hackmyagent 0.16.5 → 0.17.0

package/dist/arp/crypto/hybrid-signing.js

@@ -0,0 +1,321 @@
+"use strict";
+/**
+ * Hybrid Ed25519 + ML-DSA signing for ARP (AIComply P1).
+ *
+ * Defense-in-depth signing: every payload is co-signed by a classical curve
+ * (Ed25519, FIPS 186-5) and a post-quantum lattice scheme (ML-DSA, FIPS 204).
+ * Verification requires BOTH halves to validate. This matches the wire format
+ * used by the AIM SDK (`agent-identity-management/sdk/typescript/src/crypto/pqc.ts`)
+ * and the Go backend so hybrid signatures can round trip between the two.
+ *
+ * Design notes:
+ * - Deps are imported statically at module top. Previous scaffolding already
+ *   proved the CJS resolution works against pinned `@noble/ed25519` v2 and
+ *   `@noble/post-quantum` v0.2. Lazy loading is not needed and would hide
+ *   install failures until first call.
+ * - `hybridVerify()` evaluates BOTH halves unconditionally. It does not
+ *   short-circuit on an ed25519 failure. This avoids a side-channel where an
+ *   attacker could probe which half of a signature is broken by timing the
+ *   verify call, and it matches the structured `HybridVerifyResult` contract.
+ * - Failures inside either half (thrown exceptions, wrong lengths) become a
+ *   `{valid: false}` result with a `reason`. The caller is expected to fail
+ *   closed (parse-to-deny) per CR-001.
+ * - `KEY_SIZES` is the FIPS 204 table and must match the AIM SDK and Go backend
+ *   byte for byte. Any size drift between the three is a bug somewhere.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HybridCryptoError = exports.KEY_SIZES = void 0;
+exports.hybridAlgorithmFor = hybridAlgorithmFor;
+exports.validateKeySize = validateKeySize;
+exports.generateHybridKeyPair = generateHybridKeyPair;
+exports.hybridSign = hybridSign;
+exports.hybridVerify = hybridVerify;
+exports.getHybridPublicKey = getHybridPublicKey;
+exports.encodeHybridSignature = encodeHybridSignature;
+exports.decodeHybridSignature = decodeHybridSignature;
+exports.encodeHybridPublicKey = encodeHybridPublicKey;
+exports.decodeHybridPublicKey = decodeHybridPublicKey;
+const crypto_1 = require("crypto");
+const ed25519 = __importStar(require("@noble/ed25519"));
+const ml_dsa_1 = require("@noble/post-quantum/ml-dsa");
+/**
+ * FIPS 204 key and signature sizes (in bytes). Used to validate key material
+ * and signatures before handing them to the underlying primitives.
+ *
+ * Source: NIST FIPS 204 (ML-DSA), Table 1. Verified against the current
+ * `@noble/post-quantum` v0.2 keygen output.
+ */
+exports.KEY_SIZES = {
+    Ed25519: { publicKey: 32, privateKey: 32, signature: 64 },
+    'ML-DSA-44': { publicKey: 1312, privateKey: 2560, signature: 2420 },
+    'ML-DSA-65': { publicKey: 1952, privateKey: 4032, signature: 3309 },
+    'ML-DSA-87': { publicKey: 2592, privateKey: 4896, signature: 4627 },
+};
+/**
+ * Error raised when a hybrid primitive rejects its input before any crypto
+ * runs. Catching code should fail closed (parse-to-deny) per CR-001.
+ */
+class HybridCryptoError extends Error {
+    constructor(message) {
+        super(`[arp/crypto] ${message}`);
+        this.name = 'HybridCryptoError';
+    }
+}
+exports.HybridCryptoError = HybridCryptoError;
+/**
+ * Return the canonical hybrid algorithm identifier for a given ML-DSA variant.
+ * Stable helper, safe to use from any layer.
+ */
+function hybridAlgorithmFor(variant) {
+    switch (variant) {
+        case 'ML-DSA-44':
+            return 'Ed25519+ML-DSA-44';
+        case 'ML-DSA-65':
+            return 'Ed25519+ML-DSA-65';
+        case 'ML-DSA-87':
+            return 'Ed25519+ML-DSA-87';
+    }
+}
+/**
+ * Resolve an ML-DSA variant string to the `@noble/post-quantum` handle.
+ */
+function mldsaFor(variant) {
+    switch (variant) {
+        case 'ML-DSA-44':
+            return ml_dsa_1.ml_dsa44;
+        case 'ML-DSA-65':
+            return ml_dsa_1.ml_dsa65;
+        case 'ML-DSA-87':
+            return ml_dsa_1.ml_dsa87;
+    }
+}
+/**
+ * Validate a byte array against the expected FIPS 204 / Ed25519 size.
+ * Returns true if the size matches, false otherwise.
