@adastracomputing/ink 0.1.6 → 0.1.7

package/CHANGELOG.md

@@ -8,6 +8,14 @@ here. Pre-1.0 releases follow `0.Y.Z` semantics, see
 
 No unreleased changes.
 
+## 0.1.7, expose per-intent payload schemas and getPayloadSchema from the package root
+
+Pure additive release. Re-exports every per-intent Zod payload schema (`ScheduleMeetingPayloadSchema`, `IntroRequestPayloadSchema`, `OpportunityPayloadSchema`, `ConnectionRequestPayloadSchema`, `FollowUpPayloadSchema`, `AskPayloadSchema`, `PingPayloadSchema`, `RetractPayloadSchema`, `ContextSharePayloadSchema`, `MultiPartySyncPayloadSchema`, plus the matching `*ResponsePayloadSchema` variants) and the `getPayloadSchema(intent)` resolver from the package root. Adopters writing intent-aware receivers / handlers can now type their dispatch surface directly against the canonical payload shapes.
+
+No wire-level changes. No behavior changes inside the existing functions. Receivers on 0.1.6 work unchanged on 0.1.7.
+
+Per the pre-1.0 policy this release publishes under the `next` dist-tag.
+
 ## 0.1.6, expose intent + key-entry types and add optional inclusionProof to InkAuditInclusionSchema
 
 Pure additive release. Two surface expansions and one backward-compatible schema addition:

package/dist/index.d.ts

@@ -16,7 +16,7 @@ export type { InkAuditEventType, InkAuditEvent, InkAuditInclusion, InkReceipt, I
 export { InkChallengeSchema, InkRejectionSchema, InkResolutionSchema, InkTransportSchema, } from "./models/ink-handshake.js";
 export type { AgentCardVisibility, InkChallenge, InkRejection, InkResolution, InkTransport, } from "./models/ink-handshake.js";
 export { AgentCardSchema } from "./models/agent-card.js";
-export { validateMessage, MessageEnvelopeSchema, IntentTypeSchema, } from "./models/intent.js";
+export { validateMessage, getPayloadSchema, MessageEnvelopeSchema, IntentTypeSchema, ScheduleMeetingPayloadSchema, ScheduleMeetingResponsePayloadSchema, IntroRequestPayloadSchema, IntroResponsePayloadSchema, OpportunityPayloadSchema, OpportunityResponsePayloadSchema, ConnectionRequestPayloadSchema, ConnectionResponsePayloadSchema, FollowUpPayloadSchema, AskPayloadSchema, AskResponsePayloadSchema, PingPayloadSchema, RetractPayloadSchema, ContextSharePayloadSchema, MultiPartySyncPayloadSchema, } from "./models/intent.js";
 export type { MessageEnvelope, IntentType, } from "./models/intent.js";
 export { KeyStatusSchema, KeyRoleSchema, KeyEntrySchema, } from "./models/key-entry.js";
 export type { KeyStatus, KeyRole, KeyEntry, StoredKey, } from "./models/key-entry.js";

package/dist/index.js

@@ -32,7 +32,7 @@ export { AgentCardSchema } from "./models/agent-card.js";
 // reject malformed envelopes before signature verification; without
 // it they have to re-implement the schema check or import from a
 // non-public path.
-export { validateMessage, MessageEnvelopeSchema, IntentTypeSchema, } from "./models/intent.js";
+export { validateMessage, getPayloadSchema, MessageEnvelopeSchema, IntentTypeSchema, ScheduleMeetingPayloadSchema, ScheduleMeetingResponsePayloadSchema, IntroRequestPayloadSchema, IntroResponsePayloadSchema, OpportunityPayloadSchema, OpportunityResponsePayloadSchema, ConnectionRequestPayloadSchema, ConnectionResponsePayloadSchema, FollowUpPayloadSchema, AskPayloadSchema, AskResponsePayloadSchema, PingPayloadSchema, RetractPayloadSchema, ContextSharePayloadSchema, MultiPartySyncPayloadSchema, } from "./models/intent.js";
 // Key-entry types and schemas for adopters wiring their own key-set
 // storage and rotation. `CandidateKey` was already root-exported via
 // the verifier surface; this batch adds the persistence shapes.

