@oma3/omatrust 0.1.0-alpha.12 → 0.1.0-alpha.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -5,10 +5,33 @@ var ethers = require('ethers');
5
5
  var jose = require('jose');
6
6
  var canonicalize = require('canonicalize');
7
7
  var promises = require('dns/promises');
8
+ var cid = require('multiformats/cid');
9
+ require('multiformats/hashes/sha2');
10
+ var raw = require('multiformats/codecs/raw');
11
+ var base32 = require('multiformats/bases/base32');
8
12
 
9
13
  function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
10
14
 
15
+ function _interopNamespace(e) {
16
+ if (e && e.__esModule) return e;
17
+ var n = Object.create(null);
18
+ if (e) {
19
+ Object.keys(e).forEach(function (k) {
20
+ if (k !== 'default') {
21
+ var d = Object.getOwnPropertyDescriptor(e, k);
22
+ Object.defineProperty(n, k, d.get ? d : {
23
+ enumerable: true,
24
+ get: function () { return e[k]; }
25
+ });
26
+ }
27
+ });
28
+ }
29
+ n.default = e;
30
+ return Object.freeze(n);
31
+ }
32
+
11
33
  var canonicalize__default = /*#__PURE__*/_interopDefault(canonicalize);
34
+ var raw__namespace = /*#__PURE__*/_interopNamespace(raw);
12
35
 
13
36
  // src/reputation/submit.ts
14
37
 
@@ -16,10 +39,10 @@ var canonicalize__default = /*#__PURE__*/_interopDefault(canonicalize);
16
39
  var OmaTrustError = class extends Error {
17
40
  code;
18
41
  details;
19
- constructor(code, message, details) {
42
+ constructor(code2, message, details) {
20
43
  super(message);
21
44
  this.name = "OmaTrustError";
22
- this.code = code;
45
+ this.code = code2;
23
46
  this.details = details;
24
47
  }
25
48
  };
@@ -200,14 +223,14 @@ function extractExpirationTime(data) {
200
223
  }
201
224
 
202
225
  // src/shared/assert.ts
203
- function assertString(value, name, code = "INVALID_INPUT") {
226
+ function assertString(value, name, code2 = "INVALID_INPUT") {
204
227
  if (typeof value !== "string" || value.trim().length === 0) {
205
- throw new OmaTrustError(code, `${name} must be a non-empty string`, { value });
228
+ throw new OmaTrustError(code2, `${name} must be a non-empty string`, { value });
206
229
  }
207
230
  }
208
- function assertObject(value, name, code = "INVALID_INPUT") {
231
+ function assertObject(value, name, code2 = "INVALID_INPUT") {
209
232
  if (!value || typeof value !== "object" || Array.isArray(value)) {
210
- throw new OmaTrustError(code, `${name} must be an object`, { value });
233
+ throw new OmaTrustError(code2, `${name} must be an object`, { value });
211
234
  }
212
235
  }
213
236
 
@@ -1597,10 +1620,10 @@ function validateReceiptPayload(payload) {
1597
1620
  }
1598
1621
  return { valid: true };
1599
1622
  }
1600
- function failure(code, message, partial) {
1623
+ function failure(code2, message, partial) {
1601
1624
  return {
1602
1625
  valid: false,
1603
- error: { code, message },
1626
+ error: { code: code2, message },
1604
1627
  ...partial
1605
1628
  };
1606
1629
  }
@@ -1798,10 +1821,10 @@ function validateReceiptPayload2(payload) {
1798
1821
  }
1799
1822
  return { valid: true };
1800
1823
  }
1801
- function failure2(code, message, partial) {
1824
+ function failure2(code2, message, partial) {
1802
1825
  return {
1803
1826
  valid: false,
1804
- error: { code, message },
1827
+ error: { code: code2, message },
1805
1828
  ...partial
1806
1829
  };
1807
1830
  }
@@ -2319,8 +2342,8 @@ async function readOwnerFromContract(provider, contractAddress, signature, metho
2319
2342
  }
2320
2343
  async function discoverContractOwner(provider, contractAddress) {
2321
2344
  try {
2322
- const code = await provider.getCode(contractAddress);
2323
- if (code === "0x" || code === "0x0") {
2345
+ const code2 = await provider.getCode(contractAddress);
2346
+ if (code2 === "0x" || code2 === "0x0") {
