@suveren/gateway 0.2.3 → 0.2.4

package/node_modules/@hap/core/dist/index.d.mts

@@ -401,6 +401,41 @@ type GatekeeperResult = {
     errors: GatekeeperError[];
 };
 
+/**
+ * JCS — JSON Canonicalization (RFC 8785) for signing.
+ *
+ * Both attestation and receipt signatures are computed over a canonical byte
+ * serialization of the payload, so that two independent implementations (an AS,
+ * a gateway, an external verifier — in any language) agree on exactly which
+ * bytes were signed regardless of how they happened to construct the object.
+ *
+ * `JSON.stringify` is NOT sufficient: it preserves key *insertion* order, so the
+ * same logical payload built with keys in a different order serializes to
+ * different bytes and the signature fails to verify. Canonicalization removes
+ * that dependency by sorting keys.
+ *
+ * This is RFC 8785-compatible and matches the v0.5 spec's normative signing
+ * canonicalization (core.md "Signing Canonicalization"):
+ *   1. UTF-8.
+ *   2. Object keys sorted (RFC 8785 sorts by UTF-16 code units — exactly what
+ *      JavaScript's default String comparison does, so `Object.keys().sort()` is
+ *      correct here).
+ *   3. No insignificant whitespace.
+ *   4. Numbers in the shortest round-trippable form — the ECMAScript
+ *      Number-to-String algorithm, which `JSON.stringify(number)` produces and
+ *      RFC 8785 adopts verbatim.
+ *   5. Strings escaped per RFC 8259; non-ASCII passed through as UTF-8 (this is
+ *      `JSON.stringify`'s behaviour for strings).
+ *   6. Array order preserved.
+ *
+ * Because it relies only on `JSON.stringify` for leaves plus `Object.keys`,
+ * `Array`, and `String` sort — all of which are environment-independent in
+ * JavaScript — Node and the browser produce byte-identical output. The
+ * conformance test pins a (payload → canonical bytes) vector that any other
+ * implementation can check against.
+ */
+declare function canonicalize(value: unknown): string;
+
 /**
  * Frame Canonicalization for Agent Profiles
  *
@@ -598,4 +633,4 @@ declare function listProfiles(): string[];
 declare function getAllProfiles(): AgentProfile[];
 declare function clearProfiles(): void;
 
-export { type AgentBoundsParams, type AgentContextParams, type AgentFrameParams, type AgentProfile, type Attestation, type AttestationHeader, type AttestationPayload, type BoundType, type CumulativeFieldDef, type CumulativeWindow, type DeclaredFieldDef, type ExecutionContextFieldDef, type ExecutionLogEntry, type ExecutionLogQuery, type ExecutionMappingTransform, type ExecutionMappingValue, type ExecutionPath, type FieldConstraint, type FieldUnit, type GateQuestion, type GatekeeperError, type GatekeeperRequest, type GatekeeperResult, type ProfileBoundsField, type ProfileContextField, type ProfileFrameField, type ProfileToolGating, type ProfileToolGatingEntry, type ResolvedDomain, attestationId, canonicalBounds, canonicalContext, canonicalFrame, checkAttestationExpiry, clearProfiles, computeBoundsHash, computeContextHash, computeFrameHash, decodeAttestationBlob, encodeAttestationBlob, frameHash, getAllProfiles, getProfile, isV4Attestation, listProfiles, registerProfile, validateBoundsParams, validateContextParams, validateFrameParams, verify, verifyAttestation, verifyAttestationSignature, verifyAttestationV4, verifyBoundsHash, verifyContextHash, verifyFrameHash };
+export { type AgentBoundsParams, type AgentContextParams, type AgentFrameParams, type AgentProfile, type Attestation, type AttestationHeader, type AttestationPayload, type BoundType, type CumulativeFieldDef, type CumulativeWindow, type DeclaredFieldDef, type ExecutionContextFieldDef, type ExecutionLogEntry, type ExecutionLogQuery, type ExecutionMappingTransform, type ExecutionMappingValue, type ExecutionPath, type FieldConstraint, type FieldUnit, type GateQuestion, type GatekeeperError, type GatekeeperRequest, type GatekeeperResult, type ProfileBoundsField, type ProfileContextField, type ProfileFrameField, type ProfileToolGating, type ProfileToolGatingEntry, type ResolvedDomain, attestationId, canonicalBounds, canonicalContext, canonicalFrame, canonicalize, checkAttestationExpiry, clearProfiles, computeBoundsHash, computeContextHash, computeFrameHash, decodeAttestationBlob, encodeAttestationBlob, frameHash, getAllProfiles, getProfile, isV4Attestation, listProfiles, registerProfile, validateBoundsParams, validateContextParams, validateFrameParams, verify, verifyAttestation, verifyAttestationSignature, verifyAttestationV4, verifyBoundsHash, verifyContextHash, verifyFrameHash };

