@zcloak/ai-agent 1.0.17 → 1.0.20

package/dist/vetkey.js

@@ -23,17 +23,31 @@
  *
  * Usage: zcloak-ai vetkey <sub-command> [options]
  */
-import { readFileSync, statSync, writeFileSync } from 'fs';
-import { basename } from 'path';
+import { readFileSync, statSync, writeFileSync, existsSync, mkdirSync, openSync, closeSync } from 'fs';
+import { basename, dirname } from 'path';
 import { createConnection } from 'net';
+import { spawn } from 'child_process';
+import { homedir } from 'os';
+import { join } from 'path';
+import { fileURLToPath } from 'url';
 import { createInterface } from 'readline';
-import { createPublicKey, createVerify } from 'crypto';
+import { createHash } from 'crypto';
 import { Principal } from '@dfinity/principal';
+import { schnorr } from '@noble/curves/secp256k1';
+import { hexToBytes, bytesToHex } from '@noble/hashes/utils';
 import * as cryptoOps from './crypto.js';
 import { KeyStore } from './key-store.js';
 import { runDaemonUds, runDaemonStdio } from './serve.js';
-import { findRunningDaemon } from './daemon.js';
+import { findRunningDaemon, isDaemonAlive, socketPath } from './daemon.js';
 import { canisterCallError } from './error.js';
+/**
+ * Absolute path to cli.js (the CLI entry script).
+ * Used by spawnDaemonBackground() to spawn daemon child processes via
+ * `process.execPath` (the current Node binary) + this script path, so that
+ * daemon spawning works regardless of how the CLI was invoked (global install,
+ * npx, node dist/cli.js, etc.).
+ */
+const CLI_ENTRY_SCRIPT = join(dirname(fileURLToPath(import.meta.url)), 'cli.js');
 // ============================================================================
 // Module Entry Point
 // ============================================================================
@@ -113,7 +127,7 @@ function showHelp() {
     console.log('  grants-in       List grants you received (as grantee)');
     console.log('');
     console.log('Encrypted Messaging:');
-    console.log('  send-msg        Encrypt a message for a recipient (IBE)');
+    console.log('  send-msg        Encrypt + auto-deliver via zMail (IBE)');
     console.log('  recv-msg        Decrypt a received message via Mail daemon');
     console.log('');
     console.log('Options:');
@@ -133,6 +147,8 @@ function showHelp() {
     console.log('  --grant-id=<id>         Grant ID (for revoke)');
     console.log('  --to=<AI-ID|principal>  Recipient AI-ID or principal (for send-msg)');
     console.log('  --data=<json>           Encrypted message JSON envelope (for recv-msg)');
+    console.log('  --no-zmail              Skip auto-POST to zMail (send-msg only)');
+    console.log('  --zmail-url=<url>       Override zMail server URL');
 }
 // ============================================================================
 // Command Implementations
@@ -475,6 +491,134 @@ async function cmdStatus(session) {
     }
 }
 // ============================================================================
+// Daemon Auto-Start
+// ============================================================================
+/** Maximum time to wait for the daemon to become ready (ms) */
+const DAEMON_READY_TIMEOUT_MS = 30000;
+/** Polling interval when waiting for daemon socket to appear (ms) */
+const DAEMON_POLL_INTERVAL_MS = 500;
+/** Key names for the two standard daemons that should always be kept alive */
+const STANDARD_DAEMON_KEY_NAMES = ['default', 'Mail'];
+/**
+ * Spawn a daemon process in the background for the given key name.
+ *
+ * The child process is fully detached (survives parent exit) with stderr
+ * redirected to a log file under ~/.vetkey-tool/.
+ *
+ * @param pemPath - Path to the identity PEM file
+ * @param keyName - Daemon key name (e.g. "default", "Mail")
+ * @returns The child process PID (or undefined if spawn failed)
+ */
+function spawnDaemonBackground(pemPath, keyName) {
+    const logDir = join(homedir(), '.vetkey-tool');
+    const logPath = join(logDir, `${keyName.toLowerCase()}-daemon.log`);
+    try {
+        mkdirSync(logDir, { recursive: true });
+    }
+    catch {
+        // Best effort — directory may already exist
+    }
+    let logFd;
+    try {
+        logFd = openSync(logPath, 'a');
+    }
+    catch {
+        return undefined;
+    }
+    try {
+        // Use process.execPath (current Node binary) + CLI_ENTRY_SCRIPT (absolute
+        // path to cli.js) instead of 'zcloak-ai'. This ensures daemon spawning
+        // works regardless of how the CLI was invoked (global install, npx, or
+        // direct `node dist/cli.js`), avoiding ENOENT when 'zcloak-ai' is not on PATH.
