soulprint-network 0.3.2 → 0.3.3

package/dist/blockchain/blockchain-client.d.ts

@@ -21,12 +21,35 @@
  *   SOULPRINT_REGISTRY_ADDR=0x...
  *   SOULPRINT_LEDGER_ADDR=0x...
  */
+export declare const ProposalState: {
+    readonly ACTIVE: 0;
+    readonly APPROVED: 1;
+    readonly EXECUTED: 2;
+    readonly REJECTED: 3;
+    readonly EXPIRED: 4;
+};
+export type ProposalStateType = typeof ProposalState[keyof typeof ProposalState];
+export interface GovernanceProposal {
+    id: number;
+    newHash: string;
+    rationale: string;
+    proposerDid: string;
+    proposerAddr: string;
+    createdAt: number;
+    approvedAt: number;
+    executedAt: number;
+    votesFor: number;
+    votesAgainst: number;
+    state: ProposalStateType;
+    stateName: string;
+}
 export interface BlockchainConfig {
     rpcUrl: string;
     privateKey: string;
     registryAddr: string;
     ledgerAddr: string;
     validatorRegAddr?: string;
+    governanceAddr?: string;
     protocolHash: string;
 }
 export interface OnChainReputation {
@@ -44,6 +67,7 @@ export declare class SoulprintBlockchainClient {
     private registry;
     private ledger;
     private validatorReg;
+    private governance;
     private connected;
     constructor(config: BlockchainConfig);
     /**
@@ -115,4 +139,56 @@ export declare class SoulprintBlockchainClient {
         did: string;
         compatible: boolean;
     }>>;
+    /**
+     * Retorna el hash actualmente aprobado por governance.
+     * Los nodos deben comparar esto con su PROTOCOL_HASH al arrancar.
+     */
+    getCurrentApprovedHash(): Promise<string | null>;
+    /**
+     * Verifica si el hash actual del nodo está aprobado por governance.
+     */
+    isHashApproved(hash: string): Promise<boolean>;
+    /**
+     * Propone un upgrade del PROTOCOL_HASH.
+     * Solo validadores con identidad verificada pueden proponer.
+     *
+     * @returns txHash + proposalId, o null si falla
+     */
+    proposeUpgrade(params: {
+        did: string;
+        newHash: string;
+        rationale: string;
+    }): Promise<{
+        txHash: string;
+        proposalId: number;
+    } | null>;
+    /**
+     * Vota en una propuesta de governance.
+     * @param approve true = a favor | false = en contra / veto
+     */
+    voteOnProposal(params: {
+        proposalId: number;
+        did: string;
+        approve: boolean;
+    }): Promise<string | null>;
+    /**
+     * Ejecuta una propuesta aprobada una vez que el timelock expiró.
+     */
+    executeProposal(proposalId: number): Promise<string | null>;
+    /**
+     * Retorna estado completo de una propuesta.
+     */
+    getProposal(proposalId: number): Promise<GovernanceProposal | null>;
+    /**
+     * Lista todas las propuestas activas o en timelock.
+     */
+    getActiveProposals(): Promise<GovernanceProposal[]>;
+    /**
+     * Historial de todos los hashes aprobados (auditoría).
+     */
+    getHashHistory(): Promise<string[]>;
+    /**
+     * Segundos restantes del timelock de una propuesta aprobada.
+     */
+    getTimelockRemaining(proposalId: number): Promise<number>;
 }

package/dist/blockchain/blockchain-client.js

@@ -22,7 +22,10 @@
  *   SOULPRINT_LEDGER_ADDR=0x...
