Add core client traits for read-only and read-write IOTA operations (#1640)

* Add core client traits for read-only and read-write IOTA operations

* Refactor CoreClient traits to streamline async handling and remove unused transaction execution code

* Refactor CoreClient trait to use generic signer type in method signature

* Remove network_id method from client module

* controllerCap and delegation token, creation of identity with controllers that can delegate

* use delegation token and controller token interchangeably

* delegation token revocation and unrevocation

* delete delegation token

* Refactor client traits and implement CoreClient interface for identity operations

* Update CoreClientReadOnly trait and add OptionalSync bounds to Transaction methods

The changes add OptionalSync bounds to Transaction trait methods and update the CoreClientReadOnly trait to handle object

* make WASM code work with controller token abstraction, delegate token Tx

* Refactor client module and fix object lookup error handling

* clippy & fmt

* Enhance CoreClientReadOnly trait with detailed documentation for object retrieval methods

* fix issue with ts examples

* cargo fix

* format move pkg

* use Move 2024 macros where possible

* Update Move.toml to use edition 2024

* new upgrade script and updated setup to have toml cli

* fix type in CI workflow

* fix toml init

* overwrite Move.lock after messing things up

* Deploy devnet (#1659)

* bump version

* add toml-cli CI artifacts to gitignore

* remove toml-cli CI artifacts

---------

Co-authored-by: Identity Bot <[email protected]>
Co-authored-by: umr1352 <[email protected]>

* Fixed several issues for the wasm32 build

* Deploy testnet (#1660)

* bump version

* update well_known_networks

---------

Co-authored-by: Identity Bot <[email protected]>
Co-authored-by: umr1352 <[email protected]>
Co-authored-by: Enrico Marconi <[email protected]>

* fix ts docs

* Make code compile

* adapt asset txs

* fix examples

* Partially update identity_wasm to use generic CoreClient

* adapt all TS transactions

* update ts examples

* Several send-sync related feature flag fixes

* identity_iota:
  * "send-sync" is now handed over as "send-sync" to identity_iota_core
  * "send-sync-storage" is now handed over as "send-sync-storage" to identity_iota_core
* examples crate does now use "identity_iota/send-sync" instead of "identity_iota/send-sync-storage"
* identity-grpc crate does now use "identity_iota/send-sync" instead of "identity_iota/send-sync-storage"

* Fix TS examples

* Use "send-sync-client-ext" feature flag instead target_arch = "wasm32" in IdentityClientReadOnly::get_identity() to control Send constraint

* Use "send-sync" feature flag instead of "send-sync-client-ext" in IdentityClientReadOnly::get_identity() to control Send constraint + identity_resolver uses "identity_iota_core?/send-sync" now if FF "send-sync-client" is used

---------

Co-authored-by: umr1352 <[email protected]>
Co-authored-by: Eike Haß <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Identity Bot <[email protected]>
Co-authored-by: chrisgitiota <[email protected]>
Co-authored-by: Enrico Marconi <[email protected]>

Author: 6 people

bindings/grpc/Cargo.toml

@@ -20,7 +20,7 @@ path = "src/main.rs"
 anyhow = "1.0"
 futures = { version = "0.3" }
 identity_eddsa_verifier = { path = "../../identity_eddsa_verifier" }
-identity_iota = { path = "../../identity_iota", features = ["resolver", "sd-jwt", "domain-linkage", "domain-linkage-fetch", "status-list-2021", "iota-client", "send-sync-storage"] }
+identity_iota = { path = "../../identity_iota", features = ["resolver", "sd-jwt", "domain-linkage", "domain-linkage-fetch", "status-list-2021", "iota-client", "send-sync"] }
 identity_jose = { path = "../../identity_jose" }
 identity_storage = { path = "../../identity_storage", features = ["memstore"] }
 identity_stronghold = { path = "../../identity_stronghold", features = ["send-sync-storage"] }

