martin-loop 0.1.4 → 1.3.0

package/dist/vendor/core/agent/receipts.js

@@ -0,0 +1,131 @@
+import { agentKeyId, readAgentEd25519Signature, signCanonicalAgentPayload, verifyCanonicalAgentPayload } from "./signing.js";
+const RECEIPT_KEY_NAMESPACE = "agent-receipts";
+export async function signAgentReceipt(payload, options = {}) {
+    return {
+        ...payload,
+        signature: await signCanonicalAgentPayload(payload, RECEIPT_KEY_NAMESPACE, options)
+    };
+}
+export function verifyAgentReceipt(receipt, options = {}) {
+    const reasons = [];
+    if (!receipt || typeof receipt !== "object" || Array.isArray(receipt)) {
+        return {
+            verified: false,
+            receiptId: null,
+            runId: null,
+            ledgerHash: null,
+            reasons: ["Receipt must be an object."]
+        };
+    }
+    const record = receipt;
+    const receiptId = readString(record.receiptId);
+    const runId = readString(record.runId);
+    const quoteId = readString(record.quoteId);
+    const mandateId = readString(record.mandateId);
+    const status = readReceiptStatus(record.status);
+    const ledgerHash = readString(record.ledgerHash);
+    const createdAt = readString(record.createdAt);
+    const signature = readAgentEd25519Signature(record.signature);
+    if (!receiptId) {
+        reasons.push("Receipt id is missing.");
+    }
+    if (!runId) {
+        reasons.push("Run id is missing.");
+    }
+    if (!quoteId) {
+        reasons.push("Quote id is missing.");
+    }
+    if (!mandateId) {
+        reasons.push("Mandate id is missing.");
+    }
+    if (!status) {
+        reasons.push("Receipt status is missing.");
+    }
+    if (!ledgerHash) {
+        reasons.push("Ledger hash is missing.");
+    }
+    if (!createdAt) {
+        reasons.push("Receipt timestamp is missing.");
+    }
+    if (!signature) {
+        reasons.push("Receipt signature is missing.");
+    }
+    if (options.expectedLedgerHash && ledgerHash && options.expectedLedgerHash !== ledgerHash) {
+        reasons.push("Ledger hash does not match expected value.");
+    }
+    if (options.expectedRunId && runId && options.expectedRunId !== runId) {
+        reasons.push("Run id does not match expected value.");
+    }
+    if (options.expectedQuoteId && quoteId && options.expectedQuoteId !== quoteId) {
+        reasons.push("Quote id does not match expected value.");
+    }
+    if (options.expectedMandateId && mandateId && options.expectedMandateId !== mandateId) {
+        reasons.push("Mandate id does not match expected value.");
+    }
+    if (options.expectedStatus && status && options.expectedStatus !== status) {
+        reasons.push("Receipt status does not match expected value.");
+    }
+    if (createdAt && parseTimestamp(createdAt) === null) {
+        reasons.push("Receipt timestamp is invalid.");
+    }
+    if (signature) {
+        const expectedKeyId = agentKeyId(signature.publicKeyPem);
+        if (signature.keyId !== expectedKeyId) {
+            reasons.push("Receipt key id does not match public key.");
+        }
+        if (!isTrustedSigner(signature, options)) {
+            reasons.push("Receipt signer is untrusted.");
+        }
+        const payload = { ...record };
+        delete payload.signature;
+        try {
+            const verified = verifyCanonicalAgentPayload(payload, signature);
+            if (!verified) {
+                reasons.push("Receipt signature verification failed.");
+            }
+        }
+        catch {
+            reasons.push("Receipt signature verification failed.");
+        }
+    }
+    return {
+        verified: reasons.length === 0,
+        receiptId,
+        runId,
+        ledgerHash,
+        ...(signature ? { keyId: signature.keyId } : {}),
+        reasons
+    };
+}
+function readString(value) {
+    return typeof value === "string" && value.trim().length > 0 ? value.trim() : null;
+}
+function readReceiptStatus(value) {
+    return value === "completed" || value === "failed" || value === "denied" || value === "expired"
+        ? value
+        : null;
+}
+function isTrustedSigner(signature, options) {
+    if (options.expectedSignerPublicKeyPem &&
+        normalizePem(signature.publicKeyPem) === normalizePem(options.expectedSignerPublicKeyPem)) {
+        return true;
+    }
+    if (options.expectedSignerKeyId) {
+        return signature.keyId === options.expectedSignerKeyId;
+    }
+    if (options.trustedSignerPublicKeys?.some((key) => normalizePem(key) === normalizePem(signature.publicKeyPem))) {
+        return true;
+    }
+    if (options.trustedSignerKeyIds?.includes(signature.keyId)) {
+        return true;
+    }
+    return false;
+}
+function normalizePem(value) {
+    return value.replace(/\r\n/g, "\n").trim();
+}
+function parseTimestamp(value) {
+    const parsed = Date.parse(value);
+    return Number.isFinite(parsed) ? parsed : null;
+}
+//# sourceMappingURL=receipts.js.map

