@hashgraphonline/standards-sdk 0.1.160 → 0.1.161

package/dist/es/standards-sdk.es61.js

@@ -1,185 +1,115 @@
-import { nodeDnsTxtLookup } from "./standards-sdk.es64.js";
-import { isFqdn, normalizeDomain, parseSemicolonFields } from "./standards-sdk.es164.js";
-const AID_DNS_WEB_PROFILE_ID = "hcs-14.profile.aid-dns-web";
-function buildErrorProfile(uaid, code, message, details) {
-  const error = {
-    code,
-    message,
-    details
-  };
-  return {
-    id: uaid,
-    error,
-    metadata: {
-      profile: AID_DNS_WEB_PROFILE_ID,
-      resolved: false
-    }
-  };
+import { HCS11Client } from "./standards-sdk.es27.js";
+import { parseHederaCaip10 } from "./standards-sdk.es57.js";
+function toHcs11Network(network) {
+  if (network === "mainnet" || network === "testnet") {
+    return network;
+  }
+  return null;
 }
-function parseRecord(rawRecord, supportedSchemes) {
-  const fields = parseSemicolonFields(rawRecord);
-  const version = fields["v"];
-  const protocol = fields["p"] ?? fields["proto"];
-  const endpoint = fields["u"];
-  if (!version || !protocol || !endpoint) {
-    return { code: "ERR_INVALID_AID_RECORD" };
+function parseNativeIdNetworkAndAccount(nativeId) {
+  try {
+    const parsed = parseHederaCaip10(nativeId);
+    const network = toHcs11Network(parsed.network);
+    if (!network) {
+      return null;
+    }
+    return { network, accountId: parsed.accountId };
+  } catch (_error) {
+    return null;
   }
-  if (!version.toLowerCase().startsWith("aid")) {
-    return { code: "ERR_INVALID_AID_RECORD" };
+}
+function getDidNetworkAndAccount(did, context) {
+  const nativeId = context?.parsedUaid?.params["nativeId"];
+  if (nativeId) {
+    const resolvedNativeId = parseNativeIdNetworkAndAccount(nativeId);
+    if (resolvedNativeId) {
+      return resolvedNativeId;
+    }
   }
-  let parsedUrl;
-  try {
-    parsedUrl = new URL(endpoint);
-  } catch {
-    return { code: "ERR_ENDPOINT_INVALID" };
+  const didMatch = did.match(/^did:hedera:(mainnet|testnet):(.+)$/);
+  if (!didMatch) {
+    return null;
   }
-  const scheme = parsedUrl.protocol.replace(/:$/, "").toLowerCase();
-  if (!supportedSchemes.has(scheme)) {
-    return { code: "ERR_ENDPOINT_INVALID" };
+  const network = toHcs11Network(didMatch[1]);
+  if (!network) {
+    return null;
   }
   return {
-    record: {
-      version,
-      protocol,
-      endpoint: parsedUrl.toString(),
-      publicKey: fields["k"],
-      keyId: fields["i"]
-    }
+    network,
+    accountId: didMatch[2]
   };
 }
-function deterministicRecordKey(record) {
-  return `${record.protocol}|${record.endpoint}|${record.publicKey ?? ""}|${record.keyId ?? ""}`;
-}
-function verificationMethodForLevel(verificationLevel) {
-  if (verificationLevel === "cryptographic") {
-    return "aid-pka";
-  }
-  if (verificationLevel === "metadata") {
-    return "metadata-match";
+function buildHcs10Service(id, network, accountId, topicInfo) {
+  if (!topicInfo) {
+    return null;
   }
-  return void 0;
+  return {
+    id: `${id}#hcs10`,
+    type: "HCS10Service",
+    serviceEndpoint: {
+      network,
+      accountId,
+      inboundTopicId: topicInfo.inboundTopic || void 0,
+      outboundTopicId: topicInfo.outboundTopic || void 0,
+      profileTopicId: topicInfo.profileTopicId || void 0
+    }
+  };
 }
-class AidDnsWebProfileResolver {
-  constructor(options = {}) {
-    this.profile = AID_DNS_WEB_PROFILE_ID;
+class HCS11ProfileResolver {
+  constructor() {
     this.meta = {
-      id: "hcs-14/aid-dns-web",
-      didMethods: ["*"],
-      displayName: "HCS-14 AID DNS/Web Profile",
-      description: "Resolves uaid:aid identifiers via _agent.<nativeId> DNS TXT records and protocol endpoint hints."
+      id: "hedera/hcs11-profile-resolver",
+      didMethods: ["hedera"],
+      caip2Networks: ["hedera:mainnet", "hedera:testnet"],
+      caip10Namespaces: ["hedera"],
+      displayName: "Hedera (HCS-11 Profile Resolver)",
+      description: "Resolves HCS-11 protocol profiles and HCS-10 service metadata for did:hedera identifiers."
