@cofhe/sdk 0.1.1 → 0.2.1

package/dist/{chunk-LU7BMUUT.js → chunk-R3B5TMVX.js}

@@ -1,4 +1,4 @@
-import { isAddress, zeroAddress, keccak256, toHex, parseAbi } from 'viem';
+import { isAddress, getAddress, zeroAddress, isHex, keccak256, toHex, parseAbi, BaseError, ContractFunctionRevertedError, decodeErrorResult } from 'viem';
 import * as nacl from 'tweetnacl';
 import { z } from 'zod';
 import { createStore } from 'zustand/vanilla';
@@ -54,9 +54,6 @@ function isBigIntOrNumber(value) {
     }
   }
 }
-function is0xPrefixed(value) {
-  return value.startsWith("0x");
-}
 
 // permits/sealing.ts
 var PRIVATE_KEY_LENGTH = 64;
@@ -136,7 +133,7 @@ var SealingKey = class _SealingKey {
     };
   };
 };
-var GenerateSealingKey = async () => {
+var GenerateSealingKey = () => {
   const sodiumKeypair = nacl.box.keyPair();
   return new SealingKey(toHexString(sodiumKeypair.secretKey), toHexString(sodiumKeypair.publicKey));
 };
@@ -144,145 +141,137 @@ var SerializedSealingPair = z.object({
   privateKey: z.string(),
   publicKey: z.string()
 });
+var addressSchema = z.string().refine((val) => isAddress(val), {
+  error: "Invalid address"
+}).transform((val) => getAddress(val));
+var addressNotZeroSchema = addressSchema.refine((val) => val !== zeroAddress, {
+  error: "Must not be zeroAddress"
+});
+var bytesSchema = z.custom(
+  (val) => {
+    return typeof val === "string" && isHex(val);
+  },
+  {
+    message: "Invalid hex value"
+  }
+);
+var bytesNotEmptySchema = bytesSchema.refine((val) => val !== "0x", {
+  error: "Must not be empty"
+});
+var DEFAULT_EXPIRATION_FN = () => Math.round(Date.now() / 1e3) + 7 * 24 * 60 * 60;
 var zPermitWithDefaults = z.object({
   name: z.string().optional().default("Unnamed Permit"),
   type: z.enum(["self", "sharing", "recipient"]),
-  issuer: z.string().refine((val) => isAddress(val), {
-    message: "Permit issuer :: invalid address"
-  }).refine((val) => val !== zeroAddress, {
-    message: "Permit issuer :: must not be zeroAddress"
-  }),
-  expiration: z.number().optional().default(1e12),
-  recipient: z.string().optional().default(zeroAddress).refine((val) => isAddress(val), {
-    message: "Permit recipient :: invalid address"
-  }),
-  validatorId: z.number().optional().default(0),
-  validatorContract: z.string().optional().default(zeroAddress).refine((val) => isAddress(val), {
-    message: "Permit validatorContract :: invalid address"
-  }),
-  issuerSignature: z.string().optional().default("0x"),
-  recipientSignature: z.string().optional().default("0x")
+  issuer: addressNotZeroSchema,
+  expiration: z.int().optional().default(DEFAULT_EXPIRATION_FN),
+  recipient: addressSchema.optional().default(zeroAddress),
+  validatorId: z.int().optional().default(0),
+  validatorContract: addressSchema.optional().default(zeroAddress),
+  issuerSignature: bytesSchema.optional().default("0x"),
+  recipientSignature: bytesSchema.optional().default("0x")
 });
 var zPermitWithSealingPair = zPermitWithDefaults.extend({
   sealingPair: SerializedSealingPair.optional()
 });
-var ValidatorContractRefinement = [
+var ExternalValidatorRefinement = [
   (data) => data.validatorId !== 0 && data.validatorContract !== zeroAddress || data.validatorId === 0 && data.validatorContract === zeroAddress,
   {
-    message: "Permit external validator :: validatorId and validatorContract must either both be set or both be unset.",
+    error: "Permit external validator :: validatorId and validatorContract must either both be set or both be unset.",
     path: ["validatorId", "validatorContract"]
   }
 ];
+var RecipientRefinement = [
+  (data) => data.issuer !== data.recipient,
+  {
+    error: "Sharing permit :: issuer and recipient must not be the same",
+    path: ["issuer", "recipient"]
