npm - @aithos/sdk - Versions diffs - 0.1.0-alpha.47 → 0.1.0-alpha.48 - Mend

@aithos/sdk 0.1.0-alpha.47 → 0.1.0-alpha.48

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/src/apps.js +2 -13
package/dist/src/data.js +7 -24
package/dist/src/internal/envelope.js +20 -121
package/dist/test/canonical-conformance.test.d.ts +2 -0
package/dist/test/canonical-conformance.test.js +86 -0
package/dist/test/envelope-core-conformance.test.d.ts +2 -0
package/dist/test/envelope-core-conformance.test.js +75 -0
package/package.json +3 -1

package/dist/src/apps.js CHANGED Viewed

@@ -26,6 +26,7 @@
 // in V0.2 once the sponsorship-api Lambda exists; for now, devs check
 // their sponsorship via the AWS Console.
 import { base64url, buildSignedEnvelope, sign } from "@aithos/protocol-client";
+import { canonicalize } from "@aithos/protocol-core/canonical";
 import { computeInvokeUrl, walletTopupCheckoutUrl } from "./endpoints.js";
 import { ownerKeyPair } from "./internal/protocol-client-bridge.js";
 import { AithosSDKError } from "./types.js";
@@ -426,18 +427,6 @@ function randomBytes(n) {
  * the hash the signature commits to.
  */
 function jcsCanonicalize(value) {
-    if (value === null || typeof value !== "object") {
-        return JSON.stringify(value);
-    }
-    if (Array.isArray(value)) {
-        return "[" + value.map(jcsCanonicalize).join(",") + "]";
-    }
-    const obj = value;
-    const keys = Object.keys(obj).sort();
-    return ("{" +
-        keys
-            .map((k) => JSON.stringify(k) + ":" + jcsCanonicalize(obj[k]))
-            .join(",") +
-        "}");
+    return canonicalize(value);
 }
 //# sourceMappingURL=apps.js.map

package/dist/src/data.js CHANGED Viewed

@@ -39,6 +39,7 @@ import { sha256, sha512 } from "@noble/hashes/sha2.js";
 import { XChaCha20Poly1305 } from "@stablelib/xchacha20poly1305";
 import * as ed from "@noble/ed25519";
 import { multibaseToEd25519PublicKey, edPubToX25519Pub, } from "@aithos/protocol-client";
+import { canonicalize } from "@aithos/protocol-core/canonical";
 import { contactsV1 } from "./data-schema-contacts-v1.js";
 import { signOwnerEnvelope } from "./internal/envelope.js";
 // noble/ed25519 v2 needs sha512 wired in for sync sign/verify
@@ -989,30 +990,12 @@ function sha256Hex(s) {
 /* -------------------------------------------------------------------------- */
 /*  JCS-style canonicalization (RFC 8785 subset)                              */
 /* -------------------------------------------------------------------------- */
+// Single canonicalization source of truth: @aithos/protocol-core. Kept as a
+// local alias so the encryption-AAD call sites read naturally; the byte output
+// is proven identical to the former hand-rolled JCS by
+// test/canonical-conformance.test.ts (critical: this feeds pre-encryption
+// canonicalization, so any drift would corrupt data).
 function jcsCanonicalize(value) {
-    if (value === null)
-        return "null";
-    if (value === undefined)
-        throw new Error("Cannot canonicalize undefined");
-    if (typeof value === "boolean")
-        return value ? "true" : "false";
-    if (typeof value === "number") {
-        if (!Number.isFinite(value))
-            throw new Error("non-finite number");
-        return value.toString();
-    }
-    if (typeof value === "string")
-        return JSON.stringify(value);
-    if (Array.isArray(value)) {
-        return "[" + value.map(jcsCanonicalize).join(",") + "]";
-    }
-    if (typeof value === "object") {
-        const obj = value;
-        const keys = Object.keys(obj).sort();
-        return ("{" +
-            keys.map((k) => JSON.stringify(k) + ":" + jcsCanonicalize(obj[k])).join(",") +
-            "}");
-    }
-    throw new Error(`Cannot canonicalize ${typeof value}`);
+    return canonicalize(value);
 }
 //# sourceMappingURL=data.js.map

