@inco/js 0.6.9 → 0.7.0

package/dist/types/advancedacl/session-key.d.ts

@@ -1,14 +1,13 @@
-import type { Client } from '@connectrpc/connect';
 import { type Account, type Address, type Chain, type Hex, type Transport, type WalletClient } from 'viem';
-import { DecryptionAttestation } from '../attesteddecrypt/index.js';
+import { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/index.js';
 import { SupportedChainId } from '../chain.js';
 import { type EciesScheme, SupportedFheType } from '../encryption/encryption.js';
 import { HexString } from '../index.js';
-import type { KmsService, Secp256k1Keypair } from '../lite/index.js';
-import { type ReencryptFnArgs } from '../reencryption/index.js';
+import type { Secp256k1Keypair } from '../lite/index.js';
 import { BackoffConfig } from '../retry.js';
 import type { AllowanceVoucher, AllowanceVoucherWithSig } from './types.js';
 import { AttestedComputeOP } from '../attestedcompute/types.js';
+import { KmsQuorumClient } from '../kms/quorumClient.js';
 export interface Session {
     decrypter: Address;
     expiresAt: bigint;
@@ -23,42 +22,56 @@ export interface GrantSessionKeyArgs {
     expiresAt: Date;
 }
 export declare function grantSessionKey({ chainId, incoLiteAddress, sessionVerifierContractAddress, granteeAddress, sharerWalletClient, expiresAt, }: GrantSessionKeyArgs): Promise<AllowanceVoucherWithSig>;
-export interface SessionKeyReencryptorArgs {
-    chainId: bigint;
-    ephemeralKeypair: Secp256k1Keypair;
-    kmsConnectRpcEndpointOrClient: string | Client<typeof KmsService>;
-    allowanceVoucherWithSig: AllowanceVoucherWithSig;
-}
-/**
- * The sessionKeyReencryptor function is a reencryptor that uses a session key
- * to reencrypt data.
- *
- */
-export declare function sessionKeyReencryptor({ chainId, kmsConnectRpcEndpointOrClient, ephemeralKeypair, allowanceVoucherWithSig, }: SessionKeyReencryptorArgs): Promise<(<T extends SupportedFheType>({ handle, }: ReencryptFnArgs<EciesScheme, T>) => Promise<import("../encryption/encryption.js").PlaintextOf<1, 0 | 5 | 7 | 8>>)>;
 export declare function updateActiveVouchersSessionNonce(incoLiteAddress: Address, sharerWalletClient: WalletClient<Transport, Chain, Account>): Promise<`0x${string}`>;
 export interface SessionKeyAttestedComputeArgs {
     chainId: SupportedChainId;
     ephemeralKeypair: Secp256k1Keypair;
-    kmsConnectRpcEndpointOrClient: string | Client<typeof KmsService>;
+    kmsQuorumClient: KmsQuorumClient;
     allowanceVoucherWithSig: AllowanceVoucherWithSig;
     lhsHandle: HexString;
     op: AttestedComputeOP;
     rhsPlaintext: bigint | boolean;
     backoffConfig?: Partial<BackoffConfig> | undefined;
 }
-export declare function sessionKeyAttestedCompute<T extends SupportedFheType>({ lhsHandle, op, rhsPlaintext, backoffConfig, chainId, kmsConnectRpcEndpointOrClient, ephemeralKeypair, allowanceVoucherWithSig, }: SessionKeyAttestedComputeArgs): Promise<{
-    handle: HexString;
-    plaintext: import("../encryption/encryption.js").PlaintextOf<1, T>;
-    covalidatorSignature: Uint8Array<ArrayBufferLike>;
-}>;
+export declare function sessionKeyAttestedCompute<T extends SupportedFheType>({ lhsHandle, op, rhsPlaintext, backoffConfig, chainId, kmsQuorumClient, ephemeralKeypair, allowanceVoucherWithSig, }: SessionKeyAttestedComputeArgs): Promise<DecryptionAttestation<EciesScheme, SupportedFheType>>;
 export interface SessionKeyAttestedDecryptArgs {
     chainId: SupportedChainId;
     ephemeralKeypair: Secp256k1Keypair;
-    kmsConnectRpcEndpointOrClient: string | Client<typeof KmsService>;
+    kmsQuorumClient: KmsQuorumClient;
     allowanceVoucherWithSig: AllowanceVoucherWithSig;
     handles: HexString[];
     backoffConfig?: Partial<BackoffConfig> | undefined;
-    reencryptPubKey?: Uint8Array;
-    reencryptKeypair?: Secp256k1Keypair;
+    reencryptPubKey?: Uint8Array | undefined;
+    reencryptKeypair?: Secp256k1Keypair | undefined;
 }
-export declare function sessionKeyAttestedDecrypt({ chainId, kmsConnectRpcEndpointOrClient, handles, ephemeralKeypair, allowanceVoucherWithSig, backoffConfig, reencryptPubKey, reencryptKeypair, }: SessionKeyAttestedDecryptArgs): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
+/**
+ * Performs attested decrypts using a voucher-backed session key.
+ *
+ * @example Plaintext results
+ * ```ts
+ * const attestations = await sessionKeyAttestedDecrypt({
+ *   chainId,
+ *   kmsConnectRpcEndpointOrClient: covalidatorUrl,
+ *   allowanceVoucherWithSig: voucher,
+ *   ephemeralKeypair,
+ *   handles,
+ * });
+ * console.log(attestations[0].plaintext.value);
+ * ```
+ *
+ * @example Encrypted results
+ * ```ts
+ * const encryptedResults = await sessionKeyAttestedDecrypt({
+ *   chainId,
+ *   kmsConnectRpcEndpointOrClient: covalidatorUrl,
+ *   allowanceVoucherWithSig: voucher,
+ *   ephemeralKeypair,
+ *   handles,
+ *   reencryptPubKey: recipientPubKey,
+ * });
+ * console.log(
+ *   encryptedResults[0].encryptedPlaintext.ciphertext.value,
+ * );
+ * ```
+ */
+export declare function sessionKeyAttestedDecrypt({ chainId, kmsQuorumClient, handles, ephemeralKeypair, allowanceVoucherWithSig, backoffConfig, reencryptPubKey, reencryptKeypair, }: SessionKeyAttestedDecryptArgs): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType> | EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>>;

