@nuggetslife/vc 0.0.10 → 0.0.15

package/Cargo.toml

@@ -10,12 +10,15 @@ crate-type = ["cdylib"]
 # Default enable napi4 feature, see https://nodejs.org/api/n-api.html#node-api-version-matrix
 base64 = "0.22.1"
 bs58 = "0.5.1"
+chrono = "0.4.38"
 hex = "0.4.3"
+lru = "0.14.0"
 # Default enable napi4 feature, see https://nodejs.org/api/n-api.html#node-api-version-matrix
-napi = { version = "2.12.2", default-features = false, features = ["napi4", "tokio_rt"] }
-napi-derive = "2.12.2"
+napi = { version = "2.16.10", default-features = false, features = ["full"] }
+napi-derive = "2.16.12"
 serde = { version = "1.0.203", features = ["derive"] }
 serde_json = "1.0.117"
+tokio = { version = "1.40.0", features = ["sync"] }
 vc = {path = "../rs"}
 
 [build-dependencies]

package/index.d.ts

@@ -3,6 +3,68 @@
 
 /* auto-generated by NAPI-RS */
 
+export interface BoundSignatureSuiteOptions {
+  key?: KeyPairOptions
+  verificationMethod?: string
+  date?: string
+  commitment?: Uint8Array
+  blinded?: Array<number>
+}
+export interface BoundCreateProofOptions {
+  document: any
+  contexts?: any
+}
+export interface BoundVerifyProofOptions {
+  document: any
+  blindingFactor: Uint8Array
+  blindedMessages: Array<Uint8Array>
+  contexts?: any
+}
+export interface BoundDeriveProofOptions {
+  document: any
+  revealDocument: any
+  blindingFactor: Uint8Array
+  blindedMessages: Array<Uint8Array>
+  contexts?: any
+  nonce?: string
+}
+export interface BoundVerifyDerivedProofOptions {
+  document: any
+  contexts?: any
+}
+export interface SignatureSuiteOptions {
+  key?: KeyPairOptions
+  verificationMethod?: string
+  date?: string
+}
+export interface CreateProofOptions {
+  document: any
+  contexts?: any
+}
+export interface VerifyProofOptions {
+  document: any
+  contexts?: any
+}
+export interface SuiteSignOptions {
+  document: any
+  proof: any
+  verifyData: Array<Uint8Array>
+}
+export interface VerifySignatureOptions {
+  document: any
+  proof: any
+  verifyData: Array<Uint8Array>
+}
+export interface DeriveProofOptions {
+  document: any
+  revealDocument: any
+  contexts?: any
+  nonce?: string
+}
+export interface VerifyDerivedProofOptions {
+  document: any
+  contexts?: any
+}
 export interface KeyPairOptions {
   id?: string
   controller?: string
@@ -94,7 +156,150 @@ export interface KeyPairVerifierOptions {
   data: Array<Uint8Array>
   signature: Uint8Array
 }
-export class Bls12381G2KeyPair {
+export interface BoundKeyPairOptions {
+  id?: string
+  controller?: string
+  publicKeyBase58?: string
+  privateKeyBase58?: string
+  commitment: Uint8Array
+  blinded: Array<number>
+}
+/**
+ * Sign a document with BbsBlsSignature2020 and embed the proof.
+ *
+ * Input: `{ document, keyPair: {id, controller, publicKeyBase58, privateKeyBase58}, contexts? }`
+ * Output: signed document JSON with embedded proof
+ */
+export declare function ldSign(options: any): Promise<any>
+/**
+ * Verify a document with an embedded proof (auto-detects proof type).
+ *
+ * Input: `{ document, contexts? }`
+ * Output: `{ verified: boolean, error?: string }`
+ */
+export declare function ldVerify(options: any): Promise<any>
+/**
+ * Derive a selective disclosure proof from a signed document.
+ *
+ * Input: `{ document, revealDocument, nonce?, contexts? }`
+ * Output: derived document JSON with embedded proof
+ */
+export declare function ldDeriveProof(options: any): Promise<any>
+/**
+ * Standalone deriveProof function matching the JS reference's
+ * `deriveProof(proofDocument, revealDocument, { suite, documentLoader, nonce })`.
+ *
+ * Input: proofDocument (signed doc), revealDocument (frame), options `{ contexts?, nonce? }`
+ * Output: derived document JSON with embedded proof
+ */
+export declare function deriveProof(proofDocument: any, revealDocument: any, options: any): Promise<any>
+/**
+ * Create a blind signature commitment (holder side).
+ *
+ * Input: issuerDID (for resolving public key), messages (blinded messages as Uint8Array[]),
+ *        blinded (indices), nonce, knownMessageCount, options `{ contexts? }`
+ * Output: `{ commitment, challengeHash, blindingFactor, proofOfHiddenMessages }` (all Uint8Array)
+ */
