@cofhe/sdk 0.4.0 → 0.5.0

package/dist/web.d.cts

@@ -1,10 +1,12 @@
-import { C as CofheInputConfig, a as CofheConfig, b as CofheClient, E as EncryptableItem } from './clientTypes-ACVWbrXL.cjs';
+import { I as IStorage, C as CofheInputConfig, a as CofheConfig, b as CofheClient, E as EncryptableItem } from './clientTypes-BSbwairE.cjs';
 import 'viem';
-import './types-YiAC4gig.cjs';
+import './types-C07FK-cL.cjs';
 import 'zod';
-import './permit-MZ502UBl.cjs';
+import './permit-DnVMDT5h.cjs';
 import 'zustand/vanilla';
 
+declare function createSsrStorage(): IStorage;
+
 /**
  * Terminate the worker
  */
@@ -14,6 +16,8 @@ declare function terminateWorker(): void;
  */
 declare function areWorkersAvailable(): boolean;
 
+declare const hasDOM: boolean;
+
 /**
  * Creates a CoFHE configuration for web with IndexedDB storage as default
  * @param config - The CoFHE input configuration (fheKeyStorage will default to IndexedDB if not provided)
@@ -35,4 +39,4 @@ declare function createCofheClient<TConfig extends CofheConfig>(config: TConfig)
  */
 declare function createCofheClientWithCustomWorker(config: CofheConfig, customZkProveWorkerFn: (fheKeyHex: string, crsHex: string, items: EncryptableItem[], metadata: Uint8Array) => Promise<Uint8Array>): CofheClient;
 
-export { areWorkersAvailable, createCofheClient, createCofheClientWithCustomWorker, createCofheConfig, terminateWorker };
+export { areWorkersAvailable, createCofheClient, createCofheClientWithCustomWorker, createCofheConfig, createSsrStorage, hasDOM, terminateWorker };

package/dist/web.d.ts

@@ -1,10 +1,12 @@
-import { C as CofheInputConfig, a as CofheConfig, b as CofheClient, E as EncryptableItem } from './clientTypes-kkrRdawm.js';
+import { I as IStorage, C as CofheInputConfig, a as CofheConfig, b as CofheClient, E as EncryptableItem } from './clientTypes-DDmcgZ0a.js';
 import 'viem';
-import './types-YiAC4gig.js';
+import './types-C07FK-cL.js';
 import 'zod';
-import './permit-MZ502UBl.js';
+import './permit-DnVMDT5h.js';
 import 'zustand/vanilla';
 
+declare function createSsrStorage(): IStorage;
+
 /**
  * Terminate the worker
  */
@@ -14,6 +16,8 @@ declare function terminateWorker(): void;
  */
 declare function areWorkersAvailable(): boolean;
 
+declare const hasDOM: boolean;
+
 /**
  * Creates a CoFHE configuration for web with IndexedDB storage as default
  * @param config - The CoFHE input configuration (fheKeyStorage will default to IndexedDB if not provided)
@@ -35,4 +39,4 @@ declare function createCofheClient<TConfig extends CofheConfig>(config: TConfig)
  */
 declare function createCofheClientWithCustomWorker(config: CofheConfig, customZkProveWorkerFn: (fheKeyHex: string, crsHex: string, items: EncryptableItem[], metadata: Uint8Array) => Promise<Uint8Array>): CofheClient;
 
-export { areWorkersAvailable, createCofheClient, createCofheClientWithCustomWorker, createCofheConfig, terminateWorker };
+export { areWorkersAvailable, createCofheClient, createCofheClientWithCustomWorker, createCofheConfig, createSsrStorage, hasDOM, terminateWorker };

package/dist/web.js

@@ -1,15 +1,22 @@
-import { createCofheConfigBase, createCofheClientBase, fheTypeToString } from './chunk-MXND5SVN.js';
+import { createCofheConfigBase, createCofheClientBase, fheTypeToString } from './chunk-S7OKGLFD.js';
 import './chunk-TBLR7NNE.js';
-import './chunk-NWDKXBIP.js';
+import './chunk-MRCKUMOS.js';
+import { TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT } from './chunk-4FP4V35O.js';
 import { constructClient } from 'iframe-shared-storage';
-import init, { init_panic_hook, TfheCompactPublicKey, CompactPkeCrs, ProvenCompactCiphertextList } from 'tfhe';
+import init, { init_panic_hook, ProvenCompactCiphertextList, CompactPkeCrs, TfheCompactPublicKey } from 'tfhe';
 
