@cofhe/sdk 0.1.1 → 0.2.0

package/dist/{types-PhwGgQvs.d.ts → clientTypes-Es7fyi65.d.ts}

@@ -1,21 +1,180 @@
-import { P as Permit, S as SerializedPermit, C as CreateSelfPermitOptions, d as CreateSharingPermitOptions, I as ImportSharedPermitOptions, g as PermitUtils } from './permit-S9CnI6MF.js';
 import { WalletClient, PublicClient } from 'viem';
 import { C as CofheChain } from './types-KImPrEIe.js';
 import { z } from 'zod';
+import { P as Permit, S as SerializedPermit, C as CreateSelfPermitOptions, m as SelfPermit, d as CreateSharingPermitOptions, n as SharingPermit, I as ImportSharedPermitOptions, R as RecipientPermit, g as PermitUtils } from './permit-fUSe6KKq.js';
 import { StoreApi } from 'zustand/vanilla';
 
+type TfheInitializer = () => Promise<boolean>;
+interface IStorage {
+    getItem: (name: string) => Promise<any>;
+    setItem: (name: string, value: any) => Promise<void>;
+    removeItem: (name: string) => Promise<void>;
+}
+type Primitive = null | undefined | string | number | boolean | symbol | bigint;
+type LiteralToPrimitive<T> = T extends number ? number : T extends bigint ? bigint : T extends string ? string : T extends boolean ? boolean : T extends symbol ? symbol : T extends null ? null : T extends undefined ? undefined : never;
+declare const FheTypeValues: readonly ["bool", "uint8", "uint16", "uint32", "uint64", "uint128", "address"];
+type FheTypeValue = (typeof FheTypeValues)[number];
+declare enum FheTypes {
+    Bool = 0,
+    Uint4 = 1,
+    Uint8 = 2,
+    Uint16 = 3,
+    Uint32 = 4,
+    Uint64 = 5,
+    Uint128 = 6,
+    Uint160 = 7,
+    Uint256 = 8,
+    Uint512 = 9,
+    Uint1024 = 10,
+    Uint2048 = 11,
+    Uint2 = 12,
+    Uint6 = 13,
+    Uint10 = 14,
+    Uint12 = 15,
+    Uint14 = 16,
+    Int2 = 17,
+    Int4 = 18,
+    Int6 = 19,
+    Int8 = 20,
+    Int10 = 21,
+    Int12 = 22,
+    Int14 = 23,
+    Int16 = 24,
+    Int32 = 25,
+    Int64 = 26,
+    Int128 = 27,
+    Int160 = 28,
+    Int256 = 29
+}
+/**
+ * List of All FHE uint types (excludes bool and address)
+ */
+declare const FheUintUTypes: readonly [FheTypes.Uint8, FheTypes.Uint16, FheTypes.Uint32, FheTypes.Uint64, FheTypes.Uint128];
+type FheUintUTypesType = (typeof FheUintUTypes)[number];
+/**
+ * List of All FHE types (uints, bool, and address)
+ */
+declare const FheAllUTypes: readonly [FheTypes.Bool, FheTypes.Uint8, FheTypes.Uint16, FheTypes.Uint32, FheTypes.Uint64, FheTypes.Uint128, FheTypes.Uint160];
+type EncryptedNumber = {
+    data: Uint8Array;
+    securityZone: number;
+};
+type EncryptedItemInput<TSignature = string> = {
+    ctHash: bigint;
+    securityZone: number;
+    utype: FheTypes;
+    signature: TSignature;
+};
+declare function assertCorrectEncryptedItemInput(input: EncryptedItemInput): asserts input is EncryptedItemInput<`0x${string}`>;
+type EncryptedBoolInput = EncryptedItemInput & {
+    utype: FheTypes.Bool;
+};
+type EncryptedUint8Input = EncryptedItemInput & {
+    utype: FheTypes.Uint8;
+};
+type EncryptedUint16Input = EncryptedItemInput & {
+    utype: FheTypes.Uint16;
+};
+type EncryptedUint32Input = EncryptedItemInput & {
+    utype: FheTypes.Uint32;
+};
+type EncryptedUint64Input = EncryptedItemInput & {
+    utype: FheTypes.Uint64;
+};
+type EncryptedUint128Input = EncryptedItemInput & {
+    utype: FheTypes.Uint128;
+};
+type EncryptedAddressInput = EncryptedItemInput & {
+    utype: FheTypes.Uint160;
+};
+type EncryptableBase<U extends FheTypes, D> = {
+    data: D;
+    securityZone: number;
+    utype: U;
+};
+type EncryptableBool = EncryptableBase<FheTypes.Bool, boolean>;
+type EncryptableUint8 = EncryptableBase<FheTypes.Uint8, string | bigint>;
+type EncryptableUint16 = EncryptableBase<FheTypes.Uint16, string | bigint>;
+type EncryptableUint32 = EncryptableBase<FheTypes.Uint32, string | bigint>;
+type EncryptableUint64 = EncryptableBase<FheTypes.Uint64, string | bigint>;
+type EncryptableUint128 = EncryptableBase<FheTypes.Uint128, string | bigint>;
+type EncryptableAddress = EncryptableBase<FheTypes.Uint160, string | bigint>;
+declare function createEncryptableByLiteral(type: 'bool', data: EncryptableBool['data'], securityZone?: number): EncryptableBool;
+declare function createEncryptableByLiteral(type: 'address', data: EncryptableAddress['data'], securityZone?: number): EncryptableAddress;
+declare function createEncryptableByLiteral(type: 'uint8', data: EncryptableUint8['data'], securityZone?: number): EncryptableUint8;
+declare function createEncryptableByLiteral(type: 'uint16', data: EncryptableUint16['data'], securityZone?: number): EncryptableUint16;
+declare function createEncryptableByLiteral(type: 'uint32', data: EncryptableUint32['data'], securityZone?: number): EncryptableUint32;
+declare function createEncryptableByLiteral(type: 'uint64', data: EncryptableUint64['data'], securityZone?: number): EncryptableUint64;
+declare function createEncryptableByLiteral(type: 'uint128', data: EncryptableUint128['data'], securityZone?: number): EncryptableUint128;
+declare function createEncryptableByLiteral(type: FheTypeValue, data: EncryptableItem['data'], securityZone?: number): EncryptableItem;
