payid 0.3.9 → 0.4.1

package/dist/index.js

@@ -1,37 +1,382 @@
-import {
-  context_exports
-} from "./chunk-RCXMRX4F.js";
-import {
-  issuer_exports
-} from "./chunk-AOKLY2QN.js";
-import "./chunk-7U3P7XJE.js";
-import {
-  rule_exports
-} from "./chunk-JRVCGSKK.js";
-import {
-  sessionPolicy_exports
-} from "./chunk-ATWJEWZH.js";
-import {
-  client_exports
-} from "./chunk-UBGZH6HB.js";
-import "./chunk-QYH3FNQ4.js";
-import "./chunk-MXKZJKXE.js";
-import "./chunk-JJEWYFOV.js";
-import {
-  buildPayERC20CallData,
-  buildPayETHCallData,
-  buildUserOperation,
-  server_exports
-} from "./chunk-SIHQPH55.js";
-import {
-  evaluate,
-  generateDecisionProof,
-  resolveRule
-} from "./chunk-METOE7DV.js";
-import "./chunk-5ZEKI5Y2.js";
-import {
-  __export
-} from "./chunk-R5U7XKVJ.js";
+var __defProp = Object.defineProperty;
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+// src/evaluate.ts
+import { executeRule, preprocessContextV2 } from "payid-rule-engine";
+
+// src/normalize.ts
+function normalizeContext(ctx) {
+  return {
+    ...ctx,
+    tx: {
+      ...ctx.tx,
+      sender: ctx.tx.sender?.toLowerCase(),
+      receiver: ctx.tx.receiver?.toLowerCase(),
+      asset: ctx.tx.asset.toUpperCase()
+    }
+  };
+}
+
+// src/core/dicisionTrace.ts
+function toBigIntSafe(v) {
+  try {
+    if (typeof v === "bigint") return v;
+    if (typeof v === "number" && Number.isFinite(v)) return BigInt(Math.trunc(v));
+    if (typeof v === "string" && v !== "") return BigInt(v);
+    return null;
+  } catch {
+    return null;
+  }
+}
+function resolveField(obj, fieldExpr) {
+  const [path, ...transforms] = fieldExpr.split("|");
+  let value = path?.split(".").reduce((o, k) => o?.[k], obj);
+  for (const t of transforms) {
+    if (value === void 0 || value === null) break;
+    if (t.startsWith("div:")) {
+      const n = Number(t.slice(4));
+      value = Number(value) / n;
+    } else if (t.startsWith("mod:")) {
+      const n = BigInt(t.slice(4));
+      value = BigInt(value) % n;
+    } else if (t === "abs") {
+      value = Math.abs(Number(value));
+    } else if (t === "hour") {
+      value = new Date(Number(value) * 1e3).getUTCHours();
+    } else if (t === "day") {
+      value = new Date(Number(value) * 1e3).getUTCDay();
+    } else if (t === "date") {
+      value = new Date(Number(value) * 1e3).getUTCDate();
+    } else if (t === "month") {
+      value = new Date(Number(value) * 1e3).getUTCMonth() + 1;
+    } else if (t === "len") {
+      value = String(value).length;
+    } else if (t === "lower") {
+      value = String(value).toLowerCase();
+    } else if (t === "upper") {
+      value = String(value).toUpperCase();
+    }
+  }
+  return value;
+}
+function resolveValue(context, value) {
+  if (typeof value === "string" && value.startsWith("$")) {
+    return resolveField(context, value.slice(1));
+  }
+  return value;
+}
+function evaluateCondition(actual, op, expected) {
+  switch (op) {
+    case ">=":
+    case "<=":
+    case ">":
+    case "<": {
+      const a = toBigIntSafe(actual);
+      const b = toBigIntSafe(expected);
+      if (a === null || b === null) return false;
+      if (op === ">=") return a >= b;
+      if (op === "<=") return a <= b;
+      if (op === ">") return a > b;
+      if (op === "<") return a < b;
+      return false;
+    }
+    case "==":
+      return actual == expected;
