instar 0.26.11 → 0.27.2

package/dist/identity/KeyRotation.js

@@ -0,0 +1,81 @@
+/**
+ * KeyRotation — Ed25519 key rotation with dual-signed proofs.
+ *
+ * Spec Section 3.10:
+ * - Generate new keypair
+ * - Sign rotation proof with BOTH old and new keys
+ * - Broadcast to contacts and MoltBridge
+ * - Old key enters 72h grace period (can verify old sigs, can't create new grants)
+ * - After grace period, old key permanently revoked
+ */
+import crypto from 'node:crypto';
+import { generateIdentityKeyPair, sign, verify } from '../threadline/ThreadlineCrypto.js';
+import { computeCanonicalId, computeDisplayFingerprint, KEY_ROTATION_GRACE_MS } from './types.js';
+// ── Constants ────────────────────────────────────────────────────────
+const ROTATION_PROOF_DOMAIN = 'instar-key-rotation-v1';
+// ── Public API ───────────────────────────────────────────────────────
+/**
+ * Generate a new keypair and create a dual-signed rotation proof.
+ *
+ * Both the old and new private keys sign the same rotation payload,
+ * proving the holder controls both keys.
+ */
+export function createRotation(oldPrivateKey, oldPublicKey, reason) {
+    const newKeypair = generateIdentityKeyPair();
+    const timestamp = new Date().toISOString();
+    const message = buildRotationMessage(oldPublicKey, newKeypair.publicKey, timestamp, reason);
+    const oldKeySignature = sign(oldPrivateKey, message);
+    const newKeySignature = sign(newKeypair.privateKey, message);
+    const proof = {
+        oldPublicKey: oldPublicKey.toString('base64'),
+        newPublicKey: newKeypair.publicKey.toString('base64'),
+        timestamp,
+        reason,
+        oldKeySignature: oldKeySignature.toString('base64'),
+        newKeySignature: newKeySignature.toString('base64'),
+    };
+    return { newKeypair, proof };
+}
+/**
+ * Verify a rotation proof: both signatures must be valid.
+ */
+export function verifyRotationProof(proof) {
+    const oldPub = Buffer.from(proof.oldPublicKey, 'base64');
+    const newPub = Buffer.from(proof.newPublicKey, 'base64');
+    const message = buildRotationMessage(oldPub, newPub, proof.timestamp, proof.reason);
+    const oldSigValid = verify(oldPub, message, Buffer.from(proof.oldKeySignature, 'base64'));
+    const newSigValid = verify(newPub, message, Buffer.from(proof.newKeySignature, 'base64'));
+    return oldSigValid && newSigValid;
+}
+/**
+ * Check if a rotation is within the grace period.
+ *
+ * During grace: old key can verify old signatures but not create new grants.
+ * After grace: old key is permanently revoked.
+ */
+export function isWithinGracePeriod(rotationTimestamp, now) {
+    const rotatedAt = new Date(rotationTimestamp).getTime();
+    const currentTime = (now ?? new Date()).getTime();
+    return currentTime - rotatedAt < KEY_ROTATION_GRACE_MS;
+}
+/**
+ * Compute the canonical ID for the new key after rotation.
+ */
+export function computeRotatedCanonicalId(newPublicKey) {
+    const canonicalId = computeCanonicalId(newPublicKey);
+    return {
+        canonicalId,
+        displayFingerprint: computeDisplayFingerprint(canonicalId),
+    };
+}
+// ── Internal ─────────────────────────────────────────────────────────
+function buildRotationMessage(oldPub, newPub, timestamp, reason) {
+    const hash = crypto.createHash('sha256');
+    hash.update(Buffer.from(ROTATION_PROOF_DOMAIN, 'utf-8'));
+    hash.update(oldPub);
+    hash.update(newPub);
+    hash.update(Buffer.from(timestamp, 'utf-8'));
+    hash.update(Buffer.from(reason, 'utf-8'));
+    return hash.digest();
+}
+//# sourceMappingURL=KeyRotation.js.map

package/dist/identity/KeyRotation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"KeyRotation.js","sourceRoot":"","sources":["../../src/identity/KeyRotation.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,uBAAuB,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAC;AAC1F,OAAO,EAAE,kBAAkB,EAAE,yBAAyB,EAAE,qBAAqB,EAAsB,MAAM,YAAY,CAAC;AAEtH,wEAAwE;AAExE,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AAEvD,wEAAwE;AAExE;;;;;GAKG;AACH,MAAM,UAAU,cAAc,CAC5B,aAAqB,EACrB,YAAoB,EACpB,MAAc;IAEd,MAAM,UAAU,GAAG,uBAAuB,EAAE,CAAC;IAC7C,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAE3C,MAAM,OAAO,GAAG,oBAAoB,CAAC,YAAY,EAAE,UAAU,CAAC,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC;IAE5F,MAAM,eAAe,GAAG,IAAI,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IACrD,MAAM,eAAe,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IAE7D,MAAM,KAAK,GAAkB;QAC3B,YAAY,EAAE,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAC7C,YAAY,EAAE,UAAU,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACrD,SAAS;QACT,MAAM;QACN,eAAe,EAAE,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC;QACnD,eAAe,EAAE,eAAe,CAAC,QAAQ,CAAC,QAAQ,CAAC;KACpD,CAAC;IAEF,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,KAAoB;IACtD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IACzD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAEzD,MAAM,OAAO,GAAG,oBAAoB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAEpF,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC,CAAC;IAC1F,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC,CAAC;IAE1F,OAAO,WAAW,IAAI,WAAW,CAAC;AACpC,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,iBAAyB,EAAE,GAAU;IACvE,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,iBAAiB,CAAC,CAAC,OAAO,EAAE,CAAC;IACxD,MAAM,WAAW,GAAG,CAAC,GAAG,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;IAClD,OAAO,WAAW,GAAG,SAAS,GAAG,qBAAqB,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,YAAoB;IAI5D,MAAM,WAAW,GAAG,kBAAkB,CAAC,YAAY,CAAC,CAAC;IACrD,OAAO;QACL,WAAW;QACX,kBAAkB,EAAE,yBAAyB,CAAC,WAAW,CAAC;KAC3D,CAAC;AACJ,CAAC;AAED,wEAAwE;AAExE,SAAS,oBAAoB,CAC3B,MAAc,EACd,MAAc,EACd,SAAiB,EACjB,MAAc;IAEd,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,qBAAqB,EAAE,OAAO,CAAC,CAAC,CAAC;IACzD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACpB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IACpB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;IAC7C,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC1C,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;AACvB,CAAC"}