+declare const Encryptable: {
+    create: typeof createEncryptableByLiteral;
+    bool: (data: EncryptableBool["data"], securityZone?: number | undefined) => {
+        data: boolean;
+        securityZone: number;
+        utype: FheTypes.Bool;
+    };
+    address: (data: EncryptableAddress["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint160;
+    };
+    uint8: (data: EncryptableUint8["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint8;
+    };
+    uint16: (data: EncryptableUint16["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint16;
+    };
+    uint32: (data: EncryptableUint32["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint32;
+    };
+    uint64: (data: EncryptableUint64["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint64;
+    };
+    uint128: (data: EncryptableUint128["data"], securityZone?: number | undefined) => {
+        data: string | bigint;
+        securityZone: number;
+        utype: FheTypes.Uint128;
+    };
+};
+type EncryptableItem = EncryptableBool | EncryptableUint8 | EncryptableUint16 | EncryptableUint32 | EncryptableUint64 | EncryptableUint128 | EncryptableAddress;
+type EncryptableToEncryptedItemInputMap<E extends EncryptableItem> = E extends EncryptableBool ? EncryptedBoolInput : E extends EncryptableUint8 ? EncryptedUint8Input : E extends EncryptableUint16 ? EncryptedUint16Input : E extends EncryptableUint32 ? EncryptedUint32Input : E extends EncryptableUint64 ? EncryptedUint64Input : E extends EncryptableUint128 ? EncryptedUint128Input : E extends EncryptableAddress ? EncryptedAddressInput : never;
+type EncryptedItemInputs<T> = T extends Primitive ? LiteralToPrimitive<T> : T extends EncryptableItem ? EncryptableToEncryptedItemInputMap<T> : {
+    [K in keyof T]: EncryptedItemInputs<T[K]>;
+};
+declare function isEncryptableItem(value: unknown): value is EncryptableItem;
+declare enum EncryptStep {
+    InitTfhe = "initTfhe",
+    FetchKeys = "fetchKeys",
+    Pack = "pack",
+    Prove = "prove",
+    Verify = "verify"
+}
+declare function isLastEncryptionStep(step: EncryptStep): boolean;
+type EncryptStepCallbackContext = Record<string, any> & {
+    isStart: boolean;
+    isEnd: boolean;
+    duration: number;
+};
+type EncryptStepCallbackFunction = (state: EncryptStep, context?: EncryptStepCallbackContext) => void;
+type UnsealedItem<U extends FheTypes> = U extends FheTypes.Bool ? boolean : U extends FheTypes.Uint160 ? string : U extends FheUintUTypesType ? bigint : never;
+
 /**
  * Usable config type inferred from the schema
  */
 type CofhesdkConfig = {
+    /** Environment that the SDK is running in */
+    environment: 'node' | 'hardhat' | 'web' | 'react';
+    /** List of supported chains */
     supportedChains: CofheChain[];
-    /**
-     * Strategy for fetching FHE keys
-     * - CONNECTED_CHAIN: Fetch keys for the connected chain (provided by the publicClient)
-     * - SUPPORTED_CHAINS: Fetch keys for all supported chains (provided by the supportedChains config)
-     * - OFF: Do not fetch keys (fetching occurs during encryptInputs)
-     * */
-    fheKeysPrefetching: 'CONNECTED_CHAIN' | 'SUPPORTED_CHAINS' | 'OFF';
     /**
      * How permits are generated
      * - ON_CONNECT: Generate a permit when client.connect() is called
@@ -31,6 +190,12 @@ type CofhesdkConfig = {
      * (defaults to indexedDB on web, filesystem on node)
      */
     fheKeyStorage: IStorage | null;
+    /**
+     * Whether to use Web Workers for ZK proof generation (web platform only)
+     * When enabled, heavy WASM computation is offloaded to prevent UI freezing
+     * Default: true
+     */
+    useWorkers: boolean;
     /** Mocks configs */
     mocks: {
         /**
@@ -49,6 +214,8 @@ type CofhesdkInternalConfig = {
  * Zod schema for configuration validation
  */
 declare const CofhesdkConfigSchema: z.ZodObject<{
+    /** Environment that the SDK is running in */
+    environment: z.ZodDefault<z.ZodOptional<z.ZodEnum<["node", "hardhat", "web", "react"]>>>;
     /** List of supported chain configurations */
     supportedChains: z.ZodArray<z.ZodType<{
         name: string;
@@ -67,8 +234,6 @@ declare const CofhesdkConfigSchema: z.ZodObject<{
         thresholdNetworkUrl: string;
         environment: "MOCK" | "TESTNET" | "MAINNET";
     }>, "many">;
-    /** Strategy for fetching FHE keys */
-    fheKeysPrefetching: z.ZodDefault<z.ZodOptional<z.ZodEnum<["CONNECTED_CHAIN", "SUPPORTED_CHAINS", "OFF"]>>>;
     /** How permits are generated */
     permitGeneration: z.ZodDefault<z.ZodOptional<z.ZodEnum<["ON_CONNECT", "ON_DECRYPT_HANDLES", "MANUAL"]>>>;
     /** Default permit expiration in seconds, default is 30 days */
@@ -87,6 +252,8 @@ declare const CofhesdkConfigSchema: z.ZodObject<{
         setItem: (args_0: string, args_1: any, ...args_2: unknown[]) => Promise<void>;
         removeItem: (args_0: string, ...args_1: unknown[]) => Promise<void>;
     }>, z.ZodNull]>>;
+    /** Whether to use Web Workers for ZK proof generation (web platform only) */
+    useWorkers: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
     /** Mocks configs */
