reputrans 0.1.0

package/dist/sdk/src/circuit-loader.js

@@ -0,0 +1,65 @@
+/**
+ * Circuit artifact loader for REPUTRANS.
+ *
+ * Loads compiled Noir ACIR artifacts from the filesystem.
+ * Works in Node.js only (uses fs). For browser usage, load
+ * the JSON via fetch and pass directly to createProver/createVerifier.
+ */
+import { readFile } from 'fs/promises';
+import { resolve, join, dirname } from 'path';
+import { fileURLToPath } from 'url';
+import { accessSync } from 'fs';
+/** Resolve package root from this file's location (works in both source and dist). */
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+/**
+ * Walk up from this file to find the package root (directory containing package.json).
+ * In source: sdk/src/ -> 2 levels up
+ * In dist:   dist/sdk/src/ -> 3 levels up
+ */
+function findPackageRoot() {
+    let dir = __dirname;
+    for (let i = 0; i < 5; i++) {
+        try {
+            accessSync(join(dir, 'package.json'));
+            return dir;
+        }
+        catch {
+            dir = dirname(dir);
+        }
+    }
+    return resolve(__dirname, '..', '..');
+}
+const DEFAULT_CIRCUITS_DIR = join(findPackageRoot(), 'circuits');
+/**
+ * Load a compiled circuit artifact by name.
+ *
+ * @param name - Circuit name (must match the directory and JSON filename)
+ * @param circuitsDir - Override the circuits directory path. Defaults to
+ *   the monorepo's circuits/ directory relative to this file, or the
+ *   REPUTRANS_CIRCUITS_DIR environment variable.
+ */
+export async function loadCircuit(name, circuitsDir) {
+    // Sanitize circuit name to prevent path traversal
+    if (!/^[a-z_]+$/.test(name)) {
+        throw new Error(`Invalid circuit name: "${name}" (must match /^[a-z_]+$/)`);
+    }
+    const dir = circuitsDir ?? process.env.REPUTRANS_CIRCUITS_DIR ?? DEFAULT_CIRCUITS_DIR;
+    const artifactPath = join(dir, name, 'target', `${name}.json`);
+    const resolved = resolve(artifactPath);
+    let raw;
+    try {
+        raw = await readFile(resolved, 'utf-8');
+    }
+    catch (err) {
+        throw new Error(`Failed to load circuit artifact at ${resolved}: ${err.message}. ` +
+            `Ensure circuits are compiled via 'nargo compile' in WSL.`);
+    }
+    const parsed = JSON.parse(raw);
+    // Validate it looks like a compiled circuit
+    if (!parsed.bytecode || !parsed.abi) {
+        throw new Error(`Invalid circuit artifact at ${resolved}: missing 'bytecode' or 'abi' field`);
+    }
+    return parsed;
+}
+//# sourceMappingURL=circuit-loader.js.map

package/dist/sdk/src/circuit-loader.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"circuit-loader.js","sourceRoot":"","sources":["../../../sdk/src/circuit-loader.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,QAAQ,EAAU,MAAM,aAAa,CAAC;AAC/C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,UAAU,EAAE,MAAM,IAAI,CAAC;AAGhC,sFAAsF;AACtF,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAEtC;;;;GAIG;AACH,SAAS,eAAe;IACtB,IAAI,GAAG,GAAG,SAAS,CAAC;IACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,IAAI,CAAC;YACH,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,cAAc,CAAC,CAAC,CAAC;YACtC,OAAO,GAAG,CAAC;QACb,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;QACrB,CAAC;IACH,CAAC;IACD,OAAO,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;AACxC,CAAC;AAED,MAAM,oBAAoB,GAAG,IAAI,CAAC,eAAe,EAAE,EAAE,UAAU,CAAC,CAAC;AAWjE;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,IAA0B,EAC1B,WAAoB;IAEpB,kDAAkD;IAClD,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,0BAA0B,IAAI,4BAA4B,CAAC,CAAC;IAC9E,CAAC;IAED,MAAM,GAAG,GAAG,WAAW,IAAI,OAAO,CAAC,GAAG,CAAC,sBAAsB,IAAI,oBAAoB,CAAC;IACtF,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,IAAI,OAAO,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;IAEvC,IAAI,GAAW,CAAC;IAChB,IAAI,CAAC;QACH,GAAG,GAAG,MAAM,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CACb,sCAAsC,QAAQ,KAAK,GAAG,CAAC,OAAO,IAAI;YAClE,0DAA0D,CAC3D,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAE/B,4CAA4C;IAC5C,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CACb,+BAA+B,QAAQ,qCAAqC,CAC7E,CAAC;IACJ,CAAC;IAED,OAAO,MAAyB,CAAC;AACnC,CAAC"}

