npm - @longarc/mdash - Versions diffs - 3.1.1 → 3.1.3 - Mend

@longarc/mdash 3.1.1 → 3.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (178) hide show

package/README.md +86 -23
package/SECURITY.md +254 -0
package/dist/accountability/engine.d.ts +27 -0
package/dist/accountability/engine.d.ts.map +1 -0
package/dist/accountability/engine.js +148 -0
package/dist/accountability/engine.js.map +1 -0
package/dist/accountability/types.d.ts +46 -0
package/dist/accountability/types.d.ts.map +1 -0
package/dist/accountability/types.js +8 -0
package/dist/accountability/types.js.map +1 -0
package/dist/checkpoint/engine.d.ts +2 -2
package/dist/checkpoint/engine.d.ts.map +1 -1
package/dist/checkpoint/engine.js +5 -1
package/dist/checkpoint/engine.js.map +1 -1
package/dist/context/compose.d.ts +62 -0
package/dist/context/compose.d.ts.map +1 -0
package/dist/context/compose.js +286 -0
package/dist/context/compose.js.map +1 -0
package/dist/context/crypto/hash.d.ts +100 -0
package/dist/context/crypto/hash.d.ts.map +1 -0
package/dist/context/crypto/hash.js +248 -0
package/dist/context/crypto/hash.js.map +1 -0
package/dist/context/crypto/hmac.d.ts +80 -0
package/dist/context/crypto/hmac.d.ts.map +1 -0
package/dist/context/crypto/hmac.js +192 -0
package/dist/context/crypto/hmac.js.map +1 -0
package/dist/context/crypto/index.d.ts +7 -0
package/dist/context/crypto/index.d.ts.map +1 -0
package/dist/context/crypto/index.js +7 -0
package/dist/context/crypto/index.js.map +1 -0
package/dist/context/engine-v3.0-backup.d.ts +197 -0
package/dist/context/engine-v3.0-backup.d.ts.map +1 -0
package/dist/context/engine-v3.0-backup.js +392 -0
package/dist/context/engine-v3.0-backup.js.map +1 -0
package/dist/context/engine.d.ts +2 -2
package/dist/context/engine.d.ts.map +1 -1
package/dist/context/engine.js +2 -2
package/dist/context/engine.js.map +1 -1
package/dist/context/fragment.d.ts +99 -0
package/dist/context/fragment.d.ts.map +1 -0
package/dist/context/fragment.js +316 -0
package/dist/context/fragment.js.map +1 -0
package/dist/context/index.d.ts +99 -0
package/dist/context/index.d.ts.map +1 -0
package/dist/context/index.js +180 -0
package/dist/context/index.js.map +1 -0
package/dist/context/provenance.d.ts +80 -0
package/dist/context/provenance.d.ts.map +1 -0
package/dist/context/provenance.js +294 -0
package/dist/context/provenance.js.map +1 -0
package/dist/context/resolve.d.ts +106 -0
package/dist/context/resolve.d.ts.map +1 -0
package/dist/context/resolve.js +440 -0
package/dist/context/resolve.js.map +1 -0
package/dist/context/store.d.ts +156 -0
package/dist/context/store.d.ts.map +1 -0
package/dist/context/store.js +396 -0
package/dist/context/store.js.map +1 -0
package/dist/context/types.d.ts +463 -0
package/dist/context/types.d.ts.map +1 -0
package/dist/context/types.js +94 -0
package/dist/context/types.js.map +1 -0
package/dist/context/utils/atomic.d.ts +76 -0
package/dist/context/utils/atomic.d.ts.map +1 -0
package/dist/context/utils/atomic.js +159 -0
package/dist/context/utils/atomic.js.map +1 -0
package/dist/context/utils/credit.d.ts +65 -0
package/dist/context/utils/credit.d.ts.map +1 -0
package/dist/context/utils/credit.js +164 -0
package/dist/context/utils/credit.js.map +1 -0
package/dist/context/utils/index.d.ts +13 -0
package/dist/context/utils/index.d.ts.map +1 -0
package/dist/context/utils/index.js +13 -0
package/dist/context/utils/index.js.map +1 -0
package/dist/context/utils/utility.d.ts +63 -0
package/dist/context/utils/utility.d.ts.map +1 -0
package/dist/context/utils/utility.js +141 -0
package/dist/context/utils/utility.js.map +1 -0
package/dist/core/commitment.d.ts +26 -3
