@provenonce/sdk 0.12.0 → 0.14.0

package/dist/index.js

@@ -33,7 +33,6 @@ __export(index_exports, {
   ValidationError: () => ValidationError,
   computeBeat: () => computeBeat,
   computeBeatsLite: () => computeBeatsLite,
-  generateWalletKeypair: () => generateWalletKeypair,
   register: () => register,
   verifyAnchorHash: () => verifyAnchorHash
 });
@@ -198,23 +197,6 @@ function verifyAnchorHash(anchor) {
   }
   return current === anchor.hash;
 }
-var ED25519_PKCS8_PREFIX = Buffer.from("302e020100300506032b657004220420", "hex");
-function generateWalletKeypair() {
-  const { publicKey, privateKey } = (0, import_crypto.generateKeyPairSync)("ed25519");
-  const pubRaw = publicKey.export({ type: "spki", format: "der" }).subarray(12);
-  const privRaw = privateKey.export({ type: "pkcs8", format: "der" }).subarray(16);
-  return {
-    publicKey: Buffer.from(pubRaw).toString("hex"),
-    secretKey: Buffer.from(privRaw).toString("hex")
-  };
-}
-function signMessage(secretKeyHex, message) {
-  const privRaw = Buffer.from(secretKeyHex, "hex");
-  const privKeyDer = Buffer.concat([ED25519_PKCS8_PREFIX, privRaw]);
-  const keyObject = (0, import_crypto.createPrivateKey)({ key: privKeyDer, format: "der", type: "pkcs8" });
-  const sig = (0, import_crypto.sign)(null, Buffer.from(message), keyObject);
-  return Buffer.from(sig).toString("hex");
-}
 async function register(name, options) {
   if (!name || typeof name !== "string" || name.trim().length === 0) {
     throw new ValidationError("name is required (must be a non-empty string)");
@@ -300,8 +282,6 @@ async function register(name, options) {
     }
     if (!registerRes.ok) throw mapApiError(registerRes.status, data2, "/api/v1/register");
     data2.wallet = {
-      public_key: "",
-      secret_key: "",
       address: data2.wallet?.address || options.walletAddress,
       chain: "ethereum"
     };
@@ -349,77 +329,6 @@ async function register(name, options) {
     if (!registerRes.ok) throw mapApiError(registerRes.status, data2, "/api/v1/register");
     const addr = data2.wallet?.address || data2.wallet?.solana_address || options.operatorWalletAddress;
     data2.wallet = {
-      public_key: "",
-      secret_key: "",
-      solana_address: addr,
-      address: addr,
-      chain: "solana"
-    };
-    return data2;
-  }
-  if (options?.walletModel === "self-custody" || options?.walletSecretKey) {
-    let walletKeys;
-    if (options?.walletSecretKey) {
-      const privRaw = Buffer.from(options.walletSecretKey, "hex");
-      const privKeyDer = Buffer.concat([ED25519_PKCS8_PREFIX, privRaw]);
-      const keyObject = (0, import_crypto.createPrivateKey)({ key: privKeyDer, format: "der", type: "pkcs8" });
-      const pubRaw = keyObject.export({ type: "spki", format: "der" }).subarray(12);
-      walletKeys = {
-        publicKey: Buffer.from(pubRaw).toString("hex"),
-        secretKey: options.walletSecretKey
-      };
-    } else {
-      walletKeys = generateWalletKeypair();
-    }
-    const challengeRes = await fetch(`${url}/api/v1/register`, {
-      method: "POST",
-      headers,
-      body: JSON.stringify({ name, action: "challenge" })
-    });
-    let challengeData;
-    try {
-      challengeData = await challengeRes.json();
-    } catch {
-      const err = new NetworkError(`Registration challenge failed: ${challengeRes.status} (non-JSON response)`);
-      err.walletKeys = { publicKey: walletKeys.publicKey, secretKey: walletKeys.secretKey };
