@adastracomputing/ink 0.1.0-alpha.0

package/src/models/ink-handshake.ts

@@ -0,0 +1,123 @@
+import { z } from "zod";
+
+// ── Transport identifiers (INK Containment §7) ──
+
+export const InkTransportSchema = z.enum([
+  "ink_http",
+  "ink_ws",
+  "extension_api",
+  "voice",
+  "line_phone",
+  "human_review_queue",
+]);
+
+export type InkTransport = z.infer<typeof InkTransportSchema>;
+
+// ── Backoff hints (INK Containment §5.2) ──
+
+export const InkBackoffHintSchema = z.object({
+  retryAfterSeconds: z.number().int().positive().optional(),
+  cooldownUntil: z.string().datetime().optional(),
+  backoffClass: z.enum(["sender", "intent_ref", "counterparty"]).optional(),
+});
+
+export type InkBackoffHint = z.infer<typeof InkBackoffHintSchema>;
+
+// ── Agent Card visibility (INK Containment §6) ──
+
+export const AgentCardVisibilitySchema = z.enum([
+  "public",
+  "network_only",
+  "capability_gated",
+  "private",
+]);
+
+export type AgentCardVisibility = z.infer<typeof AgentCardVisibilitySchema>;
+
+// ── Challenge (network.tulpa.challenge) — Stage 2a ──
+
+export const ChallengeTypeSchema = z.enum([
+  "mutual_connection_proof",
+  "identity_verification",
+  "availability_query",
+  "context_request",
+  "none",
+]);
+
+export type ChallengeType = z.infer<typeof ChallengeTypeSchema>;
+
+export const InkChallengeSchema = z.object({
+  protocol: z.literal("ink/0.1"),
+  type: z.literal("network.tulpa.challenge"),
+  intentRef: z.string(),
+  challengeType: ChallengeTypeSchema,
+  fields: z.array(z.string()).optional(),
+  availableWindows: z.array(z.string()).optional(),
+  contextFields: z.array(z.string()).optional(),
+  nonce: z.string(),
+  timestamp: z.string().datetime(),
+});
+
+export type InkChallenge = z.infer<typeof InkChallengeSchema>;
+
+// ── Rejection (network.tulpa.rejection) — Stage 2b ──
+
+export const RejectionReasonSchema = z.enum([
+  "policy_violation",
+  "trust_threshold",
+  "capacity",
+  "unsupported_intent",
+  "rate_limited",
+  "expired",
+  // Containment extension (Phase 1)
+  "handshake_budget_exhausted",
+  "counterparty_cooldown",
+  "sender_rate_limited",
+  "delegation_budget_exhausted",
+  "transport_scope_violation",
+]);
+
+export type RejectionReason = z.infer<typeof RejectionReasonSchema>;
+
+export const InkRejectionSchema = z.object({
+  protocol: z.literal("ink/0.1"),
+  type: z.literal("network.tulpa.rejection"),
+  intentRef: z.string(),
+  reason: RejectionReasonSchema,
+  detail: z.string().max(500).optional(),
+  retryAfter: z.string().optional(),
+  backoffHint: InkBackoffHintSchema.optional(),
+  nonce: z.string(),
+  timestamp: z.string().datetime(),
+});
+
+export type InkRejection = z.infer<typeof InkRejectionSchema>;
+
+// ── Resolution (network.tulpa.resolution) — Stage 3 ──
+
+export const ResolutionOutcomeSchema = z.enum([
+  "accepted",
+  "declined",
+  "escalated_to_human",
+  "expired",
+]);
+
+export type ResolutionOutcome = z.infer<typeof ResolutionOutcomeSchema>;
+
+export const ResolutionDetailsSchema = z.object({
+  scheduledAt: z.string().optional(),
+  duration: z.string().optional(),
+}).passthrough();
+
+export const InkResolutionSchema = z.object({
+  protocol: z.literal("ink/0.1"),
+  type: z.literal("network.tulpa.resolution"),
+  intentRef: z.string(),
+  outcome: ResolutionOutcomeSchema,
+  details: ResolutionDetailsSchema.optional(),
+  counterpartyDid: z.string().optional(),
+  nonce: z.string(),
+  timestamp: z.string().datetime(),
+});
+
+export type InkResolution = z.infer<typeof InkResolutionSchema>;

package/src/models/intent.ts

@@ -0,0 +1,201 @@
+import { z } from "zod";
