@swimmingkiim/trust-sdk 0.1.32 → 0.2.2

package/dist/credentials/vc-handler.service.d.ts

@@ -1,10 +1,24 @@
-import { Agent } from '../agent';
-import { VerifiableCredential } from '@veramo/core';
+import { Resolver } from 'did-resolver';
+import type { EphemeralIdentity } from '../identity/did-manager';
 export declare class VCHandler {
-    private agent?;
-    constructor(agent?: Agent);
-    private getAgent;
-    createCredential(issuerDid: string, subjectDid: string, claims: Record<string, any>): Promise<VerifiableCredential>;
+    private resolver;
+    constructor(resolver?: Resolver);
+    /**
+     * Creates a Verifiable Credential as a JWT string.
+     * Stateless: signs in-memory, no DB storage.
+     *
+     * @param issuerDid - DID of the issuer
+     * @param subjectDid - DID of the subject
+     * @param claims - Claims to include in the credential
+     * @param keyPair - Signing key pair (from IdentityManager.createEphemeralDID())
+     * @returns JWT string
+     */
+    createCredential(issuerDid: string, subjectDid: string, claims: Record<string, any>, keyPair?: EphemeralIdentity['keyPair']): Promise<string>;
+    /**
+     * Verifies a Verifiable Credential JWT.
+     * Stateless: resolves issuer DID via blockchain/derivation/web,
+     * then verifies the JWT signature. No DB required.
+     */
     verifyCredential(vcJwt: string): Promise<boolean>;
 }
 //# sourceMappingURL=vc-handler.service.d.ts.map

package/dist/credentials/vc-handler.service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"vc-handler.service.d.ts","sourceRoot":"","sources":["../../src/credentials/vc-handler.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAa,KAAK,EAAE,MAAM,UAAU,CAAA;AAC3C,OAAO,EAAE,oBAAoB,EAAE,MAAM,cAAc,CAAA;AAEnD,qBAAa,SAAS;IAClB,OAAO,CAAC,KAAK,CAAC,CAAO;gBAET,KAAK,CAAC,EAAE,KAAK;YAIX,QAAQ;IAKhB,gBAAgB,CAClB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAC5B,OAAO,CAAC,oBAAoB,CAAC;IAkB1B,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAsB1D"}
+{"version":3,"file":"vc-handler.service.d.ts","sourceRoot":"","sources":["../../src/credentials/vc-handler.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAEvC,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAEhE,qBAAa,SAAS;IAClB,OAAO,CAAC,QAAQ,CAAU;gBAEd,QAAQ,CAAC,EAAE,QAAQ;IAI/B;;;;;;;;;OASG;IACG,gBAAgB,CAClB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC3B,OAAO,CAAC,EAAE,iBAAiB,CAAC,SAAS,CAAC,GACvC,OAAO,CAAC,MAAM,CAAC;IA6BlB;;;;OAIG;IACG,gBAAgB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAwB1D"}

