payid 0.2.7 → 0.2.8

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "payid",
-  "version": "0.2.7",
+  "version": "0.2.8",
   "private": false,
   "type": "module",
   "main": "./dist/index.js",
@@ -12,7 +12,8 @@
   },
   "scripts": {
     "build:js": "bun build src/index.ts --outdir dist --target node",
-    "build": "bun run build:js"
+    "build:build": "tsc -p tsconfig.build.json",
+    "build": "bun run build:js && bun run build:build"
   },
   "devDependencies": {
     "@types/bun": "latest"

package/index.ts

@@ -1 +0,0 @@
-export * from "./src";

package/src/decision-proof/generate.ts

@@ -1,41 +0,0 @@
-import { randomBytes } from "crypto";
-import type { DecisionPayload, DecisionProof } from "./types";
-import { hashContext, hashRuleSet } from "./hash";
-import { signDecision } from "./sign";
-import { ethers } from "ethers";
-
-export async function generateDecisionProof(params: {
-  payId: string;
-  owner: string;
-  decision: "ALLOW" | "REJECT";
-  context: any;
-  ruleConfig: any;
-  signer: ethers.Signer;
-  chainId: number;
-  verifyingContract: string;
-  ttlSeconds?: number;
-}): Promise<DecisionProof> {
-  const issuedAt = Math.floor(Date.now() / 1000);
-  const expiresAt = issuedAt + (params.ttlSeconds ?? 60);
-
-  const payload: DecisionPayload = {
-    version: "payid.decision.v1",
-    payId: params.payId,
-    owner: params.owner,
-    decision: params.decision === "ALLOW" ? 1 : 0,
-    contextHash: hashContext(params.context),
-    ruleSetHash: hashRuleSet(params.ruleConfig),
-    issuedAt,
-    expiresAt,
-    nonce: `0x${randomBytes(32).toString("hex")}`
-  };
-
-  const signature = await signDecision(
-    params.signer,
-    params.chainId,
-    params.verifyingContract,
-    payload
-  );
-
-  return { payload, signature };
-}

package/src/decision-proof/hash.ts

@@ -1,26 +0,0 @@
-import { keccak256 } from "ethers";
-
-/**
- * NOTE:
- * Untuk v1, JSON stringify yang sudah distabilkan
- * (keys sorted). WAJIB untuk golden tests.
- */
-function stableStringify(obj: any): string {
-  if (Array.isArray(obj)) {
-    return `[${obj.map(stableStringify).join(",")}]`;
-  }
-  if (obj && typeof obj === "object") {
-    return `{${Object.keys(obj).sort().map(
-      k => `"${k}":${stableStringify(obj[k])}`
-    ).join(",")}}`;
-  }
-  return JSON.stringify(obj);
-}
-
-export function hashContext(context: any): string {
-  return keccak256(Buffer.from(stableStringify(context)));
-}
-
-export function hashRuleSet(ruleConfig: any): string {
-  return keccak256(Buffer.from(stableStringify(ruleConfig)));
-}

package/src/decision-proof/sign.ts

@@ -1,42 +0,0 @@
-import { ethers } from "ethers";
-import type { DecisionPayload } from "./types";
-
-export async function signDecision(
-  signer: ethers.Signer,
-  chainId: number,
-  verifyingContract: string,
-  payload: DecisionPayload
-): Promise<string> {
-  const domain = {
-    name: "PAY.ID Decision",
-    version: "1",
-    chainId,
-    verifyingContract
-  };
-
-  const types = {
-    Decision: [
-      { name: "version", type: "string" },
-      { name: "payId", type: "string" },
-      { name: "owner", type: "address" },
-      { name: "decision", type: "uint8" },
-      { name: "contextHash", type: "bytes32" },
-      { name: "ruleSetHash", type: "bytes32" },
-      { name: "issuedAt", type: "uint64" },
-      { name: "expiresAt", type: "uint64" },
-      { name: "nonce", type: "bytes32" }
-    ]
-  };
-
-  if (typeof (signer as any).signTypedData === "function") {
-    return await (signer as any).signTypedData(domain, types, payload);
-  }
-
-  if (typeof (signer as any)._signTypedData === "function") {
-    return await (signer as any)._signTypedData(domain, types, payload);
-  }
-
-  throw new Error(
-    "Signer does not support EIP-712 signing (signTypedData)"
-  );
-}