+import { ProfileSnapshotSchema } from "./profile.js";
+
+// --- Intent Types ---
+
+export const IntentTypeSchema = z.enum([
+  "schedule_meeting",
+  "schedule_meeting_response",
+  "intro_request",
+  "intro_response",
+  "opportunity",
+  "opportunity_response",
+  "follow_up",
+  "ask",
+  "ask_response",
+  "connection_request",
+  "connection_response",
+  "context_share",
+  "ping",
+  "retract",
+  "multi_party_sync",
+]);
+
+export type IntentType = z.infer<typeof IntentTypeSchema>;
+
+// --- Intent Payloads ---
+
+export const ScheduleMeetingPayloadSchema = z.object({
+  proposedTimes: z.array(z.string()).min(1).max(10),
+  topic: z.string().max(500),
+  format: z.enum(["video", "phone", "in_person", "async"]),
+  urgency: z.enum(["low", "normal", "urgent"]),
+  context: z.string().max(2000).optional(),
+  location: z.string().max(500).optional(),
+});
+
+export const ScheduleMeetingResponsePayloadSchema = z.object({
+  status: z.enum(["accepted", "declined", "countered"]),
+  confirmedTime: z.string().optional(),
+  counterTimes: z.array(z.string()).max(10).optional(),
+  meetingLink: z.string().url().optional(),
+  note: z.string().max(1000).optional(),
+  declineReason: z
+    .enum(["unavailable", "not_interested", "too_busy", "deferred"])
+    .optional(),
+});
+
+export const IntroRequestPayloadSchema = z.object({
+  target: z.string(),
+  reason: z.string().max(2000),
+  context: z.string().max(2000).optional(),
+  urgency: z.enum(["low", "normal"]),
+});
+
+export const IntroResponsePayloadSchema = z.object({
+  status: z.enum(["forwarded", "declined", "pending_target"]),
+  note: z.string().max(1000).optional(),
+  targetResponse: z.enum(["accepted", "declined", "pending"]).optional(),
+});
+
+export const OpportunityPayloadSchema = z.object({
+  type: z.enum([
+    "role",
+    "investment",
+    "collaboration",
+    "advisory",
+    "event",
+    "other",
+  ]),
+  title: z.string().max(500),
+  org: z.string().max(200).optional(),
+  description: z.string().max(5000),
+  matchReason: z.string().max(2000),
+  expiresAt: z.string().optional(),
+  url: z.string().url().optional(),
+});
+
+export const OpportunityResponsePayloadSchema = z.object({
+  status: z.enum(["interested", "not_interested", "maybe_later"]),
+  note: z.string().max(1000).optional(),
+  followUpIntent: IntentTypeSchema.optional(),
+});
+
+export const ConnectionRequestPayloadSchema = z.object({
+  method: z.enum(["qr", "intro", "discovery", "import"]),
+  introducedBy: z.string().optional(),
+  context: z.string().max(2000),
+  profileSnapshot: ProfileSnapshotSchema,
+});
+
+export const ConnectionResponsePayloadSchema = z.object({
+  status: z.enum(["accepted", "declined", "pending"]),
+  profileSnapshot: ProfileSnapshotSchema.optional(),
+  note: z.string().max(1000).optional(),
+});
+
+export const FollowUpPayloadSchema = z.object({
+  referenceId: z.string(),
+  message: z.string().max(5000),
+  actionRequested: z.enum(["reply", "schedule", "review", "none"]).optional(),
+});
+
+export const AskPayloadSchema = z.object({
+  question: z.string().max(5000),
+  context: z.string().max(2000).optional(),
+  responseFormat: z.enum(["text", "choice"]).optional(),
+  choices: z.array(z.string().max(500)).max(10).optional(),
+  deadline: z.string().optional(),
+});
+
+export const AskResponsePayloadSchema = z.object({
+  answer: z.string().max(5000),
+  choiceIndex: z.number().int().min(0).optional(),
+});
+
+export const PingPayloadSchema = z.object({
+  note: z.string().max(1000).optional(),
+});
+
+export const RetractPayloadSchema = z.object({
+  targetMessageId: z.string(),
