@worldcoin/idkit-core 4.0.2-dev.a907be3 → 4.0.3

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-export { RpSignature, signRequest } from './signing.js';
+export { RpSignature, signRequest } from '@worldcoin/idkit-server';
 export { hashSignal } from './hashing.js';
 
 /**
@@ -241,7 +241,8 @@ interface CredentialRequestType {
 type ConstraintNode =
     | CredentialRequestType
     | { any: ConstraintNode[] }
-    | { all: ConstraintNode[] };
+    | { all: ConstraintNode[] }
+    | { enumerate: ConstraintNode[] };
 
 /**
  * Result types - re-exported from WASM bindings
@@ -329,55 +330,6 @@ interface IDKitRequest {
     /** Poll continuously until completion or timeout */
     pollUntilCompletion(options?: WaitOptions): Promise<IDKitCompletionResult>;
 }
-/**
- * Creates a CredentialRequest for a credential type
- *
- * @param credential_type - The type of credential to request (e.g., 'orb', 'face')
- * @param options - Optional signal, genesis_issued_at_min, and expires_at_min
- * @returns A CredentialRequest object
- *
- * @example
- * ```typescript
- * const orb = CredentialRequest('orb', { signal: 'user-123' })
- * const face = CredentialRequest('face')
- * // Require credential to be valid for at least one year
- * const withExpiry = CredentialRequest('orb', { expires_at_min: Date.now() / 1000 + 60 * 60 * 60 * 24 * 365 })
- * ```
- */
-declare function CredentialRequest(credential_type: CredentialType, options?: {
-    signal?: string;
-    genesis_issued_at_min?: number;
-    expires_at_min?: number;
-}): CredentialRequestType;
-/**
- * Creates an OR constraint - at least one child must be satisfied
- *
- * @param nodes - Constraint nodes (CredentialRequests or nested constraints)
- * @returns An "any" constraint node
- *
- * @example
- * ```typescript
- * const constraint = any(CredentialRequest('orb'), CredentialRequest('face'))
- * ```
- */
-declare function any(...nodes: ConstraintNode[]): {
-    any: ConstraintNode[];
-};
-/**
- * Creates an AND constraint - all children must be satisfied
- *
- * @param nodes - Constraint nodes (CredentialRequests or nested constraints)
- * @returns An "all" constraint node
- *
- * @example
- * ```typescript
- * const constraint = all(CredentialRequest('orb'), any(CredentialRequest('document'), CredentialRequest('secure_document')))
- * ```
- */
-declare function all(...nodes: ConstraintNode[]): {
-    all: ConstraintNode[];
-};
-
 /**
  * Creates an OrbLegacy preset for World ID 3.0 legacy support
  *
@@ -445,7 +397,7 @@ declare class IDKitBuilder {
     /**
      * Creates an IDKit request with the given constraints
      *
-     * @param constraints - Constraint tree (CredentialRequest or any/all combinators)
+     * @param constraints - Constraint tree (CredentialRequest or any/all/enumerate combinators)
      * @returns A new IDKitRequest instance
      *
      * @example
@@ -484,7 +436,7 @@ declare class IDKitBuilder {
  *
  * @example
  * ```typescript
- * import { IDKit, CredentialRequest, any, orbLegacy } from '@worldcoin/idkit-core'
+ * import { IDKit, CredentialRequest, any, enumerate, orbLegacy } from '@worldcoin/idkit-core'
  *
  * // With preset (legacy support)
  * const request = await IDKit.request({
@@ -500,7 +452,7 @@ declare class IDKitBuilder {
  *   action: 'my-action',
  *   rp_context: { ... },
  *   allow_legacy_proofs: false,
- * }).constraints(any(CredentialRequest('orb'), CredentialRequest('face')));
+ * }).constraints(enumerate(CredentialRequest('orb'), CredentialRequest('face')));
  *
  * // In World App: connectorURI is empty, result comes via postMessage
  * // On web: connectorURI is the QR URL to display
@@ -511,65 +463,12 @@ declare class IDKitBuilder {
  * ```
  */
 declare function createRequest(config: IDKitRequestConfig): IDKitBuilder;
-/**
- * Creates a new session builder (no action, no existing session_id)
- *
- * Use this when creating a new session for a user who doesn't have one yet.
