payid 0.5.9 → 1.0.0

package/dist/chunk-PAJYP7JI.js

@@ -1,308 +0,0 @@
-import {
-  randomHex
-} from "./chunk-KDC67LIN.js";
-
-// src/evaluate.ts
-import { executeRule, preprocessContextV2 } from "payid-rule-engine";
-
-// src/normalize.ts
-function normalizeContext(ctx) {
-  return {
-    ...ctx,
-    tx: {
-      ...ctx.tx,
-      sender: ctx.tx.sender?.toLowerCase(),
-      receiver: ctx.tx.receiver?.toLowerCase(),
-      asset: ctx.tx.asset.toUpperCase()
-    }
-  };
-}
-
-// src/core/dicisionTrace.ts
-function toBigIntSafe(v) {
-  try {
-    if (typeof v === "bigint") return v;
-    if (typeof v === "number" && Number.isFinite(v)) return BigInt(Math.trunc(v));
-    if (typeof v === "string" && v !== "") return BigInt(v);
-    return null;
-  } catch {
-    return null;
-  }
-}
-function resolveField(obj, fieldExpr) {
-  const [path, ...transforms] = fieldExpr.split("|");
-  let value = path?.split(".").reduce((o, k) => o?.[k], obj);
-  for (const t of transforms) {
-    if (value === void 0 || value === null) break;
-    if (t.startsWith("div:")) {
-      const n = Number(t.slice(4));
-      value = Number(value) / n;
-    } else if (t.startsWith("mod:")) {
-      const n = BigInt(t.slice(4));
-      value = BigInt(value) % n;
-    } else if (t === "abs") {
-      value = Math.abs(Number(value));
-    } else if (t === "hour") {
-      value = new Date(Number(value) * 1e3).getUTCHours();
-    } else if (t === "day") {
-      value = new Date(Number(value) * 1e3).getUTCDay();
-    } else if (t === "date") {
-      value = new Date(Number(value) * 1e3).getUTCDate();
-    } else if (t === "month") {
-      value = new Date(Number(value) * 1e3).getUTCMonth() + 1;
-    } else if (t === "len") {
-      value = String(value).length;
-    } else if (t === "lower") {
-      value = String(value).toLowerCase();
-    } else if (t === "upper") {
-      value = String(value).toUpperCase();
-    }
-  }
-  return value;
-}
-function resolveValue(context, value) {
-  if (typeof value === "string" && value.startsWith("$")) {
-    return resolveField(context, value.slice(1));
-  }
-  return value;
-}
-function evaluateCondition(actual, op, expected) {
-  switch (op) {
-    case ">=":
-    case "<=":
-    case ">":
-    case "<": {
-      const a = toBigIntSafe(actual);
-      const b = toBigIntSafe(expected);
-      if (a === null || b === null) return false;
-      if (op === ">=") return a >= b;
-      if (op === "<=") return a <= b;
-      if (op === ">") return a > b;
-      if (op === "<") return a < b;
-      return false;
-    }
-    case "==":
-      return actual == expected;
-    case "!=":
-      return actual != expected;
-    case "in":
-      return Array.isArray(expected) && expected.includes(actual);
-    case "not_in":
-      return Array.isArray(expected) && !expected.includes(actual);
-    case "between":
-      return Array.isArray(expected) && actual >= expected[0] && actual <= expected[1];
-    case "not_between":
-      return Array.isArray(expected) && !(actual >= expected[0] && actual <= expected[1]);
-    case "exists":
-      return actual !== void 0 && actual !== null;
-    case "not_exists":
-      return actual === void 0 || actual === null;
-    default:
-      return false;
-  }
-}
-function traceCondition(context, ruleId, cond) {
-  const actual = resolveField(context, cond.field);
-  const expected = resolveValue(context, cond.value);
-  const pass = evaluateCondition(actual, cond.op, expected);
-  return {
-    ruleId,
-    field: cond.field,
-    op: cond.op,
-    expected: cond.value,
-    actual,
-    result: actual === void 0 ? "FAIL" : pass ? "PASS" : "FAIL"
-  };
-}
-function traceRule(context, rule) {
-  if ("if" in rule) {
-    return [traceCondition(context, rule.id, rule.if)];
-  }
-  if ("conditions" in rule) {
-    return rule.conditions.map((cond) => traceCondition(context, rule.id, cond));
-  }
-  if ("rules" in rule) {
-    return rule.rules.flatMap((child) => traceRule(context, child));
-  }
-  return [];
-}
-function buildDecisionTrace(context, ruleConfig) {
-  return ruleConfig.rules.flatMap((rule) => traceRule(context, rule));
-}
-
-// src/evaluate.ts
-async function evaluate(context, ruleConfig, options, wasmBinary) {
-  if (!context || typeof context !== "object") {
-    throw new Error("evaluate(): context is required");
-  }
-  if (!context.tx) {
-    throw new Error("evaluate(): context.tx is required");
-  }
-  if (!ruleConfig || typeof ruleConfig !== "object") {
-    throw new Error("evaluate(): ruleConfig is required");
-  }
-  let result;
-  try {
-    const preparedContext = options?.trustedIssuers ? preprocessContextV2(context, ruleConfig, options.trustedIssuers) : context;
-    const normalized = normalizeContext(preparedContext);
-    result = await executeRule(normalized, ruleConfig, wasmBinary);
-  } catch (err) {
-    return {
-      decision: "REJECT",
-      code: "CONTEXT_OR_ENGINE_ERROR",
