@nuwa-ai/identity-kit

import { K as KeyType, V as VerificationRelationship, S as SignerInterface, a as KeyStore, D as DIDDocumentCache, b as DIDDocument, A as AbstractVDR, c as VerificationMethod, d as ServiceEndpoint, e as DIDCreationRequest, f as DIDCreationResult, C as CADOPCreationRequest, g as VDRRegistry, R as RoochVDR, h as VDRInterface, i as ServiceInfo, I as IdentityKit, j as KeyTypeInput, k as DIDResolver, l as StoredKey } from './index-mXR5ZAzF.cjs'; export { Y as CreateCadopDidOptions, X as CreateSelfDidOptions, W as CreateSelfDidResult, Z as EnvironmentCheck, F as IdentityEnv, G as IdentityEnvBuilder, m as KEY_TYPE, E as KeyManager, B as KeyManagerOptions, M as MemoryKeyStore, O as OperationalKeyInfo, u as RoochClientConfig, P as RoochTestUtils, v as RoochTransactionResult, z as RoochTxnOptions, y as RoochVDROperationOptions, w as RoochVDROptions, x as StoreResult, T as TestEnv, U as TestEnvOptions, p as algorithmToKeyType, H as bootstrapIdentityEnv, Q as bootstrapRoochTestEnv, L as createCadopCustodian, N as createDidViaCadop, J as createSelfDid, s as getSupportedAlgorithms, n as isKeyType, q as keyTypeToAlgorithm, o as keyTypeToRoochSignatureScheme, r as roochSignatureSchemeToKeyType, t as toKeyType } from './index-mXR5ZAzF.cjs'; import { Signer, RoochAddress, Bytes as Bytes$1, Transaction, Authenticator, SignatureScheme, PublicKey, Address, BitcoinAddress } from '@roochnetwork/rooch-sdk'; /** * VerificationMethod info sent in deep-link add-key request. */ interface VerificationMethodInput { /** * Verification key suite. Should be one of the KeyType enum values. */ type: KeyType; /** Multibase-encoded public key */ publicKeyMultibase: string; /** Suggested fragment for the verification method id */ idFragment: string; } /** * Add-key request payload (v1) for Cadop deep-link protocol. * * NOTE: Located in the core package so that web / mobile / server implementations can reuse the same type. */ interface AddKeyRequestPayloadV1 { /** Protocol version – always 1 for the current specification */ version: 1; /** Verification method details for the key being added */ verificationMethod: VerificationMethodInput; /** DID document relationships to attach the new key to */ verificationRelationships: VerificationRelationship[]; /** Absolute callback URL handled on browser side */ redirectUri: string; /** Random string used for CSRF protection */ state: string; /** Target Agent DID, optional */ agentDid?: string; /** Custom session key scopes (for authentication VM) */ scopes?: string[]; } /** * Union of all supported payload versions. Placed here for future expansion. */ type AddKeyRequestPayload = AddKeyRequestPayloadV1; /** * A unified signer adapter that works with any KeyStore implementation * Implements the SignerInterface by delegating to an underlying KeyStore */ declare class KeyStoreSigner implements SignerInterface { private keyStore; private did?; /** * Create a new KeyStoreSigner * @param keyStore The underlying key store to use * @param did The DID to associate with this signer */ constructor(keyStore: KeyStore, did?: string); /** * List all available key IDs in the underlying store */ listKeyIds(): Promise<string[]>; /** * Sign data using a specific key * @param data Data to sign * @param keyId ID of the key to use for signing * @returns Signature as Uint8Array */ signWithKeyId(data: Uint8Array, keyId: string): Promise<Uint8Array>; /** * Check if a key is available for signing * @param keyId ID of the key to check * @returns True if the key exists and can be used for signing */ canSignWithKeyId(keyId: string): Promise<boolean>; /** * Get the DID associated with this signer. */ getDid(): Promise<string>; /** * Set the DID for this signer * @param did The DID to associate with this signer */ setDid(did: string): void; /** * Get information about a specific key * @param keyId ID of the key to get information about * @returns Key information or undefined if not found */ getKeyInfo(keyId: string): Promise<{ type: KeyType; publicKey: Uint8Array; } | undefined>; } /** * A Rooch Signer implementation that wraps a SignerInterface. * This class