@svsprotocol/solana 0.1.0

package/dist/verified-agent-profile.js

@@ -0,0 +1,329 @@
+import { mkdir, writeFile } from "node:fs/promises";
+import { dirname } from "node:path";
+import { hashObject } from "./receipt.js";
+import {
+  verifyBotCertificationEvidence
+} from "./bot-certification-evidence.js";
+
+export const VERIFIED_AGENT_PROFILE_VERSION = "svs.verified-agent-profile.v1";
+export const VERIFIED_AGENT_PROFILE_VERIFICATION_VERSION = "svs.verified-agent-profile-verification.v1";
+export const VERIFIED_AGENT_BADGE_VERSION = "svs.verified-agent-badge.v1";
+export const DEFAULT_VERIFIED_AGENT_PROFILE_PATH = "./data/security/verified-agent-profile.json";
+export const DEFAULT_VERIFIED_AGENT_BADGE_PATH = "./data/security/verified-agent-badge.svg";
+
+export function createVerifiedAgentProfile({
+  certificationEvidence,
+  agentName = null,
+  agentUrl = null,
+  profileUrl = null,
+  badgeUrl = null,
+  generatedAt = new Date(),
+  staleAfterMs = null,
+  now = generatedAt
+} = {}) {
+  if (!certificationEvidence || typeof certificationEvidence !== "object") {
+    throw new Error("certificationEvidence is required.");
+  }
+
+  const verification = verifyBotCertificationEvidence(certificationEvidence, {
+    requireOk: true,
+    staleAfterMs,
+    now
+  });
+  const status = verification.ok ? "verified" : verification.stale ? "stale" : "not_verified";
+  const botId = verification.botId ??
+    certificationEvidence.certificationCheck?.botId ??
+    certificationEvidence.certification?.botId ??
+    null;
+  const unsigned = {
+    version: VERIFIED_AGENT_PROFILE_VERSION,
+    generatedAt: generatedAt instanceof Date ? generatedAt.toISOString() : new Date(generatedAt).toISOString(),
+    agent: {
+      botId,
+      name: agentName ?? botId,
+      url: agentUrl,
+      profileUrl,
+      badgeUrl
+    },
+    status: {
+      ok: verification.ok === true,
+      value: status,
+      label: verification.ok ? "SVS Verified" : verification.stale ? "SVS Stale" : "SVS Not Verified",
+      nextAction: verification.ok
+        ? {
+            code: "none",
+            message: "Agent has current SVS production certification."
+          }
+        : certificationEvidence.nextAction ?? certificationEvidence.certificationCheck?.nextAction ?? null
+    },
+    certification: {
+      evidenceHash: verification.evidenceHash,
+      computedEvidenceHash: verification.computedEvidenceHash,
+      certificationHash: verification.certificationHash,
+      recordId: verification.recordId,
+      generatedAt: verification.generatedAt,
+      stale: verification.stale,
+      ageMs: verification.ageMs,
+      staleAfterMs: verification.staleAfterMs
+    },
+    qualityTarget: verification.qualityTarget
+      ? {
+          ready: verification.qualityTarget.ready === true,
+          score: Number.isInteger(verification.qualityTarget.score) ? verification.qualityTarget.score : null,
+          targetScore: Number.isInteger(verification.qualityTarget.targetScore) ? verification.qualityTarget.targetScore : null,
+          status: verification.qualityTarget.status ?? null
+        }
+      : null,
+    proofs: {
+      actionRecordVerificationOk: certificationEvidence.proofs?.actionRecordVerificationOk === true,
+      receiptRegistrySubmissionVerificationOk: certificationEvidence.proofs?.receiptRegistrySubmissionVerificationOk === true,
+      portableSetVerified: certificationEvidence.proofs?.portableSetVerified === true,
+      integrationContractCurrent: certificationEvidence.proofs?.integrationContractCurrent === true,
+      verificationSetHash: certificationEvidence.proofs?.verificationSetHash ?? null,
+      botIntegrationReportHash: certificationEvidence.proofs?.botIntegrationReportHash ?? null,
+      integrationContractHash: certificationEvidence.proofs?.integrationContractHash ?? null,
+      currentIntegrationContractHash: certificationEvidence.proofs?.currentIntegrationContractHash ?? null
+    },
+    display: {
+      badgeText: verification.ok ? "SVS Verified" : verification.stale ? "SVS Stale" : "SVS Not Verified",
+      badgeColor: verification.ok ? "#14f195" : verification.stale ? "#f59e0b" : "#ef4444",
+      badgeTextColor: "#08111f"
+    },
+    reportSafety: {
+      secretsIncluded: false,
+      sourceEvidenceSecretsIncluded: certificationEvidence.reportSafety?.secretsIncluded === true ||
+        certificationEvidence.proofs?.secretsIncluded === true,
+      redactedFields: [
+        "SVS_BOT_API_KEY",
+        "SVS_BOT_REQUEST_SIGNING_SECRET",
+        "SVS_BOT_PENDING_REQUEST_SIGNING_SECRET",
+        "apiKey",
+        "requestSigningSecret",
+        "pendingRequestSigningSecret",
+        "webhookSecret",
+        "svs-request-signature"
+      ]
+    }
+  };
+
+  return {
+    ...unsigned,
+    profileHash: hashVerifiedAgentProfile(unsigned)
+  };
+}
+
+export async function persistVerifiedAgentProfile({
+  certificationEvidence,
+  outputPath = DEFAULT_VERIFIED_AGENT_PROFILE_PATH,
+  badgeOutputPath = null,
+  ...options
+} = {}) {
+  const profile = createVerifiedAgentProfile({
+    certificationEvidence,
+    ...options
+  });
+  const text = `${JSON.stringify(profile, null, 2)}\n`;
+
+  await mkdir(dirname(outputPath), { recursive: true });
+  await writeFile(outputPath, text);
+
+  const result = {
+    path: outputPath,
+    bytes: Buffer.byteLength(text, "utf8"),
+    profile
+  };
+
+  if (badgeOutputPath) {
+    const badge = createVerifiedAgentBadgeSvg(profile);
+
+    await mkdir(dirname(badgeOutputPath), { recursive: true });
+    await writeFile(badgeOutputPath, badge);
+    result.badge = {
+      path: badgeOutputPath,
+      bytes: Buffer.byteLength(badge, "utf8"),
+      badgeHash: hashObject({
+        version: VERIFIED_AGENT_BADGE_VERSION,
+        profileHash: profile.profileHash,
+        svg: badge
+      })
+    };
+  }
+
+  return result;
+}
+
+export function verifyVerifiedAgentProfile(profile, {
+  requireVerified = true,
+  expectedBotId = null,
+  staleAfterMs = null,
+  now = new Date()
+} = {}) {
+  const freshness = checkProfileFreshness({
+    generatedAt: profile?.generatedAt,
+    staleAfterMs,
+    now
+  });
+  const recomputedHash = hashVerifiedAgentProfile(profile);
+  const checks = [
+    check(
+      "Verified agent profile version is supported",
+      profile?.version === VERIFIED_AGENT_PROFILE_VERSION,
+      profile?.version ?? "missing"
+    ),
+    check(
+      "Verified agent profile hash is valid",
+      profile?.profileHash === recomputedHash,
+      `declared=${profile?.profileHash ?? "missing"} recomputed=${recomputedHash ?? "missing"}`
+    ),
+    check(
+      "Verified agent profile excludes secrets",
+      profile?.reportSafety?.secretsIncluded === false &&
+        profile?.reportSafety?.sourceEvidenceSecretsIncluded !== true,
+      `profile=${profile?.reportSafety?.secretsIncluded ?? "missing"} source=${profile?.reportSafety?.sourceEvidenceSecretsIncluded ?? "missing"}`
+    ),
+    check(
+      "Verified agent profile has a bot id",
+      Boolean(profile?.agent?.botId),
+      profile?.agent?.botId ?? "missing"
+    ),
+    check(
+      "Verified agent profile matches expected bot id",
+      !expectedBotId || profile?.agent?.botId === expectedBotId,
+      `expected=${expectedBotId ?? "none"} actual=${profile?.agent?.botId ?? "missing"}`
+    ),
+    check(
+      "Verified agent profile is verified",
+      !requireVerified || profile?.status?.ok === true && profile?.status?.value === "verified",
+      `status=${profile?.status?.value ?? "missing"}`
+    ),
+    check(
+      "Verified agent profile includes custom registry proof",
+      !requireVerified || profile?.proofs?.receiptRegistrySubmissionVerificationOk === true,
+      `ok=${profile?.proofs?.receiptRegistrySubmissionVerificationOk ?? "missing"}`
+    ),
+    check(
+      "Verified agent profile includes action record proof",
+      !requireVerified || profile?.proofs?.actionRecordVerificationOk === true,
+      `ok=${profile?.proofs?.actionRecordVerificationOk ?? "missing"}`
