822e1eea4d
* test: ofac updating tests * feat: add registry deployment info * chore: add gitignore for generated files * feat: add kyc documents to upgrade scripts * docs: update upgrade script readme for kyc * feat: IdentityRegistryKyc v1.1.0 deployed on Celo-sepolia Add TEE-attested OFAC root updates via updateOfacRootsWithProof - Implementation: 0x530eEA7E5b286108926B05510491560c4bAE018e - Adds updateOfacRootsWithProof() for ZK-verified OFAC root updates - New errors: InvalidRootsHash, InvalidRootsCount - New event: OfacRootsUpdatedWithProof * feat: add OFAC rolling root window to all 4 registries Add previousRoot storage variables to all identity registries so that checkOfacRoots accepts both the current and previous root for each OFAC tree. This prevents verification failures for users mid-proof when roots are updated on-chain between proof generation and on-chain verification. - Passport: 3 prev roots (passportNo, nameAndDob, nameAndYob) - KYC, ID Card, Aadhaar: 2 prev roots each (nameAndDob, nameAndYob) - KYC updateOfacRootsWithProof also rotates previous roots - Added getPrev* getter functions on all registries - Storage appended at end of each storage contract (UUPS-safe) - 17 new tests covering all registries (window=1 acceptance/rejection) * feat: deploy IdentityRegistryKyc v1.2.0 to Celo Sepolia Add rolling OFAC root window: store previous roots alongside current, accept either in checkOfacRoots for graceful mid-verification transitions. New impl: 0x6E2889Bc9baa6F53bDdf4843675155811F0AAAEd Proxy: 0x90e907E4AaB6e9bcFB94997Af4A097e8CAadBdf3 Pending Safe multisig execution for proxy upgrade. * feat: add TEE-attested OFAC root updates to Aadhaar, IdCard, and Passport registries Extend updateOfacRootsWithProof() to the remaining 3 identity registries, matching the pattern already deployed on the KYC registry (v1.1.0). - Add GCP JWT verifier, PCR0Manager, TEE address, and root CA pubkey hash storage to each registry - Add initializeOfacProof() reinitializer for upgrade path - Add onlyTEE modifier and updateOfacRootsWithProof() with Groth16 proof verification, TEE attestation validation, timestamp checks, and global roots hash commitment verification - Rolling window behavior preserved: previous roots saved before overwrite - Admin functions for updating TEE infrastructure (SECURITY_ROLE gated) - Bumps all 3 registries to v1.3.0 * refactor: simplify updateOfacRootsWithProof to use per-registry roots hash as nonce * fix: address CodeRabbit review comments on OFAC proof upgrade - Add onlyProxy + onlyRole(DEFAULT_ADMIN_ROLE) guard to initializeOfacProof() on Passport, Aadhaar, and IdCard registries to prevent front-running during the window between upgradeToAndCall and the separate initializer call - Fix checkOfacRoots() across all 4 registries to use atomic snapshot comparison instead of per-root matching — prevents accepting Frankenstein pairs like (new DOB root, old YOB root) that were never attested together - Add IdentityRegistryKycImplV1 to PoseidonT3 linking branch in prepare.ts so upgrade:prepare works correctly for KYC - Add prev* slot assertions and mixed-pair rejection test to ofacUpgradePath.test.ts Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat: add view getters, fix initializeOfacProof guard, add upgrade scripts - Add getGcpJwtVerifier() and getPcr0Manager() getters to KYC and Aadhaar - Fix initializeOfacProof guard: SECURITY_ROLE instead of DEFAULT_ADMIN_ROLE (DEFAULT_ADMIN_ROLE is never granted in governance setup) - Add Ignition upgrade scripts for KYC and Aadhaar registries - Comment out registry deploy in deployKycRegistry (verifier-only redeploy) - Update deployed_addresses.json with sepolia upgrade artifacts - Bump KYC to v1.2.1, Aadhaar to v1.3.1 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: addresses and error selectors * style: format registry contracts and upgrade scripts Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: formatting * fix: error selectors * fix: error selectors * fix: error selectors --------- Co-authored-by: Evi Nova <tranquil_flow@protonmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Monorepo for Self.
