@inco/lightning 0.10.0-devnet-3 → 0.11.0-demonet-2

package/src/libs/incoLightning_testnet_v2_889158349.sol

@@ -801,6 +801,13 @@ library e {
         inco.allow(eaddress.unwrap(a), to);
     }
 
+    /// @notice Allows an address to access an elist
+    ///  @param a The elist
+    ///  @param to The address to allow
+    function allow(elist a, address to) internal {
+        inco.allow(elist.unwrap(a), to);
+    }
+
     /// @notice Reveals an encrypted uint256
     ///  @param a The encrypted uint256
     function reveal(euint256 a) internal {
@@ -819,6 +826,12 @@ library e {
         inco.reveal(eaddress.unwrap(a));
     }
 
+    /// @notice Reveals an elist (makes all elements publicly readable without wallet authentication)
+    ///  @param a The elist
+    function reveal(elist a) internal {
+        inco.reveal(elist.unwrap(a));
+    }
+
     /// @notice Verifies a decryption attestation for a euint256
     ///  @param handle The encrypted handle
     ///  @param value The claimed decrypted value
@@ -857,6 +870,12 @@ library e {
         allow(a, address(this));
     }
 
+    /// @notice Allows this contract to access an elist
+    ///  @param a The elist
+    function allowThis(elist a) internal {
+        allow(a, address(this));
+    }
+
     /// @notice Checks if a user is allowed to access an encrypted uint256
     ///  @param user The address to check
     ///  @param a The encrypted uint256

package/src/lightning-parts/AccessControl/AdvancedAccessControl.sol

@@ -1,7 +1,11 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import {AllowanceVoucher, AllowanceProof} from "./AdvancedAccessControl.types.sol";
+import {
+    AllowanceVoucher,
+    AllowanceProof,
+    REQUIRED_ALLOWANCE_VOUCHER_WARNING_HASH
+} from "./AdvancedAccessControl.types.sol";
 import {ALLOWANCE_GRANTED_MAGIC_VALUE} from "../../Types.sol";
 import {EIP712Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/cryptography/EIP712Upgradeable.sol";
 import {IAdvancedAccessControl, IVoucherEip712Checker} from "./interfaces/IAdvancedAccessControl.sol";
@@ -47,7 +51,7 @@ abstract contract VoucherEip712Checker is IVoucherEip712Checker, EIP712Upgradeab
     /// @notice EIP-712 type hash for the AllowanceVoucher struct
     /// @dev Computed once at compile time for gas efficiency
     bytes32 constant ALLOWANCE_VOUCHER_STRUCT_HASH = keccak256(
-        "AllowanceVoucher(bytes32 sessionNonce,address verifyingContract,bytes4 callFunction,bytes sharerArgData)"
+        "AllowanceVoucher(string warning,bytes32 sessionNonce,address verifyingContract,bytes4 callFunction,bytes sharerArgData)"
     );
 
     /// @notice Computes the EIP-712 digest for an allowance voucher
@@ -60,6 +64,7 @@ abstract contract VoucherEip712Checker is IVoucherEip712Checker, EIP712Upgradeab
             keccak256(
                 abi.encode(
                     ALLOWANCE_VOUCHER_STRUCT_HASH,
+                    keccak256(bytes(voucher.warning)),
                     voucher.sessionNonce,
                     voucher.verifyingContract,
                     voucher.callFunction,
@@ -95,6 +100,9 @@ abstract contract AdvancedAccessControl is
 
     using SignatureChecker for address;
 
+    /// @notice Thrown when a voucher's warning field does not match the required warning text
+    error InvalidVoucherWarning();
+
     /// @notice Thrown when a voucher signature is invalid for the claimed signer
     /// @param signer The address that allegedly signed the voucher
     /// @param digest The EIP-712 digest that should have been signed
@@ -121,6 +129,9 @@ abstract contract AdvancedAccessControl is
     /// @param proof The allowance proof containing voucher, signature, and requester data
     /// @return True if access is allowed, false or reverts otherwise
     function isAllowedWithProof(bytes32 handle, address account, AllowanceProof memory proof) public returns (bool) {
+        require(
+            keccak256(bytes(proof.voucher.warning)) == REQUIRED_ALLOWANCE_VOUCHER_WARNING_HASH, InvalidVoucherWarning()
+        );
         require(proof.voucher.verifyingContract != address(0), InvalidVerifyingContract());
         require(
             IBaseAccessControlList(incoLightningAddress).isAllowed(handle, proof.sharer),

