@affix-io/sdk 2.0.1 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +123 -13
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -1,5 +1,6 @@
1
1
  # AffixIO SDK
2
2
 
3
+ [![npm](https://img.shields.io/npm/v/@affix-io/sdk)](https://www.npmjs.com/package/@affix-io/sdk)
3
4
  [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)
4
5
  [![Node](https://img.shields.io/badge/node-%3E%3D18-brightgreen)](package.json)
5
6
  [![FIPS 204](https://img.shields.io/badge/FIPS%20204-ML--DSA-blue)](https://csrc.nist.gov/pubs/fips/204/final)
@@ -20,21 +21,60 @@ Classical signatures (ECDSA, EdDSA, RSA) are vulnerable to future quantum attack
20
21
 
21
22
  You get prove, verify, storage, and a CLI without running a proving cluster locally.
22
23
 
23
- ## Install
24
+ ## Get the SDK
25
+
26
+ | Source | Best for |
27
+ |---|---|
28
+ | **[npm](https://www.npmjs.com/package/@affix-io/sdk)** `@affix-io/sdk` | Production apps, CI, Docker images, `package.json` dependencies |
29
+ | **[GitHub](https://github.com/AffixIO/SDK)** `AffixIO/SDK` | Source review, Apache 2.0 audit, pinning a commit, air-gapped installs from tarball |
30
+
31
+ **npm** is what most teams use day to day. Install once, import in code, ship with your service:
24
32
 
25
33
  ```bash
26
34
  npm install @affix-io/sdk
27
35
  ```
28
36
 
29
- Or clone this repository (compiled `dist/` only):
37
+ **GitHub** is the same compiled package (pre-built `dist/`, no TypeScript source in the public tree). Clone when you need to inspect exactly what ships, vendor the repo, or run the CLI without adding a registry dependency:
30
38
 
31
39
  ```bash
32
40
  git clone https://github.com/AffixIO/SDK.git
33
41
  cd SDK
34
- npm install
35
42
  cp .env.example .env
43
+ npx affix-sdk health
44
+ ```
45
+
46
+ Neither path runs `npm install` per proof. Both give you a library you call at runtime.
47
+
48
+ ## Where it fits in your stack
49
+
50
+ The SDK is a Node.js client. Proving and verification run on the AffixIO API; your app sends credentials or witnesses and receives proof strings back.
51
+
52
+ ```
53
+ Your service AffixIO API
54
+ ┌─────────────────┐ ┌──────────────────────┐
55
+ │ Express / Fastify│ HTTPS │ witness/prepare │
56
+ │ Next.js API route│ ────────► │ circuits/:id/prove │
57
+ │ BullMQ worker │ │ circuits/:id/verify │
58
+ │ LangChain tool │ │ merkle/audit │
59
+ │ MCP server │ └──────────────────────┘
60
+ │ Cron / batch job │
61
+ └────────┬─────────┘
62
+ │ optional local
63
+
64
+ .affix/proofs.json
65
+ .affix/offline-queue.json
36
66
  ```
37
67
 
68
+ Typical integration points:
69
+
70
+ - **API middleware**: prove a predicate before a sensitive route runs (payout, account change, data export).
71
+ - **Background workers**: batch eligibility checks; `flushOfflineQueue()` when connectivity returns.
72
+ - **LLM orchestration**: gate tool calls, model tiers, or retrieval scopes with a proof instead of passing raw KYC or HR data into the prompt.
73
+ - **Agent and MCP servers**: return a `proof_id` alongside tool results so downstream systems can verify without seeing credentials.
74
+ - **Webhooks and event pipelines**: attach a proof digest to an audit log entry via Merkle anchoring.
75
+
76
+ Install the package in the service that holds secrets and talks to AffixIO. Do not embed API keys in browser bundles or client-side LLM prompts.
77
+
38
78
  Requires Node.js 18+.
39
79
 
40
80
  ## Quick start
@@ -184,19 +224,89 @@ Local paths: `.affix/offline-queue.json`, `.affix/proofs.json`.
184
224
 
