fix: verify computes pubkey before runtime-core verification

Author: GsCommand

server.mjs

@@ -1,12 +1,17 @@
 // server.mjs
 import express from "express";
-import { signReceiptEd25519Sha256, verifyReceiptEd25519Sha256, CANONICAL_ID_SORTED_KEYS_V1 } from "@commandlayer/runtime-core";
 import crypto from "crypto";
 import Ajv from "ajv";
 import addFormats from "ajv-formats";
 import { ethers } from "ethers";
 import net from "net";
 
+import {
+  signReceiptEd25519Sha256,
+  verifyReceiptEd25519Sha256,
+  CANONICAL_ID_SORTED_KEYS_V1
+} from "@commandlayer/runtime-core";
+
 const app = express();
 app.use(express.json({ limit: "2mb" }));
 
@@ -22,12 +27,17 @@ app.use((req, res, next) => {
 const PORT = Number(process.env.PORT || 8080);
 
 // ---- runtime config
-const ENABLED_VERBS = (process.env.ENABLED_VERBS || "fetch,describe,format,clean,parse,summarize,convert,explain,analyze,classify")
+const ENABLED_VERBS = (process.env.ENABLED_VERBS ||
+  "fetch,describe,format,clean,parse,summarize,convert,explain,analyze,classify")
   .split(",")
   .map((s) => s.trim())
   .filter(Boolean);
 
-const SIGNER_ID = process.env.RECEIPT_SIGNER_ID || process.env.ENS_NAME || "runtime";
+const SIGNER_ID = process.env.RECEIPT_SIGNER_ID || process.env.ENS_NAME || "runtime.commandlayer.eth";
+const SIGNER_KID = process.env.SIGNER_KID || "v1";
+
+// NOTE: runtime-core expects PEM text, not base64.
+// We accept base64 envs (as you already do) and decode to PEM.
 const PRIV_PEM_B64 = process.env.RECEIPT_SIGNING_PRIVATE_KEY_PEM_B64 || "";
 const PUB_PEM_B64 = process.env.RECEIPT_SIGNING_PUBLIC_KEY_PEM_B64 || "";
 
@@ -70,7 +80,7 @@ const VERIFY_MAX_MS = Number(process.env.VERIFY_MAX_MS || 30000);
 // CRITICAL: edge-safe schema verify behavior
 // If true, /verify?schema=1 will NEVER compile or fetch; it will only validate if cached,
 // otherwise it returns 202 and queues warm.
-// Default true (this is what prevents Railway edge 502s).
+// Default true (this is what prevents edge 502s).
 const VERIFY_SCHEMA_CACHED_ONLY = String(process.env.VERIFY_SCHEMA_CACHED_ONLY || "1") === "1";
 
 // Prewarm knobs
@@ -86,25 +96,6 @@ function randId(prefix = "trace_") {
   return prefix + crypto.randomBytes(6).toString("hex");
 }
 
-// Stable stringify (deterministic object key order)
-function stableStringify(value) {
-  const seen = new WeakSet();
-  const helper = (v) => {
-    if (v === null || typeof v !== "object") return v;
-    if (seen.has(v)) return "[Circular]";
-    seen.add(v);
-    if (Array.isArray(v)) return v.map(helper);
-    const out = {};
-    for (const k of Object.keys(v).sort()) out[k] = helper(v[k]);
-    return out;
-  };
-  return JSON.stringify(helper(value));
-}
-
-function sha256Hex(str) {
-  return crypto.createHash("sha256").update(str).digest("hex");
-}
-
 function pemFromB64(b64) {
   if (!b64) return null;
   const pem = Buffer.from(b64, "base64").toString("utf8");
@@ -117,27 +108,14 @@ function normalizePem(text) {
   return pem.includes("BEGIN") ? pem : null;
 }
 
-function signEd25519Base64(messageUtf8) {
-  const pem = pemFromB64(PRIV_PEM_B64);
-  if (!pem) throw new Error("Missing RECEIPT_SIGNING_PRIVATE_KEY_PEM_B64");
-  const key = crypto.createPrivateKey(pem);
-  const sig = crypto.sign(null, Buffer.from(messageUtf8, "utf8"), key);
-  return sig.toString("base64");
-}
-
-function verifyEd25519Base64(messageUtf8, signatureB64, pubPem) {
-  const key = crypto.createPublicKey(pubPem);
-  return crypto.verify(null, Buffer.from(messageUtf8, "utf8"), key, Buffer.from(signatureB64, "base64"));
+function enabled(verb) {
+  return ENABLED_VERBS.includes(verb);
 }
 
 function makeError(code, message, extra = {}) {
   return { status: "error", code, message, ...extra };
 }
 
