@cofhe/sdk 0.1.1 → 0.2.1

package/permits/store.test.ts

@@ -32,10 +32,9 @@ describe('Storage Tests', () => {
   describe('Permit Storage', () => {
     it('should store and retrieve permits', async () => {
       const permit = await createMockPermit();
-      const hash = PermitUtils.getHash(permit);
 
       setPermit(chainId, account, permit);
-      const retrieved = getPermit(chainId, account, hash);
+      const retrieved = getPermit(chainId, account, permit.hash);
 
       expect(retrieved).toBeDefined();
       expect(PermitUtils.serialize(retrieved!)).toEqual(PermitUtils.serialize(permit));
@@ -43,13 +42,9 @@ describe('Storage Tests', () => {
 
     it('should handle multiple permits per account', async () => {
       const permit1 = await createMockPermit();
-      const permit2 = {
-        ...(await createMockPermit()),
+      const permit2 = await createMockPermit({
         issuer: '0x0987654321098765432109876543210987654321' as `0x${string}`,
-      };
-
-      const hash1 = PermitUtils.getHash(permit1);
-      const hash2 = PermitUtils.getHash(permit2);
+      });
 
       setPermit(chainId, account, permit1);
       setPermit(chainId, account, permit2);
@@ -57,19 +52,18 @@ describe('Storage Tests', () => {
       const permits = getPermits(chainId, account);
       expect(Object.keys(permits)).toHaveLength(2);
 
-      expect(PermitUtils.serialize(permits[hash1])).toEqual(PermitUtils.serialize(permit1));
-      expect(PermitUtils.serialize(permits[hash2])).toEqual(PermitUtils.serialize(permit2));
+      expect(PermitUtils.serialize(permits[permit1.hash])).toEqual(PermitUtils.serialize(permit1));
+      expect(PermitUtils.serialize(permits[permit2.hash])).toEqual(PermitUtils.serialize(permit2));
     });
 
     it('should handle active permit hash', async () => {
       const permit = await createMockPermit();
-      const hash = PermitUtils.getHash(permit);
 
       setPermit(chainId, account, permit);
-      setActivePermitHash(chainId, account, hash);
+      setActivePermitHash(chainId, account, permit.hash);
 
       const activeHash = getActivePermitHash(chainId, account);
-      expect(activeHash).toBe(hash);
+      expect(activeHash).toBe(permit.hash);
 
       const activePermit = getActivePermit(chainId, account);
       expect(activePermit).toBeDefined();
@@ -78,51 +72,17 @@ describe('Storage Tests', () => {
 
     it('should remove permits', async () => {
       const permit = await createMockPermit();
-      const hash = PermitUtils.getHash(permit);
 
       setPermit(chainId, account, permit);
-      setActivePermitHash(chainId, account, hash);
+      setActivePermitHash(chainId, account, permit.hash);
 
-      removePermit(chainId, account, hash, true);
+      removePermit(chainId, account, permit.hash);
 
-      const retrieved = getPermit(chainId, account, hash);
+      const retrieved = getPermit(chainId, account, permit.hash);
       expect(retrieved).toBeUndefined();
 
       const activeHash = getActivePermitHash(chainId, account);
       expect(activeHash).toBeUndefined();
     });
-
-    it('should prevent removing last permit without force', async () => {
-      const permit = await createMockPermit();
-      const hash = PermitUtils.getHash(permit);
-
-      setPermit(chainId, account, permit);
-      setActivePermitHash(chainId, account, hash);
-
-      expect(() => {
-        removePermit(chainId, account, hash, false);
-      }).toThrow('Cannot remove the last permit without force flag');
-    });
-
-    it('should switch active permit when removing current active', async () => {
-      const permit1 = await createMockPermit();
-      const permit2 = {
-        ...(await createMockPermit()),
-        name: 'Second Permit',
-        issuer: '0x0987654321098765432109876543210987654321' as `0x${string}`, // Different issuer
-      };
-
-      const hash1 = PermitUtils.getHash(permit1);
-      const hash2 = PermitUtils.getHash(permit2);
-
-      setPermit(chainId, account, permit1);
-      setPermit(chainId, account, permit2);
-      setActivePermitHash(chainId, account, hash1);
-
-      removePermit(chainId, account, hash1, false);
-
-      const activeHash = getActivePermitHash(chainId, account);
-      expect(activeHash).toBe(hash2);
-    });
   });
 });

