@twin.org/node-core 0.0.2-next.12 → 0.0.2-next.13

package/dist/cjs/index.cjs

@@ -153,9 +153,7 @@ async function bootstrap(engineCore, context, envVars) {
     await bootstrapBlobEncryption(engineCore, context, envVars);
     await addVerificationMethod(engineCore, context, "attestation", envVars.attestationVerificationMethodId);
     await addVerificationMethod(engineCore, context, "immutable proof", envVars.immutableProofVerificationMethodId);
-    if (core.Coerce.boolean(envVars.rightsManagementEnabled) ?? false) {
-        await addVerificationMethod(engineCore, context, "rights management", envVars.rightsManagementVerificationMethodId);
-    }
+    await addVerificationMethod(engineCore, context, "node to node authentication", envVars.vcAuthenticationVerificationMethodId);
     await bootstrapSynchronisedStorage(engineCore, context, envVars);
 }
 /**
@@ -494,8 +492,6 @@ async function bootstrapAuth(engineCore, context, envVars, features) {
  */
 async function bootstrapSynchronisedStorage(engineCore, context, envVars, features) {
     if (core.Coerce.boolean(envVars.synchronisedStorageEnabled) ?? false) {
-        // Add the verification method to the identity if it doesn't exist
-        await addVerificationMethod(engineCore, context, "synchronised storage", envVars.synchronisedStorageVerificationMethodId);
         // If this is a trusted node we need to add the blob encryption key pair
         if (core.Is.stringValue(envVars.synchronisedStorageBlobStorageEncryptionKeyId) &&
             core.Is.stringBase64(envVars.synchronisedStorageBlobStorageKey)) {
@@ -574,8 +570,7 @@ function buildEngineConfiguration(envVars) {
     envVars.blobStorageEnableEncryption ??= "false";
     envVars.blobStorageEncryptionKeyId ??= "blob-encryption";
     envVars.synchronisedStorageBlobStorageEncryptionKeyId ??= "synchronised-storage-blob-encryption";
-    envVars.synchronisedStorageVerificationMethodId ??= "synchronised-storage-assertion";
-    envVars.rightsManagementVerificationMethodId ??= "rights-management-assertion";
+    envVars.vcAuthenticationVerificationMethodId ??= "node-authentication-assertion";
     const coreConfig = {
         debug: core.Coerce.boolean(envVars.debug) ?? false,
         types: {}
@@ -602,6 +597,7 @@ function buildEngineConfiguration(envVars) {
     configureAuditableItemGraph(coreConfig);
     configureAuditableItemStream(coreConfig);
     configureDocumentManagement(coreConfig);
+    configureNodeToNode(coreConfig, envVars);
     configureRightsManagement(coreConfig, envVars);
     configureSynchronisedStorage(coreConfig, envVars);
     configureFederatedCatalogue(coreConfig, envVars);
@@ -1358,6 +1354,24 @@ function configureDocumentManagement(coreConfig, envVars) {
         });
     }
 }
+/**
+ * Configures the node to node.
+ * @param coreConfig The core config.
+ * @param envVars The environment variables.
+ */
+function configureNodeToNode(coreConfig, envVars) {
+    if (core.Is.arrayValue(coreConfig.types.identityComponent)) {
+        // Can only perform VC authentication if identity component is available
+        coreConfig.types.authenticationGeneratorComponent ??= [];
+        coreConfig.types.authenticationGeneratorComponent.push({
