npm - payid - Versions diffs - 0.5.9 → 1.0.0 - Mend

payid 0.5.9 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

package/dist/chunk-AUW7WDAB.js +198 -0
package/dist/{chunk-SSO66YQI.js → chunk-E6VQETBC.js} +13 -0
package/dist/{chunk-AYJYFAXJ.js → chunk-ESTGPUEQ.js} +24 -21
package/dist/{chunk-ROBSNIIZ.js → chunk-EZ3BGZ7G.js} +25 -16
package/dist/chunk-FZNMDGVK.js +24 -0
package/dist/chunk-HKHRYRD6.js +752 -0
package/dist/chunk-X7NYQ47Y.js +27 -0
package/dist/chunk-XMUHMJRD.js +30 -0
package/dist/context/index.d.ts +3 -2
package/dist/context.v1-C1m-tz0o.d.ts +39 -0
package/dist/context.v2-DIzPotmW.d.ts +37 -0
package/dist/core/client/index.d.ts +5 -4
package/dist/core/client/index.js +9 -5
package/dist/core/server/index.d.ts +4 -3
package/dist/core/server/index.js +7 -4
package/dist/{index-2JCvey4-.d.ts → index-CDnE3SGM.d.ts} +18 -3
package/dist/index-CsynGAGv.d.ts +53 -0
package/dist/{index-Dj9IEios.d.ts → index-CubM9whW.d.ts} +4 -17
package/dist/{index-C1DHMQA0.d.ts → index-DSxDlF9J.d.ts} +45 -68
package/dist/{index-BEvnPzzt.d.ts → index-Dm2VdDEB.d.ts} +2 -1
package/dist/index-G_1SiZJo.d.ts +104 -0
package/dist/index.d.ts +407 -72
package/dist/index.js +582 -77
package/dist/issuer/index.d.ts +3 -2
package/dist/issuer/index.js +4 -1
package/dist/rule/index.d.ts +2 -2
package/dist/rule/index.js +4 -3
package/dist/rule-a_5ed-93.d.ts +39 -0
package/dist/sessionPolicy/index.d.ts +3 -3
package/dist/sessionPolicy/index.js +17 -6
package/dist/types-D2o6XS7a.d.ts +66 -0
package/dist/types-i4eTkhWa.d.ts +50 -0
package/package.json +22 -9
package/src/rule/engine/rule_engine.wasm +0 -0
package/dist/chunk-IQNCMOIE.js +0 -47
package/dist/chunk-MXKZJKXE.js +0 -33
package/dist/chunk-PAJYP7JI.js +0 -308
package/dist/chunk-QC24X74O.js +0 -41
package/dist/index-BPJ_oOfy.d.ts +0 -81
package/dist/index-BQQnMG2H.d.ts +0 -114
package/dist/types-B8pJQdMQ.d.ts +0 -26
package/dist/types-BmMf7udp.d.ts +0 -13

