ReScienceLab · Jing-yilin · Mar 19, 2026 · Mar 18, 2026 · Mar 18, 2026 · Mar 18, 2026
diff --git a/.agents/skills/using-git-worktrees/SKILL.md b/.agents/skills/using-git-worktrees/SKILL.md
@@ -0,0 +1,218 @@
+---
+name: using-git-worktrees
+description: Use when starting feature work that needs isolation from current workspace or before executing implementation plans - creates isolated git worktrees with smart directory selection and safety verification
+---
+
+# Using Git Worktrees
+
+## Overview
+
+Git worktrees create isolated workspaces sharing the same repository, allowing work on multiple branches simultaneously without switching.
+
+**Core principle:** Systematic directory selection + safety verification = reliable isolation.
+
+**Announce at start:** "I'm using the using-git-worktrees skill to set up an isolated workspace."
+
+## Directory Selection Process
+
+Follow this priority order:
+
+### 1. Check Existing Directories
+
+```bash
+# Check in priority order
+ls -d .worktrees 2>/dev/null     # Preferred (hidden)
+ls -d worktrees 2>/dev/null      # Alternative
+```
+
+**If found:** Use that directory. If both exist, `.worktrees` wins.
+
+### 2. Check CLAUDE.md
+
+```bash
+grep -i "worktree.*director" CLAUDE.md 2>/dev/null
+```
+
+**If preference specified:** Use it without asking.
+
+### 3. Ask User
+
+If no directory exists and no CLAUDE.md preference:
+
+```
+No worktree directory found. Where should I create worktrees?
+
+1. .worktrees/ (project-local, hidden)
+2. ~/.config/superpowers/worktrees/<project-name>/ (global location)
+
+Which would you prefer?
+```
+
+## Safety Verification
+
+### For Project-Local Directories (.worktrees or worktrees)
+
+**MUST verify directory is ignored before creating worktree:**
+
+```bash
+# Check if directory is ignored (respects local, global, and system gitignore)
+git check-ignore -q .worktrees 2>/dev/null || git check-ignore -q worktrees 2>/dev/null
+```
+
+**If NOT ignored:**
+
+Per Jesse's rule "Fix broken things immediately":
+1. Add appropriate line to .gitignore
+2. Commit the change
+3. Proceed with worktree creation
+
+**Why critical:** Prevents accidentally committing worktree contents to repository.
+
+### For Global Directory (~/.config/superpowers/worktrees)
+
+No .gitignore verification needed - outside project entirely.
+
+## Creation Steps
+
+### 1. Detect Project Name
+
+```bash
+project=$(basename "$(git rev-parse --show-toplevel)")
+```
+
+### 2. Create Worktree
+
+```bash
+# Determine full path
+case $LOCATION in
+  .worktrees|worktrees)
+    path="$LOCATION/$BRANCH_NAME"
+    ;;
+  ~/.config/superpowers/worktrees/*)
+    path="~/.config/superpowers/worktrees/$project/$BRANCH_NAME"
+    ;;
+esac
+
+# Create worktree with new branch
+git worktree add "$path" -b "$BRANCH_NAME"
+cd "$path"
+```
+
+### 3. Run Project Setup
+
+Auto-detect and run appropriate setup:
+
+```bash
+# Node.js
+if [ -f package.json ]; then npm install; fi
+
+# Rust
+if [ -f Cargo.toml ]; then cargo build; fi
+
+# Python
+if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+if [ -f pyproject.toml ]; then poetry install; fi
+
+# Go
+if [ -f go.mod ]; then go mod download; fi
+```
+
+### 4. Verify Clean Baseline
+
+Run tests to ensure worktree starts clean:
+
+```bash
+# Examples - use project-appropriate command
+npm test
+cargo test
+pytest
+go test ./...
+```
+
+**If tests fail:** Report failures, ask whether to proceed or investigate.
+
+**If tests pass:** Report ready.
+
+### 5. Report Location
+
+```
+Worktree ready at <full-path>
+Tests passing (<N> tests, 0 failures)
+Ready to implement <feature-name>
+```
+
+## Quick Reference
+
+| Situation | Action |
+|-----------|--------|
+| `.worktrees/` exists | Use it (verify ignored) |
+| `worktrees/` exists | Use it (verify ignored) |
+| Both exist | Use `.worktrees/` |
+| Neither exists | Check CLAUDE.md → Ask user |
+| Directory not ignored | Add to .gitignore + commit |
+| Tests fail during baseline | Report failures + ask |
+| No package.json/Cargo.toml | Skip dependency install |
+
+## Common Mistakes
+
+### Skipping ignore verification
+
+- **Problem:** Worktree contents get tracked, pollute git status
+- **Fix:** Always use `git check-ignore` before creating project-local worktree
+
+### Assuming directory location
+
+- **Problem:** Creates inconsistency, violates project conventions
+- **Fix:** Follow priority: existing > CLAUDE.md > ask
+
+### Proceeding with failing tests
+
+- **Problem:** Can't distinguish new bugs from pre-existing issues
+- **Fix:** Report failures, get explicit permission to proceed
+
+### Hardcoding setup commands
+
+- **Problem:** Breaks on projects using different tools
+- **Fix:** Auto-detect from project files (package.json, etc.)
