magenta-canon 0.3.0 → 0.5.0

package/README.md

@@ -170,6 +170,57 @@ npx magenta-canon verify bundle.json --expected-witness-key witness.pub
 
 Full walkthrough: [`docs/MCP_GATEWAY.md`](docs/MCP_GATEWAY.md).
 
+### Durable evidence (file ledger) — new in 0.4.0
+
+By default evidence lives in memory (the demo's fresh-universe behavior). For
+evidence that **survives a process restart**, point the gateway/control plane
+at an append-only file ledger and pin the witness identity:
+
+```bash
+MAGENTA_LEDGER_FILE=/var/lib/magenta/ledger.jsonl \
+MAGENTA_WITNESS_SECRET=<hex> MAGENTA_WITNESS_PUBLIC=<hex> \
+  <your magenta process>
+```
+
+Every receipt and signed tree head is fsync-committed before it is reported
+recorded; on restart the ledger is strictly replayed (chain, issuer
+signatures, Merkle roots, checkpoint history) or startup fails loudly. One
+exclusive writer per ledger; corruption is refused, never repaired silently.
+This is single-writer local/reference durability — see
+[`docs/FILE_LEDGER.md`](docs/FILE_LEDGER.md) for the format, lock recovery,
+crash-tail policy, backup guidance, and limitations.
+
+### Witness identity & authorized key rotation — new in 0.5.0
+
+Instead of raw env keys, the witness can hold its identity in an **encrypted
+keystore** (scrypt → AES-256-GCM, header-bound AAD) and **rotate its signing
+key under cryptographic authorization** — the outgoing key signs the rotation,
+the incoming key countersigns, and the signed rotation record is committed
+**into the evidence ledger itself** before the new key signs anything:
+
+```bash
+MAGENTA_LEDGER_FILE=/var/lib/magenta/ledger.jsonl \
+MAGENTA_WITNESS_KEYFILE=/var/lib/magenta/witness.keystore \
+MAGENTA_WITNESS_PASSPHRASE=<operator passphrase> \
+  <your magenta process>
+```
+
+**Key material alone never grants authority — a validated, durably committed
+rotation record does.** Verifiers replay the rotation chain from a pinned
+anchor: historical checkpoints validate against the key that was authorized
+for their epoch, substitution/rollback/forks are refused, and
+`--expected-witness-key` still earns `ORIGIN AND INTEGRITY VERIFIED` across
+rotations from the *original* pinned key. A crash at any point in the rotation
+ceremony reconciles deterministically at next boot (recover the committed
+fact, abandon the orphaned key, or fail closed — never silent activation).
+
+**Scope honesty:** this is local/reference custody (file keystore, not
+KMS/HSM), and it covers the **witness** identity only — founder/receipt-issuer
+key custody is a separate forthcoming lane (in file-ledger mode the issuer key
+still regenerates on restart; old evidence keeps verifying). Keystore format,
+rotation protocol, boot-reconciliation table, and operator procedures:
+[`docs/WITNESS_IDENTITY.md`](docs/WITNESS_IDENTITY.md) (ships in the package).
+
 ### From the repo vs. as a CLI
 
 - **From a repo checkout** (above): `npm install` then `npm run demo`.

