@zkproofport-ai/sdk 0.1.1 → 0.1.3

package/README.md

@@ -4,7 +4,7 @@ Client SDK for ZKProofport zero-knowledge proof generation on Base Mainnet.
 
 ## Overview
 
-@zkproofport-ai/sdk is a TypeScript SDK for generating privacy-preserving zero-knowledge proofs using Coinbase KYC attestations. Generate a proof with a single function call, or fine-tune each step for custom workflows.
+@zkproofport-ai/sdk is a TypeScript SDK for generating privacy-preserving zero-knowledge proofs using Coinbase KYC attestations and OIDC JWT tokens. Generate a proof with a single function call, or fine-tune each step for custom workflows.
 
 Proofs are generated in trusted execution environments (Nitro Enclaves) with cryptographic attestation. Payment is handled transparently via the x402 protocol using EIP-3009 (no user gas costs).
 
@@ -40,13 +40,14 @@ Before using the SDK, you need:
 3. **USDC balance on Base** — At least $0.10 per proof. Payment is gasless (EIP-3009 signature, facilitator pays gas).
 4. **Attestation wallet private key** (required) — The private key of the wallet that holds the EAS attestation. This is always a raw private key because the attestation is tied to a specific address.
 
-5. **Payment wallet** (optional) — Wallet with USDC balance for proof payment. Defaults to the attestation wallet. Choose one:
+5. **Payment wallet** (recommended) — Separate wallet with USDC balance for proof payment. Choose one:
 
-   - **Same as attestation wallet** — No additional setup. The attestation wallet must hold USDC.
+   - **Same as attestation wallet (NOT recommended)** — No additional setup, but **defeats zero-knowledge privacy**.
+     > ⚠️ **Privacy risk:** Using the attestation wallet for payment exposes your KYC-verified wallet address on-chain in the payment transaction, **directly linking your real-world identity to on-chain activity**. This defeats the purpose of zero-knowledge proofs. Always use a separate payment wallet (private key or CDP) to preserve privacy.
    - **Separate private key** — A different wallet with USDC balance.
    - **CDP MPC wallet** — Coinbase Developer Platform managed wallet. Private keys never leave Coinbase's TEE. Get credentials at [CDP Portal](https://portal.cdp.coinbase.com). Requires additional install:
      ```bash
-     npm install @coinbase/agentkit @coinbase/cdp-sdk
+     npm install @coinbase/cdp-sdk
      ```
      | Credential | Required | Description |
      |------------|----------|-------------|
@@ -57,17 +58,18 @@ Before using the SDK, you need:
 
 ## Quick Start
 
-### Single Wallet (attestation + payment)
+### Separate Payment Wallet (Recommended)
 
 ```typescript
 import { generateProof, createConfig, fromPrivateKey, verifyProof } from '@zkproofport-ai/sdk';
 
 const config = createConfig();
-const signer = fromPrivateKey(process.env.PRIVATE_KEY);
+const attestationSigner = fromPrivateKey(process.env.ATTESTATION_KEY);
+const paymentSigner = fromPrivateKey(process.env.PAYMENT_KEY);
 
 const result = await generateProof(
   config,
-  { attestation: signer },
+  { attestation: attestationSigner, payment: paymentSigner },
   { circuit: 'coinbase_kyc', scope: 'my-app' }
 );
 
@@ -75,14 +77,38 @@ const verification = await verifyProof(result);
 console.log('Valid:', verification.valid);
 ```
 
-### Separate Payment Wallet
+### With CDP Payment Wallet
 
 ```typescript
-import { generateProof, createConfig, fromPrivateKey, verifyProof } from '@zkproofport-ai/sdk';
+import { generateProof, createConfig, fromPrivateKey, fromExternalWallet, verifyProof } from '@zkproofport-ai/sdk';
+import { CdpClient } from '@coinbase/cdp-sdk';
 
 const config = createConfig();
 const attestationSigner = fromPrivateKey(process.env.ATTESTATION_KEY);
-const paymentSigner = fromPrivateKey(process.env.PAYMENT_KEY);
+
+// Create CDP MPC wallet (private keys never leave Coinbase's TEE)
+const cdp = new CdpClient();
+const account = await cdp.evm.getOrCreateAccount({ name: 'proofport-payment' });
+
+const paymentSigner = fromExternalWallet({
+  getAddress: () => account.address!,
+  signMessage: async (msg) => {
+    const message = msg instanceof Uint8Array ? Buffer.from(msg).toString() : msg;
+    const result = await cdp.evm.signMessage({ address: account.address!, message });
+    return result.signature;
+  },
+  signTypedData: async (domain, types, message) => {
+    const primaryType = Object.keys(types).find(k => k !== 'EIP712Domain') || '';
+    const result = await cdp.evm.signTypedData({ address: account.address!, domain, types, primaryType, message });
+    return result.signature;
+  },
+  sendTransaction: async (tx) => {
+    const result = await cdp.evm.sendTransaction({
+      address: account.address!, transaction: tx, network: 'base-sepolia',
+    });
+    return { hash: result.transactionHash, wait: async () => ({ status: 1 }) };
+  },
+});
 
 const result = await generateProof(
   config,
@@ -94,19 +120,19 @@ const verification = await verifyProof(result);
 console.log('Valid:', verification.valid);
 ```
 
