UNPKG

dcql

Version:

Digital Credentials Query Language (DCQL)

github.com/openwallet-foundation-labs/dcql-ts/tree/main/dcql

openwallet-foundation-labs/dcql-ts

1,010 lines (987 loc) • 52.2 kB

JavaScript

import * as v from "valibot"; //#region src/dcql-error/e-base.ts function isObject(value) { return !!value && !Array.isArray(value) && typeof value === "object"; } var UnknownCauseError = class extends Error {}; function getCauseFromUnknown(cause) { if (cause instanceof Error) return cause; const type = typeof cause; if (type === "undefined" || type === "function" || cause === null) return; if (type !== "object") return new Error(String(cause)); if (isObject(cause)) { const err = new UnknownCauseError(); for (const key in cause) err[key] = cause[key]; return err; } } const isDcqlError = (cause) => { if (cause instanceof DcqlError) return true; if (cause instanceof Error && cause.name === "DcqlError") return true; return false; }; function getDcqlErrorFromUnknown(cause) { if (isDcqlError(cause)) return cause; const dcqlError = new DcqlError({ code: "INTERNAL_SERVER_ERROR", cause }); if (cause instanceof Error && cause.stack) dcqlError.stack = cause.stack; return dcqlError; } var DcqlError = class extends Error { constructor(opts) { const cause = getCauseFromUnknown(opts.cause); const message = opts.message ?? cause?.message ?? opts.code; super(message, { cause }); this.code = opts.code; this.name = "DcqlError"; if (!this.cause) this.cause = cause; } }; //#endregion //#region src/dcql-error/e-dcql.ts var DcqlCredentialSetError = class extends DcqlError { constructor(opts) { super({ code: "BAD_REQUEST", ...opts }); } }; var DcqlUndefinedClaimSetIdError = class extends DcqlError { constructor(opts) { super({ code: "BAD_REQUEST", ...opts }); } }; var DcqlNonUniqueCredentialQueryIdsError = class extends DcqlError { constructor(opts) { super({ code: "BAD_REQUEST", ...opts }); } }; var DcqlParseError = class extends DcqlError { constructor(opts) { super({ code: "PARSE_ERROR", ...opts }); } }; var DcqlInvalidClaimsQueryIdError = class extends DcqlError { constructor(opts) { super({ code: "BAD_REQUEST", ...opts }); } }; var DcqlMissingClaimSetParseError = class extends DcqlError { constructor(opts) { super({ code: "PARSE_ERROR", ...opts }); } }; var DcqlInvalidPresentationRecordError = class extends DcqlError { constructor(opts) { super({ code: "BAD_REQUEST", ...opts }); } }; var DcqlPresentationResultError = class extends DcqlError { constructor(opts) { super({ code: "BAD_REQUEST", ...opts }); } }; //#endregion //#region src/u-dcql.ts const idRegex = /^[a-zA-Z0-9_-]+$/; function asNonEmptyArrayOrUndefined(array) { return array.length > 0 ? array : void 0; } function isNonEmptyArray(array) { return array.length > 0; } const vNonEmptyArray = (item) => { return v.pipe(v.array(item, (i) => `Expected input to be an array, but received '${i.received}'`), v.custom((input) => input.length > 0, "Array must be non-empty and have length of at least 1")); }; const vIncludesAll = (subset) => { return v.custom((value) => { if (!Array.isArray(value)) return false; return subset.every((item) => value.includes(item)); }, `Value must include all of: ${subset.join(", ")}`); }; const vIdString = v.pipe(v.string(), v.regex(idRegex), v.nonEmpty()); const vBase64url = v.regex(/^(?:[\w-]{4})*(?:[\w-]{2}(?:==)?|[\w-]{3}=?)?$/iu, "must be base64url"); function isToJsonable(value) { if (value === null || typeof value !== "object") return false; return typeof value.toJson === "function"; } const vWithJT = (schema) => v.pipe(v.custom(() => true), v.rawTransform(({ dataset, addIssue, NEVER }) => { const result = v.safeParse(schema, dataset.value); if (result.success) return dataset.value; if (!isToJsonable(dataset.value)) { for (const safeParseIssue of result.issues) addIssue({ ...safeParseIssue, expected: safeParseIssue.expected ?? void 0 }); return NEVER; } let json; try { json = dataset.value.toJson(); } catch { for (const safeParseIssue of result.issues) addIssue({ ...safeParseIssue, expected: safeParseIssue.expected ?? void 0 }); addIssue({ message: "Json Transformation failed" }); return NEVER; } const safeParseResult = v.safeParse(schema, json); if (safeParseResult.success) return dataset.value; for (const safeParseIssue of safeParseResult.issues) addIssue({ ...safeParseIssue, expected: safeParseIssue.expected ?? void 0 }); return NEVER; })); const vJsonLiteral = v.union([ v.string(), v.number(), v.boolean(), v.null() ]); const vJson = v.lazy(() => v.union([ vJsonLiteral, v.array(vJson), v.record(v.string(), vJson) ])); const vJsonWithJT = v.lazy(() => vWithJT(v.union([ vJsonLiteral, v.array(vJson), v.record(v.string(), vJson) ]))); const vJsonRecord = v.record(v.string(), vJson); const vStringToJson = v.rawTransform(({ dataset, addIssue, NEVER }) => { try { return JSON.parse(dataset.value); } catch { addIssue({ message: "Invalid JSON" }); return NEVER; } }); /** * Helper function to provide a custom required message for an object property. * * The behavior was changed in newer valibot versions. * * @see https://github.com/fabian-hiller/valibot/issues/1034 */ function vCustomRequiredMessage(schema, message) { const outputSchema = v.pipe(v.optional(schema, () => void 0), schema); if (message) return v.message(outputSchema, message); return outputSchema; } //#endregion //#region src/dcql-query/m-dcql-trusted-authorities.ts const getTrustedAuthorityParser = (trustedAuthority) => v.pipe(v.object({ type: v.literal(trustedAuthority.type, (i) => `Expected trusted authority type to be '${trustedAuthority.type}' but received ${typeof i.input === "string" ? `'${i.input}'` : i.input}`), values: v.pipe(vNonEmptyArray(v.string()), v.someItem((item) => trustedAuthority.values.includes(item), (i) => `Expected one of the trusted authority values to be '${trustedAuthority.values.join("' | '")}' but received '${i.input.join("' , '")}'`)) }, `Expected trusted authority object with type '${trustedAuthority.type}' to be defined, but received undefined`), v.transform(({ values, ...rest }) => ({ ...rest, value: values.find((value) => trustedAuthority.values.includes(value)) }))); const vTrustedAuthorities = [ v.object({ type: v.literal("aki"), values: vNonEmptyArray(v.pipe(v.string("aki trusted authority value must be a string"), vBase64url, v.description("Contains a list of KeyIdentifier entries of the AuthorityKeyIdentifier as defined in Section 4.2.1.1 of [RFC5280], encoded as base64url. The raw byte representation of one of the elements MUST match with the AuthorityKeyIdentifier element of an X.509 certificate in the certificate chain present in the credential (e.g., in the header of an mdoc or SD-JWT). Note that the chain can consist of a single certificate and the credential can include the entire X.509 chain or parts of it."))) }), v.object({ type: v.literal("etsi_tl"), values: vNonEmptyArray(v.pipe(v.string("etsi_tl trusted authority value must be a string"), v.url("etsi_tl trusted authority value must be a valid https url"), v.check((url) => url.startsWith("http://") || url.startsWith("https://"), "etsi_tl trusted authority value must be a valid https url"), v.description("The identifier of a Trusted List as specified in ETSI TS 119 612 [ETSI.TL]. An ETSI Trusted List contains references to other Trusted Lists, creating a list of trusted lists, or entries for Trust Service Providers with corresponding service description and X.509 Certificates. The trust chain of a matching Credential MUST contain at least one X.509 Certificate that matches one of the entries of the Trusted List or its cascading Trusted Lists."))) }), v.object({ type: v.literal("openid_federation"), values: vNonEmptyArray(v.pipe(v.string("openid_federation trusted authority value must be a string"), v.url("openid_federation trusted authority value must be a valid https url"), v.check((url) => url.startsWith("http://") || url.startsWith("https://"), "openid_federation trusted authority value must be a valid https url"), v.description("The Entity Identifier as defined in Section 1 of [OpenID.Federation] that is bound to an entity in a federation. While this Entity Identifier could be any entity in that ecosystem, this entity would usually have the Entity Configuration of a Trust Anchor. A valid trust path, including the given Entity Identifier, must be constructible from a matching credential."))) }) ]; let DcqlTrustedAuthoritiesQuery; (function(_DcqlTrustedAuthoritiesQuery) { const vTrustedAuthoritiesQuery = vTrustedAuthorities.map((authority) => v.object({ type: v.pipe(authority.entries.type, v.description("REQUIRED. A string uniquely identifying the type of information about the issuer trust framework.")), values: v.pipe(vNonEmptyArray(authority.entries.values.item), v.description("REQUIRED. An array of strings, where each string (value) contains information specific to the used Trusted Authorities Query type that allows to identify an issuer, trust framework, or a federation that an issuer belongs to.")) })); _DcqlTrustedAuthoritiesQuery.vModel = v.variant("type", vTrustedAuthoritiesQuery); })(DcqlTrustedAuthoritiesQuery || (DcqlTrustedAuthoritiesQuery = {})); let DcqlCredentialTrustedAuthority; (function(_DcqlCredentialTrustedAuthority) { _DcqlCredentialTrustedAuthority.vModel = v.variant("type", vTrustedAuthorities); })(DcqlCredentialTrustedAuthority || (DcqlCredentialTrustedAuthority = {})); //#endregion //#region src/u-model.ts var ModelDefinition = class { constructor(input) { this.input = input; } get v() { return this.input.vModel; } parse(input) { const result = this.safeParse(input); if (result.success) return result.output; return new DcqlParseError({ message: JSON.stringify(result.flattened), cause: result.error }); } safeParse(input) { const res = v.safeParse(this.input.vModel, input); if (res.success) return { success: true, output: res.output }; return { success: false, error: new v.ValiError(res.issues), flattened: v.flatten(res.issues) }; } is(input) { return v.is(this.v, input); } }; //#endregion //#region src/u-dcql-credential.ts const vCredentialModelBase = v.object({ authority: v.optional(DcqlCredentialTrustedAuthority.vModel), cryptographic_holder_binding: v.pipe(v.boolean(), v.description("Indicates support/inclusion of cryptographic holder binding. This will be checked against the `require_cryptographic_holder_binding` property from the query.")) }); let DcqlMdocCredential; (function(_DcqlMdocCredential) { const vNamespaces = _DcqlMdocCredential.vNamespaces = v.record(v.string(), v.record(v.string(), v.unknown())); _DcqlMdocCredential.model = new ModelDefinition({ vModel: _DcqlMdocCredential.vModel = v.object({ ...vCredentialModelBase.entries, credential_format: v.literal("mso_mdoc"), doctype: v.string(), namespaces: vNamespaces }) }); })(DcqlMdocCredential || (DcqlMdocCredential = {})); let DcqlSdJwtVcCredential; (function(_DcqlSdJwtVcCredential) { const vClaims = _DcqlSdJwtVcCredential.vClaims = vJsonRecord; _DcqlSdJwtVcCredential.model = new ModelDefinition({ vModel: _DcqlSdJwtVcCredential.vModel = v.object({ ...vCredentialModelBase.entries, credential_format: v.picklist(["vc+sd-jwt", "dc+sd-jwt"]), vct: v.string(), claims: vClaims }) }); })(DcqlSdJwtVcCredential || (DcqlSdJwtVcCredential = {})); let DcqlW3cVcCredential; (function(_DcqlW3cVcCredential) { const vClaims = _DcqlW3cVcCredential.vClaims = vJsonRecord; _DcqlW3cVcCredential.model = new ModelDefinition({ vModel: _DcqlW3cVcCredential.vModel = v.object({ ...vCredentialModelBase.entries, credential_format: v.picklist([ "ldp_vc", "jwt_vc_json", "vc+sd-jwt" ]), claims: vClaims, type: v.array(v.string()) }) }); })(DcqlW3cVcCredential || (DcqlW3cVcCredential = {})); let DcqlCredential; (function(_DcqlCredential) { _DcqlCredential.model = new ModelDefinition({ vModel: _DcqlCredential.vModel = v.variant("credential_format", [ DcqlMdocCredential.vModel, DcqlSdJwtVcCredential.vModel, DcqlW3cVcCredential.vModel ]) }); })(DcqlCredential || (DcqlCredential = {})); //#endregion //#region src/dcql-presentation/m-dcql-credential-presentation.ts let DcqlMdocPresentation; (function(_DcqlMdocPresentation) { _DcqlMdocPresentation.model = new ModelDefinition({ vModel: _DcqlMdocPresentation.vModel = DcqlMdocCredential.vModel }); })(DcqlMdocPresentation || (DcqlMdocPresentation = {})); let DcqlSdJwtVcPresentation; (function(_DcqlSdJwtVcPresentation) { _DcqlSdJwtVcPresentation.model = new ModelDefinition({ vModel: _DcqlSdJwtVcPresentation.vModel = DcqlSdJwtVcCredential.vModel }); })(DcqlSdJwtVcPresentation || (DcqlSdJwtVcPresentation = {})); let DcqlW3cVcPresentation; (function(_DcqlW3cVcPresentation) { _DcqlW3cVcPresentation.model = new ModelDefinition({ vModel: _DcqlW3cVcPresentation.vModel = DcqlW3cVcCredential.vModel }); })(DcqlW3cVcPresentation || (DcqlW3cVcPresentation = {})); let DcqlCredentialPresentation; (function(_DcqlCredentialPresentation) { _DcqlCredentialPresentation.model = new ModelDefinition({ vModel: v.variant("credential_format", [ DcqlMdocPresentation.vModel, DcqlSdJwtVcPresentation.vModel, DcqlW3cVcPresentation.vModel ]) }); })(DcqlCredentialPresentation || (DcqlCredentialPresentation = {})); //#endregion //#region src/dcql-presentation/m-dcql-presentation.ts let DcqlPresentation; (function(_DcqlPresentation) { const vPresentationEntry = v.union([v.string(), vJsonRecord]); const vModel = _DcqlPresentation.vModel = v.pipe(v.union([v.record(vIdString, vNonEmptyArray(vPresentationEntry)), v.record(vIdString, vPresentationEntry)]), v.description("REQUIRED. This is a JSON-encoded object containing entries where the key is the id value used for a Credential Query in the DCQL query and the value is an array of one or more Presentations that match the respective Credential Query. When multiple is omitted, or set to false, the array MUST contain only one Presentation. There MUST NOT be any entry in the JSON-encoded object for optional Credential Queries when there are no matching Credentials for the respective Credential Query. Each Presentation is represented as a string or object, depending on the format as defined in Appendix B. The same rules as above apply for encoding the Presentations.")); _DcqlPresentation.parse = (input) => { if (typeof input === "string") return v.parse(v.pipe(v.string(), vStringToJson, vModel), input); return v.parse(vModel, input); }; _DcqlPresentation.encode = (input) => { return JSON.stringify(input); }; })(DcqlPresentation || (DcqlPresentation = {})); //#endregion //#region src/dcql-query/m-dcql-claims-query.ts let DcqlClaimsQuery; (function(_DcqlClaimsQuery) { const vValue = _DcqlClaimsQuery.vValue = v.union([ v.string(), v.pipe(v.number(), v.integer()), v.boolean() ]); const vPath = _DcqlClaimsQuery.vPath = v.union([ v.string(), v.pipe(v.number(), v.integer(), v.minValue(0)), v.null() ]); const vW3cSdJwtVc = _DcqlClaimsQuery.vW3cSdJwtVc = v.object({ id: v.pipe(v.optional(vIdString), v.description("A string identifying the particular claim. The value MUST be a non-empty string consisting of alphanumeric, underscore (_) or hyphen (-) characters. Within the particular claims array, the same id MUST NOT be present more than once.")), path: v.pipe(vNonEmptyArray(vPath), v.description("A non-empty array representing a claims path pointer that specifies the path to a claim within the Verifiable Credential.")), values: v.pipe(v.optional(v.array(vValue)), v.description("An array of strings, integers or boolean values that specifies the expected values of the claim. If the values property is present, the Wallet SHOULD return the claim only if the type and value of the claim both match for at least one of the elements in the array.")) }); const vMdocBase = v.object({ id: v.pipe(v.optional(vIdString), v.description("A string identifying the particular claim. The value MUST be a non-empty string consisting of alphanumeric, underscore (_) or hyphen (-) characters. Within the particular claims array, the same id MUST NOT be present more than once.")), values: v.pipe(v.optional(v.array(vValue)), v.description("An array of strings, integers or boolean values that specifies the expected values of the claim. If the values property is present, the Wallet SHOULD return the claim only if the type and value of the claim both match for at least one of the elements in the array.")) }); const vMdocNamespace = _DcqlClaimsQuery.vMdocNamespace = v.object({ ...vMdocBase.entries, namespace: v.pipe(v.string(), v.description("A string that specifies the namespace of the data element within the mdoc, e.g., org.iso.18013.5.1.")), claim_name: v.pipe(v.string(), v.description("A string that specifies the data element identifier of the data element within the provided namespace in the mdoc, e.g., first_name.")) }); const vMdocPath = _DcqlClaimsQuery.vMdocPath = v.object({ ...vMdocBase.entries, intent_to_retain: v.pipe(v.optional(v.boolean()), v.description("A boolean that is equivalent to `IntentToRetain` variable defined in Section 8.3.2.1.2.1 of [@ISO.18013-5].")), path: v.pipe(v.tuple([v.pipe(v.string(), v.description("A string that specifies the namespace of the data element within the mdoc, e.g., org.iso.18013.5.1.")), v.pipe(v.string(), v.description("A string that specifies the data element identifier of the data element within the provided namespace in the mdoc, e.g., first_name."))]), v.description("An array defining a claims path pointer into an mdoc. It must contain two elements of type string. The first element refers to a namespace and the second element refers to a data element identifier.")) }); const vMdoc = _DcqlClaimsQuery.vMdoc = v.union([vMdocNamespace, vMdocPath]); _DcqlClaimsQuery.vModel = v.union([vMdoc, vW3cSdJwtVc]); })(DcqlClaimsQuery || (DcqlClaimsQuery = {})); //#endregion //#region src/util/deep-merge.ts /** * Deep merge two objects. Null values will be overriden if there is a value in one * of the two objects. Objects can also be arrays, but otherwise only primitive types * are allowed */ function deepMerge(source, target) { let newTarget = target; if (Object.getPrototypeOf(source) !== Object.prototype && !Array.isArray(source)) throw new DcqlError({ message: "source value provided to deepMerge is neither an array or object.", code: "PARSE_ERROR" }); if (Object.getPrototypeOf(target) !