@textrp/briij-js-sdk 43.2.1 → 44.1.0

package/lib/xrpl/clientSignedBinding.d.ts

@@ -0,0 +1,21 @@
+export interface XrplClientSignedWalletAdapter {
+    getAddress(): Promise<string>;
+    signAndSubmit(tx: Record<string, unknown>): Promise<{
+        hash: string;
+        txBlob?: string;
+        signedTxBlob?: string;
+    }>;
+}
+export interface XrplClientSignedBindingConfig {
+    homeserverBaseUrl: string;
+    accessToken: string;
+    wallet: XrplClientSignedWalletAdapter;
+    network?: "xrpl" | "xahau";
+}
+export interface XrplClientSignedBindingResult {
+    did: Record<string, unknown>;
+    credential: Record<string, unknown>;
+}
+export declare function configureXrplClientSignedBinding(config: Partial<XrplClientSignedBindingConfig>): void;
+export declare function runClientSignedDidCredentialBinding(e2eePubkeyCommitment: string): Promise<XrplClientSignedBindingResult>;
+//# sourceMappingURL=clientSignedBinding.d.ts.map

package/lib/xrpl/clientSignedBinding.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"clientSignedBinding.d.ts","sourceRoot":"","sources":["../../src/xrpl/clientSignedBinding.ts"],"names":[],"mappings":"AAkBA,MAAM,WAAW,6BAA6B;IAC1C,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9B,aAAa,CAAC,EAAE,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC;QAChD,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB,YAAY,CAAC,EAAE,MAAM,CAAC;KACzB,CAAC,CAAC;CACN;AAED,MAAM,WAAW,6BAA6B;IAC1C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,6BAA6B,CAAC;IACtC,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;CAC9B;AAED,MAAM,WAAW,6BAA6B;IAC1C,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACvC;AAID,wBAAgB,gCAAgC,CAAC,MAAM,EAAE,OAAO,CAAC,6BAA6B,CAAC,GAAG,IAAI,CAKrG;AAED,wBAAsB,mCAAmC,CACrD,oBAAoB,EAAE,MAAM,GAC7B,OAAO,CAAC,6BAA6B,CAAC,CAwDxC"}

