You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PATH-OS / DACS clients delivered an implementation brief on 2026-06-10 (file: docs/l2ps-sr4-implementation-brief.md) covering the three remaining 🟡 gaps in CORE §A.4 so DACS-3 negotiate-rfq and negotiate-sealed-envelope run end-to-end on a real private channel.
Goal
Close the SR-4 conformance bar (CH-1..CH-6, DACS-3 §8.3.1) — identity-keyed membership, confidentiality, authenticity, liveness, termination, per-session channelId uniqueness — at the substrate / SDK level so application code stops carrying that burden.
4 new SDK modules (~1080 LOC) + 98 jest unit tests, all passing.
Two new package exports: @kynesyslabs/demosdk/identity and @kynesyslabs/demosdk/identity/cci.
The l2ps barrel also exposes binding, channel, anchor namespaces.
Two new primitives on the L2PS class (encryptBytes / decryptBytes) reusing the per-call-nonce + AAD pattern from encryptTx — needed by WI-3, additive-only.
Pre-existing TS4114 in BroadcastFailedError / TransportError fixed (added override) so the build hook would let the commit through.
Invariant enforced
In-channel signer == on-chain party. Every signature path goes through the connected Demos Ed25519 key — never the RSA L2PS subnet key. All signatures are domain-separated (dacs-binding:v1:, dacs-channelmsg:v1:, dacs-transcript:v1:) over RFC 8785 JCS canonical bytes per §B.7.
Test status
98/98 unit tests pass; full project tsc --noEmit clean.
Integration tests against live chain deferred — dev environment is down (Re-validate dev environment after reboot #890). Once dev nodes are back, run the WI-1 anchor + WI-3 broadcast paths end-to-end against dev.node2.demos.sh:53650.
Context
PATH-OS / DACS clients delivered an implementation brief on 2026-06-10 (file:
docs/l2ps-sr4-implementation-brief.md) covering the three remaining 🟡 gaps in CORE §A.4 so DACS-3negotiate-rfqandnegotiate-sealed-enveloperun end-to-end on a real private channel.Goal
Close the SR-4 conformance bar (CH-1..CH-6, DACS-3 §8.3.1) — identity-keyed membership, confidentiality, authenticity, liveness, termination, per-session channelId uniqueness — at the substrate / SDK level so application code stops carrying that burden.
Status
SDK delivery shipped on
feat/sr4-cci-channel-transcript(commit 09fcb7c). Branch pushed to kynesyslabs/sdks; PR pending review.Open the PR: https://github.com/kynesyslabs/sdks/pull/new/feat/sr4-cci-channel-transcript
Sub-tickets
ClaimReferencetype +signWithPrimaryClaimhelper. Done.L2PSMembershipBinding+ SR-2 anchor +resolveMember. Done.ChannelMessageenvelope + sequence + transcript export. Done.anchorEncryptedTranscript. Done.What landed
@kynesyslabs/demosdk/identityand@kynesyslabs/demosdk/identity/cci.binding,channel,anchornamespaces.encryptBytes/decryptBytes) reusing the per-call-nonce + AAD pattern fromencryptTx— needed by WI-3, additive-only.BroadcastFailedError/TransportErrorfixed (addedoverride) so the build hook would let the commit through.Invariant enforced
In-channel signer == on-chain party. Every signature path goes through the connected Demos Ed25519 key — never the RSA L2PS subnet key. All signatures are domain-separated (
dacs-binding:v1:,dacs-channelmsg:v1:,dacs-transcript:v1:) over RFC 8785 JCS canonical bytes per §B.7.Test status
tsc --noEmitclean.dev.node2.demos.sh:53650.Source