package/dist/types/attestedcompute/attested-compute.d.ts

@@ -3,19 +3,19 @@ import { DecryptionAttestation } from '../attesteddecrypt/types.js';
 import { HexString } from '../binary.js';
 import { SupportedChainId } from '../chain.js';
 import { EciesScheme, SupportedFheType } from '../encryption/encryption.js';
-import type { KmsClient } from '../kms/client.js';
+import { KmsQuorumClient } from '../kms/quorumClient.js';
 import type { BackoffConfig } from '../retry.js';
 import { AttestedComputeOP } from './types.js';
 export declare const ATTESTED_COMPUTE_DOMAIN_NAME = "IncoAttestedCompute";
-export declare const ATTESTED_COMPUTE_DOMAIN_VERSION = "0.1.0";
+export declare const ATTESTED_COMPUTE_DOMAIN_VERSION = "1";
 /**
  * Arguments for creating an attested compute.
  */
 export interface IncoLiteAttestedComputeArgs {
     /** The wallet used to interact with the blockchain and sign the compute request */
     walletClient: WalletClient<Transport, Chain, Account>;
-    /** The KMS connect RPC endpoint or client instance */
-    kmsConnectRpcEndpointOrClient?: string | KmsClient;
+    /** The KMS quorum client instance */
+    kmsQuorumClient: KmsQuorumClient;
     /** The chain ID to use */
     chainId: SupportedChainId;
 }
@@ -27,12 +27,12 @@ export interface IncoLiteAttestedComputeArgs {
  *
  * @todo Support multiple operations in a single request.
  */
-export declare function attestedCompute<T extends SupportedFheType>({ lhsHandle, op, rhsPlaintext, backoffConfig, walletClient, kmsConnectRpcEndpointOrClient, chainId, }: {
+export declare function attestedCompute<T extends SupportedFheType>({ lhsHandle, op, rhsPlaintext, backoffConfig, walletClient, kmsQuorumClient, chainId, }: {
     lhsHandle: HexString;
     op: AttestedComputeOP;
     rhsPlaintext: bigint | boolean;
     backoffConfig?: Partial<BackoffConfig> | undefined;
     walletClient: WalletClient<Transport, Chain, Account>;
-    kmsConnectRpcEndpointOrClient?: string | KmsClient;
+    kmsQuorumClient: KmsQuorumClient;
     chainId: SupportedChainId;
 }): Promise<DecryptionAttestation<EciesScheme, T>>;

