@mcp-i/core 0.1.0

package/dist/delegation/cascading-revocation.js

@@ -0,0 +1,148 @@
+/**
+ * Cascading Revocation Manager
+ *
+ * Implements cascading revocation per Python POC design.
+ * When a parent delegation is revoked, all children are automatically revoked.
+ *
+ * Related Spec: MCP-I §4.4, Delegation Chains
+ */
+export class CascadingRevocationManager {
+    graph;
+    statusList;
+    constructor(graph, statusList) {
+        this.graph = graph;
+        this.statusList = statusList;
+    }
+    async revokeDelegation(delegationId, options = {}) {
+        const maxDepth = options.maxDepth || 100;
+        const events = [];
+        const targetNode = await this.graph.getNode(delegationId);
+        if (!targetNode) {
+            throw new Error(`Delegation not found: ${delegationId}`);
+        }
+        const depth = await this.graph.getDepth(delegationId);
+        if (depth > maxDepth) {
+            throw new Error(`Delegation depth ${depth} exceeds maximum ${maxDepth}`);
+        }
+        const rootEvent = await this.revokeNode(targetNode, true, options.reason, options.dryRun);
+        events.push(rootEvent);
+        if (options.onRevoke) {
+            await options.onRevoke(rootEvent);
+        }
+        const descendants = await this.graph.getDescendants(delegationId);
+        for (const descendant of descendants) {
+            const event = await this.revokeNode(descendant, false, `Cascaded from ${delegationId}`, options.dryRun, delegationId);
+            events.push(event);
+            if (options.onRevoke) {
+                await options.onRevoke(event);
+            }
+        }
+        return events;
+    }
+    async revokeNode(node, isRoot, reason, dryRun, parentId) {
+        const event = {
+            delegationId: node.id,
+            isRoot,
+            parentId,
+            timestamp: Date.now(),
+            reason,
+        };
+        if (dryRun) {
+            return event;
+        }
+        if (node.credentialStatusId) {
+            const credentialStatus = this.parseCredentialStatus(node.credentialStatusId);
+            if (credentialStatus) {
+                await this.statusList.updateStatus(credentialStatus, true);
+            }
+        }
+        return event;
+    }
+    async restoreDelegation(delegationId) {
+        const node = await this.graph.getNode(delegationId);
+        if (!node) {
+            throw new Error(`Delegation not found: ${delegationId}`);
+        }
+        const event = {
+            delegationId: node.id,
+            isRoot: true,
+            timestamp: Date.now(),
+            reason: 'Restored',
+        };
+        if (node.credentialStatusId) {
+            const credentialStatus = this.parseCredentialStatus(node.credentialStatusId);
+            if (credentialStatus) {
+                await this.statusList.updateStatus(credentialStatus, false);
+            }
+        }
+        return event;
+    }
+    async isRevoked(delegationId) {
+        const chain = await this.graph.getChain(delegationId);
+        for (const node of chain.reverse()) {
+            if (node.credentialStatusId) {
+                const credentialStatus = this.parseCredentialStatus(node.credentialStatusId);
+                if (credentialStatus) {
+                    const isRevoked = await this.statusList.checkStatus(credentialStatus);
+                    if (isRevoked) {
+                        return {
+                            revoked: true,
+                            reason: node.id === delegationId ? 'Directly revoked' : 'Ancestor revoked',
+                            revokedAncestor: node.id === delegationId ? undefined : node.id,
+                        };
+                    }
+                }
+            }
+        }
+        return { revoked: false };
+    }
+    async getRevokedInSubtree(rootId) {
+        const descendants = await this.graph.getDescendants(rootId);
+        const revoked = [];
+        const rootRevoked = await this.isRevoked(rootId);
+        if (rootRevoked.revoked) {
+            revoked.push(rootId);
+        }
+        for (const node of descendants) {
+            const isRevoked = await this.isRevoked(node.id);
+            if (isRevoked.revoked) {
+                revoked.push(node.id);
+            }
+        }
+        return revoked;
+    }
+    parseCredentialStatus(credentialStatusId) {
+        const match = credentialStatusId.match(/^(.+)#(\d+)$/);
+        if (!match)
+            return null;
+        const [, statusListCredential, indexStr] = match;
+        const index = parseInt(indexStr, 10);
+        return {
+            id: credentialStatusId,
+            type: 'StatusList2021Entry',
+            statusPurpose: 'revocation',
+            statusListIndex: index.toString(),
+            statusListCredential: statusListCredential,
+        };
+    }
+    async validateDelegation(delegationId) {
+        const revokedCheck = await this.isRevoked(delegationId);
+        if (revokedCheck.revoked) {
+            return {
+                valid: false,
+                reason: revokedCheck.revokedAncestor
+                    ? `Ancestor ${revokedCheck.revokedAncestor} is revoked`
+                    : 'Delegation is revoked',
+            };
+        }
+        const chainValidation = await this.graph.validateChain(delegationId);
+        if (!chainValidation.valid) {
+            return chainValidation;
+        }
+        return { valid: true };
+    }
+}
+export function createCascadingRevocationManager(graph, statusList) {
+    return new CascadingRevocationManager(graph, statusList);
+}
+//# sourceMappingURL=cascading-revocation.js.map

