@attested-intelligence/aga-mcp-server 0.1.1 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (194) hide show
  1. package/PATENTS.md +28 -0
  2. package/README.md +84 -23
  3. package/dist/context.d.ts +39 -0
  4. package/dist/context.d.ts.map +1 -0
  5. package/dist/context.js +113 -0
  6. package/dist/context.js.map +1 -0
  7. package/dist/core/identity.d.ts +14 -0
  8. package/dist/core/identity.d.ts.map +1 -0
  9. package/dist/core/identity.js +16 -0
  10. package/dist/core/identity.js.map +1 -0
  11. package/dist/core/index.d.ts +3 -0
  12. package/dist/core/index.d.ts.map +1 -1
  13. package/dist/core/index.js +3 -0
  14. package/dist/core/index.js.map +1 -1
  15. package/dist/core/measurement.d.ts +16 -0
  16. package/dist/core/measurement.d.ts.map +1 -0
  17. package/dist/core/measurement.js +18 -0
  18. package/dist/core/measurement.js.map +1 -0
  19. package/dist/core/portal.d.ts +1 -1
  20. package/dist/core/portal.d.ts.map +1 -1
  21. package/dist/core/portal.js +10 -5
  22. package/dist/core/portal.js.map +1 -1
  23. package/dist/core/types.d.ts +2 -2
  24. package/dist/core/types.d.ts.map +1 -1
  25. package/dist/crypto/canonicalize.d.ts +7 -0
  26. package/dist/crypto/canonicalize.d.ts.map +1 -0
  27. package/dist/crypto/canonicalize.js +21 -0
  28. package/dist/crypto/canonicalize.js.map +1 -0
  29. package/dist/crypto/index.d.ts +6 -5
  30. package/dist/crypto/index.d.ts.map +1 -1
  31. package/dist/crypto/index.js +6 -5
  32. package/dist/crypto/index.js.map +1 -1
  33. package/dist/crypto/keys.d.ts +10 -0
  34. package/dist/crypto/keys.d.ts.map +1 -0
  35. package/dist/crypto/keys.js +19 -0
  36. package/dist/crypto/keys.js.map +1 -0
  37. package/dist/index.js +1 -1
  38. package/dist/index.js.map +1 -1
  39. package/dist/middleware/governance.d.ts +1 -7
  40. package/dist/middleware/governance.d.ts.map +1 -1
  41. package/dist/middleware/governance.js +11 -18
  42. package/dist/middleware/governance.js.map +1 -1
  43. package/dist/prompts/drift-analysis.d.ts +13 -0
  44. package/dist/prompts/drift-analysis.d.ts.map +1 -0
  45. package/dist/prompts/drift-analysis.js +43 -0
  46. package/dist/prompts/drift-analysis.js.map +1 -0
  47. package/dist/prompts/governance-report.d.ts +7 -0
  48. package/dist/prompts/governance-report.d.ts.map +1 -0
  49. package/dist/prompts/governance-report.js +26 -0
  50. package/dist/prompts/governance-report.js.map +1 -0
  51. package/dist/prompts/nccoe-demo.d.ts +14 -0
  52. package/dist/prompts/nccoe-demo.d.ts.map +1 -0
  53. package/dist/prompts/nccoe-demo.js +48 -0
  54. package/dist/prompts/nccoe-demo.js.map +1 -0
  55. package/dist/resources/crypto-primitives.d.ts +3 -0
  56. package/dist/resources/crypto-primitives.d.ts.map +1 -0
  57. package/dist/resources/crypto-primitives.js +52 -0
  58. package/dist/resources/crypto-primitives.js.map +1 -0
  59. package/dist/resources/patent-claims.d.ts +3 -0
  60. package/dist/resources/patent-claims.d.ts.map +1 -0
  61. package/dist/resources/patent-claims.js +67 -0
  62. package/dist/resources/patent-claims.js.map +1 -0
  63. package/dist/resources/sample-bundle.d.ts +6 -0
  64. package/dist/resources/sample-bundle.d.ts.map +1 -0
  65. package/dist/resources/sample-bundle.js +58 -0
  66. package/dist/resources/sample-bundle.js.map +1 -0
  67. package/dist/resources/specification.d.ts +3 -0
  68. package/dist/resources/specification.d.ts.map +1 -0
  69. package/dist/resources/specification.js +107 -0
  70. package/dist/resources/specification.js.map +1 -0
  71. package/dist/server.d.ts +4 -7
  72. package/dist/server.d.ts.map +1 -1
  73. package/dist/server.js +217 -343
  74. package/dist/server.js.map +1 -1
  75. package/dist/storage/sqlite.js +1 -1
  76. package/dist/tools/create-artifact.d.ts +25 -0
  77. package/dist/tools/create-artifact.d.ts.map +1 -0
  78. package/dist/tools/create-artifact.js +85 -0
  79. package/dist/tools/create-artifact.js.map +1 -0
  80. package/dist/tools/delegate-subagent.d.ts +18 -0
  81. package/dist/tools/delegate-subagent.d.ts.map +1 -0
  82. package/dist/tools/delegate-subagent.js +50 -0
  83. package/dist/tools/delegate-subagent.js.map +1 -0
  84. package/dist/tools/disclose-claim.d.ts +14 -0
  85. package/dist/tools/disclose-claim.d.ts.map +1 -0
  86. package/dist/tools/disclose-claim.js +23 -0
  87. package/dist/tools/disclose-claim.js.map +1 -0
  88. package/dist/tools/export-bundle.d.ts +8 -0
  89. package/dist/tools/export-bundle.d.ts.map +1 -0
  90. package/dist/tools/export-bundle.js +25 -0
  91. package/dist/tools/export-bundle.js.map +1 -0
  92. package/dist/tools/full-lifecycle.d.ts +16 -0
  93. package/dist/tools/full-lifecycle.d.ts.map +1 -0
  94. package/dist/tools/full-lifecycle.js +121 -0
  95. package/dist/tools/full-lifecycle.js.map +1 -0
  96. package/dist/tools/generate-receipt.d.ts +16 -0
  97. package/dist/tools/generate-receipt.d.ts.map +1 -0
  98. package/dist/tools/generate-receipt.js +31 -0
  99. package/dist/tools/generate-receipt.js.map +1 -0
  100. package/dist/tools/get-chain.d.ts +14 -0
  101. package/dist/tools/get-chain.d.ts.map +1 -0
  102. package/dist/tools/get-chain.js +45 -0
  103. package/dist/tools/get-chain.js.map +1 -0
  104. package/dist/tools/get-portal-state.d.ts +8 -0
  105. package/dist/tools/get-portal-state.d.ts.map +1 -0
  106. package/dist/tools/get-portal-state.js +15 -0
  107. package/dist/tools/get-portal-state.js.map +1 -0
  108. package/dist/tools/init-chain.d.ts +10 -0
  109. package/dist/tools/init-chain.d.ts.map +1 -0
  110. package/dist/tools/init-chain.js +13 -0
  111. package/dist/tools/init-chain.js.map +1 -0
  112. package/dist/tools/measure-behavior.d.ts +12 -0
  113. package/dist/tools/measure-behavior.d.ts.map +1 -0
  114. package/dist/tools/measure-behavior.js +29 -0
  115. package/dist/tools/measure-behavior.js.map +1 -0
  116. package/dist/tools/measure-subject.d.ts +15 -0