     };
-    this.dnsLookup = options.dnsLookup ?? nodeDnsTxtLookup;
-    this.supportedSchemes = new Set(
-      (options.supportedUriSchemes ?? ["https", "http", "wss", "ws"]).map(
-        (scheme) => scheme.toLowerCase()
-      )
-    );
-    this.metadataVerifier = options.metadataVerifier;
-    this.cryptographicVerifier = options.cryptographicVerifier;
   }
-  supports(_uaid, parsed) {
-    if (parsed.method !== "aid") {
-      return false;
-    }
-    const nativeId = parsed.params["nativeId"];
-    return !!nativeId && isFqdn(nativeId);
+  supports(did) {
+    return /^did:hedera:(mainnet|testnet):/.test(did);
   }
-  async resolveProfile(uaid, context) {
-    const parsed = context.parsedUaid;
-    if (parsed.method !== "aid") {
-      return null;
-    }
-    const nativeId = parsed.params["nativeId"];
-    if (!nativeId || !isFqdn(nativeId)) {
+  async resolveProfile(did, context) {
+    const networkAndAccount = getDidNetworkAndAccount(did, context);
+    if (!networkAndAccount) {
       return null;
     }
-    const normalizedNativeId = normalizeDomain(nativeId);
-    const dnsName = `_agent.${normalizedNativeId}`;
-    const txtRecords = await this.dnsLookup(dnsName);
-    if (txtRecords.length === 0) {
+    const { network, accountId } = networkAndAccount;
+    const client = new HCS11Client({
+      network,
+      auth: { operatorId: accountId },
+      silent: true
+    });
+    const fetched = await client.fetchProfileByAccountId(accountId, network);
+    if (!fetched.success || !fetched.profile) {
       return null;
     }
-    const parsedRecords = txtRecords.map(
-      (record) => parseRecord(record, this.supportedSchemes)
+    const subjectId = context?.uaid ?? did;
+    const existingServices = context?.didDocument?.service ?? [];
+    const hcs10Service = buildHcs10Service(
+      subjectId,
+      network,
+      accountId,
+      fetched.topicInfo
     );
-    const validRecords = parsedRecords.filter(
-      (result) => "record" in result
-    ).map((result) => result.record);
-    if (validRecords.length === 0) {
-      const endpointInvalid = parsedRecords.some(
-        (result) => !("record" in result) && result.code === "ERR_ENDPOINT_INVALID"
-      );
-      return buildErrorProfile(
-        uaid,
-        endpointInvalid ? "ERR_ENDPOINT_INVALID" : "ERR_INVALID_AID_RECORD",
-        endpointInvalid ? "AID DNS record endpoint URI is invalid or unsupported." : "AID DNS TXT payload is malformed or unsupported.",
-        { dnsName }
-      );
-    }
-    const selectedRecord = [...validRecords].sort(
-      (a, b) => deterministicRecordKey(a).localeCompare(deterministicRecordKey(b))
-    )[0];
-    const verificationInput = {
-      uaid,
-      protocol: selectedRecord.protocol,
-      endpoint: selectedRecord.endpoint,
-      record: selectedRecord
-    };
-    let verificationLevel = "none";
-    if (this.metadataVerifier) {
-      const metadataVerified = await this.metadataVerifier(verificationInput);
-      if (!metadataVerified) {
-        return buildErrorProfile(
-          uaid,
-          "ERR_VERIFICATION_FAILED",
-          "AID metadata verification failed.",
-          { dnsName }
-        );
-      }
-      verificationLevel = "metadata";
-    }
-    if (selectedRecord.publicKey && this.cryptographicVerifier) {
-      const cryptographicVerified = await this.cryptographicVerifier(verificationInput);
-      if (!cryptographicVerified) {
-        return buildErrorProfile(
-          uaid,
-          "ERR_VERIFICATION_FAILED",
-          "AID cryptographic verification failed.",
-          { dnsName }
-        );
-      }
-      verificationLevel = "cryptographic";
-    }
-    const did = context.did ?? void 0;
-    const alsoKnownAs = did ? [did] : void 0;
+    const service = hcs10Service ? [...existingServices, hcs10Service] : existingServices;
     return {
-      id: uaid,
+      id: subjectId,
       did,
-      alsoKnownAs,
-      service: [
-        {
-          id: `${uaid}#aid-endpoint`,
-          type: "AIDService",
-          serviceEndpoint: selectedRecord.endpoint
+      service: service.length > 0 ? service : void 0,
+      profiles: {
+        hcs11: {
+          protocol: "hcs-11",
+          network,
+          accountId,
+          profile: fetched.profile,
+          topicInfo: fetched.topicInfo
         }
-      ],
-      metadata: {
-        profile: AID_DNS_WEB_PROFILE_ID,
-        resolved: true,
-        endpoint: selectedRecord.endpoint,
-        protocol: selectedRecord.protocol,
-        verification: {
-          level: verificationLevel,
-          method: verificationMethodForLevel(verificationLevel)
-        },
-        verificationLevel,
-        precedenceSource: "dns"
       }
     };
   }
 }
 export {
-  AID_DNS_WEB_PROFILE_ID,
-  AidDnsWebProfileResolver
+  HCS11ProfileResolver
 };
 //# sourceMappingURL=standards-sdk.es61.js.map

package/dist/es/standards-sdk.es61.js.map

@@ -1 +1 @@
-{"version":3,"file":"standards-sdk.es61.js","sources":["../../src/hcs-14/resolvers/aid-dns-web-profile.ts"],"sourcesContent":["import type {\n  DidResolutionProfile,\n  ProfileResolutionError,\n  UaidProfileResolver,\n  UaidProfileResolverContext,\n} from './types';\nimport type { AdapterMeta } from '../adapters/types';\nimport { nodeDnsTxtLookup, type DnsTxtLookup } from './dns';\nimport { isFqdn, normalizeDomain, parseSemicolonFields } from './profile-utils';\n\nexport const AID_DNS_WEB_PROFILE_ID = 'hcs-14.profile.aid-dns-web';\n\ninterface AidDnsRecord {\n  version: string;\n  protocol: string;\n  endpoint: string;\n  publicKey?: string;\n  keyId?: string;\n}\n\ninterface AidDnsRecordParseError {\n  code: 'ERR_INVALID_AID_RECORD' | 'ERR_ENDPOINT_INVALID';\n}\n\ninterface AidDnsRecordParseSuccess {\n  record: AidDnsRecord;\n}\n\ntype AidDnsRecordParseResult =\n  | AidDnsRecordParseError\n  | AidDnsRecordParseSuccess;\n\ninterface AidDnsVerificationInput {\n  uaid: string;\n  protocol: string;\n  endpoint: string;\n  record: AidDnsRecord;\n}\n\ntype AidDnsVerification = (input: AidDnsVerificationInput) => Promise<boolean>;\n\nexport interface AidDnsWebResolverOptions {\n  dnsLookup?: DnsTxtLookup;\n  supportedUriSchemes?: string[];\n  metadataVerifier?: AidDnsVerification;\n  cryptographicVerifier?: AidDnsVerification;\n}\n\nfunction buildErrorProfile(\n  uaid: string,\n  code: string,\n  message: string,\n  details?: Record<string, unknown>,\n): DidResolutionProfile {\n  const error: ProfileResolutionError = {\n    code,\n    message,\n    details,\n  };\n\n  return {\n    id: uaid,\n    error,\n    metadata: {\n      profile: AID_DNS_WEB_PROFILE_ID,\n      resolved: false,\n    },\n  };\n}\n\nfunction parseRecord(\n  rawRecord: string,\n  supportedSchemes: Set<string>,\n): AidDnsRecordParseResult {\n  const fields = parseSemicolonFields(rawRecord);\n  const version = fields['v'];\n  const protocol = fields['p'] ?? fields['proto'];\n  const endpoint = fields['u'];\n\n  if (!version || !protocol || !endpoint) {\n    return { code: 'ERR_INVALID_AID_RECORD' };\n  }\n  if (!version.toLowerCase().startsWith('aid')) {\n    return { code: 'ERR_INVALID_AID_RECORD' };\n  }\n\n  let parsedUrl: URL;\n  try {\n    parsedUrl = new URL(endpoint);\n  } catch {\n    return { code: 'ERR_ENDPOINT_INVALID' };\n  }\n\n  const scheme = parsedUrl.protocol.replace(/:$/, '').toLowerCase();\n  if (!supportedSchemes.has(scheme)) {\n    return { code: 'ERR_ENDPOINT_INVALID' };\n  }\n\n  return {\n    record: {\n      version,\n      protocol,\n      endpoint: parsedUrl.toString(),\n      publicKey: fields['k'],\n      keyId: fields['i'],\n    },\n  };\n}\n\nfunction deterministicRecordKey(record: AidDnsRecord): string {\n  return `${record.protocol}|${record.endpoint}|${record.publicKey ?? ''}|${record.keyId ?? ''}`;\n}\n\nfunction verificationMethodForLevel(\n  verificationLevel: 'none' | 'metadata' | 'cryptographic',\n): 'aid-pka' | 'metadata-match' | undefined {\n  if (verificationLevel === 'cryptographic') {\n    return 'aid-pka';\n  }\n  if (verificationLevel === 'metadata') {\n    return 'metadata-match';\n  }\n  return undefined;\n}\n\nexport class AidDnsWebProfileResolver implements UaidProfileResolver {\n  readonly profile = AID_DNS_WEB_PROFILE_ID;\n\n  readonly meta: AdapterMeta = {\n    id: 'hcs-14/aid-dns-web',\n    didMethods: ['*'],\n    displayName: 'HCS-14 AID DNS/Web Profile',\n    description:\n      'Resolves uaid:aid identifiers via _agent.<nativeId> DNS TXT records and protocol endpoint hints.',\n  };\n\n  private readonly dnsLookup: DnsTxtLookup;\n  private readonly supportedSchemes: Set<string>;\n  private readonly metadataVerifier?: AidDnsVerification;\n  private readonly cryptographicVerifier?: AidDnsVerification;\n\n  constructor(options: AidDnsWebResolverOptions = {}) {\n    this.dnsLookup = options.dnsLookup ?? nodeDnsTxtLookup;\n    this.supportedSchemes = new Set(\n      (options.supportedUriSchemes ?? ['https', 'http', 'wss', 'ws']).map(\n        scheme => scheme.toLowerCase(),\n      ),\n    );\n    this.metadataVerifier = options.metadataVerifier;\n    this.cryptographicVerifier = options.cryptographicVerifier;\n  }\n\n  supports(\n    _uaid: string,\n    parsed: UaidProfileResolverContext['parsedUaid'],\n  ): boolean {\n    if (parsed.method !