@zkproofport-ai/sdk 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +98 -9
- package/dist/cdp.d.ts +114 -16
- package/dist/cdp.d.ts.map +1 -1
- package/dist/cdp.js +64 -75
- package/dist/cdp.js.map +1 -1
- package/dist/flow.d.ts +5 -0
- package/dist/flow.d.ts.map +1 -1
- package/dist/flow.js +40 -16
- package/dist/flow.js.map +1 -1
- package/dist/index.d.ts +7 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +6 -2
- package/dist/index.js.map +1 -1
- package/dist/payment.d.ts +3 -1
- package/dist/payment.d.ts.map +1 -1
- package/dist/payment.js +7 -4
- package/dist/payment.js.map +1 -1
- package/dist/prove.d.ts +11 -0
- package/dist/prove.d.ts.map +1 -1
- package/dist/prove.js +27 -0
- package/dist/prove.js.map +1 -1
- package/dist/session.d.ts +1 -1
- package/dist/session.d.ts.map +1 -1
- package/dist/session.js +1 -1
- package/dist/session.js.map +1 -1
- package/dist/tee.d.ts +15 -0
- package/dist/tee.d.ts.map +1 -0
- package/dist/tee.js +33 -0
- package/dist/tee.js.map +1 -0
- package/dist/toml.d.ts +21 -0
- package/dist/toml.d.ts.map +1 -0
- package/dist/toml.js +102 -0
- package/dist/toml.js.map +1 -0
- package/dist/types.d.ts +21 -1
- package/dist/types.d.ts.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -8,6 +8,23 @@ Client SDK for ZKProofport zero-knowledge proof generation on Base Mainnet.
|
|
|
8
8
|
|
|
9
9
|
Proofs are generated in trusted execution environments (Nitro Enclaves) with cryptographic attestation. Payment is handled transparently via the x402 protocol using EIP-3009 (no user gas costs).
|
|
10
10
|
|
|
11
|
+
## E2E Encryption (TEE Blind Relay)
|
|
12
|
+
|
|
13
|
+
All proof inputs are **end-to-end encrypted** using X25519 ECDH + AES-256-GCM. The ZKProofport server acts as a **blind relay** — it cannot read your inputs, even during proof generation. Only the TEE (AWS Nitro Enclave) can decrypt.
|
|
14
|
+
|
|
15
|
+
**How it works:**
|
|
16
|
+
|
|
17
|
+
1. `generateProof()` requests a 402 payment challenge from the server
|
|
18
|
+
2. The 402 response includes `teePublicKey` — the TEE's attested X25519 public key (cryptographically bound to the Nitro Enclave via COSE Sign1 attestation)
|
|
19
|
+
3. The SDK generates an ephemeral X25519 keypair, performs ECDH key agreement, and encrypts all circuit inputs with AES-256-GCM
|
|
20
|
+
4. The encrypted payload is sent to the server, which relays it blindly to the TEE
|
|
21
|
+
5. The TEE decrypts, generates the ZK proof, and returns it
|
|
22
|
+
|
|
23
|
+
**This is fully automatic.** `generateProof()` detects `teePublicKey` in the 402 response and applies E2E encryption when available. No additional configuration or code changes needed.
|
|
24
|
+
|
|
25
|
+
- **TEE enabled (production):** Inputs are E2E encrypted. Server rejects plaintext (`PLAINTEXT_REJECTED`).
|
|
26
|
+
- **TEE disabled (local dev):** Inputs are sent in plaintext. No encryption overhead.
|
|
27
|
+
|
|
11
28
|
## Installation
|
|
12
29
|
|
|
13
30
|
```bash
|
|
@@ -26,6 +43,7 @@ Before using the SDK, you need:
|
|
|
26
43
|
5. **Payment wallet** (optional) — Wallet with USDC balance for proof payment. Defaults to the attestation wallet. Choose one:
|
|
27
44
|
|
|
28
45
|
- **Same as attestation wallet** — No additional setup. The attestation wallet must hold USDC.
|
|
46
|
+
> ⚠️ **Privacy risk:** Using the attestation wallet for payment exposes your KYC-verified wallet address on-chain in the payment transaction, linking your identity to on-chain activity. Use a separate payment wallet for privacy.
|
|
29
47
|
- **Separate private key** — A different wallet with USDC balance.
|
|
30
48
|
- **CDP MPC wallet** — Coinbase Developer Platform managed wallet. Private keys never leave Coinbase's TEE. Get credentials at [CDP Portal](https://portal.cdp.coinbase.com). Requires additional install:
|
|
31
49
|
```bash
|
|
@@ -84,11 +102,10 @@ import { generateProof, createConfig, fromPrivateKey, CdpWalletSigner, verifyPro
|
|
|
84
102
|
|
|
85
103
|
const config = createConfig();
|
|
86
104
|
const attestationSigner = fromPrivateKey(process.env.ATTESTATION_KEY);
|
|
87
|
-
const paymentSigner =
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
address: process.env.CDP_WALLET_ADDRESS,
|
|
105
|
+
const paymentSigner = new CdpWalletSigner({
|
|
106
|
+
getAddress: () => myWallet.getAddress(),
|
|
107
|
+
signMessage: (msg) => myWallet.signMessage(msg),
|
|
108
|
+
signTypedData: (domain, types, message) => myWallet.signTypedData(domain, types, message),
|
|
92
109
|
});
|
|
93
110
|
|
|
94
111
|
const result = await generateProof(
|
|
@@ -101,6 +118,30 @@ const verification = await verifyProof(result);
|
|
|
101
118
|
console.log('Valid:', verification.valid);
|
|
102
119
|
```
|
|
103
120
|
|
|
121
|
+
### External Wallet Adapter
|
|
122
|
+
|
|
123
|
+
Wrap any external wallet (WalletConnect, MetaMask, etc.) using `fromExternalWallet()`:
|
|
124
|
+
|
|
125
|
+
```typescript
|
|
126
|
+
import { generateProof, createConfig, fromPrivateKey, fromExternalWallet, verifyProof } from '@zkproofport-ai/sdk';
|
|
127
|
+
|
|
128
|
+
const config = createConfig();
|
|
129
|
+
const attestationSigner = fromPrivateKey(process.env.ATTESTATION_KEY);
|
|
130
|
+
|
|
131
|
+
// Wrap external wallet (e.g., from WalletConnect modal, Privy, etc.)
|
|
132
|
+
const externalWallet = await getWalletFromUI(); // Your wallet integration
|
|
133
|
+
const paymentSigner = fromExternalWallet(externalWallet);
|
|
134
|
+
|
|
135
|
+
const result = await generateProof(
|
|
136
|
+
config,
|
|
137
|
+
{ attestation: attestationSigner, payment: paymentSigner },
|
|
138
|
+
{ circuit: 'coinbase_kyc', scope: 'my-app' }
|
|
139
|
+
);
|
|
140
|
+
|
|
141
|
+
const verification = await verifyProof(result);
|
|
142
|
+
console.log('Valid:', verification.valid);
|
|
143
|
+
```
|
|
144
|
+
|
|
104
145
|
## Configuration
|
|
105
146
|
|
|
106
147
|
```typescript
|
|
@@ -115,6 +156,14 @@ const config = createConfig({
|
|
|
115
156
|
easRpcUrl: 'https://mainnet.base.org',
|
|
116
157
|
easGraphqlUrl: 'https://base.easscan.org/graphql',
|
|
117
158
|
});
|
|
159
|
+
|
|
160
|
+
// Custom x402 facilitator (e.g., for CDP with JWT auth)
|
|
161
|
+
const config = createConfig({
|
|
162
|
+
facilitatorUrl: 'https://facilitator.example.com',
|
|
163
|
+
facilitatorHeaders: {
|
|
164
|
+
'Authorization': `Bearer ${process.env.CDP_FACILITATOR_TOKEN}`,
|
|
165
|
+
},
|
|
166
|
+
});
|
|
118
167
|
```
|
|
119
168
|
|
|
120
169
|
**Configuration fields:**
|
|
@@ -124,6 +173,8 @@ const config = createConfig({
|
|
|
124
173
|
| `baseUrl` | string | `https://ai.zkproofport.app` | proofport-ai server URL |
|
|
125
174
|
| `easRpcUrl` | string | `https://mainnet.base.org` | Base Mainnet RPC for EAS attestation queries |
|
|
126
175
|
| `easGraphqlUrl` | string | `https://base.easscan.org/graphql` | EAS GraphQL endpoint for attestation schema queries |
|
|
176
|
+
| `facilitatorUrl` | string | `https://x402.dexter.cash` | x402 payment facilitator URL |
|
|
177
|
+
| `facilitatorHeaders` | object | `{}` | Optional auth headers for custom facilitator (e.g., CDP with JWT) |
|
|
127
178
|
|
|
128
179
|
## Proof Generation
|
|
129
180
|
|
|
@@ -176,9 +227,10 @@ if (result.attestation) {
|
|
|
176
227
|
2. Fetch Coinbase KYC attestation from EAS
|
|
177
228
|
3. Build circuit inputs (Merkle tree, hashes)
|
|
178
229
|
4. Request 402 payment challenge
|
|
179
|
-
5.
|
|
180
|
-
6.
|
|
181
|
-
7.
|
|
230
|
+
5. **Auto-detect E2E encryption** — if `teePublicKey` is present in 402 response, encrypt inputs with X25519 ECDH + AES-256-GCM
|
|
231
|
+
6. Sign EIP-3009 TransferWithAuthorization
|
|
232
|
+
7. Submit payment via x402 facilitator
|
|
233
|
+
8. Generate proof in TEE with payment proof (encrypted inputs if TEE enabled)
|
|
182
234
|
|
|
183
235
|
**Result fields:**
|
|
184
236
|
|
|
@@ -316,6 +368,8 @@ interface ClientConfig {
|
|
|
316
368
|
baseUrl: string;
|
|
317
369
|
easRpcUrl?: string;
|
|
318
370
|
easGraphqlUrl?: string;
|
|
371
|
+
facilitatorUrl?: string; // x402 facilitator URL (default: https://x402.dexter.cash)
|
|
372
|
+
facilitatorHeaders?: Record<string, string>; // Auth headers for custom facilitator
|
|
319
373
|
}
|
|
320
374
|
```
|
|
321
375
|
|
|
@@ -328,6 +382,27 @@ interface ProofportSigner {
|
|
|
328
382
|
signTypedData(domain: {...}, types: {...}, message: {...}): Promise<string>;
|
|
329
383
|
sendTransaction(tx: {...}): Promise<{ hash: string; wait(): Promise<{...}> }>;
|
|
330
384
|
}
|
|
385
|
+
|
|
386
|
+
// Create signer from ethers private key
|
|
387
|
+
function fromPrivateKey(key: string, provider?: ethers.Provider): ProofportSigner;
|
|
388
|
+
|
|
389
|
+
// Create signer from any external wallet (CDP, WalletConnect, Privy, etc.)
|
|
390
|
+
class CdpWalletSigner implements ProofportSigner {
|
|
391
|
+
constructor(wallet: {
|
|
392
|
+
getAddress(): string | Promise<string>;
|
|
393
|
+
signMessage(message: Uint8Array | string): Promise<string>;
|
|
394
|
+
signTypedData(domain: Record<string, unknown>, types: Record<string, Array<{ name: string; type: string }>>, message: Record<string, unknown>): Promise<string>;
|
|
395
|
+
sendTransaction?(tx: { to: string; data: string; value?: bigint }): Promise<{ hash: string; wait(): Promise<{ status: number | null }> }>;
|
|
396
|
+
});
|
|
397
|
+
}
|
|
398
|
+
|
|
399
|
+
// Wrap external wallet (WalletConnect, MetaMask, Privy, etc.)
