@oma3/omatrust 0.1.0-alpha.11 → 0.1.0-alpha.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/README.md +3 -0
  2. package/dist/app-registry/index.cjs +53 -0
  3. package/dist/app-registry/index.cjs.map +1 -1
  4. package/dist/app-registry/index.js +53 -0
  5. package/dist/app-registry/index.js.map +1 -1
  6. package/dist/identity/index.cjs +643 -164
  7. package/dist/identity/index.cjs.map +1 -1
  8. package/dist/identity/index.d.cts +2 -2
  9. package/dist/identity/index.d.ts +2 -2
  10. package/dist/identity/index.js +616 -165
  11. package/dist/identity/index.js.map +1 -1
  12. package/dist/index-Bu-xxcv9.d.ts +407 -0
  13. package/dist/index-C7odEbp6.d.cts +407 -0
  14. package/dist/index-CnWY9arI.d.cts +612 -0
  15. package/dist/index-DREQRFIE.d.ts +612 -0
  16. package/dist/index.cjs +1316 -202
  17. package/dist/index.cjs.map +1 -1
  18. package/dist/index.d.cts +3 -3
  19. package/dist/index.d.ts +3 -3
  20. package/dist/index.js +1297 -202
  21. package/dist/index.js.map +1 -1
  22. package/dist/reputation/index.browser.cjs +153 -148
  23. package/dist/reputation/index.browser.cjs.map +1 -1
  24. package/dist/reputation/index.browser.js +153 -148
  25. package/dist/reputation/index.browser.js.map +1 -1
  26. package/dist/reputation/index.cjs +884 -163
  27. package/dist/reputation/index.cjs.map +1 -1
  28. package/dist/reputation/index.d.cts +2 -2
  29. package/dist/reputation/index.d.ts +2 -2
  30. package/dist/reputation/index.js +860 -164
  31. package/dist/reputation/index.js.map +1 -1
  32. package/dist/{types-dpYxRq8N.d.cts → types-Dn0OwaNj.d.cts} +37 -11
  33. package/dist/{types-dpYxRq8N.d.ts → types-Dn0OwaNj.d.ts} +37 -11
  34. package/dist/widgets/index.cjs.map +1 -1
  35. package/dist/widgets/index.d.cts +3 -0
  36. package/dist/widgets/index.d.ts +3 -0
  37. package/dist/widgets/index.js.map +1 -1
  38. package/package.json +4 -2
  39. package/dist/index-BOvk-7Ku.d.cts +0 -235
  40. package/dist/index-C2w5EvFH.d.ts +0 -329
  41. package/dist/index-QueRiudB.d.cts +0 -329
  42. package/dist/index-R78TpAhN.d.ts +0 -235
@@ -3,6 +3,10 @@ import { ZeroAddress, Signature, toUtf8Bytes, sha256, keccak256, formatUnits, ge
3
3
  import { decodeProtectedHeader, importJWK, compactVerify, base64url } from 'jose';
4
4
  import canonicalize from 'canonicalize';
5
5
  import { resolveTxt } from 'dns/promises';
6
+ import { CID } from 'multiformats/cid';
7
+ import 'multiformats/hashes/sha2';
8
+ import * as raw from 'multiformats/codecs/raw';
9
+ import { base32 } from 'multiformats/bases/base32';
6
10
 
7
11
  // src/reputation/submit.ts
8
12
 
@@ -10,10 +14,10 @@ import { resolveTxt } from 'dns/promises';
10
14
  var OmaTrustError = class extends Error {
11
15
  code;
12
16
  details;
13
- constructor(code, message, details) {
17
+ constructor(code2, message, details) {
14
18
  super(message);
15
19
  this.name = "OmaTrustError";
16
- this.code = code;
20
+ this.code = code2;
17
21
  this.details = details;
18
22
  }
19
23
  };
@@ -194,14 +198,14 @@ function extractExpirationTime(data) {
194
198
  }
195
199
 
196
200
  // src/shared/assert.ts
197
- function assertString(value, name, code = "INVALID_INPUT") {
201
+ function assertString(value, name, code2 = "INVALID_INPUT") {
198
202
  if (typeof value !== "string" || value.trim().length === 0) {
199
- throw new OmaTrustError(code, `${name} must be a non-empty string`, { value });
203
+ throw new OmaTrustError(code2, `${name} must be a non-empty string`, { value });
200
204
  }
201
205
  }
202
- function assertObject(value, name, code = "INVALID_INPUT") {
206
+ function assertObject(value, name, code2 = "INVALID_INPUT") {
203
207
  if (!value || typeof value !== "object" || Array.isArray(value)) {
204
- throw new OmaTrustError(code, `${name} must be an object`, { value });
208
+ throw new OmaTrustError(code2, `${name} must be an object`, { value });
205
209
  }
206
210
  }
207
211
 
@@ -222,6 +226,145 @@ function parseCaip10(input) {
222
226
  }
223
227
  return { namespace, reference, address };
224
228
  }
229
+ var VALID_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
230
+ var PRIVATE_KEY_FIELDS = /* @__PURE__ */ new Set(["d", "p", "q", "dp", "dq", "qi", "oth"]);
231
+ var REQUIRED_PUBLIC_FIELDS = {
232
+ EC: ["crv", "x", "y"],
233
+ OKP: ["crv", "x"],
234
+ RSA: ["n", "e"]
235
+ };
236
+ function validatePublicJwk(jwk) {
237
+ if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
238
+ return { valid: false, error: "JWK must be a non-null object" };
239
+ }
240
+ const obj = jwk;
241
+ const kty = obj.kty;
242
+ if (typeof kty !== "string" || !VALID_KTY.has(kty)) {
243
+ return {
244
+ valid: false,
245
+ error: `Invalid or missing kty (must be one of: ${[...VALID_KTY].join(", ")})`
246
+ };
247
+ }
248
+ for (const field of PRIVATE_KEY_FIELDS) {
249
+ if (field in obj) {
250
+ return {
251
+ valid: false,
252
+ error: `JWK contains private key field "${field}" \u2014 only public keys are allowed`
253
+ };
254
+ }
255
+ }
256
+ const required = REQUIRED_PUBLIC_FIELDS[kty];
257
+ if (required) {
258
+ for (const field of required) {
259
+ if (!(field in obj) || obj[field] === void 0 || obj[field] === null || obj[field] === "") {
260
+ return {
261
+ valid: false,
262
+ error: `Missing required public key field "${field}" for kty="${kty}"`
263
+ };
264
+ }
265
+ }
266
+ }
267
+ return { valid: true };
268
+ }
269
+ function canonicalizeJwkJson(jwk) {
270
+ const sorted = Object.keys(jwk).sort();
271
+ const obj = {};
272
+ for (const key of sorted) {
273
+ obj[key] = jwk[key];
274
+ }
275
+ return JSON.stringify(obj);
276
+ }
277
+ function jwkToDidJwk(jwk) {