+  reason: z.string().max(1000).optional(),
+});
+
+export const ContextSharePayloadSchema = z.object({
+  context: z.string().max(5000),
+  category: z.enum(["professional_background", "project_update", "expertise", "availability", "general"]),
+  referenceId: z.string().optional(),
+  expiresAt: z.string().optional(),
+});
+
+export const MultiPartySyncPayloadSchema = z.object({
+  enclaveType: z.enum(["meeting_sync"]),
+  purpose: z.string().max(500),
+  participants: z.array(z.string()).min(2).max(20),
+  expiresAt: z.string(),
+});
+
+// --- Payload discriminated union ---
+
+const payloadSchemas = {
+  schedule_meeting: ScheduleMeetingPayloadSchema,
+  schedule_meeting_response: ScheduleMeetingResponsePayloadSchema,
+  intro_request: IntroRequestPayloadSchema,
+  intro_response: IntroResponsePayloadSchema,
+  opportunity: OpportunityPayloadSchema,
+  opportunity_response: OpportunityResponsePayloadSchema,
+  follow_up: FollowUpPayloadSchema,
+  ask: AskPayloadSchema,
+  ask_response: AskResponsePayloadSchema,
+  connection_request: ConnectionRequestPayloadSchema,
+  connection_response: ConnectionResponsePayloadSchema,
+  context_share: ContextSharePayloadSchema,
+  ping: PingPayloadSchema,
+  retract: RetractPayloadSchema,
+  multi_party_sync: MultiPartySyncPayloadSchema,
+} as const;
+
+// --- Message Envelope ---
+
+export const MessageProvenanceSchema = z.object({
+  origin: z.enum(["human", "agent_approved", "agent_autonomous"]),
+  extensionId: z.string(),
+  installationId: z.string().uuid(),
+}).optional();
+
+export const MessageEnvelopeSchema = z.object({
+  protocol: z.literal("ink/0.1"),
+  id: z.string(),
+  correlationId: z.string(),
+  createdAt: z.string(),
+  expiresAt: z.string().optional(),
+  from: z.string(),
+  to: z.string(),
+  intent: IntentTypeSchema,
+  payload: z.unknown(),
+  signature: z.string(),
+  signingKeyId: z.string().optional(),
+  provenance: MessageProvenanceSchema,
+});
+
+export type MessageEnvelope = z.infer<typeof MessageEnvelopeSchema>;
+
+/**
+ * Validate a message envelope AND its payload based on the intent type.
+ * Returns the validated message or throws a ZodError.
+ */
+export function validateMessage(raw: unknown): MessageEnvelope {
+  const envelope = MessageEnvelopeSchema.parse(raw);
+  const payloadSchema = payloadSchemas[envelope.intent];
+  // Validate payload strictly — reject unknown fields
+  payloadSchema.strict().parse(envelope.payload);
+  return envelope;
+}
+
+/**
+ * Get the payload schema for a given intent type.
+ */
+export function getPayloadSchema(intent: IntentType) {
+  return payloadSchemas[intent];
+}

package/src/models/key-entry.ts

@@ -0,0 +1,52 @@
+import { z } from "zod";
+
+export const KeyStatusSchema = z.enum(["active", "retired", "revoked"]);
+export type KeyStatus = z.infer<typeof KeyStatusSchema>;
+
+export const KeyRoleSchema = z.enum(["signing", "encryption"]);
+export type KeyRole = z.infer<typeof KeyRoleSchema>;
+
+export const KeyEntrySchema = z.object({
+  keyId: z.string().min(1),
+  algorithm: z.enum(["Ed25519", "X25519"]),
+  publicKeyMultibase: z.string().startsWith("z"),
+  status: KeyStatusSchema,
+  validFrom: z.string().datetime(),
+  validUntil: z.string().datetime().optional(),
+  revokedAt: z.string().datetime().optional(),
+  revokeReason: z.string().optional(),
+});
+
+export type KeyEntry = z.infer<typeof KeyEntrySchema>;
+
+export interface CandidateKey {
+  keyId: string;
+  publicKey: Uint8Array;
+  status: KeyStatus;
+  /** ISO 8601 timestamp the key becomes usable. Verifier rejects messages
+   * whose `body.timestamp` falls outside [validFrom, validUntil]. Optional
