npm - @iexec-nox/nox-protocol-contracts - Versions diffs - 0.1.0-beta.9 → 0.1.0 - Mend

@iexec-nox/nox-protocol-contracts 0.1.0-beta.9 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +102 -37
package/contracts/sdk/Nox.sol +5 -4
package/contracts/shared/HandleUtils.sol +35 -0
package/contracts/shared/TypeUtils.sol +5 -33
package/package.json +11 -11

package/README.md CHANGED Viewed

@@ -1,63 +1,100 @@
-# Nox Protocol Contracts
+# Nox · nox-protocol-contracts
-Smart contracts for the Nox protocol, including on-chain access control for encrypted handles and the compute gateway for confidential operations.
+[![License](https://img.shields.io/badge/license-BUSL--1.1-blue)](./LICENSE)
+[![Docs](https://img.shields.io/badge/docs-nox--protocol-purple)](https://docs.iex.ec)
+[![Discord](https://img.shields.io/badge/chat-Discord-5865F2)](https://discord.com/invite/5TewNUnJHN)
+[![Tag](https://img.shields.io/github/v/tag/iExec-Nox/nox-protocol-contracts?label=tag)](https://github.com/iExec-Nox/nox-protocol-contracts/releases)
+[![npm](https://img.shields.io/npm/v/@iexec-nox/nox-protocol-contracts?label=npm)](https://www.npmjs.com/package/@iexec-nox/nox-protocol-contracts)
+[![codecov](https://codecov.io/gh/iExec-Nox/nox-protocol-contracts/graph/badge.svg?token=8uANxipzVv)](https://codecov.io/gh/iExec-Nox/nox-protocol-contracts)
-## What’s inside
+> Solidity contracts for the Nox protocol: manage encrypted handles, validate proofs, and trigger confidential computations.
-- `INoxCompute`: TEE compute entry point (handle validation, plaintext → encrypted conversion, arithmetic ops).
-- `Nox` SDK library: convenience wrapper for app contracts that call `NoxCompute`.
+## Table of Contents
-## Requirements
+- [Nox · nox-protocol-contracts](#nox--nox-protocol-contracts)
+    - [Table of Contents](#table-of-contents)
+    - [Overview](#overview)
+    - [Prerequisites](#prerequisites)
+    - [Getting Started](#getting-started)
+    - [Environment Variables](#environment-variables)
+    - [Testing](#testing)
+    - [Deployment](#deployment)
+    - [Verification](#verification)
+    - [Configuration notes](#configuration-notes)
+    - [Related Repositories](#related-repositories)
+    - [Contributing](#contributing)
+        - [Code style](#code-style)
+    - [License](#license)
-- Node.js version from `.nvmrc`
-- `pnpm` (see `packageManager` in `package.json`)
+## Overview
-## Setup
+**nox-protocol-contracts** is the Solidity layer of the Nox protocol. It provides:
+- **NoxCompute**: the main UUPS-upgradeable contract that manages the Access Control List (ACL) for encrypted handles, validates handle proofs issued by a trusted gateway, facilitates plaintext-to-encrypted conversions, and triggers off-chain TEE computations through event emissions.
+- **INoxCompute**: the public interface consumed by application contracts and off-chain services.
+- **Nox SDK library** (`contracts/sdk/Nox.sol`): a convenience wrapper that resolves the NoxCompute proxy address per chain and exposes typed helper functions for application contracts.