package/dist/sdk/src/eddsa.d.ts

@@ -0,0 +1,63 @@
+/**
+ * EdDSA signing and verification on Baby Jubjub (BN254 embedded curve)
+ * using the CORRECT Poseidon hash (poseidon-lite, matching Noir's stdlib).
+ *
+ * This replaces the hackathon code that incorrectly used bb.poseidon2Hash().
+ *
+ * EdDSA scheme (matching Noir's eddsa_poseidon_verify):
+ *   Sign: h = poseidon5(R8.x, R8.y, A.x, A.y, msg), S = r + h * sk mod l
+ *   Verify: h = poseidon5(R8.x, R8.y, A.x, A.y, msg), S * G == R8 + h * A
+ *
+ * Curve: Baby Jubjub (twisted Edwards, embedded in BN254)
+ *   a = 168700, d = 168696
+ *   Subgroup order l = 2736030358979909402780800718157159386076813972158567259200215660948447373041
+ */
+declare const BJJ: {
+    readonly a: 168700n;
+    readonly d: 168696n;
+    readonly l: 2736030358979909402780800718157159386076813972158567259200215660948447373041n;
+    readonly p: 21888242871839275222246405745257275088548364400416034343698204186575808495617n;
+    readonly Gx: 5299619240641551281634865583518297030282874472190772894086521144482721001553n;
+    readonly Gy: 16950150798460657717958625567821834550301663161624707787222815936182638968203n;
+};
+export interface Point {
+    x: bigint;
+    y: bigint;
+}
+export interface EdDSASignature {
+    r8: Point;
+    s: bigint;
+}
+declare const IDENTITY: Point;
+declare function mod(a: bigint, m: bigint): bigint;
+declare function pointAdd(p1: Point, p2: Point): Point;
+declare function scalarMul(pt: Point, scalar: bigint): Point;
+declare const G: Point;
+/**
+ * Compute public key from private key: A = sk * G
+ */
+export declare function getPublicKey(privateKey: bigint): Point;
+/**
+ * Sign a message using EdDSA on Baby Jubjub with Poseidon hash.
+ *
+ * This produces signatures compatible with Noir's eddsa_poseidon_verify:
+ *   h = poseidon5(R8.x, R8.y, A.x, A.y, msg)
+ *   S = r + h * sk  (mod l)
+ *
+ * @param privateKey - scalar in [1, l-1]
+ * @param msg - field element (the message to sign)
+ * @returns EdDSA signature {r8, s} and the public key
+ */
+export declare function sign(privateKey: bigint, msg: bigint): {
+    signature: EdDSASignature;
+    publicKey: Point;
+};
+/**
+ * Verify an EdDSA signature (mirrors Noir's eddsa_poseidon_verify).
+ *
+ *   h = poseidon5(R8.x, R8.y, A.x, A.y, msg)
+ *   Check: S * G == R8 + h * A
+ */
+export declare function verify(publicKey: Point, msg: bigint, signature: EdDSASignature): boolean;
+export { BJJ, G, IDENTITY, scalarMul, pointAdd, mod };
+//# sourceMappingURL=eddsa.d.ts.map

package/dist/sdk/src/eddsa.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"eddsa.d.ts","sourceRoot":"","sources":["../../../sdk/src/eddsa.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAMH,QAAA,MAAM,GAAG;;;;;;;CAUC,CAAC;AAEX,MAAM,WAAW,KAAK;IACpB,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX;AAED,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,KAAK,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX;AAED,QAAA,MAAM,QAAQ,EAAE,KAAwB,CAAC;AAIzC,iBAAS,GAAG,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAGzC;AAgCD,iBAAS,QAAQ,CAAC,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,GAAG,KAAK,CAe7C;AAED,iBAAS,SAAS,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,GAAG,KAAK,CAWnD;AAED,QAAA,MAAM,CAAC,EAAE,KAAgC,CAAC;AAqC1C;;GAEG;AACH,wBAAgB,YAAY,CAAC,UAAU,EAAE,MAAM,GAAG,KAAK,CAEtD;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,IAAI,CAClB,UAAU,EAAE,MAAM,EAClB,GAAG,EAAE,MAAM,GACV;IAAE,SAAS,EAAE,cAAc,CAAC;IAAC,SAAS,EAAE,KAAK,CAAA;CAAE,CAuBjD;AAED;;;;;GAKG;AACH,wBAAgB,MAAM,CACpB,SAAS,EAAE,KAAK,EAChB,GAAG,EAAE,MAAM,EACX,SAAS,EAAE,cAAc,GACxB,OAAO,CAYT;AAGD,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC"}

