@attested-intelligence/aga-mcp-server 0.1.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/PATENTS.md +28 -0
- package/README.md +84 -23
- package/dist/context.d.ts +39 -0
- package/dist/context.d.ts.map +1 -0
- package/dist/context.js +113 -0
- package/dist/context.js.map +1 -0
- package/dist/core/identity.d.ts +14 -0
- package/dist/core/identity.d.ts.map +1 -0
- package/dist/core/identity.js +16 -0
- package/dist/core/identity.js.map +1 -0
- package/dist/core/index.d.ts +3 -0
- package/dist/core/index.d.ts.map +1 -1
- package/dist/core/index.js +3 -0
- package/dist/core/index.js.map +1 -1
- package/dist/core/measurement.d.ts +16 -0
- package/dist/core/measurement.d.ts.map +1 -0
- package/dist/core/measurement.js +18 -0
- package/dist/core/measurement.js.map +1 -0
- package/dist/core/portal.d.ts +1 -1
- package/dist/core/portal.d.ts.map +1 -1
- package/dist/core/portal.js +10 -5
- package/dist/core/portal.js.map +1 -1
- package/dist/core/types.d.ts +2 -2
- package/dist/core/types.d.ts.map +1 -1
- package/dist/crypto/canonicalize.d.ts +7 -0
- package/dist/crypto/canonicalize.d.ts.map +1 -0
- package/dist/crypto/canonicalize.js +21 -0
- package/dist/crypto/canonicalize.js.map +1 -0
- package/dist/crypto/index.d.ts +6 -5
- package/dist/crypto/index.d.ts.map +1 -1
- package/dist/crypto/index.js +6 -5
- package/dist/crypto/index.js.map +1 -1
- package/dist/crypto/keys.d.ts +10 -0
- package/dist/crypto/keys.d.ts.map +1 -0
- package/dist/crypto/keys.js +19 -0
- package/dist/crypto/keys.js.map +1 -0
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/middleware/governance.d.ts +1 -7
- package/dist/middleware/governance.d.ts.map +1 -1
- package/dist/middleware/governance.js +11 -18
- package/dist/middleware/governance.js.map +1 -1
- package/dist/prompts/drift-analysis.d.ts +13 -0
- package/dist/prompts/drift-analysis.d.ts.map +1 -0
- package/dist/prompts/drift-analysis.js +43 -0
- package/dist/prompts/drift-analysis.js.map +1 -0
- package/dist/prompts/governance-report.d.ts +7 -0
- package/dist/prompts/governance-report.d.ts.map +1 -0
- package/dist/prompts/governance-report.js +26 -0
- package/dist/prompts/governance-report.js.map +1 -0
- package/dist/prompts/nccoe-demo.d.ts +14 -0
- package/dist/prompts/nccoe-demo.d.ts.map +1 -0
- package/dist/prompts/nccoe-demo.js +48 -0
- package/dist/prompts/nccoe-demo.js.map +1 -0
- package/dist/resources/crypto-primitives.d.ts +3 -0
- package/dist/resources/crypto-primitives.d.ts.map +1 -0
- package/dist/resources/crypto-primitives.js +52 -0
- package/dist/resources/crypto-primitives.js.map +1 -0
- package/dist/resources/patent-claims.d.ts +3 -0
- package/dist/resources/patent-claims.d.ts.map +1 -0
- package/dist/resources/patent-claims.js +67 -0
- package/dist/resources/patent-claims.js.map +1 -0
- package/dist/resources/sample-bundle.d.ts +6 -0
- package/dist/resources/sample-bundle.d.ts.map +1 -0
- package/dist/resources/sample-bundle.js +58 -0
- package/dist/resources/sample-bundle.js.map +1 -0
- package/dist/resources/specification.d.ts +3 -0
- package/dist/resources/specification.d.ts.map +1 -0
- package/dist/resources/specification.js +107 -0
- package/dist/resources/specification.js.map +1 -0
- package/dist/server.d.ts +4 -7
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +217 -343
- package/dist/server.js.map +1 -1
- package/dist/storage/sqlite.js +1 -1
- package/dist/tools/create-artifact.d.ts +25 -0
- package/dist/tools/create-artifact.d.ts.map +1 -0
- package/dist/tools/create-artifact.js +85 -0
- package/dist/tools/create-artifact.js.map +1 -0
- package/dist/tools/delegate-subagent.d.ts +18 -0
- package/dist/tools/delegate-subagent.d.ts.map +1 -0
- package/dist/tools/delegate-subagent.js +50 -0
- package/dist/tools/delegate-subagent.js.map +1 -0
- package/dist/tools/disclose-claim.d.ts +14 -0
- package/dist/tools/disclose-claim.d.ts.map +1 -0
- package/dist/tools/disclose-claim.js +23 -0
- package/dist/tools/disclose-claim.js.map +1 -0
- package/dist/tools/export-bundle.d.ts +8 -0
- package/dist/tools/export-bundle.d.ts.map +1 -0
- package/dist/tools/export-bundle.js +25 -0
- package/dist/tools/export-bundle.js.map +1 -0
- package/dist/tools/full-lifecycle.d.ts +16 -0
- package/dist/tools/full-lifecycle.d.ts.map +1 -0
- package/dist/tools/full-lifecycle.js +121 -0
- package/dist/tools/full-lifecycle.js.map +1 -0
- package/dist/tools/generate-receipt.d.ts +16 -0
- package/dist/tools/generate-receipt.d.ts.map +1 -0
- package/dist/tools/generate-receipt.js +31 -0
- package/dist/tools/generate-receipt.js.map +1 -0
- package/dist/tools/get-chain.d.ts +14 -0
- package/dist/tools/get-chain.d.ts.map +1 -0
- package/dist/tools/get-chain.js +45 -0
- package/dist/tools/get-chain.js.map +1 -0
- package/dist/tools/get-portal-state.d.ts +8 -0
- package/dist/tools/get-portal-state.d.ts.map +1 -0
- package/dist/tools/get-portal-state.js +15 -0
- package/dist/tools/get-portal-state.js.map +1 -0
- package/dist/tools/init-chain.d.ts +10 -0
- package/dist/tools/init-chain.d.ts.map +1 -0
- package/dist/tools/init-chain.js +13 -0
- package/dist/tools/init-chain.js.map +1 -0
- package/dist/tools/measure-behavior.d.ts +12 -0
- package/dist/tools/measure-behavior.d.ts.map +1 -0
- package/dist/tools/measure-behavior.js +29 -0
- package/dist/tools/measure-behavior.js.map +1 -0
- package/dist/tools/measure-subject.d.ts +15 -0
- package/dist/tools/measure-subject.d.ts.map +1 -0
- package/dist/tools/measure-subject.js +106 -0
- package/dist/tools/measure-subject.js.map +1 -0
- package/dist/tools/quarantine-status.d.ts +8 -0
- package/dist/tools/quarantine-status.d.ts.map +1 -0
- package/dist/tools/quarantine-status.js +16 -0
- package/dist/tools/quarantine-status.js.map +1 -0
