@vorionsys/aurais-core 0.1.0

package/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -0,0 +1,214 @@
+# @vorionsys/aurais-core
+
+Shared library for the Aurais ecosystem. Provides:
+
+- **`ProofChain`** — Ed25519-signed, sha256-chained event log for bot actions
+- **`deriveAgentIdentity`** — offline CAR-shaped identity derivation (deterministic ID, contextHash, tier ceiling)
+- **`canonicalJSON` / `sha256`** — the canonical-JSON serializer + hash used by both, exported for callers that need to reproduce digests
+
+License: Apache-2.0.
+
+---
+
+## Why this exists
+
+The Aurais Next app and the five `aurais-mcp-*` packages each carried their
+own copy of `proof-chain.ts` and `car-identity.ts`. The `proof-chain.ts`
+copies were byte-identical across all five MCPs (sha256
+`e17631fd…` × 5); the `car-identity.ts` copies differed only in the per-bot
+`*_IDENTITY` constant pinned to the bottom. The MCP source headers said,
+verbatim:
+
+> Copied from apps/aurais/src/lib/proof-chain.ts for this standalone package.
+> Future: extract to **@aurais/core** and have both packages import.
+
+This is that extract.
+
+We chose the npm name `@vorionsys/aurais-core` rather than `@aurais/core`
+for scope continuity with the rest of the Vorion org packages
+(`@vorionsys/basis-gate-spec`, `@vorionsys/car-client`, etc.) — registering
+a fresh `@aurais` scope is admin friction we can defer. Renaming later if
+the marketing surface ever requires it is a one-pass change.
+
+## Three-step consolidation — this is step 1
+
+1. **Step 1 (this repo):** extract the canonical lib into a standalone
+   package with tests + CI. Source: `voriongit/aurais` `src/lib/` at
+   `be55bf0fffc4254c4f77da03a99a272f5bb7cd5e`.
+2. **Step 2:** update `voriongit/aurais` and the five
+   `voriongit/vorion/packages/aurais-mcp-*` packages to consume from
+   `@vorionsys/aurais-core` instead of their local copies. Per-bot
+   `*_IDENTITY` constants stay in each MCP package — they're per-bot config,
+   not shared.
+3. **Step 3:** land the MCP packages in their final home (likely individual
+   polyrepos under `voriongit/`, decided in step-2 review).
+
+## Install
+
+```bash
+npm install @vorionsys/aurais-core
+```
+
+Requires Node 22+.
+
+## Usage
+
+### Proof chain
+
+```ts
+import { ProofChain, hashText } from "@vorionsys/aurais-core";
+
+const chain = new ProofChain();
+
+const entry = "User wrote a journal entry…";
+chain.append("session_started", {
+  bot: "aurais-journal-companion@0.1.0",
+  entry_hash: hashText(entry),
+});
+
+chain.append("commentary_generated", {
+  model: "claude-sonnet-4-5",
+  elapsed_ms: 423,
+});
+
+const events = chain.toJSON();      // ProofEvent[]
+const tip = chain.tipHash();        // sha256 of the last canonical event
+```
+
+Each event embeds the signer's pubkey (base64 SPKI) and the Ed25519
+signature, so any consumer can verify chain integrity offline:
+
+```ts
+import { createPublicKey, verify } from "node:crypto";
+import { canonicalJSON } from "@vorionsys/aurais-core";
+
+const evt = events[0];
+// The signed object is everything in the event except `sig`.
+// `pubkey` and `key_id` are part of what's signed — that binds the
+// signer identity to the message.
+const { sig, ...unsigned } = evt;
+const ok = verify(
+  null,
+  Buffer.from(canonicalJSON(unsigned)),
+  createPublicKey({ key: Buffer.from(evt.pubkey, "base64"), format: "der", type: "spki" }),
+  Buffer.from(sig, "base64"),
+);
+```
+
+### CAR identity
+
+```ts
+import { deriveAgentIdentity } from "@vorionsys/aurais-core";
+
+const id = deriveAgentIdentity({
+  slug: "aurais-journal-companion",
+  version: "0.1.0",
+  name: "Aurais Journal Companion",
+  tier: 3,
+  maxEarnableTier: 4,
+  capabilities: [
+    "tool:analyze_journal_entry",
+    "tool:generate_reflection",
+    "data:read:user:journal-entry-transient",
+    "api:post:api.anthropic.com",
+    "runtime:mcp-stdio",
+  ],
+});
+
+console.log(id.carId);            // car-aurais-journal-companion-<12 hex>
+console.log(id.contextHash);      // sha256:<64 hex>
+console.log(id.trustCeiling);     // 600 (BLACK_BOX)
+console.log(id.deploymentId);     // resolved from env vars (see below)
+```
+
+### Signing key resolution
+
+`ProofChain` looks for `AURAIS_SIGNING_KEY_PRIV` (base64 PKCS#8 DER of an
+Ed25519 private key). If unset (or malformed), it generates an ephemeral
+keypair scoped to the current process. The keypair is cached process-wide,
+so warm serverless invocations reuse the same signer.
+
+### Deployment ID resolution
+
+`deriveAgentIdentity` resolves `deploymentId` in this order:
+
+1. `AURAIS_DEPLOYMENT_ID` — explicit override (typical for MCP test/CI runs)
+2. `VERCEL_DEPLOYMENT_ID` — set by Vercel for the Next app
+3. `VERCEL_GIT_COMMIT_SHA` — first 12 chars
+4. `mcp-local-${process.platform}-${process.arch}` — local-dev fallback
+5. `"local-dev"` — last resort
+
+This intentionally unions both consumers' resolution rules so neither
+consumer changes behavior at step-2 fold-in.
+
+## API
+
+```ts
+// Proof chain
+class ProofChain {
+  constructor();
+  append(action: EventAction, payload: Record<string, unknown>): ProofEvent;
+  toJSON(): ProofEvent[];
+  tipHash(): string;
+}
+type EventAction =
+  | "session_started"
+  | "market_data_fetched"
+  | "indicators_computed"
+  | "commentary_generated"
+  | "briefing_assembled";
+type ProofEvent = {
+  seq: number;
+  ts: string;
+  action: EventAction;
+  payload: Record<string, unknown>;
+  prev_hash: string;
+  pubkey: string;
+  key_id: string;
+  sig: string;
+};
+function hashText(s: string): string;            // → "sha256:<64 hex>"
+function hashJSON(v: unknown): string;           // → "sha256:<64 hex>"
+
+// CAR identity
+function deriveAgentIdentity(input: DeriveInput): AgentIdentity;
+const TIER_CEILING: Record<TrustTier, number>;   // canonical.ts ceilings
+const TIER_NAME: Record<TrustTier, string>;
+type TrustTier = 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7;
+
+// Canonical JSON
+function canonicalJSON(value: unknown): string;  // sorted-keys, no whitespace
+function sha256(text: string): string;           // hex
+```
+
+## Known follow-ups (step 2 / step 3)
+
+- **`EventAction` union is hardcoded** to the original five actions
+  (`session_started`, `market_data_fetched`, `indicators_computed`,
+  `commentary_generated`, `briefing_assembled`). The Meeting Distiller and
+  Journal Companion MCPs currently reuse `briefing_assembled` for what's
+  semantically a meeting summary or a reflection. Step 2 should decide
+  whether to widen the union, switch to a `string` typedef, or introduce a
+  per-bot extension point.
+- **`AgentIdentity` shape matches the offline CAR spec** (the live
+  `@vorionsys/car-client` registers against the AgentAnchor backend); when
+  that backend lands the lib should grow a `registerAgent()` shim that
+  flips `registrationStatus` from `offline-attested` to `registered`.
+- **No tests existed in `voriongit/aurais` for these files** before this
+  extraction — the test suite here is the first one. Step-2 fold-in should
+  add an integration test in each consumer that exercises a
+  round-trip-and-verify against this lib.
+
+## Provenance
+
+| File                  | Source                                                                                       |
+| --------------------- | -------------------------------------------------------------------------------------------- |
+| `src/proof-chain.ts`  | `voriongit/aurais` `src/lib/proof-chain.ts` @ `be55bf0fffc4254c4f77da03a99a272f5bb7cd5e`     |
+| `src/car-identity.ts` | `voriongit/aurais` `src/lib/car-identity.ts` @ `be55bf0fffc4254c4f77da03a99a272f5bb7cd5e` (+ widened `deploymentId` resolver) |
+| `src/canonical-json.ts` | Extracted to dedupe within-package; same canonical-JSON algorithm used by both source files |
+| `LICENSE`             | `voriongit/basis-spec-docs` `LICENSE` (canonical Apache-2.0 text)                            |
+
+## Repo
+
+[github.com/voriongit/aurais-core](https://github.com/voriongit/aurais-core)
+— private during step-1 / step-2; visibility decision to be revisited at step 3.

