payid 0.4.1 → 0.4.6

package/dist/chunk-5ZEKI5Y2.js

@@ -0,0 +1,18 @@
+import {
+  __require
+} from "./chunk-R5U7XKVJ.js";
+
+// src/utils/randomHex.ts
+function randomHex(bytes) {
+  if (typeof globalThis.crypto !== "undefined" && crypto.getRandomValues) {
+    const arr = new Uint8Array(bytes);
+    crypto.getRandomValues(arr);
+    return "0x" + Array.from(arr, (b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  const { randomBytes } = __require("crypto");
+  return "0x" + randomBytes(bytes).toString("hex");
+}
+
+export {
+  randomHex
+};

package/dist/chunk-6VPSJFO4.js

@@ -0,0 +1,53 @@
+// src/rule/canonicalize.ts
+function canonicalizeRuleSet(ruleSet) {
+  return {
+    version: ruleSet.version ?? "1",
+    logic: ruleSet.logic,
+    rules: ruleSet.rules.map((rule) => canonicalizeRule(rule)).sort((a, b) => a.id.localeCompare(b.id))
+  };
+}
+function canonicalizeRule(rule) {
+  const base = { id: rule.id, ...rule.message ? { message: rule.message } : {} };
+  if ("rules" in rule && Array.isArray(rule.rules)) {
+    return {
+      ...base,
+      logic: rule.logic,
+      rules: rule.rules.map((r) => canonicalizeRule(r)).sort((a, b) => a.id.localeCompare(b.id))
+    };
+  }
+  if ("conditions" in rule && Array.isArray(rule.conditions)) {
+    return {
+      ...base,
+      logic: rule.logic,
+      conditions: rule.conditions.map((c) => canonicalizeObject(c))
+    };
+  }
+  return {
+    ...base,
+    if: canonicalizeObject(rule.if)
+  };
+}
+function canonicalizeObject(obj) {
+  if (obj === void 0) {
+    throw new Error("Undefined value not allowed in canonical object");
+  }
+  if (typeof obj === "function" || typeof obj === "symbol") {
+    throw new Error("Non-JSON value not allowed in canonical object");
+  }
+  if (obj instanceof Date) return obj.toISOString();
+  if (typeof obj === "bigint") return obj.toString();
+  if (Array.isArray(obj)) {
+    return obj.map(canonicalizeObject);
+  }
+  if (typeof obj === "object" && obj !== null) {
+    return Object.keys(obj).sort().reduce((acc, key) => {
+      acc[key] = canonicalizeObject(obj[key]);
+      return acc;
+    }, {});
+  }
+  return obj;
+}
+
+export {
+  canonicalizeRuleSet
+};

package/dist/chunk-7U3P7XJE.js

@@ -0,0 +1,67 @@
+// src/issuer/signAttestation.ts
+import { keccak256, toUtf8Bytes } from "ethers";
+async function signAttestation(issuerWallet, payload, ttlSeconds = 60) {
+  const issuedAt = Math.floor(Date.now() / 1e3);
+  const expiresAt = issuedAt + ttlSeconds;
+  const hash = keccak256(
+    toUtf8Bytes(JSON.stringify(payload))
+  );
+  const signature = await issuerWallet.signMessage(
+    Buffer.from(hash.slice(2), "hex")
+  );
+  return {
+    issuer: issuerWallet.address,
+    issuedAt,
+    expiresAt,
+    signature
+  };
+}
+
+// src/issuer/issueEnvContext.ts
+import "ethers";
+async function issueEnvContext(wallet) {
+  const payload = {
+    timestamp: Math.floor(Date.now() / 1e3)
+  };
+  return {
+    ...payload,
+    proof: await signAttestation(wallet, payload, 30)
+  };
+}
+
+// src/issuer/issueOracleContext.ts
+async function issueOracleContext(wallet, data) {
+  const proof = await signAttestation(wallet, data, 120);
+  return { ...data, proof };
+}
+
+// src/issuer/issueRiskContext.ts
+async function issueRiskContext(wallet, score, category, modelHash) {
+  const payload = { score, category, modelHash };
+  const signAttestationData = await signAttestation(wallet, payload, 120);
+  return {
+    score,
+    category,
+    proof: {
+      ...signAttestationData,
+      modelHash
+    }
+  };
+}
+
+// src/issuer/issueStateContext.ts
+async function issueStateContext(wallet, spentToday, period) {
+  const payload = { spentToday, period };
+  return {
+    ...payload,
+    proof: await signAttestation(wallet, payload, 60)
+  };
+}
+
+export {
+  signAttestation,
+  issueEnvContext,
+  issueOracleContext,
+  issueRiskContext,
+  issueStateContext
+};

