@inco/lightning 0.6.7 → 0.6.9

package/README.md

@@ -1,16 +1,43 @@
 # Inco lite
 
+![coverage](./coverage.svg)
+
 <!-- todo #1035 upgrade deployment and upgrade documentation now outdated @silasdavis -->
 
 ## Install dependencies
 
-`bun install`
+```sh
+bun install
+```
 
 ## Build
 
 Use [forge](https://book.getfoundry.sh/getting-started/installation) version 1.0 or higher
 
-`forge build`
+```sh
+forge build
+```
+
+## Test
+
+To run all the unit tests:
+
+```sh
+forge test
+```
+
+### Coverage
+
+To run test coverage:
+
+```sh
+make coverage
+```
+
+> This generates an lcov report, filters out `node_modules`, autogenerated contracts and other contracts that we don't want to include in the report (`Lib.XXXnet.sol`, etc.). Eventually, it `genhtml` the filtered lcov in `coverage` and a `lcov-badge` visible in this readme. You can check the latest coverage stats [here](./coverage/index.html).
+
+> Note: You need `lcov` for the `make coverage` to work
+> For MacOS - `brew install lcov`
 
 ## Deploy
 

package/manifest.yaml

@@ -15,8 +15,6 @@ incoLightning_alphanet_v1_725458969:
         minor: 0
         patch: 2
         shortSalt: "725458969"
-      decryptSigner: "0x4736F8CE685760017eEc130AC3FFc6187f5A1F95"
-      eciesPublicKey: "0x038a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b84095b1"
       blockNumber: "32124925"
       deployDate: 2025-10-09T13:55:42.997Z
       commit: v0.5.3-10-ga4f2312d
@@ -38,8 +36,6 @@ incoLightning_devnet_v1_904635675:
         minor: 0
         patch: 2
         shortSalt: "904635675"
-      decryptSigner: "0x138AcbDC1FA02b955949d8Da09E546Ea7748710f"
-      eciesPublicKey: "0x038a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b84095b1"
       blockNumber: "3696905"
       deployDate: 2025-10-03T13:24:44.682Z
       commit: v0.5.3-6-g8db0f27f-dirty
@@ -52,8 +48,6 @@ incoLightning_devnet_v1_904635675:
         minor: 0
         patch: 0
         shortSalt: "904635675"
-      decryptSigner: "0x138AcbDC1FA02b955949d8Da09E546Ea7748710f"
-      eciesPublicKey: "0x038a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b84095b1"
       blockNumber: "3344310"
       deployDate: 2025-09-29T11:14:02.599Z
       commit: v0.5.1-5-g4135c790-dirty
@@ -75,9 +69,6 @@ incoLightning_testnet_v0_183408998:
         minor: 2
         patch: 0
         shortSalt: "183408998"
-      decryptSigner: "0xA8822DE8910f66D3d03F1eAfe2C0141dBc327Ee0"
-      eciesPublicKey: "0x048a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b8\
-        4095b1e647a9e377175fcb66bda05087c93b05e1fd53a704d0914bb23a0b2a69e9f235"
       blockNumber: "26296576"
       deployDate: 2025-05-27T15:57:24.175Z
       commit: v5-3-gec8b6aae-dirty
@@ -90,9 +81,6 @@ incoLightning_testnet_v0_183408998:
         minor: 1
         patch: 29
         shortSalt: "183408998"
-      decryptSigner: "0xA8822DE8910f66D3d03F1eAfe2C0141dBc327Ee0"
-      eciesPublicKey: "0x048a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b8\
-        4095b1e647a9e377175fcb66bda05087c93b05e1fd53a704d0914bb23a0b2a69e9f235"
       blockNumber: "13464615"
       deployDate: 2025-04-22T16:01:14.380Z
       commit: v3-28-g93c05a49-dirty
@@ -105,9 +93,6 @@ incoLightning_testnet_v0_183408998:
         minor: 1
         patch: 29
         shortSalt: "183408998"
-      decryptSigner: "0xA8822DE8910f66D3d03F1eAfe2C0141dBc327Ee0"
-      eciesPublicKey: "0x048a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b8\
-        4095b1e647a9e377175fcb66bda05087c93b05e1fd53a704d0914bb23a0b2a69e9f235"
       blockNumber: "24784654"
       deployDate: 2025-04-22T16:00:02.028Z
       commit: v3-28-g93c05a49-dirty
@@ -129,9 +114,6 @@ incoLightning_demonet_v0_863421733:
         minor: 2
         patch: 0
         shortSalt: "863421733"
-      decryptSigner: "0xA8822DE8910f66D3d03F1eAfe2C0141dBc327Ee0"
-      eciesPublicKey: "0x048a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b8\
-        4095b1e647a9e377175fcb66bda05087c93b05e1fd53a704d0914bb23a0b2a69e9f235"
       blockNumber: "25737175"
       deployDate: 2025-05-14T17:10:44.285Z
