@kynesyslabs/demosdk 2.4.25 → 2.5.0

package/build/d402/server/middleware.js

@@ -0,0 +1,97 @@
+"use strict";
+/**
+ * D402 Express Middleware
+ * Express-compatible middleware for HTTP 402 payment gating
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.d402Required = d402Required;
+const D402Server_1 = require("./D402Server");
+/**
+ * Create Express middleware for D402 payment gating
+ *
+ * @example
+ * ```typescript
+ * app.get('/premium-article',
+ *   d402Required({
+ *     amount: 5000000000000000000, // 5 DEM in smallest unit
+ *     resourceId: 'article-123',
+ *     rpcUrl: 'https://node2.demos.sh',
+ *     recipient: '0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb'
+ *   }),
+ *   (req, res) => {
+ *     res.json({ article: "Premium content" })
+ *   }
+ * )
+ * ```
+ */
+function d402Required(options) {
+    const server = new D402Server_1.D402Server({
+        rpcUrl: options.rpcUrl,
+        cacheTTL: options.cacheTTL
+    });
+    return async (req, res, next) => {
+        try {
+            // Get payment proof from header
+            const paymentProof = req.headers['x-payment-proof'];
+            // Determine recipient address
+            const recipient = options.recipient || req.d402Recipient;
+            if (!recipient) {
+                return res.status(500).json({
+                    error: 'Server misconfiguration: recipient address not provided'
+                });
+            }
+            // If no payment proof, return 402 with requirements
+            if (!paymentProof) {
+                const requirement = {
+                    amount: options.amount,
+                    recipient: recipient,
+                    resourceId: options.resourceId,
+                    description: options.description
+                };
+                const response = server.require(requirement);
+                return res.status(response.status).json(response.body);
+            }
+            // Verify payment
+            const verification = await server.verify(paymentProof);
+            if (!verification.valid) {
+                return res.status(403).json({
+                    error: 'Invalid payment proof'
+                });
+            }
+            // Validate payment matches requirements
+            const requirement = {
+                amount: options.amount,
+                recipient: recipient,
+                resourceId: options.resourceId,
+                description: options.description
+            };
+            const isValid = server.validatePayment(verification, requirement);
+            if (!isValid) {
+                return res.status(403).json({
+                    error: 'Payment does not match requirements',
+                    details: {
+                        expected_recipient: recipient,
+                        expected_amount: options.amount,
+                        expected_resource: `resourceId:${options.resourceId}`
+                    }
+                });
+            }
+            // Attach payment details to request for downstream handlers
+            req.d402Payment = {
+                from: verification.verified_from,
+                to: verification.verified_to,
+                amount: verification.verified_amount,
+                txHash: paymentProof
+            };
+            // Payment valid, proceed
+            next();
+        }
+        catch (error) {
+            console.error('D402 middleware error:', error);
+            return res.status(500).json({
+                error: 'Payment verification failed'
+            });
+        }
+    };
+}
+//# sourceMappingURL=middleware.js.map

