occ-openai 0.1.0

package/README.md

@@ -0,0 +1,76 @@
+# occ-openai
+
+Cryptographic proof signing for OpenAI Node SDK tool calls. Every tool call gets an Ed25519-signed proof written to `proof.jsonl`.
+
+## Install
+
+```bash
+npm install occ-openai openai
+```
+
+## Usage
+
+### Wrap the client
+
+```typescript
+import OpenAI from "openai";
+import { wrapOpenAI } from "occ-openai";
+
+const client = wrapOpenAI(new OpenAI(), {
+  proofFile: "proof.jsonl",    // default
+  agentId: "my-agent",
+});
+
+// Use as normal — tool calls are automatically signed
+const response = await client.chat.completions.create({
+  model: "gpt-4o",
+  messages: [{ role: "user", content: "What's the weather?" }],
+  tools: [{
+    type: "function",
+    function: {
+      name: "get_weather",
+      parameters: { type: "object", properties: { city: { type: "string" } } },
+    },
+  }],
+});
+```
+
+### Sign tool execution results
+
+When you execute tool calls in your own loop, sign the results too:
+
+```typescript
+import { signToolResult } from "occ-openai";
+
+// After executing the tool
+const result = await getWeather({ city: "Buffalo" });
+
+// Sign the result
+await signToolResult("get_weather", { city: "Buffalo" }, result);
+```
+
+## Configuration
+
+```typescript
+interface WrapOpenAIOptions {
+  proofFile?: string;    // Default: "proof.jsonl"
+  statePath?: string;    // Default: ".occ/signer-state.json"
+  measurement?: string;  // Default: "occ-openai:stub"
+  agentId?: string;      // Default: "openai-agent"
+}
+```
+
+## How it works
+
+1. `wrapOpenAI()` returns a Proxy around your OpenAI client
+2. When `chat.completions.create()` returns tool calls, each one is signed
+3. Pre-execution proof: Ed25519 signature over SHA-256 of tool name + arguments
+4. Post-execution proof (via `signToolResult`): signature over tool name + args + result
+5. Both proofs are chained via `prevB64` for tamper-evident ordering
+6. All proofs written to `proof.jsonl` as append-only log
+
+## Verify
+
+```bash
+npx occ-mcp-proxy verify proof.jsonl
+```

package/dist/index.d.ts

@@ -0,0 +1,55 @@
+/**
+ * occ-openai — Cryptographic proof signing for OpenAI Node SDK tool calls.
+ *
+ * Wraps an OpenAI client so that every tool call in a chat completion response
+ * gets an Ed25519-signed pre/post proof pair written to a local proof.jsonl.
+ *
+ * Usage:
+ *   import OpenAI from "openai";
+ *   import { wrapOpenAI } from "occ-openai";
+ *
+ *   const client = wrapOpenAI(new OpenAI());
+ *   const response = await client.chat.completions.create({ ... });
+ */
+import { type OCCProof } from "occproof";
+export interface WrapOpenAIOptions {
+    /** Path to proof log file. Default: "proof.jsonl" */
+    proofFile?: string;
+    /** Path to signer state file. Default: ".occ/signer-state.json" */
+    statePath?: string;
+    /** Measurement string for proof metadata. Default: "occ-openai:stub" */
+    measurement?: string;
+    /** Agent identifier for metadata. Default: "openai-agent" */
+    agentId?: string;
+}
+/**
+ * Wrap an OpenAI client instance to produce Ed25519-signed proofs for
+ * every tool call in chat completion responses.
+ *
+ * The returned client is a Proxy — all non-completion methods pass through
+ * unchanged. Only `client.chat.completions.create()` is intercepted.
+ *
+ * @param client  - An OpenAI client instance
+ * @param options - Configuration options
+ * @returns A wrapped OpenAI client (same type)
+ */
+export declare function wrapOpenAI<T extends {
+    chat: {
+        completions: {
+            create: (...args: any[]) => any;
+        };
+    };
+}>(client: T, options?: WrapOpenAIOptions): T;
+/**
+ * Sign a tool execution result after the tool function has been called.
+ *
+ * Use this to create post-execution proofs when you handle tool calls
+ * in your own execution loop.