package/dist/canonical-json.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Canonical JSON serializer + sha256 helper.
+ *
+ * Canonical JSON: keys sorted, no whitespace. Used as the input for both
+ * hashing and signing so independent verifiers can reproduce the digest
+ * byte-for-byte regardless of object key insertion order.
+ *
+ * This is intentionally tiny and dependency-free (node:crypto only).
+ * Both proof-chain and car-identity use it; extracted to avoid the
+ * within-package duplication that the source files carried before
+ * consolidation.
+ */
+export declare function canonicalJSON(value: unknown): string;
+export declare function sha256(text: string): string;
+//# sourceMappingURL=canonical-json.d.ts.map

package/dist/canonical-json.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical-json.d.ts","sourceRoot":"","sources":["../src/canonical-json.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAIH,wBAAgB,aAAa,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,CASpD;AAED,wBAAgB,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAE3C"}

package/dist/canonical-json.js

@@ -0,0 +1,28 @@
+/**
+ * Canonical JSON serializer + sha256 helper.
+ *
+ * Canonical JSON: keys sorted, no whitespace. Used as the input for both
+ * hashing and signing so independent verifiers can reproduce the digest
+ * byte-for-byte regardless of object key insertion order.
+ *
+ * This is intentionally tiny and dependency-free (node:crypto only).
+ * Both proof-chain and car-identity use it; extracted to avoid the
+ * within-package duplication that the source files carried before
+ * consolidation.
+ */
+import { createHash } from "node:crypto";
+export function canonicalJSON(value) {
+    if (value === null || typeof value !== "object")
+        return JSON.stringify(value);
+    if (Array.isArray(value)) {
+        return "[" + value.map(canonicalJSON).join(",") + "]";
+    }
+    const obj = value;
+    const keys = Object.keys(obj).sort();
+    const parts = keys.map((k) => JSON.stringify(k) + ":" + canonicalJSON(obj[k]));
+    return "{" + parts.join(",") + "}";
+}
+export function sha256(text) {
+    return createHash("sha256").update(text).digest("hex");
+}
+//# sourceMappingURL=canonical-json.js.map

package/dist/canonical-json.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"canonical-json.js","sourceRoot":"","sources":["../src/canonical-json.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAEzC,MAAM,UAAU,aAAa,CAAC,KAAc;IAC1C,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;IAC9E,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACxD,CAAC;IACD,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/E,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;AACrC,CAAC;AAED,MAAM,UAAU,MAAM,CAAC,IAAY;IACjC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AACzD,CAAC"}

package/dist/car-identity.d.ts

@@ -0,0 +1,70 @@
+/**
+ * Offline CAR identity derivation.
+ *
+ * The full @vorionsys/car-client library is a registry-backed SDK that expects
+ * a live backend (api.agentanchorai.com) for agent registration, role-gate
+ * evaluation, ceiling checks, and tier progression. Aurais consumers (the
+ * Next app + the five aurais-mcp-* packages) don't have that backend stood
+ * up yet, so they can't register bots live.
+ *
+ * What we CAN do offline:
+ *   - Derive a deterministic CAR ID from (bot_slug, bot_version, manifest_hash)
+ *   - Generate a fresh operationId per run
+ *   - Compute a contextHash over the bot's declared capabilities + tier
+ *   - Emit these fields in the proof chain, shape-matching the CAR spec
+ *
+ * When the backend lands, we add a registration step in the bot bootstrap
+ * flow that submits this same agent context and gets a signed registration
+ * record back. All the existing proof-chain events remain compatible.
+ *
+ * Source: extracted (with deploymentId resolver widened to cover both the
+ * Next app's Vercel env and the MCPs' stdio env) from voriongit/aurais
+ * src/lib/car-identity.ts @ be55bf0fffc4254c4f77da03a99a272f5bb7cd5e
+ * on 2026-04-25.
+ */
+export type TrustTier = 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7;
+export declare const TIER_CEILING: Record<TrustTier, number>;
+export declare const TIER_NAME: Record<TrustTier, string>;
+export type AgentIdentity = {
+    /** CAR ID — deterministic, stable across runs of the same deployed version. */
+    carId: string;
+    /** Short human-readable: slug + short hash. */
+    agentId: string;
+    /** Per-run unique operation ID. */
+    operationId: string;
+    /** Org this agent is registered under. */
+    orgId: string;
+    /** Deployment identifier (Vercel env, AURAIS_DEPLOYMENT_ID, or local fallback). */
+    deploymentId: string;
+    /** sha256 of manifest-canonical fields. */
+    contextHash: string;
+    /** Parent registration hash. "" for root agents owned by Vorion LLC. */
+    parentHash: string;
+    /** Trust ceiling (score cap) this tier allows. */
+    trustCeiling: number;
+    /** Starting tier — per spec, all bots begin at T0 until onboarding. */
+    startingTier: TrustTier;
+    /** Max tier this bot is approved to reach. */
+    maxEarnableTier: TrustTier;
+    /** Tier this bot is currently operating at (for offline-attested bots, the required runtime tier). */
+    currentTier: TrustTier;
+    /** Capabilities declared in the manifest. */
+    capabilities: string[];
+    /** Status label for the UI — reflects that live registration is pending backend. */
+    registrationStatus: "offline-attested" | "registered" | "pending";
+};
+export type DeriveInput = {
+    slug: string;
+    version: string;
+    name: string;
+    tier: TrustTier;
+    maxEarnableTier?: TrustTier;
+    capabilities: string[];
+    orgId?: string;
+};
+/**
+ * Derive a deterministic CAR ID for a bot deployment.
+ * Safe to call on every request — same inputs → same ID.
+ */
+export declare function deriveAgentIdentity(input: DeriveInput): AgentIdentity;
+//# sourceMappingURL=car-identity.d.ts.map

