@nuggetslife/vc 0.1.0 → 0.3.0

package/Cargo.toml

@@ -13,6 +13,7 @@ bs58 = "0.5.1"
 chrono = "0.4.38"
 hex = "0.4.3"
 lru = "0.14.0"
+mimalloc = { version = "0.1", default-features = false }
 # Default enable napi4 feature, see https://nodejs.org/api/n-api.html#node-api-version-matrix
 napi = { version = "2.16.10", default-features = false, features = ["full"] }
 napi-derive = "2.16.12"

package/W3C_CONFORMANCE.md

@@ -1,10 +1,13 @@
 # W3C Conformance Gate
 
 The CI runs the W3C JSON-LD 1.1 API and RDF Dataset Canonicalization (RDFC-1.0)
-test suites against the v2 JSON-LD path (`CLIENTFFI_JSONLD_V2=1`) via
-`test_w3c_conformance.mjs`. The job fails only when a test that **previously
-passed** starts failing — never on tests that were already failing in the
-committed baseline.
+test suites against the (sole) V2 JSON-LD path via `test_w3c_conformance.mjs`.
+The job fails only when a test that **previously passed** starts failing —
+never on tests that were already failing in the committed baseline.
+
+Note: prior versions of this doc referenced `CLIENTFFI_JSONLD_V2=1`; the V1
+JSON-LD pipeline was retired in v1.13.0 (Sprint 4 close-out) and that env
+var is now a no-op.
 
