@nuggetslife/vc 0.0.10 → 0.0.15

package/test.mjs

@@ -1,13 +1,19 @@
 import test from 'node:test';
 import assert from 'node:assert';
+import { readFileSync } from 'node:fs';
+import { resolve, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { randomFillSync } from 'node:crypto';
 import { Bls12381G2KeyPair } from '@mattrglobal/bls12381-key-pair';
-import { Bls12381G2KeyPair as NewKeyPairClass } from './index.js'
-import bs58 from 'bs58'
-import bbs from '@nuggetslife/ffi-bbs-signatures'
+import { Bls12381G2KeyPair as NewBls12381G2KeyPair, BbsBlsSignature2020 as NewBbsBlsSignature2020, BbsBlsSignatureProof2020 as NewBbsBlsSignatureProof2020, BbsBlsHolderBoundSignature2022, BbsBlsHolderBoundSignatureProof2022, BoundBls12381G2KeyPair, ldSign, ldVerify, ldDeriveProof, deriveProof as napiDeriveProof, createCommitment, verifyCommitment, unblindSignature, deriveProofHolderBound, JsonLd } from './index.js'
+import { BbsBlsSignature2020 } from '@mattrglobal/jsonld-signatures-bbs';
 
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+//
+// Bls12381G2KeyPair
+//
 const seed = Buffer.alloc(32, 0)
-const address = '0x581510277Bc56802dE75BA021b66873437e0169f'
-const addressBase58 = bs58.encode(Buffer.from(address.slice(2), 'hex'))
 
 //Set of messages we wish to sign
 const messages = [
@@ -17,24 +23,19 @@ const messages = [
 
 test('gen keypair for same seed', async () => {
     const mattr = await Bls12381G2KeyPair.generate({ seed, });
-    const harry = await NewKeyPairClass.generate({ seed })
-    const ffi = await bbs.generateBls12381G2KeyPair(seed)
-    const ffi_sec_key = bs58.encode(Buffer.from(ffi.secretKey))
-    const ffi_pub_key = bs58.encode(Buffer.from(ffi.publicKey))
+    const harry = await NewBls12381G2KeyPair.generate({ seed })
 
     // private keys match
     assert.equal(mattr.privateKey, harry.privateKey)
-    assert.equal(ffi_sec_key, harry.privateKey)
 
     // public keys match
     assert.equal(mattr.publicKey, harry.publicKey)
-    assert.equal(ffi_pub_key, harry.publicKey)
 })
 
 
 test('keypair from keypair', async () => {
     const mattr = await Bls12381G2KeyPair.generate({ seed, });
-    const harry = await NewKeyPairClass.from({
+    const harry = await NewBls12381G2KeyPair.from({
         id: mattr.id,
         controller: mattr.controller,
         publicKeyBase58: mattr.publicKey,
@@ -51,7 +52,7 @@ test('keypair from keypair', async () => {
 
 test('sign and verify', async () => {
     const mattr = await Bls12381G2KeyPair.generate({ seed, });
-    const harry = await NewKeyPairClass.generate({ seed })
+    const harry = await NewBls12381G2KeyPair.generate({ seed })
 
     const ms = mattr.signer();
     const hs = harry.signer();
@@ -77,16 +78,1081 @@ test('sign and verify', async () => {
     assert.equal(ms_verify_hs_sig, true)
 })
 
-test('issuer jwk', async () => {
 
-    const mattr = await Bls12381G2KeyPair.generate({ seed, });
-    const harry = await NewKeyPairClass.generate({ seed })
-    console.log(mattr.publicKeyBuffer)
-    console.log(mattr.privateKeyBuffer)
+//
+// LD Signatures — End-to-End Tests
+//
+// Matches the demo_single flow: sign → verify → derive → verify derived
+//
 
-    console.log(harry.publicKeyBuffer)
-    console.log(harry.publicKeyBuffer2)
-    console.log(harry.privateKeyBuffer)
+const dataDir = resolve(__dirname, 'test-data');
+const loadJson = (name) => JSON.parse(readFileSync(resolve(dataDir, name), 'utf8'));
 
+const inputDocument = loadJson('inputDocument.json');
+const keyPair = loadJson('keyPair.json');
+const controllerDocument = loadJson('controllerDocument.json');
+const citizenVocab = loadJson('citizenVocab.json');
+const revealDocument = loadJson('deriveProofFrame.json');
 
