@aikdna/kdna-core 0.7.2 → 0.9.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aikdna/kdna-core",
-  "version": "0.7.2",
+  "version": "0.9.0",
   "description": "KDNA core library — pure logic for loading, validating, linting, and rendering KDNA domain cognition packages. Zero Node.js dependencies.",
   "type": "commonjs",
   "main": "src/index.js",
@@ -47,5 +47,9 @@
     "ajv-formats": {
       "optional": true
     }
+  },
+  "dependencies": {
+    "@noble/hashes": "^2.2.0",
+    "cbor-x": "^1.6.4"
   }
 }

package/src/asset-reader.js

@@ -1,27 +1,13 @@
 /**
  * KDNA Asset Reader — direct .kdna container access.
- *
- * This module intentionally uses only Node.js built-ins. It reads ZIP central
- * directory records directly so runtimes can inspect, verify, and load .kdna
- * assets without persistent extraction to a domain directory.
  */
 
 const fs = require('fs');
 const crypto = require('crypto');
 const zlib = require('zlib');
+const cbor = require('cbor-x');
 const { loadDomainFromFiles, formatContext } = require('./loader');
 
-const STANDARD_ENTRIES = [
-  'kdna.json',
-  'KDNA_Core.json',
-  'KDNA_Patterns.json',
-  'KDNA_Scenarios.json',
-  'KDNA_Cases.json',
-  'KDNA_Reasoning.json',
-  'KDNA_Evolution.json',
-];
-
-const JSON_ENTRY_RE = /\.json$/i;
 const KDNA_MEDIA_TYPE = 'application/vnd.aikdna.kdna+zip';
 
 function sha256Hex(buf) {
@@ -274,6 +260,53 @@ function verifyMediaType(asset, errors) {
   }
 }
 
+/**
+ * Verify Human Lock signatures on locked axiom cards.
+ * Reconstructs signing payload (cardId|statement|fingerprint) and verifies
+ * against the creator's public key from kdna.json manifest.author.
+ */
+function verifyHumanLockSignatures(coreData, manifest, errors, warnings) {
+  const publicKeyPEM = manifest?.author?.public_key_pem;
+  if (!publicKeyPEM) {
+    // Skip if no public key available (unsigned assets are valid)
+    return;
+  }
+  const axioms = coreData?.axioms || [];
+  if (!Array.isArray(axioms) || axioms.length === 0) return;
+
+  let verified = 0, missing = 0, invalid = 0;
+  for (const ax of axioms) {
+    const hl = ax.human_lock;
+    if (!hl || !hl.signature) {
+      // Only warn for locked cards without signature
+      if (ax.status === 'locked' || ax.status === 'tested' || ax.status === 'published') {
+        missing++;
+      }
+      continue;
+    }
+    try {
+      const payload = [ax.id, hl.statement || '', hl.judgment_fingerprint || ''].join('\n');
+      const sig = Buffer.from(String(hl.signature).replace(/^ed25519:/, ''), 'hex');
+      const key = crypto.createPublicKey(publicKeyPEM);
+      const ok = crypto.verify(null, Buffer.from(payload), key, sig);
+      if (ok) { verified++; }
+      else { invalid++; }
+    } catch {
+      invalid++;
+    }
+  }
+
+  if (invalid > 0) {
+    errors.push(`${invalid} Human Lock signature(s) failed verification — judgment may have been altered`);
+  }
+  if (missing > 0) {
+    warnings.push(`${missing} locked card(s) have no Human Lock signature`);
+  }
+  if (verified > 0 && invalid === 0) {
+    // All signed locks verified — good
+  }
+}
+
 function validateManifestIdentity(manifest, errors, _warnings) {
   if (manifest.kdna_spec) {
     errors.push('kdna.json: kdna_spec is not allowed. Use spec_version.');
@@ -281,9 +314,9 @@ function validateManifestIdentity(manifest, errors, _warnings) {
   if (manifest.format && manifest.format !== 'kdna') {
     errors.push(`kdna.json.format: invalid value "${manifest.format}". Expected "kdna".`);
   }
-  if (manifest.format_version && manifest.format_version !== '1.0') {
+  if (manifest.format_version && manifest.format_version !== '2.0') {
     errors.push(
-      `kdna.json.format_version: invalid value "${manifest.format_version}". Expected "1.0".`,
+      `kdna.json.format_version: invalid value "${manifest.format_version}". Expected "2.0".`,
     );
   }
   if (!manifest.spec_version) errors.push('kdna.json: missing required field "spec_version"');
@@ -323,19 +356,30 @@ function readManifest(asset) {
   return parseJson(asset.readEntry('kdna.json'), 'kdna.json');
 }
 
