@inco/lightning 0.8.0-devnet-2 → 0.8.0-devnet-4

package/README.md

@@ -1,8 +1,8 @@
-# Inco lite
+# Inco Lightning
 
-![coverage](./coverage.svg)
+The core Inco Lightning smart contracts library for building confidential applications on EVM chains.
 
-<!-- todo #1035 upgrade deployment and upgrade documentation now outdated @silasdavis -->
+![coverage](./coverage.svg)
 
 ## Install dependencies
 
@@ -12,7 +12,7 @@ bun install
 
 ## Build
 
-Use [forge](https://book.getfoundry.sh/getting-started/installation) version 1.0 or higher
+See [Foundry version requirements](../README.md#foundry-version-requirements) for version guidance.
 
 ```sh
 forge build
@@ -36,58 +36,32 @@ make coverage
 
 > This generates an lcov report, filters out `node_modules`, autogenerated contracts and other contracts that we don't want to include in the report (`Lib.XXXnet.sol`, etc.). Eventually, it `genhtml` the filtered lcov in `coverage` and a `lcov-badge` visible in this readme. You can check the latest coverage stats [here](./coverage/index.html).
 
-> Note: You need `lcov` for the `make coverage` to work
-> For MacOS - `brew install lcov`
-
-## Deploy
-
-### One-time key import
-
-1. Import key into Foundry cast wallet using [`make import_sepolia_deployer`](./Makefile)
-
-### Deploy new IncoLite contracts
-
-Targest for deploying the contracts are in the [Makefile](./Makefile). There are separate targtes for each chain and a target that deploys to all of them.
-
-The version of the contracts that will be deployed is defined by the current working directory and it will be deployed to an address that is deterministically calculated based on:
-
-- The contract name
-- The contract version
-- The deployer address
-- An optional deploy-time 'pepper'
-
-The contract name and version are constants in [IncoLightningConfig.sol](./src/version/IncoLightningConfig.sol) and the deployer address is the address of the wallet that is used to deploy the contracts. The optional deploy-time 'pepper' is a deployment-time string that can be chosen to alter the contract address for each deployment in the case where you what to differentiate a deployment from others.
-
-The point of the deterministic address is that holding the values above constant we can obtain a consistent canonical deployment address across all chains.
-
-#### Deployment process
-
-1. Bump IncoLite version in [IncoLightningConfig.sol](./src/version/IncoLightningConfig.sol)
-2. Run [`make deploy_multichain`](./Makefile) - this will update the manifest with the new release
-3. Run [`make deploy_test_contracts_multichain`](./Makefile)
+> **Note:** Coverage requires `lcov` (`brew install lcov` on macOS) and Foundry v1.3.6. See [Foundry version requirements](../README.md#foundry-version-requirements).
 
-##### Providing a pepper
+## Directory Structure
 
-If you want to provide a pepper then use `make deploy_multichain INCO_LITE_PEPPER=<pepper>` where `pepper` is the string you want to use. This will be used to calculate the contract address and will be included in the manifest.
+| Directory      | Description                                        |
+| -------------- | -------------------------------------------------- |
+| `src/`         | Main contract source code                          |
+| `src/libs/`    | Release libraries that link to versioned executors |
+| `src/version/` | Version configuration (`IncoLightningConfig.sol`)  |
+| `test/`        | Unit tests                                         |
+| `script/`      | Utility scripts                                    |
 
-## Defining a release without explicit deployment
+## Makefile Commands
 
-The deployment machinery is currently in a halfway house whereby we capture releases at the same time as performing smart contract deployments locally. In the future we expect the contract deployment (and later upgrade) processes to be run by CI or a by a covalidator initialisation container. At that point rather than the manifest being an artefact of record it will be a declaration of intent. At the moment it serves both purposes, but will be refactored to remove the deployment log capture element.
+| Command         | Description                          |
+| --------------- | ------------------------------------ |
+| `make build`    | Build contracts with Foundry         |
+| `make test`     | Run unit tests                       |
+| `make coverage` | Generate coverage report (uses lcov) |
+| `make lint`     | Lint Solidity files                  |
 
-With a nod to the future we provide the `make release` target which performs a simulated deploy, updates the manifest with a dummy deployment, and declares a release.
-
-## Deploy NPM modules
-
-1. Bump contracts NPM version in [package.json](./package.json)
-2. Bump JS NPM version in [package.json](../js/package.json)
-3. Publish contracts `npm publish:github`
-4. Build JS [`make build`](../js/Makefile) (depends on contract deployment being done first)
-5. Publish js `npm publish:github`
+## Deploy
 
-## Build covalidator docker images
+For comprehensive deployment and upgrade instructions, see [`lightning-deployment/`](../lightning-deployment/README.md).
 
-1. PR to main
-2. Manually grab hash from dockerhub which is also `git describe --tags --always --dirty`
+Contract version is defined in [`IncoLightningConfig.sol`](./src/version/IncoLightningConfig.sol).
 
 ## Manifest file
 
@@ -102,21 +76,3 @@ incoLightning_<major>_<minor>_<patch>__<salt>
 ```
 
