@keytrace/runner 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js.map +1 -1
- package/dist/profile.d.ts +5 -3
- package/dist/profile.d.ts.map +1 -1
- package/dist/profile.js +81 -7
- package/dist/profile.js.map +1 -1
- package/dist/types.d.ts +15 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js.map +1 -1
- package/package.json +1 -1
- package/src/index.ts +1 -0
- package/src/profile.ts +95 -8
- package/src/types.ts +14 -0
package/dist/index.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
export { runRecipe } from "./runner.js";
|
|
2
|
-
export type { Recipe, RecipeParam, RecipeInstructions, RecipeVerification, VerificationStep, ClaimContext, VerificationResult, StepResult, RunnerConfig, FetchFn, ClaimVerificationResult, ProfileData, ClaimData, VerifyOptions, IdentityMetadata, ProofDetails, ProofTargetResult, } from "./types.js";
|
|
2
|
+
export type { Recipe, RecipeParam, RecipeInstructions, RecipeVerification, VerificationStep, ClaimContext, VerificationResult, StepResult, RunnerConfig, FetchFn, ClaimVerificationResult, ProfileData, ClaimData, VerifyOptions, ProfileOptions, IdentityMetadata, ProofDetails, ProofTargetResult, } from "./types.js";
|
|
3
3
|
export { ClaimStatus } from "./types.js";
|
|
4
4
|
export { interpolate } from "./interpolate.js";
|
|
5
5
|
export { checkExpect } from "./expect.js";
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxC,YAAY,EACV,MAAM,EACN,WAAW,EACX,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,YAAY,EACZ,kBAAkB,EAClB,UAAU,EACV,YAAY,EACZ,OAAO,EACP,uBAAuB,EACvB,WAAW,EACX,SAAS,EACT,aAAa,EACb,gBAAgB,EAChB,YAAY,EACZ,iBAAiB,GAClB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAGzC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAG/C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG1C,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAG9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAGpD,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACpH,YAAY,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,eAAe,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAC/G,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAGnD,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAGrG,OAAO,KAAK,gBAAgB,MAAM,6BAA6B,CAAC;AAChE,YAAY,EAAE,eAAe,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAGrJ,OAAO,KAAK,QAAQ,MAAM,qBAAqB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAGxC,YAAY,EACV,MAAM,EACN,WAAW,EACX,kBAAkB,EAClB,kBAAkB,EAClB,gBAAgB,EAChB,YAAY,EACZ,kBAAkB,EAClB,UAAU,EACV,YAAY,EACZ,OAAO,EACP,uBAAuB,EACvB,WAAW,EACX,SAAS,EACT,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,YAAY,EACZ,iBAAiB,GAClB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAGzC,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAG/C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG1C,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAG9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAGpD,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACpH,YAAY,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAC7C,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,eAAe,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAC/G,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAGnD,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAGrG,OAAO,KAAK,gBAAgB,MAAM,6BAA6B,CAAC;AAChE,YAAY,EAAE,eAAe,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,WAAW,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAGrJ,OAAO,KAAK,QAAQ,MAAM,qBAAqB,CAAC"}
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc;AACd,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc;AACd,OAAO,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAuBxC,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAEzC,yBAAyB;AACzB,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAE/C,kBAAkB;AAClB,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,qBAAqB;AACrB,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAClD,OAAO,EAAE,SAAS,EAAE,MAAM,yBAAyB,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,0BAA0B,CAAC;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAE9C,mBAAmB;AACnB,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AAC5D,OAAO,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAC;AAEpD,gCAAgC;AAChC,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,WAAW,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAEpH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,eAAe,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAG/G,YAAY;AACZ,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAErG,oBAAoB;AACpB,OAAO,KAAK,gBAAgB,MAAM,6BAA6B,CAAC;AAGhE,WAAW;AACX,OAAO,KAAK,QAAQ,MAAM,qBAAqB,CAAC"}
|
package/dist/profile.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { type ClaimState } from "./claim.js";
|
|
2
|
-
import type { ProfileData, ClaimData, VerifyOptions } from "./types.js";
|
|
2
|
+
import type { ProfileData, ClaimData, VerifyOptions, ProfileOptions } from "./types.js";
|
|
3
3
|
/**
|
|
4
4
|
* A fetched profile with resolved claims
|
|
5
5
|
*/
|
|
@@ -17,9 +17,11 @@ export declare function resolvePds(did: string): Promise<string>;
|
|
|
17
17
|
/**
|
|
18
18
|
* Fetch a profile from ATProto by DID or handle
|
|
19
19
|
*/
|
|
20
|
-
export declare function fetchProfile(didOrHandle: string,
|
|
20
|
+
export declare function fetchProfile(didOrHandle: string, opts?: ProfileOptions): Promise<FetchedProfile>;
|
|
21
21
|
/**
|
|
22
|
-
* Verify all claims in a profile
|
|
22
|
+
* Verify all claims in a profile.
|
|
23
|
+
* Claims whose signing key is not from a trusted signer are marked as FAILED
|
|
24
|
+
* without running proof verification.
