@worldcoin/idkit-core 4.0.1-dev.2039000 → 4.0.1-dev.370b7c0

package/README.md

@@ -10,12 +10,10 @@ npm install @worldcoin/idkit-core
 
 ## Backend: Generate RP Signature
 
-The RP signature authenticates your verification requests. Generate it server-side:
+The RP signature authenticates your verification requests. Generate it server-side using the `/signing` subpath (pure JS, no WASM init needed):
 
 ```typescript
-import { IDKit, signRequest } from "@worldcoin/idkit-core";
-
-await IDKit.initServer();
+import { signRequest } from "@worldcoin/idkit-core/signing";
 
 // Never expose RP_SIGNING_KEY to clients
 const sig = signRequest("my-action", process.env.RP_SIGNING_KEY);
@@ -24,8 +22,8 @@ const sig = signRequest("my-action", process.env.RP_SIGNING_KEY);
 res.json({
   sig: sig.sig,
   nonce: sig.nonce,
-  created_at: Number(sig.createdAt),
-  expires_at: Number(sig.expiresAt),
+  created_at: sig.createdAt,
+  expires_at: sig.expiresAt,
 });
 ```
 
@@ -38,8 +36,6 @@ For common verification scenarios with World ID 3.0 backward compatibility:
 ```typescript
 import { IDKit, orbLegacy } from "@worldcoin/idkit-core";
 
-await IDKit.init();
-
 // Fetch signature from your backend
 const rpSig = await fetch("/api/rp-signature").then((r) => r.json());
 
@@ -100,3 +96,17 @@ const response = await fetch(
 
 const { success } = await response.json();
 ```
+
+## Subpath Exports
+
+Pure JS subpath exports are available for server-side use without WASM initialization:
+
+| Subpath    | Exports                                                          |
+| ---------- | ---------------------------------------------------------------- |
+| `/signing` | `signRequest`, `computeRpSignatureMessage`, `RpSignature` (type) |
+| `/hashing` | `hashSignal`                                                     |
+
+```typescript
+import { signRequest } from "@worldcoin/idkit-core/signing";
+import { hashSignal } from "@worldcoin/idkit-core/hashing";
+```

package/dist/hashing.cjs

@@ -0,0 +1,28 @@
+'use strict';
+
+var sha3 = require('@noble/hashes/sha3');
+var utils = require('@noble/hashes/utils');
+
+// src/lib/hashing.ts
+function hashToField(input) {
+  const hash = BigInt("0x" + utils.bytesToHex(sha3.keccak_256(input))) >> 8n;
+  return utils.hexToBytes(hash.toString(16).padStart(64, "0"));
+}
+function hashSignal(signal) {
+  let input;
+  if (signal instanceof Uint8Array) {
+    input = signal;
+  } else if (signal.startsWith("0x") && isValidHex(signal.slice(2))) {
+    input = utils.hexToBytes(signal.slice(2));
+  } else {
+    input = new TextEncoder().encode(signal);
+  }
+  return "0x" + utils.bytesToHex(hashToField(input));
+}
+function isValidHex(s) {
+  if (s.length === 0) return false;
+  if (s.length % 2 !== 0) return false;
+  return /^[0-9a-fA-F]+$/.test(s);
+}
+
+exports.hashSignal = hashSignal;

package/dist/hashing.d.cts

@@ -0,0 +1,9 @@
+/**
+ * Hashes a signal to its field element hex representation.
+ *
+ * @param signal - The signal to hash (string or Uint8Array)
+ * @returns 0x-prefixed hex string representing the signal hash
+ */
+declare function hashSignal(signal: string | Uint8Array): string;
+
+export { hashSignal };

package/dist/hashing.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Hashes a signal to its field element hex representation.
+ *
+ * @param signal - The signal to hash (string or Uint8Array)
+ * @returns 0x-prefixed hex string representing the signal hash
+ */
+declare function hashSignal(signal: string | Uint8Array): string;
+
+export { hashSignal };

package/dist/hashing.js

@@ -0,0 +1,26 @@
+import { keccak_256 } from '@noble/hashes/sha3';
+import { hexToBytes, bytesToHex } from '@noble/hashes/utils';
+
+// src/lib/hashing.ts
+function hashToField(input) {
+  const hash = BigInt("0x" + bytesToHex(keccak_256(input))) >> 8n;
+  return hexToBytes(hash.toString(16).padStart(64, "0"));
+}
+function hashSignal(signal) {
+  let input;
+  if (signal instanceof Uint8Array) {
+    input = signal;
+  } else if (signal.startsWith("0x") && isValidHex(signal.slice(2))) {
+    input = hexToBytes(signal.slice(2));
+  } else {
+    input = new TextEncoder().encode(signal);
+  }
+  return "0x" + bytesToHex(hashToField(input));
+}
+function isValidHex(s) {
+  if (s.length === 0) return false;
+  if (s.length % 2 !== 0) return false;
+  return /^[0-9a-fA-F]+$/.test(s);
+}
+
+export { hashSignal };

package/dist/index.cjs

@@ -1,5 +1,11 @@
 'use strict';
 