 The salt is derived from the version and additional value called the `pepper`. The salt determines the on-chain address of the release, whence the pepper can be used to for releases of the same contract versions with separate state and addresses (e.g. for testing purposes).
-
-## Deployment dumps
-
-In [`dumps`](./dumps) you can find a sequence of pairs of files named with the following format:
-
-```
-<release_name>.dump.json
-```
-
-Contains an [Anvil](https://book.getfoundry.sh/anvil/) state dump that can be loaded with `anvil --load-state <state-dump-file>`, which you see used in our local node [`docker-compose`](../../docker-compose.yaml) setup.
-
-```
-<release_name>.env
-```
-
-Is a dump parameters file, it contains a set of private and public keys, configuration for a covalidator, utility addresss, and the executor address as it exists in the particular state dump.
-
-Everything require to run a local covalidator (in docker or otherwise), to encrypt values and communicate with the executor contract of the dump, is included within this parameters file. The secrets are generated for each dump.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@inco/lightning",
-  "version": "0.8.0-devnet-2",
+  "version": "0.8.0-devnet-4",
   "repository": "https://github.com/Inco-fhevm/inco-monorepo",
   "files": [
     "src/",

package/src/lightning-parts/AccessControl/test/TestAdvancedAccessControl.t.sol

@@ -4,11 +4,12 @@ pragma solidity ^0.8;
 import {IncoTest} from "../../../test/IncoTest.sol";
 import {SessionVerifier, Session} from "../../../periphery/SessionVerifier.sol";
 import {AllowanceVoucher, AllowanceProof} from "../AdvancedAccessControl.sol";
-import {euint256} from "../../../Types.sol";
+import {euint256, SharerNotAllowedForHandle} from "../../../Types.sol";
 import {e, inco} from "../../../Lib.sol";
 import {AdvancedAccessControl} from "../AdvancedAccessControl.sol";
 import {ALLOWANCE_GRANTED_MAGIC_VALUE} from "../../../Types.sol";
 import {IIncoVerifier} from "../../../interfaces/IIncoVerifier.sol";
+import {BaseAccessControlList} from "../BaseAccessControlList.sol";
 
 contract SomeContractWithConfidentialData {
 
@@ -192,4 +193,77 @@ contract TestAdvancedAccessControl is IncoTest {
         return getSignatureForDigest(incoVerifier.allowanceVoucherDigest(voucher), alicePrivKey);
     }
 
