@cofhe/sdk 0.2.1 → 0.3.1

package/dist/{chunk-R3B5TMVX.js → chunk-NWDKXBIP.js}

@@ -369,10 +369,11 @@ var SignatureUtils = {
 // core/consts.ts
 var TASK_MANAGER_ADDRESS = "0xeA30c4B8b44078Bbf8a6ef5b9f1eC1626C7848D9";
 var MOCKS_ZK_VERIFIER_ADDRESS = "0x0000000000000000000000000000000000005001";
-var MOCKS_QUERY_DECRYPTER_ADDRESS = "0x0000000000000000000000000000000000005002";
+var MOCKS_THRESHOLD_NETWORK_ADDRESS = "0x0000000000000000000000000000000000005002";
 var TEST_BED_ADDRESS = "0x0000000000000000000000000000000000005003";
 var MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY = "0x6C8D7F768A6BB4AAFE85E8A2F5A9680355239C7E14646ED62B044E39DE154512";
 var MOCKS_ZK_VERIFIER_SIGNER_ADDRESS = "0x6E12D8C87503D4287c294f2Fdef96ACd9DFf6bd2";
+var MOCKS_DECRYPT_RESULT_SIGNER_PRIVATE_KEY = "0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d";
 
 // permits/onchain-utils.ts
 var getAclAddress = async (publicClient) => {
@@ -934,4 +935,4 @@ var permitStore = {
   resetStore
 };
 
-export { GenerateSealingKey, ImportPermitOptionsValidator, ImportPermitValidator, MOCKS_QUERY_DECRYPTER_ADDRESS, MOCKS_ZK_VERIFIER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY, PERMIT_STORE_DEFAULTS, PermitUtils, SealingKey, SelfPermitOptionsValidator, SelfPermitValidator, SharingPermitOptionsValidator, SharingPermitValidator, SignatureTypes, SignatureUtils, TASK_MANAGER_ADDRESS, TEST_BED_ADDRESS, ValidationUtils, _permitStore, addressNotZeroSchema, addressSchema, bytesNotEmptySchema, bytesSchema, clearStaleStore, getActivePermit, getActivePermitHash, getPermit, getPermits, getSignatureTypesAndMessage, permitStore, removeActivePermitHash, removePermit, resetStore, setActivePermitHash, setPermit, validateImportPermit, validateImportPermitOptions, validateSelfPermit, validateSelfPermitOptions, validateSharingPermit, validateSharingPermitOptions };
+export { GenerateSealingKey, ImportPermitOptionsValidator, ImportPermitValidator, MOCKS_DECRYPT_RESULT_SIGNER_PRIVATE_KEY, MOCKS_THRESHOLD_NETWORK_ADDRESS, MOCKS_ZK_VERIFIER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY, PERMIT_STORE_DEFAULTS, PermitUtils, SealingKey, SelfPermitOptionsValidator, SelfPermitValidator, SharingPermitOptionsValidator, SharingPermitValidator, SignatureTypes, SignatureUtils, TASK_MANAGER_ADDRESS, TEST_BED_ADDRESS, ValidationUtils, _permitStore, addressNotZeroSchema, addressSchema, bytesNotEmptySchema, bytesSchema, clearStaleStore, getActivePermit, getActivePermitHash, getPermit, getPermits, getSignatureTypesAndMessage, permitStore, removeActivePermitHash, removePermit, resetStore, setActivePermitHash, setPermit, validateImportPermit, validateImportPermitOptions, validateSelfPermit, validateSelfPermitOptions, validateSharingPermit, validateSharingPermitOptions };

package/dist/{clientTypes-RqkgkV2i.d.ts → clientTypes-6aTZPQ_4.d.ts}

@@ -170,18 +170,11 @@ type UnsealedItem<U extends FheTypes> = U extends FheTypes.Bool ? boolean : U ex
 /**
  * Usable config type inferred from the schema
  */
-type CofhesdkConfig = {
+type CofheConfig = {
     /** Environment that the SDK is running in */
     environment: 'node' | 'hardhat' | 'web' | 'react';
     /** List of supported chains */
     supportedChains: CofheChain[];
-    /**
-     * How permits are generated
-     * - ON_CONNECT: Generate a permit when client.connect() is called
-     * - ON_DECRYPT_HANDLES: Generate a permit when client.decryptHandles() is called
-     * - MANUAL: Generate a permit manually using client.generatePermit()
-     */
-    permitGeneration: 'ON_CONNECT' | 'ON_DECRYPT_HANDLES' | 'MANUAL';
     /** Default permit expiration in seconds, default is 30 days */
     defaultPermitExpiration: number;
     /**
@@ -203,17 +196,24 @@ type CofhesdkConfig = {
          * Default 1000ms on web
          * Default 0ms on hardhat (will be called during tests no need for fake delay)
          */
-        sealOutputDelay: number;
+        decryptDelay: number;
+        /**
+         * Simulated delay(s) in milliseconds for each step of encryptInputs in mock mode.
