occ-cloudflare 0.1.0

package/README.md

@@ -0,0 +1,74 @@
+# occ-cloudflare
+
+Cryptographic proof signing for Cloudflare Workers. Every tool/binding call gets an Ed25519-signed proof pair returned alongside the result.
+
+Unlike other OCC integrations, proofs are **returned** (not written to disk) since Cloudflare Workers have no filesystem. Store them wherever you like (KV, D1, R2, Durable Objects).
+
+## Install
+
+```bash
+npm install occ-cloudflare
+```
+
+## Usage
+
+### Wrap a tool
+
+```typescript
+import { occWrapTool } from "occ-cloudflare";
+
+const searchTool = {
+  execute: async (args: { query: string }) => {
+    return await doSearch(args.query);
+  },
+};
+
+const wrapped = occWrapTool(searchTool, "search");
+const { result, proofs } = await wrapped.execute({ query: "OCC" });
+
+// Store proofs in KV, D1, R2, etc.
+await env.PROOF_LOG.put(`proof-${Date.now()}`, JSON.stringify(proofs));
+```
+
+### Wrap a binding
+
+```typescript
+import { occWrapBinding } from "occ-cloudflare";
+
+export default {
+  async fetch(request: Request, env: Env) {
+    const kv = occWrapBinding(env.MY_KV, "my-kv");
+
+    const { result, proofs } = await kv.get("some-key");
+    // result = the KV value
+    // proofs = pre/post Ed25519-signed proof entries
+  },
+};
+```
+
+## Configuration
+
+```typescript
+interface OCCCloudflareOptions {
+  measurement?: string;  // Default: "occ-cloudflare:stub"
+  agentId?: string;      // Default: "cloudflare-worker"
+}
+```
+
+## How it works
+
+1. `occWrapTool()` wraps a tool's `execute` with pre/post proof signing
+2. `occWrapBinding()` wraps all methods on a Cloudflare binding via Proxy
+3. An ephemeral Ed25519 key pair is generated in-memory per Worker invocation
+4. Pre-execution proof: Ed25519 signature over SHA-256 of tool name + arguments
+5. Post-execution proof: signature over tool name + args + result
+6. Proofs are chained via `prevB64` for tamper-evident ordering
+7. No filesystem access — proofs are returned, not written to disk
+
+## Verify
+
+Collect proof entries and write them to a `.jsonl` file, then:
+
+```bash
+npx occ-mcp-proxy verify proof.jsonl
+```

package/dist/index.d.ts

@@ -0,0 +1,75 @@
+/**
+ * occ-cloudflare — Cryptographic proof signing for Cloudflare Workers.
+ *
+ * Wraps tool/binding calls with Ed25519-signed proofs. Since Cloudflare
+ * Workers cannot use node:fs, proof entries are returned (not written to
+ * disk). The caller is responsible for storing them (e.g. KV, D1, R2).
+ *
+ * Uses an in-memory signer — no filesystem persistence. Each Worker
+ * invocation starts a fresh proof chain.
+ *
+ * Usage:
+ *   import { occWrapTool, occWrapBinding } from "occ-cloudflare";
+ *
+ *   const wrapped = occWrapTool(myTool, "my-tool");
+ *   const result = await wrapped.execute(args);
+ *   // result.proofs contains the pre/post proof entries
+ */
+import { type OCCProof } from "occproof";
+export interface OCCCloudflareOptions {
+    /** Measurement string for proof metadata. Default: "occ-cloudflare:stub" */
+    measurement?: string;
+    /** Agent identifier for metadata. Default: "cloudflare-worker" */
+    agentId?: string;
+}
+export interface ProofLogEntry {
+    timestamp: string;
+    phase: "pre-execution" | "post-execution";
+    tool: string;
+    agentId: string;
+    args?: Record<string, unknown>;
+    output?: unknown;
+    proofDigestB64: string;
+    receipt: OCCProof;
+}
+export interface WrappedResult<T = unknown> {
+    /** The original tool result */
+    result: T;
+    /** Pre and post execution proof entries */
+    proofs: ProofLogEntry[];
+}
+/**
+ * Wrap a single tool's execute function with Ed25519 proof signing.
+ *
+ * Since Cloudflare Workers have no filesystem, proofs are returned
+ * alongside the result rather than written to disk.