package/dist/chunk-ANG3SJGI.js

@@ -0,0 +1,324 @@
+import {
+  randomHex
+} from "./chunk-5ZEKI5Y2.js";
+import {
+  __require
+} from "./chunk-R5U7XKVJ.js";
+
+// src/evaluate.ts
+import { executeRule, preprocessContextV2 } from "payid-rule-engine";
+
+// src/normalize.ts
+function normalizeContext(ctx) {
+  return {
+    ...ctx,
+    tx: {
+      ...ctx.tx,
+      sender: ctx.tx.sender?.toLowerCase(),
+      receiver: ctx.tx.receiver?.toLowerCase(),
+      asset: ctx.tx.asset.toUpperCase()
+    }
+  };
+}
+
+// src/core/dicisionTrace.ts
+function toBigIntSafe(v) {
+  try {
+    if (typeof v === "bigint") return v;
+    if (typeof v === "number" && Number.isFinite(v)) return BigInt(Math.trunc(v));
+    if (typeof v === "string" && v !== "") return BigInt(v);
+    return null;
+  } catch {
+    return null;
+  }
+}
+function resolveField(obj, fieldExpr) {
+  const [path, ...transforms] = fieldExpr.split("|");
+  let value = path?.split(".").reduce((o, k) => o?.[k], obj);
+  for (const t of transforms) {
+    if (value === void 0 || value === null) break;
+    if (t.startsWith("div:")) {
+      const n = Number(t.slice(4));
+      value = Number(value) / n;
+    } else if (t.startsWith("mod:")) {
+      const n = BigInt(t.slice(4));
+      value = BigInt(value) % n;
+    } else if (t === "abs") {
+      value = Math.abs(Number(value));
+    } else if (t === "hour") {
+      value = new Date(Number(value) * 1e3).getUTCHours();
+    } else if (t === "day") {
+      value = new Date(Number(value) * 1e3).getUTCDay();
+    } else if (t === "date") {
+      value = new Date(Number(value) * 1e3).getUTCDate();
+    } else if (t === "month") {
+      value = new Date(Number(value) * 1e3).getUTCMonth() + 1;
+    } else if (t === "len") {
+      value = String(value).length;
+    } else if (t === "lower") {
+      value = String(value).toLowerCase();
+    } else if (t === "upper") {
+      value = String(value).toUpperCase();
+    }
+  }
+  return value;
+}
+function resolveValue(context, value) {
+  if (typeof value === "string" && value.startsWith("$")) {
+    return resolveField(context, value.slice(1));
+  }
+  return value;
+}
+function evaluateCondition(actual, op, expected) {
+  switch (op) {
+    case ">=":
+    case "<=":
+    case ">":
+    case "<": {
+      const a = toBigIntSafe(actual);
+      const b = toBigIntSafe(expected);
+      if (a === null || b === null) return false;
+      if (op === ">=") return a >= b;
+      if (op === "<=") return a <= b;
+      if (op === ">") return a > b;
+      if (op === "<") return a < b;
+      return false;
+    }
+    case "==":
+      return actual == expected;
+    case "!=":
+      return actual != expected;
+    case "in":
+      return Array.isArray(expected) && expected.includes(actual);
+    case "not_in":
+      return Array.isArray(expected) && !expected.includes(actual);
+    case "between":
+      return Array.isArray(expected) && actual >= expected[0] && actual <= expected[1];
+    case "not_between":
+      return Array.isArray(expected) && !(actual >= expected[0] && actual <= expected[1]);
+    case "exists":
+      return actual !== void 0 && actual !== null;
+    case "not_exists":
+      return actual === void 0 || actual === null;
+    default:
+      return false;
+  }
+}
+function traceCondition(context, ruleId, cond) {
+  const actual = resolveField(context, cond.field);
