@nekzus/liop 2.0.0-alpha.25 → 2.0.0-alpha.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. package/dist/bin/agent.js +1 -1
  2. package/dist/bridge.js +1 -1
  3. package/dist/{chunk-ISKM7EAL.js → chunk-AKTU6ZMX.js} +2 -2
  4. package/dist/{chunk-ISKM7EAL.js.map → chunk-AKTU6ZMX.js.map} +1 -1
  5. package/dist/{chunk-GD6EOKYV.js → chunk-BDQZURCS.js} +9 -9
  6. package/dist/chunk-BDQZURCS.js.map +1 -0
  7. package/dist/{chunk-LJQF6ULT.js → chunk-GFRRQ2EB.js} +3 -3
  8. package/dist/{chunk-LJQF6ULT.js.map → chunk-GFRRQ2EB.js.map} +1 -1
  9. package/dist/{chunk-F7B6B4XS.js → chunk-GYK2HORK.js} +3 -3
  10. package/dist/{chunk-F7B6B4XS.js.map → chunk-GYK2HORK.js.map} +1 -1
  11. package/dist/chunk-SW53FNSN.js +2 -0
  12. package/dist/chunk-SW53FNSN.js.map +1 -0
  13. package/dist/{chunk-ALLOYPMN.js → chunk-YTIMVS2I.js} +3 -3
  14. package/dist/{chunk-ALLOYPMN.js.map → chunk-YTIMVS2I.js.map} +1 -1
  15. package/dist/client.js +1 -1
  16. package/dist/gateway.js +1 -1
  17. package/dist/index.js +1 -1
  18. package/dist/server.js +1 -1
  19. package/dist/verifier-Z26UC7M4.js +2 -0
  20. package/dist/{verifier-6M7GY4TW.js.map → verifier-Z26UC7M4.js.map} +1 -1
  21. package/dist/workers/logic-execution.d.ts +7 -6
  22. package/dist/workers/logic-execution.js +1 -1
  23. package/dist/workers/logic-execution.js.map +1 -1
  24. package/dist/workers/zk-verifier.d.ts +4 -4
  25. package/dist/workers/zk-verifier.js +1 -1
  26. package/dist/workers/zk-verifier.js.map +1 -1
  27. package/package.json +1 -1
  28. package/dist/chunk-GD6EOKYV.js.map +0 -1
  29. package/dist/chunk-UVTEJYHN.js +0 -2
  30. package/dist/chunk-UVTEJYHN.js.map +0 -1
  31. package/dist/verifier-6M7GY4TW.js +0 -2
package/dist/workers/zk-verifier.d.ts CHANGED
@@ -3,13 +3,13 @@
3
3
  * Modeled after RISC Zero & SP1 Receipt formats.
4
4
  */
5
5
  interface ZkVerificationPayload {
6
- action: "verify_receipt";
6
+ action: "verify_receipt" | "warmup";
7
7
  /** Original logic payload (JS/WASM) sent by client */
8
- logicPayload: Uint8Array;
8
+ logicPayload?: Uint8Array;
9
9
  /** Expected ImageID (SHA-256) of the execution state */
10
- remoteImageIdHex: string;
10
+ remoteImageIdHex?: string;
11
11
  /** Cbor-encoded or raw buffer containing the execution Receipt (Journal + Seal) */
12
- zkReceipt: Uint8Array;
12
+ zkReceipt?: Uint8Array;
13
13
  /** Kyber-derived session secret to verify HMAC signature */
14
14
  sessionSecret?: Uint8Array;
15
15
  }
package/dist/workers/zk-verifier.js CHANGED
@@ -1,2 +1,2 @@
1
