@inco/js 0.7.0 → 0.7.2

package/dist/types/attestedcompute/attested-compute.d.ts

@@ -1,13 +1,14 @@
 import type { Account, Chain, Transport, WalletClient } from 'viem';
-import { DecryptionAttestation } from '../attesteddecrypt/types.js';
+import { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/types.js';
 import { HexString } from '../binary.js';
 import { SupportedChainId } from '../chain.js';
-import { EciesScheme, SupportedFheType } from '../encryption/encryption.js';
+import type { EciesScheme, SupportedFheType } from '../encryption/encryption.js';
 import { KmsQuorumClient } from '../kms/quorumClient.js';
+import type { Secp256k1Keypair } from '../lite/ecies.js';
 import type { BackoffConfig } from '../retry.js';
 import { AttestedComputeOP } from './types.js';
 export declare const ATTESTED_COMPUTE_DOMAIN_NAME = "IncoAttestedCompute";
-export declare const ATTESTED_COMPUTE_DOMAIN_VERSION = "1";
+export declare const DEFAULT_ATTESTED_COMPUTE_DOMAIN_VERSION = "2";
 /**
  * Arguments for creating an attested compute.
  */
@@ -27,7 +28,8 @@ export interface IncoLiteAttestedComputeArgs {
  *
  * @todo Support multiple operations in a single request.
  */
-export declare function attestedCompute<T extends SupportedFheType>({ lhsHandle, op, rhsPlaintext, backoffConfig, walletClient, kmsQuorumClient, chainId, }: {
+export declare function attestedCompute<T extends SupportedFheType>({ executorAddress, lhsHandle, op, rhsPlaintext, backoffConfig, walletClient, kmsQuorumClient, chainId, reencryptPubKey, reencryptKeypair, }: {
+    executorAddress: HexString;
     lhsHandle: HexString;
     op: AttestedComputeOP;
     rhsPlaintext: bigint | boolean;
@@ -35,4 +37,30 @@ export declare function attestedCompute<T extends SupportedFheType>({ lhsHandle,
     walletClient: WalletClient<Transport, Chain, Account>;
     kmsQuorumClient: KmsQuorumClient;
     chainId: SupportedChainId;
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair: Secp256k1Keypair;
+}): Promise<DecryptionAttestation<EciesScheme, T>>;
+export declare function attestedCompute<T extends SupportedFheType>({ executorAddress, lhsHandle, op, rhsPlaintext, backoffConfig, walletClient, kmsQuorumClient, chainId, reencryptPubKey, }: {
+    executorAddress: HexString;
+    lhsHandle: HexString;
+    op: AttestedComputeOP;
+    rhsPlaintext: bigint | boolean;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    kmsQuorumClient: KmsQuorumClient;
+    chainId: SupportedChainId;
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair?: never;
+}): Promise<EncryptedDecryptionAttestation<EciesScheme, T>>;
+export declare function attestedCompute<T extends SupportedFheType>({ executorAddress, lhsHandle, op, rhsPlaintext, backoffConfig, walletClient, kmsQuorumClient, chainId, }: {
+    executorAddress: HexString;
+    lhsHandle: HexString;
+    op: AttestedComputeOP;
+    rhsPlaintext: bigint | boolean;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    kmsQuorumClient: KmsQuorumClient;
+    chainId: SupportedChainId;
+    reencryptPubKey?: never;
+    reencryptKeypair?: never;
 }): Promise<DecryptionAttestation<EciesScheme, T>>;