+ */
+function validateKeySize(variantOrAlg, kind, data) {
+    const variant = variantOrAlg === 'Ed25519'
+        ? 'Ed25519'
+        : variantOrAlg === 'Ed25519+ML-DSA-44'
+            ? 'ML-DSA-44'
+            : variantOrAlg === 'Ed25519+ML-DSA-65'
+                ? 'ML-DSA-65'
+                : variantOrAlg === 'Ed25519+ML-DSA-87'
+                    ? 'ML-DSA-87'
+                    : variantOrAlg;
+    const sizes = exports.KEY_SIZES[variant];
+    if (!sizes)
+        return false;
+    return data.length === sizes[kind];
+}
+/**
+ * Generate a hybrid Ed25519 + ML-DSA key pair. Both halves sign the same
+ * payloads; the returned pair carries enough material to produce and verify
+ * hybrid signatures.
+ *
+ * @param variant ML-DSA parameter set. 44 for high-throughput identity signals,
+ *                65 for manifests (recommended default), 87 for root keys.
+ */
+async function generateHybridKeyPair(variant) {
+    const ed25519PrivateKey = ed25519.utils.randomPrivateKey();
+    const ed25519PublicKey = await ed25519.getPublicKeyAsync(ed25519PrivateKey);
+    // ML-DSA keygen takes a 32-byte seed. Source entropy from Node's
+    // `crypto.randomBytes` so the seed is unique per call and does not reuse
+    // any secret material from the Ed25519 private key.
+    const mldsaSeed = new Uint8Array((0, crypto_1.randomBytes)(32));
+    const mldsa = mldsaFor(variant);
+    const mldsaKeys = mldsa.keygen(mldsaSeed);
+    // Defense in depth: make sure noble handed us the FIPS 204 sizes we expect
+    // before anyone can sign with these keys. A size mismatch here means the
+    // dep drifted and every downstream assumption is suspect.
+    if (!validateKeySize('Ed25519', 'publicKey', ed25519PublicKey)) {
+        throw new HybridCryptoError(`Ed25519 public key size mismatch: got ${ed25519PublicKey.length}, expected ${exports.KEY_SIZES.Ed25519.publicKey}`);
+    }
+    if (!validateKeySize(variant, 'publicKey', mldsaKeys.publicKey)) {
+        throw new HybridCryptoError(`${variant} public key size mismatch: got ${mldsaKeys.publicKey.length}, expected ${exports.KEY_SIZES[variant].publicKey}`);
+    }
+    if (!validateKeySize(variant, 'privateKey', mldsaKeys.secretKey)) {
+        throw new HybridCryptoError(`${variant} private key size mismatch: got ${mldsaKeys.secretKey.length}, expected ${exports.KEY_SIZES[variant].privateKey}`);
+    }
+    return {
+        algorithm: hybridAlgorithmFor(variant),
+        ed25519: {
+            publicKey: ed25519PublicKey,
+            privateKey: ed25519PrivateKey,
+        },
+        mldsa: {
+            variant,
+            publicKey: mldsaKeys.publicKey,
+            privateKey: mldsaKeys.secretKey,
+        },
+        createdAt: new Date(),
+    };
+}
+/**
+ * Sign a payload with a hybrid key pair. Both halves (Ed25519 and ML-DSA)
+ * sign the SAME payload bytes; the returned signature carries both.
+ */
+async function hybridSign(payload, keyPair) {
+    if (!(payload instanceof Uint8Array)) {
+        throw new HybridCryptoError('hybridSign: payload must be Uint8Array');
+    }
+    const ed25519Sig = await ed25519.signAsync(payload, keyPair.ed25519.privateKey);
+    const mldsa = mldsaFor(keyPair.mldsa.variant);
+    const mldsaSig = mldsa.sign(keyPair.mldsa.privateKey, payload);
+    return {
+        algorithm: keyPair.algorithm,
+        ed25519Sig,
+        mldsaSig,
+        timestamp: Date.now(),
+    };
+}
+/**
+ * Verify a hybrid signature. BOTH halves must validate for the overall result
+ * to be valid. The function intentionally evaluates both halves on every call,
+ * even when the first half fails, so that timing cannot reveal which half of
+ * a signature is broken. All thrown errors from the underlying primitives are
+ * trapped and reported as a structured failure (`valid: false`).
+ */
+async function hybridVerify(payload, signature, publicKey) {
+    const reasons = [];
+    // Structural checks first. These do not leak side-channel information because
+    // they do not depend on the signature bytes being compared against a secret.
+    if (signature.algorithm !== publicKey.algorithm) {
+        return {
+            valid: false,
+            ed25519Valid: false,
+            mldsaValid: false,
+            reason: `algorithm mismatch: signature=${signature.algorithm} publicKey=${publicKey.algorithm}`,
+        };
+    }
+    if (!validateKeySize('Ed25519', 'signature', signature.ed25519Sig)) {
+        reasons.push(`ed25519 signature size invalid: ${signature.ed25519Sig.length}`);
+    }
+    if (!validateKeySize(publicKey.mldsaVariant, 'signature', signature.mldsaSig)) {
+        reasons.push(`${publicKey.mldsaVariant} signature size invalid: ${signature.mldsaSig.length}`);
+    }
+    if (!validateKeySize('Ed25519', 'publicKey', publicKey.ed25519PublicKey)) {
+        reasons.push(`ed25519 public key size invalid: ${publicKey.ed25519PublicKey.length}`);
+    }
+    if (!validateKeySize(publicKey.mldsaVariant, 'publicKey', publicKey.mldsaPublicKey)) {
+        reasons.push(`${publicKey.mldsaVariant} public key size invalid: ${publicKey.mldsaPublicKey.length}`);
+    }
+    // Evaluate both halves unconditionally. The non-short-circuit property is a
+    // security requirement, not a convenience. Do not refactor this to bail
+    // early on ed25519 failure.
