@originals/sdk 1.5.0 → 1.6.0

package/dist/cel/cli/migrate.js

@@ -0,0 +1,405 @@
+#!/usr/bin/env node
+/**
+ * CLI Migrate Command
+ *
+ * Migrates a CEL asset between layers in the Originals Protocol.
+ *
+ * Migration paths:
+ * - peer → webvh: Requires --domain
+ * - webvh → btco: Requires --wallet
+ *
+ * Usage: originals-cel migrate --log <path> --to <layer> [options]
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+import { WebVHCelManager } from '../layers/WebVHCelManager';
+import { BtcoCelManager } from '../layers/BtcoCelManager';
+import { parseEventLogJson } from '../serialization/json';
+import { parseEventLogCbor } from '../serialization/cbor';
+import { serializeEventLogJson } from '../serialization/json';
+import { serializeEventLogCbor } from '../serialization/cbor';
+import { multikey } from '../../crypto/Multikey';
+/**
+ * Valid target layers for migration
+ */
+const VALID_LAYERS = ['webvh', 'btco'];
+/**
+ * Loads and parses an event log from a file
+ * Supports both JSON (.json) and CBOR (.cbor) formats
+ */
+function loadEventLog(filePath) {
+    if (!fs.existsSync(filePath)) {
+        throw new Error(`File not found: ${filePath}`);
+    }
+    const ext = path.extname(filePath).toLowerCase();
+    const content = fs.readFileSync(filePath);
+    if (ext === '.cbor') {
+        // Parse as CBOR binary
+        return parseEventLogCbor(new Uint8Array(content));
+    }
+    else {
+        // Default to JSON parsing
+        return parseEventLogJson(content.toString('utf-8'));
+    }
+}
+/**
+ * Detects the current layer from an event log by examining events
+ */
+function detectCurrentLayer(log) {
+    if (!log.events || log.events.length === 0) {
+        throw new Error('Cannot detect layer from empty event log');
+    }
+    let currentLayer = 'peer';
+    for (const event of log.events) {
+        const data = event.data;
+        if (event.type === 'create' && data.layer) {
+            currentLayer = data.layer;
+        }
+        else if (event.type === 'update' && data.layer && data.targetDid) {
+            // This is a migration event
+            currentLayer = data.layer;
+        }
+    }
+    return currentLayer;
+}
+/**
+ * Extracts the current DID from an event log
+ */
+function getCurrentDid(log) {
+    if (!log.events || log.events.length === 0) {
+        throw new Error('Cannot extract DID from empty event log');
+    }
+    let currentDid;
+    for (const event of log.events) {
+        const data = event.data;
+        if (event.type === 'create' && data.did) {
+            currentDid = data.did;
+        }
+        else if (event.type === 'update' && data.targetDid) {
+            // This is a migration event
+            currentDid = data.targetDid;
+        }
+    }
+    if (!currentDid) {
+        throw new Error('Could not determine current DID from event log');
+    }
+    return currentDid;
+}
+/**
+ * Validates the migration path
+ */
+function validateMigrationPath(currentLayer, targetLayer) {
+    if (currentLayer === 'btco') {
+        throw new Error('Cannot migrate from btco layer - it is the final layer');
+    }
+    if (currentLayer === 'peer' && targetLayer === 'btco') {
+        throw new Error('Cannot migrate directly from peer to btco. Must migrate to webvh first.');
+    }
+    if (currentLayer === 'webvh' && targetLayer === 'webvh') {
+        throw new Error('Asset is already at webvh layer');
+    }
+    if (currentLayer === targetLayer) {
+        throw new Error(`Asset is already at ${targetLayer} layer`);
+    }
+}
+/**
+ * Loads an Ed25519 private key from a wallet file
+ * Supports both raw multibase format and JSON format { privateKey: "z..." }
+ */
+async function loadWalletKey(walletPath) {
+    if (!fs.existsSync(walletPath)) {
+        throw new Error(`Wallet file not found: ${walletPath}`);
