npm - @longarc/mdash - Versions diffs - 3.1.1 → 3.1.3 - Mend

@longarc/mdash 3.1.1 → 3.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (178) hide show

package/README.md +86 -23
package/SECURITY.md +254 -0
package/dist/accountability/engine.d.ts +27 -0
package/dist/accountability/engine.d.ts.map +1 -0
package/dist/accountability/engine.js +148 -0
package/dist/accountability/engine.js.map +1 -0
package/dist/accountability/types.d.ts +46 -0
package/dist/accountability/types.d.ts.map +1 -0
package/dist/accountability/types.js +8 -0
package/dist/accountability/types.js.map +1 -0
package/dist/checkpoint/engine.d.ts +2 -2
package/dist/checkpoint/engine.d.ts.map +1 -1
package/dist/checkpoint/engine.js +5 -1
package/dist/checkpoint/engine.js.map +1 -1
package/dist/context/compose.d.ts +62 -0
package/dist/context/compose.d.ts.map +1 -0
package/dist/context/compose.js +286 -0
package/dist/context/compose.js.map +1 -0
package/dist/context/crypto/hash.d.ts +100 -0
package/dist/context/crypto/hash.d.ts.map +1 -0
package/dist/context/crypto/hash.js +248 -0
package/dist/context/crypto/hash.js.map +1 -0
package/dist/context/crypto/hmac.d.ts +80 -0
package/dist/context/crypto/hmac.d.ts.map +1 -0
package/dist/context/crypto/hmac.js +192 -0
package/dist/context/crypto/hmac.js.map +1 -0
package/dist/context/crypto/index.d.ts +7 -0
package/dist/context/crypto/index.d.ts.map +1 -0
package/dist/context/crypto/index.js +7 -0
package/dist/context/crypto/index.js.map +1 -0
package/dist/context/engine-v3.0-backup.d.ts +197 -0
package/dist/context/engine-v3.0-backup.d.ts.map +1 -0
package/dist/context/engine-v3.0-backup.js +392 -0
package/dist/context/engine-v3.0-backup.js.map +1 -0
package/dist/context/engine.d.ts +2 -2
package/dist/context/engine.d.ts.map +1 -1
package/dist/context/engine.js +2 -2
package/dist/context/engine.js.map +1 -1
package/dist/context/fragment.d.ts +99 -0
package/dist/context/fragment.d.ts.map +1 -0
package/dist/context/fragment.js +316 -0
package/dist/context/fragment.js.map +1 -0
package/dist/context/index.d.ts +99 -0
package/dist/context/index.d.ts.map +1 -0
package/dist/context/index.js +180 -0
package/dist/context/index.js.map +1 -0
package/dist/context/provenance.d.ts +80 -0
package/dist/context/provenance.d.ts.map +1 -0
package/dist/context/provenance.js +294 -0
package/dist/context/provenance.js.map +1 -0
package/dist/context/resolve.d.ts +106 -0
package/dist/context/resolve.d.ts.map +1 -0
package/dist/context/resolve.js +440 -0
package/dist/context/resolve.js.map +1 -0
package/dist/context/store.d.ts +156 -0
package/dist/context/store.d.ts.map +1 -0
package/dist/context/store.js +396 -0
package/dist/context/store.js.map +1 -0
package/dist/context/types.d.ts +463 -0
package/dist/context/types.d.ts.map +1 -0
package/dist/context/types.js +94 -0
package/dist/context/types.js.map +1 -0
package/dist/context/utils/atomic.d.ts +76 -0
package/dist/context/utils/atomic.d.ts.map +1 -0
package/dist/context/utils/atomic.js +159 -0
package/dist/context/utils/atomic.js.map +1 -0
package/dist/context/utils/credit.d.ts +65 -0
package/dist/context/utils/credit.d.ts.map +1 -0
package/dist/context/utils/credit.js +164 -0
package/dist/context/utils/credit.js.map +1 -0
package/dist/context/utils/index.d.ts +13 -0
package/dist/context/utils/index.d.ts.map +1 -0
package/dist/context/utils/index.js +13 -0
package/dist/context/utils/index.js.map +1 -0
package/dist/context/utils/utility.d.ts +63 -0