package/dist/credentials/vc-handler.service.js

@@ -1,50 +1,74 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VCHandler = void 0;
-const agent_1 = require("../agent");
+const did_jwt_vc_1 = require("did-jwt-vc");
+const did_jwt_1 = require("did-jwt");
+const resolver_1 = require("../resolver");
 class VCHandler {
-    agent;
-    constructor(agent) {
-        this.agent = agent;
+    resolver;
+    constructor(resolver) {
+        this.resolver = resolver ?? (0, resolver_1.createResolver)();
     }
-    async getAgent() {
-        if (this.agent)
-            return this.agent;
-        return await (0, agent_1.initAgent)();
-    }
-    async createCredential(issuerDid, subjectDid, claims) {
-        const agent = await this.getAgent();
-        const credential = await agent.createVerifiableCredential({
-            credential: {
-                issuer: { id: issuerDid },
+    /**
+     * Creates a Verifiable Credential as a JWT string.
+     * Stateless: signs in-memory, no DB storage.
+     *
+     * @param issuerDid - DID of the issuer
+     * @param subjectDid - DID of the subject
+     * @param claims - Claims to include in the credential
+     * @param keyPair - Signing key pair (from IdentityManager.createEphemeralDID())
+     * @returns JWT string
+     */
+    async createCredential(issuerDid, subjectDid, claims, keyPair) {
+        if (!keyPair) {
+            throw new Error('keyPair is required for credential issuance. Use IdentityManager.createEphemeralDID() to generate one.');
+        }
+        const signer = (0, did_jwt_1.EdDSASigner)(keyPair.secretKey);
+        const vcPayload = {
+            sub: subjectDid,
+            nbf: Math.floor(Date.now() / 1000),
+            vc: {
+                '@context': ['https://www.w3.org/2018/credentials/v1'],
+                type: ['VerifiableCredential'],
                 credentialSubject: {
                     id: subjectDid,
-                    ...claims
-                }
+                    ...claims,
+                },
             },
-            proofFormat: 'jwt',
-            save: true
-        });
-        return credential;
+        };
+        const issuer = {
+            did: issuerDid,
+            signer,
+            alg: 'EdDSA',
+        };
+        return await (0, did_jwt_vc_1.createVerifiableCredentialJwt)(vcPayload, issuer);
     }
+    /**
+     * Verifies a Verifiable Credential JWT.
+     * Stateless: resolves issuer DID via blockchain/derivation/web,
+     * then verifies the JWT signature. No DB required.
+     */
     async verifyCredential(vcJwt) {
-        const agent = await this.getAgent();
-        const result = await agent.verifyCredential({
-            credential: vcJwt
-        });
-        if (!result.verified) {
-            console.error('Credential verification failed:', result.error);
-            return false;
-        }
-        // Explicit expiration check
-        if (result.verifiableCredential && result.verifiableCredential.expirationDate) {
-            const expirationDate = new Date(result.verifiableCredential.expirationDate);
-            if (expirationDate < new Date()) {
-                console.error(`Credential expired on ${expirationDate.toISOString()}`);
+        try {
+            const result = await (0, did_jwt_vc_1.verifyCredential)(vcJwt, this.resolver);
+            if (!result.verified) {
+                console.error('Credential verification failed:', result);
                 return false;
             }
+            // Explicit expiration check
+            if (result.verifiableCredential?.expirationDate) {
+                const expirationDate = new Date(result.verifiableCredential.expirationDate);
+                if (expirationDate < new Date()) {
+                    console.error(`Credential expired on ${expirationDate.toISOString()}`);
+                    return false;
+                }
+            }
+            return true;
+        }
+        catch (error) {
+            console.error('VC verification error:', error);
+            return false;
         }
-        return result.verified;
     }
 }
 exports.VCHandler = VCHandler;