     mocks: z.ZodDefault<z.ZodOptional<z.ZodObject<{
         sealOutputDelay: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
@@ -104,6 +271,7 @@ declare const CofhesdkConfigSchema: z.ZodObject<{
         zkvWalletClient?: any;
     }>>;
 }, "strip", z.ZodTypeAny, {
+    environment: "hardhat" | "node" | "web" | "react";
     supportedChains: {
         name: string;
         id: number;
@@ -113,7 +281,6 @@ declare const CofhesdkConfigSchema: z.ZodObject<{
         thresholdNetworkUrl: string;
         environment: "MOCK" | "TESTNET" | "MAINNET";
     }[];
-    fheKeysPrefetching: "CONNECTED_CHAIN" | "SUPPORTED_CHAINS" | "OFF";
     permitGeneration: "ON_CONNECT" | "ON_DECRYPT_HANDLES" | "MANUAL";
     defaultPermitExpiration: number;
     fheKeyStorage: {
@@ -121,6 +288,7 @@ declare const CofhesdkConfigSchema: z.ZodObject<{
         setItem: (args_0: string, args_1: any, ...args_2: unknown[]) => Promise<void>;
         removeItem: (args_0: string, ...args_1: unknown[]) => Promise<void>;
     } | null;
+    useWorkers: boolean;
     mocks: {
         sealOutputDelay: number;
     };
@@ -137,7 +305,7 @@ declare const CofhesdkConfigSchema: z.ZodObject<{
         thresholdNetworkUrl: string;
         environment: "MOCK" | "TESTNET" | "MAINNET";
     }[];
-    fheKeysPrefetching?: "CONNECTED_CHAIN" | "SUPPORTED_CHAINS" | "OFF" | undefined;
+    environment?: "hardhat" | "node" | "web" | "react" | undefined;
     permitGeneration?: "ON_CONNECT" | "ON_DECRYPT_HANDLES" | "MANUAL" | undefined;
     defaultPermitExpiration?: number | undefined;
     fheKeyStorage?: {
@@ -145,6 +313,7 @@ declare const CofhesdkConfigSchema: z.ZodObject<{
         setItem: (args_0: string, args_1: any, ...args_2: unknown[]) => Promise<void>;
         removeItem: (args_0: string, ...args_1: unknown[]) => Promise<void>;
     } | null | undefined;
+    useWorkers?: boolean | undefined;
     mocks?: {
         sealOutputDelay?: number | undefined;
     } | undefined;
@@ -169,109 +338,6 @@ declare function createCofhesdkConfigBase(config: CofhesdkInputConfig): Cofhesdk
  */
 declare const getCofhesdkConfigItem: <K extends keyof CofhesdkConfig>(config: CofhesdkConfig, key: K) => CofhesdkConfig[K];
 
-declare enum CofhesdkErrorCode {
-    InternalError = "INTERNAL_ERROR",
-    UnknownEnvironment = "UNKNOWN_ENVIRONMENT",
-    InitTfheFailed = "INIT_TFHE_FAILED",
-    InitViemFailed = "INIT_VIEM_FAILED",
-    InitEthersFailed = "INIT_ETHERS_FAILED",
-    NotConnected = "NOT_CONNECTED",
-    MissingPublicClient = "MISSING_PUBLIC_CLIENT",
-    MissingWalletClient = "MISSING_WALLET_CLIENT",
-    MissingProviderParam = "MISSING_PROVIDER_PARAM",
-    EmptySecurityZonesParam = "EMPTY_SECURITY_ZONES_PARAM",
-    InvalidPermitData = "INVALID_PERMIT_DATA",
-    InvalidPermitDomain = "INVALID_PERMIT_DOMAIN",
-    PermitNotFound = "PERMIT_NOT_FOUND",
-    CannotRemoveLastPermit = "CANNOT_REMOVE_LAST_PERMIT",
-    AccountUninitialized = "ACCOUNT_UNINITIALIZED",
-    ChainIdUninitialized = "CHAIN_ID_UNINITIALIZED",
-    SealOutputFailed = "SEAL_OUTPUT_FAILED",
-    SealOutputReturnedNull = "SEAL_OUTPUT_RETURNED_NULL",
-    InvalidUtype = "INVALID_UTYPE",
-    DecryptFailed = "DECRYPT_FAILED",
-    DecryptReturnedNull = "DECRYPT_RETURNED_NULL",
-    ZkMocksInsertCtHashesFailed = "ZK_MOCKS_INSERT_CT_HASHES_FAILED",
-    ZkMocksCalcCtHashesFailed = "ZK_MOCKS_CALC_CT_HASHES_FAILED",
-    ZkMocksVerifySignFailed = "ZK_MOCKS_VERIFY_SIGN_FAILED",
-    ZkMocksCreateProofSignatureFailed = "ZK_MOCKS_CREATE_PROOF_SIGNATURE_FAILED",
-    ZkVerifyFailed = "ZK_VERIFY_FAILED",
-    ZkPackFailed = "ZK_PACK_FAILED",
-    ZkProveFailed = "ZK_PROVE_FAILED",
-    EncryptRemainingInItems = "ENCRYPT_REMAINING_IN_ITEMS",
-    ZkUninitialized = "ZK_UNINITIALIZED",
-    ZkVerifierUrlUninitialized = "ZK_VERIFIER_URL_UNINITIALIZED",
-    ThresholdNetworkUrlUninitialized = "THRESHOLD_NETWORK_URL_UNINITIALIZED",
-    MissingConfig = "MISSING_CONFIG",
-    UnsupportedChain = "UNSUPPORTED_CHAIN",
-    MissingZkBuilderAndCrsGenerator = "MISSING_ZK_BUILDER_AND_CRS_GENERATOR",
-    MissingTfhePublicKeyDeserializer = "MISSING_TFHE_PUBLIC_KEY_DESERIALIZER",
-    MissingCompactPkeCrsDeserializer = "MISSING_COMPACT_PKE_CRS_DESERIALIZER",
-    MissingFheKey = "MISSING_FHE_KEY",
-    MissingCrs = "MISSING_CRS",
-    FetchKeysFailed = "FETCH_KEYS_FAILED",
-    PublicWalletGetChainIdFailed = "PUBLIC_WALLET_GET_CHAIN_ID_FAILED",
-    PublicWalletGetAddressesFailed = "PUBLIC_WALLET_GET_ADDRESSES_FAILED",
-    RehydrateKeysStoreFailed = "REHYDRATE_KEYS_STORE_FAILED"
-}
-type CofhesdkErrorParams = {
-    code: CofhesdkErrorCode;
-    message: string;
-    cause?: Error;
-    hint?: string;
-    context?: Record<string, unknown>;
-};
-/**
- * CofhesdkError class
- * This class is used to create errors that are specific to the CoFHE SDK
- * It extends the Error class and adds a code, cause, hint, and context
- * The code is used to identify the type of error
- * The cause is used to indicate the inner error that caused the CofhesdkError
- * The hint is used to provide a hint about how to fix the error
- * The context is used to provide additional context about the state that caused the error
