@enbox/dwn-sdk-js 0.0.3 → 0.0.5

package/src/handlers/protocols-configure.ts

@@ -4,7 +4,7 @@ import type { GenericMessageReply } from '../types/message-types.js';
 import type { MessageStore } from '../types//message-store.js';
 import type { MethodHandler } from '../types/method-handler.js';
 import type { StateIndex } from '../types/state-index.js';
-import type { ProtocolDefinition, ProtocolsConfigureMessage } from '../types/protocols-types.js';
+import type { ProtocolDefinition, ProtocolRuleSet, ProtocolsConfigureMessage } from '../types/protocols-types.js';
 
 import { authenticate } from '../core/auth.js';
 import { Message } from '../core/message.js';
@@ -187,7 +187,7 @@ export class ProtocolsConfigureHandler implements MethodHandler {
     }
 
     // Walk the structure and validate all $ref paths and cross-protocol role references
-    ProtocolsConfigureHandler.validateRefsAndRolesRecursively(definition.structure, '', referencedDefinitions);
+    ProtocolsConfigureHandler.validateRefsAndRolesRecursively(definition.structure as ProtocolRuleSet, '', referencedDefinitions);
   }
 
   /**
@@ -218,7 +218,7 @@ export class ProtocolsConfigureHandler implements MethodHandler {
    * - Cross-protocol `role` references point to valid `$role: true` paths in the referenced protocol
    */
   private static validateRefsAndRolesRecursively(
-    ruleSet: { [key: string]: any },
+    ruleSet: ProtocolRuleSet,
     protocolPath: string,
     referencedDefinitions: Map<string, ProtocolDefinition>
   ): void {
@@ -227,7 +227,7 @@ export class ProtocolsConfigureHandler implements MethodHandler {
         continue;
       }
 
-      const childRuleSet = ruleSet[key];
+      const childRuleSet = ruleSet[key] as ProtocolRuleSet;
       const childProtocolPath = protocolPath === '' ? key : `${protocolPath}/${key}`;
 
       // Validate $ref path exists in the referenced protocol

package/src/handlers/records-delete.ts

@@ -9,9 +9,11 @@ import { authenticate } from '../core/auth.js';
 import { DwnInterfaceName } from '../enums/dwn-interface-method.js';
 import { Message } from '../core/message.js';
 import { messageReplyFromError } from '../core/message-reply.js';
+import { PermissionsProtocol } from '../protocols/permissions.js';
 import { ProtocolAuthorization } from '../core/protocol-authorization.js';
 import { Records } from '../utils/records.js';
 import { RecordsDelete } from '../interfaces/records-delete.js';
+import { RecordsGrantAuthorization } from '../core/records-grant-authorization.js';
 import { RecordsWrite } from '../interfaces/records-write.js';
 import { ResumableTaskName } from '../core/resumable-task-manager.js';
 import { DwnError, DwnErrorCode } from '../core/dwn-error.js';
@@ -112,6 +114,16 @@ export class RecordsDeleteHandler implements MethodHandler {
 
     if (recordsDelete.author === tenant) {
       return;
+    } else if (recordsDelete.author !== undefined && recordsDelete.signaturePayload!.permissionGrantId !== undefined) {
+      const permissionGrant = await PermissionsProtocol.fetchGrant(tenant, messageStore, recordsDelete.signaturePayload!.permissionGrantId);
+      await RecordsGrantAuthorization.authorizeDelete({
+        recordsDeleteMessage : recordsDelete.message,
+        recordsWriteToDelete : recordsWrite.message,
+        expectedGrantor      : tenant,
+        expectedGrantee      : recordsDelete.author,
+        permissionGrant,
+        messageStore,
+      });
     } else if (recordsWrite.message.descriptor.protocol !== undefined) {
       await ProtocolAuthorization.authorizeDelete(tenant, recordsDelete, recordsWrite, messageStore);
     } else {

package/src/handlers/records-subscribe.ts

@@ -1,17 +1,21 @@
 import type { DidResolver } from '@enbox/dids';
-import type { Filter } from '../types/query-types.js';
+import type { MessageSort } from '../types/message-types.js';
 import type { MessageStore } from '../types//message-store.js';
 import type { MethodHandler } from '../types/method-handler.js';
 import type { EventListener, EventStream } from '../types/subscriptions.js';
-import type { RecordEvent, RecordsSubscribeMessage, RecordsSubscribeReply, RecordSubscriptionHandler } from '../types/records-types.js';
+import type { Filter, PaginationCursor } from '../types/query-types.js';
+import type { RecordEvent, RecordsQueryReplyEntry, RecordsSubscribeMessage, RecordsSubscribeReply, RecordSubscriptionHandler } from '../types/records-types.js';
 
