zk-eligibility-sdk 1.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (189) hide show
  1. package/LICENSE +30 -0
  2. package/LICENSE-APACHE2.0 +165 -0
  3. package/README.md +398 -0
  4. package/RULES.md +490 -0
  5. package/SECURITY.md +347 -0
  6. package/dist/circuits/activityClass/activityclass.circom +59 -0
  7. package/dist/circuits/activityClass/activityclass_final.zkey +0 -0
  8. package/dist/circuits/activityClass/activityclass_js/activityclass.wasm +0 -0
  9. package/dist/circuits/activityClass/activityclass_js/generate_witness.js +20 -0
  10. package/dist/circuits/activityClass/activityclass_js/witness_calculator.js +337 -0
  11. package/dist/circuits/activityClass/verification_key.json +109 -0
  12. package/dist/circuits/cooldown/cooldown.circom +33 -0
  13. package/dist/circuits/cooldown/cooldown_final.zkey +0 -0
  14. package/dist/circuits/cooldown/cooldown_js/cooldown.wasm +0 -0
  15. package/dist/circuits/cooldown/cooldown_js/generate_witness.js +20 -0
  16. package/dist/circuits/cooldown/cooldown_js/witness_calculator.js +337 -0
  17. package/dist/circuits/cooldown/verification_key.json +94 -0
  18. package/dist/circuits/manifest.json +32 -0
  19. package/dist/circuits/minActivity/minactivity.circom +31 -0
  20. package/dist/circuits/minActivity/minactivity_final.zkey +0 -0
  21. package/dist/circuits/minActivity/minactivity_js/generate_witness.js +20 -0
  22. package/dist/circuits/minActivity/minactivity_js/minactivity.wasm +0 -0
  23. package/dist/circuits/minActivity/minactivity_js/witness_calculator.js +337 -0
  24. package/dist/circuits/minActivity/verification_key.json +94 -0
  25. package/dist/circuits/tokenHold/tokenhold.circom +31 -0
  26. package/dist/circuits/tokenHold/tokenhold_final.zkey +0 -0
  27. package/dist/circuits/tokenHold/tokenhold_js/generate_witness.js +20 -0
  28. package/dist/circuits/tokenHold/tokenhold_js/tokenhold.wasm +0 -0
  29. package/dist/circuits/tokenHold/tokenhold_js/witness_calculator.js +337 -0
  30. package/dist/circuits/tokenHold/verification_key.json +94 -0
  31. package/dist/circuits/walletAge/verification_key.json +94 -0
  32. package/dist/circuits/walletAge/walletage.circom +28 -0
  33. package/dist/circuits/walletAge/walletage_final.zkey +0 -0
  34. package/dist/circuits/walletAge/walletage_js/generate_witness.js +20 -0
  35. package/dist/circuits/walletAge/walletage_js/walletage.wasm +0 -0
  36. package/dist/circuits/walletAge/walletage_js/witness_calculator.js +337 -0
  37. package/dist/cli/commands/listRules.d.ts +2 -0
  38. package/dist/cli/commands/listRules.d.ts.map +1 -0
  39. package/dist/cli/commands/listRules.js +11 -0
  40. package/dist/cli/commands/listRules.js.map +1 -0
  41. package/dist/cli/commands/prove.d.ts +2 -0
  42. package/dist/cli/commands/prove.d.ts.map +1 -0
  43. package/dist/cli/commands/prove.js +39 -0
  44. package/dist/cli/commands/prove.js.map +1 -0
  45. package/dist/cli/commands/verify.d.ts +2 -0
  46. package/dist/cli/commands/verify.d.ts.map +1 -0
  47. package/dist/cli/commands/verify.js +38 -0
  48. package/dist/cli/commands/verify.js.map +1 -0
  49. package/dist/cli/index.d.ts +3 -0
  50. package/dist/cli/index.d.ts.map +1 -0
  51. package/dist/cli/index.js +57 -0
  52. package/dist/cli/index.js.map +1 -0
  53. package/dist/constants/limits.d.ts +7 -0
  54. package/dist/constants/limits.d.ts.map +1 -0
  55. package/dist/constants/limits.js +10 -0
  56. package/dist/constants/limits.js.map +1 -0
  57. package/dist/index.d.ts +7 -0
  58. package/dist/index.d.ts.map +1 -0
  59. package/dist/index.js +25 -0
  60. package/dist/index.js.map +1 -0
  61. package/dist/providers/alchemy.d.ts +6 -0
  62. package/dist/providers/alchemy.d.ts.map +1 -0
  63. package/dist/providers/alchemy.js +119 -0
