@metalabel/dfos-protocol 0.10.0 → 0.12.0

package/README.md

@@ -21,11 +21,11 @@ import { createJws, dagCborCanonicalEncode, verifyJws } from '@metalabel/dfos-pr
 
 ## Subpath Exports
 
-| Export                                 | Description                                                             |
-| -------------------------------------- | ----------------------------------------------------------------------- |
-| `@metalabel/dfos-protocol/chain`       | Identity and content chain signing, verification, beacons, countersigns |
-| `@metalabel/dfos-protocol/credentials` | Auth tokens (DID-signed JWT) and DFOS credentials for authorization     |
-| `@metalabel/dfos-protocol/crypto`      | Ed25519, JWS, JWT, dag-cbor, base64url, ID generation                   |
+| Export                                 | Description                                                               |
+| -------------------------------------- | ------------------------------------------------------------------------- |
+| `@metalabel/dfos-protocol/chain`       | Identity & content chains, services, artifacts, countersigns, revocations |
+| `@metalabel/dfos-protocol/credentials` | Auth tokens (DID-signed JWT) and DFOS credentials for authorization       |
+| `@metalabel/dfos-protocol/crypto`      | Ed25519, JWS, JWT, dag-cbor, base64url, ID generation                     |
 
 ## Specifications
 
@@ -33,7 +33,7 @@ import { createJws, dagCborCanonicalEncode, verifyJws } from '@metalabel/dfos-pr
 | ------------------------------------------------ | -------------------------------------------------------------- |
 | [PROTOCOL.md](../../specs/PROTOCOL.md)           | Core protocol — chains, signatures, verification, test vectors |
 | [DID-METHOD.md](../../specs/DID-METHOD.md)       | W3C DID method specification for `did:dfos`                    |
-| [CONTENT-MODEL.md](../../specs/CONTENT-MODEL.md) | Standard content schemas (post, profile, manifest)             |
+| [CONTENT-MODEL.md](../../specs/CONTENT-MODEL.md) | Standard content schemas (post, profile)                       |
 
 ## Examples
 
@@ -47,7 +47,7 @@ The `examples/` directory contains deterministic reference fixtures that can be
 - `content-delegated.json` — creator genesis + delegated update with DFOS write credential
 - `credential-write.json` — DFOS write credential (broad + content-narrowed)
 - `credential-read.json` — DFOS read credential
-- `beacon.json` — signed manifest pointer announcement with witness countersignature
+- `identity-services.json` — genesis publishing a services set (relay locator + content/artifact anchors)
 
 ## License
 

package/dist/chain/index.d.ts

@@ -1,5 +1,5 @@
-import { I as IdentityOperation, S as Signer, V as VerifiedIdentity, C as ContentOperation, B as BeaconPayload, a as CountersignPayload, A as ArtifactPayload } from '../schemas-BhikXSf_.js';
-export { M as MAX_ARTIFACT_PAYLOAD_SIZE, b as MultikeyPublicKey, R as RevocationPayload } from '../schemas-BhikXSf_.js';
+import { I as IdentityOperation, i as Signer, V as VerifiedIdentity, S as ServiceEntry, b as ContentOperation, c as CountersignPayload, a as ArtifactPayload } from '../schemas-Bb_9P8_s.js';
+export { A as ARTIFACT_CID_ANCHOR_RE, C as CONTENT_ID_ANCHOR_RE, M as MAX_ARTIFACT_PAYLOAD_SIZE, d as MAX_OPERATION_SIZE, e as MAX_SERVICES_ENTRIES, f as MAX_SERVICES_PAYLOAD_SIZE, g as MultikeyPublicKey, R as RevocationPayload, h as ServicesArray } from '../schemas-Bb_9P8_s.js';
 import 'zod';
 
 /** Ed25519 public key multicodec value */
@@ -88,6 +88,29 @@ declare const verifyIdentityExtensionFromTrustedState: (input: {
     createdAt: string;
 }>;
 
