shogun-core 3.3.7 → 4.0.0

package/dist/index.js

@@ -17,7 +17,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.autoQuickStart = exports.AutoQuickStart = exports.createSimpleAPI = exports.quickStart = exports.QuickStart = exports.SimpleGunAPI = exports.DataBase = exports.GunErrors = exports.derive = exports.crypto = exports.RxJS = exports.SEA = exports.ShogunCore = exports.Gun = void 0;
+exports.normalizeSeedPhrase = exports.formatSeedPhrase = exports.deriveCredentialsFromMnemonic = exports.seedToPassword = exports.mnemonicToSeed = exports.validateSeedPhrase = exports.generateSeedPhrase = exports.autoQuickStart = exports.AutoQuickStart = exports.createSimpleAPI = exports.quickStart = exports.QuickStart = exports.SimpleGunAPI = exports.DataBase = exports.GunErrors = exports.derive = exports.crypto = exports.RxJS = exports.SEA = exports.ShogunCore = exports.Gun = void 0;
 const core_1 = require("./core");
 Object.defineProperty(exports, "ShogunCore", { enumerable: true, get: function () { return core_1.ShogunCore; } });
 const db_1 = require("./gundb/db");
@@ -42,3 +42,12 @@ __exportStar(require("./utils/errorHandler"), exports);
 __exportStar(require("./plugins"), exports);
 __exportStar(require("./interfaces/shogun"), exports);
 __exportStar(require("./config/simplified-config"), exports);
+// Export seed phrase utilities for WebAuthn multi-device support
+var seedPhrase_1 = require("./utils/seedPhrase");
+Object.defineProperty(exports, "generateSeedPhrase", { enumerable: true, get: function () { return seedPhrase_1.generateSeedPhrase; } });
+Object.defineProperty(exports, "validateSeedPhrase", { enumerable: true, get: function () { return seedPhrase_1.validateSeedPhrase; } });
+Object.defineProperty(exports, "mnemonicToSeed", { enumerable: true, get: function () { return seedPhrase_1.mnemonicToSeed; } });
+Object.defineProperty(exports, "seedToPassword", { enumerable: true, get: function () { return seedPhrase_1.seedToPassword; } });
+Object.defineProperty(exports, "deriveCredentialsFromMnemonic", { enumerable: true, get: function () { return seedPhrase_1.deriveCredentialsFromMnemonic; } });
+Object.defineProperty(exports, "formatSeedPhrase", { enumerable: true, get: function () { return seedPhrase_1.formatSeedPhrase; } });
+Object.defineProperty(exports, "normalizeSeedPhrase", { enumerable: true, get: function () { return seedPhrase_1.normalizeSeedPhrase; } });

package/dist/interfaces/shogun.js

@@ -32,6 +32,6 @@ var CorePlugins;
     CorePlugins["Web3"] = "web3";
     /** Bitcoin wallet plugin */
     CorePlugins["Nostr"] = "nostr";
-    /** OAuth plugin */
-    CorePlugins["OAuth"] = "oauth";
+    /** Zero-Knowledge Proof plugin */
+    CorePlugins["ZkProof"] = "zkproof";
 })(CorePlugins || (exports.CorePlugins = CorePlugins = {}));

package/dist/managers/AuthManager.js

@@ -206,8 +206,6 @@ class AuthManager {
                 return this.core.getPlugin("web3");
             case "nostr":
                 return this.core.getPlugin("nostr");
-            case "oauth":
-                return this.core.getPlugin("oauth");
             case "password":
             default:
                 return {