- * The response will include a `session_id` that should be saved for future
- * session proofs with `proveSession()`.
- *
- * @param config - Session configuration (no action field)
- * @returns IDKitBuilder - A builder instance
- *
- * @example
- * ```typescript
- * import { IDKit, CredentialRequest, any } from '@worldcoin/idkit-core'
- *
- * // Create a new session (user doesn't have session_id yet)
- * const request = await IDKit.createSession({
- *   app_id: 'app_staging_xxxxx',
- *   rp_context: { ... },
- * }).constraints(any(CredentialRequest('orb'), CredentialRequest('face')));
- *
- * // Display QR, wait for proof
- * const result = await request.pollUntilCompletion();
- * // result.session_id -> save this for future sessions
- * // result.responses[0].session_nullifier -> for session tracking
- * ```
- */
-declare function createSession(config: IDKitSessionConfig): IDKitBuilder;
-/**
- * Creates a builder for proving an existing session (no action, has session_id)
- *
- * Use this when a returning user needs to prove they own an existing session.
- * The `sessionId` should be a value previously returned from `createSession()`.
- *
- * @param sessionId - The session ID from a previous session creation
- * @param config - Session configuration (no action field)
- * @returns IDKitBuilder - A builder instance
- *
- * @example
- * ```typescript
- * import { IDKit, CredentialRequest, any } from '@worldcoin/idkit-core'
- *
- * // Prove an existing session (user returns)
- * const request = await IDKit.proveSession(savedSessionId, {
- *   app_id: 'app_staging_xxxxx',
- *   rp_context: { ... },
- * }).constraints(any(CredentialRequest('orb'), CredentialRequest('face')));
- *
- * const result = await request.pollUntilCompletion();
- * // result.session_id -> same session
- * // result.responses[0].session_nullifier -> should match for same user
- * ```
- */
-declare function proveSession(sessionId: string, config: IDKitSessionConfig): IDKitBuilder;
 /**
  * IDKit namespace providing the main API entry points
  *
  * @example
  * ```typescript
- * import { IDKit, CredentialRequest, any, orbLegacy } from '@worldcoin/idkit-core'
+ * import { IDKit, CredentialRequest, any, enumerate, orbLegacy } from '@worldcoin/idkit-core'
  *
  * // Create a verification request
  * const request = await IDKit.request({
@@ -588,16 +487,6 @@ declare function proveSession(sessionId: string, config: IDKitSessionConfig): ID
 declare const IDKit: {
     /** Create a new verification request */
     request: typeof createRequest;
-    /** Create a new session (no action, no existing session_id) */
-    createSession: typeof createSession;
-    /** Prove an existing session (no action, has session_id) */
-    proveSession: typeof proveSession;
-    /** Create a CredentialRequest for a credential type */
-    CredentialRequest: typeof CredentialRequest;
-    /** Create an OR constraint - at least one child must be satisfied */
-    any: typeof any;
-    /** Create an AND constraint - all children must be satisfied */
-    all: typeof all;
     /** Create an OrbLegacy preset for World ID 3.0 legacy support */
     orbLegacy: typeof orbLegacy;
     /** Create a SecureDocumentLegacy preset for World ID 3.0 legacy support */
@@ -628,4 +517,4 @@ declare const isWeb: () => boolean;
  */
 declare const isNode: () => boolean;
 
-export { type AbiEncodedValue, type ConstraintNode, CredentialRequest, type CredentialRequestType, type CredentialType, type DocumentLegacyPreset, IDKit, type IDKitCompletionResult, type IDKitErrorCode, IDKitErrorCodes, type IDKitRequest, type IDKitRequestConfig, type IDKitResult, type IDKitResultSession, type IDKitSessionConfig, type OrbLegacyPreset, type Preset, type ResponseItemSession, type ResponseItemV3, type ResponseItemV4, type RpContext, type SecureDocumentLegacyPreset, type Status$1 as Status, type WaitOptions, all, any, documentLegacy, isNode, isReactNative, isWeb, orbLegacy, secureDocumentLegacy };
