@cofhe/sdk 0.1.0 → 0.2.0

package/dist/clientTypes-5_1nwtUe.d.cts

@@ -0,0 +1,914 @@
+import { WalletClient, PublicClient } from 'viem';
+import { C as CofheChain } from './types-KImPrEIe.cjs';
+import { z } from 'zod';
+import { P as Permit, S as SerializedPermit, C as CreateSelfPermitOptions, m as SelfPermit, d as CreateSharingPermitOptions, n as SharingPermit, I as ImportSharedPermitOptions, R as RecipientPermit, g as PermitUtils } from './permit-fUSe6KKq.cjs';
+import { StoreApi } from 'zustand/vanilla';
+
+type TfheInitializer = () => Promise<boolean>;
+interface IStorage {
+    getItem: (name: string) => Promise<any>;
+    setItem: (name: string, value: any) => Promise<void>;
+    removeItem: (name: string) => Promise<void>;
+}
+type Primitive = null | undefined | string | number | boolean | symbol | bigint;
+type LiteralToPrimitive<T> = T extends number ? number : T extends bigint ? bigint : T extends string ? string : T extends boolean ? boolean : T extends symbol ? symbol : T extends null ? null : T extends undefined ? undefined : never;
+declare const FheTypeValues: readonly ["bool", "uint8", "uint16", "uint32", "uint64", "uint128", "address"];
+type FheTypeValue = (typeof FheTypeValues)[number];
+declare enum FheTypes {
+    Bool = 0,
+    Uint4 = 1,
+    Uint8 = 2,
+    Uint16 = 3,
+    Uint32 = 4,
+    Uint64 = 5,
+    Uint128 = 6,
+    Uint160 = 7,
+    Uint256 = 8,
+    Uint512 = 9,
+    Uint1024 = 10,
+    Uint2048 = 11,
+    Uint2 = 12,
+    Uint6 = 13,
+    Uint10 = 14,
+    Uint12 = 15,
+    Uint14 = 16,
+    Int2 = 17,
+    Int4 = 18,
+    Int6 = 19,
+    Int8 = 20,
+    Int10 = 21,
+    Int12 = 22,
+    Int14 = 23,
+    Int16 = 24,
+    Int32 = 25,
+    Int64 = 26,
+    Int128 = 27,
+    Int160 = 28,
+    Int256 = 29
+}
+/**
+ * List of All FHE uint types (excludes bool and address)
+ */
+declare const FheUintUTypes: readonly [FheTypes.Uint8, FheTypes.Uint16, FheTypes.Uint32, FheTypes.Uint64, FheTypes.Uint128];
+type FheUintUTypesType = (typeof FheUintUTypes)[number];
+/**
+ * List of All FHE types (uints, bool, and address)
+ */
+declare const FheAllUTypes: readonly [FheTypes.Bool, FheTypes.Uint8, FheTypes.Uint16, FheTypes.Uint32, FheTypes.Uint64, FheTypes.Uint128, FheTypes.Uint160];
+type EncryptedNumber = {
+    data: Uint8Array;
+    securityZone: number;
+};
+type EncryptedItemInput<TSignature = string> = {
+    ctHash: bigint;
+    securityZone: number;
+    utype: FheTypes;
+    signature: TSignature;
+};
+declare function assertCorrectEncryptedItemInput(input: EncryptedItemInput): asserts input is EncryptedItemInput<`0x${string}`>;
+type EncryptedBoolInput = EncryptedItemInput & {
+    utype: FheTypes.Bool;
+};
+type EncryptedUint8Input = EncryptedItemInput & {
+    utype: FheTypes.Uint8;
+};
+type EncryptedUint16Input = EncryptedItemInput & {
+    utype: FheTypes.Uint16;
+};
+type EncryptedUint32Input = EncryptedItemInput & {
+    utype: FheTypes.Uint32;
+};
+type EncryptedUint64Input = EncryptedItemInput & {
+    utype: FheTypes.Uint64;
+};
+type EncryptedUint128Input = EncryptedItemInput & {
+    utype: FheTypes.Uint128;
+};
+type EncryptedAddressInput = EncryptedItemInput & {
+    utype: FheTypes.Uint160;
+};
+type EncryptableBase<U extends FheTypes, D> = {
+    data: D;
+    securityZone: number;
+    utype: U;
+};
+type EncryptableBool = EncryptableBase<FheTypes.Bool, boolean>;
+type EncryptableUint8 = EncryptableBase<FheTypes.Uint8, string | bigint>;
+type EncryptableUint16 = EncryptableBase<FheTypes.Uint16, string | bigint>;
+type EncryptableUint32 = EncryptableBase<FheTypes.Uint32, string | bigint>;
+type EncryptableUint64 = EncryptableBase<FheTypes.Uint64, string | bigint>;
+type EncryptableUint128 = EncryptableBase<FheTypes.Uint128, string | bigint>;
+type EncryptableAddress = EncryptableBase<FheTypes.Uint160, string | bigint>;
+declare function createEncryptableByLiteral(type: 'bool', data: EncryptableBool['data'], securityZone?: number): EncryptableBool;
+declare function createEncryptableByLiteral(type: 'address', data: EncryptableAddress['data'], securityZone?: number): EncryptableAddress;
+declare function createEncryptableByLiteral(type: 'uint8', data: EncryptableUint8['data'], securityZone?: number): EncryptableUint8;
+declare function createEncryptableByLiteral(type: 'uint16', data: EncryptableUint16['data'], securityZone?: number): EncryptableUint16;
+declare function createEncryptableByLiteral(type: 'uint32', data: EncryptableUint32['data'], securityZone?: number): EncryptableUint32;
+declare function createEncryptableByLiteral(type: 'uint64', data: EncryptableUint64['data'], securityZone?: number): EncryptableUint64;
+declare function createEncryptableByLiteral(type: 'uint128', data: EncryptableUint128['data'], securityZone?: number): EncryptableUint128;
+declare function createEncryptableByLiteral(type: FheTypeValue, data: EncryptableItem['data'], securityZone?: number): EncryptableItem;
+declare const Encryptable: {
+    create: typeof createEncryptableByLiteral;
+    bool: (data: EncryptableBool["data"], securityZone?: number | undefined) => {
+        data: boolean;
+        securityZone: number;
+        utype: FheTypes.Bool;
+    };
+    address: (data: EncryptableAddress["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint160;
+    };
+    uint8: (data: EncryptableUint8["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint8;
+    };
+    uint16: (data: EncryptableUint16["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint16;
+    };
+    uint32: (data: EncryptableUint32["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint32;
+    };
+    uint64: (data: EncryptableUint64["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint64;
+    };
+    uint128: (data: EncryptableUint128["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint128;
+    };
+};
+type EncryptableItem = EncryptableBool | EncryptableUint8 | EncryptableUint16 | EncryptableUint32 | EncryptableUint64 | EncryptableUint128 | EncryptableAddress;
+type EncryptableToEncryptedItemInputMap<E extends EncryptableItem> = E extends EncryptableBool ? EncryptedBoolInput : E extends EncryptableUint8 ? EncryptedUint8Input : E extends EncryptableUint16 ? EncryptedUint16Input : E extends EncryptableUint32 ? EncryptedUint32Input : E extends EncryptableUint64 ? EncryptedUint64Input : E extends EncryptableUint128 ? EncryptedUint128Input : E extends EncryptableAddress ? EncryptedAddressInput : never;
+type EncryptedItemInputs<T> = T extends Primitive ? LiteralToPrimitive<T> : T extends EncryptableItem ? EncryptableToEncryptedItemInputMap<T> : {
+    [K in keyof T]: EncryptedItemInputs<T[K]>;
+};
+declare function isEncryptableItem(value: unknown): value is EncryptableItem;
+declare enum EncryptStep {
+    InitTfhe = "initTfhe",
+    FetchKeys = "fetchKeys",
+    Pack = "pack",
+    Prove = "prove",
+    Verify = "verify"
+}
+declare function isLastEncryptionStep(step: EncryptStep): boolean;
+type EncryptStepCallbackContext = Record<string, any> & {
+    isStart: boolean;
+    isEnd: boolean;
+    duration: number;
+};
+type EncryptStepCallbackFunction = (state: EncryptStep, context?: EncryptStepCallbackContext) => void;
+type UnsealedItem<U extends FheTypes> = U extends FheTypes.Bool ? boolean : U extends FheTypes.Uint160 ? string : U extends FheUintUTypesType ? bigint : never;
+
+/**
+ * Usable config type inferred from the schema
+ */
+type CofhesdkConfig = {
+    /** Environment that the SDK is running in */
+    environment: 'node' | 'hardhat' | 'web' | 'react';
+    /** List of supported chains */
+    supportedChains: CofheChain[];
+    /**
+     * How permits are generated
+     * - ON_CONNECT: Generate a permit when client.connect() is called
+     * - ON_DECRYPT_HANDLES: Generate a permit when client.decryptHandles() is called
+     * - MANUAL: Generate a permit manually using client.generatePermit()
+     */
+    permitGeneration: 'ON_CONNECT' | 'ON_DECRYPT_HANDLES' | 'MANUAL';
+    /** Default permit expiration in seconds, default is 30 days */
+    defaultPermitExpiration: number;
+    /**
+     * Storage scheme for the fetched fhe keys
+     * FHE keys are large, and caching prevents re-fetching them on each encryptInputs call
+     * (defaults to indexedDB on web, filesystem on node)
+     */
+    fheKeyStorage: IStorage | null;
+    /**
+     * Whether to use Web Workers for ZK proof generation (web platform only)
+     * When enabled, heavy WASM computation is offloaded to prevent UI freezing
+     * Default: true
+     */
+    useWorkers: boolean;
+    /** Mocks configs */
+    mocks: {
+        /**
+         * Length of the simulated seal output delay in milliseconds
+         * Default 1000ms on web
+         * Default 0ms on hardhat (will be called during tests no need for fake delay)
+         */
+        sealOutputDelay: number;
+    };
+    _internal?: CofhesdkInternalConfig;
+};
+type CofhesdkInternalConfig = {
+    zkvWalletClient?: WalletClient;
+};
+/**
+ * Zod schema for configuration validation
+ */
+declare const CofhesdkConfigSchema: z.ZodObject<{
+    /** Environment that the SDK is running in */
+    environment: z.ZodDefault<z.ZodOptional<z.ZodEnum<["node", "hardhat", "web", "react"]>>>;
+    /** List of supported chain configurations */
+    supportedChains: z.ZodArray<z.ZodType<{
+        name: string;
+        id: number;
+        network: string;
+        coFheUrl: string;
+        verifierUrl: string;