package/dist/car-identity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"car-identity.d.ts","sourceRoot":"","sources":["../src/car-identity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAIH,MAAM,MAAM,SAAS,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AAGtD,eAAO,MAAM,YAAY,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CASlD,CAAC;AAEF,eAAO,MAAM,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,MAAM,CAS/C,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,+EAA+E;IAC/E,KAAK,EAAE,MAAM,CAAC;IACd,+CAA+C;IAC/C,OAAO,EAAE,MAAM,CAAC;IAChB,mCAAmC;IACnC,WAAW,EAAE,MAAM,CAAC;IACpB,0CAA0C;IAC1C,KAAK,EAAE,MAAM,CAAC;IACd,mFAAmF;IACnF,YAAY,EAAE,MAAM,CAAC;IACrB,2CAA2C;IAC3C,WAAW,EAAE,MAAM,CAAC;IACpB,wEAAwE;IACxE,UAAU,EAAE,MAAM,CAAC;IACnB,kDAAkD;IAClD,YAAY,EAAE,MAAM,CAAC;IACrB,uEAAuE;IACvE,YAAY,EAAE,SAAS,CAAC;IACxB,8CAA8C;IAC9C,eAAe,EAAE,SAAS,CAAC;IAC3B,sGAAsG;IACtG,WAAW,EAAE,SAAS,CAAC;IACvB,6CAA6C;IAC7C,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,oFAAoF;IACpF,kBAAkB,EAAE,kBAAkB,GAAG,YAAY,GAAG,SAAS,CAAC;CACnE,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,SAAS,CAAC;IAChB,eAAe,CAAC,EAAE,SAAS,CAAC;IAC5B,YAAY,EAAE,MAAM,EAAE,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAAC;AAuBF;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,WAAW,GAAG,aAAa,CA4CrE"}

package/dist/car-identity.js

@@ -0,0 +1,113 @@
+/**
+ * Offline CAR identity derivation.
+ *
+ * The full @vorionsys/car-client library is a registry-backed SDK that expects
+ * a live backend (api.agentanchorai.com) for agent registration, role-gate
+ * evaluation, ceiling checks, and tier progression. Aurais consumers (the
+ * Next app + the five aurais-mcp-* packages) don't have that backend stood
+ * up yet, so they can't register bots live.
+ *
+ * What we CAN do offline:
+ *   - Derive a deterministic CAR ID from (bot_slug, bot_version, manifest_hash)
+ *   - Generate a fresh operationId per run
+ *   - Compute a contextHash over the bot's declared capabilities + tier
+ *   - Emit these fields in the proof chain, shape-matching the CAR spec
+ *
+ * When the backend lands, we add a registration step in the bot bootstrap
+ * flow that submits this same agent context and gets a signed registration
+ * record back. All the existing proof-chain events remain compatible.
+ *
+ * Source: extracted (with deploymentId resolver widened to cover both the
+ * Next app's Vercel env and the MCPs' stdio env) from voriongit/aurais
+ * src/lib/car-identity.ts @ be55bf0fffc4254c4f77da03a99a272f5bb7cd5e
+ * on 2026-04-25.
+ */
+import { canonicalJSON, sha256 } from "./canonical-json.js";
+// Observation ceilings per canonical.ts (packages/basis/src/canonical.ts).
+export const TIER_CEILING = {
+    0: 200,
+    1: 300,
+    2: 450,
+    3: 600, // BLACK_BOX
+    4: 750, // GRAY_BOX
+    5: 900, // WHITE_BOX
+    6: 950, // ATTESTED_BOX
+    7: 1000, // VERIFIED_BOX
+};
+export const TIER_NAME = {
+    0: "PROVISIONING",
+    1: "INITIATED",
+    2: "OBSERVED",
+    3: "BLACK_BOX",
+    4: "GRAY_BOX",
+    5: "WHITE_BOX",
+    6: "ATTESTED_BOX",
+    7: "VERIFIED_BOX",
+};
+/**
+ * Resolve the deployment ID across both Vercel-hosted (Next app) and
+ * stdio-hosted (MCP servers) environments. Priority:
+ *   1. AURAIS_DEPLOYMENT_ID  — explicit override (used by MCPs in CI/tests)
+ *   2. VERCEL_DEPLOYMENT_ID  — set by Vercel for the Next app
+ *   3. VERCEL_GIT_COMMIT_SHA — Vercel commit SHA, first 12 chars
+ *   4. mcp-local-${platform}-${arch} — MCP local-dev fallback
+ *   5. "local-dev" — last-resort
+ */
+function resolveDeploymentId() {
+    if (process.env.AURAIS_DEPLOYMENT_ID)
+        return process.env.AURAIS_DEPLOYMENT_ID;
+    if (process.env.VERCEL_DEPLOYMENT_ID)
+        return process.env.VERCEL_DEPLOYMENT_ID;
+    const sha = process.env.VERCEL_GIT_COMMIT_SHA;
+    if (sha)
+        return sha.slice(0, 12);
+    // Process is always available in Node — both Vercel functions and stdio MCPs.
+    if (process.platform && process.arch) {
+        return `mcp-local-${process.platform}-${process.arch}`;
+    }
+    return "local-dev";
+}
+/**
+ * Derive a deterministic CAR ID for a bot deployment.
+ * Safe to call on every request — same inputs → same ID.
+ */
+export function deriveAgentIdentity(input) {
+    const orgId = input.orgId ?? "vorion-llc";
+    const deploymentId = resolveDeploymentId();
+    // Canonical manifest digest (deterministic, version-pinned)
+    const manifestBlob = canonicalJSON({
+        slug: input.slug,
+        version: input.version,
+        name: input.name,
+        tier: input.tier,
+        capabilities: [...input.capabilities].sort(),
+        orgId,
+    });
+    const contextHash = "sha256:" + sha256(manifestBlob);
+    // CAR ID shape: car-<slug>-<12chars of context+org>
+    const carHashShort = sha256(contextHash + orgId).slice(0, 12);
+    const carId = `car-${input.slug}-${carHashShort}`;
+    // Short agent ID (for logs, badges)
+    const agentId = `${input.slug}@${input.version}`;
+    // Fresh op ID per call
+    const operationId = sha256(carId + Date.now() + Math.random()).slice(0, 16);
+    const trustCeiling = TIER_CEILING[input.tier];
+    const maxEarnableTier = input.maxEarnableTier ?? input.tier;
+    return {
+        carId,
+        agentId,
+        operationId,
+        orgId,
+        deploymentId,
+        contextHash,
+        parentHash: "", // root
+        trustCeiling,
+        startingTier: 0,
+        maxEarnableTier,
+        currentTier: input.tier,
+        capabilities: input.capabilities,
+        // Flip to "registered" once the backend lands and we call CARClient.registerAgent.
+        registrationStatus: "offline-attested",
+    };
+}
+//# sourceMappingURL=car-identity.js.map