package/src/decision-proof/types.ts

@@ -1,18 +0,0 @@
-export type DecisionValue = 0 | 1; // 1=ALLOW, 0=REJECT
-
-export interface DecisionPayload {
-  version: "payid.decision.v1";
-  payId: string;
-  owner: string;              // authority address
-  decision: DecisionValue;
-  contextHash: string;        // bytes32
-  ruleSetHash: string;        // bytes32
-  issuedAt: number;           // uint64
-  expiresAt: number;          // uint64
-  nonce: string;              // bytes32
-}
-
-export interface DecisionProof {
-  payload: DecisionPayload;
-  signature: string;          // EIP-712 signature
-}

package/src/erc4337/build.ts

@@ -1,16 +0,0 @@
-import { ethers } from "ethers";
-import type { DecisionProof } from "../decision-proof/types";
-
-export function buildPayCallData(
-  contractAddress: string,
-  proof: DecisionProof
-): string {
-  const iface = new ethers.Interface([
-    "function pay(bytes payload, bytes signature)"
-  ]);
-
-  return iface.encodeFunctionData("pay", [
-    ethers.toUtf8Bytes(JSON.stringify(proof.payload)),
-    proof.signature
-  ]);
-}

package/src/erc4337/types.ts

@@ -1,13 +0,0 @@
-export interface UserOperation {
-  sender: string;
-  nonce: string;
-  initCode: string;
-  callData: string;
-  callGasLimit: string;
-  verificationGasLimit: string;
-  preVerificationGas: string;
-  maxFeePerGas: string;
-  maxPriorityFeePerGas: string;
-  paymasterAndData: string;
-  signature: string;
-}

package/src/erc4337/userop.ts

@@ -1,30 +0,0 @@
-import type { UserOperation } from "./types";
-
-export function buildUserOperation(params: {
-  sender: string;
-  callData: string;
-  nonce: string;
-  gas: {
-    callGasLimit: string;
-    verificationGasLimit: string;
-    preVerificationGas: string;
-    maxFeePerGas: string;
-    maxPriorityFeePerGas: string;
-  };
-  initCode?: string;
-  paymasterAndData?: string;
-}): UserOperation {
-  return {
-    sender: params.sender,
-    nonce: params.nonce,
-    initCode: params.initCode ?? "0x",
-    callData: params.callData,
-    callGasLimit: params.gas.callGasLimit,
-    verificationGasLimit: params.gas.verificationGasLimit,
-    preVerificationGas: params.gas.preVerificationGas,
-    maxFeePerGas: params.gas.maxFeePerGas,
-    maxPriorityFeePerGas: params.gas.maxPriorityFeePerGas,
-    paymasterAndData: params.paymasterAndData ?? "0x",
-    signature: "0x" // signed later by smart account
-  };
-}

package/src/evaluate.ts

@@ -1,63 +0,0 @@
-import type { RuleContext, RuleResult, RuleConfig } from "payid-types";
-import { executeRule } from "payid-rule-engine";
-import { normalizeContext } from "./normalize";
-import { preprocessContextV2 } from "payid-rule-engine";
-
-export async function evaluate(
-  wasmBinary: Buffer,
-  context: RuleContext,
-  ruleConfig: RuleConfig,
-  options?: {
-    trustedIssuers?: Set<string>;
-  }
-): Promise<RuleResult> {
-  // ---- basic validation (v1 behavior) ----
-  if (!context || typeof context !== "object") {
-    throw new Error("evaluate(): context is required");
-  }
-
-  if (!context.tx) {
-    throw new Error("evaluate(): context.tx is required");
-  }
-
-  if (!ruleConfig || typeof ruleConfig !== "object") {
-    throw new Error("evaluate(): ruleConfig is required");
-  }
-
-  let result: RuleResult;
-
-  try {
-    // ---- NEW: preprocess v2 context if enabled ----
-    const preparedContext =
-      options?.trustedIssuers
-        ? preprocessContextV2(context, ruleConfig, options.trustedIssuers)
-        : context;
-
-    // ---- existing normalization ----
-    const normalized = normalizeContext(preparedContext);
-
-    // ---- execute WASM rule engine ----
-    result = await executeRule(wasmBinary, normalized, ruleConfig);
-  } catch (err: any) {
-    return {
-      decision: "REJECT",
-      code: "CONTEXT_OR_ENGINE_ERROR",
-      reason: err?.message ?? "rule evaluation failed"
-    };
-  }
-
-  // ---- output validation ----
-  if (result.decision !== "ALLOW" && result.decision !== "REJECT") {
-    return {
-      decision: "REJECT",
-      code: "INVALID_ENGINE_OUTPUT",
-      reason: "invalid decision value"
-    };
-  }
-
-  return {
-    decision: result.decision,
-    code: result.code || "UNKNOWN",
-    reason: result.reason
-  };
-}