Self is an identity wallet that lets users generate privacy-preserving proofs from government-issued IDs such as passports, ID cards, and Aadhaar cards. By scanning the NFC chip in their ID document, users can prove their validity while only revealing specific attributes such as age, nationality or simply humanity. Under the hood, Self uses zk-SNARKs to make sure personal data is redacted, but the document is verified.
Use cases unlocked include:
- Airdrop protection: Protect a token distribution from bots
- Social media: Add humanity checks to user's profiles
- Quadratic funding: Prevent farmers from skewing rewards
- Wallet recovery: Safeguard assets using IDs as recovery sources
- Compliance: Check a user is not part of a sanctioned entity list
Currently, Self supports electronic passports, biometric ID cards following the ICAO standards, and Aadhaar cards. Support for new identity documents is on the way!
Checkout the docs to add Self to your project.
FAQ
Is my document supported?
Passports: Biometric passports have the biometric passport logo on their front cover.
Aadhaar: Indian Aadhaar cards are supported for privacy-preserving identity verification. Use the mAadhaar app to generate a QR code and import it into Self.
Coverage: Checkout our coverage map here to see supported documents and countries.
What can I request/prove with Self?
When a country issues a passport or a compliant ID document, they sign datagroups that include at least:
- First and last name
- Nationality
- Date of birth
- Gender
- Expiration date
- Passport number
- Photo
Applications are able to request each of those data points.
What is the signature algorithm ?
Countries use different signature algorithms to sign ID documents. Check out our coverage map to see which.
Where can I find the countries' public keys ?
The main list of public keys can be downloaded from the ICAO website. We use multiple lists published by different ICAO members.
What's the ICAO ?
The International Civil Aviation Organization (ICAO) is a specialized agency of the United Nations. Among other things, they establish the specifications for passports, that have to be followed by all countries. The full passport specs are available here.
Project Ideas
- Combine Self with other identification mechanisms as in Vitalik's pluralistic identity regime.
- Help adding support for other identity documents to Self, such as Japan's my number cards or Taiwan DID.
- Build a social network/anonymous message board for people from one specific country.
- Create a sybil-resistance tool to protect social networks against spambots.
- Build an airdrop farming protection tool.
- Allow DeFi protocols to check if the nationality of a user is included in a set of forbidden states.
- Gate an adult content website to a specific age.
- Create a petition system or a survey portal.
- Passport Wallet: use active authentication to build a wallet, a multisig or a recovery module using passport signatures
We provide bounties for new and interesting applications using Self.
Development Setup
This project requires Node.js 22.x. Use the included .nvmrc to match the version.
Run yarn install to bootstrap dependencies and husky hooks.
Gitleaks will scan staged changes on each commit via yarn gitleaks.
Development Documentation
Note: We do not accept text-only pull request changes. While we appreciate the feedback, we will not merge external pull requests that only modify markdown files or code comments (e.g., typo fixes in documentation or comments). Pull requests must include functional code changes.
For detailed development patterns and conventions, see:
- Development Patterns - React Native architecture, navigation, state management, and code organization
- Testing Guide - Jest configuration, mock patterns, testing strategies, and E2E testing
- SDK Specs - Architecture specs, implementation guides, and wave plan for the SDK refactor (WebView engine + native shells)
These guides provide comprehensive context for AI-assisted development with ChatGPT Codex, Cursor, and CodeRabbit AI.
Contributing
We are actively looking for contributors. Please check the open issues if you don't know where to start! We offer bounties for significant contributions.
Important: Please read and follow the guidelines in contribute.md when opening your pull request.
Contact us
- Discord for technical support or reporting a bug.
- Telegram's Self builder channel for technical questions about the sdk implementation.
- Telegram's Self public group for general questions and updates.
Thanks Rémi, Florent, Ayman, Justin, Seshanth, Nico and all other contributors for building Self.
Thanks Aayush, Vivek, Andy and Vitalik for contributing ideas and inspiring us to build this technology, and PSE for supporting the initial work through grants!