true if the given DID is an active tenant of the DWN; false otherwise
Utility class for creating CIDs. Exported for the convenience of developers.
+Static computeComputes a V1 CID for the provided payload
+the codec to use. Defaults to cbor
+the multihasher to use. Defaults to sha256
+payload CID
+codec is not supported
+encoding fails
+if hasher is not supported
+Static computeStatic computeStatic parseA simple implementation of DataStore that works in both the browser and server-side. +Leverages LevelDB under the hood.
+It has the following structure (+ represents an additional sublevel/partition):
+ 'data' +
Fetches the specified data.
+The logical ID of the record that references the data.
+The IPFS CID of the data.
+the data size and data stream if found, otherwise undefined.
Stores the given data.
+The logical ID of the record that references the data.
+The IPFS CID of the data.
+Utility class for readable data stream, intentionally named to disambiguate from ReadableStream, readable-stream, Readable etc.
+Static duplicateStatic fromStatic fromStatic toStatic toProcesses the given DWN message and returns with a reply.
+The tenant DID to route the given message to.
+Optional options: EventsSubscribeMessageOptionsOptional options: RecordsWriteMessageOptionsOptional options: MessageOptionsValidates structure of DWN message
+GenericMessageReply if the message has an integrity error, otherwise undefined.
+Checks tenant gate to see if tenant is allowed.
+The tenant DID to route the given message to.
+GenericMessageReply if the message has an integrity error, otherwise undefined.
+Static createStatic Readonly maxThe maximum size of raw data that will be returned as encodedData.
We chose 30k, as after encoding it would give plenty of headroom up to the 65k limit in most SQL variants. +We currently encode using base64url which is a 33% increase in size.
+A class that represents a DWN error.
+Utility class for encoding/converting data into various formats.
+Static base64Static base64Static bytesStatic bytesStatic bytesStatic objectStatic stringStatic stringUtility class for performing common, non-DWN specific encryption operations.
+Static isExpose eciesjs library configuration
+Static aes256Static aes256Static eciesDecrypt the given plaintext using ECIES (Elliptic Curve Integrated Encryption Scheme) +with SECP256K1 for the asymmetric calculations, HKDF as the key-derivation function, +and AES-GCM for the symmetric encryption and MAC algorithms.
+Static eciesEncrypts the given plaintext using ECIES (Elliptic Curve Integrated Encryption Scheme) +with SECP256K1 for the asymmetric calculations, HKDF as the key-derivation function, +and AES-GCM for the symmetric encryption and MAC algorithms.
+The EventStream interface implements a pub/sub system based on Message filters.
+Optional config: EventLogLevelConfigRetrieves all of a tenant's events that occurred after the cursor provided. +If no cursor is provided, all events for a given tenant will be returned.
+The cursor is a messageCid.
+Returns an array of messageCids that represent the events.
+Optional cursor: PaginationCursorretrieves a filtered set of events that occurred after a the cursor provided, accepts multiple filters.
+If no cursor is provided, all events for a given tenant and filter combo will be returned. +The cursor is a messageCid.
+Returns an array of messageCids that represent the events.
+Optional cursor: PaginationCursorCalled by JSON.stringify(...) automatically.
Static createStatic parseCalled by JSON.stringify(...) automatically.
Static createStatic parseCalled by JSON.stringify(...) automatically.
Static createCreates a EventsSubscribe message.
+if json schema validation fails.
+Static parseClass containing hierarchical deterministic key related utility methods used by the DWN.
+Static deriveDerives a key using HMAC-based Extract-and-Expand Key Derivation Function (HKDF) as defined in RFC 5869. +TODO: Consolidate HKDF implementation and usage with web5-js - https://github.com/TBD54566975/dwn-sdk-js/issues/742
+Static deriveDerives a descendant private key. +NOTE: currently only supports SECP256K1 keys.
+Static deriveStatic deriveDerives a descendant public key from an ancestor private key. +NOTE: currently only supports SECP256K1 keys.
+Utility class for JWS related operations.
+Static createCreates a Signer from the given Persona.
+Static createCreates a Signer[] from the given Personas.
+Static decodeStatic extractStatic getStatic getStatic verifyVerifies the signature against the given payload.
+true if signature is valid; false otherwise
A class containing utility methods for working with DWN messages.
+Static compareStatic compareStatic createCreates the authorization property to be included in a DWN message.
Optional delegatedOptional permissionOptional protocolused as an authorization property.
