npm - @worldcoin/idkit-core - Versions diffs - 4.0.1-dev.fe98789 → 4.0.2-dev.6541a3e - Mend

@worldcoin/idkit-core 4.0.1-dev.fe98789 → 4.0.2-dev.6541a3e

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,13 @@
+import { keccak_256 } from '@noble/hashes/sha3';
+import { hexToBytes, bytesToHex } from '@noble/hashes/utils';
+import { hmac } from '@noble/hashes/hmac';
+import { sha256 } from '@noble/hashes/sha2';
+import { etc, sign } from '@noble/secp256k1';
 var __defProp = Object.defineProperty;
-var __export = (target, all2) => {
-  for (var name in all2)
-    __defProp(target, name, { get: all2[name], enumerable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
 };
 // src/types/result.ts
@@ -385,14 +391,14 @@ function hashSignal(signal) {
     wasm.__wbindgen_export4(deferred2_0, deferred2_1, 1);
   }
 }
-function __wasm_bindgen_func_elem_597(arg0, arg1) {
-  wasm.__wasm_bindgen_func_elem_597(arg0, arg1);
+function __wasm_bindgen_func_elem_959(arg0, arg1, arg2) {
+  wasm.__wasm_bindgen_func_elem_959(arg0, arg1, addHeapObject(arg2));
 }
-function __wasm_bindgen_func_elem_960(arg0, arg1, arg2) {
-  wasm.__wasm_bindgen_func_elem_960(arg0, arg1, addHeapObject(arg2));
+function __wasm_bindgen_func_elem_596(arg0, arg1) {
+  wasm.__wasm_bindgen_func_elem_596(arg0, arg1);
 }
-function __wasm_bindgen_func_elem_1345(arg0, arg1, arg2, arg3) {
-  wasm.__wasm_bindgen_func_elem_1345(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
+function __wasm_bindgen_func_elem_1344(arg0, arg1, arg2, arg3) {
+  wasm.__wasm_bindgen_func_elem_1344(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
 }
 var __wbindgen_enum_RequestCache = ["default", "no-store", "reload", "no-cache", "force-cache", "only-if-cached"];
 var __wbindgen_enum_RequestCredentials = ["omit", "same-origin", "include"];
@@ -769,6 +775,34 @@ var IDKitBuilder = class _IDKitBuilder {
     const ret = wasm.idkitbuilder_constraints(ptr, addHeapObject(constraints_json));
     return takeObject(ret);
   }
+  /**
+   * Builds the native payload for constraints (synchronous, no bridge connection).
+   *
+   * Used by the native transport to get the same payload format as the bridge
+   * without creating a network connection.
+   *
+   * # Errors
+   *
+   * Returns an error if constraints are invalid or payload construction fails.
+   * @param {any} constraints_json
+   * @returns {any}
+   */
+  nativePayload(constraints_json) {
+    try {
+      const ptr = this.__destroy_into_raw();
+      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+      wasm.idkitbuilder_nativePayload(retptr, ptr, addHeapObject(constraints_json));
+      var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+      var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+      var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+      if (r2) {
+        throw takeObject(r1);
+      }
+      return takeObject(r0);
+    } finally {
+      wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+  }
   /**
    * Creates a new builder for proving an existing session
    * @param {string} session_id
@@ -824,6 +858,34 @@ var IDKitBuilder = class _IDKitBuilder {
     const ret = wasm.createSession(ptr0, len0, ptr1, ptr2, len2, ptr3, len3, ptr4, len4, ptr5, len5);
     return _IDKitBuilder.__wrap(ret);
   }
+  /**
+   * Builds the native payload from a preset (synchronous, no bridge connection).
+   *
+   * Used by the native transport to get the same payload format as the bridge
+   * without creating a network connection.
+   *
+   * # Errors
+   *
+   * Returns an error if the preset is invalid or payload construction fails.
