@zama-fhe/sdk 1.0.0-alpha.7 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. package/README.md +77 -38
  2. package/dist/activity-CmR2x4Bb.d.ts +969 -0
  3. package/dist/activity-fyiIrk3D.js +2 -0
  4. package/dist/activity-fyiIrk3D.js.map +1 -0
  5. package/dist/cleartext/index.d.ts +49 -0
  6. package/dist/cleartext/index.js +2 -0
  7. package/dist/cleartext/index.js.map +1 -0
  8. package/dist/eip1193-subscribe-DVgPhzbc.js +2 -0
  9. package/dist/eip1193-subscribe-DVgPhzbc.js.map +1 -0
  10. package/dist/erc165-C9GjJpLc.js +2 -0
  11. package/dist/erc165-C9GjJpLc.js.map +1 -0
  12. package/dist/errors-B0aFtthv.js +2 -0
  13. package/dist/errors-B0aFtthv.js.map +1 -0
  14. package/dist/ethers/index.d.ts +73 -35
  15. package/dist/ethers/index.js +1 -131
  16. package/dist/ethers/index.js.map +1 -1
  17. package/dist/index-XNCT2KaE.d.ts +27848 -0
  18. package/dist/index.d.ts +4661 -33211
  19. package/dist/index.js +1 -3310
  20. package/dist/index.js.map +1 -1
  21. package/dist/node/index.d.ts +124 -117
  22. package/dist/node/index.js +1 -334
  23. package/dist/node/index.js.map +1 -1
  24. package/dist/query/index.d.ts +528 -0
  25. package/dist/query/index.js +2 -0
  26. package/dist/query/index.js.map +1 -0
  27. package/dist/relayer-sdk-BHnGxGkv.d.ts +41 -0
  28. package/dist/relayer-sdk.node-worker.d.ts +1 -2
  29. package/dist/relayer-sdk.node-worker.js +1 -319
  30. package/dist/relayer-sdk.node-worker.js.map +1 -1
  31. package/dist/relayer-sdk.types-DQ1e-2NV.d.ts +329 -0
  32. package/dist/relayer-sdk.worker.js +1 -479
  33. package/dist/relayer-sdk.worker.js.map +1 -1
  34. package/dist/relayer-utils-BRMmJpoV.d.ts +51 -0
  35. package/dist/relayer-utils-DOqdqWEX.js +2 -0
  36. package/dist/relayer-utils-DOqdqWEX.js.map +1 -0
  37. package/dist/token.types-BCq4YUya.d.ts +419 -0
  38. package/dist/transfer-batcher-yW5FnZ-A.js +2 -0
  39. package/dist/transfer-batcher-yW5FnZ-A.js.map +1 -0
  40. package/dist/utils-AlGTGj_5.js +2 -0
  41. package/dist/utils-AlGTGj_5.js.map +1 -0
  42. package/dist/viem/index.d.ts +37 -21
  43. package/dist/viem/index.js +1 -136
  44. package/dist/viem/index.js.map +1 -1
  45. package/dist/worker.base-client-DGGSkczN.js +2 -0
  46. package/dist/worker.base-client-DGGSkczN.js.map +1 -0
  47. package/package.json +20 -8
  48. package/dist/chunk-5D5ZJ3U7.js +0 -285
  49. package/dist/chunk-5D5ZJ3U7.js.map +0 -1
  50. package/dist/chunk-5QJTGZHY.js +0 -101
  51. package/dist/chunk-5QJTGZHY.js.map +0 -1
  52. package/dist/chunk-PHE3BSIB.js +0 -5143
  53. package/dist/chunk-PHE3BSIB.js.map +0 -1
  54. package/dist/relayer-utils-QPe1GG_g.d.ts +0 -46
  55. package/dist/token.types-D1ELXBX9.d.ts +0 -550
  56. package/dist/transfer-batcher-CNtrNMz6.d.ts +0 -197
package/README.md CHANGED
@@ -6,6 +6,10 @@ A TypeScript SDK for building privacy-preserving token applications using Fully
6
6
 
7
7
  ```bash
8
8
  pnpm add @zama-fhe/sdk
9
+ # or
10
+ npm install @zama-fhe/sdk
11
+ # or
12
+ yarn add @zama-fhe/sdk
9
13
  ```
10
14
 