package/build/d402/server/middleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../../../src/d402/server/middleware.ts"],"names":[],"mappings":";AAAA;;;GAGG;;AAwDH,oCAiFC;AAvID,6CAAyC;AAoCzC;;;;;;;;;;;;;;;;;GAiBG;AACH,SAAgB,YAAY,CAAC,OAA8B;IACvD,MAAM,MAAM,GAAG,IAAI,uBAAU,CAAC;QAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC7B,CAAC,CAAA;IAEF,OAAO,KAAK,EAAE,GAAQ,EAAE,GAAQ,EAAE,IAAS,EAAE,EAAE;QAC3C,IAAI,CAAC;YACD,gCAAgC;YAChC,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAA;YAEnD,8BAA8B;YAC9B,MAAM,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,GAAG,CAAC,aAAa,CAAA;YAExD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACb,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACxB,KAAK,EAAE,yDAAyD;iBACnE,CAAC,CAAA;YACN,CAAC;YAED,oDAAoD;YACpD,IAAI,CAAC,YAAY,EAAE,CAAC;gBAChB,MAAM,WAAW,GAA2B;oBACxC,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,SAAS,EAAE,SAAS;oBACpB,UAAU,EAAE,OAAO,CAAC,UAAU;oBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;iBACnC,CAAA;gBAED,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAA;gBAC5C,OAAO,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAA;YAC1D,CAAC;YAED,iBAAiB;YACjB,MAAM,YAAY,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAA;YAEtD,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,CAAC;gBACtB,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACxB,KAAK,EAAE,uBAAuB;iBACjC,CAAC,CAAA;YACN,CAAC;YAED,wCAAwC;YACxC,MAAM,WAAW,GAA2B;gBACxC,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,SAAS,EAAE,SAAS;gBACpB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,WAAW,EAAE,OAAO,CAAC,WAAW;aACnC,CAAA;YAED,MAAM,OAAO,GAAG,MAAM,CAAC,eAAe,CAAC,YAAY,EAAE,WAAW,CAAC,CAAA;YAEjE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACxB,KAAK,EAAE,qCAAqC;oBAC5C,OAAO,EAAE;wBACL,kBAAkB,EAAE,SAAS;wBAC7B,eAAe,EAAE,OAAO,CAAC,MAAM;wBAC/B,iBAAiB,EAAE,cAAc,OAAO,CAAC,UAAU,EAAE;qBACxD;iBACJ,CAAC,CAAA;YACN,CAAC;YAED,4DAA4D;YAC5D,GAAG,CAAC,WAAW,GAAG;gBACd,IAAI,EAAE,YAAY,CAAC,aAAa;gBAChC,EAAE,EAAE,YAAY,CAAC,WAAW;gBAC5B,MAAM,EAAE,YAAY,CAAC,eAAe;gBACpC,MAAM,EAAE,YAAY;aACvB,CAAA;YAED,yBAAyB;YACzB,IAAI,EAAE,CAAA;QAEV,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAA;YAC9C,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACxB,KAAK,EAAE,6BAA6B;aACvC,CAAC,CAAA;QACN,CAAC;IACL,CAAC,CAAA;AACL,CAAC"}

package/build/d402/server/types.d.ts

@@ -0,0 +1,49 @@
+/**
+ * D402 Server Types
+ * Server-side types for HTTP 402 payment protocol implementation
+ */
+/**
+ * Payment requirements sent in 402 response
+ */
+export interface D402PaymentRequirement {
+    /** Payment amount in smallest unit */
+    amount: number;
+    /** Merchant/recipient address */
+    recipient: string;
+    /** Resource identifier (used in memo validation) */
+    resourceId: string;
+    /** Optional payment description */
+    description?: string;
+}
+/**
+ * Payment verification result from RPC
+ */
+export interface D402VerificationResult {
+    valid: boolean;
+    verified_from?: string;
+    verified_to?: string;
+    verified_amount?: number;
+    verified_memo?: string;
+    timestamp: number;
+}
+/**
+ * D402Server configuration options
+ */
+export interface D402ServerConfig {
+    /** Demos Network RPC URL */
+    rpcUrl: string;
+    /** Payment cache TTL in seconds (default: 300 = 5 minutes) */
+    cacheTTL?: number;
+}
+/**
+ * Cached payment data
+ */
+export interface CachedPayment {
+    txHash: string;
+    from: string;
+    to: string;
+    amount: number;
+    memo: string;
+    timestamp: number;
+    expiresAt: number;
+}

package/build/d402/server/types.js

@@ -0,0 +1,7 @@
+"use strict";
+/**
+ * D402 Server Types
+ * Server-side types for HTTP 402 payment protocol implementation
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/build/d402/server/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/d402/server/types.ts"],"names":[],"mappings":";AAAA;;;GAGG"}

