@inco/js 0.8.0-devnet-22 → 0.8.0-devnet-24

package/dist/types/attesteddecrypt/attested-decrypt.d.ts

@@ -22,22 +22,6 @@ export interface IncoLiteAttestedDecryptorArgs {
     /** The chain ID to use */
     chainId: SupportedChainId;
 }
-/**
- * Decrypt multiple handles in a single attested request without wallet authentication.
- * Returns an array of attestations aligned with the response ordering.
- *
- * @param args - The arguments for creating the attested decrypt function
- * @returns A function that can decrypt handles and return an attestation
- * @throws {AttestedDecryptError} If the creation fails
- */
-export declare function attestedDecrypt({ handles, backoffConfig, chainId, kmsQuorumClient, executorAddress, hostChainRpcUrl, }: {
-    handles: HexString[];
-    backoffConfig?: Partial<BackoffConfig> | undefined;
-    chainId: SupportedChainId;
-    kmsQuorumClient: KmsQuorumClient;
-    executorAddress: HexString;
-    hostChainRpcUrl?: string | undefined;
-}): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
 /**
  * Decrypt multiple handles in a single attested request.
  * Returns an array of attestations aligned with the response ordering.
@@ -55,7 +39,6 @@ export declare function attestedDecrypt({ handles, backoffConfig, walletClient,
     reencryptKeypair: XwingKeypair;
     kmsQuorumClient: KmsQuorumClient;
     executorAddress: HexString;
-    hostChainRpcUrl?: string | undefined;
 }): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
 /**
  * Decrypt multiple handles in a single attested request.
@@ -74,26 +57,6 @@ export declare function attestedDecrypt({ handles, backoffConfig, walletClient,
     reencryptKeypair?: never;
     kmsQuorumClient: KmsQuorumClient;
     executorAddress: HexString;
-    hostChainRpcUrl?: string | undefined;
 }): Promise<Array<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
-/**
- * Decrypt multiple handles in a single attested request.
- * Returns an array of attestations aligned with the response ordering.
- *
- * @param args - The arguments for creating the attested decrypt function
- * @returns A function that can decrypt handles and return an attestation
- * @throws {AttestedDecryptError} If the creation fails
- */
-export declare function attestedDecrypt({ handles, backoffConfig, walletClient, chainId, kmsQuorumClient, executorAddress, }: {
-    handles: HexString[];
-    backoffConfig?: Partial<BackoffConfig> | undefined;
-    walletClient: WalletClient<Transport, Chain, Account>;
-    chainId: SupportedChainId;
-    reencryptPubKey?: never;
-    reencryptKeypair?: never;
-    kmsQuorumClient: KmsQuorumClient;
-    executorAddress: HexString;
-    hostChainRpcUrl?: string | undefined;
-}): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
 export declare function fetchEip712DomainVersion(executorAddress: HexString | undefined, defaultVersion: string, walletClient?: WalletClient<Transport, Chain, Account> | PublicClient<Transport, Chain>): Promise<string>;
 export declare function decryptEncryptedAttestations(attestations: Array<DecryptionAttestation<EncryptionScheme, SupportedFheType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>, reencryptKeypair: XwingKeypair): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;

package/dist/types/attestedreveal/attested-reveal.d.ts

@@ -0,0 +1,22 @@
+import type { DecryptionAttestation } from '../attesteddecrypt/types.js';
+import type { HexString } from '../binary.js';
+import type { SupportedChainId } from '../chain.js';
+import type { EncryptionScheme, SupportedFheType } from '../encryption/encryption.js';
+import type { KmsQuorumClient } from '../kms/quorumClient.js';
+import type { BackoffConfig } from '../retry.js';
+/**
+ * Reveal multiple handles in a single attested request without wallet authentication.
+ * Returns an array of plaintext attestations aligned with the response ordering.
+ *
+ * @param args - The arguments for the attested reveal request
+ * @returns An array of decryption attestations
+ * @throws {AttestedRevealError} If the reveal fails
+ */
+export declare function attestedReveal({ handles, chainId, kmsQuorumClient, executorAddress, hostChainRpcUrl, backoffConfig, }: {
+    handles: HexString[];
+    chainId: SupportedChainId;
+    kmsQuorumClient: KmsQuorumClient;
+    executorAddress: HexString;
+    hostChainRpcUrl?: string | undefined;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+}): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;

