feature/ipfs vault allocation (#8)

* refactor: move constants to genesis.proto * feat: add ipfs_active flag to genesis state * feat: add IPFS connection initialization to keeper * feat: add testnet process-compose * refactor: rename sonr-testnet docker image to sonr-runner * refactor: update docker-vm-release workflow to use 'latest' tag * feat: add permission to workflows * feat: add new service chain execution * feat: add abstract vault class to pkl * feat: use jetpackio/devbox image for runner * feat: introduce dwn for local service worker * refactor: remove unnecessary dockerfile layers * refactor(deploy): Update Dockerfile to copy go.mod and go.sum from the parent directory * build: move Dockerfile to root directory * build: Add Dockerfile for deployment * feat: Update Dockerfile to work with Go project in parent directory * build: Update docker-compose.yaml to use relative paths * feat: Update docker-compose to work with new image and parent git directory * refactor: remove unnecessary test script * <no value> * feat: add test_node script for running node tests * feat: add IPFS cluster to testnet * feat: add docker image for sonr-runner * fix: typo in export path * feat(did): Add Localhost Registration Enabled Genesis Option * feat: add support for Sqlite DB in vault * feat: improve vault model JSON serialization * feat: support querying HTMX endpoint for DID * feat: Add primary key, unique, default, not null, auto increment, and foreign key field types * feat: Add PublicKey model in pkl/vault.pkl * feat: add frontend server * refactor: move dwn.wasm to vfs directory * feat(frontend): remove frontend server implementation * feat: Add a frontend server and web auth protocol * feat: implement new key types for MPC and ZK proofs * fix: Update enum types and DefaultKeyInfos * fix: correct typo in KeyAlgorithm enum * feat(did): add attestation format validation * feat: Add x/did/builder/extractor.go * feat: Update JWK parsing in x/did/builder/extractor.go * feat: Use github.com/onsonr/sonr/x/did/types package * feat: Extract and format public keys from WebAuthn credentials * feat: Introduce a new `mapToJWK` function to convert a map to a `types.JWK` struct * feat: add support for extracting JWK public keys * feat: remove VerificationMethod struct * refactor: extract public key extraction logic * feat: add helper functions to map COSECurveID to JWK curve names * feat: pin initial vault
2025-03-10 13:07:09 +00:00 · 2024-09-07 18:12:58 -04:00 · 2024-09-07 18:12:58 -04:00 · 4f2d342649
commit 4f2d342649
parent 93ebc9eea1
116 changed files with 12036 additions and 7657 deletions
--- a/.github/workflows/docker-release.yml
+++ b/.github/workflows/docker-release.yml
@ -18,6 +18,10 @@ env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}
 permissions:
  contents: read
  packages: write
 jobs:
  release-image:
    runs-on: ubuntu-latest
--- a/.github/workflows/docker-vm-release.yml
+++ b/.github/workflows/docker-vm-release.yml
@ -13,6 +13,10 @@ env:
  REGISTRY: ghcr.io
  IMAGE_NAME: ${{ github.repository }}
 permissions:
  contents: read
  packages: write
 jobs:
  release-image:
    runs-on: ubuntu-latest
@ -23,26 +27,33 @@ jobs:
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
-      # all lowercase ghcr registry
+      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - run: |
          DOCKER_REGISTRY=`echo "${{ env.REGISTRY }}/${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]'`
          echo "DOCKER_REGISTRY=$DOCKER_REGISTRY" >> $GITHUB_ENV
          REPO_NAME=`echo "${{ github.repository }}" | awk -F'/' '{print $2}' | tr '[:upper:]' '[:lower:]'`
          echo "REPO_NAME=$REPO_NAME" >> $GITHUB_ENV
-
+      # login to ghcr (public) with codebase remaining private
      - name: Parse tag
        id: tag
        run: |
          # v0.0.1
          VERSION=$(echo ${{ github.ref_name }} | sed "s/v//")
          # 0.0.1
          echo "VERSION=$VERSION" >> $GITHUB_ENV
      # build and publish package to ghcr (public) with codebase remaining private
      - name: Log in to the Container registry
        uses: docker/login-action@v2
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Build and push sonrvm image
        uses: docker/build-push-action@v6
        with:
          push: true
          target: sonrvm
          tags: ghcr.io/${{ github.repository_owner }}/sonrvm:latest
      - name: Build and push sonr-runner image
        uses: docker/build-push-action@v6
        with:
          push: true
          target: sonr-runner
          tags: ghcr.io/${{ github.repository_owner }}/sonr-runner:latest
--- a/.gitignore
+++ b/.gitignore
@ -18,6 +18,9 @@ aof*
 *.out
 buf.lock
 # Exclude embedded files
 !internal/files/dist
 # Dependency directories
 node_modules/
--- a/20
+++ b/20
@ -9,11 +9,31 @@ RUN mkdir -p /code && chown ${DEVBOX_USER}:${DEVBOX_USER} /code
 USER ${DEVBOX_USER}:${DEVBOX_USER}
 COPY --chown=${DEVBOX_USER}:${DEVBOX_USER} devbox.json devbox.json
 COPY --chown=${DEVBOX_USER}:${DEVBOX_USER} process-compose.yaml process-compose.yaml
 RUN devbox run -- echo "Installed Packages."
 ENTRYPOINT ["devbox", "run"]
 # --------------------------------------------------------
 FROM jetpackio/devbox:latest AS sonr-runner
 WORKDIR /code
 USER root:root
 RUN mkdir -p /code && chown ${DEVBOX_USER}:${DEVBOX_USER} /code
 USER ${DEVBOX_USER}:${DEVBOX_USER}
 COPY --chown=${DEVBOX_USER}:${DEVBOX_USER} devbox.json devbox.json
 COPY --chown=${DEVBOX_USER}:${DEVBOX_USER} process-compose.yaml process-compose.yaml
 COPY --chown=${DEVBOX_USER}:${DEVBOX_USER} . .
 RUN devbox run -- echo "Installed Packages."
 RUN git config --global --add safe.directory /code
 ENTRYPOINT ["devbox", "run", "testnet"]
 # --------------------------------------------------------
 FROM golang:1.22-alpine AS go-builder
--- a/10
+++ b/10
@ -305,17 +305,17 @@ templ:
 	@echo "Generating templ files"
 	templ generate
-vault:
+dwn:
 	@echo "Generating go-pkl files"
 	go run github.com/apple/pkl-go/cmd/pkl-gen-go ./pkl/txns.pkl
 	go run github.com/apple/pkl-go/cmd/pkl-gen-go ./pkl/vault.pkl
 	@echo "Building vault.wasm"
-	GOOS=js GOARCH=wasm go build -o ./internal/files/vault.wasm ./cmd/vault/main.go
+	GOOS=js GOARCH=wasm go build -o ./internal/vfs/dwn.wasm ./cmd/dwn/main.go
 ###############################################################################
 ###                                     help                                ###
 ###############################################################################
 .PHONY: explorer
 explorer:
 	docker compose up
 help:
 	@echo "Usage: make <target>"
--- a/api/did/v1/constants.pulsar.go
+++ b/api/did/v1/constants.pulsar.go
@ -1,727 +0,0 @@
 // Code generated by protoc-gen-go-pulsar. DO NOT EDIT.
 package didv1
 import (
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 	reflect "reflect"
 	sync "sync"
 )
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.0
 // 	protoc        (unknown)
 // source: did/v1/constants.proto
 const (
 	// Verify that this generated code is sufficiently up-to-date.
 	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
 	// Verify that runtime/protoimpl is sufficiently up-to-date.
 	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
 )
 // AssetType defines the type of asset: native, wrapped, staking, pool, or unspecified
 type AssetType int32
 const (
 	AssetType_ASSET_TYPE_UNSPECIFIED AssetType = 0
 	AssetType_ASSET_TYPE_NATIVE      AssetType = 1
 	AssetType_ASSET_TYPE_WRAPPED     AssetType = 2
 	AssetType_ASSET_TYPE_STAKING     AssetType = 3
 	AssetType_ASSET_TYPE_POOL        AssetType = 4
 	AssetType_ASSET_TYPE_IBC         AssetType = 5
 	AssetType_ASSET_TYPE_CW20        AssetType = 6
 )
 // Enum value maps for AssetType.
 var (
 	AssetType_name = map[int32]string{
 		0: "ASSET_TYPE_UNSPECIFIED",
 		1: "ASSET_TYPE_NATIVE",
 		2: "ASSET_TYPE_WRAPPED",
 		3: "ASSET_TYPE_STAKING",
 		4: "ASSET_TYPE_POOL",
 		5: "ASSET_TYPE_IBC",
 		6: "ASSET_TYPE_CW20",
 	}
 	AssetType_value = map[string]int32{
 		"ASSET_TYPE_UNSPECIFIED": 0,
 		"ASSET_TYPE_NATIVE":      1,
 		"ASSET_TYPE_WRAPPED":     2,
 		"ASSET_TYPE_STAKING":     3,
 		"ASSET_TYPE_POOL":        4,
 		"ASSET_TYPE_IBC":         5,
 		"ASSET_TYPE_CW20":        6,
 	}
 )
 func (x AssetType) Enum() *AssetType {
 	p := new(AssetType)
 	*p = x
 	return p
 }
 func (x AssetType) String() string {
 	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
 }
 func (AssetType) Descriptor() protoreflect.EnumDescriptor {
 	return file_did_v1_constants_proto_enumTypes[0].Descriptor()
 }
 func (AssetType) Type() protoreflect.EnumType {
 	return &file_did_v1_constants_proto_enumTypes[0]
 }
 func (x AssetType) Number() protoreflect.EnumNumber {
 	return protoreflect.EnumNumber(x)
 }
 // Deprecated: Use AssetType.Descriptor instead.
 func (AssetType) EnumDescriptor() ([]byte, []int) {
 	return file_did_v1_constants_proto_rawDescGZIP(), []int{0}
 }
 // DIDNamespace define the different namespaces of DID
 type DIDNamespace int32
 const (
 	DIDNamespace_DID_NAMESPACE_UNSPECIFIED DIDNamespace = 0
 	DIDNamespace_DID_NAMESPACE_IPFS        DIDNamespace = 1
 	DIDNamespace_DID_NAMESPACE_SONR        DIDNamespace = 2
 	DIDNamespace_DID_NAMESPACE_BITCOIN     DIDNamespace = 3
 	DIDNamespace_DID_NAMESPACE_ETHEREUM    DIDNamespace = 4
 	DIDNamespace_DID_NAMESPACE_IBC         DIDNamespace = 5
 	DIDNamespace_DID_NAMESPACE_WEBAUTHN    DIDNamespace = 6
 	DIDNamespace_DID_NAMESPACE_DWN         DIDNamespace = 7
 	DIDNamespace_DID_NAMESPACE_SERVICE     DIDNamespace = 8
 )
 // Enum value maps for DIDNamespace.
 var (
 	DIDNamespace_name = map[int32]string{
 		0: "DID_NAMESPACE_UNSPECIFIED",
 		1: "DID_NAMESPACE_IPFS",
 		2: "DID_NAMESPACE_SONR",
 		3: "DID_NAMESPACE_BITCOIN",
 		4: "DID_NAMESPACE_ETHEREUM",
 		5: "DID_NAMESPACE_IBC",
 		6: "DID_NAMESPACE_WEBAUTHN",
 		7: "DID_NAMESPACE_DWN",
 		8: "DID_NAMESPACE_SERVICE",
 	}
 	DIDNamespace_value = map[string]int32{
 		"DID_NAMESPACE_UNSPECIFIED": 0,
 		"DID_NAMESPACE_IPFS":        1,
 		"DID_NAMESPACE_SONR":        2,
 		"DID_NAMESPACE_BITCOIN":     3,
 		"DID_NAMESPACE_ETHEREUM":    4,
 		"DID_NAMESPACE_IBC":         5,
 		"DID_NAMESPACE_WEBAUTHN":    6,
 		"DID_NAMESPACE_DWN":         7,
 		"DID_NAMESPACE_SERVICE":     8,
 	}
 )
 func (x DIDNamespace) Enum() *DIDNamespace {
 	p := new(DIDNamespace)
 	*p = x
 	return p
 }
 func (x DIDNamespace) String() string {
 	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
 }
 func (DIDNamespace) Descriptor() protoreflect.EnumDescriptor {
 	return file_did_v1_constants_proto_enumTypes[1].Descriptor()
 }
 func (DIDNamespace) Type() protoreflect.EnumType {
 	return &file_did_v1_constants_proto_enumTypes[1]
 }
 func (x DIDNamespace) Number() protoreflect.EnumNumber {
 	return protoreflect.EnumNumber(x)
 }
 // Deprecated: Use DIDNamespace.Descriptor instead.
 func (DIDNamespace) EnumDescriptor() ([]byte, []int) {
 	return file_did_v1_constants_proto_rawDescGZIP(), []int{1}
 }
 // KeyAlgorithm defines the key algorithm
 type KeyAlgorithm int32
 const (
 	KeyAlgorithm_KEY_ALGORITHM_UNSPECIFIED KeyAlgorithm = 0
 	KeyAlgorithm_KEY_ALGORITHM_ES256       KeyAlgorithm = 1
 	KeyAlgorithm_KEY_ALGORITHM_ES384       KeyAlgorithm = 2
 	KeyAlgorithm_KEY_ALGORITHM_ES512       KeyAlgorithm = 3
 	KeyAlgorithm_KEY_ALGORITHM_EDDSA       KeyAlgorithm = 4
 	KeyAlgorithm_KEY_ALGORITHM_ES256K      KeyAlgorithm = 5
 	KeyAlgorithm_KEY_ALGORITHM_BLS12377    KeyAlgorithm = 6
 	KeyAlgorithm_KEY_ALGORITHM_KECCAK256   KeyAlgorithm = 7
 )
 // Enum value maps for KeyAlgorithm.
 var (
 	KeyAlgorithm_name = map[int32]string{
 		0: "KEY_ALGORITHM_UNSPECIFIED",
 		1: "KEY_ALGORITHM_ES256",
 		2: "KEY_ALGORITHM_ES384",
 		3: "KEY_ALGORITHM_ES512",
 		4: "KEY_ALGORITHM_EDDSA",
 		5: "KEY_ALGORITHM_ES256K",
 		6: "KEY_ALGORITHM_BLS12377",
 		7: "KEY_ALGORITHM_KECCAK256",
 	}
 	KeyAlgorithm_value = map[string]int32{
 		"KEY_ALGORITHM_UNSPECIFIED": 0,
 		"KEY_ALGORITHM_ES256":       1,
 		"KEY_ALGORITHM_ES384":       2,
 		"KEY_ALGORITHM_ES512":       3,
 		"KEY_ALGORITHM_EDDSA":       4,
 		"KEY_ALGORITHM_ES256K":      5,
 		"KEY_ALGORITHM_BLS12377":    6,
 		"KEY_ALGORITHM_KECCAK256":   7,
 	}
 )
 func (x KeyAlgorithm) Enum() *KeyAlgorithm {
 	p := new(KeyAlgorithm)
 	*p = x
 	return p
 }
 func (x KeyAlgorithm) String() string {
 	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
 }
 func (KeyAlgorithm) Descriptor() protoreflect.EnumDescriptor {
 	return file_did_v1_constants_proto_enumTypes[2].Descriptor()
 }
 func (KeyAlgorithm) Type() protoreflect.EnumType {
 	return &file_did_v1_constants_proto_enumTypes[2]
 }
 func (x KeyAlgorithm) Number() protoreflect.EnumNumber {
 	return protoreflect.EnumNumber(x)
 }
 // Deprecated: Use KeyAlgorithm.Descriptor instead.
 func (KeyAlgorithm) EnumDescriptor() ([]byte, []int) {
 	return file_did_v1_constants_proto_rawDescGZIP(), []int{2}
 }
 // KeyCurve defines the key curve
 type KeyCurve int32
 const (
 	KeyCurve_KEY_CURVE_UNSPECIFIED KeyCurve = 0
 	KeyCurve_KEY_CURVE_P256        KeyCurve = 1
 	KeyCurve_KEY_CURVE_P384        KeyCurve = 2
 	KeyCurve_KEY_CURVE_P521        KeyCurve = 3
 	KeyCurve_KEY_CURVE_X25519      KeyCurve = 4
 	KeyCurve_KEY_CURVE_X448        KeyCurve = 5
 	KeyCurve_KEY_CURVE_ED25519     KeyCurve = 6
 	KeyCurve_KEY_CURVE_ED448       KeyCurve = 7
 	KeyCurve_KEY_CURVE_SECP256K1   KeyCurve = 8
 )
 // Enum value maps for KeyCurve.
 var (
 	KeyCurve_name = map[int32]string{
 		0: "KEY_CURVE_UNSPECIFIED",
 		1: "KEY_CURVE_P256",
 		2: "KEY_CURVE_P384",
 		3: "KEY_CURVE_P521",
 		4: "KEY_CURVE_X25519",
 		5: "KEY_CURVE_X448",
 		6: "KEY_CURVE_ED25519",
 		7: "KEY_CURVE_ED448",
 		8: "KEY_CURVE_SECP256K1",
 	}
 	KeyCurve_value = map[string]int32{
 		"KEY_CURVE_UNSPECIFIED": 0,
 		"KEY_CURVE_P256":        1,
 		"KEY_CURVE_P384":        2,
 		"KEY_CURVE_P521":        3,
 		"KEY_CURVE_X25519":      4,
 		"KEY_CURVE_X448":        5,
 		"KEY_CURVE_ED25519":     6,
 		"KEY_CURVE_ED448":       7,
 		"KEY_CURVE_SECP256K1":   8,
 	}
 )
 func (x KeyCurve) Enum() *KeyCurve {
 	p := new(KeyCurve)
 	*p = x
 	return p
 }
 func (x KeyCurve) String() string {
 	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
 }
 func (KeyCurve) Descriptor() protoreflect.EnumDescriptor {
 	return file_did_v1_constants_proto_enumTypes[3].Descriptor()
 }
 func (KeyCurve) Type() protoreflect.EnumType {
 	return &file_did_v1_constants_proto_enumTypes[3]
 }
 func (x KeyCurve) Number() protoreflect.EnumNumber {
 	return protoreflect.EnumNumber(x)
 }
 // Deprecated: Use KeyCurve.Descriptor instead.
 func (KeyCurve) EnumDescriptor() ([]byte, []int) {
 	return file_did_v1_constants_proto_rawDescGZIP(), []int{3}
 }
 // KeyEncoding defines the key encoding
 type KeyEncoding int32
 const (
 	KeyEncoding_KEY_ENCODING_UNSPECIFIED KeyEncoding = 0
 	KeyEncoding_KEY_ENCODING_RAW         KeyEncoding = 1
 	KeyEncoding_KEY_ENCODING_HEX         KeyEncoding = 2
 	KeyEncoding_KEY_ENCODING_MULTIBASE   KeyEncoding = 3
 	KeyEncoding_KEY_ENCODING_JWK         KeyEncoding = 4
 )
 // Enum value maps for KeyEncoding.
 var (
 	KeyEncoding_name = map[int32]string{
 		0: "KEY_ENCODING_UNSPECIFIED",
 		1: "KEY_ENCODING_RAW",
 		2: "KEY_ENCODING_HEX",
 		3: "KEY_ENCODING_MULTIBASE",
 		4: "KEY_ENCODING_JWK",
 	}
 	KeyEncoding_value = map[string]int32{
 		"KEY_ENCODING_UNSPECIFIED": 0,
 		"KEY_ENCODING_RAW":         1,
 		"KEY_ENCODING_HEX":         2,
 		"KEY_ENCODING_MULTIBASE":   3,
 		"KEY_ENCODING_JWK":         4,
 	}
 )
 func (x KeyEncoding) Enum() *KeyEncoding {
 	p := new(KeyEncoding)
 	*p = x
 	return p
 }
 func (x KeyEncoding) String() string {
 	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
 }
 func (KeyEncoding) Descriptor() protoreflect.EnumDescriptor {
 	return file_did_v1_constants_proto_enumTypes[4].Descriptor()
 }
 func (KeyEncoding) Type() protoreflect.EnumType {
 	return &file_did_v1_constants_proto_enumTypes[4]
 }
 func (x KeyEncoding) Number() protoreflect.EnumNumber {
 	return protoreflect.EnumNumber(x)
 }
 // Deprecated: Use KeyEncoding.Descriptor instead.
 func (KeyEncoding) EnumDescriptor() ([]byte, []int) {
 	return file_did_v1_constants_proto_rawDescGZIP(), []int{4}
 }
 // KeyRole defines the kind of key
 type KeyRole int32
 const (
 	KeyRole_KEY_ROLE_UNSPECIFIED KeyRole = 0
 	// Blockchain key types
 	KeyRole_KEY_ROLE_AUTHENTICATION KeyRole = 1 // Passkeys and FIDO
 	KeyRole_KEY_ROLE_ASSERTION      KeyRole = 2 // Zk Identifiers
 	KeyRole_KEY_ROLE_DELEGATION     KeyRole = 3 // ETH,BTC,IBC addresses
 	KeyRole_KEY_ROLE_INVOCATION     KeyRole = 4 // DWN Controllers
 )
 // Enum value maps for KeyRole.
 var (
 	KeyRole_name = map[int32]string{
 		0: "KEY_ROLE_UNSPECIFIED",
 		1: "KEY_ROLE_AUTHENTICATION",
 		2: "KEY_ROLE_ASSERTION",
 		3: "KEY_ROLE_DELEGATION",
 		4: "KEY_ROLE_INVOCATION",
 	}
 	KeyRole_value = map[string]int32{
 		"KEY_ROLE_UNSPECIFIED":    0,
 		"KEY_ROLE_AUTHENTICATION": 1,
 		"KEY_ROLE_ASSERTION":      2,
 		"KEY_ROLE_DELEGATION":     3,
 		"KEY_ROLE_INVOCATION":     4,
 	}
 )
 func (x KeyRole) Enum() *KeyRole {
 	p := new(KeyRole)
 	*p = x
 	return p
 }
 func (x KeyRole) String() string {
 	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
 }
 func (KeyRole) Descriptor() protoreflect.EnumDescriptor {
 	return file_did_v1_constants_proto_enumTypes[5].Descriptor()
 }
 func (KeyRole) Type() protoreflect.EnumType {
 	return &file_did_v1_constants_proto_enumTypes[5]
 }
 func (x KeyRole) Number() protoreflect.EnumNumber {
 	return protoreflect.EnumNumber(x)
 }
 // Deprecated: Use KeyRole.Descriptor instead.
 func (KeyRole) EnumDescriptor() ([]byte, []int) {
 	return file_did_v1_constants_proto_rawDescGZIP(), []int{5}
 }
 // KeyType defines the key type
 type KeyType int32
 const (
 	KeyType_KEY_TYPE_UNSPECIFIED KeyType = 0
 	KeyType_KEY_TYPE_OCTET       KeyType = 1
 	KeyType_KEY_TYPE_ELLIPTIC    KeyType = 2
 	KeyType_KEY_TYPE_RSA         KeyType = 3
 	KeyType_KEY_TYPE_SYMMETRIC   KeyType = 4
 	KeyType_KEY_TYPE_HMAC        KeyType = 5
 )
 // Enum value maps for KeyType.
 var (
 	KeyType_name = map[int32]string{
 		0: "KEY_TYPE_UNSPECIFIED",
 		1: "KEY_TYPE_OCTET",
 		2: "KEY_TYPE_ELLIPTIC",
 		3: "KEY_TYPE_RSA",
 		4: "KEY_TYPE_SYMMETRIC",
 		5: "KEY_TYPE_HMAC",
 	}
 	KeyType_value = map[string]int32{
 		"KEY_TYPE_UNSPECIFIED": 0,
 		"KEY_TYPE_OCTET":       1,
 		"KEY_TYPE_ELLIPTIC":    2,
 		"KEY_TYPE_RSA":         3,
 		"KEY_TYPE_SYMMETRIC":   4,
 		"KEY_TYPE_HMAC":        5,
 	}
 )
 func (x KeyType) Enum() *KeyType {
 	p := new(KeyType)
 	*p = x
 	return p
 }
 func (x KeyType) String() string {
 	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
 }
 func (KeyType) Descriptor() protoreflect.EnumDescriptor {
 	return file_did_v1_constants_proto_enumTypes[6].Descriptor()
 }
 func (KeyType) Type() protoreflect.EnumType {
 	return &file_did_v1_constants_proto_enumTypes[6]
 }
 func (x KeyType) Number() protoreflect.EnumNumber {
 	return protoreflect.EnumNumber(x)
 }
 // Deprecated: Use KeyType.Descriptor instead.
 func (KeyType) EnumDescriptor() ([]byte, []int) {
 	return file_did_v1_constants_proto_rawDescGZIP(), []int{6}
 }
 // PermissionScope define the Capabilities Controllers can grant for Services
 type PermissionScope int32
 const (
 	PermissionScope_PERMISSION_SCOPE_UNSPECIFIED            PermissionScope = 0
 	PermissionScope_PERMISSION_SCOPE_BASIC_INFO             PermissionScope = 1
 	PermissionScope_PERMISSION_SCOPE_RECORDS_READ           PermissionScope = 2
 	PermissionScope_PERMISSION_SCOPE_RECORDS_WRITE          PermissionScope = 3
 	PermissionScope_PERMISSION_SCOPE_TRANSACTIONS_READ      PermissionScope = 4
 	PermissionScope_PERMISSION_SCOPE_TRANSACTIONS_WRITE     PermissionScope = 5
 	PermissionScope_PERMISSION_SCOPE_WALLETS_READ           PermissionScope = 6
 	PermissionScope_PERMISSION_SCOPE_WALLETS_CREATE         PermissionScope = 7
 	PermissionScope_PERMISSION_SCOPE_WALLETS_SUBSCRIBE      PermissionScope = 8
 	PermissionScope_PERMISSION_SCOPE_WALLETS_UPDATE         PermissionScope = 9
 	PermissionScope_PERMISSION_SCOPE_TRANSACTIONS_VERIFY    PermissionScope = 10
 	PermissionScope_PERMISSION_SCOPE_TRANSACTIONS_BROADCAST PermissionScope = 11
 	PermissionScope_PERMISSION_SCOPE_ADMIN_USER             PermissionScope = 12
 	PermissionScope_PERMISSION_SCOPE_ADMIN_VALIDATOR        PermissionScope = 13
 )
 // Enum value maps for PermissionScope.
 var (
 	PermissionScope_name = map[int32]string{
 		0:  "PERMISSION_SCOPE_UNSPECIFIED",
 		1:  "PERMISSION_SCOPE_BASIC_INFO",
 		2:  "PERMISSION_SCOPE_RECORDS_READ",
 		3:  "PERMISSION_SCOPE_RECORDS_WRITE",
 		4:  "PERMISSION_SCOPE_TRANSACTIONS_READ",
 		5:  "PERMISSION_SCOPE_TRANSACTIONS_WRITE",
 		6:  "PERMISSION_SCOPE_WALLETS_READ",
 		7:  "PERMISSION_SCOPE_WALLETS_CREATE",
 		8:  "PERMISSION_SCOPE_WALLETS_SUBSCRIBE",
 		9:  "PERMISSION_SCOPE_WALLETS_UPDATE",
 		10: "PERMISSION_SCOPE_TRANSACTIONS_VERIFY",
 		11: "PERMISSION_SCOPE_TRANSACTIONS_BROADCAST",
 		12: "PERMISSION_SCOPE_ADMIN_USER",
 		13: "PERMISSION_SCOPE_ADMIN_VALIDATOR",
 	}
 	PermissionScope_value = map[string]int32{
 		"PERMISSION_SCOPE_UNSPECIFIED":            0,
 		"PERMISSION_SCOPE_BASIC_INFO":             1,
 		"PERMISSION_SCOPE_RECORDS_READ":           2,
 		"PERMISSION_SCOPE_RECORDS_WRITE":          3,
 		"PERMISSION_SCOPE_TRANSACTIONS_READ":      4,
 		"PERMISSION_SCOPE_TRANSACTIONS_WRITE":     5,
 		"PERMISSION_SCOPE_WALLETS_READ":           6,
 		"PERMISSION_SCOPE_WALLETS_CREATE":         7,
 		"PERMISSION_SCOPE_WALLETS_SUBSCRIBE":      8,
 		"PERMISSION_SCOPE_WALLETS_UPDATE":         9,
 		"PERMISSION_SCOPE_TRANSACTIONS_VERIFY":    10,
 		"PERMISSION_SCOPE_TRANSACTIONS_BROADCAST": 11,
 		"PERMISSION_SCOPE_ADMIN_USER":             12,
 		"PERMISSION_SCOPE_ADMIN_VALIDATOR":        13,
 	}
 )
 func (x PermissionScope) Enum() *PermissionScope {
 	p := new(PermissionScope)
 	*p = x
 	return p
 }
 func (x PermissionScope) String() string {
 	return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
 }
 func (PermissionScope) Descriptor() protoreflect.EnumDescriptor {
 	return file_did_v1_constants_proto_enumTypes[7].Descriptor()
 }
 func (PermissionScope) Type() protoreflect.EnumType {
 	return &file_did_v1_constants_proto_enumTypes[7]
 }
 func (x PermissionScope) Number() protoreflect.EnumNumber {
 	return protoreflect.EnumNumber(x)
 }
 // Deprecated: Use PermissionScope.Descriptor instead.
 func (PermissionScope) EnumDescriptor() ([]byte, []int) {
 	return file_did_v1_constants_proto_rawDescGZIP(), []int{7}
 }
 var File_did_v1_constants_proto protoreflect.FileDescriptor
 var file_did_v1_constants_proto_rawDesc = []byte{
 	0x0a, 0x16, 0x64, 0x69, 0x64, 0x2f, 0x76, 0x31, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x74, 0x61, 0x6e,
 	0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31,
 	0x2a, 0xac, 0x01, 0x0a, 0x09, 0x41, 0x73, 0x73, 0x65, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1a,
 	0x0a, 0x16, 0x41, 0x53, 0x53, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53,
 	0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x41, 0x53,
 	0x53, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4e, 0x41, 0x54, 0x49, 0x56, 0x45, 0x10,
 	0x01, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x53, 0x53, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
 	0x57, 0x52, 0x41, 0x50, 0x50, 0x45, 0x44, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x53, 0x53,
 	0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x4b, 0x49, 0x4e, 0x47, 0x10,
 	0x03, 0x12, 0x13, 0x0a, 0x0f, 0x41, 0x53, 0x53, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f,
 	0x50, 0x4f, 0x4f, 0x4c, 0x10, 0x04, 0x12, 0x12, 0x0a, 0x0e, 0x41, 0x53, 0x53, 0x45, 0x54, 0x5f,
 	0x54, 0x59, 0x50, 0x45, 0x5f, 0x49, 0x42, 0x43, 0x10, 0x05, 0x12, 0x13, 0x0a, 0x0f, 0x41, 0x53,
 	0x53, 0x45, 0x54, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x43, 0x57, 0x32, 0x30, 0x10, 0x06, 0x2a,
 	0xf9, 0x01, 0x0a, 0x0c, 0x44, 0x49, 0x44, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65,
 	0x12, 0x1d, 0x0a, 0x19, 0x44, 0x49, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43,
 	0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12,
 	0x16, 0x0a, 0x12, 0x44, 0x49, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45,
 	0x5f, 0x49, 0x50, 0x46, 0x53, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x44, 0x49, 0x44, 0x5f, 0x4e,
 	0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x5f, 0x53, 0x4f, 0x4e, 0x52, 0x10, 0x02, 0x12,
 	0x19, 0x0a, 0x15, 0x44, 0x49, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45,
 	0x5f, 0x42, 0x49, 0x54, 0x43, 0x4f, 0x49, 0x4e, 0x10, 0x03, 0x12, 0x1a, 0x0a, 0x16, 0x44, 0x49,
 	0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x5f, 0x45, 0x54, 0x48, 0x45,
 	0x52, 0x45, 0x55, 0x4d, 0x10, 0x04, 0x12, 0x15, 0x0a, 0x11, 0x44, 0x49, 0x44, 0x5f, 0x4e, 0x41,
 	0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x5f, 0x49, 0x42, 0x43, 0x10, 0x05, 0x12, 0x1a, 0x0a,
 	0x16, 0x44, 0x49, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x5f, 0x57,
 	0x45, 0x42, 0x41, 0x55, 0x54, 0x48, 0x4e, 0x10, 0x06, 0x12, 0x15, 0x0a, 0x11, 0x44, 0x49, 0x44,
 	0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x5f, 0x44, 0x57, 0x4e, 0x10, 0x07,
 	0x12, 0x19, 0x0a, 0x15, 0x44, 0x49, 0x44, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43,
 	0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x10, 0x08, 0x2a, 0xe4, 0x01, 0x0a, 0x0c,
 	0x4b, 0x65, 0x79, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x1d, 0x0a, 0x19,
 	0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x55, 0x4e,
 	0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x4b,
 	0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x53, 0x32,
 	0x35, 0x36, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x4f,
 	0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x53, 0x33, 0x38, 0x34, 0x10, 0x02, 0x12, 0x17, 0x0a,
 	0x13, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45,
 	0x53, 0x35, 0x31, 0x32, 0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c,
 	0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x45, 0x44, 0x44, 0x53, 0x41, 0x10, 0x04, 0x12,
 	0x18, 0x0a, 0x14, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d,
 	0x5f, 0x45, 0x53, 0x32, 0x35, 0x36, 0x4b, 0x10, 0x05, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x45, 0x59,
 	0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x42, 0x4c, 0x53, 0x31, 0x32,
 	0x33, 0x37, 0x37, 0x10, 0x06, 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x45, 0x59, 0x5f, 0x41, 0x4c, 0x47,
 	0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x4b, 0x45, 0x43, 0x43, 0x41, 0x4b, 0x32, 0x35, 0x36,
 	0x10, 0x07, 0x2a, 0xd0, 0x01, 0x0a, 0x08, 0x4b, 0x65, 0x79, 0x43, 0x75, 0x72, 0x76, 0x65, 0x12,
 	0x19, 0x0a, 0x15, 0x4b, 0x45, 0x59, 0x5f, 0x43, 0x55, 0x52, 0x56, 0x45, 0x5f, 0x55, 0x4e, 0x53,
 	0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4b, 0x45,
 	0x59, 0x5f, 0x43, 0x55, 0x52, 0x56, 0x45, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x12,
 	0x0a, 0x0e, 0x4b, 0x45, 0x59, 0x5f, 0x43, 0x55, 0x52, 0x56, 0x45, 0x5f, 0x50, 0x33, 0x38, 0x34,
 	0x10, 0x02, 0x12, 0x12, 0x0a, 0x0e, 0x4b, 0x45, 0x59, 0x5f, 0x43, 0x55, 0x52, 0x56, 0x45, 0x5f,
 	0x50, 0x35, 0x32, 0x31, 0x10, 0x03, 0x12, 0x14, 0x0a, 0x10, 0x4b, 0x45, 0x59, 0x5f, 0x43, 0x55,
 	0x52, 0x56, 0x45, 0x5f, 0x58, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x04, 0x12, 0x12, 0x0a, 0x0e,
 	0x4b, 0x45, 0x59, 0x5f, 0x43, 0x55, 0x52, 0x56, 0x45, 0x5f, 0x58, 0x34, 0x34, 0x38, 0x10, 0x05,
 	0x12, 0x15, 0x0a, 0x11, 0x4b, 0x45, 0x59, 0x5f, 0x43, 0x55, 0x52, 0x56, 0x45, 0x5f, 0x45, 0x44,
 	0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x06, 0x12, 0x13, 0x0a, 0x0f, 0x4b, 0x45, 0x59, 0x5f, 0x43,
 	0x55, 0x52, 0x56, 0x45, 0x5f, 0x45, 0x44, 0x34, 0x34, 0x38, 0x10, 0x07, 0x12, 0x17, 0x0a, 0x13,
 	0x4b, 0x45, 0x59, 0x5f, 0x43, 0x55, 0x52, 0x56, 0x45, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x32, 0x35,
 	0x36, 0x4b, 0x31, 0x10, 0x08, 0x2a, 0x89, 0x01, 0x0a, 0x0b, 0x4b, 0x65, 0x79, 0x45, 0x6e, 0x63,
 	0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x1c, 0x0a, 0x18, 0x4b, 0x45, 0x59, 0x5f, 0x45, 0x4e, 0x43,
 	0x4f, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45,
 	0x44, 0x10, 0x00, 0x12, 0x14, 0x0a, 0x10, 0x4b, 0x45, 0x59, 0x5f, 0x45, 0x4e, 0x43, 0x4f, 0x44,
 	0x49, 0x4e, 0x47, 0x5f, 0x52, 0x41, 0x57, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x4b, 0x45, 0x59,
 	0x5f, 0x45, 0x4e, 0x43, 0x4f, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x48, 0x45, 0x58, 0x10, 0x02, 0x12,
 	0x1a, 0x0a, 0x16, 0x4b, 0x45, 0x59, 0x5f, 0x45, 0x4e, 0x43, 0x4f, 0x44, 0x49, 0x4e, 0x47, 0x5f,
 	0x4d, 0x55, 0x4c, 0x54, 0x49, 0x42, 0x41, 0x53, 0x45, 0x10, 0x03, 0x12, 0x14, 0x0a, 0x10, 0x4b,
 	0x45, 0x59, 0x5f, 0x45, 0x4e, 0x43, 0x4f, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x4a, 0x57, 0x4b, 0x10,
 	0x04, 0x2a, 0x8a, 0x01, 0x0a, 0x07, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x6c, 0x65, 0x12, 0x18, 0x0a,
 	0x14, 0x4b, 0x45, 0x59, 0x5f, 0x52, 0x4f, 0x4c, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43,
 	0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1b, 0x0a, 0x17, 0x4b, 0x45, 0x59, 0x5f, 0x52,
 	0x4f, 0x4c, 0x45, 0x5f, 0x41, 0x55, 0x54, 0x48, 0x45, 0x4e, 0x54, 0x49, 0x43, 0x41, 0x54, 0x49,
 	0x4f, 0x4e, 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x45, 0x59, 0x5f, 0x52, 0x4f, 0x4c, 0x45,
 	0x5f, 0x41, 0x53, 0x53, 0x45, 0x52, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x02, 0x12, 0x17, 0x0a, 0x13,
 	0x4b, 0x45, 0x59, 0x5f, 0x52, 0x4f, 0x4c, 0x45, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x47, 0x41, 0x54,
 	0x49, 0x4f, 0x4e, 0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x45, 0x59, 0x5f, 0x52, 0x4f, 0x4c,
 	0x45, 0x5f, 0x49, 0x4e, 0x56, 0x4f, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x04, 0x2a, 0x8b,
 	0x01, 0x0a, 0x07, 0x4b, 0x65, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x4b, 0x45,
 	0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49,
 	0x45, 0x44, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45,
 	0x5f, 0x4f, 0x43, 0x54, 0x45, 0x54, 0x10, 0x01, 0x12, 0x15, 0x0a, 0x11, 0x4b, 0x45, 0x59, 0x5f,
 	0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x4c, 0x4c, 0x49, 0x50, 0x54, 0x49, 0x43, 0x10, 0x02, 0x12,
 	0x10, 0x0a, 0x0c, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x10,
 	0x03, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x53, 0x59,
 	0x4d, 0x4d, 0x45, 0x54, 0x52, 0x49, 0x43, 0x10, 0x04, 0x12, 0x11, 0x0a, 0x0d, 0x4b, 0x45, 0x59,
 	0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x48, 0x4d, 0x41, 0x43, 0x10, 0x05, 0x2a, 0x9f, 0x04, 0x0a,
 	0x0f, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x63, 0x6f, 0x70, 0x65,
 	0x12, 0x20, 0x0a, 0x1c, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x53,
 	0x43, 0x4f, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44,
 	0x10, 0x00, 0x12, 0x1f, 0x0a, 0x1b, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x4f, 0x4e,
 	0x5f, 0x53, 0x43, 0x4f, 0x50, 0x45, 0x5f, 0x42, 0x41, 0x53, 0x49, 0x43, 0x5f, 0x49, 0x4e, 0x46,
 	0x4f, 0x10, 0x01, 0x12, 0x21, 0x0a, 0x1d, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x4f,
 	0x4e, 0x5f, 0x53, 0x43, 0x4f, 0x50, 0x45, 0x5f, 0x52, 0x45, 0x43, 0x4f, 0x52, 0x44, 0x53, 0x5f,
 	0x52, 0x45, 0x41, 0x44, 0x10, 0x02, 0x12, 0x22, 0x0a, 0x1e, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53,
 	0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x43, 0x4f, 0x50, 0x45, 0x5f, 0x52, 0x45, 0x43, 0x4f, 0x52,
 	0x44, 0x53, 0x5f, 0x57, 0x52, 0x49, 0x54, 0x45, 0x10, 0x03, 0x12, 0x26, 0x0a, 0x22, 0x50, 0x45,
 	0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x43, 0x4f, 0x50, 0x45, 0x5f, 0x54,
 	0x52, 0x41, 0x4e, 0x53, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x52, 0x45, 0x41, 0x44,
 	0x10, 0x04, 0x12, 0x27, 0x0a, 0x23, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x4f, 0x4e,
 	0x5f, 0x53, 0x43, 0x4f, 0x50, 0x45, 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53, 0x41, 0x43, 0x54, 0x49,
 	0x4f, 0x4e, 0x53, 0x5f, 0x57, 0x52, 0x49, 0x54, 0x45, 0x10, 0x05, 0x12, 0x21, 0x0a, 0x1d, 0x50,
 	0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x43, 0x4f, 0x50, 0x45, 0x5f,
 	0x57, 0x41, 0x4c, 0x4c, 0x45, 0x54, 0x53, 0x5f, 0x52, 0x45, 0x41, 0x44, 0x10, 0x06, 0x12, 0x23,
 	0x0a, 0x1f, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x43, 0x4f,
 	0x50, 0x45, 0x5f, 0x57, 0x41, 0x4c, 0x4c, 0x45, 0x54, 0x53, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54,
 	0x45, 0x10, 0x07, 0x12, 0x26, 0x0a, 0x22, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x4f,
 	0x4e, 0x5f, 0x53, 0x43, 0x4f, 0x50, 0x45, 0x5f, 0x57, 0x41, 0x4c, 0x4c, 0x45, 0x54, 0x53, 0x5f,
 	0x53, 0x55, 0x42, 0x53, 0x43, 0x52, 0x49, 0x42, 0x45, 0x10, 0x08, 0x12, 0x23, 0x0a, 0x1f, 0x50,
 	0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x43, 0x4f, 0x50, 0x45, 0x5f,
 	0x57, 0x41, 0x4c, 0x4c, 0x45, 0x54, 0x53, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0x09,
 	0x12, 0x28, 0x0a, 0x24, 0x50, 0x45, 0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x53,
 	0x43, 0x4f, 0x50, 0x45, 0x5f, 0x54, 0x52, 0x41, 0x4e, 0x53, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e,
 	0x53, 0x5f, 0x56, 0x45, 0x52, 0x49, 0x46, 0x59, 0x10, 0x0a, 0x12, 0x2b, 0x0a, 0x27, 0x50, 0x45,
 	0x52, 0x4d, 0x49, 0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x43, 0x4f, 0x50, 0x45, 0x5f, 0x54,
 	0x52, 0x41, 0x4e, 0x53, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x42, 0x52, 0x4f, 0x41,
 	0x44, 0x43, 0x41, 0x53, 0x54, 0x10, 0x0b, 0x12, 0x1f, 0x0a, 0x1b, 0x50, 0x45, 0x52, 0x4d, 0x49,
 	0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x43, 0x4f, 0x50, 0x45, 0x5f, 0x41, 0x44, 0x4d, 0x49,
 	0x4e, 0x5f, 0x55, 0x53, 0x45, 0x52, 0x10, 0x0c, 0x12, 0x24, 0x0a, 0x20, 0x50, 0x45, 0x52, 0x4d,
 	0x49, 0x53, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x43, 0x4f, 0x50, 0x45, 0x5f, 0x41, 0x44, 0x4d,
 	0x49, 0x4e, 0x5f, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x41, 0x54, 0x4f, 0x52, 0x10, 0x0d, 0x42, 0x7e,
 	0x0a, 0x0a, 0x63, 0x6f, 0x6d, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x42, 0x0e, 0x43, 0x6f,
 	0x6e, 0x73, 0x74, 0x61, 0x6e, 0x74, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27,
 	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x6e, 0x73, 0x6f, 0x6e,
 	0x72, 0x2f, 0x73, 0x6f, 0x6e, 0x72, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x64, 0x69, 0x64, 0x2f, 0x76,
 	0x31, 0x3b, 0x64, 0x69, 0x64, 0x76, 0x31, 0xa2, 0x02, 0x03, 0x44, 0x58, 0x58, 0xaa, 0x02, 0x06,
 	0x44, 0x69, 0x64, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x06, 0x44, 0x69, 0x64, 0x5c, 0x56, 0x31, 0xe2,
 	0x02, 0x12, 0x44, 0x69, 0x64, 0x5c, 0x56, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61,
 	0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x07, 0x44, 0x69, 0x64, 0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06,
 	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 var (
 	file_did_v1_constants_proto_rawDescOnce sync.Once
 	file_did_v1_constants_proto_rawDescData = file_did_v1_constants_proto_rawDesc
 )
 func file_did_v1_constants_proto_rawDescGZIP() []byte {
 	file_did_v1_constants_proto_rawDescOnce.Do(func() {
 		file_did_v1_constants_proto_rawDescData = protoimpl.X.CompressGZIP(file_did_v1_constants_proto_rawDescData)
 	})
 	return file_did_v1_constants_proto_rawDescData
 }
 var file_did_v1_constants_proto_enumTypes = make([]protoimpl.EnumInfo, 8)
 var file_did_v1_constants_proto_goTypes = []interface{}{
 	(AssetType)(0),       // 0: did.v1.AssetType
 	(DIDNamespace)(0),    // 1: did.v1.DIDNamespace
 	(KeyAlgorithm)(0),    // 2: did.v1.KeyAlgorithm
 	(KeyCurve)(0),        // 3: did.v1.KeyCurve
 	(KeyEncoding)(0),     // 4: did.v1.KeyEncoding
 	(KeyRole)(0),         // 5: did.v1.KeyRole
 	(KeyType)(0),         // 6: did.v1.KeyType
 	(PermissionScope)(0), // 7: did.v1.PermissionScope
 }
 var file_did_v1_constants_proto_depIdxs = []int32{
 	0, // [0:0] is the sub-list for method output_type
 	0, // [0:0] is the sub-list for method input_type
 	0, // [0:0] is the sub-list for extension type_name
 	0, // [0:0] is the sub-list for extension extendee
 	0, // [0:0] is the sub-list for field type_name
 }
 func init() { file_did_v1_constants_proto_init() }
 func file_did_v1_constants_proto_init() {
 	if File_did_v1_constants_proto != nil {
 		return
 	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
 		File: protoimpl.DescBuilder{
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_did_v1_constants_proto_rawDesc,
 			NumEnums:      8,
 			NumMessages:   0,
 			NumExtensions: 0,
 			NumServices:   0,
 		},
 		GoTypes:           file_did_v1_constants_proto_goTypes,
 		DependencyIndexes: file_did_v1_constants_proto_depIdxs,
 		EnumInfos:         file_did_v1_constants_proto_enumTypes,
 	}.Build()
 	File_did_v1_constants_proto = out.File
 	file_did_v1_constants_proto_rawDesc = nil
 	file_did_v1_constants_proto_goTypes = nil
 	file_did_v1_constants_proto_depIdxs = nil
 }
--- a/api/did/v1/genesis.pulsar.go
+++ b/api/did/v1/genesis.pulsar.go
--- a/api/did/v1/models.pulsar.go
+++ b/api/did/v1/models.pulsar.go
--- a/api/did/v1/query.pulsar.go
+++ b/api/did/v1/query.pulsar.go
--- a/api/did/v1/query_grpc.pb.go
+++ b/api/did/v1/query_grpc.pb.go
@ -20,11 +20,8 @@ const _ = grpc.SupportPackageIsVersion7
 const (
 	Query_Params_FullMethodName  = "/did.v1.Query/Params"
 	Query_Accounts_FullMethodName    = "/did.v1.Query/Accounts"
 	Query_Credentials_FullMethodName = "/did.v1.Query/Credentials"
 	Query_Resolve_FullMethodName = "/did.v1.Query/Resolve"
 	Query_Service_FullMethodName = "/did.v1.Query/Service"
 	Query_Token_FullMethodName       = "/did.v1.Query/Token"
 )
 // QueryClient is the client API for Query service.
