npm - @agirails/sdk - Versions diffs - 2.0.1-beta → 2.0.2 - Mend

@agirails/sdk 2.0.1-beta → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (405) hide show

package/LICENSE +190 -0
package/README.md +116 -108
package/bin/actp +10 -0
package/dist/ACTPClient.d.ts +456 -33
package/dist/ACTPClient.d.ts.map +1 -1
package/dist/ACTPClient.js +477 -93
package/dist/ACTPClient.js.map +1 -1
package/dist/abi/AgentRegistry.json +782 -0
package/dist/abi/EscrowVault.json +106 -38
package/dist/abi/IdentityRegistry.json +316 -0
package/dist/adapters/BaseAdapter.d.ts +231 -0
package/dist/adapters/BaseAdapter.d.ts.map +1 -0
package/dist/adapters/BaseAdapter.js +393 -0
package/dist/adapters/BaseAdapter.js.map +1 -0
package/dist/adapters/BeginnerAdapter.d.ts +152 -0
package/dist/adapters/BeginnerAdapter.d.ts.map +1 -0
package/dist/adapters/BeginnerAdapter.js +168 -0
package/dist/adapters/BeginnerAdapter.js.map +1 -0
package/dist/adapters/IntermediateAdapter.d.ts +211 -0
package/dist/adapters/IntermediateAdapter.d.ts.map +1 -0
package/dist/adapters/IntermediateAdapter.js +260 -0
package/dist/adapters/IntermediateAdapter.js.map +1 -0
package/dist/adapters/index.d.ts +15 -0
package/dist/adapters/index.d.ts.map +1 -0
package/dist/adapters/index.js +26 -0
package/dist/adapters/index.js.map +1 -0
package/dist/builders/DeliveryProofBuilder.d.ts +60 -1
package/dist/builders/DeliveryProofBuilder.d.ts.map +1 -1
package/dist/builders/DeliveryProofBuilder.js +81 -5
package/dist/builders/DeliveryProofBuilder.js.map +1 -1
package/dist/builders/QuoteBuilder.d.ts +101 -0
package/dist/builders/QuoteBuilder.d.ts.map +1 -1
package/dist/builders/QuoteBuilder.js +120 -3
package/dist/builders/QuoteBuilder.js.map +1 -1
package/dist/builders/index.d.ts +4 -0
package/dist/builders/index.d.ts.map +1 -1
package/dist/builders/index.js +4 -0
package/dist/builders/index.js.map +1 -1
package/dist/cli/commands/balance.d.ts +13 -0
package/dist/cli/commands/balance.d.ts.map +1 -0
package/dist/cli/commands/balance.js +89 -0
package/dist/cli/commands/balance.js.map +1 -0
package/dist/cli/commands/batch.d.ts +24 -0
package/dist/cli/commands/batch.d.ts.map +1 -0
package/dist/cli/commands/batch.js +424 -0
package/dist/cli/commands/batch.js.map +1 -0
package/dist/cli/commands/config.d.ts +13 -0
package/dist/cli/commands/config.d.ts.map +1 -0
package/dist/cli/commands/config.js +192 -0
package/dist/cli/commands/config.js.map +1 -0
package/dist/cli/commands/init.d.ts +19 -0
package/dist/cli/commands/init.d.ts.map +1 -0
package/dist/cli/commands/init.js +143 -0
package/dist/cli/commands/init.js.map +1 -0
package/dist/cli/commands/mint.d.ts +13 -0
package/dist/cli/commands/mint.d.ts.map +1 -0
package/dist/cli/commands/mint.js +91 -0
package/dist/cli/commands/mint.js.map +1 -0
package/dist/cli/commands/pay.d.ts +18 -0
package/dist/cli/commands/pay.d.ts.map +1 -0
package/dist/cli/commands/pay.js +87 -0
package/dist/cli/commands/pay.js.map +1 -0
package/dist/cli/commands/simulate.d.ts +32 -0
package/dist/cli/commands/simulate.d.ts.map +1 -0
package/dist/cli/commands/simulate.js +290 -0
package/dist/cli/commands/simulate.js.map +1 -0
package/dist/cli/commands/time.d.ts +29 -0
package/dist/cli/commands/time.d.ts.map +1 -0
package/dist/cli/commands/time.js +252 -0
package/dist/cli/commands/time.js.map +1 -0
package/dist/cli/commands/tx.d.ts +16 -0
package/dist/cli/commands/tx.d.ts.map +1 -0
package/dist/cli/commands/tx.js +379 -0