package/node_modules/@hap/core/dist/index.d.ts

@@ -401,6 +401,41 @@ type GatekeeperResult = {
     errors: GatekeeperError[];
 };
 
+/**
+ * JCS — JSON Canonicalization (RFC 8785) for signing.
+ *
+ * Both attestation and receipt signatures are computed over a canonical byte
+ * serialization of the payload, so that two independent implementations (an AS,
+ * a gateway, an external verifier — in any language) agree on exactly which
+ * bytes were signed regardless of how they happened to construct the object.
+ *
+ * `JSON.stringify` is NOT sufficient: it preserves key *insertion* order, so the
+ * same logical payload built with keys in a different order serializes to
+ * different bytes and the signature fails to verify. Canonicalization removes
+ * that dependency by sorting keys.
+ *
+ * This is RFC 8785-compatible and matches the v0.5 spec's normative signing
+ * canonicalization (core.md "Signing Canonicalization"):
+ *   1. UTF-8.
+ *   2. Object keys sorted (RFC 8785 sorts by UTF-16 code units — exactly what
+ *      JavaScript's default String comparison does, so `Object.keys().sort()` is
+ *      correct here).
+ *   3. No insignificant whitespace.
+ *   4. Numbers in the shortest round-trippable form — the ECMAScript
+ *      Number-to-String algorithm, which `JSON.stringify(number)` produces and
+ *      RFC 8785 adopts verbatim.
+ *   5. Strings escaped per RFC 8259; non-ASCII passed through as UTF-8 (this is
+ *      `JSON.stringify`'s behaviour for strings).
+ *   6. Array order preserved.
+ *
+ * Because it relies only on `JSON.stringify` for leaves plus `Object.keys`,
+ * `Array`, and `String` sort — all of which are environment-independent in
+ * JavaScript — Node and the browser produce byte-identical output. The
+ * conformance test pins a (payload → canonical bytes) vector that any other
+ * implementation can check against.
+ */
+declare function canonicalize(value: unknown): string;
+
 /**
  * Frame Canonicalization for Agent Profiles
  *
@@ -598,4 +633,4 @@ declare function listProfiles(): string[];
 declare function getAllProfiles(): AgentProfile[];
 declare function clearProfiles(): void;
 
