@aroha-sdk/core 1.0.0 → 1.2.0

package/dist/crypto/encryption.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Aroha Protocol — Layer 3 Encryption
+ *
+ * Implements the spec rule:
+ *   "For sensitive body fields, senders SHOULD encrypt using DIDComm v2 JWE
+ *    with the recipient's public key."
+ *
+ * Uses X25519 ECDH for key agreement + AES-256-GCM for content encryption.
+ * This is a protocol-level primitive. It does not know what is being encrypted
+ * or why — that is the application's concern.
+ */
+export interface EncryptedBody {
+    /** Algorithm identifier */
+    alg: "ECDH-ES+A256GCM";
+    /** Base64url-encoded ephemeral X25519 public key */
+    epk: string;
+    /** Base64url-encoded IV (12 bytes for AES-GCM) */
+    iv: string;
+    /** Base64url-encoded ciphertext */
+    ciphertext: string;
+    /** Base64url-encoded AES-GCM authentication tag (16 bytes) */
+    tag: string;
+}
+/**
+ * Encrypt a message body for a specific recipient.
+ *
+ * @param plaintext        The body object to encrypt (will be JSON-serialized)
+ * @param recipientPubKey  Recipient's Ed25519 public key (32 bytes).
+ *                         We convert it to X25519 for ECDH.
+ */
+export declare function encryptBody(plaintext: Record<string, unknown>, recipientPubKey: Uint8Array): Promise<EncryptedBody>;
+/**
+ * Decrypt an encrypted message body.
+ *
+ * @param encrypted     The EncryptedBody from the message
+ * @param privateKey    Recipient's Ed25519 private key (32 bytes)
+ */
+export declare function decryptBody(encrypted: EncryptedBody, privateKey: Uint8Array): Promise<Record<string, unknown>>;
+//# sourceMappingURL=encryption.d.ts.map

package/dist/crypto/encryption.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.d.ts","sourceRoot":"","sources":["../../src/crypto/encryption.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAQH,MAAM,WAAW,aAAa;IAC5B,2BAA2B;IAC3B,GAAG,EAAE,iBAAiB,CAAC;IACvB,oDAAoD;IACpD,GAAG,EAAE,MAAM,CAAC;IACZ,kDAAkD;IAClD,EAAE,EAAE,MAAM,CAAC;IACX,mCAAmC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,8DAA8D;IAC9D,GAAG,EAAE,MAAM,CAAC;CACb;AAID;;;;;;GAMG;AACH,wBAAsB,WAAW,CAC/B,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAClC,eAAe,EAAE,UAAU,GAC1B,OAAO,CAAC,aAAa,CAAC,CA0BxB;AAID;;;;;GAKG;AACH,wBAAsB,WAAW,CAC/B,SAAS,EAAE,aAAa,EACxB,UAAU,EAAE,UAAU,GACrB,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAclC"}