package/permits/store.ts

@@ -15,14 +15,12 @@ type PermitsStore = {
 
 // Stores generated permits for each user, a hash indicating the active permit for each user
 // Can be used to create reactive hooks
+export const PERMIT_STORE_DEFAULTS: PermitsStore = {
+  permits: {},
+  activePermitHash: {},
+};
 export const _permitStore = createStore<PermitsStore>()(
-  persist(
-    () => ({
-      permits: {},
-      activePermitHash: {},
-    }),
-    { name: 'cofhesdk-permits' }
-  )
+  persist(() => PERMIT_STORE_DEFAULTS, { name: 'cofhesdk-permits' })
 );
 
 export const clearStaleStore = () => {
@@ -84,12 +82,12 @@ export const setPermit = (chainId: number, account: string, permit: Permit) => {
     produce<PermitsStore>((state) => {
       if (state.permits[chainId] == null) state.permits[chainId] = {};
       if (state.permits[chainId][account] == null) state.permits[chainId][account] = {};
-      state.permits[chainId][account][PermitUtils.getHash(permit)] = PermitUtils.serialize(permit);
+      state.permits[chainId][account][permit.hash] = PermitUtils.serialize(permit);
     })
   );
 };
 
-export const removePermit = (chainId: number, account: string, hash: string, force?: boolean) => {
+export const removePermit = (chainId: number, account: string, hash: string) => {
   clearStaleStore();
   _permitStore.setState(
     produce<PermitsStore>((state) => {
@@ -102,18 +100,8 @@ export const removePermit = (chainId: number, account: string, hash: string, for
       if (accountPermits[hash] == null) return;
 
       if (state.activePermitHash[chainId][account] === hash) {
-        // Find other permits before removing
-        const otherPermitHash = Object.keys(accountPermits).find((key) => key !== hash && accountPermits[key] != null);
-
-        if (otherPermitHash) {
-          state.activePermitHash[chainId][account] = otherPermitHash;
-        } else {
-          if (!force) {
-            throw new Error('Cannot remove the last permit without force flag');
-          }
-          // Clear the active hash when removing the last permit with force
-          state.activePermitHash[chainId][account] = undefined;
-        }
+        // if the active permit is the one to be removed - unset it
+        state.activePermitHash[chainId][account] = undefined;
       }
       // Remove the permit
       accountPermits[hash] = undefined;

package/permits/test-utils.ts

@@ -1,9 +1,10 @@
 import { type Permit, type SerializedPermit, GenerateSealingKey, PermitUtils } from './index.js';
 
 // Mock permit for testing - using Bob's address as issuer
-export const createMockPermit = async (): Promise<Permit> => {
-  const sealingPair = await GenerateSealingKey();
-  const serializedPermit: SerializedPermit = {
+export const createMockPermit = async (overrides: Partial<Permit> = {}): Promise<Permit> => {
+  const sealingPair = GenerateSealingKey();
+
+  const fields = {
     name: 'Test Permit',
     type: 'self',
     issuer: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266', // Bob's address
@@ -15,6 +16,13 @@ export const createMockPermit = async (): Promise<Permit> => {
     issuerSignature: '0x',
     recipientSignature: '0x',
     _signedDomain: undefined,
+    ...overrides,
+  } as const;
+
+  const serializedPermit: SerializedPermit = {
+    hash: PermitUtils.getHash(fields),
+    ...fields,
   };
+
   return PermitUtils.deserialize(serializedPermit);
 };

package/permits/types.ts

@@ -1,4 +1,5 @@
 import { SealingKey as SealingKeyClass, type EthEncryptedData } from './sealing.js';
+import { type Hex } from 'viem';
 
