@dupecom/botcha-cloudflare 0.20.2 → 0.23.0

package/dist/tap-routes.js

@@ -5,7 +5,9 @@
  * Provides backward-compatible endpoints with optional TAP functionality
  */
 import { extractBearerToken, verifyToken, getSigningPublicKeyJWK } from './auth.js';
-import { registerTAPAgent, getTAPAgent, listTAPAgents, createTAPSession, getTAPSession, validateCapability, TAP_VALID_ACTIONS } from './tap-agents.js';
+import { validateAppSecret } from './apps.js';
+import { triggerWebhook } from './webhooks.js';
+import { registerTAPAgent, getTAPAgent, listTAPAgents, createTAPSession, getTAPSession, updateAgentVerification, validateCapability, isValidJWK, TAP_VALID_ACTIONS } from './tap-agents.js';
 import { parseTAPIntent } from './tap-verify.js';
 import { createInvoice, getInvoice, verifyPaymentContainer, verifyBrowsingIOU, fulfillInvoice, parsePaymentContainer } from './tap-payment.js';
 import { parseAgenticConsumer, verifyAgenticConsumer } from './tap-consumer.js';
@@ -67,8 +69,13 @@ function validateTAPRegistration(body) {
     if (!body.name || typeof body.name !== 'string') {
         return { valid: false, error: 'Agent name is required' };
     }
+    // Normalize public_key: accept JWK objects by serializing them to JSON strings
+    let publicKey = body.public_key;
+    if (publicKey && typeof publicKey === 'object') {
+        publicKey = JSON.stringify(publicKey);
+    }
     // Validate public key if provided
-    if (body.public_key) {
+    if (publicKey) {
         if (!body.signature_algorithm) {
             return { valid: false, error: 'signature_algorithm required when public_key provided' };
         }
@@ -76,11 +83,12 @@ function validateTAPRegistration(body) {
         if (!validAlgorithms.includes(body.signature_algorithm)) {
             return { valid: false, error: `Unsupported algorithm. Supported: ${validAlgorithms.join(', ')}` };
         }
-        // PEM format or raw Ed25519 key (32-byte base64)
-        const isPEM = body.public_key.includes('BEGIN PUBLIC KEY');
-        const isRawEd25519 = body.signature_algorithm === 'ed25519' && !isPEM;
-        if (!isPEM && !isRawEd25519) {
-            return { valid: false, error: 'Invalid public key format. Provide PEM or raw Ed25519 base64 key.' };
+        // Accept: PEM, JWK JSON string, or raw Ed25519 base64 key
+        const isPEM = typeof publicKey === 'string' && publicKey.includes('BEGIN PUBLIC KEY');
+        const isJWK = isValidJWK(publicKey);
+        const isRawEd25519 = body.signature_algorithm === 'ed25519' && !isPEM && !isJWK;
+        if (!isPEM && !isJWK && !isRawEd25519) {
+            return { valid: false, error: 'Invalid public key format. Provide a PEM key, JWK object/JSON, or raw Ed25519 base64 key.' };
         }
     }
     // Validate capabilities if provided
@@ -94,17 +102,48 @@ function validateTAPRegistration(body) {
             }
         }
     }
+    // Validate ANS name format if provided
+    if (body.ans_name !== undefined && body.ans_name !== null) {
+        if (typeof body.ans_name !== 'string') {
+            return { valid: false, error: 'ans_name must be a string (e.g. "ans://v1.0.myagent.example.com")' };
+        }
+        // Basic format check — full validation happens in tap-ans module
+        const clean = body.ans_name.trim().replace(/^ans:\/\//, '');
+        if (clean.split('.').length < 2) {
+            return { valid: false, error: 'ans_name must include at least a label and domain (e.g. "myagent.example.com")' };
+        }
+    }
+    // Validate optional DID field
+    if (body.did !== undefined) {
+        if (typeof body.did !== 'string' || !body.did.startsWith('did:')) {
+            return { valid: false, error: 'Invalid did field: must be a valid DID string (e.g. did:web:example.com)' };
+        }
+    }
+    // Validate provider if provided