package/dist/crypto/encryption.js

@@ -0,0 +1,88 @@
+/**
+ * Aroha Protocol — Layer 3 Encryption
+ *
+ * Implements the spec rule:
+ *   "For sensitive body fields, senders SHOULD encrypt using DIDComm v2 JWE
+ *    with the recipient's public key."
+ *
+ * Uses X25519 ECDH for key agreement + AES-256-GCM for content encryption.
+ * This is a protocol-level primitive. It does not know what is being encrypted
+ * or why — that is the application's concern.
+ */
+import { x25519, edwardsToMontgomeryPub, edwardsToMontgomeryPriv } from "@noble/curves/ed25519";
+import { randomBytes, concatBytes } from "@noble/hashes/utils";
+import { sha256 } from "@noble/hashes/sha256";
+// ─── Encrypt ──────────────────────────────────────────────────────────────────
+/**
+ * Encrypt a message body for a specific recipient.
+ *
+ * @param plaintext        The body object to encrypt (will be JSON-serialized)
+ * @param recipientPubKey  Recipient's Ed25519 public key (32 bytes).
+ *                         We convert it to X25519 for ECDH.
+ */
+export async function encryptBody(plaintext, recipientPubKey) {
+    // Convert Ed25519 pubkey to X25519 for key exchange
+    const recipientX25519 = ed25519PubKeyToX25519(recipientPubKey);
+    // Generate ephemeral X25519 keypair
+    const ephemeralPriv = x25519.utils.randomPrivateKey();
+    const ephemeralPub = x25519.getPublicKey(ephemeralPriv);
+    // ECDH shared secret
+    const sharedSecret = x25519.getSharedSecret(ephemeralPriv, recipientX25519);
+    // Derive AES-256-GCM key from shared secret via SHA-256
+    const aesKey = sha256(sharedSecret);
+    // Encrypt with AES-256-GCM
+    const iv = randomBytes(12);
+    const plaintextBytes = new TextEncoder().encode(JSON.stringify(plaintext));
+    const { ciphertext, tag } = await aesGcmEncrypt(aesKey, iv, plaintextBytes);
+    return {
+        alg: "ECDH-ES+A256GCM",
+        epk: Buffer.from(ephemeralPub).toString("base64url"),
+        iv: Buffer.from(iv).toString("base64url"),
+        ciphertext: Buffer.from(ciphertext).toString("base64url"),
+        tag: Buffer.from(tag).toString("base64url"),
+    };
+}
+// ─── Decrypt ──────────────────────────────────────────────────────────────────
+/**
+ * Decrypt an encrypted message body.
+ *
+ * @param encrypted     The EncryptedBody from the message
+ * @param privateKey    Recipient's Ed25519 private key (32 bytes)
+ */
+export async function decryptBody(encrypted, privateKey) {
+    // Convert Ed25519 private key to X25519
+    const x25519Priv = ed25519PrivKeyToX25519(privateKey);
+    const ephemeralPub = Buffer.from(encrypted.epk, "base64url");
+    const sharedSecret = x25519.getSharedSecret(x25519Priv, ephemeralPub);
+    const aesKey = sha256(sharedSecret);
+    const iv = Buffer.from(encrypted.iv, "base64url");
+    const ciphertext = Buffer.from(encrypted.ciphertext, "base64url");
+    const tag = Buffer.from(encrypted.tag, "base64url");
+    const plaintext = await aesGcmDecrypt(aesKey, iv, ciphertext, tag);
+    return JSON.parse(new TextDecoder().decode(plaintext));
+}
+// ─── Key Conversion ───────────────────────────────────────────────────────────
+// Ed25519 keys can be converted to X25519 (Curve25519) via the birational map
+// between the two curve models. @noble/curves implements the correct conversion.
+function ed25519PubKeyToX25519(edPub) {
+    return edwardsToMontgomeryPub(edPub);
+}
+function ed25519PrivKeyToX25519(edPriv) {
+    return edwardsToMontgomeryPriv(edPriv);
+}
+// ─── AES-256-GCM (Web Crypto API) ────────────────────────────────────────────
+async function aesGcmEncrypt(key, iv, plaintext) {
+    const cryptoKey = await crypto.subtle.importKey("raw", key, { name: "AES-GCM" }, false, ["encrypt"]);
+    const encrypted = await crypto.subtle.encrypt({ name: "AES-GCM", iv, tagLength: 128 }, cryptoKey, plaintext);
+    const buf = new Uint8Array(encrypted);
+    const ciphertext = buf.slice(0, buf.length - 16);
+    const tag = buf.slice(buf.length - 16);
+    return { ciphertext, tag };
+}
+async function aesGcmDecrypt(key, iv, ciphertext, tag) {
+    const cryptoKey = await crypto.subtle.importKey("raw", key, { name: "AES-GCM" }, false, ["decrypt"]);
+    const combined = concatBytes(ciphertext, tag);
+    const decrypted = await crypto.subtle.decrypt({ name: "AES-GCM", iv, tagLength: 128 }, cryptoKey, combined);
+    return new Uint8Array(decrypted);
+}
+//# sourceMappingURL=encryption.js.map

package/dist/crypto/encryption.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encryption.js","sourceRoot":"","sources":["../../src/crypto/encryption.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,MAAM,EAAE,sBAAsB,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AAChG,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAiB9C,iFAAiF;AAEjF;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,SAAkC,EAClC,eAA2B;IAE3B,oDAAoD;IACpD,MAAM,eAAe,GAAG,qBAAqB,CAAC,eAAe,CAAC,CAAC;IAE/D,oCAAoC;IACpC,MAAM,aAAa,GAAG,MAAM,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;IAExD,qBAAqB;IACrB,MAAM,YAAY,GAAG,MAAM,CAAC,eAAe,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;IAE5E,wDAAwD;IACxD,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;IAEpC,2BAA2B;IAC3B,MAAM,EAAE,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC;IAC3B,MAAM,cAAc,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC;IAC3E,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,EAAE,EAAE,cAAc,CAAC,CAAC;IAE5E,OAAO;QACL,GAAG,EAAE,iBAAiB;QACtB,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;QACpD,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;QACzC,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;QACzD,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;KAC5C,CAAC;AACJ,CAAC;AAED,iFAAiF;AAEjF;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,SAAwB,EACxB,UAAsB;IAEtB,wCAAwC;IACxC,MAAM,UAAU,GAAG,sBAAsB,CAAC,UAAU,CAAC,CAAC;IAEtD,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAC7D,MAAM,YAAY,GAAG,MAAM,CAAC,eAAe,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;IAEpC,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,WAAW,CAAC,CAAC;IAClD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAClE,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;IAEpD,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IACnE,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,iFAAiF;AACjF,8EAA8E;AAC9E,iFAAiF;AAEjF,SAAS,qBAAqB,CAAC,KAAiB;IAC9C,OAAO,sBAAsB,CAAC,KAAK,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,sBAAsB,CAAC,MAAkB;IAChD,OAAO,uBAAuB,CAAC,MAAM,CAAC,CAAC;AACzC,CAAC;AAED,gFAAgF;AAEhF,KAAK,UAAU,aAAa,CAC1B,GAAe,EACf,EAAc,EACd,SAAqB;IAErB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,KAAK,EACL,GAAG,EACH,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;IAEF,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC3C,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,EACvC,SAAS,EACT,SAAS,CACV,CAAC;IAEF,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;IACtC,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACjD,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC;IACvC,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;AAC7B,CAAC;AAED,KAAK,UAAU,aAAa,CAC1B,GAAe,EACf,EAAc,EACd,UAAsB,EACtB,GAAe;IAEf,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAC7C,KAAK,EACL,GAAG,EACH,EAAE,IAAI,EAAE,SAAS,EAAE,EACnB,KAAK,EACL,CAAC,SAAS,CAAC,CACZ,CAAC;IAEF,MAAM,QAAQ,GAAG,WAAW,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAC3C,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,EAAE,EACvC,SAAS,EACT,QAAQ,CACT,CAAC;IAEF,OAAO,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC;AACnC,CAAC"}

