Skip to main content
Version: develop

Client Factories

Three factories that create bundler-backed clients with the appropriate ZKP action extensions. Gas is sponsored via ERC-4337 paymaster by default.

All three factories share a common chain-target shape: chain: Chain plus optional transport: Transport (defaults to http()). For sharing one underlying chain reader across multiple factory clients, pass a pre-built client: PublicClient instead of chain — the factory uses it directly.

createEvmClient

EVM-side actions via bundler — bound to an EOA permit signer. For public-to-encrypted deposit, auto-encrypt toggle, and EIP-3009 recipient-bound ERC-20 transfers.

import { createEvmClient } from '@cardinal-cryptography/sdk'

const client = await createEvmClient({
  chain: Chain,
  transport?: Transport,        // defaults to http()
  // OR: client: PublicClient   // override; replaces chain + transport
  account: LocalAccount,
  sharedAccountAddress?: Address,
  bundlerUrl?: string,
  paymaster?: ZkPaymasterConfig,
  tokens?: TokenMap,
})

account is the user's EOA. createEvmClient uses the SharedAccount as the UserOp sender, so the contract sees msg.sender = SharedAccount — public-to-encrypted deposits go through the publicToEncryptedTransferWithAuth permit variant, signed by account. Tokens are burned from account.address.

Methods available: Public reads + EVM writes (transfer to encrypted address, set auto-encrypt, EIP-3009 transferWithAuthorization).

createDecryptClient

Read-only. No bundler, no transactions.

import { createDecryptClient } from '@cardinal-cryptography/sdk'

const client = createDecryptClient({
  chain: Chain,
  transport?: Transport,        // defaults to http()
  // OR: client: PublicClient
  zkpAccount: ZkpReadAccount,
  tokens?: TokenMap,
})

Methods available: Public reads + decrypt balance and history.

createFullClient

ZK-side actions via bundler — encrypted transfers and proof-backed register.

import { createFullClient } from '@cardinal-cryptography/sdk'

const client = await createFullClient({
  chain: Chain,
  transport?: Transport,        // defaults to http()
  // OR: client: PublicClient
  zkpAccount: ZkpAccount,
  sharedAccountAddress?: Address,
  bundlerUrl?: string,
  paymaster?: ZkPaymasterConfig,
  tokens?: TokenMap,
})

zkpAccount is the ZK identity (controller-auth signer + prover-bound).

Methods available: Public reads; decrypt balance and logs; ZK writes (sendRegisterEpk, sendEncryptedTransfer, sendEncryptedToPublicTransfer, plus their prepare* variants).

Bundler config parameters

ParameterTypeDescription
clientPublicClientOptional alternative to chain + transport — viem public client for chain reads.
accountLocalAccountUser's EOA. Required for createEvmClient only — signs EIP-712 permits for the EVM action surface (zkpEvmActions). createFullClient does not take an EOA; it uses zkpAccount for controller auth.
sharedAccountAddressAddressDeployed SharedAccount contract
bundlerUrlstringERC-4337 bundler JSON-RPC endpoint
paymaster.paymasterUrlstringPaymaster backend URL
paymaster.signPartnerContextFunctionAuthenticates your app with the paymaster
tokensTokenMapOptional custom token name-to-address mapping
zkpAccountZkpAccountRequired for createFullClient only

Capability matrix

MethodEvmDecryptFull
getEncryptedBalanceCiphertextYesYesYes
getAutoEncryptZkpAddressYesYesYes
getQuorumPublicKeyYesYesYes
getPermitNonceYesYesYes
getAutoEncryptYesYesYes
getEncryptedBalanceLogsYesYesYes
getTokenNameYesYesYes
sendPublicToEncryptedTransferYes----
preparePublicToEncryptedTransferWithAuthYes----
sendSetAutoEncryptYes----
signAuthorizationYes----
toSignedTransactionYes----
prepareTransferWithAuthorizationYes----
sendTransferWithAuthorizationYes----
getAuthorizationStateYes----
getDecryptedBalance--YesYes
getDecryptedBalanceLogs--YesYes
sendRegisterEpk----Yes
prepareEncryptedTransfer----Yes
sendEncryptedTransfer----Yes
prepareEncryptedToPublicTransfer----Yes
sendEncryptedToPublicTransfer----Yes
signTransaction (controller)----Yes
sendPreparedTransaction----Yes