payid 0.3.8 → 0.4.0

package/dist/{chunk-JJEWYFOV.js → chunk-6VPSJFO4.js}

@@ -1,14 +1,29 @@
 // src/rule/canonicalize.ts
 function canonicalizeRuleSet(ruleSet) {
   return {
-    version: ruleSet.version,
+    version: ruleSet.version ?? "1",
     logic: ruleSet.logic,
     rules: ruleSet.rules.map((rule) => canonicalizeRule(rule)).sort((a, b) => a.id.localeCompare(b.id))
   };
 }
 function canonicalizeRule(rule) {
+  const base = { id: rule.id, ...rule.message ? { message: rule.message } : {} };
+  if ("rules" in rule && Array.isArray(rule.rules)) {
+    return {
+      ...base,
+      logic: rule.logic,
+      rules: rule.rules.map((r) => canonicalizeRule(r)).sort((a, b) => a.id.localeCompare(b.id))
+    };
+  }
+  if ("conditions" in rule && Array.isArray(rule.conditions)) {
+    return {
+      ...base,
+      logic: rule.logic,
+      conditions: rule.conditions.map((c) => canonicalizeObject(c))
+    };
+  }
   return {
-    id: rule.id,
+    ...base,
     if: canonicalizeObject(rule.if)
   };
 }
@@ -19,12 +34,8 @@ function canonicalizeObject(obj) {
   if (typeof obj === "function" || typeof obj === "symbol") {
     throw new Error("Non-JSON value not allowed in canonical object");
   }
-  if (obj instanceof Date) {
-    return obj.toISOString();
-  }
-  if (typeof obj === "bigint") {
-    return obj.toString();
-  }
+  if (obj instanceof Date) return obj.toISOString();
+  if (typeof obj === "bigint") return obj.toString();
   if (Array.isArray(obj)) {
     return obj.map(canonicalizeObject);
   }

package/dist/{chunk-AXFEJV2K.js → chunk-ANG3SJGI.js}

@@ -25,19 +25,49 @@ function normalizeContext(ctx) {
 function toBigIntSafe(v) {
   try {
     if (typeof v === "bigint") return v;
-    if (typeof v === "number" && Number.isFinite(v)) {
-      return BigInt(Math.trunc(v));
-    }
-    if (typeof v === "string" && v !== "") {
-      return BigInt(v);
-    }
+    if (typeof v === "number" && Number.isFinite(v)) return BigInt(Math.trunc(v));
+    if (typeof v === "string" && v !== "") return BigInt(v);
     return null;
   } catch {
     return null;
   }
 }
-function getValueByPath(obj, path) {
-  return path.split(".").reduce((o, k) => o?.[k], obj);
+function resolveField(obj, fieldExpr) {
+  const [path, ...transforms] = fieldExpr.split("|");
+  let value = path?.split(".").reduce((o, k) => o?.[k], obj);
+  for (const t of transforms) {
+    if (value === void 0 || value === null) break;
+    if (t.startsWith("div:")) {
+      const n = Number(t.slice(4));
+      value = Number(value) / n;
+    } else if (t.startsWith("mod:")) {
+      const n = BigInt(t.slice(4));
+      value = BigInt(value) % n;
+    } else if (t === "abs") {
+      value = Math.abs(Number(value));
+    } else if (t === "hour") {
+      value = new Date(Number(value) * 1e3).getUTCHours();
+    } else if (t === "day") {
+      value = new Date(Number(value) * 1e3).getUTCDay();
+    } else if (t === "date") {
+      value = new Date(Number(value) * 1e3).getUTCDate();
+    } else if (t === "month") {
+      value = new Date(Number(value) * 1e3).getUTCMonth() + 1;
+    } else if (t === "len") {
+      value = String(value).length;
+    } else if (t === "lower") {
+      value = String(value).toLowerCase();
+    } else if (t === "upper") {
+      value = String(value).toUpperCase();
+    }
+  }
+  return value;
+}
+function resolveValue(context, value) {
+  if (typeof value === "string" && value.startsWith("$")) {
+    return resolveField(context, value.slice(1));
+  }
+  return value;
 }
 function evaluateCondition(actual, op, expected) {
   switch (op) {
@@ -56,32 +86,55 @@ function evaluateCondition(actual, op, expected) {
     }
     case "==":
       return actual == expected;
+    case "!=":
+      return actual != expected;
     case "in":
       return Array.isArray(expected) && expected.includes(actual);
     case "not_in":
       return Array.isArray(expected) && !expected.includes(actual);
+    case "between":
+      return Array.isArray(expected) && actual >= expected[0] && actual <= expected[1];
+    case "not_between":
+      return Array.isArray(expected) && !(actual >= expected[0] && actual <= expected[1]);
+    case "exists":
+      return actual !== void 0 && actual !== null;
+    case "not_exists":
+      return actual === void 0 || actual === null;
     default:
       return false;
   }
 }
+function traceCondition(context, ruleId, cond) {
+  const actual = resolveField(context, cond.field);
+  const expected = resolveValue(context, cond.value);
+  const pass = evaluateCondition(actual, cond.op, expected);
+  return {
+    ruleId,
+    field: cond.field,
+    op: cond.op,
+    expected: cond.value,
+    actual,
+    result: actual === void 0 ? "FAIL" : pass ? "PASS" : "FAIL"
+  };
+}
+function traceRule(context, rule) {
+  if ("if" in rule) {
+    return [traceCondition(context, rule.id, rule.if)];
+  }
+  if ("conditions" in rule) {
+    return rule.conditions.map((cond) => traceCondition(context, rule.id, cond));
+  }
+  if ("rules" in rule) {
+    return rule.rules.flatMap((child) => traceRule(context, child));
+  }
+  return [];
+}
 function buildDecisionTrace(context, ruleConfig) {
-  return ruleConfig.rules.map((rule) => {
-    const cond = rule.if;
-    const actual = getValueByPath(context, cond.field);
-    const pass = evaluateCondition(actual, cond.op, cond.value);
-    return {
-      ruleId: rule.id,
-      field: cond.field,
-      op: cond.op,
-      expected: cond.value,
-      actual,
-      result: actual === void 0 ? "FAIL" : pass ? "PASS" : "FAIL"
-    };
-  });
+  return ruleConfig.rules.flatMap((rule) => traceRule(context, rule));
 }
 
