@f2a/network 0.1.2 → 0.1.3

package/src/core/review-committee.ts

@@ -1,401 +0,0 @@
-/**
- * F2A 评审系统
- * Phase 2: 评审机制
- */
-
-import { Logger } from '../utils/logger.js';
-import { ReputationManager } from './reputation.js';
-
-// ============================================================================
-// 类型定义
-// ============================================================================
-
-/**
- * 评审维度
- */
-export interface ReviewDimensions {
-  /** 工作量评估 (0-100) */
-  workload: number;
-  /** 价值分 (-100 ~ 100) */
-  value: number;
-}
-
-/**
- * 风险标记
- */
-export type RiskFlag = 'dangerous' | 'malicious' | 'spam' | 'invalid';
-
-/**
- * 任务评审
- */
-export interface TaskReview {
-  taskId: string;
-  reviewerId: string;
-  dimensions: ReviewDimensions;
-  riskFlags?: RiskFlag[];
-  comment?: string;
-  timestamp: number;
-}
-
-/**
- * 评审结果
- */
-export interface ReviewResult {
-  taskId: string;
-  requesterId: string;
-  executorId?: string;
-  finalWorkload: number;
-  finalValue: number;
-  reviews: TaskReview[];
-  outliers: TaskReview[];
-  timestamp: number;
-}
-
-/**
- * 评审委员会配置
- */
-export interface ReviewCommitteeConfig {
-  /** 最小评审人数 */
-  minReviewers: number;
-  /** 最大评审人数 */
-  maxReviewers: number;
-  /** 评审资格最低信誉分 */
-  minReputation: number;
-  /** 评审超时（毫秒） */
-  reviewTimeout: number;
-  /** 偏离检测阈值（标准差倍数） */
-  outlierThreshold: number;
-}
-
-/**
- * 待评审任务
- */
-export interface PendingReview {
-  taskId: string;
-  requesterId: string;
-  executorId?: string;
-  taskDescription: string;
-  taskParameters?: Record<string, unknown>;
-  createdAt: number;
-  reviews: TaskReview[];
-  requiredReviewers: number;
-}
-
-// ============================================================================
-// 默认配置
-// ============================================================================
-
-const DEFAULT_COMMITTEE_CONFIG: ReviewCommitteeConfig = {
-  minReviewers: 1,
-  maxReviewers: 7,
-  minReputation: 50,
-  reviewTimeout: 5 * 60 * 1000, // 5 分钟
-  outlierThreshold: 2, // 2 个标准差
-};
-
-// ============================================================================
-// 评审委员会
-// ============================================================================
-
-export class ReviewCommittee {
-  private config: ReviewCommitteeConfig;
-  private reputationManager: ReputationManager;
-  private pendingReviews: Map<string, PendingReview> = new Map();
-  private logger: Logger;
-
-  constructor(
-    reputationManager: ReputationManager,
-    config: Partial<ReviewCommitteeConfig> = {}
-  ) {
-    this.reputationManager = reputationManager;
-    this.config = { ...DEFAULT_COMMITTEE_CONFIG, ...config };
-    this.logger = new Logger({ component: 'ReviewCommittee' });
-  }
-
-  /**
-   * 根据网络规模计算需要的评审人数
-   */
-  getRequiredReviewers(networkSize: number): number {
-    if (networkSize < 10) return 1;
-    if (networkSize < 50) return 3;
-    return 5;
-  }
-
-  /**
-   * 获取可用的评审者
-   */
-  getAvailableReviewers(excludeIds: string[] = []): string[] {
-    const highRepNodes = this.reputationManager.getHighReputationNodes(
-      this.config.minReputation
-    );
-    
-    return highRepNodes
-      .map(e => e.peerId)
-      .filter(id => !excludeIds.includes(id));
-  }
-
-  /**
-   * 提交任务进行评审
-   */
-  submitForReview(
-    taskId: string,
-    requesterId: string,
-    taskDescription: string,
-    taskParameters?: Record<string, unknown>,
-    executorId?: string
-  ): PendingReview {
-    const networkSize = this.reputationManager.getAllReputations().length;
-    const requiredReviewers = Math.min(
-      this.config.maxReviewers,