package/src/lightning-parts/AccessControl/AdvancedAccessControl.types.sol

@@ -1,9 +1,21 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
+// Required warning that must be present in every AllowanceVoucher.
+// Must match SESSION_KEY_WARNING in js/src/advancedacl/session-key.ts.
+string constant REQUIRED_ALLOWANCE_VOUCHER_WARNING =
+    "Inco Warning: signing this message may leak your private data, including from unrelated apps. Sign only if you fully trust this app.";
+
+// Precomputed hash of REQUIRED_ALLOWANCE_VOUCHER_WARNING for cheap runtime comparison.
+// Evaluated at compile time — no storage slot used, no runtime keccak256 of the full string.
+bytes32 constant REQUIRED_ALLOWANCE_VOUCHER_WARNING_HASH = keccak256(bytes(REQUIRED_ALLOWANCE_VOUCHER_WARNING));
+
 // can be for arbitrary handles to arbitrary accounts
 // signed by the account sharing its read access
 struct AllowanceVoucher {
+    // Human-readable warning displayed by wallets at signing time.
+    // Must be first so wallets show it before the opaque byte fields below.
+    string warning;
     bytes32 sessionNonce;
     address verifyingContract;
     bytes4 callFunction;

package/src/lightning-parts/AccessControl/test/TestAdvancedAccessControl.t.sol

@@ -4,6 +4,7 @@ pragma solidity ^0.8;
 import {IncoTest} from "../../../test/IncoTest.sol";
 import {SessionVerifier, Session} from "../../../periphery/SessionVerifier.sol";
 import {AllowanceVoucher, AllowanceProof} from "../AdvancedAccessControl.sol";
+import {REQUIRED_ALLOWANCE_VOUCHER_WARNING} from "../AdvancedAccessControl.types.sol";
 import {euint256, SharerNotAllowedForHandle} from "../../../Types.sol";
 import {e, inco} from "../../../Lib.sol";
 import {AdvancedAccessControl} from "../AdvancedAccessControl.sol";
@@ -93,7 +94,8 @@ contract TestAdvancedAccessControl is IncoTest {
             sessionNonce: bytes32(0),
             verifyingContract: address(0),
             callFunction: SessionVerifier.canUseSession.selector,
-            sharerArgData: abi.encode(Session({decrypter: bob, expiresAt: block.timestamp + 1 days}))
+            sharerArgData: abi.encode(Session({decrypter: bob, expiresAt: block.timestamp + 1 days})),
+            warning: REQUIRED_ALLOWANCE_VOUCHER_WARNING
         });
         AllowanceProof memory bobsProof = getBobsProof(invalidSessionVoucher);
         vm.expectRevert(abi.encodeWithSelector(AdvancedAccessControl.InvalidVerifyingContract.selector));
@@ -111,7 +113,8 @@ contract TestAdvancedAccessControl is IncoTest {
             sessionNonce: bytes32(0),
             verifyingContract: address(sessionVerifier),
             callFunction: SessionVerifier.canUseSession.selector,
-            sharerArgData: abi.encode(Session({decrypter: bob, expiresAt: block.timestamp + 1 days}))
+            sharerArgData: abi.encode(Session({decrypter: bob, expiresAt: block.timestamp + 1 days})),
+            warning: REQUIRED_ALLOWANCE_VOUCHER_WARNING
         });
         AllowanceProof memory bobsProof = getBobsProof(aliceSessionVoucherForBob);
         assertTrue(
@@ -128,7 +131,8 @@ contract TestAdvancedAccessControl is IncoTest {
             sessionNonce: bytes32(0),
             verifyingContract: address(verifier),
             callFunction: verifier.someCheck.selector,
-            sharerArgData: ""
+            sharerArgData: "",
+            warning: REQUIRED_ALLOWANCE_VOUCHER_WARNING
         });
         AllowanceProof memory bobsFirstProof = getBobsProof(voucher);
         assertTrue(
@@ -140,7 +144,8 @@ contract TestAdvancedAccessControl is IncoTest {
             sessionNonce: madeUpNonce,
             verifyingContract: address(verifier),
             callFunction: verifier.someCheck.selector,
-            sharerArgData: ""
+            sharerArgData: "",
+            warning: REQUIRED_ALLOWANCE_VOUCHER_WARNING
         });
         AllowanceProof memory invalidBobProof = getBobsProof(voucher);
         // the session nonce should be checked by inco
@@ -164,7 +169,8 @@ contract TestAdvancedAccessControl is IncoTest {
             sessionNonce: alicesNewNonce,
             verifyingContract: address(verifier),
             callFunction: verifier.someCheck.selector,
-            sharerArgData: ""
+            sharerArgData: "",
+            warning: REQUIRED_ALLOWANCE_VOUCHER_WARNING
         });
         AllowanceProof memory bobsSecondProof = getBobsProof(voucher);
         assertTrue(
@@ -179,7 +185,8 @@ contract TestAdvancedAccessControl is IncoTest {
             sessionNonce: bytes32(0),
             verifyingContract: address(verifier),
             callFunction: verifier.someCheck.selector,
-            sharerArgData: abi.encode(SomeVerifier.SharerArg({handleShared: secretHandle, allowedAccount: bob}))
+            sharerArgData: abi.encode(SomeVerifier.SharerArg({handleShared: secretHandle, allowedAccount: bob})),
+            warning: REQUIRED_ALLOWANCE_VOUCHER_WARNING
         });
         AllowanceProof memory bobsProof = AllowanceProof({
             sharer: alice,
@@ -217,7 +224,8 @@ contract TestAdvancedAccessControl is IncoTest {
             sessionNonce: bytes32(0),
             verifyingContract: address(verifier),
             callFunction: verifier.someCheck.selector,
-            sharerArgData: ""
+            sharerArgData: "",
+            warning: REQUIRED_ALLOWANCE_VOUCHER_WARNING
         });
         // Use bob as sharer, but bob is NOT allowed on the secret (only alice is)
         AllowanceProof memory proof = AllowanceProof({
@@ -237,7 +245,8 @@ contract TestAdvancedAccessControl is IncoTest {
             sessionNonce: bytes32(0),
             verifyingContract: address(verifier),
             callFunction: verifier.someCheck.selector,
-            sharerArgData: ""
+            sharerArgData: "",
+            warning: REQUIRED_ALLOWANCE_VOUCHER_WARNING
         });
         // Alice is the sharer (and is allowed), but we sign with Bob's key
         bytes memory wrongSignature = getSignatureForDigest(incoVerifier.allowanceVoucherDigest(voucher), bobPrivKey);
@@ -252,6 +261,23 @@ contract TestAdvancedAccessControl is IncoTest {
         incoVerifier.isAllowedWithProof(secretHandle, bob, proof);
     }
 
