aletheia-protocol/contracts/verification_oracle.algo.ts at main · chopmob-cloud/aletheia-protocol · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
import {
  Contract,
  Address,
  GlobalState,
  BoxMap,
  abimethod,
  assert,
  Global,
  Txn,
  log,
  itob,
  bytes,
  uint64,
  sendMethodCall,
} from '@algorandfoundation/algorand-typescript'

/**
 * VerificationOracle
 *
 * ASIF-constrained bridge between the off-chain AI verification service
 * and the on-chain EvidenceVault. Enforces:
 *
 *   - Agent address whitelisting (only one authorised hot wallet)
 *   - Nonce-based replay protection (each seal requires a fresh nonce)
 *   - Rate limiting (max seals per round window)
 *   - Admin separation (cold multisig controls agent rotation)
 *
 * The oracle never holds funds and cannot modify its own auth list.
 * Agent key compromise is bounded by the rate limit.
 *
 * @arc4 ARC-4 ABI compliant
 * @asif Agentic Security & Identity Framework aligned
 */
export class VerificationOracle extends Contract {
  // ── Global State ──────────────────────────────────────────────

  /** Cold multisig — the only address that can rotate the agent wallet */
  adminAddress = GlobalState<Address>()

  /** Hot wallet of the AI agent backend service */
  agentAddress = GlobalState<Address>()

  /** App ID of the EvidenceVault this oracle is authorised for */
  vaultAppId = GlobalState<uint64>()

  /** Total seals performed since deployment (monotonic) */
  sealCount = GlobalState<uint64>({ initialValue: 0n })

  /** Round at which the current rate-limit window started */
  windowStart = GlobalState<uint64>({ initialValue: 0n })

  /** Number of seals in the current window */
  windowSeals = GlobalState<uint64>({ initialValue: 0n })

  /** Max seals allowed per window (default: 100) */
  maxPerWindow = GlobalState<uint64>({ initialValue: 100n })

  /** Window size in rounds (default: 1000 rounds ≈ ~70 min on Algorand) */
  windowSize = GlobalState<uint64>({ initialValue: 1000n })

  // ── Box Storage ───────────────────────────────────────────────

  /**
   * Nonce tracking — prevents replay attacks.
   * Key: nonce (32 bytes, unique per invocation)
   * Value: round at which nonce was consumed
   */
  nonces = BoxMap<bytes, uint64>({ keyPrefix: 'n:' })

  // ── Lifecycle ─────────────────────────────────────────────────

  @abimethod({ onCreate: 'require' })
  create(admin: Address, agent: Address, vaultAppId: uint64): void {
    this.adminAddress.value = admin
    this.agentAddress.value = agent
    this.vaultAppId.value = vaultAppId
    this.windowStart.value = Global.round
    log('VerificationOracle created')
  }

  // ── Core Oracle Method ────────────────────────────────────────

  /**
   * Relay a verified truth score from the AI backend to EvidenceVault.
   *
   * Only the whitelisted agent wallet may call this. On success it:
   *   1. Consumes the nonce (replay protection)
   *   2. Updates the rate-limit window counter
   *   3. Sends an inner transaction to EvidenceVault.sealVerification()
   *   4. Emits an AVM audit log entry
   */
  @abimethod()
  relayVerification(
    nonce: bytes,
    claimId: bytes,
    truthScore: uint64,
    consistencyPct: uint64,
    reliabilityPct: uint64,
    contradictionPct: uint64,
    aiSummaryHash: bytes,
  ): void {
    // ── Auth ──
    assert(Txn.sender === this.agentAddress.value, 'Caller is not the authorised agent')

    // ── Replay protection ──
    assert(nonce.length === 32, 'Nonce must be 32 bytes')
    assert(!this.nonces(nonce).exists, 'Nonce already consumed (replay attack)')
    this.nonces(nonce).value = Global.round