package/dist/crypto/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./signing.js";
+export * from "./encryption.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/crypto/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAC7B,cAAc,iBAAiB,CAAC"}

package/dist/crypto/index.js

@@ -0,0 +1,3 @@
+export * from "./signing.js";
+export * from "./encryption.js";
+//# sourceMappingURL=index.js.map

package/dist/crypto/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAC7B,cAAc,iBAAiB,CAAC"}

package/dist/crypto/signing.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Aroha Protocol — Layer 3 Signing
+ *
+ * Implements the signing rule from the spec:
+ *   "The proof.proofValue MUST be the Ed25519 signature over the canonical
+ *    JSON of the message with the proof field omitted, keys sorted
+ *    lexicographically."
+ *
+ * This module is pure protocol infrastructure. It knows nothing about
+ * what the message body contains or what the agent does with it.
+ */
+export interface MessageProof {
+    type: "Ed25519Signature2020";
+    created: string;
+    verificationMethod: string;
+    proofPurpose: "authentication";
+    proofValue: string;
+}
+/**
+ * Sign a Aroha message.
+ * Returns a proof object to embed in the message envelope.
+ *
+ * @param message           Full message object (proof field will be excluded before signing)
+ * @param privateKey        Ed25519 private key (32 bytes)
+ * @param verificationMethodId  e.g. "did:aroha:my-agent#key-1"
+ */
+export declare function signMessage(message: Record<string, unknown>, privateKey: Uint8Array, verificationMethodId: string): Promise<MessageProof>;
+/**
+ * Verify a Aroha message signature.
+ *
+ * @param message    Full message object including the proof field
+ * @param publicKey  Ed25519 public key (32 bytes) of the claimed sender
+ * @returns          true if signature is valid, false otherwise
+ */
+export declare function verifyMessageSignature(message: Record<string, unknown>, publicKey: Uint8Array): Promise<boolean>;
+/**
+ * Produce the canonical JSON string of a message for signing/verification.
+ *
+ * Per spec: exclude the "proof" field, sort all keys lexicographically
+ * at every level of nesting.
+ */
+export declare function canonicalizeMessage(message: Record<string, unknown>): string;
+//# sourceMappingURL=signing.d.ts.map

package/dist/crypto/signing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signing.d.ts","sourceRoot":"","sources":["../../src/crypto/signing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AASH,MAAM,WAAW,YAAY;IAC3B,IAAI,EAAE,sBAAsB,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,gBAAgB,CAAC;IAC/B,UAAU,EAAE,MAAM,CAAC;CACpB;AAID;;;;;;;GAOG;AACH,wBAAsB,WAAW,CAC/B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,UAAU,EAAE,UAAU,EACtB,oBAAoB,EAAE,MAAM,GAC3B,OAAO,CAAC,YAAY,CAAC,CAYvB;AAED;;;;;;GAMG;AACH,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAChC,SAAS,EAAE,UAAU,GACpB,OAAO,CAAC,OAAO,CAAC,CAalB;AAID;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAG5E"}