- * The serialize method is used to serialize the error to a JSON string
- * The toString method is used to provide a human-readable string representation of the error
- */
-declare class CofhesdkError extends Error {
-    readonly code: CofhesdkErrorCode;
-    readonly cause?: Error;
-    readonly hint?: string;
-    readonly context?: Record<string, unknown>;
-    constructor({ code, message, cause, hint, context }: CofhesdkErrorParams);
-    /**
-     * Creates a CofhesdkError from an unknown error
-     * If the error is a CofhesdkError, it is returned unchanged, else a new CofhesdkError is created
-     * If a wrapperError is provided, it is used to create the new CofhesdkError, else a default is used
-     */
-    static fromError(error: unknown, wrapperError?: CofhesdkErrorParams): CofhesdkError;
-    /**
-     * Serializes the error to JSON string with proper handling of Error objects
-     */
-    serialize(): string;
-    /**
-     * Returns a human-readable string representation of the error
-     */
-    toString(): string;
-}
-declare const isCofhesdkError: (error: unknown) => error is CofhesdkError;
-
-type Result<T> = {
-    success: true;
-    data: T;
-    error: null;
-} | {
-    success: false;
-    data: null;
-    error: CofhesdkError;
-};
-declare const ResultErr: <T>(error: CofhesdkError) => Result<T>;
-declare const ResultOk: <T>(data: T) => Result<T>;
-declare const ResultErrOrInternal: <T>(error: unknown) => Result<T>;
-declare const ResultHttpError: (error: unknown, url: string, status?: number) => CofhesdkError;
-declare const ResultValidationError: (message: string) => CofhesdkError;
-declare const resultWrapper: <T>(tryFn: () => Promise<T>, catchFn?: (error: CofhesdkError) => void, finallyFn?: () => void) => Promise<Result<T>>;
-declare const resultWrapperSync: <T>(fn: () => T) => Result<T>;
-
 /**
  * Base parameters that all builders need
  */
@@ -288,48 +354,40 @@ type BaseBuilderParams = {
  * for working with clients, config, and chain IDs
  */
 declare abstract class BaseBuilder {
-    protected config: CofhesdkConfig | undefined;
+    protected config: CofhesdkConfig;
     protected publicClient: PublicClient | undefined;
     protected walletClient: WalletClient | undefined;
     protected chainId: number | undefined;
     protected account: string | undefined;
-    protected requireConnected: (() => void) | undefined;
     constructor(params: BaseBuilderParams);
     /**
-     * Gets the chain ID from the instance or fetches it from the public client
-     * @returns The chain ID
-     * @throws {CofhesdkError} If chainId is not set and publicClient is not available
+     * Asserts that this.chainId is populated
+     * @throws {CofhesdkError} If chainId is not set
      */
-    protected getChainIdOrThrow(): Promise<number>;
-    /**
-     * Gets the account address from the instance or fetches it from the wallet client
-     * @returns The account address
-     * @throws {CofhesdkError} If account is not set and walletClient is not available
-     */
-    protected getAccountOrThrow(): Promise<string>;
+    protected assertChainId(): asserts this is this & {
+        chainId: number;
+    };
     /**
-     * Gets the config or throws an error if not available
-     * @returns The config
-     * @throws {CofhesdkError} If config is not set
+     * Asserts that this.account is populated
+     * @throws {CofhesdkError} If account is not set
      */
-    protected getConfigOrThrow(): CofhesdkConfig;
+    protected assertAccount(): asserts this is this & {
+        account: string;
+    };
     /**
-     * Gets the public client or throws an error if not available
-     * @returns The public client
+     * Asserts that this.publicClient is populated
      * @throws {CofhesdkError} If publicClient is not set
      */
-    protected getPublicClientOrThrow(): PublicClient;
+    protected assertPublicClient(): asserts this is this & {
+        publicClient: PublicClient;
+    };
     /**
-     * Gets the wallet client or throws an error if not available
-     * @returns The wallet client
+     * Asserts that this.walletClient is populated
      * @throws {CofhesdkError} If walletClient is not set
      */
-    protected getWalletClientOrThrow(): WalletClient;
-    /**
-     * Requires the client to be connected
-     * @throws {CofhesdkError} If client is not connected
-     */
-    protected requireConnectedOrThrow(): void;
+    protected assertWalletClient(): asserts this is this & {
+        walletClient: WalletClient;
+    };
 }
 
 /**
@@ -347,7 +405,7 @@ declare abstract class BaseBuilder {
  * If permitHash not set, uses chainId and account to get active permit
  * If permit is set, uses permit to decrypt regardless of chainId, account, or permitHash
  *
- * Returns a Result<UnsealedItem<U>>
+ * Returns the unsealed item.
  */
 type DecryptHandlesBuilderParams<U extends FheTypes> = BaseBuilderParams & {
     ctHash: bigint;
@@ -457,9 +515,37 @@ declare class DecryptHandlesBuilder<U extends FheTypes> extends BaseBuilder {
      *
      * @returns The unsealed item.
