ZK 身份 + Oracle — 实现

For Claude: REQUIRED SUB-SKILL: Use superpowers:executing-plans to implement this plan task-by-task.

Goal: Add Groth16/circom ZK identity proofs and Oracle credit score integration to the BabyDriver DID system.

Architecture: Three circom circuits (KYC, CreditScore, Enterprise) generate Groth16 proofs off-chain. IdentityVerifier (0x8019) dispatches to per-circuit Groth16Verifier contracts for on-chain verification via BN256 ecPairing (~200k gas). Credit scores are stored in OracleHub (0x8016) using CREDIT:* symbols and read by IdentityVerifier.

Tech Stack: circom 2.x, snarkjs 0.7+, circomlib (Poseidon, EdDSA, comparators), Foundry (Solidity tests), Node.js 20+

Design Doc: docs/plans/2026-03-04-zk-identity-oracle-design.md

Design Note — EdDSA vs ECDSA: The design doc specifies ECDSA signatures, but circom handles EdDSA (Baby Jubjub curve) natively with ~5k constraints vs ~1.5M for secp256k1 ECDSA. All circuits use EdDSA/Poseidon for signature verification. Issuers and oracles generate EdDSA keypairs specifically for ZK circuits. This is the standard approach (Semaphore, Tornado Cash, etc.).

Task 1: circom Environment Setup + Project Structure

Files:

Create: baby-modules/did-circuits/package.json
Create: baby-modules/did-circuits/.gitignore
Create: baby-modules/did-circuits/circuits/lib/merkle_proof.circom
Create: baby-modules/did-circuits/scripts/compile.sh
Create: baby-modules/did-circuits/scripts/setup.sh

Step 1: Install circom compiler

circom is a Rust binary. Install from source:

cd /tmp
git clone https://github.com/iden3/circom.git
cd circom
cargo build --release
cargo install --path circom

Verify:

circom --version

Expected: circom compiler 2.x.x

Step 2: Create project structure

cd /Users/judybaby/CodeBase/github/Layer2
mkdir -p baby-modules/did-circuits/{circuits/lib,build,contracts,test,scripts,input}

Step 3: Create package.json

Create baby-modules/did-circuits/package.json:

{
  "name": "babydriver-did-circuits",
  "version": "0.1.0",
  "private": true,
  "scripts": {
    "compile": "bash scripts/compile.sh",
    "setup": "bash scripts/setup.sh",
    "test": "mocha test/**/*.test.js --timeout 120000"
  },
  "dependencies": {
    "circomlib": "^2.0.5",
    "circomlibjs": "^0.1.7",
    "snarkjs": "^0.7.4"
  },
  "devDependencies": {
    "circom_tester": "^0.0.19",
    "mocha": "^10.7.0",
    "chai": "^4.4.1"
  }
}

Step 4: Create .gitignore

Create baby-modules/did-circuits/.gitignore:

node_modules/
build/
*.ptau

Step 5: Create Merkle proof helper circuit

Create baby-modules/did-circuits/circuits/lib/merkle_proof.circom:

pragma circom 2.1.0;

include "../../node_modules/circomlib/circuits/poseidon.circom";
include "../../node_modules/circomlib/circuits/mux1.circom";

/// @title MerkleProof — verify leaf membership in a Poseidon Merkle tree
/// @param LEVELS depth of the tree
template MerkleProof(LEVELS) {
    signal input leaf;
    signal input pathElements[LEVELS];
    signal input pathIndices[LEVELS]; // 0 = left, 1 = right

    signal output root;

    component hashers[LEVELS];
    component mux[LEVELS];

    signal hashes[LEVELS + 1];
    hashes[0] <== leaf;

    for (var i = 0; i < LEVELS; i++) {
        mux[i] = MultiMux1(2);
        mux[i].c[0][0] <== hashes[i];
        mux[i].c[0][1] <== pathElements[i];
        mux[i].c[1][0] <== pathElements[i];
        mux[i].c[1][1] <== hashes[i];
        mux[i].s <== pathIndices[i];

        hashers[i] = Poseidon(2);
        hashers[i].inputs[0] <== mux[i].out[0];
        hashers[i].inputs[1] <== mux[i].out[1];

        hashes[i + 1] <== hashers[i].out;
    }

    root <== hashes[LEVELS];
}

Step 6: Create compile script

Create baby-modules/did-circuits/scripts/compile.sh:

#!/bin/bash
set -e

CIRCUITS_DIR="$(dirname "$0")/../circuits"
BUILD_DIR="$(dirname "$0")/../build"

mkdir -p "$BUILD_DIR"

for circuit in kyc_compliance credit_score enterprise_identity; do
    if [ -f "$CIRCUITS_DIR/${circuit}.circom" ]; then
        echo "Compiling ${circuit}..."
        circom "$CIRCUITS_DIR/${circuit}.circom" \
            --r1cs --wasm --sym \
            -o "$BUILD_DIR" \
            -l "$(dirname "$0")/../node_modules"
        echo "  -> ${circuit}.r1cs + ${circuit}_js/ created"
    fi
done

echo "All circuits compiled."

Step 7: Create setup script (trusted setup)

Create baby-modules/did-circuits/scripts/setup.sh:

#!/bin/bash
set -e

BUILD_DIR="$(dirname "$0")/../build"
CONTRACTS_DIR="$(dirname "$0")/../contracts"

mkdir -p "$CONTRACTS_DIR"

# Download Powers of Tau if not present (2^16 supports up to 65536 constraints)
PTAU="$BUILD_DIR/pot16_final.ptau"
if [ ! -f "$PTAU" ]; then
    echo "Downloading Powers of Tau (2^16)..."
    curl -L -o "$PTAU" \
        "https://storage.googleapis.com/zkevm/ptau/powersOfTau28_hez_final_16.ptau"
fi

for circuit in kyc_compliance credit_score enterprise_identity; do
    R1CS="$BUILD_DIR/${circuit}.r1cs"
    if [ ! -f "$R1CS" ]; then
        echo "Skipping ${circuit} (not compiled yet)"
        continue
    fi

    echo "=== Setup for ${circuit} ==="

    # Phase 2: circuit-specific setup
    npx snarkjs groth16 setup "$R1CS" "$PTAU" "${BUILD_DIR}/${circuit}_0000.zkey"

    # Contribute (dev only — single contribution)
    npx snarkjs zkey contribute \
        "${BUILD_DIR}/${circuit}_0000.zkey" \
        "${BUILD_DIR}/${circuit}_final.zkey" \
        --name="BabyDriver dev" -v -e="babydriver_dev_entropy_${circuit}"

    # Export verification key
    npx snarkjs zkey export verificationkey \
        "${BUILD_DIR}/${circuit}_final.zkey" \
        "${BUILD_DIR}/${circuit}_vkey.json"

    # Export Solidity verifier
    npx snarkjs zkey export solidityverifier \
        "${BUILD_DIR}/${circuit}_final.zkey" \
        "${CONTRACTS_DIR}/${circuit^}Verifier.sol"

    echo "  -> ${circuit}_final.zkey + Verifier.sol created"
done

echo "All setups complete."

Step 8: Install dependencies + verify

cd baby-modules/did-circuits
npm install
circom --version
npx snarkjs --version

Expected: Both commands succeed, node_modules/circomlib/circuits/poseidon.circom exists.

Step 9: Commit

cd /Users/judybaby/CodeBase/github/Layer2
git add baby-modules/did-circuits/package.json \
        baby-modules/did-circuits/.gitignore \
        baby-modules/did-circuits/circuits/lib/merkle_proof.circom \
        baby-modules/did-circuits/scripts/compile.sh \
        baby-modules/did-circuits/scripts/setup.sh
git commit -m "feat(zk): circom project structure + Merkle proof helper"

Task 2: KYCComplianceProof Circuit

Files:

Create: baby-modules/did-circuits/circuits/kyc_compliance.circom
Create: baby-modules/did-circuits/test/kyc_compliance.test.js
Create: baby-modules/did-circuits/input/kyc_input.json

Step 1: Write the KYC circuit

Create baby-modules/did-circuits/circuits/kyc_compliance.circom:

pragma circom 2.1.0;

include "../node_modules/circomlib/circuits/poseidon.circom";
include "../node_modules/circomlib/circuits/comparators.circom";
include "../node_modules/circomlib/circuits/eddsaposeidon.circom";

/// @title KYCComplianceProof
/// @notice Proves "I hold a valid KYC credential meeting compliance requirements"
///         without revealing name, nationality, or other private data.
///         Supports both personal (orgType=0) and enterprise (orgType>0) identities.
///
/// Public inputs:  credentialHash, currentTimestamp, requiredKycLevel, requiredOrgLevel
/// Public outputs: isOver18, kycLevelMeetsRequirement, isOrgCompliant, isValid
template KYCComplianceProof() {
    // ── Private inputs (witness) ──────────────────────────────
    signal input nameHash;             // Poseidon(name)
    signal input nationality;          // country code (1-255)
    signal input birthDate;            // unix timestamp
    signal input kycLevel;             // KYC level (1-4)
    signal input orgType;              // 0=personal, 1=enterprise, 2=DAO, 3=gov
    signal input orgLicenseHash;       // business license hash (0 for personal)
    signal input orgComplianceLevel;   // org compliance level (0 for personal)
    signal input employeeRole;         // role code (0 for personal)

    // EdDSA signature from issuer over credentialHash
    signal input issuerPubKeyAx;
    signal input issuerPubKeyAy;
    signal input issuerSigR8x;
    signal input issuerSigR8y;
    signal input issuerSigS;