+var sha3 = require('@noble/hashes/sha3');
+var utils = require('@noble/hashes/utils');
+var hmac = require('@noble/hashes/hmac');
+var sha2 = require('@noble/hashes/sha2');
+var secp256k1 = require('@noble/secp256k1');
+
 var _documentCurrentScript = typeof document !== 'undefined' ? document.currentScript : null;
 var __defProp = Object.defineProperty;
 var __export = (target, all2) => {
@@ -388,12 +394,12 @@ function hashSignal(signal) {
     wasm.__wbindgen_export4(deferred2_0, deferred2_1, 1);
   }
 }
-function __wasm_bindgen_func_elem_960(arg0, arg1, arg2) {
-  wasm.__wasm_bindgen_func_elem_960(arg0, arg1, addHeapObject(arg2));
-}
 function __wasm_bindgen_func_elem_597(arg0, arg1) {
   wasm.__wasm_bindgen_func_elem_597(arg0, arg1);
 }
+function __wasm_bindgen_func_elem_960(arg0, arg1, arg2) {
+  wasm.__wasm_bindgen_func_elem_960(arg0, arg1, addHeapObject(arg2));
+}
 function __wasm_bindgen_func_elem_1345(arg0, arg1, arg2, arg3) {
   wasm.__wasm_bindgen_func_elem_1345(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
 }
@@ -1852,10 +1858,6 @@ var idkit_wasm_default = __wbg_init;
 // src/lib/wasm.ts
 var wasmInitialized = false;
 var wasmInitPromise = null;
-async function importNodeModule(specifier) {
-  const dynamicImport = Function("moduleName", "return import(moduleName)");
-  return dynamicImport(specifier);
-}
 async function initIDKit() {
   if (wasmInitialized) {
     return;
@@ -1874,36 +1876,6 @@ async function initIDKit() {
   })();
   return wasmInitPromise;
 }
-async function initIDKitServer() {
-  if (wasmInitialized) {
-    return;
-  }
-  if (wasmInitPromise) {
-    return wasmInitPromise;
-  }
-  wasmInitPromise = (async () => {
-    try {
-      const { readFile } = await importNodeModule(
-        "node:fs/promises"
-      );
-      const { fileURLToPath } = await importNodeModule(
-        "node:url"
-      );
-      const { dirname, join } = await importNodeModule(
-        "node:path"
-      );
-      const modulePath = fileURLToPath((typeof document === 'undefined' ? require('u' + 'rl').pathToFileURL(__filename).href : (_documentCurrentScript && _documentCurrentScript.tagName.toUpperCase() === 'SCRIPT' && _documentCurrentScript.src || new URL('index.cjs', document.baseURI).href)));
-      const wasmPath = join(dirname(modulePath), "idkit_wasm_bg.wasm");
-      const wasmBuffer = await readFile(wasmPath);
-      await idkit_wasm_default({ module_or_path: wasmBuffer });
-      wasmInitialized = true;
-    } catch (error) {
-      wasmInitPromise = null;
-      throw new Error(`Failed to initialize IDKit WASM for server: ${error}`);
-    }
-  })();
-  return wasmInitPromise;
-}
 
 // src/transports/native.ts
 function isInWorldApp() {
@@ -2313,10 +2285,6 @@ function proveSession2(sessionId, config) {
   });
 }
 var IDKit = {
-  /** Initialize WASM for browser environments (not needed in World App) */
-  init: initIDKit,
-  /** Initialize WASM for Node.js/server environments */
-  initServer: initIDKitServer,
   /** Create a new verification request */
   request: createRequest,
   /** Create a new session (no action, no existing session_id) */
@@ -2359,21 +2327,71 @@ var isServerEnvironment = () => {
   }
   return false;
 };
+function hashToField(input) {
+  const hash = BigInt("0x" + utils.bytesToHex(sha3.keccak_256(input))) >> 8n;
+  return utils.hexToBytes(hash.toString(16).padStart(64, "0"));
+}
+function hashSignal2(signal) {
+  let input;
+  if (signal instanceof Uint8Array) {
+    input = signal;
+  } else if (signal.startsWith("0x") && isValidHex(signal.slice(2))) {
+    input = utils.hexToBytes(signal.slice(2));
+  } else {
+    input = new TextEncoder().encode(signal);
+  }
+  return "0x" + utils.bytesToHex(hashToField(input));
+}
+function isValidHex(s) {
+  if (s.length === 0) return false;
+  if (s.length % 2 !== 0) return false;
+  return /^[0-9a-fA-F]+$/.test(s);
+}
 