package/dist/types/attestedreveal/index.d.ts

@@ -0,0 +1,2 @@
+export { attestedReveal } from './attested-reveal.js';
+export * from './types.js';

package/dist/types/attestedreveal/types.d.ts

@@ -0,0 +1,4 @@
+export declare class AttestedRevealError extends Error {
+    readonly cause?: unknown | undefined;
+    constructor(message: string, cause?: unknown | undefined);
+}

package/dist/types/generated/abis/lightning.d.ts

@@ -1177,6 +1177,10 @@ export declare const incoLightningAbi: readonly [{
         readonly name: "end";
         readonly internalType: "uint16";
         readonly type: "uint16";
+    }, {
+        readonly name: "listType";
+        readonly internalType: "enum ETypes";
+        readonly type: "uint8";
     }];
     readonly name: "listRange";
     readonly outputs: readonly [{
@@ -1937,6 +1941,11 @@ export declare const incoLightningAbi: readonly [{
         readonly internalType: "uint256";
         readonly type: "uint256";
         readonly indexed: true;
+    }, {
+        readonly name: "listType";
+        readonly internalType: "enum ETypes";
+        readonly type: "uint8";
+        readonly indexed: false;
     }, {
         readonly name: "result";
         readonly internalType: "elist";
@@ -2672,6 +2681,14 @@ export declare const incoLightningAbi: readonly [{
         readonly type: "uint16";
     }];
     readonly name: "InvalidInputVersion";
+}, {
+    readonly type: "error";
+    readonly inputs: readonly [{
+        readonly name: "raw";
+        readonly internalType: "uint8";
+        readonly type: "uint8";
+    }];
+    readonly name: "InvalidListTypeValue";
 }, {
     readonly type: "error";
     readonly inputs: readonly [{
@@ -2688,6 +2705,14 @@ export declare const incoLightningAbi: readonly [{
     readonly type: "error";
     readonly inputs: readonly [];
     readonly name: "InvalidShortString";
+}, {
+    readonly type: "error";
+    readonly inputs: readonly [{
+        readonly name: "raw";
+        readonly internalType: "uint8";
+        readonly type: "uint8";
+    }];
+    readonly name: "InvalidTypeValue";
 }, {
     readonly type: "error";
     readonly inputs: readonly [{
@@ -2752,6 +2777,14 @@ export declare const incoLightningAbi: readonly [{
         readonly type: "bytes";
     }];
     readonly name: "ProofVerificationFailed";
+}, {
+    readonly type: "error";
+    readonly inputs: readonly [{
+        readonly name: "t";
+        readonly internalType: "enum ETypes";
+        readonly type: "uint8";
+    }];
+    readonly name: "SameTypeCast";
 }, {
     readonly type: "error";
     readonly inputs: readonly [{

package/dist/types/generated/abis/test-elist.d.ts

@@ -129,6 +129,10 @@ export declare const elistTesterAbi: readonly [{
         readonly name: "end";
         readonly internalType: "uint16";
         readonly type: "uint16";
+    }, {
+        readonly name: "listType";
+        readonly internalType: "enum ETypes";
+        readonly type: "uint8";
     }];
     readonly name: "listRange";
     readonly outputs: readonly [{

package/dist/types/generated/es/inco/covalidator/compute/v1/server_pb.d.ts

@@ -426,7 +426,11 @@ export type SingleEListRangeOpRequest = Message<"inco.covalidator.compute.v1.Sin
      */
     end: number;
     /**
-     * @generated from field: optional inco.covalidator.compute.v1.ConfigureRequest configure_request = 3;
+     * @generated from field: int32 listType = 3;
+     */
+    listType: number;
+    /**
+     * @generated from field: optional inco.covalidator.compute.v1.ConfigureRequest configure_request = 4;
      */
     configureRequest?: ConfigureRequest;
 };