package/dist/crypto/signing.js

@@ -0,0 +1,80 @@
+/**
+ * Aroha Protocol — Layer 3 Signing
+ *
+ * Implements the signing rule from the spec:
+ *   "The proof.proofValue MUST be the Ed25519 signature over the canonical
+ *    JSON of the message with the proof field omitted, keys sorted
+ *    lexicographically."
+ *
+ * This module is pure protocol infrastructure. It knows nothing about
+ * what the message body contains or what the agent does with it.
+ */
+import * as ed from "@noble/ed25519";
+import { sha512 } from "@noble/hashes/sha512";
+ed.etc.sha512Sync = (...m) => sha512(...m);
+// ─── Signing ──────────────────────────────────────────────────────────────────
+/**
+ * Sign a Aroha message.
+ * Returns a proof object to embed in the message envelope.
+ *
+ * @param message           Full message object (proof field will be excluded before signing)
+ * @param privateKey        Ed25519 private key (32 bytes)
+ * @param verificationMethodId  e.g. "did:aroha:my-agent#key-1"
+ */
+export async function signMessage(message, privateKey, verificationMethodId) {
+    const canonical = canonicalizeMessage(message);
+    const bytes = new TextEncoder().encode(canonical);
+    const signature = await ed.signAsync(bytes, privateKey);
+    return {
+        type: "Ed25519Signature2020",
+        created: new Date().toISOString(),
+        verificationMethod: verificationMethodId,
+        proofPurpose: "authentication",
+        proofValue: Buffer.from(signature).toString("base64url"),
+    };
+}
+/**
+ * Verify a Aroha message signature.
+ *
+ * @param message    Full message object including the proof field
+ * @param publicKey  Ed25519 public key (32 bytes) of the claimed sender
+ * @returns          true if signature is valid, false otherwise
+ */
+export async function verifyMessageSignature(message, publicKey) {
+    const proof = message.proof;
+    if (!proof?.proofValue)
+        return false;
+    const canonical = canonicalizeMessage(message); // excludes proof
+    const bytes = new TextEncoder().encode(canonical);
+    try {
+        const signature = Buffer.from(proof.proofValue, "base64url");
+        return await ed.verifyAsync(signature, bytes, publicKey);
+    }
+    catch {
+        return false;
+    }
+}
+// ─── Canonicalization ─────────────────────────────────────────────────────────
+/**
+ * Produce the canonical JSON string of a message for signing/verification.
+ *
+ * Per spec: exclude the "proof" field, sort all keys lexicographically
+ * at every level of nesting.
+ */
+export function canonicalizeMessage(message) {
+    const { proof: _excluded, ...rest } = message;
+    return JSON.stringify(sortKeysDeep(rest));
+}
+function sortKeysDeep(value) {
+    if (Array.isArray(value))
+        return value.map(sortKeysDeep);
+    if (value !== null && typeof value === "object") {
+        const sorted = {};
+        for (const key of Object.keys(value).sort()) {
+            sorted[key] = sortKeysDeep(value[key]);
+        }
+        return sorted;
+    }
+    return value;
+}
+//# sourceMappingURL=signing.js.map

package/dist/crypto/signing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signing.js","sourceRoot":"","sources":["../../src/crypto/signing.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAE9C,EAAE,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAA4B,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AAYtE,iFAAiF;AAEjF;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,OAAgC,EAChC,UAAsB,EACtB,oBAA4B;IAE5B,MAAM,SAAS,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAC/C,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;IAExD,OAAO;QACL,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACjC,kBAAkB,EAAE,oBAAoB;QACxC,YAAY,EAAE,gBAAgB;QAC9B,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC;KACzD,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,OAAgC,EAChC,SAAqB;IAErB,MAAM,KAAK,GAAG,OAAO,CAAC,KAAiC,CAAC;IACxD,IAAI,CAAC,KAAK,EAAE,UAAU;QAAE,OAAO,KAAK,CAAC;IAErC,MAAM,SAAS,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB;IACjE,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAElD,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAC7D,OAAO,MAAM,EAAE,CAAC,WAAW,CAAC,SAAS,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;IAC3D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,iFAAiF;AAEjF;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAgC;IAClE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,IAAI,EAAE,GAAG,OAAO,CAAC;IAC9C,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,YAAY,CAAC,KAAc;IAClC,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACzD,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QAChD,MAAM,MAAM,GAA4B,EAAE,CAAC;QAC3C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,KAAe,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YACtD,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAE,KAAiC,CAAC,GAAG,CAAC,CAAC,CAAC;QACtE,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/identity/credentials.d.ts

