@baerae/zkap-zkp-react-native 0.1.0

package/README.md

@@ -0,0 +1,26 @@
+# `@baerae/zkap-zkp-react-native`
+
+React Native SDK for zkap-zkp with Expo modules integration.
+
+Install:
+
+```bash
+npm install @baerae/zkap-zkp-react-native
+```
+
+Requires Expo New Architecture and the following peer dependencies:
+
+- `expo`
+- `expo-crypto`
+- `expo-file-system`
+- `expo-modules-core`
+- `react-native`
+
+```ts
+import { generateHash, generateAnchor } from '@baerae/zkap-zkp-react-native'
+
+const hash = await generateHash(['0x1', '0x2'])
+const anchor = await generateAnchor(config, secrets)
+```
+
+The npm package bundles the iOS XCFramework and Android `.so` libraries produced by CI.

package/android/build.gradle

@@ -0,0 +1,30 @@
+apply plugin: 'com.android.library'
+apply plugin: 'kotlin-android'
+
+android {
+  compileSdkVersion 34
+  namespace "expo.modules.zkap"
+
+  defaultConfig {
+    minSdkVersion 24
+    targetSdkVersion 34
+  }
+
+  sourceSets {
+    main {
+      java.srcDirs += ['src/main/java']
+      jniLibs.srcDirs = ['libs']
+    }
+  }
+}
+
+repositories {
+  mavenCentral()
+}
+
+dependencies {
+  implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.9.0"
+  // expo-modules-core provides Module, ModuleDefinition, AsyncFunction, etc.
+  // compileOnly: provided by the consumer app at runtime
+  compileOnly project(':expo-modules-core')
+}

package/android/src/main/java/expo/modules/zkap/ZkapSdkModule.kt

@@ -0,0 +1,64 @@
+package expo.modules.zkap
+
+import expo.modules.kotlin.modules.Module
+import expo.modules.kotlin.modules.ModuleDefinition
+
+class ZkapSdkModule : Module() {
+
+    // Load the native Rust library (built as libzkap_zkp_rn.so)
+    companion object {
+        init {
+            System.loadLibrary("zkap_zkp_rn")
+        }
+
+        // JNI-compatible native methods (no underscores → no name-mangling issues).
+        // Corresponding Rust symbol: Java_expo_modules_zkap_ZkapSdkModule_native<X>
+        // Each JNI wrapper in Rust calls the C-ABI function, copies the result into
+        // a Java String, and frees the Rust allocation — no memory leak.
+        @JvmStatic external fun nativeGenerateHash(inputJson: String): String
+        @JvmStatic external fun nativeGenerateAnchor(inputJson: String): String
+        @JvmStatic external fun nativeGenerateAudHash(inputJson: String): String
+        @JvmStatic external fun nativeGenerateLeafHash(inputJson: String): String
+        @JvmStatic external fun nativeProve(inputJson: String): String
+    }
+
+    override fun definition() = ModuleDefinition {
+        Name("ZkapSdk")
+
+        AsyncFunction("generateHash") { inputJson: String ->
+            unwrapResult(nativeGenerateHash(inputJson))
+        }
+
+        AsyncFunction("generateAnchor") { inputJson: String ->
+            unwrapResult(nativeGenerateAnchor(inputJson))
+        }
+
+        AsyncFunction("generateAudHash") { inputJson: String ->
+            unwrapResult(nativeGenerateAudHash(inputJson))
+        }
+
+        AsyncFunction("generateLeafHash") { inputJson: String ->
+            unwrapResult(nativeGenerateLeafHash(inputJson))
+        }
+
+        AsyncFunction("prove") { inputJson: String ->
+            unwrapResult(nativeProve(inputJson))
+        }
+    }
+
+    /** Parse JSON result from Rust FFI. Throws if the result contains an "error" field. */
+    @Suppress("UNCHECKED_CAST")
+    private fun unwrapResult(json: String): String {
+        try {
+            val obj = org.json.JSONObject(json)
+            if (obj.has("error")) {
+                throw ZkapException(obj.getString("error"))
+            }
+        } catch (e: org.json.JSONException) {
+            // Not a JSON object — return as-is
+        }
+        return json
+    }
+}
+
+class ZkapException(message: String) : Exception("[zkap] $message")