-export { type AgentBoundsParams, type AgentContextParams, type AgentFrameParams, type AgentProfile, type Attestation, type AttestationHeader, type AttestationPayload, type BoundType, type CumulativeFieldDef, type CumulativeWindow, type DeclaredFieldDef, type ExecutionContextFieldDef, type ExecutionLogEntry, type ExecutionLogQuery, type ExecutionMappingTransform, type ExecutionMappingValue, type ExecutionPath, type FieldConstraint, type FieldUnit, type GateQuestion, type GatekeeperError, type GatekeeperRequest, type GatekeeperResult, type ProfileBoundsField, type ProfileContextField, type ProfileFrameField, type ProfileToolGating, type ProfileToolGatingEntry, type ResolvedDomain, attestationId, canonicalBounds, canonicalContext, canonicalFrame, checkAttestationExpiry, clearProfiles, computeBoundsHash, computeContextHash, computeFrameHash, decodeAttestationBlob, encodeAttestationBlob, frameHash, getAllProfiles, getProfile, isV4Attestation, listProfiles, registerProfile, validateBoundsParams, validateContextParams, validateFrameParams, verify, verifyAttestation, verifyAttestationSignature, verifyAttestationV4, verifyBoundsHash, verifyContextHash, verifyFrameHash };
+export { type AgentBoundsParams, type AgentContextParams, type AgentFrameParams, type AgentProfile, type Attestation, type AttestationHeader, type AttestationPayload, type BoundType, type CumulativeFieldDef, type CumulativeWindow, type DeclaredFieldDef, type ExecutionContextFieldDef, type ExecutionLogEntry, type ExecutionLogQuery, type ExecutionMappingTransform, type ExecutionMappingValue, type ExecutionPath, type FieldConstraint, type FieldUnit, type GateQuestion, type GatekeeperError, type GatekeeperRequest, type GatekeeperResult, type ProfileBoundsField, type ProfileContextField, type ProfileFrameField, type ProfileToolGating, type ProfileToolGatingEntry, type ResolvedDomain, attestationId, canonicalBounds, canonicalContext, canonicalFrame, canonicalize, checkAttestationExpiry, clearProfiles, computeBoundsHash, computeContextHash, computeFrameHash, decodeAttestationBlob, encodeAttestationBlob, frameHash, getAllProfiles, getProfile, isV4Attestation, listProfiles, registerProfile, validateBoundsParams, validateContextParams, validateFrameParams, verify, verifyAttestation, verifyAttestationSignature, verifyAttestationV4, verifyBoundsHash, verifyContextHash, verifyFrameHash };

package/node_modules/@hap/core/dist/index.js

@@ -34,6 +34,7 @@ __export(index_exports, {
   canonicalBounds: () => canonicalBounds,
   canonicalContext: () => canonicalContext,
   canonicalFrame: () => canonicalFrame,
+  canonicalize: () => canonicalize,
   checkAttestationExpiry: () => checkAttestationExpiry,
   clearProfiles: () => clearProfiles,
   computeBoundsHash: () => computeBoundsHash,
@@ -60,6 +61,31 @@ __export(index_exports, {
 });
 module.exports = __toCommonJS(index_exports);
 
+// src/canonicalize.ts
+function canonicalize(value) {
+  if (value === void 0) {
+    throw new Error("canonicalize: undefined is not serializable");
+  }
+  if (typeof value === "number" && !Number.isFinite(value)) {
+    throw new Error(`canonicalize: ${value} is not a valid JSON number`);
+  }
+  if (value === null || typeof value !== "object") {
+    return JSON.stringify(value);
+  }
+  if (Array.isArray(value)) {
+    const items = value.map((el) => el === void 0 ? "null" : canonicalize(el));
+    return "[" + items.join(",") + "]";
+  }
+  const obj = value;
+  const parts = [];
+  for (const key of Object.keys(obj).sort()) {
+    const v = obj[key];
+    if (v === void 0) continue;
+    parts.push(JSON.stringify(key) + ":" + canonicalize(v));
+  }
+  return "{" + parts.join(",") + "}";
+}
+
 // src/frame.ts
 var import_crypto = require("crypto");
 function validateFrameParams(params, profile) {
@@ -215,7 +241,7 @@ function attestationId(blob) {
 }
 async function verifyAttestationSignature(attestation, publicKeyHex) {
   try {
-    const payloadJson = JSON.stringify(attestation.payload);
+    const payloadJson = canonicalize(attestation.payload);
     const payloadBytes = new TextEncoder().encode(payloadJson);
     const signatureBytes = Buffer.from(attestation.signature, "base64");
     const publicKeyBytes = Buffer.from(publicKeyHex, "hex");
@@ -719,6 +745,7 @@ function resolveCumulativeFields(request, profile, executionLog, now) {
   canonicalBounds,
   canonicalContext,
   canonicalFrame,
+  canonicalize,
   checkAttestationExpiry,
   clearProfiles,
   computeBoundsHash,

