@interop/did-method-webvh 3.2.0 → 3.3.0

package/CHANGELOG.md

@@ -1,3 +1,189 @@
+## 3.3.0 - 2026-06-24
+
+### Added
+
+* `src/utils/iso8601-datetime.ts` with strict, calendar-correct ISO8601
+  validation (`ISO8601_DATETIME_REGEX`, `parseUtcIso8601VersionTime`,
+  `validateUtcIso8601NotInFuture`, `createNextVersionTime`). `versionTime` values
+  must now be UTC (`Z` or `+00:00`) with full calendar correctness (leap years,
+  per-month day ranges). Ported from upstream PRs
+  [#120](https://github.com/decentralized-identity/didwebvh-ts/pull/120) and
+  [#121](https://github.com/decentralized-identity/didwebvh-ts/pull/121).
+* `validateMethodSpecificPathSegments` and `parseDidWebvhIdentifier` (the latter
+  returning a structured `{ scid, didDomainComponent, paths, locationKey }`) in
+  `src/utils.ts`. Ported from upstream PR
+  [#120](https://github.com/decentralized-identity/didwebvh-ts/pull/120).
+* SCID multihash algorithm enforcement: SCIDs must use SHA-256 (multihash code
+  `0x12`); other algorithms are rejected in `scidIsFromHash`. Ported from
+  upstream PR
+  [#121](https://github.com/decentralized-identity/didwebvh-ts/pull/121).
+* `serviceFragmentExists` in `src/utils.ts`, matching both `#files`/`#whois`
+  fragment form and the absolute `did:webvh:...#files` form when deciding whether
+  to inject implicit services. New method-version constants in
+  `src/constants.ts` (`METHOD_VERSION_1_0`, `METHOD_PROTOCOL_V1_0`,
+  `METHOD_PARAMETER_KEYS`, `ServiceFragment`, service-type/context/error-type
+  constants). Ported from upstream PR
+  [#121](https://github.com/decentralized-identity/didwebvh-ts/pull/121).
+* `requestedDid` resolution option: when set, resolution fails unless some log
+  version's `state.id` matches it. Threaded through `resolveDID`. Ported from
+  upstream PR
+  [#121](https://github.com/decentralized-identity/didwebvh-ts/pull/121).
+* `address` and `paths` options on `updateDID` (for parity with `createDID`). A
+  portable DID can now move to a new location: the controller is rebuilt from the
+  requested `address`/`domain`/`paths` while preserving the SCID. Re-passing a
+  bare domain on a pathed DID preserves the prior paths instead of dropping them.
+  Ported from upstream PR
+  [#127](https://github.com/decentralized-identity/didwebvh-ts/pull/127).
+
+### Changed
+
+* Ported straggling runtime type-safety hardening from upstream to `src/utils.ts`:
+  `validateDidKeyMultibase` now extracts the caught error message defensively
+  (`error instanceof Error ? error.message : String(error)`); `resolveVM` throws
+  a "not found" error when `resolveDIDFromLog` yields no document instead of
+  passing it on; `findVerificationMethod` is typed `(doc: DIDDoc, ...)` and guards
+  relationship-array entries against non-objects; and `writeVerificationMethodToEnv`
+  guards the decoded env payload with `Array.isArray` before reuse.
+* Implicit `#files`/`#whois` services now reference the `SERVICE_TYPE_RELATIVE_REF`,
+  `SERVICE_TYPE_LINKED_VP`, and `CONTEXT_LINKED_VP` constants from
+  `src/constants.ts` instead of hardcoded string literals, matching upstream.
+* `updateDID` parameter and DID-document handling now match upstream:
+  - Sparse updates preserve prior DID document state: the previous entry's
+    `state` is carried forward and only the fields an update actually supplies
+    (`verificationMethods`, `services`, `authentication`, `assertionMethod`,
+    `keyAgreement`, `alsoKnownAs`) are overlaid, instead of rebuilding the
+    document from scratch. Ported from upstream
+    `keep prior DIDDoc state with sparse updateDID() calls` (commit `1459ed6`).
+  - `updateKeys` is omitted from an update entry's `parameters` when unchanged
+    and not under active pre-rotation (and inherited from the prior entry while
+    pre-rotation is active), rather than always being written; resolution tracks
+    it via the presence of the key. `nextKeyHashes` is likewise only written
+    when explicitly supplied, so an omitted value inherits the prior
+    pre-rotation state. Ported from upstream `track updateKeys` (commit
+    `5bc85bf`).
+  - Pre-rotation key commitment is now enforced at write time: `updateDID`
