Add working JS examples for DID resolution and VC verification

chrishooooo-netizen · claude · chrishooooo-netizen · commit eb166ba7aff0 · 2026-03-28T22:51:14.000+01:00
Provides starter code for Issue #4 contributors: - did-resolution.js: keypair gen, 3 DID modes, document creation, offline resolution - vc-verification.js: self-signed VC, DataIntegrityProof, tamper detection - README with setup instructions and learning objectives - Both examples tested and passing against @trailprotocol/core@0.1.0 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
diff --git a/.gitignore b/.gitignore
@@ -4,3 +4,4 @@ dist/
 *.tsbuildinfo
 .env
 .env.*
+examples/js/node_modules/
diff --git a/examples/js/README.md b/examples/js/README.md
@@ -0,0 +1,51 @@
+# TRAIL Protocol - JavaScript Examples
+
+Working examples showing how to use `did:trail` with Node.js.
+
+## Prerequisites
+
+- Node.js 18+ (uses built-in `crypto` module)
+- npm
+
+## Setup
+
+```bash
+cd examples/js
+npm install
+```
+
+## Examples
+
+### DID Resolution (`did-resolution.js`)
+
+Creates DIDs in all three modes (self, org, agent), builds DID Documents, and resolves a self-issued DID offline.
+
+```bash
+node did-resolution.js
+```
+
+**What you'll learn:**
+- Ed25519 keypair generation
+- The three DID modes and their trust tiers
+- DID Document structure (W3C DID Core 1.0)
+- Offline resolution for self-mode DIDs
+
+### VC Verification (`vc-verification.js`)
+
+Issues a self-signed Verifiable Credential with a DataIntegrityProof, then verifies it - including a tamper detection test.
+
+```bash
+node vc-verification.js
+```
+
+**What you'll learn:**
+- Verifiable Credentials 2.0 structure
+- DataIntegrityProof with `eddsa-jcs-2023` cryptosuite
+- JSON Canonicalization (JCS, RFC 8785)
+- Cryptographic verification and tamper detection
+
+## Reference
+
+- [`@trailprotocol/core`](https://www.npmjs.com/package/@trailprotocol/core) - Full API reference
+- [TRAIL DID Method Spec](../../did-method-spec.md) - Specification v1.1.0
+- [CONTRIBUTING.md](../../CONTRIBUTING.md) - How to contribute
diff --git a/examples/js/did-resolution.js b/examples/js/did-resolution.js
@@ -0,0 +1,99 @@
+#!/usr/bin/env node
+
+/**
+ * TRAIL Protocol - DID Resolution Example
+ *
+ * Demonstrates how to:
+ * 1. Generate an Ed25519 keypair
+ * 2. Create did:trail DIDs (self, org, agent)
+ * 3. Build DID Documents
+ * 4. Resolve a did:trail DID offline (self-mode)
+ *
+ * Prerequisites:
+ *   npm install @trailprotocol/core
+ *
+ * Run:
+ *   node did-resolution.js
+ */
+
+const {
+  generateKeyPair,
+  createSelfDid,
+  createOrgDid,
+  createAgentDid,
+  createDidDocument,
+  TrailResolver,
+} = require('@trailprotocol/core');
+
+async function main() {
+  // -------------------------------------------------------
+  // Step 1: Generate an Ed25519 keypair
+  // -------------------------------------------------------
+  const keys = generateKeyPair();
+  console.log('=== Key Generation ===');
+  console.log('Public key (multibase):', keys.publicKeyMultibase);
+  console.log('Public key (JWK):', JSON.stringify(keys.publicKeyJwk, null, 2));
+  console.log();
+
+  // -------------------------------------------------------
+  // Step 2: Create DIDs in all three modes
+  // -------------------------------------------------------
+
+  // Self DID (Tier 0) - no registry needed, local trust only
+  const selfDid = createSelfDid(keys.publicKeyMultibase);
+  console.log('=== DID Creation ===');
+  console.log('Self DID: ', selfDid);
+
+  // Org DID (Tier 1) - for organizations with KYB attestation
+  const orgDid = createOrgDid('Acme Corporation', keys.publicKeyMultibase);
+  console.log('Org DID:  ', orgDid);
+
+  // Agent DID (Tier 2) - for AI agents with full trust chain
+  const agentDid = createAgentDid('Sales Assistant', keys.publicKeyMultibase);
+  console.log('Agent DID:', agentDid);
+  console.log();
+
+  // -------------------------------------------------------
+  // Step 3: Build DID Documents
+  // -------------------------------------------------------
+  console.log('=== DID Documents ===');
+
+  // Self DID Document - simplest form
+  const selfDoc = createDidDocument(selfDid, keys, { mode: 'self' });
+  console.log('Self DID Document:');
+  console.log(JSON.stringify(selfDoc, null, 2));
+  console.log();
+
+  // Agent DID Document - with parent organization reference
+  const agentDoc = createDidDocument(agentDid, keys, {
+    mode: 'agent',
+    parentOrganization: orgDid,
+    aiSystemType: 'agent',
+  });
+  console.log('Agent DID Document:');
+  console.log(JSON.stringify(agentDoc, null, 2));
+  console.log();
+
+  // -------------------------------------------------------
+  // Step 4: Resolve a self DID (offline resolution)
+  // -------------------------------------------------------
+  // Self-mode DIDs can be resolved without a registry because
+  // the public key is embedded in the DID itself.
