shadow-attest-core 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +141 -0
- package/anchors.js +1321 -0
- package/attestation-batch.js +230 -0
- package/attestation-chain.js +125 -0
- package/attestation.js +653 -0
- package/batch.js +2 -0
- package/chain.js +2 -0
- package/index.js +57 -0
- package/package.json +59 -0
- package/session.js +557 -0
- package/store-file.js +65 -0
- package/verify-chain.js +5 -0
package/README.md
ADDED
|
@@ -0,0 +1,141 @@
|
|
|
1
|
+
# shadow-attest-core
|
|
2
|
+
|
|
3
|
+
Zero-LLM-dep cryptographic evidence primitives for AI decision attestation and agent session recording.
|
|
4
|
+
|
|
5
|
+
**Status:** v2.0.0 — physical source lives here. Prior `lib/` paths are back-compat shims.
|
|
6
|
+
|
|
7
|
+
## What lives here
|
|
8
|
+
|
|
9
|
+
- Ed25519 (RFC 8032) + HMAC-SHA-256 signing
|
|
10
|
+
- Append-only signed-payload contract for per-decision attestation (frozen v2 schema at [`../../spec/attestation.schema.json`](../../spec/attestation.schema.json))
|
|
11
|
+
- Batch attestation with SHA-256 batch root — O(1) verification over N decisions
|
|
12
|
+
- Hash-chain primitives (`previous_hash` linking) with tamper detection
|
|
13
|
+
- **Streaming session API** (v3 M1.2, added 2026-07-10): `createSession` / `appendEvent` / `sealSession` / `verifyBundle` for evidence-bundle recording per [`../../spec/EVIDENCE_BUNDLE.md`](../../spec/EVIDENCE_BUNDLE.md)
|
|
14
|
+
|
|
15
|
+
## What does NOT live here
|
|
16
|
+
|
|
17
|
+
- Any LLM SDK (`@anthropic-ai/sdk`, `openai`, `@google/genai`, etc)
|
|
18
|
+
- Any HTTP handler
|
|
19
|
+
- Any Shadow domain logic (loan council, personas, prompts)
|
|
20
|
+
|
|
21
|
+
CI enforces the "zero LLM deps" invariant via [`test/attest-core-contract.test.js`](../../test/attest-core-contract.test.js) — the test walks the transitive import graph from this package's entry points and fails on any LLM SDK dependency.
|
|
22
|
+
|
|
23
|
+
## Install
|
|
24
|
+
|
|
25
|
+
```bash
|
|
26
|
+
npm install shadow-attest-core
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
Node.js `>= 20` (uses the built-in `node:crypto` Ed25519 API).
|
|
30
|
+
|
|
31
|
+
## Import surface
|
|
32
|
+
|
|
33
|
+
```js
|
|
34
|
+
// Per-decision attestation
|
|
35
|
+
import {
|
|
36
|
+
ATTESTATION_VERSION,
|
|
37
|
+
SIGNATURE_MODES,
|
|
38
|
+
buildAttestation,
|
|
39
|
+
verifyAttestation,
|
|
40
|
+
computeAttestationHash,
|
|
41
|
+
} from "shadow-attest-core";
|
|
42
|
+
|
|
43
|
+
// v3 M1.2 streaming session API
|
|
44
|
+
import {
|
|
45
|
+
EVENT_TYPES,
|
|
46
|
+
createSession,
|
|
47
|
+
appendEvent,
|
|
48
|
+
sealSession,
|
|
49
|
+
verifyBundle,
|
|
50
|
+
} from "shadow-attest-core";
|
|
51
|
+
|
|
52
|
+
// Optional sub-entries
|
|
53
|
+
import { computeBatchRootHash } from "shadow-attest-core/batch";
|
|
54
|
+
import { computeAttestationHash } from "shadow-attest-core/chain";
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
## Quickstart: per-decision attestation
|
|
58
|
+
|
|
59
|
+
```js
|
|
60
|
+
import { generateKeyPairSync } from "node:crypto";
|
|
61
|
+
import { buildAttestation, verifyAttestation } from "shadow-attest-core";
|
|
62
|
+
|
|
63
|
+
const { publicKey, privateKey } = generateKeyPairSync("ed25519");
|
|
64
|
+
|
|
65
|
+
const attestation = buildAttestation({
|
|
66
|
+
request: { loan_id: "abc-123", credit_score: 740 },
|
|
67
|
+
response: { verdict: "approve", voices: [/*...*/] },
|
|
68
|
+
modelId: "council/deterministic",
|
|
69
|
+
mode: "ed25519",
|
|
70
|
+
privateKey,
|
|
71
|
+
keyId: "prod-2026-Q3",
|
|
72
|
+
});
|
|