package/dist/ink/discovery-gating.d.ts

@@ -96,9 +96,9 @@ export declare const AgentCardResponseSchema: z.ZodObject<{
                 timezone: z.ZodString;
                 meetingHours: z.ZodOptional<z.ZodString>;
                 responseSla: z.ZodOptional<z.ZodString>;
-            }, z.core.$strip>>;
+            }, z.core.$strict>>;
             openTo: z.ZodArray<z.ZodString>;
-        }, z.core.$strip>>;
+        }, z.core.$strict>>;
         capabilities: z.ZodObject<{
             intentsAccepted: z.ZodArray<z.ZodEnum<{
                 schedule_meeting: "schedule_meeting";

package/dist/models/agent-card.d.ts

@@ -23,9 +23,9 @@ export declare const AgentCardSchema: z.ZodObject<{
             timezone: z.ZodString;
             meetingHours: z.ZodOptional<z.ZodString>;
             responseSla: z.ZodOptional<z.ZodString>;
-        }, z.core.$strip>>;
+        }, z.core.$strict>>;
         openTo: z.ZodArray<z.ZodString>;
-    }, z.core.$strip>>;
+    }, z.core.$strict>>;
     capabilities: z.ZodObject<{
         intentsAccepted: z.ZodArray<z.ZodEnum<{
             schedule_meeting: "schedule_meeting";