package/dist/types/attesteddecrypt/attested-decrypt.d.ts

@@ -1,4 +1,4 @@
-import type { Account, Chain, Transport, WalletClient } from 'viem';
+import type { Account, Chain, PublicClient, Transport, WalletClient } from 'viem';
 import { type HexString } from '../binary.js';
 import { type SupportedChainId } from '../chain.js';
 import { type EciesScheme, type SupportedFheType } from '../encryption/encryption.js';
@@ -7,7 +7,8 @@ import type { Secp256k1Keypair } from '../lite/ecies.js';
 import type { BackoffConfig } from '../retry.js';
 import { type DecryptionAttestation, type EncryptedDecryptionAttestation } from './types.js';
 export declare const ATTESTED_DECRYPT_DOMAIN_NAME = "IncoAttestedDecrypt";
-export declare const ATTESTED_DECRYPT_DOMAIN_VERSION = "1";
+export declare const DEFAULT_ATTESTED_DECRYPT_DOMAIN_VERSION = "2";
+export declare const TEST_RPC_URL = "UNUSED IN TEST";
 /**
  * Arguments for creating an attested decrypt request.
  */
@@ -27,11 +28,12 @@ export interface IncoLiteAttestedDecryptorArgs {
  * @returns A function that can decrypt handles and return an attestation
  * @throws {AttestedDecryptError} If the creation fails
  */
-export declare function attestedDecrypt({ handles, backoffConfig, chainId, kmsQuorumClient, }: {
+export declare function attestedDecrypt({ handles, backoffConfig, chainId, kmsQuorumClient, executorAddress, }: {
     handles: HexString[];
     backoffConfig?: Partial<BackoffConfig> | undefined;
     chainId: SupportedChainId;
     kmsQuorumClient: KmsQuorumClient;
+    executorAddress: HexString;
 }): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
 /**
  * Decrypt multiple handles in a single attested request.
@@ -41,7 +43,7 @@ export declare function attestedDecrypt({ handles, backoffConfig, chainId, kmsQu
  * @returns A function that can decrypt handles and return an attestation
  * @throws {AttestedDecryptError} If the creation fails
  */
-export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, reencryptPubKey, reencryptKeypair, kmsQuorumClient, }: {
+export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, reencryptPubKey, reencryptKeypair, kmsQuorumClient, executorAddress, }: {
     handles: HexString[];
     backoffConfig?: Partial<BackoffConfig> | undefined;
     walletClient: WalletClient<Transport, Chain, Account>;
@@ -49,6 +51,7 @@ export declare function attestedDecrypt({ handles, backoffConfig, walletClient,
     reencryptPubKey: Uint8Array;
     reencryptKeypair: Secp256k1Keypair;
     kmsQuorumClient: KmsQuorumClient;
+    executorAddress: HexString;
 }): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
 /**
  * Decrypt multiple handles in a single attested request.
@@ -58,7 +61,7 @@ export declare function attestedDecrypt({ handles, backoffConfig, walletClient,
  * @returns A function that can decrypt handles and return an attestation
  * @throws {AttestedDecryptError} If the creation fails
  */
-export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, reencryptPubKey, kmsQuorumClient, }: {
+export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, reencryptPubKey, kmsQuorumClient, executorAddress, }: {
     handles: HexString[];
     backoffConfig?: Partial<BackoffConfig> | undefined;
     walletClient: WalletClient<Transport, Chain, Account>;
@@ -66,6 +69,7 @@ export declare function attestedDecrypt({ handles, backoffConfig, walletClient,
     reencryptPubKey: Uint8Array;
     reencryptKeypair?: never;
     kmsQuorumClient: KmsQuorumClient;
+    executorAddress: HexString;
 }): Promise<Array<EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>>;
 /**
  * Decrypt multiple handles in a single attested request.
@@ -75,7 +79,7 @@ export declare function attestedDecrypt({ handles, backoffConfig, walletClient,
  * @returns A function that can decrypt handles and return an attestation
  * @throws {AttestedDecryptError} If the creation fails
  */
-export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, kmsQuorumClient, }: {
+export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, kmsQuorumClient, executorAddress, }: {
     handles: HexString[];
     backoffConfig?: Partial<BackoffConfig> | undefined;
     walletClient: WalletClient<Transport, Chain, Account>;
@@ -83,7 +87,9 @@ export declare function attestedDecrypt({ handles, backoffConfig, walletClient,
     reencryptPubKey?: never;
     reencryptKeypair?: never;
     kmsQuorumClient: KmsQuorumClient;
+    executorAddress: HexString;
 }): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
+export declare function fetchEip712DomainVersion(executorAddress: HexString | undefined, defaultVersion: string, walletClient?: WalletClient<Transport, Chain, Account> | PublicClient<Transport, Chain>): Promise<string>;
 export declare function decryptEncryptedAttestations(attestations: Array<DecryptionAttestation<EciesScheme, SupportedFheType> | EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>, reencryptKeypair: Secp256k1Keypair): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
 /**
  * Validates a handle format.

