Update package#1
Merged
Merged
Conversation
…ort#151) Replace all ipfs.infura.io links with ipfs.zkpassport.id Co-authored-by: Michael Elliot <michaelelliot@users.noreply.github.com>
* improve linting for better code quality * remove build:types and tsc-alias and simplify * ci: run validate-packages * update validate-package.sh script to run bins directly
* add auto publishing with oidc * update publish process to use bun to pack tarball and npm to publish it * update prepublish script * simplify readme
…ng (zkpassport#153) * implement brute force signature verification fallback retrieval for csc * simplify signature verification logic * remove console log * simplify bytes conversion for rsa pub key * bump utils version to 0.33.0 * sync deps * sync deps 2 * format * run forge fmt * run scripts/sync-workspace-deps.sh * remove crypto lib import * bump utils version to 0.33.1 * fix bun.lock * bump utils version to 0.33.2 * update ci to use bun 1.3.8 * sync deps * fix linting error --------- Co-authored-by: Michael Elliot <michael@digital.com.au>
…kpassport#152) - Added version, timestamp, and root to PackagedCertificatesFile interface - Introduced fingerprint property in PackagedCertificate type for better identification - Updated getCertificateLeafHash function to use fingerprint and expiry for leaf hash calculation - Bumped @zkpassport/utils and @zkpassport/registry versions BREAKING CHANGE: Leaf hash calculation now includes certificate fingerprint and expiry. Any existing leaf hashes / Merkle roots are incompatible
* disable lists customisation for sanctions check api * fix tests * bump sdk version to 0.12.5 * add google key attestation ecdsa root key hash * sync deps
…r BigNum (zkpassport#156) update barrett reduction overflow bits
* increase signed attrs max size to 256 bytes * fix tests, update utils to 0.35.0
…kpassport#167) * check query results against original query * add tests for original query validation * add tests for rest public input checks * add some missing checks * add validity check tests * bump sdk version to 0.13.0 * add function to create offline query * chore: trigger CI
* fix(sdk): guard document_type disclose check in public input verification * fix(sdk): account for strict comparison offset in age public input verification * fix(sdk): fix birthdate verification failing in compressed-evm mode * chore: bump sdk version
…passport#173) * feat: update oprf utils, add oprf params to input generators * chore: add tests for public inputs indexes * chore: cleanup oprf client * chore: bump version numbers * chore: remove padding in proof parse
* feat(contracts): add new ProtocolController contract - Added new ProtocolController contract to manage operator roles for RootRegistry and RootVerifier - Added new forge deployment scripts for ProtocolController and RootVerifier - Added scripts for calculating init codes for RootRegistry and RootVerifier - Moved CertificateRegistry, CircuitRegistry, and SanctionsRegistry into their own folder - Added new test deployment scripts for RootRegistry and RootVerifier for local testing - Updated copyright year - Added natspec comments to ProtocolController, VerifierHelper, and SubVerifier - Refactored deployment scripts - Added Google ECDSA root key hash to VerifierHelper - Refactored address writing in DeployRegistryHelper script
Introduces v1 of the packaged certificates file format, including a new certificate root derivation that binds the certificate, revocation, and masterlist trees together. This also includes the onchain, SDK, and explorer changes required to publish, validate, and consume the new format.
## Root format
Adds the v1 root derivation:
```text
state_root = H(cert_tree_root, revocation_tree_root, masterlist_tree_root)
certificate_root = H(packed(schema_version | timestamp), state_root)
```
`schema_version` is encoded as 2 big-endian bytes and `timestamp` as 4 big-endian bytes, packed into one 31-byte field.
v0 behaviour is preserved for backward compatibility:
```text
certificate_root = cert_tree_root
```
## zkpassport-utils
- Adds v1 support for `PackagedCertificatesFile`.
- `PackagedCertificatesFile` is now a discriminated union of:
- `PackagedCertificatesFileV0`
- `PackagedCertificatesFileV1`
- v1 adds:
- `revocations`
- `revocations_serialised`
- `masterlists`
- v1 renames:
- `serialised` → `certificates_serialised`
- Removes `PackagedCertificate.hash_algorithm` from the schema.
- Adds revocation tree and masterlist tree primitives:
- `IntermediateCertificateRevocation`
- `getRevocationLeafHash`
- `getRevocationLeafHashes`
- `buildMerkleTreeFromRevocations`
- `buildMerkleTreeFromMasterlists`
- Adds ordered-tree non-membership proofs for revocations:
- `OrderedMerkleExclusionProof`
- `buildRevocationExclusionProof`
- `verifyRevocationExclusionProof`
- Documents left, interior, and after-the-end boundary encoding for revocation exclusion proofs.
- Exports canonical tree heights explicitly:
- `CERTIFICATE_MERKLE_TREE_HEIGHT = 16`
- `REVOCATION_MERKLE_TREE_HEIGHT = 14`
- `MASTERLIST_MERKLE_TREE_HEIGHT = 8`
- Renames `CERTIFICATE_REGISTRY_HEIGHT` to `CERTIFICATE_MERKLE_TREE_HEIGHT`.
- Adds an optional `now` parameter to `calculateAge` for testability.
## registry-contracts
- Extends `RegistryHelper.RootDetails` with:
- `metadata1`
- `metadata2`
- `metadata3`
- For the certificate registry:
- `metadata1` stores the v1 `state_root`
- `metadata2` is reserved
- `metadata3` is reserved
- Routes all root-detail getters through a new `_buildRootDetails` helper.
## registry-sdk
- Makes `validateCertificates` static.
- Updates certificate validation to delegate to `calculatePackagedCertificatesRoot`, allowing v0 and v1 files to be validated through the same canonical derivation path.
- Updates `RootDetails` ABI decoding from 7 to 10 `bytes32` words.
- Exposes the new root metadata fields:
- `metadata1`
- `metadata2`
- `metadata3`
- Adds `getRegistryHelperAddress()`.
- Updates Mainnet and Sepolia `registryHelper` addresses to the new deployments.
## registry-explorer
- Adds `NetworkProvider` and `NetworkSwitcher` with support for: Mainnet, Testnet and Local (when localhost detected)
- Reworks the certificate diff page for the v1 root/state-root structure.
- Adds `CertificateCard`, searchable country filter, and broader UI, theming, and accessibility improvements
* chore: use v1 certificate format in inputs * fix test * fix deps
* chore: rename sepolia to testnet * update lock * fix lock * fix lock
…ort#178) * chore: switch chainId based on devmode for verification * fix: deps * fix * format
…assport#179) * chore(registry-contracts): update solidity verifier to include oprf check * fix * add script * split the register script * remove deploy scripts * format * version * bun
add mainnet B to network selection Co-authored-by: Michael Elliot <michael@digital.com.au>
…t#182) prepare new registry helper addresses
* chore(sdk): Remove -beta suffix from version * export oprfPubKeyHash in getSolidityVerifierParameters
* fix(sdk): Onchain simulation * cump versions * temp: remove oprfPubKeyHash
chore(registry): Remove MainnetB and TestnetB
* prefix oprf zero proof with 0x to match android circuit input expected formatting * bump utils to 0.36.1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.