package/lib/xrpl/clientSignedBinding.js

@@ -0,0 +1,112 @@
+import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
+import _defineProperty from "@babel/runtime/helpers/defineProperty";
+function ownKeys(e, r) { var t = Object.keys(e); if (Object.getOwnPropertySymbols) { var o = Object.getOwnPropertySymbols(e); r && (o = o.filter(function (r) { return Object.getOwnPropertyDescriptor(e, r).enumerable; })), t.push.apply(t, o); } return t; }
+function _objectSpread(e) { for (var r = 1; r < arguments.length; r++) { var t = null != arguments[r] ? arguments[r] : {}; r % 2 ? ownKeys(Object(t), !0).forEach(function (r) { _defineProperty(e, r, t[r]); }) : Object.getOwnPropertyDescriptors ? Object.defineProperties(e, Object.getOwnPropertyDescriptors(t)) : ownKeys(Object(t)).forEach(function (r) { Object.defineProperty(e, r, Object.getOwnPropertyDescriptor(t, r)); }); } return e; }
+/*
+Copyright 2026 The Matrix.org Foundation C.I.C.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+import { logger } from "../logger.js";
+var bindingConfig = {};
+export function configureXrplClientSignedBinding(config) {
+  bindingConfig = _objectSpread(_objectSpread({}, bindingConfig), config);
+}
+export function runClientSignedDidCredentialBinding(_x) {
+  return _runClientSignedDidCredentialBinding.apply(this, arguments);
+}
+function _runClientSignedDidCredentialBinding() {
+  _runClientSignedDidCredentialBinding = _asyncToGenerator(function* (e2eePubkeyCommitment) {
+    var _bindingConfig$networ, _didSignResult$txBlob, _credentialSignResult;
+    var {
+      homeserverBaseUrl,
+      accessToken,
+      wallet
+    } = bindingConfig;
+    var network = (_bindingConfig$networ = bindingConfig.network) !== null && _bindingConfig$networ !== void 0 ? _bindingConfig$networ : "xrpl";
+    if (!homeserverBaseUrl || !accessToken || !wallet) {
+      throw new Error("XRPL client-signed binding is not configured");
+    }
+    var xrplAddress = yield wallet.getAddress();
+    var didPrepare = yield postJson(homeserverBaseUrl, accessToken, "/_matrix/client/v3/did/prepare", {
+      xrpl_address: xrplAddress,
+      network,
+      e2ee_pubkey_commitment: e2eePubkeyCommitment
+    });
+    var didSignResult = yield wallet.signAndSubmit(asObject(didPrepare.unsigned_tx, "did unsigned_tx"));
+    var didTxBlob = (_didSignResult$txBlob = didSignResult.txBlob) !== null && _didSignResult$txBlob !== void 0 ? _didSignResult$txBlob : didSignResult.signedTxBlob;
+    if (!didTxBlob) {
+      throw new Error("Wallet adapter must return txBlob/signedTxBlob for DID finalize");
+    }
+    var didFinalize = yield postJson(homeserverBaseUrl, accessToken, "/_matrix/client/v3/did/finalize", {
+      xrpl_address: xrplAddress,
+      network,
+      session: didPrepare.session,
+      tx_blob: didTxBlob,
+      tx_hash: didSignResult.hash
+    });
+    var credentialPrepare = yield postJson(homeserverBaseUrl, accessToken, "/_matrix/client/v3/credential/prepare", {
+      xrpl_address: xrplAddress,
+      network,
+      e2ee_pubkey_commitment: e2eePubkeyCommitment
+    });
+    var credentialSignResult = yield wallet.signAndSubmit(asObject(credentialPrepare.unsigned_tx, "credential unsigned_tx"));
+    var credentialTxBlob = (_credentialSignResult = credentialSignResult.txBlob) !== null && _credentialSignResult !== void 0 ? _credentialSignResult : credentialSignResult.signedTxBlob;
+    if (!credentialTxBlob) {
+      throw new Error("Wallet adapter must return txBlob/signedTxBlob for credential finalize");
+    }
+    var credentialFinalize = yield postJson(homeserverBaseUrl, accessToken, "/_matrix/client/v3/credential/finalize", {
+      xrpl_address: xrplAddress,
+      network,
+      session: credentialPrepare.session,
+      tx_blob: credentialTxBlob,
+      tx_hash: credentialSignResult.hash
+    });
+    logger.info("Completed client-signed DID/Credential binding for %s", xrplAddress);
+    return {
+      did: didFinalize,
+      credential: credentialFinalize
+    };
+  });
+  return _runClientSignedDidCredentialBinding.apply(this, arguments);
+}
+function asObject(value, name) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    throw new Error("Invalid ".concat(name, " payload from homeserver"));
+  }
+  return value;
+}
+function postJson(_x2, _x3, _x4, _x5) {
+  return _postJson.apply(this, arguments);
+}
+function _postJson() {
+  _postJson = _asyncToGenerator(function* (homeserverBaseUrl, accessToken, path, body) {
+    var response = yield fetch("".concat(homeserverBaseUrl.replace(/\/+$/, "")).concat(path), {
+      method: "POST",
+      headers: {
+        Authorization: "Bearer ".concat(accessToken),
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify(body)
+    });
+    var payload = yield response.json().catch(() => ({}));
+    if (!response.ok) {
+      var message = typeof payload.error === "string" ? payload.error : "HTTP ".concat(response.status);
+      throw new Error("XRPL client-signed request failed (".concat(path, "): ").concat(message));
+    }
+    return payload;
+  });
+  return _postJson.apply(this, arguments);
+}
+//# sourceMappingURL=clientSignedBinding.js.map