+        thresholdNetworkUrl: string;
+        environment: "MOCK" | "TESTNET" | "MAINNET";
+    }, z.ZodTypeDef, {
+        name: string;
+        id: number;
+        network: string;
+        coFheUrl: string;
+        verifierUrl: string;
+        thresholdNetworkUrl: string;
+        environment: "MOCK" | "TESTNET" | "MAINNET";
+    }>, "many">;
+    /** How permits are generated */
+    permitGeneration: z.ZodDefault<z.ZodOptional<z.ZodEnum<["ON_CONNECT", "ON_DECRYPT_HANDLES", "MANUAL"]>>>;
+    /** Default permit expiration in seconds, default is 30 days */
+    defaultPermitExpiration: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    /** Storage method for fhe keys (defaults to indexedDB on web, filesystem on node) */
+    fheKeyStorage: z.ZodDefault<z.ZodUnion<[z.ZodObject<{
+        getItem: z.ZodFunction<z.ZodTuple<[z.ZodString], z.ZodUnknown>, z.ZodPromise<z.ZodAny>>;
+        setItem: z.ZodFunction<z.ZodTuple<[z.ZodString, z.ZodAny], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>;
+        removeItem: z.ZodFunction<z.ZodTuple<[z.ZodString], z.ZodUnknown>, z.ZodPromise<z.ZodVoid>>;
+    }, "strip", z.ZodTypeAny, {
+        getItem: (args_0: string, ...args_1: unknown[]) => Promise<any>;
+        setItem: (args_0: string, args_1: any, ...args_2: unknown[]) => Promise<void>;
+        removeItem: (args_0: string, ...args_1: unknown[]) => Promise<void>;
+    }, {
+        getItem: (args_0: string, ...args_1: unknown[]) => Promise<any>;
+        setItem: (args_0: string, args_1: any, ...args_2: unknown[]) => Promise<void>;
+        removeItem: (args_0: string, ...args_1: unknown[]) => Promise<void>;
+    }>, z.ZodNull]>>;
+    /** Whether to use Web Workers for ZK proof generation (web platform only) */
+    useWorkers: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
+    /** Mocks configs */
+    mocks: z.ZodDefault<z.ZodOptional<z.ZodObject<{
+        sealOutputDelay: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+    }, "strip", z.ZodTypeAny, {
+        sealOutputDelay: number;
+    }, {
+        sealOutputDelay?: number | undefined;
+    }>>>;
+    /** Internal configuration */
+    _internal: z.ZodOptional<z.ZodObject<{
+        zkvWalletClient: z.ZodOptional<z.ZodAny>;
+    }, "strip", z.ZodTypeAny, {
+        zkvWalletClient?: any;
+    }, {
+        zkvWalletClient?: any;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    environment: "hardhat" | "node" | "web" | "react";
+    supportedChains: {
+        name: string;
+        id: number;
+        network: string;
+        coFheUrl: string;
+        verifierUrl: string;
+        thresholdNetworkUrl: string;
+        environment: "MOCK" | "TESTNET" | "MAINNET";
+    }[];
+    permitGeneration: "ON_CONNECT" | "ON_DECRYPT_HANDLES" | "MANUAL";
+    defaultPermitExpiration: number;
+    fheKeyStorage: {
+        getItem: (args_0: string, ...args_1: unknown[]) => Promise<any>;
+        setItem: (args_0: string, args_1: any, ...args_2: unknown[]) => Promise<void>;
+        removeItem: (args_0: string, ...args_1: unknown[]) => Promise<void>;
+    } | null;
+    useWorkers: boolean;
+    mocks: {
+        sealOutputDelay: number;
+    };
+    _internal?: {
+        zkvWalletClient?: any;
+    } | undefined;
+}, {
+    supportedChains: {
+        name: string;
+        id: number;
+        network: string;
+        coFheUrl: string;
+        verifierUrl: string;
+        thresholdNetworkUrl: string;
+        environment: "MOCK" | "TESTNET" | "MAINNET";
+    }[];
+    environment?: "hardhat" | "node" | "web" | "react" | undefined;
+    permitGeneration?: "ON_CONNECT" | "ON_DECRYPT_HANDLES" | "MANUAL" | undefined;
+    defaultPermitExpiration?: number | undefined;
+    fheKeyStorage?: {
+        getItem: (args_0: string, ...args_1: unknown[]) => Promise<any>;
+        setItem: (args_0: string, args_1: any, ...args_2: unknown[]) => Promise<void>;
+        removeItem: (args_0: string, ...args_1: unknown[]) => Promise<void>;
+    } | null | undefined;
+    useWorkers?: boolean | undefined;
+    mocks?: {
+        sealOutputDelay?: number | undefined;
+    } | undefined;
+    _internal?: {
+        zkvWalletClient?: any;
+    } | undefined;
+}>;
+/**
+ * Input config type inferred from the schema
+ */
+type CofhesdkInputConfig = z.input<typeof CofhesdkConfigSchema>;
+/**
+ * Creates and validates a cofhesdk configuration (base implementation)
+ * @param config - The configuration object to validate
+ * @returns The validated configuration
+ * @throws {Error} If the configuration is invalid
+ */
+declare function createCofhesdkConfigBase(config: CofhesdkInputConfig): CofhesdkConfig;
+/**
+ * Access the CofhesdkConfig object directly by providing the key.
