x402z-shared 0.0.1 → 0.0.3

package/README.md

@@ -53,6 +53,10 @@ const result = await viewConfidentialBalance({
 console.log(result.balance?.toString());
 ```
 
+Notes:
+- Balance decryption is allowed for the account or its `observer` (ERC7984ObserverAccess).
+- Unauthorized observer errors throw `confidentialErrorCodes.observerNotAuthorized` (`ConfidentialErrorCode`).
+
 ## Transfer amount helper (Node)
 
 ```ts
@@ -70,6 +74,39 @@ const transfers = await viewConfidentialTransferAmounts({
 console.log(transfers[0]?.amount?.toString());
 ```
 
+Notes:
+- Transfer amount decryption is allowed for `holder`, `payee`, or an `observer` set via `ERC7984ObserverAccess`.
+- Unauthorized observer errors throw `confidentialErrorCodes.observerNotAuthorized` (`ConfidentialErrorCode`).
+
+## Observer helper (Node)
+
+```ts
+import { setObserver } from "x402z-shared";
+
+const txHash = await setObserver({
+  rpcUrl: "https://sepolia.infura.io/v3/...",
+  tokenAddress: "0xToken",
+  account: "0xHolder",
+  observer: "0xObserver",
+  signer,
+});
+console.log(txHash);
+```
+
+## Observer helper (Browser)
+
+```ts
+import { setObserverWeb } from "x402z-shared/web";
+
+const txHash = await setObserverWeb({
+  tokenAddress: "0xToken",
+  account: "0xHolder",
+  observer: "0xObserver",
+  walletClient,
+});
+console.log(txHash);
+```
+
 ## Balance helper (Browser)
 