+    }
+    const content = fs.readFileSync(walletPath, 'utf-8').trim();
+    let privateKey;
+    // Try parsing as JSON first
+    try {
+        const parsed = JSON.parse(content);
+        if (parsed.privateKey) {
+            privateKey = parsed.privateKey;
+        }
+        else {
+            throw new Error('JSON wallet file must contain "privateKey" field');
+        }
+    }
+    catch (e) {
+        // Not JSON, treat as raw multibase key
+        if (content.startsWith('z')) {
+            privateKey = content;
+        }
+        else {
+            throw new Error('Wallet file must contain a z-base58btc multibase-encoded Ed25519 private key');
+        }
+    }
+    // Validate and decode to get public key
+    const decoded = multikey.decodePrivateKey(privateKey);
+    if (decoded.type !== 'Ed25519') {
+        throw new Error(`Expected Ed25519 key, got ${decoded.type}`);
+    }
+    // Derive public key from private key
+    const ed25519 = await import('@noble/ed25519');
+    const publicKeyBytes = await ed25519.getPublicKeyAsync(decoded.key);
+    const publicKey = multikey.encodePublicKey(publicKeyBytes, 'Ed25519');
+    return { privateKey, publicKey };
+}
+/**
+ * Creates a signer function from a private key
+ */
+function createSigner(privateKey, publicKey) {
+    return async (data) => {
+        const ed25519 = await import('@noble/ed25519');
+        const decoded = multikey.decodePrivateKey(privateKey);
+        // Serialize data for signing (deterministic JSON)
+        const dataStr = JSON.stringify(data, Object.keys(data).sort());
+        const dataBytes = new TextEncoder().encode(dataStr);
+        // Sign the data
+        const signature = await ed25519.signAsync(dataBytes, decoded.key);
+        const proofValue = multikey.encodeMultibase(new Uint8Array(signature));
+        return {
+            type: 'DataIntegrityProof',
+            cryptosuite: 'eddsa-jcs-2022',
+            created: new Date().toISOString(),
+            verificationMethod: `did:key:${publicKey}#${publicKey}`,
+            proofPurpose: 'assertionMethod',
+            proofValue,
+        };
+    };
+}
+/**
+ * Creates a mock BitcoinManager for testing/development
+ * In production, this would be a real BitcoinManager instance
+ */
+function createMockBitcoinManager() {
+    // For CLI use, we create a minimal mock that satisfies the interface
+    // Real Bitcoin integration requires additional configuration
+    return {
+        inscribeData: async (data) => {
+            // Generate mock Bitcoin transaction details
+            const timestamp = Date.now();
+            const mockTxid = `cli_mock_tx_${timestamp.toString(16)}`;
+            const mockInscriptionId = `cli_mock_inscription_${timestamp.toString(16)}i0`;
+            console.error('\n⚠️  Note: Using mock Bitcoin manager for CLI migration.');
+            console.error('    For real Bitcoin inscriptions, use the SDK programmatically.\n');
+            return {
+                txid: mockTxid,
+                inscriptionId: mockInscriptionId,
+                satoshi: 10000,
+                blockHeight: 0, // Will be set when confirmed
+            };
+        },
+        getInscription: async (inscriptionId) => {
+            return { inscriptionId, confirmed: false };
+        },
+    };
+}
+/**
+ * Execute the migrate command
+ */
+export async function migrateCommand(flags) {
+    // Check for help flag
+    if (flags.help || flags.h) {
+        return {
+            success: true,
+            message: 'Use --help with the main CLI for full help text',
+        };
+    }
+    // Validate required arguments
+    if (!flags.log) {
+        return {
+            success: false,
+            message: 'Error: --log is required. Usage: originals-cel migrate --log <path> --to <layer>',