-})
+// Additional contexts not in the built-in nuggets context cache
+const contexts = {
+    "did:example:489398593#test": keyPair,
+    "did:example:489398593": controllerDocument,
+    "https://w3id.org/citizenship/v1": citizenVocab,
+};
+
+test('ldSign produces a signed document with proof', async () => {
+    const signed = await ldSign({
+        document: inputDocument,
+        keyPair,
+        contexts,
+    });
+
+    assert.ok(signed, 'ldSign returned a result');
+    assert.ok(signed.proof, 'signed document has a proof');
+    assert.equal(signed.proof.type, 'BbsBlsSignature2020');
+    assert.ok(signed.proof.proofValue, 'proof has a proofValue');
+    assert.equal(signed.proof.verificationMethod, 'did:example:489398593#test');
+    assert.equal(signed.proof.proofPurpose, 'assertionMethod');
+});
+
+test('ldVerify confirms a signed document is valid', async () => {
+    const signed = await ldSign({
+        document: inputDocument,
+        keyPair,
+        contexts,
+    });
+
+    const result = await ldVerify({
+        document: signed,
+        contexts,
+    });
+
+    assert.equal(result.verified, true, `expected verified=true, got error: ${result.error}`);
+});
+
+test('ldVerify detects tampered documents', async () => {
+    const signed = await ldSign({
+        document: inputDocument,
+        keyPair,
+        contexts,
+    });
+
+    // Tamper with the document
+    const tampered = JSON.parse(JSON.stringify(signed));
+    tampered.credentialSubject.givenName = 'TAMPERED';
+
+    const result = await ldVerify({
+        document: tampered,
+        contexts,
+    });
+
+    assert.equal(result.verified, false, 'tampered document should not verify');
+});
+
+test('ldDeriveProof produces a derived document with selective disclosure', async () => {
+    const signed = await ldSign({
+        document: inputDocument,
+        keyPair,
+        contexts,
+    });
+
+    const derived = await ldDeriveProof({
+        document: signed,
+        revealDocument,
+        contexts,
+    });
+
+    assert.ok(derived, 'ldDeriveProof returned a result');
+    assert.ok(derived.proof, 'derived document has a proof');
+    assert.equal(derived.proof.type, 'BbsBlsSignatureProof2020');
+    assert.ok(derived.proof.proofValue, 'derived proof has a proofValue');
+    assert.ok(derived.proof.nonce, 'derived proof has a nonce');
+
+    // Verify selective disclosure: only requested fields present in credentialSubject
+    // Note: compact.rs may use full IRI keys instead of short names (known limitation)
+    const subject = derived.credentialSubject
+        || derived['https://www.w3.org/2018/credentials#credentialSubject'];
+    assert.ok(subject, 'derived document has credentialSubject');
+
+    const givenName = subject.givenName
+        || subject['http://schema.org/givenName'];
+    const familyName = subject.familyName
+        || subject['http://schema.org/familyName'];
+    const gender = subject.gender
+        || subject['http://schema.org/gender'];
+    const birthDate = subject.birthDate
+        ?? subject['http://schema.org/birthDate'];
+    const lprNumber = subject.lprNumber
+        ?? subject['https://w3id.org/citizenship#lprNumber'];
+
+    assert.ok(givenName, 'givenName is revealed');
+    assert.ok(familyName, 'familyName is revealed');
+    assert.ok(gender, 'gender is revealed');
+    assert.equal(birthDate, undefined, 'birthDate should not be revealed');
+    assert.equal(lprNumber, undefined, 'lprNumber should not be revealed');
+});
+
+test('ldVerify confirms a derived proof is valid', async () => {
+    const signed = await ldSign({
+        document: inputDocument,
+        keyPair,
+        contexts,
+    });
+
+    const derived = await ldDeriveProof({
+        document: signed,
+        revealDocument,
+        contexts,
+    });
+
+    const result = await ldVerify({
+        document: derived,
+        contexts,
+    });
+
+    assert.equal(result.verified, true, `expected derived proof verified=true, got error: ${result.error}`);
+});
+
+test('full demo_single flow: sign → verify → derive → verify derived', async () => {
+    // Step 1: Sign
+    const signed = await ldSign({
+        document: inputDocument,
+        keyPair,
+        contexts,
+    });
+    assert.ok(signed.proof, 'signed document has proof');
+
+    // Step 2: Verify signed document
+    const verifyResult = await ldVerify({ document: signed, contexts });
+    assert.equal(verifyResult.verified, true, `sign verify failed: ${verifyResult.error}`);
+
+    // Step 3: Derive selective disclosure proof
+    const derived = await ldDeriveProof({
+        document: signed,
+        revealDocument,
+        contexts,
+    });
+    assert.equal(derived.proof.type, 'BbsBlsSignatureProof2020');
+
+    // Step 4: Verify derived proof
+    const derivedVerifyResult = await ldVerify({ document: derived, contexts });
+    assert.equal(derivedVerifyResult.verified, true, `derived verify failed: ${derivedVerifyResult.error}`);
+});
+
+
+//
+// BbsBlsSignature2020 class-based API tests
+//
+
+test('BbsBlsSignature2020 constructor with key material', () => {
+    const suite = new NewBbsBlsSignature2020({
+        key: keyPair,
+    });
+
+    assert.ok(suite, 'constructor returned an instance');
+    assert.equal(suite.type, 'sec:BbsBlsSignature2020');
+});
+
+test('BbsBlsSignature2020 constructor without args (verifier-only)', () => {
+    const suite = new NewBbsBlsSignature2020();
+
+    assert.ok(suite, 'constructor returned an instance');
+    assert.equal(suite.type, 'sec:BbsBlsSignature2020');