      */
-    decrypt(): Promise<Result<UnsealedItem<U>>>;
+    decrypt(): Promise<UnsealedItem<U>>;
 }
 
+/**
+ * Worker function type for ZK proof generation
+ * Platform-specific implementations (web) can provide this to enable worker-based proofs
+ */
+type ZkProveWorkerFunction = (fheKeyHex: string, crsHex: string, items: EncryptableItem[], metadata: Uint8Array) => Promise<Uint8Array>;
+/**
+ * Message sent from main thread to worker to request proof generation
+ */
+interface ZkProveWorkerRequest {
+    id: string;
+    type: 'zkProve';
+    fheKeyHex: string;
+    crsHex: string;
+    items: Array<{
+        utype: string;
+        data: any;
+    }>;
+    metadata: number[];
+}
+/**
+ * Message sent from worker back to main thread with proof result
+ */
+interface ZkProveWorkerResponse {
+    id: string;
+    type: 'success' | 'error' | 'ready';
+    result?: number[];
+    error?: string;
+}
 type ZkProvenCiphertextList = {
     serialize(): Uint8Array;
 };
@@ -482,6 +568,17 @@ type ZkBuilderAndCrsGenerator = (fhe: string, crs: string) => {
     zkBuilder: ZkCiphertextListBuilder;
     zkCrs: ZkCompactPkeCrs;
 };
+/**
+ * Generates ZK proof using Web Worker (offloads heavy WASM computation)
+ * Serializes items and calls the platform-specific worker function
+ * @param workerFn - Platform-specific worker function (provided by web/index.ts)
+ * @param fheKeyHex - Hex-encoded FHE public key for worker deserialization
+ * @param crsHex - Hex-encoded CRS for worker deserialization
+ * @param items - Encryptable items to pack in the worker
+ * @param metadata - Pre-constructed ZK PoK metadata
+ * @returns The serialized proven ciphertext list
+ */
+declare const zkProveWithWorker: (workerFn: ZkProveWorkerFunction, fheKeyHex: string, crsHex: string, items: EncryptableItem[], metadata: Uint8Array) => Promise<Uint8Array>;
 
 type ChainRecord<T> = Record<string, T>;
 type SecurityZoneRecord<T> = Record<number, T>;
@@ -518,16 +615,6 @@ type FheKeyDeserializer = (buff: string) => void;
  * @returns {Promise<[[string, boolean], [string, boolean]]>} - A promise that resolves to [[fheKey, fheKeyFetchedFromCoFHE], [crs, crsFetchedFromCoFHE]]
  */
 declare const fetchKeys: (config: CofhesdkConfig, chainId: number, securityZone: number | undefined, tfhePublicKeyDeserializer: FheKeyDeserializer, compactPkeCrsDeserializer: FheKeyDeserializer, keysStorage?: KeysStorage | null) => Promise<[[string, boolean], [string, boolean]]>;
-/**
- * Fetches the FHE public key and the CRS for all chains in the config
- * @param {CofhesdkConfig} config - The configuration object for the CoFHE SDK
- * @param {number} securityZone - The security zone for which to retrieve the key (default 0).
- * @param tfhePublicKeyDeserializer - The serializer for the FHE public key (used for validation).
- * @param compactPkeCrsDeserializer - The serializer for the CRS (used for validation).
- * @param keysStorage - The keys storage instance to use (optional)
- * @returns {Promise<void>} - A promise that resolves when the keys are fetched and stored.
- */
-declare const fetchMultichainKeys: (config: CofhesdkConfig, securityZone: number | undefined, tfhePublicKeyDeserializer: FheKeyDeserializer, compactPkeCrsDeserializer: FheKeyDeserializer, keysStorage?: KeysStorage | null) => Promise<void>;
 
 type EncryptInputsBuilderParams<T extends EncryptableItem[]> = BaseBuilderParams & {
     inputs: [...T];
@@ -537,15 +624,13 @@ type EncryptInputsBuilderParams<T extends EncryptableItem[]> = BaseBuilderParams
     compactPkeCrsDeserializer: FheKeyDeserializer | undefined;
     zkBuilderAndCrsGenerator: ZkBuilderAndCrsGenerator | undefined;
     initTfhe: TfheInitializer | undefined;
+    zkProveWorkerFn: ZkProveWorkerFunction | undefined;
     keysStorage: KeysStorage | undefined;
 };
 /**
  * EncryptInputsBuilder exposes a builder pattern for encrypting inputs.
  * account, securityZone, and chainId can be overridden in the builder.
  * config, tfhePublicKeyDeserializer, compactPkeCrsDeserializer, and zkBuilderAndCrsGenerator are required to be set in the builder.
- *
- * @dev All errors must be throw in `encrypt`, which wraps them in a Result.
- * Do not throw errors in the constructor or in the builder methods.
  */
 declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuilder {
     private securityZone;
@@ -556,7 +641,9 @@ declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuil
     private compactPkeCrsDeserializer;
     private zkBuilderAndCrsGenerator;
     private initTfhe;
+    private zkProveWorkerFn;
     private keysStorage;
+    private useWorker;
     private stepTimestamps;
     constructor(params: EncryptInputsBuilderParams<T>);
     /**
@@ -607,6 +694,35 @@ declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuil
      */
     setSecurityZone(securityZone: number): EncryptInputsBuilder<T>;
     getSecurityZone(): number;
+    /**
+     * @param useWorker - Whether to use Web Workers for ZK proof generation.
+     *
+     * Overrides the config-level useWorkers setting for this specific encryption.
+     *
+     * Example:
+     * ```typescript
+     * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
+     *   .setUseWorker(false)
+     *   .encrypt();
+     * ```
+     *
+     * @returns The chainable EncryptInputsBuilder instance.
+     */
+    setUseWorker(useWorker: boolean): EncryptInputsBuilder<T>;
+    /**
+     * Gets the current worker configuration.
+     *
+     * @returns Whether Web Workers are enabled for this encryption.
+     *
+     * Example:
+     * ```typescript
+     * const builder = encryptInputs([Encryptable.uint128(10n)]);
+     * console.log(builder.getUseWorker()); // true (from config)
+     * builder.setUseWorker(false);
+     * console.log(builder.getUseWorker()); // false (overridden)
+     * ```
+     */
+    getUseWorker(): boolean;
     /**
      * @param callback - Function to be called with the encryption step.
      *
@@ -629,20 +745,6 @@ declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuil
      */
     private fireStepStart;
     private fireStepEnd;
-    /**
-     * tfhePublicKeyDeserializer is a platform-specific dependency injected into core/createCofhesdkClientBase by web/createCofhesdkClient and node/createCofhesdkClient
-     * web/ uses zama "tfhe"
-     * node/ uses zama "node-tfhe"
-     * Users should not set this manually.