-### With CDP Payment Wallet
+### External Wallet Adapter
+
+Wrap any external wallet (WalletConnect, MetaMask, etc.) using `fromExternalWallet()`:
 
 ```typescript
-import { generateProof, createConfig, fromPrivateKey, CdpWalletSigner, verifyProof } from '@zkproofport-ai/sdk';
+import { generateProof, createConfig, fromPrivateKey, fromExternalWallet, verifyProof } from '@zkproofport-ai/sdk';
 
 const config = createConfig();
 const attestationSigner = fromPrivateKey(process.env.ATTESTATION_KEY);
-const paymentSigner = await CdpWalletSigner.create({
-  apiKeyId: process.env.CDP_API_KEY_ID,
-  apiKeySecret: process.env.CDP_API_KEY_SECRET,
-  walletSecret: process.env.CDP_WALLET_SECRET,
-  address: process.env.CDP_WALLET_ADDRESS,
-});
+
+// Wrap external wallet (e.g., from WalletConnect modal, Privy, etc.)
+const externalWallet = await getWalletFromUI(); // Your wallet integration
+const paymentSigner = fromExternalWallet(externalWallet);
 
 const result = await generateProof(
   config,
@@ -132,6 +158,14 @@ const config = createConfig({
   easRpcUrl: 'https://mainnet.base.org',
   easGraphqlUrl: 'https://base.easscan.org/graphql',
 });
+
+// Custom x402 facilitator (e.g., for CDP with JWT auth)
+const config = createConfig({
+  facilitatorUrl: 'https://facilitator.example.com',
+  facilitatorHeaders: {
+    'Authorization': `Bearer ${process.env.CDP_FACILITATOR_TOKEN}`,
+  },
+});
 ```
 
 **Configuration fields:**
@@ -141,6 +175,8 @@ const config = createConfig({
 | `baseUrl` | string | `https://ai.zkproofport.app` | proofport-ai server URL |
 | `easRpcUrl` | string | `https://mainnet.base.org` | Base Mainnet RPC for EAS attestation queries |
 | `easGraphqlUrl` | string | `https://base.easscan.org/graphql` | EAS GraphQL endpoint for attestation schema queries |
+| `facilitatorUrl` | string | `https://x402.dexter.cash` | x402 payment facilitator URL |
+| `facilitatorHeaders` | object | `{}` | Optional auth headers for custom facilitator (e.g., CDP with JWT) |
 
 ## Proof Generation
 
@@ -318,13 +354,36 @@ const result = await generateProof(config, signers, {
 });
 ```
 
+### OIDC Domain
+
+Proves email domain affiliation using an OIDC JWT token (e.g., Google, Microsoft). No EAS attestation or Coinbase account required — only a payment wallet and a JWT `id_token`.
+
+```typescript
+import { createConfig, generateProof, fromPrivateKey } from '@zkproofport-ai/sdk';
+
+const config = createConfig();
+const paymentSigner = fromPrivateKey(process.env.PAYMENT_KEY);
+
+const result = await generateProof(
+  config,
+  { attestation: paymentSigner }, // OIDC skips attestation; payment signer is used for x402 payment only
+  {
+    circuit: 'oidc_domain',
+    jwt: idToken, // JWT id_token from Google/Microsoft OAuth
+    scope: 'myapp:verify-domain',
+  },
+);
+```
+
+> **Note:** For OIDC circuits, the `attestation` signer field is only used as a payment fallback. Pass your payment wallet — no EAS-attested wallet needed.
+
 ## Types Reference
 
 **Circuit Types:**
 
 ```typescript
-type CircuitName = 'coinbase_kyc' | 'coinbase_country';
-type CircuitId = 'coinbase_attestation' | 'coinbase_country_attestation';
+type CircuitName = 'coinbase_kyc' | 'coinbase_country' | 'oidc_domain';
+type CircuitId = 'coinbase_attestation' | 'coinbase_country_attestation' | 'oidc_domain_attestation';
 ```
 
 **Configuration:**
@@ -334,6 +393,8 @@ interface ClientConfig {
   baseUrl: string;
   easRpcUrl?: string;
   easGraphqlUrl?: string;
+  facilitatorUrl?: string;           // x402 facilitator URL (default: https://x402.dexter.cash)
+  facilitatorHeaders?: Record<string, string>; // Auth headers for custom facilitator
 }
 ```
 