+        };
+    }
+    if (!flags.to) {
+        return {
+            success: false,
+            message: 'Error: --to is required. Valid layers: webvh, btco',
+        };
+    }
+    // Validate target layer
+    const targetLayer = flags.to.toLowerCase();
+    if (!VALID_LAYERS.includes(targetLayer)) {
+        return {
+            success: false,
+            message: `Error: Invalid target layer "${flags.to}". Valid layers: webvh, btco`,
+        };
+    }
+    // Validate layer-specific requirements
+    if (targetLayer === 'webvh' && !flags.domain) {
+        return {
+            success: false,
+            message: 'Error: --domain is required for webvh migration. Usage: originals-cel migrate --log <path> --to webvh --domain example.com',
+        };
+    }
+    if (targetLayer === 'btco' && !flags.wallet) {
+        return {
+            success: false,
+            message: 'Error: --wallet is required for btco migration. Usage: originals-cel migrate --log <path> --to btco --wallet ./wallet.key',
+        };
+    }
+    // Load the event log
+    let eventLog;
+    try {
+        eventLog = loadEventLog(flags.log);
+    }
+    catch (e) {
+        return {
+            success: false,
+            message: `Error: Failed to load event log: ${e.message}`,
+        };
+    }
+    // Detect current layer and validate migration path
+    let currentLayer;
+    try {
+        currentLayer = detectCurrentLayer(eventLog);
+        validateMigrationPath(currentLayer, targetLayer);
+    }
+    catch (e) {
+        return {
+            success: false,
+            message: `Error: Invalid migration path: ${e.message}`,
+        };
+    }
+    // Get source DID
+    let sourceDid;
+    try {
+        sourceDid = getCurrentDid(eventLog);
+    }
+    catch (e) {
+        return {
+            success: false,
+            message: `Error: ${e.message}`,
+        };
+    }
+    // Load wallet key for signing
+    let privateKey;
+    let publicKey;
+    if (flags.wallet) {
+        try {
+            const loaded = await loadWalletKey(flags.wallet);
+            privateKey = loaded.privateKey;
+            publicKey = loaded.publicKey;
+        }
+        catch (e) {
+            return {
+                success: false,
+                message: `Error: Failed to load wallet: ${e.message}`,
+            };
+        }
+    }
+    else {
+        // Generate temporary key for signing (for webvh migration without wallet)
+        const ed25519 = await import('@noble/ed25519');
+        const privateKeyBytes = ed25519.utils.randomPrivateKey();
+        const publicKeyBytes = await ed25519.getPublicKeyAsync(privateKeyBytes);
+        privateKey = multikey.encodePrivateKey(privateKeyBytes, 'Ed25519');
+        publicKey = multikey.encodePublicKey(publicKeyBytes, 'Ed25519');
+        console.error('\n⚠️  Generated temporary signing key. Save the key below for future operations:');
+        console.error(`Private Key: ${privateKey}`);
+        console.error(`Public Key:  ${publicKey}\n`);
+    }
+    // Create signer
+    const signer = createSigner(privateKey, publicKey);
+    // Perform migration
+    let migratedLog;
+    let targetDid;
+    try {
+        if (targetLayer === 'webvh') {
+            // Migrate to webvh layer
+            const manager = new WebVHCelManager(signer, flags.domain, []);
+            migratedLog = await manager.migrate(eventLog);
+            // Extract target DID from migration event
+            const migrationEvent = migratedLog.events[migratedLog.events.length - 1];
+            const migrationData = migrationEvent.data;
+            targetDid = migrationData.targetDid;
+        }
+        else if (targetLayer === 'btco') {
+            // Migrate to btco layer
+            const bitcoinManager = createMockBitcoinManager();