package/dist/types/attesteddecrypt/attested-decrypt.d.ts

@@ -1,30 +1,38 @@
 import type { Account, Chain, Transport, WalletClient } from 'viem';
-import { HexString } from '../binary.js';
-import { SupportedChainId } from '../chain.js';
-import { EciesScheme, SupportedFheType } from '../encryption/encryption.js';
-import type { KmsClient } from '../kms/client.js';
-import { Secp256k1Keypair } from '../lite/ecies.js';
+import { type HexString } from '../binary.js';
+import { type SupportedChainId } from '../chain.js';
+import { type EciesScheme, type SupportedFheType } from '../encryption/encryption.js';
+import { KmsQuorumClient } from '../kms/quorumClient.js';
+import type { Secp256k1Keypair } from '../lite/ecies.js';
 import type { BackoffConfig } from '../retry.js';
-import { DecryptionAttestation, EncryptedDecryptionAttestation } from './types.js';
+import { type DecryptionAttestation, type EncryptedDecryptionAttestation } from './types.js';
 export declare const ATTESTED_DECRYPT_DOMAIN_NAME = "IncoAttestedDecrypt";
-export declare const ATTESTED_DECRYPT_DOMAIN_VERSION = "0.1.0";
-/**
- * Validates a handle format.
- * @param handle - The handle to validate
- * @throws {AttestedDecryptError} If the handle format is invalid
- */
-export declare function validateHandle(handle: HexString): void;
+export declare const ATTESTED_DECRYPT_DOMAIN_VERSION = "1";
 /**
  * Arguments for creating an attested decrypt request.
  */
 export interface IncoLiteAttestedDecryptorArgs {
     /** The wallet used to interact with the blockchain and sign the decrypt request */
     walletClient: WalletClient<Transport, Chain, Account>;
-    /** The KMS connect RPC endpoint or client instance */
-    kmsConnectRpcEndpointOrClient?: string | KmsClient;
+    /** The KMS quorum client instance */
+    kmsQuorumClient: KmsQuorumClient;
     /** The chain ID to use */
     chainId: SupportedChainId;
 }
+/**
+ * Decrypt multiple handles in a single attested request without wallet authentication.
+ * Returns an array of attestations aligned with the response ordering.
+ *
+ * @param args - The arguments for creating the attested decrypt function
+ * @returns A function that can decrypt handles and return an attestation
+ * @throws {AttestedDecryptError} If the creation fails
+ */
+export declare function attestedDecrypt({ handles, backoffConfig, chainId, kmsQuorumClient, }: {
+    handles: HexString[];
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    chainId: SupportedChainId;
+    kmsQuorumClient: KmsQuorumClient;
+}): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
 /**
  * Decrypt multiple handles in a single attested request.
  * Returns an array of attestations aligned with the response ordering.
@@ -33,14 +41,14 @@ export interface IncoLiteAttestedDecryptorArgs {
  * @returns A function that can decrypt handles and return an attestation
  * @throws {AttestedDecryptError} If the creation fails
  */
-export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, reencryptPubKey, reencryptKeypair, kmsConnectRpcEndpointOrClient, }: {
+export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, reencryptPubKey, reencryptKeypair, kmsQuorumClient, }: {
     handles: HexString[];
     backoffConfig?: Partial<BackoffConfig> | undefined;
     walletClient: WalletClient<Transport, Chain, Account>;
     chainId: SupportedChainId;
     reencryptPubKey: Uint8Array;
     reencryptKeypair: Secp256k1Keypair;
-    kmsConnectRpcEndpointOrClient?: string | KmsClient;
+    kmsQuorumClient: KmsQuorumClient;
 }): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
 /**
  * Decrypt multiple handles in a single attested request.
@@ -50,14 +58,14 @@ export declare function attestedDecrypt({ handles, backoffConfig, walletClient,
  * @returns A function that can decrypt handles and return an attestation
  * @throws {AttestedDecryptError} If the creation fails
  */
-export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, reencryptPubKey, kmsConnectRpcEndpointOrClient, }: {
+export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, reencryptPubKey, kmsQuorumClient, }: {
     handles: HexString[];
     backoffConfig?: Partial<BackoffConfig> | undefined;
     walletClient: WalletClient<Transport, Chain, Account>;
     chainId: SupportedChainId;
     reencryptPubKey: Uint8Array;
     reencryptKeypair?: never;
-    kmsConnectRpcEndpointOrClient?: string | KmsClient;
+    kmsQuorumClient: KmsQuorumClient;
 }): Promise<Array<EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>>;
 /**
  * Decrypt multiple handles in a single attested request.
@@ -67,12 +75,19 @@ export declare function attestedDecrypt({ handles, backoffConfig, walletClient,
  * @returns A function that can decrypt handles and return an attestation
  * @throws {AttestedDecryptError} If the creation fails
  */
-export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, kmsConnectRpcEndpointOrClient, }: {
+export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, kmsQuorumClient, }: {
     handles: HexString[];
     backoffConfig?: Partial<BackoffConfig> | undefined;
     walletClient: WalletClient<Transport, Chain, Account>;
     chainId: SupportedChainId;
     reencryptPubKey?: never;
     reencryptKeypair?: never;
-    kmsConnectRpcEndpointOrClient?: string | KmsClient;
+    kmsQuorumClient: KmsQuorumClient;
 }): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
+export declare function decryptEncryptedAttestations(attestations: Array<DecryptionAttestation<EciesScheme, SupportedFheType> | EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>, reencryptKeypair: Secp256k1Keypair): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
+/**
+ * Validates a handle format.
+ * @param handle - The handle to validate
+ * @throws {AttestedDecryptError} If the handle format is invalid
+ */
+export declare function validateHandle(handle: HexString): void;

