Conversation
- DIDComm v2 envelope service with ECDH-1PU+A256KW and ECDH-ES - OOB 2.0 and DidCommOutOfBandInvitationV2 - DidCommV2Service in DID document resolution - Peer DID num algo 2 recipient key fingerprint support for v2 - acceptDidCommV2, sendDidCommV2, autoCreateConnectionOnFirstMessage config - Demo scripts alice:v2 and faber:v2 Signed-off-by: Tarun Vadde <[email protected]>
- Use did:key for skid/kid so recipients can resolve via tryParseKidAsPublicJwk - Fix Ed25519/X25519 fingerprint matching in DID exchange and OOB receiver lookup - Support NewDidCommV2Service (DIDCommMessaging) in document resolution - Default acceptDidCommV2 and sendDidCommV2 to true - Guard Ed25519->X25519 conversion against invalid key bytes Signed-off-by: Tarun Vadde <[email protected]>
…olution - Extend peer DID fallback to did:peer:4 long form (in addition to did:peer:2) - Apply fallback for both requester and responder when recipient keys are empty - Export didToNumAlgo4DidDocument from core for peer DID parsing - Use NewDidCommV2Service type for v2 service handling Signed-off-by: Tarun Vadde <[email protected]>
- Add recipientKeys type assertion in DidCommMessageSender peer DID fallback - Extract toX25519 helper in DidCommDidExchangeResponseHandler for cleaner Ed25519/X25519 validation Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
…e*Handlers Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
… and timing Signed-off-by: Tarun Vadde <[email protected]>
…ts and time while building V2 plain text Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
Protocol and message version restrictions: - Add supportedDidCommVersions to message types; restrict Message Pickup and Mediation to v1 connections - Enforce version compatibility in DidCommMessageSender Module and API configuration: - Replace acceptDidCommV2/sendDidCommV2 with didcommVersions array (default ["v1"]) - Add peerDidNumAlgoForV2OOB; default to did:peer:4, support did:peer:2 for legacy deployments - Add optional didcommVersion to DidCommConnectionRecord (default v1); outbound envelope version derived from connection V2 envelope and conversion: - Add v2 OOB invitations with optional ourDid for stable connection lookup - Support decorators (e.g. threading) in v1/v2 conversion (normalize, plaintextBuilder) Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Tarun Vadde <[email protected]>
Add support for BasicMessage 2.0 (https://didcomm.org/basicmessage/2.0/) over both DIDComm v1 and v2 envelopes, per spec. - Add DidCommBasicMessageV2 message class with toV2Plaintext() for v2 packing - Add BasicMessageV2Handler and DidCommBasicMessageService.createMessageV2/saveV2 - Extend DidCommBasicMessagesModuleConfig with protocols: ['1.0' | '2.0'] - When protocols includes 2.0, DidCommBasicMessagesApi uses BM 2.0 - BM 2.0 fields: content, created_time (Unix epoch), optional lang - BM 2.0 works over v1 envelope (v1-style plaintext) and v2 envelope (body, type, id) - Add DidCommBasicMessageV2StateChanged event for received BM 2.0 messages - plaintxtBuilder uses toV2Plaintext() for messages that implement it Signed-off-by: Tarun Vadde <[email protected]>
Implement Message Pickup protocol 3.0 per https://didcomm.org/messagepickup/3.0/ for DIDComm v2 connections (mediation 2.0, pickup v3). Protocol: - Add DidCommMessagePickupV3Protocol with PIURI https://didcomm.org/messagepickup/3.0 - Message types: status-request, status, delivery-request, delivery, messages-received, live-delivery-change (all with return_route: all) - Handlers: StatusRequestV3, StatusV3, DeliveryRequestV3, MessageDeliveryV3, MessagesReceivedV3, LiveDeliveryChangeV3 - Optional recipient_did in status-request/delivery-request; required limit in delivery-request; base64 attachments in delivery; message_id_list in messages-received API and module: - DidCommMessagePickupApi: pickupMessages, setLiveDeliveryMode, deliverMessages, deliverMessagesFromQueue with protocolVersion 'v3' and recipientDid for v3 - DidCommMessagePickupModule registers DidCommMessagePickupV3Protocol - Pickup v3 restricted to DIDComm v2 (assertDidCommV2Connection) Live mode: - processLiveDeliveryChange saves/removes live session by sessionId; responds with status including live_delivery and message_count - When live_delivery is true on non-persistent transport (no sessionId), send problem report with code e.m.live-mode-not-supported per spec Tests: - protocol/v3/__tests__/pickup-v3-protocol.test.ts for v3 protocol and live-delivery-change (including problem report when sessionId missing) - Existing pickup/MessagePickupApi/MessagePickupModule tests unchanged Signed-off-by: Tarun Vadde <[email protected]>
