agent-passport-system 2.6.0 → 2.7.0

package/dist/src/v2/key-resolution/did-cycles.d.ts

@@ -1,23 +1,32 @@
 import type { Ed25519JWK, JWKS } from './types.js';
 export interface ParsedDIDCycles {
-    /** https JWKS endpoint the DID maps to. */
-    jwksUrl: string;
+    /** Lowercase hex sha256 of `server_id`, as carried in the DID subject.
+     *  A BINDING value: the cycles verify layer checks it against
+     *  sha256(envelope.server_id). Not a locator. */
+    serverIdHash: string;
     /** kid taken from the DID-URL fragment, if present. */
     kid?: string;
 }
 /**
  * Parse a did:cycles identifier (optionally with a #fragment) into its
- * JWKS URL and kid. Mirrors didWebToUrl: colon-separated segments,
- * each percent-decoded, segment[0] is the authority, the rest is the
- * path; a bare authority uses /.well-known/jwks.json.
+ * `server_id` hash and kid. The fragment is split off BEFORE the subject
+ * is read so a `#` never lands inside the hash.
  *
- * Throws on a structurally invalid did:cycles string. The fragment is
- * split off BEFORE segment parsing so a `#` never lands inside a path
- * segment.
+ * Throws on a structurally invalid did:cycles string (wrong method, or a
+ * subject that is not a 64-char lowercase hex sha256).
  */
 export declare function parseDIDCycles(did: string): ParsedDIDCycles;
 /** True if the value looks like a did:cycles identifier. */
 export declare function isDIDCycles(value: string): boolean;
+/**
+ * The JWK Set URL for a Cycles server, API-base-relative: append
+ * `/.well-known/cycles-jwks.json` to the verbatim `server_id` (collapsing
+ * only a doubled `/` at the join). Deliberately NOT origin-rooted —
+ * `server_id` carries its path (e.g. `https://cycles.example.com/v1`), so
+ * the set lives at `…/v1/.well-known/cycles-jwks.json`, keeping key
+ * authority anchored to the base the DID hash commits to.
+ */
+export declare function cyclesJwksUrl(serverId: string): string;
 export type JWKSelection = {
     ok: true;
     jwk: Ed25519JWK;
@@ -28,26 +37,30 @@ export type JWKSelection = {
     status: 'not_found' | 'ambiguous' | 'malformed';
     reason: string;
 };
+/** Selection criteria. Legacy callers pass a bare kid string; the cycles
+ *  path passes the window + raw-key form. */
+export interface SelectKeyOptions {
+    /** Match the JWK whose kid strictly equals this (exact, case-sensitive). */
+    kid?: string;
+    /** Window gate: keep only keys whose [cycles_nbf_ms, cycles_exp_ms) covers
+     *  this issuance time (epoch ms). Omitted ⇒ no window gate (legacy). */
+    issuedAtMs?: number;
+    /** Raw-hex signer match: keep only keys whose `x` decodes to these 32 bytes
+     *  (64-char hex). Used when the envelope's signer_did is a raw key. */
+    publicKeyHex?: string;
+}
+/**
+ * Select exactly one Ed25519 verification key from a JWKS. Filters, in
+ * order: Ed25519 signing candidacy, optional raw-hex `x` match, optional
+ * kid match, optional validity-window gate; then requires the survivor to
+ * be unique. Never silently falls back to a different key. Legacy callers
+ * may pass a bare kid string.
+ */
+export declare function selectKey(jwks: JWKS, sel?: string | SelectKeyOptions): JWKSelection;
 /**
  * Validate that a parsed object is a well-formed JWKS with a non-empty
  * `keys` array. Returns the JWKS on success or null on any structural
- * problem. Does NOT validate individual JWK key material; that happens
- * during candidate filtering / selection.
+ * problem.
  */
 export declare function asJWKS(body: unknown): JWKS | null;
-/**
- * Select exactly one Ed25519 verification key from a JWKS by kid.
- *
- *  1. Filter to Ed25519 signing candidates.
- *  2. If a kid is requested: the candidate whose kid strictly equals it
- *     must be unique. Zero matches -> not_found. Duplicate kids ->
- *     ambiguous. kid comparison is exact, case-sensitive.
- *  3. If no kid is requested: exactly one candidate -> use it; more than
- *     one -> ambiguous; zero -> not_found.
- *  4. Decode `x` -> 32 bytes -> hex. A candidate that survives filtering
- *     but whose `x` is not 32 bytes is malformed.
- *
- * Never silently falls back to a different kid than requested.
- */
-export declare function selectKey(jwks: JWKS, requestedKid?: string): JWKSelection;
 //# sourceMappingURL=did-cycles.d.ts.map

package/dist/src/v2/key-resolution/did-cycles.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"did-cycles.d.ts","sourceRoot":"","sources":["../../../../src/v2/key-resolution/did-cycles.ts"],"names":[],"mappings":"AAoBA,OAAO,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,YAAY,CAAA;AAElD,MAAM,WAAW,eAAe;IAC9B,2CAA2C;IAC3C,OAAO,EAAE,MAAM,CAAA;IACf,uDAAuD;IACvD,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAED;;;;;;;;;GASG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,CAkC3D;AAED,4DAA4D;AAC5D,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAElD;AAED,MAAM,MAAM,YAAY,GACpB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,GAAG,EAAE,UAAU,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GACjE;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,WAAW,GAAG,WAAW,GAAG,WAAW,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAA;AAElF;;;;;GAKG;AACH,wBAAgB,MAAM,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,GAAG,IAAI,CAKjD;AAmCD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,YAAY,CAAC,EAAE,MAAM,GAAG,YAAY,CAgCzE"}
+{"version":3,"file":"did-cycles.d.ts","sourceRoot":"","sources":["../../../../src/v2/key-resolution/did-cycles.ts"],"names":[],"mappings":"AAuCA,OAAO,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,YAAY,CAAA;AAElD,MAAM,WAAW,eAAe;IAC9B;;qDAEiD;IACjD,YAAY,EAAE,MAAM,CAAA;IACpB,uDAAuD;IACvD,GAAG,CAAC,EAAE,MAAM,CAAA;CACb;AAID;;;;;;;GAOG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe,CAwB3D;AAED,4DAA4D;AAC5D,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAElD;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAGtD;AAED,MAAM,MAAM,YAAY,GACpB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,GAAG,EAAE,UAAU,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,GACjE;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,WAAW,GAAG,WAAW,GAAG,WAAW,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAA;AAElF;6CAC6C;AAC7C,MAAM,WAAW,gBAAgB;IAC/B,4EAA4E;IAC5E,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ;4EACwE;IACxE,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB;2EACuE;IACvE,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB;AAgDD;;;;;;GAMG;AACH,wBAAgB,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,gBAAgB,GAAG,YAAY,CA6EnF;AAED;;;;GAIG;AACH,wBAAgB,MAAM,CAAC,IAAI,EAAE,OAAO,GAAG,IAAI,GAAG,IAAI,CAKjD"}