package/dist/models/intent.d.ts

@@ -33,7 +33,7 @@ export declare const ScheduleMeetingPayloadSchema: z.ZodObject<{
     }>;
     context: z.ZodOptional<z.ZodString>;
     location: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const ScheduleMeetingResponsePayloadSchema: z.ZodObject<{
     status: z.ZodEnum<{
         accepted: "accepted";
@@ -50,7 +50,7 @@ export declare const ScheduleMeetingResponsePayloadSchema: z.ZodObject<{
         too_busy: "too_busy";
         deferred: "deferred";
     }>>;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const IntroRequestPayloadSchema: z.ZodObject<{
     target: z.ZodString;
     reason: z.ZodString;
@@ -59,7 +59,7 @@ export declare const IntroRequestPayloadSchema: z.ZodObject<{
         low: "low";
         normal: "normal";
     }>;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const IntroResponsePayloadSchema: z.ZodObject<{
     status: z.ZodEnum<{
         declined: "declined";
@@ -72,7 +72,7 @@ export declare const IntroResponsePayloadSchema: z.ZodObject<{
         declined: "declined";
         pending: "pending";
     }>>;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const OpportunityPayloadSchema: z.ZodObject<{
     type: z.ZodEnum<{
         role: "role";
@@ -88,7 +88,7 @@ export declare const OpportunityPayloadSchema: z.ZodObject<{
     matchReason: z.ZodString;
     expiresAt: z.ZodOptional<z.ZodString>;
     url: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const OpportunityResponsePayloadSchema: z.ZodObject<{
     status: z.ZodEnum<{
         not_interested: "not_interested";
@@ -113,7 +113,7 @@ export declare const OpportunityResponsePayloadSchema: z.ZodObject<{
         retract: "retract";
         multi_party_sync: "multi_party_sync";
     }>>;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const ConnectionRequestPayloadSchema: z.ZodObject<{
     method: z.ZodEnum<{
         qr: "qr";
@@ -131,10 +131,10 @@ export declare const ConnectionRequestPayloadSchema: z.ZodObject<{
             timezone: z.ZodString;
             meetingHours: z.ZodOptional<z.ZodString>;
             responseSla: z.ZodOptional<z.ZodString>;
-        }, z.core.$strip>>;
+        }, z.core.$strict>>;
         openTo: z.ZodArray<z.ZodString>;
-    }, z.core.$strip>;
-}, z.core.$strip>;
+    }, z.core.$strict>;
+}, z.core.$strict>;
 export declare const ConnectionResponsePayloadSchema: z.ZodObject<{
     status: z.ZodEnum<{
         accepted: "accepted";
@@ -149,11 +149,11 @@ export declare const ConnectionResponsePayloadSchema: z.ZodObject<{
             timezone: z.ZodString;
             meetingHours: z.ZodOptional<z.ZodString>;
             responseSla: z.ZodOptional<z.ZodString>;
-        }, z.core.$strip>>;
+        }, z.core.$strict>>;
         openTo: z.ZodArray<z.ZodString>;
-    }, z.core.$strip>>;
+    }, z.core.$strict>>;
     note: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const FollowUpPayloadSchema: z.ZodObject<{
     referenceId: z.ZodString;
     message: z.ZodString;
@@ -163,7 +163,7 @@ export declare const FollowUpPayloadSchema: z.ZodObject<{
         review: "review";
         none: "none";
     }>>;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const AskPayloadSchema: z.ZodObject<{
     question: z.ZodString;
     context: z.ZodOptional<z.ZodString>;
@@ -173,18 +173,18 @@ export declare const AskPayloadSchema: z.ZodObject<{
     }>>;
     choices: z.ZodOptional<z.ZodArray<z.ZodString>>;
     deadline: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const AskResponsePayloadSchema: z.ZodObject<{
     answer: z.ZodString;
     choiceIndex: z.ZodOptional<z.ZodNumber>;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const PingPayloadSchema: z.ZodObject<{