+  console.log('=== DID Resolution ===');
+  const resolver = new TrailResolver();
+  const result = await resolver.resolve(selfDid);
+
+  console.log('Resolution result:');
+  console.log('  DID:', result.didDocument.id);
+  console.log('  Content-Type:', result.didResolutionMetadata.contentType);
+  console.log('  Verification Method:', result.didDocument.verificationMethod[0].type);
+  console.log('  Trust Tier:', result.didDocument['trail:trailTrustTier']);
+  console.log();
+
+  // TODO: Add registry-based resolution for org/agent DIDs
+  // (requires a running TRAIL Registry instance)
+
+  console.log('Done. All examples completed successfully.');
+}
+
+main().catch(console.error);
diff --git a/examples/js/package-lock.json b/examples/js/package-lock.json
diff --git a/examples/js/package.json b/examples/js/package.json
@@ -0,0 +1,16 @@
+{
+  "name": "trail-examples-js",
+  "version": "1.0.0",
+  "private": true,
+  "description": "TRAIL Protocol usage examples for Node.js",
+  "scripts": {
+    "did-resolution": "node did-resolution.js",
+    "vc-verification": "node vc-verification.js"
+  },
+  "dependencies": {
+    "@trailprotocol/core": "^0.1.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}
diff --git a/examples/js/vc-verification.js b/examples/js/vc-verification.js
@@ -0,0 +1,101 @@
+#!/usr/bin/env node
+
+/**
+ * TRAIL Protocol - Verifiable Credential Example
+ *
+ * Demonstrates how to:
+ * 1. Create a self-signed Verifiable Credential (VC 2.0)
+ * 2. Inspect the DataIntegrityProof (eddsa-jcs-2023)
+ * 3. Verify the credential cryptographically
+ * 4. Detect tampering (negative test)
+ *
+ * Prerequisites:
+ *   npm install @trailprotocol/core
+ *
+ * Run:
+ *   node vc-verification.js
+ */
+
+const {
+  generateKeyPair,
+  createSelfDid,
+  createSelfSignedCredential,
+  verifyCredential,
+} = require('@trailprotocol/core');
+
+async function main() {
+  // -------------------------------------------------------
+  // Step 1: Setup - generate keys and create a DID
+  // -------------------------------------------------------
+  const issuerKeys = generateKeyPair();
+  const issuerDid = createSelfDid(issuerKeys.publicKeyMultibase);
+
+  console.log('=== Setup ===');
+  console.log('Issuer DID:', issuerDid);
+  console.log();
+
+  // -------------------------------------------------------
+  // Step 2: Issue a self-signed Verifiable Credential
+  // -------------------------------------------------------
+  // createSelfSignedCredential(issuerDid, subjectDid, claims, privateKeyBytes)
+  //
+  // This creates a VC 2.0 credential with a DataIntegrityProof
+  // using the eddsa-jcs-2023 cryptosuite (Ed25519 + JCS RFC 8785).
+  // For self-signed VCs, issuer and subject are the same DID.
+  const credential = createSelfSignedCredential(
+    issuerDid,
+    issuerDid, // subject = issuer (self-signed)
+    {
+      type: 'TrailTrustAttestation',
+      aiSystemType: 'agent',
+      capabilities: ['text-generation', 'tool-use'],
+    },
+    issuerKeys.privateKeyBytes
+  );
+
+  console.log('=== Issued Credential ===');
+  console.log(JSON.stringify(credential, null, 2));
+  console.log();
+
+  // -------------------------------------------------------
+  // Step 3: Inspect the proof
+  // -------------------------------------------------------
+  console.log('=== Proof Details ===');
+  console.log('  Type:', credential.proof.type);
+  console.log('  Cryptosuite:', credential.proof.cryptosuite);
+  console.log('  Verification Method:', credential.proof.verificationMethod);
+  console.log('  Created:', credential.proof.created);
+  console.log('  Proof Purpose:', credential.proof.proofPurpose);
+  console.log('  Proof Value (first 40 chars):', credential.proof.proofValue.substring(0, 40) + '...');
+  console.log();
+
+  // -------------------------------------------------------
+  // Step 4: Verify the credential
+  // -------------------------------------------------------
+  // verifyCredential(vc, publicKeyBytes) checks:
+  // - Required VC fields (@context, type, issuer, issuanceDate, credentialSubject)
+  // - DataIntegrityProof signature validity
+  console.log('=== Verification ===');
+  const result = verifyCredential(credential, issuerKeys.publicKeyBytes);
+  console.log('Credential valid:', result.valid);
+  console.log('Errors:', result.errors.length === 0 ? 'none' : result.errors);
+  console.log();
+
+  // -------------------------------------------------------
+  // Step 5: Tamper detection (negative test)
+  // -------------------------------------------------------
+  // Modify the credential and verify again - should fail
+  // because the signature no longer matches the content.
+  console.log('=== Tamper Detection ===');
+  const tampered = JSON.parse(JSON.stringify(credential));
+  tampered.credentialSubject.trailTrustTier = 2; // Attacker tries to upgrade trust tier
+
+  const tamperedResult = verifyCredential(tampered, issuerKeys.publicKeyBytes);
+  console.log('Tampered credential valid:', tamperedResult.valid, '(expected: false)');
+  console.log('Errors:', tamperedResult.errors);
+  console.log();
+
+  console.log('Done. All examples completed successfully.');
+}
+
+main().catch(console.error);
