soulprint-network 0.4.4 → 0.4.6

package/dist/blockchain/NullifierRegistryClient.d.ts

@@ -0,0 +1,46 @@
+export declare const NULLIFIER_REGISTRY_RPC = "https://sepolia.base.org";
+export declare const NULLIFIER_REGISTRY_ADDRESS: string;
+export interface NullifierEntry {
+    nullifier: string;
+    did: string;
+    score: number;
+    timestamp: number;
+}
+export declare class NullifierRegistryClient {
+    private provider;
+    private contract;
+    private wallet?;
+    private cache;
+    private cacheAt;
+    private cacheTTLMs;
+    private address;
+    constructor(opts?: {
+        rpc?: string;
+        address?: string;
+        privateKey?: string;
+        cacheTTLMs?: number;
+    });
+    /**
+     * Sign a nullifier payload with the validator's private key and register on-chain.
+     * Non-blocking — logs warning on failure.
+     *
+     * The contract verifies the ECDSA signature over keccak256(nullifier, did, score).
+     */
+    registerNullifier(opts: {
+        nullifier: string;
+        did: string;
+        score?: number;
+    }): Promise<void>;
+    /**
+     * Check if a nullifier is registered on-chain.
+     */
+    isRegistered(nullifier: string): Promise<boolean>;
+    /**
+     * Get all registered nullifiers (cached 2 min).
+     */
+    getAllNullifiers(): Promise<NullifierEntry[]>;
+    refreshNullifiers(): Promise<NullifierEntry[]>;
+    getCount(): Promise<number>;
+    get contractAddress(): string;
+}
+export declare const nullifierRegistryClient: NullifierRegistryClient;