+ * This is powerful when you use OnchainKit utilities outside of the React context.
+ */
+declare const getCofhesdkConfigItem: <K extends keyof CofhesdkConfig>(config: CofhesdkConfig, key: K) => CofhesdkConfig[K];
+
+/**
+ * Base parameters that all builders need
+ */
+type BaseBuilderParams = {
+    config: CofhesdkConfig | undefined;
+    publicClient: PublicClient | undefined;
+    walletClient: WalletClient | undefined;
+    chainId: number | undefined;
+    account: string | undefined;
+    requireConnected: (() => void) | undefined;
+};
+/**
+ * Abstract base class for builders that provides common functionality
+ * for working with clients, config, and chain IDs
+ */
+declare abstract class BaseBuilder {
+    protected config: CofhesdkConfig;
+    protected publicClient: PublicClient | undefined;
+    protected walletClient: WalletClient | undefined;
+    protected chainId: number | undefined;
+    protected account: string | undefined;
+    constructor(params: BaseBuilderParams);
+    /**
+     * Asserts that this.chainId is populated
+     * @throws {CofhesdkError} If chainId is not set
+     */
+    protected assertChainId(): asserts this is this & {
+        chainId: number;
+    };
+    /**
+     * Asserts that this.account is populated
+     * @throws {CofhesdkError} If account is not set
+     */
+    protected assertAccount(): asserts this is this & {
+        account: string;
+    };
+    /**
+     * Asserts that this.publicClient is populated
+     * @throws {CofhesdkError} If publicClient is not set
+     */
+    protected assertPublicClient(): asserts this is this & {
+        publicClient: PublicClient;
+    };
+    /**
+     * Asserts that this.walletClient is populated
+     * @throws {CofhesdkError} If walletClient is not set
+     */
+    protected assertWalletClient(): asserts this is this & {
+        walletClient: WalletClient;
+    };
+}
+
+/**
+ * API
+ *
+ * await client.decryptHandle(ctHash, utype)
+ *   .setChainId(chainId)
+ *   .setAccount(account)
+ *   .setPermitHash(permitHash)
+ *   .setPermit(permit)
+ *   .decrypt()
+ *
+ * If chainId not set, uses client's chainId
+ * If account not set, uses client's account
+ * If permitHash not set, uses chainId and account to get active permit
+ * If permit is set, uses permit to decrypt regardless of chainId, account, or permitHash
+ *
+ * Returns the unsealed item.
+ */
+type DecryptHandlesBuilderParams<U extends FheTypes> = BaseBuilderParams & {
+    ctHash: bigint;
+    utype: U;
+    permitHash?: string;
+    permit?: Permit;
+};
+declare class DecryptHandlesBuilder<U extends FheTypes> extends BaseBuilder {
+    private ctHash;
+    private utype;
+    private permitHash?;
+    private permit?;
+    constructor(params: DecryptHandlesBuilderParams<U>);
+    /**
+     * @param chainId - Chain to decrypt values from. Used to fetch the threshold network URL and use the correct permit.
+     *
+     * If not provided, the chainId will be fetched from the connected publicClient.
+     *
+     * Example:
+     * ```typescript
+     * const unsealed = await decryptHandle(ctHash, utype)
+     *   .setChainId(11155111)
+     *   .decrypt();
+     * ```
+     *
+     * @returns The chainable DecryptHandlesBuilder instance.
+     */
+    setChainId(chainId: number): DecryptHandlesBuilder<U>;
+    getChainId(): number | undefined;
+    /**
+     * @param account - Account to decrypt values from. Used to fetch the correct permit.
+     *
+     * If not provided, the account will be fetched from the connected walletClient.
+     *
+     * Example:
+     * ```typescript
+     * const unsealed = await decryptHandle(ctHash, utype)
+     *   .setAccount('0x1234567890123456789012345678901234567890')
+     *   .decrypt();
+     * ```
+     *
+     * @returns The chainable DecryptHandlesBuilder instance.
+     */
+    setAccount(account: string): DecryptHandlesBuilder<U>;
+    getAccount(): string | undefined;
+    /**
+     * @param permitHash - Permit hash to decrypt values from. Used to fetch the correct permit.
+     *
+     * If not provided, the active permit for the chainId and account will be used.
+     * If `setPermit()` is called, it will be used regardless of chainId, account, or permitHash.
+     *
+     * Example:
+     * ```typescript
+     * const unsealed = await decryptHandle(ctHash, utype)
+     *   .setPermitHash('0x1234567890123456789012345678901234567890')
+     *   .decrypt();
+     * ```
+     *
+     * @returns The chainable DecryptHandlesBuilder instance.
+     */
+    setPermitHash(permitHash: string): DecryptHandlesBuilder<U>;
+    getPermitHash(): string | undefined;
+    /**
+     * @param permit - Permit to decrypt values with. If provided, it will be used regardless of chainId, account, or permitHash.
