@sphereon/ssi-sdk.data-store 0.34.1-feature.SSISDK.82.and.SSISDK.70.349 → 0.34.1-feature.SSISDK.82.and.SSISDK.70.352

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/ssi-sdk.data-store",
-  "version": "0.34.1-feature.SSISDK.82.and.SSISDK.70.349+8423ec8c",
+  "version": "0.34.1-feature.SSISDK.82.and.SSISDK.70.352+54837639",
   "source": "src/index.ts",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -28,12 +28,12 @@
   "dependencies": {
     "@sphereon/kmp-mdoc-core": "0.2.0-SNAPSHOT.26",
     "@sphereon/pex": "5.0.0-unstable.28",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-feature.SSISDK.82.and.SSISDK.70.349+8423ec8c",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.SSISDK.82.and.SSISDK.70.349+8423ec8c",
-    "@sphereon/ssi-sdk.agent-config": "0.34.1-feature.SSISDK.82.and.SSISDK.70.349+8423ec8c",
-    "@sphereon/ssi-sdk.core": "0.34.1-feature.SSISDK.82.and.SSISDK.70.349+8423ec8c",
-    "@sphereon/ssi-sdk.data-store-types": "0.34.1-feature.SSISDK.82.and.SSISDK.70.349+8423ec8c",
-    "@sphereon/ssi-types": "0.34.1-feature.SSISDK.82.and.SSISDK.70.349+8423ec8c",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.34.1-feature.SSISDK.82.and.SSISDK.70.352+54837639",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.34.1-feature.SSISDK.82.and.SSISDK.70.352+54837639",
+    "@sphereon/ssi-sdk.agent-config": "0.34.1-feature.SSISDK.82.and.SSISDK.70.352+54837639",
+    "@sphereon/ssi-sdk.core": "0.34.1-feature.SSISDK.82.and.SSISDK.70.352+54837639",
+    "@sphereon/ssi-sdk.data-store-types": "0.34.1-feature.SSISDK.82.and.SSISDK.70.352+54837639",
+    "@sphereon/ssi-types": "0.34.1-feature.SSISDK.82.and.SSISDK.70.352+54837639",
     "@veramo/core": "4.2.0",
     "@veramo/utils": "4.2.0",
     "blakejs": "^1.2.1",
@@ -66,5 +66,5 @@
     "PostgreSQL",
     "Contact Store"
   ],
-  "gitHead": "8423ec8c4953d573753106202593191705c9ce23"
+  "gitHead": "54837639c5105ab91196f760a56749e935583712"
 }

package/src/__tests__/digitalCredential.store.test.ts

@@ -1,11 +1,5 @@
 import { DataSources } from '@sphereon/ssi-sdk.agent-config'
 import { defaultHasher } from '@sphereon/ssi-sdk.core'
-import { CredentialRole, IVerifiablePresentation } from '@sphereon/ssi-types'
-import { DataSource } from 'typeorm'
-import { afterEach, beforeEach, describe, expect, it } from 'vitest'
-import { DigitalCredentialStore } from '../digitalCredential/DigitalCredentialStore'
-import { DataStoreDigitalCredentialEntities } from '../index'
-import { DataStoreDigitalCredentialMigrations } from '../migrations'
 import {
   AddCredentialArgs,
   CredentialCorrelationType,
@@ -16,6 +10,12 @@ import {
   GetCredentialsArgs,
   GetCredentialsResponse,
 } from '@sphereon/ssi-sdk.data-store-types'
+import { CredentialRole, IVerifiablePresentation } from '@sphereon/ssi-types'
+import { DataSource } from 'typeorm'
+import { afterEach, beforeEach, describe, expect, it } from 'vitest'
+import { DigitalCredentialStore } from '../digitalCredential/DigitalCredentialStore'
+import { DataStoreDigitalCredentialEntities } from '../index'
+import { DataStoreDigitalCredentialMigrations } from '../migrations'
 
