npm - @zkproofport-app/sdk - Versions diffs - 0.2.1 → 0.2.3 - Mend

@zkproofport-app/sdk 0.2.1 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/dist/index.js CHANGED Viewed

@@ -72,6 +72,12 @@ const CIRCUIT_METADATA = {
         publicInputsCount: 14,
         publicInputNames: ['signal_hash', 'signer_list_merkle_root', 'country_list', 'country_list_length', 'is_included'],
     },
+    oidc_domain_attestation: {
+        name: 'OIDC Domain',
+        description: 'Prove email domain affiliation via OIDC JWT',
+        publicInputsCount: 420,
+        publicInputNames: ['pubkey_modulus_limbs', 'domain', 'scope', 'nullifier'],
+    },
 };
 /**
  * Standard verifier contract ABI shared across all Barretenberg-generated verifiers.
@@ -140,6 +146,97 @@ const DEFAULT_REQUEST_EXPIRY_MS = 10 * 60 * 1000;
  * ```
  */
 const MAX_QR_DATA_SIZE = 2953; // Version 40 with L error correction
+/**
+ * Coinbase Attestation circuit public input layout (byte offsets).
+ * Defines the byte positions of each field in the flattened public inputs array.
+ *
+ * Public inputs are packed as bytes32 values:
+ * - signal_hash: bytes 0-31
+ * - merkle_root: bytes 32-63
+ * - scope: bytes 64-95
+ *
+ * @example
+ * ```typescript
+ * const publicInputs = response.publicInputs;
+ * const signalHash = publicInputs.slice(
+ *   COINBASE_ATTESTATION_PUBLIC_INPUT_LAYOUT.SIGNAL_HASH_START,
+ *   COINBASE_ATTESTATION_PUBLIC_INPUT_LAYOUT.SIGNAL_HASH_END + 1
+ * );
+ * ```
+ */
+const COINBASE_ATTESTATION_PUBLIC_INPUT_LAYOUT = {
+    SIGNAL_HASH_START: 0,
+    SIGNAL_HASH_END: 31,
+    MERKLE_ROOT_START: 32,
+    MERKLE_ROOT_END: 63,
+    SCOPE_START: 64,
+    SCOPE_END: 95,
+    NULLIFIER_START: 96,
+    NULLIFIER_END: 127,
+};
+/**
+ * Coinbase Country Attestation circuit public input layout (byte offsets).
+ * Defines the byte positions of each field in the flattened public inputs array.
+ *
+ * Public inputs are packed as bytes32 values:
+ * - signal_hash: bytes 0-31
+ * - merkle_root: bytes 32-63
+ * - country_list: bytes 64-83 (20 bytes for 10 countries)
+ * - country_list_length: byte 84
+ * - is_included: byte 85
+ * - scope: bytes 86-117
+ *
+ * @example
+ * ```typescript
+ * const publicInputs = response.publicInputs;
+ * const countryList = publicInputs.slice(
+ *   COINBASE_COUNTRY_PUBLIC_INPUT_LAYOUT.COUNTRY_LIST_START,
+ *   COINBASE_COUNTRY_PUBLIC_INPUT_LAYOUT.COUNTRY_LIST_END + 1
+ * );
+ * ```
+ */
+const COINBASE_COUNTRY_PUBLIC_INPUT_LAYOUT = {
+    SIGNAL_HASH_START: 0,
+    SIGNAL_HASH_END: 31,
+    MERKLE_ROOT_START: 32,
+    MERKLE_ROOT_END: 63,
+    COUNTRY_LIST_START: 64,
+    COUNTRY_LIST_END: 83,
+    COUNTRY_LIST_LENGTH: 84,
+    IS_INCLUDED: 85,
+    SCOPE_START: 86,
+    SCOPE_END: 117,
+    NULLIFIER_START: 118,
+    NULLIFIER_END: 149,
+};
+/**
+ * OIDC Domain Attestation circuit public input layout (byte offsets).
+ * Defines the byte positions of each field in the flattened public inputs array.