 ```ts

package/dist/chunk-LTE4V3LT.mjs

@@ -0,0 +1,156 @@
+// src/abi.ts
+var confidentialTokenAbi = [
+  {
+    inputs: [
+      {
+        components: [
+          { internalType: "address", name: "holder", type: "address" },
+          { internalType: "address", name: "payee", type: "address" },
+          { internalType: "uint256", name: "maxClearAmount", type: "uint256" },
+          { internalType: "bytes32", name: "resourceHash", type: "bytes32" },
+          { internalType: "uint48", name: "validAfter", type: "uint48" },
+          { internalType: "uint48", name: "validBefore", type: "uint48" },
+          { internalType: "bytes32", name: "nonce", type: "bytes32" },
+          { internalType: "bytes32", name: "encryptedAmountHash", type: "bytes32" }
+        ],
+        internalType: "struct FHEToken.ConfidentialPayment",
+        name: "p",
+        type: "tuple"
+      },
+      { internalType: "externalEuint64", name: "encryptedAmountInput", type: "bytes32" },
+      { internalType: "bytes", name: "inputProof", type: "bytes" },
+      { internalType: "bytes", name: "sig", type: "bytes" }
+    ],
+    name: "confidentialTransferWithAuthorization",
+    outputs: [{ internalType: "euint64", name: "transferred", type: "bytes32" }],
+    stateMutability: "nonpayable",
+    type: "function"
+  },
+  {
+    anonymous: false,
+    inputs: [
+      { indexed: true, internalType: "address", name: "holder", type: "address" },
+      { indexed: true, internalType: "address", name: "payee", type: "address" },
+      { indexed: false, internalType: "uint256", name: "maxClearAmount", type: "uint256" },
+      { indexed: true, internalType: "bytes32", name: "resourceHash", type: "bytes32" },
+      { indexed: false, internalType: "bytes32", name: "nonce", type: "bytes32" },
+      { indexed: false, internalType: "bytes32", name: "transferredAmount", type: "bytes32" }
+    ],
+    name: "ConfidentialPaymentExecuted",
+    type: "event"
+  },
+  {
+    inputs: [
+      { internalType: "address", name: "", type: "address" },
+      { internalType: "bytes32", name: "", type: "bytes32" }
+    ],
+    name: "usedNonces",
+    outputs: [{ internalType: "bool", name: "", type: "bool" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [{ internalType: "address", name: "account", type: "address" }],
+    name: "observer",
+    outputs: [{ internalType: "address", name: "", type: "address" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [
+      { internalType: "address", name: "account", type: "address" },
+      { internalType: "address", name: "newObserver", type: "address" }
+    ],
+    name: "setObserver",
+    outputs: [],
+    stateMutability: "nonpayable",
+    type: "function"
+  }
+];
+
+// src/constants.ts
+var confidentialPaymentTypes = {
+  ConfidentialPayment: [
+    { name: "holder", type: "address" },
+    { name: "payee", type: "address" },
+    { name: "maxClearAmount", type: "uint256" },
+    { name: "resourceHash", type: "bytes32" },
+    { name: "validAfter", type: "uint48" },
+    { name: "validBefore", type: "uint48" },
+    { name: "nonce", type: "bytes32" },
+    { name: "encryptedAmountHash", type: "bytes32" }
+  ]
+};
+var confidentialErrorCodes = {
+  observerNotAuthorized: "observer_not_authorized"
+};
+
+// src/utils.ts
+import { encodeAbiParameters, keccak256, toHex } from "viem";
+function createNonce() {
+  const cryptoObj = typeof globalThis.crypto !== "undefined" ? globalThis.crypto : globalThis.crypto;
+  if (!cryptoObj) {
+    throw new Error("Crypto API not available");
+  }
+  return toHex(cryptoObj.getRandomValues(new Uint8Array(32)));
+}
+function hashEncryptedAmountInput(encryptedAmountInput) {
+  return keccak256(
+    encodeAbiParameters([{ type: "bytes32" }], [encryptedAmountInput])
+  );
+}
+function normalizeAmount(amount) {
+  if (typeof amount === "string") {
+    return amount;
+  }
+  if (typeof amount === "number") {
+    if (!Number.isFinite(amount)) {
+      throw new Error("Invalid amount");
+    }
+    return Math.trunc(amount).toString();
+  }
+  return amount.toString();
+}
+
+// src/observer.ts
+import { createPublicClient, getAddress, http, isAddress } from "viem";
+async function setObserver(options) {
+  if (!isAddress(options.tokenAddress)) {
+    throw new Error(`Invalid token address: ${options.tokenAddress}`);
+  }
+  if (!isAddress(options.account)) {
+    throw new Error(`Invalid account address: ${options.account}`);
+  }
+  if (!isAddress(options.observer)) {
+    throw new Error(`Invalid observer address: ${options.observer}`);
+  }
+  const tokenAddress = getAddress(options.tokenAddress);
+  const account = getAddress(options.account);
+  const observer = getAddress(options.observer);
+  const publicClient = createPublicClient({ transport: http(options.rpcUrl) });
+  const existing = await publicClient.readContract({
+    address: tokenAddress,
+    abi: confidentialTokenAbi,
+    functionName: "observer",
+    args: [account]
+  });
+  if (existing && isAddress(existing) && getAddress(existing) === observer) {
+    return "0x" + "00".repeat(32);
+  }
+  return options.signer.writeContract({
+    address: tokenAddress,
+    abi: confidentialTokenAbi,
+    functionName: "setObserver",
+    args: [account, observer]
+  });
+}
+
+export {
+  confidentialTokenAbi,
+  confidentialPaymentTypes,
+  confidentialErrorCodes,
+  createNonce,
+  hashEncryptedAmountInput,
+  normalizeAmount,
+  setObserver
+};