package/dist/identity/Migration.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Migration — Bridge legacy Threadline identity to canonical identity.
+ *
+ * Legacy: {stateDir}/threadline/identity.json (unencrypted, fingerprint-based)
+ * Canonical: {stateDir}/identity.json (encrypted, canonical ID + display fingerprint)
+ *
+ * Migration preserves the same Ed25519 keypair — only the storage location
+ * and metadata format change. The agent's identity (public key) doesn't change.
+ */
+import { type CanonicalIdentity } from './types.js';
+export interface MigrationOptions {
+    /** Passphrase to encrypt the private key in the new format. Omit for dev mode. */
+    passphrase?: string;
+    /** Skip recovery phrase generation. */
+    skipRecovery?: boolean;
+}
+export interface MigrationResult {
+    identity: CanonicalIdentity;
+    /** The 24-word recovery phrase, if generated. Show to user once. */
+    recoveryPhrase?: string;
+    /** Path to the legacy file that was migrated from. */
+    legacyPath: string;
+}
+/**
+ * Check if a legacy Threadline identity exists.
+ */
+export declare function hasLegacyIdentity(stateDir: string): boolean;
+/**
+ * Check if a canonical identity already exists.
+ */
+export declare function hasCanonicalIdentity(stateDir: string): boolean;
+/**
+ * Migrate a legacy Threadline identity to the canonical format.
+ *
+ * Reads the legacy identity, creates the canonical identity.json with the
+ * same keypair, and optionally encrypts the private key. The legacy file
+ * is NOT deleted (preserved for rollback per spec Section 3.10).
+ *
+ * @returns The migrated identity and optional recovery phrase.
+ * @throws If no legacy identity exists or canonical already exists.
+ */
+export declare function migrateFromLegacy(stateDir: string, options?: MigrationOptions): MigrationResult;
+/**
+ * Get the legacy Threadline fingerprint for backward compatibility mapping.
+ *
+ * Returns the old-style fingerprint (first 16 bytes of public key, hex)
+ * so existing Threadline contacts can still find this agent during migration.
+ */
+export declare function getLegacyFingerprint(stateDir: string): string | null;
+//# sourceMappingURL=Migration.d.ts.map

package/dist/identity/Migration.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Migration.d.ts","sourceRoot":"","sources":["../../src/identity/Migration.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAYH,OAAO,EAKL,KAAK,iBAAiB,EACvB,MAAM,YAAY,CAAC;AAapB,MAAM,WAAW,gBAAgB;IAC/B,kFAAkF;IAClF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,uCAAuC;IACvC,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,oEAAoE;IACpE,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,sDAAsD;IACtD,UAAU,EAAE,MAAM,CAAC;CACpB;AAID;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAE3D;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAE9D;AAED;;;;;;;;;GASG;AACH,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,OAAO,GAAE,gBAAqB,GAC7B,eAAe,CA8EjB;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CASpE"}