+ *
+ * Public inputs are packed as individual field elements (one byte per element):
+ * - pubkey_modulus_limbs: 18 x u128 = 18 x 16 bytes = 288 bytes → fields 0–287
+ * - domain (BoundedVec<u8, 64>): 4-byte length (u32) + 64-byte storage = 68 fields → fields 288–355
+ * - scope: 32 bytes → fields 356–387
+ * - nullifier: 32 bytes → fields 388–419
+ *
+ * @example
+ * ```typescript
+ * const scope = publicInputs.slice(
+ *   OIDC_DOMAIN_ATTESTATION_PUBLIC_INPUT_LAYOUT.SCOPE_START,
+ *   OIDC_DOMAIN_ATTESTATION_PUBLIC_INPUT_LAYOUT.SCOPE_END + 1
+ * );
+ * ```
+ */
+const OIDC_DOMAIN_ATTESTATION_PUBLIC_INPUT_LAYOUT = {
+    PUBKEY_MODULUS_START: 0,
+    PUBKEY_MODULUS_END: 287,
+    DOMAIN_START: 288,
+    DOMAIN_END: 355,
+    SCOPE_START: 356,
+    SCOPE_END: 387,
+    NULLIFIER_START: 388,
+    NULLIFIER_END: 419,
+};
 /**
  * Deep Link utilities for ZKProofport SDK
@@ -392,7 +489,7 @@ function validateProofRequest(request) {
     if (!request.circuit) {
         return { valid: false, error: 'Missing circuit type' };
     }
-    if (!['coinbase_attestation', 'coinbase_country_attestation'].includes(request.circuit)) {
+    if (!['coinbase_attestation', 'coinbase_country_attestation', 'oidc_domain_attestation'].includes(request.circuit)) {
         return { valid: false, error: `Invalid circuit type: ${request.circuit}` };
     }
     if (!request.callbackUrl) {
@@ -422,6 +519,15 @@ function validateProofRequest(request) {
             return { valid: false, error: 'isIncluded is required and must be a boolean' };
         }
     }
+    else if (request.circuit === 'oidc_domain_attestation') {
+        const inputs = request.inputs;
+        if (!inputs.domain || typeof inputs.domain !== 'string' || inputs.domain.trim() === '') {
+            return { valid: false, error: 'domain is required and must be a non-empty string' };
+        }
+        if (!inputs.scope || typeof inputs.scope !== 'string' || inputs.scope.trim() === '') {
+            return { valid: false, error: 'scope is required and must be a non-empty string' };
+        }
+    }
     // Check expiry
     if (request.expiresAt && Date.now() > request.expiresAt) {
         return { valid: false, error: 'Request has expired' };
@@ -856,6 +962,10 @@ function extractScopeFromPublicInputs(publicInputsHex, circuit) {
         start = 86;
         end = 117;
     }
+    else if (circuit === 'oidc_domain_attestation') {
+        start = 356;
+        end = 387;
+    }
     else {
         start = 64;
         end = 95;
@@ -865,6 +975,43 @@ function extractScopeFromPublicInputs(publicInputsHex, circuit) {
     const scopeFields = publicInputsHex.slice(start, end + 1);
     return reconstructBytes32FromFields(scopeFields);
 }
+/**
+ * Extracts the nullifier (bytes32) from public inputs based on circuit type.
+ *
+ * The nullifier is a unique, deterministic hash derived from the user's attestation
+ * and scope. It serves as a privacy-preserving user identifier — the same user
+ * with the same scope always produces the same nullifier, enabling duplicate
+ * detection without revealing the wallet address.
+ *
+ * @param publicInputsHex - Array of hex-encoded field elements
+ * @param circuit - Circuit type (defaults to coinbase_attestation)
+ * @returns Nullifier as hex string (bytes32), or null if publicInputs too short
+ *
+ * @example
+ * ```typescript
+ * const nullifier = extractNullifierFromPublicInputs(publicInputs, 'coinbase_attestation');
+ * console.log(nullifier); // '0xabc123...'
+ * ```
+ */
+function extractNullifierFromPublicInputs(publicInputsHex, circuit) {
+    let start, end;
+    if (circuit === 'coinbase_country_attestation') {
+        start = 118;
+        end = 149;
+    }
+    else if (circuit === 'oidc_domain_attestation') {
+        start = 388;
+        end = 419;
+    }
+    else {
+        start = 96;
+        end = 127;
+    }
+    if (publicInputsHex.length <= end)
+        return null;
+    const nullifierFields = publicInputsHex.slice(start, end + 1);
+    return reconstructBytes32FromFields(nullifierFields);
+}
 /** @internal Reconstruct a bytes32 value from 32 individual field elements */
 function reconstructBytes32FromFields(fields) {
     if (fields.length !== 32) {
@@ -1747,53 +1894,26 @@ class ProofportSDK {
         }
         return await response.json();
     }
-    /**
-     * Creates a proof request through the relay server.
