npm - agentbnb - Versions diffs - 8.4.7 → 9.0.1 - Mend

agentbnb 8.4.7 → 9.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

package/dist/{chunk-IMLFBU3H.js → chunk-LLL3KYEM.js} RENAMED Viewed

@@ -1,38 +1,38 @@
 import {
   createPendingRequest
-} from "./chunk-MZSVVG55.js";
+} from "./chunk-5PV5YCSN.js";
 import {
   getAutonomyTier,
   insertAuditEvent
 } from "./chunk-G5WKW3ED.js";
 import {
   resolveTargetCapability
-} from "./chunk-2PP5MQPD.js";
+} from "./chunk-UIPGGNRC.js";
 import {
   fetchRemoteCards
-} from "./chunk-PIPCGRCR.js";
+} from "./chunk-ELFGYC22.js";
 import {
   holdEscrow,
   releaseEscrow,
   searchCards,
   settleEscrow
-} from "./chunk-HU46M4JA.js";
+} from "./chunk-P3FDT7G5.js";
 import {
   RelayClient
-} from "./chunk-NX27AFPA.js";
+} from "./chunk-UR3MISL2.js";
 import {
   requestCapability,
   requestViaRelay
-} from "./chunk-YKMBFQC2.js";
+} from "./chunk-W6LOCBWQ.js";
 import {
   findPeer
 } from "./chunk-3YQ73ZM6.js";
 import {
   resolveCanonicalIdentity
-} from "./chunk-WTHMHNKC.js";
+} from "./chunk-J4RFJVXI.js";
 import {
   AgentBnBError
-} from "./chunk-I7KWA7OB.js";
+} from "./chunk-UVCNMRPS.js";
 // src/gateway/relay-dispatch.ts
 import { randomUUID } from "crypto";

package/dist/{chunk-VAAEBCMU.js → chunk-N3TXLBGK.js} RENAMED Viewed

@@ -1,9 +1,9 @@
 import {
   insertCard
-} from "./chunk-COA2D7QM.js";
+} from "./chunk-NLQCHO7N.js";
 import {
   CapabilityCardSchema
-} from "./chunk-I7KWA7OB.js";
+} from "./chunk-UVCNMRPS.js";
 // src/skills/publish-capability.ts
 import { randomUUID } from "crypto";

package/dist/{chunk-COA2D7QM.js → chunk-NLQCHO7N.js} RENAMED Viewed

@@ -1,12 +1,12 @@
 import {
   ensureAgentsTable,
   resolveCanonicalIdentity
-} from "./chunk-WTHMHNKC.js";
+} from "./chunk-J4RFJVXI.js";
 import {
   AgentBnBError,
   AnyCardSchema,
   CapabilityCardSchema
-} from "./chunk-I7KWA7OB.js";
+} from "./chunk-UVCNMRPS.js";
 // src/registry/store.ts
 import Database from "better-sqlite3";