+export { type AbiEncodedValue, type ConstraintNode, type CredentialRequestType, type CredentialType, type DocumentLegacyPreset, IDKit, type IDKitCompletionResult, type IDKitErrorCode, IDKitErrorCodes, type IDKitRequest, type IDKitRequestConfig, type IDKitResult, type IDKitResultSession, type IDKitSessionConfig, type OrbLegacyPreset, type Preset, type ResponseItemSession, type ResponseItemV3, type ResponseItemV4, type RpContext, type SecureDocumentLegacyPreset, type Status$1 as Status, type WaitOptions, documentLegacy, isNode, isReactNative, isWeb, orbLegacy, secureDocumentLegacy };

package/dist/index.js

@@ -1,13 +1,11 @@
+export { signRequest } from '@worldcoin/idkit-server';
 import { keccak_256 } from '@noble/hashes/sha3';
 import { hexToBytes, bytesToHex } from '@noble/hashes/utils';
-import { hmac } from '@noble/hashes/hmac';
-import { sha256 } from '@noble/hashes/sha2';
-import { etc, sign } from '@noble/secp256k1';
 
 var __defProp = Object.defineProperty;
-var __export = (target, all2) => {
-  for (var name in all2)
-    __defProp(target, name, { get: all2[name], enumerable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
 };
 
 // src/types/result.ts
@@ -391,14 +389,14 @@ function hashSignal(signal) {
     wasm.__wbindgen_export4(deferred2_0, deferred2_1, 1);
   }
 }
-function __wasm_bindgen_func_elem_960(arg0, arg1, arg2) {
-  wasm.__wasm_bindgen_func_elem_960(arg0, arg1, addHeapObject(arg2));
+function __wasm_bindgen_func_elem_599(arg0, arg1) {
+  wasm.__wasm_bindgen_func_elem_599(arg0, arg1);
 }
-function __wasm_bindgen_func_elem_597(arg0, arg1) {
-  wasm.__wasm_bindgen_func_elem_597(arg0, arg1);
+function __wasm_bindgen_func_elem_962(arg0, arg1, arg2) {
+  wasm.__wasm_bindgen_func_elem_962(arg0, arg1, addHeapObject(arg2));
 }
-function __wasm_bindgen_func_elem_1345(arg0, arg1, arg2, arg3) {
-  wasm.__wasm_bindgen_func_elem_1345(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
+function __wasm_bindgen_func_elem_1347(arg0, arg1, arg2, arg3) {
+  wasm.__wasm_bindgen_func_elem_1347(arg0, arg1, addHeapObject(arg2), addHeapObject(arg3));
 }
 var __wbindgen_enum_RequestCache = ["default", "no-store", "reload", "no-cache", "force-cache", "only-if-cached"];
 var __wbindgen_enum_RequestCredentials = ["omit", "same-origin", "include"];
@@ -1561,7 +1559,7 @@ function __wbg_get_imports() {
         const a = state0.a;
         state0.a = 0;
         try {
-          return __wasm_bindgen_func_elem_1345(a, state0.b, arg02, arg12);
+          return __wasm_bindgen_func_elem_1347(a, state0.b, arg02, arg12);
         } finally {
           state0.a = a;
         }
@@ -1774,20 +1772,20 @@ function __wbg_get_imports() {
     const ret = getStringFromWasm0(arg0, arg1);
     return addHeapObject(ret);
   };
-  imports.wbg.__wbindgen_cast_4625c577ab2ec9ee = function(arg0) {
-    const ret = BigInt.asUintN(64, arg0);
+  imports.wbg.__wbindgen_cast_2d12912bac8cf5ca = function(arg0, arg1) {
+    const ret = makeMutClosure(arg0, arg1, wasm.__wasm_bindgen_func_elem_961, __wasm_bindgen_func_elem_962);
     return addHeapObject(ret);
   };
-  imports.wbg.__wbindgen_cast_91c43ecf1f8dafb8 = function(arg0, arg1) {
-    const ret = makeMutClosure(arg0, arg1, wasm.__wasm_bindgen_func_elem_596, __wasm_bindgen_func_elem_597);
+  imports.wbg.__wbindgen_cast_4625c577ab2ec9ee = function(arg0) {
+    const ret = BigInt.asUintN(64, arg0);