package/node_modules/@hap/core/dist/index.mjs

@@ -1,3 +1,28 @@
+// src/canonicalize.ts
+function canonicalize(value) {
+  if (value === void 0) {
+    throw new Error("canonicalize: undefined is not serializable");
+  }
+  if (typeof value === "number" && !Number.isFinite(value)) {
+    throw new Error(`canonicalize: ${value} is not a valid JSON number`);
+  }
+  if (value === null || typeof value !== "object") {
+    return JSON.stringify(value);
+  }
+  if (Array.isArray(value)) {
+    const items = value.map((el) => el === void 0 ? "null" : canonicalize(el));
+    return "[" + items.join(",") + "]";
+  }
+  const obj = value;
+  const parts = [];
+  for (const key of Object.keys(obj).sort()) {
+    const v = obj[key];
+    if (v === void 0) continue;
+    parts.push(JSON.stringify(key) + ":" + canonicalize(v));
+  }
+  return "{" + parts.join(",") + "}";
+}
+
 // src/frame.ts
 import { createHash } from "crypto";
 function validateFrameParams(params, profile) {
@@ -153,7 +178,7 @@ function attestationId(blob) {
 }
 async function verifyAttestationSignature(attestation, publicKeyHex) {
   try {
-    const payloadJson = JSON.stringify(attestation.payload);
+    const payloadJson = canonicalize(attestation.payload);
     const payloadBytes = new TextEncoder().encode(payloadJson);
     const signatureBytes = Buffer.from(attestation.signature, "base64");
     const publicKeyBytes = Buffer.from(publicKeyHex, "hex");
@@ -656,6 +681,7 @@ export {
   canonicalBounds,
   canonicalContext,
   canonicalFrame,
+  canonicalize,
   checkAttestationExpiry,
   clearProfiles,
   computeBoundsHash,

package/node_modules/@hap/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@humanagencyp/hap-core",
-  "version": "0.4.6",
+  "version": "0.5.0",
   "description": "Core types, cryptographic primitives, and verification logic for the Human Agency Protocol",
   "license": "MIT",
   "repository": {
@@ -21,22 +21,23 @@
     "dist",
     "src"
   ],
-  "dependencies": {
-    "@noble/ed25519": "^2.1.0"
-  },
-  "devDependencies": {
-    "@types/node": "^20.10.0",
-    "tsup": "^8.0.0",
-    "typescript": "^5.3.0",
-    "vitest": "^1.0.0"
-  },
   "scripts": {
     "build": "tsup src/index.ts --format cjs,esm --dts",
     "dev": "tsup src/index.ts --format cjs,esm --dts --watch",
     "test": "vitest run",
     "test:watch": "vitest",
+    "prepublishOnly": "pnpm build",
     "release:patch": "pnpm version patch && git push --follow-tags",
     "release:minor": "pnpm version minor && git push --follow-tags",
     "release:major": "pnpm version major && git push --follow-tags"
+  },
+  "dependencies": {
+    "@noble/ed25519": "^2.1.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.10.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.3.0",
+    "vitest": "^1.0.0"
   }
-}
+}

package/node_modules/@hap/core/src/attestation.ts

@@ -7,6 +7,7 @@
 import { createHash } from 'crypto';
 import * as ed from '@noble/ed25519';
 import type { Attestation, AttestationPayload } from './types';
+import { canonicalize } from './canonicalize';
 
 /**
  * Decodes a base64url-encoded attestation blob.
@@ -50,7 +51,9 @@ export async function verifyAttestationSignature(
   publicKeyHex: string
 ): Promise<void> {
   try {
-    const payloadJson = JSON.stringify(attestation.payload);
+    // JCS-canonical bytes (RFC 8785) — must match the canonicalization the
+    // signer used. The AS signs the same canonical form (see keys.ts).
+    const payloadJson = canonicalize(attestation.payload);
     const payloadBytes = new TextEncoder().encode(payloadJson);
     const signatureBytes = Buffer.from(attestation.signature, 'base64');
     const publicKeyBytes = Buffer.from(publicKeyHex, 'hex');

