payid 0.3.6 → 0.3.7

package/dist/{chunk-XWOB3JVE.js → chunk-2PDWRUBU.js}

@@ -8,7 +8,7 @@ import {
   evaluate,
   generateDecisionProof,
   resolveRule
-} from "./chunk-4MPVXPLM.js";
+} from "./chunk-AXFEJV2K.js";
 import {
   __export
 } from "./chunk-R5U7XKVJ.js";
@@ -29,15 +29,26 @@ var PayIDClient = class {
     this.wasm = wasm;
     this.debugTrace = debugTrace;
   }
+  /**
+   * Pure rule evaluation — client-safe, no signing, no server
+   */
+  async evaluate(context, rule) {
+    const config = isRuleSource(rule) ? (await resolveRule(rule)).config : rule;
+    return evaluate(this.wasm, context, config, { debug: this.debugTrace });
+  }
+  /**
+   * Evaluate + generate EIP-712 Decision Proof.
+   * Payer sign sendiri menggunakan wallet mereka — tidak butuh server.
+   */
   async evaluateAndProve(params) {
     const authorityConfig = isRuleSource(params.authorityRule) ? (await resolveRule(params.authorityRule)).config : params.authorityRule;
     const evalConfig = params.evaluationRule ?? (params.sessionPolicy ? combineRules(
-      params.authorityRule,
+      authorityConfig,
       decodeSessionPolicy(
         params.sessionPolicy,
         Math.floor(Date.now() / 1e3)
       ).rules
-    ) : params.authorityRule);
+    ) : authorityConfig);
     const result = await evaluate(
       this.wasm,
       params.context,
@@ -57,7 +68,7 @@ var PayIDClient = class {
       ruleConfig: authorityConfig,
       signer: params.signer,
       verifyingContract: params.verifyingContract,
-      ruleRegistryContract: params.ruleRegistryContract,
+      ruleAuthority: params.ruleAuthority,
       ttlSeconds: params.ttlSeconds
     });
     return { result, proof };

package/dist/{chunk-4MPVXPLM.js → chunk-AXFEJV2K.js}

@@ -219,7 +219,7 @@ async function generateDecisionProof(params) {
     amount: params.amount,
     contextHash: hashContext(params.context),
     ruleSetHash: hashRuleSet(params.ruleConfig),
-    ruleAuthority: params.ruleRegistryContract ?? ZeroAddress,
+    ruleAuthority: params.ruleAuthority ?? ZeroAddress,
     issuedAt: BigInt(now),
     expiresAt: BigInt(expiresAt),
     nonce: randomHex(32),
@@ -248,17 +248,8 @@ async function generateDecisionProof(params) {
       { name: "requiresAttestation", type: "bool" }
     ]
   };
-  const signature = await params.signer.signTypedData(
-    domain,
-    types,
-    payload
-  );
-  const recovered = ethers.verifyTypedData(
-    domain,
-    types,
-    payload,
-    signature
-  );
+  const signature = await params.signer.signTypedData(domain, types, payload);
+  const recovered = ethers.verifyTypedData(domain, types, payload, signature);
   if (recovered.toLowerCase() !== params.payer.toLowerCase()) {
     throw new Error("SIGNATURE_MISMATCH");
   }