package/dist/car-identity.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"car-identity.js","sourceRoot":"","sources":["../src/car-identity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAI5D,2EAA2E;AAC3E,MAAM,CAAC,MAAM,YAAY,GAA8B;IACrD,CAAC,EAAE,GAAG;IACN,CAAC,EAAE,GAAG;IACN,CAAC,EAAE,GAAG;IACN,CAAC,EAAE,GAAG,EAAE,YAAY;IACpB,CAAC,EAAE,GAAG,EAAE,WAAW;IACnB,CAAC,EAAE,GAAG,EAAE,YAAY;IACpB,CAAC,EAAE,GAAG,EAAE,eAAe;IACvB,CAAC,EAAE,IAAI,EAAE,eAAe;CACzB,CAAC;AAEF,MAAM,CAAC,MAAM,SAAS,GAA8B;IAClD,CAAC,EAAE,cAAc;IACjB,CAAC,EAAE,WAAW;IACd,CAAC,EAAE,UAAU;IACb,CAAC,EAAE,WAAW;IACd,CAAC,EAAE,UAAU;IACb,CAAC,EAAE,WAAW;IACd,CAAC,EAAE,cAAc;IACjB,CAAC,EAAE,cAAc;CAClB,CAAC;AAyCF;;;;;;;;GAQG;AACH,SAAS,mBAAmB;IAC1B,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IAC9E,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAoB;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IAC9E,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;IAC9C,IAAI,GAAG;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjC,8EAA8E;IAC9E,IAAI,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACrC,OAAO,aAAa,OAAO,CAAC,QAAQ,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;IACzD,CAAC;IACD,OAAO,WAAW,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAkB;IACpD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,YAAY,CAAC;IAC1C,MAAM,YAAY,GAAG,mBAAmB,EAAE,CAAC;IAE3C,4DAA4D;IAC5D,MAAM,YAAY,GAAG,aAAa,CAAC;QACjC,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,YAAY,EAAE,CAAC,GAAG,KAAK,CAAC,YAAY,CAAC,CAAC,IAAI,EAAE;QAC5C,KAAK;KACN,CAAC,CAAC;IACH,MAAM,WAAW,GAAG,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,CAAC;IAErD,oDAAoD;IACpD,MAAM,YAAY,GAAG,MAAM,CAAC,WAAW,GAAG,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC9D,MAAM,KAAK,GAAG,OAAO,KAAK,CAAC,IAAI,IAAI,YAAY,EAAE,CAAC;IAElD,oCAAoC;IACpC,MAAM,OAAO,GAAG,GAAG,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,OAAO,EAAE,CAAC;IAEjD,uBAAuB;IACvB,MAAM,WAAW,GAAG,MAAM,CAAC,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAE5E,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC9C,MAAM,eAAe,GAAG,KAAK,CAAC,eAAe,IAAI,KAAK,CAAC,IAAI,CAAC;IAE5D,OAAO;QACL,KAAK;QACL,OAAO;QACP,WAAW;QACX,KAAK;QACL,YAAY;QACZ,WAAW;QACX,UAAU,EAAE,EAAE,EAAE,OAAO;QACvB,YAAY;QACZ,YAAY,EAAE,CAAC;QACf,eAAe;QACf,WAAW,EAAE,KAAK,CAAC,IAAI;QACvB,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,mFAAmF;QACnF,kBAAkB,EAAE,kBAAkB;KACvC,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,18 @@
+/**
+ * @vorionsys/aurais-core — shared library for the Aurais ecosystem.
+ *
+ * Public API surface:
+ *  - Proof chain: ProofChain class, ProofEvent / EventAction types,
+ *    hashText / hashJSON helpers
+ *  - CAR identity: deriveAgentIdentity, AgentIdentity / DeriveInput / TrustTier
+ *    types, TIER_CEILING / TIER_NAME tables
+ *  - Canonical JSON: canonicalJSON serializer + sha256 helper (re-exported
+ *    so callers can produce digests that match what the lib produces)
+ *
+ * Source: extracted from voriongit/aurais src/lib/{proof-chain,car-identity}.ts
+ * @ be55bf0fffc4254c4f77da03a99a272f5bb7cd5e — see README.md.
+ */
+export { ProofChain, type ProofEvent, type EventAction, hashText, hashJSON, } from "./proof-chain.js";
+export { deriveAgentIdentity, type AgentIdentity, type DeriveInput, type TrustTier, TIER_CEILING, TIER_NAME, } from "./car-identity.js";
+export { canonicalJSON, sha256 } from "./canonical-json.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EACL,UAAU,EACV,KAAK,UAAU,EACf,KAAK,WAAW,EAChB,QAAQ,EACR,QAAQ,GACT,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,mBAAmB,EACnB,KAAK,aAAa,EAClB,KAAK,WAAW,EAChB,KAAK,SAAS,EACd,YAAY,EACZ,SAAS,GACV,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/index.js