+export declare function createCommitment(publicKey: Uint8Array, messages: Array<Uint8Array>, blinded: Array<number>, nonce: Uint8Array, knownMessageCount: number): Promise<any>
+/**
+ * Verify a blind signature commitment (issuer side).
+ *
+ * Returns true if the commitment proof is valid.
+ */
+export declare function verifyCommitment(publicKey: Uint8Array, commitment: Uint8Array, proofOfHiddenMessages: Uint8Array, challengeHash: Uint8Array, blinded: Array<number>, nonce: Uint8Array, knownMessageCount: number): Promise<boolean>
+/**
+ * Unblind a blind signature (holder side).
+ *
+ * Takes the blind signature from the issuer and the holder's blinding factor,
+ * returns the unblinded standard signature.
+ */
+export declare function unblindSignature(blindSignature: Uint8Array, blindingFactor: Uint8Array): Promise<Uint8Array>
+/**
+ * Derive a selective disclosure proof from a holder-bound signed document.
+ *
+ * Input: proofDocument (signed doc), revealDocument (frame),
+ *        options `{ blindingFactor: Uint8Array, blindedMessages: Uint8Array[], contexts?, nonce? }`
+ * Output: derived document JSON with embedded proof
+ */
+export declare function deriveProofHolderBound(proofDocument: any, revealDocument: any, options: any): Promise<any>
+export declare class BbsBlsHolderBoundSignature2022 {
+  type: string
+  constructor(options?: BoundSignatureSuiteOptions | undefined | null)
+  /**
+   * Create a blind sign commitment context.
+   *
+   * Returns `{ knownMessageCount, nonce }` — the holder uses these to create a blind commitment.
+   * Matches JS `BbsBlsHolderBoundSignature2022.createBlindSignCommitmentContext()`.
+   */
+  createBlindSignCommitmentContext(options: BoundCreateProofOptions): Promise<any>
+  /** Create a proof for a document using BbsBlsHolderBoundSignature2022 (blind signing). */
+  createProof(options: BoundCreateProofOptions): Promise<any>
+  /**
+   * Verify a holder-bound signed document.
+   *
+   * Returns `{ verified: boolean, error?: string }`.
+   */
+  verifyProof(options: BoundVerifyProofOptions): Promise<any>
+  /** Ensure both BBS and holder-bound suite contexts are present. */
+  ensureSuiteContext(document: any): any
+  /** Returns the proof types this suite matches. */
+  get proofType(): Array<string>
+}
+export declare class BbsBlsHolderBoundSignatureProof2022 {
+  type: string
+  constructor()
+  /** Derive a selective disclosure proof from a holder-bound signed document. */
+  deriveProof(options: BoundDeriveProofOptions): Promise<any>
+  /**
+   * Verify a derived (selective disclosure) holder-bound proof.
+   *
+   * Returns `{ verified: boolean, error?: string }`.
+   */
+  verifyProof(options: BoundVerifyDerivedProofOptions): Promise<any>
+  /** Returns the proof types this suite produces. */
+  get proofType(): Array<string>
+  /** Returns the proof types from which this suite can derive. */
+  get supportedDerivedProofType(): Array<string>
+}
+export declare class BbsBlsSignature2020 {
+  type: string
+  constructor(options?: SignatureSuiteOptions | undefined | null)
+  /** Generate a BbsBlsSignature2020 suite from a seed (async key generation). */
+  static generate(options: SignatureSuiteOptions): Promise<BbsBlsSignature2020>
+  /**
+   * Create a proof for a document using BbsBlsSignature2020.
+   *
+   * Returns just the proof object (matching JS reference behavior).
+   */
+  createProof(options: CreateProofOptions): Promise<any>
+  /**
+   * Verify a document with an embedded proof.
+   *
+   * Returns `{ verified: boolean, error?: string }`.
+   */
+  verifyProof(options: VerifyProofOptions): Promise<any>
+  /** Ensure the BBS suite context is present in the document's @context. */
+  ensureSuiteContext(document: any): any
+  sign(options: SuiteSignOptions): Promise<any>
+  verifySignature(options: VerifySignatureOptions): Promise<boolean>
+}
+export declare class BbsBlsSignatureProof2020 {
+  type: string
+  constructor()
+  /** Derive a selective disclosure proof from a signed document. */
+  deriveProof(options: DeriveProofOptions): Promise<any>
+  /**
+   * Verify a derived (selective disclosure) proof.
+   *
+   * Returns `{ verified: boolean, error?: string }`.
+   */
+  verifyProof(options: VerifyDerivedProofOptions): Promise<any>