+    rejects an omitted `updateKeys` while pre-rotation is active
+    (`updateKeys must be provided while pre-rotation is active`) and rejects
+    update keys not committed in the prior entry's `nextKeyHashes`
+    (`Invalid update key`) before the entry is produced, in addition to the
+    existing read-time check. Ported from upstream
+    `enforce pre-rotation key commitment` (commit `b40eb06`).
+* Type-safety hardening across the public surface (no behavior change). `Signer`
+  and `SigningInput` are now generic over a `SignableDocument` union;
+  `createDocumentSigner` is generic and returns `TDocument & { proof }`;
+  `VerificationMethod.publicKeyJwk` is typed `JsonObject` and
+  `ServiceEndpoint.serviceEndpoint` is typed with `JsonValue` instead of `any`.
+  `catch (e: any)` blocks now use `e instanceof Error` narrowing. `updateDID`
+  service params are typed `ServiceEndpoint[]`. The CLI gains
+  `requirePublicKeyMultibase`/`parseExplicitPaths` helpers, typed
+  `resolutionOptions`/`envVMs`, and honors `--update-key` when selecting the
+  signing verification method. Ported from upstream PR
+  [#119](https://github.com/decentralized-identity/didwebvh-ts/pull/119).
+* `updateDID` now rejects `portable: true` in an update entry (portability can
+  only be enabled in the first entry) and refuses to move a DID whose
+  portability is disabled (`Cannot move DID: portability is disabled`).
+  `portable: false` in an update is permitted and permanently locks portability
+  off. `verificationMethod` is included in the historical-selector determination
+  so a requested-but-absent VM resolves to the last valid document plus an error
+  rather than `null`. Ported from upstream PR
+  [#129](https://github.com/decentralized-identity/didwebvh-ts/pull/129).
+
+* **Breaking:** `resolveDIDFromLog` now returns `doc: DIDDoc | null`. A
+  deactivated DID resolved without an explicit historical selector returns
+  `doc: null`, and an explicit selector (`versionNumber` / `versionId` /
+  `versionTime` / `verificationMethod`) that matches no entry returns
+  `doc: null` with a `NotFound` error rather than falling back to the last valid
+  document. Ported from upstream PR
+  [#121](https://github.com/decentralized-identity/didwebvh-ts/pull/121).
+* resolution enforces strict `versionId` structure (`parseAndValidateVersionId`:
+  exactly one `-`, numeric version prefix, non-empty hash, version equal to the
+  entry index + 1) and stricter method-parameter rules for entries after the
+  first: `scid` must not reappear, `method` must not change away from
+  `did:webvh:1.0`, `portable: true` may only be enabled in the first entry, and
+  `portable: false` permanently locks portability off. Each entry's `state.id`
+  SCID must match the log's SCID. Ported from upstream PR
+  [#121](https://github.com/decentralized-identity/didwebvh-ts/pull/121).
+* `did:key` verification-method parsing now rejects a fragment that does not
+  equal the key multibase. Ported from upstream PR
+  [#121](https://github.com/decentralized-identity/didwebvh-ts/pull/121).
+* witness-parameter validation now rejects any witness `did:key` whose multikey
+  is not Ed25519 (multicodec `0xed01`), per did:webvh v1.0. Ported from upstream
+  PR [#120](https://github.com/decentralized-identity/didwebvh-ts/pull/120).
+
+* resolution now enforces `versionTime` on every log entry: it is **required**
+  (a log entry missing `versionTime` is rejected), must be **strictly
+  increasing** across entries (reordering defense), and must not be more than 5
+  minutes in the future (clock-skew tolerance).
+* address / host / path-segment parsing is hardened against path-traversal and
+  injection: `parseCanonicalAddress` (and therefore `createDID` path handling)
+  now rejects `.`/`..` dot-segments, decoded `/`/`\`/NUL within a single path
+  segment, leading/trailing whitespace, malformed percent-encoding, and `?`/`#`
+  query/fragment components in address, DID-domain, and path contexts. Pre-encoded
+  `%3a` port separators are accepted case-insensitively. The fork's
+  `http://localhost` affordance for local testing is preserved (upstream enforces
+  HTTPS-only).