+            const manager = new BtcoCelManager(signer, bitcoinManager);
+            migratedLog = await manager.migrate(eventLog);
+            // Extract target DID from migration event
+            const migrationEvent = migratedLog.events[migratedLog.events.length - 1];
+            const migrationData = migrationEvent.data;
+            targetDid = migrationData.targetDid;
+        }
+        else {
+            return {
+                success: false,
+                message: `Error: Unknown target layer: ${targetLayer}`,
+            };
+        }
+    }
+    catch (e) {
+        return {
+            success: false,
+            message: `Error: Migration failed: ${e.message}`,
+        };
+    }
+    // Determine output format
+    const format = (flags.format || 'json').toLowerCase();
+    if (format !== 'json' && format !== 'cbor') {
+        return {
+            success: false,
+            message: 'Error: --format must be "json" or "cbor"',
+        };
+    }
+    // Serialize output
+    let output;
+    try {
+        if (format === 'cbor') {
+            output = serializeEventLogCbor(migratedLog);
+        }
+        else {
+            output = serializeEventLogJson(migratedLog);
+        }
+    }
+    catch (e) {
+        return {
+            success: false,
+            message: `Error: Failed to serialize event log: ${e.message}`,
+        };
+    }
+    // Write output
+    if (flags.output) {
+        try {
+            if (format === 'cbor') {
+                fs.writeFileSync(flags.output, output);
+            }
+            else {
+                fs.writeFileSync(flags.output, output, 'utf-8');
+            }
+        }
+        catch (e) {
+            return {
+                success: false,
+                message: `Error: Failed to write output file: ${e.message}`,
+            };
+        }
+    }
+    else {
+        // Write to stdout
+        if (format === 'cbor') {
+            // For CBOR, output as base64 to stdout since it's binary
+            const base64 = Buffer.from(output).toString('base64');
+            process.stdout.write(base64);
+        }
+        else {
+            process.stdout.write(output);
+        }
+    }
+    // Build success message
+    const layerTransition = `${currentLayer} → ${targetLayer}`;
+    const outputInfo = flags.output ? ` and saved to ${flags.output}` : '';
+    console.error(`\n✅ Migration complete: ${layerTransition}`);
+    console.error(`   Source DID: ${sourceDid}`);
+    console.error(`   Target DID: ${targetDid}${outputInfo}\n`);
+    return {
+        success: true,
+        message: `Migration complete: ${layerTransition}`,
+        log: migratedLog,
+        sourceDid,
+        targetDid,
+        targetLayer,
+    };
+}

package/dist/cel/cli/verify.d.ts

@@ -0,0 +1,31 @@
+#!/usr/bin/env node
+/**
+ * CLI Verify Command
+ *
+ * Verifies a CEL event log by checking all proofs and the hash chain integrity.
+ * Outputs event-by-event breakdown with witness attestation details.
+ *
+ * Usage: originals-cel verify --log <path> [options]
+ */
+import type { VerificationResult } from '../types';
+/**
+ * Flags parsed from command line arguments
+ */
+export interface VerifyFlags {
+    log?: string;
+    help?: boolean;
+    h?: boolean;
+}
+/**
+ * Result of the verify command
+ */
+export interface VerifyResult {
+    success: boolean;
+    message: string;
+    verified?: boolean;
+    result?: VerificationResult;
+}
+/**
+ * Execute the verify command
+ */
+export declare function verifyCommand(flags: VerifyFlags): Promise<VerifyResult>;

package/dist/cel/cli/verify.js

@@ -0,0 +1,205 @@
+#!/usr/bin/env node
+/**
+ * CLI Verify Command
+ *
+ * Verifies a CEL event log by checking all proofs and the hash chain integrity.
+ * Outputs event-by-event breakdown with witness attestation details.
