@cofhe/sdk 0.5.1 → 0.6.0

package/dist/core.d.cts

@@ -1,5 +1,5 @@
-import { a as CofheConfig, c as CofheClientParams, b as CofheClient, d as CofheClientConnectionState, F as FheTypes } from './clientTypes-BSbwairE.cjs';
-export { h as CofheClientPermits, C as CofheInputConfig, f as CofheInternalConfig, G as DecryptEndpoint, $ as DecryptForTxBuilder, a0 as DecryptForTxResult, _ as DecryptForViewBuilder, B as DecryptPollCallbackContext, D as DecryptPollCallbackFunction, Z as EncryptInputsBuilder, H as EncryptSetStateFn, Q as EncryptStep, J as EncryptStepCallbackContext, N as Encryptable, o as EncryptableAddress, i as EncryptableBool, E as EncryptableItem, z as EncryptableToEncryptedItemInputMap, n as EncryptableUint128, k as EncryptableUint16, l as EncryptableUint32, m as EncryptableUint64, j as EncryptableUint8, x as EncryptedAddressInput, r as EncryptedBoolInput, q as EncryptedItemInput, y as EncryptedItemInputs, p as EncryptedNumber, w as EncryptedUint128Input, t as EncryptedUint16Input, u as EncryptedUint32Input, v as EncryptedUint64Input, s as EncryptedUint8Input, M as FheAllUTypes, V as FheKeyDeserializer, A as FheTypeValue, K as FheUintUTypes, I as IStorage, X as KeysStorage, Y as KeysStore, L as LiteralToPrimitive, P as Primitive, U as UnsealedItem, a1 as ZkBuilderAndCrsGenerator, a2 as ZkProveWorkerFunction, a3 as ZkProveWorkerRequest, a4 as ZkProveWorkerResponse, S as assertCorrectEncryptedItemInput, e as createCofheConfigBase, W as createKeysStore, T as fetchKeys, g as getCofheConfigItem, O as isEncryptableItem, R as isLastEncryptionStep, a5 as zkProveWithWorker } from './clientTypes-BSbwairE.cjs';
+import { a as CofheConfig, c as CofheClientParams, b as CofheClient, d as CofheClientConnectionState, F as FheTypes } from './clientTypes-BDy1qIBu.cjs';
+export { O as AnyExternalHash, h as CofheClientPermits, C as CofheInputConfig, f as CofheInternalConfig, W as DecryptEndpoint, ab as DecryptForTxBuilder, ac as DecryptForTxResult, aa as DecryptForViewBuilder, V as DecryptPollCallbackContext, T as DecryptPollCallbackFunction, a9 as EncryptInputsBuilder, X as EncryptSetStateFn, a1 as EncryptStep, Y as EncryptStepCallbackContext, $ as Encryptable, o as EncryptableAddress, i as EncryptableBool, E as EncryptableItem, z as EncryptableToEncryptedItemInputMap, Q as EncryptableToExternalHashMap, n as EncryptableUint128, k as EncryptableUint16, l as EncryptableUint32, m as EncryptableUint64, j as EncryptableUint8, x as EncryptedAddressInput, r as EncryptedBoolInput, q as EncryptedItemInput, y as EncryptedItemInputs, p as EncryptedNumber, w as EncryptedUint128Input, t as EncryptedUint16Input, u as EncryptedUint32Input, v as EncryptedUint64Input, s as EncryptedUint8Input, M as ExternalAddressHash, B as ExternalBoolHash, N as ExternalHashProof, R as ExternalItemHashes, K as ExternalUint128Hash, G as ExternalUint16Hash, H as ExternalUint32Hash, J as ExternalUint64Hash, D as ExternalUint8Hash, _ as FheAllUTypes, a5 as FheKeyDeserializer, A as FheTypeValue, Z as FheUintUTypes, S as HashPlusProofResult, I as IStorage, a7 as KeysStorage, a8 as KeysStore, L as LiteralToPrimitive, P as Primitive, U as UnsealedItem, ad as ZkBuilderAndCrsGenerator, ae as ZkProveWorkerFunction, af as ZkProveWorkerRequest, ag as ZkProveWorkerResponse, a3 as assertCorrectEncryptedItemInput, e as createCofheConfigBase, a6 as createKeysStore, a4 as fetchKeys, g as getCofheConfigItem, a0 as isEncryptableItem, a2 as isLastEncryptionStep, ah as zkProveWithWorker } from './clientTypes-BDy1qIBu.cjs';
 import { Hex, PublicClient } from 'viem';
 import './types-C07FK-cL.cjs';
 import 'zod';
@@ -106,8 +106,6 @@ declare const TASK_MANAGER_ADDRESS: "0xeA30c4B8b44078Bbf8a6ef5b9f1eC1626C7848D9"
 declare const MOCKS_ZK_VERIFIER_ADDRESS: "0x0000000000000000000000000000000000005001";
 /** Mock Threshold Network contract address (used for testing) */
 declare const MOCKS_THRESHOLD_NETWORK_ADDRESS: "0x0000000000000000000000000000000000005002";
-/** Test Bed contract address (used for testing) */
-declare const TEST_BED_ADDRESS: "0x0000000000000000000000000000000000005003";
 /** Private key for the Mock ZK Verifier signer account */
 declare const MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY: "0x6C8D7F768A6BB4AAFE85E8A2F5A9680355239C7E14646ED62B044E39DE154512";
 /** Address for the Mock ZK Verifier signer account */
@@ -139,4 +137,4 @@ declare function verifyDecryptResult(handle: bigint | string, cleartext: bigint,
  */
 declare function fheTypeToString(utype: FheTypes): string;
 
