@adastracomputing/ink 0.3.0 → 0.5.0

package/dist/models/ink-audit.js

@@ -60,18 +60,18 @@ export const InkAuditEventTypeSchema = z.enum([
 ]);
 // ── INK Audit Event (hash-chained, signed) ──
 export const InkAuditEventSchema = z.object({
-    id: z.string().min(1),
+    id: z.string().min(1).max(256),
     version: z.literal("ink-audit/1"),
-    agentId: z.string().min(1),
-    agentSignature: z.string().min(1),
+    agentId: z.string().min(1).max(512),
+    agentSignature: z.string().min(1).max(256),
     sequence: z.number().int().positive(),
     previousEventHash: z.string().regex(/^[0-9a-f]{64}$/).nullable(),
     eventType: InkAuditEventTypeSchema,
     timestamp: z.string().datetime(),
-    messageId: z.string().min(1).optional(),
-    correlationId: z.string().min(1).optional(),
-    counterpartyId: z.string().min(1).optional(),
-    signingKeyId: z.string().min(1).optional(),
+    messageId: z.string().min(1).max(256).optional(),
+    correlationId: z.string().min(1).max(256).optional(),
+    counterpartyId: z.string().min(1).max(512).optional(),
+    signingKeyId: z.string().min(1).max(128).optional(),
     data: z.record(z.string(), z.unknown()).optional(),
 });
 // ── Receipt (INK Auditability §1) ──
@@ -85,34 +85,38 @@ export const InkReceiptDispositionSchema = z.enum([
 export const InkReceiptSchema = z.object({
     protocol: z.literal("ink/0.1"),
     type: z.literal("network.tulpa.receipt"),
-    from: z.string(),
-    to: z.string(),
-    messageId: z.string(),
+    from: z.string().max(512),
+    to: z.string().max(512),
+    messageId: z.string().max(256),
     disposition: InkReceiptDispositionSchema,
     dispositionAt: z.string().datetime(),
     note: z.string().max(500).optional(),
-    messageHash: z.string(),
-    nonce: z.string(),
+    messageHash: z.string().max(256),
+    nonce: z.string().max(256),
     timestamp: z.string().datetime(),
-    signature: z.string(),
+    signature: z.string().max(256),
 });
 // ── Audit Query (INK Auditability §3) ──
 export const InkAuditQuerySchema = z.object({
     protocol: z.literal("ink/0.1"),
     type: z.literal("network.tulpa.audit_query"),
-    from: z.string(),
-    to: z.string(),
-    messageId: z.string(),
-    nonce: z.string(),
+    from: z.string().max(512),
+    to: z.string().max(512),
+    messageId: z.string().max(256),
+    nonce: z.string().max(256),
     timestamp: z.string().datetime(),
 });
 // ── Audit Response (INK Auditability §3) ──
 export const InkAuditResponseSchema = z.object({
     protocol: z.literal("ink/0.1"),
     type: z.literal("network.tulpa.audit_response"),
-    messageId: z.string(),
-    events: z.array(InkAuditEventSchema),
-    responseSignature: z.string(),
+    messageId: z.string().max(256),
+    // Bound both the event count and (via InkAuditEventSchema's per-field caps)
+    // each event, so an audit response from an untrusted witness cannot force
+    // unbounded buffering. A single response that needs more than this should
+    // page rather than return one giant array.
+    events: z.array(InkAuditEventSchema).max(1000),
+    responseSignature: z.string().max(256),
 });
 // ── Third-Party Audit Submit (INK Auditability §7.2) ──
 export const InkAuditSubmitSchema = z.object({
@@ -128,10 +132,10 @@ export const InkAuditSubmitSchema = z.object({
 export const InkAuditInclusionSchema = z.object({
     protocol: z.literal("ink/0.1"),
     type: z.literal("network.tulpa.audit_inclusion"),
-    eventId: z.string(),
+    eventId: z.string().max(256),
     treeSize: z.number().int().positive(),
     leafIndex: z.number().int().min(0),
-    rootHash: z.string(),
+    rootHash: z.string().max(128),
     /** Optional Merkle inclusion proof — array of 64-character lowercase hex
      *  hash siblings on the path from the leaf to the root. Consumers that
      *  verify proofs (third-party auditor clients) read this field; consumers
@@ -141,7 +145,7 @@ export const InkAuditInclusionSchema = z.object({
      *  force the parser to allocate megabytes of garbage proof data. */
     inclusionProof: z.array(z.string().regex(/^[0-9a-f]{64}$/)).max(64).optional(),
     timestamp: z.string().datetime(),
-    serviceSignature: z.string(),
+    serviceSignature: z.string().max(256),
 });
 // ── Introduction Receipt (INK Introduction Receipts Extension §4) ──
 export const InkIntroductionReceiptStatusSchema = z.enum([
@@ -154,22 +158,22 @@ export const InkIntroductionReceiptStatusSchema = z.enum([
 export const InkIntroductionReceiptSchema = z.object({
     protocol: z.literal("ink/0.1"),
     type: z.literal("network.tulpa.introduction_receipt"),
-    id: z.string(),
-    correlationId: z.string(),
-    from: z.string(),
-    to: z.string(),
-    requesterDid: z.string(),
-    introducerDid: z.string(),
-    beneficiaryDid: z.string(),
-    targetDid: z.string(),
+    id: z.string().max(256),
+    correlationId: z.string().max(256),
+    from: z.string().max(512),
+    to: z.string().max(512),
+    requesterDid: z.string().max(512),
+    introducerDid: z.string().max(512),
+    beneficiaryDid: z.string().max(512),
+    targetDid: z.string().max(512),
     status: InkIntroductionReceiptStatusSchema,
     purpose: z.string().min(1).max(500),
-    nonce: z.string(),
+    nonce: z.string().max(256),
     timestamp: z.string().datetime(),
-    relatedIntentId: z.string().optional(),
-    relatedResolutionId: z.string().optional(),
+    relatedIntentId: z.string().max(256).optional(),
+    relatedResolutionId: z.string().max(256).optional(),
     note: z.string().max(500).optional(),
-    contextHash: z.string().optional(),
-    authorizationChainRef: z.string().optional(),
+    contextHash: z.string().max(256).optional(),
+    authorizationChainRef: z.string().max(512).optional(),
     expiresAt: z.string().datetime().optional(),
 });