 import { authenticate } from '../core/auth.js';
+import { DateSort } from '../types/records-types.js';
 import { FilterUtility } from '../utils/filter.js';
 import { Message } from '../core/message.js';
 import { messageReplyFromError } from '../core/message-reply.js';
 import { ProtocolAuthorization } from '../core/protocol-authorization.js';
 import { Records } from '../utils/records.js';
 import { RecordsSubscribe } from '../interfaces/records-subscribe.js';
+import { RecordsWrite } from '../interfaces/records-write.js';
+import { SortDirection } from '../types/query-types.js';
 import { DwnError, DwnErrorCode } from '../core/dwn-error.js';
 import { DwnInterfaceName, DwnMethodName } from '../enums/dwn-interface-method.js';
 
@@ -42,11 +46,13 @@ export class RecordsSubscribeHandler implements MethodHandler {
       return messageReplyFromError(e, 400);
     }
 
-    let filters:Filter[] = [];
+    let eventFilters: Filter[] = [];
+    let queryFilters: Filter[] = [];
+
     // if this is an anonymous subscribe and the filter supports published records, subscribe to only published records
     if (Records.filterIncludesPublishedRecords(recordsSubscribe.message.descriptor.filter) && recordsSubscribe.author === undefined) {
-      // build filters for a stream of published records
-      filters = [ RecordsSubscribeHandler.buildPublishedRecordsFilter(recordsSubscribe) ];
+      eventFilters = [RecordsSubscribeHandler.buildPublishedEventFilter(recordsSubscribe)];
+      queryFilters = [RecordsSubscribeHandler.buildPublishedQueryFilter(recordsSubscribe)];
       // delete the undefined authorization property else the code will encounter the following IPLD issue when attempting to generate CID:
       // Error: `undefined` is not supported by the IPLD Data Model and cannot be encoded
       delete message.authorization;
@@ -60,138 +66,231 @@ export class RecordsSubscribeHandler implements MethodHandler {
       }
 
       if (recordsSubscribe.author === tenant) {
-        // if the subscribe author is the tenant, filter as owner.
-        filters = await RecordsSubscribeHandler.filterAsOwner(recordsSubscribe);
+        eventFilters = RecordsSubscribeHandler.buildOwnerEventFilters(recordsSubscribe);
+        queryFilters = RecordsSubscribeHandler.buildOwnerQueryFilters(recordsSubscribe);
       } else {
-        // otherwise build filters based on published records, permissions, or protocol rules
-        filters = await RecordsSubscribeHandler.filterAsNonOwner(recordsSubscribe);
+        eventFilters = RecordsSubscribeHandler.buildNonOwnerEventFilters(recordsSubscribe);
+        queryFilters = RecordsSubscribeHandler.buildNonOwnerQueryFilters(recordsSubscribe);
       }
     }
 
+    // Step 1: Register event listener FIRST to ensure no events are missed between query and subscribe
     const listener: EventListener = (eventTenant, event, eventIndexes):void => {
-      if (tenant === eventTenant && FilterUtility.matchAnyFilter(eventIndexes, filters)) {
-        // the filters check for interface and method
-        // if matched the message is either a `RecordsWriteMessage` or `RecordsDeleteMessage` so we cast the event to a `RecordEvent`
+      if (tenant === eventTenant && FilterUtility.matchAnyFilter(eventIndexes, eventFilters)) {
         subscriptionHandler(event as RecordEvent);
       }
     };
 
