@nekzus/liop 1.2.0-alpha.9 → 1.2.0

package/dist/prompts/adapters.d.ts

@@ -0,0 +1,16 @@
+/**
+ * LIOP Cross-AI Prompt Adapters (Fase 92)
+ *
+ * Normalizes system instructions for different LLM providers (Claude, OpenAI, Gemini)
+ * to ensure they understand how to generate "Logic-on-Origin" WASM-compatible payload structures.
+ */
+export type AIProvider = "claude" | "openai" | "gemini";
+export interface PromptConfig {
+    xmlStandard: boolean;
+    jsonSchemaPreferred: boolean;
+}
+/**
+ * Generates specific System Prompts optimized for the provided AI.
+ * This instructs the LLM on how to bypass Context-Pulling and use Logic-Injection (Zero-Shot).
+ */
+export declare function generateSystemInstructions(provider: AIProvider): string;

package/dist/prompts/adapters.js

@@ -0,0 +1,55 @@
+/**
+ * LIOP Cross-AI Prompt Adapters (Fase 92)
+ *
+ * Normalizes system instructions for different LLM providers (Claude, OpenAI, Gemini)
+ * to ensure they understand how to generate "Logic-on-Origin" WASM-compatible payload structures.
+ */
+const PROVIDER_CONFIGS = {
+    claude: { xmlStandard: true, jsonSchemaPreferred: false },
+    openai: { xmlStandard: false, jsonSchemaPreferred: true },
+    gemini: { xmlStandard: false, jsonSchemaPreferred: true },
+};
+/**
+ * Generates specific System Prompts optimized for the provided AI.
+ * This instructs the LLM on how to bypass Context-Pulling and use Logic-Injection (Zero-Shot).
+ */
+export function generateSystemInstructions(provider) {
+    const config = PROVIDER_CONFIGS[provider];
+    let instructions = `[LIOP-PROTO-V1: LOGIC-ON-ORIGIN SPECIFICATION]
+You are interacting with a Logic-Injection-on-Origin Protocol (LIOP) Mesh Network.
+Unlike standard MCP where you pull context to evaluate it remotely, in LIOP you WRITE code that executes on the data's origin.
+
+### CORE PARADIGM
+When you call a tool or resource, you MUST provide a payload that represents secure sandboxed logic to be executed on the remote Node.
+The node will execute your logic securely on the raw secure data, and return only the RESULT, avoiding PII data egress.
+
+### EXECUTION RULES
+1. Provide a self-contained JavaScript syntax block that we will compile to WASM-Sandboxed logic.
+2. Rely only on standard ECMA script features (No Node.js polyfills).
+3. The logic must end by returning the calculated insights, not the raw data.
+`;
+    if (config.xmlStandard) {
+        instructions += `
+### PAYLOAD FORMATTING (CLAUDE-XML PREFERRED)
+You must wrap your logic precisely within <liop_logic> tags.
+Example:
+<liop_logic>
+const records = await liop.readResource("liop://vault/patients");
+const filtered = records.filter(r => r.disease === "Hypertension");
+return { alert: "High risk demographic", targetCount: filtered.length };
+</liop_logic>
+`;
+    }
+    else if (config.jsonSchemaPreferred) {
+        instructions += `
+### PAYLOAD FORMATTING (JSON PARSING PREFERRED)
+You must provide your logic strictly within a JSON string key called \`"logic_blob"\` inside your tool call parameters.
+Example:
+{
+  "target": "liop://vault/patients",
+  "logic_blob": "const records = await liop.readResource(args.target); return { targetCount: records.filter(r => r.disease === 'Hypertension').length };"
+}
+`;
+    }
+    return instructions;
+}