+* `createDID` / `updateDID` validate any caller-supplied `created` / `updated`
+  timestamp is not in the future, and `updateDID` / `deactivateDID` now derive a
+  strictly monotonic `versionTime` via `createNextVersionTime`.
+* `createDate()` now emits full millisecond precision (`toISOString()`) instead
+  of truncating to whole seconds, so consecutive entries generated in the same
+  second remain strictly increasing.
+
+### Removed
+
+* **Breaking:** the standalone CLI (`src/cli.ts`, the `didwebvh` `bin`, the `cli`
+  npm script, and `test/cli-e2e.test.ts`). CLI workflows now live in the separate
+  `did-cli-typescript` project, which consumes this library's public API. As a
+  result `@stablelib/ed25519` -- previously a runtime dependency only because the
+  unbundled CLI imported it -- moved to `devDependencies`, shrinking the published
+  package's runtime closure to `@noble/hashes` and `json-canonicalize`.
+* **Breaking:** the non-normative `fastResolve` resolution option. The spec
+  mandates full verification of every log entry, so resolution always verifies
+  every entry's proof; there is no opt-in fast path. Ported from upstream PR
+  [#120](https://github.com/decentralized-identity/didwebvh-ts/pull/120).
+
+### Tests
+
+* Backfilled `method.v1.0` coverage: `updateDID` with explicit
+  `assertionMethod`/`keyAgreement` options (`happy-path`), resolution of a log
+  using the legacy `witnesses`/`witnessThreshold` parameter format
+  (`witness`), and error-case coverage in `not-so-happy-path` (missing
+  `updateKeys`, missing `address`/`domain`, missing `verificationMethods`,
+  out-of-order version number, missing/non-monotonic `versionTime`, mismatched
+  `scid` option, matching `requestedDid`, and update/deactivate of an
+  already-deactivated DID). `resolve` now asserts a non-existent
+  `verificationMethod` resolves to `doc: null` with a `NotFound` error, and
+  `watchers` asserts the cleared-watchers (`[]`) shape. Ported from upstream PRs
+  [#129](https://github.com/decentralized-identity/didwebvh-ts/pull/129) and
+  [#131](https://github.com/decentralized-identity/didwebvh-ts/pull/131).
+* Further backfilled `method.v1.0` coverage against upstream's
+  `enhance test coverage of method.v1.0` change: `versionTime` clock-skew
+  tolerance (accepts up to, rejects beyond, 5 minutes in the future, via a new
+  `createFutureDIDLog` test helper), `versionId` structural validation
+  (missing/multiple `-` separators, empty hash component), rejection of unknown,
+  downgraded, or `scid`-bearing `method`/parameters in later entries, rejection
+  of a non-SHA-256 SCID multihash, `requestedDid` mismatch and not-present
+  cases, the empty-log "no entries to process" case, and historical
+  `versionId`/`versionTime` selectors that stay successful when a later entry is
+  corrupted (`not-so-happy-path`); explicit `versionId`/`versionTime` misses
+  returning `NotFound` without a latest fallback, explicit empty
+  `nextKeyHashes` disabling pre-rotation, and absolute service IDs preventing
+  implicit `#files` duplication (`features`); the `did:key` verificationMethod
+  fragment-mismatch rejection (`witness`); rejection of a pass-through
+  `didDocument` whose substituted id does not match the created DID
+  (`did-document-passthrough`); and rejection of DID identifiers containing
+  fragment/query contamination or traversal-style path segments (`resolve`).
+* Coverage for the `updateDID` behavior changes above (see _Changed_): sparse
+  updates preserving prior `alsoKnownAs`/`service` state and omitted
+  `updateKeys` staying omitted from update parameters (`happy-path`); omitted
+  `nextKeyHashes` inheriting prior pre-rotation state and omitted `updateKeys`
+  being rejected while pre-rotation is active (`features`). The existing
+  pre-rotation tests were updated for write-time enforcement: `updateKeys MUST
+  be in previous nextKeyHashes when updating` now asserts `updateDID` itself
+  rejects, `updateKeys MUST be in nextKeyHashes when reading` hand-builds the
+  offending entry to still exercise the read-time check, and the now-redundant
+  `Require nextKeyHashes to continue if previously set` test was removed.
+
 ## 3.2.0 - 2026-06-24
 
