payid 1.1.0 → 2.0.3

package/README.md

@@ -1,15 +1,478 @@
-# sdk-core
-
-To install dependencies:
-
-```bash
-bun install
-```
-
-To run:
-
-```bash
-bun run src/index.ts
-```
-
-This project was created using `bun init` in bun v1.2.21. [Bun](https://bun.com) is a fast all-in-one JavaScript runtime.
+# PayID SDK — `payid`
+
+Policy-driven payment engine for EVM chains. Define **rules** that evaluate payment context off-chain, then submit a cryptographic **Decision Proof** on-chain for verification.
+
+## Installation
+
+```bash
+bun add payid ethers
+# or
+npm install payid ethers
+```
+
+---
+
+## Quick Start
+
+```typescript
+import { PayIDClient } from "payid/client";
+import { ethers } from "ethers";
+
+const client = new PayIDClient();
+
+const result = await client.evaluateAndProve({
+  context: {
+    tx: {
+      sender: "0xSender...",
+      receiver: "0xReceiver...",
+      asset: "0x0000000000000000000000000000000000000000", // native token
+      amount: "1000000000000000000", // 1 ETH in wei
+      chainId: 42161, // Arbitrum
+    },
+  },
+  authorityRule: myRuleConfig,
+  payId: "user@pay.id",
+  payer: "0xSender...",
+  receiver: "0xReceiver...",
+  asset: "0x0000000000000000000000000000000000000000",
+  amount: 1_000_000_000_000_000_000n,
+  signer: wallet,
+  verifyingContract: "0xPayWithPayID...",
+  ruleAuthority: "0xRuleAuthority...",
+  chainId: 42161,
+  blockTimestamp: Math.floor(Date.now() / 1000),
+});
+
+if (result.result.decision === "ALLOW") {
+  // submit result.proof to PayWithPayID.payNative() on-chain
+}
+```
+
+---
+
+## Rule Language
+
+Rules define **what conditions must be true** for a payment to be allowed. They are evaluated off-chain, and the outcome is signed into a Decision Proof that the smart contract verifies.
+
+### Rule Config
+
+Every rule set starts with a `RuleConfig`:
+
+```typescript
+interface RuleConfig {
+  logic: "AND" | "OR"; // how top-level rules are combined
+  rules: AnyRule[];    // list of rules
+  requires?: string[]; // required context namespaces (e.g. ["state", "risk"])
+  message?: string;    // custom message on root rejection
+}
+```
+
+- **`AND`** — all rules must pass
+- **`OR`** — at least one rule must pass
+- Max nesting depth: **10 levels**
+
+---
+
+### Rule Formats
+
+There are three rule formats that can be mixed freely.
+
+#### Format A — Simple Rule
+
+One condition, one rule.
+
+```typescript
+{
+  id: "min-amount",
+  if: { field: "tx.amount", op: ">=", value: "100000000000000000" },
+  message: "Minimum transfer is 0.1 ETH"
+}
+```
+
+#### Format B — Multi-Condition Rule
+
+Multiple conditions combined with `AND` / `OR`.
+
+```typescript
+{
+  id: "business-hours",
+  logic: "AND",
+  conditions: [
+    { field: "env.timestamp|hour", op: ">=", value: "9" },
+    { field: "env.timestamp|hour", op: "<",  value: "17" },
+  ],
+  message: "Transfers only allowed during business hours (9–17 UTC)"
+}
+```
+
+#### Format C — Nested Rule
+
+Groups of rules combined with `AND` / `OR`. Can be nested up to 10 levels deep.
+
+```typescript
+{
+  id: "whitelist-or-small",
+  logic: "OR",
+  rules: [
+    { id: "in-whitelist", if: { field: "tx.sender", op: "in", value: ["0xAlice", "0xBob"] } },
+    { id: "small-amount", if: { field: "tx.amount", op: "<=", value: "50000000000000000" } }
+  ]
+}
+```
+
+---
+
+### Conditions
+
+```typescript
+interface RuleCondition {
+  field: string;  // dot-notation path into the context
+  op: string;     // operator
+  value: any;     // literal value or "$field.reference"
+}
+```
+
+---
+
+### Fields (Context Paths)
+
+Fields use dot-notation to navigate the payment context.
+
+#### Core Context (`tx`)
+
+| Field | Type | Description |
+|---|---|---|
+| `tx.amount` | `string` (wei) | Transfer amount in smallest unit |
+| `tx.amountUsd` | `string` | USD equivalent (if oracle provided) |
+| `tx.asset` | `string` | Token contract address; `0x000...000` for native |
+| `tx.sender` | `string` | Sender address |
+| `tx.receiver` | `string` | Receiver address |
+| `tx.chainId` | `number` | EVM chain ID |
+
+#### Pay.ID Context (`payId`)