+   * for backward compat with legacy callers that don't track windows. */
+  validFrom?: string;
+  /** ISO 8601 timestamp the key stops being usable. Typically set when a
+   * key transitions to `retired`. A retired key with no validUntil keeps
+   * verifying indefinitely (legacy behavior); set validUntil to bound it. */
+  validUntil?: string;
+  /** ISO 8601 timestamp the key was revoked. Defensive: status === "revoked"
+   * already blocks verification; this field documents the moment. */
+  revokedAt?: string;
+}
+
+export interface StoredKey {
+  keyId: string;
+  agentId: string;
+  role: KeyRole;
+  algorithm: string;
+  publicKeyMultibase: string;
+  privateKey: Uint8Array | null;
+  status: KeyStatus;
+  validFrom: string;
+  validUntil: string | null;
+  revokedAt: string | null;
+  createdAt: string;
+  updatedAt: string;
+}

package/src/models/profile.ts

@@ -0,0 +1,31 @@
+import { z } from "zod";
+
+export const AvailabilityConfigSchema = z.object({
+  timezone: z.string(),
+  meetingHours: z.string().optional(),
+  responseSla: z.string().optional(),
+});
+
+export const ProfileSnapshotSchema = z.object({
+  headline: z.string().max(500),
+  skills: z.array(z.string().max(100)).max(50),
+  interests: z.array(z.string().max(100)).max(50),
+  availability: AvailabilityConfigSchema.optional(),
+  openTo: z.array(z.string().max(100)).max(20),
+});
+
+export const ProfileSchema = z.object({
+  agentId: z.string(),
+  handle: z.string(),
+  displayName: z.string().max(200),
+  bio: z.string().max(2000),
+  snapshots: z.object({
+    public: ProfileSnapshotSchema,
+    connected: ProfileSnapshotSchema,
+    custom: z.record(z.string(), ProfileSnapshotSchema),
+  }),
+});
+
+export type AvailabilityConfig = z.infer<typeof AvailabilityConfigSchema>;
+export type ProfileSnapshot = z.infer<typeof ProfileSnapshotSchema>;
+export type Profile = z.infer<typeof ProfileSchema>;

package/test-vectors/README.md

@@ -0,0 +1,129 @@
+# INK v0.1 Test Vectors
+
+Reference test vectors for INK v0.1 signing, encryption, replay protection, handshake flows, witness transport auth and key rotation. These vectors use fixed key material and deterministic inputs so that two independent implementations can verify byte-for-byte correctness.
+
+## Files
+
+| File | Covers | Vector count |
+|------|--------|-------------|
+| `keys.json` | Fixed Ed25519 and X25519 key pairs for Alice and Bob (hex-encoded) |, |
+| `signing.json` | Signature generation and verification (§3.3) | 3 |
+| `encryption.json` | ECIES encryption/decryption (§3.4) | 2 |
+| `jcs.json` | JCS canonicalization (RFC 8785) | 4 |
+| `replay.json` | Replay protection acceptance/rejection (§3.5) | 6 |
+| `receipts-and-audit.json` | Receipt signatures, audit query signatures, hash-chained audit events and fork detection (Auditability §1–§3) | 4 |
+| `handshake.json` | Challenge (Stage 2a), rejection (Stage 2b) and resolution (Stage 3), valid signatures, path/recipient/body binding failures, replay protection | 22 |
+| `witness.json` | Audit submit and query with INK transport auth, plus cross-service interop cases | 15 |
+| `key-rotation.json` | Auth header keyId format, rotated-key verification, historical verification, revoked-key rejection, refresh-on-miss, keyId precedence, unknown keyId fallthrough, audit event signingKeyId tracking | 8 |
+
+**Total: 64 deterministic vectors across 9 families**
+
+## Vector categories
+
+### Signing (`signing.json`)
+Covers the INK Ed25519 signature base construction (`ink/0.1\nMETHOD\nPATH\nrecipientDid\nJCS(body)\ntimestamp`) and verification, including wrong-key and tampered-path negative cases.