|
|
400
|
+
function fromExternalWallet(wallet: {
|
|
401
|
+
address: string | (() => Promise<string>);
|
|
402
|
+
signMessage(message: Uint8Array): Promise<string>;
|
|
403
|
+
signTypedData(domain: any, types: any, message: any): Promise<string>;
|
|
404
|
+
sendTransaction?(tx: any): Promise<{ hash: string; wait(): Promise<any> }>;
|
|
405
|
+
}): ProofportSigner;
|
|
331
406
|
```
|
|
332
407
|
|
|
333
408
|
**Proof Parameters:**
|
|
@@ -396,11 +471,25 @@ Payment is transparent to the application. When `generateProof()` runs, the user
|
|
|
396
471
|
- Method: EIP-3009 `TransferWithAuthorization`
|
|
397
472
|
- Token: USDC on Base Mainnet
|
|
398
473
|
- Amount: $0.10 per proof
|
|
399
|
-
- Facilitator: https://
|
|
474
|
+
- Facilitator: `https://x402.dexter.cash` (default, pays gas)
|
|
400
475
|
- User cost: Only USDC, no ETH for gas
|
|
476
|
+
- Custom facilitator: Use `facilitatorUrl` + `facilitatorHeaders` in `ClientConfig` for alternative facilitators (e.g., CDP with JWT auth)
|
|
401
477
|
|
|
402
478
|
The payment transaction hash is included in `result.paymentTxHash` for settlement tracking.
|
|
403
479
|
|
|
480
|
+
### Custom Facilitator (CDP Example)
|
|
481
|
+
|
|
482
|
+
```typescript
|
|
483
|
+
const config = createConfig({
|
|
484
|
+
facilitatorUrl: 'https://cdp-facilitator.example.com',
|
|
485
|
+
facilitatorHeaders: {
|
|
486
|
+
'Authorization': `Bearer ${process.env.CDP_JWT_TOKEN}`,
|
|
487
|
+
},
|
|
488
|
+
});
|
|
489
|
+
|
|
490
|
+
const result = await generateProof(config, signers, params);
|
|
491
|
+
```
|
|
492
|
+
|
|
404
493
|
## Error Handling
|
|
405
494
|
|
|
406
495
|
```typescript
|
package/dist/cdp.d.ts
CHANGED
|
@@ -1,26 +1,100 @@
|
|
|
1
1
|
import type { ProofportSigner } from './signer.js';
|
|
2
2
|
/**
|
|
3
|
-
* CDP
|
|
4
|
-
*
|
|
5
|
-
*
|
|
3
|
+
* Adapter interface for CDP wallet-like objects (or any external wallet).
|
|
4
|
+
*
|
|
5
|
+
* Pass any object that satisfies these method signatures — CDP MPC wallets,
|
|
6
|
+
* viem wallets, Privy embedded wallets, etc. — and wrap it with
|
|
7
|
+
* `CdpWalletSigner` or `fromExternalWallet()` to get a `ProofportSigner`.
|
|
8
|
+
*
|
|
9
|
+
* @example
|
|
10
|
+
* ```typescript
|
|
11
|
+
* // With @coinbase/cdp-sdk
|
|
12
|
+
* import { CdpClient } from '@coinbase/cdp-sdk';
|
|
13
|
+
* import { CdpWalletSigner } from '@zkproofport-ai/sdk';
|
|
14
|
+
*
|
|
15
|
+
* const cdp = new CdpClient();
|
|
16
|
+
* const wallet = await cdp.evm.getOrCreateWallet({ networkId: 'base' });
|
|
17
|
+
* const account = await wallet.getDefaultAddress();
|
|
18
|
+
*
|
|
19
|
+
* const signer = new CdpWalletSigner({
|
|
20
|
+
* getAddress: () => account.getId(),
|
|
21
|
+
* signMessage: (msg) => account.signPayload({ payload: Buffer.from(msg).toString('hex') }).then(r => r.signature),
|
|
22
|
+
* signTypedData: (domain, types, message) => account.signTypedData({ domain, types, message }),
|
|
23
|
+
* sendTransaction: async (tx) => {
|
|
24
|
+
* const result = await account.sendTransaction(tx);
|
|
25
|
+
* return { hash: result.transactionHash, wait: async () => ({ status: 1 }) };
|
|
26
|
+
* },
|
|
27
|
+
* });
|
|
28
|
+
* ```
|
|
29
|
+
*/
|
|
30
|
+
export interface ExternalWallet {
|
|
31
|
+
/**
|
|
32
|
+
* Returns the wallet's Ethereum address.
|
|
33
|
+
* May be synchronous or asynchronous depending on the provider.
|
|
34
|
+
*/
|
|
35
|
+
getAddress(): string | Promise<string>;
|
|
36
|
+
/**
|
|
37
|
+
* Signs a raw message (personal_sign style).
|
|
38
|
+
* Accepts either a Uint8Array of raw bytes or a pre-encoded string.
|
|
39
|
+
*/
|
|
40
|
+
signMessage(message: Uint8Array | string): Promise<string>;
|
|
41
|
+
/**
|
|
42
|
+
* Signs EIP-712 typed data.
|
|
43
|
+
* Compatible with ethers v6 `signTypedData` and viem `signTypedData` call shapes.
|
|
44
|
+
*/
|
|
45
|
+
signTypedData(domain: Record<string, unknown>, types: Record<string, Array<{
|
|
46
|
+
name: string;
|
|
47
|
+
type: string;
|
|
48
|
+
}>>, message: Record<string, unknown>): Promise<string>;
|
|
49
|
+
/**
|
|
50
|
+
* Sends a transaction and returns the hash plus a `wait()` helper.
|
|
51
|
+
* Optional — omit if the wallet is used only for signing (e.g., attestation signer).
|
|
52
|
+
* If omitted and `sendTransaction` is called on the signer, an error is thrown at runtime.
|
|
53
|
+
*/
|
|
54
|
+
sendTransaction?(tx: {
|
|
55
|
+
to: string;
|
|
56
|
+
data: string;
|
|
57
|
+
value?: bigint;
|
|
58
|
+
}): Promise<{
|
|
59
|
+
hash: string;
|
|
60
|
+
wait(): Promise<{
|
|
61
|
+
status: number | null;
|
|
62
|
+
}>;
|
|
63
|
+
}>;
|
|
64
|
+
}
|
|
65
|
+
/**
|
|
66
|
+
* Adapter that bridges any `ExternalWallet`-compatible object to the
|
|
67
|
+
* `ProofportSigner` interface. No additional npm dependencies required —
|
|
68
|
+
* the caller brings their own wallet implementation.
|
|
69
|
+
*
|
|
70
|
+
* @example
|
|
71
|
+
* ```typescript
|
|
72
|
+
* import { CdpWalletSigner } from '@zkproofport-ai/sdk';
|
|
73
|
+
*
|
|
74
|
+
* // Wrap any CDP / external wallet
|
|
75
|
+
* const signer = new CdpWalletSigner(myExternalWallet);
|
|
76
|
+
*
|
|
77
|
+
* // Use as attestation signer
|
|
78
|
+
* const client = new ProofportClient({ ... }, { attestation: signer });
|
|
79
|
+
* ```
|
|
6
80
|
*/
|
|
7
81
|
export declare class CdpWalletSigner implements ProofportSigner {
|
|
8
|
-
private
|
|
9
|
-
|
|
82
|
+
private readonly wallet;
|
|
83
|
+
constructor(wallet: ExternalWallet);
|
|
84
|
+
/** Returns the wallet address, resolving async providers transparently. */
|
|
85
|
+
getAddress(): string | Promise<string>;
|
|
10
86
|
/**
|
|
11
|
-
*
|
|
12
|
-
*
|
|
13
|
-
*
|
|
87
|
+
* Signs a raw byte message.
|
|
88
|
+
* Passes the Uint8Array directly to the underlying wallet; the wallet is
|
|
89
|
+
* responsible for any encoding (e.g., personal_sign prefix).
|
|
14
90
|
*/
|
|
15
|
-
static create(opts?: {
|
|
16
|
-
apiKeyId?: string;
|
|
17
|
-
apiKeySecret?: string;
|
|
18
|
-
walletSecret?: string;
|
|
19
|
-
networkId?: string;
|
|
20
|
-
address?: string;
|
|
21
|
-
}): Promise<CdpWalletSigner>;
|
|
22
|
-
getAddress(): string;
|
|
23
91
|
signMessage(message: Uint8Array): Promise<string>;
|
|
92
|
+
/**
|
|
93
|
+
* Signs EIP-712 typed data.
|
|
94
|
+
* The strict `ProofportSigner` domain shape is widened to
|
|
95
|
+
* `Record<string, unknown>` when forwarded so any external wallet
|
|
96
|
+
* implementation can accept it without type conflicts.
|
|
97
|
+
*/
|
|
24
98
|
signTypedData(domain: {
|
|
25
99
|
name: string;
|
|
26
100
|
version: string;
|
|
@@ -30,6 +104,11 @@ export declare class CdpWalletSigner implements ProofportSigner {
|
|
|
30
104
|
name: string;
|
|
31
105
|
type: string;
|
|
32
106
|
}>>, message: Record<string, unknown>): Promise<string>;
|
|
107
|
+
/**
|
|
108
|
+
* Sends a transaction via the underlying wallet.
|
|
109
|
+
* Throws a descriptive error if the wrapped wallet did not provide
|
|
110
|
+
* a `sendTransaction` method (e.g., signing-only attestation wallets).
|
|
111
|
+
*/
|
|
33
112
|
sendTransaction(tx: {
|
|
34
113
|
to: string;
|
|
35
114
|
data: string;
|
|
@@ -41,4 +120,23 @@ export declare class CdpWalletSigner implements ProofportSigner {
|
|
|
41
120
|
}>;
|
|
42
121
|
}>;
|
|
43
122
|
}
|
|
123
|
+
/**
|
|
124
|
+
* Convenience factory — equivalent to `new CdpWalletSigner(wallet)`.
|
|
125
|
+
*
|
|
126
|
+
* Useful for returning a `ProofportSigner` without exposing the concrete
|
|
127
|
+
* `CdpWalletSigner` class to callers.