+});
+
+test('BbsBlsSignature2020.createProof produces valid proof', async () => {
+    const suite = new NewBbsBlsSignature2020({ key: keyPair });
+
+    const proof = await suite.createProof({
+        document: inputDocument,
+        contexts,
+    });
+
+    assert.ok(proof, 'createProof returned a result');
+    assert.equal(proof.type, 'BbsBlsSignature2020');
+    assert.ok(proof.proofValue, 'proof has a proofValue');
+    assert.equal(proof.verificationMethod, 'did:example:489398593#test');
+    assert.equal(proof.proofPurpose, 'assertionMethod');
+});
+
+test('BbsBlsSignature2020.verifyProof confirms signed document', async () => {
+    const suite = new NewBbsBlsSignature2020({ key: keyPair });
+
+    const proof = await suite.createProof({
+        document: inputDocument,
+        contexts,
+    });
+
+    // Embed proof in document for verification
+    const signed = { ...inputDocument, proof };
+
+    const result = await suite.verifyProof({
+        document: signed,
+        contexts,
+    });
+
+    assert.equal(result.verified, true, `expected verified=true, got error: ${result.error}`);
+});
+
+test('BbsBlsSignature2020.verifyProof detects tampered document', async () => {
+    const suite = new NewBbsBlsSignature2020({ key: keyPair });
+
+    const proof = await suite.createProof({
+        document: inputDocument,
+        contexts,
+    });
+
+    const tampered = { ...inputDocument, proof };
+    tampered.credentialSubject = { ...tampered.credentialSubject, givenName: 'TAMPERED' };
+
+    const result = await suite.verifyProof({
+        document: tampered,
+        contexts,
+    });
+
+    assert.equal(result.verified, false, 'tampered document should not verify');
+});
+
+test('BbsBlsSignature2020.ensureSuiteContext adds BBS context', () => {
+    const suite = new NewBbsBlsSignature2020();
+    const doc = { "@context": "https://www.w3.org/2018/credentials/v1", "type": "VerifiableCredential" };
+    const result = suite.ensureSuiteContext(doc);
+
+    const ctx = result["@context"];
+    assert.ok(Array.isArray(ctx), '@context should be an array');
+    assert.ok(ctx.includes('https://w3id.org/security/bbs/v1'), 'BBS context should be added');
+});
+
+test('BbsBlsSignature2020.ensureSuiteContext does not duplicate', () => {
+    const suite = new NewBbsBlsSignature2020();
+    const doc = {
+        "@context": ["https://www.w3.org/2018/credentials/v1", "https://w3id.org/security/bbs/v1"],
+        "type": "VerifiableCredential",
+    };
+    const result = suite.ensureSuiteContext(doc);
+
+    const ctx = result["@context"];
+    const bbsCount = ctx.filter(c => c === 'https://w3id.org/security/bbs/v1').length;
+    assert.equal(bbsCount, 1, 'BBS context should not be duplicated');
+});
+
+
+//
+// BbsBlsSignatureProof2020 class-based API tests
+//
+
+test('BbsBlsSignatureProof2020 constructor', () => {
+    const suite = new NewBbsBlsSignatureProof2020();
+
+    assert.ok(suite, 'constructor returned an instance');
+    assert.equal(suite.type, 'sec:BbsBlsSignatureProof2020');
+    assert.ok(Array.isArray(suite.proofType), 'proofType is an array');
+    assert.ok(suite.proofType.includes('BbsBlsSignatureProof2020'));
+    assert.ok(Array.isArray(suite.supportedDerivedProofType), 'supportedDerivedProofType is an array');
+    assert.ok(suite.supportedDerivedProofType.includes('BbsBlsSignature2020'));
+});
+
+test('BbsBlsSignatureProof2020.deriveProof produces derived proof', async () => {
+    // First sign with the high-level API
+    const signed = await ldSign({
+        document: inputDocument,
+        keyPair,
+        contexts,
+    });
+
+    const proofSuite = new NewBbsBlsSignatureProof2020();
+    const derived = await proofSuite.deriveProof({
+        document: signed,
+        revealDocument,
+        contexts,
+    });
+
+    assert.ok(derived, 'deriveProof returned a result');
+    assert.ok(derived.proof, 'derived document has a proof');
+    assert.equal(derived.proof.type, 'BbsBlsSignatureProof2020');
+    assert.ok(derived.proof.proofValue, 'derived proof has a proofValue');
+    assert.ok(derived.proof.nonce, 'derived proof has a nonce');
+});
+
+test('BbsBlsSignatureProof2020.verifyProof verifies derived proof', async () => {
+    const signed = await ldSign({
+        document: inputDocument,
+        keyPair,
+        contexts,
+    });
+
+    const proofSuite = new NewBbsBlsSignatureProof2020();
+    const derived = await proofSuite.deriveProof({
+        document: signed,
+        revealDocument,
+        contexts,
+    });
+
+    const result = await proofSuite.verifyProof({
+        document: derived,
+        contexts,
+    });
+
+    assert.equal(result.verified, true, `expected derived verified=true, got error: ${result.error}`);
+});
+
+
+//
+// Standalone deriveProof function
+//
+
+test('standalone deriveProof function', async () => {
+    const signed = await ldSign({
+        document: inputDocument,
+        keyPair,
+        contexts,
+    });
+
+    const derived = await napiDeriveProof(signed, revealDocument, { contexts });
+
+    assert.ok(derived, 'deriveProof returned a result');
+    assert.ok(derived.proof, 'derived document has a proof');
+    assert.equal(derived.proof.type, 'BbsBlsSignatureProof2020');
+});
+
+
+//
+// Full class-based flow: construct → createProof → verifyProof → deriveProof → verifyProof
+//
+
+test('full class-based flow: createProof → verifyProof → deriveProof → verifyProof', async () => {
+    // Step 1: Create proof with BbsBlsSignature2020
+    const sigSuite = new NewBbsBlsSignature2020({ key: keyPair });