    // ── Public inputs ─────────────────────────────────────────
    signal input credentialHash;       // expected Poseidon hash of all fields
    signal input currentTimestamp;     // block.timestamp for age check
    signal input requiredKycLevel;     // minimum KYC level required
    signal input requiredOrgLevel;     // minimum org compliance level (0 = skip)

    // ── Public outputs ────────────────────────────────────────
    signal output isOver18;
    signal output kycLevelMeetsRequirement;
    signal output isOrgCompliant;
    signal output isValid;

    // ── 1. Credential hash commitment ─────────────────────────
    component hasher = Poseidon(8);
    hasher.inputs[0] <== nameHash;
    hasher.inputs[1] <== nationality;
    hasher.inputs[2] <== birthDate;
    hasher.inputs[3] <== kycLevel;
    hasher.inputs[4] <== orgType;
    hasher.inputs[5] <== orgLicenseHash;
    hasher.inputs[6] <== orgComplianceLevel;
    hasher.inputs[7] <== employeeRole;

    credentialHash === hasher.out;

    // ── 2. EdDSA signature verification ───────────────────────
    component sigVerifier = EdDSAPoseidonVerifier();
    sigVerifier.enabled <== 1;
    sigVerifier.Ax <== issuerPubKeyAx;
    sigVerifier.Ay <== issuerPubKeyAy;
    sigVerifier.R8x <== issuerSigR8x;
    sigVerifier.R8y <== issuerSigR8y;
    sigVerifier.S <== issuerSigS;
    sigVerifier.M <== credentialHash;

    // ── 3. Age check: age >= 18 years (567648000 seconds) ─────
    component ageCheck = GreaterEqThan(64);
    ageCheck.in[0] <== currentTimestamp - birthDate;
    ageCheck.in[1] <== 567648000;
    isOver18 <== ageCheck.out;

    // ── 4. KYC level check ────────────────────────────────────
    component kycCheck = GreaterEqThan(8);
    kycCheck.in[0] <== kycLevel;
    kycCheck.in[1] <== requiredKycLevel;
    kycLevelMeetsRequirement <== kycCheck.out;

    // ── 5. Org compliance (skip if orgType == 0) ──────────────
    component orgLevelCheck = GreaterEqThan(8);
    orgLevelCheck.in[0] <== orgComplianceLevel;
    orgLevelCheck.in[1] <== requiredOrgLevel;

    component isPersonal = IsZero();
    isPersonal.in <== orgType;

    // isOrgCompliant = (orgType == 0) ? 1 : (orgComplianceLevel >= requiredOrgLevel)
    isOrgCompliant <== isPersonal.out + (1 - isPersonal.out) * orgLevelCheck.out;

    // ── 6. Overall validity ───────────────────────────────────
    isValid <== isOver18 * kycLevelMeetsRequirement * isOrgCompliant;
}

component main {public [credentialHash, currentTimestamp, requiredKycLevel, requiredOrgLevel]} = KYCComplianceProof();

Step 2: Write the test

Create baby-modules/did-circuits/test/kyc_compliance.test.js:

const path = require("path");
const { expect } = require("chai");
const circom_tester = require("circom_tester");
const { buildPoseidon, buildEddsa } = require("circomlibjs");

describe("KYCComplianceProof", function () {
    this.timeout(120000);

    let circuit;
    let poseidon;
    let eddsa;
    let F; // finite field

    before(async () => {
        circuit = await circom_tester.wasm(
            path.join(__dirname, "../circuits/kyc_compliance.circom"),
            { include: [path.join(__dirname, "../node_modules")] }
        );
        poseidon = await buildPoseidon();
        eddsa = await buildEddsa();
        F = poseidon.F;
    });

    function poseidonHash(inputs) {
        return F.toObject(poseidon(inputs));
    }

    function makeCredential(overrides = {}) {
        const defaults = {
            nameHash: poseidonHash([BigInt("123456789")]),
            nationality: 86n,          // China
            birthDate: 631152000n,      // 1990-01-01
            kycLevel: 3n,
            orgType: 0n,               // personal
            orgLicenseHash: 0n,
            orgComplianceLevel: 0n,
            employeeRole: 0n,
        };
        return { ...defaults, ...overrides };
    }

    function computeCredentialHash(cred) {
        return poseidonHash([
            cred.nameHash,
            cred.nationality,
            cred.birthDate,
            cred.kycLevel,
            cred.orgType,
            cred.orgLicenseHash,
            cred.orgComplianceLevel,
            cred.employeeRole,
        ]);
    }

    function signCredential(privKey, credHash) {
        const sig = eddsa.signPoseidon(privKey, F.e(credHash));
        const pubKey = eddsa.prv2pub(privKey);
        return {
            issuerPubKeyAx: F.toObject(pubKey[0]),
            issuerPubKeyAy: F.toObject(pubKey[1]),
            issuerSigR8x: F.toObject(sig.R8[0]),
            issuerSigR8y: F.toObject(sig.R8[1]),
            issuerSigS: sig.S,
        };
    }

    function buildInput(cred, sigData, overrides = {}) {
        const credHash = computeCredentialHash(cred);
        const defaults = {
            ...cred,
            ...sigData,
            credentialHash: credHash,
            currentTimestamp: 1709510400n, // 2024-03-04 (age 34)
            requiredKycLevel: 2n,
            requiredOrgLevel: 0n,
        };
        return { ...defaults, ...overrides };
    }

    const issuerPrivKey = Buffer.from(
        "0001020304050607080900010203040506070809000102030405060708090001",
        "hex"
    );

    it("should verify valid personal KYC proof", async () => {
        const cred = makeCredential();
        const credHash = computeCredentialHash(cred);
        const sigData = signCredential(issuerPrivKey, credHash);
        const input = buildInput(cred, sigData);

        const witness = await circuit.calculateWitness(input);
        await circuit.checkConstraints(witness);
        await circuit.assertOut(witness, {
            isOver18: 1n,
            kycLevelMeetsRequirement: 1n,
            isOrgCompliant: 1n,
            isValid: 1n,
        });
    });

    it("should reject underage (birthDate too recent)", async () => {
        const cred = makeCredential({
            birthDate: 1672531200n, // 2023-01-01 (age 1)
        });
        const credHash = computeCredentialHash(cred);
        const sigData = signCredential(issuerPrivKey, credHash);
        const input = buildInput(cred, sigData);

        const witness = await circuit.calculateWitness(input);
        await circuit.assertOut(witness, {
            isOver18: 0n,
            isValid: 0n,
        });
    });

    it("should reject insufficient KYC level", async () => {
        const cred = makeCredential({ kycLevel: 1n });
        const credHash = computeCredentialHash(cred);
        const sigData = signCredential(issuerPrivKey, credHash);
        const input = buildInput(cred, sigData, { requiredKycLevel: 3n });

        const witness = await circuit.calculateWitness(input);
        await circuit.assertOut(witness, {
            kycLevelMeetsRequirement: 0n,
            isValid: 0n,
        });
    });

    it("should verify enterprise KYC with org compliance", async () => {
        const cred = makeCredential({
            orgType: 1n,               // enterprise
            orgLicenseHash: poseidonHash([BigInt("987654321")]),
            orgComplianceLevel: 4n,
            employeeRole: 2n,          // manager
        });
        const credHash = computeCredentialHash(cred);
        const sigData = signCredential(issuerPrivKey, credHash);
        const input = buildInput(cred, sigData, { requiredOrgLevel: 3n });

        const witness = await circuit.calculateWitness(input);
        await circuit.assertOut(witness, {
            isOver18: 1n,
            kycLevelMeetsRequirement: 1n,
            isOrgCompliant: 1n,
            isValid: 1n,
        });
    });

    it("should reject enterprise with low org compliance", async () => {
        const cred = makeCredential({
            orgType: 1n,
            orgLicenseHash: poseidonHash([BigInt("987654321")]),
            orgComplianceLevel: 2n,
            employeeRole: 1n,
        });
        const credHash = computeCredentialHash(cred);
        const sigData = signCredential(issuerPrivKey, credHash);
        const input = buildInput(cred, sigData, { requiredOrgLevel: 4n });

        const witness = await circuit.calculateWitness(input);
        await circuit.assertOut(witness, {
            isOrgCompliant: 0n,
            isValid: 0n,
        });
    });

    it("should skip org check for personal (orgType=0)", async () => {
        const cred = makeCredential(); // orgType=0, orgComplianceLevel=0
        const credHash = computeCredentialHash(cred);
        const sigData = signCredential(issuerPrivKey, credHash);
        // requiredOrgLevel=5 but orgType=0 → should still pass
        const input = buildInput(cred, sigData, { requiredOrgLevel: 5n });

        const witness = await circuit.calculateWitness(input);
        await circuit.assertOut(witness, {
            isOrgCompliant: 1n,
            isValid: 1n,
        });
    });

    it("should reject invalid credential hash", async () => {
        const cred = makeCredential();
        const credHash = computeCredentialHash(cred);
        const sigData = signCredential(issuerPrivKey, credHash);
        // Tamper with credentialHash
        const input = buildInput(cred, sigData, {
            credentialHash: 12345n,
        });

        try {
            await circuit.calculateWitness(input);
            expect.fail("should have thrown");
        } catch (e) {
            // Constraint violation (hash mismatch)
            expect(e.message).to.include("Assert");
        }
    });

    it("should reject invalid signature", async () => {
        const cred = makeCredential();
        const credHash = computeCredentialHash(cred);
        // Sign with wrong key
        const wrongKey = Buffer.from(
            "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
            "hex"
        );
        const sigData = signCredential(wrongKey, credHash);

        // But claim the original issuer's pubkey
        const correctPub = eddsa.prv2pub(issuerPrivKey);
        sigData.issuerPubKeyAx = F.toObject(correctPub[0]);
        sigData.issuerPubKeyAy = F.toObject(correctPub[1]);

        const input = buildInput(cred, sigData);

        try {
            await circuit.calculateWitness(input);
            expect.fail("should have thrown");
        } catch (e) {
            expect(e.message).to.include("Assert");
        }
    });
});

Step 3: Compile the circuit

cd baby-modules/did-circuits
bash scripts/compile.sh

Expected: kyc_compliance.r1cs + kyc_compliance_js/ created in build/. No errors.

