@inco/lightning-js 0.0.0-bootstrap.0

package/dist/cjs/viem.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.chains = void 0;
+exports.getViemChain = getViemChain;
+const chains_1 = require("viem/chains");
+const chain_js_1 = require("./chain.js");
+/** Map of supported chain short names to their viem chain objects. */
+exports.chains = {
+    mainnet: chains_1.mainnet,
+    base: chains_1.base,
+    sepolia: chains_1.sepolia,
+    baseSepolia: chains_1.baseSepolia,
+    monadTestnet: chains_1.monadTestnet,
+    plasmaTestnet: chains_1.plasmaTestnet,
+    anvil: chains_1.anvil,
+    worldchainSepolia: chains_1.worldchainSepolia,
+};
+/**
+ * Resolves a {@link Chainish} value to a viem {@link Chain} object.
+ *
+ * Accepts a chain ID (`number` or `bigint`), an object with an `id` field,
+ * or a chain short name (e.g. `"baseSepolia"`).
+ *
+ * @param chainish - The chain identifier to resolve.
+ * @returns The matching `viem` chain object.
+ * @throws If no supported chain matches the given identifier.
+ */
+function getViemChain(chainish) {
+    const { name } = (0, chain_js_1.getSupportedChain)(chainish);
+    const chain = exports.chains[name];
+    if (!chain) {
+        throw new Error(`Unable to get viem chain: ${name}`);
+    }
+    return chain;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmllbS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy92aWVtLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQXVDQSxvQ0FPQztBQTdDRCx3Q0FTcUI7QUFDckIseUNBQXlEO0FBTXpELHNFQUFzRTtBQUN6RCxRQUFBLE1BQU0sR0FBRztJQUNwQixPQUFPLEVBQVAsZ0JBQU87SUFDUCxJQUFJLEVBQUosYUFBSTtJQUNKLE9BQU8sRUFBUCxnQkFBTztJQUNQLFdBQVcsRUFBWCxvQkFBVztJQUNYLFlBQVksRUFBWixxQkFBWTtJQUNaLGFBQWEsRUFBYixzQkFBYTtJQUNiLEtBQUssRUFBTCxjQUFLO0lBQ0wsaUJBQWlCLEVBQWpCLDBCQUFpQjtDQUNsQixDQUFDO0FBRUY7Ozs7Ozs7OztHQVNHO0FBQ0gsU0FBZ0IsWUFBWSxDQUFDLFFBQWtCO0lBQzdDLE1BQU0sRUFBRSxJQUFJLEVBQUUsR0FBRyxJQUFBLDRCQUFpQixFQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQzdDLE1BQU0sS0FBSyxHQUFHLGNBQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUMzQixJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksS0FBSyxDQUFDLDZCQUE2QixJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFDRCxPQUFPLEtBQUssQ0FBQztBQUNmLENBQUMifQ==

package/dist/esm/advancedacl/index.d.ts

@@ -0,0 +1,2 @@
+export * from './session-key.js';
+export * from './types.js';

package/dist/esm/advancedacl/index.js

@@ -0,0 +1,3 @@
+export * from './session-key.js';
+export * from './types.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYWR2YW5jZWRhY2wvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxrQkFBa0IsQ0FBQztBQUNqQyxjQUFjLFlBQVksQ0FBQyJ9

package/dist/esm/advancedacl/session-key.d.ts

@@ -0,0 +1,95 @@
+import { type Account, type Address, type Chain, type Hex, PublicClient, type Transport, type WalletClient } from 'viem';
+import type { PrivateKeyAccount } from 'viem/accounts';
+import { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/index.js';
+import { SupportedChainId } from '../chain.js';
+import { EncryptionScheme, SupportedTeeType } from '../encryption/encryption.js';
+import { HexString } from '../index.js';
+import { type XwingKeypair } from '../lite/xwing.js';
+import { BackoffConfig } from '../retry.js';
+import type { AllowanceVoucher, AllowanceVoucherWithSig } from './types.js';
+import { AttestedComputeOP } from '../attestedcompute/types.js';
+import { KmsQuorumClient } from '../kms/quorumClient.js';
+export declare const SESSION_KEY_WARNING = "Inco Warning: signing this message may leak your private data, including from unrelated apps. Sign only if you fully trust this app.";
+export interface Session {
+    decrypter: Address;
+    expiresAt: bigint;
+}
+export declare function createAllowanceVoucher(incoLiteAddress: Address, sharerWalletClient: WalletClient<Transport, Chain, Account>, verifyingContract: Address, callFunction: Hex, sharerArgData: Hex): Promise<AllowanceVoucher>;
+export interface GrantSessionKeyArgs {
+    chainId: bigint;
+    incoLiteAddress: Address;
+    sessionVerifierContractAddress: Address;
+    granteeAddress: Address;
+    sharerWalletClient: WalletClient<Transport, Chain, Account>;
+    expiresAt: Date;
+}
+export interface GrantSessionKeyCustomVerifierArgs {
+    chainId: bigint;
+    incoLiteAddress: Address;
+    sessionVerifierContractAddress: Address;
+    sharerWalletClient: WalletClient<Transport, Chain, Account>;
+    sharerArgData: Hex;
+}
+export declare function grantSessionKey({ chainId, incoLiteAddress, sessionVerifierContractAddress, granteeAddress, sharerWalletClient, expiresAt, }: GrantSessionKeyArgs): Promise<AllowanceVoucherWithSig>;
+export declare function grantSessionKeyCustomVerifier({ chainId, incoLiteAddress, sessionVerifierContractAddress, sharerWalletClient, sharerArgData, }: GrantSessionKeyCustomVerifierArgs): Promise<AllowanceVoucherWithSig>;
+export declare function updateActiveVouchersSessionNonce(incoLiteAddress: Address, sharerWalletClient: WalletClient<Transport, Chain, Account>): Promise<`0x${string}`>;
+export interface SessionKeyAttestedComputeArgs {
+    chainId: SupportedChainId;
+    ephemeralAccount: PrivateKeyAccount;
+    kmsQuorumClient: KmsQuorumClient;
+    allowanceVoucherWithSig: AllowanceVoucherWithSig;
+    lhsHandle: HexString;
+    op: AttestedComputeOP;
+    rhsPlaintext: bigint | boolean;
+    requesterArgData?: Hex | undefined;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    ethClient: PublicClient<Transport, Chain>;
+    executorAddress: HexString;
+    reencryptPubKey?: Uint8Array | undefined;
+    reencryptKeypair?: XwingKeypair | undefined;
+}
+export declare function sessionKeyAttestedCompute<T extends SupportedTeeType>({ lhsHandle, op, rhsPlaintext, backoffConfig, chainId, kmsQuorumClient, ephemeralAccount, allowanceVoucherWithSig, requesterArgData, ethClient, executorAddress, reencryptPubKey, reencryptKeypair, }: SessionKeyAttestedComputeArgs): Promise<DecryptionAttestation<EncryptionScheme, SupportedTeeType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedTeeType>>;
+export interface SessionKeyAttestedDecryptArgs {
+    chainId: SupportedChainId;
+    ephemeralAccount: PrivateKeyAccount;
+    kmsQuorumClient: KmsQuorumClient;
+    allowanceVoucherWithSig: AllowanceVoucherWithSig;
+    handles: HexString[];
+    requesterArgData?: Hex | undefined;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    reencryptPubKey?: Uint8Array | undefined;
+    reencryptKeypair?: XwingKeypair | undefined;
+    ethClient: PublicClient<Transport, Chain>;
+    executorAddress: HexString;
+}
+/**
+ * Performs attested decrypts using a voucher-backed session key.