 describe('Database entities tests', (): void => {
   let dbConnection: DataSource
@@ -524,4 +524,231 @@ describe('Database entities tests', (): void => {
     expect(result.verifiedState).toEqual(CredentialStateType.REVOKED)
     expect(result.revokedAt).toEqual(currentDate)
   })
+
+  it('should filter credentials by linkedVpUntil date range', async (): Promise<void> => {
+    const baseCredential: AddCredentialArgs = {
+      rawDocument:
+        'eyJraWQiOiJkaWQ6a2V5Ono2TWtyaGt5M3B1c20yNk1laUZhWFUzbjJuZWtyYW13RlVtZ0dyZUdHa0RWNnpRaiN6Nk1rcmhreTNwdXNtMjZNZWlGYVhVM24ybmVrcmFtd0ZVbWdHcmVHR2tEVjZ6UWoiLCJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vc3BoZXJlb24tb3BlbnNvdXJjZS5naXRodWIuaW8vc3NpLW1vYmlsZS13YWxsZXQvY29udGV4dC9zcGhlcmVvbi13YWxsZXQtaWRlbnRpdHktdjEuanNvbmxkIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJTcGhlcmVvbldhbGxldElkZW50aXR5Q3JlZGVudGlhbCJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJmaXJzdE5hbWUiOiJTIiwibGFzdE5hbWUiOiJLIiwiZW1haWxBZGRyZXNzIjoic0BrIn19LCJzdWIiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJqdGkiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJuYmYiOjE3MDg0NDA4MDgsImlzcyI6ImRpZDprZXk6ejZNa3Joa3kzcHVzbTI2TWVpRmFYVTNuMm5la3JhbXdGVW1nR3JlR0drRFY2elFqIn0.G0M84XVAxSmzGY-NQuB9NBofNrINSn6lvxW6761Vlq6ypvYgtc2xNdpiRmw8ryVNfnpzrr4Z5cB1RlrC05rJAw',
+      kmsKeyRef: 'testRef',
+      identifierMethod: 'did',
+      issuerCorrelationType: CredentialCorrelationType.DID,
+      subjectCorrelationType: CredentialCorrelationType.DID,
+      issuerCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      subjectCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      credentialRole: CredentialRole.VERIFIER,
+      tenantId: 'urn:uuid:nnag4b43-1e7a-98f8-a32c-a48dbc5b10mj',
+    }
+
+    // Create credentials with different linkedVpUntil dates
+    const credential1: DigitalCredential = await digitalCredentialStore.addCredential(baseCredential)
+    const date1 = new Date('2024-01-15')
+    await digitalCredentialStore.updateCredential({
+      id: credential1.id,
+      linkedVpId: 'vp-1',
+      linkedVpUntil: date1,
+    })
+
+    const credential2Args = {
+      ...baseCredential,
+      rawDocument: baseCredential.rawDocument + '1', // Slightly different to get different hash
+    }
+    const credential2: DigitalCredential = await digitalCredentialStore.addCredential(credential2Args)
+    const date2 = new Date('2024-06-15')
+    await digitalCredentialStore.updateCredential({
+      id: credential2.id,
+      linkedVpId: 'vp-2',
+      linkedVpUntil: date2,
+    })
+
+    const credential3Args = {
+      ...baseCredential,
+      rawDocument: baseCredential.rawDocument + '2', // Different again
+    }
+    const credential3: DigitalCredential = await digitalCredentialStore.addCredential(credential3Args)
+    const date3 = new Date('2024-12-31')
+    await digitalCredentialStore.updateCredential({
+      id: credential3.id,
+      linkedVpId: 'vp-3',
+      linkedVpUntil: date3,
+    })
+
+    // Credential without linkedVpUntil
+    const credential4Args = {
+      ...baseCredential,
+      rawDocument: baseCredential.rawDocument + '3',
+    }
+    await digitalCredentialStore.addCredential(credential4Args)
+
+    // Test: Get credentials expiring on or before mid-year (should get credential1 and credential2)
