Documentation

Quick links to the guides, concepts, recipes, and the auto-generated API reference. The fastest path to a working integration is the 5-minute verifier.

Getting started

• Install + 5-minute verifier — install the packages and verify your first presentation.

Concepts

The standards demystified for web developers.

• SD-JWT-VC — the credential format the EU is settling on. Selective disclosure without trusting the holder.
• OID4VCI — issuance protocol. The OAuth-shaped flow behind every EUDIW credential.
• OID4VP — verification protocol. How the verifier asks for claims and gets a response it can trust.
• DCQL — credential query language. How verifiers ask for specific claims, compactly.
• DPoP — RFC 9449. How OAuth access tokens get sender-constrained to the holder's key.

Guides

End-to-end walk-throughs that produce working code.

• Build a verifier — a 30-line bank-style relying party.
• Build an issuer — a 50-line OID4VCI pre-authorized-code issuer the EU wallet talks to.
• Batch issuance — mint a pool of N independent unlinkable credentials per offer.

Recipes

Specific scenarios with concrete code.

• Verify an EU PID — talk to the EU Commission's reference issuer, retrieve a real PID, verify it.
• One-time-use credentials — issue a pool, present from the pool, refill the pool.

API reference

Auto-generated from each @gramota/* package's TypeScript declarations.

Top-level

• @gramota/sdk — Stripe-shaped facade. One config object, lazy-instantiated verifier, issuer, holder, qr.

High-level

• @gramota/verifier — relying-party verifier with 12 named security checks.
• @gramota/issuer — single + batch SD-JWT-VC issuance.
• @gramota/holder — headless wallet: store, receive, present.
• @gramota/qr — QR rendering for EUDIW deep links. Strategy-pluggable renderer.

Protocol & transport

• @gramota/oid4vp — OID4VP wire format, signed JAR, x509_san_dns cert helpers.
• @gramota/oid4vci — OID4VCI client + server, Draft 13/15 normalized, DPoP both sides.
• @gramota/dcql — DCQL matcher, claim path evaluator, selection.
• @gramota/presentation-exchange — DIF Presentation Exchange v2, for legacy OID4VP 1.0 wallets.

Cryptography & credentials

• @gramota/jose — JWS sign + verify, x5c chain validation, pluggable Signer Strategy.
• @gramota/sd-jwt — SD-JWT-VC parser, hash binding, KB-JWT issuance / verification.
• @gramota/credential-format — pluggable format-handler registry.

Trust & revocation

• @gramota/trust — TrustResolver: Static, JwksUrl, SdJwtVcIssuer (.well-known/jwt-vc-issuer).
• @gramota/status-list — IETF Token Status List + StatusResolver Strategy.

Foundation

• @gramota/core — Fetcher transport interface + GramotaError base class. Imported by every other @gramota/* package.