-     */
-    private getTfhePublicKeyDeserializerOrThrow;
-    /**
-     * compactPkeCrsDeserializer is a platform-specific dependency injected into core/createCofhesdkClientBase by web/createCofhesdkClient and node/createCofhesdkClient
-     * web/ uses zama "tfhe"
-     * node/ uses zama "node-tfhe"
-     * Users should not set this manually.
-     */
-    private getCompactPkeCrsDeserializerOrThrow;
     /**
      * zkVerifierUrl is included in the chains exported from cofhesdk/chains for use in CofhesdkConfig.supportedChains
      * Users should generally not set this manually.
@@ -660,15 +762,6 @@ declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuil
      * If the key/crs already exists in the store it is returned, else it is fetched, stored, and returned
      */
     private fetchFheKeyAndCrs;
-    /**
-     * zkBuilderAndCrsGenerator is a platform-specific dependency injected into core/createCofhesdkClientBase by web/createCofhesdkClient and node/createCofhesdkClient
-     * web/ uses zama "tfhe"
-     * node/ uses zama "node-tfhe"
-     * Users should not set this manually.
-     *
-     * Generates the zkBuilder and zkCrs from the fheKey and crs
-     */
-    private generateZkBuilderAndCrs;
     /**
      * @dev Encrypt against the cofheMocks instead of CoFHE
      *
@@ -700,7 +793,7 @@ declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuil
      *
      * @returns The encrypted inputs.
      */
-    encrypt(): Promise<Result<[...EncryptedItemInputs<T>]>>;
+    encrypt(): Promise<[...EncryptedItemInputs<T>]>;
 }
 
 declare const permits: {
@@ -745,33 +838,30 @@ declare const permits: {
             };
         };
     }) => void) => () => void;
-    createSelf: (options: CreateSelfPermitOptions, publicClient: PublicClient, walletClient: WalletClient) => Promise<Permit>;
-    createSharing: (options: CreateSharingPermitOptions, publicClient: PublicClient, walletClient: WalletClient) => Promise<Permit>;
-    importShared: (options: ImportSharedPermitOptions | any | string, publicClient: PublicClient, walletClient: WalletClient) => Promise<Permit>;
+    createSelf: (options: CreateSelfPermitOptions, publicClient: PublicClient, walletClient: WalletClient) => Promise<SelfPermit>;
+    createSharing: (options: CreateSharingPermitOptions, publicClient: PublicClient, walletClient: WalletClient) => Promise<SharingPermit>;
+    importShared: (options: ImportSharedPermitOptions | string, publicClient: PublicClient, walletClient: WalletClient) => Promise<RecipientPermit>;
+    getOrCreateSelfPermit: (publicClient: PublicClient, walletClient: WalletClient, chainId?: number, account?: string, options?: CreateSelfPermitOptions) => Promise<Permit>;
+    getOrCreateSharingPermit: (publicClient: PublicClient, walletClient: WalletClient, options: CreateSharingPermitOptions, chainId?: number, account?: string) => Promise<Permit>;
     getHash: (permit: Permit) => string;
     serialize: (permit: Permit) => SerializedPermit;
     deserialize: (serialized: SerializedPermit) => Permit;
     getPermit: (chainId: number, account: string, hash: string) => Promise<Permit | undefined>;
     getPermits: (chainId: number, account: string) => Promise<Record<string, Permit>>;
     getActivePermit: (chainId: number, account: string) => Promise<Permit | undefined>;
-    getActivePermitHash: (chainId: number, account: string) => Promise<string | undefined>;
-    removePermit: (chainId: number, account: string, hash: string) => Promise<void>;
-    selectActivePermit: (chainId: number, account: string, hash: string) => Promise<void>;
+    getActivePermitHash: (chainId: number, account: string) => string | undefined;
+    removePermit: (chainId: number, account: string, hash: string, force?: boolean) => Promise<void>;
+    selectActivePermit: (chainId: number, account: string, hash: string) => void;
     removeActivePermit: (chainId: number, account: string) => Promise<void>;
 };
 
-type Primitive = null | undefined | string | number | boolean | symbol | bigint;
-type LiteralToPrimitive<T> = T extends number ? number : T extends bigint ? bigint : T extends string ? string : T extends boolean ? boolean : T extends symbol ? symbol : T extends null ? null : T extends undefined ? undefined : never;
-type CofhesdkClient = {
+type CofhesdkClient<TConfig extends CofhesdkConfig = CofhesdkConfig> = {
     getSnapshot(): CofhesdkClientConnectionState;
     subscribe(listener: Listener): () => void;
-    readonly initializationResults: {
-        keyFetchResult: Promise<Result<boolean>>;
-    };
     readonly connected: boolean;
     readonly connecting: boolean;
-    readonly config: CofhesdkConfig;
-    connect(publicClient: PublicClient, walletClient: WalletClient): Promise<Result<boolean>>;
+    readonly config: TConfig;
+    connect(publicClient: PublicClient, walletClient: WalletClient): Promise<void>;
     /**
      * Types docstring
      */
@@ -784,170 +874,41 @@ type CofhesdkClientConnectionState = {
     connecting: boolean;
     connectError: unknown | undefined;
     chainId: number | undefined;
-    account: string | undefined;
+    account: `0x${string}` | undefined;
+    publicClient: PublicClient | undefined;
+    walletClient: WalletClient | undefined;
 };
 type Listener = (snapshot: CofhesdkClientConnectionState) => void;
+type CofhesdkClientPermitsClients = {
+    publicClient: PublicClient;
+    walletClient: WalletClient;
+};
 type CofhesdkClientPermits = {
     getSnapshot: typeof permits.getSnapshot;