package/dist/rpc/proto.js

@@ -5,6 +5,7 @@ import * as protoLoader from "@grpc/proto-loader";
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 import * as fs from "node:fs";
+import { log } from "../utils/logger.js";
 // Selection logic
 const PROD_PROTO_PATH = path.resolve(__dirname, "../protocol/liop_core.proto");
 // 2. Fallback to monorepo development path
@@ -14,7 +15,7 @@ const PROTO_PATH = fs.existsSync(PROD_PROTO_PATH)
     ? PROD_PROTO_PATH
     : DEV_PROTO_PATH;
 if (!fs.existsSync(PROTO_PATH)) {
-    console.error(`[LIOP-Proto] CRITICAL: Proto file not found at ${PROTO_PATH}`);
+    log.error(`[LIOP-Proto] CRITICAL: Proto file not found at ${PROTO_PATH}`);
 }
 /**
  * LIOP Proto Loader

package/dist/rpc/server.d.ts

@@ -8,6 +8,6 @@ export declare class LiopRpcServer {
         negotiateIntent: (call: grpc.ServerUnaryCall<IntentRequest, IntentResponse>, callback: grpc.sendUnaryData<IntentResponse>) => void;
         executeLogic: (call: grpc.ServerWritableStream<LogicRequest, LogicResponse>) => void;
     }): void;
-    listen(port?: number, tls?: LiopTlsOptions): Promise<void>;
+    listen(port?: number, tls?: LiopTlsOptions): Promise<number>;
     stop(): Promise<void>;
 }

package/dist/rpc/server.js

@@ -1,4 +1,5 @@
 import * as grpc from "@grpc/grpc-js";
+import { log } from "../utils/logger.js";
 import { liopV1 } from "./proto.js";
 import { createServerCredentials } from "./tls.js";
 /**
@@ -33,15 +34,15 @@ export class LiopRpcServer {
                     reject(error);
                     return;
                 }
-                console.error(`[LIOP-RPC] Server listening on port ${assignedPort}`);
-                resolve();
+                log.info(`[LIOP-RPC] Server listening on port ${assignedPort}`);
+                resolve(assignedPort);
             });
         });
     }
     async stop() {
         return new Promise((resolve) => {
             this.server.tryShutdown(() => {
-                console.error("[LIOP-RPC] Server shut down");
+                log.info("[LIOP-RPC] Server shut down");
                 resolve();
             });
         });

package/dist/rpc/tls.js

@@ -7,6 +7,7 @@
  */
 import * as fs from "node:fs";
 import * as grpc from "@grpc/grpc-js";
+import { log } from "../utils/logger.js";
 /**
  * Creates gRPC server credentials from TLS options.
  * Falls back to insecure if no options are provided.
@@ -24,7 +25,7 @@ export function createServerCredentials(tls) {
         ]);
     }
     catch (error) {
-        console.error(`[LIOP-TLS] Failed to load certificates, falling back to insecure: ${error}`);
+        log.info(`[LIOP-TLS] Failed to load certificates, falling back to insecure: ${error}`);
         return grpc.ServerCredentials.createInsecure();
     }
 }
@@ -47,7 +48,7 @@ export function createChannelCredentials(tls) {
         return grpc.credentials.createSsl(rootCert, privateKey, certChain);
     }
     catch (error) {
-        console.error(`[LIOP-TLS] Failed to load certificates, falling back to insecure: ${error}`);
+        log.info(`[LIOP-TLS] Failed to load certificates, falling back to insecure: ${error}`);
         return grpc.credentials.createInsecure();
     }
 }

package/dist/sandbox/wasi.d.ts

@@ -26,7 +26,7 @@ export declare class WasiSandbox {
      * Executes logic (WASM or JS-Wrapped) with hard resource limits.
      */
     execute(compiledLogic: Buffer | string, records?: Record<string, unknown>[], inputs?: Record<string, unknown>): Promise<{
-        output: string;
+        output: unknown;
         fuelConsumed: number;
     }>;
     /**

