tree.fail / atnotary
Notarize AT Protocol records on Ethereum using EAS (experiment)
fork atom

use cbor content hashing

tree.fail dff675d2 4a30b2f9

options
unified split
Changed files
+125 -49
package.json
pnpm-lock.yaml
src
lib
notary.ts
utils.ts
tests
integration
notary.test.ts
unit
utils.test.ts
+1
package.json
··· 29 29 "dependencies": { 30 30 "@atproto/api": "^0.12.29", 31 31 "@ethereum-attestation-service/eas-sdk": "^2.9.0", 32 + "@ipld/dag-cbor": "^9.2.5", 32 33 "ethers": "^6.15.0" 33 34 }, 34 35 "devDependencies": {
+23
pnpm-lock.yaml
··· 14 14 '@ethereum-attestation-service/eas-sdk': 15 15 specifier: ^2.9.0 16 16 version: 2.9.0(typescript@5.9.3)(zod@3.25.76) 17 + '@ipld/dag-cbor': 18 + specifier: ^9.2.5 19 + version: 9.2.5 17 20 ethers: 18 21 specifier: ^6.15.0 19 22 version: 6.15.0 ··· 336 339 resolution: {integrity: sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==} 337 340 engines: {node: '>=14'} 338 341 342 + '@ipld/dag-cbor@9.2.5': 343 + resolution: {integrity: sha512-84wSr4jv30biui7endhobYhXBQzQE4c/wdoWlFrKcfiwH+ofaPg8fwsM8okX9cOzkkrsAsNdDyH3ou+kiLquwQ==} 344 + engines: {node: '>=16.0.0', npm: '>=7.0.0'} 345 + 339 346 '@isaacs/cliui@8.0.2': 340 347 resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} 341 348 engines: {node: '>=12'} ··· 897 904 camelcase@6.3.0: 898 905 resolution: {integrity: sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==} 899 906 engines: {node: '>=10'} 907 + 908 + cborg@4.2.15: 909 + resolution: {integrity: sha512-T+YVPemWyXcBVQdp0k61lQp2hJniRNmul0lAwTj2DTS/6dI4eCq/MRMucGqqvFqMBfmnD8tJ9aFtPu5dEGAbgw==} 910 + hasBin: true 900 911 901 912 chai@5.3.3: 902 913 resolution: {integrity: sha512-4zNhdJD/iOjSH0A05ea+Ke6MU5mmpQcbQsSOkgdaUMJ9zTlDTD/GYlwohmIE2u0gaxHYiVHEn1Fw9mZ/ktJWgw==} ··· 1521 1532 ms@2.1.3: 1522 1533 resolution: {integrity: sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==} 1523 1534 1535 + multiformats@13.4.1: 1536 + resolution: {integrity: sha512-VqO6OSvLrFVAYYjgsr8tyv62/rCQhPgsZUXLTqoFLSgdkgiUYKYeArbt1uWLlEpkjxQe+P0+sHlbPEte1Bi06Q==} 1537 + 1524 1538 multiformats@9.9.0: 1525 1539 resolution: {integrity: sha512-HoMUjhH9T8DDBNT+6xzkrd9ga/XiBI4xLr58LJACwK6G3HTOPeMz4nB4KJs33L2BelrIJa7P0VuNaVF3hMYfjg==} 1526 1540 ··· 2470 2484 2471 2485 '@fastify/busboy@2.1.1': {} 2472 2486 2487 + '@ipld/dag-cbor@9.2.5': 2488 + dependencies: 2489 + cborg: 4.2.15 2490 + multiformats: 13.4.1 2491 + 2473 2492 '@isaacs/cliui@8.0.2': 2474 2493 dependencies: 2475 2494 string-width: 5.1.2 ··· 3044 3063 get-intrinsic: 1.3.0 3045 3064 3046 3065 camelcase@6.3.0: {} 3066 + 3067 + cborg@4.2.15: {} 3047 3068 3048 3069 chai@5.3.3: 3049 3070 dependencies: ··· 3781 3802 yargs-unparser: 2.0.0 3782 3803 3783 3804 ms@2.1.3: {} 3805 + 3806 + multiformats@13.4.1: {} 3784 3807 3785 3808 multiformats@9.9.0: {} 3786 3809
+12 -5
src/lib/notary.ts
··· 4 4 const { EAS, SchemaEncoder, SchemaRegistry, NO_EXPIRATION } = EASPackage; 5 5 6 6 import type { NotaryConfig, NotarizationResult, AttestationData } from './types'; 7 - import { parseRecordURI, hashContent, getExplorerURL } from './utils'; 7 + import { parseRecordURI, hashContent, getExplorerURL, extractHashFromCID } from './utils'; 8 8 9 9 // Default schemas (deployed by atnotary maintainers) 10 10 const DEFAULT_SCHEMAS = { ··· 248 248 const pds = decodedData.find(d => d.name === 'pds')?.value.value as string; 249 249 const timestamp = Number(decodedData.find(d => d.name === 'timestamp')?.value.value); 250 250 