@inco/lightning 0.6.9 → 0.7.0

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 1.1.0
+
+- Add DecryptionAttester to IncoVerifier
+- Merge EOA signers from SignatureVerifier and TEELifecycle
+- IncoLightning to allow multiple signers + threshold
+
 ## 1.0.2
 
 - Inco Fees on:

package/manifest.yaml

@@ -1,3 +1,25 @@
+incoLightning_alphanet_v2_976644394:
+  executor:
+    name: incoLightning_alphanet_v2_976644394
+    majorVersion: 2
+    deployer: "0x8202D2D747784Cb7D48868E44C42C4bf162a70BC"
+    pepper: alphanet
+    executorAddress: "0xc0d693DeEF0A91CE39208676b6da09B822abd199"
+    salt: "0x8202d2d747784cb7d48868e44c42c4bf162a70bc000822f11f6e30f933e76d2a"
+  deployments:
+    - name: incoLightningPreview_2_0_0__976644394
+      chainId: "84532"
+      chainName: Base Sepolia
+      version:
+        major: 2
+        minor: 0
+        patch: 0
+        shortSalt: "976644394"
+      blockNumber: "34459258"
+      deployDate: 2025-12-02T14:46:46.026Z
+      commit: v0.6.9-17-g217794f3-dirty
+      active: true
+      includesPreviewFeatures: true
 incoLightning_alphanet_v1_725458969:
   executor:
     name: incoLightning_alphanet_v1_725458969
@@ -7,6 +29,19 @@ incoLightning_alphanet_v1_725458969:
     executorAddress: "0x28676Cd3b10b03b2FDF105Ba280425b45a674F2A"
     salt: "0x8202d2d747784cb7d48868e44c42c4bf162a70bc004dfbe338c6966a22bcca19"
   deployments:
+    - name: incoLightningPreview_1_1_0__725458969
+      chainId: "84532"
+      chainName: Base Sepolia
+      version:
+        major: 1
+        minor: 1
+        patch: 0
+        shortSalt: "725458969"
+      blockNumber: "34456535"
+      deployDate: 2025-12-02T13:16:00.594Z
+      commit: v0.6.9-16-g428d1837-dirty
+      active: true
+      includesPreviewFeatures: true
     - name: incoLightningPreview_1_0_2__725458969
       chainId: "84532"
       chainName: Base Sepolia

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inco/lightning",
-  "version": "0.6.9",
+  "version": "0.7.0",
   "repository": "https://github.com/Inco-fhevm/inco-monorepo",
   "files": [
     "src/",

package/src/Lib.alphanet.sol

@@ -8,7 +8,7 @@ pragma solidity ^0.8;
 import { IncoLightning } from "./IncoLightning.sol";
 import { ebool, euint256, eaddress, ETypes } from "./Types.sol";
 
-IncoLightning constant inco = IncoLightning(0x28676Cd3b10b03b2FDF105Ba280425b45a674F2A);
+IncoLightning constant inco = IncoLightning(0xc0d693DeEF0A91CE39208676b6da09B822abd199);
 address constant deployedBy = 0x8202D2D747784Cb7D48868E44C42C4bf162a70BC;
 
 function typeOf(bytes32 handle) pure returns (ETypes) {

package/src/Lib.sol

@@ -8,7 +8,7 @@ pragma solidity ^0.8;
 import { IncoLightning } from "./IncoLightning.sol";
 import { ebool, euint256, eaddress, ETypes } from "./Types.sol";
 
-IncoLightning constant inco = IncoLightning(0x28676Cd3b10b03b2FDF105Ba280425b45a674F2A);
+IncoLightning constant inco = IncoLightning(0xc0d693DeEF0A91CE39208676b6da09B822abd199);
 address constant deployedBy = 0x8202D2D747784Cb7D48868E44C42C4bf162a70BC;
 
 function typeOf(bytes32 handle) pure returns (ETypes) {

package/src/Lib.template.sol

@@ -360,9 +360,10 @@ library e {
 
     /// @dev costs the inco fee
     function randBounded(uint256 upperBound) internal returns (euint256) {
-        return euint256.wrap(
-            inco.eRandBounded{value: inco.getFee()}(euint256.unwrap(asEuint256(upperBound)), ETypes.Uint256)
-        );
+        return
+            euint256.wrap(
+                inco.eRandBounded{value: inco.getFee()}(euint256.unwrap(asEuint256(upperBound)), ETypes.Uint256)
+            );
     }
 
     /// @dev costs the inco fee

package/src/Types.sol

@@ -117,7 +117,6 @@ enum EOps {
     EListRange, // 108
     EListShuffle, // 109
     EListReverse // 110
-
 }
 
 type ebool is bytes32;
@@ -230,7 +229,6 @@ enum ETypes {
     EmptyType98,
     EmptyType99,
     List // 100
-
 }
 