@@ -0,0 +1,18 @@
+/**
+ * @vorionsys/aurais-core — shared library for the Aurais ecosystem.
+ *
+ * Public API surface:
+ *  - Proof chain: ProofChain class, ProofEvent / EventAction types,
+ *    hashText / hashJSON helpers
+ *  - CAR identity: deriveAgentIdentity, AgentIdentity / DeriveInput / TrustTier
+ *    types, TIER_CEILING / TIER_NAME tables
+ *  - Canonical JSON: canonicalJSON serializer + sha256 helper (re-exported
+ *    so callers can produce digests that match what the lib produces)
+ *
+ * Source: extracted from voriongit/aurais src/lib/{proof-chain,car-identity}.ts
+ * @ be55bf0fffc4254c4f77da03a99a272f5bb7cd5e — see README.md.
+ */
+export { ProofChain, hashText, hashJSON, } from "./proof-chain.js";
+export { deriveAgentIdentity, TIER_CEILING, TIER_NAME, } from "./car-identity.js";
+export { canonicalJSON, sha256 } from "./canonical-json.js";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EACL,UAAU,EAGV,QAAQ,EACR,QAAQ,GACT,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,mBAAmB,EAInB,YAAY,EACZ,SAAS,GACV,MAAM,mBAAmB,CAAC;AAE3B,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC"}

package/dist/proof-chain.d.ts

@@ -0,0 +1,54 @@
+/**
+ * Proof chain — signed + hash-chained event log for bot actions.
+ *
+ * Every event in a session carries:
+ *  - timestamp (ISO)
+ *  - action    (short machine-readable code)
+ *  - payload   (action-specific data)
+ *  - prev_hash (sha-256 of the previous event's canonical JSON, or "")
+ *  - signature (ed25519 over canonical JSON of everything above)
+ *  - pubkey    (base64 SPKI of the signing key — for independent verification)
+ *
+ * Signing key lifecycle (v0):
+ *  - If AURAIS_SIGNING_KEY_PRIV is set (base64 PKCS#8 DER), use it.
+ *  - Otherwise generate a session-scoped keypair on first use. The keypair
+ *    lives for the duration of the serverless / process instance (warm
+ *    invocations reuse it). This is fine for the BYOK demo; production
+ *    bots will load a managed key from a KMS-style secret store.
+ *
+ * Source: extracted unchanged from voriongit/aurais src/lib/proof-chain.ts
+ * @ be55bf0fffc4254c4f77da03a99a272f5bb7cd5e on 2026-04-25.
+ */
+/**
+ * Test/internal helper — drop the cached keypair so the next ProofChain
+ * picks up a fresh AURAIS_SIGNING_KEY_PRIV. Not exported from index.ts.
+ */
+export declare function _resetKeyCacheForTests(): void;
+/**
+ * The event-action vocabulary used today across the Aurais Next app and the
+ * five aurais-mcp-* packages. Keeping the union frozen for step 1 to avoid
+ * breaking any consumer; widening / per-bot vocabularies will land in step 2.
+ */
+export type EventAction = "session_started" | "market_data_fetched" | "indicators_computed" | "commentary_generated" | "briefing_assembled";
+export type ProofEvent = {
+    seq: number;
+    ts: string;
+    action: EventAction;
+    payload: Record<string, unknown>;
+    prev_hash: string;
+    pubkey: string;
+    key_id: string;
+    sig: string;
+};
+export declare class ProofChain {
+    private events;
+    private keys;
+    constructor();
+    append(action: EventAction, payload: Record<string, unknown>): ProofEvent;
+    toJSON(): ProofEvent[];
+    /** Sha-256 of the canonical last event — the "tip" of the chain. */
+    tipHash(): string;
+}
+export declare function hashText(s: string): string;
+export declare function hashJSON(v: unknown): string;
+//# sourceMappingURL=proof-chain.d.ts.map

package/dist/proof-chain.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"proof-chain.d.ts","sourceRoot":"","sources":["../src/proof-chain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAgDH;;;GAGG;AACH,wBAAgB,sBAAsB,IAAI,IAAI,CAE7C;AAID;;;;GAIG;AACH,MAAM,MAAM,WAAW,GACnB,iBAAiB,GACjB,qBAAqB,GACrB,qBAAqB,GACrB,sBAAsB,GACtB,oBAAoB,CAAC;AAEzB,MAAM,MAAM,UAAU,GAAG;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,WAAW,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,MAAM,CAAC;CACb,CAAC;AAEF,qBAAa,UAAU;IACrB,OAAO,CAAC,MAAM,CAAoB;IAClC,OAAO,CAAC,IAAI,CAAU;;IAMtB,MAAM,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,UAAU;IAsBzE,MAAM,IAAI,UAAU,EAAE;IAItB,oEAAoE;IACpE,OAAO,IAAI,MAAM;CAIlB;AAID,wBAAgB,QAAQ,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAE1C;AAED,wBAAgB,QAAQ,CAAC,CAAC,EAAE,OAAO,GAAG,MAAM,CAE3C"}

package/dist/proof-chain.js

@@ -0,0 +1,99 @@
+/**
+ * Proof chain — signed + hash-chained event log for bot actions.
+ *
+ * Every event in a session carries:
+ *  - timestamp (ISO)
+ *  - action    (short machine-readable code)
+ *  - payload   (action-specific data)
+ *  - prev_hash (sha-256 of the previous event's canonical JSON, or "")
+ *  - signature (ed25519 over canonical JSON of everything above)
+ *  - pubkey    (base64 SPKI of the signing key — for independent verification)
+ *
+ * Signing key lifecycle (v0):
+ *  - If AURAIS_SIGNING_KEY_PRIV is set (base64 PKCS#8 DER), use it.
+ *  - Otherwise generate a session-scoped keypair on first use. The keypair
+ *    lives for the duration of the serverless / process instance (warm
+ *    invocations reuse it). This is fine for the BYOK demo; production
+ *    bots will load a managed key from a KMS-style secret store.
+ *
+ * Source: extracted unchanged from voriongit/aurais src/lib/proof-chain.ts
+ * @ be55bf0fffc4254c4f77da03a99a272f5bb7cd5e on 2026-04-25.
+ */
+import { generateKeyPairSync, sign as cryptoSign, createPrivateKey, createPublicKey, } from "node:crypto";
+import { canonicalJSON, sha256 } from "./canonical-json.js";
+let cachedKeys = null;
+function ed25519KeyPair() {
+    if (cachedKeys)
+        return cachedKeys;
+    const envPriv = process.env.AURAIS_SIGNING_KEY_PRIV;
+    if (envPriv) {
+        try {
+            // Ed25519 private keys in PKCS#8 DER, base64
+            const der = Buffer.from(envPriv, "base64");
+            const priv = createPrivateKey({ key: der, format: "der", type: "pkcs8" });
+            const pub = createPublicKey(priv);
+            const pubB64 = pub.export({ format: "der", type: "spki" }).toString("base64");
+            const keyId = "ed25519:" + sha256(pubB64).slice(0, 12);
+            cachedKeys = { priv, pub, pubB64, keyId };
+            return cachedKeys;
+        }
+        catch {
+            // fall through to session-scoped generation if env var is malformed
+        }
+    }
+    const { privateKey, publicKey } = generateKeyPairSync("ed25519");
+    const pubB64 = publicKey.export({ format: "der", type: "spki" }).toString("base64");
+    const keyId = "ed25519-ephemeral:" + sha256(pubB64).slice(0, 12);
+    cachedKeys = { priv: privateKey, pub: publicKey, pubB64, keyId };
+    return cachedKeys;
+}
+/**
+ * Test/internal helper — drop the cached keypair so the next ProofChain
+ * picks up a fresh AURAIS_SIGNING_KEY_PRIV. Not exported from index.ts.
+ */
+export function _resetKeyCacheForTests() {
+    cachedKeys = null;
+}
+export class ProofChain {
+    events = [];
+    keys;
+    constructor() {
+        this.keys = ed25519KeyPair();
+    }
+    append(action, payload) {
+        const seq = this.events.length;
+        const prev_hash = seq === 0 ? "" : sha256(canonicalJSON(this.events[seq - 1]));
+        const ts = new Date().toISOString();
+        const unsigned = {
+            seq,
+            ts,
+            action,
+            payload,
+            prev_hash,
+            pubkey: this.keys.pubB64,
+            key_id: this.keys.keyId,
+        };
+        const toSign = Buffer.from(canonicalJSON(unsigned));
+        const sig = cryptoSign(null, toSign, this.keys.priv).toString("base64");
+        const event = { ...unsigned, sig };
+        this.events.push(event);
+        return event;
+    }
+    toJSON() {
+        return this.events;
+    }
+    /** Sha-256 of the canonical last event — the "tip" of the chain. */
+    tipHash() {
+        if (this.events.length === 0)
+            return "";
+        return sha256(canonicalJSON(this.events[this.events.length - 1]));
+    }
+}
+// ---------- payload hashers (keep payloads small; commit to full content via hash) ----------
+export function hashText(s) {
+    return "sha256:" + sha256(s);
+}
+export function hashJSON(v) {
+    return "sha256:" + sha256(canonicalJSON(v));
+}
+//# sourceMappingURL=proof-chain.js.map