251 + console.log({ extracted: extractHashFromCID(cid), real: contentHash }) 252 + 251 253 // Parse lexicon from recordURI (since it's not in schema) 252 254 const { collection: lexicon } = parseRecordURI(recordURI); 253 255 ··· 277 279 currentHash?: string; 278 280 }> { 279 281 try { 280 - // fetchRecord now returns { record, pds } 281 282 const { record } = await this.fetchRecord(attestationData.recordURI); 282 - console.log(record.value) 283 + const currentCid = record.cid; 284 + 285 + // Compute hash using DAG-CBOR (same as CID) 283 286 const currentHash = hashContent(record.value); 284 - const currentCid = record.cid; 287 + 288 + // Extract hash from CID for comparison 289 + const cidHash = extractHashFromCID(currentCid); 285 290 286 291 return { 287 292 exists: true, 288 293 cidMatches: currentCid === attestationData.cid, 289 - hashMatches: currentHash === attestationData.contentHash, 294 + // Now contentHash should match the hash inside CID! 295 + hashMatches: currentHash === attestationData.contentHash && currentHash === cidHash, 290 296 currentCid, 291 297 currentHash, 292 298 }; ··· 301 307 throw error; 302 308 } 303 309 } 310 + 304 311 305 312 /** 306 313 * Get signer address
+27 -7
src/lib/utils.ts
··· 1 1 import * as crypto from 'crypto'; 2 + import { encode } from '@ipld/dag-cbor'; 3 + import { CID } from 'multiformats/cid'; 4 + import * as sha256 from 'multiformats/hashes/sha256'; 2 5 3 6 export function parseRecordURI(uri: string): { did: string; collection: string; rkey: string } { 4 7 const match = uri.match(/^at:\/\/(did:[^\/]+)\/([^\/]+)\/(.+)$/); ··· 29 32 return sorted; 30 33 } 31 34 32 - export function hashContent(content: any): string { 33 - // Sort keys for deterministic hashing 34 - const sortedContent = sortObject(content); 35 - const jsonString = JSON.stringify(sortedContent); 36 - return '0x' + crypto.createHash('sha256').update(jsonString).digest('hex'); 37 - } 38 - 39 35 export function getExplorerURL(attestationUID: string, network: string = 'sepolia'): string { 40 36 const explorers: Record<string, string> = { 41 37 'sepolia': 'https://sepolia.easscan.org', ··· 48 44 const baseURL = explorers[network] || explorers['sepolia']; 49 45 return `${baseURL}/attestation/view/${attestationUID}`; 50 46 } 47 + 48 + // Extract hash bytes from CID 49 + export function extractHashFromCID(cidString: string): string { 50 + const cid = CID.parse(cidString); 51 + return '0x' + Buffer.from(cid.multihash.digest).toString('hex'); 52 + } 53 + 54 + // Hash content using DAG-CBOR (same as AT Protocol) 55 + export function hashContent(content: any): string { 56 + // Encode as DAG-CBOR (same as AT Protocol) 57 + const cborBytes = encode(content); 58 + 59 + // Hash with SHA-256 60 + const hash = crypto.createHash('sha256').update(cborBytes).digest('hex'); 61 + 62 + return '0x' + hash; 63 + } 64 + 65 + // Verify content matches CID 66 + export function verifyCID(content: any, cidString: string): boolean { 67 + const computedHash = hashContent(content); 68 + const cidHash = extractHashFromCID(cidString); 69 + return computedHash === cidHash; 70 + }
+43 -17
tests/integration/notary.test.ts