package/dist/types/lite/index.d.ts

@@ -1,3 +1,6 @@
+export { AttestedComputeError } from '../attestedcompute/types.js';
+export { AttestedDecryptError } from '../attesteddecrypt/types.js';
+export { AttestedRevealError } from '../attestedreveal/types.js';
 export * from '../generated/abis/lightning.js';
 export type { AttestedComputeRequest, AttestedDecryptRequest, KmsService, } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
 export type { HandleWithProof } from '../generated/es/inco/kms/lite/v1/types_pb.js';
@@ -5,3 +8,4 @@ export * from './attested-compute.js';
 export * from './attested-decrypt.js';
 export * from './deployments.js';
 export * from './lightning.js';
+export type { AttestedOpts, AttestedOptsDecrypted, AttestedOptsEncrypted, AttestedOptsEphemeral, AttestedRevealOpts, AttestedWithVoucherOpts, AttestedWithVoucherOptsDecrypted, AttestedWithVoucherOptsEncrypted, AttestedWithVoucherOptsEphemeral, } from './types.js';

package/dist/types/lite/lightning.d.ts

@@ -10,8 +10,7 @@ import { lightningDeployments } from '../generated/lightning.js';
 import { localNodeLightningConfig } from '../generated/local-node.js';
 import { FheType } from '../handle.js';
 import { LocalNodeEnv } from '../local/index.js';
-import { BackoffConfig } from '../retry.js';
-import { XwingKeypair } from './xwing.js';
+import type { AttestedOptsDecrypted, AttestedOptsEncrypted, AttestedOptsEphemeral, AttestedRevealOpts, AttestedWithVoucherOptsDecrypted, AttestedWithVoucherOptsEncrypted, AttestedWithVoucherOptsEphemeral } from './types.js';
 type TupleToUnion<T> = T extends readonly unknown[] ? T[number] : never;
 type Deployment = TupleToUnion<typeof lightningDeployments>;
 type DistributedPick<T, K> = T extends any ? Pick<T, Extract<keyof T, K>> : never;
@@ -219,24 +218,24 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      *
      * @example Reencrypt for a delegate
      * ```ts
-     * const encrypted = await lightning.attestedDecrypt(walletClient, [handle], delegatePubKey);
+     * const encrypted = await lightning.attestedDecrypt(walletClient, [handle], {
+     *   reencryptPubKey: delegatePubKey,
+     * });
      * console.log(encrypted[0].encryptedPlaintext.ciphertext.value);
      * ```
      *
      * @example Reencrypt and decrypt locally
      * ```ts
-     * const decrypted = await lightning.attestedDecrypt(
-     *   walletClient,
-     *   [handle],
-     *   keypair.encodePublicKey(),
-     *   keypair,
-     * );
+     * const decrypted = await lightning.attestedDecrypt(walletClient, [handle], {
+     *   reencryptPubKey: keypair.encodePublicKey(),
+     *   reencryptKeypair: keypair,
+     * });
      * console.log(decrypted[0].plaintext.value);
      * ```
      */
-    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
-    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, backoffConfig?: Partial<BackoffConfig>): Promise<Array<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
-    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: XwingKeypair, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
+    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], opts?: AttestedOptsEphemeral): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
+    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], opts: AttestedOptsEncrypted): Promise<Array<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
+    attestedDecrypt(walletClient: WalletClient<Transport, Chain, Account>, handles: HexString[], opts: AttestedOptsDecrypted): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
     /**
      * Requests attested decrypts using a voucher-backed session key.
      *
@@ -244,7 +243,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * @param allowanceVoucherWithSig Signed allowance voucher.
      * @param ethClient - A public eth client or eth wallet client used for signing the attested decrypt request
      * @param handles Handles to decrypt.
-     * @param options Optional reencryption/backoff configuration.
+     * @param opts Optional reencryption/backoff configuration.
      *
      * @example Plaintext results
      * ```ts
@@ -266,10 +265,21 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      *   { reencryptPubKey: delegateKeypair.encodePublicKey() },
      * );
      * ```
+     *
+     * @example Reencrypt and decrypt locally
+     * ```ts
+     * const decrypted = await lightning.attestedDecryptWithVoucher(
+     *   ephemeralAccount,
+     *   voucher,
+     *   ethClient,
+     *   [handle],
+     *   { reencryptPubKey: keypair.encodePublicKey(), reencryptKeypair: keypair },
+     * );
+     * ```
      */
-    attestedDecryptWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
-    attestedDecryptWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<Array<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
-    attestedDecryptWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: XwingKeypair, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
+    attestedDecryptWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], opts?: AttestedWithVoucherOptsEphemeral): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
