@enbox/dids 0.0.2 → 0.0.4

package/package.json

@@ -1,11 +1,23 @@
 {
   "name": "@enbox/dids",
-  "version": "0.0.2",
+  "version": "0.0.4",
   "description": "TBD DIDs library",
   "type": "module",
-  "main": "./dist/cjs/index.js",
+  "main": "./dist/esm/index.js",
   "module": "./dist/esm/index.js",
   "types": "./dist/types/index.d.ts",
+  "scripts": {
+    "clean": "rimraf dist",
+    "build:esm": "rimraf dist/esm dist/types && bun tsc -p tsconfig.json",
+    "build:browser": "rimraf dist/browser.mjs && bun ../../build/browser-bundle.js --extra-entry src/utils.ts:dist/utils.js",
+    "build": "bun run clean && bun run build:esm && bun run build:browser",
+    "lint": "eslint . --max-warnings 0",
+    "lint:fix": "eslint . --fix",
+    "test:node": "bun test tests/",
+    "test:node:coverage": "bun test --coverage --coverage-reporter=text --coverage-reporter=lcov --coverage-dir=coverage tests/",
+    "test:browser": "bunx --bun vitest --config vitest.browser.config.ts --run",
+    "test:browser:coverage": "bunx --bun vitest --config vitest.browser.config.ts --run --coverage --coverage.provider=istanbul --coverage.reportsDirectory=./coverage-browser"
+  },
   "homepage": "https://github.com/enboxorg/enbox/tree/main/packages/dids#readme",
   "bugs": "https://github.com/enboxorg/enbox/issues",
   "repository": {
@@ -15,6 +27,10 @@
   },
   "license": "Apache-2.0",
   "contributors": [
+    {
+      "name": "Liran Cohen",
+      "url": "https://github.com/LiranCohen"
+    },
     {
       "name": "Daniel Buchner",
       "url": "https://github.com/csuwildcat"
@@ -34,14 +50,14 @@
   ],
   "exports": {
     ".": {
+      "browser": "./dist/browser.mjs",
       "types": "./dist/types/index.d.ts",
-      "import": "./dist/esm/index.js",
-      "require": "./dist/cjs/index.js"
+      "import": "./dist/esm/index.js"
     },
     "./utils": {
+      "browser": "./dist/utils.js",
       "types": "./dist/types/utils.d.ts",
-      "import": "./dist/esm/utils.js",
-      "require": "./dist/cjs/utils.js"
+      "import": "./dist/esm/utils.js"
     }
   },
   "react-native": "./dist/esm/index.js",
@@ -59,58 +75,30 @@
     "access": "public"
   },
   "engines": {
-    "node": ">=18.0.0"
+    "bun": ">=1.0.0"
   },
   "dependencies": {
     "@decentralized-identity/ion-sdk": "1.0.4",
     "@dnsquery/dns-packet": "6.1.1",
+    "@enbox/common": "0.0.3",
+    "@enbox/crypto": "0.0.4",
     "abstract-level": "1.0.4",
     "bencode": "4.0.0",
-    "buffer": "6.0.3",
     "level": "8.0.1",
-    "ms": "2.1.3",
-    "@enbox/common": "0.0.2",
-    "@enbox/crypto": "0.0.2"
+    "ms": "2.1.3"
   },
   "devDependencies": {
-    "@playwright/test": "1.45.3",
     "@types/bencode": "2.0.4",
-    "@types/chai": "4.3.16",
-    "@types/chai-as-promised": "7.1.8",
-    "@types/eslint": "8.56.10",
-    "@types/mocha": "10.0.7",
     "@types/ms": "0.7.34",
     "@types/node": "20.14.8",
-    "@types/sinon": "17.0.3",
-    "@typescript-eslint/eslint-plugin": "7.9.0",
-    "@typescript-eslint/parser": "7.14.1",
-    "@web/test-runner": "0.18.2",
-    "@web/test-runner-playwright": "0.11.0",
-    "c8": "9.1.0",
-    "chai": "5.1.1",
-    "chai-as-promised": "7.1.2",
-    "esbuild": "0.23.0",
-    "eslint": "9.5.0",
-    "eslint-plugin-mocha": "10.4.3",
-    "mocha": "10.7.0",
-    "mocha-junit-reporter": "2.2.1",
-    "playwright": "1.45.3",
+    "@typescript-eslint/eslint-plugin": "8.32.1",
+    "@typescript-eslint/parser": "8.32.1",
+    "@vitest/browser-playwright": "4.0.18",
+    "@vitest/coverage-istanbul": "4.0.18",
+    "bun-types": "latest",
+    "eslint": "9.7.0",
     "rimraf": "5.0.7",
-    "sinon": "18.0.0",
-    "source-map-loader": "5.0.0",
-    "typescript": "5.5.4"
-  },
-  "scripts": {
-    "clean": "rimraf dist coverage tests/compiled",
-    "build:esm": "rimraf dist/esm dist/types && pnpm tsc -p tsconfig.json",
-    "build:cjs": "rimraf dist/cjs && node build/cjs-bundle.js && echo '{\"type\": \"commonjs\"}' > ./dist/cjs/package.json",
-    "build:browser": "rimraf dist/browser.mjs dist/browser.js && node build/bundles.js",
-    "build:tests:node": "rimraf tests/compiled && pnpm tsc -p tests/tsconfig.json",
-    "build:tests:browser": "rimraf tests/compiled && node build/esbuild-tests.cjs",
-    "build": "pnpm clean && pnpm build:esm && pnpm build:cjs && pnpm build:browser",
-    "lint": "eslint . --max-warnings 0",
-    "lint:fix": "eslint . --fix",
-    "test:node": "pnpm build:tests:node && pnpm c8 mocha",
-    "test:browser": "pnpm build:tests:browser && web-test-runner"
+    "typescript": "5.5.4",
+    "vitest": "4.0.18"
   }
-}
+}

