payid-rule-engine 0.1.0

package/README.md

@@ -0,0 +1,15 @@
+# rule-engine
+
+To install dependencies:
+
+```bash
+bun install
+```
+
+To run:
+
+```bash
+bun run index.ts
+```
+
+This project was created using `bun init` in bun v1.2.21. [Bun](https://bun.com) is a fast all-in-one JavaScript runtime.

package/index.ts

@@ -0,0 +1 @@
+export * from "./src";

package/package.json

@@ -0,0 +1,20 @@
+{
+  "name": "payid-rule-engine",
+  "version": "0.1.0",
+  "private": false,
+  "type": "module",
+  "scripts": {
+    "build": "bun build src/sandbox.ts --outdir dist --target node"
+  },
+  "dependencies": {
+    "@payid/types": "*",
+    "@types/lodash": "^4.17.21",
+    "lodash": "^4.17.21"
+  },
+  "devDependencies": {
+    "@types/bun": "latest"
+  },
+  "peerDependencies": {
+    "typescript": "^5"
+  }
+}

package/src/index.ts

@@ -0,0 +1,21 @@
+import type { RuleContext, RuleResult } from "@payid/types";
+import { runWasmRule } from "./sandbox";
+export * from "./sandbox";
+export * from "./preprocess";
+
+/**
+ * Execute PAY.ID WASM rule engine.
+ *
+ * @param wasmBinary Compiled WASM binary
+ * @param context    Rule execution context
+ * @param ruleConfig Rule configuration JSON
+ *
+ * @returns RuleResult (ALLOW / REJECT)
+ */
+export async function executeRule(
+  wasmBinary: Buffer,
+  context: RuleContext,
+  ruleConfig: unknown
+): Promise<RuleResult> {
+  return runWasmRule(wasmBinary, context, ruleConfig);
+}

package/src/preprocess.ts

@@ -0,0 +1,48 @@
+import { validateRequiredContext } from "./validateRequires";
+import { verifyAttestation } from "@payid/attestation";
+
+export function preprocessContextV2(
+  context: any,
+  ruleConfig: any,
+  trustedIssuers: Set<string>
+) {
+  validateRequiredContext(context, ruleConfig.requires);
+
+  if (context.env) {
+    verifyAttestation(
+      { timestamp: context.env.timestamp },
+      context.env.proof,
+      trustedIssuers
+    );
+  }
+
+  if (context.state) {
+    verifyAttestation(
+      {
+        spentToday: context.state.spentToday,
+        period: context.state.period
+      },
+      context.state.proof,
+      trustedIssuers
+    );
+  }
+
+  if (context.oracle) {
+    const { proof, ...data } = context.oracle;
+    verifyAttestation(data, proof, trustedIssuers);
+  }
+
+  if (context.risk) {
+    verifyAttestation(
+      {
+        score: context.risk.score,
+        category: context.risk.category,
+        modelHash: context.risk.proof.modelHash
+      },
+      context.risk.proof,
+      trustedIssuers
+    );
+  }
+
+  return context;
+}

package/src/sandbox.ts

@@ -0,0 +1,50 @@
+import { WASI } from "wasi";
+import type { RuleContext, RuleResult } from "@payid/types";
+import { loadWasm } from "./wasm";
+
+export async function runWasmRule(
+  wasmBinary: Buffer,
+  context: RuleContext,
+  config: any
+): Promise<RuleResult> {
+  const wasi = new WASI({ version: "preview1" });
+  const instance = await loadWasm(wasmBinary, wasi);
+
+  const memory = instance.exports.memory as WebAssembly.Memory;
+  const alloc = instance.exports.alloc as (size: number) => number;
+  const free = instance.exports.free as (ptr: number, size: number) => void;
+  const evaluate = instance.exports.evaluate as (
+    a: number, b: number, c: number, d: number, e: number, f: number
+  ) => number;
+
+  const ctxBuf = Buffer.from(JSON.stringify(context));
+  const cfgBuf = Buffer.from(JSON.stringify(config));
+  const OUT_SIZE = 2048;
+
+  const ctxPtr = alloc(ctxBuf.length);
+  const cfgPtr = alloc(cfgBuf.length);
+  const outPtr = alloc(OUT_SIZE);
+
+  try {
+    new Uint8Array(memory.buffer).set(ctxBuf, ctxPtr);
+    new Uint8Array(memory.buffer).set(cfgBuf, cfgPtr);
+
+    const rc = evaluate(
+      ctxPtr, ctxBuf.length,
+      cfgPtr, cfgBuf.length,
+      outPtr, OUT_SIZE
+    );
+
+    if (rc < 0) throw new Error(`WASM failed rc=${rc}`);
+
+    const out = Buffer.from(
+      new Uint8Array(memory.buffer).slice(outPtr, outPtr + rc)
+    );
+
+    return JSON.parse(out.toString("utf8"));
+  } finally {
+    free(ctxPtr, ctxBuf.length);
+    free(cfgPtr, cfgBuf.length);
+    free(outPtr, OUT_SIZE);
+  }
+}

package/src/validateRequires.ts

@@ -0,0 +1,15 @@
+import { get } from "lodash";
+
+export function validateRequiredContext(
+  context: any,
+  requires?: string[]
+) {
+  if (!requires) return;
+
+  for (const path of requires) {
+    const value = get(context, path);
+    if (value === undefined || value === null) {
+      throw new Error(`Missing required context field: ${path}`);
+    }
+  }
+}

package/src/wasm.ts

@@ -0,0 +1,16 @@
+import { WASI } from "wasi";
+
+export async function loadWasm(
+  binary: Buffer,
+  wasi: WASI
+): Promise<WebAssembly.Instance> {
+  const module = await WebAssembly.compile(binary);
+
+  const instance = await WebAssembly.instantiate(module, {
+    wasi_snapshot_preview1: wasi.wasiImport
+  });
+
+  wasi.start(instance);
+
+  return instance;
+}

package/tsconfig.json

@@ -0,0 +1,29 @@
+{
+  "compilerOptions": {
+    // Environment setup & latest features
+    "lib": ["ESNext"],
+    "target": "ESNext",
+    "module": "Preserve",
+    "moduleDetection": "force",
+    "jsx": "react-jsx",
+    "allowJs": true,
+
+    // Bundler mode
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "noEmit": true,
+
+    // Best practices
+    "strict": true,
+    "skipLibCheck": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedIndexedAccess": true,
+    "noImplicitOverride": true,
+
+    // Some stricter flags (disabled by default)
+    "noUnusedLocals": false,
+    "noUnusedParameters": false,
+    "noPropertyAccessFromIndexSignature": false
+  }
+}