package/dist/types/attesteddecrypt/types.d.ts

@@ -16,6 +16,7 @@ export type DecryptionAttestation<S extends EncryptionScheme, T extends Supporte
 export type EncryptedDecryptionAttestation<S extends EncryptionScheme, T extends SupportedFheType> = {
     handle: HexString;
     encryptedPlaintext: EncryptResultOf<S, T>;
+    encryptedSignatures: Uint8Array[];
     covalidatorSignatures: Uint8Array[];
 };
 export type AttestedDecryptor<S extends EncryptionScheme> = <T extends SupportedFheType>(args: AttestedDecryptFnArgs<S, T>) => Promise<DecryptionAttestation<S, T>>;

package/dist/types/generated/es/inco/kms/lite/v1/kms_service_pb.d.ts

@@ -146,10 +146,23 @@ export type AttestedComputeRequest = Message<"inco.kms.lite.v1.AttestedComputeRe
      * @generated from field: string user_address = 1;
      */
     userAddress: string;
+    /**
+     * reencrypt_pub_key is the encoding of the user's public
+     * encryption key (secp256k1) used to reencrypt the result for.
+     * It is encoded in its 33-byte compressed format.
+     * If empty, the KMS will return plaintext decryption instead of reencryption.
+     *
+     * @generated from field: bytes reencrypt_pub_key = 2;
+     */
+    reencryptPubKey: Uint8Array;
     /**
      * eip712_signature is an EIP-712 signature of the following EIP-712 typed data by
      * `user_address` (note that we only give a JSON representation for the sake of
-     * readability, but the actual signed data is defined in the EIP-712 spec):
+     * readability, but the actual signed data is defined in the EIP-712 spec) where:
+     *     op - operation to perform
+     *     lhs - handle of the ciphertext to perform computation on
+     *     rhs - second plaintext scalar operand
+     *     publicKey - 0x prefixed reencrypt_pub_key (if any). "0x" otherwise if empty.
      *
      * ```json
      * {
@@ -160,9 +173,10 @@ export type AttestedComputeRequest = Message<"inco.kms.lite.v1.AttestedComputeRe
      *       { "name": "chainId", "type": "uint256" }
      *     ],
      *     "AttestedComputeRequest": [
-     *       { "name": "op", "type" "uint8"},
-     *       { "name": "lhs", "type" "bytes32"},
-     *       { "name": "rhs", "type" "bytes32"}
+     *       { "name": "op", "type": "uint8"},
+     *       { "name": "lhs", "type": "bytes32"},
+     *       { "name": "rhs", "type": "bytes32"},
+     *       { "name": "publicKey", "type": "bytes" },
      *     ]
      *   },
      *   "primaryType": "AttestedComputeRequest",
@@ -174,18 +188,19 @@ export type AttestedComputeRequest = Message<"inco.kms.lite.v1.AttestedComputeRe
      *   "message": {
      *     "op": <operation>,
      *     "lhs": "<handle1>",
-     *     "rhs": <plaintextBytes> // Also add a comment on length & encoding
+     *     "rhs": <plaintextBytes>, // Also add a comment on length & encoding
+     *     "publicKey": "0x<reencrypt_pub_key>"
      *   }
      * }
      * ```
      *
-     * @generated from field: bytes eip712_signature = 2;
+     * @generated from field: bytes eip712_signature = 3;
      */
     eip712Signature: Uint8Array;
     /**
      * Subset of supported binary operations that can be performed on a handle.
      *
-     * @generated from field: inco.kms.lite.v1.SupportedScalarBinaryOp op = 3;
+     * @generated from field: inco.kms.lite.v1.SupportedScalarBinaryOp op = 4;
      */
     op: SupportedScalarBinaryOp;
     /**
@@ -193,13 +208,13 @@ export type AttestedComputeRequest = Message<"inco.kms.lite.v1.AttestedComputeRe
      * The user_address must have ACL access to the handle for the attested
      * compute to succeed.
      *
-     * @generated from field: string lhs_handle = 4;
+     * @generated from field: string lhs_handle = 5;
      */
     lhsHandle: string;
     /**
      * Second plaintext scalar operand encoded as a hex string (with or without 0x prefix)
      *
-     * @generated from field: string rhs_plaintext = 5;
+     * @generated from field: string rhs_plaintext = 6;
      */
     rhsPlaintext: string;
     /**
@@ -207,7 +222,7 @@ export type AttestedComputeRequest = Message<"inco.kms.lite.v1.AttestedComputeRe
      * Either the user_address or sharer must have ACL access to the handles for the attested
      * compute to succeed.
      *
-     * @generated from field: inco.kms.lite.v1.ACLProof acl_proof = 6;
+     * @generated from field: inco.kms.lite.v1.ACLProof acl_proof = 7;
      */
     aclProof?: ACLProof;
 };
@@ -303,12 +318,11 @@ export type Reencryption = Message<"inco.kms.lite.v1.Reencryption"> & {
      */
     userCiphertext: Uint8Array;
     /**
-     * The handle of the ciphertext, encoded as a 0x-prefixed hex string, any case.
-     * TODO scalar declaration.
+     * Encrypted signature over the plaintext, encrypted to the user's public key. Can only be decrypted by the user.
      *
-     * @generated from field: string handle = 2;
+     * @generated from field: bytes encrypted_signature = 3;
      */
-    handle: string;
+    encryptedSignature: Uint8Array;
 };
 /**
  * Describes the message inco.kms.lite.v1.Reencryption.