package/dist/delegation/cascading-revocation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cascading-revocation.js","sourceRoot":"","sources":["../../src/delegation/cascading-revocation.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAuBH,MAAM,OAAO,0BAA0B;IAE3B;IACA;IAFV,YACU,KAA6B,EAC7B,UAAiC;QADjC,UAAK,GAAL,KAAK,CAAwB;QAC7B,eAAU,GAAV,UAAU,CAAuB;IACxC,CAAC;IAEJ,KAAK,CAAC,gBAAgB,CACpB,YAAoB,EACpB,UAAsC,EAAE;QAExC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,GAAG,CAAC;QACzC,MAAM,MAAM,GAAsB,EAAE,CAAC;QAErC,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QACtD,IAAI,KAAK,GAAG,QAAQ,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,oBAAoB,KAAK,oBAAoB,QAAQ,EAAE,CAAC,CAAC;QAC3E,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CACrC,UAAU,EACV,IAAI,EACJ,OAAO,CAAC,MAAM,EACd,OAAO,CAAC,MAAM,CACf,CAAC;QACF,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAEvB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,MAAM,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACpC,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;QAElE,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,UAAU,CACjC,UAAU,EACV,KAAK,EACL,iBAAiB,YAAY,EAAE,EAC/B,OAAO,CAAC,MAAM,EACd,YAAY,CACb,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAEnB,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;gBACrB,MAAM,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,KAAK,CAAC,UAAU,CACtB,IAAoB,EACpB,MAAe,EACf,MAAe,EACf,MAAgB,EAChB,QAAiB;QAEjB,MAAM,KAAK,GAAoB;YAC7B,YAAY,EAAE,IAAI,CAAC,EAAE;YACrB,MAAM;YACN,QAAQ;YACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,MAAM;SACP,CAAC;QAEF,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC7E,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,gBAAgB,EAAE,IAAI,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,YAAoB;QAC1C,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACpD,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;QAC3D,CAAC;QAED,MAAM,KAAK,GAAoB;YAC7B,YAAY,EAAE,IAAI,CAAC,EAAE;YACrB,MAAM,EAAE,IAAI;YACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,MAAM,EAAE,UAAU;SACnB,CAAC;QAEF,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YAC7E,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,SAAS,CAAC,YAAoB;QAKlC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAEtD,KAAK,MAAM,IAAI,IAAI,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YACnC,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBAC5B,MAAM,gBAAgB,GAAG,IAAI,CAAC,qBAAqB,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;gBAC7E,IAAI,gBAAgB,EAAE,CAAC;oBACrB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,gBAAgB,CAAC,CAAC;oBACtE,IAAI,SAAS,EAAE,CAAC;wBACd,OAAO;4BACL,OAAO,EAAE,IAAI;4BACb,MAAM,EAAE,IAAI,CAAC,EAAE,KAAK,YAAY,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,kBAAkB;4BAC1E,eAAe,EAAE,IAAI,CAAC,EAAE,KAAK,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE;yBAChE,CAAC;oBACJ,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,MAAc;QACtC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAa,EAAE,CAAC;QAE7B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;QACjD,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACvB,CAAC;QAED,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;YAC/B,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAChD,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;gBACtB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAEO,qBAAqB,CAAC,kBAA0B;QACtD,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;QACvD,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC;QAExB,MAAM,CAAC,EAAE,oBAAoB,EAAE,QAAQ,CAAC,GAAG,KAAK,CAAC;QACjD,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAS,EAAE,EAAE,CAAC,CAAC;QAEtC,OAAO;YACL,EAAE,EAAE,kBAAkB;YACtB,IAAI,EAAE,qBAAqB;YAC3B,aAAa,EAAE,YAAY;YAC3B,eAAe,EAAE,KAAK,CAAC,QAAQ,EAAE;YACjC,oBAAoB,EAAE,oBAAqB;SAC5C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,YAAoB;QAC3C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QACxD,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,YAAY,CAAC,eAAe;oBAClC,CAAC,CAAC,YAAY,YAAY,CAAC,eAAe,aAAa;oBACvD,CAAC,CAAC,uBAAuB;aAC5B,CAAC;QACJ,CAAC;QAED,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;QACrE,IAAI,CAAC,eAAe,CAAC,KAAK,EAAE,CAAC;YAC3B,OAAO,eAAe,CAAC;QACzB,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;CACF;AAED,MAAM,UAAU,gCAAgC,CAC9C,KAA6B,EAC7B,UAAiC;IAEjC,OAAO,IAAI,0BAA0B,CAAC,KAAK,EAAE,UAAU,CAAC,CAAC;AAC3D,CAAC"}

