Cardano Updates

Signed-off-by: iammdzaidalam <[email protected]>

Resolves #634

Signed-off-by: iammdzaidalam <[email protected]>

Resolves #634

Signed-off-by: iammdzaidalam <[email protected]>

Replace untyped `any[]` with properly typed SDJWTDisclosure interface.
Add validateSDJWTSubmission() function to validate structure at runtime
before passing to cryptographic verification routines. This prevents
malformed disclosures, missing claims, or incorrect algorithms from
silently passing through verification.

Fixes #630

Signed-off-by: A-Chronicle <[email protected]>

Collect errors from all attempted resolvers and include their details
in the failure message. This enables developers to diagnose resolution
failures (network errors, invalid DIDs, blockchain issues, etc.)
instead of receiving a generic error message.

Fixes #629

Signed-off-by: A-Chronicle <[email protected]>

Remove console.log() and console.error() calls that bypass the SDK's
logging configuration and could leak sensitive information in production.
These calls appear in critical error paths where exceptions are thrown,
and logging should be handled through the SDK's configured logger.

Fixes #628

Signed-off-by: A-Chronicle <[email protected]>

Replace silent error suppression in sendMessageParseMessage with explicit
error handling. When message unpacking fails due to decryption errors or
malformed responses, throw InvalidMessageFormatError instead of returning
undefined. This allows callers to distinguish between valid empty responses
and actual protocol failures.

Fixes #626

Signed-off-by: A-Chronicle <[email protected]>

Add parseJWKCoordinate helper method to validate JWK field types before
extraction. This prevents unsafe 'as any' casts and ensures malformed JWK
data throws InvalidKeyError rather than silently proceeding through
cryptographic verification.

Fixes #625

Signed-off-by: A-Chronicle <[email protected]>

The previous flow assumed Send.run would resolve to the mediator's
keylist-update-response. In practice it always resolved to undefined:
DIDCommConnection.send returned the registered handler's result rather
than the parsed message, and the SDK never asked the mediator for an
inline reply. Per coordinate-mediation 2.0 the mediator only answers
synchronously when the request carries `return_route: "all"`, and
Mercury auto-attaches that header for the piuris in ReturnRouteProtocols
(packages/wasm/didcomm/src/Wrapper.ts) -- but keylist-update was never
on that list. So every keylist-update went out without return_route, the
mediator dispatched the response asynchronously, and the client never
observed it.

Add keylist-update to ReturnRouteProtocols, make DIDCommConnection.send
return the inline response, and rewrite updateKeyListWithDID to send the
message, race the call against a 60 s timeout, assert the response is a
Message with the expected piuri and a thid matching the outgoing id, and
validate the body via MediationKeysUpdateResponse (throws on any
non-success / non-no_change result).

Tests cover success, no_change, client_error, server_error, malformed
body, timeout, wrong piuri, wrong thid and a missing response. A guard
on ReturnRouteProtocols prevents the same kind of regression that
originally introduced this bug (PR #85).

Closes #391

Signed-off-by: Seydi Charyyev <[email protected]>

The import path was incorrect - ../../../ only goes back to pluto/,
but we need ../../../../ to reach src/ and then access pollux/.

Signed-off-by: A-Chronicle <[email protected]>

Fixes #578 — SD-JWT presentations were missing the Key Binding JWT
(KB-JWT) segment, dropping the verifier's challenge (nonce) and domain.
This made presentations vulnerable to replay attacks.

Root cause: the @sd-jwt/core library already supports KB-JWT via
kbSigner/kbSignAlg config and KBOptions on present(), but the SDK
never connected these paths.

Changes:
- SDJWT.getSKConfig(): add kbSigner and kbSignAlg so the core library
  can sign the KB-JWT segment
- SDJWT.createPresentationFor(): accept optional kb: KBOptions param
  and forward to sdjwt.present()
- oea/sdjwt/PresentationRequest: extract challenge and domain from the
  presentation request and pass as KB options when a challenge is
  provided (backward compatible — no KB-JWT when no challenge)

The KB-JWT payload includes nonce, aud, iat, and sd_hash per the
SD-JWT-VC specification (I-D §5.1).