|
|
23
25
|
*/
|
|
24
26
|
export declare function verifyAllClaims(profile: FetchedProfile, opts?: VerifyOptions): Promise<void>;
|
|
25
27
|
/**
|
package/dist/profile.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"profile.d.ts","sourceRoot":"","sources":["../src/profile.ts"],"names":[],"mappings":"AACA,OAAO,EAA4B,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAGvE,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAoB,MAAM,YAAY,CAAC;
|
|
1
|
+
{"version":3,"file":"profile.d.ts","sourceRoot":"","sources":["../src/profile.ts"],"names":[],"mappings":"AACA,OAAO,EAA4B,KAAK,UAAU,EAAE,MAAM,YAAY,CAAC;AAGvE,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,aAAa,EAAoB,cAAc,EAAE,MAAM,YAAY,CAAC;AAmE1G;;GAEG;AACH,MAAM,WAAW,cAAe,SAAQ,WAAW;IACjD,MAAM,EAAE,SAAS,EAAE,CAAC;IACpB,cAAc,EAAE,UAAU,EAAE,CAAC;CAC9B;AAED;;;;;GAKG;AACH,wBAAsB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA2B7D;AAsGD;;GAEG;AACH,wBAAsB,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC,CAoCtG;AAED;;;;GAIG;AACH,wBAAsB,eAAe,CAAC,OAAO,EAAE,cAAc,EAAE,IAAI,CAAC,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAqBlG;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,cAAc,GAAG;IAC1D,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;CACjB,CAQA;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,cAAc,GAAG;IAC1D,QAAQ,EAAE,UAAU,EAAE,CAAC;IACvB,MAAM,EAAE,UAAU,EAAE,CAAC;IACrB,OAAO,EAAE,UAAU,EAAE,CAAC;CACvB,CAOA"}
|
package/dist/profile.js
CHANGED
|
@@ -2,6 +2,49 @@ import { AtpAgent } from "@atproto/api";
|
|
|
2
2
|
import { createClaim, verifyClaim } from "./claim.js";
|
|
3
3
|
import { ClaimStatus } from "./types.js";
|
|
4
4
|
import { COLLECTION_NSID, PUBLIC_API_URL, PLC_DIRECTORY_URL } from "./constants.js";
|
|
5
|
+
/** Default trusted signer handles */
|
|
6
|
+
const DEFAULT_TRUSTED_SIGNERS = ["keytrace.dev"];
|
|
7
|
+
/**
|
|
8
|
+
* Extract the DID from an AT URI (at://did/collection/rkey)
|
|
9
|
+
*/
|
|
10
|
+
function extractDidFromAtUri(atUri) {
|
|
11
|
+
const match = atUri.match(/^at:\/\/([^/]+)\//);
|
|
12
|
+
return match?.[1] ?? null;
|
|
13
|
+
}
|
|
14
|
+
/**
|
|
15
|
+
* Resolve an array of handles to their DIDs via the public API.
|
|
16
|
+
*/
|
|
17
|
+
async function resolveTrustedDids(handles) {
|
|
18
|
+
const dids = new Set();
|
|
19
|
+
const publicAgent = new AtpAgent({ service: PUBLIC_API_URL });
|
|
20
|
+
await Promise.all(handles.map(async (handle) => {
|
|
21
|
+
try {
|
|
22
|
+
const resolved = await publicAgent.resolveHandle({ handle });
|
|
23
|
+
dids.add(resolved.data.did);
|
|
24
|
+
}
|
|
25
|
+
catch {
|
|
26
|
+
console.debug(`[runner] Failed to resolve trusted signer handle: ${handle}`);
|
|
27
|
+
}
|
|
28
|
+
}));
|
|
29
|
+
return dids;
|
|
30
|
+
}
|
|
31
|
+
/**
|
|
32
|
+
* Check whether a claim's signing key is from a trusted signer.
|
|
33
|
+
* Returns an error message if untrusted, or null if trusted.
|
|
34
|
+
*/
|
|
35
|
+
function checkSignerTrust(sigSrc, trustedDids) {
|
|
36
|
+
if (!sigSrc) {
|
|
37
|
+
return "Claim has no signing key reference";
|
|
38
|
+
}
|
|
39
|
+
const signerDid = extractDidFromAtUri(sigSrc);
|
|
40
|
+
if (!signerDid) {
|
|
41
|
+
return `Invalid signing key URI: ${sigSrc}`;
|
|
42
|
+
}
|
|
43
|
+
if (!trustedDids.has(signerDid)) {
|
|
44
|
+
return `Signing key is not from a trusted signer (DID: ${signerDid})`;
|
|
45
|
+
}
|
|
46
|
+
return null;
|
|
47
|
+
}
|
|
5
48
|
/**
|
|
6
49
|
* Resolve the PDS endpoint from a DID document.
|
|
7
50
|
* For did:plc, fetches from plc.directory.