+    let ed25519Valid = false;
+    try {
+        ed25519Valid = await ed25519.verifyAsync(signature.ed25519Sig, payload, publicKey.ed25519PublicKey);
+    }
+    catch (err) {
+        reasons.push(`ed25519 verify threw: ${err.message}`);
+    }
+    let mldsaValid = false;
+    try {
+        const mldsa = mldsaFor(publicKey.mldsaVariant);
+        mldsaValid = mldsa.verify(publicKey.mldsaPublicKey, payload, signature.mldsaSig);
+    }
+    catch (err) {
+        reasons.push(`${publicKey.mldsaVariant} verify threw: ${err.message}`);
+    }
+    const valid = ed25519Valid && mldsaValid;
+    if (!valid && !ed25519Valid)
+        reasons.push('ed25519 half rejected');
+    if (!valid && !mldsaValid)
+        reasons.push(`${publicKey.mldsaVariant} half rejected`);
+    return {
+        valid,
+        ed25519Valid,
+        mldsaValid,
+        ...(valid ? {} : { reason: reasons.join('; ') }),
+    };
+}
+/**
+ * Project a `HybridKeyPair` to its `HybridPublicKey` shape, suitable for
+ * distributing to verifiers.
+ */
+function getHybridPublicKey(keyPair) {
+    return {
+        algorithm: keyPair.algorithm,
+        ed25519PublicKey: keyPair.ed25519.publicKey,
+        mldsaPublicKey: keyPair.mldsa.publicKey,
+        mldsaVariant: keyPair.mldsa.variant,
+    };
+}
+// --- Encoding helpers for YAML/JSON transport ------------------------------
+function toBase64(data) {
+    return Buffer.from(data).toString('base64');
+}
+function fromBase64(encoded) {
+    return new Uint8Array(Buffer.from(encoded, 'base64'));
+}
+/** Encode a hybrid signature for on-disk or on-wire transport. */
+function encodeHybridSignature(signature) {
+    return {
+        alg: signature.algorithm,
+        ed25519Sig: toBase64(signature.ed25519Sig),
+        mldsaSig: toBase64(signature.mldsaSig),
+        ts: signature.timestamp,
+    };
+}
+/** Decode a hybrid signature from its transport form. */
+function decodeHybridSignature(encoded) {
+    return {
+        algorithm: encoded.alg,
+        ed25519Sig: fromBase64(encoded.ed25519Sig),
+        mldsaSig: fromBase64(encoded.mldsaSig),
+        timestamp: encoded.ts,
+    };
+}
+/** Encode a hybrid public key for on-disk or on-wire transport. */
+function encodeHybridPublicKey(publicKey) {
+    return {
+        algorithm: publicKey.algorithm,
+        ed25519PublicKey: toBase64(publicKey.ed25519PublicKey),
+        mldsaPublicKey: toBase64(publicKey.mldsaPublicKey),
+        mldsaVariant: publicKey.mldsaVariant,
+    };
+}
+/** Decode a hybrid public key from its transport form. */
+function decodeHybridPublicKey(encoded) {
+    return {
+        algorithm: encoded.algorithm,
+        ed25519PublicKey: fromBase64(encoded.ed25519PublicKey),
+        mldsaPublicKey: fromBase64(encoded.mldsaPublicKey),
+        mldsaVariant: encoded.mldsaVariant,
+    };
+}
+//# sourceMappingURL=hybrid-signing.js.map

package/dist/arp/crypto/hybrid-signing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hybrid-signing.js","sourceRoot":"","sources":["../../../src/arp/crypto/hybrid-signing.