@attested-intelligence/aga-mcp-server 0.1.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/PATENTS.md +28 -0
- package/README.md +84 -23
- package/dist/context.d.ts +39 -0
- package/dist/context.d.ts.map +1 -0
- package/dist/context.js +113 -0
- package/dist/context.js.map +1 -0
- package/dist/core/identity.d.ts +14 -0
- package/dist/core/identity.d.ts.map +1 -0
- package/dist/core/identity.js +16 -0
- package/dist/core/identity.js.map +1 -0
- package/dist/core/index.d.ts +3 -0
- package/dist/core/index.d.ts.map +1 -1
- package/dist/core/index.js +3 -0
- package/dist/core/index.js.map +1 -1
- package/dist/core/measurement.d.ts +16 -0
- package/dist/core/measurement.d.ts.map +1 -0
- package/dist/core/measurement.js +18 -0
- package/dist/core/measurement.js.map +1 -0
- package/dist/core/portal.d.ts +1 -1
- package/dist/core/portal.d.ts.map +1 -1
- package/dist/core/portal.js +10 -5
- package/dist/core/portal.js.map +1 -1
- package/dist/core/types.d.ts +2 -2
- package/dist/core/types.d.ts.map +1 -1
- package/dist/crypto/canonicalize.d.ts +7 -0
- package/dist/crypto/canonicalize.d.ts.map +1 -0
- package/dist/crypto/canonicalize.js +21 -0
- package/dist/crypto/canonicalize.js.map +1 -0
- package/dist/crypto/index.d.ts +6 -5
- package/dist/crypto/index.d.ts.map +1 -1
- package/dist/crypto/index.js +6 -5
- package/dist/crypto/index.js.map +1 -1
- package/dist/crypto/keys.d.ts +10 -0
- package/dist/crypto/keys.d.ts.map +1 -0
- package/dist/crypto/keys.js +19 -0
- package/dist/crypto/keys.js.map +1 -0
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/middleware/governance.d.ts +1 -7
- package/dist/middleware/governance.d.ts.map +1 -1
- package/dist/middleware/governance.js +11 -18
- package/dist/middleware/governance.js.map +1 -1
- package/dist/prompts/drift-analysis.d.ts +13 -0
- package/dist/prompts/drift-analysis.d.ts.map +1 -0
- package/dist/prompts/drift-analysis.js +43 -0
- package/dist/prompts/drift-analysis.js.map +1 -0
- package/dist/prompts/governance-report.d.ts +7 -0
- package/dist/prompts/governance-report.d.ts.map +1 -0
- package/dist/prompts/governance-report.js +26 -0
- package/dist/prompts/governance-report.js.map +1 -0
- package/dist/prompts/nccoe-demo.d.ts +14 -0
- package/dist/prompts/nccoe-demo.d.ts.map +1 -0
- package/dist/prompts/nccoe-demo.js +48 -0
- package/dist/prompts/nccoe-demo.js.map +1 -0
- package/dist/resources/crypto-primitives.d.ts +3 -0
- package/dist/resources/crypto-primitives.d.ts.map +1 -0
- package/dist/resources/crypto-primitives.js +52 -0
- package/dist/resources/crypto-primitives.js.map +1 -0
- package/dist/resources/patent-claims.d.ts +3 -0
- package/dist/resources/patent-claims.d.ts.map +1 -0
- package/dist/resources/patent-claims.js +67 -0
- package/dist/resources/patent-claims.js.map +1 -0
- package/dist/resources/sample-bundle.d.ts +6 -0
- package/dist/resources/sample-bundle.d.ts.map +1 -0
- package/dist/resources/sample-bundle.js +58 -0
- package/dist/resources/sample-bundle.js.map +1 -0
- package/dist/resources/specification.d.ts +3 -0
- package/dist/resources/specification.d.ts.map +1 -0
- package/dist/resources/specification.js +107 -0
- package/dist/resources/specification.js.map +1 -0
- package/dist/server.d.ts +4 -7
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +217 -343
- package/dist/server.js.map +1 -1
- package/dist/storage/sqlite.js +1 -1
- package/dist/tools/create-artifact.d.ts +25 -0
- package/dist/tools/create-artifact.d.ts.map +1 -0
- package/dist/tools/create-artifact.js +85 -0
- package/dist/tools/create-artifact.js.map +1 -0
- package/dist/tools/delegate-subagent.d.ts +18 -0
- package/dist/tools/delegate-subagent.d.ts.map +1 -0
- package/dist/tools/delegate-subagent.js +50 -0
- package/dist/tools/delegate-subagent.js.map +1 -0
- package/dist/tools/disclose-claim.d.ts +14 -0
- package/dist/tools/disclose-claim.d.ts.map +1 -0
- package/dist/tools/disclose-claim.js +23 -0
- package/dist/tools/disclose-claim.js.map +1 -0
- package/dist/tools/export-bundle.d.ts +8 -0
- package/dist/tools/export-bundle.d.ts.map +1 -0
- package/dist/tools/export-bundle.js +25 -0
- package/dist/tools/export-bundle.js.map +1 -0
- package/dist/tools/full-lifecycle.d.ts +16 -0
- package/dist/tools/full-lifecycle.d.ts.map +1 -0
- package/dist/tools/full-lifecycle.js +121 -0
- package/dist/tools/full-lifecycle.js.map +1 -0
- package/dist/tools/generate-receipt.d.ts +16 -0
- package/dist/tools/generate-receipt.d.ts.map +1 -0
- package/dist/tools/generate-receipt.js +31 -0
- package/dist/tools/generate-receipt.js.map +1 -0
- package/dist/tools/get-chain.d.ts +14 -0
- package/dist/tools/get-chain.d.ts.map +1 -0
- package/dist/tools/get-chain.js +45 -0
- package/dist/tools/get-chain.js.map +1 -0
- package/dist/tools/get-portal-state.d.ts +8 -0
- package/dist/tools/get-portal-state.d.ts.map +1 -0
- package/dist/tools/get-portal-state.js +15 -0
- package/dist/tools/get-portal-state.js.map +1 -0
- package/dist/tools/init-chain.d.ts +10 -0
- package/dist/tools/init-chain.d.ts.map +1 -0
- package/dist/tools/init-chain.js +13 -0
- package/dist/tools/init-chain.js.map +1 -0
- package/dist/tools/measure-behavior.d.ts +12 -0
- package/dist/tools/measure-behavior.d.ts.map +1 -0
- package/dist/tools/measure-behavior.js +29 -0
- package/dist/tools/measure-behavior.js.map +1 -0
- package/dist/tools/measure-subject.d.ts +15 -0
- package/dist/tools/measure-subject.d.ts.map +1 -0
- package/dist/tools/measure-subject.js +106 -0
- package/dist/tools/measure-subject.js.map +1 -0
- package/dist/tools/quarantine-status.d.ts +8 -0
- package/dist/tools/quarantine-status.d.ts.map +1 -0
- package/dist/tools/quarantine-status.js +16 -0
- package/dist/tools/quarantine-status.js.map +1 -0
- package/dist/tools/revoke-artifact.d.ts +13 -0
- package/dist/tools/revoke-artifact.d.ts.map +1 -0
- package/dist/tools/revoke-artifact.js +24 -0
- package/dist/tools/revoke-artifact.js.map +1 -0
- package/dist/tools/rotate-keys.d.ts +13 -0
- package/dist/tools/rotate-keys.d.ts.map +1 -0
- package/dist/tools/rotate-keys.js +39 -0
- package/dist/tools/rotate-keys.js.map +1 -0
- package/dist/tools/server-info.d.ts +8 -0
- package/dist/tools/server-info.d.ts.map +1 -0
- package/dist/tools/server-info.js +24 -0
- package/dist/tools/server-info.js.map +1 -0
- package/dist/tools/set-verification-tier.d.ts +11 -0
- package/dist/tools/set-verification-tier.d.ts.map +1 -0
- package/dist/tools/set-verification-tier.js +31 -0
- package/dist/tools/set-verification-tier.js.map +1 -0
- package/dist/tools/start-monitoring.d.ts +12 -0
- package/dist/tools/start-monitoring.d.ts.map +1 -0
- package/dist/tools/start-monitoring.js +17 -0
- package/dist/tools/start-monitoring.js.map +1 -0
