import { Account, Chain, GetContractReturnType, PublicClient, Transport, WalletClient } from 'viem'; import { AllowanceVoucherWithSig } from '../advancedacl/types.js'; import { AttestedComputeOP } from '../attestedcompute/types.js'; import { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/index.js'; import { Address, HexString } from '../binary.js'; import { EciesScheme, SupportedFheType } from '../encryption/index.js'; import { incoVerifierAbi } from '../generated/abis/verifier.js'; import { lightningDeployments } from '../generated/lightning.js'; import { localNodeLightningConfig } from '../generated/local-node.js'; import { FheType } from '../handle.js'; import { LocalNodeEnv } from '../local/index.js'; import { BackoffConfig } from '../retry.js'; import { Secp256k1Keypair } from './ecies.js'; type TupleToUnion = T extends readonly unknown[] ? T[number] : never; type Deployment = TupleToUnion; type DistributedPick = T extends any ? Pick> : never; export type DeploymentByName = DistributedPick; export type DeploymentByExecutor = DistributedPick; export type DeploymentId = DeploymentByName | DeploymentByExecutor; export type Pepper = Deployment['pepper']; export type LocalNodePepper = keyof typeof localNodeLightningConfig; export type ChainId = Deployment['chainId']; export type SupportedNativeType = boolean | bigint | number; export type EncryptionContext = { accountAddress: string; dappAddress: string; handleType: FheType; }; export type DeploymentSlice = { executorAddress: string; chainId: number; }; export type CustomConfig = { executorAddress: string; chainId: number; covalidatorUrls: string[]; signers?: Address[]; hostChainRpcUrl?: string; senderPrivateKey?: HexString; }; export type CustomDeployment = DeploymentSlice & CustomConfig; export type IncoVerifierConfig = { threshold: number; signers: Address[]; eciesPubKey: HexString; }; type LocalNodeEnvFileSource = { filePath: string; }; /** * The Lightning class provides a convenient way to interact with the Inco Lightning contract by binding to a specific * deployment. */ export declare class Lightning { private readonly _deployment; private readonly covalidatorUrls; private readonly signers; private readonly threshold; private readonly eciesPubKey; readonly executorAddress: Address; readonly chainId: bigint; private readonly ephemeralKeypair; private readonly kmsQuorumClient; private readonly encryptor; private constructor(); /** * Get a Lightning instance bound to the latest Lightning deployment for the Base Sepolia testnet. */ static baseSepoliaTestnet(): Promise>; /** * Get a Lightning instance bound to our canonical Anvil-based test node and test Covalidator node * * These can be run in docker-compose using images pushed to dockerhub as: * - inconetwork/local-node-anvil * - inconetwork/local-node-covalidator * * See the sample docker-compose file here: https://github.com/Inco-fhevm/lightning-rod/blob/main/docker-compose.yaml * * @param env either a Pepper such as 'testnet', 'devnet', 'alphanet' or a LocalNodeEnv object containing the * executorAddress, eciesPublicKey, chainId, covalidatorUrl and senderPrivateKey. If none is provided, it defaults to * the 'testnet' Pepper. This produces allows connection to a local node running against a state dump of the * corresponding Pepper. * */ static localNode(env?: LocalNodeEnv | LocalNodePepper): Promise>; /** * Get a Lightning instance bound to a local node from a file containing a LocalNodeEnv environment . * * @param filePath the path to the file containing the environment variables in dotenv format */ static localNodeFromEnv(source?: string | Buffer | LocalNodeEnvFileSource): Promise>; /** * Get a Lightning deployment by name or executor address on a particular chain. * * @param id this is an object containing either the pair of name and chainId or the executorAddress and chainId */ static at(id: DeploymentId): Promise>; /** * Get a Lightning deployment for a local or custom node * * @param config this is an object containing the executorAddress, eciesPublicKey, chainId and covalidatorUrl. * additional fields past will be made available as part of the `deployment` property. */ static custom(config: T): Promise>; /** * Get the latest deployment for a given pepper, which usually denotes a family of deployments distinct from their * version such as 'devnet', 'testnet', 'mainnet', etc. * * @param pepper the pepper to use to filter the deployments * @param chainId the chainId to use to filter the deployments */ static latestDeployment

(pepper: P, chainId: ChainId): Deployment; /** * Get the latest Lightning deployment for a given pepper amd chainId unconditionally. * Note that if you upgrade the library the latest deployment may change and contracts deployed to a previous version * will not be compatible with the new version. * * @param pepper the pepper to use to filter the deployments * @param chain the chain to use to filter the deployments */ static latest