+    /// @notice Test InvalidVoucherWarning error when voucher warning does not match required text
+    function testIsAllowedWithProofInvalidVoucherWarning() public {
+        DoesNotVerifyAnything verifier = new DoesNotVerifyAnything();
+        AllowanceVoucher memory voucher = AllowanceVoucher({
+            sessionNonce: bytes32(0),
+            verifyingContract: address(verifier),
+            callFunction: verifier.someCheck.selector,
+            sharerArgData: "",
+            warning: "wrong warning"
+        });
+        AllowanceProof memory proof = AllowanceProof({
+            sharer: alice, voucher: voucher, voucherSignature: getAliceSig(voucher), requesterArgData: ""
+        });
+        vm.expectRevert(abi.encodeWithSelector(AdvancedAccessControl.InvalidVoucherWarning.selector));
+        incoVerifier.isAllowedWithProof(secretHandle, bob, proof);
+    }
+
     /// @notice Test claimHandle fails when proof verification fails (line 107)
     function testClaimHandleProofVerificationFailed() public {
         SomeVerifier verifier = new SomeVerifier();
@@ -261,7 +287,8 @@ contract TestAdvancedAccessControl is IncoTest {
             sessionNonce: bytes32(0),
             verifyingContract: address(verifier),
             callFunction: verifier.someCheck.selector,
-            sharerArgData: abi.encode(SomeVerifier.SharerArg({handleShared: secretHandle, allowedAccount: bob}))
+            sharerArgData: abi.encode(SomeVerifier.SharerArg({handleShared: secretHandle, allowedAccount: bob})),
+            warning: REQUIRED_ALLOWANCE_VOUCHER_WARNING
         });
         AllowanceProof memory proof = AllowanceProof({
             sharer: alice, // alice IS allowed on the secret

package/src/lightning-parts/EncryptedOperations.sol

@@ -7,6 +7,8 @@ import {
     EOps,
     SenderNotAllowedForHandle,
     ETypes,
+    UnexpectedType,
+    UnsupportedType,
     isTypeSupported,
     canCastTo,
     typeToBitMask
@@ -24,15 +26,6 @@ import {Fee} from "./Fee.sol";
 /// from the operation and inputs, enabling consistent state across chains.
 abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControlList, HandleGeneration, Fee {
 
