dvlprsh-dcql-test 0.1.8

package/CHANGELOG.md

@@ -0,0 +1,37 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
+
+## [0.1.8](https://github.com/hopae-official/Verifiable-Digital-Credentials/compare/v0.1.7...v0.1.8) (2025-06-15)
+
+**Note:** Version bump only for package @vdcs/dcql
+
+
+
+
+
+## [0.1.7](https://github.com/hopae-official/Verifiable-Digital-Credentials/compare/v0.1.6...v0.1.7) (2025-06-15)
+
+**Note:** Version bump only for package @vdcs/dcql
+
+
+
+
+
+## [0.1.6](https://github.com/hopae-official/Verifiable-Digital-Credentials/compare/v0.1.5...v0.1.6) (2025-06-15)
+
+**Note:** Version bump only for package @vdcs/dcql
+
+
+
+
+
+## [0.1.4](https://github.com/hopae-official/Verifiable-Digital-Credentials/compare/v0.1.2...v0.1.4) (2025-06-08)
+
+
+### Features
+
+* add dcql match feature ([#116](https://github.com/hopae-official/Verifiable-Digital-Credentials/issues/116)) ([952ff48](https://github.com/hopae-official/Verifiable-Digital-Credentials/commit/952ff48f4adc5908552e2737f025e8a48142cea3))
+* add dcql serialization feature ([#103](https://github.com/hopae-official/Verifiable-Digital-Credentials/issues/103)) ([887e3c1](https://github.com/hopae-official/Verifiable-Digital-Credentials/commit/887e3c1c59eacb01a5d1c30db6ab32f8b89756ba))
+* implement SdJwtVcCredential query parse ([#114](https://github.com/hopae-official/Verifiable-Digital-Credentials/issues/114)) ([51778d1](https://github.com/hopae-official/Verifiable-Digital-Credentials/commit/51778d1ff7c5877bbf88b0b80533db9ddd46d9ce))

package/dist/index.d.mts

@@ -0,0 +1,135 @@
+type Format = 'dc+sd-jwt' | 'ldp_vc' | 'jwt_vc_json';
+type TrustedAuthority = {
+    type: 'aki' | 'etsi_tl' | 'openid_federation';
+    value: string[];
+};
+type Credential = {
+    id: string;
+    format: Format;
+    /** optional, default is false */
+    multiple?: boolean;
+    meta?: {
+        vct_values: string[];
+    } | {
+        doctype_value: string;
+    };
+    trusted_authorities?: TrustedAuthority[];
+    /** optional, default is true */
+    require_cryptographic_holder_binding?: boolean;
+    claims?: Claims[];
+    claim_sets?: ClaimSet[];
+};
+type CredentialIds = Array<string>;
+type CredentialSet = {
+    options: CredentialIds[];
+    purpose?: string;
+    /** optional, default is true */
+    required?: boolean;
+};
+type rawDCQL = {
+    credentials: Credential[];
+    credential_sets?: CredentialSet[];
+};
+type Claims = {
+    /** optional, but if claim_sets is present, it is required */
+    id?: string;
+    path: Array<string | number | null>;
+    value?: Array<number | string | boolean>;
+};
+type ClaimSet = string[];
+type SdJwtVcCredentialQuery = Credential & {
+    format: 'dc+sd-jwt';
+    meta: {
+        vct_values: string[];
+    };
+};
+type MatchResult = {
+    match: false;
+    matchedClaims?: undefined;
+} | {
+    match: true;
+    matchedClaims: Claims[];
+};
+
+/**
+ * This class represent a credential
+ *
+ *
+ */
+declare abstract class CredentialBase {
+    abstract serialize(): Credential;
+    abstract match(data: Record<string, unknown>): MatchResult;
+}
+
+/**
+ * This class represent DCQL query data structure
+ */
+declare class DCQL {
+    private _credentials;
+    private _credential_sets?;
+    constructor({ credentials, credential_sets, }: {
+        credentials?: CredentialBase[];
+        credential_sets?: CredentialSet[];
+    });
+    addCredential(credential: CredentialBase): this;
+    addCredentialSet(credential_set: CredentialSet): this;
+    serialize(): rawDCQL;
+    static parse(raw: rawDCQL): DCQL;
+    /**
+     * Match credentials against an array of data records according to section 6.4.2 rules.