  64. package/dist/providers/alchemy.js.map +1 -0
  65. package/dist/providers/index.d.ts +4 -0
  66. package/dist/providers/index.d.ts.map +1 -0
  67. package/dist/providers/index.js +67 -0
  68. package/dist/providers/index.js.map +1 -0
  69. package/dist/providers/infura.d.ts +4 -0
  70. package/dist/providers/infura.d.ts.map +1 -0
  71. package/dist/providers/infura.js +13 -0
  72. package/dist/providers/infura.js.map +1 -0
  73. package/dist/providers/types.d.ts +8 -0
  74. package/dist/providers/types.d.ts.map +1 -0
  75. package/dist/providers/types.js +3 -0
  76. package/dist/providers/types.js.map +1 -0
  77. package/dist/rules/activityClass/activityClass.d.ts +12 -0
  78. package/dist/rules/activityClass/activityClass.d.ts.map +1 -0
  79. package/dist/rules/activityClass/activityClass.js +39 -0
  80. package/dist/rules/activityClass/activityClass.js.map +1 -0
  81. package/dist/rules/activityClass/config.d.ts +3 -0
  82. package/dist/rules/activityClass/config.d.ts.map +1 -0
  83. package/dist/rules/activityClass/config.js +3 -0
  84. package/dist/rules/activityClass/config.js.map +1 -0
  85. package/dist/rules/cooldown/config.d.ts +4 -0
  86. package/dist/rules/cooldown/config.d.ts.map +1 -0
  87. package/dist/rules/cooldown/config.js +3 -0
  88. package/dist/rules/cooldown/config.js.map +1 -0
  89. package/dist/rules/cooldown/cooldown.d.ts +12 -0
  90. package/dist/rules/cooldown/cooldown.d.ts.map +1 -0
  91. package/dist/rules/cooldown/cooldown.js +65 -0
  92. package/dist/rules/cooldown/cooldown.js.map +1 -0
  93. package/dist/rules/minActivity/config.d.ts +4 -0
  94. package/dist/rules/minActivity/config.d.ts.map +1 -0
  95. package/dist/rules/minActivity/config.js +3 -0
  96. package/dist/rules/minActivity/config.js.map +1 -0
  97. package/dist/rules/minActivity/minActivity.d.ts +12 -0
  98. package/dist/rules/minActivity/minActivity.d.ts.map +1 -0
  99. package/dist/rules/minActivity/minActivity.js +61 -0
  100. package/dist/rules/minActivity/minActivity.js.map +1 -0
  101. package/dist/rules/tokenHold/config.d.ts +5 -0
  102. package/dist/rules/tokenHold/config.d.ts.map +1 -0
  103. package/dist/rules/tokenHold/config.js +3 -0
  104. package/dist/rules/tokenHold/config.js.map +1 -0
  105. package/dist/rules/tokenHold/tokenHold.d.ts +12 -0
  106. package/dist/rules/tokenHold/tokenHold.d.ts.map +1 -0
  107. package/dist/rules/tokenHold/tokenHold.js +68 -0
  108. package/dist/rules/tokenHold/tokenHold.js.map +1 -0
  109. package/dist/rules/walletAge/config.d.ts +4 -0
  110. package/dist/rules/walletAge/config.d.ts.map +1 -0
  111. package/dist/rules/walletAge/config.js +3 -0
  112. package/dist/rules/walletAge/config.js.map +1 -0
  113. package/dist/rules/walletAge/walletAge.d.ts +12 -0
  114. package/dist/rules/walletAge/walletAge.d.ts.map +1 -0
  115. package/dist/rules/walletAge/walletAge.js +76 -0
  116. package/dist/rules/walletAge/walletAge.js.map +1 -0
  117. package/dist/sdk/ZKEligibiltySDK.d.ts +13 -0
  118. package/dist/sdk/ZKEligibiltySDK.d.ts.map +1 -0
  119. package/dist/sdk/ZKEligibiltySDK.js +57 -0
  120. package/dist/sdk/ZKEligibiltySDK.js.map +1 -0
  121. package/dist/sdk/errors.d.ts +10 -0
  122. package/dist/sdk/errors.d.ts.map +1 -0
  123. package/dist/sdk/errors.js +23 -0
  124. package/dist/sdk/errors.js.map +1 -0
  125. package/dist/sdk/executeRule.d.ts +4 -0
  126. package/dist/sdk/executeRule.d.ts.map +1 -0
  127. package/dist/sdk/executeRule.js +38 -0
  128. package/dist/sdk/executeRule.js.map +1 -0
  129. package/dist/sdk/generateProof.d.ts +3 -0
  130. package/dist/sdk/generateProof.d.ts.map +1 -0
  131. package/dist/sdk/generateProof.js +14 -0
  132. package/dist/sdk/generateProof.js.map +1 -0