278
+ assertObject(jwk, "jwk", "INVALID_JWK");
279
+ const validation = validatePublicJwk(jwk);
280
+ if (!validation.valid) {
281
+ throw new OmaTrustError("INVALID_JWK", validation.error ?? "Invalid public JWK", { jwk });
282
+ }
283
+ const canonical = canonicalizeJwkJson(jwk);
284
+ const encoded = base64url.encode(new TextEncoder().encode(canonical));
285
+ return `did:jwk:${encoded}`;
286
+ }
287
+ function didJwkToJwk(didJwk) {
288
+ if (typeof didJwk !== "string" || !didJwk.startsWith("did:jwk:")) {
289
+ throw new OmaTrustError("INVALID_DID", "Expected a did:jwk DID", { input: didJwk });
290
+ }
291
+ const parts = didJwk.split(":");
292
+ if (parts.length !== 3) {
293
+ throw new OmaTrustError("INVALID_DID", "did:jwk must have exactly 3 colon-separated parts", {
294
+ input: didJwk
295
+ });
296
+ }
297
+ const encoded = parts[2];
298
+ if (!encoded || encoded.length === 0) {
299
+ throw new OmaTrustError("INVALID_DID", "Missing base64url-encoded JWK identifier", {
300
+ input: didJwk
301
+ });
302
+ }
303
+ let decoded;
304
+ try {
305
+ const bytes = base64url.decode(encoded);
306
+ decoded = new TextDecoder().decode(bytes);
307
+ } catch {
308
+ throw new OmaTrustError("INVALID_DID", "Failed to base64url-decode did:jwk identifier", {
309
+ input: didJwk
310
+ });
311
+ }
312
+ let jwk;
313
+ try {
314
+ jwk = JSON.parse(decoded);
315
+ } catch {
316
+ throw new OmaTrustError("INVALID_DID", "Decoded did:jwk identifier is not valid JSON", {
317
+ input: didJwk
318
+ });
319
+ }
320
+ if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
321
+ throw new OmaTrustError("INVALID_DID", "Decoded did:jwk must be a JSON object", {
322
+ input: didJwk
323
+ });
324
+ }
325
+ const validation = validatePublicJwk(jwk);
326
+ if (!validation.valid) {
327
+ throw new OmaTrustError("INVALID_DID", validation.error ?? "Invalid public JWK in did:jwk", {
328
+ input: didJwk
329
+ });
330
+ }
331
+ return jwk;
332
+ }
333
+ function extractPublicKeyFields(jwk) {
334
+ const result = {};
335
+ const metadataFields = /* @__PURE__ */ new Set(["kid", "use", "key_ops", "alg", "ext"]);
336
+ for (const [key, value] of Object.entries(jwk)) {
337
+ if (PRIVATE_KEY_FIELDS.has(key)) continue;
338
+ if (metadataFields.has(key)) continue;
339
+ result[key] = value;
340
+ }
341
+ return result;
342
+ }
343
+ function publicJwkEquals(a, b) {
344
+ assertObject(a, "a", "INVALID_JWK");
345
+ assertObject(b, "b", "INVALID_JWK");
346
+ const aObj = a;
347
+ const bObj = b;
348
+ for (const field of PRIVATE_KEY_FIELDS) {
349
+ if (field in aObj) {
350
+ throw new OmaTrustError(
351
+ "INVALID_JWK",
352
+ `First JWK contains private key field "${field}"`,
353
+ { field }
354
+ );
355
+ }
356
+ if (field in bObj) {
357
+ throw new OmaTrustError(
358
+ "INVALID_JWK",
359
+ `Second JWK contains private key field "${field}"`,
360
+ { field }
361
+ );
362
+ }
363
+ }
364
+ const aPublic = extractPublicKeyFields(aObj);
365
+ const bPublic = extractPublicKeyFields(bObj);
366
+ return canonicalizeJwkJson(aPublic) === canonicalizeJwkJson(bPublic);
367
+ }
225
368
 
226
369
  // src/identity/did.ts
227
370
  var DID_REGEX = /^did:[a-z0-9]+:.+$/i;
@@ -293,7 +436,7 @@ function normalizeDidKey(input) {
293
436
  }
294
437
  function normalizeDid(input) {
295
438
  assertString(input, "input", "INVALID_DID");
296
- const trimmed = input.trim();
439
+ const trimmed = input.trim().split("#")[0];
297
440
  if (!trimmed.startsWith("did:")) {
298
441
  return normalizeDidWeb(trimmed);
299
442
  }
@@ -454,6 +597,10 @@ function validateDidJwk(did) {
454
597
  error: "DID must reference a public key \u2014 private key component (d) is not allowed"
455
598
  };
456
599
  }
600
+ const jwkValidation = validatePublicJwk(jwk);
601
+ if (!jwkValidation.valid) {
602
+ return { valid: false, method: "jwk", error: jwkValidation.error };
603
+ }
457
604
  return { valid: true, method: "jwk" };
458
605
  }
459
606
  function normalizeDidJwk(input) {
@@ -1112,154 +1259,15 @@ function createTxEncodedValueProof(chainId, txHash, purpose) {
1112
1259
  };
1113
1260
  }
1114
1261
  function formatTransferAmount(amount, chainId) {
1115
- const config = getConfig(chainId);
1116
- const normalized = typeof amount === "number" ? BigInt(Math.floor(amount)) : amount;
1117
- return `${formatUnits(normalized, config.decimals)} ${config.nativeSymbol}`;
1118
- }
1119
- function getExplorerTxUrl(chainId, txHash) {
1120
- return `${getConfig(chainId).explorer}/tx/${txHash}`;
1121
- }
1122
- function getExplorerAddressUrl(chainId, address) {
1123
- return `${getConfig(chainId).explorer}/address/${address}`;
1124
- }
1125
- var VALID_KTY = /* @__PURE__ */ new Set(["EC", "OKP", "RSA"]);
1126
- var PRIVATE_KEY_FIELDS = /* @__PURE__ */ new Set(["d", "p", "q", "dp", "dq", "qi", "oth"]);
1127
- var REQUIRED_PUBLIC_FIELDS = {
1128
- EC: ["crv", "x", "y"],
1129
- OKP: ["crv", "x"],
1130
- RSA: ["n", "e"]
1131
- };
1132
- function validatePublicJwk(jwk) {
1133
- if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
1134
- return { valid: false, error: "JWK must be a non-null object" };
1135
- }
1136
- const obj = jwk;
1137
- const kty = obj.kty;
1138
- if (typeof kty !== "string" || !VALID_KTY.has(kty)) {
1139
- return {
1140
- valid: false,
1141
- error: `Invalid or missing kty (must be one of: ${[...VALID_KTY].join(", ")})`
1142
- };
1143
- }
1144
- for (const field of PRIVATE_KEY_FIELDS) {
1145
- if (field in obj) {
1146
- return {
1147
- valid: false,
1148
- error: `JWK contains private key field "${field}" \u2014 only public keys are allowed`
1149
- };
1150
- }
1151
- }
1152
