@cofhe/sdk 0.2.0 → 0.2.1

package/dist/node.cjs

@@ -475,8 +475,14 @@ var MockZkVerifierAbi = [
   },
   { type: "error", name: "InvalidInputs", inputs: [] }
 ];
-var MocksZkVerifierAddress = "0x0000000000000000000000000000000000000100";
+
+// core/consts.ts
+var TASK_MANAGER_ADDRESS = "0xeA30c4B8b44078Bbf8a6ef5b9f1eC1626C7848D9";
+var MOCKS_ZK_VERIFIER_ADDRESS = "0x0000000000000000000000000000000000005001";
+var MOCKS_QUERY_DECRYPTER_ADDRESS = "0x0000000000000000000000000000000000005002";
 var MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY = "0x6C8D7F768A6BB4AAFE85E8A2F5A9680355239C7E14646ED62B044E39DE154512";
+
+// core/encrypt/cofheMocksZkVerifySign.ts
 function createMockZkVerifierSigner() {
   return viem.createWalletClient({
     chain: chains.hardhat,
@@ -542,7 +548,7 @@ async function calcCtHashes(items, account, securityZone, publicClient) {
   let ctHashes;
   try {
     ctHashes = await publicClient.readContract({
-      address: MocksZkVerifierAddress,
+      address: MOCKS_ZK_VERIFIER_ADDRESS,
       abi: MockZkVerifierAbi,
       functionName: "zkVerifyCalcCtHashesPacked",
       args: calcCtHashesArgs
@@ -553,7 +559,7 @@ async function calcCtHashes(items, account, securityZone, publicClient) {
       message: `mockZkVerifySign calcCtHashes failed while calling zkVerifyCalcCtHashesPacked`,
       cause: err instanceof Error ? err : void 0,
       context: {
-        address: MocksZkVerifierAddress,
+        address: MOCKS_ZK_VERIFIER_ADDRESS,
         items,
         account,
         securityZone,
@@ -586,7 +592,7 @@ async function insertCtHashes(items, walletClient) {
   try {
     const account = walletClient.account;
     await walletClient.writeContract({
-      address: MocksZkVerifierAddress,
+      address: MOCKS_ZK_VERIFIER_ADDRESS,
       abi: MockZkVerifierAbi,
       functionName: "insertPackedCtHashes",
       args: insertPackedCtHashesArgs,
@@ -674,21 +680,18 @@ var CofheChainSchema = zod.z.object({
   /** Network identifier */
   network: zod.z.string().min(1),
   /** coFhe service URL */
-  coFheUrl: zod.z.string().url(),
+  coFheUrl: zod.z.url(),
   /** Verifier service URL */
-  verifierUrl: zod.z.string().url(),
+  verifierUrl: zod.z.url(),
   /** Threshold network service URL */
-  thresholdNetworkUrl: zod.z.string().url(),
+  thresholdNetworkUrl: zod.z.url(),
   /** Environment type */
   environment: EnvironmentSchema
 });
-
-// chains/defineChain.ts
 function defineChain(chainConfig) {
   const result = CofheChainSchema.safeParse(chainConfig);
   if (!result.success) {
-    const errorMessages = result.error.errors.map((err) => `${err.path.join(".")}: ${err.message}`);
-    throw new Error(`Invalid chain configuration: ${errorMessages.join(", ")}`);
+    throw new Error(`Invalid chain configuration: ${zod.z.prettifyError(result.error)}`, { cause: result.error });
   }
   return result.data;
 }
@@ -715,9 +718,15 @@ var CofhesdkConfigSchema = zod.z.object({
   defaultPermitExpiration: zod.z.number().optional().default(60 * 60 * 24 * 30),
   /** Storage method for fhe keys (defaults to indexedDB on web, filesystem on node) */
   fheKeyStorage: zod.z.object({
-    getItem: zod.z.function().args(zod.z.string()).returns(zod.z.promise(zod.z.any())),
-    setItem: zod.z.function().args(zod.z.string(), zod.z.any()).returns(zod.z.promise(zod.z.void())),
-    removeItem: zod.z.function().args(zod.z.string()).returns(zod.z.promise(zod.z.void()))
+    getItem: zod.z.custom((val) => typeof val === "function", {
+      message: "getItem must be a function"
+    }),
+    setItem: zod.z.custom((val) => typeof val === "function", {
+      message: "setItem must be a function"
+    }),
+    removeItem: zod.z.custom((val) => typeof val === "function", {
+      message: "removeItem must be a function"
+    })
   }).or(zod.z.null()).default(null),
   /** Whether to use Web Workers for ZK proof generation (web platform only) */
   useWorkers: zod.z.boolean().optional().default(true),
@@ -733,7 +742,7 @@ var CofhesdkConfigSchema = zod.z.object({
 function createCofhesdkConfigBase(config) {
   const result = CofhesdkConfigSchema.safeParse(config);
   if (!result.success) {
-    throw new Error(`Invalid cofhesdk configuration: ${result.error.message}`);
+    throw new Error(`Invalid cofhesdk configuration: ${zod.z.prettifyError(result.error)}`, { cause: result.error });
   }
   return result.data;
 }