implements the Rooch Signer interface while delegating * actual signing operations to the wrapped SignerInterface. */ declare class DidAccountSigner extends Signer implements SignerInterface { private wrappedSigner; private did; private keyId; private didAddress; private keyType; private publicKey; private constructor(); /** * Create a DidAccountSigner instance from a SignerInterface * @param signer The signer to wrap * @param keyId Optional specific keyId to use * @returns A new DidAccountSigner instance */ static create(signer: SignerInterface, keyId?: string): Promise<DidAccountSigner>; getRoochAddress(): RoochAddress; sign(input: Bytes$1): Promise<Bytes$1>; signTransaction(input: Transaction): Promise<Authenticator>; getKeyScheme(): SignatureScheme; getPublicKey(): PublicKey<Address>; getBitcoinAddress(): BitcoinAddress; signWithKeyId(data: Uint8Array, keyId: string): Promise<Uint8Array>; canSignWithKeyId(keyId: string): Promise<boolean>; listKeyIds(): Promise<string[]>; getDid(): Promise<string>; getKeyInfo(keyId: string): Promise<{ type: KeyType; publicKey: Uint8Array; } | undefined>; } /** * A lightweight in-memory LRU cache implementation for DID Documents. * It is intentionally dependency-free so that the SDK does not pull in * additional packages by default. You can replace it with your own * implementation (Redis, IndexedDB, etc.) by implementing the * `DIDDocumentCache` interface and providing it to `VDRRegistry.setCache()`. */ declare class InMemoryLRUDIDDocumentCache implements DIDDocumentCache { private readonly capacity; private readonly map; constructor(maxEntries?: number); get(did: string): DIDDocument | null | undefined; set(did: string, doc: DIDDocument | null): void; has(did: string): boolean; delete(did: string): void; clear(): void; } declare class KeyVDR extends AbstractVDR { private static documentCache; constructor(); /** * Resets the document cache - primarily for testing purposes * to ensure tests don't interfere with each other. */ reset(): void; /** * Override resolve to handle test mode */ resolve(did: string): Promise<DIDDocument | null>; /** * Add a verification method to a did:key document * For did:key, this is mostly a simulation as the document is derived from the key * This operation will update the local cache but not the actual structure of the did:key * * @param did The DID to update * @param verificationMethod The verification method to add * @param relationships Optional relationships to add the verification method to * @param options Additional options like keyId for signing * @returns Promise resolving to true if successful in updating the cache */ addVerificationMethod(did: string, verificationMethod: VerificationMethod, relationships?: VerificationRelationship[], options?: any): Promise<boolean>; /** * Remove a verification method from a did:key document * For did:key, this is mostly a simulation as the document is derived from the key * This operation will update the local cache but not the actual structure of the did:key * * @param did The DID to update * @param keyId The ID of the verification method to remove * @param options Additional options * @returns Promise resolving to true if successful in updating the cache */ removeVerificationMethod(did: string, keyId: string, options?: any): Promise<boolean>; /** * Add a service to a did:key document * For did:key, this is mostly a simulation as the document is derived from the key * This operation will update the local cache but not the actual structure of the did:key * * @param did The DID to update * @param service The service to add * @param options Additional options * @returns Promise resolving to true if successful in updating the cache */ addService(did: string, service: ServiceEndpoint, options?: any): Promise<boolean>; /** * Remove a service from a did:key document * For did:key, this is mostly a simulation as the document is derived from the key * This operation will update the local cache but not the actual structure of the did:key * * @param did The DID to update * @param id The ID of the service to remove * @param options Additional options * @returns