+## Prerequisites
+- Node.js >= 24 (see `.nvmrc`)
+- pnpm >= 10 (see `packageManager` in `package.json`)
+- Hardhat >= 3
+## Getting Started
 ```bash
+git clone https://github.com/iExec-Nox/nox-protocol-contracts.git
+cd nox-protocol-contracts
+# Use the correct Node version
 nvm install && nvm use
-pnpm install
-```
-## Build
+# Install dependencies
+pnpm install
-```bash
+# Build contracts
 pnpm run build
 ```
-## Test
+## Environment Variables
-```bash
-pnpm run test
-```
+| Variable            | Description                                    | Required          | Default |
+| ------------------- | ---------------------------------------------- | ----------------- | ------- |
+| `RPC_URL`           | JSON-RPC endpoint for the target network       | For remote deploy | -       |
+| `PRIVATE_KEY`       | Deployer private key                           | For remote deploy | -       |
+| `ETHERSCAN_API_KEY` | API key for contract verification on Etherscan | For verification  | -       |
-## Coverage
+## Testing
 ```bash
-pnpm run coverage
-```
+# Run all tests (unit + integration)
+pnpm run test
-## Formatting
+# Run tests with gas stats
+pnpm run test:gas
-```bash
-pnpm run format
-pnpm run format:check
+# Run coverage
+pnpm run coverage
 ```
 ## Deployment
-The default network is a local EDR simulation. For external networks, configure the required variables:
-- `RPC_URL`
-- `PRIVATE_KEY`
+The default network is a local EDR simulation. For external networks, set `RPC_URL` and `PRIVATE_KEY`:
 ```bash
+# Local deploy
 pnpm run deploy
+# Production deploy (optimizer + viaIR)
+pnpm run deploy:production
+# Upgrade an existing proxy
+pnpm run upgrade
 ```
-## Verify
+## Verification
-Verify deployed contracts on Etherscan. Requires `ETHERSCAN_API_KEY`
+Verify deployed contracts on Etherscan. Requires `ETHERSCAN_API_KEY`:
 ```bash
 pnpm run verify arbitrumSepolia --network arbitrumSepolia
@@ -65,18 +102,46 @@ pnpm run verify arbitrumSepolia --network arbitrumSepolia
 ## Configuration notes
-- Create2 salt is defined in [config/config.ts](config/config.ts).
-- Default owner addresses and KMS public keys per network are also defined in [config/config.ts](config/config.ts).
-- The SDK constants in [contracts/sdk/Nox.sol](contracts/sdk/Nox.sol) must match the deployed proxy addresses.
+- CREATE2 salt is defined in [`config/config.ts`](config/config.ts).
+- Default owner addresses and KMS public keys per network are also defined in [`config/config.ts`](config/config.ts).
+- The SDK constants in [`contracts/sdk/Nox.sol`](contracts/sdk/Nox.sol) must match the deployed proxy addresses.
+- OpenZeppelin manifest files in `.openzeppelin/` track proxy deployments.
+## Related Repositories
+| Repository                                                                      | Description                                         |
+| ------------------------------------------------------------------------------- | --------------------------------------------------- |
+| [nox-handle-sdk](https://github.com/iExec-Nox/nox-handle-sdk)                   | TypeScript SDK for handle encryption/decryption     |
+| [nox-offchain-deployment](https://github.com/iExec-Nox/nox-offchain-deployment) | Off-chain services (gateway, KMS, runner, ingestor) |
+## Contributing
+Contributions are welcome. Please open an issue first to discuss your proposed changes.
+1. Fork the repository
+2. Create your feature branch (`git checkout -b feature/my-feature`)
+3. Commit your changes
+4. Push to the branch (`git push origin feature/my-feature`)
+5. Open a Pull Request
+### Code style
+```bash
+# Format all files
+pnpm run format
+# Check formatting
+pnpm run format:check
+```
 ## License
-The Nox Protocol source code is released under the Business Source License 1.1 (BUSL-1.1).
+The Nox Protocol source code is released under the [Business Source License 1.1 (BUSL-1.1)](./LICENSE).
 The license will automatically convert to the MIT License under the conditions described in the LICENSE file.
-The full text of the MIT License is provided in the LICENSE-MIT file.
+The full text of the MIT License is provided in the [LICENSE-MIT](./LICENSE-MIT) file.
-However, some files are dual licensed under `MIT`:
+Some files are dual-licensed under MIT:
-- All files in `contracts/interfaces/`, `contracts/shared/`, `contracts/sdk/` may also be licensed under `MIT` (as indicated in their SPDX headers).
+- All files in `contracts/interfaces/`, `contracts/shared/`, `contracts/sdk/` may also be licensed under MIT (as indicated in their SPDX headers).

package/contracts/sdk/Nox.sol CHANGED Viewed

@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.27;
+import {HandleUtils} from "../shared/HandleUtils.sol";
 import {TEEType, TypeUtils} from "../shared/TypeUtils.sol";
 import {INoxCompute} from "../interfaces/INoxCompute.sol";
 import "encrypted-types/EncryptedTypes.sol";
@@ -47,7 +48,7 @@ library Nox {
      * Public handles are already accessible by everyone and don't need ACL.