package/src/bearer-did.ts

@@ -1,16 +1,16 @@
 import type {
+  EnclosedSignParams,
+  EnclosedVerifyParams,
   Jwk,
-  Signer,
-  CryptoApi,
   KeyIdentifier,
-  EnclosedSignParams,
+  KeyImporterExporter,
+  KeyManager,
   KmsExportKeyParams,
   KmsImportKeyParams,
-  KeyImporterExporter,
-  EnclosedVerifyParams,
+  Signer,
 } from '@enbox/crypto';
 
-import { LocalKeyManager, CryptoUtils } from '@enbox/crypto';
+import { CryptoUtils, LocalKeyManager } from '@enbox/crypto';
 
 import type { DidDocument } from './types/did-core.js';
 import type { DidMetadata, PortableDid } from './types/portable-did.js';
@@ -32,7 +32,8 @@ export interface BearerDidSigner extends Signer {
    *
    * Typically, this value is used to populate the `alg` field of a JWT or JWS header. The
    * registered algorithm names are defined in the
-   * {@link https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms | IANA JSON Web Signature and Encryption Algorithms registry}.
+    * {@link https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms |
+    * IANA JSON Web Signature and Encryption Algorithms registry}.
    *
    * @example
    * "ES256" // ECDSA using P-256 and SHA-256
@@ -76,13 +77,13 @@ export class BearerDid {
    *
    * Each DID method requires at least one key be present in the provided `keyManager`.
    */
-  keyManager: CryptoApi;
+  keyManager: KeyManager;
 
   constructor({ uri, document, metadata, keyManager }: {
     uri: string,
     document: DidDocument,
     metadata: DidMetadata,
-    keyManager: CryptoApi
+    keyManager: KeyManager
   }) {
     this.uri = uri;
     this.document = document;
@@ -129,7 +130,7 @@ export class BearerDid {
     }
 
     // Create a new `PortableDid` copy object to store the exported data.
-    let portableDid: PortableDid = JSON.parse(JSON.stringify({
+    const portableDid: PortableDid = JSON.parse(JSON.stringify({
       uri      : this.uri,
       document : this.document,
       metadata : this.metadata
@@ -138,7 +139,7 @@ export class BearerDid {
     // If the BearerDid's key manager supports exporting private keys, add them to the portable DID.
     if ('exportKey' in this.keyManager && typeof this.keyManager.exportKey === 'function') {
       const privateKeys: Jwk[] = [];
-      for (let vm of this.document.verificationMethod) {
+      for (const vm of this.document.verificationMethod) {
         if (!vm.publicKeyJwk) {
           throw new Error(`Verification method '${vm.id}' does not contain a public key in JWK format`);
         }
@@ -237,7 +238,7 @@ export class BearerDid {
    *         keys for any verification method are missing in the key manager.
    */
   public static async import({ portableDid, keyManager = new LocalKeyManager() }: {
-    keyManager?: CryptoApi & KeyImporterExporter<KmsImportKeyParams, KeyIdentifier, KmsExportKeyParams>;
+    keyManager?: KeyManager & KeyImporterExporter<KmsImportKeyParams, KeyIdentifier, KmsExportKeyParams>;
     portableDid: PortableDid;
   }): Promise<BearerDid> {
 
@@ -250,7 +251,7 @@ export class BearerDid {
     }
 
     // If given, import the private key material into the key manager.
-    for (let key of portableDid.privateKeys ?? []) {
+    for (const key of portableDid.privateKeys ?? []) {
 
       // confirm th key does not already exist before importing it to avoid failures from the key manager
       const keyUri = await keyManager.getKeyUri({ key });
@@ -262,7 +263,7 @@ export class BearerDid {
 
     // Validate that the key material for every verification method in the DID document is present
     // in the key manager.
-    for (let vm of verificationMethods) {
+    for (const vm of verificationMethods) {
       if (!vm.publicKeyJwk) {
         throw new Error(`Verification method '${vm.id}' does not contain a public key in JWK format`);
       }

package/src/did.ts

@@ -32,7 +32,9 @@ export class Did {
   static readonly FRAGMENT_PATTERN = `(#.*)?`;
   /** Regular expression pattern for matching all of the components of a DID URI. */
   static readonly DID_URI_PATTERN = new RegExp(
-    `^did:(?<method>${Did.METHOD_PATTERN}):(?<id>${Did.METHOD_ID_PATTERN})(?<path>${Did.PATH_PATTERN})(?<query>${Did.QUERY_PATTERN})(?<fragment>${Did.FRAGMENT_PATTERN})$`
+    '^did:(?<method>' + Did.METHOD_PATTERN + '):(?<id>' + Did.METHOD_ID_PATTERN + ')' +
+    '(?<path>' + Did.PATH_PATTERN + ')(?<query>' + Did.QUERY_PATTERN + ')' +
+    '(?<fragment>' + Did.FRAGMENT_PATTERN + ')$'
   );
 
   /**
@@ -141,13 +143,13 @@ export class Did {
    */
   static parse(didUri: string): Did | null {
     // Return null if the input string is empty or not provided.
-    if (!didUri) return null;
+    if (!didUri) {return null;}
 
     // Execute the regex pattern on the input string to extract URI components.
     const match = Did.DID_URI_PATTERN.exec(didUri);
 
     // If the pattern does not match, or if the required groups are not found, return null.
-    if (!match || !match.groups) return null;
+    if (!match || !match.groups) {return null;}
 
     // Extract the method, id, params, path, query, and fragment from the regex match groups.
     const { method, id, path, query, fragment } = match.groups;
@@ -160,13 +162,13 @@ export class Did {
     };
 
     // If path is present, add it to the Did object.
-    if (path) did.path = path;
+    if (path) {did.path = path;}
 
     // If query is present, add it to the Did object, removing the leading '?'.
-    if (query) did.query = query.slice(1);
+    if (query) {did.query = query.slice(1);}
 
     // If fragment is present, add it to the Did object, removing the leading '#'.
-    if (fragment) did.fragment = fragment.slice(1);
+    if (fragment) {did.fragment = fragment.slice(1);}
 
     // If query params are present, parse them into a key-value object and add to the Did object.
     if (query) {

package/src/index.ts

@@ -15,7 +15,9 @@ export * from './methods/did-method.js';
 export * from './methods/did-web.js';
 
 export * from './resolver/resolver-cache-level.js';
+export * from './resolver/resolver-cache-memory.js';
 export * from './resolver/resolver-cache-noop.js';
 export * from './resolver/universal-resolver.js';
 
+export { isPortableDid } from './utils.js';
 export * as utils from './utils.js';

package/src/methods/did-dht.ts

@@ -1,37 +1,37 @@
-import type { Packet, StringAnswer, TxtAnswer, TxtData } from '@dnsquery/dns-packet';
 import type {
+  AsymmetricKeyConverter,
   Jwk,
-  Signer,
-  CryptoApi,
   KeyIdentifier,
+  KeyImporterExporter,
+  KeyManager,
   KmsExportKeyParams,
   KmsImportKeyParams,
-  KeyImporterExporter,
-  AsymmetricKeyConverter,
+  Signer,
 } from '@enbox/crypto';
+import type { Packet, StringAnswer, TxtAnswer, TxtData } from '@dnsquery/dns-packet';
 
 import bencode from 'bencode';
 import { Convert } from '@enbox/common';
-import { computeJwkThumbprint, Ed25519, LocalKeyManager, Secp256k1, Secp256r1, X25519 } from '@enbox/crypto';
 import { AUTHORITATIVE_ANSWER, decode as dnsPacketDecode, encode as dnsPacketEncode } from '@dnsquery/dns-packet';
+import { computeJwkThumbprint, Ed25519, LocalKeyManager, Secp256k1, Secp256r1, X25519 } from '@enbox/crypto';
 
-import type { DidMetadata, PortableDid } from '../types/portable-did.js';
 import type { DidCreateOptions, DidCreateVerificationMethod, DidRegistrationResult } from './did-method.js';
 import type {
-  DidService,
   DidDocument,
-  DidResolutionResult,
   DidResolutionOptions,
+  DidResolutionResult,
+  DidService,
   DidVerificationMethod,
 } from '../types/did-core.js';
+import type { DidMetadata, PortableDid } from '../types/portable-did.js';
 
+import { BearerDid } from '../bearer-did.js';
 import { Did } from '../did.js';
 import { DidMethod } from './did-method.js';
-import { BearerDid } from '../bearer-did.js';
-import { extractDidFragment } from '../utils.js';
-import { DidError, DidErrorCode } from '../did-error.js';
 import { DidVerificationRelationship } from '../types/did-core.js';
 import { EMPTY_DID_RESOLUTION_RESULT } from '../types/did-resolution.js';
+import { extractDidFragment } from '../utils.js';
+import { DidError, DidErrorCode } from '../did-error.js';
 
 /**
  * Represents a BEP44 message, which is used for storing and retrieving data in the Mainline DHT
@@ -221,7 +221,7 @@ export type PreviousDidProof = {
  * The default DID DHT Gateway or Pkarr Relay server to use when publishing and resolving DID
  * documents.
  */
-const DEFAULT_GATEWAY_URI = 'https://did-dht-production.up.railway.app';
+const DEFAULT_GATEWAY_URI = process.env.DID_DHT_GATEWAY_URI || 'https://enbox-did-dht.fly.dev';
 
 /**
  * The version of the DID DHT specification that is implemented by this library.
@@ -506,7 +506,7 @@ export class DidDht extends DidMethod {
    * @param params.options - Optional parameters that can be specified when creating a new DID.
    * @returns A Promise resolving to a {@link BearerDid} object representing the new DID.
    */
-  public static async create<TKms extends CryptoApi | undefined = undefined>({
+  public static async create<TKms extends KeyManager | undefined = undefined>({
     keyManager = new LocalKeyManager(),
     options = {}
   }: {
@@ -552,7 +552,7 @@ export class DidDht extends DidMethod {
     if (!verificationMethodsToAdd?.some(vm => vm.id?.split('#').pop() === '0')) {
       // Add the Identity Key to the beginning of the key set.
       verificationMethodsToAdd.unshift({
-        algorithm : 'Ed25519' as any,
+        algorithm : 'Ed25519' as DidCreateVerificationMethod<TKms>['algorithm'],
         id        : '0',
         purposes  : ['authentication', 'assertionMethod', 'capabilityDelegation', 'capabilityInvocation']
       });
@@ -587,7 +587,7 @@ export class DidDht extends DidMethod {
       // Add the verification method to the specified purpose properties of the DID document.
       for (const purpose of verificationMethod.purposes ?? []) {
         // Initialize the purpose property if it does not already exist.
-        if (!document[purpose]) document[purpose] = [];
+        document[purpose] ??= [];
         // Add the verification method to the purpose property.
         document[purpose]!.push(methodId);
       }
@@ -648,7 +648,7 @@ export class DidDht extends DidMethod {
    *         manager.
    */
   public static async import({ portableDid, keyManager = new LocalKeyManager() }: {
-    keyManager?: CryptoApi & KeyImporterExporter<KmsImportKeyParams, KeyIdentifier, KmsExportKeyParams>;
+    keyManager?: KeyManager & KeyImporterExporter<KmsImportKeyParams, KeyIdentifier, KmsExportKeyParams>;
     portableDid: PortableDid;
   }): Promise<BearerDid> {
     // Verify the DID method is supported.
@@ -784,7 +784,7 @@ export class DidDht extends DidMethod {
 
     } catch (error: any) {
       // Rethrow any unexpected errors that are not a `DidError`.
-      if (!(error instanceof DidError)) throw new Error(error);
+      if (!(error instanceof DidError)) {throw new Error(error);}
 
       // Return a DID Resolution Result with the appropriate error code.
       return {
@@ -910,14 +910,14 @@ export class DidDhtDocument {
       }
 
     } catch (error: any) {
-      if (error instanceof DidError) throw error;
+      if (error instanceof DidError) {throw error;}
       throw new DidError(DidErrorCode.InternalError, `Failed to fetch Pkarr record: ${error.message}`);
     }
 
     // Read the Fetch Response stream into a byte array.
     const messageBytes = await response.arrayBuffer();
 
-    if(!messageBytes) {
+    if (!messageBytes) {
       throw new DidError(DidErrorCode.NotFound, `Pkarr record not found for: ${identifier}`);
     }
 
@@ -1010,7 +1010,7 @@ export class DidDhtDocument {
 
     for (const answer of dnsPacket?.answers ?? []) {
       // DID DHT properties are ONLY present in DNS TXT records.
-      if (answer.type !== 'TXT') continue;
+      if (answer.type !== 'TXT') {continue;}
 
       // Get the DID DHT record identifier (e.g., k0, aka, did, etc.) from the DNS resource name.
       const dnsRecordId = answer.name.split('.')[0].substring(1);
@@ -1051,11 +1051,11 @@ export class DidDhtDocument {
           const namedCurve = DidDhtRegisteredKeyType[Number(t)];
 
           // Convert the public key from a byte array to JWK format.
-          let publicKey = await DidDhtUtils.keyConverter(namedCurve).bytesToPublicKey({ publicKeyBytes });
+          const publicKey = await DidDhtUtils.keyConverter(namedCurve).bytesToPublicKey({ publicKeyBytes });
 
           publicKey.alg = parsedAlg || KeyTypeToDefaultAlgorithmMap[Number(t) as DidDhtRegisteredKeyType];
 
-          // TOOD: when this is complete https://github.com/TBD54566975/web5-js/issues/638 then we can add this back and
+          // TODO: when this is complete https://github.com/enboxorg/enbox/issues/638 then we can add this back and
           // update the test vectors kid back to '0'
           // if(dnsRecordId === 'k0') {
           //   publicKey.kid = '0';
@@ -1138,11 +1138,11 @@ export class DidDhtDocument {
           const { auth, asm, del, inv, agm } = DidDhtUtils.parseTxtDataToObject(answer.data);
 
           // Add the verification relationships, if any, to the DID document.
-          if (auth) didDocument.authentication = recordIdsToMethodIds(auth);
-          if (asm) didDocument.assertionMethod = recordIdsToMethodIds(asm);
-          if (del) didDocument.capabilityDelegation = recordIdsToMethodIds(del);
-          if (inv) didDocument.capabilityInvocation = recordIdsToMethodIds(inv);
-          if (agm) didDocument.keyAgreement = recordIdsToMethodIds(agm);
+          if (auth) {didDocument.authentication = recordIdsToMethodIds(auth);}
+          if (asm) {didDocument.assertionMethod = recordIdsToMethodIds(asm);}
+          if (del) {didDocument.capabilityDelegation = recordIdsToMethodIds(del);}
+          if (inv) {didDocument.capabilityInvocation = recordIdsToMethodIds(inv);}
+          if (agm) {didDocument.keyAgreement = recordIdsToMethodIds(agm);}
 
