payid 0.3.9 → 0.4.1

package/dist/index-CiTDNVSZ.d.ts

@@ -1,158 +0,0 @@
-import { ethers } from 'ethers';
-import { RuleContext, RuleConfig, RuleResult } from 'payid-types';
-import { R as RuleSource, D as DecisionProof } from './types-B8pJQdMQ.js';
-
-interface UserOperation {
-    sender: string;
-    nonce: string;
-    initCode: string;
-    callData: string;
-    callGasLimit: string;
-    verificationGasLimit: string;
-    preVerificationGas: string;
-    maxFeePerGas: string;
-    maxPriorityFeePerGas: string;
-    paymasterAndData: string;
-    signature: string;
-}
-
-/**
- * @class PayIDServer
- * @description Server-side PayID engine.
- *
- * Digunakan ketika butuh:
- * - Context V2 (env, state, oracle, risk) dengan trusted issuers
- * - Build ERC-4337 UserOperation untuk bundler
- *
- * Signer di-inject saat construct — jangan pakai ini di browser.
- *
- * @example
- * ```ts
- * // Server/bundler side
- * const server = new PayIDServer(wasmBinary, serverSigner, trustedIssuers)
- *
- * const { result, proof } = await server.evaluateAndProve({
- *   context: contextV2,    // ← Context V2 dengan attestations
- *   authorityRule,
- *   payId: "pay.id/merchant",
- *   payer: "0xPAYER",
- *   receiver: "0xRECEIVER",
- *   asset: USDT_ADDRESS,
- *   amount: parseUnits("100", 6),
- *   verifyingContract: PAYID_VERIFIER_ADDRESS,
- *   ruleAuthority: RULE_AUTHORITY_ADDRESS,
- * })
- * ```
- */
-declare class PayIDServer {
-    private readonly wasm;
-    private readonly signer;
-    private readonly trustedIssuers?;
-    private readonly debugTrace?;
-    constructor(wasm: Uint8Array, signer: ethers.Signer, trustedIssuers?: Set<string> | undefined, debugTrace?: boolean | undefined);
-    /**
-     * Evaluate + generate proof dengan signer dari constructor
-     */
-    evaluateAndProve(params: {
-        context: RuleContext;
-        authorityRule: RuleConfig | RuleSource;
-        evaluationRule?: RuleConfig;
-        payId: string;
-        payer: string;
-        receiver: string;
-        asset: string;
-        amount: bigint;
-        verifyingContract: string;
-        ruleAuthority: string;
-        ttlSeconds?: number;
-    }): Promise<{
-        result: RuleResult;
-        proof: DecisionProof | null;
-    }>;
-    /**
-     * Build ERC-4337 UserOperation dari Decision Proof
-     * Untuk bundler/relayer — server only
-     */
-    buildUserOperation(params: {
-        proof: DecisionProof;
-        smartAccount: string;
-        nonce: string;
-        gas: any;
-        targetContract: string;
-        paymasterAndData?: string;
-    }): UserOperation;
-}
-
-/**
- * Create a PayID policy engine instance backed by a WASM rule evaluator.
- *
- * ## Responsibility
- *
- * - Holds the WASM binary used for rule execution
- * - Defines the trust boundary for context attestation verification
- * - Acts as the primary entry point for PayID rule evaluation
- *
- * ## Trust model
- *
- * - If `trustedIssuers` is provided, Context V2 attestation
- *   verification is ENFORCED.
- * - If `trustedIssuers` is omitted, the engine runs in
- *   legacy (Context V1) mode without cryptographic verification.
- *
- * ## Environment
- *
- * This class is safe to instantiate in:
- * - Browsers
- * - Mobile apps
- * - Edge runtimes
- * - Backend services
- *
- * @param wasm
- *   Compiled PayID WASM rule engine binary.
- *
- * @param signer
- *   Signer account
- *
- * @param debugTrace
- *   Optional flag to enable decision trace generation for debugging.
- *
- * @param trustedIssuers
- *   Optional set of trusted attestation issuer addresses.
- *
- *   When provided, Context V2 attestation verification is ENFORCED:
- *   - Only attestations issued by addresses in this set are accepted.
- *   - Missing, expired, or invalid attestations cause evaluation to fail.
- *
- *   When omitted, the engine runs in legacy (Context V1) mode
- *   without cryptographic verification.
- *
- *   ⚠️ Important:
- *   - Do NOT pass an empty Set.
- *     An empty set means "no issuer is trusted" and will
- *     cause all attestations to be rejected.
- *
- *   @example
- *   ```ts
- *   const trustedIssuers = new Set([
- *     TIME_ISSUER,
- *     STATE_ISSUER,
- *     ORACLE_ISSUER,
- *     RISK_ISSUER
- *   ]);
- *
- *   const payid = new PayID(wasmBinary, ethers.Signer,  debugTrace, trustedIssuers);
- *   ```
- */
-declare function createPayID(params: {
-    wasm: Uint8Array;
-    signer: ethers.Signer;
-    debugTrace?: boolean;
-    trustedIssuers?: Set<string>;
-}): PayIDServer;
-
-declare const index_createPayID: typeof createPayID;
-declare namespace index {
-  export { index_createPayID as createPayID };
-}
-
-export { type UserOperation as U, createPayID as c, index as i };

