githolon 0.34.1 → 0.36.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.mjs +48 -2
- package/package.json +3 -3
package/dist/cli.mjs
CHANGED
|
@@ -1540,11 +1540,38 @@ function author(eng, ws, domain, directiveId, payload, controllerHash, opts = {}
|
|
|
1540
1540
|
capPorts.principal_verified = !!opts.principalVerified;
|
|
1541
1541
|
}
|
|
1542
1542
|
const envelope = { payload: { domain, directiveId, payload }, captured_ports: capPorts, policy_version: 1, policy_domain: "Nomos", policy_gas: 0, policy_memory: 0 };
|
|
1543
|
+
if (opts.attestations !== void 0) envelope.attestations = opts.attestations;
|
|
1543
1544
|
writeWork(eng, `payload-${seq}.json`, enc3.encode(JSON.stringify(payload)));
|
|
1544
1545
|
writeWork(eng, `envelope-${seq}.json`, enc3.encode(stringifyBig(envelope)));
|
|
1545
1546
|
const genesis = !controllerHash;
|
|
1547
|
+
const attestorSecretFor = (from) => {
|
|
1548
|
+
const s = opts.attestorSecrets;
|
|
1549
|
+
if (!s) return null;
|
|
1550
|
+
if (typeof s === "string") return s;
|
|
1551
|
+
return typeof s[from] === "string" ? s[from] : null;
|
|
1552
|
+
};
|
|
1546
1553
|
const defer = opts.deferProjection !== false;
|
|
1547
|
-
const
|
|
1554
|
+
const offerOnce = () => JSON.parse(call(eng.ex, "offer", { repoArg: repoArgOf(ws), workspace: ws, domain, directiveId, payloadFile: `/work/payload-${seq}.json`, envelopeFile: `/work/envelope-${seq}.json`, seq, actor: opts.actor ?? "", ...opts.authToken ? { authToken: opts.authToken } : {}, domainFile: genesis ? "/work/domain.package.usda" : "", domainHash: genesis ? "" : controllerHash, branch: BRANCH, ...opts.authorSecret ? { authorSecret: opts.authorSecret } : {}, ...opts.dryRun ? { dryRun: true } : defer ? { deferProjection: true } : {} }, eng.STDERR));
|
|
1555
|
+
let v = offerOnce();
|
|
1556
|
+
for (let pass = 0; pass < 8 && v.outcome === "refused"; pass++) {
|
|
1557
|
+
const need = parseAttestedReadNeed(v.verdict?.reason ?? v.error);
|
|
1558
|
+
if (!need || !eng.mounted.has(need.from)) break;
|
|
1559
|
+
const secret = attestorSecretFor(need.from);
|
|
1560
|
+
if (!secret) break;
|
|
1561
|
+
const served = attestedRead(eng, need.from, {
|
|
1562
|
+
queryId: need.queryId,
|
|
1563
|
+
paramsJson: JSON.stringify(need.args),
|
|
1564
|
+
attestorSecret: secret,
|
|
1565
|
+
nowMs: opts.attestNowMs ?? Date.now(),
|
|
1566
|
+
// K3 (§1.5.3): colocated custody is in-memory — always ask for the carried enrollment
|
|
1567
|
+
// proof; the kernel produces-or-omits under its own bounds (the adapter decides nothing).
|
|
1568
|
+
includeRosterProof: true
|
|
1569
|
+
});
|
|
1570
|
+
if (!served || served.ok !== true) break;
|
|
1571
|
+
envelope.attestations = [...envelope.attestations ?? [], { queryId: need.queryId, result: served.rows, attestation: served.attestation }];
|
|
1572
|
+
writeWork(eng, `envelope-${seq}.json`, enc3.encode(stringifyBig(envelope)));
|
|
1573
|
+
v = offerOnce();
|
|
1574
|
+
}
|
|
1548
1575
|
const res = v.outcome === "admitted" ? { ok: true, head: v.head, intentOut: v.intentOut, ...v.born ? { born: v.born } : {} } : v.outcome === "refused" ? { ok: false, error: v.verdict?.reason ?? v.error } : v;
|
|
1549
1576
|
if (defer && res.ok) (eng.pendingProjection ??= /* @__PURE__ */ new Set()).add(ws);
|
|
1550
1577
|
return res;
|
|
@@ -1577,6 +1604,19 @@ async function custodyFetch(eng, ws, ledger, { remoteRef = "refs/heads/main", lo
|
|
|
1577
1604
|
kgit.writeRef(eng, gitdirOf(ws), fullRef(localRef || remoteRef), tip);
|
|
1578
1605
|
return tip;
|
|
1579
1606
|
}
|
|
1607
|
+
function parseAttestedReadNeed(error) {
|
|
1608
|
+
const m = /attested-read-unreachable: read\('([^']+)', \{from: '([^']+)'\}\) args=(.*?) has no injected attestation/.exec(String(error || ""));
|
|
1609
|
+
if (!m) return null;
|
|
1610
|
+
let blob = m[3];
|
|
1611
|
+
for (let i = 0; i < 4; i++) {
|
|
1612
|
+
try {
|
|