     const messageCid = await Message.getCid(message);
     const subscription = await this.eventStream.subscribe(tenant, messageCid, listener);
+
+    // Step 2: Query for initial snapshot of matching records
+    let entries: RecordsQueryReplyEntry[];
+    let cursor: PaginationCursor | undefined;
+    try {
+      const { dateSort, pagination } = recordsSubscribe.message.descriptor;
+      const messageSort = RecordsSubscribeHandler.convertDateSort(dateSort);
+      const queryResult = await this.messageStore.query(tenant, queryFilters, messageSort, pagination);
+      entries = queryResult.messages as RecordsQueryReplyEntry[];
+      cursor = queryResult.cursor;
+
+      // attach initialWrite for non-initial writes
+      for (const entry of entries) {
+        if (!await RecordsWrite.isInitialWrite(entry)) {
+          const initialWriteResult = await this.messageStore.query(
+            tenant,
+            [{ recordId: entry.recordId, isLatestBaseState: false, method: DwnMethodName.Write }]
+          );
+          const initialWrite = initialWriteResult.messages[0] as RecordsQueryReplyEntry;
+          delete initialWrite.encodedData;
+          entry.initialWrite = initialWrite;
+        }
+      }
+    } catch (error) {
+      // if the query fails, close the subscription and return the error
+      await subscription.close();
+      return messageReplyFromError(error, 500);
+    }
+
+    // Step 3: Return subscription + initial entries + cursor
     return {
       status: { code: 200, detail: 'OK' },
-      subscription
+      subscription,
+      entries,
+      cursor
     };
   }
 
   /**
-   * Subscribe to records as the owner of the DWN with no additional filtering.
+   * Convert an incoming DateSort to a sort type accepted by MessageStore.
+   * Defaults to `dateCreated` ascending if no sort is supplied.
    */
-  private static async filterAsOwner(RecordsSubscribe: RecordsSubscribe): Promise<Filter[]> {
-    const { filter } = RecordsSubscribe.message.descriptor;
+  private static convertDateSort(dateSort?: DateSort): MessageSort {
+    switch (dateSort) {
+    case DateSort.CreatedAscending:
+      return { dateCreated: SortDirection.Ascending };
+    case DateSort.CreatedDescending:
+      return { dateCreated: SortDirection.Descending };
+    case DateSort.PublishedAscending:
+      return { datePublished: SortDirection.Ascending };
+    case DateSort.PublishedDescending:
+      return { datePublished: SortDirection.Descending };
+    case DateSort.UpdatedAscending:
+      return { messageTimestamp: SortDirection.Ascending };
+    case DateSort.UpdatedDescending:
+      return { messageTimestamp: SortDirection.Descending };
+    default:
+      return { dateCreated: SortDirection.Ascending };
+    }
+  }
+
+  // =============================================
+  // Event filters (for live subscription)
+  // These match Write+Delete and do NOT use isLatestBaseState
+  // =============================================
 
-    const subscribeFilter = {
+  /**
+   * Build event filters for owner: all matching Write+Delete events.
+   */
+  private static buildOwnerEventFilters(recordsSubscribe: RecordsSubscribe): Filter[] {
+    const { filter } = recordsSubscribe.message.descriptor;
+    return [{
       ...Records.convertFilter(filter),
       interface : DwnInterfaceName.Records,
-      method    : [ DwnMethodName.Write, DwnMethodName.Delete ], // we filter for both write and delete so that subscriber can update state.
-    };
-
-    return [ subscribeFilter ];
+      method    : [DwnMethodName.Write, DwnMethodName.Delete],
+    }];
   }
 
   /**
-   * Creates filters in order to subscribe to records as a non-owner.
-   *
-   * Filters can support emitting messages for both published and unpublished records,
-   * as well as explicitly only published or only unpublished records.
-   *
-   * A) BOTH published and unpublished:
-   *    1. published records; and
-   *    2. unpublished records intended for the subscription author (where `recipient` is the subscription author); and
-   *    3. unpublished records authorized by a protocol rule.
-   *
-   * B) PUBLISHED:
-   *    1. only published records;
-   *
-   * C) UNPUBLISHED:
-   *    1. unpublished records intended for the subscription author (where `recipient` is the subscription author); and
-   *    2. unpublished records authorized by a protocol rule.
+   * Build event filters for non-owner with visibility rules.
    */
-  private static async filterAsNonOwner(
-    recordsSubscribe: RecordsSubscribe
-  ): Promise<Filter[]> {
-    const filters:Filter[] = [];
+  private static buildNonOwnerEventFilters(recordsSubscribe: RecordsSubscribe): Filter[] {
+    const filters: Filter[] = [];
     const { filter } = recordsSubscribe.message.descriptor;
     if (Records.filterIncludesPublishedRecords(filter)) {
-      filters.push(RecordsSubscribeHandler.buildPublishedRecordsFilter(recordsSubscribe));
+      filters.push(RecordsSubscribeHandler.buildPublishedEventFilter(recordsSubscribe));
     }
 