Step 4: Run the tests

cd baby-modules/did-circuits
npx mocha test/kyc_compliance.test.js --timeout 120000

Expected: All 8 tests pass.

Step 5: Commit

cd /Users/judybaby/CodeBase/github/Layer2
git add baby-modules/did-circuits/circuits/kyc_compliance.circom \
        baby-modules/did-circuits/test/kyc_compliance.test.js
git commit -m "feat(zk): KYCComplianceProof circuit + 8 tests"

Task 3: CreditScoreProof Circuit

Files:

Create: baby-modules/did-circuits/circuits/credit_score.circom
Create: baby-modules/did-circuits/test/credit_score.test.js

Step 1: Write the CreditScore circuit

Create baby-modules/did-circuits/circuits/credit_score.circom:

pragma circom 2.1.0;

include "../node_modules/circomlib/circuits/poseidon.circom";
include "../node_modules/circomlib/circuits/comparators.circom";
include "../node_modules/circomlib/circuits/eddsaposeidon.circom";

/// @title CreditScoreProof
/// @notice Proves "my credit score >= threshold" without revealing the exact score.
///         Supports personal + enterprise dual scores.
///         Oracle EdDSA signature ensures score authenticity.
///
/// Public inputs:  personalThreshold, orgThreshold, currentTimestamp, maxAge
/// Public outputs: personalScoreAboveThreshold, orgScoreAboveThreshold, freshnessValid, isValid
template CreditScoreProof() {
    // ── Private inputs ────────────────────────────────────────
    signal input personalScore;     // 0-1000
    signal input orgScore;          // 0-1000 (0 for individuals)
    signal input oracleTimestamp;   // when score was computed

    // Oracle EdDSA signature over Poseidon(personalScore, orgScore, oracleTimestamp)
    signal input oraclePubKeyAx;
    signal input oraclePubKeyAy;
    signal input oracleSigR8x;
    signal input oracleSigR8y;
    signal input oracleSigS;

    // ── Public inputs ─────────────────────────────────────────
    signal input personalThreshold;  // minimum personal score
    signal input orgThreshold;       // minimum org score (0 = skip)
    signal input currentTimestamp;   // for freshness check
    signal input maxAge;             // max seconds since oracle timestamp

    // ── Public outputs ────────────────────────────────────────
    signal output personalScoreAboveThreshold;
    signal output orgScoreAboveThreshold;
    signal output freshnessValid;
    signal output isValid;

    // ── 1. Oracle signature verification ──────────────────────
    component msgHash = Poseidon(3);
    msgHash.inputs[0] <== personalScore;
    msgHash.inputs[1] <== orgScore;
    msgHash.inputs[2] <== oracleTimestamp;

    component sigVerifier = EdDSAPoseidonVerifier();
    sigVerifier.enabled <== 1;
    sigVerifier.Ax <== oraclePubKeyAx;
    sigVerifier.Ay <== oraclePubKeyAy;
    sigVerifier.R8x <== oracleSigR8x;
    sigVerifier.R8y <== oracleSigR8y;
    sigVerifier.S <== oracleSigS;
    sigVerifier.M <== msgHash.out;

    // ── 2. Personal score threshold ───────────────────────────
    component pCheck = GreaterEqThan(16);
    pCheck.in[0] <== personalScore;
    pCheck.in[1] <== personalThreshold;
    personalScoreAboveThreshold <== pCheck.out;

    // ── 3. Org score threshold (skip if orgThreshold == 0) ────
    component oCheck = GreaterEqThan(16);
    oCheck.in[0] <== orgScore;
    oCheck.in[1] <== orgThreshold;

    component skipOrg = IsZero();
    skipOrg.in <== orgThreshold;

    orgScoreAboveThreshold <== skipOrg.out + (1 - skipOrg.out) * oCheck.out;

    // ── 4. Freshness check ────────────────────────────────────
    component freshCheck = LessEqThan(64);
    freshCheck.in[0] <== currentTimestamp - oracleTimestamp;
    freshCheck.in[1] <== maxAge;
    freshnessValid <== freshCheck.out;

    // ── 5. Score range validation (0-1000) ────────────────────
    component pRange = LessEqThan(16);
    pRange.in[0] <== personalScore;
    pRange.in[1] <== 1000;

    component oRange = LessEqThan(16);
    oRange.in[0] <== orgScore;
    oRange.in[1] <== 1000;

    // ── 6. Overall validity ───────────────────────────────────
    isValid <== personalScoreAboveThreshold * orgScoreAboveThreshold
              * freshnessValid * pRange.out * oRange.out;
}

component main {public [personalThreshold, orgThreshold, currentTimestamp, maxAge]} = CreditScoreProof();

Step 2: Write the test

Create baby-modules/did-circuits/test/credit_score.test.js:

const path = require("path");
const { expect } = require("chai");
const circom_tester = require("circom_tester");
const { buildPoseidon, buildEddsa } = require("circomlibjs");

describe("CreditScoreProof", function () {
    this.timeout(120000);

    let circuit;
    let poseidon;
    let eddsa;
    let F;

    before(async () => {
        circuit = await circom_tester.wasm(
            path.join(__dirname, "../circuits/credit_score.circom"),
            { include: [path.join(__dirname, "../node_modules")] }
        );
        poseidon = await buildPoseidon();
        eddsa = await buildEddsa();
        F = poseidon.F;
    });

    const oraclePrivKey = Buffer.from(
        "0203040506070809000102030405060708090001020304050607080900010203",
        "hex"
    );

    function signScores(personalScore, orgScore, timestamp) {
        const msgHash = poseidon([
            BigInt(personalScore),
            BigInt(orgScore),
            BigInt(timestamp),
        ]);
        const sig = eddsa.signPoseidon(oraclePrivKey, msgHash);
        const pubKey = eddsa.prv2pub(oraclePrivKey);
        return {
            oraclePubKeyAx: F.toObject(pubKey[0]),
            oraclePubKeyAy: F.toObject(pubKey[1]),
            oracleSigR8x: F.toObject(sig.R8[0]),
            oracleSigR8y: F.toObject(sig.R8[1]),
            oracleSigS: sig.S,
        };
    }

    function buildInput(overrides = {}) {
        const personalScore = overrides.personalScore ?? 750n;
        const orgScore = overrides.orgScore ?? 0n;
        const oracleTimestamp = overrides.oracleTimestamp ?? 1709500000n;

        const sigData = signScores(personalScore, orgScore, oracleTimestamp);
        return {
            personalScore,
            orgScore,
            oracleTimestamp,
            ...sigData,
            personalThreshold: overrides.personalThreshold ?? 600n,
            orgThreshold: overrides.orgThreshold ?? 0n,
            currentTimestamp: overrides.currentTimestamp ?? 1709510000n,
            maxAge: overrides.maxAge ?? 86400n, // 24h
        };
    }

    it("should verify personal score above threshold", async () => {
        const input = buildInput();
        const witness = await circuit.calculateWitness(input);
        await circuit.checkConstraints(witness);
        await circuit.assertOut(witness, {
            personalScoreAboveThreshold: 1n,
            orgScoreAboveThreshold: 1n,  // orgThreshold=0 → skip
            freshnessValid: 1n,
            isValid: 1n,
        });
    });

    it("should reject personal score below threshold", async () => {
        const input = buildInput({
            personalScore: 500n,
            personalThreshold: 600n,
        });
        const witness = await circuit.calculateWitness(input);
        await circuit.assertOut(witness, {
            personalScoreAboveThreshold: 0n,
            isValid: 0n,
        });
    });

    it("should verify dual scores (personal + org)", async () => {
        const input = buildInput({
            personalScore: 800n,
            orgScore: 700n,
            personalThreshold: 600n,
            orgThreshold: 500n,
        });
        const witness = await circuit.calculateWitness(input);
        await circuit.assertOut(witness, {
            personalScoreAboveThreshold: 1n,
            orgScoreAboveThreshold: 1n,
            isValid: 1n,
        });
    });

    it("should reject low org score", async () => {
        const input = buildInput({
            personalScore: 800n,
            orgScore: 300n,
            orgThreshold: 500n,
        });
        const witness = await circuit.calculateWitness(input);
        await circuit.assertOut(witness, {
            orgScoreAboveThreshold: 0n,
            isValid: 0n,
        });
    });

    it("should reject stale scores", async () => {
        const input = buildInput({
            oracleTimestamp: 1709400000n,  // old
            currentTimestamp: 1709510000n, // 110000 seconds later
            maxAge: 86400n,               // 24h = 86400s
        });
        const witness = await circuit.calculateWitness(input);
        await circuit.assertOut(witness, {
            freshnessValid: 0n,
            isValid: 0n,
        });
    });

    it("should reject score > 1000", async () => {
        const input = buildInput({ personalScore: 1500n });
        const witness = await circuit.calculateWitness(input);
        await circuit.assertOut(witness, { isValid: 0n });
    });

    it("should skip org check when orgThreshold=0", async () => {
        const input = buildInput({
            orgScore: 0n,
            orgThreshold: 0n,
        });
        const witness = await circuit.calculateWitness(input);
        await circuit.assertOut(witness, {
            orgScoreAboveThreshold: 1n,
            isValid: 1n,
        });
    });
});

Step 3: Compile the circuit

cd baby-modules/did-circuits
bash scripts/compile.sh

Expected: credit_score.r1cs + credit_score_js/ created.