|
|
128
|
+
*
|
|
129
|
+
* @example
|
|
130
|
+
* ```typescript
|
|
131
|
+
* import { fromExternalWallet } from '@zkproofport-ai/sdk';
|
|
132
|
+
*
|
|
133
|
+
* const signer = fromExternalWallet({
|
|
134
|
+
* getAddress: () => '0xYourAddress',
|
|
135
|
+
* signMessage: (msg) => myWallet.sign(msg),
|
|
136
|
+
* signTypedData: (domain, types, message) =>
|
|
137
|
+
* myWallet.signTypedData({ domain, types, message }),
|
|
138
|
+
* });
|
|
139
|
+
* ```
|
|
140
|
+
*/
|
|
141
|
+
export declare function fromExternalWallet(wallet: ExternalWallet): ProofportSigner;
|
|
44
142
|
//# sourceMappingURL=cdp.d.ts.map
|
package/dist/cdp.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cdp.d.ts","sourceRoot":"","sources":["../src/cdp.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD
|
|
1
|
+
{"version":3,"file":"cdp.d.ts","sourceRoot":"","sources":["../src/cdp.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,WAAW,cAAc;IAC7B;;;OAGG;IACH,UAAU,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvC;;;OAGG;IACH,WAAW,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE3D;;;OAGG;IACH,aAAa,CACX,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC,EAC5D,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB;;;;OAIG;IACH,eAAe,CAAC,CAAC,EAAE,EAAE;QACnB,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,IAAI,OAAO,CAAC;YAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC,CAAC;CAC3E;AAED;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,eAAgB,YAAW,eAAe;IACrD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiB;gBAE5B,MAAM,EAAE,cAAc;IAIlC,2EAA2E;IAC3E,UAAU,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAItC;;;;OAIG;IACG,WAAW,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;IAIvD;;;;;OAKG;IACG,aAAa,CACjB,MAAM,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,iBAAiB,EAAE,MAAM,CAAC;KAC3B,EACD,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC,EAC5D,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,MAAM,CAAC;IAIlB;;;;OAIG;IACG,eAAe,CAAC,EAAE,EAAE;QACxB,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,IAAI,OAAO,CAAC;YAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC;CAU1E;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,cAAc,GAAG,eAAe,CAE1E"}
|
package/dist/cdp.js
CHANGED
|
@@ -1,89 +1,78 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
3
|
-
*
|
|
4
|
-
*
|
|
2
|
+
* Adapter that bridges any `ExternalWallet`-compatible object to the
|
|
3
|
+
* `ProofportSigner` interface. No additional npm dependencies required —
|
|
4
|
+
* the caller brings their own wallet implementation.
|
|
5
|
+
*
|
|
6
|
+
* @example
|
|
7
|
+
* ```typescript
|
|
8
|
+
* import { CdpWalletSigner } from '@zkproofport-ai/sdk';
|
|
9
|
+
*
|
|
10
|
+
* // Wrap any CDP / external wallet
|
|
11
|
+
* const signer = new CdpWalletSigner(myExternalWallet);
|
|
12
|
+
*
|
|
13
|
+
* // Use as attestation signer
|
|
14
|
+
* const client = new ProofportClient({ ... }, { attestation: signer });
|
|
15
|
+
* ```
|
|
5
16
|
*/
|
|
6
17
|
export class CdpWalletSigner {
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
this.provider = provider;
|
|
11
|
-
}
|
|
12
|
-
/**
|
|
13
|
-
* Create a CdpWalletSigner from environment variables.
|
|
14
|
-
* Requires: CDP_API_KEY_ID, CDP_API_KEY_SECRET, CDP_WALLET_SECRET
|
|
15
|
-
* Optional: CDP_WALLET_ADDRESS (to load existing wallet), CDP_NETWORK_ID (default: base-sepolia)
|
|
16
|
-
*/
|
|
17
|
-
static async create(opts) {
|
|
18
|
-
let CdpEvmWalletProvider;
|
|
19
|
-
try {
|
|
20
|
-
// @ts-ignore — optional peer dependency, may not be installed
|
|
21
|
-
const mod = await import('@coinbase/agentkit');
|
|
22
|
-
CdpEvmWalletProvider = mod.CdpEvmWalletProvider;
|
|
23
|
-
}
|
|
24
|
-
catch {
|
|
25
|
-
throw new Error('CDP wallet requires @coinbase/agentkit. Install it: npm install @coinbase/agentkit @coinbase/cdp-sdk');
|
|
26
|
-
}
|
|
27
|
-
const config = {
|
|
28
|
-
apiKeyId: opts?.apiKeyId || process.env.CDP_API_KEY_ID,
|
|
29
|
-
apiKeySecret: opts?.apiKeySecret || process.env.CDP_API_KEY_SECRET,
|
|
30
|
-
walletSecret: opts?.walletSecret || process.env.CDP_WALLET_SECRET,
|
|
31
|
-
networkId: opts?.networkId || process.env.CDP_NETWORK_ID || 'base-sepolia',
|
|
32
|
-
};
|
|
33
|
-
const address = opts?.address || process.env.CDP_WALLET_ADDRESS;
|
|
34
|
-
if (address) {
|
|
35
|
-
config.address = address;
|
|
36
|
-
}
|
|
37
|
-
const provider = await CdpEvmWalletProvider.configureWithWallet(config);
|
|
38
|
-
return new CdpWalletSigner(provider);
|
|
18
|
+
wallet;
|
|
19
|
+
constructor(wallet) {
|
|
20
|
+
this.wallet = wallet;
|
|
39
21
|
}
|
|
22
|
+
/** Returns the wallet address, resolving async providers transparently. */
|
|
40
23
|
getAddress() {
|
|
41
|
-
return this.
|
|
24
|
+
return this.wallet.getAddress();
|
|
42
25
|
}
|
|
26
|
+
/**
|
|
27
|
+
* Signs a raw byte message.
|
|
28
|
+
* Passes the Uint8Array directly to the underlying wallet; the wallet is
|
|
29
|
+
* responsible for any encoding (e.g., personal_sign prefix).
|
|
30
|
+
*/
|
|
43
31
|
async signMessage(message) {
|
|
44
|
-
return this.
|
|
32
|
+
return this.wallet.signMessage(message);
|
|
45
33
|
}
|
|
34
|
+
/**
|
|
35
|
+
* Signs EIP-712 typed data.
|
|
36
|
+
* The strict `ProofportSigner` domain shape is widened to
|
|
37
|
+
* `Record<string, unknown>` when forwarded so any external wallet
|
|
38
|
+
* implementation can accept it without type conflicts.
|
|
39
|
+
*/
|
|
46
40
|
async signTypedData(domain, types, message) {
|
|
47
|
-
|
|
48
|
-
// AgentKit's signTypedData expects { domain, types, primaryType, message }
|
|
49
|
-
// Determine primaryType: it's the first key in types that isn't EIP712Domain
|
|
50
|
-
const primaryType = Object.keys(types).find(k => k !== 'EIP712Domain') || Object.keys(types)[0];
|
|
51
|
-
return this.provider.signTypedData({
|
|
52
|
-
domain,
|
|
53
|
-
types: {
|
|
54
|
-
...types,
|
|
55
|
-
EIP712Domain: [
|
|
56
|
-
{ name: 'name', type: 'string' },
|
|
57
|
-
{ name: 'version', type: 'string' },
|
|
58
|
-
{ name: 'chainId', type: 'uint256' },
|
|
59
|
-
{ name: 'verifyingContract', type: 'address' },
|
|
60
|
-
],
|
|
61
|
-
},
|
|
62
|
-
primaryType,
|
|
63
|
-
message,
|
|
64
|
-
});
|
|
41
|
+
return this.wallet.signTypedData(domain, types, message);
|
|
65
42
|
}
|
|
43
|
+
/**
|
|
44
|
+
* Sends a transaction via the underlying wallet.
|
|
45
|
+
* Throws a descriptive error if the wrapped wallet did not provide
|
|
46
|
+
* a `sendTransaction` method (e.g., signing-only attestation wallets).
|
|
47
|
+
*/
|
|
66
48
|
async sendTransaction(tx) {
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
return {
|
|
74
|
-
hash,
|
|
75
|
-
wait: async () => {
|
|
76
|
-
// Use AgentKit's waitForTransactionReceipt if available
|
|
77
|
-
try {
|
|
78
|
-
const receipt = await this.provider.waitForTransactionReceipt(hash);
|
|
79
|
-
return { status: receipt?.status === 'success' ? 1 : 0 };
|
|
80
|
-
}
|
|
81
|
-
catch {
|
|
82
|
-
// Unknown status if receipt method unavailable
|
|
83
|
-
return { status: null };
|
|
84
|
-
}
|
|
85
|
-
},
|
|
86
|
-
};
|
|
49
|
+
if (typeof this.wallet.sendTransaction !== 'function') {
|
|
50
|
+
throw new Error('CdpWalletSigner: the wrapped wallet does not implement sendTransaction. ' +
|
|
51
|
+
'Provide a sendTransaction method on the ExternalWallet object, or use a ' +
|
|
52
|
+
'different signer for payment transactions.');
|
|
53
|
+
}
|
|
54
|
+
return this.wallet.sendTransaction(tx);
|
|
87
55
|
}
|
|
88
56
|
}
|
|
57
|
+
/**
|
|
58
|
+
* Convenience factory — equivalent to `new CdpWalletSigner(wallet)`.
|
|
59
|
+
*
|
|
60
|
+
* Useful for returning a `ProofportSigner` without exposing the concrete
|
|
61
|
+
* `CdpWalletSigner` class to callers.
|
|
62
|
+
*
|
|
63
|
+
* @example
|
|
64
|
+
* ```typescript
|
|
65
|
+
* import { fromExternalWallet } from '@zkproofport-ai/sdk';
|
|
66
|
+
*
|
|
67
|
+
* const signer = fromExternalWallet({
|
|
68
|
+
* getAddress: () => '0xYourAddress',
|
|
69
|
+
* signMessage: (msg) => myWallet.sign(msg),
|
|
70
|
+
* signTypedData: (domain, types, message) =>
|
|
71
|
+
* myWallet.signTypedData({ domain, types, message }),
|
|
72
|
+
* });
|
|
73
|
+
* ```
|
|
74
|
+
*/
|
|
75
|
+
export function fromExternalWallet(wallet) {
|
|
76
|
+
return new CdpWalletSigner(wallet);
|
|
77
|
+
}
|
|
89
78
|
//# sourceMappingURL=cdp.js.map
|
package/dist/cdp.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cdp.js","sourceRoot":"","sources":["../src/cdp.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"cdp.js","sourceRoot":"","sources":["../src/cdp.ts"],"names":[],"mappings":"AAiEA;;;;;;;;;;;;;;;GAeG;AACH,MAAM,OAAO,eAAe;IACT,MAAM,CAAiB;IAExC,YAAY,MAAsB;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,2EAA2E;IAC3E,UAAU;QACR,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;IAClC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,OAAmB;QACnC,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CACjB,MAKC,EACD,KAA4D,EAC5D,OAAgC;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,MAAiC,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IACtF,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe,CAAC,EAIrB;QACC,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,KAAK,UAAU,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CACb,0EAA0E;gBACxE,0EAA0E;gBAC1E,4CAA4C,CAC/C,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;IACzC,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAsB;IACvD,OAAO,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;AACrC,CAAC"}
|
package/dist/flow.d.ts
CHANGED
|
@@ -6,6 +6,11 @@ export interface FlowCallbacks {
|
|
|
6
6
|
/**
|
|
7
7
|
* Generate a ZK proof end-to-end using x402 single-step flow.
|
|
8
8
|
*
|
|
9
|
+
* Automatically detects E2E encryption: if the server returns a TEE public key
|
|
10
|
+
* in the 402 challenge response (TEE mode = nitro), inputs are encrypted with
|
|
11
|
+
* the TEE's attested X25519 public key. Otherwise (TEE disabled), inputs are
|
|
12
|
+
* sent in plaintext.