-var createWebStorage = () => {
+// web/const.ts
+var hasDOM = typeof globalThis?.document !== "undefined" && typeof globalThis?.window !== "undefined";
+
+// web/storage.ts
+var createWebStorage = (opts = { enableLog: false }) => {
+  if (!hasDOM)
+    throw new Error("createWebStorage can only be used in a browser environment");
   const client = constructClient({
     iframe: {
       src: "https://iframe-shared-storage.vercel.app/hub.html",
       messagingOptions: {
-        enableLog: "both"
+        enableLog: opts.enableLog ? "both" : void 0
       },
       iframeReadyTimeoutMs: 3e4,
       // if the iframe is not initied during this interval AND a reuqest is made, such request will throw an error
@@ -32,6 +39,16 @@ var createWebStorage = () => {
     }
   };
 };
+function createSsrStorage() {
+  console.warn("using no-op server-side SSR storage");
+  return {
+    getItem: async () => null,
+    setItem: async () => {
+    },
+    removeItem: async () => {
+    }
+  };
+}
 
 // web/workerManager.ts
 var ZkProveWorkerManager = class {
@@ -187,16 +204,22 @@ var fromHexString = (hexString) => {
     return new Uint8Array();
   return new Uint8Array(arr.map((byte) => parseInt(byte, 16)));
 };
+var _deserializeTfhePublicKey = (buff) => {
+  return TfheCompactPublicKey.safe_deserialize(fromHexString(buff), TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT);
+};
+var _deserializeCompactPkeCrs = (buff) => {
+  return CompactPkeCrs.safe_deserialize(fromHexString(buff), TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT);
+};
 var tfhePublicKeyDeserializer = (buff) => {
-  TfheCompactPublicKey.deserialize(fromHexString(buff));
+  _deserializeTfhePublicKey(buff);
 };
 var compactPkeCrsDeserializer = (buff) => {
-  CompactPkeCrs.deserialize(fromHexString(buff));
+  _deserializeCompactPkeCrs(buff);
 };
 var zkBuilderAndCrsGenerator = (fhe, crs) => {
-  const fhePublicKey = TfheCompactPublicKey.deserialize(fromHexString(fhe));
+  const fhePublicKey = _deserializeTfhePublicKey(fhe);
   const zkBuilder = ProvenCompactCiphertextList.builder(fhePublicKey);
-  const zkCrs = CompactPkeCrs.deserialize(fromHexString(crs));
+  const zkCrs = _deserializeCompactPkeCrs(crs);
   return { zkBuilder, zkCrs };
 };
 async function zkProveWithWorker(fheKeyHex, crsHex, items, metadata) {
@@ -211,7 +234,7 @@ function createCofheConfig(config) {
   return createCofheConfigBase({
     environment: "web",
     ...config,
-    fheKeyStorage: config.fheKeyStorage === null ? null : config.fheKeyStorage ?? createWebStorage()
+    fheKeyStorage: config.fheKeyStorage === null ? null : config.fheKeyStorage ?? (hasDOM ? createWebStorage() : createSsrStorage())
   });
 }
 function createCofheClient(config) {
@@ -237,4 +260,4 @@ function createCofheClientWithCustomWorker(config, customZkProveWorkerFn) {
   });
 }
 
-export { areWorkersAvailable, createCofheClient, createCofheClientWithCustomWorker, createCofheConfig, terminateWorker };
+export { areWorkersAvailable, createCofheClient, createCofheClientWithCustomWorker, createCofheConfig, createSsrStorage, hasDOM, terminateWorker };

package/dist/zkProve.worker.cjs

@@ -1,5 +1,8 @@
 'use strict';
 