package/dist/src/v2/key-resolution/did-cycles.js

@@ -1,37 +1,54 @@
 // Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
 // ══════════════════════════════════════════════════════════════════
-// did:cycles: DID-to-JWKS mapping and Ed25519 JWK selection (M3)
+// did:cycles: hash-bound DID → JWKS mapping and Ed25519 JWK selection
 // ══════════════════════════════════════════════════════════════════
-// did:cycles is an AEOESS-defined, did:web-style, HTTPS-anchored
-// method. There is no external registry to conform to; this file IS
-// its specification. It mirrors didWebToUrl() in core/did-interop.ts
-// exactly, except the method name is `cycles` and the resolved
-// document is a JWKS (RFC 7517) rather than a DID Document.
+// did:cycles is an AEOESS-defined method for Cycles evidence signers.
+// The design is settled with the Cycles maintainers on
+// runcycles/cycles-protocol (issue #43, spec drafts/cycles-evidence-v0.1).
+// There is no external registry to conform to; this file IS its
+// specification on the APS side.
 //
-//   did:cycles:example.com          -> https://example.com/.well-known/jwks.json
-//   did:cycles:example.com:agents:7 -> https://example.com/agents/7/jwks.json
-//   did:cycles:example.com%3A8443   -> https://example.com:8443/.well-known/jwks.json
+// SUBJECT IS A HASH, NOT A HOST (the load-bearing difference from a
+// did:web-style method):
 //
-// A DID-URL fragment is the kid:
-//   did:cycles:example.com#agent-7-2026
-// selects the JWK whose kid === "agent-7-2026" from the resolved set.
+//   did:cycles:<sha256(server_id)>            (optionally with #<kid>)
+//
+// The subject is the lowercase hex sha256 of the envelope's `server_id`
+// string — a BINDING, not a locator. The DID does NOT encode where the
+// keys live; a hash cannot be reversed to a URL. The JWK Set is located
+// from the envelope's own `server_id`:
+//
+//   {server_id}/.well-known/cycles-jwks.json            (API-base-relative)
+//
+// and the DID's hash is checked against `sha256(server_id)` so the key
+// authority stays anchored to the exact `server_id` (path included) the
+// envelope claims — closing the cross-tenant key-confusion path that an
+// origin-rooted JWKS would open under a path-multi-tenant host. (The
+// sha256 binding check itself is performed by the cycles verify layer,
+// which holds the envelope's `server_id` and the sha256 primitive.)
+//
+// A DID-URL fragment is the kid:  did:cycles:<hash>#2026-06  selects the
+// JWK whose kid === "2026-06" from the resolved set.
+//
+// Key selection adds a validity-WINDOW gate over the M3 kid match: pick
+// the key whose [cycles_nbf_ms, cycles_exp_ms) covers the envelope's
+// issued_at_ms, never "the current key" — so a receipt verified after a
+// rotation is checked against the key valid when it was signed.
 // ══════════════════════════════════════════════════════════════════
 import { decodeBase64Url, bytesToHex } from './base64url.js';
+const SERVER_ID_HASH_RE = /^[0-9a-f]{64}$/;
 /**
  * Parse a did:cycles identifier (optionally with a #fragment) into its
- * JWKS URL and kid. Mirrors didWebToUrl: colon-separated segments,
- * each percent-decoded, segment[0] is the authority, the rest is the
- * path; a bare authority uses /.well-known/jwks.json.
+ * `server_id` hash and kid. The fragment is split off BEFORE the subject
+ * is read so a `#` never lands inside the hash.
  *
- * Throws on a structurally invalid did:cycles string. The fragment is
- * split off BEFORE segment parsing so a `#` never lands inside a path
- * segment.
+ * Throws on a structurally invalid did:cycles string (wrong method, or a
+ * subject that is not a 64-char lowercase hex sha256).
  */
 export function parseDIDCycles(did) {
     if (typeof did !== 'string') {
         throw new Error('did:cycles must be a string');
     }
-    // Split the DID-URL fragment (the kid) off first.
     const hashIndex = did.indexOf('#');
     let kid;
     let core = did;
@@ -43,42 +60,30 @@ export function parseDIDCycles(did) {
         }
     }
     const parts = core.split(':');
-    if (parts.length < 3 || parts[0] !== 'did' || parts[1] !== 'cycles') {
+    if (parts.length !== 3 || parts[0] !== 'did' || parts[1] !== 'cycles') {
         throw new Error(`Invalid did:cycles format: ${core}`);
     }
-    // Everything after "did:cycles:" is authority-and-path, colon-separated.
-    const segments = parts.slice(2).map(s => decodeURIComponent(s));
-    const authority = segments[0];
-    if (!authority) {
-        throw new Error('did:cycles must include an authority');
-    }
-    let jwksUrl;
-    if (segments.length === 1) {
-        jwksUrl = `https://${authority}/.well-known/jwks.json`;
+    const serverIdHash = parts[2];
+    if (!SERVER_ID_HASH_RE.test(serverIdHash)) {
+        throw new Error('did:cycles subject must be a 64-char lowercase hex sha256(server_id)');
     }
-    else {
-        const path = segments.slice(1).join('/');
-        jwksUrl = `https://${authority}/${path}/jwks.json`;
-    }
-    return { jwksUrl, kid };
+    return { serverIdHash, kid };
 }
 /** True if the value looks like a did:cycles identifier. */
 export function isDIDCycles(value) {
     return typeof value === 'string' && value.startsWith('did:cycles:');
 }
 /**
- * Validate that a parsed object is a well-formed JWKS with a non-empty
- * `keys` array. Returns the JWKS on success or null on any structural
- * problem. Does NOT validate individual JWK key material; that happens
- * during candidate filtering / selection.
+ * The JWK Set URL for a Cycles server, API-base-relative: append
+ * `/.well-known/cycles-jwks.json` to the verbatim `server_id` (collapsing
+ * only a doubled `/` at the join). Deliberately NOT origin-rooted —
+ * `server_id` carries its path (e.g. `https://cycles.example.com/v1`), so
+ * the set lives at `…/v1/.well-known/cycles-jwks.json`, keeping key
+ * authority anchored to the base the DID hash commits to.
  */
-export function asJWKS(body) {
-    if (!body || typeof body !== 'object')
-        return null;
-    const keys = body.keys;
-    if (!Array.isArray(keys) || keys.length === 0)
-        return null;
-    return { keys: keys };
+export function cyclesJwksUrl(serverId) {
+    const base = serverId.endsWith('/') ? serverId.slice(0, -1) : serverId;
+    return `${base}/.well-known/cycles-jwks.json`;
 }
 /**
  * Is this JWK an admissible Ed25519 SIGNING candidate?
@@ -86,7 +91,6 @@ export function asJWKS(body) {
  *   (use absent || use === "sig")
  *   (alg absent || alg === "EdDSA")
  *   (key_ops absent || includes "verify")
- * X-curves, enc keys, and non-EdDSA algs are excluded here.
  */
 function isEd25519SigningCandidate(jwk) {
     if (!jwk || typeof jwk !== 'object')
@@ -98,6 +102,11 @@ function isEd25519SigningCandidate(jwk) {
         return false;
     if (typeof k.x !== 'string' || k.x.length === 0)
         return false;
+    // A published verification key set must be public-only. A JWK carrying a
+    // private `d` member is leaked private material / a misconfiguration —
+    // reject it (fail-closed), never select it.
+    if (k.d !== undefined)
+        return false;
     if (k.use !== undefined && k.use !== 'sig')
         return false;
     if (k.alg !== undefined && k.alg !== 'EdDSA')
@@ -108,60 +117,121 @@ function isEd25519SigningCandidate(jwk) {
     }
     return true;
 }
-/**