|
|
@@ -46,7 +89,9 @@ function parseAtUriRkey(atUri) {
|
|
|
46
89
|
/**
|
|
47
90
|
* Internal: fetch profile data using an already-configured agent
|
|
48
91
|
*/
|
|
49
|
-
async function fetchWithAgent(agent, did) {
|
|
92
|
+
async function fetchWithAgent(agent, did, opts) {
|
|
93
|
+
const trustedSigners = opts?.trustedSigners ?? DEFAULT_TRUSTED_SIGNERS;
|
|
94
|
+
const trustedDids = await resolveTrustedDids(trustedSigners);
|
|
50
95
|
// Fetch Bluesky profile for display info via public API (not PDS)
|
|
51
96
|
// The PDS doesn't serve app.bsky.actor.getProfile - only the AppView does
|
|
52
97
|
let bskyProfile = null;
|
|
@@ -88,6 +133,7 @@ async function fetchWithAgent(agent, did) {
|
|
|
88
133
|
createdAt: value.createdAt ?? new Date().toISOString(),
|
|
89
134
|
rkey: parseAtUriRkey(record.uri),
|
|
90
135
|
identity: value.identity,
|
|
136
|
+
sig: value.sig,
|
|
91
137
|
});
|
|
92
138
|
}
|
|
93
139
|
}
|
|
@@ -100,19 +146,30 @@ async function fetchWithAgent(agent, did) {
|
|
|
100
146
|
console.debug(`Failed to list claim records for ${did}: ${err.message}`);
|
|
101
147
|
}
|
|
102
148
|
}
|
|
149
|
+
// Build claim instances, marking untrusted signers as FAILED
|
|
150
|
+
const claimInstances = claims.map((c) => {
|
|
151
|
+
const state = createClaim(c.uri, did);
|
|
152
|
+
const trustError = checkSignerTrust(c.sig?.src, trustedDids);
|
|
153
|
+
if (trustError) {
|
|
154
|
+
state.status = ClaimStatus.FAILED;
|
|
155
|
+
state.errors.push(trustError);
|
|
156
|
+
}
|
|
157
|
+
return state;
|
|
158
|
+
});
|
|
103
159
|
return {
|
|
104
160
|
did,
|
|
105
161
|
handle: bskyProfile?.handle ?? did,
|
|
106
162
|
displayName: bskyProfile?.displayName,
|
|
107
163
|
avatar: bskyProfile?.avatar,
|
|
108
164
|
claims,
|
|
109
|
-
claimInstances
|
|
165
|
+
claimInstances,
|
|
110
166
|
};
|
|
111
167
|
}
|
|
112
168
|
/**
|
|
113
169
|
* Fetch a profile from ATProto by DID or handle
|
|
114
170
|
*/
|
|
115
|
-
export async function fetchProfile(didOrHandle,
|
|
171
|
+
export async function fetchProfile(didOrHandle, opts) {
|
|
172
|
+
const serviceUrl = opts?.serviceUrl;
|
|
116
173
|
// Resolve PDS from DID document unless an explicit serviceUrl was provided
|
|
117
174
|
let resolvedServiceUrl;
|
|
118
175
|
let did = didOrHandle;
|
|
@@ -138,17 +195,34 @@ export async function fetchProfile(didOrHandle, serviceUrl) {
|
|
|
138
195
|
resolvedServiceUrl = pdsUrl;
|
|
139
196
|
// Re-create agent pointed at the user's actual PDS
|
|
140
197
|
const pdsAgent = new AtpAgent({ service: pdsUrl });
|
|
141
|
-
return fetchWithAgent(pdsAgent, did);
|
|
198
|
+
return fetchWithAgent(pdsAgent, did, opts);
|
|
142
199
|
}
|
|
143
200
|
}
|
|
144
201
|
}
|
|
145
|
-
return fetchWithAgent(agent, did);
|
|
202
|
+
return fetchWithAgent(agent, did, opts);
|
|
146
203
|
}
|
|
147
204
|
/**
|
|
148
|
-
* Verify all claims in a profile
|
|
205
|
+
* Verify all claims in a profile.
|
|
206
|
+
* Claims whose signing key is not from a trusted signer are marked as FAILED
|
|
207
|
+
* without running proof verification.