-export { InitialConnectStore as CONNECT_STORE_DEFAULTS, CofheClient, CofheClientConnectionState, CofheClientParams, CofheConfig, CofheError, CofheErrorCode, type CofheErrorParams, FheTypes, MOCKS_DECRYPT_RESULT_SIGNER_PRIVATE_KEY, MOCKS_THRESHOLD_NETWORK_ADDRESS, MOCKS_ZK_VERIFIER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY, TASK_MANAGER_ADDRESS, TEST_BED_ADDRESS, TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT, TFHE_RS_ZK_MAX_BITS, createCofheClientBase, fheTypeToString, isCofheError, verifyDecryptResult };
+export { InitialConnectStore as CONNECT_STORE_DEFAULTS, CofheClient, CofheClientConnectionState, CofheClientParams, CofheConfig, CofheError, CofheErrorCode, type CofheErrorParams, FheTypes, MOCKS_DECRYPT_RESULT_SIGNER_PRIVATE_KEY, MOCKS_THRESHOLD_NETWORK_ADDRESS, MOCKS_ZK_VERIFIER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY, TASK_MANAGER_ADDRESS, TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT, TFHE_RS_ZK_MAX_BITS, createCofheClientBase, fheTypeToString, isCofheError, verifyDecryptResult };

package/dist/core.d.ts

@@ -1,5 +1,5 @@
-import { a as CofheConfig, c as CofheClientParams, b as CofheClient, d as CofheClientConnectionState, F as FheTypes } from './clientTypes-DDmcgZ0a.js';
-export { h as CofheClientPermits, C as CofheInputConfig, f as CofheInternalConfig, G as DecryptEndpoint, $ as DecryptForTxBuilder, a0 as DecryptForTxResult, _ as DecryptForViewBuilder, B as DecryptPollCallbackContext, D as DecryptPollCallbackFunction, Z as EncryptInputsBuilder, H as EncryptSetStateFn, Q as EncryptStep, J as EncryptStepCallbackContext, N as Encryptable, o as EncryptableAddress, i as EncryptableBool, E as EncryptableItem, z as EncryptableToEncryptedItemInputMap, n as EncryptableUint128, k as EncryptableUint16, l as EncryptableUint32, m as EncryptableUint64, j as EncryptableUint8, x as EncryptedAddressInput, r as EncryptedBoolInput, q as EncryptedItemInput, y as EncryptedItemInputs, p as EncryptedNumber, w as EncryptedUint128Input, t as EncryptedUint16Input, u as EncryptedUint32Input, v as EncryptedUint64Input, s as EncryptedUint8Input, M as FheAllUTypes, V as FheKeyDeserializer, A as FheTypeValue, K as FheUintUTypes, I as IStorage, X as KeysStorage, Y as KeysStore, L as LiteralToPrimitive, P as Primitive, U as UnsealedItem, a1 as ZkBuilderAndCrsGenerator, a2 as ZkProveWorkerFunction, a3 as ZkProveWorkerRequest, a4 as ZkProveWorkerResponse, S as assertCorrectEncryptedItemInput, e as createCofheConfigBase, W as createKeysStore, T as fetchKeys, g as getCofheConfigItem, O as isEncryptableItem, R as isLastEncryptionStep, a5 as zkProveWithWorker } from './clientTypes-DDmcgZ0a.js';
+import { a as CofheConfig, c as CofheClientParams, b as CofheClient, d as CofheClientConnectionState, F as FheTypes } from './clientTypes-CyUvRRzA.js';
+export { O as AnyExternalHash, h as CofheClientPermits, C as CofheInputConfig, f as CofheInternalConfig, W as DecryptEndpoint, ab as DecryptForTxBuilder, ac as DecryptForTxResult, aa as DecryptForViewBuilder, V as DecryptPollCallbackContext, T as DecryptPollCallbackFunction, a9 as EncryptInputsBuilder, X as EncryptSetStateFn, a1 as EncryptStep, Y as EncryptStepCallbackContext, $ as Encryptable, o as EncryptableAddress, i as EncryptableBool, E as EncryptableItem, z as EncryptableToEncryptedItemInputMap, Q as EncryptableToExternalHashMap, n as EncryptableUint128, k as EncryptableUint16, l as EncryptableUint32, m as EncryptableUint64, j as EncryptableUint8, x as EncryptedAddressInput, r as EncryptedBoolInput, q as EncryptedItemInput, y as EncryptedItemInputs, p as EncryptedNumber, w as EncryptedUint128Input, t as EncryptedUint16Input, u as EncryptedUint32Input, v as EncryptedUint64Input, s as EncryptedUint8Input, M as ExternalAddressHash, B as ExternalBoolHash, N as ExternalHashProof, R as ExternalItemHashes, K as ExternalUint128Hash, G as ExternalUint16Hash, H as ExternalUint32Hash, J as ExternalUint64Hash, D as ExternalUint8Hash, _ as FheAllUTypes, a5 as FheKeyDeserializer, A as FheTypeValue, Z as FheUintUTypes, S as HashPlusProofResult, I as IStorage, a7 as KeysStorage, a8 as KeysStore, L as LiteralToPrimitive, P as Primitive, U as UnsealedItem, ad as ZkBuilderAndCrsGenerator, ae as ZkProveWorkerFunction, af as ZkProveWorkerRequest, ag as ZkProveWorkerResponse, a3 as assertCorrectEncryptedItemInput, e as createCofheConfigBase, a6 as createKeysStore, a4 as fetchKeys, g as getCofheConfigItem, a0 as isEncryptableItem, a2 as isLastEncryptionStep, ah as zkProveWithWorker } from './clientTypes-CyUvRRzA.js';
 import { Hex, PublicClient } from 'viem';
 import './types-C07FK-cL.js';
 import 'zod';
@@ -106,8 +106,6 @@ declare const TASK_MANAGER_ADDRESS: "0xeA30c4B8b44078Bbf8a6ef5b9f1eC1626C7848D9"
 declare const MOCKS_ZK_VERIFIER_ADDRESS: "0x0000000000000000000000000000000000005001";
 /** Mock Threshold Network contract address (used for testing) */
 declare const MOCKS_THRESHOLD_NETWORK_ADDRESS: "0x0000000000000000000000000000000000005002";
-/** Test Bed contract address (used for testing) */
-declare const TEST_BED_ADDRESS: "0x0000000000000000000000000000000000005003";
 /** Private key for the Mock ZK Verifier signer account */
 declare const MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY: "0x6C8D7F768A6BB4AAFE85E8A2F5A9680355239C7E14646ED62B044E39DE154512";
 /** Address for the Mock ZK Verifier signer account */
@@ -139,4 +137,4 @@ declare function verifyDecryptResult(handle: bigint | string, cleartext: bigint,
  */
 declare function fheTypeToString(utype: FheTypes): string;
 
-export { InitialConnectStore as CONNECT_STORE_DEFAULTS, CofheClient, CofheClientConnectionState, CofheClientParams, CofheConfig, CofheError, CofheErrorCode, type CofheErrorParams, FheTypes, MOCKS_DECRYPT_RESULT_SIGNER_PRIVATE_KEY, MOCKS_THRESHOLD_NETWORK_ADDRESS, MOCKS_ZK_VERIFIER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY, TASK_MANAGER_ADDRESS, TEST_BED_ADDRESS, TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT, TFHE_RS_ZK_MAX_BITS, createCofheClientBase, fheTypeToString, isCofheError, verifyDecryptResult };
+export { InitialConnectStore as CONNECT_STORE_DEFAULTS, CofheClient, CofheClientConnectionState, CofheClientParams, CofheConfig, CofheError, CofheErrorCode, type CofheErrorParams, FheTypes, MOCKS_DECRYPT_RESULT_SIGNER_PRIVATE_KEY, MOCKS_THRESHOLD_NETWORK_ADDRESS, MOCKS_ZK_VERIFIER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY, TASK_MANAGER_ADDRESS, TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT, TFHE_RS_ZK_MAX_BITS, createCofheClientBase, fheTypeToString, isCofheError, verifyDecryptResult };

package/dist/core.js

@@ -1,4 +1,4 @@
-export { InitialConnectStore as CONNECT_STORE_DEFAULTS, CofheError, CofheErrorCode, DecryptForTxBuilder, DecryptForViewBuilder, EncryptInputsBuilder, EncryptStep, Encryptable, FheAllUTypes, FheTypes, FheUintUTypes, assertCorrectEncryptedItemInput, createCofheClientBase, createCofheConfigBase, createKeysStore, fetchKeys, fheTypeToString, getCofheConfigItem, isCofheError, isEncryptableItem, isLastEncryptionStep, verifyDecryptResult, zkProveWithWorker } from './chunk-S7OKGLFD.js';
-import './chunk-TBLR7NNE.js';
-import './chunk-MRCKUMOS.js';
-export { MOCKS_DECRYPT_RESULT_SIGNER_PRIVATE_KEY, MOCKS_THRESHOLD_NETWORK_ADDRESS, MOCKS_ZK_VERIFIER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY, TASK_MANAGER_ADDRESS, TEST_BED_ADDRESS, TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT, TFHE_RS_ZK_MAX_BITS } from './chunk-4FP4V35O.js';
+export { InitialConnectStore as CONNECT_STORE_DEFAULTS, CofheError, CofheErrorCode, DecryptForTxBuilder, DecryptForViewBuilder, EncryptInputsBuilder, EncryptStep, Encryptable, FheAllUTypes, FheTypes, FheUintUTypes, assertCorrectEncryptedItemInput, createCofheClientBase, createCofheConfigBase, createKeysStore, fetchKeys, fheTypeToString, getCofheConfigItem, isCofheError, isEncryptableItem, isLastEncryptionStep, verifyDecryptResult, zkProveWithWorker } from './chunk-PE5V5CCV.js';
+import './chunk-MTRAXQXC.js';
+import './chunk-VB62WYPL.js';
+export { MOCKS_DECRYPT_RESULT_SIGNER_PRIVATE_KEY, MOCKS_THRESHOLD_NETWORK_ADDRESS, MOCKS_ZK_VERIFIER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_ADDRESS, MOCKS_ZK_VERIFIER_SIGNER_PRIVATE_KEY, TASK_MANAGER_ADDRESS, TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT, TFHE_RS_ZK_MAX_BITS } from './chunk-ESMZCFJY.js';