- package/dist/tools/revoke-artifact.d.ts +13 -0
- package/dist/tools/revoke-artifact.d.ts.map +1 -0
- package/dist/tools/revoke-artifact.js +24 -0
- package/dist/tools/revoke-artifact.js.map +1 -0
- package/dist/tools/rotate-keys.d.ts +13 -0
- package/dist/tools/rotate-keys.d.ts.map +1 -0
- package/dist/tools/rotate-keys.js +39 -0
- package/dist/tools/rotate-keys.js.map +1 -0
- package/dist/tools/server-info.d.ts +8 -0
- package/dist/tools/server-info.d.ts.map +1 -0
- package/dist/tools/server-info.js +24 -0
- package/dist/tools/server-info.js.map +1 -0
- package/dist/tools/set-verification-tier.d.ts +11 -0
- package/dist/tools/set-verification-tier.d.ts.map +1 -0
- package/dist/tools/set-verification-tier.js +31 -0
- package/dist/tools/set-verification-tier.js.map +1 -0
- package/dist/tools/start-monitoring.d.ts +12 -0
- package/dist/tools/start-monitoring.d.ts.map +1 -0
- package/dist/tools/start-monitoring.js +17 -0
- package/dist/tools/start-monitoring.js.map +1 -0
- package/dist/tools/trigger-measurement.d.ts +15 -0
- package/dist/tools/trigger-measurement.d.ts.map +1 -0
- package/dist/tools/trigger-measurement.js +86 -0
- package/dist/tools/trigger-measurement.js.map +1 -0
- package/dist/tools/verify-artifact.d.ts +13 -0
- package/dist/tools/verify-artifact.d.ts.map +1 -0
- package/dist/tools/verify-artifact.js +6 -0
- package/dist/tools/verify-artifact.js.map +1 -0
- package/dist/tools/verify-bundle.d.ts +13 -0
- package/dist/tools/verify-bundle.d.ts.map +1 -0
- package/dist/tools/verify-bundle.js +6 -0
- package/dist/tools/verify-bundle.js.map +1 -0
- package/dist/types.d.ts +262 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +9 -0
- package/dist/types.js.map +1 -0
- package/package.json +33 -6
- package/AGA_MCP_SERVER_SPEC.md +0 -632
- package/src/core/artifact.ts +0 -45
- package/src/core/attestation.ts +0 -33
- package/src/core/behavioral.ts +0 -132
- package/src/core/bundle.ts +0 -31
- package/src/core/chain.ts +0 -72
- package/src/core/checkpoint.ts +0 -22
- package/src/core/delegation.ts +0 -146
- package/src/core/disclosure.ts +0 -32
- package/src/core/index.ts +0 -11
- package/src/core/portal.ts +0 -96
- package/src/core/quarantine.ts +0 -16
- package/src/core/receipt.ts +0 -33
- package/src/core/subject.ts +0 -11
- package/src/core/types.ts +0 -244
- package/src/crypto/hash.ts +0 -33
- package/src/crypto/index.ts +0 -5
- package/src/crypto/merkle.ts +0 -43
- package/src/crypto/salt.ts +0 -18
- package/src/crypto/sign.ts +0 -35
- package/src/crypto/types.ts +0 -19
- package/src/index.ts +0 -12
- package/src/middleware/governance.ts +0 -95
- package/src/middleware/index.ts +0 -1
- package/src/server.ts +0 -436
- package/src/storage/index.ts +0 -3
- package/src/storage/interface.ts +0 -21
- package/src/storage/memory.ts +0 -27
- package/src/storage/sqlite.ts +0 -45
- package/src/tools/README.md +0 -13
- package/src/utils/canonical.ts +0 -14
- package/src/utils/constants.ts +0 -3
- package/src/utils/timestamp.ts +0 -12
- package/src/utils/uuid.ts +0 -2
package/PATENTS.md
ADDED
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
# Patent Notice
|
|
2
|
+
|
|
3
|
+
**USPTO Application No. 19/433,835**
|
|
4
|
+
**Title:** Attested Governance Artifact Protocol for Autonomous Systems
|
|
5
|
+
**Applicant:** Attested Intelligence Holdings LLC
|
|
6
|
+
**Status:** Pending
|
|
7
|
+
|
|
8
|
+
This software implements the methods and systems described in the above patent application. The patent covers, among other things:
|
|
9
|
+
|
|
10
|
+
- Sealed hash attestation of subject identity (Claims 1a-1d)
|
|
11
|
+
- Portal-based runtime measurement and enforcement (Claims 1e-1g)
|
|
12
|
+
- Privacy-preserving disclosure with sensitivity-based auto-substitution (Claim 2)
|
|
13
|
+
- Tamper-evident continuity chain with privacy-preserving leaf hashes (Claims 3a-3f)
|
|
14
|
+
- Phantom execution and quarantine (Claim 5)
|
|
15
|
+
- TTL-based fail-closed semantics (Claim 6)
|
|
16
|
+
- Offline-verifiable evidence bundles (Claim 9)
|
|
17
|
+
- Pinned issuer key verification (Claim 10)
|
|
18
|
+
- Forensic input capture during quarantine (Claim 11)
|
|
19
|
+
- Graceful degradation (Claim 12)
|
|
20
|
+
|
|
21
|
+
## NIST References
|
|
22
|
+
|
|
23
|
+
- **NIST-2025-0035:** AI Agent Transparency and Accountability
|
|
24
|
+
- **NCCoE:** AI Agent Identity and Authorization
|
|
25
|
+
|
|
26
|
+
## License
|
|
27
|
+
|
|
28
|
+
This software is licensed under the MIT License. Use of the software does not grant any rights under the patent application beyond those explicitly granted by the MIT License.
|
package/README.md
CHANGED
|
@@ -1,42 +1,103 @@
|
|
|
1
|
-
# @attested-intelligence/aga-mcp-server
|
|
1
|
+
# @attested-intelligence/aga-mcp-server v2.0.0
|
|
2
2
|
|
|
3
|
-
MCP server implementing the Attested Governance Artifact (AGA) protocol.
|
|
3
|
+
MCP server implementing the Attested Governance Artifact (AGA) protocol - cryptographic compliance enforcement for autonomous AI systems.
|
|
4
4
|
|
|
5
5
|
**Patent Pending:** USPTO Application No. 19/433,835
|
|
6
6
|
**Referenced in:** NIST-2025-0035, NCCoE AI Agent Identity and Authorization
|
|
7
7
|
|
|
8
8
|
## What It Does
|
|
9
9
|
|
|
10
|
-
This server acts as a **Portal** (
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
|
17
|
-
|
|
18
|
-
| `
|
|
19
|
-
| `
|
|
20
|
-
| `
|
|
21
|
-
| `
|
|
22
|
-
| `
|
|
23
|
-
| `
|
|
24
|
-
| `
|
|
25
|
-
| `
|
|
26
|
-
| `
|
|
10
|
+
This server acts as a **Portal** (zero-trust Policy Enforcement Point) for AI agents. Every tool call is attested, measured against a sealed cryptographic reference, and logged to a tamper-evident continuity chain with signed receipts.
|
|
11
|
+
|
|
12
|
+
**20 tools, 4 resources, 3 prompts, 159 tests**
|
|
13
|
+
|
|
14
|
+
## 20 MCP Tools
|
|
15
|
+
|
|
16
|
+
| # | Tool | NIST/Patent Ref | Description |
|
|
17
|
+
|---|------|-----------------|-------------|
|
|
18
|
+
| 1 | `aga_server_info` | - | Server identity, keys, portal state, framework alignment |
|
|
19
|
+
| 2 | `aga_init_chain` | Claim 3a | Initialize continuity chain with genesis event |
|
|
20
|
+
| 3 | `aga_create_artifact` | Claims 1a-1d | Attest subject, generate sealed Policy Artifact |
|
|
21
|
+
| 4 | `aga_measure_subject` | Claims 1e-1g | Measure subject, compare to sealed ref, generate receipt |
|
|
22
|
+
| 5 | `aga_verify_artifact` | Claim 10 | Verify artifact signature against issuer key |
|
|
23
|
+
| 6 | `aga_start_monitoring` | NIST-2025-0035 | Start/restart behavioral monitoring with baseline |
|
|
24
|
+
| 7 | `aga_get_portal_state` | - | Current portal enforcement state and TTL |
|
|
25
|
+
| 8 | `aga_trigger_measurement` | Claims 1e-1g | Trigger measurement with specific type |
|
|
26
|
+
| 9 | `aga_generate_receipt` | V3 Promise | Generate signed measurement receipt manually |
|
|
27
|
+
| 10 | `aga_export_bundle` | Claim 9 | Package artifact + receipts + Merkle proofs |
|
|
28
|
+
| 11 | `aga_verify_bundle` | Section J | 4-step offline bundle verification |
|
|
29
|
+
| 12 | `aga_disclose_claim` | Claim 2 | Privacy-preserving disclosure with auto-substitution |
|
|
30
|
+
| 13 | `aga_get_chain` | Claim 3c | Get chain events with optional integrity verification |
|
|
31
|
+
| 14 | `aga_quarantine_status` | Claim 5 | Quarantine state and forensic capture status |
|
|
32
|
+
| 15 | `aga_revoke_artifact` | NCCoE 3b | Mid-session artifact revocation |
|
|
33
|
+
| 16 | `aga_set_verification_tier` | - | Set verification tier (BRONZE/SILVER/GOLD) |
|
|
34
|
+
| 17 | `aga_demonstrate_lifecycle` | All | Full lifecycle: attest, measure, checkpoint, verify |
|
|
35
|
+
| 18 | `aga_measure_behavior` | NIST-2025-0035 | Behavioral drift detection (tool patterns) |
|
|
36
|
+
| 19 | `aga_delegate_to_subagent` | NCCoE | Constrained sub-agent delegation (scope only diminishes) |
|
|
37
|
+
| 20 | `aga_rotate_keys` | Claim 3 | Key rotation with chain event |
|
|
38
|
+
|
|
39
|
+
## 4 Resources
|
|
40
|
+
|
|
41
|
+
| Resource | URI | Description |
|
|
42
|
+
|----------|-----|-------------|
|
|
43
|
+
| Protocol Spec | `aga://specification/protocol-v2` | Full protocol specification with SPIFFE alignment |
|
|
44
|
+
| Sample Bundle | `aga://resources/sample-bundle` | Sample evidence bundle documentation |
|
|
45
|
+
| Crypto Primitives | `aga://resources/crypto-primitives` | Cryptographic primitives documentation |
|
|
46
|
+
| Patent Claims | `aga://resources/patent-claims` | 20 patent claims mapped to tools |
|
|
47
|
+
|
|
48
|
+
## 3 Prompts
|
|
49
|
+
|
|
50
|
+
| Prompt | Description |
|
|
51
|
+
|--------|-------------|
|
|
52
|
+
| `nccoe-demo` | 4-phase NCCoE lab demo with behavioral drift |
|
|
53
|
+
| `governance-report` | Session governance summary report |
|
|
54
|
+
| `drift-analysis` | Drift event analysis and remediation |
|
|
27
55
|
|
|
28
56
|
## Quick Start
|
|
29
57
|
|
|
30
|
-
|
|
58
|
+
```bash
|
|
59
|
+
npm install && npm run build && npm test
|
|
60
|
+
```
|
|
31
61
|
|
|
32
62
|
## Connect to Claude Desktop
|
|
33
63
|
|
|
34
|
-
Add to
|
|
64
|
+
Add to `%APPDATA%\Claude\claude_desktop_config.json`:
|
|
65
|
+
|
|
66
|
+
```json
|
|
35
67
|
{
|
|
36
68
|
"mcpServers": {
|
|
37
|
-
"aga": { "command": "node", "args": ["/
|
|
69
|
+
"aga": { "command": "node", "args": ["C:/Users/neuro/AIH/aga-mcp-server/dist/index.js"] }
|
|
38
70
|
}
|
|
39
71
|
}
|
|
72
|
+
```
|
|
73
|
+
|
|
74
|
+
## Architecture
|
|
75
|
+
|
|
76
|
+
```
|
|
77
|
+
MCP Client (Claude Desktop)
|
|
78
|
+
│ JSON-RPC over stdio
|
|
79
|
+
▼
|
|
80
|
+
src/server.ts - 20 tools + 4 resources + 3 prompts
|
|
81
|
+
│
|
|
82
|
+
├── src/tools/ 20 individual tool handlers
|
|
83
|
+
├── src/core/ Protocol logic (artifact, chain, portal, etc.)
|
|
84
|
+
├── src/crypto/ Ed25519 + SHA-256 + Merkle + canonical JSON
|
|
85
|
+
├── src/middleware/ Zero-trust governance PEP
|
|
86
|
+
├── src/storage/ In-memory + optional SQLite
|
|
87
|
+
├── src/resources/ Protocol docs + patent claims
|
|
88
|
+
└── src/prompts/ Demo + report + analysis prompts
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
## Test Coverage
|
|
92
|
+
|
|
93
|
+
| Suite | Tests | What |
|
|
94
|
+
|-------|-------|------|
|
|
95
|
+
| Crypto | 33 | SHA-256, Ed25519, Merkle, salt, canonical, keys |
|
|
96
|
+
| Core | 56 | Artifact, chain, portal, governance, behavioral, delegation, privacy, revocation, fail-closed |
|
|
97
|
+
| Tools | 25 | All 20 tool handlers |
|
|
98
|
+
| Integration | 38 | Bundle tamper, lifecycle, performance, NCCoE demo, crucible compatibility |
|
|
99
|
+
| **Total** | **159** | |
|
|
40
100
|
|
|
41
101
|
## License
|
|
42
|
-
|
|
102
|
+
|
|
103
|
+
MIT - Attested Intelligence Holdings LLC
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import { Portal } from './core/portal.js';
|
|
2
|
+
import { BehavioralMonitor as BehavioralMonitorImpl } from './core/behavioral.js';
|
|
3
|
+
import type { AGAStorage } from './storage/interface.js';
|
|
4
|
+
import type { KeyPair, QuarantineState, ContinuityEvent, VerificationTier, ClaimsTaxonomy, DelegationRecord, PolicyArtifact, DisclosurePolicy } from './types.js';
|
|
5
|
+
import type { EventType } from './core/types.js';
|
|
6
|
+
export interface ServerContext {
|
|
7
|
+
issuerKP: KeyPair;
|
|
8
|
+
portalKP: KeyPair;
|
|
9
|
+
chainKP: KeyPair;
|
|
10
|
+
portal: Portal;
|
|
11
|
+
storage: AGAStorage;
|
|
12
|
+
chainInitialized: boolean;
|
|
13
|
+
activeArtifact: PolicyArtifact | null;
|
|
14
|
+
quarantine: QuarantineState | null;
|
|
15
|
+
behavioralMonitor: BehavioralMonitorImpl;
|
|
16
|
+
measurementCount: number;
|
|
17
|
+
verificationTier: VerificationTier;
|
|
18
|
+
startTime: string;
|
|
19
|
+
claimsTaxonomy: ClaimsTaxonomy;
|
|
20
|
+
delegations: DelegationRecord[];
|
|
21
|
+
defaultEnforcement: import('./types.js').EnforcementParams;
|
|
22
|
+
defaultClaims: DisclosurePolicy;
|
|
23
|
+
claimValues: Record<string, unknown>;
|
|
24
|
+
appendToChain(type: EventType, payload: unknown): Promise<ContinuityEvent>;
|
|
25
|
+
json(x: unknown): {
|
|
26
|
+
content: Array<{
|
|
27
|
+
type: 'text';
|
|
28
|
+
text: string;
|
|
29
|
+
}>;
|
|
30
|
+
};
|
|
31
|
+
error(msg: string, extra?: Record<string, unknown>): {
|
|
32
|
+
content: Array<{
|
|
33
|
+
type: 'text';
|
|
34
|
+
text: string;
|
|
35
|
+
}>;
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
export declare function createContext(): Promise<ServerContext>;
|
|
39
|
+
//# sourceMappingURL=context.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,iBAAiB,IAAI,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAGlF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,KAAK,EACV,OAAO,EAAE,eAAe,EAAE,eAAe,EACzC,gBAAgB,EAAE,cAAc,EAAE,gBAAgB,EAClD,cAAc,EAAE,gBAAgB,EACjC,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAGjD,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,UAAU,CAAC;IACpB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,cAAc,GAAG,IAAI,CAAC;IACtC,UAAU,EAAE,eAAe,GAAG,IAAI,CAAC;IACnC,iBAAiB,EAAE,qBAAqB,CAAC;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,cAAc,CAAC;IAC/B,WAAW,EAAE,gBAAgB,EAAE,CAAC;IAChC,kBAAkB,EAAE,OAAO,YAAY,EAAE,iBAAiB,CAAC;IAC3D,aAAa,EAAE,gBAAgB,CAAC;IAChC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAC3E,IAAI,CAAC,CAAC,EAAE,OAAO,GAAG;QAAE,OAAO,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC;IACrE,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;QAAE,OAAO,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC;CACzG;AAED,wBAAsB,aAAa,IAAI,OAAO,CAAC,aAAa,CAAC,CA8G5D"}
|
package/dist/context.js
ADDED
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ServerContext: replaces closure pattern in server.ts.