 // src/evaluate.ts
-async function evaluate(wasmBinary, context, ruleConfig, options) {
+async function evaluate(context, ruleConfig, options, wasmBinary) {
   if (!context || typeof context !== "object") {
     throw new Error("evaluate(): context is required");
   }
@@ -99,11 +152,18 @@ async function evaluate(wasmBinary, context, ruleConfig, options) {
       options.trustedIssuers
     ) : context;
     const normalized = normalizeContext(preparedContext);
-    const wasmForEngine = typeof Buffer !== "undefined" && !(wasmBinary instanceof Buffer) ? Buffer.from(wasmBinary) : wasmBinary;
+    let wasmForEngine;
+    if (wasmBinary == null) {
+      wasmForEngine = void 0;
+    } else if (typeof Buffer !== "undefined") {
+      wasmForEngine = Buffer.isBuffer(wasmBinary) ? wasmBinary : Buffer.from(wasmBinary);
+    } else {
+      wasmForEngine = wasmBinary;
+    }
     result = await executeRule(
-      wasmForEngine,
       normalized,
-      ruleConfig
+      ruleConfig,
+      wasmForEngine
     );
   } catch (err) {
     return {
@@ -206,9 +266,10 @@ function hashRuleSet(ruleConfig) {
 import { ethers, ZeroAddress } from "ethers";
 var hash = (v) => ethers.keccak256(ethers.toUtf8Bytes(v));
 async function generateDecisionProof(params) {
-  const now = Math.floor(Date.now() / 1e3);
-  const expiresAt = now + (params.ttlSeconds ?? 60);
-  const network = await params.signer.provider.getNetwork();
+  const now = params.blockTimestamp ?? Math.floor(Date.now() / 1e3);
+  const issuedAt = now - 30;
+  const expiresAt = now + (params.ttlSeconds ?? 300);
+  const chainId = params.chainId ?? Number((await params.signer.provider.getNetwork()).chainId);
   const requiresAttestation = Array.isArray(params.ruleConfig?.requires) && params.ruleConfig.requires.length > 0;
   const payload = {
     version: hash("2"),
@@ -220,7 +281,7 @@ async function generateDecisionProof(params) {
     contextHash: hashContext(params.context),
     ruleSetHash: hashRuleSet(params.ruleConfig),
     ruleAuthority: params.ruleAuthority ?? ZeroAddress,
-    issuedAt: BigInt(now),
+    issuedAt: BigInt(issuedAt),
     expiresAt: BigInt(expiresAt),
     nonce: randomHex(32),
     requiresAttestation
@@ -228,7 +289,7 @@ async function generateDecisionProof(params) {
   const domain = {
     name: "PAY.ID Decision",
     version: "2",
-    chainId: Number(network.chainId),
+    chainId,
     verifyingContract: params.verifyingContract
   };
   const types = {