 // check correctness of compute

package/src/interfaces/IIncoVerifier.sol

@@ -9,8 +9,7 @@ import {ISignatureVerifier} from "../lightning-parts/primitives/interfaces/ISign
 
 interface IIncoVerifier is IAdvancedAccessControl, IDecryptionAttester, ITEELifecycle, ISignatureVerifier {
 
-    function initialize(address owner, string memory name, string memory version, IQuoteVerifier quoteVerifier)
-        external;
+    function initialize(address owner, string memory name, string memory version, IQuoteVerifier quoteVerifier) external;
     // forge-lint: disable-next-line(mixed-case-function)
     function getEIP712Name() external view returns (string memory);
     // forge-lint: disable-next-line(mixed-case-function)

package/src/libs/incoLightning_alphanet_v2_976644394.sol

@@ -0,0 +1,478 @@
+// AUTOGENERATED FILE. DO NOT EDIT.
+// This file was generated by the IncoLightning library generator.
+// The original template is located at Lib.template.sol
+
+/// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import { IncoLightning } from "../IncoLightning.sol";
+import { ebool, euint256, eaddress, ETypes } from "../Types.sol";
+
+IncoLightning constant inco = IncoLightning(0xc0d693DeEF0A91CE39208676b6da09B822abd199);
+address constant deployedBy = 0x8202D2D747784Cb7D48868E44C42C4bf162a70BC;
+
+function typeOf(bytes32 handle) pure returns (ETypes) {
+    return ETypes(uint8(uint256(handle) >> 8));
+}
+
+library e {
+    function sanitize(euint256 a) internal returns (euint256) {
+        if (euint256.unwrap(a) == bytes32(0)) {
+            return asEuint256(0);
+        }
+        return a;
+    }
+
+    function sanitize(ebool a) internal returns (ebool) {
+        if (ebool.unwrap(a) == bytes32(0)) {
+            return asEbool(false);
+        }
+        return a;
+    }
+
+    function sanitize(eaddress a) internal returns (eaddress) {
+        if (eaddress.unwrap(a) == bytes32(0)) {
+            return asEaddress(address(0));
+        }
+        return a;
+    }
+
+    function s(euint256 a) internal returns (euint256) {
+        return sanitize(a);
+    }
+
+    function s(ebool a) internal returns (ebool) {
+        return sanitize(a);
+    }
+
+    function s(eaddress a) internal returns (eaddress) {
+        return sanitize(a);
+    }
+
+    function add(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eAdd(s(a), s(b));
+    }
+
+    function add(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eAdd(s(a), asEuint256(b));
+    }
+
+    function add(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eAdd(asEuint256(a), s(b));
+    }
+
+    function sub(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eSub(s(a), s(b));
+    }
+
+    function sub(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eSub(s(a), asEuint256(b));
+    }
+
+    function sub(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eSub(asEuint256(a), s(b));
+    }
+
+    function mul(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMul(s(a), s(b));
+    }
+
+    function mul(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eMul(s(a), asEuint256(b));
+    }
+
+    function mul(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMul(asEuint256(a), s(b));
+    }
+
+    function div(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eDiv(s(a), s(b));
+    }
+
+    function div(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eDiv(s(a), asEuint256(b));
+    }
+
+    function div(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eDiv(asEuint256(a), s(b));
+    }
+
+    function rem(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRem(s(a), s(b));
+    }
+
+    function rem(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eRem(s(a), asEuint256(b));
+    }
+
+    function rem(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRem(asEuint256(a), s(b));
+    }
+
+    function and(euint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitAnd(euint256.unwrap(s(a)), euint256.unwrap(s(b))));
+    }
+
+    function and(euint256 a, uint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitAnd(euint256.unwrap(s(a)), euint256.unwrap(asEuint256(b))));
+    }
+
+    function and(uint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitAnd(euint256.unwrap(asEuint256(a)), euint256.unwrap(s(b))));
+    }
+
+    function and(ebool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitAnd(ebool.unwrap(s(a)), ebool.unwrap(s(b))));
+    }
+
+    function and(ebool a, bool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitAnd(ebool.unwrap(s(a)), ebool.unwrap(asEbool(b))));
+    }
+
+    function and(bool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitAnd(ebool.unwrap(asEbool(a)), ebool.unwrap(s(b))));
+    }
+
+    function or(euint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitOr(euint256.unwrap(s(a)), euint256.unwrap(s(b))));
+    }
+
+    function or(euint256 a, uint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitOr(euint256.unwrap(s(a)), euint256.unwrap(asEuint256(b))));
+    }
+
+    function or(uint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitOr(euint256.unwrap(asEuint256(a)), euint256.unwrap(s(b))));
+    }
+
+    function or(ebool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitOr(ebool.unwrap(s(a)), ebool.unwrap(s(b))));
+    }
+
+    function or(ebool a, bool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitOr(ebool.unwrap(s(a)), ebool.unwrap(asEbool(b))));