     note: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const RetractPayloadSchema: z.ZodObject<{
     targetMessageId: z.ZodString;
     reason: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const ContextSharePayloadSchema: z.ZodObject<{
     context: z.ZodString;
     category: z.ZodEnum<{
@@ -196,7 +196,7 @@ export declare const ContextSharePayloadSchema: z.ZodObject<{
     }>;
     referenceId: z.ZodOptional<z.ZodString>;
     expiresAt: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const MultiPartySyncPayloadSchema: z.ZodObject<{
     enclaveType: z.ZodEnum<{
         meeting_sync: "meeting_sync";
@@ -204,7 +204,7 @@ export declare const MultiPartySyncPayloadSchema: z.ZodObject<{
     purpose: z.ZodString;
     participants: z.ZodArray<z.ZodString>;
     expiresAt: z.ZodString;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const MessageProvenanceSchema: z.ZodOptional<z.ZodObject<{
     origin: z.ZodEnum<{
         human: "human";
@@ -213,7 +213,7 @@ export declare const MessageProvenanceSchema: z.ZodOptional<z.ZodObject<{
     }>;
     extensionId: z.ZodString;
     installationId: z.ZodString;
-}, z.core.$strip>>;
+}, z.core.$strict>>;
 export declare const MessageEnvelopeSchema: z.ZodObject<{
     protocol: z.ZodLiteral<"ink/0.1">;
     id: z.ZodString;
@@ -242,6 +242,8 @@ export declare const MessageEnvelopeSchema: z.ZodObject<{
     payload: z.ZodUnknown;
     signature: z.ZodString;
     signingKeyId: z.ZodOptional<z.ZodString>;
+    timestamp: z.ZodOptional<z.ZodString>;
+    nonce: z.ZodOptional<z.ZodString>;
     provenance: z.ZodOptional<z.ZodObject<{
         origin: z.ZodEnum<{
             human: "human";
@@ -250,8 +252,8 @@ export declare const MessageEnvelopeSchema: z.ZodObject<{
         }>;
         extensionId: z.ZodString;
         installationId: z.ZodString;
-    }, z.core.$strip>>;
-}, z.core.$strip>;
+    }, z.core.$strict>>;
+}, z.core.$strict>;
 export type MessageEnvelope = z.infer<typeof MessageEnvelopeSchema>;
 /**
  * Validate a message envelope AND its payload based on the intent type.
@@ -260,6 +262,10 @@ export type MessageEnvelope = z.infer<typeof MessageEnvelopeSchema>;
 export declare function validateMessage(raw: unknown): MessageEnvelope;
 /**
  * Get the payload schema for a given intent type.
+ *
+ * Runtime-validates the `intent` argument against IntentTypeSchema so a
+ * JS caller cannot pass an arbitrary string and silently get `undefined`
+ * back; the function instead throws ZodError on an invalid intent.
  */
 export declare function getPayloadSchema(intent: IntentType): z.ZodObject<{
     proposedTimes: z.ZodArray<z.ZodString>;
@@ -277,7 +283,7 @@ export declare function getPayloadSchema(intent: IntentType): z.ZodObject<{
     }>;
     context: z.ZodOptional<z.ZodString>;
     location: z.ZodOptional<z.ZodString>;
-}, z.core.$strip> | z.ZodObject<{
+}, z.core.$strict> | z.ZodObject<{
     status: z.ZodEnum<{
         accepted: "accepted";
         declined: "declined";
@@ -293,7 +299,7 @@ export declare function getPayloadSchema(intent: IntentType): z.ZodObject<{
         too_busy: "too_busy";
         deferred: "deferred";
     }>>;
-}, z.core.$strip> | z.ZodObject<{
+}, z.core.$strict> | z.ZodObject<{
     target: z.ZodString;
     reason: z.ZodString;
     context: z.ZodOptional<z.ZodString>;
@@ -301,7 +307,7 @@ export declare function getPayloadSchema(intent: IntentType): z.ZodObject<{
         low: "low";
         normal: "normal";
     }>;
-}, z.core.$strip> | z.ZodObject<{
+}, z.core.$strict> | z.ZodObject<{
     status: z.ZodEnum<{
         declined: "declined";
         forwarded: "forwarded";
@@ -313,7 +319,7 @@ export declare function getPayloadSchema(intent: IntentType): z.ZodObject<{