+        const child = spawn(process.execPath, [
+            CLI_ENTRY_SCRIPT,
+            'vetkey', 'serve', `--key-name=${keyName}`, `--identity=${pemPath}`,
+        ], {
+            detached: true,
+            stdio: ['ignore', 'ignore', logFd],
+        });
+        // Must listen for 'error' to prevent unhandled exceptions from crashing
+        // the parent process.
+        child.on('error', () => { });
+        child.unref();
+        closeSync(logFd);
+        return child.pid;
+    }
+    catch {
+        closeSync(logFd);
+        return undefined;
+    }
+}
+/**
+ * Ensure a daemon with the given key name is running for the session's principal.
+ *
+ * If the daemon is already alive, returns the socket path immediately.
+ * Otherwise spawns a background `zcloak-ai vetkey serve` process and
+ * polls until the socket file appears or the timeout is reached.
+ *
+ * @param session  - CLI session (provides identity / PEM path)
+ * @param keyName  - Daemon key name (e.g. "default", "Mail")
+ * @returns Socket path of the running daemon
+ * @throws Error if the daemon fails to start within the timeout
+ */
+async function ensureDaemon(session, keyName) {
+    const principal = session.getPrincipal();
+    const derivationId = `${principal}:${keyName}`;
+    // Already running? Return immediately.
+    if (isDaemonAlive(derivationId)) {
+        return socketPath(derivationId);
+    }
+    console.error(`[zcloak-ai] ${keyName} daemon is not running. Starting it automatically...`);
+    const pid = spawnDaemonBackground(session.getPemPath(), keyName);
+    console.error(`[zcloak-ai] ${keyName} daemon spawned (PID: ${pid ?? 'unknown'}). Waiting for ready...`);
+    // Poll for the socket file to appear (daemon writes PID + creates socket on ready)
+    const sock = socketPath(derivationId);
+    const logPath = join(homedir(), '.vetkey-tool', `${keyName.toLowerCase()}-daemon.log`);
+    const deadline = Date.now() + DAEMON_READY_TIMEOUT_MS;
+    while (Date.now() < deadline) {
+        await new Promise((resolve) => setTimeout(resolve, DAEMON_POLL_INTERVAL_MS));
+        if (isDaemonAlive(derivationId) && existsSync(sock)) {
+            console.error(`[zcloak-ai] ${keyName} daemon is ready. Socket: ${sock}`);
+            return sock;
+        }
+    }
+    throw new Error(`${keyName} daemon failed to start within ${DAEMON_READY_TIMEOUT_MS / 1000}s. ` +
+        `Check the log at ${logPath} for details.`);
+}
+/**
+ * Background daemon health check — fire-and-forget.
+ *
+ * Called by cli.ts after Session creation to keep both standard daemons
+ * ("default" and "Mail") alive. If a daemon is dead, spawns it in the
+ * background WITHOUT waiting for it to be ready (non-blocking).
+ *
+ * Prerequisites:
+ *   - The PEM file must exist (user has already created an identity)
+ *   - If PEM doesn't exist, silently skips (no identity = no daemon possible)
+ *
+ * All errors are silently swallowed — this is a best-effort health check
+ * and must never block or fail the main command.
+ *
+ * @param pemPath   - Path to the identity PEM file
+ * @param principal - The principal ID derived from the PEM
+ */
+export function ensureDaemonsBackground(pemPath, principal) {
+    for (const keyName of STANDARD_DAEMON_KEY_NAMES) {
+        const derivationId = `${principal}:${keyName}`;
+        try {
+            if (!isDaemonAlive(derivationId)) {
+                const pid = spawnDaemonBackground(pemPath, keyName);
+                if (pid) {
+                    console.error(`[zcloak-ai] ${keyName} daemon was not running — auto-started (PID: ${pid})`);
+                }
+            }
+        }
+        catch {
+            // Silently ignore — daemon health check must never block the main command
+        }
+    }
+}
+// ============================================================================
 // Helper Functions
 // ============================================================================
 /**
@@ -805,18 +949,109 @@ function printGrants(grants, direction) {
 // ============================================================================
 /** Maximum plaintext payload for encrypted messages (64 KB) */
 const MAX_MSG_PAYLOAD = 64 * 1024;
-/** Domain separator used for sender signature over the message envelope */
-const MAIL_SIGNATURE_DOMAIN = 'zcloak-mail-envelope';
+// ── Kind17 Envelope Helpers ──────────────────────────────────────────────────
+/**
+ * NFC-normalize text and convert Windows line endings to Unix.