Promise resolving to true if successful in updating the cache */ removeService(did: string, serviceId: string, options?: any): Promise<boolean>; /** * Override create method for did:key * For did:key, we can generate the DID from the public key */ create(request: DIDCreationRequest): Promise<DIDCreationResult>; createViaCADOP(request: CADOPCreationRequest, _options?: any): Promise<DIDCreationResult>; /** * Update verification relationships for a verification method */ updateRelationships(did: string, keyId: string, add: VerificationRelationship[], remove: VerificationRelationship[], options?: any): Promise<boolean>; } /** * Factory function to create a VDR instance based on the DID method * * @param method DID method to create a VDR for * @param options Optional configuration for the VDR * @returns A VDR instance for the specified method */ declare function createVDR(method: string, options?: any): VDRInterface; /** * Helper function to create a standard set of VDRs for common methods * * @param options Configuration options for various VDRs * @returns An array of VDR instances */ declare function createDefaultVDRs(options?: { rooch?: any; }): VDRInterface[]; /** * Quickly create a default RoochVDR instance and register it into a VDRRegistry. * * 1. If the registry (default: global singleton) already contains a `rooch` VDR, * the existing instance is returned directly – calling this function is * therefore idempotent. * 2. The `network` parameter is forwarded to `RoochVDR.createDefault`, defaulting * to `'test'` for most development scenarios. * * @param network Rooch network: 'dev' | 'test' | 'main'. Defaults to 'test'. * @param registry Optional registry to register into. Defaults to the global singleton. * @returns The (new or existing) RoochVDR instance. */ declare function initRoochVDR(network?: 'local' | 'dev' | 'test' | 'main', rpcUrl?: string | undefined, registry?: VDRRegistry): RoochVDR; /** * CADOP service types */ declare enum CadopServiceType { CUSTODIAN = "CadopCustodianService", IDP = "CadopIdPService", WEB2_PROOF = "CadopWeb2ProofService" } /** * CADOP service validation rules */ interface CadopServiceValidationRule { requiredProperties: string[]; optionalProperties: string[]; propertyValidators?: Record<string, (value: any) => boolean>; } /** * CadopIdentityKit class for managing CADOP-specific functionality */ declare class CadopIdentityKit { private static readonly SERVICE_VALIDATION_RULES; private nuwaKit; private constructor(); private extractCustodianInfo; /** * Initialize a CadopIdentityKit instance from an existing CADOP service DID */ static fromServiceDID(serviceDid: string, signer: SignerInterface): Promise<CadopIdentityKit>; /** * Create a new DID via CADOP protocol */ createDID(method: string, userDid: string, options?: Record<string, any> & { customScopes?: string[]; }): Promise<DIDCreationResult>; /** * Add a new CADOP service to the service DID document */ addService(service: ServiceInfo): Promise<string>; /** * Remove a CADOP service from the service DID document */ removeService(serviceId: string, options: { keyId: string; signer?: SignerInterface; }): Promise<boolean>; /** * Get the underlying IdentityKit instance */ getNuwaIdentityKit(): IdentityKit; /** * Find all custodian services in the service document */ findCustodianServices(): ServiceEndpoint[]; /** * Find all IdP services in the service document */ findIdPServices(): ServiceEndpoint[]; /** * Find all Web2 proof services in the service document */ findWeb2ProofServices(): ServiceEndpoint[]; /** * Find services by type in the service document */ private findServicesByType; /** * Validate a service against its type-specific validation rules */ private static validateService; } /** * Supported multibase names – use these with the generic `encode()` API. */ type MultibaseName = 'base58btc' | 'base64pad' | 'base64' | 'base64url' | 'base64urlpad' | 'base16'; /** * Base multibase codec implementation * Provides basic encoding/decoding functionality without key type awareness */ declare class MultibaseCodec { /** * Generic encode * Example: `MultibaseCodec.encode(bytes, 