+    /// @notice Test SharerNotAllowedForHandle error when sharer is not allowed
+    function testIsAllowedWithProofSharerNotAllowed() public {
+        DoesNotVerifyAnything verifier = new DoesNotVerifyAnything();
+        AllowanceVoucher memory voucher = AllowanceVoucher({
+            sessionNonce: bytes32(0),
+            verifyingContract: address(verifier),
+            callFunction: verifier.someCheck.selector,
+            sharerArgData: ""
+        });
+        // Use bob as sharer, but bob is NOT allowed on the secret (only alice is)
+        AllowanceProof memory proof = AllowanceProof({
+            sharer: bob,
+            voucher: voucher,
+            voucherSignature: getSignatureForDigest(incoVerifier.allowanceVoucherDigest(voucher), bobPrivKey),
+            requesterArgData: ""
+        });
+        vm.expectRevert(abi.encodeWithSelector(SharerNotAllowedForHandle.selector, secretHandle, bob));
+        incoVerifier.isAllowedWithProof(secretHandle, carol, proof);
+    }
+
+    /// @notice Test InvalidVoucherSignature error when signature is invalid
+    function testIsAllowedWithProofInvalidSignature() public {
+        DoesNotVerifyAnything verifier = new DoesNotVerifyAnything();
+        AllowanceVoucher memory voucher = AllowanceVoucher({
+            sessionNonce: bytes32(0),
+            verifyingContract: address(verifier),
+            callFunction: verifier.someCheck.selector,
+            sharerArgData: ""
+        });
+        // Alice is the sharer (and is allowed), but we sign with Bob's key
+        bytes memory wrongSignature = getSignatureForDigest(incoVerifier.allowanceVoucherDigest(voucher), bobPrivKey);
+        AllowanceProof memory proof =
+            AllowanceProof({sharer: alice, voucher: voucher, voucherSignature: wrongSignature, requesterArgData: ""});
+        bytes32 voucherDigest = incoVerifier.allowanceVoucherDigest(voucher);
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                AdvancedAccessControl.InvalidVoucherSignature.selector, alice, voucherDigest, wrongSignature
+            )
+        );
+        incoVerifier.isAllowedWithProof(secretHandle, bob, proof);
+    }
+
+    /// @notice Test claimHandle fails when proof verification fails (line 107)
+    function testClaimHandleProofVerificationFailed() public {
+        SomeVerifier verifier = new SomeVerifier();
+        // Create a voucher that will be valid signature-wise but the verifier will return false
+        // because we pass wrong requesterArgData (not 0xbeef)
+        AllowanceVoucher memory voucher = AllowanceVoucher({
+            sessionNonce: bytes32(0),
+            verifyingContract: address(verifier),
+            callFunction: verifier.someCheck.selector,
+            sharerArgData: abi.encode(SomeVerifier.SharerArg({handleShared: secretHandle, allowedAccount: bob}))
+        });
+        AllowanceProof memory proof = AllowanceProof({
+            sharer: alice, // alice IS allowed on the secret
+            voucher: voucher,
+            voucherSignature: getAliceSig(voucher),
+            requesterArgData: abi.encode(SomeVerifier.RequesterArg({mustBeBeef: bytes2(0x1234)})) // WRONG! Not 0xbeef
+        });
+
+        // isAllowedWithProof should return false (not revert), then claimHandle should revert
+        vm.prank(bob);
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                BaseAccessControlList.ProofVerificationFailed.selector,
+                address(verifier),
+                verifier.someCheck.selector,
+                abi.encode(SomeVerifier.SharerArg({handleShared: secretHandle, allowedAccount: bob}))
+            )
+        );
+        inco.claimHandle(secretHandle, proof);
+    }
+
 }

package/src/lightning-parts/AccessControl/test/TestBaseAccessControl.t.sol

@@ -4,6 +4,7 @@ pragma solidity ^0.8;
 import {BaseAccessControlList} from "../BaseAccessControlList.sol";
 import {VerifierAddressGetter} from "../../primitives/VerifierAddressGetter.sol";
 import {euint256, inco} from "../../../Lib.sol";
+import {SenderNotAllowedForHandle} from "../../../Types.sol";
 import {IncoTest} from "../../../test/IncoTest.sol";
 
 contract TestBaseAccessControl is BaseAccessControlList, IncoTest {
@@ -25,4 +26,248 @@ contract TestBaseAccessControl is BaseAccessControlList, IncoTest {
         assert(inco.isAllowed(euint256.unwrap(secret), alice));
     }
 
