npm - @inco/lightning - Versions diffs - 0.8.0-devnet-4 → 0.8.0-devnet-6 - Mend

@inco/lightning 0.8.0-devnet-4 → 0.8.0-devnet-6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

package/README.md +59 -1
package/manifest.yaml +22 -0
package/package.json +1 -1
package/src/DeployUtils.sol +71 -25
package/src/IncoLightning.sol +27 -7
package/src/IncoVerifier.sol +18 -1
package/src/Lib.alphanet.sol +390 -3
package/src/Lib.demonet.sol +390 -3
package/src/Lib.devnet.sol +391 -4
package/src/Lib.sol +391 -4
package/src/Lib.template.sol +387 -0
package/src/Lib.testnet.sol +390 -3
package/src/libs/incoLightning_alphanet_v0_297966649.sol +390 -3
package/src/libs/incoLightning_alphanet_v1_725458969.sol +390 -3
package/src/libs/incoLightning_alphanet_v2_976644394.sol +390 -3
package/src/libs/incoLightning_demonet_v0_863421733.sol +390 -3
package/src/libs/incoLightning_demonet_v2_467437523.sol +390 -3
package/src/libs/incoLightning_devnet_v0_340846814.sol +390 -3
package/src/libs/incoLightning_devnet_v1_904635675.sol +390 -3
package/src/libs/incoLightning_devnet_v2_295237520.sol +390 -3
package/src/libs/incoLightning_devnet_v3_976859633.sol +390 -3
package/src/libs/incoLightning_devnet_v4_409204766.sol +921 -0
package/src/libs/incoLightning_testnet_v0_183408998.sol +390 -3
package/src/libs/incoLightning_testnet_v2_889158349.sol +390 -3
package/src/lightning-parts/AccessControl/AdvancedAccessControl.sol +65 -4
package/src/lightning-parts/AccessControl/BaseAccessControlList.sol +71 -5
package/src/lightning-parts/DecryptionAttester.sol +16 -3
package/src/lightning-parts/EncryptedInput.sol +48 -2
package/src/lightning-parts/EncryptedOperations.sol +134 -1
package/src/lightning-parts/Fee.sol +29 -6
package/src/lightning-parts/primitives/EventCounter.sol +36 -5
package/src/lightning-parts/primitives/HandleGeneration.sol +38 -6
package/src/lightning-parts/primitives/HandleMetadata.sol +28 -0
package/src/lightning-parts/primitives/LightningAddressGetter.sol +10 -0
package/src/lightning-parts/primitives/VerifierAddressGetter.sol +10 -0
package/src/lightning-parts/primitives/test/SignatureVerifier.t.sol +0 -2
package/src/periphery/IncoUtils.sol +1 -0
package/src/periphery/SessionVerifier.sol +35 -7
package/src/test/IncoTest.sol +5 -1
package/src/test/TestFakeInfra.t.sol +536 -1
package/src/version/IncoLightningConfig.sol +2 -2

package/src/lightning-parts/primitives/test/SignatureVerifier.t.sol CHANGED Viewed

@@ -357,7 +357,6 @@ contract TestSignatureVerifier is TestUtils, SignatureVerifier {
         // Create 3 signatures: Alice, Bob (both valid), and Dave (invalid)
         // After sorting, Dave's signature will be placed according to his address
         // As long as the first 2 signatures checked are from valid signers, it should pass
-        bytes[] memory signatures = new bytes[](3);
         bytes memory aliceSig = getSignatureForDigest(digest, alicePrivKey);
         bytes memory bobSig = getSignatureForDigest(digest, bobPrivKey);
         bytes memory daveSig = getSignatureForDigest(digest, davePrivKey);
@@ -413,7 +412,6 @@ contract TestSignatureVerifier is TestUtils, SignatureVerifier {
         bytes32 digest = keccak256("test message");
         // Create signatures where an invalid signer (Dave) will be in the first threshold
-        bytes[] memory signatures = new bytes[](3);
         bytes memory aliceSig = getSignatureForDigest(digest, alicePrivKey);
         bytes memory bobSig = getSignatureForDigest(digest, bobPrivKey);
         bytes memory daveSig = getSignatureForDigest(digest, davePrivKey);

