npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@docknetwork/vc-delegation-engine

v1.0.4

Published

A focused Javascript engine for evaluating delegated credentials in Verifiable Presentations, extracting authorized claims, and piping the resulting facts into Cedar policy decisions.

Downloads

1,065

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mayconmellomayconmellomikeatdockmikeatdocksamdocksamdocklovesh_hlovesh_h

Keywords

Readme

@docknetwork/vc-delegation-engine

A focused Javascript engine for evaluating delegated credentials in Verifiable Presentations, extracting authorized claims, and piping the resulting facts into Cedar policy decisions.

Features

  • Delegation-Aware VP Verification: verifyVPWithDelegation walks each credential chain inside an expanded VP, reconstructs the delegation graph, and ensures every link is present, acyclic, and properly referenced before issuing a decision.

  • Claim Deduction & Summaries: Built-in summarizers and deduction utilities capture root/tail issuers, resource metadata, and the union of authorized claims so relying parties can inspect what a chain actually grants.

  • Cedar Policy Integration: Helper APIs build ready-to-run Cedar authorization requests (entities, context, and policies) and execute them through @cedar-policy/cedar-wasm, letting you layer fine-grained policy checks on top of delegation results.

  • JSON-LD & Rify Utilities: Normalization helpers, JSON-LD compaction, and Rify premises/rules generation simplify interoperating with linked data credentials and inference engines.

  • Robust Failure Diagnostics: Typed DelegationError codes, unauthorized-claim detection, and summarized evaluation objects make it easier to surface meaningful errors to clients and observability pipelines.

Installation

You can install the @docknetwork/vc-delegation-engine via npm:

npm install @docknetwork/vc-delegation-engine

Or via yarn:

yarn add @docknetwork/vc-delegation-engine

Core Modules

  • verifyVPWithDelegation: Normalizes JSON-LD credentials from a VP, rebuilds each delegation chain, runs Rify inference to verify control predicates, and returns allow/deny decisions with rich evaluation artifacts.

  • Cedar Authorization Helpers: buildCedarContext, buildAuthorizationInputsFromEvaluation, and authorizeEvaluationsWithCedar assemble Cedar entities, context data (root/tail issuers, authorized claims, tail depth, signer), and execute cedar.isAuthorized for policy enforcement.

  • Claim Deduction (claim-deduction.js): Aggregates authorized subject claims, maps them back to credential subjects, and exposes both per-subject and union views for downstream policy checks or display.

  • JSON-LD & Rify Helpers (jsonld-utils.js, rify-helpers.js): Provide compaction/context normalization, verification method extraction, and automatic rule/premise construction required to run rify inference consistently.

  • Errors, Summaries, and Constants: DelegationError/DelegationErrorCodes offer structured failures, while summarize.js and constants.js capture reusable IRIs, action IDs, and summary builders for every delegation evaluation.

Delegation Architecture Notes

The engine behavior includes several decisions that are important for integrators but easy to miss when reading only API signatures:

  • Fail-closed verification: any structural, policy, digest, or inference failure yields a deny decision with typed failure codes.
  • Tail-first chain reconstruction: chains are built from each tail credential by following previousCredentialId, and they reject cycles and missing links.
  • Strict root anchoring: delegation credentials must carry rootCredentialId; the root must be present in the same presentation bundle.
  • Policy integrity binding: when policy checks are enabled and a root references delegationPolicyId/delegationPolicyDigest, a documentLoader must fetch the policy and the digest must match.
  • Monotonic narrowing model: child credentials are validated as same-or-narrower than parent grants (roles, capabilities, and expiration windows).
  • Signer-as-principal model: the VP proof signer is surfaced as principal/context input for Cedar decisions.
  • Dual-path VC-JWT ingestion: JSON-LD VC-JWTs are expanded and evaluated as chains; VC-JWTs without JSON-LD context are intentionally skipped from chain logic but exposed as skippedCredentials for policy use.

For a fuller record, see the consolidated delegation reference: DELEGATION_REFERENCE.md.

Working Material (Non-normative)

Some delegation material is intentionally preserved as working references rather than normative docs:

  • scenario-heavy examples that encode practical policy patterns
  • test fixtures that capture edge cases and expected failures
  • policy JSON fixtures that act as reference schemas for role/capability narrowing

See DELEGATION_REFERENCE.md for the curated index and contributor checklist.

License

This SDK is licensed under the MIT License. See the LICENSE.md file for more details.