@zkproofport-app/sdk 0.2.1 → 0.2.3

package/README.md

@@ -122,7 +122,23 @@ const relay = await sdk.createRelayRequest('coinbase_country_attestation', {
 });
 ```
 
-> The ZKProofport mobile app handles wallet connection and attestation data retrieval automatically. You only provide the inputs above.
+### `oidc_domain_attestation`
+
+Prove email domain affiliation via Google Sign-In. The mobile app handles authentication and proof generation entirely on-device — the user's email is never revealed.
+
+| Field | Type | Required | Description |
+|-------|------|----------|-------------|
+| `domain` | `string` | Yes | Target email domain to prove (e.g., `'google.com'`, `'company.com'`) |
+| `scope` | `string` | Yes | dApp scope identifier for proof uniqueness |
+
+```typescript
+const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
+  domain: 'company.com',
+  scope: 'myapp.com',
+});
+```
+
+> The mobile app prompts Google Sign-In, generates the ZK proof locally, and returns the result via relay. The `domain` is a public input — verifiers can confirm which domain was proven.
 
 ## Integration Guide
 
@@ -159,6 +175,8 @@ interface WalletSigner {
 
 Any ethers v5/v6 `Signer` is compatible.
 
+> **OIDC Domain note:** Wallet signer is not required for OIDC Domain proofs. See Step 3 for OIDC-specific usage.
+
 #### About challenge-signature
 
 The challenge-signature mechanism was developed **for relay nonce replay prevention**. Each challenge is one-time use and consumed immediately. The signer's recovered address is recorded as `clientId` in relay server logs, which helps the relay operator track requests.
@@ -192,6 +210,21 @@ const relay = await sdk.createRelayRequest('coinbase_attestation', {
 // relay.pollUrl    — Relative URL for HTTP polling
 ```
 
+**OIDC Domain Attestation:**
+
+```typescript
+const relay = await sdk.createRelayRequest('oidc_domain_attestation', {
+  domain: 'company.com',
+  scope: 'myapp.com',
+}, {
+  dappName: 'My DApp',
+  dappIcon: 'https://myapp.com/icon.png',
+  message: 'Verify your email domain',
+});
+```
+
+The mobile app will prompt the user to sign in with Google. The circuit proves the user's email ends with `@company.com` without revealing the full email address. The `domain` field is a **public input** — verifiers can confirm which domain was proven.
+
 ### Step 4: Display QR Code
 
 Generate a QR code from the relay deep link for the user to scan with the ZKProofport mobile app:
@@ -294,6 +327,43 @@ if (result.status === 'completed') {
 const verification = await sdk.verifyResponseOnChain(response);
 ```
 
+### Step 7: Extract Scope and Nullifier
+
+After verification, extract the scope and nullifier from the public inputs:
+
+```typescript
+if (result.status === 'completed') {
+  // Extract scope — the keccak256 hash of the scope string you provided
+  const scope = sdk.extractScope(result.publicInputs, result.circuit);
+
+  // Extract nullifier — a unique, deterministic hash per user + scope
+  // Same user with the same scope always produces the same nullifier
+  const nullifier = sdk.extractNullifier(result.publicInputs, result.circuit);
+
+  console.log('Scope:', scope);       // '0x7a6b70726f...'
+  console.log('Nullifier:', nullifier); // '0xabc123...'
+}
+```
+
+The **nullifier** serves as a privacy-preserving user identifier:
+- Deterministic: same user + same scope = same nullifier (enables duplicate detection)
+- Privacy-preserving: the wallet address (Coinbase) or email (OIDC) is never revealed
+- Scope-bound: different scopes produce different nullifiers for the same user
+
+> **OIDC Domain:** The nullifier is a hash of the user's email and scope. The same email + scope always produces the same nullifier, enabling Sybil resistance without revealing the email address.
+
+**Standalone utility functions** are also available for use outside the SDK class:
+
+```typescript
+import {
+  extractScopeFromPublicInputs,
+  extractNullifierFromPublicInputs,
+} from '@zkproofport-app/sdk';
+
+const scope = extractScopeFromPublicInputs(publicInputs, 'coinbase_attestation');
+const nullifier = extractNullifierFromPublicInputs(publicInputs, 'coinbase_attestation');
+```
+
 ## Complete Example
 
 End-to-end integration using the relay flow:
@@ -354,21 +424,7 @@ async function verifyUser() {
 
 ## Configuration
 
-`ProofportSDK.create()` returns a fully configured SDK instance. No manual configuration is needed for standard usage.
-
-For advanced scenarios (e.g., custom verifier deployments), pass a `ProofportConfig`:
-
-```typescript
-const sdk = new ProofportSDK({
-  relayUrl: 'https://relay.zkproofport.app',
-  verifiers: {
-    coinbase_attestation: {
-      verifierAddress: '0x...',
-      chainId: 8453,
-    },
-  },
-});
-```
+`ProofportSDK.create()` returns a fully configured SDK instance. No manual configuration is needed — relay URLs, verifier contracts, and chain settings are all built-in.
 
 ## Types Reference
 
@@ -380,6 +436,7 @@ import type {
   ProofRequestStatus,
   CoinbaseKycInputs,
   CoinbaseCountryInputs,
+  OidcDomainInputs,
   CircuitInputs,
   ProofRequest,
   ProofResponse,
@@ -390,27 +447,35 @@ import type {
   WalletSigner,
   RelayProofRequest,
   RelayProofResult,
-  SDKEnvironment,
 } from '@zkproofport-app/sdk';
 ```
 