+    case "!=":
+      return actual != expected;
+    case "in":
+      return Array.isArray(expected) && expected.includes(actual);
+    case "not_in":
+      return Array.isArray(expected) && !expected.includes(actual);
+    case "between":
+      return Array.isArray(expected) && actual >= expected[0] && actual <= expected[1];
+    case "not_between":
+      return Array.isArray(expected) && !(actual >= expected[0] && actual <= expected[1]);
+    case "exists":
+      return actual !== void 0 && actual !== null;
+    case "not_exists":
+      return actual === void 0 || actual === null;
+    default:
+      return false;
+  }
+}
+function traceCondition(context, ruleId, cond) {
+  const actual = resolveField(context, cond.field);
+  const expected = resolveValue(context, cond.value);
+  const pass = evaluateCondition(actual, cond.op, expected);
+  return {
+    ruleId,
+    field: cond.field,
+    op: cond.op,
+    expected: cond.value,
+    actual,
+    result: actual === void 0 ? "FAIL" : pass ? "PASS" : "FAIL"
+  };
+}
+function traceRule(context, rule) {
+  if ("if" in rule) {
+    return [traceCondition(context, rule.id, rule.if)];
+  }
+  if ("conditions" in rule) {
+    return rule.conditions.map((cond) => traceCondition(context, rule.id, cond));
+  }
+  if ("rules" in rule) {
+    return rule.rules.flatMap((child) => traceRule(context, child));
+  }
+  return [];
+}
+function buildDecisionTrace(context, ruleConfig) {
+  return ruleConfig.rules.flatMap((rule) => traceRule(context, rule));
+}
+
+// src/evaluate.ts
+async function evaluate(context, ruleConfig, options, wasmBinary) {
+  if (!context || typeof context !== "object") {
+    throw new Error("evaluate(): context is required");
+  }
+  if (!context.tx) {
+    throw new Error("evaluate(): context.tx is required");
+  }
+  if (!ruleConfig || typeof ruleConfig !== "object") {
+    throw new Error("evaluate(): ruleConfig is required");
+  }
+  let result;
+  try {
+    const preparedContext = options?.trustedIssuers ? preprocessContextV2(
+      context,
+      ruleConfig,
+      options.trustedIssuers
+    ) : context;
+    const normalized = normalizeContext(preparedContext);
+    let wasmForEngine;
+    if (wasmBinary == null) {
+      wasmForEngine = void 0;
+    } else if (typeof Buffer !== "undefined") {
+      wasmForEngine = Buffer.isBuffer(wasmBinary) ? wasmBinary : Buffer.from(wasmBinary);
+    } else {
+      wasmForEngine = wasmBinary;
+    }
+    result = await executeRule(
+      normalized,
+      ruleConfig,
+      wasmForEngine
+    );
+  } catch (err) {
+    return {
+      decision: "REJECT",
+      code: "CONTEXT_OR_ENGINE_ERROR",
+      reason: err?.message ?? "rule evaluation failed"
+    };
+  }
+  if (result.decision !== "ALLOW" && result.decision !== "REJECT") {
+    return {
+      decision: "REJECT",
+      code: "INVALID_ENGINE_OUTPUT",
+      reason: "invalid decision value"
+    };
+  }
+  const baseResult = {
+    decision: result.decision,
+    code: result.code || "UNKNOWN",
+    reason: result.reason
+  };
+  if (options?.debug) {
+    return {
+      ...baseResult,
+      debug: {
+        trace: buildDecisionTrace(context, ruleConfig)
+      }
+    };
+  }
+  return baseResult;
+}
+
+// src/utils/subtle.ts
+var subtleCrypto = globalThis.crypto?.subtle ?? __require("crypto").webcrypto.subtle;
+
+// src/utils/fetchJson.ts