+    const SUPPORTED_PROVIDERS = ['anthropic', 'openai', 'google', 'mistral', 'cohere', 'other'];
+    if (body.provider !== undefined) {
+        if (!SUPPORTED_PROVIDERS.includes(body.provider)) {
+            return { valid: false, error: `Unsupported provider. Use one of: ${SUPPORTED_PROVIDERS.join(', ')}` };
+        }
+        if (!body.api_key || typeof body.api_key !== 'string') {
+            return { valid: false, error: 'api_key is required when provider is specified' };
+        }
+    }
     return {
         valid: true,
         data: {
             name: body.name,
             operator: body.operator,
             version: body.version,
-            public_key: body.public_key,
+            public_key: publicKey,
             signature_algorithm: body.signature_algorithm,
             capabilities: body.capabilities,
             trust_level: body.trust_level || 'basic',
-            issuer: body.issuer
+            issuer: body.issuer,
+            ans_name: body.ans_name,
+            did: body.did,
+            provider: body.provider,
+            api_key: body.api_key, // plaintext — hashed in route handler, never persisted
         }
     };
 }
@@ -134,16 +173,64 @@ export async function registerTAPAgentRoute(c) {
                 message: validation.error
             }, 400);
         }
-        // Register TAP-enhanced agent
-        const result = await registerTAPAgent(c.env.AGENTS, appAccess.appId, validation.data);
-        if (!result.success) {
-            return c.json({
-                success: false,
-                error: 'AGENT_CREATION_FAILED',
-                message: result.error || 'Failed to create agent'
-            }, 500);
+        // If agent_id provided, update existing agent with TAP fields instead of creating a new one
+        let agent;
+        if (body.agent_id) {
+            const existing = await getTAPAgent(c.env.AGENTS, body.agent_id);
+            if (!existing.success || !existing.agent) {
+                return c.json({
+                    success: false,
+                    error: 'AGENT_NOT_FOUND',
+                    message: `Agent '${body.agent_id}' not found`
+                }, 404);
+            }
+            if (existing.agent.app_id !== appAccess.appId) {
+                return c.json({
+                    success: false,
+                    error: 'UNAUTHORIZED',
+                    message: 'Agent does not belong to this app'
+                }, 403);
+            }
+            const now = Date.now();
+            // Hash provider API key if provided — never store plaintext
+            let providerKeyHash = existing.agent.provider_key_hash;
+            if (validation.data.api_key) {
+                const hashBuf = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(validation.data.api_key.trim()));
+                providerKeyHash = Array.from(new Uint8Array(hashBuf)).map(b => b.toString(16).padStart(2, '0')).join('');
+            }
+            agent = {
+                ...existing.agent,
+                public_key: validation.data.public_key ?? existing.agent.public_key,
+                signature_algorithm: validation.data.signature_algorithm ?? existing.agent.signature_algorithm,
+                capabilities: validation.data.capabilities ?? existing.agent.capabilities,
+                trust_level: validation.data.trust_level ?? existing.agent.trust_level ?? 'basic',
+                tap_enabled: Boolean(validation.data.public_key ?? existing.agent.public_key),
+                key_created_at: validation.data.public_key ? now : existing.agent.key_created_at,
+                ans_name: validation.data.ans_name ?? existing.agent.ans_name,
+                did: validation.data.did ?? existing.agent.did,
+                provider: validation.data.provider ?? existing.agent.provider,
+                provider_key_hash: providerKeyHash,
+            };