- const required = REQUIRED_PUBLIC_FIELDS[kty];
1153
- if (required) {
1154
- for (const field of required) {
1155
- if (!(field in obj) || obj[field] === void 0 || obj[field] === null || obj[field] === "") {
1156
- return {
1157
- valid: false,
1158
- error: `Missing required public key field "${field}" for kty="${kty}"`
1159
- };
1160
- }
1161
- }
1162
- }
1163
- return { valid: true };
1164
- }
1165
- function canonicalizeJwkJson(jwk) {
1166
- const sorted = Object.keys(jwk).sort();
1167
- const obj = {};
1168
- for (const key of sorted) {
1169
- obj[key] = jwk[key];
1170
- }
1171
- return JSON.stringify(obj);
1172
- }
1173
- function jwkToDidJwk(jwk) {
1174
- assertObject(jwk, "jwk", "INVALID_JWK");
1175
- const validation = validatePublicJwk(jwk);
1176
- if (!validation.valid) {
1177
- throw new OmaTrustError("INVALID_JWK", validation.error ?? "Invalid public JWK", { jwk });
1178
- }
1179
- const canonical = canonicalizeJwkJson(jwk);
1180
- const encoded = base64url.encode(new TextEncoder().encode(canonical));
1181
- return `did:jwk:${encoded}`;
1182
- }
1183
- function didJwkToJwk(didJwk) {
1184
- if (typeof didJwk !== "string" || !didJwk.startsWith("did:jwk:")) {
1185
- throw new OmaTrustError("INVALID_DID", "Expected a did:jwk DID", { input: didJwk });
1186
- }
1187
- const parts = didJwk.split(":");
1188
- if (parts.length !== 3) {
1189
- throw new OmaTrustError("INVALID_DID", "did:jwk must have exactly 3 colon-separated parts", {
1190
- input: didJwk
1191
- });
1192
- }
1193
- const encoded = parts[2];
1194
- if (!encoded || encoded.length === 0) {
1195
- throw new OmaTrustError("INVALID_DID", "Missing base64url-encoded JWK identifier", {
1196
- input: didJwk
1197
- });
1198
- }
1199
- let decoded;
1200
- try {
1201
- const bytes = base64url.decode(encoded);
1202
- decoded = new TextDecoder().decode(bytes);
1203
- } catch {
1204
- throw new OmaTrustError("INVALID_DID", "Failed to base64url-decode did:jwk identifier", {
1205
- input: didJwk
1206
- });
1207
- }
1208
- let jwk;
1209
- try {
1210
- jwk = JSON.parse(decoded);
1211
- } catch {
1212
- throw new OmaTrustError("INVALID_DID", "Decoded did:jwk identifier is not valid JSON", {
1213
- input: didJwk
1214
- });
1215
- }
1216
- if (!jwk || typeof jwk !== "object" || Array.isArray(jwk)) {
1217
- throw new OmaTrustError("INVALID_DID", "Decoded did:jwk must be a JSON object", {
1218
- input: didJwk
1219
- });
1220
- }
1221
- const validation = validatePublicJwk(jwk);
1222
- if (!validation.valid) {
1223
- throw new OmaTrustError("INVALID_DID", validation.error ?? "Invalid public JWK in did:jwk", {
1224
- input: didJwk
1225
- });
1226
- }
1227
- return jwk;
1228
- }
1229
- function extractPublicKeyFields(jwk) {
1230
- const result = {};
1231
- const metadataFields = /* @__PURE__ */ new Set(["kid", "use", "key_ops", "alg", "ext"]);
1232
- for (const [key, value] of Object.entries(jwk)) {
1233
- if (PRIVATE_KEY_FIELDS.has(key)) continue;
1234
- if (metadataFields.has(key)) continue;
1235
- result[key] = value;
1236
- }
1237
- return result;
1238
- }
1239
- function publicJwkEquals(a, b) {
1240
- assertObject(a, "a", "INVALID_JWK");
1241
- assertObject(b, "b", "INVALID_JWK");
1242
- const aObj = a;
1243
- const bObj = b;
1244
- for (const field of PRIVATE_KEY_FIELDS) {
1245
- if (field in aObj) {
1246
- throw new OmaTrustError(
1247
- "INVALID_JWK",
1248
- `First JWK contains private key field "${field}"`,
1249
- { field }
1250
- );
1251
- }
1252
- if (field in bObj) {
1253
- throw new OmaTrustError(
1254
- "INVALID_JWK",
1255
- `Second JWK contains private key field "${field}"`,
1256
- { field }
1257
- );
1258
- }
1259
- }
1260
- const aPublic = extractPublicKeyFields(aObj);
1261
- const bPublic = extractPublicKeyFields(bObj);
1262
- return canonicalizeJwkJson(aPublic) === canonicalizeJwkJson(bPublic);
1262
+ const config = getConfig(chainId);
1263
+ const normalized = typeof amount === "number" ? BigInt(Math.floor(amount)) : amount;
1264
+ return `${formatUnits(normalized, config.decimals)} ${config.nativeSymbol}`;
1265
+ }
1266
+ function getExplorerTxUrl(chainId, txHash) {
1267
+ return `${getConfig(chainId).explorer}/tx/${txHash}`;
1268
+ }
1269
+ function getExplorerAddressUrl(chainId, address) {
1270
+ return `${getConfig(chainId).explorer}/address/${address}`;
1263
1271
  }
1264
1272
 
1265
1273
  // src/shared/did-document.ts
@@ -1587,10 +1595,10 @@ function validateReceiptPayload(payload) {
1587
1595
  }
1588
1596
  return { valid: true };
1589
1597
  }
1590
- function failure(code, message, partial) {
1598
+ function failure(code2, message, partial) {
1591
1599
  return {
1592
1600
  valid: false,
1593
- error: { code, message },
1601
+ error: { code: code2, message },
1594
1602
  ...partial
1595
1603
  };
1596
1604
  }
@@ -1788,10 +1796,10 @@ function validateReceiptPayload2(payload) {
1788
1796
  }
1789
1797
  return { valid: true };
1790
1798
  }
1791
- function failure2(code, message, partial) {
1799
+ function failure2(code2, message, partial) {
1792
1800
  return {
1793
1801
  valid: false,
1794
- error: { code, message },
1802
+ error: { code: code2, message },
1795
1803
  ...partial
1796
1804
  };
1797
1805
  }
@@ -2309,8 +2317,8 @@ async function readOwnerFromContract(provider, contractAddress, signature, metho
2309
2317
  }
2310
2318
  async function discoverContractOwner(provider, contractAddress) {
2311
2319
  try {
2312
- const code = await provider.getCode(contractAddress);
2313
- if (code === "0x" || code === "0x0") {
2320
+ const code2 = await provider.getCode(contractAddress);
2321
+ if (code2 === "0x" || code2 === "0x0") {
2314
2322
  return null;
