agent-passport-system 2.2.0 → 2.4.0-alpha

package/dist/src/v2/instruction-provenance/index.js

@@ -0,0 +1,11 @@
+// Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
+// ══════════════════════════════════════════════════════════════════
+// InstructionProvenanceReceipt — public barrel
+// ══════════════════════════════════════════════════════════════════
+// Spec: ~/aeoess_web/specs/INSTRUCTION-PROVENANCE-RECEIPT-DRAFT-v0.2.md
+// Tier scope this version: 'self-asserted' only.
+// ══════════════════════════════════════════════════════════════════
+export { createInstructionProvenanceReceipt, IPRConstructionError, signEd25519 } from './envelope.js';
+export { verifyInstructionProvenanceReceipt, verifyActionTimeContextRoot, matchesAnyPattern } from './verify.js';
+export { IPRPathError, canonicalizePath, canonicalizeEnvelope, computeContextRoot, sortInstructionFiles, sha256Hex, } from './canonicalize.js';
+//# sourceMappingURL=index.js.map

package/dist/src/v2/instruction-provenance/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/v2/instruction-provenance/index.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,qEAAqE;AACrE,+CAA+C;AAC/C,qEAAqE;AACrE,wEAAwE;AACxE,iDAAiD;AACjD,qEAAqE;AAErE,OAAO,EAAE,kCAAkC,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,eAAe,CAAA;AACrG,OAAO,EAAE,kCAAkC,EAAE,2BAA2B,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAA;AAChH,OAAO,EACL,YAAY,EACZ,gBAAgB,EAChB,oBAAoB,EACpB,kBAAkB,EAClB,oBAAoB,EACpB,SAAS,GACV,MAAM,mBAAmB,CAAA"}

package/dist/src/v2/instruction-provenance/types.d.ts

@@ -0,0 +1,133 @@
+/** v0.2 envelopes ship 'self-asserted'. v0.3 unlocks 'witnessed' and 'verified'. */
+export type AttestationTier = 'self-asserted' | 'witnessed' | 'verified';
+export type FilesystemMode = 'case-sensitive' | 'case-insensitive';
+export type InstructionRole = 'system_prompt' | 'agent_md' | 'user_md' | 'memory' | 'rules' | 'other';
+export interface InstructionFile {
+    /** Canonicalized relative POSIX path, per spec §5.1. Symlinks are separate
+     *  entries with `is_symlink: true`; the link target appears as a distinct
+     *  file. */
+    path: string;
+    /** Hex sha256 of file contents. Lowercase, 64 chars. */
+    digest: string;
+    /** Byte length of the file at issuance time. */
+    bytes: number;
+    /** Role classification. `'other'` for files matched by patterns but not
+     *  fitting a named role. */
+    role: InstructionRole;
+    /** True iff this entry represents a symlink, not a regular file. The
+     *  symlink's target file appears as its own entry. */
+    is_symlink?: boolean;
+    /** Target path of the symlink (only present when is_symlink=true). */
+    symlink_target?: string;
+}
+export interface InstructionProvenanceReceiptBoundTo {
+    type: 'session' | 'action' | 'window';
+    /** Reference to the bound entity. Format depends on `type`:
+     *  - session: session_id
+     *  - action: action_ref hex sha256 (Module 37 / A2A#1672)
+     *  - window: ISO 8601 timestamp interval `<start>/<end>` */
+    ref: string;
+}
+export interface InstructionProvenanceReceipt {
+    /** sha256 of the canonical-JCS serialization of this object minus
+     *  `signature` and `receipt_id`. */
+    receipt_id: string;
+    /** Existing APS field. Links IPR to its delegation root.
+     *  Format: hex sha256 of canonical delegation chain. */
+    delegation_chain_root: string;
+    /** Acting agent DID. */
+    agent_did: string;
+    /** Glob patterns the agent claims to have walked, in arbitrary order.
+     *  Must be non-empty. POSIX globs relative to `working_root`. */
+    discovery_patterns: string[];
+    /** Working root for path resolution. Absolute POSIX path. The agent's
+     *  `instruction_files[].path` values are relative to this root. */
+    working_root: string;
+    /** Filesystem case mode for the working_root. Affects path comparison. */
+    filesystem_mode: FilesystemMode;
+    /** Files matched by `discovery_patterns`. Exhaustiveness contract: this
+     *  array MUST contain every regular file matched by any pattern in
+     *  `discovery_patterns`, in canonical sorted order by `path`. */
+    instruction_files: InstructionFile[];
+    /** sha256 of the canonical-JCS serialization of `instruction_files` only.
+     *  The hash that changes when any file content or path changes. */
+    context_root: string;
+    /** Attestation tier per ENFORCEMENT-TRUST-ANCHOR Component 4. v0.2
+     *  envelopes MUST carry `'self-asserted'`. */
+    attestation_tier: AttestationTier;
+    /** When true, action receipts emitted under this IPR MUST re-hash the
+     *  files matching `discovery_patterns` immediately before action
+     *  execution and inline the fresh `context_root` into the action receipt.
+     *  Default false. Mandatory true at tier >= 2 in v2.4. */
+    recompute_at_action: boolean;
+    /** Issuance timestamp, ISO 8601 with millisecond precision and Z suffix. */
+    issued_at: string;
+    /** Optional expiry. Verifiers SHOULD treat absent as session-bound. */
+    expires_at?: string;
+    /** Binding scope. */
+    bound_to: InstructionProvenanceReceiptBoundTo;
+    /** Ed25519 signing key fingerprint: `ed25519:<first-16-hex-of-public-key>`. */
+    signing_key_id: string;
+    /** Ed25519 over the JCS canonicalization of this object minus
+     *  `signature` and `receipt_id`. Hex, 128 chars. */
+    signature: string;
+}
+/** Result of `canonicalizePath`. Either a canonical relative POSIX string or
+ *  a typed error explaining the rejection (callers throw `IPRPathError`). */
+export interface CanonicalizationResult {
+    canonical: string;
+}
+/** Verification outcome from `verifyInstructionProvenanceReceipt`. */
+export interface VerificationResult {
+    valid: boolean;
+    errors: string[];
+    /** Surfaced for callers that want to gate on tier even when valid=true. */
+    tier?: AttestationTier;
+    /** Surfaced for caller convenience; equals envelope.context_root when
+     *  recomputation matched, otherwise the recomputed value. */
+    contextRoot?: string;
+}
+/** Inputs for createInstructionProvenanceReceipt. */
+export interface CreateIPRInput {
+    delegation_chain_root: string;
+    agent_did: string;
+    discovery_patterns: string[];
+    working_root: string;
+    filesystem_mode: FilesystemMode;
+    instruction_files: InstructionFile[];
+    recompute_at_action?: boolean;
+    issued_at?: string;
+    expires_at?: string;
+    bound_to: InstructionProvenanceReceiptBoundTo;
+    /** Ed25519 private key (hex seed, 64 chars). */
+    privateKeyHex: string;
+    /** Ed25519 public key (hex, 64 chars) used to derive `signing_key_id`. */
+    publicKeyHex: string;
+    /** Tier override is not allowed in v0.2; envelope is always 'self-asserted'.
