@originals/sdk 1.2.0 → 1.4.3

package/tests/unit/vc/bbs.test.ts

@@ -1,282 +0,0 @@
-/** Canonical test aggregator created by combine-tests script. */
-
-/** Inlined from bbs.simple.part.ts */
-import { describe, test, expect } from 'bun:test';
-import { BbsSimple } from '../../../src';
-import { bls12_381 as bls } from '@noble/curves/bls12-381';
-
-describe('BbsSimple e2e', () => {
-  test('sign/verify not implemented with header', async () => {
-    const sk = bls.utils.randomPrivateKey();
-    const pk = bls.getPublicKey(sk);
-    const keypair = { privateKey: sk, publicKey: pk };
-    const header = new Uint8Array([1, 2, 3]);
-    const messages = [
-      new TextEncoder().encode('msg1'),
-      new TextEncoder().encode('msg2'),
-      new TextEncoder().encode('msg3')
-    ];
-
-    await expect(BbsSimple.sign(messages, keypair, header)).rejects.toThrow(/not implemented/i);
-    await expect(BbsSimple.verify(messages, new Uint8Array([0]), pk, header)).rejects.toThrow(/not implemented/i);
-  });
-
-  test('sign/verify not implemented with default header', async () => {
-    const sk = bls.utils.randomPrivateKey();
-    const pk = bls.getPublicKey(sk);
-    const keypair = { privateKey: sk, publicKey: pk };
-    const messages = [
-      new TextEncoder().encode('a'),
-      new TextEncoder().encode('b')
-    ];
-    await expect(BbsSimple.sign(messages, keypair)).rejects.toThrow(/not implemented/i);
-    await expect(BbsSimple.verify(messages, new Uint8Array([1, 2]), pk)).rejects.toThrow(/not implemented/i);
-  });
-});
-
-
-
-
-/** Inlined from bbs.utils.part.ts */
-import { BBSCryptosuiteUtils } from '../../../src';
-import * as cbor from 'cbor-js';
-
-function u8(len: number, start: number = 0): Uint8Array {
-  const a = new Uint8Array(len);
-  for (let i = 0; i < len; i++) a[i] = (start + i) & 0xff;
-  return a;
-}
-
-describe('BBSCryptosuiteUtils', () => {
-  const bbsSignature = u8(96, 1);
-  const bbsHeader = u8(64, 2);
-  const publicKey = u8(96, 3);
-  const hmacKey = u8(32, 4);
-  const mandatoryPointers = ['/id', '/credentialSubject/id'];
-
-  test('rejects non-u prefix for base/derived parsing', () => {
-    expect(() => (BBSCryptosuiteUtils as any).parseBaseProofValue('xabc')).toThrow('multibase');
-    expect(() => (BBSCryptosuiteUtils as any).parseDerivedProofValue('xabc')).toThrow('multibase');
-  });
-
-  test('serialize/parse base proof (baseline)', () => {
-    const s = BBSCryptosuiteUtils.serializeBaseProofValue(
-      bbsSignature,
-      bbsHeader,
-      publicKey,
-      hmacKey,
-      mandatoryPointers,
-      'baseline'
-    );
-    expect(s.startsWith('u')).toBe(true);
-    const p = (BBSCryptosuiteUtils as any).parseBaseProofValue(s);
-    expect(Array.from(p.bbsSignature)).toEqual(Array.from(bbsSignature));
-    expect(Array.from(p.bbsHeader)).toEqual(Array.from(bbsHeader));
-    expect(Array.from(p.publicKey)).toEqual(Array.from(publicKey));
-    expect(Array.from(p.hmacKey)).toEqual(Array.from(hmacKey));
-    expect(p.mandatoryPointers).toEqual(mandatoryPointers);
-    expect(p.featureOption).toBe('baseline');
-  });
-
-  test('serialize/parse base proof (anonymous_holder_binding)', () => {
-    const signerBlind = u8(32, 7);
-    const s = BBSCryptosuiteUtils.serializeBaseProofValue(
-      bbsSignature,
-      bbsHeader,
-      publicKey,
-      hmacKey,
-      mandatoryPointers,
-      'anonymous_holder_binding',
-      undefined,
-      signerBlind
-    );
-    const p = (BBSCryptosuiteUtils as any).parseBaseProofValue(s);
-    expect(p.featureOption).toBe('anonymous_holder_binding');
-    expect(Array.from(p.signerBlind)).toEqual(Array.from(signerBlind));
-  });
-
-  test('serialize/parse base proof (pseudonym_issuer_pid)', () => {
-    const pid = u8(32, 9);
-    const s = BBSCryptosuiteUtils.serializeBaseProofValue(
-      bbsSignature,
-      bbsHeader,
-      publicKey,
-      hmacKey,
-      mandatoryPointers,
