@kya-os/mcp-i-core 1.2.3-canary.6 → 1.3.0

package/src/delegation/__tests__/utils.test.ts

@@ -0,0 +1,152 @@
+import { describe, it, expect } from "vitest";
+import { canonicalizeJSON } from "../utils.js";
+
+describe("canonicalizeJSON", () => {
+  it("should canonicalize null", () => {
+    expect(canonicalizeJSON(null)).toBe("null");
+  });
+
+  it("should canonicalize boolean true", () => {
+    expect(canonicalizeJSON(true)).toBe("true");
+  });
+
+  it("should canonicalize boolean false", () => {
+    expect(canonicalizeJSON(false)).toBe("false");
+  });
+
+  it("should canonicalize number zero", () => {
+    expect(canonicalizeJSON(0)).toBe("0");
+  });
+
+  it("should canonicalize positive number", () => {
+    expect(canonicalizeJSON(42)).toBe("42");
+  });
+
+  it("should canonicalize negative number", () => {
+    expect(canonicalizeJSON(-42)).toBe("-42");
+  });
+
+  it("should canonicalize decimal number", () => {
+    expect(canonicalizeJSON(3.14)).toBe("3.14");
+  });
+
+  it("should throw error for non-finite number (Infinity)", () => {
+    expect(() => canonicalizeJSON(Infinity)).toThrow("Cannot canonicalize non-finite number");
+  });
+
+  it("should throw error for non-finite number (NaN)", () => {
+    expect(() => canonicalizeJSON(NaN)).toThrow("Cannot canonicalize non-finite number");
+  });
+
+  it("should canonicalize empty string", () => {
+    expect(canonicalizeJSON("")).toBe('""');
+  });
+
+  it("should canonicalize string", () => {
+    expect(canonicalizeJSON("hello")).toBe('"hello"');
+  });
+
+  it("should canonicalize string with special characters", () => {
+    expect(canonicalizeJSON('hello "world"')).toBe('"hello \\"world\\""');
+  });
+
+  it("should canonicalize empty array", () => {
+    expect(canonicalizeJSON([])).toBe("[]");
+  });
+
+  it("should canonicalize array with primitives", () => {
+    const result = canonicalizeJSON([1, "two", true, null]);
+    expect(result).toBe('[1,"two",true,null]');
+  });
+
+  it("should canonicalize nested arrays", () => {
+    const result = canonicalizeJSON([[1, 2], [3, 4]]);
+    expect(result).toBe("[[1,2],[3,4]]");
+  });
+
+  it("should canonicalize empty object", () => {
+    expect(canonicalizeJSON({})).toBe("{}");
+  });
+
+  it("should canonicalize object with sorted keys", () => {
+    const obj = { z: 3, a: 1, m: 2 };
+    const result = canonicalizeJSON(obj);
+    expect(result).toBe('{"a":1,"m":2,"z":3}');
+  });
+
+  it("should canonicalize object with string values", () => {
+    const obj = { name: "test", value: "hello" };
+    const result = canonicalizeJSON(obj);
+    expect(result).toBe('{"name":"test","value":"hello"}');
+  });
+
+  it("should canonicalize nested objects", () => {
+    const obj = { a: { b: { c: 1 } } };
+    const result = canonicalizeJSON(obj);
+    expect(result).toBe('{"a":{"b":{"c":1}}}');
+  });
+
+  it("should canonicalize object with array values", () => {
+    const obj = { items: [1, 2, 3] };
+    const result = canonicalizeJSON(obj);
+    expect(result).toBe('{"items":[1,2,3]}');
+  });
+
+  it("should canonicalize complex nested structure", () => {
+    const obj = {
+      z: "last",
+      a: {
+        nested: [1, { deep: true }],
+        value: 42,
+      },
+      m: ["array", "values"],
+    };
+    const result = canonicalizeJSON(obj);
+    // Keys should be sorted: a, m, z
+    expect(result).toContain('"a"');
+    expect(result).toContain('"m"');
+    expect(result).toContain('"z"');
+    expect(result.indexOf('"a"')).toBeLessThan(result.indexOf('"m"'));
+    expect(result.indexOf('"m"')).toBeLessThan(result.indexOf('"z"'));
+  });
+
+  it("should produce identical output for same input (deterministic)", () => {
+    const obj = { z: 3, a: 1, m: 2 };
+    const result1 = canonicalizeJSON(obj);