package/build/encryption/zK/identity/CommitmentService.d.ts

@@ -0,0 +1,48 @@
+/**
+ * CommitmentService - Generate identity commitments and nullifiers
+ *
+ * REVIEW: Phase 9 - SDK Integration
+ *
+ * Provides methods for generating cryptographic commitments and nullifiers
+ * for the ZK identity system using Poseidon hash.
+ */
+/**
+ * Generate a Poseidon hash commitment from provider ID and secret
+ *
+ * @param providerId - Provider identifier (e.g., "github:12345")
+ * @param secret - User's secret value (generated client-side)
+ * @returns Commitment hash as string
+ *
+ * @example
+ * ```typescript
+ * const commitment = CommitmentService.generateCommitment("github:12345", "secret123")
+ * // commitment: "1234567890..."
+ * ```
+ */
+export declare function generateCommitment(providerId: string, secret: string): string;
+/**
+ * Generate a nullifier from provider ID and context
+ *
+ * @param providerId - Provider identifier (e.g., "github:12345")
+ * @param context - Context string (e.g., "dao_vote_123")
+ * @returns Nullifier hash as string
+ *
+ * @example
+ * ```typescript
+ * const nullifier = CommitmentService.generateNullifier("github:12345", "dao_vote_123")
+ * // nullifier: "9876543210..."
+ * ```
+ */
+export declare function generateNullifier(providerId: string, context: string): string;
+/**
+ * Generate a cryptographically secure random secret
+ *
+ * @returns Random secret as hex string
+ *
+ * @example
+ * ```typescript
+ * const secret = CommitmentService.generateSecret()
+ * // secret: "a1b2c3d4e5f6..."
+ * ```
+ */
+export declare function generateSecret(): string;

package/build/encryption/zK/identity/CommitmentService.js

@@ -0,0 +1,120 @@
+"use strict";
+/**
+ * CommitmentService - Generate identity commitments and nullifiers
+ *
+ * REVIEW: Phase 9 - SDK Integration
+ *
+ * Provides methods for generating cryptographic commitments and nullifiers
+ * for the ZK identity system using Poseidon hash.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateCommitment = generateCommitment;
+exports.generateNullifier = generateNullifier;
+exports.generateSecret = generateSecret;
+/**
+ * Generate a Poseidon hash commitment from provider ID and secret
+ *
+ * @param providerId - Provider identifier (e.g., "github:12345")
+ * @param secret - User's secret value (generated client-side)
+ * @returns Commitment hash as string
+ *
+ * @example
+ * ```typescript
+ * const commitment = CommitmentService.generateCommitment("github:12345", "secret123")
+ * // commitment: "1234567890..."
+ * ```
+ */
+function generateCommitment(providerId, secret) {
+    // Convert strings to BigInt for Poseidon hashing
+    const providerHash = stringToBigInt(providerId);
+    const secretHash = stringToBigInt(secret);
+    // Use Poseidon hash (ZK-friendly)
+    // NOTE: This will be implemented using poseidon-lite or browser-compatible alternative
+    // For now, using a placeholder that will be replaced with actual Poseidon implementation
+    const commitment = poseidonHash([providerHash, secretHash]);
+    return commitment.toString();
+}
+/**
+ * Generate a nullifier from provider ID and context
+ *
+ * @param providerId - Provider identifier (e.g., "github:12345")
+ * @param context - Context string (e.g., "dao_vote_123")
+ * @returns Nullifier hash as string
+ *
+ * @example
+ * ```typescript
+ * const nullifier = CommitmentService.generateNullifier("github:12345", "dao_vote_123")
+ * // nullifier: "9876543210..."
+ * ```
+ */
+function generateNullifier(providerId, context) {
+    const providerHash = stringToBigInt(providerId);
+    const contextHash = stringToBigInt(context);
+    const nullifier = poseidonHash([providerHash, contextHash]);
+    return nullifier.toString();
+}
+/**
+ * Generate a cryptographically secure random secret
+ *
+ * @returns Random secret as hex string
+ *
+ * @example
+ * ```typescript
+ * const secret = CommitmentService.generateSecret()
+ * // secret: "a1b2c3d4e5f6..."
+ * ```
+ */
+function generateSecret() {
+    // Use Web Crypto API for secure random generation
+    if (typeof window !== 'undefined' && window.crypto) {
+        const array = new Uint8Array(32);
+        window.crypto.getRandomValues(array);
+        return uint8ArrayToHex(array);
+    }
+    // Node.js environment
+    if (typeof require !== 'undefined') {
+        const crypto = require('crypto');
+        return crypto.randomBytes(32).toString('hex');
+    }
+    throw new Error('No secure random number generator available');
+}
+// ============================================================================
+// Helper Functions
+// ============================================================================
+/**
+ * Convert string to BigInt using simple hashing
+ * NOTE: For production, should use more robust hashing
+ */
+function stringToBigInt(str) {
+    // Simple conversion: encode to UTF-8 bytes then to hex
+    const encoder = new TextEncoder();
+    const bytes = encoder.encode(str);
+    const hex = uint8ArrayToHex(bytes);
+    return BigInt('0x' + hex);
+}
+/**
+ * Convert Uint8Array to hex string
+ */
+function uint8ArrayToHex(array) {
+    return Array.from(array)
+        .map(b => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+/**
+ * Poseidon hash implementation
+ *
+ * TODO: Replace with actual poseidon-lite or circomlibjs implementation
+ * This is a placeholder for testing purposes
+ */
+function poseidonHash(inputs) {
+    // TEMPORARY: Simple XOR-based hash for testing
+    // MUST be replaced with real Poseidon hash from poseidon-lite
+    console.warn('WARNING: Using placeholder hash - replace with real Poseidon');
+    let result = BigInt(0);
+    for (const input of inputs) {
+        result ^= input;
+    }
+    // Ensure positive result
+    return result > 0 ? result : -result;
+}
+//# sourceMappingURL=CommitmentService.js.map