package/dist/core/commitment.d.ts.map +1 -1
package/dist/core/commitment.js +45 -7
package/dist/core/commitment.js.map +1 -1
package/dist/core/crypto.d.ts +2 -0
package/dist/core/crypto.d.ts.map +1 -1
package/dist/core/crypto.js +12 -0
package/dist/core/crypto.js.map +1 -1
package/dist/index.d.ts +11 -6
package/dist/index.d.ts.map +1 -1
package/dist/index.js +35 -10
package/dist/index.js.map +1 -1
package/dist/mcca/engine.d.ts.map +1 -1
package/dist/mcca/engine.js +5 -4
package/dist/mcca/engine.js.map +1 -1
package/dist/physics/engine.d.ts +3 -2
package/dist/physics/engine.d.ts.map +1 -1
package/dist/physics/engine.js +37 -3
package/dist/physics/engine.js.map +1 -1
package/dist/provenance/api-handler.d.ts +45 -0
package/dist/provenance/api-handler.d.ts.map +1 -0
package/dist/provenance/api-handler.js +223 -0
package/dist/provenance/api-handler.js.map +1 -0
package/dist/provenance/api-types.d.ts +108 -0
package/dist/provenance/api-types.d.ts.map +1 -0
package/dist/provenance/api-types.js +9 -0
package/dist/provenance/api-types.js.map +1 -0
package/dist/provenance/index.d.ts +6 -0
package/dist/provenance/index.d.ts.map +1 -0
package/dist/provenance/index.js +3 -0
package/dist/provenance/index.js.map +1 -0
package/dist/provenance/provenance-engine.d.ts +63 -0
package/dist/provenance/provenance-engine.d.ts.map +1 -0
package/dist/provenance/provenance-engine.js +311 -0
package/dist/provenance/provenance-engine.js.map +1 -0
package/dist/provenance/types.d.ts +193 -0
package/dist/provenance/types.d.ts.map +1 -0
package/dist/provenance/types.js +9 -0
package/dist/provenance/types.js.map +1 -0
package/dist/tee/engine.d.ts.map +1 -1
package/dist/tee/engine.js +14 -0
package/dist/tee/engine.js.map +1 -1
package/dist/warrant/engine.d.ts +24 -1
package/dist/warrant/engine.d.ts.map +1 -1
package/dist/warrant/engine.js +76 -1
package/dist/warrant/engine.js.map +1 -1
package/dist/zk/engine.d.ts.map +1 -1
package/dist/zk/engine.js +7 -4
package/dist/zk/engine.js.map +1 -1
package/docs/SECURITY-PATCHES.md +170 -0
package/package.json +17 -5
package/src/__tests__/accountability.test.ts +308 -0
package/src/__tests__/l1-verification-modes.test.ts +424 -0
package/src/__tests__/phase1.benchmark.test.ts +94 -0
package/src/__tests__/phase1.test.ts +0 -77
package/src/__tests__/phase2-4.benchmark.test.ts +60 -0
package/src/__tests__/phase2-4.test.ts +1 -52
package/src/__tests__/provenance/api-handler.test.ts +356 -0
package/src/__tests__/provenance/provenance-engine.test.ts +628 -0
package/src/__tests__/sa-2026-008.test.ts +45 -0
package/src/__tests__/sa-2026-009.test.ts +86 -0
package/src/__tests__/sa-2026-010.test.ts +72 -0
package/src/__tests__/sa-2026-012.test.ts +65 -0
package/src/__tests__/sa-2026-nfc.test.ts +40 -0
package/src/__tests__/security.test.ts +786 -0
package/src/accountability/engine.ts +230 -0
package/src/accountability/types.ts +58 -0
package/src/checkpoint/engine.ts +6 -2
package/src/context/__tests__/caret-v0.2.0.test.ts +860 -0
package/src/context/__tests__/integration.test.ts +356 -0
package/src/context/compose.ts +388 -0
package/src/context/crypto/hash.ts +277 -0
package/src/context/crypto/hmac.ts +253 -0
package/src/context/crypto/index.ts +29 -0
package/src/context/engine-v3.0-backup.ts +598 -0
package/src/context/engine.ts +2 -2
package/src/context/fragment.ts +454 -0
package/src/context/index.ts +427 -0
package/src/context/provenance.ts +380 -0
package/src/context/resolve.ts +581 -0
package/src/context/store.ts +503 -0
package/src/context/types.ts +679 -0
package/src/context/utils/atomic.ts +207 -0
package/src/context/utils/credit.ts +224 -0
