message: "Self permit :: recipient must be zeroAddress"
+}).refine((data) => data.issuerSignature !== "0x", {
+  message: "Self permit :: issuerSignature must be populated"
+}).refine((data) => data.recipientSignature === "0x", {
+  message: "Self permit :: recipientSignature must be empty"
+}).refine(...ValidatorContractRefinement);
+var SharingPermitOptionsValidator = z.object({
+  type: z.literal("sharing").optional().default("sharing"),
+  issuer: z.string().refine((val) => isAddress(val), {
+    message: "Sharing permit issuer :: invalid address"
+  }).refine((val) => is0xPrefixed(val), {
+    message: "Sharing permit issuer :: must be 0x prefixed"
+  }).refine((val) => val !== zeroAddress, {
+    message: "Sharing permit issuer :: must not be zeroAddress"
+  }),
+  recipient: z.string().refine((val) => isAddress(val), {
+    message: "Sharing permit recipient :: invalid address"
+  }).refine((val) => is0xPrefixed(val), {
+    message: "Sharing permit recipient :: must be 0x prefixed"
+  }).refine((val) => val !== zeroAddress, {
+    message: "Sharing permit recipient :: must not be zeroAddress"
+  }),
+  name: z.string().optional().default("Unnamed Permit"),
+  expiration: z.number().optional().default(DEFAULT_EXPIRATION_FN),
+  validatorId: z.number().optional().default(0),
+  validatorContract: z.string().optional().default(zeroAddress).refine((val) => isAddress(val), {
+    message: "Sharing permit validatorContract :: invalid address"
+  }),
+  issuerSignature: z.string().optional().default("0x").refine((val) => is0xPrefixed(val), {
+    message: "Sharing permit issuerSignature :: must be 0x prefixed"
+  }),
+  recipientSignature: z.string().optional().default("0x").refine((val) => is0xPrefixed(val), {
+    message: "Sharing permit recipientSignature :: must be 0x prefixed"
+  })
+}).refine(...ValidatorContractRefinement);
+var SharingPermitValidator = zPermitWithSealingPair.refine((data) => data.type === "sharing", {
+  message: "Sharing permit :: type must be 'sharing'"
+}).refine((data) => data.recipient !== zeroAddress, {
+  message: "Sharing permit :: recipient must not be zeroAddress"
+}).refine((data) => data.issuerSignature !== "0x", {
+  message: "Sharing permit :: issuerSignature must be populated"
+}).refine((data) => data.recipientSignature === "0x", {
+  message: "Sharing permit :: recipientSignature must be empty"
+}).refine(...ValidatorContractRefinement);
+var ImportPermitOptionsValidator = z.object({
+  type: z.literal("recipient").optional().default("recipient"),
+  issuer: z.string().refine((val) => isAddress(val), {
+    message: "Import permit issuer :: invalid address"
+  }).refine((val) => is0xPrefixed(val), {
+    message: "Import permit issuer :: must be 0x prefixed"
+  }).refine((val) => val !== zeroAddress, {
+    message: "Import permit issuer :: must not be zeroAddress"
+  }),
+  recipient: z.string().refine((val) => isAddress(val), {
+    message: "Import permit recipient :: invalid address"
+  }).refine((val) => is0xPrefixed(val), {
+    message: "Import permit recipient :: must be 0x prefixed"
+  }).refine((val) => val !== zeroAddress, {
+    message: "Import permit recipient :: must not be zeroAddress"
+  }),
+  issuerSignature: z.string().refine((val) => is0xPrefixed(val), {
+    message: "Import permit issuerSignature :: must be 0x prefixed"
+  }).refine((val) => val !== "0x", {
+    message: "Import permit :: issuerSignature must be provided"
+  }),
+  name: z.string().optional().default("Unnamed Permit"),
+  expiration: z.number().optional().default(DEFAULT_EXPIRATION_FN),
+  validatorId: z.number().optional().default(0),
+  validatorContract: z.string().optional().default(zeroAddress).refine((val) => isAddress(val), {
+    message: "Import permit validatorContract :: invalid address"