+
+| Field | Type | Description |
+|---|---|---|
+| `payId.id` | `string` | The Pay.ID handle (e.g. `user@pay.id`) |
+| `payId.owner` | `string` | Address that owns this Pay.ID |
+
+#### Intent Context (`intent`)
+
+| Field | Type | Description |
+|---|---|---|
+| `intent.type` | `"QR" \| "DIRECT" \| "API"` | How payment was initiated |
+| `intent.expiresAt` | `number` | Unix timestamp when intent expires |
+| `intent.issuer` | `string` | Who issued the intent |
+
+#### Environment Context (`env`) — V2
+
+| Field | Type | Description |
+|---|---|---|
+| `env.timestamp` | `number` | Current block timestamp (Unix seconds) |
+
+#### State Context (`state`) — V2
+
+| Field | Type | Description |
+|---|---|---|
+| `state.spentToday` | `string` | Total amount spent today (wei) |
+| `state.period` | `string` | Current period identifier |
+
+#### Oracle Context (`oracle`) — V2
+
+Custom key-value data from an off-chain oracle. Example: `oracle.ethPrice`, `oracle.gasPrice`.
+
+#### Risk Context (`risk`) — V2
+
+| Field | Type | Description |
+|---|---|---|
+| `risk.score` | `number` | Risk score 0–1000 |
+| `risk.category` | `string` | Risk category label |
+
+---
+
+### Field Transforms
+
+Append `|transform` to a field to transform its value before comparison.
+
+```
+"env.timestamp|hour"   → hour of day (0–23)
+"tx.amount|div:1e18"   → amount divided by 1e18
+```
+
+| Transform | Syntax | Description |
+|---|---|---|
+| `div` | `field\|div:N` | Divide by N (integer) |
+| `mod` | `field\|mod:N` | Modulo N |
+| `abs` | `field\|abs` | Absolute value |
+| `hour` | `field\|hour` | Hour of day from Unix timestamp (0–23) |
+| `day` | `field\|day` | Day of week from Unix timestamp (0=Mon, 6=Sun) |
+| `date` | `field\|date` | Day of month (1–31) |
+| `month` | `field\|month` | Month of year (1–12) |
+| `len` | `field\|len` | String length |
+| `lower` | `field\|lower` | Lowercase string |
+| `upper` | `field\|upper` | Uppercase string |
+
+---
+
+### Operators
+
+#### Numeric
+
+| Operator | Description | Example |
+|---|---|---|
+| `>=` | Greater than or equal | `amount >= 1000` |
+| `<=` | Less than or equal | `amount <= 50000` |
+| `>` | Greater than | `amount > 0` |
+| `<` | Less than | `risk.score < 700` |
+| `between` | Inclusive range `[min, max]` | `value: ["100", "5000"]` |
+| `not_between` | Outside range | `value: ["100", "5000"]` |
+| `mod_eq` | `field % divisor == remainder` | `value: ["7", "0"]` (divisible by 7) |
+| `mod_ne` | `field % divisor != remainder` | |
+
+#### Equality
+
+| Operator | Description |
+|---|---|
+| `==` | Loose equality (string + numeric coercion) |
+| `!=` | Not equal |
+| `in` | Value is in array |
+| `not_in` | Value is not in array |
+
+#### String
+
+| Operator | Description |
+|---|---|
+| `contains` | String contains substring |
+| `not_contains` | String does not contain substring |
+| `starts_with` | String starts with prefix |
+| `ends_with` | String ends with suffix |
+| `regex` | Matches regex pattern (ReDoS-safe, max 200 chars) |
+| `not_regex` | Does not match regex |
+
+#### Existence
+
+| Operator | Description |
+|---|---|
+| `exists` | Field is present and not null |
+| `not_exists` | Field is absent or null |
+
+---
+
+### Cross-Field References
+
+Prefix a value with `$` to compare against another field in the context.
+
+```typescript
+// Reject if spending more than today's limit
+{ field: "tx.amount", op: "<=", value: "$state.dailyLimit" }
+
+// Only allow if sender equals the Pay.ID owner
+{ field: "tx.sender", op: "==", value: "$payId.owner" }
+```
+
+---
+
+### Message Interpolation
+
+Rule messages support `{field}` interpolation using the same dot-notation and transforms.
+
+```typescript
+{
+  id: "amount-cap",
+  if: { field: "tx.amount", op: "<=", value: "1000000000000000000" },
+  message: "Rejected: amount {tx.amount} exceeds 1 ETH cap"
+}
+```
+
+---
+
+## Complete Examples
+
+### 1. Simple Amount Cap
+
+```typescript
+const rule: RuleConfig = {
+  logic: "AND",
+  rules: [
+    {
+      id: "max-per-tx",
+      if: { field: "tx.amount", op: "<=", value: "5000000000000000000" },
