payid 0.4.1 → 0.4.2

package/dist/index-C1DHMQA0.d.ts

@@ -0,0 +1,154 @@
+import { ethers } from 'ethers';
+import { RuleContext, RuleConfig, RuleResult } from 'payid-types';
+import { R as RuleSource, D as DecisionProof } from './types-B8pJQdMQ.js';
+
+interface UserOperation {
+    sender: string;
+    nonce: string;
+    initCode: string;
+    callData: string;
+    callGasLimit: string;
+    verificationGasLimit: string;
+    preVerificationGas: string;
+    maxFeePerGas: string;
+    maxPriorityFeePerGas: string;
+    paymasterAndData: string;
+    signature: string;
+}
+
+/**
+ * @class PayIDServer
+ * @description Server-side PayID engine.
+ *
+ * Digunakan ketika butuh:
+ * - Context V2 (env, state, oracle, risk) dengan trusted issuers
+ * - Build ERC-4337 UserOperation untuk bundler
+ *
+ * Signer di-inject saat construct — jangan pakai ini di browser.
+ *
+ * @example
+ * ```ts
+ * // Server/bundler side
+ * const server = new PayIDServer(wasmBinary, serverSigner, trustedIssuers)
+ *
+ * const { result, proof } = await server.evaluateAndProve({
+ *   context: contextV2,    // ← Context V2 dengan attestations
+ *   authorityRule,
+ *   payId: "pay.id/merchant",
+ *   payer: "0xPAYER",
+ *   receiver: "0xRECEIVER",
+ *   asset: USDT_ADDRESS,
+ *   amount: parseUnits("100", 6),
+ *   verifyingContract: PAYID_VERIFIER_ADDRESS,
+ *   ruleAuthority: RULE_AUTHORITY_ADDRESS,
+ * })
+ * ```
+ */
+declare class PayIDServer {
+    private readonly signer;
+    private readonly trustedIssuers?;
+    private readonly debugTrace?;
+    private readonly wasm?;
+    constructor(signer: ethers.Signer, trustedIssuers?: Set<string> | undefined, debugTrace?: boolean | undefined, wasm?: Uint8Array | undefined);
+    evaluateAndProve(params: {
+        context: RuleContext;
+        authorityRule: RuleConfig | RuleSource;
+        evaluationRule?: RuleConfig;
+        payId: string;
+        payer: string;
+        receiver: string;
+        asset: string;
+        amount: bigint;
+        verifyingContract: string;
+        ruleAuthority: string;
+        ttlSeconds?: number;
+        chainId: number;
+        blockTimestamp: number;
+    }): Promise<{
+        result: RuleResult;
+        proof: DecisionProof | null;
+    }>;
+    buildUserOperation(params: {
+        proof: DecisionProof;
+        smartAccount: string;
+        nonce: string;
+        gas: any;
+        targetContract: string;
+        paymasterAndData?: string;
+        attestationUIDs?: string[];
+    }): UserOperation;
+}
+
+/**
+ * Create a PayID policy engine instance backed by a WASM rule evaluator.
+ *
+ * ## Responsibility
+ *
+ * - Holds the WASM binary used for rule execution
+ * - Defines the trust boundary for context attestation verification
+ * - Acts as the primary entry point for PayID rule evaluation
+ *
+ * ## Trust model
+ *
+ * - If `trustedIssuers` is provided, Context V2 attestation
+ *   verification is ENFORCED.
+ * - If `trustedIssuers` is omitted, the engine runs in
+ *   legacy (Context V1) mode without cryptographic verification.
+ *
+ * ## Environment
+ *
+ * This class is safe to instantiate in:
+ * - Browsers
+ * - Mobile apps
+ * - Edge runtimes
+ * - Backend services
+ *
+ * @param wasm
+ *   Compiled PayID WASM rule engine binary.
+ *
+ * @param signer
+ *   Signer account
+ *
+ * @param debugTrace
+ *   Optional flag to enable decision trace generation for debugging.
+ *
+ * @param trustedIssuers
+ *   Optional set of trusted attestation issuer addresses.
+ *
+ *   When provided, Context V2 attestation verification is ENFORCED:
+ *   - Only attestations issued by addresses in this set are accepted.
+ *   - Missing, expired, or invalid attestations cause evaluation to fail.
+ *
+ *   When omitted, the engine runs in legacy (Context V1) mode
+ *   without cryptographic verification.
+ *
+ *   ⚠️ Important:
+ *   - Do NOT pass an empty Set.
+ *     An empty set means "no issuer is trusted" and will
+ *     cause all attestations to be rejected.
+ *
+ *   @example
+ *   ```ts
+ *   const trustedIssuers = new Set([
+ *     TIME_ISSUER,
+ *     STATE_ISSUER,
+ *     ORACLE_ISSUER,
+ *     RISK_ISSUER
+ *   ]);
+ *
+ *   const payid = new PayID(wasmBinary, ethers.Signer,  debugTrace, trustedIssuers);
+ *   ```
+ */
+declare function createPayID(params: {
+    wasm?: Uint8Array;
+    signer: ethers.Signer;
+    debugTrace?: boolean;
+    trustedIssuers?: Set<string>;
+}): PayIDServer;
+
+declare const index_createPayID: typeof createPayID;
+declare namespace index {
+  export { index_createPayID as createPayID };
+}
+
+export { type UserOperation as U, createPayID as c, index as i };