 ## Files
 
@@ -22,12 +25,12 @@ committed baseline.
 yarn fetch:w3c-tests
 
 # Verify nothing has regressed vs baseline
-CLIENTFFI_JSONLD_V2=1 yarn test:w3c
+yarn test:w3c
 
 # Re-run the suite and overwrite the baseline. Add `--runs 3` for
 # fast algos (canonize, fromRdf) to take the intersection of 3 runs
 # and filter out flaky tests.
-CLIENTFFI_JSONLD_V2=1 yarn test:w3c:update
+yarn test:w3c:update
 ```
 
 ## Adding a denylist entry

package/bench/frame_compare.mjs

@@ -1,21 +1,16 @@
 // Head-to-head frame() bench: jsonld.js (Digital Bazaar reference) vs.
-// the three Rust backends behind the NAPI binding.
+// the Rust NAPI binding (V2 native typed-tree walker).
 //
 // Usage:
 //   node vc/js/bench/frame_compare.mjs                # default 30w + 30t
 //   node vc/js/bench/frame_compare.mjs --warm 20 --timed 100
 //   node vc/js/bench/frame_compare.mjs --json
 //
-// Each backend runs in its own measurement loop. The Rust backends are
-// selected via env flags inspected by the NAPI binding (vc/js/src/jsonld.rs):
-//   CLIENTFFI_JSONLD_V2=1 CLIENTFFI_FRAME_NATIVE=1 → frame_native
-//   CLIENTFFI_JSONLD_V2=1 CLIENTFFI_FRAME_FAST=1   → frame_v2_fast
-//   CLIENTFFI_JSONLD_V2=1                           → frame_v2 (V1-algo full)
-//
-// Caveat: the env flags are read by `frame_native::use_native()` (cached
-// via OnceLock) and inline `std::env::var` in the binding. We can't toggle
-// them within a single Node process, so this script spawns a fresh child
-// process per backend.
+// Each backend runs in its own measurement loop. The legacy `frame_v2` /
+// `frame_v2_fast` Rust variants were retired in Sprint 3 Phase D and the
+// V1 JSON-LD pipeline (selected via `CLIENTFFI_JSONLD_V2=0` opt-out) was
+// retired in Sprint 4 V1 retirement (v1.13.0); only the V2 native frame
+// remains.
 
 import { readFileSync, existsSync } from 'node:fs';
 import { resolve, dirname, join } from 'node:path';
@@ -51,17 +46,9 @@ if (!backend) {
       label: 'jsonld.js',
       env: { BENCH_BACKEND: 'jsonld_js' },
     },
-    {
-      label: 'frame_v2',
-      env: { BENCH_BACKEND: 'rust', CLIENTFFI_JSONLD_V2: '1' },
-    },
-    {
-      label: 'frame_v2_fast',
-      env: { BENCH_BACKEND: 'rust', CLIENTFFI_JSONLD_V2: '1', CLIENTFFI_FRAME_FAST: '1' },
-    },
     {
       label: 'frame_native',
-      env: { BENCH_BACKEND: 'rust', CLIENTFFI_JSONLD_V2: '1', CLIENTFFI_FRAME_NATIVE: '1' },
+      env: { BENCH_BACKEND: 'rust' },
     },
   ];
 

package/bench/v2_internals.mjs

@@ -2,12 +2,11 @@
 // 166 KB IDv2 credential fixture. 30 warm + 30 timed samples per op.
 //
 // Usage:
-//   node vc/js/bench/v2_internals.mjs                       # V1 (default jsonld pipeline)
-//   CLIENTFFI_JSONLD_V2=1 node vc/js/bench/v2_internals.mjs # V2 (vendored crate pipeline)
+//   node vc/js/bench/v2_internals.mjs                       # default V2 pipeline
 //   node vc/js/bench/v2_internals.mjs --json                # machine-readable output
 //   node vc/js/bench/v2_internals.mjs --only compact        # restrict to one op
 //
-// Compares before/after numbers across Sprint 2 patches.
+// V1 baseline variant retired in Sprint 4 V1 retirement (v1.13.0).
 
 import { readFileSync, existsSync } from 'node:fs';
 import { resolve, dirname, join } from 'node:path';
@@ -84,10 +83,9 @@ if (onlyArg && !ops[onlyArg]) {
   process.exit(1);
 }
 
-const variant = process.env.CLIENTFFI_JSONLD_V2 ? 'V2' : 'V1';
 const results = {
   meta: {
-    variant,
+    variant: 'V2',
     commit: gitSha,
     fixture: idv2Json,
     fixtureBytes: JSON.stringify(big).length,

package/bench/vc_ops.mjs

@@ -1,13 +1,9 @@
 // End-to-end BBS+ verifiable credential ops bench.
 //
 // Times the full sign → verify → derive_proof → verify_derived flow for two
-// fixtures, across three pipeline configurations. Spawns one Node child
-// process per config so the OnceLock-cached env flags in Rust pick up the
-// right path.
-//
-//   v1               : default (V1 jsonld pipeline)
-//   v2               : CLIENTFFI_JSONLD_V2=1 (V2 pipeline, frame_v2)
-//   v2_native        : CLIENTFFI_JSONLD_V2=1 + CLIENTFFI_FRAME_NATIVE=1
+// fixtures across the Rust V2 pipeline (jsonld.js reference for comparison).
+// V1 + intermediate frame_v2 / frame_v2_fast variants were retired in
+// Sprint 4 V1 retirement (v1.13.0).
 //
 // Usage:
 //   node vc/js/bench/vc_ops.mjs
@@ -38,9 +34,7 @@ if (!backend) {
   // Driver: spawn child per pipeline config.
   const configs = [
     { label: 'js_ref',    env: { BENCH_PIPELINE: 'js' } },
-    { label: 'v1',        env: {} },
-    { label: 'v2',        env: { CLIENTFFI_JSONLD_V2: '1' } },
-    { label: 'v2_native', env: { CLIENTFFI_JSONLD_V2: '1', CLIENTFFI_FRAME_NATIVE: '1' } },
+    { label: 'v2_native', env: {} },
   ];
 
   const allResults = [];

package/index.d.ts

@@ -500,8 +500,8 @@ export declare class BoundBls12381G2KeyPair {
 /**
  * JSON-LD processor — drop-in replacement for the jsonld.js API.
  *
- * Holds a `DocumentLoader` and `ContextResolver` internally so they are
- * created once and reused across all method calls.
+ * Holds a `DocumentLoader` internally so it is created once and reused
+ * across all method calls.
  *
  * ```js
  * const jsonld = new JsonLd({ contexts: { "https://example.org/ctx": {...} } });

