npm - solana-age-verify-sdk - Versions diffs - 2.0.0-beta.5 → 2.0.0-beta.9 - Mend

solana-age-verify-sdk 2.0.0-beta.5 → 2.0.0-beta.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -7,7 +7,7 @@ Solana Age Verify is a client-side biometric SDK that estimates user age and per
 - **Privacy First**: No facial images are ever stored or transmitted. All AI inference happens in the user's browser (client-side).
 - **On-Chain**: Verification results are immutable and publicly verifiable via the Solana blockchain (MemoSq4gqABAXib96qFbncnscymPme7yS4AtGf4Vb7).
 - **Biometric**: Uses geometric face landmarks and texture analysis for liveness.
-- **Sybil Resistance**: A flat protocol fee (0.001 SOL base) is required for each successful verification to prevent spam and fund the decentralized registry.
+- **Sybil Resistance**: A minimal protocol fee (0.001 SOL) is required for each successful verification to prevent spam and fund the decentralized registry.
 ## Security Architecture
@@ -183,7 +183,7 @@ interface VerifyResult {
 ### "Protocol fee payment failed"
 - User must approve the protocol fee transaction.
 - Ensure the wallet has sufficient SOL (typically 0.001 - 0.01 SOL depending on app configuration).
-- The default SDK fee is 0.001 SOL.
+- The default SDK fee is **0.001 SOL** (approx. $0.15).
 ### "SafeToAutoRun" errors
 - This is an internal AI error, disregard.

package/dist/security.js CHANGED Viewed

@@ -18,7 +18,8 @@ export function getPlatformPublicKey() {
         return _cachedPlatformPubKey;
     // In a production build, this would be swapped or populated from env
     // For now, we use the VITE environment variable if available (Vite/Vercel)
-    const envKey = import.meta.env?.VITE_PLATFORM_PUBLIC_KEY;
+    // We check VITE_TREASURY_ADDRESS first as per configuration, then fallback to legacy VITE_PLATFORM_PUBLIC_KEY
+    const envKey = import.meta.env?.VITE_TREASURY_ADDRESS || import.meta.env?.VITE_PLATFORM_PUBLIC_KEY;
     if (envKey) {
         _cachedPlatformPubKey = new PublicKey(envKey);
         return _cachedPlatformPubKey;