-      Math.max(this.config.minReviewers, this.getRequiredReviewers(networkSize))
-    );
-
-    const pending: PendingReview = {
-      taskId,
-      requesterId,
-      executorId,
-      taskDescription,
-      taskParameters,
-      createdAt: Date.now(),
-      reviews: [],
-      requiredReviewers,
-    };
-
-    this.pendingReviews.set(taskId, pending);
-    
-    this.logger.info('Task submitted for review', {
-      taskId,
-      requesterId: requesterId.slice(0, 16),
-      requiredReviewers,
-    });
-
-    return pending;
-  }
-
-  /**
-   * 提交评审
-   */
-  submitReview(review: TaskReview): { success: boolean; message: string } {
-    const pending = this.pendingReviews.get(review.taskId);
-    
-    if (!pending) {
-      return { success: false, message: 'Task not found or already completed' };
-    }
-
-    // 验证评审者资格
-    if (!this.reputationManager.hasPermission(review.reviewerId, 'review')) {
-      return { success: false, message: 'Reviewer does not have permission' };
-    }
-
-    // 验证评审者不是请求者或执行者
-    if (review.reviewerId === pending.requesterId || 
-        review.reviewerId === pending.executorId) {
-      return { success: false, message: 'Cannot review own task' };
-    }
-
-    // 检查是否已经评审过
-    if (pending.reviews.some(r => r.reviewerId === review.reviewerId)) {
-      return { success: false, message: 'Already reviewed this task' };
-    }
-
-    // 验证评审维度
-    if (!this.validateReviewDimensions(review.dimensions)) {
-      return { success: false, message: 'Invalid review dimensions' };
-    }
-
-    pending.reviews.push(review);
-    
-    this.logger.info('Review submitted', {
-      taskId: review.taskId,
-      reviewerId: review.reviewerId.slice(0, 16),
-      workload: review.dimensions.workload,
-      value: review.dimensions.value,
-    });
-
-    return { success: true, message: 'Review submitted' };
-  }
-
-  /**
-   * 检查评审是否完成
-   */
-  isReviewComplete(taskId: string): boolean {
-    const pending = this.pendingReviews.get(taskId);
-    if (!pending) return false;
-    return pending.reviews.length >= pending.requiredReviewers;
-  }
-
-  /**
-   * 结算评审
-   */
-  finalizeReview(taskId: string): ReviewResult | null {
-    const pending = this.pendingReviews.get(taskId);
-    if (!pending) return null;
-
-    if (pending.reviews.length < pending.requiredReviewers) {
-      this.logger.warn('Not enough reviews', {
-        taskId,
-        current: pending.reviews.length,
-        required: pending.requiredReviewers,
-      });
-      return null;
-    }
-
-    const { finalWorkload, finalValue, outliers } = this.aggregateReviews(
-      pending.reviews
-    );
-
-    const result: ReviewResult = {
-      taskId,
-      requesterId: pending.requesterId,
-      executorId: pending.executorId,
-      finalWorkload,
-      finalValue,
-      reviews: pending.reviews,
-      outliers,
-      timestamp: Date.now(),
-    };
-
-    // 移除待评审任务
-    this.pendingReviews.delete(taskId);
-
-    // 更新评审者信誉
-    this.updateReviewerReputations(pending.reviews, outliers);
-
-    this.logger.info('Review finalized', {
-      taskId,
-      finalWorkload,
-      finalValue,
-      outliers: outliers.length,
-    });
-
-    return result;
-  }
-
-  /**
-   * 聚合评审结果
-   */
-  aggregateReviews(reviews: TaskReview[]): {
-    finalWorkload: number;
-    finalValue: number;
-    outliers: TaskReview[];
-  } {
-    if (reviews.length === 1) {
-      return {
-        finalWorkload: reviews[0].dimensions.workload,
-        finalValue: reviews[0].dimensions.value,
-        outliers: [],
-      };
-    }
-
-    // 计算平均值和标准差
-    const workloads = reviews.map(r => r.dimensions.workload);