-function enabled(verb) {
-  return ENABLED_VERBS.includes(verb);
-}
-
 function requireBody(req, res) {
   if (!req.body || typeof req.body !== "object") {
     res.status(400).json(makeError(400, "Invalid JSON body"));
@@ -411,10 +389,10 @@ function startWarmWorker() {
 }
 
 // -----------------------
-// receipts (receipt_id excluded from canonical hash)
+// receipts (runtime-core: single source of truth)
 // -----------------------
 function makeReceipt({ x402, trace, result, status = "success", error = null, delegation_result = null, actor = null }) {
-  const receipt = {
+  let receipt = {
     status,
     x402,
     trace,
@@ -424,8 +402,9 @@ function makeReceipt({ x402, trace, result, status = "success", error = null, de
     metadata: {
       proof: {
         alg: "ed25519-sha256",
-        canonical: "json-stringify",
+        canonical: CANONICAL_ID_SORTED_KEYS_V1,
         signer_id: SIGNER_ID,
+        kid: SIGNER_KID,
         hash_sha256: null,
         signature_b64: null,
       },
@@ -435,18 +414,15 @@ function makeReceipt({ x402, trace, result, status = "success", error = null, de
 
   if (actor) receipt.metadata.actor = actor;
 
-  const unsigned = structuredClone(receipt);
-  unsigned.metadata.proof.hash_sha256 = "";
-  unsigned.metadata.proof.signature_b64 = "";
-  unsigned.metadata.receipt_id = "";
-
-  const canonical = stableStringify(unsigned);
-  const hash = sha256Hex(canonical);
-  const sigB64 = signEd25519Base64(hash);
+  const privPem = pemFromB64(PRIV_PEM_B64);
+  if (!privPem) throw new Error("Missing RECEIPT_SIGNING_PRIVATE_KEY_PEM_B64");
 
-  receipt.metadata.proof.hash_sha256 = hash;
-  receipt.metadata.proof.signature_b64 = sigB64;
-  receipt.metadata.receipt_id = hash;
+  receipt = signReceiptEd25519Sha256(receipt, {
+    signer_id: SIGNER_ID,
+    kid: SIGNER_KID,
+    canonical: CANONICAL_ID_SORTED_KEYS_V1,
+    privateKeyPem: privPem,
+  });
 
   return receipt;
 }
@@ -628,6 +604,10 @@ function doParse(body) {
   return result;
 }
 
+function sha256HexUtf8(str) {
+  return crypto.createHash("sha256").update(String(str), "utf8").digest("hex");
+}
+
 function doSummarize(body) {
   const input = body?.input || {};
   const content = String(input.content ?? "");
@@ -645,7 +625,7 @@ function doSummarize(body) {
   }
   if (!summary) summary = content.slice(0, 400).trim();
 
-  const srcHash = sha256Hex(content);
+  const srcHash = sha256HexUtf8(content);
   const cr = summary.length ? Number((content.length / summary.length).toFixed(3)) : 0;
 
   return { summary, format: format === "markdown" ? "markdown" : "text", compression_ratio: cr, source_hash: srcHash };
@@ -850,7 +830,10 @@ async function handleVerb(verb, req, res) {
     const x402 = req.body?.x402 || { verb, version: "1.0.0", entry: `x402://${verb}agent.eth/${verb}/v1.0.0` };
 
     const callerTimeout = Number(req.body?.limits?.timeout_ms || req.body?.limits?.max_latency_ms || 0);
-    const timeoutMs = Math.min(SERVER_MAX_HANDLER_MS, callerTimeout && callerTimeout > 0 ? callerTimeout : SERVER_MAX_HANDLER_MS);
+    const timeoutMs = Math.min(
+      SERVER_MAX_HANDLER_MS,
+      callerTimeout && callerTimeout > 0 ? callerTimeout : SERVER_MAX_HANDLER_MS
+    );
 
     const work = Promise.resolve(handlers[verb](req.body));
     const result = timeoutMs
@@ -942,6 +925,7 @@ app.get("/debug/env", (req, res) => {
     service: process.env.RAILWAY_SERVICE_NAME || "runtime",
     enabled_verbs: ENABLED_VERBS,
     signer_id: SIGNER_ID,
+    signer_kid: SIGNER_KID,
     signer_ok: !!pemFromB64(PRIV_PEM_B64),
     has_priv_b64: !!PRIV_PEM_B64,
     has_pub_b64: !!PUB_PEM_B64,
@@ -952,7 +936,6 @@ app.get("/debug/env", (req, res) => {
     schema_fetch_timeout_ms: SCHEMA_FETCH_TIMEOUT_MS,
     schema_validate_budget_ms: SCHEMA_VALIDATE_BUDGET_MS,
     verify_schema_cached_only: VERIFY_SCHEMA_CACHED_ONLY,
-
     enable_ssrf_guard: ENABLE_SSRF_GUARD,
     fetch_timeout_ms: FETCH_TIMEOUT_MS,
     fetch_max_bytes: FETCH_MAX_BYTES,
@@ -973,6 +956,7 @@ app.get("/debug/env", (req, res) => {
     service_version: SERVICE_VERSION,
     api_version: API_VERSION,
     canonical_base_url: CANONICAL_BASE,
+    canonical_id: CANONICAL_ID_SORTED_KEYS_V1,
   });
 });
 
@@ -1083,14 +1067,7 @@ app.post("/verify", async (req, res) => {
         return fail(400, "missing metadata.proof.signature_b64 or hash_sha256");
       }
 
-      const v = verifyReceiptEd25519Sha256(receipt, {
-        publicKeyPemOrDer: pubPem,
-        allowedCanonicals: [CANONICAL_ID_SORTED_KEYS_V1]
-      });
-
-      const hashMatches = v.ok ? true : (v.reason === "bad_signature" ? true : (v.reason === "hash_mismatch" ? false : false));
-      const recomputed = hashMatches ? proof.hash_sha256 : null;
-
+      // 1) pick pubkey (env -> optional ENS)
       let pubPem = pemFromB64(PUB_PEM_B64);
       let pubSrc = pubPem ? "env-b64" : null;
 
@@ -1104,18 +1081,25 @@ app.post("/verify", async (req, res) => {
         }
       }
 
-      let sigOk = false;
-      let sigErr = null;
-
+      // 2) verify (runtime-core canonical + hash + signature)
+      let v = { ok: false, reason: "no_public_key" };
       if (pubPem) {
-        sigOk = v.ok;
-        sigErr = v.ok ? null : (v.reason || "verify failed");
-      } else {
-        sigOk = false;
-        sigErr = "no public key available (set RECEIPT_SIGNING_PUBLIC_KEY_PEM_B64 or pass ens=1 with ETH_RPC_URL)";
+        v = verifyReceiptEd25519Sha256(receipt, {
+          publicKeyPemOrDer: pubPem,
+          allowedCanonicals: [CANONICAL_ID_SORTED_KEYS_V1],
+        });
       }
 
-      // Schema validation (edge-safe)
+      const sigOk = !!v.ok;
+      const sigErr =
+        pubPem ? (sigOk ? null : (v.reason || "verify failed")) :
+        "no public key available (set RECEIPT_SIGNING_PUBLIC_KEY_PEM_B64 or pass ens=1 with ETH_RPC_URL)";
+
+      // Hash match: runtime-core reasons should already reflect canonical/hash mismatch
+      const hashMatches = sigOk ? true : (v.reason === "hash_mismatch" ? false : true);
+      const recomputed = hashMatches ? (proof.hash_sha256 || null) : null;
+
+      // 3) schema validation (edge-safe)
       let schemaOk = true;
       let schemaErrors = null;
 
@@ -1126,7 +1110,6 @@ app.post("/verify", async (req, res) => {
         if (!verb) {
           schemaErrors = [{ message: "missing receipt.x402.verb" }];
         } else if (VERIFY_SCHEMA_CACHED_ONLY && !hasValidatorCached(verb)) {
-          // Do NOT compile/fetch here; queue warm and return 202
           warmQueue.add(verb);
           startWarmWorker();
           schemaErrors = [{ message: "validator_not_warmed_yet" }];
@@ -1148,9 +1131,7 @@ app.post("/verify", async (req, res) => {
           });
         } else {
           try {
-            const validate = VERIFY_SCHEMA_CACHED_ONLY
-              ? validatorCache.get(verb)?.validate
-              : await getValidatorForVerb(verb);
+            const validate = VERIFY_SCHEMA_CACHED_ONLY ? validatorCache.get(verb)?.validate : await getValidatorForVerb(verb);
 
             if (!validate) {
               schemaOk = false;