         declined: "declined";
         pending: "pending";
     }>>;
-}, z.core.$strip> | z.ZodObject<{
+}, z.core.$strict> | z.ZodObject<{
     type: z.ZodEnum<{
         role: "role";
         investment: "investment";
@@ -328,7 +334,7 @@ export declare function getPayloadSchema(intent: IntentType): z.ZodObject<{
     matchReason: z.ZodString;
     expiresAt: z.ZodOptional<z.ZodString>;
     url: z.ZodOptional<z.ZodString>;
-}, z.core.$strip> | z.ZodObject<{
+}, z.core.$strict> | z.ZodObject<{
     status: z.ZodEnum<{
         not_interested: "not_interested";
         interested: "interested";
@@ -352,7 +358,7 @@ export declare function getPayloadSchema(intent: IntentType): z.ZodObject<{
         retract: "retract";
         multi_party_sync: "multi_party_sync";
     }>>;
-}, z.core.$strip> | z.ZodObject<{
+}, z.core.$strict> | z.ZodObject<{
     method: z.ZodEnum<{
         qr: "qr";
         intro: "intro";
@@ -369,10 +375,10 @@ export declare function getPayloadSchema(intent: IntentType): z.ZodObject<{
             timezone: z.ZodString;
             meetingHours: z.ZodOptional<z.ZodString>;
             responseSla: z.ZodOptional<z.ZodString>;
-        }, z.core.$strip>>;
+        }, z.core.$strict>>;
         openTo: z.ZodArray<z.ZodString>;
-    }, z.core.$strip>;
-}, z.core.$strip> | z.ZodObject<{
+    }, z.core.$strict>;
+}, z.core.$strict> | z.ZodObject<{
     status: z.ZodEnum<{
         accepted: "accepted";
         declined: "declined";
@@ -386,11 +392,11 @@ export declare function getPayloadSchema(intent: IntentType): z.ZodObject<{
             timezone: z.ZodString;
             meetingHours: z.ZodOptional<z.ZodString>;
             responseSla: z.ZodOptional<z.ZodString>;
-        }, z.core.$strip>>;
+        }, z.core.$strict>>;
         openTo: z.ZodArray<z.ZodString>;
-    }, z.core.$strip>>;
+    }, z.core.$strict>>;
     note: z.ZodOptional<z.ZodString>;
-}, z.core.$strip> | z.ZodObject<{
+}, z.core.$strict> | z.ZodObject<{
     referenceId: z.ZodString;
     message: z.ZodString;
     actionRequested: z.ZodOptional<z.ZodEnum<{
@@ -399,7 +405,7 @@ export declare function getPayloadSchema(intent: IntentType): z.ZodObject<{
         review: "review";
         none: "none";
     }>>;
-}, z.core.$strip> | z.ZodObject<{
+}, z.core.$strict> | z.ZodObject<{
     question: z.ZodString;
     context: z.ZodOptional<z.ZodString>;
     responseFormat: z.ZodOptional<z.ZodEnum<{
@@ -408,15 +414,15 @@ export declare function getPayloadSchema(intent: IntentType): z.ZodObject<{
     }>>;
     choices: z.ZodOptional<z.ZodArray<z.ZodString>>;
     deadline: z.ZodOptional<z.ZodString>;
-}, z.core.$strip> | z.ZodObject<{
+}, z.core.$strict> | z.ZodObject<{
     answer: z.ZodString;
     choiceIndex: z.ZodOptional<z.ZodNumber>;
-}, z.core.$strip> | z.ZodObject<{
+}, z.core.$strict> | z.ZodObject<{
     note: z.ZodOptional<z.ZodString>;
-}, z.core.$strip> | z.ZodObject<{
+}, z.core.$strict> | z.ZodObject<{
     targetMessageId: z.ZodString;
     reason: z.ZodOptional<z.ZodString>;
-}, z.core.$strip> | z.ZodObject<{
+}, z.core.$strict> | z.ZodObject<{
     context: z.ZodString;
     category: z.ZodEnum<{
         availability: "availability";
@@ -427,11 +433,11 @@ export declare function getPayloadSchema(intent: IntentType): z.ZodObject<{
     }>;
     referenceId: z.ZodOptional<z.ZodString>;
     expiresAt: z.ZodOptional<z.ZodString>;
-}, z.core.$strip> | z.ZodObject<{
+}, z.core.$strict> | z.ZodObject<{
     enclaveType: z.ZodEnum<{
         meeting_sync: "meeting_sync";
     }>;
     purpose: z.ZodString;
     participants: z.ZodArray<z.ZodString>;
     expiresAt: z.ZodString;
-}, z.core.$strip>;
+}, z.core.$strict>;

