@inco/js 0.3.0 → 0.3.2-alpha.0

package/dist/cjs/advancedacl/index.d.ts

@@ -0,0 +1,2 @@
+export * from './session-key.js';
+export * from './types.js';

package/dist/cjs/advancedacl/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./session-key.js"), exports);
+__exportStar(require("./types.js"), exports);
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYWR2YW5jZWRhY2wvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLG1EQUFpQztBQUNqQyw2Q0FBMkIifQ==

package/dist/cjs/advancedacl/session-key.d.ts

@@ -0,0 +1,28 @@
+import type { Client } from '@connectrpc/connect';
+import { type Account, type Address, type Chain, type Hex, type Transport, type WalletClient } from 'viem';
+import { type EciesScheme, SupportedFheType } from '../encryption/encryption.js';
+import type { KmsService, Secp256k1Keypair } from '../lite/index.js';
+import { type ReencryptFnArgs } from '../reencryption/index.js';
+import type { AllowanceVoucher, AllowanceVoucherWithSig } from './types.js';
+export interface Session {
+    decrypter: Address;
+    expiresAt: bigint;
+}
+export declare function createAllowanceVoucher(incoLiteAddress: Address, sharerWalletClient: WalletClient<Transport, Chain, Account>, verifyingContract: Address, callFunction: Hex, sharerArgData: Hex): Promise<AllowanceVoucher>;
+export interface GrantSessionKeyArgs {
+    chainId: bigint;
+    incoLiteAddress: Address;
+    sessionVerifierContractAddress: Address;
+    granteeAddress: Address;
+    sharerWalletClient: WalletClient<Transport, Chain, Account>;
+    expiresAt: Date;
+}
+export declare function grantSessionKey({ chainId, incoLiteAddress, sessionVerifierContractAddress, granteeAddress, sharerWalletClient, expiresAt, }: GrantSessionKeyArgs): Promise<AllowanceVoucherWithSig>;
+export interface SessionKeyReencryptorArgs {
+    chainId: bigint;
+    ephemeralKeypair: Secp256k1Keypair;
+    kmsConnectRpcEndpointOrClient: string | Client<typeof KmsService>;
+    allowanceVoucherWithSig: AllowanceVoucherWithSig;
+}
+export declare function sessionKeyReencryptor({ chainId, kmsConnectRpcEndpointOrClient, ephemeralKeypair, allowanceVoucherWithSig, }: SessionKeyReencryptorArgs): Promise<(<T extends SupportedFheType>({ handle }: ReencryptFnArgs<EciesScheme, T>) => Promise<import("../encryption/encryption.js").PlaintextOf<1, 0 | 5 | 7 | 8>>)>;
+export declare function updateActiveVouchersSessionNonce(incoLiteAddress: Address, sharerWalletClient: WalletClient<Transport, Chain, Account>): Promise<`0x${string}`>;

package/dist/cjs/advancedacl/session-key.js

@@ -0,0 +1,176 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAllowanceVoucher = createAllowanceVoucher;
+exports.grantSessionKey = grantSessionKey;
+exports.sessionKeyReencryptor = sessionKeyReencryptor;
+exports.updateActiveVouchersSessionNonce = updateActiveVouchersSessionNonce;
+const viem_1 = require("viem");
+const accounts_1 = require("viem/accounts");
+const chain_js_1 = require("../chain.js");
+const lightning_preview_js_1 = require("../generated/abis/lightning-preview.js");
+const lightning_js_1 = require("../generated/abis/lightning.js");
+const index_js_1 = require("../lite/index.js");
+const index_js_2 = require("../reencryption/index.js");
+// Given a sharer's wallet client, an incoLite contract address, and a
+// (verifyingContract, callFunction, sharerArgData) tuple, this function
+// creates an AllowanceVoucher.
+async function createAllowanceVoucher(incoLiteAddress, sharerWalletClient, verifyingContract, callFunction, sharerArgData) {
+    const advancedACL = (0, viem_1.getContract)({
+        address: incoLiteAddress,
+        // Could have used the incoLightningAbi, but this is more efficient.
+        abi: lightning_preview_js_1.advancedAccessControlAbi,
+        client: sharerWalletClient,
+    });
+    // The session nonce in the AllowanceVoucher must match the current active
+    // session nonce of the sharer on-chain.
+    const sessionNonce = await advancedACL.read.getActiveVouchersSessionNonce([sharerWalletClient.account.address]);
+    return {
+        sessionNonce,
+        verifyingContract,
+        callFunction,
+        sharerArgData,
+    };
+}
+// Let the sharer grant a session to the requester.
+async function grantSessionKey({ chainId, incoLiteAddress, sessionVerifierContractAddress, granteeAddress, sharerWalletClient, expiresAt, }) {
+    const session = {
+        decrypter: granteeAddress,
+        expiresAt: BigInt(Math.floor(expiresAt.getTime() / 1000)),
+    };
+    const sharerArgData = (0, viem_1.encodeAbiParameters)(getSessionAbi(), [session.decrypter, session.expiresAt]);
+    // Get the domain name and version from the incoLite contract.
+    const incoLitePreview = (0, viem_1.getContract)({
+        abi: lightning_js_1.incoLightningAbi,
+        address: incoLiteAddress,
+        client: sharerWalletClient,
+    });
+    const eip712DomainName = await incoLitePreview.read.getName();
+    const eip712DomainVersion = await incoLitePreview.read.getVersion();
+    const voucher = await createAllowanceVoucher(incoLiteAddress, sharerWalletClient, 
+    // Careful that the verifying contract here is the SessionVerifier contract,
+    // not the incoLite contract.
+    sessionVerifierContractAddress, (0, viem_1.toFunctionSelector)(getCanUseSessionAbi()), sharerArgData);
+    const eip712Payload = (0, index_js_2.createEIP712Payload)({
+        chainId,
+        primaryType: 'AllowanceVoucher',
+        primaryTypeFields: getAllowanceVoucherAbi(),
+        message: voucher,
+        // Related to comment above: careful that the verifying contract here is
+        // the incoLite contract (not the SessionVerifier contract).
+        verifyingContract: incoLiteAddress,
+        ...(eip712DomainName && { domainName: eip712DomainName }),
+        ...(eip712DomainVersion && { domainVersion: eip712DomainVersion }),
+    });
+    // Using browser extensions, this step will prompt the user to sign the
+    // payload.