-      reason: err?.message ?? "rule evaluation failed"
-    };
-  }
-  if (result.decision !== "ALLOW" && result.decision !== "REJECT") {
-    return {
-      decision: "REJECT",
-      code: "INVALID_ENGINE_OUTPUT",
-      reason: "invalid decision value"
-    };
-  }
-  const baseResult = {
-    decision: result.decision,
-    code: result.code || "UNKNOWN",
-    reason: result.reason
-  };
-  if (options?.debug) {
-    return {
-      ...baseResult,
-      debug: {
-        trace: buildDecisionTrace(context, ruleConfig)
-      }
-    };
-  }
-  return baseResult;
-}
-
-// src/utils/subtle.ts
-var subtleCrypto = globalThis.crypto.subtle;
-
-// src/utils/fetchJson.ts
-async function fetchJsonWithHashCheck(url, expectedHash) {
-  const res = await fetch(url);
-  if (!res.ok) {
-    throw new Error("RULE_FETCH_FAILED");
-  }
-  const buffer = await res.arrayBuffer();
-  if (expectedHash) {
-    const digest = await subtleCrypto.digest(
-      "SHA-256",
-      buffer
-    );
-    const actualHash = bufferToHex(digest);
-    if (actualHash !== expectedHash) {
-      throw new Error("RULE_HASH_MISMATCH");
-    }
-  }
-  return JSON.parse(new TextDecoder().decode(buffer));
-}
-function bufferToHex(buffer) {
-  return [...new Uint8Array(buffer)].map((b) => b.toString(16).padStart(2, "0")).join("");
-}
-
-// src/resolver/resolver.ts
-async function resolveRule(source) {
-  const { uri, hash: hash2 } = source;
-  if (uri.startsWith("inline://")) {
-    const encoded = uri.replace("inline://", "");
-    const json = JSON.parse(atob(encoded));
-    return { config: json, source };
-  }
-  if (uri.startsWith("ipfs://")) {
-    const cid = uri.replace("ipfs://", "");
-    const url = `https://ipfs.io/ipfs/${cid}`;
-    const config = await fetchJsonWithHashCheck(url, hash2);
-    return { config, source };
-  }
-  if (uri.startsWith("http://") || uri.startsWith("https://")) {
-    const config = await fetchJsonWithHashCheck(uri, hash2);
-    return { config, source };
-  }
-  throw new Error("UNSUPPORTED_RULE_URI");
-}
-
-// src/decision-proof/hash.ts
-import { keccak256 } from "ethers";
-function stableStringify(obj) {
-  if (Array.isArray(obj)) {
-    return `[${obj.map(stableStringify).join(",")}]`;
-  }
-  if (obj && typeof obj === "object") {
-    return `{${Object.keys(obj).sort().map(
-      (k) => `"${k}":${stableStringify(obj[k])}`
-    ).join(",")}}`;
-  }
-  return JSON.stringify(obj);
-}
-function toUtf8Bytes(str) {
-  return new TextEncoder().encode(str);
-}
-function hashContext(context) {
-  return keccak256(toUtf8Bytes(stableStringify(context)));
-}
-function hashRuleSet(ruleConfig) {
-  return keccak256(toUtf8Bytes(stableStringify(ruleConfig)));
-}
-
-// src/decision-proof/generate.ts
-import { ethers, ZeroAddress } from "ethers";
-var hash = (v) => ethers.keccak256(ethers.toUtf8Bytes(v));
-async function generateDecisionProof(params) {
-  const now = params.blockTimestamp ?? Math.floor(Date.now() / 1e3);
-  const issuedAt = now - 30;
-  const expiresAt = now + (params.ttlSeconds ?? 300);
-  const chainId = params.chainId ?? Number((await params.signer.provider.getNetwork()).chainId);
-  const requiresAttestation = Array.isArray(params.ruleConfig?.requires) && params.ruleConfig.requires.length > 0;
-  const payload = {
-    version: hash("2"),
-    payId: hash(params.payId),
-    payer: params.payer,
-    receiver: params.receiver,
-    asset: params.asset,
-    amount: params.amount,
-    contextHash: hashContext(params.context),
-    ruleSetHash: params.ruleSetHashOverride ?? hashRuleSet(params.ruleConfig),
-    ruleAuthority: params.ruleAuthority ?? ZeroAddress,
-    issuedAt: BigInt(issuedAt),
-    expiresAt: BigInt(expiresAt),
-    nonce: randomHex(32),
-    requiresAttestation
-  };
-  const domain = {
-    name: "PAY.ID Decision",
-    version: "2",
-    chainId,
-    verifyingContract: params.verifyingContract
-  };
-  const types = {
-    Decision: [
-      { name: "version", type: "bytes32" },
-      { name: "payId", type: "bytes32" },
-      { name: "payer", type: "address" },
-      { name: "receiver", type: "address" },
-      { name: "asset", type: "address" },
-      { name: "amount", type: "uint256" },
-      { name: "contextHash", type: "bytes32" },
-      { name: "ruleSetHash", type: "bytes32" },
-      { name: "ruleAuthority", type: "address" },
-      { name: "issuedAt", type: "uint64" },
-      { name: "expiresAt", type: "uint64" },
-      { name: "nonce", type: "bytes32" },
-      { name: "requiresAttestation", type: "bool" }
-    ]
-  };
-  const signature = await params.signer.signTypedData(domain, types, payload);
-  const recovered = ethers.verifyTypedData(domain, types, payload, signature);
-  if (recovered.toLowerCase() !== params.payer.toLowerCase()) {
-    throw new Error("SIGNATURE_MISMATCH");
-  }
-  return { payload, signature };
-}
-
-export {
-  evaluate,
-  resolveRule,
-  generateDecisionProof
-};