+  }),
+  recipientSignature: z.string().optional().default("0x").refine((val) => is0xPrefixed(val), {
+    message: "Import permit recipientSignature :: must be 0x prefixed"
+  })
+}).refine(...ValidatorContractRefinement);
+var ImportPermitValidator = zPermitWithSealingPair.refine((data) => data.type === "recipient", {
+  message: "Import permit :: type must be 'recipient'"
+}).refine((data) => data.recipient !== zeroAddress, {
+  message: "Import permit :: recipient must not be zeroAddress"
+}).refine((data) => data.issuerSignature !== "0x", {
+  message: "Import permit :: issuerSignature must be populated"
+}).refine((data) => data.recipientSignature !== "0x", {
+  message: "Import permit :: recipientSignature must be populated"
+}).refine(...ValidatorContractRefinement);
+var validateSelfPermitOptions = (options) => SelfPermitOptionsValidator.safeParse(options);
+var validateSharingPermitOptions = (options) => SharingPermitOptionsValidator.safeParse(options);
+var validateImportPermitOptions = (options) => ImportPermitOptionsValidator.safeParse(options);
+var validateSelfPermit = (permit) => SelfPermitValidator.safeParse(permit);
+var validateSharingPermit = (permit) => SharingPermitValidator.safeParse(permit);
+var validateImportPermit = (permit) => ImportPermitValidator.safeParse(permit);
+var ValidationUtils = {
+  /**
+   * Check if permit is expired
+   */
+  isExpired: (permit) => {
+    return permit.expiration < Math.floor(Date.now() / 1e3);
+  },
+  /**
+   * Check if permit is signed by the active party
+   */
+  isSigned: (permit) => {
+    if (permit.type === "self" || permit.type === "sharing") {
+      return permit.issuerSignature !== "0x";
+    }
+    if (permit.type === "recipient") {
+      return permit.recipientSignature !== "0x";
+    }
+    return false;
+  },
+  /**
+   * Overall validity checker of a permit
+   */
+  isValid: (permit) => {
+    if (ValidationUtils.isExpired(permit)) {
+      return { valid: false, error: "expired" };
+    }
+    if (!ValidationUtils.isSigned(permit)) {
+      return { valid: false, error: "not-signed" };
+    }
+    return { valid: true, error: null };
+  }
+};
+
+// permits/signature.ts
+var PermitSignatureAllFields = [
+  { name: "issuer", type: "address" },
+  { name: "expiration", type: "uint64" },
+  { name: "recipient", type: "address" },
+  { name: "validatorId", type: "uint256" },
+  { name: "validatorContract", type: "address" },
+  { name: "sealingKey", type: "bytes32" },
+  { name: "issuerSignature", type: "bytes" }
+];
+var SignatureTypes = {
+  PermissionedV2IssuerSelf: [
+    "issuer",
+    "expiration",
+    "recipient",
+    "validatorId",
+    "validatorContract",
+    "sealingKey"
+  ],
+  PermissionedV2IssuerShared: [
+    "issuer",
+    "expiration",
+    "recipient",
+    "validatorId",
+    "validatorContract"
+  ],
+  PermissionedV2Recipient: ["sealingKey", "issuerSignature"]
+};
+var getSignatureTypesAndMessage = (primaryType, fields, values) => {
+  const types = {
+    [primaryType]: PermitSignatureAllFields.filter((fieldType) => fields.includes(fieldType.name))
+  };
+  const message = {};
+  fields.forEach((field) => {
+    if (field in values) {
+      message[field] = values[field];
+    }
+  });
+  return { types, primaryType, message };
+};
+var SignatureUtils = {
+  /**
+   * Get signature parameters for a permit
+   */
+  getSignatureParams: (permit, primaryType) => {
+    return getSignatureTypesAndMessage(primaryType, SignatureTypes[primaryType], permit);
+  },
+  /**
+   * Determine the required signature type based on permit type
+   */
+  getPrimaryType: (permitType) => {
+    if (permitType === "self")
+      return "PermissionedV2IssuerSelf";
+    if (permitType === "sharing")
