@attested-intelligence/aga-mcp-server 0.1.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (194) hide show
  1. package/PATENTS.md +28 -0
  2. package/README.md +84 -23
  3. package/dist/context.d.ts +39 -0
  4. package/dist/context.d.ts.map +1 -0
  5. package/dist/context.js +113 -0
  6. package/dist/context.js.map +1 -0
  7. package/dist/core/identity.d.ts +14 -0
  8. package/dist/core/identity.d.ts.map +1 -0
  9. package/dist/core/identity.js +16 -0
  10. package/dist/core/identity.js.map +1 -0
  11. package/dist/core/index.d.ts +3 -0
  12. package/dist/core/index.d.ts.map +1 -1
  13. package/dist/core/index.js +3 -0
  14. package/dist/core/index.js.map +1 -1
  15. package/dist/core/measurement.d.ts +16 -0
  16. package/dist/core/measurement.d.ts.map +1 -0
  17. package/dist/core/measurement.js +18 -0
  18. package/dist/core/measurement.js.map +1 -0
  19. package/dist/core/portal.d.ts +1 -1
  20. package/dist/core/portal.d.ts.map +1 -1
  21. package/dist/core/portal.js +10 -5
  22. package/dist/core/portal.js.map +1 -1
  23. package/dist/core/types.d.ts +2 -2
  24. package/dist/core/types.d.ts.map +1 -1
  25. package/dist/crypto/canonicalize.d.ts +7 -0
  26. package/dist/crypto/canonicalize.d.ts.map +1 -0
  27. package/dist/crypto/canonicalize.js +21 -0
  28. package/dist/crypto/canonicalize.js.map +1 -0
  29. package/dist/crypto/index.d.ts +6 -5
  30. package/dist/crypto/index.d.ts.map +1 -1
  31. package/dist/crypto/index.js +6 -5
  32. package/dist/crypto/index.js.map +1 -1
  33. package/dist/crypto/keys.d.ts +10 -0
  34. package/dist/crypto/keys.d.ts.map +1 -0
  35. package/dist/crypto/keys.js +19 -0
  36. package/dist/crypto/keys.js.map +1 -0
  37. package/dist/index.js +1 -1
  38. package/dist/index.js.map +1 -1
  39. package/dist/middleware/governance.d.ts +1 -7
  40. package/dist/middleware/governance.d.ts.map +1 -1
  41. package/dist/middleware/governance.js +11 -18
  42. package/dist/middleware/governance.js.map +1 -1
  43. package/dist/prompts/drift-analysis.d.ts +13 -0
  44. package/dist/prompts/drift-analysis.d.ts.map +1 -0
  45. package/dist/prompts/drift-analysis.js +43 -0
  46. package/dist/prompts/drift-analysis.js.map +1 -0
  47. package/dist/prompts/governance-report.d.ts +7 -0
  48. package/dist/prompts/governance-report.d.ts.map +1 -0
  49. package/dist/prompts/governance-report.js +26 -0
  50. package/dist/prompts/governance-report.js.map +1 -0
  51. package/dist/prompts/nccoe-demo.d.ts +14 -0
  52. package/dist/prompts/nccoe-demo.d.ts.map +1 -0
  53. package/dist/prompts/nccoe-demo.js +48 -0
  54. package/dist/prompts/nccoe-demo.js.map +1 -0
  55. package/dist/resources/crypto-primitives.d.ts +3 -0
  56. package/dist/resources/crypto-primitives.d.ts.map +1 -0
  57. package/dist/resources/crypto-primitives.js +52 -0
  58. package/dist/resources/crypto-primitives.js.map +1 -0
  59. package/dist/resources/patent-claims.d.ts +3 -0
  60. package/dist/resources/patent-claims.d.ts.map +1 -0
  61. package/dist/resources/patent-claims.js +67 -0
  62. package/dist/resources/patent-claims.js.map +1 -0
  63. package/dist/resources/sample-bundle.d.ts +6 -0
  64. package/dist/resources/sample-bundle.d.ts.map +1 -0
  65. package/dist/resources/sample-bundle.js +58 -0
  66. package/dist/resources/sample-bundle.js.map +1 -0
  67. package/dist/resources/specification.d.ts +3 -0