package/dist/sdk/src/eddsa.js

@@ -0,0 +1,177 @@
+/**
+ * EdDSA signing and verification on Baby Jubjub (BN254 embedded curve)
+ * using the CORRECT Poseidon hash (poseidon-lite, matching Noir's stdlib).
+ *
+ * This replaces the hackathon code that incorrectly used bb.poseidon2Hash().
+ *
+ * EdDSA scheme (matching Noir's eddsa_poseidon_verify):
+ *   Sign: h = poseidon5(R8.x, R8.y, A.x, A.y, msg), S = r + h * sk mod l
+ *   Verify: h = poseidon5(R8.x, R8.y, A.x, A.y, msg), S * G == R8 + h * A
+ *
+ * Curve: Baby Jubjub (twisted Edwards, embedded in BN254)
+ *   a = 168700, d = 168696
+ *   Subgroup order l = 2736030358979909402780800718157159386076813972158567259200215660948447373041
+ */
+import { sha512 } from '@noble/hashes/sha2';
+import { poseidonHash } from './poseidon.js';
+// Baby Jubjub parameters
+const BJJ = {
+    a: 168700n,
+    d: 168696n,
+    // Prime subgroup order
+    l: 2736030358979909402780800718157159386076813972158567259200215660948447373041n,
+    // BN254 base field modulus (coordinate arithmetic)
+    p: 21888242871839275222246405745257275088548364400416034343698204186575808495617n,
+    // Generator point (prime-order subgroup)
+    Gx: 5299619240641551281634865583518297030282874472190772894086521144482721001553n,
+    Gy: 16950150798460657717958625567821834550301663161624707787222815936182638968203n,
+};
+const IDENTITY = { x: 0n, y: 1n };
+// -- Field arithmetic mod p (coordinates) --
+function mod(a, m) {
+    const r = a % m;
+    return r >= 0n ? r : r + m;
+}
+function modMul(a, b, m) {
+    return mod(a * b, m);
+}
+function modAdd(a, b, m) {
+    return mod(a + b, m);
+}
+function modSub(a, b, m) {
+    return mod(a - b, m);
+}
+function extGcd(a, b) {
+    if (a === 0n)
+        return [b, 0n, 1n];
+    const [g, x1, y1] = extGcd(mod(b, a), a);
+    return [g, y1 - (b / a) * x1, x1];
+}
+function modInv(a, m) {
+    const a_ = mod(a, m);
+    if (a_ === 0n)
+        throw new Error('modInv: zero');
+    const [g, x] = extGcd(a_, m);
+    if (g !== 1n)
+        throw new Error('modInv: not invertible');
+    return mod(x, m);
+}
+// -- Baby Jubjub point operations --
+const { a: A_COEFF, d: D_COEFF, p: P } = BJJ;
+function pointAdd(p1, p2) {
+    const x1x2 = modMul(p1.x, p2.x, P);
+    const y1y2 = modMul(p1.y, p2.y, P);
+    const dx1x2y1y2 = modMul(D_COEFF, modMul(x1x2, y1y2, P), P);
+    const numX = modAdd(modMul(p1.x, p2.y, P), modMul(p1.y, p2.x, P), P);
+    const denX = modAdd(1n, dx1x2y1y2, P);
+    const numY = modSub(y1y2, modMul(A_COEFF, x1x2, P), P);
+    const denY = modSub(1n, dx1x2y1y2, P);
+    return {
+        x: modMul(numX, modInv(denX, P), P),
+        y: modMul(numY, modInv(denY, P), P),
+    };
+}
+function scalarMul(pt, scalar) {
+    let s = mod(scalar, BJJ.l);
+    if (s === 0n)
+        return IDENTITY;
+    let result = IDENTITY;
+    let current = { ...pt };
+    while (s > 0n) {
+        if (s & 1n)
+            result = pointAdd(result, current);
+        current = pointAdd(current, current);
+        s >>= 1n;
+    }
+    return result;
+}
+const G = { x: BJJ.Gx, y: BJJ.Gy };
+// -- Helpers --
+function bigintToBytes(val, len) {
+    const bytes = new Uint8Array(len);
+    let v = val < 0n ? -val : val;
+    for (let i = len - 1; i >= 0; i--) {
+        bytes[i] = Number(v & 0xffn);
+        v >>= 8n;
+    }
+    return bytes;
+}
+function bytesToBigint(bytes) {
+    let r = 0n;
+    for (const b of bytes)
+        r = (r << 8n) | BigInt(b);
+    return r;
+}
+/**
+ * Derive a deterministic nonce from private key and message.
+ * Uses SHA-512 (same approach as standard EdDSA nonce generation).
+ */
+function deriveNonce(privateKey, message) {
+    const skBytes = bigintToBytes(privateKey, 32);
+    const msgBytes = bigintToBytes(message, 32);
+    const combined = new Uint8Array(64);
+    combined.set(skBytes, 0);
+    combined.set(msgBytes, 32);
+    const hash = sha512(combined);
+    // Take first 32 bytes, reduce mod l
+    const val = bytesToBigint(hash.slice(0, 32));
+    const r = mod(val, BJJ.l);
+    return r === 0n ? 1n : r;
+}
+/**
+ * Compute public key from private key: A = sk * G
+ */
+export function getPublicKey(privateKey) {
+    return scalarMul(G, privateKey);
+}
+/**
+ * Sign a message using EdDSA on Baby Jubjub with Poseidon hash.
+ *
+ * This produces signatures compatible with Noir's eddsa_poseidon_verify:
+ *   h = poseidon5(R8.x, R8.y, A.x, A.y, msg)
+ *   S = r + h * sk  (mod l)
+ *
+ * @param privateKey - scalar in [1, l-1]
+ * @param msg - field element (the message to sign)
+ * @returns EdDSA signature {r8, s} and the public key
+ */
+export function sign(privateKey, msg) {
+    const L = BJJ.l;
+    const A = getPublicKey(privateKey);
+    // Deterministic nonce
+    const r = deriveNonce(privateKey, msg);
+    const R8 = scalarMul(G, r);
+    // Hash: h = poseidon5(R8.x, R8.y, A.x, A.y, msg)
+    // Noir uses h as a BN254 field element (mod p), NOT reduced mod L.
+    // We must match: use h directly from Poseidon (already mod p), then
+    // compute S = r + h * sk mod L for the scalar equation.
+    const h = poseidonHash(R8.x, R8.y, A.x, A.y, msg);
+    // S = r + h * (8 * sk) mod l
+    // Noir's eddsa_poseidon_verify checks S*B8 == R8 + h*(8*A).
+    // Since A = sk*B8, we need 8*A = 8*sk*B8, so S must incorporate 8*sk.
+    const S = mod(r + h * (8n * privateKey), L);
+    return {
+        signature: { r8: R8, s: S },
+        publicKey: A,
+    };
+}
+/**
+ * Verify an EdDSA signature (mirrors Noir's eddsa_poseidon_verify).
+ *
+ *   h = poseidon5(R8.x, R8.y, A.x, A.y, msg)
+ *   Check: S * G == R8 + h * A
+ */
+export function verify(publicKey, msg, signature) {
+    const L = BJJ.l;
+    // Use h as field element (mod p) to match Noir's eddsa_poseidon_verify
+    const h = poseidonHash(signature.r8.x, signature.r8.y, publicKey.x, publicKey.y, msg);
+    const lhs = scalarMul(G, signature.s);
+    // Noir multiplies pubkey by cofactor 8: A8 = 8*A
+    const A8 = scalarMul(publicKey, 8n);
+    const hA8 = scalarMul(A8, h);
+    const rhs = pointAdd(signature.r8, hA8);
+    return lhs.x === rhs.x && lhs.y === rhs.y;
+}
+// Re-export curve constants for external use
+export { BJJ, G, IDENTITY, scalarMul, pointAdd, mod };
+//# sourceMappingURL=eddsa.js.map

package/dist/sdk/src/eddsa.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"eddsa.js","sourceRoot":"","sources":["../../../sdk/src/eddsa.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAE7C,yBAAyB;AACzB,MAAM,GAAG,GAAG;IACV,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,uBAAuB;IACvB,CAAC,EAAE,6EAA6E;IAChF,mDAAmD;IACnD,CAAC,EAAE,8EAA8E;IACjF,yCAAyC;IACzC,EAAE,EAAE,6EAA6E;IACjF,EAAE,EAAE,8EAA8E;CAC1E,CAAC;AAYX,MAAM,QAAQ,GAAU,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC;AAEzC,6CAA6C;AAE7C,SAAS,GAAG,CAAC,CAAS,EAAE,CAAS;IAC/B,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAChB,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,MAAM,CAAC,CAAS,EAAE,CAAS,EAAE,CAAS;IAC7C,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,MAAM,CAAC,CAAS,EAAE,CAAS,EAAE,CAAS;IAC7C,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,MAAM,CAAC,CAAS,EAAE,CAAS,EAAE,CAAS;IAC7C,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,MAAM,CAAC,CAAS,EAAE,CAAS;IAClC,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACzC,OAAO,CAAC,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,MAAM,CAAC,CAAS,EAAE,CAAS;IAClC,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACrB,IAAI,EAAE,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;IAC/C,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,MAAM,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7B,IAAI,CAAC,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACxD,OAAO,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACnB,CAAC;AAED,qCAAqC;AAErC,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,GAAG,CAAC;AAE7C,SAAS,QAAQ,CAAC,EAAS,EAAE,EAAS;IACpC,MAAM,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACnC,MAAM,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACnC,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5D,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACrE,MAAM,IAAI,GAAG,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IAEtC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACvD,MAAM,IAAI,GAAG,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;IAEtC,OAAO;QACL,CAAC,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;QACnC,CAAC,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;KACpC,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,EAAS,EAAE,MAAc;IAC1C,IAAI,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IAC3B,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,QAAQ,CAAC;IAC9B,IAAI,MAAM,GAAU,QAAQ,CAAC;IAC7B,IAAI,OAAO,GAAU,EAAE,GAAG,EAAE,EAAE,CAAC;IAC/B,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC;QACd,IAAI,CAAC,GAAG,EAAE;YAAE,MAAM,GAAG,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC/C,OAAO,GAAG,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACrC,CAAC,KAAK,EAAE,CAAC;IACX,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,CAAC,GAAU,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC;AAE1C,gBAAgB;AAEhB,SAAS,aAAa,CAAC,GAAW,EAAE,GAAW;IAC7C,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAC9B,KAAK,IAAI,CAAC,GAAG,GAAG,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC;QAC7B,CAAC,KAAK,EAAE,CAAC;IACX,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,aAAa,CAAC,KAAiB;IACtC,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,KAAK,MAAM,CAAC,IAAI,KAAK;QAAE,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAAC,UAAkB,EAAE,OAAe;IACtD,MAAM,OAAO,GAAG,aAAa,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,aAAa,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAC5C,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACpC,QAAQ,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IACzB,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;IAC3B,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC9B,oCAAoC;IACpC,MAAM,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7C,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IAC1B,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,UAAkB;IAC7C,OAAO,SAAS,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;AAClC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,IAAI,CAClB,UAAkB,EAClB,GAAW;IAEX,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IAChB,MAAM,CAAC,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;IAEnC,sBAAsB;IACtB,MAAM,CAAC,GAAG,WAAW,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACvC,MAAM,EAAE,GAAG,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAE3B,iDAAiD;IACjD,mEAAmE;IACnE,oEAAoE;IACpE,wDAAwD;IACxD,MAAM,CAAC,GAAG,YAAY,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAElD,6BAA6B;IAC7B,4DAA4D;IAC5D,sEAAsE;IACtE,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,GAAG,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;IAE5C,OAAO;QACL,SAAS,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE;QAC3B,SAAS,EAAE,CAAC;KACb,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,MAAM,CACpB,SAAgB,EAChB,GAAW,EACX,SAAyB;IAEzB,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IAChB,uEAAuE;IACvE,MAAM,CAAC,GAAG,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAEtF,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IACtC,iDAAiD;IACjD,MAAM,EAAE,GAAG,SAAS,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IACpC,MAAM,GAAG,GAAG,SAAS,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC7B,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;IAExC,OAAO,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED,6CAA6C;AAC7C,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,EAAE,CAAC"}