+    const voucherSignature = await sharerWalletClient.signTypedData(eip712Payload);
+    return {
+        sharer: sharerWalletClient.account.address,
+        voucher,
+        voucherSignature,
+    };
+}
+// The sessionKeyReencryptor function is a reencryptor that uses a session key
+// to reencrypt data.
+async function sessionKeyReencryptor({ chainId, kmsConnectRpcEndpointOrClient, ephemeralKeypair, allowanceVoucherWithSig, }) {
+    const kmsClient = (0, index_js_1.getKmsClient)(kmsConnectRpcEndpointOrClient || (0, index_js_1.defaultCovalidatorGrpc)((0, chain_js_1.getSupportedChain)(chainId)));
+    const requesterAccount = (0, accounts_1.privateKeyToAccount)(`0x${ephemeralKeypair.kp.getPrivate('hex')}`);
+    const ephemeralPubKey = ephemeralKeypair.encodePublicKey();
+    // Sign the EIP712 attesting that the requester has access to the private key
+    // corresponding to the ephemeral public key.
+    const eip712Payload = (0, index_js_1.reencryptEIP712)(chainId, ephemeralPubKey);
+    // Since the account is an ephemeral keypair stored in memory (not in Metamask),
+    // this step will NOT prompt the user with a pop-up.
+    const eip712Signature = await requesterAccount.signTypedData(eip712Payload);
+    return async function reencrypt({ handle }) {
+        const reencryptRequest = {
+            $typeName: 'inco.kms.lite.v1.ReencryptRequest',
+            userAddress: requesterAccount.address,
+            ephemeralPubKey,
+            eip712Signature: (0, viem_1.hexToBytes)(eip712Signature),
+            handlesWithProofs: [
+                {
+                    $typeName: 'inco.kms.lite.v1.HandleWithProof',
+                    handle,
+                    aclProof: {
+                        $typeName: 'inco.kms.lite.v1.ACLProof',
+                        proof: {
+                            value: {
+                                $typeName: 'inco.kms.lite.v1.IncoLiteAdvancedACLProof',
+                                allowanceProof: {
+                                    $typeName: 'inco.kms.lite.v1.AllowanceProof',
+                                    sharer: allowanceVoucherWithSig.sharer,
+                                    voucher: {
+                                        // Converting from the AllowanceVoucher domain type to the
+                                        // AllowanceVoucher proto type.
+                                        $typeName: 'inco.kms.lite.v1.AllowanceVoucher',
+                                        sessionNonce: (0, viem_1.hexToBytes)(allowanceVoucherWithSig.voucher.sessionNonce),
+                                        verifyingContract: allowanceVoucherWithSig.voucher.verifyingContract,
+                                        callFunction: (0, viem_1.hexToBytes)(allowanceVoucherWithSig.voucher.callFunction),
+                                        sharerArgData: (0, viem_1.hexToBytes)(allowanceVoucherWithSig.voucher.sharerArgData),
+                                    },
+                                    voucherSignature: (0, viem_1.hexToBytes)(allowanceVoucherWithSig.voucherSignature),
+                                    // For SessionVerifier, the requesterArgData is empty.
+                                    requesterArgData: new Uint8Array(),
+                                },
+                            },
+                            case: 'incoLiteAdvancedAclProof',
+                        },
+                    },
+                },
+            ],
+        };
+        const response = await kmsClient.reencrypt(reencryptRequest);
+        return (0, index_js_1.decryptGrpcResponse)(response, ephemeralKeypair, handle);
+    };
+}
+async function updateActiveVouchersSessionNonce(incoLiteAddress, sharerWalletClient) {
+    const advancedACL = (0, viem_1.getContract)({
+        address: incoLiteAddress,
+        abi: lightning_preview_js_1.advancedAccessControlAbi,
+        client: sharerWalletClient,
+    });
+    const txHash = await advancedACL.write.updateActiveVouchersSessionNonce();
+    return txHash;
+}
+// Below are helpers to get ABIs of functions/structs from the SessionVerifier
+// contract.
+// Get the ABI of the `AllowanceVoucher` struct.
+function getAllowanceVoucherAbi() {
+    // Find the `allowanceVoucherDigest` function, it takes an AllowanceVoucher
+    // as sole argument.
+    const allowanceVoucherDigest = lightning_preview_js_1.advancedAccessControlAbi.find((item) => item.name === 'allowanceVoucherDigest');
+    if (!allowanceVoucherDigest) {
+        throw new Error('allowanceVoucherDigest not found');
+    }
+    // Get the input whose internalType is "struct AllowanceVoucher"
+    const allowanceVoucherInput = allowanceVoucherDigest.inputs.find((input) => input.internalType === 'struct AllowanceVoucher');
+    if (!allowanceVoucherInput) {
+        throw new Error('allowanceVoucherInput not found');
+    }
+    return allowanceVoucherInput.components;
+}
+// Get the ABI of the `Session` struct.
+//
+// We specifically created an ABIHelper.sol contract to export the Session
+// struct from the SessionVerifier contract.
+function getSessionAbi() {
+    const getSession = lightning_preview_js_1.abiHelperAbi.find((item) => 'name' in item && item.name === 'getSession');
+    if (!getSession) {
+        throw new Error('getSession not found');
+    }
+    const session = getSession.outputs[0];
+    if (!session) {
+        throw new Error('session not found');
+    }
+    return session.components;
+}
+// Get the ABI of the `canUseSession` function.
+function getCanUseSessionAbi() {
+    const canUseSession = lightning_preview_js_1.sessionVerifierAbi.find((item) => 'name' in item && item.name === 'canUseSession');
+    if (!canUseSession) {
+        throw new Error('canUseSession not found');
+    }
+    return canUseSession;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2Vzc2lvbi1rZXkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYWR2YW5jZWRhY2wvc2Vzc2lvbi1rZXkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUF5Q0Esd0RBd0JDO0FBd0JELDBDQXNEQztBQXNCRCxzREEyREM7QUFFRCw0RUFXQztBQTVPRCwrQkFXYztBQUNkLDRDQUFvRDtBQUNwRCwwQ0FBZ0Q7QUFFaEQsaUZBQW9IO0FBQ3BILGlFQUFrRTtBQUVsRSwrQ0FBOEc7QUFDOUcsdURBQXFGO0FBa0JyRixzRUFBc0U7QUFDdEUsd0VBQXdFO0FBQ3hFLCtCQUErQjtBQUN4QixLQUFLLFVBQVUsc0JBQXNCLENBQzFDLGVBQXdCLEVBQ3hCLGtCQUEyRCxFQUMzRCxpQkFBMEIsRUFDMUIsWUFBaUIsRUFDakIsYUFBa0I7SUFFbEIsTUFBTSxXQUFXLEdBQUcsSUFBQSxrQkFBVyxFQUFDO1FBQzlCLE9BQU8sRUFBRSxlQUFlO1FBQ3hCLG9FQUFvRTtRQUNwRSxHQUFHLEVBQUUsK0NBQXdCO1FBQzdCLE1BQU0sRUFBRSxrQkFBa0I7S0FDM0IsQ0FBQyxDQUFDO0lBRUgsMEVBQTBFO0lBQzFFLHdDQUF3QztJQUN4QyxNQUFNLFlBQVksR0FBRyxNQUFNLFdBQVcsQ0FBQyxJQUFJLENBQUMsNkJBQTZCLENBQUMsQ0FBQyxrQkFBa0IsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztJQUVoSCxPQUFPO1FBQ0wsWUFBWTtRQUNaLGlCQUFpQjtRQUNqQixZQUFZO1FBQ1osYUFBYTtLQUNkLENBQUM7QUFDSixDQUFDO0FBdUJELG1EQUFtRDtBQUM1QyxLQUFLLFVBQVUsZUFBZSxDQUFDLEVBQ3BDLE9BQU8sRUFDUCxlQUFlLEVBQ2YsOEJBQThCLEVBQzlCLGNBQWMsRUFDZCxrQkFBa0IsRUFDbEIsU0FBUyxHQUNXO0lBQ3BCLE1BQU0sT0FBTyxHQUFHO1FBQ2QsU0FBUyxFQUFFLGNBQWM7UUFDekIsU0FBUyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxPQUFPLEVBQUUsR0FBRyxJQUFJLENBQUMsQ0FBQztLQUMvQyxDQUFDO0lBQ2IsTUFBTSxhQUFhLEdBQUcsSUFBQSwwQkFBbUIsRUFBQyxhQUFhLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7SUFFbkcsOERBQThEO0lBQzlELE1BQU0sZUFBZSxHQUFHLElBQUEsa0JBQVcsRUFBQztRQUNsQyxHQUFHLEVBQUUsK0JBQWdCO1FBQ3JCLE9BQU8sRUFBRSxlQUFlO1FBQ3hCLE1BQU0sRUFBRSxrQkFBa0I7S0FDM0IsQ0FBQyxDQUFDO0lBRUgsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLGVBQWUsQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7SUFDOUQsTUFBTSxtQkFBbUIsR0FBRyxNQUFNLGVBQWUsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7SUFFcEUsTUFBTSxPQUFPLEdBQUcsTUFBTSxzQkFBc0IsQ0FDMUMsZUFBZSxFQUNmLGtCQUFrQjtJQUNsQiw0RUFBNEU7SUFDNUUsNkJBQTZCO0lBQzdCLDhCQUE4QixFQUM5QixJQUFBLHlCQUFrQixFQUFDLG1CQUFtQixFQUFFLENBQUMsRUFDekMsYUFBYSxDQUNkLENBQUM7SUFDRixNQUFNLGFBQWEsR0FBRyxJQUFBLDhCQUFtQixFQUFDO1FBQ3hDLE9BQU87UUFDUCxXQUFXLEVBQUUsa0JBQWtCO1FBQy9CLGlCQUFpQixFQUFFLHNCQUFzQixFQUFFO1FBQzNDLE9BQU8sRUFBRSxPQUFPO1FBQ2hCLHdFQUF3RTtRQUN4RSw0REFBNEQ7UUFDNUQsaUJBQWlCLEVBQUUsZUFBZTtRQUNsQyxHQUFHLENBQUMsZ0JBQWdCLElBQUksRUFBRSxVQUFVLEVBQUUsZ0JBQWdCLEVBQUUsQ0FBQztRQUN6RCxHQUFHLENBQUMsbUJBQW1CLElBQUksRUFBRSxhQUFhLEVBQUUsbUJBQW1CLEVBQUUsQ0FBQztLQUNuRSxDQUFDLENBQUM7SUFFSCx1RUFBdUU7SUFDdkUsV0FBVztJQUNYLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxrQkFBa0IsQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDLENBQUM7SUFFL0UsT0FBTztRQUNMLE1BQU0sRUFBRSxrQkFBa0IsQ0FBQyxPQUFPLENBQUMsT0FBTztRQUMxQyxPQUFPO1FBQ1AsZ0JBQWdCO0tBQ2pCLENBQUM7QUFDSixDQUFDO0FBb0JELDhFQUE4RTtBQUM5RSxxQkFBcUI7QUFDZCxLQUFLLFVBQVUscUJBQXFCLENBQUMsRUFDMUMsT0FBTyxFQUNQLDZCQUE2QixFQUM3QixnQkFBZ0IsRUFDaEIsdUJBQXVCLEdBQ0c7SUFDMUIsTUFBTSxTQUFTLEdBQUcsSUFBQSx1QkFBWSxFQUFDLDZCQUE2QixJQUFJLElBQUEsaUNBQXNCLEVBQUMsSUFBQSw0QkFBaUIsRUFBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDcEgsTUFBTSxnQkFBZ0IsR0FBRyxJQUFBLDhCQUFtQixFQUFDLEtBQUssZ0JBQWdCLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDM0YsTUFBTSxlQUFlLEdBQUcsZ0JBQWdCLENBQUMsZUFBZSxFQUFFLENBQUM7SUFFM0QsNkVBQTZFO0lBQzdFLDZDQUE2QztJQUM3QyxNQUFNLGFBQWEsR0FBRyxJQUFBLDBCQUFlLEVBQUMsT0FBTyxFQUFFLGVBQWUsQ0FBQyxDQUFDO0lBQ2hFLGdGQUFnRjtJQUNoRixvREFBb0Q7SUFDcEQsTUFBTSxlQUFlLEdBQUcsTUFBTSxnQkFBZ0IsQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDLENBQUM7SUFFNUUsT0FBTyxLQUFLLFVBQVUsU0FBUyxDQUE2QixFQUFFLE1BQU0sRUFBbUM7UUFDckcsTUFBTSxnQkFBZ0IsR0FBcUI7WUFDekMsU0FBUyxFQUFFLG1DQUFtQztZQUM5QyxXQUFXLEVBQUUsZ0JBQWdCLENBQUMsT0FBTztZQUNyQyxlQUFlO1lBQ2YsZUFBZSxFQUFFLElBQUEsaUJBQVUsRUFBQyxlQUFlLENBQUM7WUFDNUMsaUJBQWlCLEVBQUU7Z0JBQ2pCO29CQUNFLFNBQVMsRUFBRSxrQ0FBa0M7b0JBQzdDLE1BQU07b0JBQ04sUUFBUSxFQUFFO3dCQUNSLFNBQVMsRUFBRSwyQkFBMkI7d0JBQ3RDLEtBQUssRUFBRTs0QkFDTCxLQUFLLEVBQUU7Z0NBQ0wsU0FBUyxFQUFFLDJDQUEyQztnQ0FDdEQsY0FBYyxFQUFFO29DQUNkLFNBQVMsRUFBRSxpQ0FBaUM7b0NBQzVDLE1BQU0sRUFBRSx1QkFBdUIsQ0FBQyxNQUFNO29DQUN0QyxPQUFPLEVBQUU7d0NBQ1AsMERBQTBEO3dDQUMxRCwrQkFBK0I7d0NBQy9CLFNBQVMsRUFBRSxtQ0FBbUM7d0NBQzlDLFlBQVksRUFBRSxJQUFBLGlCQUFVLEVBQUMsdUJBQXVCLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQzt3Q0FDdEUsaUJBQWlCLEVBQUUsdUJBQXVCLENBQUMsT0FBTyxDQUFDLGlCQUFpQjt3Q0FDcEUsWUFBWSxFQUFFLElBQUEsaUJBQVUsRUFBQyx1QkFBdUIsQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDO3dDQUN0RSxhQUFhLEVBQUUsSUFBQSxpQkFBVSxFQUFDLHVCQUF1QixDQUFDLE9BQU8sQ0FBQyxhQUFhLENBQUM7cUNBQ3pFO29DQUNELGdCQUFnQixFQUFFLElBQUEsaUJBQVUsRUFBQyx1QkFBdUIsQ0FBQyxnQkFBZ0IsQ0FBQztvQ0FDdEUsc0RBQXNEO29DQUN0RCxnQkFBZ0IsRUFBRSxJQUFJLFVBQVUsRUFBRTtpQ0FDbkM7NkJBQ0Y7NEJBQ0QsSUFBSSxFQUFFLDBCQUEwQjt5QkFDakM7cUJBQ0Y7aUJBQ0Y7YUFDRjtTQUNGLENBQUM7UUFFRixNQUFNLFFBQVEsR0FBRyxNQUFNLFNBQVMsQ0FBQyxTQUFTLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztRQUM3RCxPQUFPLElBQUEsOEJBQW1CLEVBQUMsUUFBUSxFQUFFLGdCQUFnQixFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ2pFLENBQUMsQ0FBQztBQUNKLENBQUM7QUFFTSxLQUFLLFVBQVUsZ0NBQWdDLENBQ3BELGVBQXdCLEVBQ3hCLGtCQUEyRDtJQUUzRCxNQUFNLFdBQVcsR0FBRyxJQUFBLGtCQUFXLEVBQUM7UUFDOUIsT0FBTyxFQUFFLGVBQWU7UUFDeEIsR0FBRyxFQUFFLCtDQUF3QjtRQUM3QixNQUFNLEVBQUUsa0JBQWtCO0tBQzNCLENBQUMsQ0FBQztJQUNILE1BQU0sTUFBTSxHQUFHLE1BQU0sV0FBVyxDQUFDLEtBQUssQ0FBQyxnQ0FBZ0MsRUFBRSxDQUFDO0lBQzFFLE9BQU8sTUFBTSxDQUFDO0FBQ2hCLENBQUM7QUFFRCw4RUFBOEU7QUFDOUUsWUFBWTtBQUVaLGdEQUFnRDtBQUNoRCxTQUFTLHNCQUFzQjtJQUM3QiwyRUFBMkU7SUFDM0Usb0JBQW9CO0lBQ3BCLE1BQU0sc0JBQXNCLEdBQUcsK0NBQXdCLENBQUMsSUFBSSxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsSUFBSSxLQUFLLHdCQUF3QixDQUFDLENBQUM7SUFDL0csSUFBSSxDQUFDLHNCQUFzQixFQUFFLENBQUM7UUFDNUIsTUFBTSxJQUFJLEtBQUssQ0FBQyxrQ0FBa0MsQ0FBQyxDQUFDO0lBQ3RELENBQUM7SUFFRCxnRUFBZ0U7SUFDaEUsTUFBTSxxQkFBcUIsR0FBRyxzQkFBc0IsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUM5RCxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLFlBQVksS0FBSyx5QkFBeUIsQ0FDNUQsQ0FBQztJQUNGLElBQUksQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO1FBQzNCLE1BQU0sSUFBSSxLQUFLLENBQUMsaUNBQWlDLENBQUMsQ0FBQztJQUNyRCxDQUFDO0lBRUQsT0FBTyxxQkFBcUIsQ0FBQyxVQUFVLENBQUM7QUFDMUMsQ0FBQztBQUVELHVDQUF1QztBQUN2QyxFQUFFO0FBQ0YsMEVBQTBFO0FBQzFFLDRDQUE0QztBQUM1QyxTQUFTLGFBQWE7SUFDcEIsTUFBTSxVQUFVLEdBQUcsbUNBQVksQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLE1BQU0sSUFBSSxJQUFJLElBQUksSUFBSSxDQUFDLElBQUksS0FBSyxZQUFZLENBQUMsQ0FBQztJQUM3RixJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7UUFDaEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDO0lBQzFDLENBQUM7SUFFRCxNQUFNLE9BQU8sR0FBRyxVQUFVLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ3RDLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztRQUNiLE1BQU0sSUFBSSxLQUFLLENBQUMsbUJBQW1CLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQsT0FBTyxPQUFPLENBQUMsVUFBVSxDQUFDO0FBQzVCLENBQUM7QUFFRCwrQ0FBK0M7QUFDL0MsU0FBUyxtQkFBbUI7SUFDMUIsTUFBTSxhQUFhLEdBQUcseUNBQWtCLENBQUMsSUFBSSxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLElBQUksSUFBSSxJQUFJLElBQUksQ0FBQyxJQUFJLEtBQUssZUFBZSxDQUFDLENBQUM7SUFDekcsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1FBQ25CLE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLENBQUMsQ0FBQztJQUM3QyxDQUFDO0lBRUQsT0FBTyxhQUFhLENBQUM7QUFDdkIsQ0FBQyJ9

package/dist/cjs/advancedacl/types.d.ts

@@ -0,0 +1,15 @@
+import { Address, Hex } from 'viem';
+export type AllowanceVoucher = {
+    sessionNonce: Hex;
+    verifyingContract: Address;
+    callFunction: Hex;
+    sharerArgData: Hex;
+};
+export interface AllowanceVoucherWithSig {
+    sharer: Address;
+    voucher: AllowanceVoucher;
+    voucherSignature: Hex;
+}
+export interface AllowanceProof extends AllowanceVoucherWithSig {
+    requesterArgData: Uint8Array;
+}

package/dist/cjs/advancedacl/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYWR2YW5jZWRhY2wvdHlwZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/cjs/attestedcompute/attested-compute.d.ts

@@ -1,8 +1,11 @@
 import type { Account, Chain, Transport, WalletClient } from 'viem';
+import { DecryptionAttestation } from '../attesteddecrypt/types.js';
+import { HexString } from '../binary.js';
 import { SupportedChainId } from '../chain.js';
-import { EciesScheme } from '../encryption/encryption.js';
+import { EciesScheme, SupportedFheType } from '../encryption/encryption.js';
 import type { KmsClient } from '../kms/client.js';
-import { AttestedCompute } from './types.js';
+import type { BackoffConfig } from '../retry.js';
+import { AttestedComputeOP } from './types.js';
 /**
  * Arguments for creating an attested compute.
