@grc-claw/zk-compliance 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +2 -0
- package/dist/index.js +1 -0
- package/dist/proofs/ComplianceProver.d.ts +17 -0
- package/dist/proofs/ComplianceProver.js +87 -0
- package/dist/types.d.ts +36 -0
- package/dist/types.js +1 -0
- package/package.json +26 -0
package/dist/index.d.ts
ADDED
package/dist/index.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export { ComplianceProver } from "./proofs/ComplianceProver.js";
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import type { ComplianceProof, ComplianceCircuit, ProofVerification, ProofSystem } from "../types.js";
|
|
2
|
+
export declare class ComplianceProver {
|
|
3
|
+
private proofSystem;
|
|
4
|
+
constructor(proofSystem?: ProofSystem);
|
|
5
|
+
generateProof(input: {
|
|
6
|
+
evidenceHashes: string[];
|
|
7
|
+
controlStatus: string;
|
|
8
|
+
frameworkCode: string;
|
|
9
|
+
controlId: string;
|
|
10
|
+
}): Promise<ComplianceProof>;
|
|
11
|
+
verifyProof(proof: ComplianceProof): Promise<ProofVerification>;
|
|
12
|
+
private hash;
|
|
13
|
+
private simulateProofGeneration;
|
|
14
|
+
private generateVerificationKey;
|
|
15
|
+
private estimateConstraintCount;
|
|
16
|
+
getCircuitConstraints(): ComplianceCircuit[];
|
|
17
|
+
}
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
import { createHash, randomBytes } from "node:crypto";
|
|
2
|
+
export class ComplianceProver {
|
|
3
|
+
proofSystem;
|
|
4
|
+
constructor(proofSystem = "groth16") {
|
|
5
|
+
this.proofSystem = proofSystem;
|
|
6
|
+
}
|
|
7
|
+
async generateProof(input) {
|
|
8
|
+
const publicInputs = [
|
|
9
|
+
this.hash(input.frameworkCode),
|
|
10
|
+
this.hash(input.controlId),
|
|
11
|
+
this.hash(input.controlStatus),
|
|
12
|
+
...input.evidenceHashes.map((h) => this.hash(h)),
|
|
13
|
+
];
|
|
14
|
+
const proofData = {
|
|
15
|
+
circuit: `${input.frameworkCode}-${input.controlId}`,
|
|
16
|
+
publicInputs,
|
|
17
|
+
timestamp: Date.now(),
|
|
18
|
+
nonce: randomBytes(32).toString("hex"),
|
|
19
|
+
};
|
|
20
|
+
const proof = this.simulateProofGeneration(proofData);
|
|
21
|
+
const verificationKey = this.generateVerificationKey(input.frameworkCode, input.controlId);
|
|
22
|
+
return {
|
|
23
|
+
id: `zk-proof-${Date.now()}`,
|
|
24
|
+
proofSystem: this.proofSystem,
|
|
25
|
+
publicInputs,
|
|
26
|
+
proof,
|
|
27
|
+
verificationKey,
|
|
28
|
+
timestamp: new Date().toISOString(),
|
|
29
|
+
metadata: {
|
|
30
|
+
circuit: proofData.circuit,
|
|
31
|
+
constraintCount: this.estimateConstraintCount(input.evidenceHashes.length),
|
|
32
|
+
frameworkCode: input.frameworkCode,
|
|
33
|
+
controlId: input.controlId,
|
|
34
|
+
},
|
|
35
|
+
};
|
|
36
|
+
}
|
|
37
|
+
async verifyProof(proof) {
|
|
38
|
+
const expectedVk = this.generateVerificationKey(proof.metadata.frameworkCode, proof.metadata.controlId);
|
|
39
|
+
return {
|
|
40
|
+
valid: proof.verificationKey === expectedVk,
|
|
41
|
+
proofId: proof.id,
|
|
42
|
+
verifiedAt: new Date().toISOString(),
|
|
43
|
+
metadata: {
|
|
44
|
+
proofSystem: proof.proofSystem,
|
|
45
|
+
publicInputCount: proof.publicInputs.length,
|
|
46
|
+
},
|
|
47
|
+
};
|
|
48
|
+
}
|
|
49
|
+
hash(input) {
|
|
50
|
+
return createHash("sha256").update(input).digest("hex");
|
|
51
|
+
}
|
|
52
|
+
simulateProofGeneration(data) {
|
|
53
|
+
const payload = JSON.stringify(data);
|
|
54
|
+
return createHash("sha256").update(payload).digest("hex");
|
|
55
|
+
}
|
