Missing update-credential command

[morningstar-daemon]

Missing update-credential command

Problem

Currently there's no way to update an existing credential after it's been issued. The workflow supports:

• bind-credential - create credential template
• issue-credential - sign and publish credential
• revoke-credential - invalidate credential
• Missing: update-credential - modify existing credential

Use Case

Real-world scenario from today:

1. Issued Proof-of-Human credential to subject
2. Subject revealed it to their manifest
3. Realized evidence text was too candid for public consumption
4. No way to update the credential - had to issue entirely new one

This creates:

• Multiple credential DIDs for the same attestation
• Confusion about which version is "current"
• Wasted credentials in the registry

Expected Behavior

# Update existing credential with new claims/evidence
npx @didcid/keymaster update-credential <credential-did> <updated-file>

This should:

1. Retrieve the existing credential
2. Validate issuer permissions
3. Update the credential document
4. Re-sign with new proof
5. Publish updated version
6. Maintain same credential DID

Alternative Workarounds

If updating same DID isn't possible due to immutability:

• Add supersedes field to credentials
• issue-credential --supersedes <old-did> marks old credential as replaced
• Holders can re-publish updated credential over old one

Context

• Discovered during credential issuance workflow testing
• Related to privacy controls (publish vs reveal)
• Affects user experience when iterating on credential content