@docknetwork/wallet-sdk-wasm 1.5.11 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (97) hide show
  1. package/generate-docs.js +49 -0
  2. package/jsdoc.conf.json +29 -6
  3. package/lib/index.js +8 -1
  4. package/lib/index.mjs +8 -1
  5. package/lib/rpc-server.js +10 -1
  6. package/lib/rpc-server.mjs +10 -1
  7. package/lib/services/blockchain/cached-did-resolver.js +113 -0
  8. package/lib/services/blockchain/cached-did-resolver.mjs +109 -0
  9. package/lib/services/blockchain/index.js +11 -0
  10. package/lib/services/blockchain/index.mjs +11 -0
  11. package/lib/services/blockchain/service-rpc.js +16 -0
  12. package/lib/services/blockchain/service-rpc.mjs +16 -0
  13. package/lib/services/blockchain/service.js +144 -12
  14. package/lib/services/blockchain/service.mjs +144 -12
  15. package/lib/services/credential/bbs-revocation.js +11 -0
  16. package/lib/services/credential/bbs-revocation.mjs +11 -0
  17. package/lib/services/credential/config.js +4 -1
  18. package/lib/services/credential/config.mjs +4 -1
  19. package/lib/services/credential/index.js +14 -0
  20. package/lib/services/credential/index.mjs +14 -0
  21. package/lib/services/credential/pex-helpers.js +20 -0
  22. package/lib/services/credential/pex-helpers.mjs +20 -1
  23. package/lib/services/credential/sd-jwt.js +214 -0
  24. package/lib/services/credential/sd-jwt.mjs +200 -0
  25. package/lib/services/credential/service-rpc.js +9 -0
  26. package/lib/services/credential/service-rpc.mjs +9 -0
  27. package/lib/services/credential/service.js +325 -8
  28. package/lib/services/credential/service.mjs +326 -9
  29. package/lib/services/edv/service.js +145 -1
  30. package/lib/services/edv/service.mjs +145 -1
  31. package/lib/services/index.js +13 -0
  32. package/lib/services/index.mjs +13 -0
  33. package/lib/services/relay-service/service.js +124 -1
  34. package/lib/services/relay-service/service.mjs +124 -1
  35. package/lib/services/rpc-service-client.js +0 -3
  36. package/lib/services/rpc-service-client.mjs +0 -3
  37. package/lib/services/storage/index.js +19 -2
  38. package/lib/services/storage/index.mjs +24 -1
  39. package/lib/services/storage/service-rpc.js +7 -3
  40. package/lib/services/storage/service-rpc.mjs +7 -3
  41. package/lib/services/storage/service.js +4 -0
  42. package/lib/services/storage/service.mjs +4 -0
  43. package/lib/setup-nodejs.js +8 -1
  44. package/lib/setup-nodejs.mjs +8 -1
  45. package/lib/setup-tests.js +8 -1
  46. package/lib/setup-tests.mjs +8 -1
  47. package/lib/src/services/blockchain/cached-did-resolver.d.ts +28 -0
  48. package/lib/src/services/blockchain/cached-did-resolver.d.ts.map +1 -0
  49. package/lib/src/services/blockchain/cached-did-resolver.test.d.ts +2 -0
  50. package/lib/src/services/blockchain/cached-did-resolver.test.d.ts.map +1 -0
  51. package/lib/src/services/blockchain/service.d.ts +115 -17
  52. package/lib/src/services/blockchain/service.d.ts.map +1 -1
  53. package/lib/src/services/credential/config.d.ts.map +1 -1
  54. package/lib/src/services/credential/index.d.ts +3 -0
  55. package/lib/src/services/credential/index.d.ts.map +1 -1
  56. package/lib/src/services/credential/pex-helpers.d.ts +13 -1
  57. package/lib/src/services/credential/pex-helpers.d.ts.map +1 -1
