opmsec 0.1.0 → 0.1.3

package/packages/contracts/circuits/accuracy_verifier.circom

@@ -0,0 +1,101 @@
+pragma circom 2.1.0;
+
+include "node_modules/circomlib/circuits/comparators.circom";
+include "node_modules/circomlib/circuits/poseidon.circom";
+
+/**
+ * AccuracyVerifier circuit for OPM agent registration.
+ *
+ * Proves that a candidate agent achieved 100% accuracy on a
+ * benchmark suite without revealing the individual test results
+ * or the expected outputs.
+ *
+ * Private inputs:
+ *   - expected[N]: expected risk level ordinals (0=LOW, 1=MEDIUM, 2=HIGH, 3=CRITICAL)
+ *   - actual[N]:   actual risk level ordinals from the candidate agent
+ *   - salt:        random blinding factor for the commitment
+ *
+ * Public inputs:
+ *   - commitmentHash: Poseidon hash of (salt, expected[0..N-1])
+ *
+ * Public outputs:
+ *   - passed: 1 if all expected[i] == actual[i], 0 otherwise
+ *   - proofHash: Poseidon hash binding the result to the commitment
+ *
+ * Compilation:
+ *   circom accuracy_verifier.circom --r1cs --wasm --sym -o build/
+ *
+ * Trusted setup:
+ *   snarkjs groth16 setup build/accuracy_verifier.r1cs pot12_final.ptau build/accuracy_verifier_0000.zkey
+ *   snarkjs zkey contribute build/accuracy_verifier_0000.zkey build/accuracy_verifier_final.zkey --name="opm-ceremony"
+ *   snarkjs zkey export verificationkey build/accuracy_verifier_final.zkey build/verification_key.json
+ *
+ * Prove:
+ *   snarkjs groth16 prove build/accuracy_verifier_final.zkey build/accuracy_verifier_js/accuracy_verifier.wasm input.json build/proof.json build/public.json
+ *
+ * Verify:
+ *   snarkjs groth16 verify build/verification_key.json build/public.json build/proof.json
+ *
+ * Export Solidity verifier:
+ *   snarkjs zkey export solidityverifier build/accuracy_verifier_final.zkey contracts/AccuracyVerifier.sol
+ */
+
+template AccuracyVerifier(N) {
+    // Private inputs
+    signal input expected[N];
+    signal input actual[N];
+    signal input salt;
+
+    // Public inputs
+    signal input commitmentHash;
+
+    // Public outputs
+    signal output passed;
+    signal output proofHash;
+
+    // Step 1: Verify commitment — hash(salt, expected[0..N-1]) must equal commitmentHash
+    // We chain Poseidon hashes since Poseidon has a limited arity
+    component commitHashers[N];
+    signal commitChain[N + 1];
+    commitChain[0] <== salt;
+
+    for (var i = 0; i < N; i++) {
+        commitHashers[i] = Poseidon(2);
+        commitHashers[i].inputs[0] <== commitChain[i];
+        commitHashers[i].inputs[1] <== expected[i];
+        commitChain[i + 1] <== commitHashers[i].out;
+    }
+
+    // Verify the commitment matches
+    commitChain[N] === commitmentHash;
+
+    // Step 2: Check equality for each test case
+    component isEq[N];
+    signal matchBits[N];
+
+    for (var i = 0; i < N; i++) {
+        isEq[i] = IsEqual();
+        isEq[i].in[0] <== expected[i];
+        isEq[i].in[1] <== actual[i];
+        matchBits[i] <== isEq[i].out;  // 1 if match, 0 if mismatch
+    }
+
+    // Step 3: Compute product of all match bits (1 iff all match)
+    signal product[N];
+    product[0] <== matchBits[0];
+    for (var i = 1; i < N; i++) {
+        product[i] <== product[i - 1] * matchBits[i];
+    }
+
+    passed <== product[N - 1];
+
+    // Step 4: Compute proof hash binding result to commitment
+    component proofHasher = Poseidon(3);
+    proofHasher.inputs[0] <== commitmentHash;
+    proofHasher.inputs[1] <== passed;
+    proofHasher.inputs[2] <== salt;
+    proofHash <== proofHasher.out;
+}
+
+// Instantiate with 10 benchmark test cases
+component main { public [commitmentHash] } = AccuracyVerifier(10);

