@oma3/omatrust 0.1.0-alpha.12 → 0.1.0-alpha.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.cjs CHANGED
@@ -1418,7 +1418,9 @@ __export(reputation_exports, {
1418
1418
  getOmaTrustProofEip712Types: () => getOmaTrustProofEip712Types,
1419
1419
  getSchemaDetails: () => getSchemaDetails,
1420
1420
  getSupportedChainIds: () => getSupportedChainIds,
1421
+ getVerifiedArtifactAttestations: () => getVerifiedArtifactAttestations,
1421
1422
  hashSeed: () => hashSeed,
1423
+ isArtifactClaimedBy: () => isArtifactClaimedBy,
1422
1424
  isChainSupported: () => isChainSupported,
1423
1425
  listAttestations: () => listAttestations,
1424
1426
  normalizeSchema: () => normalizeSchema,
@@ -1442,6 +1444,7 @@ __export(reputation_exports, {
1442
1444
  verifyKeyBindingProofs: () => verifyKeyBindingProofs,
1443
1445
  verifyLinkedIdentifierProofs: () => verifyLinkedIdentifierProofs,
1444
1446
  verifyProof: () => verifyProof,
1447
+ verifyResponsibilityClaim: () => verifyResponsibilityClaim,
1445
1448
  verifySchemaExists: () => verifySchemaExists,
1446
1449
  verifySubjectOwnership: () => verifySubjectOwnership,
1447
1450
  verifyTransferProof: () => verifyTransferProof,
@@ -4305,6 +4308,302 @@ function verifyKeyBindingProofs(data) {
4305
4308
  };
4306
4309
  }
4307
4310
 
4311
+ // src/reputation/artifact-verification.ts
4312
+ async function verifyResponsibilityClaim(params) {
4313
+ const {
4314
+ attestation,
4315
+ artifactDid,
4316
+ provider,
4317
+ easContractAddress,
4318
+ chain,
4319
+ chainId,
4320
+ responsibilityClaimSchemaString
4321
+ } = params;
4322
+ const reasons = [];
4323
+ const checks = {
4324
+ schemaValid: false,
4325
+ subjectMatches: false,
4326
+ notRevoked: false,
4327
+ currentlyEffective: false,
4328
+ controllerAuthorized: false,
4329
+ issuedDuringAuthorizationWindow: false
4330
+ };
4331
+ let decoded;
4332
+ try {
4333
+ if (attestation.raw) {
4334
+ decoded = decodeAttestationData(responsibilityClaimSchemaString, attestation.raw);
4335
+ } else if (attestation.data && typeof attestation.data === "object") {
4336
+ decoded = attestation.data;
4337
+ } else {
4338
+ reasons.push("No attestation data available to decode");
4339
+ return buildFailedResult(checks, reasons);
4340
+ }
4341
+ } catch (err) {
4342
+ reasons.push(
4343
+ `Failed to decode attestation data: ${err instanceof Error ? err.message : "unknown error"}`
4344
+ );
4345
+ return buildFailedResult(checks, reasons);
4346
+ }
4347
+ const responsibleParty = decoded.responsibleParty;
4348
+ const subject = decoded.subject;
4349
+ const responsibilityType = decoded.responsibilityType;
4350
+ const issuedAt = decoded.issuedAt;
4351
+ const effectiveAt = decoded.effectiveAt;
4352
+ const expiresAt = decoded.expiresAt;
4353
+ const subjectLabel = decoded.subjectLabel;
4354
+ if (!responsibleParty || !subject || !responsibilityType || !issuedAt) {
4355
+ if (!responsibleParty) reasons.push("Missing required field: responsibleParty");
4356
+ if (!subject) reasons.push("Missing required field: subject");
4357
+ if (!responsibilityType) reasons.push("Missing required field: responsibilityType");
4358
+ if (!issuedAt) reasons.push("Missing required field: issuedAt");
4359
+ return buildFailedResult(checks, reasons, {
4360
+ responsibleParty,
4361
+ subjectLabel,
4362
+ responsibilityType
4363
+ });
4364
+ }
4365
+ if (!Array.isArray(responsibilityType) || responsibilityType.length === 0) {
4366
+ reasons.push("responsibilityType must be a non-empty array");
4367
+ return buildFailedResult(checks, reasons, {
4368
+ responsibleParty,
4369
+ subjectLabel,
4370
+ responsibilityType
4371
+ });
4372
+ }
4373
+ checks.schemaValid = true;
4374
+ if (artifactDid) {
4375
+ checks.subjectMatches = subject.toLowerCase() === artifactDid.toLowerCase();
4376
+ if (!checks.subjectMatches) {
4377
+ reasons.push(`Subject "${subject}" does not match expected artifact "${artifactDid}"`);
4378
+ }
4379
+ } else {
4380
+ checks.subjectMatches = true;
4381
+ }
4382
+ checks.notRevoked = attestation.revocationTime === BigInt(0);
4383
+ if (!checks.notRevoked) {
4384
