Summary
Add KGQL query support for watcher and witness relationships in KERI credentials, enabling queries like "who attested to this credential?" and "what credentials has this watcher observed?"
Background
The keri-git-said sidecar now supports watcher-signed credentials where a watcher AID attests to git commits. KGQL should support querying these watcher relationships.
Per Sam Smith's KERI spec: "A validator may protect itself with duplicity detection via a set of observers (validators, watchers, jurors, judges)."
Proposed KGQL Extensions
1. Query Watchers for a Credential
-- Get all watchers who attested to this credential
QUERY watchers FOR ECommitCredSAID...
-- Returns:
{
"credential": "ECommitCredSAID...",
"watchers": [
{"aid": "BWatcherAID...", "signature": "AAD...", "timestamp": "..."}
]
}
2. Query Credentials by Watcher
-- Find all credentials attested by a watcher
SELECT * WHERE watcher = "BWatcherAID..."
-- With time range
SELECT * WHERE watcher = "BWatcherAID..." AND dt > "2026-01-01"
3. Traverse Watcher Chain
-- Follow watcher attestation edges
TRAVERSE FROM ECredSAID... FOLLOW watcher
-- Verify watcher is authorized
VERIFY WATCHER BWatcherAID... FOR ECredSAID...
4. Witness Receipts
-- Query witness receipts for an event/credential
QUERY witnesses FOR ECredSAID...
-- Verify threshold of witnesses
VERIFY WITNESSES threshold=2 FOR ECredSAID...
Credential Structure
Watcher-signed sidecar credentials have:
{
"d": "ECredentialSAID...",
"i": "BWatcherAID...", // Watcher who attested
"a": {
"gitSha": "abc123...",
"author": "Sam Smith",
...
},
"signature": "AADsig..." // Watcher's signature over SAID
}
Implementation Tasks
Related
Summary
Add KGQL query support for watcher and witness relationships in KERI credentials, enabling queries like "who attested to this credential?" and "what credentials has this watcher observed?"
Background
The
keri-git-saidsidecar now supports watcher-signed credentials where a watcher AID attests to git commits. KGQL should support querying these watcher relationships.Per Sam Smith's KERI spec: "A validator may protect itself with duplicity detection via a set of observers (validators, watchers, jurors, judges)."
Proposed KGQL Extensions
1. Query Watchers for a Credential
2. Query Credentials by Watcher
3. Traverse Watcher Chain
4. Witness Receipts
Credential Structure
Watcher-signed sidecar credentials have:
{ "d": "ECredentialSAID...", "i": "BWatcherAID...", // Watcher who attested "a": { "gitSha": "abc123...", "author": "Sam Smith", ... }, "signature": "AADsig..." // Watcher's signature over SAID }Implementation Tasks
watcherfield extraction in QueryResultQUERY watchers FORsyntaxWHERE watcher =predicateRelated