package/dist/managers/CoreInitializer.js

@@ -6,7 +6,7 @@ const errorHandler_1 = require("../utils/errorHandler");
 const webauthnPlugin_1 = require("../plugins/webauthn/webauthnPlugin");
 const web3ConnectorPlugin_1 = require("../plugins/web3/web3ConnectorPlugin");
 const nostrConnectorPlugin_1 = require("../plugins/nostr/nostrConnectorPlugin");
-const oauthPlugin_1 = require("../plugins/oauth/oauthPlugin");
+const zkProofPlugin_1 = require("../plugins/zkproof/zkProofPlugin");
 const gundb_1 = require("../gundb");
 /**
  * Handles initialization of ShogunCore components
@@ -186,17 +186,6 @@ class CoreInitializer {
      */
     registerBuiltinPlugins(config) {
         try {
-            // Register OAuth plugin if configuration is provided
-            if (config.oauth) {
-                if (typeof console !== "undefined" && console.warn) {
-                    console.warn("OAuth plugin will be registered with provided configuration");
-                }
-                const oauthPlugin = new oauthPlugin_1.OAuthPlugin();
-                if (typeof oauthPlugin.configure === "function") {
-                    oauthPlugin.configure(config.oauth);
-                }
-                this.core.pluginManager.register(oauthPlugin);
-            }
             // Register WebAuthn plugin if configuration is provided
             if (config.webauthn) {
                 if (typeof console !== "undefined" && console.warn) {
@@ -230,6 +219,14 @@ class CoreInitializer {
                 }
                 this.core.pluginManager.register(nostrPlugin);
             }
+            // Register ZK-Proof plugin if configuration is provided
+            if (config.zkproof) {
+                if (typeof console !== "undefined" && console.warn) {
+                    console.warn("ZK-Proof plugin will be registered with provided configuration");
+                }
+                const zkproofPlugin = new zkProofPlugin_1.ZkProofPlugin(config.zkproof);
+                this.core.pluginManager.register(zkproofPlugin);
+            }
         }
         catch (error) {
             if (typeof console !== "undefined" && console.error) {

package/dist/plugins/index.js

@@ -1,20 +1,6 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.OAuthPlugin = exports.OAuthConnector = exports.NostrConnectorPlugin = exports.NostrConnector = exports.Web3ConnectorPlugin = exports.Web3Connector = exports.WebauthnPlugin = exports.Webauthn = exports.BasePlugin = void 0;
+exports.CredentialType = exports.ZkCredentials = exports.ZkProofPlugin = exports.ZkProofConnector = exports.NostrConnectorPlugin = exports.NostrConnector = exports.Web3ConnectorPlugin = exports.Web3Connector = exports.WebauthnPlugin = exports.Webauthn = exports.BasePlugin = void 0;
 // Base plugin interface and types
 var base_1 = require("./base");
 Object.defineProperty(exports, "BasePlugin", { enumerable: true, get: function () { return base_1.BasePlugin; } });
@@ -33,9 +19,11 @@ var nostrConnector_1 = require("./nostr/nostrConnector");
 Object.defineProperty(exports, "NostrConnector", { enumerable: true, get: function () { return nostrConnector_1.NostrConnector; } });
 var nostrConnectorPlugin_1 = require("./nostr/nostrConnectorPlugin");
 Object.defineProperty(exports, "NostrConnectorPlugin", { enumerable: true, get: function () { return nostrConnectorPlugin_1.NostrConnectorPlugin; } });
-// OAuth plugin exports
-var oauthConnector_1 = require("./oauth/oauthConnector");
-Object.defineProperty(exports, "OAuthConnector", { enumerable: true, get: function () { return oauthConnector_1.OAuthConnector; } });
-var oauthPlugin_1 = require("./oauth/oauthPlugin");
-Object.defineProperty(exports, "OAuthPlugin", { enumerable: true, get: function () { return oauthPlugin_1.OAuthPlugin; } });
-__exportStar(require("./oauth/types"), exports);
+// ZK-Proof plugin exports
+var zkProofConnector_1 = require("./zkproof/zkProofConnector");
+Object.defineProperty(exports, "ZkProofConnector", { enumerable: true, get: function () { return zkProofConnector_1.ZkProofConnector; } });
+var zkProofPlugin_1 = require("./zkproof/zkProofPlugin");
+Object.defineProperty(exports, "ZkProofPlugin", { enumerable: true, get: function () { return zkProofPlugin_1.ZkProofPlugin; } });
+var zkCredentials_1 = require("./zkproof/zkCredentials");
+Object.defineProperty(exports, "ZkCredentials", { enumerable: true, get: function () { return zkCredentials_1.ZkCredentials; } });
+Object.defineProperty(exports, "CredentialType", { enumerable: true, get: function () { return zkCredentials_1.CredentialType; } });

package/dist/plugins/nostr/nostrConnectorPlugin.js

@@ -353,7 +353,7 @@ class NostrConnectorPlugin extends base_1.BasePlugin {
             core.emit("auth:login", {
                 userPub: loginResult.userPub || "",
                 username: credentials.username,
-                method: "bitcoin",
+                method: "nostr",
             });
             return loginResult;
         }
@@ -410,7 +410,7 @@ class NostrConnectorPlugin extends base_1.BasePlugin {
                     core.emit("auth:signup", {
                         userPub: authResult.userPub || "",
                         username: credentials.username,
-                        method: "bitcoin",
+                        method: "nostr",
                     });
                     return { ...authResult };
                 }

package/dist/plugins/webauthn/webauthn.js

@@ -15,6 +15,7 @@ const errorHandler_1 = require("../../utils/errorHandler");
 const eventEmitter_1 = require("../../utils/eventEmitter");
 const types_1 = require("./types");
 const derive_1 = __importDefault(require("../../gundb/derive"));
+const seedPhrase_1 = require("../../utils/seedPhrase");
 /**
  * Constants for WebAuthn configuration
  */
@@ -473,11 +474,23 @@ if (typeof window !== "undefined") {
 else if (typeof global !== "undefined") {
     global.Webauthn = Webauthn;
 }
-// Funzione helper per derivare chiavi WebAuthn (come per Web3)
-async function deriveWebauthnKeys(username, credentialId) {
-    const hashedCredentialId = ethers_1.ethers.keccak256(ethers_1.ethers.toUtf8Bytes(credentialId));
-    const salt = `${username}_${credentialId}`;
-    return await (0, derive_1.default)(hashedCredentialId, salt, {
-        includeP256: true,
-    });
+// Funzione helper per derivare chiavi WebAuthn
+// Supporta sia credentialId (legacy) che seed phrase (nuovo, multi-device)
+async function deriveWebauthnKeys(username, credentialIdOrSeedPhrase, useSeedPhrase = false) {
+    if (useSeedPhrase) {
+        // New method: derive from BIP39 seed phrase for multi-device support
+        const { password, seed } = (0, seedPhrase_1.deriveCredentialsFromMnemonic)(credentialIdOrSeedPhrase, username);
+        // Use the seed phrase-derived password for Gun key derivation
+        return await (0, derive_1.default)(password, username, {
+            includeP256: true,
+        });
+    }
+    else {
+        // Legacy method: derive from credentialId (device-bound)
+        const hashedCredentialId = ethers_1.ethers.keccak256(ethers_1.ethers.toUtf8Bytes(credentialIdOrSeedPhrase));
+        const salt = `${username}_${credentialIdOrSeedPhrase}`;
+        return await (0, derive_1.default)(hashedCredentialId, salt, {
+            includeP256: true,
+        });
+    }
 }