+     *  Future-flagged here so v0.3 can wire 'witnessed' / 'verified'. */
+    attestation_tier?: 'self-asserted';
+}
+/** Verification options. */
+export interface VerifyIPRInput {
+    envelope: InstructionProvenanceReceipt;
+    /** Ed25519 public key (hex, 64 chars) used to verify `signature`. */
+    publicKeyHex: string;
+    /** When provided, performs §6.3 step 10/11 exhaustiveness check by
+     *  re-walking the working root with `discovery_patterns`. When omitted,
+     *  the verifier skips filesystem checks (signature + schema only). */
+    filesystemCheck?: boolean;
+    /** Verifier clock for §6.4 step 12/13 (default: Date.now()). */
+    now?: Date;
+    /** Allowable clock skew in milliseconds for `issued_at` future check
+     *  (default: 5 minutes). */
+    clockSkewMs?: number;
+}
+/** Action-receipt context-root verification input. */
+export interface ActionTimeContextRootInput {
+    /** The IPR the action receipt is bound to. */
+    envelope: InstructionProvenanceReceipt;
+    /** Action-receipt-side fresh `context_root` computed immediately before
+     *  action execution. Hex sha256, 64 chars. */
+    context_root_at_action_time: string;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/v2/instruction-provenance/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../src/v2/instruction-provenance/types.ts"],"names":[],"mappings":"AAUA,oFAAoF;AACpF,MAAM,MAAM,eAAe,GAAG,eAAe,GAAG,WAAW,GAAG,UAAU,CAAA;AAExE,MAAM,MAAM,cAAc,GAAG,gBAAgB,GAAG,kBAAkB,CAAA;AAElE,MAAM,MAAM,eAAe,GACvB,eAAe,GACf,UAAU,GACV,SAAS,GACT,QAAQ,GACR,OAAO,GACP,OAAO,CAAA;AAEX,MAAM,WAAW,eAAe;IAC9B;;gBAEY;IACZ,IAAI,EAAE,MAAM,CAAA;IACZ,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAA;IACd,gDAAgD;IAChD,KAAK,EAAE,MAAM,CAAA;IACb;gCAC4B;IAC5B,IAAI,EAAE,eAAe,CAAA;IACrB;0DACsD;IACtD,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,sEAAsE;IACtE,cAAc,CAAC,EAAE,MAAM,CAAA;CACxB;AAED,MAAM,WAAW,mCAAmC;IAClD,IAAI,EAAE,SAAS,GAAG,QAAQ,GAAG,QAAQ,CAAA;IACrC;;;gEAG4D;IAC5D,GAAG,EAAE,MAAM,CAAA;CACZ;AAED,MAAM,WAAW,4BAA4B;IAC3C;wCACoC;IACpC,UAAU,EAAE,MAAM,CAAA;IAElB;4DACwD;IACxD,qBAAqB,EAAE,MAAM,CAAA;IAE7B,wBAAwB;IACxB,SAAS,EAAE,MAAM,CAAA;IAEjB;qEACiE;IACjE,kBAAkB,EAAE,MAAM,EAAE,CAAA;IAE5B;uEACmE;IACnE,YAAY,EAAE,MAAM,CAAA;IAEpB,0EAA0E;IAC1E,eAAe,EAAE,cAAc,CAAA;IAE/B;;qEAEiE;IACjE,iBAAiB,EAAE,eAAe,EAAE,CAAA;IAEpC;uEACmE;IACnE,YAAY,EAAE,MAAM,CAAA;IAEpB;kDAC8C;IAC9C,gBAAgB,EAAE,eAAe,CAAA;IAEjC;;;8DAG0D;IAC1D,mBAAmB,EAAE,OAAO,CAAA;IAE5B,4EAA4E;IAC5E,SAAS,EAAE,MAAM,CAAA;IAEjB,uEAAuE;IACvE,UAAU,CAAC,EAAE,MAAM,CAAA;IAEnB,qBAAqB;IACrB,QAAQ,EAAE,mCAAmC,CAAA;IAE7C,+EAA+E;IAC/E,cAAc,EAAE,MAAM,CAAA;IAEtB;wDACoD;IACpD,SAAS,EAAE,MAAM,CAAA;CAClB;AAED;6EAC6E;AAC7E,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,MAAM,CAAA;CAClB;AAED,sEAAsE;AACtE,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,OAAO,CAAA;IACd,MAAM,EAAE,MAAM,EAAE,CAAA;IAChB,2EAA2E;IAC3E,IAAI,CAAC,EAAE,eAAe,CAAA;IACtB;iEAC6D;IAC7D,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,qDAAqD;AACrD,MAAM,WAAW,cAAc;IAC7B,qBAAqB,EAAE,MAAM,CAAA;IAC7B,SAAS,EAAE,MAAM,CAAA;IACjB,kBAAkB,EAAE,MAAM,EAAE,CAAA;IAC5B,YAAY,EAAE,MAAM,CAAA;IACpB,eAAe,EAAE,cAAc,CAAA;IAC/B,iBAAiB,EAAE,eAAe,EAAE,CAAA;IACpC,mBAAmB,CAAC,EAAE,OAAO,CAAA;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,QAAQ,EAAE,mCAAmC,CAAA;IAC7C,gDAAgD;IAChD,aAAa,EAAE,MAAM,CAAA;IACrB,0EAA0E;IAC1E,YAAY,EAAE,MAAM,CAAA;IACpB;yEACqE;IACrE,gBAAgB,CAAC,EAAE,eAAe,CAAA;CACnC;AAED,4BAA4B;AAC5B,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,4BAA4B,CAAA;IACtC,qEAAqE;IACrE,YAAY,EAAE,MAAM,CAAA;IACpB;;0EAEsE;IACtE,eAAe,CAAC,EAAE,OAAO,CAAA;IACzB,gEAAgE;IAChE,GAAG,CAAC,EAAE,IAAI,CAAA;IACV;gCAC4B;IAC5B,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB;AAED,sDAAsD;AACtD,MAAM,WAAW,0BAA0B;IACzC,8CAA8C;IAC9C,QAAQ,EAAE,4BAA4B,CAAA;IACtC;kDAC8C;IAC9C,2BAA2B,EAAE,MAAM,CAAA;CACpC"}

package/dist/src/v2/instruction-provenance/types.js

@@ -0,0 +1,11 @@
+// Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
+// ══════════════════════════════════════════════════════════════════
+// InstructionProvenanceReceipt — types
+// ══════════════════════════════════════════════════════════════════
+// Spec: ~/aeoess_web/specs/INSTRUCTION-PROVENANCE-RECEIPT-DRAFT-v0.2.md
+// Tier scope this version: 'self-asserted' only. 'witnessed' and 'verified'
+// are reserved schema values; verifiers MUST reject envelopes carrying them
+// per ENFORCEMENT-TRUST-ANCHOR Component 4 (§§141-149).
