npm - soulprint-core - Versions diffs - 0.1.4 → 0.1.5 - Mend

soulprint-core 0.1.4 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/anti-farming.d.ts ADDED Viewed

@@ -0,0 +1,77 @@
+/**
+ * Soulprint Anti-Farming Module
+ *
+ * Detecta y penaliza intentos de farmeo de puntos de reputación.
+ *
+ * REGLAS INAMOVIBLES (definidas en PROTOCOL):
+ *  - Un DID solo puede ganar MAX +1 punto por día en total (todos los validadores)
+ *  - Velocidad máxima: +2 puntos en 7 días vía attestations positivas
+ *  - Sesiones deben durar al menos MIN_SESSION_SECONDS para ser elegibles a reward
+ *  - Patrones regulares (robot-like) → detectados como farming → -1
+ *  - Nuevos DIDs (< PROBATION_DAYS) ganan 0 hasta acumular 2 attestations válidas
+ */
+import { BotAttestation } from "./index.js";
+export declare const FARMING_RULES: Readonly<{
+    /** Max puntos que un DID puede ganar en 24h via attestations positivas */
+    MAX_GAIN_PER_DAY: 1;
+    /** Max puntos acumulados en 7 días */
+    MAX_GAIN_PER_WEEK: 2;
+    /** Segundos mínimos que debe durar una sesión para ser elegible a reward */
+    MIN_SESSION_SECONDS: 30;
+    /** Días de probación para DIDs nuevos (cuentan 0 hasta 2 attestations) */
+    PROBATION_DAYS: 7;
+    /** Max attestations positivas de un MISMO servicio a un DID en 24h */
+    MAX_SAME_ISSUER_PER_DAY: 1;
+    /** Entropía mínima del patrón de tools para no ser detectado como farming
+     *  (número mínimo de tools distintos reales para reward) */
+    MIN_TOOL_ENTROPY: 4;
+    /** Tiempo mínimo entre dos calls a la misma tool (ms) para que no sea robot */
+    MIN_TOOL_INTERVAL_MS: 2000;
+    /** Si se detecta farming → emitir -1 automático en lugar de +1 */
+    FARMING_PENALTY: -1;
+}>;
+export interface SessionEvent {
+    tool: string;
+    timestamp: number;
+}
+export interface SessionContext {
+    did: string;
+    startTime: number;
+    events: SessionEvent[];
+    issuerDid: string;
+}
+export interface FarmingCheckResult {
+    isFarming: boolean;
+    reason?: string;
+    penalty: -1 | 0;
+    details?: Record<string, any>;
+}
+export interface DIDAuditEntry {
+    dailyGain: number;
+    weeklyGain: number;
+    dayStart: number;
+    weekStart: number;
+    firstSeen: number;
+    attestCount: number;
+    farmingStrikes: number;
+}
+export declare function getOrCreateAudit(did: string): DIDAuditEntry;
+export declare function loadAuditStore(data: Record<string, DIDAuditEntry>): void;
+export declare function exportAuditStore(): Record<string, DIDAuditEntry>;
+/**
+ * Analiza una sesión ANTES de emitir la attestation.
+ * Si detecta farming, retorna isFarming=true con razón específica.
+ *
+ * El validator debe llamar esta función ANTES de applyAttestation().
+ * Si isFarming=true, emitir -1 en lugar de +1.
+ */
+export declare function checkFarming(session: SessionContext, existingAtts: BotAttestation[]): FarmingCheckResult;
+/**
+ * Registra una attestation positiva aprobada en el audit store.
+ * Llamar DESPUÉS de confirmar que no es farming y aplicar el +1.
+ */
+export declare function recordApprovedGain(did: string): void;
+/**
+ * Registra un strike de farming en el audit store.
+ */
+export declare function recordFarmingStrike(did: string): void;