  58. package/lib/src/services/credential/sd-jwt.test.d.ts +2 -0
  59. package/lib/src/services/credential/sd-jwt.test.d.ts.map +1 -0
  60. package/lib/src/services/credential/service.d.ts +274 -4
  61. package/lib/src/services/credential/service.d.ts.map +1 -1
  62. package/lib/src/services/edv/service.d.ts +151 -1
  63. package/lib/src/services/edv/service.d.ts.map +1 -1
  64. package/lib/src/services/relay-service/service.d.ts +129 -1
  65. package/lib/src/services/relay-service/service.d.ts.map +1 -1
  66. package/lib/src/services/rpc-service-client.d.ts +2 -2
  67. package/lib/src/services/rpc-service-client.d.ts.map +1 -1
  68. package/lib/src/services/storage/index.d.ts +1 -1
  69. package/lib/src/services/storage/index.d.ts.map +1 -1
  70. package/lib/src/services/storage/service-rpc.d.ts +9 -0
  71. package/lib/src/services/storage/service-rpc.d.ts.map +1 -0
  72. package/lib/src/services/storage/service.d.ts +1 -0
  73. package/lib/src/services/storage/service.d.ts.map +1 -1
  74. package/lib/src/services/util-crypto/service.d.ts +1 -1
  75. package/lib/tsconfig.tsbuildinfo +1 -1
  76. package/lib/wallet/rpc-storage-interface.js +13 -3
  77. package/lib/wallet/rpc-storage-interface.mjs +11 -1
  78. package/lib/wallet/rpc-storage-wallet.js +10 -0
  79. package/lib/wallet/rpc-storage-wallet.mjs +10 -0
  80. package/package.json +13 -8
  81. package/src/services/blockchain/cached-did-resolver.test.ts +288 -0
  82. package/src/services/blockchain/cached-did-resolver.ts +126 -0
  83. package/src/services/blockchain/service-rpc.js +16 -0
  84. package/src/services/blockchain/service.ts +146 -12
  85. package/src/services/credential/config.ts +7 -1
  86. package/src/services/credential/pex-helpers.js +20 -1
  87. package/src/services/credential/pex-helpers.test.js +114 -0
  88. package/src/services/credential/sd-jwt.test.ts +718 -0
  89. package/src/services/credential/sd-jwt.ts +231 -0
  90. package/src/services/credential/service-rpc.js +9 -0
  91. package/src/services/credential/service.ts +330 -9
  92. package/src/services/edv/service.ts +153 -1
  93. package/src/services/relay-service/service.ts +130 -1
  94. package/src/services/rpc-service-client.js +0 -3
  95. package/src/services/storage/index.js +15 -1
  96. package/src/services/storage/service-rpc.js +7 -3
  97. package/src/services/storage/service.ts +5 -0
@@ -1,4 +1,12 @@
1
1
  // @ts-nocheck
2
+
3
+ /**
4
+ * @module credential-service
5
+ * @description Verifiable credential management service for the Wallet SDK.
6
+ * This module provides functionality for creating, signing, verifying, and presenting
7
+ * verifiable credentials including support for BBS+ signatures and anonymous credentials.
8
+ */
9
+
2
10
  import {serviceName, validation} from './config';
3
11
  import {
4
12
  Accumulator,
@@ -29,11 +37,26 @@ import {
29
37
  import assert from 'assert';
30
38
  import axios from 'axios';
31
39
  import {getIsRevoked, getWitnessDetails} from './bbs-revocation';
32
- import {getPexRequiredAttributes} from './pex-helpers';
40
+ import {getPexRequiredAttributes, shouldSkipAttribute} from './pex-helpers';
33
41
  import {didService} from '../dids/service';
42
+ import {isSDJWTCredential as checkIsSDJWT, credentialToW3C as convertCredentialToW3C, verifySDJWT, createSDJWTPresentation} from './sd-jwt';
34
43
 