+      return "PermissionedV2IssuerShared";
+    if (permitType === "recipient")
+      return "PermissionedV2Recipient";
+    throw new Error(`Unknown permit type: ${permitType}`);
+  }
+};
+
+// permits/permit.ts
+var PermitUtils = {
+  /**
+   * Create a self permit for personal use
+   */
+  createSelf: (options) => {
+    const validation = validateSelfPermitOptions(options);
+    if (!validation.success) {
+      throw new Error(
+        "PermitUtils :: createSelf :: Parsing SelfPermitOptions failed " + JSON.stringify(validation.error, null, 2)
+      );
+    }
+    const sealingPair = GenerateSealingKey();
+    const permit = {
+      ...validation.data,
+      sealingPair,
+      _signedDomain: void 0
+    };
+    return permit;
+  },
+  /**
+   * Create a sharing permit to be shared with another user
+   */
+  createSharing: (options) => {
+    const validation = validateSharingPermitOptions(options);
+    if (!validation.success) {
+      throw new Error(
+        "PermitUtils :: createSharing :: Parsing SharingPermitOptions failed " + JSON.stringify(validation.error, null, 2)
+      );
+    }
+    const sealingPair = GenerateSealingKey();
+    const permit = {
+      ...validation.data,
+      sealingPair,
+      _signedDomain: void 0
+    };
+    return permit;
+  },
+  /**
+   * Import a shared permit from various input formats
+   */
+  importShared: (options) => {
+    let parsedOptions;
+    if (typeof options === "string") {
+      try {
+        parsedOptions = JSON.parse(options);
+      } catch (error) {
+        throw new Error(`PermitUtils :: importShared :: Failed to parse JSON string: ${error}`);
+      }
+    } else if (typeof options === "object" && options !== null) {
+      parsedOptions = options;
+    } else {
+      throw new Error(
+        "PermitUtils :: importShared :: Invalid input type, expected ImportSharedPermitOptions, object, or string"
+      );
+    }
+    if (parsedOptions.type != null && parsedOptions.type !== "sharing") {
+      throw new Error(`PermitUtils :: importShared :: Invalid permit type <${parsedOptions.type}>, must be "sharing"`);
+    }
+    const validation = validateImportPermitOptions({ ...parsedOptions, type: "recipient" });
+    if (!validation.success) {
+      throw new Error(
+        "PermitUtils :: importShared :: Parsing ImportPermitOptions failed " + JSON.stringify(validation.error, null, 2)
+      );
+    }
+    const sealingPair = GenerateSealingKey();
+    const permit = {
+      ...validation.data,
+      sealingPair,
+      _signedDomain: void 0
+    };
+    return permit;
+  },
+  /**
+   * Sign a permit with the provided wallet client
+   */
+  sign: async (permit, publicClient, walletClient) => {
+    if (walletClient == null || walletClient.account == null) {
+      throw new Error(
+        "PermitUtils :: sign - walletClient undefined, you must pass in a `walletClient` for the connected user to create a permit signature"
+      );
+    }
+    const primaryType = SignatureUtils.getPrimaryType(permit.type);
+    const domain = await PermitUtils.fetchEIP712Domain(publicClient);
+    const { types, message } = SignatureUtils.getSignatureParams(PermitUtils.getPermission(permit, true), primaryType);
+    const signature = await walletClient.signTypedData({
+      domain,
+      types,
+      primaryType,
+      message,
+      account: walletClient.account
+    });
+    let updatedPermit;
+    if (permit.type === "self" || permit.type === "sharing") {
+      updatedPermit = {
+        ...permit,
+        issuerSignature: signature,
+        _signedDomain: domain
+      };
+    } else {
+      updatedPermit = {
+        ...permit,
+        recipientSignature: signature,
+        _signedDomain: domain
+      };
+    }