       commit: v4-11-g4a1f413a-dirty
@@ -144,9 +126,6 @@ incoLightning_demonet_v0_863421733:
         minor: 1
         patch: 29
         shortSalt: "863421733"
-      decryptSigner: "0xA8822DE8910f66D3d03F1eAfe2C0141dBc327Ee0"
-      eciesPublicKey: "0x048a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b8\
-        4095b1e647a9e377175fcb66bda05087c93b05e1fd53a704d0914bb23a0b2a69e9f235"
       blockNumber: "25719113"
       deployDate: 2025-05-14T07:08:39.059Z
       commit: v4
@@ -168,9 +147,6 @@ incoLightning_alphanet_v0_297966649:
         minor: 2
         patch: 1
         shortSalt: "297966649"
-      decryptSigner: "0x4736F8CE685760017eEc130AC3FFc6187f5A1F95"
-      eciesPublicKey: "0x048a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b8\
-        4095b1e647a9e377175fcb66bda05087c93b05e1fd53a704d0914bb23a0b2a69e9f235"
       blockNumber: "27543410"
       deployDate: 2025-06-25T12:38:32.856Z
       commit: v5-17-ga03e4b32-dirty
@@ -183,9 +159,6 @@ incoLightning_alphanet_v0_297966649:
         minor: 2
         patch: 0
         shortSalt: "297966649"
-      decryptSigner: "0x4736F8CE685760017eEc130AC3FFc6187f5A1F95"
-      eciesPublicKey: "0x048a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b8\
-        4095b1e647a9e377175fcb66bda05087c93b05e1fd53a704d0914bb23a0b2a69e9f235"
       blockNumber: "26894782"
       deployDate: 2025-06-10T12:17:35.790Z
       commit: v5-13-gd6b19c10-dirty
@@ -207,8 +180,6 @@ incoLightning_devnet_v0_340846814:
         minor: 2
         patch: 1
         shortSalt: "340846814"
-      decryptSigner: "0x138AcbDC1FA02b955949d8Da09E546Ea7748710f"
-      eciesPublicKey: "0x038a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b84095b1"
       blockNumber: "1718868"
       deployDate: 2025-09-10T15:20:25.654Z
       commit: v6-7-gf96f358e-dirty
@@ -221,8 +192,6 @@ incoLightning_devnet_v0_340846814:
         minor: 2
         patch: 1
         shortSalt: "340846814"
-      decryptSigner: "0x138AcbDC1FA02b955949d8Da09E546Ea7748710f"
-      eciesPublicKey: "0x038a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b84095b1"
       blockNumber: "1717229"
       deployDate: 2025-09-10T14:53:07.218Z
       commit: v6-7-gf96f358e-dirty
@@ -235,8 +204,6 @@ incoLightning_devnet_v0_340846814:
         minor: 2
         patch: 1
         shortSalt: "340846814"
-      decryptSigner: "0x138AcbDC1FA02b955949d8Da09E546Ea7748710f"
-      eciesPublicKey: "0x038a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b84095b1"
       blockNumber: "17365942"
       deployDate: 2025-08-15T17:35:15.208Z
       commit: v0.2.17-35-g8cca6b4e-dirty
@@ -249,9 +216,6 @@ incoLightning_devnet_v0_340846814:
         minor: 2
         patch: 0
         shortSalt: "340846814"
-      decryptSigner: "0x138AcbDC1FA02b955949d8Da09E546Ea7748710f"
-      eciesPublicKey: "0x048a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b8\
-        4095b1e647a9e377175fcb66bda05087c93b05e1fd53a704d0914bb23a0b2a69e9f235"
       blockNumber: "26122863"
       deployDate: 2025-05-23T15:26:57.031Z
       commit: v5-2-g8957c16b-dirty
@@ -264,9 +228,6 @@ incoLightning_devnet_v0_340846814:
         minor: 1
         patch: 29
         shortSalt: "340846814"
-      decryptSigner: "0xA8822DE8910f66D3d03F1eAfe2C0141dBc327Ee0"
-      eciesPublicKey: "0x048a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b8\
-        4095b1e647a9e377175fcb66bda05087c93b05e1fd53a704d0914bb23a0b2a69e9f235"
       blockNumber: "13464197"
       deployDate: 2025-04-22T15:57:26.862Z
       commit: v3-28-g93c05a49-dirty
@@ -279,9 +240,6 @@ incoLightning_devnet_v0_340846814:
         minor: 1
         patch: 29
         shortSalt: "340846814"
-      decryptSigner: "0xA8822DE8910f66D3d03F1eAfe2C0141dBc327Ee0"
-      eciesPublicKey: "0x048a582d29083c2f3fefe024bf4dd9ab913ab8973716977da5f01106e0b8\
-        4095b1e647a9e377175fcb66bda05087c93b05e1fd53a704d0914bb23a0b2a69e9f235"
       blockNumber: "24784527"
       deployDate: 2025-04-22T15:55:47.828Z
       commit: v3-28-g93c05a49-dirty