+// core/consts.ts
+var TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT = BigInt(1 << 30);
+
 // web/zkProve.worker.ts
 var tfheModule = null;
 var initialized = false;
@@ -41,8 +44,8 @@ self.onmessage = async (event) => {
     }
     const fheKeyBytes = fromHexString(fheKeyHex);
     const crsBytes = fromHexString(crsHex);
-    const fheKey = tfheModule.TfheCompactPublicKey.deserialize(fheKeyBytes);
-    const crs = tfheModule.CompactPkeCrs.deserialize(crsBytes);
+    const fheKey = tfheModule.TfheCompactPublicKey.safe_deserialize(fheKeyBytes, TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT);
+    const crs = tfheModule.CompactPkeCrs.safe_deserialize(crsBytes, TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT);
     const builder = tfheModule.ProvenCompactCiphertextList.builder(fheKey);
     for (const item of items) {
       switch (item.utype) {
@@ -73,7 +76,7 @@ self.onmessage = async (event) => {
     }
     const metadataBytes = new Uint8Array(metadata);
     const compactList = builder.build_with_proof_packed(crs, metadataBytes, 1);
-    const result = compactList.serialize();
+    const result = compactList.safe_serialize(TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT);
     self.postMessage({
       id,
       type: "success",

package/dist/zkProve.worker.js

@@ -1,3 +1,5 @@
+import { TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT } from './chunk-4FP4V35O.js';
+
 // web/zkProve.worker.ts
 var tfheModule = null;
 var initialized = false;
@@ -39,8 +41,8 @@ self.onmessage = async (event) => {
     }
     const fheKeyBytes = fromHexString(fheKeyHex);
     const crsBytes = fromHexString(crsHex);
-    const fheKey = tfheModule.TfheCompactPublicKey.deserialize(fheKeyBytes);
-    const crs = tfheModule.CompactPkeCrs.deserialize(crsBytes);
+    const fheKey = tfheModule.TfheCompactPublicKey.safe_deserialize(fheKeyBytes, TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT);
+    const crs = tfheModule.CompactPkeCrs.safe_deserialize(crsBytes, TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT);
     const builder = tfheModule.ProvenCompactCiphertextList.builder(fheKey);
     for (const item of items) {
       switch (item.utype) {
@@ -71,7 +73,7 @@ self.onmessage = async (event) => {
     }
     const metadataBytes = new Uint8Array(metadata);
     const compactList = builder.build_with_proof_packed(crs, metadataBytes, 1);
-    const result = compactList.serialize();
+    const result = compactList.safe_serialize(TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT);
     self.postMessage({
       id,
       type: "success",

package/node/index.ts

@@ -8,6 +8,7 @@ import {
   type CofheInputConfig,
   type ZkBuilderAndCrsGenerator,
   type FheKeyDeserializer,
+  TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT,
 } from '@/core';
 
 // Import node-specific storage (internal use only)
@@ -39,12 +40,20 @@ const fromHexString = (hexString: string): Uint8Array => {
   return new Uint8Array(arr.map((byte) => parseInt(byte, 16)));
 };
 
+const _deserializeTfhePublicKey = (buff: string): TfheCompactPublicKey => {
+  return TfheCompactPublicKey.safe_deserialize(fromHexString(buff), TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT);
+};
+
+const _deserializeCompactPkeCrs = (buff: string): CompactPkeCrs => {
+  return CompactPkeCrs.safe_deserialize(fromHexString(buff), TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT);
+};
+
 /**
  * Serializer for TFHE public keys
  * Validates that the buffer can be deserialized into a TfheCompactPublicKey
  */
 const tfhePublicKeyDeserializer: FheKeyDeserializer = (buff: string): void => {
-  TfheCompactPublicKey.deserialize(fromHexString(buff));
+  _deserializeTfhePublicKey(buff);
 };
 
 /**
@@ -52,7 +61,7 @@ const tfhePublicKeyDeserializer: FheKeyDeserializer = (buff: string): void => {
  * Validates that the buffer can be deserialized into ZkCompactPkePublicParams
  */
 const compactPkeCrsDeserializer: FheKeyDeserializer = (buff: string): void => {
-  CompactPkeCrs.deserialize(fromHexString(buff));
+  _deserializeCompactPkeCrs(buff);
 };
 