+async function fetchJsonWithHashCheck(url, expectedHash) {
+  const res = await fetch(url);
+  if (!res.ok) {
+    throw new Error("RULE_FETCH_FAILED");
+  }
+  const buffer = await res.arrayBuffer();
+  if (expectedHash) {
+    const digest = await subtleCrypto.digest(
+      "SHA-256",
+      buffer
+    );
+    const actualHash = bufferToHex(digest);
+    if (actualHash !== expectedHash) {
+      throw new Error("RULE_HASH_MISMATCH");
+    }
+  }
+  return JSON.parse(new TextDecoder().decode(buffer));
+}
+function bufferToHex(buffer) {
+  return [...new Uint8Array(buffer)].map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+
+// src/resolver/resolver.ts
+async function resolveRule(source) {
+  const { uri, hash: hash2 } = source;
+  if (uri.startsWith("inline://")) {
+    const encoded = uri.replace("inline://", "");
+    const json = JSON.parse(atob(encoded));
+    return { config: json, source };
+  }
+  if (uri.startsWith("ipfs://")) {
+    const cid = uri.replace("ipfs://", "");
+    const url = `https://ipfs.io/ipfs/${cid}`;
+    const config = await fetchJsonWithHashCheck(url, hash2);
+    return { config, source };
+  }
+  if (uri.startsWith("http://") || uri.startsWith("https://")) {
+    const config = await fetchJsonWithHashCheck(uri, hash2);
+    return { config, source };
+  }
+  throw new Error("UNSUPPORTED_RULE_URI");
+}
+
+// src/decision-proof/hash.ts
+import { keccak256 } from "ethers";
+function stableStringify(obj) {
+  if (Array.isArray(obj)) {
+    return `[${obj.map(stableStringify).join(",")}]`;
+  }
+  if (obj && typeof obj === "object") {
+    return `{${Object.keys(obj).sort().map(
+      (k) => `"${k}":${stableStringify(obj[k])}`
+    ).join(",")}}`;
+  }
+  return JSON.stringify(obj);
+}
+function hashContext(context) {
+  return keccak256(Buffer.from(stableStringify(context)));
+}
+function hashRuleSet(ruleConfig) {
+  return keccak256(Buffer.from(stableStringify(ruleConfig)));
+}
+
+// src/decision-proof/generate.ts
+import { ethers, ZeroAddress } from "ethers";
+
+// src/utils/randomHex.ts
+function randomHex(bytes) {
+  if (typeof globalThis.crypto !== "undefined" && crypto.getRandomValues) {
+    const arr = new Uint8Array(bytes);
+    crypto.getRandomValues(arr);
+    return "0x" + Array.from(arr, (b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  const { randomBytes } = __require("crypto");
+  return "0x" + randomBytes(bytes).toString("hex");
+}
+
+// src/decision-proof/generate.ts
+var hash = (v) => ethers.keccak256(ethers.toUtf8Bytes(v));
+async function generateDecisionProof(params) {
+  const now = params.blockTimestamp ?? Math.floor(Date.now() / 1e3);
+  const issuedAt = now - 30;
+  const expiresAt = now + (params.ttlSeconds ?? 300);
+  const chainId = params.chainId ?? Number((await params.signer.provider.getNetwork()).chainId);
+  const requiresAttestation = Array.isArray(params.ruleConfig?.requires) && params.ruleConfig.requires.length > 0;
+  const payload = {
+    version: hash("2"),
+    payId: hash(params.payId),
+    payer: params.payer,
+    receiver: params.receiver,
+    asset: params.asset,
+    amount: params.amount,
+    contextHash: hashContext(params.context),
+    ruleSetHash: hashRuleSet(params.ruleConfig),
+    ruleAuthority: params.ruleAuthority ?? ZeroAddress,
+    issuedAt: BigInt(issuedAt),
+    expiresAt: BigInt(expiresAt),
+    nonce: randomHex(32),
+    requiresAttestation
+  };
+  const domain = {
+    name: "PAY.ID Decision",
+    version: "2",
+    chainId,
+    verifyingContract: params.verifyingContract
+  };
+  const types = {
+    Decision: [
+      { name: "version", type: "bytes32" },
+      { name: "payId", type: "bytes32" },
+      { name: "payer", type: "address" },
+      { name: "receiver", type: "address" },
+      { name: "asset", type: "address" },
+      { name: "amount", type: "uint256" },
+      { name: "contextHash", type: "bytes32" },
+      { name: "ruleSetHash", type: "bytes32" },
+      { name: "ruleAuthority", type: "address" },
+      { name: "issuedAt", type: "uint64" },
+      { name: "expiresAt", type: "uint64" },
+      { name: "nonce", type: "bytes32" },
+      { name: "requiresAttestation", type: "bool" }
+    ]
+  };
+  const signature = await params.signer.signTypedData(domain, types, payload);
+  const recovered = ethers.verifyTypedData(domain, types, payload, signature);
+  if (recovered.toLowerCase() !== params.payer.toLowerCase()) {
+    throw new Error("SIGNATURE_MISMATCH");
+  }
+  return { payload, signature };
+}
+
+// src/erc4337/build.ts
+import { ethers as ethers2 } from "ethers";
+var PAY_WITH_PAYID_ABI = [
+  // ETH payment — attestationUIDs adalah EAS UIDs, pass [] jika tidak perlu
+  "function payETH((bytes32 version, bytes32 payId, address payer, address receiver, address asset, uint256 amount, bytes32 contextHash, bytes32 ruleSetHash, address ruleAuthority, uint64 issuedAt, uint64 expiresAt, bytes32 nonce, bool requiresAttestation) d, bytes sig, bytes32[] attestationUIDs) payable",
+  // ERC20 payment
+  "function payERC20((bytes32 version, bytes32 payId, address payer, address receiver, address asset, uint256 amount, bytes32 contextHash, bytes32 ruleSetHash, address ruleAuthority, uint64 issuedAt, uint64 expiresAt, bytes32 nonce, bool requiresAttestation) d, bytes sig, bytes32[] attestationUIDs)"
+];
+function buildPayETHCallData(contractAddress, proof, attestationUIDs = []) {
+  const iface = new ethers2.Interface(PAY_WITH_PAYID_ABI);
+  return iface.encodeFunctionData("payETH", [
+    proof.payload,
+    proof.signature,
+    attestationUIDs
+  ]);
+}
+function buildPayERC20CallData(contractAddress, proof, attestationUIDs = []) {
+  const iface = new ethers2.Interface(PAY_WITH_PAYID_ABI);
+  return iface.encodeFunctionData("payERC20", [
+    proof.payload,
+    proof.signature,
+    attestationUIDs
+  ]);
+}
+
+// src/erc4337/userop.ts
+function buildUserOperation(params) {
+  return {
+    sender: params.sender,
+    nonce: params.nonce,
+    initCode: params.initCode ?? "0x",
+    callData: params.callData,
+    callGasLimit: params.gas.callGasLimit,
+    verificationGasLimit: params.gas.verificationGasLimit,
+    preVerificationGas: params.gas.preVerificationGas,
+    maxFeePerGas: params.gas.maxFeePerGas,
+    maxPriorityFeePerGas: params.gas.maxPriorityFeePerGas,
+    paymasterAndData: params.paymasterAndData ?? "0x",
+    signature: "0x"
+    // signed later by smart account
+  };
+}
 
 // src/core/payid.ts
 function isRuleSource(rule) {
@@ -43,31 +388,24 @@ var PayID = class {
     this.debugTrace = debugTrace;
     this.trustedIssuers = trustedIssuers;
   }
-  /**
-   * Pure evaluation — client-safe
-   */
   async evaluate(context, rule) {
     const config = isRuleSource(rule) ? (await resolveRule(rule)).config : rule;
