@highway1/core 0.1.39 → 0.1.41

package/src/trust/sybil-defense.ts

@@ -0,0 +1,232 @@
+/**
+ * Sybil Defense Mechanisms
+ *
+ * Protects the network from Sybil attacks through:
+ * - Entry cost (Hashcash challenges)
+ * - Progressive trust (rate limiting for new agents)
+ * - DHT region protection (prefer established peers)
+ */
+
+import { createLogger } from '../utils/logger.js';
+import { sha256 } from '@noble/hashes/sha256';
+import { bytesToHex } from '@noble/hashes/utils';
+
+const logger = createLogger('sybil-defense');
+
+/**
+ * Hashcash Challenge
+ */
+export interface Challenge {
+  did: string;
+  difficulty: number;  // Number of leading zero bits required
+  nonce: string;
+  timestamp: number;
+}
+
+/**
+ * Challenge Solution
+ */
+export interface ChallengeSolution {
+  challenge: Challenge;
+  solution: string;  // Nonce that produces required hash
+}
+
+/**
+ * Rate Limit Record
+ */
+interface RateLimitRecord {
+  did: string;
+  requests: number[];  // Timestamps of requests
+  firstSeen: number;
+}
+
+/**
+ * Peer Trust Level
+ */
+export type PeerTrustLevel = 'new' | 'established' | 'trusted';
+
+/**
+ * Sybil Defense Manager
+ */
+export class SybilDefense {
+  private rateLimits = new Map<string, RateLimitRecord>();
+  private peerFirstSeen = new Map<string, number>();
+  private readonly NEW_AGENT_WINDOW = 24 * 60 * 60 * 1000; // 24 hours
+  private readonly RATE_LIMIT_WINDOW = 60 * 60 * 1000; // 1 hour
+  private readonly MAX_REQUESTS_NEW = 10; // Max requests per hour for new agents
+  private readonly ESTABLISHED_THRESHOLD = 7 * 24 * 60 * 60 * 1000; // 7 days
+
+  /**
+   * Generate a Hashcash challenge for a new DID
+   */
+  generateChallenge(did: string, difficulty = 20): Challenge {
+    const nonce = this.generateNonce();
+    return {
+      did,
+      difficulty,
+      nonce,
+      timestamp: Date.now(),
+    };
+  }
+
+  /**
+   * Verify a Hashcash challenge solution
+   */
+  verifyChallenge(solution: ChallengeSolution): boolean {
+    const { challenge, solution: solutionNonce } = solution;
+
+    // Check challenge is not too old (valid for 1 hour)
+    if (Date.now() - challenge.timestamp > 60 * 60 * 1000) {
+      logger.warn('Challenge expired', { did: challenge.did });
+      return false;
+    }
+
+    // Compute hash
+    const data = `${challenge.did}:${challenge.nonce}:${solutionNonce}`;
+    const hash = sha256(new TextEncoder().encode(data));
+
+    // Check leading zeros
+    const leadingZeros = this.countLeadingZeroBits(hash);
+    const valid = leadingZeros >= challenge.difficulty;
+
+    if (valid) {
+      logger.info('Challenge verified', { did: challenge.did, leadingZeros });
+    } else {
+      logger.warn('Challenge failed', { did: challenge.did, leadingZeros, required: challenge.difficulty });
+    }
+
+    return valid;
+  }
+
+  /**
+   * Check if an agent should be rate limited
+   */
+  isRateLimited(did: string): boolean {
+    const record = this.rateLimits.get(did);
+    if (!record) {
+      return false;
+    }
+
+    const now = Date.now();
+    const agentAge = now - record.firstSeen;
+
+    // Only rate limit new agents
+    if (agentAge > this.NEW_AGENT_WINDOW) {
+      return false;
+    }
+
+    // Count recent requests
+    const recentRequests = record.requests.filter(
+      t => now - t < this.RATE_LIMIT_WINDOW
+    );
+
+    return recentRequests.length >= this.MAX_REQUESTS_NEW;
+  }
+
+  /**
+   * Record a request from an agent
+   */
+  recordRequest(did: string): void {
+    const now = Date.now();
+    let record = this.rateLimits.get(did);
+
+    if (!record) {
+      record = {
+        did,
+        requests: [],
+        firstSeen: now,
+      };
+      this.rateLimits.set(did, record);
+    }
+
+    // Add request timestamp
+    record.requests.push(now);
+
+    // Clean up old requests
+    record.requests = record.requests.filter(
+      t => now - t < this.RATE_LIMIT_WINDOW
+    );
+
+    logger.debug('Recorded request', { did, count: record.requests.length });
+  }
+
+  /**
+   * Get peer trust level based on age
+   */
+  getPeerTrustLevel(peerId: string): PeerTrustLevel {
+    const firstSeen = this.peerFirstSeen.get(peerId);
+    if (!firstSeen) {
+      return 'new';
+    }
+
+    const age = Date.now() - firstSeen;
+
+    if (age < this.NEW_AGENT_WINDOW) {
+      return 'new';
+    } else if (age < this.ESTABLISHED_THRESHOLD) {
+      return 'established';
+    } else {
+      return 'trusted';
+    }
+  }
+
+  /**
+   * Record first seen time for a peer
+   */
+  recordPeerSeen(peerId: string): void {
+    if (!this.peerFirstSeen.has(peerId)) {
+      this.peerFirstSeen.set(peerId, Date.now());
+      logger.debug('Recorded new peer', { peerId });
+    }
+  }
+
+  /**
+   * Clean up old records
+   */
+  cleanup(): void {
+    const now = Date.now();
+    const cutoff = now - this.NEW_AGENT_WINDOW;
+
+    // Clean up rate limits for old agents
+    for (const [did, record] of this.rateLimits.entries()) {
+      if (record.firstSeen < cutoff) {
+        this.rateLimits.delete(did);
+      }
+    }
+
+    logger.info('Cleaned up Sybil defense records', {
+      rateLimits: this.rateLimits.size,
+      peers: this.peerFirstSeen.size,
+    });
+  }
+
+  /**
+   * Generate a random nonce
+   */
+  private generateNonce(): string {
+    const bytes = new Uint8Array(16);
+    crypto.getRandomValues(bytes);
+    return bytesToHex(bytes);
+  }
+
+  /**
+   * Count leading zero bits in a hash
+   */
+  private countLeadingZeroBits(hash: Uint8Array): number {
+    let count = 0;
+    for (const byte of hash) {
+      if (byte === 0) {
+        count += 8;
+      } else {
+        // Count leading zeros in this byte
+        let b = byte;
+        while ((b & 0x80) === 0) {
+          count++;
+          b <<= 1;
+        }
+        break;
+      }
+    }
+    return count;
+  }
+}