@@ -346,6 +407,27 @@ interface ProofportSigner {
   signTypedData(domain: {...}, types: {...}, message: {...}): Promise<string>;
   sendTransaction(tx: {...}): Promise<{ hash: string; wait(): Promise<{...}> }>;
 }
+
+// Create signer from ethers private key
+function fromPrivateKey(key: string, provider?: ethers.Provider): ProofportSigner;
+
+// Create signer from any external wallet (CDP, WalletConnect, Privy, etc.)
+class CdpWalletSigner implements ProofportSigner {
+  constructor(wallet: {
+    getAddress(): string | Promise<string>;
+    signMessage(message: Uint8Array | string): Promise<string>;
+    signTypedData(domain: Record<string, unknown>, types: Record<string, Array<{ name: string; type: string }>>, message: Record<string, unknown>): Promise<string>;
+    sendTransaction?(tx: { to: string; data: string; value?: bigint }): Promise<{ hash: string; wait(): Promise<{ status: number | null }> }>;
+  });
+}
+
+// Wrap external wallet (WalletConnect, MetaMask, Privy, etc.)
+function fromExternalWallet(wallet: {
+  getAddress(): string | Promise<string>;
+  signMessage(message: Uint8Array): Promise<string>;
+  signTypedData(domain: any, types: any, message: any): Promise<string>;
+  sendTransaction?(tx: any): Promise<{ hash: string; wait(): Promise<any> }>;
+}): ProofportSigner;
 ```
 
 **Proof Parameters:**
@@ -356,6 +438,7 @@ interface ProofParams {
   scope?: string; // defaults to 'proofport'
   countryList?: string[]; // for coinbase_country only
   isIncluded?: boolean; // for coinbase_country only
+  jwt?: string; // JWT id_token for OIDC circuits (required for oidc_domain)
 }
 ```
 
@@ -391,6 +474,15 @@ interface ProofResult {
 }
 ```
 
+**OIDC Inputs:**
+
+```typescript
+interface OidcProveInputs {
+  jwt: string;
+  scope_string: string;
+}
+```
+
 **Callbacks:**
 
 ```typescript
@@ -414,11 +506,25 @@ Payment is transparent to the application. When `generateProof()` runs, the user
 - Method: EIP-3009 `TransferWithAuthorization`
 - Token: USDC on Base Mainnet
 - Amount: $0.10 per proof
-- Facilitator: https://www.x402.org/facilitator (pays gas)
+- Facilitator: `https://x402.dexter.cash` (default, pays gas)
 - User cost: Only USDC, no ETH for gas
+- Custom facilitator: Use `facilitatorUrl` + `facilitatorHeaders` in `ClientConfig` for alternative facilitators (e.g., CDP with JWT auth)
 
 The payment transaction hash is included in `result.paymentTxHash` for settlement tracking.
 