+ reasons.push("Attestation has been revoked");
4385
+ }
4386
+ const now = BigInt(Math.floor(Date.now() / 1e3));
4387
+ const effectiveTime = toBigInt(effectiveAt);
4388
+ const expirationTime = toBigInt(expiresAt);
4389
+ const isEffective = effectiveTime === BigInt(0) || effectiveTime <= now;
4390
+ const isNotExpired = expirationTime === BigInt(0) || expirationTime > now;
4391
+ checks.currentlyEffective = isEffective && isNotExpired;
4392
+ if (!isEffective) {
4393
+ reasons.push("Attestation is not yet effective");
4394
+ }
4395
+ if (!isNotExpired) {
4396
+ reasons.push("Attestation has expired");
4397
+ }
4398
+ const controllerDid = `did:pkh:eip155:${chainId}:${attestation.attester.toLowerCase()}`;
4399
+ let authorization = null;
4400
+ try {
4401
+ const resolvedChain = chain ?? `eip155:${chainId}`;
4402
+ authorization = await getControllerAuthorization({
4403
+ subjectDid: responsibleParty,
4404
+ controllerDid,
4405
+ provider,
4406
+ chain: resolvedChain,
4407
+ easContractAddress
4408
+ });
4409
+ checks.controllerAuthorized = authorization.authorized;
4410
+ if (!checks.controllerAuthorized) {
4411
+ reasons.push(`Controller ${controllerDid} is not authorized for ${responsibleParty}`);
4412
+ }
4413
+ if (authorization.authorized && authorization.anchoredFrom !== null) {
4414
+ const issuedAtBigInt = toBigInt(issuedAt);
4415
+ const afterStart = issuedAtBigInt >= authorization.anchoredFrom;
4416
+ const beforeEnd = authorization.until === null || issuedAtBigInt <= authorization.until;
4417
+ checks.issuedDuringAuthorizationWindow = afterStart && beforeEnd;
4418
+ if (!afterStart) {
4419
+ reasons.push("Attestation was issued before the authorization window started");
4420
+ }
4421
+ if (!beforeEnd) {
4422
+ reasons.push("Attestation was issued after the authorization window ended");
4423
+ }
4424
+ } else if (authorization.authorized && authorization.anchoredFrom === null) {
4425
+ checks.issuedDuringAuthorizationWindow = true;
4426
+ } else {
4427
+ checks.issuedDuringAuthorizationWindow = false;
4428
+ }
4429
+ } catch (err) {
4430
+ reasons.push(
4431
+ `Controller authorization check failed: ${err instanceof Error ? err.message : "unknown error"}`
4432
+ );
4433
+ checks.controllerAuthorized = false;
4434
+ checks.issuedDuringAuthorizationWindow = false;
4435
+ }
4436
+ const valid = Object.values(checks).every(Boolean);
4437
+ return {
4438
+ valid,
4439
+ responsibleParty,
4440
+ controllerDid,
4441
+ responsibilityTypes: responsibilityType,
4442
+ subjectLabel: subjectLabel || void 0,
4443
+ authorization,
4444
+ checks,
4445
+ reasons
4446
+ };
4447
+ }
4448
+ async function getVerifiedArtifactAttestations(params) {
4449
+ const {
4450
+ artifactDid,
4451
+ provider,
4452
+ easContractAddress,
4453
+ chain,
4454
+ chainId,
4455
+ schemaUids,
4456
+ responsibilityClaimSchemaUid,
4457
+ responsibilityClaimSchemaString,
4458
+ securityAssessmentSchemaUid,
4459
+ certificationSchemaUid,
4460
+ fromBlock,
4461
+ limit
4462
+ } = params;
4463
+ parseArtifactDid(artifactDid);
4464
+ if (schemaUids.length === 0) {
4465
+ return {
4466
+ artifactDid,
4467
+ responsibilityClaims: [],
4468
+ securityAssessments: [],
4469
+ certifications: [],
4470
+ otherAttestations: []
4471
+ };
4472
+ }
4473
+ const results = await listAttestations({
4474
+ subjectDid: artifactDid,
4475
+ provider,
4476
+ easContractAddress,
4477
+ schemas: schemaUids,
4478
+ limit: limit ?? 100,
4479
+ fromBlock
4480
+ });
4481
+ const responsibilityClaims = [];
4482
+ const securityAssessments = [];
4483
+ const certifications = [];
4484
+ const otherAttestations = [];
4485
+ for (const att of results) {
4486
+ const schemaUidLower = att.schema.toLowerCase();
4487
+ if (schemaUidLower === responsibilityClaimSchemaUid.toLowerCase()) {
4488
+ const verification = await verifyResponsibilityClaim({
4489
+ attestation: att,
4490
+ artifactDid,
4491
+ provider,
4492
+ easContractAddress,
4493
+ chain,
4494
+ chainId,
4495
+ responsibilityClaimSchemaString
4496
+ });
4497
+ responsibilityClaims.push({ attestation: att, verification });
4498