+     *
+     * If credential_sets is not provided, all credentials in credentials are requested.
+     * Otherwise, the Verifier requests credentials satisfying:
+     * - All required credential sets (where required is true or omitted)
+     * - Optionally, any other credential sets
+     *
+     * @param dataRecords Array of data records to match against
+     * @returns Object containing match result and matched credentials with their claims
+     */
+    match(dataRecords: Record<string, unknown>[]): {
+        match: boolean;
+        matchedCredentials?: Array<{
+            credential: Record<string, unknown>;
+            matchedClaims: Claims[];
+            dataIndex: number;
+        }>;
+    };
+    /**
+     * Check if a credential set is satisfied by the matched credential IDs
+     * A credential set is satisfied if at least one of its options is satisfied
+     */
+    private isCredentialSetSatisfied;
+}
+
+declare class SdJwtVcCredential implements CredentialBase {
+    readonly id: string;
+    readonly vct_values: string[];
+    private _multiple?;
+    private _trusted_authorities?;
+    private _require_cryptographic_holder_binding?;
+    private _claims?;
+    private _claim_sets?;
+    constructor(id: string, vct_values: string[], options?: {
+        multiple?: boolean;
+        trusted_authorities?: TrustedAuthority[];
+        require_cryptographic_holder_binding?: boolean;
+        claims?: Claims[];
+        claim_sets?: ClaimSet[];
+    });
+    setMultiple(multiple: boolean): this;
+    setTrustedAuthorities(trusted_authorities: TrustedAuthority[]): this;
+    setRequireCryptographicHolderBinding(require_cryptographic_holder_binding: boolean): this;
+    setClaims(claims: Claims[]): this;
+    setClaimSets(claim_sets: ClaimSet[]): this;
+    serialize(): Credential;
+    match(data: Record<string, unknown>): MatchResult;
+    /**
+     * Helper method to check if a specific claim matches against the data
+     * Implements semantics for JSON-based credentials as specified in section 7.1
+     */
+    private matchClaim;
+    static parseSdJwtCredential(c: Credential): CredentialBase;
+    private static validateCredential;
+}
+
+export { type ClaimSet, type Claims, type Credential, CredentialBase, type CredentialIds, type CredentialSet, DCQL, type Format, type MatchResult, SdJwtVcCredential, type SdJwtVcCredentialQuery, type TrustedAuthority, type rawDCQL };

package/dist/index.d.ts

@@ -0,0 +1,135 @@
+type Format = 'dc+sd-jwt' | 'ldp_vc' | 'jwt_vc_json';
+type TrustedAuthority = {
+    type: 'aki' | 'etsi_tl' | 'openid_federation';
+    value: string[];
+};
+type Credential = {
+    id: string;
+    format: Format;
+    /** optional, default is false */
+    multiple?: boolean;
+    meta?: {
+        vct_values: string[];
+    } | {
+        doctype_value: string;
+    };
+    trusted_authorities?: TrustedAuthority[];
+    /** optional, default is true */
+    require_cryptographic_holder_binding?: boolean;
+    claims?: Claims[];
+    claim_sets?: ClaimSet[];
+};
+type CredentialIds = Array<string>;
+type CredentialSet = {
+    options: CredentialIds[];
+    purpose?: string;
+    /** optional, default is true */
+    required?: boolean;
+};
+type rawDCQL = {
+    credentials: Credential[];
+    credential_sets?: CredentialSet[];
+};
+type Claims = {
+    /** optional, but if claim_sets is present, it is required */
+    id?: string;
+    path: Array<string | number | null>;
+    value?: Array<number | string | boolean>;
+};
+type ClaimSet = string[];
+type SdJwtVcCredentialQuery = Credential & {
+    format: 'dc+sd-jwt';
+    meta: {
+        vct_values: string[];
+    };
+};
+type MatchResult = {
+    match: false;
+    matchedClaims?: undefined;
+} | {
+    match: true;
+    matchedClaims: Claims[];
+};
+
+/**
+ * This class represent a credential
+ *
+ *
+ */
+declare abstract class CredentialBase {
+    abstract serialize(): Credential;
+    abstract match(data: Record<string, unknown>): MatchResult;
+}
+
+/**
+ * This class represent DCQL query data structure
+ */
+declare class DCQL {
+    private _credentials;
+    private _credential_sets?;
+    constructor({ credentials, credential_sets, }: {
+        credentials?: CredentialBase[];
+        credential_sets?: CredentialSet[];
+    });
+    addCredential(credential: CredentialBase): this;
+    addCredentialSet(credential_set: CredentialSet): this;
+    serialize(): rawDCQL;
+    static parse(raw: rawDCQL): DCQL;
+    /**
+     * Match credentials against an array of data records according to section 6.4.2 rules.