package/expo-module.config.json

@@ -0,0 +1,9 @@
+{
+  "platforms": ["ios", "android"],
+  "ios": {
+    "modules": ["ZkapSdkModule"]
+  },
+  "android": {
+    "modules": ["expo.modules.zkap.ZkapSdkModule"]
+  }
+}

package/ios/ZkapSdkModule.podspec

@@ -0,0 +1,34 @@
+require 'json'
+
+package = JSON.parse(File.read(File.join(__dir__, '..', 'package.json')))
+
+Pod::Spec.new do |s|
+  s.name           = 'ZkapSdkModule'
+  s.version        = package['version']
+  s.summary        = package['description']
+  s.license        = package['license']
+  s.authors        = package['author']
+  s.homepage       = package['homepage']
+  s.platform       = :ios, '15.0'
+  s.swift_version  = '5.9'
+  s.source         = { git: package['repository']['url'] }
+
+  s.source_files   = 'ios/**/*.{swift,h,m}'
+
+  # Pre-built Rust static libraries (generated by CI build-react-native.yml)
+  s.vendored_frameworks = 'ios/ZkapZkp.xcframework'
+
+  # Expose C headers for the Rust FFI symbols
+  s.preserve_paths = 'ios/include/*.h'
+  s.xcconfig = {
+    'HEADER_SEARCH_PATHS' => '$(PODS_TARGET_SRCROOT)/ios/include',
+    'OTHER_LDFLAGS' => '-lc++'
+  }
+
+  s.dependency 'ExpoModulesCore'
+
+  s.pod_target_xcconfig = {
+    'DEFINES_MODULE' => 'YES',
+    'SWIFT_COMPILATION_MODE' => 'wholemodule'
+  }
+end