-    /// @notice Thrown when an operation receives a handle of an unexpected type.
-    /// @param actual The actual type of the handle.
-    /// @param expectedTypes A bitmask of the expected types.
-    error UnexpectedType(ETypes actual, bytes32 expectedTypes);
-
-    /// @notice Thrown when an operation receives an unsupported type.
-    /// @param actual The unsupported type.
-    error UnsupportedType(ETypes actual);
-
     /// @notice Thrown when a cast is attempted to the same type.
     /// @param t The type that was both source and target.
     error SameTypeCast(ETypes t);

package/src/lightning-parts/primitives/EListHandleMetadata.sol

@@ -24,12 +24,12 @@ contract EListHandleMetadata is IEListHandleMetadata {
     /// @notice Embeds the list length into a list handle
     /// @dev Sets bytes 27-28 of the handle to the list length.
     ///      Clears existing length bits before setting new value.
-    /// @param prehandle The 32-byte handle before length embedding
+    /// @param handle The 32-byte handle before length embedding
     /// @param len The number of elements in the list (max 65535)
     /// @return result The handle with embedded list length
-    function embedListLength(bytes32 prehandle, uint16 len) internal pure returns (bytes32 result) {
+    function embedListLength(bytes32 handle, uint16 len) internal pure returns (bytes32 result) {
         // 27 and 28 bits are used for the list length
-        result = prehandle & 0xffffffffffffffffffffffffffffffffffffffffffffffffffffff0000ffffff;
+        result = handle & 0xffffffffffffffffffffffffffffffffffffffffffffffffffffff0000ffffff;
         result = bytes32(uint256(result) | (uint256(len) << 24)); // append length
     }
 
@@ -44,11 +44,11 @@ contract EListHandleMetadata is IEListHandleMetadata {
     /// @notice Embeds the element type into a list handle
     /// @dev Sets byte 29 of the handle to the element type.
     ///      This indicates the encrypted type of individual elements (euint8, euint64, etc.).
-    /// @param prehandle The 32-byte handle before type embedding
+    /// @param handle The 32-byte handle before type embedding
     /// @param listType The encrypted type of list elements
     /// @return result The handle with embedded element type
-    function embedListType(bytes32 prehandle, ETypes listType) internal pure returns (bytes32 result) {
-        result = prehandle & 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00ffff;
+    function embedListType(bytes32 handle, ETypes listType) internal pure returns (bytes32 result) {
+        result = handle & 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00ffff;
         result = bytes32(uint256(result) | (uint256(listType) << 16)); // append element type
     }
 

package/src/lightning-parts/primitives/HandleGeneration.sol

@@ -7,7 +7,6 @@ import {
     EVM_HOST_CHAIN_PREFIX,
     HANDLE_INDEX,
     HANDLE_VERSION,
-    SEP_INPUT_PREHANDLE,
     SEP_INPUT_HANDLE,
     SEP_OP_RESULT
 } from "../../Types.sol";
@@ -78,14 +77,6 @@ contract HandleGeneration is IHandleGeneration, HandleMetadata {
         uint16 version,
         ETypes inputType
     ) internal view returns (bytes32 generatedHandle) {
-        // Prehandle is a legacy concept inherited by an earlier design where we had a preflight system for uploading ciphertexts to an L1 before they could be used.
-        // This is no longer the case and prehandle was mainly kept for compatibility and consistency with the intrernal design docs.
-        // To avoid calling keccak256 twice and save gas the prehandle concept will be dropped in a future PR.
-        bytes32 ctIndexHash = keccak256(
-            // We don't encode the length of the ciphertext because it's the only variable length field which should prevent collisions.
-            abi.encodePacked(SEP_INPUT_PREHANDLE, keccak256(ciphertext), HANDLE_INDEX)
-        );
-        bytes32 prehandle = embedIndexTypeVersion(ctIndexHash, inputType);
         // We must also propagate the handle metadata to the final handle
         generatedHandle = embedIndexTypeVersion(
             keccak256(
@@ -93,7 +84,9 @@ contract HandleGeneration is IHandleGeneration, HandleMetadata {
                     SEP_INPUT_HANDLE,
                     HANDLE_VERSION,
                     inputType,
-                    prehandle,
+                    uint32(ciphertext.length),
+                    ciphertext,
+                    HANDLE_INDEX,
                     EVM_HOST_CHAIN_PREFIX,
                     block.chainid, // todo cache this
                     executorAddress,