package/dist/index-DuOeYzN2.d.ts

@@ -1,118 +0,0 @@
-import { ethers } from 'ethers';
-import { P as PayIDSessionPolicyPayloadV1 } from './types-DKt-zH0P.js';
-import { RuleConfig } from 'payid-types';
-
-/**
- * Create and sign an ephemeral PayID session policy payload.
- *
- * A session policy represents a **temporary, off-chain consent**
- * granted by the receiver to apply additional rule constraints
- * during rule evaluation (e.g. session limits, QR payments,
- * intent-scoped conditions).
- *
- * ## Security model
- *
- * - The session policy is signed by the receiver.
- * - The signature proves **explicit consent** for the included rule.
- * - This policy does NOT establish on-chain authority and MUST NOT
- *   be registered or referenced in any on-chain rule registry.
- *
- * ## Canonicalization
- *
- * - The rule set is canonicalized BEFORE signing to ensure
- *   deterministic hashing and signature verification.
- * - The exact payload signed here MUST be used verbatim during
- *   policy verification.
- *
- * ## Lifecycle
- *
- * - Session policies are valid only until `expiresAt`.
- * - Expired policies MUST be rejected by the verifier.
- *
- * @param params
- * @param params.receiver
- *   Address of the receiver granting the session policy.
- *
- * @param params.rule
- *   Rule configuration to be applied as an **off-chain evaluation
- *   override** during the session.
- *
- * @param params.expiresAt
- *   UNIX timestamp (seconds) indicating when the session policy
- *   becomes invalid.
- *
- * @param params.signer
- *   Signer controlling the receiver address, used to sign the
- *   session policy payload.
- *
- * @returns
- *   A signed `PayIDSessionPolicyPayloadV1` that may be transmitted
- *   to clients and verified using `decodeSessionPolicy`.
- *
- * @throws
- *   May throw if signing fails or the signer is misconfigured.
- */
-declare function createSessionPolicyPayload(params: {
-    receiver: string;
-    rule: {
-        version: string;
-        logic: "AND";
-        rules: any[];
-    };
-    expiresAt: number;
-    signer: ethers.Signer;
-}): Promise<PayIDSessionPolicyPayloadV1>;
-
-/**
- * Decode and verify an ephemeral PayID session policy.
- *
- * This function validates that a session policy:
- * - Uses a supported policy version
- * - Has not expired
- * - Was cryptographically signed by the declared receiver
- *
- * If all checks pass, the embedded rule configuration is returned
- * and may be used as an **off-chain evaluation override**
- * (e.g. combined with an authoritative on-chain rule).
- *
- * ## Security model
- *
- * - The session policy signature represents **explicit consent**
- *   from the receiver for temporary rule constraints.
- * - This policy does NOT establish on-chain authority and MUST NOT
- *   be used to derive `ruleSetHash` or interact with rule registries.
- *
- * ## Invariants
- *
- * - The payload verified here MUST match exactly the payload that was signed.
- * - No canonicalization or mutation is performed during verification.
- * - Expired or invalidly signed policies are rejected immediately.
- *
- * @export
- *
- * @param sessionPolicy
- *   A signed session policy payload created by
- *   `createSessionPolicyPayload`.
- *
- * @param now
- *   Current UNIX timestamp (seconds) used to validate policy expiry.
- *
- * @returns
- *   A `RuleConfig` representing the session's evaluation rule.
- *
- * @throws
- *   Throws if:
- *   - The policy version is unsupported
- *   - The policy has expired
- *   - The signature does not match the receiver
- */
-declare function decodeSessionPolicy(sessionPolicy: PayIDSessionPolicyPayloadV1, now: number): RuleConfig;
-
-declare const index_PayIDSessionPolicyPayloadV1: typeof PayIDSessionPolicyPayloadV1;
-declare const index_createSessionPolicyPayload: typeof createSessionPolicyPayload;
-declare const index_decodeSessionPolicy: typeof decodeSessionPolicy;
-declare namespace index {
-  export { index_PayIDSessionPolicyPayloadV1 as PayIDSessionPolicyPayloadV1, index_createSessionPolicyPayload as createSessionPolicyPayload, index_decodeSessionPolicy as decodeSessionPolicy };
-}
-
-export { createSessionPolicyPayload as c, decodeSessionPolicy as d, index as i };