package/dist/chunk-QC24X74O.js

@@ -1,41 +0,0 @@
-import {
-  combineRules
-} from "./chunk-GG34PNTF.js";
-import {
-  canonicalizeRuleSet
-} from "./chunk-6VPSJFO4.js";
-import {
-  __export
-} from "./chunk-MLKGABMK.js";
-
-// src/rule/index.ts
-var rule_exports = {};
-__export(rule_exports, {
-  canonicalizeRuleSet: () => canonicalizeRuleSet,
-  combineRules: () => combineRules,
-  hashRuleSet: () => hashRuleSet
-});
-
-// src/rule/hash.ts
-import { keccak256, toUtf8Bytes } from "ethers";
-function stableStringify(obj) {
-  if (Array.isArray(obj)) {
-    return `[${obj.map(stableStringify).join(",")}]`;
-  }
-  if (obj && typeof obj === "object") {
-    return `{${Object.keys(obj).sort().map(
-      (k) => `"${k}":${stableStringify(obj[k])}`
-    ).join(",")}}`;
-  }
-  return JSON.stringify(obj);
-}
-function hashRuleSet(ruleSet) {
-  return keccak256(
-    toUtf8Bytes(stableStringify(ruleSet))
-  );
-}
-
-export {
-  hashRuleSet,
-  rule_exports
-};