package/dist/{chunk-WK2QSO4E.js → chunk-NZTLBAML.js} RENAMED Viewed

@@ -1,3 +1,6 @@
+import {
+  deriveAgentId
+} from "./chunk-5CC6O6SO.js";
 import {
   bootstrapAgent,
   getBalance,
@@ -7,151 +10,17 @@ import {
   openCreditDb,
   releaseEscrow,
   settleEscrow
-} from "./chunk-HU46M4JA.js";
+} from "./chunk-P3FDT7G5.js";
 import {
-  generateKeyPair,
-  loadKeyPair,
-  saveKeyPair,
   signEscrowReceipt,
   verifyEscrowReceipt
-} from "./chunk-GIEJVKZZ.js";
+} from "./chunk-YNBZLXYS.js";
 import {
   lookupAgent
-} from "./chunk-WTHMHNKC.js";
+} from "./chunk-J4RFJVXI.js";
 import {
   AgentBnBError
-} from "./chunk-I7KWA7OB.js";
-// src/identity/identity.ts
-import { z } from "zod";
-import { createHash, createPrivateKey, createPublicKey } from "crypto";
-import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
-import { join } from "path";
-var AgentIdentitySchema = z.object({
-  /** Deterministic ID derived from public key: sha256(hex).slice(0, 16). */
-  agent_id: z.string().min(1),
-  /** Human-readable owner name (from config or init). */
-  owner: z.string().min(1),
-  /** Hex-encoded Ed25519 public key. */
-  public_key: z.string().min(1),
-  /** ISO 8601 timestamp of identity creation. */
-  created_at: z.string().datetime(),
-  /** Optional guarantor info if linked to a human. */
-  guarantor: z.object({
-    github_login: z.string().min(1),
-    verified_at: z.string().datetime()
-  }).optional()
-});
-var AgentCertificateSchema = z.object({
-  identity: AgentIdentitySchema,
-  /** ISO 8601 timestamp of certificate issuance. */
-  issued_at: z.string().datetime(),
-  /** ISO 8601 timestamp of certificate expiry. */
-  expires_at: z.string().datetime(),
-  /** Hex-encoded public key of the issuer (same as identity for self-signed). */
-  issuer_public_key: z.string().min(1),
-  /** Base64url Ed25519 signature over { identity, issued_at, expires_at, issuer_public_key }. */
-  signature: z.string().min(1)
-});
-var IDENTITY_FILENAME = "identity.json";
-var PRIVATE_KEY_FILENAME = "private.key";
-var PUBLIC_KEY_FILENAME = "public.key";
-function derivePublicKeyFromPrivate(privateKey) {
-  const privateKeyObject = createPrivateKey({ key: privateKey, format: "der", type: "pkcs8" });
-  const publicKeyObject = createPublicKey(privateKeyObject);
-  const publicKey = publicKeyObject.export({ format: "der", type: "spki" });
-  return Buffer.from(publicKey);
-}
-function buildIdentityFromPublicKey(publicKey, owner, createdAt) {
-  const publicKeyHex = publicKey.toString("hex");
-  return {
-    agent_id: deriveAgentId(publicKeyHex),
-    owner,
-    public_key: publicKeyHex,
-    created_at: createdAt ?? (/* @__PURE__ */ new Date()).toISOString()
-  };
-}
-function generateFreshIdentity(configDir, owner) {
-  const keys = generateKeyPair();
-  saveKeyPair(configDir, keys);
-  const identity = buildIdentityFromPublicKey(keys.publicKey, owner);
-  saveIdentity(configDir, identity);
-  return { identity, keys, status: "generated" };
-}
-function deriveAgentId(publicKeyHex) {
-  return createHash("sha256").update(publicKeyHex, "hex").digest("hex").slice(0, 16);
-}
-function loadIdentity(configDir) {
-  const filePath = join(configDir, IDENTITY_FILENAME);
-  if (!existsSync(filePath)) return null;
-  try {
-    const raw = readFileSync(filePath, "utf-8");
-    return AgentIdentitySchema.parse(JSON.parse(raw));
-  } catch {
-    return null;
-  }
-}
-function saveIdentity(configDir, identity) {
-  if (!existsSync(configDir)) {
-    mkdirSync(configDir, { recursive: true });
-  }
-  const filePath = join(configDir, IDENTITY_FILENAME);
-  writeFileSync(filePath, JSON.stringify(identity, null, 2), "utf-8");
-}
-function loadOrRepairIdentity(configDir, ownerHint) {
-  if (!existsSync(configDir)) {
-    mkdirSync(configDir, { recursive: true });
-  }
-  const identityPath = join(configDir, IDENTITY_FILENAME);
-  const privateKeyPath = join(configDir, PRIVATE_KEY_FILENAME);
-  const publicKeyPath = join(configDir, PUBLIC_KEY_FILENAME);
-  const hasIdentity = existsSync(identityPath);
-  const hasPrivateKey = existsSync(privateKeyPath);
-  const hasPublicKey = existsSync(publicKeyPath);
-  if (!hasIdentity || !hasPrivateKey || !hasPublicKey) {
-    return generateFreshIdentity(configDir, ownerHint ?? "agent");
-  }
-  let keys;
-  try {
-    keys = loadKeyPair(configDir);
-  } catch {
-    return generateFreshIdentity(configDir, ownerHint ?? "agent");
-  }
-  let derivedPublicKey;
-  try {
-    derivedPublicKey = derivePublicKeyFromPrivate(keys.privateKey);
-  } catch {
-    return generateFreshIdentity(configDir, ownerHint ?? "agent");
-  }
-  let keypairRepaired = false;
-  if (!keys.publicKey.equals(derivedPublicKey)) {
-    keypairRepaired = true;
-    keys = { privateKey: keys.privateKey, publicKey: derivedPublicKey };
-    saveKeyPair(configDir, keys);
-  }
-  const loadedIdentity = loadIdentity(configDir);
-  const expectedAgentId = deriveAgentId(derivedPublicKey.toString("hex"));
-  const expectedPublicKeyHex = derivedPublicKey.toString("hex");
-  const identityMismatch = !loadedIdentity || loadedIdentity.public_key !== expectedPublicKeyHex || loadedIdentity.agent_id !== expectedAgentId;
-  if (identityMismatch) {
-    const repairedIdentity = buildIdentityFromPublicKey(
-      derivedPublicKey,
-      loadedIdentity?.owner ?? ownerHint ?? "agent",
-      loadedIdentity?.created_at
-    );
-    saveIdentity(configDir, repairedIdentity);
-    return { identity: repairedIdentity, keys, status: "repaired" };
-  }
-  if (ownerHint && loadedIdentity.owner !== ownerHint) {
-    const updatedIdentity = { ...loadedIdentity, owner: ownerHint };
-    saveIdentity(configDir, updatedIdentity);
-    return { identity: updatedIdentity, keys, status: "repaired" };
-  }
-  return { identity: loadedIdentity, keys, status: keypairRepaired ? "repaired" : "existing" };
-}
-function ensureIdentity(configDir, owner) {
-  return loadOrRepairIdentity(configDir, owner).identity;
-}
+} from "./chunk-UVCNMRPS.js";
 // src/credit/local-credit-ledger.ts
 var LocalCreditLedger = class {
@@ -583,9 +452,6 @@ function createLedger(opts) {
 }
 export {
-  deriveAgentId,
-  loadOrRepairIdentity,
-  ensureIdentity,
   identityAuthPlugin,
   createLedger
 };