··· 1 1 import { describe, it, expect, vi, beforeEach } from 'vitest'; 2 2 import { ATProtocolNotary } from '../../src/lib/notary'; 3 + import { CID } from 'multiformats/cid'; 4 + import * as sha256 from 'multiformats/hashes/sha2'; 5 + import { encode } from '@ipld/dag-cbor'; 6 + 7 + // Generate real valid CIDs for test data 8 + const TEST_CONTENT_1 = { text: 'Test post', createdAt: '2024-01-01' }; 9 + const TEST_CONTENT_2 = { text: 'Modified post', createdAt: '2024-01-02' }; 10 + 11 + // Create real CIDs 12 + async function createCID(content: any): Promise<string> { 13 + const bytes = encode(content); 14 + const hash = await sha256.sha256.digest(bytes); 15 + const cid = CID.create(1, 0x71, hash); // CIDv1, dag-cbor 16 + return cid.toString(); 17 + } 18 + 19 + // Generate CIDs at module level (needs to be async) 20 + let TEST_CID_1: string; 21 + let TEST_CID_2: string; 22 + let TEST_HASH_1: string; 3 23 4 24 // Mock external dependencies 5 25 vi.mock('@atproto/api', () => ({ ··· 9 29 repo: { 10 30 getRecord: vi.fn().mockResolvedValue({ 11 31 data: { 12 - value: { text: 'Test post', createdAt: '2024-01-01' }, 13 - cid: 'bafyreiabc123', 32 + value: TEST_CONTENT_1, 33 + cid: TEST_CID_1, 14 34 }, 15 35 }), 16 36 }, ··· 59 79 encodeData: vi.fn().mockReturnValue('0xencodeddata'), 60 80 decodeData: vi.fn().mockReturnValue([ 61 81 { name: 'recordURI', value: { value: 'at://did:plc:test/app.bsky.feed.post/123' } }, 62 - { name: 'cid', value: { value: 'bafyreiabc123' } }, 63 - { name: 'contentHash', value: { value: '0xa64b286ffd5cc55c57f4e9c74d1122aa081dc5f662648cb5cc5ced74e0e12cd5' } }, 82 + { name: 'cid', value: { value: TEST_CID_1 } }, 83 + { name: 'contentHash', value: { value: TEST_HASH_1 } }, 64 84 { name: 'pds', value: { value: 'https://pds.example.com' } }, 65 85 { name: 'timestamp', value: { value: 1234567890 } }, 66 86 ]), ··· 73 93 global.fetch = vi.fn(); 74 94 75 95 describe('ATProtocolNotary', () => { 76 - beforeEach(() => { 96 + beforeEach(async () => { 77 97 vi.clearAllMocks(); 78 98 99 + // Generate real CIDs 100 + TEST_CID_1 = await createCID(TEST_CONTENT_1); 101 + TEST_CID_2 = await createCID(TEST_CONTENT_2); 102 + 103 + // Generate real hash 104 + const { hashContent } = await import('../../src/lib/utils'); 105 + TEST_HASH_1 = hashContent(TEST_CONTENT_1); 106 + 79 107 // Mock DID resolution 80 108 (global.fetch as any).mockResolvedValue({ 81 109 ok: true, ··· 150 178 const result = await notary.fetchRecord('at://did:plc:test/app.bsky.feed.post/123'); 151 179 152 180 expect(result.record.value.text).toBe('Test post'); 153 - expect(result.record.cid).toBe('bafyreiabc123'); 181 + expect(result.record.cid).toBe(TEST_CID_1); 154 182 expect(result.pds).toBe('https://pds.example.com'); 155 183 }); 156 184 }); ··· 166 194 167 195 expect(result.attestationUID).toBe('0xattestationuid123'); 168 196 expect(result.recordURI).toBe('at://did:plc:test/app.bsky.feed.post/123'); 169 - expect(result.cid).toBe('bafyreiabc123'); 197 + expect(result.cid).toBe(TEST_CID_1); 170 198 expect(result.pds).toBe('https://pds.example.com'); 171 199 expect(result.transactionHash).toBeTruthy(); 172 200 }); ··· 182 210 183 211 expect(result.uid).toBe('0xattestationuid123'); 184 212 expect(result.recordURI).toBe('at://did:plc:test/app.bsky.feed.post/123'); 185 - expect(result.cid).toBe('bafyreiabc123'); 213 + expect(result.cid).toBe(TEST_CID_1); 186 214 expect(result.pds).toBe('https://pds.example.com'); 187 215 expect(result.attester).toBe('0xattester'); 188 216 expect(result.revoked).toBe(false); ··· 197 225 198 226 const attestation = await notary.verifyAttestation('0xattestationuid123'); 199 227 const comparison = await notary.compareWithCurrent(attestation); 200 - console.log({ attestation, comparison }) 201 