package/lib/xrpl/clientSignedBinding.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"clientSignedBinding.js","names":["logger","bindingConfig","configureXrplClientSignedBinding","config","_objectSpread","runClientSignedDidCredentialBinding","_x","_runClientSignedDidCredentialBinding","apply","arguments","_asyncToGenerator","e2eePubkeyCommitment","_bindingConfig$networ","_didSignResult$txBlob","_credentialSignResult","homeserverBaseUrl","accessToken","wallet","network","Error","xrplAddress","getAddress","didPrepare","postJson","xrpl_address","e2ee_pubkey_commitment","didSignResult","signAndSubmit","asObject","unsigned_tx","didTxBlob","txBlob","signedTxBlob","didFinalize","session","tx_blob","tx_hash","hash","credentialPrepare","credentialSignResult","credentialTxBlob","credentialFinalize","info","did","credential","value","name","Array","isArray","concat","_x2","_x3","_x4","_x5","_postJson","path","body","response","fetch","replace","method","headers","Authorization","JSON","stringify","payload","json","catch","ok","message","error","status"],"sources":["../../src/xrpl/clientSignedBinding.ts"],"sourcesContent":["/*\nCopyright 2026 The Matrix.org Foundation C.I.C.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n*/\n\nimport { logger } from \"../logger.ts\";\n\nexport interface XrplClientSignedWalletAdapter {\n    getAddress(): Promise<string>;\n    signAndSubmit(tx: Record<string, unknown>): Promise<{\n        hash: string;\n        txBlob?: string;\n        signedTxBlob?: string;\n    }>;\n}\n\nexport interface XrplClientSignedBindingConfig {\n    homeserverBaseUrl: string;\n    accessToken: string;\n    wallet: XrplClientSignedWalletAdapter;\n    network?: \"xrpl\" | \"xahau\";\n}\n\nexport interface XrplClientSignedBindingResult {\n    did: Record<string, unknown>;\n    credential: Record<string, unknown>;\n}\n\nlet bindingConfig: Partial<XrplClientSignedBindingConfig> = {};\n\nexport function configureXrplClientSignedBinding(config: Partial<XrplClientSignedBindingConfig>): void {\n    bindingConfig = {\n        ...bindingConfig,\n        ...config,\n    };\n}\n\nexport async function runClientSignedDidCredentialBinding(\n    e2eePubkeyCommitment: string,\n): Promise<XrplClientSignedBindingResult> {\n    const { homeserverBaseUrl, accessToken, wallet } = bindingConfig;\n    const network = bindingConfig.network ?? \"xrpl\";\n    if (!homeserverBaseUrl || !accessToken || !wallet) {\n        throw new Error(\"XRPL client-signed binding is not configured\");\n    }\n\n    const xrplAddress = await wallet.getAddress();\n    const didPrepare = await postJson(homeserverBaseUrl, accessToken, \"/_matrix/client/v3/did/prepare\", {\n        xrpl_address: xrplAddress,\n        network,\n        e2ee_pubkey_commitment: e2eePubkeyCommitment,\n    });\n    const didSignResult = await wallet.signAndSubmit(asObject(didPrepare.unsigned_tx, \"did unsigned_tx\"));\n    const didTxBlob = didSignResult.txBlob ?? didSignResult.signedTxBlob;\n    if (!didTxBlob) {\n        throw new Error(\"Wallet adapter must return txBlob/signedTxBlob for DID finalize\");\n    }\n    const didFinalize = await postJson(homeserverBaseUrl, accessToken, \"/_matrix/client/v3/did/finalize\", {\n        xrpl_address: xrplAddress,\n        network,\n        session: didPrepare.session,\n        tx_blob: didTxBlob,\n        tx_hash: didSignResult.hash,\n    });\n\n    const credentialPrepare = await postJson(homeserverBaseUrl, accessToken, \"/_matrix/client/v3/credential/prepare\", {\n        xrpl_address: xrplAddress,\n        network,\n        e2ee_pubkey_commitment: e2eePubkeyCommitment,\n    });\n    const credentialSignResult = await wallet.signAndSubmit(\n        asObject(credentialPrepare.unsigned_tx, \"credential unsigned_tx\"),\n    );\n    const credentialTxBlob = credentialSignResult.txBlob ?? credentialSignResult.signedTxBlob;\n    if (!credentialTxBlob) {\n        throw new Error(\"Wallet adapter must return txBlob/signedTxBlob for credential finalize\");\n    }\n    const credentialFinalize = await postJson(\n        homeserverBaseUrl,\n        accessToken,\n        \"/_matrix/client/v3/credential/finalize\",\n        {\n            xrpl_address: xrplAddress,\n            network,\n            session: credentialPrepare.session,\n            tx_blob: credentialTxBlob,\n            tx_hash: credentialSignResult.hash,\n        },\n    );\n\n    logger.info(\"Completed client-signed DID/Credential binding for %s\", xrplAddress);\n    return {\n        did: didFinalize,\n        credential: credentialFinalize,\n    };\n}\n\nfunction asObject(value: unknown, name: string): Record<string, unknown> {\n    if (!value || typeof value !== \"object\" || Array.isArray(value)) {\n        throw new Error(`Invalid ${name} payload from homeserver`);\n    }\n    return value as Record<string, unknown>;\n}\n\nasync function postJson(\n    homeserverBaseUrl: string,\n    accessToken: string,\n    path: string,\n    body: Record<string, unknown>,\n): Promise<Record<string, unknown>> {\n    const response = await fetch(`${homeserverBaseUrl.replace(/\\/+$/, \"\")}${path}`, {\n        method: \"POST\",\n        headers: {\n            Authorization: `Bearer ${accessToken}`,\n            \"Content-Type\": \"application/json\",\n        },\n        body: JSON.stringify(body),\n    });\n    const payload = (await response.json().catch(() => ({}))) as Record<string, unknown>;\n    if (!response.ok) {\n        const message = typeof payload.error === \"string\" ? payload.error : `HTTP ${response.status}`;\n        throw new Error(`XRPL client-signed request failed (${path}): ${message}`);\n    }\n    return payload;\n}\n"],"mappings":";;;;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,MAAM,QAAQ,cAAc;AAuBrC,IAAIC,aAAqD,GAAG,CAAC,CAAC;AAE9D,OAAO,SAASC,gCAAgCA,CAACC,MAA8C,EAAQ;EACnGF,aAAa,GAAAG,aAAA,CAAAA,aAAA,KACNH,aAAa,GACbE,MAAM,CACZ;AACL;AAEA,gBAAsBE,mCAAmCA,CAAAC,EAAA;EAAA,OAAAC,oCAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AA0DxD,SAAAF,qCAAA;EAAAA,oCAAA,GAAAG,iBAAA,CA1DM,WACHC,oBAA4B,EACU;IAAA,IAAAC,qBAAA,EAAAC,qBAAA,EAAAC,qBAAA;IACtC,IAAM;MAAEC,iBAAiB;MAAEC,WAAW;MAAEC;IAAO,CAAC,GAAGhB,aAAa;IAChE,IAAMiB,OAAO,IAAAN,qBAAA,GAAGX,aAAa,CAACiB,OAAO,cAAAN,qBAAA,cAAAA,qBAAA,GAAI,MAAM;IAC/C,IAAI,CAACG,iBAAiB,IAAI,CAACC,WAAW,IAAI,CAACC,MAAM,EAAE;MAC/C,MAAM,IAAIE,KAAK,CAAC,8CAA8C,CAAC;IACnE;IAEA,IAAMC,WAAW,SAASH,MAAM,CAACI,UAAU,CAAC,CAAC;IAC7C,IAAMC,UAAU,SAASC,QAAQ,CAACR,iBAAiB,EAAEC,WAAW,EAAE,gCAAgC