package/dist/delegation/delegation-graph.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Delegation Graph Manager
+ *
+ * Tracks parent-child relationships between delegation credentials.
+ * Critical for cascading revocation per Delegation-Revocation.md.
+ *
+ * Related Spec: MCP-I §4.4, Delegation Chains
+ */
+export interface DelegationNode {
+    id: string;
+    parentId: string | null;
+    children: string[];
+    issuerDid: string;
+    subjectDid: string;
+    credentialStatusId?: string;
+}
+export interface DelegationGraphStorageProvider {
+    getNode(delegationId: string): Promise<DelegationNode | null>;
+    setNode(node: DelegationNode): Promise<void>;
+    getChildren(delegationId: string): Promise<DelegationNode[]>;
+    getChain(delegationId: string): Promise<DelegationNode[]>;
+    getDescendants(delegationId: string): Promise<DelegationNode[]>;
+    deleteNode(delegationId: string): Promise<void>;
+}
+export declare class DelegationGraphManager {
+    private storage;
+    constructor(storage: DelegationGraphStorageProvider);
+    registerDelegation(params: {
+        id: string;
+        parentId: string | null;
+        issuerDid: string;
+        subjectDid: string;
+        credentialStatusId?: string;
+    }): Promise<DelegationNode>;
+    private addChildToParent;
+    getNode(delegationId: string): Promise<DelegationNode | null>;
+    getChildren(delegationId: string): Promise<DelegationNode[]>;
+    getDescendants(delegationId: string): Promise<DelegationNode[]>;
+    getChain(delegationId: string): Promise<DelegationNode[]>;
+    isAncestor(ancestorId: string, descendantId: string): Promise<boolean>;
+    getDepth(delegationId: string): Promise<number>;
+    validateChain(delegationId: string): Promise<{
+        valid: boolean;
+        reason?: string;
+    }>;
+    removeDelegation(delegationId: string): Promise<void>;
+}
+export declare function createDelegationGraph(storage: DelegationGraphStorageProvider): DelegationGraphManager;
+//# sourceMappingURL=delegation-graph.d.ts.map

package/dist/delegation/delegation-graph.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"delegation-graph.d.ts","sourceRoot":"","sources":["../../src/delegation/delegation-graph.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,MAAM,WAAW,cAAc;IAC7B,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,QAAQ,EAAE,MAAM,EAAE,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,8BAA8B;IAC7C,OAAO,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC,CAAC;IAC9D,OAAO,CAAC,IAAI,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7C,WAAW,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;IAC7D,QAAQ,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;IAC1D,cAAc,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;IAChE,UAAU,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjD;AAED,qBAAa,sBAAsB;IACrB,OAAO,CAAC,OAAO;gBAAP,OAAO,EAAE,8BAA8B;IAErD,kBAAkB,CAAC,MAAM,EAAE;QAC/B,EAAE,EAAE,MAAM,CAAC;QACX,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;QACnB,kBAAkB,CAAC,EAAE,MAAM,CAAC;KAC7B,GAAG,OAAO,CAAC,cAAc,CAAC;YAmBb,gBAAgB;IAYxB,OAAO,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,GAAG,IAAI,CAAC;IAI7D,WAAW,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAI5D,cAAc,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAI/D,QAAQ,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAIzD,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKtE,QAAQ,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAK/C,aAAa,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IA6BjF,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAc5D;AAED,wBAAgB,qBAAqB,CACnC,OAAO,EAAE,8BAA8B,GACtC,sBAAsB,CAExB"}

