@o-lang/olang 1.4.0-alpha.1 → 1.4.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@o-lang/olang",
-  "version": "1.4.0-alpha.1",
+  "version": "1.4.1",
   "author": "Olalekan Ogundipe <info@olang.cloud>",
   "description": "O-Lang: A governance language for user-directed, rule-enforced agent workflows with native African language PII protection.",
   "main": "./src/runtime/index.js",
@@ -9,7 +9,7 @@
   },
   "files": [
     "src/",
-    "cli/", 
+    "cli/",
     "README.md",
     "LICENSE"
   ],
@@ -57,4 +57,4 @@
   "devDependencies": {
     "jest": "^29.7.0"
   }
-}
+}

package/src/parser/index.js

@@ -315,6 +315,20 @@ function parseWorkflowLines(lines, filename) {
 
     // --- 7. Standard Steps & Keywords ---
 
+    // Calculate (NEW v1.4.0 — math expression evaluation)
+    const calcMatch = line.match(/^Calculate\s+(.+)$/i);
+    if (calcMatch) {
+      flushCurrentStep();
+      workflow.steps.push({
+        type: 'calculate',
+        expression: calcMatch[1].trim(),
+        stepNumber: workflow.steps.length + 1,
+        saveAs: null,
+        constraints: {}
+      });
+      continue;
+    }
+
     // Connect: Connect "name" to url "..." OR Connect "name" to resolver "..."
     const connectMatch = line.match(/^Connect\s+"([^"]+)"\s+to\s+(url|resolver)\s+"([^"]+)"$/i);
     if (connectMatch) {
@@ -468,7 +482,7 @@ function parseWorkflowLines(lines, filename) {
 
   flushCurrentStep();
 
-  // Post-process Save as in actionRaw
+  // Post-process Save as in actionRaw AND expression (calculate steps)
   workflow.steps.forEach(step => {
     if (step.actionRaw && step.saveAs === null) {
       const saveInAction = step.actionRaw.match(/(.+?)\s+Save as\s+(.+)$/i);
@@ -477,6 +491,14 @@ function parseWorkflowLines(lines, filename) {
         step.saveAs = normalizeSymbol(saveInAction[2].trim());
       }
     }
+    // ✅ NEW: Handle Calculate steps with inline Save as
+    if (step.type === 'calculate' && step.expression && step.saveAs === null) {
+      const saveInExpr = step.expression.match(/(.+?)\s+Save as\s+(.+)$/i);
+      if (saveInExpr) {
+        step.expression = saveInExpr[1].trim();
+        step.saveAs = normalizeSymbol(saveInExpr[2].trim());
+      }
+    }
     if (step.saveAs) {
       step.saveAs = normalizeSymbol(step.saveAs);
     }
@@ -504,6 +526,19 @@ function parseBlock(lines) {
     line = line.trim();
     if (!line || line.startsWith('#')) continue;
 
+    // Calculate in Block (NEW v1.4.0)
+    const calcMatch = line.match(/^Calculate\s+(.+)$/i);
+    if (calcMatch) {
+      flush();
+      steps.push({
+        type: 'calculate',
+        expression: calcMatch[1].trim(),
+        saveAs: null,
+        constraints: {}
+      });
+      continue;
+    }
+
     // Connect in Block
     const connectMatch = line.match(/^Connect\s+"([^"]+)"\s+to\s+(url|resolver)\s+"([^"]+)"$/i);
     if (connectMatch) {
@@ -604,6 +639,14 @@ function parseBlock(lines) {
         step.saveAs = normalizeSymbol(saveInAction[2].trim());
       }
     }
+    // ✅ NEW: Handle Calculate steps with inline Save as in blocks
+    if (step.type === 'calculate' && step.expression && step.saveAs === null) {
+      const saveInExpr = step.expression.match(/(.+?)\s+Save as\s+(.+)$/i);
+      if (saveInExpr) {
+        step.expression = saveInExpr[1].trim();
+        step.saveAs = normalizeSymbol(saveInExpr[2].trim());
+      }
+    }
     if (step.saveAs) {
       step.saveAs = normalizeSymbol(step.saveAs);
     }

package/src/runtime/RuntimeAPI.js

@@ -3,7 +3,7 @@ const path = require('path');
 const crypto = require('crypto'); // ✅ CRYPTOGRAPHIC AUDIT LOGS
 
 // ✅ O-Lang Kernel Version (Safety Logic & Governance Rules)
-const KERNEL_VERSION = '1.4.0-alpha.1'; // 🔁 Bumped: PII redaction engine added
+const KERNEL_VERSION = '1.4.1'; // 🔁 Bumped: PII redaction engine added
 