package/dist/plugins/webauthn/webauthnPlugin.js

@@ -5,6 +5,8 @@ const base_1 = require("../base");
 const webauthn_1 = require("./webauthn");
 const webauthnSigner_1 = require("./webauthnSigner");
 const errorHandler_1 = require("../../utils/errorHandler");
+const seedPhrase_1 = require("../../utils/seedPhrase");
+const webauthn_2 = require("./webauthn");
 /**
  * Plugin per la gestione delle funzionalità WebAuthn in ShogunCore
  */
@@ -359,11 +361,13 @@ class WebauthnPlugin extends base_1.BasePlugin {
      * Register new user with WebAuthn
      * This is the recommended method for WebAuthn registration
      * @param username - Username
-     * @returns {Promise<SignUpResult>} Registration result
+     * @param options - Optional signup options (seed phrase support)
+     * @returns {Promise<SignUpResult>} Registration result with optional seed phrase
      * @description Creates a new user account using WebAuthn credentials.
      * Requires browser support for WebAuthn.
+     * If generateSeedPhrase is true, returns a BIP39 mnemonic for multi-device support.
      */
-    async signUp(username) {
+    async signUp(username, options) {
         try {
             const core = this.assertInitialized();
             if (!username) {
@@ -372,25 +376,60 @@ class WebauthnPlugin extends base_1.BasePlugin {
             if (!this.isSupported()) {
                 throw new Error("WebAuthn is not supported by this browser");
             }
-            // Prefer the oneshot consistent signing flow (tests mock this)
-            const { authenticator, pub } = (await this.setupConsistentOneshotSigning(username));
-            if (core.signUp) {
-                // Some tests stub signUp directly
-                return await core.signUp(username, authenticator, pub);
+            // Determine seed phrase to use
+            let seedPhrase;
+            const shouldGenerateSeed = options?.generateSeedPhrase !== false; // Default to true
+            if (options?.seedPhrase) {
+                // Use provided seed phrase
+                if (!(0, seedPhrase_1.validateSeedPhrase)(options.seedPhrase)) {
+                    throw new Error("Invalid seed phrase provided");
+                }
+                seedPhrase = options.seedPhrase;
             }
-            // Fallback to credentials-based flow
-            const credentials = await this.generateCredentials(username, null, false);
-            if (!credentials?.success) {
-                throw new Error(credentials?.error || "Unable to generate WebAuthn credentials");
+            else if (shouldGenerateSeed) {
+                // Generate new seed phrase for multi-device support
+                seedPhrase = (0, seedPhrase_1.generateSeedPhrase)();
+                console.log("[webauthnPlugin] Generated seed phrase for multi-device support");
+            }
+            // Derive Gun credentials from seed phrase if available
+            let pair;
+            if (seedPhrase) {
+                // Use seed phrase derivation
+                const { password } = (0, seedPhrase_1.deriveCredentialsFromMnemonic)(seedPhrase, username);
+                const derivedKeys = await (0, webauthn_2.deriveWebauthnKeys)(username, seedPhrase, true);
+                pair = {
+                    pub: derivedKeys.pub,
+                    priv: derivedKeys.priv,
+                    epub: derivedKeys.epub,
+                    epriv: derivedKeys.epriv,
+                };
+            }
+            else {
+                // Legacy WebAuthn credential-based flow (device-bound)
+                const credentials = await this.generateCredentials(username, null, false);
+                if (!credentials?.success) {
+                    throw new Error(credentials?.error || "Unable to generate WebAuthn credentials");
+                }
+                const generatedPair = await this.generatePairFromCredentials(credentials);
+                if (!generatedPair) {
+                    throw new Error("Failed to generate SEA pair from WebAuthn credentials");
+                }
+                pair = generatedPair;
             }
             core.setAuthMethod("webauthn");
-            // Convert WebAuthn credentials to SEA pair
-            const pair = await this.generatePairFromCredentials(credentials);
-            if (!pair) {
-                throw new Error("Failed to generate SEA pair from WebAuthn credentials");
+            // Register user with Gun (using email parameter slot for pair)
+            const result = await core.signUp(username, undefined, pair);
+            // Add seed phrase to result if generated
+            if (seedPhrase && shouldGenerateSeed) {
+                return {
+                    ...result,
+                    message: seedPhrase
+                        ? "🔑 IMPORTANT: Save your 12-word seed phrase to access your account from other devices!"
+                        : result.message,
+                    seedPhrase: seedPhrase,
+                };
             }
-            // Use pair-based authentication instead of password
-            return await core.signUp(username, undefined, pair);
+            return result;
         }
         catch (error) {
             console.error(`Error during WebAuthn registration: ${error}`);
@@ -401,5 +440,50 @@ class WebauthnPlugin extends base_1.BasePlugin {
             };
         }
     }
+    /**
+     * Import existing account from seed phrase
+     * Allows accessing the same account across multiple devices
+     * @param username - Username
+     * @param seedPhrase - 12-word BIP39 mnemonic seed phrase
+     * @returns {Promise<SignUpResult>} Registration result
+     */
+    async importFromSeed(username, seedPhrase) {
+        try {
+            if (!username) {
+                throw new Error("Username required");
+            }
+            // Normalize and validate seed phrase
+            const normalizedSeed = (0, seedPhrase_1.normalizeSeedPhrase)(seedPhrase);
+            if (!(0, seedPhrase_1.validateSeedPhrase)(normalizedSeed)) {
+                throw new Error("Invalid seed phrase. Please check and try again.");
+            }
+            console.log("[webauthnPlugin] Importing account from seed phrase");
+            // Use signUp with existing seed phrase
+            return await this.signUp(username, {
+                seedPhrase: normalizedSeed,
+                generateSeedPhrase: false, // Don't generate new seed
+            });
+        }
+        catch (error) {
+            console.error(`Error importing from seed: ${error.message}`);
+            errorHandler_1.ErrorHandler.handle(errorHandler_1.ErrorType.WEBAUTHN, "WEBAUTHN_IMPORT_ERROR", error.message || "Error importing from seed phrase", error);
+            return {
+                success: false,
+                error: error.message || "Error importing from seed phrase",
+            };
+        }
+    }
+    /**
+     * Get seed phrase for current user (if stored)
+     * Note: Seed phrases are NOT stored by default for security
+     * Users should save their seed phrase during registration
+     * @param username - Username
+     * @returns {Promise<string | null>} Seed phrase or null
+     */
+    async getSeedPhrase(username) {
+        console.warn("[webauthnPlugin] Seed phrases are not stored for security reasons");
+        console.warn("[webauthnPlugin] Users must save their seed phrase during registration");
+        return null;
+    }
 }
 exports.WebauthnPlugin = WebauthnPlugin;

