@inco/lightning 0.5.2 → 0.5.3

package/manifest.yaml

@@ -1,25 +1,25 @@
-incoLightning_devnet_v1_887305889:
+incoLightning_devnet_v1_904635675:
   executor:
-    name: incoLightning_devnet_v1_887305889
+    name: incoLightning_devnet_v1_904635675
     majorVersion: 1
     deployer: "0x8202D2D747784Cb7D48868E44C42C4bf162a70BC"
     pepper: devnet
-    executorAddress: "0x7b98b0482099611B0ebEA0F98f81FF555406794A"
-    salt: "0x8202d2d747784cb7d48868e44c42c4bf162a70bc00e0709ca1c4596e431f34a1"
+    executorAddress: "0x3473820DcAa71Af8157b93C7f2bf1c676A2A39A6"
+    salt: "0x8202d2d747784cb7d48868e44c42c4bf162a70bc007d63c0fdca6698ac7cc51b"
   deployments:
-    - name: incoLightningPreview_1_0_0__887305889
+    - name: incoLightningPreview_1_0_0__904635675
       chainId: "9746"
       chainName: Plasma Testnet
       version:
         major: 1
         minor: 0
         patch: 0
-        shortSalt: "887305889"
+        shortSalt: "904635675"
       decryptSigner: "0x138AcbDC1FA02b955949d8Da09E546Ea7748710f"
       eciesPublicKey: "0x038a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b84095b1"
-      blockNumber: "2994009"
-      deployDate: 2025-09-25T09:51:49.838Z
-      commit: v0.5.0-dirty
+      blockNumber: "3344310"
+      deployDate: 2025-09-29T11:14:02.599Z
+      commit: v0.5.1-5-g4135c790-dirty
       active: true
 incoLightning_testnet_v0_183408998:
   executor:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inco/lightning",
-  "version": "0.5.2",
+  "version": "0.5.3",
   "repository": "https://github.com/Inco-fhevm/inco-monorepo",
   "files": [
     "src/",
@@ -21,7 +21,6 @@
     "@safe-global/safe-smart-account": "https://github.com/safe-global/safe-smart-account.git#v1.5.0",
     "ds-test": "https://github.com/dapphub/ds-test",
     "forge-std": "https://github.com/foundry-rs/forge-std",
-    "solady": "https://github.com/Vectorized/solady.git#v0.1.24",
     "tsx": "^4.19.3"
   },
   "devDependencies": {

package/src/DeployUtils.sol

@@ -6,15 +6,15 @@ import {Script} from "forge-std/Script.sol";
 import {IIncoLightning} from "./interfaces/IIncoLightning.sol";
 import {Vm} from "forge-std/Vm.sol";
 import {
-CreateX,
-createXAddress,
-createXDeployer
+    CreateX,
+    createXAddress,
+    createXDeployer
 } from "./pasted-dependencies/CreateX.sol";
 import {ERC1967Proxy} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
 import {
-CONTRACT_NAME,
-MAJOR_VERSION,
-VERIFIER_NAME
+    CONTRACT_NAME,
+    MAJOR_VERSION,
+    VERIFIER_NAME
 } from "./version/IncoLightningConfig.sol";
 import {IncoVerifier} from "./IncoVerifier.sol";
 import {IIncoVerifier} from "./interfaces/IIncoVerifier.sol";
@@ -51,22 +51,13 @@ contract DeployUtils is Script {
         string memory pepper
     ) internal pure returns (bytes32) {
         return
-                            bytes32(
+            bytes32(
                 abi.encodePacked(
                     deployer,
                     crossChainDeployAuthorizedFlag,
                     bytes11(
                         keccak256(
-                            abi.encodePacked(
-                                name,
-                                majorVersionNumber,
-                                // "ghost" minor and patch versions are passed in the salt for retro compatibility
-                                // of the deployment address
-                                // todo #1037 remove permanently fake minor and patch versions from the salt
-                                uint8(1),
-                                uint8(29),
-                                pepper
-                            )
+                            abi.encodePacked(name, majorVersionNumber, pepper)
                         )
                     )
                 )
@@ -91,8 +82,8 @@ contract DeployUtils is Script {
         string memory pepper,
         IQuoteVerifier quoteVerifier
     )
-    internal
-    returns (IIncoLightning lightningProxy, IIncoVerifier verifierProxy)
+        internal
+        returns (IIncoLightning lightningProxy, IIncoVerifier verifierProxy)
     {
         (bytes32 lightningSalt, bytes32 verifierSalt) = getIncoSalts(
             deployer,

package/src/Lib.devnet.sol

@@ -8,7 +8,7 @@ pragma solidity ^0.8;
 import { IncoLightning } from "./IncoLightning.sol";
 import { ebool, euint256, eaddress, ETypes } from "./Types.sol";
 
-IncoLightning constant inco = IncoLightning(0x7b98b0482099611B0ebEA0F98f81FF555406794A);
+IncoLightning constant inco = IncoLightning(0x3473820DcAa71Af8157b93C7f2bf1c676A2A39A6);
 address constant deployedBy = 0x8202D2D747784Cb7D48868E44C42C4bf162a70BC;
 
 function typeOf(bytes32 handle) pure returns (ETypes) {

package/src/Lib.sol

@@ -8,7 +8,7 @@ pragma solidity ^0.8;
 import { IncoLightning } from "./IncoLightning.sol";
 import { ebool, euint256, eaddress, ETypes } from "./Types.sol";
 