Add full Coordinate Mediation 2.0 support in Credo-ts, including mediator/recipient coordination, key registration, and routing behavior aligned with DIF messaging expectations. - Introduce Coordinate Mediation 2.0 message types and models: mediate-request, mediate-grant, mediate-deny, keylist-update, keylist-update-response, keylist-query, and keylist - Implement mediator-side services and handlers for: processing Forward (routing 2.0/forward) and coordinating delivery strategies, handling keylist updates/queries, and emitting state/keylist events - Implement recipient-side services and handlers for: provisioning mediation v2, awaiting grants, and issuing keylist updates (v2) - Update routing/mediation integration paths used by DIDComm v2 sender/receiver flow (including v2 routing DID and Forward message handling) - Add/extend tests covering mediation v2 messaging + message pickup v3 interoperability - Update Drizzle storage adapters and mediation record typing to support mediation v2 fields Signed-off-by: Tarun Vadde <[email protected]>
|
…2706) Signed-off-by: Tarun Vadde <[email protected]>
…d did:key (#2718) * fix(didcomm): align v2 decryption and mediation lookup with peer:4 and did:key Mediators and mobile agents often use different encodings for the same recipient (short vs long did:peer:4, did:key vs peer DID in CM2 keylists, and varied DIDComm v2 JWE recipient kid formats). Exact tag and naive kid resolution then failed at runtime. DidCommV2KeyResolver (resolveV2Keys): - Resolve recipient keys via KMS kid, DID URL / VM dereference, and relative # fragment kids against created peer DIDs, preferring OOB sender recipientDid ordering when multiple DIDs exist. - Fall back to mediator routing keys, OOB inline / V2 service shapes, and receiver recipientRouting metadata; retry X25519 interpretation for ambiguous raw base58 kids before giving up. DidCommMediationRepository: - getSingleByRecipientDid tries did:peer:4 query variants (short/long). - When tags still miss, scan granted mediator records using areEquivalentDidPeer4Forms. - For long-form did:peer:4, match keylist entries stored as did:key (or legacy recipient keys) using Ed25519 material derived from the doc. DidCommMessageReceiver: - Improve v2 connection lookup using from/to (ourDid/theirDid), handle duplicate theirDid, findByKeys fallback, and return-route skid from the local DID document when possible. Fixes CredoError No matching recipient key found for DIDComm v2 message and RecordNotFoundError on MediationRecord queries keyed by recipientDids when forward next and keylist tags use equivalent but unequal strings. Signed-off-by: Tarun Vadde <[email protected]> * chore: update comment in DidRecord Signed-off-by: Tarun Vadde <[email protected]> * refactor(didcomm): resolve mediation records with single recipientDid query Signed-off-by: Tarun Vadde <[email protected]> * refactor: move getRecipientDidQueryVariants to @credo-ts/core Signed-off-by: Tarun Vadde <[email protected]> * refactor(didcomm): use non-throwing mediation lookup in processForwardMessage Signed-off-by: Tarun Vadde <[email protected]> * Update packages/didcomm/src/modules/routing/services/DidCommMediationRecipientService.ts Co-authored-by: Timo Glastra <[email protected]> Signed-off-by: Tarun Vadde <[email protected]> * fix(didcomm): enforce strict v2 key resolution and normalize DID recipient tags to X25519 Signed-off-by: Tarun Vadde <[email protected]> * chore: remove log Signed-off-by: Tarun Vadde <[email protected]> * fix(didcomm): address v2 mediation and key handling review feedback Revert DidRecord.getTags() and PeerDidRegistrar to match upstream main; no DIDComm-v2-specific logic in generic DID classes Fix senderKeySkid to use keyAgreement VM (X25519 #key-2) per DIDComm v2 section 5.1.4 Restrict resolveSenderKey to keyAgreement only Simplify MediationRepository to single canonical-form query Remove diagnostic logging and unused did:peer:4 utility exports Signed-off-by: Tarun Vadde <[email protected]> --------- Signed-off-by: Tarun Vadde <[email protected]> Signed-off-by: Tarun Vadde <[email protected]> Co-authored-by: Timo Glastra <[email protected]>
…sues (#2733) fix(didcomm): resolve v2 mediation runtime issues with key handling and message pickup - Fix KMS key resolution for X25519 keyAgreement VMs by falling back to Ed25519 authentication key derivation (did:webvh, did:peer compatibility) - Ensure skid/kid in JWE headers are always full DID URLs, not relative fragments - Prefer X25519 services for v2 connections in message sender service ordering - Filter to keyAgreement VMs only (not authentication) for v2 key resolution - Auto-create connection for implicit v2 OOB invitations on responder side - Auto-upgrade message pickup strategy (v1/v2 → v3) for Coordinate Mediation 2.0 Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Ariel Gentile <[email protected]>
…didcomm-v2 Signed-off-by: Tarun Vadde <[email protected]>
* feat(core): improved x509 certificate validation with RSA (#2740) * fix(core): correctly set the RSA jwk alg when from spki (#2741) * fix(core): revert previous two RSA commits (#2742) * fix(askar,didcomm): align API names with core v0.7.0 renames Signed-off-by: Tarun Vadde <[email protected]> --------- Signed-off-by: Tarun Vadde <[email protected]> Co-authored-by: Henrique Dias <[email protected]>
genaris
commented
Apr 9, 2026
Contributor
Author
genaris
left a comment
genaris
left a comment
There was a problem hiding this comment.