package/dist/node.cjs

@@ -358,7 +358,7 @@ var zkVerify = async (verifierUrl, serializedBytes, address, securityZone, chain
   }
 };
 var concatSigRecid = (signature, recid) => {
-  return signature + (recid + 27).toString(16).padStart(2, "0");
+  return `${signature}${(recid + 27).toString(16).padStart(2, "0")}`;
 };
 
 // core/encrypt/MockZkVerifierAbi.ts
@@ -690,9 +690,9 @@ var hardhat2 = defineChain({
   name: "Hardhat",
   network: "localhost",
   // These are unused in the mock environment
-  coFheUrl: "http://127.0.0.1:8448",
-  verifierUrl: "http://127.0.0.1:3001",
-  thresholdNetworkUrl: "http://127.0.0.1:3000",
+  coFheUrl: "http://ignored-in-mock-environment",
+  verifierUrl: "http://ignored-in-mock-environment",
+  thresholdNetworkUrl: "http://ignored-in-mock-environment",
   environment: "MOCK"
 });
 var CofheConfigSchema = zod.z.object({
@@ -1078,6 +1078,7 @@ var EncryptInputsBuilder = class extends BaseBuilder {
   securityZone;
   stepCallback;
   inputItems;
+  hpp = false;
   zkvWalletClient;
   tfhePublicKeyDeserializer;
   compactPkeCrsDeserializer;
@@ -1207,6 +1208,20 @@ var EncryptInputsBuilder = class extends BaseBuilder {
   getSecurityZone() {
     return this.securityZone;
   }
+  /**
+   * Example:
+   * ```typescript
+   * const encrypted = await encryptInputs([Encryptable.uint128(10n)])
+   *   .asHashPlusProof()
+   *   .execute();
+   * ```
+   *
+   * @returns Chainable EncryptInputsBuilder instance that will return a HashPlusProofResult instead of an array of EncryptedItemInputs.
+   */
+  asHashPlusProof() {
+    this.hpp = true;
+    return this;
+  }
   /**
    * @param useWorker - Whether to use Web Workers for ZK proof generation.
    *
@@ -1488,6 +1503,15 @@ var EncryptInputsBuilder = class extends BaseBuilder {
     this.fireStepEnd("verify" /* Verify */);
     return encryptedInputs;
   }
+  structsToHashPlusProof(inItems) {
+    let hashes = [];
+    let proof = "";
+    for (const item of inItems) {
+      hashes.push("0x" + item.ctHash.toString(16).padStart(64, "0"));
+      proof += item.signature;
+    }
+    return [...hashes, proof];
+  }
   /**
    * Final step of the encryption process. MUST BE CALLED LAST IN THE CHAIN.
    *
@@ -1508,9 +1532,14 @@ var EncryptInputsBuilder = class extends BaseBuilder {
    * @returns The encrypted inputs.
    */
   async execute() {
+    let items;
     if (this.chainId === chains.hardhat.id)
-      return this.mocksExecute();
-    return this.productionExecute();
+      items = await this.mocksExecute();
+    else
+      items = await this.productionExecute();
+    if (this.hpp)
+      return this.structsToHashPlusProof(items);
+    return items;
   }
 };
 
@@ -2809,6 +2838,96 @@ function computeMinuteRampPollIntervalMs(elapsedMs, params) {
   return Math.min(params.maxIntervalMs, Math.max(params.minIntervalMs, intervalMs));
 }
 