+    return updatedPermit;
+  },
+  /**
+   * Create and sign a self permit in one operation
+   */
+  createSelfAndSign: async (options, publicClient, walletClient) => {
+    const permit = PermitUtils.createSelf(options);
+    return PermitUtils.sign(permit, publicClient, walletClient);
+  },
+  /**
+   * Create and sign a sharing permit in one operation
+   */
+  createSharingAndSign: async (options, publicClient, walletClient) => {
+    const permit = PermitUtils.createSharing(options);
+    return PermitUtils.sign(permit, publicClient, walletClient);
+  },
+  /**
+   * Import and sign a shared permit in one operation from various input formats
+   */
+  importSharedAndSign: async (options, publicClient, walletClient) => {
+    const permit = PermitUtils.importShared(options);
+    return PermitUtils.sign(permit, publicClient, walletClient);
+  },
+  /**
+   * Deserialize a permit from serialized data
+   */
+  deserialize: (data) => {
+    return {
+      ...data,
+      sealingPair: SealingKey.deserialize(data.sealingPair.privateKey, data.sealingPair.publicKey)
+    };
+  },
+  /**
+   * Serialize a permit for storage
+   */
+  serialize: (permit) => {
+    return {
+      name: permit.name,
+      type: permit.type,
+      issuer: permit.issuer,
+      expiration: permit.expiration,
+      recipient: permit.recipient,
+      validatorId: permit.validatorId,
+      validatorContract: permit.validatorContract,
+      issuerSignature: permit.issuerSignature,
+      recipientSignature: permit.recipientSignature,
+      _signedDomain: permit._signedDomain,
+      sealingPair: permit.sealingPair.serialize()
+    };
+  },
+  /**
+   * Validate a permit
+   */
+  validate: (permit) => {
+    if (permit.type === "self") {
+      return validateSelfPermit(permit);
+    } else if (permit.type === "sharing") {
+      return validateSharingPermit(permit);
+    } else if (permit.type === "recipient") {
+      return validateImportPermit(permit);
+    } else {
+      throw new Error("PermitUtils :: validate :: Invalid permit type");
+    }
+  },
+  /**
+   * Get the permission object from a permit (for use in contracts)
+   */
+  getPermission: (permit, skipValidation = false) => {
+    if (!skipValidation) {
+      const validationResult = PermitUtils.validate(permit);
+      if (!validationResult.success) {
+        throw new Error(
+          `PermitUtils :: getPermission :: permit validation failed - ${JSON.stringify(validationResult.error, null, 2)} ${JSON.stringify(permit, null, 2)}`
+        );
+      }
+    }
+    return {
+      issuer: permit.issuer,
+      expiration: permit.expiration,
+      recipient: permit.recipient,
+      validatorId: permit.validatorId,
+      validatorContract: permit.validatorContract,
+      sealingKey: `0x${permit.sealingPair.publicKey}`,
+      issuerSignature: permit.issuerSignature,
+      recipientSignature: permit.recipientSignature
+    };
+  },
+  /**
+   * Get a stable hash for the permit (used as key in storage)
+   */
+  getHash: (permit) => {
+    const data = JSON.stringify({
+      type: permit.type,
+      issuer: permit.issuer,
+      expiration: permit.expiration,
+      recipient: permit.recipient,
+      validatorId: permit.validatorId,
+      validatorContract: permit.validatorContract
+    });
+    return keccak256(toHex(data));
+  },
+  /**
+   * Export permit data for sharing (removes sensitive fields)
+   */
+  export: (permit) => {
+    const cleanedPermit = {
+      name: permit.name,
+      type: permit.type,
+      issuer: permit.issuer,
+      expiration: permit.expiration
+    };
+    if (permit.recipient !== zeroAddress)
+      cleanedPermit.recipient = permit.recipient;
+    if (permit.validatorId !== 0)
+      cleanedPermit.validatorId = permit.validatorId;