package/dist/models/ink-handshake.js

@@ -32,12 +32,12 @@ export const ChallengeTypeSchema = z.enum([
 export const InkChallengeSchema = z.object({
     protocol: z.literal("ink/0.1"),
     type: z.literal("network.tulpa.challenge"),
-    intentRef: z.string(),
+    intentRef: z.string().max(256),
     challengeType: ChallengeTypeSchema,
-    fields: z.array(z.string()).optional(),
-    availableWindows: z.array(z.string()).optional(),
-    contextFields: z.array(z.string()).optional(),
-    nonce: z.string(),
+    fields: z.array(z.string().max(256)).max(32).optional(),
+    availableWindows: z.array(z.string().max(64)).max(32).optional(),
+    contextFields: z.array(z.string().max(256)).max(32).optional(),
+    nonce: z.string().max(256),
     timestamp: z.string().datetime(),
 });
 // ── Rejection (network.tulpa.rejection) — Stage 2b ──
@@ -58,12 +58,12 @@ export const RejectionReasonSchema = z.enum([
 export const InkRejectionSchema = z.object({
     protocol: z.literal("ink/0.1"),
     type: z.literal("network.tulpa.rejection"),
-    intentRef: z.string(),
+    intentRef: z.string().max(256),
     reason: RejectionReasonSchema,
     detail: z.string().max(500).optional(),
-    retryAfter: z.string().optional(),
+    retryAfter: z.string().max(64).optional(),
     backoffHint: InkBackoffHintSchema.optional(),
-    nonce: z.string(),
+    nonce: z.string().max(256),
     timestamp: z.string().datetime(),
 });
 // ── Resolution (network.tulpa.resolution) — Stage 3 ──
@@ -74,16 +74,16 @@ export const ResolutionOutcomeSchema = z.enum([
     "expired",
 ]);
 export const ResolutionDetailsSchema = z.object({
-    scheduledAt: z.string().optional(),
-    duration: z.string().optional(),
+    scheduledAt: z.string().max(64).optional(),
+    duration: z.string().max(64).optional(),
 }).passthrough();
 export const InkResolutionSchema = z.object({
     protocol: z.literal("ink/0.1"),
     type: z.literal("network.tulpa.resolution"),
-    intentRef: z.string(),
+    intentRef: z.string().max(256),
     outcome: ResolutionOutcomeSchema,
     details: ResolutionDetailsSchema.optional(),
-    counterpartyDid: z.string().optional(),
-    nonce: z.string(),
+    counterpartyDid: z.string().max(512).optional(),
+    nonce: z.string().max(256),
     timestamp: z.string().datetime(),
 });