-    return evaluate(this.wasm, context, config, {
+    return evaluate(context, config, {
       debug: this.debugTrace,
       trustedIssuers: this.trustedIssuers
-    });
+    }, this.wasm);
   }
-  /**
-   * Evaluate + generate Decision Proof
-   * FIX: parameter rename ruleRegistryContract → ruleAuthority
-   */
   async evaluateAndProve(params) {
     const authorityConfig = isRuleSource(params.authorityRule) ? (await resolveRule(params.authorityRule)).config : params.authorityRule;
     const evalConfig = params.evaluationRule ?? authorityConfig;
     const result = await evaluate(
-      this.wasm,
       params.context,
       evalConfig,
       {
         debug: this.debugTrace,
         trustedIssuers: this.trustedIssuers
-      }
+      },
+      this.wasm
     );
     if (result.decision !== "ALLOW") {
       return { result, proof: null };
@@ -83,14 +421,12 @@ var PayID = class {
       signer: params.signer,
       verifyingContract: params.verifyingContract,
       ruleAuthority: params.ruleAuthority,
-      chainId: params.context?.tx?.chainId,
-      ttlSeconds: params.ttlSeconds
+      chainId: params.chainId ?? params.context?.tx?.chainId,
+      ttlSeconds: params.ttlSeconds,
+      blockTimestamp: params.blockTimestamp
     });
     return { result, proof };
   }
-  /**
-   * Build ERC-4337 UserOperation
-   */
   buildUserOperation(params) {
     const attestationUIDs = params.attestationUIDs ?? [];
     const isETH = params.paymentType === "eth";
@@ -114,13 +450,265 @@ function createPayID(params) {
   );
 }
 
+// src/sessionPolicy/index.ts
+var sessionPolicy_exports = {};
+__export(sessionPolicy_exports, {
+  createSessionPolicyPayload: () => createSessionPolicyPayload,
+  decodeSessionPolicy: () => decodeSessionPolicy
+});
+
+// src/sessionPolicy/create.ts
+import { ethers as ethers3 } from "ethers";
+
+// src/rule/canonicalize.ts
+function canonicalizeRuleSet(ruleSet) {
+  return {
+    version: ruleSet.version ?? "1",
+    logic: ruleSet.logic,
+    rules: ruleSet.rules.map((rule) => canonicalizeRule(rule)).sort((a, b) => a.id.localeCompare(b.id))
+  };
+}
+function canonicalizeRule(rule) {
+  const base = { id: rule.id, ...rule.message ? { message: rule.message } : {} };
+  if ("rules" in rule && Array.isArray(rule.rules)) {
+    return {
+      ...base,
+      logic: rule.logic,
+      rules: rule.rules.map((r) => canonicalizeRule(r)).sort((a, b) => a.id.localeCompare(b.id))
+    };
+  }
+  if ("conditions" in rule && Array.isArray(rule.conditions)) {
+    return {
+      ...base,
+      logic: rule.logic,
+      conditions: rule.conditions.map((c) => canonicalizeObject(c))
+    };
+  }
+  return {
+    ...base,
+    if: canonicalizeObject(rule.if)
+  };
+}
+function canonicalizeObject(obj) {
+  if (obj === void 0) {
+    throw new Error("Undefined value not allowed in canonical object");
+  }
+  if (typeof obj === "function" || typeof obj === "symbol") {
+    throw new Error("Non-JSON value not allowed in canonical object");
+  }
+  if (obj instanceof Date) return obj.toISOString();
+  if (typeof obj === "bigint") return obj.toString();
+  if (Array.isArray(obj)) {
+    return obj.map(canonicalizeObject);
+  }
+  if (typeof obj === "object" && obj !== null) {
+    return Object.keys(obj).sort().reduce((acc, key) => {
+      acc[key] = canonicalizeObject(obj[key]);
+      return acc;
+    }, {});