-      throw err;
-    }
-    if (!challengeRes.ok || !challengeData.nonce) {
-      const err = mapApiError(challengeRes.status, challengeData, "/api/v1/register");
-      err.walletKeys = { publicKey: walletKeys.publicKey, secretKey: walletKeys.secretKey };
-      throw err;
-    }
-    const nonce = challengeData.nonce;
-    const message = `provenonce-register:${nonce}:${walletKeys.publicKey}:${name}`;
-    const walletSignature = signMessage(walletKeys.secretKey, message);
-    const registerRes = await fetch(`${url}/api/v1/register`, {
-      method: "POST",
-      headers,
-      body: JSON.stringify({
-        name,
-        wallet_public_key: walletKeys.publicKey,
-        wallet_signature: walletSignature,
-        wallet_nonce: nonce,
-        ...options?.metadata && { metadata: options.metadata }
-      })
-    });
-    let data2;
-    try {
-      data2 = await registerRes.json();
-    } catch {
-      const err = new NetworkError(`Registration failed: ${registerRes.status} (non-JSON response)`);
-      err.walletKeys = { publicKey: walletKeys.publicKey, secretKey: walletKeys.secretKey };
-      throw err;
-    }
-    if (!registerRes.ok) {
-      const err = mapApiError(registerRes.status, data2, "/api/v1/register");
-      err.walletKeys = { publicKey: walletKeys.publicKey, secretKey: walletKeys.secretKey };
-      throw err;
-    }
-    const addr = data2.wallet?.address || data2.wallet?.solana_address || "";
-    data2.wallet = {
-      public_key: walletKeys.publicKey,
-      secret_key: walletKeys.secretKey,
       solana_address: addr,
       address: addr,
       chain: "solana"
@@ -488,6 +397,7 @@ var BeatAgent = class {
       },
       verbose: false,
       verifyAnchors: true,
+      beatsUrl: "https://beats.provenonce.dev",
       ...config
     };
   }
@@ -529,27 +439,7 @@ var BeatAgent = class {
       return { ok: false, error: err.message };
     }
   }
-  // ── PULSE (COMPUTE BEATS) ──
-  /**
-   * @deprecated Phase 2: VDF computation retired (D-68). Payment is the liveness mechanism.
-   * Use heartbeat() instead. This method will be removed in the next major version.
-   *
-   * Compute N beats locally (VDF hash chain).
-   */
-  pulse(count) {
-    console.warn("[Provenonce SDK] pulse() is deprecated. Use heartbeat() instead (Phase 2).");
-    if (this.status === "frozen") {
-      throw new FrozenError("Cannot pulse: agent is frozen. Use resync() to re-establish provenance.");
-    }
-    if (this.status !== "active") {
-      throw new StateError(`Cannot pulse: agent is ${this.status}.`, this.status);
-    }
-    if (count !== void 0 && (!Number.isInteger(count) || count < 1 || count > 1e4)) {
-      throw new ValidationError("pulse count must be an integer between 1 and 10000");
-    }
-    return this.computeBeats(count);
-  }
-  /** Internal beat computation — no status check. Used by both pulse() and resync(). */
+  /** Internal beat computation — no status check. Used by resync(). */
   computeBeats(count, onProgress) {
     const n = count || this.config.beatsPerPulse;
     if (!this.latestBeat) {
@@ -579,63 +469,6 @@ var BeatAgent = class {
     this.log(`Pulse: ${n} beats in ${elapsed}ms (${(elapsed / n).toFixed(1)}ms/beat, D=${this.difficulty})`);
     return newBeats;
   }
-  // ── CHECK-IN ──
-  /**
-   * @deprecated Phase 2: VDF check-in retired (D-68). Use heartbeat() instead.
-   * This method will be removed in the next major version.