+  const expected = resolveValue(context, cond.value);
+  const pass = evaluateCondition(actual, cond.op, expected);
+  return {
+    ruleId,
+    field: cond.field,
+    op: cond.op,
+    expected: cond.value,
+    actual,
+    result: actual === void 0 ? "FAIL" : pass ? "PASS" : "FAIL"
+  };
+}
+function traceRule(context, rule) {
+  if ("if" in rule) {
+    return [traceCondition(context, rule.id, rule.if)];
+  }
+  if ("conditions" in rule) {
+    return rule.conditions.map((cond) => traceCondition(context, rule.id, cond));
+  }
+  if ("rules" in rule) {
+    return rule.rules.flatMap((child) => traceRule(context, child));
+  }
+  return [];
+}
+function buildDecisionTrace(context, ruleConfig) {
+  return ruleConfig.rules.flatMap((rule) => traceRule(context, rule));
+}
+
+// src/evaluate.ts
+async function evaluate(context, ruleConfig, options, wasmBinary) {
+  if (!context || typeof context !== "object") {
+    throw new Error("evaluate(): context is required");
+  }
+  if (!context.tx) {
+    throw new Error("evaluate(): context.tx is required");
+  }
+  if (!ruleConfig || typeof ruleConfig !== "object") {
+    throw new Error("evaluate(): ruleConfig is required");
+  }
+  let result;
+  try {
+    const preparedContext = options?.trustedIssuers ? preprocessContextV2(
+      context,
+      ruleConfig,
+      options.trustedIssuers
+    ) : context;
+    const normalized = normalizeContext(preparedContext);
+    let wasmForEngine;
+    if (wasmBinary == null) {
+      wasmForEngine = void 0;
+    } else if (typeof Buffer !== "undefined") {
+      wasmForEngine = Buffer.isBuffer(wasmBinary) ? wasmBinary : Buffer.from(wasmBinary);
+    } else {
+      wasmForEngine = wasmBinary;
+    }
+    result = await executeRule(
+      normalized,
+      ruleConfig,
+      wasmForEngine
+    );
+  } catch (err) {
+    return {
+      decision: "REJECT",
+      code: "CONTEXT_OR_ENGINE_ERROR",
+      reason: err?.message ?? "rule evaluation failed"
+    };
+  }
+  if (result.decision !== "ALLOW" && result.decision !== "REJECT") {
+    return {
+      decision: "REJECT",
+      code: "INVALID_ENGINE_OUTPUT",
+      reason: "invalid decision value"
+    };
+  }
+  const baseResult = {
+    decision: result.decision,
+    code: result.code || "UNKNOWN",
+    reason: result.reason
+  };
+  if (options?.debug) {
+    return {
+      ...baseResult,
+      debug: {
+        trace: buildDecisionTrace(context, ruleConfig)
+      }
+    };
+  }
+  return baseResult;
+}
+
+// src/utils/subtle.ts
+var subtleCrypto = globalThis.crypto?.subtle ?? __require("crypto").webcrypto.subtle;
+
+// src/utils/fetchJson.ts
+async function fetchJsonWithHashCheck(url, expectedHash) {
+  const res = await fetch(url);
+  if (!res.ok) {
+    throw new Error("RULE_FETCH_FAILED");
+  }
+  const buffer = await res.arrayBuffer();
+  if (expectedHash) {
+    const digest = await subtleCrypto.digest(
+      "SHA-256",
+      buffer
+    );
+    const actualHash = bufferToHex(digest);
+    if (actualHash !== expectedHash) {
+      throw new Error("RULE_HASH_MISMATCH");
+    }
+  }
+  return JSON.parse(new TextDecoder().decode(buffer));
+}
+function bufferToHex(buffer) {
+  return [...new Uint8Array(buffer)].map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+
+// src/resolver/resolver.ts
+async function resolveRule(source) {
+  const { uri, hash: hash2 } = source;