 /**
@@ -60,9 +69,9 @@ const compactPkeCrsDeserializer: FheKeyDeserializer = (buff: string): void => {
  * This is used internally by the SDK to create encrypted inputs
  */
 const zkBuilderAndCrsGenerator: ZkBuilderAndCrsGenerator = (fhe: string, crs: string) => {
-  const fhePublicKey = TfheCompactPublicKey.deserialize(fromHexString(fhe));
+  const fhePublicKey = _deserializeTfhePublicKey(fhe);
   const zkBuilder = ProvenCompactCiphertextList.builder(fhePublicKey);
-  const zkCrs = CompactPkeCrs.deserialize(fromHexString(crs));
+  const zkCrs = _deserializeCompactPkeCrs(crs);
 
   return { zkBuilder, zkCrs };
 };

package/node/test/client.test.ts

@@ -0,0 +1,25 @@
+import { type CofheClient } from '@/core';
+import { arbSepolia as cofheArbSepolia } from '@/chains';
+
+import { describe, it, expect, beforeEach } from 'vitest';
+import { createCofheClient, createCofheConfig } from '../index.js';
+
+describe('@cofhe/node - Client', () => {
+  let cofheClient: CofheClient;
+
+  beforeEach(() => {
+    const config = createCofheConfig({
+      supportedChains: [cofheArbSepolia],
+    });
+    cofheClient = createCofheClient(config);
+  });
+
+  it('should automatically use filesystem storage as default', () => {
+    expect(cofheClient.config.fheKeyStorage).toBeDefined();
+    expect(cofheClient.config.fheKeyStorage).not.toBeNull();
+  });
+
+  it('should have the correct environment', () => {
+    expect(cofheClient.config.environment).toBe('node');
+  });
+});

package/node/test/config.test.ts

@@ -0,0 +1,16 @@
+import { arbSepolia } from '@/chains';
+
+import { describe, it, expect } from 'vitest';
+import { createCofheConfig } from '../index.js';
+
+describe('@cofhe/node - Config', () => {
+  it('should automatically inject filesystem storage as default', () => {
+    const config = createCofheConfig({
+      supportedChains: [arbSepolia],
+    });
+
+    expect(config.fheKeyStorage).toBeDefined();
+    expect(config.fheKeyStorage).not.toBeNull();
+    expect(config.supportedChains).toEqual([arbSepolia]);
+  });
+});