+    }
+
+    function or(bool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitOr(ebool.unwrap(asEbool(a)), ebool.unwrap(s(b))));
+    }
+
+    function xor(euint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitXor(euint256.unwrap(s(a)), euint256.unwrap(s(b))));
+    }
+
+    function xor(euint256 a, uint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitXor(euint256.unwrap(s(a)), euint256.unwrap(asEuint256(b))));
+    }
+
+    function xor(uint256 a, euint256 b) internal returns (euint256) {
+        return euint256.wrap(inco.eBitXor(euint256.unwrap(asEuint256(a)), euint256.unwrap(s(b))));
+    }
+
+    function xor(ebool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitXor(ebool.unwrap(s(a)), ebool.unwrap(s(b))));
+    }
+
+    function xor(ebool a, bool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitXor(ebool.unwrap(s(a)), ebool.unwrap(asEbool(b))));
+    }
+
+    function xor(bool a, ebool b) internal returns (ebool) {
+        return ebool.wrap(inco.eBitXor(ebool.unwrap(asEbool(a)), ebool.unwrap(s(b))));
+    }
+
+    function shl(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eShl(s(a), s(b));
+    }
+
+    function shl(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eShl(s(a), asEuint256(b));
+    }
+
+    function shl(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eShl(asEuint256(a), s(b));
+    }
+
+    function shr(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eShr(s(a), s(b));
+    }
+
+    function shr(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eShr(s(a), asEuint256(b));
+    }
+
+    function shr(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eShr(asEuint256(a), s(b));
+    }
+
+    function rotl(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRotl(s(a), s(b));
+    }
+
+    function rotl(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eRotl(s(a), asEuint256(b));
+    }
+
+    function rotl(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRotl(asEuint256(a), s(b));
+    }
+
+    function rotr(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRotr(s(a), s(b));
+    }
+
+    function rotr(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eRotr(s(a), asEuint256(b));
+    }
+
+    function rotr(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eRotr(asEuint256(a), s(b));
+    }
+
+    function eq(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eEq(euint256.unwrap(s(a)), euint256.unwrap(s(b)));
+    }
+
+    function eq(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eEq(euint256.unwrap(s(a)), euint256.unwrap(asEuint256(b)));
+    }
+
+    function eq(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eEq(euint256.unwrap(asEuint256(a)), euint256.unwrap(s(b)));
+    }
+
+    function eq(eaddress a, address b) internal returns (ebool) {
+        return inco.eEq(eaddress.unwrap(s(a)), eaddress.unwrap(asEaddress(b)));
+    }
+
+    function eq(eaddress a, eaddress b) internal returns (ebool) {
+        return inco.eEq(eaddress.unwrap(s(a)), eaddress.unwrap(s(b)));
+    }
+
+    function eq(address a, eaddress b) internal returns (ebool) {
+        return inco.eEq(eaddress.unwrap(asEaddress(a)), eaddress.unwrap(s(b)));
+    }
+
+    function ne(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eNe(euint256.unwrap(s(a)), euint256.unwrap(s(b)));
+    }
+
+    function ne(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eNe(euint256.unwrap(s(a)), euint256.unwrap(asEuint256(b)));
+    }
+
+    function ne(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eNe(euint256.unwrap(asEuint256(a)), euint256.unwrap(s(b)));
+    }
+
+    function ne(eaddress a, eaddress b) internal returns (ebool) {
+        return inco.eNe(eaddress.unwrap(s(a)), eaddress.unwrap(s(b)));
+    }
+
+    function ne(eaddress a, address b) internal returns (ebool) {
+        return inco.eNe(eaddress.unwrap(s(a)), eaddress.unwrap(asEaddress(b)));
+    }
+
+    function ne(address a, eaddress b) internal returns (ebool) {
+        return inco.eNe(eaddress.unwrap(asEaddress(a)), eaddress.unwrap(s(b)));
+    }
+
+    function ge(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eGe(s(a), s(b));
+    }
+
+    function ge(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eGe(s(a), asEuint256(b));
+    }
+
+    function ge(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eGe(asEuint256(a), s(b));
+    }
+
+    function gt(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eGt(s(a), s(b));
+    }
+
+    function gt(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eGt(s(a), asEuint256(b));
+    }
+
+    function gt(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eGt(asEuint256(a), s(b));
+    }
+
+    function le(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eLe(s(a), s(b));
+    }
+
+    function le(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eLe(s(a), asEuint256(b));
+    }
+
+    function le(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eLe(asEuint256(a), s(b));
+    }
+
+    function lt(euint256 a, euint256 b) internal returns (ebool) {
+        return inco.eLt(s(a), s(b));
+    }
+
+    function lt(euint256 a, uint256 b) internal returns (ebool) {
+        return inco.eLt(s(a), asEuint256(b));
+    }
+
+    function lt(uint256 a, euint256 b) internal returns (ebool) {
+        return inco.eLt(asEuint256(a), s(b));
+    }
+
+    function min(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMin(s(a), s(b));
+    }
+
+    function min(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eMin(s(a), asEuint256(b));
+    }
+
+    function min(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMin(asEuint256(a), s(b));
+    }
+
+    function max(euint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMax(s(a), s(b));
+    }
+
+    function max(euint256 a, uint256 b) internal returns (euint256) {
+        return inco.eMax(s(a), asEuint256(b));
+    }
+
+    function max(uint256 a, euint256 b) internal returns (euint256) {
+        return inco.eMax(asEuint256(a), s(b));
+    }
+
+    function not(ebool a) internal returns (ebool) {
+        return inco.eNot(s(a));
+    }
+
+    /// @dev costs the inco fee
+    function rand() internal returns (euint256) {
+        return euint256.wrap(inco.eRand{value: inco.getFee()}(ETypes.Uint256));
+    }
+
+    /// @dev costs the inco fee
+    function randBounded(uint256 upperBound) internal returns (euint256) {
+        return euint256.wrap(inco.eRandBounded{value: inco.getFee()}(euint256.unwrap(asEuint256(upperBound)), ETypes.Uint256));
+    }
+
+    /// @dev costs the inco fee
+    function randBounded(euint256 upperBound) internal returns (euint256) {
+        return euint256.wrap(inco.eRandBounded{value: inco.getFee()}(euint256.unwrap(s(upperBound)), ETypes.Uint256));
+    }
+
+    function asEuint256(uint256 a) internal returns (euint256) {
+        return inco.asEuint256(a);
+    }
+
+    function asEbool(bool a) internal returns (ebool) {
+        return inco.asEbool(a);
+    }
+
+    function asEaddress(address a) internal returns (eaddress) {
+        return inco.asEaddress(a);
+    }
+
+    function asEbool(euint256 a) internal returns (ebool) {
+        return ebool.wrap(inco.eCast(euint256.unwrap(a), ETypes.Bool));
+    }
+
+    function asEuint256(ebool a) internal returns (euint256) {
+        return euint256.wrap(inco.eCast(ebool.unwrap(a), ETypes.Uint256));
+    }
+
+    /// @notice Creates a new encrypted uint256 assuming msg.sender is the user
+    ///  @dev costs the inco fee
+    function newEuint256(bytes memory ciphertext) internal returns (euint256) {
+        return newEuint256(ciphertext, msg.sender);
+    }
+
+    /// @notice Creates a new encrypted uint256 for the given user.
+    ///  @dev costs the inco fee
+    function newEuint256(bytes memory ciphertext, address user) internal returns (euint256) {
+        return inco.newEuint256{value: inco.getFee()}(ciphertext, user);
+    }
+
+    /// @notice Creates a new encrypted bool assuming msg.sender is the user
+    ///  @dev costs the inco fee
+    function newEbool(bytes memory ciphertext) internal returns (ebool) {
+        return newEbool(ciphertext, msg.sender);
+    }
+
+    /// @notice Creates a new encrypted bool for the given user.
+    ///  @dev costs the inco fee
+    function newEbool(bytes memory ciphertext, address user) internal returns (ebool) {
+        return inco.newEbool{value: inco.getFee()}(ciphertext, user);
+    }
+
+    /// @notice Creates a new encrypted address assuming msg.sender is the user
+    ///  @dev costs the inco fee
+    function newEaddress(bytes memory ciphertext) internal returns (eaddress) {
+        return newEaddress(ciphertext, msg.sender);
+    }
+
+    /// @notice Creates a new encrypted address for the given user.
+    ///  @dev costs the inco fee
+    function newEaddress(bytes memory ciphertext, address user) internal returns (eaddress) {
+        return inco.newEaddress{value: inco.getFee()}(ciphertext, user);
+    }
+
+    function allow(euint256 a, address to) internal {
+        inco.allow(euint256.unwrap(a), to);
+    }
+
+    function allow(ebool a, address to) internal {
+        inco.allow(ebool.unwrap(a), to);
+    }
+
+    function allow(eaddress a, address to) internal {
+        inco.allow(eaddress.unwrap(a), to);
+    }
+
+    function reveal(euint256 a) internal {
+        inco.reveal(euint256.unwrap(a));
+    }
+
+    function reveal(ebool a) internal {
+        inco.reveal(ebool.unwrap(a));
+    }
+
+    function reveal(eaddress a) internal {
+        inco.reveal(eaddress.unwrap(a));
+    }
+
+    function allowThis(euint256 a) internal {
+        allow(a, address(this));
+    }
+
+    function allowThis(ebool a) internal {
+        allow(a, address(this));
+    }
+
+    function allowThis(eaddress a) internal {
+        allow(a, address(this));
+    }
+
+    function isAllowed(address user, euint256 a) internal view returns (bool) {
+        return inco.isAllowed(euint256.unwrap(a), user);
+    }
+
+    function select(ebool control, euint256 ifTrue, euint256 ifFalse) internal returns (euint256) {
+        return euint256.wrap(inco.eIfThenElse(s(control), euint256.unwrap(s(ifTrue)), euint256.unwrap(s(ifFalse))));
+    }
+
+    function select(ebool control, ebool ifTrue, ebool ifFalse) internal returns (ebool) {
+        return ebool.wrap(inco.eIfThenElse(s(control), ebool.unwrap(s(ifTrue)), ebool.unwrap(s(ifFalse))));
+    }
+
+    function select(ebool control, eaddress ifTrue, eaddress ifFalse) internal returns (eaddress) {
+        return eaddress.wrap(inco.eIfThenElse(s(control), eaddress.unwrap(s(ifTrue)), eaddress.unwrap(s(ifFalse))));
+    }
+}

