payid 0.2.8 → 0.3.0

package/dist/decision-proof/generate.d.ts

@@ -0,0 +1,13 @@
+import type { DecisionProof } from "./types";
+import { ethers } from "ethers";
+export declare function generateDecisionProof(params: {
+    payId: string;
+    owner: string;
+    decision: "ALLOW" | "REJECT";
+    context: any;
+    ruleConfig: any;
+    signer: ethers.Signer;
+    chainId: number;
+    verifyingContract: string;
+    ttlSeconds?: number;
+}): Promise<DecisionProof>;

package/dist/decision-proof/generate.js

@@ -0,0 +1,20 @@
+import { randomBytes } from "crypto";
+import { hashContext, hashRuleSet } from "./hash";
+import { signDecision } from "./sign";
+export async function generateDecisionProof(params) {
+    const issuedAt = Math.floor(Date.now() / 1000);
+    const expiresAt = issuedAt + (params.ttlSeconds ?? 60);
+    const payload = {
+        version: "payid.decision.v1",
+        payId: params.payId,
+        owner: params.owner,
+        decision: params.decision === "ALLOW" ? 1 : 0,
+        contextHash: hashContext(params.context),
+        ruleSetHash: hashRuleSet(params.ruleConfig),
+        issuedAt,
+        expiresAt,
+        nonce: `0x${randomBytes(32).toString("hex")}`
+    };
+    const signature = await signDecision(params.signer, params.chainId, params.verifyingContract, payload);
+    return { payload, signature };
+}

package/dist/decision-proof/hash.d.ts

@@ -0,0 +1,2 @@
+export declare function hashContext(context: any): string;
+export declare function hashRuleSet(ruleConfig: any): string;

package/dist/decision-proof/hash.js

@@ -0,0 +1,21 @@
+import { keccak256 } from "ethers";
+/**
+ * NOTE:
+ * Untuk v1, JSON stringify yang sudah distabilkan
+ * (keys sorted). WAJIB untuk golden tests.
+ */
+function stableStringify(obj) {
+    if (Array.isArray(obj)) {
+        return `[${obj.map(stableStringify).join(",")}]`;
+    }
+    if (obj && typeof obj === "object") {
+        return `{${Object.keys(obj).sort().map(k => `"${k}":${stableStringify(obj[k])}`).join(",")}}`;
+    }
+    return JSON.stringify(obj);
+}
+export function hashContext(context) {
+    return keccak256(Buffer.from(stableStringify(context)));
+}
+export function hashRuleSet(ruleConfig) {
+    return keccak256(Buffer.from(stableStringify(ruleConfig)));
+}

package/dist/decision-proof/sign.d.ts

@@ -0,0 +1,3 @@
+import { ethers } from "ethers";
+import type { DecisionPayload } from "./types";
+export declare function signDecision(signer: ethers.Signer, chainId: number, verifyingContract: string, payload: DecisionPayload): Promise<string>;

package/dist/decision-proof/sign.js

@@ -0,0 +1,28 @@
+export async function signDecision(signer, chainId, verifyingContract, payload) {
+    const domain = {
+        name: "PAY.ID Decision",
+        version: "1",
+        chainId,
+        verifyingContract
+    };
+    const types = {
+        Decision: [
+            { name: "version", type: "string" },
+            { name: "payId", type: "string" },
+            { name: "owner", type: "address" },
+            { name: "decision", type: "uint8" },
+            { name: "contextHash", type: "bytes32" },
+            { name: "ruleSetHash", type: "bytes32" },
+            { name: "issuedAt", type: "uint64" },
+            { name: "expiresAt", type: "uint64" },
+            { name: "nonce", type: "bytes32" }
+        ]
+    };
+    if (typeof signer.signTypedData === "function") {
+        return await signer.signTypedData(domain, types, payload);
+    }
+    if (typeof signer._signTypedData === "function") {
+        return await signer._signTypedData(domain, types, payload);
+    }
+    throw new Error("Signer does not support EIP-712 signing (signTypedData)");
+}

package/dist/decision-proof/types.d.ts

@@ -0,0 +1,16 @@
+export type DecisionValue = 0 | 1;
+export interface DecisionPayload {
+    version: "payid.decision.v1";
+    payId: string;
+    owner: string;
+    decision: DecisionValue;
+    contextHash: string;
+    ruleSetHash: string;
+    issuedAt: number;
+    expiresAt: number;
+    nonce: string;
+}
+export interface DecisionProof {
+    payload: DecisionPayload;
+    signature: string;
+}

package/dist/decision-proof/types.js

@@ -0,0 +1 @@
+export {};

package/dist/erc4337/build.d.ts

@@ -0,0 +1,2 @@
+import type { DecisionProof } from "../decision-proof/types";
+export declare function buildPayCallData(contractAddress: string, proof: DecisionProof): string;