+    // ============ allowTransient Tests ============
+
+    function testAllowTransient() public {
+        euint256 secret = inco.asEuint256(42);
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Initially bob is not allowed
+        assertFalse(inco.isAllowed(handle, bob));
+
+        // Allow transient access from this contract (which is allowed)
+        inco.allowTransient(handle, bob);
+
+        // Bob should now have transient access
+        assertTrue(inco.allowedTransient(handle, bob));
+        assertTrue(inco.isAllowed(handle, bob));
+    }
+
+    function testAllowTransient_RevertsWhenSenderNotAllowed() public {
+        euint256 secret = inco.asEuint256(42);
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Try to allow transient from an account that doesn't have access
+        vm.prank(bob);
+        vm.expectRevert(abi.encodeWithSelector(SenderNotAllowedForHandle.selector, handle, bob));
+        inco.allowTransient(handle, carol);
+    }
+
+    // ============ cleanTransientStorage Tests ============
+
+    function testCleanTransientStorage() public {
+        euint256 secret1 = inco.asEuint256(100);
+        euint256 secret2 = inco.asEuint256(200);
+        bytes32 handle1 = euint256.unwrap(secret1);
+        bytes32 handle2 = euint256.unwrap(secret2);
+
+        // Grant transient access
+        inco.allowTransient(handle1, bob);
+        inco.allowTransient(handle2, carol);
+
+        // Verify transient access is granted
+        assertTrue(inco.allowedTransient(handle1, bob));
+        assertTrue(inco.allowedTransient(handle2, carol));
+
+        // Clean transient storage
+        inco.cleanTransientStorage();
+
+        // Transient access should be revoked
+        assertFalse(inco.allowedTransient(handle1, bob));
+        assertFalse(inco.allowedTransient(handle2, carol));
+    }
+
+    // ============ allowedTransient Direct Call Tests ============
+
+    function testAllowedTransient_DirectCall() public {
+        euint256 secret = inco.asEuint256(42);
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Direct call should return false initially
+        assertFalse(inco.allowedTransient(handle, bob));
+
+        // After allowing, direct call should return true
+        inco.allowTransient(handle, bob);
+        assertTrue(inco.allowedTransient(handle, bob));
+    }
+
+    // ============ isRevealed Direct Call Tests ============
+
+    function testIsRevealed_DirectCall() public {
+        euint256 secret = inco.asEuint256(42);
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Direct call should return false initially
+        assertFalse(inco.isRevealed(handle));
+
+        // After reveal, direct call should return true
+        inco.reveal(handle);
+        assertTrue(inco.isRevealed(handle));
+    }
+
+    // ============ allow Revert Tests ============
+
+    function testAllow_RevertsWhenSenderNotAllowed() public {
+        euint256 secret = inco.asEuint256(42);
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Try to allow from an account that doesn't have access
+        vm.prank(bob);
+        vm.expectRevert(abi.encodeWithSelector(SenderNotAllowedForHandle.selector, handle, bob));
+        inco.allow(handle, carol);
+    }
+
+    // ============ reveal Revert Tests ============
+
+    function testReveal_RevertsWhenSenderNotAllowed() public {
+        euint256 secret = inco.asEuint256(42);
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Try to reveal from an account that doesn't have access
+        vm.prank(bob);
+        vm.expectRevert(abi.encodeWithSelector(SenderNotAllowedForHandle.selector, handle, bob));
+        inco.reveal(handle);
+    }
+
+    // ============ Fuzz Tests for isAllowed ============
+
+    /// @dev Fuzz test that isAllowed returns true when handle is revealed (regardless of account)
+    function testFuzzIsAllowedWhenRevealed(bytes32 randomSeed, address randomAccount) public {
+        vm.assume(randomAccount != address(0));
+
+        // Create a unique handle using the random seed
+        euint256 secret = inco.asEuint256(uint256(randomSeed));
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Initially, random account should not have access (unless it's this contract)
+        if (randomAccount != address(this)) {
+            assertFalse(inco.isAllowed(handle, randomAccount));
+        }
+
+        // Reveal the handle
+        inco.reveal(handle);
+
+        // Now any account should have access
+        assertTrue(inco.isAllowed(handle, randomAccount));
+        assertTrue(inco.isRevealed(handle));
+    }
+
+    /// @dev Fuzz test that isAllowed returns true when persistAllowed is set