+         * A single number applies the same delay to all five steps (InitTfhe, FetchKeys, Pack, Prove, Verify).
+         * A tuple of five numbers applies a per-step delay: [InitTfhe, FetchKeys, Pack, Prove, Verify].
+         * Default: [100, 100, 100, 500, 500]
+         */
+        encryptDelay: number | [number, number, number, number, number];
     };
-    _internal?: CofhesdkInternalConfig;
+    _internal?: CofheInternalConfig;
 };
-type CofhesdkInternalConfig = {
+type CofheInternalConfig = {
     zkvWalletClient?: WalletClient;
 };
 /**
  * Zod schema for configuration validation
  */
-declare const CofhesdkConfigSchema: z.ZodObject<{
+declare const CofheConfigSchema: z.ZodObject<{
     environment: z.ZodDefault<z.ZodOptional<z.ZodEnum<{
         hardhat: "hardhat";
         node: "node";
@@ -237,11 +237,6 @@ declare const CofhesdkConfigSchema: z.ZodObject<{
         thresholdNetworkUrl: string;
         environment: "MOCK" | "TESTNET" | "MAINNET";
     }>>;
-    permitGeneration: z.ZodDefault<z.ZodOptional<z.ZodEnum<{
-        ON_CONNECT: "ON_CONNECT";
-        ON_DECRYPT_HANDLES: "ON_DECRYPT_HANDLES";
-        MANUAL: "MANUAL";
-    }>>>;
     defaultPermitExpiration: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
     fheKeyStorage: z.ZodDefault<z.ZodUnion<[z.ZodObject<{
         getItem: z.ZodCustom<(name: string) => Promise<any>, (name: string) => Promise<any>>;
@@ -250,7 +245,8 @@ declare const CofhesdkConfigSchema: z.ZodObject<{
     }, z.core.$strip>, z.ZodNull]>>;
     useWorkers: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
     mocks: z.ZodDefault<z.ZodOptional<z.ZodObject<{
-        sealOutputDelay: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+        decryptDelay: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
+        encryptDelay: z.ZodDefault<z.ZodOptional<z.ZodUnion<readonly [z.ZodNumber, z.ZodTuple<[z.ZodNumber, z.ZodNumber, z.ZodNumber, z.ZodNumber, z.ZodNumber], null>]>>>;
     }, z.core.$strip>>>;
     _internal: z.ZodOptional<z.ZodObject<{
         zkvWalletClient: z.ZodOptional<z.ZodAny>;
@@ -259,25 +255,25 @@ declare const CofhesdkConfigSchema: z.ZodObject<{
 /**
  * Input config type inferred from the schema
  */
-type CofhesdkInputConfig = z.input<typeof CofhesdkConfigSchema>;
+type CofheInputConfig = z.input<typeof CofheConfigSchema>;
 /**
- * Creates and validates a cofhesdk configuration (base implementation)
+ * Creates and validates a cofhe configuration (base implementation)
  * @param config - The configuration object to validate
  * @returns The validated configuration
  * @throws {Error} If the configuration is invalid
  */
-declare function createCofhesdkConfigBase(config: CofhesdkInputConfig): CofhesdkConfig;
+declare function createCofheConfigBase(config: CofheInputConfig): CofheConfig;
 /**
- * Access the CofhesdkConfig object directly by providing the key.
+ * Access the CofheConfig object directly by providing the key.
  * This is powerful when you use OnchainKit utilities outside of the React context.