bindings/wasm/identity_wasm/examples/src/0_basic/0_create_did.ts

@@ -23,7 +23,7 @@ export async function createIdentity(): Promise<void> {
     console.log("Creating new identity");
     const { output: identity } = await identityClient
         .createIdentity(unpublished)
-        .finish()
+        .finish(identityClient.readOnly())
         .buildAndExecute(identityClient);
     did = identity.didDocument().id();
 

bindings/wasm/identity_wasm/examples/src/0_basic/1_update_did.ts

@@ -24,7 +24,7 @@ export async function updateIdentity() {
     // create new identity for this account and publish document for it
     const { output: identity } = await identityClient
         .createIdentity(unpublished)
-        .finish()
+        .finish(identityClient.readOnly())
         .buildAndExecute(identityClient);
     const did = identity.didDocument().id();
 
@@ -59,7 +59,7 @@ export async function updateIdentity() {
     let controllerToken = await identity.getControllerToken(identityClient);
 
     let maybePendingProposal = await identity
-        .updateDidDocument(resolved.clone(), controllerToken!)
+        .updateDidDocument(resolved.clone(), controllerToken!, identityClient.readOnly())
         .withGasBudget(TEST_GAS_BUDGET)
         .buildAndExecute(identityClient)
         .then(result => result.output);

bindings/wasm/identity_wasm/examples/src/0_basic/2_resolve_did.ts

@@ -27,7 +27,7 @@ export async function resolveIdentity() {
     // create new identity for this account and publish document for it
     const { output: identity } = await identityClient
         .createIdentity(unpublished)
-        .finish()
+        .finish(identityClient.readOnly())
         .buildAndExecute(identityClient);
     const did = identity.didDocument().id();
 

bindings/wasm/identity_wasm/examples/src/0_basic/3_deactivate_did.ts

@@ -16,7 +16,7 @@ export async function deactivateIdentity() {
     // create new identity for this account and publish document for it
     const { output: identity } = await identityClient
         .createIdentity(unpublished)
-        .finish()
+        .finish(identityClient.readOnly())
         .buildAndExecute(identityClient);
     const did = identity.didDocument().id();
 
@@ -28,7 +28,7 @@ export async function deactivateIdentity() {
     const controllerToken = await identity.getControllerToken(identityClient);
     // Deactivate the DID.
     await identity
-        .deactivateDid(controllerToken!)
+        .deactivateDid(controllerToken!, identityClient.readOnly())
         .withGasBudget(TEST_GAS_BUDGET)
         .buildAndExecute(identityClient);
 
@@ -43,7 +43,7 @@ export async function deactivateIdentity() {
     // Re-activate the DID by publishing a valid DID document.
     console.log("Publishing this:", JSON.stringify(resolved, null, 2));
     await identity
-        .updateDidDocument(resolved, controllerToken!)
+        .updateDidDocument(resolved, controllerToken!, identityClient.readOnly())
         .withGasBudget(TEST_GAS_BUDGET)
         .buildAndExecute(identityClient);
 

bindings/wasm/identity_wasm/examples/src/0_basic/4_delete_did.ts

@@ -16,7 +16,7 @@ export async function deleteIdentityDID() {
     // create new identity for this account and publish document for it
     const { output: identity } = await identityClient
         .createIdentity(unpublished)
-        .finish()
+        .finish(identityClient.readOnly())
         .buildAndExecute(identityClient);
     const did = identity.didDocument().id();
 
@@ -29,7 +29,7 @@ export async function deleteIdentityDID() {
 
     // delete the DID.
     await identity
-        .deleteDid(controllerToken!)
+        .deleteDid(controllerToken!, identityClient.readOnly())
         .withGasBudget(TEST_GAS_BUDGET)
         .buildAndExecute(identityClient);
 