package/dist/erc4337/build.js

@@ -0,0 +1,10 @@
+import { ethers } from "ethers";
+export function buildPayCallData(contractAddress, proof) {
+    const iface = new ethers.Interface([
+        "function pay(bytes payload, bytes signature)"
+    ]);
+    return iface.encodeFunctionData("pay", [
+        ethers.toUtf8Bytes(JSON.stringify(proof.payload)),
+        proof.signature
+    ]);
+}

package/dist/erc4337/types.d.ts

@@ -0,0 +1,13 @@
+export interface UserOperation {
+    sender: string;
+    nonce: string;
+    initCode: string;
+    callData: string;
+    callGasLimit: string;
+    verificationGasLimit: string;
+    preVerificationGas: string;
+    maxFeePerGas: string;
+    maxPriorityFeePerGas: string;
+    paymasterAndData: string;
+    signature: string;
+}

package/dist/erc4337/types.js

@@ -0,0 +1 @@
+export {};

package/dist/erc4337/userop.d.ts

@@ -0,0 +1,15 @@
+import type { UserOperation } from "./types";
+export declare function buildUserOperation(params: {
+    sender: string;
+    callData: string;
+    nonce: string;
+    gas: {
+        callGasLimit: string;
+        verificationGasLimit: string;
+        preVerificationGas: string;
+        maxFeePerGas: string;
+        maxPriorityFeePerGas: string;
+    };
+    initCode?: string;
+    paymasterAndData?: string;
+}): UserOperation;

package/dist/erc4337/userop.js

@@ -0,0 +1,15 @@
+export function buildUserOperation(params) {
+    return {
+        sender: params.sender,
+        nonce: params.nonce,
+        initCode: params.initCode ?? "0x",
+        callData: params.callData,
+        callGasLimit: params.gas.callGasLimit,
+        verificationGasLimit: params.gas.verificationGasLimit,
+        preVerificationGas: params.gas.preVerificationGas,
+        maxFeePerGas: params.gas.maxFeePerGas,
+        maxPriorityFeePerGas: params.gas.maxPriorityFeePerGas,
+        paymasterAndData: params.paymasterAndData ?? "0x",
+        signature: "0x" // signed later by smart account
+    };
+}

package/dist/evaluate.d.ts

@@ -0,0 +1,4 @@
+import type { RuleContext, RuleResult, RuleConfig } from "payid-types";
+export declare function evaluate(wasmBinary: Buffer, context: RuleContext, ruleConfig: RuleConfig, options?: {
+    trustedIssuers?: Set<string>;
+}): Promise<RuleResult>;

package/dist/evaluate.js

@@ -0,0 +1,46 @@
+import { executeRule } from "payid-rule-engine";
+import { normalizeContext } from "./normalize";
+import { preprocessContextV2 } from "payid-rule-engine";
+export async function evaluate(wasmBinary, context, ruleConfig, options) {
+    // ---- basic validation (v1 behavior) ----
+    if (!context || typeof context !== "object") {
+        throw new Error("evaluate(): context is required");
+    }
+    if (!context.tx) {
+        throw new Error("evaluate(): context.tx is required");
+    }
+    if (!ruleConfig || typeof ruleConfig !== "object") {
+        throw new Error("evaluate(): ruleConfig is required");
+    }
+    let result;
+    try {
+        // ---- NEW: preprocess v2 context if enabled ----
+        const preparedContext = options?.trustedIssuers
+            ? preprocessContextV2(context, ruleConfig, options.trustedIssuers)
+            : context;
+        // ---- existing normalization ----
+        const normalized = normalizeContext(preparedContext);
+        // ---- execute WASM rule engine ----
+        result = await executeRule(wasmBinary, normalized, ruleConfig);
+    }
+    catch (err) {
+        return {
+            decision: "REJECT",
+            code: "CONTEXT_OR_ENGINE_ERROR",
+            reason: err?.message ?? "rule evaluation failed"
+        };
+    }
+    // ---- output validation ----
+    if (result.decision !== "ALLOW" && result.decision !== "REJECT") {
+        return {
+            decision: "REJECT",
+            code: "INVALID_ENGINE_OUTPUT",
+            reason: "invalid decision value"
+        };
+    }
+    return {
+        decision: result.decision,
+        code: result.code || "UNKNOWN",
+        reason: result.reason
+    };
+}

package/dist/index.d.ts

@@ -0,0 +1 @@
+export { PayID } from "./payid";

package/dist/index.js

@@ -0,0 +1 @@
+export { PayID } from "./payid";

package/dist/normalize.d.ts

@@ -0,0 +1,2 @@
+import type { RuleContext } from "payid-types";
+export declare function normalizeContext(ctx: RuleContext): RuleContext;