+    const result2 = canonicalizeJSON(obj);
+    expect(result1).toBe(result2);
+  });
+
+  it("should handle object with null values", () => {
+    const obj = { a: null, b: "value" };
+    const result = canonicalizeJSON(obj);
+    expect(result).toBe('{"a":null,"b":"value"}');
+  });
+
+  it("should handle object with boolean values", () => {
+    const obj = { enabled: true, disabled: false };
+    const result = canonicalizeJSON(obj);
+    expect(result).toBe('{"disabled":false,"enabled":true}');
+  });
+
+  it("should throw error for undefined", () => {
+    expect(() => canonicalizeJSON(undefined)).toThrow("Cannot canonicalize type: undefined");
+  });
+
+  it("should throw error for function", () => {
+    expect(() => canonicalizeJSON(() => {})).toThrow("Cannot canonicalize type: function");
+  });
+
+  it("should handle unicode strings", () => {
+    const result = canonicalizeJSON("hello 世界");
+    expect(result).toBe('"hello 世界"');
+  });
+
+  it("should handle object with numeric keys (sorted as strings)", () => {
+    const obj = { "10": "ten", "2": "two", "1": "one" };
+    const result = canonicalizeJSON(obj);
+    // Keys sorted lexicographically: "1", "10", "2"
+    expect(result).toBe('{"1":"one","10":"ten","2":"two"}');
+  });
+});
+

package/src/delegation/__tests__/vc-issuer.test.ts

@@ -0,0 +1,442 @@
+import { describe, it, expect, beforeEach, vi, Mock } from "vitest";
+import {
+  DelegationCredentialIssuer,
+  createDelegationIssuer,
+  type VCSigningFunction,
+  type IdentityProvider,
+  type IssueDelegationOptions,
+} from "../vc-issuer.js";
+import type {
+  DelegationRecord,
+  DelegationCredential,
+  Proof,
+} from "@kya-os/contracts";
+
+// Mock the contracts functions
+vi.mock("@kya-os/contracts", () => ({
+  wrapDelegationAsVC: vi.fn(),
+}));
+
+vi.mock("../utils", () => ({
+  canonicalizeJSON: vi.fn(),
+}));
+
+describe("DelegationCredentialIssuer", () => {
+  let mockIdentity: IdentityProvider;
+  let mockSigningFunction: Mock<VCSigningFunction>;
+  let issuer: DelegationCredentialIssuer;
+
+  const mockDelegationRecord: DelegationRecord = {
+    id: "del-001",
+    issuerDid: "did:web:example.com:issuer",
+    subjectDid: "did:web:example.com:subject",
+    vcId: "urn:uuid:del-001",
+    parentId: undefined,
+    constraints: {
+      scopes: ["read:profile"],
+    },
+    signature: "",
+    status: "active",
+    createdAt: Date.now(),
+  };
+
+  const mockProof: Proof = {
+    type: "Ed25519Signature2020",
+    created: "2024-01-01T00:00:00Z",
+    verificationMethod: "did:web:example.com:issuer#key-1",
+    proofPurpose: "assertionMethod",
+    proofValue: "mock-proof-value",
+  };
+
+  beforeEach(async () => {
+    vi.clearAllMocks();
+
+    mockIdentity = {
+      getDid: vi.fn().mockReturnValue("did:web:example.com:issuer"),
+      getKeyId: vi.fn().mockReturnValue("key-123"),
+      getPrivateKey: vi.fn().mockReturnValue("mock-private-key"),
+    };
+
+    mockSigningFunction = vi.fn().mockResolvedValue(mockProof);
+
+    issuer = new DelegationCredentialIssuer(mockIdentity, mockSigningFunction);
+
+    // Setup default mocks
+    const { wrapDelegationAsVC } = await import("@kya-os/contracts");
+    const { canonicalizeJSON } = await import("../utils.js");
+
+    vi.mocked(wrapDelegationAsVC).mockReturnValue({
+      "@context": ["https://www.w3.org/2018/credentials/v1"],
+      id: "urn:uuid:del-001",
+      type: ["VerifiableCredential", "DelegationCredential"],
+      issuer: "did:web:example.com:issuer",
+      issuanceDate: "2024-01-01T00:00:00Z",
+      credentialSubject: {
+        id: "did:web:example.com:subject",
+        delegation: {
+          id: "del-001",
+          issuerDid: "did:web:example.com:issuer",
+          subjectDid: "did:web:example.com:subject",