package/dist/blockchain/NullifierRegistryClient.js

@@ -0,0 +1,157 @@
+/**
+ * NullifierRegistryClient
+ * On-chain nullifier registry for Soulprint (Base Sepolia).
+ *
+ * The soulprint.digital validator (authorizedValidator) signs every nullifier
+ * before writing it on-chain. Read-only access is public — anyone can verify
+ * isRegistered(nullifier) without trust in any third party.
+ *
+ * Architecture (v0.5.0):
+ *  - WRITE: only soulprint.digital validator (ADMIN_PRIVATE_KEY)
+ *  - READ:  anyone, cached 2 min
+ */
+import { ethers } from "ethers";
+import { readFileSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+const __dirname = dirname(fileURLToPath(import.meta.url));
+export const NULLIFIER_REGISTRY_RPC = "https://sepolia.base.org";
+function loadAddress() {
+    try {
+        const f = join(__dirname, "addresses.json");
+        const d = JSON.parse(readFileSync(f, "utf8"));
+        return d["NullifierRegistry"] ?? "";
+    }
+    catch {
+        return "";
+    }
+}
+export const NULLIFIER_REGISTRY_ADDRESS = loadAddress();
+const ABI = [
+    "function registerNullifier(bytes32 nullifier, string did, uint256 score, bytes sig) external",
+    "function isRegistered(bytes32 nullifier) external view returns (bool)",
+    "function getNullifier(bytes32 nullifier) external view returns (bytes32 nul, string did, uint256 score, uint256 timestamp)",
+    "function getAllNullifiers() external view returns (tuple(bytes32 nullifier, string did, uint256 score, uint256 timestamp)[])",
+    "function getNullifierCount() external view returns (uint256)",
+    "function authorizedValidator() external view returns (address)",
+    "event NullifierRegistered(bytes32 indexed nullifier, string did, uint256 score, uint256 timestamp)",
+];
+export class NullifierRegistryClient {
+    provider;
+    contract;
+    wallet;
+    cache = null;
+    cacheAt = 0;
+    cacheTTLMs;
+    address;
+    constructor(opts) {
+        this.address = opts?.address ?? NULLIFIER_REGISTRY_ADDRESS;
+        this.cacheTTLMs = opts?.cacheTTLMs ?? 2 * 60 * 1000; // 2 min
+        const rpc = opts?.rpc ?? NULLIFIER_REGISTRY_RPC;
+        this.provider = new ethers.JsonRpcProvider(rpc);
+        if (!this.address) {
+            console.warn("[nullifier-registry] ⚠️  No contract address — registry disabled");
+            this.contract = null;
+            return;
+        }
+        if (opts?.privateKey) {
+            this.wallet = new ethers.Wallet(opts.privateKey, this.provider);
+            this.contract = new ethers.Contract(this.address, ABI, this.wallet);
+        }
+        else {
+            this.contract = new ethers.Contract(this.address, ABI, this.provider);
+        }
+    }
+    /**
+     * Sign a nullifier payload with the validator's private key and register on-chain.
+     * Non-blocking — logs warning on failure.
+     *
+     * The contract verifies the ECDSA signature over keccak256(nullifier, did, score).
+     */
+    async registerNullifier(opts) {
+        if (!this.wallet) {
+            console.warn("[nullifier-registry] ⚠️  No private key — cannot register nullifier");
+            return;
+        }
+        if (!this.address) {
+            console.warn("[nullifier-registry] ⚠️  No contract address — skipping registration");
+            return;
+        }
+        try {
+            const nullifierBytes = opts.nullifier.startsWith("0x")
+                ? opts.nullifier
+                : `0x${opts.nullifier}`;
+            const score = BigInt(opts.score ?? 0);
+            // Create the message hash matching what the contract verifies
+            const msgHash = ethers.keccak256(ethers.solidityPacked(["bytes32", "string", "uint256"], [nullifierBytes, opts.did, score]));
+            // Sign with Ethereum personal_sign prefix (matches contract's \x19Ethereum Signed Message:\n32)
+            const sig = await this.wallet.signMessage(ethers.getBytes(msgHash));
+            const feeData = await this.provider.getFeeData();
+            const tx = await this.contract.registerNullifier(nullifierBytes, opts.did, score, sig, { gasPrice: feeData.gasPrice });
+            console.log(`[nullifier-registry] 📡 Registering nullifier on-chain... tx: ${tx.hash}`);
+            await tx.wait();
+            console.log(`[nullifier-registry] ✅ Nullifier registered: ${nullifierBytes.slice(0, 18)}... did=${opts.did.slice(0, 20)}...`);
+            // Invalidate cache
+            this.cache = null;
+        }
+        catch (err) {
+            console.warn(`[nullifier-registry] ⚠️  Registration failed (non-fatal): ${err.shortMessage ?? err.message}`);
+        }
+    }
+    /**
+     * Check if a nullifier is registered on-chain.
+     */
+    async isRegistered(nullifier) {
+        if (!this.address)
+            return false;
+        try {
+            const n = nullifier.startsWith("0x") ? nullifier : `0x${nullifier}`;
+            return await this.contract.isRegistered(n);
+        }
+        catch (err) {
+            console.warn(`[nullifier-registry] ⚠️  isRegistered failed: ${err.shortMessage ?? err.message}`);
+            return false;
+        }
+    }
+    /**
+     * Get all registered nullifiers (cached 2 min).
+     */
+    async getAllNullifiers() {
+        if (this.cache && Date.now() - this.cacheAt < this.cacheTTLMs) {
+            return this.cache;
+        }
+        return this.refreshNullifiers();
+    }
+    async refreshNullifiers() {
+        if (!this.address)
+            return [];
+        try {
+            const raw = await this.contract.getAllNullifiers();
+            this.cache = raw.map((e) => ({
+                nullifier: e.nullifier,
+                did: e.did,
+                score: Number(e.score),
+                timestamp: Number(e.timestamp),
+            }));
+            this.cacheAt = Date.now();
+            return this.cache;
+        }
+        catch (err) {
+            console.warn(`[nullifier-registry] ⚠️  getAllNullifiers failed: ${err.shortMessage ?? err.message}`);
+            return this.cache ?? [];
+        }
+    }
+    async getCount() {
+        if (!this.address)
+            return 0;
+        try {
+            const n = await this.contract.getNullifierCount();
+            return Number(n);
+        }
+        catch {
+            return 0;
+        }
+    }
+    get contractAddress() { return this.address; }
+}
+export const nullifierRegistryClient = new NullifierRegistryClient();

