percolation-inversion-compiler-ts 0.4.4

package/dist/agent/messages.js

@@ -0,0 +1,457 @@
+// src/agent/messages.ts
+import { createHash } from "crypto";
+import { existsSync as existsSync3, mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "fs";
+import { dirname as dirname2 } from "path";
+
+// src/core/json.ts
+function sortJson(value) {
+  if (Array.isArray(value)) {
+    return value.map((item) => sortJson(item));
+  }
+  if (value && typeof value === "object") {
+    const input = value;
+    const output = {};
+    for (const key of Object.keys(input).sort()) {
+      const child = input[key];
+      if (child !== void 0) {
+        output[key] = sortJson(child);
+      }
+    }
+    return output;
+  }
+  return value;
+}
+function stableStringify(value) {
+  return `${JSON.stringify(sortJson(value), null, 2)}
+`;
+}
+function parseJsonObject(text, label = "JSON") {
+  const parsed = JSON.parse(text);
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    throw new Error(`${label} must be a JSON object`);
+  }
+  return parsed;
+}
+
+// src/core/ledger.ts
+function emptyLedger() {
+  return { coordinates: {} };
+}
+function residualLedger(name, value = 1, description) {
+  return {
+    coordinates: {
+      [name]: {
+        name,
+        value,
+        unit: "dimensionless",
+        kind: "residual",
+        description: description ?? null,
+        evidence_status: "declared",
+        evidence_refs: [],
+        known: true
+      }
+    }
+  };
+}
+
+// src/io/schema.ts
+import {
+  cpSync,
+  existsSync as existsSync2,
+  mkdirSync,
+  readdirSync,
+  readFileSync,
+  writeFileSync
+} from "fs";
+import { basename, join as join2 } from "path";
+import Ajv2020Module from "ajv/dist/2020.js";
+
+// src/io/paths.ts
+import { existsSync } from "fs";
+import { dirname, join, resolve } from "path";
+import { fileURLToPath } from "url";
+function packageRoot() {
+  let current = dirname(fileURLToPath(import.meta.url));
+  for (let i = 0; i < 8; i += 1) {
+    if (existsSync(join(current, "package.json")) && existsSync(join(current, "schemas"))) {
+      return current;
+    }
+    const next = dirname(current);
+    if (next === current) {
+      break;
+    }
+    current = next;
+  }
+  return resolve(dirname(fileURLToPath(import.meta.url)), "../..");
+}
+function schemaDir() {
+  return join(packageRoot(), "schemas");
+}
+
+// src/io/schema.ts
+var PUBLIC_SCHEMA_NAME = /^[A-Za-z][A-Za-z0-9]*$/;
+function assertSchemaTypeName(typeName) {
+  if (!PUBLIC_SCHEMA_NAME.test(typeName)) {
+    throw new Error(`unknown schema type ${JSON.stringify(typeName)}`);
+  }
+}
+function schemaPath(typeName) {
+  assertSchemaTypeName(typeName);
+  return join2(schemaDir(), `${typeName}.schema.json`);
+}
+function schemaByType(typeName = "Registry") {
+  const path = schemaPath(typeName);
+  if (!existsSync2(path)) {
+    throw new Error(`unknown schema type ${JSON.stringify(typeName)}`);
+  }
+  return parseJsonObject(readFileSync(path, "utf8"), `${typeName} schema`);
+}
+function validateData(data, schema) {
+  const Ajv2020 = Ajv2020Module;
+  const ajv = new Ajv2020({ allErrors: true, strict: false });
+  const validate = ajv.compile(schema);
+  const valid = Boolean(validate(data));
+  return {
+    valid,
+    errors: valid ? [] : (validate.errors ?? []).map(
+      (error) => `${error.instancePath || "/"} ${error.message ?? "is invalid"}`
+    )
+  };
+}
+function validateByType(data, typeName) {
+  return validateData(data, schemaByType(typeName));
+}
+
+// src/io/identity.ts
+function nonEmptyStringArray(value) {
+  return Array.isArray(value) && value.some((item) => typeof item === "string" && item.length > 0);
+}
+function runtimeIdentityContextAccepted(data) {
+  return validateByType(data, "RuntimeIdentityContext").valid && data.accepted === true && nonEmptyStringArray(data.accepted_agent_ids) && nonEmptyStringArray(data.accepted_public_key_ids);
+}
+
+// src/agent/messages.ts
+function sha256(text) {
+  return createHash("sha256").update(text, "utf8").digest("hex");
+}