|
|
13
|
+
*
|
|
9
14
|
* @param config - Server URL and RPC endpoints
|
|
10
15
|
* @param signers - ProofportSigner for attestation (required) and payment (optional, defaults to attestation)
|
|
11
16
|
* @param params - Circuit name, scope, and optional country params
|
package/dist/flow.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../src/flow.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,YAAY,EAEZ,WAAW,EACX,WAAW,EACX,UAAU,EAEX,MAAM,YAAY,CAAC;AAMpB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../src/flow.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,YAAY,EAEZ,WAAW,EACX,WAAW,EACX,UAAU,EAEX,MAAM,YAAY,CAAC;AAMpB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAKnD,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,IAAI,CAAC;CACrC;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,YAAY,EACpB,OAAO,EAAE;IAAE,WAAW,EAAE,eAAe,CAAC;IAAC,OAAO,CAAC,EAAE,eAAe,CAAA;CAAE,EACpE,MAAM,EAAE,WAAW,EACnB,SAAS,CAAC,EAAE,aAAa,GACxB,OAAO,CAAC,WAAW,CAAC,CAgGtB"}
|
package/dist/flow.js
CHANGED
|
@@ -3,11 +3,18 @@ import { CIRCUIT_NAME_MAP } from './types.js';
|
|
|
3
3
|
import { requestChallenge } from './session.js';
|
|
4
4
|
import { prepareInputs, computeSignalHash } from './inputs.js';
|
|
5
5
|
import { makePayment } from './payment.js';
|
|
6
|
-
import { submitProof } from './prove.js';
|
|
6
|
+
import { submitProof, submitEncryptedProof } from './prove.js';
|
|
7
7
|
import { USDC_ADDRESSES } from './constants.js';
|
|
8
|
+
import { encryptForTee } from './tee.js';
|
|
9
|
+
import { buildProverToml } from './toml.js';
|
|
8
10
|
/**
|
|
9
11
|
* Generate a ZK proof end-to-end using x402 single-step flow.
|
|
10
12
|
*
|
|
13
|
+
* Automatically detects E2E encryption: if the server returns a TEE public key
|
|
14
|
+
* in the 402 challenge response (TEE mode = nitro), inputs are encrypted with
|
|
15
|
+
* the TEE's attested X25519 public key. Otherwise (TEE disabled), inputs are
|
|
16
|
+
* sent in plaintext.
|
|
17
|
+
*
|
|
11
18
|
* @param config - Server URL and RPC endpoints
|
|
12
19
|
* @param signers - ProofportSigner for attestation (required) and payment (optional, defaults to attestation)
|
|
13
20
|
* @param params - Circuit name, scope, and optional country params
|
|
@@ -25,14 +32,14 @@ export async function generateProof(config, signers, params, callbacks) {
|
|
|
25
32
|
callbacks?.onStep?.(result);
|
|
26
33
|
return data;
|
|
27
34
|
}
|
|
28
|
-
// Step 1: Sign signal hash
|
|
35
|
+
// Step 1: Sign signal hash
|
|
29
36
|
let t = Date.now();
|
|
30
37
|
const attestationAddress = await signers.attestation.getAddress();
|
|
31
38
|
const signalHash = computeSignalHash(attestationAddress, scope, circuitId);
|
|
32
39
|
const signalHashHex = ethers.hexlify(signalHash);
|
|
33
40
|
const signature = await signers.attestation.signMessage(signalHash);
|
|
34
41
|
recordStep(1, 'Sign Signal Hash', { signalHash: signalHashHex, signature }, t);
|
|
35
|
-
// Step 2: Prepare
|
|
42
|
+
// Step 2: Prepare inputs + build proverToml locally
|
|
36
43
|
t = Date.now();
|
|
37
44
|
const inputs = await prepareInputs(config, {
|
|
38
45
|
circuitId,
|
|
@@ -42,11 +49,13 @@ export async function generateProof(config, signers, params, callbacks) {
|
|
|
42
49
|
countryList: params.countryList,
|
|
43
50
|
isIncluded: params.isIncluded,
|
|
44
51
|
});
|
|
45
|
-
|
|
46
|
-
|
|
52
|
+
const proverToml = buildProverToml(circuitId, inputs);
|
|
53
|
+
recordStep(2, 'Prepare Inputs', { inputFields: Object.keys(inputs).length, tomlLength: proverToml.length }, t);
|
|
54
|
+
// Step 3: Request 402 challenge (without inputs — server only needs circuit)
|
|
47
55
|
t = Date.now();
|
|
48
|
-
const challenge = await requestChallenge(config, params.circuit
|
|
49
|
-
|
|
56
|
+
const challenge = await requestChallenge(config, params.circuit);
|
|
57
|
+
const isE2E = !!challenge.teePublicKey;
|
|
58
|
+
recordStep(3, 'Request Challenge', { nonce: challenge.nonce, e2e: isE2E, keyId: challenge.teePublicKey?.keyId ?? null }, t);
|
|
50
59
|
// Step 4: Make payment
|
|
51
60
|
t = Date.now();
|
|
52
61
|
const network = challenge.payment.network;
|
|
@@ -58,17 +67,32 @@ export async function generateProof(config, signers, params, callbacks) {
|
|
|
58
67
|
network: challenge.payment.network,
|
|
59
68
|
instruction: challenge.payment.description,
|
|
60
69
|
};
|
|
61
|
-
const paymentTxHash = await makePayment(paymentSigner, paymentInfo);
|
|
70
|
+
const paymentTxHash = await makePayment(paymentSigner, paymentInfo, config.facilitatorUrl || challenge.facilitatorUrl, config.facilitatorHeaders);
|
|
62
71
|
recordStep(4, 'Make Payment', { txHash: paymentTxHash }, t);
|
|
63
|
-
// Step 5: Submit proof
|
|
72
|
+
// Step 5: Submit proof (encrypted or plaintext based on TEE availability)
|
|
64
73
|
t = Date.now();
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
inputs
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
74
|
+
let proveResponse;
|
|
75
|
+
if (isE2E) {
|
|
76
|
+
// E2E path: encrypt inputs with TEE's attested public key
|
|
77
|
+
const encryptedPayload = encryptForTee(JSON.stringify({ circuitId, proverToml }), challenge.teePublicKey.publicKey);
|
|
78
|
+
proveResponse = await submitEncryptedProof(config, {
|
|
79
|
+
circuit: params.circuit,
|
|
80
|
+
encryptedPayload,
|
|
81
|
+
paymentTxHash,
|
|
82
|
+
paymentNonce: challenge.nonce,
|
|
83
|
+
});
|
|
84
|
+
recordStep(5, 'Generate Proof (E2E Encrypted)', proveResponse, t);
|
|
85
|
+
}
|
|
86
|
+
else {
|
|
87
|
+
// Standard path: send plaintext inputs (TEE disabled / local dev)
|
|
88
|
+
proveResponse = await submitProof(config, {
|
|
89
|
+
circuit: params.circuit,
|
|
90
|
+
inputs,
|
|
91
|
+
paymentTxHash,
|
|
92
|
+
paymentNonce: challenge.nonce,
|
|
93
|
+
});
|
|
94
|
+
recordStep(5, 'Generate Proof', proveResponse, t);
|
|
95
|
+
}
|
|
72
96
|
return {
|
|
73
97
|
proof: proveResponse.proof,
|
|
74
98
|
publicInputs: proveResponse.publicInputs,
|
package/dist/flow.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"flow.js","sourceRoot":"","sources":["../src/flow.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAShC,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"flow.js","sourceRoot":"","sources":["../src/flow.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAShC,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAE/D,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAM5C;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,MAAoB,EACpB,OAAoE,EACpE,MAAmB,EACnB,SAAyB;IAEzB,MAAM,SAAS,GAAc,gBAAgB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,WAAW,CAAC;IAC1C,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,WAAW,CAAC;IAE7D,MAAM,KAAK,GAAiB,EAAE,CAAC;IAC/B,SAAS,UAAU,CAAI,IAAY,EAAE,IAAY,EAAE,IAAO,EAAE,SAAiB;QAC3E,MAAM,MAAM,GAAkB,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,EAAE,CAAC;QACvF,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnB,SAAS,EAAE,MAAM,EAAE,CAAC,MAAM,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,2BAA2B;IAC3B,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACnB,MAAM,kBAAkB,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC;IAClE,MAAM,UAAU,GAAG,iBAAiB,CAAC,kBAAkB,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;IAC3E,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IACpE,UAAU,CAAC,CAAC,EAAE,kBAAkB,EAAE,EAAE,UAAU,EAAE,aAAa,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC;IAE/E,oDAAoD;IACpD,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACf,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE;QACzC,SAAS;QACT,WAAW,EAAE,kBAAkB;QAC/B,aAAa,EAAE,SAAS;QACxB,KAAK;QACL,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,UAAU,EAAE,MAAM,CAAC,UAAU;KAC9B,CAAC,CAAC;IACH,MAAM,UAAU,GAAG,eAAe,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IACtD,UAAU,CAAC,CAAC,EAAE,gBAAgB,EAAE,EAAE,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC;IAE/G,6EAA6E;IAC7E,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACf,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,CAAC;IACjE,MAAM,KAAK,GAAG,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC;IACvC,UAAU,CAAC,CAAC,EAAE,mBAAmB,EAAE,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,CAAC,YAAY,EAAE,KAAK,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;IAE5H,uBAAuB;IACvB,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACf,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,OAAiB,CAAC;IACpD,MAAM,WAAW,GAAgB;QAC/B,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,KAAK;QAClC,MAAM,EAAE,QAAQ,CAAC,SAAS,CAAC,OAAO,CAAC,iBAAiB,CAAC;QACrD,KAAK,EAAE,cAAc,CAAC,OAAsC,CAAC;QAC7D,OAAO,EAAE,SAAS,CAAC,OAAO,CAAC,OAAO;QAClC,WAAW,EAAE,SAAS,CAAC,OAAO,CAAC,WAAW;KAC3C,CAAC;IACF,MAAM,aAAa,GAAG,MAAM,WAAW,CACrC,aAAa,EACb,WAAW,EACX,MAAM,CAAC,cAAc,IAAI,SAAS,CAAC,cAAc,EACjD,MAAM,CAAC,kBAAkB,CAC1B,CAAC;IACF,UAAU,CAAC,CAAC,EAAE,cAAc,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,EAAE,CAAC,CAAC,CAAC;IAE5D,0EAA0E;IAC1E,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACf,IAAI,aAAa,CAAC;IAElB,IAAI,KAAK,EAAE,CAAC;QACV,0DAA0D;QAC1D,MAAM,gBAAgB,GAAG,aAAa,CACpC,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,UAAU,EAAE,CAAC,EACzC,SAAS,CAAC,YAAa,CAAC,SAAS,CAClC,CAAC;QACF,aAAa,GAAG,MAAM,oBAAoB,CAAC,MAAM,EAAE;YACjD,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,gBAAgB;YAChB,aAAa;YACb,YAAY,EAAE,SAAS,CAAC,KAAK;SAC9B,CAAC,CAAC;QACH,UAAU,CAAC,CAAC,EAAE,gCAAgC,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;IACpE,CAAC;SAAM,CAAC;QACN,kEAAkE;QAClE,aAAa,GAAG,MAAM,WAAW,CAAC,MAAM,EAAE;YACxC,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,MAAM;YACN,aAAa;YACb,YAAY,EAAE,SAAS,CAAC,KAAK;SAC9B,CAAC,CAAC;QACH,UAAU,CAAC,CAAC,EAAE,gBAAgB,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;IACpD,CAAC;IAED,OAAO;QACL,KAAK,EAAE,aAAa,CAAC,KAAK;QAC1B,YAAY,EAAE,aAAa,CAAC,YAAY;QACxC,eAAe,EAAE,aAAa,CAAC,eAAe;QAC9C,aAAa;QACb,WAAW,EAAE,aAAa,CAAC,WAAW;QACtC,MAAM,EAAE,aAAa,CAAC,MAAM;QAC5B,YAAY,EAAE,aAAa,CAAC,YAAY;KACzC,CAAC;AACJ,CAAC"}
|