package/dist/{chunk-UCM5DYIC.js → chunk-GB3FSF7K.js}

@@ -1,14 +1,14 @@
 import {
   combineRules
-} from "./chunk-QYH3FNQ4.js";
+} from "./chunk-GG34PNTF.js";
+import {
+  decodeSessionPolicy
+} from "./chunk-MXKZJKXE.js";
 import {
   evaluate,
   generateDecisionProof,
   resolveRule
-} from "./chunk-AXFEJV2K.js";
-import {
-  decodeSessionPolicy
-} from "./chunk-MXKZJKXE.js";
+} from "./chunk-ANG3SJGI.js";
 import {
   __export
 } from "./chunk-R5U7XKVJ.js";
@@ -25,21 +25,14 @@ function isRuleSource(rule) {
   return typeof rule === "object" && rule !== null && "uri" in rule;
 }
 var PayIDClient = class {
-  constructor(wasm, debugTrace) {
-    this.wasm = wasm;
+  constructor(debugTrace, wasm) {
     this.debugTrace = debugTrace;
+    this.wasm = wasm;
   }
-  /**
-   * Pure rule evaluation — client-safe, no signing, no server
-   */
   async evaluate(context, rule) {
     const config = isRuleSource(rule) ? (await resolveRule(rule)).config : rule;
-    return evaluate(this.wasm, context, config, { debug: this.debugTrace });
+    return evaluate(context, config, { debug: this.debugTrace }, this.wasm);
   }
-  /**
-   * Evaluate + generate EIP-712 Decision Proof.
-   * Payer sign sendiri menggunakan wallet mereka — tidak butuh server.
-   */
   async evaluateAndProve(params) {
     const authorityConfig = isRuleSource(params.authorityRule) ? (await resolveRule(params.authorityRule)).config : params.authorityRule;
     const evalConfig = params.evaluationRule ?? (params.sessionPolicy ? combineRules(
@@ -50,10 +43,10 @@ var PayIDClient = class {
       ).rules
     ) : authorityConfig);
     const result = await evaluate(
-      this.wasm,
       params.context,
       evalConfig,
-      { debug: this.debugTrace }
+      { debug: this.debugTrace },
+      this.wasm
     );
     if (result.decision !== "ALLOW") {
       return { result, proof: null };
@@ -69,7 +62,9 @@ var PayIDClient = class {
       signer: params.signer,
       verifyingContract: params.verifyingContract,
       ruleAuthority: params.ruleAuthority,
-      ttlSeconds: params.ttlSeconds
+      chainId: params.chainId ?? params.context?.tx?.chainId,
+      ttlSeconds: params.ttlSeconds,
+      blockTimestamp: params.blockTimestamp
     });
     return { result, proof };
   }
@@ -78,8 +73,8 @@ var PayIDClient = class {
 // src/core/client/index.ts
 function createPayID(params) {
   return new PayIDClient(
-    params.wasm,
-    params.debugTrace ?? false
+    params.debugTrace ?? false,
+    params.wasm
   );
 }
 

package/dist/{chunk-QYH3FNQ4.js → chunk-GG34PNTF.js}

@@ -1,6 +1,6 @@
 import {
   canonicalizeRuleSet
-} from "./chunk-JJEWYFOV.js";
+} from "./chunk-6VPSJFO4.js";
 
