@humanagencyp/hap-core 0.4.0 → 0.4.2

package/dist/index.d.mts

@@ -113,13 +113,14 @@ interface CumulativeFieldDef {
 type ExecutionContextFieldDef = DeclaredFieldDef | CumulativeFieldDef;
 /**
  * Gate question definition.
+ * @deprecated v0.4 uses a single intent gate with no profile-specific questions.
  */
 interface GateQuestion {
     question: string;
     required: boolean;
 }
 /**
- * Execution path definition within a profile.
+ * @deprecated Execution paths removed in v0.4. Kept for backward compatibility.
  */
 interface ExecutionPath {
     description: string;
@@ -166,12 +167,17 @@ interface AgentProfile {
     executionContextSchema: {
         fields: Record<string, ExecutionContextFieldDef>;
     };
-    executionPaths: Record<string, ExecutionPath>;
+    /** @deprecated Execution paths removed in v0.4. Kept for backward compatibility. */
+    executionPaths?: Record<string, ExecutionPath>;
     requiredGates: string[];
-    gateQuestions: {
-        problem: GateQuestion;
-        objective: GateQuestion;
-        tradeoffs: GateQuestion;
+    /**
+     * v0.4: no gateQuestions — intent prompt is universal, defined in the gateway UI.
+     * v0.3: profile-specific gate questions (deprecated).
+     */
+    gateQuestions?: {
+        problem?: GateQuestion;
+        objective?: GateQuestion;
+        tradeoffs?: GateQuestion;
     };
     ttl: {
         default: number;

package/dist/index.d.ts

@@ -113,13 +113,14 @@ interface CumulativeFieldDef {
 type ExecutionContextFieldDef = DeclaredFieldDef | CumulativeFieldDef;
 /**
  * Gate question definition.
+ * @deprecated v0.4 uses a single intent gate with no profile-specific questions.
  */
 interface GateQuestion {
     question: string;
     required: boolean;
 }
 /**
- * Execution path definition within a profile.
+ * @deprecated Execution paths removed in v0.4. Kept for backward compatibility.
  */
 interface ExecutionPath {
     description: string;
@@ -166,12 +167,17 @@ interface AgentProfile {
     executionContextSchema: {
         fields: Record<string, ExecutionContextFieldDef>;
     };
-    executionPaths: Record<string, ExecutionPath>;
+    /** @deprecated Execution paths removed in v0.4. Kept for backward compatibility. */
+    executionPaths?: Record<string, ExecutionPath>;
     requiredGates: string[];
-    gateQuestions: {
-        problem: GateQuestion;
-        objective: GateQuestion;
-        tradeoffs: GateQuestion;
+    /**
+     * v0.4: no gateQuestions — intent prompt is universal, defined in the gateway UI.
+     * v0.3: profile-specific gate questions (deprecated).
+     */
+    gateQuestions?: {
+        problem?: GateQuestion;
+        objective?: GateQuestion;
+        tradeoffs?: GateQuestion;
     };
     ttl: {
         default: number;