  133. package/dist/sdk/index.d.ts +6 -0
  134. package/dist/sdk/index.d.ts.map +1 -0
  135. package/dist/sdk/index.js +27 -0
  136. package/dist/sdk/index.js.map +1 -0
  137. package/dist/sdk/ruleRegistry.d.ts +11 -0
  138. package/dist/sdk/ruleRegistry.d.ts.map +1 -0
  139. package/dist/sdk/ruleRegistry.js +41 -0
  140. package/dist/sdk/ruleRegistry.js.map +1 -0
  141. package/dist/sdk/types.d.ts +24 -0
  142. package/dist/sdk/types.d.ts.map +1 -0
  143. package/dist/sdk/types.js +3 -0
  144. package/dist/sdk/types.js.map +1 -0
  145. package/dist/sdk/verifyProof.d.ts +9 -0
  146. package/dist/sdk/verifyProof.d.ts.map +1 -0
  147. package/dist/sdk/verifyProof.js +21 -0
  148. package/dist/sdk/verifyProof.js.map +1 -0
  149. package/dist/types/ErrorCode.d.ts +12 -0
  150. package/dist/types/ErrorCode.d.ts.map +1 -0
  151. package/dist/types/ErrorCode.js +16 -0
  152. package/dist/types/ErrorCode.js.map +1 -0
  153. package/dist/types/Errors.d.ts +13 -0
  154. package/dist/types/Errors.d.ts.map +1 -0
  155. package/dist/types/Errors.js +32 -0
  156. package/dist/types/Errors.js.map +1 -0
  157. package/dist/types/Proof.d.ts +8 -0
  158. package/dist/types/Proof.d.ts.map +1 -0
  159. package/dist/types/Proof.js +3 -0
  160. package/dist/types/Proof.js.map +1 -0
  161. package/dist/types/Provider.d.ts +8 -0
  162. package/dist/types/Provider.d.ts.map +1 -0
  163. package/dist/types/Provider.js +3 -0
  164. package/dist/types/Provider.js.map +1 -0
  165. package/dist/types/Rule.d.ts +6 -0
  166. package/dist/types/Rule.d.ts.map +1 -0
  167. package/dist/types/Rule.js +3 -0
  168. package/dist/types/Rule.js.map +1 -0
  169. package/dist/zk/cache.d.ts +7 -0
  170. package/dist/zk/cache.d.ts.map +1 -0
  171. package/dist/zk/cache.js +28 -0
  172. package/dist/zk/cache.js.map +1 -0
  173. package/dist/zk/generateProof.d.ts +10 -0
  174. package/dist/zk/generateProof.d.ts.map +1 -0
  175. package/dist/zk/generateProof.js +49 -0
  176. package/dist/zk/generateProof.js.map +1 -0
  177. package/dist/zk/generateWitness.d.ts +8 -0
  178. package/dist/zk/generateWitness.d.ts.map +1 -0
  179. package/dist/zk/generateWitness.js +14 -0
  180. package/dist/zk/generateWitness.js.map +1 -0
  181. package/dist/zk/runCmd.d.ts +2 -0
  182. package/dist/zk/runCmd.d.ts.map +1 -0
  183. package/dist/zk/runCmd.js +32 -0
  184. package/dist/zk/runCmd.js.map +1 -0
  185. package/dist/zk/verifyProof.d.ts +2 -0
  186. package/dist/zk/verifyProof.d.ts.map +1 -0
  187. package/dist/zk/verifyProof.js +33 -0
  188. package/dist/zk/verifyProof.js.map +1 -0
  189. package/package.json +39 -0
package/LICENSE ADDED
@@ -0,0 +1,30 @@
1
+ # DUAL LICENSE
2
+
3
+ ZK Eligibility SDK uses a dual licensing model:
4
+
5
+ ## Apache 2.0 License
6
+
7
+ The following components are licensed under Apache License 2.0:
8
+ - SDK source code (src/ directory)
9
+ - ZK circuits (circuits/ directory)
10
+ - Circom library (circomlib/ directory)
11
+ - CLI tooling (cli/ directory)
12
+ - Test infrastructure (tests/ directory)
13
+ - Documentation files (README.md, IMPLEMENTATION_GUIDE.md, RULES.md, SECURITY.md)
14
+
15
+ See LICENSE-APACHE2.0 for the full Apache 2.0 license text.
16
+
17
+ ## MIT License
18
+
19
+ The following components are licensed under MIT License:
20
+ - Smart contracts (contracts/ directory)
21
+
22
+ See LICENSE-MIT for the full MIT license text.
23
+
24
+ ## Usage
25
+
26
+ - If you are using the SDK for ZK eligibility checking, the Apache 2.0 license applies.
27
+ - If you are deploying the smart contracts or integrating with the verifier contracts, the MIT license applies.
28
+ - You may use both licenses depending on which components you are using.
29
+
30
+ For more details, see the respective LICENSE files.