package/dist/plugins/zkproof/index.js

@@ -0,0 +1,53 @@
+"use strict";
+/**
+ * ZK-Proof Plugin for Shogun Core
+ *
+ * Provides Zero-Knowledge Proof authentication using Semaphore protocol
+ *
+ * Features:
+ * - Anonymous authentication without revealing identity
+ * - Multi-device support via trapdoor backup
+ * - Privacy-preserving group membership proofs
+ * - Compatible with Gun decentralized storage
+ *
+ * @example
+ * ```typescript
+ * // Initialize Shogun with ZK-Proof plugin
+ * const shogun = new ShogunCore({
+ *   peers: ['https://gun-manhattan.herokuapp.com/gun'],
+ *   zkproof: {
+ *     enabled: true,
+ *     defaultGroupId: 'my-app-users'
+ *   }
+ * });
+ *
+ * await shogun.initialize();
+ *
+ * // Get the plugin
+ * const zkPlugin = shogun.getPlugin<ZkProofPlugin>('zkproof');
+ *
+ * // Sign up with ZK-Proof
+ * const signupResult = await zkPlugin.signUp();
+ * if (signupResult.success) {
+ *   console.log('Trapdoor (save this!):', signupResult.seedPhrase);
+ *   console.log('Public commitment:', signupResult.username);
+ * }
+ *
+ * // Login with trapdoor
+ * const loginResult = await zkPlugin.login(trapdoor);
+ * if (loginResult.success) {
+ *   console.log('Logged in anonymously!');
+ * }
+ * ```
+ *
+ * @module zkproof
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CredentialType = exports.ZkCredentials = exports.ZkProofConnector = exports.ZkProofPlugin = void 0;
+var zkProofPlugin_1 = require("./zkProofPlugin");
+Object.defineProperty(exports, "ZkProofPlugin", { enumerable: true, get: function () { return zkProofPlugin_1.ZkProofPlugin; } });
+var zkProofConnector_1 = require("./zkProofConnector");
+Object.defineProperty(exports, "ZkProofConnector", { enumerable: true, get: function () { return zkProofConnector_1.ZkProofConnector; } });
+var zkCredentials_1 = require("./zkCredentials");
+Object.defineProperty(exports, "ZkCredentials", { enumerable: true, get: function () { return zkCredentials_1.ZkCredentials; } });
+Object.defineProperty(exports, "CredentialType", { enumerable: true, get: function () { return zkCredentials_1.CredentialType; } });

package/dist/plugins/zkproof/zkCredentials.js

@@ -0,0 +1,213 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ZkCredentials = exports.CredentialType = void 0;
+const group_1 = require("@semaphore-protocol/group");
+const proof_1 = require("@semaphore-protocol/proof");
+const ethers_1 = require("ethers");
+const errorHandler_1 = require("../../utils/errorHandler");
+/**
+ * Types of verifiable credentials
+ */
+var CredentialType;
+(function (CredentialType) {
+    CredentialType["AGE"] = "age";
+    CredentialType["CITIZENSHIP"] = "citizenship";
+    CredentialType["EDUCATION"] = "education";
+    CredentialType["INCOME"] = "income";
+    CredentialType["EMPLOYMENT"] = "employment";
+    CredentialType["HEALTH"] = "health";
+    CredentialType["CUSTOM"] = "custom";
+})(CredentialType || (exports.CredentialType = CredentialType = {}));
+/**
+ * ZK Credentials Manager
+ * Extends ZK-Proof functionality to support verifiable credentials
+ */
+class ZkCredentials {
+    constructor() {
+        this.groups = new Map();
+    }
+    /**
+     * Create a verifiable credential from private data
+     */
+    createCredential(identity, credentialData) {
+        try {
+            // Hash the private data to create a credential commitment
+            const privateDataString = JSON.stringify(credentialData.privateData);
+            const credentialHash = ethers_1.ethers.keccak256(ethers_1.ethers.toUtf8Bytes(privateDataString));
+            // For now, return a basic credential structure
+            // Full proof generation requires circuit files
+            const credential = {
+                type: credentialData.type,
+                claim: credentialData.claim,
+                proof: {
+                    merkleTreeRoot: "",
+                    nullifierHash: "",
+                    signal: credentialHash,
+                    externalNullifier: "",
+                    proof: [],
+                },
+                credentialHash,
+                timestamp: Date.now(),
+            };
+            return {
+                credential,
+                credentialHash,
+            };
+        }
+        catch (error) {
+            errorHandler_1.ErrorHandler.handle(errorHandler_1.ErrorType.ENCRYPTION, "CREDENTIAL_CREATION_FAILED", `Failed to create verifiable credential: ${error.message}`, error);
+            throw error;
+        }
+    }
+    /**
+     * Prove an attribute about yourself without revealing the underlying data
+     */
+    async proveAttribute(identity, credentialData, groupId = "verified-credentials") {
+        try {
+            const { credential, credentialHash } = this.createCredential(identity, credentialData);
+            // Convert claim to signal
+            const signal = ethers_1.ethers.keccak256(ethers_1.ethers.toUtf8Bytes(credentialData.claim));
+            const signalBigInt = BigInt(signal);
+            // Create or get group
+            const group = this.getOrCreateGroup(groupId);
+            // Add identity if not already in group
+            if (!group.members.includes(identity.commitment)) {
+                group.addMember(identity.commitment);
+            }
+            // External nullifier from credential type
+            const externalNullifier = BigInt(ethers_1.ethers.keccak256(ethers_1.ethers.toUtf8Bytes(credentialData.type)));
+            // Generate ZK proof
+            // Note: This requires circuit files to be available
+            const fullProof = await (0, proof_1.generateProof)(identity, group, signalBigInt, externalNullifier);
+            return {
+                type: credentialData.type,
+                claim: credentialData.claim,
+                proof: {
+                    merkleTreeRoot: fullProof.merkleTreeRoot.toString(),
+                    nullifierHash: fullProof.nullifierHash.toString(),
+                    signal: fullProof.signal.toString(),
+                    externalNullifier: fullProof.externalNullifier.toString(),
+                    proof: fullProof.proof.map((p) => p.toString()),
+                },