+type AnchorKind = 'chain' | 'artifact' | 'invalid';
+/**
+ * Enforce the services byte cap on the CBOR-encoded array — same encoding the
+ * wire uses, so the bound is identical across implementations. Mirrors the
+ * artifact payload size check.
+ */
+declare const assertServicesWithinCap: (services: ServiceEntry[]) => Promise<void>;
+/**
+ * Classify a ContentAnchor target by structural form. Resolvers dispatch on the
+ * result: 'chain' → resolve a content chain by contentId; 'artifact' → fetch by
+ * CID and require type:"artifact"; 'invalid' → reject (e.g. a bare head CID is
+ * 'artifact'-shaped but fails the resolution-time type check).
+ */
+declare const classifyAnchor: (anchor: string) => AnchorKind;
+/** Recognized (core-blessed) service types. All other types are valid but opaque. */
+declare const RECOGNIZED_SERVICE_TYPES: readonly ["DfosRelay", "ContentAnchor"];
+/** Whether the core assigns structural semantics to this service type. */
+declare const isRecognizedServiceType: (type: string) => boolean;
+/** Select the DfosRelay transport endpoints from a services set, in entry order. */
+declare const relayEndpoints: (services: ServiceEntry[]) => string[];
+/** Select ContentAnchor entries matching a client label (e.g. "profile"). */
+declare const anchorsByLabel: (services: ServiceEntry[], label: string) => ServiceEntry[];
+
 interface VerifiedContentChain {
     /** Content identifier — bare 31-char hash derived from genesis CID */
     contentId: string;
@@ -178,34 +201,6 @@ declare const verifyContentExtensionFromTrustedState: (input: {
     createdAt: string;
 }>;
 
-interface VerifiedBeacon {
-    did: string;
-    manifestContentId: string;
-    createdAt: string;
-    signerKeyId: string;
-    beaconCID: string;
-}
-/**
- * Sign a beacon announcement as a JWS
- */
-declare const signBeacon: (input: {
-    payload: BeaconPayload;
-    signer: Signer;
-    kid: string;
-}) => Promise<{
-    jwsToken: string;
-    beaconCID: string;
-}>;
-/**
- * Verify a beacon JWS — signature, CID, payload schema, clock skew
- */
-declare const verifyBeacon: (input: {
-    jwsToken: string;
-    resolveKey: (kid: string) => Promise<Uint8Array>;
-    /** Current time for clock skew check (defaults to Date.now()) */
-    now?: number;
-}) => Promise<VerifiedBeacon>;
-
 interface VerifiedCountersignature {
     /** CID of this countersign operation (distinct from the target) */
     countersignCID: string;
@@ -213,6 +208,8 @@ interface VerifiedCountersignature {
     witnessDID: string;
     /** The CID being attested to */
     targetCID: string;
+    /** Open-namespace relation tag, if present (e.g. "endorses", "coauthors") */
+    relation?: string;
 }
 /**
  * Sign a countersignature attesting to a target operation by CID
@@ -294,4 +291,4 @@ declare const verifyRevocation: (input: {
     resolveKey: (kid: string) => Promise<Uint8Array>;
 }) => Promise<VerifiedRevocation>;
 
-export { ArtifactPayload, BeaconPayload, ContentOperation, CountersignPayload, ED25519_PRIV_MULTICODEC, ED25519_PUB_MULTICODEC, IdentityOperation, Signer, type VerifiedArtifact, type VerifiedBeacon, type VerifiedContentChain, type VerifiedCountersignature, VerifiedIdentity, type VerifiedRevocation, decodeMultikey, deriveChainIdentifier, deriveContentId, encodeEd25519Multikey, signArtifact, signBeacon, signContentOperation, signCountersignature, signIdentityOperation, signRevocation, verifyArtifact, verifyBeacon, verifyContentChain, verifyContentExtensionFromTrustedState, verifyCountersignature, verifyIdentityChain, verifyIdentityExtensionFromTrustedState, verifyRevocation };
+export { type AnchorKind, ArtifactPayload, ContentOperation, CountersignPayload, ED25519_PRIV_MULTICODEC, ED25519_PUB_MULTICODEC, IdentityOperation, RECOGNIZED_SERVICE_TYPES, ServiceEntry, Signer, type VerifiedArtifact, type VerifiedContentChain, type VerifiedCountersignature, VerifiedIdentity, type VerifiedRevocation, anchorsByLabel, assertServicesWithinCap, classifyAnchor, decodeMultikey, deriveChainIdentifier, deriveContentId, encodeEd25519Multikey, isRecognizedServiceType, relayEndpoints, signArtifact, signContentOperation, signCountersignature, signIdentityOperation, signRevocation, verifyArtifact, verifyContentChain, verifyContentExtensionFromTrustedState, verifyCountersignature, verifyIdentityChain, verifyIdentityExtensionFromTrustedState, verifyRevocation };