package/dist/vendor/core/agent/signing.d.ts

@@ -0,0 +1,17 @@
+export interface AgentEd25519Signature {
+    algorithm: "ed25519";
+    keyId: string;
+    publicKeyPem: string;
+    signatureBase64: string;
+    signedAt: string;
+}
+export interface AgentSigningOptions {
+    martinHome?: string;
+    env?: NodeJS.ProcessEnv;
+    now?: string;
+}
+export declare function signCanonicalAgentPayload(payload: unknown, namespace: string, options?: AgentSigningOptions): Promise<AgentEd25519Signature>;
+export declare function verifyCanonicalAgentPayload(payload: unknown, signature: AgentEd25519Signature): boolean;
+export declare function readAgentEd25519Signature(value: unknown): AgentEd25519Signature | null;
+export declare function agentKeyId(publicKeyPem: string): string;
+export declare function canonicalJson(value: unknown): string;

package/dist/vendor/core/agent/signing.js

@@ -0,0 +1,91 @@
+import { createHash, generateKeyPairSync, sign as signBytes, verify as verifyBytes } from "node:crypto";
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import { join } from "node:path";
+import { resolveMartinHome } from "../attestation/sign.js";
+const PRIVATE_KEY_FILE = "ed25519-private.pem";
+const PUBLIC_KEY_FILE = "ed25519-public.pem";
+export async function signCanonicalAgentPayload(payload, namespace, options = {}) {
+    const keyMaterial = await ensureAgentKeyMaterial(namespace, options);
+    const signatureBase64 = signBytes(null, Buffer.from(canonicalJson(payload), "utf8"), keyMaterial.privateKeyPem)
+        .toString("base64");
+    return {
+        algorithm: "ed25519",
+        keyId: keyMaterial.keyId,
+        publicKeyPem: keyMaterial.publicKeyPem,
+        signatureBase64,
+        signedAt: options.now ?? new Date().toISOString()
+    };
+}
+export function verifyCanonicalAgentPayload(payload, signature) {
+    return verifyBytes(null, Buffer.from(canonicalJson(payload), "utf8"), signature.publicKeyPem, Buffer.from(signature.signatureBase64, "base64"));
+}
+export function readAgentEd25519Signature(value) {
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+        return null;
+    }
+    const record = value;
+    return record.algorithm === "ed25519" &&
+        typeof record.keyId === "string" &&
+        typeof record.publicKeyPem === "string" &&
+        typeof record.signatureBase64 === "string" &&
+        typeof record.signedAt === "string"
+        ? {
+            algorithm: "ed25519",
+            keyId: record.keyId,
+            publicKeyPem: record.publicKeyPem,
+            signatureBase64: record.signatureBase64,
+            signedAt: record.signedAt
+        }
+        : null;
+}
+export function agentKeyId(publicKeyPem) {
+    return createHash("sha256").update(publicKeyPem, "utf8").digest("hex").slice(0, 16);
+}
+export function canonicalJson(value) {
+    return JSON.stringify(sortJson(value));
+}
+async function ensureAgentKeyMaterial(namespace, options) {
+    const receiptDir = join(options.martinHome ?? resolveMartinHome(options.env), namespace);
+    await mkdir(receiptDir, { recursive: true });
+    const privateKeyPath = join(receiptDir, PRIVATE_KEY_FILE);
+    const publicKeyPath = join(receiptDir, PUBLIC_KEY_FILE);
+    try {
+        const [privateKeyPem, publicKeyPem] = await Promise.all([
+            readFile(privateKeyPath, "utf8"),
+            readFile(publicKeyPath, "utf8")
+        ]);
+        return {
+            privateKeyPem,
+            publicKeyPem,
+            keyId: agentKeyId(publicKeyPem)
+        };
+    }
+    catch {
+        const generated = generateKeyPairSync("ed25519", {
+            privateKeyEncoding: { format: "pem", type: "pkcs8" },
+            publicKeyEncoding: { format: "pem", type: "spki" }
+        });
+        await Promise.all([
+            writeFile(privateKeyPath, generated.privateKey, "utf8"),
+            writeFile(publicKeyPath, generated.publicKey, "utf8")
+        ]);
+        return {
+            privateKeyPem: generated.privateKey,
+            publicKeyPem: generated.publicKey,
+            keyId: agentKeyId(generated.publicKey)
+        };
+    }
+}
+function sortJson(value) {
+    if (Array.isArray(value)) {
+        return value.map(sortJson);
+    }
+    if (value && typeof value === "object") {
+        return Object.fromEntries(Object.entries(value)
+            .filter(([, entryValue]) => entryValue !== undefined)
+            .sort(([left], [right]) => left.localeCompare(right))
+            .map(([key, entryValue]) => [key, sortJson(entryValue)]));
+    }
+    return value;
+}
+//# sourceMappingURL=signing.js.map