+                credentialHash,
+                timestamp: Date.now(),
+            };
+        }
+        catch (error) {
+            errorHandler_1.ErrorHandler.handle(errorHandler_1.ErrorType.ENCRYPTION, "ATTRIBUTE_PROOF_FAILED", `Failed to prove attribute: ${error.message}`, error);
+            throw error;
+        }
+    }
+    /**
+     * Verify a credential proof
+     */
+    async verifyCredential(proof, treeDepth = 20) {
+        try {
+            const verified = await (0, proof_1.verifyProof)(proof.proof, treeDepth);
+            return {
+                verified,
+                type: proof.type,
+                claim: proof.claim,
+                timestamp: proof.timestamp,
+            };
+        }
+        catch (error) {
+            errorHandler_1.ErrorHandler.handle(errorHandler_1.ErrorType.ENCRYPTION, "CREDENTIAL_VERIFICATION_FAILED", `Failed to verify credential: ${error.message}`, error);
+            return {
+                verified: false,
+                error: error.message,
+            };
+        }
+    }
+    /**
+     * Create a group for credential holders
+     */
+    getOrCreateGroup(groupId) {
+        if (!this.groups.has(groupId)) {
+            const groupIdHash = ethers_1.ethers.keccak256(ethers_1.ethers.toUtf8Bytes(groupId));
+            const groupIdNumber = BigInt(groupIdHash);
+            this.groups.set(groupId, new group_1.Group(groupIdNumber));
+        }
+        return this.groups.get(groupId);
+    }
+    /**
+     * Add an identity to a credentials group
+     */
+    addToCredentialGroup(identity, groupId = "verified-credentials") {
+        const group = this.getOrCreateGroup(groupId);
+        if (!group.members.includes(identity.commitment)) {
+            group.addMember(identity.commitment);
+        }
+    }
+    /**
+     * Common credential proofs
+     */
+    /**
+     * Prove age without revealing exact birthdate
+     */
+    async proveAge(identity, birthDate, minimumAge) {
+        const age = Math.floor((Date.now() - birthDate.getTime()) / (365.25 * 24 * 60 * 60 * 1000));
+        if (age < minimumAge) {
+            throw new Error(`Age ${age} is less than required ${minimumAge}`);
+        }
+        return this.proveAttribute(identity, {
+            type: CredentialType.AGE,
+            claim: `Age is ${minimumAge} or older`,
+            privateData: {
+                birthDate: birthDate.toISOString(),
+                actualAge: age,
+            },
+        });
+    }
+    /**
+     * Prove citizenship without revealing country
+     */
+    async proveCitizenship(identity, country, region = "EU") {
+        return this.proveAttribute(identity, {
+            type: CredentialType.CITIZENSHIP,
+            claim: `Citizen of ${region}`,
+            privateData: {
+                country,
+                passportNumber: "hidden",
+            },
+        });
+    }
+    /**
+     * Prove education without revealing institution
+     */
+    async proveEducation(identity, degree, university, year) {
+        return this.proveAttribute(identity, {
+            type: CredentialType.EDUCATION,
+            claim: `Has ${degree} degree`,
+            privateData: {
+                university,
+                degree,
+                year,
+            },
+        });
+    }
+    /**
+     * Prove income range without revealing exact amount
+     */
+    async proveIncome(identity, amount, minimumRequired, currency = "USD") {
+        if (amount < minimumRequired) {
+            throw new Error(`Income ${amount} is less than required ${minimumRequired}`);
+        }
+        return this.proveAttribute(identity, {
+            type: CredentialType.INCOME,
+            claim: `Income ≥ ${minimumRequired} ${currency}`,
+            privateData: {
+                actualIncome: amount,
+                currency,
+                verified: true,
+            },
+        });
+    }
+    /**
+     * Cleanup resources
+     */
+    cleanup() {
+        this.groups.clear();
+    }
+}
+exports.ZkCredentials = ZkCredentials;