@@ -0,0 +1,81 @@
+/**
+ * Aroha Verifiable Credentials (VCs)
+ *
+ * Based on W3C Verifiable Credentials Data Model 2.0.
+ * VCs allow agents to prove claims about themselves (corporate identity,
+ * compliance certifications, capability authorization) without revealing
+ * more than necessary (selective disclosure via ZKP proofs).
+ *
+ * Issuance flow:
+ *   Trust Anchor (e.g. Expedia Corp) issues a VC to its agent.
+ *   The VC is signed with the issuer's private key.
+ *   The agent presents the VC during negotiation.
+ *   The counterpart verifies the VC signature.
+ */
+export type TrustLevel = 0 | 1 | 2 | 3 | 4;
+export declare const TRUST_LEVEL_DESCRIPTIONS: Record<TrustLevel, string>;
+export interface CredentialSubject {
+    id: string;
+    [key: string]: unknown;
+}
+export interface VerifiableCredential {
+    "@context": string[];
+    id: string;
+    type: string[];
+    issuer: string;
+    issuanceDate: string;
+    expirationDate?: string;
+    credentialSubject: CredentialSubject;
+    proof?: VCProof;
+}
+export interface VCProof {
+    type: "Ed25519Signature2020";
+    created: string;
+    verificationMethod: string;
+    proofPurpose: "assertionMethod";
+    proofValue: string;
+}
+/** Issued by a company to vouch that an agent is operated by them. */
+export interface CorporateIdentityCredential extends VerifiableCredential {
+    credentialSubject: {
+        id: string;
+        companyName: string;
+        companyDomain: string;
+        registeredCountry: string;
+    };
+}
+/** Issued by a compliance body (e.g. PCI-DSS, HIPAA auditor). */
+export interface ComplianceCertificationCredential extends VerifiableCredential {
+    credentialSubject: {
+        id: string;
+        standard: string;
+        certifiedUntil: string;
+        scope: string;
+    };
+}
+/** Issued by a platform operator to authorize an agent to act. */
+export interface CapabilityAuthorizationCredential extends VerifiableCredential {
+    credentialSubject: {
+        id: string;
+        authorizedCapabilities: string[];
+        maxTransactionValue?: {
+            amount: number;
+            currency: string;
+        };
+    };
+}
+/**
+ * Issue a Verifiable Credential.
+ * The issuer signs the credential's canonical JSON with their Ed25519 key.
+ */
+export declare function issueCredential(credential: Omit<VerifiableCredential, "proof" | "id">, issuerPrivateKey: Uint8Array, issuerKeyId: string): Promise<VerifiableCredential>;
+/**
+ * Verify a Verifiable Credential's signature.
+ * Returns true if the signature is valid.
+ */
+export declare function verifyCredential(credential: VerifiableCredential, issuerPublicKey: Uint8Array): Promise<boolean>;
+/**
+ * Check if a credential is expired.
+ */
+export declare function isCredentialExpired(credential: VerifiableCredential): boolean;
+//# sourceMappingURL=credentials.d.ts.map

package/dist/identity/credentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../../src/identity/credentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAUH,MAAM,MAAM,UAAU,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AAE3C,eAAO,MAAM,wBAAwB,EAAE,MAAM,CAAC,UAAU,EAAE,MAAM,CAM/D,CAAC;AAEF,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,oBAAoB;IACnC,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,sBAAsB,CAAC;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,iBAAiB,CAAC;IAChC,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,sEAAsE;AACtE,MAAM,WAAW,2BAA4B,SAAQ,oBAAoB;IACvE,iBAAiB,EAAE;QACjB,EAAE,EAAE,MAAM,CAAC;QACX,WAAW,EAAE,MAAM,CAAC;QACpB,aAAa,EAAE,MAAM,CAAC;QACtB,iBAAiB,EAAE,MAAM,CAAC;KAC3B,CAAC;CACH;AAED,iEAAiE;AACjE,MAAM,WAAW,iCAAkC,SAAQ,oBAAoB;IAC7E,iBAAiB,EAAE;QACjB,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,MAAM,CAAC;QACjB,cAAc,EAAE,MAAM,CAAC;QACvB,KAAK,EAAE,MAAM,CAAC;KACf,CAAC;CACH;AAED,kEAAkE;AAClE,MAAM,WAAW,iCAAkC,SAAQ,oBAAoB;IAC7E,iBAAiB,EAAE;QACjB,EAAE,EAAE,MAAM,CAAC;QACX,sBAAsB,EAAE,MAAM,EAAE,CAAC;QACjC,mBAAmB,CAAC,EAAE;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,QAAQ,EAAE,MAAM,CAAA;SAAE,CAAC;KAC5D,CAAC;CACH;AAID;;;GAGG;AACH,wBAAsB,eAAe,CACnC,UAAU,EAAE,IAAI,CAAC,oBAAoB,EAAE,OAAO,GAAG,IAAI,CAAC,EACtD,gBAAgB,EAAE,UAAU,EAC5B,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,oBAAoB,CAAC,CAmB/B;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CACpC,UAAU,EAAE,oBAAoB,EAChC,eAAe,EAAE,UAAU,GAC1B,OAAO,CAAC,OAAO,CAAC,CASlB;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,oBAAoB,GAAG,OAAO,CAG7E"}