+    attestedDecryptWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], opts: AttestedWithVoucherOptsEncrypted): Promise<Array<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
+    attestedDecryptWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, handles: HexString[], opts: AttestedWithVoucherOptsDecrypted): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
     /**
      * Get an attested compute for the given wallet client.
      *
@@ -277,7 +287,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * @param lhsHandle - The handle to compute
      * @param op - The operation to perform
      * @param rhsPlaintext - The plaintext to compute with
-     * @param backoffConfig - The backoff configuration for the attested compute request
+     * @param opts - Optional configuration (reencryption keys and/or backoff config)
      * @returns The decryption attestation
      *
      * @example Plaintext result
@@ -297,7 +307,7 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      *   lhsHandle,
      *   op,
      *   rhsPlaintext,
-     *   delegatePubKey,
+     *   { reencryptPubKey: delegatePubKey },
      * );
      * console.log(encrypted.encryptedPlaintext.ciphertext.value);
      * ```
@@ -309,15 +319,14 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      *   lhsHandle,
      *   op,
      *   rhsPlaintext,
-     *   keypair.encodePublicKey(),
-     *   keypair,
+     *   { reencryptPubKey: keypair.encodePublicKey(), reencryptKeypair: keypair },
      * );
      * console.log(decrypted.plaintext.value);
      * ```
      */
-    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
-    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, backoffConfig?: Partial<BackoffConfig>): Promise<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>;
-    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, reencryptKeypair: XwingKeypair, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, opts?: AttestedOptsEphemeral): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, opts: AttestedOptsEncrypted): Promise<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedCompute(walletClient: WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, opts: AttestedOptsDecrypted): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
     /**
      * Performs attested compute via a voucher-backed session key.
      *
@@ -338,10 +347,11 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * const encrypted = await lightning.attestedComputeWithVoucher(
      *   ephemeralAccount,
      *   voucher,
+     *   ethClient,
      *   lhsHandle,
      *   AttestedComputeSupportedOps.Eq,
      *   true,
-     *   delegatePubKey,
+     *   { reencryptPubKey: delegatePubKey },
      * );
      * console.log(encrypted.encryptedPlaintext.ciphertext.value);
      * ```
@@ -351,18 +361,18 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      * const decrypted = await lightning.attestedComputeWithVoucher(
      *   ephemeralAccount,
      *   voucher,
+     *   ethClient,
      *   lhsHandle,
      *   AttestedComputeSupportedOps.Eq,
      *   true,
-     *   keypair.encodePublicKey(),
-     *   keypair,
+     *   { reencryptPubKey: keypair.encodePublicKey(), reencryptKeypair: keypair },
      * );
      * console.log(decrypted.plaintext.value);
      * ```
      */
-    attestedComputeWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
-    attestedComputeWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>;
-    attestedComputeWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, reencryptKeypair: XwingKeypair, requesterArgData?: HexString, backoffConfig?: Partial<BackoffConfig>): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedComputeWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, opts?: AttestedWithVoucherOptsEphemeral): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedComputeWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, opts: AttestedWithVoucherOptsEncrypted): Promise<EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>;
+    attestedComputeWithVoucher(ephemeralAccount: PrivateKeyAccount, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient<Transport, Chain> | WalletClient<Transport, Chain, Account>, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, opts: AttestedWithVoucherOptsDecrypted): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType>>;
     /**
      * Get an decryption of publicly revealed handles.
      *
@@ -372,11 +382,11 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
      *
      * @example
      * ```typescript
-     * const response = await lightning.attestedReveal([handle1, handle2], ethClient);
+     * const response = await lightning.attestedReveal([handle1, handle2]);
      * const { plaintext, covalidatorSignature } = response[0];
      * ```
      */
-    attestedReveal(handles: HexString[], backoffConfig?: Partial<BackoffConfig>): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
+    attestedReveal(handles: HexString[], opts?: AttestedRevealOpts): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedFheType>>>;
     /**
      * Get the GRPC endpoint for the covalidator that services this deployment.
      */