package/dist/cli/commands/tx.js.map +1 -0
package/dist/cli/commands/watch.d.ts +20 -0
package/dist/cli/commands/watch.d.ts.map +1 -0
package/dist/cli/commands/watch.js +160 -0
package/dist/cli/commands/watch.js.map +1 -0
package/dist/cli/index.d.ts +17 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/cli/index.js +104 -0
package/dist/cli/index.js.map +1 -0
package/dist/cli/utils/client.d.ts +70 -0
package/dist/cli/utils/client.d.ts.map +1 -0
package/dist/cli/utils/client.js +240 -0
package/dist/cli/utils/client.js.map +1 -0
package/dist/cli/utils/config.d.ts +91 -0
package/dist/cli/utils/config.d.ts.map +1 -0
package/dist/cli/utils/config.js +240 -0
package/dist/cli/utils/config.js.map +1 -0
package/dist/cli/utils/output.d.ts +174 -0
package/dist/cli/utils/output.d.ts.map +1 -0
package/dist/cli/utils/output.js +380 -0
package/dist/cli/utils/output.js.map +1 -0
package/dist/config/networks.d.ts +28 -0
package/dist/config/networks.d.ts.map +1 -1
package/dist/config/networks.js +60 -12
package/dist/config/networks.js.map +1 -1
package/dist/errors/index.d.ts +165 -2
package/dist/errors/index.d.ts.map +1 -1
package/dist/errors/index.js +260 -2
package/dist/errors/index.js.map +1 -1
package/dist/index.d.ts +61 -13
package/dist/index.d.ts.map +1 -1
package/dist/index.js +141 -36
package/dist/index.js.map +1 -1
package/dist/level0/Provider.d.ts +106 -0
package/dist/level0/Provider.d.ts.map +1 -0
package/dist/level0/Provider.js +10 -0
package/dist/level0/Provider.js.map +1 -0
package/dist/level0/ServiceDirectory.d.ts +74 -0
package/dist/level0/ServiceDirectory.d.ts.map +1 -0
package/dist/level0/ServiceDirectory.js +122 -0
package/dist/level0/ServiceDirectory.js.map +1 -0
package/dist/level0/index.d.ts +10 -0
package/dist/level0/index.d.ts.map +1 -0
package/dist/level0/index.js +15 -0
package/dist/level0/index.js.map +1 -0
package/dist/level0/provide.d.ts +51 -0
package/dist/level0/provide.d.ts.map +1 -0
package/dist/level0/provide.js +113 -0
package/dist/level0/provide.js.map +1 -0
package/dist/level0/request.d.ts +53 -0
package/dist/level0/request.d.ts.map +1 -0
package/dist/level0/request.js +462 -0
package/dist/level0/request.js.map +1 -0
package/dist/level1/Agent.d.ts +472 -0
package/dist/level1/Agent.d.ts.map +1 -0
package/dist/level1/Agent.js +1091 -0
package/dist/level1/Agent.js.map +1 -0
package/dist/level1/index.d.ts +10 -0
package/dist/level1/index.d.ts.map +1 -0
package/dist/level1/index.js +30 -0
package/dist/level1/index.js.map +1 -0
package/dist/level1/pricing/PriceCalculator.d.ts +62 -0
package/dist/level1/pricing/PriceCalculator.d.ts.map +1 -0
package/dist/level1/pricing/PriceCalculator.js +237 -0
package/dist/level1/pricing/PriceCalculator.js.map +1 -0
package/dist/level1/pricing/PricingStrategy.d.ts +179 -0
package/dist/level1/pricing/PricingStrategy.d.ts.map +1 -0
package/dist/level1/pricing/PricingStrategy.js +11 -0
package/dist/level1/pricing/PricingStrategy.js.map +1 -0
package/dist/level1/types/Job.d.ts +166 -0
package/dist/level1/types/Job.d.ts.map +1 -0
package/dist/level1/types/Job.js +11 -0
package/dist/level1/types/Job.js.map +1 -0
package/dist/level1/types/Options.d.ts +258 -0
package/dist/level1/types/Options.d.ts.map +1 -0
package/dist/level1/types/Options.js +8 -0
package/dist/level1/types/Options.js.map +1 -0
package/dist/level1/types/index.d.ts +8 -0
package/dist/level1/types/index.d.ts.map +1 -0
package/dist/level1/types/index.js +8 -0
package/dist/level1/types/index.js.map +1 -0