== Object.prototype && !Array.isArray(target)) throw new DcqlError({ message: "target value provided to deepMerge is neither an array or object.", code: "PARSE_ERROR" }); for (const [key, val] of Object.entries(source)) if (val !== null && typeof val === "object" && (Object.getPrototypeOf(val) === Object.prototype || Array.isArray(val))) { const newValue = deepMerge(val, newTarget[key] ?? new (Object.getPrototypeOf(val)).constructor()); newTarget = setValue(newTarget, key, newValue); } else if (val != null) newTarget = setValue(newTarget, key, val); return newTarget; } function setValue(target, key, value) { let newTarget = target; if (Array.isArray(newTarget)) { newTarget = [...newTarget]; newTarget[key] = value; } else if (Object.getPrototypeOf(newTarget) === Object.prototype) newTarget = { ...newTarget, [key]: value }; else throw new DcqlError({ message: "Unsupported type for deep merge. Only primitive types or Array and Object are supported", code: "INTERNAL_SERVER_ERROR" }); return newTarget; } //#endregion //#region src/dcql-parser/dcql-claims-query-result.ts const pathToString = (path) => path.map((item) => typeof item === "string" ? `'${item}'` : `${item}`).join("."); const getClaimParser = (path, values) => { if (values) return v.union(values.map((val) => v.literal(val, (i) => `Expected claim ${pathToString(path)} to be ${typeof val === "string" ? `'${val}'` : val} but received ${typeof i.input === "string" ? `'${i.input}'` : i.input}`)), (i) => `Expected claim ${pathToString(path)} to be ${values.map((v$1) => typeof v$1 === "string" ? `'${v$1}'` : v$1).join(" | ")} but received ${typeof i.input === "string" ? `'${i.input}'` : i.input}`); return v.pipe(v.unknown(), v.check((value) => value !== null && value !== void 0, `Expected claim '${path.join("'.'")}' to be defined`)); }; const getMdocClaimParser = (claimQuery) => { const mdocPathQuery = v.is(DcqlClaimsQuery.vMdocNamespace, claimQuery) ? { id: claimQuery.id, path: [claimQuery.namespace, claimQuery.claim_name], values: claimQuery.values } : claimQuery; const namespace = mdocPathQuery.path[0]; const field = mdocPathQuery.path[1]; return v.object({ [namespace]: v.object({ [field]: getClaimParser(mdocPathQuery.path, claimQuery.values) }, `Expected claim ${pathToString(mdocPathQuery.path)} to be defined`) }, `Expected claim ${pathToString(mdocPathQuery.path)} to be defined`); }; const getJsonClaimParser = (claimQuery, ctx) => { const { index, presentation } = ctx; const pathElement = claimQuery.path[index]; const isLast = index === claimQuery.path.length - 1; const vClaimParser = getClaimParser(claimQuery.path, claimQuery.values); if (typeof pathElement === "number") { const elementParser = isLast ? vClaimParser : getJsonClaimParser(claimQuery, { ...ctx, index: index + 1 }); if (presentation) return v.pipe(v.array(v.any(), `Expected path ${pathToString(claimQuery.path.slice(0, index + 1))} to be an array`), v.rawTransform(({ dataset, addIssue }) => { const issues = []; for (const item of dataset.value) { const itemResult = v.safeParse(elementParser, item); if (itemResult.success) return dataset.value; issues.push(itemResult.issues[0]); } addIssue({ ...issues[0], message: isLast ? issues[0].message : `Expected any element in array ${pathToString(claimQuery.path.slice(0, index + 1))} to match sub requirement but none matched: ${issues[0].message}` }); return dataset.value; })); return v.pipe(v.array(v.any(), `Expected path ${pathToString(claimQuery.path.slice(0, index + 1))} to be an array`), v.rawTransform(({ addIssue, dataset, NEVER }) => { const result = v.safeParse(elementParser, dataset.value[pathElement]); if (!result.success) { addIssue(result.issues[0]); return NEVER; } return [...dataset.value.slice(0, pathElement).map(() => null), result.output]; })); } if (typeof pathElement === "string") return v.object({ [pathElement]: isLast ? vClaimParser : getJsonClaimParser(claimQuery, { ...ctx, index: index + 1 }) }, `Expected claim ${pathToString(claimQuery.path)} to be defined`); return v.pipe(v.array(v.any(), `Expected path ${pathToString(claimQuery.path.slice(0, index + 1))} to be an array`), v.rawTransform(({ addIssue, dataset, NEVER }) => { const mapped = dataset.value.map((item) => { return v.safeParse(isLast ? vClaimParser : getJsonClaimParser(claimQuery, { ...ctx, index: index + 1 }), item); }); if (mapped.every((parsed) => !parsed.success)) { for (const parsed of mapped) for (const issue of parsed.issues) addIssue(issue); return NEVER; } return mapped.map((parsed) => parsed.success ? parsed.output : null); })); }; const runClaimsQuery = (credentialQuery, ctx) => { if (!credentialQuery.claims) return { success: true, valid_claims: void 0, failed_claims: void 0, valid_claim_sets: [{ claim_set_index: void 0, output: {}, success: true, valid_claim_indexes: void 0 }], failed_claim_sets: void 0 }; const failedClaims = []; const validClaims = []; for (const [claimIndex, claimQuery] of credentialQuery.claims.entries()) { const parser = credentialQuery.format === "mso_mdoc" ? getMdocClaimParser(claimQuery) : getJsonClaimParser(claimQuery, { index: 0, presentation: ctx.presentation }); const parseResult = v.safeParse(parser, ctx.credential.credential_format === "mso_mdoc" ? ctx.credential.namespaces : ctx.credential.claims); if (parseResult.success) validClaims.push({ success: true, claim_index: claimIndex, claim_id: claimQuery.id, output: parseResult.output, parser }); else { const flattened = v.flatten(parseResult.issues); failedClaims.push({ success: false, issues: flattened.nested ?? flattened, claim_index: claimIndex, claim_id: claimQuery.id, output: parseResult.output, parser }); } } const failedClaimSets = []; const validClaimSets = []; for (const [claimSetIndex, claimSet] of credentialQuery.claim_sets?.entries() ?? [[void 0, void 0]]) { const claims = claimSet?.map((id) => { const claim = validClaims.find((claim$1) => claim$1.claim_id === id) ?? failedClaims.find((claim$1) => claim$1.claim_id === id); if (!claim) throw new DcqlParseError({ message: `Claim with id '${id}' in query '${credentialQuery.id}' from