+    function testFuzzIsAllowedWhenPersisted(bytes32 randomSeed, address allowedAccount) public {
+        vm.assume(allowedAccount != address(0));
+        vm.assume(allowedAccount != address(this));
+
+        // Create a unique handle
+        euint256 secret = inco.asEuint256(uint256(randomSeed));
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Initially not allowed
+        assertFalse(inco.isAllowed(handle, allowedAccount));
+
+        // Allow the account (from this contract which has access)
+        inco.allow(handle, allowedAccount);
+
+        // Now should be allowed
+        assertTrue(inco.isAllowed(handle, allowedAccount));
+        assertTrue(inco.persistAllowed(handle, allowedAccount));
+    }
+
+    /// @dev Fuzz test that isAllowed returns true when transient access is granted
+    function testFuzzIsAllowedWhenTransient(bytes32 randomSeed, address allowedAccount) public {
+        vm.assume(allowedAccount != address(0));
+        vm.assume(allowedAccount != address(this));
+
+        // Create a unique handle
+        euint256 secret = inco.asEuint256(uint256(randomSeed));
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Initially not allowed
+        assertFalse(inco.isAllowed(handle, allowedAccount));
+
+        // Allow transient access
+        inco.allowTransient(handle, allowedAccount);
+
+        // Should be allowed via transient
+        assertTrue(inco.isAllowed(handle, allowedAccount));
+        assertTrue(inco.allowedTransient(handle, allowedAccount));
+        // But not persisted
+        assertFalse(inco.persistAllowed(handle, allowedAccount));
+    }
+
+    /// @dev Fuzz test the OR logic: isAllowed = transient OR persisted OR revealed
+    function testFuzzIsAllowedOrLogic(bytes32 randomSeed, uint8 accessMode) public {
+        // Create a unique handle
+        euint256 secret = inco.asEuint256(uint256(randomSeed));
+        bytes32 handle = euint256.unwrap(secret);
+
+        // accessMode determines which access type to grant:
+        // 0 = none, 1 = transient, 2 = persisted, 3 = revealed, 4+ = combinations
+        uint8 mode = accessMode % 8;
+
+        bool grantTransient = (mode & 1) != 0;
+        bool grantPersisted = (mode & 2) != 0;
+        bool grantRevealed = (mode & 4) != 0;
+
+        // Initially bob has no access
+        assertFalse(inco.isAllowed(handle, bob));
+
+        // Grant access based on mode
+        if (grantTransient) {
+            inco.allowTransient(handle, bob);
+        }
+        if (grantPersisted) {
+            inco.allow(handle, bob);
+        }
+        if (grantRevealed) {
+            inco.reveal(handle);
+        }
+
+        // isAllowed should be true if ANY access was granted
+        bool expectedAllowed = grantTransient || grantPersisted || grantRevealed;
+        assertEq(inco.isAllowed(handle, bob), expectedAllowed);
+    }
+
+    /// @dev Fuzz test that cleaning transient storage removes transient access
+    function testFuzzCleanTransientStorageRemovesAccess(bytes32 randomSeed) public {
+        // Create a unique handle
+        euint256 secret = inco.asEuint256(uint256(randomSeed));
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Grant transient access
+        inco.allowTransient(handle, bob);
+        assertTrue(inco.allowedTransient(handle, bob));
+        assertTrue(inco.isAllowed(handle, bob));
+
+        // Clean transient storage
+        inco.cleanTransientStorage();
+
+        // Transient access should be revoked
+        assertFalse(inco.allowedTransient(handle, bob));
+        assertFalse(inco.isAllowed(handle, bob));
+    }
+
+    /// @dev Fuzz test multiple accounts with different access levels
+    function testFuzzMultipleAccountsAccessLevels(bytes32 randomSeed) public {
+        euint256 secret = inco.asEuint256(uint256(randomSeed));
+        bytes32 handle = euint256.unwrap(secret);
+
+        // Grant different access types to different accounts
+        inco.allowTransient(handle, bob);
+        inco.allow(handle, carol);
+        // dave gets no access
+
+        // Verify access levels
+        assertTrue(inco.isAllowed(handle, bob));
+        assertTrue(inco.allowedTransient(handle, bob));
+        assertFalse(inco.persistAllowed(handle, bob));
+
+        assertTrue(inco.isAllowed(handle, carol));
+        assertFalse(inco.allowedTransient(handle, carol));
+        assertTrue(inco.persistAllowed(handle, carol));
+
+        assertFalse(inco.isAllowed(handle, dave));
+        assertFalse(inco.allowedTransient(handle, dave));
+        assertFalse(inco.persistAllowed(handle, dave));
+    }
+
 }