- package/dist/tools/trigger-measurement.d.ts +15 -0
- package/dist/tools/trigger-measurement.d.ts.map +1 -0
- package/dist/tools/trigger-measurement.js +86 -0
- package/dist/tools/trigger-measurement.js.map +1 -0
- package/dist/tools/verify-artifact.d.ts +13 -0
- package/dist/tools/verify-artifact.d.ts.map +1 -0
- package/dist/tools/verify-artifact.js +6 -0
- package/dist/tools/verify-artifact.js.map +1 -0
- package/dist/tools/verify-bundle.d.ts +13 -0
- package/dist/tools/verify-bundle.d.ts.map +1 -0
- package/dist/tools/verify-bundle.js +6 -0
- package/dist/tools/verify-bundle.js.map +1 -0
- package/dist/types.d.ts +262 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +9 -0
- package/dist/types.js.map +1 -0
- package/package.json +33 -6
- package/AGA_MCP_SERVER_SPEC.md +0 -632
- package/src/core/artifact.ts +0 -45
- package/src/core/attestation.ts +0 -33
- package/src/core/behavioral.ts +0 -132
- package/src/core/bundle.ts +0 -31
- package/src/core/chain.ts +0 -72
- package/src/core/checkpoint.ts +0 -22
- package/src/core/delegation.ts +0 -146
- package/src/core/disclosure.ts +0 -32
- package/src/core/index.ts +0 -11
- package/src/core/portal.ts +0 -96
- package/src/core/quarantine.ts +0 -16
- package/src/core/receipt.ts +0 -33
- package/src/core/subject.ts +0 -11
- package/src/core/types.ts +0 -244
- package/src/crypto/hash.ts +0 -33
- package/src/crypto/index.ts +0 -5
- package/src/crypto/merkle.ts +0 -43
- package/src/crypto/salt.ts +0 -18
- package/src/crypto/sign.ts +0 -35
- package/src/crypto/types.ts +0 -19
- package/src/index.ts +0 -12
- package/src/middleware/governance.ts +0 -95
- package/src/middleware/index.ts +0 -1
- package/src/server.ts +0 -436
- package/src/storage/index.ts +0 -3
- package/src/storage/interface.ts +0 -21
- package/src/storage/memory.ts +0 -27
- package/src/storage/sqlite.ts +0 -45
- package/src/tools/README.md +0 -13
- package/src/utils/canonical.ts +0 -14
- package/src/utils/constants.ts +0 -3
- package/src/utils/timestamp.ts +0 -12
- package/src/utils/uuid.ts +0 -2
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACxF,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpH,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AACnF,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC"}
|
package/dist/crypto/index.js
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
export
|
|
2
|
-
export
|
|
3
|
-
export
|
|
4
|
-
export
|
|
5
|
-
export
|
|
1
|
+
export { sha256Bytes, sha256Str, blake2b256, sha256Cat, sha256HexCat } from './hash.js';
|
|
2
|
+
export { generateKeyPair, sign, signStr, verify, verifyStr, sigToB64, b64ToSig, pkToHex, hexToPk } from './sign.js';
|
|
3
|
+
export { generateSalt, saltedCommitment, verifySaltedCommitment } from './salt.js';
|
|
4
|
+
export { buildMerkleTree, inclusionProof, verifyProof } from './merkle.js';
|
|
5
|
+
export { canonicalize, deepSortKeys } from './canonicalize.js';
|
|
6
|
+
export { keyFingerprint, isKeyValid, rotateKeyPair } from './keys.js';
|
|
6
7
|
//# sourceMappingURL=index.js.map
|
package/dist/crypto/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACxF,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpH,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AACnF,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { pkToHex, hexToPk } from './sign.js';
|
|
2
|
+
import type { KeyPair } from '../types.js';
|
|
3
|
+
/** SHA-256 fingerprint of a public key (first 16 hex chars). */
|
|
4
|
+
export declare function keyFingerprint(pk: Uint8Array): string;
|
|
5
|
+
/** Check if a hex-encoded public key is valid (64 hex chars for Ed25519). */
|
|
6
|
+
export declare function isKeyValid(hexKey: string): boolean;
|
|
7
|
+
/** Rotate a keypair - returns new keypair. Old keypair should be revoked. */
|
|
8
|
+
export declare function rotateKeyPair(): KeyPair;
|
|
9
|
+
export { pkToHex, hexToPk };
|
|
10
|
+
//# sourceMappingURL=keys.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"keys.d.ts","sourceRoot":"","sources":["../../src/crypto/keys.ts"],"names":[],"mappings":"AAIA,OAAO,EAAmB,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC9D,OAAO,KAAK,EAAE,OAAO,EAAW,MAAM,aAAa,CAAC;AAEpD,gEAAgE;AAChE,wBAAgB,cAAc,CAAC,EAAE,EAAE,UAAU,GAAG,MAAM,CAErD;AAED,6EAA6E;AAC7E,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAElD;AAED,6EAA6E;AAC7E,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Key utilities: fingerprints, hex encoding, validation.
|
|
3
|
+
*/
|
|
4
|
+
import { sha256Str } from './hash.js';
|
|
5
|
+
import { generateKeyPair, pkToHex, hexToPk } from './sign.js';
|
|
6
|
+
/** SHA-256 fingerprint of a public key (first 16 hex chars). */
|
|
7
|
+
export function keyFingerprint(pk) {
|
|
8
|
+
return sha256Str(pkToHex(pk)).slice(0, 16);
|
|
9
|
+
}
|
|
10
|
+
/** Check if a hex-encoded public key is valid (64 hex chars for Ed25519). */
|
|
11
|
+
export function isKeyValid(hexKey) {
|
|
12
|
+
return /^[0-9a-f]{64}$/.test(hexKey);
|
|
13
|
+
}
|
|
14
|
+
/** Rotate a keypair - returns new keypair. Old keypair should be revoked. */
|
|
15
|
+
export function rotateKeyPair() {
|
|
16
|
+
return generateKeyPair();
|
|
17
|
+
}
|
|
18
|
+
export { pkToHex, hexToPk };
|
|
19
|
+
//# sourceMappingURL=keys.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"keys.js","sourceRoot":"","sources":["../../src/crypto/keys.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAG9D,gEAAgE;AAChE,MAAM,UAAU,cAAc,CAAC,EAAc;IAC3C,OAAO,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,6EAA6E;AAC7E,MAAM,UAAU,UAAU,CAAC,MAAc;IACvC,OAAO,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACvC,CAAC;AAED,6EAA6E;AAC7E,MAAM,UAAU,aAAa;IAC3B,OAAO,eAAe,EAAE,CAAC;AAC3B,CAAC;AAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -5,7 +5,7 @@ async function main() {
|
|
|
5
5
|
const server = await createAGAServer();
|
|
6
6
|
const transport = new StdioServerTransport();
|
|
7
7
|
await server.connect(transport);
|
|
8
|
-
console.error('AGA MCP Server running on stdio');
|
|
8
|
+
console.error('AGA MCP Server v2.0.0 running on stdio');
|
|
9
9
|
}
|
|
10
10
|
main().catch(e => { console.error('Fatal:', e); process.exit(1); });
|
|
11
11
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;AAC1D,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC"}
|
|
@@ -1,15 +1,9 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Governance Middleware
|
|
2
|
+
* Governance Middleware: wraps every MCP tool handler.
|
|
3
3
|
*
|
|
4
4
|
* NCCoE filing Section 4: "The portal operates as a Policy Enforcement Point (PEP)...
|
|
5
5
|
* Every tool invocation, API call, actuator command, and data access passes through
|
|
6
6
|
* the portal, which evaluates it against the sealed artifact's enforcement parameters."