package/dist/index-BPJ_oOfy.d.ts

@@ -1,81 +0,0 @@
-import { RuleContext, RuleConfig, RuleResult } from 'payid-types';
-import { ethers } from 'ethers';
-import { R as RuleSource, D as DecisionProof } from './types-B8pJQdMQ.js';
-import { P as PayIDSessionPolicyPayloadV1 } from './types-BmMf7udp.js';
-
-declare class PayIDClient {
-    private readonly debugTrace?;
-    private readonly wasm?;
-    private readonly _ready;
-    constructor(debugTrace?: boolean | undefined, wasm?: Uint8Array | undefined);
-    ready(): Promise<void>;
-    evaluate(context: RuleContext, rule: RuleConfig | RuleSource): Promise<RuleResult>;
-    evaluateAndProve(params: {
-        context: RuleContext;
-        authorityRule: RuleConfig | RuleSource;
-        evaluationRule?: RuleConfig;
-        sessionPolicy?: PayIDSessionPolicyPayloadV1;
-        payId: string;
-        payer: string;
-        receiver: string;
-        asset: string;
-        amount: bigint;
-        signer: ethers.Signer;
-        verifyingContract: string;
-        ruleAuthority: string;
-        ruleSetHashOverride?: string;
-        ttlSeconds?: number;
-        chainId: number;
-        blockTimestamp: number;
-    }): Promise<{
-        result: RuleResult;
-        proof: DecisionProof | null;
-    }>;
-}
-
-/**
- * Create a PayID policy engine instance backed by a WASM rule evaluator.
- *
- * ## Responsibility
- *
- * - Holds the WASM binary used for rule execution
- * - Defines the trust boundary for context attestation verification
- * - Acts as the primary entry point for PayID rule evaluation
- *
- * ## Trust model
- *
- * - If `trustedIssuers` is provided, Context V2 attestation
- *   verification is ENFORCED.
- * - If `trustedIssuers` is omitted, the engine runs in
- *   legacy (Context V1) mode without cryptographic verification.
- *
- * ## Environment
- *
- * This class is safe to instantiate in:
- * - Browsers
- * - Mobile apps
- * - Edge runtimes
- * - Backend services
- *
- * @param wasm
- *   Compiled PayID WASM rule engine binary.
- *
- * @param debugTrace
- *   Optional flag to enable decision trace generation for debugging.
- *   @example
- *   ```ts
- *
- *   const payid = new PayID(wasmBinary, debugTrace);
- *   ```
- */
-declare function createPayID(params: {
-    wasm?: Uint8Array;
-    debugTrace?: boolean;
-}): PayIDClient;
-
-declare const index_createPayID: typeof createPayID;
-declare namespace index {
-  export { index_createPayID as createPayID };
-}
-
-export { createPayID as c, index as i };