package/src/lightning-parts/primitives/HandleMetadata.sol

@@ -16,35 +16,35 @@ contract HandleMetadata {
     /// @param raw The raw uint8 value extracted from the handle.
     error InvalidTypeValue(uint8 raw);
 
-    /// @notice Embeds the handle index, encrypted type, and protocol version into a prehandle
+    /// @notice Embeds the handle index, encrypted type, and protocol version into a handle
     /// @dev Used for input handles where the index distinguishes the source.
-    ///      Clears bytes 29-31 of the prehandle, then sets:
+    ///      Clears bytes 29-31 of the handle, then sets:
     ///      - Byte 29: HANDLE_INDEX constant
     ///      - Byte 30: inputType enum value
     ///      - Byte 31: HANDLE_VERSION constant
-    /// @param prehandle The 32-byte hash before metadata embedding
+    /// @param handle The 32-byte hash before metadata embedding
     /// @param inputType The encrypted type to embed (ebool, euint8, etc.)
     /// @return result The complete handle with embedded metadata
-    function embedIndexTypeVersion(bytes32 prehandle, ETypes inputType) internal pure returns (bytes32 result) {
+    function embedIndexTypeVersion(bytes32 handle, ETypes inputType) internal pure returns (bytes32 result) {
         // Create a mask to clear the last three bytes
         bytes32 mask = bytes32(uint256(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFF));
         // Clear the last three bytes of the original value
-        bytes32 clearedOriginal = prehandle & mask;
+        bytes32 clearedOriginal = handle & mask;
         // Combine the cleared original value with the new last three bytes
         result = clearedOriginal | bytes32((uint256(HANDLE_INDEX) << 16));
         result = embedTypeVersion(result, inputType);
     }
 
-    /// @notice Embeds the encrypted type and protocol version into a prehandle
+    /// @notice Embeds the encrypted type and protocol version into a handle
     /// @dev Used for operation result handles and trivial encryptions.
-    ///      Clears bytes 30-31 of the prehandle, then sets:
+    ///      Clears bytes 30-31 of the handle, then sets:
     ///      - Byte 30: handleType enum value
     ///      - Byte 31: HANDLE_VERSION constant
-    /// @param prehandle The 32-byte hash before metadata embedding
+    /// @param handle The 32-byte hash before metadata embedding
     /// @param handleType The encrypted type to embed (ebool, euint8, etc.)
     /// @return result The handle with type and version embedded
-    function embedTypeVersion(bytes32 prehandle, ETypes handleType) internal pure returns (bytes32 result) {
-        result = prehandle & 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000;
+    function embedTypeVersion(bytes32 handle, ETypes handleType) internal pure returns (bytes32 result) {
+        result = handle & 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000;
         result = bytes32(uint256(result) | (uint256(handleType) << 8)); // append type
         result = bytes32(uint256(result) | HANDLE_VERSION);
     }

package/src/lightning-parts/test/HandleMetadata.t.sol

@@ -16,7 +16,9 @@ import {
     typeToBitMask,
     EOps,
     isTypeSupported,
-    SenderNotAllowedForHandle
+    SenderNotAllowedForHandle,
+    UnexpectedType,
+    UnsupportedType
 } from "../../Types.sol";
 import {VerifierAddressGetter} from "../primitives/VerifierAddressGetter.sol";
 import {FEE} from "../Fee.sol";
@@ -77,11 +79,7 @@ contract TestHandleMetadata is
         ebool control = this.asEbool(false);
         euint256 a = this.asEuint256(42);
         ebool b = this.asEbool(true);
-        vm.expectRevert(
-            abi.encodeWithSelector(
-                EncryptedOperations.UnexpectedType.selector, ETypes.Bool, typeToBitMask(ETypes.Uint256)
-            )
-        );
+        vm.expectRevert(abi.encodeWithSelector(UnexpectedType.selector, ETypes.Bool, typeToBitMask(ETypes.Uint256)));
         this.eIfThenElse(control, euint256.unwrap(a), ebool.unwrap(b));
     }
 