package/src/lightning-parts/AccessControl/AdvancedAccessControl.sol

@@ -78,11 +78,12 @@ abstract contract AdvancedAccessControl is
             proof.voucher.sessionNonce == sharerActiveVouchersSessionNonce,
             InvalidVoucherSessionNonce(proof.voucher.sessionNonce, sharerActiveVouchersSessionNonce)
         );
-        (bool success, bytes memory result) = proof.voucher.verifyingContract.call(
-            abi.encodeWithSelector(
-                proof.voucher.callFunction, handle, account, proof.voucher.sharerArgData, proof.requesterArgData
-            )
-        );
+        (bool success, bytes memory result) = proof.voucher.verifyingContract
+            .call(
+                abi.encodeWithSelector(
+                    proof.voucher.callFunction, handle, account, proof.voucher.sharerArgData, proof.requesterArgData
+                )
+            );
         return (success && result.length >= 32 && abi.decode(result, (bytes32)) == ALLOWANCE_GRANTED_MAGIC_VALUE);
     }
 

package/src/lightning-parts/AccessControl/test/TestAdvancedAccessControl.t.sol

@@ -60,7 +60,11 @@ contract DoesNotVerifyAnything {
         address, /* account */
         bytes memory, /* sharerArgData */
         bytes memory /* requesterArgData */
-    ) public pure returns (bytes32) {
+    )
+        public
+        pure
+        returns (bytes32)
+    {
         return ALLOWANCE_GRANTED_MAGIC_VALUE;
     }
 
@@ -180,10 +184,7 @@ contract TestAdvancedAccessControl is IncoTest {
     function getBobsProof(AllowanceVoucher memory alicesVoucher) private view returns (AllowanceProof memory) {
         bytes memory voucherSignature = getAliceSig(alicesVoucher);
         return AllowanceProof({
-            sharer: alice,
-            voucher: alicesVoucher,
-            voucherSignature: voucherSignature,
-            requesterArgData: ""
+            sharer: alice, voucher: alicesVoucher, voucherSignature: voucherSignature, requesterArgData: ""
         });
     }
 

package/src/lightning-parts/EncryptedOperations.sol

@@ -46,7 +46,12 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
         uint256 indexed counter, ETypes randType, bytes32 indexed upperBound, bytes32 indexed result, uint256 eventId
     );
     event EIfThenElse( // can't index >3 fields
-    ebool control, bytes32 indexed ifTrue, bytes32 indexed ifFalse, bytes32 indexed result, uint256 eventId);
+        ebool control,
+        bytes32 indexed ifTrue,
+        bytes32 indexed ifFalse,
+        bytes32 indexed result,
+        uint256 eventId
+    );
     event ENot(ebool indexed operand, ebool indexed result, uint256 eventId);
     event ECast(bytes32 indexed ct, uint8 indexed toType, bytes32 indexed result, uint256 eventId);
 
@@ -274,8 +279,8 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
     }
 
     function eCast(bytes32 ct, ETypes toType) external returns (bytes32 result) {
-        bytes32 baseHandle = keccak256(abi.encodePacked(EOps.Cast, ct));
-        result = embedTypeVersion(baseHandle, toType);
+        require(isTypeSupported(toType), UnsupportedType(toType));
+        result = createResultHandle(EOps.Cast, toType, abi.encodePacked(ct));
         allowTransientInternal(result, msg.sender);
         uint256 id = getNextEventId();
         emit ECast(ct, uint8(toType), result, id);
@@ -304,8 +309,8 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
     // todo add support in testing framework
     function eIfThenElse(ebool control, bytes32 ifTrue, bytes32 ifFalse) external returns (bytes32 result) {
         ETypes returnType = checkEIfThenElseInputs(control, ifTrue, ifFalse);
-        bytes32 baseHandle = keccak256(abi.encodePacked(EOps.IfThenElse, ebool.unwrap(control), ifTrue, ifFalse));
-        result = embedTypeVersion(baseHandle, returnType);
+        result =
+            createResultHandle(EOps.IfThenElse, returnType, abi.encodePacked(ebool.unwrap(control), ifTrue, ifFalse));
         allowTransientInternal(result, msg.sender);
         uint256 id = getNextEventId();
         emit EIfThenElse(control, ifTrue, ifFalse, result, id);

