@adastracomputing/ink 0.1.5 → 0.1.6

package/CHANGELOG.md

@@ -8,6 +8,18 @@ here. Pre-1.0 releases follow `0.Y.Z` semantics, see
 
 No unreleased changes.
 
+## 0.1.6, expose intent + key-entry types and add optional inclusionProof to InkAuditInclusionSchema
+
+Pure additive release. Two surface expansions and one backward-compatible schema addition:
+
+- **Intent surface** — re-exports `IntentTypeSchema` constant and `IntentType` type from the package root. Adopters writing payload-aware receivers can now type their intent dispatch off the canonical Zod enum without reaching into a deep path.
+- **Key-entry surface** — re-exports `KeyStatusSchema`, `KeyRoleSchema`, `KeyEntrySchema` constants and `KeyStatus`, `KeyRole`, `KeyEntry`, `StoredKey` types. Adopters wiring their own key-set storage and rotation can now type the persistence shapes without reaching into a deep path. `CandidateKey` was already root-exported.
+- **InkAuditInclusionSchema** — adds an optional `inclusionProof: z.array(z.string()).optional()` field. Third-party auditor clients that verify Merkle inclusion proofs use this field; receivers that only check signatures can ignore it. Backward-compatible because the field is optional — receivers on 0.1.5 work unchanged on 0.1.6.
+
+No wire-level changes. No behavior changes inside the existing functions.
+
+Per the pre-1.0 policy this release publishes under the `next` dist-tag.
+
 ## 0.1.5, expose handshake type re-exports and InkTransportSchema from the package root
 
 Pure additive release. Re-exports the `InkChallenge`, `InkRejection`, `InkResolution`, `InkTransport` types and the `InkTransportSchema` constant from the package root. Adopters writing handshake-aware receivers can now type their state-machine without reaching into a deep path. No wire-level changes. No behavior changes inside the existing functions. Receivers on 0.1.4 work unchanged on 0.1.5.

package/dist/index.d.ts

@@ -16,8 +16,10 @@ export type { InkAuditEventType, InkAuditEvent, InkAuditInclusion, InkReceipt, I
 export { InkChallengeSchema, InkRejectionSchema, InkResolutionSchema, InkTransportSchema, } from "./models/ink-handshake.js";
 export type { AgentCardVisibility, InkChallenge, InkRejection, InkResolution, InkTransport, } from "./models/ink-handshake.js";
 export { AgentCardSchema } from "./models/agent-card.js";
-export { validateMessage, MessageEnvelopeSchema } from "./models/intent.js";
-export type { MessageEnvelope } from "./models/intent.js";
+export { validateMessage, MessageEnvelopeSchema, IntentTypeSchema, } from "./models/intent.js";
+export type { MessageEnvelope, IntentType, } from "./models/intent.js";
+export { KeyStatusSchema, KeyRoleSchema, KeyEntrySchema, } from "./models/key-entry.js";
+export type { KeyStatus, KeyRole, KeyEntry, StoredKey, } from "./models/key-entry.js";
 export type { InkSignInput } from "./crypto/ink.js";
 export type { CandidateKey } from "./models/key-entry.js";
 export { resolveAgentInbox } from "./models/agent-card.js";

package/dist/index.js

@@ -32,5 +32,9 @@ export { AgentCardSchema } from "./models/agent-card.js";
 // reject malformed envelopes before signature verification; without
 // it they have to re-implement the schema check or import from a
 // non-public path.
-export { validateMessage, MessageEnvelopeSchema } from "./models/intent.js";
+export { validateMessage, MessageEnvelopeSchema, IntentTypeSchema, } from "./models/intent.js";
+// Key-entry types and schemas for adopters wiring their own key-set
+// storage and rotation. `CandidateKey` was already root-exported via
+// the verifier surface; this batch adds the persistence shapes.
+export { KeyStatusSchema, KeyRoleSchema, KeyEntrySchema, } from "./models/key-entry.js";
 export { resolveAgentInbox } from "./models/agent-card.js";

package/dist/models/ink-audit.d.ts

@@ -301,6 +301,7 @@ export declare const InkAuditInclusionSchema: z.ZodObject<{
     treeSize: z.ZodNumber;
     leafIndex: z.ZodNumber;
     rootHash: z.ZodString;
+    inclusionProof: z.ZodOptional<z.ZodArray<z.ZodString>>;
     timestamp: z.ZodString;
     serviceSignature: z.ZodString;
 }, z.core.$strip>;

package/dist/models/ink-audit.js

@@ -132,6 +132,14 @@ export const InkAuditInclusionSchema = z.object({
     treeSize: z.number().int().positive(),
     leafIndex: z.number().int().min(0),
     rootHash: z.string(),
+    /** Optional Merkle inclusion proof — array of 64-character lowercase hex
+     *  hash siblings on the path from the leaf to the root. Consumers that
+     *  verify proofs (third-party auditor clients) read this field; consumers
+     *  that only check signatures can ignore it. Bounds mirror the verifier's
+     *  own input validation (`src/audit/inclusion-receipt.ts`): max 64 entries,
+     *  each exactly 64 lowercase hex chars, so a malicious witness cannot
+     *  force the parser to allocate megabytes of garbage proof data. */
+    inclusionProof: z.array(z.string().regex(/^[0-9a-f]{64}$/)).max(64).optional(),
     timestamp: z.string().datetime(),
     serviceSignature: z.string(),
 });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adastracomputing/ink",
-  "version": "0.1.5",
+  "version": "0.1.6",
   "description": "Library and specification for the INK (Inter-agent Networking Kernel) protocol",
   "license": "MIT OR Apache-2.0",
   "author": "Ad Astra Computing Inc.",