  */
-declare const getCofhesdkConfigItem: <K extends keyof CofhesdkConfig>(config: CofhesdkConfig, key: K) => CofhesdkConfig[K];
+declare const getCofheConfigItem: <K extends keyof CofheConfig>(config: CofheConfig, key: K) => CofheConfig[K];
 
 /**
  * Base parameters that all builders need
  */
 type BaseBuilderParams = {
-    config: CofhesdkConfig | undefined;
+    config: CofheConfig | undefined;
     publicClient: PublicClient | undefined;
     walletClient: WalletClient | undefined;
     chainId: number | undefined;
@@ -289,7 +285,7 @@ type BaseBuilderParams = {
  * for working with clients, config, and chain IDs
  */
 declare abstract class BaseBuilder {
-    protected config: CofhesdkConfig;
+    protected config: CofheConfig;
     protected publicClient: PublicClient | undefined;
     protected walletClient: WalletClient | undefined;
     protected chainId: number | undefined;
@@ -297,28 +293,28 @@ declare abstract class BaseBuilder {
     constructor(params: BaseBuilderParams);
     /**
      * Asserts that this.chainId is populated
-     * @throws {CofhesdkError} If chainId is not set
+     * @throws {CofheError} If chainId is not set
      */
     protected assertChainId(): asserts this is this & {
         chainId: number;
     };
     /**
      * Asserts that this.account is populated
-     * @throws {CofhesdkError} If account is not set
+     * @throws {CofheError} If account is not set
      */
     protected assertAccount(): asserts this is this & {
         account: string;
     };
     /**
      * Asserts that this.publicClient is populated
-     * @throws {CofhesdkError} If publicClient is not set
+     * @throws {CofheError} If publicClient is not set
      */
     protected assertPublicClient(): asserts this is this & {
         publicClient: PublicClient;
     };
     /**
      * Asserts that this.walletClient is populated
-     * @throws {CofhesdkError} If walletClient is not set
+     * @throws {CofheError} If walletClient is not set
      */
     protected assertWalletClient(): asserts this is this & {
         walletClient: WalletClient;
@@ -328,32 +324,35 @@ declare abstract class BaseBuilder {
 /**
  * API
  *
- * await client.decryptHandle(ctHash, utype)
+ * await client.decryptForView(ctHash, utype)
  *   .setChainId(chainId)
  *   .setAccount(account)
- *   .setPermitHash(permitHash)
- *   .setPermit(permit)
- *   .decrypt()
+ *   .withPermit()              // optional (active permit)
+ *   // or .withPermit(permitHash) / .withPermit(permit)
+ *   .execute()
  *
  * If chainId not set, uses client's chainId
  * If account not set, uses client's account
- * If permitHash not set, uses chainId and account to get active permit
- * If permit is set, uses permit to decrypt regardless of chainId, account, or permitHash
+ * withPermit() uses chainId + account to get the active permit.
+ * withPermit(permitHash) fetches that permit using chainId + account.
+ * withPermit(permit) uses the provided permit regardless of chainId/account.
+ *
+ * Note: decryptForView always requires a permit (no global-allowance mode).
  *
  * Returns the unsealed item.
  */
-type DecryptHandlesBuilderParams<U extends FheTypes> = BaseBuilderParams & {
+type DecryptForViewBuilderParams<U extends FheTypes> = BaseBuilderParams & {
     ctHash: bigint;
     utype: U;
     permitHash?: string;
     permit?: Permit;
 };
-declare class DecryptHandlesBuilder<U extends FheTypes> extends BaseBuilder {
+declare class DecryptForViewBuilder<U extends FheTypes> extends BaseBuilder {
     private ctHash;
     private utype;
     private permitHash?;
     private permit?;
-    constructor(params: DecryptHandlesBuilderParams<U>);
+    constructor(params: DecryptForViewBuilderParams<U>);
     /**
      * @param chainId - Chain to decrypt values from. Used to fetch the threshold network URL and use the correct permit.
      *
@@ -361,14 +360,14 @@ declare class DecryptHandlesBuilder<U extends FheTypes> extends BaseBuilder {
      *
      * Example:
      * ```typescript
-     * const unsealed = await decryptHandle(ctHash, utype)
+     * const unsealed = await client.decryptForView(ctHash, utype)
      *   .setChainId(11155111)
-     *   .decrypt();
+     *   .execute();
      * ```
      *
-     * @returns The chainable DecryptHandlesBuilder instance.
+     * @returns The chainable DecryptForViewBuilder instance.
      */
-    setChainId(chainId: number): DecryptHandlesBuilder<U>;
+    setChainId(chainId: number): DecryptForViewBuilder<U>;
     getChainId(): number | undefined;
     /**
      * @param account - Account to decrypt values from. Used to fetch the correct permit.