|
|
149
208
|
*/
|
|
150
209
|
export async function verifyAllClaims(profile, opts) {
|
|
151
|
-
|
|
210
|
+
const trustedSigners = opts?.trustedSigners ?? DEFAULT_TRUSTED_SIGNERS;
|
|
211
|
+
const trustedDids = await resolveTrustedDids(trustedSigners);
|
|
212
|
+
await Promise.all(profile.claimInstances.map(async (claim, i) => {
|
|
213
|
+
// Skip claims already marked as failed (e.g. by fetchProfile signer check)
|
|
214
|
+
if (claim.status === ClaimStatus.FAILED)
|
|
215
|
+
return;
|
|
216
|
+
// Check signing key provenance
|
|
217
|
+
const claimData = profile.claims[i];
|
|
218
|
+
const trustError = checkSignerTrust(claimData?.sig?.src, trustedDids);
|
|
219
|
+
if (trustError) {
|
|
220
|
+
claim.status = ClaimStatus.FAILED;
|
|
221
|
+
claim.errors.push(trustError);
|
|
222
|
+
return;
|
|
223
|
+
}
|
|
224
|
+
await verifyClaim(claim, opts);
|
|
225
|
+
}));
|
|
152
226
|
}
|
|
153
227
|
/**
|
|
154
228
|
* Get verification summary for a profile
|
package/dist/profile.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"profile.js","sourceRoot":"","sources":["../src/profile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAmB,MAAM,YAAY,CAAC;AACvE,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"profile.js","sourceRoot":"","sources":["../src/profile.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AACxC,OAAO,EAAE,WAAW,EAAE,WAAW,EAAmB,MAAM,YAAY,CAAC;AACvE,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAGpF,qCAAqC;AACrC,MAAM,uBAAuB,GAAG,CAAC,cAAc,CAAC,CAAC;AAEjD;;GAEG;AACH,SAAS,mBAAmB,CAAC,KAAa;IACxC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;IAC/C,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAAC,OAAiB;IACjD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,MAAM,WAAW,GAAG,IAAI,QAAQ,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC;IAC9D,MAAM,OAAO,CAAC,GAAG,CACf,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC3B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC;YAC7D,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,KAAK,CAAC,qDAAqD,MAAM,EAAE,CAAC,CAAC;QAC/E,CAAC;IACH,CAAC,CAAC,CACH,CAAC;IACF,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,MAA0B,EAAE,WAAwB;IAC5E,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,oCAAoC,CAAC;IAC9C,CAAC;IACD,MAAM,SAAS,GAAG,mBAAmB,CAAC,MAAM,CAAC,CAAC;IAC9C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,4BAA4B,MAAM,EAAE,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QAChC,OAAO,kDAAkD,SAAS,GAAG,CAAC;IACxE,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AA2BD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,GAAW;IAC1C,IAAI,CAAC;QACH,IAAI,GAAW,CAAC;QAChB,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC/B,GAAG,GAAG,GAAG,iBAAiB,IAAI,GAAG,EAAE,CAAC;QACtC,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC9D,GAAG,GAAG,WAAW,IAAI,uBAAuB,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,OAAO,cAAc,CAAC;QACxB,CAAC;QAED,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE;YAC3C,OAAO,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE;SACxC,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,cAAc,CAAC;QACxB,CAAC;QAED,MAAM,GAAG,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAgB,CAAC;QACnD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,cAAc,IAAI,CAAC,CAAC,IAAI,KAAK,2BAA2B,CAAC,CAAC;QAE/G,OAAO,UAAU,EAAE,eAAe,IAAI,cAAc,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,cAAc,CAAC;IACxB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,cAAc,CAAC,KAAa;IACnC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACzD,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAAC,KAAe,EAAE,GAAW,EAAE,IAAqB;IAC/E,MAAM,cAAc,GAAG,IAAI,EAAE,cAAc,IAAI,uBAAuB,CAAC;IACvE,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,CAAC;IAE7D,kEAAkE;IAClE,0EAA0E;IAC1E,IAAI,WAAW,GAAqE,IAAI,CAAC;IACzF,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,IAAI,QAAQ,CAAC,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC,CAAC;QAC9D,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;QAChE,WAAW,GAAG;YACZ,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM;YAC9B,WAAW,EAAE,UAAU,CAAC,IAAI,CAAC,WAAW;YACxC,MAAM,EAAE,UAAU,CAAC,IAAI,CAAC,MAAM;SAC/B,CAAC;IACJ,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,kEAAkE;QAClE,mDAAmD;QACnD,IAAI,GAAG,YAAY,KAAK,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACzD,OAAO,CAAC,KAAK,CAAC,+BAA+B,GAAG,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QACtE,CAAC;IACH,CAAC;IAED,sDAAsD;IACtD,MAAM,MAAM,GAAgB,EAAE,CAAC;IAC/B,IAAI,CAAC;QACH,IAAI,MAA0B,CAAC;QAC/B,GAAG,CAAC;YACF,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC;gBACvD,IAAI,EAAE,GAAG;gBACT,UAAU,EAAE,eAAe;gBAC3B,KAAK,EAAE,GAAG;gBACV,MAAM;aACP,CAAC,CAAC;YAEH,KAAK,MAAM,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBAC1C,MAAM,KAAK,GAAG,MAAM,CAAC,KAOpB,CAAC;gBACF,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;oBACnB,MAAM,CAAC,IAAI,CAAC;wBACV,GAAG,EAAE,KAAK,CAAC,QAAQ;wBACnB,GAAG;wBACH,IAAI,EAAE,KAAK,CAAC,IAAI;wBAChB,OAAO,EAAE,KAAK,CAAC,OAAO;wBACtB,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;wBACtD,IAAI,EAAE,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC;wBAChC,QAAQ,EAAE,KAAK,CAAC,QAAQ;wBACxB,GAAG,EAAE,KAAK,CAAC,GAAG;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC;QAC/B,CAAC,QAAQ,MAAM,EAAE;IACnB,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,6CAA6C;QAC7C,IAAI,GAAG,YAAY,KAAK,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACzD,OAAO,CAAC,KAAK,CAAC,oCAAoC,GAAG,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,6DAA6D;IAC7D,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACtC,MAAM,KAAK,GAAG,WAAW,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACtC,MAAM,UAAU,GAAG,gBAAgB,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;QAC7D,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC;YAClC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAChC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,GAAG;QACH,MAAM,EAAE,WAAW,EAAE,MAAM,IAAI,GAAG;QAClC,WAAW,EAAE,WAAW,EAAE,WAAW;QACrC,MAAM,EAAE,WAAW,EAAE,MAAM;QAC3B,MAAM;QACN,cAAc;KACf,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,WAAmB,EAAE,IAAqB;IAC3E,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,CAAC;IAEpC,2EAA2E;IAC3E,IAAI,kBAA0B,CAAC;IAC/B,IAAI,GAAG,GAAG,WAAW,CAAC;IAEtB,IAAI,UAAU,EAAE,CAAC;QACf,kBAAkB,GAAG,UAAU,CAAC;IAClC,CAAC;SAAM,IAAI,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1C,kBAAkB,GAAG,MAAM,UAAU,CAAC,WAAW,CAAC,CAAC;IACrD,CAAC;SAAM,CAAC;QACN,yEAAyE;QACzE,kBAAkB,GAAG,cAAc,CAAC;IACtC,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAE5D,kCAAkC;IAClC,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACpC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,aAAa,CAAC,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;QACpE,GAAG,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC;QAExB,6EAA6E;QAC7E,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,GAAG,CAAC,CAAC;YACrC,IAAI,MAAM,KAAK,kBAAkB,EAAE,CAAC;gBAClC,kBAAkB,GAAG,MAAM,CAAC;gBAC5B,mDAAmD;gBACnD,MAAM,QAAQ,GAAG,IAAI,QAAQ,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;gBACnD,OAAO,cAAc,CAAC,QAAQ,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,cAAc,CAAC,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;AAC1C,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAuB,EAAE,IAAoB;IACjF,MAAM,cAAc,GAAG,IAAI,EAAE,cAAc,IAAI,uBAAuB,CAAC;IACvE,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,CAAC;IAE7D,MAAM,OAAO,CAAC,GAAG,CACf,OAAO,CAAC,cAAc,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC5C,2EAA2E;QAC3E,IAAI,KAAK,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM;YAAE,OAAO;QAEhD,+BAA+B;QAC/B,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,UAAU,GAAG,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;QACtE,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC;YAClC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC9B,OAAO;QACT,CAAC;QAED,MAAM,WAAW,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IACjC,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAuB;IAMvD,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IACtC,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM;QACpB,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,QAAQ,CAAC,CAAC,MAAM;QACxE,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,KAAK,CAAC,CAAC,MAAM;QACtG,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,OAAO,CAAC,CAAC,MAAM;KACxG,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAuB;IAKvD,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IACtC,OAAO;QACL,QAAQ,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,QAAQ,CAAC;QACjE,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,KAAK,CAAC;QAC/F,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,KAAK,WAAW,CAAC,OAAO,CAAC;KACjG,CAAC;AACJ,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -68,6 +68,10 @@ export interface ClaimData {
|
|
|
68
68
|
createdAt: string;
|
|
69
69
|
rkey: string;
|
|
70
70
|
identity?: IdentityMetadata;
|
|
71
|
+
/** Signing key reference from the claim record */
|
|
72
|
+
sig?: {
|
|
73
|
+
src?: string;
|
|
74
|
+
};
|
|
71
75
|
}
|
|
72
76
|
/**
|
|
73
77
|
* Options for verification operations
|
|
@@ -79,6 +83,17 @@ export interface VerifyOptions {
|
|
|
79
83
|
skipCache?: boolean;
|
|
80
84
|
/** Proxy URL for browser-based DNS/HTTP requests */
|
|
81
85
|
proxyUrl?: string;
|
|
86
|
+
/** Trusted signer handles whose signing keys are accepted (default: ["keytrace.dev"]) */
|
|
87
|
+
trustedSigners?: string[];
|
|
88
|
+
}
|
|
89
|
+
/**
|
|
90
|
+
* Options for profile fetching
|
|
91
|
+
*/
|
|
92
|
+
export interface ProfileOptions {
|
|
93
|
+
/** ATProto service URL override */
|
|
94
|
+
serviceUrl?: string;
|
|
95
|
+
/** Trusted signer handles whose signing keys are accepted (default: ["keytrace.dev"]) */
|
|
96
|
+
trustedSigners?: string[];
|
|
82
97
|
}
|
|
83
98
|
/**
|
|
84
99
|
* Claim status enum