package/dist/verify.js CHANGED Viewed

@@ -664,82 +664,128 @@ export async function verifyHost18Plus(options) {
             }
             try {
                 const fromPubkey = options.wallet.publicKey;
-                // ONLY compute facehash right before signing - ensures it's tied to wallet consent
-                if (embedding.length > 0) {
-                    facehash = await computeFaceHash(options.walletPubkeyBase58, salt, embedding);
+                // Debug checks exposed to UI via error message
+                try {
+                    new PublicKey(fromPubkey);
+                }
+                catch (e) {
+                    throw new Error(`Invalid Wallet Public Key: ${e.message}`);
+                }
+                try {
+                    new PublicKey(platformPubKey);
+                }
+                catch (e) {
+                    throw new Error(`Invalid Treasury Public Key (Check VITE_TREASURY_ADDRESS): ${e.message}`);
+                }
+                // Step 1: FaceHash
+                try {
+                    if (embedding.length > 0) {
+                        facehash = await computeFaceHash(options.walletPubkeyBase58, salt, embedding);
+                    }
+                }
+                catch (e) {
+                    throw new Error(`FaceHash Computation Failed: ${e.message}`);
                 }
                 const transaction = new Transaction();
-                // 0. Prioritization Fees & Compute Limits (Crucial for Mainnet reliability)
-                transaction.add(ComputeBudgetProgram.setComputeUnitLimit({ units: 50000 }), ComputeBudgetProgram.setComputeUnitPrice({ microLamports: 100000 }) // Priority fee
-                );
-                // 1. Protocol Fee Transfer
-                transaction.add(SystemProgram.transfer({
-                    fromPubkey,
-                    toPubkey: platformPubKey,
-                    lamports: protocolFeeSol * LAMPORTS_PER_SOL,
-                }));
-                // 2. Add Verification Memo (signed by both User and Platform)
+                transaction.add(ComputeBudgetProgram.setComputeUnitLimit({ units: 50000 }), ComputeBudgetProgram.setComputeUnitPrice({ microLamports: 100000 }));
+                // Step 2: Protocol Fee Instruction
+                try {
+                    transaction.add(SystemProgram.transfer({
+                        fromPubkey,
+                        toPubkey: platformPubKey,
+                        lamports: protocolFeeSol * LAMPORTS_PER_SOL,
+                    }));
+                }
+                catch (e) {
+                    throw new Error(`Fee Transfer Instruction Failed: ${e.message}`);
+                }
                 const statusStr = isOver18 ? 'OVER18' : (isFinalStrike ? 'FINAL_FAILURE' : 'UNDER18');
                 const memoText = `Solana-Age-Registry | ${statusStr} | HASH: ${facehash} | ${verifiedAt}`;
-                transaction.add(new TransactionInstruction({
-                    keys: [
-                        { pubkey: fromPubkey, isSigner: true, isWritable: false },
-                        { pubkey: platformPubKey, isSigner: true, isWritable: false } // Required platform signature
-                    ],
-                    programId: getMemoProgramId(),
-                    data: new TextEncoder().encode(memoText),
-                }));
+                // Step 3: Memo Instruction
+                try {
+                    transaction.add(new TransactionInstruction({
+                        keys: [
+                            { pubkey: fromPubkey, isSigner: true, isWritable: false },
+                            { pubkey: platformPubKey, isSigner: true, isWritable: false }
+                        ],
+                        programId: getMemoProgramId(),
+                        data: new TextEncoder().encode(memoText),
+                    }));
+                }
+                catch (e) {
+                    throw new Error(`Memo Instruction Failed: ${e.message}`);
+                }
                 const { blockhash } = await options.connection.getLatestBlockhash();
                 transaction.recentBlockhash = blockhash;
                 transaction.feePayer = fromPubkey;
-                // 3. SECURE SERVER-SIDE SIGNING
-                // We send the transaction to the Vercel API to get the Platform's signature
-                const signResponse = await fetch('/api/sign-verification', {
-                    method: 'POST',
-                    headers: { 'Content-Type': 'application/json' },
-                    body: JSON.stringify({
-                        serializedTx: transaction.serialize({
-                            requireAllSignatures: false,
-                            verifySignatures: false
-                        }).toString('base64')
-                    })
-                });
-                if (!signResponse.ok) {
-                    const signError = await signResponse.json();
-                    throw new Error(signError.message || 'Platform signing failed');
+                // Step 4: Serialization
+                let serializedTxBase64;
+                try {
+                    serializedTxBase64 = transaction.serialize({
+                        requireAllSignatures: false,
+                        verifySignatures: false
+                    }).toString('base64');
                 }
-                const { transaction: platformSignedTxBase64 } = await signResponse.json();
-                const platformSignedTxData = atob(platformSignedTxBase64);
-                const platformSignedTxUint8 = new Uint8Array(platformSignedTxData.length);
-                for (let i = 0; i < platformSignedTxData.length; i++) {
-                    platformSignedTxUint8[i] = platformSignedTxData.charCodeAt(i);
+                catch (e) {
+                    throw new Error(`Transaction Serialization Failed: ${e.message}`);
+                }
+                // Step 5: Server Signing
+                let platformSignedTx;
+                try {
+                    const signResponse = await fetch('/api/sign-verification', {
+                        method: 'POST',
+                        headers: { 'Content-Type': 'application/json' },
+                        body: JSON.stringify({ serializedTx: serializedTxBase64 })
+                    });
+                    if (!signResponse.ok) {
+                        const signError = await signResponse.json();
+                        throw new Error(`Server API Error: ${signError.message || signError.error}`);
+                    }
+                    const { transaction: txBase64 } = await signResponse.json();
+                    const txData = atob(txBase64);
+                    const txUint8 = new Uint8Array(txData.length);
+                    for (let i = 0; i < txData.length; i++) {
+                        txUint8[i] = txData.charCodeAt(i);
+                    }
+                    platformSignedTx = Transaction.from(txUint8);
+                }
+                catch (e) {
+                    throw new Error(`Server Signing Sequence Failed: ${e.message}`);
+                }
+                // Step 6: User Signing
+                let fullSignedTx;
+                try {
+                    fullSignedTx = await options.wallet.signTransaction(platformSignedTx);
+                }
+                catch (e) {
+                    throw new Error(`User Signing Failed: ${e.message}`);
+                }
+                // Step 7: Broadcast
+                try {
+                    protocolFeeTxId = await options.connection.sendRawTransaction(fullSignedTx.serialize(), {
+                        skipPreflight: false,
+                        preflightCommitment: 'confirmed'
+                    });
+                    const latestBlockhash = await options.connection.getLatestBlockhash('confirmed');
+                    await options.connection.confirmTransaction({
+                        signature: protocolFeeTxId,
+                        blockhash: latestBlockhash.blockhash,
+                        lastValidBlockHeight: latestBlockhash.lastValidBlockHeight
+                    }, 'confirmed');
+                }
+                catch (e) {
+                    throw new Error(`Transaction Broadcast Failed: ${e.message}`);
                 }
-                const platformSignedTx = Transaction.from(platformSignedTxUint8);
-                // 4. USER SIGNATURE
-                // Now the user signs the transaction that already contains the platform's signature
-                const fullSignedTx = await options.wallet.signTransaction(platformSignedTx);
-                // 5. BROADCAST
-                // Use 'confirmed' commitment for better balance of speed and reliability on Mainnet
-                protocolFeeTxId = await options.connection.sendRawTransaction(fullSignedTx.serialize(), {
-                    skipPreflight: false,
-                    preflightCommitment: 'confirmed'
-                });
-                const latestBlockhash = await options.connection.getLatestBlockhash('confirmed');
-                await options.connection.confirmTransaction({
-                    signature: protocolFeeTxId,
-                    blockhash: latestBlockhash.blockhash,
-                    lastValidBlockHeight: latestBlockhash.lastValidBlockHeight
-                }, 'confirmed');
                 protocolFeePaid = true;
-                console.log('✓ On-chain proof recorded with dual signatures (User + Platform)');
+                console.log('✓ On-chain proof recorded');
             }
             catch (e) {
-                console.error('Protocol fee payment failed or rejected:', e);
-                // User rejected or tx failed - clear the facehash since it wasn't recorded
+                console.error('Protocol fee payment failed:', e);
                 facehash = '';
-                // For Community Version, we fail the verification if payment is rejected
                 isOver18 = false;
-                failureReason = `Protocol fee payment failed: ${e.message || 'Verification rejected or network error'}`;
+                // Expose the EXACT error message to the user UI
+                failureReason = `Protocol Fee Error: ${e.message}`;
+                console.error('[Verify Debug Stack]', e.stack);
             }
         }
         else if (isOver18 && (!options.wallet || !options.connection)) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "solana-age-verify-sdk",
-    "version": "2.0.0-beta.5",
+    "version": "2.0.0-beta.9",
     "type": "module",
     "description": "Solana Age Verify is a premium, client-side SDK for privacy-preserving age verification and liveness detection. It generates a deterministic Face Hash linked to a wallet without storing facial data.",
     "license": "MIT",
@@ -10,6 +10,10 @@
         "dist",
         "public"
     ],
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/TrenchChef/solana-age-verify-sdk.git"
+    },
     "homepage": "https://talkchain.live",
     "keywords": [
         "solana",