package/dist/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export type { ClientConfig, CircuitName, CircuitId, PaymentInfo, PaymentRequirements, ChallengeResponse, ProveInputs, ProveRequest, ProveResponse, VerifyResult, EASAttestation, AttestationData, ProofParams, ProofResult, StepResult, } from './types.js';
|
|
1
|
+
export type { ClientConfig, CircuitName, CircuitId, PaymentInfo, PaymentRequirements, ChallengeResponse, ProveInputs, ProveRequest, ProveResponse, VerifyResult, EASAttestation, AttestationData, ProofParams, ProofResult, StepResult, EncryptedProveRequest, } from './types.js';
|
|
2
2
|
export { CIRCUIT_NAME_MAP, CIRCUIT_ID_MAP } from './types.js';
|
|
3
3
|
export { CIRCUITS, COINBASE_ATTESTER_CONTRACT, AUTHORIZED_SIGNERS, USDC_ADDRESSES, } from './constants.js';
|
|
4
4
|
export { createConfig } from './config.js';
|
|
@@ -6,12 +6,16 @@ export { generateProof } from './flow.js';
|
|
|
6
6
|
export type { FlowCallbacks } from './flow.js';
|
|
7
7
|
export { requestChallenge, createSession } from './session.js';
|
|
8
8
|
export { makePayment } from './payment.js';
|
|
9
|
-
export { submitProof } from './prove.js';
|
|
9
|
+
export { submitProof, submitEncryptedProof } from './prove.js';
|
|
10
10
|
export { verifyOnChain, verifyProof } from './verify.js';
|
|
11
11
|
export { prepareInputs, computeSignalHash, computeScope, computeNullifier, recoverUserPubkey, hexToBytes, extractPubkeyCoordinates, } from './inputs.js';
|
|
12
|
+
export { buildProverToml } from './toml.js';
|
|
13
|
+
export { encryptForTee } from './tee.js';
|
|
14
|
+
export type { EncryptedEnvelope } from './tee.js';
|
|
12
15
|
export type { ProofportSigner } from './signer.js';
|
|
13
16
|
export { EthersWalletSigner, fromEthersWallet, fromPrivateKey } from './signer.js';
|
|
14
|
-
export { CdpWalletSigner } from './cdp.js';
|
|
17
|
+
export { CdpWalletSigner, fromExternalWallet } from './cdp.js';
|
|
18
|
+
export type { ExternalWallet } from './cdp.js';
|
|
15
19
|
export { fetchAttestation, fetchAttestationFromEAS, fetchRawTransaction, recoverAttesterPubkey, getSignerAddress, } from './attestation.js';
|
|
16
20
|
export { SimpleMerkleTree, findSignerIndex, buildSignerMerkleTree, } from './merkle.js';
|
|
17
21
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,YAAY,EACZ,WAAW,EACX,SAAS,EACT,WAAW,EACX,mBAAmB,EACnB,iBAAiB,EACjB,WAAW,EACX,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,cAAc,EACd,eAAe,EACf,WAAW,EACX,WAAW,EACX,UAAU,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,YAAY,EACZ,WAAW,EACX,SAAS,EACT,WAAW,EACX,mBAAmB,EACnB,iBAAiB,EACjB,WAAW,EACX,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,cAAc,EACd,eAAe,EACf,WAAW,EACX,WAAW,EACX,UAAU,EACV,qBAAqB,GACtB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAG9D,OAAO,EACL,QAAQ,EACR,0BAA0B,EAC1B,kBAAkB,EAClB,cAAc,GACf,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3C,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAC1C,YAAY,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAG/C,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAGzD,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,wBAAwB,GACzB,MAAM,aAAa,CAAC;AAGrB,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAG5C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AACzC,YAAY,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAGlD,YAAY,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnD,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAGnF,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC/D,YAAY,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAG/C,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,mBAAmB,EACnB,qBAAqB,EACrB,gBAAgB,GACjB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,qBAAqB,GACtB,MAAM,aAAa,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -8,13 +8,17 @@ export { generateProof } from './flow.js';
|
|
|
8
8
|
// Individual steps (for step-by-step usage)
|
|
9
9
|
export { requestChallenge, createSession } from './session.js';
|
|
10
10
|
export { makePayment } from './payment.js';
|
|
11
|
-
export { submitProof } from './prove.js';
|
|
11
|
+
export { submitProof, submitEncryptedProof } from './prove.js';
|
|
12
12
|
export { verifyOnChain, verifyProof } from './verify.js';
|
|
13
13
|
// Input computation
|
|
14
14
|
export { prepareInputs, computeSignalHash, computeScope, computeNullifier, recoverUserPubkey, hexToBytes, extractPubkeyCoordinates, } from './inputs.js';
|
|
15
|
+
// Prover.toml builder (for E2E encryption)
|
|
16
|
+
export { buildProverToml } from './toml.js';
|
|
17
|
+
// E2E Encryption
|
|
18
|
+
export { encryptForTee } from './tee.js';
|
|
15
19
|
export { EthersWalletSigner, fromEthersWallet, fromPrivateKey } from './signer.js';
|
|
16
20
|
// CDP (Coinbase Developer Platform) signer
|
|
17
|
-
export { CdpWalletSigner } from './cdp.js';
|
|
21
|
+
export { CdpWalletSigner, fromExternalWallet } from './cdp.js';
|
|
18
22
|
// Attestation
|
|
19
23
|
export { fetchAttestation, fetchAttestationFromEAS, fetchRawTransaction, recoverAttesterPubkey, getSignerAddress, } from './attestation.js';
|
|
20
24
|
// Merkle
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAE9D,YAAY;AACZ,OAAO,EACL,QAAQ,EACR,0BAA0B,EAC1B,kBAAkB,EAClB,cAAc,GACf,MAAM,gBAAgB,CAAC;AAExB,gBAAgB;AAChB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAE3C,0BAA0B;AAC1B,OAAO,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAG1C,4CAA4C;AAC5C,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAEzD,oBAAoB;AACpB,OAAO,EACL,aAAa,EACb,iBAAiB,EACjB,YAAY,EACZ,gBAAgB,EAChB,iBAAiB,EACjB,UAAU,EACV,wBAAwB,GACzB,MAAM,aAAa,CAAC;AAErB,2CAA2C;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,iBAAiB;AACjB,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAKzC,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAEnF,2CAA2C;AAC3C,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAG/D,cAAc;AACd,OAAO,EACL,gBAAgB,EAChB,uBAAuB,EACvB,mBAAmB,EACnB,qBAAqB,EACrB,gBAAgB,GACjB,MAAM,kBAAkB,CAAC;AAE1B,SAAS;AACT,OAAO,EACL,gBAAgB,EAChB,eAAe,EACf,qBAAqB,GACtB,MAAM,aAAa,CAAC"}
|
package/dist/payment.d.ts
CHANGED
|
@@ -9,7 +9,9 @@ import type { ProofportSigner } from './signer.js';
|
|
|
9
9
|
*
|
|
10
10
|
* @param signer - ProofportSigner (ethers, CDP MPC, or any implementation)
|
|
11
11
|
* @param payment - PaymentInfo from session or 402 response
|
|
12
|
+
* @param facilitatorUrl - Optional x402 facilitator URL (defaults to https://x402.dexter.cash)
|
|
13
|
+
* @param facilitatorHeaders - Optional headers for facilitator auth (e.g., CDP Bearer token)
|
|
12
14
|
* @returns Transaction hash
|
|
13
15
|
*/
|
|
14
|
-
export declare function makePayment(signer: ProofportSigner, payment: PaymentInfo): Promise<string>;
|
|
16
|
+
export declare function makePayment(signer: ProofportSigner, payment: PaymentInfo, facilitatorUrl?: string, facilitatorHeaders?: Record<string, string>): Promise<string>;
|
|
15
17
|
//# sourceMappingURL=payment.d.ts.map
|
package/dist/payment.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"payment.d.ts","sourceRoot":"","sources":["../src/payment.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAenD
|
|
1
|
+
{"version":3,"file":"payment.d.ts","sourceRoot":"","sources":["../src/payment.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAenD;;;;;;;;;;;;GAYG;AACH,wBAAsB,WAAW,CAC/B,MAAM,EAAE,eAAe,EACvB,OAAO,EAAE,WAAW,EACpB,cAAc,CAAC,EAAE,MAAM,EACvB,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC1C,OAAO,CAAC,MAAM,CAAC,CAuGjB"}
|
package/dist/payment.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { ethers } from 'ethers';
|
|
2
|
-
const
|
|
2
|
+
const DEFAULT_X402_FACILITATOR = 'https://x402.dexter.cash';
|
|
3
3
|
const CHAIN_IDS = {
|
|
4
4
|
'base-sepolia': 84532,
|
|
5
5
|
'base': 8453,
|
|
@@ -18,9 +18,12 @@ const USDC_DOMAIN_NAMES = {
|
|
|
18
18
|
*
|
|
19
19
|
* @param signer - ProofportSigner (ethers, CDP MPC, or any implementation)
|
|
20
20
|
* @param payment - PaymentInfo from session or 402 response
|
|
21
|
+
* @param facilitatorUrl - Optional x402 facilitator URL (defaults to https://x402.dexter.cash)
|
|
22
|
+
* @param facilitatorHeaders - Optional headers for facilitator auth (e.g., CDP Bearer token)
|
|
21
23
|
* @returns Transaction hash
|
|
22
24
|
*/
|
|
23
|
-
export async function makePayment(signer, payment) {
|
|
25
|
+
export async function makePayment(signer, payment, facilitatorUrl, facilitatorHeaders) {
|
|
26
|
+
const facilitator = facilitatorUrl || DEFAULT_X402_FACILITATOR;
|
|
24
27
|
const network = payment.network;
|
|
25
28
|
const chainId = CHAIN_IDS[network];
|
|
26
29
|
if (!chainId) {
|
|
@@ -95,9 +98,9 @@ export async function makePayment(signer, payment) {
|
|
|
95
98
|
},
|
|
96
99
|
},
|
|
97
100
|
};
|
|
98
|
-
const settleResponse = await fetch(`${
|
|
101
|
+
const settleResponse = await fetch(`${facilitator}/settle`, {
|
|
99
102
|
method: 'POST',
|
|
100
|
-
headers: { 'Content-Type': 'application/json' },
|
|
103
|
+
headers: { 'Content-Type': 'application/json', ...facilitatorHeaders },
|
|
101
104
|
body: JSON.stringify(settlePayload),
|
|
102
105
|
});
|
|
103
106
|
if (!settleResponse.ok) {
|
package/dist/payment.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"payment.js","sourceRoot":"","sources":["../src/payment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAIhC,MAAM,
|
|
1
|
+