+            await c.env.AGENTS.put(`agent:${agent.agent_id}`, JSON.stringify(agent));
+        }
+        else {
+            // Create new agent
+            const result = await registerTAPAgent(c.env.AGENTS, appAccess.appId, validation.data);
+            if (!result.success) {
+                return c.json({
+                    success: false,
+                    error: 'AGENT_CREATION_FAILED',
+                    message: result.error || 'Failed to create agent'
+                }, 500);
+            }
+            agent = result.agent;
+        }
+        ;
+        // Webhook: agent.tap.registered
+        const tapRegCtx = c.executionCtx;
+        if (tapRegCtx?.waitUntil) {
+            tapRegCtx.waitUntil(triggerWebhook(c.env.AGENTS, appAccess.appId, 'agent.tap.registered', { agent_id: agent.agent_id, name: agent.name, trust_level: agent.trust_level }));
         }
-        const agent = result.agent;
         // Return enhanced agent info
         return c.json({
             success: true,
@@ -159,6 +246,12 @@ export async function registerTAPAgentRoute(c) {
             capabilities: agent.capabilities,
             signature_algorithm: agent.signature_algorithm,
             issuer: agent.issuer,
+            // W3C DID (optional)
+            did: agent.did || null,
+            // ANS fields
+            ans_name: agent.ans_name || null,
+            ans_badge_id: agent.ans_badge_id || null,
+            ans_trust_level: agent.ans_trust_level || null,
             // Security info (don't expose full public key)
             has_public_key: Boolean(agent.public_key),
             key_fingerprint: agent.public_key ?
@@ -213,6 +306,12 @@ export async function getTAPAgentRoute(c) {
             issuer: agent.issuer,
             last_verified_at: agent.last_verified_at ?
                 new Date(agent.last_verified_at).toISOString() : null,
+            // ANS identity
+            ans_name: agent.ans_name || null,
+            ans_badge_id: agent.ans_badge_id || null,
+            ans_trust_level: agent.ans_trust_level || null,
+            ans_verified_at: agent.ans_verified_at
+                ? new Date(agent.ans_verified_at).toISOString() : null,
             // Public key info (secure)
             has_public_key: Boolean(agent.public_key),
             key_fingerprint: agent.public_key ?
@@ -305,6 +404,18 @@ export async function createTAPSessionRoute(c) {
             }, 404);
         }
         const agent = agentResult.agent;
+        // Gate: agent must have TAP enabled (i.e. a registered public key).
+        // tap_enabled is set to true only when a public key is registered, so this
+        // check is the canonical guard. Without cryptographic identity, a TAP
+        // session has no trust anchor and would silently bypass the entire
+        // verification model.
+        if (!agent.tap_enabled) {
+            return c.json({
+                success: false,
+                error: 'TAP_NOT_ENABLED',
+                message: 'Agent does not have TAP enabled. Register a public key via POST /v1/agents/register/tap (with public_key field) or POST /v1/agents/:id/tap/rotate-key to enable TAP sessions.'
+            }, 403);
+        }
         // Parse intent
         const intentResult = parseTAPIntent(JSON.stringify(body.intent));
         if (!intentResult.valid) {
@@ -333,6 +444,16 @@ export async function createTAPSessionRoute(c) {
             }, 500);
         }
         const session = sessionResult.session;
+        // Update last_verified_at — session creation is a successful TAP verification event.
+        // updateAgentVerification catches and logs internally; void signals intentional fire-and-forget.
+        // Note: this does a read-modify-write on the full agent KV record. A concurrent key rotation
+        // could clobber that write. Future work: store last_verified_at in a separate KV key.