package/dist/src/internal/envelope.js CHANGED Viewed

@@ -19,7 +19,7 @@
  * with `src/data.ts` is intentional and tracked; consolidation into a
  * shared `src/internal/canonical.ts` is planned for a follow-up release.
  */
-import { sha256 } from "@noble/hashes/sha2.js";
+import { signEnvelopeWith } from "@aithos/protocol-core/envelope";
 /**
  * Build, canonicalize and sign an owner-path envelope per spec §11.2.
  *
@@ -33,128 +33,27 @@ import { sha256 } from "@noble/hashes/sha2.js";
  * (non-extractable keys) drop in without breaking callers.
  */
 export async function signOwnerEnvelope(args) {
-    const nowMs = (args.now ?? new Date()).getTime();
-    const iat = Math.floor(nowMs / 1000);
-    const exp = iat + (args.ttlSeconds ?? 60);
-    const nonce = args.nonce ?? makeUlid();
-    const paramsHash = "sha256-" + sha256Hex(jcsCanonicalize(args.params));
-    const unsigned = {
-        "aithos-envelope": "0.1.0",
+    // Delegate to the single envelope source of truth in @aithos/protocol-core.
+    // The canonicalization, params_hash, unsigned-envelope assembly and proof
+    // attachment all live there now; we only supply the pluggable async signer
+    // (preserving the WebCrypto-ready `EnvelopeSigner` abstraction). A
+    // conformance test proves this path is byte-identical to the seed-based
+    // core signer, which is itself byte-identical to the former hand-rolled
+    // implementation — so nothing changes on the wire.
+    const env = await signEnvelopeWith({
         iss: args.iss,
         aud: args.aud,
         method: args.method,
-        iat,
-        exp,
-        nonce,
-        params_hash: paramsHash,
-        // Attach the mandate (delegate path) so the signature commits to the
-        // delegation context. JCS sorts keys, so placement here is irrelevant
-        // to the canonical bytes — what matters is that the server (which
-        // canonicalizes the full envelope incl. mandate + proof/proofValue="")
-        // sees the exact same object.
-        ...(args.mandate !== undefined ? { mandate: args.mandate } : {}),
-        proof: {
-            type: "Ed25519Signature2020",
-            verificationMethod: args.verificationMethod,
-            created: new Date(iat * 1000).toISOString(),
-            proofValue: "",
-        },
-    };
-    const bytes = new TextEncoder().encode(jcsCanonicalize(unsigned));
-    const sig = await args.signer.sign(bytes);
-    return {
-        ...unsigned,
-        proof: { ...unsigned.proof, proofValue: base64url(sig) },
-    };
-}
-/* -------------------------------------------------------------------------- */
-/*  Self-contained helpers (duplicated with src/data.ts for isolation)        */
-/* -------------------------------------------------------------------------- */
-/** Cross-platform CSPRNG: Web Crypto in browser, Node WebCrypto in Node 19+. */
-function cryptoRandom(n) {
-    const buf = new Uint8Array(n);
-    globalThis.crypto?.getRandomValues(buf);
-    return buf;
-}
-function makeUlid() {