  117. package/dist/tools/measure-subject.d.ts.map +1 -0
  118. package/dist/tools/measure-subject.js +106 -0
  119. package/dist/tools/measure-subject.js.map +1 -0
  120. package/dist/tools/quarantine-status.d.ts +8 -0
  121. package/dist/tools/quarantine-status.d.ts.map +1 -0
  122. package/dist/tools/quarantine-status.js +16 -0
  123. package/dist/tools/quarantine-status.js.map +1 -0
  124. package/dist/tools/revoke-artifact.d.ts +13 -0
  125. package/dist/tools/revoke-artifact.d.ts.map +1 -0
  126. package/dist/tools/revoke-artifact.js +24 -0
  127. package/dist/tools/revoke-artifact.js.map +1 -0
  128. package/dist/tools/rotate-keys.d.ts +13 -0
  129. package/dist/tools/rotate-keys.d.ts.map +1 -0
  130. package/dist/tools/rotate-keys.js +39 -0
  131. package/dist/tools/rotate-keys.js.map +1 -0
  132. package/dist/tools/server-info.d.ts +8 -0
  133. package/dist/tools/server-info.d.ts.map +1 -0
  134. package/dist/tools/server-info.js +24 -0
  135. package/dist/tools/server-info.js.map +1 -0
  136. package/dist/tools/set-verification-tier.d.ts +11 -0
  137. package/dist/tools/set-verification-tier.d.ts.map +1 -0
  138. package/dist/tools/set-verification-tier.js +31 -0
  139. package/dist/tools/set-verification-tier.js.map +1 -0
  140. package/dist/tools/start-monitoring.d.ts +12 -0
  141. package/dist/tools/start-monitoring.d.ts.map +1 -0
  142. package/dist/tools/start-monitoring.js +17 -0
  143. package/dist/tools/start-monitoring.js.map +1 -0
  144. package/dist/tools/trigger-measurement.d.ts +15 -0
  145. package/dist/tools/trigger-measurement.d.ts.map +1 -0
  146. package/dist/tools/trigger-measurement.js +86 -0
  147. package/dist/tools/trigger-measurement.js.map +1 -0
  148. package/dist/tools/verify-artifact.d.ts +13 -0
  149. package/dist/tools/verify-artifact.d.ts.map +1 -0
  150. package/dist/tools/verify-artifact.js +6 -0
  151. package/dist/tools/verify-artifact.js.map +1 -0
  152. package/dist/tools/verify-bundle.d.ts +13 -0
  153. package/dist/tools/verify-bundle.d.ts.map +1 -0
  154. package/dist/tools/verify-bundle.js +6 -0
  155. package/dist/tools/verify-bundle.js.map +1 -0
  156. package/dist/types.d.ts +262 -0
  157. package/dist/types.d.ts.map +1 -0
  158. package/dist/types.js +9 -0
  159. package/dist/types.js.map +1 -0
  160. package/package.json +19 -3
  161. package/AGA_MCP_SERVER_SPEC.md +0 -632
  162. package/src/core/artifact.ts +0 -45
  163. package/src/core/attestation.ts +0 -33
  164. package/src/core/behavioral.ts +0 -132
  165. package/src/core/bundle.ts +0 -31
  166. package/src/core/chain.ts +0 -72
  167. package/src/core/checkpoint.ts +0 -22
  168. package/src/core/delegation.ts +0 -146
  169. package/src/core/disclosure.ts +0 -32
  170. package/src/core/index.ts +0 -11
  171. package/src/core/portal.ts +0 -96
  172. package/src/core/quarantine.ts +0 -16
  173. package/src/core/receipt.ts +0 -33
  174. package/src/core/subject.ts +0 -11
  175. package/src/core/types.ts +0 -244
  176. package/src/crypto/hash.ts +0 -33
  177. package/src/crypto/index.ts +0 -5
  178. package/src/crypto/merkle.ts +0 -43
  179. package/src/crypto/salt.ts +0 -18
  180. package/src/crypto/sign.ts +0 -35
  181. package/src/crypto/types.ts +0 -19
  182. package/src/index.ts +0 -12
  183. package/src/middleware/governance.ts +0 -95
  184. package/src/middleware/index.ts +0 -1
  185. package/src/server.ts +0 -436
  186. package/src/storage/index.ts +0 -3
  187. package/src/storage/interface.ts +0 -21
  188. package/src/storage/memory.ts +0 -27
  189. package/src/storage/sqlite.ts +0 -45
  190. package/src/tools/README.md +0 -13
  191. package/src/utils/canonical.ts +0 -14
  192. package/src/utils/constants.ts +0 -3
  193. package/src/utils/timestamp.ts +0 -12
  194. package/src/utils/uuid.ts +0 -2
package/PATENTS.md ADDED
@@ -0,0 +1,28 @@
1
+ # Patent Notice
2
+
3
+ **USPTO Application No. 19/433,835**
4
+ **Title:** Attested Governance Artifact Protocol for Autonomous Systems
5
+ **Applicant:** Attested Intelligence Holdings LLC
6
+ **Status:** Pending
7
+
8
+ This software implements the methods and systems described in the above patent application. The patent covers, among other things:
9
+
10
+ - Sealed hash attestation of subject identity (Claims 1a-1d)
11
+ - Portal-based runtime measurement and enforcement (Claims 1e-1g)
12
+ - Privacy-preserving disclosure with sensitivity-based auto-substitution (Claim 2)
13
+ - Tamper-evident continuity chain with privacy-preserving leaf hashes (Claims 3a-3f)
14
+ - Phantom execution and quarantine (Claim 5)
15
+ - TTL-based fail-closed semantics (Claim 6)
16
+ - Offline-verifiable evidence bundles (Claim 9)
17
+ - Pinned issuer key verification (Claim 10)
18
+ - Forensic input capture during quarantine (Claim 11)
19
+ - Graceful degradation (Claim 12)
20
+
21
+ ## NIST References
22
+
23
+ - **NIST-2025-0035:** AI Agent Transparency and Accountability
24
+ - **NCCoE:** AI Agent Identity and Authorization
25
+
26
+ ## License
27
+
28
+ This software is licensed under the MIT License. Use of the software does not grant any rights under the patent application beyond those explicitly granted by the MIT License.
package/README.md CHANGED
@@ -1,42 +1,103 @@
1
- # @attested-intelligence/aga-mcp-server
1
+ # @attested-intelligence/aga-mcp-server v2.0.0
2
2
 
3
- MCP server implementing the Attested Governance Artifact (AGA) protocol.
3
+ MCP server implementing the Attested Governance Artifact (AGA) protocol - cryptographic compliance enforcement for autonomous AI systems.
4
4
 
5
5
  **Patent Pending:** USPTO Application No. 19/433,835
6
6
  **Referenced in:** NIST-2025-0035, NCCoE AI Agent Identity and Authorization
7
7
 
8
8
  ## What It Does
9
9
 
10
- This server acts as a **Portal** (enforcement boundary) for AI agents. Every tool call is attested, measured, and logged to a tamper-evident continuity chain.