+      message: "Max 5 ETH per transaction"
+    }
+  ]
+};
+```
+
+### 2. Daily Spending Limit
+
+```typescript
+const rule: RuleConfig = {
+  logic: "AND",
+  requires: ["state"],
+  rules: [
+    {
+      id: "daily-limit",
+      if: { field: "state.spentToday", op: "<=", value: "10000000000000000000" },
+      message: "Daily limit of 10 ETH exceeded"
+    }
+  ]
+};
+```
+
+### 3. Business Hours Only
+
+```typescript
+const rule: RuleConfig = {
+  logic: "AND",
+  requires: ["env"],
+  rules: [
+    {
+      id: "business-hours",
+      logic: "AND",
+      conditions: [
+        { field: "env.timestamp|hour", op: ">=", value: "9" },
+        { field: "env.timestamp|hour", op: "<",  value: "17" }
+      ],
+      message: "Transfers only allowed 09:00–17:00 UTC"
+    }
+  ]
+};
+```
+
+### 4. Whitelist OR Small Amount
+
+```typescript
+const rule: RuleConfig = {
+  logic: "AND",
+  rules: [
+    {
+      id: "whitelist-or-small",
+      logic: "OR",
+      rules: [
+        {
+          id: "is-whitelisted",
+          if: {
+            field: "tx.sender",
+            op: "in",
+            value: ["0xAlice...", "0xBob...", "0xCharlie..."]
+          }
+        },
+        {
+          id: "small-amount",
+          if: { field: "tx.amount", op: "<=", value: "100000000000000000" }
+        }
+      ],
+      message: "Sender not whitelisted and amount exceeds 0.1 ETH"
+    }
+  ]
+};
+```
+
+### 5. Multi-Condition Risk Gate
+
+```typescript
+const rule: RuleConfig = {
+  logic: "AND",
+  requires: ["risk"],
+  rules: [
+    {
+      id: "risk-gate",
+      logic: "AND",
+      conditions: [
+        { field: "risk.score",    op: "<",  value: "700" },
+        { field: "risk.category", op: "!=", value: "SANCTIONED" }
+      ],
+      message: "Payment blocked: risk score too high or sender sanctioned"
+    }
+  ]
+};
+```
+
+### 6. Recurring Payment (Weekdays Only)
+
+```typescript
+const rule: RuleConfig = {
+  logic: "AND",
+  requires: ["env"],
+  rules: [
+    {
+      id: "weekday-only",
+      // day transform: 0=Mon, 4=Fri, 5=Sat, 6=Sun
+      logic: "AND",
+      conditions: [
+        { field: "env.timestamp|day", op: ">=", value: "0" },
+        { field: "env.timestamp|day", op: "<=", value: "4" }
+      ],
+      message: "Only weekday payments allowed"
+    }
+  ]
+};
+```
+
+---
+
+## Evaluate Only (No Proof)
+
+```typescript
+import { evaluate } from "payid";
+
+const result = await evaluate(context, ruleConfig);
+// result.decision === "ALLOW" | "REJECT"
+// result.code     — rule ID that triggered the decision
+// result.reason   — human-readable message
+```
+
+---
+
+## Server-Side Usage
+
+```typescript
+import { PayIDServer } from "payid/server";
+import { ethers } from "ethers";
+
+const server = new PayIDServer(
+  new ethers.Wallet(process.env.SIGNER_KEY!),
+  new Set(["0xTrustedIssuer..."])  // trusted attestation issuers
+);
+
+const { result, proof } = await server.evaluateAndProve({
+  context,
+  authorityRule: ruleConfig,
+  payId: "merchant@pay.id",
+  payer: "0xPayer...",
+  receiver: "0xMerchant...",
+  asset: "0x0000000000000000000000000000000000000000",
+  amount: 1_000_000_000_000_000_000n,
+  verifyingContract: "0xPayWithPayID...",
+  ruleAuthority: "0xRuleAuthority...",
+  chainId: 42161,
+  blockTimestamp: Math.floor(Date.now() / 1000),
+});
+```
+
+---
+
+## Exports
+
+| Import path | Contents |
+|---|---|
+| `payid` | `evaluate()` |
+| `payid/client` | `PayIDClient` |
+| `payid/server` | `PayIDServer` |
+| `payid/decision-proof` | `generateDecisionProof()` |
+| `payid/rule` | `combineRules()`, `canonicalizeRuleSet()` |
+| `payid/issuer` | `signAttestation()` |
+| `payid/context` | Context types |
+| `payid/sessionPolicy` | `decodeSessionPolicy()`, `decodeSessionPolicyV2()` |
+
+---
+
+## Limits
+
+| Constraint | Value |
+|---|---|
+| Max rule nesting depth | 10 levels |
+| Max regex pattern length | 200 chars |
+| Nested quantifiers in regex | Rejected (ReDoS protection) |
+| Decision Proof TTL (default) | 300 seconds |
+| Decision Proof TTL (max recommended) | 3600 seconds |