+ *
+ * @param tool    - A tool object with an `execute` method
+ * @param name    - A human-readable name for this tool (used in proof metadata)
+ * @param options - Configuration options
+ * @returns A wrapped tool whose execute returns { result, proofs }
+ */
+export declare function occWrapTool<T extends {
+    execute?: (...args: any[]) => any;
+}>(tool: T, name: string, options?: OCCCloudflareOptions): T & {
+    execute: (...args: any[]) => Promise<WrappedResult>;
+};
+/**
+ * Wrap a Cloudflare binding (Service Binding, KV namespace, D1, etc.)
+ * so that every method call produces pre/post proof entries.
+ *
+ * Returns a Proxy around the binding. Each method call returns
+ * `{ result, proofs }` instead of the raw result.
+ *
+ * @param binding - A Cloudflare binding object (e.g. env.MY_SERVICE)
+ * @param name    - A human-readable name for this binding
+ * @param options - Configuration options
+ * @returns A proxied binding with proof-wrapped methods
+ */
+export declare function occWrapBinding<B extends Record<string, any>>(binding: B, name: string, options?: OCCCloudflareOptions): B;
+/**
+ * Reset the in-memory signer. Useful for testing or when you want to
+ * start a fresh proof chain within the same Worker invocation.
+ */
+export declare function resetSigner(): void;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAA6B,KAAK,QAAQ,EAAyB,MAAM,UAAU,CAAC;AAQ3F,MAAM,WAAW,oBAAoB;IACnC,4EAA4E;IAC5E,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kEAAkE;IAClE,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,aAAa;IAC5B,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,eAAe,GAAG,gBAAgB,CAAC;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC/B,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,cAAc,EAAE,MAAM,CAAC;IACvB,OAAO,EAAE,QAAQ,CAAC;CACnB;AAED,MAAM,WAAW,aAAa,CAAC,CAAC,GAAG,OAAO;IACxC,+BAA+B;IAC/B,MAAM,EAAE,CAAC,CAAC;IACV,2CAA2C;IAC3C,MAAM,EAAE,aAAa,EAAE,CAAC;CACzB;AAyHD;;;;;;;;;;GAUG;AACH,wBAAgB,WAAW,CAAC,CAAC,SAAS;IAAE,OAAO,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,CAAA;CAAE,EACzE,IAAI,EAAE,CAAC,EACP,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,oBAAoB,GAC7B,CAAC,GAAG;IAAE,OAAO,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,aAAa,CAAC,CAAA;CAAE,CA0D7D;AAMD;;;;;;;;;;;GAWG;AACH,wBAAgB,cAAc,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC1D,OAAO,EAAE,CAAC,EACV,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,oBAAoB,GAC7B,CAAC,CAiEH;AAED;;;GAGG;AACH,wBAAgB,WAAW,IAAI,IAAI,CAElC"}

package/dist/index.js

@@ -0,0 +1,243 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2024-2026 Mike Argento
+/**
+ * occ-cloudflare — Cryptographic proof signing for Cloudflare Workers.
+ *
+ * Wraps tool/binding calls with Ed25519-signed proofs. Since Cloudflare
+ * Workers cannot use node:fs, proof entries are returned (not written to
+ * disk). The caller is responsible for storing them (e.g. KV, D1, R2).
+ *
+ * Uses an in-memory signer — no filesystem persistence. Each Worker
+ * invocation starts a fresh proof chain.
