@oma3/omatrust 0.1.0-alpha.12 → 0.1.0-alpha.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.d.cts CHANGED
@@ -1,5 +1,5 @@
1
1
  export { i as identity } from './index-C7odEbp6.cjs';
2
- export { i as reputation } from './index-B5OC9_8B.cjs';
2
+ export { i as reputation } from './index-CnWY9arI.cjs';
3
3
  export { i as appRegistry } from './index-_Bkhoj8k.cjs';
4
4
  import './types-Dn0OwaNj.cjs';
5
5
  import './subject-ownership-B7cFlm8c.cjs';
package/dist/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  export { i as identity } from './index-Bu-xxcv9.js';
2
- export { i as reputation } from './index-C6WNgPRx.js';
2
+ export { i as reputation } from './index-DREQRFIE.js';
3
3
  export { i as appRegistry } from './index-_Bkhoj8k.js';
4
4
  import './types-Dn0OwaNj.js';
5
5
  import './subject-ownership-B7cFlm8c.js';
package/dist/index.js CHANGED
@@ -1393,7 +1393,9 @@ __export(reputation_exports, {
1393
1393
  getOmaTrustProofEip712Types: () => getOmaTrustProofEip712Types,
1394
1394
  getSchemaDetails: () => getSchemaDetails,
1395
1395
  getSupportedChainIds: () => getSupportedChainIds,
1396
+ getVerifiedArtifactAttestations: () => getVerifiedArtifactAttestations,
1396
1397
  hashSeed: () => hashSeed,
1398
+ isArtifactClaimedBy: () => isArtifactClaimedBy,
1397
1399
  isChainSupported: () => isChainSupported,
1398
1400
  listAttestations: () => listAttestations,
1399
1401
  normalizeSchema: () => normalizeSchema,
@@ -1417,6 +1419,7 @@ __export(reputation_exports, {
1417
1419
  verifyKeyBindingProofs: () => verifyKeyBindingProofs,
1418
1420
  verifyLinkedIdentifierProofs: () => verifyLinkedIdentifierProofs,
1419
1421
  verifyProof: () => verifyProof,
1422
+ verifyResponsibilityClaim: () => verifyResponsibilityClaim,
1420
1423
  verifySchemaExists: () => verifySchemaExists,
1421
1424
  verifySubjectOwnership: () => verifySubjectOwnership,
1422
1425
  verifyTransferProof: () => verifyTransferProof,
@@ -4280,6 +4283,302 @@ function verifyKeyBindingProofs(data) {
4280
4283
  };
4281
4284
  }
4282
4285
 
4286
+ // src/reputation/artifact-verification.ts
4287
+ async function verifyResponsibilityClaim(params) {
4288
+ const {
4289
+ attestation,
4290
+ artifactDid,
4291
+ provider,
4292
+ easContractAddress,
4293
+ chain,
4294
+ chainId,
4295
+ responsibilityClaimSchemaString
4296
+ } = params;
4297
+ const reasons = [];
4298
+ const checks = {
4299
+ schemaValid: false,
4300
+ subjectMatches: false,
4301
+ notRevoked: false,
4302
+ currentlyEffective: false,
4303
+ controllerAuthorized: false,
4304
+ issuedDuringAuthorizationWindow: false
4305
+ };
4306
+ let decoded;
4307
+ try {
4308
+ if (attestation.raw) {
4309
+ decoded = decodeAttestationData(responsibilityClaimSchemaString, attestation.raw);
4310
+ } else if (attestation.data && typeof attestation.data === "object") {
4311
+ decoded = attestation.data;
4312
+ } else {
4313
+ reasons.push("No attestation data available to decode");
4314
+ return buildFailedResult(checks, reasons);
4315
+ }
4316
+ } catch (err) {
4317
+ reasons.push(
4318
+ `Failed to decode attestation data: ${err instanceof Error ? err.message : "unknown error"}`
4319
+ );
4320
+ return buildFailedResult(checks, reasons);
4321
+ }
4322
+ const responsibleParty = decoded.responsibleParty;