package/dist/proof-chain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proof-chain.js","sourceRoot":"","sources":["../src/proof-chain.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EACL,mBAAmB,EACnB,IAAI,IAAI,UAAU,EAElB,gBAAgB,EAChB,eAAe,GAChB,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAW5D,IAAI,UAAU,GAAmB,IAAI,CAAC;AAEtC,SAAS,cAAc;IACrB,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAElC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IACpD,IAAI,OAAO,EAAE,CAAC;QACZ,IAAI,CAAC;YACH,6CAA6C;YAC7C,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC3C,MAAM,IAAI,GAAG,gBAAgB,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1E,MAAM,GAAG,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;YAClC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAC9E,MAAM,KAAK,GAAG,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACvD,UAAU,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC1C,OAAO,UAAU,CAAC;QACpB,CAAC;QAAC,MAAM,CAAC;YACP,oEAAoE;QACtE,CAAC;IACH,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;IACjE,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACpF,MAAM,KAAK,GAAG,oBAAoB,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACjE,UAAU,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IACjE,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,sBAAsB;IACpC,UAAU,GAAG,IAAI,CAAC;AACpB,CAAC;AA2BD,MAAM,OAAO,UAAU;IACb,MAAM,GAAiB,EAAE,CAAC;IAC1B,IAAI,CAAU;IAEtB;QACE,IAAI,CAAC,IAAI,GAAG,cAAc,EAAE,CAAC;IAC/B,CAAC;IAED,MAAM,CAAC,MAAmB,EAAE,OAAgC;QAC1D,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAC/B,MAAM,SAAS,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/E,MAAM,EAAE,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAEpC,MAAM,QAAQ,GAAG;YACf,GAAG;YACH,EAAE;YACF,MAAM;YACN,OAAO;YACP,SAAS;YACT,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM;YACxB,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK;SACxB,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC;QACpD,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAExE,MAAM,KAAK,GAAe,EAAE,GAAG,QAAQ,EAAE,GAAG,EAAE,CAAC;QAC/C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,oEAAoE;IACpE,OAAO;QACL,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,EAAE,CAAC;QACxC,OAAO,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACpE,CAAC;CACF;AAED,+FAA+F;AAE/F,MAAM,UAAU,QAAQ,CAAC,CAAS;IAChC,OAAO,SAAS,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AAC/B,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,CAAU;IACjC,OAAO,SAAS,GAAG,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9C,CAAC"}

package/package.json

@@ -0,0 +1,57 @@
+{
+  "name": "@vorionsys/aurais-core",
+  "version": "0.1.0",
+  "description": "Shared library for the Aurais ecosystem — proof-chain (Ed25519-signed, sha256-chained event log) and CAR identity helpers. Step 1 of 3 in the aurais-mcp-* consolidation.",
+  "license": "Apache-2.0",
+  "author": "Vorion LLC <team@vorion.org>",
+  "homepage": "https://github.com/voriongit/aurais-core",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/voriongit/aurais-core.git"
+  },
+  "bugs": {
+    "url": "https://github.com/voriongit/aurais-core/issues"
+  },
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    },
+    "./proof-chain": {
+      "types": "./dist/proof-chain.d.ts",
+      "import": "./dist/proof-chain.js"
+    },
+    "./car-identity": {
+      "types": "./dist/car-identity.d.ts",
+      "import": "./dist/car-identity.js"
+    },
+    "./canonical-json": {
+      "types": "./dist/canonical-json.d.ts",
+      "import": "./dist/canonical-json.js"
+    }
+  },
+  "files": [
+    "dist",
+    "src",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=22"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "prepare": "npm run build",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "clean": "node -e \"require('node:fs').rmSync('dist',{recursive:true,force:true})\""
+  },
+  "devDependencies": {
+    "@types/node": "^22.19.17",
+    "typescript": "^5.9.3",
+    "vitest": "^2.1.9"
+  }
+}

package/src/canonical-json.ts

@@ -0,0 +1,29 @@
+/**
+ * Canonical JSON serializer + sha256 helper.
+ *
+ * Canonical JSON: keys sorted, no whitespace. Used as the input for both
+ * hashing and signing so independent verifiers can reproduce the digest
+ * byte-for-byte regardless of object key insertion order.
+ *
+ * This is intentionally tiny and dependency-free (node:crypto only).
+ * Both proof-chain and car-identity use it; extracted to avoid the
+ * within-package duplication that the source files carried before
+ * consolidation.
+ */
+
+import { createHash } from "node:crypto";
+
+export function canonicalJSON(value: unknown): string {
+  if (value === null || typeof value !== "object") return JSON.stringify(value);
+  if (Array.isArray(value)) {
+    return "[" + value.map(canonicalJSON).join(",") + "]";
+  }
+  const obj = value as Record<string, unknown>;
+  const keys = Object.keys(obj).sort();
+  const parts = keys.map((k) => JSON.stringify(k) + ":" + canonicalJSON(obj[k]));
+  return "{" + parts.join(",") + "}";
+}
+
+export function sha256(text: string): string {
+  return createHash("sha256").update(text).digest("hex");
+}