Step 4: Run the tests

npx mocha test/credit_score.test.js --timeout 120000

Expected: All 7 tests pass.

Step 5: Commit

cd /Users/judybaby/CodeBase/github/Layer2
git add baby-modules/did-circuits/circuits/credit_score.circom \
        baby-modules/did-circuits/test/credit_score.test.js
git commit -m "feat(zk): CreditScoreProof circuit + 7 tests"

Task 4: EnterpriseIdentityProof Circuit

Files:

Create: baby-modules/did-circuits/circuits/enterprise_identity.circom
Create: baby-modules/did-circuits/test/enterprise_identity.test.js

Step 1: Write the Enterprise circuit

Create baby-modules/did-circuits/circuits/enterprise_identity.circom:

pragma circom 2.1.0;

include "../node_modules/circomlib/circuits/poseidon.circom";
include "../node_modules/circomlib/circuits/comparators.circom";
include "./lib/merkle_proof.circom";

/// @title EnterpriseIdentityProof
/// @notice Proves "I am an authorized member of a certified enterprise"
///         without revealing org internal structure.
///         Uses Poseidon Merkle tree for membership + nullifier for anti-replay.
///
/// @param LEVELS Merkle tree depth (10 supports up to 1024 members)
///
/// Public inputs:  orgMerkleRoot, minRoleLevel
/// Public outputs: isAuthorized, nullifier, operatorCommitment
template EnterpriseIdentityProof(LEVELS) {
    // ── Private inputs ────────────────────────────────────────
    signal input operatorSecret;                    // operator's private value
    signal input roleLevel;                         // operator's role level
    signal input actionNonce;                       // unique per action (anti-replay)
    signal input orgMerklePathElements[LEVELS];     // Merkle proof siblings
    signal input orgMerklePathIndices[LEVELS];      // Merkle proof path (0/1)

    // ── Public inputs ─────────────────────────────────────────
    signal input orgMerkleRoot;                     // enterprise member tree root
    signal input minRoleLevel;                      // minimum required role level

    // ── Public outputs ────────────────────────────────────────
    signal output isAuthorized;
    signal output nullifier;            // prevents double-use
    signal output operatorCommitment;   // Poseidon(secret, roleLevel)

    // ── 1. Compute operator commitment (leaf hash) ────────────
    component leafHasher = Poseidon(2);
    leafHasher.inputs[0] <== operatorSecret;
    leafHasher.inputs[1] <== roleLevel;
    operatorCommitment <== leafHasher.out;

    // ── 2. Verify Merkle membership ───────────────────────────
    component merkle = MerkleProof(LEVELS);
    merkle.leaf <== operatorCommitment;
    for (var i = 0; i < LEVELS; i++) {
        merkle.pathElements[i] <== orgMerklePathElements[i];
        merkle.pathIndices[i] <== orgMerklePathIndices[i];
    }
    merkle.root === orgMerkleRoot;

    // ── 3. Role level check ───────────────────────────────────
    component roleCheck = GreaterEqThan(8);
    roleCheck.in[0] <== roleLevel;
    roleCheck.in[1] <== minRoleLevel;
    isAuthorized <== roleCheck.out;

    // ── 4. Nullifier (anti-replay) ────────────────────────────
    component nullifierHasher = Poseidon(2);
    nullifierHasher.inputs[0] <== operatorSecret;
    nullifierHasher.inputs[1] <== actionNonce;
    nullifier <== nullifierHasher.out;
}

component main {public [orgMerkleRoot, minRoleLevel]} = EnterpriseIdentityProof(10);

Step 2: Write the test

Create baby-modules/did-circuits/test/enterprise_identity.test.js:

const path = require("path");
const { expect } = require("chai");
const circom_tester = require("circom_tester");
const { buildPoseidon } = require("circomlibjs");

describe("EnterpriseIdentityProof", function () {
    this.timeout(120000);

    let circuit;
    let poseidon;
    let F;

    const LEVELS = 10;

    before(async () => {
        circuit = await circom_tester.wasm(
            path.join(__dirname, "../circuits/enterprise_identity.circom"),
            { include: [path.join(__dirname, "../node_modules")] }
        );
        poseidon = await buildPoseidon();
        F = poseidon.F;
    });

    function poseidonHash(inputs) {
        return F.toObject(poseidon(inputs.map(BigInt)));
    }

    // Build a simple Merkle tree from leaves
    function buildMerkleTree(leaves) {
        // Pad to 2^LEVELS with zero leaves
        const size = 2 ** LEVELS;
        const paddedLeaves = [...leaves];
        while (paddedLeaves.length < size) {
            paddedLeaves.push(0n);
        }

        let layer = paddedLeaves;
        const layers = [layer];

        while (layer.length > 1) {
            const nextLayer = [];
            for (let i = 0; i < layer.length; i += 2) {
                nextLayer.push(poseidonHash([layer[i], layer[i + 1]]));
            }
            layer = nextLayer;
            layers.push(layer);
        }

        return layers;
    }

    function getMerkleProof(layers, leafIndex) {
        const pathElements = [];
        const pathIndices = [];
        let idx = leafIndex;

        for (let i = 0; i < LEVELS; i++) {
            const siblingIdx = idx % 2 === 0 ? idx + 1 : idx - 1;
            pathElements.push(layers[i][siblingIdx]);
            pathIndices.push(BigInt(idx % 2));
            idx = Math.floor(idx / 2);
        }

        return { pathElements, pathIndices };
    }

    it("should verify authorized enterprise member", async () => {
        const operatorSecret = 12345n;
        const roleLevel = 3n;

        // Compute leaf
        const leaf = poseidonHash([operatorSecret, roleLevel]);

        // Build tree with this member
        const leaves = [leaf, poseidonHash([99999n, 1n]), poseidonHash([88888n, 2n])];
        const layers = buildMerkleTree(leaves);
        const root = layers[layers.length - 1][0];
        const proof = getMerkleProof(layers, 0);

        const input = {
            operatorSecret,
            roleLevel,
            actionNonce: 1n,
            orgMerklePathElements: proof.pathElements,
            orgMerklePathIndices: proof.pathIndices,
            orgMerkleRoot: root,
            minRoleLevel: 2n,
        };

        const witness = await circuit.calculateWitness(input);
        await circuit.checkConstraints(witness);
        await circuit.assertOut(witness, {
            isAuthorized: 1n,
            operatorCommitment: leaf,
        });
    });

    it("should reject insufficient role level", async () => {
        const operatorSecret = 12345n;
        const roleLevel = 1n; // too low

        const leaf = poseidonHash([operatorSecret, roleLevel]);
        const layers = buildMerkleTree([leaf]);
        const root = layers[layers.length - 1][0];
        const proof = getMerkleProof(layers, 0);

        const input = {
            operatorSecret,
            roleLevel,
            actionNonce: 1n,
            orgMerklePathElements: proof.pathElements,
            orgMerklePathIndices: proof.pathIndices,
            orgMerkleRoot: root,
            minRoleLevel: 3n,
        };

        const witness = await circuit.calculateWitness(input);
        await circuit.assertOut(witness, { isAuthorized: 0n });
    });

    it("should reject non-member (wrong Merkle root)", async () => {
        const operatorSecret = 12345n;
        const roleLevel = 3n;
        const leaf = poseidonHash([operatorSecret, roleLevel]);

        // Build tree WITHOUT this member
        const otherLeaves = [poseidonHash([99999n, 1n])];
        const layers = buildMerkleTree(otherLeaves);
        const wrongRoot = layers[layers.length - 1][0];

        // Build proof for member's own tree
        const memberLayers = buildMerkleTree([leaf]);
        const proof = getMerkleProof(memberLayers, 0);

        const input = {
            operatorSecret,
            roleLevel,
            actionNonce: 1n,
            orgMerklePathElements: proof.pathElements,
            orgMerklePathIndices: proof.pathIndices,
            orgMerkleRoot: wrongRoot, // doesn't match proof
            minRoleLevel: 1n,
        };

        try {
            await circuit.calculateWitness(input);
            expect.fail("should have thrown");
        } catch (e) {
            expect(e.message).to.include("Assert");
        }
    });

    it("should produce different nullifiers for different nonces", async () => {
        const operatorSecret = 12345n;
        const roleLevel = 3n;
        const leaf = poseidonHash([operatorSecret, roleLevel]);
        const layers = buildMerkleTree([leaf]);
        const root = layers[layers.length - 1][0];
        const proof = getMerkleProof(layers, 0);

        const base = {
            operatorSecret,
            roleLevel,
            orgMerklePathElements: proof.pathElements,
            orgMerklePathIndices: proof.pathIndices,
            orgMerkleRoot: root,
            minRoleLevel: 1n,
        };

        const w1 = await circuit.calculateWitness({ ...base, actionNonce: 1n });
        const w2 = await circuit.calculateWitness({ ...base, actionNonce: 2n });

