@wipcomputer/wip-ldm-os 0.4.85-alpha.6 → 0.4.85-alpha.8

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ldm-os",
-  "version": "0.4.85-alpha.6",
+  "version": "0.4.85-alpha.8",
   "type": "module",
   "description": "LDM OS: identity, memory, and sovereignty infrastructure for AI agents",
   "engines": {
@@ -29,6 +29,7 @@
     "test:bin-manifest": "node scripts/test-bin-manifest.mjs",
     "test:crc-agentid-tenant-boundary": "node scripts/test-crc-agentid-tenant-boundary.mjs",
     "test:crc-pair-login-flow": "node scripts/test-crc-pair-login-flow.mjs",
+    "test:crc-pair-status-poll-token": "node scripts/test-crc-pair-status-poll-token.mjs",
     "test:crc-e2ee-session-route": "node scripts/test-crc-e2ee-session-route.mjs",
     "fmt": "npx prettier --write 'src/**/*.{ts,mjs}' 'lib/**/*.mjs' 'bin/**/*.js'",
     "fmt:check": "npx prettier --check 'src/**/*.{ts,mjs}' 'lib/**/*.mjs' 'bin/**/*.js'"

package/scripts/test-crc-agentid-tenant-boundary.mjs

@@ -17,15 +17,15 @@ function assertNotContains(needle, label) {
 
 assertContains('const ACCOUNT_TENANT_PREFIX = "acct:";', "account tenant prefix");
 assertContains('const LEGACY_API_KEY_TENANT_PREFIX = "key:";', "legacy key tenant prefix");
-assertContains('const RESERVED_AGENT_HANDLES = new Set([', "reserved handle set");
-assertContains('"parker-smoke-test",', "reserved parker smoke handle");
 assertContains('function accountTenantIdForUserId(userId)', "account tenant helper");
 assertContains('function identityForApiKey(key)', "api key identity helper");
 assertContains('return identityForApiKey(key);', "http auth uses identity helper");
 assertContains("const agentId = accountTenantIdForUserId(stored.userId);", "registration uses immutable account tenant");
+assertContains("function sanitizeDisplayLabel(raw)", "display label sanitizer");
+assertContains('replace(/[\\u0000-\\u001f\\u007f]/g, "").replace(/\\s+/g, " ").trim().slice(0, 64)', "display label sanitizer preserves label semantics");
+assertContains("const displayLabel = sanitizeDisplayLabel(body?.displayName || body?.username);", "registration treats entered name as display label");
+assertContains("displayLabel,", "registration challenge stores display label");
 assertContains("await saveApiKey(apiKey, agentId, { handle: credentialLabel });", "registration stores handle separately");
-assertContains('json(res, 409, { error: "reserved_handle"', "reserved handle rejected");
-assertContains('json(res, 409, { error: "handle_taken"', "duplicate handle rejected");
 assertContains("p.handle = identity.handle;", "pair stores display handle separately");
 assertContains("handle: identity.handle,", "relay metadata returns display handle");
 assertContains("codexDaemons.has(identity.agentId)", "daemon presence uses tenant id");
@@ -37,6 +37,10 @@ assertContains("const key = codexRelayKey(identity.agentId, threadId);", "web ws
 assertContains("const daemonWs = codexDaemons.get(identity.agentId);", "web sends to tenant daemon");
 assertNotContains("const agentId = stored.username || (\"passkey-\"", "registration must not use chosen handle as tenant");
 assertNotContains("const existingKey = Object.entries(API_KEYS).find(([k, v]) => v === agentId);", "oauth must not reuse chosen handle as tenant");
+assertNotContains("function isUsernameTaken", "display labels must not be globally unique usernames");
+assertNotContains("function sanitizeUsername", "display labels must not be modeled as usernames");
+assertNotContains('json(res, 409, { error: "reserved_handle"', "display labels must not be blocked as reserved security handles");
+assertNotContains('json(res, 409, { error: "handle_taken"', "duplicate display labels must be allowed");
 
 function legacyTenantIdForApiKey(key) {
   return "key:" + createHash("sha256").update(key).digest("base64url").slice(0, 32);
@@ -47,11 +51,16 @@ function accountTenantIdForUserId(userId) {
 }
 
