feat(core): W3C VC Data Integrity module by rmlearney-digicatapult · Pull Request #2797 · openwallet-foundation/credo-ts

rmlearney-digicatapult · 2026-05-18T13:55:11Z

Summary

This PR adds a new Data Integrity module to core, including proof types, validation, proof processing utilities, cryptosuite registration, proof creation/verification services, and agent/module wiring.

The module provides a standards-aligned foundation for Data Integrity proofs and makes Data Integrity available by default in agent module configuration.

Why
We need a first-class Data Integrity implementation in core so internal (e.g. VC, webvh) and external consumers can:

Create and verify Data Integrity proofs consistently
Reuse shared proof validation and processing logic
Register and resolve cryptosuites through a single registry
Access Data Integrity APIs without duplicating proof orchestration logic

What’s Included

Proof model and validation foundation

Added Data Integrity proof/document types and proof option builders
Added validation/assertion helpers for:
- Single-proof document flows
- Proof-set document flows
- Required proof member checks
Added structured Data Integrity error/result model for creation and verification outcomes

Proof-processing utilities

Added utilities for:
- Proof chain handling
- Parsing/normalization
- Key resolution helpers
- Strict dateTimeStamp checks including leap year, time zone as required by spec
Centralises reusable spec-oriented processing steps used by services and cryptosuites

Cryptosuite integration

Added cryptosuite interfaces and registry
Added EdDSA JCS 2022 cryptosuite as first implementation
Wired cryptosuite registration into module setup

Service/API and module surface

Added proof service and API layer for:
- Proof creation
- Single-proof verification (permissive and fail-fast)
- Proof-set/chain verification orchestration (permissive and fail-fast)
Added module public/internal barrels
Added module export on core index
Registered Data Integrity as a default agent module

This module was built to be conformant with the https://www.w3.org/TR/vc-data-integrity/ specification while preserving separation of responsibilities between different potential callers. For example, @context validation does not occur within the module as this is the responsibility of the VC service during the post-proof flow.

The cryptosuite is fully conformant with the https://www.w3.org/TR/vc-di-eddsa/#eddsa-jcs-2022 standard and the code is fully enumerated with each specification paragraph and line item implemented and a full test suite.

Opinionated elements
I have implemented Javascript normalisation to drop fields containing undefined - this is not within the spec but I do not believe that we should be signing over undefined fields

While power users could access the cryptosuite directly, most services will call via the W3cDataIntegrityProofService. For this reason some of the strict shape-checks live in the calling service, not the cryptosuite.

I have implemented 2 barrels for export - index.ts which will be hooked through @credo-ts/core and internal.ts which will be used by internal credo-ts consumers by direct import. These contain different exports for protecting internal functionality and avoiding complex ecosystem migrations in future.

I have installed json-canonicalize for strict JSON canonicalisation as required by eddsa-jcs-2022

NB
At the moment this module is not wired externally, only instantiated on the base agent. I have local branches where webvh is migrated to use this core data integrity module and W3CV2 uses this module for DiVp and DiVc support. I built these to help shape the implementation and API surface and will push these after merge.

changeset-bot · 2026-05-18T13:55:21Z

⚠️ No Changeset found

Latest commit: f9fd975

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

…ng primitives Signed-off-by: rmlearney-digicatapult <robert.learney@digicatapult.org.uk>