        // nullifier is output index 1 (after isAuthorized at index 0)
        // Get nullifier from witness — output signals start after 1 (the "1" signal)
        const nullifier1 = poseidonHash([operatorSecret, 1n]);
        const nullifier2 = poseidonHash([operatorSecret, 2n]);
        expect(nullifier1).to.not.equal(nullifier2);
    });

    it("should verify member at non-zero index", async () => {
        const op1 = { secret: 11111n, role: 2n };
        const op2 = { secret: 22222n, role: 3n };
        const op3 = { secret: 33333n, role: 1n };

        const leaves = [
            poseidonHash([op1.secret, op1.role]),
            poseidonHash([op2.secret, op2.role]),
            poseidonHash([op3.secret, op3.role]),
        ];
        const layers = buildMerkleTree(leaves);
        const root = layers[layers.length - 1][0];

        // Prove membership for operator 2 (index 1)
        const proof = getMerkleProof(layers, 1);

        const input = {
            operatorSecret: op2.secret,
            roleLevel: op2.role,
            actionNonce: 42n,
            orgMerklePathElements: proof.pathElements,
            orgMerklePathIndices: proof.pathIndices,
            orgMerkleRoot: root,
            minRoleLevel: 2n,
        };

        const witness = await circuit.calculateWitness(input);
        await circuit.checkConstraints(witness);
        await circuit.assertOut(witness, { isAuthorized: 1n });
    });
});

Step 3: Compile the circuit

cd baby-modules/did-circuits
bash scripts/compile.sh

Expected: enterprise_identity.r1cs + enterprise_identity_js/ created.

Step 4: Run the tests

npx mocha test/enterprise_identity.test.js --timeout 120000

Expected: All 5 tests pass.

Step 5: Run all circuit tests together

npx mocha test/**/*.test.js --timeout 120000

Expected: All 20 tests pass (8 KYC + 7 Credit + 5 Enterprise).

Step 6: Commit

cd /Users/judybaby/CodeBase/github/Layer2
git add baby-modules/did-circuits/circuits/enterprise_identity.circom \
        baby-modules/did-circuits/test/enterprise_identity.test.js
git commit -m "feat(zk): EnterpriseIdentityProof circuit + 5 tests"

Task 5: Trusted Setup + Verifier Contract Generation

Files:

Generated: baby-modules/did-circuits/contracts/KycComplianceVerifier.sol
Generated: baby-modules/did-circuits/contracts/CreditScoreVerifier.sol
Generated: baby-modules/did-circuits/contracts/EnterpriseIdentityVerifier.sol
Create: contracts/src/did/IGroth16Verifier.sol

Step 1: Run trusted setup for all circuits

cd baby-modules/did-circuits
bash scripts/setup.sh

Expected: For each circuit, creates *_final.zkey, *_vkey.json, and Solidity verifier. This takes 2-5 minutes.

Step 2: Verify generated verifier contracts compile

Check that the generated Solidity files exist:

ls -la baby-modules/did-circuits/contracts/

Expected: Three .sol files.

Step 3: Create IGroth16Verifier interface

Create contracts/src/did/IGroth16Verifier.sol:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.26;

/// @title IGroth16Verifier — common interface for snarkjs-generated Groth16 verifiers.
/// @dev Each circuit has its own verifier contract generated by snarkjs.
///      IdentityVerifier dispatches to the correct verifier by circuitType.
interface IGroth16Verifier {
    /// @notice Verify a Groth16 proof.
    /// @param _pA Proof point A (G1).
    /// @param _pB Proof point B (G2).
    /// @param _pC Proof point C (G1).
    /// @param _pubSignals Public signals (circuit-specific length).
    /// @return True if the proof is valid.
    function verifyProof(
        uint256[2] calldata _pA,
        uint256[2][2] calldata _pB,
        uint256[2] calldata _pC,
        uint256[] calldata _pubSignals
    ) external view returns (bool);
}

Step 4: Generate a full proof to verify the pipeline works

cd baby-modules/did-circuits

# Generate a witness for KYC circuit (using test input)
node -e "
const { buildPoseidon, buildEddsa } = require('circomlibjs');
(async () => {
    const poseidon = await buildPoseidon();
    const eddsa = await buildEddsa();
    const F = poseidon.F;

    const privKey = Buffer.from('0001020304050607080900010203040506070809000102030405060708090001', 'hex');
    const cred = {
        nameHash: F.toObject(poseidon([BigInt('123456789')])),
        nationality: '86', birthDate: '631152000', kycLevel: '3',
        orgType: '0', orgLicenseHash: '0', orgComplianceLevel: '0', employeeRole: '0'
    };
    const hash = poseidon([BigInt(cred.nameHash), 86n, 631152000n, 3n, 0n, 0n, 0n, 0n]);
    const credHash = F.toObject(hash);
    const sig = eddsa.signPoseidon(privKey, hash);
    const pub = eddsa.prv2pub(privKey);

    const input = {
        ...cred,
        issuerPubKeyAx: F.toObject(pub[0]).toString(),
        issuerPubKeyAy: F.toObject(pub[1]).toString(),
        issuerSigR8x: F.toObject(sig.R8[0]).toString(),
        issuerSigR8y: F.toObject(sig.R8[1]).toString(),
        issuerSigS: sig.S.toString(),
        credentialHash: credHash.toString(),
        currentTimestamp: '1709510400',
        requiredKycLevel: '2',
        requiredOrgLevel: '0'
    };
    console.log(JSON.stringify(input, null, 2));
})();
" > input/kyc_input.json

# Generate witness
node build/kyc_compliance_js/generate_witness.js \
    build/kyc_compliance_js/kyc_compliance.wasm \
    input/kyc_input.json \
    build/kyc_witness.wtns

# Generate proof
npx snarkjs groth16 prove \
    build/kyc_compliance_final.zkey \
    build/kyc_witness.wtns \
    build/kyc_proof.json \
    build/kyc_public.json

# Verify proof
npx snarkjs groth16 verify \
    build/kyc_compliance_vkey.json \
    build/kyc_public.json \
    build/kyc_proof.json

Expected: snarkjs: OK!

Step 5: Commit

cd /Users/judybaby/CodeBase/github/Layer2
git add contracts/src/did/IGroth16Verifier.sol \
        baby-modules/did-circuits/contracts/
git commit -m "feat(zk): trusted setup + Groth16 verifier contracts + IGroth16Verifier"

Task 6: IdentityVerifier Upgrade (ZK Verification)

Files:

Create: contracts/src/did/MockGroth16Verifier.sol
Modify: contracts/src/did/IdentityVerifierLocal.sol
Modify: contracts/test/IdentityVerifier.t.sol
Modify: era-contracts-l1/system-contracts/contracts/interfaces/IIdentityVerifier.sol
Modify: era-contracts-l1/system-contracts/contracts/IdentityVerifier.sol

Step 1: Create MockGroth16Verifier for testing

Create contracts/src/did/MockGroth16Verifier.sol:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.26;

import {IGroth16Verifier} from "./IGroth16Verifier.sol";

/// @dev Mock verifier for Foundry tests. Returns configurable results.
contract MockGroth16Verifier is IGroth16Verifier {
    bool private _shouldPass;

    constructor(bool shouldPass) {
        _shouldPass = shouldPass;
    }

    function verifyProof(
        uint256[2] calldata,
        uint256[2][2] calldata,
        uint256[2] calldata,
        uint256[] calldata
    ) external view override returns (bool) {
        return _shouldPass;
    }

    function setShouldPass(bool val) external {
        _shouldPass = val;
    }
}

Step 2: Update IdentityVerifierLocal with ZK functions

Replace contracts/src/did/IdentityVerifierLocal.sol with:

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.26;

import {IDIDRegistryLocal} from "./IDIDRegistryLocal.sol";
import {CredentialRegistryLocal} from "./CredentialRegistryLocal.sol";
import {IGroth16Verifier} from "./IGroth16Verifier.sol";

/// @dev Local Foundry-testable version of IdentityVerifier.
///      Phase 5b: adds ZK proof verification + Oracle credit score reading.
contract IdentityVerifierLocal {
    enum VerificationMode { ECDSA, ZK_PLONK }

    event ComplianceUpdated(address indexed identity, bytes32 indexed requirement, bool status);
    event TrustedIssuerAdded(address indexed issuer);
    event TrustedIssuerRemoved(address indexed issuer);
    event ZKProofVerified(address indexed identity, uint8 indexed circuitType);
    event CircuitVerifierSet(uint8 indexed circuitType, address verifier);

    IDIDRegistryLocal public didRegistry;
    CredentialRegistryLocal public credentialRegistry;
    address public oracleHub;
    address public admin;

    VerificationMode private _currentMode;
    mapping(address => bool) private _trustedIssuers;
    mapping(address => mapping(bytes32 => bool)) private _compliance;

    // Phase 5b: ZK verification
    mapping(uint8 => address) private _circuitVerifiers;
    mapping(bytes32 => bool) private _usedProofs;

    error IssuerNotTrusted(address issuer);
    error IdentityNotActive(address identity);
    error AlreadyTrustedIssuer(address issuer);
    error NotTrustedIssuer(address issuer);
    error OnlyAdmin();
    error CircuitNotRegistered(uint8 circuitType);
    error ProofAlreadyUsed(bytes32 proofHash);
    error InvalidProof();

    modifier onlyAdmin() {
        if (msg.sender != admin) revert OnlyAdmin();
        _;
    }

    constructor(address _didRegistry, address _credentialRegistry, address _admin) {
        didRegistry = IDIDRegistryLocal(_didRegistry);
        credentialRegistry = CredentialRegistryLocal(_credentialRegistry);
        admin = _admin;
    }