package/dist/MANIFEST.json

@@ -1,14 +1,15 @@
 {
   "package.json": "8005a3491db7d92f36ac66369861589f9c47123d3a7c71e643fc2c06168cd45a",
-  "scripts/demo-control-plane.js": "3357c8de8e3fe32e73e0be99a3bb02179dff3ee041854d4ee6f8d135e4d8dcbf",
+  "scripts/demo-control-plane.js": "3a559f39d17c1a403988e731e053d0d071cbd41ab595fd6246910f852337ab2f",
   "scripts/intake-cli.js": "189014db22d6fccb034ed1a93ec11efe8905be820bc468366c68bb2cabaf8a97",
   "scripts/magenta-mirror.js": "cf701065f7a6e20f7f44a9b815396aeb5fe031c3f003bcd793b8014ea8801b85",
-  "scripts/magenta-verify.js": "f79c60944bef65926530c2d0fd5cc35df10319c5831764b035e547b6bfebe715",
+  "scripts/magenta-verify.js": "0bb65ef6ff1350789eecc4f0434ca94dcf3a89930f8ef1d62cc38100e18094ba",
   "scripts/mcp-gateway.js": "335923004b73511fe42ea0fc6f2e567afe8018dc95464a79027e4c2537e30de1",
   "server/agent-policy.js": "20dd9150f8244c33aaf14ecdf3a09f471210960d246cda9ab8d5abe0e8433518",
   "server/agent-record.js": "790bbfa2a10601c2bdcd98873e6e41babdf96d1df7c7ca34f19791de4c8b860f",
   "server/crypto.js": "ebbcb2929e7b3651e4ec04c9fbf3dcb656e3ae0d30bf8864f3642f72f3be2f39",
   "server/execution-receipts.js": "171a506df7d1e99f3370de9a41c1a4f0b21b38d1f02edc78d9c44e68c93dbee4",
+  "server/file-ledger-store.js": "216fe644e1753a5527bec6ccf58175d22ec695c006e1927dc3090be11df9c124",
   "server/intake/categories.js": "e9860eee0e2e0fe96c7ade165e5e068fae0874de2c7d39ff796efc91e713013b",
   "server/intake/engine.js": "abb8feacd925520cbf01acc2e932d9ebb037a3d016b053b7b10deaf8f545a605",
   "server/intake/gateway-intake.js": "40514fa489b031c29725e9b837e83998217bbc1ae84cf9259154a16b1faae2e8",
@@ -20,11 +21,14 @@
   "server/intake/rationale.js": "3ea64a1430828ae5a06b41f4e93d06cdd667850d6a2ff9a1e266f98bdfc6c404",
   "server/intake/types.js": "014891c6c8360648d6954b3185ae92d56be625484bf2f0d0f71dac271a59e23b",
   "server/intake/witness.js": "588ad166f4870d65a6ed334c70aaa2deb1d6d96ec97d889902a9eda7528bd34f",
+  "server/ledger-store.js": "fc8a46f925908764bac7a076cffa08053af4c1f93237bee408eb0ed1e61eeca2",
+  "server/ledger.js": "9bf8f132e08d636070d2ede568b2eaf75810be245c90ecd5979d2d4de69af934",
   "server/persistence.js": "2e6b1d0b1c74babbd581780b028c2593256c5ec96c2d60f4c25159e3f54e4e3f",
-  "server/storage.js": "4f1660e9542dcb157148f561efd757d8aa452730c3a09064d3b1314feb16e8c9",
-  "server/transparency-log.js": "42d0d9fd3de9c60389ca882b546d9784e6ef0003895898dd5958d763d54f2f6b",
+  "server/storage.js": "7a7556a6d15d736f028698b6094072daa71eed2230427594edac9d29b531081a",
+  "server/transparency-log.js": "7f238edc5cad4edc2c70a7b3e1977197cf2087e77789d181ffae0035f948391b",
   "server/trust-bootstrap.js": "57a53a3ee9cd630ada2867e8b087a34b069ba26f86a696d3ead74888dd7e8d5f",
-  "server/witness.js": "e94384a35a4cfce39990e580eb5b572ef9a2d4c4d9bad1a2ed9b5382aba64b1b",
+  "server/witness-identity.js": "9dd5b6e63aefa00171a838d1cd27e3c09ddcb7d39512427ebe537763fe5fc42e",
+  "server/witness.js": "b1a8209d4dae4ffafc3ca4a158474b369250472ba80cef03bd92048282be91a4",
   "shared/canonical.js": "476cee4b5c5702e8a2a198e79c2639cf8ff84000ffb92f68a04433ed2a2f5484",
   "shared/certificates.js": "7844e71a38e1b1324586c7d054b2f5c15222b86446318d1e6dea9bab504a4a73",
   "shared/schema.js": "f89190990e3826e44c722d5e8f5b39fd59b4d3fb9ec047229930a17604e4646c",