package/dist/anti-farming.js ADDED Viewed

@@ -0,0 +1,192 @@
+"use strict";
+/**
+ * Soulprint Anti-Farming Module
+ *
+ * Detecta y penaliza intentos de farmeo de puntos de reputación.
+ *
+ * REGLAS INAMOVIBLES (definidas en PROTOCOL):
+ *  - Un DID solo puede ganar MAX +1 punto por día en total (todos los validadores)
+ *  - Velocidad máxima: +2 puntos en 7 días vía attestations positivas
+ *  - Sesiones deben durar al menos MIN_SESSION_SECONDS para ser elegibles a reward
+ *  - Patrones regulares (robot-like) → detectados como farming → -1
+ *  - Nuevos DIDs (< PROBATION_DAYS) ganan 0 hasta acumular 2 attestations válidas
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FARMING_RULES = void 0;
+exports.getOrCreateAudit = getOrCreateAudit;
+exports.loadAuditStore = loadAuditStore;
+exports.exportAuditStore = exportAuditStore;
+exports.checkFarming = checkFarming;
+exports.recordApprovedGain = recordApprovedGain;
+exports.recordFarmingStrike = recordFarmingStrike;
+// ── Anti-farming constants (parte del PROTOCOL) ──────────────────────────────
+exports.FARMING_RULES = Object.freeze({
+    /** Max puntos que un DID puede ganar en 24h via attestations positivas */
+    MAX_GAIN_PER_DAY: 1,
+    /** Max puntos acumulados en 7 días */
+    MAX_GAIN_PER_WEEK: 2,
+    /** Segundos mínimos que debe durar una sesión para ser elegible a reward */
+    MIN_SESSION_SECONDS: 30,
+    /** Días de probación para DIDs nuevos (cuentan 0 hasta 2 attestations) */
+    PROBATION_DAYS: 7,
+    /** Max attestations positivas de un MISMO servicio a un DID en 24h */
+    MAX_SAME_ISSUER_PER_DAY: 1,
+    /** Entropía mínima del patrón de tools para no ser detectado como farming
+     *  (número mínimo de tools distintos reales para reward) */
+    MIN_TOOL_ENTROPY: 4,
+    /** Tiempo mínimo entre dos calls a la misma tool (ms) para que no sea robot */
+    MIN_TOOL_INTERVAL_MS: 2000,
+    /** Si se detecta farming → emitir -1 automático en lugar de +1 */
+    FARMING_PENALTY: -1,
+});
+// ── In-memory audit store (el validator lo persiste en disco) ────────────────
+const auditStore = new Map();
+function getOrCreateAudit(did) {
+    if (!auditStore.has(did)) {
+        const now = Date.now();
+        auditStore.set(did, {
+            dailyGain: 0,
+            weeklyGain: 0,
+            dayStart: startOfDay(now),
+            weekStart: startOfWeek(now),
+            firstSeen: now,
+            attestCount: 0,
+            farmingStrikes: 0,
+        });
+    }
+    return auditStore.get(did);
+}
+function loadAuditStore(data) {
+    for (const [did, entry] of Object.entries(data)) {
+        auditStore.set(did, entry);
+    }
+}
+function exportAuditStore() {
+    return Object.fromEntries(auditStore.entries());
+}
+// ── Core farming detection ────────────────────────────────────────────────────
+/**
+ * Analiza una sesión ANTES de emitir la attestation.
+ * Si detecta farming, retorna isFarming=true con razón específica.
+ *
+ * El validator debe llamar esta función ANTES de applyAttestation().
+ * Si isFarming=true, emitir -1 en lugar de +1.
+ */
+function checkFarming(session, existingAtts) {
+    const now = Date.now();
+    const audit = getOrCreateAudit(session.did);
+    resetDailyIfNeeded(audit, now);
+    // ── Regla 1: Sesión demasiado corta ──────────────────────────────────────
+    const sessionDuration = (now - session.startTime) / 1000;
+    if (sessionDuration < exports.FARMING_RULES.MIN_SESSION_SECONDS) {
+        return farming(`Session too short: ${sessionDuration.toFixed(1)}s < ${exports.FARMING_RULES.MIN_SESSION_SECONDS}s`, audit);
+    }
+    // ── Regla 2: Velocidad diaria excedida ───────────────────────────────────
+    if (audit.dailyGain >= exports.FARMING_RULES.MAX_GAIN_PER_DAY) {
+        return farming(`Daily gain cap reached: +${audit.dailyGain} today (max ${exports.FARMING_RULES.MAX_GAIN_PER_DAY})`, audit);
+    }
+    // ── Regla 3: Velocidad semanal excedida ──────────────────────────────────
+    if (audit.weeklyGain >= exports.FARMING_RULES.MAX_GAIN_PER_WEEK) {
+        return farming(`Weekly gain cap reached: +${audit.weeklyGain} this week (max ${exports.FARMING_RULES.MAX_GAIN_PER_WEEK})`, audit);
+    }
+    // ── Regla 4: Mismo emisor ya attestó hoy ─────────────────────────────────