+    const proof = await sigSuite.createProof({
+        document: inputDocument,
+        contexts,
+    });
+    assert.equal(proof.type, 'BbsBlsSignature2020');
+
+    // Step 2: Verify signed document
+    const signed = { ...inputDocument, proof };
+    const verifyResult = await sigSuite.verifyProof({
+        document: signed,
+        contexts,
+    });
+    assert.equal(verifyResult.verified, true, `sign verify failed: ${verifyResult.error}`);
+
+    // Step 3: Derive selective disclosure proof
+    const proofSuite = new NewBbsBlsSignatureProof2020();
+    const derived = await proofSuite.deriveProof({
+        document: signed,
+        revealDocument,
+        contexts,
+    });
+    assert.equal(derived.proof.type, 'BbsBlsSignatureProof2020');
+
+    // Step 4: Verify derived proof
+    const derivedResult = await proofSuite.verifyProof({
+        document: derived,
+        contexts,
+    });
+    assert.equal(derivedResult.verified, true, `derived verify failed: ${derivedResult.error}`);
+});
+
+
+//
+// JsonLd — jsonld.js NAPI bindings
+//
+
+const credentialsContext = loadJson('credentialsContext.json');
+const bbsContext = loadJson('bbs.json');
+const suiteContext = loadJson('suiteContext.json');
+
+const processorContexts = {
+    "did:example:489398593#test": keyPair,
+    "did:example:489398593": controllerDocument,
+    "https://w3id.org/citizenship/v1": citizenVocab,
+    "https://w3id.org/security/bbs/v1": bbsContext,
+    "https://www.w3.org/2018/credentials/v1": credentialsContext,
+    "https://w3id.org/security/suites/jws-2020/v1": suiteContext,
+};
+
+test('JsonLd constructor', () => {
+    const proc = new JsonLd();
+    assert.ok(proc, 'default constructor works');
+
+    const proc2 = new JsonLd({ contexts: processorContexts });
+    assert.ok(proc2, 'constructor with contexts works');
+});
+
+test('JsonLd.expand expands a JSON-LD document', async () => {
+    const proc = new JsonLd({ contexts: processorContexts });
+    const result = await proc.expand(inputDocument);
+
+    assert.ok(Array.isArray(result), 'expand returns an array');
+    assert.equal(result.length, 1, 'expand returns one expanded node');
+
+    const node = result[0];
+    assert.ok(node['https://www.w3.org/2018/credentials#credentialSubject'], 'has expanded credentialSubject');
+    assert.ok(node['@type'], 'has @type');
+    assert.ok(Array.isArray(node['@type']), '@type is an array');
+    assert.ok(node['@type'].includes('https://www.w3.org/2018/credentials#VerifiableCredential'), 'includes VerifiableCredential type');
+});
+
+test('JsonLd.expand with simple inline context', async () => {
+    const proc = new JsonLd();
+    const input = {
+        "@context": { "name": "http://schema.org/name" },
+        "name": "Alice",
+    };
+    const result = await proc.expand(input);
+
+    assert.ok(Array.isArray(result), 'expand returns an array');
+    assert.equal(result.length, 1);
+    assert.deepStrictEqual(result[0]['http://schema.org/name'], [{ '@value': 'Alice' }]);
+});
+
+test('JsonLd.expand of null returns empty array', async () => {
+    const proc = new JsonLd();
+    const result = await proc.expand(null);
+    assert.deepStrictEqual(result, []);
+});
+
+test('JsonLd.compact compacts an expanded document', async () => {
+    const proc = new JsonLd({ contexts: processorContexts });
+
+    // First expand
+    const expanded = await proc.expand(inputDocument);
+
+    // Then compact with the original contexts
+    const ctx = [
+        "https://www.w3.org/2018/credentials/v1",
+        "https://w3id.org/citizenship/v1",
+        "https://w3id.org/security/bbs/v1",
+    ];
+    const compacted = await proc.compact(expanded, ctx);
+
+    assert.ok(compacted, 'compact returned a result');
+    assert.ok(compacted['@context'], 'compacted has @context');
+
+    // Should have compacted type
+    assert.ok(
+        compacted.type || compacted['@type'],
+        `compacted should have type: ${JSON.stringify(Object.keys(compacted))}`
+    );
+});
+
+test('JsonLd.compact with simple context', async () => {
+    const proc = new JsonLd();
+    const expanded = [
+        { "http://schema.org/name": [{ "@value": "Alice" }] }
+    ];
+    const ctx = { "name": "http://schema.org/name" };
+    const compacted = await proc.compact(expanded, ctx);
+
+    assert.ok(compacted, 'compact returned a result');
+    assert.equal(compacted.name, 'Alice', 'name is compacted');
+});
+
+test('JsonLd.flatten without context returns expanded array', async () => {
+    const proc = new JsonLd({ contexts: processorContexts });
+    const result = await proc.flatten(inputDocument, null);
+
+    assert.ok(Array.isArray(result), 'flatten without ctx returns array');
+    assert.ok(result.length > 0, 'flattened result not empty');
+
+    // Each node should have @id
+    for (const node of result) {
+        assert.ok(node['@id'], `each flattened node should have @id: ${JSON.stringify(Object.keys(node))}`);
+    }
+});
+
+test('JsonLd.flatten with context returns compacted object', async () => {
+    const proc = new JsonLd({ contexts: processorContexts });
+    const ctx = [
+        "https://www.w3.org/2018/credentials/v1",
+        "https://w3id.org/citizenship/v1",
+        "https://w3id.org/security/bbs/v1",
+    ];
+    const result = await proc.flatten(inputDocument, ctx);
+
+    assert.ok(result && typeof result === 'object' && !Array.isArray(result), 'flatten with ctx returns object');
+    assert.ok(result['@context'], 'flattened result has @context');
+    // Should have @graph