+// ══════════════════════════════════════════════════════════════════
+export {};
+//# sourceMappingURL=types.js.map

package/dist/src/v2/instruction-provenance/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/v2/instruction-provenance/types.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,qEAAqE;AACrE,uCAAuC;AACvC,qEAAqE;AACrE,wEAAwE;AACxE,4EAA4E;AAC5E,4EAA4E;AAC5E,wDAAwD;AACxD,qEAAqE"}

package/dist/src/v2/instruction-provenance/verify.d.ts

@@ -0,0 +1,28 @@
+import type { ActionTimeContextRootInput, VerificationResult, VerifyIPRInput } from './types.js';
+/**
+ * Verify an InstructionProvenanceReceipt envelope per spec §6.
+ *
+ * Pipeline:
+ *   §6.1 schema + signature
+ *   §6.2 delegation linkage (signature key matches signing_key_id)
+ *   §6.3 path canonicalization, sort order, context_root, exhaustiveness
+ *   §6.4 issued_at + expires_at + bound_to consistency
+ *
+ * Filesystem-side checks (§6.3 step 10/11 cross-walk vs disk) only run
+ * when `filesystemCheck: true` AND `working_root` exists on this host.
+ */
+export declare function verifyInstructionProvenanceReceipt(input: VerifyIPRInput): VerificationResult;
+/**
+ * §6.5 — when an IPR carries `recompute_at_action: true`, every action
+ * receipt under its binding scope MUST include `context_root_at_action_time`
+ * computed by re-walking discovery_patterns. This helper compares.
+ */
+export declare function verifyActionTimeContextRoot(input: ActionTimeContextRootInput): VerificationResult;
+/**
+ * Tiny POSIX-glob matcher. Supports `*`, `?`, `**`, character literals.
+ * Patterns are matched against canonical relative paths (no leading `/`,
+ * forward-slash separators). Patterns may start with `./` (stripped) or
+ * `**` for recursive match.
+ */
+export declare function matchesAnyPattern(path: string, patterns: readonly string[]): boolean;
+//# sourceMappingURL=verify.d.ts.map

package/dist/src/v2/instruction-provenance/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../../../src/v2/instruction-provenance/verify.ts"],"names":[],"mappings":"AAsBA,OAAO,KAAK,EACV,0BAA0B,EAG1B,kBAAkB,EAClB,cAAc,EACf,MAAM,YAAY,CAAA;AAOnB;;;;;;;;;;;GAWG;AACH,wBAAgB,kCAAkC,CAAC,KAAK,EAAE,cAAc,GAAG,kBAAkB,CA4I5F;AAED;;;;GAIG;AACH,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,0BAA0B,GAAG,kBAAkB,CAiBjG;AAwBD;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,MAAM,EAAE,GAAG,OAAO,CAMpF"}

package/dist/src/v2/instruction-provenance/verify.js

@@ -0,0 +1,311 @@
+// Copyright 2024-2026 Tymofii Pidlisnyi. Apache-2.0 license. See LICENSE.
+// ══════════════════════════════════════════════════════════════════
+// IPR — verification end-to-end (§6)
+// ══════════════════════════════════════════════════════════════════
+// Pipeline order matches spec §6.1 → §6.5. Hard reject early; do not
+// silently downgrade. Returns aggregate { valid, errors[], tier, contextRoot }.
+//
+// §6.5 action-time recompute (verifyActionTimeContextRoot) is a separate
+// helper because it needs the action-receipt's freshly recomputed root,
+// which is not part of the IPR envelope itself.
+// ══════════════════════════════════════════════════════════════════
+import { createPublicKey, verify as cryptoVerify } from 'node:crypto';
+import { existsSync, readdirSync, statSync } from 'node:fs';
+import { join, relative, resolve } from 'node:path';
+import { IPRPathError, canonicalizeEnvelope, canonicalizePath, computeContextRoot, sha256Hex, } from './canonicalize.js';
+const SPKI_ED25519_PREFIX = Buffer.from('302a300506032b6570032100', 'hex');
+const VALID_TIERS = new Set(['self-asserted', 'witnessed', 'verified']);
+const V0_2_PERMITTED_TIER = 'self-asserted';
+/**
+ * Verify an InstructionProvenanceReceipt envelope per spec §6.
+ *
+ * Pipeline:
+ *   §6.1 schema + signature
+ *   §6.2 delegation linkage (signature key matches signing_key_id)
+ *   §6.3 path canonicalization, sort order, context_root, exhaustiveness
+ *   §6.4 issued_at + expires_at + bound_to consistency
+ *
+ * Filesystem-side checks (§6.3 step 10/11 cross-walk vs disk) only run
+ * when `filesystemCheck: true` AND `working_root` exists on this host.
+ */
+export function verifyInstructionProvenanceReceipt(input) {
+    const errors = [];
+    const env = input.envelope;
+    const tier = env.attestation_tier;
+    // §6.1 — schema-level checks (subset; full schema is in spec §4.2)
+    if (!env || typeof env !== 'object') {
+        errors.push('envelope is not an object');
+        return { valid: false, errors };
+    }
+    if (!VALID_TIERS.has(tier)) {
+        errors.push(`attestation_tier must be one of self-asserted | witnessed | verified, got '${tier}'`);
+    }
+    if (tier !== V0_2_PERMITTED_TIER) {
+        errors.push(`attestation_tier reserved for v0.3+, v0.2 only accepts self-asserted (got '${tier}')`);
+    }
+    if (typeof env.signing_key_id !== 'string' || !/^ed25519:[0-9a-f]{16}$/.test(env.signing_key_id)) {
+        errors.push(`signing_key_id must match ^ed25519:[0-9a-f]{16}$ (got '${env.signing_key_id}')`);
+    }
+    if (typeof env.signature !== 'string' || !/^[0-9a-f]{128}$/.test(env.signature)) {
+        errors.push('signature must be 128-char lowercase hex');
+    }
+    if (typeof env.receipt_id !== 'string' || !/^[0-9a-f]{64}$/.test(env.receipt_id)) {
+        errors.push('receipt_id must be 64-char lowercase hex');
+    }
+    if (typeof env.context_root !== 'string' || !/^[0-9a-f]{64}$/.test(env.context_root)) {
+        errors.push('context_root must be 64-char lowercase hex');
+    }
+    if (typeof env.delegation_chain_root !== 'string' || !/^[0-9a-f]{64}$/.test(env.delegation_chain_root)) {
+        errors.push('delegation_chain_root must be 64-char lowercase hex');
+    }
+    if (!Array.isArray(env.discovery_patterns) || env.discovery_patterns.length === 0) {
+        errors.push('discovery_patterns must be a non-empty array');
+    }
+    if (typeof env.working_root !== 'string' || !env.working_root.startsWith('/')) {
+        errors.push('working_root must be absolute POSIX');
+    }
+    if (errors.length > 0)
+        return { valid: false, errors, tier };
+    // §6.1 step 3 — recompute receipt_id from canonical bytes
+    const canonical = canonicalizeEnvelope(env);
+    const expectedReceiptId = sha256Hex(canonical);