package/build/encryption/zK/identity/CommitmentService.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CommitmentService.js","sourceRoot":"","sources":["../../../../../src/encryption/zK/identity/CommitmentService.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AAeH,gDAWC;AAeD,8CAOC;AAaD,wCAeC;AA1ED;;;;;;;;;;;;GAYG;AACH,SAAgB,kBAAkB,CAAC,UAAkB,EAAE,MAAc;IACjE,iDAAiD;IACjD,MAAM,YAAY,GAAG,cAAc,CAAC,UAAU,CAAC,CAAA;IAC/C,MAAM,UAAU,GAAG,cAAc,CAAC,MAAM,CAAC,CAAA;IAEzC,kCAAkC;IAClC,uFAAuF;IACvF,yFAAyF;IACzF,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC,CAAA;IAE3D,OAAO,UAAU,CAAC,QAAQ,EAAE,CAAA;AAChC,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAgB,iBAAiB,CAAC,UAAkB,EAAE,OAAe;IACjE,MAAM,YAAY,GAAG,cAAc,CAAC,UAAU,CAAC,CAAA;IAC/C,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;IAE3C,MAAM,SAAS,GAAG,YAAY,CAAC,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC,CAAA;IAE3D,OAAO,SAAS,CAAC,QAAQ,EAAE,CAAA;AAC/B,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAgB,cAAc;IAC1B,kDAAkD;IAClD,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;QACjD,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAA;QAChC,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAA;QACpC,OAAO,eAAe,CAAC,KAAK,CAAC,CAAA;IACjC,CAAC;IAED,sBAAsB;IACtB,IAAI,OAAO,OAAO,KAAK,WAAW,EAAE,CAAC;QACjC,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA;QAChC,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;IACjD,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAA;AAClE,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;;GAGG;AACH,SAAS,cAAc,CAAC,GAAW;IAC/B,uDAAuD;IACvD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,GAAG,GAAG,eAAe,CAAC,KAAK,CAAC,CAAA;IAClC,OAAO,MAAM,CAAC,IAAI,GAAG,GAAG,CAAC,CAAA;AAC7B,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,KAAiB;IACtC,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SACnB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SACzC,IAAI,CAAC,EAAE,CAAC,CAAA;AACjB,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY,CAAC,MAAgB;IAClC,+CAA+C;IAC/C,8DAA8D;IAC9D,OAAO,CAAC,IAAI,CAAC,8DAA8D,CAAC,CAAA;IAE5E,IAAI,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAA;IACtB,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAA;IACnB,CAAC;IAED,yBAAyB;IACzB,OAAO,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAA;AACxC,CAAC"}