package/dist/identity/credentials.js

@@ -0,0 +1,82 @@
+/**
+ * Aroha Verifiable Credentials (VCs)
+ *
+ * Based on W3C Verifiable Credentials Data Model 2.0.
+ * VCs allow agents to prove claims about themselves (corporate identity,
+ * compliance certifications, capability authorization) without revealing
+ * more than necessary (selective disclosure via ZKP proofs).
+ *
+ * Issuance flow:
+ *   Trust Anchor (e.g. Expedia Corp) issues a VC to its agent.
+ *   The VC is signed with the issuer's private key.
+ *   The agent presents the VC during negotiation.
+ *   The counterpart verifies the VC signature.
+ */
+import * as ed from "@noble/ed25519";
+import { sha512 } from "@noble/hashes/sha512";
+import { v4 as uuidv4 } from "uuid";
+ed.etc.sha512Sync = (...m) => sha512(...m);
+export const TRUST_LEVEL_DESCRIPTIONS = {
+    0: "Public — read capability manifests only",
+    1: "Registered — on-chain registration + stake",
+    2: "Verified — VC from recognized trust anchor",
+    3: "Reputable — reputation score >= 0.8",
+    4: "User-trusted — explicit user authorization",
+};
+// ─── Issue / Verify ───────────────────────────────────────────────────────────
+/**
+ * Issue a Verifiable Credential.
+ * The issuer signs the credential's canonical JSON with their Ed25519 key.
+ */
+export async function issueCredential(credential, issuerPrivateKey, issuerKeyId) {
+    const id = `urn:uuid:${uuidv4()}`;
+    const unsigned = { ...credential, id };
+    const payload = JSON.stringify(canonicalize(unsigned));
+    const payloadBytes = new TextEncoder().encode(payload);
+    const signature = await ed.signAsync(payloadBytes, issuerPrivateKey);
+    const proofValue = Buffer.from(signature).toString("base64url");
+    const proof = {
+        type: "Ed25519Signature2020",
+        created: new Date().toISOString(),
+        verificationMethod: issuerKeyId,
+        proofPurpose: "assertionMethod",
+        proofValue,
+    };
+    return { ...unsigned, proof };
+}
+/**
+ * Verify a Verifiable Credential's signature.
+ * Returns true if the signature is valid.
+ */
+export async function verifyCredential(credential, issuerPublicKey) {
+    if (!credential.proof)
+        return false;
+    const { proof, ...unsigned } = credential;
+    const payload = JSON.stringify(canonicalize(unsigned));
+    const payloadBytes = new TextEncoder().encode(payload);
+    const signature = Buffer.from(proof.proofValue, "base64url");
+    return ed.verifyAsync(signature, payloadBytes, issuerPublicKey);
+}
+/**
+ * Check if a credential is expired.
+ */
+export function isCredentialExpired(credential) {
+    if (!credential.expirationDate)
+        return false;
+    return new Date(credential.expirationDate) < new Date();
+}
+// ─── Deterministic JSON (canonical form for signing) ──────────────────────────
+function canonicalize(obj) {
+    if (Array.isArray(obj))
+        return obj.map(canonicalize);
+    if (obj !== null && typeof obj === "object") {
+        return Object.keys(obj)
+            .sort()
+            .reduce((acc, key) => {
+            acc[key] = canonicalize(obj[key]);
+            return acc;
+        }, {});
+    }
+    return obj;
+}
+//# sourceMappingURL=credentials.js.map

package/dist/identity/credentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../../src/identity/credentials.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACrC,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AAEpC,EAAE,CAAC,GAAG,CAAC,UAAU,GAAG,CAAC,GAAG,CAA4B,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AAMtE,MAAM,CAAC,MAAM,wBAAwB,GAA+B;IAClE,CAAC,EAAE,yCAAyC;IAC5C,CAAC,EAAE,4CAA4C;IAC/C,CAAC,EAAE,4CAA4C;IAC/C,CAAC,EAAE,qCAAqC;IACxC,CAAC,EAAE,4CAA4C;CAChD,CAAC;AAyDF,iFAAiF;AAEjF;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,UAAsD,EACtD,gBAA4B,EAC5B,WAAmB;IAEnB,MAAM,EAAE,GAAG,YAAY,MAAM,EAAE,EAAE,CAAC;IAClC,MAAM,QAAQ,GAAyB,EAAE,GAAG,UAAU,EAAE,EAAE,EAAE,CAAC;IAE7D,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;IACvD,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,SAAS,CAAC,YAAY,EAAE,gBAAgB,CAAC,CAAC;IACrE,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAEhE,MAAM,KAAK,GAAY;QACrB,IAAI,EAAE,sBAAsB;QAC5B,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACjC,kBAAkB,EAAE,WAAW;QAC/B,YAAY,EAAE,iBAAiB;QAC/B,UAAU;KACX,CAAC;IAEF,OAAO,EAAE,GAAG,QAAQ,EAAE,KAAK,EAAE,CAAC;AAChC,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,UAAgC,EAChC,eAA2B;IAE3B,IAAI,CAAC,UAAU,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IAEpC,MAAM,EAAE,KAAK,EAAE,GAAG,QAAQ,EAAE,GAAG,UAAU,CAAC;IAC1C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,QAAgC,CAAC,CAAC,CAAC;IAC/E,MAAM,YAAY,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAEvD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;IAC7D,OAAO,EAAE,CAAC,WAAW,CAAC,SAAS,EAAE,YAAY,EAAE,eAAe,CAAC,CAAC;AAClE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,UAAgC;IAClE,IAAI,CAAC,UAAU,CAAC,cAAc;QAAE,OAAO,KAAK,CAAC;IAC7C,OAAO,IAAI,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,GAAG,IAAI,IAAI,EAAE,CAAC;AAC1D,CAAC;AAED,iFAAiF;AAEjF,SAAS,YAAY,CAAC,GAAY;IAChC,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACrD,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO,MAAM,CAAC,IAAI,CAAC,GAAa,CAAC;aAC9B,IAAI,EAAE;aACN,MAAM,CACL,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YACV,GAA+B,CAAC,GAAG,CAAC,GAAG,YAAY,CACjD,GAA+B,CAAC,GAAG,CAAC,CACtC,CAAC;YACF,OAAO,GAAG,CAAC;QACb,CAAC,EACD,EAA6B,CAC9B,CAAC;IACN,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/identity/did-cache.d.ts