4323
+ const subject = decoded.subject;
4324
+ const responsibilityType = decoded.responsibilityType;
4325
+ const issuedAt = decoded.issuedAt;
4326
+ const effectiveAt = decoded.effectiveAt;
4327
+ const expiresAt = decoded.expiresAt;
4328
+ const subjectLabel = decoded.subjectLabel;
4329
+ if (!responsibleParty || !subject || !responsibilityType || !issuedAt) {
4330
+ if (!responsibleParty) reasons.push("Missing required field: responsibleParty");
4331
+ if (!subject) reasons.push("Missing required field: subject");
4332
+ if (!responsibilityType) reasons.push("Missing required field: responsibilityType");
4333
+ if (!issuedAt) reasons.push("Missing required field: issuedAt");
4334
+ return buildFailedResult(checks, reasons, {
4335
+ responsibleParty,
4336
+ subjectLabel,
4337
+ responsibilityType
4338
+ });
4339
+ }
4340
+ if (!Array.isArray(responsibilityType) || responsibilityType.length === 0) {
4341
+ reasons.push("responsibilityType must be a non-empty array");
4342
+ return buildFailedResult(checks, reasons, {
4343
+ responsibleParty,
4344
+ subjectLabel,
4345
+ responsibilityType
4346
+ });
4347
+ }
4348
+ checks.schemaValid = true;
4349
+ if (artifactDid) {
4350
+ checks.subjectMatches = subject.toLowerCase() === artifactDid.toLowerCase();
4351
+ if (!checks.subjectMatches) {
4352
+ reasons.push(`Subject "${subject}" does not match expected artifact "${artifactDid}"`);
4353
+ }
4354
+ } else {
4355
+ checks.subjectMatches = true;
4356
+ }
4357
+ checks.notRevoked = attestation.revocationTime === BigInt(0);
4358
+ if (!checks.notRevoked) {
4359
+ reasons.push("Attestation has been revoked");
4360
+ }
4361
+ const now = BigInt(Math.floor(Date.now() / 1e3));
4362
+ const effectiveTime = toBigInt(effectiveAt);
4363
+ const expirationTime = toBigInt(expiresAt);
4364
+ const isEffective = effectiveTime === BigInt(0) || effectiveTime <= now;
4365
+ const isNotExpired = expirationTime === BigInt(0) || expirationTime > now;
4366
+ checks.currentlyEffective = isEffective && isNotExpired;
4367
+ if (!isEffective) {
4368
+ reasons.push("Attestation is not yet effective");
4369
+ }
4370
+ if (!isNotExpired) {
4371
+ reasons.push("Attestation has expired");
4372
+ }
4373
+ const controllerDid = `did:pkh:eip155:${chainId}:${attestation.attester.toLowerCase()}`;
4374
+ let authorization = null;
4375
+ try {
4376
+ const resolvedChain = chain ?? `eip155:${chainId}`;
4377
+ authorization = await getControllerAuthorization({
4378
+ subjectDid: responsibleParty,
4379
+ controllerDid,
4380
+ provider,
4381
+ chain: resolvedChain,
4382
+ easContractAddress
4383
+ });
4384
+ checks.controllerAuthorized = authorization.authorized;
4385
+ if (!checks.controllerAuthorized) {
4386
+ reasons.push(`Controller ${controllerDid} is not authorized for ${responsibleParty}`);
4387
+ }
4388
+ if (authorization.authorized && authorization.anchoredFrom !== null) {
4389
+ const issuedAtBigInt = toBigInt(issuedAt);
4390
+ const afterStart = issuedAtBigInt >= authorization.anchoredFrom;
4391
+ const beforeEnd = authorization.until === null || issuedAtBigInt <= authorization.until;
4392
+ checks.issuedDuringAuthorizationWindow = afterStart && beforeEnd;
4393
+ if (!afterStart) {
4394
+ reasons.push("Attestation was issued before the authorization window started");