44
+ /**
45
+ * PEX (Presentation Exchange) instance for credential filtering
46
+ * @private
47
+ */
35
48
  const pex: PEX = new PEX();
36
49
 
50
+ /**
51
+ * Checks if a credential uses BBS+ signature
52
+ * @param {Object} credential - The credential to check
53
+ * @returns {boolean} True if the credential uses BBS+ signature
54
+ * @example
55
+ * const isBBS = isBBSPlusCredential(credential);
56
+ * if (isBBS) {
57
+ * console.log('This credential uses BBS+ signatures');
58
+ * }
59
+ */
37
60
  export function isBBSPlusCredential(credential) {
38
61
  return (
39
62
  (typeof credential?.proof?.type === 'string' &&
@@ -45,6 +68,13 @@ export function isBBSPlusCredential(credential) {
45
68
  );
46
69
  }
47
70
 
71
+ /**
72
+ * Checks if a credential uses KVAC (BBDT16) signature
73
+ * @param {Object} credential - The credential to check
74
+ * @returns {boolean} True if the credential uses KVAC signature
75
+ * @example
76
+ * const isKVAC = isKvacCredential(credential);
77
+ */
48
78
  export function isKvacCredential(credential) {
49
79
  return (
50
80
  typeof credential?.proof?.type === 'string' &&
@@ -52,11 +82,30 @@ export function isKvacCredential(credential) {
52
82
  );
53
83
  }
54
84
 
85
+ /**
86
+ * Checks if a credential is anonymous (BBS+ or KVAC)
87
+ * @param {Object} credential - The credential to check
88
+ * @returns {boolean} True if the credential is anonymous
89
+ * @example
90
+ * if (isAnnonymousCredential(credential)) {
91
+ * console.log('This credential supports selective disclosure');
92
+ * }
93
+ */
55
94
  export function isAnnonymousCredential(credential) {
56
95
  return isBBSPlusCredential(credential) || isKvacCredential(credential);
57
96
  }
58
97
 
98
+ /**
99
+ * Service class for managing verifiable credentials
100
+ * @class
101
+ * @description Provides methods for creating, signing, verifying, and presenting
102
+ * verifiable credentials with support for various signature types
103
+ */
59
104
  class CredentialService {
105
+ /**
106
+ * Creates a new CredentialService instance
107
+ * @constructor
108
+ */
60
109
  constructor() {
61
110
  this.name = serviceName;
62
111
  }
@@ -69,8 +118,28 @@ class CredentialService {
69
118
  CredentialService.prototype.deriveVCFromPresentation,
70
119
  CredentialService.prototype.isBBSPlusCredential,
71
120
  CredentialService.prototype.isKvacCredential,
121
+ CredentialService.prototype.isSDJWTCredential,
122
+ CredentialService.prototype.credentialToW3C,
123
+ CredentialService.prototype.createSDJWTPresentation,
72
124
  CredentialService.prototype.acquireOIDCredential,
73
125
  ];
126
+
127
+
128
+ createSDJWTPresentation(params) {
129
+ const {attributesToReveal, credential} = params;
130
+ return createSDJWTPresentation({attributesToReveal, credential});
131
+ }
132
+
133
+ /**
134
+ * Generates a new verifiable credential template
135
+ * @param {Object} [params={}] - Generation parameters
136
+ * @param {Object} [params.subject] - The credential subject
137
+ * @returns {VerifiableCredential} A new verifiable credential instance
138
+ * @example
139
+ * const credential = credentialService.generateCredential({
140
+ * subject: { id: 'did:example:123', name: 'Alice' }
141
+ * });
142
+ */
74
143
  generateCredential(params = {}) {
75
144
  validation.generateCredential(params);
76
145
  const {subject} = params;
@@ -89,6 +158,19 @@ class CredentialService {
89
158
  }
90
159
  return vc;
91
160
  }
161
+ /**
162
+ * Signs a verifiable credential
163
+ * @param {Object} params - Signing parameters
164
+ * @param {Object} params.vcJson - The credential JSON to sign
165
+ * @param {Object} params.keyDoc - The key document for signing
166
+ * @returns {Promise<VerifiableCredential>} The signed verifiable credential
167
+ * @throws {Error} If validation fails or signing fails
168
+ * @example
169
+ * const signedCredential = await credentialService.signCredential({
170
+ * vcJson: credentialData,
171
+ * keyDoc: issuerKeyDocument
172
+ * });
173
+ */
92
174
  async signCredential(params) {
93
175
  validation.signCredential(params);
94
176
  const {vcJson, keyDoc} = params;
@@ -104,13 +186,39 @@ class CredentialService {
104
186
 