{"version":3,"file":"payment.js","sourceRoot":"","sources":["../src/payment.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAIhC,MAAM,wBAAwB,GAAG,0BAA0B,CAAC;AAE5D,MAAM,SAAS,GAA2B;IACxC,cAAc,EAAE,KAAK;IACrB,MAAM,EAAE,IAAI;CACb,CAAC;AAEF,uEAAuE;AACvE,MAAM,iBAAiB,GAA2B;IAChD,cAAc,EAAE,MAAM;IACtB,MAAM,EAAE,UAAU;CACnB,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,MAAuB,EACvB,OAAoB,EACpB,cAAuB,EACvB,kBAA2C;IAE3C,MAAM,WAAW,GAAG,cAAc,IAAI,wBAAwB,CAAC;IAC/D,MAAM,OAAO,GAAG,OAAO,CAAC,OAAkC,CAAC;IAC3D,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IACnC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,EAAE,CAAC,CAAC;IACrD,CAAC;IAED,yDAAyD;IACzD,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAErD,kBAAkB;IAClB,MAAM,UAAU,GAAG,CAAC,CAAC;IACrB,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,SAAS;IAEnE,4EAA4E;IAC5E,MAAM,MAAM,GAAG;QACb,IAAI,EAAE,iBAAiB,CAAC,OAAO,CAAC,IAAI,UAAU;QAC9C,OAAO,EAAE,GAAG;QACZ,OAAO;QACP,iBAAiB,EAAE,OAAO,CAAC,KAAK;KACjC,CAAC;IAEF,MAAM,KAAK,GAAG;QACZ,yBAAyB,EAAE;YACzB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE;YACjC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,SAAS,EAAE;YAC/B,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE;YAClC,EAAE,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,SAAS,EAAE;YACvC,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,SAAS,EAAE;YACxC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE;SACnC;KACF,CAAC;IAEF,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC;IAEvC,MAAM,OAAO,GAAG;QACd,IAAI;QACJ,EAAE,EAAE,OAAO,CAAC,SAAS;QACrB,KAAK,EAAE,OAAO,CAAC,MAAM;QACrB,UAAU;QACV,WAAW;QACX,KAAK;KACN,CAAC;IAEF,yCAAyC;IACzC,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IAErE,qDAAqD;IACrD,MAAM,aAAa,GAAG;QACpB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,OAAO;QACf,OAAO;QACP,cAAc,EAAE;YACd,WAAW,EAAE,CAAC;YACd,MAAM,EAAE,OAAO;YACf,OAAO;YACP,OAAO,EAAE;gBACP,SAAS;gBACT,aAAa,EAAE;oBACb,IAAI;oBACJ,EAAE,EAAE,OAAO,CAAC,SAAS;oBACrB,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;oBAC7B,UAAU,EAAE,MAAM,CAAC,UAAU,CAAC;oBAC9B,WAAW,EAAE,MAAM,CAAC,WAAW,CAAC;oBAChC,KAAK;iBACN;aACF;SACF;QACD,mBAAmB,EAAE;YACnB,MAAM,EAAE,OAAO;YACf,OAAO;YACP,iBAAiB,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;YACzC,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,QAAQ,EAAE,GAAG,OAAO,CAAC,SAAS,QAAQ;YACtC,WAAW,EAAE,6BAA6B;YAC1C,QAAQ,EAAE,kBAAkB;YAC5B,KAAK,EAAE,OAAO,CAAC,SAAS;YACxB,KAAK,EAAE;gBACL,IAAI,EAAE,iBAAiB,CAAC,OAAO,CAAC,IAAI,UAAU;gBAC9C,OAAO,EAAE,GAAG;aACb;SACF;KACF,CAAC;IAEF,MAAM,cAAc,GAAG,MAAM,KAAK,CAAC,GAAG,WAAW,SAAS,EAAE;QAC1D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,GAAG,kBAAkB,EAAE;QACtE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC;KACpC,CAAC,CAAC;IAEH,IAAI,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC;QACvB,MAAM,KAAK,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,mCAAmC,KAAK,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,YAAY,GAAG,CAAC,MAAM,cAAc,CAAC,IAAI,EAAE,CAAQ,CAAC;IAC1D,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,IAAI,YAAY,CAAC,WAAW,EAAE,IAAI,IAAI,YAAY,CAAC,WAAW,CAAC;IACjG,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,uBAAuB,YAAY,CAAC,WAAW,IAAI,qBAAqB,EAAE,CAAC,CAAC;IAC9F,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
package/dist/prove.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import type { ClientConfig, CircuitName, ProveInputs, ProveResponse } from './types.js';
|
|
2
|
+
import type { EncryptedEnvelope } from './tee.js';
|
|
2
3
|
/**
|
|
3
4
|
* Submit proof generation with x402 payment headers.
|
|
4
5
|
* POST /api/v1/prove with X-Payment-TX and X-Payment-Nonce headers.
|
|
@@ -9,4 +10,14 @@ export declare function submitProof(config: ClientConfig, request: {
|
|
|
9
10
|
paymentTxHash: string;
|
|
10
11
|
paymentNonce: string;
|
|
11
12
|
}): Promise<ProveResponse>;
|
|
13
|
+
/**
|
|
14
|
+
* Submit an E2E encrypted proof request.
|
|
15
|
+
* The server acts as a blind relay -- it cannot read the inputs.
|
|
16
|
+
*/
|
|
17
|
+
export declare function submitEncryptedProof(config: ClientConfig, request: {
|
|
18
|
+
circuit: CircuitName;
|
|
19
|
+
encryptedPayload: EncryptedEnvelope;
|
|
20
|
+
paymentTxHash: string;
|
|
21
|
+
paymentNonce: string;
|
|
22
|
+
}): Promise<ProveResponse>;
|
|
12
23
|
//# sourceMappingURL=prove.d.ts.map
|
package/dist/prove.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prove.d.ts","sourceRoot":"","sources":["../src/prove.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"prove.d.ts","sourceRoot":"","sources":["../src/prove.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AACxF,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAElD;;;GAGG;AACH,wBAAsB,WAAW,CAC/B,MAAM,EAAE,YAAY,EACpB,OAAO,EAAE;IACP,OAAO,EAAE,WAAW,CAAC;IACrB,MAAM,EAAE,WAAW,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;CACtB,GACA,OAAO,CAAC,aAAa,CAAC,CAqBxB;AAED;;;GAGG;AACH,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,YAAY,EACpB,OAAO,EAAE;IACP,OAAO,EAAE,WAAW,CAAC;IACrB,gBAAgB,EAAE,iBAAiB,CAAC;IACpC,aAAa,EAAE,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;CACtB,GACA,OAAO,CAAC,aAAa,CAAC,CA0BxB"}
|
package/dist/prove.js
CHANGED
|
@@ -22,4 +22,31 @@ export async function submitProof(config, request) {
|
|
|
22
22
|
}
|
|
23
23
|
return response.json();
|
|
24
24
|
}
|
|
25
|
+
/**
|
|
26
|
+
* Submit an E2E encrypted proof request.
|
|
27
|
+
* The server acts as a blind relay -- it cannot read the inputs.
|
|
28
|
+
*/
|
|
29
|
+
export async function submitEncryptedProof(config, request) {
|
|
30
|
+
const url = `${config.baseUrl}/api/v1/prove`;
|
|
31
|
+
const response = await fetch(url, {
|
|
32
|
+
method: 'POST',
|
|
33
|
+
headers: {
|
|
34
|
+
'Content-Type': 'application/json',
|
|
35
|
+
'X-Payment-TX': request.paymentTxHash,
|
|
36
|
+
'X-Payment-Nonce': request.paymentNonce,
|
|
37
|
+
},
|
|
38
|
+
body: JSON.stringify({
|
|
39
|
+
circuit: request.circuit,
|
|
40
|
+
encrypted_payload: request.encryptedPayload,
|
|
41
|
+
}),
|
|
42
|
+
});
|
|
43
|
+
if (!response.ok) {
|
|
44
|
+
const error = await response.json().catch(() => ({ message: `HTTP ${response.status}` }));
|
|
45
|
+
if (response.status === 409) {
|
|
46
|
+
throw new Error('TEE key rotated. Retry with a new 402 challenge to get the updated key.');
|
|
47
|
+
}
|
|
48
|
+
throw new Error(`Proof generation failed: ${JSON.stringify(error)}`);
|
|
49
|
+
}
|
|
50
|
+
return response.json();
|
|
51
|
+
}
|
|
25
52
|
//# sourceMappingURL=prove.js.map
|
package/dist/prove.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prove.js","sourceRoot":"","sources":["../src/prove.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"prove.js","sourceRoot":"","sources":["../src/prove.ts"],"names":[],"mappings":"AAGA;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,MAAoB,EACpB,OAKC;IAED,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,eAAe,CAAC;IAC7C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,cAAc,EAAE,OAAO,CAAC,aAAa;YACrC,iBAAiB,EAAE,OAAO,CAAC,YAAY;SACxC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,MAAM,EAAE,OAAO,CAAC,MAAM;SACvB,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,QAAQ,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC;QAC1F,MAAM,IAAI,KAAK,CAAC,4BAA4B,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,EAA4B,CAAC;AACnD,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAAoB,EACpB,OAKC;IAED,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,eAAe,CAAC;IAC7C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,cAAc,EAAE,OAAO,CAAC,aAAa;YACrC,iBAAiB,EAAE,OAAO,CAAC,YAAY;SACxC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,iBAAiB,EAAE,OAAO,CAAC,gBAAgB;SAC5C,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,QAAQ,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC;QAE1F,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;QAC7F,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,4BAA4B,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,EAA4B,CAAC;AACnD,CAAC"}
|
package/dist/session.d.ts
CHANGED
|
@@ -3,6 +3,6 @@ import type { ClientConfig, CircuitName, ChallengeResponse, ProveInputs } from '
|
|
|
3
3
|
* Request a 402 payment challenge from the server.
|
|
4
4
|
* POST /api/v1/prove without payment headers → 402 with nonce + payment info.
|
|
5
5
|
*/
|
|
6
|
-
export declare function requestChallenge(config: ClientConfig, circuit: CircuitName, inputs
|
|
6
|
+
export declare function requestChallenge(config: ClientConfig, circuit: CircuitName, inputs?: ProveInputs): Promise<ChallengeResponse>;
|
|
7
7
|
export { requestChallenge as createSession };
|
|
8
8
|
//# sourceMappingURL=session.d.ts.map
|
package/dist/session.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE5F;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,YAAY,EACpB,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,WAAW,
|
|
1
|
+
{"version":3,"file":"session.d.ts","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE5F;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,MAAM,EAAE,YAAY,EACpB,OAAO,EAAE,WAAW,EACpB,MAAM,CAAC,EAAE,WAAW,GACnB,OAAO,CAAC,iBAAiB,CAAC,CAc5B;AAGD,OAAO,EAAE,gBAAgB,IAAI,aAAa,EAAE,CAAC"}
|
package/dist/session.js
CHANGED
|
@@ -7,7 +7,7 @@ export async function requestChallenge(config, circuit, inputs) {
|
|
|
7
7
|
const response = await fetch(url, {
|
|
8
8
|
method: 'POST',
|
|
9
9
|
headers: { 'Content-Type': 'application/json' },
|
|
10
|
-
body: JSON.stringify({ circuit, inputs }),
|
|
10
|
+
body: JSON.stringify({ circuit, ...(inputs && { inputs }) }),
|
|
11
11
|
});
|
|
12
12
|
if (response.status !== 402) {
|
|
13
13
|
const error = await response.json().catch(() => ({ message: `HTTP ${response.status}` }));
|
package/dist/session.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,MAAoB,EACpB,OAAoB,EACpB,
|
|
1
|
+
{"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,MAAoB,EACpB,OAAoB,EACpB,MAAoB;IAEpB,MAAM,GAAG,GAAG,GAAG,MAAM,CAAC,OAAO,eAAe,CAAC;IAC7C,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;KAC7D,CAAC,CAAC;IAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,QAAQ,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC;QAC1F,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,CAAC,MAAM,KAAM,KAAa,CAAC,OAAO,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAClH,CAAC;IAED,OAAO,QAAQ,CAAC,IAAI,EAAgC,CAAC;AACvD,CAAC;AAED,wEAAwE;AACxE,OAAO,EAAE,gBAAgB,IAAI,aAAa,EAAE,CAAC"}
|
package/dist/tee.d.ts
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TEE E2E Encryption -- Client-side X25519 ECDH + AES-256-GCM
|
|
3
|
+
*/
|
|
4
|
+
export interface EncryptedEnvelope {
|
|
5
|
+
ephemeralPublicKey: string;
|
|
6
|
+
iv: string;
|
|
7
|
+
ciphertext: string;
|
|
8
|
+
authTag: string;
|
|
9
|
+
keyId: string;
|
|
10
|
+
}
|
|
11
|
+
/**
|
|
12
|
+
* Encrypt a payload for the TEE using X25519 ECDH + AES-256-GCM.