@@ -1543,9 +1552,6 @@ function isBigIntOrNumber(value) {
     }
   }
 }
-function is0xPrefixed(value) {
-  return value.startsWith("0x");
-}
 
 // permits/sealing.ts
 var PRIVATE_KEY_LENGTH = 64;
@@ -1633,158 +1639,137 @@ var SerializedSealingPair = zod.z.object({
   privateKey: zod.z.string(),
   publicKey: zod.z.string()
 });
+var addressSchema = zod.z.string().refine((val) => viem.isAddress(val), {
+  error: "Invalid address"
+}).transform((val) => viem.getAddress(val));
+var addressNotZeroSchema = addressSchema.refine((val) => val !== viem.zeroAddress, {
+  error: "Must not be zeroAddress"
+});
+var bytesSchema = zod.z.custom(
+  (val) => {
+    return typeof val === "string" && viem.isHex(val);
+  },
+  {
+    message: "Invalid hex value"
+  }
+);
+var bytesNotEmptySchema = bytesSchema.refine((val) => val !== "0x", {
+  error: "Must not be empty"
+});
 var DEFAULT_EXPIRATION_FN = () => Math.round(Date.now() / 1e3) + 7 * 24 * 60 * 60;
 var zPermitWithDefaults = zod.z.object({
   name: zod.z.string().optional().default("Unnamed Permit"),
   type: zod.z.enum(["self", "sharing", "recipient"]),
-  issuer: zod.z.string().refine((val) => viem.isAddress(val), {
-    message: "Permit issuer :: invalid address"
-  }).refine((val) => val !== viem.zeroAddress, {
-    message: "Permit issuer :: must not be zeroAddress"
-  }),
-  expiration: zod.z.number().optional().default(DEFAULT_EXPIRATION_FN),
-  recipient: zod.z.string().optional().default(viem.zeroAddress).refine((val) => viem.isAddress(val), {
-    message: "Permit recipient :: invalid address"
-  }),
-  validatorId: zod.z.number().optional().default(0),
-  validatorContract: zod.z.string().optional().default(viem.zeroAddress).refine((val) => viem.isAddress(val), {
-    message: "Permit validatorContract :: invalid address"
-  }),
-  issuerSignature: zod.z.string().optional().default("0x"),
-  recipientSignature: zod.z.string().optional().default("0x")
+  issuer: addressNotZeroSchema,
+  expiration: zod.z.int().optional().default(DEFAULT_EXPIRATION_FN),
+  recipient: addressSchema.optional().default(viem.zeroAddress),
+  validatorId: zod.z.int().optional().default(0),
+  validatorContract: addressSchema.optional().default(viem.zeroAddress),
+  issuerSignature: bytesSchema.optional().default("0x"),
+  recipientSignature: bytesSchema.optional().default("0x")
 });
 var zPermitWithSealingPair = zPermitWithDefaults.extend({
   sealingPair: SerializedSealingPair.optional()
 });
-var ValidatorContractRefinement = [
+var ExternalValidatorRefinement = [
   (data) => data.validatorId !== 0 && data.validatorContract !== viem.zeroAddress || data.validatorId === 0 && data.validatorContract === viem.zeroAddress,
   {
-    message: "Permit external validator :: validatorId and validatorContract must either both be set or both be unset.",
+    error: "Permit external validator :: validatorId and validatorContract must either both be set or both be unset.",
     path: ["validatorId", "validatorContract"]
   }
 ];
+var RecipientRefinement = [
+  (data) => data.issuer !== data.recipient,
+  {
+    error: "Sharing permit :: issuer and recipient must not be the same",
+    path: ["issuer", "recipient"]
+  }
+];
 var SelfPermitOptionsValidator = zod.z.object({
   type: zod.z.literal("self").optional().default("self"),
-  issuer: zod.z.string().refine((val) => viem.isAddress(val), {
-    message: "Self permit issuer :: invalid address"
-  }).refine((val) => is0xPrefixed(val), {
-    message: "Self permit issuer :: must be 0x prefixed"
-  }).refine((val) => val !== viem.zeroAddress, {
-    message: "Self permit issuer :: must not be zeroAddress"
-  }),
+  issuer: addressNotZeroSchema,
   name: zod.z.string().optional().default("Unnamed Permit"),
-  expiration: zod.z.number().optional().default(DEFAULT_EXPIRATION_FN),
-  recipient: zod.z.string().optional().default(viem.zeroAddress).refine((val) => viem.isAddress(val), {
-    message: "Self permit recipient :: invalid address"
-  }).refine((val) => is0xPrefixed(val), {
-    message: "Self permit recipient :: must be 0x prefixed"
-  }).refine((val) => val === viem.zeroAddress, {
-    message: "Self permit recipient :: must be zeroAddress"
-  }),
-  validatorId: zod.z.number().optional().default(0),
-  validatorContract: zod.z.string().optional().default(viem.zeroAddress).refine((val) => viem.isAddress(val), {
-    message: "Self permit validatorContract :: invalid address"
-  }),