105
187
  return verifiableCredential;
106
188
  }
189
+ /**
190
+ * Creates a verifiable presentation from credentials
191
+ * @param {Object} params - Presentation parameters
192
+ * @param {Array<Object>} params.credentials - Array of verifiable credentials to include
193
+ * @param {Object} params.keyDoc - The key document for signing the presentation
194
+ * @param {string} [params.challenge] - Challenge string for the presentation proof
195
+ * @param {string} [params.id] - Presentation identifier
196
+ * @param {string} [params.domain] - Domain for the presentation proof
197
+ * @returns {Promise<Object>} The signed verifiable presentation
198
+ * @throws {Error} If validation fails
199
+ * @example
200
+ * const presentation = await credentialService.createPresentation({
201
+ * credentials: [credential1, credential2],
202
+ * keyDoc: holderKeyDocument,
203
+ * challenge: 'abc123',
204
+ * domain: 'example.com'
205
+ * });
206
+ */
107
207
  async createPresentation(params) {
108
208
  validation.createPresentation(params);
109
209
  const {credentials, keyDoc, challenge, id, domain} = params;
110
210
  const vp = new VerifiablePresentation(id);
111
211
  let shouldSkipSigning = false;
212
+ let jwtCredentials = [];
213
+
112
214
  for (const signedVC of credentials) {
113
- vp.addCredential(signedVC);
215
+
216
+ if (typeof signedVC === 'string') {
217
+ jwtCredentials.push(signedVC);
218
+ shouldSkipSigning = true;
219
+ } else {
220
+ vp.addCredential(signedVC);
221
+ }
114
222
  shouldSkipSigning = shouldSkipSigning || isAnnonymousCredential(signedVC);
115
223
  }
116
224
 
@@ -123,19 +231,60 @@ class CredentialService {
123
231
  const suite = await getSuiteFromKeyDoc(keyPair);
124
232
 
125
233
  if (shouldSkipSigning) {
126
- return vp.toJSON();
234
+ const result = vp.toJSON();
235
+ result.verifiableCredential.push(...jwtCredentials);
236
+ return result;
127
237
  }
128
238
 
129
239
  return vp.sign(suite, challenge, domain, blockchainService.resolver);
130
240
  }
131
241
 
242
+ /**
243
+ * Verifies a verifiable presentation
244
+ * @param {Object} params - Verification parameters
245
+ * @param {Object} params.presentation - The presentation to verify
246
+ * @param {Object} [params.options] - Verification options
247
+ * @returns {Promise<Object>} Verification result with verified status and any errors
248
+ * @example
249
+ * const result = await credentialService.verifyPresentation({
250
+ * presentation: presentationData
251
+ * });
252
+ * console.log('Verified:', result.verified);
253
+ */
132
254
  async verifyPresentation({ presentation, options }: any) {
133
255
  return verifyPresentation(presentation, options);
134
256
  }
135
257
 
258
+ /**
259
+ * Verifies a verifiable credential including revocation check
260
+ * @param {Object} params - Verification parameters
261
+ * @param {Object} params.credential - The credential to verify
262
+ * @param {Object} [params.membershipWitness] - Membership witness for revocation check
263
+ * @returns {Promise<Object>} Verification result
264
+ * @returns {boolean} returns.verified - Whether the credential is valid
265
+ * @returns {string} [returns.error] - Error message if verification failed
266
+ * @throws {Error} If validation fails
267
+ * @example
268
+ * const result = await credentialService.verifyCredential({
269
+ * credential: credentialData,
270
+ * membershipWitness: witnessData
271
+ * });
272
+ * if (!result.verified) {
273
+ * console.error('Verification failed:', result.error);
274
+ * }
275
+ */
136
276
  async verifyCredential(params) {
137
277
  validation.verifyCredential(params);
138
- const {credential, membershipWitness} = params;
278
+ let {credential, membershipWitness} = params;
279
+
280
+ if (credential._sd_jwt) {
281
+ credential = credential?._sd_jwt?.encoded;
282
+ }
283
+
284
+ if (typeof credential === 'string' && checkIsSDJWT(credential)) {
285
+ return verifySDJWT(credential);
286
+ }
287
+
139
288
  const result = await verifyCredential(credential, {
140
289
  resolver: blockchainService.resolver,
141
290
  revocationApi: {dock: blockchainService.dock},
@@ -160,6 +309,20 @@ class CredentialService {
160
309
  return result;
161
310
  }
162
311
 
