Credentials (#2829)

* create credentials obj, modify depositpreauth

* structrure of transaction models

* initial validation methods and modify transactions affected by deposit auth

* cleanup and add new transactions to list

* binarycodec and add amendments to config

* methods account for credentials

* binary codec update

* add amendments to config

* error validation for credentials actions

* core logic of error validation completed

* type checking in error validation

* init test files and field type validations

* basic tests for crud transactions

* cred delete tests

* cred accept unit tests

* cred create and accept unit tests

* cred delete unit tests

* depositPreauth unit tests

* generic checks for payment, paymentchannelclaim, escrowfinish credential list

* ledger entry update

* lint errors

* cleanup and use helper methods

* fix lint bug

* init integration tests for new transactions

* fix build error, integration test docker update

* unit test fixes -- all pass now

* integration test layout complete

* integration command

* integration tests run

* cicd command edit

* lint and cleanup

* modified history markdown

* deposit preauth integration update

* update docs with new docker command

* fix validation for string id credential arrays

* exports

* add flag

* lint

* fix typo in contributing doc

* docstring typos

* readable string

* fix test'

* review comment fixes

* txn duplicate fix

* Apply suggestions from code review

Co-authored-by: Omar Khan <khancodegt@gmail.com>
Co-authored-by: Mayukha Vadari <mvadari@ripple.com>

* Apply suggestions from code review

Co-authored-by: Omar Khan <khancodegt@gmail.com>

* Apply suggestions from code review

Co-authored-by: Omar Khan <khancodegt@gmail.com>
Co-authored-by: Mayukha Vadari <mvadari@ripple.com>

* typo in auto suggest

* rebase

* readd definitions after rebase

* cleanup list val

* unit tests fixed and running

* lint

* refactor authcred check to work

* Update packages/xrpl/src/models/transactions/payment.ts

Co-authored-by: Omar Khan <khancodegt@gmail.com>

* typo

* Update .ci-config/rippled.cfg

Co-authored-by: Omar Khan <khancodegt@gmail.com>

* update rippled version

* optional field nits

* add to response depositauthorize

* Update packages/xrpl/src/models/transactions/CredentialCreate.ts

Co-authored-by: Omar Khan <khancodegt@gmail.com>

* Update packages/xrpl/src/models/transactions/CredentialDelete.ts

Co-authored-by: Omar Khan <khancodegt@gmail.com>

* Update packages/xrpl/src/models/transactions/accountDelete.ts

Co-authored-by: Omar Khan <khancodegt@gmail.com>

* Apply suggestions from code review

Co-authored-by: Omar Khan <khancodegt@gmail.com>

* cleanups

* unit test fix

* more escrowfinish tests

* clearer error message

* re add statement

* undo autodeleted mandates

* remove extraneous integration tests for now

* lint

* Update .ci-config/rippled.cfg

Co-authored-by: Omar Khan <khancodegt@gmail.com>

* Update packages/xrpl/src/models/transactions/common.ts

Co-authored-by: Omar Khan <khancodegt@gmail.com>

* added tests

* typo

---------

Co-authored-by: Omar Khan <khancodegt@gmail.com>
Co-authored-by: Mayukha Vadari <mvadari@ripple.com>

.ci-config/rippled.cfg

@@ -178,8 +178,9 @@ PriceOracle
 fixEmptyDID
 fixXChainRewardRounding
 fixPreviousTxnID
-# 2.3.0-rc1 Amendments
 fixAMMv1_1
+# 2.3.0 Amendments
+fixAMMv1_2
 Credentials
 NFTokenMintOffer
 MPTokensV1

.github/workflows/nodejs.yml

@@ -106,7 +106,7 @@ jobs:
 
       - name: Run docker in background
         run: |
-          docker run --detach --rm -p 6006:6006 --volume "${{ github.workspace }}/.ci-config/":"/etc/opt/ripple/" --name rippled-service --health-cmd="rippled server_nfo || exit 1" --health-interval=5s --health-retries=10 --health-timeout=2s --env GITHUB_ACTIONS=true --env CI=true --entrypoint bash ${{ env.RIPPLED_DOCKER_IMAGE }} -c "rippled -a"
+          docker run --detach --rm -p 6006:6006 --volume "${{ github.workspace }}/.ci-config/":"/etc/opt/ripple/" --name rippled-service --health-cmd="rippled server_info || exit 1" --health-interval=5s --health-retries=10 --health-timeout=2s --env GITHUB_ACTIONS=true --env CI=true --entrypoint bash ${{ env.RIPPLED_DOCKER_IMAGE }} -c "rippled -a"
 
       - name: Use Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v4
@@ -162,7 +162,7 @@ jobs:
 