+    const filterDate1 = new Date('2024-06-15')
+    const result1: GetCredentialsResponse = await digitalCredentialStore.getCredentials({
+      filter: [{ linkedVpUntil: filterDate1 }],
+    })
+    expect(result1.total).toEqual(2)
+    expect(result1.data.some((c) => c.linkedVpId === 'vp-1')).toBe(true)
+    expect(result1.data.some((c) => c.linkedVpId === 'vp-2')).toBe(true)
+
+    // Test: Get credentials expiring on or before end of January (should only get credential1)
+    const filterDate2 = new Date('2024-01-31')
+    const result2: GetCredentialsResponse = await digitalCredentialStore.getCredentials({
+      filter: [{ linkedVpUntil: filterDate2 }],
+    })
+    expect(result2.total).toEqual(1)
+    expect(result2.data[0].linkedVpId).toEqual('vp-1')
+
+    // Test: Get credentials expiring on or before end of year (should get all 3 with linkedVpUntil)
+    const filterDate3 = new Date('2024-12-31')
+    const result3: GetCredentialsResponse = await digitalCredentialStore.getCredentials({
+      filter: [{ linkedVpUntil: filterDate3 }],
+    })
+    expect(result3.total).toEqual(3)
+    expect(result3.data.some((c) => c.linkedVpId === 'vp-1')).toBe(true)
+    expect(result3.data.some((c) => c.linkedVpId === 'vp-2')).toBe(true)
+    expect(result3.data.some((c) => c.linkedVpId === 'vp-3')).toBe(true)
+
+    // Test: Get credentials expiring before the earliest date (should get none)
+    const filterDate4 = new Date('2024-01-01')
+    const result4: GetCredentialsResponse = await digitalCredentialStore.getCredentials({
+      filter: [{ linkedVpUntil: filterDate4 }],
+    })
+    expect(result4.total).toEqual(0)
+  })
+
+  it('should filter credentials by linkedVpUntil combined with other filters', async (): Promise<void> => {
+    const tenant1 = 'urn:uuid:tenant-1'
+    const tenant2 = 'urn:uuid:tenant-2'
+
+    const baseCredential: AddCredentialArgs = {
+      rawDocument:
+        'eyJraWQiOiJkaWQ6a2V5Ono2TWtyaGt5M3B1c20yNk1laUZhWFUzbjJuZWtyYW13RlVtZ0dyZUdHa0RWNnpRaiN6Nk1rcmhreTNwdXNtMjZNZWlGYVhVM24ybmVrcmFtd0ZVbWdHcmVHR2tEVjZ6UWoiLCJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vc3BoZXJlb24tb3BlbnNvdXJjZS5naXRodWIuaW8vc3NpLW1vYmlsZS13YWxsZXQvY29udGV4dC9zcGhlcmVvbi13YWxsZXQtaWRlbnRpdHktdjEuanNvbmxkIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJTcGhlcmVvbldhbGxldElkZW50aXR5Q3JlZGVudGlhbCJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJmaXJzdE5hbWUiOiJTIiwibGFzdE5hbWUiOiJLIiwiZW1haWxBZGRyZXNzIjoic0BrIn19LCJzdWIiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJqdGkiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJuYmYiOjE3MDg0NDA4MDgsImlzcyI6ImRpZDprZXk6ejZNa3Joa3kzcHVzbTI2TWVpRmFYVTNuMm5la3JhbXdGVW1nR3JlR0drRFY2elFqIn0.G0M84XVAxSmzGY-NQuB9NBofNrINSn6lvxW6761Vlq6ypvYgtc2xNdpiRmw8ryVNfnpzrr4Z5cB1RlrC05rJAw',
+      kmsKeyRef: 'testRef',
+      identifierMethod: 'did',
+      issuerCorrelationType: CredentialCorrelationType.DID,
+      subjectCorrelationType: CredentialCorrelationType.DID,
+      issuerCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      subjectCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      credentialRole: CredentialRole.VERIFIER,
+    }
+
+    // Tenant 1 credentials
+    const credential1: DigitalCredential = await digitalCredentialStore.addCredential({ ...baseCredential, tenantId: tenant1 })