Static createCreates a generic signature from the given DWN message descriptor by including descriptorCid as the required property in the signature payload.
+NOTE: there is an opportunity to consolidate RecordsWrite.createSignerSignature() wth this method
Optional additionalPayloadProperties: { Optional delegatedOptional permissionOptional protocolStatic getGets the CID of the given message.
+Static getnewest message in the array. undefined if given array is empty.
Static getoldest message in the array. undefined if given array is empty.
Static getGets the DID of the signer of the given message, returns undefined if message is not signed.
Static isStatic isStatic isSee if the given message is signed by an author-delegate.
+Static isSee if the given message is signed by an owner-delegate.
+Static validateStatic validateValidates the structural integrity of the message signature given:
+descriptorCid property matches the CID of the message descriptor
+NOTE: signature is NOT verified.The key to look up the JSON schema referenced in compile-validators.js and perform payload schema validation on.
the parsed JSON payload object if validation succeeds.
+A simple implementation of MessageStore that works in both the browser and server-side. +Leverages LevelDB under the hood.
+Deletes the message associated with the id provided.
+Optional options: MessageStoreOptionsFetches a single message by cid from the underlying store.
+Returns undefined no message was found.
Optional options: MessageStoreOptionsadds a message to the underlying store. Uses the message's cid as the key
+indexes (key-value pairs) to be included as part of this put operation
+Optional options: MessageStoreOptionsQueries the underlying store for messages that matches the provided filters. +Supplying multiple filters establishes an OR condition between the filters.
+Optional messageSort: MessageSortOptional pagination: PaginationOptional options: MessageStoreOptionsStatic buildBuilds the IndexLevel QueryOptions object given MessageStore sort and pagination parameters.
+Called by JSON.stringify(...) automatically.
Static createStatic parseThis is a first-class DWN protocol for managing permission grants of a given DWN.
+Static Readonly definitionThe definition of the Permissions protocol.
+Static Readonly grantThe protocol path of the grant record.
Static Readonly requestThe protocol path of the request record.
Static Readonly revocationThe protocol path of the revocation record.
Static Readonly uriThe URI of the DWN Permissions protocol.
+Static createConvenience method to create a permission grant.
+Static createConvenience method to create a permission request.
+Static createConvenience method to create a permission revocation.
+Static fetchFetches PermissionGrant with the specified recordID.
the PermissionGrant matching the recordId specified.
if PermissionGrant does not exist
+Static parseStatic validateValidates the given Permissions protocol RecordsWrite. It can be a request, grant, or revocation.
+A signer that signs using a private key.
+The name of the signature algorithm used by this signer. +This value will be used as the "alg" parameter in JWS produced. +This parameter is not used by the DWN but is unfortunately a required header property for a JWS as per: +https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.1 +Valid signature algorithm values can be found at https://www.iana.org/assignments/jose/jose.xhtml
+The ID of the key used by this signer.
+This needs to be a fully-qualified ID (ie. prefixed with DID) so that author can be parsed out for processing such as recordId computation.
+Example: did:example:alice#key1
+This value will be used as the "kid" parameter in JWS produced.
+While this property is not a required property per JWS specification, it is required for DWN authentication.
Class containing Protocol related utility methods.
+Static deriveDerives public encryptions keys and inject it in the $encryption property for each protocol path segment of the given Protocol definition,
+then returns the final encryption-enabled protocol definition.
+NOTE: The original definition passed in is unmodified.
Called by JSON.stringify(...) automatically.
Static createStatic parseCalled by JSON.stringify(...) automatically.
Static createStatic normalizeStatic parseClass containing useful utilities related to the Records interface.
+Static buildThis will create individual keys for each of the tags that look like tag.tag_property
Static constructConstructs full key derivation path using the specified scheme.
+Static constructStatic constructStatic constructConstructs the full key derivation path using protocolPath scheme.
Static constructStatic convertStatic decryptDecrypts the encrypted data in a message reply using the given ancestor private key.
+Any ancestor private key in the key derivation path.
+Static deriveDerives a descendant private key given an ancestor private key and the full absolute derivation path.
+NOTE: right now only ECIES-ES256K algorithm is supported for asymmetric encryption,
+ so we will only derive SECP256K1 key without additional conditional checks
Static filterStatic filterStatic getGets the DID of the author of the given message.
+Static getStatic isChecks if the given message is a RecordsWriteMessage.
