Skip to content

v0.1.0-alpha.0

Pre-release
Pre-release

Choose a tag to compare

View all tags
@jasonodoom jasonodoom released this 01 Jun 17:31
· 119 commits to main since this release
v0.1.0-alpha.0
This tag was signed with the committer’s verified signature.
jasonodoom Jason Odoom
GPG key ID: A46573671D50E3D8
Verified
Learn about vigilant mode.
204151c
This commit was signed with the committer’s verified signature.
jasonodoom Jason Odoom
GPG key ID: A46573671D50E3D8
Verified
Learn about vigilant mode.

Initial open-source release of the INK protocol library and specification.

Protocol surface

  • Ed25519-signed envelopes with JCS (RFC 8785) canonicalization.
  • Domain-separated signing base: ink/0.1\nMETHOD\nPATH\nrecipientDid\nJCS(body)\ntimestamp.
  • Agent Card schema with keys.signing and keys.encryption.
  • Key rotation authority rule (see docs/key-rotation-rule.md).
  • Timestamp freshness window: 5 minutes past, 30 seconds future.
  • ECIES encryption envelopes with AAD bound to all security-relevant
    outer fields.
  • Receipt and audit envelope structures.
  • Optional containment extension: capability-gated visibility, handshake
    budgets, sender silent-drop after first rate-limit violation.

Library

  • Public API exported from the package root, see README for the export
    surface.
  • Defense-in-depth SSRF protections in fetchAgentCard: https-only
    baseUrl, no userinfo, IANA special-use IPv4 and IPv6 blocklists,
    6to4-embedded-v4 extraction, manual redirect, body-size stream cap,
    Zod runtime card validation, recursive endpoint validation,
    integrator-supplied fetch hook for connect-time defenses.
  • Length and format caps on every base64url/hex decode call site.
  • Strict signature length and charset validation before any
    cryptographic operation.
  • Authoritative empty-key-set semantics, once an Agent Card publishes
    a signing key set, callers must not fall back to bootstrap keys.
  • verifyInkAuth requires an explicit nonceStore: NonceStore | "deferred"
    option: pass a NonceStore to have the middleware enforce single-use
    semantics on body.nonce within the freshness window, or "deferred"
    to acknowledge that checkReplay (or equivalent) will run elsewhere
    in the request pipeline. Omitting the option returns
    nonce_handling_required, so a misconfigured deployment fails
    loudly rather than silently accepting replays.
  • verifyAuditEventChain(events) validates internal continuity of an
    audit response slice: strictly +1 sequence, previousEventHash
    linkage, duplicate-sequence fork detection. Consumers of
    audit-exchange responses MUST run this alongside
    verifyAuditResponseSignature.
  • checkReplay standalone helper with explicit nonce + timestamp
    freshness; nonce backing storage is the integrator's choice.

Test surface

  • 430 unit and integration tests across crypto, middleware, discovery,
    containment, and security-regression suites.
  • Interop test vectors in test-vectors/ covering signing base, key
    rotation, replay, and Agent Card shapes.
Assets 2
Loading