-   */
-  async checkin() {
-    console.warn("[Provenonce SDK] checkin() is deprecated. Use heartbeat() instead (Phase 2).");
-    if (!this.latestBeat || this.latestBeat.index <= this.lastCheckinBeat) {
-      this.log("No new beats since last check-in. Call pulse() first.");
-      return { ok: true, total_beats: this.totalBeats };
-    }
-    try {
-      const fromBeat = this.lastCheckinBeat;
-      const toBeat = this.latestBeat.index;
-      const spotChecks = [];
-      const toBeatEntry = this.chain.find((b) => b.index === toBeat);
-      if (toBeatEntry) {
-        spotChecks.push({ index: toBeatEntry.index, hash: toBeatEntry.hash, prev: toBeatEntry.prev, nonce: toBeatEntry.nonce });
-      }
-      const available = this.chain.filter((b) => b.index > this.lastCheckinBeat && b.index !== toBeat);
-      const sampleCount = Math.min(4, available.length);
-      for (let i = 0; i < sampleCount; i++) {
-        const idx = Math.floor(Math.random() * available.length);
-        const beat = available[idx];
-        spotChecks.push({ index: beat.index, hash: beat.hash, prev: beat.prev, nonce: beat.nonce });
-        available.splice(idx, 1);
-      }
-      const fromHash = this.chain.find((b) => b.index === fromBeat)?.hash || this.genesisHash;
-      const toHash = this.latestBeat.hash;
-      const res = await this.api("POST", "/api/v1/agent/checkin", {
-        proof: {
-          from_beat: fromBeat,
-          to_beat: toBeat,
-          from_hash: fromHash,
-          to_hash: toHash,
-          beats_computed: toBeat - fromBeat,
-          global_anchor: this.globalBeat,
-          anchor_hash: this.globalAnchorHash || void 0,
-          spot_checks: spotChecks
-        }
-      });
-      if (res.ok) {
-        this.lastCheckinBeat = toBeat;
-        this.totalBeats = res.total_beats;
-        this.config.onCheckin(res);
-        this.log(`Check-in accepted: ${res.beats_accepted} beats, total=${res.total_beats}, global=${res.global_beat}`);
-        if (res.status === "warning_overdue") {
-          this.config.onStatusChange("warning", { beats_behind: res.beats_behind });
-          this.log(`\u26A0 WARNING: ${res.beats_behind} anchors behind. Check in more frequently.`);
-        }
-      }
-      return { ok: res.ok, total_beats: res.total_beats };
-    } catch (err) {
-      this.config.onError(err, "checkin");
-      return { ok: false, error: err.message };
-    }
-  }
   // ── AUTONOMOUS HEARTBEAT ──
   /**
    * Start the autonomous heartbeat loop.
@@ -685,60 +518,66 @@ var BeatAgent = class {
   }
   // ── RE-SYNC ──
   /**
-   * @deprecated Phase 2: Resync retired (D-67). Dormancy resume is free — just call heartbeat().
-   * This method will be removed in the next major version.
+   * Re-Sync Challenge (D-67 reversal): reactivate a frozen agent by proving CPU work.
+   *
+   * When BEATS_REQUIRED=true on the server: requires a signed Beats work-proof
+   * receipt. This method computes the proof automatically using computeWorkProof().
+   *
+   * When BEATS_REQUIRED=false (devnet): no receipt needed — agent is reactivated freely.
+   *
+   * Gap formula: min(gap_anchors * 100, 10_000) beats required (matches Beats constants).