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inco/lightning",
-  "version": "0.6.7",
+  "version": "0.6.9",
   "repository": "https://github.com/Inco-fhevm/inco-monorepo",
   "files": [
     "src/",
@@ -9,6 +9,8 @@
     "manifest.yaml"
   ],
   "scripts": {
+    "lint": "forge lint && forge fmt --check",
+    "lint:fix": "forge fmt",
     "generate": "bun run generate:libraries",
     "generate:libraries": "bun run ../pega/lib/deployment/cmd/generate-libraries.ts",
     "publish:github": "bun publish --registry=https://npm.pkg.github.com",
@@ -24,7 +26,8 @@
     "tsx": "^4.19.3"
   },
   "devDependencies": {
-    "@types/bun": "latest"
+    "@types/bun": "latest",
+    "lcov-badge2": "^1.1.2"
   },
   "publishConfig": {
     "registry": "https://npm.pkg.github.com"

package/src/CreateXHelper.sol

@@ -6,9 +6,11 @@ import {CreateX} from "./pasted-dependencies/CreateX.sol";
 // See: https://github.com/pcaversaccio/createx/issues/140 apparently this is as good as it gets if you fully compute
 // the address from a salt since the internal _guard function is an essential part of the derivation
 contract CreateXHelper is CreateX {
+
     address internal constant _CREATEX = 0xba5Ed099633D3B313e4D5F7bdc1305d3c28ba5Ed;
 
     function computeCreate3DeployAddress(bytes32 salt) public view returns (address computedAddress) {
-        return CreateX(_CREATEX).computeCreate3Address({salt: _guard(salt) });
+        return CreateX(_CREATEX).computeCreate3Address({salt: _guard(salt)});
     }
+
 }