-  issuerSignature: zod.z.string().optional().default("0x").refine((val) => is0xPrefixed(val), {
-    message: "Self permit issuerSignature :: must be 0x prefixed"
-  }),
-  recipientSignature: zod.z.string().optional().default("0x").refine((val) => is0xPrefixed(val), {
-    message: "Self permit recipientSignature :: must be 0x prefixed"
-  })
-}).refine(...ValidatorContractRefinement);
+  expiration: zod.z.int().optional().default(DEFAULT_EXPIRATION_FN),
+  recipient: addressSchema.optional().default(viem.zeroAddress),
+  validatorId: zod.z.int().optional().default(0),
+  validatorContract: addressSchema.optional().default(viem.zeroAddress),
+  issuerSignature: bytesSchema.optional().default("0x"),
+  recipientSignature: bytesSchema.optional().default("0x")
+}).refine(...ExternalValidatorRefinement);
 var SelfPermitValidator = zPermitWithSealingPair.refine((data) => data.type === "self", {
-  message: "Self permit :: type must be 'self'"
+  error: "Type must be 'self'"
 }).refine((data) => data.recipient === viem.zeroAddress, {
-  message: "Self permit :: recipient must be zeroAddress"
+  error: "Recipient must be zeroAddress"
 }).refine((data) => data.issuerSignature !== "0x", {
-  message: "Self permit :: issuerSignature must be populated"
+  error: "IssuerSignature must be populated"
 }).refine((data) => data.recipientSignature === "0x", {
-  message: "Self permit :: recipientSignature must be empty"
-}).refine(...ValidatorContractRefinement);
+  error: "RecipientSignature must be empty"
+}).refine(...ExternalValidatorRefinement);
 var SharingPermitOptionsValidator = zod.z.object({
   type: zod.z.literal("sharing").optional().default("sharing"),
-  issuer: zod.z.string().refine((val) => viem.isAddress(val), {
-    message: "Sharing permit issuer :: invalid address"
-  }).refine((val) => is0xPrefixed(val), {
-    message: "Sharing permit issuer :: must be 0x prefixed"
-  }).refine((val) => val !== viem.zeroAddress, {
-    message: "Sharing permit issuer :: must not be zeroAddress"
-  }),
-  recipient: zod.z.string().refine((val) => viem.isAddress(val), {
-    message: "Sharing permit recipient :: invalid address"
-  }).refine((val) => is0xPrefixed(val), {
-    message: "Sharing permit recipient :: must be 0x prefixed"
-  }).refine((val) => val !== viem.zeroAddress, {
-    message: "Sharing permit recipient :: must not be zeroAddress"
-  }),
+  issuer: addressNotZeroSchema,
+  recipient: addressNotZeroSchema,
   name: zod.z.string().optional().default("Unnamed Permit"),
-  expiration: zod.z.number().optional().default(DEFAULT_EXPIRATION_FN),
-  validatorId: zod.z.number().optional().default(0),
-  validatorContract: zod.z.string().optional().default(viem.zeroAddress).refine((val) => viem.isAddress(val), {
-    message: "Sharing permit validatorContract :: invalid address"
-  }),
-  issuerSignature: zod.z.string().optional().default("0x").refine((val) => is0xPrefixed(val), {
-    message: "Sharing permit issuerSignature :: must be 0x prefixed"
-  }),
-  recipientSignature: zod.z.string().optional().default("0x").refine((val) => is0xPrefixed(val), {
-    message: "Sharing permit recipientSignature :: must be 0x prefixed"
-  })
-}).refine(...ValidatorContractRefinement);
+  expiration: zod.z.int().optional().default(DEFAULT_EXPIRATION_FN),
+  validatorId: zod.z.int().optional().default(0),
+  validatorContract: addressSchema.optional().default(viem.zeroAddress),
+  issuerSignature: bytesSchema.optional().default("0x"),
+  recipientSignature: bytesSchema.optional().default("0x")
+}).refine(...RecipientRefinement).refine(...ExternalValidatorRefinement);
 var SharingPermitValidator = zPermitWithSealingPair.refine((data) => data.type === "sharing", {
-  message: "Sharing permit :: type must be 'sharing'"
+  error: "Type must be 'sharing'"
 }).refine((data) => data.recipient !== viem.zeroAddress, {
-  message: "Sharing permit :: recipient must not be zeroAddress"
+  error: "Recipient must not be zeroAddress"
 }).refine((data) => data.issuerSignature !== "0x", {
-  message: "Sharing permit :: issuerSignature must be populated"
+  error: "IssuerSignature must be populated"
 }).refine((data) => data.recipientSignature === "0x", {
-  message: "Sharing permit :: recipientSignature must be empty"
-}).refine(...ValidatorContractRefinement);
+  error: "RecipientSignature must be empty"
+}).refine(...ExternalValidatorRefinement);
 var ImportPermitOptionsValidator = zod.z.object({