+### Custom Facilitator (CDP Example)
+
+```typescript
+const config = createConfig({
+  facilitatorUrl: 'https://cdp-facilitator.example.com',
+  facilitatorHeaders: {
+    'Authorization': `Bearer ${process.env.CDP_JWT_TOKEN}`,
+  },
+});
+
+const result = await generateProof(config, signers, params);
+```
+
 ## Error Handling
 
 ```typescript

package/dist/cdp.d.ts

@@ -1,26 +1,100 @@
 import type { ProofportSigner } from './signer.js';
 /**
- * CDP MPC Wallet adapter implementing ProofportSigner.
- * Uses Coinbase AgentKit's CdpEvmWalletProvider for key management.
- * Private keys never leave Coinbase's TEE.
+ * Adapter interface for CDP wallet-like objects (or any external wallet).
+ *
+ * Pass any object that satisfies these method signatures — CDP MPC wallets,
+ * viem wallets, Privy embedded wallets, etc. — and wrap it with
+ * `CdpWalletSigner` or `fromExternalWallet()` to get a `ProofportSigner`.
+ *
+ * @example
+ * ```typescript
+ * // With @coinbase/cdp-sdk
+ * import { CdpClient } from '@coinbase/cdp-sdk';
+ * import { CdpWalletSigner } from '@zkproofport-ai/sdk';
+ *
+ * const cdp = new CdpClient();
+ * const wallet = await cdp.evm.getOrCreateWallet({ networkId: 'base' });
+ * const account = await wallet.getDefaultAddress();
+ *
+ * const signer = new CdpWalletSigner({
+ *   getAddress: () => account.getId(),
+ *   signMessage: (msg) => account.signPayload({ payload: Buffer.from(msg).toString('hex') }).then(r => r.signature),
+ *   signTypedData: (domain, types, message) => account.signTypedData({ domain, types, message }),
+ *   sendTransaction: async (tx) => {
+ *     const result = await account.sendTransaction(tx);
+ *     return { hash: result.transactionHash, wait: async () => ({ status: 1 }) };
+ *   },
+ * });
+ * ```
+ */
+export interface ExternalWallet {
+    /**
+     * Returns the wallet's Ethereum address.
+     * May be synchronous or asynchronous depending on the provider.
+     */
+    getAddress(): string | Promise<string>;
+    /**
+     * Signs a raw message (personal_sign style).
+     * Accepts either a Uint8Array of raw bytes or a pre-encoded string.
+     */
+    signMessage(message: Uint8Array | string): Promise<string>;
+    /**
+     * Signs EIP-712 typed data.
+     * Compatible with ethers v6 `signTypedData` and viem `signTypedData` call shapes.
+     */
+    signTypedData(domain: Record<string, unknown>, types: Record<string, Array<{
+        name: string;
+        type: string;
+    }>>, message: Record<string, unknown>): Promise<string>;
+    /**
+     * Sends a transaction and returns the hash plus a `wait()` helper.
+     * Optional — omit if the wallet is used only for signing (e.g., attestation signer).
+     * If omitted and `sendTransaction` is called on the signer, an error is thrown at runtime.
+     */
+    sendTransaction?(tx: {
+        to: string;
+        data: string;
+        value?: bigint;
+    }): Promise<{
+        hash: string;
+        wait(): Promise<{
+            status: number | null;
+        }>;
+    }>;
+}
+/**
+ * Adapter that bridges any `ExternalWallet`-compatible object to the
+ * `ProofportSigner` interface. No additional npm dependencies required —
+ * the caller brings their own wallet implementation.
+ *
+ * @example
+ * ```typescript
+ * import { CdpWalletSigner } from '@zkproofport-ai/sdk';
+ *
+ * // Wrap any CDP / external wallet
+ * const signer = new CdpWalletSigner(myExternalWallet);
+ *
+ * // Use as attestation signer
+ * const client = new ProofportClient({ ... }, { attestation: signer });
+ * ```
  */
 export declare class CdpWalletSigner implements ProofportSigner {
-    private provider;
-    private constructor();
+    private readonly wallet;
+    constructor(wallet: ExternalWallet);
+    /** Returns the wallet address, resolving async providers transparently. */
+    getAddress(): string | Promise<string>;
     /**
-     * Create a CdpWalletSigner from environment variables.
-     * Requires: CDP_API_KEY_ID, CDP_API_KEY_SECRET, CDP_WALLET_SECRET
-     * Optional: CDP_WALLET_ADDRESS (to load existing wallet), CDP_NETWORK_ID (default: base-sepolia)
+     * Signs a raw byte message.
+     * Passes the Uint8Array directly to the underlying wallet; the wallet is
+     * responsible for any encoding (e.g., personal_sign prefix).
      */
-    static create(opts?: {
-        apiKeyId?: string;
-        apiKeySecret?: string;
-        walletSecret?: string;
-        networkId?: string;
-        address?: string;
-    }): Promise<CdpWalletSigner>;
-    getAddress(): string;
     signMessage(message: Uint8Array): Promise<string>;
+    /**
+     * Signs EIP-712 typed data.
