chainlesschain 0.49.0 → 0.66.0

package/src/lib/zkp-engine.js

@@ -1,16 +1,34 @@
 /**
  * ZKP Engine — Zero-knowledge proof circuit compilation, proof generation,
- * verification, and selective identity disclosure.
+ * verification, and selective identity disclosure (Phase 88).
  */
 
 import crypto from "crypto";
 
+/* ── Phase 88 frozen enums ─────────────────────────────────── */
+
+export const PROOF_SCHEME = Object.freeze({
+  GROTH16: "groth16",
+  PLONK: "plonk",
+  BULLETPROOFS: "bulletproofs",
+});
+
+export const CIRCUIT_STATUS = Object.freeze({
+  DRAFT: "draft",
+  COMPILED: "compiled",
+  VERIFIED: "verified",
+  FAILED: "failed",
+});
+
+export const SUPPORTED_SCHEMES = new Set(Object.values(PROOF_SCHEME));
+
 /* ── In-memory stores ──────────────────────────────────────── */
 const _circuits = new Map();
 const _proofs = new Map();
 const _verificationKeys = new Map();
+const _credentials = new Map();
 
-const DEFAULT_SCHEME = "groth16";
+const DEFAULT_SCHEME = PROOF_SCHEME.GROTH16;
 
 /* ── Schema ────────────────────────────────────────────────── */
 
@@ -22,6 +40,7 @@ export function ensureZKPTables(db) {
       definition TEXT,
       compiled TEXT,
       verification_key TEXT,
+      status TEXT DEFAULT 'draft',
       created_at TEXT DEFAULT (datetime('now'))
     )
   `);
@@ -36,6 +55,15 @@ export function ensureZKPTables(db) {
       created_at TEXT DEFAULT (datetime('now'))
     )
   `);
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS zkp_credentials (
+      id TEXT PRIMARY KEY,
+      did TEXT,
+      claims TEXT NOT NULL,
+      merkle_root TEXT NOT NULL,
+      created_at TEXT DEFAULT (datetime('now'))
+    )
+  `);
 }
 
 /* ── Circuit Compilation ───────────────────────────────────── */
@@ -82,6 +110,7 @@ export function compileCircuit(db, name, definition) {
     inputs,
     outputs,
     verificationKey,
+    status: CIRCUIT_STATUS.COMPILED,
     createdAt: now,
   };
 
@@ -89,40 +118,87 @@ export function compileCircuit(db, name, definition) {
   _verificationKeys.set(id, verificationKey);
 
   db.prepare(
-    `INSERT INTO zkp_circuits (id, name, definition, compiled, verification_key, created_at)
-     VALUES (?, ?, ?, ?, ?, ?)`,
+    `INSERT INTO zkp_circuits (id, name, definition, compiled, verification_key, status, created_at)
+     VALUES (?, ?, ?, ?, ?, ?, ?)`,
   ).run(
     id,
     name,
     JSON.stringify(parsed),
     JSON.stringify(compiled),
     verificationKey,
+    CIRCUIT_STATUS.COMPILED,
     now,
   );
 
   return circuit;
 }
 
+/**
+ * Update a circuit's status (DRAFT / COMPILED / VERIFIED / FAILED).
+ */
+export function setCircuitStatus(db, circuitId, status) {
+  if (!Object.values(CIRCUIT_STATUS).includes(status)) {
+    throw new Error(`Invalid circuit status: ${status}`);
+  }
+  const circuit = _circuits.get(circuitId);
+  if (!circuit) throw new Error(`Circuit not found: ${circuitId}`);
+  circuit.status = status;
+  db.prepare("UPDATE zkp_circuits SET status = ? WHERE id = ?").run(
+    status,
+    circuitId,
+  );
+  return { id: circuitId, status };
+}
+
 /* ── Proof Generation ──────────────────────────────────────── */
 
-export function generateProof(db, circuitId, privateInputs, publicInputs) {
+export function generateProof(
+  db,
+  circuitId,
+  privateInputs,
+  publicInputs,
+  options = {},
+) {
   const circuit = _circuits.get(circuitId);
   if (!circuit) throw new Error(`Circuit not found: ${circuitId}`);
 
+  const scheme = options.scheme || DEFAULT_SCHEME;
+  if (!SUPPORTED_SCHEMES.has(scheme)) {
+    throw new Error(
+      `Unsupported proof scheme: ${scheme}. Supported: ${[...SUPPORTED_SCHEMES].join(", ")}`,
+    );
+  }
+
   const id = crypto.randomUUID();
   const now = new Date().toISOString();
 