@@ -0,0 +1,165 @@
1
+ Apache License
2
+ Version 2.0, January 2004
3
+
4
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
5
+
6
+ 1. Definitions.
7
+
8
+ "License" shall mean the terms and conditions for use, reproduction,
9
+ and distribution as defined in Sections 1 through 9 of this document.
10
+
11
+ "Licensor" shall mean the copyright owner or entity authorized by
12
+ the copyright owner that is granting the License.
13
+
14
+ "Legal Entity" shall mean the union of the acting entity and all
15
+ other entities that control, are controlled by, or are under common
16
+ control with that entity. For the purposes of this definition,
17
+ "control" means (i) the power, direct or indirect, to cause the
18
+ direction or management of such entity, whether by contract or
19
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
20
+ outstanding shares, or (iii) beneficial ownership of such entity.
21
+
22
+ "You" (or "Your") shall mean an individual or Legal Entity exercising
23
+ permissions granted by this License.
24
+
25
+ "Source" form shall mean the preferred form for making modifications,
26
+ including but not limited to software source code, documentation
27
+ source, and configuration files.
28
+
29
+ "Object" form shall mean any form resulting from mechanical
30
+ transformation or translation of a Source form, including but
31
+ not limited to compiled object code, generated documentation,
32
+ and conversions to other media types.
33
+
34
+ "Work" shall mean the work of authorship, whether in Source or Object
35
+ form, made available under the License, as indicated by a copyright
36
+ notice that is included in or attached to the work.
37
+
38
+ "Derivative Works" shall mean any work, whether in Source or Object
39
+ form, that is based on (or derived from) the Work and for which the
40
+ editorial revisions, annotations, elaborations, or other modifications
41
+ represent, as a whole, an original work of authorship, thus including
42
+ the Work and any other modifications that You make.
43
+
44
+ "Contribution" shall mean any work of authorship, including
45
+ the original Work and any Derivative Works thereof, submitted to,
46
+ or received by, Licensor for inclusion in the Work by the copyright owner
47
+ or by an individual or Legal Entity authorized to submit on behalf of
48
+ the copyright owner. For the purposes of this definition, "submitted"
49
+ means any form of electronic, verbal, or written communication sent
50
+ to the Licensor or its representatives, such as but not limited to
51
+ communication on electronic mailing lists, source code control systems,
52
+ and issue tracking systems that are managed by, or on behalf of, the
53
+ Licensor for the purpose of discussing and improving the Work, but
54
+ excluding communication that is conspicuously marked or otherwise
55
+ designated in writing by the copyright owner as "Not a Contribution."
56
+
57
+ "Contributor" shall mean Licensor and any Legal Entity on behalf of
58
+ whom a Contribution has been received by Licensor and subsequently
59
+ incorporated within the Work.
60
+
61
+ 2. Grant of Copyright License. Subject to the terms and conditions of
62
+ this License, each Contributor hereby grants to You a perpetual,
63
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
64
+ copyright license to reproduce, prepare Derivative Works of,
65
+ publicly display, publicly perform, sublicense, and distribute the
66
+ Work and such Derivative Works in Source or Object form.
67
+
68
+ 3. Grant of Patent License. Subject to the terms and conditions of
69
+ this License, each Contributor hereby grants to You a perpetual,
70
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
71
+ (except as stated in this section) patent license to make, have made,
72
+ use, offer to sell, sell, import, and otherwise transfer the Work,
73
+ where such license applies only to those patent claims licensable
74
+ by such Contributor that are necessarily infringed by their
75
+ Contribution(s) alone or by combination of their Contribution(s)
76
+ with the Work to which such Contribution(s) was submitted. If You
77
+ institute patent litigation against any entity (including a
78
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
79
+ or a Contribution incorporated within the Work constitutes direct
80
+ or contributory patent infringement, then any patent licenses
81
+ granted to You under this License for that Work shall terminate
82
+ as of the date such litigation is filed.
83
+
84
+ 4. Redistribution. You may reproduce and distribute copies of the
85
+ Work or Derivative Works thereof in any medium, with or without
86
+ modifications, and in Source or Object form, provided that You
87
+ meet the following conditions:
88
+
89
+ (a) You must give any other recipients of the Work or
90
+ Derivative Works a copy of this License; and
91
+
92
+ (b) You must cause any modified files to carry prominent notices
93
+ stating that You changed the files; and
94
+
95
+ (c) You must retain, in the Source form of any Derivative Works
96
+ that You distribute, all copyright, patent, trademark, and
97
+ attribution notices from the Source form of the Work,
98
+ excluding those notices that do not pertain to any part of
99
+ the Derivative Works; and
100
+
101
+ (d) If the Work includes a "NOTICE" text file, then any
102
+ Derivative Works that You distribute must include a readable
103
+ copy of the attribution notices contained within such NOTICE file.
