@didcid/keymaster 0.4.3 → 0.4.5

package/README.md

@@ -125,150 +125,105 @@ keymaster list-ids
 
 #### Commands
 
-##### Wallet Management
-
-| Command | Description |
-|---------|-------------|
-| `create-wallet` | Create a new wallet (or show existing) |
-| `new-wallet` | Create a new wallet |
-| `show-wallet` | Display wallet contents |
-| `check-wallet` | Validate DIDs in wallet |
-| `fix-wallet` | Remove invalid DIDs from wallet |
-| `import-wallet <phrase>` | Create wallet from recovery phrase |
-| `show-mnemonic` | Show recovery phrase |
-| `backup-wallet-file <file>` | Backup wallet to file |
-| `restore-wallet-file <file>` | Restore wallet from file |
-| `backup-wallet-did` | Backup wallet to encrypted DID |
-| `recover-wallet-did [did]` | Recover wallet from DID |
-
-##### Identity Management
-
-| Command | Description |
-|---------|-------------|
-| `create-id <name>` | Create a new identity |
-| `list-ids` | List all identities |
-| `use-id <name>` | Set current identity |
-| `remove-id <name>` | Delete an identity |
-| `rename-id <old> <new>` | Rename an identity |
-| `resolve-id` | Resolve current identity |
-| `rotate-keys` | Generate new keys for current ID |
-| `backup-id` | Backup current ID to registry |
-| `recover-id <did>` | Recover ID from DID |
-
-##### DID Operations
-
-| Command | Description |
-|---------|-------------|
-| `resolve-did <did>` | Resolve a DID document |
-| `resolve-did-version <did> <ver>` | Resolve specific version |
-| `revoke-did <did>` | Permanently revoke a DID |
-
-##### Encryption & Signing
-
-| Command | Description |
-|---------|-------------|
-| `encrypt-message <msg> <did>` | Encrypt message for recipient |
-| `encrypt-file <file> <did>` | Encrypt file for recipient |
-| `decrypt-did <did>` | Decrypt an encrypted message |
-| `decrypt-json <did>` | Decrypt encrypted JSON |
-| `sign-file <file>` | Sign a JSON file |
-| `verify-file <file>` | Verify signature in file |
-
-##### Credentials
-
-| Command | Description |
-|---------|-------------|
-| `bind-credential <schema> <subject>` | Create bound credential |
-| `issue-credential <file>` | Issue a credential |
-| `list-issued` | List issued credentials |
-| `revoke-credential <did>` | Revoke a credential |
-| `accept-credential <did>` | Accept a credential |
-| `list-credentials` | List held credentials |
-| `get-credential <did>` | Get credential by DID |
-| `publish-credential <did>` | Publish credential existence |
-| `reveal-credential <did>` | Reveal credential publicly |
-| `unpublish-credential <did>` | Remove from manifest |
-
-##### Challenges & Responses
-
-| Command | Description |
-|---------|-------------|
-| `create-challenge [file]` | Create a challenge |
-| `create-challenge-cc <did>` | Create challenge from credential |
-| `create-response <challenge>` | Respond to a challenge |
-| `verify-response <response>` | Verify a response |
-
-##### Aliases
-
-| Command | Description |
-|---------|-------------|
-| `add-alias <alias> <did>` | Add alias for DID |
-| `get-alias <alias>` | Get DID by alias |
-| `remove-alias <alias>` | Remove alias |
-| `list-aliases` | List all aliases |
-
-##### Groups
-
-| Command | Description |
-|---------|-------------|
-| `create-group <name>` | Create a group |
-| `list-groups` | List owned groups |
-| `get-group <did>` | Get group details |
-| `add-group-member <group> <member>` | Add member to group |
-| `remove-group-member <group> <member>` | Remove member |
-| `test-group <group> [member]` | Test group membership |
-
-##### Schemas
-
-| Command | Description |
-|---------|-------------|
-| `create-schema <file>` | Create schema from file |
-| `list-schemas` | List owned schemas |
-| `get-schema <did>` | Get schema by DID |
-| `create-schema-template <schema>` | Generate template |
-
-##### Assets
-
-| Command | Description |
-|---------|-------------|
-| `create-asset` | Create empty asset |