package/src/context/utils/index.ts +13 -0
package/src/context/utils/utility.ts +200 -0
package/src/core/commitment.ts +130 -68
package/src/core/crypto.ts +13 -0
package/src/index.ts +62 -10
package/src/mcca/engine.ts +5 -4
package/src/physics/engine.ts +42 -5
package/src/provenance/api-handler.ts +248 -0
package/src/provenance/api-types.ts +112 -0
package/src/provenance/index.ts +19 -0
package/src/provenance/provenance-engine.ts +387 -0
package/src/provenance/types.ts +211 -0
package/src/tee/engine.ts +16 -0
package/src/warrant/engine.ts +89 -1
package/src/zk/engine.ts +8 -4
package/tsconfig.json +1 -1

package/src/context/__tests__/integration.test.ts ADDED Viewed

@@ -0,0 +1,356 @@
+/**
+ * mdash v3.1 - Context Module Integration Tests
+ * Validates the Caret → mdash merge
+ *
+ * @version 3.1.0
+ */
+import { describe, it, expect, beforeAll } from 'vitest';
+// These imports validate the merge structure
+import type {
+  ContextFragment,
+  InfluenceBudget,
+  InfluenceConstraint,
+  Manifold,
+  Outcome,
+  Hash,
+  FragmentId,
+  Seal,
+  Timestamp,
+  Attribution,
+  MdashActionCode,
+} from '../types.js';
+import {
+  isHash,
+  isFragmentId,
+  isTimestamp,
+  isTrustLevel,
+  isTokenCount,
+  isContextFragment,
+  isValidInfluenceBudget,
+  sumInfluence,
+  isMdashActionCode,
+  DEFAULT_TRUST_LEVELS,
+  DEFAULT_MCCA_BUDGET,
+} from '../types.js';
+import {
+  maxAge,
+  notBefore,
+  notAfter,
+  allowDomains,
+  requireTrust,
+  requireSignature,
+  requireInfluence,
+  requireMCCA,
+  VERSION,
+  FORMERLY,
+} from '../index.js';
+describe('Context Module Integration', () => {
+  describe('Version Info', () => {
+    it('exports correct version', () => {
+      expect(VERSION).toBe('3.1.0');
+    });
+    it('acknowledges Caret heritage', () => {
+      expect(FORMERLY).toBe('Caret v0.2.0');
+    });
+  });
+  describe('Type Guards', () => {
+    it('validates Hash format', () => {
+      const validHash = 'a'.repeat(64);
+      const invalidHash = 'short';
+      expect(isHash(validHash)).toBe(true);
+      expect(isHash(invalidHash)).toBe(false);
+    });
+    it('validates FragmentId format (UUID v4)', () => {
+      const validId = '123e4567-e89b-4d3c-8456-426614174000';
+      const invalidId = 'not-a-uuid';
+      expect(isFragmentId(validId)).toBe(true);
+      expect(isFragmentId(invalidId)).toBe(false);
+    });
+    it('validates Timestamp format (ISO-8601)', () => {
+      const validTs = '2026-01-28T12:00:00.000Z';
+      const invalidTs = 'not-a-date';
+      expect(isTimestamp(validTs)).toBe(true);
+      expect(isTimestamp(invalidTs)).toBe(false);
+    });
+    it('validates TrustLevel range (0-100)', () => {
+      expect(isTrustLevel(50)).toBe(true);
+      expect(isTrustLevel(0)).toBe(true);
+      expect(isTrustLevel(100)).toBe(true);
+      expect(isTrustLevel(-1)).toBe(false);
+      expect(isTrustLevel(101)).toBe(false);
+    });
+    it('validates MdashActionCode', () => {
+      expect(isMdashActionCode('INVOKE')).toBe(true);
+      expect(isMdashActionCode('APPROVE')).toBe(true);
+      expect(isMdashActionCode('ATTEST')).toBe(true);
+      expect(isMdashActionCode('REVOKE')).toBe(true);
+      expect(isMdashActionCode('CHECKPOINT')).toBe(true);
+      expect(isMdashActionCode('ESCALATE')).toBe(true);
+      expect(isMdashActionCode('TERMINATE')).toBe(true);
+      expect(isMdashActionCode('INVALID')).toBe(false);
+    });
+  });
+  describe('MCCA Influence Budget', () => {
+    it('exports default MCCA budget', () => {
+      expect(DEFAULT_MCCA_BUDGET).toEqual({
+        system: 0.45,
+        user: 0.30,
+        environment: 0.15,