- * Decode a candidate's `x` to a 32-byte Ed25519 public key, returned
- * as 64-char lowercase hex. Returns null if `x` does not base64url-
- * decode to exactly 32 bytes (malformed key material).
- */
+/** Decode a candidate's `x` to a 32-byte key as 64-char lowercase hex, or
+ *  null if `x` does not base64url-decode to exactly 32 bytes. */
 function candidateToHex(jwk) {
     const bytes = decodeBase64Url(jwk.x);
     if (!bytes || bytes.length !== 32)
         return null;
     return bytesToHex(bytes);
 }
+/** `cycles_nbf_ms <= t AND (cycles_exp_ms absent/null OR t < cycles_exp_ms)`.
+ *  A non-integer `cycles_nbf_ms` (or a non-integer present `cycles_exp_ms`)
+ *  makes the window unusable → the key does not cover `t`. */
+function windowCovers(jwk, t) {
+    const nbf = jwk.cycles_nbf_ms;
+    if (typeof nbf !== 'number' || !Number.isInteger(nbf))
+        return false;
+    if (t < nbf)
+        return false;
+    const exp = jwk.cycles_exp_ms;
+    if (exp === undefined || exp === null)
+        return true;
+    if (typeof exp !== 'number' || !Number.isInteger(exp))
+        return false;
+    return t < exp;
+}
 /**
- * Select exactly one Ed25519 verification key from a JWKS by kid.
- *
- *  1. Filter to Ed25519 signing candidates.
- *  2. If a kid is requested: the candidate whose kid strictly equals it
- *     must be unique. Zero matches -> not_found. Duplicate kids ->
- *     ambiguous. kid comparison is exact, case-sensitive.
- *  3. If no kid is requested: exactly one candidate -> use it; more than
- *     one -> ambiguous; zero -> not_found.
- *  4. Decode `x` -> 32 bytes -> hex. A candidate that survives filtering
- *     but whose `x` is not 32 bytes is malformed.
- *
- * Never silently falls back to a different kid than requested.
+ * Select exactly one Ed25519 verification key from a JWKS. Filters, in
+ * order: Ed25519 signing candidacy, optional raw-hex `x` match, optional
+ * kid match, optional validity-window gate; then requires the survivor to
+ * be unique. Never silently falls back to a different key. Legacy callers
+ * may pass a bare kid string.
  */
-export function selectKey(jwks, requestedKid) {
-    const candidates = jwks.keys.filter(isEd25519SigningCandidate);
+export function selectKey(jwks, sel) {
+    const opts = typeof sel === 'string' ? { kid: sel } : (sel ?? {});
+    let candidates = jwks.keys.filter(isEd25519SigningCandidate);
     if (candidates.length === 0) {
         return { ok: false, status: 'not_found', reason: 'no Ed25519 signing key in JWKS' };
     }
-    if (requestedKid !== undefined) {
-        const matches = candidates.filter(c => c.kid === requestedKid);
+    // Cycles authority paths carry a window (issuedAtMs) and/or a raw-hex signer
+    // match (publicKeyHex). On those, `kid` MUST be unique across the whole set —
+    // a duplicate kid is an authority failure SET-WIDE, before any selection, so
+    // it can't be rescued by the window leaving one survivor or by selecting via
+    // the raw-hex path. (Generic non-cycles kid-only lookups keep RFC 7517's
+    // looser handling, enforced per-requested-kid below.)
+    if (opts.issuedAtMs !== undefined || opts.publicKeyHex !== undefined) {
+        const seen = new Set();
+        for (const c of candidates) {
+            if (typeof c.kid !== 'string')
+                continue;
+            if (seen.has(c.kid)) {
+                return { ok: false, status: 'ambiguous', reason: `duplicate kid='${c.kid}' in JWK Set` };
+            }
+            seen.add(c.kid);
+        }
+    }
+    // Raw-hex signer match (cycles): the published key must carry the signer's
+    // bytes — and the spec applies the SAME validity-window gate to raw-hex
+    // signers as to did:cycles, so a raw-hex selection REQUIRES an integer
+    // issued_at_ms (no window-less raw acceptance).
+    if (opts.publicKeyHex !== undefined) {
+        if (typeof opts.issuedAtMs !== 'number' || !Number.isInteger(opts.issuedAtMs)) {
+            return { ok: false, status: 'not_found', reason: 'raw-hex signer selection requires an integer issuedAtMs (window gate)' };
+        }
+        const want = opts.publicKeyHex.toLowerCase();
+        candidates = candidates.filter((c) => candidateToHex(c) === want);
+        if (candidates.length === 0) {
+            return { ok: false, status: 'not_found', reason: 'no JWK carries the raw signer key' };
+        }
+    }
+    // kid match (exact, case-sensitive). kid MUST be unique within the set: a
+    // duplicate kid is an authority failure BEFORE any window discretion (so two
+    // same-kid keys with disjoint windows can't sneak one survivor through).
+    if (opts.kid !== undefined) {
+        const matches = candidates.filter((c) => c.kid === opts.kid);
         if (matches.length === 0) {
-            return { ok: false, status: 'not_found', reason: `no key with kid='${requestedKid}'` };
+            return { ok: false, status: 'not_found', reason: `no key with kid='${opts.kid}'` };
         }
         if (matches.length > 1) {
-            return { ok: false, status: 'ambiguous', reason: `duplicate kid='${requestedKid}' in JWKS` };
+            return { ok: false, status: 'ambiguous', reason: `duplicate kid='${opts.kid}' in JWK Set` };
         }
-        const jwk = matches[0];
-        const hex = candidateToHex(jwk);
-        if (!hex) {
-            return { ok: false, status: 'malformed', reason: `kid='${requestedKid}' x is not a 32-byte key` };
+        candidates = matches;
+    }
+    // Validity-window gate (cycles): the key valid AT ISSUANCE, never the newest.
+    if (opts.issuedAtMs !== undefined) {
+        const t = opts.issuedAtMs;
+        // Fail-closed on a non-finite-integer issuance time: never coerce a string
+        // or fractional value into the [nbf, exp) comparison.
+        if (typeof t !== 'number' || !Number.isInteger(t)) {
+            return { ok: false, status: 'not_found', reason: 'issuedAtMs must be an integer epoch-ms value' };
+        }
+        candidates = candidates.filter((c) => windowCovers(c, t));
+        if (candidates.length === 0) {
+            return { ok: false, status: 'not_found', reason: 'no key whose validity window covers issued_at_ms' };
         }
-        return { ok: true, jwk, publicKeyHex: hex, kid: jwk.kid };
     }
-    // No kid requested: require an unambiguous single candidate.
     if (candidates.length > 1) {
-        return { ok: false, status: 'ambiguous', reason: 'multiple signing keys and no kid requested' };
+        return { ok: false, status: 'ambiguous', reason: 'more than one key matches the selection criteria' };
     }
     const jwk = candidates[0];
     const hex = candidateToHex(jwk);
     if (!hex) {
-        return { ok: false, status: 'malformed', reason: 'sole candidate x is not a 32-byte key' };
+        return { ok: false, status: 'malformed', reason: 'selected key x is not a 32-byte key' };
     }
     return { ok: true, jwk, publicKeyHex: hex, kid: jwk.kid };
 }
+/**
+ * Validate that a parsed object is a well-formed JWKS with a non-empty
+ * `keys` array. Returns the JWKS on success or null on any structural
+ * problem.
+ */
+export function asJWKS(body) {
+    if (!body || typeof body !== 'object')
+        return null;
+    const keys = body.keys;
+    if (!Array.isArray(keys) || keys.length === 0)
+        return null;
+    return { keys: keys };
+}
 //# sourceMappingURL=did-cycles.js.map