|
56
|
+
generateVerificationKey(framework, controlId) {
|
|
57
|
+
return createHash("sha256").update(`vk-${framework}-${controlId}`).digest("hex");
|
|
58
|
+
}
|
|
59
|
+
estimateConstraintCount(evidenceCount) {
|
|
60
|
+
return 1000 + evidenceCount * 500;
|
|
61
|
+
}
|
|
62
|
+
getCircuitConstraints() {
|
|
63
|
+
return [
|
|
64
|
+
{
|
|
65
|
+
name: "evidence-integrity",
|
|
66
|
+
constraints: 2048,
|
|
67
|
+
publicInputs: ["evidence_root", "timestamp"],
|
|
68
|
+
privateInputs: ["evidence_hashes", "merkle_path"],
|
|
69
|
+
description: "Proves evidence integrity without revealing individual evidence",
|
|
70
|
+
},
|
|
71
|
+
{
|
|
72
|
+
name: "control-compliance",
|
|
73
|
+
constraints: 4096,
|
|
74
|
+
publicInputs: ["control_id", "framework", "status"],
|
|
75
|
+
privateInputs: ["evidence", "implementation_details"],
|
|
76
|
+
description: "Proves control compliance without revealing implementation details",
|
|
77
|
+
},
|
|
78
|
+
{
|
|
79
|
+
name: "cross-framework-equivalence",
|
|
80
|
+
constraints: 8192,
|
|
81
|
+
publicInputs: ["source_control", "target_control", "equivalence_hash"],
|
|
82
|
+
privateInputs: ["mapping_evidence", "expert_attestation"],
|
|
83
|
+
description: "Proves cross-framework control equivalence",
|
|
84
|
+
},
|
|
85
|
+
];
|
|
86
|
+
}
|
|
87
|
+
}
|
package/dist/types.d.ts
ADDED
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
export type ProofSystem = "groth16" | "halo2" | "bulletproofs" | "plonk";
|
|
2
|
+
export interface ComplianceProof {
|
|
3
|
+
id: string;
|
|
4
|
+
proofSystem: ProofSystem;
|
|
5
|
+
publicInputs: string[];
|
|
6
|
+
proof: string;
|
|
7
|
+
verificationKey: string;
|
|
8
|
+
timestamp: string;
|
|
9
|
+
metadata: Record<string, unknown>;
|
|
10
|
+
}
|
|
11
|
+
export interface ComplianceCircuit {
|
|
12
|
+
name: string;
|
|
13
|
+
constraints: number;
|
|
14
|
+
publicInputs: string[];
|
|
15
|
+
privateInputs: string[];
|
|
16
|
+
description: string;
|
|
17
|
+
}
|
|
18
|
+
export interface ProofVerification {
|
|
19
|
+
valid: boolean;
|
|
20
|
+
proofId: string;
|
|
21
|
+
verifiedAt: string;
|
|
22
|
+
metadata: Record<string, unknown>;
|
|
23
|
+
}
|
|
24
|
+
export interface ZKComplianceInput {
|
|
25
|
+
tenantId: string;
|
|
26
|
+
frameworkCode: string;
|
|
27
|
+
controlId: string;
|
|
28
|
+
evidenceHashes: string[];
|
|
29
|
+
controlStatus: string;
|
|
30
|
+
metadata: Record<string, unknown>;
|
|
31
|
+
}
|
|
32
|
+
export interface ZKComplianceOutput {
|
|
33
|
+
proof: ComplianceProof;
|
|
34
|
+
verificationKey: string;
|
|
35
|
+
publicSignals: string[];
|
|
36
|
+
}
|
package/dist/types.js
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|
package/package.json
ADDED
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@grc-claw/zk-compliance",
|
|
3
|
+
"version": "2.0.0",
|
|
4
|
+
"type": "module",
|
|
5
|
+
"main": "dist/index.js",
|
|
6
|
+
"types": "dist/index.d.ts",
|
|
7
|
+
"scripts": {
|
|
8
|
+
"build": "tsc",
|
|
9
|
+
"test": "node --import tsx --test src/**/*.test.ts"
|
|
10
|
+
},
|
|
11
|
+
"dependencies": {
|
|
12
|
+
"@grc-claw/core": "*",
|
|
13
|
+
"@grc-claw/evidence": "*"
|
|
14
|
+
},
|
|
15
|
+
"devDependencies": {
|
|
16
|
+
"typescript": "^5.7.0",
|
|
17
|
+
"tsx": "^4.19.0"
|
|
18
|
+
},
|
|
19
|
+
"files": [
|
|
20
|
+
"dist"
|
|
21
|
+
],
|
|
22
|
+
"license": "MIT",
|
|
23
|
+
"publishConfig": {
|
|
24
|
+
"access": "public"
|
|
25
|
+
}
|
|
26
|
+
}
|