+        assistant: 0.10,
+      });
+    });
+    it('validates compliant budget', () => {
+      const compliant: InfluenceBudget = {
+        system: 0.45,
+        user: 0.30,
+        environment: 0.15,
+        assistant: 0.10,
+      };
+      expect(isValidInfluenceBudget(compliant)).toBe(true);
+      expect(sumInfluence(compliant)).toBeCloseTo(1.0);
+    });
+    it('rejects non-compliant budget (system too low)', () => {
+      const nonCompliant: InfluenceBudget = {
+        system: 0.30, // Below 0.40 minimum
+        user: 0.40,
+        environment: 0.20,
+        assistant: 0.10,
+      };
+      expect(isValidInfluenceBudget(nonCompliant)).toBe(false);
+    });
+    it('rejects non-compliant budget (user too high)', () => {
+      const nonCompliant: InfluenceBudget = {
+        system: 0.40,
+        user: 0.40, // Above 0.35 maximum
+        environment: 0.10,
+        assistant: 0.10,
+      };
+      expect(isValidInfluenceBudget(nonCompliant)).toBe(false);
+    });
+    it('rejects non-compliant budget (does not sum to 1.0)', () => {
+      const nonCompliant: InfluenceBudget = {
+        system: 0.50,
+        user: 0.30,
+        environment: 0.15,
+        assistant: 0.10,
+      };
+      expect(sumInfluence(nonCompliant)).toBeCloseTo(1.05);
+      expect(isValidInfluenceBudget(nonCompliant)).toBe(false);
+    });
+  });
+  describe('Constraint Builders', () => {
+    it('builds maxAge constraint', () => {
+      const constraint = maxAge(3600000);
+      expect(constraint.kind).toBe('time');
+      expect(constraint.max_age_ms).toBe(3600000);
+    });
+    it('builds notBefore constraint', () => {
+      const ts = '2026-01-28T00:00:00.000Z';
+      const constraint = notBefore(ts);
+      expect(constraint.kind).toBe('time');
+      expect(constraint.not_before).toBe(ts);
+    });
+    it('builds notAfter constraint', () => {
+      const ts = '2026-12-31T23:59:59.999Z';
+      const constraint = notAfter(ts);
+      expect(constraint.kind).toBe('time');
+      expect(constraint.not_after).toBe(ts);
+    });
+    it('builds allowDomains constraint', () => {
+      const constraint = allowDomains('mdash.sh', 'longarcstudios.com');
+      expect(constraint.kind).toBe('scope');
+      expect(constraint.allowed_domains).toEqual(['mdash.sh', 'longarcstudios.com']);
+    });
+    it('builds requireTrust constraint', () => {
+      const constraint = requireTrust(70);
+      expect(constraint.kind).toBe('trust');
+      expect(constraint.minimum_trust).toBe(70);
+    });
+    it('builds requireSignature constraint', () => {
+      const constraint = requireSignature(['signer1', 'signer2']);
+      expect(constraint.kind).toBe('signature');
+      expect(constraint.required).toBe(true);
+      expect(constraint.allowed_signers).toEqual(['signer1', 'signer2']);
+    });
+    it('builds requireInfluence constraint', () => {
+      const budget: InfluenceBudget = {
+        system: 0.45,
+        user: 0.30,
+        environment: 0.15,
+        assistant: 0.10,
+      };
+      const constraint = requireInfluence(budget, 'strict');
+      expect(constraint.kind).toBe('influence');
+      expect(constraint.budget).toEqual(budget);
+      expect(constraint.enforcement).toBe('strict');
+    });
+    it('builds requireMCCA constraint with defaults', () => {
+      const constraint = requireMCCA();
+      expect(constraint.kind).toBe('influence');
+      expect(constraint.budget.system).toBe(0.45);
+      expect(constraint.budget.user).toBe(0.30);
+      expect(constraint.budget.environment).toBe(0.15);
+      expect(constraint.budget.assistant).toBe(0.10);