|
|
7
|
-
*
|
|
8
|
-
* Behavior:
|
|
9
|
-
* - TERMINATED state → reject all governed tools
|
|
10
|
-
* - PHANTOM_QUARANTINE → capture tool call as forensic input, reject
|
|
11
|
-
* - ACTIVE_MONITORING → allow, log to chain
|
|
12
|
-
* - Ungoverned tools (get_server_info, get_portal_state, list_claims) → always allow
|
|
13
7
|
*/
|
|
14
8
|
import type { Portal } from '../core/portal.js';
|
|
15
9
|
import type { QuarantineState } from '../core/types.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"governance.d.ts","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"governance.d.ts","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAI/D,MAAM,MAAM,UAAU,GAAG;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE,CAAC;AAC5E,MAAM,MAAM,WAAW,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;AAYpE,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE;IAAE,OAAO,EAAE,eAAe,GAAG,IAAI,CAAA;CAAE,EAC/C,QAAQ,EAAE,MAAM,EAChB,iBAAiB,CAAC,EAAE,iBAAiB,IAIT,CAAC,EAAE,SAAS,WAAW,CAAC,CAAC,CAAC,KAAG,WAAW,CAAC,CAAC,CAAC,CA8CxE"}
|
|
@@ -2,14 +2,13 @@ import { captureInput } from '../core/quarantine.js';
|
|
|
2
2
|
import { sha256Str } from '../crypto/hash.js';
|
|
3
3
|
import { canonicalize } from '../utils/canonical.js';
|
|
4
4
|
const UNGOVERNED_TOOLS = new Set([
|
|
5
|
-
|
|
6
|
-
'get_portal_state',
|
|
7
|
-
'
|
|
8
|
-
|
|
9
|
-
'
|
|
10
|
-
'
|
|
11
|
-
'
|
|
12
|
-
'verify_chain', // read-only verification
|
|
5
|
+
// V1 names (backward compat)
|
|
6
|
+
'get_server_info', 'get_portal_state', 'get_receipts', 'get_chain_events',
|
|
7
|
+
'list_claims', 'init_chain', 'attest_subject', 'verify_chain',
|
|
8
|
+
// V2 names
|
|
9
|
+
'aga_server_info', 'aga_get_portal_state', 'aga_init_chain', 'aga_create_artifact',
|
|
10
|
+
'aga_verify_artifact', 'aga_verify_bundle', 'aga_get_chain', 'aga_quarantine_status',
|
|
11
|
+
'aga_set_verification_tier', 'aga_demonstrate_lifecycle', 'aga_measure_behavior',
|
|
13
12
|
]);
|
|
14
13
|
export function createGovernanceWrapper(portal, quarantine, toolName, behavioralMonitor) {
|
|
15
14
|
const isGoverned = !UNGOVERNED_TOOLS.has(toolName);
|
|
@@ -20,21 +19,17 @@ export function createGovernanceWrapper(portal, quarantine, toolName, behavioral
|
|
|
20
19
|
const j = (x) => ({
|
|
21
20
|
content: [{ type: 'text', text: JSON.stringify(x, null, 2) }]
|
|
22
21
|
});
|
|
23
|
-
|
|
24
|
-
if (portal.state === 'TERMINATED') {
|
|
22
|
+
if (portal.state === 'TERMINATED' || portal.state === 'SAFE_STATE') {
|
|
25
23
|
return j({
|
|
26
24
|
success: false,
|
|
27
|
-
error:
|
|
25
|
+
error: `GOVERNANCE_BLOCKED: Portal is ${portal.state.toLowerCase()}. Agent governance has been revoked. Re-attestation required.`,
|
|
28
26
|
portal_state: portal.state,
|
|
29
27
|
tool: toolName,
|
|
30
28
|
});
|
|
31
29
|
}
|
|
32
|
-
// PHANTOM_QUARANTINE → capture as forensic input, reject
|
|
33
30
|
if (portal.state === 'PHANTOM_QUARANTINE' && quarantine.current?.active) {
|
|
34
31
|
captureInput(quarantine.current, `tool_call:${toolName}`, {
|
|
35
|
-
tool: toolName,
|
|
36
|
-
args,
|
|
37
|
-
timestamp: new Date().toISOString(),
|
|
32
|
+
tool: toolName, args, timestamp: new Date().toISOString(),
|
|
38
33
|
});
|
|
39
34
|
return j({
|
|
40
35
|
success: false,
|
|
@@ -44,16 +39,14 @@ export function createGovernanceWrapper(portal, quarantine, toolName, behavioral
|
|
|
44
39
|
forensic_capture: true,
|
|
45
40
|
});
|
|
46
41
|
}
|
|
47
|
-
// INITIALIZATION or ARTIFACT_VERIFICATION → not yet governed
|
|
48
42
|
if (portal.state === 'INITIALIZATION' || portal.state === 'ARTIFACT_VERIFICATION') {
|
|
49
43
|
return j({
|
|
50
44
|
success: false,
|
|
51
|
-
error: 'GOVERNANCE_NOT_READY: No active policy artifact. Call
|
|
45
|
+
error: 'GOVERNANCE_NOT_READY: No active policy artifact. Call aga_create_artifact first.',
|
|
52
46
|
portal_state: portal.state,
|
|
53
47
|
tool: toolName,
|
|
54
48
|
});
|
|
55
49
|
}
|
|
56
|
-
// ACTIVE_MONITORING or DRIFT_DETECTED → record + allow through
|
|
57
50
|
if (behavioralMonitor) {
|
|
58
51
|
const argsHash = sha256Str(canonicalize(args));
|
|
59
52
|
behavioralMonitor.recordInvocation(toolName, argsHash);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"governance.js","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"governance.js","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAKrD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,6BAA6B;IAC7B,iBAAiB,EAAE,kBAAkB,EAAE,cAAc,EAAE,kBAAkB;IACzE,aAAa,EAAE,YAAY,EAAE,gBAAgB,EAAE,cAAc;IAC7D,WAAW;IACX,iBAAiB,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,qBAAqB;IAClF,qBAAqB,EAAE,mBAAmB,EAAE,eAAe,EAAE,uBAAuB;IACpF,2BAA2B,EAAE,2BAA2B,EAAE,sBAAsB;CACjF,CAAC,CAAC;AAEH,MAAM,UAAU,uBAAuB,CACrC,MAAc,EACd,UAA+C,EAC/C,QAAgB,EAChB,iBAAqC;IAErC,MAAM,UAAU,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAEnD,OAAO,SAAS,WAAW,CAAI,OAAuB;QACpD,IAAI,CAAC,UAAU;YAAE,OAAO,OAAO,CAAC;QAEhC,OAAO,KAAK,EAAE,IAAO,EAAuB,EAAE;YAC5C,MAAM,CAAC,GAAG,CAAC,CAAU,EAAc,EAAE,CAAC,CAAC;gBACrC,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;aAC9D,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,KAAK,KAAK,YAAY,IAAI,MAAM,CAAC,KAAK,KAAK,YAAY,EAAE,CAAC;gBACnE,OAAO,CAAC,CAAC;oBACP,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,iCAAiC,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,+DAA+D;oBACjI,YAAY,EAAE,MAAM,CAAC,KAAK;oBAC1B,IAAI,EAAE,QAAQ;iBACf,CAAC,CAAC;YACL,CAAC;YAED,IAAI,MAAM,CAAC,KAAK,KAAK,oBAAoB,IAAI,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC;gBACxE,YAAY,CAAC,UAAU,CAAC,OAAO,EAAE,aAAa,QAAQ,EAAE,EAAE;oBACxD,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBAC1D,CAAC,CAAC;gBACH,OAAO,CAAC,CAAC;oBACP,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,mIAAmI;oBAC1I,YAAY,EAAE,MAAM,CAAC,KAAK;oBAC1B,IAAI,EAAE,QAAQ;oBACd,gBAAgB,EAAE,IAAI;iBACvB,CAAC,CAAC;YACL,CAAC;YAED,IAAI,MAAM,CAAC,KAAK,KAAK,gBAAgB,IAAI,MAAM,CAAC,KAAK,KAAK,uBAAuB,EAAE,CAAC;gBAClF,OAAO,CAAC,CAAC;oBACP,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,kFAAkF;oBACzF,YAAY,EAAE,MAAM,CAAC,KAAK;oBAC1B,IAAI,EAAE,QAAQ;iBACf,CAAC,CAAC;YACL,CAAC;YAED,IAAI,iBAAiB,EAAE,CAAC;gBACtB,MAAM,QAAQ,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC/C,iBAAiB,CAAC,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YACzD,CAAC;YACD,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
export declare const DRIFT_ANALYSIS_PROMPT: {
|
|
2
|
+
name: string;
|
|
3
|
+
description: string;
|
|
4
|
+
arguments: {
|
|
5
|
+
name: string;
|
|
6
|
+
description: string;
|
|
7
|
+
required: boolean;
|
|
8
|
+
}[];
|
|
9
|
+
template: (args: {
|
|
10
|
+
drift_type?: string;
|
|
11
|
+
}) => string;
|
|
12
|
+
};
|
|
13
|
+
//# sourceMappingURL=drift-analysis.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"drift-analysis.d.ts","sourceRoot":"","sources":["../../src/prompts/drift-analysis.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,qBAAqB;;;;;;;;qBAMf;QAAE,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE;CAmCzC,CAAC"}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