+            type: engineTypes.AuthenticationGeneratorComponentType.VerifiableCredential,
+            options: {
+                config: { verificationMethodId: envVars.vcAuthenticationVerificationMethodId ?? "" }
+            },
+            features: ["verifiable-credential"]
+        });
+    }
+}
 /**
  * Configures the rights management.
  * @param coreConfig The core config.
@@ -1421,7 +1435,6 @@ function configureRightsManagement(coreConfig, envVars) {
                     : undefined,
                 config: {
                     baseCallbackUrl: envVars.rightsManagementBaseCallbackUrl ?? "",
-                    rightsManagementMethodId: envVars.rightsManagementVerificationMethodId ?? "",
                     offers: core.Is.arrayValue(envVars.rightsManagementOffers)
                         ? envVars.rightsManagementOffers
                         : [],
@@ -1442,7 +1455,6 @@ function configureRightsManagement(coreConfig, envVars) {
             type: engineTypes.RightsManagementDarpComponentType.Service,
             options: {
                 config: {
-                    rightsManagementMethodId: envVars.rightsManagementVerificationMethodId ?? "",
                     dataAccessComponentCreator: async (url) => new rightsManagementRestClient.DataAccessPointClient({ endpoint: url })
                 }
             }
@@ -1482,7 +1494,6 @@ function configureSynchronisedStorage(coreConfig, envVars) {
             options: {
                 config: {
                     verifiableStorageKeyId: verifiableStorageKeyId ?? "",
-                    synchronisedStorageMethodId: envVars.synchronisedStorageVerificationMethodId,
                     blobStorageEncryptionKeyId: envVars.synchronisedStorageBlobStorageEncryptionKeyId,
                     entityUpdateIntervalMinutes: core.Coerce.number(envVars.synchronisedStorageEntityUpdateIntervalMinutes),
                     consolidationIntervalMinutes: core.Coerce.number(envVars.synchronisedStorageConsolidationIntervalMinutes),
@@ -1715,6 +1726,14 @@ function buildEngineServerConfiguration(envVars, coreEngineConfig, serverInfo, o
             }
         });
     }
+    if (core.Coerce.boolean(envVars.enableVerifiableCredentialRouteProcessors) ?? false) {
+        serverConfig.types.restRouteProcessor.push({
+            type: engineServerTypes.RestRouteProcessorType.AuthVerifiableCredential
+        });
+        serverConfig.types.socketRouteProcessor.push({
+            type: engineServerTypes.SocketRouteProcessorType.AuthVerifiableCredential
+        });
+    }
     engineServer.addDefaultRestPaths(serverConfig);
     engineServer.addDefaultSocketPaths(serverConfig);
     return serverConfig;
@@ -1787,7 +1806,7 @@ async function run(nodeOptions) {
         nodeOptions ??= {};
         const serverInfo = {
             name: nodeOptions?.serverName ?? "TWIN Node Server",
-            version: nodeOptions?.serverVersion ?? "0.0.2-next.12" // x-release-please-version
+            version: nodeOptions?.serverVersion ?? "0.0.2-next.13" // x-release-please-version
         };
         console.log(`\u001B[4m🌩️  ${serverInfo.name} v${serverInfo.version}\u001B[24m\n`);
         if (!core.Is.stringValue(nodeOptions?.executionDirectory)) {