-// src/lib/rp-signature.ts
-function signRequest2(action, signingKeyHex, ttlSeconds) {
+// src/lib/signing.ts
+secp256k1.etc.hmacSha256Sync = (key, ...msgs) => hmac.hmac(sha2.sha256, key, secp256k1.etc.concatBytes(...msgs));
+var DEFAULT_TTL_SEC = 300;
+function computeRpSignatureMessage(nonceBytes, createdAt, expiresAt) {
+  const message = new Uint8Array(48);
+  message.set(nonceBytes, 0);
+  const view = new DataView(message.buffer);
+  view.setBigUint64(32, BigInt(createdAt), false);
+  view.setBigUint64(40, BigInt(expiresAt), false);
+  return message;
+}
+function signRequest2(_action, signingKeyHex, ttl = DEFAULT_TTL_SEC) {
   if (!isServerEnvironment()) {
     throw new Error(
       "signRequest can only be used in Node.js environments. This function requires access to signing keys and should never be called from browser/client-side code."
     );
   }
-  const ttlBigInt = ttlSeconds !== void 0 ? BigInt(ttlSeconds) : void 0;
-  return idkit_wasm_exports.signRequest(action, signingKeyHex, ttlBigInt);
-}
-
-// src/lib/hashing.ts
-function hashSignal2(signal) {
-  return idkit_wasm_exports.hashSignal(signal);
+  const keyHex = signingKeyHex.startsWith("0x") ? signingKeyHex.slice(2) : signingKeyHex;
+  if (!/^[0-9a-fA-F]+$/.test(keyHex)) {
+    throw new Error("Invalid signing key: contains non-hex characters");
+  }
+  if (keyHex.length !== 64) {
+    throw new Error(
+      `Invalid signing key: expected 32 bytes (64 hex chars), got ${keyHex.length / 2} bytes`
+    );
+  }
+  const privKey = secp256k1.etc.hexToBytes(keyHex);
+  const randomBytes = crypto.getRandomValues(new Uint8Array(32));
+  const nonceBytes = hashToField(randomBytes);
+  const createdAt = Math.floor(Date.now() / 1e3);
+  const expiresAt = createdAt + ttl;
+  const message = computeRpSignatureMessage(nonceBytes, createdAt, expiresAt);
+  const msgHash = sha3.keccak_256(message);
+  const recSig = secp256k1.sign(msgHash, privKey);
+  const compact = recSig.toCompactRawBytes();
+  const sig65 = new Uint8Array(65);
+  sig65.set(compact, 0);
+  sig65[64] = recSig.recovery + 27;
+  return {
+    sig: "0x" + utils.bytesToHex(sig65),
+    nonce: "0x" + utils.bytesToHex(nonceBytes),
+    createdAt,
+    expiresAt
+  };
 }
 
 exports.CredentialRequest = CredentialRequest;

package/dist/index.d.cts

@@ -1,3 +1,6 @@
+export { RpSignature, signRequest } from './signing.cjs';
+export { hashSignal } from './hashing.cjs';
+
 /**
  * Configuration types for IDKit
  *
@@ -240,64 +243,6 @@ type ConstraintNode =
     | { any: ConstraintNode[] }
     | { all: ConstraintNode[] };
 