@ -33,16 +30,10 @@ const (
 type QueryClient interface {
 	// Params queries all parameters of the module.
 	Params(ctx context.Context, in *QueryRequest, opts ...grpc.CallOption) (*QueryParamsResponse, error)
 	// Accounts returns associated wallet accounts with the DID.
 	Accounts(ctx context.Context, in *QueryRequest, opts ...grpc.CallOption) (*QueryAccountsResponse, error)
 	// Credentials returns associated credentials with the DID and Service Origin.
 	Credentials(ctx context.Context, in *QueryRequest, opts ...grpc.CallOption) (*QueryCredentialsResponse, error)
 	// Resolve queries the DID document by its id.
 	Resolve(ctx context.Context, in *QueryRequest, opts ...grpc.CallOption) (*QueryResolveResponse, error)
 	// Service returns associated ServiceInfo for a given Origin
 	Service(ctx context.Context, in *QueryRequest, opts ...grpc.CallOption) (*QueryServiceResponse, error)
 	// Token returns the current authentication token for the client.
 	Token(ctx context.Context, in *QueryRequest, opts ...grpc.CallOption) (*QueryTokenResponse, error)
 }
 type queryClient struct {
@ -62,24 +53,6 @@ func (c *queryClient) Params(ctx context.Context, in *QueryRequest, opts ...grpc
 	return out, nil
 }
 func (c *queryClient) Accounts(ctx context.Context, in *QueryRequest, opts ...grpc.CallOption) (*QueryAccountsResponse, error) {
 	out := new(QueryAccountsResponse)
 	err := c.cc.Invoke(ctx, Query_Accounts_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *queryClient) Credentials(ctx context.Context, in *QueryRequest, opts ...grpc.CallOption) (*QueryCredentialsResponse, error) {
 	out := new(QueryCredentialsResponse)
 	err := c.cc.Invoke(ctx, Query_Credentials_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 func (c *queryClient) Resolve(ctx context.Context, in *QueryRequest, opts ...grpc.CallOption) (*QueryResolveResponse, error) {
 	out := new(QueryResolveResponse)
 	err := c.cc.Invoke(ctx, Query_Resolve_FullMethodName, in, out, opts...)
@ -98,31 +71,16 @@ func (c *queryClient) Service(ctx context.Context, in *QueryRequest, opts ...grp
 	return out, nil
 }
 func (c *queryClient) Token(ctx context.Context, in *QueryRequest, opts ...grpc.CallOption) (*QueryTokenResponse, error) {
 	out := new(QueryTokenResponse)
 	err := c.cc.Invoke(ctx, Query_Token_FullMethodName, in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 // QueryServer is the server API for Query service.
 // All implementations must embed UnimplementedQueryServer
 // for forward compatibility
 type QueryServer interface {
 	// Params queries all parameters of the module.
 	Params(context.Context, *QueryRequest) (*QueryParamsResponse, error)
 	// Accounts returns associated wallet accounts with the DID.
 	Accounts(context.Context, *QueryRequest) (*QueryAccountsResponse, error)
 	// Credentials returns associated credentials with the DID and Service Origin.
 	Credentials(context.Context, *QueryRequest) (*QueryCredentialsResponse, error)
 	// Resolve queries the DID document by its id.
 	Resolve(context.Context, *QueryRequest) (*QueryResolveResponse, error)
 	// Service returns associated ServiceInfo for a given Origin
 	Service(context.Context, *QueryRequest) (*QueryServiceResponse, error)
 	// Token returns the current authentication token for the client.
 	Token(context.Context, *QueryRequest) (*QueryTokenResponse, error)
 	mustEmbedUnimplementedQueryServer()
 }
@ -133,21 +91,12 @@ type UnimplementedQueryServer struct {
 func (UnimplementedQueryServer) Params(context.Context, *QueryRequest) (*QueryParamsResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Params not implemented")
 }
 func (UnimplementedQueryServer) Accounts(context.Context, *QueryRequest) (*QueryAccountsResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Accounts not implemented")
 }
 func (UnimplementedQueryServer) Credentials(context.Context, *QueryRequest) (*QueryCredentialsResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Credentials not implemented")
 }
 func (UnimplementedQueryServer) Resolve(context.Context, *QueryRequest) (*QueryResolveResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Resolve not implemented")
 }
 func (UnimplementedQueryServer) Service(context.Context, *QueryRequest) (*QueryServiceResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Service not implemented")
 }
 func (UnimplementedQueryServer) Token(context.Context, *QueryRequest) (*QueryTokenResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Token not implemented")
 }
 func (UnimplementedQueryServer) mustEmbedUnimplementedQueryServer() {}
 // UnsafeQueryServer may be embedded to opt out of forward compatibility for this service.
@ -179,42 +128,6 @@ func _Query_Params_Handler(srv interface{}, ctx context.Context, dec func(interf
 	return interceptor(ctx, in, info, handler)
 }
 func _Query_Accounts_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(QueryRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(QueryServer).Accounts(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: Query_Accounts_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(QueryServer).Accounts(ctx, req.(*QueryRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _Query_Credentials_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(QueryRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(QueryServer).Credentials(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: Query_Credentials_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(QueryServer).Credentials(ctx, req.(*QueryRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 func _Query_Resolve_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(QueryRequest)
 	if err := dec(in); err != nil {
@ -251,24 +164,6 @@ func _Query_Service_Handler(srv interface{}, ctx context.Context, dec func(inter
 	return interceptor(ctx, in, info, handler)
 }
 func _Query_Token_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(QueryRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
 		return srv.(QueryServer).Token(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
 		FullMethod: Query_Token_FullMethodName,
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
 		return srv.(QueryServer).Token(ctx, req.(*QueryRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 // Query_ServiceDesc is the grpc.ServiceDesc for Query service.
 // It's only intended for direct use with grpc.RegisterService,
 // and not to be introspected or modified (even as a copy)
@ -280,14 +175,6 @@ var Query_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "Params",
 			Handler:    _Query_Params_Handler,
 		},
 		{
 			MethodName: "Accounts",
 			Handler:    _Query_Accounts_Handler,
 		},
 		{
 			MethodName: "Credentials",
 			Handler:    _Query_Credentials_Handler,
 		},
 		{
 			MethodName: "Resolve",
 			Handler:    _Query_Resolve_Handler,
@ -296,10 +183,6 @@ var Query_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "Service",
 			Handler:    _Query_Service_Handler,
 		},
 		{
 			MethodName: "Token",
 			Handler:    _Query_Token_Handler,
 		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "did/v1/query.proto",
--- a/api/did/v1/state.cosmos_orm.go
+++ b/api/did/v1/state.cosmos_orm.go
@ -9,6 +9,249 @@ import (
 	ormerrors "cosmossdk.io/orm/types/ormerrors"
 )
 type AuthenticationTable interface {
 	Insert(ctx context.Context, authentication *Authentication) error
 	Update(ctx context.Context, authentication *Authentication) error
 	Save(ctx context.Context, authentication *Authentication) error
 	Delete(ctx context.Context, authentication *Authentication) error
 	Has(ctx context.Context, id string) (found bool, err error)
 	// Get returns nil and an error which responds true to ormerrors.IsNotFound() if the record was not found.
 	Get(ctx context.Context, id string) (*Authentication, error)
 	HasBySubjectOrigin(ctx context.Context, subject string, origin string) (found bool, err error)
 	// GetBySubjectOrigin returns nil and an error which responds true to ormerrors.IsNotFound() if the record was not found.
 	GetBySubjectOrigin(ctx context.Context, subject string, origin string) (*Authentication, error)
 	HasByControllerOrigin(ctx context.Context, controller string, origin string) (found bool, err error)
 	// GetByControllerOrigin returns nil and an error which responds true to ormerrors.IsNotFound() if the record was not found.
 	GetByControllerOrigin(ctx context.Context, controller string, origin string) (*Authentication, error)
 	HasByControllerCredentialLabel(ctx context.Context, controller string, credential_label string) (found bool, err error)
 	// GetByControllerCredentialLabel returns nil and an error which responds true to ormerrors.IsNotFound() if the record was not found.
 	GetByControllerCredentialLabel(ctx context.Context, controller string, credential_label string) (*Authentication, error)
 	List(ctx context.Context, prefixKey AuthenticationIndexKey, opts ...ormlist.Option) (AuthenticationIterator, error)
 	ListRange(ctx context.Context, from, to AuthenticationIndexKey, opts ...ormlist.Option) (AuthenticationIterator, error)
 	DeleteBy(ctx context.Context, prefixKey AuthenticationIndexKey) error
 	DeleteRange(ctx context.Context, from, to AuthenticationIndexKey) error
 	doNotImplement()
 }
 type AuthenticationIterator struct {
 	ormtable.Iterator
 }
 func (i AuthenticationIterator) Value() (*Authentication, error) {
 	var authentication Authentication
 	err := i.UnmarshalMessage(&authentication)
 	return &authentication, err
 }
 type AuthenticationIndexKey interface {
 	id() uint32
 	values() []interface{}
 	authenticationIndexKey()
 }
 // primary key starting index..
 type AuthenticationPrimaryKey = AuthenticationIdIndexKey
 type AuthenticationIdIndexKey struct {
 	vs []interface{}
 }
 func (x AuthenticationIdIndexKey) id() uint32              { return 0 }
 func (x AuthenticationIdIndexKey) values() []interface{}   { return x.vs }
 func (x AuthenticationIdIndexKey) authenticationIndexKey() {}
 func (this AuthenticationIdIndexKey) WithId(id string) AuthenticationIdIndexKey {
 	this.vs = []interface{}{id}
 	return this
 }
 type AuthenticationSubjectOriginIndexKey struct {
 	vs []interface{}
 }
 func (x AuthenticationSubjectOriginIndexKey) id() uint32              { return 1 }
 func (x AuthenticationSubjectOriginIndexKey) values() []interface{}   { return x.vs }
 func (x AuthenticationSubjectOriginIndexKey) authenticationIndexKey() {}
 func (this AuthenticationSubjectOriginIndexKey) WithSubject(subject string) AuthenticationSubjectOriginIndexKey {
 	this.vs = []interface{}{subject}
 	return this
 }
 func (this AuthenticationSubjectOriginIndexKey) WithSubjectOrigin(subject string, origin string) AuthenticationSubjectOriginIndexKey {
 	this.vs = []interface{}{subject, origin}
 	return this
 }
 type AuthenticationControllerOriginIndexKey struct {
 	vs []interface{}
 }
 func (x AuthenticationControllerOriginIndexKey) id() uint32              { return 2 }
 func (x AuthenticationControllerOriginIndexKey) values() []interface{}   { return x.vs }
 func (x AuthenticationControllerOriginIndexKey) authenticationIndexKey() {}
 func (this AuthenticationControllerOriginIndexKey) WithController(controller string) AuthenticationControllerOriginIndexKey {
 	this.vs = []interface{}{controller}
 	return this
 }
 func (this AuthenticationControllerOriginIndexKey) WithControllerOrigin(controller string, origin string) AuthenticationControllerOriginIndexKey {
 	this.vs = []interface{}{controller, origin}
 	return this
 }
 type AuthenticationControllerCredentialLabelIndexKey struct {
 	vs []interface{}
 }
 func (x AuthenticationControllerCredentialLabelIndexKey) id() uint32              { return 3 }
 func (x AuthenticationControllerCredentialLabelIndexKey) values() []interface{}   { return x.vs }
 func (x AuthenticationControllerCredentialLabelIndexKey) authenticationIndexKey() {}
 func (this AuthenticationControllerCredentialLabelIndexKey) WithController(controller string) AuthenticationControllerCredentialLabelIndexKey {
 	this.vs = []interface{}{controller}
 	return this
 }
 func (this AuthenticationControllerCredentialLabelIndexKey) WithControllerCredentialLabel(controller string, credential_label string) AuthenticationControllerCredentialLabelIndexKey {
 	this.vs = []interface{}{controller, credential_label}
 	return this
 }
 type authenticationTable struct {
 	table ormtable.Table
 }
 func (this authenticationTable) Insert(ctx context.Context, authentication *Authentication) error {
 	return this.table.Insert(ctx, authentication)
 }
 func (this authenticationTable) Update(ctx context.Context, authentication *Authentication) error {
 	return this.table.Update(ctx, authentication)
 }
 func (this authenticationTable) Save(ctx context.Context, authentication *Authentication) error {
 	return this.table.Save(ctx, authentication)
 }
 func (this authenticationTable) Delete(ctx context.Context, authentication *Authentication) error {
 	return this.table.Delete(ctx, authentication)
 }
 func (this authenticationTable) Has(ctx context.Context, id string) (found bool, err error) {
 	return this.table.PrimaryKey().Has(ctx, id)
 }
 func (this authenticationTable) Get(ctx context.Context, id string) (*Authentication, error) {
 	var authentication Authentication
 	found, err := this.table.PrimaryKey().Get(ctx, &authentication, id)
 	if err != nil {
 		return nil, err
 	}
 	if !found {
 		return nil, ormerrors.NotFound
 	}
 	return &authentication, nil
 }
 func (this authenticationTable) HasBySubjectOrigin(ctx context.Context, subject string, origin string) (found bool, err error) {
 	return this.table.GetIndexByID(1).(ormtable.UniqueIndex).Has(ctx,
 		subject,
 		origin,
 	)
 }
 func (this authenticationTable) GetBySubjectOrigin(ctx context.Context, subject string, origin string) (*Authentication, error) {
 	var authentication Authentication
 	found, err := this.table.GetIndexByID(1).(ormtable.UniqueIndex).Get(ctx, &authentication,
 		subject,
 		origin,
 	)
 	if err != nil {
 		return nil, err
 	}
 	if !found {
 		return nil, ormerrors.NotFound
 	}
 	return &authentication, nil
 }
 func (this authenticationTable) HasByControllerOrigin(ctx context.Context, controller string, origin string) (found bool, err error) {
 	return this.table.GetIndexByID(2).(ormtable.UniqueIndex).Has(ctx,
 		controller,
 		origin,
 	)
 }
 func (this authenticationTable) GetByControllerOrigin(ctx context.Context, controller string, origin string) (*Authentication, error) {
 	var authentication Authentication
 	found, err := this.table.GetIndexByID(2).(ormtable.UniqueIndex).Get(ctx, &authentication,
 		controller,
 		origin,
 	)
 	if err != nil {
 		return nil, err
 	}
 	if !found {
 		return nil, ormerrors.NotFound
 	}
 	return &authentication, nil
 }
 func (this authenticationTable) HasByControllerCredentialLabel(ctx context.Context, controller string, credential_label string) (found bool, err error) {
 	return this.table.GetIndexByID(3).(ormtable.UniqueIndex).Has(ctx,
 		controller,
 		credential_label,
 	)
 }
 func (this authenticationTable) GetByControllerCredentialLabel(ctx context.Context, controller string, credential_label string) (*Authentication, error) {
 	var authentication Authentication
 	found, err := this.table.GetIndexByID(3).(ormtable.UniqueIndex).Get(ctx, &authentication,
 		controller,
 		credential_label,
 	)
 	if err != nil {
 		return nil, err
 	}
 	if !found {
 		return nil, ormerrors.NotFound
 	}
 	return &authentication, nil
 }
 func (this authenticationTable) List(ctx context.Context, prefixKey AuthenticationIndexKey, opts ...ormlist.Option) (AuthenticationIterator, error) {
 	it, err := this.table.GetIndexByID(prefixKey.id()).List(ctx, prefixKey.values(), opts...)
 	return AuthenticationIterator{it}, err
 }
 func (this authenticationTable) ListRange(ctx context.Context, from, to AuthenticationIndexKey, opts ...ormlist.Option) (AuthenticationIterator, error) {
 	it, err := this.table.GetIndexByID(from.id()).ListRange(ctx, from.values(), to.values(), opts...)
 	return AuthenticationIterator{it}, err
 }
 func (this authenticationTable) DeleteBy(ctx context.Context, prefixKey AuthenticationIndexKey) error {
 	return this.table.GetIndexByID(prefixKey.id()).DeleteBy(ctx, prefixKey.values()...)
 }
 func (this authenticationTable) DeleteRange(ctx context.Context, from, to AuthenticationIndexKey) error {
 	return this.table.GetIndexByID(from.id()).DeleteRange(ctx, from.values(), to.values())
 }
 func (this authenticationTable) doNotImplement() {}
 var _ AuthenticationTable = authenticationTable{}
 func NewAuthenticationTable(db ormtable.Schema) (AuthenticationTable, error) {
 	table := db.GetTable(&Authentication{})
 	if table == nil {
 		return nil, ormerrors.TableNotFound.Wrap(string((&Authentication{}).ProtoReflect().Descriptor().FullName()))
 	}
 	return authenticationTable{table}, nil
 }
 type AssertionTable interface {
 	Insert(ctx context.Context, assertion *Assertion) error
 	Update(ctx context.Context, assertion *Assertion) error
@ -23,9 +266,6 @@ type AssertionTable interface {
 	HasByControllerOrigin(ctx context.Context, controller string, origin string) (found bool, err error)
 	// GetByControllerOrigin returns nil and an error which responds true to ormerrors.IsNotFound() if the record was not found.
 	GetByControllerOrigin(ctx context.Context, controller string, origin string) (*Assertion, error)
 	HasByControllerCredentialLabel(ctx context.Context, controller string, credential_label string) (found bool, err error)
 	// GetByControllerCredentialLabel returns nil and an error which responds true to ormerrors.IsNotFound() if the record was not found.
 	GetByControllerCredentialLabel(ctx context.Context, controller string, credential_label string) (*Assertion, error)
 	List(ctx context.Context, prefixKey AssertionIndexKey, opts ...ormlist.Option) (AssertionIterator, error)
 	ListRange(ctx context.Context, from, to AssertionIndexKey, opts ...ormlist.Option) (AssertionIterator, error)
 	DeleteBy(ctx context.Context, prefixKey AssertionIndexKey) error
@ -102,24 +342,6 @@ func (this AssertionControllerOriginIndexKey) WithControllerOrigin(controller st
 	return this
 }
 type AssertionControllerCredentialLabelIndexKey struct {
 	vs []interface{}
 }
 func (x AssertionControllerCredentialLabelIndexKey) id() uint32            { return 3 }
 func (x AssertionControllerCredentialLabelIndexKey) values() []interface{} { return x.vs }
 func (x AssertionControllerCredentialLabelIndexKey) assertionIndexKey()    {}
 func (this AssertionControllerCredentialLabelIndexKey) WithController(controller string) AssertionControllerCredentialLabelIndexKey {
 	this.vs = []interface{}{controller}
 	return this
 }
 func (this AssertionControllerCredentialLabelIndexKey) WithControllerCredentialLabel(controller string, credential_label string) AssertionControllerCredentialLabelIndexKey {
 	this.vs = []interface{}{controller, credential_label}
 	return this
 }
 type assertionTable struct {
 	table ormtable.Table
 }
@ -200,28 +422,6 @@ func (this assertionTable) GetByControllerOrigin(ctx context.Context, controller
 	return &assertion, nil
 }
 func (this assertionTable) HasByControllerCredentialLabel(ctx context.Context, controller string, credential_label string) (found bool, err error) {
 	return this.table.GetIndexByID(3).(ormtable.UniqueIndex).Has(ctx,
 		controller,
 		credential_label,
 	)
 }
 func (this assertionTable) GetByControllerCredentialLabel(ctx context.Context, controller string, credential_label string) (*Assertion, error) {
 	var assertion Assertion
 	found, err := this.table.GetIndexByID(3).(ormtable.UniqueIndex).Get(ctx, &assertion,
 		controller,
 		credential_label,
 	)
 	if err != nil {
 		return nil, err
 	}
 	if !found {
 		return nil, ormerrors.NotFound
 	}
 	return &assertion, nil
 }
 func (this assertionTable) List(ctx context.Context, prefixKey AssertionIndexKey, opts ...ormlist.Option) (AssertionIterator, error) {
 	it, err := this.table.GetIndexByID(prefixKey.id()).List(ctx, prefixKey.values(), opts...)
 	return AssertionIterator{it}, err
@ -252,206 +452,6 @@ func NewAssertionTable(db ormtable.Schema) (AssertionTable, error) {
 	return assertionTable{table}, nil
 }
 type AttestationTable interface {
 	Insert(ctx context.Context, attestation *Attestation) error
 	Update(ctx context.Context, attestation *Attestation) error
 	Save(ctx context.Context, attestation *Attestation) error
 	Delete(ctx context.Context, attestation *Attestation) error
 	Has(ctx context.Context, id string) (found bool, err error)
 	// Get returns nil and an error which responds true to ormerrors.IsNotFound() if the record was not found.
 	Get(ctx context.Context, id string) (*Attestation, error)
 	HasBySubjectOrigin(ctx context.Context, subject string, origin string) (found bool, err error)
 	// GetBySubjectOrigin returns nil and an error which responds true to ormerrors.IsNotFound() if the record was not found.
 	GetBySubjectOrigin(ctx context.Context, subject string, origin string) (*Attestation, error)
 	HasByControllerOrigin(ctx context.Context, controller string, origin string) (found bool, err error)
 	// GetByControllerOrigin returns nil and an error which responds true to ormerrors.IsNotFound() if the record was not found.
 	GetByControllerOrigin(ctx context.Context, controller string, origin string) (*Attestation, error)
 	List(ctx context.Context, prefixKey AttestationIndexKey, opts ...ormlist.Option) (AttestationIterator, error)
 	ListRange(ctx context.Context, from, to AttestationIndexKey, opts ...ormlist.Option) (AttestationIterator, error)
 	DeleteBy(ctx context.Context, prefixKey AttestationIndexKey) error
 	DeleteRange(ctx context.Context, from, to AttestationIndexKey) error
 	doNotImplement()
 }
 type AttestationIterator struct {
 	ormtable.Iterator
 }
 func (i AttestationIterator) Value() (*Attestation, error) {
 	var attestation Attestation
 	err := i.UnmarshalMessage(&attestation)
 	return &attestation, err
 }
 type AttestationIndexKey interface {
 	id() uint32
 	values() []interface{}
 	attestationIndexKey()
 }
 // primary key starting index..
 type AttestationPrimaryKey = AttestationIdIndexKey
 type AttestationIdIndexKey struct {
 	vs []interface{}
 }
 func (x AttestationIdIndexKey) id() uint32            { return 0 }
 func (x AttestationIdIndexKey) values() []interface{} { return x.vs }
 func (x AttestationIdIndexKey) attestationIndexKey()  {}
 func (this AttestationIdIndexKey) WithId(id string) AttestationIdIndexKey {
 	this.vs = []interface{}{id}
 	return this
 }
 type AttestationSubjectOriginIndexKey struct {
 	vs []interface{}
 }
 func (x AttestationSubjectOriginIndexKey) id() uint32            { return 1 }
 func (x AttestationSubjectOriginIndexKey) values() []interface{} { return x.vs }
 func (x AttestationSubjectOriginIndexKey) attestationIndexKey()  {}
 func (this AttestationSubjectOriginIndexKey) WithSubject(subject string) AttestationSubjectOriginIndexKey {
 	this.vs = []interface{}{subject}
 	return this
 }
 func (this AttestationSubjectOriginIndexKey) WithSubjectOrigin(subject string, origin string) AttestationSubjectOriginIndexKey {
 	this.vs = []interface{}{subject, origin}
 	return this
 }
 type AttestationControllerOriginIndexKey struct {
 	vs []interface{}
 }
 func (x AttestationControllerOriginIndexKey) id() uint32            { return 2 }
 func (x AttestationControllerOriginIndexKey) values() []interface{} { return x.vs }
 func (x AttestationControllerOriginIndexKey) attestationIndexKey()  {}
 func (this AttestationControllerOriginIndexKey) WithController(controller string) AttestationControllerOriginIndexKey {
 	this.vs = []interface{}{controller}
 	return this
 }
 func (this AttestationControllerOriginIndexKey) WithControllerOrigin(controller string, origin string) AttestationControllerOriginIndexKey {
 	this.vs = []interface{}{controller, origin}
 	return this
 }
 type attestationTable struct {
 	table ormtable.Table
 }
 func (this attestationTable) Insert(ctx context.Context, attestation *Attestation) error {
 	return this.table.Insert(ctx, attestation)
 }
 func (this attestationTable) Update(ctx context.Context, attestation *Attestation) error {
 	return this.table.Update(ctx, attestation)
 }
 func (this attestationTable) Save(ctx context.Context, attestation *Attestation) error {
 	return this.table.Save(ctx, attestation)
 }
 func (this attestationTable) Delete(ctx context.Context, attestation *Attestation) error {
 	return this.table.Delete(ctx, attestation)
 }
 func (this attestationTable) Has(ctx context.Context, id string) (found bool, err error) {
 	return this.table.PrimaryKey().Has(ctx, id)
 }
 func (this attestationTable) Get(ctx context.Context, id string) (*Attestation, error) {
 	var attestation Attestation
 	found, err := this.table.PrimaryKey().Get(ctx, &attestation, id)
 	if err != nil {
 		return nil, err
 	}
 	if !found {
 		return nil, ormerrors.NotFound
 	}
 	return &attestation, nil
 }
 func (this attestationTable) HasBySubjectOrigin(ctx context.Context, subject string, origin string) (found bool, err error) {
 	return this.table.GetIndexByID(1).(ormtable.UniqueIndex).Has(ctx,
 		subject,
 		origin,
 	)
 }
 func (this attestationTable) GetBySubjectOrigin(ctx context.Context, subject string, origin string) (*Attestation, error) {
 	var attestation Attestation
 	found, err := this.table.GetIndexByID(1).(ormtable.UniqueIndex).Get(ctx, &attestation,
 		subject,
 		origin,
 	)
 	if err != nil {
 		return nil, err
 	}
 	if !found {
 		return nil, ormerrors.NotFound
 	}
 	return &attestation, nil
 }
 func (this attestationTable) HasByControllerOrigin(ctx context.Context, controller string, origin string) (found bool, err error) {
 	return this.table.GetIndexByID(2).(ormtable.UniqueIndex).Has(ctx,
 		controller,
 		origin,
 	)
 }
 func (this attestationTable) GetByControllerOrigin(ctx context.Context, controller string, origin string) (*Attestation, error) {
 	var attestation Attestation
 	found, err := this.table.GetIndexByID(2).(ormtable.UniqueIndex).Get(ctx, &attestation,
 		controller,
 		origin,
 	)
 	if err != nil {
 		return nil, err
 	}
 	if !found {
 		return nil, ormerrors.NotFound
 	}
 	return &attestation, nil
 }
 func (this attestationTable) List(ctx context.Context, prefixKey AttestationIndexKey, opts ...ormlist.Option) (AttestationIterator, error) {
 	it, err := this.table.GetIndexByID(prefixKey.id()).List(ctx, prefixKey.values(), opts...)
 	return AttestationIterator{it}, err
 }
 func (this attestationTable) ListRange(ctx context.Context, from, to AttestationIndexKey, opts ...ormlist.Option) (AttestationIterator, error) {
 	it, err := this.table.GetIndexByID(from.id()).ListRange(ctx, from.values(), to.values(), opts...)
 	return AttestationIterator{it}, err
 }
 func (this attestationTable) DeleteBy(ctx context.Context, prefixKey AttestationIndexKey) error {
 	return this.table.GetIndexByID(prefixKey.id()).DeleteBy(ctx, prefixKey.values()...)
