@worldcoin/idkit-core 2.0.2 → 4.0.1-dev.123c6a8

package/wasm/idkit_wasm.d.ts

@@ -0,0 +1,523 @@
+/* tslint:disable */
+/* eslint-disable */
+/**
+ * Hashes a signal string using Keccak256
+ */
+export function hashSignal(signal: string): string;
+/**
+ * Hashes raw bytes using Keccak256
+ */
+export function hashSignalBytes(bytes: Uint8Array): string;
+/**
+ * Entry point for creating `IDKit` requests (WASM)
+ *
+ * # Arguments
+ * * `app_id` - Application ID from the Developer Portal
+ * * `action` - Action identifier
+ * * `rp_context` - RP context for building protocol-level `ProofRequest`
+ * * `action_description` - Optional action description shown to users
+ * * `bridge_url` - Optional bridge URL (defaults to production)
+ */
+export function request(app_id: string, action: string, rp_context: RpContextWasm, action_description?: string | null, bridge_url?: string | null): IDKitRequestBuilderWasm;
+/**
+ * Creates an `OrbLegacy` preset for World ID 3.0 legacy support
+ *
+ * Returns a preset object that can be passed to `request().preset()`.
+ *
+ * # Arguments
+ * * `signal` - Optional signal string
+ *
+ * # Errors
+ *
+ * Returns an error if serialization fails
+ */
+export function orbLegacy(signal?: string | null): any;
+/**
+ * Initialize the WASM module.
+ * This sets up panic hooks for better error messages in the browser console.
+ * Safe to call multiple times - initialization only happens once.
+ */
+export function init_wasm(): void;
+/**
+ * Encodes data to base64
+ */
+export function base64Encode(data: Uint8Array): string;
+/**
+ * Decodes base64 data
+ *
+ * # Errors
+ *
+ * Returns an error if decoding fails
+ */
+export function base64Decode(data: string): Uint8Array;
+/**
+ * Signs an RP request for World ID proof verification
+ *
+ * **Backend-only**: This function should only be used in server-side environments.
+ * Never expose your signing key to client-side code.
+ *
+ * This function generates a cryptographic signature that RPs use to authenticate
+ * proof requests. It:
+ * 1. Generates a random nonce
+ * 2. Gets the current timestamp
+ * 3. Computes: keccak256(nonce || action || timestamp || `expires_at`)
+ * 4. Signs the hash with ECDSA secp256k1
+ *
+ * # Arguments
+ * * `action` - The action identifier string (e.g., "verify-human")
+ * * `signing_key_hex` - The ECDSA private key as hex (0x-prefixed or not, 32 bytes)
+ * * `ttl_seconds` - Optional time-to-live in seconds (defaults to 300 = 5 minutes)
+ *
+ * # Returns
+ * An `RpSignature` object containing the signature, nonce, and timestamps
+ * to be passed as `rp_context` in the proof request
+ *
+ * # Errors
+ * Returns an error if:
+ * - The signing key is invalid hex or wrong length
+ * - Random generation fails
+ * - Signing fails
+ *
+ * # Example
+ * ```javascript
+ * import { signRequest } from '@worldcoin/idkit-core'
+ *
+ * const signingKey = process.env.RP_SIGNING_KEY // Load from secure env var
+ * const signature = signRequest('my-action', signingKey) // default 5 min TTL
+ * const customTtl = signRequest('my-action', signingKey, 600) // 10 min TTL
+ * console.log(signature.sig, signature.nonce, signature.createdAt, signature.expiresAt)
+ * ```
+ */
+export function signRequest(action: string, signing_key_hex: string, ttl_seconds?: bigint | null): RpSignature;
+
+/** V4 response item (protocol version 4.0 / World ID v4) */
+export interface ResponseItemV4 {
+    /** Credential identifier */
+    identifier: CredentialType;
+    /** Compressed Groth16 proof (hex) */
+    proof: string;
+    /** RP-scoped nullifier (hex) */
+    nullifier: string;
+    /** Authenticator merkle root (hex) */
+    merkle_root: string;
+    /** Unix timestamp when proof was generated */
+    proof_timestamp: number;
+    /** Credential issuer schema ID (hex) */
+    issuer_schema_id: string;
+}
+
+/** V3 response item (protocol version 3.0 / World ID v3 - legacy format) */
+export interface ResponseItemV3 {
+    /** Credential identifier */
+    identifier: CredentialType;
+    /** ABI-encoded proof (hex) */
+    proof: string;
+    /** Merkle root (hex) */
+    merkle_root: string;
+    /** Nullifier hash (hex) */
+    nullifier_hash: string;
+}
+
+/**
+ * A single credential response item - unified type for both bridge and SDK.