  */
 import { existsSync, readFileSync } from "node:fs";
-import { join } from "node:path";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+// ESM-compatible __dirname
+const __dir = dirname(fileURLToPath(import.meta.url));
 // ── ABI mínimos para interactuar con los contratos ────────────────────────────
 // Solo las funciones que usa el nodo validador
 const REGISTRY_ABI = [
@@ -45,7 +48,43 @@ const VALIDATOR_REG_ABI = [
     "function heartbeat(string did, uint32 totalVerified) external",
     "function getActiveNodes() view returns (tuple(string url, string did, bytes32 protocolHash, uint64 registeredAt, uint64 lastSeen, uint32 totalVerified, bool active, bool compatible)[])",
     "function PROTOCOL_HASH() view returns (bytes32)",
+    "function compatibleNodes() view returns (uint256)",
 ];
+const GOVERNANCE_ABI = [
+    // State
+    "function currentApprovedHash() view returns (bytes32)",
+    "function totalProposals() view returns (uint256)",
+    "function APPROVAL_THRESHOLD_BPS() view returns (uint256)",
+    "function VETO_THRESHOLD_BPS() view returns (uint256)",
+    "function TIMELOCK_DELAY() view returns (uint64)",
+    "function MINIMUM_QUORUM() view returns (uint32)",
+    // Actions
+    "function proposeUpgrade(string did, bytes32 newHash, string rationale) external returns (uint256)",
+    "function voteOnProposal(uint256 proposalId, string did, bool approve) external",
+    "function executeProposal(uint256 proposalId) external",
+    // Views
+    "function getProposal(uint256 id) view returns (tuple(uint256 id, bytes32 newHash, string rationale, string proposerDid, address proposerAddr, uint64 createdAt, uint64 approvedAt, uint64 executedAt, uint32 votesFor, uint32 votesAgainst, uint8 state))",
+    "function getActiveProposals() view returns (tuple(uint256 id, bytes32 newHash, string rationale, string proposerDid, address proposerAddr, uint64 createdAt, uint64 approvedAt, uint64 executedAt, uint32 votesFor, uint32 votesAgainst, uint8 state)[])",
+    "function getHashHistory() view returns (bytes32[])",
+    "function isCurrentHashValid(bytes32 hash) view returns (bool)",
+    "function getApprovalPercentage(uint256 id) view returns (uint256 forPct, uint256 againstPct, uint32 activeNodes)",
+    "function timelockRemaining(uint256 id) view returns (uint64)",
+    // Events
+    "event ProposalCreated(uint256 indexed id, bytes32 newHash, string proposerDid, string rationale, uint64 expiresAt)",
+    "event VoteCast(uint256 indexed proposalId, string voterDid, bool approve, uint32 totalFor, uint32 totalAgainst)",
+    "event ProposalApproved(uint256 indexed id, bytes32 newHash, uint64 executeAfter)",
+    "event ProposalExecuted(uint256 indexed id, bytes32 oldHash, bytes32 newHash, uint64 timestamp)",
+    "event ProposalRejected(uint256 indexed id, string reason)",
+    "event EmergencyVeto(uint256 indexed id, uint32 vetoes, uint32 totalVoters)",
+];
+// ── ProposalState enum (mirror de Solidity) ───────────────────────────────────
+export const ProposalState = {
+    ACTIVE: 0,
+    APPROVED: 1,
+    EXECUTED: 2,
+    REJECTED: 3,
+    EXPIRED: 4,
+};
 // ── Load config from env + deployments ───────────────────────────────────────
 export function loadBlockchainConfig() {
     const rpcUrl = process.env.SOULPRINT_RPC_URL;
@@ -54,7 +93,7 @@ export function loadBlockchainConfig() {
     if (!rpcUrl || !privateKey)
         return null;
     // Buscar direcciones en deployments/
-    const deploymentsDir = join(__dirname, "..", "..", "blockchain", "deployments");
+    const deploymentsDir = join(__dir, "..", "..", "..", "blockchain", "deployments");
     const deployFile = join(deploymentsDir, `${network}.json`);
     if (!existsSync(deployFile)) {
         console.warn(`[blockchain] No deployment found for ${network}. Run: npx hardhat run scripts/deploy.ts --network ${network}`);
@@ -67,6 +106,7 @@ export function loadBlockchainConfig() {
         registryAddr: deployment.contracts.SoulprintRegistry,
         ledgerAddr: deployment.contracts.AttestationLedger,
         validatorRegAddr: deployment.contracts.ValidatorRegistry,
+        governanceAddr: deployment.contracts.GovernanceModule,
         protocolHash: deployment.protocolHash,
     };
 }
@@ -78,6 +118,7 @@ export class SoulprintBlockchainClient {
     registry = null;
     ledger = null;
     validatorReg = null;
+    governance = null;
     connected = false;
     constructor(config) {
         this.config = config;
@@ -100,6 +141,12 @@ export class SoulprintBlockchainClient {
             if (this.config.validatorRegAddr) {
                 this.validatorReg = new ethers.Contract(this.config.validatorRegAddr, VALIDATOR_REG_ABI, this.signer);
             }
+            if (this.config.governanceAddr) {
+                this.governance = new ethers.Contract(this.config.governanceAddr, GOVERNANCE_ABI, this.signer);
+                const govHash = await this.governance.currentApprovedHash();
+                console.log(`[blockchain]    Governance: ${this.config.governanceAddr}`);
+                console.log(`[blockchain]    Current approved hash: ${govHash.slice(0, 10)}...`);
+            }
             // Verificar que el contrato tiene el mismo PROTOCOL_HASH
             const onChainHash = await this.registry.PROTOCOL_HASH();
             if (onChainHash.toLowerCase() !== this.config.protocolHash.toLowerCase()) {
@@ -277,4 +324,177 @@ export class SoulprintBlockchainClient {
             return [];
         }
     }
+    // ── Governance ─────────────────────────────────────────────────────────────
+    /**
+     * Retorna el hash actualmente aprobado por governance.