+ *
+ * @example Plaintext results
+ * ```ts
+ * const attestations = await sessionKeyAttestedDecrypt({
+ *   chainId,
+ *   kmsConnectRpcEndpointOrClient: covalidatorUrl,
+ *   allowanceVoucherWithSig: voucher,
+ *   ephemeralAccount,
+ *   handles,
+ * });
+ * console.log(attestations[0].plaintext.value);
+ * ```
+ *
+ * @example Encrypted results
+ * ```ts
+ * const encryptedResults = await sessionKeyAttestedDecrypt({
+ *   chainId,
+ *   kmsConnectRpcEndpointOrClient: covalidatorUrl,
+ *   allowanceVoucherWithSig: voucher,
+ *   ephemeralAccount,
+ *   handles,
+ *   reencryptPubKey: recipientPubKey,
+ * });
+ * console.log(
+ *   encryptedResults[0].encryptedPlaintext.ciphertext.value,
+ * );
+ * ```
+ */
+export declare function sessionKeyAttestedDecrypt({ chainId, kmsQuorumClient, handles, ephemeralAccount, allowanceVoucherWithSig, requesterArgData, backoffConfig, reencryptPubKey, reencryptKeypair, ethClient, executorAddress, }: SessionKeyAttestedDecryptArgs): Promise<Array<DecryptionAttestation<EncryptionScheme, SupportedTeeType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedTeeType>>>;

package/dist/esm/advancedacl/session-key.js

@@ -0,0 +1,367 @@
+import { create } from '@bufbuild/protobuf';
+import { bytesToHex, encodeAbiParameters, getContract, hexToBytes, toFunctionSelector, } from 'viem';
+import { abiHelperAbi, advancedAccessControlAbi, incoLightningAbi, sessionVerifierAbi, } from '../generated/abis/lightning.js';
+import { incoVerifierAbi } from '../generated/abis/verifier.js';
+import { bigintToBytes32 } from '../index.js';
+import { ATTESTED_COMPUTE_DOMAIN_NAME, ATTESTED_DECRYPT_DOMAIN_NAME, } from '../lite/index.js';
+import { reencryptPublicKeysMatch } from '../lite/xwing.js';
+import { createEIP712Payload } from '../reencryption/index.js';
+import { AttestedComputeError, } from '../attestedcompute/types.js';
+import { decryptEncryptedAttestations } from '../attesteddecrypt/attested-decrypt.js';
+import { AttestedDecryptError } from '../attesteddecrypt/types.js';
+import { fetchEip712DomainVersion } from '../eip712/eip712.js';
+import { AttestedComputeRequestSchema, AttestedDecryptRequestSchema, } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
+import { AllowanceProofSchema, AllowanceVoucherSchema, HandleWithProofSchema, IncoLiteAdvancedACLProofSchema, } from '../generated/es/inco/kms/lite/v1/types_pb.js';
+// SessionKey is a special case of the SessionVerifier allowance, where the
+// requester is an ephemeral keypair generated by the user, to use the same
+// keypair for multiple reencryptions, expired after a certain time.
+// Default warning message included in session vouchers. Displayed by wallets
+// at signing time so users understand what they are granting access to.
+export const SESSION_KEY_WARNING = 'Inco Warning: signing this message may leak your private data, including from unrelated apps. Sign only if you fully trust this app.';
+// Given a sharer's wallet client, an incoLite contract address, and a
+// (verifyingContract, callFunction, sharerArgData) tuple, this function
+// creates an AllowanceVoucher. The warning is always SESSION_KEY_WARNING.
+export async function createAllowanceVoucher(incoLiteAddress, sharerWalletClient, verifyingContract, callFunction, sharerArgData) {
+    const verifier = await getIncoVerifier(incoLiteAddress, sharerWalletClient);
+    // The session nonce in the AllowanceVoucher must match the current active
+    // session nonce of the sharer on-chain.
+    const sessionNonce = await verifier.read.getActiveVouchersSessionNonce([
+        sharerWalletClient.account.address,
+    ]);
+    return {
+        sessionNonce,
+        verifyingContract,
+        callFunction,
+        sharerArgData,
+        warning: SESSION_KEY_WARNING,
+    };
+}
+// Let the sharer grant a session key to the requester.
+// The session grants temporary access to ALL of the sharer's encrypted handles.
+export async function grantSessionKey({ chainId, incoLiteAddress, sessionVerifierContractAddress, granteeAddress, sharerWalletClient, expiresAt, }) {
+    // Validate that expiresAt is a valid Date object
+    if (!(expiresAt instanceof Date) || isNaN(expiresAt.getTime())) {
+        throw new Error('expiresAt must be a valid Date object');
+    }
+    const nowMs = Date.now();
+    const expiresAtMs = expiresAt.getTime();
+    // Validate that expiresAt is in the future
+    if (expiresAtMs < nowMs) {
+        throw new Error('expiresAt must be in the future');
+    }
+    const sharerArgData = encodeAbiParameters(getSessionAbi(), [
+        granteeAddress,
+        BigInt(Math.floor(expiresAtMs / 1000)),
+    ]);
+    const incoVerifier = await getIncoVerifier(incoLiteAddress, sharerWalletClient);
+    // returned by read.eip712Domain():
+    // bytes1 fields,
+    // string memory name,
+    // string memory version,
+    // uint256 chainId,
+    // address verifyingContract,
+    // bytes32 salt,
+    // uint256[] memory extensions
+    const verifierDomain = await incoVerifier.read.eip712Domain();
+    const eip712DomainName = verifierDomain[1];
+    const eip712DomainVersion = verifierDomain[2];
+    const voucher = await createAllowanceVoucher(incoLiteAddress, sharerWalletClient, 
+    // Careful that the verifying contract here is the SessionVerifier contract,
+    // not the incoLite contract.
+    sessionVerifierContractAddress, toFunctionSelector(getCanUseSessionAbi()), sharerArgData);
+    const eip712Payload = createEIP712Payload({
+        chainId,
+        primaryType: 'AllowanceVoucher',
+        primaryTypeFields: getAllowanceVoucherAbi(),
+        message: voucher,
+        // Related to comment above: careful that the verifying contract here is
+        // the incoVerifier contract (not the SessionVerifier contract).
+        verifyingContract: incoVerifier.address,
+        domainName: eip712DomainName,
+        domainVersion: eip712DomainVersion,
+    });
+    // Using browser extensions, this step will prompt the user to sign the
+    // payload.
+    const voucherSignature = await sharerWalletClient.signTypedData(eip712Payload);
+    return {
+        sharer: sharerWalletClient.account.address,
+        voucher,
+        voucherSignature,
+    };
+}
+export async function grantSessionKeyCustomVerifier({ chainId, incoLiteAddress, sessionVerifierContractAddress, sharerWalletClient, sharerArgData, }) {
+    const incoVerifier = await getIncoVerifier(incoLiteAddress, sharerWalletClient);
+    // returned by read.eip712Domain():
+    // bytes1 fields,
+    // string memory name,
+    // string memory version,
+    // uint256 chainId,
+    // address verifyingContract,
+    // bytes32 salt,
+    // uint256[] memory extensions
+    const verifierDomain = await incoVerifier.read.eip712Domain();
+    const eip712DomainName = verifierDomain[1];
+    const eip712DomainVersion = verifierDomain[2];
+    const voucher = await createAllowanceVoucher(incoLiteAddress, sharerWalletClient, 
+    // Careful that the verifying contract here is the SessionVerifier contract,
+    // not the incoLite contract.
+    sessionVerifierContractAddress, toFunctionSelector(getCanUseSessionAbi()), sharerArgData);
+    const eip712Payload = createEIP712Payload({
+        chainId,
+        primaryType: 'AllowanceVoucher',
+        primaryTypeFields: getAllowanceVoucherAbi(),
+        message: voucher,
+        // Related to comment above: careful that the verifying contract here is
+        // the incoVerifier contract (not the SessionVerifier contract).