+   * @param {any} preset_json
+   * @returns {any}
+   */
+  nativePayloadFromPreset(preset_json) {
+    try {
+      const ptr = this.__destroy_into_raw();
+      const retptr = wasm.__wbindgen_add_to_stack_pointer(-16);
+      wasm.idkitbuilder_nativePayloadFromPreset(retptr, ptr, addHeapObject(preset_json));
+      var r0 = getDataViewMemory0().getInt32(retptr + 4 * 0, true);
+      var r1 = getDataViewMemory0().getInt32(retptr + 4 * 1, true);
+      var r2 = getDataViewMemory0().getInt32(retptr + 4 * 2, true);
+      if (r2) {
+        throw takeObject(r1);
+      }
+      return takeObject(r0);
+    } finally {
+      wasm.__wbindgen_add_to_stack_pointer(16);
+    }
+  }
   /**
    * Creates a new builder for uniqueness requests
    * @param {string} app_id
@@ -1499,7 +1561,7 @@ function __wbg_get_imports() {
         const a = state0.a;
         state0.a = 0;
         try {
-          return __wasm_bindgen_func_elem_1345(a, state0.b, arg02, arg12);
+          return __wasm_bindgen_func_elem_1344(a, state0.b, arg02, arg12);
         } finally {
           state0.a = a;
         }
@@ -1712,20 +1774,20 @@ function __wbg_get_imports() {
     const ret = getStringFromWasm0(arg0, arg1);
     return addHeapObject(ret);
   };
-  imports.wbg.__wbindgen_cast_4625c577ab2ec9ee = function(arg0) {
-    const ret = BigInt.asUintN(64, arg0);
+  imports.wbg.__wbindgen_cast_2d12912bac8cf5ca = function(arg0, arg1) {
+    const ret = makeMutClosure(arg0, arg1, wasm.__wasm_bindgen_func_elem_958, __wasm_bindgen_func_elem_959);
     return addHeapObject(ret);
   };
-  imports.wbg.__wbindgen_cast_91c43ecf1f8dafb8 = function(arg0, arg1) {
-    const ret = makeMutClosure(arg0, arg1, wasm.__wasm_bindgen_func_elem_596, __wasm_bindgen_func_elem_597);
+  imports.wbg.__wbindgen_cast_4625c577ab2ec9ee = function(arg0) {
+    const ret = BigInt.asUintN(64, arg0);
     return addHeapObject(ret);
   };
   imports.wbg.__wbindgen_cast_9ae0607507abb057 = function(arg0) {
     const ret = arg0;
     return addHeapObject(ret);
   };
-  imports.wbg.__wbindgen_cast_ab10518eebecf9a3 = function(arg0, arg1) {
-    const ret = makeMutClosure(arg0, arg1, wasm.__wasm_bindgen_func_elem_959, __wasm_bindgen_func_elem_960);
+  imports.wbg.__wbindgen_cast_b8b1061c2d0ea705 = function(arg0, arg1) {
+    const ret = makeMutClosure(arg0, arg1, wasm.__wasm_bindgen_func_elem_595, __wasm_bindgen_func_elem_596);
     return addHeapObject(ret);
   };
   imports.wbg.__wbindgen_cast_cb9088102bce6b30 = function(arg0, arg1) {
@@ -1793,10 +1855,6 @@ var idkit_wasm_default = __wbg_init;
 // src/lib/wasm.ts
 var wasmInitialized = false;
 var wasmInitPromise = null;
-async function importNodeModule(specifier) {
-  const dynamicImport = Function("moduleName", "return import(moduleName)");
-  return dynamicImport(specifier);
-}
 async function initIDKit() {
   if (wasmInitialized) {
     return;
@@ -1815,35 +1873,230 @@ async function initIDKit() {
   })();
   return wasmInitPromise;
 }
-async function initIDKitServer() {
-  if (wasmInitialized) {
-    return;
+// src/transports/native.ts
+var MINIAPP_VERIFY_ACTION = "miniapp-verify-action";
+function isInWorldApp() {
+  return typeof window !== "undefined" && Boolean(window.WorldApp);
+}
+var _requestCounter = 0;
+var _activeNativeRequest = null;
+function createNativeRequest(wasmPayload, config) {
+  if (_activeNativeRequest?.isPending()) {
+    console.warn(
+      "IDKit native request already in flight. Reusing active request."