2324
2347
  return null;
2325
2348
  }
2326
2349
  } catch {
@@ -3016,8 +3039,8 @@ async function verifyDidPkhOwnership(params) {
3016
3039
  subjectDid: params.subjectDid
3017
3040
  });
3018
3041
  }
3019
- const code = await params.provider.getCode(subjectAddress);
3020
- const isContract = code !== "0x" && code !== "0x0";
3042
+ const code2 = await params.provider.getCode(subjectAddress);
3043
+ const isContract = code2 !== "0x" && code2 !== "0x0";
3021
3044
  if (!isContract) {
3022
3045
  if (ethers.getAddress(subjectAddress) === ethers.getAddress(connectedWalletAddress)) {
3023
3046
  return {
@@ -3487,6 +3510,364 @@ function verifyKeyBindingProofs(data) {
3487
3510
  reasons
3488
3511
  };
3489
3512
  }
3513
+ var DID_ARTIFACT_PREFIX = "did:artifact:";
3514
+ var CID_VERSION = 1;
3515
+ var RAW_CODEC = raw__namespace.code;
3516
+ var SHA2_256_CODE = 18;
3517
+ var SHA2_256_DIGEST_LENGTH = 32;
3518
+ function parseArtifactDid(did) {
3519
+ if (typeof did !== "string" || !did.startsWith(DID_ARTIFACT_PREFIX)) {
3520
+ throw new OmaTrustError("INVALID_DID", "Expected a did:artifact DID", { did });
3521
+ }
3522
+ const identifier = did.slice(DID_ARTIFACT_PREFIX.length);
3523
+ if (!identifier || identifier.length === 0) {
3524
+ throw new OmaTrustError("INVALID_DID", "Missing method-specific identifier", { did });
3525
+ }
3526
+ if (identifier[0] !== "b") {
3527
+ throw new OmaTrustError(
3528
+ "INVALID_DID",
3529
+ `Invalid multibase prefix "${identifier[0]}", expected "b" (base32lower)`,
3530
+ { did }
3531
+ );
3532
+ }
3533
+ let cid$1;
3534
+ try {
3535
+ cid$1 = cid.CID.parse(identifier, base32.base32);
3536
+ } catch (err) {
3537
+ throw new OmaTrustError(
3538
+ "INVALID_DID",
3539
+ "Failed to decode base32 CID from did:artifact identifier",
3540
+ { did, cause: err }
3541
+ );
3542
+ }
3543
+ if (cid$1.version !== CID_VERSION) {
3544
+ throw new OmaTrustError(
3545
+ "INVALID_DID",
3546
+ `CID version must be 1, got ${cid$1.version}`,
3547
+ { did }
3548
+ );
3549
+ }
3550
+ if (cid$1.code !== RAW_CODEC) {
3551
+ throw new OmaTrustError(
3552
+ "INVALID_DID",
3553
+ `Multicodec must be raw (0x55), got 0x${cid$1.code.toString(16)}`,
3554
+ { did }
3555
+ );
3556
+ }
3557
+ if (cid$1.multihash.code !== SHA2_256_CODE) {
3558
+ throw new OmaTrustError(
3559
+ "INVALID_DID",
3560
+ `Multihash function must be sha2-256 (0x12), got 0x${cid$1.multihash.code.toString(16)}`,
3561
+ { did }
3562
+ );
3563
+ }
3564
+ if (cid$1.multihash.digest.length !== SHA2_256_DIGEST_LENGTH) {
3565
+ throw new OmaTrustError(
3566
+ "INVALID_DID",
3567
+ `SHA-256 digest must be 32 bytes, got ${cid$1.multihash.digest.length}`,
3568
+ { did }
3569
+ );
3570
+ }
3571
+ const digest = cid$1.multihash.digest;
3572
+ const digestHex = Array.from(digest).map((b) => b.toString(16).padStart(2, "0")).join("");
3573
+ return { did, identifier, digest, digestHex };
3574
+ }
3575
+
3576
+ // src/reputation/artifact-verification.ts
3577
+ async function verifyResponsibilityClaim(params) {
3578
+ const {
3579
+ attestation,
3580
+ artifactDid,
3581
+ provider,
3582
+ easContractAddress,
3583
+ chain,
3584
+ chainId,
3585
+ responsibilityClaimSchemaString
3586
+ } = params;
3587
+ const reasons = [];
3588
+ const checks = {
3589
+ schemaValid: false,
3590
+ subjectMatches: false,
3591
+ notRevoked: false,
3592
+ currentlyEffective: false,
3593
+ controllerAuthorized: false,
3594
+ issuedDuringAuthorizationWindow: false
3595
+ };
3596
+ let decoded;
3597
+ try {
3598
+ if (attestation.raw) {
3599
+ decoded = decodeAttestationData(responsibilityClaimSchemaString, attestation.raw);
3600
+ } else if (attestation.data && typeof attestation.data === "object") {
3601
+ decoded = attestation.data;
3602
+ } else {
3603