package/dist/delegation/delegation-graph.js

@@ -0,0 +1,99 @@
+/**
+ * Delegation Graph Manager
+ *
+ * Tracks parent-child relationships between delegation credentials.
+ * Critical for cascading revocation per Delegation-Revocation.md.
+ *
+ * Related Spec: MCP-I §4.4, Delegation Chains
+ */
+export class DelegationGraphManager {
+    storage;
+    constructor(storage) {
+        this.storage = storage;
+    }
+    async registerDelegation(params) {
+        const node = {
+            id: params.id,
+            parentId: params.parentId,
+            children: [],
+            issuerDid: params.issuerDid,
+            subjectDid: params.subjectDid,
+            credentialStatusId: params.credentialStatusId,
+        };
+        await this.storage.setNode(node);
+        if (params.parentId) {
+            await this.addChildToParent(params.parentId, params.id);
+        }
+        return node;
+    }
+    async addChildToParent(parentId, childId) {
+        const parent = await this.storage.getNode(parentId);
+        if (!parent) {
+            throw new Error(`Parent delegation not found: ${parentId}`);
+        }
+        if (!parent.children.includes(childId)) {
+            parent.children.push(childId);
+            await this.storage.setNode(parent);
+        }
+    }
+    async getNode(delegationId) {
+        return this.storage.getNode(delegationId);
+    }
+    async getChildren(delegationId) {
+        return this.storage.getChildren(delegationId);
+    }
+    async getDescendants(delegationId) {
+        return this.storage.getDescendants(delegationId);
+    }
+    async getChain(delegationId) {
+        return this.storage.getChain(delegationId);
+    }
+    async isAncestor(ancestorId, descendantId) {
+        const chain = await this.getChain(descendantId);
+        return chain.some((node) => node.id === ancestorId);
+    }
+    async getDepth(delegationId) {
+        const chain = await this.getChain(delegationId);
+        return chain.length - 1;
+    }
+    async validateChain(delegationId) {
+        const chain = await this.getChain(delegationId);
+        if (chain.length === 0) {
+            return { valid: false, reason: 'Delegation not found' };
+        }
+        for (let i = 1; i < chain.length; i++) {
+            const parent = chain[i - 1];
+            const child = chain[i];
+            if (child.issuerDid !== parent.subjectDid) {
+                return {
+                    valid: false,
+                    reason: `Invalid chain: ${child.id} issued by ${child.issuerDid} but parent ${parent.id} subject is ${parent.subjectDid}`,
+                };
+            }
+            if (child.parentId !== parent.id) {
+                return {
+                    valid: false,
+                    reason: `Invalid chain: ${child.id} parentId=${child.parentId} but actual parent is ${parent.id}`,
+                };
+            }
+        }
+        return { valid: true };
+    }
+    async removeDelegation(delegationId) {
+        const node = await this.storage.getNode(delegationId);
+        if (!node)
+            return;
+        if (node.parentId) {
+            const parent = await this.storage.getNode(node.parentId);
+            if (parent) {
+                parent.children = parent.children.filter((id) => id !== delegationId);
+                await this.storage.setNode(parent);
+            }
+        }
+        await this.storage.deleteNode(delegationId);
+    }
+}
+export function createDelegationGraph(storage) {
+    return new DelegationGraphManager(storage);
+}
+//# sourceMappingURL=delegation-graph.js.map

package/dist/delegation/delegation-graph.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"delegation-graph.js","sourceRoot":"","sources":["../../src/delegation/delegation-graph.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAoBH,MAAM,OAAO,sBAAsB;IACb;IAApB,YAAoB,OAAuC;QAAvC,YAAO,GAAP,OAAO,CAAgC;IAAG,CAAC;IAE/D,KAAK,CAAC,kBAAkB,CAAC,MAMxB;QACC,MAAM,IAAI,GAAmB;YAC3B,EAAE,EAAE,MAAM,CAAC,EAAE;YACb,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,QAAQ,EAAE,EAAE;YACZ,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;SAC9C,CAAC;QAEF,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAEjC,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;YACpB,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QAC1D,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,QAAgB,EAAE,OAAe;QAC9D,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACpD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,gCAAgC,QAAQ,EAAE,CAAC,CAAC;QAC9D,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACvC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAC9B,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,YAAoB;QAChC,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,YAAoB;QACpC,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,YAAoB;QACvC,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,YAAoB;QACjC,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,UAAkB,EAAE,YAAoB;QACvD,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAChD,OAAO,KAAK,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,UAAU,CAAC,CAAC;IACtD,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,YAAoB;QACjC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAChD,OAAO,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,YAAoB;QACtC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAEhD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;QAC1D,CAAC;QAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACtC,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC;YAC7B,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;YAExB,IAAI,KAAK,CAAC,SAAS,KAAK,MAAM,CAAC,UAAU,EAAE,CAAC;gBAC1C,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,kBAAkB,KAAK,CAAC,EAAE,cAAc,KAAK,CAAC,SAAS,eAAe,MAAM,CAAC,EAAE,eAAe,MAAM,CAAC,UAAU,EAAE;iBAC1H,CAAC;YACJ,CAAC;YAED,IAAI,KAAK,CAAC,QAAQ,KAAK,MAAM,CAAC,EAAE,EAAE,CAAC;gBACjC,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,kBAAkB,KAAK,CAAC,EAAE,aAAa,KAAK,CAAC,QAAQ,yBAAyB,MAAM,CAAC,EAAE,EAAE;iBAClG,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,YAAoB;QACzC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QACtD,IAAI,CAAC,IAAI;YAAE,OAAO;QAElB,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACzD,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,YAAY,CAAC,CAAC;gBACtE,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,MAAM,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;IAC9C,CAAC;CACF;AAED,MAAM,UAAU,qBAAqB,CACnC,OAAuC;IAEvC,OAAO,IAAI,sBAAsB,CAAC,OAAO,CAAC,CAAC;AAC7C,CAAC"}