    // ── Existing functions (unchanged) ────────────────────────

    function verifyIdentity(address identity, bytes32 credentialType) external view returns (bool) {
        if (!didRegistry.isActive(identity)) return false;

        bytes32[] memory credIds = credentialRegistry.getCredentialsBySubject(identity);
        for (uint256 i = 0; i < credIds.length; i++) {
            if (!credentialRegistry.isCredentialValid(credIds[i])) continue;

            CredentialRegistryLocal.Credential memory cred = credentialRegistry.getCredential(credIds[i]);
            if (cred.credentialType == credentialType && _trustedIssuers[cred.issuer]) {
                return true;
            }
        }
        return false;
    }

    function checkCompliance(address identity, bytes32 requirement) external view returns (bool) {
        if (!didRegistry.isActive(identity)) return false;
        return _compliance[identity][requirement];
    }

    function setCompliance(address identity, bytes32 requirement, bool status) external {
        if (!_trustedIssuers[msg.sender]) revert IssuerNotTrusted(msg.sender);
        if (!didRegistry.isActive(identity)) revert IdentityNotActive(identity);
        _compliance[identity][requirement] = status;
        emit ComplianceUpdated(identity, requirement, status);
    }

    function addTrustedIssuer(address issuer) external onlyAdmin {
        if (_trustedIssuers[issuer]) revert AlreadyTrustedIssuer(issuer);
        _trustedIssuers[issuer] = true;
        emit TrustedIssuerAdded(issuer);
    }

    function removeTrustedIssuer(address issuer) external onlyAdmin {
        if (!_trustedIssuers[issuer]) revert NotTrustedIssuer(issuer);
        _trustedIssuers[issuer] = false;
        emit TrustedIssuerRemoved(issuer);
    }

    function isTrustedIssuer(address issuer) external view returns (bool) {
        return _trustedIssuers[issuer];
    }

    function currentMode() external view returns (VerificationMode) {
        return _currentMode;
    }

    // ── Phase 5b: ZK Verification ─────────────────────────────

    /// @notice Verify a Groth16 ZK proof and update compliance status.
    /// @param identity The identity to update compliance for.
    /// @param circuitType 0=KYC, 1=CreditScore, 2=Enterprise.
    function verifyZKProof(
        address identity,
        uint8 circuitType,
        uint256[2] calldata _pA,
        uint256[2][2] calldata _pB,
        uint256[2] calldata _pC,
        uint256[] calldata publicInputs
    ) external returns (bool) {
        // 1. Circuit must be registered
        address verifierAddr = _circuitVerifiers[circuitType];
        if (verifierAddr == address(0)) revert CircuitNotRegistered(circuitType);

        // 2. Anti-replay: proof must not have been used
        bytes32 proofHash = keccak256(abi.encode(_pA, _pB, _pC, publicInputs));
        if (_usedProofs[proofHash]) revert ProofAlreadyUsed(proofHash);

        // 3. Identity must have active DID
        if (!didRegistry.isActive(identity)) revert IdentityNotActive(identity);

        // 4. Verify the proof
        bool valid = IGroth16Verifier(verifierAddr).verifyProof(_pA, _pB, _pC, publicInputs);
        if (!valid) revert InvalidProof();

        // 5. Mark proof as used
        _usedProofs[proofHash] = true;

        // 6. Update compliance based on circuit type
        bytes32 requirement;
        if (circuitType == 0) {
            requirement = keccak256("ZK_KYC_VERIFIED");
        } else if (circuitType == 1) {
            requirement = keccak256("ZK_CREDIT_VERIFIED");
        } else if (circuitType == 2) {
            requirement = keccak256("ZK_ENTERPRISE_VERIFIED");
        }
        _compliance[identity][requirement] = true;

        emit ZKProofVerified(identity, circuitType);
        emit ComplianceUpdated(identity, requirement, true);

        return true;
    }

    /// @notice Register a Groth16 verifier contract for a circuit type.
    function setCircuitVerifier(uint8 circuitType, address verifier) external onlyAdmin {
        _circuitVerifiers[circuitType] = verifier;
        emit CircuitVerifierSet(circuitType, verifier);
    }

    /// @notice Get the verifier address for a circuit type.
    function getCircuitVerifier(uint8 circuitType) external view returns (address) {
        return _circuitVerifiers[circuitType];
    }

    // ── Phase 5b: Oracle Credit Score ─────────────────────────

    /// @notice Set OracleHub address (admin only).
    function setOracleHub(address _oracleHub) external onlyAdmin {
        oracleHub = _oracleHub;
    }

    /// @notice Read personal credit score from OracleHub.
    function getPersonalCreditScore(address identity) external view returns (uint256) {
        return _getCreditScore(identity, "CREDIT:PERSONAL:");
    }

    /// @notice Read org credit score from OracleHub.
    function getOrgCreditScore(address identity) external view returns (uint256) {
        return _getCreditScore(identity, "CREDIT:ORG:");
    }

    /// @notice Read composite credit score from OracleHub.
    function getCompositeCreditScore(address identity) external view returns (uint256) {
        return _getCreditScore(identity, "CREDIT:COMPOSITE:");
    }

    function _getCreditScore(address identity, string memory prefix) internal view returns (uint256) {
        if (oracleHub == address(0)) return 0;
        string memory symbol = string.concat(prefix, _toHexString(identity));
        // Call OracleHub.getLatestPrice(symbol) → (price, timestamp)
        (bool success, bytes memory data) = oracleHub.staticcall(
            abi.encodeWithSignature("getLatestPrice(string)", symbol)
        );
        if (!success || data.length < 64) return 0;
        (uint256 price, ) = abi.decode(data, (uint256, uint256));
        return price;
    }

    function _toHexString(address addr) internal pure returns (string memory) {
        bytes memory alphabet = "0123456789abcdef";
        bytes20 data = bytes20(addr);
        bytes memory str = new bytes(42);
        str[0] = "0";
        str[1] = "x";
        for (uint256 i = 0; i < 20; i++) {
            str[2 + i * 2] = alphabet[uint8(data[i] >> 4)];
            str[3 + i * 2] = alphabet[uint8(data[i] & 0x0f)];
        }
        return string(str);
    }
}

Step 3: Add ZK tests to IdentityVerifier.t.sol

Append to contracts/test/IdentityVerifier.t.sol — add these new test functions and imports.

Add import for MockGroth16Verifier at the top (after existing imports):

import "../src/did/MockGroth16Verifier.sol";
import "../src/oracle/OracleHub.sol";

Add new state variables (after existing ones in the contract body):

    MockGroth16Verifier public mockVerifierPass;
    MockGroth16Verifier public mockVerifierFail;

    bytes32 ZK_KYC = keccak256("ZK_KYC_VERIFIED");
    bytes32 ZK_CREDIT = keccak256("ZK_CREDIT_VERIFIED");
    bytes32 ZK_ENTERPRISE = keccak256("ZK_ENTERPRISE_VERIFIED");

Add to setUp() (after existing setup):

        mockVerifierPass = new MockGroth16Verifier(true);
        mockVerifierFail = new MockGroth16Verifier(false);

        // Register KYC verifier (circuit type 0)
        vm.prank(admin);
        verifier.setCircuitVerifier(0, address(mockVerifierPass));

Add these test functions (before the Helpers section):

    // ── ZK Proof Verification ────────────────────────────────

    function _dummyProof() internal pure returns (
        uint256[2] memory pA,
        uint256[2][2] memory pB,
        uint256[2] memory pC,
        uint256[] memory pubSignals
    ) {
        pA = [uint256(1), uint256(2)];
        pB = [[uint256(3), uint256(4)], [uint256(5), uint256(6)]];
        pC = [uint256(7), uint256(8)];
        pubSignals = new uint256[](4);
        pubSignals[0] = 100;
        pubSignals[1] = 200;
        pubSignals[2] = 300;
        pubSignals[3] = 400;
    }

    function test_verifyZKProof_success() public {
        (uint256[2] memory pA, uint256[2][2] memory pB, uint256[2] memory pC, uint256[] memory pub) = _dummyProof();

        verifier.verifyZKProof(subject, 0, pA, pB, pC, pub);
        assertTrue(verifier.checkCompliance(subject, ZK_KYC));
    }

    function test_verifyZKProof_emitsEvent() public {
        (uint256[2] memory pA, uint256[2][2] memory pB, uint256[2] memory pC, uint256[] memory pub) = _dummyProof();

        vm.expectEmit(true, true, false, false);
        emit IdentityVerifierLocal.ZKProofVerified(subject, 0);

        verifier.verifyZKProof(subject, 0, pA, pB, pC, pub);
    }

    function test_verifyZKProof_revert_circuitNotRegistered() public {
        (uint256[2] memory pA, uint256[2][2] memory pB, uint256[2] memory pC, uint256[] memory pub) = _dummyProof();

        vm.expectRevert(abi.encodeWithSelector(IdentityVerifierLocal.CircuitNotRegistered.selector, 99));
        verifier.verifyZKProof(subject, 99, pA, pB, pC, pub);
    }

    function test_verifyZKProof_revert_proofAlreadyUsed() public {
        (uint256[2] memory pA, uint256[2][2] memory pB, uint256[2] memory pC, uint256[] memory pub) = _dummyProof();

        verifier.verifyZKProof(subject, 0, pA, pB, pC, pub);