+ *
+ * Usage:
+ *   import { occWrapTool, occWrapBinding } from "occ-cloudflare";
+ *
+ *   const wrapped = occWrapTool(myTool, "my-tool");
+ *   const result = await wrapped.execute(args);
+ *   // result.proofs contains the pre/post proof entries
+ */
+import { Constructor, canonicalize } from "occproof";
+import { sha256 } from "@noble/hashes/sha256";
+import * as ed from "@noble/ed25519";
+class InMemoryHost {
+    enforcementTier = "stub";
+    #privateKey;
+    #publicKey;
+    #measurement;
+    #counter = 0n;
+    constructor(privateKey, publicKey, measurement) {
+        this.#privateKey = privateKey;
+        this.#publicKey = publicKey;
+        this.#measurement = measurement;
+    }
+    async getMeasurement() {
+        return this.#measurement;
+    }
+    async getFreshNonce() {
+        const nonce = new Uint8Array(32);
+        crypto.getRandomValues(nonce);
+        return nonce;
+    }
+    async sign(data) {
+        return ed.signAsync(data, this.#privateKey);
+    }
+    async getPublicKey() {
+        return this.#publicKey;
+    }
+    async nextCounter() {
+        this.#counter += 1n;
+        return this.#counter.toString();
+    }
+    async secureTime() {
+        return Date.now();
+    }
+}
+let signerPromise;
+async function getSigner(measurement) {
+    if (signerPromise)
+        return signerPromise;
+    signerPromise = (async () => {
+        // Generate ephemeral Ed25519 key pair in memory
+        const privateKey = ed.utils.randomPrivateKey();
+        const publicKey = await ed.getPublicKeyAsync(privateKey);
+        const host = new InMemoryHost(privateKey, publicKey, measurement);
+        const constructor = await Constructor.initialize({
+            host,
+            policy: { requireCounter: true, requireTime: true },
+        });
+        const publicKeyB64 = uint8ToBase64(publicKey);
+        return { constructor, host, publicKeyB64, lastProofHash: undefined };
+    })();
+    return signerPromise;
+}
+// ---------------------------------------------------------------------------
+// Helpers (no Buffer in Workers — use native btoa/Uint8Array)
+// ---------------------------------------------------------------------------
+function uint8ToBase64(bytes) {
+    let binary = "";
+    for (let i = 0; i < bytes.length; i++) {
+        binary += String.fromCharCode(bytes[i]);
+    }
+    return btoa(binary);
+}
+function hashPayload(data) {
+    const bytes = new TextEncoder().encode(JSON.stringify(data));
+    return uint8ToBase64(sha256(bytes));
+}
+async function signDigest(digestB64, metadata, signer) {
+    const commitInput = { digestB64, metadata };
+    if (signer.lastProofHash)
+        commitInput.prevProofHashB64 = signer.lastProofHash;
+    const proof = await signer.constructor.commitDigest(commitInput);
+    // Chain: store this proof's hash for the next commit
+    const proofHash = uint8ToBase64(sha256(canonicalize(proof)));
+    signer.lastProofHash = proofHash;
+    return proof;
+}
+// ---------------------------------------------------------------------------
+// Tool wrapper
+// ---------------------------------------------------------------------------
+/**
+ * Wrap a single tool's execute function with Ed25519 proof signing.
+ *
+ * Since Cloudflare Workers have no filesystem, proofs are returned
+ * alongside the result rather than written to disk.
+ *
+ * @param tool    - A tool object with an `execute` method
+ * @param name    - A human-readable name for this tool (used in proof metadata)
+ * @param options - Configuration options
+ * @returns A wrapped tool whose execute returns { result, proofs }
+ */
+export function occWrapTool(tool, name, options) {
+    const measurement = options?.measurement ?? "occ-cloudflare:stub";
+    const agentId = options?.agentId ?? "cloudflare-worker";
+    const originalExecute = tool.execute;
+    if (!originalExecute) {
+        return { ...tool, execute: async () => ({ result: undefined, proofs: [] }) };
+    }
+    const wrappedExecute = async (...args) => {
+        const toolArgs = args[0] ?? {};
+        const signer = await getSigner(measurement);
+        const proofs = [];
+        // Pre-execution proof
+        const preDigest = hashPayload({ tool: name, args: toolArgs });
+        const preProof = await signDigest(preDigest, {
+            phase: "pre-execution",
+            tool: name,
+            agentId,
+        }, signer);
+        proofs.push({
+            timestamp: new Date().toISOString(),
+            phase: "pre-execution",
+            tool: name,
+            agentId,
+            args: toolArgs,
+            proofDigestB64: preDigest,
+            receipt: preProof,
+        });
+        // Execute the real tool
+        const result = await originalExecute.apply(tool, args);
+        // Post-execution proof
+        const postDigest = hashPayload({ tool: name, args: toolArgs, result });
+        const postProof = await signDigest(postDigest, {
+            phase: "post-execution",
+            tool: name,
+            agentId,
+        }, signer);
+        proofs.push({
+            timestamp: new Date().toISOString(),
+            phase: "post-execution",
+            tool: name,
+            agentId,
+            args: toolArgs,
+            output: typeof result === "string" ? result.slice(0, 1000) : result,
+            proofDigestB64: postDigest,
+            receipt: postProof,
+        });
+        return { result, proofs };
+    };
+    return { ...tool, execute: wrappedExecute };
+}
+// ---------------------------------------------------------------------------
+// Binding wrapper (Service Bindings, KV, D1, etc.)
+// ---------------------------------------------------------------------------
+/**
+ * Wrap a Cloudflare binding (Service Binding, KV namespace, D1, etc.)