+ * Type narrowing: use 'proof_timestamp' in item for V4, 'nullifier_hash' in item for V3.
+ */
+export type ResponseItem = ResponseItemV4 | ResponseItemV3;
+
+/** V3 result (legacy format - no session support) */
+export interface IDKitResultV3 {
+    /** Protocol version 3.0 */
+    protocol_version: "3.0";
+    /** Array of V3 credential responses */
+    responses: ResponseItemV3[];
+}
+
+/** V4 result (current format - supports sessions) */
+export interface IDKitResultV4 {
+    /** Protocol version 4.0 */
+    protocol_version: "4.0";
+    /** Session ID (for session proofs) */
+    session_id?: string;
+    /** Array of V4 credential responses */
+    responses: ResponseItemV4[];
+}
+
+/** The unified response structure - discriminated union by protocol_version */
+export type IDKitResult = IDKitResultV3 | IDKitResultV4;
+
+/** Status returned from pollForStatus() */
+export type Status =
+    | { type: "waiting_for_connection" }
+    | { type: "awaiting_confirmation" }
+    | { type: "confirmed"; result: IDKitResult }
+    | { type: "failed"; error: string };
+
+
+
+export type CredentialType = "orb" | "face" | "secure_document" | "document" | "device";
+
+export interface CredentialRequestType {
+    type: CredentialType;
+    signal?: string;
+    genesis_issued_at_min?: number;
+}
+
+export type ConstraintNode =
+    | CredentialRequestType
+    | { any: ConstraintNode[] }
+    | { all: ConstraintNode[] };
+
+
+
+export interface OrbLegacyPreset {
+    type: "OrbLegacy";
+    data: { signal?: string };
+}
+
+export type Preset = OrbLegacyPreset;
+
+export function orbLegacy(signal?: string): Preset;
+
+
+
+export interface RpSignature {
+    sig: string;
+    nonce: string;
+    createdAt: number;
+    expiresAt: number;
+    toJSON(): { sig: string; nonce: string; createdAt: number; expiresAt: number };
+}
+
+export function signRequest(action: string, signingKeyHex: string, ttlSeconds?: number): RpSignature;
+
+
+/**
+ * Bridge encryption for secure communication between client and bridge
+ */
+export class BridgeEncryption {
+  free(): void;
+  [Symbol.dispose](): void;
+  /**
+   * Returns the key as a base64-encoded string
+   */
+  keyBase64(): string;
+  /**
+   * Returns the nonce as a base64-encoded string
+   */
+  nonceBase64(): string;
+  /**
+   * Creates a new `BridgeEncryption` instance with randomly generated key and nonce
+   *
+   * # Errors
+   *
+   * Returns an error if key generation fails
+   */
+  constructor();
+  /**
+   * Decrypts a base64-encoded ciphertext using AES-256-GCM
+   *
+   * # Errors
+   *
+   * Returns an error if decryption fails or the output is not valid UTF-8
+   */
+  decrypt(ciphertext_base64: string): string;
+  /**
+   * Encrypts a plaintext string using AES-256-GCM and returns base64
+   *
+   * # Errors
+   *
+   * Returns an error if encryption fails
+   */
+  encrypt(plaintext: string): string;
+}
+/**
+ * WASM wrapper for `CredentialRequest`
+ */
+export class CredentialRequestWasm {
+  free(): void;
+  [Symbol.dispose](): void;
+  /**
+   * Creates a new request item with ABI-encoded bytes for the signal
+   *
+   * # Errors
+   *
+   * Returns an error if the credential type is invalid
+   */
+  static withBytes(credential_type: any, signal_bytes: Uint8Array): CredentialRequestWasm;
+  /**
+   * Gets the credential type
+   */
+  credentialType(): any;
+  /**
+   * Gets the signal as raw bytes
+   */
+  getSignalBytes(): Uint8Array | undefined;
+  /**
+   * Creates a new request item with genesis minimum timestamp
+   *
+   * # Errors
+   *
+   * Returns an error if the credential type is invalid
+   */