-| `create-asset-json <file>` | Create from JSON file |
-| `create-asset-image <file>` | Create from image |
-| `create-asset-file <file>` | Create from file |
-| `get-asset <id>` | Get asset by ID |
-| `update-asset-json <id> <file>` | Update with JSON |
-| `update-asset-image <id> <file>` | Update with image |
-| `update-asset-file <id> <file>` | Update with file |
-| `transfer-asset <id> <controller>` | Transfer ownership |
-| `clone-asset <id>` | Clone an asset |
-| `set-property <id> <key> [value]` | Set asset property |
-| `list-assets` | List owned assets |
-
-##### Polls
-
-| Command | Description |
-|---------|-------------|
-| `create-poll-template` | Create poll template |
-| `create-poll <file>` | Create poll from file |
-| `view-poll <poll>` | View poll details |
-| `vote-poll <poll> <vote>` | Vote in poll |
-| `update-poll <ballot>` | Add ballot to poll |
-| `publish-poll <poll>` | Publish results (hidden) |
-| `reveal-poll <poll>` | Publish results (revealed) |
-| `unpublish-poll <poll>` | Remove results |
-
-##### Vaults
-
-| Command | Description |
-|---------|-------------|
-| `create-vault` | Create a vault |
-| `list-vault-items <id>` | List vault items |
-| `add-vault-member <id> <member>` | Add vault member |
-| `remove-vault-member <id> <member>` | Remove member |
-| `list-vault-members <id>` | List members |
-| `add-vault-item <id> <file>` | Add file to vault |
-| `remove-vault-item <id> <item>` | Remove item |
-| `get-vault-item <id> <item> <file>` | Download item |
+| Category | Command | Description |
+|----------|---------|-------------|
+| Wallet | `create-wallet` | Create a new wallet (or show existing) |
+| Wallet | `new-wallet` | Create a new wallet |
+| Wallet | `show-wallet` | Display wallet contents |
+| Wallet | `check-wallet` | Validate DIDs in wallet |
+| Wallet | `fix-wallet` | Remove invalid DIDs from wallet |
+| Wallet | `import-wallet <phrase>` | Create wallet from recovery phrase |
+| Wallet | `show-mnemonic` | Show recovery phrase |
+| Wallet | `backup-wallet-file <file>` | Backup wallet to file |
+| Wallet | `restore-wallet-file <file>` | Restore wallet from file |
+| Wallet | `backup-wallet-did` | Backup wallet to encrypted DID |
+| Wallet | `recover-wallet-did [did]` | Recover wallet from DID |
+| Wallet | `change-passphrase <new>` | Re-encrypt wallet with a new passphrase |
+| Identity | `create-id <name>` | Create a new identity |
+| Identity | `list-ids` | List all identities |
+| Identity | `use-id <name>` | Set current identity |
+| Identity | `remove-id <name>` | Delete an identity |
+| Identity | `rename-id <old> <new>` | Rename an identity |
+| Identity | `resolve-id` | Resolve current identity |
+| Identity | `rotate-keys` | Generate new keys for current ID |
+| Identity | `backup-id` | Backup current ID to registry |
+| Identity | `recover-id <did>` | Recover ID from DID |
+| DID | `resolve-did <did>` | Resolve a DID document |
+| DID | `resolve-did-version <did> <ver>` | Resolve specific version |
+| DID | `revoke-did <did>` | Permanently revoke a DID |
+| Encryption | `encrypt-message <msg> <did>` | Encrypt message for recipient |
+| Encryption | `encrypt-file <file> <did>` | Encrypt file for recipient |
+| Encryption | `decrypt-did <did>` | Decrypt an encrypted message |
+| Encryption | `decrypt-json <did>` | Decrypt encrypted JSON |
+| Encryption | `sign-file <file>` | Sign a JSON file |
+| Encryption | `verify-file <file>` | Verify signature in file |
+| Credentials | `bind-credential <schema> <subject>` | Create bound credential |
+| Credentials | `issue-credential <file>` | Issue a credential |
+| Credentials | `list-issued` | List issued credentials |
+| Credentials | `revoke-credential <did>` | Revoke a credential |
+| Credentials | `accept-credential <did>` | Accept a credential |
+| Credentials | `list-credentials` | List held credentials |
