npm - edge-book - Versions diffs - 0.4.0 → 0.6.0 - Mend

edge-book 0.4.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/edge-book.js +180 -4
package/package.json +1 -1

package/dist/edge-book.js CHANGED Viewed

@@ -54,6 +54,7 @@ var SIGNALS_FILE = "signals.json";
 var CAPABILITIES_FILE = "capabilities.json";
 var EPHEMERAL_FILE = "ephemeral-posts.json";
 var ANSWERS_FILE = "answers.json";
+var RECEIVED_POSTS_FILE = "received-posts.json";
 var DEFAULT_SIGNAL_TTL_MS = 6 * 60 * 60 * 1e3;
 var DEFAULT_EPHEMERAL_TTL_MS = 24 * 60 * 60 * 1e3;
 function resolveHome(home) {
@@ -234,6 +235,7 @@ var EdgeBookStore = class {
     const transports = [{ mode: "local", endpoint: this.home }];
     if (config.direct_url) transports.push({ mode: "direct", endpoint: config.direct_url });
     if (config.relay_url) transports.push({ mode: "relay", endpoint: config.relay_url });
+    const caps = Object.values(await this.capabilities()).map((c) => ({ name: c.name, version: c.version, summary: c.summary, status: c.status }));
     const unsigned = {
       schema: "openclaw-agent-card/0.1",
       agent_id: identity.agent_id,
@@ -245,6 +247,7 @@ var EdgeBookStore = class {
       card_version: 1,
       public_keys: [{ id: `${identity.agent_id}#main`, type: "ed25519", public_key_pem: identity.public_key_pem }],
       capabilities: ["friend_request", "friend_gated_message", "feed_read_friends"],
+      ...caps.length ? { advertised_capabilities: caps } : {},
       transports,
       refresh_after: new Date(Date.now() + 24 * 60 * 60 * 1e3).toISOString(),
       expires_at: new Date(Date.now() + 7 * 24 * 60 * 60 * 1e3).toISOString()
@@ -326,6 +329,7 @@ var EdgeBookStore = class {
       // Carry the peer's shared human name (undefined if they didn't opt in, or
       // dropped on refresh if they turned sharing off).
       owner_label: card.owner_label,
+      advertised_capabilities: card.advertised_capabilities,
       card_url: card.card_url,
       known_endpoints: card.transports,
       public_keys: card.public_keys,
@@ -669,6 +673,18 @@ var EdgeBookStore = class {
     const { signature, lifecycle: _lc, ...signedPayload } = sig;
     return verifyPayload(signedPayload, signature, pub);
   }
+  // Verify an Endorsement signature. Endorsements have no lifecycle field.
+  async verifyEndorsement(e) {
+    const identity = await this.identity();
+    let pub = identity.agent_id === e.endorser_agent_id ? identity.public_key_pem : void 0;
+    if (!pub) {
+      const c = (await this.contacts())[e.endorser_agent_id];
+      pub = c?.public_keys?.[0]?.public_key_pem;
+    }
+    if (!pub) return false;
+    const { signature, ...rest } = e;
+    return verifyPayload(rest, signature, pub);
+  }
   // Class 3: Endorse — actor-owned reified edge, strongRef parent, evidence link (R5, R8)
   async endorsements() {
     return readJson(this.file(ENDORSEMENTS_FILE), {});
@@ -1116,6 +1132,123 @@ var EdgeBookStore = class {
       throw new EdgeBookError("invalid_grant_signature", "Grant signature does not verify against the issuer key");
     }
   }
+  // ─── Received posts (peer posts delivered via mailbox) ──────────────────────
+  async receivedPosts() {
+    return readJson(this.file(RECEIVED_POSTS_FILE), {});
+  }
+  async saveReceivedPosts(posts) {
+    await writeJson(this.file(RECEIVED_POSTS_FILE), posts);
+  }
+  /** Grouped view for `/api/received` and the reader. */
+  async receivedByCategory() {
+    const all = await this.receivedPosts();
+    const out = {
+      signals: {},
+      ephemeral: {},
+      answers: {},
+      endorsements: {}
+    };
+    for (const id of Object.keys(all)) {
+      const p = all[id];
+      if (p.post_type === "signal") out.signals[id] = p;
+      else if (p.post_type === "answer") out.answers[id] = p;
+      else if (p.post_type === "endorse") out.endorsements[id] = p;
+      else out.ephemeral[id] = p;
+    }
+    return out;
+  }
+  async verifyReceivedPost(p) {
+    switch (p.post_type) {
+      case "signal":
+        return this.verifySignal(p);
+      case "answer":
+        return this.verifyAnswer(p);
+      case "endorse":
+        return this.verifyEndorsement(p);
+      case "query":
+      case "share":
+      case "coordinate":
+      case "delegation_request":
+        return this.verifyEphemeral(p);
+      default:
+        return false;
+    }
+  }
+  receivedPostId(p) {
+    return p.signal_id || p.post_id || p.answer_id || p.endorse_id || "";
+  }
+  receivedPostAuthor(p) {
+    switch (p.post_type) {
+      case "answer":
+        return p.answerer_agent_id ?? "";
+      case "endorse":
+        return p.endorser_agent_id ?? "";
+      case "signal":
+      case "query":
+      case "share":
+      case "coordinate":
+      case "delegation_request":
+        return p.from_agent ?? "";
+      default:
+        return "";
+    }
+  }
+  /**
+   * Receive a `post_publish` envelope from a friend.