package/src/car-identity.ts

@@ -0,0 +1,161 @@
+/**
+ * Offline CAR identity derivation.
+ *
+ * The full @vorionsys/car-client library is a registry-backed SDK that expects
+ * a live backend (api.agentanchorai.com) for agent registration, role-gate
+ * evaluation, ceiling checks, and tier progression. Aurais consumers (the
+ * Next app + the five aurais-mcp-* packages) don't have that backend stood
+ * up yet, so they can't register bots live.
+ *
+ * What we CAN do offline:
+ *   - Derive a deterministic CAR ID from (bot_slug, bot_version, manifest_hash)
+ *   - Generate a fresh operationId per run
+ *   - Compute a contextHash over the bot's declared capabilities + tier
+ *   - Emit these fields in the proof chain, shape-matching the CAR spec
+ *
+ * When the backend lands, we add a registration step in the bot bootstrap
+ * flow that submits this same agent context and gets a signed registration
+ * record back. All the existing proof-chain events remain compatible.
+ *
+ * Source: extracted (with deploymentId resolver widened to cover both the
+ * Next app's Vercel env and the MCPs' stdio env) from voriongit/aurais
+ * src/lib/car-identity.ts @ be55bf0fffc4254c4f77da03a99a272f5bb7cd5e
+ * on 2026-04-25.
+ */
+
+import { canonicalJSON, sha256 } from "./canonical-json.js";
+
+export type TrustTier = 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7;
+
+// Observation ceilings per canonical.ts (packages/basis/src/canonical.ts).
+export const TIER_CEILING: Record<TrustTier, number> = {
+  0: 200,
+  1: 300,
+  2: 450,
+  3: 600, // BLACK_BOX
+  4: 750, // GRAY_BOX
+  5: 900, // WHITE_BOX
+  6: 950, // ATTESTED_BOX
+  7: 1000, // VERIFIED_BOX
+};
+
+export const TIER_NAME: Record<TrustTier, string> = {
+  0: "PROVISIONING",
+  1: "INITIATED",
+  2: "OBSERVED",
+  3: "BLACK_BOX",
+  4: "GRAY_BOX",
+  5: "WHITE_BOX",
+  6: "ATTESTED_BOX",
+  7: "VERIFIED_BOX",
+};
+
+export type AgentIdentity = {
+  /** CAR ID — deterministic, stable across runs of the same deployed version. */
+  carId: string;
+  /** Short human-readable: slug + short hash. */
+  agentId: string;
+  /** Per-run unique operation ID. */
+  operationId: string;
+  /** Org this agent is registered under. */
+  orgId: string;
+  /** Deployment identifier (Vercel env, AURAIS_DEPLOYMENT_ID, or local fallback). */
+  deploymentId: string;
+  /** sha256 of manifest-canonical fields. */
+  contextHash: string;
+  /** Parent registration hash. "" for root agents owned by Vorion LLC. */
+  parentHash: string;
+  /** Trust ceiling (score cap) this tier allows. */
+  trustCeiling: number;
+  /** Starting tier — per spec, all bots begin at T0 until onboarding. */
+  startingTier: TrustTier;
+  /** Max tier this bot is approved to reach. */
+  maxEarnableTier: TrustTier;
+  /** Tier this bot is currently operating at (for offline-attested bots, the required runtime tier). */
+  currentTier: TrustTier;
+  /** Capabilities declared in the manifest. */
+  capabilities: string[];
+  /** Status label for the UI — reflects that live registration is pending backend. */
+  registrationStatus: "offline-attested" | "registered" | "pending";
+};
+
+export type DeriveInput = {
+  slug: string;
+  version: string;
+  name: string;
+  tier: TrustTier;
+  maxEarnableTier?: TrustTier;
+  capabilities: string[];
+  orgId?: string;
+};
+
+/**
+ * Resolve the deployment ID across both Vercel-hosted (Next app) and
+ * stdio-hosted (MCP servers) environments. Priority:
+ *   1. AURAIS_DEPLOYMENT_ID  — explicit override (used by MCPs in CI/tests)
+ *   2. VERCEL_DEPLOYMENT_ID  — set by Vercel for the Next app
+ *   3. VERCEL_GIT_COMMIT_SHA — Vercel commit SHA, first 12 chars
+ *   4. mcp-local-${platform}-${arch} — MCP local-dev fallback
+ *   5. "local-dev" — last-resort
+ */
+function resolveDeploymentId(): string {
+  if (process.env.AURAIS_DEPLOYMENT_ID) return process.env.AURAIS_DEPLOYMENT_ID;
+  if (process.env.VERCEL_DEPLOYMENT_ID) return process.env.VERCEL_DEPLOYMENT_ID;
+  const sha = process.env.VERCEL_GIT_COMMIT_SHA;
+  if (sha) return sha.slice(0, 12);
+  // Process is always available in Node — both Vercel functions and stdio MCPs.
+  if (process.platform && process.arch) {
+    return `mcp-local-${process.platform}-${process.arch}`;
+  }
+  return "local-dev";
+}
+
+/**
+ * Derive a deterministic CAR ID for a bot deployment.
+ * Safe to call on every request — same inputs → same ID.
+ */
+export function deriveAgentIdentity(input: DeriveInput): AgentIdentity {
+  const orgId = input.orgId ?? "vorion-llc";
+  const deploymentId = resolveDeploymentId();
+
+  // Canonical manifest digest (deterministic, version-pinned)
+  const manifestBlob = canonicalJSON({
+    slug: input.slug,
+    version: input.version,
+    name: input.name,
+    tier: input.tier,
+    capabilities: [...input.capabilities].sort(),
+    orgId,
+  });
+  const contextHash = "sha256:" + sha256(manifestBlob);
+
+  // CAR ID shape: car-<slug>-<12chars of context+org>
+  const carHashShort = sha256(contextHash + orgId).slice(0, 12);
+  const carId = `car-${input.slug}-${carHashShort}`;
+
+  // Short agent ID (for logs, badges)
+  const agentId = `${input.slug}@${input.version}`;
+
+  // Fresh op ID per call
+  const operationId = sha256(carId + Date.now() + Math.random()).slice(0, 16);
+
+  const trustCeiling = TIER_CEILING[input.tier];
+  const maxEarnableTier = input.maxEarnableTier ?? input.tier;
+
+  return {
+    carId,
+    agentId,
+    operationId,
+    orgId,
+    deploymentId,
+    contextHash,
+    parentHash: "", // root
+    trustCeiling,
+    startingTier: 0,
+    maxEarnableTier,
+    currentTier: input.tier,
+    capabilities: input.capabilities,
+    // Flip to "registered" once the backend lands and we call CARClient.registerAgent.
+    registrationStatus: "offline-attested",
+  };
+}

package/src/index.ts

@@ -0,0 +1,33 @@
+/**
+ * @vorionsys/aurais-core — shared library for the Aurais ecosystem.
+ *
+ * Public API surface:
+ *  - Proof chain: ProofChain class, ProofEvent / EventAction types,
+ *    hashText / hashJSON helpers
+ *  - CAR identity: deriveAgentIdentity, AgentIdentity / DeriveInput / TrustTier
+ *    types, TIER_CEILING / TIER_NAME tables
+ *  - Canonical JSON: canonicalJSON serializer + sha256 helper (re-exported
+ *    so callers can produce digests that match what the lib produces)
+ *
+ * Source: extracted from voriongit/aurais src/lib/{proof-chain,car-identity}.ts
+ * @ be55bf0fffc4254c4f77da03a99a272f5bb7cd5e — see README.md.
+ */
+
+export {
+  ProofChain,
+  type ProofEvent,
+  type EventAction,
+  hashText,
+  hashJSON,
+} from "./proof-chain.js";
+
+export {
+  deriveAgentIdentity,
+  type AgentIdentity,
+  type DeriveInput,
+  type TrustTier,
+  TIER_CEILING,
+  TIER_NAME,
+} from "./car-identity.js";
+
+export { canonicalJSON, sha256 } from "./canonical-json.js";

package/src/proof-chain.ts

@@ -0,0 +1,151 @@
+/**
+ * Proof chain — signed + hash-chained event log for bot actions.
+ *
+ * Every event in a session carries:
+ *  - timestamp (ISO)
+ *  - action    (short machine-readable code)
+ *  - payload   (action-specific data)
+ *  - prev_hash (sha-256 of the previous event's canonical JSON, or "")
+ *  - signature (ed25519 over canonical JSON of everything above)
+ *  - pubkey    (base64 SPKI of the signing key — for independent verification)
+ *
+ * Signing key lifecycle (v0):
+ *  - If AURAIS_SIGNING_KEY_PRIV is set (base64 PKCS#8 DER), use it.
+ *  - Otherwise generate a session-scoped keypair on first use. The keypair
+ *    lives for the duration of the serverless / process instance (warm
+ *    invocations reuse it). This is fine for the BYOK demo; production
+ *    bots will load a managed key from a KMS-style secret store.
+ *
+ * Source: extracted unchanged from voriongit/aurais src/lib/proof-chain.ts
+ * @ be55bf0fffc4254c4f77da03a99a272f5bb7cd5e on 2026-04-25.
+ */
+
+import {
+  generateKeyPairSync,
+  sign as cryptoSign,
+  type KeyObject,
+  createPrivateKey,
+  createPublicKey,
+} from "node:crypto";
+import { canonicalJSON, sha256 } from "./canonical-json.js";
+
+// ---------- key material ----------
+
+type KeyPair = {
+  priv: KeyObject;
+  pub: KeyObject;
+  pubB64: string;
+  keyId: string; // short fingerprint prefix, for display
+};
+
+let cachedKeys: KeyPair | null = null;
+
+function ed25519KeyPair(): KeyPair {
+  if (cachedKeys) return cachedKeys;
+
+  const envPriv = process.env.AURAIS_SIGNING_KEY_PRIV;
+  if (envPriv) {
+    try {
+      // Ed25519 private keys in PKCS#8 DER, base64
+      const der = Buffer.from(envPriv, "base64");
+      const priv = createPrivateKey({ key: der, format: "der", type: "pkcs8" });
+      const pub = createPublicKey(priv);
+      const pubB64 = pub.export({ format: "der", type: "spki" }).toString("base64");
+      const keyId = "ed25519:" + sha256(pubB64).slice(0, 12);
+      cachedKeys = { priv, pub, pubB64, keyId };
+      return cachedKeys;
+    } catch {
+      // fall through to session-scoped generation if env var is malformed
+    }
+  }
+
+  const { privateKey, publicKey } = generateKeyPairSync("ed25519");
+  const pubB64 = publicKey.export({ format: "der", type: "spki" }).toString("base64");
+  const keyId = "ed25519-ephemeral:" + sha256(pubB64).slice(0, 12);
+  cachedKeys = { priv: privateKey, pub: publicKey, pubB64, keyId };
+  return cachedKeys;
+}
+
+/**
+ * Test/internal helper — drop the cached keypair so the next ProofChain
+ * picks up a fresh AURAIS_SIGNING_KEY_PRIV. Not exported from index.ts.
+ */
+export function _resetKeyCacheForTests(): void {
+  cachedKeys = null;
+}
+
+// ---------- events ----------
+
+/**
+ * The event-action vocabulary used today across the Aurais Next app and the
+ * five aurais-mcp-* packages. Keeping the union frozen for step 1 to avoid
+ * breaking any consumer; widening / per-bot vocabularies will land in step 2.
+ */
+export type EventAction =
+  | "session_started"
+  | "market_data_fetched"
+  | "indicators_computed"
+  | "commentary_generated"
+  | "briefing_assembled";
+
+export type ProofEvent = {
+  seq: number;
+  ts: string; // ISO
+  action: EventAction;
+  payload: Record<string, unknown>;
+  prev_hash: string; // "" for seq=0
+  pubkey: string; // base64 SPKI of the signer
+  key_id: string; // short fingerprint
+  sig: string; // base64 Ed25519 signature over canonical JSON of the above
+};
+
+export class ProofChain {
+  private events: ProofEvent[] = [];
+  private keys: KeyPair;
+
+  constructor() {
+    this.keys = ed25519KeyPair();
+  }
+
+  append(action: EventAction, payload: Record<string, unknown>): ProofEvent {
+    const seq = this.events.length;
+    const prev_hash = seq === 0 ? "" : sha256(canonicalJSON(this.events[seq - 1]));
+    const ts = new Date().toISOString();
+
+    const unsigned = {
+      seq,
+      ts,
+      action,
+      payload,
+      prev_hash,
+      pubkey: this.keys.pubB64,
+      key_id: this.keys.keyId,
+    };
+    const toSign = Buffer.from(canonicalJSON(unsigned));
+    const sig = cryptoSign(null, toSign, this.keys.priv).toString("base64");
+
+    const event: ProofEvent = { ...unsigned, sig };
+    this.events.push(event);
+    return event;
+  }
+
+  toJSON(): ProofEvent[] {
+    return this.events;
+  }
+
+  /** Sha-256 of the canonical last event — the "tip" of the chain. */
+  tipHash(): string {
+    if (this.events.length === 0) return "";
+    return sha256(canonicalJSON(this.events[this.events.length - 1]));
+  }
+}
+
+// ---------- payload hashers (keep payloads small; commit to full content via hash) ----------
+
+export function hashText(s: string): string {
+  return "sha256:" + sha256(s);
+}
+
+export function hashJSON(v: unknown): string {
+  return "sha256:" + sha256(canonicalJSON(v));
+}