@snowyroad/arp 0.6.0 → 0.8.0

package/dist/cli.js

@@ -125,13 +125,17 @@ function parseStoredAgent(file) {
   }
   const tm = a.toolMode;
   const toolMode = tm === "readonly" || tm === "full" ? tm : void 0;
+  const signingPrivateJwk = typeof a.signingPrivateJwk === "string" && a.signingPrivateJwk.trim() !== "" ? a.signingPrivateJwk : void 0;
+  const signingKid = typeof a.signingKid === "string" && a.signingKid.trim() !== "" ? a.signingKid : void 0;
   return {
     relayUrl: a.relayUrl.trim(),
     agentId: a.agentId.trim(),
     agentName: a.agentName.trim(),
     agentUuid: a.agentUuid.trim(),
     agentKey: a.agentKey.trim(),
-    ...toolMode ? { toolMode } : {}
+    ...toolMode ? { toolMode } : {},
+    ...signingPrivateJwk ? { signingPrivateJwk } : {},
+    ...signingKid ? { signingKid } : {}
   };
 }
 function listAgents(dir) {
@@ -505,6 +509,98 @@ async function chooseFirstRunToolMode(agentName, io = { input: process.stdin, ou
   return { mode: "readonly", persist: false };
 }
 
+// src/cardSigning.ts
+import canonicalize from "canonicalize";
+import {
+  FlattenedSign,
+  flattenedVerify,
+  importJWK,
+  exportJWK,
+  calculateJwkThumbprint,
+  generateKeyPair
+} from "jose";
+var SIGNING_ALG = "EdDSA";
+var REQUIRED_TOP = /* @__PURE__ */ new Set(["name", "description", "skills"]);
+var RELAY_OWNED_TOP = ["version", "provider"];
+function isEmptyValue(v) {
+  if (v === "" || v === null || v === void 0) return true;
+  if (Array.isArray(v)) return v.length === 0;
+  if (typeof v === "object") return Object.keys(v).length === 0;
+  return false;
+}
+function pruneNode(node, requiredKeys) {
+  if (Array.isArray(node)) return node.map((e) => e && typeof e === "object" ? pruneNode(e, /* @__PURE__ */ new Set()) : e);
+  if (!node || typeof node !== "object") return node;
+  const out = {};
+  for (const [k, v] of Object.entries(node)) {
+    const pv = v && typeof v === "object" ? pruneNode(v, /* @__PURE__ */ new Set()) : v;
+    if (requiredKeys.has(k)) {
+      out[k] = pv;
+      continue;
+    }
+    if (isEmptyValue(pv)) continue;
+    out[k] = pv;
+  }
+  return out;
+}
+function pruneForSigning(card) {
+  const clone = JSON.parse(JSON.stringify(card ?? {}));
+  delete clone.signatures;
+  for (const f of RELAY_OWNED_TOP) delete clone[f];
+  if (Array.isArray(clone.supportedInterfaces)) {
+    clone.supportedInterfaces = clone.supportedInterfaces.map((i) => {
+      if (i && typeof i === "object") {
+        const { url, ...rest } = i;
+        return rest;
+      }
+      return i;
+    });
+  }
+  return pruneNode(clone, REQUIRED_TOP);
+}
+function canonicalCardString(card) {
+  return canonicalize(pruneForSigning(card));
+}
+function publicOkpJwk(jwk) {
+  return { kty: jwk.kty, crv: jwk.crv, x: jwk.x };
+}
+async function generateSigningKey() {
+  const { privateKey } = await generateKeyPair(SIGNING_ALG, { crv: "Ed25519", extractable: true });
+  const privateJwk = await exportJWK(privateKey);
+  const kid = await calculateJwkThumbprint(publicOkpJwk(privateJwk));
+  return { privateJwk, kid };
+}
+async function signCard(card, privateJwk) {
+  const key = await importJWK(privateJwk, SIGNING_ALG);
+  const pub = publicOkpJwk(privateJwk);
+  const kid = await calculateJwkThumbprint(pub);
+  const payload = new TextEncoder().encode(canonicalCardString(card));
+  const jws = await new FlattenedSign(payload).setProtectedHeader({ alg: SIGNING_ALG, typ: "JOSE", kid, jwk: pub }).sign(key);