,EAAE;MAChGQ,YAAY,EAAEJ,WAAW;MACzBF,OAAO;MACPO,sBAAsB,EAAEd;IAC5B,CAAC,CAAC;IACF,IAAMe,aAAa,SAAST,MAAM,CAACU,aAAa,CAACC,QAAQ,CAACN,UAAU,CAACO,WAAW,EAAE,iBAAiB,CAAC,CAAC;IACrG,IAAMC,SAAS,IAAAjB,qBAAA,GAAGa,aAAa,CAACK,MAAM,cAAAlB,qBAAA,cAAAA,qBAAA,GAAIa,aAAa,CAACM,YAAY;IACpE,IAAI,CAACF,SAAS,EAAE;MACZ,MAAM,IAAIX,KAAK,CAAC,iEAAiE,CAAC;IACtF;IACA,IAAMc,WAAW,SAASV,QAAQ,CAACR,iBAAiB,EAAEC,WAAW,EAAE,iCAAiC,EAAE;MAClGQ,YAAY,EAAEJ,WAAW;MACzBF,OAAO;MACPgB,OAAO,EAAEZ,UAAU,CAACY,OAAO;MAC3BC,OAAO,EAAEL,SAAS;MAClBM,OAAO,EAAEV,aAAa,CAACW;IAC3B,CAAC,CAAC;IAEF,IAAMC,iBAAiB,SAASf,QAAQ,CAACR,iBAAiB,EAAEC,WAAW,EAAE,uCAAuC,EAAE;MAC9GQ,YAAY,EAAEJ,WAAW;MACzBF,OAAO;MACPO,sBAAsB,EAAEd;IAC5B,CAAC,CAAC;IACF,IAAM4B,oBAAoB,SAAStB,MAAM,CAACU,aAAa,CACnDC,QAAQ,CAACU,iBAAiB,CAACT,WAAW,EAAE,wBAAwB,CACpE,CAAC;IACD,IAAMW,gBAAgB,IAAA1B,qBAAA,GAAGyB,oBAAoB,CAACR,MAAM,cAAAjB,qBAAA,cAAAA,qBAAA,GAAIyB,oBAAoB,CAACP,YAAY;IACzF,IAAI,CAACQ,gBAAgB,EAAE;MACnB,MAAM,IAAIrB,KAAK,CAAC,wEAAwE,CAAC;IAC7F;IACA,IAAMsB,kBAAkB,SAASlB,QAAQ,CACrCR,iBAAiB,EACjBC,WAAW,EACX,wCAAwC,EACxC;MACIQ,YAAY,EAAEJ,WAAW;MACzBF,OAAO;MACPgB,OAAO,EAAEI,iBAAiB,CAACJ,OAAO;MAClCC,OAAO,EAAEK,gBAAgB;MACzBJ,OAAO,EAAEG,oBAAoB,CAACF;IAClC,CACJ,CAAC;IAEDrC,MAAM,CAAC0C,IAAI,CAAC,uDAAuD,EAAEtB,WAAW,CAAC;IACjF,OAAO;MACHuB,GAAG,EAAEV,WAAW;MAChBW,UAAU,EAAEH;IAChB,CAAC;EACL,CAAC;EAAA,OAAAlC,oCAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAED,SAASmB,QAAQA,CAACiB,KAAc,EAAEC,IAAY,EAA2B;EACrE,IAAI,CAACD,KAAK,IAAI,OAAOA,KAAK,KAAK,QAAQ,IAAIE,KAAK,CAACC,OAAO,CAACH,KAAK,CAAC,EAAE;IAC7D,MAAM,IAAI1B,KAAK,YAAA8B,MAAA,CAAYH,IAAI,6BAA0B,CAAC;EAC9D;EACA,OAAOD,KAAK;AAChB;AAAC,SAEctB,QAAQA,CAAA2B,GAAA,EAAAC,GAAA,EAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,SAAA,CAAA9C,KAAA,OAAAC,SAAA;AAAA;AAAA,SAAA6C,UAAA;EAAAA,SAAA,GAAA5C,iBAAA,CAAvB,WACIK,iBAAyB,EACzBC,WAAmB,EACnBuC,IAAY,EACZC,IAA6B,EACG;IAChC,IAAMC,QAAQ,SAASC,KAAK,IAAAT,MAAA,CAAIlC,iBAAiB,CAAC4C,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,EAAAV,MAAA,CAAGM,IAAI,GAAI;MAC5EK,MAAM,EAAE,MAAM;MACdC,OAAO,EAAE;QACLC,aAAa,YAAAb,MAAA,CAAYjC,WAAW,CAAE;QACtC,cAAc,EAAE;MACpB,CAAC;MACDwC,IAAI,EAAEO,IAAI,CAACC,SAAS,CAACR,IAAI;IAC7B,CAAC,CAAC;IACF,IAAMS,OAAO,SAAUR,QAAQ,CAACS,IAAI,CAAC,CAAC,CAACC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAA6B;IACpF,IAAI,CAACV,QAAQ,CAACW,EAAE,EAAE;MACd,IAAMC,OAAO,GAAG,OAAOJ,OAAO,CAACK,KAAK,KAAK,QAAQ,GAAGL,OAAO,CAACK,KAAK,WAAArB,MAAA,CAAWQ,QAAQ,CAACc,MAAM,CAAE;MAC7F,MAAM,IAAIpD,KAAK,uCAAA8B,MAAA,CAAuCM,IAAI,SAAAN,MAAA,CAAMoB,OAAO,CAAE,CAAC;IAC9E;IACA,OAAOJ,OAAO;EAClB,CAAC;EAAA,OAAAX,SAAA,CAAA9C,KAAA,OAAAC,SAAA;AAAA","ignoreList":[]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@textrp/briij-js-sdk",
-  "version": "43.2.1",
+  "version": "44.1.0",
   "description": "Briij Client-Server SDK for JavaScript and TypeScript",
   "engines": {
     "node": ">=22.0.0"
@@ -39,6 +39,7 @@
     "another-json": "^0.2.0",
     "bs58": "^6.0.0",
     "content-type": "^1.0.4",
+    "did-resolver": "^4.1.0",
     "jwt-decode": "^4.0.0",
     "loglevel": "^1.9.2",
     "matrix-events-sdk": "0.0.1",
@@ -46,6 +47,7 @@
     "oidc-client-ts": "^3.0.1",
     "p-retry": "7",
     "sdp-transform": "^3.0.0",
+    "snarkjs": "^0.7.6",
     "unhomoglyph": "^1.0.6",
     "uuid": "13",
     "xrpl": "^4.6.0"