+        verifyingContract: incoVerifier.address,
+        domainName: eip712DomainName,
+        domainVersion: eip712DomainVersion,
+    });
+    // Using browser extensions, this step will prompt the user to sign the
+    // payload.
+    const voucherSignature = await sharerWalletClient.signTypedData(eip712Payload);
+    return {
+        sharer: sharerWalletClient.account.address,
+        voucher,
+        voucherSignature,
+    };
+}
+export async function updateActiveVouchersSessionNonce(incoLiteAddress, sharerWalletClient) {
+    const verifier = await getIncoVerifier(incoLiteAddress, sharerWalletClient);
+    const salt = bytesToHex(crypto.getRandomValues(new Uint8Array(32)));
+    const txHash = await verifier.write.updateActiveVouchersSessionNonce([salt]);
+    return txHash;
+}
+// The sessionKeyAttestedCompute function is a decryptor that uses a session key
+// to compute on a handle.
+export async function sessionKeyAttestedCompute({ lhsHandle, op, rhsPlaintext, backoffConfig, chainId, kmsQuorumClient, ephemeralAccount, allowanceVoucherWithSig, requesterArgData, ethClient, executorAddress, reencryptPubKey, reencryptKeypair, }) {
+    const requesterAccount = ephemeralAccount;
+    const rhsPlaintextBig = BigInt(rhsPlaintext);
+    if (reencryptPubKey &&
+        reencryptKeypair &&
+        !reencryptPublicKeysMatch(reencryptPubKey, reencryptKeypair)) {
+        throw new AttestedComputeError('reencryptPubKey does not match reencryptKeypair public key');
+    }
+    const eip712DomainVersion = await fetchEip712DomainVersion(executorAddress, ethClient);
+    // Sign the EIP712 attesting that the requester has access to the private key
+    // corresponding to the ephemeral public key.
+    const eip712Payload = createEIP712Payload({
+        chainId: BigInt(chainId),
+        primaryType: 'AttestedComputeRequest',
+        primaryTypeFields: [
+            { name: 'op', type: 'uint8' },
+            { name: 'lhsHandle', type: 'bytes32' },
+            { name: 'rhsPlaintext', type: 'bytes32' },
+            { name: 'publicKey', type: 'bytes' },
+        ],
+        message: {
+            op: op,
+            lhsHandle: lhsHandle,
+            rhsPlaintext: bigintToBytes32(rhsPlaintextBig),
+            publicKey: bytesToHex(reencryptPubKey ? reencryptPubKey : new Uint8Array()),
+        },
+        domainName: ATTESTED_COMPUTE_DOMAIN_NAME,
+        domainVersion: eip712DomainVersion,
+    });
+    // Since the account is an ephemeral keypair stored in memory (not in Metamask),
+    // this step will NOT prompt the user with a pop-up.
+    const eip712Signature = await requesterAccount.signTypedData(eip712Payload);
+    const attestedComputeRequest = create(AttestedComputeRequestSchema, {
+        userAddress: requesterAccount.address,
+        reencryptPubKey: reencryptPubKey ? reencryptPubKey : new Uint8Array(),
+        op: op,
+        lhsHandle: lhsHandle,
+        rhsPlaintext: rhsPlaintextBig.toString(16),
+        eip712Signature: hexToBytes(eip712Signature),
+        aclProof: {
+            proof: {
+                case: 'incoLiteAdvancedAclProof',
+                value: create(IncoLiteAdvancedACLProofSchema, {
+                    allowanceProof: create(AllowanceProofSchema, {
+                        sharer: allowanceVoucherWithSig.sharer,
+                        voucher: create(AllowanceVoucherSchema, {
+                            sessionNonce: hexToBytes(allowanceVoucherWithSig.voucher.sessionNonce),
+                            verifyingContract: allowanceVoucherWithSig.voucher.verifyingContract,
+                            callFunction: hexToBytes(allowanceVoucherWithSig.voucher.callFunction),
+                            sharerArgData: hexToBytes(allowanceVoucherWithSig.voucher.sharerArgData),
+                            warning: allowanceVoucherWithSig.voucher.warning,
+                        }),
+                        voucherSignature: hexToBytes(allowanceVoucherWithSig.voucherSignature),
+                        // For DefaultSessionVerifier, the requesterArgData is empty.
+                        requesterArgData: requesterArgData
+                            ? hexToBytes(requesterArgData)
+                            : new Uint8Array(),
+                    }),
+                }),
+            },
+        },
+    });
+    let response = await kmsQuorumClient.attestedCompute(attestedComputeRequest, executorAddress, ethClient, backoffConfig, reencryptKeypair);
+    // If reencryptPubKey is provided with a keypair, decrypt the encrypted attestation
+    if (reencryptPubKey && reencryptKeypair) {
+        const [decryptedAttestation] = await decryptEncryptedAttestations([response], reencryptKeypair);
+        return decryptedAttestation;
+    }
+    return response;
+}
+/**
+ * Performs attested decrypts using a voucher-backed session key.
+ *
+ * @example Plaintext results
+ * ```ts
+ * const attestations = await sessionKeyAttestedDecrypt({
+ *   chainId,
+ *   kmsConnectRpcEndpointOrClient: covalidatorUrl,
+ *   allowanceVoucherWithSig: voucher,
+ *   ephemeralAccount,
+ *   handles,
+ * });
+ * console.log(attestations[0].plaintext.value);
+ * ```
+ *
+ * @example Encrypted results
+ * ```ts
+ * const encryptedResults = await sessionKeyAttestedDecrypt({
+ *   chainId,
+ *   kmsConnectRpcEndpointOrClient: covalidatorUrl,
+ *   allowanceVoucherWithSig: voucher,
+ *   ephemeralAccount,
+ *   handles,
+ *   reencryptPubKey: recipientPubKey,
+ * });
+ * console.log(
+ *   encryptedResults[0].encryptedPlaintext.ciphertext.value,
+ * );
+ * ```
+ */
+export async function sessionKeyAttestedDecrypt({ chainId, kmsQuorumClient, handles, ephemeralAccount, allowanceVoucherWithSig, requesterArgData, backoffConfig, reencryptPubKey, reencryptKeypair, ethClient, executorAddress, }) {
+    const requesterAccount = ephemeralAccount;
+    if (reencryptPubKey &&
+        reencryptKeypair &&
+        !reencryptPublicKeysMatch(reencryptPubKey, reencryptKeypair)) {
+        throw new AttestedDecryptError('reencryptPubKey does not match reencryptKeypair public key');
+    }
+    const eip712DomainVersion = await fetchEip712DomainVersion(executorAddress, ethClient);
+    // Sign the EIP712 attesting that the requester has access to the private key
+    // corresponding to the ephemeral public key.
+    const eip712Payload = createEIP712Payload({
+        chainId: BigInt(chainId),
+        primaryType: 'AttestedDecryptRequest',
+        primaryTypeFields: [
+            { name: 'handles', type: 'bytes32[]' },
+            { name: 'publicKey', type: 'bytes' },
+        ],
+        message: {
+            handles: handles,
+            publicKey: bytesToHex(reencryptPubKey ? reencryptPubKey : Uint8Array.from([])),
+        },
+        domainName: ATTESTED_DECRYPT_DOMAIN_NAME,
+        domainVersion: eip712DomainVersion,
+    });
+    // Since the account is an ephemeral keypair stored in memory (not in Metamask),
+    // this step will NOT prompt the user with a pop-up.