+ * so that every method call produces pre/post proof entries.
+ *
+ * Returns a Proxy around the binding. Each method call returns
+ * `{ result, proofs }` instead of the raw result.
+ *
+ * @param binding - A Cloudflare binding object (e.g. env.MY_SERVICE)
+ * @param name    - A human-readable name for this binding
+ * @param options - Configuration options
+ * @returns A proxied binding with proof-wrapped methods
+ */
+export function occWrapBinding(binding, name, options) {
+    const measurement = options?.measurement ?? "occ-cloudflare:stub";
+    const agentId = options?.agentId ?? "cloudflare-worker";
+    return new Proxy(binding, {
+        get(target, prop) {
+            const original = target[prop];
+            if (typeof original !== "function")
+                return original;
+            return async (...args) => {
+                const methodName = `${name}.${String(prop)}`;
+                const signer = await getSigner(measurement);
+                const proofs = [];
+                // Pre-execution proof
+                const preDigest = hashPayload({
+                    tool: methodName,
+                    args: args.length === 1 ? args[0] : args,
+                });
+                const preProof = await signDigest(preDigest, {
+                    phase: "pre-execution",
+                    tool: methodName,
+                    agentId,
+                }, signer);
+                proofs.push({
+                    timestamp: new Date().toISOString(),
+                    phase: "pre-execution",
+                    tool: methodName,
+                    agentId,
+                    args: args.length === 1 ? args[0] : { _args: args },
+                    proofDigestB64: preDigest,
+                    receipt: preProof,
+                });
+                // Execute the real method
+                const result = await original.apply(target, args);
+                // Post-execution proof
+                const postDigest = hashPayload({
+                    tool: methodName,
+                    args: args.length === 1 ? args[0] : args,
+                    result,
+                });
+                const postProof = await signDigest(postDigest, {
+                    phase: "post-execution",
+                    tool: methodName,
+                    agentId,
+                }, signer);
+                proofs.push({
+                    timestamp: new Date().toISOString(),
+                    phase: "post-execution",
+                    tool: methodName,
+                    agentId,
+                    args: args.length === 1 ? args[0] : { _args: args },
+                    output: typeof result === "string" ? result.slice(0, 1000) : result,
+                    proofDigestB64: postDigest,
+                    receipt: postProof,
+                });
+                return { result, proofs };
+            };
+        },
+    });
+}
+/**
+ * Reset the in-memory signer. Useful for testing or when you want to
+ * start a fresh proof chain within the same Worker invocation.
+ */
+export function resetSigner() {
+    signerPromise = undefined;
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,sCAAsC;AACtC,mCAAmC;AAEnC;;;;;;;;;;;;;;;;GAgBG;AAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAwC,MAAM,UAAU,CAAC;AAC3F,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,KAAK,EAAE,MAAM,gBAAgB,CAAC;AA0CrC,MAAM,YAAY;IACP,eAAe,GAAG,MAAe,CAAC;IAClC,WAAW,CAAa;IACxB,UAAU,CAAa;IACvB,YAAY,CAAS;IAC9B,QAAQ,GAAG,EAAE,CAAC;IAEd,YAAY,UAAsB,EAAE,SAAqB,EAAE,WAAmB;QAC5E,IAAI,CAAC,WAAW,GAAG,UAAU,CAAC;QAC9B,IAAI,CAAC,UAAU,GAAG,SAAS,CAAC;QAC5B,IAAI,CAAC,YAAY,GAAG,WAAW,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;QACjC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,IAAgB;QACzB,OAAO,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