+  }
+  return obj;
+}
+
+// src/sessionPolicy/create.ts
+async function createSessionPolicyPayload(params) {
+  const issuedAt = Math.floor(Date.now() / 1e3);
+  const nonce = randomHex(16);
+  const payload = {
+    version: "payid.session.policy.v1",
+    receiver: params.receiver,
+    rule: canonicalizeRuleSet(params.rule),
+    issuedAt,
+    expiresAt: params.expiresAt,
+    nonce
+  };
+  const message = ethers3.keccak256(
+    ethers3.toUtf8Bytes(JSON.stringify(payload))
+  );
+  const signature = await params.signer.signMessage(message);
+  return {
+    ...payload,
+    signature
+  };
+}
+
+// src/sessionPolicy/decode.ts
+import { ethers as ethers4 } from "ethers";
+function decodeSessionPolicy(sessionPolicy, now) {
+  if (sessionPolicy.version !== "payid.session.policy.v1") {
+    throw new Error("INVALID_SESSION_POLICY_VERSION");
+  }
+  if (now > sessionPolicy.expiresAt) {
+    throw new Error("SESSION_POLICY_EXPIRED");
+  }
+  const payload = {
+    version: sessionPolicy.version,
+    receiver: sessionPolicy.receiver,
+    rule: sessionPolicy.rule,
+    issuedAt: sessionPolicy.issuedAt,
+    expiresAt: sessionPolicy.expiresAt,
+    nonce: sessionPolicy.nonce
+  };
+  const message = ethers4.keccak256(
+    ethers4.toUtf8Bytes(JSON.stringify(payload))
+  );
+  const recovered = ethers4.verifyMessage(
+    message,
+    sessionPolicy.signature
+  );
+  if (recovered.toLowerCase() !== sessionPolicy.receiver.toLowerCase()) {
+    throw new Error("INVALID_SESSION_POLICY_SIGNATURE");
+  }
+  return sessionPolicy.rule;
+}
+
+// src/rule/index.ts
+var rule_exports = {};
+__export(rule_exports, {
+  canonicalizeRuleSet: () => canonicalizeRuleSet,
+  combineRules: () => combineRules,
+  hashRuleSet: () => hashRuleSet2
+});
+
+// src/rule/combine.ts
+function combineRules(defaultRuleSet, sessionRule) {
+  return canonicalizeRuleSet({
+    version: defaultRuleSet.version ?? "1",
+    logic: "AND",
+    rules: [
+      ...defaultRuleSet.rules,
+      ...sessionRule
+    ]
+  });
+}
+
+// src/rule/hash.ts
+import { keccak256 as keccak2562, toUtf8Bytes } from "ethers";
+function hashRuleSet2(ruleSet) {
+  return keccak2562(
+    toUtf8Bytes(JSON.stringify(ruleSet))
+  );
+}
+
+// src/issuer/index.ts
+var issuer_exports = {};
+__export(issuer_exports, {
+  issueEnvContext: () => issueEnvContext,
+  issueOracleContext: () => issueOracleContext,
+  issueRiskContext: () => issueRiskContext,
+  issueStateContext: () => issueStateContext,
+  signAttestation: () => signAttestation
+});
+
+// src/issuer/issueEnvContext.ts
+import "ethers";
+
+// src/issuer/signAttestation.ts
+import { keccak256 as keccak2563, toUtf8Bytes as toUtf8Bytes2 } from "ethers";
+async function signAttestation(issuerWallet, payload, ttlSeconds = 60) {
+  const issuedAt = Math.floor(Date.now() / 1e3);
+  const expiresAt = issuedAt + ttlSeconds;
+  const hash2 = keccak2563(
+    toUtf8Bytes2(JSON.stringify(payload))
+  );
+  const signature = await issuerWallet.signMessage(
+    Buffer.from(hash2.slice(2), "hex")
+  );
+  return {
+    issuer: issuerWallet.address,
+    issuedAt,
+    expiresAt,
+    signature
+  };
+}
+
+// src/issuer/issueEnvContext.ts
+async function issueEnvContext(wallet) {
+  const payload = {
+    timestamp: Math.floor(Date.now() / 1e3)
+  };
+  return {
+    ...payload,
+    proof: await signAttestation(wallet, payload, 30)
+  };