+ * Matches zMail's canonicalization.
+ */
+function normalizeText(value) {
+    return value.replace(/\r\n?/g, '\n').normalize('NFC');
+}
+/**
+ * Deep-canonicalize a value: sort object keys alphabetically, NFC-normalize strings.
+ * Produces deterministic JSON for ID computation.
+ */
+function canonicalize(value) {
+    if (typeof value === 'string')
+        return normalizeText(value);
+    if (Array.isArray(value))
+        return value.map((item) => canonicalize(item));
+    if (value !== null && typeof value === 'object') {
+        const out = {};
+        for (const [key, nested] of Object.entries(value).sort(([a], [b]) => a < b ? -1 : a > b ? 1 : 0)) {
+            out[normalizeText(key)] = canonicalize(nested);
+        }
+        return out;
+    }
+    return value;
+}
 /**
- * send-msg: Encrypt a message for a recipient using IBE.
+ * Compute the Kind17 envelope ID: SHA-256 of canonical serialization.
+ * Format: [0, ai_id, created_at, 17, tags, content]
+ */
+function computeEnvelopeId(envelope) {
+    const payload = [
+        0,
+        normalizeText(envelope.ai_id),
+        envelope.created_at,
+        17,
+        canonicalize(envelope.tags),
+        canonicalize(envelope.content),
+    ];
+    return createHash('sha256').update(JSON.stringify(payload), 'utf8').digest('hex');
+}
+/**
+ * Extract the raw 32-byte secp256k1 private key from the session identity.
+ * The Secp256k1KeyIdentity.toJSON() returns [publicKeyHex, privateKeyHex].
+ */
+export function extractPrivateKeyHex(session) {
+    const identity = session.getIdentity();
+    const json = identity.toJSON();
+    return json[1];
+}
+/**
+ * DER prefix for an uncompressed secp256k1 SPKI public key (23 bytes).
+ * SPKI layout: prefix(23) || 04(1) || x(32) || y(32) = 88 bytes total.
+ * Hex offset of x-coordinate: 48 (23*2 + 2), length: 64 (32*2).
+ */
+const SPKI_X_OFFSET = 48;
+const SPKI_X_LENGTH = 64;
+/**
+ * Extract the BIP-340 Schnorr public key (x-only, 32 bytes hex) from an SPKI hex string.
+ * The x-coordinate sits at a fixed offset in the uncompressed secp256k1 SPKI DER structure.
+ */
+export function schnorrPubkeyFromSpki(spkiHex) {
+    return spkiHex.slice(SPKI_X_OFFSET, SPKI_X_OFFSET + SPKI_X_LENGTH);
+}
+/**
+ * Build, sign, and return a complete Kind17 envelope.
+ *
+ * The sender's SPKI public key is included as a ["from_pubkey", spkiHex] tag
+ * to enable self-contained sender verification: receivers can derive both the
+ * ICP principal (to bind ai_id) and the Schnorr pubkey (to verify sig) from it.
+ *
+ * @param session  - CLI session (provides identity for Schnorr signing)
+ * @param tags     - Envelope tags (must include at least one ["to", ...])
+ * @param content  - Encrypted content string (base64 IBE ciphertext)
+ * @returns Signed Kind17Envelope ready for JSON serialization
+ */
+function buildSignedEnvelope(session, tags, content) {
+    const senderPrincipal = session.getPrincipal();
+    const createdAt = Math.floor(Date.now() / 1000);
+    // Include the sender's SPKI public key for receiver-side verification.
+    // This enables binding ai_id ↔ pubkey ↔ sig without registry lookups.
+    const senderIdentity = session.getIdentity();
+    const senderSpkiHex = Buffer.from(senderIdentity.getPublicKey().toDer()).toString('hex');
+    const allTags = [...tags, ['from_pubkey', senderSpkiHex]];
+    // Compute the envelope ID from canonical serialization
+    const partial = { kind: 17, ai_id: senderPrincipal, created_at: createdAt, tags: allTags, content };
+    const id = computeEnvelopeId(partial);
+    // BIP-340 Schnorr sign the ID hash
+    const privateKeyHex = extractPrivateKeyHex(session);
+    const sig = bytesToHex(schnorr.sign(id, privateKeyHex));
+    return { id, kind: 17, ai_id: senderPrincipal, created_at: createdAt, tags: allTags, content, sig };
+}
+/**
+ * send-msg: Encrypt a message for a recipient using IBE and output a Kind17 envelope.