+     *
+     * If credential_sets is not provided, all credentials in credentials are requested.
+     * Otherwise, the Verifier requests credentials satisfying:
+     * - All required credential sets (where required is true or omitted)
+     * - Optionally, any other credential sets
+     *
+     * @param dataRecords Array of data records to match against
+     * @returns Object containing match result and matched credentials with their claims
+     */
+    match(dataRecords: Record<string, unknown>[]): {
+        match: boolean;
+        matchedCredentials?: Array<{
+            credential: Record<string, unknown>;
+            matchedClaims: Claims[];
+            dataIndex: number;
+        }>;
+    };
+    /**
+     * Check if a credential set is satisfied by the matched credential IDs
+     * A credential set is satisfied if at least one of its options is satisfied
+     */
+    private isCredentialSetSatisfied;
+}
+
+declare class SdJwtVcCredential implements CredentialBase {
+    readonly id: string;
+    readonly vct_values: string[];
+    private _multiple?;
+    private _trusted_authorities?;
+    private _require_cryptographic_holder_binding?;
+    private _claims?;
+    private _claim_sets?;
+    constructor(id: string, vct_values: string[], options?: {
+        multiple?: boolean;
+        trusted_authorities?: TrustedAuthority[];
+        require_cryptographic_holder_binding?: boolean;
+        claims?: Claims[];
+        claim_sets?: ClaimSet[];
+    });
+    setMultiple(multiple: boolean): this;
+    setTrustedAuthorities(trusted_authorities: TrustedAuthority[]): this;
+    setRequireCryptographicHolderBinding(require_cryptographic_holder_binding: boolean): this;
+    setClaims(claims: Claims[]): this;
+    setClaimSets(claim_sets: ClaimSet[]): this;
+    serialize(): Credential;
+    match(data: Record<string, unknown>): MatchResult;
+    /**
+     * Helper method to check if a specific claim matches against the data
+     * Implements semantics for JSON-based credentials as specified in section 7.1
+     */
+    private matchClaim;
+    static parseSdJwtCredential(c: Credential): CredentialBase;
+    private static validateCredential;
+}
+
+export { type ClaimSet, type Claims, type Credential, CredentialBase, type CredentialIds, type CredentialSet, DCQL, type Format, type MatchResult, SdJwtVcCredential, type SdJwtVcCredentialQuery, type TrustedAuthority, type rawDCQL };

package/dist/index.js

@@ -0,0 +1,341 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __publicField = (obj, key, value) => {
+  __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+  return value;
+};
+
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  CredentialBase: () => CredentialBase,
+  DCQL: () => DCQL,
+  SdJwtVcCredential: () => SdJwtVcCredential
+});
+module.exports = __toCommonJS(src_exports);
+
+// src/match.ts
+var pathMatch = /* @__PURE__ */ __name((path, data) => {
+  let selectedElements = [
+    data
+  ];
+  for (const component of path) {
+    const nextSelectedElements = [];
+    for (const element of selectedElements) {
+      if (typeof component === "string") {
+        if (element === null || typeof element !== "object" || Array.isArray(element)) {
+          throw new Error("Path component requires object but found non-object element");
+        }
+        if (component in element) {
+          nextSelectedElements.push(element[component]);
+        }
+      } else if (component === null) {
+        if (element === null || !Array.isArray(element)) {
+          throw new Error("Null path component requires array but found non-array element");
+        }
+        nextSelectedElements.push(...element);
+      } else if (typeof component === "number" && component >= 0 && Number.isInteger(component)) {
+        if (element === null || !Array.isArray(element)) {
+          throw new Error("Numeric path component requires array but found non-array element");
+        }
+        if (component < element.length) {
+          nextSelectedElements.push(element[component]);
+        }
+      } else {
+        throw new Error(`Invalid path component: ${component}`);
+      }
+    }
+    if (nextSelectedElements.length === 0) {
+      throw new Error("No elements selected after processing path component");