package/interop-allowlist.json

@@ -0,0 +1,3 @@
+{
+  "expect_fail": []
+}

package/interop-smoke-allowlist.json

@@ -0,0 +1,3 @@
+{
+  "expect_fail": []
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@nuggetslife/vc",
-  "version": "0.1.0",
+  "version": "0.3.0",
   "main": "index.js",
   "types": "index.d.ts",
   "napi": {
@@ -22,7 +22,8 @@
     "@mattrglobal/jsonld-signatures-bbs": "^1.2.0",
     "@napi-rs/cli": "^2.18.3",
     "@types/node": "^20.14.9",
-    "jsonld": "^8.3.3"
+    "jsonld": "^8.3.3",
+    "jsonld-signatures": "^7.0.0"
   },
   "engines": {
     "node": ">= 10"
@@ -41,11 +42,11 @@
   },
   "packageManager": "yarn@4.3.1",
   "optionalDependencies": {
-    "@nuggetslife/vc-darwin-arm64": "0.1.0",
-    "@nuggetslife/vc-linux-arm64-gnu": "0.1.0",
-    "@nuggetslife/vc-linux-arm64-musl": "0.1.0",
-    "@nuggetslife/vc-linux-x64-gnu": "0.1.0",
-    "@nuggetslife/vc-linux-x64-musl": "0.1.0"
+    "@nuggetslife/vc-darwin-arm64": "0.3.0",
+    "@nuggetslife/vc-linux-arm64-gnu": "0.3.0",
+    "@nuggetslife/vc-linux-arm64-musl": "0.3.0",
+    "@nuggetslife/vc-linux-x64-gnu": "0.3.0",
+    "@nuggetslife/vc-linux-x64-musl": "0.3.0"
   },
   "dependencies": {}
 }

package/src/bls_signatures/bbs_bls_holder_bound_signature_2022/mod.rs

@@ -29,14 +29,14 @@ impl BbsBlsHolderBoundSignature2022 {
     match options {
       Some(opts) => {
         let key = match opts.key {
-          Some(kp_opts) => Bls12381G2KeyPair::new(Some(
-            super::bls_12381_g2_keypair::types::KeyPairOptions {
+          Some(kp_opts) => {
+            Bls12381G2KeyPair::new(Some(super::bls_12381_g2_keypair::types::KeyPairOptions {
               id: kp_opts.id,
               controller: kp_opts.controller,
               public_key_base58: kp_opts.public_key_base58,
               private_key_base58: kp_opts.private_key_base58,
-            },
-          )),
+            }))
+          }
           None => Bls12381G2KeyPair::new(None),
         };
 
@@ -80,7 +80,7 @@ impl BbsBlsHolderBoundSignature2022 {
     &self,
     options: BoundCreateProofOptions,
   ) -> Result<serde_json::Value> {
-    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
+    let loader = loader_from_contexts(options.contexts.as_ref());
 
     let rust_key = napi_key_to_rust_key(&self.key);
 
@@ -102,7 +102,7 @@ impl BbsBlsHolderBoundSignature2022 {
 
     let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
     suite
-      .create_blind_sign_commitment_context(&options.document, &purpose, loader, cr)
+      .create_blind_sign_commitment_context(&options.document, &purpose, loader)
       .await
       .map_err(|e| {
         napi::Error::from_reason(format!("createBlindSignCommitmentContext failed: {e}"))
@@ -111,11 +111,8 @@ impl BbsBlsHolderBoundSignature2022 {
 