+    if (permit.validatorContract !== zeroAddress)
+      cleanedPermit.validatorContract = permit.validatorContract;
+    if (permit.type === "sharing" && permit.issuerSignature !== "0x")
+      cleanedPermit.issuerSignature = permit.issuerSignature;
+    return JSON.stringify(cleanedPermit, void 0, 2);
+  },
+  /**
+   * Unseal encrypted data using the permit's sealing key
+   */
+  unseal: (permit, ciphertext) => {
+    return permit.sealingPair.unseal(ciphertext);
+  },
+  /**
+   * Check if permit is expired
+   */
+  isExpired: (permit) => {
+    return ValidationUtils.isExpired(permit);
+  },
+  /**
+   * Check if permit is signed
+   */
+  isSigned: (permit) => {
+    return ValidationUtils.isSigned(permit);
+  },
+  /**
+   * Check if permit is valid
+   */
+  isValid: (permit) => {
+    return ValidationUtils.isValid(permit);
+  },
+  /**
+   * Update permit name (returns new permit instance)
+   */
+  updateName: (permit, name) => {
+    return { ...permit, name };
+  },
+  /**
+   * Fetch EIP712 domain from the blockchain
+   */
+  fetchEIP712Domain: async (publicClient) => {
+    const TASK_MANAGER_ADDRESS = "0xeA30c4B8b44078Bbf8a6ef5b9f1eC1626C7848D9";
+    const ACL_IFACE = "function acl() view returns (address)";
+    const EIP712_DOMAIN_IFACE = "function eip712Domain() public view returns (bytes1 fields, string name, string version, uint256 chainId, address verifyingContract, bytes32 salt, uint256[] extensions)";
+    const aclAbi = parseAbi([ACL_IFACE]);
+    const aclAddress = await publicClient.readContract({
+      address: TASK_MANAGER_ADDRESS,
+      abi: aclAbi,
+      functionName: "acl"
+    });
+    const domainAbi = parseAbi([EIP712_DOMAIN_IFACE]);
+    const domain = await publicClient.readContract({
+      address: aclAddress,
+      abi: domainAbi,
+      functionName: "eip712Domain"
+    });
+    const [_fields, name, version, chainId, verifyingContract, _salt, _extensions] = domain;
+    return {
+      name,
+      version,
+      chainId: Number(chainId),
+      verifyingContract
+    };
+  },
+  /**
+   * Check if permit's signed domain matches the provided domain
+   */
+  matchesDomain: (permit, domain) => {
+    return permit._signedDomain?.name === domain.name && permit._signedDomain?.version === domain.version && permit._signedDomain?.verifyingContract === domain.verifyingContract && permit._signedDomain?.chainId === domain.chainId;
+  },
+  /**
+   * Check if permit's signed domain is valid for the current chain
+   */
+  checkSignedDomainValid: async (permit, publicClient) => {
+    if (permit._signedDomain == null)
+      return false;
+    const domain = await PermitUtils.fetchEIP712Domain(publicClient);
+    return PermitUtils.matchesDomain(permit, domain);
+  }
+};
+var PERMIT_STORE_DEFAULTS = {
+  permits: {},
+  activePermitHash: {}
+};
+var _permitStore = createStore()(
+  persist(() => PERMIT_STORE_DEFAULTS, { name: "cofhesdk-permits" })
+);
+var clearStaleStore = () => {
+  const state = _permitStore.getState();
+  const hasExpectedStructure = state && typeof state === "object" && "permits" in state && "activePermitHash" in state && typeof state.permits === "object" && typeof state.activePermitHash === "object";
+  if (hasExpectedStructure)
+    return;
+  _permitStore.setState({ permits: {}, activePermitHash: {} });
+};
+var getPermit = (chainId, account, hash) => {
+  clearStaleStore();
+  if (chainId == null || account == null || hash == null)
+    return;
+  const savedPermit = _permitStore.getState().permits[chainId]?.[account]?.[hash];
+  if (savedPermit == null)
+    return;
+  return PermitUtils.deserialize(savedPermit);
+};
+var getActivePermit = (chainId, account) => {
+  clearStaleStore();
+  if (chainId == null || account == null)