       - name: Run docker in background
         run: |
-          docker run --detach --rm -p 6006:6006 --volume "${{ github.workspace }}/.ci-config/":"/etc/opt/ripple/" --name rippled-service --health-cmd="rippled server_nfo || exit 1" --health-interval=5s --health-retries=10 --health-timeout=2s --env GITHUB_ACTIONS=true --env CI=true --entrypoint bash ${{ env.RIPPLED_DOCKER_IMAGE }} -c "rippled -a"
+          docker run --detach --rm -p 6006:6006 --volume "${{ github.workspace }}/.ci-config/":"/etc/opt/ripple/" --name rippled-service --health-cmd="rippled server_info || exit 1" --health-interval=5s --health-retries=10 --health-timeout=2s --env GITHUB_ACTIONS=true --env CI=true --entrypoint bash ${{ env.RIPPLED_DOCKER_IMAGE }} -c "rippled -a"
 
       - name: Setup npm version 10
         run: |

CONTRIBUTING.md

@@ -64,18 +64,20 @@ From the top-level xrpl.js folder (one level above `packages`), run the followin
 ```bash
 npm install
 # sets up the rippled standalone Docker container - you can skip this step if you already have it set up
-docker run -p 6006:6006 --interactive -t --volume $PWD/.ci-config:/opt/ripple/etc/ --platform linux/amd64 rippleci/rippled:2.0.0-b4 /opt/ripple/bin/rippled -a --conf /opt/ripple/etc/rippled.cfg
+docker run  -p 6006:6006 --rm -it --name rippled_standalone --volume $PWD/.ci-config:/etc/opt/ripple/ --entrypoint bash rippleci/rippled:2.3.0-rc1 -c 'rippled -a'
 npm run build
 npm run test:integration
 ```
 
 Breaking down the command:
 * `docker run -p 6006:6006` starts a Docker container with an open port for admin WebSocket requests.
-* `--interactive` allows you to interact with the container.
-* `-t` starts a terminal in the container for you to send commands to.
-* `--volume $PWD/.ci-config:/config/` identifies the `rippled.cfg` and `validators.txt` to import. It must be an absolute path, so we use `$PWD` instead of `./`.
+ `--rm` tells docker to close the container after processes are done running.
+* `-it` allows you to interact with the container.
+   `--name rippled_standalone` is an instance name for clarity
+* `--volume $PWD/.ci-config:/etc/opt/ripple/` identifies the `rippled.cfg` and `validators.txt` to import. It must be an absolute path, so we use `$PWD` instead of `./`.
 * `rippleci/rippled` is an image that is regularly updated with the latest `rippled` releases
-* `/opt/ripple/bin/rippled -a --conf /opt/ripple/etc/rippled.cfg` starts `rippled` in standalone mode
+* `--entrypoint bash rippleci/rippled:2.3.0-rc1` manually overrides the entrypoint (for versions of rippled >= 2.3.0)
+*  `-c 'rippled -a'` provides the bash command to start `rippled` in standalone mode from the manual entrypoint
 
 ### Browser Tests
 
@@ -90,7 +92,7 @@ This should be run from the `xrpl.js` top level folder (one above the `packages`
 ```bash
 npm run build
 # sets up the rippled standalone Docker container - you can skip this step if you already have it set up
-docker run -p 6006:6006 --interactive -t --volume $PWD/.ci-config:/opt/ripple/etc/ --platform linux/amd64 rippleci/rippled:2.2.0-b3 /opt/ripple/bin/rippled -a --conf /opt/ripple/etc/rippled.cfg
+docker run  -p 6006:6006 --rm -it --name rippled_standalone --volume $PWD/.ci-config:/etc/opt/ripple/ --entrypoint bash rippleci/rippled:2.3.0-rc1 -c 'rippled -a'
 npm run test:browser
 ```
 