4395
+ }
4396
+ if (!beforeEnd) {
4397
+ reasons.push("Attestation was issued after the authorization window ended");
4398
+ }
4399
+ } else if (authorization.authorized && authorization.anchoredFrom === null) {
4400
+ checks.issuedDuringAuthorizationWindow = true;
4401
+ } else {
4402
+ checks.issuedDuringAuthorizationWindow = false;
4403
+ }
4404
+ } catch (err) {
4405
+ reasons.push(
4406
+ `Controller authorization check failed: ${err instanceof Error ? err.message : "unknown error"}`
4407
+ );
4408
+ checks.controllerAuthorized = false;
4409
+ checks.issuedDuringAuthorizationWindow = false;
4410
+ }
4411
+ const valid = Object.values(checks).every(Boolean);
4412
+ return {
4413
+ valid,
4414
+ responsibleParty,
4415
+ controllerDid,
4416
+ responsibilityTypes: responsibilityType,
4417
+ subjectLabel: subjectLabel || void 0,
4418
+ authorization,
4419
+ checks,
4420
+ reasons
4421
+ };
4422
+ }
4423
+ async function getVerifiedArtifactAttestations(params) {
4424
+ const {
4425
+ artifactDid,
4426
+ provider,
4427
+ easContractAddress,
4428
+ chain,
4429
+ chainId,
4430
+ schemaUids,
4431
+ responsibilityClaimSchemaUid,
4432
+ responsibilityClaimSchemaString,
4433
+ securityAssessmentSchemaUid,
4434
+ certificationSchemaUid,
4435
+ fromBlock,
4436
+ limit
4437
+ } = params;
4438
+ parseArtifactDid(artifactDid);
4439
+ if (schemaUids.length === 0) {
4440
+ return {
4441
+ artifactDid,
4442
+ responsibilityClaims: [],
4443
+ securityAssessments: [],
4444
+ certifications: [],
4445
+ otherAttestations: []
4446
+ };
4447
+ }
4448
+ const results = await listAttestations({
4449
+ subjectDid: artifactDid,
4450
+ provider,
4451
+ easContractAddress,
4452
+ schemas: schemaUids,
4453
+ limit: limit ?? 100,
4454
+ fromBlock
4455
+ });
4456
+ const responsibilityClaims = [];
4457
+ const securityAssessments = [];
4458
+ const certifications = [];
4459
+ const otherAttestations = [];
4460
+ for (const att of results) {
4461
+ const schemaUidLower = att.schema.toLowerCase();
4462
+ if (schemaUidLower === responsibilityClaimSchemaUid.toLowerCase()) {
4463
+ const verification = await verifyResponsibilityClaim({
4464
+ attestation: att,
4465
+ artifactDid,
4466
+ provider,
4467
+ easContractAddress,
4468
+ chain,
4469
+ chainId,
4470
+ responsibilityClaimSchemaString
4471
+ });
4472
+ responsibilityClaims.push({ attestation: att, verification });
4473
+ } else if (securityAssessmentSchemaUid && schemaUidLower === securityAssessmentSchemaUid.toLowerCase()) {
4474
+ const verification = await runStandardVerification(att, provider);
4475
+ securityAssessments.push({ attestation: att, verification });
4476
+ } else if (certificationSchemaUid && schemaUidLower === certificationSchemaUid.toLowerCase()) {
4477
+ const verification = await runStandardVerification(att, provider);
4478
+ certifications.push({ attestation: att, verification });
4479
+ } else {
4480
+ const verification = await runStandardVerification(att, provider);
4481
+ otherAttestations.push({ attestation: att, verification });
4482
+ }
4483
+ }
4484
+ return {
4485
+ artifactDid,
4486
+ responsibilityClaims,
4487
+ securityAssessments,
4488
+ certifications,
4489
+ otherAttestations
4490
+ };
4491
+ }
4492