@@ -377,15 +376,25 @@ declare class DecryptHandlesBuilder<U extends FheTypes> extends BaseBuilder {
      *
      * Example:
      * ```typescript
-     * const unsealed = await decryptHandle(ctHash, utype)
+     * const unsealed = await client.decryptForView(ctHash, utype)
      *   .setAccount('0x1234567890123456789012345678901234567890')
-     *   .decrypt();
+     *   .execute();
      * ```
      *
-     * @returns The chainable DecryptHandlesBuilder instance.
+     * @returns The chainable DecryptForViewBuilder instance.
      */
-    setAccount(account: string): DecryptHandlesBuilder<U>;
+    setAccount(account: string): DecryptForViewBuilder<U>;
     getAccount(): string | undefined;
+    /**
+     * Select "use permit" mode (optional).
+     *
+     * - `withPermit(permit)` uses the provided permit.
+     * - `withPermit(permitHash)` fetches that permit.
+     * - `withPermit()` uses the active permit for the resolved `chainId + account`.
+     */
+    withPermit(): DecryptForViewBuilder<U>;
+    withPermit(permitHash: string): DecryptForViewBuilder<U>;
+    withPermit(permit: Permit): DecryptForViewBuilder<U>;
     /**
      * @param permitHash - Permit hash to decrypt values from. Used to fetch the correct permit.
      *
@@ -394,14 +403,15 @@ declare class DecryptHandlesBuilder<U extends FheTypes> extends BaseBuilder {
      *
      * Example:
      * ```typescript
-     * const unsealed = await decryptHandle(ctHash, utype)
+     * const unsealed = await client.decryptForView(ctHash, utype)
      *   .setPermitHash('0x1234567890123456789012345678901234567890')
-     *   .decrypt();
+     *   .execute();
      * ```
      *
-     * @returns The chainable DecryptHandlesBuilder instance.
+     * @returns The chainable DecryptForViewBuilder instance.
      */
-    setPermitHash(permitHash: string): DecryptHandlesBuilder<U>;
+    /** @deprecated Use `withPermit(permitHash)` instead. */
+    setPermitHash(permitHash: string): DecryptForViewBuilder<U>;
     getPermitHash(): string | undefined;
     /**
      * @param permit - Permit to decrypt values with. If provided, it will be used regardless of chainId, account, or permitHash.
@@ -410,14 +420,15 @@ declare class DecryptHandlesBuilder<U extends FheTypes> extends BaseBuilder {
      *
      * Example:
      * ```typescript
-     * const unsealed = await decryptHandle(ctHash, utype)
+     * const unsealed = await client.decryptForView(ctHash, utype)
      *   .setPermit(permit)
-     *   .decrypt();
+     *   .execute();
      * ```
      *
-     * @returns The chainable DecryptHandlesBuilder instance.
+     * @returns The chainable DecryptForViewBuilder instance.
      */
-    setPermit(permit: Permit): DecryptHandlesBuilder<U>;
+    /** @deprecated Use `withPermit(permit)` instead. */
+    setPermit(permit: Permit): DecryptForViewBuilder<U>;
     getPermit(): Permit | undefined;
     private getThresholdNetworkUrl;
     private validateUtypeOrThrow;
@@ -442,15 +453,112 @@ declare class DecryptHandlesBuilder<U extends FheTypes> extends BaseBuilder {
      *
      * Example:
      * ```typescript
-     * const unsealed = await decryptHandle(ctHash, utype)
+     * const unsealed = await client.decryptForView(ctHash, utype)
      *   .setChainId(11155111)      // optional
      *   .setAccount('0x123...890') // optional
-     *   .decrypt();                // execute
+     *   .withPermit()              // optional
+     *   .execute();                // execute
      * ```
      *
      * @returns The unsealed item.
      */
-    decrypt(): Promise<UnsealedItem<U>>;
+    execute(): Promise<UnsealedItem<U>>;
+}
+
+type DecryptForTxBuilderParams = BaseBuilderParams & {
+    ctHash: bigint;
+};
+type DecryptForTxResult = {
+    ctHash: bigint;
+    decryptedValue: bigint;
+    signature: string;
+};
+/**
+ * Type-level gating:
+ * - The initial builder returned from `client.decryptForTx(...)` intentionally does not expose `execute()`.