+// core/decrypt/submitRetry.ts
+var DEFAULT_404_RETRY_TIMEOUT_MS = 1e4;
+function isRetryableSubmitStatus(status) {
+  return status === 204 || status === 404;
+}
+function normalize404RetryTimeoutMs(params) {
+  const { timeoutMs, operationLabel, errorCode } = params;
+  if (timeoutMs === void 0)
+    return DEFAULT_404_RETRY_TIMEOUT_MS;
+  if (!Number.isFinite(timeoutMs) || timeoutMs < 0) {
+    throw new CofheError({
+      code: errorCode,
+      message: `${operationLabel} submit 404 retry timeout must be a finite number greater than or equal to 0`,
+      context: {
+        timeoutMs
+      }
+    });
+  }
+  return timeoutMs;
+}
+async function classifySubmitResponse(params) {
+  const { response, extractErrorMessage } = params;
+  if (isRetryableSubmitStatus(response.status)) {
+    return { kind: "retryable", status: response.status };
+  }
+  if (response.ok) {
+    return { kind: "parse-json" };
+  }
+  let errorMessage = `HTTP ${response.status}`;
+  try {
+    const errorBody = await response.json();
+    const maybeErrorMessage = extractErrorMessage?.(errorBody);
+    if (typeof maybeErrorMessage === "string" && maybeErrorMessage.length > 0) {
+      errorMessage = maybeErrorMessage;
+    } else if (errorBody && typeof errorBody === "object") {
+      const defaultMessage = errorBody.error_message;
+      const fallbackMessage = errorBody.message;
+      if (typeof defaultMessage === "string" && defaultMessage.length > 0) {
+        errorMessage = defaultMessage;
+      } else if (typeof fallbackMessage === "string" && fallbackMessage.length > 0) {
+        errorMessage = fallbackMessage;
+      }
+    }
+  } catch {
+    errorMessage = response.statusText || errorMessage;
+  }
+  return { kind: "fatal-http", errorMessage };
+}
+function throwIfSubmitRetryTimedOut(params) {
+  const {
+    operationLabel,
+    errorCode,
+    status,
+    elapsedMs,
+    retry404TimeoutMs,
+    overallTimeoutMs,
+    thresholdNetworkUrl,
+    body,
+    attemptIndex
+  } = params;
+  if (status === 404 && elapsedMs > retry404TimeoutMs) {
+    throw new CofheError({
+      code: errorCode,
+      message: `${operationLabel} submit retried 404 responses without receiving request_id for ${retry404TimeoutMs}ms`,
+      hint: "The ciphertext may not be indexed yet. Increase set404RetryTimeout(...) if the backend is slow to index ciphertexts.",
+      context: {
+        thresholdNetworkUrl,
+        body,
+        attemptIndex,
+        timeoutMs: retry404TimeoutMs,
+        status
+      }
+    });
+  }
+  if (elapsedMs > overallTimeoutMs) {
+    throw new CofheError({
+      code: errorCode,
+      message: `${operationLabel} submit retried without receiving request_id for ${overallTimeoutMs}ms`,
+      hint: "The ciphertext may still be propagating. Try again later.",
+      context: {
+        thresholdNetworkUrl,
+        body,
+        attemptIndex,
+        timeoutMs: overallTimeoutMs,
+        status
+      }
+    });
+  }
+}
+
 // core/decrypt/tnSealOutputV2.ts
 var POLL_INTERVAL_MS = 1e3;
 var POLL_MAX_INTERVAL_MS = 1e4;
@@ -2870,7 +2989,7 @@ function parseCompletedSealOutputResponse(params) {
   }
   return convertSealedData(sealed);
 }
-async function submitSealOutputRequest(thresholdNetworkUrl, ctHash, chainId, permission, overallStartTime, onPoll) {
+async function submitSealOutputRequest(thresholdNetworkUrl, ctHash, chainId, permission, overallStartTime, retry404TimeoutMs, onPoll) {
   const body = {
     ct_tempkey: BigInt(ctHash).toString(16).padStart(64, "0"),
     host_chain_id: chainId,
@@ -2900,17 +3019,11 @@ async function submitSealOutputRequest(thresholdNetworkUrl, ctHash, chainId, per
         }
       });
     }
-    if (!response.ok) {
-      let errorMessage = `HTTP ${response.status}`;
-      try {
-        const errorBody = await response.json();
-        errorMessage = errorBody.error_message || errorBody.message || errorMessage;
-      } catch {
-        errorMessage = response.statusText || errorMessage;
-      }
+    const responseClassification = await classifySubmitResponse({ response });
+    if (responseClassification.kind === "fatal-http") {
       throw new CofheError({
         code: "SEAL_OUTPUT_FAILED" /* SealOutputFailed */,
-        message: `sealOutput request failed: ${errorMessage}`,
+        message: `sealOutput request failed: ${responseClassification.errorMessage}`,
         hint: "Check the threshold network URL and request parameters.",
         context: {
           thresholdNetworkUrl,
@@ -2921,8 +3034,8 @@ async function submitSealOutputRequest(thresholdNetworkUrl, ctHash, chainId, per
         }
       });
     }
-    let submitResponse;
-    if (response.status !== 204) {
+    if (responseClassification.kind === "parse-json") {
+      let submitResponse;
       try {
         submitResponse = await response.json();
       } catch (e) {
@@ -2950,46 +3063,39 @@ async function submitSealOutputRequest(thresholdNetworkUrl, ctHash, chainId, per
       if (submitResponse.request_id) {
         return { kind: "request_id", requestId: submitResponse.request_id };
       }
-    }
-    if (response.status === 204) {
-      const elapsedMs = Date.now() - overallStartTime;
-      if (elapsedMs > SEAL_OUTPUT_TIMEOUT_MS) {
-        throw new CofheError({
-          code: "SEAL_OUTPUT_FAILED" /* SealOutputFailed */,
-          message: `sealOutput submit retried without receiving request_id for ${SEAL_OUTPUT_TIMEOUT_MS}ms`,
-          hint: "The ciphertext may still be propagating. Try again later.",
-          context: {
-            thresholdNetworkUrl,
-            body,
-            attemptIndex,
-            timeoutMs: SEAL_OUTPUT_TIMEOUT_MS,
-            submitResponse,
-            status: response.status
-          }
-        });
-      }
-      onPoll?.({
-        operation: "sealoutput",
-        requestId: "",
-        attemptIndex,
-        elapsedMs,
-        intervalMs: SUBMIT_RETRY_INTERVAL_MS,
-        timeoutMs: SEAL_OUTPUT_TIMEOUT_MS
+      throw new CofheError({
+        code: "SEAL_OUTPUT_FAILED" /* SealOutputFailed */,
+        message: `sealOutput submit response missing request_id`,
+        context: {
+          thresholdNetworkUrl,
+          body,
+          submitResponse,
+          attemptIndex
+        }
       });
-      await new Promise((resolve) => setTimeout(resolve, SUBMIT_RETRY_INTERVAL_MS));
-      attemptIndex += 1;
-      continue;
     }
-    throw new CofheError({
-      code: "SEAL_OUTPUT_FAILED" /* SealOutputFailed */,
-      message: `sealOutput submit response missing request_id`,
-      context: {
-        thresholdNetworkUrl,
-        body,
-        submitResponse,
-        attemptIndex
-      }
+    const elapsedMs = Date.now() - overallStartTime;
+    throwIfSubmitRetryTimedOut({
+      operationLabel: "sealOutput",
+      errorCode: "SEAL_OUTPUT_FAILED" /* SealOutputFailed */,
+      status: responseClassification.status,
+      elapsedMs,
+      retry404TimeoutMs,
+      overallTimeoutMs: SEAL_OUTPUT_TIMEOUT_MS,
+      thresholdNetworkUrl,
+      body,
+      attemptIndex
     });
+    onPoll?.({
+      operation: "sealoutput",
+      requestId: "",
+      attemptIndex,
+      elapsedMs,
+      intervalMs: SUBMIT_RETRY_INTERVAL_MS,
+      timeoutMs: SEAL_OUTPUT_TIMEOUT_MS
+    });
+    await new Promise((resolve) => setTimeout(resolve, SUBMIT_RETRY_INTERVAL_MS));
+    attemptIndex += 1;
   }
 }
 async function pollSealOutputStatus(thresholdNetworkUrl, requestId, overallStartTime, onPoll) {
@@ -3104,7 +3210,12 @@ async function pollSealOutputStatus(thresholdNetworkUrl, requestId, overallStart
   });
 }
 async function tnSealOutputV2(params) {
-  const { thresholdNetworkUrl, ctHash, chainId, permission, onPoll } = params;
+  const { thresholdNetworkUrl, ctHash, chainId, permission, retry404TimeoutMs, onPoll } = params;
+  const normalized404RetryTimeoutMs = normalize404RetryTimeoutMs({
+    timeoutMs: retry404TimeoutMs,
+    operationLabel: "sealOutput",
+    errorCode: "SEAL_OUTPUT_FAILED" /* SealOutputFailed */
+  });
   const overallStartTime = Date.now();
   const submitResult = await submitSealOutputRequest(
     thresholdNetworkUrl,
@@ -3112,6 +3223,7 @@ async function tnSealOutputV2(params) {
     chainId,
     permission,
     overallStartTime,
+    normalized404RetryTimeoutMs,
     onPoll
   );
   if (submitResult.kind === "completed") {
@@ -3121,12 +3233,14 @@ async function tnSealOutputV2(params) {
 }
 