package/dist/scripts/demo-control-plane.js

@@ -33,6 +33,9 @@ const node_crypto_1 = require("node:crypto");
 const storage_1 = require("../server/storage");
 const witness_1 = require("../server/witness");
 const agent_record_1 = require("../server/agent-record");
+const witness_2 = require("../server/witness");
+const file_ledger_store_1 = require("../server/file-ledger-store");
+const ledger_1 = require("../server/ledger");
 const trust_bootstrap_1 = require("../server/trust-bootstrap");
 const PORT = Number(process.env.PORT ?? 0);
 const HOST = "127.0.0.1";
@@ -152,18 +155,48 @@ const server = (0, node_http_1.createServer)(async (req, res) => {
         // ── GET /api/trust/evidence ──────────────────────────────────────────────
         if (method === "GET" && url === "/api/trust/evidence") {
             const receipts = [...(await storage_1.storage.getExecutionReceipts())].reverse(); // creation order
+            const rotations = ledger_1.sharedLedgerStore instanceof file_ledger_store_1.FileLedgerStore ? ledger_1.sharedLedgerStore.allRotations() : [];
             return sendJson(res, 200, {
                 witness_pubkey: witness_1.witnessLog.witnessPublicKey,
                 sth: witness_1.witnessLog.latestSTH() ?? null,
                 receipts,
+                ...(rotations.length > 0 ? { rotations } : {}),
             });
         }
+        // ── POST /internal/witness/rotate ────────────────────────────────────────
+        // Full continuity protocol (keystore + durable ledger required): mint →
+        // durably commit the signed rotation record → activate → switch epoch.
+        if (method === "POST" && url === "/internal/witness/rotate") {
+            if (!internalAuthOk(req, res))
+                return;
+            let body;
+            try {
+                body = (await readBody(req));
+            }
+            catch (e) {
+                return sendJson(res, 400, { error: "bad_request", message: e.message });
+            }
+            try {
+                const record = (0, witness_2.rotateWitness)(body?.reason ?? "operator-initiated rotation");
+                return sendJson(res, 200, { rotated: true, rotation_id: record.rotation_id, new_version: record.new_version, new_pubkey: record.new_pubkey });
+            }
+            catch (e) {
+                return sendJson(res, 409, { error: "rotation_refused", message: e.message });
+            }
+        }
         sendJson(res, 404, { error: "not_found", message: `${method} ${url} is not served by the demo control plane` });
     }
     catch (e) {
         sendJson(res, 500, { error: "internal_error", message: e instanceof Error ? e.message : String(e) });
     }
 });
+// File-ledger restart support: rebuild the witness's derived leaf view from
+// any receipts the durable store replayed (no-op in the default memory mode).
+void (async () => {
+    const restored = await storage_1.storage.getExecutionReceipts();
+    if (restored.length > 0)
+        (0, witness_2.rebuildWitnessFromReceipts)([...restored].reverse().map((r) => r.receipt_hash));
+})();
 server.listen(PORT, HOST, () => {
     const addr = server.address();
     const port = typeof addr === "object" && addr ? addr.port : PORT;