        // Same proof again
        bytes32 proofHash = keccak256(abi.encode(pA, pB, pC, pub));
        vm.expectRevert(abi.encodeWithSelector(IdentityVerifierLocal.ProofAlreadyUsed.selector, proofHash));
        verifier.verifyZKProof(subject, 0, pA, pB, pC, pub);
    }

    function test_verifyZKProof_revert_identityNotActive() public {
        (uint256[2] memory pA, uint256[2][2] memory pB, uint256[2] memory pC, uint256[] memory pub) = _dummyProof();

        vm.expectRevert(abi.encodeWithSelector(IdentityVerifierLocal.IdentityNotActive.selector, stranger));
        verifier.verifyZKProof(stranger, 0, pA, pB, pC, pub);
    }

    function test_verifyZKProof_revert_invalidProof() public {
        // Register a verifier that always fails
        vm.prank(admin);
        verifier.setCircuitVerifier(1, address(mockVerifierFail));

        (uint256[2] memory pA, uint256[2][2] memory pB, uint256[2] memory pC, uint256[] memory pub) = _dummyProof();

        vm.expectRevert(IdentityVerifierLocal.InvalidProof.selector);
        verifier.verifyZKProof(subject, 1, pA, pB, pC, pub);
    }

    function test_verifyZKProof_creditCircuit_setsCompliance() public {
        vm.prank(admin);
        verifier.setCircuitVerifier(1, address(mockVerifierPass));

        // Use different proof data to avoid replay
        uint256[2] memory pA = [uint256(10), uint256(20)];
        uint256[2][2] memory pB = [[uint256(30), uint256(40)], [uint256(50), uint256(60)]];
        uint256[2] memory pC = [uint256(70), uint256(80)];
        uint256[] memory pub = new uint256[](4);
        pub[0] = 1; pub[1] = 1; pub[2] = 1; pub[3] = 1;

        verifier.verifyZKProof(subject, 1, pA, pB, pC, pub);
        assertTrue(verifier.checkCompliance(subject, ZK_CREDIT));
    }

    function test_verifyZKProof_enterpriseCircuit_setsCompliance() public {
        vm.prank(admin);
        verifier.setCircuitVerifier(2, address(mockVerifierPass));

        uint256[2] memory pA = [uint256(11), uint256(22)];
        uint256[2][2] memory pB = [[uint256(33), uint256(44)], [uint256(55), uint256(66)]];
        uint256[2] memory pC = [uint256(77), uint256(88)];
        uint256[] memory pub = new uint256[](3);
        pub[0] = 1; pub[1] = 2; pub[2] = 3;

        verifier.verifyZKProof(subject, 2, pA, pB, pC, pub);
        assertTrue(verifier.checkCompliance(subject, ZK_ENTERPRISE));
    }

    // ── setCircuitVerifier ───────────────────────────────────

    function test_setCircuitVerifier_success() public {
        vm.prank(admin);
        verifier.setCircuitVerifier(1, address(mockVerifierPass));
        assertEq(verifier.getCircuitVerifier(1), address(mockVerifierPass));
    }

    function test_setCircuitVerifier_emitsEvent() public {
        vm.expectEmit(true, false, false, true);
        emit IdentityVerifierLocal.CircuitVerifierSet(1, address(mockVerifierPass));

        vm.prank(admin);
        verifier.setCircuitVerifier(1, address(mockVerifierPass));
    }

    function test_setCircuitVerifier_revert_notAdmin() public {
        vm.expectRevert(IdentityVerifierLocal.OnlyAdmin.selector);
        vm.prank(stranger);
        verifier.setCircuitVerifier(1, address(mockVerifierPass));
    }

    function test_getCircuitVerifier_returnsZeroIfNotSet() public view {
        assertEq(verifier.getCircuitVerifier(99), address(0));
    }

Step 4: Run the tests

cd /Users/judybaby/CodeBase/github/Layer2/contracts
forge test --match-contract IdentityVerifierTest -vvv

Expected: All 19 existing + 12 new = 31 tests pass.

Step 5: Update IIdentityVerifier system contract interface

Modify era-contracts-l1/system-contracts/contracts/interfaces/IIdentityVerifier.sol — add new events and functions:

After the existing events, add:

    event ZKProofVerified(address indexed identity, uint8 indexed circuitType);
    event CircuitVerifierSet(uint8 indexed circuitType, address verifier);

After currentMode(), add:

    // ── ZK Verification (Phase 5b) ───────────────────────────
    function verifyZKProof(
        address identity,
        uint8 circuitType,
        uint256[2] calldata _pA,
        uint256[2][2] calldata _pB,
        uint256[2] calldata _pC,
        uint256[] calldata publicInputs
    ) external returns (bool);

    function setCircuitVerifier(uint8 circuitType, address verifier) external;
    function getCircuitVerifier(uint8 circuitType) external view returns (address);

    // ── Oracle Credit Score (Phase 5b) ────────────────────────
    function getPersonalCreditScore(address identity) external view returns (uint256);
    function getOrgCreditScore(address identity) external view returns (uint256);
    function getCompositeCreditScore(address identity) external view returns (uint256);

Step 6: Update IdentityVerifier system contract

Modify era-contracts-l1/system-contracts/contracts/IdentityVerifier.sol:

Add import after existing imports:

import {ORACLE_HUB_SYSTEM_CONTRACT} from "./Constants.sol";

Add storage after _compliance:

    mapping(uint8 => address) private _circuitVerifiers;
    mapping(bytes32 => bool) private _usedProofs;

Add errors after existing errors:

    error CircuitNotRegistered(uint8 circuitType);
    error ProofAlreadyUsed(bytes32 proofHash);
    error InvalidProof();

Add ZK verification function (after checkCompliance):

    /// @notice Verify a Groth16 ZK proof and update compliance status.
    function verifyZKProof(
        address identity,
        uint8 circuitType,
        uint256[2] calldata _pA,
        uint256[2][2] calldata _pB,
        uint256[2] calldata _pC,
        uint256[] calldata publicInputs
    ) external override returns (bool) {
        address verifierAddr = _circuitVerifiers[circuitType];
        if (verifierAddr == address(0)) revert CircuitNotRegistered(circuitType);

        bytes32 proofHash = keccak256(abi.encode(_pA, _pB, _pC, publicInputs));
        if (_usedProofs[proofHash]) revert ProofAlreadyUsed(proofHash);

        if (!_didRegistry().isActive(identity)) revert IdentityNotActive(identity);

        // Verify via registered Groth16Verifier
        (bool success, bytes memory result) = verifierAddr.staticcall(
            abi.encodeWithSignature(
                "verifyProof(uint256[2],uint256[2][2],uint256[2],uint256[])",
                _pA, _pB, _pC, publicInputs
            )
        );
        if (!success || (result.length >= 32 && !abi.decode(result, (bool)))) revert InvalidProof();

        _usedProofs[proofHash] = true;

        bytes32 requirement;
        if (circuitType == 0) requirement = keccak256("ZK_KYC_VERIFIED");
        else if (circuitType == 1) requirement = keccak256("ZK_CREDIT_VERIFIED");
        else if (circuitType == 2) requirement = keccak256("ZK_ENTERPRISE_VERIFIED");

        _compliance[identity][requirement] = true;

        emit ZKProofVerified(identity, circuitType);
        emit ComplianceUpdated(identity, requirement, true);

        return true;
    }

Add admin functions (in the Admin section):

    /// @notice Register a Groth16 verifier for a circuit type.
    function setCircuitVerifier(uint8 circuitType, address verifier) external override onlyCallFromBootloader {
        _circuitVerifiers[circuitType] = verifier;
        emit CircuitVerifierSet(circuitType, verifier);
    }

    /// @notice Get the verifier address for a circuit type.
    function getCircuitVerifier(uint8 circuitType) external view override returns (address) {
        return _circuitVerifiers[circuitType];
    }

Add credit score functions (after Admin section):

    // ── Oracle Credit Score ──────────────────────────────────

    function getPersonalCreditScore(address identity) external view override returns (uint256) {
        return _getCreditScore(identity, "CREDIT:PERSONAL:");
    }

    function getOrgCreditScore(address identity) external view override returns (uint256) {
        return _getCreditScore(identity, "CREDIT:ORG:");
    }

    function getCompositeCreditScore(address identity) external view override returns (uint256) {
        return _getCreditScore(identity, "CREDIT:COMPOSITE:");
    }

    function _getCreditScore(address identity, string memory prefix) internal view returns (uint256) {
        string memory symbol = string.concat(prefix, _toHexString(identity));
        (bool success, bytes memory data) = ORACLE_HUB_SYSTEM_CONTRACT.staticcall(
            abi.encodeWithSignature("getLatestPrice(string)", symbol)
        );
        if (!success || data.length < 64) return 0;
        (uint256 price, ) = abi.decode(data, (uint256, uint256));
        return price;
    }

    function _toHexString(address addr) internal pure returns (string memory) {
        bytes memory alphabet = "0123456789abcdef";
        bytes20 data = bytes20(addr);
        bytes memory str = new bytes(42);
        str[0] = "0";
        str[1] = "x";
        for (uint256 i = 0; i < 20; i++) {
            str[2 + i * 2] = alphabet[uint8(data[i] >> 4)];
            str[3 + i * 2] = alphabet[uint8(data[i] & 0x0f)];
        }
        return string(str);
    }

Step 7: Compile system contracts

cd era-contracts-l1/system-contracts
nvm use 20
yarn preprocess:system-contracts
npx hardhat compile

Expected: Compilation succeeds. No errors.