+  return [{ protected: jws.protected, signature: jws.signature }];
+}
+async function verifyCardSignature(card) {
+  const sigs = card?.signatures;
+  if (!Array.isArray(sigs) || sigs.length === 0) return { status: "unsigned" };
+  const payload = Buffer.from(canonicalCardString(card), "utf8").toString("base64url");
+  for (const sig of sigs) {
+    try {
+      if (!sig || typeof sig.protected !== "string" || typeof sig.signature !== "string") continue;
+      const header = JSON.parse(Buffer.from(sig.protected, "base64url").toString("utf8"));
+      if (header.alg !== SIGNING_ALG || !header.jwk) continue;
+      const pub = publicOkpJwk(header.jwk);
+      const kid = await calculateJwkThumbprint(pub);
+      if (header.kid && header.kid !== kid) continue;
+      const key = await importJWK(pub, SIGNING_ALG);
+      await flattenedVerify({ protected: sig.protected, payload, signature: sig.signature }, key, {
+        algorithms: [SIGNING_ALG]
+      });
+      return { status: "valid", kid };
+    } catch {
+    }
+  }
+  return { status: "invalid" };
+}
+
 // src/config.ts
 var DEFAULT_MODEL = "claude-opus-4-8";
 var DEFAULT_AGENT_MODE = "acp";
@@ -654,6 +750,26 @@ async function buildFromStoredAgent(dir, stored, env) {
     return inflight;
   };
   const token = await mintToken();
+  let signingPrivateJwk = current.signingPrivateJwk;
+  if (!signingPrivateJwk) {
+    try {
+      const gen = await generateSigningKey();
+      signingPrivateJwk = JSON.stringify(gen.privateJwk);
+      current = { ...current, signingPrivateJwk, signingKid: gen.kid };
+      saveAgent(dir, current);
+    } catch (e) {
+      console.warn("[arp-bridge] signing key generation failed; cards will be unsigned:", String(e));
+    }
+  }
+  const signCardFn = signingPrivateJwk ? async (card) => {
+    try {
+      const sigs = await signCard(card, JSON.parse(signingPrivateJwk));
+      return { ...card, signatures: sigs };
+    } catch (e) {
+      console.warn("[arp-bridge] card signing failed; publishing unsigned:", String(e));
+      return card;
+    }
+  } : void 0;
   return {
     relayWsUrl,
     relayHttpUrl,
@@ -668,7 +784,8 @@ async function buildFromStoredAgent(dir, stored, env) {
     catchUpTtlMs: positiveIntEnv(env.ARP_CATCHUP_TTL_MS, 72e5),
     catchUpMaxMentions: positiveIntEnv(env.ARP_CATCHUP_MAX_MENTIONS, 3),
     mintToken,
-    agentFile: file
+    agentFile: file,
+    ...signCardFn ? { signCard: signCardFn } : {}
   };
 }
 async function loadConfigFromInvite(code, env) {
@@ -784,20 +901,17 @@ function extractJsonObject(raw) {
 }
 function buildPartialCard(agentName, self) {
   return {
-    protocolVersion: "0.3.0",
     name: agentName,
     description: self.description,
-    capabilities: { streaming: false, pushNotifications: false, stateTransitionHistory: false },
+    capabilities: { streaming: false, pushNotifications: false, extendedAgentCard: false },
     defaultInputModes: ["text/plain"],
     defaultOutputModes: ["text/plain"],
     skills: self.skills,
-    preferredTransport: "JSONRPC",
-    additionalInterfaces: [],
+    supportedInterfaces: [{ protocolBinding: "JSONRPC", protocolVersion: "1.0" }],
     iconUrl: "",
     documentationUrl: "",
     securitySchemes: {},
     security: [],
-    supportsAuthenticatedExtendedCard: false,
     signatures: []
   };
 }
@@ -1293,6 +1407,14 @@ var RelayClient = class {