package/dist/index.d.mts

@@ -1,38 +1,7 @@
-export { C as ConfidentialPaymentAuthorization, f as ConfidentialPaymentInput, d as ConfidentialPaymentPayload, e as ConfidentialRequirementsExtra, a as confidentialPaymentTypes, c as confidentialTokenAbi, b as createNonce, h as hashEncryptedAmountInput, n as normalizeAmount } from './types-RdcpJuhT.mjs';
-import { createInstance } from '@zama-fhe/relayer-sdk/node';
-export { SepoliaConfig } from '@zama-fhe/relayer-sdk/node';
+import { R as RelayerInstance, a as RelayerSigner } from './types-gx3OAvqG.mjs';
+export { C as ConfidentialErrorCode, i as ConfidentialPaymentAuthorization, l as ConfidentialPaymentInput, j as ConfidentialPaymentPayload, k as ConfidentialRequirementsExtra, S as SetObserverOptions, d as confidentialErrorCodes, b as confidentialPaymentTypes, c as confidentialTokenAbi, g as createEncryptedAmountInput, e as createNonce, f as createRelayerInstance, h as hashEncryptedAmountInput, n as normalizeAmount, p as publicDecrypt, s as setObserver, u as userDecryptEuint64 } from './types-gx3OAvqG.mjs';
 export * from '@x402/core/types';
-
-type RelayerInstance = Awaited<ReturnType<typeof createInstance>>;
-type RelayerSigner = {
-    address: string;
-    signTypedData: ((domain: Record<string, unknown>, types: Record<string, Array<{
-        name: string;
-        type: string;
-    }>>, message: Record<string, unknown>) => Promise<string>) | ((args: {
-        domain: Record<string, unknown>;
-        types: Record<string, Array<{
-            name: string;
-            type: string;
-        }>>;
-        primaryType: string;
-        message: Record<string, unknown>;
-    }) => Promise<string>);
-};
-declare function createRelayerInstance(config: unknown): Promise<RelayerInstance>;
-
-declare function createEncryptedAmountInput(relayer: RelayerInstance, contractAddress: string, senderAddress: string, amount: number): Promise<{
-    handle: `0x${string}`;
-    inputProof: `0x${string}`;
-}>;
-declare function userDecryptEuint64(relayer: RelayerInstance, handle: string, contractAddress: string, signer: RelayerSigner, options?: {
-    durationDays?: string;
-    startTimestamp?: string;
-}): Promise<bigint>;
-declare function publicDecrypt(relayer: RelayerInstance, handles: string[]): Promise<{
-    clearValues: Record<string, bigint>;
-    decryptionProof: string;
-}>;
+export { FhevmInstanceConfig, SepoliaConfig } from '@zama-fhe/relayer-sdk/node';
 
 type ViewConfidentialBalanceOptions = {
     rpcUrl: string;
@@ -68,4 +37,4 @@ type ViewConfidentialTransferOptions = {
 };
 declare function viewConfidentialTransferAmounts(options: ViewConfidentialTransferOptions): Promise<ConfidentialTransferAmount[]>;
 
-export { type ConfidentialTransferAmount, type RelayerInstance, type RelayerSigner, type ViewConfidentialBalanceOptions, type ViewConfidentialTransferOptions, createEncryptedAmountInput, createRelayerInstance, publicDecrypt, userDecryptEuint64, viewConfidentialBalance, viewConfidentialTransferAmounts };
+export { type ConfidentialTransferAmount, RelayerInstance, RelayerSigner, type ViewConfidentialBalanceOptions, type ViewConfidentialTransferOptions, viewConfidentialBalance, viewConfidentialTransferAmounts };

package/dist/index.d.ts

@@ -1,38 +1,7 @@
-export { C as ConfidentialPaymentAuthorization, f as ConfidentialPaymentInput, d as ConfidentialPaymentPayload, e as ConfidentialRequirementsExtra, a as confidentialPaymentTypes, c as confidentialTokenAbi, b as createNonce, h as hashEncryptedAmountInput, n as normalizeAmount } from './types-RdcpJuhT.js';
-import { createInstance } from '@zama-fhe/relayer-sdk/node';
-export { SepoliaConfig } from '@zama-fhe/relayer-sdk/node';
+import { R as RelayerInstance, a as RelayerSigner } from './types-gx3OAvqG.js';
+export { C as ConfidentialErrorCode, i as ConfidentialPaymentAuthorization, l as ConfidentialPaymentInput, j as ConfidentialPaymentPayload, k as ConfidentialRequirementsExtra, S as SetObserverOptions, d as confidentialErrorCodes, b as confidentialPaymentTypes, c as confidentialTokenAbi, g as createEncryptedAmountInput, e as createNonce, f as createRelayerInstance, h as hashEncryptedAmountInput, n as normalizeAmount, p as publicDecrypt, s as setObserver, u as userDecryptEuint64 } from './types-gx3OAvqG.js';
 export * from '@x402/core/types';
-
-type RelayerInstance = Awaited<ReturnType<typeof createInstance>>;
-type RelayerSigner = {
-    address: string;
-    signTypedData: ((domain: Record<string, unknown>, types: Record<string, Array<{
-        name: string;
-        type: string;
-    }>>, message: Record<string, unknown>) => Promise<string>) | ((args: {
-        domain: Record<string, unknown>;
-        types: Record<string, Array<{
-            name: string;
-            type: string;
-        }>>;
-        primaryType: string;
-        message: Record<string, unknown>;
-    }) => Promise<string>);
-};
-declare function createRelayerInstance(config: unknown): Promise<RelayerInstance>;
-
-declare function createEncryptedAmountInput(relayer: RelayerInstance, contractAddress: string, senderAddress: string, amount: number): Promise<{
-    handle: `0x${string}`;
-    inputProof: `0x${string}`;
-}>;
-declare function userDecryptEuint64(relayer: RelayerInstance, handle: string, contractAddress: string, signer: RelayerSigner, options?: {
-    durationDays?: string;
-    startTimestamp?: string;
-}): Promise<bigint>;
-declare function publicDecrypt(relayer: RelayerInstance, handles: string[]): Promise<{
-    clearValues: Record<string, bigint>;
-    decryptionProof: string;
-}>;
+export { FhevmInstanceConfig, SepoliaConfig } from '@zama-fhe/relayer-sdk/node';
 
 type ViewConfidentialBalanceOptions = {
     rpcUrl: string;
@@ -68,4 +37,4 @@ type ViewConfidentialTransferOptions = {
 };
 declare function viewConfidentialTransferAmounts(options: ViewConfidentialTransferOptions): Promise<ConfidentialTransferAmount[]>;
 
-export { type ConfidentialTransferAmount, type RelayerInstance, type RelayerSigner, type ViewConfidentialBalanceOptions, type ViewConfidentialTransferOptions, createEncryptedAmountInput, createRelayerInstance, publicDecrypt, userDecryptEuint64, viewConfidentialBalance, viewConfidentialTransferAmounts };
+export { type ConfidentialTransferAmount, RelayerInstance, RelayerSigner, type ViewConfidentialBalanceOptions, type ViewConfidentialTransferOptions, viewConfidentialBalance, viewConfidentialTransferAmounts };

package/dist/index.js

@@ -21,6 +21,7 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var index_exports = {};
 __export(index_exports, {
   SepoliaConfig: () => import_node.SepoliaConfig,
+  confidentialErrorCodes: () => confidentialErrorCodes,
   confidentialPaymentTypes: () => confidentialPaymentTypes,
   confidentialTokenAbi: () => confidentialTokenAbi,
   createEncryptedAmountInput: () => createEncryptedAmountInput,
@@ -29,6 +30,7 @@ __export(index_exports, {
   hashEncryptedAmountInput: () => hashEncryptedAmountInput,
   normalizeAmount: () => normalizeAmount,
   publicDecrypt: () => publicDecrypt,
+  setObserver: () => setObserver,
   userDecryptEuint64: () => userDecryptEuint64,
   viewConfidentialBalance: () => viewConfidentialBalance,
   viewConfidentialTransferAmounts: () => viewConfidentialTransferAmounts
@@ -85,6 +87,23 @@ var confidentialTokenAbi = [
     outputs: [{ internalType: "bool", name: "", type: "bool" }],
     stateMutability: "view",
     type: "function"
+  },
+  {
+    inputs: [{ internalType: "address", name: "account", type: "address" }],
+    name: "observer",
+    outputs: [{ internalType: "address", name: "", type: "address" }],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [
+      { internalType: "address", name: "account", type: "address" },
+      { internalType: "address", name: "newObserver", type: "address" }
+    ],
+    name: "setObserver",
+    outputs: [],
+    stateMutability: "nonpayable",
+    type: "function"
   }
 ];
 