-    // Lightweight ULID — millisecond timestamp + 80 bits of randomness.
-    // Crockford base32. For tests this is sufficient; production uses
-    // the canonical ulid package.
-    const tsBuf = new Uint8Array(6);
-    let ts = Date.now();
-    for (let i = 5; i >= 0; i--) {
-        tsBuf[i] = ts & 0xff;
-        ts = Math.floor(ts / 256);
-    }
-    const rndBuf = cryptoRandom(10);
-    const all = new Uint8Array(16);
-    all.set(tsBuf, 0);
-    all.set(rndBuf, 6);
-    const alphabet = "0123456789ABCDEFGHJKMNPQRSTVWXYZ";
-    let bits = 0;
-    let value = 0;
-    let out = "";
-    for (const b of all) {
-        value = (value << 8) | b;
-        bits += 8;
-        while (bits >= 5) {
-            out += alphabet[(value >> (bits - 5)) & 0x1f];
-            bits -= 5;
-        }
-    }
-    if (bits > 0)
-        out += alphabet[(value << (5 - bits)) & 0x1f];
-    return out.slice(0, 26);
-}
-/** Standard base64 (with `=` padding). Browser + Node compatible. */
-function base64Std(bytes) {
-    let bin = "";
-    for (let i = 0; i < bytes.length; i++)
-        bin += String.fromCharCode(bytes[i]);
-    return btoa(bin);
-}
-/** base64url (URL-safe, no padding). */
-function base64url(bytes) {
-    return base64Std(bytes).replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-}
-function sha256Hex(s) {
-    const d = sha256(new TextEncoder().encode(s));
-    let hex = "";
-    for (const b of d)
-        hex += b.toString(16).padStart(2, "0");
-    return hex;
-}
-/**
- * JCS-style canonicalization (RFC 8785 subset).
- *
- * Sorted object keys, no whitespace, finite numbers via `toString()`,
- * strings via `JSON.stringify` (escapes), arrays preserve order.
- * `undefined` is rejected (RFC 8785 §3.2.2).
- */
-function jcsCanonicalize(value) {
-    if (value === null)
-        return "null";
-    if (value === undefined)
-        throw new Error("Cannot canonicalize undefined");
-    if (typeof value === "boolean")
-        return value ? "true" : "false";
-    if (typeof value === "number") {
-        if (!Number.isFinite(value))
-            throw new Error("non-finite number");
-        return value.toString();
-    }
-    if (typeof value === "string")
-        return JSON.stringify(value);
-    if (Array.isArray(value)) {
-        return "[" + value.map(jcsCanonicalize).join(",") + "]";
-    }
-    if (typeof value === "object") {
-        const obj = value;
-        const keys = Object.keys(obj).sort();
-        return ("{" +
-            keys.map((k) => JSON.stringify(k) + ":" + jcsCanonicalize(obj[k])).join(",") +
-            "}");
-    }
-    throw new Error(`Cannot canonicalize ${typeof value}`);
+        params: args.params,
+        verificationMethod: args.verificationMethod,
+        sign: (bytes) => args.signer.sign(bytes),
+        ttlSeconds: args.ttlSeconds,
+        now: args.now,
+        nonce: args.nonce,
+        ...(args.mandate !== undefined
+            ? { mandate: args.mandate }
+            : {}),
+    });
+    return env;
 }
 //# sourceMappingURL=envelope.js.map