 | Type | Description |
 |------|-------------|
-| `CircuitType` | `'coinbase_attestation' \| 'coinbase_country_attestation'` |
+| `CircuitType` | `'coinbase_attestation' \| 'coinbase_country_attestation' \| 'oidc_domain_attestation'` |
 | `ProofRequestStatus` | `'pending' \| 'completed' \| 'error' \| 'cancelled'` |
 | `CoinbaseKycInputs` | Inputs for `coinbase_attestation` (`{ scope, userAddress?, rawTransaction? }`) |
 | `CoinbaseCountryInputs` | Inputs for `coinbase_country_attestation` (`{ scope, countryList, isIncluded, ... }`) |
-| `CircuitInputs` | Union: `CoinbaseKycInputs \| CoinbaseCountryInputs` |
+| `OidcDomainInputs` | Inputs for `oidc_domain_attestation` (`{ domain, scope }`) |
+| `CircuitInputs` | Union: `CoinbaseKycInputs \| CoinbaseCountryInputs \| OidcDomainInputs` |
 | `ProofRequest` | Proof request object with `requestId`, `circuit`, `inputs`, metadata, and expiry |
 | `ProofResponse` | Proof response with `status`, `proof`, `publicInputs`, `verifierAddress`, `chainId` |
 | `QRCodeOptions` | QR customization: `width`, `margin`, `darkColor`, `lightColor`, `errorCorrectionLevel` |
 | `VerifierContract` | Verifier contract info: `{ address, chainId, abi }` |
-| `ProofportConfig` | SDK configuration: `{ scheme?, relayUrl?, verifiers? }` |
+| `ProofportConfig` | SDK configuration (internal use — `ProofportSDK.create()` handles defaults) |
 | `ChallengeResponse` | Challenge from relay: `{ challenge, expiresAt }` |
 | `WalletSigner` | Signer interface: `{ signMessage(msg), getAddress() }` |
 | `RelayProofRequest` | Relay response: `{ requestId, deepLink, status, pollUrl }` |
 | `RelayProofResult` | Relay result: `{ requestId, status, proof?, publicInputs?, circuit?, error? }` |
-| `SDKEnvironment` | Environment preset (not needed for normal usage) |
+
+The `OidcDomainInputs` interface:
+
+```typescript
+interface OidcDomainInputs {
+  domain: string;    // Target email domain (e.g., 'google.com')
+  scope: string;     // dApp scope identifier
+}
+```
 
 ## Error Handling
 
@@ -432,10 +497,7 @@ try {
 
 ## Networks
 
-| Network | Chain ID | Status |
-|---------|----------|--------|
-| Base Mainnet | 8453 | Production |
-| Base Sepolia | 84532 | Testnet |
+Proofs are verified on **Base** (Ethereum L2). The SDK handles network configuration automatically — no manual setup required.
 