package/dist/types/attesteddecrypt/types.d.ts

@@ -1,5 +1,5 @@
-import { HexString } from '../binary.js';
-import { EncryptionScheme, EncryptResultOf, PlaintextOf, SupportedFheType } from '../encryption/encryption.js';
+import type { HexString } from '../binary.js';
+import type { EncryptionScheme, EncryptResultOf, PlaintextOf, SupportedFheType } from '../encryption/encryption.js';
 import type { BackoffConfig } from '../retry.js';
 /**
  * Custom error class for attested decrypt operations.
@@ -11,12 +11,12 @@ export declare class AttestedDecryptError extends Error {
 export type DecryptionAttestation<S extends EncryptionScheme, T extends SupportedFheType> = {
     handle: HexString;
     plaintext: PlaintextOf<S, T>;
-    covalidatorSignature: Uint8Array;
+    covalidatorSignatures: Uint8Array[];
 };
 export type EncryptedDecryptionAttestation<S extends EncryptionScheme, T extends SupportedFheType> = {
     handle: HexString;
     encryptedPlaintext: EncryptResultOf<S, T>;
-    covalidatorSignature: Uint8Array;
+    covalidatorSignatures: Uint8Array[];
 };
 export type AttestedDecryptor<S extends EncryptionScheme> = <T extends SupportedFheType>(args: AttestedDecryptFnArgs<S, T>) => Promise<DecryptionAttestation<S, T>>;
 export type AttestedDecryptFnArgs<S extends EncryptionScheme, T extends SupportedFheType> = {