package/src/periphery/IncoUtils.sol CHANGED Viewed

@@ -4,6 +4,7 @@ pragma solidity ^0.8;
 import {StorageSlot} from "@openzeppelin/contracts/utils/StorageSlot.sol";
 // Re-export FEE constant for convenience - consumers can import both IncoUtils and FEE from this file
+// forge-lint: disable-next-line(unused-import)
 import {FEE} from "../lightning-parts/Fee.sol";
 contract IncoUtils {

package/src/periphery/SessionVerifier.sol CHANGED Viewed

@@ -12,18 +12,33 @@ import {
 import {Version} from "../version/Version.sol";
 import {ALLOWANCE_GRANTED_MAGIC_VALUE} from "../Types.sol";
-/// @notice a Session grants a temporary access to a decrypter to all data held by the sharer
-/// @dev abi encode this struct in the sharerArgData field of the voucher
+/// @notice A Session grants temporary access to a decrypter for all data held by the sharer
+/// @dev ABI encode this struct in the sharerArgData field of the voucher.
+///      The session is valid only if:
+///      1. The current block timestamp is before expiresAt
+///      2. The requesting account matches the authorized decrypter
 struct Session {
+    /// @notice The address authorized to decrypt the sharer's data
     address decrypter;
+    /// @notice Unix timestamp after which the session is no longer valid
     uint256 expiresAt;
 }
-/// @notice Inco access sharing verifier mainly meant for browser dapp sessions, grants access to all data held by
-/// the sharer to one decrypter for a limited time.
-/// @dev define the selector of canUseSession in the voucher to use this verifier
+/// @title SessionVerifier
+/// @notice Inco access sharing verifier for browser dApp sessions
+/// @dev Grants access to all encrypted data held by the sharer to one decrypter for a limited time.
+///      This is the recommended pattern for dApps that need to decrypt user data during a browsing session.
+///
+///      Usage:
+///      1. User signs a voucher containing a Session struct with their chosen decrypter and expiration
+///      2. The voucher specifies canUseSession.selector as the callFunction
+///      3. When the decrypter requests access, this contract verifies the session is still valid
+///
+///      To use this verifier, set the voucher's callFunction to SessionVerifier.canUseSession.selector
 contract SessionVerifier is UUPSUpgradeable, OwnableUpgradeable, Version {
+    /// @notice Initializes the SessionVerifier with version information
+    /// @param salt Unique salt used for deterministic deployment via CreateX
     constructor(bytes32 salt)
         Version(
             SESSION_VERIFIER_MAJOR_VERSION,
@@ -34,7 +49,13 @@ contract SessionVerifier is UUPSUpgradeable, OwnableUpgradeable, Version {
         )
     {}
-    // todo add text mention of what is being signed
+    /// @notice Verifies if an account can use a session to access encrypted data
+    /// @dev This function is called by the ACL system when validating access permissions.
+    ///      The session grants blanket access to all handles owned by the sharer - the handle
+    ///      parameter is intentionally ignored.
+    /// @param account The address requesting access (must match session.decrypter)
+    /// @param sharerArgData ABI-encoded Session struct containing decrypter address and expiration
+    /// @return ALLOWANCE_GRANTED_MAGIC_VALUE if session is valid, bytes32(0) otherwise
     function canUseSession(
         bytes32, /* handle */
         address account,
@@ -54,14 +75,21 @@ contract SessionVerifier is UUPSUpgradeable, OwnableUpgradeable, Version {
         return bytes32(0);
     }
+    /// @notice Authorizes contract upgrades (restricted to owner only)
+    /// @dev Required by UUPSUpgradeable. Only the contract owner can upgrade.
     function _authorizeUpgrade(address) internal view override {
         require(msg.sender == owner());
     }
+    /// @notice Initializes the contract with an owner address
+    /// @dev Must be called immediately after deployment via proxy. Can only be called once.
+    /// @param owner The address that will own this contract and can authorize upgrades
     function initialize(address owner) public initializer {
         __Ownable_init(owner);
     }
-    fallback() external {} // must be included for createX deploy
+    /// @notice Required for CreateX deterministic deployment
+    /// @dev Empty fallback allows the contract to be deployed via CreateX's create2 mechanism
+    fallback() external {}
 }