 }
 func (this attestationTable) DeleteRange(ctx context.Context, from, to AttestationIndexKey) error {
 	return this.table.GetIndexByID(from.id()).DeleteRange(ctx, from.values(), to.values())
 }
 func (this attestationTable) doNotImplement() {}
 var _ AttestationTable = attestationTable{}
 func NewAttestationTable(db ormtable.Schema) (AttestationTable, error) {
 	table := db.GetTable(&Attestation{})
 	if table == nil {
 		return nil, ormerrors.TableNotFound.Wrap(string((&Attestation{}).ProtoReflect().Descriptor().FullName()))
 	}
 	return attestationTable{table}, nil
 }
 type ControllerTable interface {
 	Insert(ctx context.Context, controller *Controller) error
 	Update(ctx context.Context, controller *Controller) error
@ -1050,8 +1050,8 @@ func NewServiceRecordTable(db ormtable.Schema) (ServiceRecordTable, error) {
 }
 type StateStore interface {
 	AuthenticationTable() AuthenticationTable
 	AssertionTable() AssertionTable
 	AttestationTable() AttestationTable
 	ControllerTable() ControllerTable
 	DelegationTable() DelegationTable
 	ServiceRecordTable() ServiceRecordTable
@ -1060,19 +1060,19 @@ type StateStore interface {
 }
 type stateStore struct {
 	authentication AuthenticationTable
 	assertion      AssertionTable
 	attestation   AttestationTable
 	controller     ControllerTable
 	delegation     DelegationTable
 	serviceRecord  ServiceRecordTable
 }
-func (x stateStore) AssertionTable() AssertionTable {
+func (x stateStore) AuthenticationTable() AuthenticationTable {
-	return x.assertion
+	return x.authentication
 }
-func (x stateStore) AttestationTable() AttestationTable {
+func (x stateStore) AssertionTable() AssertionTable {
-	return x.attestation
+	return x.assertion
 }
 func (x stateStore) ControllerTable() ControllerTable {
@ -1092,12 +1092,12 @@ func (stateStore) doNotImplement() {}
 var _ StateStore = stateStore{}
 func NewStateStore(db ormtable.Schema) (StateStore, error) {
-	assertionTable, err := NewAssertionTable(db)
+	authenticationTable, err := NewAuthenticationTable(db)
 	if err != nil {
 		return nil, err
 	}
-	attestationTable, err := NewAttestationTable(db)
+	assertionTable, err := NewAssertionTable(db)
 	if err != nil {
 		return nil, err
 	}
@ -1118,8 +1118,8 @@ func NewStateStore(db ormtable.Schema) (StateStore, error) {
 	}
 	return stateStore{
 		authenticationTable,
 		assertionTable,
 		attestationTable,
 		controllerTable,
 		delegationTable,
 		serviceRecordTable,
--- a/api/did/v1/state.pulsar.go
+++ b/api/did/v1/state.pulsar.go
--- a/api/did/v1/tx.pulsar.go
+++ b/api/did/v1/tx.pulsar.go
@ -954,7 +954,7 @@ var (
 	md_MsgAllocateVault           protoreflect.MessageDescriptor
 	fd_MsgAllocateVault_authority protoreflect.FieldDescriptor
 	fd_MsgAllocateVault_subject   protoreflect.FieldDescriptor
-	fd_MsgAllocateVault_token     protoreflect.FieldDescriptor
+	fd_MsgAllocateVault_origin    protoreflect.FieldDescriptor
 )
 func init() {
@ -962,7 +962,7 @@ func init() {
 	md_MsgAllocateVault = File_did_v1_tx_proto.Messages().ByName("MsgAllocateVault")
 	fd_MsgAllocateVault_authority = md_MsgAllocateVault.Fields().ByName("authority")
 	fd_MsgAllocateVault_subject = md_MsgAllocateVault.Fields().ByName("subject")
-	fd_MsgAllocateVault_token = md_MsgAllocateVault.Fields().ByName("token")
+	fd_MsgAllocateVault_origin = md_MsgAllocateVault.Fields().ByName("origin")
 }
 var _ protoreflect.Message = (*fastReflection_MsgAllocateVault)(nil)
@ -1042,9 +1042,9 @@ func (x *fastReflection_MsgAllocateVault) Range(f func(protoreflect.FieldDescrip
 			return
 		}
 	}
-	if x.Token != nil {
+	if x.Origin != "" {
-		value := protoreflect.ValueOfMessage(x.Token.ProtoReflect())
+		value := protoreflect.ValueOfString(x.Origin)
-		if !f(fd_MsgAllocateVault_token, value) {
+		if !f(fd_MsgAllocateVault_origin, value) {
 			return
 		}
 	}
@ -1067,8 +1067,8 @@ func (x *fastReflection_MsgAllocateVault) Has(fd protoreflect.FieldDescriptor) b
 		return x.Authority != ""
 	case "did.v1.MsgAllocateVault.subject":
 		return x.Subject != ""
-	case "did.v1.MsgAllocateVault.token":
+	case "did.v1.MsgAllocateVault.origin":
-		return x.Token != nil
+		return x.Origin != ""
 	default:
 		if fd.IsExtension() {
 			panic(fmt.Errorf("proto3 declared messages do not support extensions: did.v1.MsgAllocateVault"))
@ -1089,8 +1089,8 @@ func (x *fastReflection_MsgAllocateVault) Clear(fd protoreflect.FieldDescriptor)
 		x.Authority = ""
 	case "did.v1.MsgAllocateVault.subject":
 		x.Subject = ""
-	case "did.v1.MsgAllocateVault.token":
+	case "did.v1.MsgAllocateVault.origin":
-		x.Token = nil
+		x.Origin = ""
 	default:
 		if fd.IsExtension() {
 			panic(fmt.Errorf("proto3 declared messages do not support extensions: did.v1.MsgAllocateVault"))
@ -1113,9 +1113,9 @@ func (x *fastReflection_MsgAllocateVault) Get(descriptor protoreflect.FieldDescr
 	case "did.v1.MsgAllocateVault.subject":
 		value := x.Subject
 		return protoreflect.ValueOfString(value)
-	case "did.v1.MsgAllocateVault.token":
+	case "did.v1.MsgAllocateVault.origin":
-		value := x.Token
+		value := x.Origin
-		return protoreflect.ValueOfMessage(value.ProtoReflect())
+		return protoreflect.ValueOfString(value)
 	default:
 		if descriptor.IsExtension() {
 			panic(fmt.Errorf("proto3 declared messages do not support extensions: did.v1.MsgAllocateVault"))
@ -1140,8 +1140,8 @@ func (x *fastReflection_MsgAllocateVault) Set(fd protoreflect.FieldDescriptor, v
 		x.Authority = value.Interface().(string)
 	case "did.v1.MsgAllocateVault.subject":
 		x.Subject = value.Interface().(string)
-	case "did.v1.MsgAllocateVault.token":
+	case "did.v1.MsgAllocateVault.origin":
-		x.Token = value.Message().Interface().(*Token)
+		x.Origin = value.Interface().(string)
 	default:
 		if fd.IsExtension() {
 			panic(fmt.Errorf("proto3 declared messages do not support extensions: did.v1.MsgAllocateVault"))
@ -1162,15 +1162,12 @@ func (x *fastReflection_MsgAllocateVault) Set(fd protoreflect.FieldDescriptor, v
 // Mutable is a mutating operation and unsafe for concurrent use.
 func (x *fastReflection_MsgAllocateVault) Mutable(fd protoreflect.FieldDescriptor) protoreflect.Value {
 	switch fd.FullName() {
 	case "did.v1.MsgAllocateVault.token":
 		if x.Token == nil {
 			x.Token = new(Token)
 		}
 		return protoreflect.ValueOfMessage(x.Token.ProtoReflect())
 	case "did.v1.MsgAllocateVault.authority":
 		panic(fmt.Errorf("field authority of message did.v1.MsgAllocateVault is not mutable"))
 	case "did.v1.MsgAllocateVault.subject":
 		panic(fmt.Errorf("field subject of message did.v1.MsgAllocateVault is not mutable"))
 	case "did.v1.MsgAllocateVault.origin":
 		panic(fmt.Errorf("field origin of message did.v1.MsgAllocateVault is not mutable"))
 	default:
 		if fd.IsExtension() {
 			panic(fmt.Errorf("proto3 declared messages do not support extensions: did.v1.MsgAllocateVault"))
@ -1188,9 +1185,8 @@ func (x *fastReflection_MsgAllocateVault) NewField(fd protoreflect.FieldDescript
 		return protoreflect.ValueOfString("")
 	case "did.v1.MsgAllocateVault.subject":
 		return protoreflect.ValueOfString("")
-	case "did.v1.MsgAllocateVault.token":
+	case "did.v1.MsgAllocateVault.origin":
-		m := new(Token)
+		return protoreflect.ValueOfString("")
 		return protoreflect.ValueOfMessage(m.ProtoReflect())
 	default:
 		if fd.IsExtension() {
 			panic(fmt.Errorf("proto3 declared messages do not support extensions: did.v1.MsgAllocateVault"))
@ -1268,8 +1264,8 @@ func (x *fastReflection_MsgAllocateVault) ProtoMethods() *protoiface.Methods {
 		if l > 0 {
 			n += 1 + l + runtime.Sov(uint64(l))
 		}
-		if x.Token != nil {
+		l = len(x.Origin)
-			l = options.Size(x.Token)
+		if l > 0 {
 			n += 1 + l + runtime.Sov(uint64(l))
 		}
 		if x.unknownFields != nil {
@ -1301,17 +1297,10 @@ func (x *fastReflection_MsgAllocateVault) ProtoMethods() *protoiface.Methods {
 			i -= len(x.unknownFields)
 			copy(dAtA[i:], x.unknownFields)
 		}
-		if x.Token != nil {
+		if len(x.Origin) > 0 {
-			encoded, err := options.Marshal(x.Token)
+			i -= len(x.Origin)
-			if err != nil {
+			copy(dAtA[i:], x.Origin)
-				return protoiface.MarshalOutput{
+			i = runtime.EncodeVarint(dAtA, i, uint64(len(x.Origin)))
 					NoUnkeyedLiterals: input.NoUnkeyedLiterals,
 					Buf:               input.Buf,
 				}, err
 			}
 			i -= len(encoded)
 			copy(dAtA[i:], encoded)
 			i = runtime.EncodeVarint(dAtA, i, uint64(len(encoded)))
 			i--
 			dAtA[i] = 0x1a
 		}
@ -1444,9 +1433,9 @@ func (x *fastReflection_MsgAllocateVault) ProtoMethods() *protoiface.Methods {
 				iNdEx = postIndex
 			case 3:
 				if wireType != 2 {
-					return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, fmt.Errorf("proto: wrong wireType = %d for field Token", wireType)
+					return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, fmt.Errorf("proto: wrong wireType = %d for field Origin", wireType)
 				}
-				var msglen int
+				var stringLen uint64
 				for shift := uint(0); ; shift += 7 {
 					if shift >= 64 {
 						return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, runtime.ErrIntOverflow
@ -1456,27 +1445,23 @@ func (x *fastReflection_MsgAllocateVault) ProtoMethods() *protoiface.Methods {
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
-					msglen |= int(b&0x7F) << shift
+					stringLen |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
 				}
-				if msglen < 0 {
+				intStringLen := int(stringLen)
 				if intStringLen < 0 {
 					return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, runtime.ErrInvalidLength
 				}
-				postIndex := iNdEx + msglen
+				postIndex := iNdEx + intStringLen
 				if postIndex < 0 {
 					return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, runtime.ErrInvalidLength
 				}
 				if postIndex > l {
 					return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, io.ErrUnexpectedEOF
 				}
-				if x.Token == nil {
+				x.Origin = string(dAtA[iNdEx:postIndex])
 					x.Token = &Token{}
 				}
 				if err := options.Unmarshal(dAtA[iNdEx:postIndex], x.Token); err != nil {
 					return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, err
 				}
 				iNdEx = postIndex
 			default:
 				iNdEx = preIndex
@ -1517,6 +1502,7 @@ var (
 	md_MsgAllocateVaultResponse                      protoreflect.MessageDescriptor
 	fd_MsgAllocateVaultResponse_cid                  protoreflect.FieldDescriptor
 	fd_MsgAllocateVaultResponse_expiry_block         protoreflect.FieldDescriptor
 	fd_MsgAllocateVaultResponse_registration_options protoreflect.FieldDescriptor
 )
 func init() {
@ -1524,6 +1510,7 @@ func init() {
 	md_MsgAllocateVaultResponse = File_did_v1_tx_proto.Messages().ByName("MsgAllocateVaultResponse")
 	fd_MsgAllocateVaultResponse_cid = md_MsgAllocateVaultResponse.Fields().ByName("cid")
 	fd_MsgAllocateVaultResponse_expiry_block = md_MsgAllocateVaultResponse.Fields().ByName("expiry_block")
 	fd_MsgAllocateVaultResponse_registration_options = md_MsgAllocateVaultResponse.Fields().ByName("registration_options")
 }
 var _ protoreflect.Message = (*fastReflection_MsgAllocateVaultResponse)(nil)
@ -1603,6 +1590,12 @@ func (x *fastReflection_MsgAllocateVaultResponse) Range(f func(protoreflect.Fiel
 			return
 		}
 	}
 	if x.RegistrationOptions != "" {
 		value := protoreflect.ValueOfString(x.RegistrationOptions)
 		if !f(fd_MsgAllocateVaultResponse_registration_options, value) {
 			return
 		}
 	}
 }
 // Has reports whether a field is populated.
@ -1622,6 +1615,8 @@ func (x *fastReflection_MsgAllocateVaultResponse) Has(fd protoreflect.FieldDescr
 		return x.Cid != ""
 	case "did.v1.MsgAllocateVaultResponse.expiry_block":
 		return x.ExpiryBlock != int64(0)
 	case "did.v1.MsgAllocateVaultResponse.registration_options":
 		return x.RegistrationOptions != ""
 	default:
 		if fd.IsExtension() {
 			panic(fmt.Errorf("proto3 declared messages do not support extensions: did.v1.MsgAllocateVaultResponse"))
@ -1642,6 +1637,8 @@ func (x *fastReflection_MsgAllocateVaultResponse) Clear(fd protoreflect.FieldDes
 		x.Cid = ""
 	case "did.v1.MsgAllocateVaultResponse.expiry_block":
 		x.ExpiryBlock = int64(0)
 	case "did.v1.MsgAllocateVaultResponse.registration_options":
 		x.RegistrationOptions = ""
 	default:
 		if fd.IsExtension() {
 			panic(fmt.Errorf("proto3 declared messages do not support extensions: did.v1.MsgAllocateVaultResponse"))
@ -1664,6 +1661,9 @@ func (x *fastReflection_MsgAllocateVaultResponse) Get(descriptor protoreflect.Fi
 	case "did.v1.MsgAllocateVaultResponse.expiry_block":
 		value := x.ExpiryBlock
 		return protoreflect.ValueOfInt64(value)
 	case "did.v1.MsgAllocateVaultResponse.registration_options":
 		value := x.RegistrationOptions
 		return protoreflect.ValueOfString(value)
 	default:
 		if descriptor.IsExtension() {
 			panic(fmt.Errorf("proto3 declared messages do not support extensions: did.v1.MsgAllocateVaultResponse"))
@ -1688,6 +1688,8 @@ func (x *fastReflection_MsgAllocateVaultResponse) Set(fd protoreflect.FieldDescr
 		x.Cid = value.Interface().(string)
 	case "did.v1.MsgAllocateVaultResponse.expiry_block":
 		x.ExpiryBlock = value.Int()
 	case "did.v1.MsgAllocateVaultResponse.registration_options":
 		x.RegistrationOptions = value.Interface().(string)
 	default:
 		if fd.IsExtension() {
 			panic(fmt.Errorf("proto3 declared messages do not support extensions: did.v1.MsgAllocateVaultResponse"))
@ -1712,6 +1714,8 @@ func (x *fastReflection_MsgAllocateVaultResponse) Mutable(fd protoreflect.FieldD
 		panic(fmt.Errorf("field cid of message did.v1.MsgAllocateVaultResponse is not mutable"))
 	case "did.v1.MsgAllocateVaultResponse.expiry_block":
 		panic(fmt.Errorf("field expiry_block of message did.v1.MsgAllocateVaultResponse is not mutable"))
 	case "did.v1.MsgAllocateVaultResponse.registration_options":
 		panic(fmt.Errorf("field registration_options of message did.v1.MsgAllocateVaultResponse is not mutable"))
 	default:
 		if fd.IsExtension() {
 			panic(fmt.Errorf("proto3 declared messages do not support extensions: did.v1.MsgAllocateVaultResponse"))
@ -1729,6 +1733,8 @@ func (x *fastReflection_MsgAllocateVaultResponse) NewField(fd protoreflect.Field
 		return protoreflect.ValueOfString("")
 	case "did.v1.MsgAllocateVaultResponse.expiry_block":
 		return protoreflect.ValueOfInt64(int64(0))
 	case "did.v1.MsgAllocateVaultResponse.registration_options":
 		return protoreflect.ValueOfString("")
 	default:
 		if fd.IsExtension() {
 			panic(fmt.Errorf("proto3 declared messages do not support extensions: did.v1.MsgAllocateVaultResponse"))
@ -1805,6 +1811,10 @@ func (x *fastReflection_MsgAllocateVaultResponse) ProtoMethods() *protoiface.Met
 		if x.ExpiryBlock != 0 {
 			n += 1 + runtime.Sov(uint64(x.ExpiryBlock))
 		}
 		l = len(x.RegistrationOptions)
 		if l > 0 {
 			n += 1 + l + runtime.Sov(uint64(l))
 		}
 		if x.unknownFields != nil {
 			n += len(x.unknownFields)
 		}
@ -1834,6 +1844,13 @@ func (x *fastReflection_MsgAllocateVaultResponse) ProtoMethods() *protoiface.Met
 			i -= len(x.unknownFields)
 			copy(dAtA[i:], x.unknownFields)
 		}
 		if len(x.RegistrationOptions) > 0 {
 			i -= len(x.RegistrationOptions)
 			copy(dAtA[i:], x.RegistrationOptions)
 			i = runtime.EncodeVarint(dAtA, i, uint64(len(x.RegistrationOptions)))
 			i--
 			dAtA[i] = 0x1a
 		}
 		if x.ExpiryBlock != 0 {
 			i = runtime.EncodeVarint(dAtA, i, uint64(x.ExpiryBlock))
 			i--
@ -1946,6 +1963,38 @@ func (x *fastReflection_MsgAllocateVaultResponse) ProtoMethods() *protoiface.Met
 						break
 					}
 				}
 			case 3:
 				if wireType != 2 {
 					return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, fmt.Errorf("proto: wrong wireType = %d for field RegistrationOptions", wireType)
 				}
 				var stringLen uint64
 				for shift := uint(0); ; shift += 7 {
 					if shift >= 64 {
 						return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, runtime.ErrIntOverflow
 					}
 					if iNdEx >= l {
 						return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, io.ErrUnexpectedEOF
 					}
 					b := dAtA[iNdEx]
 					iNdEx++
 					stringLen |= uint64(b&0x7F) << shift
 					if b < 0x80 {
 						break
 					}
 				}
 				intStringLen := int(stringLen)
 				if intStringLen < 0 {
 					return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, runtime.ErrInvalidLength
 				}
 				postIndex := iNdEx + intStringLen
 				if postIndex < 0 {
 					return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, runtime.ErrInvalidLength
 				}
 				if postIndex > l {
 					return protoiface.UnmarshalOutput{NoUnkeyedLiterals: input.NoUnkeyedLiterals, Flags: input.Flags}, io.ErrUnexpectedEOF
 				}
 				x.RegistrationOptions = string(dAtA[iNdEx:postIndex])
 				iNdEx = postIndex
 			default:
 				iNdEx = preIndex
 				skippy, err := runtime.Skip(dAtA[iNdEx:])
@ -8389,8 +8438,8 @@ type MsgAllocateVault struct {
 	Authority string `protobuf:"bytes,1,opt,name=authority,proto3" json:"authority,omitempty"`
 	// subject is a unique human-defined identifier to associate with the vault.
 	Subject string `protobuf:"bytes,2,opt,name=subject,proto3" json:"subject,omitempty"`
-	// token is the macron token to authenticate the operation.
+	// origin is the origin of the request in wildcard form.
-	Token *Token `protobuf:"bytes,3,opt,name=token,proto3" json:"token,omitempty"`
+	Origin string `protobuf:"bytes,3,opt,name=origin,proto3" json:"origin,omitempty"`
 }
 func (x *MsgAllocateVault) Reset() {
@ -8427,11 +8476,11 @@ func (x *MsgAllocateVault) GetSubject() string {
 	return ""
 }
-func (x *MsgAllocateVault) GetToken() *Token {
+func (x *MsgAllocateVault) GetOrigin() string {
 	if x != nil {
-		return x.Token
+		return x.Origin
 	}
-	return nil
+	return ""
 }
 // MsgAllocateVaultResponse is the response type for the AllocateVault RPC.
@ -8444,6 +8493,8 @@ type MsgAllocateVaultResponse struct {
 	Cid string `protobuf:"bytes,1,opt,name=cid,proto3" json:"cid,omitempty"`
 	// ExpiryBlock is the block number at which the vault will expire.
 	ExpiryBlock int64 `protobuf:"varint,2,opt,name=expiry_block,json=expiryBlock,proto3" json:"expiry_block,omitempty"`
 	// RegistrationOptions is a json string of the PublicKeyCredentialCreationOptions for WebAuthn
 	RegistrationOptions string `protobuf:"bytes,3,opt,name=registration_options,json=registrationOptions,proto3" json:"registration_options,omitempty"`
 }
 func (x *MsgAllocateVaultResponse) Reset() {
@ -8480,6 +8531,13 @@ func (x *MsgAllocateVaultResponse) GetExpiryBlock() int64 {
 	return 0
 }
 func (x *MsgAllocateVaultResponse) GetRegistrationOptions() string {
 	if x != nil {
 		return x.RegistrationOptions
 	}
 	return ""
 }
 // MsgProveWitness is the message type for the ProveWitness RPC.
 type MsgProveWitness struct {
 	state         protoimpl.MessageState
@ -9057,191 +9115,192 @@ var file_did_v1_tx_proto_rawDesc = []byte{
 	0x6f, 0x12, 0x06, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x1a, 0x17, 0x63, 0x6f, 0x73, 0x6d, 0x6f,
 	0x73, 0x2f, 0x6d, 0x73, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x6d, 0x73, 0x67, 0x2e, 0x70, 0x72, 0x6f,
 	0x74, 0x6f, 0x1a, 0x19, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
-	0x2f, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x16, 0x64,
+	0x2f, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x14, 0x64,
-	0x69, 0x64, 0x2f, 0x76, 0x31, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x74, 0x73, 0x2e,
+	0x69, 0x64, 0x2f, 0x76, 0x31, 0x2f, 0x67, 0x65, 0x6e, 0x65, 0x73, 0x69, 0x73, 0x2e, 0x70, 0x72,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x14, 0x64, 0x69, 0x64, 0x2f, 0x76, 0x31, 0x2f, 0x67, 0x65,
+	0x6f, 0x74, 0x6f, 0x1a, 0x13, 0x64, 0x69, 0x64, 0x2f, 0x76, 0x31, 0x2f, 0x6d, 0x6f, 0x64, 0x65,
-	0x6e, 0x65, 0x73, 0x69, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x13, 0x64, 0x69, 0x64,
+	0x6c, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x14, 0x67, 0x6f, 0x67, 0x6f, 0x70, 0x72,
-	0x2f, 0x76, 0x31, 0x2f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x67, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xac,
-	0x1a, 0x14, 0x67, 0x6f, 0x67, 0x6f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x67, 0x6f,
+	0x01, 0x0a, 0x0f, 0x4d, 0x73, 0x67, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x61, 0x72, 0x61,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xac, 0x01, 0x0a, 0x0f, 0x4d, 0x73, 0x67, 0x55, 0x70,
+	0x6d, 0x73, 0x12, 0x36, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18,
-	0x64, 0x61, 0x74, 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, 0x36, 0x0a, 0x09, 0x61, 0x75,
+	0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f,
-	0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2,
+	0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52,
-	0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73,
+	0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x2c, 0x0a, 0x06, 0x70, 0x61,
-	0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
+	0x72, 0x61, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x64, 0x69, 0x64,
-	0x74, 0x79, 0x12, 0x2c, 0x0a, 0x06, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x01,
+	0x2e, 0x76, 0x31, 0x2e, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x42, 0x04, 0xc8, 0xde, 0x1f, 0x00,
-	0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x61, 0x72, 0x61,
+	0x52, 0x06, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, 0x23, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65,
-	0x6d, 0x73, 0x42, 0x04, 0xc8, 0xde, 0x1f, 0x00, 0x52, 0x06, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73,
+	0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31,
-	0x12, 0x23, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32,
+	0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x3a, 0x0e, 0x82,
-	0x0d, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05,
+	0xe7, 0xb0, 0x2a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0x19, 0x0a,
-	0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x3a, 0x0e, 0x82, 0xe7, 0xb0, 0x2a, 0x09, 0x61, 0x75, 0x74, 0x68,
+	0x17, 0x4d, 0x73, 0x67, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73,
-	0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0x19, 0x0a, 0x17, 0x4d, 0x73, 0x67, 0x55, 0x70, 0x64, 0x61,
+	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x8c, 0x01, 0x0a, 0x10, 0x4d, 0x73, 0x67,
-	0x74, 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
+	0x41, 0x6c, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x65, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x36, 0x0a,
-	0x22, 0x99, 0x01, 0x0a, 0x10, 0x4d, 0x73, 0x67, 0x41, 0x6c, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x65,
+	0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x56, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x36, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
+	0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64,
-	0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f,
+	0x72, 0x65, 0x73, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68,
 	0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74,
 	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12,
 	0x16, 0x0a, 0x06, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
 	0x06, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x3a, 0x0e, 0x82, 0xe7, 0xb0, 0x2a, 0x09, 0x61, 0x75,
 	0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0x82, 0x01, 0x0a, 0x18, 0x4d, 0x73, 0x67, 0x41,
 	0x6c, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x65, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x52, 0x65, 0x73, 0x70,
 	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28,
 	0x09, 0x52, 0x03, 0x63, 0x69, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x65, 0x78, 0x70, 0x69, 0x72, 0x79,
 	0x5f, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x65, 0x78,
 	0x70, 0x69, 0x72, 0x79, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x12, 0x31, 0x0a, 0x14, 0x72, 0x65, 0x67,
 	0x69, 0x73, 0x74, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
 	0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72,
 	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xb4, 0x01, 0x0a,
 	0x0f, 0x4d, 0x73, 0x67, 0x50, 0x72, 0x6f, 0x76, 0x65, 0x57, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73,
 	0x12, 0x36, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20,
 	0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e,
 	0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x09, 0x61,
 	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x70,
 	0x65, 0x72, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x70,
 	0x65, 0x72, 0x74, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x77, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x18,
 	0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x77, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x12, 0x23,
 	0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e,
 	0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05, 0x74, 0x6f,
 	0x6b, 0x65, 0x6e, 0x3a, 0x0e, 0x82, 0xe7, 0xb0, 0x2a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72,
 	0x69, 0x74, 0x79, 0x22, 0x4f, 0x0a, 0x17, 0x4d, 0x73, 0x67, 0x50, 0x72, 0x6f, 0x76, 0x65, 0x57,
 	0x69, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18,
 	0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52,
 	0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x70,
 	0x65, 0x72, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x70,
 	0x65, 0x72, 0x74, 0x79, 0x22, 0x7e, 0x0a, 0x0c, 0x4d, 0x73, 0x67, 0x53, 0x79, 0x6e, 0x63, 0x56,
 	0x61, 0x75, 0x6c, 0x74, 0x12, 0x38, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c,
 	0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f,
 	0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x74, 0x72, 0x69,
-	0x6e, 0x67, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x18, 0x0a,
+	0x6e, 0x67, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, 0x23,
-	0x07, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07,
+	0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e,
-	0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x12, 0x23, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e,
+	0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05, 0x74, 0x6f,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e,
+	0x6b, 0x65, 0x6e, 0x3a, 0x0f, 0x82, 0xe7, 0xb0, 0x2a, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f,
-	0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x3a, 0x0e, 0x82, 0xe7,
+	0x6c, 0x6c, 0x65, 0x72, 0x22, 0x30, 0x0a, 0x14, 0x4d, 0x73, 0x67, 0x53, 0x79, 0x6e, 0x63, 0x56,
-	0xb0, 0x2a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0x4f, 0x0a, 0x18,
+	0x61, 0x75, 0x6c, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07,
-	0x4d, 0x73, 0x67, 0x41, 0x6c, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x65, 0x56, 0x61, 0x75, 0x6c, 0x74,
+	0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73,
-	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18,
+	0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x22, 0xea, 0x01, 0x0a, 0x15, 0x4d, 0x73, 0x67, 0x52, 0x65,
-	0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x63, 0x69, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x65, 0x78,
+	0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72,
-	0x70, 0x69, 0x72, 0x79, 0x5f, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03,
+	0x12, 0x36, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20,
-	0x52, 0x0b, 0x65, 0x78, 0x70, 0x69, 0x72, 0x79, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x22, 0xb4, 0x01,
+	0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e,
-	0x0a, 0x0f, 0x4d, 0x73, 0x67, 0x50, 0x72, 0x6f, 0x76, 0x65, 0x57, 0x69, 0x74, 0x6e, 0x65, 0x73,
+	0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x09, 0x61,
-	0x73, 0x12, 0x36, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01,
+	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64, 0x18,
-	0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73,
+	0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x63, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x72,
-	0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x09,
+	0x69, 0x67, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6f, 0x72, 0x69, 0x67,
-	0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f,
+	0x69, 0x6e, 0x12, 0x3a, 0x0a, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61,
-	0x70, 0x65, 0x72, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f,
+	0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x64, 0x69, 0x64,
-	0x70, 0x65, 0x72, 0x74, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x77, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73,
+	0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x52, 0x0e,
-	0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x77, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x12,
+	0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x23,
-	0x23, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d,
+	0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e,
-	0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05, 0x74,
+	0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05, 0x74, 0x6f,
-	0x6f, 0x6b, 0x65, 0x6e, 0x3a, 0x0e, 0x82, 0xe7, 0xb0, 0x2a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f,
+	0x6b, 0x65, 0x6e, 0x3a, 0x0e, 0x82, 0xe7, 0xb0, 0x2a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72,
-	0x72, 0x69, 0x74, 0x79, 0x22, 0x4f, 0x0a, 0x17, 0x4d, 0x73, 0x67, 0x50, 0x72, 0x6f, 0x76, 0x65,
+	0x69, 0x74, 0x79, 0x22, 0x81, 0x02, 0x0a, 0x1d, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x67, 0x69, 0x73,
-	0x57, 0x69, 0x74, 0x6e, 0x65, 0x73, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12,
+	0x74, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x52, 0x65, 0x73,
-	0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73,
-	0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12,
-	0x70, 0x65, 0x72, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f,
+	0x38, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x18, 0x02, 0x20,
-	0x70, 0x65, 0x72, 0x74, 0x79, 0x22, 0x7e, 0x0a, 0x0c, 0x4d, 0x73, 0x67, 0x53, 0x79, 0x6e, 0x63,
+	0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e,
-	0x56, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x38, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c,
+	0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x0a, 0x63,
-	0x6c, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63,
+	0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, 0x4f, 0x0a, 0x08, 0x61, 0x63, 0x63,
-	0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x74, 0x72,
+	0x6f, 0x75, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x64, 0x69,
-	0x69, 0x6e, 0x67, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12,
+	0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72,
-	0x23, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d,
+	0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
-	0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05, 0x74,
+	0x73, 0x65, 0x2e, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79,
-	0x6f, 0x6b, 0x65, 0x6e, 0x3a, 0x0f, 0x82, 0xe7, 0xb0, 0x2a, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x72,
+	0x52, 0x08, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x1a, 0x3b, 0x0a, 0x0d, 0x41, 0x63,
-	0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x22, 0x30, 0x0a, 0x14, 0x4d, 0x73, 0x67, 0x53, 0x79, 0x6e, 0x63,
+	0x63, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b,
-	0x56, 0x61, 0x75, 0x6c, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a,
+	0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a,
-	0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07,
+	0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61,
-	0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x22, 0xea, 0x01, 0x0a, 0x15, 0x4d, 0x73, 0x67, 0x52,
+	0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x81, 0x02, 0x0a, 0x0c, 0x4d, 0x73, 0x67, 0x41,
-	0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65,
+	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x12, 0x36, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68,
-	0x72, 0x12, 0x36, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01,
+	0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d,
-	0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73,
+	0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53,
-	0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x09,
+	0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79,
 	0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x69, 0x64,
 	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x63, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x6f,
 	0x72, 0x69, 0x67, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6f, 0x72, 0x69,
 	0x67, 0x69, 0x6e, 0x12, 0x3a, 0x0a, 0x0e, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63,
 	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x64, 0x69,
 	0x64, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x52,
 	0x0e, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12,
 	0x23, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d,
 	0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05, 0x74,
 	0x6f, 0x6b, 0x65, 0x6e, 0x3a, 0x0e, 0x82, 0xe7, 0xb0, 0x2a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f,
 	0x72, 0x69, 0x74, 0x79, 0x22, 0x81, 0x02, 0x0a, 0x1d, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x67, 0x69,
 	0x73, 0x74, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x52, 0x65,
 	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73,
 	0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73,
 	0x12, 0x38, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x18, 0x02,
 	0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73,
 	0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x0a,
-	0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, 0x4f, 0x0a, 0x08, 0x61, 0x63,
+	0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, 0x32, 0x0a, 0x07, 0x61, 0x64,
-	0x63, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x64,
+	0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d,
 	0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53,
 	0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x16,
 	0x0a, 0x06, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06,
 	0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x12, 0x23, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18,
 	0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x54,
 	0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x3a, 0x0e, 0x82, 0xe7, 0xb0,
 	0x2a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0x55, 0x0a, 0x14, 0x4d,
 	0x73, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f,
 	0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x01,
 	0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x23, 0x0a,
 	0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x64,
 	0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05, 0x74, 0x6f, 0x6b,
 	0x65, 0x6e, 0x22, 0xc4, 0x03, 0x0a, 0x12, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74,
 	0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x38, 0x0a, 0x0a, 0x63, 0x6f, 0x6e,
 	0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2,
 	0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73,
 	0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c,
 	0x6c, 0x65, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x5f, 0x75, 0x72,
 	0x69, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x55,
 	0x72, 0x69, 0x12, 0x2b, 0x0a, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01,
 	0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x6d,
 	0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12,
 	0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04,
 	0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f,
 	0x6e, 0x12, 0x5d, 0x0a, 0x11, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x65, 0x6e, 0x64,
 	0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x64,
 	0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65,
-	0x72, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f,
+	0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
-	0x6e, 0x73, 0x65, 0x2e, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72,
+	0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x10,
-	0x79, 0x52, 0x08, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x1a, 0x3b, 0x0a, 0x0d, 0x41,
+	0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73,
-	0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
+	0x12, 0x2c, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x06, 0x20, 0x01,
 	0x28, 0x0b, 0x32, 0x10, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x74, 0x61,
 	0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x23,
 	0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e,
 	0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05, 0x74, 0x6f,
 	0x6b, 0x65, 0x6e, 0x1a, 0x43, 0x0a, 0x15, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e,
 	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03,
 	0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14,
 	0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76,
-	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x81, 0x02, 0x0a, 0x0c, 0x4d, 0x73, 0x67,
+	0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x3a, 0x0f, 0x82, 0xe7, 0xb0, 0x2a, 0x0a, 0x63,
-	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x12, 0x36, 0x0a, 0x09, 0x61, 0x75, 0x74,
+	0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x22, 0x48, 0x0a, 0x1a, 0x4d, 0x73, 0x67,
-	0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4,
+	0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52,
-	0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73,
+	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65,
-	0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74,
+	0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73,
-	0x79, 0x12, 0x38, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x18,
+	0x73, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03,
-	0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f,
+	0x64, 0x69, 0x64, 0x32, 0xd4, 0x03, 0x0a, 0x03, 0x4d, 0x73, 0x67, 0x12, 0x48, 0x0a, 0x0c, 0x55,
-	0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52,
+	0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, 0x17, 0x2e, 0x64, 0x69,
-	0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, 0x32, 0x0a, 0x07, 0x61,
+	0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x61,
-	0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18, 0xd2, 0xb4,
+	0x72, 0x61, 0x6d, 0x73, 0x1a, 0x1f, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73,
-	0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73,
+	0x67, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x52, 0x65, 0x73,
-	0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12,
+	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x09, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
-	0x16, 0x0a, 0x06, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x7a, 0x65, 0x12, 0x14, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x41,
-	0x06, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x12, 0x23, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e,
+	0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x1a, 0x1c, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76,
-	0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e,
+	0x31, 0x2e, 0x4d, 0x73, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x52, 0x65,
-	0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x3a, 0x0e, 0x82, 0xe7,
+	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4b, 0x0a, 0x0d, 0x41, 0x6c, 0x6c, 0x6f, 0x63, 0x61,
-	0xb0, 0x2a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0x55, 0x0a, 0x14,
+	0x74, 0x65, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x18, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31,
-	0x4d, 0x73, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x52, 0x65, 0x73, 0x70,
+	0x2e, 0x4d, 0x73, 0x67, 0x41, 0x6c, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x65, 0x56, 0x61, 0x75, 0x6c,
-	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x18,
+	0x74, 0x1a, 0x20, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x41, 0x6c,
-	0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x23,
+	0x6c, 0x6f, 0x63, 0x61, 0x74, 0x65, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d, 0x2e,
+	0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x09, 0x53, 0x79, 0x6e, 0x63, 0x56, 0x61, 0x75, 0x6c, 0x74,
-	0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05, 0x74, 0x6f,
+	0x12, 0x14, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x53, 0x79, 0x6e,
-	0x6b, 0x65, 0x6e, 0x22, 0xc4, 0x03, 0x0a, 0x12, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x67, 0x69, 0x73,
+	0x63, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x1a, 0x1c, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e,
-	0x74, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x38, 0x0a, 0x0a, 0x63, 0x6f,
+	0x4d, 0x73, 0x67, 0x53, 0x79, 0x6e, 0x63, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x52, 0x65, 0x73, 0x70,
-	0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x18,
+	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5a, 0x0a, 0x12, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72,
-	0xd2, 0xb4, 0x2d, 0x14, 0x63, 0x6f, 0x73, 0x6d, 0x6f, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65,
+	0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, 0x1d, 0x2e, 0x64, 0x69, 0x64,
 	0x73, 0x73, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f,
 	0x6c, 0x6c, 0x65, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x5f, 0x75,
 	0x72, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e,
 	0x55, 0x72, 0x69, 0x12, 0x2b, 0x0a, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x18, 0x03, 0x20,
 	0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x65, 0x72,
 	0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73,
 	0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18,
 	0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69,
 	0x6f, 0x6e, 0x12, 0x5d, 0x0a, 0x11, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x65, 0x6e,
 	0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e,
 	0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74,
 	0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63,
 	0x65, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52,
 	0x10, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74,
 	0x73, 0x12, 0x2c, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x06, 0x20,
 	0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x74,
 	0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12,
 	0x23, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0d,
 	0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05, 0x74,
 	0x6f, 0x6b, 0x65, 0x6e, 0x1a, 0x43, 0x0a, 0x15, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45,
 	0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a,
 	0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12,
 	0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05,
 	0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x3a, 0x0f, 0x82, 0xe7, 0xb0, 0x2a, 0x0a,
 	0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x22, 0x48, 0x0a, 0x1a, 0x4d, 0x73,
 	0x67, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
 	0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63,
 	0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65,
 	0x73, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
 	0x03, 0x64, 0x69, 0x64, 0x32, 0xd4, 0x03, 0x0a, 0x03, 0x4d, 0x73, 0x67, 0x12, 0x48, 0x0a, 0x0c,
 	0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, 0x17, 0x2e, 0x64,
 	0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50,
 	0x61, 0x72, 0x61, 0x6d, 0x73, 0x1a, 0x1f, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d,
 	0x73, 0x67, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x52, 0x65,
 	0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x09, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
 	0x69, 0x7a, 0x65, 0x12, 0x14, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67,
 	0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x1a, 0x1c, 0x2e, 0x64, 0x69, 0x64, 0x2e,
 	0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x52,
 	0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4b, 0x0a, 0x0d, 0x41, 0x6c, 0x6c, 0x6f, 0x63,
 	0x61, 0x74, 0x65, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x18, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76,
 	0x31, 0x2e, 0x4d, 0x73, 0x67, 0x41, 0x6c, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x65, 0x56, 0x61, 0x75,
 	0x6c, 0x74, 0x1a, 0x20, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x41,
 	0x6c, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x65, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x52, 0x65, 0x73, 0x70,
 	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x09, 0x53, 0x79, 0x6e, 0x63, 0x56, 0x61, 0x75, 0x6c,
 	0x74, 0x12, 0x14, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x53, 0x79,
 	0x6e, 0x63, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x1a, 0x1c, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31,
 	0x2e, 0x4d, 0x73, 0x67, 0x53, 0x79, 0x6e, 0x63, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x52, 0x65, 0x73,
 	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5a, 0x0a, 0x12, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65,
 	0x72, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, 0x1d, 0x2e, 0x64, 0x69,
 	0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72,
 	0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x1a, 0x25, 0x2e, 0x64, 0x69, 0x64,
 	0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43,
-	0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
+	0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x1a, 0x25, 0x2e, 0x64, 0x69, 0x64, 0x2e,
-	0x65, 0x12, 0x51, 0x0a, 0x0f, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x53, 0x65, 0x72,
+	0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x43, 0x6f,
-	0x76, 0x69, 0x63, 0x65, 0x12, 0x1a, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73,
+	0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
-	0x67, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
+	0x12, 0x51, 0x0a, 0x0f, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76,
-	0x1a, 0x22, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x67,
+	0x69, 0x63, 0x65, 0x12, 0x1a, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67,
-	0x69, 0x73, 0x74, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70,
+	0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a,
-	0x6f, 0x6e, 0x73, 0x65, 0x1a, 0x05, 0x80, 0xe7, 0xb0, 0x2a, 0x01, 0x42, 0x77, 0x0a, 0x0a, 0x63,
+	0x22, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x73, 0x67, 0x52, 0x65, 0x67, 0x69,
-	0x6f, 0x6d, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x42, 0x07, 0x54, 0x78, 0x50, 0x72, 0x6f,
+	0x73, 0x74, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f,
-	0x74, 0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d,
+	0x6e, 0x73, 0x65, 0x1a, 0x05, 0x80, 0xe7, 0xb0, 0x2a, 0x01, 0x42, 0x77, 0x0a, 0x0a, 0x63, 0x6f,
-	0x2f, 0x6f, 0x6e, 0x73, 0x6f, 0x6e, 0x72, 0x2f, 0x73, 0x6f, 0x6e, 0x72, 0x2f, 0x61, 0x70, 0x69,
+	0x6d, 0x2e, 0x64, 0x69, 0x64, 0x2e, 0x76, 0x31, 0x42, 0x07, 0x54, 0x78, 0x50, 0x72, 0x6f, 0x74,
-	0x2f, 0x64, 0x69, 0x64, 0x2f, 0x76, 0x31, 0x3b, 0x64, 0x69, 0x64, 0x76, 0x31, 0xa2, 0x02, 0x03,
+	0x6f, 0x50, 0x01, 0x5a, 0x27, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
-	0x44, 0x58, 0x58, 0xaa, 0x02, 0x06, 0x44, 0x69, 0x64, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x06, 0x44,
+	0x6f, 0x6e, 0x73, 0x6f, 0x6e, 0x72, 0x2f, 0x73, 0x6f, 0x6e, 0x72, 0x2f, 0x61, 0x70, 0x69, 0x2f,
-	0x69, 0x64, 0x5c, 0x56, 0x31, 0xe2, 0x02, 0x12, 0x44, 0x69, 0x64, 0x5c, 0x56, 0x31, 0x5c, 0x47,
+	0x64, 0x69, 0x64, 0x2f, 0x76, 0x31, 0x3b, 0x64, 0x69, 0x64, 0x76, 0x31, 0xa2, 0x02, 0x03, 0x44,
-	0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x07, 0x44, 0x69, 0x64,
+	0x58, 0x58, 0xaa, 0x02, 0x06, 0x44, 0x69, 0x64, 0x2e, 0x56, 0x31, 0xca, 0x02, 0x06, 0x44, 0x69,
-	0x3a, 0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x64, 0x5c, 0x56, 0x31, 0xe2, 0x02, 0x12, 0x44, 0x69, 0x64, 0x5c, 0x56, 0x31, 0x5c, 0x47, 0x50,
 	0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x07, 0x44, 0x69, 0x64, 0x3a,
 	0x3a, 0x56, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 var (
@ -9283,35 +9342,34 @@ var file_did_v1_tx_proto_goTypes = []interface{}{
 var file_did_v1_tx_proto_depIdxs = []int32{
 	16, // 0: did.v1.MsgUpdateParams.params:type_name -> did.v1.Params
 	17, // 1: did.v1.MsgUpdateParams.token:type_name -> did.v1.Token
-	17, // 2: did.v1.MsgAllocateVault.token:type_name -> did.v1.Token
+	17, // 2: did.v1.MsgProveWitness.token:type_name -> did.v1.Token
-	17, // 3: did.v1.MsgProveWitness.token:type_name -> did.v1.Token
+	17, // 3: did.v1.MsgSyncVault.token:type_name -> did.v1.Token
-	17, // 4: did.v1.MsgSyncVault.token:type_name -> did.v1.Token
+	18, // 4: did.v1.MsgRegisterController.authentication:type_name -> did.v1.Credential
-	18, // 5: did.v1.MsgRegisterController.authentication:type_name -> did.v1.Credential
+	17, // 5: did.v1.MsgRegisterController.token:type_name -> did.v1.Token
-	17, // 6: did.v1.MsgRegisterController.token:type_name -> did.v1.Token
+	14, // 6: did.v1.MsgRegisterControllerResponse.accounts:type_name -> did.v1.MsgRegisterControllerResponse.AccountsEntry
-	14, // 7: did.v1.MsgRegisterControllerResponse.accounts:type_name -> did.v1.MsgRegisterControllerResponse.AccountsEntry
+	17, // 7: did.v1.MsgAuthorize.token:type_name -> did.v1.Token
-	17, // 8: did.v1.MsgAuthorize.token:type_name -> did.v1.Token
+	17, // 8: did.v1.MsgAuthorizeResponse.token:type_name -> did.v1.Token
-	17, // 9: did.v1.MsgAuthorizeResponse.token:type_name -> did.v1.Token
+	19, // 9: did.v1.MsgRegisterService.scopes:type_name -> did.v1.Permissions
-	19, // 10: did.v1.MsgRegisterService.scopes:type_name -> did.v1.Permissions
+	15, // 10: did.v1.MsgRegisterService.service_endpoints:type_name -> did.v1.MsgRegisterService.ServiceEndpointsEntry
-	15, // 11: did.v1.MsgRegisterService.service_endpoints:type_name -> did.v1.MsgRegisterService.ServiceEndpointsEntry
+	20, // 11: did.v1.MsgRegisterService.metadata:type_name -> did.v1.Metadata
-	20, // 12: did.v1.MsgRegisterService.metadata:type_name -> did.v1.Metadata
+	17, // 12: did.v1.MsgRegisterService.token:type_name -> did.v1.Token
-	17, // 13: did.v1.MsgRegisterService.token:type_name -> did.v1.Token
+	0,  // 13: did.v1.Msg.UpdateParams:input_type -> did.v1.MsgUpdateParams
-	0,  // 14: did.v1.Msg.UpdateParams:input_type -> did.v1.MsgUpdateParams
+	10, // 14: did.v1.Msg.Authorize:input_type -> did.v1.MsgAuthorize
-	10, // 15: did.v1.Msg.Authorize:input_type -> did.v1.MsgAuthorize
+	2,  // 15: did.v1.Msg.AllocateVault:input_type -> did.v1.MsgAllocateVault
-	2,  // 16: did.v1.Msg.AllocateVault:input_type -> did.v1.MsgAllocateVault
+	6,  // 16: did.v1.Msg.SyncVault:input_type -> did.v1.MsgSyncVault
-	6,  // 17: did.v1.Msg.SyncVault:input_type -> did.v1.MsgSyncVault
+	8,  // 17: did.v1.Msg.RegisterController:input_type -> did.v1.MsgRegisterController
-	8,  // 18: did.v1.Msg.RegisterController:input_type -> did.v1.MsgRegisterController
+	12, // 18: did.v1.Msg.RegisterService:input_type -> did.v1.MsgRegisterService
-	12, // 19: did.v1.Msg.RegisterService:input_type -> did.v1.MsgRegisterService
+	1,  // 19: did.v1.Msg.UpdateParams:output_type -> did.v1.MsgUpdateParamsResponse
-	1,  // 20: did.v1.Msg.UpdateParams:output_type -> did.v1.MsgUpdateParamsResponse
+	11, // 20: did.v1.Msg.Authorize:output_type -> did.v1.MsgAuthorizeResponse
-	11, // 21: did.v1.Msg.Authorize:output_type -> did.v1.MsgAuthorizeResponse
+	3,  // 21: did.v1.Msg.AllocateVault:output_type -> did.v1.MsgAllocateVaultResponse
-	3,  // 22: did.v1.Msg.AllocateVault:output_type -> did.v1.MsgAllocateVaultResponse
+	7,  // 22: did.v1.Msg.SyncVault:output_type -> did.v1.MsgSyncVaultResponse
-	7,  // 23: did.v1.Msg.SyncVault:output_type -> did.v1.MsgSyncVaultResponse
+	9,  // 23: did.v1.Msg.RegisterController:output_type -> did.v1.MsgRegisterControllerResponse
-	9,  // 24: did.v1.Msg.RegisterController:output_type -> did.v1.MsgRegisterControllerResponse
+	13, // 24: did.v1.Msg.RegisterService:output_type -> did.v1.MsgRegisterServiceResponse
-	13, // 25: did.v1.Msg.RegisterService:output_type -> did.v1.MsgRegisterServiceResponse
+	19, // [19:25] is the sub-list for method output_type
-	20, // [20:26] is the sub-list for method output_type
+	13, // [13:19] is the sub-list for method input_type
-	14, // [14:20] is the sub-list for method input_type
+	13, // [13:13] is the sub-list for extension type_name
-	14, // [14:14] is the sub-list for extension type_name
+	13, // [13:13] is the sub-list for extension extendee
-	14, // [14:14] is the sub-list for extension extendee
+	0,  // [0:13] is the sub-list for field type_name
 	0,  // [0:14] is the sub-list for field type_name
 }
 func init() { file_did_v1_tx_proto_init() }
@ -9319,7 +9377,6 @@ func file_did_v1_tx_proto_init() {
 	if File_did_v1_tx_proto != nil {
 		return
 	}
 	file_did_v1_constants_proto_init()
 	file_did_v1_genesis_proto_init()
 	file_did_v1_models_proto_init()
 	if !protoimpl.UnsafeEnabled {
--- a/app/app.go
+++ b/app/app.go
@ -1123,6 +1123,9 @@ func NewChainApp(
 		_ = ctx
 	}
 	// Start the frontend
 	// go app.ServeFrontend()
 	return app
 }
--- a/cmd/dwn/index.templ
+++ b/cmd/dwn/index.templ
@ -0,0 +1,28 @@
 package main
 templ VaultIndex() {
 	<!DOCTYPE html>
 	<html lang="en">
 		<head>
 			<meta charset="UTF-8"/>
 			<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
 			<title>Sonr Vault</title>
 			<script>
      navigator.serviceWorker.register({ swPath });
      // Skip installed stage and jump to activating stage
      addEventListener("install", (event) => {
        event.waitUntil(skipWaiting());
      });
      // Start controlling clients as soon as the SW is activated
      addEventListener("activate", (event) => {
        event.waitUntil(clients.claim());
      });
    </script>
 		</head>
 		<body>
 			<h1>Sonr Vault</h1>
 		</body>
 	</html>
 }
--- a/cmd/dwn/index_templ.go
+++ b/cmd/dwn/index_templ.go
@ -0,0 +1,37 @@
 // Code generated by templ - DO NOT EDIT.