+ reasons.push("No attestation data available to decode");
3604
+ return buildFailedResult(checks, reasons);
3605
+ }
3606
+ } catch (err) {
3607
+ reasons.push(
3608
+ `Failed to decode attestation data: ${err instanceof Error ? err.message : "unknown error"}`
3609
+ );
3610
+ return buildFailedResult(checks, reasons);
3611
+ }
3612
+ const responsibleParty = decoded.responsibleParty;
3613
+ const subject = decoded.subject;
3614
+ const responsibilityType = decoded.responsibilityType;
3615
+ const issuedAt = decoded.issuedAt;
3616
+ const effectiveAt = decoded.effectiveAt;
3617
+ const expiresAt = decoded.expiresAt;
3618
+ const subjectLabel = decoded.subjectLabel;
3619
+ if (!responsibleParty || !subject || !responsibilityType || !issuedAt) {
3620
+ if (!responsibleParty) reasons.push("Missing required field: responsibleParty");
3621
+ if (!subject) reasons.push("Missing required field: subject");
3622
+ if (!responsibilityType) reasons.push("Missing required field: responsibilityType");
3623
+ if (!issuedAt) reasons.push("Missing required field: issuedAt");
3624
+ return buildFailedResult(checks, reasons, {
3625
+ responsibleParty,
3626
+ subjectLabel,
3627
+ responsibilityType
3628
+ });
3629
+ }
3630
+ if (!Array.isArray(responsibilityType) || responsibilityType.length === 0) {
3631
+ reasons.push("responsibilityType must be a non-empty array");
3632
+ return buildFailedResult(checks, reasons, {
3633
+ responsibleParty,
3634
+ subjectLabel,
3635
+ responsibilityType
3636
+ });
3637
+ }
3638
+ checks.schemaValid = true;
3639
+ if (artifactDid) {
3640
+ checks.subjectMatches = subject.toLowerCase() === artifactDid.toLowerCase();
3641
+ if (!checks.subjectMatches) {
3642
+ reasons.push(`Subject "${subject}" does not match expected artifact "${artifactDid}"`);
3643
+ }
3644
+ } else {
3645
+ checks.subjectMatches = true;
3646
+ }
3647
+ checks.notRevoked = attestation.revocationTime === BigInt(0);
3648
+ if (!checks.notRevoked) {
3649
+ reasons.push("Attestation has been revoked");
3650
+ }
3651
+ const now = BigInt(Math.floor(Date.now() / 1e3));
3652
+ const effectiveTime = toBigInt(effectiveAt);
3653
+ const expirationTime = toBigInt(expiresAt);
3654
+ const isEffective = effectiveTime === BigInt(0) || effectiveTime <= now;
3655
+ const isNotExpired = expirationTime === BigInt(0) || expirationTime > now;
3656
+ checks.currentlyEffective = isEffective && isNotExpired;
3657
+ if (!isEffective) {
3658
+ reasons.push("Attestation is not yet effective");
3659
+ }
3660
+ if (!isNotExpired) {
3661
+ reasons.push("Attestation has expired");
3662
+ }
3663
+ const controllerDid = `did:pkh:eip155:${chainId}:${attestation.attester.toLowerCase()}`;
3664
+ let authorization = null;
3665
+ try {
3666
+ const resolvedChain = chain ?? `eip155:${chainId}`;
3667
+ authorization = await getControllerAuthorization({
3668
+ subjectDid: responsibleParty,
3669
+ controllerDid,
3670
+ provider,
3671
+ chain: resolvedChain,
3672
+ easContractAddress
3673
+ });
3674
+ checks.controllerAuthorized = authorization.authorized;
3675
+ if (!checks.controllerAuthorized) {
3676
+ reasons.push(`Controller ${controllerDid} is not authorized for ${responsibleParty}`);
3677
+ }
3678
+ if (authorization.authorized && authorization.anchoredFrom !== null) {
3679
+ const issuedAtBigInt = toBigInt(issuedAt);
3680
+ const afterStart = issuedAtBigInt >= authorization.anchoredFrom;
3681
+ const beforeEnd = authorization.until === null || issuedAtBigInt <= authorization.until;
3682
+ checks.issuedDuringAuthorizationWindow = afterStart && beforeEnd;
3683
+ if (!afterStart) {
3684
+ reasons.push("Attestation was issued before the authorization window started");
3685
+ }
3686
+ if (!beforeEnd) {
3687
+ reasons.push("Attestation was issued after the authorization window ended");