@@ -0,0 +1,46 @@
+/**
+ * DID Resolution Cache
+ *
+ * Wraps any PublicKeyResolver with an in-memory cache.
+ *
+ * Cache strategy by DID method:
+ *   did:aroha:       Permanent — the public key IS the DID (base58 of key bytes).
+ *                    The key can never change without changing the DID itself.
+ *   did:aroha-web:   TTL-based — keys rotate with a 24-hour cooldown per spec.
+ *                    Default TTL: 23h to stay just inside the rotation window.
+ *   Other methods:   TTL-based with configurable default.
+ *
+ * At 1000 messages/second resolving 20 known agents, this eliminates
+ * ~50,000 redundant base58 decodes and ~1,000 DNS+HTTPS fetches per second.
+ */
+export interface DidCacheConfig {
+    /** TTL for did:aroha-web: entries in ms. Default: 82_800_000 (23 hours) */
+    webDidTtlMs?: number;
+    /** TTL for unknown DID methods. Default: 300_000 (5 minutes) */
+    defaultTtlMs?: number;
+    /** Maximum number of entries before LRU eviction. Default: 1000 */
+    maxSize?: number;
+}
+export type PublicKeyResolver = (senderDID: string) => Promise<Uint8Array | null>;
+export declare class DidResolutionCache {
+    private readonly webDidTtlMs;
+    private readonly defaultTtlMs;
+    private readonly maxSize;
+    private readonly cache;
+    constructor(config?: DidCacheConfig);
+    /**
+     * Wrap a resolver function with cache semantics.
+     * The returned resolver is a drop-in replacement.
+     */
+    wrap(resolver: PublicKeyResolver): PublicKeyResolver;
+    /** Manually populate the cache (e.g. from known agent registry). */
+    set(did: string, key: Uint8Array | null): void;
+    /** Returns undefined on cache miss or expiry. */
+    get(did: string): Uint8Array | null | undefined;
+    /** Invalidate a specific DID (e.g. after a key rotation event). */
+    invalidate(did: string): void;
+    get size(): number;
+    private ttlFor;
+    private evictLru;
+}
+//# sourceMappingURL=did-cache.d.ts.map

package/dist/identity/did-cache.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"did-cache.d.ts","sourceRoot":"","sources":["../../src/identity/did-cache.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,MAAM,WAAW,cAAc;IAC7B,2EAA2E;IAC3E,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gEAAgE;IAChE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,mEAAmE;IACnE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,MAAM,iBAAiB,GAAG,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;AAQlF,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAS;IACrC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAiC;gBAE3C,MAAM,GAAE,cAAmB;IAMvC;;;OAGG;IACH,IAAI,CAAC,QAAQ,EAAE,iBAAiB,GAAG,iBAAiB;IAWpD,oEAAoE;IACpE,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,UAAU,GAAG,IAAI,GAAG,IAAI;IAW9C,iDAAiD;IACjD,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,GAAG,SAAS;IAW/C,mEAAmE;IACnE,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAI7B,IAAI,IAAI,IAAI,MAAM,CAEjB;IAED,OAAO,CAAC,MAAM;IAUd,OAAO,CAAC,QAAQ;CASjB"}