|
|
13
|
+
*/
|
|
14
|
+
export declare function encryptForTee(plaintext: string, teePublicKeyHex: string): EncryptedEnvelope;
|
|
15
|
+
//# sourceMappingURL=tee.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tee.d.ts","sourceRoot":"","sources":["../src/tee.ts"],"names":[],"mappings":"AAAA;;GAEG;AAaH,MAAM,WAAW,iBAAiB;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;CACf;AAUD;;GAEG;AACH,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,GAAG,iBAAiB,CAuB3F"}
|
package/dist/tee.js
ADDED
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* TEE E2E Encryption -- Client-side X25519 ECDH + AES-256-GCM
|
|
3
|
+
*/
|
|
4
|
+
import { createHash, generateKeyPairSync, diffieHellman, randomBytes, createCipheriv, createPublicKey, } from 'crypto';
|
|
5
|
+
// ─── Encryption ─────────────────────────────────────────────────────────
|
|
6
|
+
const X25519_SPKI_HEADER = Buffer.from('302a300506032b656e032100', 'hex');
|
|
7
|
+
function computeKeyId(publicKeyHex) {
|
|
8
|
+
return createHash('sha256').update(Buffer.from(publicKeyHex, 'hex')).digest('hex').slice(0, 16);
|
|
9
|
+
}
|
|
10
|
+
/**
|
|
11
|
+
* Encrypt a payload for the TEE using X25519 ECDH + AES-256-GCM.
|
|
12
|
+
*/
|
|
13
|
+
export function encryptForTee(plaintext, teePublicKeyHex) {
|
|
14
|
+
const { publicKey: ephPublic, privateKey: ephPrivate } = generateKeyPairSync('x25519');
|
|
15
|
+
const ephPublicDer = ephPublic.export({ type: 'spki', format: 'der' });
|
|
16
|
+
const ephPublicRaw = ephPublicDer.subarray(12);
|
|
17
|
+
const teePubDer = Buffer.concat([X25519_SPKI_HEADER, Buffer.from(teePublicKeyHex, 'hex')]);
|
|
18
|
+
const teePubKeyObj = createPublicKey({ key: teePubDer, format: 'der', type: 'spki' });
|
|
19
|
+
const shared = diffieHellman({ publicKey: teePubKeyObj, privateKey: ephPrivate });
|
|
20
|
+
const aesKey = createHash('sha256').update(shared).digest();
|
|
21
|
+
const iv = randomBytes(12);
|
|
22
|
+
const cipher = createCipheriv('aes-256-gcm', aesKey, iv);
|
|
23
|
+
const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
|
|
24
|
+
const authTag = cipher.getAuthTag();
|
|
25
|
+
return {
|
|
26
|
+
ephemeralPublicKey: ephPublicRaw.toString('hex'),
|
|
27
|
+
iv: iv.toString('hex'),
|
|
28
|
+
ciphertext: encrypted.toString('hex'),
|
|
29
|
+
authTag: authTag.toString('hex'),
|
|
30
|
+
keyId: computeKeyId(teePublicKeyHex),
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
//# sourceMappingURL=tee.js.map
|
package/dist/tee.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"tee.js","sourceRoot":"","sources":["../src/tee.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EACL,UAAU,EACV,mBAAmB,EACnB,aAAa,EACb,WAAW,EACX,cAAc,EACd,eAAe,GAChB,MAAM,QAAQ,CAAC;AAYhB,2EAA2E;AAE3E,MAAM,kBAAkB,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;AAE1E,SAAS,YAAY,CAAC,YAAoB;IACxC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAClG,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,SAAiB,EAAE,eAAuB;IACtE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,mBAAmB,CAAC,QAAQ,CAAC,CAAC;IACvF,MAAM,YAAY,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAC;IACjF,MAAM,YAAY,GAAG,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAE/C,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,kBAAkB,EAAE,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;IAC3F,MAAM,YAAY,GAAG,eAAe,CAAC,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;IAEtF,MAAM,MAAM,GAAG,aAAa,CAAC,EAAE,SAAS,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC,CAAC;IAClF,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,CAAC;IAE5D,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC3B,MAAM,MAAM,GAAG,cAAc,CAAC,aAAa,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACpF,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAEpC,OAAO;QACL,kBAAkB,EAAE,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC;QAChD,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;QACtB,UAAU,EAAE,SAAS,CAAC,QAAQ,CAAC,KAAK,CAAC;QACrC,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;QAChC,KAAK,EAAE,YAAY,CAAC,eAAe,CAAC;KACrC,CAAC;AACJ,CAAC"}
|
package/dist/toml.d.ts
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Prover.toml builder for client-side E2E encryption.
|
|
3
|
+
*
|
|
4
|
+
* Converts SDK ProveInputs to Prover.toml string format that the TEE's
|
|
5
|
+
* bb CLI can consume directly. This enables the client to build the complete
|
|
6
|
+
* proverToml locally, encrypt it with the TEE's public key, and send the
|
|
7
|
+
* encrypted blob — making the server a blind relay.
|
|
8
|
+
*/
|
|
9
|
+
import type { ProveInputs, CircuitId } from './types.js';
|
|
10
|
+
/**
|
|
11
|
+
* Build a Prover.toml string from SDK ProveInputs.
|
|
12
|
+
*
|
|
13
|
+
* This is the client-side equivalent of the server's toProverToml().
|
|
14
|
+
* The output format must exactly match what the TEE's enclave-server.py expects.
|
|
15
|
+
*
|
|
16
|
+
* @param circuitId - Canonical circuit ID ('coinbase_attestation' or 'coinbase_country_attestation')
|
|
17
|
+
* @param inputs - Client-computed ProveInputs from prepareInputs()
|
|
18
|
+
* @returns Prover.toml content string
|
|
19
|
+
*/
|
|
20
|
+
export declare function buildProverToml(circuitId: CircuitId, inputs: ProveInputs): string;
|
|
21
|
+
//# sourceMappingURL=toml.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"toml.d.ts","sourceRoot":"","sources":["../src/toml.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AA+DzD;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,GAAG,MAAM,CA8BjF"}
|
package/dist/toml.js
ADDED
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Prover.toml builder for client-side E2E encryption.
|
|
3
|
+
*
|
|
4
|
+
* Converts SDK ProveInputs to Prover.toml string format that the TEE's
|
|
5
|
+
* bb CLI can consume directly. This enables the client to build the complete
|
|
6
|
+
* proverToml locally, encrypt it with the TEE's public key, and send the
|
|
7
|
+
* encrypted blob — making the server a blind relay.
|
|
8
|
+
*/
|
|
9
|
+
import { ethers } from 'ethers';
|
|
10
|
+
// ─── Helpers ────────────────────────────────────────────────────────────
|
|
11
|
+
function hexToBytes(hex) {
|
|
12
|
+
const clean = hex.startsWith('0x') ? hex.slice(2) : hex;
|
|
13
|
+
const bytes = [];
|
|
14
|
+
for (let i = 0; i < clean.length; i += 2) {
|
|
15
|
+
bytes.push(parseInt(clean.slice(i, i + 2), 16));
|
|
16
|
+
}
|
|
17
|
+
return bytes;
|
|
18
|
+
}
|
|
19
|
+
function padBytes(bytes, length) {
|
|
20
|
+
const padded = [...bytes];
|
|
21
|
+
while (padded.length < length) {
|
|
22
|
+
padded.push(0);
|
|
23
|
+
}
|
|
24
|
+
return padded;
|
|
25
|
+
}
|
|
26
|
+
function bytesToHexArray(bytes) {
|
|
27
|
+
const arr = Array.from(bytes);
|
|
28
|
+
return '[' + arr.map(b => '0x' + b.toString(16).padStart(2, '0')).join(', ') + ']';
|
|
29
|
+
}
|
|
30
|
+
function splitSignature(sig) {
|
|
31
|
+
const signature = ethers.Signature.from(sig);
|
|
32
|
+
const rBytes = hexToBytes(signature.r);
|
|
33
|
+
// Use _s to get raw s value, bypassing canonical check
|
|
34
|
+
const sValue = signature._s || signature.s;
|
|
35
|
+
const sBytes = hexToBytes(sValue);
|
|
36
|
+
return [...rBytes, ...sBytes];
|
|
37
|
+
}
|
|
38
|
+
function formatMerkleProof(proof, maxDepth) {
|
|
39
|
+
const paddedProof = [];
|
|
40
|
+
for (let i = 0; i < maxDepth; i++) {
|
|
41
|
+
if (i < proof.length) {
|
|
42
|
+
paddedProof.push(padBytes(hexToBytes(proof[i]), 32));
|
|
43
|
+
}
|
|
44
|
+
else {
|
|
45
|
+
paddedProof.push(new Array(32).fill(0));
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
const lines = paddedProof.map(entry => ' ' + bytesToHexArray(entry));
|
|
49
|
+
return '[\n' + lines.join(',\n') + '\n]';
|
|
50
|
+
}
|
|
51
|
+
function formatCountryList(countries, maxEntries) {
|
|
52
|
+
const paddedList = [];
|
|
53
|
+
for (let i = 0; i < maxEntries; i++) {
|
|
54
|
+
if (i < countries.length) {
|
|
55
|
+
paddedList.push([countries[i].charCodeAt(0), countries[i].charCodeAt(1)]);
|
|
56
|
+
}
|
|
57
|
+
else {
|
|
58
|
+
paddedList.push([0, 0]);
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
const lines = paddedList.map(entry => ' ' + bytesToHexArray(entry));
|
|
62
|
+
return '[\n' + lines.join(',\n') + '\n]';
|
|
63
|
+
}
|
|
64
|
+
// ─── Main Export ────────────────────────────────────────────────────────
|
|
65
|
+
/**
|
|
66
|
+
* Build a Prover.toml string from SDK ProveInputs.
|
|
67
|
+
*
|
|
68
|
+
* This is the client-side equivalent of the server's toProverToml().
|
|
69
|
+
* The output format must exactly match what the TEE's enclave-server.py expects.