-    const values = reviews.map(r => r.dimensions.value);
-
-    const avgWorkload = this.average(workloads);
-    const avgValue = this.average(values);
-    const stdDevWorkload = this.stdDev(workloads, avgWorkload);
-    const stdDevValue = this.stdDev(values, avgValue);
-
-    // 去掉最高和最低
-    const sortedWorkloads = [...workloads].sort((a, b) => a - b);
-    const sortedValues = [...values].sort((a, b) => a - b);
-
-    const trimmedWorkloads = sortedWorkloads.slice(1, -1);
-    const trimmedValues = sortedValues.slice(1, -1);
-
-    const finalWorkload = this.average(trimmedWorkloads);
-    const finalValue = this.average(trimmedValues);
-
-    // 识别偏离者
-    const outliers = reviews.filter(r => 
-      Math.abs(r.dimensions.workload - avgWorkload) > this.config.outlierThreshold * stdDevWorkload ||
-      Math.abs(r.dimensions.value - avgValue) > this.config.outlierThreshold * stdDevValue
-    );
-
-    return { finalWorkload, finalValue, outliers };
-  }
-
-  /**
-   * 获取待评审任务列表
-   */
-  getPendingReviews(): PendingReview[] {
-    return Array.from(this.pendingReviews.values());
-  }
-
-  /**
-   * 获取特定任务的评审状态
-   */
-  getReviewStatus(taskId: string): PendingReview | null {
-    return this.pendingReviews.get(taskId) || null;
-  }
-
-  /**
-   * 清理超时的待评审任务
-   */
-  cleanupExpiredReviews(): string[] {
-    const now = Date.now();
-    const expired: string[] = [];
-
-    for (const [taskId, pending] of this.pendingReviews) {
-      if (now - pending.createdAt > this.config.reviewTimeout) {
-        expired.push(taskId);
-        this.pendingReviews.delete(taskId);
-      }
-    }
-
-    if (expired.length > 0) {
-      this.logger.info('Cleaned up expired reviews', { count: expired.length });
-    }
-
-    return expired;
-  }
-
-  // ============================================================================
-  // 私有方法
-  // ============================================================================
-
-  private validateReviewDimensions(dimensions: ReviewDimensions): boolean {
-    const { workload, value } = dimensions;
-    
-    // 工作量范围检查
-    if (workload < 0 || workload > 100) return false;
-    
-    // 价值分范围检查
-    if (value < -100 || value > 100) return false;
-    
-    return true;
-  }
-
-  private updateReviewerReputations(
-    reviews: TaskReview[],
-    outliers: TaskReview[]
-  ): void {
-    for (const review of reviews) {
-      if (outliers.includes(review)) {
-        // 偏离评审 → 惩罚
-        this.reputationManager.recordReviewPenalty(
-          review.reviewerId,
-          -5,
-          'Outlier review'
-        );
-      } else {
-        // 正常评审 → 奖励
-        this.reputationManager.recordReviewReward(review.reviewerId, 3);
-      }
-    }
-  }
-
-  private average(values: number[]): number {
-    if (values.length === 0) return 0;
-    return values.reduce((a, b) => a + b, 0) / values.length;
-  }
-
-  private stdDev(values: number[], mean: number): number {
-    if (values.length === 0) return 0;
-    const squaredDiffs = values.map(v => Math.pow(v - mean, 2));
-    return Math.sqrt(this.average(squaredDiffs));
-  }
-}
-
-// 默认导出
-export default ReviewCommittee;

package/src/core/token-manager.test.ts

@@ -1,133 +0,0 @@
-import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
-import { TokenManager } from './token-manager.js';
-import { existsSync, readFileSync, writeFileSync, mkdirSync, rmSync } from 'fs';
-import { join } from 'path';
-import { tmpdir } from 'os';
-
-describe('TokenManager', () => {
-  let tempDir: string;
-  let tokenManager: TokenManager;
-  let originalEnv: string | undefined;
-
-  beforeEach(() => {
-    // 创建临时目录