package/dist/credentials/vc-handler.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"vc-handler.service.js","sourceRoot":"","sources":["../../src/credentials/vc-handler.service.ts"],"names":[],"mappings":";;;AAAA,oCAA2C;AAG3C,MAAa,SAAS;IACV,KAAK,CAAQ;IAErB,YAAY,KAAa;QACrB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAA;IACtB,CAAC;IAEO,KAAK,CAAC,QAAQ;QAClB,IAAI,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAC,KAAK,CAAA;QACjC,OAAO,MAAM,IAAA,iBAAS,GAAE,CAAA;IAC5B,CAAC;IAED,KAAK,CAAC,gBAAgB,CAClB,SAAiB,EACjB,UAAkB,EAClB,MAA2B;QAE3B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAA;QAEnC,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,0BAA0B,CAAC;YACtD,UAAU,EAAE;gBACR,MAAM,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE;gBACzB,iBAAiB,EAAE;oBACf,EAAE,EAAE,UAAU;oBACd,GAAG,MAAM;iBACZ;aACJ;YACD,WAAW,EAAE,KAAK;YAClB,IAAI,EAAE,IAAI;SACb,CAAC,CAAA;QAEF,OAAO,UAAU,CAAA;IACrB,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,KAAa;QAChC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAA;QACnC,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC;YACxC,UAAU,EAAE,KAAK;SACpB,CAAC,CAAA;QAEF,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACnB,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,MAAM,CAAC,KAAK,CAAC,CAAA;YAC9D,OAAO,KAAK,CAAA;QAChB,CAAC;QAED,4BAA4B;QAC5B,IAAI,MAAM,CAAC,oBAAoB,IAAI,MAAM,CAAC,oBAAoB,CAAC,cAAc,EAAE,CAAC;YAC5E,MAAM,cAAc,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,cAAc,CAAC,CAAA;YAC3E,IAAI,cAAc,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBAC9B,OAAO,CAAC,KAAK,CAAC,yBAAyB,cAAc,CAAC,WAAW,EAAE,EAAE,CAAC,CAAA;gBACtE,OAAO,KAAK,CAAA;YAChB,CAAC;QACL,CAAC;QAED,OAAO,MAAM,CAAC,QAAQ,CAAA;IAC1B,CAAC;CACJ;AAxDD,8BAwDC"}
+{"version":3,"file":"vc-handler.service.js","sourceRoot":"","sources":["../../src/credentials/vc-handler.service.ts"],"names":[],"mappings":";;;AAAA,2CAAwF;AACxF,qCAAqC;AAErC,0CAA4C;AAG5C,MAAa,SAAS;IACV,QAAQ,CAAU;IAE1B,YAAY,QAAmB;QAC3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,IAAI,IAAA,yBAAc,GAAE,CAAA;IAChD,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,gBAAgB,CAClB,SAAiB,EACjB,UAAkB,EAClB,MAA2B,EAC3B,OAAsC;QAEtC,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,wGAAwG,CAAC,CAAA;QAC7H,CAAC;QAED,MAAM,MAAM,GAAG,IAAA,qBAAW,EAAC,OAAO,CAAC,SAAS,CAAC,CAAA;QAE7C,MAAM,SAAS,GAAG;YACd,GAAG,EAAE,UAAU;YACf,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YAClC,EAAE,EAAE;gBACA,UAAU,EAAE,CAAC,wCAAwC,CAAC;gBACtD,IAAI,EAAE,CAAC,sBAAsB,CAAC;gBAC9B,iBAAiB,EAAE;oBACf,EAAE,EAAE,UAAU;oBACd,GAAG,MAAM;iBACZ;aACJ;SACJ,CAAA;QAED,MAAM,MAAM,GAAG;YACX,GAAG,EAAE,SAAS;YACd,MAAM;YACN,GAAG,EAAE,OAAgB;SACxB,CAAA;QAED,OAAO,MAAM,IAAA,0CAA6B,EAAC,SAAS,EAAE,MAAM,CAAC,CAAA;IACjE,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,gBAAgB,CAAC,KAAa;QAChC,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,IAAA,6BAAQ,EAAC,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAA;YAEnD,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACnB,OAAO,CAAC,KAAK,CAAC,iCAAiC,EAAE,MAAM,CAAC,CAAA;gBACxD,OAAO,KAAK,CAAA;YAChB,CAAC;YAED,4BAA4B;YAC5B,IAAI,MAAM,CAAC,oBAAoB,EAAE,cAAc,EAAE,CAAC;gBAC9C,MAAM,cAAc,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,oBAAoB,CAAC,cAAc,CAAC,CAAA;gBAC3E,IAAI,cAAc,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;oBAC9B,OAAO,CAAC,KAAK,CAAC,yBAAyB,cAAc,CAAC,WAAW,EAAE,EAAE,CAAC,CAAA;oBACtE,OAAO,KAAK,CAAA;gBAChB,CAAC;YACL,CAAC;YAED,OAAO,IAAI,CAAA;QACf,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAA;YAC9C,OAAO,KAAK,CAAA;QAChB,CAAC;IACL,CAAC;CACJ;AAhFD,8BAgFC"}

package/dist/identity/did-manager.d.ts

@@ -1,6 +1,31 @@
+import { Resolver } from 'did-resolver';
+export interface EphemeralIdentity {
+    did: string;
+    keyPair: {
+        publicKey: Uint8Array;
+        secretKey: Uint8Array;
+    };
+}
 export declare class IdentityManager {
-    createEphemeralDID(): Promise<import("@veramo/core").IIdentifier>;
-    createPersistentDID(alias?: string): Promise<import("@veramo/core").IIdentifier>;
-    resolveDID(did: string): Promise<import("did-resolver").DIDResolutionResult>;
+    private resolver;
+    constructor(resolver?: Resolver);
+    /**
+     * Creates an ephemeral (in-memory) did:key identity.
+     * Uses Node.js built-in crypto — no external dependencies, no database.
+     */
+    createEphemeralDID(): Promise<EphemeralIdentity>;
+    /**
+     * Resolves a DID to its DID Document.
+     * Stateless: uses blockchain (did:ethr) or derivation (did:key).
+     */
+    resolveDID(did: string): Promise<any>;
+    /**
+     * Imports an existing Ed25519 secret key and derives the DID.
+     * Use this when you already have a fixed key (e.g., from did_keys.json).
+     *
+     * @param secretKey - 32-byte Ed25519 secret key as hex string or Uint8Array
+     * @returns EphemeralIdentity with the derived DID and key pair
+     */
+    fromSecretKey(secretKey: string | Uint8Array): Promise<EphemeralIdentity>;
 }
 //# sourceMappingURL=did-manager.d.ts.map