package/dist/types/generated/es/inco/covalidator/compute/v1/types_pb.d.ts

@@ -118,7 +118,21 @@ export declare const AnyValueSchema: GenMessage<AnyValue>;
  */
 export type Scalar = Message<"inco.covalidator.compute.v1.Scalar"> & {
     /**
-     * The type of the scalar
+     * The type of the scalar.
+     *
+     * The possible values are:
+     * Bool     = 0
+     * Uint4    = 1
+     * Uint8    = 2
+     * Uint16   = 3
+     * Uint32   = 4
+     * Uint64   = 5
+     * Uint128  = 6
+     * Uint160  = 7
+     * Uint256  = 8
+     * Bytes64  = 9
+     * Bytes128 = 10
+     * Bytes256 = 11
      *
      * @generated from field: int32 type = 1;
      */

package/dist/types/generated/es/inco/kms/lite/v1/kms_service_pb.d.ts

@@ -1,5 +1,4 @@
 import type { GenEnum, GenFile, GenMessage, GenService } from "@bufbuild/protobuf/codegenv2";
-import type { TypedCiphertext } from "../../../fhe/v1/types_pb";
 import type { ACLProof, ECIESKeyset, HandleWithProof } from "./types_pb";
 import type { Message } from "@bufbuild/protobuf";
 /**
@@ -88,7 +87,7 @@ export type AttestedDecryptRequest = Message<"inco.kms.lite.v1.AttestedDecryptRe
      *   "primaryType": "AttestedDecryptRequest",
      *   "domain": {
      *     "name": "IncoAttestedDecrypt",
-     *     "version": "0.1.0",
+     *     "version": "1",
      *     "chainId": "<host_chain_id>",
      *   },
      *   "message": {
@@ -169,7 +168,7 @@ export type AttestedComputeRequest = Message<"inco.kms.lite.v1.AttestedComputeRe
      *   "primaryType": "AttestedComputeRequest",
      *   "domain": {
      *     "name": "IncoAttestedCompute",
-     *     "version": "0.1.0",
+     *     "version": "1",
      *     "chainId": "<host_chain_id>",
      *   },
      *   "message": {
@@ -298,9 +297,18 @@ export declare const PlaintextSchema: GenMessage<Plaintext>;
  */
 export type Reencryption = Message<"inco.kms.lite.v1.Reencryption"> & {
     /**
-     * @generated from field: inco.fhe.v1.TypedCiphertext user_ciphertext = 1;
+     * The ciphertext that was reencrypted to the user's public key.
+     *
+     * @generated from field: bytes user_ciphertext = 1;
      */
-    userCiphertext?: TypedCiphertext;
+    userCiphertext: Uint8Array;
+    /**
+     * The handle of the ciphertext, encoded as a 0x-prefixed hex string, any case.
+     * TODO scalar declaration.
+     *
+     * @generated from field: string handle = 2;
+     */
+    handle: string;
 };
 /**
  * Describes the message inco.kms.lite.v1.Reencryption.

package/dist/types/generated/lightning.d.ts

@@ -1,4 +1,44 @@
 export declare const lightningDeployments: readonly [{
+    readonly name: "incoLightningPreview_2_0_0__976644394";
+    readonly majorVersion: 2;
+    readonly deployer: "0x8202D2D747784Cb7D48868E44C42C4bf162a70BC";
+    readonly pepper: "alphanet";
+    readonly executorAddress: "0xc0d693DeEF0A91CE39208676b6da09B822abd199";
+    readonly salt: "0x8202d2d747784cb7d48868e44c42c4bf162a70bc000822f11f6e30f933e76d2a";
+    readonly chainId: 84532;
+    readonly chainName: "Base Sepolia";
+    readonly version: {
+        readonly major: 2;
+        readonly minor: 0;
+        readonly patch: 0;
+        readonly shortSalt: "976644394";
+    };
+    readonly blockNumber: 34459258;
+    readonly deployDate: "2025-12-02T14:46:46.026Z";
+    readonly commit: "v0.6.9-17-g217794f3-dirty";
+    readonly active: true;
+    readonly includesPreviewFeatures: true;
+}, {
+    readonly name: "incoLightningPreview_1_1_0__725458969";
+    readonly majorVersion: 1;
+    readonly deployer: "0x8202D2D747784Cb7D48868E44C42C4bf162a70BC";
+    readonly pepper: "alphanet";
+    readonly executorAddress: "0x28676Cd3b10b03b2FDF105Ba280425b45a674F2A";
+    readonly salt: "0x8202d2d747784cb7d48868e44c42c4bf162a70bc004dfbe338c6966a22bcca19";
+    readonly chainId: 84532;
+    readonly chainName: "Base Sepolia";
+    readonly version: {
+        readonly major: 1;
+        readonly minor: 1;
+        readonly patch: 0;
+        readonly shortSalt: "725458969";
+    };
+    readonly blockNumber: 34456535;
+    readonly deployDate: "2025-12-02T13:16:00.594Z";
+    readonly commit: "v0.6.9-16-g428d1837-dirty";
+    readonly active: true;
+    readonly includesPreviewFeatures: true;
+}, {
     readonly name: "incoLightningPreview_1_0_2__725458969";
     readonly majorVersion: 1;
     readonly deployer: "0x8202D2D747784Cb7D48868E44C42C4bf162a70BC";