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;GAuBG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+CH,gDASC;AAoBD,0CAkBC;AAUD,sDA6CC;AAMD,gCAkBC;AASD,oCA0EC;AAMD,gDAOC;AAaD,sDASC;AAGD,sDASC;AAGD,sDASC;AAGD,sDASC;AArUD,mCAAqC;AAErC,wDAA0C;AAC1C,uDAA0E;AAa1E;;;;;;GAMG;AACU,QAAA,SAAS,GAAG;IACvB,OAAO,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE;IACzD,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;IACnE,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;IACnE,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE;CAC3D,CAAC;AAEX;;;GAGG;AACH,MAAa,iBAAkB,SAAQ,KAAK;IAC1C,YAAY,OAAe;QACzB,KAAK,CAAC,gBAAgB,OAAO,EAAE,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,GAAG,mBAAmB,CAAC;IAClC,CAAC;CACF;AALD,8CAKC;AAED;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,OAAqB;IACtD,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,WAAW;YACd,OAAO,mBAAmB,CAAC;QAC7B,KAAK,WAAW;YACd,OAAO,mBAAmB,CAAC;QAC7B,KAAK,WAAW;YACd,OAAO,mBAAmB,CAAC;IAC/B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,OAAqB;IACrC,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,WAAW;YACd,OAAO,iBAAQ,CAAC;QAClB,KAAK,WAAW;YACd,OAAO,iBAAQ,CAAC;QAClB,KAAK,WAAW;YACd,OAAO,iBAAQ,CAAC;IACpB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAgB,eAAe,CAC7B,YAAwD,EACxD,IAA8C,EAC9C,IAAgB;IAEhB,MAAM,OAAO,GACX,YAAY,KAAK,SAAS;QACxB,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,YAAY,KAAK,mBAAmB;YACpC,CAAC,CAAC,WAAW;YACb,CAAC,CAAC,YAAY,KAAK,mBAAmB;gBACpC,CAAC,CAAC,WAAW;gBACb,CAAC,CAAC,YAAY,KAAK,mBAAmB;oBACpC,CAAC,CAAC,WAAW;oBACb,CAAC,CAAC,YAAY,CAAC;IACzB,MAAM,KAAK,GAAG,iBAAS,CAAC,OAAO,CAAC,CAAC;IACjC,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,OAAO,IAAI,CAAC,MAAM,KAAK,KAAK,CAAC,IAAI,CAAC,CAAC;AACrC,CAAC;AAED;;;;;;;GAOG;AACI,KAAK,UAAU,qBAAqB,CACzC,OAAqB;IAErB,MAAM,iBAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;IAC3D,MAAM,gBAAgB,GAAG,MAAM,OAAO,CAAC,iBAAiB,CAAC,iBAAiB,CAAC,CAAC;IAE5E,iEAAiE;IACjE,yEAAyE;IACzE,oDAAoD;IACpD,MAAM,SAAS,GAAG,IAAI,UAAU,CAAC,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,CAAC;IAClD,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;IAChC,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAE1C,2EAA2E;IAC3E,yEAAyE;IACzE,0DAA0D;IAC1D,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,WAAW,EAAE,gBAAgB,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,iBAAiB,CACzB,yCAAyC,gBAAgB,CAAC,MAAM,cAAc,iBAAS,CAAC,OAAO,CAAC,SAAS,EAAE,CAC5G,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,WAAW,EAAE,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,iBAAiB,CACzB,GAAG,OAAO,kCAAkC,SAAS,CAAC,SAAS,CAAC,MAAM,cAAc,iBAAS,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,CACnH,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,MAAM,IAAI,iBAAiB,CACzB,GAAG,OAAO,mCAAmC,SAAS,CAAC,SAAS,CAAC,MAAM,cAAc,iBAAS,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,CACrH,CAAC;IACJ,CAAC;IAED,OAAO;QACL,SAAS,EAAE,kBAAkB,CAAC,OAAO,CAAC;QACtC,OAAO,EAAE;YACP,SAAS,EAAE,gBAAgB;YAC3B,UAAU,EAAE,iBAAiB;SAC9B;QACD,KAAK,EAAE;YACL,OAAO;YACP,SAAS,EAAE,SAAS,CAAC,SAAS;YAC9B,UAAU,EAAE,SAAS,CAAC,SAAS;SAChC;QACD,SAAS,EAAE,IAAI,IAAI,EAAE;KACtB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,UAAU,CAC9B,OAAmB,EACnB,OAAsB;IAEtB,IAAI,CAAC,CAAC,OAAO,YAAY,UAAU,CAAC,EAAE,CAAC;QACrC,MAAM,IAAI,iBAAiB,CAAC,wCAAwC,CAAC,CAAC;IACxE,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;IAChF,MAAM,KAAK,GAAG,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC9C,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAE/D,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,UAAU;QACV,QAAQ;QACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACtB,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,YAAY,CAChC,OAAmB,EACnB,SAA0B,EAC1B,SAA0B;IAE1B,MAAM,OAAO,GAAa,EAAE,CAAC;IAE7B,8EAA8E;IAC9E,6EAA6E;IAC7E,IAAI,SAAS,CAAC,SAAS,KAAK,SAAS,CAAC,SAAS,EAAE,CAAC;QAChD,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,YAAY,EAAE,KAAK;YACnB,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,iCAAiC,SAAS,CAAC,SAAS,cAAc,SAAS,CAAC,SAAS,EAAE;SAChG,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,WAAW,EAAE,SAAS,CAAC,UAAU,CAAC,EAAE,CAAC;QACnE,OAAO,CAAC,IAAI,CACV,mCAAmC,SAAS,CAAC,UAAU,CAAC,MAAM,EAAE,CACjE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,YAAY,EAAE,WAAW,EAAE,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC9E,OAAO,CAAC,IAAI,CACV,GAAG,SAAS,CAAC,YAAY,4BAA4B,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,CACjF,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,WAAW,EAAE,SAAS,CAAC,gBAAgB,CAAC,EAAE,CAAC;QACzE,OAAO,CAAC,IAAI,CACV,oCAAoC,SAAS,CAAC,gBAAgB,CAAC,MAAM,EAAE,CACxE,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,eAAe,CAAC,SAAS,CAAC,YAAY,EAAE,WAAW,EAAE,SAAS,CAAC,cAAc,CAAC,EAAE,CAAC;QACpF,OAAO,CAAC,IAAI,CACV,GAAG,SAAS,CAAC,YAAY,6BAA6B,SAAS,CAAC,cAAc,CAAC,MAAM,EAAE,CACxF,CAAC;IACJ,CAAC;IAED,4EAA4E;IAC5E,wEAAwE;IACxE,4BAA4B;IAC5B,IAAI,YAAY,GAAG,KAAK,CAAC;IACzB,IAAI,CAAC;QACH,YAAY,GAAG,MAAM,OAAO,CAAC,WAAW,CACtC,SAAS,CAAC,UAAU,EACpB,OAAO,EACP,SAAS,CAAC,gBAAgB,CAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,yBAA0B,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,QAAQ,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAC/C,UAAU,GAAG,KAAK,CAAC,MAAM,CACvB,SAAS,CAAC,cAAc,EACxB,OAAO,EACP,SAAS,CAAC,QAAQ,CACnB,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,YAAY,kBAAmB,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,MAAM,KAAK,GAAG,YAAY,IAAI,UAAU,CAAC;IACzC,IAAI,CAAC,KAAK,IAAI,CAAC,YAAY;QAAE,OAAO,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IACnE,IAAI,CAAC,KAAK,IAAI,CAAC,UAAU;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,YAAY,gBAAgB,CAAC,CAAC;IAEnF,OAAO;QACL,KAAK;QACL,YAAY;QACZ,UAAU;QACV,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;KACjD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAgB,kBAAkB,CAAC,OAAsB;IACvD,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,gBAAgB,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS;QAC3C,cAAc,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS;QACvC,YAAY,EAAE,OAAO,CAAC,KAAK,CAAC,OAAO;KACpC,CAAC;AACJ,CAAC;AAED,8EAA8E;AAE9E,SAAS,QAAQ,CAAC,IAAgB;IAChC,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC9C,CAAC;AAED,SAAS,UAAU,CAAC,OAAe;IACjC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;AACxD,CAAC;AAED,kEAAkE;AAClE,SAAgB,qBAAqB,CACnC,SAA0B;IAE1B,OAAO;QACL,GAAG,EAAE,SAAS,CAAC,SAAS;QACxB,UAAU,EAAE,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC;QAC1C,QAAQ,EAAE,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC;QACtC,EAAE,EAAE,SAAS,CAAC,SAAS;KACxB,CAAC;AACJ,CAAC;AAED,yDAAyD;AACzD,SAAgB,qBAAqB,CACnC,OAA+B;IAE/B,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,GAAG;QACtB,UAAU,EAAE,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC;QAC1C,QAAQ,EAAE,UAAU,CAAC,OAAO,CAAC,QAAQ,CAAC;QACtC,SAAS,EAAE,OAAO,CAAC,EAAE;KACtB,CAAC;AACJ,CAAC;AAED,mEAAmE;AACnE,SAAgB,qBAAqB,CACnC,SAA0B;IAE1B,OAAO;QACL,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,gBAAgB,EAAE,QAAQ,CAAC,SAAS,CAAC,gBAAgB,CAAC;QACtD,cAAc,EAAE,QAAQ,CAAC,SAAS,CAAC,cAAc,CAAC;QAClD,YAAY,EAAE,SAAS,CAAC,YAAY;KACrC,CAAC;AACJ,CAAC;AAED,0DAA0D;AAC1D,SAAgB,qBAAqB,CACnC,OAA+B;IAE/B,OAAO;QACL,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,gBAAgB,EAAE,UAAU,CAAC,OAAO,CAAC,gBAAgB,CAAC;QACtD,cAAc,EAAE,UAAU,CAAC,OAAO,CAAC,cAAc,CAAC;QAClD,YAAY,EAAE,OAAO,CAAC,YAAY;KACnC,CAAC;AACJ,CAAC"}

package/dist/arp/crypto/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * ARP crypto module barrel.
+ *
+ * Public entry point for hybrid Ed25519 + ML-DSA signing primitives used by:
+ * - Capability manifest loader (verifies Ed25519+ML-DSA-65 signature before load)
+ * - `verifyClassification()` (verifies Ed25519+ML-DSA-44 on NanoMind-Guard output)
+ * - AIComply P1 integration (AC-001, AC-002, AC-010, AC-014, AC-015, AC-016)
+ */
+export type { EncodedHybridPublicKey, EncodedHybridSignature, HybridAlgorithm, HybridKeyPair, HybridPublicKey, HybridSignature, HybridVerifyResult, MLDsaVariant, } from './types';
+export { HybridCryptoError, KEY_SIZES, decodeHybridPublicKey, decodeHybridSignature, encodeHybridPublicKey, encodeHybridSignature, generateHybridKeyPair, getHybridPublicKey, hybridAlgorithmFor, hybridSign, hybridVerify, validateKeySize, } from './hybrid-signing';
+export { CapabilityManifestError, MANIFEST_SIGNATURE_ALGORITHM, MANIFEST_VERSION, MAX_MANIFEST_SIZE_BYTES, canonicalizeManifestPayload, loadCapabilityManifest, parseCapabilityManifest, } from './manifest-loader';
+export type { CapabilityManifestErrorCode } from './manifest-loader';
+//# sourceMappingURL=index.d.ts.map

package/dist/arp/crypto/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/arp/crypto/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,YAAY,EACV,sBAAsB,EACtB,sBAAsB,EACtB,eAAe,EACf,aAAa,EACb,eAAe,EACf,eAAe,EACf,kBAAkB,EAClB,YAAY,GACb,MAAM,SAAS,CAAC;AAEjB,OAAO,EACL,iBAAiB,EACjB,SAAS,EACT,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,EACrB,qBAAqB,EACrB,kBAAkB,EAClB,kBAAkB,EAClB,UAAU,EACV,YAAY,EACZ,eAAe,GAChB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,EACL,uBAAuB,EACvB,4BAA4B,EAC5B,gBAAgB,EAChB,uBAAuB,EACvB,2BAA2B,EAC3B,sBAAsB,EACtB,uBAAuB,GACxB,MAAM,mBAAmB,CAAC;AAE3B,YAAY,EAAE,2BAA2B,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/arp/crypto/index.js

@@ -0,0 +1,33 @@
+"use strict";
+/**
+ * ARP crypto module barrel.
+ *
+ * Public entry point for hybrid Ed25519 + ML-DSA signing primitives used by:
+ * - Capability manifest loader (verifies Ed25519+ML-DSA-65 signature before load)
+ * - `verifyClassification()` (verifies Ed25519+ML-DSA-44 on NanoMind-Guard output)
+ * - AIComply P1 integration (AC-001, AC-002, AC-010, AC-014, AC-015, AC-016)
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseCapabilityManifest = exports.loadCapabilityManifest = exports.canonicalizeManifestPayload = exports.MAX_MANIFEST_SIZE_BYTES = exports.MANIFEST_VERSION = exports.MANIFEST_SIGNATURE_ALGORITHM = exports.CapabilityManifestError = exports.validateKeySize = exports.hybridVerify = exports.hybridSign = exports.hybridAlgorithmFor = exports.getHybridPublicKey = exports.generateHybridKeyPair = exports.encodeHybridSignature = exports.encodeHybridPublicKey = exports.decodeHybridSignature = exports.decodeHybridPublicKey = exports.KEY_SIZES = exports.HybridCryptoError = void 0;
+var hybrid_signing_1 = require("./hybrid-signing");
+Object.defineProperty(exports, "HybridCryptoError", { enumerable: true, get: function () { return hybrid_signing_1.HybridCryptoError; } });
+Object.defineProperty(exports, "KEY_SIZES", { enumerable: true, get: function () { return hybrid_signing_1.KEY_SIZES; } });
+Object.defineProperty(exports, "decodeHybridPublicKey", { enumerable: true, get: function () { return hybrid_signing_1.decodeHybridPublicKey; } });
+Object.defineProperty(exports, "decodeHybridSignature", { enumerable: true, get: function () { return hybrid_signing_1.decodeHybridSignature; } });
+Object.defineProperty(exports, "encodeHybridPublicKey", { enumerable: true, get: function () { return hybrid_signing_1.encodeHybridPublicKey; } });
+Object.defineProperty(exports, "encodeHybridSignature", { enumerable: true, get: function () { return hybrid_signing_1.encodeHybridSignature; } });
+Object.defineProperty(exports, "generateHybridKeyPair", { enumerable: true, get: function () { return hybrid_signing_1.generateHybridKeyPair; } });
+Object.defineProperty(exports, "getHybridPublicKey", { enumerable: true, get: function () { return hybrid_signing_1.getHybridPublicKey; } });
+Object.defineProperty(exports, "hybridAlgorithmFor", { enumerable: true, get: function () { return hybrid_signing_1.hybridAlgorithmFor; } });
+Object.defineProperty(exports, "hybridSign", { enumerable: true, get: function () { return hybrid_signing_1.hybridSign; } });
+Object.defineProperty(exports, "hybridVerify", { enumerable: true, get: function () { return hybrid_signing_1.hybridVerify; } });
+Object.defineProperty(exports, "validateKeySize", { enumerable: true, get: function () { return hybrid_signing_1.validateKeySize; } });
+var manifest_loader_1 = require("./manifest-loader");
+Object.defineProperty(exports, "CapabilityManifestError", { enumerable: true, get: function () { return manifest_loader_1.CapabilityManifestError; } });
+Object.defineProperty(exports, "MANIFEST_SIGNATURE_ALGORITHM", { enumerable: true, get: function () { return manifest_loader_1.MANIFEST_SIGNATURE_ALGORITHM; } });
+Object.defineProperty(exports, "MANIFEST_VERSION", { enumerable: true, get: function () { return manifest_loader_1.MANIFEST_VERSION; } });
+Object.defineProperty(exports, "MAX_MANIFEST_SIZE_BYTES", { enumerable: true, get: function () { return manifest_loader_1.MAX_MANIFEST_SIZE_BYTES; } });
+Object.defineProperty(exports, "canonicalizeManifestPayload", { enumerable: true, get: function () { return manifest_loader_1.canonicalizeManifestPayload; } });
+Object.defineProperty(exports, "loadCapabilityManifest", { enumerable: true, get: function () { return manifest_loader_1.loadCapabilityManifest; } });
+Object.defineProperty(exports, "parseCapabilityManifest", { enumerable: true, get: function () { return manifest_loader_1.parseCapabilityManifest; } });
+//# sourceMappingURL=index.js.map

package/dist/arp/crypto/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/arp/crypto/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAaH,mDAa0B;AAZxB,mHAAA,iBAAiB,OAAA;AACjB,2GAAA,SAAS,OAAA;AACT,uHAAA,qBAAqB,OAAA;AACrB,uHAAA,qBAAqB,OAAA;AACrB,uHAAA,qBAAqB,OAAA;AACrB,uHAAA,qBAAqB,OAAA;AACrB,uHAAA,qBAAqB,OAAA;AACrB,oHAAA,kBAAkB,OAAA;AAClB,oHAAA,kBAAkB,OAAA;AAClB,4GAAA,UAAU,OAAA;AACV,8GAAA,YAAY,OAAA;AACZ,iHAAA,eAAe,OAAA;AAGjB,qDAQ2B;AAPzB,0HAAA,uBAAuB,OAAA;AACvB,+HAAA,4BAA4B,OAAA;AAC5B,mHAAA,gBAAgB,OAAA;AAChB,0HAAA,uBAAuB,OAAA;AACvB,8HAAA,2BAA2B,OAAA;AAC3B,yHAAA,sBAAsB,OAAA;AACtB,0HAAA,uBAAuB,OAAA"}

package/dist/arp/crypto/manifest-loader.d.ts

@@ -0,0 +1,117 @@
+/**
+ * Capability manifest YAML loader with hybrid Ed25519+ML-DSA-65 signature
+ * verification.
+ *
+ * The loader implements parse-to-deny (CR-001): any failure at any step --
+ * I/O, oversized file, YAML parse error, schema mismatch, missing signature,
+ * wrong algorithm, malformed public key, signature rejection, or expiry --
+ * raises a `CapabilityManifestError`. Callers must treat the thrown error as
+ * an authoritative signal to refuse loading the manifest. There is no
+ * partial-success path.
+ *
+ * Wire format (YAML on disk):
+ *
+ *   version: "1.0.0"
+ *   agentId: "example-agent"
+ *   tier: "execute"
+ *   comply:
+ *     permitted_classes: ["class-a", "class-b"]
+ *     prohibited_classes: ["class-c"]
+ *     on_violation: "deny"
+ *   issuedAt: "2026-04-13T00:00:00.000Z"
+ *   expiresAt: "2027-04-13T00:00:00.000Z"
+ *   ed25519PublicKey: "<base64>"
+ *   mldsa65PublicKey: "<base64>"
+ *   signature:
+ *     alg: "Ed25519+ML-DSA-65"
+ *     ed25519Sig: "<base64>"
+ *     mldsaSig: "<base64>"
+ *     ts: 1712880000000
+ *
+ * The signed payload is the manifest object with the `signature` field
+ * stripped, serialized to canonical JSON (sorted keys, no whitespace). Signer
+ * and verifier must produce byte-identical canonical output or round-tripping
+ * will not work. The closed schema (scalars + string arrays + one nested
+ * object) is simple enough that full RFC 8785 JCS is unnecessary; the
+ * `stableStringify` helper below is deterministic for the shapes we accept.
+ *
+ * Integration points (deferred to follow-up sessions, not wired yet):
+ *   - `src/arp/proxy/server.ts`: load manifest on agent registration, fail
+ *     closed if verification raises.
+ *   - `src/arp/intelligence/coordinator.ts`: consult the `comply` envelope
+ *     when an event's classification lands outside permitted classes.
+ */
+import type { CapabilityManifest } from '../types';
+import type { HybridAlgorithm } from './types';
+/** Only wire format version currently accepted. */
+export declare const MANIFEST_VERSION: "1.0.0";
+/**
+ * Only hybrid algorithm permitted for capability manifests. ML-DSA-65 is the
+ * NIST category 3 parameter set, matching the AIM SDK default for manifests.
+ * ML-DSA-44 is reserved for high-throughput identity signals; ML-DSA-87 for
+ * root keys. Manifests that claim a different algorithm are refused.