  */
@@ -21,18 +24,13 @@ export interface IncoLiteAttestedComputeArgs {
  * @throws {AttestedComputeError} If the creation fails
  *
  * @todo Support multiple operations in a single request.
- *
- * @example
- * ```typescript
- * const compute = await incoLiteAttestedCompute({
- *   walletClient,
- *   chainId: sepolia,
- * });
- * const decryptionAttestation = await compute({
- *   lhsHandle: '0x...',
- *   op: AttestedComputeSupportedOps.Eq,
- *   rhsPlaintext: 1337n,
- * });
- * ```
  */
-export declare function incoLiteAttestedCompute({ kmsConnectRpcEndpointOrClient, chainId, walletClient, }: IncoLiteAttestedComputeArgs): AttestedCompute<EciesScheme>;
+export declare function attestedCompute<T extends SupportedFheType>({ lhsHandle, op, rhsPlaintext, backoffConfig, walletClient, kmsConnectRpcEndpointOrClient, chainId, }: {
+    lhsHandle: HexString;
+    op: AttestedComputeOP;
+    rhsPlaintext: bigint | boolean;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    kmsConnectRpcEndpointOrClient?: string | KmsClient;
+    chainId: SupportedChainId;
+}): Promise<DecryptionAttestation<EciesScheme, T>>;

package/dist/cjs/attestedcompute/attested-compute.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.incoLiteAttestedCompute = incoLiteAttestedCompute;
+exports.attestedCompute = attestedCompute;
 const viem_1 = require("viem");
 const attested_decrypt_js_1 = require("../attesteddecrypt/attested-decrypt.js");
 const binary_js_1 = require("../binary.js");
@@ -20,79 +20,64 @@ const ATTESTED_COMPUTE_DOMAIN_VERSION = '0.1.0';
  * @throws {AttestedComputeError} If the creation fails
  *
  * @todo Support multiple operations in a single request.
- *
- * @example
- * ```typescript
- * const compute = await incoLiteAttestedCompute({
- *   walletClient,
- *   chainId: sepolia,
- * });
- * const decryptionAttestation = await compute({
- *   lhsHandle: '0x...',
- *   op: AttestedComputeSupportedOps.Eq,
- *   rhsPlaintext: 1337n,
- * });
- * ```
  */
-function incoLiteAttestedCompute({ kmsConnectRpcEndpointOrClient, chainId, walletClient, }) {
-    const kmsClient = (0, client_js_1.getKmsClient)(kmsConnectRpcEndpointOrClient || (0, client_js_1.defaultCovalidatorGrpc)((0, chain_js_1.getSupportedChain)(chainId)));
-    return async function attestedCompute({ lhsHandle, op, rhsPlaintext, backoffConfig, }) {
-        try {
-            (0, attested_decrypt_js_1.validateHandle)(lhsHandle);
-            const rhsPlaintextBig = BigInt(rhsPlaintext);
-            // Create the EIP712 payload for the handles to decrypt
-            const eip712Payload = (0, eip712_js_1.createEIP712Payload)({
-                chainId: BigInt(chainId),
-                primaryType: 'AttestedComputeRequest',
-                primaryTypeFields: [
-                    { name: 'op', type: 'uint8' },
-                    { name: 'lhsHandle', type: 'bytes32' },
-                    { name: 'rhsPlaintext', type: 'bytes32' },
-                ],
-                message: {
-                    op: op,
-                    lhsHandle: lhsHandle,
-                    rhsPlaintext: (0, binary_js_1.bigintToBytes32)(rhsPlaintextBig),
-                },
-                domainName: ATTESTED_COMPUTE_DOMAIN_NAME,
-                domainVersion: ATTESTED_COMPUTE_DOMAIN_VERSION,
-            });
-            // Sign the EIP712 message
-            const eip712Signature = await walletClient.signTypedData(eip712Payload);
-            const rhsValueBytes = (0, encryption_js_1.bigintToPlaintext)(encryption_js_1.encryptionSchemes.ecies, (0, handle_js_1.getHandleType)(lhsHandle), rhsPlaintextBig);
-            const attestedComputeRequest = {
-                $typeName: 'inco.kms.lite.v1.AttestedComputeRequest',
-                userAddress: walletClient.account.address,
+async function attestedCompute({ lhsHandle, op, rhsPlaintext, backoffConfig, walletClient, kmsConnectRpcEndpointOrClient, chainId, }) {
+    try {
+        const kmsClient = (0, client_js_1.getKmsClient)(kmsConnectRpcEndpointOrClient || (0, client_js_1.defaultCovalidatorGrpc)((0, chain_js_1.getSupportedChain)(chainId)));
+        (0, attested_decrypt_js_1.validateHandle)(lhsHandle);
+        const rhsPlaintextBig = BigInt(rhsPlaintext);
+        // Create the EIP712 payload for the handles to decrypt
+        const eip712Payload = (0, eip712_js_1.createEIP712Payload)({
+            chainId: BigInt(chainId),
+            primaryType: 'AttestedComputeRequest',
+            primaryTypeFields: [
+                { name: 'op', type: 'uint8' },
+                { name: 'lhsHandle', type: 'bytes32' },