+    const hasGraph = result['@graph'] || Object.keys(result).some(k => k !== '@context');
+    assert.ok(hasGraph, 'flattened result has @graph');
+});
+
+test('JsonLd.frame frames a document', async () => {
+    const proc = new JsonLd({ contexts: processorContexts });
+    const frameDoc = {
+        "@context": [
+            "https://www.w3.org/2018/credentials/v1",
+            "https://w3id.org/citizenship/v1",
+            "https://w3id.org/security/bbs/v1",
+        ],
+        "type": ["VerifiableCredential"],
+    };
+
+    const result = await proc.frame(inputDocument, frameDoc);
+
+    assert.ok(result, 'frame returned a result');
+    assert.ok(result['@context'], 'framed result has @context');
+    assert.ok(
+        result.type || result['@type'],
+        `framed result has type: ${JSON.stringify(Object.keys(result))}`
+    );
+});
+
+test('JsonLd.toRDF returns N-Quads string', async () => {
+    const proc = new JsonLd({ contexts: processorContexts });
+    const result = await proc.toRDF(inputDocument, { format: 'application/n-quads' });
+
+    assert.ok(typeof result === 'string', 'toRDF with n-quads format returns string');
+    assert.ok(result.length > 0, 'N-Quads output not empty');
+    // Each line should end with " ."
+    for (const line of result.split('\n').filter(l => l.trim())) {
+        assert.ok(line.trim().endsWith(' .'), `N-Quad line should end with ' .': ${line}`);
+    }
+});
+
+test('JsonLd.toRDF returns dataset array without format', async () => {
+    const proc = new JsonLd({ contexts: processorContexts });
+    const result = await proc.toRDF(inputDocument);
+
+    assert.ok(Array.isArray(result), 'toRDF without format returns array');
+    assert.ok(result.length > 0, 'dataset not empty');
+    // Each quad should have subject, predicate, object, graph
+    const first = result[0];
+    assert.ok(first.subject, 'quad has subject');
+    assert.ok(first.predicate, 'quad has predicate');
+    assert.ok(first.object, 'quad has object');
+    assert.ok('graph' in first, 'quad has graph field');
+});
+
+test('JsonLd.fromRDF converts N-Quads to JSON-LD', async () => {
+    const proc = new JsonLd({ contexts: processorContexts });
+
+    // First get N-Quads
+    const nquads = await proc.toRDF(inputDocument, { format: 'application/n-quads' });
+
+    // Then convert back
+    const result = proc.fromRDF(nquads);
+
+    assert.ok(Array.isArray(result), 'fromRDF returns array');
+    assert.ok(result.length > 0, 'fromRDF result not empty');
+});
+
+test('JsonLd.canonize produces canonical N-Quads', async () => {
+    const proc = new JsonLd({ contexts: processorContexts });
+    const result = await proc.canonize(inputDocument);
+
+    assert.ok(typeof result === 'string', 'canonize returns string');
+    assert.ok(result.length > 0, 'canonical N-Quads not empty');
+
+    // Canonical N-Quads should be deterministic — calling twice gives same result
+    const result2 = await proc.canonize(inputDocument);
+    assert.equal(result, result2, 'canonize is deterministic');
+});
+
+test('JsonLd.canonize with N-Quads input', async () => {
+    const proc = new JsonLd({ contexts: processorContexts });
+
+    // Get N-Quads from a document
+    const nquads = await proc.toRDF(inputDocument, { format: 'application/n-quads' });
+
+    // Canonize the N-Quads directly
+    const result = await proc.canonize(nquads, { inputFormat: 'application/n-quads' });
+
+    assert.ok(typeof result === 'string', 'canonize of N-Quads returns string');
+    assert.ok(result.length > 0, 'canonical output not empty');
+});
+
+test('JsonLd round-trip: expand → compact', async () => {
+    const proc = new JsonLd({ contexts: processorContexts });
+
+    const expanded = await proc.expand(inputDocument);
+    assert.ok(Array.isArray(expanded), 'expanded is array');
+
+    const ctx = inputDocument['@context'];
+    const compacted = await proc.compact(expanded, ctx);
+
+    // The round-tripped document should preserve key fields
+    assert.ok(compacted['@context'], 'round-tripped has @context');
+
+    // Should have the credential ID
+    const id = compacted.id || compacted['@id'];
+    assert.ok(id, 'round-tripped has id');
+});
+
+test('JsonLd reuses loader across multiple calls', async () => {
+    // Verify that creating the processor once and calling multiple methods works
+    const proc = new JsonLd({ contexts: processorContexts });
+
+    // Call multiple methods in sequence
+    const expanded = await proc.expand(inputDocument);
+    assert.ok(Array.isArray(expanded), 'first expand works');
+
+    const nquads = await proc.toRDF(inputDocument, { format: 'application/n-quads' });
+    assert.ok(typeof nquads === 'string', 'toRDF works after expand');
+
+    const canonical = await proc.canonize(inputDocument);
+    assert.ok(typeof canonical === 'string', 'canonize works after toRDF');
+
+    const expanded2 = await proc.expand(inputDocument);
+    assert.deepStrictEqual(expanded, expanded2, 'second expand returns same result');
+});
+
+
+//
+// Holder-Bound BBS+ Blind Signatures — E2E Tests
+//
+
+test('BoundBls12381G2KeyPair constructor', async () => {
+    const kp = await NewBls12381G2KeyPair.generate({ seed });
+    const commitment = new Uint8Array(48); // dummy commitment
+    const blinded = [0, 1];
+
+    const bound = new BoundBls12381G2KeyPair({
+        publicKeyBase58: kp.publicKey,
+        privateKeyBase58: kp.privateKey,
+        commitment,
+        blinded,
+    });
+
+    assert.ok(bound, 'BoundBls12381G2KeyPair created');
+    assert.deepStrictEqual(Array.from(bound.commitment), Array.from(commitment), 'commitment matches');