11
-
12
- | MCP Tool | Patent Claim | Description |
13
- |---|---|---|
14
- | `attest_subject` | 1a-1d | Attest and seal a policy artifact |
15
- | `measure_integrity` | 1e-1g | Measure, compare, enforce, receipt |
16
- | `revoke_artifact` | NCCoE 3b | Mid-session artifact revocation |
17
- | `request_claim` | 2 | Privacy-preserving disclosure |
18
- | `init_chain` | 3a | Initialize continuity chain |
19
- | `verify_chain` | 3c | Verify chain integrity |
20
- | `create_checkpoint` | 3d-3f | Merkle tree + anchor |
21
- | `generate_evidence_bundle` | 9 | Offline-verifiable package |
22
- | `delegate_to_subagent` | NCCoE | Constrained sub-agent delegation |
23
- | `measure_behavior` | NIST-2025-0035 | Behavioral drift detection |
24
- | `get_portal_state` | | Current enforcement status |
25
- | `get_receipts` | | Signed measurement receipts |
26
- | `get_chain_events` | | Continuity chain events |
10
+ This server acts as a **Portal** (zero-trust Policy Enforcement Point) for AI agents. Every tool call is attested, measured against a sealed cryptographic reference, and logged to a tamper-evident continuity chain with signed receipts.
11
+
12
+ **20 tools, 4 resources, 3 prompts, 159 tests**
13
+
14
+ ## 20 MCP Tools
15
+
16
+ | # | Tool | NIST/Patent Ref | Description |
17
+ |---|------|-----------------|-------------|
18
+ | 1 | `aga_server_info` | - | Server identity, keys, portal state, framework alignment |
19
+ | 2 | `aga_init_chain` | Claim 3a | Initialize continuity chain with genesis event |
20
+ | 3 | `aga_create_artifact` | Claims 1a-1d | Attest subject, generate sealed Policy Artifact |
21
+ | 4 | `aga_measure_subject` | Claims 1e-1g | Measure subject, compare to sealed ref, generate receipt |
22
+ | 5 | `aga_verify_artifact` | Claim 10 | Verify artifact signature against issuer key |
23
+ | 6 | `aga_start_monitoring` | NIST-2025-0035 | Start/restart behavioral monitoring with baseline |
24
+ | 7 | `aga_get_portal_state` | - | Current portal enforcement state and TTL |
25
+ | 8 | `aga_trigger_measurement` | Claims 1e-1g | Trigger measurement with specific type |
26
+ | 9 | `aga_generate_receipt` | V3 Promise | Generate signed measurement receipt manually |
27
+ | 10 | `aga_export_bundle` | Claim 9 | Package artifact + receipts + Merkle proofs |
28
+ | 11 | `aga_verify_bundle` | Section J | 4-step offline bundle verification |
29
+ | 12 | `aga_disclose_claim` | Claim 2 | Privacy-preserving disclosure with auto-substitution |
30
+ | 13 | `aga_get_chain` | Claim 3c | Get chain events with optional integrity verification |
31
+ | 14 | `aga_quarantine_status` | Claim 5 | Quarantine state and forensic capture status |
32
+ | 15 | `aga_revoke_artifact` | NCCoE 3b | Mid-session artifact revocation |
33
+ | 16 | `aga_set_verification_tier` | - | Set verification tier (BRONZE/SILVER/GOLD) |
34
+ | 17 | `aga_demonstrate_lifecycle` | All | Full lifecycle: attest, measure, checkpoint, verify |
35
+ | 18 | `aga_measure_behavior` | NIST-2025-0035 | Behavioral drift detection (tool patterns) |
36
+ | 19 | `aga_delegate_to_subagent` | NCCoE | Constrained sub-agent delegation (scope only diminishes) |
37
+ | 20 | `aga_rotate_keys` | Claim 3 | Key rotation with chain event |
38
+
39
+ ## 4 Resources
40
+
41
+ | Resource | URI | Description |
42
+ |----------|-----|-------------|
43
+ | Protocol Spec | `aga://specification/protocol-v2` | Full protocol specification with SPIFFE alignment |
44
+ | Sample Bundle | `aga://resources/sample-bundle` | Sample evidence bundle documentation |
45
+ | Crypto Primitives | `aga://resources/crypto-primitives` | Cryptographic primitives documentation |
46
+ | Patent Claims | `aga://resources/patent-claims` | 20 patent claims mapped to tools |
47
+
48
+ ## 3 Prompts
49
+
50
+ | Prompt | Description |
51
+ |--------|-------------|
52
+ | `nccoe-demo` | 4-phase NCCoE lab demo with behavioral drift |
53
+ | `governance-report` | Session governance summary report |
54
+ | `drift-analysis` | Drift event analysis and remediation |
27
55
 
28
56
  ## Quick Start
29
57
 
30
- npm install && npm run build && npm run demo
58
+ ```bash
59
+ npm install && npm run build && npm test
60
+ ```
31
61
 
32
62
  ## Connect to Claude Desktop
33
63
 
34
- Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
64
+ Add to `%APPDATA%\Claude\claude_desktop_config.json`:
65
+
66
+ ```json
35
67
  {
36
68
  "mcpServers": {
37
- "aga": { "command": "node", "args": ["/path/to/dist/index.js"] }
69
+ "aga": { "command": "node", "args": ["C:/Users/neuro/AIH/aga-mcp-server/dist/index.js"] }
38
70
  }
39
71
  }
72
+ ```
73
+
74
+ ## Architecture
75
+
76
+ ```
77
+ MCP Client (Claude Desktop)
78
+ │ JSON-RPC over stdio
79
+
80
+ src/server.ts - 20 tools + 4 resources + 3 prompts
81
+
82
+ ├── src/tools/ 20 individual tool handlers
83
+ ├── src/core/ Protocol logic (artifact, chain, portal, etc.)