@@ -51,7 +51,7 @@ export async function deleteIdentityDID() {
     // Trying to update a deleted DID must fail!
     try {
         await identity
-            .updateDidDocument(resolved, controllerToken!)
+            .updateDidDocument(resolved, controllerToken!, identityClient.readOnly())
             .withGasBudget(TEST_GAS_BUDGET)
             .buildAndExecute(identityClient);
     } catch (_) {

bindings/wasm/identity_wasm/examples/src/0_basic/5_create_vc.ts

@@ -29,7 +29,7 @@ export async function createVC() {
     const [unpublishedIssuerDocument, issuerFragment] = await createDocumentForNetwork(issuerStorage, network);
     const { output: issuerIdentity } = await issuerClient
         .createIdentity(unpublishedIssuerDocument)
-        .finish()
+        .finish(issuerClient.readOnly())
         .buildAndExecute(issuerClient);
     const issuerDocument = issuerIdentity.didDocument();
 
@@ -39,7 +39,7 @@ export async function createVC() {
     const [unpublishedAliceDocument] = await createDocumentForNetwork(aliceStorage, network);
     const { output: aliceIdentity } = await aliceClient
         .createIdentity(unpublishedAliceDocument)
-        .finish()
+        .finish(aliceClient.readOnly())
         .buildAndExecute(aliceClient);
     const aliceDocument = aliceIdentity.didDocument();
 

bindings/wasm/identity_wasm/examples/src/0_basic/6_create_vp.ts

@@ -45,7 +45,7 @@ export async function createVP() {
     const [unpublishedIssuerDocument, issuerFragment] = await createDocumentForNetwork(issuerStorage, network);
     const { output: issuerIdentity } = await issuerClient
         .createIdentity(unpublishedIssuerDocument)
-        .finish()
+        .finish(issuerClient.readOnly())
         .buildAndExecute(issuerClient);
     const issuerDocument = issuerIdentity.didDocument();
 
@@ -55,7 +55,7 @@ export async function createVP() {
     const [unpublishedAliceDocument, aliceFragment] = await createDocumentForNetwork(aliceStorage, network);
     const { output: aliceIdentity } = await aliceClient
         .createIdentity(unpublishedAliceDocument)
-        .finish()
+        .finish(aliceClient.readOnly())
         .buildAndExecute(aliceClient);
     const aliceDocument = aliceIdentity.didDocument();
 

bindings/wasm/identity_wasm/examples/src/0_basic/7_revoke_vc.ts

@@ -51,7 +51,7 @@ export async function revokeVC() {
     const [unpublishedIssuerDocument, issuerFragment] = await createDocumentForNetwork(issuerStorage, network);
     const { output: issuerIdentity } = await issuerClient
         .createIdentity(unpublishedIssuerDocument)
-        .finish()
+        .finish(issuerClient.readOnly())
         .buildAndExecute(issuerClient);
     let issuerDocument = issuerIdentity.didDocument();
 
@@ -61,7 +61,7 @@ export async function revokeVC() {
     const [unpublishedAliceDocument, aliceFragment] = await createDocumentForNetwork(aliceStorage, network);
     const { output: aliceIdentity } = await aliceClient
         .createIdentity(unpublishedAliceDocument)
-        .finish()
+        .finish(aliceClient.readOnly())
         .buildAndExecute(aliceClient);
     const aliceDocument = aliceIdentity.didDocument();
 
@@ -77,7 +77,7 @@ export async function revokeVC() {
 
     // Publish the updated document.
     await issuerIdentity
-        .updateDidDocument(issuerDocument, issuerIdentityToken!)
+        .updateDidDocument(issuerDocument, issuerIdentityToken!, issuerClient.readOnly())
         .withGasBudget(TEST_GAS_BUDGET)
         .buildAndExecute(issuerClient);
 
@@ -133,7 +133,7 @@ export async function revokeVC() {
 
     // Publish the changes.
     await issuerIdentity
-        .updateDidDocument(issuerDocument, issuerIdentityToken!)
+        .updateDidDocument(issuerDocument, issuerIdentityToken!, issuerClient.readOnly())
         .withGasBudget(TEST_GAS_BUDGET)
         .buildAndExecute(issuerClient);
 