package/dist/normalize.js

@@ -0,0 +1,11 @@
+export function normalizeContext(ctx) {
+    return {
+        ...ctx,
+        tx: {
+            ...ctx.tx,
+            sender: ctx.tx.sender?.toLowerCase(),
+            receiver: ctx.tx.receiver?.toLowerCase(),
+            asset: ctx.tx.asset.toUpperCase()
+        }
+    };
+}

package/dist/payid.d.ts

@@ -0,0 +1,70 @@
+import type { RuleContext, RuleResult, RuleConfig } from "payid-types";
+import type { RuleSource } from "./resolver/types";
+import { ethers } from "ethers";
+import type { UserOperation } from "./erc4337/types";
+export declare class PayID {
+    private wasm;
+    constructor(wasmPath: string);
+    evaluate(context: RuleContext, ruleConfig: RuleConfig): Promise<RuleResult>;
+    evaluateAndProve(params: {
+        context: RuleContext;
+        ruleConfig: RuleConfig;
+        payId: string;
+        owner: string;
+        signer: ethers.Signer;
+        chainId: number;
+        verifyingContract: string;
+        ttlSeconds?: number;
+    }): Promise<{
+        result: RuleResult;
+        proof: import("./decision-proof/types").DecisionProof;
+    }>;
+    evaluateWithRuleSource(context: RuleContext, ruleSource: RuleSource): Promise<RuleResult>;
+    evaluateAndProveFromSource(params: {
+        context: RuleContext;
+        ruleSource: RuleSource;
+        payId: string;
+        owner: string;
+        signer: ethers.Signer;
+        chainId: number;
+        verifyingContract: string;
+        ttlSeconds?: number;
+    }): Promise<{
+        result: RuleResult;
+        proof: import("./decision-proof/types").DecisionProof;
+    } | {
+        result: {
+            decision: string;
+            code: string;
+            reason: any;
+        };
+        proof: null;
+    }>;
+    evaluateProveAndBuildUserOp(params: {
+        context: RuleContext;
+        ruleSource: {
+            uri: string;
+            hash?: string;
+        };
+        payId: string;
+        owner: string;
+        signer: ethers.Signer;
+        smartAccount: string;
+        targetContract: string;
+        nonce: string;
+        gas: {
+            callGasLimit: string;
+            verificationGasLimit: string;
+            preVerificationGas: string;
+            maxFeePerGas: string;
+            maxPriorityFeePerGas: string;
+        };
+        paymasterAndData?: string;
+        chainId: number;
+        verifyingContract: string;
+    }): Promise<{
+        result: RuleResult;
+        userOp: UserOperation | null;
+        proof: any;
+    }>;
+}

package/dist/payid.js

@@ -0,0 +1,93 @@
+import { evaluate as evaluatePolicy } from "./evaluate";
+import { generateDecisionProof } from "./decision-proof/generate";
+import { resolveRule } from "./resolver/resolver";
+import * as fs from "fs";
+import { buildPayCallData } from "./erc4337/build";
+import { buildUserOperation } from "./erc4337/userop";
+export class PayID {
+    constructor(wasmPath) {
+        this.wasm = fs.readFileSync(wasmPath);
+    }
+    async evaluate(context, ruleConfig) {
+        return evaluatePolicy(this.wasm, context, ruleConfig);
+    }
+    async evaluateAndProve(params) {
+        const result = await this.evaluate(params.context, params.ruleConfig);
+        const proof = await generateDecisionProof({
+            payId: params.payId,
+            owner: params.owner,
+            decision: result.decision,
+            context: params.context,
+            ruleConfig: params.ruleConfig,
+            signer: params.signer,
+            chainId: params.chainId,
+            verifyingContract: params.verifyingContract,
+            ttlSeconds: params.ttlSeconds
+        });
+        return { result, proof };
+    }
+    async evaluateWithRuleSource(context, ruleSource) {
+        try {
+            const { config } = await resolveRule(ruleSource);
+            return await this.evaluate(context, config);
+        }
+        catch (err) {
+            return {
+                decision: "REJECT",
+                code: "RULE_RESOLVE_ERROR",
+                reason: err?.message ?? "failed to resolve rule"
+            };
+        }
+    }
+    async evaluateAndProveFromSource(params) {
+        try {
+            const { config } = await resolveRule(params.ruleSource);
+            const result = await this.evaluate(params.context, config);
+            const proof = await generateDecisionProof({
+                payId: params.payId,
+                owner: params.owner,
+                decision: result.decision,
+                context: params.context,
+                ruleConfig: config,
+                signer: params.signer,
+                chainId: params.chainId,
+                verifyingContract: params.verifyingContract,
+                ttlSeconds: params.ttlSeconds
+            });
+            return { result, proof };
+        }
+        catch (err) {
+            return {
+                result: {
+                    decision: "REJECT",
+                    code: "RULE_RESOLVE_ERROR",
+                    reason: err?.message ?? "rule resolve failed"
+                },
+                proof: null
+            };
+        }
+    }
+    async evaluateProveAndBuildUserOp(params) {
+        const { result, proof } = await this.evaluateAndProveFromSource({
+            context: params.context,
+            ruleSource: params.ruleSource,
+            payId: params.payId,
+            owner: params.owner,
+            signer: params.signer,
+            chainId: params.chainId,
+            verifyingContract: params.verifyingContract
+        });
+        if (result.decision !== "ALLOW" || !proof) {
+            return { result: result, userOp: null, proof };
+        }
+        const callData = buildPayCallData(params.targetContract, proof);
+        const userOp = buildUserOperation({
+            sender: params.smartAccount,
+            nonce: params.nonce,
+            callData,
+            gas: params.gas,
+            paymasterAndData: params.paymasterAndData
+        });
+        return { result, userOp, proof };
+    }
+}