+     * The strict `ProofportSigner` domain shape is widened to
+     * `Record<string, unknown>` when forwarded so any external wallet
+     * implementation can accept it without type conflicts.
+     */
     signTypedData(domain: {
         name: string;
         version: string;
@@ -30,6 +104,11 @@ export declare class CdpWalletSigner implements ProofportSigner {
         name: string;
         type: string;
     }>>, message: Record<string, unknown>): Promise<string>;
+    /**
+     * Sends a transaction via the underlying wallet.
+     * Throws a descriptive error if the wrapped wallet did not provide
+     * a `sendTransaction` method (e.g., signing-only attestation wallets).
+     */
     sendTransaction(tx: {
         to: string;
         data: string;
@@ -41,4 +120,23 @@ export declare class CdpWalletSigner implements ProofportSigner {
         }>;
     }>;
 }
+/**
+ * Convenience factory — equivalent to `new CdpWalletSigner(wallet)`.
+ *
+ * Useful for returning a `ProofportSigner` without exposing the concrete
+ * `CdpWalletSigner` class to callers.
+ *
+ * @example
+ * ```typescript
+ * import { fromExternalWallet } from '@zkproofport-ai/sdk';
+ *
+ * const signer = fromExternalWallet({
+ *   getAddress: () => '0xYourAddress',
+ *   signMessage: (msg) => myWallet.sign(msg),
+ *   signTypedData: (domain, types, message) =>
+ *     myWallet.signTypedData({ domain, types, message }),
+ * });
+ * ```
+ */
+export declare function fromExternalWallet(wallet: ExternalWallet): ProofportSigner;
 //# sourceMappingURL=cdp.d.ts.map

package/dist/cdp.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cdp.d.ts","sourceRoot":"","sources":["../src/cdp.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD;;;;GAIG;AACH,qBAAa,eAAgB,YAAW,eAAe;IAErD,OAAO,CAAC,QAAQ,CAAM;IAEtB,OAAO;IAIP;;;;OAIG;WACU,MAAM,CAAC,IAAI,CAAC,EAAE;QACzB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,CAAC,EAAE,MAAM,CAAC;KAClB,GAAG,OAAO,CAAC,eAAe,CAAC;IA4B5B,UAAU,IAAI,MAAM;IAId,WAAW,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;IAIjD,aAAa,CACjB,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,iBAAiB,EAAE,MAAM,CAAA;KAAE,EACrF,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC,EAC5D,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,MAAM,CAAC;IAsBZ,eAAe,CAAC,EAAE,EAAE;QACxB,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,IAAI,OAAO,CAAC;YAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC;CAsB1E"}
+{"version":3,"file":"cdp.d.ts","sourceRoot":"","sources":["../src/cdp.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEnD;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,WAAW,cAAc;IAC7B;;;OAGG;IACH,UAAU,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEvC;;;OAGG;IACH,WAAW,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE3D;;;OAGG;IACH,aAAa,CACX,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC/B,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC,EAC5D,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnB;;;;OAIG;IACH,eAAe,CAAC,CAAC,EAAE,EAAE;QACnB,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,IAAI,OAAO,CAAC;YAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC,CAAC;CAC3E;AAED;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,eAAgB,YAAW,eAAe;IACrD,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAiB;gBAE5B,MAAM,EAAE,cAAc;IAIlC,2EAA2E;IAC3E,UAAU,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAItC;;;;OAIG;IACG,WAAW,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,MAAM,CAAC;IAIvD;;;;;OAKG;IACG,aAAa,CACjB,MAAM,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,MAAM,CAAC;QAChB,OAAO,EAAE,MAAM,CAAC;QAChB,iBAAiB,EAAE,MAAM,CAAC;KAC3B,EACD,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC,EAC5D,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,OAAO,CAAC,MAAM,CAAC;IAIlB;;;;OAIG;IACG,eAAe,CAAC,EAAE,EAAE;QACxB,EAAE,EAAE,MAAM,CAAC;QACX,IAAI,EAAE,MAAM,CAAC;QACb,KAAK,CAAC,EAAE,MAAM,CAAC;KAChB,GAAG,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,IAAI,OAAO,CAAC;YAAE,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC;CAU1E;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,cAAc,GAAG,eAAe,CAE1E"}

package/dist/cdp.js

@@ -1,89 +1,78 @@
 /**
- * CDP MPC Wallet adapter implementing ProofportSigner.
- * Uses Coinbase AgentKit's CdpEvmWalletProvider for key management.
- * Private keys never leave Coinbase's TEE.
+ * Adapter that bridges any `ExternalWallet`-compatible object to the
+ * `ProofportSigner` interface. No additional npm dependencies required —
+ * the caller brings their own wallet implementation.
+ *
+ * @example
+ * ```typescript
+ * import { CdpWalletSigner } from '@zkproofport-ai/sdk';
+ *
+ * // Wrap any CDP / external wallet
+ * const signer = new CdpWalletSigner(myExternalWallet);
+ *
+ * // Use as attestation signer
+ * const client = new ProofportClient({ ... }, { attestation: signer });
+ * ```
  */
 export class CdpWalletSigner {
-    // Store the wallet provider as `any` to avoid hard dependency on @coinbase/agentkit types
-    provider;
-    constructor(provider) {
-        this.provider = provider;
-    }
-    /**
-     * Create a CdpWalletSigner from environment variables.
-     * Requires: CDP_API_KEY_ID, CDP_API_KEY_SECRET, CDP_WALLET_SECRET
-     * Optional: CDP_WALLET_ADDRESS (to load existing wallet), CDP_NETWORK_ID (default: base-sepolia)
-     */
-    static async create(opts) {
-        let CdpEvmWalletProvider;
-        try {
-            // @ts-ignore — optional peer dependency, may not be installed
-            const mod = await import('@coinbase/agentkit');
-            CdpEvmWalletProvider = mod.CdpEvmWalletProvider;
-        }
-        catch {
-            throw new Error('CDP wallet requires @coinbase/agentkit. Install it: npm install @coinbase/agentkit @coinbase/cdp-sdk');
-        }
-        const config = {
-            apiKeyId: opts?.apiKeyId || process.env.CDP_API_KEY_ID,
-            apiKeySecret: opts?.apiKeySecret || process.env.CDP_API_KEY_SECRET,
-            walletSecret: opts?.walletSecret || process.env.CDP_WALLET_SECRET,
-            networkId: opts?.networkId || process.env.CDP_NETWORK_ID || 'base-sepolia',
-        };
-        const address = opts?.address || process.env.CDP_WALLET_ADDRESS;
-        if (address) {
-            config.address = address;
-        }
-        const provider = await CdpEvmWalletProvider.configureWithWallet(config);
-        return new CdpWalletSigner(provider);
+    wallet;
+    constructor(wallet) {
+        this.wallet = wallet;
     }
+    /** Returns the wallet address, resolving async providers transparently. */
     getAddress() {
-        return this.provider.getAddress();
+        return this.wallet.getAddress();
     }
+    /**
+     * Signs a raw byte message.
+     * Passes the Uint8Array directly to the underlying wallet; the wallet is
+     * responsible for any encoding (e.g., personal_sign prefix).
+     */
     async signMessage(message) {
-        return this.provider.signMessage(message);
+        return this.wallet.signMessage(message);
     }
+    /**
+     * Signs EIP-712 typed data.
+     * The strict `ProofportSigner` domain shape is widened to
+     * `Record<string, unknown>` when forwarded so any external wallet
+     * implementation can accept it without type conflicts.
+     */
     async signTypedData(domain, types, message) {
-        // Bridge ethers 3-arg style → viem single-object style
-        // AgentKit's signTypedData expects { domain, types, primaryType, message }
-        // Determine primaryType: it's the first key in types that isn't EIP712Domain
-        const primaryType = Object.keys(types).find(k => k !== 'EIP712Domain') || Object.keys(types)[0];
-        return this.provider.signTypedData({
-            domain,
-            types: {
-                ...types,
-                EIP712Domain: [
-                    { name: 'name', type: 'string' },
-                    { name: 'version', type: 'string' },
-                    { name: 'chainId', type: 'uint256' },
-                    { name: 'verifyingContract', type: 'address' },
-                ],
-            },
-            primaryType,
-            message,
-        });
+        return this.wallet.signTypedData(domain, types, message);
     }
+    /**
+     * Sends a transaction via the underlying wallet.
+     * Throws a descriptive error if the wrapped wallet did not provide
+     * a `sendTransaction` method (e.g., signing-only attestation wallets).
+     */
     async sendTransaction(tx) {
-        // AgentKit's sendTransaction returns just the tx hash
-        const hash = await this.provider.sendTransaction({
-            to: tx.to,
-            data: tx.data,
-            value: tx.value ?? 0n,
-        });
-        return {
-            hash,
-            wait: async () => {
-                // Use AgentKit's waitForTransactionReceipt if available
-                try {
-                    const receipt = await this.provider.waitForTransactionReceipt(hash);
-                    return { status: receipt?.status === 'success' ? 1 : 0 };
-                }
-                catch {
-                    // Unknown status if receipt method unavailable
-                    return { status: null };
-                }
-            },
-        };
+        if (typeof this.wallet.sendTransaction !== 'function') {