package/dist/{chunk-X43JAJPI.js → chunk-AXLZUAYL.js}

@@ -10,17 +10,32 @@ import {
 import { ethers, ZeroAddress } from "ethers";
 var hash = (v) => ethers.keccak256(ethers.toUtf8Bytes(v));
 async function generateDecisionProof(params) {
+  if (!params.payId || typeof params.payId !== "string" || params.payId.trim() === "") {
+    throw new Error("payId must not be empty");
+  }
   if (!ethers.isAddress(params.payer) || params.payer === ethers.ZeroAddress) {
-    throw new Error("GENERATE_PROOF: payer address tidak valid atau zero");
+    throw new Error("GENERATE_PROOF: payer address is invalid or zero");
   }
   if (!ethers.isAddress(params.receiver) || params.receiver === ethers.ZeroAddress) {
-    throw new Error("GENERATE_PROOF: receiver address tidak valid atau zero");
+    throw new Error("GENERATE_PROOF: receiver address is invalid or zero");
   }
   if (!ethers.isAddress(params.verifyingContract) || params.verifyingContract === ethers.ZeroAddress) {
-    throw new Error("GENERATE_PROOF: verifyingContract tidak valid atau zero");
+    throw new Error("GENERATE_PROOF: verifyingContract is invalid or zero");
+  }
+  if (!ethers.isAddress(params.ruleAuthority)) {
+    throw new Error("GENERATE_PROOF: ruleAuthority is not a valid address");
+  }
+  if (params.asset !== void 0 && !ethers.isAddress(params.asset)) {
+    throw new Error("GENERATE_PROOF: asset is not a valid address");
   }
   if (params.amount <= 0n) {
-    throw new Error("GENERATE_PROOF: amount harus > 0");
+    throw new Error("amount must be > 0");
+  }
+  if (params.ttlSeconds !== void 0 && (params.ttlSeconds <= 0 || !Number.isInteger(params.ttlSeconds))) {
+    throw new Error("GENERATE_PROOF: ttlSeconds must be a positive integer");
+  }
+  if (params.blockTimestamp !== void 0 && params.blockTimestamp <= 0) {
+    throw new Error("GENERATE_PROOF: blockTimestamp is invalid");
   }
   const now = params.blockTimestamp ?? Math.floor(Date.now() / 1e3);
   const issuedAt = now - 30;
@@ -31,7 +46,7 @@ async function generateDecisionProof(params) {
     chainId = Number(network.chainId);
   }
   if (!chainId || chainId <= 0 || !Number.isInteger(chainId)) {
-    throw new Error(`GENERATE_PROOF: chainId tidak valid: ${chainId}`);
+    throw new Error(`GENERATE_PROOF: chainId is invalid: ${chainId}`);
   }
   const requiresAttestation = Array.isArray(params.ruleConfig?.requires) && params.ruleConfig.requires.length > 0;
   const attestationUIDsHash = params.attestationUIDs ? ethers.keccak256(ethers.AbiCoder.defaultAbiCoder().encode(["bytes32[]"], [params.attestationUIDs])) : ethers.ZeroHash;