package/dist/sandbox/wasi.js

@@ -101,19 +101,60 @@ export class WasiSandbox {
         else {
             // Path B: Hardened V8 Isolate Fallback
             // Uses node:vm with zero-prototype objects to prevent prototype pollution escapes.
+            // biome-ignore lint/suspicious/noExplicitAny: Required for Sandbox global poisoning
             const sandboxEnv = Object.create(null); // Isolated global object
             const env = { records, ...inputs };
+            // Explicitly poison Node.js escape vectors in the context
+            sandboxEnv.require = undefined;
+            sandboxEnv.process = undefined;
+            sandboxEnv.global = undefined;
+            sandboxEnv.globalThis = undefined;
+            sandboxEnv.Buffer = undefined;
+            sandboxEnv.setTimeout = undefined;
+            sandboxEnv.setInterval = undefined;
+            sandboxEnv.setImmediate = undefined;
+            sandboxEnv.queueMicrotask = undefined;
+            sandboxEnv.eval = undefined;
+            sandboxEnv.Function = undefined;
             // Inject strictly monitored globals
             sandboxEnv.records = JSON.parse(JSON.stringify(records)); // Deep copy safety
             sandboxEnv.env = JSON.parse(JSON.stringify(env));
             for (const [key, value] of Object.entries(inputs)) {
                 sandboxEnv[key] = JSON.parse(JSON.stringify(value));
             }
+            // Freeze the sandbox context to prevent mutation (SEC-GAP-1)
+            // biome-ignore lint/suspicious/noExplicitAny: Required for recursive deep freeze of unknown data
+            const deepFreeze = (obj) => {
+                if (obj && typeof obj === "object" && !Object.isFrozen(obj)) {
+                    Object.freeze(obj);
+                    for (const key of Object.keys(obj)) {
+                        deepFreeze(obj[key]);
+                    }
+                }
+                return obj;
+            };
+            deepFreeze(sandboxEnv.records);
+            deepFreeze(sandboxEnv.env);
+            // Prevent property addition/modification on global scope
+            for (const key of Object.keys(sandboxEnv)) {
+                Object.defineProperty(sandboxEnv, key, {
+                    writable: false,
+                    configurable: false,
+                });
+            }
             // LIOP Execution Wrapper
+            // Host-side logic transformation to avoid 'new Function' in sandbox
+            let processedLogic = String(compiledLogic);
+            if (/^\s*return\s/m.test(processedLogic) ||
+                !processedLogic.includes("function liop_main")) {
+                if (!processedLogic.includes("function liop_main")) {
+                    processedLogic = `function liop_main(env) {\n${processedLogic}\n}`;
+                }
+            }
             const scriptCode = `
 				(function() {
 					try {
-						${compiledLogic}
+						${processedLogic}
 						if (typeof liop_main === 'function') {
 							return liop_main(env);
 						}
@@ -142,8 +183,7 @@ export class WasiSandbox {
                 if (fuelUsed > 1000000) {
                     throw new Error("LIOP_RESOURCE_EXHAUSTED: Execution fuel limit exceeded.");
                 }
-                const finalOutput = typeof output === "object" ? JSON.stringify(output) : String(output);
-                return { output: finalOutput, fuelConsumed: fuelUsed };
+                return { output, fuelConsumed: fuelUsed };
             }
             catch (error) {
                 throw new Error(`V8 Isolate Fault: ${error instanceof Error ? error.message : "Execution Timeout"}`);

package/dist/security/guardian.js

@@ -1,3 +1,4 @@
+import { log } from "../utils/logger.js";
 /**
  * Represents a violation of the LIOP Zero-Trust Sandbox policy.
  */
@@ -22,7 +23,7 @@ export const GuardianTS = {
      * @throws {GuardianViolationError} If forbidden host imports are detected
      */
     async analyzeAst(wasmBytes) {
-        console.error("[Guardian-TS] Starting Zero-Time AST heuristic inspection...");
+        log.info("[Guardian-TS] Starting Zero-Time AST heuristic inspection...");
         // This throws if the WASM is structurally invalid or a decompression bomb
         let module;
         try {
@@ -45,7 +46,7 @@ export const GuardianTS = {
             }
             importCount++;
         }
-        console.error(`[Guardian-TS] OK: AST clean. Validated ${importCount} WASI/LIOP imports.`);
+        log.info(`[Guardian-TS] OK: AST clean. Validated ${importCount} WASI/LIOP imports.`);
         return module;
     },
 };