+     * Los nodos deben comparar esto con su PROTOCOL_HASH al arrancar.
+     */
+    async getCurrentApprovedHash() {
+        if (!this.connected || !this.governance)
+            return null;
+        try {
+            return await this.governance.currentApprovedHash();
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Verifica si el hash actual del nodo está aprobado por governance.
+     */
+    async isHashApproved(hash) {
+        if (!this.connected || !this.governance)
+            return true; // fallback: asumir OK
+        try {
+            return await this.governance.isCurrentHashValid(hash);
+        }
+        catch {
+            return true;
+        }
+    }
+    /**
+     * Propone un upgrade del PROTOCOL_HASH.
+     * Solo validadores con identidad verificada pueden proponer.
+     *
+     * @returns txHash + proposalId, o null si falla
+     */
+    async proposeUpgrade(params) {
+        if (!this.connected || !this.governance)
+            return null;
+        try {
+            const tx = await this.governance.proposeUpgrade(params.did, params.newHash, params.rationale);
+            const receipt = await tx.wait();
+            // Extraer proposalId del evento ProposalCreated
+            const log = receipt.logs?.find((l) => l.fragment?.name === "ProposalCreated");
+            const proposalId = log ? Number(log.args[0]) : -1;
+            console.log(`[governance] ✅ Proposal #${proposalId} created | tx: ${receipt.hash}`);
+            return { txHash: receipt.hash, proposalId };
+        }
+        catch (err) {
+            console.error(`[governance] proposeUpgrade failed: ${err.message?.slice(0, 100)}`);
+            return null;
+        }
+    }
+    /**
+     * Vota en una propuesta de governance.
+     * @param approve true = a favor | false = en contra / veto
+     */
+    async voteOnProposal(params) {
+        if (!this.connected || !this.governance)
+            return null;
+        try {
+            const tx = await this.governance.voteOnProposal(params.proposalId, params.did, params.approve);
+            const receipt = await tx.wait();
+            const action = params.approve ? "✅ FOR" : "🚫 AGAINST";
+            console.log(`[governance] ${action} Proposal #${params.proposalId} | tx: ${receipt.hash}`);
+            return receipt.hash;
+        }
+        catch (err) {
+            console.error(`[governance] voteOnProposal failed: ${err.message?.slice(0, 100)}`);
+            return null;
+        }
+    }
+    /**
+     * Ejecuta una propuesta aprobada una vez que el timelock expiró.
+     */
+    async executeProposal(proposalId) {
+        if (!this.connected || !this.governance)
+            return null;
+        try {
+            const tx = await this.governance.executeProposal(proposalId);
+            const receipt = await tx.wait();
+            console.log(`[governance] ✅ Proposal #${proposalId} EXECUTED | tx: ${receipt.hash}`);
+            return receipt.hash;
+        }
+        catch (err) {
+            console.error(`[governance] executeProposal failed: ${err.message?.slice(0, 100)}`);
+            return null;
+        }
+    }
+    /**
+     * Retorna estado completo de una propuesta.