package/dist/esm/index.mjs

@@ -1,8 +1,8 @@
 import { PasswordHelper } from '@twin.org/api-auth-entity-storage-service';
-import { I18n, Is, Coerce, Converter, RandomHelper, StringHelper, Urn, GeneralError, ErrorHelper, EnvHelper } from '@twin.org/core';
+import { I18n, Is, Converter, RandomHelper, StringHelper, Coerce, Urn, GeneralError, ErrorHelper, EnvHelper } from '@twin.org/core';
 import { PasswordGenerator, Bip39 } from '@twin.org/crypto';
 import { AuthenticationComponentType, InformationComponentType, RestRouteProcessorType, SocketRouteProcessorType, AuthenticationAdminComponentType } from '@twin.org/engine-server-types';
-import { WalletConnectorType, IdentityConnectorType, EntityStorageConnectorType, BlobStorageConnectorType, BlobStorageComponentType, VaultConnectorType, DltConfigType, LoggingConnectorType, LoggingComponentType, BackgroundTaskConnectorType, TaskSchedulerComponentType, EventBusConnectorType, EventBusComponentType, TelemetryConnectorType, TelemetryComponentType, MessagingEmailConnectorType, MessagingSmsConnectorType, MessagingPushNotificationConnectorType, MessagingComponentType, FaucetConnectorType, NftConnectorType, NftComponentType, VerifiableStorageConnectorType, VerifiableStorageComponentType, ImmutableProofComponentType, AuditableItemGraphComponentType, AuditableItemStreamComponentType, IdentityComponentType, IdentityResolverConnectorType, IdentityResolverComponentType, IdentityProfileConnectorType, IdentityProfileComponentType, AttestationConnectorType, AttestationComponentType, DataConverterConnectorType, DataExtractorConnectorType, DataProcessingComponentType, DocumentManagementComponentType, RightsManagementPapComponentType, RightsManagementPmpComponentType, RightsManagementPipComponentType, RightsManagementPxpComponentType, RightsManagementPdpComponentType, RightsManagementPepComponentType, RightsManagementPnpComponentType, RightsManagementPnapComponentType, RightsManagementDapComponentType, RightsManagementDarpComponentType, SynchronisedStorageComponentType, FederatedCatalogueComponentType, DataSpaceConnectorComponentType } from '@twin.org/engine-types';
+import { WalletConnectorType, IdentityConnectorType, EntityStorageConnectorType, BlobStorageConnectorType, BlobStorageComponentType, VaultConnectorType, DltConfigType, LoggingConnectorType, LoggingComponentType, BackgroundTaskConnectorType, TaskSchedulerComponentType, EventBusConnectorType, EventBusComponentType, TelemetryConnectorType, TelemetryComponentType, MessagingEmailConnectorType, MessagingSmsConnectorType, MessagingPushNotificationConnectorType, MessagingComponentType, FaucetConnectorType, NftConnectorType, NftComponentType, VerifiableStorageConnectorType, VerifiableStorageComponentType, ImmutableProofComponentType, AuditableItemGraphComponentType, AuditableItemStreamComponentType, IdentityComponentType, IdentityResolverConnectorType, IdentityResolverComponentType, IdentityProfileConnectorType, IdentityProfileComponentType, AttestationConnectorType, AttestationComponentType, DataConverterConnectorType, DataExtractorConnectorType, DataProcessingComponentType, DocumentManagementComponentType, AuthenticationGeneratorComponentType, RightsManagementPapComponentType, RightsManagementPmpComponentType, RightsManagementPipComponentType, RightsManagementPxpComponentType, RightsManagementPdpComponentType, RightsManagementPepComponentType, RightsManagementPnpComponentType, RightsManagementPnapComponentType, RightsManagementDapComponentType, RightsManagementDarpComponentType, SynchronisedStorageComponentType, FederatedCatalogueComponentType, DataSpaceConnectorComponentType } from '@twin.org/engine-types';
 import { EntityStorageConnectorFactory } from '@twin.org/entity-storage-models';
 import { IdentityProfileConnectorFactory, IdentityConnectorFactory, IdentityResolverConnectorFactory, DocumentHelper } from '@twin.org/identity-models';
 import { VaultConnectorFactory, VaultKeyType } from '@twin.org/vault-models';
@@ -132,9 +132,7 @@ async function bootstrap(engineCore, context, envVars) {
     await bootstrapBlobEncryption(engineCore, context, envVars);
     await addVerificationMethod(engineCore, context, "attestation", envVars.attestationVerificationMethodId);
     await addVerificationMethod(engineCore, context, "immutable proof", envVars.immutableProofVerificationMethodId);
-    if (Coerce.boolean(envVars.rightsManagementEnabled) ?? false) {
-        await addVerificationMethod(engineCore, context, "rights management", envVars.rightsManagementVerificationMethodId);
-    }
+    await addVerificationMethod(engineCore, context, "node to node authentication", envVars.vcAuthenticationVerificationMethodId);
     await bootstrapSynchronisedStorage(engineCore, context, envVars);
 }
 /**
@@ -473,8 +471,6 @@ async function bootstrapAuth(engineCore, context, envVars, features) {
  */
 async function bootstrapSynchronisedStorage(engineCore, context, envVars, features) {
     if (Coerce.boolean(envVars.synchronisedStorageEnabled) ?? false) {
-        // Add the verification method to the identity if it doesn't exist