           break;
         }
@@ -1220,7 +1220,7 @@ export class DidDhtDocument {
     for (const [index, verificationMethod] of didDocument.verificationMethod?.entries() ?? []) {
       const dnsRecordId = `k${index}`;
       verificationMethodIds.push(dnsRecordId);
-      let methodId = verificationMethod.id.split('#').pop()!; // Remove fragment prefix, if any.
+      const methodId = verificationMethod.id.split('#').pop()!; // Remove fragment prefix, if any.
       idLookup.set(methodId, dnsRecordId);
 
       const publicKey = verificationMethod.publicKeyJwk;
@@ -1242,16 +1242,16 @@ export class DidDhtDocument {
       const txtData = [`t=${keyType}`, `k=${publicKeyBase64Url}`];
       // if the methodId is not the identity key or a thumbprint, explicity define the id within the DNS TXT record.
       // otherwise the id can be inferred from the thumbprint.
-      if (methodId !== '0' && await computeJwkThumbprint({ jwk: publicKey }) !== methodId)  {
+      if (methodId !== '0' && await computeJwkThumbprint({ jwk: publicKey }) !== methodId) {
         txtData.unshift(`id=${methodId}`);
       }
       // Only set the algorithm property (`a`) if it differs from the default algorithm for the key type.
-      if(publicKey.alg !== KeyTypeToDefaultAlgorithmMap[keyType]) {
+      if (publicKey.alg !== KeyTypeToDefaultAlgorithmMap[keyType]) {
         txtData.push(`a=${publicKey.alg}`);
       }
 
       // Add the controller property, if set to a value other than the Identity Key (DID Subject).
-      if (verificationMethod.controller !== didDocument.id) txtData.push(`c=${verificationMethod.controller}`);
+      if (verificationMethod.controller !== didDocument.id) {txtData.push(`c=${verificationMethod.controller}`);}
 
       // Add a TXT record for the verification method.
       txtRecords.push({
@@ -1298,8 +1298,8 @@ export class DidDhtDocument {
     // Add verification relationships to the root record.
     Object.keys(DidVerificationRelationship).forEach(relationship => {
       // Collect the verification method IDs for the given relationship.
-      const dnsRecordIds = (didDocument[relationship as keyof DidDocument] as any[])
-        ?.map(id => idLookup.get(id.split('#').pop()));
+      const dnsRecordIds = (didDocument[relationship as keyof DidDocument] as string[] | undefined)
+        ?.map((id: string): string | undefined => idLookup.get(id.split('#').pop()!));
 
       // If the relationship includes verification methods, add them to the root record.
       if (dnsRecordIds) {
@@ -1422,7 +1422,7 @@ export class DidDhtUtils {
     didUri: string
   }): Promise<Jwk> {
     // Decode the method-specific identifier from z-base-32 to a byte array.
-    let identityKeyBytes = DidDhtUtils.identifierToIdentityKeyBytes({ didUri });
+    const identityKeyBytes = DidDhtUtils.identifierToIdentityKeyBytes({ didUri });
 
     // Convert the byte array to a JWK.
     const identityKey = await Ed25519.bytesToPublicKey({ publicKeyBytes: identityKeyBytes });
@@ -1528,7 +1528,7 @@ export class DidDhtUtils {
 
     const converter = converters[curve];
 
-    if (!converter) throw new DidError(DidErrorCode.InvalidPublicKeyType, `Unsupported curve: ${curve}`);
+    if (!converter) {throw new DidError(DidErrorCode.InvalidPublicKeyType, `Unsupported curve: ${curve}`);}
 
     return converter;
   }
@@ -1609,7 +1609,7 @@ export class DidDhtUtils {
     const key = await DidDhtUtils.identifierToIdentityKey({ didUri: previousDidProof.previousDid });
     const data = DidDhtUtils.identifierToIdentityKeyBytes({ didUri: newDid });
     const signature = Convert.base64Url(previousDidProof.signature).toUint8Array();
-    const isValid = await Ed25519.verify({ key, data, signature  });
+    const isValid = await Ed25519.verify({ key, data, signature });
 