Static isStatic normalizeNormalizes the protocol and schema URLs within a provided RecordsFilter and returns a copy of RecordsFilter with the modified values.
+incoming RecordsFilter to normalize.
+a copy of the incoming RecordsFilter with the normalized properties.
+Static shouldStatic validateValidates that ancestor derivation path matches the descendant derivation path completely.
+with DwnErrorCode.RecordsInvalidAncestorKeyDerivationSegment if fails validation.
Static validateValidates the referential integrity of both author-delegated grant and owner-delegated grant.
+Decoded payload of the author signature of the message. Pass undefined if message is not signed.
+ Passed purely as a performance optimization so we don't have to decode the signature payload again.
Optional ownerSignaturePayload: GenericSignaturePayloadDecoded payload of the owner signature of the message. Pass undefined if no owner signature is present.
+ Passed purely as a performance optimization so we don't have to decode the owner signature payload again.
Indexed properties needed for MessageStore indexing.
+Called by JSON.stringify(...) automatically.
Static createCreates a RecordsDelete message.
+Static parseA class representing a RecordsQuery DWN message.
+Authorizes the delegate who signed this message.
+Used to check if the grant has been revoked.
+Called by JSON.stringify(...) automatically.
Static createStatic parseAuthorizes the delegate who signed this message.
+Used to check if the grant has been revoked.
+Called by JSON.stringify(...) automatically.
Static createCreates a RecordsRead message.
+when a combination of required RecordsReadOptions are missing
+Static parseA class representing a RecordsSubscribe DWN message.
+Authorizes the delegate who signed the message.
+Used to check if the grant has been revoked.
+Called by JSON.stringify(...) automatically.
Static createStatic parseA class representing a RecordsWrite DWN message.
+NOTE: Unable to extend AbstractMessage directly because the incompatible _message type, which is not just a generic <M> type.
Readonly attestersIf this message is signed by an author-delegate.
+If this message is signed by an owner-delegate.
+Valid JSON message representing this RecordsWrite.
+DwnErrorCode.RecordsWriteMissingSigner if the message is not signed yet.
The owner DID of the message if owner signature is present in the message; undefined otherwise.
+This is the logical owner of the message, not to be confused with the actual signer of the owner signature,
+this is because the signer of the owner signature may not be the actual DWN owner, but a delegate authorized by the owner.
Decoded owner signature payload.
+Gets the signer of owner signature; undefined if owner signature is not present in the message.
+This is not to be confused with the logical owner #owner of the message,
+this is because the signer of the owner signature may not be the actual DWN owner, but a delegate authorized by the owner.
+In the case that the owner signature is signed by the actual DWN owner, this value will be the same as #owner.
Gets the signer of this message. +This is not to be confused with the logical author of the message.
+Authorizes the author-delegate who signed this message.
+Used to check if the grant has been revoked.
+Authorizes the owner-delegate who signed this message.
+Used to check if the grant has been revoked.
+Encrypts the symmetric encryption key using the public keys given and attach the resulting encryption property to the RecordsWrite.
Signs the RecordsWrite as the DWN owner.
+This is used when the DWN owner wants to retain a copy of a message that the owner did not author.
+NOTE: requires the RecordsWrite to already have the author's signature.
Signs the RecordsWrite as the DWN owner-delegate.
+This is used when a DWN owner-delegate wants to retain a copy of a message that the owner did not author.
+NOTE: requires the RecordsWrite to already have the author's signature.
Called by JSON.stringify(...) automatically.
Static createCreates a RecordsWrite message.
+Static createCreates the attestation property of a RecordsWrite message if given signature inputs; returns undefined otherwise.
Optional signers: Signer[]Static createConvenience method that creates a message by:
+Static createCreates the signature property in the authorization of a RecordsWrite message.
Optional delegatedOptional permissionOptional protocolStatic fetchFetches the initial RecordsWrite of a record.
+The initial RecordsWrite if found; undefined if the record is not found.
Static getStatic getComputes the deterministic Entry ID of this message.
+Static getGets the initial write from the given list of RecordsWrite.
Static isChecks if the given message is the initial entry of a record.
+Static parseParses a RecordsWrite message and returns a {RecordsWrite} instance.
+Static verifyVerifies that immutable properties of the two given messages are identical.
+if immutable properties between two RecordsWrite message
+A simple single-instance implementation of ResumableTaskStore that works in both browsers and node.js. +Leverages LevelDB under the hood.