@@ -101,6 +120,9 @@ var confidentialPaymentTypes = {
     { name: "encryptedAmountHash", type: "bytes32" }
   ]
 };
+var confidentialErrorCodes = {
+  observerNotAuthorized: "observer_not_authorized"
+};
 
 // src/utils.ts
 var import_viem = require("viem");
@@ -133,7 +155,11 @@ function normalizeAmount(amount) {
 var import_node = require("@zama-fhe/relayer-sdk/node");
 var import_viem2 = require("viem");
 async function createRelayerInstance(config) {
-  return (0, import_node.createInstance)(config);
+  const instance = await (0, import_node.createInstance)(config);
+  if (typeof config.network === "string") {
+    instance.network = config.network;
+  }
+  return instance;
 }
 async function createEncryptedAmountInput(relayer, contractAddress, senderAddress, amount) {
   const normalizedContract = (0, import_viem2.getAddress)(contractAddress);
@@ -214,6 +240,18 @@ async function viewConfidentialBalance(options) {
   if (!options.signer) {
     throw new Error("Missing signer for decryption");
   }
+  const signerAddress = (0, import_viem3.getAddress)(options.signer.address);
+  if (!(0, import_viem3.isAddressEqual)(signerAddress, (0, import_viem3.getAddress)(account))) {
+    const observer = await publicClient.readContract({
+      address: options.tokenAddress,
+      abi: confidentialTokenAbi,
+      functionName: "observer",
+      args: [account]
+    });
+    if (!observer || !(0, import_viem3.isAddressEqual)(observer, signerAddress)) {
+      throw new Error(confidentialErrorCodes.observerNotAuthorized);
+    }
+  }
   if (handle === ZERO_HANDLE) {
     return { handle, balance: 0n };
   }
@@ -279,8 +317,27 @@ async function viewConfidentialTransferAmounts(options) {
           throw new Error("Missing signer for decryption");
         }
         const signerAddress = (0, import_viem4.getAddress)(options.signer.address);
-        if (signerAddress !== (0, import_viem4.getAddress)(entry.holder) && signerAddress !== (0, import_viem4.getAddress)(entry.payee)) {
-          throw new Error("Signer must be the holder or payee to decrypt transfer amount");
+        const holderAddress = (0, import_viem4.getAddress)(entry.holder);
+        const payeeAddress = (0, import_viem4.getAddress)(entry.payee);
+        if (!(0, import_viem4.isAddressEqual)(signerAddress, holderAddress) && !(0, import_viem4.isAddressEqual)(signerAddress, payeeAddress)) {
+          const [holderObserver, payeeObserver] = await Promise.all([
+            publicClient.readContract({
+              address: tokenAddress,
+              abi: confidentialTokenAbi,
+              functionName: "observer",
+              args: [holderAddress]
+            }),
+            publicClient.readContract({
+              address: tokenAddress,
+              abi: confidentialTokenAbi,
+              functionName: "observer",
+              args: [payeeAddress]
+            })
+          ]);
+          const allowed = holderObserver && (0, import_viem4.isAddressEqual)(holderObserver, signerAddress) || payeeObserver && (0, import_viem4.isAddressEqual)(payeeObserver, signerAddress);
+          if (!allowed) {
+            throw new Error(confidentialErrorCodes.observerNotAuthorized);
+          }
         }
         entry.amount = await userDecryptEuint64(
           options.relayer,
@@ -298,9 +355,43 @@ async function viewConfidentialTransferAmounts(options) {
   }
   return transfers;
 }
+
+// src/observer.ts
+var import_viem5 = require("viem");
+async function setObserver(options) {
+  if (!(0, import_viem5.isAddress)(options.tokenAddress)) {
+    throw new Error(`Invalid token address: ${options.tokenAddress}`);
+  }
+  if (!(0, import_viem5.isAddress)(options.account)) {
+    throw new Error(`Invalid account address: ${options.account}`);
+  }
+  if (!(0, import_viem5.isAddress)(options.observer)) {
+    throw new Error(`Invalid observer address: ${options.observer}`);
+  }
+  const tokenAddress = (0, import_viem5.getAddress)(options.tokenAddress);
+  const account = (0, import_viem5.getAddress)(options.account);
+  const observer = (0, import_viem5.getAddress)(options.observer);
+  const publicClient = (0, import_viem5.createPublicClient)({ transport: (0, import_viem5.http)(options.rpcUrl) });
+  const existing = await publicClient.readContract({
+    address: tokenAddress,
+    abi: confidentialTokenAbi,
+    functionName: "observer",
+    args: [account]
+  });
+  if (existing && (0, import_viem5.isAddress)(existing) && (0, import_viem5.getAddress)(existing) === observer) {
+    return "0x" + "00".repeat(32);
+  }
+  return options.signer.writeContract({
+    address: tokenAddress,
+    abi: confidentialTokenAbi,
+    functionName: "setObserver",
+    args: [account, observer]
+  });
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   SepoliaConfig,
+  confidentialErrorCodes,
   confidentialPaymentTypes,
   confidentialTokenAbi,
   createEncryptedAmountInput,
@@ -309,6 +400,7 @@ async function viewConfidentialTransferAmounts(options) {
   hashEncryptedAmountInput,
   normalizeAmount,
   publicDecrypt,
+  setObserver,
   userDecryptEuint64,
   viewConfidentialBalance,
   viewConfidentialTransferAmounts