|
|
3
|
+
* Central state container for the AGA MCP Server.
|
|
4
|
+
*/
|
|
5
|
+
import { generateKeyPair } from './crypto/sign.js';
|
|
6
|
+
import { sha256Str } from './crypto/hash.js';
|
|
7
|
+
import { Portal } from './core/portal.js';
|
|
8
|
+
import { BehavioralMonitor as BehavioralMonitorImpl } from './core/behavioral.js';
|
|
9
|
+
import { MemoryStorage } from './storage/memory.js';
|
|
10
|
+
import { createGenesisEvent, appendEvent } from './core/chain.js';
|
|
11
|
+
export async function createContext() {
|
|
12
|
+
const storage = new MemoryStorage();
|
|
13
|
+
await storage.initialize();
|
|
14
|
+
const issuerKP = generateKeyPair();
|
|
15
|
+
const portalKP = generateKeyPair();
|
|
16
|
+
const chainKP = generateKeyPair();
|
|
17
|
+
const portal = new Portal();
|
|
18
|
+
const behavioralMonitor = new BehavioralMonitorImpl();
|
|
19
|
+
const defaultEnforcement = {
|
|
20
|
+
measurement_cadence_ms: 1000,
|
|
21
|
+
ttl_seconds: 3600,
|
|
22
|
+
enforcement_triggers: ['QUARANTINE', 'TERMINATE'],
|
|
23
|
+
re_attestation_required: true,
|
|
24
|
+
measurement_types: ['FILE_SYSTEM_STATE', 'CONFIG_MANIFEST'],
|
|
25
|
+
};
|
|
26
|
+
const defaultClaims = {
|
|
27
|
+
claims_taxonomy: [
|
|
28
|
+
// Identity claims
|
|
29
|
+
{ claim_id: 'identity.name', sensitivity: 'S3_HIGH', substitutes: ['identity.pseudonym', 'identity.org'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
|
|
30
|
+
{ claim_id: 'identity.pseudonym', sensitivity: 'S2_MODERATE', substitutes: ['identity.org'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN'] },
|
|
31
|
+
{ claim_id: 'identity.org', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
|
|
32
|
+
{ claim_id: 'identity.age', sensitivity: 'S3_HIGH', substitutes: ['identity.age_range', 'identity.is_adult'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
|
|
33
|
+
{ claim_id: 'identity.age_range', sensitivity: 'S2_MODERATE', substitutes: ['identity.is_adult'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
|
|
34
|
+
{ claim_id: 'identity.is_adult', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_FULL'] },
|
|
35
|
+
// Vehicle claims (deployment-appropriate)
|
|
36
|
+
{ claim_id: 'vehicle.exact_position', sensitivity: 'S4_CRITICAL', substitutes: ['vehicle.grid_square', 'vehicle.operational_area'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
|
|
37
|
+
{ claim_id: 'vehicle.grid_square', sensitivity: 'S2_MODERATE', substitutes: ['vehicle.operational_area'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN'] },
|
|
38
|
+
{ claim_id: 'vehicle.operational_area', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
|
|
39
|
+
// Plant/infrastructure claims
|
|
40
|
+
{ claim_id: 'plant.reactor_id', sensitivity: 'S3_HIGH', substitutes: ['plant.facility_type'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
|
|
41
|
+
{ claim_id: 'plant.facility_type', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
|
|
42
|
+
// Agent/model claims
|
|
43
|
+
{ claim_id: 'agent.model_weights_hash', sensitivity: 'S4_CRITICAL', substitutes: ['agent.model_family', 'agent.model_generation'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
|
|
44
|
+
{ claim_id: 'agent.model_family', sensitivity: 'S2_MODERATE', substitutes: ['agent.model_generation'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN'] },
|
|
45
|
+
{ claim_id: 'agent.model_generation', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
|
|
46
|
+
],
|
|
47
|
+
substitution_rules: [],
|
|
48
|
+
};
|
|
49
|
+
const claimValues = {
|
|
50
|
+
'identity.name': 'Alice Johnson',
|
|
51
|
+
'identity.pseudonym': 'AJ-7742',
|
|
52
|
+
'identity.org': 'Attested Intelligence',
|
|
53
|
+
'identity.age': 32,
|
|
54
|
+
'identity.age_range': '25-34',
|
|
55
|
+
'identity.is_adult': true,
|
|
56
|
+
'vehicle.exact_position': '38.8977° N, 77.0365° W',
|
|
57
|
+
'vehicle.grid_square': 'FM18lv',
|
|
58
|
+
'vehicle.operational_area': 'National Capital Region',
|
|
59
|
+
'plant.reactor_id': 'NRC-R-1234',
|
|
60
|
+
'plant.facility_type': 'Nuclear Power Plant',
|
|
61
|
+
'agent.model_weights_hash': 'a4f8c2e1b3d7094f6e2a8b1c5d9f3e7a',
|
|
62
|
+
'agent.model_family': 'GPT-class LLM',
|
|
63
|
+
'agent.model_generation': 'Generation 4',
|
|
64
|
+
};
|
|
65
|
+
const claimsTaxonomy = {
|
|
66
|
+
claims: defaultClaims.claims_taxonomy,
|
|
67
|
+
version: '1.0.0',
|
|
68
|
+
};
|
|
69
|
+
const ctx = {
|
|
70
|
+
issuerKP,
|
|
71
|
+
portalKP,
|
|
72
|
+
chainKP,
|
|
73
|
+
portal,
|
|
74
|
+
storage,
|
|
75
|
+
chainInitialized: false,
|
|
76
|
+
activeArtifact: null,
|
|
77
|
+
quarantine: null,
|
|
78
|
+
behavioralMonitor,
|
|
79
|
+
measurementCount: 0,
|
|
80
|
+
verificationTier: 'BRONZE',
|
|
81
|
+
startTime: new Date().toISOString(),
|
|
82
|
+
claimsTaxonomy,
|
|
83
|
+
delegations: [],
|
|
84
|
+
defaultEnforcement,
|
|
85
|
+
defaultClaims,
|
|
86
|
+
claimValues,
|
|
87
|
+
async appendToChain(type, payload) {
|
|
88
|
+
if (!ctx.chainInitialized) {
|
|
89
|
+
const genesis = createGenesisEvent(ctx.chainKP, sha256Str('AGA Protocol Specification v2.0.0'));
|
|
90
|
+
await ctx.storage.storeEvent(genesis);
|
|
91
|
+
ctx.chainInitialized = true;
|
|
92
|
+
ctx.portal.sequenceCounter = 0;
|
|
93
|
+
ctx.portal.lastLeafHash = genesis.leaf_hash;
|
|
94
|
+
}
|
|
95
|
+
const prev = await ctx.storage.getLatestEvent();
|
|
96
|
+
if (!prev)
|
|
97
|
+
throw new Error('Chain initialization failed');
|
|
98
|
+
const event = appendEvent(type, payload, prev, ctx.chainKP);
|
|
99
|
+
await ctx.storage.storeEvent(event);
|
|
100
|
+
ctx.portal.sequenceCounter = event.sequence_number;
|
|
101
|
+
ctx.portal.lastLeafHash = event.leaf_hash;
|
|
102
|
+
return event;
|
|
103
|
+
},
|
|
104
|
+
json(x) {
|
|
105
|
+