package/dist/sdk/src/encoder.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Deterministic JSON-to-circuit-input encoder for REPUTRANS.
+ *
+ * Converts credential fields into BN254 field elements, builds a
+ * Poseidon Merkle tree (depth 4, 16 leaves), and outputs everything
+ * the circuit needs as witness inputs.
+ */
+/** Depth of the credential field Merkle tree (16 leaves max). */
+export declare const FIELD_TREE_DEPTH = 4;
+export declare const MAX_LEAVES: number;
+export interface MerklePath {
+    siblings: bigint[];
+    indices: number[];
+}
+export interface EncodedCredential {
+    /** Poseidon Merkle root of the field values. */
+    merkleRoot: bigint;
+    /** Ordered field values as BN254 field elements (padded to 16 with 0n). */
+    fieldValues: bigint[];
+    /** Canonical field names in the same order as fieldValues. */
+    fieldNames: string[];
+    /** Merkle path for each leaf index. */
+    merklePaths: MerklePath[];
+}
+/**
+ * Convert a string value to a BN254 field element.
+ *
+ * - Numeric strings and bigint-like hex strings are parsed directly.
+ * - Other strings are hashed: UTF-8 bytes are packed into a bigint, then reduced mod p.
+ */
+export declare function stringToField(value: string): bigint;
+/**
+ * Encode a record of string key-value pairs into circuit inputs.
+ *
+ * Keys are sorted alphabetically for deterministic ordering.
+ * Values are converted to BN254 field elements.
+ * A depth-4 Poseidon Merkle tree is built over the 16 leaf slots.
+ */
+export declare function encodeCredential(fields: Record<string, string>): EncodedCredential;
+/**
+ * Build a Poseidon Merkle tree from leaves.
+ * Returns all layers: layers[0] = leaves, layers[DEPTH] = [root].
+ */
+export declare function buildMerkleTree(leaves: bigint[]): bigint[][];
+/**
+ * Get the Merkle path (siblings + direction indices) for a leaf.
+ */
+export declare function getMerklePath(tree: bigint[][], leafIndex: number): MerklePath;
+//# sourceMappingURL=encoder.d.ts.map