+    if (env.receipt_id !== expectedReceiptId) {
+        errors.push(`receipt_id mismatch (expected ${expectedReceiptId}, got ${env.receipt_id})`);
+        return { valid: false, errors, tier };
+    }
+    // §6.1 step 4 — Ed25519 signature
+    const sigOk = verifyEd25519(canonical, env.signature, input.publicKeyHex);
+    if (!sigOk) {
+        errors.push('Ed25519 signature verification failed');
+        return { valid: false, errors, tier };
+    }
+    // §6.2 step 6 — signing_key_id must match the public key fingerprint
+    const expectedKid = `ed25519:${input.publicKeyHex.slice(0, 16)}`;
+    if (env.signing_key_id !== expectedKid) {
+        errors.push(`signing_key_id ${env.signing_key_id} does not match provided publicKeyHex fingerprint ${expectedKid}`);
+        return { valid: false, errors, tier };
+    }
+    // §6.3 step 7-9 — path canonicalization + sort order + context_root
+    for (const f of env.instruction_files) {
+        let canon;
+        try {
+            canon = canonicalizePath(f.path, {
+                workingRoot: env.working_root,
+                filesystemMode: env.filesystem_mode,
+            });
+        }
+        catch (e) {
+            const msg = e instanceof IPRPathError ? e.message : e.message;
+            errors.push(`instruction_files[${f.path}] path canonicalization failed: ${msg}`);
+            continue;
+        }
+        if (canon !== f.path) {
+            errors.push(`instruction_files[${f.path}] path is not in canonical form (expected ${canon})`);
+        }
+    }
+    if (!isSortedByPath(env.instruction_files)) {
+        errors.push('instruction_files is not sorted by path (canonical lexicographic)');
+    }
+    const expectedContextRoot = computeContextRoot(env.instruction_files);
+    if (env.context_root !== expectedContextRoot) {
+        errors.push(`context_root mismatch (expected ${expectedContextRoot}, got ${env.context_root})`);
+    }
+    // §6.3 step 10/11 — exhaustiveness + smuggling checks
+    const declaredPaths = new Set(env.instruction_files.map(f => f.path));
+    for (const f of env.instruction_files) {
+        if (!matchesAnyPattern(f.path, env.discovery_patterns)) {
+            errors.push(`path smuggling: instruction_files[${f.path}] matches no discovery_pattern`);
+        }
+    }
+    if (input.filesystemCheck && existsSync(env.working_root)) {
+        const discovered = walkPatterns(env.working_root, env.discovery_patterns, env.filesystem_mode);
+        for (const p of discovered) {
+            if (!declaredPaths.has(p)) {
+                errors.push(`omission detected: filesystem matches discovery_pattern but instruction_files omits '${p}'`);
+            }
+        }
+    }
+    // §6.4 step 12 — issued_at not in the future
+    const now = input.now ?? new Date();
+    const skew = input.clockSkewMs ?? 5 * 60 * 1000;
+    const issuedAtMs = Date.parse(env.issued_at);
+    if (Number.isNaN(issuedAtMs)) {
+        errors.push('issued_at is not a parseable ISO-8601 timestamp');
+    }
+    else if (issuedAtMs > now.getTime() + skew) {
+        errors.push(`issued_at is in the future beyond clock skew (${env.issued_at})`);
+    }
+    // §6.4 step 13 — expires_at not in the past
+    if (env.expires_at !== undefined) {
+        const expMs = Date.parse(env.expires_at);
+        if (Number.isNaN(expMs)) {
+            errors.push('expires_at is not a parseable ISO-8601 timestamp');
+        }
+        else if (expMs < now.getTime()) {
+            errors.push(`IPR expired at ${env.expires_at}`);
+        }
+    }
+    // §6.4 step 14 — bound_to.ref shape per type
+    if (env.bound_to.type === 'action' && !/^[0-9a-f]{64}$/.test(env.bound_to.ref)) {
+        errors.push(`bound_to.type='action' requires ref to be 64-char hex sha256, got '${env.bound_to.ref}'`);
+    }
+    if (env.bound_to.type === 'window' && !/^[^/]+\/[^/]+$/.test(env.bound_to.ref)) {
+        errors.push(`bound_to.type='window' requires ref of form '<iso8601>/<iso8601>'`);
+    }
+    return {
+        valid: errors.length === 0,
+        errors,
+        tier,
+        contextRoot: expectedContextRoot,
+    };
+}
+/**
+ * §6.5 — when an IPR carries `recompute_at_action: true`, every action
+ * receipt under its binding scope MUST include `context_root_at_action_time`
+ * computed by re-walking discovery_patterns. This helper compares.
+ */
+export function verifyActionTimeContextRoot(input) {
+    const errors = [];
+    if (!input.envelope.recompute_at_action) {
+        errors.push('IPR did not declare recompute_at_action: true; action-time check not applicable');
+        return { valid: false, errors };
+    }
+    if (!/^[0-9a-f]{64}$/.test(input.context_root_at_action_time)) {
+        errors.push('context_root_at_action_time must be 64-char lowercase hex');
+        return { valid: false, errors };
+    }
+    if (input.context_root_at_action_time !== input.envelope.context_root) {
+        errors.push(`context_drift: action-time root ${input.context_root_at_action_time} differs from IPR root ${input.envelope.context_root}`);
+        return { valid: false, errors };
+    }
+    return { valid: true, errors: [], contextRoot: input.envelope.context_root };
+}
+// ─── helpers ────────────────────────────────────────────────────────
+function verifyEd25519(message, sigHex, publicKeyHex) {
+    try {
+        const pub = Buffer.from(publicKeyHex, 'hex');
+        if (pub.length !== 32)
+            return false;
+        const derKey = Buffer.concat([SPKI_ED25519_PREFIX, pub]);
+        const keyObj = createPublicKey({ key: derKey, format: 'der', type: 'spki' });
+        const msg = typeof message === 'string' ? Buffer.from(message, 'utf8') : Buffer.from(message);
+        return cryptoVerify(null, msg, keyObj, Buffer.from(sigHex, 'hex'));
+    }
+    catch {
+        return false;
+    }
+}
+function isSortedByPath(files) {
+    for (let i = 1; i < files.length; i++) {
+        if (files[i - 1].path > files[i].path)
+            return false;
+    }
+    return true;
+}
+/**
+ * Tiny POSIX-glob matcher. Supports `*`, `?`, `**`, character literals.
+ * Patterns are matched against canonical relative paths (no leading `/`,
+ * forward-slash separators). Patterns may start with `./` (stripped) or
+ * `**` for recursive match.
