feat(sdk-core): add DID format validation

[aspiers]

Summary

• Add isValidDid() utility function to core/types.ts for validating DID format per W3C spec
• Export isValidDid from @hypercerts-org/sdk-core for consumer use
• Add DID validation in BlobOperationsImpl constructor, throwing ValidationError for invalid DIDs
• Comprehensive test coverage (21 tests) for valid and invalid DID formats including numeric method names

Details

The DID validator supports the W3C DID Core spec format did:method:identifier where method allows lowercase letters and digits per W3C spec. This prevents cryptic errors from SDS endpoints when invalid DIDs are passed.

Changes

• src/core/types.ts: adds isValidDid() with JSDoc
• src/index.ts: exports isValidDid
• src/repository/BlobOperationsImpl.ts: validates repoDid in constructor
• tests/core/types.test.ts: new test file
• tests/repository/BlobOperationsImpl.test.ts: adds constructor validation tests
• .changeset/did-format-validation.md: minor changeset for sdk-core
• .gitignore: adds package-lock.json exclusion

Extracted from #123, with conflicts resolved against PR #126 (BlobOperationsImpl refactor) and unrelated BlobInput/ProfileOperationsImpl changes omitted.

Summary by CodeRabbit

• New Features

  • Added DID validation utility function supporting W3C Decentralized Identifier format (did:method:identifier).
  • BlobOperationsImpl now validates DIDs on initialization and throws validation errors for invalid formats.

• Tests

  • Added comprehensive test coverage for DID validation scenarios.

[changeset-bot]

🦋 Changeset detected

Latest commit: df84d85

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

Name	Type
@hypercerts-org/sdk-core	Minor
@hypercerts-org/sdk-react	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Warning

Rate limit exceeded

@aspiers has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 16 minutes and 46 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

This pull request introduces a new isValidDid() utility function to validate Decentralized Identifier (DID) formats conforming to the W3C specification. The function is integrated into the BlobOperationsImpl constructor to validate the repoDid parameter, with comprehensive test coverage for both the utility and the constructor validation behavior.

Changes

Cohort / File(s)	Summary
DID Validation Function packages/sdk-core/src/core/types.ts, packages/sdk-core/src/index.ts	Added new isValidDid(did: string): boolean utility function that validates DID format using regex pattern ^did:[a-z0-9]+:[a-zA-Z0-9._:%-]+$, exported from SDK core public API.
Constructor Validation packages/sdk-core/src/repository/BlobOperationsImpl.ts	Integrated DID validation into BlobOperationsImpl constructor to validate repoDid parameter and throw ValidationError on invalid format.
Test Coverage packages/sdk-core/tests/core/types.test.ts, packages/sdk-core/tests/repository/BlobOperationsImpl.test.ts	Added comprehensive test suites validating isValidDid() against valid and invalid DID formats, and testing BlobOperationsImpl constructor behavior with valid/invalid DIDs.
Configuration .gitignore, .changeset/did-format-validation.md	Added package-lock.json to .gitignore and created changeset documentation entry.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested reviewers

• s-adamantine
• bitbeckers

Poem

🐰 A DID came hopping through our code,
Validation now keeps us on the road,
With regex checks and tests in place,
We've caught the invalid ones—no trace! 🎉

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(sdk-core): add DID format validation' accurately and concisely describes the main change: adding DID format validation functionality to the SDK core.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch did-validation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR adds DID format validation to prevent cryptic errors when invalid DIDs are passed to SDS endpoints. It introduces a utility function isValidDid() that validates DIDs against the W3C DID Core specification format, exports it for consumer use, and integrates it into BlobOperationsImpl constructor to validate the repoDid parameter.

Changes:

• Added isValidDid() utility function with support for numeric method names per W3C spec
• Integrated DID validation into BlobOperationsImpl constructor with helpful error messages
• Comprehensive test coverage with 18 test cases covering valid and invalid DID formats

Reviewed changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
packages/sdk-core/src/core/types.ts	Adds isValidDid() validation function with JSDoc documentation
packages/sdk-core/src/index.ts	Exports isValidDid for public API consumers
packages/sdk-core/src/repository/BlobOperationsImpl.ts	Validates repoDid in constructor, throws ValidationError for invalid format
packages/sdk-core/tests/core/types.test.ts	New test file with 18 comprehensive test cases for DID validation
packages/sdk-core/tests/repository/BlobOperationsImpl.test.ts	Adds 3 constructor validation tests
.changeset/did-format-validation.md	Documents the minor version change for sdk-core
.gitignore	Attempts to add package-lock.json (already present)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This test case is a duplicate of the test on line 60-62. Both test the same input "did:plc:" with the same expectation. Consider either removing this duplicate or modifying it to test a different edge case, such as "did:method:identifier:" (trailing colon after identifier).

Suggested change

	it("should reject did:method: with empty identifier", () => {
	expect(isValidDid("did:plc:")).toBe(false);
	it("should reject did with trailing colon after identifier", () => {
	expect(isValidDid("did:plc:abc123:")).toBe(false);

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.changeset/did-format-validation.md:
- Around line 1-9: The changeset should explicitly call out the
behavioral/breaking change that BlobOperationsImpl's constructor now validates
repoDid and throws ValidationError for invalid DIDs; update the .changeset text
to mention that consumers passing invalid DIDs will now receive a thrown
ValidationError from BlobOperationsImpl (and reference the new isValidDid()
utility exported from `@hypercerts-org/sdk-core` as the recommended validation
helper), and suggest migration guidance (e.g., run isValidDid(repoDid) before
constructing BlobOperationsImpl) so downstream callers can handle or sanitize
inputs to restore prior non-throwing behavior.

In `@packages/sdk-core/src/core/types.ts`:
- Around line 45-50: The isValidDid regex currently allows an empty final
segment so DIDs like "did:example:abc:" pass; update the validation in
isValidDid to require the method-specific-id be one or more idchar characters
followed by zero or more ":" + one or more idchar segments (i.e., no empty
segment or trailing colon), replacing the existing character-class-based pattern
with a segment-based pattern that enforces non-empty segments; then add a unit
test asserting isValidDid("did:example:abc:") returns false to prevent
regressions.

In `@packages/sdk-core/tests/core/types.test.ts`:
- Around line 60-66: The test suite contains a duplicate case: both the "should
reject did:method without identifier" and "should reject did:method: with empty
identifier" tests call isValidDid("did:plc:"); remove the redundant test or
change it to a distinct input (for example use "did:plc:abc:" to test a trailing
colon after a non-empty identifier) and update the test description accordingly;
locate the duplicate by the test name strings and the isValidDid invocation in
types.test.ts and ensure the new case asserts
expect(isValidDid("did:plc:abc:")).toBe(false) if you intend to validate
trailing-colon rejection.