@intentproof/sdk 0.1.3 → 0.2.0

package/dist/instrumentation.d.ts

@@ -0,0 +1,6 @@
+export declare function runWithCorrelationId<T>(id: string, fn: () => T): T;
+export declare function pushSubjectMapping(sourceId: string, subjectType: string, subjectId: string): void;
+export declare function wrap<T extends (...args: any[]) => any>(options: {
+    intent: string;
+    action: string;
+}, fn: T): (...args: Parameters<T>) => Promise<ReturnType<T>>;

package/dist/instrumentation.js

@@ -0,0 +1,129 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runWithCorrelationId = runWithCorrelationId;
+exports.pushSubjectMapping = pushSubjectMapping;
+exports.wrap = wrap;
+const async_hooks_1 = require("async_hooks");
+const ulid_1 = require("ulid");
+const client_1 = require("./client");
+const signing_1 = require("./signing");
+const correlationStorage = new async_hooks_1.AsyncLocalStorage();
+function runWithCorrelationId(id, fn) {
+    return correlationStorage.run(id, fn);
+}
+function pushSubjectMapping(sourceId, subjectType, subjectId) {
+    void sourceId;
+    void subjectType;
+    void subjectId;
+}
+function isoTimestamp(ms) {
+    return new Date(ms).toISOString();
+}
+function untrustedPayload(inputs, output, status) {
+    if (inputs.length > 0) {
+        return true;
+    }
+    return status === 'ok' && output !== null && output !== undefined;
+}
+function toError(value) {
+    return value instanceof Error ? value : new Error(String(value));
+}
+function logExecutionRecordFailure(recordError) {
+    const msg = recordError instanceof Error ? recordError.message : String(recordError);
+    console.warn(`[intentproof] execution record failed: ${msg}`);
+}
+/** Attach a recording failure without replacing an existing customer cause. */
+function attachRecordingFailureCause(thrownError, recordError) {
+    const recording = toError(recordError);
+    const priorCause = thrownError.cause;
+    if (priorCause === undefined) {
+        thrownError.cause = recording;
+        return thrownError;
+    }
+    if (recording.cause === undefined) {
+        recording.cause = priorCause;
+    }
+    thrownError.cause = recording;
+    return thrownError;
+}
+function wrap(options, fn) {
+    return async function (...args) {
+        const t0 = Date.now();
+        const correlationId = correlationStorage.getStore() || 'req_' + (0, ulid_1.ulid)();
+        const eventId = (0, ulid_1.ulid)();
+        let result;
+        let status = 'ok';
+        let errorObj = null;
+        let thrownError;
+        let didThrow = false;
+        try {
+            result = await fn(...args);
+        }
+        catch (e) {
+            didThrow = true;
+            status = 'error';
+            errorObj = { message: e?.message ?? String(e) };
+            thrownError = e;
+        }
+        const t1 = Date.now();
+        try {
+            const outbox = (0, client_1.getOutbox)();
+            let chainPos = 1;
+            let prevHash = signing_1.SENTINEL_PREV_HASH;
+            const state = outbox.getChainState(correlationId);
+            if (state) {
+                chainPos = state.position + 1;
+                prevHash = state.hash;
+            }
+            const event = {
+                schema: 'intentproof.event.v1',
+                event_id: eventId,
+                tenant_id: (0, client_1.getTenantId)(),
+                instance_id: (0, client_1.getInstanceId)(),
+                correlation_id: correlationId,
+                provenance_class: 'sdk_attested_evidence',
+                prev_event_hash: prevHash,
+                chain_position: chainPos,
+                intent: options.intent,
+                action: options.action,
+                status,
+                started_at: isoTimestamp(t0),
+                completed_at: isoTimestamp(t1),
+                duration_ms: t1 - t0,
+                inputs: args,
+                output: status === 'ok' ? result : null,
+                error: errorObj,
+                attributes: {},
+                untrusted_payload: untrustedPayload(args, result, status),
+                spec_version: '1.0.0',
+                sdk_version: client_1.SDK_VERSION,
+            };
+            const signed = await (0, signing_1.signEvent)(event, (0, client_1.getPrivateKey)(), (0, client_1.getInstanceId)());
+            const hash = (0, signing_1.eventContentHash)(signed);
+            outbox.append(eventId, signed);
+            outbox.setChainState(correlationId, chainPos, hash);
+            const exporter = (0, client_1.getExporter)();
+            if (exporter) {
+                exporter.enqueue(signed);
+            }
+        }
+        catch (recordError) {
+            if (didThrow) {
+                if (thrownError instanceof Error) {
+                    throw attachRecordingFailureCause(thrownError, recordError);
+                }
+                if (thrownError !== undefined) {
+                    const err = new Error(String(thrownError));
+                    err.cause = recordError;
+                    throw err;
+                }
+                throw undefined;
+            }
+            logExecutionRecordFailure(recordError);
+        }
+        if (didThrow) {
+            throw thrownError;
+        }
+        return result;
+    };
+}