-        await addVerificationMethod(engineCore, context, "synchronised storage", envVars.synchronisedStorageVerificationMethodId);
         // If this is a trusted node we need to add the blob encryption key pair
         if (Is.stringValue(envVars.synchronisedStorageBlobStorageEncryptionKeyId) &&
             Is.stringBase64(envVars.synchronisedStorageBlobStorageKey)) {
@@ -553,8 +549,7 @@ function buildEngineConfiguration(envVars) {
     envVars.blobStorageEnableEncryption ??= "false";
     envVars.blobStorageEncryptionKeyId ??= "blob-encryption";
     envVars.synchronisedStorageBlobStorageEncryptionKeyId ??= "synchronised-storage-blob-encryption";
-    envVars.synchronisedStorageVerificationMethodId ??= "synchronised-storage-assertion";
-    envVars.rightsManagementVerificationMethodId ??= "rights-management-assertion";
+    envVars.vcAuthenticationVerificationMethodId ??= "node-authentication-assertion";
     const coreConfig = {
         debug: Coerce.boolean(envVars.debug) ?? false,
         types: {}
@@ -581,6 +576,7 @@ function buildEngineConfiguration(envVars) {
     configureAuditableItemGraph(coreConfig);
     configureAuditableItemStream(coreConfig);
     configureDocumentManagement(coreConfig);
+    configureNodeToNode(coreConfig, envVars);
     configureRightsManagement(coreConfig, envVars);
     configureSynchronisedStorage(coreConfig, envVars);
     configureFederatedCatalogue(coreConfig, envVars);
@@ -1337,6 +1333,24 @@ function configureDocumentManagement(coreConfig, envVars) {
         });
     }
 }
+/**
+ * Configures the node to node.
+ * @param coreConfig The core config.
+ * @param envVars The environment variables.
+ */
+function configureNodeToNode(coreConfig, envVars) {
+    if (Is.arrayValue(coreConfig.types.identityComponent)) {
+        // Can only perform VC authentication if identity component is available
+        coreConfig.types.authenticationGeneratorComponent ??= [];
+        coreConfig.types.authenticationGeneratorComponent.push({
+            type: AuthenticationGeneratorComponentType.VerifiableCredential,
+            options: {
+                config: { verificationMethodId: envVars.vcAuthenticationVerificationMethodId ?? "" }
+            },
+            features: ["verifiable-credential"]
+        });
+    }
+}
 /**
  * Configures the rights management.
  * @param coreConfig The core config.
@@ -1400,7 +1414,6 @@ function configureRightsManagement(coreConfig, envVars) {
                     : undefined,
                 config: {
                     baseCallbackUrl: envVars.rightsManagementBaseCallbackUrl ?? "",
-                    rightsManagementMethodId: envVars.rightsManagementVerificationMethodId ?? "",
                     offers: Is.arrayValue(envVars.rightsManagementOffers)
                         ? envVars.rightsManagementOffers
                         : [],
@@ -1421,7 +1434,6 @@ function configureRightsManagement(coreConfig, envVars) {
             type: RightsManagementDarpComponentType.Service,
             options: {
                 config: {
-                    rightsManagementMethodId: envVars.rightsManagementVerificationMethodId ?? "",
                     dataAccessComponentCreator: async (url) => new DataAccessPointClient({ endpoint: url })
                 }
             }
@@ -1461,7 +1473,6 @@ function configureSynchronisedStorage(coreConfig, envVars) {
             options: {
                 config: {
                     verifiableStorageKeyId: verifiableStorageKeyId ?? "",
-                    synchronisedStorageMethodId: envVars.synchronisedStorageVerificationMethodId,
                     blobStorageEncryptionKeyId: envVars.synchronisedStorageBlobStorageEncryptionKeyId,
                     entityUpdateIntervalMinutes: Coerce.number(envVars.synchronisedStorageEntityUpdateIntervalMinutes),
                     consolidationIntervalMinutes: Coerce.number(envVars.synchronisedStorageConsolidationIntervalMinutes),
@@ -1694,6 +1705,14 @@ function buildEngineServerConfiguration(envVars, coreEngineConfig, serverInfo, o
             }
         });
     }
+    if (Coerce.boolean(envVars.enableVerifiableCredentialRouteProcessors) ?? false) {
+        serverConfig.types.restRouteProcessor.push({
+            type: RestRouteProcessorType.AuthVerifiableCredential
+        });
+        serverConfig.types.socketRouteProcessor.push({
+            type: SocketRouteProcessorType.AuthVerifiableCredential
+        });
+    }
     addDefaultRestPaths(serverConfig);
     addDefaultSocketPaths(serverConfig);
     return serverConfig;
@@ -1766,7 +1785,7 @@ async function run(nodeOptions) {
         nodeOptions ??= {};
         const serverInfo = {
             name: nodeOptions?.serverName ?? "TWIN Node Server",
-            version: nodeOptions?.serverVersion ?? "0.0.2-next.12" // x-release-please-version
+            version: nodeOptions?.serverVersion ?? "0.0.2-next.13" // x-release-please-version
         };
         console.log(`\u001B[4m🌩️  ${serverInfo.name} v${serverInfo.version}\u001B[24m\n`);
         if (!Is.stringValue(nodeOptions?.executionDirectory)) {