+  static withGenesisMin(credential_type: any, signal: string | null | undefined, genesis_min: bigint): CredentialRequestWasm;
+  /**
+   * Creates a new request item
+   *
+   * # Arguments
+   * * `credential_type` - The type of credential to request (e.g., "orb", "face")
+   * * `signal` - Optional signal string
+   *
+   * # Errors
+   *
+   * Returns an error if the credential type is invalid
+   */
+  constructor(credential_type: any, signal?: string | null);
+  /**
+   * Converts the request item to JSON
+   *
+   * # Errors
+   *
+   * Returns an error if serialization fails
+   */
+  toJSON(): any;
+}
+/**
+ * WASM wrapper for `BridgeResponseV1` (legacy proof format)
+ */
+export class IDKitProof {
+  free(): void;
+  [Symbol.dispose](): void;
+  /**
+   * Creates a new legacy proof (protocol v1 / World ID v3)
+   *
+   * # Errors
+   *
+   * Returns an error if the verification level cannot be deserialized
+   */
+  constructor(proof: string, merkle_root: string, nullifier_hash: string, verification_level: any);
+  /**
+   * Converts the proof to JSON
+   *
+   * # Errors
+   *
+   * Returns an error if serialization fails
+   */
+  toJSON(): any;
+}
+/**
+ * World ID verification request
+ *
+ * Manages the verification flow with World App via the bridge.
+ */
+export class IDKitRequest {
+  private constructor();
+  free(): void;
+  [Symbol.dispose](): void;
+  /**
+   * Returns the request ID for this request
+   *
+   * # Errors
+   *
+   * Returns an error if the request has been closed
+   */
+  requestId(): string;
+  /**
+   * Returns the connect URL for World App
+   *
+   * This URL should be displayed as a QR code for users to scan with World App.
+   *
+   * # Errors
+   *
+   * Returns an error if the request has been closed
+   */
+  connectUrl(): string;
+  /**
+   * Polls the bridge for the current status (non-blocking)
+   *
+   * Returns a status object with type:
+   * - `"waiting_for_connection"` - Waiting for World App to retrieve the request
+   * - `"awaiting_confirmation"` - World App has retrieved the request, waiting for user
+   * - `"confirmed"` - User confirmed and provided a proof
+   * - `"failed"` - Request has failed
+   *
+   * # Errors
+   *
+   * Returns an error if the request fails or the response is invalid
+   */
+  pollForStatus(): Promise<any>;
+}
+/**
+ * Builder for creating `IDKit` requests (WASM)
+ */
+export class IDKitRequestBuilderWasm {
+  free(): void;
+  [Symbol.dispose](): void;
+  /**
+   * Creates an `IDKit` request with the given constraints
+   *
+   * # Arguments
+   * * `constraints_json` - Constraint tree as JSON (`CredentialRequest` or `{any: []}` or `{all: []}`)
+   *
+   * # Errors
+   *
+   * Returns an error if the request cannot be created
+   */
+  constraints(constraints_json: any): Promise<any>;
+  /**
+   * Creates a new `IDKitRequestBuilder`
+   *
+   * # Arguments
+   * * `app_id` - Application ID from the Developer Portal
+   * * `action` - Action identifier
+   * * `rp_context` - RP context for building protocol-level `ProofRequest`
+   * * `action_description` - Optional action description shown to users
+   * * `bridge_url` - Optional bridge URL (defaults to production)
+   */
+  constructor(app_id: string, action: string, rp_context: RpContextWasm, action_description?: string | null, bridge_url?: string | null);
+  /**
+   * Creates an `IDKit` request from a preset
+   *
+   * Presets provide a simplified way to create requests with predefined
+   * credential configurations. The preset is converted to both World ID 4.0
+   * constraints and World ID 3.0 legacy fields for backward compatibility.
+   *
+   * # Arguments
+   * * `preset_json` - Preset object from `orbLegacy()`
+   *
+   * # Errors
+   *
+   * Returns an error if the request cannot be created
+   */
+  preset(preset_json: any): Promise<any>;
+}
+/**
+ * RP Context for protocol-level proof requests (WASM binding)
+ *
+ * Contains RP-specific data needed to construct a `ProofRequest`.
+ */
+export class RpContextWasm {
+  free(): void;
+  [Symbol.dispose](): void;
+  /**
+   * Creates a new RP context
+   *
+   * # Arguments
+   * * `rp_id` - The registered RP ID (e.g., `"rp_123456789abcdef0"`)
+   * * `nonce` - Unique nonce for this proof request
+   * * `created_at` - Unix timestamp (seconds since epoch) when created
+   * * `expires_at` - Unix timestamp (seconds since epoch) when expires
+   * * `signature` - The RP's ECDSA signature of the `nonce` and `created_at` timestamp
+   *
+   * # Errors
+   *
+   * Returns an error if `rp_id` is not a valid RP ID (must start with `rp_`)
+   */
+  constructor(rp_id: string, nonce: string, created_at: bigint, expires_at: bigint, signature: string);
+}
+export class RpSignature {
+  private constructor();
+  free(): void;
+  [Symbol.dispose](): void;
+  /**
+   * Converts to JSON
+   *
+   * # Errors
+   *
+   * Returns an error if setting object properties fails
+   */
+  toJSON(): any;
+  /**
+   * Gets the creation timestamp
+   */
+  readonly createdAt: bigint;
+  /**
+   * Gets the expiration timestamp
+   */
+  readonly expiresAt: bigint;
+  /**
+   * Gets the signature as hex string (0x-prefixed, 65 bytes)
+   */
+  readonly sig: string;
+  /**
+   * Gets the nonce as hex string (0x-prefixed field element)
+   */
+  readonly nonce: string;
+}
+
+export type InitInput = RequestInfo | URL | Response | BufferSource | WebAssembly.Module;
+
+export interface InitOutput {
+  readonly memory: WebAssembly.Memory;
+  readonly __wbg_bridgeencryption_free: (a: number, b: number) => void;
+  readonly __wbg_credentialrequestwasm_free: (a: number, b: number) => void;
+  readonly __wbg_idkitproof_free: (a: number, b: number) => void;
+  readonly __wbg_idkitrequest_free: (a: number, b: number) => void;
+  readonly __wbg_idkitrequestbuilderwasm_free: (a: number, b: number) => void;
+  readonly __wbg_rpcontextwasm_free: (a: number, b: number) => void;
+  readonly __wbg_rpsignature_free: (a: number, b: number) => void;
+  readonly base64Decode: (a: number, b: number, c: number) => void;
+  readonly base64Encode: (a: number, b: number, c: number) => void;
+  readonly bridgeencryption_decrypt: (a: number, b: number, c: number, d: number) => void;
+  readonly bridgeencryption_encrypt: (a: number, b: number, c: number, d: number) => void;
+  readonly bridgeencryption_keyBase64: (a: number, b: number) => void;
+  readonly bridgeencryption_new: (a: number) => void;
+  readonly bridgeencryption_nonceBase64: (a: number, b: number) => void;
+  readonly credentialrequestwasm_credentialType: (a: number) => number;
+  readonly credentialrequestwasm_getSignalBytes: (a: number, b: number) => void;
+  readonly credentialrequestwasm_new: (a: number, b: number, c: number, d: number) => void;
+  readonly credentialrequestwasm_toJSON: (a: number, b: number) => void;
+  readonly credentialrequestwasm_withBytes: (a: number, b: number, c: number, d: number) => void;
+  readonly credentialrequestwasm_withGenesisMin: (a: number, b: number, c: number, d: number, e: bigint) => void;
+  readonly hashSignal: (a: number, b: number, c: number) => void;
+  readonly idkitproof_new: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number) => void;
+  readonly idkitproof_toJSON: (a: number, b: number) => void;
+  readonly idkitrequest_connectUrl: (a: number, b: number) => void;
+  readonly idkitrequest_pollForStatus: (a: number) => number;
+  readonly idkitrequest_requestId: (a: number, b: number) => void;
+  readonly idkitrequestbuilderwasm_constraints: (a: number, b: number) => number;
+  readonly idkitrequestbuilderwasm_new: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number, i: number) => number;
+  readonly idkitrequestbuilderwasm_preset: (a: number, b: number) => number;
+  readonly orbLegacy: (a: number, b: number, c: number) => void;
+  readonly rpcontextwasm_new: (a: number, b: number, c: number, d: number, e: number, f: bigint, g: bigint, h: number, i: number) => void;
+  readonly rpsignature_createdAt: (a: number) => bigint;
+  readonly rpsignature_expiresAt: (a: number) => bigint;
+  readonly rpsignature_nonce: (a: number, b: number) => void;
+  readonly rpsignature_sig: (a: number, b: number) => void;
+  readonly rpsignature_toJSON: (a: number, b: number) => void;
+  readonly signRequest: (a: number, b: number, c: number, d: number, e: number, f: number, g: bigint) => void;
+  readonly init_wasm: () => void;
+  readonly hashSignalBytes: (a: number, b: number, c: number) => void;
+  readonly request: (a: number, b: number, c: number, d: number, e: number, f: number, g: number, h: number, i: number) => number;
+  readonly __wasm_bindgen_func_elem_551: (a: number, b: number) => void;
+  readonly __wasm_bindgen_func_elem_550: (a: number, b: number) => void;
+  readonly __wasm_bindgen_func_elem_914: (a: number, b: number, c: number) => void;
+  readonly __wasm_bindgen_func_elem_913: (a: number, b: number) => void;
+  readonly __wasm_bindgen_func_elem_1281: (a: number, b: number, c: number, d: number) => void;
+  readonly __wbindgen_export: (a: number, b: number) => number;
+  readonly __wbindgen_export2: (a: number, b: number, c: number, d: number) => number;
+  readonly __wbindgen_export3: (a: number) => void;
+  readonly __wbindgen_export4: (a: number, b: number, c: number) => void;
+  readonly __wbindgen_add_to_stack_pointer: (a: number) => number;
+  readonly __wbindgen_start: () => void;
+}
+
+export type SyncInitInput = BufferSource | WebAssembly.Module;
+/**
+* Instantiates the given `module`, which can either be bytes or
+* a precompiled `WebAssembly.Module`.
+*
+* @param {{ module: SyncInitInput }} module - Passing `SyncInitInput` directly is deprecated.
+*
+* @returns {InitOutput}
+*/
+export function initSync(module: { module: SyncInitInput } | SyncInitInput): InitOutput;
+
+/**
+* If `module_or_path` is {RequestInfo} or {URL}, makes a request and
+* for everything else, calls `WebAssembly.instantiate` directly.
+*
+* @param {{ module_or_path: InitInput | Promise<InitInput> }} module_or_path - Passing `InitInput` directly is deprecated.
+*
+* @returns {Promise<InitOutput>}
+*/
+export default function __wbg_init (module_or_path?: { module_or_path: InitInput | Promise<InitInput> } | InitInput | Promise<InitInput>): Promise<InitOutput>;