+    );
+    return _activeNativeRequest;
   }
-  if (wasmInitPromise) {
-    return wasmInitPromise;
+  const request2 = new NativeIDKitRequest(wasmPayload, config);
+  _activeNativeRequest = request2;
+  return request2;
+}
+var NativeIDKitRequest = class {
+  constructor(wasmPayload, config) {
+    this.connectorURI = "";
+    this.resolved = false;
+    this.cancelled = false;
+    this.settled = false;
+    this.resolvedResult = null;
+    this.messageHandler = null;
+    this.miniKitHandler = null;
+    this.rejectFn = null;
+    this.requestId = crypto.randomUUID?.() ?? `native-${Date.now()}-${++_requestCounter}`;
+    this.resultPromise = new Promise((resolve, reject) => {
+      this.rejectFn = reject;
+      const handleIncomingPayload = (responsePayload) => {
+        if (this.cancelled || this.resolved || this.settled) return;
+        if (responsePayload?.status === "error") {
+          this.cleanup();
+          reject(
+            new NativeVerifyError(
+              responsePayload.error_code ?? "generic_error" /* GenericError */
+            )
+          );
+          return;
+        }
+        this.resolved = true;
+        const result = nativeResultToIDKitResult(responsePayload, config);
+        this.resolvedResult = result;
+        this.cleanup();
+        resolve(result);
+      };
+      const handler = (event) => {
+        const data = event.data;
+        if (data?.type === MINIAPP_VERIFY_ACTION || data?.command === MINIAPP_VERIFY_ACTION) {
+          handleIncomingPayload(data.payload ?? data);
+        }
+      };
+      this.messageHandler = handler;
+      window.addEventListener("message", handler);
+      try {
+        const miniKit = window.MiniKit;
+        if (typeof miniKit?.subscribe === "function") {
+          const miniKitHandler = (payload) => {
+            handleIncomingPayload(payload?.payload ?? payload);
+          };
+          this.miniKitHandler = miniKitHandler;
+          miniKit.subscribe(MINIAPP_VERIFY_ACTION, miniKitHandler);
+        }
+      } catch {
+      }
+      const sendPayload = {
+        command: "verify",
+        version: 2,
+        payload: wasmPayload
+      };
+      const w = window;
+      if (w.webkit?.messageHandlers?.minikit) {
+        w.webkit.messageHandlers.minikit.postMessage(sendPayload);
+      } else if (w.Android) {
+        w.Android.postMessage(JSON.stringify(sendPayload));
+      } else {
+        this.cleanup();
+        reject(new Error("No WebView bridge available"));
+      }
+    });
+    this.resultPromise.catch(() => {
+    }).finally(() => {
+      this.settled = true;
+      this.cleanup();
+      if (_activeNativeRequest === this) {
+        _activeNativeRequest = null;
+      }
+    });
   }
-  wasmInitPromise = (async () => {
+  /**
+   * Cancel this request. Removes the message listener so it cannot consume
+   * a response meant for a later request, and rejects the pending promise.
+   */
+  cancel() {
+    if (this.resolved || this.cancelled) return;
+    this.cancelled = true;
+    this.cleanup();
+    this.rejectFn?.(new NativeVerifyError("cancelled" /* Cancelled */));
+    if (_activeNativeRequest === this) {
+      _activeNativeRequest = null;
+    }
+  }
+  cleanup() {
+    if (this.messageHandler) {
+      window.removeEventListener("message", this.messageHandler);
+      this.messageHandler = null;
+    }
+    if (this.miniKitHandler) {
+      try {
+        const miniKit = window.MiniKit;
+        miniKit?.unsubscribe?.(MINIAPP_VERIFY_ACTION);
+      } catch {
+      }
+      this.miniKitHandler = null;
+    }
+  }
+  isPending() {
+    return !this.settled && !this.cancelled;
+  }
+  async pollOnce() {
+    if (this.resolved && this.resolvedResult) {
+      return { type: "confirmed", result: this.resolvedResult };
+    }
+    return { type: "awaiting_confirmation" };
+  }
+  async pollUntilCompletion(options) {
+    const timeout = options?.timeout ?? 3e5;
+    let timeoutId;
+    let abortHandler = null;
+    let waiterTerminationCode = null;
     try {
-      const { readFile } = await importNodeModule(
-        "node:fs/promises"
-      );
-      const { fileURLToPath } = await importNodeModule(
-        "node:url"
-      );
-      const { dirname, join } = await importNodeModule(