 /**
  * EIP712 related types
@@ -9,7 +10,7 @@ export type EIP712Message = Record<string, string>;
 export type EIP712Domain = {
   chainId: number;
   name: string;
-  verifyingContract: `0x${string}`;
+  verifyingContract: Hex;
   version: string;
 };
 
@@ -29,6 +30,10 @@ export type { EthEncryptedData };
  * Core Permit interface - immutable design for React compatibility
  */
 export interface Permit {
+  /**
+   * Stable hash of relevant permit data, used as key in storage
+   */
+  hash: string;
   /**
    * Name for this permit, for organization and UI usage, not included in signature.
    */
@@ -43,7 +48,7 @@ export interface Permit {
   /**
    * (base) User that initially created the permission, target of data fetching
    */
-  issuer: `0x${string}`;
+  issuer: Hex;
   /**
    * (base) Expiration timestamp
    */
@@ -52,7 +57,7 @@ export interface Permit {
    * (sharing) The user that this permission will be shared with
    * ** optional, use `address(0)` to disable **
    */
-  recipient: `0x${string}`;
+  recipient: Hex;
   /**
    * (issuer defined validation) An id used to query a contract to check this permissions validity
    * ** optional, use `0` to disable **
@@ -62,7 +67,7 @@ export interface Permit {
    * (issuer defined validation) The contract to query to determine permission validity
    * ** optional, user `address(0)` to disable **
    */
-  validatorContract: `0x${string}`;
+  validatorContract: Hex;
   /**
    * (base) The publicKey of a sealingPair used to re-encrypt `issuer`s confidential data
    *   (non-sharing) Populated by `issuer`
@@ -75,13 +80,13 @@ export interface Permit {
    *   (non-sharing) < issuer, expiration, recipient, validatorId, validatorContract, sealingKey >
    *   (sharing)     < issuer, expiration, recipient, validatorId, validatorContract >
    */
-  issuerSignature: `0x${string}`;
+  issuerSignature: Hex;
   /**
    * (sharing) `signTypedData` signature created by `recipient` with format:
    * (sharing) < sealingKey, issuerSignature>
    * ** required for shared permits **
    */
-  recipientSignature: `0x${string}`;
+  recipientSignature: Hex;
   /**
    * EIP712 domain used to sign this permit.
    * Should not be set manually, included in metadata as part of serialization flows.
@@ -89,6 +94,23 @@ export interface Permit {
   _signedDomain?: EIP712Domain;
 }
 
+/**
+ * Permit discriminant helpers
+ */
+export type PermitType = Permit['type'];
+
+/**
+ * Utility type to narrow a permit to a specific discriminant.
+ *
+ * Note: this only narrows the `type` field. Runtime/validation constraints
+ * (e.g. recipient == zeroAddress for self permits) are enforced elsewhere.
+ */
+export type PermitOf<T extends PermitType> = Expand<Omit<Permit, 'type'> & { type: T }>;
+
+export type SelfPermit = PermitOf<'self'>;
+export type SharingPermit = PermitOf<'sharing'>;
+export type RecipientPermit = PermitOf<'recipient'>;
+
 /**
  * Optional additional metadata of a Permit
  * Can be passed into the constructor, but not necessary
@@ -132,7 +154,7 @@ export type ImportSharedPermitOptions = {
   recipient: string;
   issuerSignature: string;
   name?: string;
-  expiration?: number;
+  expiration: number;
   validatorId?: number;
   validatorContract?: string;
 };
@@ -149,11 +171,19 @@ export type SerializedPermit = Omit<Permit, 'sealingPair'> & {
  * A type representing the Permission struct that is passed to Permissioned.sol to grant encrypted data access.
  */
 export type Permission = Expand<
-  Omit<Permit, 'name' | 'type' | 'sealingPair'> & {
-    sealingKey: `0x${string}`;
+  Omit<Permit, 'name' | 'type' | 'sealingPair' | 'hash'> & {
+    sealingKey: Hex;
   }
 >;
 
