@sphereon/ssi-sdk.data-store 0.38.0 → 0.38.1-next.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sphereon/ssi-sdk.data-store",
-  "version": "0.38.0",
+  "version": "0.38.1-next.3+da87d17a",
   "source": "src/index.ts",
   "type": "module",
   "main": "./dist/index.cjs",
@@ -28,12 +28,12 @@
   "dependencies": {
     "@sphereon/kmp-mdoc-core": "0.2.0-SNAPSHOT.26",
     "@sphereon/pex": "5.0.0-unstable.28",
-    "@sphereon/ssi-sdk-ext.did-utils": "0.38.0",
-    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.38.0",
-    "@sphereon/ssi-sdk.agent-config": "0.38.0",
-    "@sphereon/ssi-sdk.core": "0.38.0",
-    "@sphereon/ssi-sdk.data-store-types": "0.38.0",
-    "@sphereon/ssi-types": "0.38.0",
+    "@sphereon/ssi-sdk-ext.did-utils": "0.38.1-next.3+da87d17a",
+    "@sphereon/ssi-sdk-ext.identifier-resolution": "0.38.1-next.3+da87d17a",
+    "@sphereon/ssi-sdk.agent-config": "0.38.1-next.3+da87d17a",
+    "@sphereon/ssi-sdk.core": "0.38.1-next.3+da87d17a",
+    "@sphereon/ssi-sdk.data-store-types": "0.38.1-next.3+da87d17a",
+    "@sphereon/ssi-types": "0.38.1-next.3+da87d17a",
     "@veramo/core": "4.2.0",
     "@veramo/data-store": "4.2.0",
     "@veramo/utils": "4.2.0",
@@ -67,5 +67,5 @@
     "PostgreSQL",
     "Contact Store"
   ],
-  "gitHead": "a93cb5bf52d46acaf3b2b2d8eba83cc88aa5cda4"
+  "gitHead": "da87d17a9e92168943cc846da4b93dc27d1b5590"
 }

package/src/__tests__/digitalCredential.store.test.ts

@@ -359,6 +359,32 @@ describe('Database entities tests', (): void => {
     expect(result.verifiedState).toEqual(CredentialStateType.VERIFIED)
   })
 
+  it('should update stored digital credential state to SUSPENDED and persist statusLastCheckedAt', async (): Promise<void> => {
+    const rawCredential: string =
+      'eyJraWQiOiJkaWQ6a2V5Ono2TWtyaGt5M3B1c20yNk1laUZhWFUzbjJuZWtyYW13RlVtZ0dyZUdHa0RWNnpRaiN6Nk1rcmhreTNwdXNtMjZNZWlGYVhVM24ybmVrcmFtd0ZVbWdHcmVHR2tEVjZ6UWoiLCJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9.eyJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vc3BoZXJlb24tb3BlbnNvdXJjZS5naXRodWIuaW8vc3NpLW1vYmlsZS13YWxsZXQvY29udGV4dC9zcGhlcmVvbi13YWxsZXQtaWRlbnRpdHktdjEuanNvbmxkIl0sInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJTcGhlcmVvbldhbGxldElkZW50aXR5Q3JlZGVudGlhbCJdLCJjcmVkZW50aWFsU3ViamVjdCI6eyJmaXJzdE5hbWUiOiJTIiwibGFzdE5hbWUiOiJLIiwiZW1haWxBZGRyZXNzIjoic0BrIn19LCJzdWIiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJqdGkiOiJ1cm46dXVpZDpkZGE3YmYyNC04ZTdhLTQxZjgtYjY2Yy1hNDhkYmM1YjEwZmEiLCJuYmYiOjE3MDg0NDA4MDgsImlzcyI6ImRpZDprZXk6ejZNa3Joa3kzcHVzbTI2TWVpRmFYVTNuMm5la3JhbXdGVW1nR3JlR0drRFY2elFqIn0.G0M84XVAxSmzGY-NQuB9NBofNrINSn6lvxW6761Vlq6ypvYgtc2xNdpiRmw8ryVNfnpzrr4Z5cB1RlrC05rJAw'
+    const digitalCredential: AddCredentialArgs = {
+      rawDocument: rawCredential,
+      kmsKeyRef: 'testRef',
+      identifierMethod: 'did',
+      issuerCorrelationType: CredentialCorrelationType.DID,
+      subjectCorrelationType: CredentialCorrelationType.DID,
+      issuerCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      subjectCorrelationId: 'did:key:z6Mkrhky3pusm26MeiFaXU3n2nekramwFUmgGreGGkDV6zQj',
+      credentialRole: CredentialRole.HOLDER,
+    }
+
+    const savedDigitalCredential: DigitalCredential = await digitalCredentialStore.addCredential(digitalCredential)
+
+    const checkedAt = new Date()
+    const result = await digitalCredentialStore.updateCredential({
+      id: savedDigitalCredential.id,
+      verifiedState: CredentialStateType.SUSPENDED,
+      statusLastCheckedAt: checkedAt,
+    })
+    expect(result.verifiedState).toEqual(CredentialStateType.SUSPENDED)
+    expect(result.statusLastCheckedAt?.getTime()).toEqual(checkedAt.getTime())
+  })
+
   // Add these test cases to digitalCredential.store.test.ts after the existing update tests
 