package/src/index.ts

@@ -1 +0,0 @@
-export { PayID } from "./payid";

package/src/normalize.ts

@@ -1,13 +0,0 @@
-import type { RuleContext } from "payid-types";
-
-export function normalizeContext(ctx: RuleContext): RuleContext {
-  return {
-    ...ctx,
-    tx: {
-      ...ctx.tx,
-      sender: ctx.tx.sender?.toLowerCase(),
-      receiver: ctx.tx.receiver?.toLowerCase(),
-      asset: ctx.tx.asset.toUpperCase()
-    }
-  };
-}

package/src/payid.ts

@@ -1,167 +0,0 @@
-import type { RuleContext, RuleResult, RuleConfig } from "payid-types";
-import { evaluate as evaluatePolicy } from "./evaluate";
-import { generateDecisionProof } from "./decision-proof/generate";
-import { resolveRule } from "./resolver/resolver";
-import type { RuleSource } from "./resolver/types";
-import { ethers } from "ethers";
-import fs from "fs";
-import type { UserOperation } from "./erc4337/types";
-import { buildPayCallData } from "./erc4337/build";
-import { buildUserOperation } from "./erc4337/userop";
-
-export class PayID {
-  private wasm: Buffer;
-
-  constructor(wasmPath: string) {
-    this.wasm = fs.readFileSync(wasmPath);
-  }
-
-  async evaluate(
-    context: RuleContext,
-    ruleConfig: RuleConfig
-  ): Promise<RuleResult> {
-    return evaluatePolicy(this.wasm, context, ruleConfig);
-  }
-
-
-  async evaluateAndProve(params: {
-    context: RuleContext;
-    ruleConfig: RuleConfig;
-    payId: string;
-    owner: string;
-    signer: ethers.Signer;
-    chainId: number;
-    verifyingContract: string;
-    ttlSeconds?: number;
-  }) {
-    const result = await this.evaluate(params.context, params.ruleConfig);
-
-    const proof = await generateDecisionProof({
-      payId: params.payId,
-      owner: params.owner,
-      decision: result.decision,
-      context: params.context,
-      ruleConfig: params.ruleConfig,
-      signer: params.signer,
-      chainId: params.chainId,
-      verifyingContract: params.verifyingContract,
-      ttlSeconds: params.ttlSeconds
-    });
-
-    return { result, proof };
-  }
-
-  async evaluateWithRuleSource(
-    context: RuleContext,
-    ruleSource: RuleSource
-  ): Promise<RuleResult> {
-    try {
-      const { config } = await resolveRule(ruleSource);
-      return await this.evaluate(context, config);
-    } catch (err: any) {
-      return {
-        decision: "REJECT",
-        code: "RULE_RESOLVE_ERROR",
-        reason: err?.message ?? "failed to resolve rule"
-      };
-    }
-  }
-
-  async evaluateAndProveFromSource(params: {
-    context: RuleContext;
-    ruleSource: RuleSource;
-    payId: string;
-    owner: string;
-    signer: ethers.Signer;
-    chainId: number;
-    verifyingContract: string;
-    ttlSeconds?: number;
-  }) {
-    try {
-      const { config } = await resolveRule(params.ruleSource);
-
-      const result = await this.evaluate(params.context, config);
-
-      const proof = await generateDecisionProof({
-        payId: params.payId,
-        owner: params.owner,
-        decision: result.decision,
-        context: params.context,
-        ruleConfig: config,
-        signer: params.signer,
-        chainId: params.chainId,
-        verifyingContract: params.verifyingContract,
-        ttlSeconds: params.ttlSeconds
-      });
-
-      return { result, proof };
-    } catch (err: any) {
-      return {
-        result: {
-          decision: "REJECT",
-          code: "RULE_RESOLVE_ERROR",
-          reason: err?.message ?? "rule resolve failed"
-        },
-        proof: null
-      };
-    }
-  }
-
-  async evaluateProveAndBuildUserOp(params: {
-    context: RuleContext;
-    ruleSource: { uri: string; hash?: string; };
-    payId: string;
-    owner: string;
-    signer: ethers.Signer;
-
-    // ERC-4337 specific
-    smartAccount: string;
-    targetContract: string;
-    nonce: string;
-    gas: {
-      callGasLimit: string;
-      verificationGasLimit: string;
-      preVerificationGas: string;
-      maxFeePerGas: string;
-      maxPriorityFeePerGas: string;
-    };
-    paymasterAndData?: string;
-
-    chainId: number;
-    verifyingContract: string;
-  }): Promise<{
-    result: RuleResult;
-    userOp: UserOperation | null;
-    proof: any;
-  }> {
-    const { result, proof } =
-      await this.evaluateAndProveFromSource({
-        context: params.context,
-        ruleSource: params.ruleSource,
-        payId: params.payId,
-        owner: params.owner,
-        signer: params.signer,
-        chainId: params.chainId,
-        verifyingContract: params.verifyingContract
-      });
-
-    if (result.decision !== "ALLOW" || !proof) {
-      return { result: (result as any), userOp: null, proof };
-    }
-
-    const callData = buildPayCallData(
-      params.targetContract,
-      proof
-    );
-
-    const userOp = buildUserOperation({
-      sender: params.smartAccount,
-      nonce: params.nonce,
-      callData,
-      gas: params.gas,
-      paymasterAndData: params.paymasterAndData
-    });
-
-    return { result, userOp, proof };
-  }
-}