@@ -286,11 +284,7 @@ contract TestHandleMetadata is
         ebool b = this.asEbool(true);
         // Error: UnexpectedType(typeOf(rhs), typeToBitMask(lhsType))
         // With lhs=Uint256, rhs=Bool: UnexpectedType(Bool, typeToBitMask(Uint256))
-        vm.expectRevert(
-            abi.encodeWithSelector(
-                EncryptedOperations.UnexpectedType.selector, ETypes.Bool, typeToBitMask(ETypes.Uint256)
-            )
-        );
+        vm.expectRevert(abi.encodeWithSelector(UnexpectedType.selector, ETypes.Bool, typeToBitMask(ETypes.Uint256)));
         this.eBitAnd(euint256.unwrap(a), ebool.unwrap(b));
     }
 
@@ -298,11 +292,7 @@ contract TestHandleMetadata is
     function testEBitOrTypeMismatch() public {
         euint256 a = this.asEuint256(42);
         ebool b = this.asEbool(true);
-        vm.expectRevert(
-            abi.encodeWithSelector(
-                EncryptedOperations.UnexpectedType.selector, ETypes.Bool, typeToBitMask(ETypes.Uint256)
-            )
-        );
+        vm.expectRevert(abi.encodeWithSelector(UnexpectedType.selector, ETypes.Bool, typeToBitMask(ETypes.Uint256)));
         this.eBitOr(euint256.unwrap(a), ebool.unwrap(b));
     }
 
@@ -310,11 +300,7 @@ contract TestHandleMetadata is
     function testEBitXorTypeMismatch() public {
         euint256 a = this.asEuint256(42);
         ebool b = this.asEbool(true);
-        vm.expectRevert(
-            abi.encodeWithSelector(
-                EncryptedOperations.UnexpectedType.selector, ETypes.Bool, typeToBitMask(ETypes.Uint256)
-            )
-        );
+        vm.expectRevert(abi.encodeWithSelector(UnexpectedType.selector, ETypes.Bool, typeToBitMask(ETypes.Uint256)));
         this.eBitXor(euint256.unwrap(a), ebool.unwrap(b));
     }
 
@@ -322,7 +308,7 @@ contract TestHandleMetadata is
     function testECastUnsupportedType() public {
         euint256 a = this.asEuint256(42);
         ETypes unsupportedType = ETypes.Uint4UNSUPPORTED;
-        vm.expectRevert(abi.encodeWithSelector(EncryptedOperations.UnsupportedType.selector, unsupportedType));
+        vm.expectRevert(abi.encodeWithSelector(UnsupportedType.selector, unsupportedType));
         this.eCast(euint256.unwrap(a), unsupportedType);
     }
 
@@ -330,7 +316,7 @@ contract TestHandleMetadata is
     function testERandBoundedUnsupportedType() public {
         euint256 bound = this.asEuint256(100);
         ETypes unsupportedType = ETypes.Uint4UNSUPPORTED;
-        vm.expectRevert(abi.encodeWithSelector(EncryptedOperations.UnsupportedType.selector, unsupportedType));
+        vm.expectRevert(abi.encodeWithSelector(UnsupportedType.selector, unsupportedType));
         this.eRandBounded{value: FEE}(euint256.unwrap(bound), unsupportedType);
     }
 
@@ -340,7 +326,7 @@ contract TestHandleMetadata is
         // Create a handle with unsupported type by manually crafting one
         bytes32 unsupportedHandle = embedIndexTypeVersion(bytes32(uint256(1)), ETypes.Uint4UNSUPPORTED);
         ebool ifFalse = this.asEbool(false);
-        vm.expectRevert(abi.encodeWithSelector(EncryptedOperations.UnsupportedType.selector, ETypes.Uint4UNSUPPORTED));
+        vm.expectRevert(abi.encodeWithSelector(UnsupportedType.selector, ETypes.Uint4UNSUPPORTED));
         this.eIfThenElse(control, unsupportedHandle, ebool.unwrap(ifFalse));
     }
 