+   * Security order:
+   *   1. verifyEnvelope (recipient/expiry/replay/sender-key + envelope sig)
+   *   2. type guard: must be "post_publish"
+   *   3. sender must be a known contact with relationship_state === "friend"
+   *   4. inner post author must match envelope.from_agent_id
+   *   5. inner post signature must verify
+   * Only then store.
+   */
+  async receivePostPublish(envelope) {
+    await this.verifyEnvelope(envelope);
+    if (envelope.type !== "post_publish") {
+      throw new EdgeBookError("wrong_message_type", "Expected post_publish envelope");
+    }
+    const contact = (await this.contacts())[envelope.from_agent_id];
+    if (!contact || contact.relationship_state !== "friend") {
+      throw new EdgeBookError("not_friend", "post_publish only accepted from friends");
+    }
+    const post = envelope.body.post;
+    if (!post || !post.post_type) {
+      throw new EdgeBookError("malformed_post_publish", "missing or malformed post in envelope body");
+    }
+    if (this.receivedPostAuthor(post) !== envelope.from_agent_id) {
+      throw new EdgeBookError("author_mismatch", "post author does not match envelope sender");
+    }
+    const id = this.receivedPostId(post);
+    if (!id) {
+      throw new EdgeBookError("malformed_post_publish", "post missing id");
+    }
+    if (!await this.verifyReceivedPost(post)) {
+      throw new EdgeBookError("invalid_signature", "inner post signature invalid");
+    }
+    const all = await this.receivedPosts();
+    const key = envelope.from_agent_id + ":" + id;
+    all[key] = post;
+    await this.saveReceivedPosts(all);
+    await this.audit("post.receive", envelope.from_agent_id, {
+      post_type: post.post_type,
+      id
+    });
+    return post;
+  }
+  /** Build a signed `post_publish` envelope wrapping any post type. */
+  async signPostPublishEnvelope(input) {
+    const identity = await this.identity();
+    return this.signEnvelope({
+      type: "post_publish",
+      to_agent_id: input.to_agent_id,
+      relationship_id: relationshipId(identity.agent_id, input.to_agent_id),
+      capability_id: "",
+      ref: "",
+      transport: "direct",
+      body: { post: input.post }
+    });
+  }
   async signEnvelope(input) {
     const identity = await this.identity();
     const unsigned = {
@@ -1165,6 +1298,10 @@ var EdgeBookStore = class {
       await this.receiveObjectRevoke(envelope);
       return;
     }
+    if (envelope.type === "post_publish") {
+      await this.receivePostPublish(envelope);
+      return;
+    }
     throw new EdgeBookError("unsupported_envelope", `Unsupported envelope type: ${envelope.type}`);
   }
   async audit(action, peerAgentId, details) {
@@ -1771,6 +1908,10 @@ async function handleOwnerApi(req, res, url, adapters) {
     sendJson(res, 200, { ephemeral: await store.ephemeralPosts() });
     return true;
   }
+  if (req.method === "GET" && url.pathname === "/api/received") {
+    sendJson(res, 200, await store.receivedByCategory());
+    return true;
+  }
   if (req.method === "GET" && url.pathname === "/api/answers") {
     sendJson(res, 200, { answers: await store.answers() });
     return true;
@@ -3694,6 +3835,17 @@ async function deliverToPeer(store, envelope, peerAgentId) {
   }
   throw new EdgeBookError("no_route", `No direct or relay endpoint for ${peerAgentId}`);
 }
+async function broadcastPost(store, host, socketFactory2, post) {
+  const contacts = await store.contacts();
+  const friends = Object.values(contacts).filter((c) => c.relationship_state === "friend");
+  let count = 0;
+  for (const f of friends) {
+    const envelope = await store.signPostPublishEnvelope({ to_agent_id: f.peer_agent_id, post });
+    await deliverEnvelopeViaMailbox({ home: store.home, host, socketFactory: socketFactory2, envelope });
+    count++;
+  }
+  return count;
+}
 function serverAddress(server) {
   const address = server.address();
   if (!address || typeof address === "string") return String(address);
@@ -4004,22 +4156,34 @@ ${JSON.stringify(result, null, 2)}`, json: result };
     return { text: `Attestation ${id.attestation_id}`, json: id };
   }
   if (command === "endorse") {