+        void updateAgentVerification(c.env.AGENTS, agent.agent_id, true);
+        // Webhook: tap.session.created
+        const tapSessCtx = c.executionCtx;
+        if (tapSessCtx?.waitUntil) {
+            tapSessCtx.waitUntil(triggerWebhook(c.env.AGENTS, agent.app_id, 'tap.session.created', { session_id: session.session_id, agent_id: agent.agent_id, intent: session.intent }));
+        }
         return c.json({
             success: true,
             session_id: session.session_id,
@@ -406,19 +527,44 @@ export async function rotateKeyRoute(c) {
         if (!agentId) {
             return c.json({ success: false, error: 'MISSING_AGENT_ID', message: 'Agent ID is required' }, 400);
         }
-        const appAccess = await validateAppAccess(c, true);
-        if (!appAccess.valid) {
-            return c.json({ success: false, error: appAccess.error, message: 'Authentication required' }, (appAccess.status || 401));
+        // Accept either a Bearer JWT (normal flow) or x-app-secret header (recovery flow)
+        const queryAppId = c.req.query('app_id');
+        const appSecretHeader = c.req.header('x-app-secret');
+        let resolvedAppId;
+        if (appSecretHeader && queryAppId) {
+            const valid = await validateAppSecret(c.env.APPS, queryAppId, appSecretHeader);
+            if (!valid) {
+                return c.json({ success: false, error: 'UNAUTHORIZED', message: 'Invalid app_secret' }, 401);
+            }
+            resolvedAppId = queryAppId;
+        }
+        else {
+            const appAccess = await validateAppAccess(c, true);
+            if (!appAccess.valid) {
+                return c.json({ success: false, error: appAccess.error, message: 'Authentication required. Provide a Bearer token or x-app-secret + app_id.' }, (appAccess.status || 401));
+            }
+            resolvedAppId = appAccess.appId;
         }
         const body = await c.req.json().catch(() => ({}));
         if (!body.public_key || !body.signature_algorithm) {
             return c.json({ success: false, error: 'MISSING_FIELDS', message: 'public_key and signature_algorithm are required' }, 400);
         }
+        // Normalize public_key: accept JWK objects by serializing to JSON
+        const newPublicKey = typeof body.public_key === 'object'
+            ? JSON.stringify(body.public_key)
+            : body.public_key;
         // Validate algorithm
         const validAlgorithms = ['ecdsa-p256-sha256', 'rsa-pss-sha256', 'ed25519'];
         if (!validAlgorithms.includes(body.signature_algorithm)) {
             return c.json({ success: false, error: 'INVALID_ALGORITHM', message: `Unsupported algorithm. Supported: ${validAlgorithms.join(', ')}` }, 400);
         }
+        // Validate key format (PEM, JWK, or raw Ed25519)
+        const isPEM = typeof newPublicKey === 'string' && newPublicKey.includes('BEGIN PUBLIC KEY');
+        const isJWK = isValidJWK(newPublicKey);
+        const isRawEd25519 = body.signature_algorithm === 'ed25519' && !isPEM && !isJWK;
+        if (!isPEM && !isJWK && !isRawEd25519) {
+            return c.json({ success: false, error: 'INVALID_KEY_FORMAT', message: 'Invalid public key format. Provide a PEM key, JWK object/JSON, or raw Ed25519 base64 key.' }, 400);
+        }
         // Get existing agent
         const agentResult = await getTAPAgent(c.env.AGENTS, agentId);
         if (!agentResult.success || !agentResult.agent) {
@@ -426,11 +572,11 @@ export async function rotateKeyRoute(c) {
         }
         const agent = agentResult.agent;
         // Verify agent belongs to this app
-        if (agent.app_id !== appAccess.appId) {
+        if (agent.app_id !== resolvedAppId) {
             return c.json({ success: false, error: 'UNAUTHORIZED', message: 'Agent does not belong to this app' }, 403);
         }
         // Update agent with new key
-        agent.public_key = body.public_key;
+        agent.public_key = newPublicKey;
         agent.signature_algorithm = body.signature_algorithm;
         agent.key_created_at = Date.now();
         agent.key_expires_at = body.key_expires_at ? new Date(body.key_expires_at).getTime() : undefined;

package/dist/tap-vc-routes.d.ts

@@ -0,0 +1,358 @@
+/**
+ * DID/VC API Routes
+ *
+ * Endpoints:
+ *   GET  /.well-known/did.json        — BOTCHA DID Document (did:web:botcha.ai)
+ *   POST /v1/credentials/issue        — Issue VC from a valid BOTCHA access_token
+ *   POST /v1/credentials/verify       — Verify a VC JWT
+ *   GET  /v1/dids/:did/resolve        — Resolve a did:web DID Document
+ *
+ * All credential issuance requires a valid BOTCHA access_token in the
+ * Authorization header (Bearer <token>). The token is the result of a
+ * successful BOTCHA challenge solve (/v1/token/verify).