package/src/lightning-parts/EncryptedInput.sol

@@ -17,52 +17,61 @@ error ExternalHandleDoesNotMatchComputedHandle(
     uint256 chainId,
     address aclAddress,
     address userAddress,
-    address contractAddress
+    address contractAddress,
+    int32 version
 );
 
 abstract contract EncryptedInput is IEncryptedInput, BaseAccessControlList, HandleGeneration, Fee {
 
     event NewInput(
-        bytes32 indexed result, address indexed contractAddress, address indexed user, bytes ciphertext, uint256 eventId
+        bytes32 indexed result,
+        address indexed contractAddress,
+        address indexed user,
+        int32 version,
+        bytes ciphertext,
+        uint256 eventId
     );
 
-    function newEuint256(bytes memory input, address user) external payable returns (euint256 newValue) {
+    function newEuint256(bytes calldata input, address user) external payable returns (euint256 newValue) {
         return euint256.wrap(newInput(input, user, ETypes.Uint256));
     }
 
-    function newEbool(bytes memory input, address user) external payable returns (ebool newValue) {
+    function newEbool(bytes calldata input, address user) external payable returns (ebool newValue) {
         return ebool.wrap(newInput(input, user, ETypes.Bool));
     }
 
-    function newEaddress(bytes memory input, address user) external payable returns (eaddress newValue) {
+    function newEaddress(bytes calldata input, address user) external payable returns (eaddress newValue) {
         return eaddress.wrap(newInput(input, user, ETypes.AddressOrUint160OrBytes20));
     }
 
-    function newInput(bytes memory ciphertext, address user, ETypes inputType)
+    function newInput(bytes calldata input, address user, ETypes inputType)
         internal
         paying
         returns (bytes32 newHandle)
     {
-        newHandle = _newInput(ciphertext, user, inputType);
+        newHandle = _newInput(input, user, inputType);
     }
 
-    function newInputNotPaying(bytes memory ciphertext, address user, ETypes inputType)
+    function newInputNotPaying(bytes calldata input, address user, ETypes inputType)
         internal
         returns (bytes32 newHandle)
     {
-        newHandle = _newInput(ciphertext, user, inputType);
+        newHandle = _newInput(input, user, inputType);
     }
 