package/dist/{chunk-GQJAHRA7.js → chunk-F2KQGW76.js}

@@ -129,29 +129,33 @@ async function runWasmRule(context, config, wasmBinary) {
 async function runWasmRule2(context, config, _wasmBinary) {
   return evaluateRule(context, config);
 }
+var MAX_RULE_DEPTH = 10;
 function evaluateRule(context, config) {
   const rules = config?.rules;
   if (!Array.isArray(rules) || rules.length === 0) {
     return { decision: "ALLOW", code: "NO_RULES", reason: "no rules defined" };
   }
   const logic = config?.logic ?? "AND";
-  return evalRules(context, rules, logic);
+  return evalRules(context, rules, logic, 0);
 }
-function evalRules(context, rules, logic) {
+function evalRules(context, rules, logic, depth) {
+  if (depth > MAX_RULE_DEPTH) {
+    return { decision: "REJECT", code: "MAX_DEPTH_EXCEEDED", reason: `rule nesting exceeds the limit of ${MAX_RULE_DEPTH}` };
+  }
   for (const rule of rules) {
-    const res = evalOneRule(context, rule);
+    const res = evalOneRule(context, rule, depth);
     if (res.decision === "REJECT" && logic === "AND") return res;
     if (res.decision === "ALLOW" && logic === "OR") return res;
   }
   if (logic === "AND") return { decision: "ALLOW", code: "OK", reason: "all rules passed" };
   return { decision: "REJECT", code: "NO_RULE_MATCH", reason: "no rule matched in OR group" };
 }
-function evalOneRule(context, rule) {
+function evalOneRule(context, rule, depth) {
   const ruleId = rule?.id ?? "UNKNOWN_RULE";
   const message = rule?.message ?? "";
   if (Array.isArray(rule?.rules)) {
     const subLogic = rule?.logic ?? "AND";
-    const res = evalRules(context, rule.rules, subLogic);
+    const res = evalRules(context, rule.rules, subLogic, depth + 1);
     if (res.decision === "REJECT" && message) {
       return { decision: "REJECT", code: ruleId, reason: message };
     }
@@ -564,9 +568,22 @@ async function evaluate(context, ruleConfig, options, wasmBinary) {
   if (!context.tx) {
     throw new Error("evaluate(): context.tx is required");
   }
+  if (context.tx.chainId !== void 0 && (!Number.isInteger(context.tx.chainId) || context.tx.chainId <= 0)) {
+    throw new Error(`chainId is invalid: ${context.tx.chainId}`);
+  }
+  if (context.tx.amount !== void 0) {
+    const amt = BigInt(context.tx.amount);
+    if (amt <= 0n) throw new Error("amount must be > 0");
+  }
   if (!ruleConfig || typeof ruleConfig !== "object") {
     throw new Error("evaluate(): ruleConfig is required");
   }
+  if (ruleConfig.logic !== "AND" && ruleConfig.logic !== "OR") {
+    throw new Error(`ruleConfig.logic must be "AND" or "OR", got: ${ruleConfig.logic}`);
+  }
+  if (!Array.isArray(ruleConfig.rules) || ruleConfig.rules.length === 0) {
+    throw new Error("ruleConfig.rules must be a non-empty array");
+  }
   let result;
   try {
     const preparedContext = options?.trustedIssuers ? preprocessContextV2(context, ruleConfig, options.trustedIssuers) : context;

package/dist/{chunk-XLQGSYE6.js → chunk-K2B5UHYA.js}

@@ -9,10 +9,10 @@ import {
   evaluate,
   loadWasm,
   resolveRule
-} from "./chunk-GQJAHRA7.js";
+} from "./chunk-F2KQGW76.js";
 import {
   generateDecisionProof
-} from "./chunk-X43JAJPI.js";
+} from "./chunk-AXLZUAYL.js";
 import {
   __export
 } from "./chunk-MLKGABMK.js";

package/dist/{chunk-J5C4O242.js → chunk-WQEZYX4X.js}

@@ -1,10 +1,10 @@
 import {
   evaluate,
   resolveRule
-} from "./chunk-GQJAHRA7.js";
+} from "./chunk-F2KQGW76.js";
 import {
   generateDecisionProof
-} from "./chunk-X43JAJPI.js";
+} from "./chunk-AXLZUAYL.js";
 import {
   __export
 } from "./chunk-MLKGABMK.js";