-      'pseudonym_issuer_pid',
-      pid
-    );
-    const p = (BBSCryptosuiteUtils as any).parseBaseProofValue(s);
-    expect(p.featureOption).toBe('pseudonym_issuer_pid');
-    expect(Array.from(p.pid)).toEqual(Array.from(pid));
-  });
-
-  test('serialize/parse base proof (pseudonym_hidden_pid)', () => {
-    const signerBlind = u8(32, 11);
-    const s = BBSCryptosuiteUtils.serializeBaseProofValue(
-      bbsSignature,
-      bbsHeader,
-      publicKey,
-      hmacKey,
-      mandatoryPointers,
-      'pseudonym_hidden_pid',
-      undefined,
-      signerBlind
-    );
-    const p = (BBSCryptosuiteUtils as any).parseBaseProofValue(s);
-    expect(p.featureOption).toBe('pseudonym_hidden_pid');
-    expect(Array.from(p.signerBlind)).toEqual(Array.from(signerBlind));
-  });
-
-  test('serialize/parse derived proof (baseline)', () => {
-    const labelMap = { c14n1: 'b3', c14n10: 'b7' };
-    const mandatoryIndexes = [0, 2, 5];
-    const selectiveIndexes = [1, 4];
-    const presentationHeader = u8(16, 33);
-    const bbsProof = u8(80, 55);
-    const s = BBSCryptosuiteUtils.serializeDerivedProofValue(
-      bbsProof,
-      labelMap,
-      mandatoryIndexes,
-      selectiveIndexes,
-      presentationHeader,
-      'baseline'
-    );
-    const p = (BBSCryptosuiteUtils as any).parseDerivedProofValue(s);
-    expect(Array.from(p.bbsProof)).toEqual(Array.from(bbsProof));
-    expect(p.labelMap).toEqual(labelMap);
-    expect(p.mandatoryIndexes).toEqual(mandatoryIndexes);
-    expect(p.selectiveIndexes).toEqual(selectiveIndexes);
-    expect(Array.from(p.presentationHeader)).toEqual(Array.from(presentationHeader));
-    expect(p.featureOption).toBe('baseline');
-  });
-
-  test('serialize/parse derived proof (anonymous_holder_binding)', () => {
-    const labelMap = { c14n2: 'b5' };
-    const presentationHeader = u8(8, 7);
-    const bbsProof = u8(64, 8);
-    const s = BBSCryptosuiteUtils.serializeDerivedProofValue(
-      bbsProof,
-      labelMap,
-      [0],
-      [1],
-      presentationHeader,
-      'anonymous_holder_binding',
-      undefined,
-      4
-    );
-    const p = (BBSCryptosuiteUtils as any).parseDerivedProofValue(s);
-    expect(p.featureOption).toBe('anonymous_holder_binding');
-    expect(p.lengthBBSMessages).toBe(4);
-  });
-
-  test('serialize/parse derived proof (pseudonym)', () => {
-    const labelMap = { c14n3: 'b7' };
-    const presentationHeader = u8(4, 90);
-    const bbsProof = u8(64, 90);
-    const s = BBSCryptosuiteUtils.serializeDerivedProofValue(
-      bbsProof,
-      labelMap,
-      [0, 1],
-      [1],
-      presentationHeader,
-      'pseudonym',
-      'alice',
-      5
-    );
-    const p = (BBSCryptosuiteUtils as any).parseDerivedProofValue(s);
-    expect(p.featureOption).toBe('pseudonym');
-    expect(p.pseudonym).toBe('alice');
-    expect(p.lengthBBSMessages).toBe(5);
-  });
-
-  test('parse base proof with base_proof header', () => {
-    const components = [bbsSignature, bbsHeader, publicKey, hmacKey, mandatoryPointers];
-    const encoded = (cbor as any).encode(components) as Uint8Array | ArrayBuffer;
-    const encBytes = encoded instanceof Uint8Array ? encoded : new Uint8Array(encoded as ArrayBuffer);
-    const header = new Uint8Array([0xd9, 0x5d, 0x03]);
-    const bytes = new Uint8Array(header.length + encBytes.length);
-    bytes.set(header, 0);
-    bytes.set(encBytes, header.length);
-    const s = 'u' + Buffer.from(bytes).toString('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/g, '');
-    const p = (BBSCryptosuiteUtils as any).parseBaseProofValue(s);
-    expect(p.featureOption).toBe('base_proof');
-  });
-
-  test('serializeDerivedProofValue throws on missing length for anonymous_holder_binding', () => {
-    expect(() => BBSCryptosuiteUtils.serializeDerivedProofValue(
-      u8(8),
-      { c14n1: 'b1' },
-      [0],
-      [0],
-      u8(4),
-      'anonymous_holder_binding'