 ### Added

package/README.md

@@ -98,22 +98,13 @@ This command runs: `tsx watch examples/express-resolver.ts`
    npm run test:log
    ```
 
-5. `cli`: Run the CLI tool.
-
-   ```bash
-   npm run cli
-   ```
-
-   The CLI accepts a `--watcher` option during create and update operations to
-   specify one or more watcher URLs.
-
-6. `build`: Build the package.
+5. `build`: Build the package.
 
    ```bash
    npm run build
    ```
 
-7. `build:clean`: Clean the build directory.
+6. `build:clean`: Clean the build directory.
 
    ```bash
    npm run build:clean

package/dist/assertions.js

@@ -1,7 +1,7 @@
 import { concatBuffers } from './utils/buffer.js';
 import { canonicalizeStrict } from './utils/canonicalize.js';
 import { createHash } from './utils/crypto.js';
-import { multibaseDecode } from './utils/multiformats.js';
+import { decodeBase58Btc, decodeMultihash, isEd25519Multikey, MultihashAlgorithm, multibaseDecode, } from './utils/multiformats.js';
 import { createSCID, deriveNextKeyHash, parseDidKeyVerificationMethod, resolveVM } from './utils.js';
 import { validateWitnessParameter } from './witness.js';
 const isKeyAuthorized = (verificationMethod, updateKeys) => {
@@ -48,7 +48,7 @@ export const documentStateIsValid = async (doc, updateKeys, witness, skipWitness
             throw new Error(`Verification Method ${proof.verificationMethod} not found`);
         }
         const publicKey = multibaseDecode(vm.publicKeyMultibase).bytes;
-        if (publicKey[0] !== 0xed || publicKey[1] !== 0x01) {
+        if (!isEd25519Multikey(publicKey)) {
             throw new Error(`multiKey doesn't include ed25519 header (0xed01)`);
         }
         const { proofValue, ...restProof } = proof;
@@ -77,6 +77,23 @@ export const newKeysAreInNextKeys = async (updateKeys, previousNextKeyHashes) =>
     }
     return true;
 };
+/**
+ * Validate that SCID uses SHA-256 (0x12) multihash algorithm.
+ * Per spec: "SHA-256 [[spec:rfc6234]] (multihash code `0x12`) **only**"
+ */
+const validateScidAlgorithmIsSha256 = (scid) => {
+    let algorithm;
+    try {
+        algorithm = decodeMultihash(decodeBase58Btc(scid)).algorithm;
+    }
+    catch (error) {
+        throw new Error(`Invalid SCID format: ${error instanceof Error ? error.message : String(error)}`);
+    }
+    if (algorithm !== MultihashAlgorithm.SHA2_256) {
+        throw new Error(`SCID multihash algorithm must be SHA-256 (0x12), but got 0x${algorithm.toString(16)}`);
+    }
+};
 export const scidIsFromHash = async (scid, hash) => {
+    validateScidAlgorithmIsSha256(scid);
     return scid === (await createSCID(hash));
 };