package/ios/ZkapSdkModule.swift

@@ -0,0 +1,105 @@
+import ExpoModulesCore
+
+public class ZkapSdkModule: Module {
+    public func definition() -> ModuleDefinition {
+        Name("ZkapSdk")
+
+        // ──────────────────────────────────────────
+        // generateHash
+        // ──────────────────────────────────────────
+        AsyncFunction("generateHash") { (inputJson: String) -> String in
+            guard let cInput = inputJson.cString(using: .utf8) else {
+                throw ZkapError.invalidInput("Failed to encode inputJson as UTF-8")
+            }
+            let result = zkap_generate_hash(cInput)
+            defer { zkap_free_string(result) }
+            return try ZkapSdkModule.unwrapResult(result)
+        }
+
+        // ──────────────────────────────────────────
+        // generateAnchor
+        // ──────────────────────────────────────────
+        AsyncFunction("generateAnchor") { (inputJson: String) -> String in
+            guard let cInput = inputJson.cString(using: .utf8) else {
+                throw ZkapError.invalidInput("Failed to encode inputJson as UTF-8")
+            }
+            let result = zkap_generate_anchor(cInput)
+            defer { zkap_free_string(result) }
+            return try ZkapSdkModule.unwrapResult(result)
+        }
+
+        // ──────────────────────────────────────────
+        // generateAudHash
+        // ──────────────────────────────────────────
+        AsyncFunction("generateAudHash") { (inputJson: String) -> String in
+            guard let cInput = inputJson.cString(using: .utf8) else {
+                throw ZkapError.invalidInput("Failed to encode inputJson as UTF-8")
+            }
+            let result = zkap_generate_aud_hash(cInput)
+            defer { zkap_free_string(result) }
+            return try ZkapSdkModule.unwrapResult(result)
+        }
+
+        // ──────────────────────────────────────────
+        // generateLeafHash
+        // ──────────────────────────────────────────
+        AsyncFunction("generateLeafHash") { (inputJson: String) -> String in
+            guard let cInput = inputJson.cString(using: .utf8) else {
+                throw ZkapError.invalidInput("Failed to encode inputJson as UTF-8")
+            }
+            let result = zkap_generate_leaf_hash(cInput)
+            defer { zkap_free_string(result) }
+            return try ZkapSdkModule.unwrapResult(result)
+        }
+
+        // ──────────────────────────────────────────
+        // prove
+        // ──────────────────────────────────────────
+        AsyncFunction("prove") { (inputJson: String) -> String in
+            guard let cInput = inputJson.cString(using: .utf8) else {
+                throw ZkapError.invalidInput("Failed to encode inputJson as UTF-8")
+            }
+            let result = zkap_prove(cInput)
+            defer { zkap_free_string(result) }
+            return try ZkapSdkModule.unwrapResult(result)
+        }
+    }
+
+    // ──────────────────────────────────────────────────────────────
+    // Helpers
+    // ──────────────────────────────────────────────────────────────
+
+    /// Convert a raw C string pointer returned by the Rust FFI into a Swift String.
+    /// Throws ZkapError.rustError if the JSON contains an "error" field.
+    private static func unwrapResult(_ ptr: UnsafeMutablePointer<CChar>?) throws -> String {
+        guard let ptr = ptr else {
+            throw ZkapError.rustError("Rust FFI returned null pointer")
+        }
+        let json = String(cString: ptr)
+
+        // Check for error response: {"error": "..."}
+        if let data = json.data(using: .utf8),
+           let obj = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
+           let errMsg = obj["error"] as? String {
+            throw ZkapError.rustError(errMsg)
+        }
+
+        return json
+    }
+}
+
+// ──────────────────────────────────────────────────────────────────
+// Error types
+// ──────────────────────────────────────────────────────────────────
+
+enum ZkapError: Error, CustomStringConvertible {
+    case invalidInput(String)
+    case rustError(String)
+
+    var description: String {
+        switch self {
+        case .invalidInput(let msg): return "[zkap] Invalid input: \(msg)"
+        case .rustError(let msg): return "[zkap] Rust error: \(msg)"
+        }
+    }
+}

package/ios/ZkapZkp.xcframework/Info.plist

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>AvailableLibraries</key>
+	<array>
+		<dict>
+			<key>BinaryPath</key>
+			<string>libzkap_zkp_rn_sim.a</string>
+			<key>HeadersPath</key>
+			<string>Headers</string>
+			<key>LibraryIdentifier</key>
+			<string>ios-arm64_x86_64-simulator</string>
+			<key>LibraryPath</key>
+			<string>libzkap_zkp_rn_sim.a</string>
+			<key>SupportedArchitectures</key>
+			<array>
+				<string>arm64</string>
+				<string>x86_64</string>
+			</array>
+			<key>SupportedPlatform</key>
+			<string>ios</string>
+			<key>SupportedPlatformVariant</key>
+			<string>simulator</string>
+		</dict>
+		<dict>
+			<key>BinaryPath</key>
+			<string>libzkap_zkp_rn.a</string>
+			<key>HeadersPath</key>
+			<string>Headers</string>
+			<key>LibraryIdentifier</key>
+			<string>ios-arm64</string>
+			<key>LibraryPath</key>
+			<string>libzkap_zkp_rn.a</string>
+			<key>SupportedArchitectures</key>
+			<array>
+				<string>arm64</string>
+			</array>
+			<key>SupportedPlatform</key>
+			<string>ios</string>
+		</dict>
+	</array>
+	<key>CFBundlePackageType</key>
+	<string>XFWK</string>
+	<key>XCFrameworkFormatVersion</key>
+	<string>1.0</string>
+</dict>
+</plist>