package/dist/context/utils/utility.d.ts.map +1 -0
package/dist/context/utils/utility.js +141 -0
package/dist/context/utils/utility.js.map +1 -0
package/dist/core/commitment.d.ts +26 -3
package/dist/core/commitment.d.ts.map +1 -1
package/dist/core/commitment.js +45 -7
package/dist/core/commitment.js.map +1 -1
package/dist/core/crypto.d.ts +2 -0
package/dist/core/crypto.d.ts.map +1 -1
package/dist/core/crypto.js +12 -0
package/dist/core/crypto.js.map +1 -1
package/dist/index.d.ts +11 -6
package/dist/index.d.ts.map +1 -1
package/dist/index.js +35 -10
package/dist/index.js.map +1 -1
package/dist/mcca/engine.d.ts.map +1 -1
package/dist/mcca/engine.js +5 -4
package/dist/mcca/engine.js.map +1 -1
package/dist/physics/engine.d.ts +3 -2
package/dist/physics/engine.d.ts.map +1 -1
package/dist/physics/engine.js +37 -3
package/dist/physics/engine.js.map +1 -1
package/dist/provenance/api-handler.d.ts +45 -0
package/dist/provenance/api-handler.d.ts.map +1 -0
package/dist/provenance/api-handler.js +223 -0
package/dist/provenance/api-handler.js.map +1 -0
package/dist/provenance/api-types.d.ts +108 -0
package/dist/provenance/api-types.d.ts.map +1 -0
package/dist/provenance/api-types.js +9 -0
package/dist/provenance/api-types.js.map +1 -0
package/dist/provenance/index.d.ts +6 -0
package/dist/provenance/index.d.ts.map +1 -0
package/dist/provenance/index.js +3 -0
package/dist/provenance/index.js.map +1 -0
package/dist/provenance/provenance-engine.d.ts +63 -0
package/dist/provenance/provenance-engine.d.ts.map +1 -0
package/dist/provenance/provenance-engine.js +311 -0
package/dist/provenance/provenance-engine.js.map +1 -0
package/dist/provenance/types.d.ts +193 -0
package/dist/provenance/types.d.ts.map +1 -0
package/dist/provenance/types.js +9 -0
package/dist/provenance/types.js.map +1 -0
package/dist/tee/engine.d.ts.map +1 -1
package/dist/tee/engine.js +14 -0
package/dist/tee/engine.js.map +1 -1
package/dist/warrant/engine.d.ts +24 -1
package/dist/warrant/engine.d.ts.map +1 -1
package/dist/warrant/engine.js +76 -1
package/dist/warrant/engine.js.map +1 -1
package/dist/zk/engine.d.ts.map +1 -1
package/dist/zk/engine.js +7 -4
package/dist/zk/engine.js.map +1 -1
package/docs/SECURITY-PATCHES.md +170 -0
package/package.json +17 -5
package/src/__tests__/accountability.test.ts +308 -0
package/src/__tests__/l1-verification-modes.test.ts +424 -0
package/src/__tests__/phase1.benchmark.test.ts +94 -0
package/src/__tests__/phase1.test.ts +0 -77
package/src/__tests__/phase2-4.benchmark.test.ts +60 -0
package/src/__tests__/phase2-4.test.ts +1 -52
package/src/__tests__/provenance/api-handler.test.ts +356 -0
package/src/__tests__/provenance/provenance-engine.test.ts +628 -0
package/src/__tests__/sa-2026-008.test.ts +45 -0
package/src/__tests__/sa-2026-009.test.ts +86 -0
package/src/__tests__/sa-2026-010.test.ts +72 -0
package/src/__tests__/sa-2026-012.test.ts +65 -0
package/src/__tests__/sa-2026-nfc.test.ts +40 -0
package/src/__tests__/security.test.ts +786 -0
package/src/accountability/engine.ts +230 -0
package/src/accountability/types.ts +58 -0
package/src/checkpoint/engine.ts +6 -2
package/src/context/__tests__/caret-v0.2.0.test.ts +860 -0
package/src/context/__tests__/integration.test.ts +356 -0
package/src/context/compose.ts +388 -0
package/src/context/crypto/hash.ts +277 -0
package/src/context/crypto/hmac.ts +253 -0
package/src/context/crypto/index.ts +29 -0
package/src/context/engine-v3.0-backup.ts +598 -0
package/src/context/engine.ts +2 -2