-    )).toThrow('lengthBBSMessages is required');
-  });
-
-  test('serializeDerivedProofValue throws on missing pseudonym/length for pseudonym', () => {
-    expect(() => BBSCryptosuiteUtils.serializeDerivedProofValue(
-      u8(8),
-      { c14n1: 'b1' },
-      [0],
-      [0],
-      u8(4),
-      'pseudonym'
-    )).toThrow('pseudonym and lengthBBSMessages');
-  });
-
-  test('serializeDerivedProofValue throws on unsupported feature', () => {
-    expect(() => (BBSCryptosuiteUtils as any).serializeDerivedProofValue(
-      u8(8),
-      { c14n1: 'b1' },
-      [0],
-      [0],
-      u8(4),
-      'unsupported'
-    )).toThrow('Unsupported feature option');
-  });
-
-  test('serializeBaseProofValue throws for missing signerBlind/pid and unsupported feature', () => {
-    expect(() => BBSCryptosuiteUtils.serializeBaseProofValue(
-      u8(8), u8(4), u8(8), u8(4), mandatoryPointers, 'anonymous_holder_binding'
-    )).toThrow('signerBlind is required');
-    expect(() => BBSCryptosuiteUtils.serializeBaseProofValue(
-      u8(8), u8(4), u8(8), u8(4), mandatoryPointers, 'pseudonym_issuer_pid'
-    )).toThrow('pid is required');
-    expect(() => (BBSCryptosuiteUtils as any).serializeBaseProofValue(
-      u8(8), u8(4), u8(8), u8(4), mandatoryPointers, 'unsupported'
-    )).toThrow('Unsupported feature option');
-  });
-
-  test('serializeBaseProofValue throws when signerBlind missing for pseudonym_hidden_pid', () => {
-    expect(() => BBSCryptosuiteUtils.serializeBaseProofValue(
-      u8(8), u8(4), u8(8), u8(4), mandatoryPointers, 'pseudonym_hidden_pid'
-    )).toThrow('signerBlind is required');
-  });
-
-  test('compareBytes length mismatch branch', () => {
-    expect((BBSCryptosuiteUtils as any).compareBytes(new Uint8Array([1, 2]), [1, 2, 3])).toBe(false);
-  });
-
-  test('serializeDerivedProofValue throws on invalid labelMap entries', () => {
-    expect(() => BBSCryptosuiteUtils.serializeDerivedProofValue(
-      u8(4),
-      { notC14n: 'b1' } as any,
-      [0],
-      [0],
-      u8(2),
-      'baseline'
-    )).toThrow('Invalid label map entry');
-  });
-
-  test('parse errors on invalid base header', () => {
-    // Construct invalid header 'u' + cbor of empty
-    const bad = 'u' + 'AAAA';
-    expect(() => (BBSCryptosuiteUtils as any).parseBaseProofValue(bad)).toThrow();
-  });
-
-  test('parse errors on invalid derived header', () => {
-    const bad = 'u' + 'AAAA';
-    expect(() => (BBSCryptosuiteUtils as any).parseDerivedProofValue(bad)).toThrow();
-  });
-});

package/tests/unit/vc/cryptosuites/eddsa.test.ts

@@ -1,398 +0,0 @@
-/** Canonical test aggregator created by combine-tests script. */
-
-/** Inlined from eddsa.branch-more.part.ts */
-import { describe, test, expect } from 'bun:test';
-import { EdDSACryptosuiteManager } from '../../../../src/vc/cryptosuites/eddsa';
-import { multikey } from '../../../../src/crypto/Multikey';
-
-describe('EdDSA additional branches', () => {
-  test('createProof throws on invalid private key format', async () => {
-    await expect(EdDSACryptosuiteManager.createProof({ '@context': ['https://www.w3.org/ns/credentials/v2'], id: 'x' }, {
-      verificationMethod: 'did:ex#k', proofPurpose: 'assertionMethod', cryptosuite: 'eddsa-rdfc-2022', privateKey: 123 as any,
-      documentLoader: async () => ({ document: { '@context': { '@version': 1.1 } }, documentUrl: '', contextUrl: null })
-    } as any)).rejects.toThrow('Invalid private key format');
-  });
-
-  test('verifyProof returns error for non-Ed25519 VM', async () => {
-    const pkMb = multikey.encodePublicKey(new Uint8Array(33).fill(1), 'Secp256k1');
-    const res = await EdDSACryptosuiteManager.verifyProof({ '@context': ['https://www.w3.org/ns/credentials/v2'], id: 'x' }, {
-      type: 'DataIntegrityProof', cryptosuite: 'eddsa-rdfc-2022', verificationMethod: 'did:ex#k', proofPurpose: 'assertionMethod', proofValue: 'z1L'