 // src/rule/combine.ts
 function combineRules(defaultRuleSet, sessionRule) {

package/dist/{chunk-JRVCGSKK.js → chunk-ILV7Z3IN.js}

@@ -1,9 +1,9 @@
 import {
   combineRules
-} from "./chunk-QYH3FNQ4.js";
+} from "./chunk-GG34PNTF.js";
 import {
   canonicalizeRuleSet
-} from "./chunk-JJEWYFOV.js";
+} from "./chunk-6VPSJFO4.js";
 import {
   __export
 } from "./chunk-R5U7XKVJ.js";

package/dist/{chunk-ATWJEWZH.js → chunk-Y75PSD7U.js}

@@ -3,7 +3,7 @@ import {
 } from "./chunk-MXKZJKXE.js";
 import {
   canonicalizeRuleSet
-} from "./chunk-JJEWYFOV.js";
+} from "./chunk-6VPSJFO4.js";
 import {
   randomHex
 } from "./chunk-5ZEKI5Y2.js";

package/dist/{chunk-VJDL2PUS.js → chunk-YUAYDVGX.js}

@@ -2,7 +2,7 @@ import {
   evaluate,
   generateDecisionProof,
   resolveRule
-} from "./chunk-AXFEJV2K.js";
+} from "./chunk-ANG3SJGI.js";
 import {
   __export
 } from "./chunk-R5U7XKVJ.js";
@@ -37,9 +37,6 @@ function buildPayERC20CallData(contractAddress, proof, attestationUIDs = []) {
     attestationUIDs
   ]);
 }
-function buildPayCallData(contractAddress, proof, attestationUIDs = []) {
-  return buildPayERC20CallData(contractAddress, proof, attestationUIDs);
-}
 
 // src/erc4337/userop.ts
 function buildUserOperation(params) {
@@ -64,26 +61,23 @@ function isRuleSource(rule) {
   return typeof rule === "object" && rule !== null && "uri" in rule;
 }
 var PayIDServer = class {
-  constructor(wasm, signer, trustedIssuers, debugTrace) {
-    this.wasm = wasm;
+  constructor(signer, trustedIssuers, debugTrace, wasm) {
     this.signer = signer;
     this.trustedIssuers = trustedIssuers;
     this.debugTrace = debugTrace;
+    this.wasm = wasm;
   }
-  /**
-   * Evaluate + generate proof dengan signer dari constructor
-   */
   async evaluateAndProve(params) {
     const authorityConfig = isRuleSource(params.authorityRule) ? (await resolveRule(params.authorityRule)).config : params.authorityRule;
     const evalConfig = params.evaluationRule ?? authorityConfig;
     const result = await evaluate(
-      this.wasm,
       params.context,
       evalConfig,
       {
         debug: this.debugTrace,
         trustedIssuers: this.trustedIssuers
-      }
+      },
+      this.wasm
     );
     if (result.decision !== "ALLOW") {
       return { result, proof: null };
@@ -99,16 +93,18 @@ var PayIDServer = class {
       signer: this.signer,
       verifyingContract: params.verifyingContract,
       ruleAuthority: params.ruleAuthority,
-      ttlSeconds: params.ttlSeconds
+      chainId: params.chainId ?? params.context?.tx?.chainId,
+      ttlSeconds: params.ttlSeconds,
+      blockTimestamp: params.blockTimestamp
     });
     return { result, proof };
   }
-  /**
-   * Build ERC-4337 UserOperation dari Decision Proof
-   * Untuk bundler/relayer — server only
-   */
   buildUserOperation(params) {
-    const callData = buildPayCallData(params.targetContract, params.proof);
+    const callData = buildPayERC20CallData(
+      params.targetContract,
+      params.proof,
+      params.attestationUIDs ?? []
+    );
     return buildUserOperation({
       sender: params.smartAccount,
       nonce: params.nonce,
@@ -122,10 +118,10 @@ var PayIDServer = class {
 // src/core/server/index.ts
 function createPayID(params) {
   return new PayIDServer(
-    params.wasm,
     params.signer,
     params.trustedIssuers,
-    params.debugTrace ?? false
+    params.debugTrace ?? false,
+    params.wasm
   );
 }
 

package/dist/core/client/index.d.ts

@@ -1,5 +1,5 @@
-export { c as createPayID } from '../../index-on2SYkvq.js';
+export { c as createPayID } from '../../index-2O3usHUn.js';
 import 'payid-types';
 import 'ethers';
 import '../../types-B8pJQdMQ.js';
-import '../../types-DKt-zH0P.js';
+import '../../types-BmMf7udp.js';