+| Credentials | `get-credential <did>` | Get credential by DID |
+| Credentials | `publish-credential <did>` | Publish credential existence |
+| Credentials | `reveal-credential <did>` | Reveal credential publicly |
+| Credentials | `unpublish-credential <did>` | Remove from manifest |
+| Challenges | `create-challenge [file]` | Create a challenge |
+| Challenges | `create-challenge-cc <did>` | Create challenge from credential |
+| Challenges | `create-response <challenge>` | Respond to a challenge |
+| Challenges | `verify-response <response>` | Verify a response |
+| Aliases | `add-alias <alias> <did>` | Add alias for DID |
+| Aliases | `get-alias <alias>` | Get DID by alias |
+| Aliases | `remove-alias <alias>` | Remove alias |
+| Aliases | `list-aliases` | List all aliases |
+| Groups | `create-group <name>` | Create a group |
+| Groups | `list-groups` | List owned groups |
+| Groups | `get-group <did>` | Get group details |
+| Groups | `add-group-member <group> <member>` | Add member to group |
+| Groups | `remove-group-member <group> <member>` | Remove member |
+| Groups | `test-group <group> [member]` | Test group membership |
+| Schemas | `create-schema <file>` | Create schema from file |
+| Schemas | `list-schemas` | List owned schemas |
+| Schemas | `get-schema <did>` | Get schema by DID |
+| Schemas | `create-schema-template <schema>` | Generate template |
+| Assets | `create-asset` | Create empty asset |
+| Assets | `create-asset-json <file>` | Create from JSON file |
+| Assets | `create-asset-image <file>` | Create from image |
+| Assets | `create-asset-file <file>` | Create from file |
+| Assets | `get-asset <id>` | Get asset by ID |
+| Assets | `update-asset-json <id> <file>` | Update with JSON |
+| Assets | `update-asset-image <id> <file>` | Update with image |
+| Assets | `update-asset-file <id> <file>` | Update with file |
+| Assets | `transfer-asset <id> <controller>` | Transfer ownership |
+| Assets | `clone-asset <id>` | Clone an asset |
+| Assets | `set-property <id> <key> [value]` | Set asset property |
+| Assets | `list-assets` | List owned assets |
+| Polls | `create-poll-template` | Create poll template |
+| Polls | `create-poll <file>` | Create poll from file |
+| Polls | `view-poll <poll>` | View poll details |
+| Polls | `vote-poll <poll> <vote>` | Vote in poll |
+| Polls | `update-poll <ballot>` | Add ballot to poll |
+| Polls | `publish-poll <poll>` | Publish results (hidden) |
+| Polls | `reveal-poll <poll>` | Publish results (revealed) |
+| Polls | `unpublish-poll <poll>` | Remove results |
+| Vaults | `create-vault` | Create a vault |
+| Vaults | `list-vault-items <id>` | List vault items |
+| Vaults | `add-vault-member <id> <member>` | Add vault member |
+| Vaults | `remove-vault-member <id> <member>` | Remove member |
+| Vaults | `list-vault-members <id>` | List members |
+| Vaults | `add-vault-item <id> <file>` | Add file to vault |
+| Vaults | `remove-vault-item <id> <item>` | Remove item |
+| Vaults | `get-vault-item <id> <item> <file>` | Download item |
+| Lightning | `add-lightning [id]` | Create a Lightning wallet for a DID |
+| Lightning | `remove-lightning [id]` | Remove Lightning wallet from a DID |
+| Lightning | `lightning-balance [id]` | Check Lightning wallet balance |
+| Lightning | `lightning-invoice <amount> <memo> [id]` | Create invoice to receive sats |
+| Lightning | `lightning-pay <bolt11> [id]` | Pay a Lightning invoice |
+| Lightning | `lightning-check <hash> [id]` | Check status of a payment |
+| Lightning | `lightning-decode <bolt11>` | Decode a BOLT11 invoice |
+| Lightning | `lightning-zap <recipient> <amount> [memo]` | Send sats to a DID, alias, or Lightning Address |
+| Lightning | `lightning-payments [id]` | Show payment history |
+| Lightning | `publish-lightning [id]` | Publish Lightning service endpoint for a DID |
+| Lightning | `unpublish-lightning [id]` | Remove Lightning service endpoint from a DID |
 