312
+ /**
313
+ * Filters credentials based on a presentation definition
314
+ * @param {Object} params - Filter parameters
315
+ * @param {Array<Object>} params.credentials - Array of credentials to filter
316
+ * @param {Object} params.presentationDefinition - PEX presentation definition
317
+ * @param {string} [params.holderDid] - DID of the credential holder
318
+ * @returns {Object} Filtered credentials matching the presentation definition
319
+ * @example
320
+ * const filtered = credentialService.filterCredentials({
321
+ * credentials: allCredentials,
322
+ * presentationDefinition: definition,
323
+ * holderDid: 'did:example:holder'
324
+ * });
325
+ */
163
326
  filterCredentials(params) {
164
327
  const {credentials, presentationDefinition, holderDid} = params;
165
328
  const result = pex.selectFrom(
@@ -171,6 +334,18 @@ class CredentialService {
171
334
  return result;
172
335
  }
173
336
 
337
+ /**
338
+ * Evaluates a presentation against a presentation definition
339
+ * @param {Object} params - Evaluation parameters
340
+ * @param {Object} params.presentation - The presentation to evaluate
341
+ * @param {Object} params.presentationDefinition - PEX presentation definition
342
+ * @returns {Object} Evaluation result with validation details
343
+ * @example
344
+ * const evaluation = credentialService.evaluatePresentation({
345
+ * presentation: presentationData,
346
+ * presentationDefinition: definition
347
+ * });
348
+ */
174
349
  evaluatePresentation(params) {
175
350
  const {presentation, presentationDefinition} = params;
176
351
  const result = pex.evaluatePresentation(
@@ -181,16 +356,81 @@ class CredentialService {
181
356
  return result;
182
357
  }
183
358
 
359
+ /**
360
+ * Checks if a credential uses BBS+ signature
361
+ * @param {Object} params - Check parameters
362
+ * @param {Object} params.credential - The credential to check
363
+ * @returns {boolean} True if the credential uses BBS+ signature
364
+ */
184
365
  isBBSPlusCredential(params) {
185
366
  const {credential} = params;
186
367
  return isBBSPlusCredential(credential);
187
368
  }
188
369
 
370
+ /**
371
+ * Checks if a credential uses KVAC signature
372
+ * @param {Object} params - Check parameters
373
+ * @param {Object} params.credential - The credential to check
374
+ * @returns {boolean} True if the credential uses KVAC signature
375
+ */
189
376
  isKvacCredential(params) {
190
377
  const {credential} = params;
191
378
  return isKvacCredential(credential);
192
379
  }
193
380
 