package/dist/constants.d.ts

@@ -1,3 +1,24 @@
 export declare const PLACEHOLDER = "{SCID}";
 export declare const METHOD = "webvh";
 export declare const BASE_CONTEXT: string[];
+export declare const METHOD_VERSION_1_0 = "1.0";
+export declare const METHOD_PROTOCOL_V1_0 = "did:webvh:1.0";
+export declare const METHOD_PARAMETER_KEYS: {
+    readonly scid: "scid";
+    readonly method: "method";
+    readonly portable: "portable";
+    readonly updateKeys: "updateKeys";
+    readonly nextKeyHashes: "nextKeyHashes";
+    readonly witness: "witness";
+    readonly watchers: "watchers";
+    readonly ttl: "ttl";
+};
+export declare enum ServiceFragment {
+    Files = "files",
+    Whois = "whois"
+}
+export declare const SERVICE_TYPE_RELATIVE_REF = "relativeRef";
+export declare const SERVICE_TYPE_LINKED_VP = "LinkedVerifiablePresentation";
+export declare const CONTEXT_LINKED_VP = "https://identity.foundation/linked-vp/contexts/v1";
+export declare const ERROR_TYPE_INVALID_DID = "https://w3id.org/security#INVALID_CONTROLLED_IDENTIFIER_DOCUMENT_ID";
+export declare const ERROR_TYPE_NOT_FOUND = "https://w3id.org/security#NOT_FOUND";

package/dist/constants.js

@@ -1,3 +1,31 @@
 export const PLACEHOLDER = '{SCID}';
 export const METHOD = 'webvh';
 export const BASE_CONTEXT = ['https://www.w3.org/ns/did/v1', 'https://w3id.org/security/multikey/v1'];
+// Version 1.0 method constants
+export const METHOD_VERSION_1_0 = '1.0';
+export const METHOD_PROTOCOL_V1_0 = `did:${METHOD}:${METHOD_VERSION_1_0}`;
+// Method parameter keys
+export const METHOD_PARAMETER_KEYS = {
+    scid: 'scid',
+    method: 'method',
+    portable: 'portable',
+    updateKeys: 'updateKeys',
+    nextKeyHashes: 'nextKeyHashes',
+    witness: 'witness',
+    watchers: 'watchers',
+    ttl: 'ttl',
+};
+// Service fragments for implicit services
+export var ServiceFragment;
+(function (ServiceFragment) {
+    ServiceFragment["Files"] = "files";
+    ServiceFragment["Whois"] = "whois";
+})(ServiceFragment || (ServiceFragment = {}));
+// Service type constants
+export const SERVICE_TYPE_RELATIVE_REF = 'relativeRef';
+export const SERVICE_TYPE_LINKED_VP = 'LinkedVerifiablePresentation';
+// Context URLs
+export const CONTEXT_LINKED_VP = 'https://identity.foundation/linked-vp/contexts/v1';
+// Error type URLs
+export const ERROR_TYPE_INVALID_DID = 'https://w3id.org/security#INVALID_CONTROLLED_IDENTIFIER_DOCUMENT_ID';
+export const ERROR_TYPE_NOT_FOUND = 'https://w3id.org/security#NOT_FOUND';

package/dist/cryptography.d.ts

@@ -1,4 +1,4 @@
-import type { DataIntegrityProofTemplate, Signer, SignerOptions, SigningInput, SigningOutput, VerificationMethod, Verifier } from './interfaces.js';
+import type { DataIntegrityProof, DataIntegrityProofTemplate, SignableDocument, Signer, SignerOptions, SigningInput, SigningOutput, VerificationMethod, Verifier } from './interfaces.js';
 /**
  * Creates a proof object for a document
  * @param verificationMethodId - The verification method ID to use in the proof
@@ -45,8 +45,10 @@ export declare abstract class AbstractCrypto implements Signer, Verifier {
  * @param verificationMethodId - The verification method ID to use in proofs
  * @returns A function that signs a document and returns the document with proof
  */
-export declare const createDocumentSigner: (signer: Signer, verificationMethodId: string) => (doc: any) => Promise<any>;
+export declare const createDocumentSigner: <TDocument extends SignableDocument>(signer: Signer<TDocument>, verificationMethodId: string) => (doc: TDocument) => Promise<TDocument & {
+    proof: DataIntegrityProof;
+}>;
 /**
  * @deprecated Use createDocumentSigner with your own Signer implementation instead
  */
-export declare const createSigner: (vm: VerificationMethod, useStatic?: boolean) => (doc: any) => Promise<never>;
+export declare const createSigner: (vm: VerificationMethod, useStatic?: boolean) => (doc: SignableDocument) => Promise<never>;