package/dist/chain/index.js

@@ -1,61 +1,81 @@
 import {
+  ARTIFACT_CID_ANCHOR_RE,
   ArtifactPayload,
-  BeaconPayload,
+  CONTENT_ID_ANCHOR_RE,
   ContentOperation,
   CountersignPayload,
   IdentityOperation,
   MAX_ARTIFACT_PAYLOAD_SIZE,
+  MAX_OPERATION_SIZE,
+  MAX_SERVICES_ENTRIES,
+  MAX_SERVICES_PAYLOAD_SIZE,
   MultikeyPublicKey,
+  RECOGNIZED_SERVICE_TYPES,
   RevocationPayload,
+  ServiceEntry,
+  ServicesArray,
   VerifiedIdentity,
+  anchorsByLabel,
+  assertServicesWithinCap,
+  classifyAnchor,
   deriveChainIdentifier,
   deriveContentId,
+  isRecognizedServiceType,
+  relayEndpoints,
   signArtifact,
-  signBeacon,
   signContentOperation,
   signCountersignature,
   signIdentityOperation,
   signRevocation,
   verifyArtifact,
-  verifyBeacon,
   verifyContentChain,
   verifyContentExtensionFromTrustedState,
   verifyCountersignature,
   verifyIdentityChain,
   verifyIdentityExtensionFromTrustedState,
   verifyRevocation
-} from "../chunk-GZ7ZAIRD.js";
+} from "../chunk-J5C4OXL4.js";
 import {
   ED25519_PRIV_MULTICODEC,
   ED25519_PUB_MULTICODEC,
   decodeMultikey,
   encodeEd25519Multikey
-} from "../chunk-LQFOBE6X.js";
-import "../chunk-GQOZJKKO.js";
+} from "../chunk-J3XXF6F5.js";
+import "../chunk-4QQ5HK5M.js";
 export {
+  ARTIFACT_CID_ANCHOR_RE,
   ArtifactPayload,
-  BeaconPayload,
+  CONTENT_ID_ANCHOR_RE,
   ContentOperation,
   CountersignPayload,
   ED25519_PRIV_MULTICODEC,
   ED25519_PUB_MULTICODEC,
   IdentityOperation,
   MAX_ARTIFACT_PAYLOAD_SIZE,
+  MAX_OPERATION_SIZE,
+  MAX_SERVICES_ENTRIES,
+  MAX_SERVICES_PAYLOAD_SIZE,
   MultikeyPublicKey,
+  RECOGNIZED_SERVICE_TYPES,
   RevocationPayload,
+  ServiceEntry,
+  ServicesArray,
   VerifiedIdentity,
+  anchorsByLabel,
+  assertServicesWithinCap,
+  classifyAnchor,
   decodeMultikey,
   deriveChainIdentifier,
   deriveContentId,
   encodeEd25519Multikey,
+  isRecognizedServiceType,
+  relayEndpoints,
   signArtifact,
-  signBeacon,
   signContentOperation,
   signCountersignature,
   signIdentityOperation,
   signRevocation,
   verifyArtifact,
-  verifyBeacon,
   verifyContentChain,
   verifyContentExtensionFromTrustedState,
   verifyCountersignature,