  *
  * The recipient's Mail identity is "{recipient_principal}:Mail".
  * The sender fetches the IBE public key from canister, encrypts locally,
- * and outputs a JSON envelope for transport.
+ * builds a Kind17 envelope with BIP-340 Schnorr signature, and outputs JSON.
  *
  * Options:
  *   --to=<AI-ID or principal>   (required) Recipient identifier
- *   --text=<content>            (required) Message to encrypt
+ *   --text=<content>            Text message to encrypt
+ *   --file=<path>               File to encrypt
  *   --json                      Output in JSON format (default: true for send-msg)
  */
 async function cmdSendMsg(session) {
@@ -834,16 +1069,13 @@ async function cmdSendMsg(session) {
     // Resolve recipient: if it looks like an agent name (contains # and .agent),
     // resolve to principal via registry; otherwise treat as raw principal.
     let recipientPrincipal;
-    let recipientDisplay;
     if (to.includes('#') && to.includes('.agent')) {
-        // Resolve AI-ID → principal
         const registryActor = await session.getAnonymousRegistryActor();
         const result = await registryActor.get_user_principal(to);
         if (!result || result.length === 0) {
             throw new Error(`Cannot resolve AI-ID "${to}" — agent not found in registry`);
         }
         recipientPrincipal = result[0].toText();
-        recipientDisplay = to;
     }
     else {
         try {
@@ -852,7 +1084,6 @@ async function cmdSendMsg(session) {
         catch {
             throw new Error(`Invalid recipient principal: "${to}"`);
         }
-        recipientDisplay = to;
     }
     // IBE identity for recipient's mailbox
     const ibeIdentity = `${recipientPrincipal}:Mail`;
@@ -866,36 +1097,52 @@ async function cmdSendMsg(session) {
     catch (e) {
         throw canisterCallError(`get_ibe_public_key failed: ${e instanceof Error ? e.message : String(e)}`, e);
     }
-    // IBE-encrypt the message for the recipient's Mail identity
+    // IBE-encrypt the plaintext for the recipient's Mail identity
     const ciphertext = cryptoOps.ibeEncrypt(dpkBytes, ibeIdentity, plaintext);
-    const senderIdentity = session.getIdentity();
-    const senderPrincipal = senderIdentity.getPrincipal().toText();
-    const senderPublicKeyDer = Buffer.from(senderIdentity.getPublicKey().toDer());
-    const envelope = {
-        from: senderPrincipal,
-        from_pubkey: senderPublicKeyDer.toString('hex'),
-        to: recipientDisplay,
-        payload_type: payloadType,
-        filename,
-        ibe_id: ibeIdentity,
-        ct: Buffer.from(ciphertext).toString('base64'),
-        ts: Date.now(),
-        sig: '',
-    };
-    const signature = await senderIdentity.sign(serializeEnvelopeForSigning(envelope));
-    envelope.sig = Buffer.from(signature).toString('base64');
+    const contentBase64 = Buffer.from(ciphertext).toString('base64');
+    // Build tags: recipient + metadata
+    const tags = [
+        ['to', recipientPrincipal],
+        ['payload_type', payloadType],
+        ['ibe_id', ibeIdentity],
+    ];
+    if (filename) {
+        tags.push(['filename', filename]);
+    }
+    // Build and sign the Kind17 envelope
+    const envelope = buildSignedEnvelope(session, tags, contentBase64);
     // Output the envelope as JSON (always JSON for machine consumption)
     console.log(JSON.stringify(envelope));
+    // Auto-POST to zMail if not explicitly disabled with --no-zmail.
+    // Failure only warns via stderr — the envelope is already output to stdout.
+    if (session.args['no-zmail'] !== true) {
+        try {
+            const zmailUrlFlag = session.args['zmail-url'];
+            const zmailUrlEnv = process.env['ZMAIL_URL'];
+            const zmailUrl = (typeof zmailUrlFlag === 'string' && zmailUrlFlag.length > 0)
+                ? zmailUrlFlag.replace(/\/+$/, '')
+                : (zmailUrlEnv && zmailUrlEnv.length > 0)
+                    ? zmailUrlEnv.replace(/\/+$/, '')
+                    : (await import('./config.js')).default.zmail_url;
+            const { postEnvelopeToZmail } = await import('./zmail.js');
+            const result = await postEnvelopeToZmail(zmailUrl, envelope);
+            console.error(`zMail: delivered (msg_id=${result.msg_id}, to=${result.delivered_to})`);
+        }
+        catch (err) {
+            console.error(`zMail: delivery failed — ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
 }
 /**
- * recv-msg: Decrypt a received encrypted message via the Mail daemon.