     if (!isValid) {
       throw new DidError(DidErrorCode.InvalidPreviousDidProof, 'The previous DID proof is invalid.');

package/src/methods/did-ion.ts

@@ -1,31 +1,38 @@
-import type { CryptoApi, Jwk, KeyIdentifier, KeyImporterExporter, KmsExportKeyParams, KmsImportKeyParams } from '@enbox/crypto';
 import type {
-  JwkEs256k,
   IonDocumentModel,
   IonPublicKeyModel,
   IonPublicKeyPurpose,
+  JwkEs256k,
 } from '@decentralized-identity/ion-sdk';
-
+import type {
+  Jwk,
+  KeyIdentifier,
+  KeyImporterExporter,
+  KeyManager,
+  KmsExportKeyParams,
+  KmsImportKeyParams,
+} from '@enbox/crypto';
+
+import { computeJwkThumbprint, LocalKeyManager } from '@enbox/crypto';
 import { IonDid, IonRequest } from '@decentralized-identity/ion-sdk';
-import { LocalKeyManager, computeJwkThumbprint } from '@enbox/crypto';
 
 import type { PortableDid } from '../types/portable-did.js';
 import type { DidCreateOptions, DidCreateVerificationMethod, DidRegistrationResult } from '../methods/did-method.js';
 import type {
-  DidService,
   DidDocument,
-  DidResolutionResult,
   DidResolutionOptions,
+  DidResolutionResult,
+  DidService,
   DidVerificationMethod,
   DidVerificationRelationship,
 } from '../types/did-core.js';
 
-import { Did } from '../did.js';
 import { BearerDid } from '../bearer-did.js';
+import { Did } from '../did.js';
 import { DidMethod } from '../methods/did-method.js';
-import { DidError, DidErrorCode } from '../did-error.js';
-import { getVerificationRelationshipsById } from '../utils.js';
 import { EMPTY_DID_RESOLUTION_RESULT } from '../types/did-resolution.js';
+import { getVerificationRelationshipsById } from '../utils.js';
+import { DidError, DidErrorCode } from '../did-error.js';
 
 /**
  * Options for creating a Decentralized Identifier (DID) using the DID ION method.
@@ -364,7 +371,7 @@ export class DidIon extends DidMethod {
    * @param params.options - Optional parameters that can be specified when creating a new DID.
    * @returns A Promise resolving to a {@link BearerDid} object representing the new DID.
    */
-  public static async create<TKms extends CryptoApi | undefined = undefined>({
+  public static async create<TKms extends KeyManager | undefined = undefined>({
     keyManager = new LocalKeyManager(),
     options = {}
   }: {
@@ -393,7 +400,7 @@ export class DidIon extends DidMethod {
 
     // If no verification methods were specified, generate a default Ed25519 verification method.
     const defaultVerificationMethod: DidCreateVerificationMethod<TKms> = {
-      algorithm : 'Ed25519' as any,
+      algorithm : 'Ed25519' as DidCreateVerificationMethod<TKms>['algorithm'],
       purposes  : ['authentication', 'assertionMethod', 'capabilityDelegation', 'capabilityInvocation']
     };
 
@@ -517,7 +524,7 @@ export class DidIon extends DidMethod {
    *         any verification method are missing in the key manager.
    */
   public static async import({ portableDid, keyManager = new LocalKeyManager() }: {
-    keyManager?: CryptoApi & KeyImporterExporter<KmsImportKeyParams, KeyIdentifier, KmsExportKeyParams>;
+    keyManager?: KeyManager & KeyImporterExporter<KmsImportKeyParams, KeyIdentifier, KmsExportKeyParams>;
     portableDid: PortableDid;
   }): Promise<BearerDid> {
     // Verify the DID method is supported.
@@ -613,7 +620,7 @@ export class DidIon extends DidMethod {
         didRegistrationMetadata: {}
       };
 
-    } catch (error: any) {
+    } catch {
       return {
         didDocument         : null,
         didDocumentMetadata : {
@@ -700,7 +707,7 @@ export class DidIon extends DidMethod {
 
     } catch (error: any) {
       // Rethrow any unexpected errors that are not a `DidError`.
-      if (!(error instanceof DidError)) throw new Error(error);
+      if (!(error instanceof DidError)) {throw new Error(error);}
 