@tarunvaddeSoul I've added several comments regarding class/interface naming and API usage that can simplify a lot the changes needed to use V2 in existing agents (since most of the logic to choose between V1 or V2 comes directly from the Connection Record).
I know there are some remaining fixes to do on the key management in order to support both V1 and V2 at the same time in an Agent, so I didn't do a deep analysis of that yet.
5 tasks
* feat(core): improved x509 certificate validation with RSA (#2740) * fix(core): correctly set the RSA jwk alg when from spki (#2741) * fix(core): revert previous two RSA commits (#2742) * fix(didcomm): v1<=>v2 interop with CM 2.0 mediators Fixes cross-version interop issues when a Coordinate Mediation 2.0 mediator is in the path. Scoped to preserve clean v1/v2 separation per #2718. - Split v1/v2 peer DID creation: v1 gets plain URL + Ed25519 routing keys, v2 keeps routing DID as service URI - Register both Ed25519 and X25519 did:key forms of the recipient key in keylist-update (v1 senders use Ed25519, v2 use X25519) - Sender always uses X25519 did:key as Forward - Dedup routing keys by X25519 fingerprint to prevent v2 Forward double-wrapping - Add Path 3 fallback in DidCommV2KeyResolver for did:key kids (mediator routing key lookup) - Include Ed25519 auth VM in auto-generated mediator routing did:peer:2 - Wrap MessagesReceivedV3Message in outbound context so MP 3.0 delivery acks get sent (parity with v2 handler) - Select BM 1.0/2.0 based on connection.didcommVersion - Drop recipient_did filter from MP 3.0 status-request Signed-off-by: Tarun Vadde <[email protected]> * Update packages/didcomm/src/modules/basic-messages/DidCommBasicMessagesApi.ts Co-authored-by: Ariel Gentile <[email protected]> Signed-off-by: Tarun Vadde <[email protected]> * fix(didcomm): drop recipient_did filter from MP 3.0 Signed-off-by: Tarun Vadde <[email protected]> --------- Signed-off-by: Tarun Vadde <[email protected]> Signed-off-by: Tarun Vadde <[email protected]> Co-authored-by: Henrique Dias <[email protected]> Co-authored-by: Ariel Gentile <[email protected]>
tarunvaddeSoul
added a commit
to tarunvaddeSoul/credo-ts
that referenced
this pull request
Apr 13, 2026
- askar/deriveKey: remove empty if block in finally; kept only the trailing comment noting contentEncryptionKey is freed by the caller. - didcomm tests: correct toBase64URL typo to the real method name toBase64Url (TypedArrayEncoder and JsonEncoder only expose the lowercase-u variant). Fixes DidCommMessageReceiver, didcommVersion and DidCommV2EnvelopeService unit tests that could not run before. Signed-off-by: Tarun Vadde <[email protected]>
Contributor
…eview (#2752) * fix(didcomm,askar): address PR #2704 review bugs - askar/deriveKey: remove empty if block in finally; kept only the trailing comment noting contentEncryptionKey is freed by the caller. - didcomm tests: correct toBase64URL typo to the real method name toBase64Url (TypedArrayEncoder and JsonEncoder only expose the lowercase-u variant). Fixes DidCommMessageReceiver, didcommVersion and DidCommV2EnvelopeService unit tests that could not run before. Signed-off-by: Tarun Vadde <[email protected]> * refactor(didcomm): introduce DidCommVersion type and migrate protocol strings to v1/v2 Signed-off-by: Tarun Vadde <[email protected]> * refactor(didcomm): collapse v2 forward builder into DidCommForwardMessageV2 static Signed-off-by: Tarun Vadde <[email protected]> * refactor(didcomm): add DidComm prefix and V{2,3} suffix to message and handler classes Signed-off-by: Tarun Vadde <[email protected]> * refactor(basic-messages): reorganize into protocol/v1 and protocol/v2 subdirs Signed-off-by: Tarun Vadde <[email protected]> * refactor(didcomm): unify routing API — drop V2 public methods, branch internally Signed-off-by: Tarun Vadde <[email protected]> * refactor(didcomm): move v1 routing messages and handlers into v1/ subdirectory Signed-off-by: Tarun Vadde <[email protected]> * refactor(didcomm): v1/v2 naming and layout cleanups per review - Rename BasicMessage{,V2}Handler files to DidComm-prefixed names - Move routing handlers/messages into protocol/v{1,2}/{handlers,messages} to match basic-messages layout Signed-off-by: Tarun Vadde <[email protected]> --------- Signed-off-by: Tarun Vadde <[email protected]>
Signed-off-by: Ariel Gentile <[email protected]>
Contributor
Author
Hi @tarunvaddeSoul, can you fix the validation issues? You can check for them by running these commands:
In some cases it is acceptable to override linter rules for some lines or even files, but usually there is a better way to format the code. Please also make sure all the current test suite is running. Thanks!! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
New branch created from the current work in #2698. Added here to allow releasing pr-versions and test behaviour on different platforms before the initial merge to main.
Former
feat/didcomm-v2has been renamed tofeat/didcomm-v2-oldfor reference and in case we need to take some things from there.