@cello-protocol/daemon 0.0.3 → 0.0.4

package/dist/seal-legibility-tbs.js

@@ -0,0 +1,78 @@
+/**
+ * CELLO-M7 — canonical hash of the seal-certificate legibility object, for binding it into
+ * the FROST-signed seal TBS (tamper-evidence). MUST stay byte-for-byte identical to the
+ * directory's copy (`trustless-cello/packages/directory/src/seal-legibility.ts`
+ * canonicalLegibilityHash) — the live bilateral seal SELF-CHECKS agreement: directory and
+ * daemon each fold this hash into the signed TBS, and the seal verifies only if they match.
+ *
+ * Design: an EXPLICIT, fixed byte layout (NOT canonical CBOR) so there is zero dependence on
+ * a CBOR library's determinism. Only the TAMPERABLE facts are bound — the per-party frontiers
+ * + attestation_mode and the final_message. The constants (attests / implies_assent /
+ * disclaimer) are NOT bound: the daemon re-asserts attests/implies_assent as literals on the
+ * read surface, so they cannot be meaningfully tampered; the disclaimer is informational.
+ *
+ * Hash = SHA-256( domain || u32(participantCount) ||
+ *   for each participant (in array order): pubkey[32] || u32(content_frontier_seq) ||
+ *     u32(last_authored_seq) || modeByte ||
+ *   final_message.sender_pubkey[32] || u32(seq) || answeredByte )
+ *
+ * Participants are hashed in array order, so a MITM that REORDERS the participants array also
+ * changes the hash → the seal signature fails. Crypto ref: SHA-256 FIPS 180-4.
+ */
+import { createHash } from "node:crypto";
+const DOMAIN = Buffer.from("CELLO-SEAL-LEGIBILITY-v1", "utf8");
+/** Coerce any byte-ish value to a 32-byte Buffer (zero-padded/truncated). Both sides do this. */
+function pubkey32(v) {
+    const out = Buffer.alloc(32);
+    if (v instanceof Uint8Array)
+        Buffer.from(v).copy(out, 0, 0, 32);
+    else if (Buffer.isBuffer(v))
+        v.copy(out, 0, 0, 32);
+    else if (typeof v === "string" && /^[0-9a-fA-F]{64}$/.test(v))
+        Buffer.from(v, "hex").copy(out, 0, 0, 32);
+    return out;
+}
+/** Coerce to uint32 the SAME way on both sides (handles bigint/number; >>>0 normalises). */
+function u32(v) {
+    const n = typeof v === "bigint" ? Number(v) : typeof v === "number" ? v : 0;
+    const out = Buffer.alloc(4);
+    out.writeUInt32BE((n >>> 0), 0);
+    return out;
+}
+function modeByte(v) {
+    const b = v === "live" ? 1 : v === "recovered" ? 2 : v === "absent" ? 3 : 0;
+    return Buffer.from([b]);
+}
+export function canonicalLegibilityBytes(legibility) {
+    const parts = [DOMAIN];
+    const participants = Array.isArray(legibility.participants) ? legibility.participants : [];
+    const count = Buffer.alloc(4);
+    count.writeUInt32BE(participants.length >>> 0, 0);
+    parts.push(count);
+    for (const p of participants) {
+        parts.push(pubkey32(p.pubkey), u32(p.content_frontier_seq), u32(p.last_authored_seq), modeByte(p.attestation_mode));
+    }
+    const fm = legibility.final_message ?? { sender_pubkey: undefined, seq: 0, answered: false };
+    parts.push(pubkey32(fm.sender_pubkey), u32(fm.seq), Buffer.from([fm.answered === true ? 1 : 0]));
+    return Buffer.concat(parts);
+}
+/** SHA-256 of the canonical legibility bytes (32 bytes). */
+export function canonicalLegibilityHash(legibility) {
+    return new Uint8Array(createHash("sha256").update(canonicalLegibilityBytes(legibility)).digest());
+}
+/**
+ * Build the seal TBS bytes WITH the legibility binding: the plain seal TBS concatenated with
+ * the 32-byte legibility hash. When `legibility` is absent (the unilateral seal carries none),
+ * returns the plain TBS unchanged — so the unilateral path keeps signing/verifying the plain TBS
+ * and only the bilateral path (which always carries legibility) is bound.
+ */
+export function bindLegibilityToTbs(tbs, legibility) {
+    if (!legibility)
+        return tbs;
+    const h = canonicalLegibilityHash(legibility);
+    const out = new Uint8Array(tbs.length + h.length);
+    out.set(tbs, 0);
+    out.set(h, tbs.length);
+    return out;
+}
+//# sourceMappingURL=seal-legibility-tbs.js.map

package/dist/seal-legibility-tbs.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"seal-legibility-tbs.js","sourceRoot":"","sources":["../src/seal-legibility-tbs.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAiBzC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,MAAM,CAAC,CAAC;AAE/D,iGAAiG;AACjG,SAAS,QAAQ,CAAC,CAAU;IAC1B,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC7B,IAAI,CAAC,YAAY,UAAU;QAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;SAC3D,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAG,CAAY,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;SAC1D,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,mBAAmB,CAAC,IAAI,CAAC,CAAC,CAAC;QAAE,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;IACzG,OAAO,GAAG,CAAC;AACb,CAAC;AAED,4FAA4F;AAC5F,SAAS,GAAG,CAAC,CAAU;IACrB,MAAM,CAAC,GAAG,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5B,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAChC,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,QAAQ,CAAC,CAAU;IAC1B,MAAM,CAAC,GAAG,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC5E,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,wBAAwB,CAAC,UAA6B;IACpE,MAAM,KAAK,GAAa,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;IAC3F,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC9B,KAAK,CAAC,aAAa,CAAC,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;IAClD,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,YAAY,EAAE,CAAC;QAC7B,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,oBAAoB,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,iBAAiB,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACtH,CAAC;IACD,MAAM,EAAE,GAAG,UAAU,CAAC,aAAa,IAAI,EAAE,aAAa,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC7F,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,aAAa,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,QAAQ,KAAK,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACjG,OAAO,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC9B,CAAC;AAED,4DAA4D;AAC5D,MAAM,UAAU,uBAAuB,CAAC,UAA6B;IACnE,OAAO,IAAI,UAAU,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,wBAAwB,CAAC,UAAU,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACpG,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,GAAe,EAAE,UAAgD;IACnG,IAAI,CAAC,UAAU;QAAE,OAAO,GAAG,CAAC;IAC5B,MAAM,CAAC,GAAG,uBAAuB,CAAC,UAAU,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC;IAClD,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAChB,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC;IACvB,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/seal-upgrade.d.ts

@@ -0,0 +1,90 @@
+import type { KeyProvider } from "@cello-protocol/crypto";
+import type { Logger } from "./types.js";
+/**
+ * Domain separator for the upgrade-ack TBS. B's daemon and the directory MUST build byte-identical
+ * bytes — same domain string, same cbor-x encoder options (tagUint8Array:false). Verified identical
+ * across both repos (cbor-x 1.6.4). Domain separation prevents replay as any other CELLO signature.
+ */
+export declare const SEAL_UPGRADE_ACK_DOMAIN = "cello-seal-upgrade-ack-v1";
+/** The exact upgrade-ack TBS B signs / the directory + present party verify. */
+export declare function buildSealUpgradeAckTbs(sessionId: Uint8Array, sealedRoot: Uint8Array): Uint8Array;
+/** Verifiability of a session for B to ratify a unilateral seal — the SAME bar as the UP-2 auto-ack. */
+export interface SealUpgradeReadiness {
+    known: boolean;
+    tampered: boolean;
+}
+/**
+ * THE KERNEL DECISION. B may sign its ratification ONLY when it genuinely possesses + integrity-
+ * verified the content behind R1. Pure + exhaustively unit-tested: a session B has no record of
+ * (content_unrecoverable, AC-002) or whose content cross-check flagged tamper (content_tamper,
+ * AC-003) is REFUSED. Verified-but-disliked content is NOT a refusal (disagreement ≠ unverifiable).
+ */
+export declare function evaluateSealUpgrade(readiness: SealUpgradeReadiness): {
+    proceed: true;
+} | {
+    proceed: false;
+    refuseReason: "content_unrecoverable" | "content_tamper";
+};
+export interface AttemptSealUpgradeDeps {
+    logger: Logger;
+    agentName: string;
+    agentPubkeyHex: string;
+    /** B's session verifiability for this session (SessionNodeManager.getSealUpgradeReadiness). */
+    getReadiness: (agentName: string, sessionIdHex: string) => SealUpgradeReadiness;
+    /**
+     * M1: the number of content leaves B holds for this session (SessionNodeManager.getSessionTree
+     * (...).size()). R1 has leaf_count leaves = content leaves + A's single SEAL ctrl leaf, so B's
+     * content tree must hold at least leaf_count-1 leaves or B is missing content it would over-attest.
+     */
+    getContentLeafCount: (agentName: string, sessionIdHex: string) => number;
+    /** Recover parked content so B holds everything behind R1 before the gate (autoRecoverForAgent). */
+    recoverContent: (agentName: string) => Promise<void>;
+    /** B's K_local signer for this agent (keyProviders.get). */
+    getKeyProvider: (agentName: string) => KeyProvider | undefined;
+    /** Send a signaling frame to the directory (signaling.sendRaw). */
+    sendRaw: (frame: Record<string, unknown>) => Promise<{
+        ok: boolean;
+    }>;
+}
+/**
+ * THE KERNEL, wired. Recover content → consult the gate → REFUSE (no signature, no request) on
+ * content_unrecoverable / content_tamper → else sign the ack over R1 with B's OWN K_local and send
+ * seal_upgrade_request. Returns whether a request was sent (and the refuse reason if not) so a unit
+ * test asserts the gate is genuinely consulted, not bypassed. Never throws.
+ */
+export declare function attemptSealUpgrade(deps: AttemptSealUpgradeDeps, sessionIdHex: string, frame: Record<string, unknown>): Promise<{
+    sent: boolean;
+    reason?: string;
+}>;
+export interface VerifyUpgradeConfirmedDeps {
+    logger: Logger;
+    agentName: string;
+    agentPubkeyHex: string;
+    celloDir: string;
+    /**
+     * H1: the counterparty pubkey (hex) of the LOCAL session record for sessionIdHex, or null if this
+     * agent has no such session. Binds the cert's present/returning pubkeys to the REAL participants so
+     * a malicious directory cannot sign the ack with a throwaway key and force a state transition on a
+     * session we are in (or push a confirmed frame for a session we never had).
+     */
+    getCounterpartyHex: (agentName: string, sessionIdHex: string) => string | null;
+}
+/**
+ * AC-008 dual-attestation verify, extracted. NEVER trust the directory's "bilateral" claim.
+ *
+ *  - ALWAYS verify the RETURNING attestation (B's ack) over R1 — proves B genuinely ratified, catches
+ *    a directory that fabricated or swapped B's signature. The load-bearing check (anyone can do it).
+ *  - If THIS agent is the PRESENT party (A, holds its primary key), ALSO verify the present attestation
+ *    over the rebuilt seal TBS (leaf_count-bound). The responder (B) cannot (no initiator key).
+ *
+ * Returns { ok:false, reason } on any malformed/forged cert — the caller must NOT mark the session
+ * bilateral in that case. Returns the party so the caller can log accurately.
+ */
+export declare function verifyUpgradeConfirmedCert(deps: VerifyUpgradeConfirmedDeps, sessionIdHex: string, frame: Record<string, unknown>): Promise<{
+    ok: true;
+    party: "present" | "returning";
+} | {
+    ok: false;
+    reason: string;
+}>;
+//# sourceMappingURL=seal-upgrade.d.ts.map

package/dist/seal-upgrade.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"seal-upgrade.d.ts","sourceRoot":"","sources":["../src/seal-upgrade.ts"],"names":[],"mappings":"AAaA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAC;AAC1D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AAGzC;;;;GAIG;AACH,eAAO,MAAM,uBAAuB,8BAA8B,CAAC;AAGnE,gFAAgF;AAChF,wBAAgB,sBAAsB,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,UAAU,GAAG,UAAU,CAEhG;AAMD,wGAAwG;AACxG,MAAM,WAAW,oBAAoB;IAAG,KAAK,EAAE,OAAO,CAAC;IAAC,QAAQ,EAAE,OAAO,CAAA;CAAE;AAE3E;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,SAAS,EAAE,oBAAoB,GAC9B;IAAE,OAAO,EAAE,IAAI,CAAA;CAAE,GAAG;IAAE,OAAO,EAAE,KAAK,CAAC;IAAC,YAAY,EAAE,uBAAuB,GAAG,gBAAgB,CAAA;CAAE,CAIlG;AAED,MAAM,WAAW,sBAAsB;IACrC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,+FAA+F;IAC/F,YAAY,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,KAAK,oBAAoB,CAAC;IAChF;;;;OAIG;IACH,mBAAmB,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,KAAK,MAAM,CAAC;IACzE,oGAAoG;IACpG,cAAc,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACrD,4DAA4D;IAC5D,cAAc,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,WAAW,GAAG,SAAS,CAAC;IAC/D,mEAAmE;IACnE,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC;QAAE,EAAE,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CACvE;AAED;;;;;GAKG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,sBAAsB,EAC5B,YAAY,EAAE,MAAM,EACpB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,OAAO,CAAC;IAAE,IAAI,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAqE7C;AAED,MAAM,WAAW,0BAA0B;IACzC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;IACvB,QAAQ,EAAE,MAAM,CAAC;IACjB;;;;;OAKG;IACH,kBAAkB,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,KAAK,MAAM,GAAG,IAAI,CAAC;CAChF;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,0BAA0B,CAC9C,IAAI,EAAE,0BAA0B,EAChC,YAAY,EAAE,MAAM,EACpB,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC7B,OAAO,CAAC;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,SAAS,GAAG,WAAW,CAAA;CAAE,GAAG;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC,CA0DvF"}

package/dist/seal-upgrade.js

@@ -0,0 +1,178 @@
+/**
+ * CELLO-M7-UPGRADE-001 (DOD-UP-1) — the returning-absent-party seal upgrade, extracted from the
+ * daemon so the KERNEL (content-possession gate) and the AC-008 dual-attestation verify run under
+ * adversarial unit tests with the REAL bodies (not just the happy path).
+ *
+ * Model 2: when the previously-ABSENT party B returns, it RATIFIES the existing unilateral sealed
+ * root R1 (does NOT re-seal a new root). B signs an ack over CBOR([SEAL_UPGRADE_ACK_DOMAIN,
+ * session_id, sealed_root]) with its K_local. The directory verifies it and writes a SUPERSEDING
+ * bilateral notarization. Both parties verify the dual-attestation cert before accepting bilateral.
+ */
+import { join } from "node:path";
+import { Encoder } from "cbor-x";
+import { verify as ed25519Verify } from "@cello-protocol/crypto";
+import { verifyUnilateralCertificate } from "./session-ceremony.js";
+/**
+ * Domain separator for the upgrade-ack TBS. B's daemon and the directory MUST build byte-identical
+ * bytes — same domain string, same cbor-x encoder options (tagUint8Array:false). Verified identical
+ * across both repos (cbor-x 1.6.4). Domain separation prevents replay as any other CELLO signature.
+ */
+export const SEAL_UPGRADE_ACK_DOMAIN = "cello-seal-upgrade-ack-v1";
+const UPGRADE_CBOR_ENC = new Encoder({ tagUint8Array: false });
+/** The exact upgrade-ack TBS B signs / the directory + present party verify. */
+export function buildSealUpgradeAckTbs(sessionId, sealedRoot) {
+    return UPGRADE_CBOR_ENC.encode([SEAL_UPGRADE_ACK_DOMAIN, sessionId, sealedRoot]);
+}
+function toU8(v) {
+    return v instanceof Uint8Array ? v : Buffer.isBuffer(v) ? new Uint8Array(v) : null;
+}
+/**
+ * THE KERNEL DECISION. B may sign its ratification ONLY when it genuinely possesses + integrity-
+ * verified the content behind R1. Pure + exhaustively unit-tested: a session B has no record of
+ * (content_unrecoverable, AC-002) or whose content cross-check flagged tamper (content_tamper,
+ * AC-003) is REFUSED. Verified-but-disliked content is NOT a refusal (disagreement ≠ unverifiable).
+ */
+export function evaluateSealUpgrade(readiness) {
+    if (!readiness.known)
+        return { proceed: false, refuseReason: "content_unrecoverable" };
+    if (readiness.tampered)
+        return { proceed: false, refuseReason: "content_tamper" };
+    return { proceed: true };
+}
+/**
+ * THE KERNEL, wired. Recover content → consult the gate → REFUSE (no signature, no request) on
+ * content_unrecoverable / content_tamper → else sign the ack over R1 with B's OWN K_local and send
+ * seal_upgrade_request. Returns whether a request was sent (and the refuse reason if not) so a unit
+ * test asserts the gate is genuinely consulted, not bypassed. Never throws.
+ */
+export async function attemptSealUpgrade(deps, sessionIdHex, frame) {
+    try {
+        const sessionId = toU8(frame["session_id"]);
+        const sealedRoot = toU8(frame["sealed_root"]);
+        const leafCount = typeof frame["leaf_count"] === "number" ? frame["leaf_count"] : null;
+        if (!sessionId || !sealedRoot || leafCount === null) {
+            deps.logger.warn("session.seal.upgrade.refused", { sessionId: sessionIdHex, reason: "malformed_notification" });
+            return { sent: false, reason: "malformed_notification" };
+        }
+        // B (responder) CANNOT channel-independently verify the unilateral cert's signature — that is the
+        // INITIATOR's group key, which B does not hold. B accepts R1 on the AUTHENTICATED daemon↔directory
+        // Noise channel (as the responder accepts session_sealed). Its real protection is the gate below;
+        // a wrong R1 yields a B-ack that doesn't match A's real seal → no coherent bilateral forms.
+        // Recover any parked content so B holds everything behind R1, THEN gate.
+        await deps.recoverContent(deps.agentName).catch(() => { });
+        const decision = evaluateSealUpgrade(deps.getReadiness(deps.agentName, sessionIdHex));
+        if (!decision.proceed) {
+            // KERNEL refusal. content_tamper is a SECURITY event (ERROR); content_unrecoverable is WARN.
+            const level = decision.refuseReason === "content_tamper" ? "error" : "warn";
+            deps.logger[level]("session.seal.upgrade.refused", { sessionId: sessionIdHex, reason: decision.refuseReason });
+            return { sent: false, reason: decision.refuseReason };
+        }
+        // M1 (KERNEL completeness): B must hold the FULL content behind R1, not merely a tamper-free
+        // subset. R1 = root over [content leaves..., A's SEAL ctrl leaf], so leaf_count counts the content
+        // leaves + 1; B's content tree must hold ≥ leaf_count-1. Refuse if B recovered an INCOMPLETE
+        // transcript — never over-attest to content B did not fully receive. (Exact root-reproduction is
+        // the deferred MSG-001-3b canonical-sequence reconciliation; this count gate is the interim bar.)
+        const contentLeaves = deps.getContentLeafCount(deps.agentName, sessionIdHex);
+        if (contentLeaves < leafCount - 1) {
+            deps.logger.warn("session.seal.upgrade.refused", {
+                sessionId: sessionIdHex, reason: "content_incomplete", have: contentLeaves, need: leafCount - 1,
+            });
+            return { sent: false, reason: "content_incomplete" };
+        }
+        // KERNEL passed — sign the ack over R1 with B's OWN K_local and request the upgrade.
+        const keyProvider = deps.getKeyProvider(deps.agentName);
+        if (!keyProvider) {
+            deps.logger.warn("session.seal.upgrade.refused", { sessionId: sessionIdHex, reason: "no_key_provider" });
+            return { sent: false, reason: "no_key_provider" };
+        }
+        const ackTbs = buildSealUpgradeAckTbs(sessionId, sealedRoot);
+        const ackSig = new Uint8Array(await keyProvider.sign(ackTbs));
+        const returningPubkey = new Uint8Array(Buffer.from(deps.agentPubkeyHex, "hex"));
+        const sent = await deps.sendRaw({
+            type: "seal_upgrade_request",
+            session_id: sessionId,
+            returning_pubkey: returningPubkey,
+            ack_signature: ackSig,
+            // forwarded (from the notification cert) so the directory relays it → the present party rebuilds
+            // the seal TBS and verifies its own attestation (AC-008).
+            leaf_count: leafCount,
+        });
+        if (!sent.ok) {
+            deps.logger.warn("session.seal.upgrade.refused", { sessionId: sessionIdHex, reason: "request_send_failed" });
+            return { sent: false, reason: "request_send_failed" };
+        }
+        deps.logger.info("session.seal.upgrade.requested", { sessionId: sessionIdHex, agentName: deps.agentName });
+        return { sent: true };
+    }
+    catch (err) {
+        deps.logger.warn("session.seal.upgrade.refused", {
+            sessionId: sessionIdHex,
+            reason: err instanceof Error ? err.message : String(err),
+        });
+        return { sent: false, reason: "exception" };
+    }
+}
+/**
+ * AC-008 dual-attestation verify, extracted. NEVER trust the directory's "bilateral" claim.
+ *
+ *  - ALWAYS verify the RETURNING attestation (B's ack) over R1 — proves B genuinely ratified, catches
+ *    a directory that fabricated or swapped B's signature. The load-bearing check (anyone can do it).
+ *  - If THIS agent is the PRESENT party (A, holds its primary key), ALSO verify the present attestation
+ *    over the rebuilt seal TBS (leaf_count-bound). The responder (B) cannot (no initiator key).
+ *
+ * Returns { ok:false, reason } on any malformed/forged cert — the caller must NOT mark the session
+ * bilateral in that case. Returns the party so the caller can log accurately.
+ */
+export async function verifyUpgradeConfirmedCert(deps, sessionIdHex, frame) {
+    const sessionId = toU8(frame["session_id"]);
+    const sealedRoot = toU8(frame["sealed_root"]);
+    const leafCount = typeof frame["leaf_count"] === "number" ? frame["leaf_count"] : null;
+    const tsRaw = frame["close_timestamp"];
+    const closeTs = typeof tsRaw === "number" ? tsRaw : typeof tsRaw === "bigint" ? Number(tsRaw) : null;
+    const presentPubkey = toU8(frame["present_pubkey"]);
+    const presentSig = toU8(frame["present_signature"]);
+    const presentSigType = frame["present_signature_type"];
+    const returningPubkey = toU8(frame["returning_pubkey"]);
+    const returningSig = toU8(frame["returning_signature"]);
+    if (!sessionId || !sealedRoot || leafCount === null || closeTs === null || !presentPubkey ||
+        !presentSig || !returningPubkey || !returningSig ||
+        (presentSigType !== "frost" && presentSigType !== "single")) {
+        deps.logger.warn("session.seal.upgrade.cert.invalid", { sessionId: sessionIdHex, reason: "malformed_confirmed" });
+        return { ok: false, reason: "malformed_confirmed" };
+    }
+    // H1: bind the cert's present/returning pubkeys to the REAL participants of OUR session record.
+    // The pair {present, returning} must equal {self, our counterparty}; otherwise a single untrusted
+    // directory could sign the ack with an attacker-chosen key and drive a B-side state transition, or
+    // push a confirmed frame for a session we never had. We must hold the session locally to accept.
+    const presentHex = Buffer.from(presentPubkey).toString("hex");
+    const returningHex = Buffer.from(returningPubkey).toString("hex");
+    const selfHex = deps.agentPubkeyHex;
+    const counterpartyHex = deps.getCounterpartyHex(deps.agentName, sessionIdHex);
+    if (!counterpartyHex) {
+        deps.logger.warn("session.seal.upgrade.cert.invalid", { sessionId: sessionIdHex, reason: "unknown_session" });
+        return { ok: false, reason: "unknown_session" };
+    }
+    const expected = new Set([selfHex, counterpartyHex]);
+    if (presentHex === returningHex || !expected.has(presentHex) || !expected.has(returningHex)) {
+        deps.logger.warn("session.seal.upgrade.cert.invalid", { sessionId: sessionIdHex, reason: "participant_mismatch" });
+        return { ok: false, reason: "participant_mismatch" };
+    }
+    // 1. Returning attestation (the returning party's ack) over R1 — the AC-008 kernel. returningPubkey
+    //    is now proven to be a real participant of this session (self or counterparty), not attacker-chosen.
+    const ackTbs = buildSealUpgradeAckTbs(sessionId, sealedRoot);
+    if (!ed25519Verify(returningPubkey, ackTbs, returningSig)) {
+        deps.logger.warn("session.seal.upgrade.cert.invalid", { sessionId: sessionIdHex, reason: "returning_signature_invalid" });
+        return { ok: false, reason: "returning_signature_invalid" };
+    }
+    // 2. Present attestation (A's seal sig) — only the present party holds the key to verify it.
+    const isPresent = selfHex === presentHex;
+    if (isPresent) {
+        const presentResult = await verifyUnilateralCertificate({ agentDir: join(deps.celloDir, "agents", deps.agentName), agentPubkeyHex: deps.agentPubkeyHex, logger: deps.logger }, { sessionId, sealedRoot, leafCount, closeTimestamp: closeTs, frostSignature: presentSig, signatureType: presentSigType });
+        if (!presentResult.ok) {
+            deps.logger.warn("session.seal.upgrade.cert.invalid", { sessionId: sessionIdHex, reason: `present_signature_invalid:${presentResult.reason}` });
+            return { ok: false, reason: `present_signature_invalid:${presentResult.reason}` };
+        }
+    }
+    return { ok: true, party: isPresent ? "present" : "returning" };
+}
+//# sourceMappingURL=seal-upgrade.js.map

package/dist/seal-upgrade.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"seal-upgrade.js","sourceRoot":"","sources":["../src/seal-upgrade.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC;AACjC,OAAO,EAAE,MAAM,IAAI,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAGjE,OAAO,EAAE,2BAA2B,EAAE,MAAM,uBAAuB,CAAC;AAEpE;;;;GAIG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG,2BAA2B,CAAC;AACnE,MAAM,gBAAgB,GAAG,IAAI,OAAO,CAAC,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAC;AAE/D,gFAAgF;AAChF,MAAM,UAAU,sBAAsB,CAAC,SAAqB,EAAE,UAAsB;IAClF,OAAO,gBAAgB,CAAC,MAAM,CAAC,CAAC,uBAAuB,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC;AACnF,CAAC;AAED,SAAS,IAAI,CAAC,CAAU;IACtB,OAAO,CAAC,YAAY,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAW,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC/F,CAAC;AAKD;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,SAA+B;IAE/B,IAAI,CAAC,SAAS,CAAC,KAAK;QAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,uBAAuB,EAAE,CAAC;IACvF,IAAI,SAAS,CAAC,QAAQ;QAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,gBAAgB,EAAE,CAAC;IAClF,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAsBD;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,IAA4B,EAC5B,YAAoB,EACpB,KAA8B;IAE9B,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;QAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC;QAC9C,MAAM,SAAS,GAAG,OAAO,KAAK,CAAC,YAAY,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACvF,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;YACpD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC,CAAC;YAChH,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,EAAE,CAAC;QAC3D,CAAC;QAED,kGAAkG;QAClG,mGAAmG;QACnG,kGAAkG;QAClG,4FAA4F;QAE5F,yEAAyE;QACzE,MAAM,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAwC,CAAC,CAAC,CAAC;QAChG,MAAM,QAAQ,GAAG,mBAAmB,CAAC,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC,CAAC;QACtF,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;YACtB,6FAA6F;YAC7F,MAAM,KAAK,GAAG,QAAQ,CAAC,YAAY,KAAK,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;YAC5E,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,8BAA8B,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC;YAC/G,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,YAAY,EAAE,CAAC;QACxD,CAAC;QAED,6FAA6F;QAC7F,mGAAmG;QACnG,6FAA6F;QAC7F,iGAAiG;QACjG,kGAAkG;QAClG,MAAM,aAAa,GAAG,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;QAC7E,IAAI,aAAa,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC;YAClC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE;gBAC/C,SAAS,EAAE,YAAY,EAAE,MAAM,EAAE,oBAAoB,EAAE,IAAI,EAAE,aAAa,EAAE,IAAI,EAAE,SAAS,GAAG,CAAC;aAChG,CAAC,CAAC;YACH,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC;QACvD,CAAC;QAED,qFAAqF;QACrF,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACxD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC,CAAC;YACzG,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;QACpD,CAAC;QACD,MAAM,MAAM,GAAG,sBAAsB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QAC7D,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,MAAM,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9D,MAAM,eAAe,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC,CAAC;QAChF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;YAC9B,IAAI,EAAE,sBAAsB;YAC5B,UAAU,EAAE,SAAS;YACrB,gBAAgB,EAAE,eAAe;YACjC,aAAa,EAAE,MAAM;YACrB,iGAAiG;YACjG,0DAA0D;YAC1D,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC,CAAC;YAC7G,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;QACxD,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;QAC3G,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACxB,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,EAAE;YAC/C,SAAS,EAAE,YAAY;YACvB,MAAM,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;SACzD,CAAC,CAAC;QACH,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IAC9C,CAAC;AACH,CAAC;AAgBD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC9C,IAAgC,EAChC,YAAoB,EACpB,KAA8B;IAE9B,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;IAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC;IAC9C,MAAM,SAAS,GAAG,OAAO,KAAK,CAAC,YAAY,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACvF,MAAM,KAAK,GAAG,KAAK,CAAC,iBAAiB,CAAC,CAAC;IACvC,MAAM,OAAO,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACrG,MAAM,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC;IACpD,MAAM,cAAc,GAAG,KAAK,CAAC,wBAAwB,CAAC,CAAC;IACvD,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACxD,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;IACxD,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,IAAI,SAAS,KAAK,IAAI,IAAI,OAAO,KAAK,IAAI,IAAI,CAAC,aAAa;QACrF,CAAC,UAAU,IAAI,CAAC,eAAe,IAAI,CAAC,YAAY;QAChD,CAAC,cAAc,KAAK,OAAO,IAAI,cAAc,KAAK,QAAQ,CAAC,EAAE,CAAC;QAChE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC,CAAC;QAClH,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IACtD,CAAC;IAED,gGAAgG;IAChG,kGAAkG;IAClG,mGAAmG;IACnG,iGAAiG;IACjG,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC9D,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAClE,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC;IACpC,MAAM,eAAe,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;IAC9E,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAC9G,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IAClD,CAAC;IACD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC,CAAC;IACrD,IAAI,UAAU,KAAK,YAAY,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;QAC5F,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC,CAAC;QACnH,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IACvD,CAAC;IAED,oGAAoG;IACpG,yGAAyG;IACzG,MAAM,MAAM,GAAG,sBAAsB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IAC7D,IAAI,CAAC,aAAa,CAAC,eAAe,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,CAAC;QAC1D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC,CAAC;QAC1H,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,EAAE,CAAC;IAC9D,CAAC;IAED,6FAA6F;IAC7F,MAAM,SAAS,GAAG,OAAO,KAAK,UAAU,CAAC;IACzC,IAAI,SAAS,EAAE,CAAC;QACd,MAAM,aAAa,GAAG,MAAM,2BAA2B,CACrD,EAAE,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,cAAc,EAAE,IAAI,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,EACrH,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,cAAc,EAAE,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,CACzH,CAAC;QACF,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;YACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mCAAmC,EAAE,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,EAAE,6BAA6B,aAAa,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;YAChJ,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,6BAA6B,aAAa,CAAC,MAAM,EAAE,EAAE,CAAC;QACpF,CAAC;IACH,CAAC;IAED,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;AAClE,CAAC"}

package/dist/session-assignment-parser.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Session assignment parsing — ported onto the daemon (DOD-SPINE-5).
+ *
+ * Decodes a raw CBOR-decoded `assignment` object (from a directory
+ * `session_assignment` frame) into a typed SessionAssignment. Shape-validates only;
+ * the FROST/single signature is verified downstream by the transport/session layer
+ * against the directory's pinned key. This is a faithful port of
+ * core/client/src/session-assignment-parser.ts — the daemon must NOT import the dead
+ * core/client stack, so the proven logic lives here.
+ */
+import type { SessionAssignment } from "@cello-protocol/protocol-types";
+/**
+ * Decode a raw CBOR-decoded object (frame["assignment"]) into a typed SessionAssignment.
+ * Returns null if any required field is missing or malformed.
+ */
+export declare function parseSessionAssignment(raw: Record<string, unknown>): SessionAssignment | null;
+/**
+ * Map a raw `session_request_error` frame's reason to a stable negotiator reason code.
+ * Distinct cause → distinct code (M7 error discipline); unknown → directory_unreachable.
+ */
+export declare function sessionRequestErrorReason(frame: Record<string, unknown>): string;
+//# sourceMappingURL=session-assignment-parser.d.ts.map

package/dist/session-assignment-parser.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-assignment-parser.d.ts","sourceRoot":"","sources":["../src/session-assignment-parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,gCAAgC,CAAC;AAoCxE;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,iBAAiB,GAAG,IAAI,CA8D7F;AAED;;;GAGG;AACH,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAiBhF"}

package/dist/session-assignment-parser.js

@@ -0,0 +1,139 @@
+/**
+ * Session assignment parsing — ported onto the daemon (DOD-SPINE-5).
+ *
+ * Decodes a raw CBOR-decoded `assignment` object (from a directory
+ * `session_assignment` frame) into a typed SessionAssignment. Shape-validates only;
+ * the FROST/single signature is verified downstream by the transport/session layer
+ * against the directory's pinned key. This is a faithful port of
+ * core/client/src/session-assignment-parser.ts — the daemon must NOT import the dead
+ * core/client stack, so the proven logic lives here.
+ */
+function toU8Safe(v) {
+    if (v instanceof Uint8Array)
+        return v;
+    if (Buffer.isBuffer(v))
+        return new Uint8Array(v);
+    return null;
+}
+function parseStringArray(v) {
+    if (!Array.isArray(v))
+        return null;
+    if (!v.every((x) => typeof x === "string"))
+        return null;
+    return v;
+}
+function parseParticipantInfo(raw) {
+    if (typeof raw !== "object" || raw === null)
+        return null;
+    const r = raw;
+    const pubkey = toU8Safe(r["pubkey"]);
+    if (!pubkey || pubkey.length !== 32)
+        return null;
+    const peerId = typeof r["peer_id"] === "string" ? r["peer_id"] : null;
+    if (!peerId)
+        return null;
+    const multiaddrs = parseStringArray(r["multiaddrs"]);
+    if (!multiaddrs)
+        return null;
+    return { pubkey, peer_id: peerId, multiaddrs };
+}
+function parseEndpointInfo(raw) {
+    if (typeof raw !== "object" || raw === null)
+        return null;
+    const r = raw;
+    const peerId = typeof r["peer_id"] === "string" ? r["peer_id"] : null;
+    if (!peerId)
+        return null;
+    const multiaddrs = parseStringArray(r["multiaddrs"]);
+    if (!multiaddrs)
+        return null;
+    return { peer_id: peerId, multiaddrs };
+}
+/**
+ * Decode a raw CBOR-decoded object (frame["assignment"]) into a typed SessionAssignment.
+ * Returns null if any required field is missing or malformed.
+ */
+export function parseSessionAssignment(raw) {
+    const sessionId = toU8Safe(raw["session_id"]);
+    if (!sessionId || sessionId.length !== 16)
+        return null;
+    const dirPubkey = toU8Safe(raw["directory_pubkey"]);
+    if (!dirPubkey || dirPubkey.length !== 32)
+        return null;
+    const dirSig = toU8Safe(raw["directory_signature"]);
+    if (!dirSig || dirSig.length !== 64)
+        return null;
+    const tsRaw = raw["session_timestamp"];
+    const sessionTimestamp = typeof tsRaw === "number" ? tsRaw : typeof tsRaw === "bigint" ? Number(tsRaw) : null;
+    if (sessionTimestamp === null)
+        return null;
+    const participantA = parseParticipantInfo(raw["participant_a"]);
+    if (!participantA)
+        return null;
+    const participantB = parseParticipantInfo(raw["participant_b"]);
+    if (!participantB)
+        return null;
+    const relayEndpoint = parseEndpointInfo(raw["relay_endpoint"]);
+    if (!relayEndpoint)
+        return null;
+    const directoryEndpoint = parseEndpointInfo(raw["directory_endpoint"]);
+    if (!directoryEndpoint)
+        return null;
+    const sigType = typeof raw["signature_type"] === "string" ? raw["signature_type"] : "single";
+    // M7 WIRE-001: session peer IDs + transport mode (undefined when absent, pre-M7 compat).
+    const initiatorSessionPeerId = typeof raw["initiator_session_peer_id"] === "string" && raw["initiator_session_peer_id"] !== ""
+        ? raw["initiator_session_peer_id"]
+        : undefined;
+    const initiatorSessionAddrs = parseStringArray(raw["initiator_session_addrs"]) ?? undefined;
+    const counterpartySessionPeerId = typeof raw["counterparty_session_peer_id"] === "string" && raw["counterparty_session_peer_id"] !== ""
+        ? raw["counterparty_session_peer_id"]
+        : undefined;
+    const counterpartySessionAddrs = parseStringArray(raw["counterparty_session_addrs"]) ?? undefined;
+    const transportModeRaw = raw["transport_mode"];
+    const transportMode = transportModeRaw === "direct" ? "direct" : transportModeRaw === "relay" ? "relay" : undefined;
+    const common = {
+        session_id: sessionId,
+        participant_a: participantA,
+        participant_b: participantB,
+        relay_endpoint: relayEndpoint,
+        directory_endpoint: directoryEndpoint,
+        session_timestamp: sessionTimestamp,
+        directory_pubkey: dirPubkey,
+        directory_signature: dirSig,
+        initiator_session_peer_id: initiatorSessionPeerId,
+        initiator_session_addrs: initiatorSessionAddrs,
+        counterparty_session_peer_id: counterpartySessionPeerId,
+        counterparty_session_addrs: counterpartySessionAddrs,
+        transport_mode: transportMode,
+    };
+    if (sigType === "frost") {
+        const signerPubkey = toU8Safe(raw["signer_pubkey"]);
+        if (!signerPubkey || signerPubkey.length !== 32)
+            return null;
+        return { ...common, signature_type: "frost", signer_pubkey: signerPubkey };
+    }
+    return { ...common, signature_type: "single" };
+}
+/**
+ * Map a raw `session_request_error` frame's reason to a stable negotiator reason code.
+ * Distinct cause → distinct code (M7 error discipline); unknown → directory_unreachable.
+ */
+export function sessionRequestErrorReason(frame) {
+    const reason = frame["reason"];
+    const known = new Set([
+        "target_offline",
+        "relay_unavailable",
+        "frost_signer_not_configured",
+        "directory_below_threshold",
+        "ceremony_timeout",
+        "ceremony_exhausted",
+        "ceremony_conflict",
+        "not_registered",
+        "peer_not_registered",
+        "no_connection",
+        "connection_id_required",
+        "session_request_missing_peer_id",
+    ]);
+    return typeof reason === "string" && known.has(reason) ? reason : "directory_unreachable";
+}
+//# sourceMappingURL=session-assignment-parser.js.map

package/dist/session-assignment-parser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-assignment-parser.js","sourceRoot":"","sources":["../src/session-assignment-parser.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,SAAS,QAAQ,CAAC,CAAU;IAC1B,IAAI,CAAC,YAAY,UAAU;QAAE,OAAO,CAAC,CAAC;IACtC,IAAI,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,UAAU,CAAC,CAAW,CAAC,CAAC;IAC3D,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAU;IAClC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACnC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;QAAE,OAAO,IAAI,CAAC;IACxD,OAAO,CAAa,CAAC;AACvB,CAAC;AAED,SAAS,oBAAoB,CAAC,GAAY;IACxC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACzD,MAAM,CAAC,GAAG,GAA8B,CAAC;IACzC,MAAM,MAAM,GAAG,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;IACrC,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC;IACjD,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACtE,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,UAAU,GAAG,gBAAgB,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;IACrD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;AACjD,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAY;IACrC,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACzD,MAAM,CAAC,GAAG,GAA8B,CAAC;IACzC,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,SAAS,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACtE,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,MAAM,UAAU,GAAG,gBAAgB,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;IACrD,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC;AACzC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,GAA4B;IACjE,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC;IAC9C,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC;IAEvD,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC;IACpD,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC;IAEvD,MAAM,MAAM,GAAG,QAAQ,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC;IACpD,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC;IAEjD,MAAM,KAAK,GAAG,GAAG,CAAC,mBAAmB,CAAC,CAAC;IACvC,MAAM,gBAAgB,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9G,IAAI,gBAAgB,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IAE3C,MAAM,YAAY,GAAG,oBAAoB,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC;IAChE,IAAI,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IAC/B,MAAM,YAAY,GAAG,oBAAoB,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC;IAChE,IAAI,CAAC,YAAY;QAAE,OAAO,IAAI,CAAC;IAC/B,MAAM,aAAa,GAAG,iBAAiB,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAC/D,IAAI,CAAC,aAAa;QAAE,OAAO,IAAI,CAAC;IAChC,MAAM,iBAAiB,GAAG,iBAAiB,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC,CAAC;IACvE,IAAI,CAAC,iBAAiB;QAAE,OAAO,IAAI,CAAC;IAEpC,MAAM,OAAO,GAAG,OAAO,GAAG,CAAC,gBAAgB,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC;IAE7F,yFAAyF;IACzF,MAAM,sBAAsB,GAC1B,OAAO,GAAG,CAAC,2BAA2B,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,2BAA2B,CAAC,KAAK,EAAE;QAC7F,CAAC,CAAC,GAAG,CAAC,2BAA2B,CAAC;QAClC,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,qBAAqB,GAAG,gBAAgB,CAAC,GAAG,CAAC,yBAAyB,CAAC,CAAC,IAAI,SAAS,CAAC;IAC5F,MAAM,yBAAyB,GAC7B,OAAO,GAAG,CAAC,8BAA8B,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,8BAA8B,CAAC,KAAK,EAAE;QACnG,CAAC,CAAC,GAAG,CAAC,8BAA8B,CAAC;QACrC,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,wBAAwB,GAAG,gBAAgB,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,IAAI,SAAS,CAAC;IAClG,MAAM,gBAAgB,GAAG,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAC/C,MAAM,aAAa,GACjB,gBAAgB,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,gBAAgB,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;IAEhG,MAAM,MAAM,GAAG;QACb,UAAU,EAAE,SAAS;QACrB,aAAa,EAAE,YAAY;QAC3B,aAAa,EAAE,YAAY;QAC3B,cAAc,EAAE,aAAa;QAC7B,kBAAkB,EAAE,iBAAiB;QACrC,iBAAiB,EAAE,gBAAgB;QACnC,gBAAgB,EAAE,SAAS;QAC3B,mBAAmB,EAAE,MAAM;QAC3B,yBAAyB,EAAE,sBAAsB;QACjD,uBAAuB,EAAE,qBAAqB;QAC9C,4BAA4B,EAAE,yBAAyB;QACvD,0BAA0B,EAAE,wBAAwB;QACpD,cAAc,EAAE,aAAa;KAC9B,CAAC;IAEF,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;QACxB,MAAM,YAAY,GAAG,QAAQ,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC;QACpD,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,MAAM,KAAK,EAAE;YAAE,OAAO,IAAI,CAAC;QAC7D,OAAO,EAAE,GAAG,MAAM,EAAE,cAAc,EAAE,OAAgB,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC;IACtF,CAAC;IACD,OAAO,EAAE,GAAG,MAAM,EAAE,cAAc,EAAE,QAAiB,EAAE,CAAC;AAC1D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CAAC,KAA8B;IACtE,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC;IAC/B,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC;QACpB,gBAAgB;QAChB,mBAAmB;QACnB,6BAA6B;QAC7B,2BAA2B;QAC3B,kBAAkB;QAClB,oBAAoB;QACpB,mBAAmB;QACnB,gBAAgB;QAChB,qBAAqB;QACrB,eAAe;QACf,wBAAwB;QACxB,iCAAiC;KAClC,CAAC,CAAC;IACH,OAAO,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,uBAAuB,CAAC;AAC5F,CAAC"}