185
225
  ## Use cases
186
226
 
187
- - **Privacy-preserving KYC**: prove eligibility without revealing PII
188
- - **Age verification**: `health_age`, `ent_age_restriction`, `hosp_checkin_age`
189
- - **Local residency / ticketing**: `ticket_local_resident`, `ticket_student_discount`
190
- - **Verifiable credentials**: ML-DSA-signed claims with ZK predicates
191
- - **Compliance audit trails**: Merkle-anchored proof history
192
- - **Quantum-safe token validation**: `quantum_safe_token` circuit
227
+ ### AI, LLMs, and agents
228
+
229
+ Large language models should not receive passports, medical records, or full KYC payloads just to answer "is this user allowed?". The SDK lets a **trusted backend** prove a yes/no predicate and hand the model (or tool runtime) only the outcome.
230
+
231
+ | Scenario | Circuit examples | What you prove without exposing |
232
+ |---|---|---|
233
+ | Tool gating before expensive calls | `attested_boolean`, `kyc`, `govt_security_clearance` | User tier, account standing, or clearance level |
234
+ | RAG and document access | `attested_membership`, `govt_professional_license`, `edu_enrollment_verification` | Group membership or role without employee/student IDs |
235
+ | Age and consent checks for restricted advice | `health_age`, `ent_age_restriction`, `hosp_checkin_age` | Age threshold met, not date of birth |
236
+ | Healthcare-adjacent assistants | `health_consent_verification`, `health_prescription_auth`, `health_clinical_trial_eligibility` | Consent or trial eligibility, not PHI |
237
+ | Cross-border or policy-bound models | `travel_visa_eligibility`, `travel_restriction_check`, `govt_immigration_status` | Eligibility flag, not passport number |
238
+ | Agent audit trail | `audit_proof`, `merkle_batch` | That a decision was proved at a point in time |
239
+
240
+ Example pattern for an LLM tool router:
241
+
242
+ ```typescript
243
+ import { AffixSDK, defaultContext } from "@affix-io/sdk";
244
+
245
+ const sdk = new AffixSDK();
246
+
247
+ export async function beforeToolRun(userCredential: Record<string, unknown>) {
248
+ const { valid, proof_id } = await sdk.prove({
249
+ circuitId: "govt_security_clearance",
250
+ credential: userCredential,
251
+ context: defaultContext({ required_claim_hash: "cleared" }),
252
+ });
253
+ if (!valid) throw new Error("tool_access_denied");
254
+ return proof_id; // pass to logs or Merkle audit, not to the model context
255
+ }
256
+ ```
257
+
258
+ The model sees tool output. It does not need the credential or the witness.
259
+
260
+ ### Identity, KYC, and compliance
261
+
262
+ - **Onboarding**: `kyc`, `attested_boolean`, `consent_verification`
263
+ - **PEP and sanctions-style gates**: `govt_criminal_record`, `cross_data_consent`
264
+ - **Professional and licence checks**: `govt_professional_license`, `hosp_agent_credentials`
265
+
266
+ ### Fintech and lending
267
+
268
+ - **Credit and income bands**: `cross_credit_score_range`, `cross_income_bracket`, `govt_tax_bracket`
269
+ - **Mortgage and motor finance**: `mortgage_engine`, `motor_finance_eligibility`, `motor_ownership_verification`
270
+ - **Insurance validity**: `motor_insurance_proof`, `travel_insurance_coverage`
271
+
272
+ ### Health and life sciences
273
+
274
+ - **Age-gated services**: `health_age`, `health_age_verification`
275
+ - **Vaccination and trial eligibility**: `health_vaccination_status`, `health_clinical_trial_eligibility`
276
+ - **Prescription and insurance predicates**: `health_prescription_auth`, `health_insurance_eligibility`
277
+
278
+ ### Travel, hospitality, and ticketing
279
+
280
+ - **Residency and local rates**: `ticket_local_resident`, `travel_residency_proof`, `hosp_longstay_resident`
281
+ - **Passport and visa windows**: `travel_passport_validity`, `travel_visa_eligibility`
282
+ - **Venue access**: `ticket_student_discount`, `ticket_vip_access`, `ticket_disability_access`
283
+
284
+ ### Education and workforce
285
+
286
+ - **Admissions and attendance**: `edu_age_admission`, `edu_attendance_threshold`, `edu_prerequisites_met`
287
+ - **Alumni and library access**: `edu_alumni_status`, `edu_library_access`
288
+ - **Employment proofs**: `cross_employment_status`, `edu_degree_completion`
289
+
290
+ ### Government and civic
291
+
292
+ - **Voting and benefits**: `govt_voting_eligibility`, `govt_benefit_entitlement`, `zk_voting`
293
+ - **Residency duration and property**: `govt_residency_duration`, `govt_property_ownership`
294
+ - **Military and immigration**: `govt_military_service`, `govt_immigration_status`
295
+
296
+ ### Security, tokens, and audit
297
+
298
+ - **Post-quantum token checks**: `quantum_safe_token`, `token_validation`
299
+ - **Tamper-evident history**: `audit_proof`, `merkle_batch`
300
+ - **Offline and edge**: queue failed `prove()` calls, replay with `flushOfflineQueue()` when the API is reachable again
301
+
302
+ Run `npx affix-sdk circuits` for the live catalogue (115+ templates). Circuit IDs map to Noir attestation templates on the API.
193
303
 
194
304
  ## Related projects
195
305
 
196
- - [noir-lang/noir](https://github.com/noir-lang/noir) ZK domain-specific language
197
- - [@aztec/bb.js](https://www.npmjs.com/package/@aztec/bb.js) Barretenberg proving backend
198
- - [@noble/post-quantum](https://www.npmjs.com/package/@noble/post-quantum) ML-DSA / SLH-DSA primitives
199
- - [NIST PQC standards](https://csrc.nist.gov/projects/post-quantum-cryptography) FIPS 203, 204, 205
306
+ - [noir-lang/noir](https://github.com/noir-lang/noir): ZK domain-specific language
307
+ - [@aztec/bb.js](https://www.npmjs.com/package/@aztec/bb.js): Barretenberg proving backend
308
+ - [@noble/post-quantum](https://www.npmjs.com/package/@noble/post-quantum): ML-DSA / SLH-DSA primitives
309
+ - [NIST PQC standards](https://csrc.nist.gov/projects/post-quantum-cryptography): FIPS 203, 204, 205
200
310
 
201
311
  ## License
202
312
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@affix-io/sdk",
3
- "version": "2.0.1",
3
+ "version": "2.0.2",
4
4
  "description": "Post-quantum zero-knowledge proof SDK for Node.js. Noir circuits, ML-DSA-65 attestation, Barretenberg UltraHonk proving, verifiable credentials, and privacy-preserving KYC.",
5
5
  "license": "Apache-2.0",
6
6
  "type": "module",