instar 0.26.11 → 0.27.2

package/dist/identity/IdentityManager.js

@@ -0,0 +1,179 @@
+/**
+ * CanonicalIdentityManager — Manages the agent's canonical Ed25519 identity.
+ *
+ * Stores identity at {stateDir}/identity.json with encrypted private key.
+ * This is the single source of truth for agent identity across all systems
+ * (Threadline, MoltBridge, A2A).
+ *
+ * Spec Section 3.3: Single keypair, managed by Instar, used by both systems.
+ */
+import fs from 'node:fs';
+import path from 'node:path';
+import { generateIdentityKeyPair } from '../threadline/ThreadlineCrypto.js';
+import { deriveX25519PublicKey } from '../threadline/client/MessageEncryptor.js';
+import { encryptPrivateKey, decryptPrivateKey, generateSalt } from './KeyEncryption.js';
+import { generateRecoveryPhrase, deriveRecoveryKeypair, createRecoveryCommitment, generateRecoverySalt, } from './RecoveryPhrase.js';
+import { computeCanonicalId, computeDisplayFingerprint, IDENTITY_SCHEMA_VERSION, } from './types.js';
+// ── Manager ──────────────────────────────────────────────────────────
+export class CanonicalIdentityManager {
+    stateDir;
+    identityFile;
+    identity = null;
+    constructor(stateDir) {
+        this.stateDir = stateDir;
+        this.identityFile = path.join(stateDir, 'identity.json');
+    }
+    /**
+     * Create a new canonical identity.
+     *
+     * Generates Ed25519 keypair, optional recovery phrase, encrypts private key,
+     * and writes identity.json.
+     *
+     * @returns The identity and (if generated) the recovery phrase.
+     *          The recovery phrase is ONLY returned here — it must be shown to the user
+     *          and never stored by the system.
+     */
+    create(options = {}) {
+        const keypair = generateIdentityKeyPair();
+        const canonicalId = computeCanonicalId(keypair.publicKey);
+        const displayFingerprint = computeDisplayFingerprint(canonicalId);
+        let recoveryPhrase;
+        let recoveryCommitment;
+        let recoverySalt;
+        if (!options.skipRecovery) {
+            recoveryPhrase = generateRecoveryPhrase();
+            const rSalt = generateRecoverySalt();
+            const recoveryKeypair = deriveRecoveryKeypair(recoveryPhrase, rSalt);
+            recoveryCommitment = createRecoveryCommitment(recoveryKeypair.publicKey, keypair.privateKey);
+            recoverySalt = rSalt.toString('base64');
+        }
+        // Encrypt private key (or store plaintext in dev mode)
+        let privateKeyData;
+        let encryption;
+        let keySalt;
+        if (options.passphrase !== undefined) {
+            const salt = generateSalt();
+            privateKeyData = encryptPrivateKey(keypair.privateKey, options.passphrase, salt);
+            encryption = 'xchacha20-poly1305+argon2id';
+            keySalt = salt.toString('base64');
+        }
+        else {
+            privateKeyData = keypair.privateKey.toString('base64');
+            encryption = 'none';
+        }
+        const file = {
+            version: IDENTITY_SCHEMA_VERSION,
+            publicKey: keypair.publicKey.toString('base64'),
+            privateKey: privateKeyData,
+            privateKeyEncryption: encryption,
+            ...(keySalt && { keySalt }),
+            canonicalId,
+            displayFingerprint,
+            ...(recoveryCommitment && { recoveryCommitment }),
+            ...(recoverySalt && { recoverySalt }),
+            createdAt: new Date().toISOString(),
+        };
+        this.writeToDisk(file);
+        const identity = {
+            version: IDENTITY_SCHEMA_VERSION,
+            publicKey: keypair.publicKey,
+            privateKey: keypair.privateKey,
+            x25519PublicKey: deriveX25519PublicKey(keypair.privateKey),
+            canonicalId,
+            displayFingerprint,
+            createdAt: file.createdAt,
+            recoveryCommitment,
+        };
+        this.identity = identity;
+        return { identity, recoveryPhrase };
+    }
+    /**
+     * Load an existing identity from disk.
+     *
+     * @param options.passphrase Required if the private key is encrypted.
+     * @returns The decrypted identity, or null if no identity exists.
+     * @throws Error if passphrase is wrong or file is corrupted.
+     */
+    load(options = {}) {
+        if (this.identity)
+            return this.identity;
+        const file = this.readFromDisk();
+        if (!file)
+            return null;
+        let privateKey;
+        if (file.privateKeyEncryption === 'none') {
+            privateKey = Buffer.from(file.privateKey, 'base64');
+        }
+        else if (file.privateKeyEncryption === 'xchacha20-poly1305+argon2id') {
+            if (!options.passphrase && options.passphrase !== '') {
+                throw new Error('Passphrase required to decrypt identity');
+            }
+            if (!file.keySalt) {
+                throw new Error('Identity file missing keySalt for encrypted key');
+            }
+            const salt = Buffer.from(file.keySalt, 'base64');
+            privateKey = decryptPrivateKey(file.privateKey, options.passphrase, salt);
+        }
+        else {
+            throw new Error(`Unknown encryption method: ${file.privateKeyEncryption}`);
+        }
+        const identity = {
+            version: file.version,
+            publicKey: Buffer.from(file.publicKey, 'base64'),
+            privateKey,
+            x25519PublicKey: deriveX25519PublicKey(privateKey),
+            canonicalId: file.canonicalId,
+            displayFingerprint: file.displayFingerprint,
+            createdAt: file.createdAt,
+            recoveryCommitment: file.recoveryCommitment,
+            migrationComplete: file.migrationComplete,
+        };
+        this.identity = identity;
+        return identity;
+    }
+    /**
+     * Get the current identity (must have been created or loaded first).
+     */
+    get() {
+        return this.identity;
+    }
+    /**
+     * Check if an identity file exists on disk.
+     */
+    exists() {
+        return fs.existsSync(this.identityFile);
+    }
+    /**
+     * Get the identity file path.
+     */
+    get filePath() {
+        return this.identityFile;
+    }
+    /**
+     * Read the raw identity file (without decrypting).
+     * Useful for checking encryption status or migration state.
+     */
+    readRaw() {
+        return this.readFromDisk();
+    }
+    // ── Private ─────────────────────────────────────────────────────
+    readFromDisk() {
+        try {
+            if (!fs.existsSync(this.identityFile))
+                return null;
+            const raw = fs.readFileSync(this.identityFile, 'utf-8');
+            return JSON.parse(raw);
+        }
+        catch {
+            return null;
+        }
+    }
+    writeToDisk(file) {
+        fs.mkdirSync(path.dirname(this.identityFile), { recursive: true });
+        const data = JSON.stringify(file, null, 2);
+        const tmpPath = `${this.identityFile}.${process.pid}.tmp`;
+        fs.writeFileSync(tmpPath, data, { mode: 0o600 });
+        fs.renameSync(tmpPath, this.identityFile);
+    }
+}
+//# sourceMappingURL=IdentityManager.js.map

package/dist/identity/IdentityManager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IdentityManager.js","sourceRoot":"","sources":["../../src/identity/IdentityManager.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAE7B,OAAO,EAAE,uBAAuB,EAAE,MAAM,mCAAmC,CAAC;AAC5E,OAAO,EAAE,qBAAqB,EAAE,MAAM,0CAA0C,CAAC;AACjF,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACxF,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,uBAAuB,GAIxB,MAAM,YAAY,CAAC;AAsBpB,wEAAwE;AAExE,MAAM,OAAO,wBAAwB;IAClB,QAAQ,CAAS;IACjB,YAAY,CAAS;IAC9B,QAAQ,GAA6B,IAAI,CAAC;IAElD,YAAY,QAAgB;QAC1B,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAC3D,CAAC;IAED;;;;;;;;;OASG;IACH,MAAM,CAAC,UAAiC,EAAE;QACxC,MAAM,OAAO,GAAG,uBAAuB,EAAE,CAAC;QAC1C,MAAM,WAAW,GAAG,kBAAkB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC1D,MAAM,kBAAkB,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;QAElE,IAAI,cAAkC,CAAC;QACvC,IAAI,kBAAsC,CAAC;QAC3C,IAAI,YAAgC,CAAC;QAErC,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;YAC1B,cAAc,GAAG,sBAAsB,EAAE,CAAC;YAC1C,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAC;YACrC,MAAM,eAAe,GAAG,qBAAqB,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;YACrE,kBAAkB,GAAG,wBAAwB,CAAC,eAAe,CAAC,SAAS,EAAE,OAAO,CAAC,UAAU,CAAC,CAAC;YAC7F,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC1C,CAAC;QAED,uDAAuD;QACvD,IAAI,cAAsB,CAAC;QAC3B,IAAI,UAAgC,CAAC;QACrC,IAAI,OAA2B,CAAC;QAEhC,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;YAC5B,cAAc,GAAG,iBAAiB,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;YACjF,UAAU,GAAG,6BAA6B,CAAC;YAC3C,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACpC,CAAC;aAAM,CAAC;YACN,cAAc,GAAG,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACvD,UAAU,GAAG,MAAM,CAAC;QACtB,CAAC;QAED,MAAM,IAAI,GAAiB;YACzB,OAAO,EAAE,uBAAuB;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC/C,UAAU,EAAE,cAAc;YAC1B,oBAAoB,EAAE,UAAU;YAChC,GAAG,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,CAAC;YAC3B,WAAW;YACX,kBAAkB;YAClB,GAAG,CAAC,kBAAkB,IAAI,EAAE,kBAAkB,EAAE,CAAC;YACjD,GAAG,CAAC,YAAY,IAAI,EAAE,YAAY,EAAE,CAAC;YACrC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;QAEvB,MAAM,QAAQ,GAAsB;YAClC,OAAO,EAAE,uBAAuB;YAChC,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,eAAe,EAAE,qBAAqB,CAAC,OAAO,CAAC,UAAU,CAAC;YAC1D,WAAW;YACX,kBAAkB;YAClB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,kBAAkB;SACnB,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC;IACtC,CAAC;IAED;;;;;;OAMG;IACH,IAAI,CAAC,UAA+B,EAAE;QACpC,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO,IAAI,CAAC,QAAQ,CAAC;QAExC,MAAM,IAAI,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;QACjC,IAAI,CAAC,IAAI;YAAE,OAAO,IAAI,CAAC;QAEvB,IAAI,UAAkB,CAAC;QAEvB,IAAI,IAAI,CAAC,oBAAoB,KAAK,MAAM,EAAE,CAAC;YACzC,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QACtD,CAAC;aAAM,IAAI,IAAI,CAAC,oBAAoB,KAAK,6BAA6B,EAAE,CAAC;YACvE,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,KAAK,EAAE,EAAE,CAAC;gBACrD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;YAC7D,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClB,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrE,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YACjD,UAAU,GAAG,iBAAiB,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,UAAW,EAAE,IAAI,CAAC,CAAC;QAC7E,CAAC;aAAM,CAAC;YACN,MAAM,IAAI,KAAK,CAAC,8BAA8B,IAAI,CAAC,oBAAoB,EAAE,CAAC,CAAC;QAC7E,CAAC;QAED,MAAM,QAAQ,GAAsB;YAClC,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC;YAChD,UAAU;YACV,eAAe,EAAE,qBAAqB,CAAC,UAAU,CAAC;YAClD,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;YAC3C,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;YAC3C,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;SAC1C,CAAC;QAEF,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,GAAG;QACD,OAAO,IAAI,CAAC,QAAQ,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,MAAM;QACJ,OAAO,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED;;;OAGG;IACH,OAAO;QACL,OAAO,IAAI,CAAC,YAAY,EAAE,CAAC;IAC7B,CAAC;IAED,mEAAmE;IAE3D,YAAY;QAClB,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,YAAY,CAAC;gBAAE,OAAO,IAAI,CAAC;YACnD,MAAM,GAAG,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;YACxD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAiB,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAEO,WAAW,CAAC,IAAkB;QACpC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAEnE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC3C,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,MAAM,CAAC;QAC1D,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACjD,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;IAC5C,CAAC;CACF"}

package/dist/identity/KeyEncryption.d.ts

@@ -0,0 +1,40 @@
+/**
+ * KeyEncryption — Encrypt/decrypt Ed25519 private keys at rest.
+ *
+ * Uses Argon2id for key derivation and XChaCha20-Poly1305 for encryption,
+ * matching the Threadline spec (Section 3.3.2):
+ *
+ *   encrypted = XChaCha20-Poly1305(
+ *     key = Argon2id(passphrase, salt, t=3, m=65536, p=4),
+ *     nonce = 24 bytes CSPRNG,
+ *     data = private_key
+ *   )
+ *
+ * Storage format: base64(nonce || ciphertext || auth_tag)
+ */
+/** Salt size for Argon2id */
+export declare const SALT_BYTES = 32;
+/**
+ * Encrypt an Ed25519 private key for at-rest storage.
+ *
+ * @param privateKey - Raw 32-byte Ed25519 private key
+ * @param passphrase - User passphrase or keychain-derived secret
+ * @param salt - 32-byte CSPRNG salt (unique per agent, stored alongside)
+ * @returns base64-encoded string: nonce || ciphertext || tag
+ */
+export declare function encryptPrivateKey(privateKey: Buffer, passphrase: string, salt: Buffer): string;
+/**
+ * Decrypt an Ed25519 private key from at-rest storage.
+ *
+ * @param encrypted - base64-encoded string from encryptPrivateKey
+ * @param passphrase - Same passphrase used for encryption
+ * @param salt - Same salt used for encryption
+ * @returns Raw 32-byte Ed25519 private key
+ * @throws Error if passphrase is wrong or data is corrupted
+ */
+export declare function decryptPrivateKey(encrypted: string, passphrase: string, salt: Buffer): Buffer;
+/**
+ * Generate a new random salt for Argon2id key derivation.
+ */
+export declare function generateSalt(): Buffer;
+//# sourceMappingURL=KeyEncryption.d.ts.map

package/dist/identity/KeyEncryption.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"KeyEncryption.d.ts","sourceRoot":"","sources":["../../src/identity/KeyEncryption.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAiBH,6BAA6B;AAC7B,eAAO,MAAM,UAAU,KAAK,CAAC;AAI7B;;;;;;;GAOG;AACH,wBAAgB,iBAAiB,CAC/B,UAAU,EAAE,MAAM,EAClB,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,GACX,MAAM,CAcR;AAED;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAC/B,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,GACX,MAAM,CAsBR;AAED;;GAEG;AACH,wBAAgB,YAAY,IAAI,MAAM,CAErC"}

package/dist/identity/KeyEncryption.js

@@ -0,0 +1,93 @@
+/**
+ * KeyEncryption — Encrypt/decrypt Ed25519 private keys at rest.
+ *
+ * Uses Argon2id for key derivation and XChaCha20-Poly1305 for encryption,
+ * matching the Threadline spec (Section 3.3.2):
+ *
+ *   encrypted = XChaCha20-Poly1305(
+ *     key = Argon2id(passphrase, salt, t=3, m=65536, p=4),
+ *     nonce = 24 bytes CSPRNG,
+ *     data = private_key
+ *   )
+ *
+ * Storage format: base64(nonce || ciphertext || auth_tag)
+ */
+import crypto from 'node:crypto';
+import { argon2id } from '@noble/hashes/argon2.js';
+import { xchacha20poly1305 } from '@noble/ciphers/chacha.js';
+// ── Constants ────────────────────────────────────────────────────────
+/** Argon2id parameters (spec Section 3.3.2) */
+const ARGON2_TIME_COST = 3;
+const ARGON2_MEMORY_KB = 65536; // 64 MB
+const ARGON2_PARALLELISM = 4;
+const ARGON2_OUTPUT_LENGTH = 32; // 256-bit key for XChaCha20-Poly1305
+/** XChaCha20-Poly1305 nonce size */
+const NONCE_BYTES = 24;
+/** Salt size for Argon2id */
+export const SALT_BYTES = 32;
+// ── Public API ───────────────────────────────────────────────────────
+/**
+ * Encrypt an Ed25519 private key for at-rest storage.
+ *
+ * @param privateKey - Raw 32-byte Ed25519 private key
+ * @param passphrase - User passphrase or keychain-derived secret
+ * @param salt - 32-byte CSPRNG salt (unique per agent, stored alongside)
+ * @returns base64-encoded string: nonce || ciphertext || tag
+ */
+export function encryptPrivateKey(privateKey, passphrase, salt) {
+    // Derive encryption key via Argon2id
+    const key = deriveKey(passphrase, salt);
+    // Generate random nonce
+    const nonce = crypto.randomBytes(NONCE_BYTES);
+    // Encrypt with XChaCha20-Poly1305
+    const cipher = xchacha20poly1305(key, nonce);
+    const ciphertext = cipher.encrypt(new Uint8Array(privateKey));
+    // Pack: nonce || ciphertext (includes auth tag)
+    const packed = Buffer.concat([nonce, Buffer.from(ciphertext)]);
+    return packed.toString('base64');
+}
+/**
+ * Decrypt an Ed25519 private key from at-rest storage.
+ *
+ * @param encrypted - base64-encoded string from encryptPrivateKey
+ * @param passphrase - Same passphrase used for encryption
+ * @param salt - Same salt used for encryption
+ * @returns Raw 32-byte Ed25519 private key
+ * @throws Error if passphrase is wrong or data is corrupted
+ */
+export function decryptPrivateKey(encrypted, passphrase, salt) {
+    const packed = Buffer.from(encrypted, 'base64');
+    if (packed.length < NONCE_BYTES + 16) {
+        throw new Error('Encrypted key data too short');
+    }
+    // Unpack: nonce || ciphertext (includes auth tag)
+    const nonce = packed.subarray(0, NONCE_BYTES);
+    const ciphertext = packed.subarray(NONCE_BYTES);
+    // Derive the same key
+    const key = deriveKey(passphrase, salt);
+    // Decrypt
+    const cipher = xchacha20poly1305(key, nonce);
+    try {
+        const plaintext = cipher.decrypt(new Uint8Array(ciphertext));
+        return Buffer.from(plaintext);
+    }
+    catch {
+        throw new Error('Decryption failed — wrong passphrase or corrupted data');
+    }
+}
+/**
+ * Generate a new random salt for Argon2id key derivation.
+ */
+export function generateSalt() {
+    return crypto.randomBytes(SALT_BYTES);
+}
+// ── Internal ─────────────────────────────────────────────────────────
+function deriveKey(passphrase, salt) {
+    return argon2id(Buffer.from(passphrase, 'utf-8'), salt, {
+        t: ARGON2_TIME_COST,
+        m: ARGON2_MEMORY_KB,
+        p: ARGON2_PARALLELISM,
+        dkLen: ARGON2_OUTPUT_LENGTH,
+    });
+}
+//# sourceMappingURL=KeyEncryption.js.map

package/dist/identity/KeyEncryption.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"KeyEncryption.js","sourceRoot":"","sources":["../../src/identity/KeyEncryption.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAE7D,wEAAwE;AAExE,+CAA+C;AAC/C,MAAM,gBAAgB,GAAG,CAAC,CAAC;AAC3B,MAAM,gBAAgB,GAAG,KAAK,CAAC,CAAI,QAAQ;AAC3C,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAC7B,MAAM,oBAAoB,GAAG,EAAE,CAAC,CAAG,qCAAqC;AAExE,oCAAoC;AACpC,MAAM,WAAW,GAAG,EAAE,CAAC;AAEvB,6BAA6B;AAC7B,MAAM,CAAC,MAAM,UAAU,GAAG,EAAE,CAAC;AAE7B,wEAAwE;AAExE;;;;;;;GAOG;AACH,MAAM,UAAU,iBAAiB,CAC/B,UAAkB,EAClB,UAAkB,EAClB,IAAY;IAEZ,qCAAqC;IACrC,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IAExC,wBAAwB;IACxB,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;IAE9C,kCAAkC;IAClC,MAAM,MAAM,GAAG,iBAAiB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC7C,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;IAE9D,gDAAgD;IAChD,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC/D,OAAO,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACnC,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAC/B,SAAiB,EACjB,UAAkB,EAClB,IAAY;IAEZ,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEhD,IAAI,MAAM,CAAC,MAAM,GAAG,WAAW,GAAG,EAAE,EAAE,CAAC;QACrC,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAClD,CAAC;IAED,kDAAkD;IAClD,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC;IAC9C,MAAM,UAAU,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAEhD,sBAAsB;IACtB,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;IAExC,UAAU;IACV,MAAM,MAAM,GAAG,iBAAiB,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IAC7C,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC;QAC7D,OAAO,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;IAC5E,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,OAAO,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;AACxC,CAAC;AAED,wEAAwE;AAExE,SAAS,SAAS,CAAC,UAAkB,EAAE,IAAY;IACjD,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE;QACtD,CAAC,EAAE,gBAAgB;QACnB,CAAC,EAAE,gBAAgB;QACnB,CAAC,EAAE,kBAAkB;QACrB,KAAK,EAAE,oBAAoB;KAC5B,CAAC,CAAC;AACL,CAAC"}

package/dist/identity/KeyRevocation.d.ts

@@ -0,0 +1,68 @@
+/**
+ * KeyRevocation — Emergency key revocation via recovery phrase.
+ *
+ * Spec Section 3.10:
+ * - 24-hour time-lock before revocation takes effect
+ * - Cancellation window: primary key holder can cancel during time-lock
+ * - Rate limiting: max 3 attempts per 24h per agent identity
+ * - Audit logging of all attempts (successful, cancelled, failed)
+ */
+import { type RevocationRequest } from './types.js';
+export interface RevocationAuditEntry {
+    timestamp: string;
+    action: 'initiate' | 'cancel' | 'activate' | 'reject-rate-limit' | 'reject-commitment';
+    targetCanonicalId: string;
+    newPublicKey?: string;
+    reason?: string;
+}
+export interface RevocationState {
+    pending: RevocationRequest | null;
+    attempts: {
+        timestamp: string;
+    }[];
+    auditLog: RevocationAuditEntry[];
+}
+export declare class RevocationManager {
+    private readonly stateFile;
+    private state;
+    constructor(stateDir: string);
+    /**
+     * Initiate an emergency revocation using the recovery keypair.
+     *
+     * The revocation enters a 24-hour time-lock pending state.
+     * During this window, the legitimate key holder can cancel it.
+     *
+     * @param recoveryPrivateKey - The recovery private key (from mnemonic)
+     * @param recoveryPublicKey - The recovery public key
+     * @param targetCanonicalId - The canonical ID of the agent being revoked
+     * @param newPublicKey - The replacement Ed25519 public key
+     * @param primaryPublicKey - The current primary public key (to verify recovery commitment)
+     * @param recoveryCommitment - The pre-committed recovery signature from identity.json
+     */
+    initiate(recoveryPrivateKey: Buffer, recoveryPublicKey: Buffer, targetCanonicalId: string, newPublicKey: Buffer, primaryPublicKey: Buffer, recoveryCommitment: string): RevocationRequest;
+    /**
+     * Cancel a pending revocation by proving possession of the primary key.
+     */
+    cancel(primaryPrivateKey: Buffer, primaryPublicKey: Buffer): boolean;
+    /**
+     * Check if a pending revocation should be activated (time-lock expired).
+     */
+    checkAndActivate(now?: Date): RevocationRequest | null;
+    /**
+     * Get the current pending revocation, if any.
+     */
+    getPending(): RevocationRequest | null;
+    /**
+     * Get the audit log.
+     */
+    getAuditLog(): RevocationAuditEntry[];
+    /**
+     * Get remaining attempts in the current rate-limit window.
+     */
+    getRemainingAttempts(): number;
+    private pruneOldAttempts;
+    private addAudit;
+    private loadState;
+    private saveState;
+}
+//# sourceMappingURL=KeyRevocation.d.ts.map

package/dist/identity/KeyRevocation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"KeyRevocation.d.ts","sourceRoot":"","sources":["../../src/identity/KeyRevocation.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,OAAO,EAGL,KAAK,iBAAiB,EACvB,MAAM,YAAY,CAAC;AASpB,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,UAAU,GAAG,QAAQ,GAAG,UAAU,GAAG,mBAAmB,GAAG,mBAAmB,CAAC;IACvF,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAClC,QAAQ,EAAE;QAAE,SAAS,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;IAClC,QAAQ,EAAE,oBAAoB,EAAE,CAAC;CAClC;AAID,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,KAAK,CAAkB;gBAEnB,QAAQ,EAAE,MAAM;IAK5B;;;;;;;;;;;;OAYG;IACH,QAAQ,CACN,kBAAkB,EAAE,MAAM,EAC1B,iBAAiB,EAAE,MAAM,EACzB,iBAAiB,EAAE,MAAM,EACzB,YAAY,EAAE,MAAM,EACpB,gBAAgB,EAAE,MAAM,EACxB,kBAAkB,EAAE,MAAM,GACzB,iBAAiB;IA4CpB;;OAEG;IACH,MAAM,CAAC,iBAAiB,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,OAAO;IAqBpE;;OAEG;IACH,gBAAgB,CAAC,GAAG,CAAC,EAAE,IAAI,GAAG,iBAAiB,GAAG,IAAI;IAkBtD;;OAEG;IACH,UAAU,IAAI,iBAAiB,GAAG,IAAI;IAItC;;OAEG;IACH,WAAW,IAAI,oBAAoB,EAAE;IAIrC;;OAEG;IACH,oBAAoB,IAAI,MAAM;IAO9B,OAAO,CAAC,gBAAgB;IAOxB,OAAO,CAAC,QAAQ;IAahB,OAAO,CAAC,SAAS;IASjB,OAAO,CAAC,SAAS;CAMlB"}

package/dist/identity/KeyRevocation.js

@@ -0,0 +1,171 @@
+/**
+ * KeyRevocation — Emergency key revocation via recovery phrase.
+ *
+ * Spec Section 3.10:
+ * - 24-hour time-lock before revocation takes effect
+ * - Cancellation window: primary key holder can cancel during time-lock
+ * - Rate limiting: max 3 attempts per 24h per agent identity
+ * - Audit logging of all attempts (successful, cancelled, failed)
+ */
+import crypto from 'node:crypto';
+import fs from 'node:fs';
+import path from 'node:path';
+import { sign, verify } from '../threadline/ThreadlineCrypto.js';
+import { RECOVERY_TIMELOCK_MS, MAX_RECOVERY_ATTEMPTS, } from './types.js';
+// ── Constants ────────────────────────────────────────────────────────
+const REVOCATION_DOMAIN = 'instar-emergency-revoke-v1';
+const RATE_LIMIT_WINDOW_MS = 24 * 60 * 60 * 1000;
+// ── Manager ──────────────────────────────────────────────────────────
+export class RevocationManager {
+    stateFile;
+    state;
+    constructor(stateDir) {
+        this.stateFile = path.join(stateDir, 'revocation-state.json');
+        this.state = this.loadState();
+    }
+    /**
+     * Initiate an emergency revocation using the recovery keypair.
+     *
+     * The revocation enters a 24-hour time-lock pending state.
+     * During this window, the legitimate key holder can cancel it.
+     *
+     * @param recoveryPrivateKey - The recovery private key (from mnemonic)
+     * @param recoveryPublicKey - The recovery public key
+     * @param targetCanonicalId - The canonical ID of the agent being revoked
+     * @param newPublicKey - The replacement Ed25519 public key
+     * @param primaryPublicKey - The current primary public key (to verify recovery commitment)
+     * @param recoveryCommitment - The pre-committed recovery signature from identity.json
+     */
+    initiate(recoveryPrivateKey, recoveryPublicKey, targetCanonicalId, newPublicKey, primaryPublicKey, recoveryCommitment) {
+        // Rate limit check
+        this.pruneOldAttempts();
+        if (this.state.attempts.length >= MAX_RECOVERY_ATTEMPTS) {
+            this.addAudit('reject-rate-limit', targetCanonicalId);
+            this.saveState();
+            throw new Error(`Rate limited: max ${MAX_RECOVERY_ATTEMPTS} recovery attempts per 24 hours`);
+        }
+        // Verify the recovery commitment matches
+        const commitmentMessage = Buffer.concat([
+            Buffer.from('instar-recovery-commitment-v1', 'utf-8'),
+            recoveryPublicKey,
+        ]);
+        const commitmentSig = Buffer.from(recoveryCommitment, 'base64');
+        if (!verify(primaryPublicKey, commitmentMessage, commitmentSig)) {
+            this.addAudit('reject-commitment', targetCanonicalId);
+            this.state.attempts.push({ timestamp: new Date().toISOString() });
+            this.saveState();
+            throw new Error('Recovery commitment verification failed — recovery key does not match');
+        }
+        // Create the revocation signature
+        const message = buildRevocationMessage(targetCanonicalId, newPublicKey);
+        const recoverySignature = sign(recoveryPrivateKey, message);
+        const now = new Date();
+        const request = {
+            targetCanonicalId,
+            newPublicKey: newPublicKey.toString('base64'),
+            recoverySignature: recoverySignature.toString('base64'),
+            timestamp: now.toISOString(),
+            status: 'pending',
+            expiresAt: new Date(now.getTime() + RECOVERY_TIMELOCK_MS).toISOString(),
+        };
+        this.state.pending = request;
+        this.state.attempts.push({ timestamp: now.toISOString() });
+        this.addAudit('initiate', targetCanonicalId, newPublicKey.toString('base64'));
+        this.saveState();
+        return request;
+    }
+    /**
+     * Cancel a pending revocation by proving possession of the primary key.
+     */
+    cancel(primaryPrivateKey, primaryPublicKey) {
+        if (!this.state.pending || this.state.pending.status !== 'pending') {
+            return false;
+        }
+        // Prove primary key possession: sign the pending request's timestamp
+        const cancelMessage = Buffer.concat([
+            Buffer.from('instar-revoke-cancel-v1', 'utf-8'),
+            Buffer.from(this.state.pending.timestamp, 'utf-8'),
+        ]);
+        const signature = sign(primaryPrivateKey, cancelMessage);
+        if (!verify(primaryPublicKey, cancelMessage, signature)) {
+            return false;
+        }
+        this.state.pending.status = 'cancelled';
+        this.addAudit('cancel', this.state.pending.targetCanonicalId);
+        this.saveState();
+        return true;
+    }
+    /**
+     * Check if a pending revocation should be activated (time-lock expired).
+     */
+    checkAndActivate(now) {
+        if (!this.state.pending || this.state.pending.status !== 'pending') {
+            return null;
+        }
+        const currentTime = (now ?? new Date()).getTime();
+        const expiresAt = new Date(this.state.pending.expiresAt).getTime();
+        if (currentTime >= expiresAt) {
+            this.state.pending.status = 'active';
+            this.addAudit('activate', this.state.pending.targetCanonicalId);
+            this.saveState();
+            return this.state.pending;
+        }
+        return null;
+    }
+    /**
+     * Get the current pending revocation, if any.
+     */
+    getPending() {
+        return this.state.pending?.status === 'pending' ? this.state.pending : null;
+    }
+    /**
+     * Get the audit log.
+     */
+    getAuditLog() {
+        return [...this.state.auditLog];
+    }
+    /**
+     * Get remaining attempts in the current rate-limit window.
+     */
+    getRemainingAttempts() {
+        this.pruneOldAttempts();
+        return Math.max(0, MAX_RECOVERY_ATTEMPTS - this.state.attempts.length);
+    }
+    // ── Private ─────────────────────────────────────────────────────
+    pruneOldAttempts() {
+        const cutoff = Date.now() - RATE_LIMIT_WINDOW_MS;
+        this.state.attempts = this.state.attempts.filter(a => new Date(a.timestamp).getTime() > cutoff);
+    }
+    addAudit(action, targetCanonicalId, newPublicKey) {
+        this.state.auditLog.push({
+            timestamp: new Date().toISOString(),
+            action,
+            targetCanonicalId,
+            ...(newPublicKey && { newPublicKey }),
+        });
+    }
+    loadState() {
+        try {
+            if (fs.existsSync(this.stateFile)) {
+                return JSON.parse(fs.readFileSync(this.stateFile, 'utf-8'));
+            }
+        }
+        catch { /* ignore */ }
+        return { pending: null, attempts: [], auditLog: [] };
+    }
+    saveState() {
+        fs.mkdirSync(path.dirname(this.stateFile), { recursive: true });
+        const tmpPath = `${this.stateFile}.${process.pid}.tmp`;
+        fs.writeFileSync(tmpPath, JSON.stringify(this.state, null, 2), { mode: 0o600 });
+        fs.renameSync(tmpPath, this.stateFile);
+    }
+}
+// ── Helpers ──────────────────────────────────────────────────────────
+function buildRevocationMessage(targetCanonicalId, newPublicKey) {
+    const hash = crypto.createHash('sha256');
+    hash.update(Buffer.from(REVOCATION_DOMAIN, 'utf-8'));
+    hash.update(Buffer.from(targetCanonicalId, 'utf-8'));
+    hash.update(newPublicKey);
+    return hash.digest();
+}
+//# sourceMappingURL=KeyRevocation.js.map