@@ -351,11 +337,7 @@ contract TestHandleMetadata is
         ebool ifFalse = this.asEbool(false);
         // ifTrue is Uint256, ifFalse is Bool - type mismatch should trigger checkInput failure
         // Error is UnexpectedType(ifFalse type=Bool, required type mask for Uint256)
-        vm.expectRevert(
-            abi.encodeWithSelector(
-                EncryptedOperations.UnexpectedType.selector, ETypes.Bool, typeToBitMask(ETypes.Uint256)
-            )
-        );
+        vm.expectRevert(abi.encodeWithSelector(UnexpectedType.selector, ETypes.Bool, typeToBitMask(ETypes.Uint256)));
         this.eIfThenElse(control, euint256.unwrap(ifTrue), ebool.unwrap(ifFalse));
     }
 
@@ -379,7 +361,7 @@ contract TestHandleMetadata is
     // ============ Fuzz Tests for HandleMetadata ============
 
     /// @dev Fuzz test for type embedding round-trip: typeOf(embedTypeVersion(h, t)) == t
-    function testFuzzTypeEmbeddingRoundTrip(bytes32 prehandle, uint8 typeIndex) public pure {
+    function testFuzzTypeEmbeddingRoundTrip(bytes32 handle, uint8 typeIndex) public pure {
         // Constrain to supported types (0=Bool, 7=AddressOrUint160OrBytes20, 8=Uint256)
         ETypes inputType;
         uint8 typeSelector = typeIndex % 3;
@@ -391,14 +373,14 @@ contract TestHandleMetadata is
             inputType = ETypes.Uint256;
         }
 
-        bytes32 embeddedHandle = embedTypeVersion(prehandle, inputType);
+        bytes32 embeddedHandle = embedTypeVersion(handle, inputType);
         ETypes extractedType = typeOf(embeddedHandle);
 
         assert(extractedType == inputType);
     }
 
     /// @dev Fuzz test for embedIndexTypeVersion round-trip
-    function testFuzzEmbedIndexTypeVersionRoundTrip(bytes32 prehandle, uint8 typeIndex) public pure {
+    function testFuzzEmbedIndexTypeVersionRoundTrip(bytes32 handle, uint8 typeIndex) public pure {
         // Constrain to supported types
         ETypes inputType;
         uint8 typeSelector = typeIndex % 3;
@@ -410,14 +392,14 @@ contract TestHandleMetadata is
             inputType = ETypes.Uint256;
         }
 
-        bytes32 embeddedHandle = embedIndexTypeVersion(prehandle, inputType);
+        bytes32 embeddedHandle = embedIndexTypeVersion(handle, inputType);
         ETypes extractedType = typeOf(embeddedHandle);
 
         assert(extractedType == inputType);
     }
 
     /// @dev Fuzz test that typeOf correctly extracts type from handles with valid embedded types
-    function testFuzzTypeOfExtraction(bytes32 prehandle, uint8 typeIndex) public pure {
+    function testFuzzTypeOfExtraction(bytes32 handle, uint8 typeIndex) public pure {
         // First embed a valid type, then verify extraction
         ETypes inputType;
         uint8 typeSelector = typeIndex % 3;
@@ -429,7 +411,7 @@ contract TestHandleMetadata is
             inputType = ETypes.Uint256;
         }
 
-        bytes32 handle = embedTypeVersion(prehandle, inputType);
+        bytes32 handle = embedTypeVersion(handle, inputType);
 
         // Extract the type from the handle
         ETypes extractedType = typeOf(handle);
@@ -444,7 +426,7 @@ contract TestHandleMetadata is
     }
 
     /// @dev Fuzz test that embedding preserves upper bits of handle
-    function testFuzzEmbeddingPreservesUpperBits(bytes32 prehandle, uint8 typeIndex) public pure {
+    function testFuzzEmbeddingPreservesUpperBits(bytes32 handle, uint8 typeIndex) public pure {
         ETypes inputType;
         uint8 typeSelector = typeIndex % 3;
         if (typeSelector == 0) {
@@ -455,16 +437,16 @@ contract TestHandleMetadata is
             inputType = ETypes.Uint256;
         }
 
-        bytes32 embeddedHandle = embedTypeVersion(prehandle, inputType);
+        bytes32 embeddedHandle = embedTypeVersion(handle, inputType);
 