+ * - Calling `withPermit(...)` or `withoutPermit()` returns a builder that *does* expose `execute()`, but no longer
+ *   exposes `withPermit/withoutPermit` (so you can't select twice, or switch modes).
+ */
+type DecryptForTxBuilderUnset = Omit<DecryptForTxBuilder, 'execute'>;
+type DecryptForTxBuilderSelected = Omit<DecryptForTxBuilder, 'withPermit' | 'withoutPermit'>;
+declare class DecryptForTxBuilder extends BaseBuilder {
+    private ctHash;
+    private permitHash?;
+    private permit?;
+    private permitSelection;
+    constructor(params: DecryptForTxBuilderParams);
+    /**
+     * @param chainId - Chain to decrypt values from. Used to fetch the threshold network URL and use the correct permit.
+     *
+     * If not provided, the chainId will be fetched from the connected publicClient.
+     *
+     * Example:
+     * ```typescript
+     * const result = await decryptForTx(ctHash)
+     *   .setChainId(11155111)
+     *   .execute();
+     * ```
+     *
+     * @returns The chainable DecryptForTxBuilder instance.
+     */
+    setChainId(this: DecryptForTxBuilderUnset, chainId: number): DecryptForTxBuilderUnset;
+    setChainId(this: DecryptForTxBuilderSelected, chainId: number): DecryptForTxBuilderSelected;
+    getChainId(): number | undefined;
+    /**
+     * @param account - Account to decrypt values from. Used to fetch the correct permit.
+     *
+     * If not provided, the account will be fetched from the connected walletClient.
+     *
+     * Example:
+     * ```typescript
+     * const result = await decryptForTx(ctHash)
+     *   .setAccount('0x1234567890123456789012345678901234567890')
+     *   .execute();
+     * ```
+     *
+     * @returns The chainable DecryptForTxBuilder instance.
+     */
+    setAccount(this: DecryptForTxBuilderUnset, account: string): DecryptForTxBuilderUnset;
+    setAccount(this: DecryptForTxBuilderSelected, account: string): DecryptForTxBuilderSelected;
+    getAccount(): string | undefined;
+    /**
+     * Select "use permit" mode.
+     *
+     * - `withPermit(permit)` uses the provided permit.
+     * - `withPermit(permitHash)` fetches that permit.
+     * - `withPermit()` uses the active permit for the resolved `chainId + account`.
+     *
+     * Note: "global allowance" (no permit) is ONLY available via `withoutPermit()`.
+     */
+    withPermit(): DecryptForTxBuilderSelected;
+    withPermit(permitHash: string): DecryptForTxBuilderSelected;
+    withPermit(permit: Permit): DecryptForTxBuilderSelected;
+    /**
+     * Select "no permit" mode.
+     *
+     * This uses global allowance (no permit required) and sends an empty permission payload to `/decrypt`.
+     */
+    withoutPermit(): DecryptForTxBuilderSelected;
+    getPermit(): Permit | undefined;
+    getPermitHash(): string | undefined;
+    private getThresholdNetworkUrl;
+    private getResolvedPermit;
+    /**
+     * On hardhat, interact with MockThresholdNetwork contract
+     */
+    private mocksDecryptForTx;
+    /**
+     * In the production context, perform a true decryption with the CoFHE coprocessor.
+     */
+    private productionDecryptForTx;
+    /**
+     * Final step of the decryptForTx process. MUST BE CALLED LAST IN THE CHAIN.
+     *
+     * You must explicitly choose one permit mode before calling `execute()`:
+     * - `withPermit(permit)` / `withPermit(permitHash)` / `withPermit()` (active permit)
+     * - `withoutPermit()` (global allowance)
+     */
+    execute(): Promise<DecryptForTxResult>;
 }
 
 /**
@@ -541,7 +649,7 @@ type FheKeyDeserializer = (buff: string) => void;
 /**
  * Retrieves the FHE public key and the CRS from the provider.
  * If the key/crs already exists in the store it is returned, else it is fetched, stored, and returned
- * @param {CofhesdkConfig} config - The configuration object for the CoFHE SDK
+ * @param {CofheConfig} config - The configuration object for the CoFHE client
  * @param {number} chainId - The chain to fetch the FHE key for, if no chainId provided, undefined is returned
  * @param securityZone - The security zone for which to retrieve the key (default 0).
  * @param tfhePublicKeyDeserializer - The serializer for the FHE public key (used for validation).