     return addHeapObject(ret);
   };
   imports.wbg.__wbindgen_cast_9ae0607507abb057 = function(arg0) {
     const ret = arg0;
     return addHeapObject(ret);
   };
-  imports.wbg.__wbindgen_cast_ab10518eebecf9a3 = function(arg0, arg1) {
-    const ret = makeMutClosure(arg0, arg1, wasm.__wasm_bindgen_func_elem_959, __wasm_bindgen_func_elem_960);
+  imports.wbg.__wbindgen_cast_b8b1061c2d0ea705 = function(arg0, arg1) {
+    const ret = makeMutClosure(arg0, arg1, wasm.__wasm_bindgen_func_elem_598, __wasm_bindgen_func_elem_599);
     return addHeapObject(ret);
   };
   imports.wbg.__wbindgen_cast_cb9088102bce6b30 = function(arg0, arg1) {
@@ -1881,19 +1879,19 @@ function isInWorldApp() {
 }
 var _requestCounter = 0;
 var _activeNativeRequest = null;
-function createNativeRequest(wasmPayload, config) {
+function createNativeRequest(wasmPayload, config, signalHashes = {}) {
   if (_activeNativeRequest?.isPending()) {
     console.warn(
       "IDKit native request already in flight. Reusing active request."
     );
     return _activeNativeRequest;
   }
-  const request2 = new NativeIDKitRequest(wasmPayload, config);
+  const request2 = new NativeIDKitRequest(wasmPayload, config, signalHashes);
   _activeNativeRequest = request2;
   return request2;
 }
 var NativeIDKitRequest = class {
-  constructor(wasmPayload, config) {
+  constructor(wasmPayload, config, signalHashes = {}) {
     this.connectorURI = "";
     this.resolved = false;
     this.cancelled = false;
@@ -1917,7 +1915,11 @@ var NativeIDKitRequest = class {
           return;
         }
         this.resolved = true;
-        const result = nativeResultToIDKitResult(responsePayload, config);
+        const result = nativeResultToIDKitResult(
+          responsePayload,
+          config,
+          signalHashes
+        );
         this.resolvedResult = result;
         this.cleanup();
         resolve(result);
@@ -2054,26 +2056,32 @@ var NativeVerifyError = class extends Error {
     this.code = code;
   }
 };
-function nativeResultToIDKitResult(payload, config) {
+function nativeResultToIDKitResult(payload, config, signalHashes) {
   const rpNonce = config.rp_context?.nonce ?? "";
-  if ("responses" in payload && Array.isArray(payload.responses)) {
+  if ("responses" in payload) {
+    const v4 = payload;
     return {
-      protocol_version: payload.protocol_version ?? "4.0",
-      nonce: payload.nonce ?? rpNonce,
-      action: payload.action ?? config.action ?? "",
-      action_description: payload.action_description,
-      session_id: payload.session_id,
-      responses: payload.responses,
-      environment: payload.environment ?? config.environment ?? "production"
+      protocol_version: v4.protocol_version ?? "4.0",
+      nonce: v4.nonce ?? rpNonce,
+      action: v4.action ?? config.action ?? "",
+      action_description: v4.action_description,
+      session_id: v4.session_id,
+      responses: v4.responses.map((item) => ({
+        ...item,
+        signal_hash: signalHashes[item.identifier]
+      })),
+      environment: v4.environment ?? config.environment ?? "production"
     };
   }
   if ("verifications" in payload) {
+    const multi = payload;
     return {
       protocol_version: "4.0",
       nonce: rpNonce,
       action: config.action ?? "",
-      responses: payload.verifications.map((v) => ({
+      responses: multi.verifications.map((v) => ({
         identifier: v.verification_level,
+        signal_hash: v.signal_hash ?? signalHashes[v.verification_level],
         proof: [v.proof],
         nullifier: v.nullifier_hash,
         merkle_root: v.merkle_root,
@@ -2083,16 +2091,18 @@ function nativeResultToIDKitResult(payload, config) {