+    await digitalCredentialStore.updateCredential({
+      id: credential1.id,
+      linkedVpId: 'vp-1',
+      linkedVpUntil: new Date('2024-03-01'),
+    })
+
+    const credential2Args = { ...baseCredential, tenantId: tenant1, rawDocument: baseCredential.rawDocument + '1' }
+    const credential2: DigitalCredential = await digitalCredentialStore.addCredential(credential2Args)
+    await digitalCredentialStore.updateCredential({
+      id: credential2.id,
+      linkedVpId: 'vp-2',
+      linkedVpUntil: new Date('2024-08-01'),
+    })
+
+    // Tenant 2 credentials
+    const credential3Args = { ...baseCredential, tenantId: tenant2, rawDocument: baseCredential.rawDocument + '2' }
+    const credential3: DigitalCredential = await digitalCredentialStore.addCredential(credential3Args)
+    await digitalCredentialStore.updateCredential({
+      id: credential3.id,
+      linkedVpId: 'vp-3',
+      linkedVpUntil: new Date('2024-03-01'),
+    })
+
+    const credential4Args = { ...baseCredential, tenantId: tenant2, rawDocument: baseCredential.rawDocument + '3' }
+    const credential4: DigitalCredential = await digitalCredentialStore.addCredential(credential4Args)
+    await digitalCredentialStore.updateCredential({
+      id: credential4.id,
+      linkedVpId: 'vp-4',
+      linkedVpUntil: new Date('2024-08-01'),
+    })
+
+    // Test: Filter by tenant and linkedVpUntil
+    const filterDate = new Date('2024-06-01')
+    const result: GetCredentialsResponse = await digitalCredentialStore.getCredentials({
+      filter: [
+        {
+          tenantId: tenant1,
+          linkedVpUntil: filterDate,
+        },
+      ],
+    })
+
+    // Should only get tenant1's credential that expires before June (credential1)
+    expect(result.total).toEqual(1)
+    expect(result.data[0].linkedVpId).toEqual('vp-1')
+    expect(result.data[0].tenantId).toEqual(tenant1)
+  })
+
+  it('should handle empty results when filtering by linkedVpUntil with no matches', async (): Promise<void> => {
+    const baseCredential: AddCredentialArgs = {
+      rawDocument:
+        'eyJraWQiOiJkaWQ6a2V5Ono2TWtyaGt5M3B1c20yNk1laUZhWFUzbjJuZWtyYW13RlVtZ0dyZUdHa0RWNnpRaiN6Nk1rcmhreTNwdXNtMjZNZWlGYVhVM24ybmVrcmFtd0ZVbWdHcmVHR2tEVjZ6UWoiLCJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vc3BoZXJlb24tb3BlbnNvdXJjZS5naXRodWIuaW8vc3NpLW1vYmlsZS13YWxsZXQvY29udGV4dC9zcGhlcmVvbi13YWxsZXQtaWRlbnRpdHktdjEuanNvbmxkIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJTcGhlcmVvbldhbGxldElkZW50aXR5Q3JlZGVudGlhbCJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJmaXJzdE5hbWUiOiJTIiwibGFzdE5hbWUiOiJLIiwiZW1haWxBZGRyZXNzIjoic0BrIn19LCJzdWIiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJqdGkiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJuYmYiOjE3MDg0NDA4MDgsImlzcyI6ImRpZDprZXk6ejZNa3Joa3kzcHVzbTI2TWVpRmFYVTNuMm5la3JhbXdGVW1nR3JlR0drRFY2elFqIn0.G0M84XVAxSmzGY-NQuB9NBofNrINSn6lvxW6761Vlq6ypvYgtc2xNdpiRmw8ryVNfnpzrr4Z5cB1RlrC05rJAw',
+      kmsKeyRef: 'testRef',
+      identifierMethod: 'did',
+      issuerCorrelationType: CredentialCorrelationType.DID,
+      subjectCorrelationType: CredentialCorrelationType.DID,
+      issuerCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      subjectCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      credentialRole: CredentialRole.VERIFIER,