84
+ ├── src/crypto/ Ed25519 + SHA-256 + Merkle + canonical JSON
85
+ ├── src/middleware/ Zero-trust governance PEP
86
+ ├── src/storage/ In-memory + optional SQLite
87
+ ├── src/resources/ Protocol docs + patent claims
88
+ └── src/prompts/ Demo + report + analysis prompts
89
+ ```
90
+
91
+ ## Test Coverage
92
+
93
+ | Suite | Tests | What |
94
+ |-------|-------|------|
95
+ | Crypto | 33 | SHA-256, Ed25519, Merkle, salt, canonical, keys |
96
+ | Core | 56 | Artifact, chain, portal, governance, behavioral, delegation, privacy, revocation, fail-closed |
97
+ | Tools | 25 | All 20 tool handlers |
98
+ | Integration | 38 | Bundle tamper, lifecycle, performance, NCCoE demo, crucible compatibility |
99
+ | **Total** | **159** | |
40
100
 
41
101
  ## License
42
- MIT — Attested Intelligence Holdings LLC
102
+
103
+ MIT - Attested Intelligence Holdings LLC
@@ -0,0 +1,39 @@
1
+ import { Portal } from './core/portal.js';
2
+ import { BehavioralMonitor as BehavioralMonitorImpl } from './core/behavioral.js';
3
+ import type { AGAStorage } from './storage/interface.js';
4
+ import type { KeyPair, QuarantineState, ContinuityEvent, VerificationTier, ClaimsTaxonomy, DelegationRecord, PolicyArtifact, DisclosurePolicy } from './types.js';
5
+ import type { EventType } from './core/types.js';
6
+ export interface ServerContext {
7
+ issuerKP: KeyPair;
8
+ portalKP: KeyPair;
9
+ chainKP: KeyPair;
10
+ portal: Portal;
11
+ storage: AGAStorage;
12
+ chainInitialized: boolean;
13
+ activeArtifact: PolicyArtifact | null;
14
+ quarantine: QuarantineState | null;
15
+ behavioralMonitor: BehavioralMonitorImpl;
16
+ measurementCount: number;
17
+ verificationTier: VerificationTier;
18
+ startTime: string;
19
+ claimsTaxonomy: ClaimsTaxonomy;
20
+ delegations: DelegationRecord[];
21
+ defaultEnforcement: import('./types.js').EnforcementParams;
22
+ defaultClaims: DisclosurePolicy;
23
+ claimValues: Record<string, unknown>;
24
+ appendToChain(type: EventType, payload: unknown): Promise<ContinuityEvent>;
25
+ json(x: unknown): {
26
+ content: Array<{
27
+ type: 'text';
28
+ text: string;
29
+ }>;
30
+ };
31
+ error(msg: string, extra?: Record<string, unknown>): {
32
+ content: Array<{
33
+ type: 'text';
34
+ text: string;
35
+ }>;
36
+ };
37
+ }
38
+ export declare function createContext(): Promise<ServerContext>;
39
+ //# sourceMappingURL=context.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,iBAAiB,IAAI,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAGlF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,KAAK,EACV,OAAO,EAAE,eAAe,EAAE,eAAe,EACzC,gBAAgB,EAAE,cAAc,EAAE,gBAAgB,EAClD,cAAc,EAAE,gBAAgB,EACjC,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAGjD,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,UAAU,CAAC;IACpB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,cAAc,GAAG,IAAI,CAAC;IACtC,UAAU,EAAE,eAAe,GAAG,IAAI,CAAC;IACnC,iBAAiB,EAAE,qBAAqB,CAAC;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,cAAc,CAAC;IAC/B,WAAW,EAAE,gBAAgB,EAAE,CAAC;IAChC,kBAAkB,EAAE,OAAO,YAAY,EAAE,iBAAiB,CAAC;IAC3D,aAAa,EAAE,gBAAgB,CAAC;IAChC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAC3E,IAAI,CAAC,CAAC,EAAE,OAAO,GAAG;QAAE,OAAO,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC;IACrE,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;QAAE,OAAO,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC;CACzG;AAED,wBAAsB,aAAa,IAAI,OAAO,CAAC,aAAa,CAAC,CA8G5D"}
@@ -0,0 +1,113 @@
1
+ /**
2
+ * ServerContext: replaces closure pattern in server.ts.
3
+ * Central state container for the AGA MCP Server.
4
+ */
5
+ import { generateKeyPair } from './crypto/sign.js';
6
+ import { sha256Str } from './crypto/hash.js';
7
+ import { Portal } from './core/portal.js';
8
+ import { BehavioralMonitor as BehavioralMonitorImpl } from './core/behavioral.js';
9
+ import { MemoryStorage } from './storage/memory.js';
10
+ import { createGenesisEvent, appendEvent } from './core/chain.js';
11
+ export async function createContext() {
12
+ const storage = new MemoryStorage();
13
+ await storage.initialize();
14
+ const issuerKP = generateKeyPair();
15
+ const portalKP = generateKeyPair();
16
+ const chainKP = generateKeyPair();
17
+ const portal = new Portal();
18
+ const behavioralMonitor = new BehavioralMonitorImpl();
19
+ const defaultEnforcement = {
20
+ measurement_cadence_ms: 1000,
21
+ ttl_seconds: 3600,
22
+ enforcement_triggers: ['QUARANTINE', 'TERMINATE'],
23
+ re_attestation_required: true,
24
+ measurement_types: ['FILE_SYSTEM_STATE', 'CONFIG_MANIFEST'],
25
+ };
26
+ const defaultClaims = {
27
+ claims_taxonomy: [
28
+ // Identity claims
29
+ { claim_id: 'identity.name', sensitivity: 'S3_HIGH', substitutes: ['identity.pseudonym', 'identity.org'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
30
+ { claim_id: 'identity.pseudonym', sensitivity: 'S2_MODERATE', substitutes: ['identity.org'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN'] },
31
+ { claim_id: 'identity.org', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
32
+ { claim_id: 'identity.age', sensitivity: 'S3_HIGH', substitutes: ['identity.age_range', 'identity.is_adult'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
33
+ { claim_id: 'identity.age_range', sensitivity: 'S2_MODERATE', substitutes: ['identity.is_adult'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
34
+ { claim_id: 'identity.is_adult', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_FULL'] },
35
+ // Vehicle claims (deployment-appropriate)
36
+ { claim_id: 'vehicle.exact_position', sensitivity: 'S4_CRITICAL', substitutes: ['vehicle.grid_square', 'vehicle.operational_area'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
37
+ { claim_id: 'vehicle.grid_square', sensitivity: 'S2_MODERATE', substitutes: ['vehicle.operational_area'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN'] },
38
+ { claim_id: 'vehicle.operational_area', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
39
+ // Plant/infrastructure claims
40
+ { claim_id: 'plant.reactor_id', sensitivity: 'S3_HIGH', substitutes: ['plant.facility_type'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
41
+ { claim_id: 'plant.facility_type', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
42
+ // Agent/model claims
43
+ { claim_id: 'agent.model_weights_hash', sensitivity: 'S4_CRITICAL', substitutes: ['agent.model_family', 'agent.model_generation'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
44
+ { claim_id: 'agent.model_family', sensitivity: 'S2_MODERATE', substitutes: ['agent.model_generation'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN'] },
45
+ { claim_id: 'agent.model_generation', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
46
+ ],
47
+ substitution_rules: [],