package/dist/vendor/core/attestation/sign.d.ts

@@ -0,0 +1,25 @@
+export interface FileAttestationEnvelope {
+    file: string;
+    algorithm: "ed25519";
+    keyId: string;
+    publicKeyFile: string;
+    signatureBase64: string;
+    signedAt: string;
+}
+export interface AttestationVerificationResult {
+    ok: boolean;
+    file: string;
+    algorithm?: "ed25519";
+    keyId?: string;
+    reason?: string;
+}
+type AttestationOptions = {
+    martinHome?: string;
+    env?: NodeJS.ProcessEnv;
+    now?: string;
+};
+export declare function resolveMartinHome(env?: NodeJS.ProcessEnv): string;
+export declare function signFileAttestation(filePath: string, options?: AttestationOptions): Promise<FileAttestationEnvelope>;
+export declare function verifyFileAttestation(filePath: string): Promise<AttestationVerificationResult>;
+export declare function verifyLoopRecordAttestation(runRoot: string): Promise<AttestationVerificationResult>;
+export {};

package/dist/vendor/core/attestation/sign.js

@@ -0,0 +1,216 @@
+import { createHash, createPrivateKey, createPublicKey, generateKeyPairSync, sign as signBytes, verify as verifyBytes } from "node:crypto";
+import { mkdir, open, readFile, rm, stat, writeFile } from "node:fs/promises";
+import { homedir } from "node:os";
+import { basename, extname, join } from "node:path";
+const PRIVATE_KEY_FILE = "ed25519-private.pem";
+const PUBLIC_KEY_FILE = "ed25519-public.pem";
+const ATTESTATION_LOCK_FILE = ".ed25519.lock";
+const ATTESTATION_LOCK_TIMEOUT_MS = 15_000;
+const ATTESTATION_LOCK_POLL_MS = 50;
+const ATTESTATION_STALE_LOCK_MS = 30_000;
+export function resolveMartinHome(env = process.env) {
+    return env["MARTIN_HOME_DIR"]?.trim() || join(homedir(), ".martin");
+}
+export async function signFileAttestation(filePath, options = {}) {
+    const keyMaterial = await ensureAttestationKeyMaterial(options);
+    const payload = await readFile(filePath);
+    const signatureBase64 = signBytes(null, payload, keyMaterial.privateKeyPem).toString("base64");
+    const signaturePath = toSignaturePath(filePath);
+    const publicKeyPath = toPublicKeyPath(filePath);
+    const envelope = {
+        file: basename(filePath),
+        algorithm: "ed25519",
+        keyId: keyMaterial.keyId,
+        publicKeyFile: basename(publicKeyPath),
+        signatureBase64,
+        signedAt: options.now ?? new Date().toISOString()
+    };
+    await writeFile(publicKeyPath, keyMaterial.publicKeyPem, "utf8");
+    await writeFile(signaturePath, `${JSON.stringify(envelope, null, 2)}\n`, "utf8");
+    return envelope;
+}
+export async function verifyFileAttestation(filePath) {
+    const signaturePath = toSignaturePath(filePath);
+    const publicKeyPath = toPublicKeyPath(filePath);
+    let envelope;
+    try {
+        envelope = JSON.parse(await readFile(signaturePath, "utf8"));
+    }
+    catch {
+        return {
+            ok: false,
+            file: basename(filePath),
+            reason: `Missing or unreadable signature artifact for ${basename(filePath)}`
+        };
+    }
+    let publicKeyPem;
+    try {
+        publicKeyPem = await readFile(publicKeyPath, "utf8");
+    }
+    catch {
+        return {
+            ok: false,
+            file: basename(filePath),
+            algorithm: envelope.algorithm,
+            keyId: envelope.keyId,
+            reason: `Missing public key verification material for ${basename(filePath)}`
+        };
+    }
+    try {
+        const payload = await readFile(filePath);
+        const signature = Buffer.from(envelope.signatureBase64, "base64");
+        const verified = verifyBytes(null, payload, publicKeyPem, signature);
+        if (!verified) {
+            return {
+                ok: false,
+                file: basename(filePath),
+                algorithm: envelope.algorithm,
+                keyId: envelope.keyId,
+                reason: `File signature verification failed for ${basename(filePath)}`
+            };
+        }
+        return {
+            ok: true,
+            file: basename(filePath),
+            algorithm: envelope.algorithm,
+            keyId: envelope.keyId
+        };
+    }
+    catch {
+        return {
+            ok: false,
+            file: basename(filePath),
+            algorithm: envelope.algorithm,
+            keyId: envelope.keyId,
+            reason: `Malformed signature or key material for ${basename(filePath)}`
+        };
+    }
+}
+export async function verifyLoopRecordAttestation(runRoot) {
+    return verifyFileAttestation(join(runRoot, "loop-record.json"));