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+BAA+B;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,uBAAuB;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6CAA6C;IAC7C,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,yCAAyC;IACzC,OAAO,EAAE,MAAM,CAAC;IAChB,wDAAwD;IACxD,OAAO,EAAE,MAAM,CAAC;IAChB,0CAA0C;IAC1C,OAAO,EAAE,iBAAiB,EAAE,CAAC;IAC7B,sDAAsD;IACtD,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,WAAW,CAAC;IACpB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,EAAE,IAAI,CAAC;IAChB,wDAAwD;IACxD,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,gEAAgE;IAChE,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,SAAS,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,gBAAgB,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,+BAA+B;IAC/B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,uBAAuB;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,6CAA6C;IAC7C,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,+BAA+B;IAC/B,QAAQ,EAAE,MAAM,CAAC;IACjB,yCAAyC;IACzC,OAAO,EAAE,MAAM,CAAC;IAChB,wDAAwD;IACxD,OAAO,EAAE,MAAM,CAAC;IAChB,0CAA0C;IAC1C,OAAO,EAAE,iBAAiB,EAAE,CAAC;IAC7B,sDAAsD;IACtD,QAAQ,EAAE,MAAM,EAAE,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,WAAW,CAAC;IACpB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,SAAS,EAAE,IAAI,CAAC;IAChB,wDAAwD;IACxD,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,gEAAgE;IAChE,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,SAAS,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,kDAAkD;IAClD,GAAG,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;CACxB;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,2CAA2C;IAC3C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,8CAA8C;IAC9C,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,oDAAoD;IACpD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,yFAAyF;IACzF,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,mCAAmC;IACnC,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,yFAAyF;IACzF,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC3B;AAED;;GAEG;AACH,oBAAY,WAAW;IACrB,IAAI,SAAS;IACb,OAAO,YAAY;IACnB,QAAQ,aAAa;IACrB,MAAM,WAAW;IACjB,KAAK,UAAU;CAChB;AAED,2EAA2E;AAC3E,MAAM,MAAM,OAAO,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;AAE7E,0CAA0C;AAC1C,MAAM,WAAW,YAAY;IAC3B,uDAAuD;IACvD,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,6CAA6C;IAC7C,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,+CAA+C;AAC/C,MAAM,WAAW,YAAY;IAC3B,oDAAoD;IACpD,OAAO,EAAE,MAAM,CAAC;IAChB,yBAAyB;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,4BAA4B;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,kEAAkE;IAClE,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAChC;AAED,mDAAmD;AACnD,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,UAAU,EAAE,CAAC;IACpB,6DAA6D;IAC7D,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,2CAA2C;AAC3C,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,oCAAoC;AACpC,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,KAAK,GAAG,MAAM,GAAG,QAAQ,CAAC;IAChC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,yDAAyD;AACzD,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,6CAA6C;AAC7C,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,UAAU,GAAG,WAAW,GAAG,YAAY,GAAG,aAAa,GAAG,SAAS,CAAC;IAC5E,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,+CAA+C;AAC/C,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,gBAAgB,EAAE,CAAC;CAC3B;AAED,kCAAkC;AAClC,MAAM,WAAW,MAAM;IACrB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,WAAW,EAAE,CAAC;IACvB,YAAY,EAAE,kBAAkB,CAAC;IACjC,YAAY,EAAE,kBAAkB,CAAC;CAClC"}
|
package/dist/types.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAuGA;;GAEG;AACH,MAAM,CAAN,IAAY,WAMX;AAND,WAAY,WAAW;IACrB,4BAAa,CAAA;IACb,kCAAmB,CAAA;IACnB,oCAAqB,CAAA;IACrB,gCAAiB,CAAA;IACjB,8BAAe,CAAA;AACjB,CAAC,EANW,WAAW,KAAX,WAAW,QAMtB"}
|
package/package.json
CHANGED
package/src/index.ts
CHANGED
package/src/profile.ts
CHANGED
|
@@ -2,7 +2,55 @@ import { AtpAgent } from "@atproto/api";
|
|
|
2
2
|
import { createClaim, verifyClaim, type ClaimState } from "./claim.js";
|
|
3
3
|
import { ClaimStatus } from "./types.js";
|
|
4
4
|
import { COLLECTION_NSID, PUBLIC_API_URL, PLC_DIRECTORY_URL } from "./constants.js";
|
|
5
|
-
import type { ProfileData, ClaimData, VerifyOptions, IdentityMetadata } from "./types.js";
|
|
5
|
+
import type { ProfileData, ClaimData, VerifyOptions, IdentityMetadata, ProfileOptions } from "./types.js";
|
|
6
|
+
|
|
7
|
+
/** Default trusted signer handles */
|
|
8
|
+
const DEFAULT_TRUSTED_SIGNERS = ["keytrace.dev"];
|
|
9
|
+
|
|
10
|
+
/**
|
|
11
|
+
* Extract the DID from an AT URI (at://did/collection/rkey)
|
|
12
|
+
*/
|
|
13
|
+
function extractDidFromAtUri(atUri: string): string | null {
|
|
14
|
+
const match = atUri.match(/^at:\/\/([^/]+)\//);
|
|
15
|
+
return match?.[1] ?? null;
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
/**
|
|
19
|
+
* Resolve an array of handles to their DIDs via the public API.