       environment: "production"
     };
   }
+  const single = payload;
   return {
     protocol_version: "3.0",
     nonce: rpNonce,
     action: config.action ?? "",
     responses: [
       {
-        identifier: payload.verification_level,
-        proof: payload.proof,
-        merkle_root: payload.merkle_root,
-        nullifier: payload.nullifier_hash
+        identifier: single.verification_level,
+        signal_hash: single.signal_hash ?? signalHashes[single.verification_level],
+        proof: single.proof,
+        merkle_root: single.merkle_root,
+        nullifier: single.nullifier_hash
       }
     ],
     environment: "production"
@@ -2140,20 +2150,6 @@ var IDKitRequestImpl = class {
     }
   }
 };
-function CredentialRequest(credential_type, options) {
-  return {
-    type: credential_type,
-    signal: options?.signal,
-    genesis_issued_at_min: options?.genesis_issued_at_min,
-    expires_at_min: options?.expires_at_min
-  };
-}
-function any(...nodes) {
-  return { any: nodes };
-}
-function all(...nodes) {
-  return { all: nodes };
-}
 function orbLegacy(opts = {}) {
   return { type: "OrbLegacy", signal: opts.signal };
 }
@@ -2213,7 +2209,7 @@ var IDKitBuilder2 = class {
   /**
    * Creates an IDKit request with the given constraints
    *
-   * @param constraints - Constraint tree (CredentialRequest or any/all combinators)
+   * @param constraints - Constraint tree (CredentialRequest or any/all/enumerate combinators)
    * @returns A new IDKitRequest instance
    *
    * @example
@@ -2226,8 +2222,12 @@ var IDKitBuilder2 = class {
     await initIDKit();
     const wasmBuilder = createWasmBuilderFromConfig(this.config);
     if (isInWorldApp()) {
-      const payload = wasmBuilder.nativePayload(constraints);
-      return createNativeRequest(payload, this.config);
+      const wasmResult = wasmBuilder.nativePayload(constraints);
+      return createNativeRequest(
+        wasmResult.payload,
+        this.config,
+        wasmResult.signal_hashes ?? {}
+      );
     }
     const wasmRequest = await wasmBuilder.constraints(
       constraints
@@ -2253,8 +2253,12 @@ var IDKitBuilder2 = class {
     await initIDKit();
     const wasmBuilder = createWasmBuilderFromConfig(this.config);
     if (isInWorldApp()) {
-      const payload = wasmBuilder.nativePayloadFromPreset(preset);
-      return createNativeRequest(payload, this.config);
+      const wasmResult = wasmBuilder.nativePayloadFromPreset(preset);
+      return createNativeRequest(
+        wasmResult.payload,
+        this.config,
+        wasmResult.signal_hashes ?? {}
+      );
     }
     const wasmRequest = await wasmBuilder.preset(
       preset
@@ -2291,61 +2295,22 @@ function createRequest(config) {
     environment: config.environment
   });
 }
-function createSession2(config) {
-  if (!config.app_id) {
-    throw new Error("app_id is required");
-  }
-  if (!config.rp_context) {
-    throw new Error(
-      "rp_context is required. Generate it on your backend using signRequest()."
-    );
-  }
-  return new IDKitBuilder2({
-    type: "session",
-    app_id: config.app_id,
-    rp_context: config.rp_context,
-    action_description: config.action_description,
-    bridge_url: config.bridge_url,
-    override_connect_base_url: config.override_connect_base_url,
-    environment: config.environment
-  });
-}
-function proveSession2(sessionId, config) {
-  if (!sessionId) {
-    throw new Error("session_id is required");
-  }
-  if (!config.app_id) {
-    throw new Error("app_id is required");
-  }
-  if (!config.rp_context) {
-    throw new Error(
-      "rp_context is required. Generate it on your backend using signRequest()."