- import {b}from'../chunk-ANFXJGMP.js';import'../chunk-4C666HHU.js';import d from'crypto';import'worker_threads';function u(e){return b(e)}async function y(e){let{logicPayload:t,remoteImageIdHex:o,zkReceipt:g,sessionSecret:n}=e,a=u(t).toString("hex");if(a!==o)return {verified:false,message:`Integrity Violation: Local (${a.slice(0,8)}) != Remote (${o.slice(0,8)})`};let r=Buffer.from(g);if(r.length<35)return {verified:false,message:"Receipt too short for binary format."};let s=r[0];if(s!==1)return {verified:false,message:`Unknown receipt version: ${s}`};let c=r.readUInt16BE(1),f=r.subarray(3,3+c),l=r.subarray(3+c);if(l.length!==32)return {verified:false,message:"Invalid seal length (expected 32 bytes HMAC-SHA256)."};try{let i=JSON.parse(f.toString());if(i.image_id!==a)return {verified:!1,message:`Journal ImageID mismatch: ${i.image_id.slice(0,8)} != ${a.slice(0,8)}`}}catch{return {verified:false,message:"Failed to parse journal data."}}if(n&&n.length>0){let i=d.createHmac("sha256",n).update(f).digest();if(!d.timingSafeEqual(l,i))return {verified:false,message:"Invalid seal: HMAC verification failed."}}return {verified:true,message:"HMAC Commitment Verified: Integrity intact."}}async function v(e){try{if(e.action==="verify_receipt")return await y(e);throw new Error("Unknown action in ZkVerifier Worker.")}catch(t){return {verified:false,message:`Verification Error: ${t.message}`}}}export{v as default};//# sourceMappingURL=zk-verifier.js.map
1
+ import {b}from'../chunk-ANFXJGMP.js';import'../chunk-4C666HHU.js';import d from'crypto';import'worker_threads';function u(e){return b(e)}async function y(e){let{logicPayload:t,remoteImageIdHex:o,zkReceipt:g,sessionSecret:n}=e,a=u(t).toString("hex");if(a!==o)return {verified:false,message:`Integrity Violation: Local (${a.slice(0,8)}) != Remote (${o.slice(0,8)})`};let r=Buffer.from(g);if(r.length<35)return {verified:false,message:"Receipt too short for binary format."};let s=r[0];if(s!==1)return {verified:false,message:`Unknown receipt version: ${s}`};let f=r.readUInt16BE(1),c=r.subarray(3,3+f),l=r.subarray(3+f);if(l.length!==32)return {verified:false,message:"Invalid seal length (expected 32 bytes HMAC-SHA256)."};try{let i=JSON.parse(c.toString());if(i.image_id!==a)return {verified:!1,message:`Journal ImageID mismatch: ${i.image_id.slice(0,8)} != ${a.slice(0,8)}`}}catch{return {verified:false,message:"Failed to parse journal data."}}if(n&&n.length>0){let i=d.createHmac("sha256",n).update(c).digest();if(!d.timingSafeEqual(l,i))return {verified:false,message:"Invalid seal: HMAC verification failed."}}return {verified:true,message:"HMAC Commitment Verified: Integrity intact."}}async function p(e){try{if(e.action==="warmup")return {verified:!0,message:"warm"};if(e.action==="verify_receipt")return await y(e);throw new Error("Unknown action in ZkVerifier Worker.")}catch(t){return {verified:false,message:`Verification Error: ${t.message}`}}}export{p as default};//# sourceMappingURL=zk-verifier.js.map