package/src/context/fragment.ts +454 -0
package/src/context/index.ts +427 -0
package/src/context/provenance.ts +380 -0
package/src/context/resolve.ts +581 -0
package/src/context/store.ts +503 -0
package/src/context/types.ts +679 -0
package/src/context/utils/atomic.ts +207 -0
package/src/context/utils/credit.ts +224 -0
package/src/context/utils/index.ts +13 -0
package/src/context/utils/utility.ts +200 -0
package/src/core/commitment.ts +130 -68
package/src/core/crypto.ts +13 -0
package/src/index.ts +62 -10
package/src/mcca/engine.ts +5 -4
package/src/physics/engine.ts +42 -5
package/src/provenance/api-handler.ts +248 -0
package/src/provenance/api-types.ts +112 -0
package/src/provenance/index.ts +19 -0
package/src/provenance/provenance-engine.ts +387 -0
package/src/provenance/types.ts +211 -0
package/src/tee/engine.ts +16 -0
package/src/warrant/engine.ts +89 -1
package/src/zk/engine.ts +8 -4
package/tsconfig.json +1 -1

package/src/context/provenance.ts ADDED Viewed

@@ -0,0 +1,380 @@
+/**
+ * Caret — Provenance Chain Implementation
+ * @module @longarcstudios/caret/provenance
+ *
+ * Immutable provenance tracking for context fragments.
+ * Every fragment knows exactly where it came from.
+ */
+import type {
+  ProvenanceRecord,
+  ProvenanceChain,
+  SourceURI,
+  Attribution,
+  TrustLevel,
+  Timestamp,
+  Hash,
+} from './types.js';
+import { sha256Object, rollingHash } from './crypto/hash.js';
+// ============================================================================
+// FACTORY FUNCTIONS
+// ============================================================================
+/**
+ * Create a new ProvenanceRecord.
+ */
+export async function createProvenanceRecord(options: {
+  source: SourceURI | string;
+  attribution: Attribution;
+  trust_level?: number;
+  parent_hash?: Hash | null;
+  signature?: string;
+}): Promise<ProvenanceRecord> {
+  const trust = validateTrustLevel(options.trust_level ?? getDefaultTrust(options.attribution));
+  return {
+    source: options.source as SourceURI,
+    attribution: options.attribution,
+    trust_level: trust,
+    timestamp: new Date().toISOString() as Timestamp,
+    parent_hash: options.parent_hash ?? null,
+    signature: options.signature,
+  };
+}
+/**
+ * Create a new ProvenanceChain with a single record.
+ */
+export async function createProvenanceChain(
+  record: ProvenanceRecord
+): Promise<ProvenanceChain> {
+  const chain_hash = await sha256Object(record);
+  return {
+    head: record,
+    tail: null,
+    length: 1,
+    chain_hash,
+  };
+}
+/**
+ * Extend an existing ProvenanceChain with a new record.
+ * Returns a new chain (immutable).
+ */
+export async function extendProvenanceChain(
+  chain: ProvenanceChain,
+  record: ProvenanceRecord
+): Promise<ProvenanceChain> {
+  // Update record's parent_hash to point to current chain
+  const linkedRecord: ProvenanceRecord = {
+    ...record,
+    parent_hash: chain.chain_hash,
+  };
+  // Compute new chain hash
+  const recordHash = await sha256Object(linkedRecord);
+  const chain_hash = await rollingHash([chain.chain_hash, recordHash]);
+  return {
+    head: linkedRecord,
+    tail: chain,
+    length: chain.length + 1,
+    chain_hash,
+  };
+}
+// ============================================================================
+// CHAIN OPERATIONS
+// ============================================================================
+/**
+ * Get all records in the chain as an array (head to tail).