package/dist/outbox.d.ts

@@ -0,0 +1,11 @@
+export declare class Outbox {
+    private db;
+    constructor(dbPath: string);
+    append(eventId: string, body: any): void;
+    getEvents(): any[];
+    getChainState(correlationId: string): {
+        position: number;
+        hash: string;
+    } | null;
+    setChainState(correlationId: string, position: number, hash: string): void;
+}

package/dist/outbox.js

@@ -0,0 +1,53 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Outbox = void 0;
+const better_sqlite3_1 = __importDefault(require("better-sqlite3"));
+class Outbox {
+    db;
+    constructor(dbPath) {
+        this.db = new better_sqlite3_1.default(dbPath);
+        this.db.pragma('journal_mode = WAL');
+        this.db.exec(`
+      CREATE TABLE IF NOT EXISTS events (
+        event_id TEXT PRIMARY KEY,
+        body JSON NOT NULL
+      );
+    `);
+        this.db.exec(`
+      CREATE TABLE IF NOT EXISTS chains (
+        correlation_id TEXT PRIMARY KEY,
+        last_position INTEGER NOT NULL,
+        last_hash TEXT NOT NULL
+      );
+    `);
+    }
+    append(eventId, body) {
+        const stmt = this.db.prepare('INSERT INTO events (event_id, body) VALUES (?, ?)');
+        stmt.run(eventId, JSON.stringify(body));
+    }
+    getEvents() {
+        const stmt = this.db.prepare('SELECT body FROM events');
+        return stmt.all().map((r) => JSON.parse(r.body));
+    }
+    getChainState(correlationId) {
+        const stmt = this.db.prepare('SELECT last_position, last_hash FROM chains WHERE correlation_id = ?');
+        const row = stmt.get(correlationId);
+        if (!row)
+            return null;
+        return { position: row.last_position, hash: row.last_hash };
+    }
+    setChainState(correlationId, position, hash) {
+        const stmt = this.db.prepare(`
+      INSERT INTO chains (correlation_id, last_position, last_hash)
+      VALUES (?, ?, ?)
+      ON CONFLICT(correlation_id) DO UPDATE SET
+        last_position = excluded.last_position,
+        last_hash = excluded.last_hash
+    `);
+        stmt.run(correlationId, position, hash);
+    }
+}
+exports.Outbox = Outbox;

package/dist/signing.d.ts

@@ -0,0 +1,6 @@
+export declare const SENTINEL_PREV_HASH = "sha256:0000000000000000000000000000000000000000000000000000000000000000";
+export declare function canonicalizeEvent(event: Record<string, unknown>): string;
+export declare function eventContentHash(event: Record<string, unknown>): string;
+export declare function signEvent(event: Record<string, unknown>, privateKey: Uint8Array, instanceId: string): Promise<Record<string, unknown>>;
+export declare function verifyEventSignature(event: Record<string, unknown>, publicKey: Uint8Array): Promise<boolean>;
+export declare function loadPrivateKey(rawB64: string): Uint8Array;

package/dist/signing.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SENTINEL_PREV_HASH = void 0;
+exports.canonicalizeEvent = canonicalizeEvent;
+exports.eventContentHash = eventContentHash;
+exports.signEvent = signEvent;
+exports.verifyEventSignature = verifyEventSignature;
+exports.loadPrivateKey = loadPrivateKey;
+const ed25519_1 = require("@noble/ed25519");
+const canon_1 = require("./canon");
+exports.SENTINEL_PREV_HASH = 'sha256:0000000000000000000000000000000000000000000000000000000000000000';
+function canonicalizeEvent(event) {
+    const unsigned = { ...event };
+    delete unsigned.signature;
+    return (0, canon_1.canonicalizeIntentProof)(unsigned);
+}
+function eventContentHash(event) {
+    const canonical = canonicalizeEvent(event);
+    const digest = require('crypto')
+        .createHash('sha256')
+        .update(canonical, 'utf8')
+        .digest('hex');
+    return `sha256:${digest}`;
+}
+async function signEvent(event, privateKey, instanceId) {
+    const canonical = canonicalizeEvent(event);
+    const digest = require('crypto').createHash('sha256').update(canonical, 'utf8').digest();
+    const signature = await (0, ed25519_1.signAsync)(new Uint8Array(digest), privateKey);
+    return {
+        ...event,
+        signature: {
+            alg: 'ed25519',
+            key_id: `${instanceId}:k1`,
+            value: Buffer.from(signature).toString('base64'),
+        },
+    };
+}
+async function verifyEventSignature(event, publicKey) {
+    const sigBlock = event.signature;
+    if (!sigBlock?.value) {
+        return false;
+    }
+    const canonical = canonicalizeEvent(event);
+    const digest = require('crypto').createHash('sha256').update(canonical, 'utf8').digest();
+    try {
+        const sig = Buffer.from(sigBlock.value, 'base64');
+        return await (0, ed25519_1.verifyAsync)(sig, digest, publicKey);
+    }
+    catch {
+        return false;
+    }
+}
+function loadPrivateKey(rawB64) {
+    return new Uint8Array(Buffer.from(rawB64.trim(), 'base64'));
+}