+  }
+];
 var SelfPermitOptionsValidator = z.object({
   type: z.literal("self").optional().default("self"),
-  issuer: z.string().refine((val) => isAddress(val), {
-    message: "Self permit issuer :: invalid address"
-  }).refine((val) => val !== zeroAddress, {
-    message: "Self permit issuer :: must not be zeroAddress"
-  }),
+  issuer: addressNotZeroSchema,
   name: z.string().optional().default("Unnamed Permit"),
-  expiration: z.number().optional().default(1e12),
-  recipient: z.string().optional().default(zeroAddress).refine((val) => isAddress(val), {
-    message: "Self permit recipient :: invalid address"
-  }).refine((val) => val === zeroAddress, {
-    message: "Self permit recipient :: must be zeroAddress"
-  }),
-  validatorId: z.number().optional().default(0),
-  validatorContract: z.string().optional().default(zeroAddress).refine((val) => isAddress(val), {
-    message: "Self permit validatorContract :: invalid address"
-  }),
-  issuerSignature: z.string().optional().default("0x").refine((val) => is0xPrefixed(val), {
-    message: "Self permit issuerSignature :: must be 0x prefixed"
-  }),
-  recipientSignature: z.string().optional().default("0x").refine((val) => is0xPrefixed(val), {
-    message: "Self permit recipientSignature :: must be 0x prefixed"
-  })
-}).refine(...ValidatorContractRefinement);
+  expiration: z.int().optional().default(DEFAULT_EXPIRATION_FN),
+  recipient: addressSchema.optional().default(zeroAddress),
+  validatorId: z.int().optional().default(0),
+  validatorContract: addressSchema.optional().default(zeroAddress),
+  issuerSignature: bytesSchema.optional().default("0x"),
+  recipientSignature: bytesSchema.optional().default("0x")
+}).refine(...ExternalValidatorRefinement);
 var SelfPermitValidator = zPermitWithSealingPair.refine((data) => data.type === "self", {
-  message: "Self permit :: type must be 'self'"
+  error: "Type must be 'self'"
 }).refine((data) => data.recipient === zeroAddress, {
-  message: "Self permit :: recipient must be zeroAddress"
+  error: "Recipient must be zeroAddress"
 }).refine((data) => data.issuerSignature !== "0x", {
-  message: "Self permit :: issuerSignature must be populated"
+  error: "IssuerSignature must be populated"
 }).refine((data) => data.recipientSignature === "0x", {
-  message: "Self permit :: recipientSignature must be empty"
-}).refine(...ValidatorContractRefinement);
+  error: "RecipientSignature must be empty"
+}).refine(...ExternalValidatorRefinement);
 var SharingPermitOptionsValidator = z.object({
   type: z.literal("sharing").optional().default("sharing"),
-  issuer: z.string().refine((val) => isAddress(val), {
-    message: "Sharing permit issuer :: invalid address"
-  }).refine((val) => val !== zeroAddress, {
-    message: "Sharing permit issuer :: must not be zeroAddress"
-  }),
-  recipient: z.string().refine((val) => isAddress(val), {
-    message: "Sharing permit recipient :: invalid address"
-  }).refine((val) => val !== zeroAddress, {
-    message: "Sharing permit recipient :: must not be zeroAddress"
-  }),
+  issuer: addressNotZeroSchema,
+  recipient: addressNotZeroSchema,
   name: z.string().optional().default("Unnamed Permit"),
-  expiration: z.number().optional().default(1e12),
-  validatorId: z.number().optional().default(0),
-  validatorContract: z.string().optional().default(zeroAddress).refine((val) => isAddress(val), {
-    message: "Sharing permit validatorContract :: invalid address"
-  }),
-  issuerSignature: z.string().optional().default("0x").refine((val) => is0xPrefixed(val), {
-    message: "Sharing permit issuerSignature :: must be 0x prefixed"
-  }),
-  recipientSignature: z.string().optional().default("0x").refine((val) => is0xPrefixed(val), {