 const chosenHandle = "parker-smoke-test";
+const sharedDisplayLabel = "Parker";
 const accountA = accountTenantIdForUserId("user-a");
 const accountB = accountTenantIdForUserId("user-b");
+const threadId = "thread-019dfa";
 if (accountA === accountB) {
   throw new Error("different user ids collapsed to one account tenant");
 }
+if (`${sharedDisplayLabel}:${threadId}` === `${accountA}:${threadId}` || `${sharedDisplayLabel}:${threadId}` === `${accountB}:${threadId}`) {
+  throw new Error("display label was used as a relay route key");
+}
 
 const legacyA = legacyTenantIdForApiKey("ck-a");
 const legacyB = legacyTenantIdForApiKey("ck-b");
@@ -59,7 +68,6 @@ if (legacyA === legacyB) {
   throw new Error("legacy API-key tenants collided");
 }
 
-const threadId = "thread-019dfa";
 const webKeyA = `${accountA}:${threadId}`;
 const webKeyB = `${accountB}:${threadId}`;
 if (webKeyA === webKeyB) {

package/scripts/test-crc-pair-status-poll-token.mjs

@@ -0,0 +1,73 @@
+import { readFileSync } from "node:fs";
+
+const server = readFileSync("src/hosted-mcp/server.mjs", "utf8");
+
+function assertContains(needle, label) {
+  if (!server.includes(needle)) {
+    throw new Error(`${label} missing expected text: ${needle}`);
+  }
+}
+
+function assertNotContains(needle, label) {
+  if (server.includes(needle)) {
+    throw new Error(`${label} still contains forbidden text: ${needle}`);
+  }
+}
+
+assertContains("function generateCodexPairPollToken()", "pair poll token generator");
+assertContains('return "ppt_" + randomBytes(32).toString("base64url");', "pair poll token entropy");
+assertContains("function getBearerToken(req)", "bearer token helper");
+assertContains("const pollToken = generateCodexPairPollToken();", "pair-init mints poll token");
+assertContains("poll_token: pollToken,", "pair state stores poll token");
+assertContains("poll_token_used: false,", "pair state tracks token consumption");
+assertContains("pair_poll_token: pollToken,", "pair-init returns poll token to daemon");
+assertContains('json(res, 401, { error: "pair_poll_token_expired" });', "expired token rejected");
+assertContains('json(res, 401, { error: "invalid_pair_poll_token" });', "missing or wrong token rejected");
+assertContains("if (!pollToken || pollToken !== p.poll_token || p.poll_token_used)", "pair-status validates token");
+assertContains("p.poll_token_used = true;", "completed credential response consumes token");
+
+function pairStatusModel(pair, bearer, now) {
+  if (now > pair.expires) return { code: 401, body: { error: "pair_poll_token_expired" } };
+  if (!bearer || bearer !== pair.poll_token || pair.poll_token_used) {
+    return { code: 401, body: { error: "invalid_pair_poll_token" } };
+  }
+  if (pair.status === "completed") {
+    pair.poll_token_used = true;
+    return { code: 200, body: { status: "completed", api_key: pair.apiKey, handle: pair.handle } };
+  }
+  return { code: 200, body: { status: pair.status } };
+}
+
+const pair = {
+  status: "pending",
+  expires: 10_000,
+  poll_token: "ppt_good",
+  poll_token_used: false,
+  apiKey: "ck_secret",
+  handle: "Parker",
+};
+
+if (pairStatusModel({ ...pair }, null, 1).code !== 401) {
+  throw new Error("missing poll token should fail");
+}
+if (pairStatusModel({ ...pair }, "ppt_wrong", 1).code !== 401) {
+  throw new Error("wrong poll token should fail");
+}
+if (pairStatusModel({ ...pair }, "ppt_good", 20_000).code !== 401) {
+  throw new Error("expired poll token should fail");
+}
+if (pairStatusModel({ ...pair }, "ppt_good", 1).body.status !== "pending") {
+  throw new Error("correct poll token should return pending before completion");
+}
+
+const completedPair = { ...pair, status: "completed" };
+const completed = pairStatusModel(completedPair, "ppt_good", 1);
+if (completed.code !== 200 || completed.body.api_key !== "ck_secret") {
+  throw new Error("correct poll token should return completed credential once");
+}
+const replay = pairStatusModel(completedPair, "ppt_good", 1);
+if (replay.code !== 401) {
+  throw new Error("reused completed poll token should fail");
+}
+
+console.log("crc pair-status poll token checks passed");