+     *
+     * If not provided, the permit will be determined by chainId, account, and permitHash.
+     *
+     * Example:
+     * ```typescript
+     * const unsealed = await decryptHandle(ctHash, utype)
+     *   .setPermit(permit)
+     *   .decrypt();
+     * ```
+     *
+     * @returns The chainable DecryptHandlesBuilder instance.
+     */
+    setPermit(permit: Permit): DecryptHandlesBuilder<U>;
+    getPermit(): Permit | undefined;
+    private getThresholdNetworkUrl;
+    private validateUtypeOrThrow;
+    private getResolvedPermit;
+    /**
+     * On hardhat, interact with MockZkVerifier contract instead of CoFHE
+     */
+    private mocksSealOutput;
+    /**
+     * In the production context, perform a true decryption with the CoFHE coprocessor.
+     */
+    private productionSealOutput;
+    /**
+     * Final step of the decryption process. MUST BE CALLED LAST IN THE CHAIN.
+     *
+     * This will:
+     * - Use a permit based on provided permit OR chainId + account + permitHash
+     * - Check permit validity
+     * - Call CoFHE `/sealoutput` with the permit, which returns a sealed (encrypted) item
+     * - Unseal the sealed item with the permit
+     * - Return the unsealed item
+     *
+     * Example:
+     * ```typescript
+     * const unsealed = await decryptHandle(ctHash, utype)
+     *   .setChainId(11155111)      // optional
+     *   .setAccount('0x123...890') // optional
+     *   .decrypt();                // execute
+     * ```
+     *
+     * @returns The unsealed item.
+     */
+    decrypt(): Promise<UnsealedItem<U>>;
+}
+
+/**
+ * Worker function type for ZK proof generation
+ * Platform-specific implementations (web) can provide this to enable worker-based proofs
+ */
+type ZkProveWorkerFunction = (fheKeyHex: string, crsHex: string, items: EncryptableItem[], metadata: Uint8Array) => Promise<Uint8Array>;
+/**
+ * Message sent from main thread to worker to request proof generation
+ */
+interface ZkProveWorkerRequest {
+    id: string;
+    type: 'zkProve';
+    fheKeyHex: string;
+    crsHex: string;
+    items: Array<{
+        utype: string;
+        data: any;
+    }>;
+    metadata: number[];
+}
+/**
+ * Message sent from worker back to main thread with proof result
+ */
+interface ZkProveWorkerResponse {
+    id: string;
+    type: 'success' | 'error' | 'ready';
+    result?: number[];
+    error?: string;
+}
+type ZkProvenCiphertextList = {
+    serialize(): Uint8Array;
+};
+type ZkCompactPkeCrs = {
+    free(): void;
+    serialize(compress: boolean): Uint8Array;
+    safe_serialize(serialized_size_limit: bigint): Uint8Array;
+};
+type ZkCiphertextListBuilder = {
+    push_boolean(data: boolean): void;
+    push_u8(data: number): void;
+    push_u16(data: number): void;
+    push_u32(data: number): void;
+    push_u64(data: bigint): void;
+    push_u128(data: bigint): void;
+    push_u160(data: bigint): void;
+    build_with_proof_packed(crs: ZkCompactPkeCrs, metadata: Uint8Array, computeLoad: 1): ZkProvenCiphertextList;
+};
+type ZkBuilderAndCrsGenerator = (fhe: string, crs: string) => {
+    zkBuilder: ZkCiphertextListBuilder;
+    zkCrs: ZkCompactPkeCrs;
+};
+/**
+ * Generates ZK proof using Web Worker (offloads heavy WASM computation)
+ * Serializes items and calls the platform-specific worker function
+ * @param workerFn - Platform-specific worker function (provided by web/index.ts)
+ * @param fheKeyHex - Hex-encoded FHE public key for worker deserialization
+ * @param crsHex - Hex-encoded CRS for worker deserialization
+ * @param items - Encryptable items to pack in the worker
+ * @param metadata - Pre-constructed ZK PoK metadata
+ * @returns The serialized proven ciphertext list
+ */
+declare const zkProveWithWorker: (workerFn: ZkProveWorkerFunction, fheKeyHex: string, crsHex: string, items: EncryptableItem[], metadata: Uint8Array) => Promise<Uint8Array>;
+
+type ChainRecord<T> = Record<string, T>;
+type SecurityZoneRecord<T> = Record<number, T>;
+type KeysStore = {
+    fhe: ChainRecord<SecurityZoneRecord<string | undefined>>;
+    crs: ChainRecord<string | undefined>;
+};
+type KeysStorage = {
+    store: StoreApi<KeysStore>;
+    getFheKey: (chainId: number | undefined, securityZone?: number) => string | undefined;
+    getCrs: (chainId: number | undefined) => string | undefined;
+    setFheKey: (chainId: number, securityZone: number, key: string) => void;
+    setCrs: (chainId: number, crs: string) => void;
+    clearKeysStorage: () => Promise<void>;
+    rehydrateKeysStore: () => Promise<void>;
+};
+/**
+ * Creates a keys storage instance using the provided storage implementation
+ * @param storage - The storage implementation to use (IStorage interface), or null for non-persisted store
+ * @returns A KeysStorage instance with all utility methods
+ */
+declare function createKeysStore(storage: IStorage | null): KeysStorage;
+
+type FheKeyDeserializer = (buff: string) => void;
+/**
+ * Retrieves the FHE public key and the CRS from the provider.