;IAC9C,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,UAAU;QACd,OAAO,IAAI,CAAC,GAAG,EAAE,CAAC;IACpB,CAAC;CACF;AAED,IAAI,aAA+C,CAAC;AAEpD,KAAK,UAAU,SAAS,CAAC,WAAmB;IAC1C,IAAI,aAAa;QAAE,OAAO,aAAa,CAAC;IAExC,aAAa,GAAG,CAAC,KAAK,IAAI,EAAE;QAC1B,gDAAgD;QAChD,MAAM,UAAU,GAAG,EAAE,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC;QAC/C,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;QAEzD,MAAM,IAAI,GAAG,IAAI,YAAY,CAAC,UAAU,EAAE,SAAS,EAAE,WAAW,CAAC,CAAC;QAElE,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC;YAC/C,IAAI;YACJ,MAAM,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;SACpD,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;QAC9C,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,CAAC;IACvE,CAAC,CAAC,EAAE,CAAC;IAEL,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,8EAA8E;AAC9E,8DAA8D;AAC9D,8EAA8E;AAE9E,SAAS,aAAa,CAAC,KAAiB;IACtC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,WAAW,CAAC,IAAa;IAChC,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7D,OAAO,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AACtC,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,SAAiB,EACjB,QAAiC,EACjC,MAAmB;IAEnB,MAAM,WAAW,GAIb,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;IAE5B,IAAI,MAAM,CAAC,aAAa;QAAE,WAAW,CAAC,gBAAgB,GAAG,MAAM,CAAC,aAAa,CAAC;IAE9E,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;IAEjE,qDAAqD;IACrD,MAAM,SAAS,GAAG,aAAa,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7D,MAAM,CAAC,aAAa,GAAG,SAAS,CAAC;IAEjC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E;;;;;;;;;;GAUG;AACH,MAAM,UAAU,WAAW,CACzB,IAAO,EACP,IAAY,EACZ,OAA8B;IAE9B,MAAM,WAAW,GAAG,OAAO,EAAE,WAAW,IAAI,qBAAqB,CAAC;IAClE,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,mBAAmB,CAAC;IAExD,MAAM,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC;IACrC,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,EAAS,CAAC;IACtF,CAAC;IAED,MAAM,cAAc,GAAG,KAAK,EAAE,GAAG,IAAW,EAA0B,EAAE;QACtE,MAAM,QAAQ,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,CAAC;QAC5C,MAAM,MAAM,GAAoB,EAAE,CAAC;QAEnC,sBAAsB;QACtB,MAAM,SAAS,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC9D,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE;YAC3C,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,IAAI;YACV,OAAO;SACR,EAAE,MAAM,CAAC,CAAC;QAEX,MAAM,CAAC,IAAI,CAAC;YACV,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,eAAe;YACtB,IAAI,EAAE,IAAI;YACV,OAAO;YACP,IAAI,EAAE,QAAQ;YACd,cAAc,EAAE,SAAS;YACzB,OAAO,EAAE,QAAQ;SAClB,CAAC,CAAC;QAEH,wBAAwB;QACxB,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAEvD,uBAAuB;QACvB,MAAM,UAAU,GAAG,WAAW,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC,CAAC;QACvE,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,UAAU,EAAE;YAC7C,KAAK,EAAE,gBAAgB;YACvB,IAAI,EAAE,IAAI;YACV,OAAO;SACR,EAAE,MAAM,CAAC,CAAC;QAEX,MAAM,CAAC,IAAI,CAAC;YACV,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,gBAAgB;YACvB,IAAI,EAAE,IAAI;YACV,OAAO;YACP,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM;YACnE,cAAc,EAAE,UAAU;YAC1B,OAAO,EAAE,SAAS;SACnB,CAAC,CAAC;QAEH,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC5B,CAAC,CAAC;IAEF,OAAO,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,cAAc,EAAS,CAAC;AACrD,CAAC;AAED,8EAA8E;AAC9E,mDAAmD;AACnD,8EAA8E;AAE9E;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,cAAc,CAC5B,OAAU,EACV,IAAY,EACZ,OAA8B;IAE9B,MAAM,WAAW,GAAG,OAAO,EAAE,WAAW,IAAI,qBAAqB,CAAC;IAClE,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,mBAAmB,CAAC;IAExD,OAAO,IAAI,KAAK,CAAC,OAAO,EAAE;QACxB,GAAG,CAAC,MAAM,EAAE,IAAqB;YAC/B,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAe,CAAC,CAAC;YACzC,IAAI,OAAO,QAAQ,KAAK,UAAU;gBAAE,OAAO,QAAQ,CAAC;YAEpD,OAAO,KAAK,EAAE,GAAG,IAAW,EAA0B,EAAE;gBACtD,MAAM,UAAU,GAAG,GAAG,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC7C,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,CAAC;gBAC5C,MAAM,MAAM,GAAoB,EAAE,CAAC;gBAEnC,sBAAsB;gBACtB,MAAM,SAAS,GAAG,WAAW,CAAC;oBAC5B,IAAI,EAAE,UAAU;oBAChB,IAAI,EAAE,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;iBACzC,CAAC,CAAC;gBACH,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE;oBAC3C,KAAK,EAAE,eAAe;oBACtB,IAAI,EAAE,UAAU;oBAChB,OAAO;iBACR,EAAE,MAAM,CAAC,CAAC;gBAEX,MAAM,CAAC,IAAI,CAAC;oBACV,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,KAAK,EAAE,eAAe;oBACtB,IAAI,EAAE,UAAU;oBAChB,OAAO;oBACP,IAAI,EAAE,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE;oBACnD,cAAc,EAAE,SAAS;oBACzB,OAAO,EAAE,QAAQ;iBAClB,CAAC,CAAC;gBAEH,0BAA0B;gBAC1B,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,KAAK,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;gBAElD,uBAAuB;gBACvB,MAAM,UAAU,GAAG,WAAW,CAAC;oBAC7B,IAAI,EAAE,UAAU;oBAChB,IAAI,EAAE,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI;oBACxC,MAAM;iBACP,CAAC,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,UAAU,EAAE;oBAC7C,KAAK,EAAE,gBAAgB;oBACvB,IAAI,EAAE,UAAU;oBAChB,OAAO;iBACR,EAAE,MAAM,CAAC,CAAC;gBAEX,MAAM,CAAC,IAAI,CAAC;oBACV,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,KAAK,EAAE,gBAAgB;oBACvB,IAAI,EAAE,UAAU;oBAChB,OAAO;oBACP,IAAI,EAAE,IAAI,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE;oBACnD,MAAM,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM;oBACnE,cAAc,EAAE,UAAU;oBAC1B,OAAO,EAAE,SAAS;iBACnB,CAAC,CAAC;gBAEH,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;YAC5B,CAAC,CAAC;QACJ,CAAC;KACF,CAAM,CAAC;AACV,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW;IACzB,aAAa,GAAG,SAAS,CAAC;AAC5B,CAAC"}

package/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "occ-cloudflare",
+  "version": "0.1.0",
+  "description": "OCC cryptographic proof signing for Cloudflare Workers tool calls",
+  "author": "Mike Argento",
+  "license": "Apache-2.0",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "src",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "occproof": "^1.0.2",
+    "@noble/ed25519": "^2.1.0",
+    "@noble/hashes": "^1.4.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "@cloudflare/workers-types": ">=4.0.0",
+    "typescript": "^5.4.0"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  }
+}

package/src/index.ts

@@ -0,0 +1,342 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2024-2026 Mike Argento
+
+/**
+ * occ-cloudflare — Cryptographic proof signing for Cloudflare Workers.
+ *
+ * Wraps tool/binding calls with Ed25519-signed proofs. Since Cloudflare
+ * Workers cannot use node:fs, proof entries are returned (not written to
+ * disk). The caller is responsible for storing them (e.g. KV, D1, R2).
+ *
+ * Uses an in-memory signer — no filesystem persistence. Each Worker
+ * invocation starts a fresh proof chain.
+ *
+ * Usage:
+ *   import { occWrapTool, occWrapBinding } from "occ-cloudflare";
+ *
+ *   const wrapped = occWrapTool(myTool, "my-tool");
+ *   const result = await wrapped.execute(args);
+ *   // result.proofs contains the pre/post proof entries
+ */
+
+import { Constructor, canonicalize, type OCCProof, type HostCapabilities } from "occproof";
+import { sha256 } from "@noble/hashes/sha256";
+import * as ed from "@noble/ed25519";
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+export interface OCCCloudflareOptions {
+  /** Measurement string for proof metadata. Default: "occ-cloudflare:stub" */
+  measurement?: string;
+  /** Agent identifier for metadata. Default: "cloudflare-worker" */
+  agentId?: string;
+}
+
+export interface ProofLogEntry {
+  timestamp: string;
+  phase: "pre-execution" | "post-execution";
+  tool: string;
+  agentId: string;
+  args?: Record<string, unknown>;
+  output?: unknown;
+  proofDigestB64: string;
+  receipt: OCCProof;
+}
+
+export interface WrappedResult<T = unknown> {
+  /** The original tool result */