package/src/DeployUtils.sol

@@ -4,18 +4,9 @@ pragma solidity ^0.8;
 import {IncoLightning} from "./IncoLightning.sol";
 import {Script} from "forge-std/Script.sol";
 import {IIncoLightning} from "./interfaces/IIncoLightning.sol";
-import {Vm} from "forge-std/Vm.sol";
-import {
-    CreateX,
-    createXAddress,
-    createXDeployer
-} from "./pasted-dependencies/CreateX.sol";
+import {CreateX, CREATE_X_ADDRESS, CREATE_X_DEPLOYER} from "./pasted-dependencies/CreateX.sol";
 import {ERC1967Proxy} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
-import {
-    CONTRACT_NAME,
-    MAJOR_VERSION,
-    VERIFIER_NAME
-} from "./version/IncoLightningConfig.sol";
+import {CONTRACT_NAME, MAJOR_VERSION, VERIFIER_NAME} from "./version/IncoLightningConfig.sol";
 import {IncoVerifier} from "./IncoVerifier.sol";
 import {IIncoVerifier} from "./interfaces/IIncoVerifier.sol";
 import {console} from "forge-std/console.sol";
@@ -24,44 +15,39 @@ import {IQuoteVerifier} from "./interfaces/automata-interfaces/IQuoteVerifier.so
 
 // can be set to 0x01 so the inco address can exist on only one chain, we want the same contract at the same address
 // on all chains
-bytes1 constant crossChainDeployAuthorizedFlag = 0x00;
+bytes1 constant CROSS_CHAIN_DEPLOY_AUTHORIZED_FLAG = 0x00;
 
 // GLOSSARY
 // Pepper: a deployment-time string mixed into the salt hash function, used to avoid address collision on deploying
 //      the same contract twice with the same deployer address, name and version
 // Salt: a hash of the contract name, version, deployer address, and pepper.
 //      in the context of deployment using create3 with createX, the salt determines the address of the contract, and
-//      using the crossChainDeployAuthorizedFlag, it prevents the contract from being deployed by someone other than
+//      using the CROSS_CHAIN_DEPLOY_AUTHORIZED_FLAG, it prevents the contract from being deployed by someone other than
 //      the deployer at the expected address
 
 /// @dev not a script in itself, use this contract in tests or scripts to get new instances of IncoLightning
 contract DeployUtils is Script {
+
     /// @dev CreateX is deployed on most chains, use this method for the testing environment
     function deployCreateX() public returns (CreateX createX) {
-        vm.prank(createXDeployer);
+        vm.prank(CREATE_X_DEPLOYER);
         createX = new CreateX();
-        require(createXAddress == address(createX));
+        require(CREATE_X_ADDRESS == address(createX));
         return createX;
     }
 
-    function getSalt(
-        string memory name,
-        uint8 majorVersionNumber,
-        address deployer,
-        string memory pepper
-    ) internal pure returns (bytes32) {
-        return
-            bytes32(
-                abi.encodePacked(
-                    deployer,
-                    crossChainDeployAuthorizedFlag,
-                    bytes11(
-                        keccak256(
-                            abi.encodePacked(name, majorVersionNumber, pepper)
-                        )
-                    )
-                )
-            );
+    function getSalt(string memory name, uint8 majorVersionNumber, address deployer, string memory pepper)
+        internal
+        pure
+        returns (bytes32)
+    {
+        return bytes32(
+            abi.encodePacked(
+                deployer,
+                CROSS_CHAIN_DEPLOY_AUTHORIZED_FLAG,
+                bytes11(keccak256(abi.encodePacked(name, majorVersionNumber, pepper)))
+            )
+        );
     }
 