-  // Mock zk-SNARK proof with {a, b, c} components (Groth16 structure)
-  const proofData = {
-    a: crypto.randomBytes(32).toString("hex"),
-    b: crypto.randomBytes(64).toString("hex"),
-    c: crypto.randomBytes(32).toString("hex"),
-  };
+  // Scheme-shaped mock proof structure
+  let proofData;
+  if (scheme === PROOF_SCHEME.GROTH16) {
+    proofData = {
+      a: crypto.randomBytes(32).toString("hex"),
+      b: crypto.randomBytes(64).toString("hex"),
+      c: crypto.randomBytes(32).toString("hex"),
+    };
+  } else if (scheme === PROOF_SCHEME.PLONK) {
+    proofData = {
+      commitments: crypto.randomBytes(96).toString("hex"),
+      evaluations: crypto.randomBytes(64).toString("hex"),
+    };
+  } else {
+    // bulletproofs — range proof shape
+    proofData = {
+      V: crypto.randomBytes(32).toString("hex"),
+      A: crypto.randomBytes(32).toString("hex"),
+      S: crypto.randomBytes(32).toString("hex"),
+      t1: crypto.randomBytes(32).toString("hex"),
+    };
+  }
 
   const proof = {
     id,
     circuitId,
-    scheme: DEFAULT_SCHEME,
+    scheme,
     proof: proofData,
     publicInputs: publicInputs || [],
     verified: false,
@@ -140,7 +216,7 @@ export function generateProof(db, circuitId, privateInputs, publicInputs) {
     JSON.stringify(proofData),
     JSON.stringify(publicInputs || []),
     0,
-    DEFAULT_SCHEME,
+    scheme,
     now,
   );
 
@@ -156,13 +232,27 @@ export function verifyProof(db, proofId) {
   const circuit = _circuits.get(proof.circuitId);
   if (!circuit) throw new Error(`Circuit not found for proof: ${proofId}`);
 
-  // Mock verification — check proof structure is valid
-  const valid =
-    proof.proof &&
-    typeof proof.proof.a === "string" &&
-    typeof proof.proof.b === "string" &&
-    typeof proof.proof.c === "string" &&
-    _verificationKeys.has(proof.circuitId);
+  // Scheme-aware structural validation
+  let structurallyValid = false;
+  if (proof.scheme === PROOF_SCHEME.GROTH16) {
+    structurallyValid =
+      proof.proof &&
+      typeof proof.proof.a === "string" &&
+      typeof proof.proof.b === "string" &&
+      typeof proof.proof.c === "string";
+  } else if (proof.scheme === PROOF_SCHEME.PLONK) {
+    structurallyValid =
+      proof.proof &&
+      typeof proof.proof.commitments === "string" &&
+      typeof proof.proof.evaluations === "string";
+  } else if (proof.scheme === PROOF_SCHEME.BULLETPROOFS) {
+    structurallyValid =
+      proof.proof &&
+      typeof proof.proof.V === "string" &&
+      typeof proof.proof.A === "string";
+  }
+
+  const valid = structurallyValid && _verificationKeys.has(proof.circuitId);
 
   proof.verified = valid;
 
@@ -207,14 +297,152 @@ export function createIdentityProof(claims, disclosedFields) {
   };
 }
 
+/* ── Credentials + Merkle-tree selective disclosure ──────────── */
+
+/**
+ * Compute a deterministic Merkle root over sorted (field, hash(value)) leaves.
+ * Each leaf = sha256(fieldName + ":" + sha256(stringified-value)).
+ * Pairs combine as sha256(left + right), odd leaves are duplicated (standard).
+ */
+function _merkleRoot(claims) {
+  const fields = Object.keys(claims).sort();
+  if (fields.length === 0) {
+    return crypto.createHash("sha256").update("").digest("hex");
+  }
+
+  let level = fields.map((field) => {
+    const valHash = crypto
+      .createHash("sha256")
+      .update(JSON.stringify(claims[field]))
+      .digest("hex");
+    return crypto
+      .createHash("sha256")
+      .update(`${field}:${valHash}`)
+      .digest("hex");
+  });
+
+  while (level.length > 1) {
+    const next = [];
+    for (let i = 0; i < level.length; i += 2) {
+      const left = level[i];
+      const right = i + 1 < level.length ? level[i + 1] : left;
+      next.push(
+        crypto
+          .createHash("sha256")
+          .update(left + right)
+          .digest("hex"),
+      );
+    }
+    level = next;
+  }
+  return level[0];
+}
+
+/**
+ * Register a verifiable credential. Returns `{ id, did, merkleRoot, claims }`.
+ */
+export function registerCredential(db, { did, claims }) {
+  if (!claims || typeof claims !== "object") {
+    throw new Error("Claims must be an object");
+  }
+  const id = crypto.randomUUID();
+  const now = new Date().toISOString();
+  const merkleRoot = _merkleRoot(claims);
+
+  const credential = {
+    id,
+    did: did || null,
+    claims,
+    merkleRoot,
+    createdAt: now,
+  };
+  _credentials.set(id, credential);
+
+  db.prepare(
+    `INSERT INTO zkp_credentials (id, did, claims, merkle_root, created_at)
+     VALUES (?, ?, ?, ?, ?)`,
+  ).run(id, did || null, JSON.stringify(claims), merkleRoot, now);
+
+  return credential;
+}
+
+/**
+ * Selectively disclose a subset of credential fields to a recipient.
+ * Returns `{ id, credentialId, recipientDid, disclosed, merkleRoot, hiddenCount }`.
+ * The receiver can recompute the Merkle root (given hashed pads for hidden fields)
+ * and match it against the credential's merkleRoot to confirm integrity.
+ */
+export function selectiveDisclose(
+  db,
+  credentialId,
+  disclosedFields,
+  recipientDid = null,
+) {
+  const credential = _credentials.get(credentialId);
+  if (!credential) {
+    throw new Error(`Credential not found: ${credentialId}`);
+  }
+  if (!Array.isArray(disclosedFields)) {
+    throw new Error("disclosedFields must be an array");
+  }
+
+  const allFields = Object.keys(credential.claims);
+  const disclosed = {};
+  const hiddenFields = [];
+
+  for (const field of allFields) {
+    if (disclosedFields.includes(field)) {
+      disclosed[field] = credential.claims[field];
+    } else {
+      hiddenFields.push(field);
+    }
+  }
+
+  return {
+    id: crypto.randomUUID(),
+    type: "selective-disclosure",
+    credentialId,
+    recipientDid,
+    disclosed,
+    hiddenCount: hiddenFields.length,
+    hiddenFields,
+    merkleRoot: credential.merkleRoot,
+    disclosedAt: new Date().toISOString(),
+  };
+}
+
+/**
+ * List registered credentials, optionally filtered by DID.
+ */
+export function listCredentials(db, options = {}) {
+  let creds = [..._credentials.values()];
+  if (options.did) {
+    creds = creds.filter((c) => c.did === options.did);
+  }
+  return creds;
+}
+
 /* ── Stats ─────────────────────────────────────────────────── */
 