'base64url')` */ static encode(data: Uint8Array | string, base: MultibaseName): string; /** * Encode bytes to base58btc format * @param bytes The bytes to encode * @returns base58btc encoded string with 'z' prefix */ static encodeBase58btc(bytes: Uint8Array): string; /** * Encode bytes to base64pad format * @param bytes The bytes to encode * @returns base64pad encoded string with 'M' prefix */ static encodeBase64pad(data: Uint8Array | string): string; /** * Encode bytes to base16 (hex) format * @param bytes The bytes to encode * @returns base16 encoded string with 'f' prefix */ static encodeBase16(bytes: Uint8Array): string; /** * Encode bytes to base64 format * @param bytes The bytes to encode * @returns base64 encoded string */ static encodeBase64(data: Uint8Array | string): string; /** * Encode bytes to base64url format (RFC4648 URL-safe, no padding) * @param bytes The bytes to encode * @returns base64url encoded string with 'u' prefix */ static encodeBase64url(data: Uint8Array | string): string; /** * Encode bytes to base64urlpad format (URL-safe with padding) * @param bytes The bytes to encode * @returns base64urlpad encoded string with 'U' prefix */ static encodeBase64urlpad(data: Uint8Array | string): string; /** * Decode base58btc string to bytes * @param encoded The base58btc encoded string * @returns decoded bytes */ static decodeBase58btc(encoded: string): Uint8Array; /** * Decode base64pad string to bytes * @param encoded The base64pad encoded string * @returns decoded bytes */ static decodeBase64pad(encoded: string): Uint8Array; /** * Decode base16 string to bytes * @param encoded The base16 encoded string * @returns decoded bytes */ static decodeBase16(encoded: string): Uint8Array; /** * Decode base64 string to bytes * @param encoded The base64 encoded string * @returns decoded bytes */ static decodeBase64(encoded: string): Uint8Array; /** * Decode base64url string to bytes * @param encoded The base64url encoded string * @returns decoded bytes */ static decodeBase64url(encoded: string): Uint8Array; /** * Decode base64url string to string * @param encoded The base64url encoded string * @returns decoded string */ static decodeBase64urlToString(encoded: string): string; /** * Decode base64urlpad string to bytes * @param encoded The base64urlpad encoded string * @returns decoded bytes */ static decodeBase64urlpad(encoded: string): Uint8Array; /** * Decode base64urlpad string to string * @param encoded The base64urlpad encoded string * @returns decoded string */ static decodeBase64urlpadToString(encoded: string): string; /** * Decode multibase encoded string to bytes * After multiformats v9, there is no longer a single "universal base" object; * the official recommendation is to manually dispatch prefixes between the few *.decoder objects you use. * @param encoded The multibase encoded string * @returns decoded bytes */ static decode(encoded: string): Uint8Array; } /** * Key multibase codec implementation * Handles encoding/decoding of cryptographic keys with type information */ declare class KeyMultibaseCodec { private static readonly ED25519_PREFIX; private static readonly SECP256K1_PREFIX; private static readonly ECDSA_R1_PREFIX; private static readonly ED25519_KEY_LENGTH; private static readonly SECP256K1_KEY_LENGTH; private static readonly ECDSA_R1_KEY_LENGTH; /** * Encode public key with multicodec prefix * @param bytes The public key bytes * @param keyType The key type * @returns multibase encoded string */ static encodeWithType(bytes: Uint8Array, keyType: KeyType): string; /** * Decode multibase encoded key * @param encoded The multibase encoded string * @returns The key type and public key bytes */ static decodeWithType(encoded: string): { keyType: KeyType; bytes: Uint8Array; }; private static getMulticodecPrefix; private static concatenateBytes; private static extractKeyType; private static extractBytes; private static getExpectedKeyLength; } /** * DID key codec implementation * Handles encoding/decoding of did:key identifiers */ declare class DidKeyCodec { /** * Generate did:key from public key * @param publicKey The public key bytes * @param