+      tenantId: 'urn:uuid:test-tenant',
+    }
+
+    // Create credential with linkedVpUntil in the future
+    const credential: DigitalCredential = await digitalCredentialStore.addCredential(baseCredential)
+    await digitalCredentialStore.updateCredential({
+      id: credential.id,
+      linkedVpId: 'vp-future',
+      linkedVpUntil: new Date('2025-12-31'),
+    })
+
+    // Filter by date in the past - should return no results
+    const filterDate = new Date('2024-01-01')
+    const result: GetCredentialsResponse = await digitalCredentialStore.getCredentials({
+      filter: [{ linkedVpUntil: filterDate }],
+    })
+
+    expect(result.total).toEqual(0)
+    expect(result.data.length).toEqual(0)
+  })
+
+  it('should handle credentials with null linkedVpUntil when filtering', async (): Promise<void> => {
+    const baseCredential: AddCredentialArgs = {
+      rawDocument:
+        'eyJraWQiOiJkaWQ6a2V5Ono2TWtyaGt5M3B1c20yNk1laUZhWFUzbjJuZWtyYW13RlVtZ0dyZUdHa0RWNnpRaiN6Nk1rcmhreTNwdXNtMjZNZWlGYVhVM24ybmVrcmFtd0ZVbWdHcmVHR2tEVjZ6UWoiLCJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vc3BoZXJlb24tb3BlbnNvdXJjZS5naXRodWIuaW8vc3NpLW1vYmlsZS13YWxsZXQvY29udGV4dC9zcGhlcmVvbi13YWxsZXQtaWRlbnRpdHktdjEuanNvbmxkIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJTcGhlcmVvbldhbGxldElkZW50aXR5Q3JlZGVudGlhbCJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJmaXJzdE5hbWUiOiJTIiwibGFzdE5hbWUiOiJLIiwiZW1haWxBZGRyZXNzIjoic0BrIn19LCJzdWIiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJqdGkiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJuYmYiOjE3MDg0NDA4MDgsImlzcyI6ImRpZDprZXk6ejZNa3Joa3kzcHVzbTI2TWVpRmFYVTNuMm5la3JhbXdGVW1nR3JlR0drRFY2elFqIn0.G0M84XVAxSmzGY-NQuB9NBofNrINSn6lvxW6761Vlq6ypvYgtc2xNdpiRmw8ryVNfnpzrr4Z5cB1RlrC05rJAw',
+      kmsKeyRef: 'testRef',
+      identifierMethod: 'did',
+      issuerCorrelationType: CredentialCorrelationType.DID,
+      subjectCorrelationType: CredentialCorrelationType.DID,
+      issuerCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      subjectCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      credentialRole: CredentialRole.VERIFIER,
+      tenantId: 'urn:uuid:test-tenant',
+    }
+
+    // Credential with linkedVpUntil
+    const credential1: DigitalCredential = await digitalCredentialStore.addCredential(baseCredential)
+    await digitalCredentialStore.updateCredential({
+      id: credential1.id,
+      linkedVpId: 'vp-with-expiry',
+      linkedVpUntil: new Date('2024-06-01'),
+    })
+
+    // Credential without linkedVpUntil (null)
+    const credential2Args = { ...baseCredential, rawDocument: baseCredential.rawDocument + '1' }
+    const credential2: DigitalCredential = await digitalCredentialStore.addCredential(credential2Args)
+    await digitalCredentialStore.updateCredential({
+      id: credential2.id,
+      linkedVpId: 'vp-no-expiry',
+    })
+
+    // Filter should only return the credential with linkedVpUntil
+    const filterDate = new Date('2024-12-31')
+    const result: GetCredentialsResponse = await digitalCredentialStore.getCredentials({
+      filter: [{ linkedVpUntil: filterDate }],
+    })
+
+    expect(result.total).toEqual(1)
+    expect(result.data[0].linkedVpId).toEqual('vp-with-expiry')
+  })
 })