package/ios/ZkapZkp.xcframework/ios-arm64/Headers/zkap_zkp_rn.h

@@ -0,0 +1,15 @@
+#pragma once
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+char* zkap_generate_hash(const char* input_json);
+char* zkap_generate_anchor(const char* input_json);
+char* zkap_generate_aud_hash(const char* input_json);
+char* zkap_generate_leaf_hash(const char* input_json);
+char* zkap_prove(const char* input_json);
+void  zkap_free_string(char* ptr);
+
+#ifdef __cplusplus
+}
+#endif

package/ios/ZkapZkp.xcframework/ios-arm64_x86_64-simulator/Headers/zkap_zkp_rn.h

@@ -0,0 +1,15 @@
+#pragma once
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+char* zkap_generate_hash(const char* input_json);
+char* zkap_generate_anchor(const char* input_json);
+char* zkap_generate_aud_hash(const char* input_json);
+char* zkap_generate_leaf_hash(const char* input_json);
+char* zkap_prove(const char* input_json);
+void  zkap_free_string(char* ptr);
+
+#ifdef __cplusplus
+}
+#endif

package/ios/include/zkap_zkp_rn.h

@@ -0,0 +1,15 @@
+#pragma once
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+char* zkap_generate_hash(const char* input_json);
+char* zkap_generate_anchor(const char* input_json);
+char* zkap_generate_aud_hash(const char* input_json);
+char* zkap_generate_leaf_hash(const char* input_json);
+char* zkap_prove(const char* input_json);
+void  zkap_free_string(char* ptr);
+
+#ifdef __cplusplus
+}
+#endif

package/package.json

@@ -0,0 +1,58 @@
+{
+  "name": "@baerae/zkap-zkp-react-native",
+  "version": "0.1.0",
+  "description": "React Native SDK for zkap-zkp — on-device ZK proving with Groth16 (BN254) and Poseidon hash. Requires Expo New Architecture.",
+  "main": "./src/index.ts",
+  "types": "./src/index.ts",
+  "source": "./src/index.ts",
+  "react-native": "./src/index.ts",
+  "files": [
+    "README.md",
+    "src/",
+    "ios/ZkapSdkModule.podspec",
+    "ios/ZkapSdkModule.swift",
+    "ios/include/",
+    "ios/ZkapZkp.xcframework/",
+    "android/src/",
+    "android/build.gradle",
+    "android/libs/",
+    "expo-module.config.json"
+  ],
+  "scripts": {
+    "typecheck": "tsc --noEmit"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "keywords": [
+    "zk",
+    "groth16",
+    "poseidon",
+    "zkap",
+    "react-native",
+    "expo",
+    "zero-knowledge"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/baerae-zkap/zkap-zkp.git",
+    "directory": "packages/sdk-react-native"
+  },
+  "homepage": "https://github.com/baerae-zkap/zkap-zkp",
+  "bugs": "https://github.com/baerae-zkap/zkap-zkp/issues",
+  "license": "MIT OR Apache-2.0",
+  "peerDependencies": {
+    "expo": ">=50.0.0",
+    "expo-crypto": ">=13.0.0",
+    "expo-file-system": ">=17.0.0",
+    "expo-modules-core": ">=1.12.0",
+    "react-native": ">=0.73.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.4.5"
+  },
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org/",
+    "access": "public"
+  }
+}