73
|
+
|
|
74
|
+
const result = verifyAttestation(attestation,
|
|
75
|
+
{ loan_id: "abc-123", credit_score: 740 },
|
|
76
|
+
{ verdict: "approve", voices: [/*...*/] },
|
|
77
|
+
{ publicKey },
|
|
78
|
+
);
|
|
79
|
+
// result.ok === true
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
## Quickstart: streaming session (v3 evidence bundle)
|
|
83
|
+
|
|
84
|
+
```js
|
|
85
|
+
import { generateKeyPairSync } from "node:crypto";
|
|
86
|
+
import { createSession, appendEvent, sealSession, verifyBundle } from "shadow-attest-core";
|
|
87
|
+
|
|
88
|
+
const { publicKey, privateKey } = generateKeyPairSync("ed25519");
|
|
89
|
+
|
|
90
|
+
const session = createSession({
|
|
91
|
+
agent: { name: "claude-code", version: "1.2.3" },
|
|
92
|
+
models: [{ model_id: "anthropic:claude-sonnet-4-6", provider: "anthropic" }],
|
|
93
|
+
environmentFingerprint: { os: "darwin-25.3.0", node_version: process.version },
|
|
94
|
+
keyId: "prod-2026-Q3",
|
|
95
|
+
privateKey,
|
|
96
|
+
});
|
|
97
|
+
|
|
98
|
+
appendEvent(session, {
|
|
99
|
+
event_type: "user_message",
|
|
100
|
+
actor: "user",
|
|
101
|
+
payload: { text: "Refactor the auth module." },
|
|
102
|
+
});
|
|
103
|
+
|
|
104
|
+
appendEvent(session, {
|
|
105
|
+
event_type: "tool_call",
|
|
106
|
+
actor: "agent",
|
|
107
|
+
payload: { tool: "grep", args: { pattern: "auth" } },
|
|
108
|
+
});
|
|
109
|
+
|
|
110
|
+
// ... many more ...
|
|
111
|
+
|
|
112
|
+
const bundle = sealSession(session);
|
|
113
|
+
// Ship `bundle` to your evidence store, or hand it to an auditor.
|
|
114
|
+
|
|
115
|
+
const result = verifyBundle(bundle, { publicKey });
|
|
116
|
+
// result.ok === true if the chain is intact and the signature verifies.
|
|
117
|
+
```
|
|
118
|
+
|
|
119
|
+
## Verification acceptance
|
|
120
|
+
|
|
121
|
+
- 10,000-event synthetic session end-to-end (append + seal + verify) completes in **~69ms on an M-series MacBook** — 72× under the SHADOW_V3_BRIEF acceptance target of 5s. See [`../../test/session-perf-10k.test.js`](../../test/session-perf-10k.test.js).
|
|
122
|
+
- Mid-chain tampering (mutated `payload_hash`, event reorder, or event deletion) is detected with the exact `failedSeq` reported.
|
|
123
|
+
- GDPR erasure pattern (null `payload_ref`, keep `payload_hash`) preserves chain integrity — see redaction section of [`../../spec/EVIDENCE_BUNDLE.md`](../../spec/EVIDENCE_BUNDLE.md).
|
|
124
|
+
|
|
125
|
+
## Zero telemetry
|
|
126
|
+
|
|
127
|
+
This package does not phone home. There are no analytics, no crash reports, no update pings. Verify by grepping the source: no outbound HTTP anywhere.
|
|
128
|
+
|
|
129
|
+
## Standards alignment
|
|
130
|
+
|
|
131
|
+
- **Ed25519 signature scheme:** RFC 8032 EdDSA with Curve25519.
|
|
132
|
+
- **NIST FIPS 186-5** (2023) approves Ed25519 for federal use.
|
|
133
|
+
- **NIST SP 800-57 Part 1 §5.2** for key rotation cadence (rotate at least yearly).
|
|
134
|
+
- **EU AI Act Article 12(2)** record-keeping obligations — the evidence-bundle format maps event types to Article 12(2)(a/b/c) purposes; see [`../../spec/EVIDENCE_BUNDLE.md`](../../spec/EVIDENCE_BUNDLE.md#article-12-mapping).
|
|
135
|
+
- **OpenTelemetry GenAI semantic conventions** — a documented mapping table shows how OTel spans translate into evidence events.
|
|
136
|
+
|
|
137
|
+
Shadow does not claim any regulation is satisfied. The record has cryptographic integrity properties auditors can independently verify. The determination of evidentiary value is a legal one.
|
|
138
|
+
|
|
139
|
+
## License
|
|
140
|
+
|
|
141
|
+
MIT.
|