 #### Command Options
 

package/dist/cjs/keymaster-client.cjs

@@ -78,6 +78,15 @@ class KeymasterClient {
             console.log('Keymaster service is ready!');
         }
     }
+    async getVersion() {
+        try {
+            const response = await this.axios.get(`${this.API}/version`);
+            return response.data;
+        }
+        catch (error) {
+            throwError(error);
+        }
+    }
     async isReady() {
         try {
             const response = await this.axios.get(`${this.API}/ready`);
@@ -276,6 +285,15 @@ class KeymasterClient {
             throwError(error);
         }
     }
+    async changeRegistry(id, registry) {
+        try {
+            const response = await this.axios.post(`${this.API}/ids/${id}/change-registry`, { registry });
+            return response.data.ok;
+        }
+        catch (error) {
+            throwError(error);
+        }
+    }
     async backupId(id) {
         try {
             if (!id) {
@@ -1024,7 +1042,7 @@ class KeymasterClient {
             const response = await this.axios.post(`${this.API}/files`, data, {
                 headers: {
                     'Content-Type': 'application/octet-stream',
-                    'X-Options': JSON.stringify(options), // Pass options as a custom header
+                    'X-Options': JSON.stringify(options),
                 }
             });
             return response.data.did;
@@ -1033,12 +1051,28 @@ class KeymasterClient {
             throwError(error);
         }
     }
+    async createFileStream(stream, options = {}) {
+        try {
+            const response = await this.axios.post(`${this.API}/files`, stream, {
+                headers: {
+                    'Content-Type': 'application/octet-stream',
+                    'X-Options': JSON.stringify(options),
+                },
+                maxBodyLength: Infinity,
+                maxContentLength: Infinity,
+            });
+            return response.data.did;
+        }
+        catch (error) {
+            throwError(error);
+        }
+    }
     async updateFile(id, data, options = {}) {
         try {
             const response = await this.axios.put(`${this.API}/files/${id}`, data, {
                 headers: {
                     'Content-Type': 'application/octet-stream',
-                    'X-Options': JSON.stringify(options), // Pass options as a custom header
+                    'X-Options': JSON.stringify(options),
                 }
             });
             return response.data.ok;
@@ -1047,6 +1081,22 @@ class KeymasterClient {
             throwError(error);
         }
     }
+    async updateFileStream(id, stream, options = {}) {
+        try {
+            const response = await this.axios.put(`${this.API}/files/${id}`, stream, {
+                headers: {
+                    'Content-Type': 'application/octet-stream',
+                    'X-Options': JSON.stringify(options),
+                },
+                maxBodyLength: Infinity,
+                maxContentLength: Infinity,
+            });
+            return response.data.ok;
+        }
+        catch (error) {
+            throwError(error);
+        }
+    }
     async getFile(id) {
         try {
             const response = await this.axios.get(`${this.API}/files/${id}`);