+  result: T;
+  /** Pre and post execution proof entries */
+  proofs: ProofLogEntry[];
+}
+
+// ---------------------------------------------------------------------------
+// In-memory signer (no filesystem, no occ-stub)
+// ---------------------------------------------------------------------------
+
+interface SignerState {
+  constructor: Constructor;
+  host: InMemoryHost;
+  publicKeyB64: string;
+  lastProofHash: string | undefined;
+}
+
+class InMemoryHost implements HostCapabilities {
+  readonly enforcementTier = "stub" as const;
+  readonly #privateKey: Uint8Array;
+  readonly #publicKey: Uint8Array;
+  readonly #measurement: string;
+  #counter = 0n;
+
+  constructor(privateKey: Uint8Array, publicKey: Uint8Array, measurement: string) {
+    this.#privateKey = privateKey;
+    this.#publicKey = publicKey;
+    this.#measurement = measurement;
+  }
+
+  async getMeasurement(): Promise<string> {
+    return this.#measurement;
+  }
+
+  async getFreshNonce(): Promise<Uint8Array> {
+    const nonce = new Uint8Array(32);
+    crypto.getRandomValues(nonce);
+    return nonce;
+  }
+
+  async sign(data: Uint8Array): Promise<Uint8Array> {
+    return ed.signAsync(data, this.#privateKey);
+  }
+
+  async getPublicKey(): Promise<Uint8Array> {
+    return this.#publicKey;
+  }
+
+  async nextCounter(): Promise<string> {
+    this.#counter += 1n;
+    return this.#counter.toString();
+  }
+
+  async secureTime(): Promise<number> {
+    return Date.now();
+  }
+}
+
+let signerPromise: Promise<SignerState> | undefined;
+
+async function getSigner(measurement: string): Promise<SignerState> {
+  if (signerPromise) return signerPromise;
+
+  signerPromise = (async () => {
+    // Generate ephemeral Ed25519 key pair in memory
+    const privateKey = ed.utils.randomPrivateKey();
+    const publicKey = await ed.getPublicKeyAsync(privateKey);
+
+    const host = new InMemoryHost(privateKey, publicKey, measurement);
+
+    const constructor = await Constructor.initialize({
+      host,
+      policy: { requireCounter: true, requireTime: true },
+    });
+
+    const publicKeyB64 = uint8ToBase64(publicKey);
+    return { constructor, host, publicKeyB64, lastProofHash: undefined };
+  })();
+
+  return signerPromise;
+}
+
+// ---------------------------------------------------------------------------
+// Helpers (no Buffer in Workers — use native btoa/Uint8Array)
+// ---------------------------------------------------------------------------
+
+function uint8ToBase64(bytes: Uint8Array): string {
+  let binary = "";
+  for (let i = 0; i < bytes.length; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  return btoa(binary);
+}
+
+function hashPayload(data: unknown): string {
+  const bytes = new TextEncoder().encode(JSON.stringify(data));
+  return uint8ToBase64(sha256(bytes));
+}
+
+async function signDigest(
+  digestB64: string,
+  metadata: Record<string, unknown>,
+  signer: SignerState,
+): Promise<OCCProof> {
+  const commitInput: {
+    digestB64: string;
+    metadata?: Record<string, unknown>;
+    prevProofHashB64?: string;
+  } = { digestB64, metadata };
+
+  if (signer.lastProofHash) commitInput.prevProofHashB64 = signer.lastProofHash;
+
+  const proof = await signer.constructor.commitDigest(commitInput);
+
+  // Chain: store this proof's hash for the next commit
+  const proofHash = uint8ToBase64(sha256(canonicalize(proof)));
+  signer.lastProofHash = proofHash;
+
+  return proof;
+}
+
+// ---------------------------------------------------------------------------
+// Tool wrapper
+// ---------------------------------------------------------------------------
+
+/**
+ * Wrap a single tool's execute function with Ed25519 proof signing.
+ *
+ * Since Cloudflare Workers have no filesystem, proofs are returned
+ * alongside the result rather than written to disk.