-    } as any, { documentLoader: async () => ({ document: { '@context': ['https://www.w3.org/ns/did/v1'], id: 'did:ex#k', publicKeyMultibase: pkMb }, documentUrl: '', contextUrl: null }) });
-    expect(res.verified).toBe(false);
-    expect(typeof res.errors?.[0]).toBe('string');
-  });
-});
-
-
-
-
-/** Inlined from eddsa.coverage-extra.part.ts */
-
-describe('EdDSA coverage extras', () => {
-  const goodContext = ['https://www.w3.org/ns/credentials/v2'];
-
-  test('createProofConfiguration defaults proofPurpose to assertionMethod', async () => {
-    const sk = new Uint8Array(32).fill(1);
-    const pkMb = multikey.encodePublicKey(new Uint8Array(32).fill(2), 'Ed25519');
-    const vm = 'did:ex#vm';
-    const loader = async (iri: string) => {
-      if (iri.includes('#')) {
-        return { document: { '@context': goodContext, id: iri, publicKeyMultibase: pkMb }, documentUrl: iri, contextUrl: null };
-      }
-      return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-    };
-    const doc: any = { '@context': goodContext, id: 'urn:doc-default-purpose' };
-    const proof = await EdDSACryptosuiteManager.createProof(doc, { verificationMethod: vm, privateKey: sk, cryptosuite: 'eddsa-rdfc-2022', documentLoader: loader });
-    // The method deletes @context before returning, so we assert the purpose value
-    expect(proof.proofPurpose).toBe('assertionMethod');
-  });
-
-  test('createProof includes only challenge when provided', async () => {
-    const sk = new Uint8Array(32).fill(7);
-    const pkMb = multikey.encodePublicKey(new Uint8Array(32).fill(6), 'Ed25519');
-    const vm = 'did:ex#vm-chal';
-    const loader = async (iri: string) => {
-      if (iri.includes('#')) {
-        return { document: { '@context': goodContext, id: iri, publicKeyMultibase: pkMb }, documentUrl: iri, contextUrl: null };
-      }
-      return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-    };
-    const proof = await EdDSACryptosuiteManager.createProof({ '@context': goodContext, id: 'urn:chal' }, { verificationMethod: vm, privateKey: sk, cryptosuite: 'eddsa-rdfc-2022', challenge: '123', documentLoader: loader });
-    expect((proof as any).challenge).toBe('123');
-    expect((proof as any).domain).toBeUndefined();
-  });
-
-  test('createProof includes only domain when provided', async () => {
-    const sk = new Uint8Array(32).fill(9);
-    const pkMb = multikey.encodePublicKey(new Uint8Array(32).fill(8), 'Ed25519');
-    const vm = 'did:ex#vm-domain';
-    const loader = async (iri: string) => {
-      if (iri.includes('#')) {
-        return { document: { '@context': goodContext, id: iri, publicKeyMultibase: pkMb }, documentUrl: iri, contextUrl: null };
-      }
-      return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-    };
-    const proof = await EdDSACryptosuiteManager.createProof({ '@context': goodContext, id: 'urn:domain' }, { verificationMethod: vm, privateKey: sk, cryptosuite: 'eddsa-rdfc-2022', domain: 'ex.org', documentLoader: loader });
-    expect((proof as any).domain).toBe('ex.org');
-    expect((proof as any).challenge).toBeUndefined();
-  });
-
-  test('verifyProof returns error message on thrown exception path', async () => {
-    const pkMb = multikey.encodePublicKey(new Uint8Array(32).fill(3), 'Ed25519');
-    const loader = async (iri: string) => {
-      if (iri.includes('#')) {
-        return { document: { '@context': goodContext, id: iri, publicKeyMultibase: pkMb }, documentUrl: iri, contextUrl: null };
-      }
-      return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-    };
-    const doc: any = { '@context': goodContext, id: 'urn:doc' };
-    const badProof: any = { type: 'DataIntegrityProof', cryptosuite: 'eddsa-rdfc-2022', verificationMethod: 'did:ex#k', proofPurpose: 'assertionMethod', proofValue: 'not-multibase' };
-    const res = await EdDSACryptosuiteManager.verifyProof(doc, badProof, { documentLoader: loader });
-    expect(res.verified).toBe(false);