package/dist/protocol/ACTPKernel.d.ts +229 -2
package/dist/protocol/ACTPKernel.d.ts.map +1 -1
package/dist/protocol/ACTPKernel.js +367 -33
package/dist/protocol/ACTPKernel.js.map +1 -1
package/dist/protocol/AgentRegistry.d.ts +177 -0
package/dist/protocol/AgentRegistry.d.ts.map +1 -0
package/dist/protocol/AgentRegistry.js +449 -0
package/dist/protocol/AgentRegistry.js.map +1 -0
package/dist/protocol/DIDManager.d.ts +289 -0
package/dist/protocol/DIDManager.d.ts.map +1 -0
package/dist/protocol/DIDManager.js +481 -0
package/dist/protocol/DIDManager.js.map +1 -0
package/dist/protocol/DIDResolver.d.ts +236 -0
package/dist/protocol/DIDResolver.d.ts.map +1 -0
package/dist/protocol/DIDResolver.js +495 -0
package/dist/protocol/DIDResolver.js.map +1 -0
package/dist/protocol/EASHelper.d.ts +57 -2
package/dist/protocol/EASHelper.d.ts.map +1 -1
package/dist/protocol/EASHelper.js +230 -37
package/dist/protocol/EASHelper.js.map +1 -1
package/dist/protocol/EscrowVault.d.ts +93 -2
package/dist/protocol/EscrowVault.d.ts.map +1 -1
package/dist/protocol/EscrowVault.js +122 -33
package/dist/protocol/EscrowVault.js.map +1 -1
package/dist/protocol/EventMonitor.d.ts +45 -1
package/dist/protocol/EventMonitor.d.ts.map +1 -1
package/dist/protocol/EventMonitor.js +64 -8
package/dist/protocol/EventMonitor.js.map +1 -1
package/dist/protocol/MessageSigner.d.ts +116 -2
package/dist/protocol/MessageSigner.d.ts.map +1 -1
package/dist/protocol/MessageSigner.js +215 -9
package/dist/protocol/MessageSigner.js.map +1 -1
package/dist/protocol/ProofGenerator.d.ts +93 -0
package/dist/protocol/ProofGenerator.d.ts.map +1 -1
package/dist/protocol/ProofGenerator.js +194 -9
package/dist/protocol/ProofGenerator.js.map +1 -1
package/dist/protocol/QuoteBuilder.d.ts +8 -0
package/dist/protocol/QuoteBuilder.d.ts.map +1 -1
package/dist/protocol/QuoteBuilder.js +8 -0
package/dist/protocol/QuoteBuilder.js.map +1 -1
package/dist/runtime/BlockchainRuntime.d.ts +360 -0
package/dist/runtime/BlockchainRuntime.d.ts.map +1 -0
package/dist/runtime/BlockchainRuntime.js +767 -0
package/dist/runtime/BlockchainRuntime.js.map +1 -0
package/dist/runtime/IACTPRuntime.d.ts +271 -0
package/dist/runtime/IACTPRuntime.d.ts.map +1 -0
package/dist/runtime/IACTPRuntime.js +15 -0
package/dist/runtime/IACTPRuntime.js.map +1 -0
package/dist/runtime/MockRuntime.d.ts +445 -0
package/dist/runtime/MockRuntime.d.ts.map +1 -0
package/dist/runtime/MockRuntime.js +1065 -0
package/dist/runtime/MockRuntime.js.map +1 -0
package/dist/runtime/MockStateManager.d.ts +233 -0
package/dist/runtime/MockStateManager.d.ts.map +1 -0
package/dist/runtime/MockStateManager.js +533 -0
package/dist/runtime/MockStateManager.js.map +1 -0
package/dist/runtime/index.d.ts +14 -0
package/dist/runtime/index.d.ts.map +1 -0
package/dist/runtime/index.js +42 -0
package/dist/runtime/index.js.map +1 -0
package/dist/runtime/types/MockState.d.ts +167 -0
package/dist/runtime/types/MockState.d.ts.map +1 -0
package/dist/runtime/types/MockState.js +43 -0
package/dist/runtime/types/MockState.js.map +1 -0
package/dist/types/agent.d.ts +76 -0
package/dist/types/agent.d.ts.map +1 -0
package/dist/types/agent.js +8 -0
package/dist/types/agent.js.map +1 -0
package/dist/types/did.d.ts +192 -0
package/dist/types/did.d.ts.map +1 -0
package/dist/types/did.js +38 -0
package/dist/types/did.js.map +1 -0
package/dist/types/eip712.d.ts +34 -0
package/dist/types/eip712.d.ts.map +1 -1
package/dist/types/eip712.js +31 -5