+function sortedUnique(values) {
+  return [
+    ...new Set(values.filter((value) => Boolean(value)))
+  ].sort();
+}
+function acceptedIdentityContext(path) {
+  if (!path || !existsSync3(path)) {
+    return false;
+  }
+  try {
+    const data = parseJsonObject(
+      readFileSync2(path, "utf8"),
+      "identity context"
+    );
+    return runtimeIdentityContextAccepted(data);
+  } catch {
+    return false;
+  }
+}
+function createAgentMessage(options) {
+  const digest = sha256(options.text);
+  return {
+    audience: [],
+    content: options.text,
+    content_sha256: digest,
+    declared_packet_kind: "capability-packet-candidate",
+    declared_receiver_family: ["agent", "verifier"],
+    declared_routes: [],
+    declared_validity_domain: "protocol-relative-finite",
+    evidence_refs: [],
+    expires_at: null,
+    issued_at: null,
+    issuer_attestation_id: null,
+    issuer_public_key_id: null,
+    message_id: `agent-message:${digest.slice(0, 12)}`,
+    metadata: {},
+    nonce: options.nonce ?? null,
+    protocol_version: "pic-agent-message-v1",
+    receiver_agent_id: options.receiver ?? null,
+    reply_to: null,
+    route_request_refs: [],
+    sender_agent_id: options.sender,
+    signature_ref: null,
+    tags: ["agent-message"],
+    thread_id: null
+  };
+}
+function readAgentMessage(path) {
+  const message = parseJsonObject(readFileSync2(path, "utf8"), "agent message");
+  const validation = validateByType(message, "AgentMessageEnvelope");
+  if (!validation.valid) {
+    throw new Error(
+      `agent message schema-invalid: ${validation.errors.join("; ")}`
+    );
+  }
+  return message;
+}
+function agentMessageContract(message) {
+  const content = String(message.content ?? "");
+  const digestValid = sha256(content) === message.content_sha256;
+  const declaredReceiverFamily = Array.isArray(message.declared_receiver_family) ? message.declared_receiver_family.map(String) : [];
+  const evidenceRefs = Array.isArray(message.evidence_refs) ? message.evidence_refs.map(String) : [];
+  const routeRefs = Array.isArray(message.route_request_refs) ? message.route_request_refs.map(String) : [];
+  const reasons = digestValid ? [] : ["message content digest mismatch"];
+  return {
+    accepted: digestValid,
+    candidate_only: true,
+    declared_packet_kind: message.declared_packet_kind ?? "capability-packet-candidate",
+    declared_receiver_family: declaredReceiverFamily,
+    declared_validity_domain: message.declared_validity_domain ?? "protocol-relative-finite",
+    evidence_refs: evidenceRefs,
+    message_contract_valid: digestValid,
+    message_id: message.message_id ?? null,
+    protocol_version: message.protocol_version ?? "pic-agent-message-v1",
+    reasons,
+    receiver_agent_id: message.receiver_agent_id ?? null,
+    report_id: `agent-message-contract:${sha256(stableStringify(message)).slice(0, 12)}`,
+    residual_ledger: digestValid ? emptyLedger() : residualLedger(
+      `agent-message:${String(message.message_id ?? "unknown")}:digest-mismatch`,
+      1,
+      "message content digest mismatch"
+    ),
+    route_request_refs: routeRefs,
+    sender_agent_id: message.sender_agent_id ?? null,
+    settled: false
+  };
+}
+function verifyAgentMessage(message, options = {}) {
+  const profile = options.profile ?? "development";
+  const contract = agentMessageContract(message);
+  const content = String(message.content ?? "");
+  const digest = String(message.content_sha256 ?? sha256(content));
+  const nonce = typeof message.nonce === "string" ? message.nonce : null;
+  const replayDetected = Boolean(nonce && options.seenNonces?.includes(nonce));
+  const signaturePresent = Boolean(
+    message.signature_ref && message.issuer_public_key_id && message.issuer_attestation_id
+  );
+  const signatureRequired = ["production", "adversarial"].includes(
+    profile.toLowerCase()
+  );
+  const identityRequired = signatureRequired;
+  const identityAccepted = acceptedIdentityContext(options.identityContextPath);
+  const reasons = [