package/dist/identity/did-manager.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"did-manager.d.ts","sourceRoot":"","sources":["../../src/identity/did-manager.ts"],"names":[],"mappings":"AAEA,qBAAa,eAAe;IAClB,kBAAkB;IAQlB,mBAAmB,CAAC,KAAK,CAAC,EAAE,MAAM;IASlC,UAAU,CAAC,GAAG,EAAE,MAAM;CAI/B"}
+{"version":3,"file":"did-manager.d.ts","sourceRoot":"","sources":["../../src/identity/did-manager.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAEvC,MAAM,WAAW,iBAAiB;IAC9B,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE;QACL,SAAS,EAAE,UAAU,CAAA;QACrB,SAAS,EAAE,UAAU,CAAA;KACxB,CAAA;CACJ;AAgDD,qBAAa,eAAe;IACxB,OAAO,CAAC,QAAQ,CAAU;gBAEd,QAAQ,CAAC,EAAE,QAAQ;IAI/B;;;OAGG;IACG,kBAAkB,IAAI,OAAO,CAAC,iBAAiB,CAAC;IAoBtD;;;OAGG;IACG,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IAI3C;;;;;;OAMG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,UAAU,GAAG,OAAO,CAAC,iBAAiB,CAAC;CAkClF"}

package/dist/identity/did-manager.js

@@ -1,26 +1,115 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.IdentityManager = void 0;
-const agent_1 = require("../agent");
+const crypto_1 = __importDefault(require("crypto"));
+const resolver_1 = require("../resolver");
+// Ed25519 multicodec prefix (0xed01)
+const ED25519_MULTICODEC_PREFIX = new Uint8Array([0xed, 0x01]);
+// Base58btc alphabet (Bitcoin alphabet)
+const BASE58_ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+/**
+ * Encodes a Uint8Array to base58btc string.
+ * Pure implementation with no external dependencies.
+ */
+function base58btcEncode(bytes) {
+    // Count leading zeros
+    let leadingZeros = 0;
+    for (let i = 0; i < bytes.length && bytes[i] === 0; i++) {
+        leadingZeros++;
+    }
+    // Convert to BigInt for base conversion
+    let num = BigInt('0x' + Buffer.from(bytes).toString('hex'));
+    const chars = [];
+    while (num > 0n) {
+        const remainder = Number(num % 58n);
+        chars.unshift(BASE58_ALPHABET[remainder]);
+        num = num / 58n;
+    }
+    // Add '1' for each leading zero byte
+    for (let i = 0; i < leadingZeros; i++) {
+        chars.unshift('1');
+    }
+    return chars.join('');
+}
+/**
+ * Encodes an Ed25519 public key as a did:key identifier.
+ * Format: did:key:z + base58btc(multicodec_prefix + public_key)
+ */
+function publicKeyToDidKey(publicKey) {
+    const multicodecKey = new Uint8Array(ED25519_MULTICODEC_PREFIX.length + publicKey.length);
+    multicodecKey.set(ED25519_MULTICODEC_PREFIX);
+    multicodecKey.set(publicKey, ED25519_MULTICODEC_PREFIX.length);
+    return `did:key:z${base58btcEncode(multicodecKey)}`;
+}
 class IdentityManager {
-    async createEphemeralDID() {
-        const agent = await (0, agent_1.initAgent)();
-        const identifier = await agent.didManagerCreate({
-            provider: 'did:key'
-        });
-        return identifier;
+    resolver;
+    constructor(resolver) {
+        this.resolver = resolver ?? (0, resolver_1.createResolver)();
     }
-    async createPersistentDID(alias) {
-        const agent = await (0, agent_1.initAgent)();
-        const identifier = await agent.didManagerCreate({
-            provider: 'did:ethr',
-            alias
-        });
-        return identifier;
+    /**
+     * Creates an ephemeral (in-memory) did:key identity.
+     * Uses Node.js built-in crypto — no external dependencies, no database.
+     */
+    async createEphemeralDID() {
+        const { publicKey, privateKey } = crypto_1.default.generateKeyPairSync('ed25519');
+        // Export raw key bytes from DER format
+        const pubDer = publicKey.export({ type: 'spki', format: 'der' });
+        const privDer = privateKey.export({ type: 'pkcs8', format: 'der' });
+        // Ed25519 SPKI DER: 12-byte header + 32-byte key
+        const rawPublicKey = new Uint8Array(pubDer.subarray(pubDer.length - 32));
+        // Ed25519 PKCS8 DER: 16-byte header + 32-byte key
+        const rawSecretKey = new Uint8Array(privDer.subarray(privDer.length - 32));
+        const did = publicKeyToDidKey(rawPublicKey);
+        return {
+            did,
+            keyPair: { publicKey: rawPublicKey, secretKey: rawSecretKey },
+        };
     }
+    /**
+     * Resolves a DID to its DID Document.
+     * Stateless: uses blockchain (did:ethr) or derivation (did:key).
+     */
     async resolveDID(did) {
-        const agent = await (0, agent_1.initAgent)();
-        return await agent.resolveDid({ didUrl: did });
+        return await this.resolver.resolve(did);
+    }
+    /**
+     * Imports an existing Ed25519 secret key and derives the DID.
+     * Use this when you already have a fixed key (e.g., from did_keys.json).
+     *
+     * @param secretKey - 32-byte Ed25519 secret key as hex string or Uint8Array
+     * @returns EphemeralIdentity with the derived DID and key pair
+     */
+    async fromSecretKey(secretKey) {
+        const rawSecretKey = typeof secretKey === 'string'
+            ? new Uint8Array(Buffer.from(secretKey.replace(/^0x/, ''), 'hex'))
+            : secretKey;
+        if (rawSecretKey.length !== 32) {
+            throw new Error(`Invalid Ed25519 secret key length: expected 32 bytes, got ${rawSecretKey.length}`);
+        }
+        // Reconstruct Node.js KeyObject from raw bytes
+        // Ed25519 PKCS8 DER = fixed 16-byte header + 32-byte raw key
+        const pkcs8Header = Buffer.from([
+            0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
+            0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20,
+        ]);
+        const pkcs8Der = Buffer.concat([pkcs8Header, Buffer.from(rawSecretKey)]);
+        const privateKeyObject = crypto_1.default.createPrivateKey({
+            key: pkcs8Der,
+            format: 'der',
+            type: 'pkcs8',
+        });
+        // Derive public key
+        const publicKeyObject = crypto_1.default.createPublicKey(privateKeyObject);
+        const pubDer = publicKeyObject.export({ type: 'spki', format: 'der' });
+        const rawPublicKey = new Uint8Array(pubDer.subarray(pubDer.length - 32));
+        const did = publicKeyToDidKey(rawPublicKey);
+        return {
+            did,
+            keyPair: { publicKey: rawPublicKey, secretKey: rawSecretKey },
+        };
     }
 }
 exports.IdentityManager = IdentityManager;