 ## Development
 

package/dist/ProofportSDK.d.ts

@@ -763,6 +763,7 @@ export declare class ProofportSDK {
      * const result = await sdk.waitForProof(relay.requestId);
      * ```
      */
+    private static readonly WALLET_SIGNATURE_CIRCUITS;
     createRelayRequest(circuit: CircuitType, inputs: CircuitInputs, options?: {
         message?: string;
         dappName?: string;
@@ -893,5 +894,27 @@ export declare class ProofportSDK {
      * ```
      */
     extractScope(publicInputs: string[], circuit: CircuitType): string | null;
+    /**
+     * Extracts the nullifier (bytes32) from proof public inputs.
+     *
+     * The nullifier is a unique, deterministic hash derived from the user's attestation
+     * and scope. It serves as a privacy-preserving user identifier — the same user
+     * with the same scope always produces the same nullifier, enabling duplicate
+     * detection without revealing the wallet address.
+     *
+     * @param publicInputs - Array of hex-encoded field elements from proof result
+     * @param circuit - Circuit type that produced the public inputs
+     * @returns Nullifier as hex string (bytes32), or null if publicInputs too short
+     *
+     * @example
+     * ```typescript
+     * const result = await sdk.waitForProof(relay.requestId);
+     * if (result.status === 'completed') {
+     *   const nullifier = sdk.extractNullifier(result.publicInputs, result.circuit);
+     *   console.log('Nullifier:', nullifier); // '0xabc123...'
+     * }
+     * ```
+     */
+    extractNullifier(publicInputs: string[], circuit: CircuitType): string | null;
 }
 export default ProofportSDK;

package/dist/constants.d.ts

@@ -145,6 +145,8 @@ export declare const COINBASE_ATTESTATION_PUBLIC_INPUT_LAYOUT: {
     readonly MERKLE_ROOT_END: 63;
     readonly SCOPE_START: 64;
     readonly SCOPE_END: 95;
+    readonly NULLIFIER_START: 96;
+    readonly NULLIFIER_END: 127;
 };
 /**
  * Coinbase Country Attestation circuit public input layout (byte offsets).
@@ -178,4 +180,34 @@ export declare const COINBASE_COUNTRY_PUBLIC_INPUT_LAYOUT: {
     readonly IS_INCLUDED: 85;
     readonly SCOPE_START: 86;
     readonly SCOPE_END: 117;
+    readonly NULLIFIER_START: 118;
+    readonly NULLIFIER_END: 149;
+};
+/**
+ * OIDC Domain Attestation circuit public input layout (byte offsets).
+ * Defines the byte positions of each field in the flattened public inputs array.
+ *
+ * Public inputs are packed as individual field elements (one byte per element):
+ * - pubkey_modulus_limbs: 18 x u128 = 18 x 16 bytes = 288 bytes → fields 0–287
+ * - domain (BoundedVec<u8, 64>): 4-byte length (u32) + 64-byte storage = 68 fields → fields 288–355
+ * - scope: 32 bytes → fields 356–387
+ * - nullifier: 32 bytes → fields 388–419
+ *
+ * @example
+ * ```typescript
+ * const scope = publicInputs.slice(
+ *   OIDC_DOMAIN_ATTESTATION_PUBLIC_INPUT_LAYOUT.SCOPE_START,
+ *   OIDC_DOMAIN_ATTESTATION_PUBLIC_INPUT_LAYOUT.SCOPE_END + 1
+ * );
+ * ```
+ */
+export declare const OIDC_DOMAIN_ATTESTATION_PUBLIC_INPUT_LAYOUT: {
+    readonly PUBKEY_MODULUS_START: 0;
+    readonly PUBKEY_MODULUS_END: 287;
+    readonly DOMAIN_START: 288;
+    readonly DOMAIN_END: 355;
+    readonly SCOPE_START: 356;
+    readonly SCOPE_END: 387;
+    readonly NULLIFIER_START: 388;
+    readonly NULLIFIER_END: 419;
 };