package/dist/index-DerQdZmf.d.ts

@@ -0,0 +1,110 @@
+import * as payid_types from 'payid-types';
+import { RuleConfig, AnyRule } from 'payid-types';
+
+/**
+ * Combine an authoritative rule set with additional ephemeral rules
+ * for off-chain evaluation.
+ *
+ * This helper merges:
+ * - A **default (authoritative) rule set** owned by the receiver
+ * - One or more **ephemeral rule constraints** (e.g. session / QR rules)
+ *
+ * The resulting rule set is intended **ONLY for off-chain evaluation**
+ * and MUST NOT be used as an authoritative rule on-chain.
+ *
+ * ## Security model
+ *
+ * - The default rule set defines sovereignty and ownership.
+ * - Ephemeral rules can only further restrict behavior
+ *   (logical AND composition).
+ * - Ephemeral rules MUST NOT bypass or weaken default rules.
+ *
+ * ## Canonicalization
+ *
+ * - The combined rule set is canonicalized to ensure deterministic
+ *   hashing and evaluation behavior.
+ *
+ * ## Invariants
+ *
+ * - The resulting rule set always uses logical AND semantics.
+ * - Rule order is normalized via canonicalization.
+ *
+ * @param defaultRuleSet
+ *   The authoritative rule configuration (on-chain registered).
+ *
+ * @param sessionRule
+ *   A list of additional rule conditions derived from an ephemeral
+ *   policy (session, QR, intent, etc.).
+ *
+ * @returns
+ *   A canonicalized rule configuration suitable for off-chain
+ *   evaluation.
+ */
+declare function combineRules(defaultRuleSet: RuleConfig, sessionRule: any[]): {
+    version: string;
+    logic: "AND" | "OR";
+    rules: payid_types.AnyRule[];
+};
+
+/**
+ * Canonicalize a rule set into a deterministic, order-independent form.
+ *
+ * Supports all three v4 rule formats:
+ *   - Format A: { id, if, message? }
+ *   - Format B: { id, logic, conditions[], message? }
+ *   - Format C: { id, logic, rules[], message? }
+ */
+declare function canonicalizeRuleSet(ruleSet: {
+    version?: string;
+    logic: "AND" | "OR";
+    rules: any[];
+}): {
+    version: string;
+    logic: "AND" | "OR";
+    rules: AnyRule[];
+};
+
+/**
+ * Compute a deterministic hash of a canonicalized rule set.
+ *
+ * This function produces the `ruleSetHash` used to:
+ * - Reference authoritative rules in on-chain registries
+ * - Bind decision proofs to a specific rule configuration
+ * - Ensure integrity between off-chain evaluation and on-chain verification
+ *
+ * ## Canonicalization requirement
+ *
+ * - The input rule set MUST already be canonicalized using
+ *   `canonicalizeRuleSet`.
+ * - Hashing a non-canonical rule set may result in inconsistent
+ *   hashes for semantically identical rules.
+ *
+ * ## Security model
+ *
+ * - The hash represents the exact structure of the rule set at the
+ *   time of hashing.
+ * - Any mutation (key order, rule order, value change) will produce
+ *   a different hash.
+ *
+ * ## Invariants
+ *
+ * - This function does NOT perform canonicalization.
+ * - This function is pure and deterministic.
+ * - The same canonical rule set will always yield the same hash.
+ *
+ * @param ruleSet
+ *   A canonicalized rule configuration object.
+ *
+ * @returns
+ *   A `bytes32` hex string (keccak256) uniquely identifying the rule set.
+ */
+declare function hashRuleSet(ruleSet: any): string;
+
+declare const index_canonicalizeRuleSet: typeof canonicalizeRuleSet;
+declare const index_combineRules: typeof combineRules;
+declare const index_hashRuleSet: typeof hashRuleSet;
+declare namespace index {
+  export { index_canonicalizeRuleSet as canonicalizeRuleSet, index_combineRules as combineRules, index_hashRuleSet as hashRuleSet };
+}
+
+export { canonicalizeRuleSet as a, combineRules as c, hashRuleSet as h, index as i };