   /// Create a proof for a document using BbsBlsHolderBoundSignature2022 (blind signing).
   #[napi]
-  pub async fn create_proof(
-    &self,
-    options: BoundCreateProofOptions,
-  ) -> Result<serde_json::Value> {
-    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
+  pub async fn create_proof(&self, options: BoundCreateProofOptions) -> Result<serde_json::Value> {
+    let loader = loader_from_contexts(options.contexts.as_ref());
 
     let commitment = self
       .commitment
@@ -145,7 +142,7 @@ impl BbsBlsHolderBoundSignature2022 {
 
     let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
     let signed =
-      vc::jsonld::signatures::sign_holder_bound(options.document, &suite, &purpose, loader, cr)
+      vc::jsonld::signatures::sign_holder_bound(options.document, &suite, &purpose, loader)
         .await
         .map_err(|e| napi::Error::from_reason(format!("createProof failed: {e}")))?;
 
@@ -159,15 +156,15 @@ impl BbsBlsHolderBoundSignature2022 {
   ///
   /// Returns `{ verified: boolean, error?: string }`.
   #[napi]
-  pub async fn verify_proof(
-    &self,
-    options: BoundVerifyProofOptions,
-  ) -> Result<serde_json::Value> {
-    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
+  pub async fn verify_proof(&self, options: BoundVerifyProofOptions) -> Result<serde_json::Value> {
+    let loader = loader_from_contexts(options.contexts.as_ref());
 
     let blinding_factor = options.blinding_factor.to_vec();
-    let blinded_messages: Vec<Vec<u8>> =
-      options.blinded_messages.iter().map(|m| m.to_vec()).collect();
+    let blinded_messages: Vec<Vec<u8>> = options
+      .blinded_messages
+      .iter()
+      .map(|m| m.to_vec())
+      .collect();
 
     let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
     let result = vc::jsonld::signatures::verify_holder_bound(
@@ -176,7 +173,6 @@ impl BbsBlsHolderBoundSignature2022 {
       blinded_messages,
       &purpose,
       loader,
-      cr,
     )
     .await
     .map_err(|e| napi::Error::from_reason(format!("verifyProof failed: {e}")))?;
@@ -189,18 +185,13 @@ impl BbsBlsHolderBoundSignature2022 {
 
   /// Ensure both BBS and holder-bound suite contexts are present.
   #[napi]
-  pub fn ensure_suite_context(
-    &self,
-    document: serde_json::Value,
-  ) -> Result<serde_json::Value> {
+  pub fn ensure_suite_context(&self, document: serde_json::Value) -> Result<serde_json::Value> {
     let mut doc = document;
 
     for context_url in &[BBS_CONTEXT_URL, BBS_BOUND_CONTEXT_URL] {
       let has_context = match doc.get("@context") {
         Some(serde_json::Value::String(s)) => s == *context_url,
-        Some(serde_json::Value::Array(arr)) => {
-          arr.iter().any(|v| v.as_str() == Some(*context_url))
-        }
+        Some(serde_json::Value::Array(arr)) => arr.iter().any(|v| v.as_str() == Some(*context_url)),
         _ => false,
       };
 

package/src/bls_signatures/bbs_bls_holder_bound_signature_proof_2022/mod.rs

@@ -23,15 +23,15 @@ impl BbsBlsHolderBoundSignatureProof2022 {
 
   /// Derive a selective disclosure proof from a holder-bound signed document.
   #[napi]
-  pub async fn derive_proof(
-    &self,
-    options: BoundDeriveProofOptions,
-  ) -> Result<serde_json::Value> {
-    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
+  pub async fn derive_proof(&self, options: BoundDeriveProofOptions) -> Result<serde_json::Value> {
+    let loader = loader_from_contexts(options.contexts.as_ref());
 