package/src/resolver/http.ts

@@ -1,16 +0,0 @@
-import { verifyHash } from "./utils";
-
-export async function resolveHttpRule(
-  uri: string,
-  expectedHash?: string
-): Promise<any> {
-  const res = await fetch(uri);
-  if (!res.ok) {
-    throw new Error(`HTTP_RULE_FETCH_FAILED: ${res.status}`);
-  }
-
-  const text = await res.text();
-  verifyHash(text, expectedHash);
-
-  return JSON.parse(text);
-}

package/src/resolver/ipfs.ts

@@ -1,22 +0,0 @@
-import { verifyHash } from "./utils";
-
-const DEFAULT_GATEWAY = "https://ipfs.io/ipfs/";
-
-export async function resolveIpfsRule(
-  uri: string,
-  expectedHash?: string,
-  gateway = DEFAULT_GATEWAY
-): Promise<any> {
-  const cid = uri.replace("ipfs://", "");
-  const url = `${gateway}${cid}`;
-
-  const res = await fetch(url);
-  if (!res.ok) {
-    throw new Error(`IPFS_RULE_FETCH_FAILED: ${res.status}`);
-  }
-
-  const text = await res.text();
-  verifyHash(text, expectedHash);
-
-  return JSON.parse(text);
-}

package/src/resolver/resolver.ts

@@ -1,24 +0,0 @@
-import type { RuleSource, ResolvedRule } from "./types";
-import { resolveHttpRule } from "./http";
-import { resolveIpfsRule } from "./ipfs";
-
-export async function resolveRule(
-  source: RuleSource
-): Promise<ResolvedRule> {
-  const { uri, hash } = source;
-
-  let config: any;
-
-  if (uri.startsWith("ipfs://")) {
-    config = await resolveIpfsRule(uri, hash);
-  } else if (uri.startsWith("http://") || uri.startsWith("https://")) {
-    config = await resolveHttpRule(uri, hash);
-  } else {
-    throw new Error("UNSUPPORTED_RULE_URI");
-  }
-
-  return {
-    config,
-    source
-  };
-}

package/src/resolver/types.ts

@@ -1,9 +0,0 @@
-export interface RuleSource {
-  uri: string;          // ipfs://... | https://...
-  hash?: string;        // optional keccak256 hash
-}
-
-export interface ResolvedRule {
-  config: any;
-  source: RuleSource;
-}

package/src/resolver/utils.ts

@@ -1,13 +0,0 @@
-import { keccak256 } from "ethers";
-
-export function verifyHash(
-  content: string,
-  expectedHash?: string
-) {
-  if (!expectedHash) return;
-
-  const actual = keccak256(Buffer.from(content));
-  if (actual !== expectedHash) {
-    throw new Error("RULE_HASH_MISMATCH");
-  }
-}

package/tsconfig.json

@@ -1,29 +0,0 @@
-{
-  "compilerOptions": {
-    // Environment setup & latest features
-    "lib": ["ESNext"],
-    "target": "ESNext",
-    "module": "Preserve",
-    "moduleDetection": "force",
-    "jsx": "react-jsx",
-    "allowJs": true,
-
-    // Bundler mode
-    "moduleResolution": "bundler",
-    "allowImportingTsExtensions": true,
-    "verbatimModuleSyntax": true,
-    "noEmit": true,
-
-    // Best practices
-    "strict": true,
-    "skipLibCheck": true,
-    "noFallthroughCasesInSwitch": true,
-    "noUncheckedIndexedAccess": true,
-    "noImplicitOverride": true,
-
-    // Some stricter flags (disabled by default)
-    "noUnusedLocals": false,
-    "noUnusedParameters": false,
-    "noPropertyAccessFromIndexSignature": false
-  }
-}