package/src/@types/auth.ts

@@ -270,6 +270,50 @@ export interface WalletIdentityAccountData {
     public_key?: string | null;
     network?: string | null;
     key_type?: string | null;
+    did_uri?: string | null;
+    credential_id?: string | null;
+    e2ee_pubkey_commitment?: string | null;
+}
+
+interface DidVerificationMethod {
+    id: string;
+    type: string;
+    controller: string;
+    publicKeyMultibase?: string;
+    blockchainAccountId?: string;
+}
+
+export interface DidResolutionResult {
+    did_uri: string;
+    resolution_type?: string;
+    did_document: {
+        id: string;
+        verificationMethod: DidVerificationMethod[];
+        authentication: string[];
+        service?: Array<Record<string, string>>;
+    };
+}
+
+export interface CredentialCreateResult {
+    credential_id: string;
+    status: string;
+}
+
+export interface CredentialVerifyResult {
+    credential_id: string;
+    valid: boolean;
+}
+
+export interface ZkpVerifyResult {
+    valid: boolean;
+    verified_at?: number;
+    reason?: string;
+}
+
+export interface DidCredentialMetadata {
+    didUri: string;
+    credentialId: string;
+    issuedAt: number;
 }
 
 export interface XrplWalletLoginRequest extends Omit<LoginRequest, "type"> {

package/src/@types/snarkjs.d.ts

@@ -0,0 +1,17 @@
+declare module "snarkjs" {
+    export const groth16: {
+        fullProve: (
+            input: Record<string, string>,
+            wasmPath: string,
+            zkeyPath: string,
+        ) => Promise<{
+            proof: Record<string, unknown>;
+            publicSignals: string[] | Record<string, string>;
+        }>;
+        verify: (
+            verificationKey: Record<string, unknown>,
+            publicSignals: string[] | Record<string, string>,
+            proof: Record<string, unknown>,
+        ) => Promise<boolean>;
+    };
+}

package/src/auth/credential.ts

@@ -0,0 +1,63 @@
+/*
+Copyright 2026 Xurge Digital Lab
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+*/
+
+export interface CredentialCreateRequest {
+    did_uri: string;
+    subject: string;
+    e2ee_pubkey_commitment: string;
+}
+
+export interface CredentialCreateResponse {
+    credential_id: string;
+    status: string;
+}
+
+export interface CredentialVerifyResponse {
+    credential_id: string;
+    valid: boolean;
+}
+
+export interface DidCredentialMetadata {
+    didUri: string;
+    credentialId: string;
+    issuedAt: number;
+}
+
+const METADATA_KEY = "briij.did_credential_metadata";
+const memoryMetadata = new Map<string, DidCredentialMetadata>();
+
+export async function requestCredentialCreate(
+    requester: (path: string, method: "POST", body: CredentialCreateRequest) => Promise<CredentialCreateResponse>,
+    payload: CredentialCreateRequest,
+): Promise<CredentialCreateResponse> {
+    return requester("/credential/create", "POST", payload);
+}
+
+export async function verifyCredential(
+    requester: (path: string, method: "POST", body: { credential_id: string }) => Promise<CredentialVerifyResponse>,
+    credentialId: string,
+): Promise<CredentialVerifyResponse> {
+    return requester("/credential/verify", "POST", { credential_id: credentialId });
+}
+
+export function storeDidCredentialMetadata(userId: string, metadata: DidCredentialMetadata): void {
+    memoryMetadata.set(userId, metadata);
+    if (globalThis.localStorage) {
+        globalThis.localStorage.setItem(`${METADATA_KEY}:${userId}`, JSON.stringify(metadata));
+    }
+}
+
+export function loadDidCredentialMetadata(userId: string): DidCredentialMetadata | null {
+    const fromMemory = memoryMetadata.get(userId);
+    if (fromMemory) return fromMemory;
+    const raw = globalThis.localStorage?.getItem(`${METADATA_KEY}:${userId}`);
+    if (!raw) return null;
+    return JSON.parse(raw) as DidCredentialMetadata;
+}