+
+## Example Workflow
+
+```
+You: I'm using the using-git-worktrees skill to set up an isolated workspace.
+
+[Check .worktrees/ - exists]
+[Verify ignored - git check-ignore confirms .worktrees/ is ignored]
+[Create worktree: git worktree add .worktrees/auth -b feature/auth]
+[Run npm install]
+[Run npm test - 47 passing]
+
+Worktree ready at /Users/jesse/myproject/.worktrees/auth
+Tests passing (47 tests, 0 failures)
+Ready to implement auth feature
+```
+
+## Red Flags
+
+**Never:**
+- Create worktree without verifying it's ignored (project-local)
+- Skip baseline test verification
+- Proceed with failing tests without asking
+- Assume directory location when ambiguous
+- Skip CLAUDE.md check
+
+**Always:**
+- Follow directory priority: existing > CLAUDE.md > ask
+- Verify directory is ignored for project-local
+- Auto-detect and run project setup
+- Verify clean test baseline
+
+## Integration
+
+**Called by:**
+- **brainstorming** (Phase 4) - REQUIRED when design is approved and implementation follows
+- **subagent-driven-development** - REQUIRED before executing any tasks
+- **executing-plans** - REQUIRED before executing any tasks
+- Any skill needing isolated workspace
+
+**Pairs with:**
+- **finishing-a-development-branch** - REQUIRED for cleanup after work complete
diff --git a/.changeset/domain-separated-signing.md b/.changeset/domain-separated-signing.md
@@ -0,0 +1,75 @@
+---
+"@resciencelab/agent-world-sdk": minor
+---
+
+Implement domain-separated signatures to prevent cross-context replay attacks
+
+This is a BREAKING CHANGE that implements AgentWire-style domain separation across all signing contexts.
+
+## Security Improvements
+
+- **Prevents cross-context replay attacks**: Signatures valid in one context (e.g., HTTP requests) cannot be replayed in another context (e.g., Agent Cards)
+- **Adds 7 domain separators**: HTTP_REQUEST, HTTP_RESPONSE, AGENT_CARD, KEY_ROTATION, ANNOUNCE, MESSAGE, WORLD_STATE
+- **Format**: `"AgentWorld-{Context}-{VERSION}\0"` (includes null byte terminator to prevent JSON confusion)
+- **Version format**: Domain separators use major.minor version (e.g., "0.4" instead of "0.4.3") to prevent network partitioning on patch releases
+
+## Breaking Changes
+
+### Signature Format
+All signatures now include a domain-specific prefix before the payload:
+```
+message = DomainSeparator + JSON.stringify(canonicalize(payload))
+signature = Ed25519(message, secretKey)
+```
+
+### Affected APIs
+- `signHttpRequest()` - Now uses `DOMAIN_SEPARATORS.HTTP_REQUEST`
+- `verifyHttpRequestHeaders()` - Verifies with domain separation
+- `signHttpResponse()` - Now uses `DOMAIN_SEPARATORS.HTTP_RESPONSE`
+- `verifyHttpResponseHeaders()` - Verifies with domain separation
+- `buildSignedAgentCard()` - Agent Card JWS now prepends `DOMAIN_SEPARATORS.AGENT_CARD`
+- Peer protocol (announce, message, key-rotation) - All use context-specific separators
+
+### New Exports
+- `DOMAIN_SEPARATORS` - Constant object with all 7 domain separators
+- `signWithDomainSeparator(separator, payload, secretKey)` - Low-level signing function
+- `verifyWithDomainSeparator(separator, publicKey, payload, signature)` - Low-level verification function
+
+## Version Management
+
+Protocol version is extracted from package.json as **major.minor only**:
+- **Patch releases** (0.4.3 → 0.4.4): Maintain signature compatibility - domain separators unchanged ("0.4")
+- **Minor/major releases** (0.4.x → 0.5.0): Change domain separators - breaking change ("0.4" → "0.5")
+
+Examples:
+- Package version `0.4.3` → Domain separator contains `0.4`
+- Package version `0.5.0-beta.1` → Domain separator contains `0.5`
+- Package version `1.0.0` → Domain separator contains `1.0`
+
+This prevents network partitioning on bug-fix releases while maintaining protocol versioning on minor/major updates.
+
+## Migration Guide
+
+### For Signature Verification
+Existing signatures created before this change will NOT verify. All agents must upgrade simultaneously or use a coordinated rollout strategy.
+
+### For Custom Signing
+If you were using `signPayload()` or `verifySignature()` directly, migrate to domain-separated versions:
+
+**Before:**
+```typescript
+const sig = signPayload(payload, secretKey);
+const valid = verifySignature(publicKey, payload, sig);
+```
+
+**After:**
+```typescript
+const sig = signWithDomainSeparator(DOMAIN_SEPARATORS.MESSAGE, payload, secretKey);
+const valid = verifyWithDomainSeparator(DOMAIN_SEPARATORS.MESSAGE, publicKey, payload, sig);
+```
+
+## Agent Card Capability
+Agent Cards now advertise `"domain-separated-signatures"` capability in the conformance block.
+
+## Verification
+All existing tests pass + 19 new domain separation security tests covering cross-context replay attack prevention.
diff --git a/.changeset/v02-request-signing.md b/.changeset/v02-request-signing.md
@@ -0,0 +1,13 @@
+---
+"@resciencelab/dap": minor
+"@resciencelab/agent-world-sdk": minor
+---
+
+feat: domain-separated signing, header-only auth, world ledger
+
+- DAP plugin HTTP signing/verification aligned with SDK domain separators (HTTP_REQUEST, HTTP_RESPONSE)
+- QUIC/UDP buildSignedMessage uses DOMAIN_SEPARATORS.MESSAGE (matching server verification)
+- Key rotation uses DOMAIN_SEPARATORS.KEY_ROTATION
+- Header signatures (X-AgentWorld-*) required on announce/message — no legacy body-only fallback
+- Blockchain-inspired World Ledger: append-only event log with SHA-256 hash chain, Ed25519-signed entries, JSON Lines persistence, /world/ledger + /world/agents HTTP endpoints
+- Collision-resistant ledger filenames via SHA-256(worldId)
diff --git a/.changeset/world-types.md b/.changeset/world-types.md
@@ -0,0 +1,10 @@
+---
+"@resciencelab/dap": minor
+"@resciencelab/agent-world-sdk": minor
+---
+
+feat: add world type system — programmatic and hosted world modes
+
+Extends WorldManifest with structured rules, actions schema, host info, and lifecycle config.
+Extends WorldConfig with worldType and host agent fields.
+createWorldServer auto-injects host info on join for hosted worlds.
diff --git a/.claude/skills/using-git-worktrees b/.claude/skills/using-git-worktrees
@@ -0,0 +1 @@
+../../.agents/skills/using-git-worktrees
diff --git a/.factory/skills/using-git-worktrees b/.factory/skills/using-git-worktrees
@@ -0,0 +1 @@
+../../.agents/skills/using-git-worktrees
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,7 @@
 node_modules/
 dist/
 *.js.map
+*.tsbuildinfo
 .env
 *.db
 *.db-journal

diff --git a/bootstrap/server.mjs b/bootstrap/server.mjs
@@ -112,6 +112,7 @@ function upsertPeer(agentId, publicKey, opts = {}) {
     alias: opts.alias ?? existing?.alias ?? "",
     version: opts.version ?? existing?.version,
     endpoints: opts.endpoints ?? existing?.endpoints ?? [],
+    capabilities: opts.capabilities ?? existing?.capabilities ?? [],
     firstSeen: existing?.firstSeen ?? now,
     lastSeen,
     source: opts.source ?? "gossip",
@@ -141,12 +142,13 @@ function getPeersForExchange(limit = 50) {
   return [...peers.values()]
     .sort((a, b) => b.lastSeen - a.lastSeen)
     .slice(0, limit)
-    .map(({ agentId, publicKey, alias, version, endpoints, lastSeen }) => ({
+    .map(({ agentId, publicKey, alias, version, endpoints, capabilities, lastSeen }) => ({
       agentId,
       publicKey,
       alias,
       version,
       endpoints: endpoints ?? [],
+      capabilities: capabilities ?? [],
       lastSeen,
     }));
 }
@@ -326,6 +328,7 @@ server.post("/peer/announce", async (req, reply) => {
     alias: ann.alias,
     version: ann.version,
     endpoints: ann.endpoints ?? [],
+    capabilities: ann.capabilities ?? [],
     source: "gossip",
     discoveredVia: derivedId,
   });
@@ -337,6 +340,7 @@ server.post("/peer/announce", async (req, reply) => {
     upsertPeer(pid, p.publicKey, {
       alias: p.alias,
       endpoints: p.endpoints ?? [],
+      capabilities: p.capabilities ?? [],
       source: "gossip",
       discoveredVia: derivedId,
       lastSeen: p.lastSeen,
@@ -560,6 +564,7 @@ async function syncWithSiblings() {
             alias: body.self.alias,
             version: body.self.version,
             endpoints: body.self.endpoints ?? [],
+            capabilities: body.self.capabilities ?? [],
             source: "gossip",
             discoveredVia: body.self.agentId,
           });
@@ -570,6 +575,7 @@ async function syncWithSiblings() {
             alias: p.alias,
             version: p.version,
             endpoints: p.endpoints ?? [],
+            capabilities: p.capabilities ?? [],
             source: "gossip",
             discoveredVia: body.self?.agentId,
             lastSeen: p.lastSeen,