-function readDataMapSync(asset, entries = STANDARD_ENTRIES, options = {}) {
+function readDataMapSync(asset, options = {}) {
   const dataMap = {};
   const manifest = readManifest(asset);
-  const encrypted = encryptedEntries(manifest).filter((entryName) => entries.includes(entryName));
-  if (encrypted.length && typeof options.decryptEntry !== 'function') {
-    throw new Error(`encrypted entries require decryptEntry hook: ${encrypted.join(', ')}`);
-  }
-  for (const entryName of entries) {
-    if (!asset.entries.has(entryName)) continue;
-    const buf = maybeDecryptEntrySync(asset, manifest, entryName, asset.readEntry(entryName), options);
-    dataMap[entryName] = parseJson(buf, entryName);
+
+  if (asset.entries.has('payload.kdnab')) {
+    const payloadBuf = asset.readEntry('payload.kdnab');
+    const payload = cbor.decode(payloadBuf);
+    if (payload && payload.judgment) {
+      if (payload.judgment.core) dataMap['KDNA_Core.json'] = payload.judgment.core;
+      if (payload.judgment.patterns) dataMap['KDNA_Patterns.json'] = payload.judgment.patterns;
+      if (payload.judgment.scenarios) dataMap['KDNA_Scenarios.json'] = payload.judgment.scenarios;
+      if (payload.judgment.cases) dataMap['KDNA_Cases.json'] = payload.judgment.cases;
+      if (payload.judgment.reasoning) dataMap['KDNA_Reasoning.json'] = payload.judgment.reasoning;
+      if (payload.judgment.evolution) dataMap['KDNA_Evolution.json'] = payload.judgment.evolution;
+    }
+
+    const encrypted = encryptedEntries(manifest);
+    if (encrypted.length && typeof options.decryptEntry !== 'function') {
+      throw new Error(`encrypted entries require decryptEntry hook: ${encrypted.join(', ')}`);
+    }
+    return dataMap;
   }
-  return dataMap;
+
+  throw new Error('Not a KDNA asset: missing payload.kdnab');
 }
 
 function verifySync(asset, options = {}) {
@@ -345,10 +389,7 @@ function verifySync(asset, options = {}) {
 
   if (!asset.entries.has('kdna.json')) errors.push('required entry missing: kdna.json');
   verifyMediaType(asset, errors);
-  if (!asset.entries.has('KDNA_Core.json')) errors.push('required entry missing: KDNA_Core.json');
-  if (!asset.entries.has('KDNA_Patterns.json')) {
-    errors.push('required entry missing: KDNA_Patterns.json');
-  }
+  if (!asset.entries.has('payload.kdnab')) errors.push('required entry missing: payload.kdnab');
 
   const content_digest = buildContentDigest(asset);
   const asset_digest = asset.asset_digest;
@@ -395,6 +436,15 @@ function verifySync(asset, options = {}) {
       if (options.requireSignature || manifest.signature) {
         signature_valid = verifySignature(asset, manifest, errors, warnings);
       }
+      // ── Human Lock signature verification ──────────────────
+      if (asset.entries.has('KDNA_Core.json')) {
+        try {
+          const coreData = parseJson(asset.readEntry('KDNA_Core.json'), 'KDNA_Core.json');
+          verifyHumanLockSignatures(coreData, manifest, errors, warnings);
+        } catch (e) {
+          warnings.push(`Human Lock signature check skipped: ${e.message}`);
+        }
+      }
     } catch (e) {
       errors.push(e.message);
     }

package/src/crypto-profile.js

@@ -1,5 +1,12 @@
 const crypto = require('crypto');
 
+let argon2id;
+try {
+  ({ argon2id } = require('@noble/hashes/argon2.js'));
+} catch {
+  // Optional: password-protected assets require @noble/hashes
+}
+
 // ── Profile constants ──────────────────────────────────────────────
 
 /**
@@ -18,9 +25,19 @@ const LICENSED_ENTRY_PROFILE = 'kdna-licensed-entry-v1';
  */
 const LICENSED_EXPERIMENTAL_PROFILE = 'kdna-licensed-entry-experimental';
 
+/**
+ * RFC-0009 compliant profile.
+ * - Argon2id password-based key derivation
+ * - AES-256-KW content encryption key wrapping
+ * - AES-256-GCM content encryption
+ * - Dual key slots: password + recovery
+ */
+const PASSWORD_PROTECTED_PROFILE = 'kdna-password-protected-v1';
+
 const RFC_KDF = 'HKDF-SHA256';
 const RFC_KEY_WRAPPING = 'AES-256-KW';
 const LEGACY_KDF = 'scrypt-sha256';
+const PASSWORD_KDF = 'Argon2id';
 const ALG = 'AES-256-GCM';
 
 // ── Helpers ───────────────────────────────────────────────────────
@@ -246,6 +263,163 @@ function decryptLicensedEntryV1(envelopeValue, options = {}) {
   ]);
 }
 