 // templ: version: v0.2.771
 package main
 //lint:file-ignore SA4006 This context is only used if a nested component is present.
 import "github.com/a-h/templ"
 import templruntime "github.com/a-h/templ/runtime"
 func VaultIndex() templ.Component {
 	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
 		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
 		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
 		if !templ_7745c5c3_IsBuffer {
 			defer func() {
 				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
 				if templ_7745c5c3_Err == nil {
 					templ_7745c5c3_Err = templ_7745c5c3_BufErr
 				}
 			}()
 		}
 		ctx = templ.InitializeContext(ctx)
 		templ_7745c5c3_Var1 := templ.GetChildren(ctx)
 		if templ_7745c5c3_Var1 == nil {
 			templ_7745c5c3_Var1 = templ.NopComponent
 		}
 		ctx = templ.ClearChildren(ctx)
 		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString("<!doctype html><html lang=\"en\"><head><meta charset=\"UTF-8\"><meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\"><title>Sonr Vault</title><script>\n      navigator.serviceWorker.register({ swPath });\n\n      // Skip installed stage and jump to activating stage\n      addEventListener(\"install\", (event) => {\n        event.waitUntil(skipWaiting());\n      });\n\n      // Start controlling clients as soon as the SW is activated\n      addEventListener(\"activate\", (event) => {\n        event.waitUntil(clients.claim());\n      });\n    </script></head><body><h1>Sonr Vault</h1></body></html>")
 		if templ_7745c5c3_Err != nil {
 			return templ_7745c5c3_Err
 		}
 		return templ_7745c5c3_Err
 	})
 }
 var _ = templruntime.GeneratedTemplate
--- a/cmd/dwn/main.go
+++ b/cmd/dwn/main.go
@ -0,0 +1,43 @@
 //go:build js && wasm
 // +build js,wasm
 package main
 import (
 	"errors"
 	"github.com/labstack/echo/v4"
 	wasmhttp "github.com/nlepage/go-wasm-http-server"
 	"github.com/onsonr/sonr/internal/db"
 )
 var edb *db.DB
 func main() {
 	// Initialize the database
 	initDB()
 	e := echo.New()
 	e.POST("/api/insert/:account/:address", itemsHandler)
 	wasmhttp.Serve(e)
 }
 func initDB() {
 	var err error
 	edb, err = db.Open(db.New())
 	if err != nil {
 		panic(err.Error())
 	}
 }
 func itemsHandler(e echo.Context) error {
 	switch e.Request().Method {
 	case "GET":
 	case "POST":
 		edb.AddAccount(e.Param("account"), e.Param("address"))
 	default:
 		e.Error(errors.New("Method not allowed"))
 	}
 	return e.JSON(200, "OK")
 }
--- a/cmd/sonrd/main.go
+++ b/cmd/sonrd/main.go
@ -13,7 +13,7 @@ import (
 func main() {
 	rootCmd := NewRootCmd()
-	rootCmd.AddCommand(tui.NewBuildProtoMsgCmd())
+	rootCmd.AddCommand(tui.NewTUIDashboardCmd())
 	// rootCmd.AddCommand(tui.NewExplorerCmd())
 	if err := svrcmd.Execute(rootCmd, "", app.DefaultNodeHome); err != nil {
--- a/cmd/sonrd/root.go
+++ b/cmd/sonrd/root.go
@ -3,11 +3,8 @@ package main
 import (
 	"os"
 	dbm "github.com/cosmos/cosmos-db"
 	"github.com/spf13/cobra"
 	"cosmossdk.io/log"
-
+	dbm "github.com/cosmos/cosmos-db"
 	"github.com/cosmos/cosmos-sdk/client"
 	"github.com/cosmos/cosmos-sdk/client/config"
 	"github.com/cosmos/cosmos-sdk/crypto/keyring"
@ -19,11 +16,10 @@ import (
 	"github.com/cosmos/cosmos-sdk/x/auth/tx"
 	txmodule "github.com/cosmos/cosmos-sdk/x/auth/tx/config"
 	authtypes "github.com/cosmos/cosmos-sdk/x/auth/types"
 	"github.com/spf13/cobra"
 	"github.com/onsonr/sonr/app"
 	"github.com/onsonr/sonr/app/params"
 	// NewRootCmd creates a new root command for chain app. It is called once in the
 	// main function.
 )
 func NewRootCmd() *cobra.Command {
@ -34,14 +30,14 @@ func NewRootCmd() *cobra.Command {
 	cfg.Seal()
 	// we "pre"-instantiate the application for getting the injected/configured encoding configuration
 	// note, this is not necessary when using app wiring, as depinject can be directly used (see root_v2.go)
-	tempApp := app.NewChainApp(
+	preApp := app.NewChainApp(
 		log.NewNopLogger(), dbm.NewMemDB(), nil, false, simtestutil.NewAppOptionsWithFlagHome(tempDir()),
 	)
 	encodingConfig := params.EncodingConfig{
-		InterfaceRegistry: tempApp.InterfaceRegistry(),
+		InterfaceRegistry: preApp.InterfaceRegistry(),
-		Codec:             tempApp.AppCodec(),
+		Codec:             preApp.AppCodec(),
-		TxConfig:          tempApp.TxConfig(),
+		TxConfig:          preApp.TxConfig(),
-		Amino:             tempApp.LegacyAmino(),
+		Amino:             preApp.LegacyAmino(),
 	}
 	initClientCtx := client.Context{}.
@ -109,10 +105,10 @@ func NewRootCmd() *cobra.Command {
 		},
 	}
-	initRootCmd(rootCmd, encodingConfig.TxConfig, encodingConfig.InterfaceRegistry, tempApp.BasicModuleManager)
+	initRootCmd(rootCmd, encodingConfig.TxConfig, encodingConfig.InterfaceRegistry, preApp.BasicModuleManager)
 	// add keyring to autocli opts
-	autoCliOpts := tempApp.AutoCliOpts()
+	autoCliOpts := preApp.AutoCliOpts()
 	initClientCtx, _ = config.ReadFromClientConfig(initClientCtx)
 	autoCliOpts.Keyring, _ = keyring.NewAutoCLIKeyring(initClientCtx.Keyring)
 	autoCliOpts.ClientCtx = initClientCtx
--- a/cmd/vault/main.go
+++ b/cmd/vault/main.go
@ -1,95 +0,0 @@
 //go:build js && wasm
 // +build js,wasm
 package main
 import (
 	"database/sql"
 	"encoding/json"
 	"fmt"
 	"net/http"
 	wasmhttp "github.com/nlepage/go-wasm-http-server"
 )
 var db *sql.DB
 func main() {
 	// Initialize the database
 	initDB()
 	// Define your handlers
 	http.HandleFunc("/", homeHandler)
 	http.HandleFunc("/api/items", itemsHandler)
 	// Use wasmhttp.Serve to start the server
 	wasmhttp.Serve(nil)
 }
 func initDB() {
 	_, err := db.Exec(`
 		CREATE TABLE IF NOT EXISTS items (
 			id INTEGER PRIMARY KEY AUTOINCREMENT,
 			name TEXT NOT NULL
 		)
 	`)
 	if err != nil {
 		panic(err)
 	}
 }
 func homeHandler(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprintf(w, "Welcome to the WASM SQLite Server!")
 }
 func itemsHandler(w http.ResponseWriter, r *http.Request) {
 	switch r.Method {
 	case "GET":
 		getItems(w, r)
 	case "POST":
 		addItem(w, r)
 	default:
 		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
 	}
 }
 func getItems(w http.ResponseWriter, _ *http.Request) {
 	rows, err := db.Query("SELECT id, name FROM items")
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
 	defer rows.Close()
 	var items []map[string]interface{}
 	for rows.Next() {
 		var id int
 		var name string
 		if err := rows.Scan(&id, &name); err != nil {
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
 		items = append(items, map[string]interface{}{"id": id, "name": name})
 	}
 	json.NewEncoder(w).Encode(items)
 }
 func addItem(w http.ResponseWriter, r *http.Request) {
 	var item struct {
 		Name string `json:"name"`
 	}
 	if err := json.NewDecoder(r.Body).Decode(&item); err != nil {
 		http.Error(w, err.Error(), http.StatusBadRequest)
 		return
 	}
 	result, err := db.Exec("INSERT INTO items (name) VALUES (?)", item.Name)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
 	id, _ := result.LastInsertId()
 	json.NewEncoder(w).Encode(map[string]interface{}{"id": id, "name": item.Name})
 }
--- a/devbox.json
+++ b/devbox.json
@ -6,7 +6,8 @@
    "commitizen@latest",
    "goreleaser@latest",
    "go-task@latest",
-    "bun@latest"
+    "bun@latest",
    "ipfs-cluster@latest"
  ],
  "env": {
    "GOPATH": "$HOME/go",
@ -19,12 +20,26 @@
  },
  "shell": {
    "scripts": {
-      "init": ["make install", "sh ./scripts/test_node.sh"],
+      "init": [
-      "gen": ["make proto-gen", "make vault", "make templ"],
+        "make install",
-      "build": ["make build", "make local-image"],
+        "sh ./scripts/test_node.sh"
-      "testnet": ["make install", "make sh-testnet"],
+      ],
-      "explorer": ["make explorer"],
+      "gen": [
-      "pkl-eval": ["bunx pkl eval ./pkl/msgs.pkl"]
+        "make proto-gen",
        "make templ",
        "make dwn"
      ],
      "build": [
        "make build",
        "make local-image"
      ],
      "testnet": [
        "make install",
        "devbox services up"
      ],
      "pkl-eval": [
        "bunx pkl eval ./pkl/msgs.pkl"
      ]
    }
  }
 }
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -23,8 +23,8 @@ services:
    command: "start --pruning=nothing"
    restart: always
    networks:
-      - dokploy-network
+      - sonr-network
 networks:
-  dokploy-network:
+  sonr-network:
-    external: true
+    name: sonr-network
--- a/gen/vault/Account.pkl.go
+++ b/gen/vault/Account.pkl.go
@ -0,0 +1,58 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 import "github.com/apple/pkl-go/pkl"
 type Account interface {
 	Model
 	GetId() uint
 	GetName() string
 	GetAddress() string
 	GetPublicKey() *pkl.Object
 	GetCreatedAt() *string
 }
 var _ Account = (*AccountImpl)(nil)
 type AccountImpl struct {
 	Table string `pkl:"table"`
 	Id uint `pkl:"id" gorm:"primaryKey" json:"id,omitempty"`
 	Name string `pkl:"name" json:"name,omitempty"`
 	Address string `pkl:"address" json:"address,omitempty"`
 	PublicKey *pkl.Object `pkl:"publicKey" json:"publicKey,omitempty"`
 	CreatedAt *string `pkl:"createdAt" json:"createdAt,omitempty"`
 }
 func (rcv *AccountImpl) GetTable() string {
 	return rcv.Table
 }
 func (rcv *AccountImpl) GetId() uint {
 	return rcv.Id
 }
 func (rcv *AccountImpl) GetName() string {
 	return rcv.Name
 }
 func (rcv *AccountImpl) GetAddress() string {
 	return rcv.Address
 }
 func (rcv *AccountImpl) GetPublicKey() *pkl.Object {
 	return rcv.PublicKey
 }
 func (rcv *AccountImpl) GetCreatedAt() *string {
 	return rcv.CreatedAt
 }
--- a/gen/vault/Asset.pkl.go
+++ b/gen/vault/Asset.pkl.go
@ -0,0 +1,64 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 type Asset interface {
 	Model
 	GetId() uint
 	GetName() string
 	GetSymbol() string
 	GetDecimals() int
 	GetChainId() *int
 	GetCreatedAt() *string
 }
 var _ Asset = (*AssetImpl)(nil)
 type AssetImpl struct {
 	Table string `pkl:"table"`
 	Id uint `pkl:"id" gorm:"primaryKey" json:"id,omitempty"`
 	Name string `pkl:"name" json:"name,omitempty"`
 	Symbol string `pkl:"symbol" json:"symbol,omitempty"`
 	Decimals int `pkl:"decimals" json:"decimals,omitempty"`
 	ChainId *int `pkl:"chainId" json:"chainId,omitempty"`
 	CreatedAt *string `pkl:"createdAt" json:"createdAt,omitempty"`
 }
 func (rcv *AssetImpl) GetTable() string {
 	return rcv.Table
 }
 func (rcv *AssetImpl) GetId() uint {
 	return rcv.Id
 }
 func (rcv *AssetImpl) GetName() string {
 	return rcv.Name
 }
 func (rcv *AssetImpl) GetSymbol() string {
 	return rcv.Symbol
 }
 func (rcv *AssetImpl) GetDecimals() int {
 	return rcv.Decimals
 }
 func (rcv *AssetImpl) GetChainId() *int {
 	return rcv.ChainId
 }
 func (rcv *AssetImpl) GetCreatedAt() *string {
 	return rcv.CreatedAt
 }
--- a/gen/vault/Chain.pkl.go
+++ b/gen/vault/Chain.pkl.go
@ -0,0 +1,48 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 type Chain interface {
 	Model
 	GetId() uint
 	GetName() string
 	GetNetworkId() string
 	GetCreatedAt() *string
 }
 var _ Chain = (*ChainImpl)(nil)
 type ChainImpl struct {
 	Table string `pkl:"table"`
 	Id uint `pkl:"id" gorm:"primaryKey" json:"id,omitempty"`
 	Name string `pkl:"name" json:"name,omitempty"`
 	NetworkId string `pkl:"networkId" json:"networkId,omitempty"`
 	CreatedAt *string `pkl:"createdAt" json:"createdAt,omitempty"`
 }
 func (rcv *ChainImpl) GetTable() string {
 	return rcv.Table
 }
 func (rcv *ChainImpl) GetId() uint {
 	return rcv.Id
 }
 func (rcv *ChainImpl) GetName() string {
 	return rcv.Name
 }
 func (rcv *ChainImpl) GetNetworkId() string {
 	return rcv.NetworkId
 }
 func (rcv *ChainImpl) GetCreatedAt() *string {
 	return rcv.CreatedAt
 }
--- a/gen/vault/Client.pkl.go
+++ b/gen/vault/Client.pkl.go
@ -0,0 +1,18 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 type Client interface {
 	GetChainId() string
 	GetKeyringBackend() string
 	GetOutput() string
 	GetNode() string
 	GetBroadcastMode() string
 	GetApiUrl() string
 	GetAddressPrefix() string
 }
--- a/gen/vault/Credential.pkl.go
+++ b/gen/vault/Credential.pkl.go
@ -0,0 +1,146 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 import "github.com/apple/pkl-go/pkl"
 type Credential interface {
 	Model
 	GetId() uint
 	GetSubject() string
 	GetController() string
 	GetAttestationType() string
 	GetOrigin() string
 	GetCredentialId() *pkl.Object
 	GetPublicKey() *pkl.Object
 	GetTransport() string
 	GetSignCount() uint
 	GetUserPresent() bool
 	GetUserVerified() bool
 	GetBackupEligible() bool
 	GetBackupState() bool
 	GetCloneWarning() bool
 	GetCreatedAt() *string
 	GetUpdatedAt() *string
 }
 var _ Credential = (*CredentialImpl)(nil)
 type CredentialImpl struct {
 	Table string `pkl:"table"`
 	Id uint `pkl:"id" gorm:"primaryKey" json:"id,omitempty"`
 	Subject string `pkl:"subject" json:"subject,omitempty"`
 	Controller string `pkl:"controller" json:"controller,omitempty"`
 	AttestationType string `pkl:"attestationType" json:"attestationType,omitempty"`
 	Origin string `pkl:"origin" json:"origin,omitempty"`
 	CredentialId *pkl.Object `pkl:"credentialId" json:"credentialId,omitempty"`
 	PublicKey *pkl.Object `pkl:"publicKey" json:"publicKey,omitempty"`
 	Transport string `pkl:"transport" json:"transport,omitempty"`
 	SignCount uint `pkl:"signCount" json:"signCount,omitempty"`
 	UserPresent bool `pkl:"userPresent" json:"userPresent,omitempty"`
 	UserVerified bool `pkl:"userVerified" json:"userVerified,omitempty"`
 	BackupEligible bool `pkl:"backupEligible" json:"backupEligible,omitempty"`
 	BackupState bool `pkl:"backupState" json:"backupState,omitempty"`
 	CloneWarning bool `pkl:"cloneWarning" json:"cloneWarning,omitempty"`
 	CreatedAt *string `pkl:"createdAt" json:"createdAt,omitempty"`
 	UpdatedAt *string `pkl:"updatedAt" json:"updatedAt,omitempty"`
 }
 func (rcv *CredentialImpl) GetTable() string {
 	return rcv.Table
 }
 func (rcv *CredentialImpl) GetId() uint {
 	return rcv.Id
 }
 func (rcv *CredentialImpl) GetSubject() string {
 	return rcv.Subject
 }
 func (rcv *CredentialImpl) GetController() string {
 	return rcv.Controller
 }
 func (rcv *CredentialImpl) GetAttestationType() string {
 	return rcv.AttestationType
 }
 func (rcv *CredentialImpl) GetOrigin() string {
 	return rcv.Origin
 }
 func (rcv *CredentialImpl) GetCredentialId() *pkl.Object {
 	return rcv.CredentialId
 }
 func (rcv *CredentialImpl) GetPublicKey() *pkl.Object {
 	return rcv.PublicKey
 }
 func (rcv *CredentialImpl) GetTransport() string {
 	return rcv.Transport
 }
 func (rcv *CredentialImpl) GetSignCount() uint {
 	return rcv.SignCount
 }
 func (rcv *CredentialImpl) GetUserPresent() bool {
 	return rcv.UserPresent
 }
 func (rcv *CredentialImpl) GetUserVerified() bool {
 	return rcv.UserVerified
 }
 func (rcv *CredentialImpl) GetBackupEligible() bool {
 	return rcv.BackupEligible
 }
 func (rcv *CredentialImpl) GetBackupState() bool {
 	return rcv.BackupState
 }
 func (rcv *CredentialImpl) GetCloneWarning() bool {
 	return rcv.CloneWarning
 }
 func (rcv *CredentialImpl) GetCreatedAt() *string {
 	return rcv.CreatedAt
 }
 func (rcv *CredentialImpl) GetUpdatedAt() *string {
 	return rcv.UpdatedAt
 }
--- a/gen/vault/DB.pkl.go
+++ b/gen/vault/DB.pkl.go
@ -0,0 +1,6 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 type DB interface {
 	GetFilename() string
 }
--- a/gen/vault/Ipfs.pkl.go
+++ b/gen/vault/Ipfs.pkl.go
@ -0,0 +1,10 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 type Ipfs struct {
 	ResolverUrl string `pkl:"resolverUrl"`
 	IpfsMountPath string `pkl:"ipfsMountPath"`
 	IpnsMountPath string `pkl:"ipnsMountPath"`
 }
--- a/gen/vault/Keyshare.pkl.go
+++ b/gen/vault/Keyshare.pkl.go
@ -0,0 +1,82 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 import "github.com/apple/pkl-go/pkl"
 type Keyshare interface {
 	Model
 	GetId() uint
 	GetMetadata() string
 	GetPayloads() string
 	GetProtocol() string
 	GetPublicKey() *pkl.Object
 	GetRole() int
 	GetVersion() int
 	GetCreatedAt() *string
 }
 var _ Keyshare = (*KeyshareImpl)(nil)
 type KeyshareImpl struct {
 	Table string `pkl:"table"`
 	Id uint `pkl:"id" gorm:"primaryKey" json:"id,omitempty"`
 	Metadata string `pkl:"metadata" json:"metadata,omitempty"`
 	Payloads string `pkl:"payloads" json:"payloads,omitempty"`
 	Protocol string `pkl:"protocol" json:"protocol,omitempty"`
 	PublicKey *pkl.Object `pkl:"publicKey" json:"publicKey,omitempty"`
 	Role int `pkl:"role" json:"role,omitempty"`
 	Version int `pkl:"version" json:"version,omitempty"`
 	CreatedAt *string `pkl:"createdAt" json:"createdAt,omitempty"`
 }
 func (rcv *KeyshareImpl) GetTable() string {
 	return rcv.Table
 }
 func (rcv *KeyshareImpl) GetId() uint {
 	return rcv.Id
 }
 func (rcv *KeyshareImpl) GetMetadata() string {
 	return rcv.Metadata
 }
 func (rcv *KeyshareImpl) GetPayloads() string {
 	return rcv.Payloads
 }
 func (rcv *KeyshareImpl) GetProtocol() string {
 	return rcv.Protocol
 }
 func (rcv *KeyshareImpl) GetPublicKey() *pkl.Object {
 	return rcv.PublicKey
 }
 func (rcv *KeyshareImpl) GetRole() int {
 	return rcv.Role
 }
 func (rcv *KeyshareImpl) GetVersion() int {
 	return rcv.Version
 }
 func (rcv *KeyshareImpl) GetCreatedAt() *string {
 	return rcv.CreatedAt
 }
--- a/gen/vault/Model.pkl.go
+++ b/gen/vault/Model.pkl.go
@ -0,0 +1,6 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 type Model interface {
 	GetTable() string
 }
--- a/gen/vault/Permission.pkl.go
+++ b/gen/vault/Permission.pkl.go
@ -0,0 +1,64 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 type Permission interface {
 	Model
 	GetId() uint
 	GetServiceId() string
 	GetGrants() string
 	GetScopes() string
 	GetCreatedAt() *string
 	GetUpdatedAt() *string
 }
 var _ Permission = (*PermissionImpl)(nil)
 type PermissionImpl struct {
 	Table string `pkl:"table"`
 	Id uint `pkl:"id" gorm:"primaryKey" json:"id,omitempty"`
 	ServiceId string `pkl:"serviceId" json:"serviceId,omitempty"`
 	Grants string `pkl:"grants" json:"grants,omitempty"`
 	Scopes string `pkl:"scopes" json:"scopes,omitempty"`
 	CreatedAt *string `pkl:"createdAt" json:"createdAt,omitempty"`
 	UpdatedAt *string `pkl:"updatedAt" json:"updatedAt,omitempty"`
 }
 func (rcv *PermissionImpl) GetTable() string {
 	return rcv.Table
 }
 func (rcv *PermissionImpl) GetId() uint {
 	return rcv.Id
 }
 func (rcv *PermissionImpl) GetServiceId() string {
 	return rcv.ServiceId
 }
 func (rcv *PermissionImpl) GetGrants() string {
 	return rcv.Grants
 }
 func (rcv *PermissionImpl) GetScopes() string {
 	return rcv.Scopes
 }
 func (rcv *PermissionImpl) GetCreatedAt() *string {
 	return rcv.CreatedAt
 }
 func (rcv *PermissionImpl) GetUpdatedAt() *string {
 	return rcv.UpdatedAt
 }
--- a/gen/vault/Profile.pkl.go
+++ b/gen/vault/Profile.pkl.go
@ -0,0 +1,80 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 type Profile interface {
 	Model
 	GetId() string
 	GetSubject() string
 	GetController() string
 	GetOriginUri() *string
 	GetPublicMetadata() *string
 	GetPrivateMetadata() *string
 	GetCreatedAt() *string
 	GetUpdatedAt() *string
 }
 var _ Profile = (*ProfileImpl)(nil)
 type ProfileImpl struct {
 	Table string `pkl:"table"`
 	Id string `pkl:"id" gorm:"primaryKey" json:"id,omitempty"`
 	Subject string `pkl:"subject" json:"subject,omitempty"`
 	Controller string `pkl:"controller" json:"controller,omitempty"`
 	OriginUri *string `pkl:"originUri" json:"originUri,omitempty"`
 	PublicMetadata *string `pkl:"publicMetadata" json:"publicMetadata,omitempty"`
 	PrivateMetadata *string `pkl:"privateMetadata" json:"privateMetadata,omitempty"`
 	CreatedAt *string `pkl:"createdAt" json:"createdAt,omitempty"`
 	UpdatedAt *string `pkl:"updatedAt" json:"updatedAt,omitempty"`
 }
 func (rcv *ProfileImpl) GetTable() string {
 	return rcv.Table
 }
 func (rcv *ProfileImpl) GetId() string {
 	return rcv.Id
 }
 func (rcv *ProfileImpl) GetSubject() string {
 	return rcv.Subject
 }
 func (rcv *ProfileImpl) GetController() string {
 	return rcv.Controller
 }
 func (rcv *ProfileImpl) GetOriginUri() *string {
 	return rcv.OriginUri
 }
 func (rcv *ProfileImpl) GetPublicMetadata() *string {
 	return rcv.PublicMetadata
 }
 func (rcv *ProfileImpl) GetPrivateMetadata() *string {
 	return rcv.PrivateMetadata
 }
 func (rcv *ProfileImpl) GetCreatedAt() *string {
 	return rcv.CreatedAt
 }
 func (rcv *ProfileImpl) GetUpdatedAt() *string {
 	return rcv.UpdatedAt
 }
--- a/gen/vault/Property.pkl.go
+++ b/gen/vault/Property.pkl.go
@ -0,0 +1,58 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 import "github.com/apple/pkl-go/pkl"
 type Property interface {
 	Model
 	GetId() uint
 	GetProfileId() string
 	GetKey() string
 	GetAccumulator() *pkl.Object
 	GetPropertyKey() *pkl.Object
 }
 var _ Property = (*PropertyImpl)(nil)
 type PropertyImpl struct {
 	Table string `pkl:"table"`
 	Id uint `pkl:"id" gorm:"primaryKey" json:"id,omitempty"`
 	ProfileId string `pkl:"profileId" json:"profileId,omitempty"`
 	Key string `pkl:"key" json:"key,omitempty"`
 	Accumulator *pkl.Object `pkl:"accumulator" json:"accumulator,omitempty"`
 	PropertyKey *pkl.Object `pkl:"propertyKey" json:"propertyKey,omitempty"`
 }
 func (rcv *PropertyImpl) GetTable() string {
 	return rcv.Table
 }
 func (rcv *PropertyImpl) GetId() uint {
 	return rcv.Id
 }
 func (rcv *PropertyImpl) GetProfileId() string {
 	return rcv.ProfileId
 }
 func (rcv *PropertyImpl) GetKey() string {
 	return rcv.Key
 }
 func (rcv *PropertyImpl) GetAccumulator() *pkl.Object {
 	return rcv.Accumulator
 }
 func (rcv *PropertyImpl) GetPropertyKey() *pkl.Object {
 	return rcv.PropertyKey
 }
--- a/gen/vault/PublicKey.pkl.go
+++ b/gen/vault/PublicKey.pkl.go
@ -0,0 +1,90 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 import "github.com/apple/pkl-go/pkl"
 type PublicKey interface {
 	Model
 	GetId() uint
 	GetRole() int
 	GetAlgorithm() int
 	GetEncoding() int
 	GetRaw() *pkl.Object
 	GetHex() string
 	GetMultibase() string
 	GetJwk() *pkl.Object
 	GetCreatedAt() *string
 }
 var _ PublicKey = (*PublicKeyImpl)(nil)
 type PublicKeyImpl struct {
 	Table string `pkl:"table"`
 	Id uint `pkl:"id" gorm:"primaryKey" json:"id,omitempty"`
 	Role int `pkl:"role" json:"role,omitempty"`
 	Algorithm int `pkl:"algorithm" json:"algorithm,omitempty"`
 	Encoding int `pkl:"encoding" json:"encoding,omitempty"`
 	Raw *pkl.Object `pkl:"raw" json:"raw,omitempty"`
 	Hex string `pkl:"hex" json:"hex,omitempty"`
 	Multibase string `pkl:"multibase" json:"multibase,omitempty"`
 	Jwk *pkl.Object `pkl:"jwk" json:"jwk,omitempty"`
 	CreatedAt *string `pkl:"createdAt" json:"createdAt,omitempty"`
 }
 func (rcv *PublicKeyImpl) GetTable() string {
 	return rcv.Table
 }
 func (rcv *PublicKeyImpl) GetId() uint {
 	return rcv.Id
 }
 func (rcv *PublicKeyImpl) GetRole() int {
 	return rcv.Role
 }
 func (rcv *PublicKeyImpl) GetAlgorithm() int {
 	return rcv.Algorithm
 }
 func (rcv *PublicKeyImpl) GetEncoding() int {
 	return rcv.Encoding
 }
 func (rcv *PublicKeyImpl) GetRaw() *pkl.Object {
 	return rcv.Raw
 }
 func (rcv *PublicKeyImpl) GetHex() string {
 	return rcv.Hex
 }
 func (rcv *PublicKeyImpl) GetMultibase() string {
 	return rcv.Multibase
 }
 func (rcv *PublicKeyImpl) GetJwk() *pkl.Object {
 	return rcv.Jwk
 }
 func (rcv *PublicKeyImpl) GetCreatedAt() *string {
 	return rcv.CreatedAt
 }
--- a/gen/vault/Sonr.pkl.go
+++ b/gen/vault/Sonr.pkl.go
@ -0,0 +1,60 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 type Sonr interface {
 	Client
 	GetRpcUrl() any
 }
 var _ Sonr = (*SonrImpl)(nil)
 type SonrImpl struct {
 	ChainId string `pkl:"chainId"`
 	KeyringBackend string `pkl:"keyringBackend"`
 	Output string `pkl:"output"`
 	RpcUrl any `pkl:"rpcUrl"`
 	BroadcastMode string `pkl:"broadcastMode"`
 	ApiUrl string `pkl:"apiUrl"`
 	AddressPrefix string `pkl:"addressPrefix"`
 	Node string `pkl:"node"`
 }
 func (rcv *SonrImpl) GetChainId() string {
 	return rcv.ChainId
 }
 func (rcv *SonrImpl) GetKeyringBackend() string {
 	return rcv.KeyringBackend
 }
 func (rcv *SonrImpl) GetOutput() string {
 	return rcv.Output
 }
 func (rcv *SonrImpl) GetRpcUrl() any {
 	return rcv.RpcUrl
 }
 func (rcv *SonrImpl) GetBroadcastMode() string {
 	return rcv.BroadcastMode
 }
 func (rcv *SonrImpl) GetApiUrl() string {
 	return rcv.ApiUrl
 }
 func (rcv *SonrImpl) GetAddressPrefix() string {
 	return rcv.AddressPrefix
 }
 func (rcv *SonrImpl) GetNode() string {
 	return rcv.Node
 }
--- a/gen/vault/Sqlite.pkl.go
+++ b/gen/vault/Sqlite.pkl.go
@ -0,0 +1,16 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 type Sqlite interface {
 	DB
 }
 var _ Sqlite = (*SqliteImpl)(nil)
 type SqliteImpl struct {
 	Filename string `pkl:"filename"`
 }
 func (rcv *SqliteImpl) GetFilename() string {
 	return rcv.Filename
 }
--- a/gen/vault/Vault.pkl.go
+++ b/gen/vault/Vault.pkl.go
@ -0,0 +1,36 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 import (
 	"context"
 	"github.com/apple/pkl-go/pkl"
 )
 type Vault struct {
 }
 // LoadFromPath loads the pkl module at the given path and evaluates it into a Vault
 func LoadFromPath(ctx context.Context, path string) (ret *Vault, err error) {
 	evaluator, err := pkl.NewEvaluator(ctx, pkl.PreconfiguredOptions)
 	if err != nil {
 		return nil, err
 	}
 	defer func() {
 		cerr := evaluator.Close()
 		if err == nil {
 			err = cerr
 		}
 	}()
 	ret, err = Load(ctx, evaluator, pkl.FileSource(path))
 	return ret, err
 }
 // Load loads the pkl module at the given source and evaluates it with the given evaluator into a Vault
 func Load(ctx context.Context, evaluator pkl.Evaluator, source *pkl.ModuleSource) (*Vault, error) {
 	var ret Vault
 	if err := evaluator.EvaluateModule(ctx, source, &ret); err != nil {
 		return nil, err
 	}
 	return &ret, nil
 }
--- a/gen/vault/init.pkl.go
+++ b/gen/vault/init.pkl.go
@ -0,0 +1,19 @@
 // Code generated from Pkl module `vault`. DO NOT EDIT.
 package vault
 import "github.com/apple/pkl-go/pkl"
 func init() {
 	pkl.RegisterMapping("vault", Vault{})
 	pkl.RegisterMapping("vault#Sonr", SonrImpl{})
 	pkl.RegisterMapping("vault#Sqlite", SqliteImpl{})
 	pkl.RegisterMapping("vault#Account", AccountImpl{})
 	pkl.RegisterMapping("vault#Asset", AssetImpl{})
 	pkl.RegisterMapping("vault#Chain", ChainImpl{})
 	pkl.RegisterMapping("vault#Credential", CredentialImpl{})
 	pkl.RegisterMapping("vault#Profile", ProfileImpl{})
 	pkl.RegisterMapping("vault#Property", PropertyImpl{})
 	pkl.RegisterMapping("vault#Keyshare", KeyshareImpl{})
 	pkl.RegisterMapping("vault#PublicKey", PublicKeyImpl{})
 	pkl.RegisterMapping("vault#Permission", PermissionImpl{})
 }
--- a/go.mod
+++ b/go.mod
@ -56,6 +56,7 @@ require (
 	github.com/charmbracelet/huh v0.5.3
 	github.com/charmbracelet/lipgloss v0.13.0
 	github.com/cometbft/cometbft v0.38.8
 	github.com/cosmos/btcutil v1.0.5
 	github.com/cosmos/cosmos-db v1.0.2
 	github.com/cosmos/cosmos-proto v1.0.0-beta.5
 	github.com/cosmos/cosmos-sdk v0.50.5
@ -70,6 +71,7 @@ require (
 	github.com/ipfs/boxo v0.21.0
 	github.com/ipfs/kubo v0.29.0
 	github.com/joho/godotenv v1.5.1
 	github.com/labstack/echo/v4 v4.10.0
 	github.com/mr-tron/base58 v1.2.0
 	github.com/ncruces/go-sqlite3 v0.18.2
 	github.com/ncruces/go-sqlite3/gormlite v0.18.0
@ -134,7 +136,6 @@ require (
 	github.com/cometbft/cometbft-db v0.9.1 // indirect
 	github.com/consensys/bavard v0.1.13 // indirect
 	github.com/consensys/gnark-crypto v0.12.1 // indirect
 	github.com/cosmos/btcutil v1.0.5 // indirect
 	github.com/cosmos/go-bip39 v1.0.0 // indirect
 	github.com/cosmos/gogogateway v1.2.0 // indirect
 	github.com/cosmos/iavl v1.1.2 // indirect
@ -236,6 +237,7 @@ require (
 	github.com/klauspost/cpuid/v2 v2.2.8 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/labstack/gommon v0.4.0 // indirect
 	github.com/lib/pq v1.10.7 // indirect
 	github.com/libp2p/go-buffer-pool v0.1.0 // indirect
 	github.com/libp2p/go-cidranger v1.1.0 // indirect
@ -312,6 +314,8 @@ require (
 	github.com/tetratelabs/wazero v1.8.0 // indirect
 	github.com/tidwall/btree v1.7.0 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
 	github.com/valyala/bytebufferpool v1.0.0 // indirect
 	github.com/valyala/fasttemplate v1.2.2 // indirect
 	github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect
 	github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect
 	github.com/whyrusleeping/base32 v0.0.0-20170828182744-c30ac30633cc // indirect
--- a/go.sum
+++ b/go.sum
@ -1639,6 +1639,10 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/labstack/echo/v4 v4.10.0 h1:5CiyngihEO4HXsz3vVsJn7f8xAlWwRr3aY6Ih280ZKA=
 github.com/labstack/echo/v4 v4.10.0/go.mod h1:S/T/5fy/GigaXnHTkh0ZGe4LpkkQysvRjFMSUTkDRNQ=
 github.com/labstack/gommon v0.4.0 h1:y7cvthEAEbU0yHOf4axH8ZG2NH8knB9iNSoTO8dyIk8=
 github.com/labstack/gommon v0.4.0/go.mod h1:uW6kP17uPlLJsD3ijUYn3/M5bAxtlZhMI6m3MFxTMTM=
 github.com/leanovate/gopter v0.2.9 h1:fQjYxZaynp97ozCzfOyOuAGOU4aU/z37zf/tOujFk7c=
 github.com/leanovate/gopter v0.2.9/go.mod h1:U2L/78B+KVFIx2VmW6onHJQzXtFb+p5y3y2Sh+Jxxv8=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
@ -1704,6 +1708,7 @@ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaO
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-colorable v0.1.11/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
 github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
@ -2075,6 +2080,11 @@ github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0o
 github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
 github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/urfave/cli v1.22.10/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
 github.com/valyala/fasttemplate v1.2.1/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
 github.com/valyala/fasttemplate v1.2.2 h1:lxLXG0uE3Qnshl9QyaK6XJxMXlQZELvChBOCmQD0Loo=
 github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
 github.com/vmihailenco/msgpack/v5 v5.4.1 h1:cQriyiUvjTwOHg8QZaPihLWeRAAVoCpE00IUPn0Bjt8=
 github.com/vmihailenco/msgpack/v5 v5.4.1/go.mod h1:GaZTsDaehaPpQVyxrf5mtQlH+pc21PIudVV/E3rRQok=
 github.com/vmihailenco/tagparser/v2 v2.0.0 h1:y09buUbR+b5aycVFQs/g70pqKVZNBmxwAhO7/IwNM9g=
@ -2502,6 +2512,7 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
--- a/internal/files/assemble.go
+++ b/internal/files/assemble.go
@ -1,61 +0,0 @@
 package files
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"github.com/onsonr/sonr/internal/db"
 )
 var (
 	kServiceWorkerFileName = "sw.js"
 	kVaultFileName         = "vault.wasm"
 	kIndexFileName         = "index.html"
 )
 func Assemble(dir string) error {
 	err := os.MkdirAll(dir, 0o755)
 	if err != nil {
 		return err
 	}
 	// Write the vault file
 	if err := writeVaultWASM(filepath.Join(dir, kVaultFileName)); err != nil {
 		return err
 	}
 	// Write the service worker file
 	if err := writeServiceWorkerJS(filepath.Join(dir, kServiceWorkerFileName)); err != nil {
 		return err
 	}
 	// Write the index file
 	if err := writeIndexHTML(filepath.Join(dir, kIndexFileName)); err != nil {
 		return err
 	}
 	// Initialize the database
 	if err := initializeDatabase(dir); err != nil {
 		return err
 	}
 	return nil
 }
 func initializeDatabase(dir string) error {
 	db, err := db.Open(db.New(db.WithDir(dir)))
 	if err != nil {
 		return fmt.Errorf("failed to open database: %w", err)
 	}
 	defer db.Close()
 	// You can add some initial data here if needed
 	// For example:
 	// err = db.AddChain("Ethereum", "1")
 	// if err != nil {
 	// 	return fmt.Errorf("failed to add initial chain: %w", err)
 	// }
 	return nil
 }
--- a/internal/files/embed.go
+++ b/internal/files/embed.go
@ -1,58 +0,0 @@
 package files
 import (
 	"context"
 	_ "embed"
 	"os"
 )
 //go:embed vault.wasm
 var vaultWasmData []byte
 func writeServiceWorkerJS(path string) error {
 	// Create the service worker file
 	file, err := os.Create(path)
 	if err != nil {
 		return err
 	}
 	defer file.Close()
 	// Write the service worker file to the specified path
 	err = VaultServiceWorker(kVaultFileName).Render(context.Background(), file)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 func writeVaultWASM(path string) error {
 	// Create the vault file
 	file, err := os.Create(path)
 	if err != nil {
 		return err
 	}
 	defer file.Close()
 	// Write the embedded vault file to the specified path
 	err = os.WriteFile(file.Name(), vaultWasmData, 0o644)
 	if err != nil {
 		return err
 	}
 	return nil
 }
 func writeIndexHTML(path string) error {
 	// create the index file
 	file, err := os.Create(path)
 	if err != nil {
 		return err
 	}
 	defer file.Close()
 	// write the index file to the specified path
 	err = IndexHTML().Render(context.Background(), file)
 	if err != nil {
 		return err
 	}
 	return nil
 }
--- a/internal/files/sw.templ
+++ b/internal/files/sw.templ
@ -1,32 +0,0 @@
 package files
 templ VaultServiceWorker(path string) {
 	@serviceWorkerJS(path)
 }
 script serviceWorkerJS(path string) {
  importScripts('https://cdn.jsdelivr.net/gh/golang/go@go1.18.4/misc/wasm/wasm_exec.js')
  importScripts('https://cdn.jsdelivr.net/gh/nlepage/go-wasm-http-server@v1.1.0/sw.js')
 }
 templ IndexHTML() {
 	<html>
 		<head>
 			<title>Sonr ID</title>
 			<script>
      navigator.serviceWorker.register('sw.js')
        registerWasmHTTPListener(path)
        // Skip installed stage and jump to activating stage
        addEventListener('install', (event) => {
          event.waitUntil(skipWaiting())
        })
        // Start controlling clients as soon as the SW is activated
        addEventListener('activate', event => {
          event.waitUntil(clients.claim())
        })
    </script>
 		</head>
 	</html>
 }
--- a/internal/files/sw_templ.go
+++ b/internal/files/sw_templ.go
@ -1,74 +0,0 @@
 // Code generated by templ - DO NOT EDIT.
 // templ: version: v0.2.771
 package files
 //lint:file-ignore SA4006 This context is only used if a nested component is present.
 import "github.com/a-h/templ"
 import templruntime "github.com/a-h/templ/runtime"
 func VaultServiceWorker(path string) templ.Component {
 	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
 		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
 		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
 		if !templ_7745c5c3_IsBuffer {
 			defer func() {
 				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
 				if templ_7745c5c3_Err == nil {
 					templ_7745c5c3_Err = templ_7745c5c3_BufErr
 				}
 			}()
 		}
 		ctx = templ.InitializeContext(ctx)
 		templ_7745c5c3_Var1 := templ.GetChildren(ctx)
 		if templ_7745c5c3_Var1 == nil {
 			templ_7745c5c3_Var1 = templ.NopComponent
 		}
 		ctx = templ.ClearChildren(ctx)
 		templ_7745c5c3_Err = serviceWorkerJS(path).Render(ctx, templ_7745c5c3_Buffer)
 		if templ_7745c5c3_Err != nil {
 			return templ_7745c5c3_Err
 		}
 		return templ_7745c5c3_Err
 	})
 }
 func serviceWorkerJS(path string) templ.ComponentScript {
 	return templ.ComponentScript{
 		Name: `__templ_serviceWorkerJS_2501`,
 		Function: `function __templ_serviceWorkerJS_2501(path){importScripts('https://cdn.jsdelivr.net/gh/golang/go@go1.18.4/misc/wasm/wasm_exec.js')
  importScripts('https://cdn.jsdelivr.net/gh/nlepage/go-wasm-http-server@v1.1.0/sw.js')
 }`,
 		Call:       templ.SafeScript(`__templ_serviceWorkerJS_2501`, path),
 		CallInline: templ.SafeScriptInline(`__templ_serviceWorkerJS_2501`, path),
 	}
 }
 func IndexHTML() templ.Component {
 	return templruntime.GeneratedTemplate(func(templ_7745c5c3_Input templruntime.GeneratedComponentInput) (templ_7745c5c3_Err error) {
 		templ_7745c5c3_W, ctx := templ_7745c5c3_Input.Writer, templ_7745c5c3_Input.Context
 		templ_7745c5c3_Buffer, templ_7745c5c3_IsBuffer := templruntime.GetBuffer(templ_7745c5c3_W)
 		if !templ_7745c5c3_IsBuffer {
 			defer func() {
 				templ_7745c5c3_BufErr := templruntime.ReleaseBuffer(templ_7745c5c3_Buffer)
 				if templ_7745c5c3_Err == nil {
 					templ_7745c5c3_Err = templ_7745c5c3_BufErr
 				}
 			}()
 		}
 		ctx = templ.InitializeContext(ctx)
 		templ_7745c5c3_Var2 := templ.GetChildren(ctx)
 		if templ_7745c5c3_Var2 == nil {
 			templ_7745c5c3_Var2 = templ.NopComponent
 		}
 		ctx = templ.ClearChildren(ctx)
 		_, templ_7745c5c3_Err = templ_7745c5c3_Buffer.WriteString("<html><head><title>Sonr ID</title><script>\n      navigator.serviceWorker.register('sw.js')\n        registerWasmHTTPListener(path)\n\n        // Skip installed stage and jump to activating stage\n        addEventListener('install', (event) => {\n          event.waitUntil(skipWaiting())\n        })\n\n        // Start controlling clients as soon as the SW is activated\n        addEventListener('activate', event => {\n          event.waitUntil(clients.claim())\n        })\n    </script></head></html>")
 		if templ_7745c5c3_Err != nil {
 			return templ_7745c5c3_Err
 		}
 		return templ_7745c5c3_Err
 	})
 }
 var _ = templruntime.GeneratedTemplate
--- a/internal/files/vault.wasm
+++ b/internal/files/vault.wasm
--- a/internal/front/command.go
+++ b/internal/front/command.go
@ -0,0 +1,22 @@
 package front
 import (
 	"log"
 	"net/http"
 	"github.com/labstack/echo/v4"
 	"github.com/spf13/cobra"
 )
 func NewServeFrontendCmd() *cobra.Command {
 	return &cobra.Command{
 		Use:   "serve-web",
 		Short: "TUI for managing the local Sonr validator node",
 		Run: func(cmd *cobra.Command, args []string) {
 			e := echo.New()
 			if err := e.Start(":42069"); err != http.ErrServerClosed {
 				log.Fatal(err)
 			}
 		},
 	}
 }
--- a/internal/front/handlers/authorize_handler.go
+++ b/internal/front/handlers/authorize_handler.go
@ -0,0 +1 @@
 package handlers
--- a/internal/front/handlers/current_handler.go
+++ b/internal/front/handlers/current_handler.go
@ -0,0 +1 @@
 package handlers
--- a/internal/front/handlers/login_handler.go
+++ b/internal/front/handlers/login_handler.go
@ -0,0 +1 @@
 package handlers
--- a/internal/front/handlers/register_handler.go
+++ b/internal/front/handlers/register_handler.go
@ -0,0 +1 @@
 package handlers
--- a/internal/front/routes/api.go
+++ b/internal/front/routes/api.go
@ -0,0 +1 @@
 package routes
--- a/internal/front/routes/htmx.go
+++ b/internal/front/routes/htmx.go
@ -0,0 +1 @@
 package routes
--- a/internal/tui/forms.go
+++ b/internal/tui/forms.go
@ -322,7 +322,7 @@ func RunTUIForm() (*tx.TxBody, error) {
 	return finalM.message, nil
 }
-func NewBuildProtoMsgCmd() *cobra.Command {
+func NewTUIDashboardCmd() *cobra.Command {
 	return &cobra.Command{
 		Use:   "dash",
 		Short: "TUI for managing the local Sonr validator node",
--- a/internal/vfs/assemble.go
+++ b/internal/vfs/assemble.go
@ -0,0 +1,21 @@
 package vfs
 import (
 	"github.com/ipfs/boxo/files"
 )
 var (
 	kServiceWorkerFileName = "sw.js"
 	kVaultFileName         = "vault.wasm"
 	kIndexFileName         = "index.html"
 )
 func AssembleDirectory() files.Directory {
 	fileMap := map[string]files.Node{
 		kVaultFileName:         DWNWasmFile(),
 		kServiceWorkerFileName: SWJSFile(),
 		kIndexFileName:         IndexHTMLFile(),
 	}
 	return files.NewMapDirectory(fileMap)
 }
--- a/internal/vfs/dwn.wasm
+++ b/internal/vfs/dwn.wasm
--- a/internal/vfs/embed.go
+++ b/internal/vfs/embed.go
@ -0,0 +1,28 @@
 package vfs
 import (
 	_ "embed"
 	"github.com/ipfs/boxo/files"
 )
 //go:embed dwn.wasm
 var dwnWasmData []byte
 func DWNWasmFile() files.Node {
 	return files.NewBytesFile(dwnWasmData)
 }
 //go:embed sw.js
 var swJSData []byte
 func SWJSFile() files.Node {
 	return files.NewBytesFile(swJSData)
 }
 //go:embed index.html
 var indexHTMLData []byte
 func IndexHTMLFile() files.Node {
 	return files.NewBytesFile(indexHTMLData)
 }
--- a/internal/vfs/index.html
+++ b/internal/vfs/index.html
@ -0,0 +1,21 @@
 <!doctype html>
 <html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Sonr Vault</title>
    <script>
      navigator.serviceWorker.register({ swPath });
      // Skip installed stage and jump to activating stage
      addEventListener("install", (event) => {
        event.waitUntil(skipWaiting());
      });
      // Start controlling clients as soon as the SW is activated
      addEventListener("activate", (event) => {
        event.waitUntil(clients.claim());
      });
    </script>
  </head>
 </html>
--- a/internal/vfs/sw.js
+++ b/internal/vfs/sw.js
@ -0,0 +1,9 @@
 importScripts(
  "https://cdn.jsdelivr.net/gh/golang/go@go1.18.4/misc/wasm/wasm_exec.js",
 );
 importScripts(
  "https://cdn.jsdelivr.net/gh/nlepage/go-wasm-http-server@v1.1.0/sw.js",
 );
 registerWasmHTTPListener("dwn.wasm");
--- a/pkg/builder/bip32.go
+++ b/pkg/builder/bip32.go
@ -1 +0,0 @@
 package builder
--- a/pkg/builder/builder.go
+++ b/pkg/builder/builder.go
@ -1,8 +0,0 @@
 package builder
 type Builder interface {
 	Build() error
 }
 func New() {
 }
--- a/pkg/builder/cbor.go
+++ b/pkg/builder/cbor.go
@ -1 +0,0 @@
 package builder
--- a/pkg/builder/did.go
+++ b/pkg/builder/did.go
@ -1 +0,0 @@
 package builder
--- a/pkg/builder/jwks.go
+++ b/pkg/builder/jwks.go
@ -1 +0,0 @@
 package builder
--- a/pkg/controller/chainexec.go
+++ b/pkg/controller/chainexec.go
@ -0,0 +1 @@
 package controller
--- a/pkg/controller/didauth.go
+++ b/pkg/controller/didauth.go
@ -0,0 +1 @@
 package controller
--- a/pkg/controller/signer.go
+++ b/pkg/controller/signer.go
@ -0,0 +1 @@
 package controller
--- a/pkg/resolver/ipfs.go
+++ b/pkg/resolver/ipfs.go
@ -0,0 +1 @@
 package resolver
--- a/pkg/resolver/sonr.go
+++ b/pkg/resolver/sonr.go
@ -0,0 +1 @@
 package resolver
--- a/pkl/vault.pkl
+++ b/pkl/vault.pkl
@ -0,0 +1,322 @@
@go.Package { name = "github.com/onsonr/sonr/gen/vault" }
 module vault
 import "package://pkg.pkl-lang.org/pkl-go/pkl.golang@0.5.0#/go.pkl"
 abstract class Client {
  chainId: String
  keyringBackend: String
  output: String
  node: String
  broadcastMode: String
  apiUrl: String
  addressPrefix: String
 }
 class Sonr extends Client {
  chainId = "sonr-testnet-1"
  keyringBackend = "test"
  output = "json"
  rpcUrl = "tcp://localhost:26657"
  broadcastMode = "async"
  apiUrl = "http://localhost:1317"
  addressPrefix = "idx"
 }
 abstract class DB {
  filename: String
 }
 class Sqlite extends DB {
  filename = "vault.db"
 }
 class PrimaryKey extends go.Field {
  structTags {
    ["gorm"] = "primaryKey"
    ["json"] = "%{name},omitempty"
  }
 }
 class Unique extends go.Field {
  structTags {
    ["gorm"] = "unique"
    ["json"] = "%{name},omitempty"
  }
 }
 class Default extends go.Field {
  defaultValue: String
  structTags {
    ["gorm"] = "default:%{defaultValue}"
    ["json"] = "%{name},omitempty"
  }
 }
 class NotNull extends go.Field {
  structTags {
    ["gorm"] = "not null"
  }
 }
 class AutoIncrement extends go.Field {
  structTags {
    ["gorm"] = "autoIncrement"
  }
 }
 class ForeignKey extends go.Field {
  references: String
  structTags {
    ["gorm"] = "foreignKey:%{references}"
  }
 }
 abstract class Model {
  table: String
 }
 class JsonField extends go.Field {
  structTags {
    ["json"] = "%{name},omitempty"
  }
 }
 class Account extends Model {
  table = "accounts"
  @PrimaryKey
  id: UInt
  @JsonField
  name: String 
  @JsonField
  address: String
  @JsonField
  publicKey: Dynamic
  @JsonField
  createdAt: String?
 }
 class Asset extends Model {
  table = "assets"
  @PrimaryKey
  id: UInt
  @JsonField
  name: String
  @JsonField
  symbol: String
  @JsonField
  decimals: Int
  @JsonField
  chainId: Int?
  @JsonField
  createdAt: String?
 }
 class Chain extends Model {
  table = "chains"
  @PrimaryKey
  id: UInt
  @JsonField
  name: String
  @JsonField
  networkId: String
  @JsonField
  createdAt: String?
 }
 class Credential extends Model {
  table = "credentials"
  @PrimaryKey
  id: UInt
  @JsonField
  subject: String
  @JsonField
  controller: String
  @JsonField
  attestationType: String
  @JsonField
  origin: String
  @JsonField
  credentialId: Dynamic
  @JsonField
  publicKey: Dynamic
  @JsonField
  transport: String
  @JsonField
  signCount: UInt
  @JsonField
  userPresent: Boolean
  @JsonField
  userVerified: Boolean
  @JsonField
  backupEligible: Boolean
  @JsonField
  backupState: Boolean
  @JsonField
  cloneWarning: Boolean
  @JsonField
  createdAt: String?
  @JsonField
  updatedAt: String?
 }
 class Profile extends Model {
  table = "profiles"
  @PrimaryKey
  id: String
  @JsonField
  subject: String
  @JsonField
  controller: String
  @JsonField
  originUri: String?
  @JsonField
  publicMetadata: String?
  @JsonField
  privateMetadata: String?
  @JsonField
  createdAt: String?
  @JsonField
  updatedAt: String?
 }
 class Property extends Model {
  table = "properties"
  @PrimaryKey
  id: UInt
  @JsonField
  profileId: String
  @JsonField
  key: String
  @JsonField
  accumulator: Dynamic
  @JsonField
  propertyKey: Dynamic
 }
 class Keyshare extends Model {
  table = "keyshares"
  @PrimaryKey
  id: UInt
  @JsonField
  metadata: String
  @JsonField
  payloads: String
  @JsonField
  protocol: String
  @JsonField
  publicKey: Dynamic
  @JsonField
  role: Int
  @JsonField
  version: Int
  @JsonField
  createdAt: String?
 }
 class PublicKey extends Model {
  table = "public_keys"
  @PrimaryKey
  id: UInt
  @JsonField
  role: Int
  @JsonField
  algorithm: Int
  @JsonField
  encoding: Int
  @JsonField
  raw: Dynamic
  @JsonField
  hex: String
  @JsonField
  multibase: String
  @JsonField
  jwk: Dynamic
  @JsonField
  createdAt: String?
 }
 class Permission extends Model {
  table = "permissions"
  @PrimaryKey
  id: UInt
  @JsonField
  serviceId: String
  @JsonField
  grants: String
  @JsonField
  scopes: String
  @JsonField
  createdAt: String?
  @JsonField
  updatedAt: String?
 }
--- a/pkl/webauth.pkl
+++ b/pkl/webauth.pkl
@ -0,0 +1,101 @@
@go.Package { name = "github.com/onsonr/sonr/gen/protocol" }
 module protocol
 import "package://pkg.pkl-lang.org/pkl-go/pkl.golang@0.5.0#/go.pkl"
 class CredentialCreation {
  response: PublicKeyCredentialCreationOptions = new JsonField { name = "publicKey"; type = "PublicKeyCredentialCreationOptions" }
 }
 class CredentialAssertion {
  response: PublicKeyCredentialRequestOptions = new JsonField { name = "publicKey"; type = "PublicKeyCredentialRequestOptions" }
 }
 class PublicKeyCredentialCreationOptions {
  relyingParty: RelyingPartyEntity = new JsonField { name = "rp"; type = "RelyingPartyEntity" }
  user: UserEntity = new JsonField { name = "user"; type = "UserEntity" }
  challenge: URLEncodedBase64 = new JsonField { name = "challenge"; type = "URLEncodedBase64" }
  parameters: Listing[CredentialParameter]? = new JsonField { name = "pubKeyCredParams"; type = "[]CredentialParameter" }
  timeout: Int? = new JsonField { name = "timeout"; type = "int" }
  credentialExcludeList: Listing[CredentialDescriptor]? = new JsonField { name = "excludeCredentials"; type = "[]CredentialDescriptor" }
  authenticatorSelection: AuthenticatorSelection? = new JsonField { name = "authenticatorSelection"; type = "AuthenticatorSelection" }
  hints: Listing[PublicKeyCredentialHints]? = new JsonField { name = "hints"; type = "[]PublicKeyCredentialHints" }
  attestation: ConveyancePreference? = new JsonField { name = "attestation"; type = "ConveyancePreference" }
  attestationFormats: Listing[AttestationFormat]? = new JsonField { name = "attestationFormats"; type = "[]AttestationFormat" }
  extensions: AuthenticationExtensions? = new JsonField { name = "extensions"; type = "AuthenticationExtensions" }
 }
 class PublicKeyCredentialRequestOptions {
  challenge: URLEncodedBase64 = new JsonField { name = "challenge"; type = "URLEncodedBase64" }
  timeout: Int? = new JsonField { name = "timeout"; type = "int" }
  relyingPartyID: String? = new JsonField { name = "rpId"; type = "string" }
  allowedCredentials: Listing[CredentialDescriptor]? = new JsonField { name = "allowCredentials"; type = "[]CredentialDescriptor" }
  userVerification: UserVerificationRequirement? = new JsonField { name = "userVerification"; type = "UserVerificationRequirement" }
  hints: Listing[PublicKeyCredentialHints]? = new JsonField { name = "hints"; type = "[]PublicKeyCredentialHints" }
  extensions: AuthenticationExtensions? = new JsonField { name = "extensions"; type = "AuthenticationExtensions" }
  function getAllowedCredentialIDs(): Listing[Listing[Int8]] {
    this.allowedCredentials?.map((credential) -> credential.credentialID) ?? Listing()
  }
 }
 class CredentialDescriptor {
  type: CredentialType = new JsonField { name = "type"; type = "CredentialType" }
  credentialID: URLEncodedBase64 = new JsonField { name = "id"; type = "URLEncodedBase64" }
  transport: Listing[AuthenticatorTransport]? = new JsonField { name = "transports"; type = "[]AuthenticatorTransport" }
  attestationType: String? = new JsonField { name = "-"; type = "string" }
 }
 class CredentialParameter {
  type: CredentialType = new JsonField { name = "type"; type = "CredentialType" }
  algorithm: Int = new JsonField { name = "alg"; type = "int" }
 }
 typealias CredentialType = String
 const PublicKeyCredentialType: CredentialType = "public-key"
 typealias AuthenticationExtensions = Mapping[String, Dynamic]
 class AuthenticatorSelection {
  authenticatorAttachment: AuthenticatorAttachment? = new JsonField { name = "authenticatorAttachment"; type = "AuthenticatorAttachment" }
  requireResidentKey: Boolean? = new JsonField { name = "requireResidentKey"; type = "bool" }
  residentKey: ResidentKeyRequirement? = new JsonField { name = "residentKey"; type = "ResidentKeyRequirement" }
  userVerification: UserVerificationRequirement? = new JsonField { name = "userVerification"; type = "UserVerificationRequirement" }
 }
 typealias ConveyancePreference = String
 const PreferNoAttestation: ConveyancePreference = "none"
 const PreferIndirectAttestation: ConveyancePreference = "indirect"
 const PreferDirectAttestation: ConveyancePreference = "direct"
 const PreferEnterpriseAttestation: ConveyancePreference = "enterprise"
 typealias AttestationFormat = String
 const AttestationFormatPacked: AttestationFormat = "packed"
 const AttestationFormatTPM: AttestationFormat = "tpm"
 const AttestationFormatAndroidKey: AttestationFormat = "android-key"
 const AttestationFormatAndroidSafetyNet: AttestationFormat = "android-safetynet"
 const AttestationFormatFIDOUniversalSecondFactor: AttestationFormat = "fido-u2f"
 const AttestationFormatApple: AttestationFormat = "apple"
 const AttestationFormatNone: AttestationFormat = "none"
 typealias PublicKeyCredentialHints = String
 const PublicKeyCredentialHintSecurityKey: PublicKeyCredentialHints = "security-key"
 const PublicKeyCredentialHintClientDevice: PublicKeyCredentialHints = "client-device"
 const PublicKeyCredentialHintHybrid: PublicKeyCredentialHints = "hybrid"
 typealias Extensions = Dynamic
 class ServerResponse {
  status: ServerResponseStatus = new JsonField { name = "status"; type = "ServerResponseStatus" }
  message: String = new JsonField { name = "errorMessage"; type = "string" }
 }
 typealias ServerResponseStatus = String
 const StatusOk: ServerResponseStatus = "ok"
 const StatusFailed= ServerResponseStatus = "failed"
--- a/process-compose.yaml
+++ b/process-compose.yaml
@ -0,0 +1,18 @@
 version: "0.6"
 processes:
  ipfs:
    namespace: testnet
    command: "ipfs-cluster-service init --consensus crdt && ipfs-cluster-service daemon"
    background: true
    availability:
      restart: on_failure
      max_restarts: 3
  sonr:
    namespace: testnet
    command: "make sh-testnet"
    restart: on_failure
    max_restarts: 3
    depends:
      - ipfs
--- a/proto/did/v1/constants.proto
+++ b/proto/did/v1/constants.proto
@ -1,101 +0,0 @@
 syntax = "proto3";
 package did.v1;
 option go_package = "github.com/onsonr/sonr/x/did/types";
 // AssetType defines the type of asset: native, wrapped, staking, pool, or unspecified
 enum AssetType {
  ASSET_TYPE_UNSPECIFIED = 0;
  ASSET_TYPE_NATIVE = 1;
  ASSET_TYPE_WRAPPED = 2;
  ASSET_TYPE_STAKING = 3;
  ASSET_TYPE_POOL = 4;
  ASSET_TYPE_IBC = 5;
  ASSET_TYPE_CW20 = 6;
 }
 // DIDNamespace define the different namespaces of DID
 enum DIDNamespace {
  DID_NAMESPACE_UNSPECIFIED = 0;
  DID_NAMESPACE_IPFS = 1;
  DID_NAMESPACE_SONR = 2;
  DID_NAMESPACE_BITCOIN = 3;
  DID_NAMESPACE_ETHEREUM = 4;
  DID_NAMESPACE_IBC = 5;
  DID_NAMESPACE_WEBAUTHN = 6;
  DID_NAMESPACE_DWN = 7;
  DID_NAMESPACE_SERVICE = 8;
 }
 // KeyAlgorithm defines the key algorithm
 enum KeyAlgorithm {
  KEY_ALGORITHM_UNSPECIFIED = 0;
  KEY_ALGORITHM_ES256 = 1;
  KEY_ALGORITHM_ES384 = 2;
  KEY_ALGORITHM_ES512 = 3;
  KEY_ALGORITHM_EDDSA = 4;
  KEY_ALGORITHM_ES256K = 5;
  KEY_ALGORITHM_BLS12377 = 6;
  KEY_ALGORITHM_KECCAK256 = 7;
 }
 // KeyCurve defines the key curve
 enum KeyCurve {
  KEY_CURVE_UNSPECIFIED = 0;
  KEY_CURVE_P256 = 1;
  KEY_CURVE_P384 = 2;
  KEY_CURVE_P521 = 3;
  KEY_CURVE_X25519 = 4;
  KEY_CURVE_X448 = 5;
  KEY_CURVE_ED25519 = 6;
  KEY_CURVE_ED448 = 7;
  KEY_CURVE_SECP256K1 = 8;
 }
 // KeyEncoding defines the key encoding
 enum KeyEncoding {
  KEY_ENCODING_UNSPECIFIED = 0;
  KEY_ENCODING_RAW = 1;
  KEY_ENCODING_HEX = 2;
  KEY_ENCODING_MULTIBASE = 3;
  KEY_ENCODING_JWK = 4;
 }
 // KeyRole defines the kind of key
 enum KeyRole {
  KEY_ROLE_UNSPECIFIED = 0;
  // Blockchain key types
  KEY_ROLE_AUTHENTICATION = 1; // Passkeys and FIDO
  KEY_ROLE_ASSERTION = 2; // Zk Identifiers
  KEY_ROLE_DELEGATION = 3; // ETH,BTC,IBC addresses
  KEY_ROLE_INVOCATION = 4; // DWN Controllers
 }
 // KeyType defines the key type
 enum KeyType {
  KEY_TYPE_UNSPECIFIED = 0;
  KEY_TYPE_OCTET = 1;
  KEY_TYPE_ELLIPTIC = 2;
  KEY_TYPE_RSA = 3;
  KEY_TYPE_SYMMETRIC = 4;
  KEY_TYPE_HMAC = 5;
 }
 // PermissionScope define the Capabilities Controllers can grant for Services
 enum PermissionScope {
  PERMISSION_SCOPE_UNSPECIFIED = 0;
  PERMISSION_SCOPE_BASIC_INFO = 1;
  PERMISSION_SCOPE_RECORDS_READ = 2;
  PERMISSION_SCOPE_RECORDS_WRITE = 3;
  PERMISSION_SCOPE_TRANSACTIONS_READ = 4;
  PERMISSION_SCOPE_TRANSACTIONS_WRITE = 5;
  PERMISSION_SCOPE_WALLETS_READ = 6;
  PERMISSION_SCOPE_WALLETS_CREATE = 7;
  PERMISSION_SCOPE_WALLETS_SUBSCRIBE = 8;
  PERMISSION_SCOPE_WALLETS_UPDATE = 9;
  PERMISSION_SCOPE_TRANSACTIONS_VERIFY = 10;
  PERMISSION_SCOPE_TRANSACTIONS_BROADCAST = 11;
  PERMISSION_SCOPE_ADMIN_USER = 12;
  PERMISSION_SCOPE_ADMIN_VALIDATOR = 13;
 }
--- a/proto/did/v1/genesis.proto
+++ b/proto/did/v1/genesis.proto
@ -2,7 +2,6 @@ syntax = "proto3";
 package did.v1;
 import "amino/amino.proto";
 import "did/v1/constants.proto";
 import "gogoproto/gogo.proto";
 option go_package = "github.com/onsonr/sonr/x/did/types";
@ -30,6 +29,18 @@ message Params {
  // OpenIDConfig defines the base openid configuration across all did services
  OpenIDConfig openid_config = 4;
  // IpfsActive is a flag to enable/disable ipfs
  bool ipfs_active = 5;
  // Localhost Registration Enabled
  bool localhost_registration_enabled = 6;
  // ConveyancePreference defines the conveyance preference
  string conveyance_preference = 7;
  // AttestationFormats defines the attestation formats
  repeated string attestation_formats = 8;
 }
 // AssetInfo defines the asset info
@ -124,3 +135,106 @@ message ValidatorInfo {
    string port = 2;
  }
 }
 //
 // [Constant Enumerations]
 //
 // AssetType defines the type of asset: native, wrapped, staking, pool, or unspecified
 enum AssetType {
  ASSET_TYPE_UNSPECIFIED = 0;
  ASSET_TYPE_NATIVE = 1;
  ASSET_TYPE_WRAPPED = 2;
  ASSET_TYPE_STAKING = 3;
  ASSET_TYPE_POOL = 4;
  ASSET_TYPE_IBC = 5;
  ASSET_TYPE_CW20 = 6;
 }
 // DIDNamespace define the different namespaces of DID
 enum DIDNamespace {
  DID_NAMESPACE_UNSPECIFIED = 0;
  DID_NAMESPACE_IPFS = 1;
  DID_NAMESPACE_SONR = 2;
  DID_NAMESPACE_BITCOIN = 3;
  DID_NAMESPACE_ETHEREUM = 4;
  DID_NAMESPACE_IBC = 5;
  DID_NAMESPACE_WEBAUTHN = 6;
  DID_NAMESPACE_DWN = 7;
  DID_NAMESPACE_SERVICE = 8;
 }
 // KeyAlgorithm defines the key algorithm
 enum KeyAlgorithm {
  KEY_ALGORITHM_UNSPECIFIED = 0;
  KEY_ALGORITHM_ES256 = 1;
  KEY_ALGORITHM_ES384 = 2;
  KEY_ALGORITHM_ES512 = 3;
  KEY_ALGORITHM_EDDSA = 4;
  KEY_ALGORITHM_ES256K = 5;
  KEY_ALGORITHM_ECDSA = 6; // Fixed typo from EDCSA to ECDSA
 }
 // KeyCurve defines the key curve
 enum KeyCurve {
  KEY_CURVE_UNSPECIFIED = 0;
  KEY_CURVE_P256 = 1; // NIST P-256
  KEY_CURVE_P384 = 2;
  KEY_CURVE_P521 = 3;
  KEY_CURVE_X25519 = 4;
  KEY_CURVE_X448 = 5;
  KEY_CURVE_ED25519 = 6;
  KEY_CURVE_ED448 = 7;
  KEY_CURVE_SECP256K1 = 8;
  KEY_CURVE_BLS12381 = 9;
  KEY_CURVE_KECCAK256 = 10;
 }
 // KeyEncoding defines the key encoding
 enum KeyEncoding {
  KEY_ENCODING_UNSPECIFIED = 0;
  KEY_ENCODING_RAW = 1;
  KEY_ENCODING_HEX = 2;
  KEY_ENCODING_MULTIBASE = 3;
 }
 // KeyRole defines the kind of key
 enum KeyRole {
  KEY_ROLE_UNSPECIFIED = 0;
  KEY_ROLE_AUTHENTICATION = 1; // Passkeys and FIDO
  KEY_ROLE_ASSERTION = 2; // Zk Identifiers
  KEY_ROLE_DELEGATION = 3; // ETH,BTC,IBC addresses
  KEY_ROLE_INVOCATION = 4; // DWN Controllers
 }
 // KeyType defines the key type
 enum KeyType {
  KEY_TYPE_UNSPECIFIED = 0;
  KEY_TYPE_OCTET = 1;
  KEY_TYPE_ELLIPTIC = 2;
  KEY_TYPE_RSA = 3;
  KEY_TYPE_SYMMETRIC = 4;
  KEY_TYPE_HMAC = 5;
  KEY_TYPE_MPC = 6;
  KEY_TYPE_ZK = 7;
  KEY_TYPE_WEBAUTHN = 8;
  KEY_TYPE_BIP32 = 9;
 }
 // PermissionScope define the Capabilities Controllers can grant for Services
 enum PermissionScope {
  PERMISSION_SCOPE_UNSPECIFIED = 0;
  PERMISSION_SCOPE_BASIC_INFO = 1;
  PERMISSION_SCOPE_PERMISSIONS_READ = 2;
  PERMISSION_SCOPE_PERMISSIONS_WRITE = 3;
  PERMISSION_SCOPE_TRANSACTIONS_READ = 4;
  PERMISSION_SCOPE_TRANSACTIONS_WRITE = 5;
  PERMISSION_SCOPE_WALLETS_READ = 6;
  PERMISSION_SCOPE_WALLETS_CREATE = 7;
  PERMISSION_SCOPE_WALLETS_SUBSCRIBE = 8;
  PERMISSION_SCOPE_WALLETS_UPDATE = 9;
  PERMISSION_SCOPE_TRANSACTIONS_VERIFY = 10;
  PERMISSION_SCOPE_TRANSACTIONS_BROADCAST = 11;
  PERMISSION_SCOPE_ADMIN_USER = 12;
  PERMISSION_SCOPE_ADMIN_VALIDATOR = 13;
 }
--- a/proto/did/v1/models.proto
+++ b/proto/did/v1/models.proto
@ -2,7 +2,6 @@ syntax = "proto3";
 package did.v1;
 import "did/v1/constants.proto";
 import "did/v1/genesis.proto";
 import "gogoproto/gogo.proto";
@ -43,6 +42,16 @@ message Document {
  repeated string service = 9;
 }
 // JWK represents a JSON Web Key
 message JWK {
  string kty = 1; // Key Type
  string crv = 2; // Curve (for EC and OKP keys)
  string x = 3; // X coordinate (for EC and OKP keys)
  string y = 4; // Y coordinate (for EC keys)
  string n = 5; // Modulus (for RSA keys)
  string e = 6; // Exponent (for RSA keys)
 }
 // Metadata defines additional information provided to a did
 message Metadata {
  string origin_uri = 1;
@ -77,10 +86,10 @@ message PubKey {
  KeyRole role = 1;
  KeyAlgorithm algorithm = 2;
  KeyEncoding encoding = 3;
-  bytes raw = 4;
+  KeyCurve curve = 4;
-  string hex = 5;
+  KeyType key_type = 5;
-  string multibase = 6;
+  bytes raw = 6;
-  map<string, string> jwk = 7;
+  JWK jwk = 7;
 }
 // Service defines a Decentralized Service on the Sonr Blockchain
@ -102,11 +111,11 @@ message Token {
 // VerificationMethod defines a verification method
 message VerificationMethod {
-  string id = 1;
+  DIDNamespace method = 1;
-  string controller = 2;
+  string id = 2;
-  DIDNamespace method = 3;
+  string controller = 3;
-  PubKey public_key = 4;
+  string issuer = 4;
-  Service service = 7;
+  PubKey public_key = 5;
 }
 // Witness defines a BLS witness
--- a/proto/did/v1/query.proto
+++ b/proto/did/v1/query.proto
@ -4,6 +4,7 @@ package did.v1;
 import "did/v1/genesis.proto";
 import "did/v1/models.proto";
 import "google/api/annotations.proto";
 import "google/api/httpbody.proto";
 option go_package = "github.com/onsonr/sonr/x/did/types";
@ -14,16 +15,6 @@ service Query {
    option (google.api.http).get = "/did/params";
  }
  // Accounts returns associated wallet accounts with the DID.
  rpc Accounts(QueryRequest) returns (QueryAccountsResponse) {
    option (google.api.http).get = "/did/{did}/accounts";
  }
  // Credentials returns associated credentials with the DID and Service Origin.
  rpc Credentials(QueryRequest) returns (QueryCredentialsResponse) {
    option (google.api.http).get = "/service/{origin}/{subject}/credentials";
  }
  // Resolve queries the DID document by its id.
  rpc Resolve(QueryRequest) returns (QueryResolveResponse) {
    option (google.api.http).get = "/did/{did}";
@ -33,11 +24,6 @@ service Query {
  rpc Service(QueryRequest) returns (QueryServiceResponse) {
    option (google.api.http).get = "/service/{origin}";
  }
  // Token returns the current authentication token for the client.
  rpc Token(QueryRequest) returns (QueryTokenResponse) {
    option (google.api.http).post = "/token";
  }
 }
 // Queryequest is the request type for the Query/Params RPC method.
@ -45,46 +31,47 @@ message QueryRequest {
  string did = 1;
  string origin = 2;
  string subject = 3;
-  repeated Credential credentials = 4;
+  string endpoint = 4;
 }
 // QueryParamsResponse is the response type for the Query/Params RPC method.
 message QueryParamsResponse {
  // params defines the parameters of the module.
  Params params = 1;
  // ipfs_active returns true if the IPFS client is initialized
  bool ipfs_active = 2;
 }
-// QueryAccountsResponse is the response type for the Query/Exists RPC method.
+// QueryResponse is the response type for the Query/Exists RPC method.
-message QueryAccountsResponse {
+message QueryResponse {
  bool exists = 1;
 }
 // QueryCredentialsResponse is the response type for the Query/Exists RPC method.
 message QueryCredentialsResponse {
  bool success = 1;
  string subject = 2;
  string origin = 3;
-  repeated Credential credentials = 4;
+  bool ipfs_active = 4;
-  string error = 5;
+  Params params = 5;
  Document document = 6;
  Service service = 7;
  repeated Credential credentials = 8;
  Token token = 9;
  string error = 10;
 }
 // QueryResolveResponse is the response type for the Query/Resolve RPC method.
 message QueryResolveResponse {
-  // document is the DID document
+  bool success = 1;
-  Document document = 1;
+  string subject = 2;
  string origin = 3;
  bool ipfs_active = 4;
  Params params = 5;
  Document document = 6;
  repeated Credential credentials = 7;
  Token token = 8;
 }
 // QueryLoginOptionsResponse is the response type for the Query/LoginOptions RPC method.
 message QueryServiceResponse {
  Service service = 1;
 }
 // QueryTokenResponse is the response type for the Query/LoginOptions RPC method.
 message QueryTokenResponse {
  bool success = 1;
-  Token token = 2;
+  string subject = 2;
-  string error = 3;
+  string origin = 3;
  bool ipfs_active = 4;
  Params params = 5;
  Service service = 6;
 }
--- a/proto/did/v1/state.proto
+++ b/proto/did/v1/state.proto
@ -8,8 +8,8 @@ import "did/v1/models.proto";
 option go_package = "github.com/onsonr/sonr/x/did/types";
-// Assertion represents strongly created credentials (e.g., Passkeys, SSH, GPG, Native Secure Enclaave)
+// Authentication represents strongly created credentials (e.g., Passkeys, SSH, GPG, Native Secure Enclaave)
-message Assertion {
+message Authentication {
  option (cosmos.orm.v1.table) = {
    id: 1
    primary_key: {fields: "id"}
@ -39,24 +39,30 @@ message Assertion {
  // Key type (e.g., "passkey", "ssh", "gpg", "native-secure-enclave")
  PubKey public_key = 3;
  // The value of the linked identifier
  bytes credential_id = 4;
  // The display label of the attestation
  string credential_label = 5;
  // The origin of the attestation
-  string origin = 6;
+  string origin = 4;
  // The subject of the attestation
-  string subject = 7;
+  string subject = 5;
  // The value of the linked identifier
  bytes credential_id = 6;
  // The credential label
  string credential_label = 7;
  // The display label of the attestation
  repeated string credential_transport = 8;
  // The attestationtype of the attestation
  string attestation_type = 9;
  // Metadata is optional additional information about the assertion
-  Metadata metadata = 8;
+  Metadata metadata = 10;
 }
-// Attestation represents linked identifiers (e.g., Crypto Accounts, Github, Email, Phone)
+// Assertion represents linked identifiers (e.g., Crypto Accounts, Github, Email, Phone)
-message Attestation {
+message Assertion {
  option (cosmos.orm.v1.table) = {
    id: 2
    primary_key: {fields: "id"}
--- a/proto/did/v1/tx.proto
+++ b/proto/did/v1/tx.proto
@ -4,7 +4,6 @@ package did.v1;
 import "cosmos/msg/v1/msg.proto";
 import "cosmos_proto/cosmos.proto";
 import "did/v1/constants.proto";
 import "did/v1/genesis.proto";
 import "did/v1/models.proto";
 import "gogoproto/gogo.proto";
@ -68,8 +67,8 @@ message MsgAllocateVault {
  // subject is a unique human-defined identifier to associate with the vault.
  string subject = 2;
-  // token is the macron token to authenticate the operation.
+  // origin is the origin of the request in wildcard form.
-  Token token = 3;
+  string origin = 3;
 }
 // MsgAllocateVaultResponse is the response type for the AllocateVault RPC.
@ -79,6 +78,9 @@ message MsgAllocateVaultResponse {
  // ExpiryBlock is the block number at which the vault will expire.
  int64 expiry_block = 2;
  // RegistrationOptions is a json string of the PublicKeyCredentialCreationOptions for WebAuthn
  string registration_options = 3;
 }
 // MsgProveWitness is the message type for the ProveWitness RPC.
--- a/scripts/test_node.sh
+++ b/scripts/test_node.sh
@ -12,7 +12,7 @@ export CHAIN_ID=${CHAIN_ID:-"sonr-testnet-1"}
 export MONIKER="florence"
 export KEYALGO="secp256k1"
 export KEYRING=${KEYRING:-"test"}
-export HOME_DIR=$(eval echo "${HOME_DIR:-"~/.core"}")
+export HOME_DIR=$(eval echo "${HOME_DIR:-"~/.sonr"}")
 export BINARY=${BINARY:-sonrd}
 export DENOM=${DENOM:-usnr}
--- a/x/did/builder/api.go
+++ b/x/did/builder/api.go
@ -0,0 +1,176 @@
 package builder
 import (
 	"encoding/base64"
 	"fmt"
 	"github.com/go-webauthn/webauthn/protocol/webauthncose"
 	didv1 "github.com/onsonr/sonr/api/did/v1"
 	"github.com/onsonr/sonr/x/did/types"
 )
 func FormatEC2PublicKey(key *webauthncose.EC2PublicKeyData) (*types.JWK, error) {
 	curve, err := GetCOSECurveName(key.Curve)
 	if err != nil {
 		return nil, err
 	}
 	jwkMap := map[string]interface{}{
 		"kty": "EC",
 		"crv": curve,
 		"x":   base64.RawURLEncoding.EncodeToString(key.XCoord),
 		"y":   base64.RawURLEncoding.EncodeToString(key.YCoord),
 	}
 	return MapToJWK(jwkMap)
 }
 func FormatRSAPublicKey(key *webauthncose.RSAPublicKeyData) (*types.JWK, error) {
 	jwkMap := map[string]interface{}{
 		"kty": "RSA",
 		"n":   base64.RawURLEncoding.EncodeToString(key.Modulus),
 		"e":   base64.RawURLEncoding.EncodeToString(key.Exponent),
 	}
 	return MapToJWK(jwkMap)
 }
 func FormatOKPPublicKey(key *webauthncose.OKPPublicKeyData) (*types.JWK, error) {
 	curve, err := getOKPCurveName(key.Curve)
 	if err != nil {
 		return nil, err
 	}
 	jwkMap := map[string]interface{}{
 		"kty": "OKP",
 		"crv": curve,
 		"x":   base64.RawURLEncoding.EncodeToString(key.XCoord),
 	}
 	return MapToJWK(jwkMap)
 }
 func MapToJWK(m map[string]interface{}) (*types.JWK, error) {
 	jwk := &types.JWK{}
 	for k, v := range m {
 		switch k {
 		case "kty":
 			jwk.Kty = v.(string)
 		case "crv":
 			jwk.Crv = v.(string)
 		case "x":
 			jwk.X = v.(string)
 		case "y":
 			jwk.Y = v.(string)
 		case "n":
 			jwk.N = v.(string)
 		case "e":
 			jwk.E = v.(string)
 		}
 	}
 	return jwk, nil
 }
 func GetCOSECurveName(curveID int64) (string, error) {
 	switch curveID {
 	case int64(webauthncose.P256):
 		return "P-256", nil
 	case int64(webauthncose.P384):
 		return "P-384", nil
 	case int64(webauthncose.P521):
 		return "P-521", nil
 	default:
 		return "", fmt.Errorf("unknown curve ID: %d", curveID)
 	}
 }
 func getOKPCurveName(curveID int64) (string, error) {
 	switch curveID {
 	case int64(webauthncose.Ed25519):
 		return "Ed25519", nil
 	default:
 		return "", fmt.Errorf("unknown OKP curve ID: %d", curveID)
 	}
 }
 func ModulePubKeyToAPI(pk *types.PubKey) *didv1.PubKey {
 	return &didv1.PubKey{
 		Role:      ModuleKeyRoleToAPI(pk.GetRole()),
 		Algorithm: ModuleKeyAlgorithmToAPI(pk.GetAlgorithm()),
 		Encoding:  ModuleKeyEncodingToAPI(pk.GetEncoding()),
 		Curve:     ModuleKeyCurveToAPI(pk.GetCurve()),
 		KeyType:   ModuleKeyTypeToAPI(pk.GetKeyType()),
 		Raw:       pk.GetRaw(),
 	}
 }
 func ModuleKeyRoleToAPI(role types.KeyRole) didv1.KeyRole {
 	switch role {
 	case types.KeyRole_KEY_ROLE_INVOCATION:
 		return didv1.KeyRole_KEY_ROLE_INVOCATION
 	case types.KeyRole_KEY_ROLE_ASSERTION:
 		return didv1.KeyRole_KEY_ROLE_ASSERTION
 	case types.KeyRole_KEY_ROLE_DELEGATION:
 		return didv1.KeyRole_KEY_ROLE_DELEGATION
 	default:
 		return didv1.KeyRole_KEY_ROLE_INVOCATION
 	}
 }
 func ModuleKeyAlgorithmToAPI(algorithm types.KeyAlgorithm) didv1.KeyAlgorithm {
 	switch algorithm {
 	case types.KeyAlgorithm_KEY_ALGORITHM_ES256K:
 		return didv1.KeyAlgorithm_KEY_ALGORITHM_ES256K
 	case types.KeyAlgorithm_KEY_ALGORITHM_ES256:
 		return didv1.KeyAlgorithm_KEY_ALGORITHM_ES256
 	case types.KeyAlgorithm_KEY_ALGORITHM_ES384:
 		return didv1.KeyAlgorithm_KEY_ALGORITHM_ES384
 	case types.KeyAlgorithm_KEY_ALGORITHM_ES512:
 		return didv1.KeyAlgorithm_KEY_ALGORITHM_ES512
 	case types.KeyAlgorithm_KEY_ALGORITHM_EDDSA:
 		return didv1.KeyAlgorithm_KEY_ALGORITHM_EDDSA
 	default:
 		return didv1.KeyAlgorithm_KEY_ALGORITHM_ES256K
 	}
 }
 func ModuleKeyCurveToAPI(curve types.KeyCurve) didv1.KeyCurve {
 	switch curve {
 	case types.KeyCurve_KEY_CURVE_P256:
 		return didv1.KeyCurve_KEY_CURVE_P256
 	case types.KeyCurve_KEY_CURVE_SECP256K1:
 		return didv1.KeyCurve_KEY_CURVE_SECP256K1
 	case types.KeyCurve_KEY_CURVE_BLS12381:
 		return didv1.KeyCurve_KEY_CURVE_BLS12381
 	case types.KeyCurve_KEY_CURVE_KECCAK256:
 		return didv1.KeyCurve_KEY_CURVE_KECCAK256
 	default:
 		return didv1.KeyCurve_KEY_CURVE_P256
 	}
 }
 func ModuleKeyEncodingToAPI(encoding types.KeyEncoding) didv1.KeyEncoding {
 	switch encoding {
 	case types.KeyEncoding_KEY_ENCODING_RAW:
 		return didv1.KeyEncoding_KEY_ENCODING_RAW
 	case types.KeyEncoding_KEY_ENCODING_HEX:
 		return didv1.KeyEncoding_KEY_ENCODING_HEX
 	case types.KeyEncoding_KEY_ENCODING_MULTIBASE:
 		return didv1.KeyEncoding_KEY_ENCODING_MULTIBASE
 	default:
 		return didv1.KeyEncoding_KEY_ENCODING_RAW
 	}
 }
 func ModuleKeyTypeToAPI(keyType types.KeyType) didv1.KeyType {
 	switch keyType {
 	case types.KeyType_KEY_TYPE_BIP32:
 		return didv1.KeyType_KEY_TYPE_BIP32
 	case types.KeyType_KEY_TYPE_ZK:
 		return didv1.KeyType_KEY_TYPE_ZK
 	case types.KeyType_KEY_TYPE_WEBAUTHN:
 		return didv1.KeyType_KEY_TYPE_WEBAUTHN
 	default:
 		return didv1.KeyType_KEY_TYPE_BIP32
 	}
 }
--- a/x/did/builder/chains.go
+++ b/x/did/builder/chains.go
@ -0,0 +1,70 @@
 package builder
 import (
 	"crypto/hmac"
 	"crypto/sha512"
 	"encoding/binary"
 	"errors"
 	"math/big"
 	"github.com/btcsuite/btcd/btcec/v2"
 	"github.com/onsonr/sonr/x/did/types"
 )
 // ComputeAccountPublicKey computes the public key of a child key given the extended public key, chain code, and index.
 func computeBip32AccountPublicKey(extPubKey PublicKey, chainCode types.ChainCode, index int) (*types.PubKey, error) {
 	// Check if the index is a hardened child key
 	if chainCode&0x80000000 != 0 && index < 0 {
 		return nil, errors.New("invalid index")
 	}
 	// Serialize the public key
 	pubKey, err := btcec.ParsePubKey(extPubKey.GetRaw())
 	if err != nil {
 		return nil, err
 	}
 	pubKeyBytes := pubKey.SerializeCompressed()
 	// Serialize the index
 	indexBytes := make([]byte, 4)
 	binary.BigEndian.PutUint32(indexBytes, uint32(index))
 	// Compute the HMAC-SHA512
 	mac := hmac.New(sha512.New, []byte{byte(chainCode)})
 	mac.Write(pubKeyBytes)
 	mac.Write(indexBytes)
 	I := mac.Sum(nil)
 	// Split I into two 32-byte sequences
 	IL := I[:32]
 	// Convert IL to a big integer
 	ilNum := new(big.Int).SetBytes(IL)
 	// Check if parse256(IL) >= n
 	curve := btcec.S256()
 	if ilNum.Cmp(curve.N) >= 0 {
 		return nil, errors.New("invalid child key")
 	}
 	// Compute the child public key
 	ilx, ily := curve.ScalarBaseMult(IL)
 	childX, childY := curve.Add(ilx, ily, pubKey.X(), pubKey.Y())
 	lx := newBigIntFieldVal(childX)
 	ly := newBigIntFieldVal(childY)
 	// Create the child public key
 	childPubKey := btcec.NewPublicKey(lx, ly)
 	pk, err := types.NewPublicKey(childPubKey.SerializeCompressed(), types.ChainCodeKeyInfos[chainCode])
 	if err != nil {
 		return nil, err
 	}
 	return pk, nil
 }
 // newBigIntFieldVal creates a new field value from a big integer.
 func newBigIntFieldVal(val *big.Int) *btcec.FieldVal {
 	lx := new(btcec.FieldVal)
 	lx.SetByteSlice(val.Bytes())
 	return lx
 }
--- a/x/did/builder/constants.go
+++ b/x/did/builder/constants.go
@ -0,0 +1,334 @@
 package builder
 import (
 	"github.com/onsonr/sonr/x/did/types"
 )
 type (
 	AuthenticatorAttachment string
 	AuthenticatorTransport  string
 )
 const (
 	// Platform represents a platform authenticator is attached using a client device-specific transport, called
 	// platform attachment, and is usually not removable from the client device. A public key credential bound to a
 	// platform authenticator is called a platform credential.
 	Platform AuthenticatorAttachment = "platform"
 	// CrossPlatform represents a roaming authenticator is attached using cross-platform transports, called
 	// cross-platform attachment. Authenticators of this class are removable from, and can "roam" among, client devices.
 	// A public key credential bound to a roaming authenticator is called a roaming credential.
 	CrossPlatform AuthenticatorAttachment = "cross-platform"
 )
 func ParseAuthenticatorAttachment(s string) AuthenticatorAttachment {
 	switch s {
 	case "platform":
 		return Platform
 	default:
 		return CrossPlatform
 	}
 }
 const (
 	// USB indicates the respective authenticator can be contacted over removable USB.
 	USB AuthenticatorTransport = "usb"
 	// NFC indicates the respective authenticator can be contacted over Near Field Communication (NFC).
 	NFC AuthenticatorTransport = "nfc"
 	// BLE indicates the respective authenticator can be contacted over Bluetooth Smart (Bluetooth Low Energy / BLE).
 	BLE AuthenticatorTransport = "ble"
 	// SmartCard indicates the respective authenticator can be contacted over ISO/IEC 7816 smart card with contacts.
 	//
 	// WebAuthn Level 3.
 	SmartCard AuthenticatorTransport = "smart-card"
 	// Hybrid indicates the respective authenticator can be contacted using a combination of (often separate)
 	// data-transport and proximity mechanisms. This supports, for example, authentication on a desktop computer using
 	// a smartphone.
 	//
 	// WebAuthn Level 3.
 	Hybrid AuthenticatorTransport = "hybrid"
 	// Internal indicates the respective authenticator is contacted using a client device-specific transport, i.e., it
 	// is a platform authenticator. These authenticators are not removable from the client device.
 	Internal AuthenticatorTransport = "internal"
 )
 func ParseAuthenticatorTransport(s string) AuthenticatorTransport {
 	switch s {
 	case "usb":
 		return USB
 	case "nfc":
 		return NFC
 	case "ble":
 		return BLE
 	case "smart-card":
 		return SmartCard
 	case "hybrid":
 		return Hybrid
 	default:
 		return Internal
 	}
 }
 type AuthenticatorFlags byte
 const (
 	// FlagUserPresent Bit 00000001 in the byte sequence. Tells us if user is present. Also referred to as the UP flag.
 	FlagUserPresent AuthenticatorFlags = 1 << iota // Referred to as UP
 	// FlagRFU1 is a reserved for future use flag.
 	FlagRFU1
 	// FlagUserVerified Bit 00000100 in the byte sequence. Tells us if user is verified
 	// by the authenticator using a biometric or PIN. Also referred to as the UV flag.
 	FlagUserVerified
 	// FlagBackupEligible Bit 00001000 in the byte sequence. Tells us if a backup is eligible for device. Also referred
 	// to as the BE flag.
 	FlagBackupEligible // Referred to as BE
 	// FlagBackupState Bit 00010000 in the byte sequence. Tells us if a backup state for device. Also referred to as the
 	// BS flag.
 	FlagBackupState
 	// FlagRFU2 is a reserved for future use flag.
 	FlagRFU2
 	// FlagAttestedCredentialData Bit 01000000 in the byte sequence. Indicates whether
 	// the authenticator added attested credential data. Also referred to as the AT flag.
 	FlagAttestedCredentialData
 	// FlagHasExtensions Bit 10000000 in the byte sequence. Indicates if the authenticator data has extensions. Also
 	// referred to as the ED flag.
 	FlagHasExtensions
 )
 type AttestationFormat string
 const (
 	// AttestationFormatPacked is the "packed" attestation statement format is a WebAuthn-optimized format for
 	// attestation. It uses a very compact but still extensible encoding method. This format is implementable by
 	// authenticators with limited resources (e.g., secure elements).
 	AttestationFormatPacked AttestationFormat = "packed"
 	// AttestationFormatTPM is the TPM attestation statement format returns an attestation statement in the same format
 	// as the packed attestation statement format, although the rawData and signature fields are computed differently.
 	AttestationFormatTPM AttestationFormat = "tpm"
 	// AttestationFormatAndroidKey is the attestation statement format for platform authenticators on versions "N", and
 	// later, which may provide this proprietary "hardware attestation" statement.
 	AttestationFormatAndroidKey AttestationFormat = "android-key"
 	// AttestationFormatAndroidSafetyNet is the attestation statement format that Android-based platform authenticators
 	// MAY produce an attestation statement based on the Android SafetyNet API.
 	AttestationFormatAndroidSafetyNet AttestationFormat = "android-safetynet"
 	// AttestationFormatFIDOUniversalSecondFactor is the attestation statement format that is used with FIDO U2F
 	// authenticators.
 	AttestationFormatFIDOUniversalSecondFactor AttestationFormat = "fido-u2f"
 	// AttestationFormatApple is the attestation statement format that is used with Apple devices' platform
 	// authenticators.
 	AttestationFormatApple AttestationFormat = "apple"
 	// AttestationFormatNone is the attestation statement format that is used to replace any authenticator-provided
 	// attestation statement when a WebAuthn Relying Party indicates it does not wish to receive attestation information.
 	AttestationFormatNone AttestationFormat = "none"
 )
 func ExtractAttestationFormats(p *types.Params) []AttestationFormat {
 	var formats []AttestationFormat
 	for _, v := range p.AttestationFormats {
 		formats = append(formats, parseAttestationFormat(v))
 	}
 	return formats
 }
 func parseAttestationFormat(s string) AttestationFormat {
 	switch s {
 	case "packed":
 		return AttestationFormatPacked
 	case "tpm":
 		return AttestationFormatTPM
 	case "android-key":
 		return AttestationFormatAndroidKey
 	case "android-safetynet":
 		return AttestationFormatAndroidSafetyNet
 	case "fido-u2f":
 		return AttestationFormatFIDOUniversalSecondFactor
 	case "apple":
 		return AttestationFormatApple
 	case "none":
 		return AttestationFormatNone
 	default:
 		return AttestationFormatPacked
 	}
 }
 type CredentialType string
 const (
 	CredentialTypePublicKeyCredential CredentialType = "public-key"
 )
 type ConveyancePreference string
 const (
 	// PreferNoAttestation is a ConveyancePreference value.
 	//
 	// This value indicates that the Relying Party is not interested in authenticator attestation. For example, in order
 	// to potentially avoid having to obtain user consent to relay identifying information to the Relying Party, or to
 	// save a round trip to an Attestation CA or Anonymization CA.
 	//
 	// This is the default value.
 	//
 	// Specification: §5.4.7. Attestation Conveyance Preference Enumeration (https://www.w3.org/TR/webauthn/#dom-attestationconveyancepreference-none)
 	PreferNoAttestation ConveyancePreference = "none"
 	// PreferIndirectAttestation is a ConveyancePreference value.
 	//
 	// This value indicates that the Relying Party prefers an attestation conveyance yielding verifiable attestation
 	// statements, but allows the client to decide how to obtain such attestation statements. The client MAY replace the
 	// authenticator-generated attestation statements with attestation statements generated by an Anonymization CA, in
 	// order to protect the user’s privacy, or to assist Relying Parties with attestation verification in a
 	// heterogeneous ecosystem.
 	//
 	// Note: There is no guarantee that the Relying Party will obtain a verifiable attestation statement in this case.
 	// For example, in the case that the authenticator employs self attestation.
 	//
 	// Specification: §5.4.7. Attestation Conveyance Preference Enumeration (https://www.w3.org/TR/webauthn/#dom-attestationconveyancepreference-indirect)
 	PreferIndirectAttestation ConveyancePreference = "indirect"
 	// PreferDirectAttestation is a ConveyancePreference value.
 	//
 	// This value indicates that the Relying Party wants to receive the attestation statement as generated by the
 	// authenticator.
 	//
 	// Specification: §5.4.7. Attestation Conveyance Preference Enumeration (https://www.w3.org/TR/webauthn/#dom-attestationconveyancepreference-direct)
 	PreferDirectAttestation ConveyancePreference = "direct"
 	// PreferEnterpriseAttestation is a ConveyancePreference value.
 	//
 	// This value indicates that the Relying Party wants to receive an attestation statement that may include uniquely
 	// identifying information. This is intended for controlled deployments within an enterprise where the organization
 	// wishes to tie registrations to specific authenticators. User agents MUST NOT provide such an attestation unless
 	// the user agent or authenticator configuration permits it for the requested RP ID.
 	//
 	// If permitted, the user agent SHOULD signal to the authenticator (at invocation time) that enterprise
 	// attestation is requested, and convey the resulting AAGUID and attestation statement, unaltered, to the Relying
 	// Party.
 	//
 	// Specification: §5.4.7. Attestation Conveyance Preference Enumeration (https://www.w3.org/TR/webauthn/#dom-attestationconveyancepreference-enterprise)
 	PreferEnterpriseAttestation ConveyancePreference = "enterprise"
 )
 func ExtractConveyancePreference(p *types.Params) ConveyancePreference {
 	switch p.ConveyancePreference {
 	case "none":
 		return PreferNoAttestation
 	case "indirect":
 		return PreferIndirectAttestation
 	case "direct":
 		return PreferDirectAttestation
 	case "enterprise":
 		return PreferEnterpriseAttestation
 	default:
 		return PreferNoAttestation
 	}
 }
 type PublicKeyCredentialHints string
 const (
 	// PublicKeyCredentialHintSecurityKey is a PublicKeyCredentialHint that indicates that the Relying Party believes
 	// that users will satisfy this request with a physical security key. For example, an enterprise Relying Party may
 	// set this hint if they have issued security keys to their employees and will only accept those authenticators for
 	// registration and authentication.
 	//
 	// For compatibility with older user agents, when this hint is used in PublicKeyCredentialCreationOptions, the
 	// authenticatorAttachment SHOULD be set to cross-platform.
 	PublicKeyCredentialHintSecurityKey PublicKeyCredentialHints = "security-key"
 	// PublicKeyCredentialHintClientDevice is a PublicKeyCredentialHint that indicates that the Relying Party believes
 	// that users will satisfy this request with a platform authenticator attached to the client device.
 	//
 	// For compatibility with older user agents, when this hint is used in PublicKeyCredentialCreationOptions, the
 	// authenticatorAttachment SHOULD be set to platform.
 	PublicKeyCredentialHintClientDevice PublicKeyCredentialHints = "client-device"
 	// PublicKeyCredentialHintHybrid is a PublicKeyCredentialHint that indicates that the Relying Party believes that
 	// users will satisfy this request with general-purpose authenticators such as smartphones. For example, a consumer
 	// Relying Party may believe that only a small fraction of their customers possesses dedicated security keys. This
 	// option also implies that the local platform authenticator should not be promoted in the UI.
 	//
 	// For compatibility with older user agents, when this hint is used in PublicKeyCredentialCreationOptions, the
 	// authenticatorAttachment SHOULD be set to cross-platform.
 	PublicKeyCredentialHintHybrid PublicKeyCredentialHints = "hybrid"
 )
 func ParsePublicKeyCredentialHints(s string) PublicKeyCredentialHints {
 	switch s {
 	case "security-key":
 		return PublicKeyCredentialHintSecurityKey
 	case "client-device":
 		return PublicKeyCredentialHintClientDevice
 	case "hybrid":
 		return PublicKeyCredentialHintHybrid
 	default:
 		return ""
 	}
 }
 type AttestedCredentialData struct {
 	AAGUID       []byte `json:"aaguid"`
 	CredentialID []byte `json:"credential_id"`
 	// The raw credential public key bytes received from the attestation data.
 	CredentialPublicKey []byte `json:"public_key"`
 }
 type ResidentKeyRequirement string
 const (
 	// ResidentKeyRequirementDiscouraged indicates the Relying Party prefers creating a server-side credential, but will
 	// accept a client-side discoverable credential. This is the default.
 	ResidentKeyRequirementDiscouraged ResidentKeyRequirement = "discouraged"
 	// ResidentKeyRequirementPreferred indicates to the client we would prefer a discoverable credential.
 	ResidentKeyRequirementPreferred ResidentKeyRequirement = "preferred"
 	// ResidentKeyRequirementRequired indicates the Relying Party requires a client-side discoverable credential, and is
 	// prepared to receive an error if a client-side discoverable credential cannot be created.
 	ResidentKeyRequirementRequired ResidentKeyRequirement = "required"
 )
 func ParseResidentKeyRequirement(s string) ResidentKeyRequirement {
 	switch s {
 	case "discouraged":
 		return ResidentKeyRequirementDiscouraged
 	case "preferred":
 		return ResidentKeyRequirementPreferred
 	default:
 		return ResidentKeyRequirementRequired
 	}
 }
 type (
 	AuthenticationExtensions    map[string]any
 	UserVerificationRequirement string
 )
 const (
 	// VerificationRequired User verification is required to create/release a credential
 	VerificationRequired UserVerificationRequirement = "required"
 	// VerificationPreferred User verification is preferred to create/release a credential
 	VerificationPreferred UserVerificationRequirement = "preferred" // This is the default
 	// VerificationDiscouraged The authenticator should not verify the user for the credential
 	VerificationDiscouraged UserVerificationRequirement = "discouraged"
 )
--- a/x/did/builder/options.go
+++ b/x/did/builder/options.go
@ -0,0 +1,82 @@
 package builder
 import (
 	"encoding/json"
 	"github.com/onsonr/sonr/x/did/types"
 )
 type AuthenticatorResponse struct {
 	// From the spec https://www.w3.org/TR/webauthn/#dom-authenticatorresponse-clientdatajson
 	// This attribute contains a JSON serialization of the client data passed to the authenticator
 	// by the client in its call to either create() or get().
 	ClientDataJSON URLEncodedBase64 `json:"clientDataJSON"`
 }
 type AuthenticatorAttestationResponse struct {
 	// The byte slice of clientDataJSON, which becomes CollectedClientData
 	AuthenticatorResponse
 	Transports []string `json:"transports,omitempty"`
 	AuthenticatorData URLEncodedBase64 `json:"authenticatorData"`
 	PublicKey URLEncodedBase64 `json:"publicKey"`
 	PublicKeyAlgorithm int64 `json:"publicKeyAlgorithm"`
 	// AttestationObject is the byte slice version of attestationObject.
 	// This attribute contains an attestation object, which is opaque to, and
 	// cryptographically protected against tampering by, the client. The
 	// attestation object contains both authenticator data and an attestation
 	// statement. The former contains the AAGUID, a unique credential ID, and
 	// the credential public key. The contents of the attestation statement are
 	// determined by the attestation statement format used by the authenticator.
 	// It also contains any additional information that the Relying Party's server
 	// requires to validate the attestation statement, as well as to decode and
 	// validate the authenticator data along with the JSON-serialized client data.