|
|
20
|
+
*/
|
|
21
|
+
async function resolveTrustedDids(handles: string[]): Promise<Set<string>> {
|
|
22
|
+
const dids = new Set<string>();
|
|
23
|
+
const publicAgent = new AtpAgent({ service: PUBLIC_API_URL });
|
|
24
|
+
await Promise.all(
|
|
25
|
+
handles.map(async (handle) => {
|
|
26
|
+
try {
|
|
27
|
+
const resolved = await publicAgent.resolveHandle({ handle });
|
|
28
|
+
dids.add(resolved.data.did);
|
|
29
|
+
} catch {
|
|
30
|
+
console.debug(`[runner] Failed to resolve trusted signer handle: ${handle}`);
|
|
31
|
+
}
|
|
32
|
+
}),
|
|
33
|
+
);
|
|
34
|
+
return dids;
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
/**
|
|
38
|
+
* Check whether a claim's signing key is from a trusted signer.
|
|
39
|
+
* Returns an error message if untrusted, or null if trusted.
|
|
40
|
+
*/
|
|
41
|
+
function checkSignerTrust(sigSrc: string | undefined, trustedDids: Set<string>): string | null {
|
|
42
|
+
if (!sigSrc) {
|
|
43
|
+
return "Claim has no signing key reference";
|
|
44
|
+
}
|
|
45
|
+
const signerDid = extractDidFromAtUri(sigSrc);
|
|
46
|
+
if (!signerDid) {
|
|
47
|
+
return `Invalid signing key URI: ${sigSrc}`;
|
|
48
|
+
}
|
|
49
|
+
if (!trustedDids.has(signerDid)) {
|
|
50
|
+
return `Signing key is not from a trusted signer (DID: ${signerDid})`;
|
|
51
|
+
}
|
|
52
|
+
return null;
|
|
53
|
+
}
|
|
6
54
|
|
|
7
55
|
/**
|
|
8
56
|
* DID document service entry
|
|
@@ -76,7 +124,10 @@ function parseAtUriRkey(atUri: string): string {
|
|
|
76
124
|
/**
|
|
77
125
|
* Internal: fetch profile data using an already-configured agent
|
|
78
126
|
*/
|
|
79
|
-
async function fetchWithAgent(agent: AtpAgent, did: string): Promise<FetchedProfile> {
|
|
127
|
+
async function fetchWithAgent(agent: AtpAgent, did: string, opts?: ProfileOptions): Promise<FetchedProfile> {
|
|
128
|
+
const trustedSigners = opts?.trustedSigners ?? DEFAULT_TRUSTED_SIGNERS;
|
|
129
|
+
const trustedDids = await resolveTrustedDids(trustedSigners);
|
|
130
|
+
|
|
80
131
|
// Fetch Bluesky profile for display info via public API (not PDS)
|
|
81
132
|
// The PDS doesn't serve app.bsky.actor.getProfile - only the AppView does
|
|
82
133
|
let bskyProfile: { handle: string; displayName?: string; avatar?: string } | null = null;
|
|
@@ -115,6 +166,7 @@ async function fetchWithAgent(agent: AtpAgent, did: string): Promise<FetchedProf
|
|
|
115
166
|
comment?: string;
|
|
116
167
|
createdAt?: string;
|
|
117
168
|
identity?: IdentityMetadata;
|
|
169
|
+
sig?: { src?: string };
|
|
118
170
|
};
|
|
119
171
|
if (value.claimUri) {
|
|
120
172
|
claims.push({
|
|
@@ -125,6 +177,7 @@ async function fetchWithAgent(agent: AtpAgent, did: string): Promise<FetchedProf
|
|
|
125
177
|
createdAt: value.createdAt ?? new Date().toISOString(),
|
|
126
178
|
rkey: parseAtUriRkey(record.uri),
|
|
127
179
|
identity: value.identity,
|
|
180
|
+
sig: value.sig,
|
|
128
181
|
});
|
|
129
182
|
}
|
|
130
183
|
}
|
|
@@ -138,20 +191,33 @@ async function fetchWithAgent(agent: AtpAgent, did: string): Promise<FetchedProf
|
|
|
138
191
|
}
|
|
139
192
|
}
|
|
140
193
|
|
|
194
|
+
// Build claim instances, marking untrusted signers as FAILED
|
|
195
|
+
const claimInstances = claims.map((c) => {
|
|
196
|
+
const state = createClaim(c.uri, did);
|
|
197
|
+
const trustError = checkSignerTrust(c.sig?.src, trustedDids);
|
|
198
|
+
if (trustError) {
|
|
199
|
+
state.status = ClaimStatus.FAILED;
|
|
200
|
+
state.errors.push(trustError);
|
|
201
|
+
}
|
|
202
|
+
return state;
|
|
203
|
+
});
|
|
204
|
+
|
|
141
205
|
return {
|
|
142
206
|
did,
|
|
143
207
|
handle: bskyProfile?.handle ?? did,
|
|
144
208
|