return { content: [{ type: 'text', text: JSON.stringify(x, null, 2) }] };
|
|
106
|
+
},
|
|
107
|
+
error(msg, extra) {
|
|
108
|
+
return { content: [{ type: 'text', text: JSON.stringify({ success: false, error: msg, ...extra }, null, 2) }] };
|
|
109
|
+
},
|
|
110
|
+
};
|
|
111
|
+
return ctx;
|
|
112
|
+
}
|
|
113
|
+
//# sourceMappingURL=context.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"context.js","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,eAAe,EAAW,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,iBAAiB,IAAI,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAiClE,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,MAAM,OAAO,GAAG,IAAI,aAAa,EAAE,CAAC;IACpC,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;IAE3B,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,MAAM,OAAO,GAAG,eAAe,EAAE,CAAC;IAClC,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;IAC5B,MAAM,iBAAiB,GAAG,IAAI,qBAAqB,EAAE,CAAC;IAEtD,MAAM,kBAAkB,GAA2C;QACjE,sBAAsB,EAAE,IAAI;QAC5B,WAAW,EAAE,IAAI;QACjB,oBAAoB,EAAE,CAAC,YAAY,EAAE,WAAW,CAAC;QACjD,uBAAuB,EAAE,IAAI;QAC7B,iBAAiB,EAAE,CAAC,mBAAmB,EAAE,iBAAiB,CAAC;KAC5D,CAAC;IAEF,MAAM,aAAa,GAAqB;QACtC,eAAe,EAAE;YACf,kBAAkB;YAClB,EAAE,QAAQ,EAAE,eAAe,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,oBAAoB,EAAE,cAAc,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YAChK,EAAE,QAAQ,EAAE,oBAAoB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,cAAc,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC,EAAE;YACjK,EAAE,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YACvJ,EAAE,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,oBAAoB,EAAE,mBAAmB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YACpK,EAAE,QAAQ,EAAE,oBAAoB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,mBAAmB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YACrL,EAAE,QAAQ,EAAE,mBAAmB,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,aAAa,CAAC,EAAE;YAC9I,0CAA0C;YAC1C,EAAE,QAAQ,EAAE,wBAAwB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,qBAAqB,EAAE,0BAA0B,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YAC1L,EAAE,QAAQ,EAAE,qBAAqB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,0BAA0B,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC,EAAE;YAC9K,EAAE,QAAQ,EAAE,0BAA0B,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YACnK,8BAA8B;YAC9B,EAAE,QAAQ,EAAE,kBAAkB,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,qBAAqB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YACpJ,EAAE,QAAQ,EAAE,qBAAqB,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YAC9J,qBAAqB;YACrB,EAAE,QAAQ,EAAE,0BAA0B,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,oBAAoB,EAAE,wBAAwB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YACzL,EAAE,QAAQ,EAAE,oBAAoB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,wBAAwB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC,EAAE;YAC3K,EAAE,QAAQ,EAAE,wBAAwB,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;SAClK;QACD,kBAAkB,EAAE,EAAE;KACvB,CAAC;IAEF,MAAM,WAAW,GAA4B;QAC3C,eAAe,EAAE,eAAe;QAChC,oBAAoB,EAAE,SAAS;QAC/B,cAAc,EAAE,uBAAuB;QACvC,cAAc,EAAE,EAAE;QAClB,oBAAoB,EAAE,OAAO;QAC7B,mBAAmB,EAAE,IAAI;QACzB,wBAAwB,EAAE,wBAAwB;QAClD,qBAAqB,EAAE,QAAQ;QAC/B,0BAA0B,EAAE,yBAAyB;QACrD,kBAAkB,EAAE,YAAY;QAChC,qBAAqB,EAAE,qBAAqB;QAC5C,0BAA0B,EAAE,kCAAkC;QAC9D,oBAAoB,EAAE,eAAe;QACrC,wBAAwB,EAAE,cAAc;KACzC,CAAC;IAEF,MAAM,cAAc,GAAmB;QACrC,MAAM,EAAE,aAAa,CAAC,eAAe;QACrC,OAAO,EAAE,OAAO;KACjB,CAAC;IAEF,MAAM,GAAG,GAAkB;QACzB,QAAQ;QACR,QAAQ;QACR,OAAO;QACP,MAAM;QACN,OAAO;QACP,gBAAgB,EAAE,KAAK;QACvB,cAAc,EAAE,IAAI;QACpB,UAAU,EAAE,IAAI;QAChB,iBAAiB;QACjB,gBAAgB,EAAE,CAAC;QACnB,gBAAgB,EAAE,QAAQ;QAC1B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,cAAc;QACd,WAAW,EAAE,EAAE;QACf,kBAAkB;QAClB,aAAa;QACb,WAAW;QAEX,KAAK,CAAC,aAAa,CAAC,IAAe,EAAE,OAAgB;YACnD,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;gBAC1B,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;gBAChG,MAAM,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBACtC,GAAG,CAAC,gBAAgB,GAAG,IAAI,CAAC;gBAC5B,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC,CAAC;gBAC/B,GAAG,CAAC,MAAM,CAAC,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC;YAC9C,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YAC1D,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5D,MAAM,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACpC,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,KAAK,CAAC,eAAe,CAAC;YACnD,GAAG,CAAC,MAAM,CAAC,YAAY,GAAG,KAAK,CAAC,SAAS,CAAC;YAC1C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,CAAU;YACb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QACpF,CAAC;QAED,KAAK,CAAC,GAAW,EAAE,KAA+B;YAChD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QAC3H,CAAC;KACF,CAAC;IAEF,OAAO,GAAG,CAAC;AACb,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Identity operations: key fingerprinting, validation, rotation.
|
|
3
|
+
*/
|
|
4
|
+
import { keyFingerprint, isKeyValid } from '../crypto/keys.js';
|
|
5
|
+
import type { KeyPair } from '../types.js';
|
|
6
|
+
export { keyFingerprint, isKeyValid };
|
|
7
|
+
export interface KeyRotationResult {
|
|
8
|
+
newKeyPair: KeyPair;
|
|
9
|
+
newPublicKeyHex: string;
|
|
10
|
+
oldPublicKeyHex: string;
|
|
11
|
+
rotatedAt: string;
|
|
12
|
+
}
|
|
13
|
+
export declare function rotateKeys(oldKP: KeyPair): KeyRotationResult;
|
|
14
|
+
//# sourceMappingURL=identity.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/core/identity.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,cAAc,EAAE,UAAU,EAAiB,MAAM,mBAAmB,CAAC;AAE9E,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC;AAEtC,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAgB,UAAU,CAAC,KAAK,EAAE,OAAO,GAAG,iBAAiB,CAQ5D"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Identity operations: key fingerprinting, validation, rotation.