package/dist/models/intent.js

@@ -19,35 +19,45 @@ export const IntentTypeSchema = z.enum([
     "multi_party_sync",
 ]);
 // --- Intent Payloads ---
+// Reusable scalar caps. Timestamps cap at 64 chars (ISO-8601 fits in
+// ~30), correlation/message IDs at 256, DIDs at 512. URL fields cap
+// at 2048 BEFORE `.url()` parsing so the parser never runs on attacker-
+// sized strings. Every exported schema is `.strict()` so adopters using
+// the schemas directly (without `validateMessage()`) still get the
+// same unknown-field rejection that the central validator applies.
+const TIMESTAMP_MAX = 64;
+const ID_MAX = 256;
+const DID_MAX = 512;
+const URL_MAX = 2048;
 export const ScheduleMeetingPayloadSchema = z.object({
-    proposedTimes: z.array(z.string()).min(1).max(10),
+    proposedTimes: z.array(z.string().max(TIMESTAMP_MAX)).min(1).max(10),
     topic: z.string().max(500),
     format: z.enum(["video", "phone", "in_person", "async"]),
     urgency: z.enum(["low", "normal", "urgent"]),
     context: z.string().max(2000).optional(),
     location: z.string().max(500).optional(),
-});
+}).strict();
 export const ScheduleMeetingResponsePayloadSchema = z.object({
     status: z.enum(["accepted", "declined", "countered"]),
-    confirmedTime: z.string().optional(),
-    counterTimes: z.array(z.string()).max(10).optional(),
-    meetingLink: z.string().url().optional(),
+    confirmedTime: z.string().max(TIMESTAMP_MAX).optional(),
+    counterTimes: z.array(z.string().max(TIMESTAMP_MAX)).max(10).optional(),
+    meetingLink: z.string().max(URL_MAX).url().optional(),
     note: z.string().max(1000).optional(),
     declineReason: z
         .enum(["unavailable", "not_interested", "too_busy", "deferred"])
         .optional(),
-});
+}).strict();
 export const IntroRequestPayloadSchema = z.object({
-    target: z.string(),
+    target: z.string().max(DID_MAX),
     reason: z.string().max(2000),
     context: z.string().max(2000).optional(),
     urgency: z.enum(["low", "normal"]),
-});
+}).strict();
 export const IntroResponsePayloadSchema = z.object({
     status: z.enum(["forwarded", "declined", "pending_target"]),
     note: z.string().max(1000).optional(),
     targetResponse: z.enum(["accepted", "declined", "pending"]).optional(),
-});
+}).strict();
 export const OpportunityPayloadSchema = z.object({
     type: z.enum([
         "role",
@@ -61,60 +71,60 @@ export const OpportunityPayloadSchema = z.object({
     org: z.string().max(200).optional(),
     description: z.string().max(5000),
     matchReason: z.string().max(2000),
-    expiresAt: z.string().optional(),
-    url: z.string().url().optional(),
-});
+    expiresAt: z.string().max(TIMESTAMP_MAX).optional(),
+    url: z.string().max(URL_MAX).url().optional(),
+}).strict();
 export const OpportunityResponsePayloadSchema = z.object({
     status: z.enum(["interested", "not_interested", "maybe_later"]),
     note: z.string().max(1000).optional(),
     followUpIntent: IntentTypeSchema.optional(),
-});
+}).strict();
 export const ConnectionRequestPayloadSchema = z.object({
     method: z.enum(["qr", "intro", "discovery", "import"]),
-    introducedBy: z.string().optional(),
+    introducedBy: z.string().max(DID_MAX).optional(),
     context: z.string().max(2000),
     profileSnapshot: ProfileSnapshotSchema,
-});
+}).strict();
 export const ConnectionResponsePayloadSchema = z.object({
     status: z.enum(["accepted", "declined", "pending"]),
     profileSnapshot: ProfileSnapshotSchema.optional(),
     note: z.string().max(1000).optional(),
-});
+}).strict();
 export const FollowUpPayloadSchema = z.object({
-    referenceId: z.string(),
+    referenceId: z.string().max(ID_MAX),
     message: z.string().max(5000),
     actionRequested: z.enum(["reply", "schedule", "review", "none"]).optional(),
-});
+}).strict();
 export const AskPayloadSchema = z.object({
     question: z.string().max(5000),
     context: z.string().max(2000).optional(),
     responseFormat: z.enum(["text", "choice"]).optional(),
     choices: z.array(z.string().max(500)).max(10).optional(),