package/dist/types/kms/quorumClient.d.ts

@@ -29,7 +29,7 @@ export declare class KmsQuorumClient {
      */
     static fromKmsClients(kmsClients: KmsClient[], threshold: number): KmsQuorumClient;
     attestedDecrypt(request: AttestedDecryptRequest, backoffConfig?: Partial<BackoffConfig>): Promise<(DecryptionAttestation<EciesScheme, SupportedFheType> | EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>)[]>;
-    attestedCompute(request: AttestedComputeRequest, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType>>;
+    attestedCompute(request: AttestedComputeRequest, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType> | EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>;
     attestedReveal(request: AttestedRevealRequest, backoffConfig?: Partial<BackoffConfig>): Promise<(DecryptionAttestation<EciesScheme, SupportedFheType> | EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>)[]>;
     /**
      * Generic method to execute a KMS operation across all clients with retry and threshold logic.

package/dist/types/lite/attested-compute.d.ts

@@ -1,6 +1,6 @@
-import { ATTESTED_COMPUTE_DOMAIN_NAME, ATTESTED_COMPUTE_DOMAIN_VERSION, type IncoLiteAttestedComputeArgs } from '../attestedcompute/attested-compute.js';
+import { ATTESTED_COMPUTE_DOMAIN_NAME, DEFAULT_ATTESTED_COMPUTE_DOMAIN_VERSION, type IncoLiteAttestedComputeArgs } from '../attestedcompute/attested-compute.js';
 import type { AttestedCompute, AttestedComputeFnArgs } from '../attestedcompute/types.js';
 import { AttestedComputeSupportedOps } from '../attestedcompute/types.js';
 import type { AttestedDecryptFnArgs } from '../attesteddecrypt/types.js';
-export { ATTESTED_COMPUTE_DOMAIN_NAME, ATTESTED_COMPUTE_DOMAIN_VERSION, AttestedComputeSupportedOps, };
+export { ATTESTED_COMPUTE_DOMAIN_NAME, AttestedComputeSupportedOps, DEFAULT_ATTESTED_COMPUTE_DOMAIN_VERSION, };
 export type { AttestedCompute, AttestedComputeFnArgs, AttestedDecryptFnArgs, IncoLiteAttestedComputeArgs, };

package/dist/types/lite/attested-decrypt.d.ts

@@ -1,4 +1,4 @@
 import { type IncoLiteAttestedDecryptorArgs } from '../attesteddecrypt/attested-decrypt.js';
 export type { IncoLiteAttestedDecryptorArgs };
-import { ATTESTED_DECRYPT_DOMAIN_NAME, ATTESTED_DECRYPT_DOMAIN_VERSION } from '../attesteddecrypt/attested-decrypt.js';
-export { ATTESTED_DECRYPT_DOMAIN_NAME, ATTESTED_DECRYPT_DOMAIN_VERSION };
+import { ATTESTED_DECRYPT_DOMAIN_NAME, DEFAULT_ATTESTED_DECRYPT_DOMAIN_VERSION } from '../attesteddecrypt/attested-decrypt.js';
+export { ATTESTED_DECRYPT_DOMAIN_NAME, DEFAULT_ATTESTED_DECRYPT_DOMAIN_VERSION, };