-    message: "Sharing permit recipientSignature :: must be 0x prefixed"
-  })
-}).refine(...ValidatorContractRefinement);
+  expiration: z.int().optional().default(DEFAULT_EXPIRATION_FN),
+  validatorId: z.int().optional().default(0),
+  validatorContract: addressSchema.optional().default(zeroAddress),
+  issuerSignature: bytesSchema.optional().default("0x"),
+  recipientSignature: bytesSchema.optional().default("0x")
+}).refine(...RecipientRefinement).refine(...ExternalValidatorRefinement);
 var SharingPermitValidator = zPermitWithSealingPair.refine((data) => data.type === "sharing", {
-  message: "Sharing permit :: type must be 'sharing'"
+  error: "Type must be 'sharing'"
 }).refine((data) => data.recipient !== zeroAddress, {
-  message: "Sharing permit :: recipient must not be zeroAddress"
+  error: "Recipient must not be zeroAddress"
 }).refine((data) => data.issuerSignature !== "0x", {
-  message: "Sharing permit :: issuerSignature must be populated"
+  error: "IssuerSignature must be populated"
 }).refine((data) => data.recipientSignature === "0x", {
-  message: "Sharing permit :: recipientSignature must be empty"
-}).refine(...ValidatorContractRefinement);
+  error: "RecipientSignature must be empty"
+}).refine(...ExternalValidatorRefinement);
 var ImportPermitOptionsValidator = z.object({
   type: z.literal("recipient").optional().default("recipient"),
-  issuer: z.string().refine((val) => isAddress(val), {
-    message: "Import permit issuer :: invalid address"
-  }).refine((val) => val !== zeroAddress, {
-    message: "Import permit issuer :: must not be zeroAddress"
-  }),
-  recipient: z.string().refine((val) => isAddress(val), {
-    message: "Import permit recipient :: invalid address"
-  }).refine((val) => val !== zeroAddress, {
-    message: "Import permit recipient :: must not be zeroAddress"
-  }),
-  issuerSignature: z.string().refine((val) => is0xPrefixed(val), {
-    message: "Import permit issuerSignature :: must be 0x prefixed"
-  }).refine((val) => val !== "0x", {
-    message: "Import permit :: issuerSignature must be provided"
-  }),
+  issuer: addressNotZeroSchema,
+  recipient: addressNotZeroSchema,
   name: z.string().optional().default("Unnamed Permit"),
-  expiration: z.number().optional().default(1e12),
-  validatorId: z.number().optional().default(0),
-  validatorContract: z.string().optional().default(zeroAddress).refine((val) => isAddress(val), {
-    message: "Import permit validatorContract :: invalid address"
-  }),
-  recipientSignature: z.string().optional().default("0x").refine((val) => is0xPrefixed(val), {
-    message: "Import permit recipientSignature :: must be 0x prefixed"
-  })
-}).refine(...ValidatorContractRefinement);
+  expiration: z.int(),
+  validatorId: z.int().optional().default(0),
+  validatorContract: addressSchema.optional().default(zeroAddress),
+  issuerSignature: bytesNotEmptySchema,
+  recipientSignature: bytesSchema.optional().default("0x")
+}).refine(...ExternalValidatorRefinement);
 var ImportPermitValidator = zPermitWithSealingPair.refine((data) => data.type === "recipient", {
-  message: "Import permit :: type must be 'recipient'"
+  error: "Type must be 'recipient'"
 }).refine((data) => data.recipient !== zeroAddress, {
-  message: "Import permit :: recipient must not be zeroAddress"
+  error: "Recipient must not be zeroAddress"
 }).refine((data) => data.issuerSignature !== "0x", {
-  message: "Import permit :: issuerSignature must be populated"
+  error: "IssuerSignature must be populated"
 }).refine((data) => data.recipientSignature !== "0x", {
-  message: "Import permit :: recipientSignature must be populated"
-}).refine(...ValidatorContractRefinement);
-var validateSelfPermitOptions = (options) => SelfPermitOptionsValidator.safeParse(options);