package/dist/src/v2/key-resolution/did-cycles.js.map

@@ -1 +1 @@
-{"version":3,"file":"did-cycles.js","sourceRoot":"","sources":["../../../../src/v2/key-resolution/did-cycles.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,qEAAqE;AACrE,iEAAiE;AACjE,qEAAqE;AACrE,iEAAiE;AACjE,oEAAoE;AACpE,qEAAqE;AACrE,+DAA+D;AAC/D,4DAA4D;AAC5D,EAAE;AACF,iFAAiF;AACjF,8EAA8E;AAC9E,sFAAsF;AACtF,EAAE;AACF,iCAAiC;AACjC,wCAAwC;AACxC,sEAAsE;AACtE,qEAAqE;AAErE,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAU5D;;;;;;;;;GASG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAA;IAChD,CAAC;IACD,kDAAkD;IAClD,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAClC,IAAI,GAAuB,CAAA;IAC3B,IAAI,IAAI,GAAG,GAAG,CAAA;IACd,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;QACnB,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAA;QAC9B,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAA;QAC9B,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAA;QACpF,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC7B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QACpE,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,EAAE,CAAC,CAAA;IACvD,CAAC;IACD,yEAAyE;IACzE,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAA;IAC/D,MAAM,SAAS,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAA;IAC7B,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAA;IACzD,CAAC;IACD,IAAI,OAAe,CAAA;IACnB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,GAAG,WAAW,SAAS,wBAAwB,CAAA;IACxD,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACxC,OAAO,GAAG,WAAW,SAAS,IAAI,IAAI,YAAY,CAAA;IACpD,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,CAAA;AACzB,CAAC;AAED,4DAA4D;AAC5D,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;AACrE,CAAC;AAMD;;;;;GAKG;AACH,MAAM,UAAU,MAAM,CAAC,IAAa;IAClC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAA;IAClD,MAAM,IAAI,GAAI,IAAgC,CAAC,IAAI,CAAA;IACnD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAC1D,OAAO,EAAE,IAAI,EAAE,IAAoB,EAAE,CAAA;AACvC,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,yBAAyB,CAAC,GAAY;IAC7C,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAA;IACjD,MAAM,CAAC,GAAG,GAA8B,CAAA;IACxC,IAAI,CAAC,CAAC,GAAG,KAAK,KAAK;QAAE,OAAO,KAAK,CAAA;IACjC,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS;QAAE,OAAO,KAAK,CAAA;IACrC,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAA;IAC7D,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,GAAG,KAAK,KAAK;QAAE,OAAO,KAAK,CAAA;IACxD,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,GAAG,KAAK,OAAO;QAAE,OAAO,KAAK,CAAA;IAC1D,IAAI,CAAC,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAC5B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAA;IAC9E,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;GAIG;AACH,SAAS,cAAc,CAAC,GAAe;IACrC,MAAM,KAAK,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IACpC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,IAAI,CAAA;IAC9C,OAAO,UAAU,CAAC,KAAK,CAAC,CAAA;AAC1B,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,SAAS,CAAC,IAAU,EAAE,YAAqB;IACzD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAA;IAC9D,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAA;IACrF,CAAC;IAED,IAAI,YAAY,KAAK,SAAS,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,YAAY,CAAC,CAAA;QAC9D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,oBAAoB,YAAY,GAAG,EAAE,CAAA;QACxF,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,kBAAkB,YAAY,WAAW,EAAE,CAAA;QAC9F,CAAC;QACD,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAA;QACtB,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAA;QAC/B,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,QAAQ,YAAY,0BAA0B,EAAE,CAAA;QACnG,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAA;IAC3D,CAAC;IAED,6DAA6D;IAC7D,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,4CAA4C,EAAE,CAAA;IACjG,CAAC;IACD,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;IACzB,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,uCAAuC,EAAE,CAAA;IAC5F,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAA;AAC3D,CAAC"}
+{"version":3,"file":"did-cycles.js","sourceRoot":"","sources":["../../../../src/v2/key-resolution/did-cycles.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,qEAAqE;AACrE,sEAAsE;AACtE,qEAAqE;AACrE,sEAAsE;AACtE,uDAAuD;AACvD,2EAA2E;AAC3E,gEAAgE;AAChE,iCAAiC;AACjC,EAAE;AACF,oEAAoE;AACpE,yBAAyB;AACzB,EAAE;AACF,uEAAuE;AACvE,EAAE;AACF,wEAAwE;AACxE,uEAAuE;AACvE,wEAAwE;AACxE,uCAAuC;AACvC,EAAE;AACF,4EAA4E;AAC5E,EAAE;AACF,uEAAuE;AACvE,wEAAwE;AACxE,wEAAwE;AACxE,qEAAqE;AACrE,uEAAuE;AACvE,oEAAoE;AACpE,EAAE;AACF,yEAAyE;AACzE,qDAAqD;AACrD,EAAE;AACF,wEAAwE;AACxE,qEAAqE;AACrE,wEAAwE;AACxE,gEAAgE;AAChE,qEAAqE;AAErE,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAY5D,MAAM,iBAAiB,GAAG,gBAAgB,CAAA;AAE1C;;;;;;;GAOG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW;IACxC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAA;IAChD,CAAC;IACD,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAClC,IAAI,GAAuB,CAAA;IAC3B,IAAI,IAAI,GAAG,GAAG,CAAA;IACd,IAAI,SAAS,IAAI,CAAC,EAAE,CAAC;QACnB,