displayName: bskyProfile?.displayName,
|
|
145
209
|
avatar: bskyProfile?.avatar,
|
|
146
210
|
claims,
|
|
147
|
-
claimInstances
|
|
211
|
+
claimInstances,
|
|
148
212
|
};
|
|
149
213
|
}
|
|
150
214
|
|
|
151
215
|
/**
|
|
152
216
|
* Fetch a profile from ATProto by DID or handle
|
|
153
217
|
*/
|
|
154
|
-
export async function fetchProfile(didOrHandle: string,
|
|
218
|
+
export async function fetchProfile(didOrHandle: string, opts?: ProfileOptions): Promise<FetchedProfile> {
|
|
219
|
+
const serviceUrl = opts?.serviceUrl;
|
|
220
|
+
|
|
155
221
|
// Resolve PDS from DID document unless an explicit serviceUrl was provided
|
|
156
222
|
let resolvedServiceUrl: string;
|
|
157
223
|
let did = didOrHandle;
|
|
@@ -179,19 +245,40 @@ export async function fetchProfile(didOrHandle: string, serviceUrl?: string): Pr
|
|
|
179
245
|
resolvedServiceUrl = pdsUrl;
|
|
180
246
|
// Re-create agent pointed at the user's actual PDS
|
|
181
247
|
const pdsAgent = new AtpAgent({ service: pdsUrl });
|
|
182
|
-
return fetchWithAgent(pdsAgent, did);
|
|
248
|
+
return fetchWithAgent(pdsAgent, did, opts);
|
|
183
249
|
}
|
|
184
250
|
}
|
|
185
251
|
}
|
|
186
252
|
|
|
187
|
-
return fetchWithAgent(agent, did);
|
|
253
|
+
return fetchWithAgent(agent, did, opts);
|
|
188
254
|
}
|
|
189
255
|
|
|
190
256
|
/**
|
|
191
|
-
* Verify all claims in a profile
|
|
257
|
+
* Verify all claims in a profile.
|
|
258
|
+
* Claims whose signing key is not from a trusted signer are marked as FAILED
|
|
259
|
+
* without running proof verification.
|
|
192
260
|
*/
|
|
193
261
|
export async function verifyAllClaims(profile: FetchedProfile, opts?: VerifyOptions): Promise<void> {
|
|
194
|
-
|
|
262
|
+
const trustedSigners = opts?.trustedSigners ?? DEFAULT_TRUSTED_SIGNERS;
|
|
263
|
+
const trustedDids = await resolveTrustedDids(trustedSigners);
|
|
264
|
+
|
|
265
|
+
await Promise.all(
|
|
266
|
+
profile.claimInstances.map(async (claim, i) => {
|
|
267
|
+
// Skip claims already marked as failed (e.g. by fetchProfile signer check)
|
|
268
|
+
if (claim.status === ClaimStatus.FAILED) return;
|
|
269
|
+
|
|
270
|
+
// Check signing key provenance
|
|
271
|
+
const claimData = profile.claims[i];
|
|
272
|
+
const trustError = checkSignerTrust(claimData?.sig?.src, trustedDids);
|
|
273
|
+
if (trustError) {
|
|
274
|
+
claim.status = ClaimStatus.FAILED;
|
|
275
|
+
claim.errors.push(trustError);
|
|
276
|
+
return;
|
|
277
|
+
}
|
|
278
|
+
|
|
279
|
+
await verifyClaim(claim, opts);
|
|
280
|
+
}),
|
|
281
|
+
);
|
|
195
282
|
}
|
|
196
283
|
|
|
197
284
|
/**
|
package/src/types.ts
CHANGED
|
@@ -73,6 +73,8 @@ export interface ClaimData {
|
|
|
73
73
|
createdAt: string;
|
|
74
74
|
rkey: string;
|
|
75
75
|
identity?: IdentityMetadata;
|
|
76
|
+
/** Signing key reference from the claim record */
|
|
77
|
+
sig?: { src?: string };
|
|
76
78
|
}
|
|
77
79
|
|
|
78
80
|
/**
|
|
@@ -85,6 +87,18 @@ export interface VerifyOptions {
|
|
|
85
87
|
skipCache?: boolean;
|
|
86
88
|
/** Proxy URL for browser-based DNS/HTTP requests */
|
|
87
89
|
proxyUrl?: string;
|
|
90
|
+
/** Trusted signer handles whose signing keys are accepted (default: ["keytrace.dev"]) */
|
|
91
|
+
trustedSigners?: string[];
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
/**
|
|
95
|
+
* Options for profile fetching
|
|
96
|
+
*/
|
|
97
|
+
export interface ProfileOptions {
|
|
98
|
+
/** ATProto service URL override */
|
|
99
|
+
serviceUrl?: string;
|
|
100
|
+
/** Trusted signer handles whose signing keys are accepted (default: ["keytrace.dev"]) */
|
|
101
|
+
trustedSigners?: string[];
|
|
88
102
|
}
|
|
89
103
|
|
|
90
104
|
/**
|