Test plan:
- 4 new tests covering kbSigner/kbSignAlg config, KB-JWT segment
  generation with correct payload, and backward compatibility
- All 806 existing tests pass

Signed-off-by: Abhigyan Singh <[email protected]>

Signed-off-by: Abhigyan Singh <[email protected]>

When backing up SD+JWT credentials, only the JWT ID field was being
stored instead of the full SDJWT JWS. This caused restore to fail
because SDJWTCredential.fromJWS() expects the complete JWS including
disclosures.

Changes:
- Modified Backup.ts to reconstruct full SDJWT JWS from JWT + disclosures
- Updated tests to use correct data format for SDJWT restore
- Added SDJWT to round-trip backup/restore test
- Exported credential JWS strings from fixtures for test use

Fixes #458

Signed-off-by: A-Chronicle <[email protected]>

createPeerDID currently sends `MediationKeysUpdateList` and assumes the
mediator accepted it. Per the coordinate-mediation 2.0 spec the
mediator responds with either a `keylist-update-response` or a
`ProblemReport`; we need to consume that response so `createPeerDID`
only succeeds on a real acknowledgement.

Implements the design discussed with @elribonazo in #391:

  > we should wait until we have a successful request from the mediator
  > or an exception thrown, or the request timed out (1 m should be fine)

- `updateKeyListWithDID()` now awaits the response from `Send` and,
  when present, runs it through `MediationKeysUpdateResponse`.
- `MediationKeysUpdateResponse` throws when the response carries a
  non-success result (`client_error`, `server_error`, …) or has a
  malformed body, which propagates through `createPeerDID` and surfaces
  to the caller.
- A 60-second timeout (`KEYLIST_UPDATE_TIMEOUT_MS`) is applied so an
  unresponsive mediator fails the flow instead of silently hanging.
- `MediationKeysUpdateResponse` is no longer auto-registered as a
  message handler — it is invoked explicitly from
  `updateKeyListWithDID` after `Send`, so the lifecycle is
  deterministic.
- The old unit test
  (`tests/agent/didcomm/MediationKeysUpdateResponse.test.ts`) is
  replaced by `tests/agent/CreatePeerDID.test.ts`, which exercises the
  flow end-to-end through `createPeerDID` per @FabioPinheiro's review
  guidance — covering success, no_change, client_error, server_error,
  malformed body, timeout, Send returning undefined,
  `updateMediator = false`, and the no-mediator-connected case.

784/784 SDK tests pass locally.

Closes #391

Signed-off-by: Seydi Charyyev <[email protected]>

createPeerDID currently sends `MediationKeysUpdateList` and assumes the
mediator accepted it. Per the coordinate-mediation 2.0 spec the
mediator responds with either a `keylist-update-response` or a
`ProblemReport`; we need to consume that response so `createPeerDID`
only succeeds on a real acknowledgement.

Implements the design discussed with @elribonazo in #391:

  > we should wait until we have a successful request from the mediator
  > or an exception thrown, or the request timed out (1 m should be fine)

- `updateKeyListWithDID()` now awaits the response from `Send` and,
  when present, runs it through `MediationKeysUpdateResponse`.
- `MediationKeysUpdateResponse` throws when the response carries a
  non-success result (`client_error`, `server_error`, …) or has a
  malformed body, which propagates through `createPeerDID` and surfaces
  to the caller.
- A 60-second timeout (`KEYLIST_UPDATE_TIMEOUT_MS`) is applied so an
  unresponsive mediator fails the flow instead of silently hanging.
- `MediationKeysUpdateResponse` is no longer auto-registered as a
  message handler — it is invoked explicitly from
  `updateKeyListWithDID` after `Send`, so the lifecycle is
  deterministic.
- The old unit test
  (`tests/agent/didcomm/MediationKeysUpdateResponse.test.ts`) is
  replaced by `tests/agent/CreatePeerDID.test.ts`, which exercises the
  flow end-to-end through `createPeerDID` per @FabioPinheiro's review
  guidance — covering success, no_change, client_error, server_error,
  malformed body, timeout, Send returning undefined,
  `updateMediator = false`, and the no-mediator-connected case.

784/784 SDK tests pass locally.

Closes #391

Signed-off-by: Seydi Charyyev <[email protected]>

Signed-off-by: Abhigyan Singh <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Anshika Chaubey <[email protected]>

Signed-off-by: Anshika Chaubey <[email protected]>

Bumps the npm_and_yarn group with 1 update in the / directory: [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs).


Updates `@babel/plugin-transform-modules-systemjs` from 7.29.0 to 7.29.4
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>