    // ── Rate limiting ──
    this.refreshWindow()
    assert(
      this.windowSeals.value < this.maxPerWindow.value,
      'Rate limit exceeded for this window',
    )
    this.windowSeals.value = this.windowSeals.value + 1n

    // ── Input validation (fail fast before inner tx) ──
    assert(truthScore <= 100_000n, 'truthScore out of range')
    assert(consistencyPct <= 100_000n, 'consistencyPct out of range')
    assert(reliabilityPct <= 100_000n, 'reliabilityPct out of range')
    assert(contradictionPct <= 100_000n, 'contradictionPct out of range')

    // ── Inner transaction to EvidenceVault ──
    sendMethodCall<typeof EvidenceVaultStub.prototype.sealVerification>({
      applicationId: this.vaultAppId.value,
      methodArgs: [
        claimId,
        truthScore,
        consistencyPct,
        reliabilityPct,
        contradictionPct,
        aiSummaryHash,
      ],
    })

    // ── Audit log ──
    this.sealCount.value = this.sealCount.value + 1n
    log(
      'ORACLE_RELAY:nonce=' +
        nonce +
        ':claim=' +
        claimId +
        ':score=' +
        itob(truthScore) +
        ':seal#=' +
        itob(this.sealCount.value),
    )
  }

  // ── Admin Methods ─────────────────────────────────────────────

  /**
   * Rotate the agent hot wallet. Admin (cold multisig) only.
   * Use this immediately if the agent key is suspected compromised.
   */
  @abimethod()
  rotateAgent(newAgent: Address): void {
    assert(Txn.sender === this.adminAddress.value, 'Admin only')
    const oldAgent = this.agentAddress.value
    this.agentAddress.value = newAgent
    log('AGENT_ROTATED:old=' + oldAgent + ':new=' + newAgent)
  }

  /**
   * Update rate limit parameters. Admin only.
   * @param newMax    Maximum seals per window
   * @param newWindow Window size in rounds
   */
  @abimethod()
  setRateLimit(newMax: uint64, newWindow: uint64): void {
    assert(Txn.sender === this.adminAddress.value, 'Admin only')
    assert(newMax > 0n, 'maxPerWindow must be > 0')
    assert(newWindow > 0n, 'windowSize must be > 0')
    this.maxPerWindow.value = newMax
    this.windowSize.value = newWindow
    log('RATE_LIMIT_UPDATED:max=' + itob(newMax) + ':window=' + itob(newWindow))
  }

  /** Update vault reference. Admin only. */
  @abimethod()
  updateVaultRef(newVaultAppId: uint64): void {
    assert(Txn.sender === this.adminAddress.value, 'Admin only')
    this.vaultAppId.value = newVaultAppId
    log('VAULT_REF_UPDATED:' + itob(newVaultAppId))
  }

  // ── Read-only Methods ─────────────────────────────────────────

  @abimethod({ readonly: true })
  getStatus(): {
    sealCount: uint64
    windowSeals: uint64
    maxPerWindow: uint64
    agentAddress: Address
  } {
    return {
      sealCount: this.sealCount.value,
      windowSeals: this.windowSeals.value,
      maxPerWindow: this.maxPerWindow.value,
      agentAddress: this.agentAddress.value,
    }
  }

  // ── Internal Helpers ──────────────────────────────────────────

  /** Reset rate-limit window if a new window has started. */
  private refreshWindow(): void {
    const elapsed = Global.round - this.windowStart.value
    if (elapsed >= this.windowSize.value) {
      this.windowStart.value = Global.round
      this.windowSeals.value = 0n
    }
  }
}

/**
 * Stub used for sendMethodCall typing.
 * The actual EvidenceVault ABI is resolved at runtime via vaultAppId.
 */
abstract class EvidenceVaultStub extends Contract {
  abstract sealVerification(
    claimId: bytes,
    truthScore: uint64,
    consistencyPct: uint64,
    reliabilityPct: uint64,
    contradictionPct: uint64,
    aiSummaryHash: bytes,
  ): void
}