package/dist/{chunk-GQOZJKKO.js → chunk-4QQ5HK5M.js}

@@ -239,7 +239,11 @@ var dagCborCanonicalEncode = async (value) => {
   });
 };
 var MAX_SAFE_CANONICAL_INTEGER = 9007199254740991;
-var assertCanonicalNumbers = (value) => {
+var MAX_CANONICAL_DEPTH = 1024;
+var assertCanonicalNumbers = (value, depth = 0) => {
+  if (depth > MAX_CANONICAL_DEPTH) {
+    throw new Error(`value nesting exceeds max depth ${MAX_CANONICAL_DEPTH}`);
+  }
   if (typeof value === "number") {
     if (!Number.isFinite(value)) {
       throw new Error(`non-finite number is not canonicalizable: ${value}`);
@@ -257,11 +261,11 @@ var assertCanonicalNumbers = (value) => {
     return;
   }
   if (Array.isArray(value)) {
-    for (const entry of value) assertCanonicalNumbers(entry);
+    for (const entry of value) assertCanonicalNumbers(entry, depth + 1);
     return;
   }
   if (value !== null && typeof value === "object") {
-    for (const entry of Object.values(value)) assertCanonicalNumbers(entry);
+    for (const entry of Object.values(value)) assertCanonicalNumbers(entry, depth + 1);
   }
 };
 var parseDagCborCID = (cid) => {

package/dist/{chunk-LQFOBE6X.js → chunk-J3XXF6F5.js}

@@ -5,27 +5,24 @@ import {
   decodeJwsUnsafe,
   verifyJws,
   verifyJwt
-} from "./chunk-GQOZJKKO.js";
+} from "./chunk-4QQ5HK5M.js";
 
 // src/credentials/schemas.ts
 import { z } from "zod";
-var MAX_DID = 256;
-var MAX_AUD = 512;
-var MAX_RESOURCE = 512;
-var MAX_ACTION = 64;
 var MAX_ATT = 32;
 var MAX_PRF = 1;
-var Attenuation = z.strictObject({
-  resource: z.string().min(1).max(MAX_RESOURCE),
-  action: z.string().min(1).max(MAX_ACTION)
+var MAX_CREDENTIAL_SIZE = 262144;
+var Attenuation = z.looseObject({
+  resource: z.string().min(1),
+  action: z.string().min(1)
 });
-var DFOSCredentialPayload = z.strictObject({
+var DFOSCredentialPayload = z.looseObject({
   version: z.literal(1),
   type: z.literal("DFOSCredential"),
   /** Issuer DID */
-  iss: z.string().min(1).max(MAX_DID),
+  iss: z.string().min(1),
   /** Audience DID or "*" for public credentials */
-  aud: z.string().min(1).max(MAX_AUD),
+  aud: z.string().min(1),
   /** Attenuations — resource + action pairs */
   att: z.array(Attenuation).min(1).max(MAX_ATT),
   /** Parent credential JWS tokens (for delegation chains) */
@@ -35,13 +32,13 @@ var DFOSCredentialPayload = z.strictObject({
   /** Issued at — unix seconds */
   iat: z.number().int().positive()
 });
-var AuthTokenClaims = z.strictObject({
+var AuthTokenClaims = z.looseObject({
   /** Issuer — the DID proving identity */
-  iss: z.string().max(MAX_DID),
+  iss: z.string(),
   /** Subject — same as iss for auth tokens */
-  sub: z.string().max(MAX_DID),
+  sub: z.string(),
   /** Audience — target relay hostname (prevents cross-relay replay) */
-  aud: z.string().max(MAX_AUD),
+  aud: z.string(),
   /** Expiration — unix seconds, short-lived (minutes) */
   exp: z.number().int().positive(),
   /** Issued at — unix seconds */
@@ -187,6 +184,11 @@ var createDFOSCredential = async (options) => {
   return jwsToken;
 };
 var verifyDFOSCredential = async (jwsToken, options) => {
+  if (jwsToken.length > MAX_CREDENTIAL_SIZE) {
+    throw new CredentialVerificationError(
+      `credential exceeds max size: ${jwsToken.length} > ${MAX_CREDENTIAL_SIZE}`
+    );
+  }
   const decoded = decodeJwsUnsafe(jwsToken);
   if (!decoded) throw new CredentialVerificationError("failed to decode credential JWS");
   if (decoded.header.typ !== "did:dfos:credential") {
@@ -372,6 +374,7 @@ export {
   ED25519_PRIV_MULTICODEC,
   encodeEd25519Multikey,
   decodeMultikey,
+  MAX_CREDENTIAL_SIZE,
   Attenuation,
   DFOSCredentialPayload,
   AuthTokenClaims,