fetch upstream/main updates

.changeset/blue-roses-cough.md

@@ -0,0 +1,8 @@
+---
+"@web5/agent": minor
+"@web5/identity-agent": minor
+"@web5/proxy-agent": minor
+"@web5/user-agent": minor
+---
+
+Add ability to Sync a subset of protocols as a delegate

.changeset/friendly-carrots-return.md

@@ -0,0 +1,12 @@
+---
+"@web5/crypto-aws-kms": patch
+"@web5/identity-agent": patch
+"@web5/credentials": patch
+"@web5/proxy-agent": patch
+"@web5/user-agent": patch
+"@web5/crypto": patch
+"@web5/agent": patch
+"@web5/dids": patch
+---
+
+cleanup crypto utils

.changeset/green-dolls-provide.md

@@ -0,0 +1,5 @@
+---
+"@web5/api": minor
+---
+
+Finalize ability to WalletConnect with sync involved

.changeset/lovely-rules-fold.md

@@ -0,0 +1,5 @@
+---
+"@web5/api": patch
+---
+
+Add `records.subscribe()` functionality to the DwnApi

.changeset/spicy-forks-attack.md

@@ -0,0 +1,5 @@
+---
+"@web5/agent": patch
+---
+
+integrate dwn grants into connect flow

.changeset/tidy-ants-shave.md

@@ -0,0 +1,5 @@
+---
+"@web5/api": minor
+---
+
+connect methods now work with dwn and user agent and are no longer stubbed

.github/workflows/tests-ci.yml

@@ -72,7 +72,7 @@ jobs:
         run: kill $DWN_SERVER_BACKGROUND_PROCESS || true
 
       - name: Upload test coverage to Codecov
-        uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
+        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 #v4.5.0
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
 

audit-ci.json

@@ -5,6 +5,7 @@
     "ip",
     "mysql2",
     "braces",
-    "GHSA-rv95-896h-c2vc"
+    "GHSA-rv95-896h-c2vc",
+    "GHSA-952p-6rrq-rcjv"
   ]
 }

codecov.yml

@@ -7,8 +7,11 @@ component_management:
       - type: project
         target: auto # auto compares coverage to the previous base commit
         threshold: 5% # allows a 5% drop from the previous base commit coverage
+        informational: true
       - type: patch
         target: 90
+        informational: true
+        if_ci_failed: success
 
   individual_components:
     - component_id: package-agent

examples/wallet-connect.html

@@ -139,6 +139,11 @@ <h1>Success</h1>
         method: "Query",
         protocol: "http://profile-protocol.xyz",
       },
+      {
+        interface: "Records",
+        method: "Read",
+        protocol: "http://profile-protocol.xyz",
+      },
     ];
 
     try {
@@ -206,7 +211,9 @@ <h1>Success</h1>
     }
 
     function goToEndScreen(delegateDid) {
-      document.getElementById("didInformation").innerText = `${JSON.stringify(
+      document.getElementById(
+        "didInformation"
+      ).innerText = `delegateDid\n:${JSON.stringify(
         delegateDid
       )}`;
 

package.json

@@ -19,7 +19,7 @@
     "build": "pnpm --recursive --stream build",
     "test:node": "pnpm --recursive test:node",
     "audit-ci": "audit-ci --config ./audit-ci.json",
-    "wallet:connect:example": "npx http-server & HTTP_SERVER_PID=$! && sleep 2 && open 'http://localhost:8080/examples/wallet-connect.html' && wait $HTTP_SERVER_PID"
+    "wallet:connect:example": "npx http-server -c-1 & HTTP_SERVER_PID=$! && sleep 2 && open 'http://localhost:8080/examples/wallet-connect.html' && wait $HTTP_SERVER_PID"
   },
   "repository": {
     "type": "git",
@@ -31,7 +31,7 @@
     "@changesets/cli": "^2.27.5",
     "@npmcli/package-json": "5.0.0",
     "@typescript-eslint/eslint-plugin": "7.9.0",
-    "@web5/dwn-server": "0.4.6",
+    "@web5/dwn-server": "0.4.7",
     "audit-ci": "^7.0.1",
     "eslint-plugin-mocha": "10.4.3",
     "globals": "^13.24.0",
@@ -43,7 +43,11 @@
       "ws@<8.17.1": ">=8.17.1",
       "braces@<3.0.3": ">=3.0.3",
       "fast-xml-parser@<4.4.1": ">=4.4.1",
-      "@75lb/deep-merge@<1.1.2": ">=1.1.2"
+      "@75lb/deep-merge@<1.1.2": ">=1.1.2",
+      "elliptic@>=4.0.0 <=6.5.6": ">=6.5.7",
+      "elliptic@>=2.0.0 <=6.5.6": ">=6.5.7",
+      "elliptic@>=5.2.1 <=6.5.6": ">=6.5.7",
+      "micromatch@<4.0.8": ">=4.0.8"
     }
   }
 }