package/src/artifact-manager.ts

@@ -0,0 +1,231 @@
+/**
+ * artifact-manager — MVP implementation
+ *
+ * Included:  download, cache path management, SHA256 verification,
+ *            atomic rename, max 3 retries, progress callback
+ * Excluded:  HTTP Range resume, background download, advanced cache cleanup
+ */
+
+import * as FileSystem from 'expo-file-system';
+import * as Crypto from 'expo-crypto';
+
+// ──────────────────────────────────────────────────────────────────
+// Types
+// ──────────────────────────────────────────────────────────────────
+
+export interface ArtifactManifest {
+  version: string;
+  circuit: string;
+  artifacts: {
+    proving_key: {
+      url: string;
+      sha256: string;
+      size_bytes: number;
+      compressed_size_bytes?: number;
+    };
+  };
+  min_sdk_version: string;
+  max_sdk_version: string;
+}
+
+export interface InitProveArtifactsOptions {
+  /** URL of the manifest.json that describes the proving key location */
+  manifestUrl: string;
+  /**
+   * Local directory for caching the proving key.
+   * Defaults to `<FileSystem.cacheDirectory>/zkap/`
+   */
+  cacheDir?: string;
+  /**
+   * Called periodically during download.
+   * `downloaded` and `total` are in bytes.
+   */
+  onProgress?: (downloaded: number, total: number) => void;
+}
+
+// ──────────────────────────────────────────────────────────────────
+// Constants
+// ──────────────────────────────────────────────────────────────────
+
+const MAX_RETRIES = 3;
+const RETRY_BASE_DELAY_MS = 1000;
+
+// ──────────────────────────────────────────────────────────────────
+// Public API
+// ──────────────────────────────────────────────────────────────────
+
+/**
+ * Download (if not cached) and verify the Groth16 proving key.
+ *
+ * Returns the local file path to the cached proving key,
+ * which should be passed to `prove()` as `request.pk_path`.
+ *
+ * @throws if download fails after 3 retries, or SHA256 verification fails
+ */
+export async function initProveArtifacts(
+  options: InitProveArtifactsOptions
+): Promise<string> {
+  const cacheDir =
+    (options.cacheDir ?? `${FileSystem.cacheDirectory}zkap/`)
+      .replace(/^file:\/\//, '');
+
+  // Ensure cache directory exists
+  await ensureDir(cacheDir);
+
+  // 1. Download manifest
+  const manifest = await fetchManifest(options.manifestUrl);
+
+  // 2. Determine cache file path (version-namespaced to avoid stale cache)
+  const pkInfo = manifest.artifacts.proving_key;
+  const fileName = `zkap-${manifest.version}-pk.bin`;
+  const pkCachePath = `${cacheDir}${fileName}`;
+  const pkTmpPath = `${pkCachePath}.tmp`;
+
+  // 3. Check if already cached and valid
+  const fileInfo = await FileSystem.getInfoAsync(pkCachePath);
+  if (fileInfo.exists) {
+    const valid = await verifySha256(pkCachePath, pkInfo.sha256);
+    if (valid) {
+      return pkCachePath;
+    }
+    // Cache is corrupted — delete and re-download
+    await FileSystem.deleteAsync(pkCachePath, { idempotent: true });
+  }
+
+  // 4. Download with retries
+  await downloadWithRetry({
+    url: pkInfo.url,
+    tmpPath: pkTmpPath,
+    totalBytes: pkInfo.size_bytes,
+    onProgress: options.onProgress,
+    maxRetries: MAX_RETRIES,
+  });
+
+  // 5. Verify SHA256
+  const valid = await verifySha256(pkTmpPath, pkInfo.sha256);
+  if (!valid) {
+    await FileSystem.deleteAsync(pkTmpPath, { idempotent: true });
+    throw new Error(
+      '[zkap/artifact-manager] SHA256 verification failed. ' +
+      'The downloaded file may be corrupted. Please try again.'
+    );
+  }
+
+  // 6. Atomic rename: tmp → final cache path