keyType The key type * @returns did:key identifier */ static generateDidKey(publicKey: Uint8Array, keyType: KeyType): string; /** * Parse did:key to get key type and public key * @param didKey The did:key identifier * @returns The key type and public key bytes */ static parseDidKey(didKey: string): { keyType: KeyType; publicKey: Uint8Array; }; } /** * Interface for key pair generation and cryptographic operations */ interface CryptoProvider { /** * Generate a key pair * @returns A promise resolving to public and private key pair */ generateKeyPair(): Promise<{ publicKey: Uint8Array; privateKey: Uint8Array; }>; /** * Sign data with private key * @param data Data to sign * @param privateKey Private key to sign with (can be Uint8Array or CryptoKey) * @returns Signature as Uint8Array */ sign(data: Uint8Array, privateKey: Uint8Array | CryptoKey): Promise<Uint8Array>; /** * Verify signature * @param data Original data * @param signature Signature to verify * @param publicKey Public key to verify with (can be Uint8Array or JsonWebKey) * @returns Whether the signature is valid */ verify(data: Uint8Array, signature: Uint8Array, publicKey: Uint8Array | JsonWebKey): Promise<boolean>; /** * Get the key type supported by this provider */ getKeyType(): KeyType; /** * Derive public key from private key * @param privateKey The private key bytes * @returns The corresponding public key bytes */ derivePublicKey(privateKey: Uint8Array): Promise<Uint8Array>; } /** * Interface for crypto provider factory */ interface CryptoProviderFactory { /** * Create a crypto provider for the specified key type * @param keyType The key type to create provider for * @returns A crypto provider instance */ createProvider(keyType: KeyType): CryptoProvider; /** * Check if this factory supports the specified key type * @param keyType The key type to check */ supports(keyType: KeyType): boolean; } declare class DefaultCryptoProviderFactory implements CryptoProviderFactory { private providers; constructor(); createProvider(keyType: KeyType): CryptoProvider; supports(keyType: KeyType): boolean; } /** * Default instance of the crypto provider factory */ declare const defaultCryptoProviderFactory: DefaultCryptoProviderFactory; declare class Ed25519Provider implements CryptoProvider { private crypto; constructor(); generateKeyPair(): Promise<{ publicKey: Uint8Array; privateKey: Uint8Array; }>; sign(data: Uint8Array, privateKey: Uint8Array | CryptoKey): Promise<Uint8Array>; verify(data: Uint8Array, signature: Uint8Array, publicKey: Uint8Array | JsonWebKey): Promise<boolean>; getKeyType(): KeyType; derivePublicKey(privateKey: Uint8Array): Promise<Uint8Array>; } declare class Secp256k1Provider implements CryptoProvider { generateKeyPair(): Promise<{ publicKey: Uint8Array; privateKey: Uint8Array; }>; sign(data: Uint8Array, privateKey: Uint8Array | CryptoKey): Promise<Uint8Array>; verify(data: Uint8Array, signature: Uint8Array, publicKey: Uint8Array | JsonWebKey): Promise<boolean>; getKeyType(): KeyType; derivePublicKey(privateKey: Uint8Array): Promise<Uint8Array>; } declare class EcdsaR1Provider implements CryptoProvider { private crypto; constructor(); generateKeyPair(): Promise<{ publicKey: Uint8Array; privateKey: Uint8Array; }>; private compressPublicKey; private decompressPublicKey; sign(data: Uint8Array, privateKey: Uint8Array | CryptoKey): Promise<Uint8Array>; private convertDERSignatureToRaw; private convertRawToDER; verify(data: Uint8Array, signature: Uint8Array, publicKey: Uint8Array | JsonWebKey): Promise<boolean>; getKeyType(): KeyType; derivePublicKey(privateKey: Uint8Array): Promise<Uint8Array>; } /** * CryptoUtils provides cross-platform cryptographic utilities for DID operations. * It abstracts the complexity of different key types and formats. */ declare class CryptoUtils { /** * Generates a key pair based on the specified curve * @param type The key type to generate (Ed25519VerificationKey2020 or EcdsaSecp256k1VerificationKey2019 or EcdsaSecp256r1VerificationKey2019) * @returns A key pair containing public and private keys */ static generateKeyPair(type?: KeyTypeInput): Promise<{ publicKey: Uint8Array; privateKey: Uint8Array; }>; /** * Signs data using the specified private key * @param data The data to sign * @param privateKey The private key to use for signing (can be Uint8Array or CryptoKey) * @param type The key type (Ed25519VerificationKey2020 or EcdsaSecp256k1VerificationKey2019) * @returns The signature as a Uint8Array */ static sign(data: Uint8Array, privateKey: Uint8Array | CryptoKey, type: KeyTypeInput): Promise<Uint8Array>; /** * Verifies a signature using the specified public key * @param data The original data * @param signature The signature to verify * @param publicKey The public key to use for verification (can be Uint8Array or JsonWebKey) * @param type The key type (Ed25519VerificationKey2020 or EcdsaSecp256k1VerificationKey2019) * @returns Whether the signature is valid */ static verify(data: Uint8Array, signature: Uint8Array, publicKey: Uint8Array | JsonWebKey, type: KeyTypeInput): Promise<boolean>; /** * Derive public key from private key * @param privateKey The private key bytes * @param keyType The key type * @returns The corresponding public key bytes */ static derivePublicKey(privateKey: Uint8Array, keyType: KeyTypeInput): Promise<Uint8Array>; /** * Validate the consistency between a private key and public key pair * @param privateKey The private key bytes * @param publicKey The public key bytes * @param keyType The key type * @returns true if the keys are consistent, false otherwise */ static validateKeyPairConsistency(privateKey: Uint8Array, publicKey: Uint8Array, keyType: KeyTypeInput): Promise<boolean>; /** * Compare two Uint8Array for equality * @param a First array * @param b Second array * @returns true if arrays are equal, false otherwise */ private static areUint8ArraysEqual; } /** * As per NIP-1 Signature Structure Specification */ interface SignedData { operation: string; params: Record<string, any>; nonce: string; timestamp: number; /** * A unique identifier for the service, typically its canonical URL. * As per NIP-2, this is required for HTTP authentication to prevent cross-service replay attacks. */ audience?: string; } interface NIP1Signature { signer_did: string; key_id: string; value: Uint8Array; } interface NIP1SignedObject { signed_data: SignedData; signature: NIP1Signature; } interface NonceStore { tryStoreNonce(signerDid: string, domainSeparator: string, nonce: string, ttlSeconds: number): Promise<boolean>; sweep?(): Promise<void>; } declare enum AuthErrorCode { INVALID_HEADER = "INVALID_HEADER", INVALID_BASE64 = "INVALID_BASE64", INVALID_JSON = "INVALID_JSON", MISSING_SIGNATURE = "MISSING_SIGNATURE", TIMESTAMP_OUT_OF_WINDOW = "TIMESTAMP_OUT_OF_WINDOW", NONCE_REPLAYED = "NONCE_REPLAYED", SIGNATURE_VERIFICATION_FAILED = "SIGNATURE_VERIFICATION_FAILED", DID_DOCUMENT_NOT_FOUND = "DID_DOCUMENT_NOT_FOUND", VERIFICATION_METHOD_NOT_FOUND = "VERIFICATION_METHOD_NOT_FOUND", INVALID_PUBLIC_KEY = "INVALID_PUBLIC_KEY", DID_MISMATCH = "DID_MISMATCH" } interface VerifyOptions { maxClockSkew?: number; } interface VerifyHeaderOptions extends VerifyOptions { nonceStore?: NonceStore; } type DetailedVerifyResult = { ok: true; signedObject: NIP1SignedObject; } | { ok: false; error: string; errorCode: AuthErrorCode; signedObject?: NIP1SignedObject; }; type AuthVerifyResult = DetailedVerifyResult; declare function createSignature(payload: Omit<SignedData, 'nonce' | 'timestamp'>, signer: SignerInterface, keyId: string, opts?: { didDocument?: DIDDocument; nonce?: string; timestamp?: number; domainSeparator?: string; }): Promise<NIP1SignedObject>; declare function toAuthorizationHeader(obj: NIP1SignedObject): string; declare function verifySignature(signedObject: NIP1SignedObject, resolverOrDoc: DIDDocument | DIDResolver, opts?: VerifyOptions): Promise<boolean>; declare function verifyAuthHeader(header: string, resolver: DIDResolver, opts?: VerifyHeaderOptions): Promise<AuthVerifyResult>; declare const _default: { createSignature: typeof createSignature; toAuthorizationHeader: typeof toAuthorizationHeader; verifySignature: typeof verifySignature; verifyAuthHeader: typeof verifyAuthHeader; AuthErrorCode: typeof AuthErrorCode; }; type