+    assert.deepStrictEqual(bound.blinded, blinded, 'blinded indices match');
+});
+
+test('BoundBls12381G2KeyPair.from factory', async () => {
+    const kp = await NewBls12381G2KeyPair.generate({ seed });
+    const commitment = new Uint8Array(48);
+    const blinded = [0];
+
+    const bound = BoundBls12381G2KeyPair.from({
+        publicKeyBase58: kp.publicKey,
+        privateKeyBase58: kp.privateKey,
+        commitment,
+        blinded,
+    });
+
+    assert.ok(bound, 'BoundBls12381G2KeyPair.from works');
+    assert.deepStrictEqual(bound.blinded, [0], 'blinded indices from factory');
+});
+
+test('createCommitment + verifyCommitment round-trip', async () => {
+    const kp = await NewBls12381G2KeyPair.generate({ seed });
+    const pkBytes = bs58Decode(kp.publicKey);
+
+    // Holder creates a commitment over hidden messages
+    const hiddenMsg0 = new Uint8Array(Buffer.from("secret-attribute-0", "utf8"));
+    const hiddenMsg1 = new Uint8Array(Buffer.from("secret-attribute-1", "utf8"));
+    const nonce = new Uint8Array(50);
+    randomFillSync(nonce);
+    const knownMessageCount = 3; // issuer sees 3 messages
+
+    const result = await createCommitment(
+        pkBytes,
+        [hiddenMsg0, hiddenMsg1],
+        [0, 1],
+        nonce,
+        knownMessageCount,
+    );
+
+    assert.ok(result.commitment, 'commitment present');
+    assert.ok(result.challengeHash, 'challengeHash present');
+    assert.ok(result.blindingFactor, 'blindingFactor present');
+    assert.ok(result.proofOfHiddenMessages, 'proofOfHiddenMessages present');
+
+    // Issuer verifies the commitment
+    const commitmentBytes = Buffer.from(result.commitment, 'base64');
+    const challengeHashBytes = Buffer.from(result.challengeHash, 'base64');
+    const proofBytes = Buffer.from(result.proofOfHiddenMessages, 'base64');
+
+    const verified = await verifyCommitment(
+        pkBytes,
+        new Uint8Array(commitmentBytes),
+        new Uint8Array(proofBytes),
+        new Uint8Array(challengeHashBytes),
+        [0, 1],
+        nonce,
+        knownMessageCount,
+    );
+
+    assert.equal(verified, true, 'commitment verification should pass');
+});
+
+test('unblindSignature returns 112-byte signature', async () => {
+    // This is a unit test for the unblind function
+    // We need to generate a blind signature first via the crypto layer
+    const kp = await NewBls12381G2KeyPair.generate({ seed });
+    const pkBytes = bs58Decode(kp.publicKey);
+
+    const hiddenMsg = new Uint8Array(Buffer.from("hidden", "utf8"));
+    const nonce = new Uint8Array(50);
+    randomFillSync(nonce);
+
+    const commitResult = await createCommitment(
+        pkBytes,
+        [hiddenMsg],
+        [0],
+        nonce,
+        2,
+    );
+
+    // The unblind function needs an actual blind signature, which requires bls_blind_sign
+    // Since we can't call that directly from JS yet, just test that the function exists
+    assert.ok(typeof unblindSignature === 'function', 'unblindSignature is exported');
+});
+
+test('BbsBlsHolderBoundSignature2022 constructor', () => {
+    const suite = new BbsBlsHolderBoundSignature2022();
+    assert.ok(suite, 'suite created without args');
+    assert.equal(suite.type, 'sec:BbsBlsHolderBoundSignature2022');
+});
+
+test('BbsBlsHolderBoundSignature2022 constructor with key', async () => {
+    const kp = await NewBls12381G2KeyPair.generate({ seed });
+
+    const suite = new BbsBlsHolderBoundSignature2022({
+        key: {
+            publicKeyBase58: kp.publicKey,
+            privateKeyBase58: kp.privateKey,
+        },
+        commitment: new Uint8Array(48),
+        blinded: [0],
+    });
+
+    assert.ok(suite, 'suite created with key and commitment');
+    assert.equal(suite.type, 'sec:BbsBlsHolderBoundSignature2022');
+});
+
+test('BbsBlsHolderBoundSignature2022.ensureSuiteContext adds both contexts', () => {
+    const suite = new BbsBlsHolderBoundSignature2022();
+    const doc = { '@context': 'https://www.w3.org/2018/credentials/v1' };
+    const result = suite.ensureSuiteContext(doc);
+
+    const ctx = result['@context'];
+    assert.ok(Array.isArray(ctx), '@context is array');
+    assert.ok(ctx.includes('https://w3id.org/security/bbs/v1'), 'has BBS context');
+    assert.ok(ctx.includes('https://schemas.nuggets.life/bbsBoundv1.json'), 'has bbsBound context');
+});
+
+test('BbsBlsHolderBoundSignature2022.proofType getter', () => {
+    const suite = new BbsBlsHolderBoundSignature2022();
+    const types = suite.proofType;
+    assert.ok(Array.isArray(types), 'proofType is array');
+    assert.ok(types.includes('BbsBlsHolderBoundSignature2022'), 'includes compact name');
+});
+
+test('BbsBlsHolderBoundSignatureProof2022 constructor', () => {
+    const suite = new BbsBlsHolderBoundSignatureProof2022();
+    assert.ok(suite, 'proof suite created');
+    assert.equal(suite.type, 'sec:BbsBlsHolderBoundSignatureProof2022');
+});
+
+test('BbsBlsHolderBoundSignatureProof2022.proofType getter', () => {
+    const suite = new BbsBlsHolderBoundSignatureProof2022();
+    const types = suite.proofType;
+    assert.ok(Array.isArray(types), 'proofType is array');
+    assert.ok(types.includes('BbsBlsHolderBoundSignatureProof2022'), 'includes compact name');
+});
+
+test('BbsBlsHolderBoundSignatureProof2022.supportedDerivedProofType getter', () => {
+    const suite = new BbsBlsHolderBoundSignatureProof2022();
+    const types = suite.supportedDerivedProofType;
+    assert.ok(Array.isArray(types), 'supportedDerivedProofType is array');