     subscribe: typeof permits.subscribe;
-    createSelf: (options: CreateSelfPermitOptions) => Promise<Result<Permit>>;
-    createSharing: (options: CreateSharingPermitOptions) => Promise<Result<Permit>>;
-    importShared: (options: ImportSharedPermitOptions | any | string) => Promise<Result<Permit>>;
-    getPermit: (hash: string, chainId?: number, account?: string) => Promise<Result<Permit | undefined>>;
-    getPermits: (chainId?: number, account?: string) => Promise<Result<Record<string, Permit>>>;
-    getActivePermit: (chainId?: number, account?: string) => Promise<Result<Permit | undefined>>;
-    getActivePermitHash: (chainId?: number, account?: string) => Promise<Result<string | undefined>>;
-    selectActivePermit: (hash: string, chainId?: number, account?: string) => Promise<Result<void>>;
-    removePermit: (hash: string, chainId?: number, account?: string) => Promise<Result<void>>;
-    removeActivePermit: (chainId?: number, account?: string) => Promise<Result<void>>;
+    createSelf: (options: CreateSelfPermitOptions, clients?: CofhesdkClientPermitsClients) => Promise<SelfPermit>;
+    createSharing: (options: CreateSharingPermitOptions, clients?: CofhesdkClientPermitsClients) => Promise<SharingPermit>;
+    importShared: (options: ImportSharedPermitOptions | string, clients?: CofhesdkClientPermitsClients) => Promise<RecipientPermit>;
+    getPermit: (hash: string, chainId?: number, account?: string) => Promise<Permit | undefined>;
+    getPermits: (chainId?: number, account?: string) => Promise<Record<string, Permit>>;
+    getActivePermit: (chainId?: number, account?: string) => Promise<Permit | undefined>;
+    getActivePermitHash: (chainId?: number, account?: string) => Promise<string | undefined>;
+    getOrCreateSelfPermit: (chainId?: number, account?: string, options?: CreateSelfPermitOptions) => Promise<Permit>;
+    getOrCreateSharingPermit: (options: CreateSharingPermitOptions, chainId?: number, account?: string) => Promise<Permit>;
+    selectActivePermit: (hash: string, chainId?: number, account?: string) => void;
+    removePermit: (hash: string, chainId?: number, account?: string, force?: boolean) => void;
+    removeActivePermit: (chainId?: number, account?: string) => void;
     getHash: typeof PermitUtils.getHash;
     serialize: typeof PermitUtils.serialize;
     deserialize: typeof PermitUtils.deserialize;
 };
-type TfheInitializer = () => Promise<boolean>;
-type CofhesdkClientParams = {
-    config: CofhesdkConfig;
+type CofhesdkClientParams<TConfig extends CofhesdkConfig> = {
+    config: TConfig;
     zkBuilderAndCrsGenerator: ZkBuilderAndCrsGenerator;
     tfhePublicKeyDeserializer: FheKeyDeserializer;
     compactPkeCrsDeserializer: FheKeyDeserializer;
     initTfhe: TfheInitializer;
+    zkProveWorkerFn?: ZkProveWorkerFunction;
 };
-interface IStorage {
-    getItem: (name: string) => Promise<any>;
-    setItem: (name: string, value: any) => Promise<void>;
-    removeItem: (name: string) => Promise<void>;
-}
-declare enum FheTypes {
-    Bool = 0,
-    Uint4 = 1,
-    Uint8 = 2,
-    Uint16 = 3,
-    Uint32 = 4,
-    Uint64 = 5,
-    Uint128 = 6,
-    Uint160 = 7,
-    Uint256 = 8,
-    Uint512 = 9,
-    Uint1024 = 10,
-    Uint2048 = 11,
-    Uint2 = 12,
-    Uint6 = 13,
-    Uint10 = 14,
-    Uint12 = 15,
-    Uint14 = 16,
-    Int2 = 17,
-    Int4 = 18,
-    Int6 = 19,
-    Int8 = 20,
-    Int10 = 21,
-    Int12 = 22,
-    Int14 = 23,
-    Int16 = 24,
-    Int32 = 25,
-    Int64 = 26,
-    Int128 = 27,
-    Int160 = 28,
-    Int256 = 29
-}
-/**
- * List of All FHE uint types (excludes bool and address)
- */
-declare const FheUintUTypes: readonly [FheTypes.Uint8, FheTypes.Uint16, FheTypes.Uint32, FheTypes.Uint64, FheTypes.Uint128];
-type FheUintUTypesType = (typeof FheUintUTypes)[number];
-/**
- * List of All FHE types (uints, bool, and address)
- */
-declare const FheAllUTypes: readonly [FheTypes.Bool, FheTypes.Uint8, FheTypes.Uint16, FheTypes.Uint32, FheTypes.Uint64, FheTypes.Uint128, FheTypes.Uint160];
-type EncryptedNumber = {
-    data: Uint8Array;
-    securityZone: number;
-};
-type EncryptedItemInput = {
-    ctHash: bigint;
-    securityZone: number;
-    utype: FheTypes;
-    signature: string;
-};
-type EncryptedBoolInput = EncryptedItemInput & {
-    utype: FheTypes.Bool;
-};
-type EncryptedUint8Input = EncryptedItemInput & {
-    utype: FheTypes.Uint8;
-};
-type EncryptedUint16Input = EncryptedItemInput & {
-    utype: FheTypes.Uint16;
-};
-type EncryptedUint32Input = EncryptedItemInput & {
-    utype: FheTypes.Uint32;
-};
-type EncryptedUint64Input = EncryptedItemInput & {
-    utype: FheTypes.Uint64;
-};
-type EncryptedUint128Input = EncryptedItemInput & {
-    utype: FheTypes.Uint128;
-};
-type EncryptedUint256Input = EncryptedItemInput & {
-    utype: FheTypes.Uint256;
-};
-type EncryptedAddressInput = EncryptedItemInput & {
-    utype: FheTypes.Uint160;
-};
-type EncryptableBool = {
-    data: boolean;
-    utype: FheTypes.Bool;
-};
-type EncryptableUint8 = {
-    data: string | bigint;
-    utype: FheTypes.Uint8;
-};
-type EncryptableUint16 = {
-    data: string | bigint;
-    utype: FheTypes.Uint16;
-};
-type EncryptableUint32 = {
-    data: string | bigint;
-    utype: FheTypes.Uint32;
-};
-type EncryptableUint64 = {
-    data: string | bigint;
-    utype: FheTypes.Uint64;
-};
-type EncryptableUint128 = {
-    data: string | bigint;
-    utype: FheTypes.Uint128;
-};
-type EncryptableAddress = {
