@sentropic/h2a-cli 0.26.1 → 0.26.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/runtime/identity/bindings.d.ts +16 -3
  2. package/dist/runtime/identity/bindings.d.ts.map +1 -1
  3. package/dist/runtime/identity/bindings.js +17 -6
  4. package/dist/runtime/identity/bindings.js.map +1 -1
  5. package/package.json +2 -2
package/dist/runtime/identity/bindings.d.ts CHANGED
@@ -2,8 +2,11 @@
2
2
  * Identity binding registry + proof-of-possession (DEC-116, F1 — the
3
3
  * load-bearing security fix).
4
4
  *
5
- * Reconnect de-collision binds `(host, providerSessionId, workspaceId)` the
6
- * agent's perennial identity. **RECLAIM requires proof-of-possession**: the
5
+ * Reconnect de-collision binds the perennial identity to its stability unit
6
+ * `(host, workspaceId)` — one identity per workspace per host, reused across
7
+ * every provider session and fan-out (`providerSessionId` is recorded as a hint
8
+ * but is NOT a match key; keying on it minted a fresh id per session, the
9
+ * proliferation this fix removes). **RECLAIM requires proof-of-possession**: the
7
10
  * connector must sign a fresh nonce with the ed25519 key already bound to that
8
11
  * identity (verified against the instance's active keys). The provider session
9
12
  * id is a spoofable *routing hint* — never the authenticator. No valid
@@ -28,7 +31,17 @@ export interface IdentityBindingKey {
28
31
  readonly workspaceId: string;
29
32
  }
30
33
  export declare function listBindings(root: string): H2AIdentityBinding[];
31
- /** The latest binding matching the key (append-only → last wins), or undefined. */
34
+ /**
35
+ * The latest binding for the identity's stability unit `(host, workspaceId)`
36
+ * (append-only → last wins), or undefined.
37
+ *
38
+ * `providerSessionId` is intentionally NOT part of the match: it is an ephemeral
39
+ * routing hint (e.g. `CLAUDE_CODE_SESSION_ID`, fresh per conversation and per
40
+ * fan-out). Matching on it would mint a new perennial id for every session,
41
+ * which is exactly the per-session proliferation DEC-116 exists to prevent. The
42
+ * id is therefore perennial **per workspace per host**; reclaim across sessions
43
+ * is still gated by proof-of-possession in `reclaimOrMint`.
44
+ */
32
45
  export declare function findBinding(root: string, key: IdentityBindingKey): H2AIdentityBinding | undefined;
33
46
  /**
34
47
  * Verify a reclaim proof: `signature` over `nonce` must verify against ANY of
package/dist/runtime/identity/bindings.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bindings.d.ts","sourceRoot":"","sources":["../../../src/runtime/identity/bindings.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,OAAO,EAAmB,KAAK,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAIpE,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,yFAAyF;IACzF,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,iFAAiF;IACjF,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAYD,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,EAAE,CAa/D;AAED,mFAAmF;AACnF,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,kBAAkB,GAAG,kBAAkB,GAAG,SAAS,CAYjG;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,YAAY,EACvB,UAAU,EAAE,SAAS,MAAM,EAAE,GAC5B,OAAO,CAST;AAED,MAAM,WAAW,iBAAiB;IAChC,iFAAiF;IACjF,WAAW,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC;IAClD,2EAA2E;IAC3E,IAAI,IAAI;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAChD,GAAG,IAAI,MAAM,CAAC;CACf;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,MAAM,EAAE,SAAS,GAAG,MAAM,CAAC;IACpC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,EACZ,GAAG,EAAE,kBAAkB,EACvB,IAAI,EAAE,iBAAiB,GACtB,mBAAmB,CAerB"}
1
+ {"version":3,"file":"bindings.d.ts","sourceRoot":"","sources":["../../../src/runtime/identity/bindings.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH,OAAO,EAAmB,KAAK,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAIpE,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,yFAAyF;IACzF,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,iFAAiF;IACjF,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAYD,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,EAAE,CAa/D;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,kBAAkB,GAAG,kBAAkB,GAAG,SAAS,CAQjG;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,YAAY,EACvB,UAAU,EAAE,SAAS,MAAM,EAAE,GAC5B,OAAO,CAST;AAED,MAAM,WAAW,iBAAiB;IAChC,iFAAiF;IACjF,WAAW,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC;IAClD,2EAA2E;IAC3E,IAAI,IAAI;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAChD,GAAG,IAAI,MAAM,CAAC;CACf;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,MAAM,EAAE,SAAS,GAAG,MAAM,CAAC;IACpC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,EACZ,GAAG,EAAE,kBAAkB,EACvB,IAAI,EAAE,iBAAiB,GACtB,mBAAmB,CAerB"}
package/dist/runtime/identity/bindings.js CHANGED
@@ -2,8 +2,11 @@
2
2
  * Identity binding registry + proof-of-possession (DEC-116, F1 — the
3
3
  * load-bearing security fix).
4
4
  *
5
- * Reconnect de-collision binds `(host, providerSessionId, workspaceId)` the
6
- * agent's perennial identity. **RECLAIM requires proof-of-possession**: the
5
+ * Reconnect de-collision binds the perennial identity to its stability unit
6
+ * `(host, workspaceId)` — one identity per workspace per host, reused across
7
+ * every provider session and fan-out (`providerSessionId` is recorded as a hint
8
+ * but is NOT a match key; keying on it minted a fresh id per session, the
9
+ * proliferation this fix removes). **RECLAIM requires proof-of-possession**: the
7
10
  * connector must sign a fresh nonce with the ed25519 key already bound to that
8
11
  * identity (verified against the instance's active keys). The provider session
9
12
  * id is a spoofable *routing hint* — never the authenticator. No valid
@@ -41,13 +44,21 @@ export function listBindings(root) {
41
44
  }
42
45
  return out;
43
46
  }
44
- /** The latest binding matching the key (append-only → last wins), or undefined. */
47
+ /**
48
+ * The latest binding for the identity's stability unit `(host, workspaceId)`
49
+ * (append-only → last wins), or undefined.
50
+ *
51
+ * `providerSessionId` is intentionally NOT part of the match: it is an ephemeral
52
+ * routing hint (e.g. `CLAUDE_CODE_SESSION_ID`, fresh per conversation and per
53
+ * fan-out). Matching on it would mint a new perennial id for every session,
54
+ * which is exactly the per-session proliferation DEC-116 exists to prevent. The
55
+ * id is therefore perennial **per workspace per host**; reclaim across sessions
56
+ * is still gated by proof-of-possession in `reclaimOrMint`.
57
+ */
45
58
  export function findBinding(root, key) {
46
59
  let found;
47
60
  for (const b of listBindings(root)) {
48
- if (b.host === key.host &&
49
- b.providerSessionId === key.providerSessionId &&
50
- b.workspaceId === key.workspaceId) {
61
+ if (b.host === key.host && b.workspaceId === key.workspaceId) {
51
62
  found = b;
52
63
  }
53
64
  }
package/dist/runtime/identity/bindings.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bindings.js","sourceRoot":"","sources":["../../../src/runtime/identity/bindings.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC9E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,eAAe,EAAqB,MAAM,gBAAgB,CAAC;AAEpE,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAmBxE,SAAS,WAAW,CAAC,IAAY;IAC/B,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;AACtD,CAAC;AACD,SAAS,YAAY,CAAC,IAAY;IAChC,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,gBAAgB,CAAC,CAAC;AACnD,CAAC;AACD,SAAS,YAAY,CAAC,IAAY;IAChC,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,MAAM,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAC7B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAC9B,MAAM,GAAG,GAAyB,EAAE,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;YAAE,SAAS;QAC3B,IAAI,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAuB,CAAC,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,mFAAmF;AACnF,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,GAAuB;IAC/D,IAAI,KAAqC,CAAC;IAC1C,KAAK,MAAM,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,IACE,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI;YACnB,CAAC,CAAC,iBAAiB,KAAK,GAAG,CAAC,iBAAiB;YAC7C,CAAC,CAAC,WAAW,KAAK,GAAG,CAAC,WAAW,EACjC,CAAC;YACD,KAAK,GAAG,CAAC,CAAC;QACZ,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAa,EACb,SAAuB,EACvB,UAA6B;IAE7B,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,IAAI,eAAe,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC1D,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;QAC5B,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAgBD;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAC3B,IAAY,EACZ,GAAuB,EACvB,IAAuB;IAEvB,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,OAAO,YAAY,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE;QAC3C,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACxC,IAAI,QAAQ,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3C,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC;QAC3F,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3B,cAAc,CACZ,YAAY,CAAC,IAAI,CAAC,EAClB,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,EAAE,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,WAAW,EAAE,EAA+B,CAAC,IAAI,EAC9J,MAAM,CACP,CAAC;QACF,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC;IACpF,CAAC,CAAC,CAAC;AACL,CAAC"}
1
+ {"version":3,"file":"bindings.js","sourceRoot":"","sources":["../../../src/runtime/identity/bindings.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC9E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,eAAe,EAAqB,MAAM,gBAAgB,CAAC;AAEpE,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAmBxE,SAAS,WAAW,CAAC,IAAY;IAC/B,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;AACtD,CAAC;AACD,SAAS,YAAY,CAAC,IAAY;IAChC,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,gBAAgB,CAAC,CAAC;AACnD,CAAC;AACD,SAAS,YAAY,CAAC,IAAY;IAChC,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,MAAM,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAC7B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAC9B,MAAM,GAAG,GAAyB,EAAE,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;YAAE,SAAS;QAC3B,IAAI,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAuB,CAAC,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,GAAuB;IAC/D,IAAI,KAAqC,CAAC;IAC1C,KAAK,MAAM,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,WAAW,KAAK,GAAG,CAAC,WAAW,EAAE,CAAC;YAC7D,KAAK,GAAG,CAAC,CAAC;QACZ,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAa,EACb,SAAuB,EACvB,UAA6B;IAE7B,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,IAAI,eAAe,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC1D,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;QAC5B,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAgBD;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAC3B,IAAY,EACZ,GAAuB,EACvB,IAAuB;IAEvB,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,OAAO,YAAY,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE;QAC3C,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACxC,IAAI,QAAQ,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3C,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC;QAC3F,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3B,cAAc,CACZ,YAAY,CAAC,IAAI,CAAC,EAClB,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,EAAE,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,WAAW,EAAE,EAA+B,CAAC,IAAI,EAC9J,MAAM,CACP,CAAC;QACF,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC;IACpF,CAAC,CAAC,CAAC;AACL,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sentropic/h2a-cli",
3
- "version": "0.26.1",
3
+ "version": "0.26.3",
4
4
  "description": "Unified CLI surface for h2a hosts and MCP-oriented coordination flows.",
5
5
  "license": "MIT",
6
6
  "type": "module",
@@ -43,7 +43,7 @@
43
43
  "@hono/mcp": "^0.3.0",
44
44
  "@hono/node-server": "^2.0.4",
45
45
  "@modelcontextprotocol/sdk": "^1.29.0",
46
- "@sentropic/h2a": "^0.26.1",
46
+ "@sentropic/h2a": "^0.26.3",
47
47
  "hono": "^4.12.23"
48
48
  },
49
49
  "publishConfig": {