== 'aid') {\n      return false;\n    }\n    const nativeId = parsed.params['nativeId'];\n    return !!nativeId && isFqdn(nativeId);\n  }\n\n  async resolveProfile(\n    uaid: string,\n    context: UaidProfileResolverContext,\n  ): Promise<DidResolutionProfile | null> {\n    const parsed = context.parsedUaid;\n    if (parsed.method !== 'aid') {\n      return null;\n    }\n\n    const nativeId = parsed.params['nativeId'];\n    if (!nativeId || !isFqdn(nativeId)) {\n      return null;\n    }\n\n    const normalizedNativeId = normalizeDomain(nativeId);\n    const dnsName = `_agent.${normalizedNativeId}`;\n    const txtRecords = await this.dnsLookup(dnsName);\n    if (txtRecords.length === 0) {\n      return null;\n    }\n\n    const parsedRecords = txtRecords.map(record =>\n      parseRecord(record, this.supportedSchemes),\n    );\n    const validRecords = parsedRecords\n      .filter(\n        (result): result is AidDnsRecordParseSuccess => 'record' in result,\n      )\n      .map(result => result.record);\n\n    if (validRecords.length === 0) {\n      const endpointInvalid = parsedRecords.some(\n        result =>\n          !('record' in result) && result.code === 'ERR_ENDPOINT_INVALID',\n      );\n      return buildErrorProfile(\n        uaid,\n        endpointInvalid ? 'ERR_ENDPOINT_INVALID' : 'ERR_INVALID_AID_RECORD',\n        endpointInvalid\n          ? 'AID DNS record endpoint URI is invalid or unsupported.'\n          : 'AID DNS TXT payload is malformed or unsupported.',\n        { dnsName },\n      );\n    }\n\n    const selectedRecord = [...validRecords].sort((a, b) =>\n      deterministicRecordKey(a).localeCompare(deterministicRecordKey(b)),\n    )[0];\n\n    const verificationInput: AidDnsVerificationInput = {\n      uaid,\n      protocol: selectedRecord.protocol,\n      endpoint: selectedRecord.endpoint,\n      record: selectedRecord,\n    };\n\n    let verificationLevel: 'none' | 'metadata' | 'cryptographic' = 'none';\n\n    if (this.metadataVerifier) {\n      const metadataVerified = await this.metadataVerifier(verificationInput);\n      if (!metadataVerified) {\n        return buildErrorProfile(\n          uaid,\n          'ERR_VERIFICATION_FAILED',\n          'AID metadata verification failed.',\n          { dnsName },\n        );\n      }\n      verificationLevel = 'metadata';\n    }\n\n    if (selectedRecord.publicKey && this.cryptographicVerifier) {\n      const cryptographicVerified =\n        await this.cryptographicVerifier(verificationInput);\n      if (!cryptographicVerified) {\n        return buildErrorProfile(\n          uaid,\n          'ERR_VERIFICATION_FAILED',\n          'AID cryptographic verification failed.',\n          { dnsName },\n        );\n      }\n      verificationLevel = 'cryptographic';\n    }\n\n    const did = context.did ?? undefined;\n    const alsoKnownAs = did ? [did] : undefined;\n\n    return {\n      id: uaid,\n      did,\n      alsoKnownAs,\n      service: [\n        {\n          id: `${uaid}#aid-endpoint`,\n          type: 'AIDService',\n          serviceEndpoint: selectedRecord.endpoint,\n        },\n      ],\n      metadata: {\n        profile: AID_DNS_WEB_PROFILE_ID,\n        resolved: true,\n        endpoint: selectedRecord.endpoint,\n        protocol: selectedRecord.protocol,\n        verification: {\n          level: verificationLevel,\n          method: verificationMethodForLevel(verificationLevel),\n        },\n        verificationLevel,\n        precedenceSource: 'dns',\n      },\n    };\n  }\n}\n"],"names":[],"mappings":";;AAUO,MAAM,yBAAyB;AAsCtC,SAAS,kBACP,MACA,MACA,SACA,SACsB;AACtB,QAAM,QAAgC;AAAA,IACpC;AAAA,IACA;AAAA,IACA;AAAA,EAAA;AAGF,SAAO;AAAA,IACL,IAAI;AAAA,IACJ;AAAA,IACA,UAAU;AAAA,MACR,SAAS;AAAA,MACT,UAAU;AAAA,IAAA;AAAA,EACZ;AAEJ;AAEA,SAAS,YACP,WACA,kBACyB;AACzB,QAAM,SAAS,qBAAqB,SAAS;AAC7C,QAAM,UAAU,OAAO,GAAG;AAC1B,QAAM,WAAW,OAAO,GAAG,KAAK,OAAO,OAAO;AAC9C,QAAM,WAAW,OAAO,GAAG;AAE3B,MAAI,CAAC,WAAW,CAAC,YAAY,CAAC,UAAU;AACtC,WAAO,EAAE,MAAM,yBAAA;AAAA,EACjB;AACA,MAAI,CAAC,QAAQ,YAAA,EAAc,WAAW,KAAK,GAAG;AAC5C,WAAO,EAAE,MAAM,yBAAA;AAAA,EACjB;AAEA,MAAI;AACJ,MAAI;AACF,gBAAY,IAAI,IAAI,QAAQ;AAAA,EAC9B,QAAQ;AACN,WAAO,EAAE,MAAM,uBAAA;AAAA,EACjB;AAEA,QAAM,SAAS,UAAU,SAAS,QAAQ,MAAM,EAAE,EAAE,YAAA;AACpD,MAAI,CAAC,iBAAiB,IAAI,MAAM,GAAG;AACjC,WAAO,EAAE,MAAM,uBAAA;AAAA,EACjB;AAEA,SAAO;AAAA,IACL,QAAQ;AAAA,MACN;AAAA,MACA;AAAA,MACA,UAAU,UAAU,SAAA;AAAA,MACpB,WAAW,OAAO,GAAG;AAAA,MACrB,OAAO,OAAO,GAAG;AAAA,IAAA;AAAA,EACnB;AAEJ;AAEA,SAAS,uBAAuB,QAA8B;AAC5D,SAAO,GAAG,OAAO,QAAQ,IAAI,OAAO,QAAQ,IAAI,OAAO,aAAa,EAAE,IAAI,OAAO,SAAS,EAAE;AAC9F;AAEA,SAAS,2BACP,mBAC0C;AAC1C,MAAI,sBAAsB,iBAAiB;AACzC,WAAO;AAAA,EACT;AACA,MAAI,sBAAsB,YAAY;AACpC,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEO,MAAM,yBAAwD;AAAA,EAgBnE,YAAY,UAAoC,IAAI;AAfpD,SAAS,UAAU;AAEnB,SAAS,OAAoB;AAAA,MAC3B,IAAI;AAAA,MACJ,YAAY,CAAC,GAAG;AAAA,MAChB,aAAa;AAAA,MACb,aACE;AAAA,IAAA;AASF,SAAK,YAAY,QAAQ,aAAa;AACtC,SAAK,mBAAmB,IAAI;AAAA,OACzB,QAAQ,uBAAuB,CAAC,SAAS,QAAQ,OAAO,IAAI,GAAG;AAAA,QAC9D,CAAA,WAAU,OAAO,YAAA;AAAA,MAAY;AAAA,IAC/B;AAEF,SAAK,mBAAmB,QAAQ;AAChC,SAAK,wBAAwB,QAAQ;AAAA,EACvC;AAAA,EAEA,SACE,OACA,QACS;AACT,QAAI,OAAO,WAAW,OAAO;AAC3B,aAAO;AAAA,IACT;AACA,UAAM,WAAW,OAAO,OAAO,UAAU;AACzC,WAAO,CAAC,CAAC,YAAY,OAAO,QAAQ;AAAA,EACtC;AAAA,EAEA,MAAM,eACJ,MACA,SACsC;AACtC,UAAM,SAAS,QAAQ;AACvB,QAAI,OAAO,WAAW,OAAO;AAC3B,aAAO;AAAA,IACT;AAEA,UAAM,WAAW,OAAO,OAAO,UAAU;AACzC,QAAI,CAAC,YAAY,CAAC,OAAO,QAAQ,GAAG;AAClC,aAAO;AAAA,IACT;AAEA,UAAM,qBAAqB,gBAAgB,QAAQ;AACnD,UAAM,UAAU,UAAU,kBAAkB;AAC5C,UAAM,aAAa,MAAM,KAAK,UAAU,OAAO;AAC/C,QAAI,WAAW,WAAW,GAAG;AAC3B,aAAO;AAAA,IACT;AAEA,UAAM,gBAAgB,WAAW;AAAA,MAAI,CAAA,WACnC,YAAY,QAAQ,KAAK,gBAAgB;AAAA,IAAA;AAE3C,UAAM,eAAe,cAClB;AAAA,MACC,CAAC,WAA+C,YAAY;AAAA,IAAA,EAE7D,IAAI,CAAA,WAAU,OAAO,MAAM;AAE9B,QAAI,aAAa,WAAW,GAAG;AAC7B,YAAM,kBAAkB,cAAc;AAAA,QACpC,CAAA,WACE,EAAE,YAAY,WAAW,OAAO,SAAS;AAAA,MAAA;AAE7C,aAAO;AAAA,QACL;AAAA,QACA,kBAAkB,yBAAyB;AAAA,QAC3C,kBACI,2DACA;AAAA,QACJ,EAAE,QAAA;AAAA,MAAQ;AAAA,IAEd;AAEA,UAAM,iBAAiB,CAAC,GAAG,YAAY,EAAE;AAAA,MAAK,CAAC,GAAG,MAChD,uBAAuB,CAAC,EAAE,cAAc,uBAAuB,CAAC,CAAC;AAAA,IAAA,EACjE,CAAC;AAEH,UAAM,oBAA6C;AAAA,MACjD;AAAA,MACA,UAAU,eAAe;AAAA,MACzB,UAAU,eAAe;AAAA,MACzB,QAAQ;AAAA,IAAA;AAGV,QAAI,oBAA2D;AAE/D,QAAI,KAAK,kBAAkB;AACzB,YAAM,mBAAmB,MAAM,KAAK,iBAAiB,iBAAiB;AACtE,UAAI,CAAC,kBAAkB;AACrB,eAAO;AAAA,UACL;AAAA,UACA;AAAA,UACA;AAAA,UACA,EAAE,QAAA;AAAA,QAAQ;AAAA,MAEd;AACA,0BAAoB;AAAA,IACtB;AAEA,QAAI,eAAe,aAAa,KAAK,uBAAuB;AAC1D,YAAM,wBACJ,MAAM,KAAK,sBAAsB,iBAAiB;AACpD,UAAI,CAAC,uBAAuB;AAC1B,eAAO;AAAA,UACL;AAAA,UACA;AAAA,UACA;AAAA,UACA,EAAE,QAAA;AAAA,QAAQ;AAAA,MAEd;AACA,0BAAoB;AAAA,IACtB;AAEA,UAAM,MAAM,QAAQ,OAAO;AAC3B,UAAM,cAAc,MAAM,CAAC,GAAG,IAAI;AAElC,WAAO;AAAA,MACL,IAAI;AAAA,MACJ;AAAA,MACA;AAAA,MACA,SAAS;AAAA,QACP;AAAA,UACE,IAAI,GAAG,IAAI;AAAA,UACX,MAAM;AAAA,UACN,iBAAiB,eAAe;AAAA,QAAA;AAAA,MAClC;AAAA,MAEF,UAAU;AAAA,QACR,SAAS;AAAA,QACT,UAAU;AAAA,QACV,UAAU,eAAe;AAAA,QACzB,UAAU,eAAe;AAAA,QACzB,cAAc;AAAA,UACZ,OAAO;AAAA,UACP,QAAQ,2BAA2B,iBAAiB;AAAA,QAAA;AAAA,QAEtD;AAAA,QACA,kBAAkB;AAAA,MAAA;AAAA,IACpB;AAAA,EAEJ;AACF;"}
+{"version":3,"file":"standards-sdk.es61.js","sources":["../../src/hcs-14/resolvers/hcs-11-profile.ts"],"sourcesContent":["import { HCS11Client } from '../../hcs-11/client';\nimport { parseHederaCaip10 } from '../caip';\nimport type {\n  DidProfileResolver,\n  DidProfileResolverContext,\n  DidResolutionProfile,\n  DidService,\n} from './types';\nimport type { AdapterMeta } from '../adapters/types';\n\ntype Hcs11Network = 'mainnet' | 'testnet';\n\nfunction toHcs11Network(network: string): Hcs11Network | null {\n  if (network === 'mainnet' || network === 'testnet') {\n    return network;\n  }\n  return null;\n}\n\nfunction parseNativeIdNetworkAndAccount(\n  nativeId: string,\n): { network: Hcs11Network; accountId: string } | null {\n  try {\n    const parsed = parseHederaCaip10(nativeId);\n    const network = toHcs11Network(parsed.network);\n    if (!network) {\n      return null;\n    }\n    return { network, accountId: parsed.accountId };\n  } catch (_error) {\n    return null;\n  }\n}\n\nfunction getDidNetworkAndAccount(\n  did: string,\n  context?: DidProfileResolverContext,\n): { network: Hcs11Network; accountId: string } | null {\n  const nativeId = context?.parsedUaid?.params['nativeId'];\n  if (nativeId) {\n    const resolvedNativeId = parseNativeIdNetworkAndAccount(nativeId);\n    if (resolvedNativeId) {\n      return resolvedNativeId;\n    }\n  }\n\n  const didMatch = did.match(/^did:hedera:(mainnet|testnet):(.+)$/);\n  if (!didMatch) {\n    return null;\n  }\n\n  const network = toHcs11Network(didMatch[1]);\n  if (!network) {\n    return null;\n  }\n\n  return {\n    network,\n    accountId: didMatch[2],\n  };\n}\n\nfunction buildHcs10Service(\n  id: string,\n  network: Hcs11Network,\n  accountId: string,\n  topicInfo?: {\n    inboundTopic: string;\n    outboundTopic: string;\n    profileTopicId: string;\n  },\n): DidService | null {\n  if (!topicInfo) {\n    return null;\n  }\n\n  return {\n    id: `${id}#hcs10`,\n    type: 'HCS10Service',\n    serviceEndpoint: {\n      network,\n      accountId,\n      inboundTopicId: topicInfo.inboundTopic || undefined,\n      outboundTopicId: topicInfo.outboundTopic || undefined,\n      profileTopicId: topicInfo.profileTopicId || undefined,\n    },\n  };\n}\n\nexport class HCS11ProfileResolver implements DidProfileResolver {\n  readonly meta: AdapterMeta = {\n    id: 'hedera/hcs11-profile-resolver',\n    didMethods: ['hedera'],\n    caip2Networks: ['hedera:mainnet', 'hedera:testnet'],\n    caip10Namespaces: ['hedera'],\n    displayName: 'Hedera (HCS-11 Profile Resolver)',\n    description:\n      'Resolves HCS-11 protocol profiles and HCS-10 service metadata for did:hedera identifiers.',\n  };\n\n  supports(did: string): boolean {\n    return /^did:hedera:(mainnet|testnet):/.test(did);\n  }\n\n  async resolveProfile(\n    did: string,\n    context?: DidProfileResolverContext,\n  ): Promise<DidResolutionProfile | null> {\n    const networkAndAccount = getDidNetworkAndAccount(did, context);\n    if (!networkAndAccount) {\n      return null;\n    }\n\n    const { network, accountId } = networkAndAccount;\n    const client = new HCS11Client({\n      network,\n      auth: { operatorId: accountId },\n      silent: true,\n    });\n    const fetched = await client.fetchProfileByAccountId(accountId, network);\n    if (!fetched.success || !fetched.profile) {\n      return null;\n    }\n\n    const subjectId = context?.uaid ?? did;\n    const existingServices = context?.didDocument?.service ?? [];\n    const hcs10Service = buildHcs10Service(\n      subjectId,\n      network,\n      accountId,\n      fetched.topicInfo,\n    );\n    const service = hcs10Service\n      ? [...existingServices, hcs10Service]\n      : existingServices;\n\n    return {\n      id: subjectId,\n      did,\n      service: service.length > 0 ? service : undefined,\n      profiles: {\n        hcs11: {\n          protocol: 'hcs-11',\n          network,\n          accountId,\n          profile: fetched.profile,\n          topicInfo: fetched.topicInfo,\n        },\n      },\n    };\n  }\n}\n"],"names":[],"mappings":";;AAYA,SAAS,eAAe,SAAsC;AAC5D,MAAI,YAAY,aAAa,YAAY,WAAW;AAClD,WAAO;AAAA,EACT;AACA,SAAO;AACT;AAEA,SAAS,+BACP,UACqD;AACrD,MAAI;AACF,UAAM,SAAS,kBAAkB,QAAQ;AACzC,UAAM,UAAU,eAAe,OAAO,OAAO;AAC7C,QAAI,CAAC,SAAS;AACZ,aAAO;AAAA,IACT;AACA,WAAO,EAAE,SAAS,WAAW,OAAO,UAAA;AAAA,EACtC,SAAS,QAAQ;AACf,WAAO;AAAA,EACT;AACF;AAEA,SAAS,wBACP,KACA,SACqD;AACrD,QAAM,WAAW,SAAS,YAAY,OAAO,UAAU;AACvD,MAAI,UAAU;AACZ,UAAM,mBAAmB,+BAA+B,QAAQ;AAChE,QAAI,kBAAkB;AACpB,aAAO;AAAA,IACT;AAAA,EACF;AAEA,QAAM,WAAW,IAAI,MAAM,qCAAqC;AAChE,MAAI,CAAC,UAAU;AACb,WAAO;AAAA,EACT;AAEA,QAAM,UAAU,eAAe,SAAS,CAAC,CAAC;AAC1C,MAAI,CAAC,SAAS;AACZ,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL;AAAA,IACA,WAAW,SAAS,CAAC;AAAA,EAAA;AAEzB;AAEA,SAAS,kBACP,IACA,SACA,WACA,WAKmB;AACnB,MAAI,CAAC,WAAW;AACd,WAAO;AAAA,EACT;AAEA,SAAO;AAAA,IACL,IAAI,GAAG,EAAE;AAAA,IACT,MAAM;AAAA,IACN,iBAAiB;AAAA,MACf;AAAA,MACA;AAAA,MACA,gBAAgB,UAAU,gBAAgB;AAAA,MAC1C,iBAAiB,UAAU,iBAAiB;AAAA,MAC5C,gBAAgB,UAAU,kBAAkB;AAAA,IAAA;AAAA,EAC9C;AAEJ;AAEO,MAAM,qBAAmD;AAAA,EAAzD,cAAA;AACL,SAAS,OAAoB;AAAA,MAC3B,IAAI;AAAA,MACJ,YAAY,CAAC,QAAQ;AAAA,MACrB,eAAe,CAAC,kBAAkB,gBAAgB;AAAA,MAClD,kBAAkB,CAAC,QAAQ;AAAA,MAC3B,aAAa;AAAA,MACb,aACE;AAAA,IAAA;AAAA,EACJ;AAAA,EAEA,SAAS,KAAsB;AAC7B,WAAO,iCAAiC,KAAK,GAAG;AAAA,EAClD;AAAA,EAEA,MAAM,eACJ,KACA,SACsC;AACtC,UAAM,oBAAoB,wBAAwB,KAAK,OAAO;AAC9D,QAAI,CAAC,mBAAmB;AACtB,aAAO;AAAA,IACT;AAEA,UAAM,EAAE,SAAS,UAAA,IAAc;AAC/B,UAAM,SAAS,IAAI,YAAY;AAAA,MAC7B;AAAA,MACA,MAAM,EAAE,YAAY,UAAA;AAAA,MACpB,QAAQ;AAAA,IAAA,CACT;AACD,UAAM,UAAU,MAAM,OAAO,wBAAwB,WAAW,OAAO;AACvE,QAAI,CAAC,QAAQ,WAAW,CAAC,QAAQ,SAAS;AACxC,aAAO;AAAA,IACT;AAEA,UAAM,YAAY,SAAS,QAAQ;AACnC,UAAM,mBAAmB,SAAS,aAAa,WAAW,CAAA;AAC1D,UAAM,eAAe;AAAA,MACnB;AAAA,MACA;AAAA,MACA;AAAA,MACA,QAAQ;AAAA,IAAA;AAEV,UAAM,UAAU,eACZ,CAAC,GAAG,kBAAkB,YAAY,IAClC;AAEJ,WAAO;AAAA,MACL,IAAI;AAAA,MACJ;AAAA,MACA,SAAS,QAAQ,SAAS,IAAI,UAAU;AAAA,MACxC,UAAU;AAAA,QACR,OAAO;AAAA,UACL,UAAU;AAAA,UACV;AAAA,UACA;AAAA,UACA,SAAS,QAAQ;AAAA,UACjB,WAAW,QAAQ;AAAA,QAAA;AAAA,MACrB;AAAA,IACF;AAAA,EAEJ;AACF;"}

package/dist/es/standards-sdk.es62.js

@@ -1,8 +1,6 @@
-import { nodeDnsTxtLookup } from "./standards-sdk.es64.js";