package/dist/sdk/src/encoder.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoder.d.ts","sourceRoot":"","sources":["../../../sdk/src/encoder.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,iEAAiE;AACjE,eAAO,MAAM,gBAAgB,IAAI,CAAC;AAClC,eAAO,MAAM,UAAU,QAAwB,CAAC;AAEhD,MAAM,WAAW,UAAU;IACzB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,gDAAgD;IAChD,UAAU,EAAE,MAAM,CAAC;IACnB,2EAA2E;IAC3E,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,8DAA8D;IAC9D,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,uCAAuC;IACvC,WAAW,EAAE,UAAU,EAAE,CAAC;CAC3B;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CA2BnD;AAED;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,iBAAiB,CA8BlF;AAED;;;GAGG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,EAAE,CAkB5D;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,MAAM,GAAG,UAAU,CAkB7E"}

package/dist/sdk/src/encoder.js

@@ -0,0 +1,117 @@
+/**
+ * Deterministic JSON-to-circuit-input encoder for REPUTRANS.
+ *
+ * Converts credential fields into BN254 field elements, builds a
+ * Poseidon Merkle tree (depth 4, 16 leaves), and outputs everything
+ * the circuit needs as witness inputs.
+ */
+import { poseidonHash, BN254_FIELD_ORDER } from './poseidon.js';
+/** Depth of the credential field Merkle tree (16 leaves max). */
+export const FIELD_TREE_DEPTH = 4;
+export const MAX_LEAVES = 1 << FIELD_TREE_DEPTH; // 16
+/**
+ * Convert a string value to a BN254 field element.
+ *
+ * - Numeric strings and bigint-like hex strings are parsed directly.
+ * - Other strings are hashed: UTF-8 bytes are packed into a bigint, then reduced mod p.
+ */
+export function stringToField(value) {
+    // Try numeric parse first
+    const trimmed = value.trim();
+    // Hex
+    if (trimmed.startsWith('0x') || trimmed.startsWith('0X')) {
+        const val = BigInt(trimmed);
+        if (val >= 0n && val < BN254_FIELD_ORDER)
+            return val;
+        return val % BN254_FIELD_ORDER;
+    }
+    // Decimal integer or bigint
+    if (/^-?\d+$/.test(trimmed)) {
+        let val = BigInt(trimmed);
+        if (val < 0n)
+            val = val + BN254_FIELD_ORDER;
+        if (val >= BN254_FIELD_ORDER)
+            val = val % BN254_FIELD_ORDER;
+        return val;
+    }
+    // Arbitrary string: pack UTF-8 bytes into bigint, reduce mod p
+    const encoder = new TextEncoder();
+    const bytes = encoder.encode(trimmed);
+    let val = 0n;
+    for (const b of bytes) {
+        val = (val << 8n) | BigInt(b);
+    }
+    return val % BN254_FIELD_ORDER;
+}
+/**
+ * Encode a record of string key-value pairs into circuit inputs.
+ *
+ * Keys are sorted alphabetically for deterministic ordering.
+ * Values are converted to BN254 field elements.
+ * A depth-4 Poseidon Merkle tree is built over the 16 leaf slots.
+ */
+export function encodeCredential(fields) {
+    const sortedKeys = Object.keys(fields).sort();
+    if (sortedKeys.length > MAX_LEAVES) {
+        throw new Error(`Too many fields: ${sortedKeys.length} (max ${MAX_LEAVES})`);
+    }
+    // Convert to field elements, pad to 16
+    const fieldValues = sortedKeys.map((k) => stringToField(fields[k]));
+    while (fieldValues.length < MAX_LEAVES) {
+        fieldValues.push(0n);
+    }
+    // Pad field names too
+    const fieldNames = [...sortedKeys];
+    while (fieldNames.length < MAX_LEAVES) {
+        fieldNames.push('');
+    }
+    // Build Poseidon Merkle tree bottom-up
+    const tree = buildMerkleTree(fieldValues);
+    const merkleRoot = tree[tree.length - 1][0];
+    // Compute paths for all leaves
+    const merklePaths = [];
+    for (let i = 0; i < MAX_LEAVES; i++) {
+        merklePaths.push(getMerklePath(tree, i));
+    }
+    return { merkleRoot, fieldValues, fieldNames, merklePaths };
+}
+/**
+ * Build a Poseidon Merkle tree from leaves.
+ * Returns all layers: layers[0] = leaves, layers[DEPTH] = [root].
+ */
+export function buildMerkleTree(leaves) {
+    if (leaves.length !== MAX_LEAVES) {
+        throw new Error(`Expected ${MAX_LEAVES} leaves, got ${leaves.length}`);
+    }
+    const layers = [[...leaves]];
+    let current = leaves;
+    for (let d = 0; d < FIELD_TREE_DEPTH; d++) {
+        const next = [];
+        for (let i = 0; i < current.length; i += 2) {
+            next.push(poseidonHash(current[i], current[i + 1]));
+        }
+        layers.push(next);
+        current = next;
+    }
+    return layers;
+}
+/**
+ * Get the Merkle path (siblings + direction indices) for a leaf.
+ */
+export function getMerklePath(tree, leafIndex) {
+    if (leafIndex < 0 || leafIndex >= MAX_LEAVES) {
+        throw new Error(`Leaf index out of range: ${leafIndex}`);
+    }
+    const siblings = [];
+    const indices = [];
+    let idx = leafIndex;
+    for (let d = 0; d < FIELD_TREE_DEPTH; d++) {
+        const layer = tree[d];
+        const siblingIdx = idx % 2 === 0 ? idx + 1 : idx - 1;
+        siblings.push(layer[siblingIdx]);
+        indices.push(idx % 2); // 0 if we are the left child, 1 if right
+        idx = Math.floor(idx / 2);
+    }
+    return { siblings, indices };
+}
+//# sourceMappingURL=encoder.js.map