+ * recv-msg: Decrypt a received Kind17 encrypted message via the Mail daemon.
  *
  * The recipient must have a running daemon with key-name="Mail".
  * The daemon holds the VetKey for "{recipient_principal}:Mail" and
  * performs IBE decryption via the "ibe-decrypt" RPC method.
  *
  * Options:
- *   --data=<json>     (required) Encrypted message JSON envelope
+ *   --data=<json>     (required) Kind17 envelope JSON
+ *   --output=<path>   Write decrypted file payload to this path
  *   --json            Output in JSON format
  */
 async function cmdRecvMsg(session) {
@@ -912,22 +1159,30 @@ async function cmdRecvMsg(session) {
     if (!dataStr) {
         throw new Error('--data=<json_envelope> is required');
     }
-    // Connect to the Mail daemon to perform IBE decryption
-    const envelope = parseEncryptedMessageEnvelope(dataStr);
+    // Parse and validate the Kind17 envelope
+    const envelope = parseKind17Envelope(dataStr);
     const principal = session.getPrincipal();
     const derivationId = `${principal}:Mail`;
-    if (envelope.ibe_id !== derivationId) {
-        throw new Error(`Envelope is addressed to "${envelope.ibe_id}", but current recipient is "${derivationId}"`);
-    }
-    verifyEnvelopeSignature(envelope);
-    const sockPath = findRunningDaemon(derivationId);
-    // Send ibe-decrypt RPC to daemon
+    // Extract metadata from tags
+    const ibeId = getTagValue(envelope.tags, 'ibe_id') ?? derivationId;
+    const payloadType = (getTagValue(envelope.tags, 'payload_type') ?? 'text');
+    const filename = getTagValue(envelope.tags, 'filename');
+    // Verify this envelope is addressed to us
+    const recipients = envelope.tags.filter(t => t[0] === 'to').map(t => t[1]);
+    if (!recipients.includes(principal)) {
+        throw new Error(`Envelope is not addressed to "${principal}" — recipients: ${recipients.join(', ')}`);
+    }
+    // Verify envelope integrity and sender authentication.
+    // Returns true only if full Schnorr signature + principal binding was verified.
+    const verifiedSender = verifyKind17Signature(envelope);
+    // Ensure Mail daemon is running (auto-start if needed, wait for ready), then decrypt
+    const sockPath = await ensureDaemon(session, 'Mail');
     const response = await sendRpcToSocket(sockPath, {
         id: 1,
         method: 'ibe-decrypt',
         params: {
-            ibe_identity: envelope.ibe_id,
-            ciphertext_base64: envelope.ct,
+            ibe_identity: ibeId,
+            ciphertext_base64: envelope.content,
         },
     });
     if (response.error) {
@@ -941,64 +1196,57 @@ async function cmdRecvMsg(session) {
     if (plaintextBytes.length !== result.plaintext_size) {
         throw new Error(`Daemon returned mismatched plaintext size: expected ${result.plaintext_size}, got ${plaintextBytes.length}`);
     }
-    const shouldWriteFile = envelope.payload_type === 'file' || !!output;
+    // Determine output target
+    const shouldWriteFile = payloadType === 'file' || !!output;
     const resolvedOutput = shouldWriteFile
-        ? (output ?? defaultReceivedPath(envelope))
+        ? (output ?? defaultReceivedPath(payloadType, filename, envelope.created_at))
         : undefined;
     if (resolvedOutput) {
         writeFileSync(resolvedOutput, plaintextBytes);
     }
+    // Format output
     if (jsonOutput) {
         const base = {
-            from: envelope.from,
-            to: envelope.to,
-            payload_type: envelope.payload_type,
-            filename: envelope.filename,
-            ibe_identity: envelope.ibe_id,
-            verified_sender: true,
+            from: envelope.ai_id,
+            to: recipients,
+            payload_type: payloadType,
+            filename,
+            verified_sender: verifiedSender,
             plaintext_size: result.plaintext_size,
-            timestamp: envelope.ts,
+            timestamp: envelope.created_at,
         };
         if (resolvedOutput) {
-            console.log(JSON.stringify({
-                ...base,
-                output_file: resolvedOutput,
-            }));
+            console.log(JSON.stringify({ ...base, output_file: resolvedOutput }));
         }
         else {
-            console.log(JSON.stringify({
-                ...base,
-                plaintext: plaintextBytes.toString('utf-8'),
-            }));
+            console.log(JSON.stringify({ ...base, plaintext: plaintextBytes.toString('utf-8') }));