package/dist/chunk-VJDL2PUS.js

@@ -0,0 +1,138 @@
+import {
+  evaluate,
+  generateDecisionProof,
+  resolveRule
+} from "./chunk-AXFEJV2K.js";
+import {
+  __export
+} from "./chunk-R5U7XKVJ.js";
+
+// src/core/server/index.ts
+var server_exports = {};
+__export(server_exports, {
+  createPayID: () => createPayID
+});
+
+// src/erc4337/build.ts
+import { ethers } from "ethers";
+var PAY_WITH_PAYID_ABI = [
+  // ETH payment — attestationUIDs adalah EAS UIDs, pass [] jika tidak perlu
+  "function payETH((bytes32 version, bytes32 payId, address payer, address receiver, address asset, uint256 amount, bytes32 contextHash, bytes32 ruleSetHash, address ruleAuthority, uint64 issuedAt, uint64 expiresAt, bytes32 nonce, bool requiresAttestation) d, bytes sig, bytes32[] attestationUIDs) payable",
+  // ERC20 payment
+  "function payERC20((bytes32 version, bytes32 payId, address payer, address receiver, address asset, uint256 amount, bytes32 contextHash, bytes32 ruleSetHash, address ruleAuthority, uint64 issuedAt, uint64 expiresAt, bytes32 nonce, bool requiresAttestation) d, bytes sig, bytes32[] attestationUIDs)"
+];
+function buildPayETHCallData(contractAddress, proof, attestationUIDs = []) {
+  const iface = new ethers.Interface(PAY_WITH_PAYID_ABI);
+  return iface.encodeFunctionData("payETH", [
+    proof.payload,
+    proof.signature,
+    attestationUIDs
+  ]);
+}
+function buildPayERC20CallData(contractAddress, proof, attestationUIDs = []) {
+  const iface = new ethers.Interface(PAY_WITH_PAYID_ABI);
+  return iface.encodeFunctionData("payERC20", [
+    proof.payload,
+    proof.signature,
+    attestationUIDs
+  ]);
+}
+function buildPayCallData(contractAddress, proof, attestationUIDs = []) {
+  return buildPayERC20CallData(contractAddress, proof, attestationUIDs);
+}
+
+// src/erc4337/userop.ts
+function buildUserOperation(params) {
+  return {
+    sender: params.sender,
+    nonce: params.nonce,
+    initCode: params.initCode ?? "0x",
+    callData: params.callData,
+    callGasLimit: params.gas.callGasLimit,
+    verificationGasLimit: params.gas.verificationGasLimit,
+    preVerificationGas: params.gas.preVerificationGas,
+    maxFeePerGas: params.gas.maxFeePerGas,
+    maxPriorityFeePerGas: params.gas.maxPriorityFeePerGas,
+    paymasterAndData: params.paymasterAndData ?? "0x",
+    signature: "0x"
+    // signed later by smart account
+  };
+}
+
+// src/core/server/server.ts
+function isRuleSource(rule) {
+  return typeof rule === "object" && rule !== null && "uri" in rule;
+}
+var PayIDServer = class {
+  constructor(wasm, signer, trustedIssuers, debugTrace) {
+    this.wasm = wasm;
+    this.signer = signer;
+    this.trustedIssuers = trustedIssuers;
+    this.debugTrace = debugTrace;
+  }
+  /**
+   * Evaluate + generate proof dengan signer dari constructor
+   */
+  async evaluateAndProve(params) {
+    const authorityConfig = isRuleSource(params.authorityRule) ? (await resolveRule(params.authorityRule)).config : params.authorityRule;
+    const evalConfig = params.evaluationRule ?? authorityConfig;
+    const result = await evaluate(
+      this.wasm,
+      params.context,
+      evalConfig,
+      {
+        debug: this.debugTrace,
+        trustedIssuers: this.trustedIssuers
+      }
+    );
+    if (result.decision !== "ALLOW") {
+      return { result, proof: null };
+    }
+    const proof = await generateDecisionProof({
+      payId: params.payId,
+      payer: params.payer,
+      receiver: params.receiver,
+      asset: params.asset,
+      amount: params.amount,
+      context: params.context,
+      ruleConfig: authorityConfig,
+      signer: this.signer,
+      verifyingContract: params.verifyingContract,
+      ruleAuthority: params.ruleAuthority,
+      ttlSeconds: params.ttlSeconds
+    });
+    return { result, proof };
+  }
+  /**
+   * Build ERC-4337 UserOperation dari Decision Proof
+   * Untuk bundler/relayer — server only
+   */
+  buildUserOperation(params) {
+    const callData = buildPayCallData(params.targetContract, params.proof);
+    return buildUserOperation({
+      sender: params.smartAccount,
+      nonce: params.nonce,
+      callData,
+      gas: params.gas,
+      paymasterAndData: params.paymasterAndData
+    });
+  }
+};
+
+// src/core/server/index.ts
+function createPayID(params) {
+  return new PayIDServer(
+    params.wasm,
+    params.signer,
+    params.trustedIssuers,
+    params.debugTrace ?? false
+  );
+}
+
+export {
+  buildPayETHCallData,
+  buildPayERC20CallData,
+  buildUserOperation,
+  createPayID,
+  server_exports
+};

package/dist/core/client/index.d.ts

@@ -1,5 +1,5 @@
-export { c as createPayID } from '../../index-BrD4MTYK.js';
+export { c as createPayID } from '../../index-on2SYkvq.js';
 import 'payid-types';
 import 'ethers';
-import '../../types-B5dv7L-8.js';
+import '../../types-B8pJQdMQ.js';
 import '../../types-DKt-zH0P.js';

package/dist/core/client/index.js

@@ -1,10 +1,10 @@
 import {
   createPayID
-} from "../../chunk-XWOB3JVE.js";
+} from "../../chunk-2PDWRUBU.js";
 import "../../chunk-QYH3FNQ4.js";
 import "../../chunk-MXKZJKXE.js";
 import "../../chunk-JJEWYFOV.js";
-import "../../chunk-4MPVXPLM.js";
+import "../../chunk-AXFEJV2K.js";
 import "../../chunk-5ZEKI5Y2.js";
 import "../../chunk-R5U7XKVJ.js";
 export {

package/dist/core/server/index.d.ts

@@ -1,4 +1,4 @@
-export { c as createPayID } from '../../index-DY-T49uU.js';
+export { c as createPayID } from '../../index-CiTDNVSZ.js';
 import 'ethers';
 import 'payid-types';
-import '../../types-B5dv7L-8.js';
+import '../../types-B8pJQdMQ.js';

