@totemsdk/manifest 0.1.0 → 0.1.1

package/src/sign.ts

@@ -1,63 +0,0 @@
-/**
- * signManifest — signs a manifest with a WOTS key.
- *
- * Steps:
- *   1. Canonicalise the manifest as deterministic JSON (sorted keys).
- *   2. SHA3-256 the UTF-8 bytes → 32-byte digest.
- *   3. Sign with wotsSign(seed, keyIndex, digest).
- *   4. Derive address + PKdigest via wotsKeypairFromSeed + wotsAddressFromKeypair.
- *   5. Return SignedManifest<T>.
- *
- * signerPublicKey in SignedManifest is the 32-byte WOTS PKdigest (hex, 64 chars).
- * This is the exact value expected by verifyManifest (via wotsVerifyDigest).
- *
- * The caller is responsible for reserving the WOTS key index before calling
- * this function. This package does NOT depend on @totemsdk/wots-lease.
- */
-
-import { sha3_256 } from '@noble/hashes/sha3.js';
-import {
-  wotsSign,
-  wotsKeypairFromSeed,
-  wotsAddressFromKeypair,
-  bytesToHex,
-} from '@totemsdk/core';
-import type { Manifest, SignedManifest } from './types.js';
-
-/** Produce a deterministic canonical JSON string with sorted keys (recursive). */
-function canonicalJson(value: unknown): string {
-  if (value === null || typeof value !== 'object') {
-    return JSON.stringify(value);
-  }
-  if (Array.isArray(value)) {
-    return '[' + value.map(canonicalJson).join(',') + ']';
-  }
-  const obj = value as Record<string, unknown>;
-  const keys = Object.keys(obj).sort();
-  const pairs = keys.map((k) => `${JSON.stringify(k)}:${canonicalJson(obj[k])}`);
-  return '{' + pairs.join(',') + '}';
-}
-
-export function manifestDigest(manifest: Manifest): Uint8Array {
-  const canonical = canonicalJson(manifest);
-  return sha3_256(new TextEncoder().encode(canonical));
-}
-
-export async function signManifest<T extends Manifest>(
-  manifest: T,
-  seed: Uint8Array,
-  keyIndex: number,
-): Promise<SignedManifest<T>> {
-  const digest = manifestDigest(manifest);
-  const sigBytes = wotsSign(seed, keyIndex, digest);
-  const kp = wotsKeypairFromSeed(seed, keyIndex);
-  const address = wotsAddressFromKeypair(kp);
-
-  return {
-    manifest,
-    authorAddress: address,
-    signerPublicKey: bytesToHex(kp.pk),
-    signedAt: Date.now(),
-    signature: bytesToHex(sigBytes),
-  };
-}

package/src/types.ts

@@ -1,140 +0,0 @@
-/**
- * @totemsdk/manifest — Manifest type definitions
- *
- * Four manifest categories for the MVP:
- *   AppManifest        — human-facing Pear app
- *   CapabilityManifest — ephemeral AI/agent service
- *   DAppManifest       — KISSVM contract / covenant
- *   EdgeServiceManifest — any persistent Totem Edge service
- *
- * No network, no blockchain, no Hyperswarm — pure schema.
- */
-
-export type AppPermission =
-  | 'wallet:read-balance'
-  | 'wallet:request-payment'
-  | 'omnia:open-channel'
-  | 'omnia:update-channel'
-  | 'lookup:watch-address'
-  | 'kissvm:evaluate'
-  | 'qvac:call-agent';
-
-export interface AppManifest {
-  type: 'app';
-  appId: string;
-  name: string;
-  version: string;
-  authorAddress: string;
-  pearTopicKey: string;
-  price: string;
-  priceToken?: string;
-  subscriptionInterval?: number;
-  category: string[];
-  permissions: AppPermission[];
-  iconCid?: string;
-  description: string;
-  repoUrl?: string;
-  minTotemVersion: string;
-}
-
-export interface CapabilityManifest {
-  type: 'capability';
-  capabilityId: string;
-  capabilityName: string;
-  agentAddress: string;
-  agentIdentityKey: string;
-  description: string;
-  inputSchema: object;
-  outputSchema: object;
-  pricePerCall: string;
-  priceToken?: string;
-  paymentChannel?: 'omnia' | 'onchain';
-  maxLatencyMs?: number;
-  maxCallsPerMinute?: number;
-  expiresAt: number;
-  tags: string[];
-}
-
-export interface DAppAbiEntry {
-  name: string;
-  description: string;
-  params: { name: string; type: string; description?: string }[];
-}
-
-export interface DAppManifest {
-  type: 'dapp';
-  dappId: string;
-  name: string;
-  version: string;
-  authorAddress: string;
-  contractHash: string;
-  contractSource?: string;
-  abi: DAppAbiEntry[];
-  price: string;
-  priceToken?: string;
-  category: string[];
-  description: string;
-  auditReport?: string;
-}
-
-export type EdgeServiceType =
-  | 'sensor'
-  | 'robot'
-  | 'mqtt-feed'
-  | 'proof-index'
-  | 'lookup-provider'
-  | 'omnia-router'
-  | 'calibration-authority'
-  | 'verifier'
-  | 'machine-service'
-  | 'other';
-
-export interface EdgeServiceManifest {
-  type: 'edge-service';
-  serviceId: string;
-  name: string;
-  version: string;
-  operatorAddress: string;
-  serviceType: EdgeServiceType;
-  description: string;
-  endpoints?: Array<{
-    type: 'https' | 'mqtt' | 'hyperswarm' | 'websocket' | 'other';
-    uri: string;
-  }>;
-  capabilities: string[];
-  price?: string;
-  priceToken?: string;
-  paymentMethods?: Array<'omnia' | 'onchain' | 'invoice' | 'free'>;
-  tags: string[];
-  expiresAt?: number;
-  minTotemVersion?: string;
-}
-
-export type Manifest =
-  | AppManifest
-  | CapabilityManifest
-  | DAppManifest
-  | EdgeServiceManifest;
-
-/**
- * Wraps any manifest with a WOTS signature.
- *
- * `signerPublicKey` — hex of the full WOTS public key (required for
- * self-contained verification via verifyManifest).
- * `authorAddress`  — the Minima address of the signer, derived at sign time
- *   and stored for quick policy checks without re-deriving from the public key.
- */
-export interface SignedManifest<T extends Manifest = Manifest> {
-  manifest: T;
-  authorAddress: string;
-  signerPublicKey: string;
-  signedAt: number;
-  signature: string;
-  rootIdentityProof?: string;
-}
-
-export interface VerifyResult {
-  valid: boolean;
-  reason?: string;
-  signerAddress: string;
-}

package/src/verify.ts

@@ -1,67 +0,0 @@
-/**
- * verifyManifest — verifies a SignedManifest without external state.
- *
- * Steps:
- *   1. Recompute the canonical manifest digest.
- *   2. Verify the WOTS signature against the stored 32-byte PKdigest
- *      (signerPublicKey field) using wotsVerifyDigest.
- *   3. Confirm authorAddress matches the manifest's address field.
- *
- * wotsVerifyDigest is used (rather than wotsVerify) because signerPublicKey
- * stores the 32-byte WOTS PKdigest as returned by wotsKeypairFromSeed.kp.pk.
- * The full 1088-byte key is not stored in SignedManifest to keep it compact.
- */
-
-import { wotsVerifyDigest, hexToBytes } from '@totemsdk/core';
-import type { SignedManifest, VerifyResult } from './types.js';
-import { manifestDigest } from './sign.js';
-
-function manifestAddressField(manifest: SignedManifest['manifest']): string {
-  switch (manifest.type) {
-    case 'app':          return manifest.authorAddress;
-    case 'capability':   return manifest.agentAddress;
-    case 'dapp':         return manifest.authorAddress;
-    case 'edge-service': return manifest.operatorAddress;
-    default: {
-      const _exhaustive: never = manifest;
-      throw new Error(`verifyManifest: unknown manifest type: ${JSON.stringify(_exhaustive)}`);
-    }
-  }
-}
-
-export function verifyManifest(signed: SignedManifest): VerifyResult {
-  const { manifest, signature, signerPublicKey, authorAddress } = signed;
-
-  let sigBytes: Uint8Array;
-  let pkDigest: Uint8Array;
-  try {
-    sigBytes = hexToBytes(signature);
-    pkDigest = hexToBytes(signerPublicKey);
-  } catch (e) {
-    return { valid: false, reason: `hex decode failed: ${String(e)}`, signerAddress: authorAddress };
-  }
-
-  const digest = manifestDigest(manifest);
-
-  let sigValid: boolean;
-  try {
-    sigValid = wotsVerifyDigest(sigBytes, digest, pkDigest);
-  } catch (e) {
-    return { valid: false, reason: `WOTS verify threw: ${String(e)}`, signerAddress: authorAddress };
-  }
-
-  if (!sigValid) {
-    return { valid: false, reason: 'WOTS signature invalid', signerAddress: authorAddress };
-  }
-
-  const expectedAddress = manifestAddressField(manifest);
-  if (authorAddress !== expectedAddress) {
-    return {
-      valid: false,
-      reason: `authorAddress mismatch: signed by '${authorAddress}' but manifest declares '${expectedAddress}'`,
-      signerAddress: authorAddress,
-    };
-  }
-
-  return { valid: true, signerAddress: authorAddress };
-}