+}
+async function ensureAttestationKeyMaterial(options) {
+    const attestationDir = join(options.martinHome ?? resolveMartinHome(options.env), "attestation");
+    await mkdir(attestationDir, { recursive: true });
+    const privateKeyPath = join(attestationDir, PRIVATE_KEY_FILE);
+    const publicKeyPath = join(attestationDir, PUBLIC_KEY_FILE);
+    const existingKeyMaterial = await loadKeyMaterial(privateKeyPath, publicKeyPath);
+    if (existingKeyMaterial) {
+        return existingKeyMaterial;
+    }
+    const releaseLock = await acquireAttestationLock(join(attestationDir, ATTESTATION_LOCK_FILE));
+    try {
+        const lockedKeyMaterial = await loadKeyMaterial(privateKeyPath, publicKeyPath);
+        if (lockedKeyMaterial) {
+            return lockedKeyMaterial;
+        }
+        const generated = generateKeyPairSync("ed25519", {
+            privateKeyEncoding: { format: "pem", type: "pkcs8" },
+            publicKeyEncoding: { format: "pem", type: "spki" }
+        });
+        await writeFile(privateKeyPath, generated.privateKey, "utf8");
+        await writeFile(publicKeyPath, generated.publicKey, "utf8");
+        const generatedKeyMaterial = normalizeKeyMaterial(generated.privateKey, generated.publicKey);
+        if (!generatedKeyMaterial) {
+            throw new Error("Generated attestation key material failed validation.");
+        }
+        return generatedKeyMaterial;
+    }
+    finally {
+        await releaseLock();
+    }
+}
+function toKeyId(publicKeyPem) {
+    return createHash("sha256").update(publicKeyPem, "utf8").digest("hex").slice(0, 16);
+}
+async function loadKeyMaterial(privateKeyPath, publicKeyPath) {
+    try {
+        const [privateKeyPem, publicKeyPem] = await Promise.all([
+            readFile(privateKeyPath, "utf8"),
+            readFile(publicKeyPath, "utf8")
+        ]);
+        return normalizeKeyMaterial(privateKeyPem, publicKeyPem);
+    }
+    catch {
+        return undefined;
+    }
+}
+function normalizeKeyMaterial(privateKeyPem, publicKeyPem) {
+    if (privateKeyPem.trim().length === 0 || publicKeyPem.trim().length === 0) {
+        return undefined;
+    }
+    try {
+        const privateKey = createPrivateKey(privateKeyPem);
+        const derivedPublicKeyPem = createPublicKey(privateKey)
+            .export({ format: "pem", type: "spki" })
+            .toString();
+        if (normalizePem(derivedPublicKeyPem) !== normalizePem(publicKeyPem)) {
+            return undefined;
+        }
+        return {
+            privateKeyPem,
+            publicKeyPem,
+            keyId: toKeyId(publicKeyPem)
+        };
+    }
+    catch {
+        return undefined;
+    }
+}
+async function acquireAttestationLock(lockPath) {
+    const deadline = Date.now() + ATTESTATION_LOCK_TIMEOUT_MS;
+    while (true) {
+        try {
+            const handle = await open(lockPath, "wx");
+            return async () => {
+                await handle.close();
+                await rm(lockPath, { force: true });
+            };
+        }
+        catch (error) {
+            if (!isAlreadyExistsError(error)) {
+                throw error;
+            }
+            if (await isStaleLock(lockPath)) {
+                await rm(lockPath, { force: true });
+                continue;
+            }
+            if (Date.now() >= deadline) {
+                throw new Error(`Timed out waiting for attestation lock: ${lockPath}`);
+            }
+            await sleep(ATTESTATION_LOCK_POLL_MS);
+        }
+    }
+}
+async function isStaleLock(lockPath) {
+    try {
+        const lockStats = await stat(lockPath);
+        return Date.now() - lockStats.mtimeMs > ATTESTATION_STALE_LOCK_MS;
+    }
+    catch {
+        return false;
+    }
+}
+function isAlreadyExistsError(error) {
+    return (typeof error === "object" &&
+        error !== null &&
+        "code" in error &&
+        ["EEXIST", "EPERM", "EACCES"].includes(String(error.code ?? "")));
+}
+function normalizePem(value) {
+    return value.replace(/\r\n/g, "\n").trim();
+}
+async function sleep(ms) {
+    await new Promise((resolve) => setTimeout(resolve, ms));
+}
+function toSidecarBase(filePath) {
+    const extension = extname(filePath);
+    return extension.length > 0 ? filePath.slice(0, -extension.length) : filePath;
+}
+function toSignaturePath(filePath) {
+    return `${toSidecarBase(filePath)}.signature.json`;
+}
+function toPublicKeyPath(filePath) {
+    return `${toSidecarBase(filePath)}.public.pem`;
+}
+//# sourceMappingURL=sign.js.map