package/build/encryption/zK/identity/ProofGenerator.d.ts

@@ -0,0 +1,57 @@
+/**
+ * ProofGenerator - Client-side ZK-SNARK proof generation
+ *
+ * REVIEW: Phase 9 - SDK Integration
+ *
+ * Generates Groth16 ZK-SNARK proofs for identity attestations using snarkjs.
+ * Requires the circuit's proving key (WASM) and witness calculator.
+ */
+export interface ZKProof {
+    pi_a: string[];
+    pi_b: string[][];
+    pi_c: string[];
+    protocol: string;
+}
+export interface ProofGenerationResult {
+    proof: ZKProof;
+    publicSignals: string[];
+}
+export interface MerkleProof {
+    siblings: string[][];
+    pathIndices: number[];
+    root: string;
+    leaf: string;
+}
+/**
+ * Generate a ZK-SNARK proof for identity attestation
+ *
+ * @param providerId - Provider identifier (e.g., "github:12345")
+ * @param secret - User's secret value
+ * @param context - Context string for this attestation
+ * @param merkleProof - Merkle proof from node RPC
+ * @param merkleRoot - Current Merkle root from node RPC
+ * @returns Proof and public signals
+ *
+ * @example
+ * ```typescript
+ * const result = await ProofGenerator.generateIdentityProof(
+ *     "github:12345",
+ *     "secret123",
+ *     "dao_vote_123",
+ *     merkleProof,
+ *     merkleRoot
+ * )
+ * // result: { proof: {...}, publicSignals: [nullifier, merkleRoot, context] }
+ * ```
+ */
+export declare function generateIdentityProof(providerId: string, secret: string, context: string, merkleProof: MerkleProof, merkleRoot: string): Promise<ProofGenerationResult>;
+/**
+ * Verify a proof locally (optional - mainly for testing)
+ *
+ * @param proof - The proof to verify
+ * @param publicSignals - Public signals for the proof
+ * @returns True if proof is valid
+ *
+ * NOTE: Node RPC will do the actual verification, this is mainly for debugging
+ */
+export declare function verifyProof(proof: ZKProof, publicSignals: string[]): Promise<boolean>;