-        "node:path"
-      );
-      const modulePath = fileURLToPath(import.meta.url);
-      const wasmPath = join(dirname(modulePath), "idkit_wasm_bg.wasm");
-      const wasmBuffer = await readFile(wasmPath);
-      await idkit_wasm_default({ module_or_path: wasmBuffer });
-      wasmInitialized = true;
+      const result = await Promise.race([
+        this.resultPromise,
+        new Promise((_, reject) => {
+          if (options?.signal) {
+            abortHandler = () => {
+              waiterTerminationCode = "cancelled" /* Cancelled */;
+              reject(new NativeVerifyError("cancelled" /* Cancelled */));
+            };
+            if (options.signal.aborted) {
+              abortHandler();
+              return;
+            }
+            options.signal.addEventListener("abort", abortHandler, {
+              once: true
+            });
+          }
+          timeoutId = setTimeout(() => {
+            waiterTerminationCode = "timeout" /* Timeout */;
+            reject(new NativeVerifyError("timeout" /* Timeout */));
+          }, timeout);
+        })
+      ]);
+      return { success: true, result };
     } catch (error) {
-      wasmInitPromise = null;
-      throw new Error(`Failed to initialize IDKit WASM for server: ${error}`);
+      if (error instanceof NativeVerifyError) {
+        if (waiterTerminationCode === error.code && this.isPending()) {
+          this.cancel();
+        }
+        return { success: false, error: error.code };
+      }
+      return { success: false, error: "generic_error" /* GenericError */ };
+    } finally {
+      if (timeoutId) {
+        clearTimeout(timeoutId);
+      }
+      if (options?.signal && abortHandler) {
+        options.signal.removeEventListener("abort", abortHandler);
+      }
     }
-  })();
-  return wasmInitPromise;
+  }
+};
+var NativeVerifyError = class extends Error {
+  constructor(code) {
+    super(code);
+    this.code = code;
+  }
+};
+function nativeResultToIDKitResult(payload, config) {
+  const rpNonce = config.rp_context?.nonce ?? "";
+  if ("responses" in payload && Array.isArray(payload.responses)) {
+    return {
+      protocol_version: payload.protocol_version ?? "4.0",
+      nonce: payload.nonce ?? rpNonce,
+      action: payload.action ?? config.action ?? "",
+      action_description: payload.action_description,
+      session_id: payload.session_id,
+      responses: payload.responses,
+      environment: payload.environment ?? config.environment ?? "production"
+    };
+  }
+  if ("verifications" in payload) {
+    return {
+      protocol_version: "4.0",
+      nonce: rpNonce,
+      action: config.action ?? "",
+      responses: payload.verifications.map((v) => ({
+        identifier: v.verification_level,
+        proof: [v.proof],
+        nullifier: v.nullifier_hash,
+        merkle_root: v.merkle_root,
+        issuer_schema_id: 0,
+        expires_at_min: 0
+      })),
+      environment: "production"
+    };
+  }
+  return {
+    protocol_version: "3.0",
+    nonce: rpNonce,
+    action: config.action ?? "",
+    responses: [
+      {
+        identifier: payload.verification_level,
+        proof: payload.proof,
+        merkle_root: payload.merkle_root,
+        nullifier: payload.nullifier_hash
+      }
+    ],
+    environment: "production"
+  };
 }
 // src/request.ts
@@ -1887,20 +2140,6 @@ var IDKitRequestImpl = class {
     }
   }
 };
-function CredentialRequest(credential_type, options) {
-  return {
-    type: credential_type,
-    signal: options?.signal,
-    genesis_issued_at_min: options?.genesis_issued_at_min,
-    expires_at_min: options?.expires_at_min
-  };
-}
-function any(...nodes) {
-  return { any: nodes };
-}
-function all(...nodes) {
-  return { all: nodes };
-}
 function orbLegacy(opts = {}) {
   return { type: "OrbLegacy", signal: opts.signal };
 }
@@ -1910,48 +2149,100 @@ function secureDocumentLegacy(opts = {}) {
 function documentLegacy(opts = {}) {
   return { type: "DocumentLegacy", signal: opts.signal };
 }
+function createWasmBuilderFromConfig(config) {
+  if (!config.rp_context) {
+    throw new Error("rp_context is required for WASM bridge transport");
+  }
+  const rpContext = new idkit_wasm_exports.RpContextWasm(
+    config.rp_context.rp_id,