package/dist/index.d.ts

@@ -7,8 +7,8 @@
  * ```typescript
  * import { ProofportSDK } from '@zkproofport-app/sdk';
  *
- * // Initialize with environment preset
- * const sdk = ProofportSDK.create('production');
+ * // Initialize SDK
+ * const sdk = ProofportSDK.create();
  *
  * // Set wallet signer
  * sdk.setSigner(signer);
@@ -26,4 +26,6 @@
  * ```
  */
 export { ProofportSDK, default } from './ProofportSDK';
-export type { CircuitType, ProofRequestStatus, CoinbaseKycInputs, CoinbaseCountryInputs, CircuitInputs, ProofRequest, ProofResponse, QRCodeOptions, VerifierContract, ProofportConfig, ChallengeResponse, WalletSigner, RelayProofRequest, RelayProofResult, SDKEnvironment, } from './types';
+export { extractScopeFromPublicInputs, extractNullifierFromPublicInputs, } from './verifier';
+export { COINBASE_ATTESTATION_PUBLIC_INPUT_LAYOUT, COINBASE_COUNTRY_PUBLIC_INPUT_LAYOUT, OIDC_DOMAIN_ATTESTATION_PUBLIC_INPUT_LAYOUT, } from './constants';
+export type { CircuitType, ProofRequestStatus, CoinbaseKycInputs, CoinbaseCountryInputs, OidcDomainInputs, CircuitInputs, ProofRequest, ProofResponse, QRCodeOptions, VerifierContract, ProofportConfig, ChallengeResponse, WalletSigner, RelayProofRequest, RelayProofResult, SDKEnvironment, } from './types';