+    }
+    selectedElements = nextSelectedElements;
+  }
+  return selectedElements;
+}, "pathMatch");
+
+// src/credentials/sdjwtvc.credential.ts
+var _SdJwtVcCredential = class _SdJwtVcCredential {
+  constructor(id, vct_values, options) {
+    __publicField(this, "id");
+    __publicField(this, "vct_values");
+    __publicField(this, "_multiple");
+    __publicField(this, "_trusted_authorities");
+    __publicField(this, "_require_cryptographic_holder_binding");
+    __publicField(this, "_claims");
+    __publicField(this, "_claim_sets");
+    this.id = id;
+    this.vct_values = vct_values;
+    if (options) {
+      this._multiple = options.multiple;
+      this._trusted_authorities = options.trusted_authorities;
+      this._require_cryptographic_holder_binding = options.require_cryptographic_holder_binding;
+      this._claims = options.claims;
+      this._claim_sets = options.claim_sets;
+    }
+  }
+  setMultiple(multiple) {
+    this._multiple = multiple;
+    return this;
+  }
+  setTrustedAuthorities(trusted_authorities) {
+    this._trusted_authorities = trusted_authorities;
+    return this;
+  }
+  setRequireCryptographicHolderBinding(require_cryptographic_holder_binding) {
+    this._require_cryptographic_holder_binding = require_cryptographic_holder_binding;
+    return this;
+  }
+  setClaims(claims) {
+    this._claims = claims;
+    return this;
+  }
+  setClaimSets(claim_sets) {
+    if (!this._claims || this._claims.length === 0) {
+      throw new Error("Claims must be set before claim sets");
+    }
+    if (!this._claims.every((c) => c.id !== void 0)) {
+      throw new Error("Claims must not have an id before claim sets");
+    }
+    this._claim_sets = claim_sets;
+    return this;
+  }
+  serialize() {
+    return {
+      id: this.id,
+      format: "dc+sd-jwt",
+      meta: {
+        vct_values: this.vct_values
+      },
+      multiple: this._multiple,
+      trusted_authorities: this._trusted_authorities,
+      require_cryptographic_holder_binding: this._require_cryptographic_holder_binding,
+      claims: this._claims,
+      claim_sets: this._claim_sets
+    };
+  }
+  match(data) {
+    if (data["vct"] !== void 0 && !this.vct_values.includes(data["vct"])) {
+      return {
+        match: false
+      };
+    }
+    if (!this._claims || this._claims.length === 0) {
+      return {
+        match: true,
+        matchedClaims: []
+      };
+    }
+    if (this._claim_sets && this._claim_sets.length > 0) {
+      for (const claimSet of this._claim_sets) {
+        const claimsInSet = this._claims.filter((claim) => claim.id !== void 0 && claimSet.includes(claim.id));
+        const allClaimsMatch = claimsInSet.every((claim) => this.matchClaim(claim, data));
+        if (allClaimsMatch && claimsInSet.length > 0) {
+          return {
+            match: true,
+            matchedClaims: claimsInSet
+          };
+        }
+      }
+      return {
+        match: false
+      };
+    } else {
+      const satisfiableClaims = this._claims.every((claim) => this.matchClaim(claim, data));
+      if (satisfiableClaims) {
+        return {
+          match: true,
+          matchedClaims: this._claims
+        };
+      }
+    }
+    return {
+      match: false
+    };
+  }
+  /**
+  * Helper method to check if a specific claim matches against the data
+  * Implements semantics for JSON-based credentials as specified in section 7.1
+  */
+  matchClaim(claim, data) {
+    try {
+      const selectedElements = pathMatch(claim.path, data);
+      if (selectedElements.length === 0) {
+        return false;
+      }
+      if (!claim.value || claim.value.length === 0) {
+        return true;
+      }
+      return selectedElements.some((element) => claim.value.some((val) => val === element));
+    } catch (error) {
+      return false;
+    }
+  }
+  static parseSdJwtCredential(c) {
+    if (!this.validateCredential(c)) {
+      throw new Error("Invalid credential");
+    }
+    const sdJwtVcCredential = new _SdJwtVcCredential(c.id, c.meta.vct_values, {
+      multiple: c.multiple,
+      trusted_authorities: c.trusted_authorities,
+      require_cryptographic_holder_binding: c.require_cryptographic_holder_binding,
+      claims: c.claims,
