@mnemom/agent-integrity-protocol 0.1.7 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +117 -0
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +193 -1
  4. package/dist/index.d.ts +193 -1
  5. package/dist/index.js +97 -1
  6. package/dist/index.js.map +1 -1
  7. package/package.json +5 -1
package/dist/index.cjs CHANGED
@@ -1,6 +1,29 @@
1
1
  'use strict';
2
2
 
3
3
  var crypto = require('crypto');
4
+ var ed = require('@noble/ed25519');
5
+ var sha2_js = require('@noble/hashes/sha2.js');
6
+ var utils_js = require('@noble/hashes/utils.js');
7
+
8
+ function _interopNamespace(e) {
9
+ if (e && e.__esModule) return e;
10
+ var n = Object.create(null);
11
+ if (e) {
12
+ Object.keys(e).forEach(function (k) {
13
+ if (k !== 'default') {
14
+ var d = Object.getOwnPropertyDescriptor(e, k);
15
+ Object.defineProperty(n, k, d.get ? d : {
16
+ enumerable: true,
17
+ get: function () { return e[k]; }
18
+ });
19
+ }
20
+ });
21
+ }
22
+ n.default = e;
23
+ return Object.freeze(n);
24
+ }
25
+
26
+ var ed__namespace = /*#__PURE__*/_interopNamespace(ed);
4
27
 
5
28
  // src/window/state.ts
6
29
  function createWindowState(sessionId) {
@@ -1550,6 +1573,99 @@ function constantTimeEqual(a, b) {
1550
1573
  }
1551
1574
  return result === 0;
1552
1575
  }
1576
+ function base64ToUint8(b64) {
1577
+ const binary = atob(b64);
1578
+ const bytes = new Uint8Array(binary.length);
1579
+ for (let i = 0; i < binary.length; i++) {
1580
+ bytes[i] = binary.charCodeAt(i);
1581
+ }
1582
+ return bytes;
1583
+ }
1584
+ var encoder = new TextEncoder();
1585
+ function sha256Hex(input) {
1586
+ const hash = sha2_js.sha256(encoder.encode(input));
1587
+ return utils_js.bytesToHex(hash);
1588
+ }
1589
+ function computeNodeHash(left, right) {
1590
+ return sha256Hex(left + right);
1591
+ }
1592
+ async function verifySignature2(certificate, publicKey) {
1593
+ try {
1594
+ const signatureBytes = base64ToUint8(certificate.proofs.signature.value);
1595
+ const messageBytes = encoder.encode(certificate.proofs.signature.signed_payload);
1596
+ const valid = await ed__namespace.verifyAsync(signatureBytes, messageBytes, publicKey);
1597
+ return {
1598
+ valid,
1599
+ details: valid ? "Ed25519 signature verified successfully" : "Ed25519 signature verification failed"
1600
+ };
1601
+ } catch (err) {
1602
+ return {
1603
+ valid: false,
1604
+ details: `Signature verification error: ${err instanceof Error ? err.message : "unknown"}`
1605
+ };
1606
+ }
1607
+ }
1608
+ function verifyChain(certificate) {
1609
+ try {
1610
+ const chain = certificate.proofs.chain;
1611
+ if (!chain || !chain.chain_hash) {
1612
+ return { valid: false, details: "No chain proof data in certificate" };
1613
+ }
1614
+ const preimage = `${chain.prev_chain_hash || "genesis"}|${certificate.subject.checkpoint_id}|${certificate.claims.verdict}|${certificate.input_commitments.thinking_block_hash}|${certificate.input_commitments.combined_commitment}|${certificate.issued_at}`;
1615
+ const recomputed = sha256Hex(preimage);
1616
+ const valid = recomputed === chain.chain_hash;
1617
+ return {
1618
+ valid,
1619
+ details: valid ? "Chain hash verified successfully" : "Recomputed chain hash does not match certificate"
1620
+ };
1621
+ } catch (err) {
1622
+ return {
1623
+ valid: false,
1624
+ details: `Chain verification error: ${err instanceof Error ? err.message : "unknown"}`
1625
+ };
1626
+ }
1627
+ }
1628
+ function verifyMerkle(certificate, expectedRoot) {
1629
+ const merkle = certificate.proofs.merkle;
1630
+ if (!merkle) {
1631
+ return null;
1632
+ }
1633
+ try {
1634
+ const root = expectedRoot ?? merkle.root;
1635
+ let current = merkle.leaf_hash;
1636
+ for (const sibling of merkle.inclusion_proof) {
1637
+ if (sibling.position === "left") {
1638
+ current = computeNodeHash(sibling.hash, current);
1639
+ } else {
1640
+ current = computeNodeHash(current, sibling.hash);
1641
+ }
1642
+ }
1643
+ const valid = current === root;
1644
+ return {
1645
+ valid,
1646
+ details: valid ? "Merkle inclusion proof verified successfully" : "Merkle inclusion proof verification failed \u2014 computed root does not match"
1647
+ };
1648
+ } catch (err) {
1649
+ return {
1650
+ valid: false,
1651
+ details: `Merkle verification error: ${err instanceof Error ? err.message : "unknown"}`
1652
+ };
1653
+ }
1654
+ }
1655
+ async function verifyCertificate(certificate, publicKey, merkleRoot) {
1656
+ const signatureResult = await verifySignature2(certificate, publicKey);
1657
+ const chainResult = verifyChain(certificate);
1658
+ const merkleResult = verifyMerkle(certificate, merkleRoot);
1659
+ const valid = signatureResult.valid && chainResult.valid && (merkleResult === null || merkleResult.valid);
1660
+ return {
1661
+ valid,
1662
+ checks: {
1663
+ signature: signatureResult,
1664
+ chain: chainResult,
1665
+ merkle: merkleResult
1666
+ }
1667
+ };
1668
+ }
1553
1669
 
1554
1670
  exports.AIP_CONTENT_TYPE = AIP_CONTENT_TYPE;
1555
1671
  exports.AIP_SIGNATURE_HEADER = AIP_SIGNATURE_HEADER;
@@ -1598,6 +1714,7 @@ exports.mapVerdictToProceed = mapVerdictToProceed;
1598
1714
  exports.signPayload = signPayload;
1599
1715
  exports.summarizeCard = summarizeCard;
1600
1716
  exports.validateAgreement = validateAgreement;
1717
+ exports.verifyCertificate = verifyCertificate;
1601
1718
  exports.verifySignature = verifySignature;
1602
1719
  //# sourceMappingURL=index.cjs.map
1603
1720
  //# sourceMappingURL=index.cjs.map