package/dist/core/server/index.js

@@ -1,7 +1,7 @@
 import {
   createPayID
-} from "../../chunk-FIMJNWJ3.js";
-import "../../chunk-4MPVXPLM.js";
+} from "../../chunk-VJDL2PUS.js";
+import "../../chunk-AXFEJV2K.js";
 import "../../chunk-5ZEKI5Y2.js";
 import "../../chunk-R5U7XKVJ.js";
 export {

package/dist/{index-DY-T49uU.d.ts → index-CiTDNVSZ.d.ts}

@@ -1,29 +1,86 @@
 import { ethers } from 'ethers';
 import { RuleContext, RuleConfig, RuleResult } from 'payid-types';
-import { D as DecisionProof } from './types-B5dv7L-8.js';
+import { R as RuleSource, D as DecisionProof } from './types-B8pJQdMQ.js';
 
+interface UserOperation {
+    sender: string;
+    nonce: string;
+    initCode: string;
+    callData: string;
+    callGasLimit: string;
+    verificationGasLimit: string;
+    preVerificationGas: string;
+    maxFeePerGas: string;
+    maxPriorityFeePerGas: string;
+    paymasterAndData: string;
+    signature: string;
+}
+
+/**
+ * @class PayIDServer
+ * @description Server-side PayID engine.
+ *
+ * Digunakan ketika butuh:
+ * - Context V2 (env, state, oracle, risk) dengan trusted issuers
+ * - Build ERC-4337 UserOperation untuk bundler
+ *
+ * Signer di-inject saat construct — jangan pakai ini di browser.
+ *
+ * @example
+ * ```ts
+ * // Server/bundler side
+ * const server = new PayIDServer(wasmBinary, serverSigner, trustedIssuers)
+ *
+ * const { result, proof } = await server.evaluateAndProve({
+ *   context: contextV2,    // ← Context V2 dengan attestations
+ *   authorityRule,
+ *   payId: "pay.id/merchant",
+ *   payer: "0xPAYER",
+ *   receiver: "0xRECEIVER",
+ *   asset: USDT_ADDRESS,
+ *   amount: parseUnits("100", 6),
+ *   verifyingContract: PAYID_VERIFIER_ADDRESS,
+ *   ruleAuthority: RULE_AUTHORITY_ADDRESS,
+ * })
+ * ```
+ */
 declare class PayIDServer {
     private readonly wasm;
     private readonly signer;
     private readonly trustedIssuers?;
     private readonly debugTrace?;
     constructor(wasm: Uint8Array, signer: ethers.Signer, trustedIssuers?: Set<string> | undefined, debugTrace?: boolean | undefined);
+    /**
+     * Evaluate + generate proof dengan signer dari constructor
+     */
     evaluateAndProve(params: {
         context: RuleContext;
-        authorityRule: RuleConfig;
+        authorityRule: RuleConfig | RuleSource;
         evaluationRule?: RuleConfig;
         payId: string;
         payer: string;
         receiver: string;
         asset: string;
         amount: bigint;
-        ruleRegistryContract: string;
         verifyingContract: string;
+        ruleAuthority: string;
         ttlSeconds?: number;
     }): Promise<{
         result: RuleResult;
         proof: DecisionProof | null;
     }>;
+    /**
+     * Build ERC-4337 UserOperation dari Decision Proof
+     * Untuk bundler/relayer — server only
+     */
+    buildUserOperation(params: {
+        proof: DecisionProof;
+        smartAccount: string;
+        nonce: string;
+        gas: any;
+        targetContract: string;
+        paymasterAndData?: string;
+    }): UserOperation;
 }
 
 /**
@@ -98,4 +155,4 @@ declare namespace index {
   export { index_createPayID as createPayID };
 }
 
-export { createPayID as c, index as i };
+export { type UserOperation as U, createPayID as c, index as i };

package/dist/{index-BrD4MTYK.d.ts → index-on2SYkvq.d.ts}

@@ -1,15 +1,54 @@
 import { RuleContext, RuleConfig, RuleResult } from 'payid-types';
 import { ethers } from 'ethers';
-import { D as DecisionProof } from './types-B5dv7L-8.js';
+import { R as RuleSource, D as DecisionProof } from './types-B8pJQdMQ.js';
 import { P as PayIDSessionPolicyPayloadV1 } from './types-DKt-zH0P.js';
 
+/**
+ * @class PayIDClient
+ * @description Client-side PayID engine.
+ *
+ * Fully serverless — aman dipakai di browser, mobile, edge.
+ * Tidak butuh issuer wallet, tidak butuh server.
+ *
+ * Untuk attestation, gunakan EAS UIDs yang di-fetch via `eas.EASClient`.
+ *
+ * @example
+ * ```ts
+ * const client = new PayIDClient(wasmBinary)
+ *
+ * // 1. Evaluate rule
+ * const result = await client.evaluate(context, ruleConfig)
+ *
+ * // 2. Evaluate + generate proof (payer sign sendiri)
+ * const { result, proof } = await client.evaluateAndProve({
+ *   context,
+ *   authorityRule: ruleConfig,
+ *   payId: "pay.id/merchant",
+ *   payer: await signer.getAddress(),
+ *   receiver: "0xRECEIVER",
+ *   asset: USDT_ADDRESS,
+ *   amount: parseUnits("100", 6),
+ *   signer,
+ *   verifyingContract: PAYID_VERIFIER_ADDRESS,
+ *   ruleAuthority: RULE_AUTHORITY_ADDRESS,
+ * })
+ * ```
+ */
 declare class PayIDClient {
     private readonly wasm;
     private readonly debugTrace?;
     constructor(wasm: Uint8Array, debugTrace?: boolean | undefined);
+    /**
+     * Pure rule evaluation — client-safe, no signing, no server
+     */
+    evaluate(context: RuleContext, rule: RuleConfig | RuleSource): Promise<RuleResult>;
+    /**
+     * Evaluate + generate EIP-712 Decision Proof.
+     * Payer sign sendiri menggunakan wallet mereka — tidak butuh server.
+     */
     evaluateAndProve(params: {
         context: RuleContext;
-        authorityRule: RuleConfig;
+        authorityRule: RuleConfig | RuleSource;
         evaluationRule?: RuleConfig;
         sessionPolicy?: PayIDSessionPolicyPayloadV1;
         payId: string;
@@ -18,8 +57,8 @@ declare class PayIDClient {
         asset: string;
         amount: bigint;
         signer: ethers.Signer;
-        ruleRegistryContract: string;
         verifyingContract: string;
+        ruleAuthority: string;
         ttlSeconds?: number;
     }): Promise<{
         result: RuleResult;

package/dist/index.d.ts

@@ -1,54 +1,67 @@
 import { RuleContext, RuleConfig, RuleResult } from 'payid-types';
+import { R as RuleSource } from './types-B8pJQdMQ.js';
+import { U as UserOperation } from './index-CiTDNVSZ.js';
+export { i as server } from './index-CiTDNVSZ.js';
 import { ethers } from 'ethers';
 export { i as sessionPolicy } from './index-DuOeYzN2.js';
 export { i as rule } from './index-C7vziL_Z.js';
 export { i as issuer } from './index-2JCvey4-.js';
 export { i as context } from './index-BEvnPzzt.js';
-export { i as server } from './index-BrD4MTYK.js';
-export { i as client } from './index-DY-T49uU.js';
+export { i as client } from './index-on2SYkvq.js';
 import './types-DKt-zH0P.js';
-import './types-B5dv7L-8.js';
-
-interface RuleSource {
-    uri: string;
-    hash?: string;
-}
-
-interface UserOperation {
-    sender: string;
-    nonce: string;
-    initCode: string;
-    callData: string;
-    callGasLimit: string;
-    verificationGasLimit: string;
-    preVerificationGas: string;
-    maxFeePerGas: string;
-    maxPriorityFeePerGas: string;
-    paymasterAndData: string;
-    signature: string;
-}
 
 interface PayIDClient {
+    /**
+     * Pure rule evaluation — client-safe, no signing
+     */
     evaluate(context: RuleContext, rule: RuleConfig | RuleSource): Promise<RuleResult>;
+    /**
+     * Evaluate + generate EIP-712 Decision Proof
+     * Client sign sendiri pakai wallet mereka
+     */
+    evaluateAndProve(params: {
+        context: RuleContext;
+        authorityRule: RuleConfig | RuleSource;
+        evaluationRule?: RuleConfig;
+        payId: string;
+        payer: string;
+        receiver: string;
+        asset: string;
+        amount: bigint;
+        signer: ethers.Signer;
+        verifyingContract: string;
+        ruleAuthority: string;
+        ttlSeconds?: number;
+    }): Promise<{
+        result: RuleResult;
+        proof: any | null;
+    }>;
 }
 interface PayIDServer {
+    /**
+     * Evaluate + generate proof dengan trusted issuers
+     * Signer sudah di-inject saat construct PayIDServer
+     */
     evaluateAndProve(params: {
         context: RuleContext;
-        authorityRule: RuleConfig;
+        authorityRule: RuleConfig | RuleSource;
         evaluationRule?: RuleConfig;
         payId: string;
         payer: string;
         receiver: string;
         asset: string;
         amount: bigint;
-        signer: ethers.Signer;
         verifyingContract: string;
-        ruleRegistryContract: string;
+        ruleAuthority: string;
         ttlSeconds?: number;
     }): Promise<{
         result: RuleResult;
         proof: any | null;
     }>;
+    /**
+     * Build ERC-4337 UserOperation dari Decision Proof
+     * Server/bundler only
+     */
     buildUserOperation(params: {
         proof: any;
         smartAccount: string;
@@ -122,4 +135,69 @@ declare function createPayID(params: {
     trustedIssuers?: Set<string>;
 }): PayIDClient & PayIDServer;
 
-export { type PayIDClient, type PayIDServer, createPayID };
+/**
+ * @module eas
+ * @description EAS (Ethereum Attestation Service) helper untuk client-side.
+ * Fully serverless — fetch attestation UIDs langsung dari chain.
+ *
+ * EAS addresses:
+ *   Mainnet  : 0xA1207F3BBa224E2c9c3c6D5aF63D0eb1582Ce587
+ *   Base     : 0x4200000000000000000000000000000000000021
+ *   Optimism : 0x4200000000000000000000000000000000000020
+ *   Arbitrum : 0xbD75f629A22Dc1ceD33dDA0b68c546A1c035c458
+ *   Sepolia  : 0xC2679fBD37d54388Ce493F1DB75320D236e1815e
+ */
+
+interface EASAttestation {
+    uid: string;
+    schema: string;
+    time: bigint;
+    expirationTime: bigint;
+    revocationTime: bigint;
+    attester: string;
+    recipient: string;
+    revocable: boolean;
+    data: string;
+}
+interface EASClientOptions {
+    easAddress: string;
+    provider: ethers.Provider;
+}
+declare class EASClient {
+    private readonly contract;
+    constructor(options: EASClientOptions);
+    getAttestation(uid: string): Promise<EASAttestation>;
+    isValid(uid: string): Promise<boolean>;
+    getAttestationUIDs(params: {
+        recipient: string;
+        schemaUID: string;
+        attester?: string;
+        fromBlock?: number;
+    }): Promise<string[]>;
+    /**
+     * One-liner: dapat valid UIDs siap di-pass ke payETH/payERC20
+     *
+     * @example
+     * const eas = new EASClient({ easAddress: EAS_ADDRESSES[11155111], provider })
+     * const uids = await eas.getValidUIDs({ recipient: payerAddress, schemaUID: KYC_SCHEMA_UID })
+     * await payWithPayID.payERC20(decision, sig, uids)
+     */
+    getValidUIDs(params: {
+        recipient: string;
+        schemaUID: string;
+        attester?: string;
+        fromBlock?: number;
+    }): Promise<string[]>;
+}
+declare const EAS_ADDRESSES: Record<number, string>;
+
+type eas_EASAttestation = EASAttestation;
+type eas_EASClient = EASClient;
+declare const eas_EASClient: typeof EASClient;
+type eas_EASClientOptions = EASClientOptions;
+declare const eas_EAS_ADDRESSES: typeof EAS_ADDRESSES;
+declare namespace eas {
+  export { type eas_EASAttestation as EASAttestation, eas_EASClient as EASClient, type eas_EASClientOptions as EASClientOptions, eas_EAS_ADDRESSES as EAS_ADDRESSES };
+}
+
+export { type PayIDClient, type PayIDServer, createPayID, eas };

package/dist/index.js

@@ -13,50 +13,25 @@ import {
 } from "./chunk-ATWJEWZH.js";
 import {
   client_exports
-} from "./chunk-XWOB3JVE.js";
+} from "./chunk-2PDWRUBU.js";
 import "./chunk-QYH3FNQ4.js";
 import "./chunk-MXKZJKXE.js";
 import "./chunk-JJEWYFOV.js";
 import {
+  buildPayERC20CallData,
+  buildPayETHCallData,
+  buildUserOperation,
   server_exports
-} from "./chunk-FIMJNWJ3.js";
+} from "./chunk-VJDL2PUS.js";
 import {
   evaluate,
   generateDecisionProof,
   resolveRule
-} from "./chunk-4MPVXPLM.js";
+} from "./chunk-AXFEJV2K.js";
 import "./chunk-5ZEKI5Y2.js";
-import "./chunk-R5U7XKVJ.js";
-
-// src/erc4337/build.ts
-import { ethers } from "ethers";
-function buildPayCallData(contractAddress, proof) {
-  const iface = new ethers.Interface([
-    "function pay(bytes payload, bytes signature)"
-  ]);
-  return iface.encodeFunctionData("pay", [
-    ethers.toUtf8Bytes(JSON.stringify(proof.payload)),
-    proof.signature
-  ]);
-}
-
-// src/erc4337/userop.ts
-function buildUserOperation(params) {
-  return {
-    sender: params.sender,
-    nonce: params.nonce,
-    initCode: params.initCode ?? "0x",
-    callData: params.callData,
-    callGasLimit: params.gas.callGasLimit,
-    verificationGasLimit: params.gas.verificationGasLimit,
-    preVerificationGas: params.gas.preVerificationGas,
-    maxFeePerGas: params.gas.maxFeePerGas,
-    maxPriorityFeePerGas: params.gas.maxPriorityFeePerGas,
-    paymasterAndData: params.paymasterAndData ?? "0x",
-    signature: "0x"
-    // signed later by smart account
-  };
-}
+import {
+  __export
+} from "./chunk-R5U7XKVJ.js";
 
 // src/core/payid.ts
 function isRuleSource(rule) {
@@ -69,118 +44,18 @@ var PayID = class {
     this.trustedIssuers = trustedIssuers;
   }
   /**
-   * Evaluate a rule set against a given context using the PayID WASM engine.
-   *
-   * ## Responsibility
-   *
-   * This method performs **pure rule evaluation only**:
-   * - Resolves the rule configuration (inline or via RuleSource)
-   * - Executes the rule engine
-   * - Returns an ALLOW / REJECT decision
-   *
-   * This method does NOT:
-   * - Generate decision proofs
-   * - Interact with on-chain rule registries
-   * - Enforce rule ownership or authority
-   * - Perform any signing
-   *
-   * ## Environment
-   *
-   * This method is **client-safe** and may be called from:
-   * - Browsers
-   * - Mobile apps
-   * - Edge runtimes
-   * - Backend services
-   *
-   * ## Rule source behavior
-   *
-   * - If `rule` is a `RuleConfig`, it is evaluated directly.
-   * - If `rule` is a `RuleSource`, it is resolved off-chain
-   *   before evaluation.
-   *
-   * @param context
-   *   Rule execution context (transaction data, payId, etc.).
-   *
-   * @param rule
-   *   Rule configuration to evaluate, either:
-   *   - An inline `RuleConfig`, or
-   *   - A `RuleSource` that resolves to a `RuleConfig`.
-   *
-   * @returns
-   *   A `RuleResult` indicating whether the rule allows or
-   *   rejects the given context.
-   *
-   * @throws
-   *   May throw if rule resolution or evaluation fails.
+   * Pure evaluation — client-safe
    */
   async evaluate(context, rule) {
     const config = isRuleSource(rule) ? (await resolveRule(rule)).config : rule;
-    return evaluate(this.wasm, context, config, { debug: this.debugTrace, trustedIssuers: this.trustedIssuers });
+    return evaluate(this.wasm, context, config, {
+      debug: this.debugTrace,
+      trustedIssuers: this.trustedIssuers
+    });
   }
   /**
-   * Evaluate a payment intent against PayID rules and (if allowed)
-   * generate an off-chain Decision Proof for on-chain verification.
-   *
-   * ## Conceptual model
-   *
-   * - `authorityRule` defines the **authoritative rule set**
-   *   registered on-chain (NFT / combined rule).
-   * - `evaluationRule` (optional) is an **off-chain override**
-   *   used only for evaluation (e.g. QR / session / intent rule).
-   * - On-chain verification ALWAYS references `authorityRule`.
-   *
-   * Invariant:
-   * - Evaluation may use `authorityRule ∧ evaluationRule`
-   * - Proof MUST reference `authorityRule` only
-   *
-   * @param params
-   * @param params.context
-   *   Normalized rule execution context (tx, payId, etc.)
-   *
-   * @param params.authorityRule
-   *   The authoritative rule set owned by the receiver and
-   *   registered in the on-chain rule registry.
-   *   This rule defines on-chain sovereignty.
-   *
-   * @param params.evaluationRule
-   *   Optional evaluation override applied off-chain only
-   *   (e.g. QR rule, ephemeral constraint).
-   *   If omitted, `authorityRule` is used for evaluation.
-   *
-   * @param params.payId
-   *   PayID identifier associated with the receiver.
-   *
-   * @param params.payer
-   *   Address initiating the payment and signing the decision proof.
-   *
-   * @param params.receiver
-   *   Address receiving the payment and owning the authoritative rule.
-   *
-   * @param params.asset
-   *   Asset address to be transferred (address(0) for native ETH).
-   *
-   * @param params.amount
-   *   Amount to be transferred (uint256 semantics).
-   *
-   * @param params.signer
-   *   Signer corresponding to `payer`, used to sign the EIP-712
-   *   decision proof payload.
-   *
-   * @param params.ruleRegistryContract
-   *   Address of the on-chain rule registry / storage contract
-   *   used by the verifier to resolve `ruleSetHash`.
-   *
-   * @param params.ttlSeconds
-   *   Optional proof validity duration (seconds).
-   *   Defaults to implementation-defined TTL.
-   *
-   * @returns
-   *   An object containing:
-   *   - `result`: rule evaluation result (ALLOW / REJECT)
-   *   - `proof`: signed decision proof if allowed, otherwise `null`
-   *
-   * @throws
-   *   May throw if rule resolution, evaluation, or signing fails.
+   * Evaluate + generate Decision Proof
+   * FIX: parameter rename ruleRegistryContract → ruleAuthority
    */
   async evaluateAndProve(params) {
     const authorityConfig = isRuleSource(params.authorityRule) ? (await resolveRule(params.authorityRule)).config : params.authorityRule;
@@ -207,73 +82,18 @@ var PayID = class {
       ruleConfig: authorityConfig,
       signer: params.signer,
       verifyingContract: params.verifyingContract,
-      ruleRegistryContract: params.ruleRegistryContract,
+      ruleAuthority: params.ruleAuthority,
       ttlSeconds: params.ttlSeconds
     });
     return { result, proof };
   }
   /**
-   * Build an ERC-4337 UserOperation that executes a PayID payment
-   * using a previously generated Decision Proof.
-   *
-   * ## Responsibility
-   *
-   * This function:
-   * - Encodes the PayID `pay(...)` calldata using the provided proof
-   * - Wraps it into an ERC-4337 UserOperation
-   *
-   * This function does NOT:
-   * - Evaluate rules
-   * - Generate decision proofs
-   * - Perform any signature validation
-   *
-   * ## Environment constraint
-   *
-   * This function is **server-only** and MUST NOT be called in a browser:
-   * - It is intended for bundlers, relayers, or backend services
-   * - Client-side apps should only generate the proof
-   *
-   * A runtime guard is enforced to prevent accidental browser usage.
-   *
-   * @param params
-   * @param params.proof
-   *   A valid Decision Proof generated by `evaluateAndProve`.
-   *
-   * @param params.smartAccount
-   *   The ERC-4337 smart account address that will submit the UserOperation.
-   *
-   * @param params.nonce
-   *   Current nonce of the smart account.
-   *
-   * @param params.gas
-   *   Gas parameters for the UserOperation
-   *   (callGasLimit, verificationGasLimit, preVerificationGas,
-   *    maxFeePerGas, maxPriorityFeePerGas).
-   *
-   * @param params.targetContract
-   *   Address of the PayID-compatible payment contract
-   *   (e.g. PayWithPayID).
-   *
-   * @param params.paymasterAndData
-   *   Optional paymaster data for sponsored transactions.
-   *
-   * @returns
-   *   A fully constructed ERC-4337 UserOperation ready to be
-   *   submitted to a bundler.
-   *
-   * @throws
-   *   Throws if called in a browser environment.
+   * Build ERC-4337 UserOperation
    */
   buildUserOperation(params) {
-    if (typeof globalThis !== "undefined" && "document" in globalThis) {
-      throw new Error(
-        "buildUserOperation must not be called in browser"
-      );
-    }
-    const callData = buildPayCallData(
-      params.targetContract,
-      params.proof
-    );
+    const attestationUIDs = params.attestationUIDs ?? [];
+    const isETH = params.paymentType === "eth";
+    const callData = isETH ? buildPayETHCallData(params.targetContract, params.proof, attestationUIDs) : buildPayERC20CallData(params.targetContract, params.proof, attestationUIDs);
     return buildUserOperation({
       sender: params.smartAccount,
       nonce: params.nonce,
@@ -292,12 +112,104 @@ function createPayID(params) {
     params.trustedIssuers
   );
 }
+
+// src/eas.ts
+var eas_exports = {};
+__export(eas_exports, {
+  EASClient: () => EASClient,
+  EAS_ADDRESSES: () => EAS_ADDRESSES
+});
+import { ethers } from "ethers";
+var EAS_ABI = [
+  "function getAttestation(bytes32 uid) external view returns (tuple(bytes32 uid, bytes32 schema, uint64 time, uint64 expirationTime, uint64 revocationTime, bytes32 refUID, address attester, address recipient, bool revocable, bytes data))",
+  "function isAttestationValid(bytes32 uid) external view returns (bool)",
+  "event Attested(address indexed recipient, address indexed attester, bytes32 uid, bytes32 indexed schema)"
+];
+var EASClient = class {
+  contract;
+  constructor(options) {
+    this.contract = new ethers.Contract(
+      options.easAddress,
+      EAS_ABI,
+      options.provider
+    );
+  }
+  async getAttestation(uid) {
+    const raw = await this.contract.getFunction("getAttestation")(uid);
+    return {
+      uid: raw.uid,
+      schema: raw.schema,
+      time: raw.time,
+      expirationTime: raw.expirationTime,
+      revocationTime: raw.revocationTime,
+      attester: raw.attester,
+      recipient: raw.recipient,
+      revocable: raw.revocable,
+      data: raw.data
+    };
+  }
+  async isValid(uid) {
+    const result = await this.contract.getFunction("isAttestationValid")(uid);
+    return result;
+  }
+  async getAttestationUIDs(params) {
+    const attestedFilter = this.contract.filters["Attested"];
+    if (!attestedFilter) {
+      throw new Error("EAS: Attested event not found in ABI");
+    }
+    const filter = attestedFilter(
+      params.recipient,
+      params.attester ?? null,
+      null,
+      params.schemaUID
+    );
+    const events = await this.contract.queryFilter(
+      filter,
+      params.fromBlock ?? 0
+    );
+    const uids = events.map(
+      (e) => e.args["uid"]
+    );
+    const validUids = [];
+    for (const uid of uids) {
+      const valid = await this.isValid(uid);
+      if (valid) validUids.push(uid);
+    }
+    return validUids;
+  }
+  /**
+   * One-liner: dapat valid UIDs siap di-pass ke payETH/payERC20
+   *
+   * @example
+   * const eas = new EASClient({ easAddress: EAS_ADDRESSES[11155111], provider })
+   * const uids = await eas.getValidUIDs({ recipient: payerAddress, schemaUID: KYC_SCHEMA_UID })
+   * await payWithPayID.payERC20(decision, sig, uids)
+   */
+  async getValidUIDs(params) {
+    return this.getAttestationUIDs(params);
+  }
+};
+var EAS_ADDRESSES = {
+  1: "0xA1207F3BBa224E2c9c3c6D5aF63D0eb1582Ce587",
+  // Ethereum Mainnet
+  8453: "0x4200000000000000000000000000000000000021",
+  // Base
+  10: "0x4200000000000000000000000000000000000020",
+  // Optimism
+  42161: "0xbD75f629A22Dc1ceD33dDA0b68c546A1c035c458",
+  // Arbitrum One
+  11155111: "0xC2679fBD37d54388Ce493F1DB75320D236e1815e",
+  // Sepolia
+  4202: "0xC2679fBD37d54388Ce493F1DB75320D236e1815e"
+  // Lisk Sepolia
+};
 export {
-  server_exports as client,
+  client_exports as client,
   context_exports as context,
   createPayID,
+  eas_exports as eas,
   issuer_exports as issuer,
   rule_exports as rule,
-  client_exports as server,
+  server_exports as server,
   sessionPolicy_exports as sessionPolicy
 };

package/dist/{types-B5dv7L-8.d.ts → types-B8pJQdMQ.d.ts}

@@ -1,3 +1,8 @@
+interface RuleSource {
+    uri: string;
+    hash?: string;
+}
+
 interface DecisionPayload {
     version: string;
     payId: string;
@@ -18,4 +23,4 @@ interface DecisionProof {
     signature: string;
 }
 
-export type { DecisionProof as D };
+export type { DecisionProof as D, RuleSource as R };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "payid",
-  "version": "0.3.6",
+  "version": "0.3.7",
   "private": false,
   "type": "module",
   "main": "./dist/index.js",
@@ -37,8 +37,8 @@
   },
   "dependencies": {
     "ethers": "^6.16.0",
-    "payid-rule-engine": "^0.1.5",
-    "payid-types": "^0.1.5"
+    "payid-rule-engine": "^0.1.6",
+    "payid-types": "^0.1.7"
   },
   "files": [
     "dist"

package/dist/chunk-FIMJNWJ3.js

@@ -1,72 +0,0 @@
-import {
-  evaluate,
-  generateDecisionProof,
-  resolveRule
-} from "./chunk-4MPVXPLM.js";
-import {
-  __export
-} from "./chunk-R5U7XKVJ.js";
-
-// src/core/server/index.ts
-var server_exports = {};
-__export(server_exports, {
-  createPayID: () => createPayID
-});
-
-// src/core/server/server.ts
-function isRuleSource(rule) {
-  return typeof rule === "object" && rule !== null && "uri" in rule;
-}
-var PayIDServer = class {
-  constructor(wasm, signer, trustedIssuers, debugTrace) {
-    this.wasm = wasm;
-    this.signer = signer;
-    this.trustedIssuers = trustedIssuers;
-    this.debugTrace = debugTrace;
-  }
-  async evaluateAndProve(params) {
-    const authorityConfig = isRuleSource(params.authorityRule) ? (await resolveRule(params.authorityRule)).config : params.authorityRule;
-    const evalConfig = params.evaluationRule ?? authorityConfig;
-    const result = await evaluate(
-      this.wasm,
-      params.context,
-      evalConfig,
-      {
-        debug: this.debugTrace,
-        trustedIssuers: this.trustedIssuers
-      }
-    );
-    if (result.decision !== "ALLOW") {
-      return { result, proof: null };
-    }
-    const proof = await generateDecisionProof({
-      payId: params.payId,
-      payer: params.payer,
-      receiver: params.receiver,
-      asset: params.asset,
-      amount: params.amount,
-      context: params.context,
-      ruleConfig: params.authorityRule,
-      signer: this.signer,
-      verifyingContract: params.verifyingContract,
-      ruleRegistryContract: params.ruleRegistryContract,
-      ttlSeconds: params.ttlSeconds
-    });
-    return { result, proof };
-  }
-};
-
-// src/core/server/index.ts
-function createPayID(params) {
-  return new PayIDServer(
-    params.wasm,
-    params.signer,
-    params.trustedIssuers,
-    params.debugTrace ?? false
-  );
-}
-
-export {
-  createPayID,
-  server_exports
-};