package/dist/delegation/did-key-resolver.d.ts

@@ -0,0 +1,64 @@
+/**
+ * DID:key Resolver
+ *
+ * Resolves did:key DIDs to DID Documents with verification methods.
+ * Supports Ed25519 keys (multicodec prefix 0xed01).
+ *
+ * did:key format: did:key:z<multibase-base58btc(<multicodec-prefix><public-key>)>
+ *
+ * For Ed25519:
+ * - Multicodec prefix: 0xed 0x01
+ * - Public key: 32 bytes
+ * - Multibase prefix: 'z' (base58btc)
+ *
+ * @see https://w3c-ccg.github.io/did-method-key/
+ */
+import type { DIDResolver, DIDDocument } from './vc-verifier.js';
+/**
+ * Check if a DID is a valid did:key with Ed25519 key
+ *
+ * Ed25519 keys in did:key start with 'z6Mk' after the method prefix.
+ * The 'z' is the multibase prefix for base58btc, and '6Mk' is the
+ * base58-encoded prefix for Ed25519 (0xed 0x01).
+ *
+ * @param did - The DID to check
+ * @returns true if it's a valid did:key with Ed25519 key
+ */
+export declare function isEd25519DidKey(did: string): boolean;
+/**
+ * Extract the public key bytes from a did:key DID
+ *
+ * @param did - The did:key DID
+ * @returns Public key bytes or null if invalid
+ */
+export declare function extractPublicKeyFromDidKey(did: string): Uint8Array | null;
+/**
+ * Convert Ed25519 public key bytes to JWK format
+ *
+ * @param publicKeyBytes - 32-byte Ed25519 public key
+ * @returns JWK object
+ */
+export declare function publicKeyToJwk(publicKeyBytes: Uint8Array): {
+    kty: string;
+    crv: string;
+    x: string;
+};
+/**
+ * Create a DID:key resolver
+ *
+ * Returns a DIDResolver that can resolve did:key DIDs to DID Documents.
+ * Currently supports only Ed25519 keys.
+ *
+ * @returns DIDResolver implementation for did:key
+ */
+export declare function createDidKeyResolver(): DIDResolver;
+/**
+ * Resolve a did:key DID synchronously
+ *
+ * Convenience function for cases where async is not needed.
+ *
+ * @param did - The did:key DID to resolve
+ * @returns DID Document or null if invalid
+ */
+export declare function resolveDidKeySync(did: string): DIDDocument | null;
+//# sourceMappingURL=did-key-resolver.d.ts.map

package/dist/delegation/did-key-resolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"did-key-resolver.d.ts","sourceRoot":"","sources":["../../src/delegation/did-key-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAsB,MAAM,kBAAkB,CAAC;AASrF;;;;;;;;;GASG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAEpD;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,GAAG,IAAI,CA8BzE;AAED;;;;;GAKG;AACH,wBAAgB,cAAc,CAAC,cAAc,EAAE,UAAU,GAAG;IAC1D,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC;CACX,CAMA;AAED;;;;;;;GAOG;AACH,wBAAgB,oBAAoB,IAAI,WAAW,CAsClD;AAED;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CA2BjE"}