+    assert.ok(types.includes('BbsBlsHolderBoundSignature2022'), 'includes compact name');
+});
+
+test('deriveProofHolderBound function is exported', () => {
+    assert.ok(typeof deriveProofHolderBound === 'function', 'deriveProofHolderBound is exported');
+});
+
+//
+// Holder-Bound E2E Flow: commitment → blind sign → verify → derive → verify derived
+//
+
+// Holder-bound input document: same as standard, but with bbsBoundv1.json context
+const holderBoundDocument = {
+    ...inputDocument,
+    '@context': [
+        ...inputDocument['@context'],
+        'https://schemas.nuggets.life/bbsBoundv1.json',
+    ],
+};
+
+// Holder-bound reveal frame: same fields but with bbsBound context
+const holderBoundRevealDocument = {
+    '@context': [
+        'https://www.w3.org/2018/credentials/v1',
+        'https://w3id.org/citizenship/v1',
+        'https://w3id.org/security/bbs/v1',
+        'https://schemas.nuggets.life/bbsBoundv1.json',
+    ],
+    type: ['VerifiableCredential', 'PermanentResidentCard'],
+    credentialSubject: {
+        '@explicit': true,
+        type: ['PermanentResident', 'Person'],
+        givenName: {},
+        familyName: {},
+        gender: {},
+    },
+};
+
+test('createBlindSignCommitmentContext returns knownMessageCount and nonce', async () => {
+    const suite = new BbsBlsHolderBoundSignature2022({
+        key: {
+            id: keyPair.id,
+            controller: keyPair.controller,
+            publicKeyBase58: keyPair.publicKeyBase58,
+            privateKeyBase58: keyPair.privateKeyBase58,
+        },
+    });
+
+    const result = await suite.createBlindSignCommitmentContext({
+        document: holderBoundDocument,
+        contexts,
+    });
+
+    assert.ok(result, 'createBlindSignCommitmentContext returned a result');
+    assert.equal(typeof result.knownMessageCount, 'number', 'knownMessageCount is a number');
+    assert.equal(result.knownMessageCount, 25, 'knownMessageCount matches expected (25 N-Quad statements)');
+    assert.equal(typeof result.nonce, 'string', 'nonce is a string');
+
+    // nonce should be base64-encoded 50 bytes
+    const nonceBytes = Buffer.from(result.nonce, 'base64');
+    assert.equal(nonceBytes.length, 50, 'nonce is 50 bytes');
+});
+
+test('holder-bound E2E: blind sign → verify → derive → verify derived', async () => {
+    // Use the SAME key pair for commitment and signing — keyPair from the static JSON file.
+    // The commitment must be created with the issuer's public key (same key that will sign).
+    const pkBytes = bs58Decode(keyPair.publicKeyBase58);
+
+    // === Step 1: Holder creates commitment over hidden messages ===
+    const blindedMessages = [
+        new Uint8Array(Buffer.from('blind message 1', 'utf8')),
+        new Uint8Array(Buffer.from('blind message 2', 'utf8')),
+    ];
+    const blindedIndices = [0, 1];
+
+    // Get knownMessageCount dynamically from createBlindSignCommitmentContext
+    const commitCtx = await new BbsBlsHolderBoundSignature2022({
+        key: {
+            id: keyPair.id,
+            controller: keyPair.controller,
+            publicKeyBase58: keyPair.publicKeyBase58,
+            privateKeyBase58: keyPair.privateKeyBase58,
+        },
+    }).createBlindSignCommitmentContext({ document: holderBoundDocument, contexts });
+    const knownMessageCount = commitCtx.knownMessageCount;
+
+    const commitNonce = new Uint8Array(50);
+    randomFillSync(commitNonce);
+
+    const commitResult = await createCommitment(
+        pkBytes,
+        blindedMessages,
+        blindedIndices,
+        commitNonce,
+        knownMessageCount,
+    );
+
+    assert.ok(commitResult.commitment, 'commitment created');
+    assert.ok(commitResult.blindingFactor, 'blindingFactor returned');
+
+    // === Step 2: Issuer verifies commitment ===
+    const commitmentBytes = Buffer.from(commitResult.commitment, 'base64');
+    const challengeHashBytes = Buffer.from(commitResult.challengeHash, 'base64');
+    const proofOfHiddenBytes = Buffer.from(commitResult.proofOfHiddenMessages, 'base64');
+
+    const commitVerified = await verifyCommitment(
+        pkBytes,
+        new Uint8Array(commitmentBytes),
+        new Uint8Array(proofOfHiddenBytes),
+        new Uint8Array(challengeHashBytes),
+        blindedIndices,
+        commitNonce,
+        knownMessageCount,
+    );
+    assert.equal(commitVerified, true, 'commitment verification should pass');
+
+    // === Step 3: Issuer blind-signs the document ===
+    const sigSuite = new BbsBlsHolderBoundSignature2022({
+        key: {
+            id: keyPair.id,
+            controller: keyPair.controller,
+            publicKeyBase58: keyPair.publicKeyBase58,
+            privateKeyBase58: keyPair.privateKeyBase58,
+        },
+        commitment: new Uint8Array(commitmentBytes),
+        blinded: blindedIndices,
+    });
+
+    const blindProof = await sigSuite.createProof({
+        document: holderBoundDocument,
+        contexts,
+    });
+
+    assert.ok(blindProof, 'createProof returned a result');
+    assert.equal(blindProof.type, 'BbsBlsHolderBoundSignature2022', 'proof type is holder-bound');
+    assert.ok(blindProof.proofValue, 'proof has proofValue');
+    assert.equal(blindProof.proofPurpose, 'assertionMethod');
+
+    // proofValue should be 112 bytes (blind signature)
+    const proofValueBytes = Buffer.from(blindProof.proofValue, 'base64');
+    assert.equal(proofValueBytes.length, 112, 'blind signature is 112 bytes');
+
+    // Build signed document with embedded proof
+    const blindSignedDoc = { ...holderBoundDocument, proof: blindProof };