     /// @notice Computes the address of the contract using CreateX based on the deployer and pepper
@@ -77,25 +63,13 @@ contract DeployUtils is Script {
     /// @param deployer MUST be the signer of the transaction
     /// @param pepper a value used to avoid address collision on deploying the same contract twice with the same deployer
     /// @param quoteVerifier the address of the QuoteVerifier contract to use in the contract
-    function deployIncoLightningUsingConfig(
-        address deployer,
-        string memory pepper,
-        IQuoteVerifier quoteVerifier
-    )
+    function deployIncoLightningUsingConfig(address deployer, string memory pepper, IQuoteVerifier quoteVerifier)
         internal
         returns (IIncoLightning lightningProxy, IIncoVerifier verifierProxy)
     {
-        (bytes32 lightningSalt, bytes32 verifierSalt) = getIncoSalts(
-            deployer,
-            pepper
-        );
+        (bytes32 lightningSalt, bytes32 verifierSalt) = getIncoSalts(deployer, pepper);
         lightningProxy = deployLightning(lightningSalt, verifierSalt, deployer);
-        verifierProxy = deployVerifier(
-            verifierSalt,
-            lightningProxy,
-            deployer,
-            quoteVerifier
-        );
+        verifierProxy = deployVerifier(verifierSalt, lightningProxy, deployer, quoteVerifier);
         console.log(
             "Deploying Inco with executor: %s, deployerAddress: %s, lightning salt: %s",
             vm.toString(address(lightningProxy)),
@@ -104,10 +78,11 @@ contract DeployUtils is Script {
         );
     }
 
-    function getIncoSalts(
-        address deployer,
-        string memory pepper
-    ) internal pure returns (bytes32 lightningSalt, bytes32 verifierSalt) {
+    function getIncoSalts(address deployer, string memory pepper)
+        internal
+        pure
+        returns (bytes32 lightningSalt, bytes32 verifierSalt)
+    {
         lightningSalt = getSalt(CONTRACT_NAME, MAJOR_VERSION, deployer, pepper);
         verifierSalt = getSalt(VERIFIER_NAME, MAJOR_VERSION, deployer, pepper);
     }
@@ -116,16 +91,12 @@ contract DeployUtils is Script {
     /// @param lightningSalt The salt value that will be passed to CreateX
     /// @param verifierSalt The salt value that will be passed to CreateX
     /// @param deployer The address of the deployer
-    function deployLightning(
-        bytes32 lightningSalt,
-        bytes32 verifierSalt,
-        address deployer
-    ) internal returns (IIncoLightning lightningProxy) {
+    function deployLightning(bytes32 lightningSalt, bytes32 verifierSalt, address deployer)
+        internal
+        returns (IIncoLightning lightningProxy)
+    {
         address verifierAddress = computeAddressFromSalt(verifierSalt);
-        IncoLightning lightningImplem = new IncoLightning(
-            lightningSalt,
-            IIncoVerifier(verifierAddress)
-        );
+        IncoLightning lightningImplem = new IncoLightning(lightningSalt, IIncoVerifier(verifierAddress));
         lightningProxy = IIncoLightning(
             deployProxy({
                 salt: lightningSalt,
@@ -169,17 +140,11 @@ contract DeployUtils is Script {
     /// @notice deploys a ERC1967Proxy contract using CreateX (create3 pattern), gives the deployer the ownership of
     ///     the proxy
     /// @dev deployer is made the owner of the contract
-    function deployProxy(
-        bytes32 salt,
-        address implem,
-        bytes memory initCall
-    ) internal returns (address proxy) {
-        CreateX createX = CreateX(createXAddress);
-        bytes memory bytecode = abi.encodePacked(
-            type(ERC1967Proxy).creationCode,
-            abi.encode(implem, initCall)
-        );
+    function deployProxy(bytes32 salt, address implem, bytes memory initCall) internal returns (address proxy) {
+        CreateX createX = CreateX(CREATE_X_ADDRESS);
+        bytes memory bytecode = abi.encodePacked(type(ERC1967Proxy).creationCode, abi.encode(implem, initCall));
         // todo: check if we don't have a double delegatecall cost issue
         proxy = createX.deployCreate3(salt, bytecode);
     }
+
 }

package/src/Errors.sol

@@ -1,4 +1,4 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-    error HandleAlreadyExists(bytes32 handle);
+error HandleAlreadyExists(bytes32 handle);

package/src/IIncoLightning.sol

@@ -16,5 +16,7 @@ interface IIncoLightning is
     IHandleGeneration,
     IVersion
 {
+
     function initialize(address owner) external;
+
 }