-var validateSharingPermitOptions = (options) => SharingPermitOptionsValidator.safeParse(options);
-var validateImportPermitOptions = (options) => ImportPermitOptionsValidator.safeParse(options);
-var validateSelfPermit = (permit) => SelfPermitValidator.safeParse(permit);
-var validateSharingPermit = (permit) => SharingPermitValidator.safeParse(permit);
-var validateImportPermit = (permit) => ImportPermitValidator.safeParse(permit);
+  error: "RecipientSignature must be populated"
+}).refine(...ExternalValidatorRefinement);
+var safeParseAndThrowFormatted = (schema, data, message) => {
+  const result = schema.safeParse(data);
+  if (!result.success) {
+    throw new Error(`${message}: ${z.prettifyError(result.error)}`, { cause: result.error });
+  }
+  return result.data;
+};
+var validateSelfPermitOptions = (options) => {
+  return safeParseAndThrowFormatted(SelfPermitOptionsValidator, options, "Invalid self permit options");
+};
+var validateSharingPermitOptions = (options) => {
+  return safeParseAndThrowFormatted(SharingPermitOptionsValidator, options, "Invalid sharing permit options");
+};
+var validateImportPermitOptions = (options) => {
+  return safeParseAndThrowFormatted(ImportPermitOptionsValidator, options, "Invalid import permit options");
+};
+var validateSelfPermit = (permit) => {
+  return safeParseAndThrowFormatted(SelfPermitValidator, permit, "Invalid self permit");
+};
+var validateSharingPermit = (permit) => {
+  return safeParseAndThrowFormatted(SharingPermitValidator, permit, "Invalid sharing permit");
+};
+var validateImportPermit = (permit) => {
+  return safeParseAndThrowFormatted(ImportPermitValidator, permit, "Invalid import permit");
+};
 var ValidationUtils = {
   /**
    * Check if permit is expired
@@ -377,75 +366,247 @@ var SignatureUtils = {
   }
 };
 
+// core/consts.ts
+var TASK_MANAGER_ADDRESS = "0xeA30c4B8b44078Bbf8a6ef5b9f1eC1626C7848D9";
+var MOCKS_ZK_VERIFIER_ADDRESS = "0x0000000000000000000000000000000000005001";
+var MOCKS_QUERY_DECRYPTER_ADDRESS = "0x0000000000000000000000000000000000005002";
+var TEST_BED_ADDRESS = "0x0000000000000000000000000000000000005003";
+var MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY = "0x6C8D7F768A6BB4AAFE85E8A2F5A9680355239C7E14646ED62B044E39DE154512";
+var MOCKS_ZK_VERIFIER_SIGNER_ADDRESS = "0x6E12D8C87503D4287c294f2Fdef96ACd9DFf6bd2";
+
+// permits/onchain-utils.ts
+var getAclAddress = async (publicClient) => {
+  const ACL_IFACE = "function acl() view returns (address)";
+  const aclAbi = parseAbi([ACL_IFACE]);
+  return await publicClient.readContract({
+    address: TASK_MANAGER_ADDRESS,
+    abi: aclAbi,
+    functionName: "acl"
+  });
+};
+var getAclEIP712Domain = async (publicClient) => {
+  const aclAddress = await getAclAddress(publicClient);
+  const EIP712_DOMAIN_IFACE = "function eip712Domain() public view returns (bytes1 fields, string name, string version, uint256 chainId, address verifyingContract, bytes32 salt, uint256[] extensions)";
+  const domainAbi = parseAbi([EIP712_DOMAIN_IFACE]);
+  const domain = await publicClient.readContract({
+    address: aclAddress,
+    abi: domainAbi,
+    functionName: "eip712Domain"
+  });
+  const [_fields, name, version, chainId, verifyingContract, _salt, _extensions] = domain;
+  return {
+    name,
+    version,
+    chainId: Number(chainId),
+    verifyingContract
+  };
+};
+var checkPermitValidityOnChain = async (permission, publicClient) => {
+  const aclAddress = await getAclAddress(publicClient);
+  try {
+    await publicClient.simulateContract({
+      address: aclAddress,
+      abi: checkPermitValidityAbi,
+      functionName: "checkPermitValidity",
+      args: [
+        {
+          issuer: permission.issuer,