+    ...contract.reasons ?? []
+  ];
+  const identityReasons = [];
+  if (replayDetected) {
+    reasons.push("message replay nonce was already seen");
+  }
+  if (signatureRequired && !signaturePresent) {
+    reasons.push("signed agent message required by profile");
+  }
+  if (identityRequired && !identityAccepted) {
+    identityReasons.push("accepted identity context required by profile");
+  }
+  reasons.push(...identityReasons);
+  const accepted = contract.accepted === true && reasons.length === 0;
+  const packetId = `packet:agent-message:${String(message.message_id ?? "unknown")}`;
+  const packets = contract.accepted === true ? [
+    {
+      authority_granted: false,
+      authority_requested: false,
+      authority_required: false,
+      claim: content,
+      content_sha256: digest,
+      dependencies: [],
+      evidence_hash_valid: true,
+      evidence_refs: sortedUnique([
+        ...Array.isArray(message.evidence_refs) ? message.evidence_refs.map(String) : [],
+        `sha256:${digest}`,
+        `agent-message:${String(message.message_id ?? "unknown")}`
+      ]),
+      expected_downstream_gain: 125e-5,
+      expires_at: null,
+      freshness: 1,
+      hazard_charge: 0,
+      identity_contribution_status: "provisional",
+      issuer_agent_id: message.sender_agent_id ?? null,
+      issuer_attestation_id: message.issuer_attestation_id ?? null,
+      issuer_public_key_id: message.issuer_public_key_id ?? null,
+      issuer_signature_ref: message.signature_ref ?? null,
+      packet_id: packetId,
+      receiver_family: Array.isArray(message.declared_receiver_family) ? message.declared_receiver_family.map(String) : ["agent", "verifier"],
+      residual_charge: 0,
+      reuse_context: "general",
+      rollback_available: true,
+      route_safe: true,
+      salience_class: "packet",
+      source_kind: "agent-message",
+      source_ref: String(message.message_id ?? "unknown"),
+      status: "provisional",
+      tags: sortedUnique([
+        ...Array.isArray(message.tags) ? message.tags.map(String) : [],
+        "agent-message",
+        "external-candidate",
+        "general"
+      ]),
+      verification_cost: 5e-3,
+      verifier_routes: Array.isArray(message.declared_routes) ? message.declared_routes.map(String) : []
+    }
+  ] : [];
+  return {
+    accepted,
+    candidate_packet_ids: packets.map((packet) => packet.packet_id),
+    consumed_nonces: accepted && nonce ? [nonce] : [],
+    identity_reasons: sortedUnique(identityReasons),
+    identity_status: identityAccepted ? "verified" : identityRequired ? "required" : "not-required",
+    identity_verified: identityAccepted,
+    message_contract_valid: contract.accepted === true,
+    message_id: message.message_id ?? null,
+    next_safe_commands: [
+      "uv run pic agent message contract --message <message.json>",
+      "uv run pic ecology bridge-runtime --report <general-intake-report.json>"
+    ],
+    nonce_ledger: {
+      accepted,
+      consumed_nonces: accepted && nonce ? [nonce] : [],
+      ledger_id: "agent-message-nonce-ledger",
+      reasons: sortedUnique(reasons),
+      rejected_message_ids: accepted ? [] : [String(message.message_id ?? "unknown")],
+      replayed_nonces: replayDetected && nonce ? [nonce] : []
+    },
+    nonce_status: replayDetected ? "replayed" : nonce && accepted ? "consumed" : "not-provided",
+    packets,
+    quarantine_recommended: reasons.length > 0,
+    reasons: sortedUnique(reasons),
+    replay_detected: replayDetected,
+    report_id: `agent-message-check:${String(message.message_id ?? "unknown")}`,
+    residual_ledger: reasons.length === 0 ? emptyLedger() : residualLedger(
+      `agent-message:${String(message.message_id ?? "unknown")}:verification-residual`,
+      reasons.length,
+      "agent message verification residual"
+    ),
+    sender_agent_id: message.sender_agent_id ?? null,
+    settled: false,
+    signature_present: signaturePresent,
+    signature_required: signatureRequired
+  };
+}
+function initAgentInbox(path, inboxId = "agent-inbox") {