         }
     }
     else if (resolvedOutput) {
         console.log('Decrypted message:');
-        console.log(`  From:         ${envelope.from}`);
-        console.log(`  To:           ${envelope.to}`);
-        console.log(`  Identity:     ${envelope.ibe_id}`);
-        console.log(`  Verified:     yes`);
-        console.log(`  Payload Type: ${envelope.payload_type}`);
-        if (envelope.filename) {
-            console.log(`  File Name:    ${envelope.filename}`);
-        }
-        console.log(`  Time:         ${new Date(envelope.ts).toISOString()}`);
+        console.log(`  From:         ${envelope.ai_id}`);
+        console.log(`  To:           ${recipients.join(', ')}`);
+        console.log(`  Verified:     ${verifiedSender ? 'yes' : 'id-only'}`);
+        console.log(`  Payload Type: ${payloadType}`);
+        if (filename)
+            console.log(`  File Name:    ${filename}`);
+        console.log(`  Time:         ${new Date(envelope.created_at * 1000).toISOString()}`);
         console.log(`  Size:         ${result.plaintext_size} bytes`);
         console.log(`  Output File:  ${resolvedOutput}`);
     }
     else {
         console.log('Decrypted message:');
-        console.log(`  From:         ${envelope.from}`);
-        console.log(`  To:           ${envelope.to}`);
-        console.log(`  Identity:     ${envelope.ibe_id}`);
-        console.log(`  Verified:     yes`);
-        console.log(`  Payload Type: ${envelope.payload_type}`);
-        console.log(`  Time:         ${new Date(envelope.ts).toISOString()}`);
+        console.log(`  From:         ${envelope.ai_id}`);
+        console.log(`  To:           ${recipients.join(', ')}`);
+        console.log(`  Verified:     ${verifiedSender ? 'yes' : 'id-only'}`);
+        console.log(`  Payload Type: ${payloadType}`);
+        console.log(`  Time:         ${new Date(envelope.created_at * 1000).toISOString()}`);
         console.log(`  Size:         ${result.plaintext_size} bytes`);
         console.log('  Content:');
         console.log(plaintextBytes.toString('utf-8'));
     }
 }
+// ── Message Input Parsing ────────────────────────────────────────────────────
 function readMessageInput(text, file) {
     if (text && file)
         throw new Error('Cannot specify both --text and --file');
@@ -1011,10 +1259,7 @@ function readMessageInput(text, file) {
         if (plaintext.length > MAX_MSG_PAYLOAD) {
             throw new Error(`Message too large: ${plaintext.length} bytes (max ${MAX_MSG_PAYLOAD} bytes)`);
         }
-        return {
-            plaintext,
-            payloadType: 'text',
-        };
+        return { plaintext, payloadType: 'text' };
     }
     if (typeof file === 'string') {
         const stat = statSync(file);
@@ -1032,98 +1277,117 @@ function readMessageInput(text, file) {
     }
     throw new Error('Either --text or --file must be provided');
 }
-function parseEncryptedMessageEnvelope(dataStr) {
+// ── Kind17 Envelope Parsing & Verification ───────────────────────────────────
+/**
+ * Parse a JSON string into a Kind17Envelope, validating all required fields.
+ */
+function parseKind17Envelope(dataStr) {
     let raw;
     try {
         raw = JSON.parse(dataStr);
     }
     catch {
-        throw new Error('Invalid message envelope (expected JSON)');
+        throw new Error('Invalid Kind17 envelope (expected JSON)');
     }
     if (!raw || typeof raw !== 'object' || Array.isArray(raw)) {
-        throw new Error('Invalid message envelope: expected an object');
-    }
-    const envelope = raw;
-    if (typeof envelope.from !== 'string' || envelope.from.length === 0) {
-        throw new Error('Invalid envelope: from must be a non-empty string');
+        throw new Error('Invalid Kind17 envelope: expected an object');
     }
-    if (typeof envelope.from_pubkey !== 'string' || envelope.from_pubkey.length === 0) {
-        throw new Error('Invalid envelope: from_pubkey must be a non-empty string');
+    const e = raw;
+    if (typeof e.id !== 'string' || e.id.length === 0) {
+        throw new Error('Invalid envelope: id must be a non-empty string');
     }
-    if (typeof envelope.to !== 'string' || envelope.to.length === 0) {
-        throw new Error('Invalid envelope: to must be a non-empty string');
+    if (e.kind !== 17) {
+        throw new Error('Invalid envelope: kind must be 17');
     }
-    if (envelope.payload_type !== 'text' && envelope.payload_type !== 'file') {