-    expect(Array.isArray(res.errors)).toBe(true);
-    expect(typeof res.errors![0]).toBe('string');
-  });
-
-  test('verifyProof uses Unknown verification error when thrown value lacks message', async () => {
-    const pkMb = multikey.encodePublicKey(new Uint8Array(32).fill(4), 'Ed25519');
-    const doc: any = { '@context': goodContext, id: 'urn:doc-unknown' };
-    const proof: any = { type: 'DataIntegrityProof', cryptosuite: 'eddsa-rdfc-2022', verificationMethod: 'did:ex#vm-unknown', proofPurpose: 'assertionMethod', proofValue: 'z1L' };
-    const loader = async (iri: string) => {
-      if (iri.includes('#')) {
-        // Throw a primitive string (no message property) only on VM fetch, after transform/hash succeeded
-        throw '';
-      }
-      return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-    };
-    const res = await EdDSACryptosuiteManager.verifyProof(doc, proof, { documentLoader: loader });
-    expect(res.verified).toBe(false);
-    expect(res.errors?.[0]).toBe('Unknown verification error');
-  });
-});
-
-
-
-
-/** Inlined from eddsa.edgecases.part.ts */
-
-describe('EdDSA cryptosuite edge cases', () => {
-  const goodContext = ['https://www.w3.org/ns/credentials/v2'];
-
-  const pk32 = new Uint8Array(32).fill(7);
-  const pk32b = new Uint8Array(32).fill(8);
-  const pkMb = multikey.encodePublicKey(pk32b, 'Ed25519');
-
-  const okLoader = async (iri: string) => {
-    if (iri.includes('#')) {
-      return { document: { '@context': goodContext, id: iri, publicKeyMultibase: pkMb }, documentUrl: iri, contextUrl: null };
-    }
-    return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-  };
-
-  test('createProof signs with raw Uint8Array 32-byte private key', async () => {
-    const proof = await EdDSACryptosuiteManager.createProof({ '@context': goodContext, id: 'urn:test:raw32' }, {
-      verificationMethod: 'did:ex#key-raw', proofPurpose: 'assertionMethod', privateKey: pk32,
-      cryptosuite: 'eddsa-rdfc-2022', documentLoader: okLoader
-    });
-    expect(proof.type).toBe('DataIntegrityProof');
-    expect(typeof proof.proofValue).toBe('string');
-  });
-
-  test('createProof includes challenge and domain options', async () => {
-    const proof = await EdDSACryptosuiteManager.createProof({ '@context': goodContext, id: 'urn:test:opts' }, {
-      verificationMethod: 'did:ex#key-opts', proofPurpose: 'assertionMethod', privateKey: pk32,
-      cryptosuite: 'eddsa-rdfc-2022', challenge: 'abc', domain: 'example.org', documentLoader: okLoader
-    });
-    expect((proof as any).challenge).toBe('abc');
-    expect((proof as any).domain).toBe('example.org');
-  });
-
-  test('createProof invalid private key length 33 throws', async () => {
-    const bad33 = new Uint8Array(33);
-    await expect(EdDSACryptosuiteManager.createProof({ '@context': goodContext, id: 'urn:test:bad33' }, {
-      verificationMethod: 'did:ex#key-bad33', proofPurpose: 'assertionMethod', privateKey: bad33,
-      cryptosuite: 'eddsa-rdfc-2022', documentLoader: okLoader
-    })).rejects.toThrow('Invalid private key length');
-  });
-
-  test('createProof invalid private key length 63 throws', async () => {
-    const bad63 = new Uint8Array(63);
-    await expect(EdDSACryptosuiteManager.createProof({ '@context': goodContext, id: 'urn:test:bad63' }, {
-      verificationMethod: 'did:ex#key-bad63', proofPurpose: 'assertionMethod', privateKey: bad63,
-      cryptosuite: 'eddsa-rdfc-2022', documentLoader: okLoader
-    })).rejects.toThrow('Invalid private key length');
-  });
-
-  test('createProof with non-Ed25519 multikey string errors', async () => {
-    const secpSk = new Uint8Array(32).fill(5);
-    const secpSkMb = multikey.encodePrivateKey(secpSk, 'Secp256k1');
-    await expect(EdDSACryptosuiteManager.createProof({ '@context': goodContext, id: 'urn:test:secpSk' }, {
-      verificationMethod: 'did:ex#key-non-ed', proofPurpose: 'assertionMethod', privateKey: secpSkMb,