v1_AuthErrorCode = AuthErrorCode; declare const v1_AuthErrorCode: typeof AuthErrorCode; type v1_AuthVerifyResult = AuthVerifyResult; type v1_DetailedVerifyResult = DetailedVerifyResult; declare const v1_createSignature: typeof createSignature; declare const v1_toAuthorizationHeader: typeof toAuthorizationHeader; declare const v1_verifyAuthHeader: typeof verifyAuthHeader; declare const v1_verifySignature: typeof verifySignature; declare namespace v1 { export { v1_AuthErrorCode as AuthErrorCode, type v1_AuthVerifyResult as AuthVerifyResult, type v1_DetailedVerifyResult as DetailedVerifyResult, v1_createSignature as createSignature, _default as default, v1_toAuthorizationHeader as toAuthorizationHeader, v1_verifyAuthHeader as verifyAuthHeader, v1_verifySignature as verifySignature }; } /** * DIDAuth aggregation entry. Each version (v1, v2, …) lives in its own sub-module. */ declare const DIDAuth: { readonly v1: typeof v1; }; /** * Codec for serializing and deserializing StoredKey objects * Uses base58btc multibase encoding (z prefix) for string representation */ declare class StoredKeyCodec { /** * Encode a StoredKey to a base58btc multibase string * @param key The StoredKey to encode * @returns base58btc encoded string with 'z' prefix */ static encode(key: StoredKey): string; /** * Decode a multibase string to a StoredKey with automatic key consistency validation * @param serialized The multibase encoded string * @returns The decoded and validated StoredKey * @throws Error if decoding fails or key validation fails */ static decode(serialized: string): Promise<StoredKey>; /** * Validate the consistency between private key and public key in StoredKey * @param key The StoredKey to validate * @returns true if keys are consistent or validation can be skipped, false otherwise */ private static validateKeyConsistency; } type LogLevel = 'debug' | 'info' | 'warn' | 'error' | 'silent'; declare class DebugLogger { private namespace; private static globalLevel; private static loggers; private static defaultNamespace; /** Acquire (or create) a logger for the given namespace. */ static get(namespace: string): DebugLogger; /** Override global log level at runtime. */ static setGlobalLevel(level: LogLevel): void; /** Read current global level. */ static getGlobalLevel(): LogLevel; /** Set default namespace used by static convenience methods. */ static setDefaultNamespace(namespace: string): void; /** * Log using the default namespace. Useful when callers don't need per-module loggers. * Example: DebugLogger.debug('hello') */ static debug(...args: unknown[]): void; static info(...args: unknown[]): void; static warn(...args: unknown[]): void; static error(...args: unknown[]): void; private level; private levelOverridden; private constructor(); /** Override level for this logger only. */ setLevel(level: LogLevel): void; debug(...args: unknown[]): void; info(...args: unknown[]): void; warn(...args: unknown[]): void; error(...args: unknown[]): void; private _log; } declare function stringToBytes(str: string): Uint8Array; declare function bytesToString(bytes: Uint8Array): string; declare function base64urlToBytes(base64url: string): Uint8Array; declare const Bytes: { stringToBytes: typeof stringToBytes; bytesToString: typeof bytesToString; base64urlToBytes: typeof base64urlToBytes; }; /** * DID utility helpers (method, identifier & fragment parsing) * Used across SDK layers (VDR, Signer, KeyManager, etc.) */ /** * Parsed DID parts */ interface ParsedDID { /** DID method, e.g. 