+/**
+ * A type representing the permit fields that are used to generate the hash
+ */
+export type PermitHashFields = Pick<
+  Permit,
+  'type' | 'issuer' | 'expiration' | 'recipient' | 'validatorId' | 'validatorContract'
+>;
+
 /**
  * Validation result type
  */

package/permits/utils.ts

@@ -1,6 +1,5 @@
 // Utility functions for sealing key operations
 
-// eslint-disable-next-line no-unused-vars
 declare const BigInt: (value: string | number | bigint) => bigint;
 
 export const fromHexString = (hexString: string): Uint8Array => {
@@ -57,7 +56,3 @@ export function isBigIntOrNumber(value: unknown) {
     }
   }
 }
-
-export function is0xPrefixed(value: string): value is `0x${string}` {
-  return value.startsWith('0x');
-}

package/permits/validation.test.ts

@@ -23,9 +23,9 @@ describe('Validation Tests', () => {
         name: 'Test Permit',
       };
 
+      expect(() => validateSelfPermitOptions(options)).not.toThrow();
       const result = validateSelfPermitOptions(options);
-      expect(result.success).toBe(true);
-      expect(result.data).toBeDefined();
+      expect(result).toBeDefined();
     });
 
     it('should reject invalid address', () => {
@@ -35,9 +35,7 @@ describe('Validation Tests', () => {
         name: 'Test Permit',
       };
 
-      const result = validateSelfPermitOptions(options);
-      expect(result.success).toBe(false);
-      expect(result.error).toBeDefined();
+      expect(() => validateSelfPermitOptions(options)).toThrow();
     });
 
     it('should reject zero address', () => {
@@ -47,9 +45,7 @@ describe('Validation Tests', () => {
         name: 'Test Permit',
       };
 
-      const result = validateSelfPermitOptions(options);
-      expect(result.success).toBe(false);
-      expect(result.error).toBeDefined();
+      expect(() => validateSelfPermitOptions(options)).toThrow();
     });
   });
 
@@ -62,8 +58,7 @@ describe('Validation Tests', () => {
         name: 'Sharing Permit',
       };
 
-      const result = validateSharingPermitOptions(options);
-      expect(result.success).toBe(true);
+      expect(() => validateSharingPermitOptions(options)).not.toThrow();
     });
 
     it('should reject sharing permit with zero recipient', () => {
@@ -74,8 +69,7 @@ describe('Validation Tests', () => {
         name: 'Sharing Permit',
       };
 
-      const result = validateSharingPermitOptions(options);
-      expect(result.success).toBe(false);
+      expect(() => validateSharingPermitOptions(options)).toThrow();
     });
 
     it('should reject sharing permit with invalid recipient', () => {
@@ -86,8 +80,7 @@ describe('Validation Tests', () => {
         name: 'Sharing Permit',
       };
 
-      const result = validateSharingPermitOptions(options);
-      expect(result.success).toBe(false);
+      expect(() => validateSharingPermitOptions(options)).toThrow();
     });
   });
 
@@ -95,37 +88,47 @@ describe('Validation Tests', () => {
     it('should validate valid import permit options', () => {
       const options: ImportSharedPermitOptions = {
         issuer: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266', // Bob's address
+        expiration: Math.floor(Date.now() / 1000) + 3600, // 1 hour from now
         recipient: '0x70997970C51812dc3A010C7d01b50e0d17dc79C8', // Alice's address
         issuerSignature: '0x1234567890abcdef',
         name: 'Import Permit',
       };
 