+}
+
+// src/issuer/issueOracleContext.ts
+async function issueOracleContext(wallet, data) {
+  const proof = await signAttestation(wallet, data, 120);
+  return { ...data, proof };
+}
+
+// src/issuer/issueRiskContext.ts
+async function issueRiskContext(wallet, score, category, modelHash) {
+  const payload = { score, category, modelHash };
+  const signAttestationData = await signAttestation(wallet, payload, 120);
+  return {
+    score,
+    category,
+    proof: {
+      ...signAttestationData,
+      modelHash
+    }
+  };
+}
+
+// src/issuer/issueStateContext.ts
+async function issueStateContext(wallet, spentToday, period) {
+  const payload = { spentToday, period };
+  return {
+    ...payload,
+    proof: await signAttestation(wallet, payload, 60)
+  };
+}
+
+// src/context/index.ts
+var context_exports = {};
+__export(context_exports, {
+  buildContextV2: () => buildContextV2
+});
+
+// src/context/contextV2.ts
+async function buildContextV2(params) {
+  const ctx = {
+    ...params.baseContext
+  };
+  if (params.env) {
+    ctx.env = await issueEnvContext(
+      params.env.issuer
+    );
+  }
+  if (params.state) {
+    ctx.state = await issueStateContext(
+      params.state.issuer,
+      params.state.spentToday,
+      params.state.period
+    );
+  }
+  if (params.oracle) {
+    ctx.oracle = await issueOracleContext(
+      params.oracle.issuer,
+      params.oracle.data
+    );
+  }
+  if (params.risk) {
+    ctx.risk = await issueRiskContext(
+      params.risk.issuer,
+      params.risk.score,
+      params.risk.category,
+      params.risk.modelHash
+    );
+  }
+  return ctx;
+}
+
 // src/eas.ts
 var eas_exports = {};
 __export(eas_exports, {
   EASClient: () => EASClient,
   EAS_ADDRESSES: () => EAS_ADDRESSES
 });
-import { ethers } from "ethers";
+import { ethers as ethers5 } from "ethers";
 var EAS_ABI = [
   "function getAttestation(bytes32 uid) external view returns (tuple(bytes32 uid, bytes32 schema, uint64 time, uint64 expirationTime, uint64 revocationTime, bytes32 refUID, address attester, address recipient, bool revocable, bytes data))",
   "function isAttestationValid(bytes32 uid) external view returns (bool)",
@@ -129,7 +717,7 @@ var EAS_ABI = [
 var EASClient = class {
   contract;
   constructor(options) {
-    this.contract = new ethers.Contract(
+    this.contract = new ethers5.Contract(
       options.easAddress,
       EAS_ABI,
       options.provider
@@ -204,6 +792,146 @@ var EAS_ADDRESSES = {
   4202: "0xC2679fBD37d54388Ce493F1DB75320D236e1815e"
   // Lisk Sepolia
 };
+
+// src/core/client/index.ts
+var client_exports = {};
+__export(client_exports, {
+  createPayID: () => createPayID2
+});
+
+// src/core/client/client.ts
+import "ethers";
+function isRuleSource2(rule) {
+  return typeof rule === "object" && rule !== null && "uri" in rule;
+}
+var PayIDClient = class {
+  constructor(debugTrace, wasm) {
+    this.debugTrace = debugTrace;
+    this.wasm = wasm;
+  }
+  async evaluate(context, rule) {
+    const config = isRuleSource2(rule) ? (await resolveRule(rule)).config : rule;
+    return evaluate(context, config, { debug: this.debugTrace }, this.wasm);
+  }
+  async evaluateAndProve(params) {
+    const authorityConfig = isRuleSource2(params.authorityRule) ? (await resolveRule(params.authorityRule)).config : params.authorityRule;
+    const evalConfig = params.evaluationRule ?? (params.sessionPolicy ? combineRules(