     let blinding_factor = options.blinding_factor.to_vec();
-    let blinded_messages: Vec<Vec<u8>> =
-      options.blinded_messages.iter().map(|m| m.to_vec()).collect();
+    let blinded_messages: Vec<Vec<u8>> = options
+      .blinded_messages
+      .iter()
+      .map(|m| m.to_vec())
+      .collect();
     let nonce = options.nonce.map(|s| s.as_bytes().to_vec());
 
     vc::jsonld::signatures::derive_proof_holder_bound(
@@ -41,7 +41,6 @@ impl BbsBlsHolderBoundSignatureProof2022 {
       blinded_messages,
       nonce,
       loader,
-      cr,
     )
     .await
     .map_err(|e| napi::Error::from_reason(format!("deriveProof failed: {e}")))
@@ -55,10 +54,10 @@ impl BbsBlsHolderBoundSignatureProof2022 {
     &self,
     options: BoundVerifyDerivedProofOptions,
   ) -> Result<serde_json::Value> {
-    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
+    let loader = loader_from_contexts(options.contexts.as_ref());
 
     let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
-    let result = vc::jsonld::signatures::verify(&options.document, &purpose, loader, cr)
+    let result = vc::jsonld::signatures::verify(&options.document, &purpose, loader)
       .await
       .map_err(|e| napi::Error::from_reason(format!("verifyProof failed: {e}")))?;
 

package/src/bls_signatures/bbs_bls_signature_2020/mod.rs

@@ -63,14 +63,14 @@ impl BbsBlsSignature2020 {
     match options {
       Some(opts) => {
         let key = match opts.key {
-          Some(kp_opts) => Bls12381G2KeyPair::new(Some(
-            super::bls_12381_g2_keypair::types::KeyPairOptions {
+          Some(kp_opts) => {
+            Bls12381G2KeyPair::new(Some(super::bls_12381_g2_keypair::types::KeyPairOptions {
               id: kp_opts.id,
               controller: kp_opts.controller,
               public_key_base58: kp_opts.public_key_base58,
               private_key_base58: kp_opts.private_key_base58,
-            },
-          )),
+            }))
+          }
           None => Bls12381G2KeyPair::new(None),
         };
 
@@ -116,15 +116,13 @@ impl BbsBlsSignature2020 {
   /// Generate a BbsBlsSignature2020 suite from a seed (async key generation).
   #[napi(factory)]
   pub async fn generate(options: SignatureSuiteOptions) -> Self {
-    let key = Bls12381G2KeyPair::generate(
-      options.key.map(|kp| {
-        super::bls_12381_g2_keypair::types::GenerateKeyPairOptions {
-          id: kp.id,
-          controller: kp.controller,
-          seed: kp.private_key_base58.map(|s| s.into_bytes().into()),
-        }
-      }),
-    )
+    let key = Bls12381G2KeyPair::generate(options.key.map(|kp| {
+      super::bls_12381_g2_keypair::types::GenerateKeyPairOptions {
+        id: kp.id,
+        controller: kp.controller,
+        seed: kp.private_key_base58.map(|s| s.into_bytes().into()),
+      }
+    }))
     .await;
 
     let proof = json!({
@@ -165,7 +163,7 @@ impl BbsBlsSignature2020 {
   /// Returns just the proof object (matching JS reference behavior).
   #[napi]
   pub async fn create_proof(&self, options: CreateProofOptions) -> Result<serde_json::Value> {
-    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
+    let loader = loader_from_contexts(options.contexts.as_ref());
 
     let rust_key = napi_key_to_rust_key(&self.key);
     let suite = vc::jsonld::signatures::bbs::BbsBlsSignature2020::new(
@@ -179,7 +177,7 @@ impl BbsBlsSignature2020 {
     .await;
 
     let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
-    let signed = vc::jsonld::signatures::sign(options.document, &suite, &purpose, loader, cr)
+    let signed = vc::jsonld::signatures::sign(options.document, &suite, &purpose, loader)
       .await
       .map_err(|e| napi::Error::from_reason(format!("createProof failed: {e}")))?;
 