package/src/auth/did.ts

@@ -0,0 +1,89 @@
+/*
+Copyright 2026 Xurge Digital Lab
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+*/
+
+import { Resolver } from "did-resolver";
+
+export interface DidVerificationMethod {
+    id: string;
+    type: string;
+    controller: string;
+    publicKeyMultibase?: string;
+    blockchainAccountId?: string;
+}
+
+export interface DidDocumentShape {
+    id: string;
+    verificationMethod: DidVerificationMethod[];
+    authentication: string[];
+    service?: Array<Record<string, string>>;
+}
+
+export interface DidResolutionResponse {
+    did_uri: string;
+    resolution_type?: string;
+    did_document: DidDocumentShape;
+}
+
+const fallbackResolver = new Resolver({});
+
+export function deriveXrplDid(address: string, network: "testnet" | "mainnet" = "testnet"): string {
+    if (!address || !address.startsWith("r")) {
+        throw new Error("Invalid XRPL address");
+    }
+    return `did:xrpl:${network}:${address}`;
+}
+
+export function createMinimalDidDocument(didUri: string, e2eePubkeyCommitment: string): DidDocumentShape {
+    return {
+        id: didUri,
+        verificationMethod: [
+            {
+                id: `${didUri}#owner`,
+                type: "EcdsaSecp256k1RecoveryMethod2020",
+                controller: didUri,
+            },
+            {
+                id: `${didUri}#e2ee`,
+                type: "E2EEPublicKeyCommitment",
+                controller: didUri,
+                publicKeyMultibase: e2eePubkeyCommitment,
+            },
+        ],
+        authentication: [`${didUri}#owner`],
+        service: [
+            {
+                id: `${didUri}#did-resolution`,
+                type: "BriijDidResolution",
+                serviceEndpoint: "/_matrix/client/v3/did/resolve",
+            },
+        ],
+    };
+}
+
+export async function resolveDidViaHomeserver(
+    requester: (path: string, method: "GET") => Promise<DidResolutionResponse>,
+    account: string,
+): Promise<DidResolutionResponse> {
+    const direct = await requester(`/did/resolve?account=${encodeURIComponent(account)}`, "GET");
+    if (direct?.did_document?.id) {
+        return direct;
+    }
+
+    // Keep a resolver instance available for future DID-method plugins.
+    const fallback = await fallbackResolver.resolve(`did:xrpl:testnet:${account}`);
+    if (fallback.didDocument) {
+        return {
+            did_uri: fallback.didDocument.id,
+            did_document: fallback.didDocument as DidDocumentShape,
+            resolution_type: "resolver-fallback",
+        };
+    }
+    throw new Error("Failed to resolve DID document");
+}

package/src/auth/wallet.ts

@@ -0,0 +1,50 @@
+/*
+Copyright 2026 Xurge Digital Lab
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+*/
+
+import { XRPL_WALLET_LOGIN_TYPE } from "../@types/auth.ts";
+
+export interface WalletProofResult {
+    address: string;
+    signature: string;
+    publicKey?: string;
+    network?: string;
+}
+
+export interface WalletLoginSubmission {
+    type: typeof XRPL_WALLET_LOGIN_TYPE;
+    address: string;
+    signature: string;
+    public_key?: string;
+    network: string;
+    session: string;
+    username?: string;
+}
+
+export type WalletProofProvider = (challenge: string, network: string) => Promise<WalletProofResult>;
+
+/**
+ * Normalizes wallet proof payload to the login body used by the homeserver.
+ */
+export function buildWalletLoginSubmission(
+    proof: WalletProofResult,
+    session: string,
+    network: string,
+    username?: string,
+): WalletLoginSubmission {
+    return {
+        type: XRPL_WALLET_LOGIN_TYPE,
+        session,
+        address: proof.address,
+        signature: proof.signature,
+        public_key: proof.publicKey,
+        network: proof.network ?? network,
+        username,
+    };
+}