package/src/IncoLightning.sol

@@ -2,12 +2,7 @@
 pragma solidity ^0.8;
 
 import {IIncoLightning} from "./interfaces/IIncoLightning.sol";
-import {
-    CONTRACT_NAME,
-    MAJOR_VERSION,
-    MINOR_VERSION,
-    PATCH_VERSION
-} from "./version/IncoLightningConfig.sol";
+import {CONTRACT_NAME, MAJOR_VERSION, MINOR_VERSION, PATCH_VERSION} from "./version/IncoLightningConfig.sol";
 import {EncryptedInput} from "./lightning-parts/EncryptedInput.sol";
 import {EncryptedOperations} from "./lightning-parts/EncryptedOperations.sol";
 import {TrivialEncryption} from "./lightning-parts/TrivialEncryption.sol";
@@ -31,18 +26,10 @@ contract IncoLightning is
     OwnableUpgradeable,
     Version
 {
+
     // salt embeds the deployer address, the contract name, the version and the pepper
-    constructor(
-        bytes32 salt,
-        IIncoVerifier _incoVerifier
-    )
-        Version(
-            MAJOR_VERSION,
-            MINOR_VERSION,
-            PATCH_VERSION,
-            salt,
-            CONTRACT_NAME
-        )
+    constructor(bytes32 salt, IIncoVerifier _incoVerifier)
+        Version(MAJOR_VERSION, MINOR_VERSION, PATCH_VERSION, salt, CONTRACT_NAME)
         VerifierAddressGetter(address(_incoVerifier))
     {}
 
@@ -55,4 +42,5 @@ contract IncoLightning is
     }
 
     fallback() external {} // must be included for createX deploy
+
 }

package/src/IncoVerifier.sol

@@ -9,39 +9,33 @@ import {TEELifecycle} from "./lightning-parts/TEELifecycle.sol";
 import {IIncoVerifier} from "./interfaces/IIncoVerifier.sol";
 import {LightningAddressGetter} from "./lightning-parts/primitives/LightningAddressGetter.sol";
 
-/// @dev implicitely extends OwnableUpgradeable, EIP712Upgradeable, SignatureVerifier, LightningAddressGetter
+/// @dev implicitly extends OwnableUpgradeable, EIP712Upgradeable, SignatureVerifier, LightningAddressGetter
 /// @dev NEVER deploy this contract on its own, always deploy as a joint process with IncoLightning
-contract IncoVerifier is
-    IIncoVerifier,
-    AdvancedAccessControl,
-    DecryptionAttester,
-    TEELifecycle,
-    UUPSUpgradeable
-{
-    constructor(
-        address _incoLightningAddress
-    ) LightningAddressGetter(_incoLightningAddress) {}
+contract IncoVerifier is IIncoVerifier, AdvancedAccessControl, DecryptionAttester, TEELifecycle, UUPSUpgradeable {
+
+    constructor(address _incoLightningAddress) LightningAddressGetter(_incoLightningAddress) {}
 
     function _authorizeUpgrade(address) internal view override {
         require(msg.sender == owner());
     }
 
-    function initialize(
-        address owner,
-        string memory name,
-        string memory version,
-        IQuoteVerifier quoteVerifier
-    ) public initializer {
+    function initialize(address owner, string memory name, string memory version, IQuoteVerifier quoteVerifier)
+        public
+        initializer
+    {
         __Ownable_init(owner);
         __EIP712_init(name, version);
-        __TEELifecycle_init(quoteVerifier);
+        __TeeLifecycle_init(quoteVerifier);
     }
 
+    // forge-lint: disable-next-line(mixed-case-function)
     function getEIP712Name() external view returns (string memory) {
         return _EIP712Name();
     }
 
+    // forge-lint: disable-next-line(mixed-case-function)
     function getEIP712Version() external view returns (string memory) {
         return _EIP712Version();
     }
+
 }