+    config.rp_context.nonce,
+    BigInt(config.rp_context.created_at),
+    BigInt(config.rp_context.expires_at),
+    config.rp_context.signature
+  );
+  if (config.type === "request") {
+    return idkit_wasm_exports.request(
+      config.app_id,
+      String(config.action ?? ""),
+      rpContext,
+      config.action_description ?? null,
+      config.bridge_url ?? null,
+      config.allow_legacy_proofs ?? false,
+      config.override_connect_base_url ?? null,
+      config.environment ?? null
+    );
+  }
+  if (config.type === "proveSession") {
+    return idkit_wasm_exports.proveSession(
+      config.session_id,
+      config.app_id,
+      rpContext,
+      config.action_description ?? null,
+      config.bridge_url ?? null,
+      config.override_connect_base_url ?? null,
+      config.environment ?? null
+    );
+  }
+  return idkit_wasm_exports.createSession(
+    config.app_id,
+    rpContext,
+    config.action_description ?? null,
+    config.bridge_url ?? null,
+    config.override_connect_base_url ?? null,
+    config.environment ?? null
+  );
+}
 var IDKitBuilder2 = class {
-  constructor(wasmBuilder) {
-    this.wasmBuilder = wasmBuilder;
+  constructor(config) {
+    this.config = config;
   }
   /**
    * Creates an IDKit request with the given constraints
    *
-   * @param constraints - Constraint tree (CredentialRequest or any/all combinators)
+   * @param constraints - Constraint tree (CredentialRequest or any/all/enumerate combinators)
    * @returns A new IDKitRequest instance
    *
    * @example
    * ```typescript
-   * const builder = await IDKit.request({ app_id, action, rp_context });
-   * const request = await builder.constraints(any(CredentialRequest('orb'), CredentialRequest('face')));
+   * const request = await IDKit.request({ app_id, action, rp_context, allow_legacy_proofs: false })
+   *   .constraints(any(CredentialRequest('orb'), CredentialRequest('face')));
    * ```
    */
-  //TODO: re-enable once this is supported and World ID 4.0 is rolled out live
-  // async constraints(constraints: ConstraintNode): Promise<IDKitRequest> {
-  //   await initIDKit();
-  //   const wasmRequest = (await this.wasmBuilder.constraints(
-  //     constraints,
-  //   )) as unknown as WasmModule.IDKitRequest;
-  //   return new IDKitRequestImpl(wasmRequest);
-  // }
+  async constraints(constraints) {
+    await initIDKit();
+    const wasmBuilder = createWasmBuilderFromConfig(this.config);
+    if (isInWorldApp()) {
+      const payload = wasmBuilder.nativePayload(constraints);
+      return createNativeRequest(payload, this.config);
+    }
+    const wasmRequest = await wasmBuilder.constraints(
+      constraints
+    );
+    return new IDKitRequestImpl(wasmRequest);
+  }
   /**
    * Creates an IDKit request from a preset (works for all request types)
    *
    * Presets provide a simplified way to create requests with predefined
    * credential configurations.
    *
-   * @param preset - A preset object from orbLegacy()
+   * @param preset - A preset object from orbLegacy(), secureDocumentLegacy(), or documentLegacy()
    * @returns A new IDKitRequest instance
    *
    * @example
    * ```typescript
-   * const builder = await IDKit.request({ app_id, action, rp_context });
-   * const request = await builder.preset(orbLegacy({ signal: 'user-123' }));
+   * const request = await IDKit.request({ app_id, action, rp_context, allow_legacy_proofs: true })
+   *   .preset(orbLegacy({ signal: 'user-123' }));
    * ```
    */
   async preset(preset) {
     await initIDKit();
-    const wasmRequest = await this.wasmBuilder.preset(
+    const wasmBuilder = createWasmBuilderFromConfig(this.config);
+    if (isInWorldApp()) {
+      const payload = wasmBuilder.nativePayloadFromPreset(preset);
+      return createNativeRequest(payload, this.config);
+    }
+    const wasmRequest = await wasmBuilder.preset(
       preset
     );
     return new IDKitRequestImpl(wasmRequest);
@@ -1965,101 +2256,43 @@ function createRequest(config) {
     throw new Error("action is required");
   }
   if (!config.rp_context) {
-    throw new Error("rp_context is required");
+    throw new Error(
+      "rp_context is required. Generate it on your backend using signRequest()."
+    );
   }
   if (typeof config.allow_legacy_proofs !== "boolean") {
     throw new Error(
       "allow_legacy_proofs is required. Set to true to accept v3 proofs during migration, or false to only accept v4 proofs."
     );
   }
-  const rpContext = new idkit_wasm_exports.RpContextWasm(
-    config.rp_context.rp_id,
-    config.rp_context.nonce,
-    BigInt(config.rp_context.created_at),
-    BigInt(config.rp_context.expires_at),
-    config.rp_context.signature
-  );
-  const wasmBuilder = idkit_wasm_exports.request(
-    config.app_id,
-    String(config.action),
-    rpContext,
-    config.action_description ?? null,
-    config.bridge_url ?? null,
-    config.allow_legacy_proofs,
-    config.override_connect_base_url ?? null,
-    config.environment ?? null
-  );
-  return new IDKitBuilder2(wasmBuilder);
-}
-function createSession2(config) {
-  if (!config.app_id) {
-    throw new Error("app_id is required");
-  }
-  if (!config.rp_context) {
-    throw new Error("rp_context is required");
-  }
-  const rpContext = new idkit_wasm_exports.RpContextWasm(
-    config.rp_context.rp_id,
-    config.rp_context.nonce,
-    BigInt(config.rp_context.created_at),
-    BigInt(config.rp_context.expires_at),
-    config.rp_context.signature
-  );
-  const wasmBuilder = idkit_wasm_exports.createSession(
-    config.app_id,
-    rpContext,
-    config.action_description ?? null,
-    config.bridge_url ?? null,
-    config.override_connect_base_url ?? null,
-    config.environment ?? null
-  );
-  return new IDKitBuilder2(wasmBuilder);
-}
-function proveSession2(sessionId, config) {
-  if (!sessionId) {
-    throw new Error("session_id is required");
-  }
-  if (!config.app_id) {
-    throw new Error("app_id is required");
-  }
-  if (!config.rp_context) {
-    throw new Error("rp_context is required");
-  }
-  const rpContext = new idkit_wasm_exports.RpContextWasm(
-    config.rp_context.rp_id,
-    config.rp_context.nonce,
-    BigInt(config.rp_context.created_at),
-    BigInt(config.rp_context.expires_at),
-    config.rp_context.signature
-  );
-  const wasmBuilder = idkit_wasm_exports.proveSession(
-    sessionId,
-    config.app_id,
-    rpContext,
-    config.action_description ?? null,
-    config.bridge_url ?? null,
-    config.override_connect_base_url ?? null,
-    config.environment ?? null
-  );
-  return new IDKitBuilder2(wasmBuilder);
+  return new IDKitBuilder2({
+    type: "request",
+    app_id: config.app_id,
+    action: String(config.action),
+    rp_context: config.rp_context,
+    action_description: config.action_description,
+    bridge_url: config.bridge_url,
+    allow_legacy_proofs: config.allow_legacy_proofs,
+    override_connect_base_url: config.override_connect_base_url,
+    environment: config.environment
+  });
 }
 var IDKit = {
-  /** Initialize WASM for browser environments */
-  init: initIDKit,
-  /** Initialize WASM for Node.js/server environments */
-  initServer: initIDKitServer,
   /** Create a new verification request */
   request: createRequest,
-  /** Create a new session (no action, no existing session_id) */
-  createSession: createSession2,
-  /** Prove an existing session (no action, has session_id) */
-  proveSession: proveSession2,
-  /** Create a CredentialRequest for a credential type */
-  CredentialRequest,
-  /** Create an OR constraint - at least one child must be satisfied */
-  any,
-  /** Create an AND constraint - all children must be satisfied */
-  all,
+  // TODO: Re-enable when World ID 4.0 is live
+  // /** Create a new session (no action, no existing session_id) */
+  // createSession,
+  // /** Prove an existing session (no action, has session_id) */
+  // proveSession,
+  // /** Create a CredentialRequest for a credential type */