       case "roster_update": {
         const m = msg.member ?? {};
         if (typeof m.name === "string" && m.name.length > 0) {
+          if (m.card && typeof m.card === "object") {
+            void verifyCardSignature(m.card).then((r) => {
+              if (r.status === "invalid") {
+                console.warn(`[arp-bridge] peer card signature invalid for "${m.name}" (card not trusted for integrity)`);
+              }
+            }).catch(() => {
+            });
+          }
           const entry = normalizeRosterEntry(m.name, m.description, m.card);
           this.rosterCbs.forEach((cb) => cb(entry));
         }
@@ -1466,7 +1588,17 @@ var RelayClient = class {
       }
       const body = await res.json();
       const members = body?.channel?.members ?? [];
-      return members.filter((m) => m?.type === "bot" && typeof m.id === "string").map((m) => normalizeRosterEntry(m.id, m.description, m.card));
+      return members.filter((m) => m?.type === "bot" && typeof m.id === "string").map((m) => {
+        if (m.card && typeof m.card === "object") {
+          void verifyCardSignature(m.card).then((r) => {
+            if (r.status === "invalid") {
+              console.warn(`[arp-bridge] peer card signature invalid for "${m.id}" (card not trusted for integrity)`);
+            }
+          }).catch(() => {
+          });
+        }
+        return normalizeRosterEntry(m.id, m.description, m.card);
+      });
     } catch (err) {
       console.warn("[arp-bridge] roster fetch failed:", sanitizeForTty(String(err)));
       return [];
@@ -3168,6 +3300,7 @@ async function publishSelfCard(cfg, relay, session) {
   } else {
     card = buildPartialCard(cfg.agentName, { description: "", skills: [] });
   }
+  if (cfg.signCard) card = await cfg.signCard(card);
   await relay.putAgentCard(card);
 }
 function learnRoster(relay, channelId, session) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@snowyroad/arp",
-  "version": "0.6.0",
+  "version": "0.8.0",
   "description": "Connect your own coding agent (Claude Code, Codex, Gemini, Grok) to an Agent Relay Protocol channel and collaborate with other agents and humans.",
   "license": "SEE LICENSE IN LICENSE.md",
   "author": "SnowyRoad",
@@ -20,7 +20,6 @@
   "engines": {
     "node": ">=20"
   },
-  "packageManager": "pnpm@9.15.4",
   "bin": {
     "arp": "dist/cli.js"
   },
@@ -29,21 +28,13 @@
     "README.md",
     "LICENSE.md"
   ],
-  "scripts": {
-    "build": "tsup",
-    "prepublishOnly": "pnpm build",
-    "dev": "tsx src/index.ts",
-    "join": "tsx src/index.ts",
-    "test": "vitest run",
-    "test:watch": "vitest",
-    "test:integration": "vitest run --config vitest.integration.config.ts",
-    "typecheck": "tsc --noEmit"
-  },
   "dependencies": {
     "@agentclientprotocol/sdk": "0.25.1",
     "@anthropic-ai/claude-agent-sdk": "0.3.177",
     "@anthropic-ai/sdk": "0.104.1",
     "@modelcontextprotocol/sdk": "1.29.0",
+    "canonicalize": "^3.0.0",
+    "jose": "^6.2.3",
     "ws": "8.21.0",
     "zod": "4.4.3"
   },
@@ -54,5 +45,14 @@
     "tsx": "^4.19.0",
     "typescript": "^6.0.3",
     "vitest": "^2.1.0"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsx src/index.ts",
+    "join": "tsx src/index.ts",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:integration": "vitest run --config vitest.integration.config.ts",
+    "typecheck": "tsc --noEmit"
   }
-}
+}