+          expiration: BigInt(permission.expiration),
+          recipient: permission.recipient,
+          validatorId: BigInt(permission.validatorId),
+          validatorContract: permission.validatorContract,
+          sealingKey: permission.sealingKey,
+          issuerSignature: permission.issuerSignature,
+          recipientSignature: permission.recipientSignature
+        }
+      ]
+    });
+    return true;
+  } catch (err) {
+    if (err instanceof BaseError) {
+      const revertError = err.walk((err2) => err2 instanceof ContractFunctionRevertedError);
+      if (revertError instanceof ContractFunctionRevertedError) {
+        const errorName = revertError.data?.errorName ?? "";
+        throw new Error(errorName);
+      }
+    }
+    const customErrorName = extractCustomErrorFromDetails(err, checkPermitValidityAbi);
+    if (customErrorName) {
+      throw new Error(customErrorName);
+    }
+    const hhDetailsData = extractReturnData(err);
+    if (hhDetailsData != null) {
+      const decoded = decodeErrorResult({
+        abi: checkPermitValidityAbi,
+        data: hhDetailsData
+      });
+      throw new Error(decoded.errorName);
+    }
+    throw err;
+  }
+};
+function extractCustomErrorFromDetails(err, abi) {
+  const anyErr = err;
+  const details = anyErr?.details ?? anyErr?.cause?.details;
+  if (typeof details === "string") {
+    const customErrorMatch = details.match(/reverted with custom error '(\w+)\(\)'/);
+    if (customErrorMatch) {
+      const errorName = customErrorMatch[1];
+      const errorExists = abi.some((item) => item.type === "error" && item.name === errorName);
+      if (errorExists) {
+        return errorName;
+      }
+    }
+  }
+  return void 0;
+}
+function extractReturnData(err) {
+  const anyErr = err;
+  const s = anyErr?.details ?? anyErr?.cause?.details ?? anyErr?.shortMessage ?? anyErr?.message ?? String(err);
+  return s.match(/return data:\s*(0x[a-fA-F0-9]+)/)?.[1];
+}
+var checkPermitValidityAbi = [
+  {
+    type: "function",
+    name: "checkPermitValidity",
+    inputs: [
+      {
+        name: "permission",
+        type: "tuple",
+        internalType: "struct Permission",
+        components: [
+          {
+            name: "issuer",
+            type: "address",
+            internalType: "address"
+          },
+          {
+            name: "expiration",
+            type: "uint64",
+            internalType: "uint64"
+          },
+          {
+            name: "recipient",
+            type: "address",
+            internalType: "address"
+          },
+          {
+            name: "validatorId",
+            type: "uint256",
+            internalType: "uint256"
+          },
+          {
+            name: "validatorContract",
+            type: "address",
+            internalType: "address"
+          },
+          {
+            name: "sealingKey",
+            type: "bytes32",
+            internalType: "bytes32"
+          },
+          {
+            name: "issuerSignature",
+            type: "bytes",
+            internalType: "bytes"
+          },
+          {
+            name: "recipientSignature",
+            type: "bytes",
+            internalType: "bytes"
+          }
+        ]
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "bool",
+        internalType: "bool"
+      }
+    ],
+    stateMutability: "view"
+  },
+  {
+    type: "error",
+    name: "PermissionInvalid_Disabled",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "PermissionInvalid_Expired",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "PermissionInvalid_IssuerSignature",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "PermissionInvalid_RecipientSignature",
+    inputs: []
+  }
+];
+
 // permits/permit.ts