-IncoLightning constant inco = IncoLightning(0x7b98b0482099611B0ebEA0F98f81FF555406794A);
+IncoLightning constant inco = IncoLightning(0x3473820DcAa71Af8157b93C7f2bf1c676A2A39A6);
 address constant deployedBy = 0x8202D2D747784Cb7D48868E44C42C4bf162a70BC;
 
 function typeOf(bytes32 handle) pure returns (ETypes) {

package/src/Types.sol

@@ -36,7 +36,9 @@ pragma solidity ^0.8;
         DecryptionRequested, // 28
         RequestFulfilled, // 29
         EOP30, EOP31, EOP32, EOP33, EOP34, EOP35, EOP36, EOP37, EOP38, EOP39,
-        EOP40, EOP41, EOP42, EOP43, EOP44, EOP45, EOP46, EOP47, EOP48, EOP49,
+        // Pseudo-operation for an ACL (persistent) allow
+        Allow, // 40
+        EOP41, EOP42, EOP43, EOP44, EOP45, EOP46, EOP47, EOP48, EOP49,
         EOP50, EOP51, EOP52, EOP53, EOP54, EOP55, EOP56, EOP57, EOP58, EOP59,
         EOP60, EOP61, EOP62, EOP63, EOP64, EOP65, EOP66, EOP67, EOP68, EOP69,
         EOP70, EOP71, EOP72, EOP73, EOP74, EOP75, EOP76, EOP77, EOP78, EOP79,

