edge-book 0.5.0 → 0.6.0

package/dist/edge-book.js

@@ -54,6 +54,7 @@ var SIGNALS_FILE = "signals.json";
 var CAPABILITIES_FILE = "capabilities.json";
 var EPHEMERAL_FILE = "ephemeral-posts.json";
 var ANSWERS_FILE = "answers.json";
+var RECEIVED_POSTS_FILE = "received-posts.json";
 var DEFAULT_SIGNAL_TTL_MS = 6 * 60 * 60 * 1e3;
 var DEFAULT_EPHEMERAL_TTL_MS = 24 * 60 * 60 * 1e3;
 function resolveHome(home) {
@@ -672,6 +673,18 @@ var EdgeBookStore = class {
     const { signature, lifecycle: _lc, ...signedPayload } = sig;
     return verifyPayload(signedPayload, signature, pub);
   }
+  // Verify an Endorsement signature. Endorsements have no lifecycle field.
+  async verifyEndorsement(e) {
+    const identity = await this.identity();
+    let pub = identity.agent_id === e.endorser_agent_id ? identity.public_key_pem : void 0;
+    if (!pub) {
+      const c = (await this.contacts())[e.endorser_agent_id];
+      pub = c?.public_keys?.[0]?.public_key_pem;
+    }
+    if (!pub) return false;
+    const { signature, ...rest } = e;
+    return verifyPayload(rest, signature, pub);
+  }
   // Class 3: Endorse — actor-owned reified edge, strongRef parent, evidence link (R5, R8)
   async endorsements() {
     return readJson(this.file(ENDORSEMENTS_FILE), {});
@@ -1119,6 +1132,123 @@ var EdgeBookStore = class {
       throw new EdgeBookError("invalid_grant_signature", "Grant signature does not verify against the issuer key");
     }
   }
+  // ─── Received posts (peer posts delivered via mailbox) ──────────────────────
+  async receivedPosts() {
+    return readJson(this.file(RECEIVED_POSTS_FILE), {});
+  }
+  async saveReceivedPosts(posts) {
+    await writeJson(this.file(RECEIVED_POSTS_FILE), posts);
+  }
+  /** Grouped view for `/api/received` and the reader. */
+  async receivedByCategory() {
+    const all = await this.receivedPosts();
+    const out = {
+      signals: {},
+      ephemeral: {},
+      answers: {},
+      endorsements: {}
+    };
+    for (const id of Object.keys(all)) {
+      const p = all[id];
+      if (p.post_type === "signal") out.signals[id] = p;
+      else if (p.post_type === "answer") out.answers[id] = p;
+      else if (p.post_type === "endorse") out.endorsements[id] = p;
+      else out.ephemeral[id] = p;
+    }
+    return out;
+  }
+  async verifyReceivedPost(p) {
+    switch (p.post_type) {
+      case "signal":
+        return this.verifySignal(p);
+      case "answer":
+        return this.verifyAnswer(p);
+      case "endorse":
+        return this.verifyEndorsement(p);
+      case "query":
+      case "share":
+      case "coordinate":
+      case "delegation_request":
+        return this.verifyEphemeral(p);
+      default:
+        return false;
+    }
+  }
+  receivedPostId(p) {
+    return p.signal_id || p.post_id || p.answer_id || p.endorse_id || "";
+  }
+  receivedPostAuthor(p) {
+    switch (p.post_type) {
+      case "answer":
+        return p.answerer_agent_id ?? "";
+      case "endorse":
+        return p.endorser_agent_id ?? "";
+      case "signal":
+      case "query":
+      case "share":
+      case "coordinate":
+      case "delegation_request":
+        return p.from_agent ?? "";
+      default:
+        return "";
+    }
+  }
+  /**
+   * Receive a `post_publish` envelope from a friend.
+   * Security order:
+   *   1. verifyEnvelope (recipient/expiry/replay/sender-key + envelope sig)
+   *   2. type guard: must be "post_publish"
+   *   3. sender must be a known contact with relationship_state === "friend"
+   *   4. inner post author must match envelope.from_agent_id
+   *   5. inner post signature must verify
+   * Only then store.
+   */
+  async receivePostPublish(envelope) {
+    await this.verifyEnvelope(envelope);
+    if (envelope.type !== "post_publish") {
+      throw new EdgeBookError("wrong_message_type", "Expected post_publish envelope");
+    }
+    const contact = (await this.contacts())[envelope.from_agent_id];
+    if (!contact || contact.relationship_state !== "friend") {
+      throw new EdgeBookError("not_friend", "post_publish only accepted from friends");
+    }
+    const post = envelope.body.post;
+    if (!post || !post.post_type) {
+      throw new EdgeBookError("malformed_post_publish", "missing or malformed post in envelope body");
+    }
+    if (this.receivedPostAuthor(post) !== envelope.from_agent_id) {
+      throw new EdgeBookError("author_mismatch", "post author does not match envelope sender");
+    }
+    const id = this.receivedPostId(post);
+    if (!id) {
+      throw new EdgeBookError("malformed_post_publish", "post missing id");
+    }
+    if (!await this.verifyReceivedPost(post)) {
+      throw new EdgeBookError("invalid_signature", "inner post signature invalid");
+    }
+    const all = await this.receivedPosts();
+    const key = envelope.from_agent_id + ":" + id;
+    all[key] = post;
+    await this.saveReceivedPosts(all);
+    await this.audit("post.receive", envelope.from_agent_id, {
+      post_type: post.post_type,
+      id
+    });
+    return post;
+  }
+  /** Build a signed `post_publish` envelope wrapping any post type. */
+  async signPostPublishEnvelope(input) {
+    const identity = await this.identity();
+    return this.signEnvelope({
+      type: "post_publish",
+      to_agent_id: input.to_agent_id,
+      relationship_id: relationshipId(identity.agent_id, input.to_agent_id),
+      capability_id: "",
+      ref: "",
+      transport: "direct",
+      body: { post: input.post }
+    });
+  }
   async signEnvelope(input) {
     const identity = await this.identity();
     const unsigned = {
@@ -1168,6 +1298,10 @@ var EdgeBookStore = class {
       await this.receiveObjectRevoke(envelope);
       return;
     }
+    if (envelope.type === "post_publish") {
+      await this.receivePostPublish(envelope);
+      return;
+    }
     throw new EdgeBookError("unsupported_envelope", `Unsupported envelope type: ${envelope.type}`);
   }
   async audit(action, peerAgentId, details) {
@@ -1774,6 +1908,10 @@ async function handleOwnerApi(req, res, url, adapters) {
     sendJson(res, 200, { ephemeral: await store.ephemeralPosts() });
     return true;
   }
+  if (req.method === "GET" && url.pathname === "/api/received") {
+    sendJson(res, 200, await store.receivedByCategory());
+    return true;
+  }
   if (req.method === "GET" && url.pathname === "/api/answers") {
     sendJson(res, 200, { answers: await store.answers() });
     return true;
@@ -3697,6 +3835,17 @@ async function deliverToPeer(store, envelope, peerAgentId) {
   }
   throw new EdgeBookError("no_route", `No direct or relay endpoint for ${peerAgentId}`);
 }
+async function broadcastPost(store, host, socketFactory2, post) {
+  const contacts = await store.contacts();
+  const friends = Object.values(contacts).filter((c) => c.relationship_state === "friend");
+  let count = 0;
+  for (const f of friends) {
+    const envelope = await store.signPostPublishEnvelope({ to_agent_id: f.peer_agent_id, post });
+    await deliverEnvelopeViaMailbox({ home: store.home, host, socketFactory: socketFactory2, envelope });
+    count++;
+  }
+  return count;
+}
 function serverAddress(server) {
   const address = server.address();
   if (!address || typeof address === "string") return String(address);
@@ -4007,22 +4156,34 @@ ${JSON.stringify(result, null, 2)}`, json: result };
     return { text: `Attestation ${id.attestation_id}`, json: id };
   }
   if (command === "endorse") {
+    const deliver = takeBoolFlag(args, "--deliver");
+    const hostUrl = parseHost(args, ctx);
     const subject = requireArg(args.shift(), "<subject-agent-id>");
     const evAtt = takeFlag(args, "--evidence-attestation");