+Extends the timeout of the task associated with the task ID provided. +No-op if the task is not found, as this implies that the task has already been completed. +This allows the client that is executing the task to continue working on it before the task is considered timed out.
+ID of the task to extend the timeout for.
+Timeout in seconds from the current time.
+Grabs a number of unhandled tasks from the store. +Unhandled tasks are tasks that are not currently in-flight/under processing (ie. tasks that have timed-out). +NOTE: The implementation must make sure that once a task is grabbed by a client, +tis timeout must be updated so that it is considered in-flight/under processing +and cannot be grabbed by another client until it is timed-out.
+Desired number of tasks to grab.
+A list of tasks exclusive for the caller to handle; or empty array if there is no tasks, or if all tasks are already grabbed by others.
+Reads the task associated with the task ID provided regardless of whether it is in-flight/under processing or not. +This is mainly introduced for testing purposes: ie. to check the status of a task for easy test verification.
+ID of the task to read.
+Registers a new resumable task that is currently in-flight/under processing to the store.
+If the task is timed out, a client will be able to grab it through the grab() method and resume the task.
Task specific data. This is deliberately of type any because this store should not have to be ware of its type.
Timeout in seconds from the current time.
+A ManagedResumableTask object that can be used to extend or delete the task.
with code set to ResumableTaskAlreadyExists if the same task is already registered.
Class containing SECP256K1 related utility methods.
+Static generateGenerates a random key pair in JWK format.
+Static generateStatic getGets the public JWK of the given private JWK.
+Static getStatic privateCreates a private key in raw bytes from the given SECP256K1 JWK.
+Static privateConverts a private key in bytes into a JWK.
+Static publicCreates a compressed key in raw bytes from the given SECP256K1 JWK.
+Static publicStatic signSigns the provided content using the provided JWK.
+Static validateValidates the given JWK is a SECP256K1 key.
+if fails validation.
+Static verifyVerifies a signature against the provided payload hash and public key.
+a boolean indicating whether the signature is valid.
+Class containing SECP256R1 related utility methods.
+Static bytesStatic generateGenerates a random key pair in JWK format.
+Static privateCreates a private key in raw bytes from the given SECP256R1 JWK.
+Static publicStatic signSigns the provided content using the provided JWK. +Signature that is outputted is JWS format, not DER.
+Static validateValidates the given JWK is a SECP256R1 key.
+if fails validation.
+Static verifyVerifies a signature against the provided payload hash and public key.
+the signature to verify. Can be in either DER or compact format. If using Oracle Cloud KMS, keys will be DER formatted.
+a boolean indicating whether the signature is valid.
+Utility class for generating data for testing.
+Static createCreates a mock DID resolution result for testing purposes.
+Static generateStatic generateStatic generateStatic generateStatic generateStatic generateStatic generateGenerates a valid RecordsWrite that modifies the given an existing write.
+Any mutable property is not specified will be automatically mutated.
+e.g. if published is not specified, it will be toggled from the state of the given existing write.
Static generateStatic generateStatic generateGenerates a encrypted RecordsWrite message for testing.
+Set to true to attach the symmetric key encrypted by the protocol context derived public key
Set to true to attach the symmetric key encrypted by the protocol path derived public key
Optional protocolOptional protocolProtocol definition used to generate the RecordsWrite.
+ Must be the RECIPIENT's protocol definition if encryptSymmetricKeyWithProtocolPathDerivedKey is true,
+ because the recipient's public keys will be needed to encrypt the symmetric key.
Optional protocolOptional recipient?: stringStatic generateGenerates a ProtocolsConfigure message for testing.
+Optional parameters are generated if not given.
+Implementation currently uses ProtocolsConfigure.create().
Optional input: GenerateProtocolsConfigureInputStatic generateStatic generateStatic generateStatic generateStatic generateStatic randomStatic randomStatic randomStatic randomStatic randomStatic randomGenerates a random timestamp. Optionally allows you to set specific non-randomized values for the timestamp.
+Optional options: { Optional day?: numberOptional hour?: numberOptional microsecond?: numberOptional millisecond?: numberOptional minute?: numberOptional month?: numberOptional second?: numberOptional year?: numberrandom UTC ISO-8601 timestamp
+Time related utilities.
+Static createStatic createCreates a UTC ISO-8601 timestamp in microsecond precision accepted by DWN.
+Options for creating the timestamp.