packages/ripple-binary-codec/src/enums/definitions.json

@@ -910,6 +910,26 @@
         "type": "UInt64"
       }
     ],
+    [
+      "IssuerNode",
+      {
+        "nth": 27,
+        "isVLEncoded": false,
+        "isSerialized": true,
+        "isSigningField": true,
+        "type": "UInt64"
+      }
+    ],
+    [
+      "SubjectNode",
+      {
+        "nth": 28,
+        "isVLEncoded": false,
+        "isSerialized": true,
+        "isSigningField": true,
+        "type": "UInt64"
+      }
+    ],
     [
       "EmailHash",
       {
@@ -1810,6 +1830,16 @@
         "type": "Blob"
       }
     ],
+    [
+      "CredentialType",
+      {
+        "nth": 31,
+        "isVLEncoded": true,
+        "isSerialized": true,
+        "isSigningField": true,
+        "type": "Blob"
+      }
+    ],
     [
       "Account",
       {
@@ -1980,6 +2010,16 @@
         "type": "AccountID"
       }
     ],
+    [
+      "Subject",
+      {
+        "nth": 24,
+        "isVLEncoded": true,
+        "isSerialized": true,
+        "isSigningField": true,
+        "type": "AccountID"
+      }
+    ],
     [
       "TransactionMetaData",
       {
@@ -2270,6 +2310,16 @@
         "type": "STObject"
       }
     ],
+    [
+      "Credential",
+      {
+        "nth": 33,
+        "isVLEncoded": false,
+        "isSerialized": true,
+        "isSigningField": true,
+        "type": "STObject"
+      }
+    ],
     [
       "Signers",
       {
@@ -2460,6 +2510,26 @@
         "type": "STArray"
       }
     ],
+    [
+      "AuthorizeCredentials",
+      {
+        "nth": 26,
+        "isVLEncoded": false,
+        "isSerialized": true,
+        "isSigningField": true,
+        "type": "STArray"
+      }
+    ],
+    [
+      "UnauthorizeCredentials",
+      {
+        "nth": 27,
+        "isVLEncoded": false,
+        "isSerialized": true,
+        "isSigningField": true,
+        "type": "STArray"
+      }
+    ],
     [
       "CloseResolution",
       {
@@ -2640,6 +2710,16 @@
         "type": "Vector256"
       }
     ],
+    [
+      "CredentialIDs",
+      {
+        "nth": 5,
+        "isVLEncoded": true,
+        "isSerialized": true,
+        "isSigningField": true,
+        "type": "Vector256"
+      }
+    ],
     [
       "MPTokenIssuanceID",
       {
@@ -2781,6 +2861,7 @@
     "NegativeUNL": 78,
     "Offer": 111,
     "Oracle": 128,
+    "Credential": 129,
     "PayChannel": 120,
     "RippleState": 114,
     "SignerList": 83,
@@ -2797,6 +2878,7 @@
     "tecAMM_NOT_EMPTY": 167,
     "tecARRAY_EMPTY": 190,
     "tecARRAY_TOO_LARGE": 191,
+    "tecBAD_CREDENTIALS": 193,
     "tecCANT_ACCEPT_OWN_NFTOKEN_OFFER": 158,
     "tecCLAIM": 100,
     "tecCRYPTOCONDITION_ERROR": 146,
@@ -2982,6 +3064,9 @@
     "CheckCash": 17,
     "CheckCreate": 16,
     "Clawback": 30,
+    "CredentialCreate": 58,
+    "CredentialAccept": 59,
+    "CredentialDelete": 60,
     "DIDDelete": 50,
     "DIDSet": 49,
     "DepositPreauth": 19,

packages/xrpl/HISTORY.md

@@ -5,9 +5,10 @@ Subscribe to [the **xrpl-announce** mailing list](https://groups.google.com/g/xr
 ## Unreleased Changes
 
 ### Added
-* parseTransactionFlags as a utility function in the xrpl package to streamline transactions flags-to-map conversion
 * Added new MPT transaction definitions (XLS-33)
 * New `MPTAmount` type support for `Payment` and `Clawback` transactions
+* `parseTransactionFlags` as a utility function in the xrpl package to streamline transactions flags-to-map conversion
+* Support for XLS-70d (Credentials)
 
 ### Fixed
 * `TransactionStream` model supports APIv2

packages/xrpl/src/models/common/index.ts

@@ -162,6 +162,16 @@ export interface AuthAccount {
   }
 }
 
+export interface AuthorizeCredential {
+  Credential: {
+    /** The issuer of the credential. */
+    Issuer: string
+
+    /** A hex-encoded value to identify the type of credential from the issuer. */
+    CredentialType: string
+  }
+}
+
 export interface XChainBridge {
   LockingChainDoor: string
   LockingChainIssue: Currency

packages/xrpl/src/models/ledger/Credential.ts

@@ -0,0 +1,47 @@
+import { GlobalFlags } from '../transactions/common'
+
+import { BaseLedgerEntry, HasPreviousTxnID } from './BaseLedgerEntry'
+
+export interface CredentialFlags extends GlobalFlags {
+  lsfAccepted?: boolean
+}
+
+/**
+ *
+ * A Credential object describes a credential, similar to a passport, which is an issuable identity verifier
+ * that can be used as a prerequisite for other transactions
+ *
+ * @category Ledger Entries
+ */
+export default interface Credential extends BaseLedgerEntry, HasPreviousTxnID {
+  LedgerEntryType: 'Credential'
+  /**
+   * A bit-map of boolean flags
+   */
+  Flags: number | CredentialFlags
+
+  /** The account that the credential is for. */
+  Subject: string
+
+  /** The issuer of the credential. */
+  Issuer: string
+
+  /** A hex-encoded value to identify the type of credential from the issuer. */
+  CredentialType: string
+
+  /** A hint indicating which page of the subject's owner directory links to this object,
+   * in case the directory consists of multiple pages.
+   */
+  SubjectNode: string
+
+  /** A hint indicating which page of the issuer's owner directory links to this object,
+   * in case the directory consists of multiple pages.
+   */
+  IssuerNode: string
+
+  /** Credential expiration. */
+  Expiration?: number
+
+  /** Additional data about the credential (such as a link to the VC document). */
+  URI?: string
+}

