@adastracomputing/ink 0.2.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +52 -0
- package/README.md +16 -5
- package/bin/verify-inclusion-impl.mjs +65 -22
- package/dist/audit/inclusion-receipt.d.ts +18 -8
- package/dist/audit/inclusion-receipt.js +29 -5
- package/dist/crypto/ink.js +12 -4
- package/dist/crypto/keys.d.ts +33 -1
- package/dist/crypto/keys.js +55 -3
- package/dist/crypto/sign.d.ts +21 -0
- package/dist/crypto/sign.js +26 -2
- package/dist/discovery/agent-card.d.ts +9 -7
- package/dist/index.d.ts +3 -3
- package/dist/index.js +5 -5
- package/dist/ink/checkpoint.d.ts +21 -0
- package/dist/ink/checkpoint.js +79 -0
- package/dist/ink/discovery-gating.js +4 -4
- package/dist/ink/receipts.d.ts +33 -1
- package/dist/ink/receipts.js +45 -1
- package/dist/middleware/ink-auth.d.ts +1 -0
- package/dist/middleware/ink-auth.js +7 -4
- package/dist/models/agent-card.js +22 -22
- package/dist/models/ink-audit.js +40 -36
- package/dist/models/ink-handshake.js +13 -13
- package/dist/models/intent.d.ts +2 -2
- package/dist/models/intent.js +9 -0
- package/docs/maturity.md +17 -7
- package/package.json +10 -9
- package/specs/ink-agent-containment-and-governance-extension-spec.md +3 -2
- package/specs/ink-auditability.md +1 -1
- package/specs/ink-authorization-chain.md +1 -1
- package/specs/ink-compatibility-policy.md +15 -3
- package/specs/ink-compliance-checklist.md +3 -2
- package/specs/ink-containment-phase1-implementation-spec.md +3 -2
- package/specs/ink-introduction-receipts-extension.md +3 -5
- package/specs/ink-key-rotation-spec.md +3 -2
package/dist/models/intent.js
CHANGED
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import { z } from "zod";
|
|
2
2
|
import { ProfileSnapshotSchema } from "./profile.js";
|
|
3
|
+
import { isWithinBounds } from "../crypto/sign.js";
|
|
3
4
|
// --- Intent Types ---
|
|
4
5
|
export const IntentTypeSchema = z.enum([
|
|
5
6
|
"schedule_meeting",
|
|
@@ -191,6 +192,14 @@ export const MessageEnvelopeSchema = z.object({
|
|
|
191
192
|
* Returns the validated message or throws a ZodError.
|
|
192
193
|
*/
|
|
193
194
|
export function validateMessage(raw) {
|
|
195
|
+
// Bound the raw object's complexity BEFORE Zod walks it. A strict-mode parse
|
|
196
|
+
// must enumerate every key to reject unknowns, so a million-key object would
|
|
197
|
+
// otherwise burn hundreds of ms of CPU before being rejected. This also
|
|
198
|
+
// rejects JCS-unsafe numbers so a validated envelope is always one a
|
|
199
|
+
// canonicalizer can sign unambiguously.
|
|
200
|
+
if (!isWithinBounds(raw)) {
|
|
201
|
+
throw new Error("message exceeds complexity bounds");
|
|
202
|
+
}
|
|
194
203
|
const envelope = MessageEnvelopeSchema.parse(raw);
|
|
195
204
|
const payloadSchema = payloadSchemas[envelope.intent];
|
|
196
205
|
// Validate payload strictly — reject unknown fields
|
package/docs/maturity.md
CHANGED
|
@@ -1,8 +1,10 @@
|
|
|
1
1
|
# Maturity Notice
|
|
2
2
|
|
|
3
|
-
> INK
|
|
4
|
-
>
|
|
5
|
-
>
|
|
3
|
+
> INK is **experimental**. The current defined wire version is `ink/0.2`, a
|
|
4
|
+
> backward-compatible minor over `ink/0.1` (both major version 0). Wire formats,
|
|
5
|
+
> trust semantics and APIs may change without backward-compatible migration
|
|
6
|
+
> before v1.0. Do not use for load-bearing production traffic without your own
|
|
7
|
+
> review.
|
|
6
8
|
|
|
7
9
|
## What "experimental" means here
|
|
8
10
|
|
|
@@ -12,8 +14,8 @@
|
|
|
12
14
|
agent-card fetch, and DoS-amplification surfaces. Internal review is
|
|
13
15
|
not a substitute for a third-party audit, treat the security
|
|
14
16
|
posture accordingly.
|
|
15
|
-
- Interop vectors (`../test-vectors/`) are authoritative for
|
|
16
|
-
be added to or revised between
|
|
17
|
+
- Interop vectors (`../test-vectors/`) are authoritative for the current wire
|
|
18
|
+
version but may be added to or revised between patch releases. Mismatched
|
|
17
19
|
implementations should report discrepancies as issues.
|
|
18
20
|
- The protocol is in use by one production integrator (Tulpa). That is
|
|
19
21
|
one data point, not a guarantee of robustness at scale.
|
|
@@ -22,9 +24,17 @@
|
|
|
22
24
|
Bun, and edge runtimes. Browser use is feasible but not exercised by
|
|
23
25
|
the maintainers.
|
|
24
26
|
|
|
25
|
-
## What is stable
|
|
27
|
+
## What is stable
|
|
26
28
|
|
|
27
|
-
|
|
29
|
+
These hold across major version 0 (`ink/0.1` and `ink/0.2`):
|
|
30
|
+
|
|
31
|
+
- Envelope structure (fields, canonicalization with JCS / RFC 8785).
|
|
32
|
+
Signed bodies are restricted to JSON numbers that every conforming
|
|
33
|
+
canonicalizer serializes identically: non-finite values, negative zero,
|
|
34
|
+
and values whose shortest form uses exponential notation (for example
|
|
35
|
+
`1e21` or `1e-7`) are rejected at sign and verify time. INK payloads
|
|
36
|
+
carry only small integers and plain decimals, so this keeps the signed
|
|
37
|
+
bytes unambiguous across implementations.
|
|
28
38
|
- Ed25519 signing base: `ink/0.1\nMETHOD\nPATH\nrecipientDid\nJCS(body)\ntimestamp`
|
|
29
39
|
- Agent Card schema for `keys.signing` and `keys.encryption`
|
|
30
40
|
- Key rotation authority rule (see `key-rotation-rule.md`)
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@adastracomputing/ink",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.4.0",
|
|
4
4
|
"description": "Library and specification for the INK (Inter-agent Networking Kernel) protocol",
|
|
5
5
|
"license": "MIT OR Apache-2.0",
|
|
6
6
|
"author": "Ad Astra Computing Inc.",
|
|
@@ -51,7 +51,8 @@
|
|
|
51
51
|
"check:pack": "./scripts/check-pack.sh",
|
|
52
52
|
"gen:body-vectors": "tsx scripts/gen-body-signature-vectors.ts",
|
|
53
53
|
"prepack": "npm run build",
|
|
54
|
-
"prepublishOnly": "npm run build"
|
|
54
|
+
"prepublishOnly": "npm run build",
|
|
55
|
+
"audit:all": "bash scripts/audit-npm-projects.sh"
|
|
55
56
|
},
|
|
56
57
|
"dependencies": {
|
|
57
58
|
"@noble/curves": "^2.2.0",
|
|
@@ -61,14 +62,14 @@
|
|
|
61
62
|
"zod": "^4.4.3"
|
|
62
63
|
},
|
|
63
64
|
"devDependencies": {
|
|
64
|
-
"@cloudflare/workers-types": "^4.
|
|
65
|
-
"@types/node": "^24.
|
|
66
|
-
"@typescript-eslint/eslint-plugin": "^8.
|
|
67
|
-
"@typescript-eslint/parser": "^8.
|
|
68
|
-
"eslint": "^10.4.
|
|
69
|
-
"tsx": "^4.22.
|
|
65
|
+
"@cloudflare/workers-types": "^4.20260610.1",
|
|
66
|
+
"@types/node": "^24.13.1",
|
|
67
|
+
"@typescript-eslint/eslint-plugin": "^8.61.0",
|
|
68
|
+
"@typescript-eslint/parser": "^8.61.0",
|
|
69
|
+
"eslint": "^10.4.1",
|
|
70
|
+
"tsx": "^4.22.4",
|
|
70
71
|
"typescript": "^6.0.3",
|
|
71
|
-
"vitest": "^4.1.
|
|
72
|
+
"vitest": "^4.1.8"
|
|
72
73
|
},
|
|
73
74
|
"keywords": [
|
|
74
75
|
"ink",
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
# INK Compatibility and Versioning Policy
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
3
|
+
**Status:** Draft, v1 stabilization
|
|
4
|
+
**Authors:** Ad Astra Computing
|
|
5
|
+
**Last updated:** 2026-05-24
|
|
5
6
|
|
|
6
7
|
## Purpose
|
|
7
8
|
|
|
@@ -15,7 +16,7 @@ This is the normative compatibility contract. Any change to the INK wire format
|
|
|
15
16
|
|
|
16
17
|
INK uses a single protocol version string in every message envelope, receipt, audit event and handshake message.
|
|
17
18
|
|
|
18
|
-
|
|
19
|
+
Defined versions: `ink/0.1` (default) and `ink/0.2` (negotiated). See [§1.4](#14-defined-wire-versions).
|
|
19
20
|
|
|
20
21
|
The version string appears in the `protocol` field of every top-level INK object and in the first line of every signature base.
|
|
21
22
|
|
|
@@ -48,6 +49,17 @@ prefix (e.g. `network.ink.*`) and define a transition policy. Until then,
|
|
|
48
49
|
conforming implementations MUST emit and accept `network.tulpa.*` types as
|
|
49
50
|
specified.
|
|
50
51
|
|
|
52
|
+
### 1.4 Defined wire versions
|
|
53
|
+
|
|
54
|
+
Two wire versions are defined:
|
|
55
|
+
|
|
56
|
+
- `ink/0.1`, the original version. A sender emits it by default unless it has positively negotiated otherwise.
|
|
57
|
+
- `ink/0.2`, a backward-compatible minor that changes only the body-signature domain separator, from the legacy `tulpa/sign\n` to the neutral `ink/sign\n`. Everything else, the transport-auth signature base, the envelope shape, the encryption and audit sub-protocols and every `network.tulpa.*` type, is identical to `ink/0.1`.
|
|
58
|
+
|
|
59
|
+
`ink/0.2` is receiver-first. A receiver advertises the versions it verifies in its Agent Card `supportedProtocolVersions` array; when that field is absent a sender MUST assume `ink/0.1` only, and a sender MUST NOT emit `ink/0.2` to a receiver that has not advertised it. The negotiation is what keeps the change compatible: an `ink/0.1`-only receiver never receives `ink/0.2` traffic, so it is never asked to verify a domain it does not implement. An `ink/0.2` receiver selects the body-signature domain from the signed `protocol` field and verifies both versions, and because `protocol` is inside the signed body a relabelled message fails verification.
|
|
60
|
+
|
|
61
|
+
This satisfies §1.1. The minor bump adds a capability without breaking deployed `ink/0.1` implementations, because the body-signature domain is negotiated rather than assumed.
|
|
62
|
+
|
|
51
63
|
---
|
|
52
64
|
|
|
53
65
|
## 2. Compatibility Rules
|