package/dist/core/client/index.js

@@ -1,12 +1,12 @@
 import {
   PayIDClient,
   createPayIDClient
-} from "../../chunk-XLQGSYE6.js";
+} from "../../chunk-K2B5UHYA.js";
 import "../../chunk-GG34PNTF.js";
 import "../../chunk-BC77BLFK.js";
 import "../../chunk-6VPSJFO4.js";
-import "../../chunk-GQJAHRA7.js";
-import "../../chunk-X43JAJPI.js";
+import "../../chunk-F2KQGW76.js";
+import "../../chunk-AXLZUAYL.js";
 import "../../chunk-X7NYQ47Y.js";
 import "../../chunk-KDC67LIN.js";
 import "../../chunk-MLKGABMK.js";

package/dist/core/server/index.js

@@ -1,9 +1,9 @@
 import {
   PayIDServer,
   createPayIDServer
-} from "../../chunk-J5C4O242.js";
-import "../../chunk-GQJAHRA7.js";
-import "../../chunk-X43JAJPI.js";
+} from "../../chunk-WQEZYX4X.js";
+import "../../chunk-F2KQGW76.js";
+import "../../chunk-AXLZUAYL.js";
 import "../../chunk-X7NYQ47Y.js";
 import "../../chunk-KDC67LIN.js";
 import "../../chunk-MLKGABMK.js";

package/dist/decision-proof/index.js

@@ -1,6 +1,6 @@
 import {
   generateDecisionProof
-} from "../chunk-X43JAJPI.js";
+} from "../chunk-AXLZUAYL.js";
 import "../chunk-X7NYQ47Y.js";
 import "../chunk-KDC67LIN.js";
 import "../chunk-MLKGABMK.js";

package/dist/index.js

@@ -1,33 +1,33 @@
 import {
   context_exports
 } from "./chunk-BFCPKJ46.js";
-import {
-  issuer_exports
-} from "./chunk-E6VQETBC.js";
-import "./chunk-YKCMGGYB.js";
 import {
   rule_exports
 } from "./chunk-FZNMDGVK.js";
-import {
-  sessionPolicy_exports
-} from "./chunk-R674DZJS.js";
 import {
   PayIDClient,
   client_exports
-} from "./chunk-XLQGSYE6.js";
+} from "./chunk-K2B5UHYA.js";
 import "./chunk-GG34PNTF.js";
+import {
+  sessionPolicy_exports
+} from "./chunk-R674DZJS.js";
 import "./chunk-BC77BLFK.js";
 import "./chunk-6VPSJFO4.js";
+import {
+  issuer_exports
+} from "./chunk-E6VQETBC.js";
+import "./chunk-YKCMGGYB.js";
 import {
   PayIDServer,
   server_exports
-} from "./chunk-J5C4O242.js";
+} from "./chunk-WQEZYX4X.js";
 import {
   verifyAttestation
-} from "./chunk-GQJAHRA7.js";
+} from "./chunk-F2KQGW76.js";
 import {
   generateDecisionProof
-} from "./chunk-X43JAJPI.js";
+} from "./chunk-AXLZUAYL.js";
 import "./chunk-X7NYQ47Y.js";
 import "./chunk-KDC67LIN.js";
 import {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "payid",
-  "version": "1.1.0",
+  "version": "2.0.3",
   "private": false,
   "type": "module",
   "main": "./dist/index.js",
@@ -62,7 +62,7 @@
   "scripts": {
     "build": "tsup",
     "type-check": "tsc --noEmit",
-    "test": "echo 'No unit tests — add test files to run with bun test'",
+    "test": "bun test",
     "prepublishOnly": "bun run type-check && bun run test && bun run build",
     "release": "release-it",
     "release:dry": "release-it --dry-run",
@@ -80,8 +80,12 @@
   },
   "devDependencies": {
     "@types/bun": "latest",
+    "@wagmi/core": "^3.4.12",
+    "react": "^19.2.6",
     "release-it": "^20.0.1",
-    "tsup": "^8.5.1"
+    "tsup": "^8.5.1",
+    "viem": "^2.49.3",
+    "wagmi": "^3.6.15"
   },
   "description": "PAY.ID policy engine — evaluate payment rules and generate EIP-712 Decision Proofs",
   "repository": {