    */
   async resync() {
-    console.warn("[Provenonce SDK] resync() is deprecated (D-67). Use heartbeat() to resume (Phase 2).");
     try {
-      this.log("Requesting re-sync challenge...");
-      const challenge = await this.api("POST", "/api/v1/agent/resync", {
-        action: "challenge"
-      });
-      if (!challenge.challenge) {
-        return { ok: false, error: "Failed to get challenge" };
-      }
-      const required = challenge.challenge.required_beats;
-      this.difficulty = challenge.challenge.difficulty;
-      this.log(`Re-sync challenge: compute ${required} beats at D=${this.difficulty}`);
+      this.log("Attempting resync...");
       await this.syncGlobal();
-      const startHash = challenge.challenge.start_from_hash;
-      const startBeat = challenge.challenge.start_from_beat;
-      this.latestBeat = { index: startBeat, hash: startHash, prev: "", timestamp: Date.now() };
-      this.chain = [this.latestBeat];
-      const t0 = Date.now();
-      this.computeBeats(required);
-      const elapsed = Date.now() - t0;
-      this.log(`Re-sync beats computed in ${elapsed}ms`);
-      const proof = await this.api("POST", "/api/v1/agent/resync", {
-        action: "prove",
-        challenge_nonce: challenge.challenge.nonce,
-        proof: {
-          from_beat: startBeat,
-          to_beat: this.latestBeat.index,
-          from_hash: startHash,
-          to_hash: this.latestBeat.hash,
-          beats_computed: required,
-          global_anchor: challenge.challenge.sync_to_global,
-          anchor_hash: this.globalAnchorHash || void 0,
-          spot_checks: (() => {
-            const toBeatEntry = this.chain.find((b) => b.index === this.latestBeat.index);
-            const available = this.chain.filter((b) => b.index !== this.latestBeat.index && b.index > startBeat);
-            const step = Math.max(1, Math.ceil(available.length / 5));
-            const others = available.filter((_, i) => i % step === 0).slice(0, 4);
-            const checks = toBeatEntry ? [toBeatEntry, ...others] : others;
-            return checks.map((b) => ({ index: b.index, hash: b.hash, prev: b.prev, nonce: b.nonce }));
-          })()
-        }
-      });
-      if (proof.ok) {
+      const controller = new AbortController();
+      const timeout = setTimeout(() => controller.abort(), 3e4);
+      let probeRes;
+      let probeData;
+      try {
+        probeRes = await fetch(`${this.config.registryUrl}/api/v1/agent/resync`, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            "Authorization": `Bearer ${this.config.apiKey}`
+          },
+          body: JSON.stringify({}),
+          signal: controller.signal
+        });
+        probeData = await probeRes.json();
+      } finally {
+        clearTimeout(timeout);
+      }
+      if (probeData.ok && probeData.status === "active") {
         this.status = "active";
-        this.totalBeats = proof.total_beats;
-        this.lastCheckinBeat = this.latestBeat.index;
         this.config.onStatusChange("active", { resynced: true });
-        this.log("\u2713 Re-synced. Agent is alive again in Beat time.");
+        this.log("\u2713 Re-synced (free). Agent is alive again in Beat time.");
+        return { ok: true, beats_required: 0 };
       }
-      return { ok: proof.ok, beats_required: required };
+      if (probeRes.status === 402 || probeData.code === "RECEIPT_REQUIRED") {
+        const requiredBeats = probeData.required_beats ?? 1e3;
+        this.log(`Re-sync challenge: compute ${requiredBeats} beats at D=${this.difficulty}`);
+        const proofResult = await this.computeWorkProof({
+          beatsNeeded: requiredBeats,
+          anchorHash: this.globalAnchorHash,
+          anchorIndex: this.globalBeat
+        });
+        if (!proofResult.ok || !proofResult.receipt) {
+          return { ok: false, error: proofResult.error || "Failed to compute work proof for resync", beats_required: requiredBeats };
+        }
+        this.log(`Work proof computed: ${proofResult.beats_computed} beats in ${proofResult.elapsed_ms}ms`);
+        const result = await this.api("POST", "/api/v1/agent/resync", {
+          beats_receipt: proofResult.receipt
+        });
+        if (result.ok && result.status === "active") {
+          this.status = "active";
+          this.config.onStatusChange("active", { resynced: true });
+          this.log("\u2713 Re-synced with work proof. Agent is alive again in Beat time.");
+        }
+        return { ok: !!result.ok, beats_required: requiredBeats };
+      }
+      return { ok: false, error: probeData.error || `Resync failed (status ${probeRes.status})` };
     } catch (err) {
       this.config.onError(err, "resync");
       return { ok: false, error: err.message };
@@ -747,9 +586,13 @@ var BeatAgent = class {
   // ── SPAWN ──
   /**
    * Request to spawn a child agent.