1613
|
+
return { queryId: m[1], from: m[2], args: JSON.parse(blob) };
|
|
1614
|
+
} catch {
|
|
1615
|
+
blob = blob.replace(/\\(["\\])/g, "$1");
|
|
1616
|
+
}
|
|
1617
|
+
}
|
|
1618
|
+
return null;
|
|
1619
|
+
}
|
|
1580
1620
|
function offerIntent(eng, ws, bytes, opts) {
|
|
1581
1621
|
const name = `offer-in-${eng.seq++}.json`;
|
|
1582
1622
|
writeWork(eng, name, bytes);
|
|
@@ -1594,7 +1634,7 @@ function applyIntentBytes(eng, ws, bytes, opts) {
|
|
|
1594
1634
|
function verifyChainLocal(eng, ws) {
|
|
1595
1635
|
return JSON.parse(call(eng.ex, "query", { repoArg: repoArgOf(ws), workspace: ws, queryBytes: b64Json({ op: "verifyChain" }), branch: BRANCH }, eng.STDERR));
|
|
1596
1636
|
}
|
|
1597
|
-
var enc3, dec3, BRANCH, RESULT_PACK_INLINE_MAX, repoArgOf, gitdirOf, unpack, repoArgOfGitdir, bytesFromB64, kgit, installPayload, fullRef, applyPackInto, custodyLsRefs, qById, query, cryptoUnwrapKey, count, sum;
|
|
1637
|
+
var enc3, dec3, BRANCH, RESULT_PACK_INLINE_MAX, repoArgOf, gitdirOf, unpack, repoArgOfGitdir, bytesFromB64, kgit, installPayload, fullRef, applyPackInto, custodyLsRefs, qById, query, attestedRead, cryptoUnwrapKey, count, sum;
|
|
1598
1638
|
var init_engine = __esm({
|
|
1599
1639
|
"vendor/engine/engine.mjs"() {
|
|
1600
1640
|
"use strict";
|
|
@@ -1651,6 +1691,12 @@ var init_engine = __esm({
|
|
|
1651
1691
|
custodyLsRefs = (ledger, prefix = null) => lsRefs(ledger.remote, ledger.headers || {}, { service: "git-upload-pack", prefix });
|
|
1652
1692
|
qById = (eng, ws, id, principal = "", keys = []) => JSON.parse(call(eng.ex, "query", { repoArg: repoArgOf(ws), workspace: ws, queryBytes: b64Json({ op: "byId", aggregateId: id }), principal, keys, branch: BRANCH }, eng.STDERR));
|
|
1653
1693
|
query = (eng, ws, queryId, paramsJson, principal = "", keys = []) => JSON.parse(call(eng.ex, "query", { repoArg: repoArgOf(ws), workspace: ws, queryBytes: b64Json({ kind: "query", queryId, paramsJson }), principal, keys, branch: BRANCH }, eng.STDERR));
|
|
1694
|
+
attestedRead = (eng, ws, { queryId, paramsJson, attestorSecret, nowMs, includeRosterProof }) => JSON.parse(call(eng.ex, "query", {
|
|
1695
|
+
repoArg: repoArgOf(ws),
|
|
1696
|
+
workspace: ws,
|
|
1697
|
+
branch: BRANCH,
|
|
1698
|
+
queryBytes: b64Json({ op: "attestedRead", queryId, paramsJson: paramsJson || "{}", attestorSecret, nowMs: nowMs ?? Date.now(), sourceWorkspace: ws, ...includeRosterProof ? { includeRosterProof: true } : {} })
|
|
1699
|
+
}, eng.STDERR));
|
|
1654
1700
|
cryptoUnwrapKey = (eng, { secret, hpkeEpk, ct }) => JSON.parse(call(eng.ex, "query", { queryBytes: b64Json({ op: "cryptoUnwrapKey", secret, hpkeEpk, ct }) }, eng.STDERR)).scopeKey;
|
|
1655
1701
|
count = (eng, ws, countId, groupKey, principal = "") => JSON.parse(call(eng.ex, "query", { repoArg: repoArgOf(ws), workspace: ws, queryBytes: b64Json({ op: "count", countId, groupKey }), principal, branch: BRANCH }, eng.STDERR));
|
|
1656
1702
|
sum = (eng, ws, sumId, groupKey, principal = "") => JSON.parse(call(eng.ex, "query", { repoArg: repoArgOf(ws), workspace: ws, queryBytes: b64Json({ op: "sum", sumId, groupKey }), principal, branch: BRANCH }, eng.STDERR));
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "githolon",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.36.0",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "githolon — the Nomos developer CLI: Rails-style generators for @githolon/dsl domains + the package compiler. Kernel-independent.",
|
|
6
6
|
"license": "SEE LICENSE IN LICENSE.md",
|
|
@@ -29,8 +29,8 @@
|
|
|
29
29
|
},
|
|
30
30
|
"dependencies": {
|
|
31
31
|
"@bjorn3/browser_wasi_shim": "0.4.2",
|
|
32
|
-
"@githolon/client": "^0.
|
|
33
|
-
"@githolon/dsl": "^0.
|
|
32
|
+
"@githolon/client": "^0.36.0",
|
|
33
|
+
"@githolon/dsl": "^0.36.0",
|
|
34
34
|
"isomorphic-git": "^1.38.4"
|
|
35
35
|
},
|
|
36
36
|
"devDependencies": {
|