381
+ /**
382
+ * Checks if a credential is an SD-JWT (Selective Disclosure JWT) credential
383
+ * @param {Object} params - Check parameters
384
+ * @param {string} params.credential - The JWT string to check
385
+ * @returns {boolean} True if the credential is an SD-JWT credential
386
+ * @example
387
+ * const isSDJWT = credentialService.isSDJWTCredential({
388
+ * credential: 'eyJ0eXAiOiJ2YytzZC1qd3Q...'
389
+ * });
390
+ */
391
+ isSDJWTCredential(params) {
392
+ const {credential} = params;
393
+ return checkIsSDJWT(credential);
394
+ }
395
+
396
+ /**
397
+ * Converts a credential to W3C Verifiable Credential format
398
+ * @description Handles both SD-JWT credentials (needs decoding) and regular W3C credentials (returns as-is)
399
+ * @param {Object} params - Conversion parameters
400
+ * @param {string|Object} params.credential - Either an SD-JWT string or a credential object
401
+ * @returns {Promise<Object>} W3C Verifiable Credential format
402
+ * @throws {Error} If credential cannot be converted to W3C format
403
+ * @example
404
+ * // Convert SD-JWT to W3C format
405
+ * const w3cCredential = await credentialService.credentialToW3C({
406
+ * credential: 'eyJ0eXAiOiJ2YytzZC1qd3Q...'
407
+ * });
408
+ *
409
+ * // Returns W3C credential as-is
410
+ * const w3cCredential = await credentialService.credentialToW3C({
411
+ * credential: { '@context': [...], type: [...], ... }
412
+ * });
413
+ */
414
+ async credentialToW3C(params) {
415
+ const {credential} = params;
416
+ return convertCredentialToW3C(credential);
417
+ }
418
+
419
+ /**
420
+ * Acquires a credential through OpenID for Verifiable Credentials (OID4VC)
421
+ * @param {Object} params - Acquisition parameters
422
+ * @param {string} params.uri - The credential offer URI
423
+ * @param {string} [params.authorizationCode] - Authorization code if required
424
+ * @param {Object} params.holderKeyDocument - Key document for the credential holder
425
+ * @returns {Promise<Object>} Result containing the credential or authorization URL
426
+ * @returns {Object} [returns.credential] - The acquired credential
427
+ * @returns {string} [returns.authorizationURL] - Authorization URL if auth is required
428
+ * @example
429
+ * const result = await credentialService.acquireOIDCredential({
430
+ * uri: 'openid-credential-offer://...',
431
+ * holderKeyDocument: keyDoc
432
+ * });
433
+ */
194
434
  async acquireOIDCredential({
195
435
  uri,
196
436
  authorizationCode,
@@ -209,6 +449,8 @@ class CredentialService {
209
449
  authorizationRequest: {
210
450
  redirectUri: 'dock-wallet://credentials/callback',
211
451
  clientId: 'dock.wallet',
452
+ // Hack: we need the scope property to avoid 'CredentialOffer format is wrong.' error
453
+ scope: []
212
454
  },
213
455
  });
214
456
 
@@ -264,6 +506,22 @@ class CredentialService {
264
506
  }
265
507
  }
266
508
 
509
+ /**
510
+ * Creates a BBS+ presentation with selective disclosure
511
+ * @param {Object} params - Presentation parameters
512
+ * @param {Array<Object>} params.credentials - Array of credentials with attributes to reveal
513
+ * @param {Object} params.credentials[].credential - The BBS+ credential
514
+ * @param {Array<string>} [params.credentials[].attributesToReveal] - Attributes to reveal
515
+ * @returns {Promise<Object>} The BBS+ presentation
516
+ * @throws {Error} If validation fails
517
+ * @example
518
+ * const presentation = await credentialService.createBBSPresentation({
519
+ * credentials: [{
520
+ * credential: bbsCredential,
521
+ * attributesToReveal: ['name', 'age']
522
+ * }]
523
+ * });
524
+ */
267
525
  async createBBSPresentation(params) {
268
526
  validation.createBBSPresentation(params);
269
527
  const {credentials} = params;
@@ -280,6 +538,13 @@ class CredentialService {
280
538
  return bbsPlusPresentation.createPresentation();
281
539
  }
282
540
 
541
+ /**
542
+ * Gets the accumulator ID from a credential's status
543
+ * @param {Object} params - Parameters
544
+ * @param {Object} params.credential - The credential to get accumulator ID from
545
+ * @returns {string|null} The accumulator ID or null if not present
546
+ * @throws {Error} If credential is not provided
547
+ */
283
548
  getAccumulatorId({credential}) {
284
549
  assert(!!credential, `credential is required`);
285
550
  if (!credential?.credentialStatus) {
@@ -289,6 +554,13 @@ class CredentialService {
289
554
  return credential?.credentialStatus.id;
290
555
  }
291
556
 
557
+ /**
558
+ * Gets accumulator data from the blockchain for a credential
559
+ * @param {Object} params - Parameters
560
+ * @param {Object} params.credential - The credential to get accumulator data for
561
+ * @returns {Promise<Object|null>} The accumulator data or null if not found
562
+ * @throws {Error} If credential is not provided
563
+ */
292
564
  async getAccumulatorData({credential}) {
293
565
  assert(!!credential, `credential is required`);
294
566
  const accumulatorId = await this.getAccumulatorId({credential});
@@ -304,10 +576,15 @@ class CredentialService {
304
576
  }
305
577
 