package/src/hosted-mcp/server.mjs

@@ -110,9 +110,6 @@ const API_KEY_HANDLES = {};
 const ACCOUNT_TENANT_PREFIX = "acct:";
 const LEGACY_API_KEY_TENANT_PREFIX = "key:";
 const OAUTH_API_KEY_TENANT_PREFIX = "oauth:";
-const RESERVED_AGENT_HANDLES = new Set([
-  "parker-smoke-test",
-]);
 
 function isInternalTenantId(id) {
   return typeof id === "string"
@@ -519,21 +516,12 @@ function esc(s) {
   return s.replace(/&/g, "&amp;").replace(/"/g, "&quot;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
 }
 
-function sanitizeUsername(raw) {
+function sanitizeDisplayLabel(raw) {
   if (!raw || typeof raw !== "string") return null;
-  const cleaned = raw.toLowerCase().replace(/[^a-z0-9-]/g, "").slice(0, 30);
+  const cleaned = raw.replace(/[\u0000-\u001f\u007f]/g, "").replace(/\s+/g, " ").trim().slice(0, 64);
   return cleaned.length > 0 ? cleaned : null;
 }
 
-async function isUsernameTaken(username) {
-  if (!username) return false;
-  if (usePrisma) {
-    const existing = await prisma.user.findFirst({ where: { name: username } });
-    return !!existing;
-  }
-  return passkeys.some((entry) => entry.handle === username || entry.agentId === username);
-}
-
 // ---------- Session cleanup ----------
 
 function touchSession(sid) {
@@ -655,22 +643,17 @@ async function handleRegisterOptions(req, res) {
   let body;
   try { body = await readBody(req); } catch { body = {}; }
 
-  // Accept optional username from request body
-  const username = sanitizeUsername(body?.username);
-  if (username && RESERVED_AGENT_HANDLES.has(username)) {
-    json(res, 409, { error: "reserved_handle", error_description: "This handle is reserved." });
-    return;
-  }
-  if (username && await isUsernameTaken(username)) {
-    json(res, 409, { error: "handle_taken", error_description: "This handle is already in use." });
-    return;
-  }
+  // Accept the existing `username` field for wire compatibility, but
+  // treat it only as a display label for the passkey prompt. It is not
+  // a public username, account handle, or relay tenant boundary.
+  // Duplicate display labels are allowed.
+  const displayLabel = sanitizeDisplayLabel(body?.displayName || body?.username);
 
   const userId = randomBytes(16);
   const userIdB64 = userId.toString("base64url");
 
-  const userName = username || ("user-" + userIdB64.slice(0, 8));
-  const displayName = username || "Memory Crystal User";
+  const userName = displayLabel || ("user-" + userIdB64.slice(0, 8));
+  const displayName = displayLabel || "Memory Crystal User";
 
   let options;
   try {
@@ -699,7 +682,7 @@ async function handleRegisterOptions(req, res) {
     challenge: options.challenge,
     type: "registration",
     userId: userIdB64,
-    username: username,
+    displayLabel,
     expires: Date.now() + 120000,
   };
 
@@ -752,8 +735,8 @@ async function handleRegisterVerify(req, res) {
 
   const { credential: cred, credentialDeviceType, credentialBackedUp } = verification.registrationInfo;
 
-  // Internal tenancy is the immutable WebAuthn user id. The chosen
-  // username is display metadata only and never owns a relay namespace.
+  // Internal tenancy is the immutable WebAuthn user id. The user-entered
+  // display label is metadata only and never owns a relay namespace.
   const agentId = accountTenantIdForUserId(stored.userId);
   // credentialLabel matches the userName passed to
   // generateRegistrationOptions in handleRegisterOptions, which is what
@@ -761,7 +744,7 @@ async function handleRegisterVerify(req, res) {
   // welcome view should display this, not agentId. Auth semantics are
   // unchanged; only the user-facing label is aligned with the saved
   // credential.
-  const credentialLabel = stored.username || ("user-" + stored.userId.slice(0, 8));
+  const credentialLabel = stored.displayLabel || ("user-" + stored.userId.slice(0, 8));
   const apiKey = generateApiKey();
 