package/src/auth/zkpE2EE.ts

@@ -0,0 +1,88 @@
+/*
+Copyright 2026 Xurge Digital Lab
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+*/
+
+export interface E2eeZkInput {
+    didUri: string;
+    xrplAddress: string;
+    e2eePrivateKey: string;
+    credentialId: string;
+}
+
+export interface E2eeZkProofPayload {
+    proof: Record<string, unknown>;
+    publicSignals: string[] | Record<string, string>;
+}
+
+export interface E2eeZkGenerateOptions {
+    wasmPath: string;
+    zkeyPath: string;
+    fullProve?: (
+        input: Record<string, string>,
+        wasmPath: string,
+        zkeyPath: string,
+    ) => Promise<E2eeZkProofPayload>;
+}
+
+export interface E2eeZkVerifyOptions {
+    verificationKey: Record<string, unknown>;
+    verify?: (
+        verificationKey: Record<string, unknown>,
+        publicSignals: E2eeZkProofPayload["publicSignals"],
+        proof: E2eeZkProofPayload["proof"],
+    ) => Promise<boolean>;
+}
+
+async function sha256Hex(input: string): Promise<string> {
+    if (!globalThis.crypto?.subtle) {
+        return input;
+    }
+    const digest = await globalThis.crypto.subtle.digest("SHA-256", new TextEncoder().encode(input));
+    return Array.from(new Uint8Array(digest))
+        .map((b) => b.toString(16).padStart(2, "0"))
+        .join("");
+}
+
+export async function generateE2eeZkProof(
+    input: E2eeZkInput,
+    options: E2eeZkGenerateOptions,
+): Promise<E2eeZkProofPayload> {
+    const fullProve =
+        options.fullProve ??
+        (async (signals, wasmPath, zkeyPath) => {
+            const snarkjs = await import("snarkjs");
+            return snarkjs.groth16.fullProve(signals, wasmPath, zkeyPath);
+        });
+
+    const e2eePrivateKeyHash = await sha256Hex(input.e2eePrivateKey);
+    return fullProve(
+        {
+            did_uri: input.didUri,
+            xrpl_address: input.xrplAddress,
+            credential_id: input.credentialId,
+            e2ee_privkey_hash: e2eePrivateKeyHash,
+        },
+        options.wasmPath,
+        options.zkeyPath,
+    );
+}
+
+export async function verifyE2eeZkProof(
+    payload: E2eeZkProofPayload,
+    options: E2eeZkVerifyOptions,
+): Promise<boolean> {
+    const verifier =
+        options.verify ??
+        (async (verificationKey, publicSignals, proof) => {
+            const snarkjs = await import("snarkjs");
+            return snarkjs.groth16.verify(verificationKey, publicSignals, proof);
+        });
+
+    return verifier(options.verificationKey, payload.publicSignals, payload.proof);
+}

package/src/briij.ts

@@ -49,7 +49,20 @@ export * from "./scheduler.ts";
 export * from "./filter.ts";
 export * from "./timeline-window.ts";
 export * from "./interactive-auth.ts";
+export * from "./auth/did.ts";
+export {
+    type CredentialCreateRequest,
+    type CredentialCreateResponse,
+    type CredentialVerifyResponse,
+    loadDidCredentialMetadata,
+    requestCredentialCreate,
+    storeDidCredentialMetadata,
+    verifyCredential,
+} from "./auth/credential.ts";
+export * from "./auth/wallet.ts";
+export * from "./auth/zkpE2EE.ts";
 export * from "./xrpl/identity.ts";
+export * from "./xrpl/clientSignedBinding.ts";
 export * from "./xrpl/trust.ts";
 export * from "./xrpl/verification.ts";
 export * from "./wallet-recovery.ts";