+
+    // === Step 4: Holder verifies the blind-signed document ===
+    const blindingFactorBytes = Buffer.from(commitResult.blindingFactor, 'base64');
+    const blindedMsgBuffers = blindedMessages.map(m => Buffer.from(m).toString('base64'));
+
+    const verifyResult = await sigSuite.verifyProof({
+        document: blindSignedDoc,
+        blindingFactor: new Uint8Array(blindingFactorBytes),
+        blindedMessages: blindedMessages,
+        contexts,
+    });
+
+    assert.equal(
+        verifyResult.verified, true,
+        `holder-bound verify should pass, got error: ${verifyResult.error}`
+    );
+
+    // === Step 5: Derive selective disclosure proof ===
+    const derivedDoc = await deriveProofHolderBound(
+        blindSignedDoc,
+        holderBoundRevealDocument,
+        {
+            blindingFactor: commitResult.blindingFactor,
+            blindedMessages: blindedMsgBuffers,
+            nonce: 'test-nonce-12345',
+            contexts,
+        },
+    );
+
+    assert.ok(derivedDoc, 'deriveProofHolderBound returned a result');
+    assert.ok(derivedDoc.proof, 'derived document has proof');
+    assert.equal(
+        derivedDoc.proof.type, 'BbsBlsHolderBoundSignatureProof2022',
+        'derived proof type is BbsBlsHolderBoundSignatureProof2022'
+    );
+    assert.ok(derivedDoc.proof.proofValue, 'derived proof has proofValue');
+    assert.ok(derivedDoc.proof.nonce, 'derived proof has nonce');
+
+    // Check selective disclosure: only revealed fields should be present
+    assert.ok(derivedDoc.credentialSubject, 'has credentialSubject');
+    assert.ok(derivedDoc.credentialSubject.givenName, 'has givenName (revealed)');
+    assert.ok(derivedDoc.credentialSubject.familyName, 'has familyName (revealed)');
+    assert.ok(derivedDoc.credentialSubject.gender, 'has gender (revealed)');
+
+    // === Step 6: Verifier verifies the derived proof ===
+    const verifyDerivedResult = await ldVerify({
+        document: derivedDoc,
+        contexts,
+    });
+
+    assert.equal(
+        verifyDerivedResult.verified, true,
+        `derived proof should verify, got error: ${verifyDerivedResult.error}`
+    );
+});
+
+test('holder-bound class-based deriveProof + verifyProof', async () => {
+    // Use the SAME key pair for commitment and signing
+    const pkBytes = bs58Decode(keyPair.publicKeyBase58);
+
+    const blindedMessages = [
+        new Uint8Array(Buffer.from('holder-secret-1', 'utf8')),
+    ];
+    const blindedIndices = [0];
+
+    const commitNonce = new Uint8Array(50);
+    randomFillSync(commitNonce);
+
+    // Get knownMessageCount dynamically
+    const commitCtx = await new BbsBlsHolderBoundSignature2022({
+        key: {
+            id: keyPair.id,
+            controller: keyPair.controller,
+            publicKeyBase58: keyPair.publicKeyBase58,
+            privateKeyBase58: keyPair.privateKeyBase58,
+        },
+    }).createBlindSignCommitmentContext({ document: holderBoundDocument, contexts });
+    const knownMessageCount = commitCtx.knownMessageCount;
+
+    const commitResult = await createCommitment(
+        pkBytes, blindedMessages, blindedIndices, commitNonce, knownMessageCount,
+    );
+
+    // Issuer blind-signs
+    const sigSuite = new BbsBlsHolderBoundSignature2022({
+        key: {
+            id: keyPair.id,
+            controller: keyPair.controller,
+            publicKeyBase58: keyPair.publicKeyBase58,
+            privateKeyBase58: keyPair.privateKeyBase58,
+        },
+        commitment: new Uint8Array(Buffer.from(commitResult.commitment, 'base64')),
+        blinded: blindedIndices,
+    });
+
+    const blindProof = await sigSuite.createProof({
+        document: holderBoundDocument,
+        contexts,
+    });
+    const blindSignedDoc = { ...holderBoundDocument, proof: blindProof };
+
+    // Class-based derive
+    const deriveSuite = new BbsBlsHolderBoundSignatureProof2022();
+    const blindingFactorBytes = Buffer.from(commitResult.blindingFactor, 'base64');
+
+    const derivedDoc = await deriveSuite.deriveProof({
+        document: blindSignedDoc,
+        revealDocument: holderBoundRevealDocument,
+        blindingFactor: new Uint8Array(blindingFactorBytes),
+        blindedMessages: blindedMessages, // Array<Uint8Array>
+        nonce: 'class-based-nonce',
+        contexts,
+    });
+
+    assert.ok(derivedDoc, 'class-based deriveProof returned a result');
+    assert.equal(derivedDoc.proof.type, 'BbsBlsHolderBoundSignatureProof2022');
+
+    // Class-based verify
+    const verifyResult = await deriveSuite.verifyProof({
+        document: derivedDoc,
+        contexts,
+    });
+
+    assert.equal(
+        verifyResult.verified, true,
+        `class-based verify should pass, got error: ${verifyResult.error}`
+    );
+});
+
+// Helper: decode base58 string to Uint8Array
+function bs58Decode(str) {
+    const ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+    let result = [0];
+    for (let i = 0; i < str.length; i++) {
+        const p = ALPHABET.indexOf(str[i]);
+        if (p < 0) throw new Error(`Invalid base58 char: ${str[i]}`);
+        let carry = p;
+        for (let j = 0; j < result.length; j++) {
+            carry += result[j] * 58;
+            result[j] = carry & 0xff;
+            carry >>= 8;
+        }
+        while (carry > 0) {
+            result.push(carry & 0xff);
+            carry >>= 8;
+        }
+    }
+    // Leading zeros
+    for (let i = 0; i < str.length && str[i] === '1'; i++) {
+        result.push(0);
+    }
+    return new Uint8Array(result.reverse());
+}