104
+
105
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
106
+ any Contribution intentionally submitted for inclusion in the Work
107
+ by You to Licensor shall be under the terms and conditions of
108
+ this License, without any additional terms or conditions.
109
+ Notwithstanding the above, nothing herein shall supersede or modify
110
+ the terms of any separate license agreement you may have executed
111
+ with Licensor regarding such Contribution.
112
+
113
+ 6. Trademarks. This License does not grant permission to use the trade
114
+ names, trademarks, service marks, or product names of the Licensor,
115
+ except as required for reasonable and customary use in describing the
116
+ origin of the Work and reproducing the content of the NOTICE file.
117
+
118
+ 7. Disclaimer of Warranty. Unless required by applicable law or
119
+ agreed to in writing, Licensor provides the Work (and each
120
+ Contributor provides its Contributions) on an "AS IS" BASIS,
121
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
122
+ implied, including, without limitation, any warranties or conditions
123
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
124
+ PARTICULAR PURPOSE. You are solely responsible for determining the
125
+ appropriateness of using or redistributing the Work and assume any
126
+ risks associated with Your exercise of permissions under this License.
127
+
128
+ 8. Limitation of Liability. In no event and under no legal theory,
129
+ whether in tort (including negligence), contract, or otherwise,
130
+ unless required by applicable law (such as deliberate and grossly
131
+ negligent acts) or agreed to in writing, shall any Contributor be
132
+ liable to You for damages, including any direct, indirect, special,
133
+ incidental, or consequential damages of any character arising as a
134
+ result of this License or out of the use or inability to use the
135
+ Work (including but not limited to damages for loss of goodwill,
136
+ work stoppage, computer failure or malfunction, or any and all
137
+ other commercial damages or losses), even if such Contributor
138
+ has been advised of the possibility of such damages.
139
+
140
+ 9. Accepting Warranty or Additional Liability. While redistributing
141
+ the Work or Derivative Works thereof, You may choose to offer,
142
+ and charge a fee for, acceptance of support, warranty, indemnity,
143
+ or other liability obligations and/or rights consistent with this
144
+ License. However, in accepting such obligations, You may act only
145
+ on Your own behalf and on Your sole responsibility, not on behalf
146
+ of any other Contributor, and only if You agree to indemnify,
147
+ defend, and hold each Contributor harmless for any liability
148
+ incurred by, or claims asserted against, such Contributor by reason
149
+ of your accepting any such warranty or additional liability.
150
+
151
+ END OF TERMS AND CONDITIONS
152
+
153
+ Copyright © 2024 Srivishnu G V
154
+
155
+ Licensed under the Apache License, Version 2.0 (the "License");
156
+ you may not use this file except in compliance with the License.
157
+ You may obtain a copy of the License at
158
+
159
+ http://www.apache.org/licenses/LICENSE-2.0
160
+
161
+ Unless required by applicable law or agreed to in writing, software
162
+ distributed under the License is distributed on an "AS IS" BASIS,
163
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
164
+ See the License for the specific language governing permissions and
165
+ limitations under the License.
package/README.md ADDED
@@ -0,0 +1,398 @@
1
+ # ZK Eligibility SDK
2
+
3
+ **Cryptographically Proven Eligibility. Zero Data Leakage.**
4
+
5
+ A zero-knowledge eligibility framework for Web3. Prove wallet properties—age, activity, holdings, cooldowns—without revealing transaction history, balances, or user identities.
6
+
7
+ For airdrop designers, DAO treasuries, and DeFi protocols that demand both security and privacy.
8
+
9
+ ---
10
+
11
+ ## The Problem
12
+
13
+ Today, Web3 teams face an impossible choice:
14
+
15
+ | Option | Problem |
16
+ |--------|----------|
17
+ | **Public allowlists** | Leaks entire wallet histories. Privacy nightmare. |
18
+ | **Centralized gatekeeping** | Requires trusting a third party. Single point of failure. |
19
+ | **Simple heuristics** | Easy to game. Sybil attacks succeed. |
20
+ | **This SDK** | ✅ Cryptographically proven. ✅ Privacy-preserving. ✅ Sybil-resistant. |
21
+
22
+ **With ZK Eligibility SDK, you get all three.**
23
+
24
+ ---
25
+
26
+ ## What You Get
27
+
28
+ ✅ **Cryptographic Guarantees**
29
+ - If a proof verifies, the statement is mathematically true
30
+ - Forging eligibility is computationally infeasible under standard cryptographic assumptions
31
+ - Industry-standard Groth16 zk-SNARK implementation
32
+
33
+ ✅ **Zero Data Leakage**
34
+ - Users prove eligibility without revealing wallet history
35
+ - No transaction hashes exposed
36
+ - No balance information leaked
37
+ - No timing patterns revealed
38
+
39
+ ✅ **Production-Ready**
40
+ - 5 battle-tested eligibility rules
41
+ - CLI + SDK + on-chain verifier ready
42
+ - 11/11 edge cases passing
43
+ - Comprehensive edge-case test coverage
44
+ - Comprehensive security documentation
45
+
46
+ ✅ **Easy Integration**
47
+ - TypeScript SDK (REST-style)
48
+ - Verifiable proofs for on-chain or off-chain use
49
+ - Drop-in replacement for centralized allowlists
50
+
51
+ ---
52
+
53
+ ## 5 Eligibility Rules (Composable)
54
+
55
+ ### 1️⃣ Wallet Age
56
+ **Prove:** First transaction before block N
57
+ **Use case:** Sybil resistance, legacy user access, loyalty tiers
58
+ **Privacy:** Exact age hidden, only proves eligibility
59
+
60
+ ### 2️⃣ Minimum Activity
61
+ **Prove:** At least N outbound transactions
62
+ **Use case:** Active user filtering, engagement gates, bot detection
63
+ **Privacy:** Exact count hidden, only proves threshold
64
+
65
+ ### 3️⃣ Cooldown Period
66
+ **Prove:** Inactive for N+ blocks
67
+ **Use case:** Rate limiting, anti-spam, sequential access control
68
+ **Privacy:** Last activity block hidden
69
+
70
+ ### 4️⃣ Token Hold Duration
71
+ **Prove:** Held token X for N+ blocks
72
+ **Use case:** Holder privileges, loyalty programs, time-weighted access
73
+ **Privacy:** Balances and transfer history hidden
74
+
75
+ ### 5️⃣ Activity Classification
76
+ **Prove:** Wallet falls into activity band (0–3)
77
+ **Use case:** Fair distribution, tier-based rewards, heuristic filtering
78
+ **Privacy:** Exact metrics hidden, only rough band revealed
79
+
80
+ ---
81
+
82
+ ## Real-World Examples
83
+
84
+ **Airdrop Designer**
85
+ ```
86
+ Requirement: "Only wallets active for 6+ months"
87
+ With ZK SDK: Users prove eligibility → receive airdrop
88
+ Result: No data breach. Sybil-resistant. Privacy-preserved.
89
+ ```
90
+
91
+ **DAO Treasury Manager**
92
+ ```
93
+ Requirement: "Community governance token for users with 10+ tx"
94
+ With ZK SDK: Prove activity tier → vote with privacy
95
+ Result: Only qualified members participate. No doxxing.
96
+ ```
97
+
98
+ **DeFi Protocol**
99
+ ```
100
+ Requirement: "Risk-based access for established users"
101
+ With ZK SDK: Prove wallet age + activity → access premium features
102
+ Result: Fair, sybil-resistant gate. User privacy maintained.
103
+ ```
104
+
105
+ ---
106
+
107
+ ## Why This Matters
108
+
109
+ | Traditional Approach | ZK Eligibility SDK |
110
+
111
+ | 📋 Off-chain allowlist | 🔐 Cryptographic proof |
112
+ | 🔓 Public wallet history | 🤖 Minimal Data Disclosure |
113
+ | 🙏 Trust required | ✅ Trust-minimized |
114
+ | ❌ Sybil-vulnerable | ✅ Sybil-resistant |
115
+ | 💸 Manual curation cost | 🤖 Automated verification |
116
+ | 🌍 Privacy nightmare | 🛡️ Privacy-first |
117
+
118
+ ---
119
+
120
+ ## How It Works
121
+
122
+
123
+ ┌──────────────────────────────┐
124
+ │ User's Wallet (public) │
125
+ └──────────────┬───────────────┘
126
+
127
+ v
128
+ ┌──────────────────────────────────────┐
129
+ │ Blockchain Data (on-chain, public) │ ← RPC Provider
130
+ │ fetched via Alchemy/Infura │
131
+ └──────────────┬───────────────────────┘
132
+ │ (private processing)
133
+ v
134
+ ┌──────────────────────────────────────┐
135
+ │ TypeScript SDK │ ← Validates inputs
136
+ │ (verify constraints, policy) │ Prevents abuse
137
+ └──────────────┬───────────────────────┘
138
+ │ (private witness)
139
+ v
140
+ ┌──────────────────────────────────────┐
141
+ │ ZK Circuit (Circom) │ ← Groth16 proof
142
+ │ Cryptographic proof generation │ generation
143
+ └──────────────┬───────────────────────┘
144
+ │ (public proof)
145
+ v
146
+ ┌──────────────────────────────────────┐
147
+ │ Proof + Public Signals │ ← Verifiable by anyone
148
+ │ (cryptographically proven) │ Off-chain or on-chain
149
+ └──────────────────────────────────────┘
150
+
151
+
152
+ **Key insight:** Only the proof is shared. Private data never leaves the user's machine.
153
+
154
+ ---
155
+
156
+ ## Security Guarantees
157
+
158
+ ✅ **Cryptographically Sound**
159
+ - Groth16 zk-SNARK (industry standard)
160
+ - Formal constraint verification
161
+ - No silent overflows or edge case failures
162
+
163
+ ✅ **Conservative Design**
164
+ - Fail fast (TypeScript) on invalid parameters
165
+ - Fail loudly (ZK) on false statements
166
+ - Never default to true
167
+ - Explicit assumptions documented
168
+
169
+ ✅ **Fail-Safe Behavior**
170
+ - All failures are deterministic
171
+ - No silent successes
172
+ - Clear error codes and reasons
173
+ - No ambiguous states
174
+
175
+ ⚠️ **Important Notice**
176
+ - All circuits are **deterministic** (same input always produces same output)
177
+ - Circuits are **not audited** — use at your own risk in production environments
178
+ - The SDK minimizes data disclosure to only what is strictly required to verify eligibility
179
+
180
+ **See [SECURITY.md](./SECURITY.md) for detailed threat model and assumptions.**
181
+
182
+ ---
183
+
184
+ ## Quick Start
185
+
186
+ ### Installation
187
+ ```bash
188
+ npm install zk-eligibility-sdk
189
+ ```
190
+
191
+ ### Basic Usage
192
+ ```typescript
193
+ import "dotenv/config";
194
+ import { ZKEligibilitySDK } from "zk-eligibility-sdk";
195
+
196
+ // Prove wallet has at least 10 transactions
197
+ const proof = await ZKEligibilitySDK.prove(
198
+ "MIN_ACTIVITY",
199
+ "0xWalletAddress",
200
+ { minTx: 10 }
201
+ );
202
+
203
+ if (proof.isValid) {
204
+ console.log("User is eligible ✅");
205
+ // Grant access / send airdrop / etc
206
+ }
207
+ ```
208
+
209
+ ### CLI
210
+ ```bash
211
+ # List all rules
212
+ npx zkesdk list-rules
213
+
214
+ # Generate a proof
215
+ npx zkesdk prove MIN_ACTIVITY 0xWallet '{"minTx":10}'
216
+
217
+ # Verify a proof
218
+ npx zkesdk verify MIN_ACTIVITY proof.json public.json
219
+ ```
220
+
221
+ ### On-Chain Verification
222
+ Proofs can be verified in a Solidity contract:
223
+ ```solidity
224
+ groth16Verifier.verifyProof(
225
+ proof.pi_a,
226
+ proof.pi_b,
227
+ proof.pi_c,
228
+ publicSignals
229
+ );
230
+
231
+ ```
232
+ We have also added a helper contract (EligibilityGate.sol) which will guarentee proper verification of calls based on the RuleId's
233
+
234
+ RuleID's are the keccak256 hashes of the rule names and are enforced consistently across the SDK,CLI and on-chain contracts
235
+
236
+ 1) keccak256(WALLET_AGE)
237
+ 2) keccak256(COOLDOWN)
238
+ 3) keccak256(MIN_ACTIVITY)
239
+ 4) keccak256(TOKEN_HOLD)
240
+ 5) keccak256(ACTIVITY_CLASS)
241
+
242
+ For Additional Information refer (contracts\README.md)
243
+ ---
244
+
245
+ ## Deployment Options
246
+
247
+ ### Option 1: Off-Chain (Fastest)
248
+ - User generates proof locally
249
+ - SDK verifies proof
250
+ - Instant access/allowlisting
251
+ - **Best for:** Airdrops, quick distributions
252
+
253
+ ### Option 2: On-Chain (Most Trustless)
254
+ - User generates proof
255
+ - Smart contract verifies proof
256
+ - Transparent, auditable, trustless
257
+ - **Best for:** DAOs, protocols, public systems
258
+
259
+ ### Option 3: Hybrid (Flexible)
260
+ - Backend verifies proof
261
+ - Backend gates access
262
+ - Best of both worlds
263
+ - **Best for:** Enterprise integrations
264
+
265
+ ---
266
+
267
+ ## What This Does NOT Do
268
+
269
+ ❌ Prove wallet ownership (no sig checks)
270
+ ❌ Prove identity or KYC status
271
+ ❌ Guarantee real-time state under reorgs
272
+ ❌ Prevent smart contract wallets
273
+
274
+ **These are features, not bugs.** This SDK does one thing and does it extremely well:
275
+
276
+ > Prove wallet properties without leaking wallet history.
277
+
278
+ Everything else is your application's responsibility.