package/dist/types/eip712.js.map +1 -1
package/dist/types/escrow.d.ts +17 -10
package/dist/types/escrow.d.ts.map +1 -1
package/dist/types/index.d.ts +5 -0
package/dist/types/index.d.ts.map +1 -1
package/dist/types/index.js +8 -0
package/dist/types/index.js.map +1 -1
package/dist/types/message.d.ts +32 -0
package/dist/types/message.d.ts.map +1 -1
package/dist/types/message.js +4 -0
package/dist/types/message.js.map +1 -1
package/dist/types/state.d.ts +28 -0
package/dist/types/state.d.ts.map +1 -1
package/dist/types/state.js +37 -6
package/dist/types/state.js.map +1 -1
package/dist/types/transaction.d.ts +17 -0
package/dist/types/transaction.d.ts.map +1 -1
package/dist/utils/ErrorRecoveryGuide.d.ts +125 -0
package/dist/utils/ErrorRecoveryGuide.d.ts.map +1 -0
package/dist/utils/ErrorRecoveryGuide.js +579 -0
package/dist/utils/ErrorRecoveryGuide.js.map +1 -0
package/dist/utils/Helpers.d.ts +453 -0
package/dist/utils/Helpers.d.ts.map +1 -0
package/dist/utils/Helpers.js +623 -0
package/dist/utils/Helpers.js.map +1 -0
package/dist/utils/IPFSClient.d.ts +113 -0
package/dist/utils/IPFSClient.d.ts.map +1 -1
package/dist/utils/IPFSClient.js +128 -7
package/dist/utils/IPFSClient.js.map +1 -1
package/dist/utils/Logger.d.ts +195 -0
package/dist/utils/Logger.d.ts.map +1 -0
package/dist/utils/Logger.js +382 -0
package/dist/utils/Logger.js.map +1 -0
package/dist/utils/NonceManager.d.ts +234 -1
package/dist/utils/NonceManager.d.ts.map +1 -1
package/dist/utils/NonceManager.js +372 -7
package/dist/utils/NonceManager.js.map +1 -1
package/dist/utils/RateLimiter.d.ts +253 -0
package/dist/utils/RateLimiter.d.ts.map +1 -0
package/dist/utils/RateLimiter.js +424 -0
package/dist/utils/RateLimiter.js.map +1 -0
package/dist/utils/ReceivedNonceTracker.d.ts +175 -0
package/dist/utils/ReceivedNonceTracker.d.ts.map +1 -1
package/dist/utils/ReceivedNonceTracker.js +261 -5
package/dist/utils/ReceivedNonceTracker.js.map +1 -1
package/dist/utils/SDKLifecycle.d.ts +156 -0
package/dist/utils/SDKLifecycle.d.ts.map +1 -0
package/dist/utils/SDKLifecycle.js +347 -0
package/dist/utils/SDKLifecycle.js.map +1 -0
package/dist/utils/SecureNonce.d.ts +57 -0
package/dist/utils/SecureNonce.d.ts.map +1 -0
package/dist/utils/SecureNonce.js +80 -0
package/dist/utils/SecureNonce.js.map +1 -0
package/dist/utils/Semaphore.d.ts +123 -0
package/dist/utils/Semaphore.d.ts.map +1 -0
package/dist/utils/Semaphore.js +247 -0
package/dist/utils/Semaphore.js.map +1 -0
package/dist/utils/UsedAttestationTracker.d.ts +167 -0
package/dist/utils/UsedAttestationTracker.d.ts.map +1 -0
package/dist/utils/UsedAttestationTracker.js +309 -0
package/dist/utils/UsedAttestationTracker.js.map +1 -0
package/dist/utils/canonicalJson.d.ts +22 -0
package/dist/utils/canonicalJson.d.ts.map +1 -1
package/dist/utils/canonicalJson.js +26 -3
package/dist/utils/canonicalJson.js.map +1 -1
package/dist/utils/computeTypeHash.d.ts +14 -0
package/dist/utils/computeTypeHash.d.ts.map +1 -1
package/dist/utils/computeTypeHash.js +19 -2
package/dist/utils/computeTypeHash.js.map +1 -1
package/dist/utils/fsSafe.d.ts +14 -0
package/dist/utils/fsSafe.d.ts.map +1 -0
package/dist/utils/fsSafe.js +89 -0
package/dist/utils/fsSafe.js.map +1 -0
package/dist/utils/index.d.ts +15 -0
package/dist/utils/index.d.ts.map +1 -0
package/dist/utils/index.js +51 -0
package/dist/utils/index.js.map +1 -0
package/dist/utils/security.d.ts +147 -0
package/dist/utils/security.d.ts.map +1 -0