package/dist/cjs/keymaster.cjs

@@ -2678,6 +2678,23 @@ function base64urlToHex(b64) {
     const bytes = base64url.baseDecode(b64);
     return Buffer.from(bytes).toString('hex');
 }
+function isPrivateHostname(hostname) {
+    return /^(localhost|127\.|10\.|172\.(1[6-9]|2\d|3[01])\.|192\.168\.)/.test(hostname);
+}
+const REMOTE_NAME_LOOKUP_TIMEOUT_MS = 2000;
+function isRemoteNameReference(value) {
+    if (typeof value !== 'string') {
+        return false;
+    }
+    if (value.startsWith('did:') || value.startsWith('mailto:') || value.includes('://')) {
+        return false;
+    }
+    if (/[/?#]/.test(value)) {
+        return false;
+    }
+    const parts = value.split('@');
+    return parts.length === 2 && !!parts[0] && !!parts[1];
+}
 const DefaultSchema = {
     "$schema": "http://json-schema.org/draft-07/schema#",
     "type": "object",
@@ -3361,6 +3378,24 @@ class Keymaster {
         const file = await this.generateFileAsset(filename, buffer);
         return this.mergeData(id, { file });
     }
+    async generateFileAssetFromStream(filename, stream, contentType, bytes) {
+        const cid = await this.gatekeeper.addDataStream(stream);
+        return { cid, filename, type: contentType, bytes };
+    }
+    async createFileStream(stream, options = {}) {
+        const filename = options.filename || 'file';
+        const contentType = options.contentType || 'application/octet-stream';
+        const bytes = options.bytes || 0;
+        const file = await this.generateFileAssetFromStream(filename, stream, contentType, bytes);
+        return this.createAsset({ file }, options);
+    }
+    async updateFileStream(id, stream, options = {}) {
+        const filename = options.filename || 'file';
+        const contentType = options.contentType || 'application/octet-stream';
+        const bytes = options.bytes || 0;
+        const file = await this.generateFileAssetFromStream(filename, stream, contentType, bytes);
+        return this.mergeData(id, { file });
+    }
     async getFile(id) {
         const asset = await this.resolveAsset(id);
         const file = asset.file;
@@ -3565,6 +3600,23 @@ class Keymaster {
         }
         return ok;
     }
+    async changeRegistry(id, registry) {
+        if (!registry) {
+            throw new InvalidParameterError('registry');
+        }
+        const did = await this.lookupDID(id);
+        const current = await this.resolveDID(did);
+        const currentRegistry = current.didDocumentRegistration?.registry;
+        if (registry === currentRegistry) {
+            return true;
+        }
+        return this.updateDID(did, {
+            didDocumentRegistration: {
+                ...current.didDocumentRegistration,
+                registry,
+            },
+        });
+    }
     async addToOwned(did, owner) {
         await this.mutateWallet(async (wallet) => {
             const id = await this.fetchIdInfo(owner, wallet);
@@ -3623,8 +3675,47 @@ class Keymaster {
         if (wallet.ids && name in wallet.ids) {
             return wallet.ids[name].did;
         }
+        const remoteDid = await this.resolveRemoteName(name);
+        if (remoteDid) {
+            return remoteDid;
+        }
         throw new UnknownIDError();
     }
+    async resolveRemoteName(name) {
+        if (!isRemoteNameReference(name)) {
+            return null;
+        }
+        const [localName, domain] = name.split('@');
+        let url;
+        try {
+            url = new URL(`https://${domain}/.well-known/names/${encodeURIComponent(localName)}`);
+        }
+        catch {
+            return null;
+        }
+        if (isPrivateHostname(url.hostname)) {
+            return null;
+        }
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), REMOTE_NAME_LOOKUP_TIMEOUT_MS);
+        try {
+            const response = await fetch(url.toString(), { signal: controller.signal });
+            if (!response.ok) {
+                return null;
+            }
+            const data = await response.json();
+            if (typeof data.did !== 'string' || !isValidDID(data.did)) {
+                return null;
+            }
+            return data.did;
+        }
+        catch {
+            return null;
+        }
+        finally {
+            clearTimeout(timeout);
+        }
+    }
     async resolveDID(did, options) {
         const actualDid = await this.lookupDID(did);
         const docs = await this.gatekeeper.resolveDID(actualDid, options);
@@ -5560,9 +5651,16 @@ class Keymaster {
                 }
                 throw new InvalidParameterError(`Invalid recipient: ${id}`);
             }
-            if (isValidDID(id)) {
-                newList.push(id);
-                continue;
+            try {
+                const did = await this.lookupDID(id);
+                const isAgent = await this.testAgent(did);
+                if (isAgent) {
+                    newList.push(did);
+                    continue;
+                }
+            }
+            catch {
+                // Fall through to recipient-specific error below.
             }
             throw new InvalidParameterError(`Invalid recipient: ${id}`);
         }

package/dist/esm/cli.js

@@ -335,6 +335,18 @@ program
         console.error(`cannot revoke ${did}`);
     }
 });
+program
+    .command('change-registry <id> <registry>')
+    .description('Changes the registry for an existing DID')
+    .action(async (id, registry) => {
+    try {
+        const ok = await keymaster.changeRegistry(id, registry);
+        console.log(ok ? UPDATE_OK : UPDATE_FAILED);
+    }
+    catch (error) {
+        console.error(error.error || error.message || error);
+    }
+});
 // Encryption commands
 program
     .command('encrypt-message <message> <did>')
@@ -1056,9 +1068,10 @@ program
     .action(async (file, options) => {
     try {
         const { alias, registry } = options;
-        const data = fs.readFileSync(file);
         const filename = path.basename(file);
-        const did = await keymaster.createFile(data, { filename, alias, registry });
+        const bytes = fs.statSync(file).size;
+        const stream = fs.createReadStream(file);
+        const did = await keymaster.createFileStream(stream, { filename, alias, registry, bytes });
         console.log(did);
     }
     catch (error) {
@@ -1158,9 +1171,10 @@ program
     .description('Update an asset from a file')
     .action(async (id, file) => {
     try {
-        const data = fs.readFileSync(file);
         const filename = path.basename(file);
-        const ok = await keymaster.updateFile(id, data, { filename });
+        const bytes = fs.statSync(file).size;
+        const stream = fs.createReadStream(file);
+        const ok = await keymaster.updateFileStream(id, stream, { filename, bytes });
         console.log(ok ? UPDATE_OK : UPDATE_FAILED);
     }
     catch (error) {