packages/agent/src/cached-permissions.ts

@@ -0,0 +1,66 @@
+import { TtlCache } from '@web5/common';
+import { AgentPermissionsApi } from './permissions-api.js';
+import { Web5Agent } from './types/agent.js';
+import { PermissionGrantEntry } from './types/permissions.js';
+import { DwnInterface } from './types/dwn.js';
+
+export class CachedPermissions {
+
+  /** the default value for whether a fetch is cached or not */
+  private cachedDefault: boolean;
+
+  /** Holds the instance of {@link AgentPermissionsApi} that helps when dealing with permissions protocol records */
+  private permissionsApi: AgentPermissionsApi;
+
+  /** cache for fetching a permission {@link PermissionGrant}, keyed by a specific MessageType and protocol */
+  private cachedPermissions: TtlCache<string, PermissionGrantEntry> = new TtlCache({ ttl: 60 * 1000 });
+
+  constructor({ agent, cachedDefault }:{ agent: Web5Agent, cachedDefault?: boolean }) {
+    this.permissionsApi = new AgentPermissionsApi({ agent });
+    this.cachedDefault = cachedDefault ?? false;
+  }
+
+  public async getPermission<T extends DwnInterface>({ connectedDid, delegateDid, delegate, messageType, protocol, cached = this.cachedDefault }: {
+    connectedDid: string;
+    delegateDid: string;
+    messageType: T;
+    protocol?: string;
+    cached?: boolean;
+    delegate?: boolean;
+  }): Promise<PermissionGrantEntry> {
+    // Currently we only support finding grants based on protocols
+    // A different approach may be necessary when we introduce `protocolPath` and `contextId` specific impersonation
+    const cacheKey = [ connectedDid, delegateDid, messageType, protocol ].join('~');
+    const cachedGrant = cached ? this.cachedPermissions.get(cacheKey) : undefined;
+    if (cachedGrant) {
+      return cachedGrant;
+    }
+
+    const permissionGrants = await this.permissionsApi.fetchGrants({
+      author  : delegateDid,
+      target  : delegateDid,
+      grantor : connectedDid,
+      grantee : delegateDid,
+    });
+
+    // get the delegate grants that match the messageParams and are associated with the connectedDid as the grantor
+    const grant = await AgentPermissionsApi.matchGrantFromArray(
+      connectedDid,
+      delegateDid,
+      { messageType, protocol },
+      permissionGrants,
+      delegate
+    );
+
+    if (!grant) {
+      throw new Error(`CachedPermissions: No permissions found for ${messageType}: ${protocol}`);
+    }
+
+    this.cachedPermissions.set(cacheKey, grant);
+    return grant;
+  }
+
+  public async clear(): Promise<void> {
+    this.cachedPermissions.clear();
+  }
+}

packages/agent/src/connect.ts

@@ -90,7 +90,10 @@ async function initClient({
   // a route to its web5 connect provider flow and the params of where to fetch the auth request.
   const generatedWalletUri = new URL(walletUri);
   generatedWalletUri.searchParams.set('request_uri', parData.request_uri);
-  generatedWalletUri.searchParams.set('encryption_key', Convert.uint8Array(encryptionKey).toBase64Url());
+  generatedWalletUri.searchParams.set(
+    'encryption_key',
+    Convert.uint8Array(encryptionKey).toBase64Url()
+  );
 