+    const eip712Signature = await requesterAccount.signTypedData(eip712Payload);
+    const handlesWithProofs = handles.map((handle) => {
+        return create(HandleWithProofSchema, {
+            handle: handle,
+            aclProof: {
+                proof: {
+                    case: 'incoLiteAdvancedAclProof',
+                    value: create(IncoLiteAdvancedACLProofSchema, {
+                        allowanceProof: create(AllowanceProofSchema, {
+                            sharer: allowanceVoucherWithSig.sharer,
+                            voucher: create(AllowanceVoucherSchema, {
+                                sessionNonce: hexToBytes(allowanceVoucherWithSig.voucher.sessionNonce),
+                                verifyingContract: allowanceVoucherWithSig.voucher.verifyingContract,
+                                callFunction: hexToBytes(allowanceVoucherWithSig.voucher.callFunction),
+                                sharerArgData: hexToBytes(allowanceVoucherWithSig.voucher.sharerArgData),
+                                warning: allowanceVoucherWithSig.voucher.warning,
+                            }),
+                            voucherSignature: hexToBytes(allowanceVoucherWithSig.voucherSignature),
+                            // For DefaultSessionVerifier, the requesterArgData is empty.
+                            requesterArgData: requesterArgData
+                                ? hexToBytes(requesterArgData)
+                                : new Uint8Array(),
+                        }),
+                    }),
+                },
+            },
+        });
+    });
+    const attestedDecryptRequest = create(AttestedDecryptRequestSchema, {
+        userAddress: requesterAccount.address,
+        handlesWithProofs: handlesWithProofs,
+        eip712Signature: hexToBytes(eip712Signature),
+        reencryptPubKey: reencryptPubKey ? reencryptPubKey : Uint8Array.from([]),
+    });
+    let response = await kmsQuorumClient.attestedDecrypt(attestedDecryptRequest, executorAddress, ethClient, backoffConfig, reencryptKeypair);
+    // If reencryptPubKey is provided with a keypair, decrypt the encrypted attestations
+    if (reencryptPubKey !== undefined && reencryptKeypair) {
+        response = await decryptEncryptedAttestations(response, reencryptKeypair);
+    }
+    return response;
+}
+// Below are helpers to get ABIs of functions/structs from the SessionVerifier
+// contract.
+// Get the ABI of the `AllowanceVoucher` struct.
+function getAllowanceVoucherAbi() {
+    // Find the `allowanceVoucherDigest` function, it takes an AllowanceVoucher
+    // as sole argument.
+    const allowanceVoucherDigest = advancedAccessControlAbi.find((item) => item.name === 'allowanceVoucherDigest');
+    if (!allowanceVoucherDigest) {
+        throw new Error('allowanceVoucherDigest not found');
+    }
+    // Get the input whose internalType is "struct AllowanceVoucher"
+    const allowanceVoucherInput = allowanceVoucherDigest.inputs.find((input) => input.internalType === 'struct AllowanceVoucher');
+    if (!allowanceVoucherInput) {
+        throw new Error('allowanceVoucherInput not found');
+    }
+    return allowanceVoucherInput.components;
+}
+// Get the ABI of the `Session` struct.
+//
+// We specifically created an ABIHelper.sol contract to export the Session
+// struct from the SessionVerifier contract.
+function getSessionAbi() {
+    const getSession = abiHelperAbi.find((item) => 'name' in item && item.name === 'getSession');
+    if (!getSession) {
+        throw new Error('getSession not found');
+    }
+    const session = getSession.outputs[0];
+    if (!session) {
+        throw new Error('session not found');
+    }
+    return session.components;
+}
+// Get the ABI of the `canUseSession` function.
+function getCanUseSessionAbi() {
+    const canUseSession = sessionVerifierAbi.find((item) => 'name' in item && item.name === 'canUseSession');
+    if (!canUseSession) {
+        throw new Error('canUseSession not found');
+    }
+    return canUseSession;
+}
+function getAdvancedAcl(incoVerifierAddress, sharerWalletClient) {
+    return getContract({
+        address: incoVerifierAddress,
+        abi: advancedAccessControlAbi,
+        client: sharerWalletClient,
+    });
+}
+function getIncoLightning(incoLiteAddress, walletClient) {
+    return getContract({
+        address: incoLiteAddress,
+        abi: incoLightningAbi,
+        client: walletClient,
+    });
+}
+async function getIncoVerifier(incoLiteAddress, walletClient) {
+    const incoLite = getIncoLightning(incoLiteAddress, walletClient);
+    const incoVerifierAddress = await incoLite.read.incoVerifier();
+    return getContract({
+        address: incoVerifierAddress,
+        abi: incoVerifierAbi,
+        client: walletClient,
+    });