package/src/lightning-parts/TEELifecycle.sol

@@ -389,9 +389,10 @@ abstract contract TEELifecycle is
     }
 
     function bootstrapResultDigest(BootstrapResult memory bootstrapResult) public view returns (bytes32) {
-        return _hashTypedDataV4(
-            keccak256(abi.encode(BOOTSTRAP_RESULT_STRUCT_HASH, keccak256(bootstrapResult.ecies_pubkey)))
-        );
+        return
+            _hashTypedDataV4(
+                keccak256(abi.encode(BOOTSTRAP_RESULT_STRUCT_HASH, keccak256(bootstrapResult.ecies_pubkey)))
+            );
     }
 
     function upgradeResultDigest(UpgradeResult memory upgradeResult) public view returns (bytes32) {

package/src/pasted-dependencies/CreateX.sol

@@ -232,9 +232,7 @@ contract CreateX {
 
         (bool success, bytes memory returnData) = proxy.call{value: msg.value}(data);
         _requireSuccessfulContractInitialisation({
-            success: success,
-            returnData: returnData,
-            implementation: implementation
+            success: success, returnData: returnData, implementation: implementation
         });
     }
 
@@ -420,11 +418,7 @@ contract CreateX {
         // Note that the safeguarding function `_guard` is called as part of the overloaded function
         // `deployCreate2AndInit`.
         newContract = deployCreate2AndInit({
-            salt: salt,
-            initCode: initCode,
-            data: data,
-            values: values,
-            refundAddress: msg.sender
+            salt: salt, initCode: initCode, data: data, values: values, refundAddress: msg.sender
         });
     }
 
@@ -453,11 +447,7 @@ contract CreateX {
         // Note that the safeguarding function `_guard` is called as part of the overloaded function
         // `deployCreate2AndInit`.
         newContract = deployCreate2AndInit({
-            salt: _generateSalt(),
-            initCode: initCode,
-            data: data,
-            values: values,
-            refundAddress: refundAddress
+            salt: _generateSalt(), initCode: initCode, data: data, values: values, refundAddress: refundAddress
         });
     }
 
@@ -485,11 +475,7 @@ contract CreateX {
         // Note that the safeguarding function `_guard` is called as part of the overloaded function
         // `deployCreate2AndInit`.
         newContract = deployCreate2AndInit({
-            salt: _generateSalt(),
-            initCode: initCode,
-            data: data,
-            values: values,
-            refundAddress: msg.sender
+            salt: _generateSalt(), initCode: initCode, data: data, values: values, refundAddress: msg.sender
         });
     }
 
@@ -527,9 +513,7 @@ contract CreateX {
 
         (bool success, bytes memory returnData) = proxy.call{value: msg.value}(data);
         _requireSuccessfulContractInitialisation({
-            success: success,
-            returnData: returnData,
-            implementation: implementation
+            success: success, returnData: returnData, implementation: implementation
         });
     }
 
@@ -741,11 +725,7 @@ contract CreateX {
         // Note that the safeguarding function `_guard` is called as part of the overloaded function
         // `deployCreate3AndInit`.
         newContract = deployCreate3AndInit({
-            salt: salt,
-            initCode: initCode,
-            data: data,
-            values: values,
-            refundAddress: msg.sender
+            salt: salt, initCode: initCode, data: data, values: values, refundAddress: msg.sender
         });
     }
 
@@ -775,11 +755,7 @@ contract CreateX {
         // Note that the safeguarding function `_guard` is called as part of the overloaded function
         // `deployCreate3AndInit`.
         newContract = deployCreate3AndInit({
-            salt: _generateSalt(),
-            initCode: initCode,
-            data: data,
-            values: values,
-            refundAddress: refundAddress
+            salt: _generateSalt(), initCode: initCode, data: data, values: values, refundAddress: refundAddress
         });
     }
 
@@ -808,11 +784,7 @@ contract CreateX {
         // Note that the safeguarding function `_guard` is called as part of the overloaded function
         // `deployCreate3AndInit`.
         newContract = deployCreate3AndInit({
-            salt: _generateSalt(),
-            initCode: initCode,
-            data: data,
-            values: values,
-            refundAddress: msg.sender
+            salt: _generateSalt(), initCode: initCode, data: data, values: values, refundAddress: msg.sender
         });
     }
 

package/src/pasted-dependencies/ICreateX.sol

@@ -100,10 +100,7 @@ interface ICreateX {
         pure
         returns (address computedAddress);
 
-    function computeCreate2Address(bytes32 salt, bytes32 initCodeHash)
-        external
-        view
-        returns (address computedAddress);
+    function computeCreate2Address(bytes32 salt, bytes32 initCodeHash) external view returns (address computedAddress);
 
     /*´:°•.°+.*•´.*:˚.°*.˚•´.°:°•.°•.*•´.*:˚.°*.˚•´.°:°•.°+.*•´.*:*/
     /*                           CREATE3                          */

package/src/periphery/SessionVerifier.sol

@@ -40,7 +40,11 @@ contract SessionVerifier is UUPSUpgradeable, OwnableUpgradeable, Version {
         address account,
         bytes memory sharerArgData,
         bytes memory /* requesterArgData */
-    ) external view returns (bytes32) {
+    )
+        external
+        view
+        returns (bytes32)
+    {
         Session memory session = abi.decode(sharerArgData, (Session));
         if (session.expiresAt >= block.timestamp && session.decrypter == account) {
             return ALLOWANCE_GRANTED_MAGIC_VALUE;

package/src/shared/TestUtils.sol

@@ -6,7 +6,8 @@ import {Test} from "forge-std/Test.sol";
 contract TestUtils is Test {
 
     address private constant ANVIL_ZEROTH_ADDRESS = 0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266;
-    uint256 private constant ANVIL_ZEROTH_PRIV_KEY = 0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80;
+    uint256 private constant ANVIL_ZEROTH_PRIVATE_KEY =
+        0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80;
 
     uint256 internal alicePrivKey;
     address internal immutable alice;
@@ -20,8 +21,8 @@ contract TestUtils is Test {
     address internal immutable eve;
 
     // it is convenient for e2e tests to use these well-known addresses for the TEE
-    address internal constant teeEOA = ANVIL_ZEROTH_ADDRESS;
-    uint256 internal constant teePrivKey = ANVIL_ZEROTH_PRIV_KEY;
+    address internal teeEOA = ANVIL_ZEROTH_ADDRESS;
+    uint256 internal teePrivKey = ANVIL_ZEROTH_PRIVATE_KEY;
 
     constructor() {
         (alicePrivKey, alice) = getLabeledKeyPair("alice");

package/src/test/FakeIncoInfra/FakeDecryptionAttester.sol

@@ -108,8 +108,7 @@ contract FakeDecryptionAttester is FakeIncoInfraBase, FakeComputeServer {
     {
         ETypes resultType = opToResultType(op);
         decryption = DecryptionAttestation({
-            handle: inco.getOpResultHandle(op, resultType, abi.encodePacked(lhsHandle, rhsHandle)),
-            value: encodedResult
+            handle: inco.getOpResultHandle(op, resultType, abi.encodePacked(lhsHandle, rhsHandle)), value: encodedResult
         });
         signature = signDecryption(decryption);
     }

package/src/test/FakeIncoInfra/MockRemoteAttestation.sol

@@ -41,9 +41,13 @@ contract MockRemoteAttestation is TestUtils {
     }
 
     // Helper function to create a successful bootstrap result
-    function successfulBootstrapResult(ITEELifecycle teeLifecycle)
+    function successfulBootstrapResult(
+        ITEELifecycle teeLifecycle,
+        bytes memory eciesPublicKey,
+        address signer,
+        uint256 signerPrivKey
+    )
         internal
-        view
         returns (
             BootstrapResult memory bootstrapResult,
             bytes memory quote,
@@ -51,8 +55,7 @@ contract MockRemoteAttestation is TestUtils {
             bytes32 mrAggregated
         )
     {
-        // FIXME[Silas]: we should pass this value in as part of plan
-        bytes memory eciesPubkey = hex"02516bda9e68a1c3dce74dc1b6ed7d91a91d51c1e1933947f06331cef59631e9eb";
+        bytes memory eciesPubkey = eciesPublicKey;
         // See DEFAULT_MRTD in attestation/src/remote_attestation.rs
         bytes memory mrtd =
             hex"010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101";
@@ -61,8 +64,11 @@ contract MockRemoteAttestation is TestUtils {
         mrAggregated = hex"c3a67bac251d4946d7b17481d39631676042fe3afab06e70c22105ad8383c19f";
         bootstrapResult = BootstrapResult({ecies_pubkey: eciesPubkey});
 
-        quote = createQuote(mrtd, teeEOA);
-        signature = signBootstrapResult(bootstrapResult, teePrivKey, teeLifecycle);
+        quote = createQuote(mrtd, signer);
+        signature = signBootstrapResult(bootstrapResult, signerPrivKey, teeLifecycle);
+        // We set the signer address and priv key as part of the bootstrap for non-tee setups
+        teeEOA = signer;
+        teePrivKey = signerPrivKey;
     }
 
     // Helper function to sign the bootstrap result

package/src/test/IncoTest.sol

@@ -20,6 +20,12 @@ contract IncoTest is MockOpHandler, DeployUtils, FakeDecryptionAttester, MockRem
     // forge-lint: disable-next-line(screaming-snake-case-immutable)
     address immutable testDeployer;
 