 var PermitUtils = {
   /**
    * Create a self permit for personal use
    */
-  createSelf: async (options) => {
+  createSelf: (options) => {
     const validation = validateSelfPermitOptions(options);
-    if (!validation.success) {
-      throw new Error(
-        "PermitUtils :: createSelf :: Parsing SelfPermitOptions failed " + JSON.stringify(validation.error, null, 2)
-      );
-    }
-    const sealingPair = await GenerateSealingKey();
-    return {
-      ...validation.data,
+    const sealingPair = GenerateSealingKey();
+    const permit = {
+      hash: PermitUtils.getHash(validation),
+      ...validation,
       sealingPair,
       _signedDomain: void 0
     };
+    return permit;
   },
   /**
    * Create a sharing permit to be shared with another user
    */
-  createSharing: async (options) => {
+  createSharing: (options) => {
     const validation = validateSharingPermitOptions(options);
-    if (!validation.success) {
-      throw new Error(
-        "PermitUtils :: createSharing :: Parsing SharingPermitOptions failed " + JSON.stringify(validation.error, null, 2)
-      );
-    }
-    const sealingPair = await GenerateSealingKey();
-    return {
-      ...validation.data,
+    const sealingPair = GenerateSealingKey();
+    const permit = {
+      hash: PermitUtils.getHash(validation),
+      ...validation,
       sealingPair,
       _signedDomain: void 0
     };
+    return permit;
   },
   /**
    * Import a shared permit from various input formats
    */
-  importShared: async (options) => {
+  importShared: (options) => {
     let parsedOptions;
     if (typeof options === "string") {
       try {
         parsedOptions = JSON.parse(options);
       } catch (error) {
-        throw new Error(`PermitUtils :: importShared :: Failed to parse JSON string: ${error}`);
+        throw new Error(`Failed to parse JSON string: ${error}`);
       }
     } else if (typeof options === "object" && options !== null) {
       parsedOptions = options;
     } else {
-      throw new Error(
-        "PermitUtils :: importShared :: Invalid input type, expected ImportSharedPermitOptions, object, or string"
-      );
+      throw new Error("Invalid input type, expected ImportSharedPermitOptions, object, or string");
     }
     if (parsedOptions.type != null && parsedOptions.type !== "sharing") {
-      throw new Error(`PermitUtils :: importShared :: Invalid permit type <${parsedOptions.type}>, must be "sharing"`);
+      throw new Error(`Invalid permit type <${parsedOptions.type}>, must be "sharing"`);
     }
     const validation = validateImportPermitOptions({ ...parsedOptions, type: "recipient" });
-    if (!validation.success) {
-      throw new Error(
-        "PermitUtils :: importShared :: Parsing ImportPermitOptions failed " + JSON.stringify(validation.error, null, 2)
-      );
-    }
-    const sealingPair = await GenerateSealingKey();
-    return {
-      ...validation.data,
+    const sealingPair = GenerateSealingKey();
+    const permit = {
+      hash: PermitUtils.getHash(validation),
+      ...validation,
       sealingPair,
       _signedDomain: void 0
     };
+    return permit;
   },
   /**
    * Sign a permit with the provided wallet client
@@ -453,11 +614,11 @@ var PermitUtils = {
   sign: async (permit, publicClient, walletClient) => {
     if (walletClient == null || walletClient.account == null) {
       throw new Error(
-        "PermitUtils :: sign - walletClient undefined, you must pass in a `walletClient` for the connected user to create a permit signature"
+        "Missing walletClient, you must pass in a `walletClient` for the connected user to create a permit signature"
       );
     }
     const primaryType = SignatureUtils.getPrimaryType(permit.type);