-    data: string | bigint;
-    utype: FheTypes.Uint160;
-};
-declare const Encryptable: {
-    readonly bool: (data: EncryptableBool["data"], securityZone?: number) => EncryptableBool;
-    readonly address: (data: EncryptableAddress["data"], securityZone?: number) => EncryptableAddress;
-    readonly uint8: (data: EncryptableUint8["data"], securityZone?: number) => EncryptableUint8;
-    readonly uint16: (data: EncryptableUint16["data"], securityZone?: number) => EncryptableUint16;
-    readonly uint32: (data: EncryptableUint32["data"], securityZone?: number) => EncryptableUint32;
-    readonly uint64: (data: EncryptableUint64["data"], securityZone?: number) => EncryptableUint64;
-    readonly uint128: (data: EncryptableUint128["data"], securityZone?: number) => EncryptableUint128;
-};
-type EncryptableItem = EncryptableBool | EncryptableUint8 | EncryptableUint16 | EncryptableUint32 | EncryptableUint64 | EncryptableUint128 | EncryptableAddress;
-type EncryptableToEncryptedItemInputMap<E extends EncryptableItem> = E extends EncryptableBool ? EncryptedBoolInput : E extends EncryptableUint8 ? EncryptedUint8Input : E extends EncryptableUint16 ? EncryptedUint16Input : E extends EncryptableUint32 ? EncryptedUint32Input : E extends EncryptableUint64 ? EncryptedUint64Input : E extends EncryptableUint128 ? EncryptedUint128Input : E extends EncryptableAddress ? EncryptedAddressInput : never;
-type EncryptedItemInputs<T> = T extends Primitive ? LiteralToPrimitive<T> : T extends EncryptableItem ? EncryptableToEncryptedItemInputMap<T> : {
-    [K in keyof T]: EncryptedItemInputs<T[K]>;
-};
-declare function isEncryptableItem(value: unknown): value is EncryptableItem;
-declare enum EncryptStep {
-    InitTfhe = "initTfhe",
-    FetchKeys = "fetchKeys",
-    Pack = "pack",
-    Prove = "prove",
-    Verify = "verify"
-}
-type EncryptStepCallbackContext = Record<string, any> & {
-    isStart: boolean;
-    isEnd: boolean;
-    duration: number;
-};
-type EncryptStepCallbackFunction = (state: EncryptStep, context?: EncryptStepCallbackContext) => void;
-type UnsealedItem<U extends FheTypes> = U extends FheTypes.Bool ? boolean : U extends FheTypes.Uint160 ? string : U extends FheUintUTypesType ? bigint : never;
 
-export { fetchMultichainKeys as $, type EncryptableToEncryptedItemInputMap as A, type EncryptStepCallbackFunction as B, type CofhesdkClientParams as C, FheUintUTypes as D, type EncryptableItem as E, FheTypes as F, FheAllUTypes as G, Encryptable as H, type IStorage as I, isEncryptableItem as J, EncryptStep as K, type LiteralToPrimitive as L, CofhesdkError as M, CofhesdkErrorCode as N, isCofhesdkError as O, type Primitive as P, type CofhesdkErrorParams as Q, ResultErr as R, ResultOk as S, ResultErrOrInternal as T, type UnsealedItem as U, ResultHttpError as V, ResultValidationError as W, resultWrapper as X, resultWrapperSync as Y, type Result as Z, fetchKeys as _, type CofhesdkClient as a, type FheKeyDeserializer as a0, createKeysStore as a1, type KeysStorage as a2, type KeysStore as a3, EncryptInputsBuilder as a4, DecryptHandlesBuilder as a5, type ZkBuilderAndCrsGenerator as a6, type CofhesdkConfig as b, createCofhesdkConfigBase as c, type CofhesdkInputConfig as d, type CofhesdkInternalConfig as e, type CofhesdkClientConnectionState as f, getCofhesdkConfigItem as g, type CofhesdkClientPermits as h, type EncryptableBool as i, type EncryptableUint8 as j, type EncryptableUint16 as k, type EncryptableUint32 as l, type EncryptableUint64 as m, type EncryptableUint128 as n, type EncryptableAddress as o, type EncryptedNumber as p, type EncryptedItemInput as q, type EncryptedBoolInput as r, type EncryptedUint8Input as s, type EncryptedUint16Input as t, type EncryptedUint32Input as u, type EncryptedUint64Input as v, type EncryptedUint128Input as w, type EncryptedUint256Input as x, type EncryptedAddressInput as y, type EncryptedItemInputs as z };
+export { type ZkProveWorkerResponse as $, type FheTypeValue as A, type EncryptStepCallbackFunction as B, type CofhesdkInputConfig as C, type EncryptStepCallbackContext as D, type EncryptableItem as E, FheTypes as F, FheUintUTypes as G, FheAllUTypes as H, type IStorage as I, Encryptable as J, isEncryptableItem as K, type LiteralToPrimitive as L, EncryptStep as M, isLastEncryptionStep as N, assertCorrectEncryptedItemInput as O, type Primitive as P, fetchKeys as Q, type FheKeyDeserializer as R, createKeysStore as S, type KeysStorage as T, type UnsealedItem as U, type KeysStore as V, EncryptInputsBuilder as W, DecryptHandlesBuilder as X, type ZkProveWorkerFunction as Y, type ZkBuilderAndCrsGenerator as Z, type ZkProveWorkerRequest as _, type CofhesdkConfig as a, zkProveWithWorker as a0, type CofhesdkClient as b, type CofhesdkClientConnectionState as c, type CofhesdkClientParams as d, createCofhesdkConfigBase as e, type CofhesdkInternalConfig as f, getCofhesdkConfigItem as g, type CofhesdkClientPermits as h, type EncryptableBool as i, type EncryptableUint8 as j, type EncryptableUint16 as k, type EncryptableUint32 as l, type EncryptableUint64 as m, type EncryptableUint128 as n, type EncryptableAddress as o, type EncryptedNumber as p, type EncryptedItemInput as q, type EncryptedBoolInput as r, type EncryptedUint8Input as s, type EncryptedUint16Input as t, type EncryptedUint32Input as u, type EncryptedUint64Input as v, type EncryptedUint128Input as w, type EncryptedAddressInput as x, type EncryptedItemInputs as y, type EncryptableToEncryptedItemInputMap as z };