-import { uaidTargetFromParsed, isFqdn, normalizeDomain, buildCanonicalUaid, parseSemicolonFields } from "./standards-sdk.es164.js";
-import { AID_DNS_WEB_PROFILE_ID } from "./standards-sdk.es61.js";
-import { UAID_DID_RESOLUTION_PROFILE_ID } from "./standards-sdk.es63.js";
-const UAID_DNS_WEB_PROFILE_ID = "hcs-14.profile.uaid-dns-web";
+import { nodeDnsTxtLookup } from "./standards-sdk.es65.js";
+import { isFqdn, normalizeDomain, parseSemicolonFields } from "./standards-sdk.es158.js";
+const AID_DNS_WEB_PROFILE_ID = "hcs-14.profile.aid-dns-web";
 function buildErrorProfile(uaid, code, message, details) {
   const error = {
     code,
@@ -13,100 +11,74 @@ function buildErrorProfile(uaid, code, message, details) {
     id: uaid,
     error,
     metadata: {
-      profile: UAID_DNS_WEB_PROFILE_ID,
+      profile: AID_DNS_WEB_PROFILE_ID,
       resolved: false
     }
   };
 }
-function canonicalizeNativeDomainParams(params) {
-  const next = { ...params };
-  const nativeId = next["nativeId"];
-  if (nativeId && isFqdn(nativeId)) {
-    next["nativeId"] = normalizeDomain(nativeId);
+function parseRecord(rawRecord, supportedSchemes) {
+  const fields = parseSemicolonFields(rawRecord);
+  const version = fields["v"];
+  const protocol = fields["p"] ?? fields["proto"];
+  const endpoint = fields["u"];
+  if (!version || !protocol || !endpoint) {
+    return { code: "ERR_INVALID_AID_RECORD" };
   }
-  const domain = next["domain"];
-  if (domain && isFqdn(domain)) {
-    next["domain"] = normalizeDomain(domain);
+  if (!version.toLowerCase().startsWith("aid")) {
+    return { code: "ERR_INVALID_AID_RECORD" };
   }
-  return next;
-}
-function validateRecordFields(fields, queriedNativeId) {
-  const target = fields["target"];
-  const id = fields["id"];
-  const uid = fields["uid"];
-  const proto = fields["proto"];
-  const nativeId = fields["nativeId"];
-  if (target !== "aid" && target !== "did") {
-    return null;
-  }
-  if (!id || !uid || !proto || !nativeId) {
-    return null;
-  }
-  if (normalizeDomain(nativeId) !== queriedNativeId) {
-    return null;
+  let parsedUrl;
+  try {
+    parsedUrl = new URL(endpoint);
+  } catch {
+    return { code: "ERR_ENDPOINT_INVALID" };
   }
-  if ("registry" in fields && !fields["registry"]) {
-    return null;
-  }
-  const did = fields["did"];
-  if (did && (target !== "did" || !did.startsWith("did:"))) {
-    return null;
-  }
-  const params = {
-    uid,
-    proto,
-    nativeId
-  };
-  if (fields["registry"]) {
-    params["registry"] = fields["registry"];
-  }
-  if (fields["domain"]) {
-    params["domain"] = fields["domain"];
-  }
-  if (fields["src"]) {
-    params["src"] = fields["src"];
+  const scheme = parsedUrl.protocol.replace(/:$/, "").toLowerCase();
+  if (!supportedSchemes.has(scheme)) {
+    return { code: "ERR_ENDPOINT_INVALID" };
   }
   return {
-    target,
-    id,
-    uid,
-    proto,
-    nativeId,
-    registry: fields["registry"],
-    domain: fields["domain"],
-    src: fields["src"],
-    did,
-    memo: fields["m"],
-    reconstructedUaid: buildCanonicalUaid(
-      target,
-      id,
-      canonicalizeNativeDomainParams(params)
-    )
+    record: {
+      version,
+      protocol,
+      endpoint: parsedUrl.toString(),
+      publicKey: fields["k"],
+      keyId: fields["i"]
+    }
   };
 }
-function selectFollowupProfiles(target) {
-  if (target === "aid") {
-    return [AID_DNS_WEB_PROFILE_ID];
+function deterministicRecordKey(record) {
+  return `${record.protocol}|${record.endpoint}|${record.publicKey ?? ""}|${record.keyId ?? ""}`;
+}
+function verificationMethodForLevel(verificationLevel) {
+  if (verificationLevel === "cryptographic") {
+    return "aid-pka";
+  }
+  if (verificationLevel === "metadata") {
+    return "metadata-match";
   }
-  return [UAID_DID_RESOLUTION_PROFILE_ID];
+  return void 0;
 }
-class UaidDnsWebProfileResolver {
+class AidDnsWebProfileResolver {
   constructor(options = {}) {
-    this.profile = UAID_DNS_WEB_PROFILE_ID;
+    this.profile = AID_DNS_WEB_PROFILE_ID;
     this.meta = {
-      id: "hcs-14/uaid-dns-web",
+      id: "hcs-14/aid-dns-web",
       didMethods: ["*"],
-      displayName: "HCS-14 UAID DNS TXT Profile",
-      description: "Binds UAIDs to DNS TXT records at _uaid.<nativeId> and can continue to follow-up profile resolution."
+      displayName: "HCS-14 AID DNS/Web Profile",
+      description: "Resolves uaid:aid identifiers via _agent.<nativeId> DNS TXT records and protocol endpoint hints."