package/dist/types/generated/local-node.d.ts

@@ -2,28 +2,32 @@ export declare const localNodeLightningConfig: {
     readonly testnet: {
         readonly executorAddress: "0x63D8135aF4D393B1dB43B649010c8D3EE19FC9fd";
         readonly chainId: 31337;
-        readonly covalidatorUrl: "http://localhost:50055";
+        readonly covalidatorUrls: readonly ["http://localhost:50055"];
+        readonly signers: readonly ["0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266"];
         readonly hostChainRpcUrl: "http://localhost:8545";
         readonly senderPrivateKey: "0x78a25e2a0b5148290cc4d93ae12338dabd6ccd6dd98276514c4168dc4100df7c";
     };
     readonly devnet: {
         readonly executorAddress: "0x3473820DcAa71Af8157b93C7f2bf1c676A2A39A6";
         readonly chainId: 31337;
-        readonly covalidatorUrl: "http://localhost:50055";
+        readonly covalidatorUrls: readonly ["http://localhost:50055"];
+        readonly signers: readonly ["0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266"];
         readonly hostChainRpcUrl: "http://localhost:8545";
         readonly senderPrivateKey: "0x6f2539401f377d76bafd39b580e0f95b9bf7d39dec8fd3ada4abe41ad2ae1e18";
     };
     readonly alphanet: {
-        readonly executorAddress: "0x28676Cd3b10b03b2FDF105Ba280425b45a674F2A";
+        readonly executorAddress: "0xc0d693DeEF0A91CE39208676b6da09B822abd199";
         readonly chainId: 31337;
-        readonly covalidatorUrl: "http://localhost:50055";
+        readonly covalidatorUrls: readonly ["http://localhost:50055"];
+        readonly signers: readonly ["0x8E873085348a3406A07907E5d1465B9824bA07cd"];
         readonly hostChainRpcUrl: "http://localhost:8545";
-        readonly senderPrivateKey: "0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d";
+        readonly senderPrivateKey: "0x279c172cf3638a79642daa5f7666c600befde318550d7579cf96280920e318b6";
     };
     readonly scratch: {
-        readonly executorAddress: "0x195ec7fDf68fD835b9F78d6eb13E280cC2e25fdD";
+        readonly executorAddress: "0x230b8fb0201E621Be3612ab7387d164f8AdC863f";
         readonly chainId: 31337;
-        readonly covalidatorUrl: "http://localhost:50055";
+        readonly covalidatorUrls: readonly ["http://localhost:50055"];
+        readonly signers: readonly ["0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266"];
         readonly hostChainRpcUrl: "http://127.0.0.1:8567";
         readonly senderPrivateKey: "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80";
     };

package/dist/types/kms/client.d.ts

@@ -1,8 +1,12 @@
-import { Client } from '@connectrpc/connect';
-import { SupportedChain } from '../chain.js';
+import { type Client } from '@connectrpc/connect';
+import type { Address } from 'viem';
+import type { SupportedChain } from '../chain.js';
 import { KmsService } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
-export type KmsClient = Client<typeof KmsService>;
-export declare function getKmsClient(kmsConnectRpcEndpointOrClient: string | KmsClient): KmsClient;
+export declare const DEFAULT_COVALIDATOR_SIGNER: Address;
+export type KmsClient = Client<typeof KmsService> & {
+    signerAddress: Address;
+};
+export declare function getKmsClient(kmsConnectRpcEndpointOrClient: string | KmsClient, signerAddress: Address): KmsClient;
 export declare function defaultCovalidatorGrpc(chain: SupportedChain): string;
 export declare function lightningDevnetCovalidatorGrpc(chain: SupportedChain): string;
 export declare function lightningTestnetCovalidatorGrpc(chain: SupportedChain): string;