-   * Requires sufficient accumulated beats (Temporal Gestation).
+   * Requires sufficient accumulated beats (Temporal Gestation), OR a valid Beats work-proof receipt.
+   *
+   * @param childName    Optional name for the child agent
+   * @param childHash    Pre-registered child hash (Step 2 finalization)
+   * @param beatsReceipt Signed work-proof receipt from computeWorkProof() (receipt-based spawn)
    */
-  async requestSpawn(childName, childHash) {
+  async requestSpawn(childName, childHash, beatsReceipt) {
     try {
       if (childName !== void 0) {
         if (typeof childName !== "string" || childName.trim().length === 0) {
@@ -761,12 +604,15 @@ var BeatAgent = class {
       }
       const res = await this.api("POST", "/api/v1/agent/spawn", {
         child_name: childName,
-        child_hash: childHash
+        child_hash: childHash,
+        ...beatsReceipt && { beats_receipt: beatsReceipt }
       });
       if (res.eligible === false) {
         this.log(`Gestation incomplete: ${res.progress_pct}% (need ${res.deficit} more beats)`);
       } else if (res.ok) {
         this.log(`Child spawned: ${res.child_hash?.slice(0, 16)}...`);
+      } else if (res.spawn_authorization) {
+        this.log(`Spawn authorized${res.receipt_based ? " (receipt-based)" : ""}`);
       }
       return res;
     } catch (err) {
@@ -774,6 +620,132 @@ var BeatAgent = class {
       throw err;
     }
   }
+  /**
+   * Compute a Beats work-proof for spawn or resync authorization.
+   *
+   * Computes `beatsNeeded` sequential SHA-256 beats at `difficulty`, weaving in
+   * the given anchor hash, then submits to the Beats service and returns a signed receipt.
+   *
+   * @param opts.beatsNeeded  Minimum beats required (from spawn/resync response.required_beats)
+   * @param opts.anchorHash   Current global anchor hash (from syncGlobal or getAnchor)
+   * @param opts.anchorIndex  Current global anchor index
+   * @param opts.difficulty   Beat difficulty (default: agent's current difficulty)
+   */
+  async computeWorkProof(opts) {
+    const { beatsNeeded, anchorHash, anchorIndex } = opts;
+    const difficulty = opts.difficulty ?? this.difficulty;
+    if (!Number.isInteger(beatsNeeded) || beatsNeeded < 0) {
+      return { ok: false, error: "beatsNeeded must be a non-negative integer" };
+    }
+    const t0 = Date.now();
+    const genesisHash = (0, import_crypto.createHash)("sha256").update(`provenonce:work-proof-genesis:${this.config.apiKey.slice(0, 16)}:${Date.now()}`).digest("hex");
+    const beats = Math.max(beatsNeeded, 1);
+    let prevHash = genesisHash;
+    const spotCheckCount = Math.min(5, Math.max(1, Math.floor(beats / 100)));
+    const spotInterval = Math.max(1, Math.floor(beats / (spotCheckCount + 1)));
+    const spotChecks = [];
+    for (let i = 1; i <= beats; i++) {
+      const beat = computeBeat(prevHash, i, difficulty, void 0, anchorHash);
+      prevHash = beat.hash;
+      if (i % spotInterval === 0 && spotChecks.length < spotCheckCount) {
+        spotChecks.push({ index: beat.index, hash: beat.hash, prev: beat.prev });
+      }
+    }
+    const toHash = prevHash;
+    const elapsed_ms = Date.now() - t0;
+    this.log(`Work proof computed locally: ${beats} beats in ${elapsed_ms}ms`);
+    const beatsUrl = this.config.beatsUrl || "https://beats.provenonce.dev";
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 12e4);
+    try {
+      const res = await fetch(`${beatsUrl}/api/v1/beat/work-proof`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          work_proof: {
+            from_hash: genesisHash,