package/src/libs/incoLightning_devnet_v1_904635675.sol

@@ -0,0 +1,451 @@
+// AUTOGENERATED FILE. DO NOT EDIT.
+// This file was generated by the IncoLightning library generator.
+// The original template is located at Lib.template.sol
+
+/// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import { IncoLightning } from "../IncoLightning.sol";
+import { ebool, euint256, eaddress, ETypes } from "../Types.sol";
+
+IncoLightning constant inco = IncoLightning(0x3473820DcAa71Af8157b93C7f2bf1c676A2A39A6);
+address constant deployedBy = 0x8202D2D747784Cb7D48868E44C42C4bf162a70BC;
+
+function typeOf(bytes32 handle) pure returns (ETypes) {
+    return ETypes(uint8(uint256(handle) >> 8));
+}
+
+library e {
+    function sanitize(euint256 a) internal returns (euint256) {
+        if (euint256.unwrap(a) == bytes32(0)) {
+            return asEuint256(0);
+        }
+        return a;
+    }
+
+    function sanitize(ebool a) internal returns (ebool) {
+        if (ebool.unwrap(a) == bytes32(0)) {
+            return asEbool(false);
+        }
+        return a;
+    }
+
+    function sanitize(eaddress a) internal returns (eaddress) {
+        if (eaddress.unwrap(a) == bytes32(0)) {
+            return asEaddress(address(0));
+        }
+        return a;
+    }
+
+    function s(euint256 a) internal returns (euint256) {
+        return sanitize(a);
+    }
+
+    function s(ebool a) internal returns (ebool) {
+        return sanitize(a);
+    }
+
+    function s(eaddress a) internal returns (eaddress) {
+        return sanitize(a);
+    }
+
+    function add(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eAdd(s(a), s(b));
+    }
+
+    function add(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eAdd(s(a), asEuint256(b));
+    }
+
+    function add(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eAdd(asEuint256(a), s(b));
+    }
+
+    function sub(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eSub(s(a), s(b));
+    }
+
+    function sub(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eSub(s(a), asEuint256(b));
+    }
+
+    function sub(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eSub(asEuint256(a), s(b));
+    }
+
+    function mul(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMul(s(a), s(b));
+    }
+
+    function mul(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eMul(s(a), asEuint256(b));
+    }
+
+    function mul(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMul(asEuint256(a), s(b));
+    }
+
+    function div(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eDiv(s(a), s(b));
+    }
+
+    function div(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eDiv(s(a), asEuint256(b));
+    }
+
+    function div(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eDiv(asEuint256(a), s(b));
+    }
+
+    function rem(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRem(s(a), s(b));
+    }
+
+    function rem(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eRem(s(a), asEuint256(b));
+    }
+
+    function rem(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRem(asEuint256(a), s(b));
+    }
+
+    function and(euint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitAnd(euint256.unwrap(s(a)), euint256.unwrap(s(b))));
+    }
+
+    function and(euint256 a, uint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitAnd(euint256.unwrap(s(a)), euint256.unwrap(asEuint256(b))));
+    }
+
+    function and(uint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitAnd(euint256.unwrap(asEuint256(a)), euint256.unwrap(s(b))));
+    }
+
+    function and(ebool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitAnd(ebool.unwrap(s(a)), ebool.unwrap(s(b))));
+    }
+
+    function and(ebool a, bool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitAnd(ebool.unwrap(s(a)), ebool.unwrap(asEbool(b))));
+    }
+
+    function and(bool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitAnd(ebool.unwrap(asEbool(a)), ebool.unwrap(s(b))));
+    }
+
+    function or(euint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitOr(euint256.unwrap(s(a)), euint256.unwrap(s(b))));
+    }
+
+    function or(euint256 a, uint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitOr(euint256.unwrap(s(a)), euint256.unwrap(asEuint256(b))));
+    }
+
+    function or(uint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitOr(euint256.unwrap(asEuint256(a)), euint256.unwrap(s(b))));
+    }
+
+    function or(ebool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitOr(ebool.unwrap(s(a)), ebool.unwrap(s(b))));
+    }
+
+    function or(ebool a, bool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitOr(ebool.unwrap(s(a)), ebool.unwrap(asEbool(b))));
+    }
+
+    function or(bool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitOr(ebool.unwrap(asEbool(a)), ebool.unwrap(s(b))));
+    }
+
+    function xor(euint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitXor(euint256.unwrap(s(a)), euint256.unwrap(s(b))));
+    }
+
+    function xor(euint256 a, uint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitXor(euint256.unwrap(s(a)), euint256.unwrap(asEuint256(b))));
+    }
+
+    function xor(uint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitXor(euint256.unwrap(asEuint256(a)), euint256.unwrap(s(b))));
+    }
+
+    function xor(ebool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitXor(ebool.unwrap(s(a)), ebool.unwrap(s(b))));
+    }
+
+    function xor(ebool a, bool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitXor(ebool.unwrap(s(a)), ebool.unwrap(asEbool(b))));
+    }
+
+    function xor(bool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitXor(ebool.unwrap(asEbool(a)), ebool.unwrap(s(b))));
+    }
+
+    function shl(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eShl(s(a), s(b));
+    }
+
+    function shl(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eShl(s(a), asEuint256(b));
+    }
+
+    function shl(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eShl(asEuint256(a), s(b));
+    }
+
+    function shr(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eShr(s(a), s(b));
+    }
+
+    function shr(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eShr(s(a), asEuint256(b));
+    }
+
+    function shr(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eShr(asEuint256(a), s(b));
+    }
+
+    function rotl(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRotl(s(a), s(b));
+    }
+
+    function rotl(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eRotl(s(a), asEuint256(b));
+    }
+
+    function rotl(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRotl(asEuint256(a), s(b));
+    }
+
+    function rotr(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRotr(s(a), s(b));
+    }
+
+    function rotr(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eRotr(s(a), asEuint256(b));
+    }
+
+    function rotr(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRotr(asEuint256(a), s(b));
+    }
+
+    function eq(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eEq(euint256.unwrap(s(a)), euint256.unwrap(s(b)));
+    }
+
+    function eq(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eEq(euint256.unwrap(s(a)), euint256.unwrap(asEuint256(b)));
+    }
+
+    function eq(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eEq(euint256.unwrap(asEuint256(a)), euint256.unwrap(s(b)));
+    }
+
+    function eq(eaddress a, address b) internal returns (ebool) {
+        return inco.eEq(eaddress.unwrap(s(a)), eaddress.unwrap(asEaddress(b)));
+    }
+
+    function eq(eaddress a, eaddress b) internal returns (ebool) {
+        return inco.eEq(eaddress.unwrap(s(a)), eaddress.unwrap(s(b)));
+    }
+
+    function eq(address a, eaddress b) internal returns (ebool) {
+        return inco.eEq(eaddress.unwrap(asEaddress(a)), eaddress.unwrap(s(b)));
+    }
+
+    function ne(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eNe(euint256.unwrap(s(a)), euint256.unwrap(s(b)));
+    }
+
+    function ne(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eNe(euint256.unwrap(s(a)), euint256.unwrap(asEuint256(b)));
+    }
+
+    function ne(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eNe(euint256.unwrap(asEuint256(a)), euint256.unwrap(s(b)));
+    }
+
+    function ne(eaddress a, eaddress b) internal returns (ebool) {
+        return inco.eNe(eaddress.unwrap(s(a)), eaddress.unwrap(s(b)));
+    }
+
+    function ne(eaddress a, address b) internal returns (ebool) {
+        return inco.eNe(eaddress.unwrap(s(a)), eaddress.unwrap(asEaddress(b)));
+    }
+
+    function ne(address a, eaddress b) internal returns (ebool) {
+        return inco.eNe(eaddress.unwrap(asEaddress(a)), eaddress.unwrap(s(b)));
+    }
+
+    function ge(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eGe(s(a), s(b));
+    }
+
+    function ge(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eGe(s(a), asEuint256(b));
+    }
+
+    function ge(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eGe(asEuint256(a), s(b));
+    }
+
+    function gt(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eGt(s(a), s(b));
+    }
+
+    function gt(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eGt(s(a), asEuint256(b));
+    }
+
+    function gt(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eGt(asEuint256(a), s(b));
+    }
+
+    function le(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eLe(s(a), s(b));
+    }
+
+    function le(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eLe(s(a), asEuint256(b));
+    }
+
+    function le(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eLe(asEuint256(a), s(b));
+    }
+
+    function lt(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eLt(s(a), s(b));
+    }
+
+    function lt(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eLt(s(a), asEuint256(b));
+    }
+
+    function lt(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eLt(asEuint256(a), s(b));
+    }
+
+    function min(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMin(s(a), s(b));
+    }
+
+    function min(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eMin(s(a), asEuint256(b));
+    }
+
+    function min(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMin(asEuint256(a), s(b));
+    }
+
+    function max(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMax(s(a), s(b));
+    }
+
+    function max(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eMax(s(a), asEuint256(b));
+    }
+
+    function max(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMax(asEuint256(a), s(b));
+    }
+
+    function not(ebool a) internal returns (ebool) {
+        return inco.eNot(s(a));
+    }
+
+    function rand() internal returns (euint256) {
+        return euint256.wrap(inco.eRand(ETypes.Uint256));
+    }
+
+    function randBounded(uint256 upperBound) internal returns (euint256) {
+        return euint256.wrap(inco.eRandBounded(euint256.unwrap(asEuint256(upperBound)), ETypes.Uint256));
+    }
+
+    function randBounded(euint256 upperBound) internal returns (euint256) {
+        return euint256.wrap(inco.eRandBounded(euint256.unwrap(s(upperBound)), ETypes.Uint256));
+    }
+
+    function asEuint256(uint256 a) internal returns (euint256) {
+        return inco.asEuint256(a);
+    }
+
+    function asEbool(bool a) internal returns (ebool) {
+        return inco.asEbool(a);
+    }
+
+    function asEaddress(address a) internal returns (eaddress) {
+        return inco.asEaddress(a);
+    }
+
+    function asEbool(euint256 a) internal returns (ebool) {
+        return ebool.wrap(inco.eCast(euint256.unwrap(a), ETypes.Bool));
+    }
+
+    function asEuint256(ebool a) internal returns (euint256) {
+        return euint256.wrap(inco.eCast(ebool.unwrap(a), ETypes.Uint256));
+    }
+
+    function newEuint256(bytes memory ciphertext, address user) internal returns (euint256) {
+        return inco.newEuint256(ciphertext, user);
+    }
+
+    function newEbool(bytes memory ciphertext, address user) internal returns (ebool) {
+        return inco.newEbool(ciphertext, user);
+    }
+
+    function newEaddress(bytes memory ciphertext, address user) internal returns (eaddress) {
+        return inco.newEaddress(ciphertext, user);
+    }
+
+    function allow(euint256 a, address to) internal {
+        inco.allow(euint256.unwrap(a), to);
+    }
+
+    function allow(ebool a, address to) internal {
+        inco.allow(ebool.unwrap(a), to);
+    }
+
+    function allow(eaddress a, address to) internal {
+        inco.allow(eaddress.unwrap(a), to);
+    }
+
+    function reveal(euint256 a) internal {
+        inco.reveal(euint256.unwrap(a));
+    }
+
+    function reveal(ebool a) internal {
+        inco.reveal(ebool.unwrap(a));
+    }
+
+    function reveal(eaddress a) internal {
+        inco.reveal(eaddress.unwrap(a));
+    }
+
+    function allowThis(euint256 a) internal {
+        allow(a, address(this));
+    }
+
+    function allowThis(ebool a) internal {
+        allow(a, address(this));
+    }
+
+    function allowThis(eaddress a) internal {
+        allow(a, address(this));
+    }
+
+    function isAllowed(address user, euint256 a) internal view returns (bool) {
+        return inco.isAllowed(euint256.unwrap(a), user);
+    }
+
+    function select(ebool control, euint256 ifTrue, euint256 ifFalse) internal returns (euint256) {
+        return euint256.wrap(inco.eIfThenElse(s(control), euint256.unwrap(s(ifTrue)), euint256.unwrap(s(ifFalse))));
+    }
+
+    function select(ebool control, ebool ifTrue, ebool ifFalse) internal returns (ebool) {
+        return ebool.wrap(inco.eIfThenElse(s(control), ebool.unwrap(s(ifTrue)), ebool.unwrap(s(ifFalse))));
+    }
+
+    function select(ebool control, eaddress ifTrue, eaddress ifFalse) internal returns (eaddress) {
+        return eaddress.wrap(inco.eIfThenElse(s(control), eaddress.unwrap(s(ifTrue)), eaddress.unwrap(s(ifFalse))));
+    }
+}