-
-
-interface RpSignature {
-    sig: string;
-    nonce: string;
-    createdAt: number;
-    expiresAt: number;
-    toJSON(): { sig: string; nonce: string; createdAt: number; expiresAt: number };
-}
-declare class RpSignature {
-  private constructor();
-  free(): void;
-  [Symbol.dispose](): void;
-  /**
-   * Converts to JSON
-   *
-   * # Errors
-   *
-   * Returns an error if setting object properties fails
-   */
-  toJSON(): any;
-  /**
-   * Gets the creation timestamp
-   */
-  readonly createdAt: bigint;
-  /**
-   * Gets the expiration timestamp
-   */
-  readonly expiresAt: bigint;
-  /**
-   * Gets the signature as hex string (0x-prefixed, 65 bytes)
-   */
-  readonly sig: string;
-  /**
-   * Gets the nonce as hex string (0x-prefixed field element)
-   */
-  readonly nonce: string;
-}
-
-/**
- * WASM initialization and management
- */
-
-/**
- * Initializes the WASM module for browser environments
- * Uses fetch-based loading (works with http/https URLs)
- * This must be called before using any WASM-powered functions
- * Safe to call multiple times - initialization only happens once
- */
-declare function initIDKit(): Promise<void>;
-/**
- * Initializes the WASM module for Node.js/server environments
- * Uses fs-based loading since Node.js fetch doesn't support file:// URLs
- * This must be called before using any WASM-powered functions
- * Safe to call multiple times - initialization only happens once
- */
-declare function initIDKitServer(): Promise<void>;
-
 /**
  * Result types - re-exported from WASM bindings
  *
@@ -641,10 +586,6 @@ declare function proveSession(sessionId: string, config: IDKitSessionConfig): ID
  * ```
  */
 declare const IDKit: {
-    /** Initialize WASM for browser environments (not needed in World App) */
-    init: typeof initIDKit;
-    /** Initialize WASM for Node.js/server environments */
-    initServer: typeof initIDKitServer;
     /** Create a new verification request */
     request: typeof createRequest;
     /** Create a new session (no action, no existing session_id) */
@@ -687,39 +628,4 @@ declare const isWeb: () => boolean;
  */
 declare const isNode: () => boolean;
 
-/**
- * Signs an RP request for World ID proof verification
- *
- * **Backend-only**: This function should ONLY be used in Node.js/server environments.
- * Never use this in browser/client-side code as it requires access to your signing key.
- *
- * This function generates a cryptographic signature that authenticates your proof request.
- * The returned signature, nonce, and timestamps should be passed as `rp_context` to the client.
- *
- * @param action - The action tied to the proof request
- * @param signingKeyHex - The ECDSA private key as hex (0x-prefixed or not, 32 bytes)
- * @param ttlSeconds - Optional time-to-live in seconds (defaults to 300 = 5 minutes)
- * @returns RpSignature object with sig, nonce, createdAt, expiresAt to use as rp_context
- * @throws Error if called in non-Node.js environment or if parameters are invalid
- *
- * @example
- * ```typescript
- * import { signRequest } from '@worldcoin/idkit-core'
- *
- * const signingKey = process.env.RP_SIGNING_KEY // Load from secure env var
- * const signature = signRequest('my-action', signingKey)
- * console.log(signature.sig, signature.nonce, signature.createdAt, signature.expiresAt)
- * ```
- */
-declare function signRequest(action: string, signingKeyHex: string, ttlSeconds?: number): RpSignature;
-
-/**
- * Hashes a Signal (string or Uint8Array) to its hash representation.
- * This is the same hashing used internally when constructing proof requests.
- *
- * @param signal - The signal to hash (string or Uint8Array)
- * @returns 0x-prefixed hex string representing the signal hash
- */
-declare function hashSignal(signal: string | Uint8Array): string;
-
-export { type AbiEncodedValue, type ConstraintNode, CredentialRequest, type CredentialRequestType, type CredentialType, type DocumentLegacyPreset, IDKit, type IDKitCompletionResult, type IDKitErrorCode, IDKitErrorCodes, type IDKitRequest, type IDKitRequestConfig, type IDKitResult, type IDKitResultSession, type IDKitSessionConfig, type OrbLegacyPreset, type Preset, type ResponseItemSession, type ResponseItemV3, type ResponseItemV4, type RpContext, RpSignature, type SecureDocumentLegacyPreset, type Status$1 as Status, type WaitOptions, all, any, documentLegacy, hashSignal, isNode, isReactNative, isWeb, orbLegacy, secureDocumentLegacy, signRequest };
+export { type AbiEncodedValue, type ConstraintNode, CredentialRequest, type CredentialRequestType, type CredentialType, type DocumentLegacyPreset, IDKit, type IDKitCompletionResult, type IDKitErrorCode, IDKitErrorCodes, type IDKitRequest, type IDKitRequestConfig, type IDKitResult, type IDKitResultSession, type IDKitSessionConfig, type OrbLegacyPreset, type Preset, type ResponseItemSession, type ResponseItemV3, type ResponseItemV4, type RpContext, type SecureDocumentLegacyPreset, type Status$1 as Status, type WaitOptions, all, any, documentLegacy, isNode, isReactNative, isWeb, orbLegacy, secureDocumentLegacy };

package/dist/index.d.ts

@@ -1,3 +1,6 @@
+export { RpSignature, signRequest } from './signing.js';
+export { hashSignal } from './hashing.js';
+
 /**
  * Configuration types for IDKit
  *
@@ -240,64 +243,6 @@ type ConstraintNode =
     | { any: ConstraintNode[] }
     | { all: ConstraintNode[] };
 
-
-
-interface RpSignature {
-    sig: string;
-    nonce: string;
-    createdAt: number;
-    expiresAt: number;
-    toJSON(): { sig: string; nonce: string; createdAt: number; expiresAt: number };
-}
-declare class RpSignature {
-  private constructor();
-  free(): void;
-  [Symbol.dispose](): void;
-  /**
-   * Converts to JSON
-   *
-   * # Errors
-   *
-   * Returns an error if setting object properties fails
-   */
-  toJSON(): any;
-  /**
-   * Gets the creation timestamp
-   */
-  readonly createdAt: bigint;
-  /**
-   * Gets the expiration timestamp
-   */
-  readonly expiresAt: bigint;
-  /**
-   * Gets the signature as hex string (0x-prefixed, 65 bytes)
-   */
-  readonly sig: string;
-  /**
-   * Gets the nonce as hex string (0x-prefixed field element)
-   */
-  readonly nonce: string;
-}
-
-/**
- * WASM initialization and management
- */
-
-/**
- * Initializes the WASM module for browser environments
- * Uses fetch-based loading (works with http/https URLs)
- * This must be called before using any WASM-powered functions
- * Safe to call multiple times - initialization only happens once
- */
-declare function initIDKit(): Promise<void>;
-/**
- * Initializes the WASM module for Node.js/server environments
- * Uses fs-based loading since Node.js fetch doesn't support file:// URLs
- * This must be called before using any WASM-powered functions
- * Safe to call multiple times - initialization only happens once
- */
-declare function initIDKitServer(): Promise<void>;
-
 /**
  * Result types - re-exported from WASM bindings
  *
@@ -641,10 +586,6 @@ declare function proveSession(sessionId: string, config: IDKitSessionConfig): ID
  * ```
  */
 declare const IDKit: {
-    /** Initialize WASM for browser environments (not needed in World App) */
-    init: typeof initIDKit;
-    /** Initialize WASM for Node.js/server environments */
-    initServer: typeof initIDKitServer;
     /** Create a new verification request */
     request: typeof createRequest;
     /** Create a new session (no action, no existing session_id) */
@@ -687,39 +628,4 @@ declare const isWeb: () => boolean;
  */
 declare const isNode: () => boolean;
 
-/**
- * Signs an RP request for World ID proof verification
- *
- * **Backend-only**: This function should ONLY be used in Node.js/server environments.
- * Never use this in browser/client-side code as it requires access to your signing key.
- *
- * This function generates a cryptographic signature that authenticates your proof request.
- * The returned signature, nonce, and timestamps should be passed as `rp_context` to the client.
- *
- * @param action - The action tied to the proof request
- * @param signingKeyHex - The ECDSA private key as hex (0x-prefixed or not, 32 bytes)
- * @param ttlSeconds - Optional time-to-live in seconds (defaults to 300 = 5 minutes)
- * @returns RpSignature object with sig, nonce, createdAt, expiresAt to use as rp_context
- * @throws Error if called in non-Node.js environment or if parameters are invalid
- *
- * @example
- * ```typescript
- * import { signRequest } from '@worldcoin/idkit-core'
- *
- * const signingKey = process.env.RP_SIGNING_KEY // Load from secure env var
- * const signature = signRequest('my-action', signingKey)
- * console.log(signature.sig, signature.nonce, signature.createdAt, signature.expiresAt)
- * ```
- */
-declare function signRequest(action: string, signingKeyHex: string, ttlSeconds?: number): RpSignature;
-
-/**
- * Hashes a Signal (string or Uint8Array) to its hash representation.
- * This is the same hashing used internally when constructing proof requests.
- *
- * @param signal - The signal to hash (string or Uint8Array)
- * @returns 0x-prefixed hex string representing the signal hash
- */
-declare function hashSignal(signal: string | Uint8Array): string;
-
-export { type AbiEncodedValue, type ConstraintNode, CredentialRequest, type CredentialRequestType, type CredentialType, type DocumentLegacyPreset, IDKit, type IDKitCompletionResult, type IDKitErrorCode, IDKitErrorCodes, type IDKitRequest, type IDKitRequestConfig, type IDKitResult, type IDKitResultSession, type IDKitSessionConfig, type OrbLegacyPreset, type Preset, type ResponseItemSession, type ResponseItemV3, type ResponseItemV4, type RpContext, RpSignature, type SecureDocumentLegacyPreset, type Status$1 as Status, type WaitOptions, all, any, documentLegacy, hashSignal, isNode, isReactNative, isWeb, orbLegacy, secureDocumentLegacy, signRequest };
+export { type AbiEncodedValue, type ConstraintNode, CredentialRequest, type CredentialRequestType, type CredentialType, type DocumentLegacyPreset, IDKit, type IDKitCompletionResult, type IDKitErrorCode, IDKitErrorCodes, type IDKitRequest, type IDKitRequestConfig, type IDKitResult, type IDKitResultSession, type IDKitSessionConfig, type OrbLegacyPreset, type Preset, type ResponseItemSession, type ResponseItemV3, type ResponseItemV4, type RpContext, type SecureDocumentLegacyPreset, type Status$1 as Status, type WaitOptions, all, any, documentLegacy, isNode, isReactNative, isWeb, orbLegacy, secureDocumentLegacy };

package/dist/index.js

@@ -1,3 +1,9 @@
+import { keccak_256 } from '@noble/hashes/sha3';
+import { hexToBytes, bytesToHex } from '@noble/hashes/utils';
+import { hmac } from '@noble/hashes/hmac';
+import { sha256 } from '@noble/hashes/sha2';
+import { etc, sign } from '@noble/secp256k1';
+
 var __defProp = Object.defineProperty;
 var __export = (target, all2) => {
   for (var name in all2)
@@ -385,12 +391,12 @@ function hashSignal(signal) {
     wasm.__wbindgen_export4(deferred2_0, deferred2_1, 1);
   }
 }
-function __wasm_bindgen_func_elem_960(arg0, arg1, arg2) {
-  wasm.__wasm_bindgen_func_elem_960(arg0, arg1, addHeapObject(arg2));
-}
 function __wasm_bindgen_func_elem_597(arg0, arg1) {
   wasm.__wasm_bindgen_func_elem_597(arg0, arg1);
 }
+function __wasm_bindgen_func_elem_960(arg0, arg1, arg2) {
+  wasm.__wasm_bindgen_func_elem_960(arg0, arg1, addHeapObject(arg2));
+}
 function __wasm_bindgen_func_elem_1345(arg0, arg1, arg2, arg3) {
   wasm.__wasm_bindgen_func_elem_1345(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
 }
@@ -1849,10 +1855,6 @@ var idkit_wasm_default = __wbg_init;
 // src/lib/wasm.ts
 var wasmInitialized = false;
 var wasmInitPromise = null;
-async function importNodeModule(specifier) {
-  const dynamicImport = Function("moduleName", "return import(moduleName)");
-  return dynamicImport(specifier);
-}
 async function initIDKit() {
   if (wasmInitialized) {
     return;
@@ -1871,36 +1873,6 @@ async function initIDKit() {
   })();
   return wasmInitPromise;
 }
-async function initIDKitServer() {
-  if (wasmInitialized) {
-    return;
-  }
-  if (wasmInitPromise) {
-    return wasmInitPromise;
-  }
-  wasmInitPromise = (async () => {
-    try {
-      const { readFile } = await importNodeModule(
-        "node:fs/promises"
-      );
-      const { fileURLToPath } = await importNodeModule(
-        "node:url"
-      );
-      const { dirname, join } = await importNodeModule(
-        "node:path"
-      );
-      const modulePath = fileURLToPath(import.meta.url);
-      const wasmPath = join(dirname(modulePath), "idkit_wasm_bg.wasm");
-      const wasmBuffer = await readFile(wasmPath);
-      await idkit_wasm_default({ module_or_path: wasmBuffer });
-      wasmInitialized = true;
-    } catch (error) {
-      wasmInitPromise = null;
-      throw new Error(`Failed to initialize IDKit WASM for server: ${error}`);
-    }
-  })();
-  return wasmInitPromise;
-}
 
 // src/transports/native.ts
 function isInWorldApp() {
@@ -2310,10 +2282,6 @@ function proveSession2(sessionId, config) {
   });
 }
 var IDKit = {
-  /** Initialize WASM for browser environments (not needed in World App) */
-  init: initIDKit,
-  /** Initialize WASM for Node.js/server environments */
-  initServer: initIDKitServer,
   /** Create a new verification request */
   request: createRequest,
   /** Create a new session (no action, no existing session_id) */
@@ -2356,21 +2324,71 @@ var isServerEnvironment = () => {
   }
   return false;
 };
+function hashToField(input) {
+  const hash = BigInt("0x" + bytesToHex(keccak_256(input))) >> 8n;
+  return hexToBytes(hash.toString(16).padStart(64, "0"));
+}
+function hashSignal2(signal) {
+  let input;
+  if (signal instanceof Uint8Array) {
+    input = signal;
+  } else if (signal.startsWith("0x") && isValidHex(signal.slice(2))) {
+    input = hexToBytes(signal.slice(2));
+  } else {
+    input = new TextEncoder().encode(signal);
+  }
+  return "0x" + bytesToHex(hashToField(input));
+}
+function isValidHex(s) {
+  if (s.length === 0) return false;
+  if (s.length % 2 !== 0) return false;
+  return /^[0-9a-fA-F]+$/.test(s);
+}
 
-// src/lib/rp-signature.ts
-function signRequest2(action, signingKeyHex, ttlSeconds) {
+// src/lib/signing.ts
+etc.hmacSha256Sync = (key, ...msgs) => hmac(sha256, key, etc.concatBytes(...msgs));
+var DEFAULT_TTL_SEC = 300;
+function computeRpSignatureMessage(nonceBytes, createdAt, expiresAt) {
+  const message = new Uint8Array(48);
+  message.set(nonceBytes, 0);
+  const view = new DataView(message.buffer);
+  view.setBigUint64(32, BigInt(createdAt), false);
+  view.setBigUint64(40, BigInt(expiresAt), false);
+  return message;
+}
+function signRequest2(_action, signingKeyHex, ttl = DEFAULT_TTL_SEC) {
   if (!isServerEnvironment()) {
     throw new Error(
       "signRequest can only be used in Node.js environments. This function requires access to signing keys and should never be called from browser/client-side code."
     );
   }
-  const ttlBigInt = ttlSeconds !== void 0 ? BigInt(ttlSeconds) : void 0;
-  return idkit_wasm_exports.signRequest(action, signingKeyHex, ttlBigInt);
-}
-
-// src/lib/hashing.ts
-function hashSignal2(signal) {
-  return idkit_wasm_exports.hashSignal(signal);
+  const keyHex = signingKeyHex.startsWith("0x") ? signingKeyHex.slice(2) : signingKeyHex;
+  if (!/^[0-9a-fA-F]+$/.test(keyHex)) {
+    throw new Error("Invalid signing key: contains non-hex characters");
+  }
+  if (keyHex.length !== 64) {
+    throw new Error(
+      `Invalid signing key: expected 32 bytes (64 hex chars), got ${keyHex.length / 2} bytes`
+    );
+  }
+  const privKey = etc.hexToBytes(keyHex);
+  const randomBytes = crypto.getRandomValues(new Uint8Array(32));
+  const nonceBytes = hashToField(randomBytes);
+  const createdAt = Math.floor(Date.now() / 1e3);
+  const expiresAt = createdAt + ttl;
+  const message = computeRpSignatureMessage(nonceBytes, createdAt, expiresAt);
+  const msgHash = keccak_256(message);
+  const recSig = sign(msgHash, privKey);
+  const compact = recSig.toCompactRawBytes();
+  const sig65 = new Uint8Array(65);
+  sig65.set(compact, 0);
+  sig65[64] = recSig.recovery + 27;
+  return {
+    sig: "0x" + bytesToHex(sig65),
+    nonce: "0x" + bytesToHex(nonceBytes),
+    createdAt,
+    expiresAt
+  };
 }
 
 export { CredentialRequest, IDKit, IDKitErrorCodes, all, any, documentLegacy, hashSignal2 as hashSignal, isNode, isReactNative, isWeb, orbLegacy, secureDocumentLegacy, signRequest2 as signRequest };

package/dist/signing.cjs

@@ -0,0 +1,76 @@
+'use strict';
+
+var sha3 = require('@noble/hashes/sha3');
+var utils = require('@noble/hashes/utils');
+var hmac = require('@noble/hashes/hmac');
+var sha2 = require('@noble/hashes/sha2');
+var secp256k1 = require('@noble/secp256k1');
+
+// src/lib/signing.ts
+
+// src/lib/platform.ts
+var isServerEnvironment = () => {
+  if (typeof process !== "undefined" && process.versions?.node) {
+    return true;
+  }
+  if (typeof globalThis.Deno !== "undefined") {
+    return true;
+  }
+  if (typeof globalThis.Bun !== "undefined") {
+    return true;
+  }
+  return false;
+};
+function hashToField(input) {
+  const hash = BigInt("0x" + utils.bytesToHex(sha3.keccak_256(input))) >> 8n;
+  return utils.hexToBytes(hash.toString(16).padStart(64, "0"));
+}
+
+// src/lib/signing.ts
+secp256k1.etc.hmacSha256Sync = (key, ...msgs) => hmac.hmac(sha2.sha256, key, secp256k1.etc.concatBytes(...msgs));
+var DEFAULT_TTL_SEC = 300;
+function computeRpSignatureMessage(nonceBytes, createdAt, expiresAt) {
+  const message = new Uint8Array(48);
+  message.set(nonceBytes, 0);
+  const view = new DataView(message.buffer);
+  view.setBigUint64(32, BigInt(createdAt), false);
+  view.setBigUint64(40, BigInt(expiresAt), false);
+  return message;
+}
+function signRequest(_action, signingKeyHex, ttl = DEFAULT_TTL_SEC) {
+  if (!isServerEnvironment()) {
+    throw new Error(
+      "signRequest can only be used in Node.js environments. This function requires access to signing keys and should never be called from browser/client-side code."
+    );
+  }
+  const keyHex = signingKeyHex.startsWith("0x") ? signingKeyHex.slice(2) : signingKeyHex;
+  if (!/^[0-9a-fA-F]+$/.test(keyHex)) {
+    throw new Error("Invalid signing key: contains non-hex characters");
+  }
+  if (keyHex.length !== 64) {
+    throw new Error(
+      `Invalid signing key: expected 32 bytes (64 hex chars), got ${keyHex.length / 2} bytes`
+    );
+  }
+  const privKey = secp256k1.etc.hexToBytes(keyHex);
+  const randomBytes = crypto.getRandomValues(new Uint8Array(32));
+  const nonceBytes = hashToField(randomBytes);
+  const createdAt = Math.floor(Date.now() / 1e3);
+  const expiresAt = createdAt + ttl;
+  const message = computeRpSignatureMessage(nonceBytes, createdAt, expiresAt);
+  const msgHash = sha3.keccak_256(message);
+  const recSig = secp256k1.sign(msgHash, privKey);
+  const compact = recSig.toCompactRawBytes();
+  const sig65 = new Uint8Array(65);
+  sig65.set(compact, 0);
+  sig65[64] = recSig.recovery + 27;
+  return {
+    sig: "0x" + utils.bytesToHex(sig65),
+    nonce: "0x" + utils.bytesToHex(nonceBytes),
+    createdAt,
+    expiresAt
+  };
+}
+
+exports.computeRpSignatureMessage = computeRpSignatureMessage;
+exports.signRequest = signRequest;

package/dist/signing.d.cts

@@ -0,0 +1,36 @@
+interface RpSignature {
+    sig: string;
+    nonce: string;
+    createdAt: number;
+    expiresAt: number;
+}
+/**
+ * Builds the 48-byte message that gets signed for RP signature verification.
+ *
+ * Message format: nonce(32) || createdAt_u64_be(8) || expiresAt_u64_be(8)
+ *
+ * Matches Rust `compute_rp_signature_msg`:
+ * https://github.com/worldcoin/world-id-protocol/blob/0008eab1efe200e572f27258793f9be5cb32858b/crates/primitives/src/rp.rs#L95-L105
+ *
+ * @param nonceBytes - 32-byte nonce as Uint8Array
+ * @param createdAt - unix timestamp in seconds
+ * @param expiresAt - unix timestamp in seconds
+ * @returns 48-byte message ready to be hashed and signed
+ */
+declare function computeRpSignatureMessage(nonceBytes: Uint8Array, createdAt: number, expiresAt: number): Uint8Array;
+/**
+ * Signs an RP request using pure JS (no WASM required).
+ *
+ * Algorithm matches Rust implementation in rust/core/src/rp_signature.rs
+ *
+ * Nonce generation matches `from_arbitrary_raw_bytes`:
+ * https://github.com/worldcoin/world-id-protocol/blob/31405df8bcd5a2784e04ad9890cf095111dcac13/crates/primitives/src/lib.rs#L134-L149
+ *
+ * @param action - The action tied to the proof request (accepted for API compat, not used in signature)
+ * @param signingKeyHex - The ECDSA private key as hex (0x-prefixed or not, 32 bytes)
+ * @param ttl - Time-to-live in seconds (defaults to 300 = 5 minutes)
+ * @returns RpSignature object with sig, nonce, createdAt, expiresAt
+ */
+declare function signRequest(_action: string, signingKeyHex: string, ttl?: number): RpSignature;
+
+export { type RpSignature, computeRpSignatureMessage, signRequest };

package/dist/signing.d.ts

@@ -0,0 +1,36 @@
+interface RpSignature {
+    sig: string;
+    nonce: string;
+    createdAt: number;
+    expiresAt: number;
+}
+/**
+ * Builds the 48-byte message that gets signed for RP signature verification.
+ *
+ * Message format: nonce(32) || createdAt_u64_be(8) || expiresAt_u64_be(8)
+ *
+ * Matches Rust `compute_rp_signature_msg`:
+ * https://github.com/worldcoin/world-id-protocol/blob/0008eab1efe200e572f27258793f9be5cb32858b/crates/primitives/src/rp.rs#L95-L105
+ *
+ * @param nonceBytes - 32-byte nonce as Uint8Array
+ * @param createdAt - unix timestamp in seconds
+ * @param expiresAt - unix timestamp in seconds
+ * @returns 48-byte message ready to be hashed and signed
+ */
+declare function computeRpSignatureMessage(nonceBytes: Uint8Array, createdAt: number, expiresAt: number): Uint8Array;
+/**
+ * Signs an RP request using pure JS (no WASM required).
+ *
+ * Algorithm matches Rust implementation in rust/core/src/rp_signature.rs
+ *
+ * Nonce generation matches `from_arbitrary_raw_bytes`:
+ * https://github.com/worldcoin/world-id-protocol/blob/31405df8bcd5a2784e04ad9890cf095111dcac13/crates/primitives/src/lib.rs#L134-L149
+ *
+ * @param action - The action tied to the proof request (accepted for API compat, not used in signature)
+ * @param signingKeyHex - The ECDSA private key as hex (0x-prefixed or not, 32 bytes)
+ * @param ttl - Time-to-live in seconds (defaults to 300 = 5 minutes)
+ * @returns RpSignature object with sig, nonce, createdAt, expiresAt
+ */
+declare function signRequest(_action: string, signingKeyHex: string, ttl?: number): RpSignature;
+
+export { type RpSignature, computeRpSignatureMessage, signRequest };

package/dist/signing.js

@@ -0,0 +1,73 @@
+import { keccak_256 } from '@noble/hashes/sha3';
+import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
+import { hmac } from '@noble/hashes/hmac';
+import { sha256 } from '@noble/hashes/sha2';
+import { etc, sign } from '@noble/secp256k1';
+
+// src/lib/signing.ts
+
+// src/lib/platform.ts
+var isServerEnvironment = () => {
+  if (typeof process !== "undefined" && process.versions?.node) {
+    return true;
+  }
+  if (typeof globalThis.Deno !== "undefined") {
+    return true;
+  }
+  if (typeof globalThis.Bun !== "undefined") {
+    return true;
+  }
+  return false;
+};
+function hashToField(input) {
+  const hash = BigInt("0x" + bytesToHex(keccak_256(input))) >> 8n;
+  return hexToBytes(hash.toString(16).padStart(64, "0"));
+}
+
+// src/lib/signing.ts
+etc.hmacSha256Sync = (key, ...msgs) => hmac(sha256, key, etc.concatBytes(...msgs));
+var DEFAULT_TTL_SEC = 300;
+function computeRpSignatureMessage(nonceBytes, createdAt, expiresAt) {
+  const message = new Uint8Array(48);
+  message.set(nonceBytes, 0);
+  const view = new DataView(message.buffer);
+  view.setBigUint64(32, BigInt(createdAt), false);
+  view.setBigUint64(40, BigInt(expiresAt), false);
+  return message;
+}
+function signRequest(_action, signingKeyHex, ttl = DEFAULT_TTL_SEC) {
+  if (!isServerEnvironment()) {
+    throw new Error(
+      "signRequest can only be used in Node.js environments. This function requires access to signing keys and should never be called from browser/client-side code."
+    );
+  }
+  const keyHex = signingKeyHex.startsWith("0x") ? signingKeyHex.slice(2) : signingKeyHex;
+  if (!/^[0-9a-fA-F]+$/.test(keyHex)) {
+    throw new Error("Invalid signing key: contains non-hex characters");
+  }
+  if (keyHex.length !== 64) {
+    throw new Error(
+      `Invalid signing key: expected 32 bytes (64 hex chars), got ${keyHex.length / 2} bytes`
+    );
+  }
+  const privKey = etc.hexToBytes(keyHex);
+  const randomBytes = crypto.getRandomValues(new Uint8Array(32));
+  const nonceBytes = hashToField(randomBytes);
+  const createdAt = Math.floor(Date.now() / 1e3);
+  const expiresAt = createdAt + ttl;
+  const message = computeRpSignatureMessage(nonceBytes, createdAt, expiresAt);
+  const msgHash = keccak_256(message);
+  const recSig = sign(msgHash, privKey);
+  const compact = recSig.toCompactRawBytes();
+  const sig65 = new Uint8Array(65);
+  sig65.set(compact, 0);
+  sig65[64] = recSig.recovery + 27;
+  return {
+    sig: "0x" + bytesToHex(sig65),
+    nonce: "0x" + bytesToHex(nonceBytes),
+    createdAt,
+    expiresAt
+  };
+}
+
+export { computeRpSignatureMessage, signRequest };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@worldcoin/idkit-core",
-  "version": "4.0.1-dev.2039000",
+  "version": "4.0.1-dev.370b7c0",
   "description": "Core IDKit SDK for World ID - Pure TypeScript, no dependencies",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -11,6 +11,16 @@
       "types": "./dist/index.d.ts",
       "import": "./dist/index.js",
       "require": "./dist/index.cjs"
+    },
+    "./signing": {
+      "types": "./dist/signing.d.ts",
+      "import": "./dist/signing.js",
+      "require": "./dist/signing.cjs"
+    },
+    "./hashing": {
+      "types": "./dist/hashing.d.ts",
+      "import": "./dist/hashing.js",
+      "require": "./dist/hashing.cjs"
     }
   },
   "files": [
@@ -40,6 +50,10 @@
     "type": "git",
     "url": "https://github.com/worldcoin/idkit"
   },
+  "dependencies": {
+    "@noble/hashes": "^1.7.2",
+    "@noble/secp256k1": "^2.2.3"
+  },
   "devDependencies": {
     "@types/node": "^20.19.30",
     "@vitest/coverage-v8": "^4.0.18",