2315
2323
  }
2316
2324
  } catch {
@@ -2862,6 +2870,42 @@ function createX402OfferProof(offer) {
2862
2870
  };
2863
2871
  }
2864
2872
 
2873
+ // src/reputation/proof/x402-verify.ts
2874
+ async function verifyX402Artifact(artifact, options) {
2875
+ if (!artifact || typeof artifact !== "object") {
2876
+ return {
2877
+ valid: false,
2878
+ error: { code: "INVALID_ARTIFACT", message: "Artifact must be a non-null object" }
2879
+ };
2880
+ }
2881
+ const format = artifact.format;
2882
+ switch (format) {
2883
+ case "jws": {
2884
+ const jwsArtifact = artifact;
2885
+ const jwsOptions = options.resolveOptions ? { resolveOptions: options.resolveOptions } : void 0;
2886
+ if (options.artifactType === "offer") {
2887
+ return verifyX402JwsOffer(jwsArtifact, jwsOptions);
2888
+ }
2889
+ return verifyX402JwsReceipt(jwsArtifact, jwsOptions);
2890
+ }
2891
+ case "eip712": {
2892
+ const eip712Artifact = artifact;
2893
+ if (options.artifactType === "offer") {
2894
+ return verifyX402Eip712Offer(eip712Artifact);
2895
+ }
2896
+ return verifyX402Eip712Receipt(eip712Artifact);
2897
+ }
2898
+ default:
2899
+ return {
2900
+ valid: false,
2901
+ error: {
2902
+ code: "UNSUPPORTED_FORMAT",
2903
+ message: `Unsupported x402 artifact format: "${format}"`
2904
+ }
2905
+ };
2906
+ }
2907
+ }
2908
+
2865
2909
  // src/reputation/proof/evidence-pointer.ts
2866
2910
  function createEvidencePointerProof(url) {
2867
2911
  if (!url || typeof url !== "string") {
@@ -2970,8 +3014,8 @@ async function verifyDidPkhOwnership(params) {
2970
3014
  subjectDid: params.subjectDid
2971
3015
  });
2972
3016
  }
2973
- const code = await params.provider.getCode(subjectAddress);
2974
- const isContract = code !== "0x" && code !== "0x0";
3017
+ const code2 = await params.provider.getCode(subjectAddress);
3018
+ const isContract = code2 !== "0x" && code2 !== "0x0";
2975
3019
  if (!isContract) {
2976
3020
  if (getAddress(subjectAddress) === getAddress(connectedWalletAddress)) {
2977
3021
  return {
@@ -3147,7 +3191,659 @@ async function verifySubjectOwnership(params) {
3147
3191
  subjectDid
3148
3192
  });
3149
3193
  }
3194
+ function extractEip712Signer(proof) {
3195
+ const { domain, message, signature } = proof.proofObject;
3196
+ const typedData = {
3197
+ domain,
3198
+ types: {
3199
+ OmaTrustProof: [
3200
+ { name: "signer", type: "address" },
3201
+ { name: "authorizedEntity", type: "string" },
3202
+ { name: "signingPurpose", type: "string" },
3203
+ { name: "creationTimestamp", type: "uint256" },
3204
+ { name: "expirationTimestamp", type: "uint256" },
3205
+ { name: "randomValue", type: "bytes32" },
3206
+ { name: "statement", type: "string" }
3207
+ ]
3208
+ },
3209
+ message
3210
+ };
3211
+ try {
3212
+ const result = verifyEip712Signature(typedData, signature);
3213
+ return result.valid && result.signer ? result.signer : null;
3214
+ } catch (err) {
3215
+ console.warn("[omatrust] EIP-712 signer extraction failed:", err);
3216
+ return null;
3217
+ }
3218
+ }
3219
+ function extractJwsHeaderJwk(proof) {
3220
+ const jws = proof.proofObject;
3221
+ if (typeof jws !== "string") return null;
3222
+ const parts = jws.split(".");
3223
+ if (parts.length !== 3) return null;
3224
+ try {
3225
+ const headerB64 = parts[0].replace(/-/g, "+").replace(/_/g, "/");
3226
+ const padded = headerB64.padEnd(
3227
+ headerB64.length + (4 - headerB64.length % 4) % 4,
3228
+ "="
3229
+ );
3230
+ let headerJson;
3231
+ if (typeof atob === "function") {
3232
+ headerJson = decodeURIComponent(
3233
+ Array.from(atob(padded)).map((char) => `%${char.charCodeAt(0).toString(16).padStart(2, "0")}`).join("")
3234
+ );
3235
+ } else {
3236
+ headerJson = Buffer.from(padded, "base64").toString("utf8");
3237
+ }
3238
+ const header = JSON.parse(headerJson);
3239
+ return header.jwk ?? null;
3240
+ } catch {
3241
+ return null;
3242
+ }
3243
+ }
3244
+ function extractJwsPayload(proof) {
3245
+ const jws = proof.proofObject;
3246
+ if (typeof jws !== "string") return null;
3247
+ const parts = jws.split(".");
3248
+ if (parts.length !== 3) return null;
3249
+ try {
3250
+ const payloadB64 = parts[1].replace(/-/g, "+").replace(/_/g, "/");
3251
+ const padded = payloadB64.padEnd(
3252
+ payloadB64.length + (4 - payloadB64.length % 4) % 4,
3253
+ "="
3254
+ );
3255
+ let payloadJson;
3256
+ if (typeof atob === "function") {
3257
+ payloadJson = decodeURIComponent(
3258
+ Array.from(atob(padded)).map((char) => `%${char.charCodeAt(0).toString(16).padStart(2, "0")}`).join("")
3259
+ );
3260
+ } else {
3261
+ payloadJson = Buffer.from(padded, "base64").toString("utf8");
3262
+ }
3263
+ return JSON.parse(payloadJson);
3264
+ } catch {
3265
+ return null;
3266
+ }
3267
+ }
3268
+ function signerMatchesDid(signerAddress, did) {
3269
+ try {
3270
+ const didAddress = extractAddressFromDid(did);
3271
+ return getAddress(signerAddress).toLowerCase() === getAddress(didAddress).toLowerCase();
3272
+ } catch {
3273
+ return false;
3274
+ }
3275
+ }
3276
+ function jwkMatchesDid(jwk, did) {
3277
+ const method = extractDidMethod(did);
3278
+ if (method === "jwk") {
3279
+ try {
3280
+ const didJwk = didJwkToJwk(did);
3281
+ return publicJwkEquals(jwk, didJwk);
3282
+ } catch {
3283
+ return false;
3284
+ }
3285
+ }
3286
+ return false;
3287
+ }
3288
+ function proofSignerMatchesDid(proof, did) {
3289
+ switch (proof.proofType) {
3290
+ case "pop-eip712": {
3291
+ const signer = extractEip712Signer(proof);
3292
+ if (!signer) return false;
3293
+ return signerMatchesDid(signer, did);
3294
+ }
3295
+ case "pop-jws": {
3296
+ const jwsProof = proof;
3297