package/dist/identity/Migration.js

@@ -0,0 +1,125 @@
+/**
+ * Migration — Bridge legacy Threadline identity to canonical identity.
+ *
+ * Legacy: {stateDir}/threadline/identity.json (unencrypted, fingerprint-based)
+ * Canonical: {stateDir}/identity.json (encrypted, canonical ID + display fingerprint)
+ *
+ * Migration preserves the same Ed25519 keypair — only the storage location
+ * and metadata format change. The agent's identity (public key) doesn't change.
+ */
+import fs from 'node:fs';
+import path from 'node:path';
+import { deriveX25519PublicKey } from '../threadline/client/MessageEncryptor.js';
+import { encryptPrivateKey, generateSalt } from './KeyEncryption.js';
+import { generateRecoveryPhrase, deriveRecoveryKeypair, createRecoveryCommitment, generateRecoverySalt, } from './RecoveryPhrase.js';
+import { computeCanonicalId, computeDisplayFingerprint, IDENTITY_SCHEMA_VERSION, } from './types.js';
+// ── Public API ───────────────────────────────────────────────────────
+/**
+ * Check if a legacy Threadline identity exists.
+ */
+export function hasLegacyIdentity(stateDir) {
+    return fs.existsSync(path.join(stateDir, 'threadline', 'identity.json'));
+}
+/**
+ * Check if a canonical identity already exists.
+ */
+export function hasCanonicalIdentity(stateDir) {
+    return fs.existsSync(path.join(stateDir, 'identity.json'));
+}
+/**
+ * Migrate a legacy Threadline identity to the canonical format.
+ *
+ * Reads the legacy identity, creates the canonical identity.json with the
+ * same keypair, and optionally encrypts the private key. The legacy file
+ * is NOT deleted (preserved for rollback per spec Section 3.10).
+ *
+ * @returns The migrated identity and optional recovery phrase.
+ * @throws If no legacy identity exists or canonical already exists.
+ */
+export function migrateFromLegacy(stateDir, options = {}) {
+    const legacyPath = path.join(stateDir, 'threadline', 'identity.json');
+    const canonicalPath = path.join(stateDir, 'identity.json');
+    if (!fs.existsSync(legacyPath)) {
+        throw new Error('No legacy identity found at ' + legacyPath);
+    }
+    if (fs.existsSync(canonicalPath)) {
+        throw new Error('Canonical identity already exists — migration not needed');
+    }
+    // Read legacy identity
+    const legacyRaw = JSON.parse(fs.readFileSync(legacyPath, 'utf-8'));
+    const publicKey = Buffer.from(legacyRaw.publicKey, 'base64');
+    const privateKey = Buffer.from(legacyRaw.privateKey, 'base64');
+    // Compute new canonical identifiers
+    const canonicalId = computeCanonicalId(publicKey);
+    const displayFingerprint = computeDisplayFingerprint(canonicalId);
+    // Recovery phrase
+    let recoveryPhrase;
+    let recoveryCommitment;
+    let recoverySalt;
+    if (!options.skipRecovery) {
+        recoveryPhrase = generateRecoveryPhrase();
+        const rSalt = generateRecoverySalt();
+        const recoveryKeypair = deriveRecoveryKeypair(recoveryPhrase, rSalt);
+        recoveryCommitment = createRecoveryCommitment(recoveryKeypair.publicKey, privateKey);
+        recoverySalt = rSalt.toString('base64');
+    }
+    // Encrypt private key
+    let privateKeyData;
+    let keySalt;
+    if (options.passphrase !== undefined) {
+        const salt = generateSalt();
+        privateKeyData = encryptPrivateKey(privateKey, options.passphrase, salt);
+        keySalt = salt.toString('base64');
+    }
+    else {
+        privateKeyData = legacyRaw.privateKey; // keep the same base64
+    }
+    // Build canonical identity file
+    const file = {
+        version: IDENTITY_SCHEMA_VERSION,
+        publicKey: legacyRaw.publicKey,
+        privateKey: privateKeyData,
+        privateKeyEncryption: options.passphrase !== undefined ? 'xchacha20-poly1305+argon2id' : 'none',
+        ...(keySalt && { keySalt }),
+        canonicalId,
+        displayFingerprint,
+        ...(recoveryCommitment && { recoveryCommitment }),
+        ...(recoverySalt && { recoverySalt }),
+        createdAt: legacyRaw.createdAt,
+    };
+    // Write canonical identity (legacy file preserved for rollback)
+    fs.mkdirSync(path.dirname(canonicalPath), { recursive: true });
+    const tmpPath = `${canonicalPath}.${process.pid}.tmp`;
+    fs.writeFileSync(tmpPath, JSON.stringify(file, null, 2), { mode: 0o600 });
+    fs.renameSync(tmpPath, canonicalPath);
+    const identity = {
+        version: IDENTITY_SCHEMA_VERSION,
+        publicKey,
+        privateKey,
+        x25519PublicKey: deriveX25519PublicKey(privateKey),
+        canonicalId,
+        displayFingerprint,
+        createdAt: legacyRaw.createdAt,
+        recoveryCommitment,
+    };
+    return { identity, recoveryPhrase, legacyPath };
+}
+/**
+ * Get the legacy Threadline fingerprint for backward compatibility mapping.
+ *
+ * Returns the old-style fingerprint (first 16 bytes of public key, hex)
+ * so existing Threadline contacts can still find this agent during migration.
+ */
+export function getLegacyFingerprint(stateDir) {
+    const legacyPath = path.join(stateDir, 'threadline', 'identity.json');
+    try {
+        if (!fs.existsSync(legacyPath))
+            return null;
+        const raw = JSON.parse(fs.readFileSync(legacyPath, 'utf-8'));
+        return raw.fingerprint;
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=Migration.js.map

package/dist/identity/Migration.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Migration.js","sourceRoot":"","sources":["../../src/identity/Migration.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,qBAAqB,EAAE,MAAM,0CAA0C,CAAC;AACjF,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AACrE,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,uBAAuB,GAGxB,MAAM,YAAY,CAAC;AA4BpB,wEAAwE;AAExE;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,OAAO,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,EAAE,eAAe,CAAC,CAAC,CAAC;AAC3E,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,QAAgB;IACnD,OAAO,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,iBAAiB,CAC/B,QAAgB,EAChB,UAA4B,EAAE;IAE9B,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,EAAE,eAAe,CAAC,CAAC;IACtE,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;IAE3D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,UAAU,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,EAAE,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IAED,uBAAuB;IACvB,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAuB,CAAC;IACzF,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAE/D,oCAAoC;IACpC,MAAM,WAAW,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;IAClD,MAAM,kBAAkB,GAAG,yBAAyB,CAAC,WAAW,CAAC,CAAC;IAElE,kBAAkB;IAClB,IAAI,cAAkC,CAAC;IACvC,IAAI,kBAAsC,CAAC;IAC3C,IAAI,YAAgC,CAAC;IAErC,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;QAC1B,cAAc,GAAG,sBAAsB,EAAE,CAAC;QAC1C,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAC;QACrC,MAAM,eAAe,GAAG,qBAAqB,CAAC,cAAc,EAAE,KAAK,CAAC,CAAC;QACrE,kBAAkB,GAAG,wBAAwB,CAAC,eAAe,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QACrF,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC1C,CAAC;IAED,sBAAsB;IACtB,IAAI,cAAsB,CAAC;IAC3B,IAAI,OAA2B,CAAC;IAEhC,IAAI,OAAO,CAAC,UAAU,KAAK,SAAS,EAAE,CAAC;QACrC,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;QAC5B,cAAc,GAAG,iBAAiB,CAAC,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;QACzE,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;SAAM,CAAC;QACN,cAAc,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC,uBAAuB;IAChE,CAAC;IAED,gCAAgC;IAChC,MAAM,IAAI,GAAiB;QACzB,OAAO,EAAE,uBAAuB;QAChC,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,UAAU,EAAE,cAAc;QAC1B,oBAAoB,EAAE,OAAO,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,6BAA6B,CAAC,CAAC,CAAC,MAAM;QAC/F,GAAG,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,CAAC;QAC3B,WAAW;QACX,kBAAkB;QAClB,GAAG,CAAC,kBAAkB,IAAI,EAAE,kBAAkB,EAAE,CAAC;QACjD,GAAG,CAAC,YAAY,IAAI,EAAE,YAAY,EAAE,CAAC;QACrC,SAAS,EAAE,SAAS,CAAC,SAAS;KAC/B,CAAC;IAEF,gEAAgE;IAChE,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/D,MAAM,OAAO,GAAG,GAAG,aAAa,IAAI,OAAO,CAAC,GAAG,MAAM,CAAC;IACtD,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1E,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAEtC,MAAM,QAAQ,GAAsB;QAClC,OAAO,EAAE,uBAAuB;QAChC,SAAS;QACT,UAAU;QACV,eAAe,EAAE,qBAAqB,CAAC,UAAU,CAAC;QAClD,WAAW;QACX,kBAAkB;QAClB,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,kBAAkB;KACnB,CAAC;IAEF,OAAO,EAAE,QAAQ,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC;AAClD,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAAC,QAAgB;IACnD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,EAAE,eAAe,CAAC,CAAC;IACtE,IAAI,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;YAAE,OAAO,IAAI,CAAC;QAC5C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAuB,CAAC;QACnF,OAAO,GAAG,CAAC,WAAW,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/identity/RecoveryPhrase.d.ts