-    );
-  }
-  return new IDKitBuilder2({
-    type: "proveSession",
-    session_id: sessionId,
-    app_id: config.app_id,
-    rp_context: config.rp_context,
-    action_description: config.action_description,
-    bridge_url: config.bridge_url,
-    override_connect_base_url: config.override_connect_base_url,
-    environment: config.environment
-  });
-}
 var IDKit = {
   /** Create a new verification request */
   request: createRequest,
-  /** Create a new session (no action, no existing session_id) */
-  createSession: createSession2,
-  /** Prove an existing session (no action, has session_id) */
-  proveSession: proveSession2,
-  /** Create a CredentialRequest for a credential type */
-  CredentialRequest,
-  /** Create an OR constraint - at least one child must be satisfied */
-  any,
-  /** Create an AND constraint - all children must be satisfied */
-  all,
+  // TODO: Re-enable when World ID 4.0 is live
+  // /** Create a new session (no action, no existing session_id) */
+  // createSession,
+  // /** Prove an existing session (no action, has session_id) */
+  // proveSession,
+  // /** Create a CredentialRequest for a credential type */
+  // CredentialRequest,
+  // /** Create an OR constraint - at least one child must be satisfied */
+  // any,
+  // /** Create an AND constraint - all children must be satisfied */
+  // all,
+  // /** Create an enumerate constraint - all satisfiable children should be selected */
+  // enumerate,
   /** Create an OrbLegacy preset for World ID 3.0 legacy support */
   orbLegacy,
   /** Create a SecureDocumentLegacy preset for World ID 3.0 legacy support */
@@ -2364,18 +2329,6 @@ var isWeb = () => {
 var isNode = () => {
   return typeof process !== "undefined" && typeof process.versions !== "undefined" && typeof process.versions.node !== "undefined";
 };
-var isServerEnvironment = () => {
-  if (typeof process !== "undefined" && process.versions?.node) {
-    return true;
-  }
-  if (typeof globalThis.Deno !== "undefined") {
-    return true;
-  }
-  if (typeof globalThis.Bun !== "undefined") {
-    return true;
-  }
-  return false;
-};
 function hashToField(input) {
   const hash = BigInt("0x" + bytesToHex(keccak_256(input))) >> 8n;
   return hexToBytes(hash.toString(16).padStart(64, "0"));
@@ -2397,50 +2350,4 @@ function isValidHex(s) {
   return /^[0-9a-fA-F]+$/.test(s);
 }
 
-// src/lib/signing.ts
-etc.hmacSha256Sync = (key, ...msgs) => hmac(sha256, key, etc.concatBytes(...msgs));
-var DEFAULT_TTL_SEC = 300;
-function computeRpSignatureMessage(nonceBytes, createdAt, expiresAt) {
-  const message = new Uint8Array(48);
-  message.set(nonceBytes, 0);
-  const view = new DataView(message.buffer);
-  view.setBigUint64(32, BigInt(createdAt), false);
-  view.setBigUint64(40, BigInt(expiresAt), false);
-  return message;
-}
-function signRequest2(_action, signingKeyHex, ttl = DEFAULT_TTL_SEC) {
-  if (!isServerEnvironment()) {
-    throw new Error(
-      "signRequest can only be used in Node.js environments. This function requires access to signing keys and should never be called from browser/client-side code."
-    );
-  }
-  const keyHex = signingKeyHex.startsWith("0x") ? signingKeyHex.slice(2) : signingKeyHex;
-  if (!/^[0-9a-fA-F]+$/.test(keyHex)) {
-    throw new Error("Invalid signing key: contains non-hex characters");
-  }
-  if (keyHex.length !== 64) {
-    throw new Error(
-      `Invalid signing key: expected 32 bytes (64 hex chars), got ${keyHex.length / 2} bytes`
-    );
-  }
-  const privKey = etc.hexToBytes(keyHex);
-  const randomBytes = crypto.getRandomValues(new Uint8Array(32));
-  const nonceBytes = hashToField(randomBytes);
-  const createdAt = Math.floor(Date.now() / 1e3);
-  const expiresAt = createdAt + ttl;
-  const message = computeRpSignatureMessage(nonceBytes, createdAt, expiresAt);