+ const jwk = extractJwsHeaderJwk(jwsProof);
3298
+ if (jwk && jwkMatchesDid(jwk, did)) return true;
3299
+ const payload = extractJwsPayload(jwsProof);
3300
+ if (payload && typeof payload.iss === "string") {
3301
+ if (payload.iss === did) return true;
3302
+ }
3303
+ return false;
3304
+ }
3305
+ case "tx-encoded-value":
3306
+ case "tx-interaction":
3307
+ return false;
3308
+ case "evidence-pointer":
3309
+ return false;
3310
+ default:
3311
+ return false;
3312
+ }
3313
+ }
3314
+ function proofAuthorizedEntityMatchesDid(proof, did) {
3315
+ switch (proof.proofType) {
3316
+ case "pop-eip712": {
3317
+ const eip712 = proof;
3318
+ const authorizedEntity = eip712.proofObject.message.authorizedEntity;
3319
+ return typeof authorizedEntity === "string" && authorizedEntity === did;
3320
+ }
3321
+ case "pop-jws": {
3322
+ const payload = extractJwsPayload(proof);
3323
+ if (!payload) return false;
3324
+ return typeof payload.aud === "string" && payload.aud === did;
3325
+ }
3326
+ default:
3327
+ return false;
3328
+ }
3329
+ }
3330
+ function verifyLinkedIdentifierProofs(data) {
3331
+ if (!data.subject || !data.linkedId) {
3332
+ return {
3333
+ valid: false,
3334
+ checks: [],
3335
+ reasons: ["subject and linkedId are required"]
3336
+ };
3337
+ }
3338
+ if (!Array.isArray(data.proofs) || data.proofs.length === 0) {
3339
+ return {
3340
+ valid: false,
3341
+ checks: [],
3342
+ reasons: ["At least one proof is required"]
3343
+ };
3344
+ }
3345
+ const checks = [];
3346
+ let subjectProved = false;
3347
+ let linkedIdProved = false;
3348
+ for (let i = 0; i < data.proofs.length; i++) {
3349
+ const proof = data.proofs[i];
3350
+ if (proofSignerMatchesDid(proof, data.subject)) {
3351
+ checks.push({
3352
+ proofIndex: i,
3353
+ proofType: proof.proofType,
3354
+ checkType: "signer-is-subject",
3355
+ valid: true
3356
+ });
3357
+ subjectProved = true;
3358
+ if (!proofAuthorizedEntityMatchesDid(proof, data.linkedId)) {
3359
+ checks.push({
3360
+ proofIndex: i,
3361
+ proofType: proof.proofType,
3362
+ checkType: "signer-is-subject",
3363
+ valid: false,
3364
+ reason: "Proof from subject does not authorize linkedId (aud mismatch)"
3365
+ });
3366
+ }
3367
+ }
3368
+ if (proofSignerMatchesDid(proof, data.linkedId)) {
3369
+ checks.push({
3370
+ proofIndex: i,
3371
+ proofType: proof.proofType,
3372
+ checkType: "signer-is-linkedId",
3373
+ valid: true
3374
+ });
3375
+ linkedIdProved = true;
3376
+ if (!proofAuthorizedEntityMatchesDid(proof, data.subject)) {
3377
+ checks.push({
3378
+ proofIndex: i,
3379
+ proofType: proof.proofType,
3380
+ checkType: "signer-is-linkedId",
3381
+ valid: false,
3382
+ reason: "Proof from linkedId does not authorize subject (aud mismatch)"
3383
+ });
3384
+ }
3385
+ }
3386
+ if (proof.proofType === "evidence-pointer") {
3387
+ checks.push({
3388
+ proofIndex: i,
3389
+ proofType: proof.proofType,
3390
+ checkType: "signer-is-subject",
3391
+ valid: true,
3392
+ reason: "Evidence pointer accepted (requires URL fetch for full verification)"
3393
+ });
3394
+ subjectProved = true;
3395
+ }
3396
+ }
3397
+ const reasons = [];
3398
+ if (!subjectProved) {
3399
+ reasons.push("No proof demonstrates control by subject");
3400
+ }
3401
+ if (!linkedIdProved) {
3402
+ reasons.push("No proof demonstrates control by linkedId");
3403
+ }
3404
+ return {
3405
+ valid: reasons.length === 0,
3406
+ checks,
3407
+ reasons
3408
+ };
3409
+ }
3410
+ function verifyKeyBindingProofs(data) {
3411
+ if (!data.subject || !data.keyId) {
3412
+ return {
3413
+ valid: false,
3414
+ checks: [],
3415
+ reasons: ["subject and keyId are required"]
3416
+ };
3417
+ }
3418
+ if (!Array.isArray(data.proofs) || data.proofs.length === 0) {
3419
+ return {
3420
+ valid: false,
3421
+ checks: [],
3422
+ reasons: ["At least one proof is required"]
3423
+ };
3424
+ }
3425
+ const checks = [];
3426
+ let subjectAuthorizedKey = false;
3427
+ for (let i = 0; i < data.proofs.length; i++) {
3428
+ const proof = data.proofs[i];
3429
+ if (proofSignerMatchesDid(proof, data.subject)) {
3430
+ const authorizesKey = proofAuthorizedEntityMatchesDid(proof, data.keyId);
3431
+ checks.push({
3432
+ proofIndex: i,
3433
+ proofType: proof.proofType,
3434
+ checkType: "signer-is-subject-for-key",
3435
+ valid: authorizesKey,
3436
+ reason: authorizesKey ? void 0 : "Proof signed by subject but does not authorize the keyId"
3437
+ });
3438
+ if (authorizesKey) {
3439
+ subjectAuthorizedKey = true;
3440
+ }
3441
+ }
3442
+ if (proofSignerMatchesDid(proof, data.keyId)) {
3443
+ checks.push({
3444
+ proofIndex: i,
3445
+ proofType: proof.proofType,
3446
+ checkType: "signer-is-keyId",
3447
+ valid: true,
3448
+ reason: "Key proved possession (supplementary, not sufficient alone)"
3449
+ });
3450
+ }
3451
+ if (proof.proofType === "evidence-pointer") {
3452
+ checks.push({
3453
+ proofIndex: i,
3454
+ proofType: proof.proofType,
3455
+ checkType: "signer-is-subject-for-key",
3456
+ valid: true,
3457
+ reason: "Evidence pointer accepted (requires URL fetch for full verification)"
3458
+ });
3459
+ subjectAuthorizedKey = true;
3460
+ }
3461
+ }
3462
+ if (data.publicKeyJwk && extractDidMethod(data.keyId) === "jwk") {
3463
+ try {
3464
+ const keyIdJwk = didJwkToJwk(data.keyId);
3465
+ const jwkConsistent = publicJwkEquals(data.publicKeyJwk, keyIdJwk);
3466
+ if (!jwkConsistent) {
3467
+ return {
3468
+ valid: false,
3469
+ checks,
3470
+ reasons: ["publicKeyJwk does not match the key material in keyId (did:jwk)"]
3471
+ };
3472
+ }
3473
+ } catch {
3474
+ }
3475
+ }
3476
+ const reasons = [];
3477
+ if (!subjectAuthorizedKey) {
3478
+ reasons.push(
3479