export const DRIFT_ANALYSIS_PROMPT = {
|
|
2
|
+
name: 'drift-analysis',
|
|
3
|
+
description: 'Analyze drift events and recommend remediation',
|
|
4
|
+
arguments: [
|
|
5
|
+
{ name: 'drift_type', description: 'Type of drift: binary, behavioral, or both', required: false },
|
|
6
|
+
],
|
|
7
|
+
template: (args) => `# Drift Event Analysis
|
|
8
|
+
|
|
9
|
+
Analyze drift events in the current AGA session for type: ${args.drift_type ?? 'both'}
|
|
10
|
+
|
|
11
|
+
## Investigation Steps
|
|
12
|
+
|
|
13
|
+
1. Call \`aga_get_chain\` to retrieve all chain events
|
|
14
|
+
2. Filter for INTERACTION_RECEIPT events where drift_detected=true
|
|
15
|
+
3. Filter for BEHAVIORAL_DRIFT events
|
|
16
|
+
4. Call \`aga_measure_behavior\` for current behavioral state
|
|
17
|
+
5. Call \`aga_get_portal_state\` for enforcement status
|
|
18
|
+
|
|
19
|
+
## Analysis Framework
|
|
20
|
+
|
|
21
|
+
For each drift event, determine:
|
|
22
|
+
- **Root Cause:** Binary modification, prompt injection, configuration change, behavioral anomaly
|
|
23
|
+
- **Severity:** Based on enforcement action taken (TERMINATE > QUARANTINE > ALERT_ONLY)
|
|
24
|
+
- **Timeline:** When drift was first detected, how many measurements before detection
|
|
25
|
+
- **Impact:** Which measurements were affected, what enforcement was applied
|
|
26
|
+
|
|
27
|
+
## Remediation Recommendations
|
|
28
|
+
|
|
29
|
+
Based on the drift analysis:
|
|
30
|
+
- If binary drift → Recommend re-attestation with updated subject
|
|
31
|
+
- If behavioral drift → Recommend baseline adjustment or investigation
|
|
32
|
+
- If both → Recommend full security review and incident response
|
|
33
|
+
|
|
34
|
+
## Output Format
|
|
35
|
+
|
|
36
|
+
Produce a structured drift analysis report with:
|
|
37
|
+
1. Drift event timeline
|
|
38
|
+
2. Root cause assessment
|
|
39
|
+
3. Severity classification
|
|
40
|
+
4. Remediation steps
|
|
41
|
+
5. Prevention recommendations`,
|
|
42
|
+
};
|
|
43
|
+
//# sourceMappingURL=drift-analysis.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"drift-analysis.js","sourceRoot":"","sources":["../../src/prompts/drift-analysis.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,IAAI,EAAE,gBAAgB;IACtB,WAAW,EAAE,gDAAgD;IAC7D,SAAS,EAAE;QACT,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,4CAA4C,EAAE,QAAQ,EAAE,KAAK,EAAE;KACnG;IACD,QAAQ,EAAE,CAAC,IAA6B,EAAE,EAAE,CAAC;;4DAEa,IAAI,CAAC,UAAU,IAAI,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAgCvD;CAC7B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"governance-report.d.ts","sourceRoot":"","sources":["../../src/prompts/governance-report.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,wBAAwB;;;;;CAwBpC,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
export const GOVERNANCE_REPORT_PROMPT = {
|
|
2
|
+
name: 'governance-report',
|
|
3
|
+
description: 'Generate a session governance summary report',
|
|
4
|
+
arguments: [],
|
|
5
|
+
template: () => `# Session Governance Summary Report
|
|
6
|
+
|
|
7
|
+
Generate a comprehensive governance report for the current AGA session:
|
|
8
|
+
|
|
9
|
+
1. Call \`aga_server_info\` for server identity and key information
|
|
10
|
+
2. Call \`aga_get_portal_state\` for current enforcement status
|
|
11
|
+
3. Call \`aga_get_chain\` with verify=true for chain integrity
|
|
12
|
+
4. Call \`aga_measure_behavior\` for behavioral analysis
|
|
13
|
+
5. Call \`aga_quarantine_status\` for quarantine state
|
|
14
|
+
|
|
15
|
+
Then produce a report with:
|
|
16
|
+
- **Session Identity:** Server keys, verification tier, uptime
|
|
17
|
+
- **Governance State:** Portal state, artifact status, TTL remaining
|
|
18
|
+
- **Chain Integrity:** Event count, verification status, any breaks
|
|
19
|
+
- **Behavioral Analysis:** Violations detected, behavioral hash
|
|
20
|
+
- **Quarantine Status:** Active/inactive, forensic captures
|
|
21
|
+
- **Measurement Summary:** Total measurements, drift events
|
|
22
|
+
- **Compliance Status:** NIST/NCCoE alignment assessment
|
|
23
|
+
|
|
24
|
+
Format as a structured markdown report suitable for audit documentation.`,
|
|
25
|
+
};
|
|
26
|
+
//# sourceMappingURL=governance-report.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"governance-report.js","sourceRoot":"","sources":["../../src/prompts/governance-report.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,IAAI,EAAE,mBAAmB;IACzB,WAAW,EAAE,8CAA8C;IAC3D,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,GAAG,EAAE,CAAC;;;;;;;;;;;;;;;;;;;yEAmBuD;CACxE,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
export declare const NCCOE_DEMO_PROMPT: {
|
|
2
|
+
name: string;
|
|
3
|
+
description: string;
|
|
4
|
+
arguments: {
|
|
5
|
+
name: string;
|
|
6
|
+
description: string;
|
|
7
|
+
required: boolean;
|
|
8
|
+
}[];
|
|
9
|
+
template: (args: {
|
|
10
|
+
agent_code?: string;
|
|
11
|
+
include_behavioral?: string;
|
|
12
|
+
}) => string;
|
|
13
|
+
};
|
|
14
|
+
//# sourceMappingURL=nccoe-demo.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"nccoe-demo.d.ts","sourceRoot":"","sources":["../../src/prompts/nccoe-demo.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,iBAAiB;;;;;;;;qBAOX;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,kBAAkB,CAAC,EAAE,MAAM,CAAA;KAAE;CAuCtE,CAAC"}
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
export const NCCOE_DEMO_PROMPT = {
|
|
2
|
+
name: 'nccoe-demo',
|
|
3
|
+
description: 'NCCoE AI Agent Identity and Authorization - Full 4-phase demo with behavioral drift detection',
|
|
4
|
+
arguments: [
|
|
5
|
+
{ name: 'agent_code', description: 'The agent source code to attest', required: false },
|
|
6
|
+
{ name: 'include_behavioral', description: 'Include behavioral drift detection phase', required: false },
|
|
7
|
+
],
|
|
8
|
+
template: (args) => `# NCCoE Lab Demo - AGA Protocol Full Lifecycle
|
|
9
|
+
|
|
10
|
+
Execute the following phases using the AGA MCP Server tools:
|
|
11
|
+
|
|
12
|
+
## Phase 1: Attestation and Identity Binding
|
|
13
|
+
1. Call \`aga_init_chain\` to initialize the continuity chain
|
|
14
|
+
2. Call \`aga_create_artifact\` with subject content: "${args.agent_code ?? 'def monitor(): return sensors.read_all()'}"
|
|
15
|
+
- Include metadata: filename="scada_agent.py", version="2.1.0", author="engineering"
|
|
16
|
+
${args.include_behavioral === 'true' ? ` - Include behavioral_baseline: permitted_tools=["aga_measure_subject","aga_get_portal_state"], rate_limits={"aga_measure_subject":10}, forbidden_sequences=[["read_secret","send_email"]], window_ms=60000` : ''}
|
|
17
|
+
3. Verify the portal state is ACTIVE_MONITORING
|
|
18
|
+
|
|
19
|
+
## Phase 2: Authorized Operation
|
|
20
|
+
4. Call \`aga_measure_subject\` with the SAME content - expect match=true
|
|
21
|
+
5. Call \`aga_measure_subject\` again - expect match=true, receipt generated
|
|
22
|
+
6. Verify both receipts show drift_detected=false
|
|
23
|
+
|
|
24
|
+
## Phase 3: Simulated Prompt Injection
|
|
25
|
+