+  await FileSystem.moveAsync({ from: pkTmpPath, to: pkCachePath });
+
+  return pkCachePath;
+}
+
+// ──────────────────────────────────────────────────────────────────
+// Internal helpers
+// ──────────────────────────────────────────────────────────────────
+
+async function ensureDir(dir: string): Promise<void> {
+  const info = await FileSystem.getInfoAsync(dir);
+  if (!info.exists) {
+    await FileSystem.makeDirectoryAsync(dir, { intermediates: true });
+  }
+}
+
+async function fetchManifest(url: string): Promise<ArtifactManifest> {
+  const response = await fetch(url);
+  if (!response.ok) {
+    throw new Error(
+      `[zkap/artifact-manager] Failed to fetch manifest: HTTP ${response.status}`
+    );
+  }
+  return response.json() as Promise<ArtifactManifest>;
+}
+
+interface DownloadOptions {
+  url: string;
+  tmpPath: string;
+  totalBytes: number;
+  onProgress?: (downloaded: number, total: number) => void;
+  maxRetries: number;
+}
+
+async function downloadWithRetry(opts: DownloadOptions): Promise<void> {
+  let lastError: Error | null = null;
+
+  for (let attempt = 1; attempt <= opts.maxRetries; attempt++) {
+    try {
+      // Clean up any partial download from a previous attempt
+      await FileSystem.deleteAsync(opts.tmpPath, { idempotent: true });
+
+      const downloadResumable = FileSystem.createDownloadResumable(
+        opts.url,
+        opts.tmpPath,
+        {},
+        (progress) => {
+          if (opts.onProgress) {
+            opts.onProgress(
+              progress.totalBytesWritten,
+              progress.totalBytesExpectedToWrite > 0
+                ? progress.totalBytesExpectedToWrite
+                : opts.totalBytes
+            );
+          }
+        }
+      );
+
+      const result = await downloadResumable.downloadAsync();
+      if (!result || result.status !== 200) {
+        throw new Error(
+          `[zkap/artifact-manager] Download failed with status ${result?.status ?? 'unknown'}`
+        );
+      }
+
+      return; // Success
+    } catch (err) {
+      lastError = err instanceof Error ? err : new Error(String(err));
+      if (attempt < opts.maxRetries) {
+        const delay = RETRY_BASE_DELAY_MS * Math.pow(2, attempt - 1);
+        await sleep(delay);
+      }
+    }
+  }
+
+  throw new Error(
+    `[zkap/artifact-manager] Download failed after ${opts.maxRetries} attempts. ` +
+    `Last error: ${lastError?.message ?? 'unknown'}`
+  );
+}
+
+async function verifySha256(filePath: string, expectedHex: string): Promise<boolean> {
+  try {
+    // Read file as base64, convert to raw binary Uint8Array, then SHA256 the binary.
+    // NOTE: digestStringAsync hashes the string's UTF-8 bytes, not the file's binary
+    // content. We must use Crypto.digest(algorithm, Uint8Array) for correct results.
+    const base64 = await FileSystem.readAsStringAsync(filePath, {
+      encoding: FileSystem.EncodingType.Base64,
+    });
+
+    // base64 → raw binary bytes
+    const binaryStr = atob(base64);
+    const bytes = new Uint8Array(binaryStr.length);
+    for (let i = 0; i < binaryStr.length; i++) {
+      bytes[i] = binaryStr.charCodeAt(i);
+    }
+
+    // Hash the raw binary
+    const digestBuffer = await Crypto.digest(
+      Crypto.CryptoDigestAlgorithm.SHA256,
+      bytes
+    );
+
+    // ArrayBuffer → hex string
+    const digestHex = Array.from(new Uint8Array(digestBuffer))
+      .map((b) => b.toString(16).padStart(2, '0'))
+      .join('');
+
+    return digestHex.toLowerCase() === expectedHex.toLowerCase();
+  } catch {
+    return false;
+  }
+}
+
+function sleep(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}