+     */
+    async getProposal(proposalId) {
+        if (!this.connected || !this.governance)
+            return null;
+        try {
+            // Verificar que la propuesta existe (Solidity retorna zero-struct si no existe)
+            const total = Number(await this.governance.totalProposals());
+            if (proposalId >= total)
+                return null;
+            const STATE_NAMES = ["ACTIVE", "APPROVED", "EXECUTED", "REJECTED", "EXPIRED"];
+            const p = await this.governance.getProposal(proposalId);
+            return {
+                id: Number(p.id),
+                newHash: p.newHash,
+                rationale: p.rationale,
+                proposerDid: p.proposerDid,
+                proposerAddr: p.proposerAddr,
+                createdAt: Number(p.createdAt),
+                approvedAt: Number(p.approvedAt),
+                executedAt: Number(p.executedAt),
+                votesFor: Number(p.votesFor),
+                votesAgainst: Number(p.votesAgainst),
+                state: Number(p.state),
+                stateName: STATE_NAMES[Number(p.state)] ?? "UNKNOWN",
+            };
+        }
+        catch {
+            return null;
+        }
+    }
+    /**
+     * Lista todas las propuestas activas o en timelock.
+     */
+    async getActiveProposals() {
+        if (!this.connected || !this.governance)
+            return [];
+        try {
+            const STATE_NAMES = ["ACTIVE", "APPROVED", "EXECUTED", "REJECTED", "EXPIRED"];
+            const proposals = await this.governance.getActiveProposals();
+            return proposals.map((p) => ({
+                id: Number(p.id),
+                newHash: p.newHash,
+                rationale: p.rationale,
+                proposerDid: p.proposerDid,
+                proposerAddr: p.proposerAddr,
+                createdAt: Number(p.createdAt),
+                approvedAt: Number(p.approvedAt),
+                executedAt: Number(p.executedAt),
+                votesFor: Number(p.votesFor),
+                votesAgainst: Number(p.votesAgainst),
+                state: Number(p.state),
+                stateName: STATE_NAMES[Number(p.state)] ?? "UNKNOWN",
+            }));
+        }
+        catch {
+            return [];
+        }
+    }
+    /**
+     * Historial de todos los hashes aprobados (auditoría).
+     */
+    async getHashHistory() {
+        if (!this.connected || !this.governance)
+            return [];
+        try {
+            return await this.governance.getHashHistory();
+        }
+        catch {
+            return [];
+        }
+    }
+    /**
+     * Segundos restantes del timelock de una propuesta aprobada.
+     */
+    async getTimelockRemaining(proposalId) {
+        if (!this.connected || !this.governance)
+            return 0;
+        try {
+            return Number(await this.governance.timelockRemaining(proposalId));
+        }
+        catch {
+            return 0;
+        }
+    }
 }

package/dist/validator.js

@@ -9,6 +9,7 @@ import { encryptGossip, decryptGossip } from "./crypto/gossip-cipher.js";
 import { selectGossipPeers, routingStats } from "./crypto/peer-router.js";
 import { NullifierConsensus, AttestationConsensus, StateSyncManager } from "./consensus/index.js";
 import { BlockchainAnchor } from "./blockchain/blockchain-anchor.js";
+import { SoulprintBlockchainClient, loadBlockchainConfig, } from "./blockchain/blockchain-client.js";
 import { publishAttestationP2P, onAttestationReceived, getP2PStats, } from "./p2p.js";
 // ── Config ────────────────────────────────────────────────────────────────────
 const PORT = parseInt(process.env.SOULPRINT_PORT ?? String(PROTOCOL.DEFAULT_HTTP_PORT));
@@ -668,8 +669,15 @@ export function startValidatorNode(port = PORT) {
     const anchor = new BlockchainAnchor({
         storePath: join(NODE_DIR, "blockchain-queue"),
     });
+    // Cliente blockchain directo (para governance)
+    const bcConfig = loadBlockchainConfig();
+    const client = bcConfig
+        ? new SoulprintBlockchainClient(bcConfig)
+        : null;
     // Conectar en background (no bloquea el arranque del nodo)
     anchor.connect().catch(() => { });
+    if (client)
+        client.connect().catch(() => { });
     // Escuchar eventos del consenso y anclar async
     nullifierConsensus.on("committed", (entry) => {
         anchor.anchorNullifier({
@@ -796,6 +804,89 @@ export function startValidatorNode(port = PORT) {
                 return json(res, 400, { error: "Invalid consensus message" });
             }
         }
+        // ── Governance endpoints ──────────────────────────────────────────────────
+        // GET /governance — estado del hash aprobado + propuestas activas
+        if (cleanUrl === "/governance" && req.method === "GET") {
+            const [currentHash, active, history] = await Promise.all([
+                client?.getCurrentApprovedHash() ?? null,