-    const domain = await PermitUtils.fetchEIP712Domain(publicClient);
+    const domain = await getAclEIP712Domain(publicClient);
     const { types, message } = SignatureUtils.getSignatureParams(PermitUtils.getPermission(permit, true), primaryType);
     const signature = await walletClient.signTypedData({
       domain,
@@ -486,21 +647,21 @@ var PermitUtils = {
    * Create and sign a self permit in one operation
    */
   createSelfAndSign: async (options, publicClient, walletClient) => {
-    const permit = await PermitUtils.createSelf(options);
+    const permit = PermitUtils.createSelf(options);
     return PermitUtils.sign(permit, publicClient, walletClient);
   },
   /**
    * Create and sign a sharing permit in one operation
    */
   createSharingAndSign: async (options, publicClient, walletClient) => {
-    const permit = await PermitUtils.createSharing(options);
+    const permit = PermitUtils.createSharing(options);
     return PermitUtils.sign(permit, publicClient, walletClient);
   },
   /**
    * Import and sign a shared permit in one operation from various input formats
    */
   importSharedAndSign: async (options, publicClient, walletClient) => {
-    const permit = await PermitUtils.importShared(options);
+    const permit = PermitUtils.importShared(options);
     return PermitUtils.sign(permit, publicClient, walletClient);
   },
   /**
@@ -517,6 +678,7 @@ var PermitUtils = {
    */
   serialize: (permit) => {
     return {
+      hash: permit.hash,
       name: permit.name,
       type: permit.type,
       issuer: permit.issuer,
@@ -541,7 +703,7 @@ var PermitUtils = {
     } else if (permit.type === "recipient") {
       return validateImportPermit(permit);
     } else {
-      throw new Error("PermitUtils :: validate :: Invalid permit type");
+      throw new Error("Invalid permit type");
     }
   },
   /**
@@ -549,12 +711,7 @@ var PermitUtils = {
    */
   getPermission: (permit, skipValidation = false) => {
     if (!skipValidation) {
-      const validationResult = PermitUtils.validate(permit);
-      if (!validationResult.success) {
-        throw new Error(
-          `PermitUtils :: getPermission :: permit validation failed - ${JSON.stringify(validationResult.error, null, 2)} ${JSON.stringify(permit, null, 2)}`
-        );
-      }
+      PermitUtils.validate(permit);
     }
     return {
       issuer: permit.issuer,
@@ -635,28 +792,7 @@ var PermitUtils = {
    * Fetch EIP712 domain from the blockchain
    */
   fetchEIP712Domain: async (publicClient) => {
-    const TASK_MANAGER_ADDRESS = "0xeA30c4B8b44078Bbf8a6ef5b9f1eC1626C7848D9";
-    const ACL_IFACE = "function acl() view returns (address)";
-    const EIP712_DOMAIN_IFACE = "function eip712Domain() public view returns (bytes1 fields, string name, string version, uint256 chainId, address verifyingContract, bytes32 salt, uint256[] extensions)";
-    const aclAbi = parseAbi([ACL_IFACE]);
-    const aclAddress = await publicClient.readContract({
-      address: TASK_MANAGER_ADDRESS,
-      abi: aclAbi,
-      functionName: "acl"
-    });
-    const domainAbi = parseAbi([EIP712_DOMAIN_IFACE]);
-    const domain = await publicClient.readContract({
-      address: aclAddress,
-      abi: domainAbi,
-      functionName: "eip712Domain"
-    });
-    const [_fields, name, version, chainId, verifyingContract, _salt, _extensions] = domain;
-    return {
-      name,
-      version,
-      chainId: Number(chainId),
-      verifyingContract
-    };
+    return getAclEIP712Domain(publicClient);
   },
   /**
    * Check if permit's signed domain matches the provided domain
@@ -670,18 +806,23 @@ var PermitUtils = {
   checkSignedDomainValid: async (permit, publicClient) => {
     if (permit._signedDomain == null)