+          scopes: ["read:profile"],
+          status: "active",
+        },
+      },
+    } as any);
+
+    vi.mocked(canonicalizeJSON).mockReturnValue('{"canonical":"json"}');
+  });
+
+  describe("constructor", () => {
+    it("should create issuer with identity and signing function", () => {
+      const newIssuer = new DelegationCredentialIssuer(
+        mockIdentity,
+        mockSigningFunction
+      );
+      expect(newIssuer).toBeInstanceOf(DelegationCredentialIssuer);
+    });
+  });
+
+  describe("createDelegationIssuer", () => {
+    it("should create an issuer instance", () => {
+      const newIssuer = createDelegationIssuer(
+        mockIdentity,
+        mockSigningFunction
+      );
+      expect(newIssuer).toBeInstanceOf(DelegationCredentialIssuer);
+    });
+  });
+
+  describe("issueDelegationCredential", () => {
+    it("should issue a signed delegation credential", async () => {
+      const result =
+        await issuer.issueDelegationCredential(mockDelegationRecord);
+
+      expect(result).toBeDefined();
+      expect(result.proof).toEqual(mockProof);
+      expect(mockSigningFunction).toHaveBeenCalled();
+    });
+
+    it("should call wrapDelegationAsVC with delegation record", async () => {
+      const { wrapDelegationAsVC } = await import("@kya-os/contracts");
+
+      await issuer.issueDelegationCredential(mockDelegationRecord);
+
+      expect(wrapDelegationAsVC).toHaveBeenCalledWith(
+        mockDelegationRecord,
+        expect.objectContaining({
+          id: undefined,
+          issuanceDate: undefined,
+          expirationDate: undefined,
+          credentialStatus: undefined,
+        })
+      );
+    });
+
+    it("should pass options to wrapDelegationAsVC", async () => {
+      const { wrapDelegationAsVC } = await import("@kya-os/contracts");
+      const options: IssueDelegationOptions = {
+        id: "custom-vc-id",
+        issuanceDate: "2024-01-01T00:00:00Z",
+        expirationDate: "2025-01-01T00:00:00Z",
+      };
+
+      await issuer.issueDelegationCredential(mockDelegationRecord, options);
+
+      expect(wrapDelegationAsVC).toHaveBeenCalledWith(
+        mockDelegationRecord,
+        expect.objectContaining({
+          id: "custom-vc-id",
+          issuanceDate: "2024-01-01T00:00:00Z",
+          expirationDate: "2025-01-01T00:00:00Z",
+        })
+      );
+    });
+
+    it("should add additional contexts if provided", async () => {
+      const { wrapDelegationAsVC } = await import("@kya-os/contracts");
+      const { canonicalizeJSON } = await import("../utils.js");
+
+      const mockVC = {
+        "@context": ["https://www.w3.org/2018/credentials/v1"],
+        id: "urn:uuid:del-001",
+        type: ["VerifiableCredential"],
+        issuer: "did:web:example.com:issuer",
+        issuanceDate: "2024-01-01T00:00:00Z",
+        credentialSubject: {},
+      };
+
+      vi.mocked(wrapDelegationAsVC).mockReturnValue(mockVC as any);
+
+      const options: IssueDelegationOptions = {
+        additionalContexts: ["https://example.com/context"],
+      };
+
+      const result = await issuer.issueDelegationCredential(
+        mockDelegationRecord,
+        options
+      );
+
+      expect(result["@context"]).toContain("https://example.com/context");
+    });
+
+    it("should canonicalize VC before signing", async () => {
+      const { canonicalizeJSON } = await import("../utils.js");
+
+      await issuer.issueDelegationCredential(mockDelegationRecord);
+
+      expect(canonicalizeJSON).toHaveBeenCalled();
+    });
+
+    it("should call signing function with canonical VC, DID, and key ID", async () => {
+      const { canonicalizeJSON } = await import("../utils.js");
+      vi.mocked(canonicalizeJSON).mockReturnValue("canonical-json-string");