     /// @notice Creates a new input with a prepended handle as a checksum.
     /// @param input The input that contains the handle prepended to the ciphertext.
     /// @param user The user address associated with the input.
-    function _newInput(bytes memory input, address user, ETypes inputType) private returns (bytes32 handle) {
+    function _newInput(bytes calldata input, address user, ETypes inputType) private returns (bytes32 handle) {
         // Since there is no sensible way to handle abi.decode errors (https://github.com/argotorg/solidity/issues/10381)
         // at least fail early on a conservative minimum length
-        require(input.length >= 64, "Input too short, should be at least 64 bytes");
+        require(input.length >= 68, "Input too short, should be at least 68 bytes");
+        // Parse the version from the first 4 bytes.
+        bytes4 prefix = bytes4(input[:4]);
+        int32 version = int32(uint32(prefix));
         // Remove external handle prepended to input as a checksum
-        (bytes32 externalHandle, bytes memory ciphertext) = abi.decode(input, (bytes32, bytes));
-        handle = getInputHandle(ciphertext, user, msg.sender, inputType);
+        (bytes32 externalHandle, bytes memory ciphertext) = abi.decode(input[4:], (bytes32, bytes));
+        handle = getInputHandle(ciphertext, user, msg.sender, version, inputType);
         require(
             handle == externalHandle,
             ExternalHandleDoesNotMatchComputedHandle({
@@ -71,14 +80,22 @@ abstract contract EncryptedInput is IEncryptedInput, BaseAccessControlList, Hand
                 chainId: block.chainid,
                 aclAddress: address(this),
                 userAddress: user,
-                contractAddress: msg.sender
+                contractAddress: msg.sender,
+                version: version
             })
         );
         // We assume that providing the same handle (which via HADU implies same plaintext, same context, and same
         // instance of encryption)
         require(!isAllowed(handle, user), HandleAlreadyExists(handle));
         uint256 id = getNextEventId();
-        emit NewInput({result: handle, contractAddress: msg.sender, user: user, ciphertext: ciphertext, eventId: id});
+        emit NewInput({
+            result: handle,
+            contractAddress: msg.sender,
+            user: user,
+            version: version,
+            ciphertext: ciphertext,
+            eventId: id
+        });
         setDigest(abi.encodePacked(handle, id));
         // We allow to user since this is harmless and it is convenient to use the allow mapping to track inputs.
         // NOTE: the allow must come after emitting the new input event, since allow emits its own event.

package/src/lightning-parts/EncryptedOperations.sol

@@ -61,11 +61,6 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
         _;
     }
 
-    modifier checkedHandle(euint256 handle) {
-        checkInput(euint256.unwrap(handle), typeToBitMask(ETypes.Uint256));
-        _;
-    }
-
     function checkInput(bytes32 input, bytes32 requiredTypes) internal view {
         require(isAllowed(input, msg.sender), SenderNotAllowedForHandle(input, msg.sender));
         require(requiredTypes & typeToBitMask(typeOf(input)) != 0, UnexpectedType(typeOf(input), requiredTypes));
@@ -279,6 +274,7 @@ abstract contract EncryptedOperations is IEncryptedOperations, BaseAccessControl
     }
 
     function eCast(bytes32 ct, ETypes toType) external returns (bytes32 result) {
+        checkInput(ct, SUPPORTED_TYPES_MASK);
         require(isTypeSupported(toType), UnsupportedType(toType));
         result = createResultHandle(EOps.Cast, toType, abi.encodePacked(ct));
         allowTransientInternal(result, msg.sender);

package/src/lightning-parts/TrivialEncryption.sol

@@ -7,24 +7,53 @@ import {BaseAccessControlList} from "./AccessControl/BaseAccessControlList.sol";
 import {HandleGeneration} from "./primitives/HandleGeneration.sol";
 import {ITrivialEncryption} from "./interfaces/ITrivialEncryption.sol";
 