+ *
+ * @param toolName - Name of the tool that was executed
+ * @param toolArgs - Arguments passed to the tool
+ * @param result   - The tool execution result
+ * @param options  - Configuration options
+ */
+export declare function signToolResult(toolName: string, toolArgs: Record<string, unknown>, result: unknown, options?: WrapOpenAIOptions): Promise<OCCProof>;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAA6B,KAAK,QAAQ,EAAE,MAAM,UAAU,CAAC;AAUpE,MAAM,WAAW,iBAAiB;IAChC,qDAAqD;IACrD,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,mEAAmE;IACnE,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,wEAAwE;IACxE,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,6DAA6D;IAC7D,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAoGD;;;;;;;;;;GAUG;AACH,wBAAgB,UAAU,CAAC,CAAC,SAAS;IAAE,IAAI,EAAE;QAAE,WAAW,EAAE;YAAE,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,CAAA;SAAE,CAAA;KAAE,CAAA;CAAE,EACjG,MAAM,EAAE,CAAC,EACT,OAAO,CAAC,EAAE,iBAAiB,GAC1B,CAAC,CAiFH;AAED;;;;;;;;;;GAUG;AACH,wBAAsB,cAAc,CAClC,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,MAAM,EAAE,OAAO,EACf,OAAO,CAAC,EAAE,iBAAiB,GAC1B,OAAO,CAAC,QAAQ,CAAC,CAgCnB"}

package/dist/index.js

@@ -0,0 +1,200 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2024-2026 Mike Argento
+/**
+ * occ-openai — Cryptographic proof signing for OpenAI Node SDK tool calls.
+ *
+ * Wraps an OpenAI client so that every tool call in a chat completion response
+ * gets an Ed25519-signed pre/post proof pair written to a local proof.jsonl.
+ *
+ * Usage:
+ *   import OpenAI from "openai";
+ *   import { wrapOpenAI } from "occ-openai";
+ *
+ *   const client = wrapOpenAI(new OpenAI());
+ *   const response = await client.chat.completions.create({ ... });
+ */
+import { Constructor, canonicalize } from "occproof";
+import { StubHost } from "occ-stub";
+import { sha256 } from "@noble/hashes/sha256";
+import { appendFileSync, writeFileSync, existsSync, mkdirSync } from "node:fs";
+import { resolve, dirname } from "node:path";
+const signerCache = new Map();
+async function getSigner(statePath, measurement) {
+    const key = statePath;
+    let cached = signerCache.get(key);
+    if (cached)
+        return cached;
+    cached = (async () => {
+        const stub = await StubHost.createPersistent({
+            statePath,
+            measurement,
+            enableTime: true,
+            enableCounter: true,
+        });
+        const constructor = await Constructor.initialize({
+            host: stub.host,
+            policy: { requireCounter: true, requireTime: true },
+        });
+        const publicKeyB64 = Buffer.from(stub.publicKeyBytes).toString("base64");
+        return { constructor, stub, publicKeyB64 };
+    })();
+    signerCache.set(key, cached);
+    return cached;
+}
+// ---------------------------------------------------------------------------
+// Proof writer
+// ---------------------------------------------------------------------------
+function appendProof(entry, proofFile) {
+    if (!existsSync(proofFile)) {
+        mkdirSync(dirname(resolve(proofFile)), { recursive: true });
+        writeFileSync(proofFile, "");
+    }
+    appendFileSync(proofFile, JSON.stringify(entry) + "\n");
+}
+// ---------------------------------------------------------------------------
+// Core signing
+// ---------------------------------------------------------------------------
+async function signDigest(digestB64, metadata, signer) {
+    const prevHash = signer.stub.getLastProofHash();
+    const commitInput = { digestB64, metadata };
+    if (prevHash)
+        commitInput.prevProofHashB64 = prevHash;
+    const proof = await signer.constructor.commitDigest(commitInput);
+    // Chain: store this proof's hash for the next commit
+    const proofHash = Buffer.from(sha256(canonicalize(proof))).toString("base64");
+    signer.stub.setLastProofHash(proofHash);
+    return proof;
+}
+function hashPayload(data) {
+    const bytes = new TextEncoder().encode(JSON.stringify(data));
+    return Buffer.from(sha256(bytes)).toString("base64");
+}
+// ---------------------------------------------------------------------------
+// OpenAI wrapper
+// ---------------------------------------------------------------------------
+/**
+ * Wrap an OpenAI client instance to produce Ed25519-signed proofs for
+ * every tool call in chat completion responses.
+ *
+ * The returned client is a Proxy — all non-completion methods pass through
+ * unchanged. Only `client.chat.completions.create()` is intercepted.
+ *
+ * @param client  - An OpenAI client instance
+ * @param options - Configuration options
+ * @returns A wrapped OpenAI client (same type)
+ */
+export function wrapOpenAI(client, options) {
+    const proofFile = resolve(options?.proofFile ?? "proof.jsonl");
+    const statePath = resolve(options?.statePath ?? ".occ/signer-state.json");
+    const measurement = options?.measurement ?? "occ-openai:stub";
+    const agentId = options?.agentId ?? "openai-agent";
+    // Deep proxy: client.chat.completions.create
+    const originalCreate = client.chat.completions.create.bind(client.chat.completions);
+    const wrappedCreate = async (...args) => {
+        const response = await originalCreate(...args);
+        // Only sign if the response has tool calls
+        const choices = response?.choices;
+        if (!choices || !Array.isArray(choices))
+            return response;
+        const signer = await getSigner(statePath, measurement);
+        for (const choice of choices) {
+            const toolCalls = choice?.message?.tool_calls;
+            if (!toolCalls || !Array.isArray(toolCalls))
+                continue;
+            for (const toolCall of toolCalls) {
+                const toolName = toolCall.function?.name ?? "unknown";
+                let toolArgs = {};
+                try {
+                    toolArgs = JSON.parse(toolCall.function?.arguments ?? "{}");
+                }
+                catch {
+                    toolArgs = { raw: toolCall.function?.arguments };
+                }
+                // Pre-execution proof: sign the tool call input
+                const preDigest = hashPayload({
+                    tool: toolName,
+                    args: toolArgs,
+                    callId: toolCall.id,
+                });
+                const preProof = await signDigest(preDigest, {
+                    phase: "pre-execution",
+                    tool: toolName,
+                    callId: toolCall.id,
+                    agentId,
+                }, signer);
+                appendProof({
+                    timestamp: new Date().toISOString(),
+                    phase: "pre-execution",
+                    tool: toolName,
+                    agentId,
+                    args: toolArgs,
+                    proofDigestB64: preDigest,
+                    receipt: preProof,
+                }, proofFile);
+            }
+        }
+        return response;
+    };
+    // Build the proxy chain
+    const wrappedCompletions = new Proxy(client.chat.completions, {
+        get(target, prop) {
+            if (prop === "create")
+                return wrappedCreate;
+            return target[prop];
+        },
+    });
+    const wrappedChat = new Proxy(client.chat, {
+        get(target, prop) {
+            if (prop === "completions")
+                return wrappedCompletions;
+            return target[prop];
+        },
+    });
+    return new Proxy(client, {
+        get(target, prop) {
+            if (prop === "chat")
+                return wrappedChat;
+            return target[prop];
+        },
+    });
+}
+/**
+ * Sign a tool execution result after the tool function has been called.
+ *
+ * Use this to create post-execution proofs when you handle tool calls
+ * in your own execution loop.
