|
| 1 | +// Shared helper for minting an *attested* session against a control |
| 2 | +// plane. Used by `agentlock session create` and by `agentlock install` |
| 3 | +// when invoked with `--tier software|totp` so the install/uninstall |
| 4 | +// flow runs under a real signed session instead of forcing the daemon |
| 5 | +// into AGENTLOCK_ALLOW_UNATTESTED. |
| 6 | +// |
| 7 | +// Layout mirrors what `runSessionCreate` used to do inline: |
| 8 | +// 1. Load (or create) the long-lived signer for the requested tier. |
| 9 | +// 2. Generate / reuse the session keypair under $AGENTLOCK_HOME. |
| 10 | +// 3. Canonicalize + sign the attestation. |
| 11 | +// 4. POST /v1/sessions/create. |
| 12 | +// |
| 13 | +// On success the on-disk `session-current.key` is what subsequent calls |
| 14 | +// (gates, ledger appends) sign with — which is why it's persisted. |
| 15 | + |
| 16 | +import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs"; |
| 17 | +import { join } from "node:path"; |
| 18 | + |
| 19 | +import * as ed25519 from "@noble/ed25519"; |
| 20 | + |
| 21 | +import { apiClient, type SessionResponse, type SessionStartRequest } from "./api"; |
| 22 | +import { agentlockHome } from "./paths"; |
| 23 | +import { loadOrCreateSoftwareSigner } from "../signer/software"; |
| 24 | +import { loadTOTPSigner } from "../signer/totp"; |
| 25 | +import { canonicalAttestation } from "../signer/canonical"; |
| 26 | +import type { Signer, SignerKind } from "../signer/types"; |
| 27 | + |
| 28 | +export type AttestedTier = "software" | "totp"; |
| 29 | + |
| 30 | +export interface MintAttestedOptions { |
| 31 | + tier: AttestedTier; |
| 32 | + url?: string; |
| 33 | + policyHash?: string; |
| 34 | + // tier=totp only: |
| 35 | + code?: string; |
| 36 | + passphrase?: string; |
| 37 | +} |
| 38 | + |
| 39 | +export async function mintAttestedSession( |
| 40 | + opts: MintAttestedOptions, |
| 41 | +): Promise<SessionResponse> { |
| 42 | + const home = agentlockHome(); |
| 43 | + mkdirSync(home, { recursive: true }); |
| 44 | + |
| 45 | + let signer: Signer; |
| 46 | + let signerKind: SignerKind; |
| 47 | + if (opts.tier === "software") { |
| 48 | + signer = await loadOrCreateSoftwareSigner(home); |
| 49 | + signerKind = "software"; |
| 50 | + } else { |
| 51 | + if (!opts.code || !opts.passphrase) { |
| 52 | + throw new Error("tier=totp requires --code and --passphrase"); |
| 53 | + } |
| 54 | + signer = await loadTOTPSigner(home, { code: opts.code, passphrase: opts.passphrase }); |
| 55 | + signerKind = "totp_backed_software"; |
| 56 | + } |
| 57 | + |
| 58 | + const sessionKeyPath = join(home, "session-current.key"); |
| 59 | + let sessionSeed: Uint8Array; |
| 60 | + if (existsSync(sessionKeyPath)) { |
| 61 | + sessionSeed = new Uint8Array(readFileSync(sessionKeyPath)); |
| 62 | + } else { |
| 63 | + sessionSeed = new Uint8Array(32); |
| 64 | + crypto.getRandomValues(sessionSeed); |
| 65 | + writeFileSync(sessionKeyPath, sessionSeed, { mode: 0o600 }); |
| 66 | + } |
| 67 | + const sessionPub = await ed25519.getPublicKeyAsync(sessionSeed); |
| 68 | + |
| 69 | + const policyHash = opts.policyHash ?? readPolicyHash(home) ?? "sha256:0000"; |
| 70 | + const payload = { |
| 71 | + policy_hash: policyHash, |
| 72 | + session_pubkey: `ed25519:${toHex(sessionPub)}`, |
| 73 | + signer: signerKind, |
| 74 | + signer_pubkey: `ed25519:${toHex(signer.publicKey)}`, |
| 75 | + }; |
| 76 | + const canon = new TextEncoder().encode(canonicalAttestation(payload)); |
| 77 | + const attestation = await signer.sign(canon); |
| 78 | + |
| 79 | + const req: SessionStartRequest = { |
| 80 | + policy_hash: payload.policy_hash, |
| 81 | + session_pubkey: payload.session_pubkey, |
| 82 | + signer: payload.signer, |
| 83 | + signer_pubkey: payload.signer_pubkey, |
| 84 | + attestation: `ed25519:${toHex(attestation)}`, |
| 85 | + }; |
| 86 | + |
| 87 | + const client = apiClient(opts.url); |
| 88 | + return client.createSession(req); |
| 89 | +} |
| 90 | + |
| 91 | +function readPolicyHash(home: string): string | null { |
| 92 | + const p = join(home, "policy.hash"); |
| 93 | + if (!existsSync(p)) return null; |
| 94 | + return readFileSync(p, "utf8").trim(); |
| 95 | +} |
| 96 | + |
| 97 | +function toHex(b: Uint8Array): string { |
| 98 | + return Array.from(b, (v) => v.toString(16).padStart(2, "0")).join(""); |
| 99 | +} |
0 commit comments