+    return;
+  const activePermitHash = _permitStore.getState().activePermitHash[chainId]?.[account];
+  return getPermit(chainId, account, activePermitHash);
+};
+var getPermits = (chainId, account) => {
+  clearStaleStore();
+  if (chainId == null || account == null)
+    return {};
+  return Object.entries(_permitStore.getState().permits[chainId]?.[account] ?? {}).reduce(
+    (acc, [hash, permit]) => {
+      if (permit == void 0)
+        return acc;
+      return { ...acc, [hash]: PermitUtils.deserialize(permit) };
+    },
+    {}
+  );
+};
+var setPermit = (chainId, account, permit) => {
+  clearStaleStore();
+  _permitStore.setState(
+    produce((state) => {
+      if (state.permits[chainId] == null)
+        state.permits[chainId] = {};
+      if (state.permits[chainId][account] == null)
+        state.permits[chainId][account] = {};
+      state.permits[chainId][account][PermitUtils.getHash(permit)] = PermitUtils.serialize(permit);
+    })
+  );
+};
+var removePermit = (chainId, account, hash, force) => {
+  clearStaleStore();
+  _permitStore.setState(
+    produce((state) => {
+      if (state.permits[chainId] == null)
+        state.permits[chainId] = {};
+      if (state.activePermitHash[chainId] == null)
+        state.activePermitHash[chainId] = {};
+      const accountPermits = state.permits[chainId][account];
+      if (accountPermits == null)
+        return;
+      if (accountPermits[hash] == null)
+        return;
+      if (state.activePermitHash[chainId][account] === hash) {
+        const otherPermitHash = Object.keys(accountPermits).find((key) => key !== hash && accountPermits[key] != null);
+        if (otherPermitHash) {
+          state.activePermitHash[chainId][account] = otherPermitHash;
+        } else {
+          if (!force) {
+            throw new Error("Cannot remove the last permit without force flag");
+          }
+          state.activePermitHash[chainId][account] = void 0;
+        }
+      }
+      accountPermits[hash] = void 0;
+    })
+  );
+};
+var getActivePermitHash = (chainId, account) => {
+  clearStaleStore();
+  if (chainId == null || account == null)
+    return void 0;
+  return _permitStore.getState().activePermitHash[chainId]?.[account];
+};
+var setActivePermitHash = (chainId, account, hash) => {
+  clearStaleStore();
+  _permitStore.setState(
+    produce((state) => {
+      if (state.activePermitHash[chainId] == null)
+        state.activePermitHash[chainId] = {};
+      state.activePermitHash[chainId][account] = hash;
+    })
+  );
+};
+var removeActivePermitHash = (chainId, account) => {
+  clearStaleStore();
+  _permitStore.setState(
+    produce((state) => {
+      if (state.activePermitHash[chainId])
+        state.activePermitHash[chainId][account] = void 0;
+    })
+  );
+};
+var resetStore = () => {
+  clearStaleStore();
+  _permitStore.setState({ permits: {}, activePermitHash: {} });
+};
+var permitStore = {
+  store: _permitStore,
+  getPermit,
+  getActivePermit,
+  getPermits,
+  setPermit,
+  removePermit,
+  getActivePermitHash,
+  setActivePermitHash,
+  removeActivePermitHash,
+  resetStore
+};
+
+export { GenerateSealingKey, ImportPermitOptionsValidator, ImportPermitValidator, PERMIT_STORE_DEFAULTS, PermitUtils, SealingKey, SelfPermitOptionsValidator, SelfPermitValidator, SharingPermitOptionsValidator, SharingPermitValidator, SignatureTypes, SignatureUtils, ValidationUtils, _permitStore, clearStaleStore, getActivePermit, getActivePermitHash, getPermit, getPermits, getSignatureTypesAndMessage, permitStore, removeActivePermitHash, removePermit, resetStore, setActivePermitHash, setPermit, validateImportPermit, validateImportPermitOptions, validateSelfPermit, validateSelfPermitOptions, validateSharingPermit, validateSharingPermitOptions };