48
+ };
49
+ const claimValues = {
50
+ 'identity.name': 'Alice Johnson',
51
+ 'identity.pseudonym': 'AJ-7742',
52
+ 'identity.org': 'Attested Intelligence',
53
+ 'identity.age': 32,
54
+ 'identity.age_range': '25-34',
55
+ 'identity.is_adult': true,
56
+ 'vehicle.exact_position': '38.8977° N, 77.0365° W',
57
+ 'vehicle.grid_square': 'FM18lv',
58
+ 'vehicle.operational_area': 'National Capital Region',
59
+ 'plant.reactor_id': 'NRC-R-1234',
60
+ 'plant.facility_type': 'Nuclear Power Plant',
61
+ 'agent.model_weights_hash': 'a4f8c2e1b3d7094f6e2a8b1c5d9f3e7a',
62
+ 'agent.model_family': 'GPT-class LLM',
63
+ 'agent.model_generation': 'Generation 4',
64
+ };
65
+ const claimsTaxonomy = {
66
+ claims: defaultClaims.claims_taxonomy,
67
+ version: '1.0.0',
68
+ };
69
+ const ctx = {
70
+ issuerKP,
71
+ portalKP,
72
+ chainKP,
73
+ portal,
74
+ storage,
75
+ chainInitialized: false,
76
+ activeArtifact: null,
77
+ quarantine: null,
78
+ behavioralMonitor,
79
+ measurementCount: 0,
80
+ verificationTier: 'BRONZE',
81
+ startTime: new Date().toISOString(),
82
+ claimsTaxonomy,
83
+ delegations: [],
84
+ defaultEnforcement,
85
+ defaultClaims,
86
+ claimValues,
87
+ async appendToChain(type, payload) {
88
+ if (!ctx.chainInitialized) {
89
+ const genesis = createGenesisEvent(ctx.chainKP, sha256Str('AGA Protocol Specification v2.0.0'));
90
+ await ctx.storage.storeEvent(genesis);
91
+ ctx.chainInitialized = true;
92
+ ctx.portal.sequenceCounter = 0;
93
+ ctx.portal.lastLeafHash = genesis.leaf_hash;
94
+ }
95
+ const prev = await ctx.storage.getLatestEvent();
96
+ if (!prev)
97
+ throw new Error('Chain initialization failed');
98
+ const event = appendEvent(type, payload, prev, ctx.chainKP);
99
+ await ctx.storage.storeEvent(event);
100
+ ctx.portal.sequenceCounter = event.sequence_number;
101
+ ctx.portal.lastLeafHash = event.leaf_hash;
102
+ return event;
103
+ },
104
+ json(x) {
105
+ return { content: [{ type: 'text', text: JSON.stringify(x, null, 2) }] };
106
+ },
107
+ error(msg, extra) {
108
+ return { content: [{ type: 'text', text: JSON.stringify({ success: false, error: msg, ...extra }, null, 2) }] };
109
+ },
110
+ };
111
+ return ctx;
112
+ }
113
+ //# sourceMappingURL=context.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"context.js","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,eAAe,EAAW,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,iBAAiB,IAAI,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAiClE,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,MAAM,OAAO,GAAG,IAAI,aAAa,EAAE,CAAC;IACpC,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;IAE3B,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,MAAM,OAAO,GAAG,eAAe,EAAE,CAAC;IAClC,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;IAC5B,MAAM,iBAAiB,GAAG,IAAI,qBAAqB,EAAE,CAAC;IAEtD,MAAM,kBAAkB,GAA2C;QACjE,sBAAsB,EAAE,IAAI;QAC5B,WAAW,EAAE,IAAI;QACjB,oBAAoB,EAAE,CAAC,YAAY,EAAE,WAAW,CAAC;QACjD,uBAAuB,EAAE,IAAI;QAC7B,iBAAiB,EAAE,CAAC,mBAAmB,EAAE,iBAAiB,CAAC;KAC5D,CAAC;IAEF,MAAM,aAAa,GAAqB;QACtC,eAAe,EAAE;YACf,kBAAkB;YAClB,EAAE,QAAQ,EAAE,eAAe,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,oBAAoB,EAAE,cAAc,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YAChK,EAAE,QAAQ,EAAE,oBAAoB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,cAAc,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC,EAAE;YACjK,EAAE,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YACvJ,EAAE,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,oBAAoB,EAAE,mBAAmB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YACpK,EAAE,QAAQ,EAAE,oBAAoB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,mBAAmB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YACrL,EAAE,QAAQ,EAAE,mBAAmB,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,aAAa,CAAC,EAAE;YAC9I,0CAA0C;YAC1C,EAAE,QAAQ,EAAE,wBAAwB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,qBAAqB,EAAE,0BAA0B,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YAC1L,EAAE,QAAQ,EAAE,qBAAqB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,0BAA0B,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC,EAAE;YAC9K,EAAE,QAAQ,EAAE,0BAA0B,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YACnK,8BAA8B;YAC9B,EAAE,QAAQ,EAAE,kBAAkB,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,qBAAqB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YACpJ,EAAE,QAAQ,EAAE,qBAAqB,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YAC9J,qBAAqB;YACrB,EAAE,QAAQ,EAAE,0BAA0B,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,oBAAoB,EAAE,wBAAwB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YACzL,EAAE,QAAQ,EAAE,oBAAoB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,wBAAwB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC,EAAE;YAC3K,EAAE,QAAQ,EAAE,wBAAwB,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;SAClK;QACD,kBAAkB,EAAE,EAAE;KACvB,CAAC;IAEF,MAAM,WAAW,GAA4B;QAC3C,eAAe,EAAE,eAAe;QAChC,oBAAoB,EAAE,SAAS;QAC/B,cAAc,EAAE,uBAAuB;QACvC,cAAc,EAAE,EAAE;QAClB,oBAAoB,EAAE,OAAO;QAC7B,mBAAmB,EAAE,IAAI;QACzB,wBAAwB,EAAE,wBAAwB;QAClD,qBAAqB,EAAE,QAAQ;QAC/B,0BAA0B,EAAE,yBAAyB;QACrD,kBAAkB,EAAE,YAAY;QAChC,qBAAqB,EAAE,qBAAqB;QAC5C,0BAA0B,EAAE,kCAAkC;QAC9D,oBAAoB,EAAE,eAAe;QACrC,wBAAwB,EAAE,cAAc;KACzC,CAAC;IAEF,MAAM,cAAc,GAAmB;QACrC,MAAM,EAAE,aAAa,CAAC,eAAe;QACrC,OAAO,EAAE,OAAO;KACjB,CAAC;IAEF,MAAM,GAAG,GAAkB;QACzB,QAAQ;QACR,QAAQ;QACR,OAAO;QACP,MAAM;QACN,OAAO;QACP,gBAAgB,EAAE,KAAK;QACvB,cAAc,EAAE,IAAI;QACpB,UAAU,EAAE,IAAI;QAChB,iBAAiB;QACjB,gBAAgB,EAAE,CAAC;QACnB,gBAAgB,EAAE,QAAQ;QAC1B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,cAAc;QACd,WAAW,EAAE,EAAE;QACf,kBAAkB;QAClB,aAAa;QACb,WAAW;QAEX,KAAK,CAAC,aAAa,CAAC,IAAe,EAAE,OAAgB;YACnD,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;gBAC1B,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;gBAChG,MAAM,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBACtC,GAAG,CAAC,gBAAgB,GAAG,IAAI,CAAC;gBAC5B,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC,CAAC;gBAC/B,GAAG,CAAC,MAAM,CAAC,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC;YAC9C,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YAC1D,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5D,MAAM,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACpC,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,KAAK,CAAC,eAAe,CAAC;YACnD,GAAG,CAAC,MAAM,CAAC,YAAY,GAAG,KAAK,CAAC,SAAS,CAAC;YAC1C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,CAAU;YACb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QACpF,CAAC;QAED,KAAK,CAAC,GAAW,EAAE,KAA+B;YAChD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QAC3H,CAAC;KACF,CAAC;IAEF,OAAO,GAAG,CAAC;AACb,CAAC"}
@@ -0,0 +1,14 @@
1
+ /**
2
+ * Identity operations: key fingerprinting, validation, rotation.