-    tempDir = join(tmpdir(), `f2a-test-${Date.now()}`);
-    
-    // 保存原始环境变量
-    originalEnv = process.env.F2A_CONTROL_TOKEN;
-    delete process.env.F2A_CONTROL_TOKEN;
-    
-    // 创建新的 TokenManager
-    tokenManager = new TokenManager(tempDir);
-  });
-
-  afterEach(() => {
-    // 恢复环境变量
-    if (originalEnv !== undefined) {
-      process.env.F2A_CONTROL_TOKEN = originalEnv;
-    } else {
-      delete process.env.F2A_CONTROL_TOKEN;
-    }
-    
-    // 清理临时目录
-    try {
-      rmSync(tempDir, { recursive: true, force: true });
-    } catch {}
-  });
-
-  describe('getToken', () => {
-    it('should generate new token when none exists', () => {
-      const token = tokenManager.getToken();
-      
-      expect(token).toBeDefined();
-      expect(token.startsWith('f2a-')).toBe(true);
-      expect(token.length).toBeGreaterThan(40); // f2a- + 64 hex chars
-    });
-
-    it('should return same token on subsequent calls', () => {
-      const token1 = tokenManager.getToken();
-      const token2 = tokenManager.getToken();
-      
-      expect(token1).toBe(token2);
-    });
-
-    it('should use environment variable if set', () => {
-      const envToken = 'custom-env-token-123';
-      process.env.F2A_CONTROL_TOKEN = envToken;
-      
-      const token = tokenManager.getToken();
-      expect(token).toBe(envToken);
-    });
-
-    it('should load token from file if exists', () => {
-      // 先获取一个 token（会保存到文件）
-      const token1 = tokenManager.getToken();
-      
-      // 创建新的 TokenManager 实例（相同目录）
-      const newManager = new TokenManager(tempDir);
-      const token2 = newManager.getToken();
-      
-      expect(token2).toBe(token1);
-    });
-
-    it('should reject insecure default token', () => {
-      process.env.F2A_CONTROL_TOKEN = 'f2a-default-token';
-
-      // 应该抛出错误
-      expect(() => tokenManager.getToken()).toThrow('Insecure token detected');
-
-      delete process.env.F2A_CONTROL_TOKEN;
-    });
-  });
-
-  describe('verifyToken', () => {
-    it('should return true for valid token', () => {
-      const token = tokenManager.getToken();
-      
-      expect(tokenManager.verifyToken(token)).toBe(true);
-    });
-
-    it('should return false for invalid token', () => {
-      tokenManager.getToken(); // 确保有 token
-      
-      expect(tokenManager.verifyToken('wrong-token')).toBe(false);
-    });
-
-    it('should return false for undefined token', () => {
-      tokenManager.getToken();
-      
-      expect(tokenManager.verifyToken(undefined)).toBe(false);
-    });
-
-    it('should return false for empty string', () => {
-      tokenManager.getToken();
-      
-      expect(tokenManager.verifyToken('')).toBe(false);
-    });
-  });
-
-  describe('getTokenPath', () => {
-    it('should return correct path', () => {
-      const path = tokenManager.getTokenPath();
-      
-      expect(path).toContain('control-token');
-      expect(path).toBe(join(tempDir, 'control-token'));
-    });
-  });
-
-  describe('token format', () => {
-    it('should generate token with correct format', () => {
-      const token = tokenManager.getToken();
-      
-      // 格式: f2a-[64 hex chars]
-      expect(token).toMatch(/^f2a-[a-f0-9]{64}$/);
-    });
-
-    it('should generate unique tokens for different instances', () => {
-      const token1 = new TokenManager(join(tempDir, 'a')).getToken();
-      const token2 = new TokenManager(join(tempDir, 'b')).getToken();
-      
-      expect(token1).not.toBe(token2);
-    });
-  });
-});

package/src/core/token-manager.ts

@@ -1,140 +0,0 @@
-import { existsSync, readFileSync, writeFileSync, mkdirSync, appendFileSync } from 'fs';