|
|
3
|
+
*/
|
|
4
|
+
import { keyFingerprint, isKeyValid, rotateKeyPair } from '../crypto/keys.js';
|
|
5
|
+
import { pkToHex } from '../crypto/sign.js';
|
|
6
|
+
export { keyFingerprint, isKeyValid };
|
|
7
|
+
export function rotateKeys(oldKP) {
|
|
8
|
+
const newKP = rotateKeyPair();
|
|
9
|
+
return {
|
|
10
|
+
newKeyPair: newKP,
|
|
11
|
+
newPublicKeyHex: pkToHex(newKP.publicKey),
|
|
12
|
+
oldPublicKeyHex: pkToHex(oldKP.publicKey),
|
|
13
|
+
rotatedAt: new Date().toISOString(),
|
|
14
|
+
};
|
|
15
|
+
}
|
|
16
|
+
//# sourceMappingURL=identity.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/core/identity.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAC9E,OAAO,EAAmB,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAG7D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC;AAStC,MAAM,UAAU,UAAU,CAAC,KAAc;IACvC,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,OAAO;QACL,UAAU,EAAE,KAAK;QACjB,eAAe,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC;QACzC,eAAe,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC;QACzC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC"}
|
package/dist/core/index.d.ts
CHANGED
|
@@ -9,4 +9,7 @@ export * from './quarantine.js';
|
|
|
9
9
|
export * from './checkpoint.js';
|
|
10
10
|
export * from './bundle.js';
|
|
11
11
|
export * from './disclosure.js';
|
|
12
|
+
export * from './behavioral.js';
|
|
13
|
+
export * from './delegation.js';
|
|
14
|
+
export * from './identity.js';
|
|
12
15
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/core/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC"}
|
package/dist/core/index.js
CHANGED
|
@@ -9,4 +9,7 @@ export * from './quarantine.js';
|
|
|
9
9
|
export * from './checkpoint.js';
|
|
10
10
|
export * from './bundle.js';
|
|
11
11
|
export * from './disclosure.js';
|
|
12
|
+
export * from './behavioral.js';
|
|
13
|
+
export * from './delegation.js';
|
|
14
|
+
export * from './identity.js';
|
|
12
15
|
//# sourceMappingURL=index.js.map
|
package/dist/core/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import type { SubjectIdentifier, SubjectMetadata, HashHex } from '../types.js';
|
|
2
|
+
export interface MeasurementInput {
|
|
3
|
+
subjectBytes: Uint8Array;
|
|
4
|
+
metadata: SubjectMetadata;
|
|
5
|
+
}
|
|
6
|
+
export interface MeasurementOutput {
|
|
7
|
+
bytesHash: HashHex;
|
|
8
|
+
metadataHash: HashHex;
|
|
9
|
+
}
|
|
10
|
+
export declare function measureSubject(input: MeasurementInput): MeasurementOutput;
|
|
11
|
+
export declare function compareState(current: MeasurementOutput, expected: SubjectIdentifier): {
|
|
12
|
+
match: boolean;
|
|
13
|
+
bytesMatch: boolean;
|
|
14
|
+
metadataMatch: boolean;
|
|
15
|
+
};
|
|
16
|
+
//# sourceMappingURL=measurement.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"measurement.d.ts","sourceRoot":"","sources":["../../src/core/measurement.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,iBAAiB,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAE/E,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,UAAU,CAAC;IACzB,QAAQ,EAAE,eAAe,CAAC;CAC3B;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,OAAO,CAAC;CACvB;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,gBAAgB,GAAG,iBAAiB,CAKzE;AAED,wBAAgB,YAAY,CAC1B,OAAO,EAAE,iBAAiB,EAC1B,QAAQ,EAAE,iBAAiB,GAC1B;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,OAAO,CAAC;IAAC,aAAa,EAAE,OAAO,CAAA;CAAE,CAIjE"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Subject measurement: hash, compare, detect drift.
|
|
3
|
+
* Consolidates subject.ts + attestation.ts measurement logic.
|
|
4
|
+
*/
|
|
5
|
+
import { sha256Bytes, sha256Str } from '../crypto/hash.js';
|
|
6
|
+
import { canonicalize } from '../utils/canonical.js';
|
|
7
|
+
export function measureSubject(input) {
|
|
8
|
+
return {
|
|
9
|
+
bytesHash: sha256Bytes(input.subjectBytes),
|
|
10
|
+
metadataHash: sha256Str(canonicalize(input.metadata)),
|
|
11
|
+
};
|
|
12
|
+
}
|
|
13
|
+
export function compareState(current, expected) {
|
|
14
|
+
const bytesMatch = current.bytesHash === expected.bytes_hash;
|
|
15
|
+
const metadataMatch = current.metadataHash === expected.metadata_hash;
|
|
16
|
+
return { match: bytesMatch && metadataMatch, bytesMatch, metadataMatch };
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=measurement.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"measurement.js","sourceRoot":"","sources":["../../src/core/measurement.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAarD,MAAM,UAAU,cAAc,CAAC,KAAuB;IACpD,OAAO;QACL,SAAS,EAAE,WAAW,CAAC,KAAK,CAAC,YAAY,CAAC;QAC1C,YAAY,EAAE,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;KACtD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,OAA0B,EAC1B,QAA2B;IAE3B,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,UAAU,CAAC;IAC7D,MAAM,aAAa,GAAG,OAAO,CAAC,YAAY,KAAK,QAAQ,CAAC,aAAa,CAAC;IACtE,OAAO,EAAE,KAAK,EAAE,UAAU,IAAI,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC;AAC3E,CAAC"}
|
package/dist/core/portal.d.ts
CHANGED
|
@@ -21,7 +21,7 @@ export declare class Portal {
|
|
|
21
21
|
};
|
|
22
22
|
measure(subjectBytes: Uint8Array, meta: SubjectMetadata): MeasurementResult;
|
|
23
23
|
enforce(action: EnforcementAction): void;
|
|
24
|
-
revoke(sealedHash: string): void;
|
|
24
|
+
revoke(sealedHash: string, transitionTo?: 'TERMINATED' | 'SAFE_STATE'): void;
|
|
25
25
|
isRevoked(sealedHash: string): boolean;
|
|
26
26
|
reset(): void;
|
|
27
27
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClG,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,MAAM;IACjB,KAAK,EAAE,WAAW,CAAoB;IACtC,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAQ;IACvC,eAAe,SAAK;IACpB,YAAY,EAAE,OAAO,GAAG,IAAI,CAAQ;IACpC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,CAAa;IAErC,YAAY,CAAC,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,GAAG;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE;IAiB5F,OAAO,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,eAAe,GAAG,iBAAiB;
|
|
1
|
+
{"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClG,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,MAAM;IACjB,KAAK,EAAE,WAAW,CAAoB;IACtC,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAQ;IACvC,eAAe,SAAK;IACpB,YAAY,EAAE,OAAO,GAAG,IAAI,CAAQ;IACpC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,CAAa;IAErC,YAAY,CAAC,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,GAAG;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE;IAiB5F,OAAO,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,eAAe,GAAG,iBAAiB;IA6B3E,OAAO,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI;IAWxC,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,YAAY,GAAG,IAAI;IAO5E,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAEtC,KAAK,IAAI,IAAI;CAId"}
|
package/dist/core/portal.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Portal (Sentinel)
|
|
2
|
+
* Portal (Sentinel) - Runtime Enforcement Boundary. Ref 150, 270-280.
|
|
3
3
|
* V3: TTL + revocation checked every measurement. Fail-closed semantics.
|
|
4
4
|
* Aligned with NCCoE filing Sections 3-4 and NIST-2025-0035.