+    const todayStart = startOfDay(now);
+    const sameIssuerToday = existingAtts.filter(a => a.issuer_did === session.issuerDid &&
+        a.value === 1 &&
+        a.timestamp * 1000 >= todayStart).length;
+    if (sameIssuerToday >= exports.FARMING_RULES.MAX_SAME_ISSUER_PER_DAY) {
+        return farming(`Same issuer already attested today: ${session.issuerDid.slice(0, 20)}... (max ${exports.FARMING_RULES.MAX_SAME_ISSUER_PER_DAY}/day)`, audit);
+    }
+    // ── Regla 5: Entropía de herramientas insuficiente ───────────────────────
+    const uniqueTools = new Set(session.events.map(e => e.tool));
+    if (uniqueTools.size < exports.FARMING_RULES.MIN_TOOL_ENTROPY) {
+        return farming(`Tool entropy too low: ${uniqueTools.size} distinct tools (min ${exports.FARMING_RULES.MIN_TOOL_ENTROPY})`, audit);
+    }
+    // ── Regla 6: Patrón robótico (intervalos demasiado regulares) ────────────
+    if (isRoboticPattern(session.events)) {
+        return farming("Robotic call pattern detected (regular intervals suggest automation)", audit);
+    }
+    // ── Regla 7: DID en probación con menos de 2 attestations ───────────────
+    const daysOld = (now - audit.firstSeen) / (1000 * 60 * 60 * 24);
+    if (daysOld < exports.FARMING_RULES.PROBATION_DAYS && audit.attestCount < 2) {
+        return farming(`DID in probation: ${daysOld.toFixed(1)} days old, ${audit.attestCount} attestations (need 2+ to earn points in first 7 days)`, audit);
+    }
+    // ── Sin farming detectado → OK ────────────────────────────────────────────
+    return { isFarming: false, penalty: 0 };
+}
+/**
+ * Registra una attestation positiva aprobada en el audit store.
+ * Llamar DESPUÉS de confirmar que no es farming y aplicar el +1.
+ */
+function recordApprovedGain(did) {
+    const audit = getOrCreateAudit(did);
+    resetDailyIfNeeded(audit, Date.now());
+    audit.dailyGain++;
+    audit.weeklyGain++;
+    audit.attestCount++;
+}
+/**
+ * Registra un strike de farming en el audit store.
+ */
+function recordFarmingStrike(did) {
+    const audit = getOrCreateAudit(did);
+    audit.farmingStrikes++;
+}
+// ── Helpers ───────────────────────────────────────────────────────────────────
+function farming(reason, audit) {
+    audit.farmingStrikes++;
+    return {
+        isFarming: true,
+        reason,
+        penalty: exports.FARMING_RULES.FARMING_PENALTY,
+        details: {
+            dailyGain: audit.dailyGain,
+            weeklyGain: audit.weeklyGain,
+            farmingStrikes: audit.farmingStrikes,
+        },
+    };
+}
+/**
+ * Detecta patrones robóticos: intervalos entre calls demasiado regulares.
+ * Un humano real varía sus tiempos; un bot suele tener intervals constantes.
+ */
+function isRoboticPattern(events) {
+    if (events.length < 4)
+        return false;
+    const intervals = [];
+    for (let i = 1; i < events.length; i++) {
+        intervals.push(events[i].timestamp - events[i - 1].timestamp);
+    }
+    // Si todos los intervalos son casi iguales (stddev < 10% de la media) → robótico
+    const mean = intervals.reduce((a, b) => a + b, 0) / intervals.length;
+    const stddev = Math.sqrt(intervals.reduce((sum, x) => sum + Math.pow(x - mean, 2), 0) / intervals.length);
+    // Adicionalmente: intervalos muy cortos (< MIN_TOOL_INTERVAL_MS) → farming
+    const tooFast = intervals.filter(i => i < exports.FARMING_RULES.MIN_TOOL_INTERVAL_MS).length;
+    if (tooFast > intervals.length * 0.5)
+        return true; // >50% calls muy rápidos
+    return mean > 0 && (stddev / mean) < 0.10; // coeficiente de variación < 10%
+}
+function resetDailyIfNeeded(audit, now) {
+    const todayStart = startOfDay(now);
+    if (audit.dayStart < todayStart) {
+        audit.dailyGain = 0;
+        audit.dayStart = todayStart;
+    }
+    const weekStart = startOfWeek(now);
+    if (audit.weekStart < weekStart) {
+        audit.weeklyGain = 0;
+        audit.weekStart = weekStart;
+    }
+}
+function startOfDay(ms) {
+    const d = new Date(ms);
+    d.setUTCHours(0, 0, 0, 0);
+    return d.getTime();
+}
+function startOfWeek(ms) {
+    const d = new Date(ms);
+    const day = d.getUTCDay();
+    d.setUTCDate(d.getUTCDate() - day);
+    d.setUTCHours(0, 0, 0, 0);
+    return d.getTime();
+}