+ * If the key/crs already exists in the store it is returned, else it is fetched, stored, and returned
+ * @param {CofhesdkConfig} config - The configuration object for the CoFHE SDK
+ * @param {number} chainId - The chain to fetch the FHE key for, if no chainId provided, undefined is returned
+ * @param securityZone - The security zone for which to retrieve the key (default 0).
+ * @param tfhePublicKeyDeserializer - The serializer for the FHE public key (used for validation).
+ * @param compactPkeCrsDeserializer - The serializer for the CRS (used for validation).
+ * @param keysStorage - The keys storage instance to use (optional)
+ * @returns {Promise<[[string, boolean], [string, boolean]]>} - A promise that resolves to [[fheKey, fheKeyFetchedFromCoFHE], [crs, crsFetchedFromCoFHE]]
+ */
+declare const fetchKeys: (config: CofhesdkConfig, chainId: number, securityZone: number | undefined, tfhePublicKeyDeserializer: FheKeyDeserializer, compactPkeCrsDeserializer: FheKeyDeserializer, keysStorage?: KeysStorage | null) => Promise<[[string, boolean], [string, boolean]]>;
+
+type EncryptInputsBuilderParams<T extends EncryptableItem[]> = BaseBuilderParams & {
+    inputs: [...T];
+    securityZone?: number;
+    zkvWalletClient?: WalletClient | undefined;
+    tfhePublicKeyDeserializer: FheKeyDeserializer | undefined;
+    compactPkeCrsDeserializer: FheKeyDeserializer | undefined;
+    zkBuilderAndCrsGenerator: ZkBuilderAndCrsGenerator | undefined;
+    initTfhe: TfheInitializer | undefined;
+    zkProveWorkerFn: ZkProveWorkerFunction | undefined;
+    keysStorage: KeysStorage | undefined;
+};
+/**
+ * EncryptInputsBuilder exposes a builder pattern for encrypting inputs.
+ * account, securityZone, and chainId can be overridden in the builder.
+ * config, tfhePublicKeyDeserializer, compactPkeCrsDeserializer, and zkBuilderAndCrsGenerator are required to be set in the builder.
+ */
+declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuilder {
+    private securityZone;
+    private stepCallback?;
+    private inputItems;
+    private zkvWalletClient;
+    private tfhePublicKeyDeserializer;
+    private compactPkeCrsDeserializer;
+    private zkBuilderAndCrsGenerator;
+    private initTfhe;
+    private zkProveWorkerFn;
+    private keysStorage;
+    private useWorker;
+    private stepTimestamps;
+    constructor(params: EncryptInputsBuilderParams<T>);
+    /**
+     * @param account - Account that will create the tx using the encrypted inputs.
+     *
+     * If not provided, the account will be fetched from the connected walletClient.
+     *
+     * Example:
+     * ```typescript
+     * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
+     *   .setAccount("0x123")
+     *   .encrypt();
+     * ```
+     *
+     * @returns The chainable EncryptInputsBuilder instance.
+     */
+    setAccount(account: string): EncryptInputsBuilder<T>;
+    getAccount(): string | undefined;
+    /**
+     * @param chainId - Chain that will consume the encrypted inputs.
+     *
+     * If not provided, the chainId will be fetched from the connected publicClient.
+     *
+     * Example:
+     * ```typescript
+     * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
+     *   .setChainId(11155111)
+     *   .encrypt();
+     * ```
+     *
+     * @returns The chainable EncryptInputsBuilder instance.
+     */
+    setChainId(chainId: number): EncryptInputsBuilder<T>;
+    getChainId(): number | undefined;
+    /**
+     * @param securityZone - Security zone to encrypt the inputs for.
+     *
+     * If not provided, the default securityZone 0 will be used.
+     *
+     * Example:
+     * ```typescript
+     * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
+     *   .setSecurityZone(1)
+     *   .encrypt();
+     * ```
+     *
+     * @returns The chainable EncryptInputsBuilder instance.
+     */
+    setSecurityZone(securityZone: number): EncryptInputsBuilder<T>;
+    getSecurityZone(): number;
+    /**
+     * @param useWorker - Whether to use Web Workers for ZK proof generation.
+     *
+     * Overrides the config-level useWorkers setting for this specific encryption.
+     *
+     * Example:
+     * ```typescript
+     * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
+     *   .setUseWorker(false)
+     *   .encrypt();
+     * ```
+     *
+     * @returns The chainable EncryptInputsBuilder instance.
+     */
+    setUseWorker(useWorker: boolean): EncryptInputsBuilder<T>;
+    /**
+     * Gets the current worker configuration.
+     *
+     * @returns Whether Web Workers are enabled for this encryption.
+     *
+     * Example:
+     * ```typescript
+     * const builder = encryptInputs([Encryptable.uint128(10n)]);
+     * console.log(builder.getUseWorker()); // true (from config)
+     * builder.setUseWorker(false);
+     * console.log(builder.getUseWorker()); // false (overridden)
+     * ```
+     */
+    getUseWorker(): boolean;
+    /**
+     * @param callback - Function to be called with the encryption step.