2
2
  //# sourceMappingURL=zk-verifier.js.map
package/dist/workers/zk-verifier.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../src/workers/zk-verifier.ts"],"names":["deriveImageId","logicPayload","deriveLogicImageDigest","verifyZkReceipt","payload","remoteImageIdHex","zkReceipt","sessionSecret","localImageIdHex","receiptBuf","version","journalLen","journal","seal","journalData","expectedSeal","crypto","workerHandler","task","error"],"mappings":"+GAyBA,SAASA,CAAAA,CAAcC,CAAAA,CAAkC,CACxD,OAAOC,CAAAA,CAAuBD,CAAY,CAC3C,CAMA,eAAeE,CAAAA,CACdC,CAAAA,CACkD,CAClD,GAAM,CAAE,YAAA,CAAAH,CAAAA,CAAc,gBAAA,CAAAI,CAAAA,CAAkB,SAAA,CAAAC,CAAAA,CAAW,aAAA,CAAAC,CAAc,CAAA,CAAIH,CAAAA,CAI/DI,CAAAA,CADeR,CAAAA,CAAcC,CAAY,CAAA,CACV,QAAA,CAAS,KAAK,CAAA,CAEnD,GAAIO,CAAAA,GAAoBH,CAAAA,CACvB,OAAO,CACN,QAAA,CAAU,KAAA,CACV,OAAA,CAAS,CAAA,4BAAA,EAA+BG,CAAAA,CAAgB,KAAA,CAAM,CAAA,CAAG,CAAC,CAAC,CAAA,aAAA,EAAgBH,CAAAA,CAAiB,KAAA,CAAM,CAAA,CAAG,CAAC,CAAC,CAAA,CAAA,CAChH,EAID,IAAMI,CAAAA,CAAa,MAAA,CAAO,IAAA,CAAKH,CAAS,CAAA,CACxC,GAAIG,CAAAA,CAAW,MAAA,CAAS,EAAA,CAEvB,OAAO,CACN,QAAA,CAAU,KAAA,CACV,OAAA,CAAS,sCACV,CAAA,CAGD,IAAMC,CAAAA,CAAUD,CAAAA,CAAW,CAAC,CAAA,CAC5B,GAAIC,CAAAA,GAAY,CAAA,CACf,OAAO,CACN,QAAA,CAAU,KAAA,CACV,OAAA,CAAS,4BAA4BA,CAAO,CAAA,CAC7C,CAAA,CAGD,IAAMC,CAAAA,CAAaF,CAAAA,CAAW,YAAA,CAAa,CAAC,CAAA,CACtCG,CAAAA,CAAUH,CAAAA,CAAW,QAAA,CAAS,CAAA,CAAG,CAAA,CAAIE,CAAU,CAAA,CAC/CE,CAAAA,CAAOJ,CAAAA,CAAW,QAAA,CAAS,CAAA,CAAIE,CAAU,CAAA,CAE/C,GAAIE,CAAAA,CAAK,MAAA,GAAW,EAAA,CACnB,OAAO,CACN,QAAA,CAAU,KAAA,CACV,QAAS,sDACV,CAAA,CAID,GAAI,CACH,IAAMC,CAAAA,CAAc,IAAA,CAAK,KAAA,CAAMF,CAAAA,CAAQ,QAAA,EAAU,CAAA,CACjD,GAAIE,CAAAA,CAAY,WAAaN,CAAAA,CAC5B,OAAO,CACN,QAAA,CAAU,CAAA,CAAA,CACV,OAAA,CAAS,CAAA,0BAAA,EAA6BM,CAAAA,CAAY,QAAA,CAAS,KAAA,CAAM,CAAA,CAAG,CAAC,CAAC,CAAA,IAAA,EAAON,EAAgB,KAAA,CAAM,CAAA,CAAG,CAAC,CAAC,CAAA,CACzG,CAEF,CAAA,KAAa,CACZ,OAAO,CAAE,QAAA,CAAU,KAAA,CAAO,OAAA,CAAS,+BAAgC,CACpE,CAGA,GAAID,CAAAA,EAAiBA,CAAAA,CAAc,MAAA,CAAS,CAAA,CAAG,CAC9C,IAAMQ,CAAAA,CAAeC,CAAAA,CACnB,UAAA,CAAW,QAAA,CAAUT,CAAa,CAAA,CAClC,MAAA,CAAOK,CAAO,CAAA,CACd,MAAA,EAAO,CACT,GAAI,CAACI,CAAAA,CAAO,eAAA,CAAgBH,CAAAA,CAAME,CAAY,CAAA,CAC7C,OAAO,CACN,QAAA,CAAU,KAAA,CACV,OAAA,CAAS,yCACV,CAEF,CAEA,OAAO,CACN,QAAA,CAAU,IAAA,CACV,OAAA,CAAS,6CACV,CACD,CAKA,eAAOE,CAAAA,CACNC,CAAAA,CACkD,CAClD,GAAI,CACH,GAAIA,CAAAA,CAAK,MAAA,GAAW,gBAAA,CACnB,OAAO,MAAMf,CAAAA,CAAgBe,CAAI,CAAA,CAElC,MAAM,IAAI,KAAA,CAAM,sCAAsC,CACvD,CAAA,MAASC,CAAAA,CAAO,CACf,OAAO,CACN,QAAA,CAAU,KAAA,CACV,OAAA,CAAS,CAAA,oBAAA,EAAwBA,CAAAA,CAAgB,OAAO,CAAA,CACzD,CACD,CACD","file":"zk-verifier.js","sourcesContent":["import crypto from \"node:crypto\";\nimport { parentPort } from \"node:worker_threads\";\nimport { deriveLogicImageDigest } from \"../crypto/logic-image-id.js\";\n\n// Ensure this worker is used via Piscina pool\nif (!parentPort) {\n\t// Not fatal in Piscina, but handled appropriately\n}\n\n/**\n * ZK Verification Payload Structure.