package/dist/utils/security.js +391 -0
package/dist/utils/security.js.map +1 -0
package/dist/utils/validation.d.ts +40 -0
package/dist/utils/validation.d.ts.map +1 -1
package/dist/utils/validation.js +184 -7
package/dist/utils/validation.js.map +1 -1
package/package.json +54 -37
package/src/ACTPClient.ts +692 -178
package/src/abi/AgentRegistry.json +782 -0
package/src/abi/EscrowVault.json +106 -38
package/src/abi/IdentityRegistry.json +316 -0
package/src/adapters/BaseAdapter.ts +473 -0
package/src/adapters/BeginnerAdapter.ts +232 -0
package/src/adapters/IntermediateAdapter.ts +316 -0
package/src/adapters/index.ts +25 -0
package/src/builders/DeliveryProofBuilder.ts +3 -2
package/src/cli/commands/balance.ts +110 -0
package/src/cli/commands/batch.ts +487 -0
package/src/cli/commands/config.ts +231 -0
package/src/cli/commands/init.ts +161 -0
package/src/cli/commands/mint.ts +116 -0
package/src/cli/commands/pay.ts +113 -0
package/src/cli/commands/simulate.ts +345 -0
package/src/cli/commands/time.ts +303 -0
package/src/cli/commands/tx.ts +448 -0
package/src/cli/commands/watch.ts +211 -0
package/src/cli/index.ts +116 -0
package/src/cli/utils/client.ts +249 -0
package/src/cli/utils/config.ts +282 -0
package/src/cli/utils/output.ts +465 -0
package/src/config/networks.ts +32 -9
package/src/errors/index.ts +298 -1
package/src/index.ts +207 -71
package/src/level0/Provider.ts +117 -0
package/src/level0/ServiceDirectory.ts +131 -0
package/src/level0/index.ts +10 -0
package/src/level0/provide.ts +131 -0
package/src/level0/request.ts +494 -0
package/src/level1/Agent.ts +1432 -0
package/src/level1/index.ts +10 -0
package/src/level1/pricing/PriceCalculator.ts +255 -0
package/src/level1/pricing/PricingStrategy.ts +198 -0
package/src/level1/types/Job.ts +179 -0
package/src/level1/types/Options.ts +291 -0
package/src/level1/types/index.ts +8 -0
package/src/protocol/ACTPKernel.ts +175 -23
package/src/protocol/AgentRegistry.ts +559 -0
package/src/protocol/DIDManager.ts +629 -0
package/src/protocol/DIDResolver.ts +554 -0
package/src/protocol/EASHelper.ts +230 -46
package/src/protocol/EscrowVault.ts +68 -50
package/src/protocol/EventMonitor.ts +44 -15
package/src/protocol/MessageSigner.ts +193 -13
package/src/protocol/ProofGenerator.ts +223 -4
package/src/runtime/BlockchainRuntime.ts +993 -0
package/src/runtime/IACTPRuntime.ts +284 -0
package/src/runtime/MockRuntime.ts +1244 -0
package/src/runtime/MockStateManager.ts +576 -0
package/src/runtime/index.ts +25 -0
package/src/runtime/types/MockState.ts +227 -0
package/src/types/agent.ts +79 -0
package/src/types/did.ts +223 -0
package/src/types/escrow.ts +12 -11
package/src/types/index.ts +5 -1
package/src/types/state.ts +12 -3
package/src/types/transaction.ts +4 -1
package/src/utils/ErrorRecoveryGuide.ts +675 -0
package/src/utils/Helpers.ts +688 -0
package/src/utils/IPFSClient.ts +122 -5
package/src/utils/Logger.ts +484 -0
package/src/utils/NonceManager.ts +305 -8
package/src/utils/RateLimiter.ts +534 -0
package/src/utils/ReceivedNonceTracker.ts +170 -0
package/src/utils/SDKLifecycle.ts +416 -0
package/src/utils/SecureNonce.ts +78 -0
package/src/utils/Semaphore.ts +276 -0
package/src/utils/UsedAttestationTracker.ts +387 -0
package/src/utils/fsSafe.ts +75 -0
package/src/utils/index.ts +80 -0
package/src/utils/security.ts +418 -0
package/src/utils/validation.ts +164 -0
package/src/__tests__/ProofGenerator.test.ts +0 -124
package/src/__tests__/QuoteBuilder.test.ts +0 -516