   it('should update digital credential fields', async (): Promise<void> => {

package/src/entities/digitalCredential/DigitalCredentialEntity.ts

@@ -105,4 +105,7 @@ export class DigitalCredentialEntity extends BaseEntity implements DigitalCreden
 
   @Column({ name: 'revoked_at', nullable: true, type: typeOrmDateTime() })
   revokedAt?: Date
+
+  @Column({ name: 'status_last_checked_at', nullable: true, type: typeOrmDateTime() })
+  statusLastCheckedAt?: Date
 }

package/src/migrations/generic/19-AddCredentialStatusFields.ts

@@ -0,0 +1,66 @@
+import Debug, { Debugger } from 'debug'
+import { DatabaseType, MigrationInterface, QueryRunner } from 'typeorm'
+import { AddCredentialStatusFields1780000000001 } from '../postgres/1780000000001-AddCredentialStatusFields'
+import { AddCredentialStatusFields1780000000002 } from '../sqlite/1780000000002-AddCredentialStatusFields'
+
+const debug: Debugger = Debug('sphereon:ssi-sdk:migrations')
+
+export class AddCredentialStatusFields1780000000000 implements MigrationInterface {
+  name: string = 'AddCredentialStatusFields1780000000000'
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    debug('migration: adding credential status fields to DigitalCredential table')
+    const dbType: DatabaseType = queryRunner.connection.driver.options.type
+
+    switch (dbType) {
+      case 'postgres': {
+        debug('using postgres migration file for AddCredentialStatusFields')
+        const mig: AddCredentialStatusFields1780000000001 = new AddCredentialStatusFields1780000000001()
+        await mig.up(queryRunner)
+        debug('Postgres migration statements for AddCredentialStatusFields executed')
+        return
+      }
+      case 'sqlite':
+      case 'expo':
+      case 'react-native': {
+        debug('using sqlite/react-native migration file for AddCredentialStatusFields')
+        const mig: AddCredentialStatusFields1780000000002 = new AddCredentialStatusFields1780000000002()
+        await mig.up(queryRunner)
+        debug('SQLite migration statements for AddCredentialStatusFields executed')
+        return
+      }
+      default:
+        return Promise.reject(
+          `Migrations are currently only supported for sqlite, react-native, expo, and postgres for AddCredentialStatusFields. Was ${dbType}. Please run your database without migrations and with 'migrationsRun: false' and 'synchronize: true' for now`,
+        )
+    }
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    debug('migration: reverting credential status fields from DigitalCredential table')
+    const dbType: DatabaseType = queryRunner.connection.driver.options.type
+
+    switch (dbType) {
+      case 'postgres': {
+        debug('using postgres migration file for AddCredentialStatusFields')
+        const mig: AddCredentialStatusFields1780000000001 = new AddCredentialStatusFields1780000000001()
+        await mig.down(queryRunner)
+        debug('Postgres migration statements for AddCredentialStatusFields reverted')
+        return
+      }
+      case 'sqlite':
+      case 'expo':
+      case 'react-native': {
+        debug('using sqlite/react-native migration file for AddCredentialStatusFields')
+        const mig: AddCredentialStatusFields1780000000002 = new AddCredentialStatusFields1780000000002()
+        await mig.down(queryRunner)
+        debug('SQLite migration statements for AddCredentialStatusFields reverted')
+        return
+      }
+      default:
+        return Promise.reject(
+          `Migrations are currently only supported for sqlite, react-native, expo, and postgres for AddCredentialStatusFields. Was ${dbType}. Please run your database without migrations and with 'migrationsRun: false' and 'synchronize: true' for now`,
+        )
+    }
+  }
+}