+ */
+import type { Context } from 'hono';
+/**
+ * GET /.well-known/did.json
+ *
+ * Returns the BOTCHA DID Document for did:web:botcha.ai.
+ * This is a public endpoint — no auth required.
+ * Resolvers use this to discover BOTCHA's public keys for VC verification.
+ */
+export declare function didDocumentRoute(c: Context): Promise<Response>;
+/**
+ * POST /v1/credentials/issue
+ *
+ * Exchange a valid BOTCHA access_token for a W3C Verifiable Credential.
+ *
+ * Request (body, all optional):
+ *   {
+ *     "agent_id": "agent_xxx",          // Override agent identity in VC
+ *     "duration_seconds": 86400,        // VC validity period (default: 24h, max: 30d)
+ *   }
+ *
+ * Headers:
+ *   Authorization: Bearer <access_token>   (required — from /v1/token/verify)
+ *
+ * Response:
+ *   {
+ *     "success": true,
+ *     "credential_id": "urn:botcha:vc:...",
+ *     "vc": { ...W3C JSON-LD credential... },
+ *     "vc_jwt": "eyJ...",
+ *     "issued_at": "2026-...",
+ *     "expires_at": "2026-...",
+ *   }
+ */
+export declare function issueVCRoute(c: Context): Promise<(Response & import("hono").TypedResponse<{
+    success: false;
+    error: string;
+    message: string;
+}, 401, "json">) | (Response & import("hono").TypedResponse<{
+    success: false;
+    error: string;
+    message: string;
+}, 403, "json">) | (Response & import("hono").TypedResponse<{
+    success: false;
+    error: string;
+    message: string;
+}, 404, "json">) | (Response & import("hono").TypedResponse<{
+    success: false;
+    error: string;
+    message: string;
+}, 500, "json">) | (Response & import("hono").TypedResponse<{
+    success: true;
+    credential_id: string | undefined;
+    vc: {
+        '@context': string[];
+        type: string[];
+        id: string;
+        issuer: string;
+        credentialSubject: {
+            id?: string | undefined;
+            agent_id: string;
+            app_id: string;
+            challenge_type: string;
+            solve_time_ms: number;
+            trust_level: "basic" | "verified" | "enterprise";
+            capabilities?: string[] | undefined;
+        };
+        validFrom: string;
+        validUntil: string;
+    } | undefined;
+    vc_jwt: string | undefined;
+    issued_at: string | undefined;
+    expires_at: string | undefined;
+    issuer: string;
+    usage: {
+        note: string;
+        verify_endpoint: string;
+        offline_verify: string;
+        did_document: string;
+    };
+}, 201, "json">)>;
+/**
+ * POST /v1/credentials/verify
+ *
+ * Verify a BOTCHA VC JWT. No auth required — the VC is the credential.