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,SAAS,GAAG,CAAC,CAAC,CAAA;QAC9B,IAAI,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAA;QAC9B,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAA;QACpF,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QACtE,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,EAAE,CAAC,CAAA;IACvD,CAAC;IACD,MAAM,YAAY,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;IAC7B,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAA;IACzF,CAAC;IACD,OAAO,EAAE,YAAY,EAAE,GAAG,EAAE,CAAA;AAC9B,CAAC;AAED,4DAA4D;AAC5D,MAAM,UAAU,WAAW,CAAC,KAAa;IACvC,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;AACrE,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,aAAa,CAAC,QAAgB;IAC5C,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAA;IACtE,OAAO,GAAG,IAAI,+BAA+B,CAAA;AAC/C,CAAC;AAmBD;;;;;;GAMG;AACH,SAAS,yBAAyB,CAAC,GAAY;IAC7C,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAA;IACjD,MAAM,CAAC,GAAG,GAA8B,CAAA;IACxC,IAAI,CAAC,CAAC,GAAG,KAAK,KAAK;QAAE,OAAO,KAAK,CAAA;IACjC,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS;QAAE,OAAO,KAAK,CAAA;IACrC,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAA;IAC7D,yEAAyE;IACzE,uEAAuE;IACvE,4CAA4C;IAC5C,IAAI,CAAC,CAAC,CAAC,KAAK,SAAS;QAAE,OAAO,KAAK,CAAA;IACnC,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,GAAG,KAAK,KAAK;QAAE,OAAO,KAAK,CAAA;IACxD,IAAI,CAAC,CAAC,GAAG,KAAK,SAAS,IAAI,CAAC,CAAC,GAAG,KAAK,OAAO;QAAE,OAAO,KAAK,CAAA;IAC1D,IAAI,CAAC,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QAC5B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,KAAK,CAAA;IAC9E,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED;iEACiE;AACjE,SAAS,cAAc,CAAC,GAAe;IACrC,MAAM,KAAK,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;IACpC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,IAAI,CAAA;IAC9C,OAAO,UAAU,CAAC,KAAK,CAAC,CAAA;AAC1B,CAAC;AAED;;8DAE8D;AAC9D,SAAS,YAAY,CAAC,GAAe,EAAE,CAAS;IAC9C,MAAM,GAAG,GAAG,GAAG,CAAC,aAAa,CAAA;IAC7B,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAA;IACnE,IAAI,CAAC,GAAG,GAAG;QAAE,OAAO,KAAK,CAAA;IACzB,MAAM,GAAG,GAAG,GAAG,CAAC,aAAa,CAAA;IAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,IAAI,CAAA;IAClD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAA;IACnE,OAAO,CAAC,GAAG,GAAG,CAAA;AAChB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,SAAS,CAAC,IAAU,EAAE,GAA+B;IACnE,MAAM,IAAI,GAAqB,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,EAAE,CAAC,CAAA;IAEnF,IAAI,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAA;IAC5D,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAA;IACrF,CAAC;IAED,6EAA6E;IAC7E,8EAA8E;IAC9E,6EAA6E;IAC7E,6EAA6E;IAC7E,yEAAyE;IACzE,sDAAsD;IACtD,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QACrE,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;QAC9B,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ;gBAAE,SAAQ;YACvC,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC;gBACpB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,kBAAkB,CAAC,CAAC,GAAG,cAAc,EAAE,CAAA;YAC1F,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAA;QACjB,CAAC;IACH,CAAC;IAED,2EAA2E;IAC3E,wEAAwE;IACxE,uEAAuE;IACvE,gDAAgD;IAChD,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS,EAAE,CAAC;QACpC,IAAI,OAAO,IAAI,CAAC,UAAU,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9E,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,uEAAuE,EAAE,CAAA;QAC5H,CAAC;QACD,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,CAAA;QAC5C,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAA;QACjE,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,mCAAmC,EAAE,CAAA;QACxF,CAAC;IACH,CAAC;IAED,0EAA0E;IAC1E,6EAA6E;IAC7E,yEAAyE;IACzE,IAAI,IAAI,CAAC,GAAG,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,IAAI,CAAC,GAAG,CAAC,CAAA;QAC5D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,oBAAoB,IAAI,CAAC,GAAG,GAAG,EAAE,CAAA;QACpF,CAAC;QACD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,kBAAkB,IAAI,CAAC,GAAG,cAAc,EAAE,CAAA;QAC7F,CAAC;QACD,UAAU,GAAG,OAAO,CAAA;IACtB,CAAC;IAED,8EAA8E;IAC9E,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QAClC,MAAM,CAAC,GAAG,IAAI,CAAC,UAAU,CAAA;QACzB,2EAA2E;QAC3E,sDAAsD;QACtD,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;YAClD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,8CAA8C,EAAE,CAAA;QACnG,CAAC;QACD,UAAU,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;QACzD,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,kDAAkD,EAAE,CAAA;QACvG,CAAC;IACH,CAAC;IAED,IAAI,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,kDAAkD,EAAE,CAAA;IACvG,CAAC;IACD,MAAM,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAA;IACzB,MAAM,GAAG,GAAG,cAAc,CAAC,GAAG,CAAC,CAAA;IAC/B,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,qCAAqC,EAAE,CAAA;IAC1F,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAA;AAC3D,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,MAAM,CAAC,IAAa;IAClC,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAA;IAClD,MAAM,IAAI,GAAI,IAAgC,CAAC,IAAI,CAAA;IACnD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAC1D,OAAO,EAAE,IAAI,EAAE,IAAoB,EAAE,CAAA;AACvC,CAAC"}