package/src/migrations/generic/index.ts

@@ -18,6 +18,7 @@ import { CreateMachineStateStore1708098041262 } from './7-CreateMachineStateStor
 import { CreateContacts1708525189000 } from './8-CreateContacts'
 import { CreateContacts1715761125000 } from './9-CreateContacts'
 import { AddCredentialDesigns1773657426000 } from './18-AddCredentialDesigns'
+import { AddCredentialStatusFields1780000000000 } from './19-AddCredentialStatusFields'
 
 /**
  * The migrations array that SHOULD be used when initializing a TypeORM database connection.
@@ -48,7 +49,11 @@ export const DataStoreStatusListMigrations = [
   CreateBitstringStatusList1741895823000,
 ]
 export const DataStoreEventLoggerMigrations = [CreateAuditEvents1701635835330]
-export const DataStoreDigitalCredentialMigrations = [CreateDigitalCredential1708525189000, AddLinkedVpFields1763387280000]
+export const DataStoreDigitalCredentialMigrations = [
+  CreateDigitalCredential1708525189000,
+  AddLinkedVpFields1763387280000,
+  AddCredentialStatusFields1780000000000,
+]
 export const DataStoreMachineStateMigrations = [CreateMachineStateStore1708098041262]
 export const DataStorePresentationDefinitionMigrations = [CreatePresentationDefinitions1716533767523, CreateDcqlQueryItem1726617600000]
 export const DataStoreServiceMigrations = [AddServiceMetadata1764000000000]

package/src/migrations/postgres/1780000000001-AddCredentialStatusFields.ts

@@ -0,0 +1,30 @@
+import { MigrationInterface, QueryRunner } from 'typeorm'
+
+/**
+ * Adds 'SUSPENDED' to the digital_credential_state_type enum and a "status_last_checked_at"
+ * column on DigitalCredential. Uses the transaction-safe recreate-type approach.
+ */
+export class AddCredentialStatusFields1780000000001 implements MigrationInterface {
+  name = 'AddCredentialStatusFields1780000000001'
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`ALTER TABLE "DigitalCredential" ADD COLUMN "status_last_checked_at" TIMESTAMP`)
+    await queryRunner.query(`CREATE TYPE "digital_credential_state_type_v2" AS ENUM('REVOKED', 'VERIFIED', 'EXPIRED', 'SUSPENDED')`)
+    await queryRunner.query(
+      `ALTER TABLE "DigitalCredential" ALTER COLUMN "verified_state" TYPE "digital_credential_state_type_v2" USING "verified_state"::text::"digital_credential_state_type_v2"`,
+    )
+    await queryRunner.query(`DROP TYPE "digital_credential_state_type"`)
+    await queryRunner.query(`ALTER TYPE "digital_credential_state_type_v2" RENAME TO "digital_credential_state_type"`)
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`UPDATE "DigitalCredential" SET "verified_state" = NULL WHERE "verified_state" = 'SUSPENDED'`)
+    await queryRunner.query(`CREATE TYPE "digital_credential_state_type_old" AS ENUM('REVOKED', 'VERIFIED', 'EXPIRED')`)
+    await queryRunner.query(
+      `ALTER TABLE "DigitalCredential" ALTER COLUMN "verified_state" TYPE "digital_credential_state_type_old" USING "verified_state"::text::"digital_credential_state_type_old"`,
+    )
+    await queryRunner.query(`DROP TYPE "digital_credential_state_type"`)
+    await queryRunner.query(`ALTER TYPE "digital_credential_state_type_old" RENAME TO "digital_credential_state_type"`)
+    await queryRunner.query(`ALTER TABLE "DigitalCredential" DROP COLUMN "status_last_checked_at"`)
+  }
+}