package/dist/types/lite/ecies.d.ts

@@ -1,6 +1,8 @@
 import * as ellipticPkg from 'elliptic';
 import { Decryptor, EciesScheme, Encryptor } from '../encryption/encryption.js';
 import { PubKeyEncodable } from '../reencryption/index.js';
+export declare const TEST_ECIES_PUB_KEY = "0x02516bda9e68a1c3dce74dc1b6ed7d91a91d51c1e1933947f06331cef59631e9eb";
+export declare const TEST_ECIES_PRIVATE_KEY = "0x384a707568ab63ad2ad9f10135faa0699801db3174f33f7846badc11affb8f57";
 export interface Secp256k1Keypair extends PubKeyEncodable {
     scheme: EciesScheme;
     kp: ellipticPkg.ec.KeyPair;

package/dist/types/lite/lightning.d.ts

@@ -1,11 +1,13 @@
-import { Account, Chain, PublicClient, Transport, WalletClient } from 'viem';
+import { Account, Chain, GetContractReturnType, PublicClient, Transport, WalletClient } from 'viem';
 import { AllowanceVoucherWithSig } from '../advancedacl/types.js';
 import { AttestedComputeOP } from '../attestedcompute/types.js';
 import { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/index.js';
 import { Address, HexString } from '../binary.js';
-import { EciesScheme, Encryptor, SupportedFheType } from '../encryption/index.js';
+import { EciesScheme, SupportedFheType } from '../encryption/index.js';
+import { incoVerifierAbi } from '../generated/abis/verifier.js';
 import { lightningDeployments } from '../generated/lightning.js';
 import { localNodeLightningConfig } from '../generated/local-node.js';
+import { FheType } from '../handle.js';
 import { LocalNodeEnv } from '../local/index.js';
 import { BackoffConfig } from '../retry.js';
 import { Secp256k1Keypair } from './ecies.js';
@@ -22,6 +24,7 @@ export type SupportedNativeType = boolean | bigint | number;
 export type EncryptionContext = {
     accountAddress: string;
     dappAddress: string;
+    handleType: FheType;
 };
 export type DeploymentSlice = {
     executorAddress: string;
@@ -36,6 +39,11 @@ export type CustomConfig = {
     senderPrivateKey?: HexString;
 };
 export type CustomDeployment = DeploymentSlice & CustomConfig;
+export type IncoVerifierConfig = {
+    threshold: number;
+    signers: Address[];
+    eciesPubKey: HexString;
+};
 type LocalNodeEnvFileSource = {
     filePath: string;
 };
@@ -45,13 +53,15 @@ type LocalNodeEnvFileSource = {
  */
 export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
     private readonly _deployment;
-    readonly covalidatorUrls: string[];
-    readonly signers: Address[];
-    readonly threshold: number;
+    private readonly covalidatorUrls;
+    private readonly signers;
+    private readonly threshold;
+    private readonly eciesPubKey;
     readonly executorAddress: Address;
     readonly chainId: bigint;
     private readonly ephemeralKeypair;
     private readonly kmsQuorumClient;
+    private readonly encryptor;
     private constructor();
     /**
      * Get a Lightning instance bound to the latest Lightning deployment for the Base Sepolia testnet.
@@ -92,7 +102,6 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      *    additional fields past will be made available as part of the `deployment` property.
      */
     static custom<T extends CustomConfig>(config: T): Promise<Lightning<DeploymentSlice & T>>;
-    static getEciesPublicKey(client: PublicClient, executorAddress: Address): Promise<HexString>;
     /**
      * Get the latest deployment for a given pepper, which usually denotes a family of deployments distinct from their
      * version such as 'devnet', 'testnet', 'mainnet', etc.
@@ -117,15 +126,13 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * @param value a boolean or numeric value to encrypt
      * @param accountAddress the address of the account interacting with the dapp contract, normally an Externally Owned Account (EOA)
      * @param dappAddress the address of the dapp contract that interacts with the Inco Lightning contract or library
+     * @param handleType (optional) the handle type to be used for encrypting the value - this is required in case of non-default handle types
+     *                    default handle types:
+     *                      - boolean -> handleTypes.ebool
+     *                      - number | bigint -> handleTypes.euint256
+     * @returns a promise that resolves to the encrypted value as a HexString
      */
-    encrypt<T extends SupportedNativeType>(value: T, { accountAddress, dappAddress }: EncryptionContext, encryptor: Encryptor<EciesScheme>): Promise<HexString>;
-    /**
-     * Get the encryptor for a specific ECIES public key.
-     *
-     * @param eciesPubkey the ECIES public key to use for encryption
-     * @returns an Encryptor instance configured for the specified ECIES public key
-     */
-    getEncryptor(eciesPubkey: HexString): Encryptor<EciesScheme>;
+    encrypt<T extends SupportedNativeType>(value: T, { accountAddress, dappAddress, handleType }: EncryptionContext): Promise<HexString>;
     /**
      * Grants a session key allowance voucher for secure reencryption operations.
      *
@@ -198,6 +205,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      *
      * @param ephemeralKeypair Session keypair matching the voucher grantee.
      * @param allowanceVoucherWithSig Signed allowance voucher.
+     * @param ethClient - A public eth client or eth wallet client used for signing the attested decrypt request
      * @param handles Handles to decrypt.
      * @param options Optional reencryption/backoff configuration.
      *
@@ -206,6 +214,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * const attestations = await lightning.attestedDecryptWithVoucher(
      *   ephemeralKeypair,
      *   voucher,
+     *   ethClient,
      *   [handle],
      * );
      * ```
@@ -215,14 +224,15 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * const encrypted = await lightning.attestedDecryptWithVoucher(