packages/xrpl/src/models/ledger/DepositPreauth.ts

@@ -1,3 +1,5 @@
+import { AuthorizeCredential } from '../common'
+
 import { BaseLedgerEntry, HasPreviousTxnID } from './BaseLedgerEntry'
 
 /**
@@ -12,8 +14,6 @@ export default interface DepositPreauth
   LedgerEntryType: 'DepositPreauth'
   /** The account that granted the preauthorization. */
   Account: string
-  /** The account that received the preauthorization. */
-  Authorize: string
   /**
    * A bit-map of boolean flags. No flags are defined for DepositPreauth
    * objects, so this value is always 0.
@@ -24,4 +24,8 @@ export default interface DepositPreauth
    * object, in case the directory consists of multiple pages.
    */
   OwnerNode: string
+  /** The account that received the preauthorization. */
+  Authorize?: string
+  /** The credential(s) that received the preauthorization. */
+  AuthorizeCredentials?: AuthorizeCredential[]
 }

packages/xrpl/src/models/ledger/LedgerEntry.ts

@@ -3,6 +3,7 @@ import Amendments from './Amendments'
 import AMM from './AMM'
 import Bridge from './Bridge'
 import Check from './Check'
+import Credential from './Credential'
 import DepositPreauth from './DepositPreauth'
 import DirectoryNode from './DirectoryNode'
 import Escrow from './Escrow'
@@ -24,6 +25,7 @@ type LedgerEntry =
   | AMM
   | Bridge
   | Check
+  | Credential
   | DepositPreauth
   | DirectoryNode
   | Escrow
@@ -45,6 +47,7 @@ type LedgerEntryFilter =
   | 'amm'
   | 'bridge'
   | 'check'
+  | 'credential'
   | 'deposit_preauth'
   | 'did'
   | 'directory'

packages/xrpl/src/models/ledger/index.ts

@@ -6,6 +6,7 @@ import Amendments, { Majority, AMENDMENTS_ID } from './Amendments'
 import AMM, { VoteSlot } from './AMM'
 import Bridge from './Bridge'
 import Check from './Check'
+import Credential from './Credential'
 import DepositPreauth from './DepositPreauth'
 import DID from './DID'
 import DirectoryNode from './DirectoryNode'
@@ -41,6 +42,7 @@ export {
   AMM,
   Bridge,
   Check,
+  Credential,
   DepositPreauth,
   DirectoryNode,
   DID,

packages/xrpl/src/models/methods/depositAuthorized.ts

@@ -15,6 +15,12 @@ export interface DepositAuthorizedRequest
   source_account: string
   /** The recipient of a possible payment. */
   destination_account: string
+  /**
+   * The object IDs of Credential objects. If this field is included, then the
+   * credential will be taken into account when analyzing whether the sender can send
+   * funds to the destination.
+   */
+  credentials?: string[]
 }
 
 /**
@@ -52,5 +58,9 @@ export interface DepositAuthorizedResponse extends BaseResponse {
     source_account: string
     /** If true, the information comes from a validated ledger version. */
     validated?: boolean
+    /** The object IDs of `Credential` objects. If this field is included,
+     * then the credential will be taken into account when analyzing whether
+     * the sender can send funds to the destination. */
+    credentials?: string[]
   }
 }

packages/xrpl/src/models/methods/ledgerEntry.ts

@@ -83,6 +83,23 @@ export interface LedgerEntryRequest extends BaseRequest, LookupByLedgerRequest {
   /** The object ID of a Check object to retrieve. */
   check?: string
 
+  /* Specify the Credential to retrieve. If a string, must be the ledger entry ID of
+   * the entry, as hexadecimal. If an object, requires subject, issuer, and
+   * credential_type sub-fields.
+   */
+  credential?:
+    | {
+        /** The account that is the subject of the credential. */
+        subject: string
+
+        /** The account that issued the credential. */
+        issuer: string
+
+        /** The type of the credential, as issued. */
+        credentialType: string
+      }
+    | string
+
   /**
    * Specify a DepositPreauth object to retrieve. If a string, must be the
    * object ID of the DepositPreauth object, as hexadecimal. If an object,