-      const result = validateImportPermitOptions(options);
-      expect(result.success).toBe(true);
+      expect(() => validateImportPermitOptions(options)).not.toThrow();
+    });
+
+    it('should reject import permit with missing expiration', () => {
+      const options = {
+        issuer: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266', // Bob's address
+        recipient: '0x70997970C51812dc3A010C7d01b50e0d17dc79C8', // Alice's address
+        issuerSignature: '0x1234567890abcdef',
+        name: 'Import Permit',
+      };
+      expect(() => validateImportPermitOptions(options)).toThrow();
     });
 
     it('should reject import permit with empty signature', () => {
       const options: ImportSharedPermitOptions = {
         issuer: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266', // Bob's address
+        expiration: Math.floor(Date.now() / 1000) + 3600, // 1 hour from now
         recipient: '0x70997970C51812dc3A010C7d01b50e0d17dc79C8', // Alice's address
         issuerSignature: '0x',
         name: 'Import Permit',
       };
 
-      const result = validateImportPermitOptions(options);
-      expect(result.success).toBe(false);
+      expect(() => validateImportPermitOptions(options)).toThrow();
     });
 
     it('should reject import permit with invalid signature', () => {
       const options: ImportSharedPermitOptions = {
         issuer: '0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266', // Bob's address
+        expiration: Math.floor(Date.now() / 1000) + 3600, // 1 hour from now
         recipient: '0x70997970C51812dc3A010C7d01b50e0d17dc79C8', // Alice's address
         issuerSignature: '0x',
         name: 'Import Permit',
       };
 
-      const result = validateImportPermitOptions(options);
-      expect(result.success).toBe(false);
+      expect(() => validateImportPermitOptions(options)).toThrow();
     });
   });
 
@@ -135,15 +138,13 @@ describe('Validation Tests', () => {
       permit.type = 'self';
       permit.issuerSignature = '0x1234567890abcdef';
 
-      const result = validateSelfPermit(permit);
-      expect(result.success).toBe(true);
+      expect(() => validateSelfPermit(permit)).not.toThrow();
     });
 
     it('should reject self permit with missing sealing pair', async () => {
       const permit = { ...(await createMockPermit()), sealingPair: undefined };
       permit.type = 'self';
-      const result = validateSelfPermit(permit as unknown as Permit);
-      expect(result.success).toBe(false);
+      expect(() => validateSelfPermit(permit as unknown as Permit)).toThrow();
     });
   });
 
@@ -154,8 +155,7 @@ describe('Validation Tests', () => {
       permit.issuerSignature = '0x1234567890abcdef';
       permit.recipient = '0x70997970C51812dc3A010C7d01b50e0d17dc79C8'; // Alice's address
 
-      const result = validateSharingPermit(permit);
-      expect(result.success).toBe(true);
+      expect(() => validateSharingPermit(permit)).not.toThrow();
     });
 
     it('should reject sharing permit with zero recipient', async () => {
@@ -164,8 +164,7 @@ describe('Validation Tests', () => {
       permit.issuerSignature = '0x1234567890abcdef';
       permit.recipient = '0x0000000000000000000000000000000000000000';
 
-      const result = validateSharingPermit(permit);
-      expect(result.success).toBe(false);
+      expect(() => validateSharingPermit(permit)).toThrow();
     });
   });
 
@@ -177,8 +176,7 @@ describe('Validation Tests', () => {
       permit.recipient = '0x70997970C51812dc3A010C7d01b50e0d17dc79C8'; // Alice's address
       permit.recipientSignature = '0xabcdef1234567890';
 
-      const result = validateImportPermit(permit);
-      expect(result.success).toBe(true);
+      expect(() => validateImportPermit(permit)).not.toThrow();
     });
 
     it('should reject import permit with empty recipient signature', async () => {
@@ -188,8 +186,7 @@ describe('Validation Tests', () => {
       permit.recipient = '0x70997970C51812dc3A010C7d01b50e0d17dc79C8'; // Alice's address
       permit.recipientSignature = '0x';
 
-      const result = validateImportPermit(permit);
-      expect(result.success).toBe(false);
+      expect(() => validateImportPermit(permit)).toThrow();
     });
   });