+ *
+ * @param toolName - Name of the tool that was executed
+ * @param toolArgs - Arguments passed to the tool
+ * @param result   - The tool execution result
+ * @param options  - Configuration options
+ */
+export async function signToolResult(toolName, toolArgs, result, options) {
+    const proofFile = resolve(options?.proofFile ?? "proof.jsonl");
+    const statePath = resolve(options?.statePath ?? ".occ/signer-state.json");
+    const measurement = options?.measurement ?? "occ-openai:stub";
+    const agentId = options?.agentId ?? "openai-agent";
+    const signer = await getSigner(statePath, measurement);
+    const postDigest = hashPayload({
+        tool: toolName,
+        args: toolArgs,
+        result,
+    });
+    const postProof = await signDigest(postDigest, {
+        phase: "post-execution",
+        tool: toolName,
+        agentId,
+    }, signer);
+    appendProof({
+        timestamp: new Date().toISOString(),
+        phase: "post-execution",
+        tool: toolName,
+        agentId,
+        args: toolArgs,
+        output: typeof result === "string" ? result.slice(0, 1000) : result,
+        proofDigestB64: postDigest,
+        receipt: postProof,
+    }, proofFile);
+    return postProof;
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,sCAAsC;AACtC,mCAAmC;AAEnC;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,WAAW,EAAE,YAAY,EAAiB,MAAM,UAAU,CAAC;AACpE,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAC;AACpC,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,aAAa,EAAE,UAAU,EAAgB,SAAS,EAAE,MAAM,SAAS,CAAC;AAC7F,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAsC7C,MAAM,WAAW,GAAG,IAAI,GAAG,EAAgC,CAAC;AAE5D,KAAK,UAAU,SAAS,CAAC,SAAiB,EAAE,WAAmB;IAC7D,MAAM,GAAG,GAAG,SAAS,CAAC;IACtB,IAAI,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,GAAG,CAAC,KAAK,IAAI,EAAE;QACnB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC;YAC3C,SAAS;YACT,WAAW;YACX,UAAU,EAAE,IAAI;YAChB,aAAa,EAAE,IAAI;SACpB,CAAC,CAAC;QAEH,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC;YAC/C,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,EAAE;SACpD,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACzE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,EAAE,CAAC;IAC7C,CAAC,CAAC,EAAE,CAAC;IAEL,WAAW,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC7B,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,SAAS,WAAW,CAAC,KAAoB,EAAE,SAAiB;IAC1D,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3B,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5D,aAAa,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IAC/B,CAAC;IACD,cAAc,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,IAAI,CAAC,CAAC;AAC1D,CAAC;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,KAAK,UAAU,UAAU,CACvB,SAAiB,EACjB,QAAiC,EACjC,MAAmB;IAEnB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC;IAEhD,MAAM,WAAW,GAIb,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;IAE5B,IAAI,QAAQ;QAAE,WAAW,CAAC,gBAAgB,GAAG,QAAQ,CAAC;IAEtD,MAAM,KAAK,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,YAAY,CAAC,WAAW,CAAC,CAAC;IAEjE,qDAAqD;IACrD,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC9E,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;IAExC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,WAAW,CAAC,IAAa;IAChC,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7D,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACvD,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E;;;;;;;;;;GAUG;AACH,MAAM,UAAU,UAAU,CACxB,MAAS,EACT,OAA2B;IAE3B,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,EAAE,SAAS,IAAI,aAAa,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,EAAE,SAAS,IAAI,wBAAwB,CAAC,CAAC;IAC1E,MAAM,WAAW,GAAG,OAAO,EAAE,WAAW,IAAI,iBAAiB,CAAC;IAC9D,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,cAAc,CAAC;IAEnD,6CAA6C;IAC7C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;IAEpF,MAAM,aAAa,GAAG,KAAK,EAAE,GAAG,IAAW,EAAgB,EAAE;QAC3D,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC;QAE/C,2CAA2C;QAC3C,MAAM,OAAO,GAAG