'key', 'rooch' */ method: string; /** Unique identifier part (method-specific id, without fragment) */ identifier: string; /** Optional fragment (ver. method / service id) */ fragment?: string; } /** * Parse a DID or DID-URL into its components. * * @param did Full DID string: `did:<method>:<identifier>[#fragment]` * @throws Error if input does not start with `did:` or lacks method / identifier parts. */ declare function parseDid(did: string): ParsedDID; /** Get DID method string */ declare function extractMethod(did: string): string; /** Get method-specific identifier (without fragment) */ declare function extractIdentifier(did: string): string; /** * Extract the fragment from a DID URL or any string containing `#`. * Throws an error if no fragment present. */ declare function extractFragment(idOrDid: string): string; /** Alias kept for back-compat with existing imports */ declare const extractFragmentFromId: typeof extractFragment; /** Build a canonical DID string from method & identifier */ declare function buildDid(method: string, identifier: string): string; /** * Compare two DIDs ignoring their fragments. */ declare function sameDid(a: string, b: string): boolean; /** * Return the canonical DID (strip any `#fragment`). */ declare function getDidWithoutFragment(did: string): string; /** * Session-Key Scope utilities for Rooch DID * * This module provides utilities for managing Session-Key Scopes that control * which contract functions a Session-Key can call on the Rooch blockchain. */ /** * Build base scopes that should be available to all Session-Keys * These provide essential DID and payment functionality. * * @returns Array of base scope strings in "address::module::function" format */ declare function buildBaseScopes(): string[]; /** * Combine base scopes with custom scopes and remove duplicates * * @param customScopes - Additional scopes to include * @returns Deduplicated array of scope strings */ declare function combineScopes(customScopes?: string[]): string[]; /** * Validate that a scope string has the correct format * Expected format: "address::module::function" * Each part can use "*" as a wildcard * * @param scope - Scope string to validate * @returns true if valid, false otherwise */ declare function validateScopeFormat(scope: string): boolean; /** * Validate multiple scope strings * * @param scopes - Array of scope strings to validate * @returns Object with validation result and any invalid scopes */ declare function validateScopes(scopes: string[]): { valid: boolean; invalidScopes: string[]; }; /** * Basic validation for address format * Accepts hex addresses (0x...) and bech32 addresses (rooch1...) * * @param address - Address string to validate * @returns true if format appears valid */ declare function isValidAddressFormat(address: string): boolean; /** * Convert a more readable scope object to string format * This provides a type-safe way to construct scopes */ interface ScopeObject { address: string; module: string; func: string; } /** * Convert scope object to string format * * @param scope - Scope object * @returns Scope string in "address::module::function" format */ declare function scopeObjectToString(scope: ScopeObject): string; /** * Convert multiple scope objects to string format * * @param scopes - Array of scope objects * @returns Array of scope strings */ declare function scopeObjectsToStrings(scopes: ScopeObject[]): string[]; export { AbstractVDR, type AddKeyRequestPayload, type AddKeyRequestPayloadV1, AuthErrorCode, Bytes, CADOPCreationRequest, CadopIdentityKit, CadopServiceType, type CadopServiceValidationRule, type CryptoProvider, type CryptoProviderFactory, CryptoUtils, DIDAuth, DIDCreationRequest, DIDCreationResult, DIDDocument, DIDDocumentCache, DIDResolver, DebugLogger, DefaultCryptoProviderFactory, DidAccountSigner, DidKeyCodec, EcdsaR1Provider, Ed25519Provider, IdentityKit, InMemoryLRUDIDDocumentCache, KeyMultibaseCodec, KeyStore, KeyStoreSigner, KeyType, KeyTypeInput, KeyVDR, MultibaseCodec, type MultibaseName, type NIP1Signature, type NIP1SignedObject, IdentityKit as NuwaIdentityKit, type ParsedDID, RoochVDR, type ScopeObject, Secp256k1Provider, ServiceEndpoint, ServiceInfo, type SignedData, SignerInterface, StoredKey, StoredKeyCodec, VDRInterface, VDRRegistry, VerificationMethod, type VerificationMethodInput, VerificationRelationship, base64urlToBytes, buildBaseScopes, buildDid, bytesToString, combineScopes, createDefaultVDRs, createVDR, defaultCryptoProviderFactory, extractFragment, extractFragmentFromId, extractIdentifier, extractMethod, getDidWithoutFragment, initRoochVDR, isValidAddressFormat, parseDid, sameDid, scopeObjectToString, scopeObjectsToStrings, stringToBytes, validateScopeFormat, validateScopes };