+ *
+ * @param tool    - A tool object with an `execute` method
+ * @param name    - A human-readable name for this tool (used in proof metadata)
+ * @param options - Configuration options
+ * @returns A wrapped tool whose execute returns { result, proofs }
+ */
+export function occWrapTool<T extends { execute?: (...args: any[]) => any }>(
+  tool: T,
+  name: string,
+  options?: OCCCloudflareOptions,
+): T & { execute: (...args: any[]) => Promise<WrappedResult> } {
+  const measurement = options?.measurement ?? "occ-cloudflare:stub";
+  const agentId = options?.agentId ?? "cloudflare-worker";
+
+  const originalExecute = tool.execute;
+  if (!originalExecute) {
+    return { ...tool, execute: async () => ({ result: undefined, proofs: [] }) } as any;
+  }
+
+  const wrappedExecute = async (...args: any[]): Promise<WrappedResult> => {
+    const toolArgs = args[0] ?? {};
+    const signer = await getSigner(measurement);
+    const proofs: ProofLogEntry[] = [];
+
+    // Pre-execution proof
+    const preDigest = hashPayload({ tool: name, args: toolArgs });
+    const preProof = await signDigest(preDigest, {
+      phase: "pre-execution",
+      tool: name,
+      agentId,
+    }, signer);
+
+    proofs.push({
+      timestamp: new Date().toISOString(),
+      phase: "pre-execution",
+      tool: name,
+      agentId,
+      args: toolArgs,
+      proofDigestB64: preDigest,
+      receipt: preProof,
+    });
+
+    // Execute the real tool
+    const result = await originalExecute.apply(tool, args);
+
+    // Post-execution proof
+    const postDigest = hashPayload({ tool: name, args: toolArgs, result });
+    const postProof = await signDigest(postDigest, {
+      phase: "post-execution",
+      tool: name,
+      agentId,
+    }, signer);
+
+    proofs.push({
+      timestamp: new Date().toISOString(),
+      phase: "post-execution",
+      tool: name,
+      agentId,
+      args: toolArgs,
+      output: typeof result === "string" ? result.slice(0, 1000) : result,
+      proofDigestB64: postDigest,
+      receipt: postProof,
+    });
+
+    return { result, proofs };
+  };
+
+  return { ...tool, execute: wrappedExecute } as any;
+}
+
+// ---------------------------------------------------------------------------
+// Binding wrapper (Service Bindings, KV, D1, etc.)
+// ---------------------------------------------------------------------------
+
+/**
+ * Wrap a Cloudflare binding (Service Binding, KV namespace, D1, etc.)
+ * so that every method call produces pre/post proof entries.
+ *
+ * Returns a Proxy around the binding. Each method call returns
+ * `{ result, proofs }` instead of the raw result.
+ *
+ * @param binding - A Cloudflare binding object (e.g. env.MY_SERVICE)
+ * @param name    - A human-readable name for this binding
+ * @param options - Configuration options
+ * @returns A proxied binding with proof-wrapped methods
+ */
+export function occWrapBinding<B extends Record<string, any>>(
+  binding: B,
+  name: string,
+  options?: OCCCloudflareOptions,
+): B {
+  const measurement = options?.measurement ?? "occ-cloudflare:stub";
+  const agentId = options?.agentId ?? "cloudflare-worker";
+
+  return new Proxy(binding, {
+    get(target, prop: string | symbol) {
+      const original = target[prop as keyof B];
+      if (typeof original !== "function") return original;
+
+      return async (...args: any[]): Promise<WrappedResult> => {
+        const methodName = `${name}.${String(prop)}`;
+        const signer = await getSigner(measurement);
+        const proofs: ProofLogEntry[] = [];
+
+        // Pre-execution proof
+        const preDigest = hashPayload({
+          tool: methodName,
+          args: args.length === 1 ? args[0] : args,
+        });
+        const preProof = await signDigest(preDigest, {
+          phase: "pre-execution",
+          tool: methodName,
+          agentId,
+        }, signer);
+
+        proofs.push({
+          timestamp: new Date().toISOString(),
+          phase: "pre-execution",
+          tool: methodName,
+          agentId,
+          args: args.length === 1 ? args[0] : { _args: args },
+          proofDigestB64: preDigest,
+          receipt: preProof,
+        });
+
+        // Execute the real method
+        const result = await original.apply(target, args);
+
+        // Post-execution proof
+        const postDigest = hashPayload({
+          tool: methodName,
+          args: args.length === 1 ? args[0] : args,
+          result,
+        });
+        const postProof = await signDigest(postDigest, {
+          phase: "post-execution",
+          tool: methodName,
+          agentId,
+        }, signer);
+
+        proofs.push({
+          timestamp: new Date().toISOString(),
+          phase: "post-execution",
+          tool: methodName,
+          agentId,
+          args: args.length === 1 ? args[0] : { _args: args },
+          output: typeof result === "string" ? result.slice(0, 1000) : result,
+          proofDigestB64: postDigest,
+          receipt: postProof,
+        });
+
+        return { result, proofs };
+      };
+    },
+  }) as B;
+}
+
+/**
+ * Reset the in-memory signer. Useful for testing or when you want to
+ * start a fresh proof chain within the same Worker invocation.
+ */
+export function resetSigner(): void {
+  signerPromise = undefined;
+}