 // core/decrypt/decryptForViewBuilder.ts
+var DEFAULT_404_RETRY_TIMEOUT_MS2 = 1e4;
 var DecryptForViewBuilder = class extends BaseBuilder {
   ctHash;
   utype;
   permitHash;
   permit;
   pollCallback;
+  retry404TimeoutMs = DEFAULT_404_RETRY_TIMEOUT_MS2;
   constructor(params) {
     super({
       config: params.config,
@@ -3187,6 +3301,19 @@ var DecryptForViewBuilder = class extends BaseBuilder {
     this.pollCallback = callback;
     return this;
   }
+  set404RetryTimeout(timeoutMs) {
+    if (!Number.isFinite(timeoutMs) || timeoutMs < 0) {
+      throw new CofheError({
+        code: "INTERNAL_ERROR" /* InternalError */,
+        message: "decryptForView: set404RetryTimeout(timeoutMs) expects a finite number greater than or equal to 0.",
+        context: {
+          timeoutMs
+        }
+      });
+    }
+    this.retry404TimeoutMs = timeoutMs;
+    return this;
+  }
   withPermit(permitOrPermitHash) {
     if (typeof permitOrPermitHash === "string") {
       this.permitHash = permitOrPermitHash;
@@ -3315,6 +3442,7 @@ var DecryptForViewBuilder = class extends BaseBuilder {
       chainId: this.chainId,
       permission,
       thresholdNetworkUrl,
+      retry404TimeoutMs: this.retry404TimeoutMs,
       onPoll: this.pollCallback
     });
     return PermitUtils.unseal(permit, sealed);
@@ -3590,7 +3718,7 @@ function assertDecryptStatusResponseV2(value) {
   }
   return value;
 }
-async function submitDecryptRequestV2(thresholdNetworkUrl, ctHash, chainId, permission, overallStartTime, onPoll) {
+async function submitDecryptRequestV2(thresholdNetworkUrl, ctHash, chainId, permission, overallStartTime, retry404TimeoutMs, onPoll) {
   const body = {
     ct_tempkey: BigInt(ctHash).toString(16).padStart(64, "0"),
     host_chain_id: chainId
@@ -3622,19 +3750,11 @@ async function submitDecryptRequestV2(thresholdNetworkUrl, ctHash, chainId, perm
         }
       });
     }
-    if (!response.ok) {
-      let errorMessage = `HTTP ${response.status}`;
-      try {
-        const errorBody = await response.json();
-        const maybeMessage = errorBody.error_message || errorBody.message;
-        if (typeof maybeMessage === "string" && maybeMessage.length > 0)
-          errorMessage = maybeMessage;
-      } catch {
-        errorMessage = response.statusText || errorMessage;
-      }
+    const responseClassification = await classifySubmitResponse({ response });
+    if (responseClassification.kind === "fatal-http") {
       throw new CofheError({
         code: "DECRYPT_FAILED" /* DecryptFailed */,
-        message: `decrypt request failed: ${errorMessage}`,
+        message: `decrypt request failed: ${responseClassification.errorMessage}`,
         hint: "Check the threshold network URL and request parameters.",
         context: {
           thresholdNetworkUrl,
@@ -3645,8 +3765,8 @@ async function submitDecryptRequestV2(thresholdNetworkUrl, ctHash, chainId, perm
         }
       });
     }
-    let submitResponse;
-    if (response.status !== 204) {
+    if (responseClassification.kind === "parse-json") {
+      let submitResponse;
       let rawJson;
       try {
         rawJson = await response.json();
@@ -3676,46 +3796,39 @@ async function submitDecryptRequestV2(thresholdNetworkUrl, ctHash, chainId, perm
       if (submitResponse.request_id) {
         return { kind: "request_id", requestId: submitResponse.request_id };
       }
-    }
-    if (response.status === 204) {
-      const elapsedMs = Date.now() - overallStartTime;
-      if (elapsedMs > DECRYPT_TIMEOUT_MS) {
-        throw new CofheError({
-          code: "DECRYPT_FAILED" /* DecryptFailed */,
-          message: `decrypt submit retried without receiving request_id for ${DECRYPT_TIMEOUT_MS}ms`,
-          hint: "The ciphertext may still be propagating. Try again later.",
-          context: {
-            thresholdNetworkUrl,
-            body,
-            attemptIndex,
-            timeoutMs: DECRYPT_TIMEOUT_MS,
-            submitResponse,
-            status: response.status
-          }
-        });
-      }
-      onPoll?.({
-        operation: "decrypt",
-        requestId: "",
-        attemptIndex,
-        elapsedMs,
-        intervalMs: SUBMIT_RETRY_INTERVAL_MS2,
-        timeoutMs: DECRYPT_TIMEOUT_MS
+      throw new CofheError({
+        code: "DECRYPT_FAILED" /* DecryptFailed */,
+        message: `decrypt submit response missing request_id`,
+        context: {
+          thresholdNetworkUrl,
+          body,
+          submitResponse,
+          attemptIndex
+        }
       });
-      await new Promise((resolve) => setTimeout(resolve, SUBMIT_RETRY_INTERVAL_MS2));
-      attemptIndex += 1;
-      continue;
     }
-    throw new CofheError({
-      code: "DECRYPT_FAILED" /* DecryptFailed */,
-      message: `decrypt submit response missing request_id`,
-      context: {
-        thresholdNetworkUrl,
-        body,
-        submitResponse,
-        attemptIndex
-      }
+    const elapsedMs = Date.now() - overallStartTime;
+    throwIfSubmitRetryTimedOut({
+      operationLabel: "decrypt",
+      errorCode: "DECRYPT_FAILED" /* DecryptFailed */,
+      status: responseClassification.status,
+      elapsedMs,
+      retry404TimeoutMs,
+      overallTimeoutMs: DECRYPT_TIMEOUT_MS,
+      thresholdNetworkUrl,
+      body,
+      attemptIndex
     });
+    onPoll?.({
+      operation: "decrypt",
+      requestId: "",
+      attemptIndex,
+      elapsedMs,
+      intervalMs: SUBMIT_RETRY_INTERVAL_MS2,
+      timeoutMs: DECRYPT_TIMEOUT_MS
+    });
+    await new Promise((resolve) => setTimeout(resolve, SUBMIT_RETRY_INTERVAL_MS2));
+    attemptIndex += 1;
   }
 }
 async function pollDecryptStatusV2(thresholdNetworkUrl, requestId, overallStartTime, onPoll) {
@@ -3833,7 +3946,12 @@ async function pollDecryptStatusV2(thresholdNetworkUrl, requestId, overallStartT
   });
 }
 async function tnDecryptV2(params) {
-  const { thresholdNetworkUrl, ctHash, chainId, permission, onPoll } = params;
+  const { thresholdNetworkUrl, ctHash, chainId, permission, retry404TimeoutMs, onPoll } = params;
+  const normalized404RetryTimeoutMs = normalize404RetryTimeoutMs({
+    timeoutMs: retry404TimeoutMs,
+    operationLabel: "decrypt",
+    errorCode: "DECRYPT_FAILED" /* DecryptFailed */
+  });
   const overallStartTime = Date.now();
   const submitResult = await submitDecryptRequestV2(
     thresholdNetworkUrl,
@@ -3841,6 +3959,7 @@ async function tnDecryptV2(params) {
     chainId,
     permission,
     overallStartTime,
+    normalized404RetryTimeoutMs,
     onPoll
   );
   if (submitResult.kind === "completed") {
@@ -3850,12 +3969,14 @@ async function tnDecryptV2(params) {
 }
 