+// ── RFC-0009: Password-protected encryption ───────────────────────
+
+function ensureArgon2id() {
+  if (!argon2id) {
+    throw new Error(
+      'password-protected assets require @noble/hashes. Install: npm install @noble/hashes',
+    );
+  }
+}
+
+function derivePasswordKey(password, params = {}) {
+  ensureArgon2id();
+  const {
+    salt,
+    memory_kib = 65536,
+    iterations = 3,
+    parallelism = 4,
+  } = params;
+  if (!salt) throw new Error('salt is required for Argon2id');
+  const saltBuf = decodeBase64(salt, 'salt');
+  const passwordBuf = toBuffer(password, 'password');
+  const key = argon2id(passwordBuf, saltBuf, {
+    t: iterations,
+    m: memory_kib,
+    p: parallelism,
+    dkLen: 32,
+  });
+  return Buffer.from(key);
+}
+
+function generateRecoveryCode() {
+  const raw = crypto.randomBytes(32); // 256 bits
+  const hex = raw.toString('hex').toUpperCase();
+  const groups = hex.match(/.{4}/g);
+  return `kdna-recover-${groups.join('-')}`;
+}
+
+function decodeRecoveryCode(code) {
+  if (typeof code !== 'string' || !code.startsWith('kdna-recover-')) {
+    throw new Error('recovery code must start with "kdna-recover-"');
+  }
+  const hex = code.slice('kdna-recover-'.length).replace(/-/g, '');
+  if (!/^[0-9A-Fa-f]{64}$/.test(hex)) {
+    throw new Error('recovery code format is invalid');
+  }
+  return Buffer.from(hex, 'hex');
+}
+
+function encryptProtectedEntry(plaintext, options = {}) {
+  const { entryName, manifest = {}, password, includeRecovery = true, recoveryCode } = options;
+  if (!entryName) throw new Error('entryName is required');
+  if (!password) throw new Error('password is required for protected encryption');
+
+  const cek = generateCEK();
+
+  // Password slot
+  const salt = crypto.randomBytes(16);
+  const passwordKdf = {
+    name: PASSWORD_KDF,
+    salt: salt.toString('base64'),
+    memory_kib: 65536,
+    iterations: 3,
+    parallelism: 4,
+  };
+  const passwordKey = derivePasswordKey(password, passwordKdf);
+  const passwordWrappedKey = wrapCEK(cek, passwordKey);
+
+  const keySlots = [
+    {
+      slot: 'password',
+      wrap: RFC_KEY_WRAPPING,
+      wrapped_key: passwordWrappedKey.toString('base64'),
+    },
+  ];
+
+  // Recovery slot
+  if (includeRecovery) {
+    const recoveryKey = recoveryCode ? decodeRecoveryCode(recoveryCode) : crypto.randomBytes(32);
+    const recoveryWrappedKey = wrapCEK(cek, recoveryKey);
+    keySlots.push({
+      slot: 'recovery',
+      wrap: RFC_KEY_WRAPPING,
+      wrapped_key: recoveryWrappedKey.toString('base64'),
+    });
+  }
+
+  const iv = crypto.randomBytes(12);
+  const cipher = crypto.createCipheriv('aes-256-gcm', cek, iv);
+  cipher.setAAD(encryptedEntryAad(entryName, manifest, PASSWORD_PROTECTED_PROFILE));
+  const ciphertext = Buffer.concat([cipher.update(toBuffer(plaintext, 'plaintext')), cipher.final()]);
+
+  return {
+    profile: PASSWORD_PROTECTED_PROFILE,
+    alg: ALG,
+    kdf: PASSWORD_KDF,
+    key_wrapping: RFC_KEY_WRAPPING,
+    password_kdf: passwordKdf,
+    key_slots: keySlots,
+    iv: iv.toString('base64'),
+    tag: cipher.getAuthTag().toString('base64'),
+    ciphertext: ciphertext.toString('base64'),
+  };
+}
+
+function decryptProtectedEntry(envelopeValue, options = {}) {
+  const { entryName, manifest = {}, password, recoveryCode } = options;
+  if (!entryName) throw new Error('entryName is required');
+  if (!password && !recoveryCode) {
+    throw new Error('password or recoveryCode is required for protected decryption');
+  }
+
+  const envelope = normalizeEnvelope(envelopeValue);
+  if (envelope.profile !== PASSWORD_PROTECTED_PROFILE) {
+    throw new Error(
+      `unsupported encrypted entry profile: ${envelope.profile || 'unknown'} (expected ${PASSWORD_PROTECTED_PROFILE})`,
+    );
+  }
+  if (envelope.alg !== ALG) throw new Error(`unsupported encrypted entry alg: ${envelope.alg}`);
+  if (envelope.kdf !== PASSWORD_KDF) throw new Error(`unsupported encrypted entry kdf: ${envelope.kdf}`);
+  if (envelope.key_wrapping !== RFC_KEY_WRAPPING) {
+    throw new Error(`unsupported encrypted entry key_wrapping: ${envelope.key_wrapping}`);
+  }
+
+  let cek;
+  if (password) {
+    const passwordKey = derivePasswordKey(password, envelope.password_kdf);
+    const passwordSlot = envelope.key_slots.find((s) => s.slot === 'password');
+    if (!passwordSlot) throw new Error('password slot missing from envelope');
+    cek = unwrapCEK(decodeBase64(passwordSlot.wrapped_key, 'wrapped_key'), passwordKey);
+  } else {
+    const recoveryKey = decodeRecoveryCode(recoveryCode);
+    const recoverySlot = envelope.key_slots.find((s) => s.slot === 'recovery');
+    if (!recoverySlot) throw new Error('recovery slot missing from envelope');
+    cek = unwrapCEK(decodeBase64(recoverySlot.wrapped_key, 'wrapped_key'), recoveryKey);
+  }
+
+  const decipher = crypto.createDecipheriv('aes-256-gcm', cek, decodeBase64(envelope.iv, 'iv'));
+  decipher.setAAD(encryptedEntryAad(entryName, manifest, PASSWORD_PROTECTED_PROFILE));
+  decipher.setAuthTag(decodeBase64(envelope.tag, 'tag'));
+  return Buffer.concat([
+    decipher.update(decodeBase64(envelope.ciphertext, 'ciphertext')),
+    decipher.final(),
+  ]);
+}
+
+function createPasswordDecryptEntry(options = {}) {
+  const { password } = options;
+  return ({ entryName, ciphertext, manifest }) =>
+    decryptProtectedEntry(ciphertext, { entryName, manifest, password });
+}
+
+function createRecoveryDecryptEntry(options = {}) {
+  const { recoveryCode } = options;
+  return ({ entryName, ciphertext, manifest }) =>
+    decryptProtectedEntry(ciphertext, { entryName, manifest, recoveryCode });
+}
+
 // ── Legacy / experimental profile (pre-RFC, backward compat) ───────
 