package/src/migrations/sqlite/1780000000002-AddCredentialStatusFields.ts

@@ -0,0 +1,137 @@
+import { MigrationInterface, QueryRunner } from 'typeorm'
+
+/**
+ * Widens the DigitalCredential "verified_state" CHECK constraint to include 'SUSPENDED'
+ * and adds a "status_last_checked_at" column. SQLite cannot ALTER a CHECK constraint in
+ * place, so the table is rebuilt. This migration must run AFTER AddLinkedVpFields
+ * (1763387280000), so the rebuilt schema includes the linked_vp_* columns.
+ */
+export class AddCredentialStatusFields1780000000002 implements MigrationInterface {
+  name = 'AddCredentialStatusFields1780000000002'
+
+  public async up(queryRunner: QueryRunner): Promise<void> {
+    await queryRunner.query(`
+      CREATE TABLE "DigitalCredential_new" (
+        "id" varchar PRIMARY KEY NOT NULL,
+        "parent_id" text,
+        "document_type" varchar CHECK( "document_type" IN ('VC', 'VP', 'C', 'P') ) NOT NULL,
+        "regulation_type" varchar CHECK( "regulation_type" IN ('PID', 'QEAA', 'EAA', 'NON_REGULATED') ) NOT NULL DEFAULT 'NON_REGULATED',
+        "document_format" varchar CHECK( "document_format" IN ('JSON_LD', 'JWT', 'SD_JWT', 'MSO_MDOC') ) NOT NULL,
+        "credential_role" varchar CHECK( "credential_role" IN ('ISSUER', 'VERIFIER', 'HOLDER', 'FEDERATION_TRUST_ANCHOR') ) NOT NULL,
+        "raw_document" text NOT NULL,
+        "uniform_document" text NOT NULL,
+        "credential_id" text,
+        "hash" text NOT NULL,
+        "kms_key_ref" text,
+        "identifier_method" text,
+        "issuer_correlation_type" varchar CHECK( "issuer_correlation_type" IN ('DID', 'KID', 'URL', 'X509_SAN') ) NOT NULL,
+        "subject_correlation_type" varchar CHECK( "subject_correlation_type" IN ('DID', 'KID', 'URL', 'X509_SAN') ),
+        "issuer_correlation_id" text NOT NULL,
+        "subject_correlation_id" text,
+        "issuer_signed" boolean,
+        "rp_correlation_id" text,
+        "rp_correlation_type" varchar CHECK( "issuer_correlation_type" IN ('DID', 'KID', 'URL', 'X509_SAN') ),
+        "verified_state" varchar CHECK( "verified_state" IN ('REVOKED', 'VERIFIED', 'EXPIRED', 'SUSPENDED') ),
+        "tenant_id" text,
+        "created_at" datetime NOT NULL DEFAULT (datetime('now')),
+        "last_updated_at" datetime NOT NULL DEFAULT (datetime('now')),
+        "presented_at" datetime,
+        "valid_from" datetime,
+        "valid_until" datetime,
+        "verified_at" datetime,
+        "revoked_at" datetime,
+        "linked_vp_id" text,
+        "linked_vp_from" datetime,
+        "linked_vp_until" datetime,
+        "status_last_checked_at" datetime,
+        UNIQUE ("hash", "credential_role")
+      )
+    `)
+
+    await queryRunner.query(`
+      INSERT INTO "DigitalCredential_new" (
+        "id","parent_id","document_type","regulation_type","document_format","credential_role",
+        "raw_document","uniform_document","credential_id","hash","kms_key_ref","identifier_method",
+        "issuer_correlation_type","subject_correlation_type","issuer_correlation_id","subject_correlation_id",
+        "issuer_signed","rp_correlation_id","rp_correlation_type","verified_state","tenant_id",
+        "created_at","last_updated_at","presented_at","valid_from","valid_until","verified_at","revoked_at",
+        "linked_vp_id","linked_vp_from","linked_vp_until"
+      )
+      SELECT
+        "id","parent_id","document_type","regulation_type","document_format","credential_role",
+        "raw_document","uniform_document","credential_id","hash","kms_key_ref","identifier_method",
+        "issuer_correlation_type","subject_correlation_type","issuer_correlation_id","subject_correlation_id",
+        "issuer_signed","rp_correlation_id","rp_correlation_type","verified_state","tenant_id",
+        "created_at","last_updated_at","presented_at","valid_from","valid_until","verified_at","revoked_at",