 // core/decrypt/decryptForTxBuilder.ts
+var DEFAULT_404_RETRY_TIMEOUT_MS3 = 1e4;
 var DecryptForTxBuilder = class extends BaseBuilder {
   ctHash;
   permitHash;
   permit;
   permitSelection = "unset";
   pollCallback;
+  retry404TimeoutMs = DEFAULT_404_RETRY_TIMEOUT_MS3;
   constructor(params) {
     super({
       config: params.config,
@@ -3885,6 +4006,19 @@ var DecryptForTxBuilder = class extends BaseBuilder {
     this.pollCallback = callback;
     return this;
   }
+  set404RetryTimeout(timeoutMs) {
+    if (!Number.isFinite(timeoutMs) || timeoutMs < 0) {
+      throw new CofheError({
+        code: "INTERNAL_ERROR" /* InternalError */,
+        message: "decryptForTx: set404RetryTimeout(timeoutMs) expects a finite number greater than or equal to 0.",
+        context: {
+          timeoutMs
+        }
+      });
+    }
+    this.retry404TimeoutMs = timeoutMs;
+    return this;
+  }
   withPermit(permitOrPermitHash) {
     if (this.permitSelection === "with-permit") {
       throw new CofheError({
@@ -4017,6 +4151,7 @@ var DecryptForTxBuilder = class extends BaseBuilder {
       chainId: this.chainId,
       permission,
       thresholdNetworkUrl,
+      retry404TimeoutMs: this.retry404TimeoutMs,
       onPoll: this.pollCallback
     });
     return {