3688
+ }
3689
+ } else if (authorization.authorized && authorization.anchoredFrom === null) {
3690
+ checks.issuedDuringAuthorizationWindow = true;
3691
+ } else {
3692
+ checks.issuedDuringAuthorizationWindow = false;
3693
+ }
3694
+ } catch (err) {
3695
+ reasons.push(
3696
+ `Controller authorization check failed: ${err instanceof Error ? err.message : "unknown error"}`
3697
+ );
3698
+ checks.controllerAuthorized = false;
3699
+ checks.issuedDuringAuthorizationWindow = false;
3700
+ }
3701
+ const valid = Object.values(checks).every(Boolean);
3702
+ return {
3703
+ valid,
3704
+ responsibleParty,
3705
+ controllerDid,
3706
+ responsibilityTypes: responsibilityType,
3707
+ subjectLabel: subjectLabel || void 0,
3708
+ authorization,
3709
+ checks,
3710
+ reasons
3711
+ };
3712
+ }
3713
+ async function getVerifiedArtifactAttestations(params) {
3714
+ const {
3715
+ artifactDid,
3716
+ provider,
3717
+ easContractAddress,
3718
+ chain,
3719
+ chainId,
3720
+ schemaUids,
3721
+ responsibilityClaimSchemaUid,
3722
+ responsibilityClaimSchemaString,
3723
+ securityAssessmentSchemaUid,
3724
+ certificationSchemaUid,
3725
+ fromBlock,
3726
+ limit
3727
+ } = params;
3728
+ parseArtifactDid(artifactDid);
3729
+ if (schemaUids.length === 0) {
3730
+ return {
3731
+ artifactDid,
3732
+ responsibilityClaims: [],
3733
+ securityAssessments: [],
3734
+ certifications: [],
3735
+ otherAttestations: []
3736
+ };
3737
+ }
3738
+ const results = await listAttestations({
3739
+ subjectDid: artifactDid,
3740
+ provider,
3741
+ easContractAddress,
3742
+ schemas: schemaUids,
3743
+ limit: limit ?? 100,
3744
+ fromBlock
3745
+ });
3746
+ const responsibilityClaims = [];
3747
+ const securityAssessments = [];
3748
+ const certifications = [];
3749
+ const otherAttestations = [];
3750
+ for (const att of results) {
3751
+ const schemaUidLower = att.schema.toLowerCase();
3752
+ if (schemaUidLower === responsibilityClaimSchemaUid.toLowerCase()) {
3753
+ const verification = await verifyResponsibilityClaim({
3754
+ attestation: att,
3755
+ artifactDid,
3756
+ provider,
3757
+ easContractAddress,
3758
+ chain,
3759
+ chainId,
3760
+ responsibilityClaimSchemaString
3761
+ });
3762
+ responsibilityClaims.push({ attestation: att, verification });
3763
+ } else if (securityAssessmentSchemaUid && schemaUidLower === securityAssessmentSchemaUid.toLowerCase()) {
3764
+ const verification = await runStandardVerification(att, provider);
3765
+ securityAssessments.push({ attestation: att, verification });
3766
+ } else if (certificationSchemaUid && schemaUidLower === certificationSchemaUid.toLowerCase()) {
3767
+ const verification = await runStandardVerification(att, provider);
3768
+ certifications.push({ attestation: att, verification });
3769
+ } else {
3770
+ const verification = await runStandardVerification(att, provider);
3771
+ otherAttestations.push({ attestation: att, verification });
3772
+ }
3773
+ }
3774
+ return {
3775
+ artifactDid,
3776
+ responsibilityClaims,
3777
+ securityAssessments,
3778
+ certifications,
3779
+ otherAttestations
3780
+ };
3781
+ }
3782
+ async function isArtifactClaimedBy(params) {
3783
+ const { artifactDid, responsibleParty, responsibilityTypes } = params;
3784
+ const result = await getVerifiedArtifactAttestations({
3785
+ artifactDid,
3786
+ provider: params.provider,
3787
+ easContractAddress: params.easContractAddress,
3788
+ chain: params.chain,
3789
+ chainId: params.chainId,
3790
+ schemaUids: params.schemaUids,
3791
+ responsibilityClaimSchemaUid: params.responsibilityClaimSchemaUid,
3792
+ responsibilityClaimSchemaString: params.responsibilityClaimSchemaString,
3793
+ securityAssessmentSchemaUid: params.securityAssessmentSchemaUid,
3794
+ certificationSchemaUid: params.certificationSchemaUid