package/src/__tests__/StateMachine.test.ts +0 -82
package/src/__tests__/builders/DeliveryProofBuilder.test.ts +0 -581
package/src/__tests__/integration/ACTPClient.test.ts +0 -263
package/src/__tests__/integration.test.ts +0 -289
package/src/__tests__/protocol/EASHelper.test.ts +0 -472
package/src/__tests__/protocol/EventMonitor.test.ts +0 -382
package/src/__tests__/security/ACTPKernel.security.test.ts +0 -1167
package/src/__tests__/security/EscrowVault.security.test.ts +0 -570
package/src/__tests__/security/MessageSigner.security.test.ts +0 -286
package/src/__tests__/security/NonceReplay.security.test.ts +0 -501
package/src/__tests__/security/validation.security.test.ts +0 -376
package/src/__tests__/utils/IPFSClient.test.ts +0 -262
package/src/__tests__/utils/NonceManager.test.ts +0 -205
package/src/__tests__/utils/canonicalJson.test.ts +0 -153

package/src/utils/validation.ts CHANGED Viewed

@@ -80,3 +80,167 @@ export function validateTxId(txId: string, fieldName: string = 'txId'): void {
   }
 }
+/**
+ * Check if IP address is private/local (SSRF protection)
+ *
+ * SECURITY FIX (H-1): Comprehensive private IP detection
+ * - IPv4: 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16
+ * - IPv6: ::1, fc00::/7, fd00::/8, fe80::/10
+ * - IPv4-mapped IPv6: ::ffff:127.0.0.0/8, ::ffff:10.0.0.0/8, etc.
+ *
+ * @param ip - IP address (v4 or v6, no brackets)
+ * @returns true if IP is private/local
+ */
+function isPrivateIP(ip: string): boolean {
+  // Remove IPv6 brackets if present
+  const cleanIP = ip.replace(/^\[|\]$/g, '');
+  // IPv4 patterns
+  const ipv4PrivatePatterns = [
+    /^127\./,                      // Loopback
+    /^10\./,                       // Private class A
+    /^172\.(1[6-9]|2\d|3[01])\./,  // Private class B (172.16-172.31)
+    /^192\.168\./,                 // Private class C
+    /^169\.254\./,                 // Link-local / AWS metadata
+    /^0\./,                        // Invalid source
+    /^localhost$/i                 // Localhost hostname
+  ];
+  for (const pattern of ipv4PrivatePatterns) {
+    if (pattern.test(cleanIP)) {
+      return true;
+    }
+  }
+  // IPv6 patterns (without brackets)
+  const ipv6PrivatePatterns = [
+    /^::1$/,                       // IPv6 loopback
+    /^::ffff:127\./,               // IPv4-mapped localhost
+    /^::ffff:10\./,                // IPv4-mapped private 10.x
+    /^::ffff:192\.168\./,          // IPv4-mapped private 192.168.x
+    /^::ffff:172\.(1[6-9]|2\d|3[01])\./,  // IPv4-mapped private 172.16-31.x
+    /^::ffff:169\.254\./,          // IPv4-mapped link-local (CRITICAL: AWS metadata)
+    /^fc00:/i,                     // IPv6 ULA fc00::/7
+    /^fd/i,                        // IPv6 ULA fd00::/8
+    /^fe80:/i                      // IPv6 link-local fe80::/10
+  ];
+  for (const pattern of ipv6PrivatePatterns) {
+    if (pattern.test(cleanIP)) {
+      return true;
+    }
+  }
+  return false;
+}
+/**
+ * Validate endpoint URL (for AgentRegistry)
+ *
+ * SECURITY FIX (H-1): Enhanced SSRF protection with DNS resolution
+ *
+ * Security checks:
+ * - Valid URL format
+ * - HTTPS or IPFS protocols only
+ * - Maximum length 256 characters
+ * - DNS resolution check (hostname → IP validation)
+ * - No private/local IP addresses (SSRF protection)
+ * - Blocks AWS metadata endpoint (169.254.169.254)
+ * - Fail-secure: if DNS lookup fails, reject
+ *
+ * **CRITICAL**: This function is now ASYNC due to DNS resolution.