+ *
+ * Request body:
+ *   { "vc_jwt": "eyJ..." }
+ *
+ * Response (valid):
+ *   {
+ *     "valid": true,
+ *     "issuer": "did:web:botcha.ai",
+ *     "credential_id": "urn:botcha:vc:...",
+ *     "credential_subject": { ... },
+ *     "issued_at": "...",
+ *     "expires_at": "...",
+ *   }
+ *
+ * Response (invalid):
+ *   { "valid": false, "error": "..." }
+ */
+export declare function verifyVCRoute(c: Context): Promise<(Response & import("hono").TypedResponse<{
+    valid: false;
+    error: string;
+    message: string;
+}, 400, "json">) | (Response & import("hono").TypedResponse<{
+    valid: false;
+    error: string;
+    message: string;
+}, 503, "json">) | (Response & import("hono").TypedResponse<{
+    valid: false;
+    error: string;
+}, 200, "json">) | (Response & import("hono").TypedResponse<{
+    valid: true;
+    issuer: string | undefined;
+    credential_id: string | undefined;
+    credential_subject: {
+        id?: string | undefined;
+        agent_id: string;
+        app_id: string;
+        challenge_type: string;
+        solve_time_ms: number;
+        trust_level: "basic" | "verified" | "enterprise";
+        capabilities?: string[] | undefined;
+    } | undefined;
+    vc: {
+        '@context': string[];
+        type: string[];
+        id: string;
+        issuer: string;
+        credentialSubject: {
+            id?: string | undefined;
+            agent_id: string;
+            app_id: string;
+            challenge_type: string;
+            solve_time_ms: number;
+            trust_level: "basic" | "verified" | "enterprise";
+            capabilities?: string[] | undefined;
+        };
+        validFrom: string;
+        validUntil: string;
+    } | undefined;
+    issued_at: string | undefined;
+    expires_at: string | undefined;
+}, import("hono/utils/http-status").ContentfulStatusCode, "json">) | (Response & import("hono").TypedResponse<{
+    valid: false;
+    error: string;
+    message: string;
+}, 500, "json">)>;
+/**
+ * GET /v1/dids/:did/resolve
+ *
+ * Resolve a did:web DID Document.
+ * This is a public endpoint — no auth required.
+ *
+ * Supports: did:web:* only (other methods return methodNotSupported)
+ *
+ * Special case: did:web:botcha.ai is resolved locally (no outbound fetch).
+ *
+ * Query params:
+ *   (none currently)
+ *
+ * Response:
+ *   W3C DID Resolution Result object
+ */
+export declare function resolveDIDRoute(c: Context): Promise<(Response & import("hono").TypedResponse<{
+    '@context': string;
+    didDocument: null;
+    didResolutionMetadata: {
+        error: string;
+    };
+    didDocumentMetadata: {};
+}, 400, "json">) | (Response & import("hono").TypedResponse<{
+    '@context': string;
+    didDocument: {
+        [x: string]: import("hono/utils/types").JSONValue;
+        '@context': string | string[];
+        id: string;
+        controller?: string | string[] | undefined;
+        verificationMethod?: {
+            id: string;
+            type: string;
+            controller: string;
+            publicKeyJwk?: {
+                [x: string]: string | undefined;
+            } | undefined;
+            publicKeyMultibase?: string | undefined;
+        }[] | undefined;
+        authentication?: (string | {
+            id: string;
+            type: string;
+            controller: string;
+            publicKeyJwk?: {
+                [x: string]: string | undefined;
+            } | undefined;
+            publicKeyMultibase?: string | undefined;
+        })[] | undefined;
+        assertionMethod?: (string | {
+            id: string;
+            type: string;
+            controller: string;
+            publicKeyJwk?: {
+                [x: string]: string | undefined;
+            } | undefined;
+            publicKeyMultibase?: string | undefined;
+        })[] | undefined;
+        keyAgreement?: (string | {
+            id: string;
+            type: string;
+            controller: string;
+            publicKeyJwk?: {
+                [x: string]: string | undefined;
+            } | undefined;
+            publicKeyMultibase?: string | undefined;
+        })[] | undefined;
+        capabilityInvocation?: (string | {
+            id: string;
+            type: string;
+            controller: string;
+            publicKeyJwk?: {
+                [x: string]: string | undefined;
+            } | undefined;
+            publicKeyMultibase?: string | undefined;
+        })[] | undefined;
+        capabilityDelegation?: (string | {
+            id: string;
+            type: string;
+            controller: string;