+  // CredentialRequest,
+  // /** Create an OR constraint - at least one child must be satisfied */
+  // any,
+  // /** Create an AND constraint - all children must be satisfied */
+  // all,
+  // /** Create an enumerate constraint - all satisfiable children should be selected */
+  // enumerate,
   /** Create an OrbLegacy preset for World ID 3.0 legacy support */
   orbLegacy,
   /** Create a SecureDocumentLegacy preset for World ID 3.0 legacy support */
@@ -2090,21 +2323,71 @@ var isServerEnvironment = () => {
   }
   return false;
 };
+function hashToField(input) {
+  const hash = BigInt("0x" + bytesToHex(keccak_256(input))) >> 8n;
+  return hexToBytes(hash.toString(16).padStart(64, "0"));
+}
+function hashSignal2(signal) {
+  let input;
+  if (signal instanceof Uint8Array) {
+    input = signal;
+  } else if (signal.startsWith("0x") && isValidHex(signal.slice(2))) {
+    input = hexToBytes(signal.slice(2));
+  } else {
+    input = new TextEncoder().encode(signal);
+  }
+  return "0x" + bytesToHex(hashToField(input));
+}
+function isValidHex(s) {
+  if (s.length === 0) return false;
+  if (s.length % 2 !== 0) return false;
+  return /^[0-9a-fA-F]+$/.test(s);
+}
-// src/lib/rp-signature.ts
-function signRequest2(action, signingKeyHex, ttlSeconds) {
+// src/lib/signing.ts
+etc.hmacSha256Sync = (key, ...msgs) => hmac(sha256, key, etc.concatBytes(...msgs));
+var DEFAULT_TTL_SEC = 300;
+function computeRpSignatureMessage(nonceBytes, createdAt, expiresAt) {
+  const message = new Uint8Array(48);
+  message.set(nonceBytes, 0);
+  const view = new DataView(message.buffer);
+  view.setBigUint64(32, BigInt(createdAt), false);
+  view.setBigUint64(40, BigInt(expiresAt), false);
+  return message;
+}
+function signRequest2(_action, signingKeyHex, ttl = DEFAULT_TTL_SEC) {
   if (!isServerEnvironment()) {
     throw new Error(
       "signRequest can only be used in Node.js environments. This function requires access to signing keys and should never be called from browser/client-side code."
     );
   }
-  const ttlBigInt = ttlSeconds !== void 0 ? BigInt(ttlSeconds) : void 0;
-  return idkit_wasm_exports.signRequest(action, signingKeyHex, ttlBigInt);
-}
-// src/lib/hashing.ts
-function hashSignal2(signal) {
-  return idkit_wasm_exports.hashSignal(signal);
+  const keyHex = signingKeyHex.startsWith("0x") ? signingKeyHex.slice(2) : signingKeyHex;
+  if (!/^[0-9a-fA-F]+$/.test(keyHex)) {
+    throw new Error("Invalid signing key: contains non-hex characters");
+  }
+  if (keyHex.length !== 64) {
+    throw new Error(
+      `Invalid signing key: expected 32 bytes (64 hex chars), got ${keyHex.length / 2} bytes`
+    );
+  }
+  const privKey = etc.hexToBytes(keyHex);
+  const randomBytes = crypto.getRandomValues(new Uint8Array(32));
+  const nonceBytes = hashToField(randomBytes);
+  const createdAt = Math.floor(Date.now() / 1e3);
+  const expiresAt = createdAt + ttl;
+  const message = computeRpSignatureMessage(nonceBytes, createdAt, expiresAt);
+  const msgHash = keccak_256(message);
+  const recSig = sign(msgHash, privKey);
+  const compact = recSig.toCompactRawBytes();
+  const sig65 = new Uint8Array(65);
+  sig65.set(compact, 0);
+  sig65[64] = recSig.recovery + 27;
+  return {
+    sig: "0x" + bytesToHex(sig65),
+    nonce: "0x" + bytesToHex(nonceBytes),
+    createdAt,
+    expiresAt
+  };
 }
-export { CredentialRequest, IDKit, IDKitErrorCodes, all, any, documentLegacy, hashSignal2 as hashSignal, isNode, isReactNative, isWeb, orbLegacy, secureDocumentLegacy, signRequest2 as signRequest };
+export { IDKit, IDKitErrorCodes, documentLegacy, hashSignal2 as hashSignal, isNode, isReactNative, isWeb, orbLegacy, secureDocumentLegacy, signRequest2 as signRequest };