306
578
  /**
307
- * Fetch the latest accumulator witness updates for a given credential and membership witness
308
- * The witness is generated by the issuer when the credential is created and is stored in the wallet when the credential is imported
309
- *
310
- * @param param0
579
+ * Updates the membership witness with the latest accumulator state
580
+ * @description The witness is generated by the issuer when the credential is created
581
+ * and is stored in the wallet when the credential is imported. This method updates
582
+ * it with the latest accumulator changes from the blockchain.
583
+ * @param {Object} params - Update parameters
584
+ * @param {Object} params.credential - The credential with revocation status
585
+ * @param {Object} params.membershipWitnessJSON - Current membership witness in JSON format
586
+ * @returns {Promise<Object>} Updated membership witness in JSON format
587
+ * @throws {Error} If updates cannot be fetched or applied
311
588
  */
312
589
  async updateMembershipWitness({credential, membershipWitnessJSON}) {
313
590
  const revocationId = credential.credentialStatus.revocationId;
@@ -359,6 +636,25 @@ class CredentialService {
359
636
  return witness.toJSON();
360
637
  }
361
638
 
639
+ /**
640
+ * Derives verifiable credentials from a presentation with selective disclosure
641
+ * @param {Object} params - Derivation parameters
642
+ * @param {Array<Object>} params.credentials - Array of credential objects
643
+ * @param {Object} params.credentials[].credential - The credential
644
+ * @param {Array<string>} params.credentials[].attributesToReveal - Attributes to reveal
645
+ * @param {Object} [params.credentials[].witness] - Membership witness for revocation
646
+ * @param {Object} [params.options={}] - Additional options for derivation
647
+ * @param {Object} [params.proofRequest] - Proof request with constraints
648
+ * @returns {Promise<Array>} Array of derived credentials
649
+ * @throws {Error} If validation fails
650
+ * @example
651
+ * const derivedCredentials = await credentialService.deriveVCFromPresentation({
652
+ * credentials: [{
653
+ * credential: bbsCredential,
654
+ * attributesToReveal: ['name', 'dateOfBirth']
655
+ * }]
656
+ * });
657
+ */
362
658
  async deriveVCFromPresentation(params) {
363
659
  validation.deriveVCFromPresentation(params);
364
660
  const {credentials, options = {}, proofRequest} = params;
@@ -397,7 +693,7 @@ class CredentialService {
397
693
  ? descriptorBounds[idx].map(bound => bound.attributeName)
398
694
  : [];
399
695
  const filteredAttributes = attributesToReveal.filter(
400
- attribute => !attributesToSkip.includes(attribute),
696
+ attribute => !attributesToSkip.includes(attribute) && !shouldSkipAttribute(attribute),
401
697
  );
402
698
  const _pexRequiredAttributes = pexRequiredAttributes[idx] || [];
403
699
 
@@ -443,9 +739,34 @@ class CredentialService {
443
739
  return credentialsFromPresentation;
444
740
  }
445
741
 
742
+ /**
743
+ * Test method for range proofs
744
+ * @private
745
+ * @returns {Promise<void>}
746
+ */
446
747
  async testRangeProof() {
447
748
  console.log('test');
448
749
  }
449
750
  }
450
751
 
752
+ /**
753
+ * Singleton instance of the credential service
754
+ * @type {CredentialService}
755
+ * @example
756
+ * import { credentialService } from '@docknetwork/wallet-sdk-wasm/services/credential';
757
+ *
758
+ * // Create and sign a credential
759
+ * const credential = credentialService.generateCredential({
760
+ * subject: { id: 'did:example:123' }
761
+ * });
762
+ * const signed = await credentialService.signCredential({
763
+ * vcJson: credential,
764
+ * keyDoc: issuerKey
765
+ * });
766
+ *
767
+ * // Verify a credential
768
+ * const result = await credentialService.verifyCredential({
769
+ * credential: signedCredential
770
+ * });
771
+ */
451
772
  export const credentialService = new CredentialService();