   // call user's callback so they can send the URI to the wallet as they see fit
   onWalletUriReady(generatedWalletUri.toString());
@@ -115,9 +118,9 @@ async function initClient({
     })) as Web5ConnectAuthResponse;
 
     return {
-      delegateGrants : verifiedAuthResponse.delegateGrants,
-      delegateDid    : verifiedAuthResponse.delegateDid,
-      connectedDid   : verifiedAuthResponse.iss,
+      delegateGrants      : verifiedAuthResponse.delegateGrants,
+      delegatePortableDid : verifiedAuthResponse.delegatePortableDid,
+      connectedDid        : verifiedAuthResponse.iss,
     };
   }
 }

packages/agent/src/dwn-api.ts

@@ -5,6 +5,7 @@ import {
   DataStoreLevel,
   Dwn,
   DwnConfig,
+  DwnInterfaceName,
   DwnMethodName,
   EventLogLevel,
   GenericMessage,
@@ -14,7 +15,7 @@ import {
 } from '@tbd54566975/dwn-sdk-js';
 
 import { NodeStream } from '@web5/common';
-import { utils as cryptoUtils } from '@web5/crypto';
+import { CryptoUtils } from '@web5/crypto';
 import { DidDht, DidJwk, DidResolverCacheLevel, UniversalResolver } from '@web5/dids';
 
 import type { Web5PlatformAgent } from './types/agent.js';
@@ -23,8 +24,11 @@ import type {
   DwnMessageInstance,
   DwnMessageParams,
   DwnMessageReply,
+  DwnMessagesPermissionScope,
   DwnMessageWithData,
+  DwnPermissionScope,
   DwnRecordsInterfaces,
+  DwnRecordsPermissionScope,
   DwnResponse,
   DwnSigner,
   MessageHandler,
@@ -70,6 +74,14 @@ export function isRecordsType(messageType: DwnInterface): messageType is DwnReco
     messageType === DwnInterface.RecordsWrite;
 }
 
+export function isRecordPermissionScope(scope: DwnPermissionScope): scope is DwnRecordsPermissionScope {
+  return scope.interface === DwnInterfaceName.Records;
+}
+
+export function isMessagesPermissionScope(scope: DwnPermissionScope): scope is DwnMessagesPermissionScope {
+  return scope.interface === DwnInterfaceName.Messages;
+}
+
 export class AgentDwnApi {
   /**
    * Holds the instance of a `Web5PlatformAgent` that represents the current execution context for
@@ -396,7 +408,7 @@ export class AgentDwnApi {
         const keyManager = this.agent.keyManager;
 
         return {
-          algorithm : cryptoUtils.getJoseSignatureAlgorithmFromPublicKey(publicKey),
+          algorithm : CryptoUtils.getJoseSignatureAlgorithmFromPublicKey(publicKey),
           keyId     : signingMethod.id,
           sign      : async (data: Uint8Array) => {
             return await keyManager.sign({ data, keyUri: keyUri! });

packages/agent/src/dwn-registrar.ts

@@ -1,4 +1,4 @@
-import { Sha256, utils } from '@web5/crypto';
+import { Sha256, CryptoUtils } from '@web5/crypto';
 import { concatenateUrl } from './utils.js';
 import { Convert } from '@web5/common';
 
@@ -120,8 +120,8 @@ export class DwnRegistrar {
    * Generates 32 random bytes expressed as a HEX string.
    */
   public static async generateNonce(): Promise<string> {
-    const randomBytes = utils.randomBytes(32);
-    const hexString = await Convert.uint8Array(randomBytes).toHex().toUpperCase();
+    const randomBytes = CryptoUtils.randomBytes(32);
+    const hexString = Convert.uint8Array(randomBytes).toHex().toUpperCase();
     return hexString;
   }
 }

packages/agent/src/index.ts

@@ -8,6 +8,7 @@ export type * from './types/sync.js';
 export type * from './types/vc.js';
 
 export * from './bearer-identity.js';
+export * from './cached-permissions.js';
 export * from './crypto-api.js';
 export * from './did-api.js';
 export * from './dwn-api.js';