7. Call \`aga_measure_subject\` with MODIFIED content: "def monitor(): return attacker.exfiltrate(sensors.read_all())"
|
|
26
|
+
- Expect match=false, drift_detected=true
|
|
27
|
+
- Expect enforcement_action=QUARANTINE
|
|
28
|
+
8. Check portal state - should be PHANTOM_QUARANTINE
|
|
29
|
+
9. Call \`aga_quarantine_status\` to see forensic capture state
|
|
30
|
+
|
|
31
|
+
## Phase 3b: Mid-Session Revocation
|
|
32
|
+
10. Call \`aga_revoke_artifact\` with the sealed hash and reason "Compromise detected"
|
|
33
|
+
11. Verify portal state is TERMINATED
|
|
34
|
+
|
|
35
|
+
${args.include_behavioral === 'true' ? `## Phase 3c: Behavioral Drift Detection
|
|
36
|
+
12. Call \`aga_measure_behavior\` to check for tool pattern violations
|
|
37
|
+
13. Review violations (unauthorized tools, rate limits, forbidden sequences)
|
|
38
|
+
` : ''}
|
|
39
|
+
|
|
40
|
+
## Phase 4: Offline Audit
|
|
41
|
+
${args.include_behavioral === 'true' ? '14' : '12'}. Call \`aga_get_chain\` with verify=true to verify chain integrity
|
|
42
|
+
${args.include_behavioral === 'true' ? '15' : '13'}. Call \`aga_export_bundle\` to generate evidence bundle (need checkpoint first)
|
|
43
|
+
${args.include_behavioral === 'true' ? '16' : '14'}. Call \`aga_verify_bundle\` with the bundle and issuer public key
|
|
44
|
+
|
|
45
|
+
All operations should produce signed receipts and chain events.
|
|
46
|
+
Each step maps to specific patent claims (see aga://resources/patent-claims).`,
|
|
47
|
+
};
|
|
48
|
+
//# sourceMappingURL=nccoe-demo.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"nccoe-demo.js","sourceRoot":"","sources":["../../src/prompts/nccoe-demo.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,IAAI,EAAE,YAAY;IAClB,WAAW,EAAE,+FAA+F;IAC5G,SAAS,EAAE;QACT,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,iCAAiC,EAAE,QAAQ,EAAE,KAAK,EAAE;QACvF,EAAE,IAAI,EAAE,oBAAoB,EAAE,WAAW,EAAE,0CAA0C,EAAE,QAAQ,EAAE,KAAK,EAAE;KACzG;IACD,QAAQ,EAAE,CAAC,IAA0D,EAAE,EAAE,CAAC;;;;;;yDAMnB,IAAI,CAAC,UAAU,IAAI,0CAA0C;;EAEpH,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,+MAA+M,CAAC,CAAC,CAAC,EAAE;;;;;;;;;;;;;;;;;;;EAmBzP,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC;;;CAGtC,CAAC,CAAC,CAAC,EAAE;;;EAGJ,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;EAChD,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;EAChD,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;;;8EAG4B;CAC7E,CAAC"}
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
export declare const CRYPTO_PRIMITIVES_DOC = "# AGA Cryptographic Primitives\n\n## Ed25519 Digital Signatures\n- Library: @noble/ed25519 v2.1.0\n- Key size: 256-bit (32 bytes)\n- Signature size: 512-bit (64 bytes)\n- Used for: Artifact signing, receipt signing, chain event signing\n\n## SHA-256 Hashing\n- Library: @noble/hashes v1.7.0\n- Output: 256-bit (64 hex characters)\n- Used for: Sealed hash, leaf hash, payload hash, subject identity\n\n## Sealed Hash Construction\n```\nsealed_hash = SHA-256(bytes_hash || metadata_hash || policy_reference || seal_salt)\n```\n- No delimiters between fields (raw hex concatenation)\n- Patent Section D specification\n\n## Leaf Hash Construction (Claim 3c)\n```\nleaf_hash = SHA-256(\n schema_version || \"||\" || protocol_version || \"||\" ||\n event_type || \"||\" || event_id || \"||\" ||\n sequence_number || \"||\" || timestamp || \"||\" ||\n previous_leaf_hash\n)\n```\n- **Payload EXCLUDED** - privacy innovation\n- Chain integrity verifiable without revealing event contents\n\n## Salted Commitments\n```\ncommitment = SHA-256(content_bytes || salt_bytes)\n```\n- Salt: 128-bit (16 bytes, 32 hex chars) CSPRNG\n- Enables selective disclosure\n\n## Merkle Trees\n- Binary tree over leaf hashes\n- Internal nodes: SHA-256(left || right)\n- Odd leaf count: last leaf duplicated\n- Inclusion proofs: array of {hash, direction} pairs\n\n## Canonical Serialization\n- RFC 8785 aligned\n- Sorted keys, no whitespace\n- Used before signing any object\n";
|
|
2
|
+
export declare const CRYPTO_PRIMITIVES_URI = "aga://crypto-primitives";
|
|
3
|
+
//# sourceMappingURL=crypto-primitives.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto-primitives.d.ts","sourceRoot":"","sources":["../../src/resources/crypto-primitives.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,qBAAqB,k7CAiDjC,CAAC;AAEF,eAAO,MAAM,qBAAqB,4BAA4B,CAAC"}
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
export const CRYPTO_PRIMITIVES_DOC = `# AGA Cryptographic Primitives
|
|
2
|
+
|
|
3
|
+
## Ed25519 Digital Signatures
|
|
4
|
+
- Library: @noble/ed25519 v2.1.0
|
|
5
|
+
- Key size: 256-bit (32 bytes)
|
|
6
|
+
- Signature size: 512-bit (64 bytes)
|
|
7
|
+
- Used for: Artifact signing, receipt signing, chain event signing
|
|
8
|
+
|
|
9
|
+
## SHA-256 Hashing
|
|
10
|
+
- Library: @noble/hashes v1.7.0
|
|
11
|
+
- Output: 256-bit (64 hex characters)
|
|
12
|
+
- Used for: Sealed hash, leaf hash, payload hash, subject identity
|
|
13
|
+
|
|
14
|
+
## Sealed Hash Construction
|
|
15
|
+
\`\`\`
|
|
16
|
+
sealed_hash = SHA-256(bytes_hash || metadata_hash || policy_reference || seal_salt)
|
|
17
|
+
\`\`\`
|
|
18
|
+
- No delimiters between fields (raw hex concatenation)
|
|
19
|
+
- Patent Section D specification
|
|
20
|
+
|
|
21
|
+
## Leaf Hash Construction (Claim 3c)
|
|
22
|
+
\`\`\`
|
|
23
|
+
leaf_hash = SHA-256(
|
|
24
|
+
schema_version || "||" || protocol_version || "||" ||
|
|
25
|
+
event_type || "||" || event_id || "||" ||
|
|
26
|
+
sequence_number || "||" || timestamp || "||" ||
|
|
27
|
+
previous_leaf_hash
|
|
28
|
+
)
|
|
29
|
+
\`\`\`
|
|
30
|
+
- **Payload EXCLUDED** - privacy innovation
|
|
31
|
+
- Chain integrity verifiable without revealing event contents
|
|
32
|
+
|
|
33
|
+
## Salted Commitments
|
|
34
|
+
\`\`\`
|
|
35
|
+
commitment = SHA-256(content_bytes || salt_bytes)
|
|
36
|
+
\`\`\`
|
|
37
|
+
- Salt: 128-bit (16 bytes, 32 hex chars) CSPRNG
|
|
38
|
+
- Enables selective disclosure
|
|
39
|
+
|
|
40
|
+
## Merkle Trees
|
|
41
|
+
- Binary tree over leaf hashes
|
|
42
|
+
- Internal nodes: SHA-256(left || right)
|
|
43
|
+
- Odd leaf count: last leaf duplicated
|
|
44
|
+
- Inclusion proofs: array of {hash, direction} pairs
|
|
45
|
+
|
|
46
|
+
## Canonical Serialization
|
|
47
|
+
- RFC 8785 aligned
|
|
48
|
+
- Sorted keys, no whitespace
|
|
49
|
+
- Used before signing any object
|
|
50
|
+
`;
|
|
51
|
+
export const CRYPTO_PRIMITIVES_URI = 'aga://crypto-primitives';
|
|
52
|
+
//# sourceMappingURL=crypto-primitives.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto-primitives.js","sourceRoot":"","sources":["../../src/resources/crypto-primitives.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,qBAAqB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAiDpC,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAAG,yBAAyB,CAAC"}
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
