What
Prerequisite for WI-1/2/3. The brief assumes a ClaimReference type and a "primary claim → controlling key" mapping exist in the SDK, but neither is implemented in @kynesyslabs/demosdk today. Land the minimal surface so subsequent work items can build on it.
Why
Every SR-4 envelope, binding, and transcript signature in the brief references ClaimReference and the invariant "the in-channel signer == the on-chain party (Demos Ed25519 key)". Without these types and the helper, WI-1 has nothing to import.
Scope
In sdks/src/identity/cci/ (new module):
export type ClaimScheme = "demos" | string // string for forward-compat (eip155, did:, ...)
export type ClaimReference = `${ClaimScheme}:${string}` // "demos:0xabc..."
export function demosClaimRefForAddress(address: string): ClaimReference
export function parseClaimRef(ref: ClaimReference): { scheme: ClaimScheme; identifier: string }
export function isDemosClaim(ref: ClaimReference): boolean
// Helper: sign/verify a domain-separated payload with the key controlling a Demos primary claim.
// For Demos: that key is the Demos Ed25519 keypair.
export function signWithPrimaryClaim(
claim: ClaimReference,
payload: Uint8Array,
demos: Demos, // existing SDK Demos instance
): Promise<Uint8Array>
export function verifyPrimaryClaimSignature(
claim: ClaimReference,
payload: Uint8Array,
signature: Uint8Array,
): booleanPlus a small index.ts re-export under @kynesyslabs/demosdk/identity/cci.
Acceptance
Notes
- Forward-compat: leave the
ClaimScheme union open so EVM-context CCI can plug in later.
- Brief §0 "Claim vs key" is the source of truth — don't conflate the label and the key.
- Domain separation prefixes are caller-provided (WI-1 passes
dacs-binding:v1:, WI-2 passes dacs-channelmsg:v1:).
Source
docs/l2ps-sr4-implementation-brief.md §0, §1; DACS-3 §8.3.2.
What
Prerequisite for WI-1/2/3. The brief assumes a
ClaimReferencetype and a "primary claim → controlling key" mapping exist in the SDK, but neither is implemented in@kynesyslabs/demosdktoday. Land the minimal surface so subsequent work items can build on it.Why
Every SR-4 envelope, binding, and transcript signature in the brief references
ClaimReferenceand the invariant "the in-channel signer == the on-chain party (Demos Ed25519 key)". Without these types and the helper, WI-1 has nothing to import.Scope
In
sdks/src/identity/cci/(new module):Plus a small
index.tsre-export under@kynesyslabs/demosdk/identity/cci.Acceptance
demosClaimRefForAddress("0xabc...") === "demos:0xabc...".parseClaimRefround-trips both fordemos:and unknown schemes.signWithPrimaryClaimfor ademos:claim signs with theDemosinstance's Ed25519 keypair; refuses non-Demos schemes (throws clearly).verifyPrimaryClaimSignaturereturns true for valid Ed25519 sig from the address in the claim.Notes
ClaimSchemeunion open so EVM-context CCI can plug in later.dacs-binding:v1:, WI-2 passesdacs-channelmsg:v1:).Source
docs/l2ps-sr4-implementation-brief.md§0, §1; DACS-3 §8.3.2.