package/build/encryption/zK/identity/ProofGenerator.js

@@ -0,0 +1,151 @@
+"use strict";
+/**
+ * ProofGenerator - Client-side ZK-SNARK proof generation
+ *
+ * REVIEW: Phase 9 - SDK Integration
+ *
+ * Generates Groth16 ZK-SNARK proofs for identity attestations using snarkjs.
+ * Requires the circuit's proving key (WASM) and witness calculator.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateIdentityProof = generateIdentityProof;
+exports.verifyProof = verifyProof;
+/**
+ * Generate a ZK-SNARK proof for identity attestation
+ *
+ * @param providerId - Provider identifier (e.g., "github:12345")
+ * @param secret - User's secret value
+ * @param context - Context string for this attestation
+ * @param merkleProof - Merkle proof from node RPC
+ * @param merkleRoot - Current Merkle root from node RPC
+ * @returns Proof and public signals
+ *
+ * @example
+ * ```typescript
+ * const result = await ProofGenerator.generateIdentityProof(
+ *     "github:12345",
+ *     "secret123",
+ *     "dao_vote_123",
+ *     merkleProof,
+ *     merkleRoot
+ * )
+ * // result: { proof: {...}, publicSignals: [nullifier, merkleRoot, context] }
+ * ```
+ */
+async function generateIdentityProof(providerId, secret, context, merkleProof, merkleRoot) {
+    // Convert inputs to BigInt/field elements
+    const providerIdBigInt = stringToBigInt(providerId);
+    const secretBigInt = stringToBigInt(secret);
+    const contextBigInt = stringToBigInt(context);
+    // Prepare circuit inputs
+    const circuitInputs = {
+        // Private inputs
+        provider_id: providerIdBigInt.toString(),
+        secret: secretBigInt.toString(),
+        pathElements: merkleProof.siblings.map(s => s.map(v => v.toString())),
+        pathIndices: merkleProof.pathIndices,
+        // Public inputs
+        context: contextBigInt.toString(),
+        merkle_root: merkleRoot,
+    };
+    // TODO: Load proving key (WASM) from CDN or local storage
+    // const wasmPath = '/zk/identity_with_merkle.wasm'
+    // const zkeyPath = '/zk/proving_key_merkle.zkey'
+    // TODO: Generate witness using snarkjs
+    // const { proof, publicSignals } = await snarkjs.groth16.fullProve(
+    //     circuitInputs,
+    //     wasmPath,
+    //     zkeyPath
+    // )
+    // TEMPORARY: Return mock proof for testing
+    console.warn('WARNING: ProofGenerator not yet implemented - using mock proof');
+    const mockProof = {
+        pi_a: ['1', '2', '1'],
+        pi_b: [
+            ['1', '2'],
+            ['3', '4'],
+            ['1', '0'],
+        ],
+        pi_c: ['1', '2', '1'],
+        protocol: 'groth16',
+    };
+    const mockPublicSignals = [
+        computeNullifier(providerId, context),
+        merkleRoot,
+        contextBigInt.toString(),
+    ];
+    return {
+        proof: mockProof,
+        publicSignals: mockPublicSignals,
+    };
+}
+/**
+ * Verify a proof locally (optional - mainly for testing)
+ *
+ * @param proof - The proof to verify
+ * @param publicSignals - Public signals for the proof
+ * @returns True if proof is valid
+ *
+ * NOTE: Node RPC will do the actual verification, this is mainly for debugging
+ */
+async function verifyProof(proof, publicSignals) {
+    // TODO: Load verification key
+    // const vkey = await loadVerificationKey()
+    // TODO: Verify using snarkjs
+    // return await snarkjs.groth16.verify(vkey, publicSignals, proof)
+    console.warn('WARNING: Local proof verification not yet implemented');
+    return true;
+}
+// ============================================================================
+// Helper Functions
+// ============================================================================
+/**
+ * Compute nullifier from provider ID and context
+ * (Same logic as CommitmentService.generateNullifier)
+ */
+function computeNullifier(providerId, context) {
+    const providerHash = stringToBigInt(providerId);
+    const contextHash = stringToBigInt(context);
+    // TODO: Use real Poseidon hash
+    const nullifier = providerHash ^ contextHash;
+    return (nullifier > BigInt(0) ? nullifier : -nullifier).toString();
+}
+/**
+ * Convert string to BigInt using simple hashing
+ */
+function stringToBigInt(str) {
+    const encoder = new TextEncoder();
+    const bytes = encoder.encode(str);
+    const hex = Array.from(bytes)
+        .map(b => b.toString(16).padStart(2, '0'))
+        .join('');
+    return BigInt('0x' + hex);
+}
+/**
+ * Load circuit WASM file
+ *
+ * TODO: Implement loading from CDN or local storage
+ */
+async function loadCircuitWasm(url) {
+    const response = await fetch(url);
+    return await response.arrayBuffer();
+}
+/**
+ * Load proving key
+ *
+ * TODO: Implement loading from CDN or local storage
+ */
+async function loadProvingKey(url) {
+    const response = await fetch(url);
+    return await response.arrayBuffer();
+}
+/**
+ * Load verification key for local verification
+ *
+ * TODO: Implement loading verification key
+ */
+async function loadVerificationKey() {
+    // Load from CDN or local storage
+    throw new Error('Not implemented');
+}
+//# sourceMappingURL=ProofGenerator.js.map