-      cryptosuite: 'eddsa-rdfc-2022', documentLoader: okLoader
-    })).rejects.toThrow('Invalid key type for EdDSA');
-  });
-
-  test('verifyProof returns false with wrong public key', async () => {
-    // Sign with one keypair
-    const signingSk = new Uint8Array(32).fill(9);
-    const signingPk = new Uint8Array(32).fill(1);
-    const signingPkMb = multikey.encodePublicKey(signingPk, 'Ed25519');
-    const vmId = 'did:ex#vm-1';
-    const signingLoader = async (iri: string) => {
-      if (iri.includes('#')) {
-        return { document: { '@context': goodContext, id: iri, publicKeyMultibase: signingPkMb }, documentUrl: iri, contextUrl: null };
-      }
-      return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-    };
-    const doc = { '@context': goodContext, id: 'urn:test:verify-wrong-pk' };
-    const proof = await EdDSACryptosuiteManager.createProof(doc, {
-      verificationMethod: vmId, proofPurpose: 'assertionMethod', privateKey: signingSk,
-      cryptosuite: 'eddsa-rdfc-2022', documentLoader: signingLoader
-    });
-
-    // Verify with different public key
-    const wrongPkMb = multikey.encodePublicKey(new Uint8Array(32).fill(2), 'Ed25519');
-    const wrongLoader = async (iri: string) => {
-      if (iri.includes('#')) {
-        return { document: { '@context': goodContext, id: iri, publicKeyMultibase: wrongPkMb }, documentUrl: iri, contextUrl: null };
-      }
-      return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-    };
-    const res = await EdDSACryptosuiteManager.verifyProof(doc, proof as any, { documentLoader: wrongLoader });
-    expect(res.verified).toBe(false);
-  });
-
-  test('verifyProof succeeds with matching verificationMethod', async () => {
-    const ed = await import('@noble/ed25519');
-    const sk = new Uint8Array(32).fill(11);
-    const pk = await ed.getPublicKeyAsync(sk);
-    const pkMbLocal = multikey.encodePublicKey(new Uint8Array(pk), 'Ed25519');
-    const vm = 'did:ex#vm-ok';
-    const loader = async (iri: string) => {
-      if (iri.includes('#')) {
-        return { document: { '@context': goodContext, id: iri, publicKeyMultibase: pkMbLocal }, documentUrl: iri, contextUrl: null };
-      }
-      return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-    };
-    const doc = { '@context': goodContext, id: 'urn:test:verify-ok' };
-    const proof = await EdDSACryptosuiteManager.createProof(doc, {
-      verificationMethod: vm, proofPurpose: 'assertionMethod', privateKey: sk, cryptosuite: 'eddsa-rdfc-2022', documentLoader: loader
-    });
-    const res = await EdDSACryptosuiteManager.verifyProof(doc, proof as any, { documentLoader: loader });
-    expect(res.verified).toBe(true);
-  });
-
-  test('createProof propagates canonizeProof/hash-stage exception via loader', async () => {
-    // Fail only during proof canonization stage (hash path), not during transform
-    const loader = async (iri: string) => {
-      if (iri.includes('w3id.org/security/data-integrity')) {
-        throw new Error('hash-stage canonize fail');
-      }
-      if (iri.includes('#')) {
-        return { document: { '@context': goodContext, id: iri, publicKeyMultibase: pkMb }, documentUrl: iri, contextUrl: null };
-      }
-      return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-    };
-    await expect(EdDSACryptosuiteManager.createProof({ '@context': goodContext, id: 'urn:test:hash-fail' }, {
-      verificationMethod: 'did:ex#key-hash', proofPurpose: 'assertionMethod', privateKey: pk32,
-      cryptosuite: 'eddsa-rdfc-2022', documentLoader: loader
-    } as any)).rejects.toThrow();
-  });
-});
-
-
-
-
-/** Inlined from eddsa.errors.part.ts */
-
-describe('EdDSA error branches', () => {
-  test('createProof throws on non-Ed25519 multikey private key', async () => {
-    const sk = new Uint8Array(32).fill(7);
-    const skMbSecp = multikey.encodePrivateKey(sk, 'Secp256k1');
