feat: port zero-amount proof credentials from mppx#263

[brendanjryan]

Summary

• port the zero-amount proof credential payload from wevm/mppx#263 into the Rust Tempo charge flow
• sign and verify an EIP-712 proof over the challenge ID for zero-dollar auth instead of constructing a real transaction
• cover the new payload shape in core payload parsing plus Tempo client/server tests

Details

• add PayloadType::Proof and PaymentPayload::proof(...)
• add a shared tempo::proof helper for proof signing, signer recovery, and DID source parsing
• return proof credentials for zero-amount charge requests on the Tempo client path
• require proof credentials for zero-amount charge verification on the Tempo server path
• add an /identity integration flow test for zero-amount auth and unit coverage for proof helpers

[github-actions]

⚠️ Changelog not found.

A changelog entry is required before merging. We've generated a suggested changelog based on your changes:

Preview

---
mpp: minor
---

Added zero-amount proof credential support for identity flows. Introduced a new `PayloadType::Proof` variant backed by EIP-712 typed-data signatures, a `proof` module for signing and verifying these credentials, and end-to-end handling in both the `TempoCharge` client and `ChargeMethod` server verifier.

Add changelog to commit this to your branch.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5ee5368850

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Enforce canonical DID parsing for proof sources

proof_signer_from_source only strips the did:pkh:eip155: prefix and then takes everything after the last : as the address, so it accepts arbitrary or malformed chain segments (for example did:pkh:eip155:1:0x... on a 42431 challenge, or extra-colon variants). In ChargeMethod::verify, this parsed address is used as the sole identity check for proof credentials, which means a client can present a valid signature while claiming an incorrect source DID. That breaks source identity integrity for zero-amount auth flows that rely on credential.source as a principal identifier.

Useful? React with 👍 / 👎.

[tempoxyz-bot]

👁️ Cyclops Security Review

5ee5368

🧭 Auditing · mode=normal · workers 0/3 done (3 left) · verify pending 1

Worker	Engine	Progress	Status
pr-182-w1	gemini-3.1-pro-preview	🚨 thread-1 🔍 thread-2 ·	Running
pr-182-w2	amp/deep	🔍 thread-1 · ·	Running
pr-182-w3	gpt-5.4	🔍 thread-1 · ·	Running

Findings

#	Finding	Severity	Verification	Threads
1	Infinite Free Premium Access via Zero-Amount Proof Credential Replay	Critical	⏳ Pending	audit

⚙️ Controls

• 🚀 Keep only 1 remaining iteration per worker after the current work finishes.
• 👀 Keep only 2 remaining iterations per worker after the current work finishes.
• ❤️ Let only worker 1 continue; other workers skip queued iterations.
• 😄 Let only worker 2 continue; other workers skip queued iterations.
• 🎉 End faster by skipping queued iterations and moving toward consolidation.
• 😕 Stop active workers/verifiers now and start consolidation immediately.

---

📜 7 events

🔍 pr-182-w1 iter 1/3 [audit-ripple.md]
🔍 pr-182-w2 iter 1/3 [audit-focused.md]
🔍 pr-182-w3 iter 1/3 [audit-deep-focus.md]
🚨 pr-182-w1 iter 1 — finding | Thread
🚨 Finding: Infinite Free Premium Access via Zero-Amount Proof Credential Replay (Critical) | Thread
🔍 pr-182-w1 iter 2/3 [audit-historical.md]
🔬 Verifying: Infinite Free Premium Access via Zero-Amount Proof Credential Replay | Thread