   const entry = {
@@ -2616,7 +2599,7 @@ const httpServer = createServer(async (req, res) => {
 
 const CODEX_PAIR_EXPIRY_MS = 5 * 60 * 1000;
 const CODEX_PAIR_ALPHABET = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789";
-const codexPairings = {};       // pairing_id -> { code, status, expires, daemon_info, apiKey?, agentId?, handle?, daemon_public_key?, crypto_versions? }
+const codexPairings = {};       // pairing_id -> { code, status, expires, poll_token, poll_token_used?, daemon_info, apiKey?, agentId?, handle?, daemon_public_key?, crypto_versions? }
 const codexPairingByCode = {};  // code -> pairing_id (only while pending)
 const codexDaemons = new Map(); // agentId -> ws
 const codexWebClients = new Map(); // `${agentId}:${threadId}` -> Set<ws>
@@ -2706,16 +2689,30 @@ function generateCodexPairingCode() {
   throw new Error("Could not generate unique codex-relay pairing code");
 }
 
+function generateCodexPairPollToken() {
+  return "ppt_" + randomBytes(32).toString("base64url");
+}
+
+function getBearerToken(req) {
+  const auth = req.headers["authorization"];
+  if (typeof auth !== "string" || !auth.startsWith("Bearer ")) return null;
+  const token = auth.slice(7).trim();
+  return token || null;
+}
+
 async function handleCodexPairInit(req, res) {
   let body = {};
   try { body = (await readBody(req)) || {}; } catch {}
   const code = generateCodexPairingCode();
   const pairingId = randomUUID();
+  const pollToken = generateCodexPairPollToken();
   const expires = Date.now() + CODEX_PAIR_EXPIRY_MS;
   codexPairings[pairingId] = {
     code,
     status: "pending",
     expires,
+    poll_token: pollToken,
+    poll_token_used: false,
     daemon_info: {
       hostname: typeof body.hostname === "string" ? body.hostname.slice(0, 64) : null,
       platform: typeof body.platform === "string" ? body.platform.slice(0, 32) : null,
@@ -2738,6 +2735,7 @@ async function handleCodexPairInit(req, res) {
   json(res, 200, {
     code,
     pairing_id: pairingId,
+    pair_poll_token: pollToken,
     web_url: ISSUER_URL + "/login?next=" + encodeURIComponent("/pair/" + code),
     expires_at: new Date(expires).toISOString(),
   });
@@ -2746,11 +2744,19 @@ async function handleCodexPairInit(req, res) {
 function handleCodexPairStatus(req, res, pairingId) {
   const p = codexPairings[pairingId];
   if (!p) { json(res, 404, { error: "pairing not found" }); return; }
-  if (p.status === "pending" && Date.now() > p.expires) {
+  if (Date.now() > p.expires) {
     p.status = "expired";
     if (codexPairingByCode[p.code] === pairingId) delete codexPairingByCode[p.code];
+    json(res, 401, { error: "pair_poll_token_expired" });
+    return;
+  }
+  const pollToken = getBearerToken(req);
+  if (!pollToken || pollToken !== p.poll_token || p.poll_token_used) {
+    json(res, 401, { error: "invalid_pair_poll_token" });
+    return;
   }
   if (p.status === "completed") {
+    p.poll_token_used = true;
     json(res, 200, { status: "completed", api_key: p.apiKey, handle: p.handle || p.agentId });
   } else {
     json(res, 200, { status: p.status });
@@ -2784,8 +2790,8 @@ async function handleCodexPairComplete(req, res) {
   p.agentId = identity.agentId;
   p.handle = identity.handle;
   // Phase 2.5: register the daemon's E2EE public key against the
-  // authenticated handle. Replaces any previous key for this handle
-  // (rotate-key implicitly happens here on a re-pair).
+  // authenticated immutable tenant id. The display handle is returned
+  // as metadata only.
   if (p.daemon_public_key) {
     codexDaemonPubkeys.set(identity.agentId, {
       pubkey: p.daemon_public_key,