package/dist/cryptography.js

@@ -68,7 +68,8 @@ export const createDocumentSigner = (signer, verificationMethodId) => {
         }
         catch (e) {
             console.error(e);
-            throw new Error(`Document signing failure: ${e.message || e}`);
+            const message = e instanceof Error ? e.message : String(e);
+            throw new Error(`Document signing failure: ${message}`);
         }
     };
 };
@@ -89,7 +90,8 @@ export const createSigner = (vm, useStatic = true) => {
         }
         catch (e) {
             console.error(e);
-            throw new Error(`Document signing failure: ${e.message || e}`);
+            const message = e instanceof Error ? e.message : String(e);
+            throw new Error(`Document signing failure: ${message}`);
         }
     };
 };

package/dist/interfaces.d.ts

@@ -14,15 +14,16 @@ export interface DataIntegrityProofTemplate {
     created: string;
     proofPurpose: DataIntegrityProofPurpose;
 }
-export interface SigningInput {
-    document: unknown;
+export type SignableDocument = DIDLogEntry | DIDDoc | Pick<DIDLogEntry, 'versionId'>;
+export interface SigningInput<TDocument = SignableDocument> {
+    document: TDocument;
     proof: DataIntegrityProofTemplate;
 }
 export interface SigningOutput {
     proofValue: string;
 }
-export interface Signer {
-    sign(input: SigningInput): Promise<SigningOutput>;
+export interface Signer<TDocument = SignableDocument> {
+    sign(input: SigningInput<TDocument>): Promise<SigningOutput>;
     getVerificationMethodId(): string;
 }
 export interface Verifier {
@@ -90,7 +91,7 @@ export interface VerificationMethod {
     publicKeyMultibase?: string;
     secretKeyMultibase?: string;
     purpose?: DataIntegrityProofPurpose | DataIntegrityProofPurpose[];
-    publicKeyJwk?: any;
+    publicKeyJwk?: JsonObject;
     use?: string;
 }
 export interface WitnessEntry {
@@ -148,7 +149,7 @@ export type DIDLog = DIDLogEntry[];
 export interface ServiceEndpoint {
     id?: string;
     type: string | string[];
-    serviceEndpoint?: string | string[] | any;
+    serviceEndpoint?: string | string[] | JsonValue;
     [key: string]: unknown;
 }
 export interface CreateDIDResult {
@@ -227,7 +228,7 @@ export interface ResolutionOptions {
     verificationMethod?: string;
     verifier?: Verifier;
     scid?: string;
-    fastResolve?: boolean;
+    requestedDid?: string;
 }
 export interface WitnessProofFileEntry {
     versionId: string;

package/dist/method.d.ts

@@ -1,4 +1,4 @@
-import type { CreateDIDInterface, CreateDIDResult, DeactivateDIDInterface, DIDLog, ResolutionOptions, UpdateDIDInterface, UpdateDIDResult, WitnessProofFileEntry } from './interfaces.js';
+import type { CreateDIDInterface, CreateDIDResult, DeactivateDIDInterface, DIDLog, ResolutionOptions, ServiceEndpoint, UpdateDIDInterface, UpdateDIDResult, WitnessProofFileEntry } from './interfaces.js';
 import { DidResolutionError } from './interfaces.js';
 /**
  * Creates a new did:webvh DID and initial DID log.
@@ -18,7 +18,7 @@ export declare const resolveDID: (did: string, options?: ResolutionOptions & {
     witnessProofs?: WitnessProofFileEntry[];
 }) => Promise<{
     did: string;
-    doc: any;
+    doc: import("./interfaces.js").DIDDoc | null;
     meta: import("./interfaces.js").DIDResolutionMeta;
 } | {
     did: string;
@@ -43,7 +43,7 @@ export declare const resolveDIDFromLog: (log: DIDLog, options?: ResolutionOption
     witnessProofs?: WitnessProofFileEntry[];
 }) => Promise<{
     did: string;
-    doc: any;
+    doc: import("./interfaces.js").DIDDoc | null;
     meta: import("./interfaces.js").DIDResolutionMeta;
 }>;
 /**
@@ -53,8 +53,10 @@ export declare const resolveDIDFromLog: (log: DIDLog, options?: ResolutionOption
  * @returns The updated DID, resolved document, and DID log.
  */
 export declare const updateDID: (options: UpdateDIDInterface & {
-    services?: any[];
+    services?: ServiceEndpoint[];
     domain?: string;
+    address?: string;
+    paths?: string[];
     updated?: string;
 }) => Promise<UpdateDIDResult>;
 /**
@@ -67,7 +69,7 @@ export declare const deactivateDID: (options: DeactivateDIDInterface & {
     updateKeys?: string[];
 }) => Promise<{
     did: string;
-    doc: any;
+    doc: import("./interfaces.js").DIDDoc;
     meta: import("./interfaces.js").DIDResolutionMeta;
     log: DIDLog;
 }>;