@@ -163,7 +163,7 @@ export async function revokeVC() {
 
     // Publish the changes.
     await issuerIdentity
-        .updateDidDocument(issuerDocument, issuerIdentityToken!)
+        .updateDidDocument(issuerDocument, issuerIdentityToken!, issuerClient.readOnly())
         .withGasBudget(TEST_GAS_BUDGET)
         .buildAndExecute(issuerClient);
 

bindings/wasm/identity_wasm/examples/src/1_advanced/11_advanced_transactions.ts

@@ -21,7 +21,7 @@ export async function advancedTransaction(): Promise<void> {
 
     const [txDataBcs, signatures, tx] = await aliceClient
         .createIdentity(new IotaDocument(aliceClient.network()))
-        .finish()
+        .finish(aliceClient.readOnly())
         .withSender(aliceClient.senderAddress())
         .withSponsor(aliceClient.readOnly(), (tx_data: TransactionDataBuilder) => bobSponsorFn(tx_data, bobClient))
         .then(txBuilder => txBuilder.build(aliceClient));

bindings/wasm/identity_wasm/examples/src/1_advanced/4_custom_resolution.ts

@@ -65,7 +65,7 @@ export async function customResolution() {
     // create new identity for this account and publish document for it, DID of it will be resolved later on
     const { output: identity } = await identityClient
         .createIdentity(unpublished)
-        .finish()
+        .finish(identityClient.readOnly())
         .buildAndExecute(identityClient);
     const did = identity.didDocument().id();
 

bindings/wasm/identity_wasm/examples/src/1_advanced/5_domain_linkage.ts

@@ -33,7 +33,7 @@ export async function domainLinkage() {
     // create new identity for this account and publish document for it
     const { output: identity } = await identityClient
         .createIdentity(unpublished)
-        .finish()
+        .finish(identityClient.readOnly())
         .buildAndExecute(identityClient);
     const document = identity.didDocument();
     const did = document.id();
@@ -54,7 +54,9 @@ export async function domainLinkage() {
     });
     document.insertService(linkedDomainService.toService());
     const controllerToken = await identity.getControllerToken(identityClient);
-    await identity.updateDidDocument(document, controllerToken!).buildAndExecute(identityClient);
+    await identity.updateDidDocument(document, controllerToken!, identityClient.readOnly()).buildAndExecute(
+        identityClient,
+    );
 
     let updatedDidDocument = identity.didDocument();
     console.log("Updated DID document:", JSON.stringify(updatedDidDocument, null, 2));

bindings/wasm/identity_wasm/examples/src/1_advanced/6_sd_jwt.ts

@@ -38,7 +38,7 @@ export async function sdJwt() {
     const [unpublishedIssuerDocument, issuerFragment] = await createDocumentForNetwork(issuerStorage, network);
     const { output: issuerIdentity } = await issuerClient
         .createIdentity(unpublishedIssuerDocument)
-        .finish()
+        .finish(issuerClient.readOnly())
         .buildAndExecute(issuerClient);
     const issuerDocument = issuerIdentity.didDocument();
 
@@ -48,7 +48,7 @@ export async function sdJwt() {
     const [unpublishedAliceDocument, aliceFragment] = await createDocumentForNetwork(aliceStorage, network);
     const { output: aliceIdentity } = await aliceClient
         .createIdentity(unpublishedAliceDocument)
-        .finish()
+        .finish(aliceClient.readOnly())
         .buildAndExecute(aliceClient);
     const aliceDocument = aliceIdentity.didDocument();
 

bindings/wasm/identity_wasm/examples/src/1_advanced/7_status_list_2021.ts

@@ -33,7 +33,7 @@ export async function statusList2021() {
     const [unpublishedIssuerDocument, issuerFragment] = await createDocumentForNetwork(issuerStorage, network);
     const { output: issuerIdentity } = await issuerClient
         .createIdentity(unpublishedIssuerDocument)
-        .finish()
+        .finish(issuerClient.readOnly())
         .buildAndExecute(issuerClient);
     const issuerDocument = issuerIdentity.didDocument();
 