-    const loader = async (iri: string) => {
-      if (iri.includes('#')) return { document: { '@context': ['https://www.w3.org/ns/credentials/v2'], id: iri }, documentUrl: iri, contextUrl: null } as any;
-      return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-    };
-    await expect(EdDSACryptosuiteManager.createProof({ '@context': ['https://www.w3.org/ns/credentials/v2'], id: 'urn:x' }, {
-      verificationMethod: 'did:ex#key-1', proofPurpose: 'assertionMethod', privateKey: skMbSecp, cryptosuite: 'eddsa-rdfc-2022', documentLoader: loader
-    })).rejects.toThrow('Invalid key type for EdDSA');
-  });
-
-  test('verifyProof returns error for non-Ed25519 publicKeyMultibase', async () => {
-    const pkSecp = new Uint8Array(33).fill(8);
-    const pkMbSecp = multikey.encodePublicKey(pkSecp, 'Secp256k1');
-    const loader = async (iri: string) => {
-      if (iri.includes('#')) return { document: { '@context': ['https://www.w3.org/ns/credentials/v2'], id: iri, publicKeyMultibase: pkMbSecp }, documentUrl: iri, contextUrl: null } as any;
-      return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-    };
-    const proof = {
-      type: 'DataIntegrityProof',
-      cryptosuite: 'eddsa-rdfc-2022',
-      verificationMethod: 'did:ex#key-1',
-      proofPurpose: 'assertionMethod',
-      proofValue: 'z1L'
-    } as any;
-    const res = await EdDSACryptosuiteManager.verifyProof({ '@context': ['https://www.w3.org/ns/credentials/v2'], id: 'urn:x' }, proof, { documentLoader: loader });
-    expect(res.verified).toBe(false);
-    expect(res.errors?.[0]).toBe('Invalid key type for EdDSA');
-  });
-  test('createProof propagates transform error (canonize)', async () => {
-    await expect(EdDSACryptosuiteManager.createProof({ '@context': ['https://www.w3.org/ns/credentials/v2'] }, {
-      verificationMethod: 'did:ex#k', proofPurpose: 'assertionMethod', cryptosuite: 'eddsa-rdfc-2022', privateKey: new Uint8Array(32),
-      documentLoader: async () => { throw new Error('canonize fail'); }
-    } as any)).rejects.toThrow();
-  });
-
-  test('verifyProof returns error on loader failure', async () => {
-    const res = await EdDSACryptosuiteManager.verifyProof({ '@context': ['https://www.w3.org/ns/credentials/v2'] }, {
-      type: 'DataIntegrityProof', cryptosuite: 'eddsa-rdfc-2022', verificationMethod: 'did:ex#k', proofPurpose: 'assertionMethod', proofValue: 'z1L'
-    } as any, { documentLoader: async () => { throw new Error('load fail'); } });
-    expect(res.verified).toBe(false);
-    expect(typeof res.errors?.[0]).toBe('string');
-  });
-});
-
-
-
-
-/** Inlined from eddsa.more.part.ts */
-
-describe('EdDSACryptosuiteManager extra branches', () => {
-  const pkRaw = new Uint8Array(32).fill(7);
-  const skMb = multikey.encodePrivateKey(pkRaw, 'Ed25519');
-  const pubMb = multikey.encodePublicKey(new Uint8Array(32).fill(8), 'Ed25519');
-
-  const loader = async (iri: string) => {
-    if (iri.includes('#')) {
-      return { document: { '@context': ['https://www.w3.org/ns/credentials/v2'], id: iri, publicKeyMultibase: pubMb }, documentUrl: iri, contextUrl: null };
-    }
-    return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-  };
-
-  test('sign with 64-byte private key slices to 32', async () => {
-    const sixtyFour = new Uint8Array(64);
-    sixtyFour.set(pkRaw);
-    const proof = await EdDSACryptosuiteManager.createProof({ '@context': ['https://www.w3.org/ns/credentials/v2'], id: 'x' }, {
-      verificationMethod: 'did:ex#k', proofPurpose: 'assertionMethod', privateKey: sixtyFour, cryptosuite: 'eddsa-rdfc-2022', documentLoader: loader
-    });
-    expect(proof.proofValue).toBeTruthy();
-  });
-
-  test('invalid private key length throws', async () => {
-    await expect(EdDSACryptosuiteManager.createProof({ '@context': ['https://www.w3.org/ns/credentials/v2'], id: 'x' }, {