+      claim_sets: c.claim_sets
+    });
+    return sdJwtVcCredential;
+  }
+  static validateCredential(c) {
+    if (c.format !== "dc+sd-jwt") {
+      throw new Error("Invalid credential format");
+    }
+    if (!c.meta || !("vct_values" in c.meta)) {
+      throw new Error("Invalid credential meta");
+    }
+    return true;
+  }
+};
+__name(_SdJwtVcCredential, "SdJwtVcCredential");
+var SdJwtVcCredential = _SdJwtVcCredential;
+
+// src/dcql.ts
+var _DCQL = class _DCQL {
+  constructor({ credentials, credential_sets }) {
+    __publicField(this, "_credentials", []);
+    __publicField(this, "_credential_sets");
+    this._credentials = credentials ?? [];
+    this._credential_sets = credential_sets;
+  }
+  addCredential(credential) {
+    this._credentials.push(credential);
+    return this;
+  }
+  addCredentialSet(credential_set) {
+    if (!this._credential_sets) {
+      this._credential_sets = [];
+    }
+    this._credential_sets.push(credential_set);
+    return this;
+  }
+  serialize() {
+    return {
+      credentials: this._credentials.map((c) => c.serialize()),
+      credential_sets: this._credential_sets
+    };
+  }
+  static parse(raw) {
+    const credentials = raw.credentials.map((c) => {
+      if (c.format === "dc+sd-jwt") {
+        return SdJwtVcCredential.parseSdJwtCredential(c);
+      }
+      throw new Error("Invalid credential format");
+    });
+    return new _DCQL({
+      credentials,
+      credential_sets: raw.credential_sets
+    });
+  }
+  /**
+  * Match credentials against an array of data records according to section 6.4.2 rules.
+  *
+  * If credential_sets is not provided, all credentials in credentials are requested.
+  * Otherwise, the Verifier requests credentials satisfying:
+  * - All required credential sets (where required is true or omitted)
+  * - Optionally, any other credential sets
+  *
+  * @param dataRecords Array of data records to match against
+  * @returns Object containing match result and matched credentials with their claims
+  */
+  match(dataRecords) {
+    if (this._credentials.length === 0) {
+      return {
+        match: false
+      };
+    }
+    const allMatches = [];
+    this._credentials.forEach((credential) => {
+      dataRecords.forEach((data, index) => {
+        const result = credential.match(data);
+        if (result.match) {
+          allMatches.push({
+            credential: data,
+            dcqlCredential: credential,
+            matchedClaims: result.matchedClaims,
+            dataIndex: index
+          });
+        }
+      });
+    });
+    if (allMatches.length === 0) {
+      return {
+        match: false
+      };
+    }
+    if (!this._credential_sets || this._credential_sets.length === 0) {
+      return {
+        match: true,
+        matchedCredentials: allMatches
+      };
+    }
+    const matchedIds = new Set(allMatches.map((match) => {
+      const serialized = match.dcqlCredential.serialize();
+      return serialized.id;
+    }));
+    const requiredSets = this._credential_sets.filter((set) => set.required === void 0 || set.required === true);
+    const satisfiedRequiredSets = requiredSets.every((set) => this.isCredentialSetSatisfied(set, matchedIds));
+    if (!satisfiedRequiredSets) {
+      return {
+        match: false
+      };
+    }
+    return {
+      match: true,
+      matchedCredentials: allMatches.map((matches) => {
+        return {
+          credential: matches.credential,
+          matchedClaims: matches.matchedClaims,
+          dataIndex: matches.dataIndex
+        };
+      })
+    };
+  }
+  /**
+  * Check if a credential set is satisfied by the matched credential IDs
+  * A credential set is satisfied if at least one of its options is satisfied
+  */
+  isCredentialSetSatisfied(set, matchedIds) {
+    return set.options.some((option) => {
+      return option.every((credentialId) => matchedIds.has(credentialId));
+    });
+  }
+};
+__name(_DCQL, "DCQL");
+var DCQL = _DCQL;
+
+// src/credentials/credential.ts
+var _CredentialBase = class _CredentialBase {
+};
+__name(_CredentialBase, "CredentialBase");
+var CredentialBase = _CredentialBase;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  CredentialBase,
+  DCQL,
+  SdJwtVcCredential
+});