docs: document did:key issuer support in README#146
Merged
Conversation
Now that @trustvc/w3c-issuer ships did:key resolution (#145, released as 2.13.0), document the feature in the umbrella package's README: - About section: call out that signW3C supports both did:web (hosted) and did:key (self-certifying) issuers across ecdsa-sd-2023 and bbs-2023 - New "Signing with a did:key issuer" sub-section under signW3C with a generateDidKeyPair → signW3C example, including both string and object issuer forms - Note the trust-model caveat (cryptographic proof != real-world identity) and link to the in-depth did:key guide in @trustvc/w3c-issuer - Note that verifyDocument handles did:key transparently — no extra configuration needed Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
📝 WalkthroughWalkthroughThis PR updates the README to explicitly document W3C credential signing support for ChangesW3C Credential Signing Documentation with did:key Issuer
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@README.md`:
- Line 287: Change the phrase "real world entity" to the hyphenated compound
adjective "real-world entity" in the Trust model caveat sentence that reads
"bind the `did:key` to a real-world entity out-of-band — via a trust
registry..." so the compound modifier is clear; update the README sentence
containing `did:key` and "real world entity" to use "real-world entity"
everywhere it appears in that clause.
- Line 283: The example comment references an undefined identifier
publicKeyMultibase; update the expectation to use the actual variable that holds
the multibase key or a concrete example string. Replace
signingResult.signed.proof.verificationMethod === `${did}#${publicKeyMultibase}`
with either the real variable (e.g., `${did}#${key.publicKeyMultibase}` or
`${did}#${publicKeyMultibaseValue}`) or a literal example such as
`${did}`#keys-1`` so the comment matches defined symbols (did and the actual
multibase key variable).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
The expectation comment referenced ${publicKeyMultibase}, which is not
declared in the snippet (only `did` and `didKeyPairs` are destructured).
Switch to didKeyPairs.id — same canonical value, defined in scope — and
add a brief parenthetical showing the did:key#multibase shape for readers
unfamiliar with the convention.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
did:web has a built-in trust anchor (the domain) — if you trust whoever controls the domain, you trust their issued credentials. did:key has no inherent identity binding: it proves "signed by the holder of this key" but not "by whom". For regulated/production use cases did:web is the safer default; did:key suits ad-hoc/ephemeral issuers or contexts where trust comes from a registry, delegation, or sidechannel exchange. Make that tradeoff visible (and emphasised) in the very first paragraph so readers don't have to dig through the trust-model caveat in the signW3C section to find the recommendation. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
RishabhS7
approved these changes
Jun 3, 2026
nghaninn
pushed a commit
that referenced
this pull request
Jun 10, 2026
|
🎉 This PR is included in version 2.14.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit