@dp-pcs/ogp 0.6.0 → 0.7.0-rc.1

package/dist/cli/federation.js

@@ -11,6 +11,7 @@ import { loadIntents } from '../daemon/intent-registry.js';
 import { loadMetaConfig } from '../shared/meta-config.js';
 import { logActivity } from '../daemon/agent-comms.js';
 import { deliverLocalSessionText } from '../daemon/notify.js';
+import { validateTargetAgent } from './agent-targeting.js';
 /**
  * Expand tilde in paths
  */
@@ -20,6 +21,42 @@ function expandTilde(filePath) {
     }
     return filePath;
 }
+function formatRelative(iso) {
+    if (!iso)
+        return 'never';
+    const ms = Date.now() - new Date(iso).getTime();
+    if (ms < 0)
+        return 'in the future';
+    const m = Math.floor(ms / 60000);
+    if (m < 1)
+        return '<1m';
+    if (m < 60)
+        return `${m}m ago`;
+    const h = Math.floor(m / 60);
+    if (h < 24)
+        return `${h}h ago`;
+    return `${Math.floor(h / 24)}d ago`;
+}
+function healthStateLabel(state) {
+    switch (state) {
+        case 'established': return { icon: '✓', label: 'established' };
+        case 'degraded-outbound': return { icon: '⚠', label: 'degraded-out' };
+        case 'degraded-inbound': return { icon: '⚠', label: 'degraded-in' };
+        case 'down': return { icon: '✗', label: 'down' };
+        default: return { icon: '?', label: 'unknown' };
+    }
+}
+function federationStateLabel(state) {
+    switch (state) {
+        case 'init': return { icon: '◐', label: 'INIT' };
+        case 'twoWay': return { icon: '◑', label: 'TWO-WAY' };
+        case 'established': return { icon: '✓', label: 'ESTABLISHED' };
+        case 'degraded': return { icon: '⚠', label: 'DEGRADED' };
+        case 'down': return { icon: '✗', label: 'DOWN' };
+        case 'tombstoned': return { icon: '☠', label: 'TOMBSTONED' };
+        default: return { icon: '?', label: 'UNKNOWN' };
+    }
+}
 function normalizeGatewayUrl(url) {
     const trimmed = url.trim();
     if (!trimmed) {
@@ -148,25 +185,22 @@ export async function federationList(status, filterTag) {
                     peers.forEach(peer => {
                         const aliasDisplay = peer.alias || peer.displayName || '-';
                         const displayName = peer.alias ? peer.displayName : '';
-                        const keyShort = peer.publicKey?.substring(0, 16) || '-';
                         // Status and health icons
                         let statusIcon = peer.status === 'approved' ? '✓' : peer.status === 'pending' ? '?' : '✗';
                         if (peer.status === 'approved' && peer.healthy === false) {
                             statusIcon = '✗'; // Show unhealthy status
                         }
-                        // Health details for approved peers
+                        // Issue #3 + #5: directional health summary for approved peers
                         let healthInfo = '';
                         if (peer.status === 'approved') {
-                            if (peer.lastSeenAt) {
-                                const lastSeen = new Date(peer.lastSeenAt);
-                                const now = new Date();
-                                const minutesAgo = Math.floor((now.getTime() - lastSeen.getTime()) / 60000);
-                                const timeStr = minutesAgo < 60 ? `${minutesAgo}m` : `${Math.floor(minutesAgo / 60)}h`;
-                                healthInfo = ` [last seen: ${timeStr}]`;
-                            }
-                            else {
-                                healthInfo = ' [never seen]';
-                            }
+                            const { icon, label } = healthStateLabel(peer.healthState);
+                            const out = peer.lastOutboundCheckFailedAt && (!peer.lastOutboundCheckAt || peer.lastOutboundCheckFailedAt > peer.lastOutboundCheckAt)
+                                ? `out: FAIL ${formatRelative(peer.lastOutboundCheckFailedAt)}`
+                                : `out: ${formatRelative(peer.lastOutboundCheckAt)}`;
+                            const inboundLabel = peer.inboundHealthReport
+                                ? `in (reported): ${peer.inboundHealthReport.healthy ? 'OK' : 'FAIL'} ${formatRelative(peer.inboundHealthReport.receivedAt)}`
+                                : `in: ${formatRelative(peer.lastInboundContactAt)}`;
+                            healthInfo = ` [${icon} ${label}  ${out}  ${inboundLabel}]`;
                             if (peer.healthCheckFailures && peer.healthCheckFailures > 0) {
                                 healthInfo += ` (${peer.healthCheckFailures} failures)`;
                             }
@@ -219,19 +253,10 @@ export async function federationList(status, filterTag) {
         const displayCol = (peer.displayName || '-').slice(0, 20).padEnd(20);
         const keyCol = (peer.publicKey?.substring(0, 16) || '-') + '...';
         const statusCol = peer.status;
-        // Health status indicator
-        let healthIcon = '';
-        if (peer.status === 'approved') {
-            if (peer.healthy === true) {
-                healthIcon = '✓';
-            }
-            else if (peer.healthy === false) {
-                healthIcon = '✗';
-            }
-            else {
-                healthIcon = '?'; // Unknown health status
-            }
-        }
+        // Health status indicator (Issue #3: directional)
+        const { icon: healthIcon } = peer.status === 'approved'
+            ? healthStateLabel(peer.healthState)
+            : { icon: '' };
         console.log(`  ${healthIcon ? healthIcon + ' ' : ''}${aliasCol} ${displayCol} ${keyCol.padEnd(20)} ${statusCol}`);
         console.log(`    Gateway: ${peer.gatewayUrl}`);
         console.log(`    ID: ${peer.id}`);
@@ -250,13 +275,23 @@ export async function federationList(status, filterTag) {
         if (peer.tags && peer.tags.length > 0) {
             console.log(`    Tags: ${peer.tags.join(', ')}`);
         }
-        // Show health details for approved peers
+        // Issue #4: federation lifecycle line for any non-tombstoned peer.
+        if (peer.status !== 'rejected' && peer.status !== 'removed') {
+            const { label: fedLabel } = federationStateLabel(peer.federationState);
+            const since = peer.federationStateChangedAt ? ` since ${formatRelative(peer.federationStateChangedAt)}` : '';
+            const reason = peer.federationStateReason ? ` — ${peer.federationStateReason}` : '';
+            console.log(`    Federation:  ${fedLabel}${since}${reason}`);
+        }
+        // Show health details for approved peers (Issue #3: directional, Issue #5: authoritative inbound)
         if (peer.status === 'approved') {
-            if (peer.lastSeenAt) {
-                const lastSeen = new Date(peer.lastSeenAt);
-                const now = new Date();
-                const minutesAgo = Math.floor((now.getTime() - lastSeen.getTime()) / 60000);
-                console.log(`    Last seen: ${minutesAgo < 60 ? minutesAgo + 'm ago' : Math.floor(minutesAgo / 60) + 'h ago'}`);
+            const { label } = healthStateLabel(peer.healthState);
+            console.log(`    Health state: ${label}${peer.healthStateChangedAt ? ` (since ${formatRelative(peer.healthStateChangedAt)})` : ''}`);
+            console.log(`    Outbound:    last ok ${formatRelative(peer.lastOutboundCheckAt)}, last fail ${formatRelative(peer.lastOutboundCheckFailedAt)}`);
+            console.log(`    Inbound:     last contact ${formatRelative(peer.lastInboundContactAt)}`);
+            if (peer.inboundHealthReport) {
+                const r = peer.inboundHealthReport;
+                console.log(`    Inbound (reported): ${r.healthy ? 'healthy' : 'unhealthy'} as of ${formatRelative(r.receivedAt)}` +
+                    (r.healthCheckFailures && r.healthCheckFailures > 0 ? ` (${r.healthCheckFailures} failures from peer)` : ''));
             }
             if (peer.healthCheckFailures && peer.healthCheckFailures > 0) {
                 console.log(`    Health check failures: ${peer.healthCheckFailures}`);
@@ -319,42 +354,17 @@ export async function federationStatus() {
                         console.log('\n  Approved peers:');
                         for (const peer of approvedPeers) {
                             const aliasDisplay = peer.alias || peer.displayName || 'no alias';
-                            // Health status indicator
-                            let healthIcon = '';
-                            if (peer.healthy === true) {
-                                healthIcon = '✓';
-                            }
-                            else if (peer.healthy === false) {
-                                healthIcon = '✗';
-                            }
-                            else {
-                                healthIcon = '?';
-                            }
-                            // Format last seen time
-                            let lastSeenStr = '';
-                            if (peer.lastSeenAt) {
-                                const lastSeen = new Date(peer.lastSeenAt);
-                                const now = new Date();
-                                const minutesAgo = Math.floor((now.getTime() - lastSeen.getTime()) / 60000);
-                                if (minutesAgo < 60) {
-                                    lastSeenStr = `${minutesAgo}m ago`;
-                                }
-                                else if (minutesAgo < 1440) {
-                                    lastSeenStr = `${Math.floor(minutesAgo / 60)}h ago`;
-                                }
-                                else {
-                                    lastSeenStr = `${Math.floor(minutesAgo / 1440)}d ago`;
-                                }
-                            }
-                            else {
-                                lastSeenStr = 'never';
-                            }
-                            // Show health failures if any
+                            // Issue #3: directional health
+                            const { icon: healthIcon, label } = healthStateLabel(peer.healthState);
+                            const out = peer.lastOutboundCheckFailedAt && (!peer.lastOutboundCheckAt || peer.lastOutboundCheckFailedAt > peer.lastOutboundCheckAt)
+                                ? `out FAIL ${formatRelative(peer.lastOutboundCheckFailedAt)}`
+                                : `out ${formatRelative(peer.lastOutboundCheckAt)}`;
+                            const inb = `in ${formatRelative(peer.lastInboundContactAt)}`;
                             const failuresStr = peer.healthCheckFailures && peer.healthCheckFailures > 0
                                 ? ` (${peer.healthCheckFailures} failures)`
                                 : '';
                             const scopes = peer.grantedScopes?.scopes.map(s => s.intent).join(', ') || 'none';
-                            console.log(`    ${healthIcon} ${aliasDisplay.padEnd(20)} [${lastSeenStr.padEnd(8)}${failuresStr}] ${scopes}`);
+                            console.log(`    ${healthIcon} ${aliasDisplay.padEnd(20)} ${label.padEnd(13)} ${out.padEnd(20)} ${inb.padEnd(15)}${failuresStr} ${scopes}`);
                         }
                     }
                 }
@@ -394,10 +404,18 @@ export async function federationStatus() {
     const pendingPeers = peers.filter(p => p.status === 'pending');
     const rejectedPeers = peers.filter(p => p.status === 'rejected');
     const removedPeers = peers.filter(p => p.status === 'removed');
-    // Health statistics for approved peers
-    const healthyPeers = approvedPeers.filter(p => p.healthy === true);
-    const unhealthyPeers = approvedPeers.filter(p => p.healthy === false);
-    const unknownHealthPeers = approvedPeers.filter(p => p.healthy === undefined);
+    // Health statistics for approved peers (Issue #3: directional)
+    const stateCounts = {
+        established: 0,
+        'degraded-outbound': 0,
+        'degraded-inbound': 0,
+        down: 0,
+        unknown: 0
+    };
+    for (const p of approvedPeers) {
+        const state = p.healthState ?? 'unknown';
+        stateCounts[state] = (stateCounts[state] ?? 0) + 1;
+    }
     console.log('\n📊 FEDERATION STATUS\n');
     // Summary counts
     console.log(`Total peers: ${peers.length}`);
@@ -406,12 +424,38 @@ export async function federationStatus() {
     console.log(`  Rejected: ${rejectedPeers.length}`);
     console.log(`  Removed:  ${removedPeers.length}`);
     console.log('');
-    // Health summary for approved peers
+    // Health summary for approved peers (Issue #3: directional state breakdown)
     if (approvedPeers.length > 0) {
         console.log('🏥 PEER HEALTH:\n');
-        console.log(`  Healthy:   ${healthyPeers.length} (✓)`);
-        console.log(`  Unhealthy: ${unhealthyPeers.length} (✗)`);
-        console.log(`  Unknown:   ${unknownHealthPeers.length} (?)`);
+        console.log(`  Established:      ${stateCounts.established} (✓)`);
+        console.log(`  Degraded out:     ${stateCounts['degraded-outbound']} (⚠ I can't reach them)`);
+        console.log(`  Degraded in:      ${stateCounts['degraded-inbound']} (⚠ they haven't reached me)`);
+        console.log(`  Down:             ${stateCounts.down} (✗)`);
+        console.log(`  Unknown:          ${stateCounts.unknown} (?)`);
+        console.log('');
+    }
+    // Issue #4: federation lifecycle state breakdown across all non-tombstoned peers.
+    const lifecycleCounts = {
+        init: 0, twoWay: 0, established: 0, degraded: 0, down: 0, unknown: 0
+    };
+    for (const p of peers) {
+        if (p.status === 'rejected' || p.status === 'removed')
+            continue;
+        const s = p.federationState ?? 'unknown';
+        if (s === 'tombstoned')
+            continue;
+        lifecycleCounts[s] = (lifecycleCounts[s] ?? 0) + 1;
+    }
+    if (peers.some(p => p.status !== 'rejected' && p.status !== 'removed')) {
+        console.log('🔗 FEDERATION LIFECYCLE:\n');
+        console.log(`  Init:        ${lifecycleCounts.init}`);
+        console.log(`  Two-way:     ${lifecycleCounts.twoWay}`);
+        console.log(`  Established: ${lifecycleCounts.established}`);
+        console.log(`  Degraded:    ${lifecycleCounts.degraded}`);
+        console.log(`  Down:        ${lifecycleCounts.down}`);
+        if (lifecycleCounts.unknown > 0) {
+            console.log(`  Unknown:     ${lifecycleCounts.unknown}`);
+        }
         console.log('');
     }
     // Alias → Public Key mapping section
@@ -472,15 +516,18 @@ export async function federationRequest(peerUrl, peerId, alias) {
         ...(config.agentName ? { agentName: config.agentName } : {}),
         ...(config.organization ? { organization: config.organization } : {}),
     };
-    const { sign } = await import('../shared/signing.js');
-    const signature = sign(JSON.stringify(peer), keypair.privateKey);
     // Fetch our capabilities to include in the request (BUILD-110: intent negotiation)
     let ourIntents = loadIntents().map((i) => i.name);
     if (ourIntents.length === 0) {
         // Fallback to default intents if none registered
         ourIntents = ['message', 'agent-comms', 'project.join', 'project.contribute', 'project.query', 'project.status'];
     }
-    const requestBody = { peer, signature, offeredIntents: ourIntents };
+    // SECURITY (F-04): Send a signed canonical envelope. The receiver verifies
+    // the signature against peer.publicKey from the payload — proves we hold
+    // the private key for the publicKey we're announcing.
+    const { signCanonical } = await import('../shared/signing.js');
+    const { payloadStr, signature } = signCanonical({ peer, offeredIntents: ourIntents }, keypair.privateKey);
+    const requestBody = { payloadStr, signature };
     // Send request
     try {
         const response = await fetch(`${resolvedPeerUrl}/federation/request`, {
@@ -628,25 +675,27 @@ export async function federationApprove(peerId, options = {}) {
     const ourConfig = requireConfig();
     try {
         const nonce = crypto.randomUUID();
+        // SECURITY (F-01): Approval is a canonical signed envelope.
+        const { signCanonical } = await import('../shared/signing.js');
+        const { payloadStr, signature } = signCanonical({
+            // Package format
+            peerId: peer.id,
+            approved: true,
+            // Fork format (for interoperability)
+            fromGatewayId: `${new URL(ourConfig.gatewayUrl).hostname}:${ourConfig.daemonPort}`,
+            fromDisplayName: ourConfig.displayName,
+            fromGatewayUrl: ourConfig.gatewayUrl,
+            fromPublicKey: keypair.publicKey,
+            fromEmail: ourConfig.email,
+            nonce,
+            // v0.2.0: Include scope grants
+            protocolVersion: '0.2.0',
+            scopeGrants
+        }, keypair.privateKey);
         await fetch(`${peerGatewayUrl}/federation/approve`, {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({
-                // Package format
-                peerId: peer.id,
-                approved: true,
-                // Fork format (for interoperability)
-                fromGatewayId: `${new URL(ourConfig.gatewayUrl).hostname}:${ourConfig.daemonPort}`,
-                fromDisplayName: ourConfig.displayName,
-                fromGatewayUrl: ourConfig.gatewayUrl,
-                fromPublicKey: keypair.publicKey,
-                fromEmail: ourConfig.email,
-                timestamp: new Date().toISOString(),
-                nonce,
-                // v0.2.0: Include scope grants
-                protocolVersion: '0.2.0',
-                scopeGrants
-            })
+            body: JSON.stringify({ payloadStr, signature })
         });
         console.log('✓ Notified peer of approval');
     }
@@ -782,7 +831,7 @@ export async function federationRemove(peerId) {
     removePeer(peerId);
     console.log(`✓ Removed peer: ${peerId} (${peer.displayName})`);
 }
-export async function federationSend(peerId, intent, payloadJson, timeoutMs) {
+export async function federationSend(peerId, intent, payloadJson, timeoutMs, toAgent) {
     const config = requireConfig();
     // Resolve peer identifier (alias, ID, or public key)
     const resolvedId = resolvePeerId(peerId);
@@ -800,6 +849,14 @@ export async function federationSend(peerId, intent, payloadJson, timeoutMs) {
         console.error(`Peer ${peerId} is not approved`);
         return null;
     }
+    // B0032 P4: capability check before honoring --to-agent.
+    if (toAgent) {
+        const targeting = await validateTargetAgent({ id: peer.id, gatewayUrl: peer.gatewayUrl, displayName: peer.displayName }, toAgent);
+        if (!targeting.ok) {
+            console.error(targeting.reason);
+            return null;
+        }
+    }
     const payload = JSON.parse(payloadJson);
     const keypair = loadOrGenerateKeyPair();
     // BUILD-111: Use public key prefix as our ID (not hostname:port)
@@ -808,6 +865,7 @@ export async function federationSend(peerId, intent, payloadJson, timeoutMs) {
         intent,
         from: ourId,
         to: peerId,
+        ...(toAgent ? { toAgent } : {}),
         nonce: crypto.randomUUID(),
         timestamp: new Date().toISOString(),
         payload
@@ -1122,6 +1180,14 @@ export async function federationSendAgentComms(peerId, topic, messageText, optio
         console.error(`Peer ${peerId} is not approved`);
         return;
     }
+    // B0032 P4: capability check before honoring --to-agent.
+    if (options.toAgent) {
+        const targeting = await validateTargetAgent({ id: peer.id, gatewayUrl: peer.gatewayUrl, displayName: peer.displayName }, options.toAgent);
+        if (!targeting.ok) {
+            console.error(targeting.reason);
+            return;
+        }
+    }
     const keypair = loadOrGenerateKeyPair();
     // Use 32-char public key prefix as our ID (avoids Ed25519 DER header collision with 16-char)
     const ourId = keypair.publicKey.substring(0, 32);
@@ -1135,6 +1201,7 @@ export async function federationSendAgentComms(peerId, topic, messageText, optio
         intent: 'agent-comms',
         from: ourId,
         to: peerId,
+        ...(options.toAgent ? { toAgent: options.toAgent } : {}),
         nonce,
         timestamp: new Date().toISOString(),
         replyTo,
@@ -1232,10 +1299,13 @@ export async function federationInvite() {
     const pubkey = getPublicKey();
     const port = config.daemonPort ?? 18790;
     try {
+        // SECURITY (F-02): /invite now requires a signed envelope, same as /register.
+        const { signCanonical } = await import('../shared/signing.js');
+        const { payloadStr, signature } = signCanonical({ pubkey, port }, getPrivateKey());
         const res = await fetch(`${config.rendezvous.url}/invite`, {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({ pubkey, port }),
+            body: JSON.stringify({ payloadStr, signature }),
             signal: AbortSignal.timeout(10000),
         });
         if (!res.ok) {