package/src/index.ts

@@ -0,0 +1,147 @@
+import { requireNativeModule } from 'expo-modules-core';
+
+const ZkapSdk = requireNativeModule('ZkapSdk');
+
+// ──────────────────────────────────────────────────────────────────
+// Input / Output types
+// ──────────────────────────────────────────────────────────────────
+
+export interface CircuitConfig {
+  max_jwt_b64_len: number;
+  max_payload_b64_len: number;
+  max_aud_len: number;
+  max_exp_len: number;
+  max_iss_len: number;
+  max_nonce_len: number;
+  max_sub_len: number;
+  n: number;
+  k: number;
+  tree_height: number;
+  num_audience_limit: number;
+  claims: string[];
+  forbidden_string: string;
+}
+
+export interface Secret {
+  sub: string;
+  iss: string;
+  aud: string;
+}
+
+export interface ProveRequest {
+  pk_path: string;
+  jwts: string[];
+  pk_ops: string[];
+  merkle_paths: string[][];
+  leaf_indices: number[];
+  root: string;
+  anchor: string[];
+  h_sign_user_op: string;
+  random: string;
+  aud_list: string[];
+}
+
+export interface ProveResult {
+  proofs: string[];
+  public_inputs: string[][];
+}
+
+// ──────────────────────────────────────────────────────────────────
+// Supported API
+// ──────────────────────────────────────────────────────────────────
+
+/**
+ * Compute a Poseidon hash of one or more field-element strings (hex or decimal).
+ * Returns the result as a 0x-prefixed hex string.
+ */
+export async function generateHash(messages: string[]): Promise<string> {
+  const result: string = await ZkapSdk.generateHash(
+    JSON.stringify({ messages })
+  );
+  return JSON.parse(result).result as string;
+}
+
+/**
+ * Generate a Poseidon threshold anchor from JWT credential secrets.
+ * Returns anchor polynomial evaluation points as hex strings.
+ */
+export async function generateAnchor(
+  config: CircuitConfig,
+  secrets: Secret[]
+): Promise<{ evaluations: string[] }> {
+  const result: string = await ZkapSdk.generateAnchor(
+    JSON.stringify({ config, secrets })
+  );
+  return JSON.parse(result) as { evaluations: string[] };
+}
+
+/**
+ * Compute per-audience hashes and the combined audience-list hash.
+ */
+export async function generateAudHash(
+  config: CircuitConfig,
+  aud_list: string[]
+): Promise<{ aud_hashes: string[]; h_aud_list: string }> {
+  const result: string = await ZkapSdk.generateAudHash(
+    JSON.stringify({ config, aud_list })
+  );
+  return JSON.parse(result) as { aud_hashes: string[]; h_aud_list: string };
+}
+
+/**
+ * Compute the Merkle leaf hash for an issuer and RSA public-key modulus (base64-encoded).
+ */
+export async function generateLeafHash(
+  config: CircuitConfig,
+  iss: string,
+  pk_b64: string
+): Promise<string> {
+  const result: string = await ZkapSdk.generateLeafHash(
+    JSON.stringify({ config, iss, pk_b64 })
+  );
+  return JSON.parse(result).result as string;
+}
+
+/**
+ * Generate Groth16 proofs (on-device proving).
+ * Requires PK to be downloaded and cached via initProveArtifacts().
+ */
+export async function prove(
+  config: CircuitConfig,
+  request: ProveRequest
+): Promise<ProveResult> {
+  const result: string = await ZkapSdk.prove(
+    JSON.stringify({ config, request })
+  );
+  return JSON.parse(result) as ProveResult;
+}
+
+// ──────────────────────────────────────────────────────────────────
+// Unsupported API — explicit error messages
+// ──────────────────────────────────────────────────────────────────
+
+/**
+ * NOT supported on React Native.
+ * groth16Setup() requires a server environment with large CRS data.
+ * Use @baerae/zkap-zkp (Node.js) for setup.
+ */
+export function groth16Setup(): never {
+  throw new Error(
+    '[zkap/sdk-react-native] groth16Setup() is not supported on mobile. ' +
+    'Use @baerae/zkap-zkp (Node.js) for server-side trusted setup.'
+  );
+}
+
+/**
+ * NOT supported on React Native.
+ * verify() uses a verifying key hardcoded in a smart contract.
+ * Use @baerae/zkap-zkp (Node.js) for server-side verification.
+ */
+export function verify(): never {
+  throw new Error(
+    '[zkap/sdk-react-native] verify() is not supported on mobile. ' +
+    'Use @baerae/zkap-zkp (Node.js) for server-side verification.'
+  );
+}
+
+export { initProveArtifacts } from './artifact-manager';