+ * All callers MUST await this function.
+ *
+ * @param endpoint - URL to validate
+ * @param fieldName - Field name for error messages
+ * @throws {ValidationError} If endpoint is invalid or points to private IP
+ */
+export async function validateEndpointURL(endpoint: string, fieldName: string = 'endpoint'): Promise<void> {
+  if (!endpoint || endpoint.length === 0) {
+    throw new ValidationError(fieldName, 'Endpoint is required');
+  }
+  const MAX_LENGTH = 256;
+  if (endpoint.length > MAX_LENGTH) {
+    throw new ValidationError(fieldName, `Endpoint exceeds maximum length (${MAX_LENGTH})`);
+  }
+  let parsedUrl: URL;
+  try {
+    parsedUrl = new URL(endpoint);
+  } catch (e) {
+    throw new ValidationError(fieldName, 'Endpoint must be a valid URL');
+  }
+  const allowedProtocols = ['https:', 'ipfs:'];
+  if (!allowedProtocols.includes(parsedUrl.protocol)) {
+    throw new ValidationError(
+      fieldName,
+      `Endpoint protocol must be one of: ${allowedProtocols.join(', ')}`
+    );
+  }
+  // SECURITY FIX (H-1): First check hostname syntax
+  // URL().hostname strips brackets from IPv6 addresses
+  const hostname = parsedUrl.hostname;
+  // Check if hostname itself looks like a private IP (bypass DNS for direct IPs)
+  if (isPrivateIP(hostname)) {
+    throw new ValidationError(
+      fieldName,
+      `Endpoint hostname "${hostname}" is a private/local address (SSRF protection)`
+    );
+  }
+  // SECURITY FIX (H-1): DNS resolution check
+  // Resolve hostname to IP address(es) and validate each resolved IP
+  // This prevents DNS rebinding attacks where hostname resolves to private IP
+  if (parsedUrl.protocol === 'https:') {
+    try {
+      // Dynamic import for Node.js dns module (not available in browser)
+      // If running in browser, skip DNS check (browsers have their own SSRF protection)
+      const dns = await import('dns').catch(() => null);
+      if (dns) {
+        // Resolve hostname to ALL IP addresses and validate each (prevents AAAA/A bypass)
+        const results = await dns.promises.lookup(hostname, { all: true });
+        for (const { address, family } of results) {
+          // Validate resolved IP is not private
+          if (isPrivateIP(address)) {
+            throw new ValidationError(
+              fieldName,
+              `Endpoint hostname "${hostname}" resolves to private IP address ${address} (SSRF protection). ` +
+                `This could be an attempt to access internal services. ` +
+                `IP family: IPv${family}`
+            );
+          }
+          // SECURITY FIX (H-1): CRITICAL - Block AWS metadata endpoint explicitly
+          if (address === '169.254.169.254') {
+            throw new ValidationError(
+              fieldName,
+              `Endpoint resolves to AWS metadata endpoint (169.254.169.254). ` +
+                `This is blocked for security reasons (credential theft prevention).`
+            );
+          }
+        }
+      }
+    } catch (error: any) {
+      // SECURITY FIX (H-1): Fail-secure - if DNS lookup fails, reject
+      // Don't allow requests to unresolvable hostnames (could be DNS rebinding setup)
+      if (error instanceof ValidationError) {
+        throw error; // Re-throw validation errors
+      }
+      throw new ValidationError(
+        fieldName,
+        `Failed to resolve hostname "${hostname}": ${error.message}. ` +
+        `DNS resolution is required for SSRF protection (fail-secure mode).`
+      );
+    }
+  }
+  // IPFS endpoints skip DNS check (no DNS resolution for IPFS CIDs)
+}

package/src/__tests__/ProofGenerator.test.ts DELETED Viewed

@@ -1,124 +0,0 @@
-import { ProofGenerator } from '../protocol/ProofGenerator';
-describe('ProofGenerator', () => {
-  let proofGenerator: ProofGenerator;
-  beforeEach(() => {