package/dist/delegation/did-key-resolver.js

@@ -0,0 +1,154 @@
+/**
+ * DID:key Resolver
+ *
+ * Resolves did:key DIDs to DID Documents with verification methods.
+ * Supports Ed25519 keys (multicodec prefix 0xed01).
+ *
+ * did:key format: did:key:z<multibase-base58btc(<multicodec-prefix><public-key>)>
+ *
+ * For Ed25519:
+ * - Multicodec prefix: 0xed 0x01
+ * - Public key: 32 bytes
+ * - Multibase prefix: 'z' (base58btc)
+ *
+ * @see https://w3c-ccg.github.io/did-method-key/
+ */
+import { base58Decode } from '../utils/base58.js';
+import { base64urlEncodeFromBytes } from '../utils/base64.js';
+import { logger } from '../logging/index.js';
+/** Ed25519 multicodec prefix (0xed 0x01) */
+const ED25519_MULTICODEC_PREFIX = new Uint8Array([0xed, 0x01]);
+/** Ed25519 public key length */
+const ED25519_PUBLIC_KEY_LENGTH = 32;
+/**
+ * Check if a DID is a valid did:key with Ed25519 key
+ *
+ * Ed25519 keys in did:key start with 'z6Mk' after the method prefix.
+ * The 'z' is the multibase prefix for base58btc, and '6Mk' is the
+ * base58-encoded prefix for Ed25519 (0xed 0x01).
+ *
+ * @param did - The DID to check
+ * @returns true if it's a valid did:key with Ed25519 key
+ */
+export function isEd25519DidKey(did) {
+    return did.startsWith('did:key:z6Mk');
+}
+/**
+ * Extract the public key bytes from a did:key DID
+ *
+ * @param did - The did:key DID
+ * @returns Public key bytes or null if invalid
+ */
+export function extractPublicKeyFromDidKey(did) {
+    if (!did.startsWith('did:key:z')) {
+        return null;
+    }
+    try {
+        // Extract the multibase-encoded part (after 'did:key:')
+        const multibaseKey = did.replace('did:key:', '');
+        // Remove the 'z' multibase prefix (base58btc)
+        const base58Encoded = multibaseKey.slice(1);
+        // Decode from base58
+        const multicodecBytes = base58Decode(base58Encoded);
+        // Check for Ed25519 multicodec prefix (0xed 0x01)
+        if (multicodecBytes.length < ED25519_MULTICODEC_PREFIX.length + ED25519_PUBLIC_KEY_LENGTH ||
+            multicodecBytes[0] !== ED25519_MULTICODEC_PREFIX[0] ||
+            multicodecBytes[1] !== ED25519_MULTICODEC_PREFIX[1]) {
+            return null;
+        }
+        // Extract the public key (bytes after the prefix)
+        return multicodecBytes.slice(ED25519_MULTICODEC_PREFIX.length);
+    }
+    catch (error) {
+        logger.debug('Failed to extract public key from did:key', error);
+        return null;
+    }
+}
+/**
+ * Convert Ed25519 public key bytes to JWK format
+ *
+ * @param publicKeyBytes - 32-byte Ed25519 public key
+ * @returns JWK object
+ */
+export function publicKeyToJwk(publicKeyBytes) {
+    return {
+        kty: 'OKP',
+        crv: 'Ed25519',
+        x: base64urlEncodeFromBytes(publicKeyBytes),
+    };
+}
+/**
+ * Create a DID:key resolver
+ *
+ * Returns a DIDResolver that can resolve did:key DIDs to DID Documents.
+ * Currently supports only Ed25519 keys.
+ *
+ * @returns DIDResolver implementation for did:key
+ */
+export function createDidKeyResolver() {
+    return {
+        resolve: async (did) => {
+            // Check if it's a did:key with Ed25519
+            if (!isEd25519DidKey(did)) {
+                return null;
+            }
+            // Extract the public key
+            const publicKeyBytes = extractPublicKeyFromDidKey(did);
+            if (!publicKeyBytes) {
+                return null;
+            }
+            // Convert to JWK
+            const publicKeyJwk = publicKeyToJwk(publicKeyBytes);
+            // Get the multibase-encoded key for publicKeyMultibase
+            const multibaseKey = did.replace('did:key:', '');
+            // Construct the verification method
+            const verificationMethod = {
+                id: `${did}#keys-1`,
+                type: 'Ed25519VerificationKey2020',
+                controller: did,
+                publicKeyJwk,
+                publicKeyMultibase: multibaseKey,
+            };
+            // Construct and return the DID Document
+            return {
+                id: did,
+                verificationMethod: [verificationMethod],
+                authentication: [`${did}#keys-1`],
+                assertionMethod: [`${did}#keys-1`],
+            };
+        },
+    };
+}
+/**
+ * Resolve a did:key DID synchronously
+ *
+ * Convenience function for cases where async is not needed.
+ *
+ * @param did - The did:key DID to resolve
+ * @returns DID Document or null if invalid
+ */
+export function resolveDidKeySync(did) {
+    if (!isEd25519DidKey(did)) {
+        return null;
+    }
+    const publicKeyBytes = extractPublicKeyFromDidKey(did);
+    if (!publicKeyBytes) {
+        return null;
+    }
+    const publicKeyJwk = publicKeyToJwk(publicKeyBytes);
+    const multibaseKey = did.replace('did:key:', '');
+    const verificationMethod = {
+        id: `${did}#keys-1`,
+        type: 'Ed25519VerificationKey2020',
+        controller: did,
+        publicKeyJwk,
+        publicKeyMultibase: multibaseKey,
+    };
+    return {
+        id: did,
+        verificationMethod: [verificationMethod],
+        authentication: [`${did}#keys-1`],
+        assertionMethod: [`${did}#keys-1`],
+    };
+}
+//# sourceMappingURL=did-key-resolver.js.map