+     *
+     * Useful for debugging and tracking the progress of the encryption process.
+     * Useful for a UI element that shows the progress of the encryption process.
+     *
+     * Example:
+     * ```typescript
+     * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
+     *   .setStepCallback((step: EncryptStep) => console.log(step))
+     *   .encrypt();
+     * ```
+     *
+     * @returns The EncryptInputsBuilder instance.
+     */
+    setStepCallback(callback: EncryptStepCallbackFunction): EncryptInputsBuilder<T>;
+    getStepCallback(): EncryptStepCallbackFunction | undefined;
+    /**
+     * Fires the step callback if set
+     */
+    private fireStepStart;
+    private fireStepEnd;
+    /**
+     * zkVerifierUrl is included in the chains exported from cofhesdk/chains for use in CofhesdkConfig.supportedChains
+     * Users should generally not set this manually.
+     */
+    private getZkVerifierUrl;
+    /**
+     * initTfhe is a platform-specific dependency injected into core/createCofhesdkClientBase by web/createCofhesdkClient and node/createCofhesdkClient
+     * web/ uses zama "tfhe"
+     * node/ uses zama "node-tfhe"
+     * Users should not set this manually.
+     */
+    private initTfheOrThrow;
+    /**
+     * Fetches the FHE key and CRS from the CoFHE API
+     * If the key/crs already exists in the store it is returned, else it is fetched, stored, and returned
+     */
+    private fetchFheKeyAndCrs;
+    /**
+     * @dev Encrypt against the cofheMocks instead of CoFHE
+     *
+     * In the cofheMocks, the MockZkVerifier contract is deployed on hardhat to a fixed address, this contract handles mocking the zk verifying.
+     * cofheMocksInsertPackedHashes - stores the ctHashes and their plaintext values for on-chain mocking of FHE operations.
+     * cofheMocksZkCreateProofSignatures - creates signatures to be included in the encrypted inputs. The signers address is known and verified in the mock contracts.
+     */
+    private mocksEncrypt;
+    /**
+     * In the production context, perform a true encryption with the CoFHE coprocessor.
+     */
+    private productionEncrypt;
+    /**
+     * Final step of the encryption process. MUST BE CALLED LAST IN THE CHAIN.
+     *
+     * This will:
+     * - Pack the encryptable items into a zk proof
+     * - Prove the zk proof
+     * - Verify the zk proof with CoFHE
+     * - Package and return the encrypted inputs
+     *
+     * Example:
+     * ```typescript
+     * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
+     *   .setAccount('0x123...890') // optional
+     *   .setChainId(11155111)      // optional
+     *   .encrypt();                // execute
+     * ```
+     *
+     * @returns The encrypted inputs.
+     */
+    encrypt(): Promise<[...EncryptedItemInputs<T>]>;
+}
+
+declare const permits: {
+    getSnapshot: () => {
+        permits: {
+            [x: number]: {
+                [x: string]: {
+                    [x: string]: SerializedPermit | undefined;
+                };
+            };
+        };
+        activePermitHash: {
+            [x: number]: {
+                [x: string]: string | undefined;
+            };
+        };
+    };
+    subscribe: (listener: (state: {
+        permits: {
+            [x: number]: {
+                [x: string]: {
+                    [x: string]: SerializedPermit | undefined;
+                };
+            };
+        };
+        activePermitHash: {
+            [x: number]: {
+                [x: string]: string | undefined;
+            };
+        };
+    }, prevState: {
+        permits: {
+            [x: number]: {
+                [x: string]: {
+                    [x: string]: SerializedPermit | undefined;
+                };
+            };
+        };
+        activePermitHash: {
+            [x: number]: {
+                [x: string]: string | undefined;
+            };
+        };
+    }) => void) => () => void;
+    createSelf: (options: CreateSelfPermitOptions, publicClient: PublicClient, walletClient: WalletClient) => Promise<SelfPermit>;
+    createSharing: (options: CreateSharingPermitOptions, publicClient: PublicClient, walletClient: WalletClient) => Promise<SharingPermit>;
+    importShared: (options: ImportSharedPermitOptions | string, publicClient: PublicClient, walletClient: WalletClient) => Promise<RecipientPermit>;
+    getOrCreateSelfPermit: (publicClient: PublicClient, walletClient: WalletClient, chainId?: number, account?: string, options?: CreateSelfPermitOptions) => Promise<Permit>;
+    getOrCreateSharingPermit: (publicClient: PublicClient, walletClient: WalletClient, options: CreateSharingPermitOptions, chainId?: number, account?: string) => Promise<Permit>;
+    getHash: (permit: Permit) => string;
+    serialize: (permit: Permit) => SerializedPermit;
+    deserialize: (serialized: SerializedPermit) => Permit;
+    getPermit: (chainId: number, account: string, hash: string) => Promise<Permit | undefined>;