package/dist/index.esm.js

@@ -67,6 +67,12 @@ const CIRCUIT_METADATA = {
         publicInputsCount: 14,
         publicInputNames: ['signal_hash', 'signer_list_merkle_root', 'country_list', 'country_list_length', 'is_included'],
     },
+    oidc_domain_attestation: {
+        name: 'OIDC Domain',
+        description: 'Prove email domain affiliation via OIDC JWT',
+        publicInputsCount: 420,
+        publicInputNames: ['pubkey_modulus_limbs', 'domain', 'scope', 'nullifier'],
+    },
 };
 /**
  * Standard verifier contract ABI shared across all Barretenberg-generated verifiers.
@@ -135,6 +141,97 @@ const DEFAULT_REQUEST_EXPIRY_MS = 10 * 60 * 1000;
  * ```
  */
 const MAX_QR_DATA_SIZE = 2953; // Version 40 with L error correction
+/**
+ * Coinbase Attestation circuit public input layout (byte offsets).
+ * Defines the byte positions of each field in the flattened public inputs array.
+ *
+ * Public inputs are packed as bytes32 values:
+ * - signal_hash: bytes 0-31
+ * - merkle_root: bytes 32-63
+ * - scope: bytes 64-95
+ *
+ * @example
+ * ```typescript
+ * const publicInputs = response.publicInputs;
+ * const signalHash = publicInputs.slice(
+ *   COINBASE_ATTESTATION_PUBLIC_INPUT_LAYOUT.SIGNAL_HASH_START,
+ *   COINBASE_ATTESTATION_PUBLIC_INPUT_LAYOUT.SIGNAL_HASH_END + 1
+ * );
+ * ```
+ */
+const COINBASE_ATTESTATION_PUBLIC_INPUT_LAYOUT = {
+    SIGNAL_HASH_START: 0,
+    SIGNAL_HASH_END: 31,
+    MERKLE_ROOT_START: 32,
+    MERKLE_ROOT_END: 63,
+    SCOPE_START: 64,
+    SCOPE_END: 95,
+    NULLIFIER_START: 96,
+    NULLIFIER_END: 127,
+};
+/**
+ * Coinbase Country Attestation circuit public input layout (byte offsets).
+ * Defines the byte positions of each field in the flattened public inputs array.
+ *
+ * Public inputs are packed as bytes32 values:
+ * - signal_hash: bytes 0-31
+ * - merkle_root: bytes 32-63
+ * - country_list: bytes 64-83 (20 bytes for 10 countries)
+ * - country_list_length: byte 84
+ * - is_included: byte 85
+ * - scope: bytes 86-117
+ *
+ * @example
+ * ```typescript
+ * const publicInputs = response.publicInputs;
+ * const countryList = publicInputs.slice(
+ *   COINBASE_COUNTRY_PUBLIC_INPUT_LAYOUT.COUNTRY_LIST_START,
+ *   COINBASE_COUNTRY_PUBLIC_INPUT_LAYOUT.COUNTRY_LIST_END + 1
+ * );
+ * ```
+ */
+const COINBASE_COUNTRY_PUBLIC_INPUT_LAYOUT = {
+    SIGNAL_HASH_START: 0,
+    SIGNAL_HASH_END: 31,
+    MERKLE_ROOT_START: 32,
+    MERKLE_ROOT_END: 63,
+    COUNTRY_LIST_START: 64,
+    COUNTRY_LIST_END: 83,
+    COUNTRY_LIST_LENGTH: 84,
+    IS_INCLUDED: 85,
+    SCOPE_START: 86,
+    SCOPE_END: 117,
+    NULLIFIER_START: 118,
+    NULLIFIER_END: 149,
+};
+/**
+ * OIDC Domain Attestation circuit public input layout (byte offsets).
+ * Defines the byte positions of each field in the flattened public inputs array.
+ *
+ * Public inputs are packed as individual field elements (one byte per element):
+ * - pubkey_modulus_limbs: 18 x u128 = 18 x 16 bytes = 288 bytes → fields 0–287
+ * - domain (BoundedVec<u8, 64>): 4-byte length (u32) + 64-byte storage = 68 fields → fields 288–355
+ * - scope: 32 bytes → fields 356–387
+ * - nullifier: 32 bytes → fields 388–419
+ *
+ * @example
+ * ```typescript
+ * const scope = publicInputs.slice(
+ *   OIDC_DOMAIN_ATTESTATION_PUBLIC_INPUT_LAYOUT.SCOPE_START,
+ *   OIDC_DOMAIN_ATTESTATION_PUBLIC_INPUT_LAYOUT.SCOPE_END + 1
+ * );
+ * ```
+ */
+const OIDC_DOMAIN_ATTESTATION_PUBLIC_INPUT_LAYOUT = {
+    PUBKEY_MODULUS_START: 0,
+    PUBKEY_MODULUS_END: 287,
+    DOMAIN_START: 288,
+    DOMAIN_END: 355,
+    SCOPE_START: 356,
+    SCOPE_END: 387,
+    NULLIFIER_START: 388,
+    NULLIFIER_END: 419,
+};
 
 /**
  * Deep Link utilities for ZKProofport SDK
@@ -387,7 +484,7 @@ function validateProofRequest(request) {
     if (!request.circuit) {
         return { valid: false, error: 'Missing circuit type' };
     }
-    if (!['coinbase_attestation', 'coinbase_country_attestation'].includes(request.circuit)) {
+    if (!['coinbase_attestation', 'coinbase_country_attestation', 'oidc_domain_attestation'].includes(request.circuit)) {
         return { valid: false, error: `Invalid circuit type: ${request.circuit}` };
     }
     if (!request.callbackUrl) {
@@ -417,6 +514,15 @@ function validateProofRequest(request) {