+  /** Returns the proof types this suite produces. */
+  get proofType(): Array<string>
+  /** Returns the proof types from which this suite can derive. */
+  get supportedDerivedProofType(): Array<string>
+}
+export declare class Bls12381G2KeyPair {
   id?: string
   controller?: string
   privateKeyInner?: Array<number>
@@ -117,9 +322,104 @@ export class Bls12381G2KeyPair {
   static fingerprintFromPublicKey(options: FingerPrintFromPublicKeyOptions): string
   verifyFingerprint(fingerprint: string): void
 }
-export class KeyPairSigner {
+export declare class KeyPairSigner {
   sign(options: KeyPairSignerOptions): Promise<Uint8Array>
 }
-export class KeyPairVerifier {
+export declare class KeyPairVerifier {
   verify(options: KeyPairVerifierOptions): Promise<boolean>
 }
+export declare class BoundBls12381G2KeyPair {
+  constructor(options: BoundKeyPairOptions)
+  static from(options: BoundKeyPairOptions): BoundBls12381G2KeyPair
+  get commitment(): Uint8Array
+  get blinded(): Array<number>
+}
+/**
+ * JSON-LD processor — drop-in replacement for the jsonld.js API.
+ *
+ * Holds a `DocumentLoader` and `ContextResolver` internally so they are
+ * created once and reused across all method calls.
+ *
+ * ```js
+ * const jsonld = new JsonLd({ contexts: { "https://example.org/ctx": {...} } });
+ * const expanded = await jsonld.expand(doc);
+ * const compacted = await jsonld.compact(expanded, ctx);
+ * ```
+ */
+export declare class JsonLd {
+  /**
+   * Create a new JSON-LD processor.
+   *
+   * Accepts optional `{ contexts?: Record<string, any> }` to register
+   * additional URL → document mappings in the document loader (on top
+   * of the built-in nuggets contexts).
+   */
+  constructor(options?: any | undefined | null)
+  /**
+   * Expand a JSON-LD document.
+   *
+   * `options` can include: `base`, `expandContext`, `keepFreeFloatingNodes`,
+   * `processingMode`.
+   *
+   * Returns an array of expanded JSON-LD objects.
+   */
+  expand(input: any, options?: any | undefined | null): Promise<any>
+  /**
+   * Compact a JSON-LD document using a context.
+   *
+   * `ctx` — the compaction context (object, array, or string URL).
+   * `options` can include: `base`, `compactArrays`, `graph`,
+   * `skipExpansion`, `processingMode`.
+   *
+   * Returns the compacted JSON-LD object.
+   */
+  compact(input: any, ctx: any, options?: any | undefined | null): Promise<any>
+  /**
+   * Flatten a JSON-LD document.
+   *
+   * `ctx` — optional context for compacting the flattened result.
+   *   Pass `null` to get the flattened expanded form.
+   * `options` can include: `base`, `expandContext`, `processingMode`.
+   *
+   * Returns flattened array (no context) or compacted object (with context).
+   */
+  flatten(input: any, ctx?: any | undefined | null, options?: any | undefined | null): Promise<any>
+  /**
+   * Frame a JSON-LD document.
+   *
+   * `frame` — the framing template.
+   * `options` can include: `base`, `embed`, `explicit`, `requireAll`,
+   * `omitDefault`, `omitGraph`, `processingMode`.
+   *
+   * Returns the framed JSON-LD object.
+   */
+  frame(input: any, frame: any, options?: any | undefined | null): Promise<any>
+  /**
+   * Convert a JSON-LD document to an RDF dataset.
+   *
+   * `options` can include: `base`, `expandContext`, `skipExpansion`,
+   * `format` (`"application/n-quads"` for string output), `processingMode`.
+   *
+   * Returns an array of quads or an N-Quads string (depending on `format`).
+   */
+  toRDF(input: any, options?: any | undefined | null): Promise<any>
+  /**
+   * Convert an RDF dataset to a JSON-LD document.
+   *
+   * `dataset` — N-Quads string or array of quads.
+   * `options` can include: `useRdfType`, `useNativeTypes`, `rdfDirection`.
+   *
+   * Returns an array of JSON-LD objects.
+   */
+  fromRDF(dataset: any, options?: any | undefined | null): any
+  /**
+   * Canonize (normalize) a JSON-LD document.
+   *
+   * `options` can include: `base`, `expandContext`, `skipExpansion`,
+   * `inputFormat` (`"application/n-quads"`), `format`, `algorithm`,
+   * `processingMode`.
+   *
+   * Returns the canonical N-Quads string.
+   */
+  canonize(input: any, options?: any | undefined | null): Promise<any>
+}