+                client?.getActiveProposals() ?? [],
+                client?.getHashHistory() ?? [],
+            ]);
+            return json(res, 200, {
+                currentApprovedHash: currentHash ?? PROTOCOL_HASH,
+                blockchainConnected: !!client?.isConnected,
+                activeProposals: active.length,
+                hashHistory: history,
+                nodeCompatible: !currentHash || currentHash.toLowerCase() === ("0x" + PROTOCOL_HASH).toLowerCase(),
+            });
+        }
+        // GET /governance/proposals — lista de propuestas activas
+        if (cleanUrl === "/governance/proposals" && req.method === "GET") {
+            if (!client?.isConnected)
+                return json(res, 503, { error: "Blockchain not connected" });
+            const proposals = await client.getActiveProposals();
+            return json(res, 200, { proposals, total: proposals.length });
+        }
+        // GET /governance/proposal/:id — detalle de una propuesta
+        if (cleanUrl.match(/^\/governance\/proposal\/\d+$/) && req.method === "GET") {
+            if (!client?.isConnected)
+                return json(res, 503, { error: "Blockchain not connected" });
+            const proposalId = parseInt(cleanUrl.split("/").pop());
+            const proposal = await client.getProposal(proposalId);
+            if (!proposal)
+                return json(res, 404, { error: "Proposal not found" });
+            const remaining = await client.getTimelockRemaining(proposalId);
+            return json(res, 200, { ...proposal, timelockRemainingSeconds: remaining });
+        }
+        // POST /governance/propose — proponer upgrade del PROTOCOL_HASH
+        // Body: { did, newHash, rationale }
+        if (cleanUrl === "/governance/propose" && req.method === "POST") {
+            if (!client?.isConnected)
+                return json(res, 503, { error: "Blockchain not connected" });
+            const body = await readBody(req);
+            if (!body?.did || !body?.newHash || !body?.rationale) {
+                return json(res, 400, { error: "Required: did, newHash, rationale" });
+            }
+            const result = await client.proposeUpgrade({
+                did: body.did,
+                newHash: body.newHash,
+                rationale: body.rationale,
+            });
+            if (!result)
+                return json(res, 500, { error: "Proposal failed — check validator logs" });
+            return json(res, 201, result);
+        }
+        // POST /governance/vote — votar en una propuesta
+        // Body: { proposalId, did, approve }
+        if (cleanUrl === "/governance/vote" && req.method === "POST") {
+            if (!client?.isConnected)
+                return json(res, 503, { error: "Blockchain not connected" });
+            const body = await readBody(req);
+            if (body?.proposalId === undefined || !body?.did || body?.approve === undefined) {
+                return json(res, 400, { error: "Required: proposalId, did, approve" });
+            }
+            const txHash = await client.voteOnProposal({
+                proposalId: Number(body.proposalId),
+                did: body.did,
+                approve: Boolean(body.approve),
+            });
+            if (!txHash)
+                return json(res, 500, { error: "Vote failed — check validator logs" });
+            return json(res, 200, { txHash, proposalId: body.proposalId, approve: body.approve });
+        }
+        // POST /governance/execute — ejecutar propuesta post-timelock
+        // Body: { proposalId }
+        if (cleanUrl === "/governance/execute" && req.method === "POST") {
+            if (!client?.isConnected)
+                return json(res, 503, { error: "Blockchain not connected" });
+            const body = await readBody(req);
+            if (body?.proposalId === undefined)
+                return json(res, 400, { error: "Required: proposalId" });
+            const txHash = await client.executeProposal(Number(body.proposalId));
+            if (!txHash)
+                return json(res, 500, { error: "Execute failed — timelock not expired or proposal not approved" });
+            return json(res, 200, { txHash, proposalId: body.proposalId, executed: true });
+        }
         json(res, 404, { error: "Not found" });
     });
     server.listen(port, () => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "soulprint-network",
-  "version": "0.3.2",
+  "version": "0.3.3",
   "description": "Soulprint validator node — HTTP server that verifies ZK proofs, co-signs SPTs, anti-Sybil registry",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -43,6 +43,7 @@
     "@libp2p/mdns": "11.0.47",
     "@libp2p/ping": "2.0.37",
     "@libp2p/tcp": "10.1.19",
+    "ethers": "^6.16.0",
     "libp2p": "2.10.0",
     "nodemailer": "^8.0.1",
     "otpauth": "^9.5.0",