package/src/lightning-parts/AccessControl/BaseAccessControlList.sol

@@ -1,8 +1,9 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import {SenderNotAllowedForHandle} from "../../Types.sol";
+import {EOps, SenderNotAllowedForHandle} from "../../Types.sol";
 import {IBaseAccessControlList} from "./interfaces/IBaseAccessControlList.sol";
+import {EventCounter} from "../primitives/EventCounter.sol";
 import {VerifierAddressGetter} from "../primitives/VerifierAddressGetter.sol";
 import {AllowanceProof} from "../AccessControl/AdvancedAccessControl.types.sol";
 
@@ -22,13 +23,18 @@ contract AccessControlListStorage {
     }
 }
 
-// todo should add allowance events ?
-abstract contract BaseAccessControlList is IBaseAccessControlList, AccessControlListStorage, VerifierAddressGetter {
+abstract contract BaseAccessControlList is IBaseAccessControlList, AccessControlListStorage, VerifierAddressGetter, EventCounter {
     error ProofVerificationFailed(
         address verifyingContract,
         bytes4 callFunction,
         bytes argData
     );
+
+    event EAllow(
+        bytes32 handle,
+        address account,
+        uint256 eventId
+    );
     
     /// @dev persistent
     function allow(bytes32 handle, address account) public {
@@ -53,7 +59,9 @@ abstract contract BaseAccessControlList is IBaseAccessControlList, AccessControl
     function allowInternal(bytes32 handle, address account) internal {
         ACLStorage storage $ = getACLStorage();
         $.persistedAllowedPairs[handle][account] = true;
-        // todo emit event ?
+        uint256 id = getNextEventId();
+        emit EAllow(handle, account, id);
+        setDigest(abi.encodePacked(EOps.Allow, handle, account, id));
     }
 