package/index.js

@@ -310,8 +310,22 @@ if (!nativeBinding) {
   throw new Error(`Failed to load native binding`)
 }
 
-const { Bls12381G2KeyPair, KeyPairSigner, KeyPairVerifier } = nativeBinding
+const { BbsBlsHolderBoundSignature2022, BbsBlsHolderBoundSignatureProof2022, BbsBlsSignature2020, BbsBlsSignatureProof2020, Bls12381G2KeyPair, KeyPairSigner, KeyPairVerifier, BoundBls12381G2KeyPair, JsonLd, ldSign, ldVerify, ldDeriveProof, deriveProof, createCommitment, verifyCommitment, unblindSignature, deriveProofHolderBound } = nativeBinding
 
+module.exports.BbsBlsHolderBoundSignature2022 = BbsBlsHolderBoundSignature2022
+module.exports.BbsBlsHolderBoundSignatureProof2022 = BbsBlsHolderBoundSignatureProof2022
+module.exports.BbsBlsSignature2020 = BbsBlsSignature2020
+module.exports.BbsBlsSignatureProof2020 = BbsBlsSignatureProof2020
 module.exports.Bls12381G2KeyPair = Bls12381G2KeyPair
 module.exports.KeyPairSigner = KeyPairSigner
 module.exports.KeyPairVerifier = KeyPairVerifier
+module.exports.BoundBls12381G2KeyPair = BoundBls12381G2KeyPair
+module.exports.JsonLd = JsonLd
+module.exports.ldSign = ldSign
+module.exports.ldVerify = ldVerify
+module.exports.ldDeriveProof = ldDeriveProof
+module.exports.deriveProof = deriveProof
+module.exports.createCommitment = createCommitment
+module.exports.verifyCommitment = verifyCommitment
+module.exports.unblindSignature = unblindSignature
+module.exports.deriveProofHolderBound = deriveProofHolderBound