+      expect(constraint.enforcement).toBe('strict');
+    });
+    it('builds requireMCCA constraint with overrides', () => {
+      const constraint = requireMCCA({ system: 0.50, user: 0.25 });
+      expect(constraint.budget.system).toBe(0.50);
+      expect(constraint.budget.user).toBe(0.25);
+      expect(constraint.budget.environment).toBe(0.15);
+      expect(constraint.budget.assistant).toBe(0.10);
+    });
+  });
+  describe('Trust Levels', () => {
+    it('exports default trust levels', () => {
+      expect(DEFAULT_TRUST_LEVELS.system).toBe(100);
+      expect(DEFAULT_TRUST_LEVELS.operator).toBe(90);
+      expect(DEFAULT_TRUST_LEVELS.user).toBe(70);
+      expect(DEFAULT_TRUST_LEVELS.derived).toBe(60);
+      expect(DEFAULT_TRUST_LEVELS.agent).toBe(50);
+      expect(DEFAULT_TRUST_LEVELS.external).toBe(30);
+    });
+  });
+  describe('ContextFragment Validation', () => {
+    it('validates complete fragment structure', () => {
+      const validFragment = {
+        id: '123e4567-e89b-4d3c-8456-426614174000',
+        hash: 'a'.repeat(64),
+        content: {
+          type: 'text',
+          data: 'Hello, world!',
+          token_count: 3,
+        },
+        provenance: {
+          source: 'test://example',
+          attribution: 'system',
+          trust_level: 100,
+          timestamp: '2026-01-28T12:00:00.000Z',
+          parent_hash: null,
+        },
+        sealed_at: '2026-01-28T12:00:00.000Z',
+        seal: 'seal-value',
+        constraints: [],
+        version: 'v3.1',
+      };
+      expect(isContextFragment(validFragment)).toBe(true);
+    });
+    it('rejects fragment with invalid hash', () => {
+      const invalidFragment = {
+        id: '123e4567-e89b-4d3c-8456-426614174000',
+        hash: 'short',
+        content: {},
+        provenance: {},
+        sealed_at: '2026-01-28T12:00:00.000Z',
+        seal: 'seal',
+        constraints: [],
+        version: 'v3.1',
+      };
+      expect(isContextFragment(invalidFragment)).toBe(false);
+    });
+  });
+});
+describe('Security Invariants', () => {
+  describe('INV-005: MCCA bounds are hard limits', () => {
+    it('system influence must be >= 0.40', () => {
+      const lowSystem: InfluenceBudget = {
+        system: 0.39,
+        user: 0.31,
+        environment: 0.20,
+        assistant: 0.10,
+      };
+      expect(isValidInfluenceBudget(lowSystem)).toBe(false);
+    });
+    it('user influence must be <= 0.35', () => {
+      const highUser: InfluenceBudget = {
+        system: 0.40,
+        user: 0.36,
+        environment: 0.14,
+        assistant: 0.10,
+      };
+      expect(isValidInfluenceBudget(highUser)).toBe(false);
+    });
+    it('environment influence must be <= 0.20', () => {
+      const highEnv: InfluenceBudget = {
+        system: 0.40,
+        user: 0.28,
+        environment: 0.22,
+        assistant: 0.10,
+      };
+      expect(isValidInfluenceBudget(highEnv)).toBe(false);
+    });
+    it('assistant influence must be <= 0.25', () => {
+      const highAst: InfluenceBudget = {
+        system: 0.40,
+        user: 0.23,
+        environment: 0.11,
+        assistant: 0.26,
+      };
+      expect(isValidInfluenceBudget(highAst)).toBe(false);
+    });
+  });
+  describe('INV-008: Tool outputs never become system context', () => {
+    it('tool attribution has lower trust than system', () => {
+      // In the unified model, tool maps to 'external' or environment influence
+      // External trust: 30, System trust: 100
+      expect(DEFAULT_TRUST_LEVELS.external).toBeLessThan(DEFAULT_TRUST_LEVELS.system);
+    });
+  });
+});