      *   ephemeralKeypair,
      *   voucher,
+     *   ethClient,
      *   [handle],
      *   { reencryptPubKey: delegateKeypair.encodePublicKey() },
      * );
      * ```
      */
-    attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, handles: HexString[], backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
-    attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, handles: HexString[], reencryptPubKey: Uint8Array, backoffConfig?: Partial<BackoffConfig>): Promise<Array<EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>>;
-    attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
+    attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
+    attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, backoffConfig?: Partial<BackoffConfig>): Promise<Array<EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>>;
+    attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EciesScheme, SupportedFheType>>>;
     /**
      * Get an attested compute for the given wallet client.
      *
@@ -233,7 +243,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * @param backoffConfig - The backoff configuration for the attested compute request
      * @returns The decryption attestation
      *
-     * @example
+     * @example Plaintext result
      * ```typescript
      * import { AttestedComputeSupportedOps } from '../lite/attested-compute.js';
      * const lhsHandle = '0x...';
@@ -242,23 +252,80 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * const response = await lightning.attestedCompute(walletClient, lhsHandle, op, rhsPlaintext);
      * const { plaintext, covalidatorSignature, handle } = response;
      * ```
+     *
+     * @example Reencrypt for a delegate
+     * ```ts
+     * const encrypted = await lightning.attestedCompute(
+     *   walletClient,
+     *   lhsHandle,
+     *   op,
+     *   rhsPlaintext,
+     *   delegatePubKey,
+     * );
+     * console.log(encrypted.encryptedPlaintext.ciphertext.value);
+     * ```
+     *
+     * @example Reencrypt and decrypt locally
+     * ```ts
+     * const decrypted = await lightning.attestedCompute(
+     *   walletClient,
+     *   lhsHandle,
+     *   op,
+     *   rhsPlaintext,
+     *   keypair.encodePublicKey(),
+     *   keypair,
+     * );
+     * console.log(decrypted.plaintext.value);
+     * ```
      */
     attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType>>;
+    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, backoffConfig?: Partial<BackoffConfig>): Promise<EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>;
+    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType>>;
     /**
      * Performs attested compute via a voucher-backed session key.
      *
-     * @example
+     * @example Plaintext result
      * ```ts
      * const attestation = await lightning.attestedComputeWithVoucher(
      *   ephemeralKeypair,
      *   voucher,
+     *   ethClient,
      *   lhsHandle,
      *   AttestedComputeSupportedOps.Eq,
      *   true,
      * );
      * ```
+     *
+     * @example Reencrypt for a delegate
+     * ```ts
+     * const encrypted = await lightning.attestedComputeWithVoucher(
+     *   ephemeralKeypair,
+     *   voucher,
+     *   lhsHandle,
+     *   AttestedComputeSupportedOps.Eq,
+     *   true,
+     *   delegatePubKey,
+     * );
+     * console.log(encrypted.encryptedPlaintext.ciphertext.value);
+     * ```
+     *
+     * @example Reencrypt and decrypt locally
+     * ```ts
+     * const decrypted = await lightning.attestedComputeWithVoucher(
+     *   ephemeralKeypair,
+     *   voucher,
+     *   lhsHandle,
+     *   AttestedComputeSupportedOps.Eq,
+     *   true,
+     *   keypair.encodePublicKey(),
+     *   keypair,
+     * );
+     * console.log(decrypted.plaintext.value);
+     * ```
      */
-    attestedComputeWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType>>;
+    attestedComputeWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType>>;
+    attestedComputeWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, backoffConfig?: Partial<BackoffConfig>): Promise<EncryptedDecryptionAttestation<EciesScheme, SupportedFheType>>;
+    attestedComputeWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EciesScheme, SupportedFheType>>;
     /**
      * Get an decryption of publicly revealed handles.
      *
@@ -268,7 +335,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      *
      * @example
      * ```typescript
-     * const response = await lightning.attestedReveal([handle1, handle2]);
+     * const response = await lightning.attestedReveal([handle1, handle2], ethClient);
      * const { plaintext, covalidatorSignature } = response[0];
      * ```
      */
@@ -281,8 +348,17 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
     }, threshold: number): string[];
     private static isIdByName;
     private static plaintextFromValue;
-    private static getContractThresholdAndSigners;
-    private static getThresholdAndSigners;
+    static getEciesPublicKey(client: PublicClient, executorAddress: Address): Promise<HexString>;
+    static getIncoVerifierContract(client: PublicClient, executorAddress: Address): Promise<GetContractReturnType<typeof incoVerifierAbi, PublicClient, Address>>;
+    /**
+     * Retrieves the verifier contract details including threshold, signers, and ECIES public key from the Inco Verifier contract.
+     *
+     * @param executorAddress The address of the Inco Lightning executor contract.
+     * @param client The public client to interact with the blockchain.
+     * @returns An object containing the threshold, signers, and ECIES public key.
+     */
+    private static getVerifierContractDetails;
+    private static getChainConfig;
     private static supportsThresholdRetrieval;
     private static getDefaultThresholdAndSigners;
 }