package/dist/resolver/http.d.ts

@@ -0,0 +1 @@
+export declare function resolveHttpRule(uri: string, expectedHash?: string): Promise<any>;

package/dist/resolver/http.js

@@ -0,0 +1,10 @@
+import { verifyHash } from "./utils";
+export async function resolveHttpRule(uri, expectedHash) {
+    const res = await fetch(uri);
+    if (!res.ok) {
+        throw new Error(`HTTP_RULE_FETCH_FAILED: ${res.status}`);
+    }
+    const text = await res.text();
+    verifyHash(text, expectedHash);
+    return JSON.parse(text);
+}

package/dist/resolver/ipfs.d.ts

@@ -0,0 +1 @@
+export declare function resolveIpfsRule(uri: string, expectedHash?: string, gateway?: string): Promise<any>;

package/dist/resolver/ipfs.js

@@ -0,0 +1,13 @@
+import { verifyHash } from "./utils";
+const DEFAULT_GATEWAY = "https://ipfs.io/ipfs/";
+export async function resolveIpfsRule(uri, expectedHash, gateway = DEFAULT_GATEWAY) {
+    const cid = uri.replace("ipfs://", "");
+    const url = `${gateway}${cid}`;
+    const res = await fetch(url);
+    if (!res.ok) {
+        throw new Error(`IPFS_RULE_FETCH_FAILED: ${res.status}`);
+    }
+    const text = await res.text();
+    verifyHash(text, expectedHash);
+    return JSON.parse(text);
+}

package/dist/resolver/resolver.d.ts

@@ -0,0 +1,2 @@
+import type { RuleSource, ResolvedRule } from "./types";
+export declare function resolveRule(source: RuleSource): Promise<ResolvedRule>;

package/dist/resolver/resolver.js

@@ -0,0 +1,19 @@
+import { resolveHttpRule } from "./http";
+import { resolveIpfsRule } from "./ipfs";
+export async function resolveRule(source) {
+    const { uri, hash } = source;
+    let config;
+    if (uri.startsWith("ipfs://")) {
+        config = await resolveIpfsRule(uri, hash);
+    }
+    else if (uri.startsWith("http://") || uri.startsWith("https://")) {
+        config = await resolveHttpRule(uri, hash);
+    }
+    else {
+        throw new Error("UNSUPPORTED_RULE_URI");
+    }
+    return {
+        config,
+        source
+    };
+}

package/dist/resolver/types.d.ts

@@ -0,0 +1,8 @@
+export interface RuleSource {
+    uri: string;
+    hash?: string;
+}
+export interface ResolvedRule {
+    config: any;
+    source: RuleSource;
+}

package/dist/resolver/types.js

@@ -0,0 +1 @@
+export {};

package/dist/resolver/utils.d.ts

@@ -0,0 +1 @@
+export declare function verifyHash(content: string, expectedHash?: string): void;

package/dist/resolver/utils.js

@@ -0,0 +1,9 @@
+import { keccak256 } from "ethers";
+export function verifyHash(content, expectedHash) {
+    if (!expectedHash)
+        return;
+    const actual = keccak256(Buffer.from(content));
+    if (actual !== expectedHash) {
+        throw new Error("RULE_HASH_MISMATCH");
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "payid",
-  "version": "0.2.8",
+  "version": "0.3.0",
   "private": false,
   "type": "module",
   "main": "./dist/index.js",
@@ -10,6 +10,9 @@
     "payid-rule-engine": "^0.1.1",
     "payid-types": "^0.1.1"
   },
+  "files": [
+    "dist"
+  ],
   "scripts": {
     "build:js": "bun build src/index.ts --outdir dist --target node",
     "build:build": "tsc -p tsconfig.build.json",