+ */
+export function matchesAnyPattern(path, patterns) {
+    for (const raw of patterns) {
+        const pat = raw.startsWith('./') ? raw.slice(2) : raw;
+        if (matchGlob(path, pat))
+            return true;
+    }
+    return false;
+}
+function matchGlob(path, pattern) {
+    const re = globToRegex(pattern);
+    return re.test(path);
+}
+/** Compile a POSIX glob to a JS regex. `**` matches any number of segments
+ *  including zero; `*` matches anything except `/`; `?` matches one non-`/`. */
+function globToRegex(pattern) {
+    let i = 0;
+    let out = '^';
+    while (i < pattern.length) {
+        const c = pattern[i];
+        if (c === '*') {
+            if (pattern[i + 1] === '*') {
+                // `**` consumes path segments. Handle leading `**/` and trailing `/**`.
+                i += 2;
+                if (pattern[i] === '/') {
+                    out += '(?:.*/)?';
+                    i += 1;
+                }
+                else {
+                    out += '.*';
+                }
+            }
+            else {
+                out += '[^/]*';
+                i += 1;
+            }
+        }
+        else if (c === '?') {
+            out += '[^/]';
+            i += 1;
+        }
+        else if ('.+()|{}[]^$\\'.includes(c)) {
+            out += `\\${c}`;
+            i += 1;
+        }
+        else {
+            out += c;
+            i += 1;
+        }
+    }
+    out += '$';
+    return new RegExp(out);
+}
+/** Walk the working root and return canonical relative paths matching any
+ *  discovery pattern. Symlinks are returned as relative paths in their own
+ *  right (we don't dereference). */
+function walkPatterns(workingRoot, patterns, filesystemMode) {
+    const out = [];
+    const root = resolve(workingRoot);
+    const visit = (dir) => {
+        let entries;
+        try {
+            entries = readdirSync(dir, { withFileTypes: true });
+        }
+        catch {
+            return;
+        }
+        for (const ent of entries) {
+            const name = String(ent.name);
+            const abs = join(dir, name);
+            const rel = canonicalizePathSafe(workingRoot, abs, filesystemMode);
+            if (rel === null)
+                continue;
+            if (ent.isDirectory()) {
+                visit(abs);
+            }
+            else if (ent.isFile() || ent.isSymbolicLink()) {
+                if (matchesAnyPattern(rel, patterns))
+                    out.push(rel);
+            }
+        }
+    };
+    if (!existsSync(root))
+        return out;
+    const stat = statSync(root);
+    if (!stat.isDirectory())
+        return out;
+    visit(root);
+    return out.sort();
+}
+function canonicalizePathSafe(workingRoot, absPath, filesystemMode) {
+    try {
+        const rel = relative(workingRoot, absPath);
+        if (rel.length === 0 || rel.startsWith('..'))
+            return null;
+        return canonicalizePath(rel, { workingRoot, filesystemMode });
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=verify.js.map

package/dist/src/v2/instruction-provenance/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../../../src/v2/instruction-provenance/verify.ts"],"names":[],"mappings":"AAAA,0EAA0E;AAC1E,qEAAqE;AACrE,qCAAqC;AACrC,qEAAqE;AACrE,qEAAqE;AACrE,gFAAgF;AAChF,EAAE;AACF,yEAAyE;AACzE,wEAAwE;AACxE,gDAAgD;AAChD,qEAAqE;AAErE,OAAO,EAAE,eAAe,EAAE,MAAM,IAAI,YAAY,EAAE,MAAM,aAAa,CAAA;AACrE,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAC3D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AACnD,OAAO,EACL,YAAY,EACZ,oBAAoB,EACpB,gBAAgB,EAChB,kBAAkB,EAClB,SAAS,GACV,MAAM,mBAAmB,CAAA;AAS1B,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAA;AAE1E,MAAM,WAAW,GAAiC,IAAI,GAAG,CAAC,CAAC,eAAe,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC,CAAA;AACrG,MAAM,mBAAmB,GAAoB,eAAe,CAAA;AAE5D;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,kCAAkC,CAAC,KAAqB;IACtE,MAAM,MAAM,GAAa,EAAE,CAAA;IAC3B,MAAM,GAAG,GAAG,KAAK,CAAC,QAAQ,CAAA;IAC1B,MAAM,IAAI,GAAG,GAAG,CAAC,gBAAgB,CAAA;IAEjC,mEAAmE;IACnE,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAA;QACxC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAA;IACjC,CAAC;IACD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,MAAM,CAAC,IAAI,CAAC,8EAA8E,IAAI,GAAG,CAAC,CAAA;IACpG,CAAC;IACD,IAAI,IAAI,KAAK,mBAAmB,EAAE,CAAC;QACjC,MAAM,CAAC,IAAI,CAAC,8EAA8E,IAAI,IAAI,CAAC,CAAA;IACrG,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,cAAc,KAAK,QAAQ,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,EAAE,CAAC;QACjG,MAAM,CAAC,IAAI,CAAC,0DAA0D,GAAG,CAAC,cAAc,IAAI,CAAC,CAAA;IAC/F,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;QAChF,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAA;IACzD,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,UAAU,KAAK,QAAQ,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;QACjF,MAAM,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAA;IACzD,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,YAAY,KAAK,QAAQ,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;QACrF,MAAM,CAAC,IAAI,CAAC,4CAA4C,CAAC,CAAA;IAC3D,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,qBAAqB,KAAK,QAAQ,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,qBAAqB,CAAC,EAAE,CAAC;QACvG,MAAM,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAA;IACpE,CAAC;IACD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,kBAAkB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClF,MAAM,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAA;IAC7D,CAAC;IACD,IAAI,OAAO,GAAG,CAAC,YAAY,KAAK,QAAQ,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC9E,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAA;IACpD,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAA;IAE5D,0DAA0D;IAC1D,MAAM,SAAS,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAA;IAC3C,MAAM,iBAAiB,GAAG,SAAS,CAAC,SAAS,CAAC,CAAA;IAC9C,IAAI,GAAG,CAAC,UAAU,KAAK,iBAAiB,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,iCAAiC,iBAAiB,SAAS,GAAG,CAAC,UAAU,GAAG,CAAC,CAAA;QACzF,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAA;IACvC,CAAC;IAED,kCAAkC;IAClC,MAAM,KAAK,GAAG,aAAa,CAAC,SAAS,EAAE,GAAG,CAAC,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,CAAA;IACzE,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAA;QACpD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAA;IACvC,CAAC;IAED,qEAAqE;IACrE,MAAM,WAAW,GAAG,WAAW,KAAK,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAA;IAChE,IAAI,GAAG,CAAC,cAAc,KAAK,WAAW,EAAE,CAAC;QACvC,MAAM,CAAC,IAAI,CAAC,kBAAkB,GAAG,CAAC,cAAc,qDAAqD,WAAW,EAAE,CAAC,CAAA;QACnH,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,CAAA;IACvC,CAAC;IAED,oEAAoE;IACpE,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,iBAAiB,EAAE,CAAC;QACtC,IAAI,KAAa,CAAA;QACjB,IAAI,CAAC;YACH,KAAK,GAAG,gBAAgB,CAAC,CAAC,CAAC,IAAI,EAAE;gBAC/B,WAAW,EAAE,GAAG,CAAC,YAAY;gBAC7B,cAAc,EAAE,GAAG,CAAC,eAAe;aACpC,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAE,CAAW,CAAC,OAAO,CAAA;YACxE,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,IAAI,mCAAmC,GAAG,EAAE,CAAC,CAAA;YAChF,SAAQ;QACV,CAAC;QACD,IAAI,KAAK,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,IAAI,6CAA6C,KAAK,GAAG,CAAC,CAAA;QAC/F,CAAC;IACH,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAA;IAClF,CAAC;IAED,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAA;IACrE,IAAI,GAAG,CAAC,YAAY,KAAK,mBAAmB,EAAE,CAAC;QAC7C,MAAM,CAAC,IAAI,CAAC,mCAAmC,mBAAmB,SAAS,GAAG,CAAC,YAAY,GAAG,CAAC,CAAA;IACjG,CAAC;IAED,sDAAsD;IACtD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAA;IACrE,KAAK,MAAM,CAAC,IAAI,GAAG,CAAC,iBAAiB,EAAE,CAAC;QACtC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,EAAE,GAAG,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACvD,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC,IAAI,gCAAgC,CAAC,CAAA;QAC1F,CAAC;IACH,CAAC;IAED,IAAI,KAAK,CAAC,eAAe,IAAI,UAAU,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;QAC1D,MAAM,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,GAAG,CAAC,kBAAkB,EAAE,GAAG,CAAC,eAAe,CAAC,CAAA;QAC9F,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;YAC3B,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC1B,MAAM,CAAC,IAAI,CAAC,wFAAwF,CAAC,GAAG,CAAC,CAAA;YAC3G,CAAC;QACH,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAA;IACnC,MAAM,IAAI,GAAG,KAAK,CAAC,WAAW,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAA;IAC/C,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;IAC5C,IAAI,MAAM,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,iDAAiD,CAAC,CAAA;IAChE,CAAC;SAAM,IAAI,UAAU,GAAG,GAAG,CAAC,OAAO,EAAE,GAAG,IAAI,EAAE,CAAC;QAC7C,MAAM,CAAC,IAAI,CAAC,iDAAiD,GAAG,CAAC,SAAS,GAAG,CAAC,CAAA;IAChF,CAAC;IAED,4CAA4C;IAC5C,IAAI,GAAG,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACjC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;QACxC,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,CAAA;QACjE,CAAC;aAAM,IAAI,KAAK,GAAG,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;YACjC,MAAM,CAAC,IAAI,CAAC,kBAAkB,GAAG,CAAC,UAAU,EAAE,CAAC,CAAA;QACjD,CAAC;IACH,CAAC;IAED,6CAA6C;IAC7C,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/E,MAAM,CAAC,IAAI,CAAC,sEAAsE,GAAG,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC,CAAA;IACxG,CAAC;IACD,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,KAAK,QAAQ,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/E,MAAM,CAAC,IAAI,CAAC,mEAAmE,CAAC,CAAA;IAClF,CAAC;IAED,OAAO;QACL,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC;QAC1B,MAAM;QACN,IAAI;QACJ,WAAW,EAAE,mBAAmB;KACjC,CAAA;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,2BAA2B,CAAC,KAAiC;IAC3E,MAAM,MAAM,GAAa,EAAE,CAAA;IAC3B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,mBAAmB,EAAE,CAAC;QACxC,MAAM,CAAC,IAAI,CAAC,iFAAiF,CAAC,CAAA;QAC9F,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAA;IACjC,CAAC;IACD,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,2BAA2B,CAAC,EAAE,CAAC;QAC9D,MAAM,CAAC,IAAI,CAAC,2DAA2D,CAAC,CAAA;QACxE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAA;IACjC,CAAC;IACD,IAAI,KAAK,CAAC,2BAA2B,KAAK,KAAK,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAC;QACtE,MAAM,CAAC,IAAI,CACT,mCAAmC,KAAK,CAAC,2BAA2B,0BAA0B,KAAK,CAAC,QAAQ,CAAC,YAAY,EAAE,CAC5H,CAAA;QACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,CAAA;IACjC,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,WAAW,EAAE,KAAK,CAAC,QAAQ,CAAC,YAAY,EAAE,CAAA;AAC9E,CAAC;AAED,uEAAuE;AAEvE,SAAS,aAAa,CAAC,OAA4B,EAAE,MAAc,EAAE,YAAoB;IACvF,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,CAAC,CAAA;QAC5C,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE;YAAE,OAAO,KAAK,CAAA;QACnC,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,mBAAmB,EAAE,GAAG,CAAC,CAAC,CAAA;QACxD,MAAM,MAAM,GAAG,eAAe,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAA;QAC5E,MAAM,GAAG,GAAG,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAC7F,OAAO,YAAY,CAAC,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAA;IACpE,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,KAAiC;IACvD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,IAAI,KAAK,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC,IAAI;YAAE,OAAO,KAAK,CAAA;IACvD,CAAC;IACD,OAAO,IAAI,CAAA;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,IAAY,EAAE,QAA2B;IACzE,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAA;QACrD,IAAI,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC;YAAE,OAAO,IAAI,CAAA;IACvC,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAS,SAAS,CAAC,IAAY,EAAE,OAAe;IAC9C,MAAM,EAAE,GAAG,WAAW,CAAC,OAAO,CAAC,CAAA;IAC/B,OAAO,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AACtB,CAAC;AAED;gFACgF;AAChF,SAAS,WAAW,CAAC,OAAe;IAClC,IAAI,CAAC,GAAG,CAAC,CAAA;IACT,IAAI,GAAG,GAAG,GAAG,CAAA;IACb,OAAO,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC;QAC1B,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAE,CAAA;QACrB,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YACd,IAAI,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBAC3B,wEAAwE;gBACxE,CAAC,IAAI,CAAC,CAAA;gBACN,IAAI,OAAO,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;oBACvB,GAAG,IAAI,UAAU,CAAA;oBACjB,CAAC,IAAI,CAAC,CAAA;gBACR,CAAC;qBAAM,CAAC;oBACN,GAAG,IAAI,IAAI,CAAA;gBACb,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