package/dist/types/viem.d.ts

@@ -1,3 +1,4 @@
+import { Chain } from 'viem';
 import { Chainish } from './chain.js';
 export declare const chains: {
     sepolia: {
@@ -777,7 +778,4 @@ export declare const chains: {
         readonly network: "worldchain-sepolia";
     };
 };
-type ChainName = keyof typeof chains;
-export type ViemChain = (typeof chains)[ChainName];
-export declare function getViemChain(chainish: Chainish): ViemChain;
-export {};
+export declare function getViemChain(chainish: Chainish): Chain;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inco/js",
-  "version": "0.7.0",
+  "version": "0.7.2",
   "repository": "https://github.com/Inco-fhevm/inco-monorepo",
   "license": "Apache-2.0",
   "sideEffects": false,
@@ -96,7 +96,7 @@
     "effect": "^3.17.13",
     "elliptic": "^6.6.1",
     "sha3": "^2.1.4",
-    "viem": "^2.23.6"
+    "viem": "^2.39.3"
   },
   "devDependencies": {
     "@inco/pega": "0.0.0",
@@ -113,5 +113,8 @@
   "publishConfig": {
     "access": "public",
     "registry": "https://registry.npmjs.org/"
+  },
+  "browser": {
+    "fs/promises": false
   }
 }