package/dist/index.d.ts CHANGED Viewed

@@ -101,3 +101,5 @@ export declare function calculateScore(credentials: CredentialType[]): number;
 export declare function calculateTotalScore(credentials: CredentialType[], botRep?: BotReputation): number;
 export declare function calculateLevel(credentials: CredentialType[]): TrustLevel;
 export { PROTOCOL, isProtocolCompatible, clampMinScore, computeTotalScoreWithFloor, withRetry, } from "./protocol-constants.js";
+export { FARMING_RULES, checkFarming, recordApprovedGain, recordFarmingStrike, getOrCreateAudit, loadAuditStore, exportAuditStore, } from "./anti-farming.js";
+export type { SessionContext, FarmingCheckResult, DIDAuditEntry } from "./anti-farming.js";

package/dist/index.js CHANGED Viewed

@@ -3,7 +3,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.withRetry = exports.computeTotalScoreWithFloor = exports.clampMinScore = exports.isProtocolCompatible = exports.PROTOCOL = void 0;
+exports.exportAuditStore = exports.loadAuditStore = exports.getOrCreateAudit = exports.recordFarmingStrike = exports.recordApprovedGain = exports.checkFarming = exports.FARMING_RULES = exports.withRetry = exports.computeTotalScoreWithFloor = exports.clampMinScore = exports.isProtocolCompatible = exports.PROTOCOL = void 0;
 exports.generateKeypair = generateKeypair;
 exports.keypairFromPrivateKey = keypairFromPrivateKey;
 exports.deriveNullifier = deriveNullifier;
@@ -211,3 +211,12 @@ Object.defineProperty(exports, "isProtocolCompatible", { enumerable: true, get:
 Object.defineProperty(exports, "clampMinScore", { enumerable: true, get: function () { return protocol_constants_js_1.clampMinScore; } });
 Object.defineProperty(exports, "computeTotalScoreWithFloor", { enumerable: true, get: function () { return protocol_constants_js_1.computeTotalScoreWithFloor; } });
 Object.defineProperty(exports, "withRetry", { enumerable: true, get: function () { return protocol_constants_js_1.withRetry; } });
+// ── Anti-Farming (re-export) ──────────────────────────────────────────────────
+var anti_farming_js_1 = require("./anti-farming.js");
+Object.defineProperty(exports, "FARMING_RULES", { enumerable: true, get: function () { return anti_farming_js_1.FARMING_RULES; } });
+Object.defineProperty(exports, "checkFarming", { enumerable: true, get: function () { return anti_farming_js_1.checkFarming; } });
+Object.defineProperty(exports, "recordApprovedGain", { enumerable: true, get: function () { return anti_farming_js_1.recordApprovedGain; } });
+Object.defineProperty(exports, "recordFarmingStrike", { enumerable: true, get: function () { return anti_farming_js_1.recordFarmingStrike; } });
+Object.defineProperty(exports, "getOrCreateAudit", { enumerable: true, get: function () { return anti_farming_js_1.getOrCreateAudit; } });
+Object.defineProperty(exports, "loadAuditStore", { enumerable: true, get: function () { return anti_farming_js_1.loadAuditStore; } });
+Object.defineProperty(exports, "exportAuditStore", { enumerable: true, get: function () { return anti_farming_js_1.exportAuditStore; } });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "soulprint-core",
-  "version": "0.1.4",
+  "version": "0.1.5",
   "description": "Soulprint core — DID keypairs, SPT tokens, Ed25519 signatures, trust scoring",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",