-        throw new Error('Invalid envelope: payload_type must be "text" or "file"');
+    if (typeof e.ai_id !== 'string' || e.ai_id.length === 0) {
+        throw new Error('Invalid envelope: ai_id must be a non-empty string');
     }
-    if (typeof envelope.ibe_id !== 'string' || envelope.ibe_id.length === 0) {
-        throw new Error('Invalid envelope: ibe_id must be a non-empty string');
+    if (typeof e.created_at !== 'number' || !Number.isInteger(e.created_at) || e.created_at <= 0) {
+        throw new Error('Invalid envelope: created_at must be a positive integer (unix seconds)');
     }
-    if (typeof envelope.ct !== 'string' || envelope.ct.length === 0) {
-        throw new Error('Invalid envelope: ct must be a non-empty string');
+    if (!Array.isArray(e.tags)) {
+        throw new Error('Invalid envelope: tags must be an array');
     }
-    if (typeof envelope.ts !== 'number' || !Number.isFinite(envelope.ts) || envelope.ts <= 0) {
-        throw new Error('Invalid envelope: ts must be a positive number');
+    if (typeof e.content !== 'string' || e.content.length === 0) {
+        throw new Error('Invalid envelope: content must be a non-empty string');
     }
-    if (typeof envelope.sig !== 'string' || envelope.sig.length === 0) {
+    if (typeof e.sig !== 'string' || e.sig.length === 0) {
         throw new Error('Invalid envelope: sig must be a non-empty string');
     }
-    if (envelope.payload_type === 'file') {
-        if (typeof envelope.filename !== 'string' || envelope.filename.length === 0) {
-            throw new Error('Invalid envelope: filename is required for file payloads');
-        }
-    }
-    else if (envelope.filename !== undefined) {
-        throw new Error('Invalid envelope: filename is only allowed for file payloads');
+    // Validate that there is at least one ["to", ...] tag
+    const hasRecipient = e.tags.some((tag) => Array.isArray(tag) && tag[0] === 'to' && typeof tag[1] === 'string' && tag[1].length > 0);
+    if (!hasRecipient) {
+        throw new Error('Invalid envelope: must have at least one ["to", principal] tag');
     }
     return {
-        from: envelope.from,
-        from_pubkey: envelope.from_pubkey,
-        to: envelope.to,
-        payload_type: envelope.payload_type,
-        filename: envelope.filename,
-        ibe_id: envelope.ibe_id,
-        ct: envelope.ct,
-        ts: envelope.ts,
-        sig: envelope.sig,
+        id: e.id,
+        kind: 17,
+        ai_id: e.ai_id,
+        created_at: e.created_at,
+        tags: e.tags,
+        content: e.content,
+        sig: e.sig,
     };
 }
-function serializeEnvelopeForSigning(envelope) {
-    const payload = JSON.stringify({
-        from: envelope.from,
-        from_pubkey: envelope.from_pubkey,
-        to: envelope.to,
-        payload_type: envelope.payload_type,
-        filename: envelope.filename,
-        ibe_id: envelope.ibe_id,
-        ct: envelope.ct,
-        ts: envelope.ts,
+/**
+ * Verify the Schnorr signature on a Kind17 envelope.
+ *
+ * Three-step verification:
+ *   1. Re-compute envelope ID from canonical serialization → must match `id`
+ *   2. Derive ICP principal from SPKI in ["from_pubkey"] tag → must match `ai_id`
+ *   3. Derive Schnorr pubkey from the same SPKI → verify BIP-340 signature over `id`
+ *
+ * If the envelope lacks a ["from_pubkey"] tag, only step 1 (ID integrity) is performed
+ * and the function returns false to indicate that the sender is NOT authenticated.
+ *
+ * @returns true if full sender authentication succeeded, false if only ID integrity was checked
+ */
+function verifyKind17Signature(envelope) {
+    // Step 1: verify the ID matches the canonical serialization
+    const computedId = computeEnvelopeId({
+        kind: 17,
+        ai_id: envelope.ai_id,
+        created_at: envelope.created_at,
+        tags: envelope.tags,
+        content: envelope.content,
     });
-    return new TextEncoder().encode(`${MAIL_SIGNATURE_DOMAIN}\n${payload}`);
+    if (computedId !== envelope.id) {
+        throw new Error(`Envelope ID mismatch: computed "${computedId}" but envelope has "${envelope.id}"`);
+    }
+    // Step 2 + 3: verify sender identity binding and Schnorr signature
+    const senderSpki = getTagValue(envelope.tags, 'from_pubkey');
+    if (!senderSpki) {
+        // No public key available — ID integrity is verified but sender is not authenticated.