11
15
  ### Peer dependencies
@@ -105,7 +109,7 @@ Entry point to the SDK. Composes a relayer backend with a signer and storage lay
105
109
  const sdk = new ZamaSDK({
106
110
  relayer, // RelayerSDK — either RelayerWeb (browser) or RelayerNode (Node.js)
107
111
  signer, // GenericSigner
108
- storage, // GenericStringStorage
112
+ storage, // GenericStorage
109
113
  });
110
114
 
111
115
  // Read-only — balances, metadata, decryption. No wrapper needed.
@@ -168,28 +172,35 @@ interface TransactionResult {
168
172
 
169
173
  Read-only subset. No wrapper address needed.
170
174
 
171
- | Method | Description |
172
- | ------------------------------------- | ----------------------------------------------------------------- |
173
- | `balanceOf(owner?)` | Decrypt and return the plaintext balance. |
174
- | `confidentialBalanceOf(owner?)` | Return the raw encrypted balance handle (no decryption). |
175
- | `decryptBalance(handle, owner?)` | Decrypt a single encrypted handle. |
176
- | `decryptHandles(handles, owner?)` | Batch-decrypt handles in a single relayer call. |
177
- | `authorize()` | Ensure FHE decrypt credentials exist (generates/signs if needed). |
178
- | `authorizeAll(tokens)` _(static)_ | Pre-authorize multiple tokens with a single wallet signature. |
179
- | `isConfidential()` | ERC-165 check for ERC-7984 support. |
180
- | `isWrapper()` | ERC-165 check for wrapper interface. |
181
- | `discoverWrapper(coordinatorAddress)` | Look up a wrapper for this token via the deployment coordinator. |
182
- | `underlyingToken()` | Read the underlying ERC-20 address from a wrapper. |
183
- | `allowance(wrapper, owner?)` | Read ERC-20 allowance of the underlying token. |
184
- | `isZeroHandle(handle)` | Returns `true` if the handle is the zero sentinel. |
185
- | `name()` / `symbol()` / `decimals()` | Read token metadata. |
175
+ | Method | Description |
176
+ | ------------------------------------- | --------------------------------------------------------------------------- |
177
+ | `balanceOf(owner?)` | Decrypt and return the plaintext balance. |
178
+ | `confidentialBalanceOf(owner?)` | Return the raw encrypted balance handle (no decryption). |
179
+ | `decryptBalance(handle, owner?)` | Decrypt a single encrypted handle. |
180
+ | `decryptHandles(handles, owner?)` | Batch-decrypt handles in a single relayer call. |
181
+ | `allow()` | Ensure FHE decrypt credentials exist (generates/signs if needed). |
182
+ | `allow(...tokens)` _(static)_ | Pre-authorize multiple tokens with a single wallet signature. |
183
+ | `isAllowed()` | Whether a session signature is currently cached for this token. |
184
+ | `revoke()` | Clear the session signature for the connected wallet. |
185
+ | `credentials.allow(...addresses)` | Pre-authorize and cache the session signature for specific token addresses. |
186
+ | `credentials.revoke(...addresses?)` | Clear the session signature for the connected wallet. |
187
+ | `credentials.isAllowed()` | Whether a session signature is currently cached. |
188
+ | `credentials.isExpired(address?)` | Whether stored credentials are past their expiration time. |
189
+ | `credentials.clear()` | Delete stored credentials for the connected wallet. |
190
+ | `isConfidential()` | ERC-165 check for ERC-7984 support. |
191
+ | `isWrapper()` | ERC-165 check for wrapper interface. |
192
+ | `discoverWrapper(coordinatorAddress)` | Look up a wrapper for this token via the deployment coordinator. |
193
+ | `underlyingToken()` | Read the underlying ERC-20 address from a wrapper. |
194
+ | `allowance(wrapper, owner?)` | Read ERC-20 allowance of the underlying token. |
195
+ | `isZeroHandle(handle)` | Returns `true` if the handle is the zero sentinel. |
196
+ | `name()` / `symbol()` / `decimals()` | Read token metadata. |
186
197
 