\n * Modeled after RISC Zero & SP1 Receipt formats.\n */\nexport interface ZkVerificationPayload {\n\taction: \"verify_receipt\";\n\t/** Original logic payload (JS/WASM) sent by client */\n\tlogicPayload: Uint8Array;\n\t/** Expected ImageID (SHA-256) of the execution state */\n\tremoteImageIdHex: string;\n\t/** Cbor-encoded or raw buffer containing the execution Receipt (Journal + Seal) */\n\tzkReceipt: Uint8Array;\n\t/** Kyber-derived session secret to verify HMAC signature */\n\tsessionSecret?: Uint8Array;\n}\n\nfunction deriveImageId(logicPayload: Uint8Array): Buffer {\n\treturn deriveLogicImageDigest(logicPayload);\n}\n\n/**\n * Simulates heavy ZK-Proof cryptographic verification.\n * In a real environment, this delegates to @risc0/verifier or SP1 FFI bindings.\n */\nasync function verifyZkReceipt(\n\tpayload: ZkVerificationPayload,\n): Promise<{ verified: boolean; message: string }> {\n\tconst { logicPayload, remoteImageIdHex, zkReceipt, sessionSecret } = payload;\n\n\t// 1. Calculate local ImageID (Integrity Check)\n\tconst localImageId = deriveImageId(logicPayload);\n\tconst localImageIdHex = localImageId.toString(\"hex\");\n\n\tif (localImageIdHex !== remoteImageIdHex) {\n\t\treturn {\n\t\t\tverified: false,\n\t\t\tmessage: `Integrity Violation: Local (${localImageIdHex.slice(0, 8)}) != Remote (${remoteImageIdHex.slice(0, 8)})`,\n\t\t};\n\t}\n\n\t// 2. Structural Verification: Deserialize Binary Receipt\n\tconst receiptBuf = Buffer.from(zkReceipt);\n\tif (receiptBuf.length < 35) {\n\t\t// 1 version + 2 len + 32 seal minimum\n\t\treturn {\n\t\t\tverified: false,\n\t\t\tmessage: \"Receipt too short for binary format.\",\n\t\t};\n\t}\n\n\tconst version = receiptBuf[0];\n\tif (version !== 0x01) {\n\t\treturn {\n\t\t\tverified: false,\n\t\t\tmessage: `Unknown receipt version: ${version}`,\n\t\t};\n\t}\n\n\tconst journalLen = receiptBuf.readUInt16BE(1);\n\tconst journal = receiptBuf.subarray(3, 3 + journalLen);\n\tconst seal = receiptBuf.subarray(3 + journalLen);\n\n\tif (seal.length !== 32) {\n\t\treturn {\n\t\t\tverified: false,\n\t\t\tmessage: \"Invalid seal length (expected 32 bytes HMAC-SHA256).\",\n\t\t};\n\t}\n\n\t// 3. Parse journal and verify imageId\n\ttry {\n\t\tconst journalData = JSON.parse(journal.toString());\n\t\tif (journalData.image_id !== localImageIdHex) {\n\t\t\treturn {\n\t\t\t\tverified: false,\n\t\t\t\tmessage: `Journal ImageID mismatch: ${journalData.image_id.slice(0, 8)} != ${localImageIdHex.slice(0, 8)}`,\n\t\t\t};\n\t\t}\n\t} catch (_e) {\n\t\treturn { verified: false, message: \"Failed to parse journal data.\" };\n\t}\n\n\t// 4. Mathematical Verification (HMAC-SHA256)\n\tif (sessionSecret && sessionSecret.length > 0) {\n\t\tconst expectedSeal = crypto\n\t\t\t.createHmac(\"sha256\", sessionSecret)\n\t\t\t.update(journal)\n\t\t\t.digest();\n\t\tif (!crypto.timingSafeEqual(seal, expectedSeal)) {\n\t\t\treturn {\n\t\t\t\tverified: false,\n\t\t\t\tmessage: \"Invalid seal: HMAC verification failed.\",\n\t\t\t};\n\t\t}\n\t}\n\n\treturn {\n\t\tverified: true,\n\t\tmessage: \"HMAC Commitment Verified: Integrity intact.\",\n\t};\n}\n\n/**\n * Main worker entry point for Piscina.\n */\nexport default async function workerHandler(\n\ttask: ZkVerificationPayload,\n): Promise<{ verified: boolean; message: string }> {\n\ttry {\n\t\tif (task.action === \"verify_receipt\") {\n\t\t\treturn await verifyZkReceipt(task);\n\t\t}\n\t\tthrow new Error(\"Unknown action in ZkVerifier Worker.\");\n\t} catch (error) {\n\t\treturn {\n\t\t\tverified: false,\n\t\t\tmessage: `Verification Error: ${(error as Error).message}`,\n\t\t};\n\t}\n}\n"]}
1
+ {"version":3,"sources":["../../src/workers/zk-verifier.ts"],"names":["deriveImageId","logicPayload","deriveLogicImageDigest","verifyZkReceipt","payload","remoteImageIdHex","zkReceipt","sessionSecret","localImageIdHex","receiptBuf","version","journalLen","journal","seal","journalData","expectedSeal","crypto","workerHandler","task","error"],"mappings":"+GAyBA,SAASA,CAAAA,CAAcC,CAAAA,CAAkC,CACxD,OAAOC,CAAAA,CAAuBD,CAAY,CAC3C,CAMA,eAAeE,CAAAA,CACdC,CAAAA,CACkD,CAClD,GAAM,CAAE,YAAA,CAAAH,CAAAA,CAAc,gBAAA,CAAAI,CAAAA,CAAkB,SAAA,CAAAC,CAAAA,CAAW,aAAA,CAAAC,CAAc,CAAA,CAChEH,CAAAA,CAIKI,CAAAA,CADeR,CAAAA,CAAcC,CAAY,CAAA,CACV,QAAA,CAAS,KAAK,CAAA,CAEnD,GAAIO,CAAAA,GAAoBH,CAAAA,CACvB,OAAO,CACN,QAAA,CAAU,KAAA,CACV,OAAA,CAAS,CAAA,4BAAA,EAA+BG,CAAAA,CAAgB,KAAA,CAAM,CAAA,CAAG,CAAC,CAAC,CAAA,aAAA,EAAgBH,CAAAA,CAAiB,KAAA,CAAM,CAAA,CAAG,CAAC,CAAC,CAAA,CAAA,CAChH,CAAA,CAID,IAAMI,CAAAA,CAAa,MAAA,CAAO,IAAA,CAAKH,CAAS,CAAA,CACxC,GAAIG,CAAAA,CAAW,MAAA,CAAS,EAAA,CAEvB,OAAO,CACN,QAAA,CAAU,KAAA,CACV,OAAA,CAAS,sCACV,CAAA,CAGD,IAAMC,CAAAA,CAAUD,CAAAA,CAAW,CAAC,CAAA,CAC5B,GAAIC,CAAAA,GAAY,CAAA,CACf,OAAO,CACN,QAAA,CAAU,KAAA,CACV,OAAA,CAAS,CAAA,yBAAA,EAA4BA,CAAO,CAAA,CAC7C,CAAA,CAGD,IAAMC,CAAAA,CAAaF,CAAAA,CAAW,YAAA,CAAa,CAAC,CAAA,CACtCG,CAAAA,CAAUH,CAAAA,CAAW,QAAA,CAAS,CAAA,CAAG,CAAA,CAAIE,CAAU,CAAA,CAC/CE,CAAAA,CAAOJ,CAAAA,CAAW,QAAA,CAAS,CAAA,CAAIE,CAAU,CAAA,CAE/C,GAAIE,CAAAA,CAAK,MAAA,GAAW,EAAA,CACnB,OAAO,CACN,QAAA,CAAU,KAAA,CACV,OAAA,CAAS,sDACV,CAAA,CAID,GAAI,CACH,IAAMC,CAAAA,CAAc,IAAA,CAAK,KAAA,CAAMF,CAAAA,CAAQ,QAAA,EAAU,CAAA,CACjD,GAAIE,CAAAA,CAAY,QAAA,GAAaN,CAAAA,CAC5B,OAAO,CACN,QAAA,CAAU,CAAA,CAAA,CACV,OAAA,CAAS,CAAA,0BAAA,EAA6BM,CAAAA,CAAY,QAAA,CAAS,KAAA,CAAM,CAAA,CAAG,CAAC,CAAC,CAAA,IAAA,EAAON,CAAAA,CAAgB,KAAA,CAAM,CAAA,CAAG,CAAC,CAAC,CAAA,CACzG,CAEF,CAAA,KAAa,CACZ,OAAO,CAAE,QAAA,CAAU,KAAA,CAAO,OAAA,CAAS,+BAAgC,CACpE,CAGA,GAAID,CAAAA,EAAiBA,CAAAA,CAAc,MAAA,CAAS,CAAA,CAAG,CAC9C,IAAMQ,CAAAA,CAAeC,CAAAA,CACnB,UAAA,CAAW,QAAA,CAAUT,CAAa,CAAA,CAClC,MAAA,CAAOK,CAAO,CAAA,CACd,MAAA,EAAO,CACT,GAAI,CAACI,CAAAA,CAAO,eAAA,CAAgBH,CAAAA,CAAME,CAAY,CAAA,CAC7C,OAAO,CACN,QAAA,CAAU,KAAA,CACV,OAAA,CAAS,yCACV,CAEF,CAEA,OAAO,CACN,QAAA,CAAU,IAAA,CACV,OAAA,CAAS,6CACV,CACD,CAKA,eAAOE,CAAAA,CACNC,CAAAA,CACkD,CAClD,GAAI,CACH,GAAIA,CAAAA,CAAK,MAAA,GAAW,QAAA,CACnB,OAAO,CACN,QAAA,CAAU,CAAA,CAAA,CACV,OAAA,CAAS,MACV,CAAA,CAED,GAAIA,CAAAA,CAAK,MAAA,GAAW,gBAAA,CACnB,OAAO,MAAMf,CAAAA,CAAgBe,CAAI,CAAA,CAElC,MAAM,IAAI,KAAA,CAAM,sCAAsC,CACvD,CAAA,MAASC,CAAAA,CAAO,CACf,OAAO,CACN,QAAA,CAAU,KAAA,CACV,OAAA,CAAS,CAAA,oBAAA,EAAwBA,CAAAA,CAAgB,OAAO,CAAA,CACzD,CACD,CACD","file":"zk-verifier.js","sourcesContent":["import crypto from \"node:crypto\";\nimport { parentPort } from \"node:worker_threads\";\nimport { deriveLogicImageDigest } from \"../crypto/logic-image-id.js\";\n\n// Ensure this worker is used via Piscina pool\nif (!parentPort) {\n\t// Not fatal in Piscina, but handled appropriately\n}\n\n/**\n * ZK Verification Payload Structure.\n * Modeled after RISC Zero & SP1 Receipt formats.\n */\nexport interface ZkVerificationPayload {\n\taction: \"verify_receipt\" | \"warmup\";\n\t/** Original logic payload (JS/WASM) sent by client */\n\tlogicPayload?: Uint8Array;\n\t/** Expected ImageID (SHA-256) of the execution state */\n\tremoteImageIdHex?: string;\n\t/** Cbor-encoded or raw buffer containing the execution Receipt (Journal + Seal) */\n\tzkReceipt?: Uint8Array;\n\t/** Kyber-derived session secret to verify HMAC signature */\n\tsessionSecret?: Uint8Array;\n}\n\nfunction deriveImageId(logicPayload: Uint8Array): Buffer {\n\treturn deriveLogicImageDigest(logicPayload);\n}\n\n/**\n * Simulates heavy ZK-Proof cryptographic verification.\n * In a real environment, this delegates to @risc0/verifier or SP1 FFI bindings.\n */\nasync function verifyZkReceipt(\n\tpayload: ZkVerificationPayload,\n): Promise<{ verified: boolean; message: string }> {\n\tconst { logicPayload, remoteImageIdHex, zkReceipt, sessionSecret } =\n\t\tpayload as Required<ZkVerificationPayload>;\n\n\t// 1. Calculate local ImageID (Integrity Check)\n\tconst localImageId = deriveImageId(logicPayload);\n\tconst localImageIdHex = localImageId.toString(\"hex\");\n\n\tif (localImageIdHex !