@@ -0,0 +1,43 @@
+/**
+ * RecoveryPhrase — BIP-39 mnemonic generation and recovery keypair derivation.
+ *
+ * Spec Section 3.10:
+ * - Recovery keypair is independently CSPRNG-generated, NOT derived from primary key
+ * - Recovery phrase follows BIP-39 (24-word mnemonic, 256 bits of entropy)
+ * - Recovery keypair derivation: Argon2id(mnemonic, per_agent_salt, t=3, m=65536, p=4) → seed → Ed25519
+ * - Recovery commitment: recovery public key signed by primary key
+ */
+/**
+ * Generate a new 24-word BIP-39 mnemonic (256 bits of entropy).
+ */
+export declare function generateRecoveryPhrase(): string;
+/**
+ * Validate a BIP-39 mnemonic phrase.
+ */
+export declare function isValidRecoveryPhrase(phrase: string): boolean;
+/**
+ * Derive an Ed25519 recovery keypair from a mnemonic and per-agent salt.
+ *
+ * Uses Argon2id for key stretching, then feeds the output as an Ed25519 seed.
+ */
+export declare function deriveRecoveryKeypair(mnemonic: string, salt: Buffer): {
+    publicKey: Buffer;
+    privateKey: Buffer;
+};
+/**
+ * Create a recovery commitment: the recovery public key signed by the primary key.
+ *
+ * This is stored in identity.json and registered with MoltBridge at creation time.
+ * Later, during emergency revocation, the recovery key proves it matches the pre-committed key.
+ */
+export declare function createRecoveryCommitment(recoveryPublicKey: Buffer, primaryPrivateKey: Buffer): string;
+/**
+ * Verify a recovery commitment against a primary public key.
+ */
+export declare function verifyRecoveryCommitment(recoveryPublicKey: Buffer, commitment: string, primaryPublicKey: Buffer): boolean;
+/**
+ * Generate a new per-agent salt for recovery key derivation.
+ * This salt is stored in identity.json as recoverySalt.
+ */
+export declare function generateRecoverySalt(): Buffer;
+//# sourceMappingURL=RecoveryPhrase.d.ts.map

package/dist/identity/RecoveryPhrase.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"RecoveryPhrase.d.ts","sourceRoot":"","sources":["../../src/identity/RecoveryPhrase.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAqBH;;GAEG;AACH,wBAAgB,sBAAsB,IAAI,MAAM,CAE/C;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAE7D;AAED;;;;GAIG;AACH,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,GACX;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAE,CAsB3C;AAED;;;;;GAKG;AACH,wBAAgB,wBAAwB,CACtC,iBAAiB,EAAE,MAAM,EACzB,iBAAiB,EAAE,MAAM,GACxB,MAAM,CAOR;AAED;;GAEG;AACH,wBAAgB,wBAAwB,CACtC,iBAAiB,EAAE,MAAM,EACzB,UAAU,EAAE,MAAM,EAClB,gBAAgB,EAAE,MAAM,GACvB,OAAO,CAOT;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,IAAI,MAAM,CAE7C"}

package/dist/identity/RecoveryPhrase.js

@@ -0,0 +1,93 @@
+/**
+ * RecoveryPhrase — BIP-39 mnemonic generation and recovery keypair derivation.
+ *
+ * Spec Section 3.10:
+ * - Recovery keypair is independently CSPRNG-generated, NOT derived from primary key
+ * - Recovery phrase follows BIP-39 (24-word mnemonic, 256 bits of entropy)
+ * - Recovery keypair derivation: Argon2id(mnemonic, per_agent_salt, t=3, m=65536, p=4) → seed → Ed25519
+ * - Recovery commitment: recovery public key signed by primary key
+ */
+import crypto from 'node:crypto';
+import { generateMnemonic, validateMnemonic } from '@scure/bip39';
+import { wordlist } from '@scure/bip39/wordlists/english.js';
+import { argon2id } from '@noble/hashes/argon2.js';
+import { sign, verify } from '../threadline/ThreadlineCrypto.js';
+// ── Constants ────────────────────────────────────────────────────────
+const ARGON2_TIME_COST = 3;
+const ARGON2_MEMORY_KB = 65536;
+const ARGON2_PARALLELISM = 4;
+const ED25519_SEED_LENGTH = 32;
+// Ed25519 PKCS#8 and SPKI prefixes for key wrapping
+const ED25519_PKCS8_PREFIX = Buffer.from('302e020100300506032b657004220420', 'hex');
+const ED25519_SPKI_PREFIX = Buffer.from('302a300506032b6570032100', 'hex');
+// ── Public API ───────────────────────────────────────────────────────
+/**
+ * Generate a new 24-word BIP-39 mnemonic (256 bits of entropy).
+ */
+export function generateRecoveryPhrase() {
+    return generateMnemonic(wordlist, 256);
+}
+/**
+ * Validate a BIP-39 mnemonic phrase.
+ */
+export function isValidRecoveryPhrase(phrase) {
+    return validateMnemonic(phrase, wordlist);
+}
+/**
+ * Derive an Ed25519 recovery keypair from a mnemonic and per-agent salt.
+ *
+ * Uses Argon2id for key stretching, then feeds the output as an Ed25519 seed.
+ */
+export function deriveRecoveryKeypair(mnemonic, salt) {
+    // Derive seed via Argon2id
+    const seed = argon2id(Buffer.from(mnemonic, 'utf-8'), salt, {
+        t: ARGON2_TIME_COST,
+        m: ARGON2_MEMORY_KB,
+        p: ARGON2_PARALLELISM,
+        dkLen: ED25519_SEED_LENGTH,
+    });
+    // Generate Ed25519 keypair from seed
+    const privateKeyObj = crypto.createPrivateKey({
+        key: Buffer.concat([ED25519_PKCS8_PREFIX, Buffer.from(seed)]),
+        format: 'der',
+        type: 'pkcs8',
+    });
+    const publicKeyObj = crypto.createPublicKey(privateKeyObj);
+    return {
+        publicKey: Buffer.from(publicKeyObj.export({ type: 'spki', format: 'der' }).subarray(-32)),
+        privateKey: Buffer.from(seed),
+    };
+}
+/**
+ * Create a recovery commitment: the recovery public key signed by the primary key.
+ *
+ * This is stored in identity.json and registered with MoltBridge at creation time.
+ * Later, during emergency revocation, the recovery key proves it matches the pre-committed key.
+ */
+export function createRecoveryCommitment(recoveryPublicKey, primaryPrivateKey) {
+    const message = Buffer.concat([
+        Buffer.from('instar-recovery-commitment-v1', 'utf-8'),
+        recoveryPublicKey,
+    ]);
+    const signature = sign(primaryPrivateKey, message);
+    return signature.toString('base64');
+}
+/**
+ * Verify a recovery commitment against a primary public key.
+ */
+export function verifyRecoveryCommitment(recoveryPublicKey, commitment, primaryPublicKey) {
+    const message = Buffer.concat([
+        Buffer.from('instar-recovery-commitment-v1', 'utf-8'),
+        recoveryPublicKey,
+    ]);
+    const signature = Buffer.from(commitment, 'base64');
+    return verify(primaryPublicKey, message, signature);
+}
+/**
+ * Generate a new per-agent salt for recovery key derivation.
+ * This salt is stored in identity.json as recoverySalt.
+ */
+export function generateRecoverySalt() {
+    return crypto.randomBytes(32);
+}
+//# sourceMappingURL=RecoveryPhrase.js.map

package/dist/identity/RecoveryPhrase.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"RecoveryPhrase.js","sourceRoot":"","sources":["../../src/identity/RecoveryPhrase.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAqB,MAAM,cAAc,CAAC;AACrF,OAAO,EAAE,QAAQ,EAAE,MAAM,mCAAmC,CAAC;AAC7D,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AACnD,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAC;AAEjE,wEAAwE;AAExE,MAAM,gBAAgB,GAAG,CAAC,CAAC;AAC3B,MAAM,gBAAgB,GAAG,KAAK,CAAC;AAC/B,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAC7B,MAAM,mBAAmB,GAAG,EAAE,CAAC;AAE/B,oDAAoD;AACpD,MAAM,oBAAoB,GAAG,MAAM,CAAC,IAAI,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;AACpF,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE,KAAK,CAAC,CAAC;AAE3E,wEAAwE;AAExE;;GAEG;AACH,MAAM,UAAU,sBAAsB;IACpC,OAAO,gBAAgB,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAc;IAClD,OAAO,gBAAgB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAC5C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CACnC,QAAgB,EAChB,IAAY;IAEZ,2BAA2B;IAC3B,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,IAAI,EAAE;QAC1D,CAAC,EAAE,gBAAgB;QACnB,CAAC,EAAE,gBAAgB;QACnB,CAAC,EAAE,kBAAkB;QACrB,KAAK,EAAE,mBAAmB;KAC3B,CAAC,CAAC;IAEH,qCAAqC;IACrC,MAAM,aAAa,GAAG,MAAM,CAAC,gBAAgB,CAAC;QAC5C,GAAG,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,oBAAoB,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;QAC7D,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,OAAO;KACd,CAAC,CAAC;IAEH,MAAM,YAAY,GAAG,MAAM,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC;IAE3D,OAAO;QACL,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC;QAC1F,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC;KAC9B,CAAC;AACJ,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB,CACtC,iBAAyB,EACzB,iBAAyB;IAEzB,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE,OAAO,CAAC;QACrD,iBAAiB;KAClB,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,IAAI,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;IACnD,OAAO,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB,CACtC,iBAAyB,EACzB,UAAkB,EAClB,gBAAwB;IAExB,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,MAAM,CAAC,IAAI,CAAC,+BAA+B,EAAE,OAAO,CAAC;QACrD,iBAAiB;KAClB,CAAC,CAAC;IACH,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACpD,OAAO,MAAM,CAAC,gBAAgB,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;AACtD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oBAAoB;IAClC,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;AAChC,CAAC"}

package/dist/identity/index.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Identity module — Public API.
+ *
+ * Canonical agent identity management for Instar agents.
+ */
+export { computeCanonicalId, computeDisplayFingerprint, CANONICAL_ID_DOMAIN, IDENTITY_SCHEMA_VERSION, DISPLAY_FINGERPRINT_BYTES, DEFAULT_GRANT_TTL_MS, TRUST_DECAY, KEY_ROTATION_GRACE_MS, RECOVERY_TIMELOCK_MS, MAX_RECOVERY_ATTEMPTS, MIGRATION_DEADLINE_MS, type CanonicalIdentity, type IdentityFile, type PrivateKeyEncryption, type RotationProof, type RevocationRequest, } from './types.js';
+export { CanonicalIdentityManager, type CreateIdentityOptions, type CreateIdentityResult, type LoadIdentityOptions, } from './IdentityManager.js';
+export { encryptPrivateKey, decryptPrivateKey, generateSalt, SALT_BYTES, } from './KeyEncryption.js';
+export { generateRecoveryPhrase, isValidRecoveryPhrase, deriveRecoveryKeypair, createRecoveryCommitment, verifyRecoveryCommitment, generateRecoverySalt, } from './RecoveryPhrase.js';
+export { createRotation, verifyRotationProof, isWithinGracePeriod, computeRotatedCanonicalId, } from './KeyRotation.js';
+export { RevocationManager, type RevocationAuditEntry, type RevocationState, } from './KeyRevocation.js';
+export { hasLegacyIdentity, hasCanonicalIdentity, migrateFromLegacy, getLegacyFingerprint, type MigrationOptions, type MigrationResult, } from './Migration.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/identity/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/identity/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,mBAAmB,EACnB,uBAAuB,EACvB,yBAAyB,EACzB,oBAAoB,EACpB,WAAW,EACX,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,qBAAqB,EACrB,KAAK,iBAAiB,EACtB,KAAK,YAAY,EACjB,KAAK,oBAAoB,EACzB,KAAK,aAAa,EAClB,KAAK,iBAAiB,GACvB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACL,wBAAwB,EACxB,KAAK,qBAAqB,EAC1B,KAAK,oBAAoB,EACzB,KAAK,mBAAmB,GACzB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,YAAY,EACZ,UAAU,GACX,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,qBAAqB,EACrB,wBAAwB,EACxB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,mBAAmB,EACnB,yBAAyB,GAC1B,MAAM,kBAAkB,CAAC;AAG1B,OAAO,EACL,iBAAiB,EACjB,KAAK,oBAAoB,EACzB,KAAK,eAAe,GACrB,MAAM,oBAAoB,CAAC;AAG5B,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,iBAAiB,EACjB,oBAAoB,EACpB,KAAK,gBAAgB,EACrB,KAAK,eAAe,GACrB,MAAM,gBAAgB,CAAC"}

package/dist/identity/index.js

@@ -0,0 +1,20 @@
+/**
+ * Identity module — Public API.
+ *
+ * Canonical agent identity management for Instar agents.
+ */
+// Types and constants
+export { computeCanonicalId, computeDisplayFingerprint, CANONICAL_ID_DOMAIN, IDENTITY_SCHEMA_VERSION, DISPLAY_FINGERPRINT_BYTES, DEFAULT_GRANT_TTL_MS, TRUST_DECAY, KEY_ROTATION_GRACE_MS, RECOVERY_TIMELOCK_MS, MAX_RECOVERY_ATTEMPTS, MIGRATION_DEADLINE_MS, } from './types.js';
+// Identity manager
+export { CanonicalIdentityManager, } from './IdentityManager.js';
+// Key encryption
+export { encryptPrivateKey, decryptPrivateKey, generateSalt, SALT_BYTES, } from './KeyEncryption.js';
+// Recovery phrase
+export { generateRecoveryPhrase, isValidRecoveryPhrase, deriveRecoveryKeypair, createRecoveryCommitment, verifyRecoveryCommitment, generateRecoverySalt, } from './RecoveryPhrase.js';
+// Key rotation
+export { createRotation, verifyRotationProof, isWithinGracePeriod, computeRotatedCanonicalId, } from './KeyRotation.js';
+// Key revocation
+export { RevocationManager, } from './KeyRevocation.js';
+// Migration
+export { hasLegacyIdentity, hasCanonicalIdentity, migrateFromLegacy, getLegacyFingerprint, } from './Migration.js';
+//# sourceMappingURL=index.js.map

package/dist/identity/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/identity/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,sBAAsB;AACtB,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,mBAAmB,EACnB,uBAAuB,EACvB,yBAAyB,EACzB,oBAAoB,EACpB,WAAW,EACX,qBAAqB,EACrB,oBAAoB,EACpB,qBAAqB,EACrB,qBAAqB,GAMtB,MAAM,YAAY,CAAC;AAEpB,mBAAmB;AACnB,OAAO,EACL,wBAAwB,GAIzB,MAAM,sBAAsB,CAAC;AAE9B,iBAAiB;AACjB,OAAO,EACL,iBAAiB,EACjB,iBAAiB,EACjB,YAAY,EACZ,UAAU,GACX,MAAM,oBAAoB,CAAC;AAE5B,kBAAkB;AAClB,OAAO,EACL,sBAAsB,EACtB,qBAAqB,EACrB,qBAAqB,EACrB,wBAAwB,EACxB,wBAAwB,EACxB,oBAAoB,GACrB,MAAM,qBAAqB,CAAC;AAE7B,eAAe;AACf,OAAO,EACL,cAAc,EACd,mBAAmB,EACnB,mBAAmB,EACnB,yBAAyB,GAC1B,MAAM,kBAAkB,CAAC;AAE1B,iBAAiB;AACjB,OAAO,EACL,iBAAiB,GAGlB,MAAM,oBAAoB,CAAC;AAE5B,YAAY;AACZ,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,iBAAiB,EACjB,oBAAoB,GAGrB,MAAM,gBAAgB,CAAC"}

package/dist/identity/types.d.ts

@@ -0,0 +1,101 @@
+/**
+ * Identity types — Canonical agent identity schema.
+ *
+ * Implements the Unified Threadline spec (v0.6.0) Section 3.3:
+ * - Single Ed25519 keypair shared across all systems
+ * - Canonical Agent ID: SHA-256 with domain separation
+ * - Display fingerprint: first 8 bytes of canonical ID
+ */
+/** Domain separation prefix for canonical agent ID derivation */
+export declare const CANONICAL_ID_DOMAIN = "instar-agent-id-v1";
+/** Schema version for identity.json */
+export declare const IDENTITY_SCHEMA_VERSION = 1;
+/** Display fingerprint length in bytes (8 bytes = 16 hex chars) */
+export declare const DISPLAY_FINGERPRINT_BYTES = 8;
+/** Default TTL for authorization grants (4 hours in ms) */
+export declare const DEFAULT_GRANT_TTL_MS: number;
+/** Trust decay periods (Section 3.7) */
+export declare const TRUST_DECAY: {
+    readonly trustedToVerifiedDays: 90;
+    readonly verifiedToUntrustedDays: 180;
+};
+/** Key rotation grace period (72 hours in ms) */
+export declare const KEY_ROTATION_GRACE_MS: number;
+/** Recovery time-lock duration (24 hours in ms) */
+export declare const RECOVERY_TIMELOCK_MS: number;
+/** Max recovery attempts per 24h period */
+export declare const MAX_RECOVERY_ATTEMPTS = 3;
+/** Dual-key migration deadline (30 days in ms) */
+export declare const MIGRATION_DEADLINE_MS: number;
+/** Private key encryption methods */
+export type PrivateKeyEncryption = 'xchacha20-poly1305+argon2id' | 'none';
+/**
+ * On-disk identity file schema (identity.json).
+ * Private key is encrypted at rest unless in dev mode.
+ */
+export interface IdentityFile {
+    version: typeof IDENTITY_SCHEMA_VERSION;
+    publicKey: string;
+    privateKey: string;
+    privateKeyEncryption: PrivateKeyEncryption;
+    keySalt?: string;
+    canonicalId: string;
+    displayFingerprint: string;
+    recoveryCommitment?: string;
+    recoverySalt?: string;
+    createdAt: string;
+    migrationComplete?: boolean;
+    migrationCompletedAt?: string;
+}
+/**
+ * In-memory identity with decrypted keys.
+ */
+export interface CanonicalIdentity {
+    version: number;
+    publicKey: Buffer;
+    privateKey: Buffer;
+    x25519PublicKey: Buffer;
+    canonicalId: string;
+    displayFingerprint: string;
+    createdAt: string;
+    recoveryCommitment?: string;
+    migrationComplete?: boolean;
+}
+/**
+ * Key rotation proof — dual-signed by old and new keys.
+ */
+export interface RotationProof {
+    oldPublicKey: string;
+    newPublicKey: string;
+    timestamp: string;
+    reason: string;
+    oldKeySignature: string;
+    newKeySignature: string;
+}
+/**
+ * Recovery revocation request.
+ */
+export interface RevocationRequest {
+    targetCanonicalId: string;
+    newPublicKey: string;
+    recoverySignature: string;
+    timestamp: string;
+    status: 'pending' | 'active' | 'cancelled';
+    expiresAt: string;
+}
+/**
+ * Compute the canonical agent ID from an Ed25519 public key.
+ *
+ * canonicalId = SHA-256("instar-agent-id-v1" || publicKey)
+ *
+ * This is the stable identifier used across all systems.
+ */
+export declare function computeCanonicalId(publicKey: Buffer): string;
+/**
+ * Compute the display fingerprint from a canonical ID.
+ *
+ * First 8 bytes (16 hex chars) for human-readable display.
+ * Never used for security-critical operations.
+ */
+export declare function computeDisplayFingerprint(canonicalId: string): string;
+//# sourceMappingURL=types.d.ts.map

package/dist/identity/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/identity/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAMH,iEAAiE;AACjE,eAAO,MAAM,mBAAmB,uBAAuB,CAAC;AAExD,uCAAuC;AACvC,eAAO,MAAM,uBAAuB,IAAI,CAAC;AAEzC,mEAAmE;AACnE,eAAO,MAAM,yBAAyB,IAAI,CAAC;AAE3C,2DAA2D;AAC3D,eAAO,MAAM,oBAAoB,QAAqB,CAAC;AAEvD,wCAAwC;AACxC,eAAO,MAAM,WAAW;;;CAGd,CAAC;AAEX,iDAAiD;AACjD,eAAO,MAAM,qBAAqB,QAAsB,CAAC;AAEzD,mDAAmD;AACnD,eAAO,MAAM,oBAAoB,QAAsB,CAAC;AAExD,2CAA2C;AAC3C,eAAO,MAAM,qBAAqB,IAAI,CAAC;AAEvC,kDAAkD;AAClD,eAAO,MAAM,qBAAqB,QAA2B,CAAC;AAI9D,qCAAqC;AACrC,MAAM,MAAM,oBAAoB,GAAG,6BAA6B,GAAG,MAAM,CAAC;AAE1E;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,uBAAuB,CAAC;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,oBAAoB,EAAE,oBAAoB,CAAC;IAC3C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,OAAO,CAAC;IAC5B,oBAAoB,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,iBAAiB,CAAC,EAAE,OAAO,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;CACzB;AAED;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,SAAS,GAAG,QAAQ,GAAG,WAAW,CAAC;IAC3C,SAAS,EAAE,MAAM,CAAC;CACnB;AAID;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAK5D;AAED;;;;;GAKG;AACH,wBAAgB,yBAAyB,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAErE"}