+ *
+ * Usage: originals-cel verify --log <path> [options]
+ */
+import * as fs from 'fs';
+import * as path from 'path';
+import { verifyEventLog } from '../algorithms/verifyEventLog';
+import { parseEventLogJson } from '../serialization/json';
+import { parseEventLogCbor } from '../serialization/cbor';
+/**
+ * Check if a proof is a WitnessProof (has witnessedAt field)
+ */
+function isWitnessProof(proof) {
+    return 'witnessedAt' in proof && typeof proof.witnessedAt === 'string';
+}
+/**
+ * Loads and parses an event log from a file
+ * Supports both JSON (.json) and CBOR (.cbor) formats
+ */
+function loadEventLog(filePath) {
+    if (!fs.existsSync(filePath)) {
+        throw new Error(`File not found: ${filePath}`);
+    }
+    const ext = path.extname(filePath).toLowerCase();
+    const content = fs.readFileSync(filePath);
+    if (ext === '.cbor') {
+        // Parse as CBOR binary
+        return parseEventLogCbor(new Uint8Array(content));
+    }
+    else {
+        // Default to JSON parsing
+        return parseEventLogJson(content.toString('utf-8'));
+    }
+}
+/**
+ * Format a timestamp for display
+ */
+function formatTimestamp(timestamp) {
+    try {
+        const date = new Date(timestamp);
+        return date.toISOString();
+    }
+    catch {
+        return timestamp;
+    }
+}
+/**
+ * Format proof details for display
+ */
+function formatProofDetails(proof, indent = '    ') {
+    const lines = [];
+    lines.push(`${indent}Cryptosuite: ${proof.cryptosuite}`);
+    lines.push(`${indent}Created: ${formatTimestamp(proof.created)}`);
+    lines.push(`${indent}Verification Method: ${proof.verificationMethod}`);
+    lines.push(`${indent}Proof Purpose: ${proof.proofPurpose}`);
+    // Truncate proof value for display
+    const truncatedProof = proof.proofValue.length > 60
+        ? `${proof.proofValue.substring(0, 57)}...`
+        : proof.proofValue;
+    lines.push(`${indent}Proof Value: ${truncatedProof}`);
+    // Add witness-specific info
+    if (isWitnessProof(proof)) {
+        lines.push(`${indent}🕐 Witnessed At: ${formatTimestamp(proof.witnessedAt)}`);
+    }
+    return lines.join('\n');
+}
+/**
+ * Output verification result to stdout
+ */
+function outputResult(log, result) {
+    console.log('\n═══════════════════════════════════════════════════════');
+    console.log('  CEL Event Log Verification Report');
+    console.log('═══════════════════════════════════════════════════════\n');
+    // Overall result
+    if (result.verified) {
+        console.log('✅ VERIFICATION PASSED\n');
+    }
+    else {
+        console.log('❌ VERIFICATION FAILED\n');
+    }
+    // Summary
+    console.log(`📊 Summary:`);
+    console.log(`   Total Events: ${result.events.length}`);
+    const proofsPassed = result.events.filter(e => e.proofValid).length;
+    const chainPassed = result.events.filter(e => e.chainValid).length;
+    console.log(`   Proofs Valid: ${proofsPassed}/${result.events.length}`);
+    console.log(`   Chain Valid:  ${chainPassed}/${result.events.length}`);
+    // Count witness proofs
+    let totalWitnessProofs = 0;
+    for (const event of log.events) {
+        for (const proof of event.proof) {
+            if (isWitnessProof(proof)) {
+                totalWitnessProofs++;
+            }
+        }
+    }
+    if (totalWitnessProofs > 0) {
+        console.log(`   Witness Attestations: ${totalWitnessProofs}`);
+    }
+    console.log('');
+    // Event-by-event breakdown
+    console.log('📋 Event-by-Event Breakdown:');
+    console.log('───────────────────────────────────────────────────────');
+    for (let i = 0; i < result.events.length; i++) {
+        const eventResult = result.events[i];
+        const event = log.events[i];
+        const proofIcon = eventResult.proofValid ? '✅' : '❌';
+        const chainIcon = eventResult.chainValid ? '✅' : '❌';
+        console.log(`\n  Event ${i + 1} (${eventResult.type})`);
+        console.log(`  ├─ Proof:  ${proofIcon} ${eventResult.proofValid ? 'Valid' : 'Invalid'}`);
+        console.log(`  └─ Chain:  ${chainIcon} ${eventResult.chainValid ? 'Valid' : 'Invalid'}`);
+        // Show proof details
+        if (event.proof && event.proof.length > 0) {
+            console.log(`\n  Proofs (${event.proof.length}):`);
+            for (let j = 0; j < event.proof.length; j++) {