 	AttestationObject URLEncodedBase64 `json:"attestationObject"`
 }
 type PublicKeyCredentialCreationOptions struct {
 	RelyingParty           RelyingPartyEntity         `json:"rp"`
 	User                   UserEntity                 `json:"user"`
 	Challenge              URLEncodedBase64           `json:"challenge"`
 	Parameters             []CredentialParameter      `json:"pubKeyCredParams,omitempty"`
 	Timeout                int                        `json:"timeout,omitempty"`
 	CredentialExcludeList  []CredentialDescriptor     `json:"excludeCredentials,omitempty"`
 	AuthenticatorSelection AuthenticatorSelection     `json:"authenticatorSelection,omitempty"`
 	Hints                  []PublicKeyCredentialHints `json:"hints,omitempty"`
 	Attestation            ConveyancePreference       `json:"attestation,omitempty"`
 	AttestationFormats     []AttestationFormat        `json:"attestationFormats,omitempty"`
 	Extensions             AuthenticationExtensions   `json:"extensions,omitempty"`
 }
 func NewRegistrationOptions(origin string, subject string, vaultCID string, params *types.Params) (*PublicKeyCredentialCreationOptions, error) {
 	chal, err := CreateChallenge()
 	if err != nil {
 		return nil, err
 	}
 	return &PublicKeyCredentialCreationOptions{
 		RelyingParty:           NewRelayingParty(origin, subject),
 		User:                   NewUserEntity(subject, subject, vaultCID),
 		Parameters:             ExtractCredentialParameters(params),
 		Timeout:                20,
 		CredentialExcludeList:  nil,
 		Challenge:              chal,
 		AuthenticatorSelection: AuthenticatorSelection{},
 		Hints:                  nil,
 		Attestation:            ExtractConveyancePreference(params),
 		AttestationFormats:     ExtractAttestationFormats(params),
 		Extensions:             nil,
 	}, nil
 }
 func UnmarshalAuthenticatorResponse(data []byte) (*AuthenticatorResponse, error) {
 	var ar AuthenticatorResponse
 	err := json.Unmarshal(data, &ar)
 	if err != nil {
 		return nil, err
 	}
 	return &ar, nil
 }
--- a/x/did/builder/pubkey.go
+++ b/x/did/builder/pubkey.go
@ -0,0 +1,80 @@
 package builder
 import (
 	"fmt"
 	cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types"
 	"github.com/onsonr/sonr/x/did/types"
 	"github.com/go-webauthn/webauthn/protocol/webauthncose"
 )
 // PublicKey is an interface for a public key
 type PublicKey interface {
 	cryptotypes.PubKey
 	Clone() cryptotypes.PubKey
 	GetRaw() []byte
 	GetRole() types.KeyRole
 	GetAlgorithm() types.KeyAlgorithm
 	GetEncoding() types.KeyEncoding
 	GetCurve() types.KeyCurve
 	GetKeyType() types.KeyType
 }
 // CreateAuthnVerification creates a new verification method for an authn method
 func CreateAuthnVerification(namespace types.DIDNamespace, issuer string, controller string, pubkey *types.PubKey, identifier string) *types.VerificationMethod {
 	return &types.VerificationMethod{
 		Method:     namespace,
 		Controller: controller,
 		PublicKey:  pubkey,
 		Id:         identifier,
 		Issuer:     issuer,
 	}
 }
 // CreateWalletVerification creates a new verification method for a wallet
 func CreateWalletVerification(namespace types.DIDNamespace, controller string, pubkey *types.PubKey, identifier string) *types.VerificationMethod {
 	return &types.VerificationMethod{
 		Method:     namespace,
 		Controller: controller,
 		PublicKey:  pubkey,
 		Id:         identifier,
 	}
 }
 // ExtractWebAuthnPublicKey parses the raw public key bytes and returns a JWK representation
 func ExtractWebAuthnPublicKey(keyBytes []byte) (*types.JWK, error) {
 	key, err := webauthncose.ParsePublicKey(keyBytes)
 	if err != nil {
 		return nil, fmt.Errorf("failed to parse public key: %w", err)
 	}
 	switch k := key.(type) {
 	case *webauthncose.EC2PublicKeyData:
 		return FormatEC2PublicKey(k)
 	case *webauthncose.RSAPublicKeyData:
 		return FormatRSAPublicKey(k)
 	case *webauthncose.OKPPublicKeyData:
 		return FormatOKPPublicKey(k)
 	default:
 		return nil, fmt.Errorf("unsupported key type")
 	}
 }
 // NewInitialWalletAccounts creates a new set of verification methods for a wallet
 func NewInitialWalletAccounts(controller string, pubkey *types.PubKey) ([]*types.VerificationMethod, error) {
 	var verificationMethods []*types.VerificationMethod
 	for method, chain := range types.InitialChainCodes {
 		nk, err := computeBip32AccountPublicKey(pubkey, chain, 0)
 		if err != nil {
 			return nil, err
 		}
 		addr, err := chain.FormatAddress(nk)
 		if err != nil {
 			return nil, nil
 		}
 		verificationMethods = append(verificationMethods, CreateWalletVerification(method, controller, nk, method.FormatDID(addr)))
 	}
 	return verificationMethods, nil
 }
--- a/x/did/builder/service.go
+++ b/x/did/builder/service.go
@ -0,0 +1,102 @@
 package builder
 import (
 	"crypto/rand"
 	"github.com/onsonr/sonr/x/did/types"
 )
 // ChallengeLength - Length of bytes to generate for a challenge.
 const ChallengeLength = 32
 // CreateChallenge creates a new challenge that should be signed and returned by the authenticator. The spec recommends
 // using at least 16 bytes with 100 bits of entropy. We use 32 bytes.
 func CreateChallenge() (challenge URLEncodedBase64, err error) {
 	challenge = make([]byte, ChallengeLength)
 	if _, err = rand.Read(challenge); err != nil {
 		return nil, err
 	}
 	return challenge, nil
 }
 type CredentialEntity struct {
 	// A human-palatable name for the entity. Its function depends on what the PublicKeyCredentialEntity represents:
 	//
 	// When inherited by PublicKeyCredentialRpEntity it is a human-palatable identifier for the Relying Party,
 	// intended only for display. For example, "ACME Corporation", "Wonderful Widgets, Inc." or "ОАО Примертех".
 	//
 	// When inherited by PublicKeyCredentialUserEntity, it is a human-palatable identifier for a user account. It is
 	// intended only for display, i.e., aiding the user in determining the difference between user accounts with similar
 	// displayNames. For example, "alexm", "alex.p.mueller@example.com" or "+14255551234".
 	Name string `json:"name"`
 }
 func NewCredentialEntity(name string) CredentialEntity {
 	return CredentialEntity{
 		Name: name,
 	}
 }
 type CredentialParameter struct {
 	Type      CredentialType                `json:"type"`
 	Algorithm types.COSEAlgorithmIdentifier `json:"alg"`
 }
 func NewCredentialParameter(ki *types.KeyInfo) CredentialParameter {
 	return CredentialParameter{
 		Type:      CredentialTypePublicKeyCredential,
 		Algorithm: ki.Algorithm.CoseIdentifier(),
 	}
 }
 func ExtractCredentialParameters(p *types.Params) []CredentialParameter {
 	var keys []*types.KeyInfo
 	for _, v := range p.AllowedPublicKeys {
 		if v.Role == types.KeyRole_KEY_ROLE_AUTHENTICATION {
 			keys = append(keys, v)
 		}
 	}
 	var cparams []CredentialParameter
 	for _, ki := range keys {
 		cparams = append(cparams, NewCredentialParameter(ki))
 	}
 	return cparams
 }
 type RelyingPartyEntity struct {
 	CredentialEntity
 	// A unique identifier for the Relying Party entity, which sets the RP ID.
 	ID string `json:"id"`
 }
 func NewRelayingParty(name string, origin string) RelyingPartyEntity {
 	return RelyingPartyEntity{
 		CredentialEntity: NewCredentialEntity(origin),
 		ID:               origin,
 	}
 }
 type UserEntity struct {
 	CredentialEntity
 	// A human-palatable name for the user account, intended only for display.
 	// For example, "Alex P. Müller" or "田中 倫". The Relying Party SHOULD let
 	// the user choose this, and SHOULD NOT restrict the choice more than necessary.
 	DisplayName string `json:"displayName"`
 	// ID is the user handle of the user account entity. To ensure secure operation,
 	// authentication and authorization decisions MUST be made on the basis of this id
 	// member, not the displayName nor name members. See Section 6.1 of
 	// [RFC8266](https://www.w3.org/TR/webauthn/#biblio-rfc8266).
 	ID any `json:"id"`
 }
 func NewUserEntity(name string, subject string, cid string) UserEntity {
 	return UserEntity{
 		CredentialEntity: NewCredentialEntity(name),
 		DisplayName:      subject,
 		ID:               cid,
 	}
 }
--- a/x/did/builder/webauthn.go
+++ b/x/did/builder/webauthn.go
@ -0,0 +1,114 @@
 package builder
 import (
 	"bytes"
 	"encoding/base64"
 	"reflect"
 )
 type CredentialDescriptor struct {
 	// The valid credential types.
 	Type CredentialType `json:"type"`
 	// CredentialID The ID of a credential to allow/disallow.
 	CredentialID URLEncodedBase64 `json:"id"`
 	// The authenticator transports that can be used.
 	Transport []AuthenticatorTransport `json:"transports,omitempty"`
 	// The AttestationType from the Credential. Used internally only.
 	AttestationType string `json:"-"`
 }
 func NewCredentialDescriptor(credentialID string, transports []AuthenticatorTransport, attestationType string) *CredentialDescriptor {
 	return &CredentialDescriptor{
 		CredentialID:    URLEncodedBase64(credentialID),
 		Transport:       transports,
 		AttestationType: attestationType,
 		Type:            CredentialTypePublicKeyCredential,
 	}
 }
 type AuthenticatorSelection struct {
 	// AuthenticatorAttachment If this member is present, eligible authenticators are filtered to only
 	// authenticators attached with the specified AuthenticatorAttachment enum.
 	AuthenticatorAttachment AuthenticatorAttachment `json:"authenticatorAttachment,omitempty"`
 	// RequireResidentKey this member describes the Relying Party's requirements regarding resident
 	// credentials. If the parameter is set to true, the authenticator MUST create a client-side-resident
 	// public key credential source when creating a public key credential.
 	RequireResidentKey *bool `json:"requireResidentKey,omitempty"`
 	// ResidentKey this member describes the Relying Party's requirements regarding resident
 	// credentials per Webauthn Level 2.
 	ResidentKey ResidentKeyRequirement `json:"residentKey,omitempty"`
 	// UserVerification This member describes the Relying Party's requirements regarding user verification for
 	// the create() operation. Eligible authenticators are filtered to only those capable of satisfying this
 	// requirement.
 	UserVerification UserVerificationRequirement `json:"userVerification,omitempty"`
 }
 type AuthenticatorData struct {
 	RPIDHash []byte                 `json:"rpid"`
 	Flags    AuthenticatorFlags     `json:"flags"`
 	Counter  uint32                 `json:"sign_count"`
 	AttData  AttestedCredentialData `json:"att_data"`
 	ExtData  []byte                 `json:"ext_data"`
 }
 type AttestationObject struct {
 	// The authenticator data, including the newly created public key. See AuthenticatorData for more info
 	AuthData AuthenticatorData
 	// The byteform version of the authenticator data, used in part for signature validation
 	RawAuthData []byte `json:"authData"`
 	// The format of the Attestation data.
 	Format string `json:"fmt"`
 	// The attestation statement data sent back if attestation is requested.
 	AttStatement map[string]any `json:"attStmt,omitempty"`
 }
 type URLEncodedBase64 []byte
 func (e URLEncodedBase64) String() string {
 	return base64.RawURLEncoding.EncodeToString(e)
 }
 // UnmarshalJSON base64 decodes a URL-encoded value, storing the result in the
 // provided byte slice.
 func (e *URLEncodedBase64) UnmarshalJSON(data []byte) error {
 	if bytes.Equal(data, []byte("null")) {
 		return nil
 	}
 	// Trim the leading spaces.
 	data = bytes.Trim(data, "\"")
 	// Trim the trailing equal characters.
 	data = bytes.TrimRight(data, "=")
 	out := make([]byte, base64.RawURLEncoding.DecodedLen(len(data)))
 	n, err := base64.RawURLEncoding.Decode(out, data)
 	if err != nil {
 		return err
 	}
 	v := reflect.ValueOf(e).Elem()
 	v.SetBytes(out[:n])
 	return nil
 }
 // MarshalJSON base64 encodes a non URL-encoded value, storing the result in the
 // provided byte slice.
 func (e URLEncodedBase64) MarshalJSON() ([]byte, error) {
 	if e == nil {
 		return []byte("null"), nil
 	}
 	return []byte(`"` + base64.RawURLEncoding.EncodeToString(e) + `"`), nil
 }
--- a/x/did/keeper/genesis.go
+++ b/x/did/keeper/genesis.go
@ -2,8 +2,11 @@ package keeper
 import (
 	"context"
 	"time"
 	"cosmossdk.io/log"
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	"github.com/onsonr/sonr/x/did/types"
 )
@ -35,3 +38,38 @@ func (k *Keeper) ExportGenesis(ctx context.Context) *types.GenesisState {
 		Params: params,
 	}
 }
 // CheckValidatorExists checks if a validator exists
 func (k Keeper) CheckValidatorExists(ctx sdk.Context, addr string) bool {
 	address, err := sdk.ValAddressFromBech32(addr)
 	if err != nil {
 		return false
 	}
 	ok, err := k.StakingKeeper.Validator(ctx, address)
 	if err != nil {
 		return false
 	}
 	if ok != nil {
 		return true
 	}
 	return false
 }
 // GetAverageBlockTime returns the average block time in seconds
 func (k Keeper) GetAverageBlockTime(ctx sdk.Context) float64 {
 	return float64(ctx.BlockTime().Sub(ctx.BlockTime()).Seconds())
 }
 // GetParams returns the module parameters.
 func (k Keeper) GetParams(ctx sdk.Context) *types.Params {
 	p, err := k.Params.Get(ctx)
 	if err != nil {
 		p = types.DefaultParams()
 	}
 	return &p
 }
 // GetExpirationBlockHeight returns the block height at which the given duration will have passed
 func (k Keeper) GetExpirationBlockHeight(ctx sdk.Context, duration time.Duration) int64 {
 	return ctx.BlockHeight() + int64(duration.Seconds()/k.GetAverageBlockTime(ctx))
 }
--- a/x/did/keeper/ipfs.go
+++ b/x/did/keeper/ipfs.go
@ -1,32 +1,82 @@
 package keeper
 import (
 	"context"
 	"fmt"
 	"time"
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	"github.com/ipfs/boxo/files"
 	"github.com/ipfs/boxo/path"
 	"github.com/ipfs/kubo/client/rpc"
 	"github.com/ipfs/kubo/core/coreiface/options"
 	"github.com/onsonr/sonr/internal/vfs"
 )
-// AddToLocalIPFS adds a file to the local IPFS node
+// assembleInitialVault assembles the initial vault
-func (k Keeper) AddToLocalIPFS(ctx sdk.Context, data files.Node) (string, error) {
+func (k Keeper) assembleInitialVault(ctx sdk.Context) (string, int64, error) {
-	cid, err := k.ipfsClient.Unixfs().Add(ctx, data)
+	cid, err := k.ipfsClient.Unixfs().Add(context.Background(), vfs.AssembleDirectory())
 	if err != nil {
-		return "", err
+		return "", 0, err
 	}
-	return cid.String(), nil
+	return cid.String(), k.GetExpirationBlockHeight(ctx, time.Second*15), nil
 }
-// GetFromLocalIPFS gets a file from the local IPFS node
+// pinInitialVault pins the initial vault to the local IPFS node
-func (k Keeper) GetFromLocalIPFS(ctx sdk.Context, cid string) (files.Node, error) {
+func (k Keeper) pinInitialVault(_ sdk.Context, cid string, address string) error {
 	// Resolve the path
 	path, err := path.NewPath(cid)
 	if err != nil {
 		return err
 	}
 	// 1. Initialize vault.db sqlite database in local IPFS with Mount
 	// 2. Insert the InitialWalletAccounts
 	// 3. Publish the path to the IPNS
 	_, err = k.ipfsClient.Name().Publish(context.Background(), path, options.Name.Key(address))
 	if err != nil {
 		return err
 	}
 	// 4. Insert the accounts into x/auth
 	// 5. Insert the controller into state
 	return nil
 }
 // GetFromIPFS gets a file from the local IPFS node
 func (k Keeper) GetFromIPFS(ctx sdk.Context, cid string) (files.Directory, error) {
 	path, err := path.NewPath(cid)
 	if err != nil {
 		return nil, err
 	}
-	return k.ipfsClient.Unixfs().Get(ctx, path)
+	node, err := k.ipfsClient.Unixfs().Get(ctx, path)
 	if err != nil {
 		return nil, err
 	}
 	dir, ok := node.(files.Directory)
 	if !ok {
 		return nil, fmt.Errorf("retrieved node is not a directory")
 	}
 	return dir, nil
 }
-// HasPathInLocalIPFS checks if a file is in the local IPFS node
+// HasIPFSConnection returns true if the IPFS client is initialized
-func (k Keeper) HasPathInLocalIPFS(ctx sdk.Context, cid string) (bool, error) {
+func (k *Keeper) HasIPFSConnection() bool {
 	if k.ipfsClient == nil {
 		ipfsClient, err := rpc.NewLocalApi()
 		if err != nil {
 			return false
 		}
 		k.ipfsClient = ipfsClient
 	}
 	return k.ipfsClient != nil
 }
 // HasPathInIPFS checks if a file is in the local IPFS node
 func (k Keeper) HasPathInIPFS(ctx sdk.Context, cid string) (bool, error) {
 	path, err := path.NewPath(cid)
 	if err != nil {
 		return false, err
@ -42,8 +92,8 @@ func (k Keeper) HasPathInLocalIPFS(ctx sdk.Context, cid string) (bool, error) {
 	return true, nil
 }
-// PinToLocalIPFS pins a file to the local IPFS node
+// PinToIPFS pins a file to the local IPFS node
-func (k Keeper) PinToLocalIPFS(ctx sdk.Context, cid string, name string) error {
+func (k Keeper) PinToIPFS(ctx sdk.Context, cid string, name string) error {
 	path, err := path.NewPath(cid)
 	if err != nil {
 		return err
--- a/x/did/keeper/keeper.go
+++ b/x/did/keeper/keeper.go
@ -6,6 +6,7 @@ import (
 	"cosmossdk.io/log"
 	"cosmossdk.io/orm/model/ormdb"
 	"github.com/cosmos/cosmos-sdk/codec"
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	authkeeper "github.com/cosmos/cosmos-sdk/x/auth/keeper"
 	authtypes "github.com/cosmos/cosmos-sdk/x/auth/types"
 	govtypes "github.com/cosmos/cosmos-sdk/x/gov/types"
@ -13,6 +14,7 @@ import (
 	"github.com/ipfs/kubo/client/rpc"
 	apiv1 "github.com/onsonr/sonr/api/did/v1"
 	middleware "github.com/onsonr/sonr/x/did/middleware"
 	"github.com/onsonr/sonr/x/did/types"
 )
@ -35,13 +37,23 @@ type Keeper struct {
 }
 // NewKeeper creates a new poa Keeper instance
-func NewKeeper(cdc codec.BinaryCodec, storeService storetypes.KVStoreService, accKeeper authkeeper.AccountKeeper, stkKeeper *stakkeeper.Keeper, logger log.Logger, authority string) Keeper {
+func NewKeeper(
 	cdc codec.BinaryCodec,
 	storeService storetypes.KVStoreService,
 	accKeeper authkeeper.AccountKeeper,
 	stkKeeper *stakkeeper.Keeper,
 	logger log.Logger,
 	authority string,
 ) Keeper {
 	logger = logger.With(log.ModuleKey, "x/"+types.ModuleName)
 	sb := collections.NewSchemaBuilder(storeService)
 	if authority == "" {
 		authority = authtypes.NewModuleAddress(govtypes.ModuleName).String()
 	}
-	db, err := ormdb.NewModuleDB(&types.ORMModuleSchema, ormdb.ModuleDBOptions{KVStoreService: storeService})
+	db, err := ormdb.NewModuleDB(
 		&types.ORMModuleSchema,
 		ormdb.ModuleDBOptions{KVStoreService: storeService},
 	)
 	if err != nil {
 		panic(err)
 	}
@ -56,7 +68,12 @@ func NewKeeper(cdc codec.BinaryCodec, storeService storetypes.KVStoreService, ac
 		ipfsClient: ipfsClient,
 		cdc:        cdc,
 		logger:     logger,
-		Params:        collections.NewItem(sb, types.ParamsKey, "params", codec.CollValue[types.Params](cdc)),
+		Params: collections.NewItem(
 			sb,
 			types.ParamsKey,
 			"params",
 			codec.CollValue[types.Params](cdc),
 		),
 		authority:     authority,
 		OrmDB:         store,
 		AccountKeeper: accKeeper,
@ -71,7 +88,53 @@ func NewKeeper(cdc codec.BinaryCodec, storeService storetypes.KVStoreService, ac
 	return k
 }
-// HasIPFSConnection returns true if the IPFS client is initialized
+// IsClaimedServiceOrigin checks if a service origin is unclaimed
-func (k *Keeper) HasIPFSConnection() bool {
+func (k Keeper) IsUnclaimedServiceOrigin(ctx sdk.Context, origin string) bool {
-	return k.ipfsClient != nil
+	rec, _ := k.OrmDB.ServiceRecordTable().GetByOriginUri(ctx, origin)
 	return rec == nil
 }
 // IsValidServiceOrigin checks if a service origin is valid
 func (k Keeper) IsValidServiceOrigin(ctx sdk.Context, origin string, clientInfo *middleware.ClientInfo) bool {
 	if origin != clientInfo.Hostname {
 		return false
 	}
 	rec, err := k.OrmDB.ServiceRecordTable().GetByOriginUri(ctx, origin)
 	if err != nil {
 		return false
 	}
 	if rec == nil {
 		return false
 	}
 	return true
 }
 // VerifyMinimumStake checks if a validator has a minimum stake
 func (k Keeper) VerifyMinimumStake(ctx sdk.Context, addr string) bool {
 	address, err := sdk.AccAddressFromBech32(addr)
 	if err != nil {
 		return false
 	}
 	addval, err := sdk.ValAddressFromBech32(addr)
 	if err != nil {
 		return false
 	}
 	del, err := k.StakingKeeper.GetDelegation(ctx, address, addval)
 	if err != nil {
 		return false
 	}
 	if del.Shares.IsZero() {
 		return false
 	}
 	return del.Shares.IsPositive()
 }
 // VerifyServicePermissions checks if a service has permission
 func (k Keeper) VerifyServicePermissions(
 	ctx sdk.Context,
 	addr string,
 	service string,
 	permissions string,
 ) bool {
 	return false
 }
--- a/x/did/keeper/models.go
+++ b/x/did/keeper/models.go
@ -0,0 +1,12 @@
 package keeper
 import (
 	didv1 "github.com/onsonr/sonr/api/did/v1"
 	"github.com/onsonr/sonr/x/did/types"
 )
 func convertServiceRecord(rec *didv1.ServiceRecord) *types.Service {
 	return &types.Service{
 		Origin: rec.OriginUri,
 	}
 }
--- a/x/did/keeper/querier.go
+++ b/x/did/keeper/querier.go
@ -2,8 +2,11 @@ package keeper
 import (
 	"context"
 	"fmt"
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	"google.golang.org/genproto/googleapis/api/httpbody"
 	"google.golang.org/grpc/peer"
 	"github.com/onsonr/sonr/x/did/types"
 )
@ -19,43 +22,53 @@ func NewQuerier(keeper Keeper) Querier {
 }
 // Params returns the total set of did parameters.
-func (k Querier) Params(c context.Context, req *types.QueryRequest) (*types.QueryParamsResponse, error) {
+func (k Querier) Params(
 	c context.Context,
 	req *types.QueryRequest,
 ) (*types.QueryParamsResponse, error) {
 	ctx := sdk.UnwrapSDKContext(c)
 	p, err := k.Keeper.Params.Get(ctx)
 	if err != nil {
 		return nil, err
 	}
-
+	params := p.ActiveParams(k.HasIPFSConnection())
-	return &types.QueryParamsResponse{Params: &p, IpfsActive: k.HasIPFSConnection()}, nil
+	return &types.QueryParamsResponse{Params: &params}, nil
 }
 // Accounts implements types.QueryServer.
 func (k Querier) Accounts(goCtx context.Context, req *types.QueryRequest) (*types.QueryAccountsResponse, error) {
 	// ctx := sdk.UnwrapSDKContext(goCtx)
 	return &types.QueryAccountsResponse{}, nil
 }
 // Credentials implements types.QueryServer.
 func (k Querier) Credentials(goCtx context.Context, req *types.QueryRequest) (*types.QueryCredentialsResponse, error) {
 	// ctx := sdk.UnwrapSDKContext(goCtx)
 	return &types.QueryCredentialsResponse{}, nil
 }
 // Resolve implements types.QueryServer.
-func (k Querier) Resolve(goCtx context.Context, req *types.QueryRequest) (*types.QueryResolveResponse, error) {
+func (k Querier) Resolve(
 	goCtx context.Context,
 	req *types.QueryRequest,
 ) (*types.QueryResolveResponse, error) {
 	// ctx := sdk.UnwrapSDKContext(goCtx)
 	return &types.QueryResolveResponse{}, nil
 }
 // Service implements types.QueryServer.
-func (k Querier) Service(goCtx context.Context, req *types.QueryRequest) (*types.QueryServiceResponse, error) {
+func (k Querier) Service(
-	// ctx := sdk.UnwrapSDKContext(goCtx)
+	goCtx context.Context,
-	return &types.QueryServiceResponse{}, nil
+	req *types.QueryRequest,
 ) (*types.QueryServiceResponse, error) {
 	ctx := sdk.UnwrapSDKContext(goCtx)
 	_, ok := peer.FromContext(goCtx)
 	if !ok {
 		return nil, fmt.Errorf("failed to get peer from context")
 	}
 	rec, err := k.OrmDB.ServiceRecordTable().GetByOriginUri(ctx, req.Origin)
 	if err != nil {
 		return nil, err
 	}
 	return &types.QueryServiceResponse{Service: convertServiceRecord(rec)}, nil
 }
-// Token implements types.QueryServer.
+// HTMX implements types.QueryServer.
-func (k Querier) Token(goCtx context.Context, req *types.QueryRequest) (*types.QueryTokenResponse, error) {
+func (k Querier) HTMX(goCtx context.Context, req *types.QueryRequest) (*httpbody.HttpBody, error) {
 	// ctx := sdk.UnwrapSDKContext(goCtx)
-	return &types.QueryTokenResponse{}, nil
+	return &httpbody.HttpBody{
 		ContentType: "text/html",
 		Data:        []byte("<html><body>HTMX</body></html>"),
 	}, nil
 }
--- a/x/did/keeper/server.go
+++ b/x/did/keeper/server.go
@ -2,13 +2,14 @@ package keeper
 import (
 	"context"
 	"encoding/json"
 	"cosmossdk.io/errors"
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	govtypes "github.com/cosmos/cosmos-sdk/x/gov/types"
-	"cosmossdk.io/errors"
+	"github.com/onsonr/sonr/x/did/builder"
-	didv1 "github.com/onsonr/sonr/api/did/v1"
+	"github.com/onsonr/sonr/x/did/middleware"
 	"github.com/onsonr/sonr/internal/files"
 	"github.com/onsonr/sonr/x/did/types"
 )
@ -24,62 +25,111 @@ func NewMsgServerImpl(keeper Keeper) types.MsgServer {
 }
 // UpdateParams updates the x/did module parameters.
-func (ms msgServer) UpdateParams(ctx context.Context, msg *types.MsgUpdateParams) (*types.MsgUpdateParamsResponse, error) {
+func (ms msgServer) UpdateParams(
 	ctx context.Context,
 	msg *types.MsgUpdateParams,
 ) (*types.MsgUpdateParamsResponse, error) {
 	if ms.k.authority != msg.Authority {
-		return nil, errors.Wrapf(govtypes.ErrInvalidSigner, "invalid authority; expected %s, got %s", ms.k.authority, msg.Authority)
+		return nil, errors.Wrapf(
 			govtypes.ErrInvalidSigner,
 			"invalid authority; expected %s, got %s",
 			ms.k.authority,
 			msg.Authority,
 		)
 	}
 	return nil, ms.k.Params.Set(ctx, msg.Params)
 }
 // Authorize implements types.MsgServer.
-func (ms msgServer) Authorize(ctx context.Context, msg *types.MsgAuthorize) (*types.MsgAuthorizeResponse, error) {
+func (ms msgServer) Authorize(
 	ctx context.Context,
 	msg *types.MsgAuthorize,
 ) (*types.MsgAuthorizeResponse, error) {
 	if ms.k.authority != msg.Authority {
-		return nil, errors.Wrapf(govtypes.ErrInvalidSigner, "invalid authority; expected %s, got %s", ms.k.authority, msg.Authority)
+		return nil, errors.Wrapf(
 			govtypes.ErrInvalidSigner,
 			"invalid authority; expected %s, got %s",
 			ms.k.authority,
 			msg.Authority,
 		)
 	}
 	// ctx := sdk.UnwrapSDKContext(goCtx)
 	return &types.MsgAuthorizeResponse{}, nil
 }
 // AllocateVault implements types.MsgServer.
-func (ms msgServer) AllocateVault(goCtx context.Context, msg *types.MsgAllocateVault) (*types.MsgAllocateVaultResponse, error) {
+func (ms msgServer) AllocateVault(
-	//	ctx := sdk.UnwrapSDKContext(goCtx)
+	goCtx context.Context,
-	err := files.Assemble("/tmp/sonr-testnet-1/vaults/0")
+	msg *types.MsgAllocateVault,
 ) (*types.MsgAllocateVaultResponse, error) {
 	ctx := sdk.UnwrapSDKContext(goCtx)
 	clientInfo, err := middleware.ExtractClientInfo(goCtx)
 	if err != nil {
 		return nil, err
 	}
-	return &types.MsgAllocateVaultResponse{}, nil
+
 	// 1.Check if the service origin is valid
 	if ms.k.IsValidServiceOrigin(ctx, msg.Origin, clientInfo) {
 		return nil, types.ErrInvalidServiceOrigin
 	}
 	cid, expiryBlock, err := ms.k.assembleInitialVault(ctx)
 	if err != nil {
 		return nil, err
 	}
 	regOpts, err := builder.NewRegistrationOptions(msg.Origin, msg.Subject, cid, ms.k.GetParams(ctx))
 	if err != nil {
 		return nil, err
 	}
 	// Convert to string
 	regOptsJSON, err := json.Marshal(regOpts)
 	if err != nil {
 		return nil, err
 	}
 	return &types.MsgAllocateVaultResponse{
 		ExpiryBlock:         expiryBlock,
 		Cid:                 cid,
 		RegistrationOptions: string(regOptsJSON),
 	}, nil
 }
 // RegisterController implements types.MsgServer.
-func (ms msgServer) RegisterController(goCtx context.Context, msg *types.MsgRegisterController) (*types.MsgRegisterControllerResponse, error) {
+func (ms msgServer) RegisterController(
-	if ms.k.authority != msg.Authority {
+	goCtx context.Context,
-		return nil, errors.Wrapf(govtypes.ErrInvalidSigner, "invalid authority; expected %s, got %s", ms.k.authority, msg.Authority)
+	msg *types.MsgRegisterController,
-	}
+) (*types.MsgRegisterControllerResponse, error) {
-	ctx := sdk.UnwrapSDKContext(goCtx)
+	_ = sdk.UnwrapSDKContext(goCtx)
 	svc := didv1.ServiceRecord{
 		Controller: msg.Authority,
 	}
 	ms.k.OrmDB.ServiceRecordTable().Insert(ctx, &svc)
 	return &types.MsgRegisterControllerResponse{}, nil
 }
 // RegisterService implements types.MsgServer.
-func (ms msgServer) RegisterService(ctx context.Context, msg *types.MsgRegisterService) (*types.MsgRegisterServiceResponse, error) {
+func (ms msgServer) RegisterService(
-	if ms.k.authority != msg.Controller {
+	goCtx context.Context,
-		return nil, errors.Wrapf(govtypes.ErrInvalidSigner, "invalid authority; expected %s, got %s", ms.k.authority, msg.Controller)
+	msg *types.MsgRegisterService,
 ) (*types.MsgRegisterServiceResponse, error) {
 	ctx := sdk.UnwrapSDKContext(goCtx)
 	clientInfo, err := middleware.ExtractClientInfo(goCtx)
 	if err != nil {
 		return nil, err
 	}
-	// ctx := sdk.UnwrapSDKContext(goCtx)
+	// 1.Check if the service origin is valid
-	svc := didv1.ServiceRecord{
+	if !ms.k.IsValidServiceOrigin(ctx, msg.OriginUri, clientInfo) {
-		Controller: msg.Controller,
+		return nil, types.ErrInvalidServiceOrigin
 	}
-	ms.k.OrmDB.ServiceRecordTable().Insert(ctx, &svc)
+	return ms.k.insertService(ctx, msg)
 	return &types.MsgRegisterServiceResponse{}, nil
 }
 // SyncVault implements types.MsgServer.
-func (ms msgServer) SyncVault(ctx context.Context, msg *types.MsgSyncVault) (*types.MsgSyncVaultResponse, error) {
+func (ms msgServer) SyncVault(
 	ctx context.Context,
 	msg *types.MsgSyncVault,
 ) (*types.MsgSyncVaultResponse, error) {
 	// ctx := sdk.UnwrapSDKContext(goCtx)
 	return &types.MsgSyncVaultResponse{}, nil
 }
--- a/x/did/keeper/state.go
+++ b/x/did/keeper/state.go
@ -0,0 +1,26 @@
 package keeper
 import (
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	didv1 "github.com/onsonr/sonr/api/did/v1"
 	"github.com/onsonr/sonr/x/did/types"
 )
 // insertService inserts a service record into the database
 func (k Keeper) insertService(
 	ctx sdk.Context,
 	svc *types.MsgRegisterService,
 ) (*types.MsgRegisterServiceResponse, error) {
 	record := didv1.ServiceRecord{
 		Id: svc.OriginUri,
 	}
 	err := k.OrmDB.ServiceRecordTable().Insert(ctx, &record)
 	if err != nil {
 		return nil, err
 	}
 	return &types.MsgRegisterServiceResponse{
 		Success: true,
 		Did:     record.Id,
 	}, nil
 }
--- a/x/did/keeper/validate.go
+++ b/x/did/keeper/validate.go
@ -1,70 +0,0 @@
 package keeper
 import (
 	"time"
 	sdk "github.com/cosmos/cosmos-sdk/types"
 )
 // CheckValidatorExists checks if a validator exists
 func (k Keeper) CheckValidatorExists(ctx sdk.Context, addr string) bool {
 	address, err := sdk.ValAddressFromBech32(addr)
 	if err != nil {
 		return false
 	}
 	ok, err := k.StakingKeeper.Validator(ctx, address)
 	if err != nil {
 		return false
 	}
 	if ok != nil {
 		return true
 	}
 	return false
 }
 // GetAverageBlockTime returns the average block time in seconds
 func (k Keeper) GetAverageBlockTime(ctx sdk.Context) float64 {
 	return float64(ctx.BlockTime().Sub(ctx.BlockTime()).Seconds())
 }
 // GetExpirationBlockHeight returns the block height at which the given duration will have passed
 func (k Keeper) GetExpirationBlockHeight(ctx sdk.Context, duration time.Duration) int64 {
 	return ctx.BlockHeight() + int64(duration.Seconds()/k.GetAverageBlockTime(ctx))
 }
 // ValidServiceOrigin checks if a service origin is valid
 func (k Keeper) ValidServiceOrigin(ctx sdk.Context, origin string) bool {
 	rec, err := k.OrmDB.ServiceRecordTable().GetByOriginUri(ctx, origin)
 	if err != nil {
 		return false
 	}
 	if rec == nil {
 		return false
 	}
 	return true
 }
 // VerifyMinimumStake checks if a validator has a minimum stake
 func (k Keeper) VerifyMinimumStake(ctx sdk.Context, addr string) bool {
 	address, err := sdk.AccAddressFromBech32(addr)
 	if err != nil {
 		return false
 	}
 	addval, err := sdk.ValAddressFromBech32(addr)
 	if err != nil {
 		return false
 	}
 	del, err := k.StakingKeeper.GetDelegation(ctx, address, addval)
 	if err != nil {
 		return false
 	}
 	if del.Shares.IsZero() {
 		return false
 	}
 	return del.Shares.IsPositive()
 }
 // VerifyServicePermissions checks if a service has permission
 func (k Keeper) VerifyServicePermissions(ctx sdk.Context, addr string, service string, permissions string) bool {
 	return false
 }
--- a/x/did/middleware/grpc.go
+++ b/x/did/middleware/grpc.go
@ -0,0 +1,55 @@
 package middleware
 import (
 	"context"
 	"fmt"
 	"net"
 	"strings"
 	"google.golang.org/grpc/metadata"
 	"google.golang.org/grpc/peer"
 )
 type ClientInfo struct {
 	Authority   string
 	ContentType string
 	UserAgent   string
 	Hostname    string
 	IPAddress   string
 }
 func ExtractClientInfo(ctx context.Context) (*ClientInfo, error) {
 	md, ok := metadata.FromIncomingContext(ctx)
 	if !ok {
 		return nil, fmt.Errorf("failed to get metadata from context")
 	}
 	info := &ClientInfo{}
 	// Extract authority, content-type, and user-agent
 	if authority := md.Get("authority"); len(authority) > 0 {
 		info.Authority = authority[0]
 	}
 	if contentType := md.Get("content-type"); len(contentType) > 0 {
 		info.ContentType = contentType[0]
 	}
 	if userAgent := md.Get("user-agent"); len(userAgent) > 0 {
 		info.UserAgent = userAgent[0]
 	}
 	// Extract hostname and IP address
 	p, ok := peer.FromContext(ctx)
 	if ok {
 		if tcpAddr, ok := p.Addr.(*net.TCPAddr); ok {
 			info.IPAddress = tcpAddr.IP.String()
 			// Try to get hostname
 			names, err := net.LookupAddr(info.IPAddress)
 			if err == nil && len(names) > 0 {
 				info.Hostname = strings.TrimSuffix(names[0], ".")
 			}
 		}
 	}
 	return info, nil
 }
--- a/x/did/types/constants.go
+++ b/x/did/types/constants.go
--- a/x/did/types/constants.pb.go
+++ b/x/did/types/constants.pb.go
@ -1,445 +0,0 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
 // source: did/v1/constants.proto
 package types
 import (
 	fmt "fmt"
 	proto "github.com/cosmos/gogoproto/proto"
 	math "math"
 )
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
 var _ = fmt.Errorf
 var _ = math.Inf
 // This is a compile-time assertion to ensure that this generated file
 // is compatible with the proto package it is being compiled against.