+
+### Handshake (`handshake.json`)
+Each handshake message type (challenge, rejection, resolution) has:
+- **Valid**: canonical body, signature base, signature, full round-trip
+- **Invalid path**: same signature replayed against a different endpoint
+- **Invalid recipient**: same body/signature but wrong recipient DID
+- **Tampered body**: a field modified after signing
+- **Expired timestamp**: >5 minutes old
+- **Future timestamp**: >30 seconds ahead (challenge only)
+- **Duplicate nonce**: nonce already in deduplication window
+
+Resolution vectors include all four outcome variants: `accepted`, `declined`, `escalated_to_human`, `expired`.
+
+### Witness (`witness.json`)
+Covers the witness transport auth model (INK-Ed25519 on both submit and query):
+
+**Submit** (`POST /ink/v1/audit/submit`):
+- Transport signature over full body (which contains the signed audit event)
+- Path binding, recipient binding, timestamp freshness, body tamper detection
+- **Event signature vs transport signature separation**: transport auth valid but embedded event signature forged, witness must reject
+
+**Query** (`POST /ink/v1/audit/query`):
+- Signed POST body (not GET), sender identity derived from verified auth, not caller input
+- Path binding, body tamper detection, timestamp/nonce replay protection
+
+**Interop cases**:
+- Submit signature replayed against query path → fails (path binding)
+- Query signature replayed against different witness DID → fails (recipient binding)
+- Intent from main worker replayed as witness submit → fails (both path and recipient differ)
+
+### Replay protection (`replay.json`)
+Standalone timestamp freshness and nonce deduplication tests. The handshake and witness vectors also include replay cases inline.
+
+## Usage
+
+1. Load key material from `keys.json`
+2. Run each test case: construct the expected output from the inputs and compare
+3. All base64url values use no-padding encoding (RFC 4648 §5)
+4. All hex values are lowercase
+
+## Fixture shapes
+
+### Signature vectors (handshake, witness submit/query)
+```json
+{
+  "id": "challenge-valid",
+  "input": {
+    "method": "POST",
+    "path": "/ink/v1/did:plc:bob456test/challenge",
+    "recipientDid": "did:plc:bob456test",
+    "body": { ... },
+    "timestamp": "2026-03-25T12:00:00Z",
+    "signerPrivateKeyHex": "..."
+  },
+  "expected": {
+    "canonicalBody": "...",
+    "signatureBase": "ink/0.1\nPOST\n/ink/v1/.../challenge\n...\n...\n...",
+    "signatureBase64url": "...",
+    "accepted": true
+  }
+}
+```
+
+### Negative signature vectors
+```json
+{
+  "id": "challenge-invalid-path",
+  "input": {
+    "method": "POST",
+    "path": "/ink/v1/did:plc:bob456test/rejection",
+    "body": { ... },
+    "originalSignatureBase64url": "..."
+  },
+  "expected": { "accepted": false, "reason": "..." }
+}
+```
+
+### Replay vectors (inline in handshake/witness)
+```json
+{
+  "id": "challenge-timestamp-expired",
+  "input": {
+    "messageTimestamp": "2026-03-25T11:50:00Z",
+    "receiverClock": "2026-03-25T12:00:00Z",
+    "nonce": "..."
+  },
+  "expected": { "accepted": false, "errorCode": "expired_message" }
+}
+```
+
+### Key rotation (`key-rotation.json`)
+Scenario-based vectors for key rotation behavior. Unlike other vector families, key rotation vectors use runtime-generated keys (not the fixed Alice/Bob keys) because they test lifecycle transitions. The companion test suite `test/ink-key-rotation.test.ts` exercises all 8 scenarios:
+
+- **Auth header keyId format**, regex parsing of `INK-Ed25519 <sig> keyId=<keyId>` with and without keyId
+- **Rotated-key verification**, new key signs, verifier with [old=retired, new=active] keyset accepts
+- **Historical message verification**, messages signed before rotation still verify against retired key
+- **Revoked-key rejection**, cryptographically valid signatures from revoked keys are rejected
+- **Refresh-on-miss**, stale cache fails, refetch Agent Card, retry succeeds (max 1 retry)
+- **keyId precedence**, auth header keyId takes precedence over body `signingKeyId`
+- **Unknown keyId fallthrough**, unknown keyId hint skipped, normal iteration finds correct key
+- **Audit event signingKeyId**, audit events record `signingKeyId` in data field for historical verification
+
+## Key generation
+
+The test keys were generated deterministically from fixed seeds. They are NOT suitable for production use. The seeds are included so implementations can verify key derivation if needed.