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nuggetslife/vc",
-  "version": "0.0.10",
+  "version": "0.0.15",
   "main": "index.js",
   "types": "index.d.ts",
   "napi": {
@@ -9,7 +9,6 @@
       "defaults": false,
       "additional": [
         "aarch64-apple-darwin",
-        "x86_64-apple-darwin",
         "aarch64-unknown-linux-gnu",
         "aarch64-unknown-linux-musl",
         "x86_64-unknown-linux-gnu",
@@ -19,10 +18,11 @@
   },
   "license": "MIT",
   "devDependencies": {
+    "@mattrglobal/bls12381-key-pair": "^1.2.1",
+    "@mattrglobal/jsonld-signatures-bbs": "^1.2.0",
     "@napi-rs/cli": "^2.18.3",
-    "ava": "^6.0.1",
     "@types/node": "^20.14.9",
-    "bs58": "^6.0.0"
+    "ava": "^6.0.1"
   },
   "ava": {
     "timeout": "3m"
@@ -41,11 +41,11 @@
   },
   "packageManager": "yarn@4.3.1",
   "optionalDependencies": {
-    "@nuggetslife/vc-darwin-arm64": "0.0.10",
-    "@nuggetslife/vc-darwin-x64": "0.0.10",
-    "@nuggetslife/vc-linux-arm64-gnu": "0.0.10",
-    "@nuggetslife/vc-linux-arm64-musl": "0.0.10",
-    "@nuggetslife/vc-linux-x64-gnu": "0.0.10",
-    "@nuggetslife/vc-linux-x64-musl": "0.0.10"
-  }
+    "@nuggetslife/vc-darwin-arm64": "0.0.15",
+    "@nuggetslife/vc-linux-arm64-gnu": "0.0.15",
+    "@nuggetslife/vc-linux-arm64-musl": "0.0.15",
+    "@nuggetslife/vc-linux-x64-gnu": "0.0.15",
+    "@nuggetslife/vc-linux-x64-musl": "0.0.15"
+  },
+  "dependencies": {}
 }