package/dist/index.js

@@ -309,21 +309,13 @@ async function verify(request, publicKeyHex, now = Math.floor(Date.now() / 1e3),
   }
 }
 async function verifyV3(request, profile, publicKeyHex, now, executionLog, errors) {
-  const pathId = request.frame.path;
-  if (typeof pathId !== "string") {
-    return { approved: false, errors: [{ code: "INVALID_PROFILE", message: "Missing path in frame" }] };
-  }
-  const executionPath = profile.executionPaths[pathId];
-  if (!executionPath) {
-    return { approved: false, errors: [{ code: "INVALID_PROFILE", message: `Unknown execution path: ${pathId}` }] };
-  }
   let expectedFrameHash;
   try {
     expectedFrameHash = computeFrameHash(request.frame, profile);
   } catch (err) {
     return { approved: false, errors: [{ code: "FRAME_MISMATCH", message: `Frame hash computation failed: ${err}` }] };
   }
-  const requiredDomains = executionPath.requiredDomains ?? [];
+  const requiredDomains = [];
   const coveredDomains = /* @__PURE__ */ new Set();
   for (const blob of request.attestations) {
     let attestation;
@@ -379,15 +371,7 @@ async function verifyV3(request, profile, publicKeyHex, now, executionLog, error
 async function verifyV4(request, profile, publicKeyHex, now, executionLog) {
   const errors = [];
   const bounds = request.frame;
-  const context = request.context ?? {};
-  const pathId = bounds.path;
-  if (typeof pathId !== "string") {
-    return { approved: false, errors: [{ code: "INVALID_PROFILE", message: "Missing path in bounds" }] };
-  }
-  const executionPath = profile.executionPaths[pathId];
-  if (!executionPath) {
-    return { approved: false, errors: [{ code: "INVALID_PROFILE", message: `Unknown execution path: ${pathId}` }] };
-  }
+  const context = request.context;
   let expectedBoundsHash;
   let expectedContextHash;
   try {
@@ -395,12 +379,14 @@ async function verifyV4(request, profile, publicKeyHex, now, executionLog) {
   } catch (err) {
     return { approved: false, errors: [{ code: "BOUNDS_MISMATCH", message: `Bounds hash computation failed: ${err}` }] };
   }
-  try {
-    expectedContextHash = computeContextHash(context, profile);
-  } catch (err) {
-    return { approved: false, errors: [{ code: "CONTEXT_MISMATCH", message: `Context hash computation failed: ${err}` }] };
+  if (context && Object.keys(context).length > 0) {
+    try {
+      expectedContextHash = computeContextHash(context, profile);
+    } catch (err) {
+      return { approved: false, errors: [{ code: "CONTEXT_MISMATCH", message: `Context hash computation failed: ${err}` }] };
+    }
   }
-  const requiredDomains = executionPath.requiredDomains ?? [];
+  const requiredDomains = [];
   const coveredDomains = /* @__PURE__ */ new Set();
   for (const blob of request.attestations) {
     let attestation;
@@ -422,7 +408,7 @@ async function verifyV4(request, profile, publicKeyHex, now, executionLog) {
       errors.push({ code: "BOUNDS_MISMATCH", message: "Attestation bounds_hash does not match computed bounds_hash" });
       continue;
     }
-    if (isV4Attestation(attestation)) {
+    if (isV4Attestation(attestation) && expectedContextHash) {
       try {
         verifyContextHash(attestation, expectedContextHash);
       } catch {
@@ -459,7 +445,7 @@ async function verifyV4(request, profile, publicKeyHex, now, executionLog) {
   if (boundsErrors.length > 0) {
     return { approved: false, errors: boundsErrors };
   }
-  if (profile.contextSchema && Object.keys(profile.contextSchema.fields).length > 0) {
+  if (context && profile.contextSchema && Object.keys(profile.contextSchema.fields).length > 0) {
     const contextErrors = checkContextConstraints(context, request.execution, profile);
     if (contextErrors.length > 0) {
       return { approved: false, errors: contextErrors };
@@ -603,12 +589,12 @@ function checkContextConstraints(context, execution, profile) {
 function resolveCumulativeFields(request, profile, executionLog, now) {
   const errors = [];
   const profileId = String(request.frame.profile);
-  const path = String(request.frame.path);
   const boundsOrFrame = request.frame;
   for (const [fieldName, fieldDef] of Object.entries(profile.executionContextSchema.fields)) {
     if (fieldDef.source !== "cumulative") continue;
     const cumDef = fieldDef;
     const { cumulativeField, window: windowType } = cumDef;
+    const path = request.frame.path ? String(request.frame.path) : "";
     const runningTotal = executionLog.sumByWindow(profileId, path, cumulativeField, windowType, now);
     let currentContribution;
     if (cumulativeField === "_count") {