+        "linked_vp_id","linked_vp_from","linked_vp_until"
+      FROM "DigitalCredential"
+    `)
+
+    await queryRunner.query(`DROP TABLE "DigitalCredential"`)
+    await queryRunner.query(`ALTER TABLE "DigitalCredential_new" RENAME TO "DigitalCredential"`)
+  }
+
+  public async down(queryRunner: QueryRunner): Promise<void> {
+    // Collapse SUSPENDED to NULL so the narrowed CHECK does not reject existing rows
+    await queryRunner.query(`UPDATE "DigitalCredential" SET "verified_state" = NULL WHERE "verified_state" = 'SUSPENDED'`)
+
+    await queryRunner.query(`
+      CREATE TABLE "DigitalCredential_old" (
+        "id" varchar PRIMARY KEY NOT NULL,
+        "parent_id" text,
+        "document_type" varchar CHECK( "document_type" IN ('VC', 'VP', 'C', 'P') ) NOT NULL,
+        "regulation_type" varchar CHECK( "regulation_type" IN ('PID', 'QEAA', 'EAA', 'NON_REGULATED') ) NOT NULL DEFAULT 'NON_REGULATED',
+        "document_format" varchar CHECK( "document_format" IN ('JSON_LD', 'JWT', 'SD_JWT', 'MSO_MDOC') ) NOT NULL,
+        "credential_role" varchar CHECK( "credential_role" IN ('ISSUER', 'VERIFIER', 'HOLDER', 'FEDERATION_TRUST_ANCHOR') ) NOT NULL,
+        "raw_document" text NOT NULL,
+        "uniform_document" text NOT NULL,
+        "credential_id" text,
+        "hash" text NOT NULL,
+        "kms_key_ref" text,
+        "identifier_method" text,
+        "issuer_correlation_type" varchar CHECK( "issuer_correlation_type" IN ('DID', 'KID', 'URL', 'X509_SAN') ) NOT NULL,
+        "subject_correlation_type" varchar CHECK( "subject_correlation_type" IN ('DID', 'KID', 'URL', 'X509_SAN') ),
+        "issuer_correlation_id" text NOT NULL,
+        "subject_correlation_id" text,
+        "issuer_signed" boolean,
+        "rp_correlation_id" text,
+        "rp_correlation_type" varchar CHECK( "issuer_correlation_type" IN ('DID', 'KID', 'URL', 'X509_SAN') ),
+        "verified_state" varchar CHECK( "verified_state" IN ('REVOKED', 'VERIFIED', 'EXPIRED') ),
+        "tenant_id" text,
+        "created_at" datetime NOT NULL DEFAULT (datetime('now')),
+        "last_updated_at" datetime NOT NULL DEFAULT (datetime('now')),
+        "presented_at" datetime,
+        "valid_from" datetime,
+        "valid_until" datetime,
+        "verified_at" datetime,
+        "revoked_at" datetime,
+        "linked_vp_id" text,
+        "linked_vp_from" datetime,
+        "linked_vp_until" datetime,
+        UNIQUE ("hash", "credential_role")
+      )
+    `)
+
+    await queryRunner.query(`
+      INSERT INTO "DigitalCredential_old" (
+        "id","parent_id","document_type","regulation_type","document_format","credential_role",
+        "raw_document","uniform_document","credential_id","hash","kms_key_ref","identifier_method",
+        "issuer_correlation_type","subject_correlation_type","issuer_correlation_id","subject_correlation_id",
+        "issuer_signed","rp_correlation_id","rp_correlation_type","verified_state","tenant_id",
+        "created_at","last_updated_at","presented_at","valid_from","valid_until","verified_at","revoked_at",
+        "linked_vp_id","linked_vp_from","linked_vp_until"
+      )
+      SELECT
+        "id","parent_id","document_type","regulation_type","document_format","credential_role",
+        "raw_document","uniform_document","credential_id","hash","kms_key_ref","identifier_method",
+        "issuer_correlation_type","subject_correlation_type","issuer_correlation_id","subject_correlation_id",
+        "issuer_signed","rp_correlation_id","rp_correlation_type","verified_state","tenant_id",
+        "created_at","last_updated_at","presented_at","valid_from","valid_until","verified_at","revoked_at",
+        "linked_vp_id","linked_vp_from","linked_vp_until"
+      FROM "DigitalCredential"
+    `)
+
+    await queryRunner.query(`DROP TABLE "DigitalCredential"`)
+    await queryRunner.query(`ALTER TABLE "DigitalCredential_old" RENAME TO "DigitalCredential"`)
+  }
+}