package/dist/index.mjs

@@ -1,16 +1,22 @@
 import {
+  confidentialErrorCodes,
   confidentialPaymentTypes,
   confidentialTokenAbi,
   createNonce,
   hashEncryptedAmountInput,
-  normalizeAmount
-} from "./chunk-V7Z3OAXS.mjs";
+  normalizeAmount,
+  setObserver
+} from "./chunk-LTE4V3LT.mjs";
 
 // src/relayer.ts
 import { createInstance, SepoliaConfig } from "@zama-fhe/relayer-sdk/node";
 import { getAddress, toHex } from "viem";
 async function createRelayerInstance(config) {
-  return createInstance(config);
+  const instance = await createInstance(config);
+  if (typeof config.network === "string") {
+    instance.network = config.network;
+  }
+  return instance;
 }
 async function createEncryptedAmountInput(relayer, contractAddress, senderAddress, amount) {
   const normalizedContract = getAddress(contractAddress);
@@ -58,7 +64,7 @@ async function publicDecrypt(relayer, handles) {
 }
 
 // src/balance.ts
-import { createPublicClient, http, isAddress } from "viem";
+import { createPublicClient, getAddress as getAddress2, http, isAddress, isAddressEqual } from "viem";
 var ZERO_HANDLE = "0x" + "00".repeat(32);
 async function viewConfidentialBalance(options) {
   if (!isAddress(options.tokenAddress)) {
@@ -91,6 +97,18 @@ async function viewConfidentialBalance(options) {
   if (!options.signer) {
     throw new Error("Missing signer for decryption");
   }
+  const signerAddress = getAddress2(options.signer.address);
+  if (!isAddressEqual(signerAddress, getAddress2(account))) {
+    const observer = await publicClient.readContract({
+      address: options.tokenAddress,
+      abi: confidentialTokenAbi,
+      functionName: "observer",
+      args: [account]
+    });
+    if (!observer || !isAddressEqual(observer, signerAddress)) {
+      throw new Error(confidentialErrorCodes.observerNotAuthorized);
+    }
+  }
   if (handle === ZERO_HANDLE) {
     return { handle, balance: 0n };
   }
@@ -104,7 +122,7 @@ async function viewConfidentialBalance(options) {
 }
 