+        return false;
+    }
+    // Derive ICP principal from SPKI and verify it matches the claimed ai_id.
+    // This prevents an attacker from signing with their own key while claiming someone else's ai_id.
+    const derivedPrincipal = Principal.selfAuthenticating(Buffer.from(senderSpki, 'hex')).toText();
+    if (derivedPrincipal !== envelope.ai_id) {
+        throw new Error(`Sender identity mismatch: from_pubkey derives principal "${derivedPrincipal}" but ai_id is "${envelope.ai_id}"`);
+    }
+    // Derive Schnorr pubkey (x-coordinate) from the same SPKI and verify the signature
+    const schnorrPubkeyHex = schnorrPubkeyFromSpki(senderSpki);
+    const valid = schnorr.verify(hexToBytes(envelope.sig), hexToBytes(envelope.id), hexToBytes(schnorrPubkeyHex));
+    if (!valid) {
+        throw new Error('Envelope Schnorr signature verification failed');
+    }
+    return true;
 }
-function verifyEnvelopeSignature(envelope) {
-    const publicKeyDer = decodeHexStrict(envelope.from_pubkey, 'from_pubkey');
-    const expectedPrincipal = Principal.selfAuthenticating(new Uint8Array(publicKeyDer)).toText();
-    if (expectedPrincipal !== envelope.from) {
-        throw new Error(`Envelope sender mismatch: from="${envelope.from}" does not match from_pubkey principal "${expectedPrincipal}"`);
-    }
-    const signature = decodeBase64Strict(envelope.sig, 'sig');
-    const verify = createVerify('sha256');
-    verify.update(serializeEnvelopeForSigning(envelope));
-    verify.end();
-    const publicKey = createPublicKey({
-        key: publicKeyDer,
-        format: 'der',
-        type: 'spki',
-    });
-    if (!verify.verify(publicKey, compactSignatureToDer(signature))) {
-        throw new Error('Envelope signature verification failed');
-    }
+/**
+ * Get the first value for a given tag key from the tags array.
+ */
+function getTagValue(tags, key) {
+    const tag = tags.find((t) => t[0] === key);
+    return tag ? tag[1] : undefined;
 }
-function defaultReceivedPath(envelope) {
-    const safeName = envelope.payload_type === 'file'
-        ? sanitizeFilename(envelope.filename) ?? 'message.bin'
-        : `message-${envelope.ts}.txt`;
+/**
+ * Generate a default output path for received file/text payloads.
+ */
+function defaultReceivedPath(payloadType, filename, createdAt) {
+    const safeName = payloadType === 'file'
+        ? (sanitizeFilename(filename) ?? 'message.bin')
+        : `message-${createdAt}.txt`;
     return `received_${Date.now()}_${safeName}`;
 }
 function sanitizeFilename(filePath) {
@@ -1135,29 +1399,6 @@ function sanitizeFilename(filePath) {
     }
     return name;
 }
-function compactSignatureToDer(signature) {
-    if (signature.length !== 64) {
-        throw new Error(`Invalid signature length: expected 64 bytes, got ${signature.length}`);
-    }
-    const encodeInteger = (part) => {
-        let start = 0;
-        while (start < part.length - 1 && part[start] === 0) {
-            start += 1;
-        }
-        let value = Buffer.from(part.subarray(start));
-        if ((value[0] ?? 0) & 0x80) {
-            value = Buffer.concat([Buffer.from([0x00]), value]);
-        }
-        return Buffer.concat([Buffer.from([0x02, value.length]), value]);
-    };
-    const r = encodeInteger(signature.subarray(0, 32));
-    const s = encodeInteger(signature.subarray(32, 64));
-    const seqLen = r.length + s.length;
-    if (seqLen > 0x7f) {
-        throw new Error('DER signature too long');
-    }
-    return Buffer.concat([Buffer.from([0x30, seqLen]), r, s]);
-}
 function decodeBase64Strict(value, fieldName) {
     if (value.length === 0) {
         return Buffer.alloc(0);
@@ -1167,10 +1408,4 @@ function decodeBase64Strict(value, fieldName) {
     }
     return Buffer.from(value, 'base64');
 }
-function decodeHexStrict(value, fieldName) {
-    if (!/^[0-9a-fA-F]+$/.test(value) || value.length % 2 !== 0) {
-        throw new Error(`Invalid ${fieldName}: expected hex`);
-    }
-    return Buffer.from(value, 'hex');
-}
 //# sourceMappingURL=vetkey.js.map