package/dist/chunk-AUW7WDAB.js ADDED Viewed

@@ -0,0 +1,198 @@
+import {
+  randomHex
+} from "./chunk-KDC67LIN.js";
+// src/sessionPolicy/create.ts
+import { ethers } from "ethers";
+async function createSessionPolicyPayload(_params) {
+  throw new Error(
+    "SESSION_POLICY_V1_DISABLED: V1 policies have no chainId binding and are vulnerable to cross-chain replay. Use createSessionPolicyV2() instead."
+  );
+}
+var SESSION_POLICY_V2_DOMAIN_NAME = "PAY.ID SessionPolicy";
+var SESSION_POLICY_V2_DOMAIN_VERSION = "1";
+var SESSION_POLICY_V2_TYPES = {
+  SessionPolicy: [
+    { name: "receiver", type: "address" },
+    { name: "ruleSetHash", type: "bytes32" },
+    { name: "ruleAuthority", type: "address" },
+    { name: "allowedAsset", type: "address" },
+    { name: "maxAmount", type: "uint256" },
+    { name: "expiresAt", type: "uint64" },
+    { name: "policyNonce", type: "bytes32" },
+    { name: "payId", type: "bytes32" }
+  ]
+};
+function buildSessionPolicyV2Domain(chainId, verifyingContract) {
+  return {
+    name: SESSION_POLICY_V2_DOMAIN_NAME,
+    version: SESSION_POLICY_V2_DOMAIN_VERSION,
+    chainId,
+    verifyingContract
+  };
+}
+async function createSessionPolicyV2(params) {
+  const {
+    receiver,
+    ruleSetHash,
+    ruleAuthority,
+    allowedAsset,
+    maxAmount,
+    expiresAt,
+    payId,
+    chainId,
+    verifyingContract,
+    signer
+  } = params;
+  const MIN_TTL_SECONDS = 60;
+  const MAX_TTL_SECONDS = 30 * 24 * 3600;
+  if (!ethers.isAddress(receiver)) {
+    throw new Error(`SESSION_POLICY_V2: receiver address tidak valid: ${receiver}`);
+  }
+  if (maxAmount <= 0n) {
+    throw new Error("SESSION_POLICY_V2: maxAmount harus > 0");
+  }
+  const now = Math.floor(Date.now() / 1e3);
+  if (expiresAt <= now + MIN_TTL_SECONDS) {
+    throw new Error(`SESSION_POLICY_V2: expiresAt terlalu dekat \u2014 minimum ${MIN_TTL_SECONDS}s dari sekarang`);
+  }
+  if (expiresAt > now + MAX_TTL_SECONDS) {
+    throw new Error(`SESSION_POLICY_V2: expiresAt terlalu jauh \u2014 maksimum ${MAX_TTL_SECONDS / 86400} hari`);
+  }
+  const policyNonce = randomHex(32);
+  const payIdBytes32 = ethers.keccak256(ethers.toUtf8Bytes(payId));
+  const domain = buildSessionPolicyV2Domain(chainId, verifyingContract);
+  const value = {
+    receiver,
+    ruleSetHash,
+    ruleAuthority,
+    allowedAsset,
+    maxAmount,
+    expiresAt,
+    policyNonce,
+    payId: payIdBytes32
+  };
+  const signature = await signer.signTypedData(
+    domain,
+    SESSION_POLICY_V2_TYPES,
+    value
+  );
+  const recovered = ethers.verifyTypedData(domain, SESSION_POLICY_V2_TYPES, value, signature);
+  if (recovered.toLowerCase() !== receiver.toLowerCase()) {
+    throw new Error("SESSION_POLICY_V2: self-verification gagal");
+  }
+  return {
+    version: "payid.session.policy.v2",
+    receiver,
+    ruleSetHash,
+    ruleAuthority,
+    allowedAsset,
+    maxAmount: maxAmount.toString(),
+    expiresAt,
+    policyNonce,
+    payId,
+    chainId,
+    verifyingContract,
+    signature
+  };
+}
+// src/sessionPolicy/decode.ts
+import { ethers as ethers2 } from "ethers";