,GAAG,IAAI,OAAO,CAAA;gBACd,CAAC,IAAI,CAAC,CAAA;YACR,CAAC;QACH,CAAC;aAAM,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YACrB,GAAG,IAAI,MAAM,CAAA;YACb,CAAC,IAAI,CAAC,CAAA;QACR,CAAC;aAAM,IAAI,eAAe,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;YACvC,GAAG,IAAI,KAAK,CAAC,EAAE,CAAA;YACf,CAAC,IAAI,CAAC,CAAA;QACR,CAAC;aAAM,CAAC;YACN,GAAG,IAAI,CAAC,CAAA;YACR,CAAC,IAAI,CAAC,CAAA;QACR,CAAC;IACH,CAAC;IACD,GAAG,IAAI,GAAG,CAAA;IACV,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,CAAA;AACxB,CAAC;AAED;;oCAEoC;AACpC,SAAS,YAAY,CACnB,WAAmB,EACnB,QAA2B,EAC3B,cAAqD;IAErD,MAAM,GAAG,GAAa,EAAE,CAAA;IACxB,MAAM,IAAI,GAAG,OAAO,CAAC,WAAW,CAAC,CAAA;IAEjC,MAAM,KAAK,GAAG,CAAC,GAAW,EAAQ,EAAE;QAClC,IAAI,OAAmC,CAAA;QACvC,IAAI,CAAC;YACH,OAAO,GAAG,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAA0C,CAAA;QAC9F,CAAC;QAAC,MAAM,CAAC;YACP,OAAM;QACR,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1B,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;YAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAA;YAC3B,MAAM,GAAG,GAAG,oBAAoB,CAAC,WAAW,EAAE,GAAG,EAAE,cAAc,CAAC,CAAA;YAClE,IAAI,GAAG,KAAK,IAAI;gBAAE,SAAQ;YAC1B,IAAI,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC;gBACtB,KAAK,CAAC,GAAG,CAAC,CAAA;YACZ,CAAC;iBAAM,IAAI,GAAG,CAAC,MAAM,EAAE,IAAI,GAAG,CAAC,cAAc,EAAE,EAAE,CAAC;gBAChD,IAAI,iBAAiB,CAAC,GAAG,EAAE,QAAQ,CAAC;oBAAE,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;YACrD,CAAC;QACH,CAAC;IACH,CAAC,CAAA;IAED,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC;QAAE,OAAO,GAAG,CAAA;IACjC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAA;IAC3B,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE;QAAE,OAAO,GAAG,CAAA;IACnC,KAAK,CAAC,IAAI,CAAC,CAAA;IACX,OAAO,GAAG,CAAC,IAAI,EAAE,CAAA;AACnB,CAAC;AAED,SAAS,oBAAoB,CAC3B,WAAmB,EACnB,OAAe,EACf,cAAqD;IAErD,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC,CAAA;QAC1C,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,OAAO,IAAI,CAAA;QACzD,OAAO,gBAAgB,CAAC,GAAG,EAAE,EAAE,WAAW,EAAE,cAAc,EAAE,CAAC,CAAA;IAC/D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "agent-passport-system",
-  "version": "2.2.0",
-  "description": "Enforcement and accountability layer for AI agents. Bring your own identity (did:key, did:web, SPIFFE, OAuth, did:aps). Policy eval <2ms, 14 constraint dimensions, 403 ops/sec. Gateway enforcement, monotonic narrowing, cascade revocation, Bayesian reputation, feeless Nano payments, unified four-axis attribution primitive, per-period attribution settlement, data lifecycle, mutual authentication. 2,395 tests.",
+  "version": "2.4.0-alpha",
+  "description": "Enforcement and accountability layer for AI agents. Bring your own identity (did:key, did:web, SPIFFE, OAuth, did:aps). Policy eval <2ms, 14 constraint dimensions, 403 ops/sec. Gateway enforcement, monotonic narrowing, cascade revocation, Bayesian reputation, feeless Nano payments, unified four-axis attribution primitive, per-period attribution settlement, data lifecycle, mutual authentication. 2,410 tests.",
   "type": "module",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",
@@ -20,9 +20,10 @@
   },
   "scripts": {
     "build": "tsc && chmod +x dist/src/cli/index.js",
-    "test": "npx tsx --test tests/passport.test.ts tests/adversarial.ts tests/v2.0-integration.ts tests/contract.test.ts tests/agora.test.ts tests/values.test.ts tests/delegation.test.ts tests/attribution.test.ts tests/policy.test.ts tests/canonical.test.ts tests/coordination.test.ts tests/commerce.test.ts tests/enforcement.test.ts tests/routing.test.ts tests/did-vc.test.ts tests/a2a.test.ts tests/principal.test.ts tests/adversarial-paper.test.ts tests/property-delegation.test.ts tests/intent.test.ts tests/reputation-authority.test.ts tests/cross-chain.test.ts tests/encrypted-messaging.test.ts tests/obligations.test.ts tests/execution-envelope.test.ts tests/adversarial-causal-chain.test.ts tests/governance.test.ts tests/feasibility.test.ts tests/identity.test.ts tests/precedent.test.ts tests/reanchor.test.ts tests/escalation.test.ts tests/oracle-witness.test.ts tests/messaging-audit.test.ts tests/policy-conflict.test.ts tests/data-source.test.ts tests/decision-semantics.test.ts tests/interop-vectors.test.ts tests/v2-bridge.test.ts tests/v2-full.test.ts tests/key-storage.test.ts tests/qntm-bridge.test.ts tests/agent-json-bridge.test.ts tests/did-resolution-conformance.test.ts tests/decision-equivalence.test.ts tests/data-lifecycle.test.ts tests/campaign7-composition.test.ts tests/entity-verification.test.ts tests/conformance.test.ts tests/governance-block.test.ts tests/aps-txt.test.ts tests/governance-360.test.ts tests/storage-backend.test.ts tests/receipt-bundle.test.ts tests/reputation-confidence.test.ts tests/governance-consumer.test.ts tests/charter.test.ts tests/rome-phase2.test.ts tests/data-source-attribution.test.ts tests/canonical-jcs.test.ts tests/temporal-spread.test.ts tests/fidelity-pressure.test.ts tests/denial-domains.test.ts tests/data-narrowing.test.ts tests/governance-posture.test.ts tests/anchor-state.test.ts tests/issuer-signature.test.ts tests/openshell-adapter.test.ts tests/attestation.test.ts tests/execution-attestation.test.ts tests/bilateral-receipt.test.ts tests/proof-namespace.test.ts tests/ecosystem-features.test.ts tests/persistent-passport.test.ts tests/security-av.test.ts tests/audit-fixes.test.ts tests/did-interop.test.ts tests/identity-bridge.test.ts tests/vc-wrapper.test.ts tests/identity-pipeline.test.ts tests/cross-protocol/sint-crossverify.test.ts tests/action-ref.test.ts tests/freshness.test.ts tests/evidence-grade.test.ts tests/key-rotation.test.ts tests/governance-regression.test.ts tests/posture-overlay.test.ts tests/feasibility-gateway.test.ts tests/trust-adapters.test.ts tests/evaluation-context.test.ts tests/health.test.ts tests/composio-adapter.test.ts tests/interop/ietf-envelope.test.ts tests/interop/signet-combined.test.ts tests/interop/moltrust-attestation.test.ts tests/interop/cross-protocol-vectors.test.ts tests/interop/receipt-chaining.test.ts tests/ibac-adapter.test.ts