-      verificationMethod: 'did:ex#k', proofPurpose: 'assertionMethod', privateKey: new Uint8Array(31), cryptosuite: 'eddsa-rdfc-2022', documentLoader: loader
-    })).rejects.toThrow('Invalid private key length');
-  });
-
-  test('verify returns false on signature mismatch', async () => {
-    const res = await EdDSACryptosuiteManager.verifyProof({ '@context': ['https://www.w3.org/ns/credentials/v2'], id: 'x' }, {
-      type: 'DataIntegrityProof', cryptosuite: 'eddsa-rdfc-2022', verificationMethod: 'did:ex#k', proofPurpose: 'assertionMethod', proofValue: 'z1L' // invalid base58btc
-    } as any, { documentLoader: loader });
-    expect(res.verified).toBe(false);
-  });
-
-  test('verifyProof returns error on canonizeProof failure path', async () => {
-    const badLoader = async (iri: string) => {
-      if (iri.includes('#')) {
-        return { document: { '@context': ['https://www.w3.org/ns/credentials/v2'], id: iri, publicKeyMultibase: pubMb }, documentUrl: iri, contextUrl: null };
-      }
-      return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-    };
-    const proof: any = { type: 'DataIntegrityProof', cryptosuite: 'eddsa-rdfc-2022', verificationMethod: 'did:ex#k', proofPurpose: 'assertionMethod', proofValue: 'z1L' };
-    const doc: any = { '@context': ['https://www.w3.org/ns/credentials/v2'] };
-    doc.self = doc;
-    const res = await EdDSACryptosuiteManager.verifyProof(doc, proof, { documentLoader: badLoader });
-    expect(res.verified).toBe(false);
-  });
-});
-
-
-
-
-/** Inlined from eddsa.privatekey-string.part.ts */
-
-describe('EdDSA createProof with multikey string', () => {
-  test('signs using multibase multicodec private key', async () => {
-    const sk = new Uint8Array(32).fill(9);
-    const pk = new Uint8Array(32).fill(8);
-    const skMb = multikey.encodePrivateKey(sk, 'Ed25519');
-    const pkMb = multikey.encodePublicKey(pk, 'Ed25519');
-    const loader = async (iri: string) => {
-      if (iri.includes('#')) return { document: { '@context': ['https://www.w3.org/ns/credentials/v2'], id: iri, publicKeyMultibase: pkMb }, documentUrl: iri, contextUrl: null };
-      return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-    };
-    const proof = await EdDSACryptosuiteManager.createProof({ '@context': ['https://www.w3.org/ns/credentials/v2'], id: 'urn:x' }, {
-      verificationMethod: 'did:ex#key-1', proofPurpose: 'assertionMethod', privateKey: skMb, cryptosuite: 'eddsa-rdfc-2022', documentLoader: loader
-    });
-    expect(proof.type).toBe('DataIntegrityProof');
-  });
-});
-
-
-
-
-/** Inlined from eddsa.success.part.ts */
-// Initialize noble crypto libraries (uses shared initialization module)
-import '../../../../src/crypto/noble-init.js';
-
-import * as ed25519 from '@noble/ed25519';
-
-describe('EdDSA verifyProof success path', () => {
-  test('createProof then verifyProof returns verified=true', async () => {
-    const sk = ed25519.utils.randomPrivateKey();
-    const pk = ed25519.getPublicKey(sk);
-    const skMb = multikey.encodePrivateKey(sk, 'Ed25519');
-    const pkMb = multikey.encodePublicKey(pk, 'Ed25519');
-    const vmId = 'did:ex:succ#k';
-    const loader = async (iri: string) => {
-      if (iri.includes('#')) {
-        return { document: { '@context': ['https://www.w3.org/ns/credentials/v2'], id: iri, publicKeyMultibase: pkMb }, documentUrl: iri, contextUrl: null };
-      }
-      return { document: { '@context': { '@version': 1.1 } }, documentUrl: iri, contextUrl: null } as any;
-    };
-    const doc: any = { '@context': ['https://www.w3.org/ns/credentials/v2'], id: 'urn:doc' };
-    const proof = await EdDSACryptosuiteManager.createProof(doc, { verificationMethod: vmId, proofPurpose: 'assertionMethod', privateKey: skMb, cryptosuite: 'eddsa-rdfc-2022', documentLoader: loader });
-    const res = await EdDSACryptosuiteManager.verifyProof({ ...doc, proof }, proof as any, { documentLoader: loader });
-    expect(res.verified).toBe(true);
-  });
-});