+  if (uri.startsWith("inline://")) {
+    const encoded = uri.replace("inline://", "");
+    const json = JSON.parse(atob(encoded));
+    return { config: json, source };
+  }
+  if (uri.startsWith("ipfs://")) {
+    const cid = uri.replace("ipfs://", "");
+    const url = `https://ipfs.io/ipfs/${cid}`;
+    const config = await fetchJsonWithHashCheck(url, hash2);
+    return { config, source };
+  }
+  if (uri.startsWith("http://") || uri.startsWith("https://")) {
+    const config = await fetchJsonWithHashCheck(uri, hash2);
+    return { config, source };
+  }
+  throw new Error("UNSUPPORTED_RULE_URI");
+}
+
+// src/decision-proof/hash.ts
+import { keccak256 } from "ethers";
+function stableStringify(obj) {
+  if (Array.isArray(obj)) {
+    return `[${obj.map(stableStringify).join(",")}]`;
+  }
+  if (obj && typeof obj === "object") {
+    return `{${Object.keys(obj).sort().map(
+      (k) => `"${k}":${stableStringify(obj[k])}`
+    ).join(",")}}`;
+  }
+  return JSON.stringify(obj);
+}
+function hashContext(context) {
+  return keccak256(Buffer.from(stableStringify(context)));
+}
+function hashRuleSet(ruleConfig) {
+  return keccak256(Buffer.from(stableStringify(ruleConfig)));
+}
+
+// src/decision-proof/generate.ts
+import { ethers, ZeroAddress } from "ethers";
+var hash = (v) => ethers.keccak256(ethers.toUtf8Bytes(v));
+async function generateDecisionProof(params) {
+  const now = params.blockTimestamp ?? Math.floor(Date.now() / 1e3);
+  const issuedAt = now - 30;
+  const expiresAt = now + (params.ttlSeconds ?? 300);
+  const chainId = params.chainId ?? Number((await params.signer.provider.getNetwork()).chainId);
+  const requiresAttestation = Array.isArray(params.ruleConfig?.requires) && params.ruleConfig.requires.length > 0;
+  const payload = {
+    version: hash("2"),
+    payId: hash(params.payId),
+    payer: params.payer,
+    receiver: params.receiver,
+    asset: params.asset,
+    amount: params.amount,
+    contextHash: hashContext(params.context),
+    ruleSetHash: hashRuleSet(params.ruleConfig),
+    ruleAuthority: params.ruleAuthority ?? ZeroAddress,
+    issuedAt: BigInt(issuedAt),
+    expiresAt: BigInt(expiresAt),
+    nonce: randomHex(32),
+    requiresAttestation
+  };
+  const domain = {
+    name: "PAY.ID Decision",
+    version: "2",
+    chainId,
+    verifyingContract: params.verifyingContract
+  };
+  const types = {
+    Decision: [
+      { name: "version", type: "bytes32" },
+      { name: "payId", type: "bytes32" },
+      { name: "payer", type: "address" },
+      { name: "receiver", type: "address" },
+      { name: "asset", type: "address" },
+      { name: "amount", type: "uint256" },
+      { name: "contextHash", type: "bytes32" },
+      { name: "ruleSetHash", type: "bytes32" },
+      { name: "ruleAuthority", type: "address" },
+      { name: "issuedAt", type: "uint64" },
+      { name: "expiresAt", type: "uint64" },
+      { name: "nonce", type: "bytes32" },
+      { name: "requiresAttestation", type: "bool" }
+    ]
+  };
+  const signature = await params.signer.signTypedData(domain, types, payload);
+  const recovered = ethers.verifyTypedData(domain, types, payload, signature);
+  if (recovered.toLowerCase() !== params.payer.toLowerCase()) {
+    throw new Error("SIGNATURE_MISMATCH");
+  }
+  return { payload, signature };
+}
+
+export {
+  evaluate,
+  resolveRule,
+  generateDecisionProof
+};