package/dist/delegation/did-key-resolver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"did-key-resolver.js","sourceRoot":"","sources":["../../src/delegation/did-key-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,wBAAwB,EAAE,MAAM,oBAAoB,CAAC;AAE9D,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C,4CAA4C;AAC5C,MAAM,yBAAyB,GAAG,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AAE/D,gCAAgC;AAChC,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAErC;;;;;;;;;GASG;AACH,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,OAAO,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC;AACxC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CAAC,GAAW;IACpD,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,wDAAwD;QACxD,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;QAEjD,8CAA8C;QAC9C,MAAM,aAAa,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAE5C,qBAAqB;QACrB,MAAM,eAAe,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;QAEpD,kDAAkD;QAClD,IACE,eAAe,CAAC,MAAM,GAAG,yBAAyB,CAAC,MAAM,GAAG,yBAAyB;YACrF,eAAe,CAAC,CAAC,CAAC,KAAK,yBAAyB,CAAC,CAAC,CAAC;YACnD,eAAe,CAAC,CAAC,CAAC,KAAK,yBAAyB,CAAC,CAAC,CAAC,EACnD,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,kDAAkD;QAClD,OAAO,eAAe,CAAC,KAAK,CAAC,yBAAyB,CAAC,MAAM,CAAC,CAAC;IACjE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,KAAK,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAC;QACjE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAAC,cAA0B;IAKvD,OAAO;QACL,GAAG,EAAE,KAAK;QACV,GAAG,EAAE,SAAS;QACd,CAAC,EAAE,wBAAwB,CAAC,cAAc,CAAC;KAC5C,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO;QACL,OAAO,EAAE,KAAK,EAAE,GAAW,EAA+B,EAAE;YAC1D,uCAAuC;YACvC,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,yBAAyB;YACzB,MAAM,cAAc,GAAG,0BAA0B,CAAC,GAAG,CAAC,CAAC;YACvD,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,iBAAiB;YACjB,MAAM,YAAY,GAAG,cAAc,CAAC,cAAc,CAAC,CAAC;YAEpD,uDAAuD;YACvD,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;YAEjD,oCAAoC;YACpC,MAAM,kBAAkB,GAAuB;gBAC7C,EAAE,EAAE,GAAG,GAAG,SAAS;gBACnB,IAAI,EAAE,4BAA4B;gBAClC,UAAU,EAAE,GAAG;gBACf,YAAY;gBACZ,kBAAkB,EAAE,YAAY;aACjC,CAAC;YAEF,wCAAwC;YACxC,OAAO;gBACL,EAAE,EAAE,GAAG;gBACP,kBAAkB,EAAE,CAAC,kBAAkB,CAAC;gBACxC,cAAc,EAAE,CAAC,GAAG,GAAG,SAAS,CAAC;gBACjC,eAAe,EAAE,CAAC,GAAG,GAAG,SAAS,CAAC;aACnC,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,iBAAiB,CAAC,GAAW;IAC3C,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,cAAc,GAAG,0BAA0B,CAAC,GAAG,CAAC,CAAC;IACvD,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,YAAY,GAAG,cAAc,CAAC,cAAc,CAAC,CAAC;IACpD,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;IAEjD,MAAM,kBAAkB,GAAuB;QAC7C,EAAE,EAAE,GAAG,GAAG,SAAS;QACnB,IAAI,EAAE,4BAA4B;QAClC,UAAU,EAAE,GAAG;QACf,YAAY;QACZ,kBAAkB,EAAE,YAAY;KACjC,CAAC;IAEF,OAAO;QACL,EAAE,EAAE,GAAG;QACP,kBAAkB,EAAE,CAAC,kBAAkB,CAAC;QACxC,cAAc,EAAE,CAAC,GAAG,GAAG,SAAS,CAAC;QACjC,eAAe,EAAE,CAAC,GAAG,GAAG,SAAS,CAAC;KACnC,CAAC;AACJ,CAAC"}