export declare const PATENT_CLAIMS_DOC = "# USPTO Application No. 19/433,835 - Patent Claims Mapped to Tools\n\n## Claim 1: Subject Attestation and Measurement\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 1(a) | Receive subject for attestation | aga_create_artifact |\n| 1(b) | Generate subject identifier (bytes_hash + metadata_hash) | aga_create_artifact |\n| 1(c) | Perform attestation (sealed_hash generation) | aga_create_artifact |\n| 1(d) | Generate policy artifact with signature | aga_create_artifact |\n| 1(e) | Portal accepts artifact, begins monitoring | aga_measure_subject |\n| 1(f) | Compare current state to sealed reference | aga_measure_subject |\n| 1(g) | Enforce on drift, generate signed receipt | aga_measure_subject |\n\n## Claim 2: Privacy-Preserving Disclosure\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 2 | Sensitivity-based claim disclosure | aga_disclose_claim |\n| 2-sub | Auto-substitution when sensitivity denied | aga_disclose_claim |\n\n## Claim 3: Continuity Chain\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 3(a) | Genesis event creation | aga_init_chain |\n| 3(b) | Event appending (auto on every operation) | All tools |\n| 3(c) | Leaf hash excludes payload (privacy innovation) | aga_get_chain |\n| 3(d-f) | Merkle checkpoint anchoring | aga_export_bundle |\n\n## Claim 5: Quarantine\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 5 | Phantom execution on drift | aga_quarantine_status |\n\n## Claim 6: TTL Expiration\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 6 | Fail-closed on TTL expiry | aga_measure_subject |\n\n## Claim 9: Evidence Bundle\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 9 | Offline-verifiable evidence bundle | aga_export_bundle |\n\n## Claim 10: Pinned Key\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 10 | Portal pins issuer public key | aga_create_artifact |\n\n## Claim 11: Phantom Execution\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 11 | Forensic input capture during quarantine | aga_quarantine_status |\n\n## Claim 12: Graceful Degradation\n| Sub-claim | Description | Tool |\n|-----------|-------------|------|\n| 12 | TTL + fail-closed termination | aga_measure_subject |\n\n## Additional (NCCoE Filing)\n| Feature | Description | Tool |\n|---------|-------------|------|\n| Mid-session revocation | NCCoE Phase 3b | aga_revoke_artifact |\n| Behavioral drift | NIST-2025-0035 | aga_measure_behavior |\n| Constrained delegation | NCCoE constrained sub-mandates | aga_delegate_subagent |\n| Key rotation | Key lifecycle management | aga_rotate_keys |\n";
|
|
2
|
+
export declare const PATENT_CLAIMS_URI = "aga://patent-claims";
|
|
3
|
+
//# sourceMappingURL=patent-claims.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"patent-claims.d.ts","sourceRoot":"","sources":["../../src/resources/patent-claims.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,iBAAiB,uqFAgE7B,CAAC;AAEF,eAAO,MAAM,iBAAiB,wBAAwB,CAAC"}
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
export const PATENT_CLAIMS_DOC = `# USPTO Application No. 19/433,835 - Patent Claims Mapped to Tools
|
|
2
|
+
|
|
3
|
+
## Claim 1: Subject Attestation and Measurement
|
|
4
|
+
| Sub-claim | Description | Tool |
|
|
5
|
+
|-----------|-------------|------|
|
|
6
|
+
| 1(a) | Receive subject for attestation | aga_create_artifact |
|
|
7
|
+
| 1(b) | Generate subject identifier (bytes_hash + metadata_hash) | aga_create_artifact |
|
|
8
|
+
| 1(c) | Perform attestation (sealed_hash generation) | aga_create_artifact |
|
|
9
|
+
| 1(d) | Generate policy artifact with signature | aga_create_artifact |
|
|
10
|
+
| 1(e) | Portal accepts artifact, begins monitoring | aga_measure_subject |
|
|
11
|
+
| 1(f) | Compare current state to sealed reference | aga_measure_subject |
|
|
12
|
+
| 1(g) | Enforce on drift, generate signed receipt | aga_measure_subject |
|
|
13
|
+
|
|
14
|
+
## Claim 2: Privacy-Preserving Disclosure
|
|
15
|
+
| Sub-claim | Description | Tool |
|
|
16
|
+
|-----------|-------------|------|
|
|
17
|
+
| 2 | Sensitivity-based claim disclosure | aga_disclose_claim |
|
|
18
|
+
| 2-sub | Auto-substitution when sensitivity denied | aga_disclose_claim |
|
|
19
|
+
|
|
20
|
+
## Claim 3: Continuity Chain
|
|
21
|
+
| Sub-claim | Description | Tool |
|
|
22
|
+
|-----------|-------------|------|
|
|
23
|
+
| 3(a) | Genesis event creation | aga_init_chain |
|
|
24
|
+
| 3(b) | Event appending (auto on every operation) | All tools |
|
|
25
|
+
| 3(c) | Leaf hash excludes payload (privacy innovation) | aga_get_chain |
|
|
26
|
+
| 3(d-f) | Merkle checkpoint anchoring | aga_export_bundle |
|
|
27
|
+
|
|
28
|
+
## Claim 5: Quarantine
|
|
29
|
+
| Sub-claim | Description | Tool |
|
|
30
|
+
|-----------|-------------|------|
|
|
31
|
+
| 5 | Phantom execution on drift | aga_quarantine_status |
|
|
32
|
+
|
|
33
|
+
## Claim 6: TTL Expiration
|
|
34
|
+
| Sub-claim | Description | Tool |
|
|
35
|
+
|-----------|-------------|------|
|
|
36
|
+
| 6 | Fail-closed on TTL expiry | aga_measure_subject |
|
|
37
|
+
|
|
38
|
+
## Claim 9: Evidence Bundle
|
|
39
|
+
| Sub-claim | Description | Tool |
|
|
40
|
+
|-----------|-------------|------|
|
|
41
|
+
| 9 | Offline-verifiable evidence bundle | aga_export_bundle |
|
|
42
|
+
|
|
43
|
+
## Claim 10: Pinned Key
|
|
44
|
+
| Sub-claim | Description | Tool |
|
|
45
|
+
|-----------|-------------|------|
|
|
46
|
+
| 10 | Portal pins issuer public key | aga_create_artifact |
|
|
47
|
+
|
|
48
|
+
## Claim 11: Phantom Execution
|
|
49
|
+
| Sub-claim | Description | Tool |
|
|
50
|
+
|-----------|-------------|------|
|
|
51
|
+
| 11 | Forensic input capture during quarantine | aga_quarantine_status |
|
|
52
|
+
|
|
53
|
+
## Claim 12: Graceful Degradation
|
|
54
|
+
| Sub-claim | Description | Tool |
|
|
55
|
+
|-----------|-------------|------|
|
|
56
|
+
| 12 | TTL + fail-closed termination | aga_measure_subject |
|
|
57
|
+
|
|
58
|
+
## Additional (NCCoE Filing)
|
|
59
|
+
| Feature | Description | Tool |
|
|
60
|
+
|---------|-------------|------|
|
|
61
|
+
| Mid-session revocation | NCCoE Phase 3b | aga_revoke_artifact |
|
|
62
|
+
| Behavioral drift | NIST-2025-0035 | aga_measure_behavior |
|
|
63
|
+
| Constrained delegation | NCCoE constrained sub-mandates | aga_delegate_subagent |
|
|
64
|
+
| Key rotation | Key lifecycle management | aga_rotate_keys |
|
|
65
|
+
`;
|
|
66
|
+
export const PATENT_CLAIMS_URI = 'aga://patent-claims';
|
|
67
|
+
//# sourceMappingURL=patent-claims.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"patent-claims.js","sourceRoot":"","sources":["../../src/resources/patent-claims.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,iBAAiB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgEhC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,qBAAqB,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sample-bundle.d.ts","sourceRoot":"","sources":["../../src/resources/sample-bundle.ts"],"names":[],"mappings":"AAgBA,wBAAgB,oBAAoB,IAAI;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CA8C9E;AAED,eAAO,MAAM,iBAAiB,wBAAwB,CAAC"}
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Sample Evidence Bundle: generates a real, cryptographically signed bundle.