package/dist/security/zk.d.ts

@@ -18,9 +18,8 @@ export declare class ZkVerificationError extends Error {
  */
 export declare const ZkVerifier: {
     /**
-     * Mocks the validation of a ZK receipt.
-     * In a production environment, this would call into the native verifier of the zkVM
-     * (e.g., RISC Zero's `verify_receipt` FFI binding).
+     * Validates a ZK receipt using structural Binary Receipt verification.
+     * Parses the HMAC-SHA256 commitment format (v1) and verifies journal integrity.
      *
      * @param receipt - Complete ZkReceipt to verify
      * @param expectedImageId - Hash or ImageID of the WASM file dispatched to the host

package/dist/security/zk.js

@@ -14,9 +14,8 @@ export class ZkVerificationError extends Error {
  */
 export const ZkVerifier = {
     /**
-     * Mocks the validation of a ZK receipt.
-     * In a production environment, this would call into the native verifier of the zkVM
-     * (e.g., RISC Zero's `verify_receipt` FFI binding).
+     * Validates a ZK receipt using structural Binary Receipt verification.
+     * Parses the HMAC-SHA256 commitment format (v1) and verifies journal integrity.
      *
      * @param receipt - Complete ZkReceipt to verify
      * @param expectedImageId - Hash or ImageID of the WASM file dispatched to the host
@@ -32,12 +31,26 @@ export const ZkVerifier = {
         if (receipt.proof.length === 0) {
             throw new ZkVerificationError("Empty or malformed zero-knowledge proof array.");
         }
-        // 3. Cryptographic Validation (Mock)
-        // Here LIOP will bind to Rust/C++ verifiers depending on the chosen zkVM.
-        // For now, we simulate a constant-time execution check.
-        const isVerified = crypto.timingSafeEqual(crypto.createHash("sha256").update(receipt.proof).digest(), crypto.createHash("sha256").update(receipt.proof).digest());
-        if (!isVerified) {
-            throw new ZkVerificationError("Mathematical proof validation failed.");
+        // 3. Cryptographic Validation (Binary Receipt)
+        const proofBuf = Buffer.from(receipt.proof);
+        if (proofBuf.length < 35 || proofBuf[0] !== 0x01) {
+            throw new ZkVerificationError("Malformed receipt: invalid header or length.");
+        }
+        const journalLen = proofBuf.readUInt16BE(1);
+        const journal = proofBuf.subarray(3, 3 + journalLen);
+        const seal = proofBuf.subarray(3 + journalLen);
+        if (seal.length !== 32) {
+            throw new ZkVerificationError("Invalid seal: expected 32-byte HMAC-SHA256.");
+        }
+        // Verify journal contains matching imageId
+        try {
+            const journalData = JSON.parse(journal.toString());
+            if (journalData.image_id !== receipt.imageId.toString("hex")) {
+                throw new ZkVerificationError("Journal imageId does not match receipt header.");
+            }
+        }
+        catch (_e) {
+            throw new ZkVerificationError("Failed to parse journal data.");
         }
         return true;
     },