package/dist/index.mjs

@@ -247,21 +247,13 @@ async function verify(request, publicKeyHex, now = Math.floor(Date.now() / 1e3),
   }
 }
 async function verifyV3(request, profile, publicKeyHex, now, executionLog, errors) {
-  const pathId = request.frame.path;
-  if (typeof pathId !== "string") {
-    return { approved: false, errors: [{ code: "INVALID_PROFILE", message: "Missing path in frame" }] };
-  }
-  const executionPath = profile.executionPaths[pathId];
-  if (!executionPath) {
-    return { approved: false, errors: [{ code: "INVALID_PROFILE", message: `Unknown execution path: ${pathId}` }] };
-  }
   let expectedFrameHash;
   try {
     expectedFrameHash = computeFrameHash(request.frame, profile);
   } catch (err) {
     return { approved: false, errors: [{ code: "FRAME_MISMATCH", message: `Frame hash computation failed: ${err}` }] };
   }
-  const requiredDomains = executionPath.requiredDomains ?? [];
+  const requiredDomains = [];
   const coveredDomains = /* @__PURE__ */ new Set();
   for (const blob of request.attestations) {
     let attestation;
@@ -317,15 +309,7 @@ async function verifyV3(request, profile, publicKeyHex, now, executionLog, error
 async function verifyV4(request, profile, publicKeyHex, now, executionLog) {
   const errors = [];
   const bounds = request.frame;
-  const context = request.context ?? {};
-  const pathId = bounds.path;
-  if (typeof pathId !== "string") {
-    return { approved: false, errors: [{ code: "INVALID_PROFILE", message: "Missing path in bounds" }] };
-  }
-  const executionPath = profile.executionPaths[pathId];
-  if (!executionPath) {
-    return { approved: false, errors: [{ code: "INVALID_PROFILE", message: `Unknown execution path: ${pathId}` }] };
-  }
+  const context = request.context;
   let expectedBoundsHash;
   let expectedContextHash;
   try {
@@ -333,12 +317,14 @@ async function verifyV4(request, profile, publicKeyHex, now, executionLog) {
   } catch (err) {
     return { approved: false, errors: [{ code: "BOUNDS_MISMATCH", message: `Bounds hash computation failed: ${err}` }] };
   }
-  try {
-    expectedContextHash = computeContextHash(context, profile);
-  } catch (err) {
-    return { approved: false, errors: [{ code: "CONTEXT_MISMATCH", message: `Context hash computation failed: ${err}` }] };
+  if (context && Object.keys(context).length > 0) {
+    try {
+      expectedContextHash = computeContextHash(context, profile);
+    } catch (err) {
+      return { approved: false, errors: [{ code: "CONTEXT_MISMATCH", message: `Context hash computation failed: ${err}` }] };
+    }
   }
-  const requiredDomains = executionPath.requiredDomains ?? [];
+  const requiredDomains = [];
   const coveredDomains = /* @__PURE__ */ new Set();
   for (const blob of request.attestations) {
     let attestation;
@@ -360,7 +346,7 @@ async function verifyV4(request, profile, publicKeyHex, now, executionLog) {
       errors.push({ code: "BOUNDS_MISMATCH", message: "Attestation bounds_hash does not match computed bounds_hash" });
       continue;
     }
-    if (isV4Attestation(attestation)) {
+    if (isV4Attestation(attestation) && expectedContextHash) {
       try {
         verifyContextHash(attestation, expectedContextHash);
       } catch {
@@ -397,7 +383,7 @@ async function verifyV4(request, profile, publicKeyHex, now, executionLog) {
   if (boundsErrors.length > 0) {
     return { approved: false, errors: boundsErrors };
   }
-  if (profile.contextSchema && Object.keys(profile.contextSchema.fields).length > 0) {
+  if (context && profile.contextSchema && Object.keys(profile.contextSchema.fields).length > 0) {
     const contextErrors = checkContextConstraints(context, request.execution, profile);
     if (contextErrors.length > 0) {
       return { approved: false, errors: contextErrors };
@@ -541,12 +527,12 @@ function checkContextConstraints(context, execution, profile) {
 function resolveCumulativeFields(request, profile, executionLog, now) {
   const errors = [];
   const profileId = String(request.frame.profile);
-  const path = String(request.frame.path);
   const boundsOrFrame = request.frame;
   for (const [fieldName, fieldDef] of Object.entries(profile.executionContextSchema.fields)) {
     if (fieldDef.source !== "cumulative") continue;
     const cumDef = fieldDef;
     const { cumulativeField, window: windowType } = cumDef;
+    const path = request.frame.path ? String(request.frame.path) : "";
     const runningTotal = executionLog.sumByWindow(profileId, path, cumulativeField, windowType, now);
     let currentContribution;
     if (cumulativeField === "_count") {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@humanagencyp/hap-core",
-  "version": "0.4.0",
+  "version": "0.4.2",
   "description": "Core types, cryptographic primitives, and verification logic for the Human Agency Protocol",
   "license": "MIT",
   "repository": {