         // Verify upper 30 bytes (240 bits) are preserved
         // Mask out the lower 2 bytes (16 bits) for comparison
         bytes32 upperMask = 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000;
-        assert((prehandle & upperMask) == (embeddedHandle & upperMask));
+        assert((handle & upperMask) == (embeddedHandle & upperMask));
     }
 
     /// @dev Fuzz test that embedIndexTypeVersion clears index byte correctly
-    function testFuzzEmbedIndexClearsCorrectly(bytes32 prehandle, uint8 typeIndex) public pure {
+    function testFuzzEmbedIndexClearsCorrectly(bytes32 handle, uint8 typeIndex) public pure {
         ETypes inputType;
         uint8 typeSelector = typeIndex % 3;
         if (typeSelector == 0) {
@@ -475,7 +457,7 @@ contract TestHandleMetadata is
             inputType = ETypes.Uint256;
         }
 
-        bytes32 embeddedHandle = embedIndexTypeVersion(prehandle, inputType);
+        bytes32 embeddedHandle = embedIndexTypeVersion(handle, inputType);
 
         // Extract index byte (bits 16-23) - should be HANDLE_INDEX (0)
         uint8 indexByte = uint8(uint256(embeddedHandle) >> 16);

package/src/periphery/SessionVerifier.sol

@@ -26,18 +26,21 @@ struct Session {
 
 /// @title SessionVerifier
 /// @notice Inco access sharing verifier for browser dApp sessions
-/// @dev Grants access to all encrypted data held by the sharer to one decrypter for a limited time.
-///      This is the recommended pattern for dApps that need to decrypt user data during a browsing session.
+/// @dev Grants a single decrypter address temporary access to all of the sharer's
+///      encrypted handles. The session is valid as long as block.timestamp < expiresAt
+///      and the requesting account matches the authorized decrypter.
 ///
 ///      Usage:
-///      1. User signs a voucher containing a Session struct with their chosen decrypter and expiration
-///      2. The voucher specifies canUseSession.selector as the callFunction
-///      3. When the decrypter requests access, this contract verifies the session is still valid
+///      1. User signs a voucher containing a Session struct with their chosen decrypter
+///         and expiration time.
+///      2. The voucher specifies canUseSession.selector as the callFunction.
+///      3. When the decrypter requests access, this contract verifies the session is still
+///         valid and the caller matches the authorized decrypter.
 ///
 ///      To use this verifier, set the voucher's callFunction to SessionVerifier.canUseSession.selector
 contract SessionVerifier is UUPSUpgradeable, OwnableUpgradeable, Version {
 
-    /// @notice Initializes the SessionVerifier with version information
+    /// @notice Initializes the SessionVerifier with version information.
     /// @param _salt Unique salt used for deterministic deployment via CreateX
     constructor(bytes32 _salt)
         Version(
@@ -49,29 +52,28 @@ contract SessionVerifier is UUPSUpgradeable, OwnableUpgradeable, Version {
         )
     {}
 
-    /// @notice Verifies if an account can use a session to access encrypted data
+    /// @notice Verifies if an account can use a session to access an encrypted handle.
     /// @dev This function is called by the ACL system when validating access permissions.
-    ///      The session grants blanket access to all handles owned by the sharer - the handle
-    ///      parameter is intentionally ignored.
+    ///      Access is granted if the session has not expired and the caller is the authorized decrypter.
     /// @param account The address requesting access (must match session.decrypter)
-    /// @param sharerArgData ABI-encoded Session struct containing decrypter address and expiration
-    /// @return ALLOWANCE_GRANTED_MAGIC_VALUE if session is valid, bytes32(0) otherwise
+    /// @param sharerArgData ABI-encoded Session struct containing decrypter and expiration
+    /// @return ALLOWANCE_GRANTED_MAGIC_VALUE if access is granted, bytes32(0) otherwise
     function canUseSession(
         bytes32, /* handle */
         address account,
         bytes memory sharerArgData,
-        bytes memory requesterArgData
+        bytes memory /* requesterArgData */
     )
         external
         view
         returns (bytes32)
     {
-        // unused variable just here to bypass linter
-        (requesterArgData);
         Session memory session = abi.decode(sharerArgData, (Session));
+
         if (session.expiresAt >= block.timestamp && session.decrypter == account) {
             return ALLOWANCE_GRANTED_MAGIC_VALUE;
         }
+
         return bytes32(0);
     }