  68. package/dist/resources/specification.d.ts.map +1 -0
  69. package/dist/resources/specification.js +107 -0
  70. package/dist/resources/specification.js.map +1 -0
  71. package/dist/server.d.ts +4 -7
  72. package/dist/server.d.ts.map +1 -1
  73. package/dist/server.js +217 -343
  74. package/dist/server.js.map +1 -1
  75. package/dist/storage/sqlite.js +1 -1
  76. package/dist/tools/create-artifact.d.ts +25 -0
  77. package/dist/tools/create-artifact.d.ts.map +1 -0
  78. package/dist/tools/create-artifact.js +85 -0
  79. package/dist/tools/create-artifact.js.map +1 -0
  80. package/dist/tools/delegate-subagent.d.ts +18 -0
  81. package/dist/tools/delegate-subagent.d.ts.map +1 -0
  82. package/dist/tools/delegate-subagent.js +50 -0
  83. package/dist/tools/delegate-subagent.js.map +1 -0
  84. package/dist/tools/disclose-claim.d.ts +14 -0
  85. package/dist/tools/disclose-claim.d.ts.map +1 -0
  86. package/dist/tools/disclose-claim.js +23 -0
  87. package/dist/tools/disclose-claim.js.map +1 -0
  88. package/dist/tools/export-bundle.d.ts +8 -0
  89. package/dist/tools/export-bundle.d.ts.map +1 -0
  90. package/dist/tools/export-bundle.js +25 -0
  91. package/dist/tools/export-bundle.js.map +1 -0
  92. package/dist/tools/full-lifecycle.d.ts +16 -0
  93. package/dist/tools/full-lifecycle.d.ts.map +1 -0
  94. package/dist/tools/full-lifecycle.js +121 -0
  95. package/dist/tools/full-lifecycle.js.map +1 -0
  96. package/dist/tools/generate-receipt.d.ts +16 -0
  97. package/dist/tools/generate-receipt.d.ts.map +1 -0
  98. package/dist/tools/generate-receipt.js +31 -0
  99. package/dist/tools/generate-receipt.js.map +1 -0
  100. package/dist/tools/get-chain.d.ts +14 -0
  101. package/dist/tools/get-chain.d.ts.map +1 -0
  102. package/dist/tools/get-chain.js +45 -0
  103. package/dist/tools/get-chain.js.map +1 -0
  104. package/dist/tools/get-portal-state.d.ts +8 -0
  105. package/dist/tools/get-portal-state.d.ts.map +1 -0
  106. package/dist/tools/get-portal-state.js +15 -0
  107. package/dist/tools/get-portal-state.js.map +1 -0
  108. package/dist/tools/init-chain.d.ts +10 -0
  109. package/dist/tools/init-chain.d.ts.map +1 -0
  110. package/dist/tools/init-chain.js +13 -0
  111. package/dist/tools/init-chain.js.map +1 -0
  112. package/dist/tools/measure-behavior.d.ts +12 -0
  113. package/dist/tools/measure-behavior.d.ts.map +1 -0
  114. package/dist/tools/measure-behavior.js +29 -0
  115. package/dist/tools/measure-behavior.js.map +1 -0
  116. package/dist/tools/measure-subject.d.ts +15 -0
  117. package/dist/tools/measure-subject.d.ts.map +1 -0
  118. package/dist/tools/measure-subject.js +106 -0
  119. package/dist/tools/measure-subject.js.map +1 -0
  120. package/dist/tools/quarantine-status.d.ts +8 -0
  121. package/dist/tools/quarantine-status.d.ts.map +1 -0
  122. package/dist/tools/quarantine-status.js +16 -0
  123. package/dist/tools/quarantine-status.js.map +1 -0
  124. package/dist/tools/revoke-artifact.d.ts +13 -0
  125. package/dist/tools/revoke-artifact.d.ts.map +1 -0
  126. package/dist/tools/revoke-artifact.js +24 -0
  127. package/dist/tools/revoke-artifact.js.map +1 -0
  128. package/dist/tools/rotate-keys.d.ts +13 -0
  129. package/dist/tools/rotate-keys.d.ts.map +1 -0
  130. package/dist/tools/rotate-keys.js +39 -0
  131. package/dist/tools/rotate-keys.js.map +1 -0
  132. package/dist/tools/server-info.d.ts +8 -0
  133. package/dist/tools/server-info.d.ts.map +1 -0
  134. package/dist/tools/server-info.js +24 -0
  135. package/dist/tools/server-info.js.map +1 -0
  136. package/dist/tools/set-verification-tier.d.ts +11 -0
  137. package/dist/tools/set-verification-tier.d.ts.map +1 -0
  138. package/dist/tools/set-verification-tier.js +31 -0
  139. package/dist/tools/set-verification-tier.js.map +1 -0
  140. package/dist/tools/start-monitoring.d.ts +12 -0
  141. package/dist/tools/start-monitoring.d.ts.map +1 -0
  142. package/dist/tools/start-monitoring.js +17 -0
  143. package/dist/tools/start-monitoring.js.map +1 -0
  144. package/dist/tools/trigger-measurement.d.ts +15 -0
  145. package/dist/tools/trigger-measurement.d.ts.map +1 -0
  146. package/dist/tools/trigger-measurement.js +86 -0
  147. package/dist/tools/trigger-measurement.js.map +1 -0
  148. package/dist/tools/verify-artifact.d.ts +13 -0
  149. package/dist/tools/verify-artifact.d.ts.map +1 -0
  150. package/dist/tools/verify-artifact.js +6 -0
  151. package/dist/tools/verify-artifact.js.map +1 -0
  152. package/dist/tools/verify-bundle.d.ts +13 -0
  153. package/dist/tools/verify-bundle.d.ts.map +1 -0
  154. package/dist/tools/verify-bundle.js +6 -0
  155. package/dist/tools/verify-bundle.js.map +1 -0
  156. package/dist/types.d.ts +262 -0
  157. package/dist/types.d.ts.map +1 -0
  158. package/dist/types.js +9 -0
  159. package/dist/types.js.map +1 -0
  160. package/package.json +33 -6
  161. package/AGA_MCP_SERVER_SPEC.md +0 -632
  162. package/src/core/artifact.ts +0 -45
  163. package/src/core/attestation.ts +0 -33
  164. package/src/core/behavioral.ts +0 -132
  165. package/src/core/bundle.ts +0 -31
  166. package/src/core/chain.ts +0 -72
  167. package/src/core/checkpoint.ts +0 -22
  168. package/src/core/delegation.ts +0 -146
  169. package/src/core/disclosure.ts +0 -32
  170. package/src/core/index.ts +0 -11
  171. package/src/core/portal.ts +0 -96
  172. package/src/core/quarantine.ts +0 -16
  173. package/src/core/receipt.ts +0 -33
  174. package/src/core/subject.ts +0 -11
  175. package/src/core/types.ts +0 -244
  176. package/src/crypto/hash.ts +0 -33
  177. package/src/crypto/index.ts +0 -5
  178. package/src/crypto/merkle.ts +0 -43
  179. package/src/crypto/salt.ts +0 -18
  180. package/src/crypto/sign.ts +0 -35
  181. package/src/crypto/types.ts +0 -19
  182. package/src/index.ts +0 -12
  183. package/src/middleware/governance.ts +0 -95
  184. package/src/middleware/index.ts +0 -1
  185. package/src/server.ts +0 -436
  186. package/src/storage/index.ts +0 -3
  187. package/src/storage/interface.ts +0 -21
  188. package/src/storage/memory.ts +0 -27
  189. package/src/storage/sqlite.ts +0 -45
  190. package/src/tools/README.md +0 -13
  191. package/src/utils/canonical.ts +0 -14
  192. package/src/utils/constants.ts +0 -3
  193. package/src/utils/timestamp.ts +0 -12
  194. package/src/utils/uuid.ts +0 -2
@@ -0,0 +1,107 @@
1
+ export const PROTOCOL_SPECIFICATION = `# Attested Governance Artifact (AGA) Protocol Specification v2.0.0
2
+
3
+ ## Patent Reference
4
+ USPTO Application No. 19/433,835
5
+
6
+ ## NIST References
7
+ - NIST-2025-0035: AI Agent Transparency and Accountability
8
+ - NCCoE AI Agent Identity and Authorization
9
+
10
+ ## Protocol Overview
11
+ The AGA protocol provides cryptographic governance for autonomous AI systems through:
12
+ 1. **Sealed Hash Attestation** - SHA-256(bytes_hash || metadata_hash || policy_ref || seal_salt)
13
+ 2. **Continuity Chain** - Tamper-evident append-only event log with privacy-preserving leaf hashes
14
+ 3. **Portal State Machine** - Zero-trust Policy Enforcement Point (7 states, fail-closed)
15
+ 4. **Signed Receipts** - Ed25519-signed measurement receipt for EVERY measurement
16
+ 5. **Evidence Bundles** - Offline-verifiable packages with Merkle inclusion proofs
17
+
18
+ ## 10 Measurement Embodiments
19
+ 1. EXECUTABLE_IMAGE - Runtime binary or script content
20
+ 2. LOADED_MODULES - Dynamic libraries and plugins
21
+ 3. CONTAINER_IMAGE - Container image manifest hash
22
+ 4. CONFIG_MANIFEST - Configuration file integrity
23
+ 5. SBOM - Software Bill of Materials verification
24
+ 6. TEE_QUOTE - Trusted Execution Environment attestation
25
+ 7. MEMORY_REGIONS - Runtime memory layout verification
26
+ 8. CONTROL_FLOW - Execution path integrity
27
+ 9. FILE_SYSTEM_STATE - Filesystem integrity monitoring
28
+ 10. NETWORK_CONFIG - Network configuration baseline
29
+
30
+ ## 6 Portal States
31
+ 1. INITIALIZATION - Server started, no artifact loaded
32
+ 2. ARTIFACT_VERIFICATION - Verifying artifact signature and validity
33
+ 3. ACTIVE_MONITORING - Operational, measurements occurring
34
+ 4. DRIFT_DETECTED - Hash mismatch detected, enforcement pending
35
+ 5. PHANTOM_QUARANTINE - Forensic capture mode, outputs severed
36
+ 6. TERMINATED - Fail-closed, no recovery without re-attestation
37
+
38
+ Plus SAFE_STATE for graceful degradation on revocation.
39
+
40
+ ## 7 Enforcement Actions
41
+ 1. QUARANTINE - Phantom execution with forensic capture
42
+ 2. TERMINATE - Immediate kill, fail-closed
43
+ 3. SAFE_STATE - Return-to-home / controlled shutdown
44
+ 4. NETWORK_ISOLATE - Sever network, continue local
45
+ 5. KEY_REVOKE - Invalidate cryptographic keys
46
+ 6. TOKEN_INVALIDATE - Revoke access tokens
47
+ 7. ALERT_ONLY - Log without enforcement (gradual deployment)
48
+
49
+ ## 3 Verification Tiers
50
+ | Tier | Description | Trust Assumption |
51
+ |------|-------------|-----------------|
52
+ | Bronze | Cryptographic signatures only | Trust signing keys |
53
+ | Silver | Signatures + continuity chain | Trust chain operator + keys |
54
+ | Gold | Full verification with blockchain-anchored Merkle proofs | Minimal trust - external anchor |
55
+
56
+ ## 3 Disclosure Modes
57
+ 1. PROOF_ONLY - Returns boolean attestation without revealing the value
58
+ 2. REVEAL_MIN - Returns minimal representation (e.g., range instead of exact value)
59
+ 3. REVEAL_FULL - Returns the complete claim value
60
+
61
+ ## Leaf Hash Formula (Claim 3c - Privacy Innovation)
62
+ \`\`\`
63
+ leaf_hash = SHA-256(
64
+ schema_version || "||" || protocol_version || "||" ||
65
+ event_type || "||" || event_id || "||" ||
66
+ sequence_number || "||" || timestamp || "||" ||
67
+ previous_leaf_hash
68
+ )
69
+ \`\`\`
70
+ **PAYLOAD IS EXCLUDED from the leaf hash.** This is the key patent innovation - chain integrity can be verified without revealing the contents of any event. Only the structural metadata participates in the hash. The payload is separately integrity-protected via event_signature.
71
+
72
+ ## SPIFFE/SPIRE Integration Point
73
+ SPIRE handles node-to-workload identity (SVID); AGA handles workload-to-intent governance. SPIFFE provides transport-layer identity binding via SVIDs (SPIFFE Verifiable Identity Documents). AGA binds governance policy to the workload's operational intent, creating a complementary layer:
74
+ - SPIFFE: "This workload IS who it claims to be" (identity)
75
+ - AGA: "This workload IS DOING what it was attested to do" (governance)
76
+
77
+ ## Framework Alignment
78
+ | Framework | AGA Alignment |
79
+ |-----------|--------------|
80
+ | NIST SP 800-53 | SI-7 (Software Integrity), AU-10 (Non-repudiation), SI-4 (Monitoring) |
81
+ | NIST AI RMF | Govern → Policy Artifacts; Map → Subject ID; Measure → Portal + Receipts; Manage → Enforcement |
82
+ | NIST SP 800-57 | Key management for Ed25519 signing keys |
83
+ | NIST SSDF (SP 800-218) | Software supply chain integrity via sealed hash attestation |
84
+ | NIST SP 800-207 (ZTA) | Zero Trust Architecture - portal as Policy Enforcement Point, never trust, always verify |
85
+ | ISO 42001 | AI management system - governance artifacts as compliance evidence |
86
+ | EU AI Act | High-risk AI system transparency via evidence bundles |
87
+
88
+ ## Cryptographic Primitives
89
+ - **Hashing:** SHA-256 (primary), BLAKE2b-256 (secondary)
90
+ - **Signing:** Ed25519 via @noble/ed25519
91
+ - **Salts:** 128-bit CSPRNG via @noble/hashes/utils
92
+ - **Merkle Trees:** SHA-256 binary tree with inclusion proofs
93
+ - **Serialization:** RFC 8785 deterministic JSON (sorted keys)
94
+
95
+ ## Event Types (12)
96
+ GENESIS, POLICY_ISSUANCE, INTERACTION_RECEIPT, REVOCATION, ATTESTATION,
97
+ ANCHOR_BATCH, DISCLOSURE, SUBSTITUTION, KEY_ROTATION, BEHAVIORAL_DRIFT,
98
+ DELEGATION, RE_ATTESTATION
99
+
100
+ ## 4 Sensitivity Levels
101
+ - S1_LOW - Can be revealed fully
102
+ - S2_MODERATE - Can be revealed minimally or proved
103
+ - S3_HIGH - Proof only, auto-substitutes to lower sensitivity
104
+ - S4_CRITICAL - Maximum protection, proof only, cascading substitution
105
+ `;
106
+ export const SPECIFICATION_URI = 'aga://specification';
107
+ //# sourceMappingURL=specification.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"specification.js","sourceRoot":"","sources":["../../src/resources/specification.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,sBAAsB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAwGrC,CAAC;AAEF,MAAM,CAAC,MAAM,iBAAiB,GAAG,qBAAqB,CAAC"}
package/dist/server.d.ts CHANGED
@@ -1,12 +1,9 @@
1
1
  /**
2
- * AGA MCP Server. The Portal (ref 150) as an MCP service.
2
+ * AGA MCP Server V2.0.0 - The Portal (ref 150) as an MCP service.
3
3
  *
4
- * V3 NIST-aligned behaviors:
5
- * 1. Every measurement generates a receipt (match OR mismatch)
6
- * 2. TTL checked on every measurement (fail-closed)
7
- * 3. Mid-session revocation via revoke_artifact tool
8
- * 4. Governance middleware: portal state checked before tool execution
9
- * 5. Auto-chaining: every operation writes to continuity chain
4
+ * 20 tools, 4 resources, 3 prompts.
5
+ * USPTO Application No. 19/433,835
6
+ * NIST-2025-0035, NCCoE AI Agent Identity and Authorization
10
7
  */
11
8
  import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
12
9
  export declare function createAGAServer(): Promise<McpServer>;
@@ -1 +1 @@
1
- {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAiDpE,wBAAsB,eAAe,IAAI,OAAO,CAAC,SAAS,CAAC,CAwX1D"}
1
+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAwCpE,wBAAsB,eAAe,IAAI,OAAO,CAAC,SAAS,CAAC,CAwW1D"}