(pepper: P, chainId: ChainId): Promise>; get deployment(): T; /** * Encrypt a value using the public ECIES key of the Lightning deployment. * * @param value a boolean or numeric value to encrypt * @param accountAddress the address of the account interacting with the dapp contract, normally an Externally Owned Account (EOA) * @param dappAddress the address of the dapp contract that interacts with the Inco Lightning contract or library * @param handleType (optional) the handle type to be used for encrypting the value - this is required in case of non-default handle types * default handle types: * - boolean -> handleTypes.ebool * - number | bigint -> handleTypes.euint256 * @returns a promise that resolves to the encrypted value as a HexString */ encrypt(value: T, { accountAddress, dappAddress, handleType }: EncryptionContext): Promise; /** * Grants a session key allowance voucher for secure reencryption operations. * * This method creates a signed allowance voucher that authorizes a specific requester address * to perform reencryption operations using session keys. The voucher includes an expiration time * and can optionally specify a custom session verifier contract address. * * @param walletClient - The wallet client used for signing the allowance voucher * @param granteeAddress - The address of the entity requesting the session key allowance * @param expiresAt - The timestamp when the allowance voucher expires (as a bigint) * @param sessionVerifierAddress - Optional custom session verifier contract address. If not provided, uses the executor address * @returns A promise that resolves to an AllowanceVoucherWithSig containing the signed allowance voucher * * @example * ```typescript * const voucher = await lightning.grantSessionKeyAllowanceVoucher( * walletClient, * "0x1234...", * BigInt(Date.now() + 3600000), // 1 hour from now * "0x5678..." // optional custom verifier * ); * ``` */ grantSessionKeyAllowanceVoucher(walletClient: WalletClient, granteeAddress: string, expiresAt: Date, sessionVerifierAddress: string): Promise; /** * Updates the active session nonce for the given wallet client. * * This method updates the active session nonce for the given wallet client. * It nullifies all the previous shared addresses accessing the voucher. * * @param walletClient - The wallet client used for updating the session nonce * @returns The transaction hash of the updateActiveVouchersSessionNonce transaction */ updateActiveVouchersSessionNonce(walletClient: WalletClient): Promise; /** * Requests attested decrypts signed by the covalidator using a wallet client. * * @param walletClient Wallet used to sign the EIP-712 request. * @param handles 32-byte handles to decrypt. * @param backoffConfig Optional retry configuration. * * @example Plaintext results * ```ts * const attestations = await lightning.attestedDecrypt(walletClient, [handle]); * console.log(attestations[0].plaintext.value); * ``` * * @example Reencrypt for a delegate * ```ts * const encrypted = await lightning.attestedDecrypt(walletClient, [handle], delegatePubKey); * console.log(encrypted[0].encryptedPlaintext.ciphertext.value); * ``` * * @example Reencrypt and decrypt locally * ```ts * const decrypted = await lightning.attestedDecrypt( * walletClient, * [handle], * keypair.encodePublicKey(), * keypair, * ); * console.log(decrypted[0].plaintext.value); * ``` */ attestedDecrypt(walletClient: WalletClient, handles: HexString[], backoffConfig?: Partial): Promise>>; attestedDecrypt(walletClient: WalletClient, handles: HexString[], reencryptPubKey: Uint8Array, backoffConfig?: Partial): Promise>>; attestedDecrypt(walletClient: WalletClient, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, backoffConfig?: Partial): Promise>>; /** * Requests attested decrypts using a voucher-backed session key. * * @param ephemeralKeypair Session keypair matching the voucher grantee. * @param allowanceVoucherWithSig Signed allowance voucher. * @param ethClient - A public eth client or eth wallet client used for signing the attested decrypt request * @param handles Handles to decrypt. * @param options Optional reencryption/backoff configuration. * * @example Plaintext results * ```ts * const attestations = await lightning.attestedDecryptWithVoucher( * ephemeralKeypair, * voucher, * ethClient, * [handle], * ); * ``` * * @example Reencrypt for a delegate * ```ts * const encrypted = await lightning.attestedDecryptWithVoucher( * ephemeralKeypair, * voucher, * ethClient, * [handle], * { reencryptPubKey: delegateKeypair.encodePublicKey() }, * ); * ``` */ attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient | WalletClient, handles: HexString[], backoffConfig?: Partial): Promise>>; attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient | WalletClient, handles: HexString[], reencryptPubKey: Uint8Array, backoffConfig?: Partial): Promise>>; attestedDecryptWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient | WalletClient, handles: HexString[], reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, backoffConfig?: Partial): Promise>>; /** * Get an attested compute for the given wallet client. * * @param walletClient - The wallet client used for signing the attested compute request * @param lhsHandle - The handle to compute * @param op - The operation to perform * @param rhsPlaintext - The plaintext to compute with * @param backoffConfig - The backoff configuration for the attested compute request * @returns The decryption attestation * * @example Plaintext result * ```typescript * import { AttestedComputeSupportedOps } from '../lite/attested-compute.js'; * const lhsHandle = '0x...'; * const rhsPlaintext = 1337n; * const op = AttestedComputeSupportedOps.Eq; * const response = await lightning.attestedCompute(walletClient, lhsHandle, op, rhsPlaintext); * const { plaintext, covalidatorSignature, handle } = response; * ``` * * @example Reencrypt for a delegate * ```ts * const encrypted = await lightning.attestedCompute( * walletClient, * lhsHandle, * op, * rhsPlaintext, * delegatePubKey, * ); * console.log(encrypted.encryptedPlaintext.ciphertext.value); * ``` * * @example Reencrypt and decrypt locally * ```ts * const decrypted = await lightning.attestedCompute( * walletClient, * lhsHandle, * op, * rhsPlaintext, * keypair.encodePublicKey(), * keypair, * ); * console.log(decrypted.plaintext.value); * ``` */ attestedCompute(walletClient: WalletClient, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, backoffConfig?: Partial): Promise>; attestedCompute(walletClient: WalletClient, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, backoffConfig?: Partial): Promise>; attestedCompute(walletClient: WalletClient, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, backoffConfig?: Partial): Promise>; /** * Performs attested compute via a voucher-backed session key. * * @example Plaintext result * ```ts * const attestation = await lightning.attestedComputeWithVoucher( * ephemeralKeypair, * voucher, * ethClient, * lhsHandle, * AttestedComputeSupportedOps.Eq, * true, * ); * ``` * * @example Reencrypt for a delegate * ```ts * const encrypted = await lightning.attestedComputeWithVoucher( * ephemeralKeypair, * voucher, * lhsHandle, * AttestedComputeSupportedOps.Eq, * true, * delegatePubKey, * ); * console.log(encrypted.encryptedPlaintext.ciphertext.value); * ``` * * @example Reencrypt and decrypt locally * ```ts * const decrypted = await lightning.attestedComputeWithVoucher( * ephemeralKeypair, * voucher, * lhsHandle, * AttestedComputeSupportedOps.Eq, * true, * keypair.encodePublicKey(), * keypair, * ); * console.log(decrypted.plaintext.value); * ``` */ attestedComputeWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient | WalletClient, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, backoffConfig?: Partial): Promise>; attestedComputeWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient | WalletClient, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, backoffConfig?: Partial): Promise>; attestedComputeWithVoucher(ephemeralKeypair: Secp256k1Keypair, allowanceVoucherWithSig: AllowanceVoucherWithSig, ethClient: PublicClient | WalletClient, lhsHandle: HexString, op: AttestedComputeOP, rhsPlaintext: bigint | boolean, reencryptPubKey: Uint8Array, reencryptKeypair: Secp256k1Keypair, backoffConfig?: Partial): Promise>; /** * Get an decryption of publicly revealed handles. * * @param handles - The handles to decrypt * @param backoffConfig - The backoff configuration for the attested decrypt request * @returns The decryption attestations * * @example * ```typescript * const response = await lightning.attestedReveal([handle1, handle2], ethClient); * const { plaintext, covalidatorSignature } = response[0]; * ``` */ attestedReveal(handles: HexString[], backoffConfig?: Partial): Promise>>; /** * Get the GRPC endpoint for the covalidator that services this deployment. */ static getCovalidatorUrls(deployment: DeploymentSlice & { pepper: string; }, threshold: number): string[]; private static isIdByName; private static plaintextFromValue; static getEciesPublicKey(client: PublicClient, executorAddress: Address): Promise; static getIncoVerifierContract(client: PublicClient, executorAddress: Address): Promise>; /** * Retrieves the verifier contract details including threshold, signers, and ECIES public key from the Inco Verifier contract. * * @param executorAddress The address of the Inco Lightning executor contract. * @param client The public client to interact with the blockchain. * @returns An object containing the threshold, signers, and ECIES public key. */ private static getVerifierContractDetails; private static getChainConfig; private static supportsThresholdRetrieval; private static getDefaultThresholdAndSigners; } export {};