package/dist/test/canonical-conformance.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=canonical-conformance.test.d.ts.map

package/dist/test/canonical-conformance.test.js ADDED Viewed

@@ -0,0 +1,86 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+/**
+ * Safety gate for the canonicalization refactor.
+ *
+ * The SDK historically carried three hand-rolled copies of `jcsCanonicalize`
+ * (internal/envelope.ts, data.ts, apps.ts). data.ts uses it to canonicalize a
+ * record payload BEFORE encryption (it feeds the AAD/plaintext), so a single
+ * differing byte vs. the canonicalization used at decrypt/verify time would
+ * silently corrupt data. Before swapping those copies onto
+ * `@aithos/protocol-core`'s `canonicalize`, this test proves the two produce
+ * identical output across a representative corpus.
+ *
+ * Known, accepted divergence: lone UTF-16 surrogates. `JSON.stringify` escapes
+ * them (\uXXXX) whereas core emits the raw code unit. Lone surrogates never
+ * appear in Aithos payloads (record fields are well-formed JSON strings), so
+ * the corpus excludes them by design.
+ */
+import { describe, test } from "node:test";
+import { strict as assert } from "node:assert";
+import { canonicalize } from "@aithos/protocol-core/canonical";
+/** Exact copy of the SDK's legacy jcsCanonicalize (pre-refactor reference). */
+function jcsCanonicalize(value) {
+    if (value === null)
+        return "null";
+    if (value === undefined)
+        throw new Error("Cannot canonicalize undefined");
+    if (typeof value === "boolean")
+        return value ? "true" : "false";
+    if (typeof value === "number") {
+        if (!Number.isFinite(value))
+            throw new Error("non-finite number");
+        return value.toString();
+    }
+    if (typeof value === "string")
+        return JSON.stringify(value);
+    if (Array.isArray(value)) {
+        return "[" + value.map(jcsCanonicalize).join(",") + "]";
+    }
+    if (typeof value === "object") {
+        const obj = value;
+        const keys = Object.keys(obj).sort();
+        return ("{" +
+            keys
+                .map((k) => JSON.stringify(k) + ":" + jcsCanonicalize(obj[k]))
+                .join(",") +
+            "}");
+    }
+    throw new Error(`Cannot canonicalize ${typeof value}`);
+}
+const corpus = [
+    null,
+    true,
+    false,
+    0,
+    -1,
+    42,
+    Number.MAX_SAFE_INTEGER,
+    "",
+    "hello",
+    "with \"quotes\" and \\ backslash",
+    "tab\tnewline\nreturn\rbackspace\bform\f",
+    "control end",
+    "accented éàùçö and emoji 😀🚀 and 漢字",
+    "slash / and at @ and unicode nbsp",
+    [],
+    [1, 2, 3],
+    ["z", "a", "m"],
+    [{ b: 1, a: 2 }, [3, [4, 5]]],
+    {},
+    { b: 2, a: 1, c: 3 },
+    { z: { y: { x: [1, "two", false, null] } } },
+    { "key with spaces": 1, "weird:char": 2, "": "empty key" },
+    { émoji: "😀", "漢字": 1, A: 0, a: 0 }, // mixed-case + non-ascii keys (UTF-16 order)
+    {
+        record: { name: "Aïko", tags: ["x", "y"], n: 7, active: true, meta: null },
+    },
+];
+describe("canonicalize conformance — core vs legacy SDK jcsCanonicalize", () => {
+    for (const [i, value] of corpus.entries()) {
+        test(`corpus[${i}] is byte-identical`, () => {
+            assert.equal(canonicalize(value), jcsCanonicalize(value));
+        });
+    }
+});
+//# sourceMappingURL=canonical-conformance.test.js.map

package/dist/test/envelope-core-conformance.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=envelope-core-conformance.test.d.ts.map

package/dist/test/envelope-core-conformance.test.js ADDED Viewed

@@ -0,0 +1,75 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2026 Mathieu Colla
+/**
+ * Conformance for the envelope-signing refactor.
+ *
+ * `signOwnerEnvelope` now delegates to `@aithos/protocol-core`'s
+ * `signEnvelopeWith` (pluggable async signer) instead of carrying a private
+ * JCS + signing implementation. These tests assert the migrated path is
+ * correct and stable:
+ *
+ *   1. the produced envelope's `proof.proofValue` verifies against the signer's
+ *      public key over core's canonical signing bytes (i.e. the server will
+ *      accept it);
+ *   2. `params_hash` equals core's `envelopeParamsHash(params)`;
+ *   3. with a fixed clock + nonce the output is deterministic (snapshot), which
+ *      is what guarantees the wire format did not shift under the refactor.
+ *
+ * Note: this suite needs the SDK to resolve a build of `@aithos/protocol-core`
+ * that exposes `signEnvelopeWith` (>= 0.6.3). Run via `npm test`.
+ */
+import { describe, test } from "node:test";
+import { strict as assert } from "node:assert";
+import * as ed from "@noble/ed25519";
+import { sha512 } from "@noble/hashes/sha512";
+import { envelopeParamsHash, envelopeSigningBytes, } from "@aithos/protocol-core/envelope";
+import { signOwnerEnvelope } from "../src/internal/envelope.js";
+ed.etc.sha512Sync = (...m) => sha512(ed.etc.concatBytes(...m));
+const SEED = new Uint8Array(32).fill(11);
+const PUB = ed.getPublicKey(SEED);
+const NOW = new Date("2026-05-31T12:00:00.000Z");
+const NONCE = "01J0ENVELOPECONFORMANCE0000";
+const ISS = "did:aithos:z6MkEnvelopeConformance";
+const VM = `${ISS}#public`;
+const base = {
+    iss: ISS,
+    aud: "https://api.aithos.be/mcp/primitives/write",
+    method: "aithos.data.insert_record",
+    params: { b: 2, a: 1, nested: { y: [3, 1, 2], x: "z" } },
+    verificationMethod: VM,
+    signer: { sign: async (bytes) => ed.sign(bytes, SEED) },
+    ttlSeconds: 60,
+    now: NOW,
+    nonce: NONCE,
+};
+describe("signOwnerEnvelope — core delegation conformance", () => {
+    test("proofValue verifies against signing bytes (server will accept)", async () => {
+        const env = await signOwnerEnvelope({ ...base });
+        const sig = b64urlDecode(env.proof.proofValue);
+        assert.equal(ed.verify(sig, envelopeSigningBytes(env), PUB), true);
+    });
+    test("params_hash matches core.envelopeParamsHash", async () => {
+        const env = await signOwnerEnvelope({ ...base });
+        assert.equal(env.params_hash, envelopeParamsHash(base.params));
+    });
+    test("deterministic under fixed clock + nonce (wire-format snapshot)", async () => {
+        const a = await signOwnerEnvelope({ ...base });
+        const b = await signOwnerEnvelope({ ...base });
+        assert.equal(JSON.stringify(a), JSON.stringify(b));
+        assert.equal(a["aithos-envelope"], "0.1.0");
+        assert.equal(a.iat, 1780228800);
+        assert.equal(a.exp, 1780228860);
+        assert.equal(a.nonce, NONCE);
+        assert.equal(a.proof.verificationMethod, VM);
+    });
+});
+function b64urlDecode(s) {
+    const pad = s.length % 4 === 0 ? "" : "=".repeat(4 - (s.length % 4));
+    const b64 = s.replace(/-/g, "+").replace(/_/g, "/") + pad;
+    const bin = atob(b64);
+    const out = new Uint8Array(bin.length);
+    for (let i = 0; i < bin.length; i++)
+        out[i] = bin.charCodeAt(i);
+    return out;
+}
+//# sourceMappingURL=envelope-core-conformance.test.js.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@aithos/sdk",
-  "version": "0.1.0-alpha.47",
+  "version": "0.1.0-alpha.48",
   "description": "Aithos SDK — high-level TypeScript developer kit for building agentic apps on the Aithos protocol. Wraps @aithos/protocol-client and exposes the Aithos compute proxy and wallet (Stripe top-up) endpoints.",
   "keywords": [
     "aithos",
@@ -58,6 +58,7 @@
   "peerDependencies": {
     "@aithos/assets-crypto": ">=0.1.0-alpha.1 <0.2.0",
     "@aithos/protocol-client": "^0.1.0-alpha.14",
+    "@aithos/protocol-core": ">=0.6.3 <0.7.0",
     "react": "^18.0.0 || ^19.0.0"
   },
   "peerDependenciesMeta": {
@@ -71,6 +72,7 @@
   "devDependencies": {
     "@aithos/assets-crypto": "^0.1.0-alpha.1",
     "@aithos/protocol-client": "^0.1.0-alpha.14",
+    "@aithos/protocol-core": ">=0.6.3 <0.7.0",
     "@types/node": "^24.12.2",
     "fake-indexeddb": "^6.2.5",
     "typescript": "^5.9.2"