package/node/test/inherited.test.ts

@@ -0,0 +1,244 @@
+import { Encryptable, FheTypes, type CofheClient } from '@/core';
+import { arbSepolia as cofheArbSepolia, getChainById } from '@/chains';
+import {
+  TEST_PRIVATE_KEY,
+  PRIMARY_TEST_CHAIN,
+  primaryTestChainRegistry,
+  isPrimaryTestChainReady,
+} from '@cofhe/test-setup';
+
+import { describe, it, expect, beforeAll, beforeEach } from 'vitest';
+import type { Chain, PublicClient, WalletClient } from 'viem';
+import { createPublicClient, createWalletClient, http } from 'viem';
+import { privateKeyToAccount } from 'viem/accounts';
+import { arbitrumSepolia, baseSepolia, sepolia } from 'viem/chains';
+import { createCofheClient, createCofheConfig } from '../index.js';
+
+const DEFAULT_TEST_PRIVATE_KEY = '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80';
+const BOB_PRIVATE_KEY = (TEST_PRIVATE_KEY || DEFAULT_TEST_PRIVATE_KEY) as `0x${string}`;
+const ALICE_PRIVATE_KEY = '0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d';
+
+const bobAccount = privateKeyToAccount(BOB_PRIVATE_KEY);
+const aliceAccount = privateKeyToAccount(ALICE_PRIVATE_KEY);
+
+const VIEM_CHAINS: Record<number, Chain> = {
+  421614: arbitrumSepolia,
+  84532: baseSepolia,
+  11155111: sepolia,
+};
+
+describe('@cofhe/node - Inherited Client Tests', () => {
+  let cofheClient: CofheClient;
+  let publicClient: PublicClient;
+  let bobWalletClient: WalletClient;
+  let aliceWalletClient: WalletClient;
+
+  beforeAll(() => {
+    publicClient = createPublicClient({
+      chain: arbitrumSepolia,
+      transport: http(),
+    });
+
+    bobWalletClient = createWalletClient({
+      chain: arbitrumSepolia,
+      transport: http(),
+      account: bobAccount,
+    });
+
+    aliceWalletClient = createWalletClient({
+      chain: arbitrumSepolia,
+      transport: http(),
+      account: aliceAccount,
+    });
+  });
+
+  beforeEach(() => {
+    const config = createCofheConfig({
+      supportedChains: [cofheArbSepolia],
+    });
+    cofheClient = createCofheClient(config);
+  });
+
+  describe('Client Creation', () => {
+    it('should create a client with expected surface', () => {
+      expect(cofheClient).toBeDefined();
+      expect(cofheClient.config).toBeDefined();
+      expect(cofheClient.connected).toBe(false);
+      expect(typeof cofheClient.connect).toBe('function');
+      expect(typeof cofheClient.disconnect).toBe('function');
+      expect(typeof cofheClient.encryptInputs).toBe('function');
+      expect(typeof cofheClient.decryptForView).toBe('function');
+      expect(typeof cofheClient.decryptForTx).toBe('function');
+      expect(typeof cofheClient.getSnapshot).toBe('function');
+      expect(typeof cofheClient.subscribe).toBe('function');
+      expect(cofheClient.permits).toBeDefined();
+    });
+  });
+
+  describe('Connection', () => {
+    it('should connect to a real chain', async () => {
+      await cofheClient.connect(publicClient, bobWalletClient);
+
+      expect(cofheClient.connected).toBe(true);
+
+      const snapshot = cofheClient.getSnapshot();
+      expect(snapshot.connected).toBe(true);
+      expect(snapshot.chainId).toBe(cofheArbSepolia.id);
+      expect(snapshot.account).toBe(bobAccount.address);
+    }, 30000);
+  });
+
+  describe('Encrypt Input', () => {
+    it('should encrypt a uint128 value', async () => {
+      await cofheClient.connect(publicClient, bobWalletClient);
+
+      const encrypted = await cofheClient.encryptInputs([Encryptable.uint128(100n)]).execute();
+
+      expect(encrypted).toBeDefined();
+      expect(encrypted.length).toBe(1);
+      expect(encrypted[0].utype).toBe(FheTypes.Uint128);
+      expect(encrypted[0].ctHash).toBeDefined();
+      expect(typeof encrypted[0].ctHash).toBe('bigint');
+      expect(encrypted[0].signature).toBeDefined();
+      expect(typeof encrypted[0].signature).toBe('string');
+      expect(encrypted[0].securityZone).toBe(0);
+    }, 60000);
+  });
+
+  describe('Self Permit', () => {
+    it('should create a self permit', async () => {
+      await cofheClient.connect(publicClient, bobWalletClient);
+
+      const permit = await cofheClient.permits.createSelf({
+        issuer: bobAccount.address,
+        name: 'Test Self Permit',
+      });
+
+      expect(permit).toBeDefined();
+      expect(permit.type).toBe('self');
+      expect(permit.name).toBe('Test Self Permit');
+      expect(permit.issuer).toBe(bobAccount.address);
+      expect(permit.issuerSignature).not.toBe('0x');
+      expect(permit.sealingPair).toBeDefined();
+      expect(permit.sealingPair.publicKey).toBeDefined();
+
+      const activePermit = cofheClient.permits.getActivePermit();
+      expect(activePermit).toBeDefined();
+      expect(activePermit!.hash).toBe(permit.hash);
+    }, 30000);
+  });
+
+  describe('Sharing Permit', () => {
+    it('should create a sharing permit, export it, and import it as another user', async () => {
+      await cofheClient.connect(publicClient, bobWalletClient);
+
+      const sharingPermit = await cofheClient.permits.createSharing({
+        issuer: bobAccount.address,
+        recipient: aliceAccount.address,
+        name: 'Test Sharing Permit',
+      });
+
+      expect(sharingPermit).toBeDefined();
+      expect(sharingPermit.type).toBe('sharing');
+      expect(sharingPermit.issuer).toBe(bobAccount.address);
+      expect(sharingPermit.recipient).toBe(aliceAccount.address);
+      expect(sharingPermit.issuerSignature).not.toBe('0x');
+
+      const exported = cofheClient.permits.export(sharingPermit);
+      expect(exported).toBeDefined();
+      const parsed = JSON.parse(exported);
+      expect(parsed.type).toBe('sharing');
+      expect(parsed.issuer).toBe(bobAccount.address);
+      expect(parsed.recipient).toBe(aliceAccount.address);
+      expect(parsed.issuerSignature).toBeDefined();
+      expect(parsed).not.toHaveProperty('sealingPair');
+
+      const aliceConfig = createCofheConfig({
+        supportedChains: [cofheArbSepolia],
+      });
+      const aliceClient = createCofheClient(aliceConfig);
+      await aliceClient.connect(publicClient, aliceWalletClient);
+
+      const importedPermit = await aliceClient.permits.importShared(exported);
+
+      expect(importedPermit).toBeDefined();
+      expect(importedPermit.type).toBe('recipient');
+      expect(importedPermit.issuer).toBe(bobAccount.address);
+      expect(importedPermit.recipient).toBe(aliceAccount.address);
+      expect(importedPermit.recipientSignature).not.toBe('0x');
+      expect(importedPermit.sealingPair).toBeDefined();
+    }, 30000);
+  });
+
+  describe('Decrypt (read-only, pre-stored values)', () => {
+    let decryptClient: CofheClient;
+    let decryptPublicClient: PublicClient;
+    let decryptWalletClient: WalletClient;
+
+    let privateCtHash: `0x${string}`;
+    let privateValue: bigint;
+    let publicCtHash: `0x${string}`;
+    let publicValue: bigint;
+
+    beforeAll(() => {
+      if (!isPrimaryTestChainReady(primaryTestChainRegistry)) {
+        throw new Error('Primary test chain registry not initialized. Run `pnpm test:setup` first.');
+      }
+
+      const reg = primaryTestChainRegistry;
+      const viemChain = VIEM_CHAINS[reg.chainId];
+      if (!viemChain) throw new Error(`No viem chain mapping for chain ${reg.chainId}`);
+
+      const cofheChain = getChainById(reg.chainId);
+      if (!cofheChain) throw new Error(`No cofhe chain config for chain ${reg.chainId}`);
+
+      privateCtHash = reg.privateValue.ctHash as `0x${string}`;
+      privateValue = BigInt(reg.privateValue.value);
+      publicCtHash = reg.publicValue.ctHash as `0x${string}`;
+      publicValue = BigInt(reg.publicValue.value);
+
+      decryptPublicClient = createPublicClient({ chain: viemChain, transport: http() });
+      decryptWalletClient = createWalletClient({ chain: viemChain, transport: http(), account: bobAccount });
+
+      const config = createCofheConfig({ supportedChains: [cofheChain] });
+      decryptClient = createCofheClient(config);
+    });
+
+    it('decryptForView — private value with permit', async () => {
+      await decryptClient.connect(decryptPublicClient, decryptWalletClient);
+
+      await decryptClient.permits.createSelf({
+        issuer: bobAccount.address,
+        name: 'Decrypt View Permit',
+      });
+
+      const result = await decryptClient.decryptForView(privateCtHash, FheTypes.Uint32).execute();
+      expect(result).toBe(privateValue);
+    }, 180000);
+
+    it('decryptForTx — public value without permit', async () => {
+      await decryptClient.connect(decryptPublicClient, decryptWalletClient);
+
+      const result = await decryptClient.decryptForTx(publicCtHash).withoutPermit().execute();
+
+      expect(BigInt(result.ctHash)).toBe(BigInt(publicCtHash));
+      expect(result.decryptedValue).toBe(publicValue);
+      expect(result.signature).toMatch(/^0x[0-9a-fA-F]+$/);
+    }, 180000);
+
+    it('decryptForTx — private value with permit', async () => {
+      await decryptClient.connect(decryptPublicClient, decryptWalletClient);
+
+      const permit = await decryptClient.permits.createSelf({
+        issuer: bobAccount.address,
+        name: 'Decrypt Tx Permit',
+      });
+
+      const result = await decryptClient.decryptForTx(privateCtHash).withPermit(permit).execute();
+
+      expect(BigInt(result.ctHash)).toBe(BigInt(privateCtHash));
+      expect(result.decryptedValue).toBe(privateValue);
+      expect(result.signature).toBeDefined();
+    }, 180000);
+  });
+});