+ */
+export function flattenChain(chain: ProvenanceChain): ProvenanceRecord[] {
+  const records: ProvenanceRecord[] = [];
+  let current: ProvenanceChain | null = chain;
+  while (current !== null) {
+    records.push(current.head);
+    current = current.tail;
+  }
+  return records;
+}
+/**
+ * Find a record in the chain by source URI.
+ */
+export function findBySource(
+  chain: ProvenanceChain,
+  source: SourceURI | string
+): ProvenanceRecord | null {
+  let current: ProvenanceChain | null = chain;
+  while (current !== null) {
+    if (current.head.source === source) {
+      return current.head;
+    }
+    current = current.tail;
+  }
+  return null;
+}
+/**
+ * Get the minimum trust level in the chain.
+ */
+export function getMinTrust(chain: ProvenanceChain): TrustLevel {
+  let min = chain.head.trust_level;
+  let current: ProvenanceChain | null = chain.tail;
+  while (current !== null) {
+    if (current.head.trust_level < min) {
+      min = current.head.trust_level;
+    }
+    current = current.tail;
+  }
+  return min;
+}
+/**
+ * Get the maximum trust level in the chain.
+ */
+export function getMaxTrust(chain: ProvenanceChain): TrustLevel {
+  let max = chain.head.trust_level;
+  let current: ProvenanceChain | null = chain.tail;
+  while (current !== null) {
+    if (current.head.trust_level > max) {
+      max = current.head.trust_level;
+    }
+    current = current.tail;
+  }
+  return max;
+}
+/**
+ * Check if chain contains a specific attribution type.
+ */
+export function hasAttribution(
+  chain: ProvenanceChain,
+  attribution: Attribution
+): boolean {
+  let current: ProvenanceChain | null = chain;
+  while (current !== null) {
+    if (current.head.attribution === attribution) {
+      return true;
+    }
+    current = current.tail;
+  }
+  return false;
+}
+/**
+ * Get all unique attributions in the chain.
+ */
+export function getAttributions(chain: ProvenanceChain): Attribution[] {
+  const attributions = new Set<Attribution>();
+  let current: ProvenanceChain | null = chain;
+  while (current !== null) {
+    attributions.add(current.head.attribution);
+    current = current.tail;
+  }
+  return Array.from(attributions);
+}
+// ============================================================================
+// CHAIN VERIFICATION
+// ============================================================================
+/**
+ * Verify the integrity of a provenance chain.
+ * Checks that all hash links are valid.
+ */
+export async function verifyChain(chain: ProvenanceChain): Promise<{
+  valid: boolean;
+  errors: string[];
+}> {
+  const errors: string[] = [];
+  // Single-record chain
+  if (chain.length === 1) {
+    const expectedHash = await sha256Object(chain.head);
+    if (expectedHash !== chain.chain_hash) {
+      errors.push('Chain hash mismatch for single-record chain');
+    }
+    return { valid: errors.length === 0, errors };
+  }
+  // Multi-record chain
+  let current: ProvenanceChain | null = chain;
+  const recordHashes: Hash[] = [];
+  while (current !== null) {
+    const recordHash = await sha256Object(current.head);
+    recordHashes.unshift(recordHash); // Add to front (we're traversing head to tail)
+    // Check parent_hash linkage
+    if (current.tail !== null && current.head.parent_hash !== current.tail.chain_hash) {
+      errors.push(`Parent hash mismatch at depth ${recordHashes.length}`);
+    }
+    current = current.tail;
+  }
+  // Verify rolling hash
+  const expectedChainHash = await computeChainHash(chain);
+  if (expectedChainHash !== chain.chain_hash) {
+    errors.push('Rolling chain hash verification failed');
+  }
+  return { valid: errors.length === 0, errors };
+}
+/**
+ * Recompute the chain hash from records.