3
+ */
4
+ import { keyFingerprint, isKeyValid } from '../crypto/keys.js';
5
+ import type { KeyPair } from '../types.js';
6
+ export { keyFingerprint, isKeyValid };
7
+ export interface KeyRotationResult {
8
+ newKeyPair: KeyPair;
9
+ newPublicKeyHex: string;
10
+ oldPublicKeyHex: string;
11
+ rotatedAt: string;
12
+ }
13
+ export declare function rotateKeys(oldKP: KeyPair): KeyRotationResult;
14
+ //# sourceMappingURL=identity.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/core/identity.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,cAAc,EAAE,UAAU,EAAiB,MAAM,mBAAmB,CAAC;AAE9E,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC;AAEtC,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAgB,UAAU,CAAC,KAAK,EAAE,OAAO,GAAG,iBAAiB,CAQ5D"}
@@ -0,0 +1,16 @@
1
+ /**
2
+ * Identity operations: key fingerprinting, validation, rotation.
3
+ */
4
+ import { keyFingerprint, isKeyValid, rotateKeyPair } from '../crypto/keys.js';
5
+ import { pkToHex } from '../crypto/sign.js';
6
+ export { keyFingerprint, isKeyValid };
7
+ export function rotateKeys(oldKP) {
8
+ const newKP = rotateKeyPair();
9
+ return {
10
+ newKeyPair: newKP,
11
+ newPublicKeyHex: pkToHex(newKP.publicKey),
12
+ oldPublicKeyHex: pkToHex(oldKP.publicKey),
13
+ rotatedAt: new Date().toISOString(),
14
+ };
15
+ }
16
+ //# sourceMappingURL=identity.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/core/identity.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAC9E,OAAO,EAAmB,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAG7D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC;AAStC,MAAM,UAAU,UAAU,CAAC,KAAc;IACvC,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,OAAO;QACL,UAAU,EAAE,KAAK;QACjB,eAAe,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC;QACzC,eAAe,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC;QACzC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC"}
@@ -9,4 +9,7 @@ export * from './quarantine.js';
9
9
  export * from './checkpoint.js';
10
10
  export * from './bundle.js';
11
11
  export * from './disclosure.js';
12
+ export * from './behavioral.js';
13
+ export * from './delegation.js';
14
+ export * from './identity.js';
12
15
  //# sourceMappingURL=index.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC"}
@@ -9,4 +9,7 @@ export * from './quarantine.js';
9
9
  export * from './checkpoint.js';
10
10
  export * from './bundle.js';
11
11
  export * from './disclosure.js';
12
+ export * from './behavioral.js';
13
+ export * from './delegation.js';
14
+ export * from './identity.js';
12
15
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC"}
@@ -0,0 +1,16 @@
1
+ import type { SubjectIdentifier, SubjectMetadata, HashHex } from '../types.js';
2
+ export interface MeasurementInput {
3
+ subjectBytes: Uint8Array;
4
+ metadata: SubjectMetadata;
5
+ }
6
+ export interface MeasurementOutput {
7
+ bytesHash: HashHex;
8
+ metadataHash: HashHex;
9
+ }
10
+ export declare function measureSubject(input: MeasurementInput): MeasurementOutput;
11
+ export declare function compareState(current: MeasurementOutput, expected: SubjectIdentifier): {
12
+ match: boolean;
13
+ bytesMatch: boolean;
14
+ metadataMatch: boolean;
15
+ };
16
+ //# sourceMappingURL=measurement.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"measurement.d.ts","sourceRoot":"","sources":["../../src/core/measurement.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,iBAAiB,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAE/E,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,UAAU,CAAC;IACzB,QAAQ,EAAE,eAAe,CAAC;CAC3B;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,OAAO,CAAC;CACvB;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,gBAAgB,GAAG,iBAAiB,CAKzE;AAED,wBAAgB,YAAY,CAC1B,OAAO,EAAE,iBAAiB,EAC1B,QAAQ,EAAE,iBAAiB,GAC1B;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,OAAO,CAAC;IAAC,aAAa,EAAE,OAAO,CAAA;CAAE,CAIjE"}
@@ -0,0 +1,18 @@
1
+ /**
2
+ * Subject measurement: hash, compare, detect drift.
3
+ * Consolidates subject.ts + attestation.ts measurement logic.
4
+ */
5
+ import { sha256Bytes, sha256Str } from '../crypto/hash.js';
6
+ import { canonicalize } from '../utils/canonical.js';
7
+ export function measureSubject(input) {
8
+ return {
9
+ bytesHash: sha256Bytes(input.subjectBytes),
10
+ metadataHash: sha256Str(canonicalize(input.metadata)),
11
+ };
12
+ }
13
+ export function compareState(current, expected) {
14
+ const bytesMatch = current.bytesHash === expected.bytes_hash;
15
+ const metadataMatch = current.metadataHash === expected.metadata_hash;
16
+ return { match: bytesMatch && metadataMatch, bytesMatch, metadataMatch };
17
+ }
18
+ //# sourceMappingURL=measurement.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"measurement.js","sourceRoot":"","sources":["../../src/core/measurement.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAarD,MAAM,UAAU,cAAc,CAAC,KAAuB;IACpD,OAAO;QACL,SAAS,EAAE,WAAW,CAAC,KAAK,CAAC,YAAY,CAAC;QAC1C,YAAY,EAAE,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;KACtD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,OAA0B,EAC1B,QAA2B;IAE3B,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,UAAU,CAAC;IAC7D,MAAM,aAAa,GAAG,OAAO,CAAC,YAAY,KAAK,QAAQ,CAAC,aAAa,CAAC;IACtE,OAAO,EAAE,KAAK,EAAE,UAAU,IAAI,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC;AAC3E,CAAC"}
@@ -21,7 +21,7 @@ export declare class Portal {
21
21
  };
22
22
  measure(subjectBytes: Uint8Array, meta: SubjectMetadata): MeasurementResult;
23
23
  enforce(action: EnforcementAction): void;
24
- revoke(sealedHash: string): void;
24
+ revoke(sealedHash: string, transitionTo?: 'TERMINATED' | 'SAFE_STATE'): void;
25
25
  isRevoked(sealedHash: string): boolean;
26
26
  reset(): void;
27
27
  }
@@ -1 +1 @@
1
- {"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClG,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,MAAM;IACjB,KAAK,EAAE,WAAW,CAAoB;IACtC,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAQ;IACvC,eAAe,SAAK;IACpB,YAAY,EAAE,OAAO,GAAG,IAAI,CAAQ;IACpC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,CAAa;IAErC,YAAY,CAAC,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,GAAG;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE;IAiB5F,OAAO,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,eAAe,GAAG,iBAAiB;IA4B3E,OAAO,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI;IAUxC,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAKhC,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAEtC,KAAK,IAAI,IAAI;CAId"}
1
+ {"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClG,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,MAAM;IACjB,KAAK,EAAE,WAAW,CAAoB;IACtC,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAQ;IACvC,eAAe,SAAK;IACpB,YAAY,EAAE,OAAO,GAAG,IAAI,CAAQ;IACpC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,CAAa;IAErC,YAAY,CAAC,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,GAAG;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE;IAiB5F,OAAO,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,eAAe,GAAG,iBAAiB;IA6B3E,OAAO,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI;IAWxC,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,YAAY,GAAG,IAAI;IAO5E,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAEtC,KAAK,IAAI,IAAI;CAId"}
@@ -1,5 +1,5 @@
1
1
  /**
2
- * Portal (Sentinel) Runtime Enforcement Boundary. Ref 150, 270-280.
2
+ * Portal (Sentinel) - Runtime Enforcement Boundary. Ref 150, 270-280.
3
3
  * V3: TTL + revocation checked every measurement. Fail-closed semantics.
4
4
  * Aligned with NCCoE filing Sections 3-4 and NIST-2025-0035.
5
5
  */
@@ -37,6 +37,8 @@ export class Portal {
37
37
  throw new Error('No artifact loaded');
38
38
  if (this.state === 'TERMINATED')
39
39
  throw new Error('Portal is terminated');
40
+ if (this.state === 'SAFE_STATE')
41
+ throw new Error('Portal is in safe state - artifact revoked');
40
42
  const empty = { currentBytesHash: '', currentMetaHash: '',
41
43
  expectedBytesHash: this.artifact.subject_identifier.bytes_hash,
42
44
  expectedMetaHash: this.artifact.subject_identifier.metadata_hash };
@@ -67,9 +69,11 @@ export class Portal {
67
69
  throw new Error(`Cannot enforce in state ${this.state}`);
68
70
  switch (action) {
69
71
  case 'TERMINATE':
70
- case 'SAFE_STATE':
71
72
  this.state = 'TERMINATED';
72
73
  break;
74
+ case 'SAFE_STATE':
75
+ this.state = 'SAFE_STATE';
76
+ break;
73
77
  case 'QUARANTINE':
74
78
  this.state = 'PHANTOM_QUARANTINE';
75
79
  break;
@@ -79,10 +83,11 @@ export class Portal {
79
83
  default: break;
80
84
  }
81
85
  }
82
- revoke(sealedHash) {
86
+ revoke(sealedHash, transitionTo) {
83
87
  this.revocations.add(sealedHash);
84
- if (this.artifact?.sealed_hash === sealedHash)
85
- this.state = 'TERMINATED';
88
+ if (this.artifact?.sealed_hash === sealedHash) {
89
+ this.state = transitionTo === 'SAFE_STATE' ? 'SAFE_STATE' : 'TERMINATED';
90
+ }
86
91
  }
87
92
  isRevoked(sealedHash) { return this.revocations.has(sealedHash); }
88
93
  reset() {
@@ -1 +1 @@
1
- {"version":3,"file":"portal.js","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAc1E,MAAM,OAAO,MAAM;IACjB,KAAK,GAAgB,gBAAgB,CAAC;IACtC,QAAQ,GAA0B,IAAI,CAAC;IACvC,eAAe,GAAG,CAAC,CAAC;IACpB,YAAY,GAAmB,IAAI,CAAC;IACpC,WAAW,GAAgB,IAAI,GAAG,EAAE,CAAC;IAErC,YAAY,CAAC,QAAwB,EAAE,WAAmB;QACxD,IAAI,CAAC,KAAK,GAAG,uBAAuB,CAAC;QACrC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC;QAC5C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,YAAY,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YAClF,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC;QAC1F,CAAC;QACD,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,EAAE,QAAQ,CAAC,mBAAmB,EAAE,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC3F,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;QAC9F,CAAC;QACD,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QACtF,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;QACjC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAED,OAAO,CAAC,YAAwB,EAAE,IAAqB;QACrD,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC1D,IAAI,IAAI,CAAC,KAAK,KAAK,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QACzE,MAAM,KAAK,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE;YACvD,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;QAErE,yBAAyB;QACzB,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC;QAC5G,IAAI,CAAC,MAAM,EAAE,CAAC;YAAC,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,KAAK,EAAE,CAAC;QAAC,CAAC;QAE7G,gCAAgC;QAChC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACpD,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,KAAK,EAAE,CAAC;QAC5F,CAAC;QAED,MAAM,gBAAgB,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAChE,eAAe,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QAEjF,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK,mBAAmB;YAAE,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAChF,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,eAAe;YAC/C,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa;YAChE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACnC,CAAC;IAED,OAAO,CAAC,MAAyB;QAC/B,IAAI,IAAI,CAAC,KAAK,KAAK,gBAAgB;YAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QAC9F,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,WAAW,CAAC;YAAC,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;gBAAC,MAAM;YACtE,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,oBAAoB,CAAC;gBAAC,MAAM;YAC5D,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;gBAAC,MAAM;YAC3D,OAAO,CAAC,CAAC,MAAM;QACjB,CAAC;IACH,CAAC;IAED,MAAM,CAAC,UAAkB;QACvB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACjC,IAAI,IAAI,CAAC,QAAQ,EAAE,WAAW,KAAK,UAAU;YAAE,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;IAC3E,CAAC;IAED,SAAS,CAAC,UAAkB,IAAa,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAEnF,KAAK;QACH,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACpD,IAAI,CAAC,eAAe,GAAG,CAAC,CAAC;QAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IACrD,CAAC;CACF"}
1
+ {"version":3,"file":"portal.js","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAc1E,MAAM,OAAO,MAAM;IACjB,KAAK,GAAgB,gBAAgB,CAAC;IACtC,QAAQ,GAA0B,IAAI,CAAC;IACvC,eAAe,GAAG,CAAC,CAAC;IACpB,YAAY,GAAmB,IAAI,CAAC;IACpC,WAAW,GAAgB,IAAI,GAAG,EAAE,CAAC;IAErC,YAAY,CAAC,QAAwB,EAAE,WAAmB;QACxD,IAAI,CAAC,KAAK,GAAG,uBAAuB,CAAC;QACrC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC;QAC5C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,YAAY,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YAClF,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC;QAC1F,CAAC;QACD,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,EAAE,QAAQ,CAAC,mBAAmB,EAAE,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC3F,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;QAC9F,CAAC;QACD,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QACtF,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;QACjC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAED,OAAO,CAAC,YAAwB,EAAE,IAAqB;QACrD,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC1D,IAAI,IAAI,CAAC,KAAK,KAAK,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QACzE,IAAI,IAAI,CAAC,KAAK,KAAK,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAC/F,MAAM,KAAK,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE;YACvD,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;QAErE,yBAAyB;QACzB,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC;QAC5G,IAAI,CAAC,MAAM,EAAE,CAAC;YAAC,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,KAAK,EAAE,CAAC;QAAC,CAAC;QAE7G,gCAAgC;