+ async function isArtifactClaimedBy(params) {
4493
+ const { artifactDid, responsibleParty, responsibilityTypes } = params;
4494
+ const result = await getVerifiedArtifactAttestations({
4495
+ artifactDid,
4496
+ provider: params.provider,
4497
+ easContractAddress: params.easContractAddress,
4498
+ chain: params.chain,
4499
+ chainId: params.chainId,
4500
+ schemaUids: params.schemaUids,
4501
+ responsibilityClaimSchemaUid: params.responsibilityClaimSchemaUid,
4502
+ responsibilityClaimSchemaString: params.responsibilityClaimSchemaString,
4503
+ securityAssessmentSchemaUid: params.securityAssessmentSchemaUid,
4504
+ certificationSchemaUid: params.certificationSchemaUid
4505
+ });
4506
+ const matchingClaims = result.responsibilityClaims.filter(
4507
+ (claim) => claim.verification.responsibleParty.toLowerCase() === responsibleParty.toLowerCase()
4508
+ );
4509
+ const validClaims = matchingClaims.filter((claim) => claim.verification.valid);
4510
+ let finalClaims = validClaims;
4511
+ let matchedTypes = [];
4512
+ if (responsibilityTypes && responsibilityTypes.length > 0) {
4513
+ finalClaims = validClaims.filter(
4514
+ (claim) => claim.verification.responsibilityTypes.some(
4515
+ (t) => responsibilityTypes.includes(t)
4516
+ )
4517
+ );
4518
+ matchedTypes = [
4519
+ ...new Set(
4520
+ finalClaims.flatMap(
4521
+ (claim) => claim.verification.responsibilityTypes.filter(
4522
+ (t) => responsibilityTypes.includes(t)
4523
+ )
4524
+ )
4525
+ )
4526
+ ];
4527
+ } else {
4528
+ matchedTypes = [
4529
+ ...new Set(
4530
+ validClaims.flatMap((claim) => claim.verification.responsibilityTypes)
4531
+ )
4532
+ ];
4533
+ }
4534
+ const reasons = [];
4535
+ if (finalClaims.length === 0) {
4536
+ if (matchingClaims.length === 0) {
4537
+ reasons.push(
4538
+ `No responsibility claims found from ${responsibleParty} for this artifact`
4539
+ );
4540
+ } else if (validClaims.length === 0) {
4541
+ reasons.push(
4542
+ `Claims from ${responsibleParty} exist but none passed verification`
4543
+ );
4544
+ } else if (responsibilityTypes) {
4545
+ reasons.push(
4546
+ `No claims matched the requested responsibility types: ${responsibilityTypes.join(", ")}`
4547
+ );
4548
+ }
4549
+ }
4550
+ return {
4551
+ claimed: finalClaims.length > 0,
4552
+ claims: finalClaims,
4553
+ matchedResponsibilityTypes: matchedTypes,
4554
+ reasons
4555
+ };
4556
+ }
4557
+ function toBigInt(value) {
4558
+ if (value === void 0 || value === null) return BigInt(0);
4559
+ if (typeof value === "bigint") return value;
4560
+ return BigInt(value);
4561
+ }
4562
+ function buildFailedResult(checks, reasons, decoded) {
4563
+ return {
4564
+ valid: false,
4565
+ responsibleParty: decoded?.responsibleParty ?? "",
4566
+ controllerDid: "",
4567
+ responsibilityTypes: decoded?.responsibilityType ?? [],
4568
+ subjectLabel: decoded?.subjectLabel || void 0,
4569
+ authorization: null,
4570
+ checks,
4571
+ reasons
4572
+ };
4573
+ }
4574
+ async function runStandardVerification(attestation, provider) {
4575
+ try {
4576
+ return await verifyAttestation({ attestation, provider });
4577
+ } catch {
4578
+ return void 0;
4579
+ }
4580
+ }
4581
+
4283
4582
  // src/app-registry/index.ts
4284
4583
  var app_registry_exports = {};
4285
4584
  __export(app_registry_exports, {