       return false;
-    const domain = await PermitUtils.fetchEIP712Domain(publicClient);
+    const domain = await getAclEIP712Domain(publicClient);
     return PermitUtils.matchesDomain(permit, domain);
+  },
+  /**
+   * Check if permit passes the on-chain validation
+   */
+  checkValidityOnChain: async (permit, publicClient) => {
+    const permission = PermitUtils.getPermission(permit);
+    return checkPermitValidityOnChain(permission, publicClient);
   }
 };
+var PERMIT_STORE_DEFAULTS = {
+  permits: {},
+  activePermitHash: {}
+};
 var _permitStore = createStore()(
-  persist(
-    () => ({
-      permits: {},
-      activePermitHash: {}
-    }),
-    { name: "cofhesdk-permits" }
-  )
+  persist(() => PERMIT_STORE_DEFAULTS, { name: "cofhesdk-permits" })
 );
 var clearStaleStore = () => {
   const state = _permitStore.getState();
@@ -727,11 +868,11 @@ var setPermit = (chainId, account, permit) => {
         state.permits[chainId] = {};
       if (state.permits[chainId][account] == null)
         state.permits[chainId][account] = {};
-      state.permits[chainId][account][PermitUtils.getHash(permit)] = PermitUtils.serialize(permit);
+      state.permits[chainId][account][permit.hash] = PermitUtils.serialize(permit);
     })
   );
 };
-var removePermit = (chainId, account, hash, force) => {
+var removePermit = (chainId, account, hash) => {
   clearStaleStore();
   _permitStore.setState(
     produce((state) => {
@@ -745,15 +886,7 @@ var removePermit = (chainId, account, hash, force) => {
       if (accountPermits[hash] == null)
         return;
       if (state.activePermitHash[chainId][account] === hash) {
-        const otherPermitHash = Object.keys(accountPermits).find((key) => key !== hash && accountPermits[key] != null);
-        if (otherPermitHash) {
-          state.activePermitHash[chainId][account] = otherPermitHash;
-        } else {
-          if (!force) {
-            throw new Error("Cannot remove the last permit without force flag");
-          }
-          state.activePermitHash[chainId][account] = void 0;
-        }
+        state.activePermitHash[chainId][account] = void 0;
       }
       accountPermits[hash] = void 0;
     })
@@ -801,4 +934,4 @@ var permitStore = {
   resetStore
 };
 
-export { GenerateSealingKey, ImportPermitOptionsValidator, ImportPermitValidator, PermitUtils, SealingKey, SelfPermitOptionsValidator, SelfPermitValidator, SharingPermitOptionsValidator, SharingPermitValidator, SignatureTypes, SignatureUtils, ValidationUtils, _permitStore, clearStaleStore, getActivePermit, getActivePermitHash, getPermit, getPermits, getSignatureTypesAndMessage, permitStore, removeActivePermitHash, removePermit, resetStore, setActivePermitHash, setPermit, validateImportPermit, validateImportPermitOptions, validateSelfPermit, validateSelfPermitOptions, validateSharingPermit, validateSharingPermitOptions };
+export { GenerateSealingKey, ImportPermitOptionsValidator, ImportPermitValidator, MOCKS_QUERY_DECRYPTER_ADDRESS, MOCKS_ZK_VERIFIER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY, PERMIT_STORE_DEFAULTS, PermitUtils, SealingKey, SelfPermitOptionsValidator, SelfPermitValidator, SharingPermitOptionsValidator, SharingPermitValidator, SignatureTypes, SignatureUtils, TASK_MANAGER_ADDRESS, TEST_BED_ADDRESS, ValidationUtils, _permitStore, addressNotZeroSchema, addressSchema, bytesNotEmptySchema, bytesSchema, clearStaleStore, getActivePermit, getActivePermitHash, getPermit, getPermits, getSignatureTypesAndMessage, permitStore, removeActivePermitHash, removePermit, resetStore, setActivePermitHash, setPermit, validateImportPermit, validateImportPermitOptions, validateSelfPermit, validateSelfPermitOptions, validateSharingPermit, validateSharingPermitOptions };