-    deadline: z.string().optional(),
-});
+    deadline: z.string().max(TIMESTAMP_MAX).optional(),
+}).strict();
 export const AskResponsePayloadSchema = z.object({
     answer: z.string().max(5000),
     choiceIndex: z.number().int().min(0).optional(),
-});
+}).strict();
 export const PingPayloadSchema = z.object({
     note: z.string().max(1000).optional(),
-});
+}).strict();
 export const RetractPayloadSchema = z.object({
-    targetMessageId: z.string(),
+    targetMessageId: z.string().max(ID_MAX),
     reason: z.string().max(1000).optional(),
-});
+}).strict();
 export const ContextSharePayloadSchema = z.object({
     context: z.string().max(5000),
     category: z.enum(["professional_background", "project_update", "expertise", "availability", "general"]),
-    referenceId: z.string().optional(),
-    expiresAt: z.string().optional(),
-});
+    referenceId: z.string().max(ID_MAX).optional(),
+    expiresAt: z.string().max(TIMESTAMP_MAX).optional(),
+}).strict();
 export const MultiPartySyncPayloadSchema = z.object({
     enclaveType: z.enum(["meeting_sync"]),
     purpose: z.string().max(500),
-    participants: z.array(z.string()).min(2).max(20),
-    expiresAt: z.string(),
-});
+    participants: z.array(z.string().max(DID_MAX)).min(2).max(20),
+    expiresAt: z.string().max(TIMESTAMP_MAX),
+}).strict();
 // --- Payload discriminated union ---
 const payloadSchemas = {
     schedule_meeting: ScheduleMeetingPayloadSchema,
@@ -134,25 +144,39 @@ const payloadSchemas = {
     multi_party_sync: MultiPartySyncPayloadSchema,
 };
 // --- Message Envelope ---
+// Caps for envelope-level fields. Signatures are base64url-encoded
+// Ed25519 (64 bytes raw → 86 chars base64url, plus the legacy keyId=
+// suffix). 256 is comfortable headroom without permitting megabyte
+// signature blobs.
+const SIGNATURE_MAX = 256;
+const KEY_ID_MAX = 128;
 export const MessageProvenanceSchema = z.object({
     origin: z.enum(["human", "agent_approved", "agent_autonomous"]),
-    extensionId: z.string(),
+    extensionId: z.string().max(ID_MAX),
     installationId: z.string().uuid(),
-}).optional();
+}).strict().optional();
 export const MessageEnvelopeSchema = z.object({
     protocol: z.literal("ink/0.1"),
-    id: z.string(),
-    correlationId: z.string(),
-    createdAt: z.string(),
-    expiresAt: z.string().optional(),
-    from: z.string(),
-    to: z.string(),
+    id: z.string().max(ID_MAX),
+    correlationId: z.string().max(ID_MAX),
+    createdAt: z.string().max(TIMESTAMP_MAX),
+    expiresAt: z.string().max(TIMESTAMP_MAX).optional(),
+    from: z.string().max(DID_MAX),
+    to: z.string().max(DID_MAX),
     intent: IntentTypeSchema,
     payload: z.unknown(),
-    signature: z.string(),
-    signingKeyId: z.string().optional(),
+    signature: z.string().max(SIGNATURE_MAX),
+    signingKeyId: z.string().max(KEY_ID_MAX).optional(),
+    // HTTP §3.3 transport-auth metadata that rides alongside the
+    // canonical envelope fields. The body-level signature commits to
+    // both (they cannot be tampered in transit) and `verifyInkAuth`
+    // reads them from the body for freshness + replay checks. Explicit
+    // optional capped declarations are required for `.strict()` to keep
+    // accepting documented sender envelopes (see README signing example).
+    timestamp: z.string().max(TIMESTAMP_MAX).optional(),
+    nonce: z.string().max(ID_MAX).optional(),
     provenance: MessageProvenanceSchema,
-});
+}).strict();
 /**
  * Validate a message envelope AND its payload based on the intent type.
  * Returns the validated message or throws a ZodError.
@@ -166,7 +190,12 @@ export function validateMessage(raw) {
 }
 /**
  * Get the payload schema for a given intent type.
+ *
+ * Runtime-validates the `intent` argument against IntentTypeSchema so a
+ * JS caller cannot pass an arbitrary string and silently get `undefined`
+ * back; the function instead throws ZodError on an invalid intent.
  */
 export function getPayloadSchema(intent) {
+    IntentTypeSchema.parse(intent);
     return payloadSchemas[intent];
 }

package/dist/models/profile.d.ts

@@ -3,7 +3,7 @@ export declare const AvailabilityConfigSchema: z.ZodObject<{
     timezone: z.ZodString;
     meetingHours: z.ZodOptional<z.ZodString>;
     responseSla: z.ZodOptional<z.ZodString>;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const ProfileSnapshotSchema: z.ZodObject<{
     headline: z.ZodString;
     skills: z.ZodArray<z.ZodString>;
@@ -12,9 +12,9 @@ export declare const ProfileSnapshotSchema: z.ZodObject<{
         timezone: z.ZodString;
         meetingHours: z.ZodOptional<z.ZodString>;
         responseSla: z.ZodOptional<z.ZodString>;
-    }, z.core.$strip>>;
+    }, z.core.$strict>>;
     openTo: z.ZodArray<z.ZodString>;
-}, z.core.$strip>;
+}, z.core.$strict>;
 export declare const ProfileSchema: z.ZodObject<{
     agentId: z.ZodString;
     handle: z.ZodString;
@@ -29,9 +29,9 @@ export declare const ProfileSchema: z.ZodObject<{
                 timezone: z.ZodString;
                 meetingHours: z.ZodOptional<z.ZodString>;
                 responseSla: z.ZodOptional<z.ZodString>;
-            }, z.core.$strip>>;
+            }, z.core.$strict>>;
             openTo: z.ZodArray<z.ZodString>;
-        }, z.core.$strip>;
+        }, z.core.$strict>;
         connected: z.ZodObject<{
             headline: z.ZodString;
             skills: z.ZodArray<z.ZodString>;
@@ -40,9 +40,9 @@ export declare const ProfileSchema: z.ZodObject<{
                 timezone: z.ZodString;
                 meetingHours: z.ZodOptional<z.ZodString>;
                 responseSla: z.ZodOptional<z.ZodString>;
-            }, z.core.$strip>>;
+            }, z.core.$strict>>;
             openTo: z.ZodArray<z.ZodString>;
-        }, z.core.$strip>;
+        }, z.core.$strict>;
         custom: z.ZodRecord<z.ZodString, z.ZodObject<{
             headline: z.ZodString;
             skills: z.ZodArray<z.ZodString>;
@@ -51,9 +51,9 @@ export declare const ProfileSchema: z.ZodObject<{
                 timezone: z.ZodString;
                 meetingHours: z.ZodOptional<z.ZodString>;
                 responseSla: z.ZodOptional<z.ZodString>;
-            }, z.core.$strip>>;
+            }, z.core.$strict>>;
             openTo: z.ZodArray<z.ZodString>;
-        }, z.core.$strip>>;
+        }, z.core.$strict>>;
     }, z.core.$strip>;
 }, z.core.$strip>;
 export type AvailabilityConfig = z.infer<typeof AvailabilityConfigSchema>;

package/dist/models/profile.js

@@ -1,16 +1,20 @@
 import { z } from "zod";
 export const AvailabilityConfigSchema = z.object({
-    timezone: z.string(),
-    meetingHours: z.string().optional(),
-    responseSla: z.string().optional(),
-});
+    // IANA timezone name. The longest legitimate value is ~50 chars.
+    timezone: z.string().max(64),
+    // Free-text availability description ("9-5 PT weekdays") capped
+    // to a sane display length. Larger values are almost certainly
+    // garbage or an attempted DoS.
+    meetingHours: z.string().max(200).optional(),
+    responseSla: z.string().max(200).optional(),
+}).strict();
 export const ProfileSnapshotSchema = z.object({
     headline: z.string().max(500),
     skills: z.array(z.string().max(100)).max(50),
     interests: z.array(z.string().max(100)).max(50),
     availability: AvailabilityConfigSchema.optional(),
     openTo: z.array(z.string().max(100)).max(20),
-});
+}).strict();
 export const ProfileSchema = z.object({
     agentId: z.string(),
     handle: z.string(),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adastracomputing/ink",
-  "version": "0.1.6",
+  "version": "0.1.7",
   "description": "Library and specification for the INK (Inter-agent Networking Kernel) protocol",
   "license": "MIT OR Apache-2.0",
   "author": "Ad Astra Computing Inc.",