-     *
-     * This is the recommended way to create proof requests. The relay server:
-     * - Issues a server-side requestId (validated by the mobile app)
-     * - Tracks request status in Redis
-     * - Builds the deep link with relay callback URL
-     * - Stores inputs hash for deep link integrity verification
-     *
-     * @param circuit - Circuit type identifier
-     * @param inputs - Circuit-specific inputs
-     * @param options - Request options (message, dappName, dappIcon, nonce)
-     * @returns Promise resolving to RelayProofRequest with requestId, deepLink, pollUrl
-     * @throws Error if signer not set or relay request fails
-     *
-     * @example
-     * ```typescript
-     * const sdk = ProofportSDK.create();
-     * sdk.setSigner(signer);
-     *
-     * const relay = await sdk.createRelayRequest('coinbase_attestation', {
-     *   scope: 'myapp.com'
-     * }, { dappName: 'My DApp' });
-     *
-     * // Generate QR code from relay deep link
-     * const qr = await sdk.generateQRCode(relay.deepLink);
-     *
-     * // Wait for proof (WebSocket primary, polling fallback)
-     * const result = await sdk.waitForProof(relay.requestId);
-     * ```
-     */
     async createRelayRequest(circuit, inputs, options = {}) {
-        if (!this.signer) {
-            throw new Error('Signer not set. Call setSigner() first.');
-        }
         if (!this.relayUrl) {
             throw new Error('relayUrl is required. Set it in ProofportSDK config.');
         }
-        // Get challenge from relay and sign it
-        const { challenge } = await this.getChallenge();
-        const signature = await this.signer.signMessage(challenge);
+        const needsSignature = ProofportSDK.WALLET_SIGNATURE_CIRCUITS.includes(circuit);
+        if (needsSignature && !this.signer) {
+            throw new Error('Signer not set. Call setSigner() first. Wallet signature is required for this circuit.');
+        }
+        // Get challenge + requestId from relay
+        const { requestId, challenge } = await this.getChallenge();
         const body = {
+            requestId,
             circuitId: circuit,
             inputs,
             challenge,
-            signature,
         };
+        // Sign challenge for circuits that require wallet signature
+        if (needsSignature && this.signer) {
+            body.signature = await this.signer.signMessage(challenge);
+        }
         if (options.message)
             body.message = options.message;
         if (options.dappName)
@@ -2045,8 +2165,73 @@ class ProofportSDK {
     extractScope(publicInputs, circuit) {
         return extractScopeFromPublicInputs(publicInputs, circuit);
     }
+    /**
+     * Extracts the nullifier (bytes32) from proof public inputs.
+     *
+     * The nullifier is a unique, deterministic hash derived from the user's attestation
+     * and scope. It serves as a privacy-preserving user identifier — the same user
+     * with the same scope always produces the same nullifier, enabling duplicate
+     * detection without revealing the wallet address.
+     *
+     * @param publicInputs - Array of hex-encoded field elements from proof result
+     * @param circuit - Circuit type that produced the public inputs
+     * @returns Nullifier as hex string (bytes32), or null if publicInputs too short
+     *
+     * @example
+     * ```typescript
+     * const result = await sdk.waitForProof(relay.requestId);
+     * if (result.status === 'completed') {
+     *   const nullifier = sdk.extractNullifier(result.publicInputs, result.circuit);
+     *   console.log('Nullifier:', nullifier); // '0xabc123...'
+     * }
+     * ```
+     */
+    extractNullifier(publicInputs, circuit) {
+        return extractNullifierFromPublicInputs(publicInputs, circuit);
+    }
 }
+/**
+ * Creates a proof request through the relay server.
+ *
+ * This is the recommended way to create proof requests. The relay server:
+ * - Issues a server-side requestId (validated by the mobile app)
+ * - Tracks request status in Redis
+ * - Builds the deep link with relay callback URL
+ * - Stores inputs hash for deep link integrity verification
+ *
+ * @param circuit - Circuit type identifier
+ * @param inputs - Circuit-specific inputs
+ * @param options - Request options (message, dappName, dappIcon, nonce)
+ * @returns Promise resolving to RelayProofRequest with requestId, deepLink, pollUrl
+ * @throws Error if signer not set or relay request fails
+ *
+ * @example
+ * ```typescript
+ * const sdk = ProofportSDK.create();
+ * sdk.setSigner(signer);
+ *
+ * const relay = await sdk.createRelayRequest('coinbase_attestation', {
+ *   scope: 'myapp.com'
+ * }, { dappName: 'My DApp' });
+ *
+ * // Generate QR code from relay deep link
+ * const qr = await sdk.generateQRCode(relay.deepLink);
+ *
+ * // Wait for proof (WebSocket primary, polling fallback)
+ * const result = await sdk.waitForProof(relay.requestId);
+ * ```
+ */
+// Circuits that require wallet signature (used as circuit input)
+ProofportSDK.WALLET_SIGNATURE_CIRCUITS = [
+    'coinbase_attestation',
+    'coinbase_country_attestation',
+];
+exports.COINBASE_ATTESTATION_PUBLIC_INPUT_LAYOUT = COINBASE_ATTESTATION_PUBLIC_INPUT_LAYOUT;
+exports.COINBASE_COUNTRY_PUBLIC_INPUT_LAYOUT = COINBASE_COUNTRY_PUBLIC_INPUT_LAYOUT;
+exports.OIDC_DOMAIN_ATTESTATION_PUBLIC_INPUT_LAYOUT = OIDC_DOMAIN_ATTESTATION_PUBLIC_INPUT_LAYOUT;
 exports.ProofportSDK = ProofportSDK;
 exports.default = ProofportSDK;
+exports.extractNullifierFromPublicInputs = extractNullifierFromPublicInputs;
+exports.extractScopeFromPublicInputs = extractScopeFromPublicInputs;
 //# sourceMappingURL=index.js.map