package/dist/index-on2SYkvq.d.ts

@@ -1,114 +0,0 @@
-import { RuleContext, RuleConfig, RuleResult } from 'payid-types';
-import { ethers } from 'ethers';
-import { R as RuleSource, D as DecisionProof } from './types-B8pJQdMQ.js';
-import { P as PayIDSessionPolicyPayloadV1 } from './types-DKt-zH0P.js';
-
-/**
- * @class PayIDClient
- * @description Client-side PayID engine.
- *
- * Fully serverless — aman dipakai di browser, mobile, edge.
- * Tidak butuh issuer wallet, tidak butuh server.
- *
- * Untuk attestation, gunakan EAS UIDs yang di-fetch via `eas.EASClient`.
- *
- * @example
- * ```ts
- * const client = new PayIDClient(wasmBinary)
- *
- * // 1. Evaluate rule
- * const result = await client.evaluate(context, ruleConfig)
- *
- * // 2. Evaluate + generate proof (payer sign sendiri)
- * const { result, proof } = await client.evaluateAndProve({
- *   context,
- *   authorityRule: ruleConfig,
- *   payId: "pay.id/merchant",
- *   payer: await signer.getAddress(),
- *   receiver: "0xRECEIVER",
- *   asset: USDT_ADDRESS,
- *   amount: parseUnits("100", 6),
- *   signer,
- *   verifyingContract: PAYID_VERIFIER_ADDRESS,
- *   ruleAuthority: RULE_AUTHORITY_ADDRESS,
- * })
- * ```
- */
-declare class PayIDClient {
-    private readonly wasm;
-    private readonly debugTrace?;
-    constructor(wasm: Uint8Array, debugTrace?: boolean | undefined);
-    /**
-     * Pure rule evaluation — client-safe, no signing, no server
-     */
-    evaluate(context: RuleContext, rule: RuleConfig | RuleSource): Promise<RuleResult>;
-    /**
-     * Evaluate + generate EIP-712 Decision Proof.
-     * Payer sign sendiri menggunakan wallet mereka — tidak butuh server.
-     */
-    evaluateAndProve(params: {
-        context: RuleContext;
-        authorityRule: RuleConfig | RuleSource;
-        evaluationRule?: RuleConfig;
-        sessionPolicy?: PayIDSessionPolicyPayloadV1;
-        payId: string;
-        payer: string;
-        receiver: string;
-        asset: string;
-        amount: bigint;
-        signer: ethers.Signer;
-        verifyingContract: string;
-        ruleAuthority: string;
-        ttlSeconds?: number;
-    }): Promise<{
-        result: RuleResult;
-        proof: DecisionProof | null;
-    }>;
-}
-
-/**
- * Create a PayID policy engine instance backed by a WASM rule evaluator.
- *
- * ## Responsibility
- *
- * - Holds the WASM binary used for rule execution
- * - Defines the trust boundary for context attestation verification
- * - Acts as the primary entry point for PayID rule evaluation
- *
- * ## Trust model
- *
- * - If `trustedIssuers` is provided, Context V2 attestation
- *   verification is ENFORCED.
- * - If `trustedIssuers` is omitted, the engine runs in
- *   legacy (Context V1) mode without cryptographic verification.
- *
- * ## Environment
- *
- * This class is safe to instantiate in:
- * - Browsers
- * - Mobile apps
- * - Edge runtimes
- * - Backend services
- *
- * @param wasm
- *   Compiled PayID WASM rule engine binary.
- *
- * @param debugTrace
- *   Optional flag to enable decision trace generation for debugging.
- *   @example
- *   ```ts
- *
- *   const payid = new PayID(wasmBinary, debugTrace);
- *   ```
- */
-declare function createPayID(params: {
-    wasm: Uint8Array;
-    debugTrace?: boolean;
-}): PayIDClient;
-
-declare const index_createPayID: typeof createPayID;
-declare namespace index {
-  export { index_createPayID as createPayID };
-}
-
-export { createPayID as c, index as i };