 function deriveLicensedEntryKeyLegacy(options = {}) {
@@ -329,10 +503,12 @@ module.exports = {
   // Profiles
   LICENSED_ENTRY_PROFILE,
   LICENSED_EXPERIMENTAL_PROFILE,
+  PASSWORD_PROTECTED_PROFILE,
   ALG,
   RFC_KDF,
   RFC_KEY_WRAPPING,
   LEGACY_KDF,
+  PASSWORD_KDF,
 
   // RFC-0008 compliant
   deriveWrappingKey,
@@ -342,6 +518,15 @@ module.exports = {
   encryptLicensedEntryV1,
   decryptLicensedEntryV1,
 
+  // RFC-0009 compliant
+  derivePasswordKey,
+  generateRecoveryCode,
+  decodeRecoveryCode,
+  encryptProtectedEntry,
+  decryptProtectedEntry,
+  createPasswordDecryptEntry,
+  createRecoveryDecryptEntry,
+
   // Legacy
   deriveLicensedEntryKey: deriveLicensedEntryKeyLegacy,
   encryptLicensedEntryLegacy,

package/src/index.js

@@ -9,6 +9,7 @@ const compose = require('./compose');
 const assetReader = require('./asset-reader');
 const cryptoProfile = require('./crypto-profile');
 const publicApi = require('./public-api');
+const workpackPure = require('./workpack-pure');
 
 module.exports = {
   ...publicApi,
@@ -19,4 +20,5 @@ module.exports = {
   ...compose,
   ...assetReader,
   ...cryptoProfile,
+  ...workpackPure,
 };

package/src/lint-pure.js

@@ -318,9 +318,9 @@ function validateManifest(manifest) {
   if (manifest.format && manifest.format !== 'kdna') {
     errors.push(`kdna.json.format: invalid value "${manifest.format}". Expected "kdna".`);
   }
-  if (manifest.format_version && manifest.format_version !== '1.0') {
+  if (manifest.format_version && manifest.format_version !== '2.0') {
     errors.push(
-      `kdna.json.format_version: invalid value "${manifest.format_version}". Expected "1.0".`,
+      `kdna.json.format_version: invalid value "${manifest.format_version}". Expected "2.0".`,
     );
   }
   if (manifest.status && !VALID_STATUS.has(manifest.status)) {

package/src/types.d.ts

@@ -204,7 +204,7 @@ export interface KDNAFileDataMap {
 
 export interface KDNAManifest {
   format: 'kdna';
-  format_version: '1.0';
+  format_version: '2.0';
   spec_version: string;
   name: string;
   version: string;