From 9fcd08fbf7fbaeb5ad279e432e9b5c094e4f0371 Mon Sep 17 00:00:00 2001 From: NAOR YUVAL Date: Tue, 17 Mar 2026 11:30:55 +0200 Subject: [PATCH 1/2] =?UTF-8?q?docs(roadmap):=20add=20PR29=20=E2=80=94=20T?= =?UTF-8?q?rust=20Bundle=20types,=20signing,=20and=20key=20resolution?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds a new pending PR entry for Trust Bundle support: - TrustBundle + TrustBundleIssuerEntry types - signTrustBundle / verifyTrustBundle / resolveFromTrustBundle functions - Integration with verifySignedBudgetAuthorization + verifyPolicyGrant via optional trustBundles[] parameter (step-1 key resolution before HTTPS well-known) - Golden test vectors for bundle-based offline verification Spec: https://mpcp-protocol.github.io/spec/protocol/trust-bundles/ Co-Authored-By: Claude Sonnet 4.6 --- ROADMAP.md | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/ROADMAP.md b/ROADMAP.md index f3185521..647de320 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -90,6 +90,67 @@ Implements: protocol verification engine, artifact schemas, cryptographic signin | PR26 | Human-to-Agent Delegation Profile (`revocationEndpoint`, `allowedPurposes`, TRIP scope, `checkRevocation()`) | ✓ | | PR27 | On-Chain Policy Anchoring (`anchorRef`, `resolveXrplDid`, `hederaHcsAnchorPolicyDocument`, `checkXrplNftRevocation`) | ✓ | | PR28 | Encrypted Policy Anchoring (`submitMode`, AES-256-GCM via `crypto.subtle`, `PolicyDocumentCustody`, XRPL IPFS prep) | ✓ | +| PR29 | Trust Bundle — types, signing, verification, and key resolution integration | pending | + +--- + +## PR29 — Trust Bundle + +Implement the [Trust Bundle](https://mpcp-protocol.github.io/spec/protocol/trust-bundles/) specification as defined in the MPCP spec. + +Trust Bundles are pre-distributed signed documents that package trusted issuer public keys for MPCP verifiers operating without network access at verification time. + +### New types (`src/protocol/trustBundle.ts`) + +```typescript +export interface TrustBundleIssuerEntry { + issuer: string; + keys: JsonWebKey[]; +} + +export interface TrustBundle { + version: "1.0"; + bundleId: string; + bundleIssuer: string; + bundleKeyId: string; + category: string; + geography?: { region?: string; countryCodes?: string[] }; + approvedIssuers: string[]; + issuers: TrustBundleIssuerEntry[]; + expiresAt: string; + signature: string; +} +``` + +### New functions + +- `signTrustBundle(bundleWithoutSig, privateKeyPem)` — constructs canonical payload (`"MPCP:TrustBundle:1.0:" + canonicalJson(bundle)`), signs with Ed25519 or ECDSA P-256, returns signed bundle +- `verifyTrustBundle(bundle, rootPublicKeyPem)` — verifies the bundle's own signature and expiry before use; returns `{ valid: true }` or `{ valid: false; reason: string }` +- `resolveFromTrustBundle(issuer, issuerKeyId, bundles)` — step-1 key resolution; searches non-expired loaded bundles in descending `expiresAt` order; returns matching JWK or `null` + +### Key resolution integration + +`verifySignedBudgetAuthorization`, `verifyPolicyGrant`, and related verifiers gain an optional `trustBundles?: TrustBundle[]` parameter. When provided, key resolution checks bundles before falling back to HTTPS well-known and DID resolution (per the 3-step algorithm in the spec). + +### Exports + +All three functions exported from `src/sdk/index.ts` under the `trust` namespace. + +### Tests + +- `signTrustBundle` + `verifyTrustBundle` roundtrip +- Expired bundle rejected by `verifyTrustBundle` +- Tampered bundle signature rejected +- `resolveFromTrustBundle` returns correct key from matching non-expired bundle +- `resolveFromTrustBundle` skips expired bundles; falls through to `null` +- `resolveFromTrustBundle` prefers bundle with latest `expiresAt` when multiple match +- `verifySignedBudgetAuthorization` resolves signing key from Trust Bundle when `trustBundles` provided (no env var needed) + +### Deliverables + +- `src/protocol/trustBundle.ts` +- `src/sdk/index.ts` updated +- `test/protocol/trustBundle.test.ts` --- From 13de3f3b280b690b2c695cc17130e3435838081f Mon Sep 17 00:00:00 2001 From: NAOR YUVAL Date: Tue, 17 Mar 2026 11:34:55 +0200 Subject: [PATCH 2/2] fix: flat-export wording, remove namespace mention --- ROADMAP.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ROADMAP.md b/ROADMAP.md index 647de320..47222985 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -134,7 +134,7 @@ export interface TrustBundle { ### Exports -All three functions exported from `src/sdk/index.ts` under the `trust` namespace. +All three functions flat-exported from `src/sdk/index.ts`, consistent with existing SDK exports (`checkRevocation`, `resolveXrplDid`, etc.). ### Tests