+
+      await issuer.issueDelegationCredential(mockDelegationRecord);
+
+      expect(mockSigningFunction).toHaveBeenCalledWith(
+        "canonical-json-string",
+        "did:web:example.com:issuer",
+        "key-123"
+      );
+    });
+
+    it("should include proof in returned credential", async () => {
+      const result =
+        await issuer.issueDelegationCredential(mockDelegationRecord);
+
+      expect(result.proof).toBeDefined();
+      expect(result.proof).toEqual(mockProof);
+    });
+
+    it("should handle credential status option", async () => {
+      const { wrapDelegationAsVC } = await import("@kya-os/contracts");
+      const credentialStatus = {
+        id: "https://example.com/status#123",
+        type: "StatusList2021Entry" as const,
+        statusPurpose: "revocation" as const,
+        statusListIndex: "123",
+        statusListCredential: "https://example.com/status",
+      };
+
+      const options: IssueDelegationOptions = {
+        credentialStatus,
+      };
+
+      await issuer.issueDelegationCredential(mockDelegationRecord, options);
+
+      expect(wrapDelegationAsVC).toHaveBeenCalledWith(
+        mockDelegationRecord,
+        expect.objectContaining({
+          credentialStatus,
+        })
+      );
+    });
+  });
+
+  describe("createAndIssueDelegation", () => {
+    it("should create delegation record and issue as VC", async () => {
+      const result = await issuer.createAndIssueDelegation({
+        id: "del-new",
+        issuerDid: "did:web:example.com:issuer",
+        subjectDid: "did:web:example.com:subject",
+        constraints: {
+          scopes: ["read:profile"],
+        },
+      });
+
+      expect(result).toBeDefined();
+      expect(result.proof).toEqual(mockProof);
+    });
+
+    it("should use provided vcId or generate one", async () => {
+      const { wrapDelegationAsVC } = await import("@kya-os/contracts");
+
+      // Without custom ID
+      await issuer.createAndIssueDelegation({
+        id: "del-new",
+        issuerDid: "did:web:example.com:issuer",
+        subjectDid: "did:web:example.com:subject",
+        constraints: {
+          scopes: ["read:profile"],
+        },
+      });
+
+      expect(wrapDelegationAsVC).toHaveBeenCalledWith(
+        expect.objectContaining({
+          vcId: "urn:uuid:del-new",
+        }),
+        expect.any(Object)
+      );
+
+      // With custom ID
+      vi.clearAllMocks();
+      await issuer.createAndIssueDelegation(
+        {
+          id: "del-new",
+          issuerDid: "did:web:example.com:issuer",
+          subjectDid: "did:web:example.com:subject",
+          constraints: {
+            scopes: ["read:profile"],
+          },
+        },
+        { id: "custom-vc-id" }
+      );
+
+      expect(wrapDelegationAsVC).toHaveBeenCalledWith(
+        expect.objectContaining({
+          vcId: "custom-vc-id",
+        }),
+        expect.any(Object)
+      );
+    });
+
+    it("should set default status to active", async () => {
+      const { wrapDelegationAsVC } = await import("@kya-os/contracts");
+
+      await issuer.createAndIssueDelegation({
+        id: "del-new",
+        issuerDid: "did:web:example.com:issuer",
+        subjectDid: "did:web:example.com:subject",
+        constraints: {
+          scopes: ["read:profile"],
+        },
+      });
+
+      expect(wrapDelegationAsVC).toHaveBeenCalledWith(
+        expect.objectContaining({
+          status: "active",
+        }),
+        expect.any(Object)
+      );
+    });
+
+    it("should use provided status if given", async () => {
+      const { wrapDelegationAsVC } = await import("@kya-os/contracts");
+
+      await issuer.createAndIssueDelegation({
+        id: "del-new",
+        issuerDid: "did:web:example.com:issuer",