package/src/trust/trust-score.ts

@@ -0,0 +1,136 @@
+/**
+ * Trust Score System
+ *
+ * Tracks agent reputation based on interactions, endorsements,
+ * and network behavior.
+ */
+
+/**
+ * Trust Score Metrics
+ */
+export interface TrustScore {
+  interactionScore: number;      // 0-1, based on successful interactions
+  endorsements: number;          // Count of endorsements
+  completionRate: number;        // % of completed tasks (0-1)
+  responseTime: number;          // Average response time (ms)
+  uptime: number;               // % of time online last 30 days (0-1)
+  lastUpdated: number;          // Timestamp
+}
+
+/**
+ * Interaction Record
+ */
+export interface Interaction {
+  agentDid: string;
+  timestamp: number;
+  type: 'message' | 'task' | 'query';
+  success: boolean;
+  responseTime: number;
+  rating?: number;              // 1-5 stars (optional user rating)
+  feedback?: string;
+}
+
+/**
+ * Interaction Statistics
+ */
+export interface InteractionStats {
+  totalInteractions: number;
+  successRate: number;
+  avgResponseTime: number;
+  lastInteraction: number;
+}
+
+/**
+ * Trust Metrics Calculator
+ */
+export class TrustMetrics {
+  /**
+   * Calculate trust score from interaction history
+   */
+  calculateScore(stats: InteractionStats, endorsements: number, uptime: number): TrustScore {
+    // Interaction score: weighted by success rate and volume
+    const volumeWeight = Math.min(stats.totalInteractions / 100, 1); // Cap at 100 interactions
+    const interactionScore = stats.successRate * volumeWeight;
+
+    // Completion rate is same as success rate for now
+    const completionRate = stats.successRate;
+
+    return {
+      interactionScore,
+      endorsements,
+      completionRate,
+      responseTime: stats.avgResponseTime,
+      uptime,
+      lastUpdated: Date.now(),
+    };
+  }
+
+  /**
+   * Calculate overall trust level (0-1)
+   */
+  calculateOverallTrust(score: TrustScore): number {
+    // Weighted average of different factors
+    const weights = {
+      interaction: 0.4,
+      endorsement: 0.2,
+      completion: 0.2,
+      uptime: 0.2,
+    };
+
+    const endorsementScore = Math.min(score.endorsements / 10, 1); // Cap at 10 endorsements
+
+    return (
+      score.interactionScore * weights.interaction +
+      endorsementScore * weights.endorsement +
+      score.completionRate * weights.completion +
+      score.uptime * weights.uptime
+    );
+  }
+
+  /**
+   * Get trust level category
+   */
+  getTrustLevel(score: TrustScore): 'new' | 'low' | 'medium' | 'high' | 'trusted' {
+    const overall = this.calculateOverallTrust(score);
+
+    if (score.interactionScore === 0) return 'new';
+    if (overall < 0.3) return 'low';
+    if (overall < 0.6) return 'medium';
+    if (overall < 0.8) return 'high';
+    return 'trusted';
+  }
+
+  /**
+   * Check if agent should be rate limited
+   */
+  shouldRateLimit(score: TrustScore, agentAge: number): boolean {
+    const overall = this.calculateOverallTrust(score);
+    const ONE_DAY = 24 * 60 * 60 * 1000;
+
+    // New agents (< 24 hours) with low trust
+    if (agentAge < ONE_DAY && overall < 0.3) {
+      return true;
+    }
+
+    // Very low trust regardless of age
+    if (overall < 0.1) {
+      return true;
+    }
+
+    return false;
+  }
+}
+
+/**
+ * Default trust score for new agents
+ */
+export function createDefaultTrustScore(): TrustScore {
+  return {
+    interactionScore: 0,
+    endorsements: 0,
+    completionRate: 0,
+    responseTime: 0,
+    uptime: 1.0, // Assume online initially
+    lastUpdated: Date.now(),
+  };
+}