+    getPermits: (chainId: number, account: string) => Promise<Record<string, Permit>>;
+    getActivePermit: (chainId: number, account: string) => Promise<Permit | undefined>;
+    getActivePermitHash: (chainId: number, account: string) => string | undefined;
+    removePermit: (chainId: number, account: string, hash: string, force?: boolean) => Promise<void>;
+    selectActivePermit: (chainId: number, account: string, hash: string) => void;
+    removeActivePermit: (chainId: number, account: string) => Promise<void>;
+};
+
+type CofhesdkClient<TConfig extends CofhesdkConfig = CofhesdkConfig> = {
+    getSnapshot(): CofhesdkClientConnectionState;
+    subscribe(listener: Listener): () => void;
+    readonly connected: boolean;
+    readonly connecting: boolean;
+    readonly config: TConfig;
+    connect(publicClient: PublicClient, walletClient: WalletClient): Promise<void>;
+    /**
+     * Types docstring
+     */
+    encryptInputs<T extends EncryptableItem[]>(inputs: [...T]): EncryptInputsBuilder<[...T]>;
+    decryptHandle<U extends FheTypes>(ctHash: bigint, utype: U): DecryptHandlesBuilder<U>;
+    permits: CofhesdkClientPermits;
+};
+type CofhesdkClientConnectionState = {
+    connected: boolean;
+    connecting: boolean;
+    connectError: unknown | undefined;
+    chainId: number | undefined;
+    account: `0x${string}` | undefined;
+    publicClient: PublicClient | undefined;
+    walletClient: WalletClient | undefined;
+};
+type Listener = (snapshot: CofhesdkClientConnectionState) => void;
+type CofhesdkClientPermitsClients = {
+    publicClient: PublicClient;
+    walletClient: WalletClient;
+};
+type CofhesdkClientPermits = {
+    getSnapshot: typeof permits.getSnapshot;
+    subscribe: typeof permits.subscribe;
+    createSelf: (options: CreateSelfPermitOptions, clients?: CofhesdkClientPermitsClients) => Promise<SelfPermit>;
+    createSharing: (options: CreateSharingPermitOptions, clients?: CofhesdkClientPermitsClients) => Promise<SharingPermit>;
+    importShared: (options: ImportSharedPermitOptions | string, clients?: CofhesdkClientPermitsClients) => Promise<RecipientPermit>;
+    getPermit: (hash: string, chainId?: number, account?: string) => Promise<Permit | undefined>;
+    getPermits: (chainId?: number, account?: string) => Promise<Record<string, Permit>>;
+    getActivePermit: (chainId?: number, account?: string) => Promise<Permit | undefined>;
+    getActivePermitHash: (chainId?: number, account?: string) => Promise<string | undefined>;
+    getOrCreateSelfPermit: (chainId?: number, account?: string, options?: CreateSelfPermitOptions) => Promise<Permit>;
+    getOrCreateSharingPermit: (options: CreateSharingPermitOptions, chainId?: number, account?: string) => Promise<Permit>;
+    selectActivePermit: (hash: string, chainId?: number, account?: string) => void;
+    removePermit: (hash: string, chainId?: number, account?: string, force?: boolean) => void;
+    removeActivePermit: (chainId?: number, account?: string) => void;
+    getHash: typeof PermitUtils.getHash;
+    serialize: typeof PermitUtils.serialize;
+    deserialize: typeof PermitUtils.deserialize;
+};
+type CofhesdkClientParams<TConfig extends CofhesdkConfig> = {
+    config: TConfig;
+    zkBuilderAndCrsGenerator: ZkBuilderAndCrsGenerator;
+    tfhePublicKeyDeserializer: FheKeyDeserializer;
+    compactPkeCrsDeserializer: FheKeyDeserializer;
+    initTfhe: TfheInitializer;
+    zkProveWorkerFn?: ZkProveWorkerFunction;
+};
+
+export { type ZkProveWorkerResponse as $, type FheTypeValue as A, type EncryptStepCallbackFunction as B, type CofhesdkInputConfig as C, type EncryptStepCallbackContext as D, type EncryptableItem as E, FheTypes as F, FheUintUTypes as G, FheAllUTypes as H, type IStorage as I, Encryptable as J, isEncryptableItem as K, type LiteralToPrimitive as L, EncryptStep as M, isLastEncryptionStep as N, assertCorrectEncryptedItemInput as O, type Primitive as P, fetchKeys as Q, type FheKeyDeserializer as R, createKeysStore as S, type KeysStorage as T, type UnsealedItem as U, type KeysStore as V, EncryptInputsBuilder as W, DecryptHandlesBuilder as X, type ZkProveWorkerFunction as Y, type ZkBuilderAndCrsGenerator as Z, type ZkProveWorkerRequest as _, type CofhesdkConfig as a, zkProveWithWorker as a0, type CofhesdkClient as b, type CofhesdkClientConnectionState as c, type CofhesdkClientParams as d, createCofhesdkConfigBase as e, type CofhesdkInternalConfig as f, getCofhesdkConfigItem as g, type CofhesdkClientPermits as h, type EncryptableBool as i, type EncryptableUint8 as j, type EncryptableUint16 as k, type EncryptableUint32 as l, type EncryptableUint64 as m, type EncryptableUint128 as n, type EncryptableAddress as o, type EncryptedNumber as p, type EncryptedItemInput as q, type EncryptedBoolInput as r, type EncryptedUint8Input as s, type EncryptedUint16Input as t, type EncryptedUint32Input as u, type EncryptedUint64Input as v, type EncryptedUint128Input as w, type EncryptedAddressInput as x, type EncryptedItemInputs as y, type EncryptableToEncryptedItemInputMap as z };