@@ -43,7 +43,7 @@ export async function statusList2021() {
     const [unpublishedAliceDocument] = await createDocumentForNetwork(aliceStorage, network);
     const { output: aliceIdentity } = await aliceClient
         .createIdentity(unpublishedAliceDocument)
-        .finish()
+        .finish(aliceClient.readOnly())
         .buildAndExecute(aliceClient);
     const aliceDocument = aliceIdentity.didDocument();
 

bindings/wasm/identity_wasm/examples/src/1_advanced/8_zkp.ts

@@ -40,7 +40,7 @@ export async function zkp() {
     );
     const { output: issuerIdentity } = await issuerClient
         .createIdentity(unpublishedIssuerDocument)
-        .finish()
+        .finish(issuerClient.readOnly())
         .buildAndExecute(issuerClient);
     const issuerDocument = issuerIdentity.didDocument();
 

bindings/wasm/identity_wasm/examples/src/1_advanced/9_zkp_revocation.ts

@@ -45,7 +45,7 @@ export async function zkp_revocation() {
     unpublishedIssuerDocument.insertService(service);
     const { output: issuerIdentity } = await issuerClient
         .createIdentity(unpublishedIssuerDocument)
-        .finish()
+        .finish(issuerClient.readOnly())
         .buildAndExecute(issuerClient);
     let issuerDocument = issuerIdentity.didDocument();
 
@@ -55,7 +55,7 @@ export async function zkp_revocation() {
     const [unpublishedholderDocument] = await createDocumentForNetwork(holderStorage, network);
     const { output: holderIdentity } = await holderClient
         .createIdentity(unpublishedholderDocument)
-        .finish()
+        .finish(holderClient.readOnly())
         .buildAndExecute(holderClient);
     const holderDocument = holderIdentity.didDocument();
 
@@ -196,7 +196,10 @@ export async function zkp_revocation() {
     // Update the RevocationBitmap service in the issuer's DID Document.
     // This revokes the credential's unique index.
     issuerDocument.revokeCredentials("my-revocation-service", 5);
-    await issuerIdentity.updateDidDocument(issuerDocument, issuerIdentityToken!).buildAndExecute(issuerClient);
+    await issuerIdentity.updateDidDocument(issuerDocument, issuerIdentityToken!, issuerClient.readOnly())
+        .buildAndExecute(
+            issuerClient,
+        );
     issuerDocument = issuerIdentity.didDocument();
 
     // Holder checks if his credential has been revoked by the Issuer

bindings/wasm/identity_wasm/lib/core_client.ts

@@ -0,0 +1,16 @@
+import { IotaClient } from "@iota/iota-sdk/client";
+import { PublicKey } from "@iota/iota-sdk/cryptography";
+import { TransactionSigner } from "~identity_wasm";
+
+export interface CoreClientReadOnly {
+    packageId(): string;
+    network(): string;
+    iotaClient(): IotaClient;
+    // TODO: add all interface's methods.
+}
+
+export interface CoreClient<S extends TransactionSigner> extends CoreClientReadOnly {
+    signer(): S;
+    senderAddress(): string;
+    senderPublicKey(): PublicKey;
+}

bindings/wasm/identity_wasm/lib/index.ts

@@ -10,6 +10,7 @@ export * from "./key_id_storage";
 export * from "~identity_wasm";
 
 export * from "./controller";
+export * from "./core_client";
 export * from "./proposal";
 export * from "./transaction_internal";
 

bindings/wasm/identity_wasm/lib/proposal.ts

@@ -1,7 +1,7 @@
 // Copyright 2021-2025 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
-import { ConfigChange, IdentityClient, SendAction, UpdateDid } from "~identity_wasm";
+import { ConfigChange, ControllerToken, IdentityClient, OnChainIdentity, SendAction, UpdateDid } from "~identity_wasm";
 import { Transaction, TransactionBuilder } from "./transaction_internal";
 