       // Return a DID Resolution Result with the appropriate error code.
       return {
@@ -813,7 +820,8 @@ export class DidIonUtils {
    *
    * @param params - The parameters containing the services and verification methods to include in the ION document.
    * @param params.services - A list of service endpoints to be included in the DID document, specifying ways to interact with the DID subject.
-   * @param params.verificationMethods - A list of verification methods to be included, detailing the cryptographic keys and their intended uses within the DID document.
+   * @param params.verificationMethods - A list of verification methods to be included, detailing the
+   * cryptographic keys and their intended uses within the DID document.
    * @returns A Promise resolving to an `IonDocumentModel`, ready for use in Sidetree operations like DID creation and updates.
    */
   public static async createIonDocument({ services, verificationMethods }: {

package/src/methods/did-jwk.ts

@@ -1,11 +1,11 @@
 import type {
+  InferKeyGeneratorAlgorithm,
   Jwk,
-  CryptoApi,
   KeyIdentifier,
+  KeyImporterExporter,
+  KeyManager,
   KmsExportKeyParams,
   KmsImportKeyParams,
-  KeyImporterExporter,
-  InferKeyGeneratorAlgorithm,
 } from '@enbox/crypto';
 
 import { Convert } from '@enbox/common';
@@ -15,11 +15,11 @@ import type { PortableDid } from '../types/portable-did.js';
 import type { DidCreateOptions, DidCreateVerificationMethod } from './did-method.js';
 import type { DidDocument, DidResolutionOptions, DidResolutionResult, DidVerificationMethod } from '../types/did-core.js';
 
+import { BearerDid } from '../bearer-did.js';
 import { Did } from '../did.js';
 import { DidMethod } from './did-method.js';
-import { BearerDid } from '../bearer-did.js';
-import { DidError, DidErrorCode } from '../did-error.js';
 import { EMPTY_DID_RESOLUTION_RESULT } from '../types/did-resolution.js';
+import { DidError, DidErrorCode } from '../did-error.js';
 
 /**
  * Defines the set of options available when creating a new Decentralized Identifier (DID) with the
@@ -76,7 +76,7 @@ export interface DidJwkCreateOptions<TKms> extends DidCreateOptions<TKms> {
   /**
    * Optionally specify the algorithm to be used for key generation.
    */
-  algorithm?: TKms extends CryptoApi
+  algorithm?: TKms extends KeyManager
     ? InferKeyGeneratorAlgorithm<TKms>
     : InferKeyGeneratorAlgorithm<LocalKeyManager>;
 
@@ -193,7 +193,7 @@ export class DidJwk extends DidMethod {
    * @param params.options - Optional parameters that can be specified when creating a new DID.
    * @returns A Promise resolving to a {@link BearerDid} object representing the new DID.
    */
-  public static async create<TKms extends CryptoApi | undefined = undefined>({
+  public static async create<TKms extends KeyManager | undefined = undefined>({
     keyManager = new LocalKeyManager(),
     options = {}
   }: {
@@ -305,7 +305,7 @@ export class DidJwk extends DidMethod {
    * @throws An error if the DID document does not contain exactly one verification method.
    */
   public static async import({ portableDid, keyManager = new LocalKeyManager() }: {
-    keyManager?: CryptoApi & KeyImporterExporter<KmsImportKeyParams, KeyIdentifier, KmsExportKeyParams>;
+    keyManager?: KeyManager & KeyImporterExporter<KmsImportKeyParams, KeyIdentifier, KmsExportKeyParams>;
     portableDid: PortableDid;
   }): Promise<BearerDid> {
     // Verify the DID method is supported.
@@ -341,7 +341,7 @@ export class DidJwk extends DidMethod {
     // Attempt to decode the Base64URL-encoded JWK.
     let publicKey: Jwk | undefined;
     try {
-      publicKey = Convert.base64Url(parsedDid!.id).toObject() as Jwk;
+      publicKey = parsedDid ? Convert.base64Url(parsedDid.id).toObject() as Jwk : undefined;
     } catch { /* Consume the error so that a DID resolution error can be returned later. */ }
 
     // If parsing or decoding failed, the DID is invalid.