 // ─────────────────────────────────────────────────────────────────────────────
 // ✅ NEW v1.3.0 — SEPARATED PATTERN SETS

package/src/runtime/index.js

@@ -5,12 +5,13 @@ const crypto         = require('crypto');
 const fs             = require('fs');
 const path           = require('path');
 
-// ── Load kernel private key (cached) ─────────────────────────────────────────
-let KERNEL_PRIVATE_KEY = null;
-
-function getKernelPrivateKey() {
-  if (KERNEL_PRIVATE_KEY) return KERNEL_PRIVATE_KEY;
+// ── Load kernel private key ───────────────────────────────────────────────────
+// FIX: Load at module initialisation time (when kernel boots) instead of
+// lazily on the first execute() call. This prevents a 5-10s delay on the
+// first request caused by RSA key file I/O + audit chain signing overhead.
+// ─────────────────────────────────────────────────────────────────────────────
 
+function _loadPrivateKey() {
   const keyPath      = process.env.KERNEL_PRIVATE_KEY_PATH || './kernel-keys/kernel-private.pem';
   const absolutePath = path.isAbsolute(keyPath)
     ? keyPath
@@ -22,11 +23,37 @@ function getKernelPrivateKey() {
     return null;
   }
 
-  KERNEL_PRIVATE_KEY = fs.readFileSync(absolutePath, 'utf8');
+  const key = fs.readFileSync(absolutePath, 'utf8');
   console.log('[kernel] ✅ Private key loaded for signing');
-  return KERNEL_PRIVATE_KEY;
+  return key;
 }
 
+// Loaded once at require() time — cached for all subsequent execute() calls
+const KERNEL_PRIVATE_KEY = _loadPrivateKey();
+
+function _loadPublicKey() {
+  if (!KERNEL_PRIVATE_KEY) return null;
+  try {
+    const pubKeyPath      = process.env.KERNEL_PUBLIC_KEY_PATH || './kernel-keys/kernel-public.pem';
+    const absolutePubPath = path.isAbsolute(pubKeyPath)
+      ? pubKeyPath
+      : path.join(process.cwd(), pubKeyPath);
+
+    if (!fs.existsSync(absolutePubPath)) return null;
+
+    return fs.readFileSync(absolutePubPath, 'utf8')
+      .replace('-----BEGIN PUBLIC KEY-----', '')
+      .replace('-----END PUBLIC KEY-----', '')
+      .replace(/\s/g, '');
+  } catch (err) {
+    console.warn('[kernel] Could not load public key:', err.message);
+    return null;
+  }
+}
+
+// Also loaded once at require() time
+const KERNEL_PUBLIC_KEY = _loadPublicKey();
+
 // ── Sign audit data with RSA-SHA256 ──────────────────────────────────────────
 // Uses RSA-SHA256 to match the RSA key generated by crypto.generateKeyPairSync.
 // The same sorted JSON serialization is used during verification.
@@ -72,35 +99,14 @@ async function execute(workflow, inputs, agentResolver, verbose = false) {
     chain:                   rt.auditLog,
   };
 
-  // Sign the audit data with the kernel private key
-  const privateKey = getKernelPrivateKey();
-  const signature  = signAuditData(auditData, privateKey);
-
-  // Load public key for client-side verification (stripped PEM)
-  let publicKey = null;
-  if (privateKey) {
-    try {
-      const pubKeyPath      = process.env.KERNEL_PUBLIC_KEY_PATH || './kernel-keys/kernel-public.pem';
-      const absolutePubPath = path.isAbsolute(pubKeyPath)
-        ? pubKeyPath
-        : path.join(process.cwd(), pubKeyPath);
-
-      if (fs.existsSync(absolutePubPath)) {
-        publicKey = fs.readFileSync(absolutePubPath, 'utf8')
-          .replace('-----BEGIN PUBLIC KEY-----', '')
-          .replace('-----END PUBLIC KEY-----', '')
-          .replace(/\s/g, '');
-      }
-    } catch (err) {
-      console.warn('[kernel] Could not load public key:', err.message);
-    }
-  }
+  // FIX: Use pre-loaded keys — no file I/O on hot path
+  const signature = signAuditData(auditData, KERNEL_PRIVATE_KEY);
 
   // Attach audit to result — server.js detaches it before sending to client
   result.__audit = {
     ...auditData,
-    signature,  // RSA-SHA256 hex signature
-    publicKey,  // Stripped PEM for client verification
+    signature,        // RSA-SHA256 hex signature
+    publicKey: KERNEL_PUBLIC_KEY, // Stripped PEM for client verification
   };
 
   return result;
@@ -115,5 +121,4 @@ function redact(text) {
   return rt.redact(text);
 }
 
-
 module.exports = { execute, parse, redact };