claim set with index '${claimSetIndex}' not found in claims of claim` }); return claim; }) ?? [...validClaims, ...failedClaims]; if (claims.every((claim) => claim.success)) { const output = claims.reduce((merged, claim) => deepMerge(claim.output, merged), {}); validClaimSets.push({ success: true, claim_set_index: claimSetIndex, output, valid_claim_indexes: asNonEmptyArrayOrUndefined(claims.map((claim) => claim.claim_index)) }); } else { const issues = failedClaims.reduce((merged, claim) => deepMerge(claim.issues, merged), {}); failedClaimSets.push({ success: false, issues, claim_set_index: claimSetIndex, failed_claim_indexes: claims.filter((claim) => !claim.success).map((claim) => claim.claim_index), valid_claim_indexes: asNonEmptyArrayOrUndefined(claims.filter((claim) => claim.success).map((claim) => claim.claim_index)) }); } } if (isNonEmptyArray(validClaimSets)) return { success: true, failed_claim_sets: asNonEmptyArrayOrUndefined(failedClaimSets), valid_claim_sets: validClaimSets, valid_claims: asNonEmptyArrayOrUndefined(validClaims.map(({ parser, ...rest }) => rest)), failed_claims: asNonEmptyArrayOrUndefined(failedClaims.map(({ parser, ...rest }) => rest)) }; return { success: false, failed_claim_sets: failedClaimSets, failed_claims: failedClaims.map(({ parser, ...rest }) => rest), valid_claims: asNonEmptyArrayOrUndefined(validClaims.map(({ parser, ...rest }) => rest)) }; }; //#endregion //#region src/dcql-parser/dcql-meta-query-result.ts const getCryptographicHolderBindingValue = (credentialQuery) => v.object({ cryptographic_holder_binding: credentialQuery.require_cryptographic_holder_binding ? v.literal(true, (i) => `Expected cryptographic_holder_binding to be true (because credential query '${credentialQuery.id}' requires cryptographic holder binding), but received ${i.input}`) : v.boolean() }); const getMdocMetaParser = (credentialQuery) => { const vDoctype = credentialQuery.meta?.doctype_value ? v.literal(credentialQuery.meta.doctype_value, (i) => `Expected doctype to be '${credentialQuery.meta?.doctype_value}' but received '${i.input}'`) : v.string("Expected doctype to be defined"); return v.object({ credential_format: v.literal("mso_mdoc", (i) => `Expected credential format to be 'mso_mdoc' but received '${i.input}'`), doctype: vDoctype, ...getCryptographicHolderBindingValue(credentialQuery).entries }); }; const getSdJwtVcMetaParser = (credentialQuery) => { return v.object({ credential_format: v.literal(credentialQuery.format, (i) => `Expected credential format to be '${credentialQuery.format}' but received '${i.input}'`), vct: credentialQuery.meta?.vct_values ? vCustomRequiredMessage(v.picklist(credentialQuery.meta.vct_values, (i) => `Expected vct to be '${credentialQuery.meta?.vct_values?.join("' | '")}' but received '${i.input}'`), (i) => `Expected vct to be '${credentialQuery.meta?.vct_values?.join("' | '")}' but received '${i.input}'`) : vCustomRequiredMessage(v.string("Expected vct to be a string"), "Expected vct to be defined"), ...getCryptographicHolderBindingValue(credentialQuery).entries }); }; const getW3cVcMetaParser = (credentialQuery) => { return v.object({ credential_format: v.literal(credentialQuery.format, (i) => `Expected credential format to be '${credentialQuery.format}' but received '${i.input}'`), type: credentialQuery.meta?.type_values ? v.union(credentialQuery.meta.type_values.map((values) => vIncludesAll(values)), `Expected type to include all values from one of the following subsets: ${credentialQuery.meta.type_values.map((values) => `[${values.join(", ")}]`).join(" | ")}`) : vNonEmptyArray(v.string()), ...getCryptographicHolderBindingValue(credentialQuery).entries }); }; const getMetaParser = (credentialQuery) => { if (credentialQuery.format === "mso_mdoc") return getMdocMetaParser(credentialQuery); if (credentialQuery.format === "dc+sd-jwt") return getSdJwtVcMetaParser(credentialQuery); if (credentialQuery.format === "vc+sd-jwt") { if (credentialQuery.meta && "type_values" in credentialQuery.meta) return getW3cVcMetaParser(credentialQuery); return getSdJwtVcMetaParser(credentialQuery); } if (credentialQuery.format === "ldp_vc" || credentialQuery.format === "jwt_vc_json") return getW3cVcMetaParser(credentialQuery); throw new DcqlError({ code: "NOT_IMPLEMENTED", message: `Unsupported format '${credentialQuery.format}'` }); }; const runMetaQuery = (credentialQuery, credential) => { const metaParser = getMetaParser(credentialQuery); const parseResult = v.safeParse(metaParser, credential); if (!parseResult.success) { const issues = v.flatten(parseResult.issues); return { success: false, issues: issues.nested ?? issues, output: parseResult.output }; } return { success: true, output: parseResult.output }; }; //#endregion //#region src/dcql-parser/dcql-trusted-authorities-result.ts const runTrustedAuthoritiesQuery = (credentialQuery, credential) => { if (!credentialQuery.trusted_authorities) return { success: true }; const failedTrustedAuthorities = []; for (const [trustedAuthorityIndex, trustedAuthority] of credentialQuery.trusted_authorities.entries()) { const trustedAuthorityParser = getTrustedAuthorityParser(trustedAuthority); const parseResult = v.safeParse(trustedAuthorityParser, credential.authority); if (parseResult.success) return { success: true, valid_trusted_authority: { success: true, trusted_authority_index: trustedAuthorityIndex, output: parseResult.output }, failed_trusted_authorities: asNonEmptyArrayOrUndefined(failedTrustedAuthorities) }; const issues = v.flatten(parseResult.issues); failedTrustedAuthorities.push({ success: false, trusted_authority_index: trustedAuthorityIndex, issues: issues.nested ?? issues, output: parseResult.output }); } return { success: false, failed_trusted_authorities: failedTrustedAuthorities }; }; //#endregion //#region src/dcql-parser/dcql-credential-query-result.ts const runCredentialQuery = (credentialQuery, ctx) => { const { credentials, presentation } = ctx; const validCredentials = []; const failedCredentials = []; for (const [credentialIndex, credential] of credentials.entries()) { const