package/dist/chunk-AOKLY2QN.js

@@ -0,0 +1,24 @@
+import {
+  issueEnvContext,
+  issueOracleContext,
+  issueRiskContext,
+  issueStateContext,
+  signAttestation
+} from "./chunk-7U3P7XJE.js";
+import {
+  __export
+} from "./chunk-R5U7XKVJ.js";
+
+// src/issuer/index.ts
+var issuer_exports = {};
+__export(issuer_exports, {
+  issueEnvContext: () => issueEnvContext,
+  issueOracleContext: () => issueOracleContext,
+  issueRiskContext: () => issueRiskContext,
+  issueStateContext: () => issueStateContext,
+  signAttestation: () => signAttestation
+});
+
+export {
+  issuer_exports
+};

package/dist/chunk-GB3FSF7K.js

@@ -0,0 +1,84 @@
+import {
+  combineRules
+} from "./chunk-GG34PNTF.js";
+import {
+  decodeSessionPolicy
+} from "./chunk-MXKZJKXE.js";
+import {
+  evaluate,
+  generateDecisionProof,
+  resolveRule
+} from "./chunk-ANG3SJGI.js";
+import {
+  __export
+} from "./chunk-R5U7XKVJ.js";
+
+// src/core/client/index.ts
+var client_exports = {};
+__export(client_exports, {
+  createPayID: () => createPayID
+});
+
+// src/core/client/client.ts
+import "ethers";
+function isRuleSource(rule) {
+  return typeof rule === "object" && rule !== null && "uri" in rule;
+}
+var PayIDClient = class {
+  constructor(debugTrace, wasm) {
+    this.debugTrace = debugTrace;
+    this.wasm = wasm;
+  }
+  async evaluate(context, rule) {
+    const config = isRuleSource(rule) ? (await resolveRule(rule)).config : rule;
+    return evaluate(context, config, { debug: this.debugTrace }, this.wasm);
+  }
+  async evaluateAndProve(params) {
+    const authorityConfig = isRuleSource(params.authorityRule) ? (await resolveRule(params.authorityRule)).config : params.authorityRule;
+    const evalConfig = params.evaluationRule ?? (params.sessionPolicy ? combineRules(
+      authorityConfig,
+      decodeSessionPolicy(
+        params.sessionPolicy,
+        Math.floor(Date.now() / 1e3)
+      ).rules
+    ) : authorityConfig);
+    const result = await evaluate(
+      params.context,
+      evalConfig,
+      { debug: this.debugTrace },
+      this.wasm
+    );
+    if (result.decision !== "ALLOW") {
+      return { result, proof: null };
+    }
+    const proof = await generateDecisionProof({
+      payId: params.payId,
+      payer: params.payer,
+      receiver: params.receiver,
+      asset: params.asset,
+      amount: params.amount,
+      context: params.context,
+      ruleConfig: authorityConfig,
+      signer: params.signer,
+      verifyingContract: params.verifyingContract,
+      ruleAuthority: params.ruleAuthority,
+      chainId: params.chainId ?? params.context?.tx?.chainId,
+      ttlSeconds: params.ttlSeconds,
+      blockTimestamp: params.blockTimestamp
+    });
+    return { result, proof };
+  }
+};
+
+// src/core/client/index.ts
+function createPayID(params) {
+  return new PayIDClient(
+    params.debugTrace ?? false,
+    params.wasm
+  );
+}
+
+export {
+  createPayID,
+  client_exports
+};

package/dist/chunk-GG34PNTF.js

@@ -0,0 +1,19 @@
+import {
+  canonicalizeRuleSet
+} from "./chunk-6VPSJFO4.js";
+
+// src/rule/combine.ts
+function combineRules(defaultRuleSet, sessionRule) {
+  return canonicalizeRuleSet({
+    version: defaultRuleSet.version ?? "1",
+    logic: "AND",
+    rules: [
+      ...defaultRuleSet.rules,
+      ...sessionRule
+    ]
+  });
+}
+
+export {
+  combineRules
+};

package/dist/chunk-ILV7Z3IN.js

@@ -0,0 +1,30 @@
+import {
+  combineRules
+} from "./chunk-GG34PNTF.js";
+import {
+  canonicalizeRuleSet
+} from "./chunk-6VPSJFO4.js";
+import {
+  __export
+} from "./chunk-R5U7XKVJ.js";
+
+// src/rule/index.ts
+var rule_exports = {};
+__export(rule_exports, {
+  canonicalizeRuleSet: () => canonicalizeRuleSet,
+  combineRules: () => combineRules,
+  hashRuleSet: () => hashRuleSet
+});
+
+// src/rule/hash.ts
+import { keccak256, toUtf8Bytes } from "ethers";
+function hashRuleSet(ruleSet) {
+  return keccak256(
+    toUtf8Bytes(JSON.stringify(ruleSet))
+  );
+}
+
+export {
+  hashRuleSet,
+  rule_exports
+};

package/dist/chunk-MXKZJKXE.js

@@ -0,0 +1,33 @@
+// src/sessionPolicy/decode.ts
+import { ethers } from "ethers";
+function decodeSessionPolicy(sessionPolicy, now) {
+  if (sessionPolicy.version !== "payid.session.policy.v1") {
+    throw new Error("INVALID_SESSION_POLICY_VERSION");
+  }
+  if (now > sessionPolicy.expiresAt) {
+    throw new Error("SESSION_POLICY_EXPIRED");
+  }
+  const payload = {
+    version: sessionPolicy.version,
+    receiver: sessionPolicy.receiver,
+    rule: sessionPolicy.rule,
+    issuedAt: sessionPolicy.issuedAt,
+    expiresAt: sessionPolicy.expiresAt,
+    nonce: sessionPolicy.nonce
+  };
+  const message = ethers.keccak256(
+    ethers.toUtf8Bytes(JSON.stringify(payload))
+  );
+  const recovered = ethers.verifyMessage(
+    message,
+    sessionPolicy.signature
+  );
+  if (recovered.toLowerCase() !== sessionPolicy.receiver.toLowerCase()) {
+    throw new Error("INVALID_SESSION_POLICY_SIGNATURE");
+  }
+  return sessionPolicy.rule;
+}
+
+export {
+  decodeSessionPolicy
+};

package/dist/chunk-R5U7XKVJ.js

@@ -0,0 +1,16 @@
+var __defProp = Object.defineProperty;
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+
+export {
+  __require,
+  __export
+};