+ "No proof demonstrates that subject authorized the key binding"
3480
+ );
3481
+ }
3482
+ return {
3483
+ valid: reasons.length === 0,
3484
+ checks,
3485
+ reasons
3486
+ };
3487
+ }
3488
+ var DID_ARTIFACT_PREFIX = "did:artifact:";
3489
+ var CID_VERSION = 1;
3490
+ var RAW_CODEC = raw.code;
3491
+ var SHA2_256_CODE = 18;
3492
+ var SHA2_256_DIGEST_LENGTH = 32;
3493
+ function parseArtifactDid(did) {
3494
+ if (typeof did !== "string" || !did.startsWith(DID_ARTIFACT_PREFIX)) {
3495
+ throw new OmaTrustError("INVALID_DID", "Expected a did:artifact DID", { did });
3496
+ }
3497
+ const identifier = did.slice(DID_ARTIFACT_PREFIX.length);
3498
+ if (!identifier || identifier.length === 0) {
3499
+ throw new OmaTrustError("INVALID_DID", "Missing method-specific identifier", { did });
3500
+ }
3501
+ if (identifier[0] !== "b") {
3502
+ throw new OmaTrustError(
3503
+ "INVALID_DID",
3504
+ `Invalid multibase prefix "${identifier[0]}", expected "b" (base32lower)`,
3505
+ { did }
3506
+ );
3507
+ }
3508
+ let cid;
3509
+ try {
3510
+ cid = CID.parse(identifier, base32);
3511
+ } catch (err) {
3512
+ throw new OmaTrustError(
3513
+ "INVALID_DID",
3514
+ "Failed to decode base32 CID from did:artifact identifier",
3515
+ { did, cause: err }
3516
+ );
3517
+ }
3518
+ if (cid.version !== CID_VERSION) {
3519
+ throw new OmaTrustError(
3520
+ "INVALID_DID",
3521
+ `CID version must be 1, got ${cid.version}`,
3522
+ { did }
3523
+ );
3524
+ }
3525
+ if (cid.code !== RAW_CODEC) {
3526
+ throw new OmaTrustError(
3527
+ "INVALID_DID",
3528
+ `Multicodec must be raw (0x55), got 0x${cid.code.toString(16)}`,
3529
+ { did }
3530
+ );
3531
+ }
3532
+ if (cid.multihash.code !== SHA2_256_CODE) {
3533
+ throw new OmaTrustError(
3534
+ "INVALID_DID",
3535
+ `Multihash function must be sha2-256 (0x12), got 0x${cid.multihash.code.toString(16)}`,
3536
+ { did }
3537
+ );
3538
+ }
3539
+ if (cid.multihash.digest.length !== SHA2_256_DIGEST_LENGTH) {
3540
+ throw new OmaTrustError(
3541
+ "INVALID_DID",
3542
+ `SHA-256 digest must be 32 bytes, got ${cid.multihash.digest.length}`,
3543
+ { did }
3544
+ );
3545
+ }
3546
+ const digest = cid.multihash.digest;
3547
+ const digestHex = Array.from(digest).map((b) => b.toString(16).padStart(2, "0")).join("");
3548
+ return { did, identifier, digest, digestHex };
3549
+ }
3550
+
3551
+ // src/reputation/artifact-verification.ts
3552
+ async function verifyResponsibilityClaim(params) {
3553
+ const {
3554
+ attestation,
3555
+ artifactDid,
3556
+ provider,
3557
+ easContractAddress,
3558
+ chain,
3559
+ chainId,
3560
+ responsibilityClaimSchemaString
3561
+ } = params;
3562
+ const reasons = [];
3563
+ const checks = {
3564
+ schemaValid: false,
3565
+ subjectMatches: false,
3566
+ notRevoked: false,
3567
+ currentlyEffective: false,
3568
+ controllerAuthorized: false,
3569
+ issuedDuringAuthorizationWindow: false
3570
+ };
3571
+ let decoded;
3572
+ try {
3573
+ if (attestation.raw) {
3574
+ decoded = decodeAttestationData(responsibilityClaimSchemaString, attestation.raw);
3575
+ } else if (attestation.data && typeof attestation.data === "object") {
3576
+ decoded = attestation.data;
3577
+ } else {
3578
+ reasons.push("No attestation data available to decode");
3579
+ return buildFailedResult(checks, reasons);
3580
+ }
3581
+ } catch (err) {
3582
+ reasons.push(
3583
+ `Failed to decode attestation data: ${err instanceof Error ? err.message : "unknown error"}`
3584
+ );
3585
+ return buildFailedResult(checks, reasons);
3586
+ }
3587
+ const responsibleParty = decoded.responsibleParty;
3588
+ const subject = decoded.subject;
3589
+ const responsibilityType = decoded.responsibilityType;
3590
+ const issuedAt = decoded.issuedAt;
3591
+ const effectiveAt = decoded.effectiveAt;
3592
+ const expiresAt = decoded.expiresAt;
3593
+ const subjectLabel = decoded.subjectLabel;
3594
+ if (!responsibleParty || !subject || !responsibilityType || !issuedAt) {
3595
+ if (!responsibleParty) reasons.push("Missing required field: responsibleParty");
3596
+ if (!subject) reasons.push("Missing required field: subject");
3597
+ if (!responsibilityType) reasons.push("Missing required field: responsibilityType");
3598
+ if (!issuedAt) reasons.push("Missing required field: issuedAt");
3599
+ return buildFailedResult(checks, reasons, {
3600
+ responsibleParty,
3601
+ subjectLabel,
3602
+ responsibilityType
3603
+ });
3604
+ }
3605
+ if (!Array.isArray(responsibilityType) || responsibilityType.length === 0) {
3606
+ reasons.push("responsibilityType must be a non-empty array");
3607
+ return buildFailedResult(checks, reasons, {
3608
+ responsibleParty,
3609
+ subjectLabel,
3610
+ responsibilityType
3611
+ });
3612
+ }
3613
+ checks.schemaValid = true;
3614
+ if (artifactDid) {
3615
+ checks.subjectMatches = subject.toLowerCase() === artifactDid.toLowerCase();
3616
+ if (!checks.subjectMatches) {
3617
+ reasons.push(`Subject "${subject}" does not match expected artifact "${artifactDid}"`);
3618
+ }
3619
+ } else {
3620
+ checks.subjectMatches = true;
3621
+ }
3622
+ checks.notRevoked = attestation.revocationTime === BigInt(0);
3623
+ if (!checks.notRevoked) {
3624
+ reasons.push("Attestation has been revoked");
3625
+ }
3626
+ const now = BigInt(Math.floor(Date.now() / 1e3));
3627
+ const effectiveTime = toBigInt(effectiveAt);
3628
+ const expirationTime = toBigInt(expiresAt);
3629
+ const isEffective = effectiveTime === BigInt(0) || effectiveTime <= now;
3630
+ const isNotExpired = expirationTime === BigInt(0) || expirationTime > now;
3631
+ checks.currentlyEffective = isEffective && isNotExpired;
3632
+ if (!isEffective) {
3633