package/dist/core/client/index.js

@@ -1,10 +1,10 @@
 import {
   createPayID
-} from "../../chunk-UCM5DYIC.js";
-import "../../chunk-QYH3FNQ4.js";
-import "../../chunk-AXFEJV2K.js";
+} from "../../chunk-GB3FSF7K.js";
+import "../../chunk-GG34PNTF.js";
 import "../../chunk-MXKZJKXE.js";
-import "../../chunk-JJEWYFOV.js";
+import "../../chunk-6VPSJFO4.js";
+import "../../chunk-ANG3SJGI.js";
 import "../../chunk-5ZEKI5Y2.js";
 import "../../chunk-R5U7XKVJ.js";
 export {

package/dist/core/server/index.d.ts

@@ -1,4 +1,4 @@
-export { c as createPayID } from '../../index-CiTDNVSZ.js';
+export { c as createPayID } from '../../index-C1DHMQA0.js';
 import 'ethers';
 import 'payid-types';
 import '../../types-B8pJQdMQ.js';

package/dist/core/server/index.js

@@ -1,7 +1,7 @@
 import {
   createPayID
-} from "../../chunk-VJDL2PUS.js";
-import "../../chunk-AXFEJV2K.js";
+} from "../../chunk-YUAYDVGX.js";
+import "../../chunk-ANG3SJGI.js";
 import "../../chunk-5ZEKI5Y2.js";
 import "../../chunk-R5U7XKVJ.js";
 export {

package/dist/{index-on2SYkvq.d.ts → index-2O3usHUn.d.ts}

@@ -1,7 +1,7 @@
 import { RuleContext, RuleConfig, RuleResult } from 'payid-types';
 import { ethers } from 'ethers';
 import { R as RuleSource, D as DecisionProof } from './types-B8pJQdMQ.js';
-import { P as PayIDSessionPolicyPayloadV1 } from './types-DKt-zH0P.js';
+import { P as PayIDSessionPolicyPayloadV1 } from './types-BmMf7udp.js';
 
 /**
  * @class PayIDClient
@@ -35,17 +35,10 @@ import { P as PayIDSessionPolicyPayloadV1 } from './types-DKt-zH0P.js';
  * ```
  */
 declare class PayIDClient {
-    private readonly wasm;
     private readonly debugTrace?;
-    constructor(wasm: Uint8Array, debugTrace?: boolean | undefined);
-    /**
-     * Pure rule evaluation — client-safe, no signing, no server
-     */
+    private readonly wasm?;
+    constructor(debugTrace?: boolean | undefined, wasm?: Uint8Array | undefined);
     evaluate(context: RuleContext, rule: RuleConfig | RuleSource): Promise<RuleResult>;
-    /**
-     * Evaluate + generate EIP-712 Decision Proof.
-     * Payer sign sendiri menggunakan wallet mereka — tidak butuh server.
-     */
     evaluateAndProve(params: {
         context: RuleContext;
         authorityRule: RuleConfig | RuleSource;
@@ -60,6 +53,8 @@ declare class PayIDClient {
         verifyingContract: string;
         ruleAuthority: string;
         ttlSeconds?: number;
+        chainId: number;
+        blockTimestamp: number;
     }): Promise<{
         result: RuleResult;
         proof: DecisionProof | null;
@@ -102,7 +97,7 @@ declare class PayIDClient {
  *   ```
  */
 declare function createPayID(params: {
-    wasm: Uint8Array;
+    wasm?: Uint8Array;
     debugTrace?: boolean;
 }): PayIDClient;
 

package/dist/{index-DuOeYzN2.d.ts → index-BQQnMG2H.d.ts}

@@ -1,6 +1,6 @@
 import { ethers } from 'ethers';
-import { P as PayIDSessionPolicyPayloadV1 } from './types-DKt-zH0P.js';
 import { RuleConfig } from 'payid-types';
+import { P as PayIDSessionPolicyPayloadV1 } from './types-BmMf7udp.js';
 