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2Vzc2lvbi1rZXkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYWR2YW5jZWRhY2wvc2Vzc2lvbi1rZXkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLG9CQUFvQixDQUFDO0FBQzVDLE9BQU8sRUFHTCxVQUFVLEVBRVYsbUJBQW1CLEVBQ25CLFdBQVcsRUFFWCxVQUFVLEVBRVYsa0JBQWtCLEdBR25CLE1BQU0sTUFBTSxDQUFDO0FBV2QsT0FBTyxFQUNMLFlBQVksRUFDWix3QkFBd0IsRUFDeEIsZ0JBQWdCLEVBQ2hCLGtCQUFrQixHQUNuQixNQUFNLGdDQUFnQyxDQUFDO0FBQ3hDLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSwrQkFBK0IsQ0FBQztBQUNoRSxPQUFPLEVBQUUsZUFBZSxFQUFhLE1BQU0sYUFBYSxDQUFDO0FBTXpELE9BQU8sRUFDTCw0QkFBNEIsRUFDNUIsNEJBQTRCLEdBQzdCLE1BQU0sa0JBQWtCLENBQUM7QUFDMUIsT0FBTyxFQUFFLHdCQUF3QixFQUFxQixNQUFNLGtCQUFrQixDQUFDO0FBQy9FLE9BQU8sRUFBRSxtQkFBbUIsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBSS9ELE9BQU8sRUFDTCxvQkFBb0IsR0FFckIsTUFBTSw2QkFBNkIsQ0FBQztBQUNyQyxPQUFPLEVBQUUsNEJBQTRCLEVBQUUsTUFBTSx3Q0FBd0MsQ0FBQztBQUN0RixPQUFPLEVBQUUsb0JBQW9CLEVBQUUsTUFBTSw2QkFBNkIsQ0FBQztBQUNuRSxPQUFPLEVBQUUsd0JBQXdCLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUMvRCxPQUFPLEVBQ0wsNEJBQTRCLEVBQzVCLDRCQUE0QixHQUM3QixNQUFNLG9EQUFvRCxDQUFDO0FBQzVELE9BQU8sRUFDTCxvQkFBb0IsRUFDcEIsc0JBQXNCLEVBQ3RCLHFCQUFxQixFQUNyQiw4QkFBOEIsR0FDL0IsTUFBTSw4Q0FBOEMsQ0FBQztBQUd0RCwyRUFBMkU7QUFDM0UsMkVBQTJFO0FBQzNFLG9FQUFvRTtBQUVwRSw2RUFBNkU7QUFDN0Usd0VBQXdFO0FBQ3hFLE1BQU0sQ0FBQyxNQUFNLG1CQUFtQixHQUM5QixzSUFBc0ksQ0FBQztBQVd6SSxzRUFBc0U7QUFDdEUsd0VBQXdFO0FBQ3hFLDBFQUEwRTtBQUMxRSxNQUFNLENBQUMsS0FBSyxVQUFVLHNCQUFzQixDQUMxQyxlQUF3QixFQUN4QixrQkFBMkQsRUFDM0QsaUJBQTBCLEVBQzFCLFlBQWlCLEVBQ2pCLGFBQWtCO0lBRWxCLE1BQU0sUUFBUSxHQUFHLE1BQU0sZUFBZSxDQUFDLGVBQWUsRUFBRSxrQkFBa0IsQ0FBQyxDQUFDO0lBRTVFLDBFQUEwRTtJQUMxRSx3Q0FBd0M7SUFDeEMsTUFBTSxZQUFZLEdBQUcsTUFBTSxRQUFRLENBQUMsSUFBSSxDQUFDLDZCQUE2QixDQUFDO1FBQ3JFLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxPQUFPO0tBQ25DLENBQUMsQ0FBQztJQUVILE9BQU87UUFDTCxZQUFZO1FBQ1osaUJBQWlCO1FBQ2pCLFlBQVk7UUFDWixhQUFhO1FBQ2IsT0FBTyxFQUFFLG1CQUFtQjtLQUM3QixDQUFDO0FBQ0osQ0FBQztBQXNDRCx1REFBdUQ7QUFDdkQsZ0ZBQWdGO0FBQ2hGLE1BQU0sQ0FBQyxLQUFLLFVBQVUsZUFBZSxDQUFDLEVBQ3BDLE9BQU8sRUFDUCxlQUFlLEVBQ2YsOEJBQThCLEVBQzlCLGNBQWMsRUFDZCxrQkFBa0IsRUFDbEIsU0FBUyxHQUNXO0lBQ3BCLGlEQUFpRDtJQUNqRCxJQUFJLENBQUMsQ0FBQyxTQUFTLFlBQVksSUFBSSxDQUFDLElBQUksS0FBSyxDQUFDLFNBQVMsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDL0QsTUFBTSxJQUFJLEtBQUssQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO0lBQzNELENBQUM7SUFFRCxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7SUFDekIsTUFBTSxXQUFXLEdBQUcsU0FBUyxDQUFDLE9BQU8sRUFBRSxDQUFDO0lBRXhDLDJDQUEyQztJQUMzQyxJQUFJLFdBQVcsR0FBRyxLQUFLLEVBQUUsQ0FBQztRQUN4QixNQUFNLElBQUksS0FBSyxDQUFDLGlDQUFpQyxDQUFDLENBQUM7SUFDckQsQ0FBQztJQUVELE1BQU0sYUFBYSxHQUFHLG1CQUFtQixDQUFDLGFBQWEsRUFBRSxFQUFFO1FBQ3pELGNBQWM7UUFDZCxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLENBQUM7S0FDdkMsQ0FBQyxDQUFDO0lBRUgsTUFBTSxZQUFZLEdBQUcsTUFBTSxlQUFlLENBQ3hDLGVBQWUsRUFDZixrQkFBa0IsQ0FDbkIsQ0FBQztJQUVGLG1DQUFtQztJQUNuQyxpQkFBaUI7SUFDakIsc0JBQXNCO0lBQ3RCLHlCQUF5QjtJQUN6QixtQkFBbUI7SUFDbkIsNkJBQTZCO0lBQzdCLGdCQUFnQjtJQUNoQiw4QkFBOEI7SUFDOUIsTUFBTSxjQUFjLEdBQUcsTUFBTSxZQUFZLENBQUMsSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO0lBQzlELE1BQU0sZ0JBQWdCLEdBQVcsY0FBYyxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ25ELE1BQU0sbUJBQW1CLEdBQVcsY0FBYyxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBRXRELE1BQU0sT0FBTyxHQUFHLE1BQU0sc0JBQXNCLENBQzFDLGVBQWUsRUFDZixrQkFBa0I7SUFDbEIsNEVBQTRFO0lBQzVFLDZCQUE2QjtJQUM3Qiw4QkFBOEIsRUFDOUIsa0JBQWtCLENBQUMsbUJBQW1CLEVBQUUsQ0FBQyxFQUN6QyxhQUFhLENBQ2QsQ0FBQztJQUNGLE1BQU0sYUFBYSxHQUFHLG1CQUFtQixDQUFDO1FBQ3hDLE9BQU87UUFDUCxXQUFXLEVBQUUsa0JBQWtCO1FBQy9CLGlCQUFpQixFQUFFLHNCQUFzQixFQUFFO1FBQzNDLE9BQU8sRUFBRSxPQUFPO1FBQ2hCLHdFQUF3RTtRQUN4RSxnRUFBZ0U7UUFDaEUsaUJBQWlCLEVBQUUsWUFBWSxDQUFDLE9BQU87UUFDdkMsVUFBVSxFQUFFLGdCQUFnQjtRQUM1QixhQUFhLEVBQUUsbUJBQW1CO0tBQ25DLENBQUMsQ0FBQztJQUVILHVFQUF1RTtJQUN2RSxXQUFXO0lBQ1gsTUFBTSxnQkFBZ0IsR0FDcEIsTUFBTSxrQkFBa0IsQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDLENBQUM7SUFFeEQsT0FBTztRQUNMLE1BQU0sRUFBRSxrQkFBa0IsQ0FBQyxPQUFPLENBQUMsT0FBTztRQUMxQyxPQUFPO1FBQ1AsZ0JBQWdCO0tBQ2pCLENBQUM7QUFDSixDQUFDO0FBRUQsTUFBTSxDQUFDLEtBQUssVUFBVSw2QkFBNkIsQ0FBQyxFQUNsRCxPQUFPLEVBQ1AsZUFBZSxFQUNmLDhCQUE4QixFQUM5QixrQkFBa0IsRUFDbEIsYUFBYSxHQUNxQjtJQUNsQyxNQUFNLFlBQVksR0FBRyxNQUFNLGVBQWUsQ0FDeEMsZUFBZSxFQUNmLGtCQUFrQixDQUNuQixDQUFDO0lBRUYsbUNBQW1DO0lBQ25DLGlCQUFpQjtJQUNqQixzQkFBc0I7SUFDdEIseUJBQXlCO0lBQ3pCLG1CQUFtQjtJQUNuQiw2QkFBNkI7SUFDN0IsZ0JBQWdCO0lBQ2hCLDhCQUE4QjtJQUM5QixNQUFNLGNBQWMsR0FBRyxNQUFNLFlBQVksQ0FBQyxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7SUFDOUQsTUFBTSxnQkFBZ0IsR0FBVyxjQUFjLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDbkQsTUFBTSxtQkFBbUIsR0FBVyxjQUFjLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFFdEQsTUFBTSxPQUFPLEdBQUcsTUFBTSxzQkFBc0IsQ0FDMUMsZUFBZSxFQUNmLGtCQUFrQjtJQUNsQiw0RUFBNEU7SUFDNUUsNkJBQTZCO0lBQzdCLDhCQUE4QixFQUM5QixrQkFBa0IsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDLEVBQ3pDLGFBQWEsQ0FDZCxDQUFDO0lBQ0YsTUFBTSxhQUFhLEdBQUcsbUJBQW1CLENBQUM7UUFDeEMsT0FBTztRQUNQLFdBQVcsRUFBRSxrQkFBa0I7UUFDL0IsaUJBQWlCLEVBQUUsc0JBQXNCLEVBQUU7UUFDM0MsT0FBTyxFQUFFLE9BQU87UUFDaEIsd0VBQXdFO1FBQ3hFLGdFQUFnRTtRQUNoRSxpQkFBaUIsRUFBRSxZQUFZLENBQUMsT0FBTztRQUN2QyxVQUFVLEVBQUUsZ0JBQWdCO1FBQzVCLGFBQWEsRUFBRSxtQkFBbUI7S0FDbkMsQ0FBQyxDQUFDO0lBRUgsdUVBQXVFO0lBQ3ZFLFdBQVc7SUFDWCxNQUFNLGdCQUFnQixHQUNwQixNQUFNLGtCQUFrQixDQUFDLGFBQWEsQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUV4RCxPQUFPO1FBQ0wsTUFBTSxFQUFFLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxPQUFPO1FBQzFDLE9BQU87UUFDUCxnQkFBZ0I7S0FDakIsQ0FBQztBQUNKLENBQUM7QUFFRCxNQUFNLENBQUMsS0FBSyxVQUFVLGdDQUFnQyxDQUNwRCxlQUF3QixFQUN4QixrQkFBMkQ7SUFFM0QsTUFBTSxRQUFRLEdBQUcsTUFBTSxlQUFlLENBQUMsZUFBZSxFQUFFLGtCQUFrQixDQUFDLENBQUM7SUFDNUUsTUFBTSxJQUFJLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FBQyxlQUFlLENBQUMsSUFBSSxVQUFVLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ3BFLE1BQU0sTUFBTSxHQUFHLE1BQU0sUUFBUSxDQUFDLEtBQUssQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7SUFDN0UsT0FBTyxNQUFNLENBQUM7QUFDaEIsQ0FBQztBQW1DRCxnRkFBZ0Y7QUFDaEYsMEJBQTBCO0FBQzFCLE1BQU0sQ0FBQyxLQUFLLFVBQVUseUJBQXlCLENBQTZCLEVBQzFFLFNBQVMsRUFDVCxFQUFFLEVBQ0YsWUFBWSxFQUNaLGFBQWEsRUFDYixPQUFPLEVBQ1AsZUFBZSxFQUNmLGdCQUFnQixFQUNoQix1QkFBdUIsRUFDdkIsZ0JBQWdCLEVBQ2hCLFNBQVMsRUFDVCxlQUFlLEVBQ2YsZUFBZSxFQUNmLGdCQUFnQixHQUNjO0lBSTlCLE1BQU0sZ0JBQWdCLEdBQUcsZ0JBQWdCLENBQUM7SUFDMUMsTUFBTSxlQUFlLEdBQUcsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDO0lBRTdDLElBQ0UsZUFBZTtRQUNmLGdCQUFnQjtRQUNoQixDQUFDLHdCQUF3QixDQUFDLGVBQWUsRUFBRSxnQkFBZ0IsQ0FBQyxFQUM1RCxDQUFDO1FBQ0QsTUFBTSxJQUFJLG9CQUFvQixDQUM1Qiw0REFBNEQsQ0FDN0QsQ0FBQztJQUNKLENBQUM7SUFFRCxNQUFNLG1CQUFtQixHQUFHLE1BQU0sd0JBQXdCLENBQ3hELGVBQWUsRUFDZixTQUFTLENBQ1YsQ0FBQztJQUVGLDZFQUE2RTtJQUM3RSw2Q0FBNkM7SUFDN0MsTUFBTSxhQUFhLEdBQUcsbUJBQW1CLENBQUM7UUFDeEMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxPQUFPLENBQUM7UUFDeEIsV0FBVyxFQUFFLHdCQUF3QjtRQUNyQyxpQkFBaUIsRUFBRTtZQUNqQixFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRTtZQUM3QixFQUFFLElBQUksRUFBRSxXQUFXLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRTtZQUN0QyxFQUFFLElBQUksRUFBRSxjQUFjLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRTtZQUN6QyxFQUFFLElBQUksRUFBRSxXQUFXLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRTtTQUNyQztRQUNELE9BQU8sRUFBRTtZQUNQLEVBQUUsRUFBRSxFQUFFO1lBQ04sU0FBUyxFQUFFLFNBQVM7WUFDcEIsWUFBWSxFQUFFLGVBQWUsQ0FBQyxlQUFlLENBQUM7WUFDOUMsU0FBUyxFQUFFLFVBQVUsQ0FDbkIsZUFBZSxDQUFDLENBQUMsQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFDLElBQUksVUFBVSxFQUFFLENBQ3JEO1NBQ0Y7UUFDRCxVQUFVLEVBQUUsNEJBQTRCO1FBQ3hDLGFBQWEsRUFBRSxtQkFBbUI7S0FDbkMsQ0FBQyxDQUFDO0lBQ0gsZ0ZBQWdGO0lBQ2hGLG9EQUFvRDtJQUNwRCxNQUFNLGVBQWUsR0FBRyxNQUFNLGdCQUFnQixDQUFDLGFBQWEsQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUU1RSxNQUFNLHNCQUFzQixHQUEyQixNQUFNLENBQzNELDRCQUE0QixFQUM1QjtRQUNFLFdBQVcsRUFBRSxnQkFBZ0IsQ0FBQyxPQUFPO1FBQ3JDLGVBQWUsRUFBRSxlQUFlLENBQUMsQ0FBQyxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsSUFBSSxVQUFVLEVBQUU7UUFDckUsRUFBRSxFQUFFLEVBQUU7UUFDTixTQUFTLEVBQUUsU0FBUztRQUNwQixZQUFZLEVBQUUsZUFBZSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7UUFDMUMsZUFBZSxFQUFFLFVBQVUsQ0FBQyxlQUFlLENBQUM7UUFDNUMsUUFBUSxFQUFFO1lBQ1IsS0FBSyxFQUFFO2dCQUNMLElBQUksRUFBRSwwQkFBMEI7Z0JBQ2hDLEtBQUssRUFBRSxNQUFNLENBQUMsOEJBQThCLEVBQUU7b0JBQzVDLGNBQWMsRUFBRSxNQUFNLENBQUMsb0JBQW9CLEVBQUU7d0JBQzNDLE1BQU0sRUFBRSx1QkFBdUIsQ0FBQyxNQUFNO3dCQUN0QyxPQUFPLEVBQUUsTUFBTSxDQUFDLHNCQUFzQixFQUFFOzRCQUN0QyxZQUFZLEVBQUUsVUFBVSxDQUN0Qix1QkFBdUIsQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUM3Qzs0QkFDRCxpQkFBaUIsRUFDZix1QkFBdUIsQ0FBQyxPQUFPLENBQUMsaUJBQWlCOzRCQUNuRCxZQUFZLEVBQUUsVUFBVSxDQUN0Qix1QkFBdUIsQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUM3Qzs0QkFDRCxhQUFhLEVBQUUsVUFBVSxDQUN2Qix1QkFBdUIsQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUM5Qzs0QkFDRCxPQUFPLEVBQUUsdUJBQXVCLENBQUMsT0FBTyxDQUFDLE9BQU87eUJBQ2pELENBQUM7d0JBQ0YsZ0JBQWdCLEVBQUUsVUFBVSxDQUMxQix1QkFBdUIsQ0FBQyxnQkFBZ0IsQ0FDekM7d0JBQ0QsNkRBQTZEO3dCQUM3RCxnQkFBZ0IsRUFBRSxnQkFBZ0I7NEJBQ2hDLENBQUMsQ0FBQyxVQUFVLENBQUMsZ0JBQWdCLENBQUM7NEJBQzlCLENBQUMsQ0FBQyxJQUFJLFVBQVUsRUFBRTtxQkFDckIsQ0FBQztpQkFDSCxDQUFDO2FBQ0g7U0FDRjtLQUNGLENBQ0YsQ0FBQztJQUVGLElBQUksUUFBUSxHQUFHLE1BQU0sZUFBZSxDQUFDLGVBQWUsQ0FDbEQsc0JBQXNCLEVBQ3RCLGVBQWUsRUFDZixTQUFTLEVBQ1QsYUFBYSxFQUNiLGdCQUFnQixDQUNqQixDQUFDO0lBRUYsbUZBQW1GO0lBQ25GLElBQUksZUFBZSxJQUFJLGdCQUFnQixFQUFFLENBQUM7UUFDeEMsTUFBTSxDQUFDLG9CQUFvQixDQUFDLEdBQUcsTUFBTSw0QkFBNEIsQ0FDL0QsQ0FBQyxRQUFRLENBQUMsRUFDVixnQkFBZ0IsQ0FDakIsQ0FBQztRQUNGLE9BQU8sb0JBR04sQ0FBQztJQUNKLENBQUM7SUFFRCxPQUFPLFFBQVEsQ0FBQztBQUNsQixDQUFDO0FBK0JEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQTZCRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUseUJBQXlCLENBQUMsRUFDOUMsT0FBTyxFQUNQLGVBQWUsRUFDZixPQUFPLEVBQ1AsZ0JBQWdCLEVBQ2hCLHVCQUF1QixFQUN2QixnQkFBZ0IsRUFDaEIsYUFBYSxFQUNiLGVBQWUsRUFDZixnQkFBZ0IsRUFDaEIsU0FBUyxFQUNULGVBQWUsR0FDZTtJQU05QixNQUFNLGdCQUFnQixHQUFHLGdCQUFnQixDQUFDO0lBRTFDLElBQ0UsZUFBZTtRQUNmLGdCQUFnQjtRQUNoQixDQUFDLHdCQUF3QixDQUFDLGVBQWUsRUFBRSxnQkFBZ0IsQ0FBQyxFQUM1RCxDQUFDO1FBQ0QsTUFBTSxJQUFJLG9CQUFvQixDQUM1Qiw0REFBNEQsQ0FDN0QsQ0FBQztJQUNKLENBQUM7SUFFRCxNQUFNLG1CQUFtQixHQUFHLE1BQU0sd0JBQXdCLENBQ3hELGVBQWUsRUFDZixTQUFTLENBQ1YsQ0FBQztJQUVGLDZFQUE2RTtJQUM3RSw2Q0FBNkM7SUFDN0MsTUFBTSxhQUFhLEdBQUcsbUJBQW1CLENBQUM7UUFDeEMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxPQUFPLENBQUM7UUFDeEIsV0FBVyxFQUFFLHdCQUF3QjtRQUNyQyxpQkFBaUIsRUFBRTtZQUNqQixFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLFdBQVcsRUFBRTtZQUN0QyxFQUFFLElBQUksRUFBRSxXQUFXLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRTtTQUNyQztRQUNELE9BQU8sRUFBRTtZQUNQLE9BQU8sRUFBRSxPQUFPO1lBQ2hCLFNBQVMsRUFBRSxVQUFVLENBQ25CLGVBQWUsQ0FBQyxDQUFDLENBQUMsZUFBZSxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUN4RDtTQUNGO1FBQ0QsVUFBVSxFQUFFLDRCQUE0QjtRQUN4QyxhQUFhLEVBQUUsbUJBQW1CO0tBQ25DLENBQUMsQ0FBQztJQUNILGdGQUFnRjtJQUNoRixvREFBb0Q7SUFDcEQsTUFBTSxlQUFlLEdBQUcsTUFBTSxnQkFBZ0IsQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDLENBQUM7SUFDNUUsTUFBTSxpQkFBaUIsR0FBMkIsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFO1FBQ3ZFLE9BQU8sTUFBTSxDQUFDLHFCQUFxQixFQUFFO1lBQ25DLE1BQU0sRUFBRSxNQUFNO1lBQ2QsUUFBUSxFQUFFO2dCQUNSLEtBQUssRUFBRTtvQkFDTCxJQUFJLEVBQUUsMEJBQTBCO29CQUNoQyxLQUFLLEVBQUUsTUFBTSxDQUFDLDhCQUE4QixFQUFFO3dCQUM1QyxjQUFjLEVBQUUsTUFBTSxDQUFDLG9CQUFvQixFQUFFOzRCQUMzQyxNQUFNLEVBQUUsdUJBQXVCLENBQUMsTUFBTTs0QkFDdEMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxzQkFBc0IsRUFBRTtnQ0FDdEMsWUFBWSxFQUFFLFVBQVUsQ0FDdEIsdUJBQXVCLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FDN0M7Z0NBQ0QsaUJBQWlCLEVBQ2YsdUJBQXVCLENBQUMsT0FBTyxDQUFDLGlCQUFpQjtnQ0FDbkQsWUFBWSxFQUFFLFVBQVUsQ0FDdEIsdUJBQXVCLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FDN0M7Z0NBQ0QsYUFBYSxFQUFFLFVBQVUsQ0FDdkIsdUJBQXVCLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FDOUM7Z0NBQ0QsT0FBTyxFQUFFLHVCQUF1QixDQUFDLE9BQU8sQ0FBQyxPQUFPOzZCQUNqRCxDQUFDOzRCQUNGLGdCQUFnQixFQUFFLFVBQVUsQ0FDMUIsdUJBQXVCLENBQUMsZ0JBQWdCLENBQ3pDOzRCQUNELDZEQUE2RDs0QkFDN0QsZ0JBQWdCLEVBQUUsZ0JBQWdCO2dDQUNoQyxDQUFDLENBQUMsVUFBVSxDQUFDLGdCQUFnQixDQUFDO2dDQUM5QixDQUFDLENBQUMsSUFBSSxVQUFVLEVBQUU7eUJBQ3JCLENBQUM7cUJBQ0gsQ0FBQztpQkFDSDthQUNGO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQyxDQUFDLENBQUM7SUFFSCxNQUFNLHNCQUFzQixHQUEyQixNQUFNLENBQzNELDRCQUE0QixFQUM1QjtRQUNFLFdBQVcsRUFBRSxnQkFBZ0IsQ0FBQyxPQUFPO1FBQ3JDLGlCQUFpQixFQUFFLGlCQUFpQjtRQUNwQyxlQUFlLEVBQUUsVUFBVSxDQUFDLGVBQWUsQ0FBQztRQUM1QyxlQUFlLEVBQUUsZUFBZSxDQUFDLENBQUMsQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO0tBQ3pFLENBQ0YsQ0FBQztJQUVGLElBQUksUUFBUSxHQUFHLE1BQU0sZUFBZSxDQUFDLGVBQWUsQ0FDbEQsc0JBQXNCLEVBQ3RCLGVBQWUsRUFDZixTQUFTLEVBQ1QsYUFBYSxFQUNiLGdCQUFnQixDQUNqQixDQUFDO0lBRUYsb0ZBQW9GO0lBQ3BGLElBQUksZUFBZSxLQUFLLFNBQVMsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO1FBQ3RELFFBQVEsR0FBRyxNQUFNLDRCQUE0QixDQUFDLFFBQVEsRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDO0lBQzVFLENBQUM7SUFFRCxPQUFPLFFBQVEsQ0FBQztBQUNsQixDQUFDO0FBRUQsOEVBQThFO0FBQzlFLFlBQVk7QUFFWixnREFBZ0Q7QUFDaEQsU0FBUyxzQkFBc0I7SUFDN0IsMkVBQTJFO0lBQzNFLG9CQUFvQjtJQUNwQixNQUFNLHNCQUFzQixHQUFHLHdCQUF3QixDQUFDLElBQUksQ0FDMUQsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxJQUFJLEtBQUssd0JBQXdCLENBQ2pELENBQUM7SUFDRixJQUFJLENBQUMsc0JBQXNCLEVBQUUsQ0FBQztRQUM1QixNQUFNLElBQUksS0FBSyxDQUFDLGtDQUFrQyxDQUFDLENBQUM7SUFDdEQsQ0FBQztJQUVELGdFQUFnRTtJQUNoRSxNQUFNLHFCQUFxQixHQUFHLHNCQUFzQixDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQzlELENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxLQUFLLENBQUMsWUFBWSxLQUFLLHlCQUF5QixDQUM1RCxDQUFDO0lBQ0YsSUFBSSxDQUFDLHFCQUFxQixFQUFFLENBQUM7UUFDM0IsTUFBTSxJQUFJLEtBQUssQ0FBQyxpQ0FBaUMsQ0FBQyxDQUFDO0lBQ3JELENBQUM7SUFFRCxPQUFPLHFCQUFxQixDQUFDLFVBQVUsQ0FBQztBQUMxQyxDQUFDO0FBRUQsdUNBQXVDO0FBQ3ZDLEVBQUU7QUFDRiwwRUFBMEU7QUFDMUUsNENBQTRDO0FBQzVDLFNBQVMsYUFBYTtJQUNwQixNQUFNLFVBQVUsR0FBRyxZQUFZLENBQUMsSUFBSSxDQUNsQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsTUFBTSxJQUFJLElBQUksSUFBSSxJQUFJLENBQUMsSUFBSSxLQUFLLFlBQVksQ0FDdkQsQ0FBQztJQUNGLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUNoQixNQUFNLElBQUksS0FBSyxDQUFDLHNCQUFzQixDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVELE1BQU0sT0FBTyxHQUFHLFVBQVUsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDdEMsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBQ2IsTUFBTSxJQUFJLEtBQUssQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRCxPQUFPLE9BQU8sQ0FBQyxVQUFVLENBQUM7QUFDNUIsQ0FBQztBQUVELCtDQUErQztBQUMvQyxTQUFTLG1CQUFtQjtJQUMxQixNQUFNLGFBQWEsR0FBRyxrQkFBa0IsQ0FBQyxJQUFJLENBQzNDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLElBQUksSUFBSSxJQUFJLElBQUksQ0FBQyxJQUFJLEtBQUssZUFBZSxDQUMxRCxDQUFDO0lBQ0YsSUFBSSxDQUFDLGFBQWEsRUFBRSxDQUFDO1FBQ25CLE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLENBQUMsQ0FBQztJQUM3QyxDQUFDO0lBRUQsT0FBTyxhQUFhLENBQUM7QUFDdkIsQ0FBQztBQUVELFNBQVMsY0FBYyxDQUNyQixtQkFBNEIsRUFDNUIsa0JBQTJEO0lBRTNELE9BQU8sV0FBVyxDQUFDO1FBQ2pCLE9BQU8sRUFBRSxtQkFBbUI7UUFDNUIsR0FBRyxFQUFFLHdCQUF3QjtRQUM3QixNQUFNLEVBQUUsa0JBQWtCO0tBQzNCLENBQUMsQ0FBQztBQUNMLENBQUM7QUFFRCxTQUFTLGdCQUFnQixDQUN2QixlQUF3QixFQUN4QixZQUFxRDtJQUVyRCxPQUFPLFdBQVcsQ0FBQztRQUNqQixPQUFPLEVBQUUsZUFBZTtRQUN4QixHQUFHLEVBQUUsZ0JBQWdCO1FBQ3JCLE1BQU0sRUFBRSxZQUFZO0tBQ3JCLENBQUMsQ0FBQztBQUNMLENBQUM7QUFFRCxLQUFLLFVBQVUsZUFBZSxDQUM1QixlQUF3QixFQUN4QixZQUFxRDtJQUVyRCxNQUFNLFFBQVEsR0FBRyxnQkFBZ0IsQ0FBQyxlQUFlLEVBQUUsWUFBWSxDQUFDLENBQUM7SUFDakUsTUFBTSxtQkFBbUIsR0FBRyxNQUFNLFFBQVEsQ0FBQyxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7SUFDL0QsT0FBTyxXQUFXLENBQUM7UUFDakIsT0FBTyxFQUFFLG1CQUFtQjtRQUM1QixHQUFHLEVBQUUsZUFBZTtRQUNwQixNQUFNLEVBQUUsWUFBWTtLQUNyQixDQUFDLENBQUM7QUFDTCxDQUFDIn0=

package/dist/esm/advancedacl/types.d.ts

@@ -0,0 +1,16 @@
+import { Address, Hex } from 'viem';
+export type AllowanceVoucher = {
+    sessionNonce: Hex;
+    verifyingContract: Address;
+    callFunction: Hex;
+    sharerArgData: Hex;
+    warning: string;
+};
+export interface AllowanceVoucherWithSig {
+    sharer: Address;
+    voucher: AllowanceVoucher;
+    voucherSignature: Hex;
+}
+export interface AllowanceProof extends AllowanceVoucherWithSig {
+    requesterArgData: Uint8Array;
+}

package/dist/esm/advancedacl/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYWR2YW5jZWRhY2wvdHlwZXMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/esm/attestedcompute/attested-compute.d.ts

@@ -0,0 +1,65 @@
+import type { Account, Chain, Transport, WalletClient } from 'viem';
+import { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/types.js';
+import { HexString } from '../binary.js';
+import { SupportedChainId } from '../chain.js';
+import type { EncryptionScheme, SupportedTeeType } from '../encryption/encryption.js';
+import { KmsQuorumClient } from '../kms/quorumClient.js';
+import { type XwingKeypair } from '../lite/xwing.js';
+import type { BackoffConfig } from '../retry.js';
+import { AttestedComputeOP } from './types.js';
+export declare const ATTESTED_COMPUTE_DOMAIN_NAME = "IncoAttestedCompute";
+/**
+ * Arguments for creating an attested compute.
+ */
+export interface IncoLiteAttestedComputeArgs {
+    /** The wallet used to interact with the blockchain and sign the compute request */
+    walletClient: WalletClient<Transport, Chain, Account>;
+    /** The KMS quorum client instance */
+    kmsQuorumClient: KmsQuorumClient;
+    /** The chain ID to use */
+    chainId: SupportedChainId;
+}
+/**
+ * Creates an attested compute function that can decrypt handles with an attached attestation from the covalidator.
+ * @param args - The arguments for creating the attested compute function
+ * @returns A function that can perform binary operation on a handle and return an attestation
+ * @throws {AttestedComputeError} If the creation fails
+ *
+ * @todo Support multiple operations in a single request.
+ */
+export declare function attestedCompute<T extends SupportedTeeType>({ executorAddress, lhsHandle, op, rhsPlaintext, backoffConfig, walletClient, kmsQuorumClient, chainId, reencryptPubKey, reencryptKeypair, }: {
+    executorAddress: HexString;
+    lhsHandle: HexString;
+    op: AttestedComputeOP;
+    rhsPlaintext: bigint | boolean;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    kmsQuorumClient: KmsQuorumClient;
+    chainId: SupportedChainId;
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair: XwingKeypair;
+}): Promise<DecryptionAttestation<EncryptionScheme, T>>;
+export declare function attestedCompute<T extends SupportedTeeType>({ executorAddress, lhsHandle, op, rhsPlaintext, backoffConfig, walletClient, kmsQuorumClient, chainId, reencryptPubKey, }: {
+    executorAddress: HexString;
+    lhsHandle: HexString;
+    op: AttestedComputeOP;
+    rhsPlaintext: bigint | boolean;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    kmsQuorumClient: KmsQuorumClient;
+    chainId: SupportedChainId;
+    reencryptPubKey: Uint8Array;
+    reencryptKeypair?: never;
+}): Promise<EncryptedDecryptionAttestation<EncryptionScheme, T>>;
+export declare function attestedCompute<T extends SupportedTeeType>({ executorAddress, lhsHandle, op, rhsPlaintext, backoffConfig, walletClient, kmsQuorumClient, chainId, }: {
+    executorAddress: HexString;
+    lhsHandle: HexString;
+    op: AttestedComputeOP;
+    rhsPlaintext: bigint | boolean;
+    backoffConfig?: Partial<BackoffConfig> | undefined;
+    walletClient: WalletClient<Transport, Chain, Account>;
+    kmsQuorumClient: KmsQuorumClient;
+    chainId: SupportedChainId;
+    reencryptPubKey?: never;
+    reencryptKeypair?: never;
+}): Promise<DecryptionAttestation<EncryptionScheme, T>>;