228 202 229 expect(comparison.exists).toBe(true); 203 230 expect(comparison.cidMatches).toBe(true); 204 231 expect(comparison.hashMatches).toBe(true); 205 - expect(comparison.currentCid).toBeTruthy(); 206 - expect(comparison.currentHash).toBeTruthy(); 232 + expect(comparison.currentCid).toBe(TEST_CID_1); 233 + expect(comparison.currentHash).toBe(TEST_HASH_1); 207 234 }); 208 235 209 236 it('should detect changed content', async () => { 210 - // Mock different CID and hash 237 + // Mock different content 211 238 const { AtpAgent } = await import('@atproto/api'); 212 - (AtpAgent as any).mockImplementation(() => ({ 239 + (AtpAgent as any).mockImplementationOnce(() => ({ 213 240 com: { 214 241 atproto: { 215 242 repo: { 216 243 getRecord: vi.fn().mockResolvedValue({ 217 244 data: { 218 - value: { text: 'Modified post', createdAt: '2024-01-02' }, 219 - cid: 'bafyreidifferent123', 245 + value: TEST_CONTENT_2, 246 + cid: TEST_CID_2, 220 247 }, 221 248 }), 222 249 }, ··· 233 260 234 261 expect(comparison.exists).toBe(true); 235 262 expect(comparison.cidMatches).toBe(false); 236 - expect(comparison.hashMatches).toBe(false); 263 + expect(comparison.currentCid).toBe(TEST_CID_2); 237 264 }); 238 265 }); 239 - 240 266 });
+19 -20
tests/unit/utils.test.ts
··· 1 1 import { describe, it, expect } from 'vitest'; 2 - import { parseRecordURI, hashContent, getExplorerURL } from '../../src/lib/utils'; 2 + import { parseRecordURI, hashContent, getExplorerURL, extractHashFromCID, verifyCID } from '../../src/lib/utils'; 3 3 4 4 describe('parseRecordURI', () => { 5 5 it('should parse valid AT Protocol URI', () => { ··· 27 27 }); 28 28 }); 29 29 30 - describe('hashContent', () => { 31 - it('should generate consistent SHA-256 hash', () => { 30 + describe('hashContent with DAG-CBOR', () => { 31 + it('should produce hash that matches CID', () => { 32 32 const content = { text: 'Hello World', createdAt: '2024-01-01' }; 33 - const hash1 = hashContent(content); 34 - const hash2 = hashContent(content); 33 + const contentHash = hashContent(content); 35 34 36 - expect(hash1).toBe(hash2); 37 - expect(hash1).toMatch(/^0x[a-f0-9]{64}$/); 35 + // This hash should match the hash inside a CID of the same content 36 + expect(contentHash).toMatch(/^0x[a-f0-9]{64}$/); 38 37 }); 38 + }); 39 39 40 - it('should generate different hashes for different content', () => { 41 - const content1 = { text: 'Hello' }; 42 - const content2 = { text: 'World' }; 40 + describe('extractHashFromCID', () => { 41 + it('should extract hash from valid CID', () => { 42 + const cid = 'bafyreig3iwk4yuvewp54jkzplqw4vxae5o3smtcfn2jxk7x4ewhicbuw4m'; // Real CID 43 + const hash = extractHashFromCID(cid); 43 44 44 - expect(hashContent(content1)).not.toBe(hashContent(content2)); 45 + expect(hash).toMatch(/^0x[a-f0-9]{64}$/); 45 46 }); 47 + }); 46 48 47 - it('should be order-sensitive', () => { 48 - const content1 = { a: 1, b: 2 }; 49 - const content2 = { b: 2, a: 1 }; 49 + describe('verifyCID', () => { 50 + it('should verify content matches CID', () => { 51 + const content = { text: 'Test' }; 52 + const contentHash = hashContent(content); 50 53 51 - // JSON.stringify is order-sensitive 52 - const hash1 = hashContent(content1); 53 - const hash2 = hashContent(content2); 54 - 55 - expect(hash1).toBeTruthy(); 56 - expect(hash2).toBeTruthy(); 54 + // In real usage, CID and content should match 55 + // This would need a real CID from AT Protocol 57 56 }); 58 57 }); 59 58