package/dist/blockchain/ReputationRegistryClient.d.ts

@@ -0,0 +1,45 @@
+export declare const REPUTATION_REGISTRY_RPC = "https://sepolia.base.org";
+export declare const REPUTATION_REGISTRY_ADDRESS: string;
+export interface ScoreEntry {
+    did: string;
+    score: number;
+    context: string;
+    updatedAt: number;
+}
+export declare class ReputationRegistryClient {
+    private provider;
+    private contract;
+    private wallet?;
+    private cache;
+    private cacheAt;
+    private cacheTTLMs;
+    private address;
+    constructor(opts?: {
+        rpc?: string;
+        address?: string;
+        privateKey?: string;
+        cacheTTLMs?: number;
+    });
+    /**
+     * Set or update a reputation score for a DID.
+     * Only works if the wallet is the authorized validator.
+     * Non-blocking — logs warning on failure.
+     */
+    setScore(opts: {
+        did: string;
+        score: number;
+        context?: string;
+    }): Promise<void>;
+    /**
+     * Get reputation score for a specific DID.
+     */
+    getScore(did: string): Promise<ScoreEntry | null>;
+    /**
+     * Get all DID scores (cached 2 min).
+     */
+    getAllScores(): Promise<ScoreEntry[]>;
+    refreshScores(): Promise<ScoreEntry[]>;
+    getCount(): Promise<number>;
+    get contractAddress(): string;
+}
+export declare const reputationRegistryClient: ReputationRegistryClient;

package/dist/blockchain/ReputationRegistryClient.js

@@ -0,0 +1,151 @@
+/**
+ * ReputationRegistryClient
+ * On-chain reputation scores for DIDs (Base Sepolia).
+ *
+ * Only the soulprint.digital validator (authorizedValidator) can write scores.
+ * Anyone can read scores from the public ledger.
+ *
+ * Architecture (v0.5.0):
+ *  - WRITE: only soulprint.digital validator wallet (ADMIN_PRIVATE_KEY)
+ *  - READ:  anyone, cached 2 min
+ */
+import { ethers } from "ethers";
+import { readFileSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+const __dirname = dirname(fileURLToPath(import.meta.url));
+export const REPUTATION_REGISTRY_RPC = "https://sepolia.base.org";
+function loadAddress() {
+    try {
+        const f = join(__dirname, "addresses.json");
+        const d = JSON.parse(readFileSync(f, "utf8"));
+        return d["ReputationRegistry"] ?? "";
+    }
+    catch {
+        return "";
+    }
+}
+export const REPUTATION_REGISTRY_ADDRESS = loadAddress();
+const ABI = [
+    "function setScore(string did, uint256 score, string context) external",
+    "function getScore(string did) external view returns (string retDid, uint256 score, string context, uint256 updatedAt)",
+    "function getAllScores() external view returns (tuple(string did, uint256 score, string context, uint256 updatedAt)[])",
+    "function getScoreCount() external view returns (uint256)",
+    "function authorizedValidators(address) external view returns (bool)",
+    "event ScoreUpdated(string indexed did, uint256 score, string context, uint256 updatedAt)",
+];
+export class ReputationRegistryClient {
+    provider;
+    contract;
+    wallet;
+    cache = null;
+    cacheAt = 0;
+    cacheTTLMs;
+    address;
+    constructor(opts) {
+        this.address = opts?.address ?? REPUTATION_REGISTRY_ADDRESS;
+        this.cacheTTLMs = opts?.cacheTTLMs ?? 2 * 60 * 1000; // 2 min
+        const rpc = opts?.rpc ?? REPUTATION_REGISTRY_RPC;
+        this.provider = new ethers.JsonRpcProvider(rpc);
+        if (!this.address) {
+            console.warn("[reputation-registry] ⚠️  No contract address — registry disabled");
+            this.contract = null;
+            return;
+        }
+        if (opts?.privateKey) {
+            this.wallet = new ethers.Wallet(opts.privateKey, this.provider);
+            this.contract = new ethers.Contract(this.address, ABI, this.wallet);
+        }
+        else {
+            this.contract = new ethers.Contract(this.address, ABI, this.provider);
+        }
+    }
+    /**
+     * Set or update a reputation score for a DID.
+     * Only works if the wallet is the authorized validator.
+     * Non-blocking — logs warning on failure.
+     */
+    async setScore(opts) {
+        if (!this.wallet) {
+            console.warn("[reputation-registry] ⚠️  No private key — cannot write score");
+            return;
+        }
+        if (!this.address) {
+            console.warn("[reputation-registry] ⚠️  No contract address — skipping");
+            return;
+        }
+        try {
+            const feeData = await this.provider.getFeeData();
+            const tx = await this.contract.setScore(opts.did, BigInt(Math.round(opts.score)), opts.context ?? "soulprint:v1", { gasPrice: feeData.gasPrice });
+            console.log(`[reputation-registry] 📡 Setting score on-chain... tx: ${tx.hash}`);
+            await tx.wait();
+            console.log(`[reputation-registry] ✅ Score set: did=${opts.did.slice(0, 20)}... score=${opts.score}`);
+            // Invalidate cache
+            this.cache = null;
+        }
+        catch (err) {
+            console.warn(`[reputation-registry] ⚠️  setScore failed (non-fatal): ${err.shortMessage ?? err.message}`);
+        }
+    }
+    /**
+     * Get reputation score for a specific DID.
+     */
+    async getScore(did) {
+        if (!this.address)
+            return null;
+        try {
+            const r = await this.contract.getScore(did);
+            return {
+                did: r.retDid,
+                score: Number(r.score),
+                context: r.context,
+                updatedAt: Number(r.updatedAt),
+            };
+        }
+        catch (err) {
+            console.warn(`[reputation-registry] ⚠️  getScore failed: ${err.shortMessage ?? err.message}`);
+            return null;
+        }
+    }
+    /**
+     * Get all DID scores (cached 2 min).
+     */
+    async getAllScores() {
+        if (this.cache && Date.now() - this.cacheAt < this.cacheTTLMs) {
+            return this.cache;
+        }
+        return this.refreshScores();
+    }
+    async refreshScores() {
+        if (!this.address)
+            return [];
+        try {
+            const raw = await this.contract.getAllScores();
+            this.cache = raw.map((e) => ({
+                did: e.did,
+                score: Number(e.score),
+                context: e.context,
+                updatedAt: Number(e.updatedAt),
+            }));
+            this.cacheAt = Date.now();
+            return this.cache;
+        }
+        catch (err) {
+            console.warn(`[reputation-registry] ⚠️  getAllScores failed: ${err.shortMessage ?? err.message}`);
+            return this.cache ?? [];
+        }
+    }
+    async getCount() {
+        if (!this.address)
+            return 0;
+        try {
+            const n = await this.contract.getScoreCount();
+            return Number(n);
+        }
+        catch {
+            return 0;
+        }
+    }
+    get contractAddress() { return this.address; }
+}
+export const reputationRegistryClient = new ReputationRegistryClient();