+/// @title TrivialEncryption
+/// @notice Provides functions to create encrypted handles from plaintext values.
+/// @dev Trivial encryption wraps plaintext values as encrypted handles. The plaintext is visible
+/// on-chain (emitted in events), so this should only be used for values that are already public.
+/// Common use cases include initializing encrypted state with known values or creating encrypted
+/// constants. The resulting handles are granted transient access to the caller.
 abstract contract TrivialEncryption is ITrivialEncryption, EventCounter, BaseAccessControlList, HandleGeneration {
 
+    /// @notice Emitted when a trivial encryption is performed.
+    /// @param result The handle representing the encrypted value.
+    /// @param plainTextBytes The plaintext value that was encrypted (visible on-chain).
+    /// @param handleType The type of the encrypted value.
+    /// @param eventId The unique event ID for ordering and verification.
     event TrivialEncrypt(bytes32 indexed result, bytes32 plainTextBytes, ETypes handleType, uint256 eventId);
 
+    /// @notice Creates an encrypted uint256 handle from a plaintext value.
+    /// @dev The plaintext value is visible on-chain. Use this for public values only.
+    /// @param value The plaintext uint256 value to encrypt.
+    /// @return newEuint256 The encrypted handle representing the value.
     function asEuint256(uint256 value) external returns (euint256 newEuint256) {
         return euint256.wrap(newTrivialEncrypt(bytes32(value), ETypes.Uint256));
     }
 
+    /// @notice Creates an encrypted boolean handle from a plaintext value.
+    /// @dev The plaintext value is visible on-chain. Use this for public values only.
+    /// @param value The plaintext boolean value to encrypt.
+    /// @return newEbool The encrypted handle representing the value.
     function asEbool(bool value) external returns (ebool newEbool) {
         bytes32 castedValue = bytes32(uint256(value ? 1 : 0));
         return ebool.wrap(newTrivialEncrypt(castedValue, ETypes.Bool));
     }
 
+    /// @notice Creates an encrypted address handle from a plaintext value.
+    /// @dev The plaintext value is visible on-chain. Use this for public values only.
+    /// @param value The plaintext address value to encrypt.
+    /// @return newEaddress The encrypted handle representing the value.
     function asEaddress(address value) external returns (eaddress newEaddress) {
         bytes32 castedValue = bytes32(uint256(uint160(value)));
         return eaddress.wrap(newTrivialEncrypt(castedValue, ETypes.AddressOrUint160OrBytes20));
     }
 
+    /// @notice Internal function that performs the trivial encryption.
+    /// @dev Generates a deterministic handle, grants transient access to the caller,
+    /// emits the TrivialEncrypt event, and updates the digest for verification.
+    /// @param plainTextBytes The plaintext value as bytes32.
+    /// @param handleType The type of encrypted value being created.
+    /// @return newHandle The generated handle for the encrypted value.
     function newTrivialEncrypt(bytes32 plainTextBytes, ETypes handleType) internal returns (bytes32 newHandle) {
         newHandle = getTrivialEncryptHandle(plainTextBytes, handleType);
         allowTransientInternal(newHandle, msg.sender);

package/src/lightning-parts/interfaces/IEncryptedInput.sol

@@ -5,8 +5,8 @@ import {euint256, ebool, eaddress} from "../../Types.sol";
 
 interface IEncryptedInput {
 
-    function newEuint256(bytes memory ciphertext, address user) external payable returns (euint256 newValue);
-    function newEbool(bytes memory ciphertext, address user) external payable returns (ebool newValue);
-    function newEaddress(bytes memory ciphertext, address user) external payable returns (eaddress newValue);
+    function newEuint256(bytes calldata ciphertext, address user) external payable returns (euint256 newValue);
+    function newEbool(bytes calldata ciphertext, address user) external payable returns (ebool newValue);
+    function newEaddress(bytes calldata ciphertext, address user) external payable returns (eaddress newValue);
 
 }