+Optional day?: numberOptional hour?: numberOptional microsecond?: numberOptional millisecond?: numberOptional minute?: numberOptional month?: numberOptional second?: numberOptional year?: numberstring
+Static getStatic minimalWe must sleep for at least 2ms to avoid timestamp collisions during testing. +https://github.com/TBD54566975/dwn-sdk-js/issues/481
+Static sleepStatic validateDWN SDK error codes.
+Key derivation using the dataFormat value for Flat-space records.
Key derivation using the schema value for Flat-space records.
The interface that defines how to store and fetch data associated with a message.
+Fetches the specified data.
+The logical ID of the record that references the data.
+The IPFS CID of the data.
+the data size and data stream if found, otherwise undefined.
Stores the given data.
+The logical ID of the record that references the data.
+The IPFS CID of the data.
+Retrieves all of a tenant's events that occurred after the cursor provided. +If no cursor is provided, all events for a given tenant will be returned.
+The cursor is a messageCid.
+Returns an array of messageCids that represent the events.
+Optional cursor: PaginationCursorretrieves a filtered set of events that occurred after a the cursor provided, accepts multiple filters.
+If no cursor is provided, all events for a given tenant and filter combo will be returned. +The cursor is a messageCid.
+Returns an array of messageCids that represent the events.
+Optional cursor: PaginationCursorThe EventStream interface implements a pub/sub system based on Message filters.
+Deletes the message associated with the id provided.
+Optional options: MessageStoreOptionsFetches a single message by cid from the underlying store.
+Returns undefined no message was found.
Optional options: MessageStoreOptionsadds a message to the underlying store. Uses the message's cid as the key
+indexes (key-value pairs) to be included as part of this put operation
+Optional options: MessageStoreOptionsQueries the underlying store for messages that matches the provided filters. +Supplying multiple filters establishes an OR condition between the filters.
+Optional messageSort: MessageSortOptional pagination: PaginationOptional options: MessageStoreOptionsInterface for interacting with the resumable task store.
+Implementer's Note:
+The store implementation used in a horizontally scalable deployment, such as in a Kubernetes cluster,
+must account for concurrent access by multiple ResumableTaskStore instances.
+It would be undesirable to have many kubernetes pods all trying to handle the same resumable task.
+A minimal viable implementation can use a per tenant exclusive lock on the store when grab() and method is called.
+This would prevent issues that occur from concurrent modification to the same task to the store,
+but negatively impacts the throughput performance of the DWN.
+Requirements for a more performant implementation that allows distributed processing of resumable tasks across multiple clients:
grab() and/or open() implementation will need to copy the timed-out tasks from persistent store into the message queue/service
+for distributed processing by multiple clients when there is no resumable tasks to grab in the message queue.
+During the move, the persistent store should be locked to prevent multiple copies of the same tasks from being copied.delete() can be called with task ID.Extends the timeout of the task associated with the task ID provided. +No-op if the task is not found, as this implies that the task has already been completed. +This allows the client that is executing the task to continue working on it before the task is considered timed out.
+ID of the task to extend the timeout for.
+Timeout in seconds from the current time.
+Grabs a number of unhandled tasks from the store. +Unhandled tasks are tasks that are not currently in-flight/under processing (ie. tasks that have timed-out). +NOTE: The implementation must make sure that once a task is grabbed by a client, +tis timeout must be updated so that it is considered in-flight/under processing +and cannot be grabbed by another client until it is timed-out.
+Desired number of tasks to grab.
+A list of tasks exclusive for the caller to handle; or empty array if there is no tasks, or if all tasks are already grabbed by others.
+Reads the task associated with the task ID provided regardless of whether it is in-flight/under processing or not. +This is mainly introduced for testing purposes: ie. to check the status of a task for easy test verification.
+ID of the task to read.
+Registers a new resumable task that is currently in-flight/under processing to the store.
+If the task is timed out, a client will be able to grab it through the grab() method and resume the task.
Task specific data. This is deliberately of type any because this store should not have to be ware of its type.
Timeout in seconds from the current time.
+A ManagedResumableTask object that can be used to extend or delete the task.
with code set to ResumableTaskAlreadyExists if the same task is already registered.
A signer that is capable of generating a digital signature over any given bytes.
+The name of the signature algorithm used by this signer. +This value will be used as the "alg" parameter in JWS produced. +This parameter is not used by the DWN but is unfortunately a required header property for a JWS as per: +https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.1 +Valid signature algorithm values can be found at https://www.iana.org/assignments/jose/jose.xhtml
+The ID of the key used by this signer.