package/dist/issuer/index.d.ts

@@ -1,3 +0,0 @@
-export { a as issueEnvContext, b as issueOracleContext, c as issueRiskContext, d as issueStateContext, s as signAttestation } from '../index-2JCvey4-.js';
-import 'payid-types';
-import 'ethers';

package/dist/issuer/index.js

@@ -1,16 +0,0 @@
-import "../chunk-AOKLY2QN.js";
-import {
-  issueEnvContext,
-  issueOracleContext,
-  issueRiskContext,
-  issueStateContext,
-  signAttestation
-} from "../chunk-7U3P7XJE.js";
-import "../chunk-R5U7XKVJ.js";
-export {
-  issueEnvContext,
-  issueOracleContext,
-  issueRiskContext,
-  issueStateContext,
-  signAttestation
-};

package/dist/rule/index.d.ts

@@ -1,2 +0,0 @@
-export { a as canonicalizeRuleSet, c as combineRules, h as hashRuleSet } from '../index-C7vziL_Z.js';
-import 'payid-types';

package/dist/rule/index.js

@@ -1,15 +0,0 @@
-import {
-  hashRuleSet
-} from "../chunk-JRVCGSKK.js";
-import {
-  combineRules
-} from "../chunk-QYH3FNQ4.js";
-import {
-  canonicalizeRuleSet
-} from "../chunk-JJEWYFOV.js";
-import "../chunk-R5U7XKVJ.js";
-export {
-  canonicalizeRuleSet,
-  combineRules,
-  hashRuleSet
-};

package/dist/sessionPolicy/index.d.ts

@@ -1,4 +0,0 @@
-export { c as createSessionPolicyPayload, d as decodeSessionPolicy } from '../index-DuOeYzN2.js';
-export { P as PayIDSessionPolicyPayloadV1 } from '../types-DKt-zH0P.js';
-import 'ethers';
-import 'payid-types';

package/dist/sessionPolicy/index.js

@@ -1,13 +0,0 @@
-import {
-  createSessionPolicyPayload
-} from "../chunk-ATWJEWZH.js";
-import {
-  decodeSessionPolicy
-} from "../chunk-MXKZJKXE.js";
-import "../chunk-JJEWYFOV.js";
-import "../chunk-5ZEKI5Y2.js";
-import "../chunk-R5U7XKVJ.js";
-export {
-  createSessionPolicyPayload,
-  decodeSessionPolicy
-};

package/dist/types-B8pJQdMQ.d.ts

@@ -1,26 +0,0 @@
-interface RuleSource {
-    uri: string;
-    hash?: string;
-}
-
-interface DecisionPayload {
-    version: string;
-    payId: string;
-    payer: string;
-    receiver: string;
-    asset: string;
-    amount: bigint;
-    contextHash: string;
-    ruleSetHash: string;
-    ruleAuthority: string;
-    issuedAt: bigint;
-    expiresAt: bigint;
-    nonce: string;
-    requiresAttestation: boolean;
-}
-interface DecisionProof {
-    payload: DecisionPayload;
-    signature: string;
-}
-
-export type { DecisionProof as D, RuleSource as R };

package/dist/types-DKt-zH0P.d.ts

@@ -1,15 +0,0 @@
-interface PayIDSessionPolicyPayloadV1 {
-    version: "payid.session.policy.v1" | string;
-    receiver: string;
-    rule: {
-        version: string;
-        logic: "AND" | "OR";
-        rules: any[];
-    };
-    expiresAt: number;
-    nonce: string;
-    issuedAt: number;
-    signature: string;
-}
-
-export type { PayIDSessionPolicyPayloadV1 as P };