 // src/transfer.ts
-import { createPublicClient as createPublicClient2, decodeEventLog, getAddress as getAddress2, http as http2, isAddress as isAddress2, isHex } from "viem";
+import { createPublicClient as createPublicClient2, decodeEventLog, getAddress as getAddress3, http as http2, isAddress as isAddress2, isHex, isAddressEqual as isAddressEqual2 } from "viem";
 async function viewConfidentialTransferAmounts(options) {
   if (!isAddress2(options.tokenAddress)) {
     throw new Error(`Invalid token address: ${options.tokenAddress}`);
@@ -122,10 +140,10 @@ async function viewConfidentialTransferAmounts(options) {
   const receipt = await publicClient.getTransactionReceipt({
     hash: options.txHash
   });
-  const tokenAddress = getAddress2(options.tokenAddress);
-  const fromFilter = options.from ? getAddress2(options.from) : void 0;
-  const toFilter = options.to ? getAddress2(options.to) : void 0;
-  const logs = receipt.logs.filter((log) => getAddress2(log.address) === tokenAddress);
+  const tokenAddress = getAddress3(options.tokenAddress);
+  const fromFilter = options.from ? getAddress3(options.from) : void 0;
+  const toFilter = options.to ? getAddress3(options.to) : void 0;
+  const logs = receipt.logs.filter((log) => getAddress3(log.address) === tokenAddress);
   const transfers = [];
   for (const log of logs) {
     try {
@@ -137,8 +155,8 @@ async function viewConfidentialTransferAmounts(options) {
       });
       const args = decoded.args;
       const entry = {
-        holder: getAddress2(args.holder),
-        payee: getAddress2(args.payee),
+        holder: getAddress3(args.holder),
+        payee: getAddress3(args.payee),
         maxClearAmount: BigInt(args.maxClearAmount),
         resourceHash: args.resourceHash,
         nonce: args.nonce,
@@ -155,9 +173,28 @@ async function viewConfidentialTransferAmounts(options) {
         if (!options.signer) {
           throw new Error("Missing signer for decryption");
         }
-        const signerAddress = getAddress2(options.signer.address);
-        if (signerAddress !== getAddress2(entry.holder) && signerAddress !== getAddress2(entry.payee)) {
-          throw new Error("Signer must be the holder or payee to decrypt transfer amount");
+        const signerAddress = getAddress3(options.signer.address);
+        const holderAddress = getAddress3(entry.holder);
+        const payeeAddress = getAddress3(entry.payee);
+        if (!isAddressEqual2(signerAddress, holderAddress) && !isAddressEqual2(signerAddress, payeeAddress)) {
+          const [holderObserver, payeeObserver] = await Promise.all([
+            publicClient.readContract({
+              address: tokenAddress,
+              abi: confidentialTokenAbi,
+              functionName: "observer",
+              args: [holderAddress]
+            }),
+            publicClient.readContract({
+              address: tokenAddress,
+              abi: confidentialTokenAbi,
+              functionName: "observer",
+              args: [payeeAddress]
+            })
+          ]);
+          const allowed = holderObserver && isAddressEqual2(holderObserver, signerAddress) || payeeObserver && isAddressEqual2(payeeObserver, signerAddress);
+          if (!allowed) {
+            throw new Error(confidentialErrorCodes.observerNotAuthorized);
+          }
         }
         entry.amount = await userDecryptEuint64(
           options.relayer,
@@ -177,6 +214,7 @@ async function viewConfidentialTransferAmounts(options) {
 }
 export {
   SepoliaConfig,
+  confidentialErrorCodes,
   confidentialPaymentTypes,
   confidentialTokenAbi,
   createEncryptedAmountInput,
@@ -185,6 +223,7 @@ export {
   hashEncryptedAmountInput,
   normalizeAmount,
   publicDecrypt,
+  setObserver,
   userDecryptEuint64,
   viewConfidentialBalance,
   viewConfidentialTransferAmounts