package/src/test/IncoTest.sol CHANGED Viewed

@@ -21,7 +21,11 @@ contract IncoTest is MockOpHandler, DeployUtils, FakeDecryptionAttester, MockRem
     address immutable testDeployer;
     // Constants for testing
-    bytes testNetworkPubkey = hex"02516bda9e68a1c3dce74dc1b6ed7d91a91d51c1e1933947f06331cef59631e9eb";
+    // X-Wing public key (1216 bytes) - matches Go covalidator test key (seed of all zeros)
+    // Generated using HPKE layer: hpke.KEM_XWING.Scheme().DeriveKeyPair(seed) for interop with hpke-rs
+    // This is the same key used in @contracts/pega/lib/keys.ts anointedXwingKey
+    bytes testNetworkPubkey =
+        hex"ca882388911c7c762aafc20debd63e845b3bed28c9d5262cdea7771fb31bd660a1ae7b395a9a7df3d12c7b118e8eda5057572c1ba05cd9b635edf33dabca4cac7291e0848f19c20e5beb850c3818f3543d49b3a5c729cb86a28fda539775d04feda112fe0c81d138aaf623aea7d507a4e826e890105db6065a44aba76a10d771c00d1b33f4ac51869806aae18eada68f19047024542d64a7aa1c91a5e1aa49d93613b5224b415bcc7aa166e4b55033438d20c641f9664fdb1689b53208181463e3d1325d46b30f07c5945b7e3fa1418bf833d975258461b294664eaf60795964924a280729c10a37fc6e967440bdd55d4ca53596286383481291152365303d44517cef369c00933b0b30368a230353e729c031075e8388673678a56b3ba84a165b28096ee9bd684483e1844258b451c365c41fa534152a3b64120041450128e960c7d6437d717ee266bdde7aaeec225ed93b958d188e97407349f1382976ca47d761ecc59a6f394487eb015c083abb490584677240eb47f838c838568a496119378b8bb81484610a50792b5d9c9939db188e7d0249d3cb918c436f111a2898849b286b0743a22c57464c709c5eaceac1ba493adca3328c0b14b5e38d3aea74e328b622b17e7181c35ad11c2103bdb7f2b209d93dcbc4ab61a06bc37139e6d2b7a06c5b7e9267bef3a8918a706f793271a5acc2574532da79e5a10cf074b998147a3c43586a411a513bba0d11cc19a36c83b19277f28022c88b120abfdba7076a8263e05336e3245aef7033eb3c762b5bbfa5791ac960398b649d5cbb652ddc6b2398143a0861ab3b410b696328879c099098adf819fbf7ac170030e86675e7f45c22ac9e1cf52c3102487bb0b91ab592afdc69c6e3a9b71876b86260b6c736b8291098f1130d3b763525cbad540ce2d042eacb6ed43b7bcba898f712c412f26066e09945f44ec7026c8ef959831abc10719d2017a12a41728b41c02371a5f5756ebc79406be708ea41bbd21563c874a0b791a3b4e4224a609967004f065c5ab4f3b4c61cb35df70573269da53179c3701fc5205f61974426f9b794c1b5826494b70842b6920c17752029369264dc8590b898b85c9d89a258e1f46c1b0490efd17c485cb51687cea272041e90b8e629521d3c5e3fa7518161bad7a159295b63cc6c0077897b53d47db8bc0ecb820f550705b65715a1a1094d04854f56acd26aa0baa10cb8447fad6211f53105796a42882328e6852e8de821c283b51eaab9bc95c4dc53615626049d63b1f9a457193805276b1905b0ab39353b5cf91fdd6023d4d816aef9cce4a3cfb3d12190172df221ae61d427563a098cc60e3dc9997ef54959180be5dc64a911157db6be3a01be2ee343caab33b8729abf0c50c674758c511291941fceac646232920907c2e88b9ec10211161729c797643a553a6ae5c4b7483c04e3263bd291e311c609071348b7c3310aa97d6b8318e0a4afe8399fa22f951049a9bb8860f7c69a333d3cc1aaf0129ab560713bf29eb3a01f9a276c78e54e3a3648b2447c80242b271b11406866389426d8b59796540d6b5702092ab21ee217c075cfc0c17ef826ce9ea29b9e61617457a5b1aaa23a58615dc53c59183beb36ea19498c21820b70ab47adeb678f1c52bf8768b3597b608ea1a8a15cd62e8a29bec4a1ac248ef9f02de0144bca06025f95a42bd6c8eaaaaaa2366328561d";
     address private constant ANVIL_ZEROTH_ADDRESS = 0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266;
     uint256 private constant ANVIL_ZEROTH_PRIVATE_KEY =
         0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80;