      */
     function _allowIfNotPublic(bytes32 handle, address account) private {
-        if (!TypeUtils.isPublicHandle(handle)) {
+        if (!HandleUtils.isPublicHandle(handle)) {
             _noxComputeContract().allow(handle, account);
         }
     }
@@ -57,7 +58,7 @@ library Nox {
      * Public handles are already accessible by everyone and don't need ACL.
      */
     function _allowTransientIfNotPublic(bytes32 handle, address account) private {
-        if (!TypeUtils.isPublicHandle(handle)) {
+        if (!HandleUtils.isPublicHandle(handle)) {
             _noxComputeContract().allowTransient(handle, account);
         }
     }
@@ -67,7 +68,7 @@ library Nox {
      * Public handles are already accessible by everyone and don't need ACL.
      */
     function _disallowTransientIfNotPublic(bytes32 handle, address account) private {
-        if (!TypeUtils.isPublicHandle(handle)) {
+        if (!HandleUtils.isPublicHandle(handle)) {
             _noxComputeContract().disallowTransient(handle, account);
         }
     }
@@ -1402,6 +1403,6 @@ library Nox {
         bytes32 handle,
         TEEType teeType
     ) private view returns (bytes32) {
-        return handle == bytes32(0) ? TypeUtils.zeroHandle(teeType) : handle;
+        return handle == bytes32(0) ? HandleUtils.zeroHandle(teeType) : handle;
     }
 }

package/contracts/shared/HandleUtils.sol ADDED Viewed

@@ -0,0 +1,35 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.27;
+import {TEEType} from "./TypeUtils.sol";
+library HandleUtils {
+    /// @dev Bit 0 of the attrs byte. When set, the handle is guaranteed unique on-chain.
+    bytes1 internal constant ATTR_IS_UNIQUE_HANDLE = 0x01;
+    /**
+     * @notice Checks if a handle is a public handle (isUniqueHandle bit == 0).
+     * A public handle wraps a plaintext value known on-chain, has no ACL,
+     * and is accessible by everyone.
+     * @param handle The handle to check
+     * @return True if the handle is a public handle
+     */
+    function isPublicHandle(bytes32 handle) internal pure returns (bool) {
+        return (handle[6] & ATTR_IS_UNIQUE_HANDLE) == 0;
+    }
+    /**
+     * @notice Returns the zero handle for the given TEE type on the current chain.
+     * The zero handle represents the default zero value for a given type and is a public handle.
+     * It follows the standard handle format but with a zeroed pre-handle:
+     *   [0]=version(0x00)  [1-4]=chainId  [5]=teeType  [6]=attrs(0x00)  [7-31]=0x00..00
+     * @param teeType The TEE type to encode
+     * @return The typed null handle
+     */
+    function zeroHandle(TEEType teeType) internal view returns (bytes32) {
+        return
+            // [0]=version is implicitly 0x00
+            (bytes32(bytes4(uint32(block.chainid))) >> (1 * 8)) |
+            (bytes32(bytes1(uint8(teeType))) >> (5 * 8));
+    }
+}

package/contracts/shared/TypeUtils.sol CHANGED Viewed

@@ -116,9 +116,6 @@ error NonArithmeticType();
 error UnsupportedArithmeticType();
 library TypeUtils {
-    /// @dev Bit 0 of the attrs byte. When set, the handle is guaranteed unique on-chain.
-    bytes1 internal constant ATTR_IS_UNIQUE_HANDLE = 0x01;
     /**
      * @notice Extracts the TEE type from a handle.
      * The type is stored at byte position 5 in the handle.
@@ -129,17 +126,6 @@ library TypeUtils {
         return TEEType(uint8(handle[5]));
     }
-    /**
-     * @notice Checks if a handle is a public handle (isUniqueHandle bit == 0).
-     * A public handle wraps a plaintext value known on-chain, has no ACL,
-     * and is accessible by everyone.