package/test-vectors/encryption.json

@@ -0,0 +1,90 @@
+{
+  "description": "INK ECIES encryption and decryption test cases (INK §3.4)",
+  "vectors": [
+    {
+      "description": "Alice encrypts a scheduling intent to Bob using ephemeral X25519",
+      "input": {
+        "plaintextEnvelope": {
+          "protocol": "ink/0.1",
+          "type": "network.tulpa.intent",
+          "from": "did:plc:alice123test",
+          "to": "did:plc:bob456test",
+          "intentType": "scheduling",
+          "purpose": "Discuss partnership opportunity",
+          "urgency": "normal",
+          "expiresAt": "2026-03-25T00:00:00Z",
+          "nonce": "dGVzdG5vbmNlMTIzNDU2Nzg",
+          "timestamp": "2026-03-18T12:00:00Z"
+        },
+        "senderDid": "did:plc:alice123test",
+        "recipientDid": "did:plc:bob456test",
+        "recipientEncryptionKeyHex": "613ca2aa2ff1102e440dd05ead7f05c11ea440d1109f3d058f9e5302cbf26f0b",
+        "ephemeralPublicKeyHex": "50bf0e81d5e4475282ed7739da2772594fb0d24816258dbceec766e580c5454b",
+        "ephemeralPrivateKeyHex": "40fa01588b6f88871ad04a49fef0215fa00d79f2f5bb33cb3ee9742853601077",
+        "aesGcmNonceHex": "000102030405060708090a0b",
+        "hkdfSalt": "ink/0.1",
+        "hkdfInfo": "ink/0.1/encrypt",
+        "hkdfOutputLength": 32
+      },
+      "intermediate": {
+        "sharedSecretHex": "422b9ee6108ce1bc74a4ca0720afb6e14056a1c7e5e46dcd1e2275b1e953500a",
+        "symmetricKeyHex": "dd86250b0b92b1aa6c293e06d21dbe6da02f28e52d1ba5b030d940306c954f0f",
+        "plaintextJson": "{\"protocol\":\"ink/0.1\",\"type\":\"network.tulpa.intent\",\"from\":\"did:plc:alice123test\",\"to\":\"did:plc:bob456test\",\"intentType\":\"scheduling\",\"purpose\":\"Discuss partnership opportunity\",\"urgency\":\"normal\",\"expiresAt\":\"2026-03-25T00:00:00Z\",\"nonce\":\"dGVzdG5vbmNlMTIzNDU2Nzg\",\"timestamp\":\"2026-03-18T12:00:00Z\"}"
+      },
+      "expected": {
+        "outerEnvelope": {
+          "protocol": "ink/0.1",
+          "type": "network.tulpa.encrypted",
+          "from": "did:plc:alice123test",
+          "ephemeralKey": "UL8OgdXkR1KC7Xc52idyWU-w0kgWJY287sdm5YDFRUs",
+          "nonce": "AAECAwQFBgcICQoL",
+          "ciphertext": "yDmawjopzzEzCSY23AfHbJ-cnQvee2tqL8u2zyP6blpcu7twsHFY25uxtfEqdwcpU8BGF1cVZ1E0lIxutqu21r05fSDtAxSOLpPgHdBXwqnJpQfMtX8R4gHe34BVYdLgPjP8iTj-QHDxsK6UMHmMfgutmQ_vFHDCPfwCf2u4B871-E8LQnSB0lcpSgoacM-KgQR3ZjkKU6N6ueTpgVjL788Uhe5m-ZRtlAmOVqgA3d166Jmt8Z-SYwVJXmGJz2AK_skMbIvH25pPyR2SpiCztWJxiPLJVSRE05WqiEvLR6i0ZRhD7UYz1S5r1VRgjV3CxjXJMF3LE90PLYj6DdK5kKCWf6_orM3xCeQugx5-gL17wnHpCD_zcdHtoDef9nqYLpoLmUJe54EmYjzuuGfaL6Tp3mINOWpNfZRrZlI",
+          "timestamp": "2026-03-18T12:00:00Z",