+    ),
+    check(
+      "Verified agent profile includes portable set proof",
+      !requireVerified || profile?.proofs?.portableSetVerified === true,
+      `ok=${profile?.proofs?.portableSetVerified ?? "missing"}`
+    )
+  ];
+
+  if (staleAfterMs !== null && staleAfterMs !== undefined) {
+    checks.push(check(
+      "Verified agent profile is fresh",
+      !freshness.stale,
+      freshness.ageMs === null
+        ? `generatedAt=${profile?.generatedAt ?? "missing"}`
+        : `ageMs=${freshness.ageMs} staleAfterMs=${staleAfterMs}`
+    ));
+  }
+
+  const failedChecks = checks.filter((item) => !item.ok);
+
+  return {
+    version: VERIFIED_AGENT_PROFILE_VERIFICATION_VERSION,
+    ok: failedChecks.length === 0,
+    status: failedChecks.length === 0 ? "verified" : freshness.stale ? "stale" : "failed",
+    checkedAt: now instanceof Date ? now.toISOString() : new Date(now).toISOString(),
+    found: Boolean(profile),
+    profileHash: profile?.profileHash ?? null,
+    computedProfileHash: recomputedHash,
+    botId: profile?.agent?.botId ?? null,
+    badgeText: profile?.display?.badgeText ?? null,
+    stale: freshness.stale,
+    ageMs: freshness.ageMs,
+    staleAfterMs,
+    failedCheckCount: failedChecks.length,
+    failedChecks,
+    checks
+  };
+}
+
+export function createVerifiedAgentBadgeSvg(profile, {
+  width = 188,
+  height = 28
+} = {}) {
+  const label = profile?.display?.badgeText ?? "SVS Not Verified";
+  const botId = profile?.agent?.botId ?? "agent";
+  const color = profile?.display?.badgeColor ?? "#ef4444";
+  const textColor = profile?.display?.badgeTextColor ?? "#08111f";
+  const leftWidth = 56;
+  const rightWidth = width - leftWidth;
+
+  return `<svg xmlns="http://www.w3.org/2000/svg" width="${width}" height="${height}" role="img" aria-label="${escapeXml(label)}">
+  <title>${escapeXml(label)}: ${escapeXml(botId)}</title>
+  <linearGradient id="svs-gradient" x1="0%" x2="100%" y1="0%" y2="0%">
+    <stop offset="0%" stop-color="#9945ff"/>
+    <stop offset="52%" stop-color="#14f195"/>
+    <stop offset="100%" stop-color="#00c2ff"/>
+  </linearGradient>
+  <rect width="${width}" height="${height}" rx="6" fill="#08111f"/>
+  <rect width="${leftWidth}" height="${height}" rx="6" fill="url(#svs-gradient)"/>
+  <rect x="${leftWidth - 6}" width="6" height="${height}" fill="url(#svs-gradient)"/>
+  <rect x="${leftWidth}" width="${rightWidth}" height="${height}" fill="${escapeXml(color)}"/>
+  <text x="28" y="18" text-anchor="middle" font-family="Inter, ui-sans-serif, system-ui, sans-serif" font-size="11" font-weight="800" fill="#08111f">SVS</text>
+  <text x="${leftWidth + Math.floor(rightWidth / 2)}" y="18" text-anchor="middle" font-family="Inter, ui-sans-serif, system-ui, sans-serif" font-size="11" font-weight="800" fill="${escapeXml(textColor)}">${escapeXml(label.replace(/^SVS\\s+/, ""))}</text>
+</svg>
+`;
+}
+
+export function hashVerifiedAgentProfile(profile) {
+  if (!profile || typeof profile !== "object") {
+    return null;
+  }
+
+  const { profileHash: _profileHash, ...unsigned } = profile;
+
+  return hashObject(unsigned);
+}
+
+function checkProfileFreshness({
+  generatedAt,
+  staleAfterMs,
+  now = new Date()
+} = {}) {
+  if (staleAfterMs === null || staleAfterMs === undefined) {
+    return {
+      stale: false,
+      ageMs: null
+    };
+  }
+
+  const generatedTime = Date.parse(generatedAt);
+  const nowTime = now instanceof Date ? now.getTime() : Date.parse(now);
+
+  if (!Number.isFinite(generatedTime) || !Number.isFinite(nowTime)) {
+    return {
+      stale: true,
+      ageMs: null
+    };
+  }
+
+  const ageMs = Math.max(0, nowTime - generatedTime);
+
+  return {
+    stale: ageMs > staleAfterMs,
+    ageMs
+  };
+}
+
+function check(name, ok, detail) {
+  return {
+    name,
+    ok: Boolean(ok),
+    detail
+  };
+}
+
+function escapeXml(value) {
+  return String(value ?? "")
+    .replaceAll("&", "&amp;")
+    .replaceAll("<", "&lt;")
+    .replaceAll(">", "&gt;")
+    .replaceAll("\"", "&quot;");
+}