     if (Records.filterIncludesUnpublishedRecords(filter)) {
       if (Records.shouldBuildUnpublishedAuthorFilter(filter, recordsSubscribe.author!)) {
-        filters.push(RecordsSubscribeHandler.buildUnpublishedRecordsBySubscribeAuthorFilter(recordsSubscribe));
+        filters.push({
+          ...Records.convertFilter(filter),
+          author    : recordsSubscribe.author!,
+          interface : DwnInterfaceName.Records,
+          method    : [DwnMethodName.Write, DwnMethodName.Delete],
+          published : false,
+        });
       }
 
       if (Records.shouldProtocolAuthorize(recordsSubscribe.signaturePayload!)) {
-        filters.push(RecordsSubscribeHandler.buildUnpublishedProtocolAuthorizedRecordsFilter(recordsSubscribe));
+        filters.push({
+          ...Records.convertFilter(filter),
+          interface : DwnInterfaceName.Records,
+          method    : [DwnMethodName.Write, DwnMethodName.Delete],
+          published : false,
+        });
       }
 
       if (Records.shouldBuildUnpublishedRecipientFilter(filter, recordsSubscribe.author!)) {
-        filters.push(RecordsSubscribeHandler.buildUnpublishedRecordsForSubscribeAuthorFilter(recordsSubscribe));
+        filters.push({
+          ...Records.convertFilter(filter),
+          interface : DwnInterfaceName.Records,
+          method    : [DwnMethodName.Write, DwnMethodName.Delete],
+          recipient : recordsSubscribe.author!,
+          published : false,
+        });
       }
     }
     return filters;
   }
 
   /**
-   * Creates a filter for all published records matching the subscribe
+   * Build a published-only event filter (Write+Delete).
    */
-  private static buildPublishedRecordsFilter(recordsSubscribe: RecordsSubscribe): Filter {
+  private static buildPublishedEventFilter(recordsSubscribe: RecordsSubscribe): Filter {
     return {
       ...Records.convertFilter(recordsSubscribe.message.descriptor.filter),
       interface : DwnInterfaceName.Records,
-      method    : [ DwnMethodName.Write, DwnMethodName.Delete ],
+      method    : [DwnMethodName.Write, DwnMethodName.Delete],
       published : true,
     };
   }
 
+  // =============================================
+  // Query filters (for initial snapshot)
+  // These match Write only and use isLatestBaseState: true
+  // =============================================
+
   /**
-   * Creates a filter for unpublished records that are intended for the subscribe author (where `recipient` is the author).
+   * Build query filters for owner: latest writes matching the filter.
    */
-  private static buildUnpublishedRecordsForSubscribeAuthorFilter(recordsSubscribe: RecordsSubscribe): Filter {
-    // include records where recipient is subscribe author
-    return {
-      ...Records.convertFilter(recordsSubscribe.message.descriptor.filter),
-      interface : DwnInterfaceName.Records,
-      method    : [ DwnMethodName.Write, DwnMethodName.Delete ],
-      recipient : recordsSubscribe.author!,
-      published : false
-    };
+  private static buildOwnerQueryFilters(recordsSubscribe: RecordsSubscribe): Filter[] {
+    const { dateSort, filter } = recordsSubscribe.message.descriptor;
+    return [{
+      ...Records.convertFilter(filter, dateSort),
+      interface         : DwnInterfaceName.Records,
+      method            : DwnMethodName.Write,
+      isLatestBaseState : true,
+    }];
   }
 
   /**
-   * Creates a filter for unpublished records that are within the specified protocol.
-   * Validation that `protocol` and other required protocol-related fields occurs before this method.
+   * Build query filters for non-owner with visibility rules.
    */
-  private static buildUnpublishedProtocolAuthorizedRecordsFilter(recordsSubscribe: RecordsSubscribe): Filter {
-    return {
-      ...Records.convertFilter(recordsSubscribe.message.descriptor.filter),
-      interface : DwnInterfaceName.Records,
-      method    : [ DwnMethodName.Write, DwnMethodName.Delete ],
-      published : false
-    };
+  private static buildNonOwnerQueryFilters(recordsSubscribe: RecordsSubscribe): Filter[] {
+    const filters: Filter[] = [];
+    const { dateSort, filter } = recordsSubscribe.message.descriptor;
+    if (Records.filterIncludesPublishedRecords(filter)) {
+      filters.push(RecordsSubscribeHandler.buildPublishedQueryFilter(recordsSubscribe));
+    }
+
+    if (Records.filterIncludesUnpublishedRecords(filter)) {
+      if (Records.shouldBuildUnpublishedAuthorFilter(filter, recordsSubscribe.author!)) {
+        filters.push({
+          ...Records.convertFilter(filter, dateSort),
+          author            : recordsSubscribe.author!,
+          interface         : DwnInterfaceName.Records,
+          method            : DwnMethodName.Write,
+          isLatestBaseState : true,
+          published         : false,
+        });
+      }
+
+      if (Records.shouldProtocolAuthorize(recordsSubscribe.signaturePayload!)) {
+        filters.push({
+          ...Records.convertFilter(filter, dateSort),
+          interface         : DwnInterfaceName.Records,
+          method            : DwnMethodName.Write,
+          isLatestBaseState : true,
+          published         : false,
+        });
+      }
+
+      if (Records.shouldBuildUnpublishedRecipientFilter(filter, recordsSubscribe.author!)) {
+        filters.push({
+          ...Records.convertFilter(filter, dateSort),
+          interface         : DwnInterfaceName.Records,
+          method            : DwnMethodName.Write,
+          recipient         : recordsSubscribe.author!,
+          isLatestBaseState : true,
+          published         : false,
+        });
+      }
+    }
+    return filters;
   }
 
   /**
-   * Creates a filter for only unpublished records where the author is the same as the subscribe author.
+   * Build a published-only query filter (latest writes).
    */
-  private static buildUnpublishedRecordsBySubscribeAuthorFilter(recordsSubscribe: RecordsSubscribe): Filter {
-    // include records where author is the same as the subscribe author
+  private static buildPublishedQueryFilter(recordsSubscribe: RecordsSubscribe): Filter {
+    const { dateSort, filter } = recordsSubscribe.message.descriptor;
     return {
-      ...Records.convertFilter(recordsSubscribe.message.descriptor.filter),
-      author    : recordsSubscribe.author!,
-      interface : DwnInterfaceName.Records,
-      method    : [ DwnMethodName.Write, DwnMethodName.Delete ],
-      published : false
+      ...Records.convertFilter(filter, dateSort),
+      interface         : DwnInterfaceName.Records,
+      method            : DwnMethodName.Write,
+      published         : true,
+      isLatestBaseState : true,
     };
   }
 

package/src/handlers/records-write.ts

@@ -53,7 +53,7 @@ export class RecordsWriteHandler implements MethodHandler {
 
     // authentication & authorization
     try {
-      await authenticate(message.authorization, this.didResolver);
+      await authenticate(message.authorization, this.didResolver, message.attestation);
       await RecordsWriteHandler.authorizeRecordsWrite(tenant, recordsWrite, this.messageStore);
     } catch (e) {
       return messageReplyFromError(e, 401);