package/dist/models/intent.d.ts

@@ -223,14 +223,14 @@ export declare const MessageProvenanceSchema: z.ZodOptional<z.ZodObject<{
  */
 export declare const INK_PROTOCOL_VERSIONS: readonly ["ink/0.1", "ink/0.2"];
 export declare const ProtocolVersionSchema: z.ZodEnum<{
-    "ink/0.1": "ink/0.1";
     "ink/0.2": "ink/0.2";
+    "ink/0.1": "ink/0.1";
 }>;
 export type ProtocolVersion = z.infer<typeof ProtocolVersionSchema>;
 export declare const MessageEnvelopeSchema: z.ZodObject<{
     protocol: z.ZodEnum<{
-        "ink/0.1": "ink/0.1";
         "ink/0.2": "ink/0.2";
+        "ink/0.1": "ink/0.1";
     }>;
     id: z.ZodString;
     correlationId: z.ZodString;

package/dist/models/intent.js

@@ -1,5 +1,6 @@
 import { z } from "zod";
 import { ProfileSnapshotSchema } from "./profile.js";
+import { isWithinBounds } from "../crypto/sign.js";
 // --- Intent Types ---
 export const IntentTypeSchema = z.enum([
     "schedule_meeting",
@@ -191,6 +192,14 @@ export const MessageEnvelopeSchema = z.object({
  * Returns the validated message or throws a ZodError.
  */
 export function validateMessage(raw) {
+    // Bound the raw object's complexity BEFORE Zod walks it. A strict-mode parse
+    // must enumerate every key to reject unknowns, so a million-key object would
+    // otherwise burn hundreds of ms of CPU before being rejected. This also
+    // rejects JCS-unsafe numbers so a validated envelope is always one a
+    // canonicalizer can sign unambiguously.
+    if (!isWithinBounds(raw)) {
+        throw new Error("message exceeds complexity bounds");
+    }
     const envelope = MessageEnvelopeSchema.parse(raw);
     const payloadSchema = payloadSchemas[envelope.intent];
     // Validate payload strictly — reject unknown fields

package/docs/maturity.md

@@ -28,7 +28,13 @@
 
 These hold across major version 0 (`ink/0.1` and `ink/0.2`):
 
-- Envelope structure (fields, canonicalization with JCS / RFC 8785)
+- Envelope structure (fields, canonicalization with JCS / RFC 8785).
+  Signed bodies are restricted to JSON numbers that every conforming
+  canonicalizer serializes identically: non-finite values, negative zero,
+  and values whose shortest form uses exponential notation (for example
+  `1e21` or `1e-7`) are rejected at sign and verify time. INK payloads
+  carry only small integers and plain decimals, so this keeps the signed
+  bytes unambiguous across implementations.
 - Ed25519 signing base: `ink/0.1\nMETHOD\nPATH\nrecipientDid\nJCS(body)\ntimestamp`
 - Agent Card schema for `keys.signing` and `keys.encryption`
 - Key rotation authority rule (see `key-rotation-rule.md`)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adastracomputing/ink",
-  "version": "0.3.0",
+  "version": "0.5.0",
   "description": "Library and specification for the INK (Inter-agent Networking Kernel) protocol",
   "license": "MIT OR Apache-2.0",
   "author": "Ad Astra Computing Inc.",
@@ -51,7 +51,8 @@
     "check:pack": "./scripts/check-pack.sh",
     "gen:body-vectors": "tsx scripts/gen-body-signature-vectors.ts",
     "prepack": "npm run build",
-    "prepublishOnly": "npm run build"
+    "prepublishOnly": "npm run build",
+    "audit:all": "bash scripts/audit-npm-projects.sh"
   },
   "dependencies": {
     "@noble/curves": "^2.2.0",
@@ -61,14 +62,14 @@
     "zod": "^4.4.3"
   },
   "devDependencies": {
-    "@cloudflare/workers-types": "^4.20260604.1",
-    "@types/node": "^24.12.4",
-    "@typescript-eslint/eslint-plugin": "^8.60.1",
-    "@typescript-eslint/parser": "^8.60.0",
+    "@cloudflare/workers-types": "^4.20260610.1",
+    "@types/node": "^24.13.1",
+    "@typescript-eslint/eslint-plugin": "^8.61.0",
+    "@typescript-eslint/parser": "^8.61.0",
     "eslint": "^10.4.1",
     "tsx": "^4.22.4",
     "typescript": "^6.0.3",
-    "vitest": "^4.1.7"
+    "vitest": "^4.1.8"
   },
   "keywords": [
     "ink",