package/dist/identity/did-cache.js

@@ -0,0 +1,90 @@
+/**
+ * DID Resolution Cache
+ *
+ * Wraps any PublicKeyResolver with an in-memory cache.
+ *
+ * Cache strategy by DID method:
+ *   did:aroha:       Permanent — the public key IS the DID (base58 of key bytes).
+ *                    The key can never change without changing the DID itself.
+ *   did:aroha-web:   TTL-based — keys rotate with a 24-hour cooldown per spec.
+ *                    Default TTL: 23h to stay just inside the rotation window.
+ *   Other methods:   TTL-based with configurable default.
+ *
+ * At 1000 messages/second resolving 20 known agents, this eliminates
+ * ~50,000 redundant base58 decodes and ~1,000 DNS+HTTPS fetches per second.
+ */
+export class DidResolutionCache {
+    webDidTtlMs;
+    defaultTtlMs;
+    maxSize;
+    cache = new Map();
+    constructor(config = {}) {
+        this.webDidTtlMs = config.webDidTtlMs ?? 82_800_000; // 23h
+        this.defaultTtlMs = config.defaultTtlMs ?? 300_000; // 5m
+        this.maxSize = config.maxSize ?? 1_000;
+    }
+    /**
+     * Wrap a resolver function with cache semantics.
+     * The returned resolver is a drop-in replacement.
+     */
+    wrap(resolver) {
+        return async (did) => {
+            const cached = this.get(did);
+            if (cached !== undefined)
+                return cached;
+            const key = await resolver(did);
+            this.set(did, key);
+            return key;
+        };
+    }
+    /** Manually populate the cache (e.g. from known agent registry). */
+    set(did, key) {
+        if (this.cache.size >= this.maxSize)
+            this.evictLru();
+        const ttl = this.ttlFor(did);
+        this.cache.set(did, {
+            key,
+            expiresAt: ttl === Infinity ? Infinity : Date.now() + ttl,
+            lastUsed: Date.now(),
+        });
+    }
+    /** Returns undefined on cache miss or expiry. */
+    get(did) {
+        const entry = this.cache.get(did);
+        if (!entry)
+            return undefined;
+        if (entry.expiresAt !== Infinity && Date.now() > entry.expiresAt) {
+            this.cache.delete(did);
+            return undefined;
+        }
+        entry.lastUsed = Date.now();
+        return entry.key;
+    }
+    /** Invalidate a specific DID (e.g. after a key rotation event). */
+    invalidate(did) {
+        this.cache.delete(did);
+    }
+    get size() {
+        return this.cache.size;
+    }
+    ttlFor(did) {
+        if (did.startsWith("did:aroha:") && !did.startsWith("did:aroha-web:")) {
+            return Infinity; // key is encoded in the DID itself — never rotates
+        }
+        if (did.startsWith("did:aroha-web:")) {
+            return this.webDidTtlMs;
+        }
+        return this.defaultTtlMs;
+    }
+    evictLru() {
+        let oldest = null;
+        for (const entry of this.cache.entries()) {
+            if (!oldest || entry[1].lastUsed < oldest[1].lastUsed) {
+                oldest = entry;
+            }
+        }
+        if (oldest)
+            this.cache.delete(oldest[0]);
+    }
+}
+//# sourceMappingURL=did-cache.js.map

package/dist/identity/did-cache.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"did-cache.js","sourceRoot":"","sources":["../../src/identity/did-cache.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAmBH,MAAM,OAAO,kBAAkB;IACZ,WAAW,CAAS;IACpB,YAAY,CAAS;IACrB,OAAO,CAAS;IAChB,KAAK,GAAG,IAAI,GAAG,EAAsB,CAAC;IAEvD,YAAY,SAAyB,EAAE;QACrC,IAAI,CAAC,WAAW,GAAI,MAAM,CAAC,WAAW,IAAK,UAAU,CAAC,CAAC,MAAM;QAC7D,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,OAAO,CAAC,CAAI,KAAK;QAC5D,IAAI,CAAC,OAAO,GAAQ,MAAM,CAAC,OAAO,IAAS,KAAK,CAAC;IACnD,CAAC;IAED;;;OAGG;IACH,IAAI,CAAC,QAA2B;QAC9B,OAAO,KAAK,EAAE,GAAW,EAA8B,EAAE;YACvD,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YAC7B,IAAI,MAAM,KAAK,SAAS;gBAAE,OAAO,MAAM,CAAC;YAExC,MAAM,GAAG,GAAG,MAAM,QAAQ,CAAC,GAAG,CAAC,CAAC;YAChC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACnB,OAAO,GAAG,CAAC;QACb,CAAC,CAAC;IACJ,CAAC;IAED,oEAAoE;IACpE,GAAG,CAAC,GAAW,EAAE,GAAsB;QACrC,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO;YAAE,IAAI,CAAC,QAAQ,EAAE,CAAC;QAErD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE;YAClB,GAAG;YACH,SAAS,EAAE,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG;YACzD,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;SACrB,CAAC,CAAC;IACL,CAAC;IAED,iDAAiD;IACjD,GAAG,CAAC,GAAW;QACb,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,KAAK;YAAE,OAAO,SAAS,CAAC;QAC7B,IAAI,KAAK,CAAC,SAAS,KAAK,QAAQ,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;YACjE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YACvB,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAC,GAAG,CAAC;IACnB,CAAC;IAED,mEAAmE;IACnE,UAAU,CAAC,GAAW;QACpB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzB,CAAC;IAEO,MAAM,CAAC,GAAW;QACxB,IAAI,GAAG,CAAC,UAAU,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACtE,OAAO,QAAQ,CAAC,CAAC,mDAAmD;QACtE,CAAC;QACD,IAAI,GAAG,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;YACrC,OAAO,IAAI,CAAC,WAAW,CAAC;QAC1B,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAEO,QAAQ;QACd,IAAI,MAAM,GAAgC,IAAI,CAAC;QAC/C,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YACzC,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;gBACtD,MAAM,GAAG,KAAK,CAAC;YACjB,CAAC;QACH,CAAC;QACD,IAAI,MAAM;YAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC;CACF"}