package/dist/identity/KeyRevocation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"KeyRevocation.js","sourceRoot":"","sources":["../../src/identity/KeyRevocation.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAC;AACjE,OAAO,EACL,oBAAoB,EACpB,qBAAqB,GAEtB,MAAM,YAAY,CAAC;AAEpB,wEAAwE;AAExE,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;AACvD,MAAM,oBAAoB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAkBjD,wEAAwE;AAExE,MAAM,OAAO,iBAAiB;IACX,SAAS,CAAS;IAC3B,KAAK,CAAkB;IAE/B,YAAY,QAAgB;QAC1B,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,uBAAuB,CAAC,CAAC;QAC9D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;IAChC,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,QAAQ,CACN,kBAA0B,EAC1B,iBAAyB,EACzB,iBAAyB,EACzB,YAAoB,EACpB,gBAAwB,EACxB,kBAA0B;QAE1B,mBAAmB;QACnB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,IAAI,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,IAAI,qBAAqB,EAAE,CAAC;YACxD,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,iBAAiB,CAAC,CAAC;YACtD,IAAI,CAAC,SAAS,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,qBAAqB,qBAAqB,iCAAiC,CAAC,CAAC;QAC/F,CAAC;QAED,yCAAyC;QACzC,MAAM,iBAAiB,GAAG,MAAM,CAAC,MAAM,CAAC;YACtC,MAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE,OAAO,CAAC;YACrD,iBAAiB;SAClB,CAAC,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC;QAChE,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,aAAa,CAAC,EAAE,CAAC;YAChE,IAAI,CAAC,QAAQ,CAAC,mBAAmB,EAAE,iBAAiB,CAAC,CAAC;YACtD,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YAClE,IAAI,CAAC,SAAS,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,uEAAuE,CAAC,CAAC;QAC3F,CAAC;QAED,kCAAkC;QAClC,MAAM,OAAO,GAAG,sBAAsB,CAAC,iBAAiB,EAAE,YAAY,CAAC,CAAC;QACxE,MAAM,iBAAiB,GAAG,IAAI,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC;QAE5D,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,OAAO,GAAsB;YACjC,iBAAiB;YACjB,YAAY,EAAE,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAC7C,iBAAiB,EAAE,iBAAiB,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACvD,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE;YAC5B,MAAM,EAAE,SAAS;YACjB,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,oBAAoB,CAAC,CAAC,WAAW,EAAE;SACxE,CAAC;QAEF,IAAI,CAAC,KAAK,CAAC,OAAO,GAAG,OAAO,CAAC;QAC7B,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAC3D,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,iBAAiB,EAAE,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC9E,IAAI,CAAC,SAAS,EAAE,CAAC;QAEjB,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,iBAAyB,EAAE,gBAAwB;QACxD,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACnE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,qEAAqE;QACrE,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC;YAClC,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,OAAO,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,OAAO,CAAC;SACnD,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,EAAE,aAAa,CAAC,CAAC;QACzD,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,aAAa,EAAE,SAAS,CAAC,EAAE,CAAC;YACxD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,WAAW,CAAC;QACxC,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;QAC9D,IAAI,CAAC,SAAS,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,GAAU;QACzB,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACnE,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;QAClD,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;QAEnE,IAAI,WAAW,IAAI,SAAS,EAAE,CAAC;YAC7B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,GAAG,QAAQ,CAAC;YACrC,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC;YAChE,IAAI,CAAC,SAAS,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC;QAC5B,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,UAAU;QACR,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;IAC9E,CAAC;IAED;;OAEG;IACH,WAAW;QACT,OAAO,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,oBAAoB;QAClB,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,qBAAqB,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACzE,CAAC;IAED,mEAAmE;IAE3D,gBAAgB;QACtB,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,oBAAoB,CAAC;QACjD,IAAI,CAAC,KAAK,CAAC,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAC9C,CAAC,CAAC,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,MAAM,CAC9C,CAAC;IACJ,CAAC;IAEO,QAAQ,CACd,MAAsC,EACtC,iBAAyB,EACzB,YAAqB;QAErB,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;YACvB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,MAAM;YACN,iBAAiB;YACjB,GAAG,CAAC,YAAY,IAAI,EAAE,YAAY,EAAE,CAAC;SACtC,CAAC,CAAC;IACL,CAAC;IAEO,SAAS;QACf,IAAI,CAAC;YACH,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;gBAClC,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QACxB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;IACvD,CAAC;IAEO,SAAS;QACf,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAChE,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,SAAS,IAAI,OAAO,CAAC,GAAG,MAAM,CAAC;QACvD,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAChF,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACzC,CAAC;CACF;AAED,wEAAwE;AAExE,SAAS,sBAAsB,CAAC,iBAAyB,EAAE,YAAoB;IAC7E,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC,CAAC;IACrD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC,CAAC;IACrD,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IAC1B,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;AACvB,CAAC"}

package/dist/identity/KeyRotation.d.ts

@@ -0,0 +1,43 @@
+/**
+ * KeyRotation — Ed25519 key rotation with dual-signed proofs.
+ *
+ * Spec Section 3.10:
+ * - Generate new keypair
+ * - Sign rotation proof with BOTH old and new keys
+ * - Broadcast to contacts and MoltBridge
+ * - Old key enters 72h grace period (can verify old sigs, can't create new grants)
+ * - After grace period, old key permanently revoked
+ */
+import { type RotationProof } from './types.js';
+/**
+ * Generate a new keypair and create a dual-signed rotation proof.
+ *
+ * Both the old and new private keys sign the same rotation payload,
+ * proving the holder controls both keys.
+ */
+export declare function createRotation(oldPrivateKey: Buffer, oldPublicKey: Buffer, reason: string): {
+    newKeypair: {
+        publicKey: Buffer;
+        privateKey: Buffer;
+    };
+    proof: RotationProof;
+};
+/**
+ * Verify a rotation proof: both signatures must be valid.
+ */
+export declare function verifyRotationProof(proof: RotationProof): boolean;
+/**
+ * Check if a rotation is within the grace period.
+ *
+ * During grace: old key can verify old signatures but not create new grants.
+ * After grace: old key is permanently revoked.
+ */
+export declare function isWithinGracePeriod(rotationTimestamp: string, now?: Date): boolean;
+/**
+ * Compute the canonical ID for the new key after rotation.
+ */
+export declare function computeRotatedCanonicalId(newPublicKey: Buffer): {
+    canonicalId: string;
+    displayFingerprint: string;
+};
+//# sourceMappingURL=KeyRotation.d.ts.map

package/dist/identity/KeyRotation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"KeyRotation.d.ts","sourceRoot":"","sources":["../../src/identity/KeyRotation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAIH,OAAO,EAAwE,KAAK,aAAa,EAAE,MAAM,YAAY,CAAC;AAQtH;;;;;GAKG;AACH,wBAAgB,cAAc,CAC5B,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,GACb;IAAE,UAAU,EAAE;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,UAAU,EAAE,MAAM,CAAA;KAAE,CAAC;IAAC,KAAK,EAAE,aAAa,CAAA;CAAE,CAmBjF;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,aAAa,GAAG,OAAO,CAUjE;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,iBAAiB,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,IAAI,GAAG,OAAO,CAIlF;AAED;;GAEG;AACH,wBAAgB,yBAAyB,CAAC,YAAY,EAAE,MAAM,GAAG;IAC/D,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;CAC5B,CAMA"}