+function decodeSessionPolicy(sessionPolicy, now) {
+  if (sessionPolicy.version !== "payid.session.policy.v1") {
+    throw new Error("INVALID_SESSION_POLICY_VERSION");
+  }
+  if (now > sessionPolicy.expiresAt) {
+    throw new Error("SESSION_POLICY_EXPIRED");
+  }
+  const payload = {
+    version: sessionPolicy.version,
+    receiver: sessionPolicy.receiver,
+    rule: sessionPolicy.rule,
+    issuedAt: sessionPolicy.issuedAt,
+    expiresAt: sessionPolicy.expiresAt,
+    nonce: sessionPolicy.nonce
+  };
+  const message = ethers2.keccak256(ethers2.toUtf8Bytes(JSON.stringify(payload)));
+  const recovered = ethers2.verifyMessage(message, sessionPolicy.signature);
+  if (recovered.toLowerCase() !== sessionPolicy.receiver.toLowerCase()) {
+    throw new Error("INVALID_SESSION_POLICY_SIGNATURE");
+  }
+  return sessionPolicy.rule;
+}
+function decodeSessionPolicyV2(policy, blockTimestamp) {
+  if (policy.version !== "payid.session.policy.v2") {
+    throw new Error("INVALID_SESSION_POLICY_V2_VERSION");
+  }
+  if (blockTimestamp >= policy.expiresAt) {
+    throw new Error("SESSION_POLICY_V2_EXPIRED");
+  }
+  const payIdBytes32 = ethers2.keccak256(ethers2.toUtf8Bytes(policy.payId));
+  const domain = buildSessionPolicyV2Domain(policy.chainId, policy.verifyingContract);
+  const value = {
+    receiver: policy.receiver,
+    ruleSetHash: policy.ruleSetHash,
+    ruleAuthority: policy.ruleAuthority,
+    allowedAsset: policy.allowedAsset,
+    maxAmount: BigInt(policy.maxAmount),
+    expiresAt: policy.expiresAt,
+    policyNonce: policy.policyNonce,
+    payId: payIdBytes32
+  };
+  const recovered = ethers2.verifyTypedData(domain, SESSION_POLICY_V2_TYPES, value, policy.signature);
+  if (recovered.toLowerCase() !== policy.receiver.toLowerCase()) {
+    throw new Error("INVALID_SESSION_POLICY_V2_SIGNATURE");
+  }
+  return policy;
+}
+function encodeSessionPolicyV2QR(policy) {
+  const encoded = Buffer.from(JSON.stringify(policy), "utf-8").toString("base64url");
+  return `payid-v2:${encoded}`;
+}
+function decodeSessionPolicyV2QR(qrString) {
+  const PREFIX = "payid-v2:";
+  if (!qrString.startsWith(PREFIX)) {
+    throw new Error(
+      `QR_FORMAT_UNKNOWN: harus diawali "${PREFIX}". Got: ${qrString.slice(0, 20)}...`
+    );
+  }
+  let policy;
+  try {
+    const json = Buffer.from(qrString.slice(PREFIX.length), "base64url").toString("utf-8");
+    policy = JSON.parse(json);
+  } catch {
+    throw new Error("QR_CORRUPT: tidak bisa di-decode");
+  }
+  const required = [
+    "version",
+    "receiver",
+    "ruleSetHash",
+    "ruleAuthority",
+    "allowedAsset",
+    "maxAmount",
+    "expiresAt",
+    "policyNonce",
+    "payId",
+    "chainId",
+    "verifyingContract",
+    "signature"
+  ];
+  for (const f of required) {
+    if (policy[f] == null) {
+      throw new Error(`SESSION_POLICY_V2_INVALID: field "${f}" tidak ada`);
+    }
+  }
+  return policy;
+}
+export {
+  createSessionPolicyPayload,
+  SESSION_POLICY_V2_TYPES,
+  buildSessionPolicyV2Domain,
+  createSessionPolicyV2,
+  decodeSessionPolicy,
+  decodeSessionPolicyV2,
+  encodeSessionPolicyV2QR,
+  decodeSessionPolicyV2QR
+};