     // todo current transient allowance is unsafe, make storage account bound + how to clean between UserOps

package/src/lightning-parts/EncryptedInput.sol

@@ -10,8 +10,8 @@ import {HandleAlreadyExists} from "../Errors.sol";
 
 abstract contract EncryptedInput is
     IEncryptedInput,
-    BaseAccessControlList,
     EventCounter,
+    BaseAccessControlList,
     HandleGeneration
 {
     event NewInput(

package/src/lightning-parts/EncryptedOperations.sol

@@ -9,8 +9,8 @@ import {IEncryptedOperations} from "./interfaces/IEncryptedOperations.sol";
 
 abstract contract EncryptedOperations is
     IEncryptedOperations,
-    BaseAccessControlList,
     EventCounter,
+    BaseAccessControlList,
     HandleGeneration
 {
     error UnexpectedType(ETypes actual, bytes32 expectedTypes);

package/src/lightning-parts/TEELifecycle.sol

@@ -36,12 +36,9 @@ abstract contract TEELifecycle is
     /// @notice TEEVersionHistory must have exactly one version, please call approveNewTEEVersion first
     error TEEVersionHistoryInconsistent();
     error TEEVersionHistoryStatusIsNotPending();
-    error InvalidReportMRTD();
+    error InvalidReportMrAggregated();
     error InvalidBootstrapDataSignature();
-    /// @notice MRTD must be exactly 48 bytes
-    error MrtdInvalidLength();
     error EOASignerAlreadyInitialized();
-    error InvalidMrtdReport();
     error InvalidReportDataSigner();
 
     event QuoteVerifierUpdated(uint16 indexed version);
@@ -120,7 +117,7 @@ abstract contract TEELifecycle is
         bytes calldata signature
     ) public onlyOwner {
         // Make sure the bootstrap is not already complete, and that the contract owner
-        // has already submitted the pending TEE MRTD.
+        // has already submitted the pending TEE MR_AGGREGATED.
         require(!isBootstrapComplete(), BootstrapAlreadyCompleted());
         require(TEEVersionHistory.length == 1, TEEVersionHistoryInconsistent());
         require(
@@ -132,15 +129,15 @@ abstract contract TEELifecycle is
         (bool success, bytes memory output) = _verifyAndAttestOnChain(quote);
         require(success, string(output));
 
-        bytes memory v0MRTD = TEEVersionHistory[0].mrtd;
+        bytes32 v0MrAggregated = TEEVersionHistory[0].mrAggregated;
 
         TD10ReportBody memory tdReport = parseTD10ReportBody(quote);
-        (address reportDataSigner, bytes memory reportMRTD) = parseReport(
+        (address reportDataSigner, bytes32 reportMrAggregated) = parseReport(
             tdReport
         );
         require(
-            keccak256(reportMRTD) == keccak256(v0MRTD),
-            InvalidReportMRTD()
+            reportMrAggregated == v0MrAggregated,
+            InvalidReportMrAggregated()
         );
         address recoveredAddress = ECDSA.recover(
             _bootstrapResultDigest,
@@ -161,14 +158,12 @@ abstract contract TEELifecycle is
 
     /**
      * @notice Approves a new TEE version and updates the TEEVersionHistory
-     * @param newMRTD - The MRTD bytes of the new TEE version
+     * @param newMrAggregated - The MR_AGGREGATED bytes of the new TEE version
      * @dev This function increments the version number automatically based on the current history
      */
-    function approveNewTEEVersion(bytes calldata newMRTD) public onlyOwner {
-        require(newMRTD.length == 48, MrtdInvalidLength());
-
+    function approveNewTEEVersion(bytes32 newMrAggregated) public onlyOwner {
         TEEVersionHistory.push(
-            TEEVersion({mrtd: newMRTD, status: TEEVersionStatus.PENDING})
+            TEEVersion({mrAggregated: newMrAggregated, status: TEEVersionStatus.PENDING})
         );
 
         emit TEEVersionUpdated(TEEVersionHistory[TEEVersionHistory.length - 1]);
@@ -176,7 +171,7 @@ abstract contract TEELifecycle is
 
     /**
      * @notice Adds a new covalidator to the contract state
-     * @param quote - The quote from the new covalidator that contains the current MRTD and the eoa address of the new party in the report data
+     * @param quote - The quote from the new covalidator that contains the current MR_AGGREGATED and the eoa address of the new party in the report data
      */
     function addNewCovalidator(bytes calldata quote) public onlyOwner {
         require(isBootstrapComplete(), BootstrapNotComplete());
@@ -184,15 +179,15 @@ abstract contract TEELifecycle is
         (bool success, bytes memory output) = _verifyAndAttestOnChain(quote);
         require(success, string(output));
         TD10ReportBody memory tdReport = parseTD10ReportBody(quote);
-        (address reportDataSigner, bytes memory reportMRTD) = parseReport(
+        (address reportDataSigner, bytes32 reportMrAggregated) = parseReport(
             tdReport
         );
         require(!EOASigners[reportDataSigner], EOASignerAlreadyInitialized());
 
         require(
-            keccak256(reportMRTD) ==
-                keccak256(TEEVersionHistory[TEEVersionHistory.length - 1].mrtd),
-            InvalidMrtdReport()
+            reportMrAggregated ==
+                TEEVersionHistory[TEEVersionHistory.length - 1].mrAggregated,
+            InvalidReportMrAggregated()
         );
         require(reportDataSigner != address(0), InvalidReportDataSigner());
         emit NewCovalidatorAdded(reportDataSigner, quote);
@@ -320,15 +315,37 @@ abstract contract TEELifecycle is
     }
 