+                const proof = event.proof[j];
+                const isWitness = isWitnessProof(proof);
+                const proofLabel = isWitness ? '🔏 Witness Proof' : '🔐 Controller Proof';
+                console.log(`\n  [${j + 1}] ${proofLabel}`);
+                console.log(formatProofDetails(proof, '      '));
+            }
+        }
+        // Show errors for this event
+        if (eventResult.errors && eventResult.errors.length > 0) {
+            console.log(`\n  ⚠️  Errors:`);
+            for (const error of eventResult.errors) {
+                console.log(`      - ${error}`);
+            }
+        }
+    }
+    // Show global errors if any
+    if (result.errors && result.errors.length > 0) {
+        console.log('\n───────────────────────────────────────────────────────');
+        console.log('⚠️  All Errors:');
+        for (const error of result.errors) {
+            console.log(`   - ${error}`);
+        }
+    }
+    console.log('\n═══════════════════════════════════════════════════════\n');
+}
+/**
+ * Execute the verify command
+ */
+export async function verifyCommand(flags) {
+    // Check for help flag
+    if (flags.help || flags.h) {
+        return {
+            success: true,
+            message: 'Use --help with the main CLI for full help text',
+        };
+    }
+    // Validate required arguments
+    if (!flags.log) {
+        return {
+            success: false,
+            message: 'Error: --log is required. Usage: originals-cel verify --log <path>',
+        };
+    }
+    // Load the event log
+    let eventLog;
+    try {
+        eventLog = loadEventLog(flags.log);
+    }
+    catch (e) {
+        return {
+            success: false,
+            message: `Error: Failed to load event log: ${e.message}`,
+        };
+    }
+    // Verify the event log
+    let result;
+    try {
+        result = await verifyEventLog(eventLog);
+    }
+    catch (e) {
+        return {
+            success: false,
+            message: `Error: Verification failed: ${e.message}`,
+        };
+    }
+    // Output the result
+    outputResult(eventLog, result);
+    // Return result with exit code information
+    if (result.verified) {
+        return {
+            success: true,
+            verified: true,
+            message: 'Verification passed: All proofs valid and hash chain intact',
+            result,
+        };
+    }
+    else {
+        return {
+            success: true, // Command ran successfully, but verification failed
+            verified: false,
+            message: `Verification failed: ${result.errors.length} error(s) found`,
+            result,
+        };
+    }
+}

package/dist/cel/hash.d.ts

@@ -0,0 +1,46 @@
+/**
+ * CEL Hash Utilities
+ *
+ * Computes and verifies Multibase-encoded Multihash digests as specified
+ * in the CEL specification for external references.
+ *
+ * @see https://w3c-ccg.github.io/cel-spec/
+ */
+/**
+ * Computes a CEL-compliant digestMultibase from content.
+ *
+ * Uses sha2-256 hash algorithm and encodes as Multibase base64url-nopad (prefix 'u').
+ *
+ * @param content - The raw bytes to hash
+ * @returns Multibase-encoded digest string (e.g., "uEiDm9F...")
+ *
+ * @example
+ * ```typescript
+ * const digest = computeDigestMultibase(new TextEncoder().encode("hello"));
+ * // Returns: "uLCA..."
+ * ```
+ */
+export declare function computeDigestMultibase(content: Uint8Array): string;
+/**
+ * Verifies that content matches a given digestMultibase.
+ *
+ * @param content - The raw bytes to verify
+ * @param digest - The expected digestMultibase string
+ * @returns True if the content hash matches the digest, false otherwise
+ *
+ * @example
+ * ```typescript
+ * const content = new TextEncoder().encode("hello");
+ * const digest = computeDigestMultibase(content);
+ * const isValid = verifyDigestMultibase(content, digest); // true
+ * ```
+ */
+export declare function verifyDigestMultibase(content: Uint8Array, digest: string): boolean;
+/**
+ * Decodes a digestMultibase string back to raw hash bytes.
+ *
+ * @param digest - The Multibase-encoded digest string
+ * @returns The raw SHA-256 hash bytes
+ * @throws Error if the digest is not a valid Multibase base64url string
+ */
+export declare function decodeDigestMultibase(digest: string): Uint8Array;