+            throw new Error('CdpWalletSigner: the wrapped wallet does not implement sendTransaction. ' +
+                'Provide a sendTransaction method on the ExternalWallet object, or use a ' +
+                'different signer for payment transactions.');
+        }
+        return this.wallet.sendTransaction(tx);
     }
 }
+/**
+ * Convenience factory — equivalent to `new CdpWalletSigner(wallet)`.
+ *
+ * Useful for returning a `ProofportSigner` without exposing the concrete
+ * `CdpWalletSigner` class to callers.
+ *
+ * @example
+ * ```typescript
+ * import { fromExternalWallet } from '@zkproofport-ai/sdk';
+ *
+ * const signer = fromExternalWallet({
+ *   getAddress: () => '0xYourAddress',
+ *   signMessage: (msg) => myWallet.sign(msg),
+ *   signTypedData: (domain, types, message) =>
+ *     myWallet.signTypedData({ domain, types, message }),
+ * });
+ * ```
+ */
+export function fromExternalWallet(wallet) {
+    return new CdpWalletSigner(wallet);
+}
 //# sourceMappingURL=cdp.js.map

package/dist/cdp.js.map

@@ -1 +1 @@
-{"version":3,"file":"cdp.js","sourceRoot":"","sources":["../src/cdp.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,MAAM,OAAO,eAAe;IAC1B,0FAA0F;IAClF,QAAQ,CAAM;IAEtB,YAAoB,QAAa;QAC/B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,IAMnB;QACC,IAAI,oBAAyB,CAAC;QAC9B,IAAI,CAAC;YACH,8DAA8D;YAC9D,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;YAC/C,oBAAoB,GAAG,GAAG,CAAC,oBAAoB,CAAC;QAClD,CAAC;QAAC,MAAM,CAAC;YACP,MAAM,IAAI,KAAK,CACb,sGAAsG,CACvG,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAQ;YAClB,QAAQ,EAAE,IAAI,EAAE,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc;YACtD,YAAY,EAAE,IAAI,EAAE,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB;YAClE,YAAY,EAAE,IAAI,EAAE,YAAY,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB;YACjE,SAAS,EAAE,IAAI,EAAE,SAAS,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,cAAc;SAC3E,CAAC;QAEF,MAAM,OAAO,GAAG,IAAI,EAAE,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QAChE,IAAI,OAAO,EAAE,CAAC;YACZ,MAAM,CAAC,OAAO,GAAG,OAAO,CAAC;QAC3B,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAC,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACxE,OAAO,IAAI,eAAe,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAED,UAAU;QACR,OAAO,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,OAAmB;QACnC,OAAO,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,aAAa,CACjB,MAAqF,EACrF,KAA4D,EAC5D,OAAgC;QAEhC,uDAAuD;QACvD,2EAA2E;QAC3E,6EAA6E;QAC7E,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,KAAK,cAAc,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QAEhG,OAAO,IAAI,CAAC,QAAQ,CAAC,aAAa,CAAC;YACjC,MAAM;YACN,KAAK,EAAE;gBACL,GAAG,KAAK;gBACR,YAAY,EAAE;oBACZ,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE;oBAChC,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACnC,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE;oBACpC,EAAE,IAAI,EAAE,mBAAmB,EAAE,IAAI,EAAE,SAAS,EAAE;iBAC/C;aACF;YACD,WAAW;YACX,OAAO;SACR,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,eAAe,CAAC,EAIrB;QACC,sDAAsD;QACtD,MAAM,IAAI,GAAW,MAAM,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC;YACvD,EAAE,EAAE,EAAE,CAAC,EAAmB;YAC1B,IAAI,EAAE,EAAE,CAAC,IAAqB;YAC9B,KAAK,EAAE,EAAE,CAAC,KAAK,IAAI,EAAE;SACtB,CAAC,CAAC;QAEH,OAAO;YACL,IAAI;YACJ,IAAI,EAAE,KAAK,IAAI,EAAE;gBACf,wDAAwD;gBACxD,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC;oBACpE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC3D,CAAC;gBAAC,MAAM,CAAC;oBACP,+CAA+C;oBAC/C,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;gBAC1B,CAAC;YACH,CAAC;SACF,CAAC;IACJ,CAAC;CACF"}
+{"version":3,"file":"cdp.js","sourceRoot":"","sources":["../src/cdp.ts"],"names":[],"mappings":"AAiEA;;;;;;;;;;;;;;;GAeG;AACH,MAAM,OAAO,eAAe;IACT,MAAM,CAAiB;IAExC,YAAY,MAAsB;QAChC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,2EAA2E;IAC3E,UAAU;QACR,OAAO,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;IAClC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CAAC,OAAmB;QACnC,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;IAC1C,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,aAAa,CACjB,MAKC,EACD,KAA4D,EAC5D,OAAgC;QAEhC,OAAO,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,MAAiC,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;IACtF,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe,CAAC,EAIrB;QACC,IAAI,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,KAAK,UAAU,EAAE,CAAC;YACtD,MAAM,IAAI,KAAK,CACb,0EAA0E;gBACxE,0EAA0E;gBAC1E,4CAA4C,CAC/C,CAAC;QACJ,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC;IACzC,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAsB;IACvD,OAAO,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;AACrC,CAAC"}

package/dist/constants.d.ts

@@ -1,8 +1,8 @@
-import type { CircuitId } from './types.js';
-export declare const CIRCUITS: Record<CircuitId, {
+export declare const CIRCUITS: Record<string, {
     displayName: string;
-    easSchemaId: string;
-    functionSelector: string;
+    easSchemaId?: string;
+    functionSelector?: string;
+    inputType?: string;
 }>;
 export declare const COINBASE_ATTESTER_CONTRACT = "0x357458739F90461b99789350868CD7CF330Dd7EE";
 export declare const AUTHORIZED_SIGNERS: string[];

package/dist/constants.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAE5C,eAAO,MAAM,QAAQ,EAAE,MAAM,CAAC,SAAS,EAAE;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,gBAAgB,EAAE,MAAM,CAAC;CAC1B,CAWA,CAAC;AAEF,eAAO,MAAM,0BAA0B,+CAA+C,CAAC;AAEvF,eAAO,MAAM,kBAAkB,UAK9B,CAAC;AAEF,eAAO,MAAM,cAAc;;;CAGjB,CAAC;AAEX,eAAO,MAAM,mBAAmB,qCAAqC,CAAC;AACtE,eAAO,MAAM,eAAe,6BAA6B,CAAC;AAE1D,eAAO,MAAM,oBAAoB,MAAM,CAAC;AACxC,eAAO,MAAM,sBAAsB,IAAI,CAAC;AACxC,eAAO,MAAM,uBAAuB,KAAK,CAAC"}
+{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE;IACpC,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAeA,CAAC;AAEF,eAAO,MAAM,0BAA0B,+CAA+C,CAAC;AAEvF,eAAO,MAAM,kBAAkB,UAK9B,CAAC;AAEF,eAAO,MAAM,cAAc;;;CAGjB,CAAC;AAEX,eAAO,MAAM,mBAAmB,qCAAqC,CAAC;AACtE,eAAO,MAAM,eAAe,6BAA6B,CAAC;AAE1D,eAAO,MAAM,oBAAoB,MAAM,CAAC;AACxC,eAAO,MAAM,sBAAsB,IAAI,CAAC;AACxC,eAAO,MAAM,uBAAuB,KAAK,CAAC"}

package/dist/constants.js

@@ -9,6 +9,10 @@ export const CIRCUITS = {
         easSchemaId: '0x1801901fabd0e6189356b4fb52bb0ab855276d84f7ec140839fbd1f6801ca065',
         functionSelector: '0x0a225248',
     },
+    oidc_domain_attestation: {
+        displayName: 'OIDC Domain',
+        inputType: 'oidc',
+    },
 };
 export const COINBASE_ATTESTER_CONTRACT = '0x357458739F90461b99789350868CD7CF330Dd7EE';
 export const AUTHORIZED_SIGNERS = [

package/dist/constants.js.map

@@ -1 +1 @@
-{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,QAAQ,GAIhB;IACH,oBAAoB,EAAE;QACpB,WAAW,EAAE,cAAc;QAC3B,WAAW,EAAE,oEAAoE;QACjF,gBAAgB,EAAE,YAAY;KAC/B;IACD,4BAA4B,EAAE;QAC5B,WAAW,EAAE,kBAAkB;QAC/B,WAAW,EAAE,oEAAoE;QACjF,gBAAgB,EAAE,YAAY;KAC/B;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,0BAA0B,GAAG,4CAA4C,CAAC;AAEvF,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,4CAA4C;IAC5C,4CAA4C;IAC5C,4CAA4C;IAC5C,4CAA4C;CAC7C,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,cAAc,EAAE,4CAA4C;IAC5D,MAAM,EAAE,4CAA4C;CAC5C,CAAC;AAEX,MAAM,CAAC,MAAM,mBAAmB,GAAG,kCAAkC,CAAC;AACtE,MAAM,CAAC,MAAM,eAAe,GAAG,0BAA0B,CAAC;AAE1D,MAAM,CAAC,MAAM,oBAAoB,GAAG,GAAG,CAAC;AACxC,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC;AACxC,MAAM,CAAC,MAAM,uBAAuB,GAAG,EAAE,CAAC"}
+{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,QAAQ,GAKhB;IACH,oBAAoB,EAAE;QACpB,WAAW,EAAE,cAAc;QAC3B,WAAW,EAAE,oEAAoE;QACjF,gBAAgB,EAAE,YAAY;KAC/B;IACD,4BAA4B,EAAE;QAC5B,WAAW,EAAE,kBAAkB;QAC/B,WAAW,EAAE,oEAAoE;QACjF,gBAAgB,EAAE,YAAY;KAC/B;IACD,uBAAuB,EAAE;QACvB,WAAW,EAAE,aAAa;QAC1B,SAAS,EAAE,MAAM;KAClB;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,0BAA0B,GAAG,4CAA4C,CAAC;AAEvF,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,4CAA4C;IAC5C,4CAA4C;IAC5C,4CAA4C;IAC5C,4CAA4C;CAC7C,CAAC;AAEF,MAAM,CAAC,MAAM,cAAc,GAAG;IAC5B,cAAc,EAAE,4CAA4C;IAC5D,MAAM,EAAE,4CAA4C;CAC5C,CAAC;AAEX,MAAM,CAAC,MAAM,mBAAmB,GAAG,kCAAkC,CAAC;AACtE,MAAM,CAAC,MAAM,eAAe,GAAG,0BAA0B,CAAC;AAE1D,MAAM,CAAC,MAAM,oBAAoB,GAAG,GAAG,CAAC;AACxC,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC;AACxC,MAAM,CAAC,MAAM,uBAAuB,GAAG,EAAE,CAAC"}

package/dist/flow.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../src/flow.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,YAAY,EAEZ,WAAW,EACX,WAAW,EACX,UAAU,EAEX,MAAM,YAAY,CAAC;AAMpB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAKnD,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,IAAI,CAAC;CACrC;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,YAAY,EACpB,OAAO,EAAE;IAAE,WAAW,EAAE,eAAe,CAAC;IAAC,OAAO,CAAC,EAAE,eAAe,CAAA;CAAE,EACpE,MAAM,EAAE,WAAW,EACnB,SAAS,CAAC,EAAE,aAAa,GACxB,OAAO,CAAC,WAAW,CAAC,CA2FtB"}
+{"version":3,"file":"flow.d.ts","sourceRoot":"","sources":["../src/flow.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,YAAY,EAGZ,WAAW,EACX,WAAW,EACX,UAAU,EAEX,MAAM,YAAY,CAAC;AAMpB,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAKnD,MAAM,WAAW,aAAa;IAC5B,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,IAAI,CAAC;CACrC;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAsB,aAAa,CACjC,MAAM,EAAE,YAAY,EACpB,OAAO,EAAE;IAAE,WAAW,EAAE,eAAe,CAAC;IAAC,OAAO,CAAC,EAAE,eAAe,CAAA;CAAE,EACpE,MAAM,EAAE,WAAW,EACnB,SAAS,CAAC,EAAE,aAAa,GACxB,OAAO,CAAC,WAAW,CAAC,CAqHtB"}