package/dist/src/v2/key-resolution/index.d.ts

@@ -1,6 +1,6 @@
 export type { Ed25519JWK, JWKS, KeyResolutionStatus, KeyResolution, KeyLocator, FailurePolicy, CachePolicy, KeyResolverConfig, KeyResolver, } from './types.js';
 export { DEFAULT_TIMEOUT_MS, DEFAULT_CACHE_POLICY } from './types.js';
 export { decodeBase64Url, bytesToHex } from './base64url.js';
-export { parseDIDCycles, isDIDCycles, asJWKS, selectKey, type ParsedDIDCycles, type JWKSelection, } from './did-cycles.js';
+export { parseDIDCycles, isDIDCycles, cyclesJwksUrl, asJWKS, selectKey, type ParsedDIDCycles, type SelectKeyOptions, type JWKSelection, } from './did-cycles.js';
 export { CyclesKeyResolver } from './resolver.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/src/v2/key-resolution/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/v2/key-resolution/index.ts"],"names":[],"mappings":"AAgCA,YAAY,EACV,UAAU,EACV,IAAI,EACJ,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,aAAa,EACb,WAAW,EACX,iBAAiB,EACjB,WAAW,GACZ,MAAM,YAAY,CAAA;AAEnB,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAErE,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAE5D,OAAO,EACL,cAAc,EACd,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,eAAe,EACpB,KAAK,YAAY,GAClB,MAAM,iBAAiB,CAAA;AAExB,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/v2/key-resolution/index.ts"],"names":[],"mappings":"AAgCA,YAAY,EACV,UAAU,EACV,IAAI,EACJ,mBAAmB,EACnB,aAAa,EACb,UAAU,EACV,aAAa,EACb,WAAW,EACX,iBAAiB,EACjB,WAAW,GACZ,MAAM,YAAY,CAAA;AAEnB,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAErE,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAE5D,OAAO,EACL,cAAc,EACd,WAAW,EACX,aAAa,EACb,MAAM,EACN,SAAS,EACT,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,YAAY,GAClB,MAAM,iBAAiB,CAAA;AAExB,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA"}