package/package.json

@@ -1,84 +1,53 @@
 {
   "name": "@intentproof/sdk",
-  "version": "0.1.3",
-  "intentproofSpecVersion": "spec-v1.0.1",
-  "intentproofSpecCommit": "74ea3a23ea80dbe6549338d0612b543a26ebbaf1",
-  "description": "TypeScript SDK for IntentProof",
-  "license": "Apache-2.0",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/IntentProof/intentproof-sdk-node",
-    "directory": "packages/sdk"
-  },
-  "keywords": [
-    "IntentProof",
-    "intentproof",
-    "execution-events",
-    "telemetry",
-    "audit",
-    "typescript"
-  ],
-  "type": "module",
-  "main": "./dist/index.cjs",
-  "module": "./dist/index.js",
-  "types": "./dist/index.d.ts",
-  "exports": {
-    ".": {
-      "import": {
-        "types": "./dist/index.d.ts",
-        "default": "./dist/index.js"
-      },
-      "require": {
-        "types": "./dist/index.d.cts",
-        "default": "./dist/index.cjs"
-      },
-      "default": "./dist/index.js"
-    }
-  },
+  "version": "0.2.0",
+  "description": "Node.js SDK for signed IntentProof execution events",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
   "files": [
     "dist",
+    "README.md",
     "LICENSE",
-    "README.md"
+    "NOTICE"
   ],
-  "sideEffects": false,
-  "dependencies": {
-    "ajv": "^8.17.1",
-    "ajv-formats": "^3.0.1"
+  "directories": {
+    "test": "tests"
   },
   "scripts": {
-    "build": "tsup",
-    "dev": "tsup --watch",
-    "test": "vitest run",
-    "test:coverage": "vitest run --coverage",
-    "test:watch": "vitest",
-    "typecheck": "tsc --noEmit",
-    "lint": "eslint . --max-warnings 0",
-    "format": "prettier --write . ../../README.md",
-    "format:check": "prettier --check . ../../README.md",
-    "publint": "publint",
-    "sync-readme": "cp ../../README.md README.md",
-    "prepack": "npm run sync-readme",
-    "generate:types": "bash ../../scripts/generate-schema-types.sh",
-    "verify:types": "bash ../../scripts/verify-generated-types.sh",
-    "ci": "npm run sync-readme && bash ../../scripts/check-sdk-spec-pin.sh \"${INTENTPROOF_SPEC_ROOT:?}\" && bash ../../scripts/check-no-bundled-schema.sh && bash ../../scripts/check-no-handwritten-model-types.sh && npm run verify:types && npm run typecheck && npm run lint && npm run format:check && npm run test:coverage && npm run build && npm run publint"
+    "build": "tsc -p tsconfig.json",
+    "prepublishOnly": "npm run build",
+    "test": "TS_NODE_PREFER_TS_EXTS=true node -r ts-node/register --test tests/*.test.ts",
+    "test:coverage": "npm run build && node --experimental-test-coverage --test-coverage-include='dist/**/*.js' --test-coverage-exclude='dist/index.js' --test-coverage-lines=95 --test-coverage-branches=95 --test-coverage-functions=95 -r ts-node/register -r ./tests/preload-dist.cjs --test tests/*.test.ts"
   },
-  "devDependencies": {
-    "@eslint/js": "^10.0.1",
-    "@types/node": "^25.6.0",
-    "@vitest/coverage-v8": "^4.1.5",
-    "json-stable-stringify": "^1.0.1",
-    "eslint": "^10.3.0",
-    "eslint-config-prettier": "^10.1.8",
-    "globals": "^17.6.0",
-    "json-schema-to-typescript": "15.0.4",
-    "prettier": "^3.8.3",
-    "publint": "^0.3.18",
-    "tsup": "^8.5.1",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/IntentProof/intentproof-sdk-node.git"
+  },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true,
+    "registry": "https://registry.npmjs.org"
+  },
+  "keywords": [
+    "intentproof",
+    "provenance",
+    "sdk"
+  ],
+  "author": "IntentProof",
+  "license": "Apache-2.0",
+  "type": "commonjs",
+  "dependencies": {
+    "@noble/ed25519": "^3.1.0",
+    "better-sqlite3": "^12.0.0",
+    "json-canonicalize": "^2.0.0",
     "typescript": "^6.0.3",
-    "typescript-eslint": "^8.59.1",
-    "vitest": "^4.1.5"
+    "ulid": "^3.0.2"
   },
-  "engines": {
-    "node": ">=22"
+  "devDependencies": {
+    "@types/better-sqlite3": "^7.6.12",
+    "@types/node": "^25.7.0",
+    "ajv": "^8.20.0",
+    "ajv-formats": "^3.0.1",
+    "ts-node": "^10.9.2"
   }
 }