package/dist/sdk/src/encoder.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encoder.js","sourceRoot":"","sources":["../../../sdk/src/encoder.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAEhE,iEAAiE;AACjE,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC;AAClC,MAAM,CAAC,MAAM,UAAU,GAAG,CAAC,IAAI,gBAAgB,CAAC,CAAC,KAAK;AAkBtD;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,0BAA0B;IAC1B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;IAE7B,MAAM;IACN,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;QACzD,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;QAC5B,IAAI,GAAG,IAAI,EAAE,IAAI,GAAG,GAAG,iBAAiB;YAAE,OAAO,GAAG,CAAC;QACrD,OAAO,GAAG,GAAG,iBAAiB,CAAC;IACjC,CAAC;IAED,4BAA4B;IAC5B,IAAI,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAC5B,IAAI,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;QAC1B,IAAI,GAAG,GAAG,EAAE;YAAE,GAAG,GAAG,GAAG,GAAG,iBAAiB,CAAC;QAC5C,IAAI,GAAG,IAAI,iBAAiB;YAAE,GAAG,GAAG,GAAG,GAAG,iBAAiB,CAAC;QAC5D,OAAO,GAAG,CAAC;IACb,CAAC;IAED,+DAA+D;IAC/D,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,KAAK,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACtC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;QACtB,GAAG,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,GAAG,GAAG,iBAAiB,CAAC;AACjC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAA8B;IAC7D,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,CAAC;IAE9C,IAAI,UAAU,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QACnC,MAAM,IAAI,KAAK,CAAC,oBAAoB,UAAU,CAAC,MAAM,SAAS,UAAU,GAAG,CAAC,CAAC;IAC/E,CAAC;IAED,uCAAuC;IACvC,MAAM,WAAW,GAAa,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC9E,OAAO,WAAW,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QACvC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACvB,CAAC;IAED,sBAAsB;IACtB,MAAM,UAAU,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC;IACnC,OAAO,UAAU,CAAC,MAAM,GAAG,UAAU,EAAE,CAAC;QACtC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACtB,CAAC;IAED,uCAAuC;IACvC,MAAM,IAAI,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;IAC1C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAE5C,+BAA+B;IAC/B,MAAM,WAAW,GAAiB,EAAE,CAAC;IACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,WAAW,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,CAAC;AAC9D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,MAAgB;IAC9C,IAAI,MAAM,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,YAAY,UAAU,gBAAgB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IACzE,CAAC;IAED,MAAM,MAAM,GAAe,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC;IACzC,IAAI,OAAO,GAAG,MAAM,CAAC;IAErB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,gBAAgB,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAa,EAAE,CAAC;QAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YAC3C,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACtD,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClB,OAAO,GAAG,IAAI,CAAC;IACjB,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,IAAgB,EAAE,SAAiB;IAC/D,IAAI,SAAS,GAAG,CAAC,IAAI,SAAS,IAAI,UAAU,EAAE,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,4BAA4B,SAAS,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,MAAM,QAAQ,GAAa,EAAE,CAAC;IAC9B,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,IAAI,GAAG,GAAG,SAAS,CAAC;IAEpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,gBAAgB,EAAE,CAAC,EAAE,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACtB,MAAM,UAAU,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;QACrD,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC;QACjC,OAAO,CAAC,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,yCAAyC;QAChE,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IAC5B,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;AAC/B,CAAC"}