+                { name: 'rhsPlaintext', type: 'bytes32' },
+            ],
+            message: {
                 op: op,
                 lhsHandle: lhsHandle,
-                rhsPlaintext: rhsValueBytes.value.toString(16),
-                eip712Signature: (0, viem_1.hexToBytes)(eip712Signature),
-            };
-            const response = await (0, retry_js_1.retryWithBackoff)(async () => {
-                return await kmsClient.attestedCompute(attestedComputeRequest);
-            }, backoffConfig);
-            const decryptionAttestation = response.decryptionAttestation;
-            if (decryptionAttestation?.plaintext === undefined) {
-                throw new types_js_1.AttestedComputeError('No plaintext in response');
-            }
-            const computeResultHandle = response.decryptionAttestation?.handle;
-            if (!computeResultHandle) {
-                throw new types_js_1.AttestedComputeError('No compute result handle in response');
-            }
-            const handleType = (0, handle_js_1.getHandleType)(computeResultHandle);
-            const bigIntValue = (0, binary_js_1.bytesToBigInt)(decryptionAttestation.plaintext);
-            return {
-                handle: computeResultHandle,
-                plaintext: (0, encryption_js_1.bigintToPlaintext)(encryption_js_1.encryptionSchemes.ecies, handleType, bigIntValue),
-                covalidatorSignature: decryptionAttestation.signature,
-            };
+                rhsPlaintext: (0, binary_js_1.bigintToBytes32)(rhsPlaintextBig),
+            },
+            domainName: ATTESTED_COMPUTE_DOMAIN_NAME,
+            domainVersion: ATTESTED_COMPUTE_DOMAIN_VERSION,
+        });
+        // Sign the EIP712 message
+        const eip712Signature = await walletClient.signTypedData(eip712Payload);
+        const rhsValueBytes = (0, encryption_js_1.bigintToPlaintext)(encryption_js_1.encryptionSchemes.ecies, (0, handle_js_1.getHandleType)(lhsHandle), rhsPlaintextBig);
+        const attestedComputeRequest = {
+            $typeName: 'inco.kms.lite.v1.AttestedComputeRequest',
+            userAddress: walletClient.account.address,
+            op: op,
+            lhsHandle: lhsHandle,
+            rhsPlaintext: rhsValueBytes.value.toString(16),
+            eip712Signature: (0, viem_1.hexToBytes)(eip712Signature),
+        };
+        const response = await (0, retry_js_1.retryWithBackoff)(async () => {
+            return await kmsClient.attestedCompute(attestedComputeRequest);
+        }, backoffConfig);
+        const decryptionAttestation = response.decryptionAttestation;
+        if (decryptionAttestation?.plaintext === undefined) {
+            throw new types_js_1.AttestedComputeError('No plaintext in response');
+        }
+        const computeResultHandle = response.decryptionAttestation?.handle;
+        if (!computeResultHandle) {
+            throw new types_js_1.AttestedComputeError('No compute result handle in response');
         }
-        catch (error) {
-            if (error instanceof types_js_1.AttestedComputeError) {
-                throw error;
-            }
-            throw new types_js_1.AttestedComputeError('Failed to perform attested compute', error);
+        const handleType = (0, handle_js_1.getHandleType)(computeResultHandle);
+        const bigIntValue = (0, binary_js_1.bytesToBigInt)(decryptionAttestation.plaintext);
+        return {
+            handle: computeResultHandle,
+            plaintext: (0, encryption_js_1.bigintToPlaintext)(encryption_js_1.encryptionSchemes.ecies, handleType, bigIntValue),
+            covalidatorSignature: decryptionAttestation.signature,
+        };
+    }
+    catch (error) {
+        if (error instanceof types_js_1.AttestedComputeError) {
+            throw error;
         }
-    };
+        throw new types_js_1.AttestedComputeError('Failed to perform attested compute', error);
+    }
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXR0ZXN0ZWQtY29tcHV0ZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9hdHRlc3RlZGNvbXB1dGUvYXR0ZXN0ZWQtY29tcHV0ZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQW9EQSwwREFvRkM7QUF2SUQsK0JBQWtDO0FBQ2xDLGdGQUF3RTtBQUV4RSw0Q0FBeUU7QUFDekUsMENBQWtFO0FBQ2xFLCtEQUFrSDtBQUVsSCw0Q0FBNkM7QUFFN0MsZ0RBQXdFO0FBQ3hFLHlEQUFnRTtBQUVoRSwwQ0FBK0M7QUFDL0MseUNBQXNGO0FBRXRGLE1BQU0sNEJBQTRCLEdBQUcscUJBQXFCLENBQUM7QUFDM0QsTUFBTSwrQkFBK0IsR0FBRyxPQUFPLENBQUM7QUFjaEQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBb0JHO0FBQ0gsU0FBZ0IsdUJBQXVCLENBQUMsRUFDdEMsNkJBQTZCLEVBQzdCLE9BQU8sRUFDUCxZQUFZLEdBQ2dCO0lBQzVCLE1BQU0sU0FBUyxHQUFHLElBQUEsd0JBQVksRUFBQyw2QkFBNkIsSUFBSSxJQUFBLGtDQUFzQixFQUFDLElBQUEsNEJBQWlCLEVBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBRXBILE9BQU8sS0FBSyxVQUFVLGVBQWUsQ0FBNkIsRUFDaEUsU0FBUyxFQUNULEVBQUUsRUFDRixZQUFZLEVBQ1osYUFBYSxHQU1kO1FBQ0MsSUFBSSxDQUFDO1lBQ0gsSUFBQSxvQ0FBYyxFQUFDLFNBQVMsQ0FBQyxDQUFDO1lBRTFCLE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztZQUU3Qyx1REFBdUQ7WUFDdkQsTUFBTSxhQUFhLEdBQUcsSUFBQSwrQkFBbUIsRUFBQztnQkFDeEMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxPQUFPLENBQUM7Z0JBQ3hCLFdBQVcsRUFBRSx3QkFBd0I7Z0JBQ3JDLGlCQUFpQixFQUFFO29CQUNqQixFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRTtvQkFDN0IsRUFBRSxJQUFJLEVBQUUsV0FBVyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUU7b0JBQ3RDLEVBQUUsSUFBSSxFQUFFLGNBQWMsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFO2lCQUMxQztnQkFDRCxPQUFPLEVBQUU7b0JBQ1AsRUFBRSxFQUFFLEVBQUU7b0JBQ04sU0FBUyxFQUFFLFNBQVM7b0JBQ3BCLFlBQVksRUFBRSxJQUFBLDJCQUFlLEVBQUMsZUFBZSxDQUFDO2lCQUMvQztnQkFDRCxVQUFVLEVBQUUsNEJBQTRCO2dCQUN4QyxhQUFhLEVBQUUsK0JBQStCO2FBQy9DLENBQUMsQ0FBQztZQUVILDBCQUEwQjtZQUMxQixNQUFNLGVBQWUsR0FBRyxNQUFNLFlBQVksQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDLENBQUM7WUFFeEUsTUFBTSxhQUFhLEdBQUcsSUFBQSxpQ0FBaUIsRUFBQyxpQ0FBaUIsQ0FBQyxLQUFLLEVBQUUsSUFBQSx5QkFBYSxFQUFDLFNBQVMsQ0FBTSxFQUFFLGVBQWUsQ0FBQyxDQUFDO1lBQ2pILE1BQU0sc0JBQXNCLEdBQTJCO2dCQUNyRCxTQUFTLEVBQUUseUNBQXlDO2dCQUNwRCxXQUFXLEVBQUUsWUFBWSxDQUFDLE9BQU8sQ0FBQyxPQUFPO2dCQUN6QyxFQUFFLEVBQUUsRUFBRTtnQkFDTixTQUFTLEVBQUUsU0FBUztnQkFDcEIsWUFBWSxFQUFFLGFBQWEsQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztnQkFDOUMsZUFBZSxFQUFFLElBQUEsaUJBQVUsRUFBQyxlQUFlLENBQUM7YUFDN0MsQ0FBQztZQUVGLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBQSwyQkFBZ0IsRUFBQyxLQUFLLElBQUksRUFBRTtnQkFDakQsT0FBTyxNQUFNLFNBQVMsQ0FBQyxlQUFlLENBQUMsc0JBQXNCLENBQUMsQ0FBQztZQUNqRSxDQUFDLEVBQUUsYUFBYSxDQUFDLENBQUM7WUFFbEIsTUFBTSxxQkFBcUIsR0FBRyxRQUFRLENBQUMscUJBQXFCLENBQUM7WUFFN0QsSUFBSSxxQkFBcUIsRUFBRSxTQUFTLEtBQUssU0FBUyxFQUFFLENBQUM7Z0JBQ25ELE1BQU0sSUFBSSwrQkFBb0IsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO1lBQzdELENBQUM7WUFFRCxNQUFNLG1CQUFtQixHQUFHLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxNQUFNLENBQUM7WUFDbkUsSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7Z0JBQ3pCLE1BQU0sSUFBSSwrQkFBb0IsQ0FBQyxzQ0FBc0MsQ0FBQyxDQUFDO1lBQ3pFLENBQUM7WUFFRCxNQUFNLFVBQVUsR0FBRyxJQUFBLHlCQUFhLEVBQUMsbUJBQWdDLENBQUMsQ0FBQztZQUNuRSxNQUFNLFdBQVcsR0FBRyxJQUFBLHlCQUFhLEVBQUMscUJBQXFCLENBQUMsU0FBUyxDQUFDLENBQUM7WUFFbkUsT0FBTztnQkFDTCxNQUFNLEVBQUUsbUJBQWdDO2dCQUN4QyxTQUFTLEVBQUUsSUFBQSxpQ0FBaUIsRUFBQyxpQ0FBaUIsQ0FBQyxLQUFLLEVBQUUsVUFBZSxFQUFFLFdBQVcsQ0FBQztnQkFDbkYsb0JBQW9CLEVBQUUscUJBQXFCLENBQUMsU0FBUzthQUN0RCxDQUFDO1FBQ0osQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDZixJQUFJLEtBQUssWUFBWSwrQkFBb0IsRUFBRSxDQUFDO2dCQUMxQyxNQUFNLEtBQUssQ0FBQztZQUNkLENBQUM7WUFDRCxNQUFNLElBQUksK0JBQW9CLENBQUMsb0NBQW9DLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDOUUsQ0FBQztJQUNILENBQUMsQ0FBQztBQUNKLENBQUMifQ==
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXR0ZXN0ZWQtY29tcHV0ZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9hdHRlc3RlZGNvbXB1dGUvYXR0ZXN0ZWQtY29tcHV0ZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQXVDQSwwQ0FtRkM7QUF6SEQsK0JBQWtDO0FBQ2xDLGdGQUF3RTtBQUV4RSw0Q0FBeUU7QUFDekUsMENBQWtFO0FBQ2xFLCtEQUFrSDtBQUVsSCw0Q0FBNkM7QUFFN0MsZ0RBQXdFO0FBQ3hFLHlEQUFnRTtBQUVoRSwwQ0FBK0M7QUFDL0MseUNBQXFFO0FBRXJFLE1BQU0sNEJBQTRCLEdBQUcscUJBQXFCLENBQUM7QUFDM0QsTUFBTSwrQkFBK0IsR0FBRyxPQUFPLENBQUM7QUFjaEQ7Ozs7Ozs7R0FPRztBQUNJLEtBQUssVUFBVSxlQUFlLENBQTZCLEVBQ2hFLFNBQVMsRUFDVCxFQUFFLEVBQ0YsWUFBWSxFQUNaLGFBQWEsRUFDYixZQUFZLEVBQ1osNkJBQTZCLEVBQzdCLE9BQU8sR0FTUjtJQUNDLElBQUksQ0FBQztRQUNILE1BQU0sU0FBUyxHQUFHLElBQUEsd0JBQVksRUFBQyw2QkFBNkIsSUFBSSxJQUFBLGtDQUFzQixFQUFDLElBQUEsNEJBQWlCLEVBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3BILElBQUEsb0NBQWMsRUFBQyxTQUFTLENBQUMsQ0FBQztRQUUxQixNQUFNLGVBQWUsR0FBRyxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUM7UUFFN0MsdURBQXVEO1FBQ3ZELE1BQU0sYUFBYSxHQUFHLElBQUEsK0JBQW1CLEVBQUM7WUFDeEMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxPQUFPLENBQUM7WUFDeEIsV0FBVyxFQUFFLHdCQUF3QjtZQUNyQyxpQkFBaUIsRUFBRTtnQkFDakIsRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUU7Z0JBQzdCLEVBQUUsSUFBSSxFQUFFLFdBQVcsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFO2dCQUN0QyxFQUFFLElBQUksRUFBRSxjQUFjLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRTthQUMxQztZQUNELE9BQU8sRUFBRTtnQkFDUCxFQUFFLEVBQUUsRUFBRTtnQkFDTixTQUFTLEVBQUUsU0FBUztnQkFDcEIsWUFBWSxFQUFFLElBQUEsMkJBQWUsRUFBQyxlQUFlLENBQUM7YUFDL0M7WUFDRCxVQUFVLEVBQUUsNEJBQTRCO1lBQ3hDLGFBQWEsRUFBRSwrQkFBK0I7U0FDL0MsQ0FBQyxDQUFDO1FBRUgsMEJBQTBCO1FBQzFCLE1BQU0sZUFBZSxHQUFHLE1BQU0sWUFBWSxDQUFDLGFBQWEsQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUV4RSxNQUFNLGFBQWEsR0FBRyxJQUFBLGlDQUFpQixFQUFDLGlDQUFpQixDQUFDLEtBQUssRUFBRSxJQUFBLHlCQUFhLEVBQUMsU0FBUyxDQUFNLEVBQUUsZUFBZSxDQUFDLENBQUM7UUFDakgsTUFBTSxzQkFBc0IsR0FBMkI7WUFDckQsU0FBUyxFQUFFLHlDQUF5QztZQUNwRCxXQUFXLEVBQUUsWUFBWSxDQUFDLE9BQU8sQ0FBQyxPQUFPO1lBQ3pDLEVBQUUsRUFBRSxFQUFFO1lBQ04sU0FBUyxFQUFFLFNBQVM7WUFDcEIsWUFBWSxFQUFFLGFBQWEsQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztZQUM5QyxlQUFlLEVBQUUsSUFBQSxpQkFBVSxFQUFDLGVBQWUsQ0FBQztTQUM3QyxDQUFDO1FBRUYsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFBLDJCQUFnQixFQUFDLEtBQUssSUFBSSxFQUFFO1lBQ2pELE9BQU8sTUFBTSxTQUFTLENBQUMsZUFBZSxDQUFDLHNCQUFzQixDQUFDLENBQUM7UUFDakUsQ0FBQyxFQUFFLGFBQWEsQ0FBQyxDQUFDO1FBRWxCLE1BQU0scUJBQXFCLEdBQUcsUUFBUSxDQUFDLHFCQUFxQixDQUFDO1FBRTdELElBQUkscUJBQXFCLEVBQUUsU0FBUyxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ25ELE1BQU0sSUFBSSwrQkFBb0IsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO1FBQzdELENBQUM7UUFFRCxNQUFNLG1CQUFtQixHQUFHLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxNQUFNLENBQUM7UUFDbkUsSUFBSSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDekIsTUFBTSxJQUFJLCtCQUFvQixDQUFDLHNDQUFzQyxDQUFDLENBQUM7UUFDekUsQ0FBQztRQUVELE1BQU0sVUFBVSxHQUFHLElBQUEseUJBQWEsRUFBQyxtQkFBZ0MsQ0FBQyxDQUFDO1FBQ25FLE1BQU0sV0FBVyxHQUFHLElBQUEseUJBQWEsRUFBQyxxQkFBcUIsQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUVuRSxPQUFPO1lBQ0wsTUFBTSxFQUFFLG1CQUFnQztZQUN4QyxTQUFTLEVBQUUsSUFBQSxpQ0FBaUIsRUFBQyxpQ0FBaUIsQ0FBQyxLQUFLLEVBQUUsVUFBZSxFQUFFLFdBQVcsQ0FBQztZQUNuRixvQkFBb0IsRUFBRSxxQkFBcUIsQ0FBQyxTQUFTO1NBQ3RELENBQUM7SUFDSixDQUFDO0lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztRQUNmLElBQUksS0FBSyxZQUFZLCtCQUFvQixFQUFFLENBQUM7WUFDMUMsTUFBTSxLQUFLLENBQUM7UUFDZCxDQUFDO1FBQ0QsTUFBTSxJQUFJLCtCQUFvQixDQUFDLG9DQUFvQyxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBQzlFLENBQUM7QUFDSCxDQUFDIn0=

package/dist/cjs/attesteddecrypt/attested-decrypt.d.ts

@@ -1,16 +1,18 @@
 import type { Account, Chain, Transport, WalletClient } from 'viem';
+import { HexString } from '../binary.js';
 import { SupportedChainId } from '../chain.js';
-import { EciesScheme } from '../encryption/encryption.js';
+import { EciesScheme, SupportedFheType } from '../encryption/encryption.js';
 import type { KmsClient } from '../kms/client.js';
-import { AttestedDecryptor } from './types.js';
+import type { BackoffConfig } from '../retry.js';
+import { DecryptionAttestation } from './types.js';
 /**
  * Validates a handle format.
  * @param handle - The handle to validate
  * @throws {AttestedDecryptError} If the handle format is invalid
  */
-export declare function validateHandle(handle: string): void;
+export declare function validateHandle(handle: HexString): void;
 /**
- * Arguments for creating an attested decryptor.
+ * Arguments for creating an attested decrypt request.
  */
 export interface IncoLiteAttestedDecryptorArgs {
     /** The wallet used to interact with the blockchain and sign the decrypt request */
@@ -21,20 +23,17 @@ export interface IncoLiteAttestedDecryptorArgs {
     chainId: SupportedChainId;
 }
 /**
- * Creates an attested decryptor that can decrypt handles with an attached attestation from the covalidator.
- * @param args - The arguments for creating the decryptor
- * @returns A function that can decrypt handles using attestation
- * @throws {AttestedDecryptError} If the decryptor creation fails
+ * Decrypt multiple handles in a single attested request.
+ * Returns an array of attestations aligned with the response ordering.
  *
- * @todo Support multiple handles in a single request.
- *
- * @example
- * ```typescript
- * const decryptor = await incoLiteAttestedDecryptor({
- *   walletClient,
- *   chainId: sepolia,
- * });
- * const { plaintext, covalidatorSignature } = await decryptor({ handle: '0x...' });
- * ```
+ * @param args - The arguments for creating the attested decrypt function
+ * @returns A function that can decrypt handles and return an attestation
+ * @throws {AttestedDecryptError} If the creation fails
  */
-export declare function incoLiteAttestedDecryptor({ kmsConnectRpcEndpointOrClient, chainId, walletClient, }: IncoLiteAttestedDecryptorArgs): AttestedDecryptor<EciesScheme>;
+export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, kmsConnectRpcEndpointOrClient, }: {
+    handles: HexString[];
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    chainId: SupportedChainId;
+    kmsConnectRpcEndpointOrClient?: string | KmsClient;
+}): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;