package/src/gatekeeper.ts

@@ -94,16 +94,6 @@ async function verifyV3(
   executionLog: ExecutionLogQuery | undefined,
   errors: GatekeeperError[],
 ): Promise<GatekeeperResult> {
-  const pathId = request.frame.path;
-  if (typeof pathId !== 'string') {
-    return { approved: false, errors: [{ code: 'INVALID_PROFILE', message: 'Missing path in frame' }] };
-  }
-
-  const executionPath = profile.executionPaths[pathId];
-  if (!executionPath) {
-    return { approved: false, errors: [{ code: 'INVALID_PROFILE', message: `Unknown execution path: ${pathId}` }] };
-  }
-
   let expectedFrameHash: string;
   try {
     expectedFrameHash = computeFrameHash(request.frame, profile);
@@ -111,8 +101,8 @@ async function verifyV3(
     return { approved: false, errors: [{ code: 'FRAME_MISMATCH', message: `Frame hash computation failed: ${err}` }] };
   }
 
-  // Verify attestations
-  const requiredDomains = executionPath.requiredDomains ?? [];
+  // Verify attestations (domains come from SP group config in v0.4, not from profile)
+  const requiredDomains: string[] = [];
   const coveredDomains = new Set<string>();
 
   for (const blob of request.attestations) {
@@ -191,21 +181,11 @@ async function verifyV4(
 
   // In v0.4 the `frame` param carries bounds; `context` carries context params
   const bounds = request.frame as AgentBoundsParams;
-  const context: AgentContextParams = request.context ?? {};
-
-  const pathId = bounds.path;
-  if (typeof pathId !== 'string') {
-    return { approved: false, errors: [{ code: 'INVALID_PROFILE', message: 'Missing path in bounds' }] };
-  }
-
-  const executionPath = profile.executionPaths[pathId];
-  if (!executionPath) {
-    return { approved: false, errors: [{ code: 'INVALID_PROFILE', message: `Unknown execution path: ${pathId}` }] };
-  }
+  const context: AgentContextParams | undefined = request.context;
 
   // Compute expected hashes
   let expectedBoundsHash: string;
-  let expectedContextHash: string;
+  let expectedContextHash: string | undefined;
 
   try {
     expectedBoundsHash = computeBoundsHash(bounds, profile);
@@ -213,14 +193,18 @@ async function verifyV4(
     return { approved: false, errors: [{ code: 'BOUNDS_MISMATCH', message: `Bounds hash computation failed: ${err}` }] };
   }
 
-  try {
-    expectedContextHash = computeContextHash(context, profile);
-  } catch (err) {
-    return { approved: false, errors: [{ code: 'CONTEXT_MISMATCH', message: `Context hash computation failed: ${err}` }] };
+  // Context hash is only computed when context is explicitly provided.
+  // At execution time, context is not re-verified — it was checked at authorization time.
+  if (context && Object.keys(context).length > 0) {
+    try {
+      expectedContextHash = computeContextHash(context, profile);
+    } catch (err) {
+      return { approved: false, errors: [{ code: 'CONTEXT_MISMATCH', message: `Context hash computation failed: ${err}` }] };
+    }
   }
 