package/dist/sdk/src/identity.d.ts

@@ -0,0 +1,69 @@
+/**
+ * Identity management for REPUTRANS Provars.
+ *
+ * All operations use Poseidon hash (NOT Pedersen) for consistency
+ * with the circuit layer. Generates master identities, derives
+ * platform-specific keys, and computes nullifiers.
+ *
+ * Naming: Provar = credential holder, Arbiter = verifier.
+ */
+export interface ProvarIdentity {
+    /** Master secret - 254-bit BN254 field element. NEVER share this. */
+    masterSecret: bigint;
+    /** Poseidon commitment of master secret (for anonymity set membership). */
+    commitment: bigint;
+}
+export interface DerivedKey {
+    /** The platform identifier used in derivation. */
+    platformId: bigint;
+    /** Derived key: poseidon(masterSecret, platformId). */
+    key: bigint;
+}
+/**
+ * Generate a new Provar master identity.
+ *
+ * The master secret is a random BN254 field element.
+ * The commitment is poseidon(masterSecret, 0) - a binding commitment
+ * that can be registered in an anonymity set without revealing the secret.
+ */
+export declare function generateIdentity(): ProvarIdentity;
+/**
+ * Reconstruct identity from an existing master secret.
+ */
+export declare function identityFromSecret(masterSecret: bigint): ProvarIdentity;
+/**
+ * Derive a platform-specific key from the master secret.
+ *
+ * key = poseidon(masterSecret, platformId)
+ *
+ * This allows different keys per platform while maintaining
+ * a single master identity. The platform cannot link back to
+ * the master secret or to keys on other platforms.
+ */
+export declare function derivePlatformKey(masterSecret: bigint, platformId: bigint): DerivedKey;
+/**
+ * Compute a nullifier for replay prevention.
+ *
+ * nullifier = poseidon(masterSecret, contextId)
+ *
+ * The context is typically a domain separator (e.g. hash of the
+ * Arbiter's address + session nonce). Same master secret + same context
+ * always produces the same nullifier, preventing double-spending
+ * without revealing the identity.
+ */
+export declare function computeNullifier(masterSecret: bigint, contextId: bigint): bigint;
+/**
+ * Convert a string context (e.g. "arbiter:0x1234:session:5") into a
+ * field element suitable for nullifier computation.
+ *
+ * Uses Poseidon hash of packed chunks for collision resistance,
+ * rather than raw byte packing which is vulnerable to collisions
+ * on inputs longer than 31 bytes.
+ */
+export declare function contextToField(context: string): bigint;
+/**
+ * Compute a Poseidon commitment of the master secret.
+ * This is the value registered in the anonymity set.
+ */
+export declare function computeCommitment(masterSecret: bigint): bigint;
+//# sourceMappingURL=identity.d.ts.map

package/dist/sdk/src/identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../../sdk/src/identity.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,MAAM,WAAW,cAAc;IAC7B,qEAAqE;IACrE,YAAY,EAAE,MAAM,CAAC;IACrB,2EAA2E;IAC3E,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,kDAAkD;IAClD,UAAU,EAAE,MAAM,CAAC;IACnB,uDAAuD;IACvD,GAAG,EAAE,MAAM,CAAC;CACb;AAcD;;;;;;GAMG;AACH,wBAAgB,gBAAgB,IAAI,cAAc,CAIjD;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,YAAY,EAAE,MAAM,GAAG,cAAc,CAMvE;AAED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAAC,YAAY,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,UAAU,CAGtF;AAED;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAAC,YAAY,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,MAAM,CAEhF;AAED;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CAqBtD;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAE9D"}