279
+
280
+ ---
281
+
282
+ ## Specs
283
+
284
+ | Aspect | Spec |
285
+ |--------|------|
286
+ | **Proof System** | Groth16 (BN128 curve) |
287
+ | **Circuit Language** | Circom 2.0.0 |
288
+ | **Verification** | Off-chain + on-chain |
289
+ | **Supported Chains** | Ethereum (extendable) |
290
+ | **Languages** | TypeScript/JavaScript |
291
+ | **Test Coverage** | 11/11 edge cases passing |
292
+ | **Status** | Production-ready (v1.0) |
293
+
294
+ ---
295
+
296
+ ## Governance & Support
297
+
298
+ **Version Guarantees**
299
+ - v1.x: All cryptographic guarantees locked
300
+ - Breaking changes → v2.0 only
301
+ - Backward-compatible minor versions
302
+
303
+ **Security Policy**
304
+ - Responsible disclosure for vulnerabilities
305
+ - Private contact for security issues
306
+ - See [SECURITY.md](./SECURITY.md) for details
307
+
308
+ ---
309
+
310
+ ## Required: RPC Provider
311
+
312
+ This SDK does NOT ship with an RPC key.
313
+
314
+ You must set one of the following (Infura is not supported in this version as of yet):
315
+
316
+ - ALCHEMY_API_KEY
317
+ - INFURA_API_KEY
318
+
319
+ Example:
320
+
321
+ export ALCHEMY_API_KEY=your_key_here
322
+
323
+ ## FAQ
324
+
325
+ **Q: Can I fake a proof?**
326
+ A: No. Cryptographically impossible. Groth16 soundness guarantees ensure only valid proofs verify.
327
+
328
+ **Q: What if the RPC provider lies?**
329
+ A: Proofs reflect the RPC provider's data. Use a trusted provider (Alchemy, Infura, Quicknode, or your own node).
330
+
331
+ **Q: Can I combine multiple rules?**
332
+ A: Yes. Generate multiple proofs and combine them at the application layer. Each proof is independent and verifiable.
333
+
334
+ **Q: What about wallet privacy?**
335
+ A: The proof proves eligibility. Transaction history, balances, and transfers are never revealed or computed by the SDK.
336
+
337
+ **Q: How much gas does on-chain verification cost?**
338
+ A: Typically ~250k-400k gas per verification. depending on the network and the calldata size.
339
+
340
+ **Q: Can this run on-chain natively?**
341
+ A: Proof generation happens off-chain. Verification happens on-chain. This is by design (privacy + efficiency).
342
+
343
+ ---
344
+
345
+ ## License
346
+
347
+ This project uses a **dual licensing model**:
348
+
349
+ ### 📄 Apache 2.0 License
350
+ The following components are licensed under **Apache License 2.0**:
351
+ - SDK source code (`src/` directory)
352
+ - ZK circuits (`circuits/` directory)
353
+ - Circom library (`circomlib/` directory)
354
+ - CLI tooling (`cli/` directory)
355
+ - Test infrastructure (`tests/` directory)
356
+ - Documentation (README.md, IMPLEMENTATION_GUIDE.md, RULES.md, SECURITY.md)
357
+
358
+ **Use case:** Open-source usage, commercial integration, derivative works
359
+ **Requirement:** Include Apache 2.0 license and provide attribution
360
+
361
+ ### 📝 MIT License
362
+ The following components are licensed under **MIT License**:
363
+ - Smart contracts (`contracts/` directory)
364
+
365
+ **Use case:** Contract deployment, integration with verifiers, modification and distribution
366
+ **Requirement:** Include MIT license and provide attribution
367
+
368
+ ### How to Use
369
+
370
+ - **Using the SDK for eligibility checking?** → Apache 2.0 applies. Include `LICENSE-APACHE2.0`.
371
+ - **Deploying smart contracts?** → MIT applies. Include `LICENSE-MIT`.
372
+ - **Using both?** → Both licenses apply to their respective components.
373
+
374
+ See [LICENSE](./LICENSE), [LICENSE-APACHE2.0](./LICENSE-APACHE2.0), and [LICENSE-MIT](./LICENSE-MIT) for full license texts.
375
+
376
+ ---
377
+
378
+ ## Next Steps
379
+
380
+ 🚀 **Start now:**
381
+ 1. Clone the repo
382
+ 2. `npm install`
383
+ 3. Run `npm run test:all` (11 edge cases pass)
384
+ 4. Integrate the SDK into your app
385
+
386
+ 📖 **Learn more:**
387
+ - [RULES.md](./RULES.md) — Detailed rule specifications
388
+ - [SECURITY.md](./SECURITY.md) — Threat model & guarantees
389
+ - CLI: `npm run cli`
390
+
391
+ 🤝 **Questions?**
392
+ - File an issue
393
+ - Check docs
394
+ - Security issues → private disclosure
395
+
396
+ ---
397
+
398
+ **Made with intent. Shipped with integrity.**