package/dist/types/models/IEngineEnvironmentVariables.d.ts

@@ -390,11 +390,6 @@ export interface IEngineEnvironmentVariables {
      * This only required if using a custom verifiable storage item, otherwise it will default the the network name.
      */
     synchronisedStorageVerifiableStorageKeyId?: string;
-    /**
-     * The identity verification method id to use with synchronised storage for signing/verifying changesets.
-     * Defaults to synchronised-storage-assertion.
-     */
-    synchronisedStorageVerificationMethodId?: string;
     /**
      * The key from the vault which is used to encrypt the synchronised storage blobs.
      * Only required for trusted nodes, as regular nodes will request from the trusted nodes.
@@ -446,11 +441,6 @@ export interface IEngineEnvironmentVariables {
      * What is the base callback url for rights management negotiations e.g. https://my-node/rights-management.
      */
     rightsManagementBaseCallbackUrl?: string;
-    /**
-     * The rights management verification method id to use when signing/verifying negotiation requests.
-     * Defaults to rights-management-assertion.
-     */
-    rightsManagementVerificationMethodId?: string;
     /**
      * The rights management configuration which includes the information sources modules to load.
      * Use the @json: prefix to specify the path to the JSON configuration file.
@@ -499,4 +489,9 @@ export interface IEngineEnvironmentVariables {
      * Use the @json: prefix to specify the path to the JSON configuration file.
      */
     dataSpaceConnectorApps?: string;
+    /**
+     * Verifiable credential assertion for node to node communication.
+     * Defaults to node-authentication-assertion.
+     */
+    vcAuthenticationVerificationMethodId?: string;
 }

package/dist/types/models/IEngineServerEnvironmentVariables.d.ts

@@ -42,6 +42,10 @@ export interface IEngineServerEnvironmentVariables {
      * Additional MIME type processors to include, comma separated.
      */
     mimeTypeProcessors?: string;
+    /**
+     * Enable to the route processor for verifiable credentials.
+     */
+    enableVerifiableCredentialRouteProcessors?: string;
     /**
      * Disable Node Identity route processors.
      */

package/docs/changelog.md

@@ -1,5 +1,12 @@
 # @twin.org/node-core - Changelog
 
+## [0.0.2-next.13](https://github.com/twinfoundation/node/compare/node-core-v0.0.2-next.12...node-core-v0.0.2-next.13) (2025-09-24)
+
+
+### Features
+
+* update to latest engine ([00d4974](https://github.com/twinfoundation/node/commit/00d4974f9cfb02bf48505cfb4af4a7aba1df4b3d))
+
 ## [0.0.2-next.12](https://github.com/twinfoundation/node/compare/node-core-v0.0.2-next.11...node-core-v0.0.2-next.12) (2025-09-19)
 
 

package/docs/reference/interfaces/IEngineEnvironmentVariables.md

@@ -780,15 +780,6 @@ This only required if using a custom verifiable storage item, otherwise it will
 
 ***
 
-### synchronisedStorageVerificationMethodId?
-
-> `optional` **synchronisedStorageVerificationMethodId**: `string`
-
-The identity verification method id to use with synchronised storage for signing/verifying changesets.
-Defaults to synchronised-storage-assertion.
-
-***
-
 ### synchronisedStorageBlobStorageEncryptionKeyId?
 
 > `optional` **synchronisedStorageBlobStorageEncryptionKeyId**: `string`
@@ -904,15 +895,6 @@ What is the base callback url for rights management negotiations e.g. https://my
 
 ***
 
-### rightsManagementVerificationMethodId?
-
-> `optional` **rightsManagementVerificationMethodId**: `string`
-
-The rights management verification method id to use when signing/verifying negotiation requests.
-Defaults to rights-management-assertion.
-
-***
-
 ### rightsManagementInformationSources?
 