-import { join, dirname } from 'path';
-import { randomBytes, timingSafeEqual } from 'crypto';
-import { homedir } from 'os';
-import { Logger } from '../utils/logger.js';
-
-/**
- * Token 管理器
- * 负责生成、存储和验证 F2A 控制 Token
- */
-export class TokenManager {
-  private tokenPath: string;
-  private token: string | null = null;
-  private logger: Logger;
-
-  constructor(dataDir?: string) {
-    this.logger = new Logger({ component: 'TokenManager' });
-    // 默认存储在用户主目录的 .f2a 文件夹
-    const baseDir = dataDir || join(homedir(), '.f2a');
-    this.tokenPath = join(baseDir, 'control-token');
-
-    // 确保目录存在
-    const dir = join(baseDir);
-    if (!existsSync(dir)) {
-      mkdirSync(dir, { recursive: true });
-    }
-  }
-
-  /**
-   * 获取或生成 Token
-   * 优先从环境变量读取，其次从文件读取，最后生成新的
-   */
-  getToken(): string {
-    // 1. 优先使用环境变量
-    const envToken = process.env.F2A_CONTROL_TOKEN;
-    if (envToken) {
-      // 检查是否为不安全默认值
-      if (envToken === 'f2a-default-token') {
-        this.logger.error('F2A_CONTROL_TOKEN is using the insecure default value!');
-        this.logger.error('Please set a secure token: export F2A_CONTROL_TOKEN=$(openssl rand -hex 32)');
-        throw new Error(
-          'Insecure token detected. F2A_CONTROL_TOKEN cannot use the default value "f2a-default-token". ' +
-          'Please set a secure token: export F2A_CONTROL_TOKEN=$(openssl rand -hex 32)'
-        );
-      }
-      this.token = envToken;
-      return envToken;
-    }
-
-    // 2. 从文件读取
-    if (existsSync(this.tokenPath)) {
-      const fileToken = readFileSync(this.tokenPath, 'utf-8').trim();
-      if (fileToken) {
-        this.token = fileToken;
-        return fileToken;
-      }
-    }
-
-    // 3. 生成新的随机 Token
-    const newToken = this.generateSecureToken();
-    this.saveToken(newToken);
-    this.token = newToken;
-
-    this.logger.info('Generated new control token', { path: this.tokenPath });
-    this.logger.info('To use a custom token, set F2A_CONTROL_TOKEN environment variable');
-
-    return newToken;
-  }
-
-  /**
-   * 验证 Token 是否有效
-   * 使用 timingSafeEqual 防止时序攻击
-   */
-  verifyToken(token: string | undefined): boolean {
-    if (!token) return false;
-    
-    const expectedToken = this.getToken();
-    
-    // 两个 token 长度必须相同
-    if (token.length !== expectedToken.length) {
-      return false;
-    }
-    
-    // 使用 timingSafeEqual 防止时序攻击
-    try {
-      return timingSafeEqual(
-        Buffer.from(token, 'utf-8'),
-        Buffer.from(expectedToken, 'utf-8')
-      );
-    } catch {
-      return false;
-    }
-  }
-
-  /**
-   * 记录 Token 使用审计日志
-   */
-  logTokenUsage(clientInfo: { ip?: string; action?: string; success: boolean }): void {
-    const auditPath = join(dirname(this.tokenPath), 'token-audit.log');
-    const entry = {
-      timestamp: new Date().toISOString(),
-      ...clientInfo
-    };
-    
-    try {
-      appendFileSync(auditPath, JSON.stringify(entry) + '\n', { mode: 0o600 });
-    } catch (error) {
-      this.logger.error('Failed to write audit log', { error });
-    }
-  }
-
-  /**
-   * 生成安全的随机 Token
-   */
-  private generateSecureToken(): string {
-    // 生成 32 字节 (64 字符) 的十六进制随机字符串
-    return 'f2a-' + randomBytes(32).toString('hex');
-  }
-
-  /**
-   * 保存 Token 到文件
-   */
-  private saveToken(token: string): void {
-    try {
-      writeFileSync(this.tokenPath, token, { mode: 0o600 }); // 仅所有者可读写
-    } catch (error) {
-      this.logger.error('Failed to save token', { error });
-    }
-  }
-
-  /**
-   * 获取 Token 文件路径
-   */
-  getTokenPath(): string {
-    return this.tokenPath;
-  }
-}
-
-// 单例导出
-export const defaultTokenManager = new TokenManager();