package/dist/{chunk-HU46M4JA.js → chunk-P3FDT7G5.js} RENAMED Viewed

@@ -3,16 +3,16 @@ import {
   ensureReliabilityTable,
   migrateCreditOwnerData,
   recordSuccessfulHire
-} from "./chunk-U6LP4KWN.js";
+} from "./chunk-YDGXKH2T.js";
 import {
   getFeedbackForProvider
-} from "./chunk-COA2D7QM.js";
+} from "./chunk-NLQCHO7N.js";
 import {
   ensureAgentsTable
-} from "./chunk-WTHMHNKC.js";
+} from "./chunk-J4RFJVXI.js";
 import {
   AgentBnBError
-} from "./chunk-I7KWA7OB.js";
+} from "./chunk-UVCNMRPS.js";
 // src/credit/ledger.ts
 import Database from "better-sqlite3";

package/dist/{chunk-ZU2TP7CN.js → chunk-PG3CLSAH.js} RENAMED Viewed

@@ -6,7 +6,7 @@ import {
   AgentBnBError,
   AnyCardSchema,
   CapabilityCardSchema
-} from "./chunk-I7KWA7OB.js";
+} from "./chunk-UVCNMRPS.js";
 // src/registry/request-log.ts
 var SINCE_MS = {

package/dist/chunk-PMVHKTFG.js ADDED Viewed

@@ -0,0 +1,199 @@
+import {
+  AgentBnBError
+} from "./chunk-UVCNMRPS.js";
+// src/auth/ucan.ts
+import { randomUUID } from "crypto";
+import { sign, verify, createPrivateKey, createPublicKey } from "crypto";
+// src/auth/canonical-json.ts
+function escapeString(s) {
+  let result = '"';
+  for (let i = 0; i < s.length; i++) {
+    const ch = s.charCodeAt(i);
+    if (ch === 8) {
+      result += "\\b";
+    } else if (ch === 9) {
+      result += "\\t";
+    } else if (ch === 10) {
+      result += "\\n";
+    } else if (ch === 12) {
+      result += "\\f";
+    } else if (ch === 13) {
+      result += "\\r";
+    } else if (ch === 34) {
+      result += '\\"';
+    } else if (ch === 92) {
+      result += "\\\\";
+    } else if (ch < 32) {
+      result += "\\u" + ch.toString(16).padStart(4, "0");
+    } else {
+      result += s[i];
+    }
+  }
+  result += '"';
+  return result;
+}
+function serializeNumber(n) {
+  if (!Number.isFinite(n)) {
+    throw new AgentBnBError(
+      `Cannot canonicalize non-finite number: ${String(n)}`,
+      "CANONICAL_JSON_ERROR"
+    );
+  }
+  if (Object.is(n, -0)) {
+    return "0";
+  }
+  return JSON.stringify(n);
+}
+function canonicalize(value) {
+  return serializeValue(value);
+}
+function serializeValue(value) {
+  if (value === null) {
+    return "null";
+  }
+  switch (typeof value) {
+    case "boolean":
+      return value ? "true" : "false";
+    case "number":
+      return serializeNumber(value);
+    case "string":
+      return escapeString(value);
+    case "bigint":
+      throw new AgentBnBError(
+        "Cannot canonicalize BigInt values",
+        "CANONICAL_JSON_ERROR"
+      );
+    case "symbol":
+      throw new AgentBnBError(
+        "Cannot canonicalize Symbol values",
+        "CANONICAL_JSON_ERROR"
+      );
+    case "function":
+      throw new AgentBnBError(
+        "Cannot canonicalize function values",
+        "CANONICAL_JSON_ERROR"
+      );
+    case "undefined":
+      throw new AgentBnBError(
+        "Cannot canonicalize undefined at top level",
+        "CANONICAL_JSON_ERROR"
+      );
+    case "object": {
+      if (Array.isArray(value)) {
+        return serializeArray(value);
+      }
+      return serializeObject(value);
+    }
+    default:
+      throw new AgentBnBError(
+        `Cannot canonicalize unknown type: ${typeof value}`,