+            to_hash: toHash,
+            beats_computed: beats,
+            difficulty,
+            anchor_index: anchorIndex,
+            anchor_hash: anchorHash,
+            spot_checks: spotChecks
+          }
+        }),
+        signal: controller.signal
+      });
+      let data;
+      try {
+        data = await res.json();
+      } catch {
+        return { ok: false, error: `Beats service returned non-JSON (status ${res.status})` };
+      }
+      if (!data.valid || !data.receipt) {
+        return { ok: false, error: data.reason || data.error || "Work proof rejected by Beats service" };
+      }
+      this.log(`Work proof receipt issued by Beats: ${data.receipt.beats_verified} beats verified`);
+      return { ok: true, receipt: data.receipt, beats_computed: beats, elapsed_ms };
+    } catch (err) {
+      if (err.name === "AbortError") {
+        return { ok: false, error: "Work proof submission timed out" };
+      }
+      return { ok: false, error: err.message };
+    } finally {
+      clearTimeout(timeout);
+    }
+  }
+  /**
+   * Compute a Beats work-proof and use it to request spawn authorization.
+   *
+   * Probes the spawn endpoint to determine required beats, computes the proof,
+   * and returns the spawn_authorization token. The caller still needs to:
+   *   1. Register the child via POST /api/v1/register with spawn_authorization
+   *   2. Finalize via POST /api/v1/agent/spawn with child_hash
+   *
+   * @param opts.childName   Optional name for the child agent
+   * @param opts.beatsNeeded Override the required beats (default: auto-probed)
+   */
+  async requestSpawnWithBeatsProof(opts) {
+    try {
+      await this.syncGlobal();
+      let requiredBeats = opts?.beatsNeeded;
+      if (requiredBeats === void 0) {
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), 3e4);
+        try {
+          const probeRes = await fetch(`${this.config.registryUrl}/api/v1/agent/spawn`, {
+            method: "POST",
+            headers: {
+              "Content-Type": "application/json",
+              "Authorization": `Bearer ${this.config.apiKey}`
+            },
+            body: JSON.stringify({ child_name: opts?.childName }),
+            signal: controller.signal
+          });
+          const probeData = await probeRes.json();
+          if (probeData.spawn_authorization && probeData.eligible) {
+            return probeData;
+          }
+          requiredBeats = probeData.required_beats ?? 1e3;
+        } finally {
+          clearTimeout(timeout);
+        }
+      }
+      const proofResult = await this.computeWorkProof({
+        beatsNeeded: requiredBeats,
+        anchorHash: this.globalAnchorHash,
+        anchorIndex: this.globalBeat
+      });
+      if (!proofResult.ok || !proofResult.receipt) {
+        return { ok: false, eligible: false, error: proofResult.error || "Failed to compute work proof" };
+      }
+      this.log(`Submitting spawn with work proof (${proofResult.beats_computed} beats)`);
+      return this.requestSpawn(opts?.childName, void 0, proofResult.receipt);
+    } catch (err) {
+      this.config.onError(err, "requestSpawnWithBeatsProof");
+      throw err;
+    }
+  }
   /**
    * Purchase a SIGIL (cryptographic identity) for this agent.
    * SIGILs gate heartbeating, lineage proofs, and offline verification.
@@ -1115,7 +1087,6 @@ function computeBeatsLite(startHash, startIndex, count, difficulty = 1e3, anchor
   ValidationError,
   computeBeat,
   computeBeatsLite,
-  generateWalletKeypair,
   register,
   verifyAnchorHash
 });