+ reasons.push("Attestation is not yet effective");
3634
+ }
3635
+ if (!isNotExpired) {
3636
+ reasons.push("Attestation has expired");
3637
+ }
3638
+ const controllerDid = `did:pkh:eip155:${chainId}:${attestation.attester.toLowerCase()}`;
3639
+ let authorization = null;
3640
+ try {
3641
+ const resolvedChain = chain ?? `eip155:${chainId}`;
3642
+ authorization = await getControllerAuthorization({
3643
+ subjectDid: responsibleParty,
3644
+ controllerDid,
3645
+ provider,
3646
+ chain: resolvedChain,
3647
+ easContractAddress
3648
+ });
3649
+ checks.controllerAuthorized = authorization.authorized;
3650
+ if (!checks.controllerAuthorized) {
3651
+ reasons.push(`Controller ${controllerDid} is not authorized for ${responsibleParty}`);
3652
+ }
3653
+ if (authorization.authorized && authorization.anchoredFrom !== null) {
3654
+ const issuedAtBigInt = toBigInt(issuedAt);
3655
+ const afterStart = issuedAtBigInt >= authorization.anchoredFrom;
3656
+ const beforeEnd = authorization.until === null || issuedAtBigInt <= authorization.until;
3657
+ checks.issuedDuringAuthorizationWindow = afterStart && beforeEnd;
3658
+ if (!afterStart) {
3659
+ reasons.push("Attestation was issued before the authorization window started");
3660
+ }
3661
+ if (!beforeEnd) {
3662
+ reasons.push("Attestation was issued after the authorization window ended");
3663
+ }
3664
+ } else if (authorization.authorized && authorization.anchoredFrom === null) {
3665
+ checks.issuedDuringAuthorizationWindow = true;
3666
+ } else {
3667
+ checks.issuedDuringAuthorizationWindow = false;
3668
+ }
3669
+ } catch (err) {
3670
+ reasons.push(
3671
+ `Controller authorization check failed: ${err instanceof Error ? err.message : "unknown error"}`
3672
+ );
3673
+ checks.controllerAuthorized = false;
3674
+ checks.issuedDuringAuthorizationWindow = false;
3675
+ }
3676
+ const valid = Object.values(checks).every(Boolean);
3677
+ return {
3678
+ valid,
3679
+ responsibleParty,
3680
+ controllerDid,
3681
+ responsibilityTypes: responsibilityType,
3682
+ subjectLabel: subjectLabel || void 0,
3683
+ authorization,
3684
+ checks,
3685
+ reasons
3686
+ };
3687
+ }
3688
+ async function getVerifiedArtifactAttestations(params) {
3689
+ const {
3690
+ artifactDid,
3691
+ provider,
3692
+ easContractAddress,
3693
+ chain,
3694
+ chainId,
3695
+ schemaUids,
3696
+ responsibilityClaimSchemaUid,
3697
+ responsibilityClaimSchemaString,
3698
+ securityAssessmentSchemaUid,
3699
+ certificationSchemaUid,
3700
+ fromBlock,
3701
+ limit
3702
+ } = params;
3703
+ parseArtifactDid(artifactDid);
3704
+ if (schemaUids.length === 0) {
3705
+ return {
3706
+ artifactDid,
3707
+ responsibilityClaims: [],
3708
+ securityAssessments: [],
3709
+ certifications: [],
3710
+ otherAttestations: []
3711
+ };
3712
+ }
3713
+ const results = await listAttestations({
3714
+ subjectDid: artifactDid,
3715
+ provider,
3716
+ easContractAddress,
3717
+ schemas: schemaUids,
3718
+ limit: limit ?? 100,
3719
+ fromBlock
3720
+ });
3721
+ const responsibilityClaims = [];
3722
+ const securityAssessments = [];
3723
+ const certifications = [];
3724
+ const otherAttestations = [];
3725
+ for (const att of results) {
3726
+ const schemaUidLower = att.schema.toLowerCase();
3727
+ if (schemaUidLower === responsibilityClaimSchemaUid.toLowerCase()) {
3728
+ const verification = await verifyResponsibilityClaim({
3729
+ attestation: att,
3730
+ artifactDid,
3731
+ provider,
3732
+ easContractAddress,
3733
+ chain,
3734
+ chainId,
3735
+ responsibilityClaimSchemaString
3736
+ });
3737
+ responsibilityClaims.push({ attestation: att, verification });
3738
+ } else if (securityAssessmentSchemaUid && schemaUidLower === securityAssessmentSchemaUid.toLowerCase()) {
3739
+ const verification = await runStandardVerification(att, provider);
3740
+ securityAssessments.push({ attestation: att, verification });
3741
+ } else if (certificationSchemaUid && schemaUidLower === certificationSchemaUid.toLowerCase()) {
3742
+ const verification = await runStandardVerification(att, provider);
3743
+ certifications.push({ attestation: att, verification });
3744
+ } else {
3745
+ const verification = await runStandardVerification(att, provider);
3746
+ otherAttestations.push({ attestation: att, verification });
3747
+ }
3748
+ }
3749
+ return {
3750
+ artifactDid,
3751
+ responsibilityClaims,
3752
+ securityAssessments,
3753
+ certifications,
3754
+ otherAttestations
3755
+ };
3756
+ }
3757
+ async function isArtifactClaimedBy(params) {
3758
+ const { artifactDid, responsibleParty, responsibilityTypes } = params;
3759
+ const result = await getVerifiedArtifactAttestations({
3760
+ artifactDid,
3761
+ provider: params.provider,
3762
+ easContractAddress: params.easContractAddress,
3763
+ chain: params.chain,
3764
+ chainId: params.chainId,
3765
+ schemaUids: params.schemaUids,
3766
+ responsibilityClaimSchemaUid: params.responsibilityClaimSchemaUid,
3767
+ responsibilityClaimSchemaString: params.responsibilityClaimSchemaString,
3768
+ securityAssessmentSchemaUid: params.securityAssessmentSchemaUid,
3769
+ certificationSchemaUid: params.certificationSchemaUid
3770
+ });
3771
+ const matchingClaims = result.responsibilityClaims.filter(
3772
+ (claim) => claim.verification.responsibleParty.toLowerCase() === responsibleParty.toLowerCase()
3773
+ );
3774
+ const validClaims = matchingClaims.filter((claim) => claim.verification.valid);
3775
+ let finalClaims = validClaims;
3776
+ let matchedTypes = [];
3777
+ if (responsibilityTypes && responsibilityTypes.length > 0) {
3778
+ finalClaims = validClaims.filter(
3779
+ (claim) => claim.verification.responsibilityTypes.some(