package/src/digitalCredential/DigitalCredentialStore.ts

@@ -13,7 +13,7 @@ import {
 } from '@sphereon/ssi-sdk.data-store-types'
 import { CredentialRole, OrPromise } from '@sphereon/ssi-types'
 import Debug from 'debug'
-import { DataSource, type FindOptionsOrder, type FindOptionsWhere, Repository } from 'typeorm'
+import { DataSource, type FindOptionsOrder, type FindOptionsWhere, LessThanOrEqual, Repository } from 'typeorm'
 
 import {
   digitalCredentialFrom,
@@ -67,8 +67,28 @@ export class DigitalCredentialStore extends AbstractDigitalCredentialStore {
         ? parseAndValidateOrderOptions<DigitalCredentialEntity>(order)
         : <FindOptionsOrder<DigitalCredentialEntity>>order
     const dcRepo = await this.getRepository()
+
+    // Process filter to convert linkedVpUntil dates into LessThanOrEqual operators
+    const processLinkedVpUntil = (filterItem: Partial<DigitalCredential>): FindOptionsWhere<DigitalCredentialEntity> => {
+      const processed = { ...filterItem } as FindOptionsWhere<DigitalCredentialEntity>
+      if (filterItem.linkedVpUntil) {
+        processed.linkedVpUntil = LessThanOrEqual(filterItem.linkedVpUntil)
+      }
+      return processed
+    }
+
+    let whereClause: FindOptionsWhere<DigitalCredentialEntity> | FindOptionsWhere<DigitalCredentialEntity>[]
+
+    if (Array.isArray(filter) && filter.length > 0) {
+      whereClause = filter.map(processLinkedVpUntil)
+    } else if (Object.keys(filter).length > 0) {
+      whereClause = processLinkedVpUntil(filter as Partial<DigitalCredential>)
+    } else {
+      whereClause = filter as FindOptionsWhere<DigitalCredentialEntity>
+    }
+
     const [result, total] = await dcRepo.findAndCount({
-      where: filter,
+      where: whereClause,
       skip: offset,
       take: limit,
       order: sortOptions,

package/src/entities/digitalCredential/DigitalCredentialEntity.ts

@@ -82,6 +82,9 @@ export class DigitalCredentialEntity extends BaseEntity implements DigitalCreden
   @CreateDateColumn({ name: 'linked_vp_from', nullable: true, type: typeOrmDateTime() })
   linkedVpFrom?: Date
 
+  @CreateDateColumn({ name: 'linked_vp_until', nullable: true, type: typeOrmDateTime() })
+  linkedVpUntil?: Date
+
   @CreateDateColumn({ name: 'created_at', nullable: false, type: typeOrmDateTime() })
   createdAt!: Date
 

package/src/migrations/postgres/1763387280001-AddLinkedVpFields.ts

@@ -13,9 +13,19 @@ export class AddLinkedVpFields1763387280001 implements MigrationInterface {
       ALTER TABLE "DigitalCredential" 
       ADD COLUMN "linked_vp_from" TIMESTAMP
     `)
+
+    await queryRunner.query(`
+      ALTER TABLE "DigitalCredential" 
+      ADD COLUMN "linked_vp_until" TIMESTAMP
+    `)
   }
 
   public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`
+      ALTER TABLE "DigitalCredential"
+        DROP COLUMN "linked_vp_until"
+    `)
+
     await queryRunner.query(`
       ALTER TABLE "DigitalCredential" 
       DROP COLUMN "linked_vp_from"

package/src/migrations/sqlite/1763387280002-AddLinkedVpFields.ts

@@ -13,17 +13,24 @@ export class AddLinkedVpFields1763387280002 implements MigrationInterface {
       ALTER TABLE "DigitalCredential" 
       ADD COLUMN "linked_vp_from" datetime
     `)
+
+    await queryRunner.query(`
+      ALTER TABLE "DigitalCredential" 
+      ADD COLUMN "linked_vp_until" datetime
+    `)
   }
 
   public async down(queryRunner: QueryRunner): Promise<void> {
-    // SQLite doesn't support DROP COLUMN in older versions
-    // For production, you may need to recreate the table
-    // For now, we'll try the direct approach which works in SQLite 3.35.0+
     await queryRunner.query(`
       ALTER TABLE "DigitalCredential" 
       DROP COLUMN "linked_vp_from"
     `)
 
+    await queryRunner.query(`
+      ALTER TABLE "DigitalCredential" 
+      DROP COLUMN "linked_vp_until"
+    `)
+
     await queryRunner.query(`
       ALTER TABLE "DigitalCredential" 
       DROP COLUMN "linked_vp_id"

package/src/utils/digitalCredential/MappingUtils.ts

@@ -156,7 +156,7 @@ export const persistedDigitalCredentialEntityFromUpdateArgs = (
   Object.assign(entity, existingCredential)
 
   // Normalize nullable fields before applying updates
-  const normalizedUpdates = normalizeNullableFields(updates, ['linkedVpId', 'linkedVpFrom'])
+  const normalizedUpdates = normalizeNullableFields(updates, ['linkedVpId', 'linkedVpFrom', 'linkedVpUntil'])
 
   // Apply updates
   Object.assign(entity, normalizedUpdates)