 // A compilation error at this line likely means your copy of the
 // proto package needs to be updated.
 const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
 // AssetType defines the type of asset: native, wrapped, staking, pool, or unspecified
 type AssetType int32
 const (
 	AssetType_ASSET_TYPE_UNSPECIFIED AssetType = 0
 	AssetType_ASSET_TYPE_NATIVE      AssetType = 1
 	AssetType_ASSET_TYPE_WRAPPED     AssetType = 2
 	AssetType_ASSET_TYPE_STAKING     AssetType = 3
 	AssetType_ASSET_TYPE_POOL        AssetType = 4
 	AssetType_ASSET_TYPE_IBC         AssetType = 5
 	AssetType_ASSET_TYPE_CW20        AssetType = 6
 )
 var AssetType_name = map[int32]string{
 	0: "ASSET_TYPE_UNSPECIFIED",
 	1: "ASSET_TYPE_NATIVE",
 	2: "ASSET_TYPE_WRAPPED",
 	3: "ASSET_TYPE_STAKING",
 	4: "ASSET_TYPE_POOL",
 	5: "ASSET_TYPE_IBC",
 	6: "ASSET_TYPE_CW20",
 }
 var AssetType_value = map[string]int32{
 	"ASSET_TYPE_UNSPECIFIED": 0,
 	"ASSET_TYPE_NATIVE":      1,
 	"ASSET_TYPE_WRAPPED":     2,
 	"ASSET_TYPE_STAKING":     3,
 	"ASSET_TYPE_POOL":        4,
 	"ASSET_TYPE_IBC":         5,
 	"ASSET_TYPE_CW20":        6,
 }
 func (x AssetType) String() string {
 	return proto.EnumName(AssetType_name, int32(x))
 }
 func (AssetType) EnumDescriptor() ([]byte, []int) {
 	return fileDescriptor_7cc61ab03a01b9c8, []int{0}
 }
 // DIDNamespace define the different namespaces of DID
 type DIDNamespace int32
 const (
 	DIDNamespace_DID_NAMESPACE_UNSPECIFIED DIDNamespace = 0
 	DIDNamespace_DID_NAMESPACE_IPFS        DIDNamespace = 1
 	DIDNamespace_DID_NAMESPACE_SONR        DIDNamespace = 2
 	DIDNamespace_DID_NAMESPACE_BITCOIN     DIDNamespace = 3
 	DIDNamespace_DID_NAMESPACE_ETHEREUM    DIDNamespace = 4
 	DIDNamespace_DID_NAMESPACE_IBC         DIDNamespace = 5
 	DIDNamespace_DID_NAMESPACE_WEBAUTHN    DIDNamespace = 6
 	DIDNamespace_DID_NAMESPACE_DWN         DIDNamespace = 7
 	DIDNamespace_DID_NAMESPACE_SERVICE     DIDNamespace = 8
 )
 var DIDNamespace_name = map[int32]string{
 	0: "DID_NAMESPACE_UNSPECIFIED",
 	1: "DID_NAMESPACE_IPFS",
 	2: "DID_NAMESPACE_SONR",
 	3: "DID_NAMESPACE_BITCOIN",
 	4: "DID_NAMESPACE_ETHEREUM",
 	5: "DID_NAMESPACE_IBC",
 	6: "DID_NAMESPACE_WEBAUTHN",
 	7: "DID_NAMESPACE_DWN",
 	8: "DID_NAMESPACE_SERVICE",
 }
 var DIDNamespace_value = map[string]int32{
 	"DID_NAMESPACE_UNSPECIFIED": 0,
 	"DID_NAMESPACE_IPFS":        1,
 	"DID_NAMESPACE_SONR":        2,
 	"DID_NAMESPACE_BITCOIN":     3,
 	"DID_NAMESPACE_ETHEREUM":    4,
 	"DID_NAMESPACE_IBC":         5,
 	"DID_NAMESPACE_WEBAUTHN":    6,
 	"DID_NAMESPACE_DWN":         7,
 	"DID_NAMESPACE_SERVICE":     8,
 }
 func (x DIDNamespace) String() string {
 	return proto.EnumName(DIDNamespace_name, int32(x))
 }
 func (DIDNamespace) EnumDescriptor() ([]byte, []int) {
 	return fileDescriptor_7cc61ab03a01b9c8, []int{1}
 }
 // KeyAlgorithm defines the key algorithm
 type KeyAlgorithm int32
 const (
 	KeyAlgorithm_KEY_ALGORITHM_UNSPECIFIED KeyAlgorithm = 0
 	KeyAlgorithm_KEY_ALGORITHM_ES256       KeyAlgorithm = 1
 	KeyAlgorithm_KEY_ALGORITHM_ES384       KeyAlgorithm = 2
 	KeyAlgorithm_KEY_ALGORITHM_ES512       KeyAlgorithm = 3
 	KeyAlgorithm_KEY_ALGORITHM_EDDSA       KeyAlgorithm = 4
 	KeyAlgorithm_KEY_ALGORITHM_ES256K      KeyAlgorithm = 5
 	KeyAlgorithm_KEY_ALGORITHM_BLS12377    KeyAlgorithm = 6
 	KeyAlgorithm_KEY_ALGORITHM_KECCAK256   KeyAlgorithm = 7
 )
 var KeyAlgorithm_name = map[int32]string{
 	0: "KEY_ALGORITHM_UNSPECIFIED",
 	1: "KEY_ALGORITHM_ES256",
 	2: "KEY_ALGORITHM_ES384",
 	3: "KEY_ALGORITHM_ES512",
 	4: "KEY_ALGORITHM_EDDSA",
 	5: "KEY_ALGORITHM_ES256K",
 	6: "KEY_ALGORITHM_BLS12377",
 	7: "KEY_ALGORITHM_KECCAK256",
 }
 var KeyAlgorithm_value = map[string]int32{
 	"KEY_ALGORITHM_UNSPECIFIED": 0,
 	"KEY_ALGORITHM_ES256":       1,
 	"KEY_ALGORITHM_ES384":       2,
 	"KEY_ALGORITHM_ES512":       3,
 	"KEY_ALGORITHM_EDDSA":       4,
 	"KEY_ALGORITHM_ES256K":      5,
 	"KEY_ALGORITHM_BLS12377":    6,
 	"KEY_ALGORITHM_KECCAK256":   7,
 }
 func (x KeyAlgorithm) String() string {
 	return proto.EnumName(KeyAlgorithm_name, int32(x))
 }
 func (KeyAlgorithm) EnumDescriptor() ([]byte, []int) {
 	return fileDescriptor_7cc61ab03a01b9c8, []int{2}
 }
 // KeyCurve defines the key curve
 type KeyCurve int32
 const (
 	KeyCurve_KEY_CURVE_UNSPECIFIED KeyCurve = 0
 	KeyCurve_KEY_CURVE_P256        KeyCurve = 1
 	KeyCurve_KEY_CURVE_P384        KeyCurve = 2
 	KeyCurve_KEY_CURVE_P521        KeyCurve = 3
 	KeyCurve_KEY_CURVE_X25519      KeyCurve = 4
 	KeyCurve_KEY_CURVE_X448        KeyCurve = 5
 	KeyCurve_KEY_CURVE_ED25519     KeyCurve = 6
 	KeyCurve_KEY_CURVE_ED448       KeyCurve = 7
 	KeyCurve_KEY_CURVE_SECP256K1   KeyCurve = 8
 )
 var KeyCurve_name = map[int32]string{
 	0: "KEY_CURVE_UNSPECIFIED",
 	1: "KEY_CURVE_P256",
 	2: "KEY_CURVE_P384",
 	3: "KEY_CURVE_P521",
 	4: "KEY_CURVE_X25519",
 	5: "KEY_CURVE_X448",
 	6: "KEY_CURVE_ED25519",
 	7: "KEY_CURVE_ED448",
 	8: "KEY_CURVE_SECP256K1",
 }
 var KeyCurve_value = map[string]int32{
 	"KEY_CURVE_UNSPECIFIED": 0,
 	"KEY_CURVE_P256":        1,
 	"KEY_CURVE_P384":        2,
 	"KEY_CURVE_P521":        3,
 	"KEY_CURVE_X25519":      4,
 	"KEY_CURVE_X448":        5,
 	"KEY_CURVE_ED25519":     6,
 	"KEY_CURVE_ED448":       7,
 	"KEY_CURVE_SECP256K1":   8,
 }
 func (x KeyCurve) String() string {
 	return proto.EnumName(KeyCurve_name, int32(x))
 }
 func (KeyCurve) EnumDescriptor() ([]byte, []int) {
 	return fileDescriptor_7cc61ab03a01b9c8, []int{3}
 }
 // KeyEncoding defines the key encoding
 type KeyEncoding int32
 const (
 	KeyEncoding_KEY_ENCODING_UNSPECIFIED KeyEncoding = 0
 	KeyEncoding_KEY_ENCODING_RAW         KeyEncoding = 1
 	KeyEncoding_KEY_ENCODING_HEX         KeyEncoding = 2
 	KeyEncoding_KEY_ENCODING_MULTIBASE   KeyEncoding = 3
 	KeyEncoding_KEY_ENCODING_JWK         KeyEncoding = 4
 )
 var KeyEncoding_name = map[int32]string{
 	0: "KEY_ENCODING_UNSPECIFIED",
 	1: "KEY_ENCODING_RAW",
 	2: "KEY_ENCODING_HEX",
 	3: "KEY_ENCODING_MULTIBASE",
 	4: "KEY_ENCODING_JWK",
 }
 var KeyEncoding_value = map[string]int32{
 	"KEY_ENCODING_UNSPECIFIED": 0,
 	"KEY_ENCODING_RAW":         1,
 	"KEY_ENCODING_HEX":         2,
 	"KEY_ENCODING_MULTIBASE":   3,
 	"KEY_ENCODING_JWK":         4,
 }
 func (x KeyEncoding) String() string {
 	return proto.EnumName(KeyEncoding_name, int32(x))
 }
 func (KeyEncoding) EnumDescriptor() ([]byte, []int) {
 	return fileDescriptor_7cc61ab03a01b9c8, []int{4}
 }
 // KeyRole defines the kind of key
 type KeyRole int32
 const (
 	KeyRole_KEY_ROLE_UNSPECIFIED KeyRole = 0
 	// Blockchain key types
 	KeyRole_KEY_ROLE_AUTHENTICATION KeyRole = 1
 	KeyRole_KEY_ROLE_ASSERTION      KeyRole = 2
 	KeyRole_KEY_ROLE_DELEGATION     KeyRole = 3
 	KeyRole_KEY_ROLE_INVOCATION     KeyRole = 4
 )
 var KeyRole_name = map[int32]string{
 	0: "KEY_ROLE_UNSPECIFIED",
 	1: "KEY_ROLE_AUTHENTICATION",
 	2: "KEY_ROLE_ASSERTION",
 	3: "KEY_ROLE_DELEGATION",
 	4: "KEY_ROLE_INVOCATION",
 }
 var KeyRole_value = map[string]int32{
 	"KEY_ROLE_UNSPECIFIED":    0,
 	"KEY_ROLE_AUTHENTICATION": 1,
 	"KEY_ROLE_ASSERTION":      2,
 	"KEY_ROLE_DELEGATION":     3,
 	"KEY_ROLE_INVOCATION":     4,
 }
 func (x KeyRole) String() string {
 	return proto.EnumName(KeyRole_name, int32(x))
 }
 func (KeyRole) EnumDescriptor() ([]byte, []int) {
 	return fileDescriptor_7cc61ab03a01b9c8, []int{5}
 }
 // KeyType defines the key type
 type KeyType int32
 const (
 	KeyType_KEY_TYPE_UNSPECIFIED KeyType = 0
 	KeyType_KEY_TYPE_OCTET       KeyType = 1
 	KeyType_KEY_TYPE_ELLIPTIC    KeyType = 2
 	KeyType_KEY_TYPE_RSA         KeyType = 3
 	KeyType_KEY_TYPE_SYMMETRIC   KeyType = 4
 	KeyType_KEY_TYPE_HMAC        KeyType = 5
 )
 var KeyType_name = map[int32]string{
 	0: "KEY_TYPE_UNSPECIFIED",
 	1: "KEY_TYPE_OCTET",
 	2: "KEY_TYPE_ELLIPTIC",
 	3: "KEY_TYPE_RSA",
 	4: "KEY_TYPE_SYMMETRIC",
 	5: "KEY_TYPE_HMAC",
 }
 var KeyType_value = map[string]int32{
 	"KEY_TYPE_UNSPECIFIED": 0,
 	"KEY_TYPE_OCTET":       1,
 	"KEY_TYPE_ELLIPTIC":    2,
 	"KEY_TYPE_RSA":         3,
 	"KEY_TYPE_SYMMETRIC":   4,
 	"KEY_TYPE_HMAC":        5,
 }
 func (x KeyType) String() string {
 	return proto.EnumName(KeyType_name, int32(x))
 }
 func (KeyType) EnumDescriptor() ([]byte, []int) {
 	return fileDescriptor_7cc61ab03a01b9c8, []int{6}
 }
 // PermissionScope define the Capabilities Controllers can grant for Services
 type PermissionScope int32
 const (
 	PermissionScope_PERMISSION_SCOPE_UNSPECIFIED            PermissionScope = 0
 	PermissionScope_PERMISSION_SCOPE_BASIC_INFO             PermissionScope = 1
 	PermissionScope_PERMISSION_SCOPE_RECORDS_READ           PermissionScope = 2
 	PermissionScope_PERMISSION_SCOPE_RECORDS_WRITE          PermissionScope = 3
 	PermissionScope_PERMISSION_SCOPE_TRANSACTIONS_READ      PermissionScope = 4
 	PermissionScope_PERMISSION_SCOPE_TRANSACTIONS_WRITE     PermissionScope = 5
 	PermissionScope_PERMISSION_SCOPE_WALLETS_READ           PermissionScope = 6
 	PermissionScope_PERMISSION_SCOPE_WALLETS_CREATE         PermissionScope = 7
 	PermissionScope_PERMISSION_SCOPE_WALLETS_SUBSCRIBE      PermissionScope = 8
 	PermissionScope_PERMISSION_SCOPE_WALLETS_UPDATE         PermissionScope = 9
 	PermissionScope_PERMISSION_SCOPE_TRANSACTIONS_VERIFY    PermissionScope = 10
 	PermissionScope_PERMISSION_SCOPE_TRANSACTIONS_BROADCAST PermissionScope = 11
 	PermissionScope_PERMISSION_SCOPE_ADMIN_USER             PermissionScope = 12
 	PermissionScope_PERMISSION_SCOPE_ADMIN_VALIDATOR        PermissionScope = 13
 )
 var PermissionScope_name = map[int32]string{
 	0:  "PERMISSION_SCOPE_UNSPECIFIED",
 	1:  "PERMISSION_SCOPE_BASIC_INFO",
 	2:  "PERMISSION_SCOPE_RECORDS_READ",
 	3:  "PERMISSION_SCOPE_RECORDS_WRITE",
 	4:  "PERMISSION_SCOPE_TRANSACTIONS_READ",
 	5:  "PERMISSION_SCOPE_TRANSACTIONS_WRITE",
 	6:  "PERMISSION_SCOPE_WALLETS_READ",
 	7:  "PERMISSION_SCOPE_WALLETS_CREATE",
 	8:  "PERMISSION_SCOPE_WALLETS_SUBSCRIBE",
 	9:  "PERMISSION_SCOPE_WALLETS_UPDATE",
 	10: "PERMISSION_SCOPE_TRANSACTIONS_VERIFY",
 	11: "PERMISSION_SCOPE_TRANSACTIONS_BROADCAST",
 	12: "PERMISSION_SCOPE_ADMIN_USER",
 	13: "PERMISSION_SCOPE_ADMIN_VALIDATOR",
 }
 var PermissionScope_value = map[string]int32{
 	"PERMISSION_SCOPE_UNSPECIFIED":            0,
 	"PERMISSION_SCOPE_BASIC_INFO":             1,
 	"PERMISSION_SCOPE_RECORDS_READ":           2,
 	"PERMISSION_SCOPE_RECORDS_WRITE":          3,
 	"PERMISSION_SCOPE_TRANSACTIONS_READ":      4,
 	"PERMISSION_SCOPE_TRANSACTIONS_WRITE":     5,
 	"PERMISSION_SCOPE_WALLETS_READ":           6,
 	"PERMISSION_SCOPE_WALLETS_CREATE":         7,
 	"PERMISSION_SCOPE_WALLETS_SUBSCRIBE":      8,
 	"PERMISSION_SCOPE_WALLETS_UPDATE":         9,
 	"PERMISSION_SCOPE_TRANSACTIONS_VERIFY":    10,
 	"PERMISSION_SCOPE_TRANSACTIONS_BROADCAST": 11,
 	"PERMISSION_SCOPE_ADMIN_USER":             12,
 	"PERMISSION_SCOPE_ADMIN_VALIDATOR":        13,
 }
 func (x PermissionScope) String() string {
 	return proto.EnumName(PermissionScope_name, int32(x))
 }
 func (PermissionScope) EnumDescriptor() ([]byte, []int) {
 	return fileDescriptor_7cc61ab03a01b9c8, []int{7}
 }
 func init() {
 	proto.RegisterEnum("did.v1.AssetType", AssetType_name, AssetType_value)
 	proto.RegisterEnum("did.v1.DIDNamespace", DIDNamespace_name, DIDNamespace_value)
 	proto.RegisterEnum("did.v1.KeyAlgorithm", KeyAlgorithm_name, KeyAlgorithm_value)
 	proto.RegisterEnum("did.v1.KeyCurve", KeyCurve_name, KeyCurve_value)
 	proto.RegisterEnum("did.v1.KeyEncoding", KeyEncoding_name, KeyEncoding_value)
 	proto.RegisterEnum("did.v1.KeyRole", KeyRole_name, KeyRole_value)
 	proto.RegisterEnum("did.v1.KeyType", KeyType_name, KeyType_value)
 	proto.RegisterEnum("did.v1.PermissionScope", PermissionScope_name, PermissionScope_value)
 }
 func init() { proto.RegisterFile("did/v1/constants.proto", fileDescriptor_7cc61ab03a01b9c8) }
 var fileDescriptor_7cc61ab03a01b9c8 = []byte{
 	// 902 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x95, 0xdf, 0x72, 0xda, 0x46,
 	0x14, 0xc6, 0x2d, 0x83, 0xb1, 0xb3, 0x71, 0x92, 0x93, 0x4d, 0xe2, 0x24, 0x4d, 0x42, 0xd2, 0x24,
 	0xd3, 0x74, 0xe8, 0x8c, 0x29, 0xd8, 0x34, 0xe9, 0x4c, 0x6f, 0x56, 0xab, 0x63, 0xb3, 0x95, 0x90,
 	0x34, 0xbb, 0x0b, 0xc4, 0xbd, 0x61, 0x1c, 0xd0, 0x38, 0xcc, 0xc4, 0x88, 0x01, 0xe2, 0x29, 0x8f,
 	0xd0, 0xf6, 0xa6, 0x6f, 0xd0, 0x17, 0xe8, 0x83, 0xf4, 0xd2, 0x97, 0xbd, 0xec, 0xd8, 0x7d, 0x89,
 	0xde, 0x75, 0x84, 0xf8, 0x27, 0xc0, 0xbe, 0xe1, 0xe2, 0xf7, 0x7d, 0x3a, 0xfa, 0xce, 0x39, 0xcb,
 	0x8a, 0xec, 0xb4, 0xda, 0xad, 0xfc, 0x59, 0x21, 0xdf, 0x0c, 0x3b, 0xfd, 0xc1, 0x71, 0x67, 0xd0,
 	0xdf, 0xed, 0xf6, 0xc2, 0x41, 0x48, 0x33, 0xad, 0x76, 0x6b, 0xf7, 0xac, 0x90, 0xfb, 0xd3, 0x20,
 	0x37, 0x58, 0xbf, 0x1f, 0x0c, 0xf4, 0xb0, 0x1b, 0xd0, 0x2f, 0xc8, 0x0e, 0x53, 0x0a, 0x75, 0x43,
 	0x1f, 0xf9, 0xd8, 0xa8, 0xba, 0xca, 0x47, 0x2e, 0x0e, 0x04, 0x5a, 0xb0, 0x46, 0x1f, 0x90, 0xbb,
 	0x73, 0x9a, 0xcb, 0xb4, 0xa8, 0x21, 0x18, 0x74, 0x87, 0xd0, 0x39, 0x5c, 0x97, 0xcc, 0xf7, 0xd1,
 	0x82, 0xf5, 0x05, 0xae, 0x34, 0xb3, 0x85, 0x7b, 0x08, 0x29, 0x7a, 0x8f, 0xdc, 0x99, 0xe3, 0xbe,
 	0xe7, 0x39, 0x90, 0xa6, 0x94, 0xdc, 0x9e, 0x83, 0xc2, 0xe4, 0xb0, 0xb1, 0x60, 0xe4, 0xf5, 0xe2,
 	0xb7, 0x90, 0xc9, 0xfd, 0x67, 0x90, 0x6d, 0x4b, 0x58, 0xee, 0xf1, 0x69, 0xd0, 0xef, 0x1e, 0x37,
 	0x03, 0xfa, 0x8c, 0x3c, 0xb6, 0x84, 0xd5, 0x70, 0x59, 0x05, 0x95, 0xcf, 0xf8, 0x62, 0xe8, 0x1d,
 	0x42, 0x93, 0xb2, 0xf0, 0x0f, 0x54, 0x9c, 0x3a, 0xc9, 0x95, 0xe7, 0x4a, 0x58, 0xa7, 0x8f, 0xc9,
 	0x83, 0x24, 0x37, 0x85, 0xe6, 0x9e, 0x70, 0x21, 0x15, 0xcd, 0x26, 0x29, 0xa1, 0x2e, 0xa3, 0xc4,
 	0x6a, 0x05, 0xd2, 0xd1, 0x6c, 0x16, 0x5e, 0x33, 0x6a, 0x61, 0xe9, 0x91, 0x3a, 0x9a, 0xac, 0xaa,
 	0xcb, 0x2e, 0x64, 0x96, 0x1f, 0xb1, 0xea, 0x2e, 0x6c, 0x2e, 0x07, 0x50, 0x28, 0x6b, 0x82, 0x23,
 	0x6c, 0xe5, 0xfe, 0x35, 0xc8, 0xb6, 0x1d, 0x0c, 0xd9, 0xa7, 0x93, 0xb0, 0xd7, 0x1e, 0x7c, 0x3c,
 	0x8d, 0x7a, 0xb7, 0xf1, 0xa8, 0xc1, 0x9c, 0x43, 0x4f, 0x0a, 0x5d, 0xae, 0x2c, 0xf4, 0xfe, 0x90,
 	0xdc, 0x4b, 0xca, 0xa8, 0x8a, 0xa5, 0xef, 0xc0, 0x58, 0x25, 0xec, 0xbd, 0xdb, 0x87, 0xf5, 0x55,
 	0x42, 0xa9, 0x50, 0x84, 0xd4, 0x0a, 0xc1, 0xb2, 0x14, 0x83, 0x34, 0x7d, 0x44, 0xee, 0xaf, 0x78,
 	0x87, 0x1d, 0xf7, 0x9e, 0x54, 0x4c, 0x47, 0x15, 0x8a, 0x7b, 0x6f, 0xdf, 0x42, 0x86, 0x3e, 0x21,
 	0x0f, 0x93, 0x9a, 0x8d, 0x9c, 0x33, 0x3b, 0x4a, 0xb7, 0x99, 0x3b, 0x37, 0xc8, 0x96, 0x1d, 0x0c,
 	0xf9, 0xe7, 0xde, 0x59, 0x10, 0x8d, 0x23, 0x72, 0xf2, 0xaa, 0xac, 0x2d, 0xae, 0x96, 0x92, 0xdb,
 	0x33, 0xc9, 0x8f, 0x3b, 0x4b, 0xb2, 0xb8, 0xa9, 0x24, 0x2b, 0x15, 0x0b, 0x90, 0xa2, 0xf7, 0x09,
 	0xcc, 0xd8, 0xfb, 0x62, 0xa9, 0x54, 0xf8, 0x3e, 0x3e, 0x85, 0x73, 0x74, 0x7f, 0xff, 0x1d, 0x6c,
 	0x44, 0x6b, 0x9a, 0x31, 0xb4, 0x62, 0x6b, 0x26, 0x3a, 0x9c, 0xf3, 0x38, 0xf2, 0x6e, 0x4e, 0xa6,
 	0x14, 0x43, 0x85, 0x3c, 0x0a, 0x65, 0x17, 0x60, 0x2b, 0xf7, 0x8b, 0x41, 0x6e, 0xda, 0xc1, 0x10,
 	0x3b, 0xcd, 0xb0, 0xd5, 0xee, 0x9c, 0xd0, 0xa7, 0xe4, 0x51, 0x64, 0x44, 0x97, 0x7b, 0x96, 0x70,
 	0x0f, 0x17, 0x1a, 0x1b, 0x87, 0x9b, 0xaa, 0x92, 0xd5, 0xc1, 0x58, 0xa2, 0x65, 0x7c, 0x0f, 0xeb,
 	0x93, 0x29, 0x4f, 0x69, 0xa5, 0xea, 0x68, 0x61, 0x32, 0x85, 0xb3, 0x26, 0xa7, 0xda, 0x8f, 0x75,
 	0x1b, 0xd2, 0xb9, 0x5f, 0x0d, 0xb2, 0x69, 0x07, 0x43, 0x19, 0x7e, 0x0a, 0x26, 0xdb, 0x93, 0x9e,
 	0xb3, 0x38, 0xdc, 0xf1, 0x86, 0x46, 0x4a, 0x74, 0x62, 0xd1, 0xd5, 0x82, 0x33, 0x2d, 0x3c, 0x37,
 	0xfe, 0xf3, 0xcc, 0x44, 0xa5, 0x50, 0x8e, 0xf8, 0xf4, 0xf8, 0x8c, 0xb8, 0x85, 0x0e, 0x1e, 0xc6,
 	0x0f, 0xa4, 0x12, 0x82, 0x70, 0x6b, 0xde, 0xb8, 0x52, 0x3a, 0xf7, 0x5b, 0x1c, 0x66, 0x74, 0xf7,
 	0x8c, 0xc3, 0xac, 0xb8, 0x79, 0xc6, 0x7b, 0x19, 0x29, 0x1e, 0xd7, 0xa8, 0xc1, 0x98, 0xec, 0x65,
 	0xc4, 0xd0, 0x71, 0x84, 0xaf, 0x05, 0x87, 0x75, 0x0a, 0x64, 0x7b, 0x8a, 0xa5, 0x62, 0x90, 0x9a,
 	0x84, 0x8d, 0x6f, 0xa1, 0xa3, 0x4a, 0x05, 0xb5, 0x14, 0x1c, 0xd2, 0xf4, 0x2e, 0xb9, 0x35, 0xe5,
 	0xe5, 0x0a, 0xe3, 0xb0, 0x91, 0xfb, 0x23, 0x4d, 0xee, 0xf8, 0x41, 0xef, 0xb4, 0xdd, 0xef, 0xb7,
 	0xc3, 0x8e, 0x6a, 0x86, 0xdd, 0x80, 0xbe, 0x20, 0x4f, 0x7d, 0x94, 0x15, 0xa1, 0x94, 0xf0, 0xdc,
 	0x86, 0xe2, 0xde, 0x52, 0xba, 0xe7, 0xe4, 0xc9, 0x92, 0xc3, 0x64, 0x4a, 0xf0, 0x86, 0x70, 0x0f,
 	0x3c, 0x30, 0xe8, 0x97, 0xe4, 0xd9, 0x92, 0x41, 0x22, 0xf7, 0xa4, 0xa5, 0x1a, 0x12, 0x59, 0x74,
 	0x59, 0xbe, 0x24, 0xd9, 0x2b, 0x2d, 0x75, 0x29, 0x74, 0xb4, 0xce, 0xaf, 0xc8, 0xcb, 0x25, 0x8f,
 	0x96, 0xcc, 0x55, 0x8c, 0x47, 0xd3, 0x1c, 0xd7, 0x4a, 0xd3, 0x37, 0xe4, 0xd5, 0xf5, 0xbe, 0xb8,
 	0xe0, 0xc6, 0xca, 0x5c, 0x75, 0xe6, 0x38, 0xa8, 0xc7, 0xb5, 0x32, 0xf4, 0x15, 0x79, 0x7e, 0xa5,
 	0x85, 0x4b, 0x64, 0x1a, 0x61, 0x73, 0x65, 0xb0, 0x89, 0x49, 0x55, 0x4d, 0xc5, 0xa5, 0x30, 0x11,
 	0xb6, 0xae, 0x2d, 0x56, 0xf5, 0xad, 0xa8, 0xd8, 0x0d, 0xfa, 0x35, 0x79, 0x7d, 0x7d, 0xfa, 0x1a,
 	0x4a, 0x71, 0x70, 0x04, 0x84, 0x7e, 0x43, 0xde, 0x5c, 0xef, 0x34, 0xa5, 0xc7, 0x2c, 0xce, 0x94,
 	0x86, 0x9b, 0x2b, 0x97, 0xc4, 0xac, 0x8a, 0x70, 0x1b, 0x55, 0x85, 0x12, 0xb6, 0xe9, 0x6b, 0xf2,
 	0xe2, 0x0a, 0x43, 0x8d, 0x39, 0xc2, 0x62, 0xda, 0x93, 0x70, 0xcb, 0xfc, 0xe1, 0xaf, 0x8b, 0xac,
 	0x71, 0x7e, 0x91, 0x35, 0xfe, 0xb9, 0xc8, 0x1a, 0xbf, 0x5f, 0x66, 0xd7, 0xce, 0x2f, 0xb3, 0x6b,
 	0x7f, 0x5f, 0x66, 0xd7, 0x7e, 0x7a, 0x79, 0xd2, 0x1e, 0x7c, 0xfc, 0xfc, 0x61, 0xb7, 0x19, 0x9e,
 	0xe6, 0xc3, 0x4e, 0x3f, 0xec, 0xf4, 0xf2, 0xa3, 0x9f, 0x9f, 0xf3, 0xd1, 0x07, 0x78, 0x30, 0xec,
 	0x06, 0xfd, 0x0f, 0x99, 0xd1, 0xa7, 0x77, 0xef, 0xff, 0x00, 0x00, 0x00, 0xff, 0xff, 0x40, 0x58,
 	0x91, 0x1e, 0x94, 0x07, 0x00, 0x00,
 }
--- a/x/did/types/defaults.go
+++ b/x/did/types/defaults.go
@ -1,109 +0,0 @@
 package types
 // DefaultAssets returns the default asset infos: BTC, ETH, SNR, and USDC
 func DefaultAssets() []*AssetInfo {
 	return []*AssetInfo{
 		{
 			Name:      "Bitcoin",
 			Symbol:    "BTC",
 			Hrp:       "bc",
 			Index:     0,
 			AssetType: AssetType_ASSET_TYPE_NATIVE,
 			IconUrl:   "https://cdn.sonr.land/BTC.svg",
 		},
 		{
 			Name:      "Ethereum",
 			Symbol:    "ETH",
 			Hrp:       "eth",
 			Index:     64,
 			AssetType: AssetType_ASSET_TYPE_NATIVE,
 			IconUrl:   "https://cdn.sonr.land/ETH.svg",
 		},
 		{
 			Name:      "Sonr",
 			Symbol:    "SNR",
 			Hrp:       "idx",
 			Index:     703,
 			AssetType: AssetType_ASSET_TYPE_NATIVE,
 			IconUrl:   "https://cdn.sonr.land/SNR.svg",
 		},
 	}
 }
 // DefaultChains returns the default chain infos: Bitcoin, Ethereum, and Sonr.
 func DefaultChains() []*ChainInfo {
 	return []*ChainInfo{}
 }
 // DefaultKeyInfos returns the default key infos: secp256k1, ed25519, keccak256, and bls12377.
 func DefaultKeyInfos() []*KeyInfo {
 	return []*KeyInfo{
 		//
 		// Identity Key Info
 		//
 		// Sonr Controller Key Info
 		{
 			Role:      KeyRole_KEY_ROLE_INVOCATION,
 			Algorithm: KeyAlgorithm_KEY_ALGORITHM_ES256K,
 			Encoding:  KeyEncoding_KEY_ENCODING_HEX,
 		},
 		{
 			Role:      KeyRole_KEY_ROLE_ASSERTION,
 			Algorithm: KeyAlgorithm_KEY_ALGORITHM_BLS12377,
 			Encoding:  KeyEncoding_KEY_ENCODING_MULTIBASE,
 		},
 		//
 		// Blockchain Key Info
 		//
 		// Ethereum Key Info
 		{
 			Role:      KeyRole_KEY_ROLE_DELEGATION,
 			Algorithm: KeyAlgorithm_KEY_ALGORITHM_KECCAK256,
 			Encoding:  KeyEncoding_KEY_ENCODING_HEX,
 		},
 		// Bitcoin Key Info
 		{
 			Role:      KeyRole_KEY_ROLE_DELEGATION,
 			Algorithm: KeyAlgorithm_KEY_ALGORITHM_ES256K,
 			Encoding:  KeyEncoding_KEY_ENCODING_HEX,
 		},
 		//
 		// Authentication Key Info
 		//
 		// Browser based WebAuthn
 		{
 			Role:      KeyRole_KEY_ROLE_AUTHENTICATION,
 			Algorithm: KeyAlgorithm_KEY_ALGORITHM_ES256,
 			Encoding:  KeyEncoding_KEY_ENCODING_RAW,
 		},
 		// FIDO U2F
 		{
 			Role:      KeyRole_KEY_ROLE_AUTHENTICATION,
 			Algorithm: KeyAlgorithm_KEY_ALGORITHM_ES256K,
 			Encoding:  KeyEncoding_KEY_ENCODING_RAW,
 		},
 		// Cross-Platform Passkeys
 		{
 			Role:      KeyRole_KEY_ROLE_AUTHENTICATION,
 			Algorithm: KeyAlgorithm_KEY_ALGORITHM_EDDSA,
 			Encoding:  KeyEncoding_KEY_ENCODING_RAW,
 		},
 	}
 }
 func DefaultOpenIDConfig() *OpenIDConfig {
 	return &OpenIDConfig{
 		Issuer:                 "https://sonr.id",
 		AuthorizationEndpoint:  "https://api.sonr.id/auth",
 		TokenEndpoint:          "https://api.sonr.id/token",
 		UserinfoEndpoint:       "https://api.sonr.id/userinfo",
 		ScopesSupported:        []string{"openid", "profile", "email", "web3", "sonr"},
 		ResponseTypesSupported: []string{"code"},
 		ResponseModesSupported: []string{"query", "form_post"},
 		GrantTypesSupported:    []string{"authorization_code", "refresh_token"},
 		AcrValuesSupported:     []string{"passkey"},
 		SubjectTypesSupported:  []string{"public"},
 	}
 }
--- a/x/did/types/ec_point.go
+++ b/x/did/types/ec_point.go
@ -1,41 +0,0 @@
 package types
 import (
 	fmt "fmt"
 	"math/big"
 	"github.com/onsonr/crypto/core/curves"
 	"github.com/onsonr/crypto/signatures/ecdsa"
 	"golang.org/x/crypto/sha3"
 )
 // VerifySignature verifies the signature of a message
 func VerifySignature(key []byte, msg []byte, sig []byte) bool {
 	pp, err := buildEcPoint(key)
 	if err != nil {
 		return false
 	}
 	sigEd, err := ecdsa.DeserializeSecp256k1Signature(sig)
 	if err != nil {
 		return false
 	}
 	hash := sha3.New256()
 	_, err = hash.Write(msg)
 	if err != nil {
 		return false
 	}
 	digest := hash.Sum(nil)
 	return curves.VerifyEcdsa(pp, digest[:], sigEd)
 }
 // BuildEcPoint builds an elliptic curve point from a compressed byte slice
 func buildEcPoint(pubKey []byte) (*curves.EcPoint, error) {
 	crv := curves.K256()
 	x := new(big.Int).SetBytes(pubKey[1:33])
 	y := new(big.Int).SetBytes(pubKey[33:])
 	ecCurve, err := crv.ToEllipticCurve()
 	if err != nil {
 		return nil, fmt.Errorf("error converting curve: %v", err)
 	}
 	return &curves.EcPoint{X: x, Y: y, Curve: ecCurve}, nil
 }
--- a/x/did/types/encoding.go
+++ b/x/did/types/encoding.go
@ -0,0 +1,136 @@
 package types
 import (
 	"encoding/hex"
 	fmt "fmt"
 	"github.com/cosmos/btcutil/bech32"
 	"github.com/mr-tron/base58/base58"
 )
 type ChainCode uint32
 const (
 	ChainCodeBTC ChainCode = 0
 	ChainCodeETH ChainCode = 60
 	ChainCodeIBC ChainCode = 118
 	ChainCodeSNR ChainCode = 703
 )
 var InitialChainCodes = map[DIDNamespace]ChainCode{
 	DIDNamespace_DID_NAMESPACE_BITCOIN:  ChainCodeBTC,
 	DIDNamespace_DID_NAMESPACE_IBC:      ChainCodeIBC,
 	DIDNamespace_DID_NAMESPACE_ETHEREUM: ChainCodeETH,
 	DIDNamespace_DID_NAMESPACE_SONR:     ChainCodeSNR,
 }
 func (c ChainCode) FormatAddress(pubKey *PubKey) (string, error) {
 	switch c {
 	case ChainCodeBTC:
 		return bech32.Encode("bc", pubKey.Bytes())
 	case ChainCodeETH:
 		return bech32.Encode("eth", pubKey.Bytes())
 	case ChainCodeSNR:
 		return bech32.Encode("idx", pubKey.Bytes())
 	case ChainCodeIBC:
 		return bech32.Encode("cosmos", pubKey.Bytes())
 	}
 	return "", ErrUnsopportedChainCode
 }
 func (n DIDNamespace) ChainCode() (uint32, error) {
 	switch n {
 	case DIDNamespace_DID_NAMESPACE_BITCOIN:
 		return 0, nil
 	case DIDNamespace_DID_NAMESPACE_ETHEREUM:
 		return 64, nil
 	case DIDNamespace_DID_NAMESPACE_IBC:
 		return 118, nil
 	case DIDNamespace_DID_NAMESPACE_SONR:
 		return 703, nil
 	default:
 		return 0, fmt.Errorf("unsupported chain")
 	}
 }
 func (n DIDNamespace) DIDMethod() string {
 	switch n {
 	case DIDNamespace_DID_NAMESPACE_IPFS:
 		return "ipfs"
 	case DIDNamespace_DID_NAMESPACE_SONR:
 		return "sonr"
 	case DIDNamespace_DID_NAMESPACE_BITCOIN:
 		return "btcr"
 	case DIDNamespace_DID_NAMESPACE_ETHEREUM:
 		return "ethr"
 	case DIDNamespace_DID_NAMESPACE_IBC:
 		return "ibcr"
 	case DIDNamespace_DID_NAMESPACE_WEBAUTHN:
 		return "webauthn"
 	case DIDNamespace_DID_NAMESPACE_DWN:
 		return "motr"
 	case DIDNamespace_DID_NAMESPACE_SERVICE:
 		return "web"
 	default:
 		return "n/a"
 	}
 }
 func (n DIDNamespace) FormatDID(subject string) string {
 	return fmt.Sprintf("%s:%s", n.DIDMethod(), subject)
 }
 type EncodedKey []byte
 func (e KeyEncoding) EncodeRaw(data []byte) (EncodedKey, error) {
 	switch e {
 	case KeyEncoding_KEY_ENCODING_RAW:
 		return data, nil
 	case KeyEncoding_KEY_ENCODING_HEX:
 		return []byte(hex.EncodeToString(data)), nil
 	case KeyEncoding_KEY_ENCODING_MULTIBASE:
 		return []byte(base58.Encode(data)), nil
 	default:
 		return nil, nil
 	}
 }
 func (e KeyEncoding) DecodeRaw(data EncodedKey) ([]byte, error) {
 	switch e {
 	case KeyEncoding_KEY_ENCODING_RAW:
 		return data, nil
 	case KeyEncoding_KEY_ENCODING_HEX:
 		return hex.DecodeString(string(data))
 	case KeyEncoding_KEY_ENCODING_MULTIBASE:
 		return base58.Decode(string(data))
 	default:
 		return nil, nil
 	}
 }
 type COSEAlgorithmIdentifier int
 func (k KeyAlgorithm) CoseIdentifier() COSEAlgorithmIdentifier {
 	switch k {
 	case KeyAlgorithm_KEY_ALGORITHM_ES256:
 		return COSEAlgorithmIdentifier(-7)
 	case KeyAlgorithm_KEY_ALGORITHM_ES384:
 		return COSEAlgorithmIdentifier(-35)
 	case KeyAlgorithm_KEY_ALGORITHM_ES512:
 		return COSEAlgorithmIdentifier(-36)
 	case KeyAlgorithm_KEY_ALGORITHM_EDDSA:
 		return COSEAlgorithmIdentifier(-8)
 	case KeyAlgorithm_KEY_ALGORITHM_ES256K:
 		return COSEAlgorithmIdentifier(-10)
 	default:
 		return COSEAlgorithmIdentifier(0)
 	}
 }
 func (k KeyCurve) ComputePublicKey(data []byte) (*PubKey, error) {
 	return nil, ErrUnsupportedKeyCurve
 }
--- a/Show More
+++ b/Show More