     };
     this.dnsLookup = options.dnsLookup ?? nodeDnsTxtLookup;
-    this.dnssecValidation = options.dnssecValidation;
-    this.requireFullResolution = options.requireFullResolution ?? false;
-    this.enableFollowupResolution = options.enableFollowupResolution ?? true;
+    this.supportedSchemes = new Set(
+      (options.supportedUriSchemes ?? ["https", "http", "wss", "ws"]).map(
+        (scheme) => scheme.toLowerCase()
+      )
+    );
+    this.metadataVerifier = options.metadataVerifier;
+    this.cryptographicVerifier = options.cryptographicVerifier;
   }
   supports(_uaid, parsed) {
-    const target = uaidTargetFromParsed(parsed);
-    if (target !== "aid" && target !== "did") {
+    if (parsed.method !== "aid") {
       return false;
     }
     const nativeId = parsed.params["nativeId"];
@@ -114,113 +86,100 @@ class UaidDnsWebProfileResolver {
   }
   async resolveProfile(uaid, context) {
     const parsed = context.parsedUaid;
+    if (parsed.method !== "aid") {
+      return null;
+    }
     const nativeId = parsed.params["nativeId"];
     if (!nativeId || !isFqdn(nativeId)) {
       return null;
     }
     const normalizedNativeId = normalizeDomain(nativeId);
-    const dnsName = `_uaid.${normalizedNativeId}`;
-    const inputCanonical = buildCanonicalUaid(
-      uaidTargetFromParsed(parsed),
-      parsed.id,
-      canonicalizeNativeDomainParams(parsed.params)
-    );
+    const dnsName = `_agent.${normalizedNativeId}`;
     const txtRecords = await this.dnsLookup(dnsName);
     if (txtRecords.length === 0) {
       return null;
     }
-    const parsedRecords = txtRecords.map((record) => parseSemicolonFields(record)).map((fields) => validateRecordFields(fields, normalizedNativeId));
-    const validRecords = parsedRecords.filter(
-      (record) => record !== null
+    const parsedRecords = txtRecords.map(
+      (record) => parseRecord(record, this.supportedSchemes)
     );
+    const validRecords = parsedRecords.filter(
+      (result) => "record" in result
+    ).map((result) => result.record);
     if (validRecords.length === 0) {
-      return buildErrorProfile(
-        uaid,
-        "ERR_INVALID_UAID_DNS_RECORD",
-        "DNS TXT payload at _uaid record is invalid.",
-        { dnsName }
+      const endpointInvalid = parsedRecords.some(
+        (result) => !("record" in result) && result.code === "ERR_ENDPOINT_INVALID"
       );
-    }
-    const matchingRecords = validRecords.filter(
-      (record) => record.target === uaidTargetFromParsed(parsed) && record.id === parsed.id && record.reconstructedUaid === inputCanonical
-    );
-    if (matchingRecords.length === 0) {
       return buildErrorProfile(
         uaid,
-        "ERR_UAID_MISMATCH",
-        "DNS TXT payload does not match the input UAID after canonical reconstruction.",
-        {
-          dnsName,
-          inputCanonical
-        }
+        endpointInvalid ? "ERR_ENDPOINT_INVALID" : "ERR_INVALID_AID_RECORD",
+        endpointInvalid ? "AID DNS record endpoint URI is invalid or unsupported." : "AID DNS TXT payload is malformed or unsupported.",
+        { dnsName }
       );
     }
-    const selected = [...matchingRecords].sort(
-      (a, b) => a.reconstructedUaid.localeCompare(b.reconstructedUaid)
+    const selectedRecord = [...validRecords].sort(
+      (a, b) => deterministicRecordKey(a).localeCompare(deterministicRecordKey(b))
     )[0];
-    const dnssecValidated = this.dnssecValidation ? await this.dnssecValidation(dnsName) : false;
-    const verificationLevel = dnssecValidated ? "dns-binding-dnssec" : "dns-binding";
-    if (this.enableFollowupResolution) {
-      const followupProfiles = selectFollowupProfiles(selected.target);
-      for (const followupProfileId of followupProfiles) {
-        const followup = await context.resolveUaidProfileById(
-          followupProfileId,
-          uaid
+    const verificationInput = {
+      uaid,
+      protocol: selectedRecord.protocol,
+      endpoint: selectedRecord.endpoint,
+      record: selectedRecord
+    };
+    let verificationLevel = "none";
+    if (this.metadataVerifier) {
+      const metadataVerified = await this.metadataVerifier(verificationInput);
+      if (!metadataVerified) {
+        return buildErrorProfile(
+          uaid,
+          "ERR_VERIFICATION_FAILED",
+          "AID metadata verification failed.",
+          { dnsName }
         );
-        if (!followup) {
-          continue;
-        }
-        if (followup.error || followup.metadata?.resolved === false) {
-          return buildErrorProfile(
-            uaid,
-            "ERR_FOLLOWUP_RESOLUTION_FAILED",
-            "Follow-up profile resolution failed after successful DNS binding.",
-            {
-              followupProfileId,
-              dnsName
-            }
-          );
-        }
-        return {
-          ...followup,
-          metadata: {
-            ...followup.metadata,
-            profile: UAID_DNS_WEB_PROFILE_ID,
-            resolved: true,
-            verificationLevel,
-            reconstructedUaid: selected.reconstructedUaid,
-            selectedFollowupProfile: followupProfileId,
-            resolutionMode: "full-resolution"
-          }
-        };
       }
+      verificationLevel = "metadata";
     }
-    if (this.requireFullResolution) {
-      return buildErrorProfile(
-        uaid,
-        "ERR_NO_FOLLOWUP_PROFILE",
-        "Resolver policy requires full resolution, but no supported follow-up profile was available.",
-        { dnsName }
-      );
+    if (selectedRecord.publicKey && this.cryptographicVerifier) {
+      const cryptographicVerified = await this.cryptographicVerifier(verificationInput);
+      if (!cryptographicVerified) {
+        return buildErrorProfile(
+          uaid,
+          "ERR_VERIFICATION_FAILED",
+          "AID cryptographic verification failed.",
+          { dnsName }
+        );
+      }
+      verificationLevel = "cryptographic";
     }
-    const did = selected.did ?? context.did ?? void 0;
+    const did = context.did ?? void 0;
     const alsoKnownAs = did ? [did] : void 0;
     return {
       id: uaid,
       did,
       alsoKnownAs,
+      service: [
+        {
+          id: `${uaid}#aid-endpoint`,
+          type: "AIDService",
+          serviceEndpoint: selectedRecord.endpoint
+        }
+      ],
       metadata: {
-        profile: UAID_DNS_WEB_PROFILE_ID,
+        profile: AID_DNS_WEB_PROFILE_ID,
         resolved: true,
-        reconstructedUaid: selected.reconstructedUaid,
+        endpoint: selectedRecord.endpoint,
+        protocol: selectedRecord.protocol,
+        verification: {
+          level: verificationLevel,
+          method: verificationMethodForLevel(verificationLevel)
+        },
         verificationLevel,
-        resolutionMode: "dns-binding-only"
+        precedenceSource: "dns"
       }
     };
   }
 }
 export {
-  UAID_DNS_WEB_PROFILE_ID,
-  UaidDnsWebProfileResolver
+  AID_DNS_WEB_PROFILE_ID,
+  AidDnsWebProfileResolver
 };
 //# sourceMappingURL=standards-sdk.es62.js.map