package/dist/identity/types.js

@@ -0,0 +1,55 @@
+/**
+ * Identity types — Canonical agent identity schema.
+ *
+ * Implements the Unified Threadline spec (v0.6.0) Section 3.3:
+ * - Single Ed25519 keypair shared across all systems
+ * - Canonical Agent ID: SHA-256 with domain separation
+ * - Display fingerprint: first 8 bytes of canonical ID
+ */
+import crypto from 'node:crypto';
+// ── Constants ────────────────────────────────────────────────────────
+/** Domain separation prefix for canonical agent ID derivation */
+export const CANONICAL_ID_DOMAIN = 'instar-agent-id-v1';
+/** Schema version for identity.json */
+export const IDENTITY_SCHEMA_VERSION = 1;
+/** Display fingerprint length in bytes (8 bytes = 16 hex chars) */
+export const DISPLAY_FINGERPRINT_BYTES = 8;
+/** Default TTL for authorization grants (4 hours in ms) */
+export const DEFAULT_GRANT_TTL_MS = 4 * 60 * 60 * 1000;
+/** Trust decay periods (Section 3.7) */
+export const TRUST_DECAY = {
+    trustedToVerifiedDays: 90,
+    verifiedToUntrustedDays: 180,
+};
+/** Key rotation grace period (72 hours in ms) */
+export const KEY_ROTATION_GRACE_MS = 72 * 60 * 60 * 1000;
+/** Recovery time-lock duration (24 hours in ms) */
+export const RECOVERY_TIMELOCK_MS = 24 * 60 * 60 * 1000;
+/** Max recovery attempts per 24h period */
+export const MAX_RECOVERY_ATTEMPTS = 3;
+/** Dual-key migration deadline (30 days in ms) */
+export const MIGRATION_DEADLINE_MS = 30 * 24 * 60 * 60 * 1000;
+// ── Derivation Functions ─────────────────────────────────────────────
+/**
+ * Compute the canonical agent ID from an Ed25519 public key.
+ *
+ * canonicalId = SHA-256("instar-agent-id-v1" || publicKey)
+ *
+ * This is the stable identifier used across all systems.
+ */
+export function computeCanonicalId(publicKey) {
+    const hash = crypto.createHash('sha256');
+    hash.update(Buffer.from(CANONICAL_ID_DOMAIN, 'utf-8'));
+    hash.update(publicKey);
+    return hash.digest('hex');
+}
+/**
+ * Compute the display fingerprint from a canonical ID.
+ *
+ * First 8 bytes (16 hex chars) for human-readable display.
+ * Never used for security-critical operations.
+ */
+export function computeDisplayFingerprint(canonicalId) {
+    return canonicalId.slice(0, DISPLAY_FINGERPRINT_BYTES * 2);
+}
+//# sourceMappingURL=types.js.map

package/dist/identity/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/identity/types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC,wEAAwE;AAExE,iEAAiE;AACjE,MAAM,CAAC,MAAM,mBAAmB,GAAG,oBAAoB,CAAC;AAExD,uCAAuC;AACvC,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC;AAEzC,mEAAmE;AACnE,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC;AAE3C,2DAA2D;AAC3D,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAEvD,wCAAwC;AACxC,MAAM,CAAC,MAAM,WAAW,GAAG;IACzB,qBAAqB,EAAE,EAAE;IACzB,uBAAuB,EAAE,GAAG;CACpB,CAAC;AAEX,iDAAiD;AACjD,MAAM,CAAC,MAAM,qBAAqB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAEzD,mDAAmD;AACnD,MAAM,CAAC,MAAM,oBAAoB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAExD,2CAA2C;AAC3C,MAAM,CAAC,MAAM,qBAAqB,GAAG,CAAC,CAAC;AAEvC,kDAAkD;AAClD,MAAM,CAAC,MAAM,qBAAqB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAiE9D,wEAAwE;AAExE;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,SAAiB;IAClD,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IACzC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,OAAO,CAAC,CAAC,CAAC;IACvD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACvB,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC5B,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CAAC,WAAmB;IAC3D,OAAO,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,yBAAyB,GAAG,CAAC,CAAC,CAAC;AAC7D,CAAC"}

package/dist/knowledge/TreeTriage.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"TreeTriage.d.ts","sourceRoot":"","sources":["../../src/knowledge/TreeTriage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,KAAK,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAyFtF;;;;;GAKG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,YAAY,CAA8B;IAClD,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,aAAa,CAAS;gBAElB,YAAY,EAAE,oBAAoB,GAAG,IAAI,EAAE,SAAS,CAAC,EAAE,MAAM;IAMzE,IAAI,kBAAkB,IAAI,MAAM,CAE/B;IAED;;OAEG;IACH,OAAO,CAAC,aAAa;IAUrB;;;;;;;;;OASG;IACG,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC,YAAY,CAAC;IAwDhF;;OAEG;IACH,oBAAoB,CAClB,MAAM,EAAE,kBAAkB,EAAE,EAC5B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC7B,kBAAkB,EAAE;IAIvB;;;OAGG;IACH,mBAAmB,CACjB,KAAK,EAAE,iBAAiB,EAAE,EAC1B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACjC,iBAAiB,EAAE;IAOtB;;;OAGG;IACH,OAAO,CAAC,UAAU;IAkDlB;;;OAGG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,EAAE;IAU1E;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAuCzB;;;OAGG;YACW,aAAa;IA8B3B;;;OAGG;IACH,OAAO,CAAC,uBAAuB;YAkCjB,SAAS;IA6BvB,OAAO,CAAC,mBAAmB;IA4B3B,OAAO,CAAC,oBAAoB;CA2B7B"}
+{"version":3,"file":"TreeTriage.d.ts","sourceRoot":"","sources":["../../src/knowledge/TreeTriage.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAC7D,OAAO,KAAK,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAkGtF;;;;;GAKG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,YAAY,CAA8B;IAClD,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,aAAa,CAAS;gBAElB,YAAY,EAAE,oBAAoB,GAAG,IAAI,EAAE,SAAS,CAAC,EAAE,MAAM;IAMzE,IAAI,kBAAkB,IAAI,MAAM,CAE/B;IAED;;OAEG;IACH,OAAO,CAAC,aAAa;IAUrB;;;;;;;;;OASG;IACG,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,OAAO,CAAC,YAAY,CAAC;IAwDhF;;OAEG;IACH,oBAAoB,CAClB,MAAM,EAAE,kBAAkB,EAAE,EAC5B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAC7B,kBAAkB,EAAE;IAIvB;;;OAGG;IACH,mBAAmB,CACjB,KAAK,EAAE,iBAAiB,EAAE,EAC1B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACjC,iBAAiB,EAAE;IAOtB;;;OAGG;IACH,OAAO,CAAC,UAAU;IAkDlB;;;OAGG;IACH,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,EAAE;IAU1E;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAuCzB;;;OAGG;YACW,aAAa;IA8B3B;;;OAGG;IACH,OAAO,CAAC,uBAAuB;YAkCjB,SAAS;IA6BvB,OAAO,CAAC,mBAAmB;IA4B3B,OAAO,CAAC,oBAAoB;CA2B7B"}