,QAAQ,EAAE,OAAO,CAAC;QAClC,IAAI,CAAC,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC;YAAE,OAAO,QAAQ,CAAC;QAEzD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAEvD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,MAAM,SAAS,GAAG,MAAM,EAAE,OAAO,EAAE,UAAU,CAAC;YAC9C,IAAI,CAAC,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC;gBAAE,SAAS;YAEtD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,EAAE,IAAI,IAAI,SAAS,CAAC;gBACtD,IAAI,QAAQ,GAA4B,EAAE,CAAC;gBAC3C,IAAI,CAAC;oBACH,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,QAAQ,EAAE,SAAS,IAAI,IAAI,CAAC,CAAC;gBAC9D,CAAC;gBAAC,MAAM,CAAC;oBACP,QAAQ,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,QAAQ,EAAE,SAAS,EAAE,CAAC;gBACnD,CAAC;gBAED,gDAAgD;gBAChD,MAAM,SAAS,GAAG,WAAW,CAAC;oBAC5B,IAAI,EAAE,QAAQ;oBACd,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ,CAAC,EAAE;iBACpB,CAAC,CAAC;gBAEH,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,SAAS,EAAE;oBAC3C,KAAK,EAAE,eAAe;oBACtB,IAAI,EAAE,QAAQ;oBACd,MAAM,EAAE,QAAQ,CAAC,EAAE;oBACnB,OAAO;iBACR,EAAE,MAAM,CAAC,CAAC;gBAEX,WAAW,CAAC;oBACV,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACnC,KAAK,EAAE,eAAe;oBACtB,IAAI,EAAE,QAAQ;oBACd,OAAO;oBACP,IAAI,EAAE,QAAQ;oBACd,cAAc,EAAE,SAAS;oBACzB,OAAO,EAAE,QAAQ;iBAClB,EAAE,SAAS,CAAC,CAAC;YAChB,CAAC;QACH,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;IAEF,wBAAwB;IACxB,MAAM,kBAAkB,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE;QAC5D,GAAG,CAAC,MAAW,EAAE,IAAqB;YACpC,IAAI,IAAI,KAAK,QAAQ;gBAAE,OAAO,aAAa,CAAC;YAC5C,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,WAAW,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,IAAI,EAAE;QACzC,GAAG,CAAC,MAAW,EAAE,IAAqB;YACpC,IAAI,IAAI,KAAK,aAAa;gBAAE,OAAO,kBAAkB,CAAC;YACtD,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;KACF,CAAC,CAAC;IAEH,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE;QACvB,GAAG,CAAC,MAAW,EAAE,IAAqB;YACpC,IAAI,IAAI,KAAK,MAAM;gBAAE,OAAO,WAAW,CAAC;YACxC,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC;QACtB,CAAC;KACF,CAAM,CAAC;AACV,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,QAAgB,EAChB,QAAiC,EACjC,MAAe,EACf,OAA2B;IAE3B,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,EAAE,SAAS,IAAI,aAAa,CAAC,CAAC;IAC/D,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,EAAE,SAAS,IAAI,wBAAwB,CAAC,CAAC;IAC1E,MAAM,WAAW,GAAG,OAAO,EAAE,WAAW,IAAI,iBAAiB,CAAC;IAC9D,MAAM,OAAO,GAAG,OAAO,EAAE,OAAO,IAAI,cAAc,CAAC;IAEnD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;IAEvD,MAAM,UAAU,GAAG,WAAW,CAAC;QAC7B,IAAI,EAAE,QAAQ;QACd,IAAI,EAAE,QAAQ;QACd,MAAM;KACP,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,MAAM,UAAU,CAAC,UAAU,EAAE;QAC7C,KAAK,EAAE,gBAAgB;QACvB,IAAI,EAAE,QAAQ;QACd,OAAO;KACR,EAAE,MAAM,CAAC,CAAC;IAEX,WAAW,CAAC;QACV,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,KAAK,EAAE,gBAAgB;QACvB,IAAI,EAAE,QAAQ;QACd,OAAO;QACP,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM;QACnE,cAAc,EAAE,UAAU;QAC1B,OAAO,EAAE,SAAS;KACnB,EAAE,SAAS,CAAC,CAAC;IAEd,OAAO,SAAS,CAAC;AACnB,CAAC"}

package/package.json

@@ -0,0 +1,42 @@
+{
+  "name": "occ-openai",
+  "version": "0.1.0",
+  "description": "OCC cryptographic proof signing for OpenAI Node SDK tool calls",
+  "author": "Mike Argento",
+  "license": "Apache-2.0",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "src",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "occproof": "^1.0.2",
+    "occ-stub": "^1.0.0",
+    "@noble/ed25519": "^2.1.0",
+    "@noble/hashes": "^1.4.0"
+  },
+  "peerDependencies": {
+    "openai": ">=4.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "openai": ">=4.0.0",
+    "typescript": "^5.4.0"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  }
+}

package/src/index.ts

@@ -0,0 +1,282 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2024-2026 Mike Argento
+
+/**
+ * occ-openai — Cryptographic proof signing for OpenAI Node SDK tool calls.
+ *
+ * Wraps an OpenAI client so that every tool call in a chat completion response
+ * gets an Ed25519-signed pre/post proof pair written to a local proof.jsonl.