             return { valid: false, error: 'isIncluded is required and must be a boolean' };
         }
     }
+    else if (request.circuit === 'oidc_domain_attestation') {
+        const inputs = request.inputs;
+        if (!inputs.domain || typeof inputs.domain !== 'string' || inputs.domain.trim() === '') {
+            return { valid: false, error: 'domain is required and must be a non-empty string' };
+        }
+        if (!inputs.scope || typeof inputs.scope !== 'string' || inputs.scope.trim() === '') {
+            return { valid: false, error: 'scope is required and must be a non-empty string' };
+        }
+    }
     // Check expiry
     if (request.expiresAt && Date.now() > request.expiresAt) {
         return { valid: false, error: 'Request has expired' };
@@ -3718,6 +3824,10 @@ function extractScopeFromPublicInputs(publicInputsHex, circuit) {
         start = 86;
         end = 117;
     }
+    else if (circuit === 'oidc_domain_attestation') {
+        start = 356;
+        end = 387;
+    }
     else {
         start = 64;
         end = 95;
@@ -3727,6 +3837,43 @@ function extractScopeFromPublicInputs(publicInputsHex, circuit) {
     const scopeFields = publicInputsHex.slice(start, end + 1);
     return reconstructBytes32FromFields(scopeFields);
 }
+/**
+ * Extracts the nullifier (bytes32) from public inputs based on circuit type.
+ *
+ * The nullifier is a unique, deterministic hash derived from the user's attestation
+ * and scope. It serves as a privacy-preserving user identifier — the same user
+ * with the same scope always produces the same nullifier, enabling duplicate
+ * detection without revealing the wallet address.
+ *
+ * @param publicInputsHex - Array of hex-encoded field elements
+ * @param circuit - Circuit type (defaults to coinbase_attestation)
+ * @returns Nullifier as hex string (bytes32), or null if publicInputs too short
+ *
+ * @example
+ * ```typescript
+ * const nullifier = extractNullifierFromPublicInputs(publicInputs, 'coinbase_attestation');
+ * console.log(nullifier); // '0xabc123...'
+ * ```
+ */
+function extractNullifierFromPublicInputs(publicInputsHex, circuit) {
+    let start, end;
+    if (circuit === 'coinbase_country_attestation') {
+        start = 118;
+        end = 149;
+    }
+    else if (circuit === 'oidc_domain_attestation') {
+        start = 388;
+        end = 419;
+    }
+    else {
+        start = 96;
+        end = 127;
+    }
+    if (publicInputsHex.length <= end)
+        return null;
+    const nullifierFields = publicInputsHex.slice(start, end + 1);
+    return reconstructBytes32FromFields(nullifierFields);
+}
 /** @internal Reconstruct a bytes32 value from 32 individual field elements */
 function reconstructBytes32FromFields(fields) {
     if (fields.length !== 32) {
@@ -4609,53 +4756,26 @@ class ProofportSDK {
         }
         return await response.json();
     }
-    /**
-     * Creates a proof request through the relay server.
-     *
-     * This is the recommended way to create proof requests. The relay server:
-     * - Issues a server-side requestId (validated by the mobile app)
-     * - Tracks request status in Redis
-     * - Builds the deep link with relay callback URL
-     * - Stores inputs hash for deep link integrity verification
-     *
-     * @param circuit - Circuit type identifier
-     * @param inputs - Circuit-specific inputs
-     * @param options - Request options (message, dappName, dappIcon, nonce)
-     * @returns Promise resolving to RelayProofRequest with requestId, deepLink, pollUrl
-     * @throws Error if signer not set or relay request fails
-     *
-     * @example
-     * ```typescript
-     * const sdk = ProofportSDK.create();
-     * sdk.setSigner(signer);
-     *
-     * const relay = await sdk.createRelayRequest('coinbase_attestation', {
-     *   scope: 'myapp.com'
-     * }, { dappName: 'My DApp' });
-     *
-     * // Generate QR code from relay deep link
-     * const qr = await sdk.generateQRCode(relay.deepLink);
-     *
-     * // Wait for proof (WebSocket primary, polling fallback)
-     * const result = await sdk.waitForProof(relay.requestId);
-     * ```
-     */
     async createRelayRequest(circuit, inputs, options = {}) {