trustedAuthorityResult = runTrustedAuthoritiesQuery(credentialQuery, credential); const claimsResult = runClaimsQuery(credentialQuery, { credential, presentation }); const metaResult = runMetaQuery(credentialQuery, credential); if (claimsResult.success && trustedAuthorityResult.success && metaResult.success) validCredentials.push({ success: true, input_credential_index: credentialIndex, trusted_authorities: trustedAuthorityResult, meta: metaResult, claims: claimsResult }); else failedCredentials.push({ success: false, input_credential_index: credentialIndex, trusted_authorities: trustedAuthorityResult, meta: metaResult, claims: claimsResult }); } if (isNonEmptyArray(validCredentials)) return { success: true, credential_query_id: credentialQuery.id, failed_credentials: asNonEmptyArrayOrUndefined(failedCredentials), valid_credentials: validCredentials }; return { success: false, credential_query_id: credentialQuery.id, failed_credentials: asNonEmptyArrayOrUndefined(failedCredentials), valid_credentials: void 0 }; }; //#endregion //#region src/dcql-query/m-dcql-credential-query.ts let DcqlCredentialQuery; (function(_DcqlCredentialQuery) { const vBase = v.object({ id: v.pipe(v.string(), v.regex(idRegex), v.description(`REQUIRED. A string identifying the Credential in the response and, if provided, the constraints in 'credential_sets'.`)), require_cryptographic_holder_binding: v.pipe(v.optional(v.boolean(), true), v.description("OPTIONAL. A boolean which indicates whether the Verifier requires a Cryptographic Holder Binding proof. The default value is true, i.e., a Verifiable Presentation with Cryptographic Holder Binding is required. If set to false, the Verifier accepts a Credential without Cryptographic Holder Binding proof.")), multiple: v.pipe(v.optional(v.boolean(), false), v.description("OPTIONAL. A boolean which indicates whether multiple Credentials can be returned for this Credential Query. If omitted, the default value is false.")), claim_sets: v.pipe(v.optional(vNonEmptyArray(vNonEmptyArray(vIdString))), v.description(`OPTIONAL. A non-empty array containing arrays of identifiers for elements in 'claims' that specifies which combinations of 'claims' for the Credential are requested.`)), trusted_authorities: v.pipe(v.optional(vNonEmptyArray(DcqlTrustedAuthoritiesQuery.vModel)), v.description("OPTIONAL. A non-empty array of objects as defined in Section 6.1.1 that specifies expected authorities or trust frameworks that certify Issuers, that the Verifier will accept. Every Credential returned by the Wallet SHOULD match at least one of the conditions present in the corresponding trusted_authorities array if present.")) }); const vMdoc = _DcqlCredentialQuery.vMdoc = v.object({ ...vBase.entries, format: v.pipe(v.literal("mso_mdoc"), v.description("REQUIRED. A string that specifies the format of the requested Verifiable Credential.")), claims: v.pipe(v.optional(vNonEmptyArray(DcqlClaimsQuery.vMdoc)), v.description("OPTIONAL. A non-empty array of objects as that specifies claims in the requested Credential.")), meta: v.pipe(v.optional(v.object({ doctype_value: v.pipe(v.optional(v.string()), v.description("OPTIONAL. String that specifies an allowed value for the doctype of the requested Verifiable Credential.")) })), v.description("OPTIONAL. An object defining additional properties requested by the Verifier that apply to the metadata and validity data of the Credential.")) }); const vSdJwtVc = _DcqlCredentialQuery.vSdJwtVc = v.object({ ...vBase.entries, format: v.pipe(v.picklist(["vc+sd-jwt", "dc+sd-jwt"]), v.description("REQUIRED. A string that specifies the format of the requested Verifiable Credential.")), claims: v.pipe(v.optional(vNonEmptyArray(DcqlClaimsQuery.vW3cSdJwtVc)), v.description("OPTIONAL. A non-empty array of objects as that specifies claims in the requested Credential.")), meta: v.pipe(v.optional(v.pipe(v.object({ vct_values: v.optional(v.array(v.string())) }), v.description("OPTIONAL. An array of strings that specifies allowed values for the type of the requested Verifiable Credential."))), v.description("OPTIONAL. An object defining additional properties requested by the Verifier that apply to the metadata and validity data of the Credential.")) }); const vW3cVc = _DcqlCredentialQuery.vW3cVc = v.object({ ...vBase.entries, format: v.pipe(v.picklist([ "jwt_vc_json", "ldp_vc", "vc+sd-jwt" ]), v.description("REQUIRED. A string that specifies the format of the requested Verifiable Credential.")), claims: v.pipe(v.optional(vNonEmptyArray(DcqlClaimsQuery.vW3cSdJwtVc)), v.description("OPTIONAL. A non-empty array of objects as that specifies claims in the requested Credential.")), meta: v.pipe(v.pipe(v.object({ type_values: v.pipe(vNonEmptyArray(vNonEmptyArray(v.string())), v.description("REQUIRED. An array of string arrays that specifies the fully expanded types (IRIs) after the @context was applied that the Verifier accepts to be presented in the Presentation. Each of the top-level arrays specifies one alternative to match the type values of the Verifiable Credential against. Each inner array specifies a set of fully expanded types that MUST be present in the type property of the Verifiable Credential, regardless of order or the presence of additional types.")) })), v.description("REQUIRED. An object defining additional properties requested by the Verifier that apply to the metadata and validity data of the Credential.")) }); _DcqlCredentialQuery.vModel = v.variant("format", [ vMdoc, vW3cVc, vSdJwtVc ]); _DcqlCredentialQuery.validate = (credentialQuery) => { claimSetIdsAreDefined(credentialQuery); }; })(DcqlCredentialQuery || (DcqlCredentialQuery = {})); const claimSetIdsAreDefined = (credentialQuery) => { if (!credentialQuery.claim_sets) return; const claimIds = new Set(credentialQuery.claims?.map((claim) => claim.id)); const undefinedClaims = []; for (const claim_set of credentialQuery.claim_sets) for (const claim_id of claim_set) if (!claimIds.has(claim_id)) undefinedClaims.push(claim_id); if (undefinedClaims.length > 0) throw new DcqlUndefinedClaimSetIdError({ message: `Credential set contains undefined credential id${undefinedClaims.length === 0 ? "" : "`s"} '${undefinedClaims.join(", ")}'` }); }; //#endregion //#region src/dcql-query/m-dcql-credential-set-query.ts let CredentialSetQuery; (function(_CredentialSetQuery) { _CredentialSetQuery.vModel = v.object({ options: v.pipe(vNonEmptyArray(v.array(vIdString)), v.description("REQUIRED. A non-empty array, where each value in the array is a list of Credential Query identifiers representing one set of Credentials that satisfies the use case.")), required: v.pipe(v.optional(v.boolean(), true), v.description(`OPTIONAL. Boolean which indicates whether this set of Credentials is required to satisfy the particular use case at the Verifier. If omitted, the default value is 'true'.