-     * @param handle The handle to check
-     * @return True if the handle is a public handle
-     */
-    function isPublicHandle(bytes32 handle) internal pure returns (bool) {
-        return (handle[6] & ATTR_IS_UNIQUE_HANDLE) == 0;
-    }
     /**
      * @notice Validates that a TEE type is supported for arithmetic operations.
      * Only the following arithmetic types are supported:
@@ -154,25 +140,11 @@ library TypeUtils {
     function validateArithmeticType(TEEType teeType) internal pure {
         uint8 t = uint8(teeType);
         require(t >= uint8(TEEType.Uint8) && t <= uint8(TEEType.Int256), NonArithmeticType());
-        bool supportedType = teeType == TEEType.Uint16 ||
-            teeType == TEEType.Uint256 ||
-            teeType == TEEType.Int16 ||
-            teeType == TEEType.Int256;
+        bool supportedType =
+            teeType == TEEType.Uint16 ||
+                teeType == TEEType.Uint256 ||
+                teeType == TEEType.Int16 ||
+                teeType == TEEType.Int256;
         require(supportedType, UnsupportedArithmeticType());
     }
-    /**
-     * @notice Returns the zero handle for the given TEE type on the current chain.
-     * The zero handle represents the default zero value for a given type.
-     * It follows the standard handle format but with a zeroed pre-handle:
-     *   [0]=version(0x00)  [1-4]=chainId  [5]=teeType  [6]=attrs(0x00)  [7-31]=0x00..00
-     * @param teeType The TEE type to encode
-     * @return The typed null handle
-     */
-    function zeroHandle(TEEType teeType) internal view returns (bytes32) {
-        return
-            // [0]=version is implicitly 0x00
-            (bytes32(bytes4(uint32(block.chainid))) >> (1 * 8)) |
-            (bytes32(bytes1(uint8(teeType))) >> (5 * 8));
-    }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@iexec-nox/nox-protocol-contracts",
-  "version": "0.1.0-beta.9",
+  "version": "0.1.0",
   "description": "Nox protocol smart contracts",
   "keywords": [
     "Nox",
@@ -26,8 +26,8 @@
     "deploy:production": "pnpm hardhat run scripts/deploy.ts --build-profile production",
     "set-gateway": "pnpm hardhat run scripts/set-gateway.ts",
     "set-kms-public-key": "pnpm hardhat run scripts/set-kms-public-key.ts",
-    "upgrade": "pnpm hardhat run scripts/upgrade.ts",
-    "upgrade:production": "pnpm hardhat run scripts/upgrade.ts --build-profile production",
+    "upgrade": "bash scripts/upgrade.sh",
+    "upgrade:production": "bash scripts/upgrade.sh --build-profile production",
     "verify": "pnpm hardhat ignition verify",
     "format": "pnpm prettier --write .",
     "format:check": "pnpm prettier --check ."
@@ -44,19 +44,19 @@
   },
   "devDependencies": {
     "@nomicfoundation/hardhat-ethers": "^4.0.6",
-    "@nomicfoundation/hardhat-ignition": "^3.0.9",
-    "@nomicfoundation/hardhat-toolbox-viem": "^5.0.2",
+    "@nomicfoundation/hardhat-ignition": "^3.1.0",
+    "@nomicfoundation/hardhat-toolbox-viem": "^5.0.3",
     "@openzeppelin/hardhat-upgrades": "4.0.0-alpha.0",
-    "@types/node": "^22.19.13",
+    "@types/node": "^25.5.0",
     "ethers": "^6.16.0",
     "forge-std": "github:foundry-rs/forge-std#v1.15.0",
-    "hardhat": "^3.1.11",
+    "hardhat": "^3.2.0",
     "husky": "^9.1.7",
-    "lint-staged": "^16.3.1",
+    "lint-staged": "^16.4.0",
     "prettier": "^3.8.1",
-    "prettier-plugin-solidity": "^2.2.1",
-    "typescript": "^5.9.3",
-    "viem": "^2.46.3"
+    "prettier-plugin-solidity": "^2.3.1",
+    "typescript": "^6.0.2",
+    "viem": "^2.47.6"
   },
   "homepage": "https://github.com/iExec-Nox/nox-protocol-contracts#readme",
   "repository": {