package/dist/{chunk-SSO66YQI.js → chunk-E6VQETBC.js} RENAMED Viewed

@@ -16,9 +16,22 @@ __export(issuer_exports, {
   issueOracleContext: () => issueOracleContext,
   issueRiskContext: () => issueRiskContext,
   issueStateContext: () => issueStateContext,
+  issueTokenPriceContext: () => issueTokenPriceContext,
   signAttestation: () => signAttestation
 });
+// src/issuer/issueTokenPriceContext.ts
+async function issueTokenPriceContext(wallet, tokenPrice, tokenAmount, tokenDecimals) {
+  const amountUsd = tokenAmount * tokenPrice / 10n ** BigInt(tokenDecimals + 8);
+  const proof = await signAttestation(
+    wallet,
+    { amountUsd: amountUsd.toString() },
+    120
+  );
+  return { amountUsd: amountUsd.toString(), proof };
+}
 export {
+  issueTokenPriceContext,
   issuer_exports
 };

package/dist/{chunk-AYJYFAXJ.js → chunk-ESTGPUEQ.js} RENAMED Viewed

@@ -2,7 +2,7 @@ import {
   evaluate,
   generateDecisionProof,
   resolveRule
-} from "./chunk-PAJYP7JI.js";
+} from "./chunk-HKHRYRD6.js";
 import {
   __export
 } from "./chunk-MLKGABMK.js";
@@ -10,20 +10,20 @@ import {
 // src/core/server/index.ts
 var server_exports = {};
 __export(server_exports, {
-  createPayID: () => createPayID
+  PayIDServer: () => PayIDServer,
+  createPayIDServer: () => createPayIDServer
 });
 // src/erc4337/build.ts
 import { ethers } from "ethers";
+var DECISION_TUPLE = "bytes32 version,bytes32 payId,address payer,address receiver,address asset,uint256 amount,bytes32 contextHash,bytes32 ruleSetHash,address ruleAuthority,uint64 issuedAt,uint64 expiresAt,bytes32 nonce,bool requiresAttestation,bytes32 attestationUIDsHash";
 var PAY_WITH_PAYID_ABI = [
-  // ETH payment — attestationUIDs adalah EAS UIDs, pass [] jika tidak perlu
-  "function payETH((bytes32 version, bytes32 payId, address payer, address receiver, address asset, uint256 amount, bytes32 contextHash, bytes32 ruleSetHash, address ruleAuthority, uint64 issuedAt, uint64 expiresAt, bytes32 nonce, bool requiresAttestation) d, bytes sig, bytes32[] attestationUIDs) payable",
-  // ERC20 payment
-  "function payERC20((bytes32 version, bytes32 payId, address payer, address receiver, address asset, uint256 amount, bytes32 contextHash, bytes32 ruleSetHash, address ruleAuthority, uint64 issuedAt, uint64 expiresAt, bytes32 nonce, bool requiresAttestation) d, bytes sig, bytes32[] attestationUIDs)"
+  `function payNative((${DECISION_TUPLE}) d, bytes sig, bytes32[] attestationUIDs) payable`,
+  `function payERC20((${DECISION_TUPLE}) d, bytes sig, bytes32[] attestationUIDs)`
 ];
-function buildPayETHCallData(contractAddress, proof, attestationUIDs = []) {
+function buildPayNativeCallData(contractAddress, proof, attestationUIDs = []) {
   const iface = new ethers.Interface(PAY_WITH_PAYID_ABI);
-  return iface.encodeFunctionData("payETH", [
+  return iface.encodeFunctionData("payNative", [
     proof.payload,
     proof.signature,
     attestationUIDs
@@ -61,14 +61,22 @@ function isRuleSource(rule) {
   return typeof rule === "object" && rule !== null && "uri" in rule;
 }
 var PayIDServer = class {
-  constructor(signer, trustedIssuers, debugTrace, wasm) {
+  constructor(signer, trustedIssuers, debugTrace, wasm, storage, resolverOptions) {
     this.signer = signer;
     this.trustedIssuers = trustedIssuers;
     this.debugTrace = debugTrace;
     this.wasm = wasm;
+    this.storage = storage;
+    this.resolverOptions = resolverOptions;
   }
+  signer;
+  trustedIssuers;
+  debugTrace;
+  wasm;
+  storage;
+  resolverOptions;
   async evaluateAndProve(params) {
-    const authorityConfig = isRuleSource(params.authorityRule) ? (await resolveRule(params.authorityRule)).config : params.authorityRule;
+    const authorityConfig = isRuleSource(params.authorityRule) ? (await resolveRule(params.authorityRule, this.resolverOptions)).config : params.authorityRule;
     const evalConfig = params.evaluationRule ?? authorityConfig;
     const result = await evaluate(
       params.context,
@@ -100,11 +108,8 @@ var PayIDServer = class {
     return { result, proof };
   }
   buildUserOperation(params) {
-    const callData = buildPayERC20CallData(
-      params.targetContract,
-      params.proof,
-      params.attestationUIDs ?? []
-    );
+    const isETH = params.paymentType === "eth";
+    const callData = isETH ? buildPayNativeCallData(params.targetContract, params.proof, params.attestationUIDs ?? []) : buildPayERC20CallData(params.targetContract, params.proof, params.attestationUIDs ?? []);
     return buildUserOperation({
       sender: params.smartAccount,
       nonce: params.nonce,
@@ -116,19 +121,17 @@ var PayIDServer = class {
 };
 // src/core/server/index.ts
-function createPayID(params) {
+function createPayIDServer(params) {
   return new PayIDServer(
     params.signer,
     params.trustedIssuers,
-    params.debugTrace ?? false,
+    params.debugTrace,
     params.wasm
   );
 }
 export {
-  buildPayETHCallData,
-  buildPayERC20CallData,
-  buildUserOperation,
-  createPayID,
+  PayIDServer,
+  createPayIDServer,
   server_exports
 };