|
|
5
5
|
*/
|
|
@@ -37,6 +37,8 @@ export class Portal {
|
|
|
37
37
|
throw new Error('No artifact loaded');
|
|
38
38
|
if (this.state === 'TERMINATED')
|
|
39
39
|
throw new Error('Portal is terminated');
|
|
40
|
+
if (this.state === 'SAFE_STATE')
|
|
41
|
+
throw new Error('Portal is in safe state - artifact revoked');
|
|
40
42
|
const empty = { currentBytesHash: '', currentMetaHash: '',
|
|
41
43
|
expectedBytesHash: this.artifact.subject_identifier.bytes_hash,
|
|
42
44
|
expectedMetaHash: this.artifact.subject_identifier.metadata_hash };
|
|
@@ -67,9 +69,11 @@ export class Portal {
|
|
|
67
69
|
throw new Error(`Cannot enforce in state ${this.state}`);
|
|
68
70
|
switch (action) {
|
|
69
71
|
case 'TERMINATE':
|
|
70
|
-
case 'SAFE_STATE':
|
|
71
72
|
this.state = 'TERMINATED';
|
|
72
73
|
break;
|
|
74
|
+
case 'SAFE_STATE':
|
|
75
|
+
this.state = 'SAFE_STATE';
|
|
76
|
+
break;
|
|
73
77
|
case 'QUARANTINE':
|
|
74
78
|
this.state = 'PHANTOM_QUARANTINE';
|
|
75
79
|
break;
|
|
@@ -79,10 +83,11 @@ export class Portal {
|
|
|
79
83
|
default: break;
|
|
80
84
|
}
|
|
81
85
|
}
|
|
82
|
-
revoke(sealedHash) {
|
|
86
|
+
revoke(sealedHash, transitionTo) {
|
|
83
87
|
this.revocations.add(sealedHash);
|
|
84
|
-
if (this.artifact?.sealed_hash === sealedHash)
|
|
85
|
-
this.state = 'TERMINATED';
|
|
88
|
+
if (this.artifact?.sealed_hash === sealedHash) {
|
|
89
|
+
this.state = transitionTo === 'SAFE_STATE' ? 'SAFE_STATE' : 'TERMINATED';
|
|
90
|
+
}
|
|
86
91
|
}
|
|
87
92
|
isRevoked(sealedHash) { return this.revocations.has(sealedHash); }
|
|
88
93
|
reset() {
|
package/dist/core/portal.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"portal.js","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAc1E,MAAM,OAAO,MAAM;IACjB,KAAK,GAAgB,gBAAgB,CAAC;IACtC,QAAQ,GAA0B,IAAI,CAAC;IACvC,eAAe,GAAG,CAAC,CAAC;IACpB,YAAY,GAAmB,IAAI,CAAC;IACpC,WAAW,GAAgB,IAAI,GAAG,EAAE,CAAC;IAErC,YAAY,CAAC,QAAwB,EAAE,WAAmB;QACxD,IAAI,CAAC,KAAK,GAAG,uBAAuB,CAAC;QACrC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC;QAC5C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,YAAY,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YAClF,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC;QAC1F,CAAC;QACD,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,EAAE,QAAQ,CAAC,mBAAmB,EAAE,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC3F,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;QAC9F,CAAC;QACD,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QACtF,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;QACjC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAED,OAAO,CAAC,YAAwB,EAAE,IAAqB;QACrD,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC1D,IAAI,IAAI,CAAC,KAAK,KAAK,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QACzE,MAAM,KAAK,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE;YACvD,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;QAErE,yBAAyB;QACzB,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC;QAC5G,IAAI,CAAC,MAAM,EAAE,CAAC;YAAC,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,KAAK,EAAE,CAAC;QAAC,CAAC;QAE7G,gCAAgC;QAChC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACpD,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,KAAK,EAAE,CAAC;QAC5F,CAAC;QAED,MAAM,gBAAgB,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAChE,eAAe,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QAEjF,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK,mBAAmB;YAAE,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAChF,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,eAAe;YAC/C,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa;YAChE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACnC,CAAC;IAED,OAAO,CAAC,MAAyB;QAC/B,IAAI,IAAI,CAAC,KAAK,KAAK,gBAAgB;YAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QAC9F,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"portal.js","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAc1E,MAAM,OAAO,MAAM;IACjB,KAAK,GAAgB,gBAAgB,CAAC;IACtC,QAAQ,GAA0B,IAAI,CAAC;IACvC,eAAe,GAAG,CAAC,CAAC;IACpB,YAAY,GAAmB,IAAI,CAAC;IACpC,WAAW,GAAgB,IAAI,GAAG,EAAE,CAAC;IAErC,YAAY,CAAC,QAAwB,EAAE,WAAmB;QACxD,IAAI,CAAC,KAAK,GAAG,uBAAuB,CAAC;QACrC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC;QAC5C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,YAAY,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YAClF,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC;QAC1F,CAAC;QACD,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,EAAE,QAAQ,CAAC,mBAAmB,EAAE,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC3F,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;QAC9F,CAAC;QACD,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QACtF,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;QACjC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAED,OAAO,CAAC,YAAwB,EAAE,IAAqB;QACrD,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC1D,IAAI,IAAI,CAAC,KAAK,KAAK,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QACzE,IAAI,IAAI,CAAC,KAAK,KAAK,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAC/F,MAAM,KAAK,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE;YACvD,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;QAErE,yBAAyB;QACzB,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC;QAC5G,IAAI,CAAC,MAAM,EAAE,CAAC;YAAC,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,KAAK,EAAE,CAAC;QAAC,CAAC;QAE7G,gCAAgC;QAChC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACpD,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,KAAK,EAAE,CAAC;QAC5F,CAAC;QAED,MAAM,gBAAgB,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAChE,eAAe,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QAEjF,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK,mBAAmB;YAAE,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAChF,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,eAAe;YAC/C,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa;YAChE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACnC,CAAC;IAED,OAAO,CAAC,MAAyB;QAC/B,IAAI,IAAI,CAAC,KAAK,KAAK,gBAAgB;YAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QAC9F,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,WAAW;gBAAE,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;gBAAC,MAAM;YACnD,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;gBAAC,MAAM;YACpD,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,oBAAoB,CAAC;gBAAC,MAAM;YAC5D,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;gBAAC,MAAM;YAC3D,OAAO,CAAC,CAAC,MAAM;QACjB,CAAC;IACH,CAAC;IAED,MAAM,CAAC,UAAkB,EAAE,YAA0C;QACnE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACjC,IAAI,IAAI,CAAC,QAAQ,EAAE,WAAW,KAAK,UAAU,EAAE,CAAC;YAC9C,IAAI,CAAC,KAAK,GAAG,YAAY,KAAK,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,SAAS,CAAC,UAAkB,IAAa,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAEnF,KAAK;QACH,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACpD,IAAI,CAAC,eAAe,GAAG,CAAC,CAAC;QAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IACrD,CAAC;CACF"}
|
package/dist/core/types.d.ts
CHANGED
|
@@ -79,7 +79,7 @@ export interface SignedReceipt {
|
|
|
79
79
|
previous_leaf_hash: HashHex | null;
|
|
80
80
|
portal_signature: SignatureBase64;
|
|
81
81
|
}
|
|
82
|
-
export type EventType = 'GENESIS' | 'POLICY_ISSUANCE' | 'INTERACTION_RECEIPT' | 'REVOCATION' | 'ATTESTATION' | 'ANCHOR_BATCH' | 'DISCLOSURE' | 'SUBSTITUTION' | 'KEY_ROTATION';
|
|
82
|
+