@@ -194,10 +192,10 @@ impl BbsBlsSignature2020 {
   /// Returns `{ verified: boolean, error?: string }`.
   #[napi]
   pub async fn verify_proof(&self, options: VerifyProofOptions) -> Result<serde_json::Value> {
-    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
+    let loader = loader_from_contexts(options.contexts.as_ref());
 
     let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
-    let result = vc::jsonld::signatures::verify(&options.document, &purpose, loader, cr)
+    let result = vc::jsonld::signatures::verify(&options.document, &purpose, loader)
       .await
       .map_err(|e| napi::Error::from_reason(format!("verifyProof failed: {e}")))?;
 
@@ -209,25 +207,23 @@ impl BbsBlsSignature2020 {
 
   /// Ensure the BBS suite context is present in the document's @context.
   #[napi]
-  pub fn ensure_suite_context(
-    &self,
-    document: serde_json::Value,
-  ) -> Result<serde_json::Value> {
+  pub fn ensure_suite_context(&self, document: serde_json::Value) -> Result<serde_json::Value> {
     let bbs_context = "https://w3id.org/security/bbs/v1";
     let mut doc = document;
 
     // Check if already present
     let has_context = match doc.get("@context") {
       Some(serde_json::Value::String(s)) => s == bbs_context,
-      Some(serde_json::Value::Array(arr)) => {
-        arr.iter().any(|v| v.as_str() == Some(bbs_context))
-      }
+      Some(serde_json::Value::Array(arr)) => arr.iter().any(|v| v.as_str() == Some(bbs_context)),
       _ => false,
     };
 
     if !has_context {
       if let Some(obj) = doc.as_object_mut() {
-        let existing = obj.get("@context").cloned().unwrap_or(serde_json::Value::Null);
+        let existing = obj
+          .get("@context")
+          .cloned()
+          .unwrap_or(serde_json::Value::Null);
         let mut new_context = match existing {
           serde_json::Value::Array(arr) => serde_json::Value::Array(arr),
           other => serde_json::Value::Array(vec![other]),

package/src/bls_signatures/bbs_bls_signature_proof_2020/mod.rs

@@ -24,19 +24,13 @@ impl BbsBlsSignatureProof2020 {
   /// Derive a selective disclosure proof from a signed document.
   #[napi]
   pub async fn derive_proof(&self, options: DeriveProofOptions) -> Result<serde_json::Value> {
-    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
+    let loader = loader_from_contexts(options.contexts.as_ref());
 
     let nonce = options.nonce.map(|s| s.as_bytes().to_vec());
 
-    vc::jsonld::signatures::derive_proof(
-      &options.document,
-      &options.reveal_document,
-      nonce,
-      loader,
-      cr,
-    )
-    .await
-    .map_err(|e| napi::Error::from_reason(format!("deriveProof failed: {e}")))
+    vc::jsonld::signatures::derive_proof(&options.document, &options.reveal_document, nonce, loader)
+      .await
+      .map_err(|e| napi::Error::from_reason(format!("deriveProof failed: {e}")))
   }
 
   /// Verify a derived (selective disclosure) proof.
@@ -47,10 +41,10 @@ impl BbsBlsSignatureProof2020 {
     &self,
     options: VerifyDerivedProofOptions,
   ) -> Result<serde_json::Value> {
-    let (loader, cr) = loader_from_contexts(options.contexts.as_ref());
+    let loader = loader_from_contexts(options.contexts.as_ref());
 
     let purpose = vc::jsonld::signatures::AssertionProofPurpose::new();
-    let result = vc::jsonld::signatures::verify(&options.document, &purpose, loader, cr)
+    let result = vc::jsonld::signatures::verify(&options.document, &purpose, loader)
       .await
       .map_err(|e| napi::Error::from_reason(format!("verifyProof failed: {e}")))?;