package/dist/index-BQQnMG2H.d.ts

@@ -1,114 +0,0 @@
-import { ethers } from 'ethers';
-import { RuleConfig } from 'payid-types';
-import { P as PayIDSessionPolicyPayloadV1 } from './types-BmMf7udp.js';
-
-/**
- * Create and sign an ephemeral PayID session policy payload.
- *
- * A session policy represents a **temporary, off-chain consent**
- * granted by the receiver to apply additional rule constraints
- * during rule evaluation (e.g. session limits, QR payments,
- * intent-scoped conditions).
- *
- * ## Security model
- *
- * - The session policy is signed by the receiver.
- * - The signature proves **explicit consent** for the included rule.
- * - This policy does NOT establish on-chain authority and MUST NOT
- *   be registered or referenced in any on-chain rule registry.
- *
- * ## Canonicalization
- *
- * - The rule set is canonicalized BEFORE signing to ensure
- *   deterministic hashing and signature verification.
- * - The exact payload signed here MUST be used verbatim during
- *   policy verification.
- *
- * ## Lifecycle
- *
- * - Session policies are valid only until `expiresAt`.
- * - Expired policies MUST be rejected by the verifier.
- *
- * @param params
- * @param params.receiver
- *   Address of the receiver granting the session policy.
- *
- * @param params.rule
- *   Rule configuration to be applied as an **off-chain evaluation
- *   override** during the session.
- *
- * @param params.expiresAt
- *   UNIX timestamp (seconds) indicating when the session policy
- *   becomes invalid.
- *
- * @param params.signer
- *   Signer controlling the receiver address, used to sign the
- *   session policy payload.
- *
- * @returns
- *   A signed `PayIDSessionPolicyPayloadV1` that may be transmitted
- *   to clients and verified using `decodeSessionPolicy`.
- *
- * @throws
- *   May throw if signing fails or the signer is misconfigured.
- */
-declare function createSessionPolicyPayload(params: {
-    receiver: string;
-    rule: RuleConfig;
-    expiresAt: number;
-    signer: ethers.Signer;
-}): Promise<PayIDSessionPolicyPayloadV1>;
-
-/**
- * Decode and verify an ephemeral PayID session policy.
- *
- * This function validates that a session policy:
- * - Uses a supported policy version
- * - Has not expired
- * - Was cryptographically signed by the declared receiver
- *
- * If all checks pass, the embedded rule configuration is returned
- * and may be used as an **off-chain evaluation override**
- * (e.g. combined with an authoritative on-chain rule).
- *
- * ## Security model
- *
- * - The session policy signature represents **explicit consent**
- *   from the receiver for temporary rule constraints.
- * - This policy does NOT establish on-chain authority and MUST NOT
- *   be used to derive `ruleSetHash` or interact with rule registries.
- *
- * ## Invariants
- *
- * - The payload verified here MUST match exactly the payload that was signed.
- * - No canonicalization or mutation is performed during verification.
- * - Expired or invalidly signed policies are rejected immediately.
- *
- * @export
- *
- * @param sessionPolicy
- *   A signed session policy payload created by
- *   `createSessionPolicyPayload`.
- *
- * @param now
- *   Current UNIX timestamp (seconds) used to validate policy expiry.
- *
- * @returns
- *   A `RuleConfig` representing the session's evaluation rule.
- *
- * @throws
- *   Throws if:
- *   - The policy version is unsupported
- *   - The policy has expired
- *   - The signature does not match the receiver
- */
-declare function decodeSessionPolicy(sessionPolicy: PayIDSessionPolicyPayloadV1, now: number): RuleConfig;
-
-declare const index_PayIDSessionPolicyPayloadV1: typeof PayIDSessionPolicyPayloadV1;
-declare const index_createSessionPolicyPayload: typeof createSessionPolicyPayload;
-declare const index_decodeSessionPolicy: typeof decodeSessionPolicy;
-declare namespace index {
-  export { index_PayIDSessionPolicyPayloadV1 as PayIDSessionPolicyPayloadV1, index_createSessionPolicyPayload as createSessionPolicyPayload, index_decodeSessionPolicy as decodeSessionPolicy };
-}
-
-export { createSessionPolicyPayload as c, decodeSessionPolicy as d, index as i };

package/dist/types-B8pJQdMQ.d.ts

@@ -1,26 +0,0 @@
-interface RuleSource {
-    uri: string;
-    hash?: string;
-}
-
-interface DecisionPayload {
-    version: string;
-    payId: string;
-    payer: string;
-    receiver: string;
-    asset: string;
-    amount: bigint;
-    contextHash: string;
-    ruleSetHash: string;
-    ruleAuthority: string;
-    issuedAt: bigint;
-    expiresAt: bigint;
-    nonce: string;
-    requiresAttestation: boolean;
-}
-interface DecisionProof {
-    payload: DecisionPayload;
-    signature: string;
-}
-
-export type { DecisionProof as D, RuleSource as R };

package/dist/types-BmMf7udp.d.ts

@@ -1,13 +0,0 @@
-import { RuleConfig } from 'payid-types';
-
-interface PayIDSessionPolicyPayloadV1 {
-    version: "payid.session.policy.v1" | string;
-    receiver: string;
-    rule: RuleConfig;
-    expiresAt: number;
-    nonce: string;
-    issuedAt: number;
-    signature: string;
-}
-
-export type { PayIDSessionPolicyPayloadV1 as P };