+    // Constants for testing
+    bytes testNetworkPubkey = hex"02516bda9e68a1c3dce74dc1b6ed7d91a91d51c1e1933947f06331cef59631e9eb";
+    address private constant ANVIL_ZEROTH_ADDRESS = 0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266;
+    uint256 private constant ANVIL_ZEROTH_PRIVATE_KEY =
+        0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80;
+
     constructor() {
         owner = getLabeledAddress("owner");
         // extracted from the deploy script running as bare simulation with:
@@ -51,8 +57,9 @@ contract IncoTest is MockOpHandler, DeployUtils, FakeDecryptionAttester, MockRem
             "generated inco address in Lib.sol does not match address of inco deployed by IncoTest"
         );
         vm.startPrank(owner);
-        (BootstrapResult memory bootstrapResult, bytes memory quote, bytes memory signature, bytes32 mrAggregated) =
-            successfulBootstrapResult(inco.incoVerifier());
+        (BootstrapResult memory bootstrapResult, bytes memory quote, bytes memory signature, bytes32 mrAggregated) = successfulBootstrapResult(
+            inco.incoVerifier(), testNetworkPubkey, ANVIL_ZEROTH_ADDRESS, ANVIL_ZEROTH_PRIVATE_KEY
+        );
         inco.incoVerifier().approveNewTeeVersion(mrAggregated);
         inco.incoVerifier().verifyBootstrapResult(bootstrapResult, quote, signature);
         inco.incoVerifier().setThreshold(1);

package/src/test/OpsTest.sol

@@ -426,4 +426,13 @@ contract OpsTest is Fee {
         return encryptedAddress;
     }
 
+    // ============ CAST OPERATIONS ============
+
+    function testCast(bytes32 a, ETypes to) external returns (bytes32) {
+        bytes32 result = inco.eCast(a, to);
+        inco.allow(result, address(this));
+        inco.allow(result, msg.sender);
+        return result;
+    }
+
 }

package/src/test/TEELifecycle/TEELifecycleMockTest.t.sol

@@ -9,8 +9,7 @@ import {FakeQuoteVerifier} from "../FakeIncoInfra/FakeQuoteVerifier.sol";
 contract TEELifecycleMockTest is MockRemoteAttestation, TEELifecycle {
 
     // Constants for testing
-    bytes testNetworkPubkey =
-        hex"04ff5c6dd72ad7583288b84ee2598e081fe0bc6ef543c342e925a5dfcff9afb2444d25454d7d5dcfadc9ed99477c245efa93caf58d7f58143300d81cc948e7bdf5";
+    bytes testNetworkPubkey = hex"02516bda9e68a1c3dce74dc1b6ed7d91a91d51c1e1933947f06331cef59631e9eb";
     // See DEFAULT_MRTD in attestation/src/remote_attestation.rs
     bytes testMrtd =
         hex"010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101";
@@ -37,7 +36,7 @@ contract TEELifecycleMockTest is MockRemoteAttestation, TEELifecycle {
             hex"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef";
 
         (BootstrapResult memory bootstrapResult, bytes memory quote, bytes memory signature, bytes32 mrAggregated) =
-            successfulBootstrapResult(this);
+            successfulBootstrapResult(this, testNetworkPubkey, teeEOA, teePrivKey);
 
         quote = createQuote(badMrtd, teeEOA); // Replace with bad MRTD
         vm.startPrank(this.owner());

package/src/test/TestExtractDataOfEventTooLarge.t.sol

@@ -4,7 +4,12 @@ pragma solidity ^0.8;
 import {Test, Vm, console} from "forge-std/Test.sol";
 
 event EventTooLarge( // can't index >3 fields
-bytes32 control, bytes32 indexed ifTrue, bytes32 indexed ifFalse, bytes32 indexed result, uint256 eventId);
+    bytes32 control,
+    bytes32 indexed ifTrue,
+    bytes32 indexed ifFalse,
+    bytes32 indexed result,
+    uint256 eventId
+);
 
 contract Emitter {
 

package/src/version/IncoLightningConfig.sol

@@ -7,12 +7,12 @@ pragma solidity ^0.8;
 // UPDATE the CHANGELOG on new versions
 
 string constant CONTRACT_NAME = "incoLightning";
-uint8 constant MAJOR_VERSION = 1;
+uint8 constant MAJOR_VERSION = 2;
 uint8 constant MINOR_VERSION = 0;
 // whenever a new version is deployed, we need to pump this up
 // otherwise make test_upgrade will fail
 // consequently, when we do a patch release, we don't need to pump it as it's already pumped
 // when the previous release was done
-uint8 constant PATCH_VERSION = 4;
+uint8 constant PATCH_VERSION = 1;
 
 string constant VERIFIER_NAME = "incoVerifier";

package/src/version/Version.sol

@@ -43,9 +43,10 @@ contract Version is IVersion {
     }
 
     function versionString(uint8 major, uint8 minor, uint8 patch) internal pure returns (string memory) {
-        return string(
-            abi.encodePacked(Strings.toString(major), "_", Strings.toString(minor), "_", Strings.toString(patch))
-        );
+        return
+            string(
+                abi.encodePacked(Strings.toString(major), "_", Strings.toString(minor), "_", Strings.toString(patch))
+            );
     }
 
     function getName() public view virtual returns (string memory) {