package/dist/vendor/core/autonomy/autonomous-promotion.d.ts

@@ -0,0 +1,120 @@
+import { type FileAttestationEnvelope } from "../attestation/sign.js";
+export type AutonomySurface = "heuristic" | "trusted_config" | "trusted_code" | "protected";
+export type AutonomyTripwireReasonCode = "protected_surface" | "untrusted_surface" | "unverifiable_diff" | "missing_rollback_proof" | "attestation_mismatch" | "repeated_grounding" | "verifier_no_improvement" | "budget_pressure_escalation";
+export type AutonomyBudgetPressure = "normal" | "elevated" | "critical";
+export type AutonomousPromotionVerdict = "promote" | "shadow_only" | "rollback_only" | "human_escalation";
+export interface AutonomySurfaceClassification {
+    path: string;
+    surface: AutonomySurface;
+    matchedRule: string;
+}
+export interface AutonomySurfaceSetClassification {
+    surfaceClass: AutonomySurface;
+    surfaces: AutonomySurfaceClassification[];
+}
+export interface AutonomyTripwireEvent {
+    severity: "warning" | "critical";
+    reasonCode: AutonomyTripwireReasonCode;
+    triggerReason: string;
+    actionTaken: "continue" | "block_and_escalate";
+}
+export interface AutonomyTripwireInput {
+    changedFiles: string[];
+    diffVerified: boolean;
+    rollbackProofPresent: boolean;
+    attestationMatches: boolean;
+    repeatedGroundingCount: number;
+    verifierImproved: boolean;
+    budgetPressure: AutonomyBudgetPressure;
+}
+export interface AutonomyTripwireVerdict {
+    status: "pass" | "fail_closed";
+    decision: "continue" | "human_escalation";
+    sideEffectsAllowed: boolean;
+    reasonCodes: AutonomyTripwireReasonCode[];
+    surfaces: AutonomySurfaceClassification[];
+    surfaceClass: AutonomySurface;
+    events: AutonomyTripwireEvent[];
+}
+export interface AutonomousPromotionInput extends AutonomyTripwireInput {
+    requestedMode: "promote" | "shadow" | "rollback";
+    confidenceScore?: number;
+    shadowEvidencePasses: boolean;
+    holdoutEvidencePasses?: boolean;
+    rollbackReady: boolean;
+    priorSuccessfulPromotions?: number;
+    humanApproval: boolean;
+}
+export interface AutonomousPromotionDecision {
+    verdict: AutonomousPromotionVerdict;
+    sideEffectsAllowed: boolean;
+    reasonCodes: Array<AutonomyTripwireReasonCode | "shadow_evidence_pending" | "rollback_not_ready" | "rollback_requested" | "shadow_requested">;
+    tripwire: AutonomyTripwireVerdict;
+}
+export interface AutonomousPromotionArtifactInput extends AutonomousPromotionInput {
+    runId: string;
+    attemptId: string;
+    createdAt: string;
+    evidence: AutonomousPromotionEvidence;
+}