 export function getZKPStats() {
   const proofList = [..._proofs.values()];
+  const bySchemeCount = {};
+  for (const scheme of Object.values(PROOF_SCHEME)) {
+    bySchemeCount[scheme] = proofList.filter((p) => p.scheme === scheme).length;
+  }
+  const byStatusCount = {};
+  for (const status of Object.values(CIRCUIT_STATUS)) {
+    byStatusCount[status] = [..._circuits.values()].filter(
+      (c) => c.status === status,
+    ).length;
+  }
   return {
     circuits: _circuits.size,
     proofs: proofList.length,
     verifiedProofs: proofList.filter((p) => p.verified).length,
+    credentials: _credentials.size,
+    proofsByScheme: bySchemeCount,
+    circuitsByStatus: byStatusCount,
   };
 }
 
@@ -238,4 +466,5 @@ export function _resetState() {
   _circuits.clear();
   _proofs.clear();
   _verificationKeys.clear();
+  _credentials.clear();
 }

package/src/assets/web-panel/assets/Dashboard-BS-tzGNj.css

@@ -1 +0,0 @@
-.stat-card[data-v-39c5aabc]{background:var(--bg-card)!important;border-color:var(--border-color)!important;transition:border-color .2s}.stat-card[data-v-39c5aabc]:hover{border-color:var(--text-muted)!important}.stat-header[data-v-39c5aabc]{display:flex;justify-content:space-between;align-items:center;margin-bottom:6px}.stat-label[data-v-39c5aabc]{color:var(--text-secondary);font-size:12px}.stat-value[data-v-39c5aabc]{font-size:22px;font-weight:600;line-height:1.2;margin-bottom:4px}.stat-sub[data-v-39c5aabc]{color:var(--text-muted);font-size:11px}.gateway-card[data-v-39c5aabc]{border-left:3px solid #1677ff!important}.status-log[data-v-39c5aabc]{background:var(--bg-base);border:1px solid var(--border-color);border-radius:6px;padding:10px 14px;color:var(--text-secondary);font-size:11px;font-family:Consolas,monospace;max-height:200px;overflow-y:auto;white-space:pre-wrap;margin:0;line-height:1.6}.telemetry-card[data-v-39c5aabc]{background:var(--bg-base);border:1px solid var(--border-color);border-radius:8px;padding:14px;height:100%}.telemetry-filter[data-v-39c5aabc]{display:flex;flex-direction:column;gap:6px}.telemetry-filter-label[data-v-39c5aabc]{color:var(--text-muted);font-size:12px}.telemetry-label[data-v-39c5aabc]{color:var(--text-muted);font-size:12px;margin-bottom:6px}.telemetry-value[data-v-39c5aabc]{color:#91caff;font-size:24px;font-weight:600;line-height:1.2}.telemetry-sub[data-v-39c5aabc]{color:var(--text-secondary);font-size:11px;margin-top:4px}.telemetry-section[data-v-39c5aabc]{background:var(--bg-base);border:1px solid var(--border-color);border-radius:8px;padding:14px;min-height:140px}.telemetry-section-title[data-v-39c5aabc]{color:var(--text-secondary);font-size:12px;margin-bottom:10px}.telemetry-list[data-v-39c5aabc]{display:flex;flex-direction:column;gap:8px}.telemetry-row[data-v-39c5aabc]{display:flex;justify-content:space-between;gap:12px;color:var(--text-secondary);font-size:12px}.telemetry-empty[data-v-39c5aabc]{color:var(--text-muted);font-size:12px}