tests/langchain-adapter.test.ts tests/crewai-adapter.test.ts tests/mcp-adapter.test.ts tests/a2a-adapter.test.ts tests/gonka-adapter.test.ts tests/cross-algo-mismatch.test.ts tests/credential-lifecycle.test.ts tests/behavioral-memory.test.ts tests/telemetry-scope.test.ts tests/idempotency.test.ts tests/v2/wallet-binding.test.ts tests/v2/wallet-binding-fixture.test.ts tests/v2/credential-check-policy.test.ts tests/v2/delegation-escalation.test.ts tests/v2/attribution-consent.test.ts tests/v2/attribution-integration.test.ts tests/v2/attribution-primitive.test.ts tests/v2/attribution-primitive-integration.test.ts tests/v2/build-b-fractional-weights.test.ts tests/v2/build-b-cross-language.test.ts tests/v2/build-c-settlement.test.ts tests/v2/build-c-cross-language.test.ts tests/v2/build-c-end-to-end.test.ts tests/v2/provisional-statement.test.ts tests/temporal-decay.test.ts tests/confidence-breakdown.test.ts tests/behavioral-fingerprint.test.ts tests/session-boundary.test.ts tests/probe-identity.test.ts tests/v2/cognitive-attestation/envelope.test.ts tests/v2/cognitive-attestation/verify.test.ts tests/v2/cognitive-attestation/adversarial.test.ts tests/v2/mutual-auth/handshake.test.ts tests/v2/mutual-auth/adversarial.test.ts tests/v2/mutual-auth/conformance.test.ts",
+    "test": "npx tsx --test tests/passport.test.ts tests/adversarial.ts tests/v2.0-integration.ts tests/contract.test.ts tests/agora.test.ts tests/values.test.ts tests/delegation.test.ts tests/attribution.test.ts tests/policy.test.ts tests/canonical.test.ts tests/coordination.test.ts tests/commerce.test.ts tests/enforcement.test.ts tests/routing.test.ts tests/did-vc.test.ts tests/a2a.test.ts tests/principal.test.ts tests/adversarial-paper.test.ts tests/property-delegation.test.ts tests/intent.test.ts tests/reputation-authority.test.ts tests/cross-chain.test.ts tests/encrypted-messaging.test.ts tests/obligations.test.ts tests/execution-envelope.test.ts tests/adversarial-causal-chain.test.ts tests/governance.test.ts tests/feasibility.test.ts tests/identity.test.ts tests/precedent.test.ts tests/reanchor.test.ts tests/escalation.test.ts tests/oracle-witness.test.ts tests/messaging-audit.test.ts tests/policy-conflict.test.ts tests/data-source.test.ts tests/decision-semantics.test.ts tests/interop-vectors.test.ts tests/v2-bridge.test.ts tests/v2-full.test.ts tests/key-storage.test.ts tests/qntm-bridge.test.ts tests/agent-json-bridge.test.ts tests/did-resolution-conformance.test.ts tests/decision-equivalence.test.ts tests/data-lifecycle.test.ts tests/campaign7-composition.test.ts tests/entity-verification.test.ts tests/conformance.test.ts tests/governance-block.test.ts tests/aps-txt.test.ts tests/governance-360.test.ts tests/storage-backend.test.ts tests/receipt-bundle.test.ts tests/reputation-confidence.test.ts tests/governance-consumer.test.ts tests/charter.test.ts tests/rome-phase2.test.ts tests/data-source-attribution.test.ts tests/canonical-jcs.test.ts tests/temporal-spread.test.ts tests/fidelity-pressure.test.ts tests/denial-domains.test.ts tests/data-narrowing.test.ts tests/governance-posture.test.ts tests/anchor-state.test.ts tests/issuer-signature.test.ts tests/openshell-adapter.test.ts tests/attestation.test.ts tests/execution-attestation.test.ts tests/bilateral-receipt.test.ts tests/proof-namespace.test.ts tests/ecosystem-features.test.ts tests/persistent-passport.test.ts tests/security-av.test.ts tests/audit-fixes.test.ts tests/did-interop.test.ts tests/identity-bridge.test.ts tests/vc-wrapper.test.ts tests/identity-pipeline.test.ts tests/cross-protocol/sint-crossverify.test.ts tests/action-ref.test.ts tests/freshness.test.ts tests/evidence-grade.test.ts tests/key-rotation.test.ts tests/governance-regression.test.ts tests/posture-overlay.test.ts tests/feasibility-gateway.test.ts tests/trust-adapters.test.ts tests/evaluation-context.test.ts tests/health.test.ts tests/composio-adapter.test.ts tests/interop/ietf-envelope.test.ts tests/interop/signet-combined.test.ts tests/interop/moltrust-attestation.test.ts tests/interop/cross-protocol-vectors.test.ts tests/interop/receipt-chaining.test.ts tests/ibac-adapter.test.ts tests/langchain-adapter.test.ts tests/crewai-adapter.test.ts tests/mcp-adapter.test.ts tests/a2a-adapter.test.ts tests/gonka-adapter.test.ts tests/cross-algo-mismatch.test.ts tests/credential-lifecycle.test.ts tests/behavioral-memory.test.ts tests/telemetry-scope.test.ts tests/idempotency.test.ts tests/v2/wallet-binding.test.ts tests/v2/wallet-binding-fixture.test.ts tests/v2/credential-check-policy.test.ts tests/v2/delegation-escalation.test.ts tests/v2/attribution-consent.test.ts tests/v2/attribution-integration.test.ts tests/v2/attribution-primitive.test.ts tests/v2/attribution-primitive-integration.test.ts tests/v2/build-b-fractional-weights.test.ts tests/v2/build-b-cross-language.test.ts tests/v2/build-c-settlement.test.ts tests/v2/build-c-cross-language.test.ts tests/v2/build-c-end-to-end.test.ts tests/v2/provisional-statement.test.ts tests/temporal-decay.test.ts tests/confidence-breakdown.test.ts tests/behavioral-fingerprint.test.ts tests/session-boundary.test.ts tests/probe-identity.test.ts tests/v2/cognitive-attestation/envelope.test.ts tests/v2/cognitive-attestation/verify.test.ts tests/v2/cognitive-attestation/adversarial.test.ts tests/v2/mutual-auth/handshake.test.ts tests/v2/mutual-auth/adversarial.test.ts tests/v2/mutual-auth/conformance.test.ts tests/property-bilateral-receipt.test.ts tests/v2/instruction-provenance/conformance.test.ts tests/v2/instruction-provenance/adversarial.test.ts",
     "test:interop": "npx tsx --test tests/interop/ietf-envelope.test.ts tests/interop/signet-combined.test.ts tests/interop/moltrust-attestation.test.ts tests/interop/cross-protocol-vectors.test.ts tests/interop/receipt-chaining.test.ts",
     "test:quick": "tsx --test tests/passport.test.ts",
+    "test:fixtures": "tsx fixtures/bilateral-delegation/test-canonicalize.ts",
     "lint": "tsc --noEmit",
     "clean": "rm -rf dist",
     "prepublishOnly": "npm run build && npm test",