 > `optional` **rightsManagementInformationSources**: `string`
@@ -998,3 +980,12 @@ Is the data space connector enabled, defaults to false.
 
 The application configuration for the data space connector.
 Use the @json: prefix to specify the path to the JSON configuration file.
+
+***
+
+### vcAuthenticationVerificationMethodId?
+
+> `optional` **vcAuthenticationVerificationMethodId**: `string`
+
+Verifiable credential assertion for node to node communication.
+Defaults to node-authentication-assertion.

package/docs/reference/interfaces/IEngineServerEnvironmentVariables.md

@@ -88,6 +88,14 @@ Additional MIME type processors to include, comma separated.
 
 ***
 
+### enableVerifiableCredentialRouteProcessors?
+
+> `optional` **enableVerifiableCredentialRouteProcessors**: `string`
+
+Enable to the route processor for verifiable credentials.
+
+***
+
 ### disableNodeIdentity?
 
 > `optional` **disableNodeIdentity**: `string`

package/docs/reference/interfaces/INodeEnvironmentVariables.md

@@ -1164,19 +1164,6 @@ This only required if using a custom verifiable storage item, otherwise it will
 
 ***
 
-### synchronisedStorageVerificationMethodId?
-
-> `optional` **synchronisedStorageVerificationMethodId**: `string`
-
-The identity verification method id to use with synchronised storage for signing/verifying changesets.
-Defaults to synchronised-storage-assertion.
-
-#### Inherited from
-
-[`IEngineEnvironmentVariables`](IEngineEnvironmentVariables.md).[`synchronisedStorageVerificationMethodId`](IEngineEnvironmentVariables.md#synchronisedstorageverificationmethodid)
-
-***
-
 ### synchronisedStorageBlobStorageEncryptionKeyId?
 
 > `optional` **synchronisedStorageBlobStorageEncryptionKeyId**: `string`
@@ -1336,19 +1323,6 @@ What is the base callback url for rights management negotiations e.g. https://my
 
 ***
 
-### rightsManagementVerificationMethodId?
-
-> `optional` **rightsManagementVerificationMethodId**: `string`
-
-The rights management verification method id to use when signing/verifying negotiation requests.
-Defaults to rights-management-assertion.
-
-#### Inherited from
-
-[`IEngineEnvironmentVariables`](IEngineEnvironmentVariables.md).[`rightsManagementVerificationMethodId`](IEngineEnvironmentVariables.md#rightsmanagementverificationmethodid)
-
-***
-
 ### rightsManagementInformationSources?
 
 > `optional` **rightsManagementInformationSources**: `string`
@@ -1477,6 +1451,19 @@ Use the @json: prefix to specify the path to the JSON configuration file.
 
 ***
 
+### vcAuthenticationVerificationMethodId?
+
+> `optional` **vcAuthenticationVerificationMethodId**: `string`
+
+Verifiable credential assertion for node to node communication.
+Defaults to node-authentication-assertion.
+
+#### Inherited from
+
+[`IEngineEnvironmentVariables`](IEngineEnvironmentVariables.md).[`vcAuthenticationVerificationMethodId`](IEngineEnvironmentVariables.md#vcauthenticationverificationmethodid)
+
+***
+
 ### port?
 
 > `optional` **port**: `string`
@@ -1597,6 +1584,18 @@ Additional MIME type processors to include, comma separated.
 
 ***
 
+### enableVerifiableCredentialRouteProcessors?
+
+> `optional` **enableVerifiableCredentialRouteProcessors**: `string`
+
+Enable to the route processor for verifiable credentials.
+
+#### Inherited from
+
+[`IEngineServerEnvironmentVariables`](IEngineServerEnvironmentVariables.md).[`enableVerifiableCredentialRouteProcessors`](IEngineServerEnvironmentVariables.md#enableverifiablecredentialrouteprocessors)
+
+***
+
 ### disableNodeIdentity?
 
 > `optional` **disableNodeIdentity**: `string`

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@twin.org/node-core",
-	"version": "0.0.2-next.12",
+	"version": "0.0.2-next.13",
 	"description": "TWIN Node Core for serving APIs using the specified configuration",
 	"repository": {
 		"type": "git",