|
|
70
|
+
*
|
|
71
|
+
* @param circuitId - Canonical circuit ID ('coinbase_attestation' or 'coinbase_country_attestation')
|
|
72
|
+
* @param inputs - Client-computed ProveInputs from prepareInputs()
|
|
73
|
+
* @returns Prover.toml content string
|
|
74
|
+
*/
|
|
75
|
+
export function buildProverToml(circuitId, inputs) {
|
|
76
|
+
const lines = [];
|
|
77
|
+
lines.push(`signal_hash = ${bytesToHexArray(hexToBytes(inputs.signal_hash))}`);
|
|
78
|
+
lines.push(`signer_list_merkle_root = ${bytesToHexArray(hexToBytes(inputs.merkle_root))}`);
|
|
79
|
+
if (circuitId === 'coinbase_country_attestation') {
|
|
80
|
+
if (!inputs.country_list || inputs.is_included === undefined) {
|
|
81
|
+
throw new Error('country_list and is_included are required for coinbase_country_attestation');
|
|
82
|
+
}
|
|
83
|
+
lines.push(`country_list = ${formatCountryList(inputs.country_list, 10)}`);
|
|
84
|
+
lines.push(`country_list_length = ${inputs.country_list.length}`);
|
|
85
|
+
lines.push(`is_included = ${inputs.is_included}`);
|
|
86
|
+
}
|
|
87
|
+
lines.push(`scope = ${bytesToHexArray(hexToBytes(inputs.scope_bytes))}`);
|
|
88
|
+
lines.push(`nullifier = ${bytesToHexArray(hexToBytes(inputs.nullifier))}`);
|
|
89
|
+
lines.push(`user_address = ${bytesToHexArray(hexToBytes(inputs.user_address))}`);
|
|
90
|
+
lines.push(`user_signature = ${bytesToHexArray(splitSignature(inputs.signature))}`);
|
|
91
|
+
lines.push(`user_pubkey_x = ${bytesToHexArray(hexToBytes(inputs.user_pubkey_x))}`);
|
|
92
|
+
lines.push(`user_pubkey_y = ${bytesToHexArray(hexToBytes(inputs.user_pubkey_y))}`);
|
|
93
|
+
lines.push(`tx_length = ${inputs.tx_length}`);
|
|
94
|
+
lines.push(`raw_transaction = ${bytesToHexArray(padBytes(hexToBytes(inputs.raw_transaction), 300))}`);
|
|
95
|
+
lines.push(`coinbase_attester_pubkey_x = ${bytesToHexArray(hexToBytes(inputs.coinbase_attester_pubkey_x))}`);
|
|
96
|
+
lines.push(`coinbase_attester_pubkey_y = ${bytesToHexArray(hexToBytes(inputs.coinbase_attester_pubkey_y))}`);
|
|
97
|
+
lines.push(`coinbase_signer_merkle_proof = ${formatMerkleProof(inputs.merkle_proof, 8)}`);
|
|
98
|
+
lines.push(`coinbase_signer_leaf_index = ${inputs.leaf_index}`);
|
|
99
|
+
lines.push(`merkle_proof_depth = ${inputs.depth}`);
|
|
100
|
+
return lines.join('\n');
|
|
101
|
+
}
|
|
102
|
+
//# sourceMappingURL=toml.js.map
|
package/dist/toml.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"toml.js","sourceRoot":"","sources":["../src/toml.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAGhC,2EAA2E;AAE3E,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;IACxD,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACzC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAClD,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,QAAQ,CAAC,KAAe,EAAE,MAAc;IAC/C,MAAM,MAAM,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC;IAC1B,OAAO,MAAM,CAAC,MAAM,GAAG,MAAM,EAAE,CAAC;QAC9B,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAS,eAAe,CAAC,KAA4B;IACnD,MAAM,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC9B,OAAO,GAAG,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC;AACrF,CAAC;AAED,SAAS,cAAc,CAAC,GAAW;IACjC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;IACvC,uDAAuD;IACvD,MAAM,MAAM,GAAI,SAAiB,CAAC,EAAE,IAAI,SAAS,CAAC,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;IAClC,OAAO,CAAC,GAAG,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC;AAChC,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAe,EAAE,QAAgB;IAC1D,MAAM,WAAW,GAAe,EAAE,CAAC;IACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;YACrB,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;QACvD,CAAC;aAAM,CAAC;YACN,WAAW,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IACD,MAAM,KAAK,GAAG,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;IACxE,OAAO,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC;AAC3C,CAAC;AAED,SAAS,iBAAiB,CAAC,SAAmB,EAAE,UAAkB;IAChE,MAAM,UAAU,GAAe,EAAE,CAAC;IAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,IAAI,CAAC,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC;YACzB,UAAU,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5E,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IACD,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC;IACvE,OAAO,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,KAAK,CAAC;AAC3C,CAAC;AAED,2EAA2E;AAE3E;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAAC,SAAoB,EAAE,MAAmB;IACvE,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,CAAC,IAAI,CAAC,iBAAiB,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,CAAC;IAC/E,KAAK,CAAC,IAAI,CAAC,6BAA6B,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,CAAC;IAE3F,IAAI,SAAS,KAAK,8BAA8B,EAAE,CAAC;QACjD,IAAI,CAAC,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC7D,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAC;QAChG,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,kBAAkB,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;QAC3E,KAAK,CAAC,IAAI,CAAC,yBAAyB,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;QAClE,KAAK,CAAC,IAAI,CAAC,iBAAiB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,WAAW,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC,CAAC;IACzE,KAAK,CAAC,IAAI,CAAC,eAAe,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC;IAC3E,KAAK,CAAC,IAAI,CAAC,kBAAkB,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC;IACjF,KAAK,CAAC,IAAI,CAAC,oBAAoB,eAAe,CAAC,cAAc,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC;IACpF,KAAK,CAAC,IAAI,CAAC,mBAAmB,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC;IACnF,KAAK,CAAC,IAAI,CAAC,mBAAmB,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC;IACnF,KAAK,CAAC,IAAI,CAAC,eAAe,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC;IAC9C,KAAK,CAAC,IAAI,CAAC,qBAAqB,eAAe,CAAC,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC;IACtG,KAAK,CAAC,IAAI,CAAC,gCAAgC,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC,EAAE,CAAC,CAAC;IAC7G,KAAK,CAAC,IAAI,CAAC,gCAAgC,eAAe,CAAC,UAAU,CAAC,MAAM,CAAC,0BAA0B,CAAC,CAAC,EAAE,CAAC,CAAC;IAC7G,KAAK,CAAC,IAAI,CAAC,kCAAkC,iBAAiB,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;IAC1F,KAAK,CAAC,IAAI,CAAC,gCAAgC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;IAChE,KAAK,CAAC,IAAI,CAAC,wBAAwB,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;IAEnD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -13,6 +13,10 @@ export interface ClientConfig {
|
|
|
13
13
|
easRpcUrl?: string;
|
|
14
14
|
/** EAS GraphQL endpoint */
|
|
15
15
|
easGraphqlUrl?: string;
|
|
16
|
+
/** x402 facilitator URL for payment settlement */
|
|
17
|
+
facilitatorUrl?: string;
|
|
18
|
+
/** Optional headers for facilitator auth (e.g., CDP Bearer token) */
|
|
19
|
+
facilitatorHeaders?: Record<string, string>;
|
|
16
20
|
}
|
|
17
21
|
export interface PaymentInfo {
|
|
18
22
|
nonce: string;
|
|
@@ -41,6 +45,12 @@ export interface ChallengeResponse {
|
|
|
41
45
|
message: string;
|
|
42
46
|
nonce: string;
|
|
43
47
|
payment: PaymentRequirements;
|
|
48
|
+
facilitatorUrl?: string;
|
|
49
|
+
teePublicKey?: {
|
|
50
|
+
publicKey: string;
|
|
51
|
+
keyId: string;
|
|
52
|
+
attestationDocument: string | null;
|
|
53
|
+
} | null;
|
|
44
54
|
}
|
|
45
55
|
export interface ProveInputs {
|
|
46
56
|
signal_hash: string;
|
|
@@ -63,7 +73,17 @@ export interface ProveInputs {
|
|
|
63
73
|
}
|
|
64
74
|
export interface ProveRequest {
|
|
65
75
|
circuit: CircuitName;
|
|
66
|
-
inputs
|
|
76
|
+
inputs?: ProveInputs;
|
|
77
|
+
encrypted_payload?: EncryptedProveRequest['encrypted_payload'];
|
|
78
|
+
}
|
|
79
|
+
export interface EncryptedProveRequest {
|
|
80
|
+
encrypted_payload: {
|
|
81
|
+
ephemeralPublicKey: string;
|
|
82
|
+
iv: string;
|
|
83
|
+
ciphertext: string;
|
|
84
|
+
authTag: string;
|
|
85
|
+
keyId: string;
|
|
86
|
+
};
|
|
67
87
|
}
|
|
68
88
|
export interface ProveResponse {
|
|
69
89
|
proof: string;
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA,uCAAuC;AACvC,MAAM,MAAM,WAAW,GAAG,cAAc,GAAG,kBAAkB,CAAC;AAE9D,uDAAuD;AACvD,MAAM,MAAM,SAAS,GAAG,sBAAsB,GAAG,8BAA8B,CAAC;AAEhF,0DAA0D;AAC1D,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,WAAW,EAAE,SAAS,CAG3D,CAAC;AAEF,+DAA+D;AAC/D,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,SAAS,EAAE,WAAW,CAGzD,CAAC;AAIF,MAAM,WAAW,YAAY;IAC3B,oEAAoE;IACpE,OAAO,EAAE,MAAM,CAAC;IAChB,oDAAoD;IACpD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2BAA2B;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAEA,uCAAuC;AACvC,MAAM,MAAM,WAAW,GAAG,cAAc,GAAG,kBAAkB,CAAC;AAE9D,uDAAuD;AACvD,MAAM,MAAM,SAAS,GAAG,sBAAsB,GAAG,8BAA8B,CAAC;AAEhF,0DAA0D;AAC1D,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,WAAW,EAAE,SAAS,CAG3D,CAAC;AAEF,+DAA+D;AAC/D,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,SAAS,EAAE,WAAW,CAGzD,CAAC;AAIF,MAAM,WAAW,YAAY;IAC3B,oEAAoE;IACpE,OAAO,EAAE,MAAM,CAAC;IAChB,oDAAoD;IACpD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2BAA2B;IAC3B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,kDAAkD;IAClD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,qEAAqE;IACrE,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC7C;AAID,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB;AAID,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;CACzD;AAED,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,mBAAmB,CAAC;IAC7B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,YAAY,CAAC,EAAE;QACb,SAAS,EAAE,MAAM,CAAC;QAClB,KAAK,EAAE,MAAM,CAAC;QACd,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;KACpC,GAAG,IAAI,CAAC;CACV;AAID,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,0BAA0B,EAAE,MAAM,CAAC;IACnC,0BAA0B,EAAE,MAAM,CAAC;IACnC,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,WAAW,CAAC;IACrB,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,iBAAiB,CAAC,EAAE,qBAAqB,CAAC,mBAAmB,CAAC,CAAC;CAChE;AAID,MAAM,WAAW,qBAAqB;IACpC,iBAAiB,EAAE;QACjB,kBAAkB,EAAE,MAAM,CAAC;QAC3B,EAAE,EAAE,MAAM,CAAC;QACX,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;QAChB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE;QACX,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE;YACZ,WAAW,EAAE,OAAO,CAAC;YACrB,UAAU,EAAE,OAAO,CAAC;YACpB,cAAc,EAAE,OAAO,CAAC;YACxB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;SAC9B,CAAC;KACH,GAAG,IAAI,CAAC;IACT,MAAM,EAAE;QACN,OAAO,EAAE,MAAM,CAAC;QAChB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,YAAY,EAAE;QACZ,OAAO,EAAE,MAAM,CAAC;QAChB,eAAe,EAAE,MAAM,CAAC;QACxB,MAAM,EAAE,MAAM,CAAC;KAChB,GAAG,IAAI,CAAC;CACV;AAED,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,OAAO,CAAC;IACf,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAID,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,cAAc,CAAC;IAC5B,cAAc,EAAE,MAAM,CAAC;CACxB;AAID,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,WAAW,CAAC;IACrB,2DAA2D;IAC3D,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,EAAE,CAAC;IACvB,iEAAiE;IACjE,UAAU,CAAC,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC;IACxB,aAAa,EAAE,MAAM,CAAC;IACtB,WAAW,EAAE,aAAa,CAAC,aAAa,CAAC,CAAC;IAC1C,MAAM,EAAE,aAAa,CAAC,QAAQ,CAAC,CAAC;IAChC,YAAY,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;CAC7C;AAID,MAAM,WAAW,UAAU,CAAC,CAAC,GAAG,OAAO;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,CAAC,CAAC;IACR,UAAU,EAAE,MAAM,CAAC;CACpB"}
|