     /**
-     * @notice Parses the TD10 report to extract the report data and MRTD
+     * @notice Parses the TD10 report to extract the report data and MR_AGGREGATED
      * @param tdReport - The TD10 report body
      * @return reportDataSigner - The signing address of the report data signer
-     * @return reportMRTD - The MRTD bytes from the report
+     * @return reportMrAggregated - The MR_AGGREGATED bytes from the report
      */
     function parseReport(
         TD10ReportBody memory tdReport
-    ) public pure returns (address, bytes memory) {
-        return (address(bytes20(tdReport.reportData)), tdReport.mrTd);
+    ) public pure returns (address, bytes32) {
+        return (
+            address(bytes20(tdReport.reportData)),
+            computeMrAggregated(tdReport.mrTd, tdReport.rtMr0, tdReport.rtMr1, tdReport.rtMr2)
+        );
+    }
+
+    /**
+     * @notice Computes the MR_AGGREGATED from the TD10 report body. It is defined as:
+     * KECCAK256(mrTd ++ rtMr0 ++ rtMr1 ++ rtMr2 ++ rtMr3)
+     * @param mrTd - The MR_TD bytes
+     * @param rtMr0 - The RTMR0 bytes
+     * @param rtMr1 - The RTMR1 bytes
+     * @param rtMr2 - The RTMR2 bytes
+     * @return mrAggregated - The MR_AGGREGATED bytes32
+     */
+    function computeMrAggregated(
+        bytes memory mrTd,
+        bytes memory rtMr0,
+        bytes memory rtMr1,
+        bytes memory rtMr2
+    ) public pure returns (bytes32) {
+        bytes memory message = abi.encodePacked(mrTd, rtMr0, rtMr1, rtMr2);
+        return keccak256(message);
     }
 
     function bootstrapResultDigest(

package/src/lightning-parts/TEELifecycle.types.sol

@@ -12,10 +12,10 @@ enum TEEVersionStatus {
 
 /**
  * @notice A struct representing a TEE version. The actual version number is the index in the TEEVersionHistory array.
- * @param mrtd - The MRTD of the TEE version
+ * @param mrAggregated - The MR_AGGREGATED of the TEE version
  * @param status - The status of the TEE version
  */
 struct TEEVersion {
-    bytes mrtd;
+    bytes32 mrAggregated;
     TEEVersionStatus status;
 }

package/src/lightning-parts/TrivialEncryption.sol

@@ -9,8 +9,8 @@ import {ITrivialEncryption} from "./interfaces/ITrivialEncryption.sol";
 
 abstract contract TrivialEncryption is
     ITrivialEncryption,
-    BaseAccessControlList,
     EventCounter,
+    BaseAccessControlList,
     HandleGeneration
 {
     event TrivialEncrypt(

package/src/lightning-parts/interfaces/ITEELifecycle.sol

@@ -11,14 +11,14 @@ interface ITEELifecycle {
         bytes calldata quote,
         bytes calldata signature
     ) external;
-    function approveNewTEEVersion(bytes calldata newMRTD) external;
+    function approveNewTEEVersion(bytes32 newMrAggregated) external;
     function addNewCovalidator(bytes calldata quote) external;
     function parseTD10ReportBody(
         bytes calldata rawQuote
     ) external pure returns (TD10ReportBody memory report);
     function parseReport(
         TD10ReportBody memory tdReport
-    ) external pure returns (address, bytes memory);
+    ) external pure returns (address, bytes32);
     function bootstrapResultDigest(
         BootstrapResult memory bootstrapResult
     ) external view returns (bytes32);

package/src/test/FakeIncoInfra/MockRemoteAttestation.sol

@@ -9,6 +9,12 @@ import {
 } from "../../interfaces/automata-interfaces/Types.sol";
 
 contract MockRemoteAttestation is TestUtils {
+    /**
+     * @notice Creates a mock quote for the given MRTD and signer
+     * The RTMR0, RTMR1, RTMR2 are set to zeros
+     * @dev This function is the same as the non-TDX version of
+     * get_tdx_quote in attestation/src/remote_attestation.rs
+     */
     function createQuote(
         bytes memory mrtd,
         address signer

package/src/test/FakeIncoInfra/getOpForSelector.sol

@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
+import {BaseAccessControlList} from "../../lightning-parts/AccessControl/BaseAccessControlList.sol";
 import {EncryptedOperations} from "../../lightning-parts/EncryptedOperations.sol";
 import {TrivialEncryption} from "../../lightning-parts/TrivialEncryption.sol";
 import {EncryptedInput} from "../../lightning-parts/EncryptedInput.sol";
@@ -62,6 +63,8 @@ function getOpForSelector(bytes32 opEventSelector) pure returns (EOps) {
         return EOps.Rand;
     } else if (opEventSelector == EncryptedOperations.ERandBounded.selector) {
         return EOps.RandBounded;
+    } else if (opEventSelector == BaseAccessControlList.EAllow.selector) {
+        return EOps.Allow;
     } else {
         revert("getOpForSelector: Unsupported selector");
     }