3795
+ });
3796
+ const matchingClaims = result.responsibilityClaims.filter(
3797
+ (claim) => claim.verification.responsibleParty.toLowerCase() === responsibleParty.toLowerCase()
3798
+ );
3799
+ const validClaims = matchingClaims.filter((claim) => claim.verification.valid);
3800
+ let finalClaims = validClaims;
3801
+ let matchedTypes = [];
3802
+ if (responsibilityTypes && responsibilityTypes.length > 0) {
3803
+ finalClaims = validClaims.filter(
3804
+ (claim) => claim.verification.responsibilityTypes.some(
3805
+ (t) => responsibilityTypes.includes(t)
3806
+ )
3807
+ );
3808
+ matchedTypes = [
3809
+ ...new Set(
3810
+ finalClaims.flatMap(
3811
+ (claim) => claim.verification.responsibilityTypes.filter(
3812
+ (t) => responsibilityTypes.includes(t)
3813
+ )
3814
+ )
3815
+ )
3816
+ ];
3817
+ } else {
3818
+ matchedTypes = [
3819
+ ...new Set(
3820
+ validClaims.flatMap((claim) => claim.verification.responsibilityTypes)
3821
+ )
3822
+ ];
3823
+ }
3824
+ const reasons = [];
3825
+ if (finalClaims.length === 0) {
3826
+ if (matchingClaims.length === 0) {
3827
+ reasons.push(
3828
+ `No responsibility claims found from ${responsibleParty} for this artifact`
3829
+ );
3830
+ } else if (validClaims.length === 0) {
3831
+ reasons.push(
3832
+ `Claims from ${responsibleParty} exist but none passed verification`
3833
+ );
3834
+ } else if (responsibilityTypes) {
3835
+ reasons.push(
3836
+ `No claims matched the requested responsibility types: ${responsibilityTypes.join(", ")}`
3837
+ );
3838
+ }
3839
+ }
3840
+ return {
3841
+ claimed: finalClaims.length > 0,
3842
+ claims: finalClaims,
3843
+ matchedResponsibilityTypes: matchedTypes,
3844
+ reasons
3845
+ };
3846
+ }
3847
+ function toBigInt(value) {
3848
+ if (value === void 0 || value === null) return BigInt(0);
3849
+ if (typeof value === "bigint") return value;
3850
+ return BigInt(value);
3851
+ }
3852
+ function buildFailedResult(checks, reasons, decoded) {
3853
+ return {
3854
+ valid: false,
3855
+ responsibleParty: decoded?.responsibleParty ?? "",
3856
+ controllerDid: "",
3857
+ responsibilityTypes: decoded?.responsibilityType ?? [],
3858
+ subjectLabel: decoded?.subjectLabel || void 0,
3859
+ authorization: null,
3860
+ checks,
3861
+ reasons
3862
+ };
3863
+ }
3864
+ async function runStandardVerification(attestation, provider) {
3865
+ try {
3866
+ return await verifyAttestation({ attestation, provider });
3867
+ } catch {
3868
+ return void 0;
3869
+ }
3870
+ }
3490
3871
 
3491
3872
  exports.EIP1967_ADMIN_SLOT = EIP1967_ADMIN_SLOT;
3492
3873
  exports.OWNERSHIP_PATTERNS = OWNERSHIP_PATTERNS;
@@ -3529,7 +3910,9 @@ exports.getMajorVersion = getMajorVersion;
3529
3910
  exports.getOmaTrustProofEip712Types = getOmaTrustProofEip712Types;
3530
3911
  exports.getSchemaDetails = getSchemaDetails;
3531
3912
  exports.getSupportedChainIds = getSupportedChainIds;
3913
+ exports.getVerifiedArtifactAttestations = getVerifiedArtifactAttestations;
3532
3914
  exports.hashSeed = hashSeed;
3915
+ exports.isArtifactClaimedBy = isArtifactClaimedBy;
3533
3916
  exports.isChainSupported = isChainSupported;
3534
3917
  exports.listAttestations = listAttestations;
3535
3918
  exports.normalizeSchema = normalizeSchema;
@@ -3553,6 +3936,7 @@ exports.verifyEip712Signature = verifyEip712Signature;
3553
3936
  exports.verifyKeyBindingProofs = verifyKeyBindingProofs;
3554
3937
  exports.verifyLinkedIdentifierProofs = verifyLinkedIdentifierProofs;
3555
3938
  exports.verifyProof = verifyProof;
3939
+ exports.verifyResponsibilityClaim = verifyResponsibilityClaim;
3556
3940
  exports.verifySchemaExists = verifySchemaExists;
3557
3941
  exports.verifySubjectOwnership = verifySubjectOwnership;
3558
3942
  exports.verifyTransferProof = verifyTransferProof;