`)), purpose: v.pipe(v.optional(v.union([ v.string(), v.number(), v.record(v.string(), v.unknown()) ])), v.description("OPTIONAL. A string, number or object specifying the purpose of the query.")) }); })(CredentialSetQuery || (CredentialSetQuery = {})); //#endregion //#region src/dcql-query-result/m-claims-result.ts let DcqlClaimsResult; (function(_DcqlClaimsResult) { const vClaimsOutput = v.union([ DcqlMdocCredential.vModel.entries.namespaces, DcqlSdJwtVcCredential.vModel.entries.claims, DcqlW3cVcCredential.vModel.entries.claims ]); const vClaimsEntrySuccessResult = _DcqlClaimsResult.vClaimsEntrySuccessResult = v.object({ success: v.literal(true), claim_index: v.number(), claim_id: v.optional(vIdString), output: vClaimsOutput }); const vClaimsEntryFailureResult = _DcqlClaimsResult.vClaimsEntryFailureResult = v.object({ success: v.literal(false), claim_index: v.number(), claim_id: v.optional(vIdString), issues: v.record(v.string(), v.unknown()), output: v.unknown() }); const vClaimSetSuccessResult = _DcqlClaimsResult.vClaimSetSuccessResult = v.object({ success: v.literal(true), claim_set_index: v.union([v.number(), v.undefined()]), valid_claim_indexes: v.optional(vNonEmptyArray(v.number())), failed_claim_indexes: v.optional(v.undefined()), output: vClaimsOutput }); const vClaimSetFailureResult = _DcqlClaimsResult.vClaimSetFailureResult = v.object({ success: v.literal(false), claim_set_index: v.union([v.number(), v.undefined()]), valid_claim_indexes: v.optional(vNonEmptyArray(v.number())), failed_claim_indexes: vNonEmptyArray(v.number()), issues: v.record(v.string(), v.unknown()) }); const vClaimsSuccessResult = _DcqlClaimsResult.vClaimsSuccessResult = v.object({ success: v.literal(true), valid_claims: v.optional(vNonEmptyArray(vClaimsEntrySuccessResult)), failed_claims: v.optional(vNonEmptyArray(vClaimsEntryFailureResult)), valid_claim_sets: vNonEmptyArray(vClaimSetSuccessResult), failed_claim_sets: v.optional(vNonEmptyArray(vClaimSetFailureResult)) }); const vClaimsFailureResult = _DcqlClaimsResult.vClaimsFailureResult = v.object({ success: v.literal(false), valid_claims: v.optional(vNonEmptyArray(vClaimsEntrySuccessResult)), failed_claims: vNonEmptyArray(vClaimsEntryFailureResult), valid_claim_sets: v.optional(v.undefined()), failed_claim_sets: vNonEmptyArray(vClaimSetFailureResult) }); _DcqlClaimsResult.vModel = v.union([vClaimsSuccessResult, vClaimsFailureResult]); })(DcqlClaimsResult || (DcqlClaimsResult = {})); //#endregion //#region src/dcql-query-result/m-meta-result.ts let DcqlMetaResult; (function(_DcqlMetaResult) { const vMetaSuccessResult = _DcqlMetaResult.vMetaSuccessResult = v.object({ success: v.literal(true), output: v.variant("credential_format", [ v.pick(DcqlSdJwtVcCredential.vModel, [ "credential_format", "cryptographic_holder_binding", "vct" ]), v.pick(DcqlMdocCredential.vModel, [ "credential_format", "cryptographic_holder_binding", "doctype" ]), v.pick(DcqlW3cVcCredential.vModel, [ "credential_format", "cryptographic_holder_binding", "type" ]) ]) }); const vMetaFailureResult = _DcqlMetaResult.vMetaFailureResult = v.object({ success: v.literal(false), issues: v.record(v.string(), v.unknown()), output: v.unknown() }); _DcqlMetaResult.vModel = v.union([vMetaSuccessResult, vMetaFailureResult]); })(DcqlMetaResult || (DcqlMetaResult = {})); //#endregion //#region src/dcql-query-result/m-trusted-authorities-result.ts let DcqlTrustedAuthoritiesResult; (function(_DcqlTrustedAuthoritiesResult) { const vTrustedAuthorityEntrySuccessResult = _DcqlTrustedAuthoritiesResult.vTrustedAuthorityEntrySuccessResult = v.object({ success: v.literal(true), trusted_authority_index: v.number(), output: v.variant("type", DcqlCredentialTrustedAuthority.vModel.options.map((o) => v.object({ type: o.entries.type, value: o.entries.values.item }))) }); const vTrustedAuthorityEntryFailureResult = _DcqlTrustedAuthoritiesResult.vTrustedAuthorityEntryFailureResult = v.object({ success: v.literal(false), trusted_authority_index: v.number(), issues: v.record(v.string(), v.unknown()), output: v.unknown() }); const vTrustedAuthoritySuccessResult = _DcqlTrustedAuthoritiesResult.vTrustedAuthoritySuccessResult = v.union([v.object({ success: v.literal(true), valid_trusted_authority: v.optional(v.undefined()), failed_trusted_authorities: v.optional(v.undefined()) }), v.object({ success: v.literal(true), valid_trusted_authority: vTrustedAuthorityEntrySuccessResult, failed_trusted_authorities: v.optional(vNonEmptyArray(vTrustedAuthorityEntryFailureResult)) })]); const vTrustedAuthorityFailureResult = _DcqlTrustedAuthoritiesResult.vTrustedAuthorityFailureResult = v.object({ success: v.literal(false), valid_trusted_authority: v.optional(v.undefined()), failed_trusted_authorities: vNonEmptyArray(vTrustedAuthorityEntryFailureResult) }); _DcqlTrustedAuthoritiesResult.vModel = v.union([...vTrustedAuthoritySuccessResult.options, vTrustedAuthorityFailureResult]); })(DcqlTrustedAuthoritiesResult || (DcqlTrustedAuthoritiesResult = {})); //#endregion //#region src/dcql-query-result/m-dcql-query-result.ts let DcqlQueryResult; (function(_DcqlQueryResult) { const vCredentialQueryItemCredentialSuccessResult = _DcqlQueryResult.vCredentialQueryItemCredentialSuccessResult = v.object({ success: v.literal(true), input_credential_index: v.number(), trusted_authorities: DcqlTrustedAuthoritiesResult.vTrustedAuthoritySuccessResult, claims: DcqlClaimsResult.vClaimsSuccessResult, meta: DcqlMetaResult.vMetaSuccessResult }); const vCredentialQueryItemCredentialFailureResult = _DcqlQueryResult.vCredentialQueryItemCredentialFailureResult = v.object({ success: v.literal(false), input_credential_index: v.number(), trusted_authorities: DcqlTrustedAuthoritiesResult.vModel, claims: DcqlClaimsResult.vModel, meta: DcqlMetaResult.vModel }); const vCredentialQueryItemResult = _DcqlQueryResult.vCredentialQueryItemResult = v.union([v.object({ success: v.literal(true), credential_query_id: vIdString, valid_credentials: vNonEmptyArray(vCredentialQueryItemCredentialSuccessResult), failed_credentials: v.optional(vNonEmptyArray(vCredentialQueryItemCredentialFailureResult)) }), v.object({ success: v.literal(false), credential_query_id: vIdString, valid_credentials: v.optional(v.undefined()), failed_credentials: v.optional(vNonEmptyArray(vCredentialQueryItemCredentialFailureResult)) })]); const vCredentialQueryResult = _DcqlQueryResult.vCredentialQueryResult = v.record(vIdString, vCredentialQueryItemResult); _DcqlQueryResult.vModel = v.object({ credentials: v.pipe(vNonEmptyArray(DcqlCredentialQuery.vModel), v.description("REQUIRED. A non-empty array of Credential Queries that specify the requested Verifiable Credentials.")), credential_matches: vCredentialQueryResult, credential_sets: v.optional(v.pipe(vNonEmptyArray(v.object({ ...CredentialSetQuery.vModel.entries, matching_options: v.union([v.undefined(), vNonEmptyArray(v.array(v.string()))]) })), v.description("OPTIONAL. A non-empty array of credential set queries that specifies additional constraints on which of the requested Verifiable Credentials to return."))), can_be_satisfied: v.boolean() }); })(DcqlQueryResult || (DcqlQueryResult = {})); //#endregion //#region src/dcql-presentation/m-dcql-presentation-result.ts let DcqlPresentationResult; (function(_DcqlPresentationResult) { const vModel = _DcqlPresentationResult.vModel = v.omit(DcqlQueryResult.vModel, ["credentials"]); _DcqlPresentationResult.parse = (input) => { return v.parse(vModel, input); }; _DcqlPresentationResult.fromDcqlPresentation = (dcqlPresentation, ctx) => { const { dcqlQuery } = ctx; const queriesResults = Object.entries(dcqlPresentation).map(([credentialQueryId, presentations]) => { const credentialQuery = dcqlQuery.credentials.find((c) => c.id === credentialQueryId); if (!credentialQuery) throw new DcqlPresentationResultError({ message: `Query ${credentialQueryId} not found in the dcql query. Cannot validate presentation.` }); if (Array.isArray(presentations)) { if (presentations.length === 0) throw new DcqlPresentationResultError({ message: `Query credential '${credentialQueryId}' is present in the presentations but the value is an empty array. Each entry must at least provide one presentation.` }); if (!credentialQuery.multiple && presentations.length > 1) throw new DcqlPresentationResultError({ message: `Query credential '${credentialQueryId}' has not enabled 'multiple', but multiple presentations were provided. Only a single presentation is allowed for each query credential when 'multiple' is not enabled on the query.` }); } return runCredentialQuery(credentialQuery, { presentation: true, credentials: presentations ? Array.isArray(presentations) ? presentations : [presentations] : [] }); }); const credentialSetResults = dcqlQuery.credential_sets?.map((set) => { const matchingOptions = set.options.filter((option) => option.every((credentialQueryId) => queriesResults.find((result) => result.credential_query_id === credentialQueryId)?.success)); return { ...set, matching_options: matchingOptions.length > 0 ? matchingOptions : void 0 }; }); return { can_be_satisfied: queriesResults.every((result) => result.success && !result.failed_credentials) && (credentialSetResults ? credentialSetResults.every((set) => !set.required || set.matching_options) : dcqlQuery.credentials.every((credentialQuery) => queriesResults.find((result) => result.credential_query_id === credentialQuery.id)?.success)), credential_sets: credentialSetResults, credential_matches: Object.fromEntries(queriesResults.map((result) => [result.credential_query_id, result])) }; }; _DcqlPresentationResult.validate = (dcqlQueryResult) => { if (!dcqlQueryResult.can_be_satisfied) throw new DcqlInvalidPresentationRecordError({ message: "Invalid Presentation record", cause: dcqlQueryResult }); return dcqlQueryResult; }; })(DcqlPresentationResult || (DcqlPresentationResult = {})); //#endregion //#region src/dcql-query-result/run-dcql-query.ts const runDcqlQuery = (dcqlQuery, ctx) => { const credentialQueriesResults = Object.fromEntries(dcqlQuery.credentials.map((credentialQuery) => [credentialQuery.id, runCredentialQuery(credentialQuery, ctx)])); const credentialSetResults = dcqlQuery.credential_sets?.map((set) => { const matchingOptions = set.options.filter((option) => option.every((credentialQueryId) => credentialQueriesResults[credentialQueryId].success)); return { ...set, matching_options: matchingOptions.length > 0 ? matchingOptions : void 0 }; }); const dqclQueryMatched = credentialSetResults ? credentialSetResults.every((set) => !set.required || set.matching_options) : dcqlQuery.credentials.every(({ id }) => credentialQueriesResults[id].success === true); return { ...dcqlQuery, can_be_satisfied: dqclQueryMatched, credential_matches: credentialQueriesResults, credential_sets: credentialSetResults }; }; //#endregion //#region src/dcql-query/m-dcql-query.ts let DcqlQuery; (function(_DcqlQuery) { const vModel = _DcqlQuery.vModel = v.object({ credentials: v.pipe(vNonEmptyArray(DcqlCredentialQuery.vModel), v.description("REQUIRED. A non-empty array of Credential Queries that specify the requested Verifiable Credentials.")), credential_sets: v.pipe(v.optional(vNonEmptyArray(CredentialSetQuery.vModel)), v.description("OPTIONAL. A non-empty array of credential set queries that specifies additional constraints on which of the requested Verifiable Credentials to return.")) }); _DcqlQuery.va