package/src/bls_signatures/bbs_bls_holder_bound_signature_2022/mod.rs

@@ -0,0 +1,268 @@
+#![allow(dead_code)]
+use napi::bindgen_prelude::*;
+use serde_json::json;
+use types::{BoundCreateProofOptions, BoundSignatureSuiteOptions, BoundVerifyProofOptions};
+
+use super::bls_12381_g2_keypair::Bls12381G2KeyPair;
+use crate::ld_signatures::{create_document_loader, parse_contexts};
+
+pub mod types;
+
+const BBS_CONTEXT_URL: &str = "https://w3id.org/security/bbs/v1";
+const BBS_BOUND_CONTEXT_URL: &str = "https://schemas.nuggets.life/bbsBoundv1.json";
+
+#[napi]
+pub struct BbsBlsHolderBoundSignature2022 {
+  key: Bls12381G2KeyPair,
+  verification_method: Option<String>,
+  date: String,
+  commitment: Option<Vec<u8>>,
+  blinded: Option<Vec<usize>>,
+  #[napi(js_name = "type")]
+  pub type_: String,
+}
+
+#[napi]
+impl BbsBlsHolderBoundSignature2022 {
+  #[napi(constructor)]
+  pub fn new(options: Option<BoundSignatureSuiteOptions>) -> Self {
+    match options {
+      Some(opts) => {
+        let key = match opts.key {
+          Some(kp_opts) => Bls12381G2KeyPair::new(Some(
+            super::bls_12381_g2_keypair::types::KeyPairOptions {
+              id: kp_opts.id,
+              controller: kp_opts.controller,
+              public_key_base58: kp_opts.public_key_base58,
+              private_key_base58: kp_opts.private_key_base58,
+            },
+          )),
+          None => Bls12381G2KeyPair::new(None),
+        };
+
+        Self {
+          verification_method: match opts.verification_method {
+            Some(vm) => Some(vm),
+            None => key.id.clone(),
+          },
+          key,
+          date: match opts.date {
+            Some(d) => d,
+            None => chrono::Utc::now().to_rfc3339(),
+          },
+          commitment: opts.commitment.map(|c| c.to_vec()),
+          blinded: opts
+            .blinded
+            .map(|b| b.iter().map(|&i| i as usize).collect()),
+          type_: String::from("sec:BbsBlsHolderBoundSignature2022"),
+        }
+      }
+      None => {
+        let key = Bls12381G2KeyPair::new(None);
+        Self {
+          verification_method: None,
+          key,
+          date: chrono::Utc::now().to_rfc3339(),
+          commitment: None,
+          blinded: None,
+          type_: String::from("sec:BbsBlsHolderBoundSignature2022"),
+        }
+      }
+    }
+  }
+
+  /// Create a blind sign commitment context.
+  ///
+  /// Returns `{ knownMessageCount, nonce }` — the holder uses these to create a blind commitment.
+  /// Matches JS `BbsBlsHolderBoundSignature2022.createBlindSignCommitmentContext()`.
+  #[napi]
+  pub async fn create_blind_sign_commitment_context(
+    &self,
+    options: BoundCreateProofOptions,
+  ) -> Result<serde_json::Value> {
+    let additional_contexts = options
+      .contexts
+      .as_ref()
+      .map(|v| parse_contexts(&json!({ "contexts": v })))
+      .unwrap_or_default();
+    let (loader, cr) = create_document_loader(additional_contexts);
+
+    let rust_key =
+      vc::jsonld::signatures::bbs::bls_12381_g2_keypair::Bls12381G2KeyPair::new(Some(
+        vc::jsonld::signatures::bbs::bls_12381_g2_keypair::types::KeyPairOptions {
+          id: self.key.id.clone(),
+          controller: self.key.controller.clone(),
+          public_key_base58: self.key.public_key(),
+          private_key_base58: self.key.private_key(),
+        },
+      ));
+
+    // Commitment/blinded not needed for counting messages — use empty placeholders.
+    let bound_key = vc::jsonld::signatures::bbs::bound_keypair::BoundBls12381G2KeyPair::new(
+      rust_key,
+      vec![],
+      vec![],
+    );
+
+    let suite = vc::jsonld::signatures::bbs::holder_bound::BbsBlsHolderBoundSignature2022::new(
+      vc::jsonld::signatures::bbs::holder_bound::HolderBoundSignatureSuiteOptions {
+        key: bound_key,
+        verification_method: self.verification_method.clone(),
+        date: None,
+      },
+    )
+    .await;
+
+    let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
+    suite
+      .create_blind_sign_commitment_context(&options.document, &purpose, loader, cr)
+      .await
+      .map_err(|e| {
+        napi::Error::from_reason(format!("createBlindSignCommitmentContext failed: {e}"))
+      })
+  }
+
+  /// Create a proof for a document using BbsBlsHolderBoundSignature2022 (blind signing).
+  #[napi]
+  pub async fn create_proof(
+    &self,
+    options: BoundCreateProofOptions,
+  ) -> Result<serde_json::Value> {