@@ -549,7 +657,7 @@ type FheKeyDeserializer = (buff: string) => void;
  * @param keysStorage - The keys storage instance to use (optional)
  * @returns {Promise<[[string, boolean], [string, boolean]]>} - A promise that resolves to [[fheKey, fheKeyFetchedFromCoFHE], [crs, crsFetchedFromCoFHE]]
  */
-declare const fetchKeys: (config: CofhesdkConfig, chainId: number, securityZone: number | undefined, tfhePublicKeyDeserializer: FheKeyDeserializer, compactPkeCrsDeserializer: FheKeyDeserializer, keysStorage?: KeysStorage | null) => Promise<[[string, boolean], [string, boolean]]>;
+declare const fetchKeys: (config: CofheConfig, chainId: number, securityZone: number | undefined, tfhePublicKeyDeserializer: FheKeyDeserializer, compactPkeCrsDeserializer: FheKeyDeserializer, keysStorage?: KeysStorage | null) => Promise<[[string, boolean], [string, boolean]]>;
 
 type EncryptInputsBuilderParams<T extends EncryptableItem[]> = BaseBuilderParams & {
     inputs: [...T];
@@ -590,7 +698,7 @@ declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuil
      * ```typescript
      * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
      *   .setAccount("0x123")
-     *   .encrypt();
+     *   .execute();
      * ```
      *
      * @returns The chainable EncryptInputsBuilder instance.
@@ -606,7 +714,7 @@ declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuil
      * ```typescript
      * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
      *   .setChainId(11155111)
-     *   .encrypt();
+     *   .execute();
      * ```
      *
      * @returns The chainable EncryptInputsBuilder instance.
@@ -622,7 +730,7 @@ declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuil
      * ```typescript
      * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
      *   .setSecurityZone(1)
-     *   .encrypt();
+     *   .execute();
      * ```
      *
      * @returns The chainable EncryptInputsBuilder instance.
@@ -638,7 +746,7 @@ declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuil
      * ```typescript
      * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
      *   .setUseWorker(false)
-     *   .encrypt();
+     *   .execute();
      * ```
      *
      * @returns The chainable EncryptInputsBuilder instance.
@@ -667,13 +775,13 @@ declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuil
      * Example:
      * ```typescript
      * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
-     *   .setStepCallback((step: EncryptStep) => console.log(step))
-     *   .encrypt();
+     *   .onStep((step: EncryptStep) => console.log(step))
+     *   .execute();
      * ```
      *
      * @returns The EncryptInputsBuilder instance.
      */
-    setStepCallback(callback: EncryptStepCallbackFunction): EncryptInputsBuilder<T>;
+    onStep(callback: EncryptStepCallbackFunction): EncryptInputsBuilder<T>;
     getStepCallback(): EncryptStepCallbackFunction | undefined;
     /**
      * Fires the step callback if set
@@ -681,12 +789,12 @@ declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuil
     private fireStepStart;
     private fireStepEnd;
     /**
-     * zkVerifierUrl is included in the chains exported from cofhesdk/chains for use in CofhesdkConfig.supportedChains
+     * zkVerifierUrl is included in the chains exported from @cofhe/sdk/chains for use in CofheConfig.supportedChains
      * Users should generally not set this manually.
      */
     private getZkVerifierUrl;
     /**
-     * initTfhe is a platform-specific dependency injected into core/createCofhesdkClientBase by web/createCofhesdkClient and node/createCofhesdkClient
+     * initTfhe is a platform-specific dependency injected into core/createCofheClientBase by web/createCofheClient and node/createCofheClient
      * web/ uses zama "tfhe"
      * node/ uses zama "node-tfhe"
      * Users should not set this manually.
@@ -697,6 +805,11 @@ declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuil
      * If the key/crs already exists in the store it is returned, else it is fetched, stored, and returned
      */
     private fetchFheKeyAndCrs;
+    /**
+     * Resolves the encryptDelay config into an array of 5 per-step delays.
+     * A single number is broadcast to all steps; a tuple is used as-is.
+     */
+    private resolveEncryptDelays;
     /**
      * @dev Encrypt against the cofheMocks instead of CoFHE
      *
@@ -704,11 +817,11 @@ declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuil
      * cofheMocksInsertPackedHashes - stores the ctHashes and their plaintext values for on-chain mocking of FHE operations.
      * cofheMocksZkCreateProofSignatures - creates signatures to be included in the encrypted inputs. The signers address is known and verified in the mock contracts.