package/dist/identity/did-manager.js.map

@@ -1 +1 @@
-{"version":3,"file":"did-manager.js","sourceRoot":"","sources":["../../src/identity/did-manager.ts"],"names":[],"mappings":";;;AAAA,oCAAoC;AAEpC,MAAa,eAAe;IACxB,KAAK,CAAC,kBAAkB;QACpB,MAAM,KAAK,GAAG,MAAM,IAAA,iBAAS,GAAE,CAAA;QAC/B,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC;YAC5C,QAAQ,EAAE,SAAS;SACtB,CAAC,CAAA;QACF,OAAO,UAAU,CAAA;IACrB,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,KAAc;QACpC,MAAM,KAAK,GAAG,MAAM,IAAA,iBAAS,GAAE,CAAA;QAC/B,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,gBAAgB,CAAC;YAC5C,QAAQ,EAAE,UAAU;YACpB,KAAK;SACR,CAAC,CAAA;QACF,OAAO,UAAU,CAAA;IACrB,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAAW;QACxB,MAAM,KAAK,GAAG,MAAM,IAAA,iBAAS,GAAE,CAAA;QAC/B,OAAO,MAAM,KAAK,CAAC,UAAU,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAA;IAClD,CAAC;CACJ;AAtBD,0CAsBC"}
+{"version":3,"file":"did-manager.js","sourceRoot":"","sources":["../../src/identity/did-manager.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA2B;AAC3B,0CAA4C;AAW5C,qCAAqC;AACrC,MAAM,yBAAyB,GAAG,IAAI,UAAU,CAAC,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAA;AAE9D,wCAAwC;AACxC,MAAM,eAAe,GAAG,4DAA4D,CAAA;AAEpF;;;GAGG;AACH,SAAS,eAAe,CAAC,KAAiB;IACtC,sBAAsB;IACtB,IAAI,YAAY,GAAG,CAAC,CAAA;IACpB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACtD,YAAY,EAAE,CAAA;IAClB,CAAC;IAED,wCAAwC;IACxC,IAAI,GAAG,GAAG,MAAM,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAA;IAC3D,MAAM,KAAK,GAAa,EAAE,CAAA;IAE1B,OAAO,GAAG,GAAG,EAAE,EAAE,CAAC;QACd,MAAM,SAAS,GAAG,MAAM,CAAC,GAAG,GAAG,GAAG,CAAC,CAAA;QACnC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,SAAS,CAAC,CAAC,CAAA;QACzC,GAAG,GAAG,GAAG,GAAG,GAAG,CAAA;IACnB,CAAC;IAED,qCAAqC;IACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,EAAE,CAAC,EAAE,EAAE,CAAC;QACpC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IACtB,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAA;AACzB,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CAAC,SAAqB;IAC5C,MAAM,aAAa,GAAG,IAAI,UAAU,CAAC,yBAAyB,CAAC,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAAA;IACzF,aAAa,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAA;IAC5C,aAAa,CAAC,GAAG,CAAC,SAAS,EAAE,yBAAyB,CAAC,MAAM,CAAC,CAAA;IAC9D,OAAO,YAAY,eAAe,CAAC,aAAa,CAAC,EAAE,CAAA;AACvD,CAAC;AAED,MAAa,eAAe;IAChB,QAAQ,CAAU;IAE1B,YAAY,QAAmB;QAC3B,IAAI,CAAC,QAAQ,GAAG,QAAQ,IAAI,IAAA,yBAAc,GAAE,CAAA;IAChD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,kBAAkB;QACpB,MAAM,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,gBAAM,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAA;QAEvE,uCAAuC;QACvC,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAA;QAChE,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAA;QAEnE,iDAAiD;QACjD,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAA;QACxE,kDAAkD;QAClD,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAA;QAE1E,MAAM,GAAG,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAA;QAE3C,OAAO;YACH,GAAG;YACH,OAAO,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,YAAY,EAAE;SAChE,CAAA;IACL,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU,CAAC,GAAW;QACxB,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAC3C,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,aAAa,CAAC,SAA8B;QAC9C,MAAM,YAAY,GAAG,OAAO,SAAS,KAAK,QAAQ;YAC9C,CAAC,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;YAClE,CAAC,CAAC,SAAS,CAAA;QAEf,IAAI,YAAY,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,6DAA6D,YAAY,CAAC,MAAM,EAAE,CAAC,CAAA;QACvG,CAAC;QAED,+CAA+C;QAC/C,6DAA6D;QAC7D,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC;YAC5B,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;YAC9C,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI;SACjD,CAAC,CAAA;QACF,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;QACxE,MAAM,gBAAgB,GAAG,gBAAM,CAAC,gBAAgB,CAAC;YAC7C,GAAG,EAAE,QAAQ;YACb,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,OAAO;SAChB,CAAC,CAAA;QAEF,oBAAoB;QACpB,MAAM,eAAe,GAAG,gBAAM,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAA;QAChE,MAAM,MAAM,GAAG,eAAe,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAA;QACtE,MAAM,YAAY,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC,CAAC,CAAA;QAExE,MAAM,GAAG,GAAG,iBAAiB,CAAC,YAAY,CAAC,CAAA;QAE3C,OAAO;YACH,GAAG;YACH,OAAO,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,YAAY,EAAE;SAChE,CAAA;IACL,CAAC;CACJ;AAhFD,0CAgFC"}

package/dist/index.d.ts

@@ -1,4 +1,6 @@
-export * from './identity/did-manager';
-export * from './credentials/vc-handler.service';
-export * from './agent';
+export { IdentityManager } from './identity/did-manager';
+export type { EphemeralIdentity } from './identity/did-manager';
+export { VCHandler } from './credentials/vc-handler.service';
+export { createResolver } from './resolver';
+export type { ResolverOptions } from './resolver';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,wBAAwB,CAAA;AACtC,cAAc,kCAAkC,CAAA;AAChD,cAAc,SAAS,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AACxD,YAAY,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAC/D,OAAO,EAAE,SAAS,EAAE,MAAM,kCAAkC,CAAA;AAC5D,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC3C,YAAY,EAAE,eAAe,EAAE,MAAM,YAAY,CAAA"}

package/dist/index.js

@@ -1,20 +1,10 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./identity/did-manager"), exports);
-__exportStar(require("./credentials/vc-handler.service"), exports);
-__exportStar(require("./agent"), exports);
+exports.createResolver = exports.VCHandler = exports.IdentityManager = void 0;
+var did_manager_1 = require("./identity/did-manager");
+Object.defineProperty(exports, "IdentityManager", { enumerable: true, get: function () { return did_manager_1.IdentityManager; } });
+var vc_handler_service_1 = require("./credentials/vc-handler.service");
+Object.defineProperty(exports, "VCHandler", { enumerable: true, get: function () { return vc_handler_service_1.VCHandler; } });
+var resolver_1 = require("./resolver");
+Object.defineProperty(exports, "createResolver", { enumerable: true, get: function () { return resolver_1.createResolver; } });
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yDAAsC;AACtC,mEAAgD;AAChD,0CAAuB"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,sDAAwD;AAA/C,8GAAA,eAAe,OAAA;AAExB,uEAA4D;AAAnD,+GAAA,SAAS,OAAA;AAClB,uCAA2C;AAAlC,0GAAA,cAAc,OAAA"}

package/dist/resolver.d.ts

@@ -0,0 +1,13 @@
+import { Resolver } from 'did-resolver';
+export interface ResolverOptions {
+    /** Ethereum network name for did:ethr (default: 'base') */
+    ethNetwork?: string;
+    /** RPC URL for did:ethr resolution */
+    rpcUrl?: string;
+}
+/**
+ * Creates a stateless DID Resolver.
+ * No database, no state — only blockchain/key-based resolution.
+ */
+export declare function createResolver(options?: ResolverOptions): Resolver;
+//# sourceMappingURL=resolver.d.ts.map

package/dist/resolver.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolver.d.ts","sourceRoot":"","sources":["../src/resolver.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAA;AAIvC,MAAM,WAAW,eAAe;IAC5B,2DAA2D;IAC3D,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,sCAAsC;IACtC,MAAM,CAAC,EAAE,MAAM,CAAA;CAClB;AAED;;;GAGG;AACH,wBAAgB,cAAc,CAAC,OAAO,CAAC,EAAE,eAAe,GAAG,QAAQ,CAUlE"}

package/dist/resolver.js

@@ -0,0 +1,21 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createResolver = createResolver;
+const did_resolver_1 = require("did-resolver");
+const key_did_resolver_1 = require("key-did-resolver");
+const ethr_did_resolver_1 = require("ethr-did-resolver");
+/**
+ * Creates a stateless DID Resolver.
+ * No database, no state — only blockchain/key-based resolution.
+ */
+function createResolver(options) {
+    const ethNetwork = options?.ethNetwork || 'base';
+    const rpcUrl = options?.rpcUrl || 'https://mainnet.base.org';
+    return new did_resolver_1.Resolver({
+        ...(0, key_did_resolver_1.getResolver)(),
+        ...(0, ethr_did_resolver_1.getResolver)({
+            networks: [{ name: ethNetwork, rpcUrl }],
+        }),
+    });
+}
+//# sourceMappingURL=resolver.js.map

package/dist/resolver.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"resolver.js","sourceRoot":"","sources":["../src/resolver.ts"],"names":[],"mappings":";;AAeA,wCAUC;AAzBD,+CAAuC;AACvC,uDAAgE;AAChE,yDAAkE;AASlE;;;GAGG;AACH,SAAgB,cAAc,CAAC,OAAyB;IACpD,MAAM,UAAU,GAAG,OAAO,EAAE,UAAU,IAAI,MAAM,CAAA;IAChD,MAAM,MAAM,GAAG,OAAO,EAAE,MAAM,IAAI,0BAA0B,CAAA;IAE5D,OAAO,IAAI,uBAAQ,CAAC;QAChB,GAAG,IAAA,8BAAc,GAAE;QACnB,GAAG,IAAA,+BAAe,EAAC;YACf,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,CAAC;SAC3C,CAAC;KACL,CAAC,CAAA;AACN,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@swimmingkiim/trust-sdk",
-  "version": "0.1.32",
+  "version": "0.2.2",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/swimmingkiim/a2a-project.git"
@@ -15,31 +15,19 @@
     }
   },
   "dependencies": {
-    "@veramo/core": "^6.0.2",
-    "@veramo/credential-w3c": "^6.0.2",
-    "@veramo/data-store": "^6.0.2",
-    "@veramo/did-manager": "^6.0.2",
-    "@veramo/did-provider-ethr": "^6.0.2",
-    "@veramo/did-provider-key": "^6.0.2",
-    "@veramo/did-resolver": "^6.0.2",
-    "@veramo/key-manager": "^6.0.2",
-    "@veramo/kms-local": "^6.0.2",
-    "did-jwt-vc": "^3.2.0",
+    "did-jwt": "^8.0.9",
+    "did-jwt-vc": "^4.0.8",
     "did-resolver": "^4.1.0",
-    "ethers": "^6.11.1",
     "ethr-did-resolver": "^11.0.5",
-    "key-did-resolver": "^4.0.0",
-    "reflect-metadata": "^0.2.2",
-    "sqlite3": "^5.1.7",
-    "ts-node": "^10.9.2",
-    "typeorm": "^0.3.28"
+    "key-did-resolver": "^4.0.0"
   },
   "devDependencies": {
     "tsx": "^4.21.0",
-    "typescript": "^5.3.3"
+    "typescript": "^5.3.3",
+    "vitest": "^4.0.18"
   },
   "scripts": {
     "build": "tsc",
-    "test": "echo \"Error: no test specified\" && exit 1"
+    "test": "vitest run"
   }
 }