package/dist/types/lite/types.d.ts

@@ -0,0 +1,47 @@
+import type { HexString } from '../binary.js';
+import type { BackoffConfig } from '../retry.js';
+import type { XwingKeypair } from './xwing.js';
+/**
+ * Options for attested methods when no reencrypt keys are provided.
+ * The KMS generates an ephemeral keypair and returns plaintext.
+ */
+export type AttestedOptsEphemeral = {
+    reencryptPubKey?: never;
+    reencryptKeypair?: never;
+    backoffConfig?: Partial<BackoffConfig>;
+};
+/**
+ * Options for attested methods when only a reencrypt public key is provided.
+ * The KMS encrypts the result under the provided key; caller receives ciphertext.
+ */
+export type AttestedOptsEncrypted = {
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair?: never;
+    backoffConfig?: Partial<BackoffConfig>;
+};
+/**
+ * Options for attested methods when both a reencrypt key and keypair are provided.
+ * The KMS reencrypts under the public key; the SDK decrypts locally using the keypair.
+ */
+export type AttestedOptsDecrypted = {
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair: XwingKeypair;
+    backoffConfig?: Partial<BackoffConfig>;
+};
+/** Union of all valid opts for attestedDecrypt / attestedCompute. */
+export type AttestedOpts = AttestedOptsEphemeral | AttestedOptsEncrypted | AttestedOptsDecrypted;
+/** Extends the base opts with voucher-specific fields for WithVoucher methods. */
+export type AttestedWithVoucherOptsEphemeral = AttestedOptsEphemeral & {
+    requesterArgData?: HexString;
+};
+export type AttestedWithVoucherOptsEncrypted = AttestedOptsEncrypted & {
+    requesterArgData?: HexString;
+};
+export type AttestedWithVoucherOptsDecrypted = AttestedOptsDecrypted & {
+    requesterArgData?: HexString;
+};
+export type AttestedWithVoucherOpts = AttestedWithVoucherOptsEphemeral | AttestedWithVoucherOptsEncrypted | AttestedWithVoucherOptsDecrypted;
+/** Options for attestedReveal. */
+export type AttestedRevealOpts = {
+    backoffConfig?: Partial<BackoffConfig>;
+};

package/dist/types/lite/xwing.d.ts

@@ -146,3 +146,9 @@ export declare function getXwingEncryptor({ pubKeyA, }: XwingEncryptorArgs): Enc
  * @returns Decryptor function
  */
 export declare function getXwingDecryptor({ privKeyA, }: XwingDecryptorArgs): Decryptor<XwingScheme>;
+/**
+ * Returns true if the raw public key bytes match the public key encoded by the keypair.
+ * Used to catch caller mistakes before sending the keypair to the covalidator, where a
+ * mismatch would produce a cryptic signature error instead of a clear failure.
+ */
+export declare function reencryptPublicKeysMatch(reencryptPubKey: Uint8Array, reencryptKeypair: XwingKeypair): boolean;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inco/js",
-  "version": "0.8.0-devnet-22",
+  "version": "0.8.0-devnet-24",
   "repository": "https://github.com/Inco-fhevm/inco-monorepo",
   "license": "Apache-2.0",
   "sideEffects": false,