refactor: replace @transmute with digitalbazaar#6230
Open
Pyatakov wants to merge 12 commits into
Open
Conversation
Pyatakov
force-pushed
the
refactor/replace-transmute-with-digitalbazaar
branch
from
646710e to
1e97a64
Compare
The @transmute/0.7.0-unstable.80 packages are abandoned prereleases with no stable release. Replace them with actively maintained @digitalbazaar equivalents. Vendor schemasToContext and the BBS JSON-LD context in-tree to remove the last two transmute deps. Signed-off-by: Alex Piatakov <alex.piatakov@swirldslabs.com>
The @digitalbazaar/ed25519-signature-2018 suite requires the resolved verification method to carry the suite context and authorizes the controller by absolute assertionMethod id. Guardian DID documents use only the did/v1 context with relative assertionMethod refs, so Ed25519 credential verification failed under the new stack (no test caught it, as the existing suite never calls verify). Wrap the document loader in the Ed25519 verify branch to serve the suite context, return the verification method as a key node carrying it, and resolve assertionMethod refs to absolute ids. The BBS path is untouched. Add a signing/verification test backed by a credential signed with the previous stack to lock in backward compatibility. Signed-off-by: Alex Piatakov <alex.piatakov@swirldslabs.com>
Migrating off @transmute removes the jsonld-signatures@7 that the archived @mattrglobal BBS suites require, so BbsBlsSignature2020 signing (used automatically for EVC schemas) breaks under the new stack with a cryptic library error. Gate EVC issuance at the schema->signature-type decision with a clear, intentional error until the BBS cryptosuite migration restores the path (tracked as a follow-up). Ed25519 issuance and verification are unaffected. Signed-off-by: Alex Piatakov <alex.piatakov@swirldslabs.com>
Add fidelity tests pinning the in-tree vendored schemasToContext and the vendored bls12381-2020-v1 (BBS) context to the output the previous @transmute implementation produced. Schema-context output is baked into published credentials and BBS verification is canonicalization-sensitive, so this catches silent drift in the vendored copies. Signed-off-by: Alex Piatakov <alex.piatakov@swirldslabs.com>
- Extract the schema validation result class out of the vendored schemasToContext module into SchemaValidationResult (own file) - Type the @digitalbazaar/vc verification result (VerificationResult) - Rename the vc lib import alias from vcjs to vcLib to avoid clashing with the VCJS class - Note that signPresentation expects an already-formed VP Signed-off-by: Alex Piatakov <alex.piatakov@swirldslabs.com>
- Document the two-URL BBS context alias in the default loader - Document the schema.org/text @id->@type rewrite in schemasToContext - Test property-embedding extraction: homogeneous $comment maps correctly, a mixed embedding attribute throws - Test the schema.org/text @id->@type rewrite Signed-off-by: Alex Piatakov <alex.piatakov@swirldslabs.com>
Reference the verification result type through the vcLib namespace import instead of a second named import (no-duplicate-imports). Signed-off-by: Alex Piatakov <alex.piatakov@swirldslabs.com>
The vendored schemasToContext (ported from @transmute) detected a property's embedding via its own attribute but always extracted using the class's, crashing on a property whose embedding attribute differs from the class's. Extract using the property's own attribute. Output is byte-identical for schemas that use a single embedding attribute throughout (all Guardian schemas) - the fidelity test still matches the previous implementation. Updates the extraction test to cover the mixed-attribute case. Signed-off-by: Alex Piatakov <alex.piatakov@swirldslabs.com>
Signed-off-by: Alex Piatakov <alex.piatakov@swirldslabs.com>
Signed-off-by: Alex Piatakov <alex.piatakov@swirldslabs.com>
Pyatakov
force-pushed
the
refactor/replace-transmute-with-digitalbazaar
branch
from
e01637d to
9d17c8e
Compare
The geojson test esmocked @transmute/jsonld-schema, removed by the migration. Repoint the mock to the vendored schemas-to-context-impl. Signed-off-by: Alex Piatakov <alex.piatakov@swirldslabs.com>
Drop the -impl suffix (a Java-ism); the jsonld-schema/ folder already signals the vendored module, so index.ts reads as its entry point. Signed-off-by: Alex Piatakov <alex.piatakov@swirldslabs.com>
Pyatakov
force-pushed
the
refactor/replace-transmute-with-digitalbazaar
branch
from
a09e284 to
3ceba1b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Replace six abandoned
@transmute/0.7.0-unstable.80prereleases with actively maintained@digitalbazaarequivalents incommonandmrv-sender. The transmute packages never reached a stable release and are no longer maintained.@transmute/vc.jswith@digitalbazaar/vc; rename call sites (createVerifiableCredential→issue,createVerifiablePresentation→signPresentation,verifyVerifiableCredential→verifyCredential)@transmute/ed25519-signature-2018with@digitalbazaar/ed25519-signature-2018+@digitalbazaar/ed25519-verification-key-2018@transmute/credentials-contextwith@digitalbazaar/credentials-context@transmute/did-contextwithdid-context(digitalbazaar, unscoped)@transmute/security-contextwith@digitalbazaar/security-context@transmute/jsonld-schema; vendorschemasToContextin-tree ascommon/src/helpers/jsonld-schema/schemas-to-context-impl.ts(Apache-2.0 source)https://w3id.org/security/bbs/v1JSON-LD context, served for both its published URLs, to keep the existing BBS verification path resolvable without the transmute security-context alias@digitalbazaar/*packages incommonandmrv-senderassertionMethodidBbsBlsSignature2020) signing with a clear error pending the BBS cryptosuite migration; the Ed25519 path is unaffectedSchemaValidationResultclass and type the@digitalbazaar/vcverification resultschemasToContextand BBS context against the previous stack; property-embedding extraction and theschema.org/text@id→@typerewrite