package/dist/code-hash.json

@@ -1,10 +1,12 @@
 {
-  "codeHash": "39a29e119e7cb485d5b7dc5bdbe1533318617ec05a4fc4da321c94253da9d7f9",
-  "codeHashHex": "0x39a29e119e7cb485d5b7dc5bdbe1533318617ec05a4fc4da321c94253da9d7f9",
-  "computedAt": "2026-03-01T02:07:26.276Z",
-  "fileCount": 22,
+  "codeHash": "c256c2701bea12bbb2f50552b268bda6065a58d187f7bde6d6be86d82eb73f06",
+  "codeHashHex": "0xc256c2701bea12bbb2f50552b268bda6065a58d187f7bde6d6be86d82eb73f06",
+  "computedAt": "2026-03-01T03:11:08.326Z",
+  "fileCount": 24,
   "files": [
+    "blockchain/NullifierRegistryClient.ts",
     "blockchain/PeerRegistryClient.ts",
+    "blockchain/ReputationRegistryClient.ts",
     "blockchain/blockchain-anchor.ts",
     "blockchain/blockchain-client.ts",
     "blockchain/protocol-thresholds-client.ts",

package/dist/validator.d.ts

@@ -2,6 +2,8 @@ import { IncomingMessage, ServerResponse } from "node:http";
 import { BotAttestation, BotReputation } from "soulprint-core";
 import { type SoulprintP2PNode } from "./p2p.js";
 import { PeerRegistryClient } from "./blockchain/PeerRegistryClient.js";
+import { NullifierRegistryClient } from "./blockchain/NullifierRegistryClient.js";
+import { ReputationRegistryClient } from "./blockchain/ReputationRegistryClient.js";
 export declare function getLiveThresholds(): {
     SCORE_FLOOR: number;
     VERIFIED_SCORE_FLOOR: number;
@@ -14,6 +16,10 @@ export declare function getLiveThresholds(): {
     source: "blockchain" | "local_fallback";
 };
 export declare function setPeerRegistryClient(client: PeerRegistryClient): void;
+export declare function setNullifierRegistry(client: NullifierRegistryClient): void;
+export declare function setReputationRegistry(client: ReputationRegistryClient): void;
+export declare function getNullifierRegistry(): NullifierRegistryClient | null;
+export declare function getReputationRegistry(): ReputationRegistryClient | null;
 /**
  * Inyecta el nodo libp2p al validador.
  * Cuando se llama:

package/dist/validator.js

@@ -76,6 +76,23 @@ let peerRegistryClient = null;
 export function setPeerRegistryClient(client) {
     peerRegistryClient = client;
 }
+// ── On-Chain Registries (v0.5.0) ───────────────────────────────────────────────
+// The blockchain IS the shared state. These are the single source of truth.
+// Only soulprint.digital validator can WRITE; anyone can READ.
+let nullifierRegistry = null;
+let reputationRegistry = null;
+export function setNullifierRegistry(client) {
+    nullifierRegistry = client;
+}
+export function setReputationRegistry(client) {
+    reputationRegistry = client;
+}
+export function getNullifierRegistry() {
+    return nullifierRegistry;
+}
+export function getReputationRegistry() {
+    return reputationRegistry;
+}
 /**
  * Inyecta el nodo libp2p al validador.
  * Cuando se llama:
@@ -205,6 +222,14 @@ function applyAttestation(att) {
         hasDocumentVerified: hasDocument,
     };
     saveReputation();
+    // ── Write reputation to on-chain ReputationRegistry (v0.5.0) — non-blocking
+    if (reputationRegistry) {
+        reputationRegistry.setScore({
+            did: att.target_did,
+            score: finalRepScore,
+            context: "soulprint:v1",
+        }).catch(e => console.warn("[reputation-registry] ⚠️  On-chain write failed:", e.message));
+    }
     return { score: finalRepScore, attestations: allAtts.length, last_updated: rep.last_updated };
 }
 // ── P2P state sync metadata ───────────────────────────────────────────────────
@@ -692,6 +717,17 @@ async function handleVerify(req, res, nodeKeypair, ip) {
     else {
         nullifiers[zkResult.nullifier] = { did: token.did, verified_at: now };
         saveNullifiers();
+        // ── Write to on-chain NullifierRegistry (v0.5.0) — non-blocking ──────────
+        // soulprint.digital validator signs and certifies the identity on-chain.
+        // Anyone can now verify isRegistered(nullifier) without trusting this node.
+        if (nullifierRegistry) {
+            const score = repStore[token.did]?.score ?? 0;
+            nullifierRegistry.registerNullifier({
+                nullifier: zkResult.nullifier,
+                did: token.did,
+                score,
+            }).catch(e => console.warn("[nullifier-registry] ⚠️  On-chain write failed:", e.message));
+        }
     }
     const coSig = sign({ nullifier: zkResult.nullifier, did: token.did, timestamp: now }, nodeKeypair.privateKey);
     // Incluir reputación actual del bot en la respuesta
@@ -1050,6 +1086,8 @@ export function startValidatorNode(port = PORT) {
             const httpPeers = peers.length;
             const libp2pPeers = p2pStats?.peers ?? 0;
             let registeredPeers = 0;
+            let nullifiersOnchain = 0;
+            let reputationOnchain = 0;
             try {
                 if (peerRegistryClient) {
                     const chainPeers = await peerRegistryClient.getAllPeers();
@@ -1057,24 +1095,36 @@ export function startValidatorNode(port = PORT) {
                 }
             }
             catch { /* non-fatal */ }
+            try {
+                if (nullifierRegistry)
+                    nullifiersOnchain = await nullifierRegistry.getCount();
+            }
+            catch { /* non-fatal */ }
+            try {
+                if (reputationRegistry)
+                    reputationOnchain = await reputationRegistry.getCount();
+            }
+            catch { /* non-fatal */ }
             return json(res, 200, {
                 node_did: nodeKeypair.did.slice(0, 20) + "...",
                 version: VERSION,
                 protocol_hash: PROTOCOL_HASH.slice(0, 16) + "...",
-                // identidades y reputación
+                // identidades y reputación (in-memory cache)
                 verified_identities: Object.keys(nullifiers).length,
                 reputation_profiles: Object.keys(repStore).length,
-                // peers — HTTP gossip (funciona en todos los entornos)
+                // on-chain state (v0.5.0) — blockchain IS the shared state
+                nullifiers_onchain: nullifiersOnchain,
+                reputation_onchain: reputationOnchain,
+                // peers — HTTP gossip
                 known_peers: httpPeers,
-                // peers — libp2p P2P (requiere multicast/bootstrap; 0 en WSL2)
+                // peers — libp2p P2P
                 p2p_peers: libp2pPeers,
                 p2p_pubsub_peers: p2pStats?.pubsubPeers ?? 0,
                 p2p_enabled: !!p2pNode,
-                // total = max de ambas capas (HTTP gossip es el piso mínimo garantizado)