package/src/utils/errors.ts

@@ -0,0 +1,38 @@
+export class ClawiverseError extends Error {
+  constructor(
+    message: string,
+    public code: string,
+    public details?: unknown
+  ) {
+    super(message);
+    this.name = 'ClawiverseError';
+  }
+}
+
+export class IdentityError extends ClawiverseError {
+  constructor(message: string, details?: unknown) {
+    super(message, 'IDENTITY_ERROR', details);
+    this.name = 'IdentityError';
+  }
+}
+
+export class TransportError extends ClawiverseError {
+  constructor(message: string, details?: unknown) {
+    super(message, 'TRANSPORT_ERROR', details);
+    this.name = 'TransportError';
+  }
+}
+
+export class DiscoveryError extends ClawiverseError {
+  constructor(message: string, details?: unknown) {
+    super(message, 'DISCOVERY_ERROR', details);
+    this.name = 'DiscoveryError';
+  }
+}
+
+export class MessagingError extends ClawiverseError {
+  constructor(message: string, details?: unknown) {
+    super(message, 'MESSAGING_ERROR', details);
+    this.name = 'MessagingError';
+  }
+}

package/src/utils/logger.ts

@@ -0,0 +1,48 @@
+export enum LogLevel {
+  DEBUG = 0,
+  INFO = 1,
+  WARN = 2,
+  ERROR = 3,
+}
+
+export class Logger {
+  private level: LogLevel;
+  private prefix: string;
+
+  constructor(prefix: string, level: LogLevel = LogLevel.INFO) {
+    this.prefix = prefix;
+    this.level = level;
+  }
+
+  setLevel(level: LogLevel): void {
+    this.level = level;
+  }
+
+  debug(message: string, ...args: unknown[]): void {
+    if (this.level <= LogLevel.DEBUG) {
+      console.debug(`[${this.prefix}] DEBUG:`, message, ...args);
+    }
+  }
+
+  info(message: string, ...args: unknown[]): void {
+    if (this.level <= LogLevel.INFO) {
+      console.info(`[${this.prefix}] INFO:`, message, ...args);
+    }
+  }
+
+  warn(message: string, ...args: unknown[]): void {
+    if (this.level <= LogLevel.WARN) {
+      console.warn(`[${this.prefix}] WARN:`, message, ...args);
+    }
+  }
+
+  error(message: string, ...args: unknown[]): void {
+    if (this.level <= LogLevel.ERROR) {
+      console.error(`[${this.prefix}] ERROR:`, message, ...args);
+    }
+  }
+}
+
+export const createLogger = (prefix: string, level?: LogLevel): Logger => {
+  return new Logger(prefix, level);
+};