 /**
  * Create and sign an ephemeral PayID session policy payload.
@@ -54,11 +54,7 @@ import { RuleConfig } from 'payid-types';
  */
 declare function createSessionPolicyPayload(params: {
     receiver: string;
-    rule: {
-        version: string;
-        logic: "AND";
-        rules: any[];
-    };
+    rule: RuleConfig;
     expiresAt: number;
     signer: ethers.Signer;
 }): Promise<PayIDSessionPolicyPayloadV1>;

package/dist/{index-CiTDNVSZ.d.ts → index-C1DHMQA0.d.ts}

@@ -45,14 +45,11 @@ interface UserOperation {
  * ```
  */
 declare class PayIDServer {
-    private readonly wasm;
     private readonly signer;
     private readonly trustedIssuers?;
     private readonly debugTrace?;
-    constructor(wasm: Uint8Array, signer: ethers.Signer, trustedIssuers?: Set<string> | undefined, debugTrace?: boolean | undefined);
-    /**
-     * Evaluate + generate proof dengan signer dari constructor
-     */
+    private readonly wasm?;
+    constructor(signer: ethers.Signer, trustedIssuers?: Set<string> | undefined, debugTrace?: boolean | undefined, wasm?: Uint8Array | undefined);
     evaluateAndProve(params: {
         context: RuleContext;
         authorityRule: RuleConfig | RuleSource;
@@ -65,14 +62,12 @@ declare class PayIDServer {
         verifyingContract: string;
         ruleAuthority: string;
         ttlSeconds?: number;
+        chainId: number;
+        blockTimestamp: number;
     }): Promise<{
         result: RuleResult;
         proof: DecisionProof | null;
     }>;
-    /**
-     * Build ERC-4337 UserOperation dari Decision Proof
-     * Untuk bundler/relayer — server only
-     */
     buildUserOperation(params: {
         proof: DecisionProof;
         smartAccount: string;
@@ -80,6 +75,7 @@ declare class PayIDServer {
         gas: any;
         targetContract: string;
         paymasterAndData?: string;
+        attestationUIDs?: string[];
     }): UserOperation;
 }
 
@@ -144,7 +140,7 @@ declare class PayIDServer {
  *   ```
  */
 declare function createPayID(params: {
-    wasm: Uint8Array;
+    wasm?: Uint8Array;
     signer: ethers.Signer;
     debugTrace?: boolean;
     trustedIssuers?: Set<string>;

package/dist/{index-C7vziL_Z.d.ts → index-DerQdZmf.d.ts}

@@ -1,4 +1,5 @@
-import { RuleConfig } from 'payid-types';
+import * as payid_types from 'payid-types';
+import { RuleConfig, AnyRule } from 'payid-types';
 
 /**
  * Combine an authoritative rule set with additional ephemeral rules
@@ -42,66 +43,25 @@ import { RuleConfig } from 'payid-types';
 declare function combineRules(defaultRuleSet: RuleConfig, sessionRule: any[]): {
     version: string;
     logic: "AND" | "OR";
-    rules: {
-        id: any;
-        if: any;
-    }[];
+    rules: payid_types.AnyRule[];
 };
 
 /**
  * Canonicalize a rule set into a deterministic, order-independent form.
  *
- * Canonicalization ensures that semantically identical rule sets
- * always produce the same structural representation, regardless of:
- * - Rule insertion order
- * - Object key order
- * - Nested object layout
- *
- * This function is CRITICAL for:
- * - Rule hashing (`ruleSetHash`)
- * - Policy signing (QR / session / intent)
- * - Consistent off-chain evaluation
- *
- * ## Canonicalization rules
- *
- * - Rules are normalized individually.
- * - Rule entries are sorted lexicographically by `id`.
- * - All nested objects are recursively sorted by key.
- * - Arrays preserve their original order unless explicitly sorted.
- *
- * ## Security model
- *
- * - Canonicalization MUST be applied BEFORE hashing or signing.
- * - Canonicalization MUST NOT be applied during verification
- *   (the verified payload must match exactly what was signed).
- *
- * ## Invariants
- *
- * - Canonicalization does NOT change rule semantics.
- * - Canonicalization does NOT weaken rule constraints.
- * - Canonicalization is a pure, deterministic operation.
- *
- * @param ruleSet
- *   A rule configuration object containing:
- *   - `version`: rule schema version
- *   - `logic`: logical operator ("AND" | "OR")
- *   - `rules`: list of rule definitions
- *
- * @returns
- *   A canonicalized rule configuration suitable for hashing,
- *   signing, and deterministic evaluation.
+ * Supports all three v4 rule formats:
+ *   - Format A: { id, if, message? }
+ *   - Format B: { id, logic, conditions[], message? }
+ *   - Format C: { id, logic, rules[], message? }
  */
 declare function canonicalizeRuleSet(ruleSet: {
-    version: string;
+    version?: string;
     logic: "AND" | "OR";
     rules: any[];
 }): {
     version: string;
     logic: "AND" | "OR";
-    rules: {
-        id: any;
-        if: any;
-    }[];
+    rules: AnyRule[];
 };
 