-    proofGenerator = new ProofGenerator();
-  });
-  describe('hashContent', () => {
-    it('should hash string content', () => {
-      const content = 'Hello, ACTP!';
-      const hash = proofGenerator.hashContent(content);
-      expect(hash).toMatch(/^0x[a-f0-9]{64}$/);
-      expect(hash).toHaveLength(66); // 0x + 64 hex chars
-    });
-    it('should hash buffer content', () => {
-      const content = Buffer.from('Hello, ACTP!');
-      const hash = proofGenerator.hashContent(content);
-      expect(hash).toMatch(/^0x[a-f0-9]{64}$/);
-    });
-    it('should produce same hash for same content', () => {
-      const content = 'Test content';
-      const hash1 = proofGenerator.hashContent(content);
-      const hash2 = proofGenerator.hashContent(content);
-      expect(hash1).toBe(hash2);
-    });
-    it('should produce different hashes for different content', () => {
-      const hash1 = proofGenerator.hashContent('Content A');
-      const hash2 = proofGenerator.hashContent('Content B');
-      expect(hash1).not.toBe(hash2);
-    });
-  });
-  describe('generateDeliveryProof', () => {
-    it('should generate valid delivery proof', () => {
-      const txId = '0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef';
-      const deliverable = 'Completed translation work';
-      const proof = proofGenerator.generateDeliveryProof({
-        txId,
-        deliverable,
-        metadata: { language: 'es' }
-      });
-      expect(proof.txId).toBe(txId);
-      expect(proof.contentHash).toMatch(/^0x[a-f0-9]{64}$/);
-      expect(proof.timestamp).toBeGreaterThan(0);
-      expect(proof.metadata.size).toBeGreaterThan(0);
-      expect(proof.metadata.language).toBe('es');
-    });
-    it('should include default mimeType', () => {
-      const proof = proofGenerator.generateDeliveryProof({
-        txId: '0x1234',
-        deliverable: 'test'
-      });
-      expect(proof.metadata.mimeType).toBe('application/octet-stream');
-    });
-    it('should use custom mimeType', () => {
-      const proof = proofGenerator.generateDeliveryProof({
-        txId: '0x1234',
-        deliverable: 'test',
-        metadata: { mimeType: 'text/plain' }
-      });
-      expect(proof.metadata.mimeType).toBe('text/plain');
-    });
-  });
-  describe('verifyDeliverable', () => {
-    it('should verify matching deliverable', () => {
-      const deliverable = 'Test deliverable';
-      const hash = proofGenerator.hashContent(deliverable);
-      const isValid = proofGenerator.verifyDeliverable(deliverable, hash);
-      expect(isValid).toBe(true);
-    });
-    it('should reject non-matching deliverable', () => {
-      const deliverable = 'Test deliverable';
-      const wrongHash = proofGenerator.hashContent('Wrong content');
-      const isValid = proofGenerator.verifyDeliverable(deliverable, wrongHash);
-      expect(isValid).toBe(false);
-    });
-    it('should be case-insensitive for hash comparison', () => {
-      const deliverable = 'Test';
-      const hash = proofGenerator.hashContent(deliverable);
-      const upperHash = hash.toUpperCase();
-      const isValid = proofGenerator.verifyDeliverable(deliverable, upperHash);
-      expect(isValid).toBe(true);
-    });
-  });
-  describe('encodeProof and decodeProof', () => {
-    it('should encode and decode proof correctly', () => {
-      const originalProof = proofGenerator.generateDeliveryProof({
-        txId: '0x1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef',
-        deliverable: 'test'
-      });
-      const encoded = proofGenerator.encodeProof(originalProof);
-      const decoded = proofGenerator.decodeProof(encoded);
-      expect(decoded.txId).toBe(originalProof.txId);
-      expect(decoded.contentHash).toBe(originalProof.contentHash);
-      expect(decoded.timestamp).toBe(originalProof.timestamp);
-    });
-  });
-});