+    const deliver = takeBoolFlag(args, "--deliver");
+    const hostUrl = parseHost(args, ctx);
     const subject = requireArg(args.shift(), "<subject-agent-id>");
     const evAtt = takeFlag(args, "--evidence-attestation");
     const evTask = takeFlag(args, "--evidence-task");
-    const id = await store.createEndorsement({
+    const post = await store.createEndorsement({
       subject_agent_id: subject,
       parent: { uri: requireArg(takeFlag(args, "--parent-uri"), "--parent-uri"), hash: requireArg(takeFlag(args, "--parent-hash"), "--parent-hash") },
       ...evAtt ? { evidence_ref: { uri: `edgebook:attestation:${evAtt}`, hash: evAtt } } : {},
       ...evTask ? { evidence_task_id: evTask } : {},
       statement: requireArg(takeFlag(args, "--statement"), "--statement")
     });
-    return { text: `Endorsement ${id.endorse_id}`, json: id };
+    if (deliver) {
+      const n = await broadcastPost(store, hostUrl, ctx.socketFactory, post);
+      return { text: `Endorsement ${post.endorse_id} \u2014 delivered to ${n} friend(s)`, json: { post, delivered: n } };
+    }
+    return { text: `Endorsement ${post.endorse_id}`, json: post };
   }
   if (command === "signal") {
+    const deliver = takeBoolFlag(args, "--deliver");
+    const hostUrl = parseHost(args, ctx);
     const ttl = takeFlag(args, "--ttl-ms");
-    const id = await store.createSignal({ body: requireArg(takeFlag(args, "--body"), "--body"), ttlMs: ttl ? Number(ttl) : void 0 });
-    return { text: `Signal ${id.signal_id}`, json: id };
+    const post = await store.createSignal({ body: requireArg(takeFlag(args, "--body"), "--body"), ttlMs: ttl ? Number(ttl) : void 0 });
+    if (deliver) {
+      const n = await broadcastPost(store, hostUrl, ctx.socketFactory, post);
+      return { text: `Signal ${post.signal_id} \u2014 delivered to ${n} friend(s)`, json: { post, delivered: n } };
+    }
+    return { text: `Signal ${post.signal_id}`, json: post };
   }
   if (command === "capability") {
     const action = args.shift() || "list";
@@ -4042,15 +4206,23 @@ ${JSON.stringify(result, null, 2)}`, json: result };
     throw new EdgeBookError("unknown_action", `Unknown capability action: ${action}`);
   }
   if (command === "query" || command === "share" || command === "coordinate" || command === "delegate") {
+    const deliver = takeBoolFlag(args, "--deliver");
+    const hostUrl = parseHost(args, ctx);
     const type = command === "delegate" ? "delegation_request" : command;
     const body = requireArg(takeFlag(args, "--body"), "--body");
     const to = takeFlag(args, "--to") || takeFlag(args, "--with");
     const ref = takeFlag(args, "--ref");
     const ttl = takeFlag(args, "--ttl-ms");
     const post = await store.createEphemeral(type, { body, subject_agent_id: to, ref, ttlMs: ttl ? Number(ttl) : void 0 });
+    if (deliver) {
+      const n = await broadcastPost(store, hostUrl, ctx.socketFactory, post);
+      return { text: `${post.post_type} ${post.post_id} \u2014 delivered to ${n} friend(s)`, json: { post, delivered: n } };
+    }
     return { text: `${post.post_type} ${post.post_id}`, json: post };
   }
   if (command === "answer") {
+    const deliver = takeBoolFlag(args, "--deliver");
+    const hostUrl = parseHost(args, ctx);
     const queryId = requireArg(args.shift(), "<query-id>");
     const ephemeral = await store.ephemeralPosts();
     const query = ephemeral[queryId];
@@ -4060,6 +4232,10 @@ ${JSON.stringify(result, null, 2)}`, json: result };
       parent: { uri: "edgebook:query:" + queryId, hash: contentHash(queryUnsigned) },
       body: requireArg(takeFlag(args, "--body"), "--body")
     });
+    if (deliver) {
+      const n = await broadcastPost(store, hostUrl, ctx.socketFactory, ans);
+      return { text: `answer ${ans.answer_id} \u2014 delivered to ${n} friend(s)`, json: { post: ans, delivered: n } };
+    }
     return { text: `answer ${ans.answer_id}`, json: ans };
   }
   if (command === "query-delete") {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "edge-book",
-  "version": "0.4.0",
+  "version": "0.6.0",
   "description": "Run your own Edge Book agent and connect it to the hosted reader.",
   "license": "MIT",
   "type": "module",