package/src/test/IncoTest.sol

@@ -32,6 +32,7 @@ contract IncoTest is MockOpHandler, DeployUtils, FakeDecryptionAttester {
         (IIncoLightning proxy, ) = deployIncoLightningUsingConfig({
             deployer: testDeployer,
             // The highest precedent deployment
+            // We select the pepper that will be used that will be generated in the lib.sol (usually "testnet"), but currently "devnet" has higher major version
             pepper: "devnet",
             quoteVerifier: new FakeQuoteVerifier()
         });

package/src/test/TEELifecycle/TEELifecycleMockTest.t.sol

@@ -19,10 +19,10 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
             ,
             bytes memory quote,
             bytes memory signature,
-            bytes memory mrtd
+            bytes32 mrAggregated
         ) = successfulBootstrapResult();
         vm.startPrank(this.owner());
-        this.approveNewTEEVersion(mrtd);
+        this.approveNewTEEVersion(mrAggregated);
         this.verifyBootstrapResult(bootstrapResult, quote, signature);
         assertTrue(this.isBootstrapComplete(), "Bootstrap should be complete");
         vm.stopPrank();
@@ -38,13 +38,13 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
             address bootstrapPartyAddress,
             bytes memory quote,
             bytes memory signature,
-            bytes memory mrtd
+            bytes32 mrAggregated
         ) = successfulBootstrapResult();
 
         quote = createQuote(badMrtd, bootstrapPartyAddress); // Replace with bad MRTD
         vm.startPrank(this.owner());
-        this.approveNewTEEVersion(mrtd);
-        vm.expectRevert(TEELifecycle.InvalidReportMRTD.selector);
+        this.approveNewTEEVersion(mrAggregated);
+        vm.expectRevert(TEELifecycle.InvalidReportMrAggregated.selector);
         this.verifyBootstrapResult(bootstrapResult, quote, signature);
         vm.stopPrank();
     }
@@ -56,7 +56,7 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
             ,
             bytes memory quote,
             ,
-            bytes memory mrtd
+            bytes32 mrAggregated
         ) = successfulBootstrapResult();
         (uint256 bootstrapPartyFakePrivkey, ) = getLabeledKeyPair(
             "bootstrapPartyFake"
@@ -66,7 +66,7 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
             bootstrapPartyFakePrivkey
         );
         vm.startPrank(this.owner());
-        this.approveNewTEEVersion(mrtd);
+        this.approveNewTEEVersion(mrAggregated);
         vm.expectRevert(TEELifecycle.InvalidBootstrapDataSignature.selector);
         this.verifyBootstrapResult(bootstrapResult, quote, signatureInvalid);
         vm.stopPrank();
@@ -79,29 +79,21 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
             ,
             bytes memory quote,
             bytes memory signature,
-            bytes memory mrtd
+            bytes32 mrAggregated
         ) = successfulBootstrapResult();
         vm.startPrank(this.owner());
-        this.approveNewTEEVersion(mrtd);
+        this.approveNewTEEVersion(mrAggregated);
         this.verifyBootstrapResult(bootstrapResult, quote, signature);
         vm.expectRevert(TEELifecycle.BootstrapAlreadyCompleted.selector);
         this.verifyBootstrapResult(bootstrapResult, quote, signature);
         vm.stopPrank();
     }
 
-    function testApproveNewTEEInvalidMrtd() public {
-        bytes memory mrtd = hex"deadbeef";
-        vm.startPrank(this.owner());
-        vm.expectRevert(TEELifecycle.MrtdInvalidLength.selector);
-        this.approveNewTEEVersion(mrtd);
-        vm.stopPrank();
-    }
-
     function testBootstrapNotCompleteNewCoval() public {
         bytes
-            memory mrtd = hex"2a90c8fa38672cafd791d994beb6836b99383b2563736858632284f0f760a6446efd1e7ec457cf08b629ea630f7b4525";
+            memory mrAggregated = hex"2a90c8fa38672cafd791d994beb6836b99383b2563736858632284f0f760a6446efd1e7ec457cf08b629ea630f7b4525";
         (, address newCoval) = getLabeledKeyPair("newCoval");
-        bytes memory quote = createQuote(mrtd, newCoval);
+        bytes memory quote = createQuote(mrAggregated, newCoval);
         vm.startPrank(this.owner());
         vm.expectRevert(TEELifecycle.BootstrapNotComplete.selector);
         this.addNewCovalidator(quote);
@@ -115,17 +107,17 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
             ,
             bytes memory quote,
             bytes memory signature,
-            bytes memory mrtd
+            bytes32 mrAggregated
         ) = successfulBootstrapResult();
         vm.startPrank(this.owner());
-        this.approveNewTEEVersion(mrtd);
+        this.approveNewTEEVersion(mrAggregated);
         this.verifyBootstrapResult(bootstrapResult, quote, signature);
         bytes
             memory badMrtd = hex"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef";
         (, address newCoval) = getLabeledKeyPair("newCoval");
         bytes memory quoteNew = createQuote(badMrtd, newCoval);
 