+            publicKeyJwk?: {
+                [x: string]: string | undefined;
+            } | undefined;
+            publicKeyMultibase?: string | undefined;
+        })[] | undefined;
+        service?: {
+            id: string;
+            type: string;
+            serviceEndpoint: string | string[] | {
+                [x: string]: string;
+            };
+            description?: string | undefined;
+        }[] | undefined;
+    };
+    didResolutionMetadata: {
+        contentType: string;
+        retrieved: string;
+        duration: number;
+    };
+    didDocumentMetadata: {};
+}, import("hono/utils/http-status").ContentfulStatusCode, "json">) | (Response & import("hono").TypedResponse<{
+    '@context': string;
+    didDocument: {
+        [x: string]: import("hono/utils/types").JSONValue;
+        '@context': string | string[];
+        id: string;
+        controller?: string | string[] | undefined;
+        verificationMethod?: {
+            id: string;
+            type: string;
+            controller: string;
+            publicKeyJwk?: {
+                [x: string]: string | undefined;
+            } | undefined;
+            publicKeyMultibase?: string | undefined;
+        }[] | undefined;
+        authentication?: (string | {
+            id: string;
+            type: string;
+            controller: string;
+            publicKeyJwk?: {
+                [x: string]: string | undefined;
+            } | undefined;
+            publicKeyMultibase?: string | undefined;
+        })[] | undefined;
+        assertionMethod?: (string | {
+            id: string;
+            type: string;
+            controller: string;
+            publicKeyJwk?: {
+                [x: string]: string | undefined;
+            } | undefined;
+            publicKeyMultibase?: string | undefined;
+        })[] | undefined;
+        keyAgreement?: (string | {
+            id: string;
+            type: string;
+            controller: string;
+            publicKeyJwk?: {
+                [x: string]: string | undefined;
+            } | undefined;
+            publicKeyMultibase?: string | undefined;
+        })[] | undefined;
+        capabilityInvocation?: (string | {
+            id: string;
+            type: string;
+            controller: string;
+            publicKeyJwk?: {
+                [x: string]: string | undefined;
+            } | undefined;
+            publicKeyMultibase?: string | undefined;
+        })[] | undefined;
+        capabilityDelegation?: (string | {
+            id: string;
+            type: string;
+            controller: string;
+            publicKeyJwk?: {
+                [x: string]: string | undefined;
+            } | undefined;
+            publicKeyMultibase?: string | undefined;
+        })[] | undefined;
+        service?: {
+            id: string;
+            type: string;
+            serviceEndpoint: string | string[] | {
+                [x: string]: string;
+            };
+            description?: string | undefined;
+        }[] | undefined;
+    } | null;
+    didResolutionMetadata: {
+        contentType?: string | undefined;
+        error?: string | undefined;
+        retrieved?: string | undefined;
+        duration?: number | undefined;
+    };
+    didDocumentMetadata: {
+        created?: string | undefined;
+        updated?: string | undefined;
+        deactivated?: boolean | undefined;
+    };
+}, 200 | 404, "json">) | (Response & import("hono").TypedResponse<{
+    '@context': string;
+    didDocument: null;
+    didResolutionMetadata: {
+        error: string;
+    };
+    didDocumentMetadata: {};
+}, 500, "json">)>;
+declare const _default: {
+    didDocumentRoute: typeof didDocumentRoute;
+    issueVCRoute: typeof issueVCRoute;
+    verifyVCRoute: typeof verifyVCRoute;
+    resolveDIDRoute: typeof resolveDIDRoute;
+};
+export default _default;
+//# sourceMappingURL=tap-vc-routes.d.ts.map

package/dist/tap-vc-routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tap-vc-routes.d.ts","sourceRoot":"","sources":["../src/tap-vc-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAoCpC;;;;;;GAMG;AACH,wBAAsB,gBAAgB,CAAC,CAAC,EAAE,OAAO,qBAkBhD;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,wBAAsB,YAAY,CAAC,CAAC,EAAE,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBA8I5C;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAsB,aAAa,CAAC,CAAC,EAAE,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAwD7C;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,eAAe,CAAC,CAAC,EAAE,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kBAsE/C;;;;;;;AAED,wBAKE"}