+  const record = {
+    inbox_id: inboxId,
+    messages: [],
+    peers: [],
+    seen_nonces: []
+  };
+  mkdirSync2(dirname2(path), { recursive: true });
+  writeFileSync2(path, stableStringify(record), "utf8");
+  return record;
+}
+function readAgentInbox(path) {
+  const text = readFileSync2(path, "utf8").trim();
+  if (text.includes("\n") && !text.startsWith("{")) {
+    return {
+      inbox_id: "agent-inbox",
+      messages: text.split(/\r?\n/).filter(Boolean).map((line) => parseJsonObject(line, "agent inbox line")),
+      peers: [],
+      seen_nonces: []
+    };
+  }
+  const inbox = parseJsonObject(text, "agent inbox");
+  const validation = validateByType(inbox, "AgentInboxRecord");
+  if (!validation.valid) {
+    throw new Error(
+      `agent inbox schema-invalid: ${validation.errors.join("; ")}`
+    );
+  }
+  return inbox;
+}
+function writeAgentInbox(path, inbox) {
+  mkdirSync2(dirname2(path), { recursive: true });
+  writeFileSync2(path, stableStringify(inbox), "utf8");
+}
+function appendAgentMessage(inboxPath, message) {
+  const inbox = existsSync3(inboxPath) ? readAgentInbox(inboxPath) : { inbox_id: "agent-inbox", messages: [], peers: [], seen_nonces: [] };
+  const messages = Array.isArray(inbox.messages) ? inbox.messages : [];
+  const updated = {
+    ...inbox,
+    messages: [...messages, message]
+  };
+  writeAgentInbox(inboxPath, updated);
+  return updated;
+}
+function deliveryReport(action, inboxRef, inbox, reports, profile = "development") {
+  const accepted = reports.every((report) => report.accepted === true);
+  const delivered = accepted ? reports.map((report) => String(report.message_id ?? "unknown")) : [];
+  const rejected = accepted ? [] : reports.map((report) => String(report.message_id ?? "unknown"));
+  const consumed = sortedUnique(
+    reports.flatMap(
+      (report) => Array.isArray(report.consumed_nonces) ? report.consumed_nonces.map(String) : []
+    )
+  );
+  const reasons = sortedUnique(
+    reports.flatMap(
+      (report) => Array.isArray(report.reasons) ? report.reasons.map(String) : []
+    )
+  );
+  return {
+    accepted,
+    action,
+    candidate_only: true,
+    candidate_packet_ids: sortedUnique(
+      reports.flatMap(
+        (report) => Array.isArray(report.candidate_packet_ids) ? report.candidate_packet_ids.map(String) : []
+      )
+    ),
+    delivered_message_ids: delivered,
+    exchange_reports: reports,
+    identity_context_accepted: false,
+    inbox_id: inbox.inbox_id ?? "agent-inbox",
+    inbox_ref: inboxRef,
+    message_ids: reports.map(
+      (report) => String(report.message_id ?? "unknown")
+    ),
+    next_safe_commands: [
+      "uv run pic agent inbox verify --inbox <inbox.json>",
+      "uv run pic ecology bridge-runtime --report <general-intake-report.json>"
+    ],
+    nonce_ledger: {
+      accepted,
+      consumed_nonces: consumed,
+      ledger_id: "agent-message-nonce-ledger",
+      reasons,
+      rejected_message_ids: rejected,
+      replayed_nonces: []
+    },
+    operationally_usable: accepted,
+    profile,
+    reasons,
+    rejected_message_ids: rejected,
+    report_id: `agent-message-delivery:${action}:${String(inbox.inbox_id ?? "agent-inbox")}`,
+    settled: false
+  };
+}
+function receiveAgentInbox(inboxPath, options = {}) {
+  const inbox = readAgentInbox(inboxPath);
+  const seen = Array.isArray(inbox.seen_nonces) ? inbox.seen_nonces.map(String) : [];
+  const messages = Array.isArray(inbox.messages) ? inbox.messages : [];
+  const reports = messages.map(
+    (message) => verifyAgentMessage(message, { ...options, seenNonces: seen })
+  );
+  return deliveryReport(
+    "receive",
+    inboxPath,
+    inbox,
+    reports,
+    options.profile ?? "development"
+  );
+}
+export {
+  agentMessageContract,
+  appendAgentMessage,
+  createAgentMessage,
+  deliveryReport,
+  initAgentInbox,
+  readAgentInbox,
+  readAgentMessage,
+  receiveAgentInbox,
+  verifyAgentMessage,
+  writeAgentInbox
+};

package/dist/cli/main.d.ts

@@ -0,0 +1 @@
+#!/usr/bin/env node