+ */
+export declare const MANIFEST_SIGNATURE_ALGORITHM: HybridAlgorithm;
+/**
+ * Hard cap on the manifest file size. Anything larger is rejected before
+ * YAML parsing to bound worst-case memory and CPU for a malicious file. 64
+ * KiB is ample: a realistic manifest with a few hundred permitted classes
+ * and base64 public keys sits well under 8 KiB.
+ */
+export declare const MAX_MANIFEST_SIZE_BYTES: number;
+/**
+ * Discrete error codes so callers can switch on the reason without parsing
+ * string messages. Keep this in sync with `CapabilityManifestError.code`.
+ */
+export type CapabilityManifestErrorCode = 'IO_ERROR' | 'SIZE_EXCEEDED' | 'PARSE_ERROR' | 'SCHEMA_ERROR' | 'VERSION_UNSUPPORTED' | 'SIGNATURE_MISSING' | 'ALGORITHM_UNSUPPORTED' | 'KEY_FORMAT_ERROR' | 'SIGNATURE_INVALID' | 'EXPIRED';
+/**
+ * Error raised on any loader failure. Callers MUST treat a thrown
+ * `CapabilityManifestError` as an authoritative parse-to-deny signal. Do not
+ * fall through to a "load without verification" path under any circumstance.
+ */
+export declare class CapabilityManifestError extends Error {
+    readonly code: CapabilityManifestErrorCode;
+    readonly details?: {
+        reason?: string;
+        cause?: unknown;
+    } | undefined;
+    constructor(code: CapabilityManifestErrorCode, message: string, details?: {
+        reason?: string;
+        cause?: unknown;
+    } | undefined);
+}
+/**
+ * Produce canonical signed-payload bytes for a parsed manifest object.
+ *
+ * Canonicalization:
+ *   1. Remove the `signature` field if present.
+ *   2. Serialize as JSON with recursively sorted object keys and no
+ *      whitespace between tokens.
+ *   3. Encode the result as UTF-8.
+ *
+ * Exported because fixture generators and out-of-repo signers need to
+ * produce the exact same bytes as the verifier. Duplicating this logic in a
+ * signer is a recipe for drift.
+ */
+export declare function canonicalizeManifestPayload(payload: Record<string, unknown>): Uint8Array;
+/**
+ * Load and verify a capability manifest from a YAML file on disk.
+ *
+ * On success, returns the verified `CapabilityManifest` shape (without the
+ * signature block, which is not part of the runtime type). On any failure
+ * throws a `CapabilityManifestError` -- the caller fails closed.
+ *
+ * The file is read once, size-checked, then parsed and verified. I/O errors
+ * are reported with `code: 'IO_ERROR'` and the underlying error exposed via
+ * `details.cause` so callers can log the root cause without re-throwing.
+ */
+export declare function loadCapabilityManifest(filePath: string): Promise<CapabilityManifest>;
+/**
+ * Parse and verify a capability manifest from YAML text.
+ *
+ * Separated from `loadCapabilityManifest` so callers that already have the
+ * text in memory (pulled from a database, stdin, IPC channel) can verify
+ * without a filesystem round trip.
+ */
+export declare function parseCapabilityManifest(yamlText: string): Promise<CapabilityManifest>;
+//# sourceMappingURL=manifest-loader.d.ts.map

package/dist/arp/crypto/manifest-loader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest-loader.d.ts","sourceRoot":"","sources":["../../../src/arp/crypto/manifest-loader.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AAMH,OAAO,KAAK,EACV,kBAAkB,EAGnB,MAAM,UAAU,CAAC;AAOlB,OAAO,KAAK,EAGV,eAAe,EAChB,MAAM,SAAS,CAAC;AAEjB,mDAAmD;AACnD,eAAO,MAAM,gBAAgB,EAAG,OAAgB,CAAC;AAEjD;;;;;GAKG;AACH,eAAO,MAAM,4BAA4B,EAAE,eACtB,CAAC;AAEtB;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,QAAY,CAAC;AAejD;;;GAGG;AACH,MAAM,MAAM,2BAA2B,GACnC,UAAU,GACV,eAAe,GACf,aAAa,GACb,cAAc,GACd,qBAAqB,GACrB,mBAAmB,GACnB,uBAAuB,GACvB,kBAAkB,GAClB,mBAAmB,GACnB,SAAS,CAAC;AAEd;;;;GAIG;AACH,qBAAa,uBAAwB,SAAQ,KAAK;aAE9B,IAAI,EAAE,2BAA2B;aAEjC,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE;gBAF9C,IAAI,EAAE,2BAA2B,EACjD,OAAO,EAAE,MAAM,EACC,OAAO,CAAC,EAAE;QAAE,MAAM,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,OAAO,CAAA;KAAE,YAAA;CAKjE;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,2BAA2B,CACzC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAC/B,UAAU,CAIZ;AAuBD;;;;;;;;;;GAUG;AACH,wBAAsB,sBAAsB,CAC1C,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,kBAAkB,CAAC,CAqB7B;AAED;;;;;;GAMG;AACH,wBAAsB,uBAAuB,CAC3C,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,kBAAkB,CAAC,CA+N7B"}