+ *
+ * Usage:
+ *   import OpenAI from "openai";
+ *   import { wrapOpenAI } from "occ-openai";
+ *
+ *   const client = wrapOpenAI(new OpenAI());
+ *   const response = await client.chat.completions.create({ ... });
+ */
+
+import { Constructor, canonicalize, type OCCProof } from "occproof";
+import { StubHost } from "occ-stub";
+import { sha256 } from "@noble/hashes/sha256";
+import { appendFileSync, writeFileSync, existsSync, readFileSync, mkdirSync } from "node:fs";
+import { resolve, dirname } from "node:path";
+
+// ---------------------------------------------------------------------------
+// Types
+// ---------------------------------------------------------------------------
+
+export interface WrapOpenAIOptions {
+  /** Path to proof log file. Default: "proof.jsonl" */
+  proofFile?: string;
+  /** Path to signer state file. Default: ".occ/signer-state.json" */
+  statePath?: string;
+  /** Measurement string for proof metadata. Default: "occ-openai:stub" */
+  measurement?: string;
+  /** Agent identifier for metadata. Default: "openai-agent" */
+  agentId?: string;
+}
+
+interface ProofLogEntry {
+  timestamp: string;
+  phase: "pre-execution" | "post-execution";
+  tool: string;
+  agentId: string;
+  args?: Record<string, unknown>;
+  output?: unknown;
+  proofDigestB64: string;
+  receipt: OCCProof;
+}
+
+// ---------------------------------------------------------------------------
+// Signer singleton
+// ---------------------------------------------------------------------------
+
+interface SignerState {
+  constructor: Constructor;
+  stub: StubHost;
+  publicKeyB64: string;
+}
+
+const signerCache = new Map<string, Promise<SignerState>>();
+
+async function getSigner(statePath: string, measurement: string): Promise<SignerState> {
+  const key = statePath;
+  let cached = signerCache.get(key);
+  if (cached) return cached;
+
+  cached = (async () => {
+    const stub = await StubHost.createPersistent({
+      statePath,
+      measurement,
+      enableTime: true,
+      enableCounter: true,
+    });
+
+    const constructor = await Constructor.initialize({
+      host: stub.host,
+      policy: { requireCounter: true, requireTime: true },
+    });
+
+    const publicKeyB64 = Buffer.from(stub.publicKeyBytes).toString("base64");
+    return { constructor, stub, publicKeyB64 };
+  })();
+
+  signerCache.set(key, cached);
+  return cached;
+}
+
+// ---------------------------------------------------------------------------
+// Proof writer
+// ---------------------------------------------------------------------------
+
+function appendProof(entry: ProofLogEntry, proofFile: string): void {
+  if (!existsSync(proofFile)) {
+    mkdirSync(dirname(resolve(proofFile)), { recursive: true });
+    writeFileSync(proofFile, "");
+  }
+  appendFileSync(proofFile, JSON.stringify(entry) + "\n");
+}
+
+// ---------------------------------------------------------------------------
+// Core signing
+// ---------------------------------------------------------------------------
+
+async function signDigest(
+  digestB64: string,
+  metadata: Record<string, unknown>,
+  signer: SignerState,
+): Promise<OCCProof> {
+  const prevHash = signer.stub.getLastProofHash();
+
+  const commitInput: {
+    digestB64: string;
+    metadata?: Record<string, unknown>;
+    prevProofHashB64?: string;
+  } = { digestB64, metadata };
+
+  if (prevHash) commitInput.prevProofHashB64 = prevHash;
+
+  const proof = await signer.constructor.commitDigest(commitInput);
+
+  // Chain: store this proof's hash for the next commit
+  const proofHash = Buffer.from(sha256(canonicalize(proof))).toString("base64");
+  signer.stub.setLastProofHash(proofHash);
+
+  return proof;
+}
+
+function hashPayload(data: unknown): string {
+  const bytes = new TextEncoder().encode(JSON.stringify(data));
+  return Buffer.from(sha256(bytes)).toString("base64");
+}
+
+// ---------------------------------------------------------------------------
+// OpenAI wrapper
+// ---------------------------------------------------------------------------
+
+/**
+ * Wrap an OpenAI client instance to produce Ed25519-signed proofs for
+ * every tool call in chat completion responses.
+ *
+ * The returned client is a Proxy — all non-completion methods pass through
+ * unchanged. Only `client.chat.completions.create()` is intercepted.
