bn-fhevm

Use when scaffolding a new FHEVM workspace -- contracts, Next.js frontend, or Vite frontend. Copies the canonical bundled template (project/ or templates/frontend-{next,vite}/) into a target directory and customizes package metadata, env-var defaults, and the Sepolia RPC URL via an interactive AskUserQuestion wizard.

Used when reviewing, debugging, auditing, or pre-commit-checking FHEVM Solidity or client code. Catalogues the v0.11-era breaking renames (TFHE→FHE, SepoliaZamaFHEVMConfig→ZamaEthereumConfig, ConfidentialFungibleToken→ERC7984, TFHESafeMath→FHESafeMath, tokenURI→contractURI, isUserAllowed→canTransact), the removed FHE.requestDecryption API, deprecated fhevmjs, and high-frequency footguns (missing FHE.allowThis after state writes, view functions returning encrypted types, .env-based Hardhat secrets). Triggers on FHEVM code review, anti-pattern, audit, migration from pre-v0.9/v0.11, pre-commit check, ACLNotAllowed, EmptyDecryptionProof, or DeclarationError.

Used when writing, refactoring, or reviewing FHEVM Solidity contracts against the @fhevm/solidity@0.11.x API. Covers encrypted types (ebool, euint8..256, eaddress), FHE operations (arithmetic, comparison, FHE.select), the ACL lifecycle (FHE.allow, allowThis, allowTransient, isSenderAllowed, makePubliclyDecryptable), and the input-proof flow (externalEuint* + FHE.fromExternal). Triggers on FHEVM contract patterns, encrypted types, FHE.* library calls, ACL permissions, input proofs, ciphertext handles, ZamaEthereumConfig, or writing a confidential counter / voting / auction / vault contract.

Used when implementing or debugging FHEVM decryption flows — user decryption (sdk.userDecrypt with the signer/keypair bound at instance creation) and public decryption (v0.9 three-step pattern: FHE.makePubliclyDecryptable on-chain → off-chain sdk.publicDecrypt → on-chain FHE.checkSignatures). Targets `@zama-fhe/sdk@3.0.0` (provider-agnostic; relayer-sdk is a transitive dep, not a direct install). Explicitly covers the removal of the deprecated FHE.requestDecryption oracle-callback API. Triggers on prompts mentioning userDecrypt, publicDecrypt, makePubliclyDecryptable, checkSignatures, EIP-712 decryption, reencrypt (legacy term), or the v0.9 migration of decryption.

Used when writing, refactoring, or reviewing FHEVM Solidity contracts that implement or extend ERC-7984 confidential tokens. Covers the IERC7984 interface (confidentialBalanceOf, confidentialTransfer, setOperator), FHESafeMath (tryIncrease, tryDecrease, tryAdd, trySub), the v0.4.0 extensions (Freezable, Restricted, Rwa, Omnibus, ObserverAccess, Votes, ERC7984ERC20Wrapper), the v0.4.0 finance/governance/utils/interfaces directories (VestingWalletConfidential, VotesConfidential, HandleAccessManager, IERC7984Rwa), the operator pattern that replaces approve/allowance, the euint64 supply ceiling and default-6-decimals trap, the v0.4 breaking change that switched unwrap request IDs from euint64 to bytes32, and the 2-step async-decrypt swap pattern for confidential AMMs (FHE.div plaintext-divisor constraint). Explicitly NOT for confidential NFTs — ERC-7984 is fungibles-only; ERC-721 + eaddress is the alternate route. Triggers on ERC7984, ERC-7984, IERC7984, confidentialBalanceOf, confidentialTransfer, setOperator, FHESafeMath, ConfidentialFungibleToken (legacy), ERC20Wrapper, ERC7984Restricted, ERC7984Rwa, ERC7984Freezable, ERC7984Omnibus, ERC7984ObserverAccess, ERC7984Votes, ERC7984Hooked, canTransact, IERC7984Rwa, forceConfidentialTransferFrom, confidentialFrozen, VestingWalletConfidential, BatcherConfidential, VotesConfidential, HandleAccessManager, confidential AMM, confidential DEX, euint64 overflow, decimals 6, or writing a confidential token / wrapper / RWA / governance token / AMM contract.