187
198
  Static methods for multi-token operations:
188
199
 
189
200
  ```ts
190
201
  // Pre-authorize all tokens with a single wallet signature
191
202
  const tokens = addresses.map((a) => sdk.createReadonlyToken(a));
192
- await ReadonlyToken.authorizeAll(tokens);
203
+ await ReadonlyToken.allow(...tokens);
193
204
  // All subsequent decrypts reuse cached credentials — no more wallet prompts
194
205
 
195
206
  // Decrypt balances for multiple tokens in parallel
@@ -219,34 +230,61 @@ if (pending) {
219
230
 
220
231
  ### Storage
221
232
 
222
- FHE credentials (keypair + EIP-712 signature) are persisted to storage. Three options:
233
+ FHE credentials (encrypted keypair + metadata) are persisted to `storage`. The wallet signature is kept in `sessionStorage` (in-memory by default) — never written to disk. Two storage roles:
234
+
235
+ **Credential storage** (`storage`) — persists encrypted keypairs:
223
236
 
224
237
  | Storage | Use case |
225
238
  | ------------------- | -------------------------------------------------------- |
226
239
  | `indexedDBStorage` | Browser apps — persists across page reloads and sessions |
227
240
  | `memoryStorage` | Tests, scripts, throwaway sessions |
228
241
  | `asyncLocalStorage` | Node.js servers — isolate credentials per request |
229
- | Custom | Implement the `GenericStringStorage` interface |
242
+ | Custom | Implement the `GenericStorage` interface |
243
+
244
+ **Session storage** (`sessionStorage`) — holds wallet signatures for the current session:
245
+
246
+ | Storage | Use case |
247
+ | ---------------------- | ----------------------------------------------------------- |
248
+ | Default (in-memory) | Standard web apps — signature lost on reload, user re-signs |
249
+ | `chromeSessionStorage` | MV3 web extensions — survives service worker restarts |
250
+ | Custom | Implement the `GenericStorage` interface |
230
251
 
231
252
  ```ts
232
- interface GenericStringStorage {
233
- getItem(key: string): string | Promise<string | null> | null;
234
- setItem(key: string, value: string): void | Promise<void>;
235
- removeItem(key: string): void | Promise<void>;
253
+ interface GenericStorage<T = unknown> {
254
+ get(key: string): Promise<T | null>;
255
+ set(key: string, value: T): Promise<void>;
256
+ delete(key: string): Promise<void>;
236
257
  }
237
258
  ```
238
259
 
260
+ #### Web Extension Example
261
+
262
+ For MV3 extensions, use the built-in `chromeSessionStorage` singleton to share the wallet signature across popup, background, and content script contexts:
263
+
264
+ ```ts
265
+ import { ZamaSDK, indexedDBStorage, chromeSessionStorage } from "@zama-fhe/sdk";
266
+
267
+ const sdk = new ZamaSDK({
268
+ relayer,
269
+ signer,
270
+ storage: indexedDBStorage, // encrypted keypairs (persistent)
271
+ sessionStorage: chromeSessionStorage, // wallet signatures (ephemeral, shared across contexts)
272
+ });
273
+ ```
274
+
239
275
  ## Configuration Reference
240
276
 
241
277
  ### `ZamaSDKConfig`
242
278
 
243
- | Field | Type | Description |
244
- | ------------------------ | ---------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
245
- | `relayer` | `RelayerSDK` | Relayer backend (`RelayerWeb` or `RelayerNode` instance) |
246
- | `signer` | `GenericSigner` | Wallet signer interface. |
247
- | `storage` | `GenericStringStorage` | Credential storage backend. |
248
- | `credentialDurationDays` | `number` | Optional. Days FHE credentials remain valid. Default: 1. Set `0` to require a wallet signature on every decrypt (high-security mode). |
249
- | `onEvent` | `ZamaSDKEventListener` | Optional. Structured event listener for debugging. |
279
+ | Field | Type | Description |
280
+ | ---------------- | ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------- |
281
+ | `relayer` | `RelayerSDK` | Relayer backend (`RelayerWeb` or `RelayerNode` instance) |
282
+ | `signer` | `GenericSigner` | Wallet signer interface. |
283
+ | `storage` | `GenericStorage` | Credential storage backend. |