|
|
3
|
+
* Can be verified with aga_verify_bundle.
|
|
4
|
+
*/
|
|
5
|
+
import { generateKeyPair, pkToHex } from '../crypto/sign.js';
|
|
6
|
+
import { sha256Str } from '../crypto/hash.js';
|
|
7
|
+
import { computeSubjectIdFromString } from '../core/subject.js';
|
|
8
|
+
import { performAttestation } from '../core/attestation.js';
|
|
9
|
+
import { generateArtifact, hashArtifact } from '../core/artifact.js';
|
|
10
|
+
import { generateReceipt } from '../core/receipt.js';
|
|
11
|
+
import { createGenesisEvent, appendEvent } from '../core/chain.js';
|
|
12
|
+
import { createCheckpoint, eventInclusionProof } from '../core/checkpoint.js';
|
|
13
|
+
import { generateBundle } from '../core/bundle.js';
|
|
14
|
+
let cachedBundle = null;
|
|
15
|
+
export function generateSampleBundle() {
|
|
16
|
+
if (cachedBundle)
|
|
17
|
+
return cachedBundle;
|
|
18
|
+
const issuerKP = generateKeyPair();
|
|
19
|
+
const portalKP = generateKeyPair();
|
|
20
|
+
const chainKP = generateKeyPair();
|
|
21
|
+
const content = 'def sample_agent(): return task.execute()';
|
|
22
|
+
const meta = { filename: 'sample_agent.py', version: '1.0.0' };
|
|
23
|
+
const subId = computeSubjectIdFromString(content, meta);
|
|
24
|
+
const policyRef = sha256Str('sample-policy');
|
|
25
|
+
const att = performAttestation({ subject_identifier: subId, policy_reference: policyRef, evidence_items: [] });
|
|
26
|
+
const artifact = generateArtifact({
|
|
27
|
+
subject_identifier: subId, policy_reference: policyRef, policy_version: 1,
|
|
28
|
+
sealed_hash: att.sealed_hash, seal_salt: att.seal_salt,
|
|
29
|
+
enforcement_parameters: {
|
|
30
|
+
measurement_cadence_ms: 1000, ttl_seconds: 3600,
|
|
31
|
+
enforcement_triggers: ['QUARANTINE', 'TERMINATE'],
|
|
32
|
+
re_attestation_required: true, measurement_types: ['EXECUTABLE_IMAGE'],
|
|
33
|
+
},
|
|
34
|
+
disclosure_policy: { claims_taxonomy: [], substitution_rules: [] },
|
|
35
|
+
evidence_commitments: att.evidence_commitments, issuer_keypair: issuerKP,
|
|
36
|
+
});
|
|
37
|
+
const artRef = hashArtifact(artifact);
|
|
38
|
+
const receipt = generateReceipt({
|
|
39
|
+
subjectId: subId, artifactRef: artRef,
|
|
40
|
+
currentHash: subId.bytes_hash, sealedHash: subId.bytes_hash,
|
|
41
|
+
driftDetected: false, driftDescription: null, action: null,
|
|
42
|
+
measurementType: 'EXECUTABLE_IMAGE', seq: 1, prevLeaf: null, portalKP,
|
|
43
|
+
});
|
|
44
|
+
const genesis = createGenesisEvent(chainKP, sha256Str('AGA-Spec'));
|
|
45
|
+
const e1 = appendEvent('POLICY_ISSUANCE', { artifact_hash: artRef }, genesis, chainKP);
|
|
46
|
+
const e2 = appendEvent('INTERACTION_RECEIPT', { receipt_id: receipt.receipt_id }, e1, chainKP);
|
|
47
|
+
const chain = [genesis, e1, e2];
|
|
48
|
+
const { checkpoint } = createCheckpoint(chain);
|
|
49
|
+
const proof = eventInclusionProof(chain, e1.sequence_number);
|
|
50
|
+
const bundle = generateBundle(artifact, [receipt], [proof], checkpoint, portalKP);
|
|
51
|
+
cachedBundle = {
|
|
52
|
+
bundle: JSON.stringify(bundle, null, 2),
|
|
53
|
+
issuerPkHex: pkToHex(issuerKP.publicKey),
|
|
54
|
+
};
|
|
55
|
+
return cachedBundle;
|
|
56
|
+
}
|
|
57
|
+
export const SAMPLE_BUNDLE_URI = 'aga://sample-bundle';
|
|
58
|
+
//# sourceMappingURL=sample-bundle.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sample-bundle.js","sourceRoot":"","sources":["../../src/resources/sample-bundle.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC7D,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,0BAA0B,EAAE,MAAM,oBAAoB,CAAC;AAChE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACrE,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACnE,OAAO,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC9E,OAAO,EAAE,cAAc,EAAuB,MAAM,mBAAmB,CAAC;AAExE,IAAI,YAAY,GAAmD,IAAI,CAAC;AAExE,MAAM,UAAU,oBAAoB;IAClC,IAAI,YAAY;QAAE,OAAO,YAAY,CAAC;IAEtC,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,MAAM,OAAO,GAAG,eAAe,EAAE,CAAC;IAElC,MAAM,OAAO,GAAG,2CAA2C,CAAC;IAC5D,MAAM,IAAI,GAAG,EAAE,QAAQ,EAAE,iBAAiB,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC;IAC/D,MAAM,KAAK,GAAG,0BAA0B,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;IACxD,MAAM,SAAS,GAAG,SAAS,CAAC,eAAe,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAG,kBAAkB,CAAC,EAAE,kBAAkB,EAAE,KAAK,EAAE,gBAAgB,EAAE,SAAS,EAAE,cAAc,EAAE,EAAE,EAAE,CAAC,CAAC;IAE/G,MAAM,QAAQ,GAAG,gBAAgB,CAAC;QAChC,kBAAkB,EAAE,KAAK,EAAE,gBAAgB,EAAE,SAAS,EAAE,cAAc,EAAE,CAAC;QACzE,WAAW,EAAE,GAAG,CAAC,WAAY,EAAE,SAAS,EAAE,GAAG,CAAC,SAAU;QACxD,sBAAsB,EAAE;YACtB,sBAAsB,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI;YAC/C,oBAAoB,EAAE,CAAC,YAAY,EAAE,WAAW,CAAC;YACjD,uBAAuB,EAAE,IAAI,EAAE,iBAAiB,EAAE,CAAC,kBAAkB,CAAC;SACvE;QACD,iBAAiB,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,kBAAkB,EAAE,EAAE,EAAE;QAClE,oBAAoB,EAAE,GAAG,CAAC,oBAAoB,EAAE,cAAc,EAAE,QAAQ;KACzE,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,eAAe,CAAC;QAC9B,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,MAAM;QACrC,WAAW,EAAE,KAAK,CAAC,UAAU,EAAE,UAAU,EAAE,KAAK,CAAC,UAAU;QAC3D,aAAa,EAAE,KAAK,EAAE,gBAAgB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI;QAC1D,eAAe,EAAE,kBAAkB,EAAE,GAAG,EAAE,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ;KACtE,CAAC,CAAC;IAEH,MAAM,OAAO,GAAG,kBAAkB,CAAC,OAAO,EAAE,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC;IACnE,MAAM,EAAE,GAAG,WAAW,CAAC,iBAAiB,EAAE,EAAE,aAAa,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;IACvF,MAAM,EAAE,GAAG,WAAW,CAAC,qBAAqB,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,OAAO,CAAC,CAAC;IAC/F,MAAM,KAAK,GAAG,CAAC,OAAO,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAChC,MAAM,EAAE,UAAU,EAAE,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC;IAC/C,MAAM,KAAK,GAAG,mBAAmB,CAAC,KAAK,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC;IAC7D,MAAM,MAAM,GAAG,cAAc,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;IAElF,YAAY,GAAG;QACb,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;QACvC,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC;KACzC,CAAC;IACF,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,qBAAqB,CAAC"}
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
export declare const PROTOCOL_SPECIFICATION = "# Attested Governance Artifact (AGA) Protocol Specification v2.0.0\n\n## Patent Reference\nUSPTO Application No. 19/433,835\n\n## NIST References\n- NIST-2025-0035: AI Agent Transparency and Accountability\n- NCCoE AI Agent Identity and Authorization\n\n## Protocol Overview\nThe AGA protocol provides cryptographic governance for autonomous AI systems through:\n1. **Sealed Hash Attestation** - SHA-256(bytes_hash || metadata_hash || policy_ref || seal_salt)\n2. **Continuity Chain** - Tamper-evident append-only event log with privacy-preserving leaf hashes\n3. **Portal State Machine** - Zero-trust Policy Enforcement Point (7 states, fail-closed)\n4. **Signed Receipts** - Ed25519-signed measurement receipt for EVERY measurement\n5. **Evidence Bundles** - Offline-verifiable packages with Merkle inclusion proofs\n\n## 10 Measurement Embodiments\n1. EXECUTABLE_IMAGE - Runtime binary or script content\n2. LOADED_MODULES - Dynamic libraries and plugins\n3. CONTAINER_IMAGE - Container image manifest hash\n4. CONFIG_MANIFEST - Configuration file integrity\n5. SBOM - Software Bill of Materials verification\n6. TEE_QUOTE - Trusted Execution Environment attestation\n7. MEMORY_REGIONS - Runtime memory layout verification\n8. CONTROL_FLOW - Execution path integrity\n9. FILE_SYSTEM_STATE - Filesystem integrity monitoring\n10. NETWORK_CONFIG - Network configuration baseline\n\n## 6 Portal States\n1. INITIALIZATION - Server started, no artifact loaded\n2. ARTIFACT_VERIFICATION - Verifying artifact signature and validity\n3. ACTIVE_MONITORING - Operational, measurements occurring\n4. DRIFT_DETECTED - Hash mismatch detected, enforcement pending\n5. PHANTOM_QUARANTINE - Forensic capture mode, outputs severed\n6. TERMINATED - Fail-closed, no recovery without re-attestation\n\nPlus SAFE_STATE for graceful degradation on revocation.\n\n## 7 Enforcement Actions\n1. QUARANTINE - Phantom execution with forensic capture\n2. TERMINATE - Immediate kill, fail-closed\n3. SAFE_STATE - Return-to-home / controlled shutdown\n4. NETWORK_ISOLATE - Sever network, continue local\n5. KEY_REVOKE - Invalidate cryptographic keys\n6. TOKEN_INVALIDATE - Revoke access tokens\n7. ALERT_ONLY - Log without enforcement (gradual deployment)\n\n## 3 Verification Tiers\n| Tier | Description | Trust Assumption |\n|------|-------------|-----------------|\n| Bronze | Cryptographic signatures only | Trust signing keys |\n| Silver | Signatures + continuity chain | Trust chain operator + keys |\n| Gold | Full verification with blockchain-anchored Merkle proofs | Minimal trust - external anchor |\n\n## 3 Disclosure Modes\n1. PROOF_ONLY - Returns boolean attestation without revealing the value\n2. REVEAL_MIN - Returns minimal representation (e.g., range instead of exact value)\n3. REVEAL_FULL - Returns the complete claim value\n\n## Leaf Hash Formula (Claim 3c - Privacy Innovation)\n```\nleaf_hash = SHA-256(\n schema_version || \"||\" || protocol_version || \"||\" ||\n event_type || \"||\" || event_id || \"||\" ||\n sequence_number || \"||\" || timestamp || \"||\" ||\n previous_leaf_hash\n)\n```\n**PAYLOAD IS EXCLUDED from the leaf hash.** This is the key patent innovation - chain integrity can be verified without revealing the contents of any event. Only the structural metadata participates in the hash. The payload is separately integrity-protected via event_signature.\n\n## SPIFFE/SPIRE Integration Point\nSPIRE handles node-to-workload identity (SVID); AGA handles workload-to-intent governance. SPIFFE provides transport-layer identity binding via SVIDs (SPIFFE Verifiable Identity Documents). AGA binds governance policy to the workload's operational intent, creating a complementary layer:\n- SPIFFE: \"This workload IS who it claims to be\" (identity)\n- AGA: \"This workload IS DOING what it was attested to do\" (governance)\n\n## Framework Alignment\n| Framework | AGA Alignment |\n|-----------|--------------|\n| NIST SP 800-53 | SI-7 (Software Integrity), AU-10 (Non-repudiation), SI-4 (Monitoring) |\n| NIST AI RMF | Govern \u2192 Policy Artifacts; Map \u2192 Subject ID; Measure \u2192 Portal + Receipts; Manage \u2192 Enforcement |\n| NIST SP 800-57 | Key management for Ed25519 signing keys |\n| NIST SSDF (SP 800-218) | Software supply chain integrity via sealed hash attestation |\n| NIST SP 800-207 (ZTA) | Zero Trust Architecture - portal as Policy Enforcement Point, never trust, always verify |\n| ISO 42001 | AI management system - governance artifacts as compliance evidence |\n| EU AI Act | High-risk AI system transparency via evidence bundles |\n\n## Cryptographic Primitives\n- **Hashing:** SHA-256 (primary), BLAKE2b-256 (secondary)\n- **Signing:** Ed25519 via @noble/ed25519\n- **Salts:** 128-bit CSPRNG via @noble/hashes/utils\n- **Merkle Trees:** SHA-256 binary tree with inclusion proofs\n- **Serialization:** RFC 8785 deterministic JSON (sorted keys)\n\n## Event Types (12)\nGENESIS, POLICY_ISSUANCE, INTERACTION_RECEIPT, REVOCATION, ATTESTATION,\nANCHOR_BATCH, DISCLOSURE, SUBSTITUTION, KEY_ROTATION, BEHAVIORAL_DRIFT,\nDELEGATION, RE_ATTESTATION\n\n## 4 Sensitivity Levels\n- S1_LOW - Can be revealed fully\n- S2_MODERATE - Can be revealed minimally or proved\n- S3_HIGH - Proof only, auto-substitutes to lower sensitivity\n- S4_CRITICAL - Maximum protection, proof only, cascading substitution\n";
|
|
2
|
+
export declare const SPECIFICATION_URI = "aga://specification";
|
|
3
|
+
//# sourceMappingURL=specification.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"specification.d.ts","sourceRoot":"","sources":["../../src/resources/specification.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,sBAAsB,6tKAwGlC,CAAC;AAEF,eAAO,MAAM,iBAAiB,wBAAwB,CAAC"}
|