+This needs to be a fully-qualified ID (ie. prefixed with DID) so that author can be parsed out for processing such as recordId computation.
+Example: did:example:alice#key1
+This value will be used as the "kid" parameter in JWS produced.
+While this property is not a required property per JWS specification, it is required for DWN authentication.
An interface that gates tenant access to the DWN.
+true if the given DID is an active tenant of the DWN; false otherwise
The result of the isActiveTenant() call.
+Optional detail?: stringAn optional detail message if the given DID is not an active tenant of the DWN.
+true if the given DID is an active tenant of the DWN; false otherwise.
Optional attestationOptional data?: Uint8ArrayOptional dataThe data format of the new data. If not given, the data format from the existing message will be used.
+Optional dateOptional delegatedThe delegated grant to sign on behalf of the logical author, which is the grantor (grantedBy) of the delegated grant.
Optional encryptionOptional messageOptional protocolOptional published?: booleanOptional signer?: SignerThe signer of the message, which is commonly the author, but can also be a delegate.
+Optional tags?: RecordsWriteTagsResult of a data store get() method call if the data exists.
The number of bytes of the data stored.
+Result of a data store put() method call.
The number of bytes of the data stored.
+Optional derivationDWN configuration.
+Optional didOptional eventOptional tenantInput that describes how data is encrypted as spec-ed in TP18 (https://github.com/TBD54566975/technical-proposals/pull/6).
+Optional algorithm?: EncryptionAlgorithmAlgorithm used for encrypting the Data. Uses {EncryptionAlgorithm.Aes256Ctr} if not given.
+Initialization vector used for encrypting the data.
+Symmetric key used to encrypt the data.
+Array of input that specifies how the symmetric key is encrypted. +Each entry in the array will result in a unique ciphertext of the symmetric key.
+Optional cursor?: PaginationCursorOptional messageOptional cursor?: PaginationCursorOptional entries?: string[]Optional cursor?: PaginationCursorOptional messageOptional cursor?: PaginationCursorOptional entries?: string[]Optional subscription?: MessageSubscriptionIntersection type for all concrete message types.
+Optional authorization?: AuthorizationModelInput that specifies how a symmetric key is encrypted.
+Optional algorithm?: EncryptionAlgorithmAlgorithm used for encrypting the symmetric key. Uses {EncryptionAlgorithm.EciesSecp256k1} if not given.
+Key derivation scheme used to derive the public key to encrypt the symmetric key.
+Public key to be used to encrypt the symmetric key.
+Fully qualified ID of root public key used derive the public key to be used to to encrypt the symmetric key. +(e.g. did:example:abc#encryption-key-id)
+Contains a public-private key pair and the associated key ID.
+An managed resumable task model.
+Globally unique ID. Used to extend or delete the task.
+Number of retries
+Task specific data. This is deliberately of type any because this store should not have to be ware of its type.
Task timeout in Epoch Time.
+MessageEvent contains the message being emitted and an optional initial write message.
+Optional initialthe initial write of the RecordsWrite or RecordsDelete message
+Optional dateOptional dateOptional messageOptional entries?: MessagesGetReplyEntry[]Optional encodedOptional error?: stringOptional message?: GenericMessagePagination Options for querying messages.
+The cursor is the messageCid of the message you would like to pagination from.
+Optional cursor?: PaginationCursorOptional limit?: numberOptional publication?: PermissionConditionPublicationindicates whether a message written with the invocation of a permission must, may, or must not
+be marked as public.
+If undefined, it is optional to make the message public.
The data model for a permission scope.
+A logical grouping of user data used to generate test messages.
+the Elliptic Curve private key value. +It is represented as the base64url encoding of the octet string representation of the private key value +MUST be present to represent Elliptic Curve private keys.
+Denotes if this Protocol Definition can be returned by unauthenticated or unauthorized ProtocolsQuery.
Optional $actions?: ProtocolActionRule[]Optional $encryption?: ProtocolPathEncryptionEncryption setting for objects that are in this protocol path.
+Optional $role?: booleanIf true, this marks a record as a role that may used within a context.
+The recipient of a $role record may invoke their role by setting protocolRole property to the protocol path of the $role record.
Optional $size?: { If $size is set, the record size in bytes must be within the limits.
+Optional max?: numberOptional min?: numberOptional $tags?: { If $tags is set, the record must conform to the tag rules.
