npm - @enactprotocol/shared - Versions diffs - 1.2.1 → 1.2.3 - Mend

@enactprotocol/shared 1.2.1 → 1.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/core/EnactCore.js CHANGED Viewed

@@ -5,7 +5,7 @@ import { DaggerExecutionProvider } from "./DaggerExecutionProvider.js";
 import { resolveToolEnvironmentVariables } from "../utils/env-loader.js";
 import logger from "../exec/logger.js";
 import yaml from "yaml";
-import { CryptoUtils, KeyManager, SecurityConfigManager, SigningService } from "@enactprotocol/security";
+import { CryptoUtils, SecurityConfigManager, SigningService } from "@enactprotocol/security";
 export class EnactCore {
     constructor(options = {}) {
         this.options = {
@@ -279,24 +279,18 @@ export class EnactCore {
             };
             const referenceSignature = {
                 signature: tool.signatures[0].value,
-                publicKey: tool.signatures[0].signer,
+                publicKey: "", // Correct public key for UUID 71e02e2c-148c-4534-9900-bd9646e99333
                 algorithm: tool.signatures[0].algorithm,
                 timestamp: new Date(tool.signatures[0].created).getTime()
             };
             // Check what canonical document looks like
             const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ['command'] });
-            // console.log("Canonical document:", JSON.stringify(canonicalDoc));
             const docString = JSON.stringify(canonicalDoc);
             const messageHash = CryptoUtils.hash(docString);
-            // console.log("Document string:", docString);
-            // console.log("Message hash:", messageHash);
             // Test direct crypto verification
             const directVerify = CryptoUtils.verify(referenceSignature.publicKey, messageHash, referenceSignature.signature);
-            console.log("Direct crypto verification result:", directVerify);
             // Check trusted keys
-            const trustedKeys = KeyManager.getAllTrustedPublicKeys();
-            console.log("Trusted keys:", trustedKeys);
-            console.log("Is our public key trusted?", trustedKeys.includes(referenceSignature.publicKey));
+            // const trustedKeys = KeyManager.getAllTrustedPublicKeys();
             const isValid = SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ['command'] });
             console.log("Final verification result:", isValid);
             if (!isValid) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@enactprotocol/shared",
-  "version": "1.2.1",
+  "version": "1.2.3",
   "description": "Shared utilities and core functionality for Enact Protocol",
   "type": "module",
   "main": "./dist/index.js",
@@ -61,7 +61,7 @@
   "license": "MIT",
   "dependencies": {
     "@dagger.io/dagger": "^0.9.11",
-    "@enactprotocol/security": "^0.2.5",
+    "@enactprotocol/security": "0.2.7",
     "dotenv": "^16.5.0",
     "pino": "^9.7.0",
     "pino-pretty": "^13.0.0",

package/src/core/EnactCore.ts CHANGED Viewed

@@ -402,13 +402,14 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
 		if (!tool.signatures || tool.signatures.length === 0) {
 			throw new Error(`Tool ${tool.name} does not have any signatures`);
 		}
 		const documentForVerification = {
 			command: tool.command
 		};
        	const referenceSignature = {
 				signature: tool.signatures[0].value,
-				publicKey: tool.signatures[0].signer,
+				publicKey: "", // Correct public key for UUID 71e02e2c-148c-4534-9900-bd9646e99333
 				algorithm: tool.signatures[0].algorithm,
 				timestamp: new Date(tool.signatures[0].created).getTime()
 			};
@@ -416,12 +417,10 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
         // Check what canonical document looks like
         const canonicalDoc = SigningService.getCanonicalDocument(documentForVerification, { includeFields: ['command'] });
-        // console.log("Canonical document:", JSON.stringify(canonicalDoc));
         const docString = JSON.stringify(canonicalDoc);
         const messageHash = CryptoUtils.hash(docString);
-        // console.log("Document string:", docString);
-        // console.log("Message hash:", messageHash);
         // Test direct crypto verification
         const directVerify = CryptoUtils.verify(
@@ -429,12 +428,9 @@ private async verifyTool(tool: EnactTool, dangerouslySkipVerification: boolean =
             messageHash,
             referenceSignature.signature
         );
-        console.log("Direct crypto verification result:", directVerify);
         // Check trusted keys
-        const trustedKeys = KeyManager.getAllTrustedPublicKeys();
-        console.log("Trusted keys:", trustedKeys);
-        console.log("Is our public key trusted?", trustedKeys.includes(referenceSignature.publicKey));
+        // const trustedKeys = KeyManager.getAllTrustedPublicKeys();
         const isValid = SigningService.verifyDocument(
             documentForVerification,