284
+ | `sessionStorage` | `GenericStorage` | Optional. Session storage for wallet signatures. Default: in-memory (lost on reload). Use `chrome.storage.session` for web extensions. |
285
+ | `keypairTTL` | `number` | Optional. Seconds the ML-KEM re-encryption keypair remains valid. Default: `86400` (1 day). Must be positive. |
286
+ | `sessionTTL` | `number` | Optional. Seconds the session signature remains valid. Default: `2592000` (30 days). `0` = re-sign every operation. |
287
+ | `onEvent` | `ZamaSDKEventListener` | Optional. Structured event listener for debugging. |
250
288
 
251
289
  #### Structured Event Listener
252
290
 
@@ -270,7 +308,7 @@ const sdk = new ZamaSDK({
270
308
 
271
309
  | Category | Events | Key fields |
272
310
  | ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------- |
273
- | Credentials | `credentials:loading`, `credentials:cached`, `credentials:expired`, `credentials:creating`, `credentials:created` | `contractAddresses` |
311
+ | Credentials | `credentials:loading`, `credentials:cached`, `credentials:expired`, `credentials:creating`, `credentials:created`, `credentials:revoked`, `credentials:allowed` | `contractAddresses` |
274
312
  | Encryption | `encrypt:start`, `encrypt:end`, `encrypt:error` | `durationMs` (end/error), `error` (error) |
275
313
  | Decryption | `decrypt:start`, `decrypt:end`, `decrypt:error` | `durationMs` (end/error), `error` (error) |
276
314
  | Transactions | `transaction:error` | `operation` (`"transfer"`, `"wrap"`, `"approve"`, etc.), `error` |
@@ -314,12 +352,13 @@ const sdk = new ZamaSDK({
314
352
 
315
353
  ### `RelayerWebConfig` (browser)
316
354
 
317
- | Field | Type | Description |
318
- | ------------ | ------------------------------------- | -------------------------------------------------------------------------------------------- |
319
- | `getChainId` | `() => Promise<number>` | Resolve the current chain ID. Called lazily; the worker is re-initialized on chain change. |
320
- | `transports` | `Record<number, FhevmInstanceConfig>` | Chain-specific configs keyed by chain ID (includes relayerUrl, network, contract addresses). |
321
- | `security` | `RelayerWebSecurityConfig` | Optional. Security options (see below). |
322
- | `logger` | `GenericLogger` | Optional. Logger for worker lifecycle and request timing. |
355
+ | Field | Type | Description |
356
+ | ------------ | ------------------------------------- | ----------------------------------------------------------------------------------------------- |
357
+ | `getChainId` | `() => Promise<number>` | Resolve the current chain ID. Called lazily; the worker is re-initialized on chain change. |
358
+ | `transports` | `Record<number, FhevmInstanceConfig>` | Chain-specific configs keyed by chain ID (includes relayerUrl, network, contract addresses). |
359
+ | `security` | `RelayerWebSecurityConfig` | Optional. Security options (see below). |
360
+ | `logger` | `GenericLogger` | Optional. Logger for worker lifecycle and request timing. |
361
+ | `threads` | `number` | Optional. WASM thread count for parallel FHE ops (4–8 recommended). Requires COOP/COEP headers. |
323
362
 
324
363
  #### `RelayerWebSecurityConfig`
325
364
 
@@ -677,7 +716,7 @@ try {
677
716
  | `DecryptionFailedError` | `DECRYPTION_FAILED` | FHE decryption operation failed. |
678
717
  | `ApprovalFailedError` | `APPROVAL_FAILED` | ERC-20 approval transaction failed. |
679
718
  | `TransactionRevertedError` | `TRANSACTION_REVERTED` | On-chain transaction reverted. |
680
- | `InvalidCredentialsError` | `INVALID_CREDENTIALS` | Relayer rejected credentials (stale or expired). |
719
+ | `InvalidKeypairError` | `INVALID_KEYPAIR` | Relayer rejected FHE keypair (stale or expired). |
681
720
  | `NoCiphertextError` | `NO_CIPHERTEXT` | No FHE ciphertext exists for this account (e.g. never shielded). |
682
721
  | `RelayerRequestFailedError` | `RELAYER_REQUEST_FAILED` | Relayer HTTP error. Carries a `statusCode` property with the HTTP status. |
683
722