 export type Action = UpdateDid | SendAction | ConfigChange;
@@ -20,6 +20,10 @@ export interface Proposal<A extends Action> {
     votes: bigint;
     voters: Set<string>;
     expirationEpoch?: bigint;
-    approve: (client: IdentityClient) => TransactionBuilder<ApproveProposal>;
-    intoTx: (client: IdentityClient) => TransactionBuilder<ExecuteProposal<A>>;
+    approve: (
+        identity: OnChainIdentity,
+        controllerToken: ControllerToken,
+        client: IdentityClient,
+    ) => TransactionBuilder<ApproveProposal>;
+    intoTx: (controllerToken: ControllerToken, client: IdentityClient) => TransactionBuilder<ExecuteProposal<A>>;
 }

bindings/wasm/identity_wasm/lib/transaction_internal.ts

@@ -3,16 +3,17 @@
 
 import { IotaObjectRef, IotaTransactionBlockResponse, TransactionEffects } from "@iota/iota-sdk/client";
 import { TransactionDataBuilder } from "@iota/iota-sdk/transactions";
-import { IdentityClient, IdentityClientReadOnly } from "~identity_wasm";
+import { CoreClient, CoreClientReadOnly } from "core_client";
+import { TransactionSigner } from "~identity_wasm";
 
 export interface TransactionOutput<T extends Transaction<unknown>> {
     response: IotaTransactionBlockResponse;
     output: Awaited<ReturnType<T["apply"]>>;
 }
 
 export interface Transaction<Output> {
-    buildProgrammableTransaction(client: IdentityClientReadOnly): Promise<Uint8Array>;
-    apply(effects: TransactionEffects, client: IdentityClientReadOnly): Promise<Output>;
+    buildProgrammableTransaction(client: CoreClientReadOnly): Promise<Uint8Array>;
+    apply(effects: TransactionEffects, client: CoreClientReadOnly): Promise<Output>;
 }
 
 export type SponsorFn = (tx_data: TransactionDataBuilder) => Promise<string>;
@@ -24,8 +25,8 @@ export interface TransactionBuilder<T extends Transaction<unknown>> {
     withGasOwner(owner: string): TransactionBuilder<T>;
     withGasPayment(payment: IotaObjectRef[]): TransactionBuilder<T>;
     withSender(sender: String): TransactionBuilder<T>;
-    withSignature(client: IdentityClient): TransactionBuilder<T>;
-    withSponsor(client: IdentityClientReadOnly, sponsorFn: SponsorFn): Promise<TransactionBuilder<T>>;
-    build(client: IdentityClient): Promise<[Uint8Array, string[], T]>;
-    buildAndExecute(client: IdentityClient): Promise<TransactionOutput<T>>;
+    withSignature<S extends TransactionSigner>(client: CoreClient<S>): TransactionBuilder<T>;
+    withSponsor(client: CoreClientReadOnly, sponsorFn: SponsorFn): Promise<TransactionBuilder<T>>;
+    build<S extends TransactionSigner>(client: CoreClient<S>): Promise<[Uint8Array, string[], T]>;
+    buildAndExecute<S extends TransactionSigner>(client: CoreClient<S>): Promise<TransactionOutput<T>>;
 }

bindings/wasm/identity_wasm/src/error.rs

@@ -9,6 +9,7 @@ use identity_iota::storage::key_id_storage::KeyIdStorageResult;
 use identity_iota::storage::key_storage::KeyStorageError;
 use identity_iota::storage::key_storage::KeyStorageErrorKind;
 use identity_iota::storage::key_storage::KeyStorageResult;
+use iota_interaction_ts::AdapterError;
 use std::borrow::Cow;
 use std::fmt::Debug;
 use std::fmt::Display;
@@ -312,6 +313,15 @@ impl From<identity_iota::credential::sd_jwt_vc::Error> for WasmError<'_> {
   }
 }
 
+impl From<AdapterError> for WasmError<'_> {
+  fn from(error: AdapterError) -> Self {
+    Self {
+      name: Cow::Borrowed("TsSdkError"),
+      message: Cow::Owned(ErrorMessage(&error).to_string()),
+    }
+  }
+}
+
 /// Convenience struct to convert Result<JsValue, JsValue> to errors in the Rust library.
 pub struct JsValueResult(pub(crate) Result<JsValue>);