export type EventType = 'GENESIS' | 'POLICY_ISSUANCE' | 'INTERACTION_RECEIPT' | 'REVOCATION' | 'ATTESTATION' | 'ANCHOR_BATCH' | 'DISCLOSURE' | 'SUBSTITUTION' | 'KEY_ROTATION' | 'BEHAVIORAL_DRIFT' | 'DELEGATION' | 'RE_ATTESTATION';
|
|
83
83
|
export interface GenesisPayload {
|
|
84
84
|
protocol_version: string;
|
|
85
85
|
taxonomy_version: string;
|
|
@@ -145,7 +145,7 @@ export interface SubstitutionReceipt {
|
|
|
145
145
|
chain_sequence_ref: number;
|
|
146
146
|
signature: SignatureBase64;
|
|
147
147
|
}
|
|
148
|
-
export type PortalState = 'INITIALIZATION' | 'ARTIFACT_VERIFICATION' | 'ACTIVE_MONITORING' | 'DRIFT_DETECTED' | 'PHANTOM_QUARANTINE' | 'TERMINATED';
|
|
148
|
+
export type PortalState = 'INITIALIZATION' | 'ARTIFACT_VERIFICATION' | 'ACTIVE_MONITORING' | 'DRIFT_DETECTED' | 'PHANTOM_QUARANTINE' | 'SAFE_STATE' | 'TERMINATED';
|
|
149
149
|
export type VerificationTier = 'BRONZE' | 'SILVER' | 'GOLD';
|
|
150
150
|
export interface RevocationRecord {
|
|
151
151
|
artifact_sealed_hash: HashHex;
|
package/dist/core/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAIlG,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAID,MAAM,MAAM,iBAAiB,GACzB,WAAW,GACX,YAAY,GACZ,iBAAiB,GACjB,YAAY,GACZ,YAAY,GACZ,kBAAkB,GAClB,qBAAqB,GACrB,YAAY,CAAC;AAEjB,MAAM,MAAM,eAAe,GACvB,kBAAkB,GAAG,gBAAgB,GAAG,iBAAiB,GACzD,iBAAiB,GAAI,MAAM,GAAa,WAAW,GACnD,gBAAgB,GAAK,cAAc,GAAK,mBAAmB,GAC3D,gBAAgB,CAAC;AAErB,MAAM,WAAW,iBAAiB;IAChC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,iBAAiB,EAAE,CAAC;IAC1C,uBAAuB,EAAE,OAAO,CAAC;IACjC,iBAAiB,EAAE,eAAe,EAAE,CAAC;CACtC;AAID,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,aAAa,CAAC;AAC/E,MAAM,MAAM,cAAc,GAAG,YAAY,GAAG,YAAY,GAAG,aAAa,CAAC;AAEzE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,EAAE,cAAc,EAAE,CAAC;CACnC;AAED,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,gBAAgB;IAC/B,eAAe,EAAE,WAAW,EAAE,CAAC;IAC/B,kBAAkB,EAAE,gBAAgB,EAAE,CAAC;CACxC;AAID,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAID,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,iBAAiB,CAAC;IAC1C,iBAAiB,EAAE,gBAAgB,CAAC;IACpC,oBAAoB,EAAE,wBAAwB,EAAE,CAAC;IACjD,SAAS,EAAE,eAAe,CAAC;CAC5B;AAMD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,kBAAkB,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC7C,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,MAAM,SAAS,GACjB,SAAS,GACT,iBAAiB,GACjB,qBAAqB,GACrB,YAAY,GACZ,aAAa,GACb,cAAc,GACd,YAAY,GACZ,cAAc,GACd,cAAc,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAIlG,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAID,MAAM,MAAM,iBAAiB,GACzB,WAAW,GACX,YAAY,GACZ,iBAAiB,GACjB,YAAY,GACZ,YAAY,GACZ,kBAAkB,GAClB,qBAAqB,GACrB,YAAY,CAAC;AAEjB,MAAM,MAAM,eAAe,GACvB,kBAAkB,GAAG,gBAAgB,GAAG,iBAAiB,GACzD,iBAAiB,GAAI,MAAM,GAAa,WAAW,GACnD,gBAAgB,GAAK,cAAc,GAAK,mBAAmB,GAC3D,gBAAgB,CAAC;AAErB,MAAM,WAAW,iBAAiB;IAChC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,iBAAiB,EAAE,CAAC;IAC1C,uBAAuB,EAAE,OAAO,CAAC;IACjC,iBAAiB,EAAE,eAAe,EAAE,CAAC;CACtC;AAID,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,aAAa,CAAC;AAC/E,MAAM,MAAM,cAAc,GAAG,YAAY,GAAG,YAAY,GAAG,aAAa,CAAC;AAEzE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,EAAE,cAAc,EAAE,CAAC;CACnC;AAED,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,gBAAgB;IAC/B,eAAe,EAAE,WAAW,EAAE,CAAC;IAC/B,kBAAkB,EAAE,gBAAgB,EAAE,CAAC;CACxC;AAID,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAID,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,iBAAiB,CAAC;IAC1C,iBAAiB,EAAE,gBAAgB,CAAC;IACpC,oBAAoB,EAAE,wBAAwB,EAAE,CAAC;IACjD,SAAS,EAAE,eAAe,CAAC;CAC5B;AAMD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,kBAAkB,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC7C,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,MAAM,SAAS,GACjB,SAAS,GACT,iBAAiB,GACjB,qBAAqB,GACrB,YAAY,GACZ,aAAa,GACb,cAAc,GACd,YAAY,GACZ,cAAc,GACd,cAAc,GACd,kBAAkB,GAClB,YAAY,GACZ,gBAAgB,CAAC;AAErB,MAAM,WAAW,cAAc;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,MAAM,EAAE,SAAS,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,eAAe,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;CACpC;AAID,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,OAAO,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,cAAc,CAAC;IACzB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,aAAa,EAAE,oBAAoB,EAAE,CAAC;IACtC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,WAAW,iBAAiB;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,eAAe,CAAC;CAC5B;AAID,MAAM,MAAM,WAAW,GACnB,gBAAgB,GAChB,uBAAuB,GACvB,mBAAmB,GACnB,gBAAgB,GAChB,oBAAoB,GACpB,YAAY,GACZ,YAAY,CAAC;AAEjB,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;AAM5D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CAC5E"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Deterministic JSON serialization (RFC 8785 aligned).
|
|
3
|
+
* Moved from src/utils/canonical.ts for directive structure alignment.
|
|
4
|
+
*/
|
|
5
|
+
export declare function deepSortKeys(obj: unknown): unknown;
|
|
6
|
+
export declare function canonicalize(obj: unknown): string;
|
|
7
|
+
//# sourceMappingURL=canonicalize.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"canonicalize.d.ts","sourceRoot":"","sources":["../../src/crypto/canonicalize.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CASlD;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CAEjD"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Deterministic JSON serialization (RFC 8785 aligned).
|
|
3
|
+
* Moved from src/utils/canonical.ts for directive structure alignment.
|
|
4
|
+
*/
|
|
5
|
+
export function deepSortKeys(obj) {
|
|
6
|
+
if (obj === null || obj === undefined || typeof obj !== 'object')
|
|
7
|
+
return obj;
|
|
8
|
+
if (Array.isArray(obj))
|
|
9
|
+
return obj.map(deepSortKeys);
|
|
10
|
+
if (obj instanceof Uint8Array)
|
|
11
|
+
return obj;
|
|
12
|
+
const sorted = {};
|
|
13
|
+
for (const key of Object.keys(obj).sort()) {
|
|
14
|
+
sorted[key] = deepSortKeys(obj[key]);
|
|
15
|
+
}
|
|
16
|
+
return sorted;
|
|
17
|
+
}
|
|
18
|
+
export function canonicalize(obj) {
|
|
19
|
+
return JSON.stringify(deepSortKeys(obj));
|
|
20
|
+
}
|
|
21
|
+
//# sourceMappingURL=canonicalize.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"canonicalize.js","sourceRoot":"","sources":["../../src/crypto/canonicalize.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,GAAY;IACvC,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IAC7E,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACrD,IAAI,GAAG,YAAY,UAAU;QAAE,OAAO,GAAG,CAAC;IAC1C,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACrE,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAE,GAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,GAAY;IACvC,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3C,CAAC"}
|
package/dist/crypto/index.d.ts
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
export
|
|
2
|
-
export
|
|
3
|
-
export
|
|
4
|
-
export
|
|
5
|
-
export
|
|
1
|
+
export { sha256Bytes, sha256Str, blake2b256, sha256Cat, sha256HexCat } from './hash.js';
|
|
2
|
+
export { generateKeyPair, sign, signStr, verify, verifyStr, sigToB64, b64ToSig, pkToHex, hexToPk } from './sign.js';
|
|
3
|
+
export { generateSalt, saltedCommitment, verifySaltedCommitment } from './salt.js';
|
|
4
|
+
export { buildMerkleTree, inclusionProof, verifyProof } from './merkle.js';
|
|
5
|
+
export { canonicalize, deepSortKeys } from './canonicalize.js';
|
|
6
|
+
export { keyFingerprint, isKeyValid, rotateKeyPair } from './keys.js';
|
|
6
7
|
//# sourceMappingURL=index.d.ts.map
|