package/dist/types/kms/quorumClient.d.ts

@@ -0,0 +1,58 @@
+import type { Address } from 'viem';
+import type { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/types.js';
+import type { EciesScheme, SupportedFheType } from '../encryption/encryption.js';
+import type { AttestedComputeRequest, AttestedDecryptRequest, AttestedRevealRequest } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
+import type { BackoffConfig } from '../retry.js';
+import { type KmsClient } from './client.js';
+export declare class KmsQuorumClient {
+    private readonly kmss;
+    private readonly threshold;
+    private constructor();
+    private constructor();
+    /**
+     * Creates a KmsQuorumClient from an array of URLs.
+     * Requires signer addresses and threshold to be explicitly provided.
+     *
+     * @param urls - Array of KMS endpoint URLs
+     * @param signers - Array of signer addresses, must match the length of URLs
+     * @param threshold - Number of successful responses required (must be between 1 and urls.length)
+     * @throws {Error} If URLs array is empty, signers length doesn't match URLs length, or threshold is invalid
+     */
+    static fromUrls(urls: string[], signers: Address[], threshold: number): KmsQuorumClient;
+    /**
+     * Creates a KmsQuorumClient from an array of KmsClient instances.
+     * Each KmsClient must have a signerAddress property.
+     *
+     * @param kmsClients - Array of KMS client instances
+     * @param threshold - Number of successful responses required (must be between 1 and kmsClients.length)
+     * @throws {Error} If KMS clients array is empty or threshold is invalid
+     */
+    static fromKmsClients(kmsClients: KmsClient[], threshold: number): KmsQuorumClient;
+    attestedDecrypt(request: AttestedDecryptRequest, backoffConfig?: Partial<BackoffConfig>): Promise<(DecryptionAttestation<EciesScheme, SupportedFheType> | EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>)[]>;
+    attestedCompute(request: AttestedComputeRequest, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType>>;
+    attestedReveal(request: AttestedRevealRequest, backoffConfig?: Partial<BackoffConfig>): Promise<(DecryptionAttestation<EciesScheme, SupportedFheType> | EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>)[]>;
+    /**
+     * Generic method to execute a KMS operation across all clients with retry and threshold logic.
+     * Returns results with both the response and signer address.
+     */
+    private executeKmsOperationWithThreshold;
+    /**
+     * Collects signatures from responses and sorts them by signer address (ascending).
+     * This is required by SignatureVerifier.
+     */
+    private collectAndSortSignatures;
+    /**
+     * Builds a plaintext attestation from a DecryptionAttestation proto message.
+     */
+    private buildPlaintextAttestation;
+    private buildAggregatedAttestations;
+    private buildAggregatedComputeAttestation;
+    private verifyResponseConsistency;
+    private verifyComputeResponseConsistency;
+    /**
+     * Verifies that two plaintext byte arrays are identical.
+     */
+    private verifyPlaintextBytesConsistency;
+    private verifyPlaintextConsistency;
+    private verifyCiphertextConsistency;
+}

package/dist/types/kms/thresholdPromises.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Executes promises and returns results as soon as threshold is reached
+ * @param promises Array of promises to execute
+ * @param threshold Number of successful responses needed
+ * @returns Promise that resolves with threshold number of results
+ */
+export declare function executeWithThreshold<T>(promises: Promise<T>[], threshold: number): Promise<T[]>;

package/dist/types/lite/index.d.ts

@@ -7,4 +7,3 @@ export * from './deployments.js';
 export * from './ecies.js';
 export * from './hadu.js';
 export * from './lightning.js';
-export * from './reencrypt.js';