+        subjectDid: "did:web:example.com:subject",
+        constraints: {
+          scopes: ["read:profile"],
+        },
+        status: "active",
+      });
+
+      expect(wrapDelegationAsVC).toHaveBeenCalledWith(
+        expect.objectContaining({
+          status: "active",
+        }),
+        expect.any(Object)
+      );
+    });
+
+    it("should include parentId if provided", async () => {
+      const { wrapDelegationAsVC } = await import("@kya-os/contracts");
+
+      await issuer.createAndIssueDelegation({
+        id: "del-child",
+        issuerDid: "did:web:example.com:issuer",
+        subjectDid: "did:web:example.com:subject",
+        parentId: "del-parent",
+        constraints: {
+          scopes: ["read:profile"],
+        },
+      });
+
+      expect(wrapDelegationAsVC).toHaveBeenCalledWith(
+        expect.objectContaining({
+          parentId: "del-parent",
+        }),
+        expect.any(Object)
+      );
+    });
+
+    it("should include metadata if provided", async () => {
+      const { wrapDelegationAsVC } = await import("@kya-os/contracts");
+      const metadata = { custom: "value" };
+
+      await issuer.createAndIssueDelegation({
+        id: "del-new",
+        issuerDid: "did:web:example.com:issuer",
+        subjectDid: "did:web:example.com:subject",
+        constraints: {
+          scopes: ["read:profile"],
+        },
+        metadata,
+      });
+
+      expect(wrapDelegationAsVC).toHaveBeenCalledWith(
+        expect.objectContaining({
+          metadata,
+        }),
+        expect.any(Object)
+      );
+    });
+
+    it("should set createdAt timestamp", async () => {
+      const { wrapDelegationAsVC } = await import("@kya-os/contracts");
+      const beforeTime = Date.now();
+
+      await issuer.createAndIssueDelegation({
+        id: "del-new",
+        issuerDid: "did:web:example.com:issuer",
+        subjectDid: "did:web:example.com:subject",
+        constraints: {
+          scopes: ["read:profile"],
+        },
+      });
+
+      const afterTime = Date.now();
+
+      expect(wrapDelegationAsVC).toHaveBeenCalledWith(
+        expect.objectContaining({
+          createdAt: expect.any(Number),
+        }),
+        expect.any(Object)
+      );
+
+      const callArgs = vi.mocked(wrapDelegationAsVC).mock
+        .calls[0][0] as DelegationRecord;
+      expect(callArgs.createdAt).toBeGreaterThanOrEqual(beforeTime);
+      expect(callArgs.createdAt).toBeLessThanOrEqual(afterTime);
+    });
+  });
+
+  describe("getIssuerDid", () => {
+    it("should return issuer DID from identity provider", () => {
+      const did = issuer.getIssuerDid();
+      expect(did).toBe("did:web:example.com:issuer");
+      expect(mockIdentity.getDid).toHaveBeenCalled();
+    });
+  });
+
+  describe("getIssuerKeyId", () => {
+    it("should return key ID from identity provider", () => {
+      const keyId = issuer.getIssuerKeyId();
+      expect(keyId).toBe("key-123");
+      expect(mockIdentity.getKeyId).toHaveBeenCalled();
+    });
+  });
+
+  describe("error handling", () => {
+    it("should propagate errors from signing function", async () => {
+      mockSigningFunction.mockRejectedValue(new Error("Signing failed"));
+
+      await expect(
+        issuer.issueDelegationCredential(mockDelegationRecord)
+      ).rejects.toThrow("Signing failed");
+    });
+
+    it("should propagate errors from wrapDelegationAsVC", async () => {
+      const { wrapDelegationAsVC } = await import("@kya-os/contracts");
+      vi.mocked(wrapDelegationAsVC).mockImplementation(() => {
+        throw new Error("VC wrapping failed");
+      });
+
+      await expect(
+        issuer.issueDelegationCredential(mockDelegationRecord)
+      ).rejects.toThrow("VC wrapping failed");
+    });
+  });
+});