+      authorityConfig,
+      decodeSessionPolicy(
+        params.sessionPolicy,
+        Math.floor(Date.now() / 1e3)
+      ).rules
+    ) : authorityConfig);
+    const result = await evaluate(
+      params.context,
+      evalConfig,
+      { debug: this.debugTrace },
+      this.wasm
+    );
+    if (result.decision !== "ALLOW") {
+      return { result, proof: null };
+    }
+    const proof = await generateDecisionProof({
+      payId: params.payId,
+      payer: params.payer,
+      receiver: params.receiver,
+      asset: params.asset,
+      amount: params.amount,
+      context: params.context,
+      ruleConfig: authorityConfig,
+      signer: params.signer,
+      verifyingContract: params.verifyingContract,
+      ruleAuthority: params.ruleAuthority,
+      chainId: params.chainId ?? params.context?.tx?.chainId,
+      ttlSeconds: params.ttlSeconds,
+      blockTimestamp: params.blockTimestamp
+    });
+    return { result, proof };
+  }
+};
+
+// src/core/client/index.ts
+function createPayID2(params) {
+  return new PayIDClient(
+    params.debugTrace ?? false,
+    params.wasm
+  );
+}
+
+// src/core/server/index.ts
+var server_exports = {};
+__export(server_exports, {
+  createPayID: () => createPayID3
+});
+
+// src/core/server/server.ts
+function isRuleSource3(rule) {
+  return typeof rule === "object" && rule !== null && "uri" in rule;
+}
+var PayIDServer = class {
+  constructor(signer, trustedIssuers, debugTrace, wasm) {
+    this.signer = signer;
+    this.trustedIssuers = trustedIssuers;
+    this.debugTrace = debugTrace;
+    this.wasm = wasm;
+  }
+  async evaluateAndProve(params) {
+    const authorityConfig = isRuleSource3(params.authorityRule) ? (await resolveRule(params.authorityRule)).config : params.authorityRule;
+    const evalConfig = params.evaluationRule ?? authorityConfig;
+    const result = await evaluate(
+      params.context,
+      evalConfig,
+      {
+        debug: this.debugTrace,
+        trustedIssuers: this.trustedIssuers
+      },
+      this.wasm
+    );
+    if (result.decision !== "ALLOW") {
+      return { result, proof: null };
+    }
+    const proof = await generateDecisionProof({
+      payId: params.payId,
+      payer: params.payer,
+      receiver: params.receiver,
+      asset: params.asset,
+      amount: params.amount,
+      context: params.context,
+      ruleConfig: authorityConfig,
+      signer: this.signer,
+      verifyingContract: params.verifyingContract,
+      ruleAuthority: params.ruleAuthority,
+      chainId: params.chainId ?? params.context?.tx?.chainId,
+      ttlSeconds: params.ttlSeconds,
+      blockTimestamp: params.blockTimestamp
+    });
+    return { result, proof };
+  }
+  buildUserOperation(params) {
+    const callData = buildPayERC20CallData(
+      params.targetContract,
+      params.proof,
+      params.attestationUIDs ?? []
+    );
+    return buildUserOperation({
+      sender: params.smartAccount,
+      nonce: params.nonce,
+      callData,
+      gas: params.gas,
+      paymasterAndData: params.paymasterAndData
+    });
+  }
+};
+
+// src/core/server/index.ts
+function createPayID3(params) {
+  return new PayIDServer(
+    params.signer,
+    params.trustedIssuers,
+    params.debugTrace ?? false,
+    params.wasm
+  );
+}
 export {
   client_exports as client,
   context_exports as context,