package/dist/node.d.cts

@@ -1,4 +1,4 @@
-import { C as CofheInputConfig, a as CofheConfig, b as CofheClient } from './clientTypes-BSbwairE.cjs';
+import { C as CofheInputConfig, a as CofheConfig, b as CofheClient } from './clientTypes-BDy1qIBu.cjs';
 import 'viem';
 import './types-C07FK-cL.cjs';
 import 'zod';

package/dist/node.d.ts

@@ -1,4 +1,4 @@
-import { C as CofheInputConfig, a as CofheConfig, b as CofheClient } from './clientTypes-DDmcgZ0a.js';
+import { C as CofheInputConfig, a as CofheConfig, b as CofheClient } from './clientTypes-CyUvRRzA.js';
 import 'viem';
 import './types-C07FK-cL.js';
 import 'zod';

package/dist/node.js

@@ -1,7 +1,7 @@
-import { createCofheConfigBase, createCofheClientBase } from './chunk-S7OKGLFD.js';
-import './chunk-TBLR7NNE.js';
-import './chunk-MRCKUMOS.js';
-import { TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT } from './chunk-4FP4V35O.js';
+import { createCofheConfigBase, createCofheClientBase } from './chunk-PE5V5CCV.js';
+import './chunk-MTRAXQXC.js';
+import './chunk-VB62WYPL.js';
+import { TFHE_RS_SAFE_SERIALIZATION_SIZE_LIMIT } from './chunk-ESMZCFJY.js';
 import { promises } from 'fs';
 import { join } from 'path';
 import { init_panic_hook, ProvenCompactCiphertextList, CompactPkeCrs, TfheCompactPublicKey } from 'node-tfhe';