+ } else if (securityAssessmentSchemaUid && schemaUidLower === securityAssessmentSchemaUid.toLowerCase()) {
4499
+ const verification = await runStandardVerification(att, provider);
4500
+ securityAssessments.push({ attestation: att, verification });
4501
+ } else if (certificationSchemaUid && schemaUidLower === certificationSchemaUid.toLowerCase()) {
4502
+ const verification = await runStandardVerification(att, provider);
4503
+ certifications.push({ attestation: att, verification });
4504
+ } else {
4505
+ const verification = await runStandardVerification(att, provider);
4506
+ otherAttestations.push({ attestation: att, verification });
4507
+ }
4508
+ }
4509
+ return {
4510
+ artifactDid,
4511
+ responsibilityClaims,
4512
+ securityAssessments,
4513
+ certifications,
4514
+ otherAttestations
4515
+ };
4516
+ }
4517
+ async function isArtifactClaimedBy(params) {
4518
+ const { artifactDid, responsibleParty, responsibilityTypes } = params;
4519
+ const result = await getVerifiedArtifactAttestations({
4520
+ artifactDid,
4521
+ provider: params.provider,
4522
+ easContractAddress: params.easContractAddress,
4523
+ chain: params.chain,
4524
+ chainId: params.chainId,
4525
+ schemaUids: params.schemaUids,
4526
+ responsibilityClaimSchemaUid: params.responsibilityClaimSchemaUid,
4527
+ responsibilityClaimSchemaString: params.responsibilityClaimSchemaString,
4528
+ securityAssessmentSchemaUid: params.securityAssessmentSchemaUid,
4529
+ certificationSchemaUid: params.certificationSchemaUid
4530
+ });
4531
+ const matchingClaims = result.responsibilityClaims.filter(
4532
+ (claim) => claim.verification.responsibleParty.toLowerCase() === responsibleParty.toLowerCase()
4533
+ );
4534
+ const validClaims = matchingClaims.filter((claim) => claim.verification.valid);
4535
+ let finalClaims = validClaims;
4536
+ let matchedTypes = [];
4537
+ if (responsibilityTypes && responsibilityTypes.length > 0) {
4538
+ finalClaims = validClaims.filter(
4539
+ (claim) => claim.verification.responsibilityTypes.some(
4540
+ (t) => responsibilityTypes.includes(t)
4541
+ )
4542
+ );
4543
+ matchedTypes = [
4544
+ ...new Set(
4545
+ finalClaims.flatMap(
4546
+ (claim) => claim.verification.responsibilityTypes.filter(
4547
+ (t) => responsibilityTypes.includes(t)
4548
+ )
4549
+ )
4550
+ )
4551
+ ];
4552
+ } else {
4553
+ matchedTypes = [
4554
+ ...new Set(
4555
+ validClaims.flatMap((claim) => claim.verification.responsibilityTypes)
4556
+ )
4557
+ ];
4558
+ }
4559
+ const reasons = [];
4560
+ if (finalClaims.length === 0) {
4561
+ if (matchingClaims.length === 0) {
4562
+ reasons.push(
4563
+ `No responsibility claims found from ${responsibleParty} for this artifact`
4564
+ );
4565
+ } else if (validClaims.length === 0) {
4566
+ reasons.push(
4567
+ `Claims from ${responsibleParty} exist but none passed verification`
4568
+ );
4569
+ } else if (responsibilityTypes) {
4570
+ reasons.push(
4571
+ `No claims matched the requested responsibility types: ${responsibilityTypes.join(", ")}`
4572
+ );
4573
+ }
4574
+ }
4575
+ return {
4576
+ claimed: finalClaims.length > 0,
4577
+ claims: finalClaims,
4578
+ matchedResponsibilityTypes: matchedTypes,
4579
+ reasons
4580
+ };
4581
+ }
4582
+ function toBigInt(value) {
4583
+ if (value === void 0 || value === null) return BigInt(0);
4584
+ if (typeof value === "bigint") return value;
4585
+ return BigInt(value);
4586
+ }
4587
+ function buildFailedResult(checks, reasons, decoded) {
4588
+ return {
4589
+ valid: false,
4590
+ responsibleParty: decoded?.responsibleParty ?? "",
4591
+ controllerDid: "",
4592
+ responsibilityTypes: decoded?.responsibilityType ?? [],
4593
+ subjectLabel: decoded?.subjectLabel || void 0,
4594
+ authorization: null,
4595
+ checks,
4596
+ reasons
4597
+ };
4598
+ }
4599
+ async function runStandardVerification(attestation, provider) {
4600
+ try {
4601
+ return await verifyAttestation({ attestation, provider });
4602
+ } catch {
4603
+ return void 0;
4604
+ }
4605
+ }
4606
+
4308
4607
  // src/app-registry/index.ts
4309
4608
  var app_registry_exports = {};
4310
4609
  __export(app_registry_exports, {