3780
+ (t) => responsibilityTypes.includes(t)
3781
+ )
3782
+ );
3783
+ matchedTypes = [
3784
+ ...new Set(
3785
+ finalClaims.flatMap(
3786
+ (claim) => claim.verification.responsibilityTypes.filter(
3787
+ (t) => responsibilityTypes.includes(t)
3788
+ )
3789
+ )
3790
+ )
3791
+ ];
3792
+ } else {
3793
+ matchedTypes = [
3794
+ ...new Set(
3795
+ validClaims.flatMap((claim) => claim.verification.responsibilityTypes)
3796
+ )
3797
+ ];
3798
+ }
3799
+ const reasons = [];
3800
+ if (finalClaims.length === 0) {
3801
+ if (matchingClaims.length === 0) {
3802
+ reasons.push(
3803
+ `No responsibility claims found from ${responsibleParty} for this artifact`
3804
+ );
3805
+ } else if (validClaims.length === 0) {
3806
+ reasons.push(
3807
+ `Claims from ${responsibleParty} exist but none passed verification`
3808
+ );
3809
+ } else if (responsibilityTypes) {
3810
+ reasons.push(
3811
+ `No claims matched the requested responsibility types: ${responsibilityTypes.join(", ")}`
3812
+ );
3813
+ }
3814
+ }
3815
+ return {
3816
+ claimed: finalClaims.length > 0,
3817
+ claims: finalClaims,
3818
+ matchedResponsibilityTypes: matchedTypes,
3819
+ reasons
3820
+ };
3821
+ }
3822
+ function toBigInt(value) {
3823
+ if (value === void 0 || value === null) return BigInt(0);
3824
+ if (typeof value === "bigint") return value;
3825
+ return BigInt(value);
3826
+ }
3827
+ function buildFailedResult(checks, reasons, decoded) {
3828
+ return {
3829
+ valid: false,
3830
+ responsibleParty: decoded?.responsibleParty ?? "",
3831
+ controllerDid: "",
3832
+ responsibilityTypes: decoded?.responsibilityType ?? [],
3833
+ subjectLabel: decoded?.subjectLabel || void 0,
3834
+ authorization: null,
3835
+ checks,
3836
+ reasons
3837
+ };
3838
+ }
3839
+ async function runStandardVerification(attestation, provider) {
3840
+ try {
3841
+ return await verifyAttestation({ attestation, provider });
3842
+ } catch {
3843
+ return void 0;
3844
+ }
3845
+ }
3150
3846
 
3151
- export { EIP1967_ADMIN_SLOT, OWNERSHIP_PATTERNS, buildDelegatedAttestationTypedData, buildDelegatedTypedDataFromEncoded, buildDnsTxtRecord, buildEip712Domain, calculateAverageUserReviewRating, calculateTransferAmount, calculateTransferAmountFromAddresses, callControllerWitness, constructSeed, createEvidencePointerProof, createPopEip712Proof, createPopJwsProof, createTxEncodedValueProof, createTxInteractionProof, createX402OfferProof, createX402ReceiptProof, decodeAttestationData, deduplicateReviews, discoverContractOwner, discoverControllingWalletDid, encodeAttestationData, extractEvmAddressesFromDidDocument, extractExpirationTime, extractJwksFromDidDocument, fetchDidDocument, formatSchemaUid, formatTransferAmount, getAttestation, getAttestationsByAttester, getAttestationsForDid, getChainConstants, getControllerAuthorization, getExplorerAddressUrl, getExplorerTxUrl, getLatestAttestations, getMajorVersion, getOmaTrustProofEip712Types, getSchemaDetails, getSupportedChainIds, hashSeed, isChainSupported, listAttestations, normalizeSchema, parseDnsTxtRecord, prepareDelegatedAttestation, readOwnerFromContract, requestControllerWitness, revokeAttestation, schemaToString, splitSignature, submitAttestation, submitDelegatedAttestation, validateAttestationData, verifyAttestation, verifyDidDocumentControllerDid, verifyDidJsonControllerDid, verifyDidPkhOwnership, verifyDidWebOwnership, verifyDnsTxtControllerDid2 as verifyDnsTxtControllerDid, verifyEip712Signature, verifyProof, verifySchemaExists, verifySubjectOwnership, verifyTransferProof, verifyX402Eip712Artifact, verifyX402Eip712Offer, verifyX402Eip712Receipt, verifyX402JwsArtifact, verifyX402JwsOffer, verifyX402JwsReceipt };
3847
+ export { EIP1967_ADMIN_SLOT, OWNERSHIP_PATTERNS, buildDelegatedAttestationTypedData, buildDelegatedTypedDataFromEncoded, buildDnsTxtRecord, buildEip712Domain, calculateAverageUserReviewRating, calculateTransferAmount, calculateTransferAmountFromAddresses, callControllerWitness, constructSeed, createEvidencePointerProof, createPopEip712Proof, createPopJwsProof, createTxEncodedValueProof, createTxInteractionProof, createX402OfferProof, createX402ReceiptProof, decodeAttestationData, deduplicateReviews, discoverContractOwner, discoverControllingWalletDid, encodeAttestationData, extractEvmAddressesFromDidDocument, extractExpirationTime, extractJwksFromDidDocument, fetchDidDocument, formatSchemaUid, formatTransferAmount, getAttestation, getAttestationsByAttester, getAttestationsForDid, getChainConstants, getControllerAuthorization, getExplorerAddressUrl, getExplorerTxUrl, getLatestAttestations, getMajorVersion, getOmaTrustProofEip712Types, getSchemaDetails, getSupportedChainIds, getVerifiedArtifactAttestations, hashSeed, isArtifactClaimedBy, isChainSupported, listAttestations, normalizeSchema, parseDnsTxtRecord, prepareDelegatedAttestation, readOwnerFromContract, requestControllerWitness, revokeAttestation, schemaToString, splitSignature, submitAttestation, submitDelegatedAttestation, validateAttestationData, verifyAttestation, verifyDidDocumentControllerDid, verifyDidJsonControllerDid, verifyDidPkhOwnership, verifyDidWebOwnership, verifyDnsTxtControllerDid2 as verifyDnsTxtControllerDid, verifyEip712Signature, verifyKeyBindingProofs, verifyLinkedIdentifierProofs, verifyProof, verifyResponsibilityClaim, verifySchemaExists, verifySubjectOwnership, verifyTransferProof, verifyX402Artifact, verifyX402Eip712Artifact, verifyX402Eip712Offer, verifyX402Eip712Receipt, verifyX402JwsArtifact, verifyX402JwsOffer, verifyX402JwsReceipt };
3152
3848
  //# sourceMappingURL=index.js.map
3153
3849
  //# sourceMappingURL=index.js.map