+        "CANONICAL_JSON_ERROR"
+      );
+  }
+}
+function serializeArray(arr) {
+  const elements = arr.map((item) => serializeValue(item));
+  return "[" + elements.join(",") + "]";
+}
+function serializeObject(obj) {
+  const keys = Object.keys(obj).sort();
+  const entries = [];
+  for (const key of keys) {
+    const val = obj[key];
+    if (val === void 0) {
+      continue;
+    }
+    entries.push(escapeString(key) + ":" + serializeValue(val));
+  }
+  return "{" + entries.join(",") + "}";
+}
+// src/auth/ucan.ts
+var UCAN_HEADER = {
+  alg: "EdDSA",
+  typ: "JWT",
+  ucv: "0.10.0"
+};
+function toBase64Url(data) {
+  const buf = typeof data === "string" ? Buffer.from(data, "utf-8") : data;
+  return buf.toString("base64url");
+}
+function fromBase64Url(encoded) {
+  return Buffer.from(encoded, "base64url").toString("utf-8");
+}
+function createUCAN(opts) {
+  const payload = {
+    iss: opts.issuerDid,
+    aud: opts.audienceDid,
+    exp: opts.expiresAt,
+    nnc: randomUUID(),
+    att: opts.attenuations,
+    prf: opts.proofs ?? []
+  };
+  if (opts.notBefore !== void 0) {
+    payload.nbf = opts.notBefore;
+  }
+  if (opts.facts !== void 0) {
+    payload.fct = opts.facts;
+  }
+  const headerEncoded = toBase64Url(canonicalize(UCAN_HEADER));
+  const payloadEncoded = toBase64Url(canonicalize(payload));
+  const signingInput = `${headerEncoded}.${payloadEncoded}`;
+  const keyObject = createPrivateKey({ key: opts.signerKey, format: "der", type: "pkcs8" });
+  const sig = sign(null, Buffer.from(signingInput, "utf-8"), keyObject);
+  const signatureEncoded = sig.toString("base64url");
+  return `${signingInput}.${signatureEncoded}`;
+}
+function verifyUCAN(token, issuerPublicKey) {
+  try {
+    const parts = token.split(".");
+    if (parts.length !== 3) {
+      return { valid: false, reason: "Invalid token format: expected 3 parts" };
+    }
+    const signingInput = `${parts[0]}.${parts[1]}`;
+    const signatureBuffer = Buffer.from(parts[2], "base64url");
+    const keyObject = createPublicKey({ key: issuerPublicKey, format: "der", type: "spki" });
+    const isValid = verify(null, Buffer.from(signingInput, "utf-8"), keyObject, signatureBuffer);
+    if (!isValid) {
+      return { valid: false, reason: "Signature verification failed" };
+    }
+    return { valid: true };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return { valid: false, reason: `Verification error: ${message}` };
+  }
+}
+function decodeUCAN(token) {
+  const parts = token.split(".");
+  if (parts.length !== 3) {
+    throw new AgentBnBError(
+      `Invalid UCAN token format: expected 3 dot-separated parts, got ${parts.length}`,
+      "UCAN_INVALID"
+    );
+  }
+  let header;
+  let payload;
+  try {
+    header = JSON.parse(fromBase64Url(parts[0]));
+  } catch {
+    throw new AgentBnBError("Invalid UCAN token: failed to decode header", "UCAN_INVALID");
+  }
+  try {
+    payload = JSON.parse(fromBase64Url(parts[1]));
+  } catch {
+    throw new AgentBnBError("Invalid UCAN token: failed to decode payload", "UCAN_INVALID");
+  }
+  return {
+    header,
+    payload,
+    signature: parts[2]
+  };
+}
+export {
+  createUCAN,
+  verifyUCAN,
+  decodeUCAN
+};