package/src/credentials/vc-handler.service.ts

@@ -1,60 +1,87 @@
-import { initAgent, Agent } from '../agent'
-import { VerifiableCredential } from '@veramo/core'
+import { createVerifiableCredentialJwt, verifyCredential as verifyVC } from 'did-jwt-vc'
+import { EdDSASigner } from 'did-jwt'
+import { Resolver } from 'did-resolver'
+import { createResolver } from '../resolver'
+import type { EphemeralIdentity } from '../identity/did-manager'
 
 export class VCHandler {
-    private agent?: Agent
+    private resolver: Resolver
 
-    constructor(agent?: Agent) {
-        this.agent = agent
-    }
-
-    private async getAgent(): Promise<Agent> {
-        if (this.agent) return this.agent
-        return await initAgent()
+    constructor(resolver?: Resolver) {
+        this.resolver = resolver ?? createResolver()
     }
 
+    /**
+     * Creates a Verifiable Credential as a JWT string.
+     * Stateless: signs in-memory, no DB storage.
+     *
+     * @param issuerDid - DID of the issuer
+     * @param subjectDid - DID of the subject
+     * @param claims - Claims to include in the credential
+     * @param keyPair - Signing key pair (from IdentityManager.createEphemeralDID())
+     * @returns JWT string
+     */
     async createCredential(
         issuerDid: string,
         subjectDid: string,
-        claims: Record<string, any>
-    ): Promise<VerifiableCredential> {
-        const agent = await this.getAgent()
+        claims: Record<string, any>,
+        keyPair?: EphemeralIdentity['keyPair']
+    ): Promise<string> {
+        if (!keyPair) {
+            throw new Error('keyPair is required for credential issuance. Use IdentityManager.createEphemeralDID() to generate one.')
+        }
 
-        const credential = await agent.createVerifiableCredential({
-            credential: {
-                issuer: { id: issuerDid },
+        const signer = EdDSASigner(keyPair.secretKey)
+
+        const vcPayload = {
+            sub: subjectDid,
+            nbf: Math.floor(Date.now() / 1000),
+            vc: {
+                '@context': ['https://www.w3.org/2018/credentials/v1'],
+                type: ['VerifiableCredential'],
                 credentialSubject: {
                     id: subjectDid,
-                    ...claims
-                }
+                    ...claims,
+                },
             },
-            proofFormat: 'jwt',
-            save: true
-        })
+        }
+
+        const issuer = {
+            did: issuerDid,
+            signer,
+            alg: 'EdDSA' as const,
+        }
 
-        return credential
+        return await createVerifiableCredentialJwt(vcPayload, issuer)
     }
 
+    /**
+     * Verifies a Verifiable Credential JWT.
+     * Stateless: resolves issuer DID via blockchain/derivation/web,
+     * then verifies the JWT signature. No DB required.
+     */
     async verifyCredential(vcJwt: string): Promise<boolean> {
-        const agent = await this.getAgent()
-        const result = await agent.verifyCredential({
-            credential: vcJwt
-        })
+        try {
+            const result = await verifyVC(vcJwt, this.resolver)
 
-        if (!result.verified) {
-            console.error('Credential verification failed:', result.error)
-            return false
-        }
-
-        // Explicit expiration check
-        if (result.verifiableCredential && result.verifiableCredential.expirationDate) {
-            const expirationDate = new Date(result.verifiableCredential.expirationDate)
-            if (expirationDate < new Date()) {
-                console.error(`Credential expired on ${expirationDate.toISOString()}`)
+            if (!result.verified) {
+                console.error('Credential verification failed:', result)
                 return false
             }
-        }
 
-        return result.verified
+            // Explicit expiration check
+            if (result.verifiableCredential?.expirationDate) {
+                const expirationDate = new Date(result.verifiableCredential.expirationDate)
+                if (expirationDate < new Date()) {
+                    console.error(`Credential expired on ${expirationDate.toISOString()}`)
+                    return false
+                }
+            }
+
+            return true
+        } catch (error) {
+            console.error('VC verification error:', error)
+            return false
+        }
     }
 }