      */
-    private mocksEncrypt;
+    private mocksExecute;
     /**
      * In the production context, perform a true encryption with the CoFHE coprocessor.
      */
-    private productionEncrypt;
+    private productionExecute;
     /**
      * Final step of the encryption process. MUST BE CALLED LAST IN THE CHAIN.
      *
@@ -723,12 +836,12 @@ declare class EncryptInputsBuilder<T extends EncryptableItem[]> extends BaseBuil
      * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
      *   .setAccount('0x123...890') // optional
      *   .setChainId(11155111)      // optional
-     *   .encrypt();                // execute
+     *   .execute();                // execute
      * ```
      *
      * @returns The encrypted inputs.
      */
-    encrypt(): Promise<[...EncryptedItemInputs<T>]>;
+    execute(): Promise<[...EncryptedItemInputs<T>]>;
 }
 
 declare const permits: {
@@ -790,9 +903,10 @@ declare const permits: {
     removeActivePermit: (chainId: number, account: string) => Promise<void>;
 };
 
-type CofhesdkClient<TConfig extends CofhesdkConfig = CofhesdkConfig> = {
-    getSnapshot(): CofhesdkClientConnectionState;
+type CofheClient<TConfig extends CofheConfig = CofheConfig> = {
+    getSnapshot(): CofheClientConnectionState;
     subscribe(listener: Listener): () => void;
+    readonly connection: CofheClientConnectionState;
     readonly connected: boolean;
     readonly connecting: boolean;
     readonly config: TConfig;
@@ -807,10 +921,15 @@ type CofhesdkClient<TConfig extends CofhesdkConfig = CofhesdkConfig> = {
      * Types docstring
      */
     encryptInputs<T extends EncryptableItem[]>(inputs: [...T]): EncryptInputsBuilder<[...T]>;
-    decryptHandle<U extends FheTypes>(ctHash: bigint, utype: U): DecryptHandlesBuilder<U>;
-    permits: CofhesdkClientPermits;
+    /**
+     * @deprecated Use `decryptForView` instead. Kept for backward compatibility.
+     */
+    decryptHandle<U extends FheTypes>(ctHash: bigint, utype: U): DecryptForViewBuilder<U>;
+    decryptForView<U extends FheTypes>(ctHash: bigint, utype: U): DecryptForViewBuilder<U>;
+    decryptForTx(ctHash: bigint): DecryptForTxBuilderUnset;
+    permits: CofheClientPermits;
 };
-type CofhesdkClientConnectionState = {
+type CofheClientConnectionState = {
     connected: boolean;
     connecting: boolean;
     connectError: unknown | undefined;
@@ -819,17 +938,17 @@ type CofhesdkClientConnectionState = {
     publicClient: PublicClient | undefined;
     walletClient: WalletClient | undefined;
 };
-type Listener = (snapshot: CofhesdkClientConnectionState) => void;
-type CofhesdkClientPermitsClients = {
+type Listener = (snapshot: CofheClientConnectionState) => void;
+type CofheClientPermitsClients = {
     publicClient: PublicClient;
     walletClient: WalletClient;
 };
-type CofhesdkClientPermits = {
+type CofheClientPermits = {
     getSnapshot: typeof permits.getSnapshot;
     subscribe: typeof permits.subscribe;
-    createSelf: (options: CreateSelfPermitOptions, clients?: CofhesdkClientPermitsClients) => Promise<SelfPermit>;
-    createSharing: (options: CreateSharingPermitOptions, clients?: CofhesdkClientPermitsClients) => Promise<SharingPermit>;
-    importShared: (options: ImportSharedPermitOptions | string, clients?: CofhesdkClientPermitsClients) => Promise<RecipientPermit>;
+    createSelf: (options: CreateSelfPermitOptions, clients?: CofheClientPermitsClients) => Promise<SelfPermit>;
+    createSharing: (options: CreateSharingPermitOptions, clients?: CofheClientPermitsClients) => Promise<SharingPermit>;
+    importShared: (options: ImportSharedPermitOptions | string, clients?: CofheClientPermitsClients) => Promise<RecipientPermit>;
     getPermit: (hash: string, chainId?: number, account?: string) => Promise<Permit | undefined>;
     getPermits: (chainId?: number, account?: string) => Promise<Record<string, Permit>>;