+ *
+ * @param client  - An OpenAI client instance
+ * @param options - Configuration options
+ * @returns A wrapped OpenAI client (same type)
+ */
+export function wrapOpenAI<T extends { chat: { completions: { create: (...args: any[]) => any } } }>(
+  client: T,
+  options?: WrapOpenAIOptions,
+): T {
+  const proofFile = resolve(options?.proofFile ?? "proof.jsonl");
+  const statePath = resolve(options?.statePath ?? ".occ/signer-state.json");
+  const measurement = options?.measurement ?? "occ-openai:stub";
+  const agentId = options?.agentId ?? "openai-agent";
+
+  // Deep proxy: client.chat.completions.create
+  const originalCreate = client.chat.completions.create.bind(client.chat.completions);
+
+  const wrappedCreate = async (...args: any[]): Promise<any> => {
+    const response = await originalCreate(...args);
+
+    // Only sign if the response has tool calls
+    const choices = response?.choices;
+    if (!choices || !Array.isArray(choices)) return response;
+
+    const signer = await getSigner(statePath, measurement);
+
+    for (const choice of choices) {
+      const toolCalls = choice?.message?.tool_calls;
+      if (!toolCalls || !Array.isArray(toolCalls)) continue;
+
+      for (const toolCall of toolCalls) {
+        const toolName = toolCall.function?.name ?? "unknown";
+        let toolArgs: Record<string, unknown> = {};
+        try {
+          toolArgs = JSON.parse(toolCall.function?.arguments ?? "{}");
+        } catch {
+          toolArgs = { raw: toolCall.function?.arguments };
+        }
+
+        // Pre-execution proof: sign the tool call input
+        const preDigest = hashPayload({
+          tool: toolName,
+          args: toolArgs,
+          callId: toolCall.id,
+        });
+
+        const preProof = await signDigest(preDigest, {
+          phase: "pre-execution",
+          tool: toolName,
+          callId: toolCall.id,
+          agentId,
+        }, signer);
+
+        appendProof({
+          timestamp: new Date().toISOString(),
+          phase: "pre-execution",
+          tool: toolName,
+          agentId,
+          args: toolArgs,
+          proofDigestB64: preDigest,
+          receipt: preProof,
+        }, proofFile);
+      }
+    }
+
+    return response;
+  };
+
+  // Build the proxy chain
+  const wrappedCompletions = new Proxy(client.chat.completions, {
+    get(target: any, prop: string | symbol) {
+      if (prop === "create") return wrappedCreate;
+      return target[prop];
+    },
+  });
+
+  const wrappedChat = new Proxy(client.chat, {
+    get(target: any, prop: string | symbol) {
+      if (prop === "completions") return wrappedCompletions;
+      return target[prop];
+    },
+  });
+
+  return new Proxy(client, {
+    get(target: any, prop: string | symbol) {
+      if (prop === "chat") return wrappedChat;
+      return target[prop];
+    },
+  }) as T;
+}
+
+/**
+ * Sign a tool execution result after the tool function has been called.
+ *
+ * Use this to create post-execution proofs when you handle tool calls
+ * in your own execution loop.
+ *
+ * @param toolName - Name of the tool that was executed
+ * @param toolArgs - Arguments passed to the tool
+ * @param result   - The tool execution result
+ * @param options  - Configuration options
+ */
+export async function signToolResult(
+  toolName: string,
+  toolArgs: Record<string, unknown>,
+  result: unknown,
+  options?: WrapOpenAIOptions,
+): Promise<OCCProof> {
+  const proofFile = resolve(options?.proofFile ?? "proof.jsonl");
+  const statePath = resolve(options?.statePath ?? ".occ/signer-state.json");
+  const measurement = options?.measurement ?? "occ-openai:stub";
+  const agentId = options?.agentId ?? "openai-agent";
+
+  const signer = await getSigner(statePath, measurement);
+
+  const postDigest = hashPayload({
+    tool: toolName,
+    args: toolArgs,
+    result,
+  });
+
+  const postProof = await signDigest(postDigest, {
+    phase: "post-execution",
+    tool: toolName,
+    agentId,
+  }, signer);
+
+  appendProof({
+    timestamp: new Date().toISOString(),
+    phase: "post-execution",
+    tool: toolName,
+    agentId,
+    args: toolArgs,
+    output: typeof result === "string" ? result.slice(0, 1000) : result,
+    proofDigestB64: postDigest,
+    receipt: postProof,
+  }, proofFile);
+
+  return postProof;
+}