package/build/encryption/zK/identity/ProofGenerator.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ProofGenerator.js","sourceRoot":"","sources":["../../../../../src/encryption/zK/identity/ProofGenerator.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;AA2CH,sDA2DC;AAWD,kCAYC;AAxGD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACI,KAAK,UAAU,qBAAqB,CACvC,UAAkB,EAClB,MAAc,EACd,OAAe,EACf,WAAwB,EACxB,UAAkB;IAElB,0CAA0C;IAC1C,MAAM,gBAAgB,GAAG,cAAc,CAAC,UAAU,CAAC,CAAA;IACnD,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,CAAA;IAC3C,MAAM,aAAa,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;IAE7C,yBAAyB;IACzB,MAAM,aAAa,GAAG;QAClB,iBAAiB;QACjB,WAAW,EAAE,gBAAgB,CAAC,QAAQ,EAAE;QACxC,MAAM,EAAE,YAAY,CAAC,QAAQ,EAAE;QAC/B,YAAY,EAAE,WAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QACrE,WAAW,EAAE,WAAW,CAAC,WAAW;QAEpC,gBAAgB;QAChB,OAAO,EAAE,aAAa,CAAC,QAAQ,EAAE;QACjC,WAAW,EAAE,UAAU;KAC1B,CAAA;IAED,0DAA0D;IAC1D,mDAAmD;IACnD,iDAAiD;IAEjD,uCAAuC;IACvC,oEAAoE;IACpE,qBAAqB;IACrB,gBAAgB;IAChB,eAAe;IACf,IAAI;IAEJ,2CAA2C;IAC3C,OAAO,CAAC,IAAI,CAAC,gEAAgE,CAAC,CAAA;IAC9E,MAAM,SAAS,GAAY;QACvB,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;QACrB,IAAI,EAAE;YACF,CAAC,GAAG,EAAE,GAAG,CAAC;YACV,CAAC,GAAG,EAAE,GAAG,CAAC;YACV,CAAC,GAAG,EAAE,GAAG,CAAC;SACb;QACD,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;QACrB,QAAQ,EAAE,SAAS;KACtB,CAAA;IAED,MAAM,iBAAiB,GAAG;QACtB,gBAAgB,CAAC,UAAU,EAAE,OAAO,CAAC;QACrC,UAAU;QACV,aAAa,CAAC,QAAQ,EAAE;KAC3B,CAAA;IAED,OAAO;QACH,KAAK,EAAE,SAAS;QAChB,aAAa,EAAE,iBAAiB;KACnC,CAAA;AACL,CAAC;AAED;;;;;;;;GAQG;AACI,KAAK,UAAU,WAAW,CAC7B,KAAc,EACd,aAAuB;IAEvB,8BAA8B;IAC9B,2CAA2C;IAE3C,6BAA6B;IAC7B,kEAAkE;IAElE,OAAO,CAAC,IAAI,CAAC,uDAAuD,CAAC,CAAA;IACrE,OAAO,IAAI,CAAA;AACf,CAAC;AAED,+EAA+E;AAC/E,mBAAmB;AACnB,+EAA+E;AAE/E;;;GAGG;AACH,SAAS,gBAAgB,CAAC,UAAkB,EAAE,OAAe;IACzD,MAAM,YAAY,GAAG,cAAc,CAAC,UAAU,CAAC,CAAA;IAC/C,MAAM,WAAW,GAAG,cAAc,CAAC,OAAO,CAAC,CAAA;IAE3C,+BAA+B;IAC/B,MAAM,SAAS,GAAG,YAAY,GAAG,WAAW,CAAA;IAE5C,OAAO,CAAC,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,QAAQ,EAAE,CAAA;AACtE,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,GAAW;IAC/B,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IACjC,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC;SACxB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SACzC,IAAI,CAAC,EAAE,CAAC,CAAA;IACb,OAAO,MAAM,CAAC,IAAI,GAAG,GAAG,CAAC,CAAA;AAC7B,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,eAAe,CAAC,GAAW;IACtC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAA;IACjC,OAAO,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAA;AACvC,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,cAAc,CAAC,GAAW;IACrC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAA;IACjC,OAAO,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAA;AACvC,CAAC;AAED;;;;GAIG;AACH,KAAK,UAAU,mBAAmB;IAC9B,iCAAiC;IACjC,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAA;AACtC,CAAC"}