package/src/index.ts

@@ -4,8 +4,8 @@ export type { EventListener, EventStream, EventSubscription, MessageEvent, Subsc
 export type { AuthorizationModel, Descriptor, DelegatedGrantRecordsWriteMessage, GenericMessage, GenericMessageReply, GenericSignaturePayload, MessageSort, MessageSubscription, Pagination, QueryResultEntry, Status } from './types/message-types.js';
 export type { MessagesFilter, MessagesReadMessage as MessagesReadMessage, MessagesReadReply as MessagesReadReply, MessagesReadReplyEntry as MessagesReadReplyEntry, MessagesReadDescriptor, MessagesSubscribeDescriptor, MessagesSubscribeMessage, MessagesSubscribeReply, MessageSubscriptionHandler, MessagesSubscribeMessageOptions, MessagesSyncAction, MessagesSyncDescriptor, MessagesSyncMessage, MessagesSyncReply } from './types/messages-types.js';
 export type { GT, LT, Filter, FilterValue, KeyValues, EqualFilter, OneOfFilter, RangeFilter, RangeCriterion, PaginationCursor, QueryOptions, RangeValue, StartsWithFilter } from './types/query-types.js';
-export type { ProtocolsConfigureDescriptor, ProtocolDefinition, ProtocolTypes, ProtocolRuleSet, ProtocolsQueryFilter, ProtocolsConfigureMessage, ProtocolsQueryMessage, ProtocolsQueryReply, ProtocolActionRule, ProtocolPathEncryption, ProtocolsQueryDescriptor, ProtocolType, ProtocolUses } from './types/protocols-types.js';
-export type { DataEncodedRecordsWriteMessage, EncryptedKey, EncryptionProperty, RecordsCountDescriptor, RecordsCountMessage, RecordsCountReply, RecordsDeleteMessage, RecordsFilter, RecordsQueryMessage, RecordsQueryReply, RecordsQueryReplyEntry, RecordsReadMessage, RecordsReadReply, RecordsSubscribeDescriptor, RecordsSubscribeMessage, RecordsSubscribeReply, RecordSubscriptionHandler, RecordsWriteDescriptor, RecordsWriteTags, RecordsWriteTagValue, RecordsWriteMessage, RecordsWriteSignaturePayload, RecordsDeleteDescriptor, RecordsQueryDescriptor, RecordsReadDescriptor, RecordsSubscribeMessageOptions, RecordsWriteMessageOptions, InternalRecordsWriteMessage, RecordEvent, RecordsWriteTagsFilter } from './types/records-types.js';
+export type { ProtocolsConfigureDescriptor, ProtocolDefinition, ProtocolTypes, ProtocolRuleSet, ProtocolsQueryFilter, ProtocolsConfigureMessage, ProtocolsQueryMessage, ProtocolsQueryReply, ProtocolActionRule, ProtocolPathEncryption, ProtocolsQueryDescriptor, ProtocolSizeDefinition, ProtocolTagsDefinition, ProtocolTagSchema, ProtocolType, ProtocolUses } from './types/protocols-types.js';
+export type { DataEncodedRecordsWriteMessage, RecordsCountDescriptor, RecordsCountMessage, RecordsCountReply, RecordsDeleteMessage, RecordsFilter, RecordsQueryMessage, RecordsQueryReply, RecordsQueryReplyEntry, RecordsReadMessage, RecordsReadReply, RecordsSubscribeDescriptor, RecordsSubscribeMessage, RecordsSubscribeReply, RecordSubscriptionHandler, RecordsWriteDescriptor, RecordsWriteTags, RecordsWriteTagValue, RecordsWriteMessage, RecordsWriteSignaturePayload, RecordsDeleteDescriptor, RecordsQueryDescriptor, RecordsReadDescriptor, RecordsSubscribeMessageOptions, RecordsWriteMessageOptions, InternalRecordsWriteMessage, RecordEvent, RecordsWriteTagsFilter } from './types/records-types.js';
 export type { GeneralJws, SignatureEntry } from './types/jws-types.js';
 export { authenticate } from './core/auth.js';
 export { AllowAllTenantGate } from './core/tenant-gate.js';
@@ -28,8 +28,8 @@ export { DwnInterfaceName, DwnMethodName } from './enums/dwn-interface-method.js
 export { Encoder } from './utils/encoder.js';
 export { MessagesSubscribe as MessagesSubscribe } from './interfaces/messages-subscribe.js';
 export type { MessagesSubscribeOptions as MessagesSubscribeOptions } from './interfaces/messages-subscribe.js';
-export { Encryption, EncryptionAlgorithm } from './utils/encryption.js';
-export type { EciesEncryptionOutput, EciesEncryptionInput } from './utils/encryption.js';
+export { Encryption, ContentEncryptionAlgorithm, KeyAgreementAlgorithm } from './utils/encryption.js';
+export type { JweEncryption, JweRecipient, JweRecipientHeader, JweProtectedHeader, JweKeyUnwrapPayload } from './utils/encryption.js';
 export { RecordsWrite } from './interfaces/records-write.js';
 export type { EncryptionInput, KeyEncryptionInput, RecordsWriteOptions, CreateFromOptions } from './interfaces/records-write.js';
 export { executeUnlessAborted } from './utils/abort.js';

package/src/interfaces/protocols-configure.ts

@@ -143,11 +143,11 @@ export class ProtocolsConfigure extends AbstractMessage<ProtocolsConfigureMessag
     const recordTypes = Object.keys(definition.types);
 
     // gather all roles (local roles only — cross-protocol roles are validated by alias existence)
-    const roles = ProtocolsConfigure.fetchAllRolePathsRecursively('', definition.structure, []);
+    const roles = ProtocolsConfigure.fetchAllRolePathsRecursively('', definition.structure as ProtocolRuleSet, []);
 
     // validate the entire rule set structure recursively
     ProtocolsConfigure.validateRuleSetRecursively({
-      ruleSet             : definition.structure,
+      ruleSet             : definition.structure as ProtocolRuleSet,
       ruleSetProtocolPath : '',
       recordTypes,
       roles,
@@ -172,7 +172,7 @@ export class ProtocolsConfigure extends AbstractMessage<ProtocolsConfigureMessag
         continue;
       }
 
-      const childRuleSet = ruleSet[recordType];
+      const childRuleSet = ruleSet[recordType] as ProtocolRuleSet;
 
       let childRuleSetProtocolPath;
       if (ruleSetProtocolPath === '') {
@@ -233,7 +233,7 @@ export class ProtocolsConfigure extends AbstractMessage<ProtocolsConfigureMessag
       for (const tag in tagProperties) {
         const tagSchemaDefinition = tagProperties[tag];
 
-        if (!ajv.validateSchema(tagSchemaDefinition)) {
+        if (!ajv.validateSchema(tagSchemaDefinition as Record<string, unknown>)) {
           const schemaError = ajv.errorsText(ajv.errors, { dataVar: `${ruleSetProtocolPath}/$tags/${tag}` });
           throw new DwnError(DwnErrorCode.ProtocolsConfigureInvalidTagSchema, `tags schema validation error: ${schemaError}`);
         }
@@ -376,7 +376,7 @@ export class ProtocolsConfigure extends AbstractMessage<ProtocolsConfigureMessag
         continue;
       }
 
-      const childRuleSet = ruleSet[recordType];
+      const childRuleSet = ruleSet[recordType] as ProtocolRuleSet;
 
       // A structure key whose rule set has `$ref` does not need to be in the local `types` map —
       // the type comes from the referenced protocol. All other keys must be in `types`.

package/src/interfaces/records-delete.ts

@@ -23,6 +23,11 @@ export type RecordsDeleteOptions = {
    */
   prune?: boolean
 
+  /**
+   * The ID of the permission grant authorizing this delete.
+   */
+  permissionGrantId?: string;
+
   /**
    * The delegated grant to sign on behalf of the logical author, which is the grantor (`grantedBy`) of the delegated grant.
    */
@@ -64,9 +69,10 @@ export class RecordsDelete extends AbstractMessage<RecordsDeleteMessage> {
 
     const authorization = await Message.createAuthorization({
       descriptor,
-      signer         : options.signer,
-      protocolRole   : options.protocolRole,
-      delegatedGrant : options.delegatedGrant
+      signer            : options.signer,
+      protocolRole      : options.protocolRole,
+      permissionGrantId : options.permissionGrantId,
+      delegatedGrant    : options.delegatedGrant
     });
     const message: RecordsDeleteMessage = { descriptor, authorization };
 

package/src/interfaces/records-subscribe.ts

@@ -1,6 +1,7 @@
 import type { MessageSigner } from '../types/signer.js';
 import type { MessageStore } from '../types/message-store.js';
-import type { DataEncodedRecordsWriteMessage, RecordsFilter, RecordsSubscribeDescriptor, RecordsSubscribeMessage } from '../types/records-types.js';
+import type { Pagination } from '../types/message-types.js';
+import type { DataEncodedRecordsWriteMessage, DateSort, RecordsFilter, RecordsSubscribeDescriptor, RecordsSubscribeMessage } from '../types/records-types.js';
 
 import { AbstractMessage } from '../core/abstract-message.js';
 import { Message } from '../core/message.js';
@@ -16,6 +17,8 @@ import { validateProtocolUrlNormalized, validateSchemaUrlNormalized } from '../u
 export type RecordsSubscribeOptions = {
   messageTimestamp?: string;
   filter: RecordsFilter;
+  dateSort?: DateSort;
+  pagination?: Pagination;
   signer?: MessageSigner;
   protocolRole?: string;
 
@@ -63,6 +66,8 @@ export class RecordsSubscribe extends AbstractMessage<RecordsSubscribeMessage> {
       method           : DwnMethodName.Subscribe,
       messageTimestamp : options.messageTimestamp ?? Time.getCurrentTimestamp(),
       filter           : Records.normalizeFilter(options.filter),
+      dateSort         : options.dateSort,
+      pagination       : options.pagination,
     };
 
     // delete all descriptor properties that are `undefined` else the code will encounter the following IPLD issue when attempting to generate CID: