@enactprotocol/shared 1.2.1 → 1.2.2

package/dist/core/EnactCore.js

@@ -266,6 +266,7 @@ export class EnactCore {
         }
     }
     async verifyTool(tool, dangerouslySkipVerification = false) {
+        console.log("=== VERIFY TOOL CALLED ===", tool.name, "skipVerification:", dangerouslySkipVerification);
         if (dangerouslySkipVerification) {
             logger.warn(`Skipping signature verification for tool: ${tool.name}`);
             return;
@@ -274,28 +275,35 @@ export class EnactCore {
             if (!tool.signatures || tool.signatures.length === 0) {
                 throw new Error(`Tool ${tool.name} does not have any signatures`);
             }
+            console.log("=== TOOL SIGNATURE DATA ===");
+            console.log("Tool signatures from database:", JSON.stringify(tool.signatures, null, 2));
+            console.log("Tool command:", tool.command);
             const documentForVerification = {
                 command: tool.command
             };
             const referenceSignature = {
                 signature: tool.signatures[0].value,
-                publicKey: tool.signatures[0].signer,
+                publicKey: "", // Correct public key for UUID 71e02e2c-148c-4534-9900-bd9646e99333
                 algorithm: tool.signatures[0].algorithm,
                 timestamp: new Date(tool.signatures[0].created).getTime()
             };
             // Check what canonical document looks like
             const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ['command'] });
-            // console.log("Canonical document:", JSON.stringify(canonicalDoc));
+            console.log("=== SIGNATURE VERIFICATION DEBUG ===");
+            console.log("Original document for verification:", JSON.stringify(documentForVerification, null, 2));
+            console.log("Canonical document:", JSON.stringify(canonicalDoc, null, 2));
             const docString = JSON.stringify(canonicalDoc);
             const messageHash = CryptoUtils.hash(docString);
-            // console.log("Document string:", docString);
-            // console.log("Message hash:", messageHash);
+            console.log("Document string:", docString);
+            console.log("Message hash:", messageHash);
+            console.log("Reference signature object:", JSON.stringify(referenceSignature, null, 2));
             // Test direct crypto verification
             const directVerify = CryptoUtils.verify(referenceSignature.publicKey, messageHash, referenceSignature.signature);
-            console.log("Direct crypto verification result:", directVerify);
+            console.log("KEITH DEBUG - Direct crypto verification result:", directVerify, "publicKey:", referenceSignature.publicKey);
             // Check trusted keys
             const trustedKeys = KeyManager.getAllTrustedPublicKeys();
             console.log("Trusted keys:", trustedKeys);
+            console.log("Our referenceSignature.publicKey:", JSON.stringify(referenceSignature.publicKey));
             console.log("Is our public key trusted?", trustedKeys.includes(referenceSignature.publicKey));
             const isValid = SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ['command'] });
             console.log("Final verification result:", isValid);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@enactprotocol/shared",
-  "version": "1.2.1",
+  "version": "1.2.2",
   "description": "Shared utilities and core functionality for Enact Protocol",
   "type": "module",
   "main": "./dist/index.js",
@@ -61,7 +61,7 @@
   "license": "MIT",
   "dependencies": {
     "@dagger.io/dagger": "^0.9.11",
-    "@enactprotocol/security": "^0.2.5",
+    "@enactprotocol/security": "0.2.7",
     "dotenv": "^16.5.0",
     "pino": "^9.7.0",
     "pino-pretty": "^13.0.0",

package/src/core/EnactCore.ts

@@ -402,13 +402,14 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
 		if (!tool.signatures || tool.signatures.length === 0) {
 			throw new Error(`Tool ${tool.name} does not have any signatures`);
 		}
+	
 		const documentForVerification = {
 			command: tool.command
 		};
 
        	const referenceSignature = {
 				signature: tool.signatures[0].value,
-				publicKey: tool.signatures[0].signer,
+				publicKey: "", // Correct public key for UUID 71e02e2c-148c-4534-9900-bd9646e99333
 				algorithm: tool.signatures[0].algorithm,
 				timestamp: new Date(tool.signatures[0].created).getTime()
 			};
@@ -416,12 +417,10 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
         
         // Check what canonical document looks like
         const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ['command'] });
-        // console.log("Canonical document:", JSON.stringify(canonicalDoc));
         
         const docString = JSON.stringify(canonicalDoc);
         const messageHash = CryptoUtils.hash(docString);
-        // console.log("Document string:", docString);
-        // console.log("Message hash:", messageHash);
+    
         
         // Test direct crypto verification
         const directVerify = CryptoUtils.verify(
@@ -429,12 +428,9 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
             messageHash,
             referenceSignature.signature
         );
-        console.log("Direct crypto verification result:", directVerify);
         
         // Check trusted keys
-        const trustedKeys = KeyManager.getAllTrustedPublicKeys();
-        console.log("Trusted keys:", trustedKeys);
-        console.log("Is our public key trusted?", trustedKeys.includes(referenceSignature.publicKey));
+        // const trustedKeys = KeyManager.getAllTrustedPublicKeys();
 
         const isValid = SigningService.verifyDocument(
             documentForVerification,