package/dist/{chunk-ROBSNIIZ.js → chunk-EZ3BGZ7G.js} RENAMED Viewed

@@ -2,13 +2,15 @@ import {
   combineRules
 } from "./chunk-GG34PNTF.js";
 import {
-  decodeSessionPolicy
-} from "./chunk-MXKZJKXE.js";
+  decodeSessionPolicy,
+  decodeSessionPolicyV2
+} from "./chunk-AUW7WDAB.js";
 import {
   evaluate,
   generateDecisionProof,
+  loadWasm,
   resolveRule
-} from "./chunk-PAJYP7JI.js";
+} from "./chunk-HKHRYRD6.js";
 import {
   __export
 } from "./chunk-MLKGABMK.js";
@@ -16,34 +18,42 @@ import {
 // src/core/client/index.ts
 var client_exports = {};
 __export(client_exports, {
-  createPayID: () => createPayID
+  PayIDClient: () => PayIDClient,
+  createPayID: () => createPayIDClient,
+  createPayIDClient: () => createPayIDClient
 });
 // src/core/client/client.ts
-import { loadWasm } from "payid-rule-engine";
 import "ethers";
 function isRuleSource(rule) {
   return typeof rule === "object" && rule !== null && "uri" in rule;
 }
 var PayIDClient = class {
-  constructor(debugTrace, wasm) {
+  constructor(debugTrace, wasm, resolverOptions) {
     this.debugTrace = debugTrace;
     this.wasm = wasm;
+    this.resolverOptions = resolverOptions;
     this._ready = loadWasm(this.wasm).then(() => {
     }).catch(() => {
     });
   }
+  debugTrace;
+  wasm;
+  resolverOptions;
   _ready;
   async ready() {
     return this._ready;
   }
   async evaluate(context, rule) {
-    const config = isRuleSource(rule) ? (await resolveRule(rule)).config : rule;
+    const config = isRuleSource(rule) ? (await resolveRule(rule, this.resolverOptions)).config : rule;
     return evaluate(context, config, { debug: this.debugTrace }, this.wasm);
   }
   async evaluateAndProve(params) {
-    const authorityConfig = isRuleSource(params.authorityRule) ? (await resolveRule(params.authorityRule)).config : params.authorityRule;
-    const evalConfig = params.evaluationRule ?? (params.sessionPolicy ? combineRules(
+    const authorityConfig = isRuleSource(params.authorityRule) ? (await resolveRule(params.authorityRule, this.resolverOptions)).config : params.authorityRule;
+    const evalConfig = params.evaluationRule ?? (params.sessionPolicyV2 ? (() => {
+      decodeSessionPolicyV2(params.sessionPolicyV2, params.blockTimestamp);
+      return authorityConfig;
+    })() : params.sessionPolicy ? combineRules(
       authorityConfig,
       decodeSessionPolicy(
         params.sessionPolicy,
@@ -73,21 +83,20 @@ var PayIDClient = class {
       ruleAuthority: params.ruleAuthority,
       chainId: params.chainId ?? params.context?.tx?.chainId,
       ttlSeconds: params.ttlSeconds,
-      blockTimestamp: params.blockTimestamp
+      blockTimestamp: params.blockTimestamp,
+      attestationUIDs: params.attestationUIDs
     });
     return { result, proof };
   }
 };
 // src/core/client/index.ts
-function createPayID(params) {
-  return new PayIDClient(
-    params.debugTrace ?? false,
-    params.wasm
-  );
+function createPayIDClient(params) {
+  return new PayIDClient(params?.debugTrace, params?.wasm);
 }
 export {
-  createPayID,
+  PayIDClient,
+  createPayIDClient,
   client_exports
 };

package/dist/chunk-FZNMDGVK.js ADDED Viewed

@@ -0,0 +1,24 @@
+import {
+  combineRules
+} from "./chunk-GG34PNTF.js";
+import {
+  canonicalizeRuleSet
+} from "./chunk-6VPSJFO4.js";
+import {
+  hashRuleSet
+} from "./chunk-X7NYQ47Y.js";
+import {
+  __export
+} from "./chunk-MLKGABMK.js";
+// src/rule/index.ts
+var rule_exports = {};
+__export(rule_exports, {
+  canonicalizeRuleSet: () => canonicalizeRuleSet,
+  combineRules: () => combineRules,
+  hashRuleSet: () => hashRuleSet
+});
+export {
+  rule_exports
+};