package/dist/server/index.d.ts

@@ -1,8 +1,8 @@
 import { z } from "zod";
 import { MeshNode } from "../mesh/node.js";
 import type { CallToolRequest, CallToolResult, GetPromptRequest, GetPromptResult, Prompt, Resource, ServerInfo, Tool } from "../types.js";
-import { PII_PATTERNS, type PiiRule, PiiScanner } from "./pii.js";
-export { PII_PATTERNS, type PiiRule, PiiScanner };
+import { PII_PATTERNS, PII_PRESETS, type PiiRule, PiiScanner } from "./pii.js";
+export { PII_PATTERNS, PII_PRESETS, type PiiRule, PiiScanner };
 export type ToolHandler<T extends z.ZodRawShape = z.ZodRawShape> = (args: z.infer<z.ZodObject<T>>, extra: {
     signal?: AbortSignal;
 }) => Promise<CallToolResult>;
@@ -24,6 +24,27 @@ export interface LiopServerOptions {
         executionTypes?: string[];
     };
 }
+export interface AggregationPolicy {
+    /** Maximum number of object-type array elements allowed (default: 10) */
+    maxOutputRows?: number;
+    /** Allow arrays containing only primitive values (default: true) */
+    allowPrimitiveArrays?: boolean;
+}
+export interface LogicExecutionPolicy {
+    /**
+     * Validate the business payload returned by sandbox logic (post-execution).
+     * This runs before final egress checks and blocks non-conforming outputs.
+     */
+    outputSchema?: z.ZodType<unknown>;
+    /**
+     * Enforce aggregation-first heuristics (preflight + post-check).
+     */
+    enforceAggregationFirst?: boolean | AggregationPolicy;
+    /**
+     * Optional additional deny patterns checked against extracted logic source.
+     */
+    preflightDenyPatterns?: RegExp[];
+}
 export declare class LiopServer {
     private serverInfo;
     private config?;
@@ -41,10 +62,37 @@ export declare class LiopServer {
     private workerPool;
     private meshNode;
     private rpcServer;
+    private boundPort;
     private sessions;
-    private static readonly LIOP_LOGIC_REGEX;
+    private static readonly LIOP_COMPACT_REGEX;
     private extractLogic;
+    private parseUnknownJson;
+    private runPreflightPolicy;
+    private validateOutputPolicy;
+    /**
+     * Proxied tools stringify a full MCP CallToolResult (`{ content: [...] }`).
+     * Aggregation-first heuristics must scan the inner business JSON, not the MCP envelope
+     * (otherwise `content` looks like a tabular array of objects and everything blocks).
+     */
+    private unwrapForAggregationPolicyScan;
+    private violatesAggregationFirstPolicy;
     constructor(serverInfo: ServerInfo, config?: LiopServerOptions | undefined);
+    /**
+     * Builds the centralized LIOP envelope specification document.
+     * Served as a single Resource (liop://protocol/envelope-spec) instead
+     * of being duplicated across every tool description.
+     */
+    private buildEnvelopeSpec;
+    /**
+     * Extracts a compact, human-readable field summary from a JSON Schema.
+     *
+     * Walks the schema structure to find actual data property names and types,
+     * rather than returning top-level schema metadata keys (type, items, etc.).
+     *
+     * Example output for a banking schema:
+     *   "Array of {id(string), accountHolder(string), balance(number), transactions(array of {date(string), amount(number)})}"
+     */
+    private extractSchemaFieldSummary;
     /**
      * Convenience alias for connectToMesh(), matching official documentation.
      */
@@ -59,7 +107,7 @@ export declare class LiopServer {
     /**
      * Register a new Tool
      */
-    tool<T extends z.ZodRawShape>(name: string, description: string, shape: T, handler: ToolHandler<T>): void;
+    tool<T extends z.ZodRawShape>(name: string, description: string, shape: T, handler: ToolHandler<T>, policy?: LogicExecutionPolicy): void;
     /**
      * Register a dynamic prompt
      */
@@ -116,6 +164,7 @@ export declare class LiopServer {
      * Injects data into the secure sandbox context for Logic-on-Origin tools.
      */
     setSandboxData(records: Record<string, unknown>[]): void;
+    getBoundPort(): number | null;
     /**
      * Connects to the libp2p Kademlia DHT and announces capabilities.
      * Boots the gRPC server for secure Logic-on-Origin.