     getActivePermit: (chainId?: number, account?: string) => Promise<Permit | undefined>;
@@ -843,7 +962,7 @@ type CofhesdkClientPermits = {
     serialize: typeof PermitUtils.serialize;
     deserialize: typeof PermitUtils.deserialize;
 };
-type CofhesdkClientParams<TConfig extends CofhesdkConfig> = {
+type CofheClientParams<TConfig extends CofheConfig> = {
     config: TConfig;
     zkBuilderAndCrsGenerator: ZkBuilderAndCrsGenerator;
     tfhePublicKeyDeserializer: FheKeyDeserializer;
@@ -852,4 +971,4 @@ type CofhesdkClientParams<TConfig extends CofhesdkConfig> = {
     zkProveWorkerFn?: ZkProveWorkerFunction;
 };
 
-export { type ZkProveWorkerResponse as $, type FheTypeValue as A, type EncryptStepCallbackFunction as B, type CofhesdkInputConfig as C, type EncryptStepCallbackContext as D, type EncryptableItem as E, FheTypes as F, FheUintUTypes as G, FheAllUTypes as H, type IStorage as I, Encryptable as J, isEncryptableItem as K, type LiteralToPrimitive as L, EncryptStep as M, isLastEncryptionStep as N, assertCorrectEncryptedItemInput as O, type Primitive as P, fetchKeys as Q, type FheKeyDeserializer as R, createKeysStore as S, type KeysStorage as T, type UnsealedItem as U, type KeysStore as V, EncryptInputsBuilder as W, DecryptHandlesBuilder as X, type ZkProveWorkerFunction as Y, type ZkBuilderAndCrsGenerator as Z, type ZkProveWorkerRequest as _, type CofhesdkConfig as a, zkProveWithWorker as a0, type CofhesdkClient as b, type CofhesdkClientConnectionState as c, type CofhesdkClientParams as d, createCofhesdkConfigBase as e, type CofhesdkInternalConfig as f, getCofhesdkConfigItem as g, type CofhesdkClientPermits as h, type EncryptableBool as i, type EncryptableUint8 as j, type EncryptableUint16 as k, type EncryptableUint32 as l, type EncryptableUint64 as m, type EncryptableUint128 as n, type EncryptableAddress as o, type EncryptedNumber as p, type EncryptedItemInput as q, type EncryptedBoolInput as r, type EncryptedUint8Input as s, type EncryptedUint16Input as t, type EncryptedUint32Input as u, type EncryptedUint64Input as v, type EncryptedUint128Input as w, type EncryptedAddressInput as x, type EncryptedItemInputs as y, type EncryptableToEncryptedItemInputMap as z };
+export { type ZkProveWorkerFunction as $, type FheTypeValue as A, type EncryptStepCallbackFunction as B, type CofheInputConfig as C, type EncryptStepCallbackContext as D, type EncryptableItem as E, FheTypes as F, FheUintUTypes as G, FheAllUTypes as H, type IStorage as I, Encryptable as J, isEncryptableItem as K, type LiteralToPrimitive as L, EncryptStep as M, isLastEncryptionStep as N, assertCorrectEncryptedItemInput as O, type Primitive as P, fetchKeys as Q, type FheKeyDeserializer as R, createKeysStore as S, type KeysStorage as T, type UnsealedItem as U, type KeysStore as V, EncryptInputsBuilder as W, DecryptForViewBuilder as X, DecryptForTxBuilder as Y, type DecryptForTxResult as Z, type ZkBuilderAndCrsGenerator as _, type CofheConfig as a, type ZkProveWorkerRequest as a0, type ZkProveWorkerResponse as a1, zkProveWithWorker as a2, type CofheClient as b, type CofheClientConnectionState as c, type CofheClientParams as d, createCofheConfigBase as e, type CofheInternalConfig as f, getCofheConfigItem as g, type CofheClientPermits as h, type EncryptableBool as i, type EncryptableUint8 as j, type EncryptableUint16 as k, type EncryptableUint32 as l, type EncryptableUint64 as m, type EncryptableUint128 as n, type EncryptableAddress as o, type EncryptedNumber as p, type EncryptedItemInput as q, type EncryptedBoolInput as r, type EncryptedUint8Input as s, type EncryptedUint16Input as t, type EncryptedUint32Input as u, type EncryptedUint64Input as v, type EncryptedUint128Input as w, type EncryptedAddressInput as x, type EncryptedItemInputs as y, type EncryptableToEncryptedItemInputMap as z };