Skip to content

v0.1.2

Pre-release
Pre-release

Choose a tag to compare

View all tags
@jasonodoom jasonodoom released this 01 Jun 17:31
· 51 commits to main since this release
v0.1.2
This tag was signed with the committer’s verified signature.
jasonodoom Jason Odoom
GPG key ID: A46573671D50E3D8
Verified
Learn about vigilant mode.
091e846
This commit was signed with the committer’s verified signature.
jasonodoom Jason Odoom
GPG key ID: A46573671D50E3D8
Verified
Learn about vigilant mode.

Maturity note. v0.1.x is wire-compatible across patches (ink/0.1 stays frozen) but the API surface and trust semantics remain alpha-quality. See docs/maturity.md. Starting with this release, pre-1.0 versions publish under npm's next dist-tag; latest only advances when a release is explicitly promoted. Adopters who want the current pre-1.0 line install with npm install @adastracomputing/ink@next; the bare npm install @adastracomputing/ink will resolve to the most recent release a maintainer has stamped adopter-grade.

Fixes the v0.1.1 erratum: the Python examples/interop-cli/ shipped in v0.1.1 emitted a phantom envelope shape (type, intentType, purpose, urgency at top level, no id, no correlationId, no createdAt, no body-level signature) that no conforming receiver could accept. v0.1.2 rewrites the CLI's envelope builder to emit the canonical MessageEnvelopeSchema shape:

  • id and correlationId are now generated as 26-char Crockford-base32 ULIDs.
  • createdAt is the canonical envelope creation timestamp (ISO-8601 UTC); the body also carries a separate timestamp field that verifyInkAuth() uses for HTTP §3.3 freshness, distinct from createdAt.
  • intent is the canonical enum value (intro_request for introductions); the legacy intentType/purpose flatten into payload: { target, reason, urgency } per IntroRequestPayloadSchema.
  • Body-level signature is now produced by the canonical domain-separated signer (Ed25519("tulpa/sign\n" + JCS(envelope-without-signature)), base64url, no padding) — matches src/crypto/sign.ts byte-for-byte.
  • provenance is omitted when absent (the field is .optional(); an explicit null would be rejected by Zod).
  • HTTP §3.3 fields (timestamp, nonce) ride alongside the canonical fields so verifyInkAuth() still reads them.

CLI now builds connection_request envelopes. ink-interop send/build --intent-type connection_request (or the alias connection) constructs a ConnectionRequestPayloadSchema-conformant payload (method, context, profileSnapshot). This is the bootstrap intent for first contact between strangers: receivers that opt in to foreign senders verify the body signature against the inline key extracted from the sender's did:key (trust-on-first-use). Other intent types (intro_request, ask, follow_up) presume the sender is already a known contact and remain reserved for established relationships.

Verified end-to-end against https://api.tulpa.network/ink/v1/<agentId>/intent: a did:key: connection_request from ink-interop send lands as a pending action in the recipient's inbox (status: 200, accepted: true, pendingActionId: 01KT…). Coverage spans schema validation, body + transport signature verification, replay/freshness, identity resolution, routing, the foreign-DID policy gate, and shield risk-scoring. Tests pinned to the canonical shape (tests/test_envelope.py) prevent regression. The npm library itself is unchanged from v0.1.1.

Example-helper API break. examples/interop-cli/'s Python helper build_intent_envelope() now requires keypair, replaces intent_type/purpose/timestamp with canonical args (target, reason, created_at, etc.), and removes the extra= kwarg. Adopters who imported the old helper directly will need to update their calls — the previous signature emitted invalid wire data so no callable interop existed there to preserve. This is an example-only change; the npm library (@adastracomputing/ink) exports are unchanged.

Assets 2
Loading