package/dist/src/v2/key-resolution/index.js

@@ -31,6 +31,6 @@
 // ══════════════════════════════════════════════════════════════════
 export { DEFAULT_TIMEOUT_MS, DEFAULT_CACHE_POLICY } from './types.js';
 export { decodeBase64Url, bytesToHex } from './base64url.js';
-export { parseDIDCycles, isDIDCycles, asJWKS, selectKey, } from './did-cycles.js';
+export { parseDIDCycles, isDIDCycles, cyclesJwksUrl, asJWKS, selectKey, } from './did-cycles.js';
 export { CyclesKeyResolver } from './resolver.js';
 //# sourceMappingURL=index.js.map

package/dist/src/v2/key-resolution/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/v2/key-resolution/index.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,qEAAqE;AACrE,sCAAsC;AACtC,qEAAqE;AACrE,sEAAsE;AACtE,+DAA+D;AAC/D,sEAAsE;AACtE,+CAA+C;AAC/C,EAAE;AACF,YAAY;AACZ,YAAY;AACZ,kEAAkE;AAClE,uEAAuE;AACvE,gEAAgE;AAChE,yDAAyD;AACzD,EAAE;AACF,kBAAkB;AAClB,sEAAsE;AACtE,gCAAgC;AAChC,mEAAmE;AACnE,uEAAuE;AACvE,8DAA8D;AAC9D,+DAA+D;AAC/D,uEAAuE;AACvE,uEAAuE;AACvE,0DAA0D;AAC1D,EAAE;AACF,mEAAmE;AACnE,oEAAoE;AACpE,sDAAsD;AACtD,qEAAqE;AAcrE,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAErE,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAE5D,OAAO,EACL,cAAc,EACd,WAAW,EACX,MAAM,EACN,SAAS,GAGV,MAAM,iBAAiB,CAAA;AAExB,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/v2/key-resolution/index.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,qEAAqE;AACrE,sCAAsC;AACtC,qEAAqE;AACrE,sEAAsE;AACtE,+DAA+D;AAC/D,sEAAsE;AACtE,+CAA+C;AAC/C,EAAE;AACF,YAAY;AACZ,YAAY;AACZ,kEAAkE;AAClE,uEAAuE;AACvE,gEAAgE;AAChE,yDAAyD;AACzD,EAAE;AACF,kBAAkB;AAClB,sEAAsE;AACtE,gCAAgC;AAChC,mEAAmE;AACnE,uEAAuE;AACvE,8DAA8D;AAC9D,+DAA+D;AAC/D,uEAAuE;AACvE,uEAAuE;AACvE,0DAA0D;AAC1D,EAAE;AACF,mEAAmE;AACnE,oEAAoE;AACpE,sDAAsD;AACtD,qEAAqE;AAcrE,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAErE,OAAO,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAA;AAE5D,OAAO,EACL,cAAc,EACd,WAAW,EACX,aAAa,EACb,MAAM,EACN,SAAS,GAIV,MAAM,iBAAiB,CAAA;AAExB,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA"}

package/dist/src/v2/key-resolution/resolver.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"resolver.d.ts","sourceRoot":"","sources":["../../../../src/v2/key-resolution/resolver.ts"],"names":[],"mappings":"AAiCA,OAAO,EAKL,KAAK,UAAU,EACf,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,iBAAiB,EACvB,MAAM,YAAY,CAAA;AAuCnB,qBAAa,iBAAkB,YAAW,WAAW;IACnD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAe;IAC7C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAQ;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAa;IACzC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAc;IACxC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAc;IAClC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAgC;gBAE1C,MAAM,GAAE,iBAAsB;IAS1C,UAAU,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO;IAWlC,OAAO,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,aAAa,CAAC;IAuB1D,OAAO,CAAC,aAAa;YAsBP,aAAa;IAwC3B,OAAO,CAAC,wBAAwB;YAsClB,WAAW;IA+EzB;;qEAEiE;IACjE,OAAO,CAAC,YAAY;IASpB,OAAO,CAAC,SAAS;IAajB,OAAO,CAAC,UAAU;IAQlB,OAAO,CAAC,aAAa;IAQrB,0DAA0D;IAC1D,SAAS,IAAI,MAAM;IAInB,mDAAmD;IACnD,UAAU,IAAI,IAAI;IAMlB,OAAO,CAAC,IAAI;IAIZ,OAAO,CAAC,SAAS;IAYjB;;;;;;;OAOG;IACH,OAAO,CAAC,WAAW;CAwBpB"}
+{"version":3,"file":"resolver.d.ts","sourceRoot":"","sources":["../../../../src/v2/key-resolution/resolver.ts"],"names":[],"mappings":"AAmCA,OAAO,EAKL,KAAK,UAAU,EACf,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,iBAAiB,EACvB,MAAM,YAAY,CAAA;AAuCnB,qBAAa,iBAAkB,YAAW,WAAW;IACnD,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAe;IAC7C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAQ;IAClC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAa;IACzC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAc;IACxC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAc;IAClC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAgC;gBAE1C,MAAM,GAAE,iBAAsB;IAS1C,UAAU,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO;IAWlC,OAAO,CAAC,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,aAAa,CAAC;IAuB1D,OAAO,CAAC,aAAa;YAsBP,aAAa;IAwC3B,OAAO,CAAC,wBAAwB;YAsClB,WAAW;IAyHzB;;qEAEiE;IACjE,OAAO,CAAC,YAAY;IASpB,OAAO,CAAC,SAAS;IAajB,OAAO,CAAC,UAAU;IAQlB,OAAO,CAAC,aAAa;IAQrB,0DAA0D;IAC1D,SAAS,IAAI,MAAM;IAInB,mDAAmD;IACnD,UAAU,IAAI,IAAI;IAMlB,OAAO,CAAC,IAAI;IAIZ,OAAO,CAAC,SAAS;IAYjB;;;;;;;OAOG;IACH,OAAO,CAAC,WAAW;CAwBpB"}