+ */
+async function computeChainHash(chain: ProvenanceChain): Promise<Hash> {
+  if (chain.tail === null) {
+    return sha256Object(chain.head);
+  }
+  const tailHash = await computeChainHash(chain.tail);
+  const headHash = await sha256Object(chain.head);
+  return rollingHash([tailHash, headHash]);
+}
+// ============================================================================
+// CHAIN MERGING
+// ============================================================================
+/**
+ * Merge multiple provenance chains into one.
+ * Used when composing multiple fragments into a manifold.
+ *
+ * Strategy: Creates a new chain with all records, ordered by timestamp.
+ */
+export async function mergeChains(
+  chains: readonly ProvenanceChain[]
+): Promise<ProvenanceChain> {
+  if (chains.length === 0) {
+    throw new Error('Cannot merge empty chain array');
+  }
+  if (chains.length === 1) {
+    const first = chains[0];
+    if (!first) throw new Error('Invalid chain');
+    return first;
+  }
+  // Collect all records
+  const allRecords: ProvenanceRecord[] = [];
+  for (const chain of chains) {
+    allRecords.push(...flattenChain(chain));
+  }
+  // Sort by timestamp (oldest first)
+  allRecords.sort((a, b) =>
+    new Date(a.timestamp).getTime() - new Date(b.timestamp).getTime()
+  );
+  // Deduplicate by source + timestamp
+  const seen = new Set<string>();
+  const uniqueRecords = allRecords.filter(record => {
+    const key = `${record.source}:${record.timestamp}`;
+    if (seen.has(key)) return false;
+    seen.add(key);
+    return true;
+  });
+  // Build new chain
+  const firstRecord = uniqueRecords[0];
+  if (!firstRecord) {
+    throw new Error('No records to merge');
+  }
+  let result = await createProvenanceChain(firstRecord);
+  for (let i = 1; i < uniqueRecords.length; i++) {
+    const record = uniqueRecords[i];
+    if (record) {
+      result = await extendProvenanceChain(result, record);
+    }
+  }
+  return result;
+}
+// ============================================================================
+// UTILITY FUNCTIONS
+// ============================================================================
+/**
+ * Get default trust level for an attribution type.
+ */
+function getDefaultTrust(attribution: Attribution): number {
+  switch (attribution) {
+    case 'system':
+      return 100;
+    case 'operator':
+      return 90;
+    case 'user':
+      return 70;
+    case 'derived':
+      return 60;
+    case 'agent':
+      return 50;
+    case 'external':
+      return 30;
+    default:
+      return 50;
+  }
+}
+/**
+ * Validate and clamp trust level to 0-100.
+ */
+function validateTrustLevel(value: number): TrustLevel {
+  const clamped = Math.max(0, Math.min(100, Math.round(value)));
+  return clamped as TrustLevel;
+}
+/**
+ * Parse a source string into a SourceURI.
+ * Validates the format if strict mode is enabled.
+ */
+export function parseSourceURI(source: string, strict = false): SourceURI {
+  if (strict) {
+    // Validate URI format: scheme://path
+    const uriPattern = /^[a-z][a-z0-9+.-]*:\/\/.+$/i;
+    if (!uriPattern.test(source)) {
+      throw new Error('Invalid source URI format');
+    }
+  }
+  return source as SourceURI;
+}
+/**
+ * Create a timestamp for the current moment.
+ */
+export function now(): Timestamp {
+  return new Date().toISOString() as Timestamp;
+}
+/**
+ * Check if a timestamp is expired given a max age.
+ */
+export function isExpired(timestamp: Timestamp, maxAgeMs: number): boolean {
+  const then = new Date(timestamp).getTime();
+  const now = Date.now();
+  return (now - then) > maxAgeMs;
+}