+    let additional_contexts = options
+      .contexts
+      .as_ref()
+      .map(|v| parse_contexts(&json!({ "contexts": v })))
+      .unwrap_or_default();
+    let (loader, cr) = create_document_loader(additional_contexts);
+
+    let commitment = self
+      .commitment
+      .as_ref()
+      .ok_or_else(|| napi::Error::from_reason("No commitment set on suite"))?;
+    let blinded = self
+      .blinded
+      .as_ref()
+      .ok_or_else(|| napi::Error::from_reason("No blinded indices set on suite"))?;
+
+    let rust_key =
+      vc::jsonld::signatures::bbs::bls_12381_g2_keypair::Bls12381G2KeyPair::new(Some(
+        vc::jsonld::signatures::bbs::bls_12381_g2_keypair::types::KeyPairOptions {
+          id: self.key.id.clone(),
+          controller: self.key.controller.clone(),
+          public_key_base58: self.key.public_key(),
+          private_key_base58: self.key.private_key(),
+        },
+      ));
+
+    let bound_key = vc::jsonld::signatures::bbs::bound_keypair::BoundBls12381G2KeyPair::new(
+      rust_key,
+      commitment.clone(),
+      blinded.clone(),
+    );
+
+    let suite = vc::jsonld::signatures::bbs::holder_bound::BbsBlsHolderBoundSignature2022::new(
+      vc::jsonld::signatures::bbs::holder_bound::HolderBoundSignatureSuiteOptions {
+        key: bound_key,
+        verification_method: self.verification_method.clone(),
+        date: None,
+      },
+    )
+    .await;
+
+    let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
+    let signed =
+      vc::jsonld::signatures::sign_holder_bound(options.document, &suite, &purpose, loader, cr)
+        .await
+        .map_err(|e| napi::Error::from_reason(format!("createProof failed: {e}")))?;
+
+    signed
+      .get("proof")
+      .cloned()
+      .ok_or_else(|| napi::Error::from_reason("createProof: no proof in signed document"))
+  }
+
+  /// Verify a holder-bound signed document.
+  ///
+  /// Returns `{ verified: boolean, error?: string }`.
+  #[napi]
+  pub async fn verify_proof(
+    &self,
+    options: BoundVerifyProofOptions,
+  ) -> Result<serde_json::Value> {
+    let additional_contexts = options
+      .contexts
+      .as_ref()
+      .map(|v| parse_contexts(&json!({ "contexts": v })))
+      .unwrap_or_default();
+    let (loader, cr) = create_document_loader(additional_contexts);
+
+    let blinding_factor = options.blinding_factor.to_vec();
+    let blinded_messages: Vec<Vec<u8>> =
+      options.blinded_messages.iter().map(|m| m.to_vec()).collect();
+
+    let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
+    let result = vc::jsonld::signatures::verify_holder_bound(
+      &options.document,
+      blinding_factor,
+      blinded_messages,
+      &purpose,
+      loader,
+      cr,
+    )
+    .await
+    .map_err(|e| napi::Error::from_reason(format!("verifyProof failed: {e}")))?;
+
+    Ok(json!({
+      "verified": result.verified,
+      "error": result.error,
+    }))
+  }
+
+  /// Ensure both BBS and holder-bound suite contexts are present.
+  #[napi]
+  pub fn ensure_suite_context(
+    &self,
+    document: serde_json::Value,
+  ) -> Result<serde_json::Value> {
+    let mut doc = document;
+
+    for context_url in &[BBS_CONTEXT_URL, BBS_BOUND_CONTEXT_URL] {
+      let has_context = match doc.get("@context") {
+        Some(serde_json::Value::String(s)) => s == *context_url,
+        Some(serde_json::Value::Array(arr)) => {
+          arr.iter().any(|v| v.as_str() == Some(*context_url))
+        }
+        _ => false,
+      };
+
+      if !has_context {
+        if let Some(obj) = doc.as_object_mut() {
+          let existing = obj
+            .get("@context")
+            .cloned()
+            .unwrap_or(serde_json::Value::Null);
+          let mut new_context = match existing {
+            serde_json::Value::Array(arr) => serde_json::Value::Array(arr),
+            other => serde_json::Value::Array(vec![other]),
+          };
+          if let serde_json::Value::Array(arr) = &mut new_context {
+            arr.push(serde_json::Value::String(context_url.to_string()));
+          }
+          obj.insert("@context".to_string(), new_context);
+        }
+      }
+    }
+
+    Ok(doc)
+  }
+
+  /// Returns the proof types this suite matches.
+  #[napi(getter)]
+  pub fn proof_type() -> Vec<String> {
+    vec![
+      "BbsBlsHolderBoundSignature2022".to_string(),
+      "sec:BbsBlsHolderBoundSignature2022".to_string(),
+      "https://w3id.org/security#BbsBlsHolderBoundSignature2022".to_string(),
+    ]
+  }
+}