package/node_modules/@hap/core/src/canonicalize.ts

@@ -0,0 +1,65 @@
+/**
+ * JCS — JSON Canonicalization (RFC 8785) for signing.
+ *
+ * Both attestation and receipt signatures are computed over a canonical byte
+ * serialization of the payload, so that two independent implementations (an AS,
+ * a gateway, an external verifier — in any language) agree on exactly which
+ * bytes were signed regardless of how they happened to construct the object.
+ *
+ * `JSON.stringify` is NOT sufficient: it preserves key *insertion* order, so the
+ * same logical payload built with keys in a different order serializes to
+ * different bytes and the signature fails to verify. Canonicalization removes
+ * that dependency by sorting keys.
+ *
+ * This is RFC 8785-compatible and matches the v0.5 spec's normative signing
+ * canonicalization (core.md "Signing Canonicalization"):
+ *   1. UTF-8.
+ *   2. Object keys sorted (RFC 8785 sorts by UTF-16 code units — exactly what
+ *      JavaScript's default String comparison does, so `Object.keys().sort()` is
+ *      correct here).
+ *   3. No insignificant whitespace.
+ *   4. Numbers in the shortest round-trippable form — the ECMAScript
+ *      Number-to-String algorithm, which `JSON.stringify(number)` produces and
+ *      RFC 8785 adopts verbatim.
+ *   5. Strings escaped per RFC 8259; non-ASCII passed through as UTF-8 (this is
+ *      `JSON.stringify`'s behaviour for strings).
+ *   6. Array order preserved.
+ *
+ * Because it relies only on `JSON.stringify` for leaves plus `Object.keys`,
+ * `Array`, and `String` sort — all of which are environment-independent in
+ * JavaScript — Node and the browser produce byte-identical output. The
+ * conformance test pins a (payload → canonical bytes) vector that any other
+ * implementation can check against.
+ */
+export function canonicalize(value: unknown): string {
+  if (value === undefined) {
+    throw new Error('canonicalize: undefined is not serializable');
+  }
+  if (typeof value === 'number' && !Number.isFinite(value)) {
+    throw new Error(`canonicalize: ${value} is not a valid JSON number`);
+  }
+
+  // Primitives: string, finite number, boolean, null — JSON.stringify is already
+  // canonical (RFC 8259 string escaping, ECMAScript number formatting).
+  if (value === null || typeof value !== 'object') {
+    return JSON.stringify(value);
+  }
+
+  if (Array.isArray(value)) {
+    // Array order is preserved; undefined elements become null (matching
+    // JSON.stringify), which keeps array length stable across serializers.
+    const items = value.map((el) => (el === undefined ? 'null' : canonicalize(el)));
+    return '[' + items.join(',') + ']';
+  }
+
+  // Plain object: sort keys, omit undefined-valued properties (as JSON.stringify
+  // does), recurse on values.
+  const obj = value as Record<string, unknown>;
+  const parts: string[] = [];
+  for (const key of Object.keys(obj).sort()) {
+    const v = obj[key];
+    if (v === undefined) continue;
+    parts.push(JSON.stringify(key) + ':' + canonicalize(v));
+  }
+  return '{' + parts.join(',') + '}';
+}

package/node_modules/@hap/core/src/index.ts

@@ -5,6 +5,7 @@
  */
 
 export * from './types';
+export * from './canonicalize';
 export * from './frame';
 export * from './attestation';
 export * from './gatekeeper';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@suveren/gateway",
-  "version": "0.2.3",
+  "version": "0.2.4",
   "description": "Suveren gateway — local agent gateway built in compliance with the Human Agency Protocol (HAP). Runs the UI, control plane, and MCP server in one Node process.",
   "type": "module",
   "main": "server.js",
@@ -26,7 +26,7 @@
     "@hpke/core": "^1.9.0",
     "express": "^4.18.0",
     "http-proxy-middleware": "^3.0.0",
-    "@hap/core": "npm:@humanagencyp/hap-core@^0.4.6",
+    "@hap/core": "npm:@humanagencyp/hap-core@^0.5.0",
     "@modelcontextprotocol/sdk": "^1.12.1",
     "zod": "^3.22.0"
   },