package/dist/delegation/did-web-resolver.d.ts

@@ -0,0 +1,83 @@
+/**
+ * DID:web Resolver
+ *
+ * Resolves did:web DIDs by fetching /.well-known/did.json from the domain.
+ * Supports both root domain DIDs and path-based DIDs.
+ *
+ * Examples:
+ *   did:web:example.com → https://example.com/.well-known/did.json
+ *   did:web:example.com:agents:bot1 → https://example.com/agents/bot1/did.json
+ *
+ * @see https://w3c-ccg.github.io/did-method-web/
+ */
+import type { FetchProvider } from '../providers/base.js';
+import type { DIDResolver, DIDDocument } from './vc-verifier.js';
+/**
+ * Parsed components of a did:web DID
+ */
+interface ParsedDidWeb {
+    domain: string;
+    path: string[];
+}
+/**
+ * Check if a DID is a did:web DID
+ *
+ * @param did - The DID to check
+ * @returns true if it's a did:web DID
+ */
+export declare function isDidWeb(did: string): boolean;
+/**
+ * Parse a did:web DID into its components
+ *
+ * @param did - The did:web DID to parse
+ * @returns Parsed components or null if invalid
+ */
+export declare function parseDidWeb(did: string): ParsedDidWeb | null;
+/**
+ * Convert a did:web DID to its resolution URL
+ *
+ * did:web:example.com → https://example.com/.well-known/did.json
+ * did:web:example.com:path:to:doc → https://example.com/path/to/doc/did.json
+ *
+ * @param did - The did:web DID
+ * @returns The resolution URL or null if invalid
+ */
+export declare function didWebToUrl(did: string): string | null;
+/**
+ * DID:web resolver implementation
+ */
+export declare class DidWebResolver implements DIDResolver {
+    private fetchProvider;
+    private cache;
+    private cacheTtl;
+    constructor(fetchProvider: FetchProvider, options?: {
+        cacheTtl?: number;
+    });
+    /**
+     * Resolve a did:web DID to its DID Document
+     *
+     * @param did - The did:web DID to resolve
+     * @returns The DID Document or null if resolution fails
+     */
+    resolve(did: string): Promise<DIDDocument | null>;
+    /**
+     * Clear the resolution cache
+     */
+    clearCache(): void;
+    /**
+     * Clear a specific entry from the cache
+     */
+    clearCacheEntry(did: string): void;
+}
+/**
+ * Create a did:web resolver with the given fetch provider
+ *
+ * @param fetchProvider - Provider for making HTTP requests
+ * @param options - Optional configuration
+ * @returns DIDResolver implementation for did:web
+ */
+export declare function createDidWebResolver(fetchProvider: FetchProvider, options?: {
+    cacheTtl?: number;
+}): DIDResolver;
+export {};
+//# sourceMappingURL=did-web-resolver.d.ts.map

package/dist/delegation/did-web-resolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"did-web-resolver.d.ts","sourceRoot":"","sources":["../../src/delegation/did-web-resolver.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAC1D,OAAO,KAAK,EAAE,WAAW,EAAE,WAAW,EAAsB,MAAM,kBAAkB,CAAC;AAGrF;;GAEG;AACH,UAAU,YAAY;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AA0DD;;;;;GAKG;AACH,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAE7C;AAED;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,YAAY,GAAG,IAAI,CA0B5D;AAED;;;;;;;;GAQG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAsBtD;AAED;;GAEG;AACH,qBAAa,cAAe,YAAW,WAAW;IAChD,OAAO,CAAC,aAAa,CAAgB;IACrC,OAAO,CAAC,KAAK,CAA4D;IACzE,OAAO,CAAC,QAAQ,CAAS;gBAEb,aAAa,EAAE,aAAa,EAAE,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE;IAMzE;;;;;OAKG;IACG,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC;IAgEvD;;OAEG;IACH,UAAU,IAAI,IAAI;IAIlB;;OAEG;IACH,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;CAGnC;AAED;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAClC,aAAa,EAAE,aAAa,EAC5B,OAAO,CAAC,EAAE;IAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,GAC9B,WAAW,CAEb"}