-  const msgHash = keccak_256(message);
-  const recSig = sign(msgHash, privKey);
-  const compact = recSig.toCompactRawBytes();
-  const sig65 = new Uint8Array(65);
-  sig65.set(compact, 0);
-  sig65[64] = recSig.recovery + 27;
-  return {
-    sig: "0x" + bytesToHex(sig65),
-    nonce: "0x" + bytesToHex(nonceBytes),
-    createdAt,
-    expiresAt
-  };
-}
-
-export { CredentialRequest, IDKit, IDKitErrorCodes, all, any, documentLegacy, hashSignal2 as hashSignal, isNode, isReactNative, isWeb, orbLegacy, secureDocumentLegacy, signRequest2 as signRequest };
+export { IDKit, IDKitErrorCodes, documentLegacy, hashSignal2 as hashSignal, isNode, isReactNative, isWeb, orbLegacy, secureDocumentLegacy };

package/dist/signing.cjs

@@ -1,76 +1,14 @@
 'use strict';
 
-var sha3 = require('@noble/hashes/sha3');
-var utils = require('@noble/hashes/utils');
-var hmac = require('@noble/hashes/hmac');
-var sha2 = require('@noble/hashes/sha2');
-var secp256k1 = require('@noble/secp256k1');
+var idkitServer = require('@worldcoin/idkit-server');
 
-// src/lib/signing.ts
 
-// src/lib/platform.ts
-var isServerEnvironment = () => {
-  if (typeof process !== "undefined" && process.versions?.node) {
-    return true;
-  }
-  if (typeof globalThis.Deno !== "undefined") {
-    return true;
-  }
-  if (typeof globalThis.Bun !== "undefined") {
-    return true;
-  }
-  return false;
-};
-function hashToField(input) {
-  const hash = BigInt("0x" + utils.bytesToHex(sha3.keccak_256(input))) >> 8n;
-  return utils.hexToBytes(hash.toString(16).padStart(64, "0"));
-}
 
-// src/lib/signing.ts
-secp256k1.etc.hmacSha256Sync = (key, ...msgs) => hmac.hmac(sha2.sha256, key, secp256k1.etc.concatBytes(...msgs));
-var DEFAULT_TTL_SEC = 300;
-function computeRpSignatureMessage(nonceBytes, createdAt, expiresAt) {
-  const message = new Uint8Array(48);
-  message.set(nonceBytes, 0);
-  const view = new DataView(message.buffer);
-  view.setBigUint64(32, BigInt(createdAt), false);
-  view.setBigUint64(40, BigInt(expiresAt), false);
-  return message;
-}
-function signRequest(_action, signingKeyHex, ttl = DEFAULT_TTL_SEC) {
-  if (!isServerEnvironment()) {
-    throw new Error(
-      "signRequest can only be used in Node.js environments. This function requires access to signing keys and should never be called from browser/client-side code."
-    );
-  }
-  const keyHex = signingKeyHex.startsWith("0x") ? signingKeyHex.slice(2) : signingKeyHex;
-  if (!/^[0-9a-fA-F]+$/.test(keyHex)) {
-    throw new Error("Invalid signing key: contains non-hex characters");
-  }
-  if (keyHex.length !== 64) {
-    throw new Error(
-      `Invalid signing key: expected 32 bytes (64 hex chars), got ${keyHex.length / 2} bytes`
-    );
-  }
-  const privKey = secp256k1.etc.hexToBytes(keyHex);
-  const randomBytes = crypto.getRandomValues(new Uint8Array(32));
-  const nonceBytes = hashToField(randomBytes);
-  const createdAt = Math.floor(Date.now() / 1e3);
-  const expiresAt = createdAt + ttl;
-  const message = computeRpSignatureMessage(nonceBytes, createdAt, expiresAt);
-  const msgHash = sha3.keccak_256(message);
-  const recSig = secp256k1.sign(msgHash, privKey);
-  const compact = recSig.toCompactRawBytes();
-  const sig65 = new Uint8Array(65);
-  sig65.set(compact, 0);
-  sig65[64] = recSig.recovery + 27;
-  return {
-    sig: "0x" + utils.bytesToHex(sig65),
-    nonce: "0x" + utils.bytesToHex(nonceBytes),
-    createdAt,
-    expiresAt
-  };
-}
-
-exports.computeRpSignatureMessage = computeRpSignatureMessage;
-exports.signRequest = signRequest;
+Object.defineProperty(exports, "computeRpSignatureMessage", {
+  enumerable: true,
+  get: function () { return idkitServer.computeRpSignatureMessage; }
+});
+Object.defineProperty(exports, "signRequest", {
+  enumerable: true,
+  get: function () { return idkitServer.signRequest; }
+});