                 total_peers: Math.max(httpPeers, libp2pPeers),
                 // on-chain registered peers (PeerRegistry)
                 registered_peers: registeredPeers,
-                // state sync (v0.4.4)
+                // state sync (v0.5.0 — blockchain is source of truth)
                 state_hash: computeHash(Object.keys(nullifiers)).slice(0, 16) + "...",
                 last_sync: lastSyncTs,
                 // estado general
@@ -1085,23 +1135,44 @@ export function startValidatorNode(port = PORT) {
         }
         if (cleanUrl === "/verify" && req.method === "POST")
             return handleVerify(req, res, nodeKeypair, ip);
-        // ── State sync endpoints (v0.4.4) ─────────────────────────────────────────
-        // GET /state/hash — quick hash comparison for anti-entropy
+        // ── State endpoints (v0.5.0) — blockchain IS the shared state ────────────
+        // GET /state/hash — hash of on-chain nullifier count + reputation count
         if (cleanUrl === "/state/hash" && req.method === "GET") {
             const currentNullifiers = Object.keys(nullifiers);
-            const hash = computeHash(currentNullifiers);
+            let onchainNullifiers = currentNullifiers.length;
+            let onchainReputation = Object.keys(repStore).length;
+            try {
+                if (nullifierRegistry)
+                    onchainNullifiers = await nullifierRegistry.getCount();
+            }
+            catch { }
+            try {
+                if (reputationRegistry)
+                    onchainReputation = await reputationRegistry.getCount();
+            }
+            catch { }
+            // Hash includes on-chain counts for consensus
+            const hash = computeHash([...currentNullifiers, `onchain:${onchainNullifiers}:${onchainReputation}`]);
             return json(res, 200, {
                 hash,
                 nullifier_count: currentNullifiers.length,
+                nullifier_count_onchain: onchainNullifiers,
                 reputation_count: Object.keys(repStore).length,
+                reputation_count_onchain: onchainReputation,
                 attestation_count: Object.values(repStore).reduce((n, e) => n + (e.attestations?.length ?? 0), 0),
                 timestamp: Date.now(),
             });
         }
-        // GET /state/export — full state export for sync
+        // GET /state/export — full state export including on-chain data
         if (cleanUrl === "/state/export" && req.method === "GET") {
             const allAttestations = Object.values(repStore).flatMap(e => e.attestations ?? []);
+            // Read on-chain data (cached — won't hit RPC on every call)
+            const [onchainNullifiers, onchainScores] = await Promise.all([
+                nullifierRegistry ? nullifierRegistry.getAllNullifiers().catch(() => []) : Promise.resolve([]),
+                reputationRegistry ? reputationRegistry.getAllScores().catch(() => []) : Promise.resolve([]),
+            ]);
             return json(res, 200, {
+                // Local in-memory state
                 nullifiers: Object.keys(nullifiers),
                 reputation: Object.fromEntries(Object.entries(repStore).map(([did, e]) => [did, e.score])),
                 attestations: allAttestations,
@@ -1109,6 +1180,13 @@ export function startValidatorNode(port = PORT) {
                 lastSync: lastSyncTs,
                 stateHash: computeHash(Object.keys(nullifiers)),
                 timestamp: Date.now(),
+                // On-chain state (v0.5.0) — canonical source of truth
+                onchain: {
+                    nullifiers: onchainNullifiers,
+                    reputation: onchainScores,
+                    nullifier_count: onchainNullifiers.length,
+                    reputation_count: onchainScores.length,
+                },
             });
         }
         // POST /state/merge — merge partial state from a peer

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "soulprint-network",
-  "version": "0.4.4",
-  "description": "Soulprint validator node — HTTP server that verifies ZK proofs, co-signs SPTs, anti-Sybil registry",
+  "version": "0.4.6",
+  "description": "Soulprint validator node \u2014 HTTP server that verifies ZK proofs, co-signs SPTs, anti-Sybil registry",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "bin": {
@@ -51,8 +51,8 @@
     "nodemailer": "^8.0.1",
     "otpauth": "^9.5.0",
     "otplib": "^13.3.0",
-    "soulprint-core": "workspace:*",
-    "soulprint-zkp": "workspace:*",
+    "soulprint-core": "0.1.11",
+    "soulprint-zkp": "0.1.6",
     "uint8arrays": "5.1.0"
   },
   "devDependencies": {