-  // Verify attestations (requiredDomains may be undefined in v0.4 — domains come from SP group config)
-  const requiredDomains = executionPath.requiredDomains ?? [];
+  // Verify attestations (domains come from SP group config, not profile)
+  const requiredDomains: string[] = [];
   const coveredDomains = new Set<string>();
 
   for (const blob of request.attestations) {
@@ -247,8 +231,8 @@ async function verifyV4(
       continue;
     }
 
-    // Verify context hash (only for v0.4 attestations that have context_hash)
-    if (isV4Attestation(attestation)) {
+    // Verify context hash (only when context was provided and hash was computed)
+    if (isV4Attestation(attestation) && expectedContextHash) {
       try {
         verifyContextHash(attestation, expectedContextHash);
       } catch {
@@ -295,7 +279,7 @@ async function verifyV4(
   }
 
   // Check context constraints using contextSchema
-  if (profile.contextSchema && Object.keys(profile.contextSchema.fields).length > 0) {
+  if (context && profile.contextSchema && Object.keys(profile.contextSchema.fields).length > 0) {
     const contextErrors = checkContextConstraints(context, request.execution, profile);
     if (contextErrors.length > 0) {
       return { approved: false, errors: contextErrors };
@@ -517,9 +501,8 @@ function resolveCumulativeFields(
 ): GatekeeperError[] {
   const errors: GatekeeperError[] = [];
 
-  // Profile ID and path come from bounds (v0.4) or frame (v0.3)
+  // Profile ID comes from bounds (v0.4) or frame (v0.3)
   const profileId = String(request.frame.profile);
-  const path = String(request.frame.path);
 
   // For v0.4, the bounds source (request.frame) holds the cumulative max fields
   const boundsOrFrame = request.frame;
@@ -530,6 +513,7 @@ function resolveCumulativeFields(
     const cumDef = fieldDef as CumulativeFieldDef;
     const { cumulativeField, window: windowType } = cumDef;
 
+    const path = request.frame.path ? String(request.frame.path) : '';
     const runningTotal = executionLog.sumByWindow(profileId, path, cumulativeField, windowType, now);
 
     let currentContribution: number;

package/src/types.ts

@@ -130,6 +130,7 @@ export type ExecutionContextFieldDef = DeclaredFieldDef | CumulativeFieldDef;
 
 /**
  * Gate question definition.
+ * @deprecated v0.4 uses a single intent gate with no profile-specific questions.
  */
 export interface GateQuestion {
   question: string;
@@ -137,11 +138,11 @@ export interface GateQuestion {
 }
 
 /**
- * Execution path definition within a profile.
+ * @deprecated Execution paths removed in v0.4. Kept for backward compatibility.
  */
 export interface ExecutionPath {
   description: string;
-  requiredDomains?: string[];  // v0.3: defined in profile. v0.4: moved to SP group config.
+  requiredDomains?: string[];
   ttl?: { default: number; max: number };
 }
 
@@ -187,14 +188,19 @@ export interface AgentProfile {
     fields: Record<string, ExecutionContextFieldDef>;
   };
 
-  executionPaths: Record<string, ExecutionPath>;
+  /** @deprecated Execution paths removed in v0.4. Kept for backward compatibility. */
+  executionPaths?: Record<string, ExecutionPath>;
 
   requiredGates: string[];
 
-  gateQuestions: {
-    problem: GateQuestion;
-    objective: GateQuestion;
-    tradeoffs: GateQuestion;
+  /**
+   * v0.4: no gateQuestions — intent prompt is universal, defined in the gateway UI.
+   * v0.3: profile-specific gate questions (deprecated).
+   */
+  gateQuestions?: {
+    problem?: GateQuestion;
+    objective?: GateQuestion;
+    tradeoffs?: GateQuestion;
   };
 
   ttl: { default: number; max: number };