+export interface AutonomousPromotionEvidence extends Record<string, unknown> {
+    diffHash?: string;
+    beforeArtifactHash?: string;
+    afterArtifactHash?: string;
+    rollbackBoundaryRef?: string;
+    improvementResultPath?: string;
+}
+export interface AutonomousPromotionSignatureMetadata {
+    algorithm: "sha256";
+    keyId: "deterministic-local-sha256";
+    signedAt: string;
+    signature: string;
+}
+export interface AutonomousPromotionArtifact {
+    schemaVersion: "martin.autonomous-promotion.v1";
+    runId: string;
+    attemptId: string;
+    createdAt: string;
+    requestedMode: AutonomousPromotionInput["requestedMode"];
+    surfaceClass: AutonomySurface;
+    confidenceScore: number;
+    shadowEvidencePasses: boolean;
+    holdoutEvidencePasses: boolean;
+    rollbackReady: boolean;
+    attestationVerified: boolean;
+    priorSuccessfulPromotions: number;
+    diffHash: string | null;
+    beforeArtifactHash: string | null;
+    afterArtifactHash: string | null;
+    rollbackBoundaryRef: string | null;
+    improvementResultPath: string | null;
+    promotionPolicyVerdict: AutonomousPromotionVerdict;
+    tripwireVerdict: AutonomyTripwireVerdict["status"];
+    finalDisposition: AutonomousPromotionVerdict;
+    verdict: AutonomousPromotionVerdict;
+    sideEffectsAllowed: boolean;
+    reasonCodes: AutonomousPromotionDecision["reasonCodes"];
+    changedFiles: string[];
+    surfaces: AutonomySurfaceClassification[];
+    evidence: Record<string, unknown>;
+    evidenceHash: string;
+    tripwire: AutonomyTripwireVerdict;
+    signature: AutonomousPromotionSignatureMetadata;
+}
+export interface PersistAutonomousPromotionArtifactInput {
+    root: string;
+    artifact: AutonomousPromotionArtifact;
+    martinHome?: string;
+}
+export interface PersistedAutonomousPromotionArtifact {
+    fileName: "autonomous-promotion.json";
+    path: string;
+    artifact: AutonomousPromotionArtifact;
+    attestation: FileAttestationEnvelope;
+}
+export declare function classifyAutonomySurface(path: string): AutonomySurfaceClassification;
+export declare function classifyAutonomySurfaceSet(paths: string[]): AutonomySurfaceSetClassification;
+export declare function evaluateAutonomyTripwires(input: AutonomyTripwireInput): AutonomyTripwireVerdict;
+export declare function evaluateAutonomousPromotion(input: AutonomousPromotionInput): AutonomousPromotionDecision;
+export declare function buildAutonomousPromotionArtifact(input: AutonomousPromotionArtifactInput): AutonomousPromotionArtifact;
+export declare function persistAutonomousPromotionArtifact(input: PersistAutonomousPromotionArtifactInput): Promise<PersistedAutonomousPromotionArtifact>;