== remoteImageIdHex) {\n\t\treturn {\n\t\t\tverified: false,\n\t\t\tmessage: `Integrity Violation: Local (${localImageIdHex.slice(0, 8)}) != Remote (${remoteImageIdHex.slice(0, 8)})`,\n\t\t};\n\t}\n\n\t// 2. Structural Verification: Deserialize Binary Receipt\n\tconst receiptBuf = Buffer.from(zkReceipt);\n\tif (receiptBuf.length < 35) {\n\t\t// 1 version + 2 len + 32 seal minimum\n\t\treturn {\n\t\t\tverified: false,\n\t\t\tmessage: \"Receipt too short for binary format.\",\n\t\t};\n\t}\n\n\tconst version = receiptBuf[0];\n\tif (version !== 0x01) {\n\t\treturn {\n\t\t\tverified: false,\n\t\t\tmessage: `Unknown receipt version: ${version}`,\n\t\t};\n\t}\n\n\tconst journalLen = receiptBuf.readUInt16BE(1);\n\tconst journal = receiptBuf.subarray(3, 3 + journalLen);\n\tconst seal = receiptBuf.subarray(3 + journalLen);\n\n\tif (seal.length !== 32) {\n\t\treturn {\n\t\t\tverified: false,\n\t\t\tmessage: \"Invalid seal length (expected 32 bytes HMAC-SHA256).\",\n\t\t};\n\t}\n\n\t// 3. Parse journal and verify imageId\n\ttry {\n\t\tconst journalData = JSON.parse(journal.toString());\n\t\tif (journalData.image_id !== localImageIdHex) {\n\t\t\treturn {\n\t\t\t\tverified: false,\n\t\t\t\tmessage: `Journal ImageID mismatch: ${journalData.image_id.slice(0, 8)} != ${localImageIdHex.slice(0, 8)}`,\n\t\t\t};\n\t\t}\n\t} catch (_e) {\n\t\treturn { verified: false, message: \"Failed to parse journal data.\" };\n\t}\n\n\t// 4. Mathematical Verification (HMAC-SHA256)\n\tif (sessionSecret && sessionSecret.length > 0) {\n\t\tconst expectedSeal = crypto\n\t\t\t.createHmac(\"sha256\", sessionSecret)\n\t\t\t.update(journal)\n\t\t\t.digest();\n\t\tif (!crypto.timingSafeEqual(seal, expectedSeal)) {\n\t\t\treturn {\n\t\t\t\tverified: false,\n\t\t\t\tmessage: \"Invalid seal: HMAC verification failed.\",\n\t\t\t};\n\t\t}\n\t}\n\n\treturn {\n\t\tverified: true,\n\t\tmessage: \"HMAC Commitment Verified: Integrity intact.\",\n\t};\n}\n\n/**\n * Main worker entry point for Piscina.\n */\nexport default async function workerHandler(\n\ttask: ZkVerificationPayload,\n): Promise<{ verified: boolean; message: string }> {\n\ttry {\n\t\tif (task.action === \"warmup\") {\n\t\t\treturn {\n\t\t\t\tverified: true,\n\t\t\t\tmessage: \"warm\",\n\t\t\t};\n\t\t}\n\t\tif (task.action === \"verify_receipt\") {\n\t\t\treturn await verifyZkReceipt(task);\n\t\t}\n\t\tthrow new Error(\"Unknown action in ZkVerifier Worker.\");\n\t} catch (error) {\n\t\treturn {\n\t\t\tverified: false,\n\t\t\tmessage: `Verification Error: ${(error as Error).message}`,\n\t\t};\n\t}\n}\n"]}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nekzus/liop",
3
- "version": "2.0.0-alpha.25",
3
+ "version": "2.0.0-alpha.26",
4
4
  "description": "Official SDK for Logic-Injection-on-Origin Protocol (LIOP). Deploy Logic-on-Origin with WebAssembly at gRPC speed and bidirectional MCP compatibility.",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",