Step 8: Full regression

cd /Users/judybaby/CodeBase/github/Layer2/contracts
forge test -vvv

Expected: All tests pass (existing 58 DID + 133 other + 12 new ZK = 203 total).

Step 9: Commit (main repo + era-contracts-l1)

Main repo:

cd /Users/judybaby/CodeBase/github/Layer2
git add contracts/src/did/MockGroth16Verifier.sol \
        contracts/src/did/IdentityVerifierLocal.sol \
        contracts/test/IdentityVerifier.t.sol
git commit -m "feat(zk): IdentityVerifier ZK proof dispatch + 12 tests"

era-contracts-l1 (separate repo):

cd /Users/judybaby/CodeBase/github/Layer2/era-contracts-l1
git add system-contracts/contracts/IdentityVerifier.sol \
        system-contracts/contracts/interfaces/IIdentityVerifier.sol
git commit -m "feat(zk): IdentityVerifier ZK proof + Oracle credit score"

Task 7: Oracle Credit Score Integration Tests

Files:

Modify: contracts/test/IdentityVerifier.t.sol

Step 1: Add Oracle credit score tests

Add these tests to contracts/test/IdentityVerifier.t.sol (before the Helpers section):

    // ── Oracle Credit Score ──────────────────────────────────

    function test_getCreditScore_personal() public {
        // Deploy OracleHub and configure
        OracleHub oracle = new OracleHub(admin);
        vm.prank(admin);
        verifier.setOracleHub(address(oracle));

        // Add credit symbol and set score
        string memory symbol = string.concat("CREDIT:PERSONAL:", _addrToHex(subject));
        vm.startPrank(admin);
        oracle.addSupportedSymbol(symbol);
        oracle.updatePrice(symbol, 750e18, 1e18, 1, bytes32(0));
        vm.stopPrank();

        uint256 score = verifier.getPersonalCreditScore(subject);
        assertEq(score, 750e18);
    }

    function test_getCreditScore_org() public {
        OracleHub oracle = new OracleHub(admin);
        vm.prank(admin);
        verifier.setOracleHub(address(oracle));

        string memory symbol = string.concat("CREDIT:ORG:", _addrToHex(subject));
        vm.startPrank(admin);
        oracle.addSupportedSymbol(symbol);
        oracle.updatePrice(symbol, 820e18, 1e18, 1, bytes32(0));
        vm.stopPrank();

        uint256 score = verifier.getOrgCreditScore(subject);
        assertEq(score, 820e18);
    }

    function test_getCreditScore_composite() public {
        OracleHub oracle = new OracleHub(admin);
        vm.prank(admin);
        verifier.setOracleHub(address(oracle));

        string memory symbol = string.concat("CREDIT:COMPOSITE:", _addrToHex(subject));
        vm.startPrank(admin);
        oracle.addSupportedSymbol(symbol);
        oracle.updatePrice(symbol, 780e18, 1e18, 1, bytes32(0));
        vm.stopPrank();

        uint256 score = verifier.getCompositeCreditScore(subject);
        assertEq(score, 780e18);
    }

    function test_getCreditScore_returnsZero_noOracleHub() public view {
        // oracleHub not set → should return 0
        assertEq(verifier.getPersonalCreditScore(subject), 0);
    }

    function test_getCreditScore_returnsZero_noSymbol() public {
        OracleHub oracle = new OracleHub(admin);
        vm.prank(admin);
        verifier.setOracleHub(address(oracle));

        // Symbol not registered → should return 0
        assertEq(verifier.getPersonalCreditScore(subject), 0);
    }

    // ── E2E: ZK Proof + Credit Score Flow ────────────────────

    function test_e2e_zkProofAndCreditScore() public {
        // 1. Subject has DID (from setUp)
        assertTrue(didRegistry.isActive(subject));

        // 2. Submit ZK KYC proof → compliance updated
        (uint256[2] memory pA, uint256[2][2] memory pB, uint256[2] memory pC, uint256[] memory pub) = _dummyProof();
        verifier.verifyZKProof(subject, 0, pA, pB, pC, pub);
        assertTrue(verifier.checkCompliance(subject, ZK_KYC));

        // 3. Credit score via Oracle
        OracleHub oracle = new OracleHub(admin);
        vm.prank(admin);
        verifier.setOracleHub(address(oracle));

        string memory symbol = string.concat("CREDIT:PERSONAL:", _addrToHex(subject));
        vm.startPrank(admin);
        oracle.addSupportedSymbol(symbol);
        oracle.updatePrice(symbol, 850e18, 1e18, 1, bytes32(0));
        vm.stopPrank();

        assertEq(verifier.getPersonalCreditScore(subject), 850e18);

        // 4. Both ZK compliance and credit score available
        assertTrue(verifier.checkCompliance(subject, ZK_KYC));
        assertGt(verifier.getPersonalCreditScore(subject), 0);
    }

Add helper function in Helpers section:

    function _addrToHex(address addr) internal pure returns (string memory) {
        bytes memory alphabet = "0123456789abcdef";
        bytes20 data = bytes20(addr);
        bytes memory str = new bytes(42);
        str[0] = "0";
        str[1] = "x";
        for (uint256 i = 0; i < 20; i++) {
            str[2 + i * 2] = alphabet[uint8(data[i] >> 4)];
            str[3 + i * 2] = alphabet[uint8(data[i] & 0x0f)];
        }
        return string(str);
    }

Step 2: Run the tests

cd /Users/judybaby/CodeBase/github/Layer2/contracts
forge test --match-contract IdentityVerifierTest -vvv

Expected: All 37 tests pass (19 original + 12 ZK + 6 Oracle).

Step 3: Full regression

forge test -vvv

Expected: All tests pass (~209 total).

Step 4: Compile system contracts

cd era-contracts-l1/system-contracts
nvm use 20
npx hardhat compile

Expected: No errors.

Step 5: Compile era-core (Rust)

cd /Users/judybaby/CodeBase/github/Layer2/era-core/core
ZKSYNC_USE_CUDA_STUBS=true cargo check

Expected: Compiles successfully (no Rust changes in Phase 5b, just verification).

Step 6: Commit

cd /Users/judybaby/CodeBase/github/Layer2
git add contracts/test/IdentityVerifier.t.sol
git commit -m "feat(zk): Oracle credit score integration + E2E test"

Step 7: Update dev-log

Append Phase 5b record to docs/dev-log.md:

### Phase 5b: ZK 身份证明 + Oracle 信用评分 (2026-03-04)

**交付物:**
- 3 个 circom 电路: KYCComplianceProof, CreditScoreProof, EnterpriseIdentityProof
- EdDSA/Poseidon 签名验证 (Baby Jubjub curve, ~5k constraints)
- Groth16 trusted setup (Powers of Tau 2^16) + Solidity Verifier 合约生成
- IdentityVerifier (0x8019) 升级: verifyZKProof() 分发 + 防重放 + compliance 自动更新
- Oracle 信用评分: getPersonalCreditScore() / getOrgCreditScore() / getCompositeCreditScore()
- IGroth16Verifier 通用接口 + MockGroth16Verifier 测试工具
- 20 circom JS 测试 + 18 Foundry Solidity 测试

**关键决策:**
- Groth16/circom 而非 boojum (Goldilocks field 不兼容 BN256, VM 专用电路)
- EdDSA (Baby Jubjub) 而非 ECDSA (~5k vs ~1.5M constraints)
- 信用评分复用 OracleHub 现有接口 (CREDIT:* symbols, 无需修改 Oracle 合约)
- 企业维度: KYC 电路支持 orgType/orgComplianceLevel, 信用电路支持双分数

**测试统计:** ~209 total (58 DID + 18 ZK + 133 existing), 20 circom JS tests

Step 8: Final commit

cd /Users/judybaby/CodeBase/github/Layer2
git add docs/dev-log.md
git commit -m "docs: Phase 5b ZK identity + Oracle credit score record"

Summary

Task

Deliverable

Tests

circom project structure + Merkle helper

KYCComplianceProof circuit

8 JS

CreditScoreProof circuit

7 JS

EnterpriseIdentityProof circuit

5 JS

Trusted setup + Verifier contracts

pipeline verification

IdentityVerifier ZK dispatch

12 Foundry

Oracle credit score integration

6 Foundry

Total

20 JS + 18 Foundry

PreviousZK 身份 + Oracle — 设计 NextL1 DIDFacet — 设计

Last updated 10 minutes ago

Good morning

hashtagTask 1: circom Environment Setup + Project Structure

hashtagTask 2: KYCComplianceProof Circuit

hashtagTask 3: CreditScoreProof Circuit

hashtagTask 4: EnterpriseIdentityProof Circuit

hashtagTask 5: Trusted Setup + Verifier Contract Generation

hashtagTask 6: IdentityVerifier Upgrade (ZK Verification)

hashtagTask 7: Oracle Credit Score Integration Tests

hashtagSummary

Task 1: circom Environment Setup + Project Structure

Task 2: KYCComplianceProof Circuit

Task 3: CreditScoreProof Circuit

Task 4: EnterpriseIdentityProof Circuit

Task 5: Trusted Setup + Verifier Contract Generation

Task 6: IdentityVerifier Upgrade (ZK Verification)

Task 7: Oracle Credit Score Integration Tests

Summary