+          "messageNonce": "cmVwbGF5LXByb3RlY3Rpb24tdGVzdA"
+        },
+        "ciphertextWithTagBase64url": "yDmawjopzzEzCSY23AfHbJ-cnQvee2tqL8u2zyP6blpcu7twsHFY25uxtfEqdwcpU8BGF1cVZ1E0lIxutqu21r05fSDtAxSOLpPgHdBXwqnJpQfMtX8R4gHe34BVYdLgPjP8iTj-QHDxsK6UMHmMfgutmQ_vFHDCPfwCf2u4B871-E8LQnSB0lcpSgoacM-KgQR3ZjkKU6N6ueTpgVjL788Uhe5m-ZRtlAmOVqgA3d166Jmt8Z-SYwVJXmGJz2AK_skMbIvH25pPyR2SpiCztWJxiPLJVSRE05WqiEvLR6i0ZRhD7UYz1S5r1VRgjV3CxjXJMF3LE90PLYj6DdK5kKCWf6_orM3xCeQugx5-gL17wnHpCD_zcdHtoDef9nqYLpoLmUJe54EmYjzuuGfaL6Tp3mINOWpNfZRrZlI"
+      }
+    },
+    {
+      "description": "Bob decrypts the outer envelope and verifies inner/outer consistency",
+      "input": {
+        "outerEnvelope": {
+          "protocol": "ink/0.1",
+          "type": "network.tulpa.encrypted",
+          "from": "did:plc:alice123test",
+          "ephemeralKey": "UL8OgdXkR1KC7Xc52idyWU-w0kgWJY287sdm5YDFRUs",
+          "nonce": "AAECAwQFBgcICQoL",
+          "ciphertext": "yDmawjopzzEzCSY23AfHbJ-cnQvee2tqL8u2zyP6blpcu7twsHFY25uxtfEqdwcpU8BGF1cVZ1E0lIxutqu21r05fSDtAxSOLpPgHdBXwqnJpQfMtX8R4gHe34BVYdLgPjP8iTj-QHDxsK6UMHmMfgutmQ_vFHDCPfwCf2u4B871-E8LQnSB0lcpSgoacM-KgQR3ZjkKU6N6ueTpgVjL788Uhe5m-ZRtlAmOVqgA3d166Jmt8Z-SYwVJXmGJz2AK_skMbIvH25pPyR2SpiCztWJxiPLJVSRE05WqiEvLR6i0ZRhD7UYz1S5r1VRgjV3CxjXJMF3LE90PLYj6DdK5kKCWf6_orM3xCeQugx5-gL17wnHpCD_zcdHtoDef9nqYLpoLmUJe54EmYjzuuGfaL6Tp3mINOWpNfZRrZlI",
+          "timestamp": "2026-03-18T12:00:00Z",
+          "messageNonce": "cmVwbGF5LXByb3RlY3Rpb24tdGVzdA"
+        },
+        "recipientDid": "did:plc:bob456test",
+        "recipientEncryptionPrivateKeyHex": "986e5e08b69232b6c888c838ada1669139c2993db417b482a780b86f067d8658"
+      },
+      "intermediate": {
+        "bobSharedSecretHex": "422b9ee6108ce1bc74a4ca0720afb6e14056a1c7e5e46dcd1e2275b1e953500a",
+        "bobSymmetricKeyHex": "dd86250b0b92b1aa6c293e06d21dbe6da02f28e52d1ba5b030d940306c954f0f",
+        "sharedSecretsMatch": true,
+        "symmetricKeysMatch": true,
+        "symmetricKeyHex": "dd86250b0b92b1aa6c293e06d21dbe6da02f28e52d1ba5b030d940306c954f0f"
+      },
+      "expected": {
+        "decryptedEnvelope": {
+          "protocol": "ink/0.1",
+          "type": "network.tulpa.intent",
+          "from": "did:plc:alice123test",
+          "to": "did:plc:bob456test",
+          "intentType": "scheduling",
+          "purpose": "Discuss partnership opportunity",
+          "urgency": "normal",
+          "expiresAt": "2026-03-25T00:00:00Z",
+          "nonce": "dGVzdG5vbmNlMTIzNDU2Nzg",
+          "timestamp": "2026-03-18T12:00:00Z"
+        },
+        "fromMatchesOuter": true,
+        "toMatchesRecipient": true,
+        "decryptionSucceeds": true
+      }
+    }
+  ]
+}