-        if (!this.signer) {
-            throw new Error('Signer not set. Call setSigner() first.');
-        }
         if (!this.relayUrl) {
             throw new Error('relayUrl is required. Set it in ProofportSDK config.');
         }
-        // Get challenge from relay and sign it
-        const { challenge } = await this.getChallenge();
-        const signature = await this.signer.signMessage(challenge);
+        const needsSignature = ProofportSDK.WALLET_SIGNATURE_CIRCUITS.includes(circuit);
+        if (needsSignature && !this.signer) {
+            throw new Error('Signer not set. Call setSigner() first. Wallet signature is required for this circuit.');
+        }
+        // Get challenge + requestId from relay
+        const { requestId, challenge } = await this.getChallenge();
         const body = {
+            requestId,
             circuitId: circuit,
             inputs,
             challenge,
-            signature,
         };
+        // Sign challenge for circuits that require wallet signature
+        if (needsSignature && this.signer) {
+            body.signature = await this.signer.signMessage(challenge);
+        }
         if (options.message)
             body.message = options.message;
         if (options.dappName)
@@ -4907,7 +5027,67 @@ class ProofportSDK {
     extractScope(publicInputs, circuit) {
         return extractScopeFromPublicInputs(publicInputs, circuit);
     }
+    /**
+     * Extracts the nullifier (bytes32) from proof public inputs.
+     *
+     * The nullifier is a unique, deterministic hash derived from the user's attestation
+     * and scope. It serves as a privacy-preserving user identifier — the same user
+     * with the same scope always produces the same nullifier, enabling duplicate
+     * detection without revealing the wallet address.
+     *
+     * @param publicInputs - Array of hex-encoded field elements from proof result
+     * @param circuit - Circuit type that produced the public inputs
+     * @returns Nullifier as hex string (bytes32), or null if publicInputs too short
+     *
+     * @example
+     * ```typescript
+     * const result = await sdk.waitForProof(relay.requestId);
+     * if (result.status === 'completed') {
+     *   const nullifier = sdk.extractNullifier(result.publicInputs, result.circuit);
+     *   console.log('Nullifier:', nullifier); // '0xabc123...'
+     * }
+     * ```
+     */
+    extractNullifier(publicInputs, circuit) {
+        return extractNullifierFromPublicInputs(publicInputs, circuit);
+    }
 }
+/**
+ * Creates a proof request through the relay server.
+ *
+ * This is the recommended way to create proof requests. The relay server:
+ * - Issues a server-side requestId (validated by the mobile app)
+ * - Tracks request status in Redis
+ * - Builds the deep link with relay callback URL
+ * - Stores inputs hash for deep link integrity verification
+ *
+ * @param circuit - Circuit type identifier
+ * @param inputs - Circuit-specific inputs
+ * @param options - Request options (message, dappName, dappIcon, nonce)
+ * @returns Promise resolving to RelayProofRequest with requestId, deepLink, pollUrl
+ * @throws Error if signer not set or relay request fails
+ *
+ * @example
+ * ```typescript
+ * const sdk = ProofportSDK.create();
+ * sdk.setSigner(signer);
+ *
+ * const relay = await sdk.createRelayRequest('coinbase_attestation', {
+ *   scope: 'myapp.com'
+ * }, { dappName: 'My DApp' });
+ *
+ * // Generate QR code from relay deep link
+ * const qr = await sdk.generateQRCode(relay.deepLink);
+ *
+ * // Wait for proof (WebSocket primary, polling fallback)
+ * const result = await sdk.waitForProof(relay.requestId);
+ * ```
+ */
+// Circuits that require wallet signature (used as circuit input)
+ProofportSDK.WALLET_SIGNATURE_CIRCUITS = [
+    'coinbase_attestation',
+    'coinbase_country_attestation',
+];
 
-export { ProofportSDK, ProofportSDK as default };
+export { COINBASE_ATTESTATION_PUBLIC_INPUT_LAYOUT, COINBASE_COUNTRY_PUBLIC_INPUT_LAYOUT, OIDC_DOMAIN_ATTESTATION_PUBLIC_INPUT_LAYOUT, ProofportSDK, ProofportSDK as default, extractNullifierFromPublicInputs, extractScopeFromPublicInputs };
 //# sourceMappingURL=index.esm.js.map