package/node/test/tfheinit.test.ts

@@ -0,0 +1,56 @@
+import { Encryptable, type CofheClient } from '@/core';
+import { arbSepolia as cofheArbSepolia } from '@/chains';
+
+import { describe, it, expect, beforeAll, beforeEach } from 'vitest';
+import type { PublicClient, WalletClient } from 'viem';
+import { createPublicClient, createWalletClient, http } from 'viem';
+import { privateKeyToAccount } from 'viem/accounts';
+import { arbitrumSepolia as viemArbitrumSepolia } from 'viem/chains';
+import { createCofheClient, createCofheConfig } from '../index.js';
+
+const TEST_PRIVATE_KEY = '0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80';
+
+describe('@cofhe/node - TFHE Initialization Tests', () => {
+  let cofheClient: CofheClient;
+  let publicClient: PublicClient;
+  let walletClient: WalletClient;
+
+  beforeAll(() => {
+    publicClient = createPublicClient({
+      chain: viemArbitrumSepolia,
+      transport: http(),
+    });
+
+    const account = privateKeyToAccount(TEST_PRIVATE_KEY);
+    walletClient = createWalletClient({
+      chain: viemArbitrumSepolia,
+      transport: http(),
+      account,
+    });
+  });
+
+  beforeEach(() => {
+    const config = createCofheConfig({
+      supportedChains: [cofheArbSepolia],
+    });
+    cofheClient = createCofheClient(config);
+  });
+
+  describe('Node TFHE Initialization', () => {
+    it('should initialize node-tfhe on first encryption', async () => {
+      await cofheClient.connect(publicClient, walletClient);
+
+      const result = await cofheClient.encryptInputs([Encryptable.uint128(100n)]).execute();
+
+      expect(result).toBeDefined();
+    }, 60000);
+
+    it('should handle multiple encryptions without re-initializing', async () => {
+      await cofheClient.connect(publicClient, walletClient);
+
+      await cofheClient.encryptInputs([Encryptable.uint128(100n)]).execute();
+
+      await cofheClient.encryptInputs([Encryptable.uint64(50n)]).execute();
+    }, 120000);
+  });
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cofhe/sdk",
-  "version": "0.4.0",
+  "version": "0.5.0",
   "type": "module",
   "description": "SDK for Fhenix COFHE coprocessor interaction",
   "main": "./dist/core.cjs",
@@ -57,14 +57,14 @@
     "CHANGELOG.md"
   ],
   "dependencies": {
-    "iframe-shared-storage": "^1.0.34",
-    "immer": "^10.1.1",
-    "node-tfhe": "0.11.1",
-    "tfhe": "0.11.1",
-    "tweetnacl": "^1.0.3",
-    "viem": "^2.38.6",
-    "zod": "^4.0.0",
-    "zustand": "^5.0.1"
+    "iframe-shared-storage": "1.0.34",
+    "immer": "10.1.1",
+    "node-tfhe": "1.5.3",
+    "tfhe": "1.5.3",
+    "tweetnacl": "1.0.3",
+    "viem": "2.38.6",
+    "zod": "4.0.0",
+    "zustand": "5.0.1"
   },
   "peerDependencies": {
     "@nomicfoundation/hardhat-ethers": "^3.0.0",
@@ -88,24 +88,26 @@
     }
   },
   "devDependencies": {
-    "@nomicfoundation/hardhat-ethers": "^3.0.0",
-    "@types/node": "^20.0.0",
-    "@vitest/browser": "^3.0.0",
-    "@vitest/coverage-v8": "^3.0.0",
-    "eslint": "^8.57.0",
-    "ethers5": "npm:ethers@^5.7.2",
-    "ethers6": "npm:ethers@^6.13.0",
-    "happy-dom": "^15.0.0",
-    "hardhat": "^2.19.0",
-    "playwright": "^1.55.0",
-    "tsup": "^8.0.2",
+    "@nomicfoundation/hardhat-ethers": "3.1.0",
+    "@types/node": "20.19.15",
+    "@vitest/browser": "3.2.4",
+    "@vitest/coverage-v8": "3.2.4",
+    "eslint": "8.57.1",
+    "ethers5": "npm:ethers@5.8.0",
+    "ethers6": "npm:ethers@6.15.0",
+    "happy-dom": "15.11.7",
+    "hardhat": "2.26.3",
+    "playwright": "1.55.0",
+    "tsup": "8.0.2",
     "typescript": "5.5.4",
-    "vitest": "^3.0.0",
+    "vitest": "3.2.4",
+    "@cofhe/test-setup": "0.0.0",
     "@cofhe/eslint-config": "0.2.1",
     "@cofhe/tsconfig": "0.1.2"
   },
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
   },
   "scripts": {
     "build": "tsup",