package/packages/contracts/contracts/OPMRegistry.sol

@@ -47,6 +47,27 @@ contract OPMRegistry {
     event ReportURISet(string name, string version, string uri);
     event AuthorRegistered(address addr, string ensName);
     event AgentAuthorized(address agent, bool status);
+    event AgentRegistered(
+        address indexed agent,
+        string name,
+        string model,
+        bytes32 systemPromptHash,
+        bytes32 proofHash,
+        uint256 timestamp
+    );
+
+    struct RegisteredAgent {
+        address agentAddress;
+        string name;
+        string model;
+        bytes32 systemPromptHash;
+        bytes32 proofHash;
+        uint256 registeredAt;
+        bool active;
+    }
+
+    mapping(address => RegisteredAgent) public registeredAgents;
+    address[] public agentRegistry;
 
     modifier onlyOwner() {
         require(msg.sender == owner, "Not owner");
@@ -250,4 +271,46 @@ contract OPMRegistry {
         if (a.reputationCount == 0) return 0;
         return a.reputationTotal / a.reputationCount;
     }
+
+    function registerAgent(
+        string calldata name,
+        string calldata model,
+        bytes32 systemPromptHash,
+        bytes32 proofHash
+    ) external {
+        require(!authorizedAgents[msg.sender], "Agent already authorized");
+        require(registeredAgents[msg.sender].agentAddress == address(0), "Agent already registered");
+        require(proofHash != bytes32(0), "Invalid proof");
+
+        registeredAgents[msg.sender] = RegisteredAgent({
+            agentAddress: msg.sender,
+            name: name,
+            model: model,
+            systemPromptHash: systemPromptHash,
+            proofHash: proofHash,
+            registeredAt: block.timestamp,
+            active: true
+        });
+
+        agentRegistry.push(msg.sender);
+        authorizedAgents[msg.sender] = true;
+
+        emit AgentRegistered(msg.sender, name, model, systemPromptHash, proofHash, block.timestamp);
+        emit AgentAuthorized(msg.sender, true);
+    }
+
+    function getRegisteredAgent(address agent) external view returns (RegisteredAgent memory) {
+        return registeredAgents[agent];
+    }
+
+    function getAgentCount() external view returns (uint256) {
+        return agentRegistry.length;
+    }
+
+    function revokeAgent(address agent) external onlyOwner {
+        require(registeredAgents[agent].active, "Agent not active");
+        registeredAgents[agent].active = false;
+        authorizedAgents[agent] = false;
+        emit AgentAuthorized(agent, false);
+    }
 }

package/packages/contracts/scripts/deploy.ts

@@ -6,6 +6,11 @@ async function main() {
 
   const OPMRegistry = await ethers.getContractFactory("OPMRegistry");
   const registry = await OPMRegistry.deploy();
+  const deployTx = registry.deploymentTransaction();
+  if (deployTx) {
+    console.log("Deploy tx:", deployTx.hash);
+    await deployTx.wait(2);
+  }
   await registry.waitForDeployment();
 
   const address = await registry.getAddress();
@@ -14,9 +19,23 @@ async function main() {
   const agentKey = process.env.AGENT_PRIVATE_KEY;
   if (agentKey) {
     const agentWallet = new ethers.Wallet(agentKey);
-    const tx = await registry.setAgent(agentWallet.address, true);
-    await tx.wait();
-    console.log("Authorized agent:", agentWallet.address);
+    console.log("Authorizing agent:", agentWallet.address);
+
+    for (let attempt = 0; attempt < 3; attempt++) {
+      try {
+        const tx = await registry.setAgent(agentWallet.address, true);
+        await tx.wait(2);
+        console.log("Authorized agent:", agentWallet.address);
+        break;
+      } catch (err: any) {
+        if (attempt < 2 && err?.message?.includes("nonce")) {
+          console.log(`Nonce conflict, retrying (${attempt + 1}/3)...`);
+          await new Promise((r) => setTimeout(r, 3000));
+        } else {
+          throw err;
+        }
+      }
+    }
   }
 
   console.log("\nAdd to .env:\nCONTRACT_ADDRESS=" + address);

package/packages/core/src/abi.ts

@@ -625,5 +625,226 @@ export const OPM_REGISTRY_ABI = [
     "outputs": [],
     "stateMutability": "nonpayable",
     "type": "function"
+  },
+  {
+    "anonymous": false,
+    "inputs": [
+      {
+        "indexed": true,
+        "internalType": "address",
+        "name": "agent",
+        "type": "address"
+      },
+      {
+        "indexed": false,
+        "internalType": "string",
+        "name": "name",
+        "type": "string"
+      },
+      {
+        "indexed": false,
+        "internalType": "string",
+        "name": "model",
+        "type": "string"
+      },
+      {
+        "indexed": false,
+        "internalType": "bytes32",
+        "name": "systemPromptHash",
+        "type": "bytes32"
+      },
+      {
+        "indexed": false,
+        "internalType": "bytes32",
+        "name": "proofHash",
+        "type": "bytes32"
+      },
+      {
+        "indexed": false,
+        "internalType": "uint256",
+        "name": "timestamp",
+        "type": "uint256"
+      }
+    ],
+    "name": "AgentRegistered",
+    "type": "event"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "string",
+        "name": "name",
+        "type": "string"
+      },
+      {
+        "internalType": "string",
+        "name": "model",
+        "type": "string"
+      },
+      {
+        "internalType": "bytes32",
+        "name": "systemPromptHash",
+        "type": "bytes32"
+      },
+      {
+        "internalType": "bytes32",
+        "name": "proofHash",
+        "type": "bytes32"
+      }
+    ],
+    "name": "registerAgent",
+    "outputs": [],
+    "stateMutability": "nonpayable",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "address",
+        "name": "agent",
+        "type": "address"
+      }
+    ],
+    "name": "getRegisteredAgent",
+    "outputs": [
+      {
+        "components": [
+          {
+            "internalType": "address",
+            "name": "agentAddress",
+            "type": "address"
+          },
+          {
+            "internalType": "string",
+            "name": "name",
+            "type": "string"
+          },
+          {
+            "internalType": "string",
+            "name": "model",
+            "type": "string"
+          },
+          {
+            "internalType": "bytes32",
+            "name": "systemPromptHash",
+            "type": "bytes32"
+          },
+          {
+            "internalType": "bytes32",
+            "name": "proofHash",
+            "type": "bytes32"
+          },
+          {
+            "internalType": "uint256",
+            "name": "registeredAt",
+            "type": "uint256"
+          },
+          {
+            "internalType": "bool",
+            "name": "active",
+            "type": "bool"
+          }
+        ],
+        "internalType": "struct OPMRegistry.RegisteredAgent",
+        "name": "",
+        "type": "tuple"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [],
+    "name": "getAgentCount",
+    "outputs": [
+      {
+        "internalType": "uint256",
+        "name": "",
+        "type": "uint256"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "address",
+        "name": "agent",
+        "type": "address"
+      }
+    ],
+    "name": "revokeAgent",
+    "outputs": [],
+    "stateMutability": "nonpayable",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "address",
+        "name": "",
+        "type": "address"
+      }
+    ],
+    "name": "registeredAgents",
+    "outputs": [
+      {
+        "internalType": "address",
+        "name": "agentAddress",
+        "type": "address"
+      },
+      {
+        "internalType": "string",
+        "name": "name",
+        "type": "string"
+      },
+      {
+        "internalType": "string",
+        "name": "model",
+        "type": "string"
+      },
+      {
+        "internalType": "bytes32",
+        "name": "systemPromptHash",
+        "type": "bytes32"
+      },
+      {
+        "internalType": "bytes32",
+        "name": "proofHash",
+        "type": "bytes32"
+      },
+      {
+        "internalType": "uint256",
+        "name": "registeredAt",
+        "type": "uint256"
+      },
+      {
+        "internalType": "bool",
+        "name": "active",
+        "type": "bool"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "uint256",
+        "name": "",
+        "type": "uint256"
+      }
+    ],
+    "name": "agentRegistry",
+    "outputs": [
+      {
+        "internalType": "address",
+        "name": "",
+        "type": "address"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
   }
 ] as const;