 /**

package/dist/index.d.ts

@@ -1,14 +1,14 @@
 import { RuleContext, RuleConfig, RuleResult } from 'payid-types';
 import { R as RuleSource } from './types-B8pJQdMQ.js';
-import { U as UserOperation } from './index-CiTDNVSZ.js';
-export { i as server } from './index-CiTDNVSZ.js';
+import { U as UserOperation } from './index-C1DHMQA0.js';
+export { i as server } from './index-C1DHMQA0.js';
 import { ethers } from 'ethers';
-export { i as sessionPolicy } from './index-DuOeYzN2.js';
-export { i as rule } from './index-C7vziL_Z.js';
+export { i as sessionPolicy } from './index-BQQnMG2H.js';
+export { i as rule } from './index-DerQdZmf.js';
 export { i as issuer } from './index-2JCvey4-.js';
 export { i as context } from './index-BEvnPzzt.js';
-export { i as client } from './index-on2SYkvq.js';
-import './types-DKt-zH0P.js';
+export { i as client } from './index-2O3usHUn.js';
+import './types-BmMf7udp.js';
 
 interface PayIDClient {
     /**
@@ -54,6 +54,8 @@ interface PayIDServer {
         verifyingContract: string;
         ruleAuthority: string;
         ttlSeconds?: number;
+        chainId: number;
+        blockTimestamp: number;
     }): Promise<{
         result: RuleResult;
         proof: any | null;
@@ -69,6 +71,7 @@ interface PayIDServer {
         gas: any;
         targetContract: string;
         paymasterAndData?: string;
+        attestationUIDs?: string[];
     }): UserOperation;
 }
 