package/dist/src/v2/key-resolution/resolver.js

@@ -20,9 +20,10 @@
 // fetch timeout mirroring the did:web resolver. It does not aggregate
 // across tenants, expose an endpoint, or alert.
 // ══════════════════════════════════════════════════════════════════
+import { createHash } from 'node:crypto';
 import { fromDIDKey, resolveDIDWeb } from '../../core/did-interop.js';
 import { multibaseToHex } from '../../core/did.js';
-import { asJWKS, isDIDCycles, parseDIDCycles, selectKey, } from './did-cycles.js';
+import { asJWKS, cyclesJwksUrl, isDIDCycles, parseDIDCycles, selectKey, } from './did-cycles.js';
 import { decodeBase64Url, bytesToHex } from './base64url.js';
 import { DEFAULT_CACHE_POLICY, DEFAULT_TIMEOUT_MS, } from './types.js';
 /** Scope-of-claim for a successful key resolution. */
@@ -74,9 +75,11 @@ export class CyclesKeyResolver {
         const did = locator.did;
         if (!did)
             return false;
-        return (did.startsWith('did:key:') ||
-            did.startsWith('did:web:') ||
-            did.startsWith('did:cycles:'));
+        // did:cycles is handled here, but is hash-bound: it resolves only with a
+        // serverId (the resolver checks sha256(serverId) against the DID subject and
+        // derives the JWKS URL). A did:cycles locator without serverId fails closed
+        // in resolve(); canResolve reports the method is handled.
+        return did.startsWith('did:key:') || did.startsWith('did:web:') || did.startsWith('did:cycles:');
     }
     async resolve(locator) {
         if (!locator || (!locator.did && !locator.jwksUrl)) {
@@ -190,23 +193,47 @@ export class CyclesKeyResolver {
     }
     // ── did:cycles / direct JWKS (this module's mapping) ─────────────
     async resolveJwks(locator) {
-        let jwksUrl;
         let fragmentKid;
+        let jwksUrl;
         if (locator.did && isDIDCycles(locator.did)) {
+            // did:cycles is HASH-BOUND. The resolver enforces the binding itself and
+            // derives the JWKS URL — it never accepts an unbound did:cycles:
+            //   1. parse the subject hash + kid fragment;
+            //   2. require server_id, and check sha256(server_id) === subject hash
+            //      (fail closed on mismatch) — anchors authority to that server_id;
+            //   3. derive the JWKS URL from server_id (cyclesJwksUrl), NOT from a
+            //      caller-supplied URL (which could point at a different server);
+            //   4. the validity-window gate (issued_at_ms) is MANDATORY here.
+            let serverIdHash;
             try {
-                const parsed = parseDIDCycles(locator.did);
-                jwksUrl = parsed.jwksUrl;
-                fragmentKid = parsed.kid;
+                ;
+                ({ serverIdHash, kid: fragmentKid } = parseDIDCycles(locator.did));
             }
             catch (err) {
                 return this.fail('unsupported', `did:cycles parse failed: ${safeMsg(err)}`);
             }
+            // The canonical signer_did form is did:cycles:<hash>#<kid>; the fragment
+            // names the key in the set and is REQUIRED for resolution.
+            if (!fragmentKid) {
+                return this.fail('unsupported', 'did:cycles requires a #<kid> fragment');
+            }
+            if (!locator.serverId) {
+                return this.fail('unsupported', 'did:cycles requires serverId to establish the sha256 binding');
+            }
+            const computed = createHash('sha256').update(locator.serverId, 'utf8').digest('hex');
+            if (computed !== serverIdHash) {
+                return this.fail('not_found', 'did:cycles subject does not match sha256(server_id) — signer not bound to this server');
+            }
+            if (typeof locator.issuedAtMs !== 'number' || !Number.isInteger(locator.issuedAtMs)) {
+                return this.fail('not_found', 'did:cycles resolution requires an integer issuedAtMs (validity window)');
+            }
+            jwksUrl = cyclesJwksUrl(locator.serverId);
         }
-        else if (locator.jwksUrl) {
+        else {
             jwksUrl = locator.jwksUrl;
         }
-        else {
-            return this.fail('unsupported', 'no did:cycles or jwksUrl present');
+        if (!jwksUrl) {
+            return this.fail('unsupported', 'no did:cycles (with serverId) or jwksUrl present');
         }
         // HTTPS only.
         if (!jwksUrl.startsWith('https://')) {
@@ -216,7 +243,15 @@ export class CyclesKeyResolver {
         if (wantKid === AMBIGUOUS) {
             return this.fail('ambiguous', 'did:cycles fragment and explicit kid disagree');
         }
-        const cacheKey = `jwks:${jwksUrl}|kid:${wantKid ?? ''}`;
+        // Cache the SELECTED key. Selection now depends on the validity window
+        // (issuedAtMs) and the raw-hex signer match (publicKeyHex) too, so both
+        // MUST be in the cache key — otherwise a key selected for one receipt's
+        // issuance window could be wrongly reused for another across a rotation
+        // (the [nbf, exp) gate would be bypassed). (A JWKS-document cache keyed by
+        // URL, with selection re-run per call, would also dedup the fetch across
+        // distinct issuance times — a future optimization.)
+        const cacheKey = `jwks:${jwksUrl}|kid:${wantKid ?? ''}` +
+            `|iat:${locator.issuedAtMs ?? ''}|pk:${locator.publicKeyHex?.toLowerCase() ?? ''}`;
         const cached = this.readCache(cacheKey);
         if (cached)
             return cached;
@@ -249,7 +284,11 @@ export class CyclesKeyResolver {
             // Loaded but structurally wrong: fail-closed even under fail-open.
             return this.storeFail(cacheKey, 'malformed', 'JWKS missing non-empty keys[] array');
         }
-        const selection = selectKey(jwks, wantKid);
+        const selection = selectKey(jwks, {
+            kid: wantKid,
+            issuedAtMs: locator.issuedAtMs,
+            publicKeyHex: locator.publicKeyHex,
+        });
         if (!selection.ok) {
             return this.storeFail(cacheKey, selection.status, selection.reason);
         }