package/dist/method.js

@@ -1,7 +1,7 @@
+import { METHOD_PROTOCOL_V1_0 } from './constants.js';
 import { DidResolutionError } from './interfaces.js';
 import * as v1 from './method_versions/method.v1.0.js';
 import { fetchLogFromIdentifier, maybeWriteTestLog } from './utils.js';
-const SUPPORTED_METHOD = 'did:webvh:1.0';
 /**
  * Creates a new did:webvh DID and initial DID log.
  *
@@ -10,7 +10,7 @@ const SUPPORTED_METHOD = 'did:webvh:1.0';
  */
 export const createDID = async (options) => {
     const method = options.method;
-    if (method && method !== SUPPORTED_METHOD) {
+    if (method && method !== METHOD_PROTOCOL_V1_0) {
         throw new Error(`'${method}' is not a supported method version.`);
     }
     const result = await v1.createDID(options);
@@ -31,7 +31,7 @@ export const resolveDID = async (did, options = {}) => {
     const scid = didParts.length > 2 && didParts[0] === 'did' && didParts[1] === 'webvh' ? didParts[2] : undefined;
     try {
         const log = await fetchLogFromIdentifier(did);
-        const result = await v1.resolveDIDFromLog(log, { ...options, scid });
+        const result = await v1.resolveDIDFromLog(log, { ...options, scid, requestedDid: did });
         maybeWriteTestLog(result.did, log);
         return result;
     }

package/dist/method_versions/method.v1.0.d.ts

@@ -1,23 +1,24 @@
-import type { CreateDIDInterface, CreateDIDResult, DeactivateDIDInterface, DIDLog, DIDResolutionMeta, ResolutionOptions, UpdateDIDInterface, UpdateDIDResult, WitnessProofFileEntry } from '../interfaces.js';
+import type { CreateDIDInterface, CreateDIDResult, DeactivateDIDInterface, DIDDoc, DIDLog, DIDResolutionMeta, ResolutionOptions, ServiceEndpoint, UpdateDIDInterface, UpdateDIDResult, WitnessProofFileEntry } from '../interfaces.js';
 export declare const createDID: (options: CreateDIDInterface) => Promise<CreateDIDResult>;
 export declare const resolveDIDFromLog: (log: DIDLog, options?: ResolutionOptions & {
     witnessProofs?: WitnessProofFileEntry[];
-    fastResolve?: boolean;
 }) => Promise<{
     did: string;
-    doc: any;
+    doc: DIDDoc | null;
     meta: DIDResolutionMeta;
 }>;
 export declare const updateDID: (options: UpdateDIDInterface & {
-    services?: any[];
+    services?: ServiceEndpoint[];
     domain?: string;
+    address?: string;
+    paths?: string[];
     updated?: string;
 }) => Promise<UpdateDIDResult>;
 export declare const deactivateDID: (options: DeactivateDIDInterface & {
     updateKeys?: string[];
 }) => Promise<{
     did: string;
-    doc: any;
+    doc: DIDDoc;
     meta: DIDResolutionMeta;
     log: DIDLog;
 }>;