   type: zod.z.literal("recipient").optional().default("recipient"),
-  issuer: zod.z.string().refine((val) => viem.isAddress(val), {
-    message: "Import permit issuer :: invalid address"
-  }).refine((val) => is0xPrefixed(val), {
-    message: "Import permit issuer :: must be 0x prefixed"
-  }).refine((val) => val !== viem.zeroAddress, {
-    message: "Import permit issuer :: must not be zeroAddress"
-  }),
-  recipient: zod.z.string().refine((val) => viem.isAddress(val), {
-    message: "Import permit recipient :: invalid address"
-  }).refine((val) => is0xPrefixed(val), {
-    message: "Import permit recipient :: must be 0x prefixed"
-  }).refine((val) => val !== viem.zeroAddress, {
-    message: "Import permit recipient :: must not be zeroAddress"
-  }),
-  issuerSignature: zod.z.string().refine((val) => is0xPrefixed(val), {
-    message: "Import permit issuerSignature :: must be 0x prefixed"
-  }).refine((val) => val !== "0x", {
-    message: "Import permit :: issuerSignature must be provided"
-  }),
+  issuer: addressNotZeroSchema,
+  recipient: addressNotZeroSchema,
   name: zod.z.string().optional().default("Unnamed Permit"),
-  expiration: zod.z.number().optional().default(DEFAULT_EXPIRATION_FN),
-  validatorId: zod.z.number().optional().default(0),
-  validatorContract: zod.z.string().optional().default(viem.zeroAddress).refine((val) => viem.isAddress(val), {
-    message: "Import permit validatorContract :: invalid address"
-  }),
-  recipientSignature: zod.z.string().optional().default("0x").refine((val) => is0xPrefixed(val), {
-    message: "Import permit recipientSignature :: must be 0x prefixed"
-  })
-}).refine(...ValidatorContractRefinement);
+  expiration: zod.z.int(),
+  validatorId: zod.z.int().optional().default(0),
+  validatorContract: addressSchema.optional().default(viem.zeroAddress),
+  issuerSignature: bytesNotEmptySchema,
+  recipientSignature: bytesSchema.optional().default("0x")
+}).refine(...ExternalValidatorRefinement);
 var ImportPermitValidator = zPermitWithSealingPair.refine((data) => data.type === "recipient", {
-  message: "Import permit :: type must be 'recipient'"
+  error: "Type must be 'recipient'"
 }).refine((data) => data.recipient !== viem.zeroAddress, {
-  message: "Import permit :: recipient must not be zeroAddress"
+  error: "Recipient must not be zeroAddress"
 }).refine((data) => data.issuerSignature !== "0x", {
-  message: "Import permit :: issuerSignature must be populated"
+  error: "IssuerSignature must be populated"
 }).refine((data) => data.recipientSignature !== "0x", {
-  message: "Import permit :: recipientSignature must be populated"
-}).refine(...ValidatorContractRefinement);
-var validateSelfPermitOptions = (options) => SelfPermitOptionsValidator.safeParse(options);
-var validateSharingPermitOptions = (options) => SharingPermitOptionsValidator.safeParse(options);
-var validateImportPermitOptions = (options) => ImportPermitOptionsValidator.safeParse(options);
-var validateSelfPermit = (permit) => SelfPermitValidator.safeParse(permit);
-var validateSharingPermit = (permit) => SharingPermitValidator.safeParse(permit);
-var validateImportPermit = (permit) => ImportPermitValidator.safeParse(permit);
+  error: "RecipientSignature must be populated"
+}).refine(...ExternalValidatorRefinement);
+var safeParseAndThrowFormatted = (schema, data, message) => {
+  const result = schema.safeParse(data);
+  if (!result.success) {
+    throw new Error(`${message}: ${zod.z.prettifyError(result.error)}`, { cause: result.error });
+  }
+  return result.data;
+};
+var validateSelfPermitOptions = (options) => {
+  return safeParseAndThrowFormatted(SelfPermitOptionsValidator, options, "Invalid self permit options");
+};
+var validateSharingPermitOptions = (options) => {
+  return safeParseAndThrowFormatted(SharingPermitOptionsValidator, options, "Invalid sharing permit options");
+};
+var validateImportPermitOptions = (options) => {
+  return safeParseAndThrowFormatted(ImportPermitOptionsValidator, options, "Invalid import permit options");
+};
+var validateSelfPermit = (permit) => {
+  return safeParseAndThrowFormatted(SelfPermitValidator, permit, "Invalid self permit");
+};
+var validateSharingPermit = (permit) => {
+  return safeParseAndThrowFormatted(SharingPermitValidator, permit, "Invalid sharing permit");
+};
+var validateImportPermit = (permit) => {
+  return safeParseAndThrowFormatted(ImportPermitValidator, permit, "Invalid import permit");
+};
 var ValidationUtils = {
   /**
    * Check if permit is expired
@@ -1878,6 +1863,179 @@ var SignatureUtils = {
     throw new Error(`Unknown permit type: ${permitType}`);
   }
 };
+var getAclAddress = async (publicClient) => {
+  const ACL_IFACE = "function acl() view returns (address)";
+  const aclAbi = viem.parseAbi([ACL_IFACE]);
+  return await publicClient.readContract({
+    address: TASK_MANAGER_ADDRESS,
+    abi: aclAbi,
+    functionName: "acl"
+  });
+};
+var getAclEIP712Domain = async (publicClient) => {
+  const aclAddress = await getAclAddress(publicClient);
+  const EIP712_DOMAIN_IFACE = "function eip712Domain() public view returns (bytes1 fields, string name, string version, uint256 chainId, address verifyingContract, bytes32 salt, uint256[] extensions)";
+  const domainAbi = viem.parseAbi([EIP712_DOMAIN_IFACE]);
+  const domain = await publicClient.readContract({
+    address: aclAddress,
+    abi: domainAbi,
+    functionName: "eip712Domain"
+  });
+  const [_fields, name, version, chainId, verifyingContract, _salt, _extensions] = domain;
+  return {
+    name,
+    version,
+    chainId: Number(chainId),
+    verifyingContract
+  };
+};
+var checkPermitValidityOnChain = async (permission, publicClient) => {
+  const aclAddress = await getAclAddress(publicClient);
+  try {
+    await publicClient.simulateContract({
+      address: aclAddress,
+      abi: checkPermitValidityAbi,
+      functionName: "checkPermitValidity",
+      args: [
+        {
+          issuer: permission.issuer,
+          expiration: BigInt(permission.expiration),
+          recipient: permission.recipient,
+          validatorId: BigInt(permission.validatorId),
+          validatorContract: permission.validatorContract,
+          sealingKey: permission.sealingKey,
+          issuerSignature: permission.issuerSignature,
+          recipientSignature: permission.recipientSignature
+        }
+      ]
+    });
+    return true;
+  } catch (err) {
+    if (err instanceof viem.BaseError) {
+      const revertError = err.walk((err2) => err2 instanceof viem.ContractFunctionRevertedError);
+      if (revertError instanceof viem.ContractFunctionRevertedError) {
+        const errorName = revertError.data?.errorName ?? "";
+        throw new Error(errorName);
+      }
+    }
+    const customErrorName = extractCustomErrorFromDetails(err, checkPermitValidityAbi);
+    if (customErrorName) {
+      throw new Error(customErrorName);
+    }
+    const hhDetailsData = extractReturnData(err);
+    if (hhDetailsData != null) {
+      const decoded = viem.decodeErrorResult({
+        abi: checkPermitValidityAbi,
+        data: hhDetailsData
+      });
+      throw new Error(decoded.errorName);
+    }
+    throw err;
+  }
+};
+function extractCustomErrorFromDetails(err, abi) {
+  const anyErr = err;
+  const details = anyErr?.details ?? anyErr?.cause?.details;
+  if (typeof details === "string") {
+    const customErrorMatch = details.match(/reverted with custom error '(\w+)\(\)'/);
+    if (customErrorMatch) {
+      const errorName = customErrorMatch[1];
+      const errorExists = abi.some((item) => item.type === "error" && item.name === errorName);
+      if (errorExists) {
+        return errorName;
+      }
+    }
+  }
+  return void 0;
+}
+function extractReturnData(err) {
+  const anyErr = err;
+  const s = anyErr?.details ?? anyErr?.cause?.details ?? anyErr?.shortMessage ?? anyErr?.message ?? String(err);
+  return s.match(/return data:\s*(0x[a-fA-F0-9]+)/)?.[1];
+}
+var checkPermitValidityAbi = [
+  {
+    type: "function",
+    name: "checkPermitValidity",
+    inputs: [
+      {
+        name: "permission",
+        type: "tuple",
+        internalType: "struct Permission",
+        components: [
+          {
+            name: "issuer",
+            type: "address",
+            internalType: "address"
+          },
+          {
+            name: "expiration",
+            type: "uint64",
+            internalType: "uint64"
+          },
+          {
+            name: "recipient",
+            type: "address",
+            internalType: "address"
+          },
+          {
+            name: "validatorId",
+            type: "uint256",
+            internalType: "uint256"
+          },
+          {
+            name: "validatorContract",
+            type: "address",
+            internalType: "address"
+          },
+          {
+            name: "sealingKey",
+            type: "bytes32",
+            internalType: "bytes32"
+          },
+          {
+            name: "issuerSignature",
+            type: "bytes",
+            internalType: "bytes"
+          },
+          {
+            name: "recipientSignature",
+            type: "bytes",
+            internalType: "bytes"
+          }
+        ]
+      }
+    ],
+    outputs: [
+      {
+        name: "",
+        type: "bool",
+        internalType: "bool"
+      }
+    ],
+    stateMutability: "view"
+  },
+  {
+    type: "error",
+    name: "PermissionInvalid_Disabled",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "PermissionInvalid_Expired",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "PermissionInvalid_IssuerSignature",
+    inputs: []
+  },
+  {
+    type: "error",
+    name: "PermissionInvalid_RecipientSignature",
+    inputs: []
+  }
+];
 
 // permits/permit.ts
 var PermitUtils = {
@@ -1886,14 +2044,10 @@ var PermitUtils = {
    */
   createSelf: (options) => {
     const validation = validateSelfPermitOptions(options);
-    if (!validation.success) {
-      throw new Error(
-        "PermitUtils :: createSelf :: Parsing SelfPermitOptions failed " + JSON.stringify(validation.error, null, 2)
-      );
-    }
     const sealingPair = GenerateSealingKey();
     const permit = {
-      ...validation.data,
+      hash: PermitUtils.getHash(validation),
+      ...validation,
       sealingPair,
       _signedDomain: void 0
     };
@@ -1904,14 +2058,10 @@ var PermitUtils = {
    */
   createSharing: (options) => {
     const validation = validateSharingPermitOptions(options);
-    if (!validation.success) {
-      throw new Error(
-        "PermitUtils :: createSharing :: Parsing SharingPermitOptions failed " + JSON.stringify(validation.error, null, 2)
-      );
-    }
     const sealingPair = GenerateSealingKey();
     const permit = {
-      ...validation.data,
+      hash: PermitUtils.getHash(validation),
+      ...validation,
       sealingPair,
       _signedDomain: void 0
     };
@@ -1926,27 +2076,21 @@ var PermitUtils = {
       try {
         parsedOptions = JSON.parse(options);
       } catch (error) {
-        throw new Error(`PermitUtils :: importShared :: Failed to parse JSON string: ${error}`);
+        throw new Error(`Failed to parse JSON string: ${error}`);
       }
     } else if (typeof options === "object" && options !== null) {
       parsedOptions = options;
     } else {
-      throw new Error(
-        "PermitUtils :: importShared :: Invalid input type, expected ImportSharedPermitOptions, object, or string"
-      );
+      throw new Error("Invalid input type, expected ImportSharedPermitOptions, object, or string");
     }
     if (parsedOptions.type != null && parsedOptions.type !== "sharing") {
-      throw new Error(`PermitUtils :: importShared :: Invalid permit type <${parsedOptions.type}>, must be "sharing"`);
+      throw new Error(`Invalid permit type <${parsedOptions.type}>, must be "sharing"`);
     }
     const validation = validateImportPermitOptions({ ...parsedOptions, type: "recipient" });
-    if (!validation.success) {
-      throw new Error(
-        "PermitUtils :: importShared :: Parsing ImportPermitOptions failed " + JSON.stringify(validation.error, null, 2)
-      );
-    }
     const sealingPair = GenerateSealingKey();
     const permit = {
-      ...validation.data,
+      hash: PermitUtils.getHash(validation),
+      ...validation,
       sealingPair,
       _signedDomain: void 0
     };
@@ -1958,11 +2102,11 @@ var PermitUtils = {
   sign: async (permit, publicClient, walletClient) => {
     if (walletClient == null || walletClient.account == null) {
       throw new Error(
-        "PermitUtils :: sign - walletClient undefined, you must pass in a `walletClient` for the connected user to create a permit signature"
+        "Missing walletClient, you must pass in a `walletClient` for the connected user to create a permit signature"
       );
     }
     const primaryType = SignatureUtils.getPrimaryType(permit.type);
-    const domain = await PermitUtils.fetchEIP712Domain(publicClient);
+    const domain = await getAclEIP712Domain(publicClient);
     const { types, message } = SignatureUtils.getSignatureParams(PermitUtils.getPermission(permit, true), primaryType);
     const signature = await walletClient.signTypedData({
       domain,
@@ -2022,6 +2166,7 @@ var PermitUtils = {
    */
   serialize: (permit) => {
     return {
+      hash: permit.hash,
       name: permit.name,
       type: permit.type,
       issuer: permit.issuer,
@@ -2046,7 +2191,7 @@ var PermitUtils = {
     } else if (permit.type === "recipient") {
       return validateImportPermit(permit);
     } else {
-      throw new Error("PermitUtils :: validate :: Invalid permit type");
+      throw new Error("Invalid permit type");
     }
   },
   /**
@@ -2054,12 +2199,7 @@ var PermitUtils = {
    */
   getPermission: (permit, skipValidation = false) => {
     if (!skipValidation) {
-      const validationResult = PermitUtils.validate(permit);
-      if (!validationResult.success) {
-        throw new Error(
-          `PermitUtils :: getPermission :: permit validation failed - ${JSON.stringify(validationResult.error, null, 2)} ${JSON.stringify(permit, null, 2)}`
-        );
-      }
+      PermitUtils.validate(permit);
     }
     return {
       issuer: permit.issuer,
@@ -2140,28 +2280,7 @@ var PermitUtils = {
    * Fetch EIP712 domain from the blockchain
    */
   fetchEIP712Domain: async (publicClient) => {
-    const TASK_MANAGER_ADDRESS = "0xeA30c4B8b44078Bbf8a6ef5b9f1eC1626C7848D9";
-    const ACL_IFACE = "function acl() view returns (address)";
-    const EIP712_DOMAIN_IFACE = "function eip712Domain() public view returns (bytes1 fields, string name, string version, uint256 chainId, address verifyingContract, bytes32 salt, uint256[] extensions)";
-    const aclAbi = viem.parseAbi([ACL_IFACE]);
-    const aclAddress = await publicClient.readContract({
-      address: TASK_MANAGER_ADDRESS,
-      abi: aclAbi,
-      functionName: "acl"
-    });
-    const domainAbi = viem.parseAbi([EIP712_DOMAIN_IFACE]);
-    const domain = await publicClient.readContract({
-      address: aclAddress,
-      abi: domainAbi,
-      functionName: "eip712Domain"
-    });
-    const [_fields, name, version, chainId, verifyingContract, _salt, _extensions] = domain;
-    return {
-      name,
-      version,
-      chainId: Number(chainId),
-      verifyingContract
-    };
+    return getAclEIP712Domain(publicClient);
   },
   /**
    * Check if permit's signed domain matches the provided domain
@@ -2175,8 +2294,15 @@ var PermitUtils = {
   checkSignedDomainValid: async (permit, publicClient) => {
     if (permit._signedDomain == null)
       return false;
-    const domain = await PermitUtils.fetchEIP712Domain(publicClient);
+    const domain = await getAclEIP712Domain(publicClient);
     return PermitUtils.matchesDomain(permit, domain);
+  },
+  /**
+   * Check if permit passes the on-chain validation
+   */
+  checkValidityOnChain: async (permit, publicClient) => {
+    const permission = PermitUtils.getPermission(permit);
+    return checkPermitValidityOnChain(permission, publicClient);
   }
 };
 var PERMIT_STORE_DEFAULTS = {
@@ -2230,11 +2356,11 @@ var setPermit = (chainId, account, permit) => {
         state.permits[chainId] = {};
       if (state.permits[chainId][account] == null)
         state.permits[chainId][account] = {};
-      state.permits[chainId][account][PermitUtils.getHash(permit)] = PermitUtils.serialize(permit);
+      state.permits[chainId][account][permit.hash] = PermitUtils.serialize(permit);
     })
   );
 };
-var removePermit = (chainId, account, hash, force) => {
+var removePermit = (chainId, account, hash) => {
   clearStaleStore();
   _permitStore.setState(
     immer.produce((state) => {
@@ -2248,15 +2374,7 @@ var removePermit = (chainId, account, hash, force) => {
       if (accountPermits[hash] == null)
         return;
       if (state.activePermitHash[chainId][account] === hash) {
-        const otherPermitHash = Object.keys(accountPermits).find((key) => key !== hash && accountPermits[key] != null);
-        if (otherPermitHash) {
-          state.activePermitHash[chainId][account] = otherPermitHash;
-        } else {
-          if (!force) {
-            throw new Error("Cannot remove the last permit without force flag");
-          }
-          state.activePermitHash[chainId][account] = void 0;
-        }
+        state.activePermitHash[chainId][account] = void 0;
       }
       accountPermits[hash] = void 0;
     })
@@ -2307,7 +2425,7 @@ var storeActivePermit = async (permit, publicClient, walletClient) => {
   const chainId = await publicClient.getChainId();
   const account = walletClient.account.address;
   permitStore.setPermit(chainId, account, permit);
-  permitStore.setActivePermitHash(chainId, account, PermitUtils.getHash(permit));
+  permitStore.setActivePermitHash(chainId, account, permit.hash);
 };
 var createPermitWithSign = async (options, publicClient, walletClient, permitMethod) => {
   const permit = await permitMethod(options, publicClient, walletClient);
@@ -2365,7 +2483,7 @@ var getOrCreateSharingPermit = async (publicClient, walletClient, options, chain
   }
   return createSharing(options, publicClient, walletClient);
 };
-var removePermit2 = async (chainId, account, hash, force) => permitStore.removePermit(chainId, account, hash, force);
+var removePermit2 = async (chainId, account, hash) => permitStore.removePermit(chainId, account, hash);
 var removeActivePermit = async (chainId, account) => permitStore.removeActivePermitHash(chainId, account);
 var permits = {
   getSnapshot: permitStore.store.getState,
@@ -2537,7 +2655,6 @@ var MockQueryDecrypterAbi = [
 ];
 
 // core/decrypt/cofheMocksSealOutput.ts
-var MockQueryDecrypterAddress = "0x0000000000000000000000000000000000000200";
 async function cofheMocksSealOutput(ctHash, utype, permit, publicClient, mocksSealOutputDelay) {
   if (mocksSealOutputDelay > 0)
     await sleep(mocksSealOutputDelay);
@@ -2548,7 +2665,7 @@ async function cofheMocksSealOutput(ctHash, utype, permit, publicClient, mocksSe
     validatorId: BigInt(permission.validatorId)
   };
   const [allowed, error, result] = await publicClient.readContract({
-    address: MockQueryDecrypterAddress,
+    address: MOCKS_QUERY_DECRYPTER_ADDRESS,
     abi: MockQueryDecrypterAbi,
     functionName: "querySealOutput",
     args: [ctHash, BigInt(utype), permissionWithBigInts]
@@ -3008,6 +3125,7 @@ var InitialConnectStore = {
 function createCofhesdkClientBase(opts) {
   const keysStorage = createKeysStore(opts.config.fheKeyStorage);
   const connectStore = vanilla.createStore(() => InitialConnectStore);
+  let connectAttemptId = 0;
   const updateConnectState = (partial) => {
     connectStore.setState((state) => ({ ...state, ...partial }));
   };
@@ -3033,6 +3151,8 @@ function createCofhesdkClientBase(opts) {
     const state = connectStore.getState();
     if (state.connected && state.publicClient === publicClient && state.walletClient === walletClient)
       return;
+    connectAttemptId += 1;
+    const localAttemptId = connectAttemptId;
     updateConnectState({
       ...InitialConnectStore,
       connecting: true
@@ -3040,6 +3160,8 @@ function createCofhesdkClientBase(opts) {
     try {
       const chainId = await getPublicClientChainID(publicClient);
       const account = await getWalletClientAccount(walletClient);
+      if (localAttemptId !== connectAttemptId)
+        return;
       updateConnectState({
         connected: true,
         connecting: false,
@@ -3050,6 +3172,8 @@ function createCofhesdkClientBase(opts) {
         walletClient
       });
     } catch (e) {
+      if (localAttemptId !== connectAttemptId)
+        return;
       updateConnectState({
         ...InitialConnectStore,
         connectError: e
@@ -3057,6 +3181,10 @@ function createCofhesdkClientBase(opts) {
       throw e;
     }
   }
+  function disconnect() {
+    connectAttemptId += 1;
+    updateConnectState({ ...InitialConnectStore });
+  }
   function encryptInputs(inputs) {
     const state = connectStore.getState();
     return new EncryptInputsBuilder({
@@ -3161,9 +3289,9 @@ function createCofhesdkClientBase(opts) {
       const { chainId: _chainId, account: _account } = _getChainIdAndAccount(chainId, account);
       return permits.selectActivePermit(_chainId, _account, hash);
     },
-    removePermit: async (hash, chainId, account, force) => {
+    removePermit: async (hash, chainId, account) => {
       const { chainId: _chainId, account: _account } = _getChainIdAndAccount(chainId, account);
-      return permits.removePermit(_chainId, _account, hash, force);
+      return permits.removePermit(_chainId, _account, hash);
     },
     removeActivePermit: async (chainId, account) => {
       const { chainId: _chainId, account: _account } = _getChainIdAndAccount(chainId, account);
@@ -3188,6 +3316,7 @@ function createCofhesdkClientBase(opts) {
     // config & platform-specific (read-only)
     config: opts.config,
     connect,
+    disconnect,
     encryptInputs,
     decryptHandle,
     permits: clientPermits