-        vm.expectRevert(TEELifecycle.InvalidMrtdReport.selector);
+        vm.expectRevert(TEELifecycle.InvalidReportMrAggregated.selector);
         this.addNewCovalidator(quoteNew);
         vm.stopPrank();
     }
@@ -139,7 +131,7 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
             address bootstrapPartyAddress,
             bytes memory quote,
             bytes memory signature,
-            bytes memory mrtd
+            bytes32 mrAggregated
         )
     {
         (bootstrapPartyPrivkey, bootstrapPartyAddress) = getLabeledKeyPair(
@@ -147,8 +139,11 @@ contract TEELifecycleMockTest is Test, MockRemoteAttestation, TEELifecycle {
         );
         bytes
             memory eciesPubkey = hex"04ff5c6dd72ad7583288b84ee2598e081fe0bc6ef543c342e925a5dfcff9afb2444d25454d7d5dcfadc9ed99477c245efa93caf58d7f58143300d81cc948e7bdf5";
-        mrtd = hex"2a90c8fa38672cafd791d994beb6836b99383b2563736858632284f0f760a6446efd1e7ec457cf08b629ea630f7b4525";
-
+        // See DEFAULT_MRTD in attestation/src/remote_attestation.rs
+        bytes memory mrtd = hex"010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101";
+        // See DEFAULT_MR_AGGREGATED in attestation/src/remote_attestation.rs to
+        // see the calculation of the default value.
+        mrAggregated = hex"c3a67bac251d4946d7b17481d39631676042fe3afab06e70c22105ad8383c19f";
         bootstrapResult = BootstrapResult({ecies_pubkey: eciesPubkey});
 
         quote = createQuote(mrtd, bootstrapPartyAddress);

package/src/test/TestFakeInfra.t.sol

@@ -297,10 +297,9 @@ contract TestFakeInfra is IncoTest, MockRemoteAttestation {
         bytes memory quote = createQuote(mrtd, signer);
         TEELifecycle lifecycle = TEELifecycle(address(inco.incoVerifier()));
         TD10ReportBody memory tdReport = lifecycle.parseTD10ReportBody(quote);
-        (address reportDataSigner, bytes memory reportMrtd) = lifecycle
-            .parseReport(tdReport);
+        (address reportDataSigner, bytes32 reportMrAggregated) = lifecycle.parseReport(tdReport);
         assertEq(reportDataSigner, signer);
-        assertEq(keccak256(reportMrtd), keccak256(mrtd));
+        assertEq(reportMrAggregated, lifecycle.computeMrAggregated(tdReport.mrTd, tdReport.rtMr0, tdReport.rtMr1, tdReport.rtMr2));
         assertEq(quote.length, MINIMUM_QUOTE_LENGTH);
     }
 }

package/src/version/IncoLightningConfig.sol

@@ -9,6 +9,8 @@ pragma solidity ^0.8;
 string constant CONTRACT_NAME = "incoLightning";
 uint8 constant MAJOR_VERSION = 1;
 uint8 constant MINOR_VERSION = 0;
-uint8 constant PATCH_VERSION = 0;
+// whenever a new major version is deployed, we need to pump this up
+// otherwise make test_upgrade will fail
+uint8 constant PATCH_VERSION = 1; 
 
 string constant VERIFIER_NAME = "incoVerifier";

package/src/test/TEELifecycle/README.md

@@ -1,53 +0,0 @@
-# TEE Lifecycle Test
-
-## TEELifecycle HW Test
-
-This test data was generated using Adrian's V0 TDX VM running in GCP. The data
-was returned collected using the `agent-lib` tool. 
-
-* To generate new test data: for `test_LifecycleBootstrap`
-
-```bash
-cd agent-lib
-
-cargo run --features hw -- start-bootstrap \
-    --expected-mrtd 0x409c0cd3e63d9ea54d817cf851983a220131262664ac8cd02cc6a2e19fd291d2fdd0cc035d7789b982a43a92a4424c99 \
-    --tee-lifecycle-grpc-url http://34.91.236.235:4321 \
-    --output-dir ../contracts/lightning/src/test/TEELifecycle/bootstrap_data 
-```
-
-* To generate new test data for `test_LifecycleNewEOA`
-
-```bash
-cd agent-lib
-
-# TODO: change this to add-node endpoint after https://github.com/Inco-fhevm/inco-monorepo/issues/889
-cargo run --features hw -- start-bootstrap \
-    --expected-mrtd 0x409c0cd3e63d9ea54d817cf851983a220131262664ac8cd02cc6a2e19fd291d2fdd0cc035d7789b982a43a92a4424c99 \
-    --tee-lifecycle-grpc-url http://34.91.236.235:4321 \
-    --output-dir ../contracts/lightning/src/test/TEELifecycle/addnode_data 
-
-# Delete the unused output data since it is not used
-# to add a node
-rm ../contracts/lightning/src/test/TEELifecycle/addnode_data/ecies_pubkey.bin
-rm ../contracts/lightning/src/test/TEELifecycle/addnode_data/eip712_signature.bin
-rm ../contracts/lightning/src/test/TEELifecycle/addnode_data/qe_identity
-rm ../contracts/lightning/src/test/TEELifecycle/addnode_data/qe_identity_signature.bin
-rm ../contracts/lightning/src/test/TEELifecycle/addnode_data/tcb_info
-rm ../contracts/lightning/src/test/TEELifecycle/addnode_data/tcb_info_signature.bin
-```
-
-* To generate the Intel root certificates
-
-```bash
-cd contracts/lightning/src/test/TEELifecycle/test_cert
-python3 -m pip install -r ../../../../../lightning-deployment/script/tee/requirements.txt
-python3 ../../../../../lightning-deployment/script/tee/get_ca_certs.py
-```
-
-* Hard code the block timestamp to the current time to ensure that there is no certificate out of date errors 
-by setting  `uint256 collateral_timestamp =` in [TEELifecycleHWTest.t](TEELifecycleHWTest.t.sol#24) to the output of:
-
-```bash
-echo $(date +%s)
-```