+Optional $allowallow properties other than those explicitly listed. defaults to false
+Optional $requiredarray of required tags
+Optional messageOptional permissionOptional filter?: ProtocolsQueryFilterOptional messageOptional permissionOptional signer?: SignerOptional entries?: ProtocolsConfigureMessage[]The "crv" (curve) parameter identifies the cryptographic curve used with the key. +MUST be present for all EC public keys
+the x coordinate for the Elliptic Curve point. +Represented as the base64url encoding of the octet string representation of the coordinate. +MUST be present for all EC public keys
+Optional y?: stringthe y coordinate for the Elliptic Curve point. +Represented as the base64url encoding of the octet string representation of the coordinate.
+Optional cursor?: PaginationCursorOptional limit?: numberOptional sortMessage returned in a query result. +NOTE: the message structure is a modified version of the message received, the most notable differences are:
+Optional encodedOptional from?: stringInclusive starting date-time.
+Optional to?: stringInclusive end date-time.
+Ranger filter. 1 condition is required.
+Optional delegatedThe delegated grant to sign on behalf of the logical author, which is the grantor (grantedBy) of the delegated grant.
Optional messageOptional protocolOptional prune?: booleanDenotes if all the descendent records should be purged. Defaults to false.
Optional dateOptional delegatedThe delegated grant to sign on behalf of the logical author, which is the grantor (grantedBy) of the delegated grant.
Optional messageOptional pagination?: PaginationOptional protocolOptional signer?: SignerOptional cursor?: PaginationCursorOptional entries?: RecordsQueryReplyEntry[]Data structure returned in a RecordsQuery reply entry.
+NOTE: the message structure is a modified version of the message received, the most notable differences are:
Optional encodedThe encoded data of the record if the data associated with the record is equal or smaller than DwnConstant.maxDataSizeAllowedToBeEncoded.
Optional initialThe initial write of the record if the returned RecordsWrite message itself is not the initial write.
+Optional authorization?: AuthorizationModelOptional delegatedThe delegated grant to sign on behalf of the logical author, which is the grantor (grantedBy) of the delegated grant.
Optional messageOptional permissionOptional protocolUsed when authorizing protocol records. +The protocol path to the role record type whose recipient is the author of this RecordsRead
+Optional signer?: SignerOptional record?: RecordsWriteMessage & { Optional delegatedThe delegated grant to sign on behalf of the logical author, which is the grantor (grantedBy) of the delegated grant.
Optional messageOptional protocolOptional signer?: SignerOptional subscription?: MessageSubscriptionOptional dateOptional parentOptional protocol?: stringOptional protocolOptional published?: booleanOptional recipient?: stringOptional schema?: stringOptional tags?: RecordsWriteTagsOptional attestation?: GeneralJwsOptional contextOptional encryption?: EncryptionPropertyOptional attestationOptional data?: Uint8ArrayOptional dataOptional dataOptional dateOptional dateOptional delegatedThe delegated grant invoked to sign on behalf of the logical author, which is the grantor of the delegated grant.
+Optional encryptionOptional messageOptional parentMust be given if this message is for a non-root protocol record. +If not given, it either means this write is for a root protocol record or a flat-space record.
+Optional permissionOptional protocol?: stringOptional protocolOptional protocolOptional published?: booleanOptional recipient?: stringOptional recordOptional schema?: stringOptional signer?: SignerThe signer of the message, which is commonly the author, but can also be a delegate.
+Optional tags?: RecordsWriteTagsOptional subscription?: MessageSubscriptionCatch-all message reply type. It is recommended to use GenericMessageReply or a message-specific reply type wherever possible.
+Optional cursor?: PaginationCursorA cursor for pagination if applicable (e.g. RecordsQuery).
+Mutually exclusive with record.
Optional entries?: QueryResultEntry[] | ProtocolsConfigureMessage[] | MessagesGetReplyEntry[] | string[]Resulting message entries or events returned from the invocation of the corresponding message.
+e.g. the resulting messages from a RecordsQuery, or array of messageCid strings for EventsGet or EventsQuery
+Mutually exclusive with record.
Optional record?: RecordsWriteMessage & { Record corresponding to the message received if applicable (e.g. RecordsRead).
+Mutually exclusive with entries and cursor.
Optional subscription?: MessageSubscriptionA subscription object if a subscription was requested.
+
A tenant gate that treats every DID as an active tenant.
+