package/dist/scripts/magenta-verify.js

@@ -18,7 +18,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyBundle = exports.verifyReceiptIssuerSignature = exports.verifyConsistency = exports.verifyReceiptChain = exports.verifySTH = exports.verifyInclusion = exports.merkleRoot = exports.hashLeaf = exports.chainHash = exports.canonicalHash = exports.canonicalize = exports.VERSION = void 0;
+exports.verifyBundle = exports.verifyReceiptIssuerSignature = exports.verifyRotationChain = exports.verifyConsistency = exports.verifyReceiptChain = exports.verifySTH = exports.verifyInclusion = exports.merkleRoot = exports.hashLeaf = exports.chainHash = exports.canonicalHash = exports.canonicalize = exports.VERSION = void 0;
 const node_crypto_1 = require("node:crypto");
 const node_fs_1 = require("node:fs");
 const tweetnacl_1 = __importDefault(require("tweetnacl"));
@@ -109,6 +109,59 @@ function verifyConsistency(allLeaves, older, newer) {
         merkleRoot(allLeaves.slice(0, newer.tree_size)) === newer.root_hash);
 }
 exports.verifyConsistency = verifyConsistency;
+/** Validate a rotation chain from an anchor key. Pure re-implementation of
+ *  spec magenta-rotation/1 (sigs are Ed25519 over utf8(canonicalHash(body))). */
+function verifyRotationChain(anchorPubkey, rotations) {
+    const GENESIS = "0".repeat(64);
+    let active = anchorPubkey;
+    let activeVersion = rotations.length ? rotations[0].old_version : 1;
+    let prev = GENESIS;
+    let lastBoundary = -1;
+    const seen = new Set();
+    const epochs = [{ pubkey: anchorPubkey, fromExclusive: -1 }];
+    for (const r of rotations) {
+        if (r.spec !== "magenta-rotation/1")
+            return { valid: false, reason: `unsupported rotation spec '${r.spec}'` };
+        if (seen.has(r.rotation_id))
+            return { valid: false, reason: "duplicate rotation_id" };
+        seen.add(r.rotation_id);
+        if (r.old_pubkey !== active)
+            return { valid: false, reason: "rotation old_pubkey is not the active key" };
+        if (r.old_version !== activeVersion)
+            return { valid: false, reason: "rotation old_version mismatch" };
+        if (r.new_version !== activeVersion + 1)
+            return { valid: false, reason: "skipped key version" };
+        if (r.previous_rotation_hash !== prev)
+            return { valid: false, reason: "rotation chain hash broken" };
+        if (r.effective_tree_size <= lastBoundary)
+            return { valid: false, reason: "rotation boundaries must strictly increase" };
+        const body = {};
+        for (const k of Object.keys(r)) {
+            if (k !== "old_key_signature" && k !== "new_key_countersignature" && k !== "record_hash")
+                body[k] = r[k];
+        }
+        const h = (0, exports.canonicalHash)(body);
+        try {
+            if (!tweetnacl_1.default.sign.detached.verify(utf8(h), fromHex(r.old_key_signature), fromHex(r.old_pubkey)))
+                return { valid: false, reason: "old-key authorization signature invalid" };
+            if (!tweetnacl_1.default.sign.detached.verify(utf8(h), fromHex(r.new_key_countersignature), fromHex(r.new_pubkey)))
+                return { valid: false, reason: "new-key countersignature invalid" };
+        }
+        catch {
+            return { valid: false, reason: "malformed rotation signature material" };
+        }
+        if ((0, exports.canonicalHash)({ ...body, old_key_signature: r.old_key_signature, new_key_countersignature: r.new_key_countersignature }) !== r.record_hash) {
+            return { valid: false, reason: "rotation record_hash mismatch" };
+        }
+        active = r.new_pubkey;
+        activeVersion = r.new_version;
+        prev = r.record_hash;
+        lastBoundary = r.effective_tree_size;
+        epochs.push({ pubkey: r.new_pubkey, fromExclusive: r.effective_tree_size });
+    }
+    return { valid: true, epochs, tipPubkey: active };
+}
+exports.verifyRotationChain = verifyRotationChain;
 const HEX64 = /^[0-9a-f]{64}$/;
 /** Receipt issuer signature (spec §2): Ed25519 over the canonical receipt body
  *  (all fields except receipt_signature), message = UTF-8 of the hex hash. */
@@ -150,10 +203,31 @@ function verifyBundle(b, opts = {}) {
     if (b.sth) {
         add("STH signature verifies", verifySTH(b.sth), `root ${b.sth.root_hash.slice(0, 16)}… size ${b.sth.tree_size}`);
         // Internal coherence: the bundle's top-level key must agree with the STH's.
+        // (With rotations, the top-level key is the chain TIP by construction.)
         if (b.witness_pubkey !== undefined) {
             add("bundle witness_pubkey == STH witness key", b.witness_pubkey === b.sth.witness_pubkey, b.witness_pubkey === b.sth.witness_pubkey ? "bundle is internally coherent" : "BUNDLE KEY FIELDS DISAGREE");
         }
-        if (witnessKeySource === "cli" && HEX64.test(opts.expectedWitnessKey)) {
+        if (b.rotations && b.rotations.length > 0) {
+            // Rotation continuity: the pinned key (or, integrity-only, the chain's
+            // own anchor) must chain by signed authorization+countersignature to
+            // the key that signed this STH at its tree size.
+            const anchor = (witnessKeySource === "cli" && HEX64.test(opts.expectedWitnessKey))
+                ? opts.expectedWitnessKey
+                : b.rotations[0].old_pubkey;
+            const chain = verifyRotationChain(anchor, b.rotations);
+            add(`rotation chain validates from ${witnessKeySource === "cli" ? "PINNED anchor" : "bundle anchor"} (${b.rotations.length} rotation(s))`, chain.valid, chain.valid ? `tip key …${chain.tipPubkey.slice(-12)}` : `ROTATION CHAIN INVALID: ${chain.reason}`);
+            if (chain.valid) {
+                let expected = chain.epochs[0].pubkey;
+                for (const e of chain.epochs)
+                    if (b.sth.tree_size > e.fromExclusive)
+                        expected = e.pubkey;
+                add("STH signed by the authorized key for its epoch", b.sth.witness_pubkey === expected, b.sth.witness_pubkey === expected ? "epoch boundary respected" : "STH KEY OUTSIDE THE AUTHORIZED ROTATION CHAIN");
+            }
+            if (witnessKeySource === "bundle") {
+                skip("witness key trust", "rotation chain anchored to the bundle's own first key — supply --expected-witness-key (the version-1 anchor) for origin assurance");
+            }
+        }
+        else if (witnessKeySource === "cli" && HEX64.test(opts.expectedWitnessKey)) {
             const match = b.sth.witness_pubkey === opts.expectedWitnessKey;
             add("STH witness key matches INDEPENDENTLY supplied key", match, match ? "key supplied via --expected-witness-key matches" : "WITNESS KEY MISMATCH — bundle was NOT signed by the trusted witness");
         }