@@ -130,7 +133,7 @@ interface PayIDServer {
  *   ```
  */
 declare function createPayID(params: {
-    wasm: Uint8Array;
+    wasm?: Uint8Array;
     debugTrace?: boolean;
     trustedIssuers?: Set<string>;
 }): PayIDClient & PayIDServer;

package/dist/index.js

@@ -7,27 +7,27 @@ import {
 import "./chunk-7U3P7XJE.js";
 import {
   rule_exports
-} from "./chunk-JRVCGSKK.js";
+} from "./chunk-ILV7Z3IN.js";
+import {
+  sessionPolicy_exports
+} from "./chunk-Y75PSD7U.js";
 import {
   client_exports
-} from "./chunk-UCM5DYIC.js";
-import "./chunk-QYH3FNQ4.js";
+} from "./chunk-GB3FSF7K.js";
+import "./chunk-GG34PNTF.js";
+import "./chunk-MXKZJKXE.js";
+import "./chunk-6VPSJFO4.js";
 import {
   buildPayERC20CallData,
   buildPayETHCallData,
   buildUserOperation,
   server_exports
-} from "./chunk-VJDL2PUS.js";
+} from "./chunk-YUAYDVGX.js";
 import {
   evaluate,
   generateDecisionProof,
   resolveRule
-} from "./chunk-AXFEJV2K.js";
-import {
-  sessionPolicy_exports
-} from "./chunk-ATWJEWZH.js";
-import "./chunk-MXKZJKXE.js";
-import "./chunk-JJEWYFOV.js";
+} from "./chunk-ANG3SJGI.js";
 import "./chunk-5ZEKI5Y2.js";
 import {
   __export
@@ -43,31 +43,24 @@ var PayID = class {
     this.debugTrace = debugTrace;
     this.trustedIssuers = trustedIssuers;
   }
-  /**
-   * Pure evaluation — client-safe
-   */
   async evaluate(context, rule) {
     const config = isRuleSource(rule) ? (await resolveRule(rule)).config : rule;
-    return evaluate(this.wasm, context, config, {
+    return evaluate(context, config, {
       debug: this.debugTrace,
       trustedIssuers: this.trustedIssuers
-    });
+    }, this.wasm);
   }
-  /**
-   * Evaluate + generate Decision Proof
-   * FIX: parameter rename ruleRegistryContract → ruleAuthority
-   */
   async evaluateAndProve(params) {
     const authorityConfig = isRuleSource(params.authorityRule) ? (await resolveRule(params.authorityRule)).config : params.authorityRule;
     const evalConfig = params.evaluationRule ?? authorityConfig;
     const result = await evaluate(
-      this.wasm,
       params.context,
       evalConfig,
       {
         debug: this.debugTrace,
         trustedIssuers: this.trustedIssuers
-      }
+      },
+      this.wasm
     );
     if (result.decision !== "ALLOW") {
       return { result, proof: null };
@@ -83,13 +76,12 @@ var PayID = class {
       signer: params.signer,
       verifyingContract: params.verifyingContract,
       ruleAuthority: params.ruleAuthority,
-      ttlSeconds: params.ttlSeconds
+      chainId: params.chainId ?? params.context?.tx?.chainId,
+      ttlSeconds: params.ttlSeconds,
+      blockTimestamp: params.blockTimestamp
     });
     return { result, proof };
   }
-  /**
-   * Build ERC-4337 UserOperation
-   */
   buildUserOperation(params) {
     const attestationUIDs = params.attestationUIDs ?? [];
     const isETH = params.paymentType === "eth";

package/dist/rule/index.d.ts

@@ -1,2 +1,2 @@
-export { a as canonicalizeRuleSet, c as combineRules, h as hashRuleSet } from '../index-C7vziL_Z.js';
+export { a as canonicalizeRuleSet, c as combineRules, h as hashRuleSet } from '../index-DerQdZmf.js';
 import 'payid-types';

package/dist/rule/index.js

@@ -1,12 +1,12 @@
 import {
   hashRuleSet
-} from "../chunk-JRVCGSKK.js";
+} from "../chunk-ILV7Z3IN.js";
 import {
   combineRules
-} from "../chunk-QYH3FNQ4.js";
+} from "../chunk-GG34PNTF.js";
 import {
   canonicalizeRuleSet
-} from "../chunk-JJEWYFOV.js";
+} from "../chunk-6VPSJFO4.js";
 import "../chunk-R5U7XKVJ.js";
 export {
   canonicalizeRuleSet,

package/dist/sessionPolicy/index.d.ts

@@ -1,4 +1,4 @@
-export { c as createSessionPolicyPayload, d as decodeSessionPolicy } from '../index-DuOeYzN2.js';
-export { P as PayIDSessionPolicyPayloadV1 } from '../types-DKt-zH0P.js';
+export { c as createSessionPolicyPayload, d as decodeSessionPolicy } from '../index-BQQnMG2H.js';
+export { P as PayIDSessionPolicyPayloadV1 } from '../types-BmMf7udp.js';
 import 'ethers';
 import 'payid-types';

package/dist/sessionPolicy/index.js

@@ -1,10 +1,10 @@
 import {
   createSessionPolicyPayload
-} from "../chunk-ATWJEWZH.js";
+} from "../chunk-Y75PSD7U.js";
 import {
   decodeSessionPolicy
 } from "../chunk-MXKZJKXE.js";
-import "../chunk-JJEWYFOV.js";
+import "../chunk-6VPSJFO4.js";
 import "../chunk-5ZEKI5Y2.js";
 import "../chunk-R5U7XKVJ.js";
 export {

package/dist/{types-DKt-zH0P.d.ts → types-BmMf7udp.d.ts}

@@ -1,11 +1,9 @@
+import { RuleConfig } from 'payid-types';
+
 interface PayIDSessionPolicyPayloadV1 {
     version: "payid.session.policy.v1" | string;
     receiver: string;
-    rule: {
-        version: string;
-        logic: "AND" | "OR";
-        rules: any[];
-    };
+    rule: RuleConfig;
     expiresAt: number;
     nonce: string;
     issuedAt: number;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "payid",
-  "version": "0.3.8",
+  "version": "0.4.0",
   "private": false,
   "type": "module",
   "main": "./dist/index.js",
@@ -37,8 +37,8 @@
   },
   "dependencies": {
     "ethers": "^6.16.0",
-    "payid-rule-engine": "^0.1.7",
-    "payid-types": "^0.1.7"
+    "payid-rule-engine": "^0.2.3",
+    "payid-types": "^0.1.9"
   },
   "files": [
     "dist"