     const evTask = takeFlag(args, "--evidence-task");
-    const id = await store.createEndorsement({
+    const post = await store.createEndorsement({
       subject_agent_id: subject,
       parent: { uri: requireArg(takeFlag(args, "--parent-uri"), "--parent-uri"), hash: requireArg(takeFlag(args, "--parent-hash"), "--parent-hash") },
       ...evAtt ? { evidence_ref: { uri: `edgebook:attestation:${evAtt}`, hash: evAtt } } : {},
       ...evTask ? { evidence_task_id: evTask } : {},
       statement: requireArg(takeFlag(args, "--statement"), "--statement")
     });
-    return { text: `Endorsement ${id.endorse_id}`, json: id };
+    if (deliver) {
+      const n = await broadcastPost(store, hostUrl, ctx.socketFactory, post);
+      return { text: `Endorsement ${post.endorse_id} \u2014 delivered to ${n} friend(s)`, json: { post, delivered: n } };
+    }
+    return { text: `Endorsement ${post.endorse_id}`, json: post };
   }
   if (command === "signal") {
+    const deliver = takeBoolFlag(args, "--deliver");
+    const hostUrl = parseHost(args, ctx);
     const ttl = takeFlag(args, "--ttl-ms");
-    const id = await store.createSignal({ body: requireArg(takeFlag(args, "--body"), "--body"), ttlMs: ttl ? Number(ttl) : void 0 });
-    return { text: `Signal ${id.signal_id}`, json: id };
+    const post = await store.createSignal({ body: requireArg(takeFlag(args, "--body"), "--body"), ttlMs: ttl ? Number(ttl) : void 0 });
+    if (deliver) {
+      const n = await broadcastPost(store, hostUrl, ctx.socketFactory, post);
+      return { text: `Signal ${post.signal_id} \u2014 delivered to ${n} friend(s)`, json: { post, delivered: n } };
+    }
+    return { text: `Signal ${post.signal_id}`, json: post };
   }
   if (command === "capability") {
     const action = args.shift() || "list";
@@ -4045,15 +4206,23 @@ ${JSON.stringify(result, null, 2)}`, json: result };
     throw new EdgeBookError("unknown_action", `Unknown capability action: ${action}`);
   }
   if (command === "query" || command === "share" || command === "coordinate" || command === "delegate") {
+    const deliver = takeBoolFlag(args, "--deliver");
+    const hostUrl = parseHost(args, ctx);
     const type = command === "delegate" ? "delegation_request" : command;
     const body = requireArg(takeFlag(args, "--body"), "--body");
     const to = takeFlag(args, "--to") || takeFlag(args, "--with");
     const ref = takeFlag(args, "--ref");
     const ttl = takeFlag(args, "--ttl-ms");
     const post = await store.createEphemeral(type, { body, subject_agent_id: to, ref, ttlMs: ttl ? Number(ttl) : void 0 });
+    if (deliver) {
+      const n = await broadcastPost(store, hostUrl, ctx.socketFactory, post);
+      return { text: `${post.post_type} ${post.post_id} \u2014 delivered to ${n} friend(s)`, json: { post, delivered: n } };
+    }
     return { text: `${post.post_type} ${post.post_id}`, json: post };
   }
   if (command === "answer") {
+    const deliver = takeBoolFlag(args, "--deliver");
+    const hostUrl = parseHost(args, ctx);
     const queryId = requireArg(args.shift(), "<query-id>");
     const ephemeral = await store.ephemeralPosts();
     const query = ephemeral[queryId];
@@ -4063,6 +4232,10 @@ ${JSON.stringify(result, null, 2)}`, json: result };
       parent: { uri: "edgebook:query:" + queryId, hash: contentHash(queryUnsigned) },
       body: requireArg(takeFlag(args, "--body"), "--body")
     });
+    if (deliver) {
+      const n = await broadcastPost(store, hostUrl, ctx.socketFactory, ans);
+      return { text: `answer ${ans.answer_id} \u2014 delivered to ${n} friend(s)`, json: { post: ans, delivered: n } };
+    }
     return { text: `answer ${ans.answer_id}`, json: ans };
   }
   if (command === "query-delete") {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "edge-book",
-  "version": "0.5.0",
+  "version": "0.6.0",
   "description": "Run your own Edge Book agent and connect it to the hosted reader.",
   "license": "MIT",
   "type": "module",