QAChC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACpD,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,KAAK,EAAE,CAAC;QAC5F,CAAC;QAED,MAAM,gBAAgB,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAChE,eAAe,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QAEjF,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK,mBAAmB;YAAE,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAChF,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,eAAe;YAC/C,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa;YAChE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACnC,CAAC;IAED,OAAO,CAAC,MAAyB;QAC/B,IAAI,IAAI,CAAC,KAAK,KAAK,gBAAgB;YAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QAC9F,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,WAAW;gBAAE,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;gBAAC,MAAM;YACnD,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;gBAAC,MAAM;YACpD,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,oBAAoB,CAAC;gBAAC,MAAM;YAC5D,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;gBAAC,MAAM;YAC3D,OAAO,CAAC,CAAC,MAAM;QACjB,CAAC;IACH,CAAC;IAED,MAAM,CAAC,UAAkB,EAAE,YAA0C;QACnE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACjC,IAAI,IAAI,CAAC,QAAQ,EAAE,WAAW,KAAK,UAAU,EAAE,CAAC;YAC9C,IAAI,CAAC,KAAK,GAAG,YAAY,KAAK,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,SAAS,CAAC,UAAkB,IAAa,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAEnF,KAAK;QACH,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACpD,IAAI,CAAC,eAAe,GAAG,CAAC,CAAC;QAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IACrD,CAAC;CACF"}
@@ -79,7 +79,7 @@ export interface SignedReceipt {
79
79
  previous_leaf_hash: HashHex | null;
80
80
  portal_signature: SignatureBase64;
81
81
  }
82
- export type EventType = 'GENESIS' | 'POLICY_ISSUANCE' | 'INTERACTION_RECEIPT' | 'REVOCATION' | 'ATTESTATION' | 'ANCHOR_BATCH' | 'DISCLOSURE' | 'SUBSTITUTION' | 'KEY_ROTATION';
82
+ export type EventType = 'GENESIS' | 'POLICY_ISSUANCE' | 'INTERACTION_RECEIPT' | 'REVOCATION' | 'ATTESTATION' | 'ANCHOR_BATCH' | 'DISCLOSURE' | 'SUBSTITUTION' | 'KEY_ROTATION' | 'BEHAVIORAL_DRIFT' | 'DELEGATION' | 'RE_ATTESTATION';
83
83
  export interface GenesisPayload {
84
84
  protocol_version: string;
85
85
  taxonomy_version: string;
@@ -145,7 +145,7 @@ export interface SubstitutionReceipt {
145
145
  chain_sequence_ref: number;
146
146
  signature: SignatureBase64;
147
147
  }
148
- export type PortalState = 'INITIALIZATION' | 'ARTIFACT_VERIFICATION' | 'ACTIVE_MONITORING' | 'DRIFT_DETECTED' | 'PHANTOM_QUARANTINE' | 'TERMINATED';
148
+ export type PortalState = 'INITIALIZATION' | 'ARTIFACT_VERIFICATION' | 'ACTIVE_MONITORING' | 'DRIFT_DETECTED' | 'PHANTOM_QUARANTINE' | 'SAFE_STATE' | 'TERMINATED';
149
149
  export type VerificationTier = 'BRONZE' | 'SILVER' | 'GOLD';
150
150
  export interface RevocationRecord {
151
151
  artifact_sealed_hash: HashHex;
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAIlG,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAID,MAAM,MAAM,iBAAiB,GACzB,WAAW,GACX,YAAY,GACZ,iBAAiB,GACjB,YAAY,GACZ,YAAY,GACZ,kBAAkB,GAClB,qBAAqB,GACrB,YAAY,CAAC;AAEjB,MAAM,MAAM,eAAe,GACvB,kBAAkB,GAAG,gBAAgB,GAAG,iBAAiB,GACzD,iBAAiB,GAAI,MAAM,GAAa,WAAW,GACnD,gBAAgB,GAAK,cAAc,GAAK,mBAAmB,GAC3D,gBAAgB,CAAC;AAErB,MAAM,WAAW,iBAAiB;IAChC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,iBAAiB,EAAE,CAAC;IAC1C,uBAAuB,EAAE,OAAO,CAAC;IACjC,iBAAiB,EAAE,eAAe,EAAE,CAAC;CACtC;AAID,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,aAAa,CAAC;AAC/E,MAAM,MAAM,cAAc,GAAG,YAAY,GAAG,YAAY,GAAG,aAAa,CAAC;AAEzE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,EAAE,cAAc,EAAE,CAAC;CACnC;AAED,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,gBAAgB;IAC/B,eAAe,EAAE,WAAW,EAAE,CAAC;IAC/B,kBAAkB,EAAE,gBAAgB,EAAE,CAAC;CACxC;AAID,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAID,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,iBAAiB,CAAC;IAC1C,iBAAiB,EAAE,gBAAgB,CAAC;IACpC,oBAAoB,EAAE,wBAAwB,EAAE,CAAC;IACjD,SAAS,EAAE,eAAe,CAAC;CAC5B;AAMD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,kBAAkB,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC7C,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,MAAM,SAAS,GACjB,SAAS,GACT,iBAAiB,GACjB,qBAAqB,GACrB,YAAY,GACZ,aAAa,GACb,cAAc,GACd,YAAY,GACZ,cAAc,GACd,cAAc,CAAC;AAEnB,MAAM,WAAW,cAAc;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,MAAM,EAAE,SAAS,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,eAAe,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;CACpC;AAID,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,OAAO,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,cAAc,CAAC;IACzB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,aAAa,EAAE,oBAAoB,EAAE,CAAC;IACtC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,WAAW,iBAAiB;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,eAAe,CAAC;CAC5B;AAID,MAAM,MAAM,WAAW,GACnB,gBAAgB,GAChB,uBAAuB,GACvB,mBAAmB,GACnB,gBAAgB,GAChB,oBAAoB,GACpB,YAAY,CAAC;AAEjB,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;AAM5D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CAC5E"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAIlG,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAID,MAAM,MAAM,iBAAiB,GACzB,WAAW,GACX,YAAY,GACZ,iBAAiB,GACjB,YAAY,GACZ,YAAY,GACZ,kBAAkB,GAClB,qBAAqB,GACrB,YAAY,CAAC;AAEjB,MAAM,MAAM,eAAe,GACvB,kBAAkB,GAAG,gBAAgB,GAAG,iBAAiB,GACzD,iBAAiB,GAAI,MAAM,GAAa,WAAW,GACnD,gBAAgB,GAAK,cAAc,GAAK,mBAAmB,GAC3D,gBAAgB,CAAC;AAErB,MAAM,WAAW,iBAAiB;IAChC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,iBAAiB,EAAE,CAAC;IAC1C,uBAAuB,EAAE,OAAO,CAAC;IACjC,iBAAiB,EAAE,eAAe,EAAE,CAAC;CACtC;AAID,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,aAAa,CAAC;AAC/E,MAAM,MAAM,cAAc,GAAG,YAAY,GAAG,YAAY,GAAG,aAAa,CAAC;AAEzE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,EAAE,cAAc,EAAE,CAAC;CACnC;AAED,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,gBAAgB;IAC/B,eAAe,EAAE,WAAW,EAAE,CAAC;IAC/B,kBAAkB,EAAE,gBAAgB,EAAE,CAAC;CACxC;AAID,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAID,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,iBAAiB,CAAC;IAC1C,iBAAiB,EAAE,gBAAgB,CAAC;IACpC,oBAAoB,EAAE,wBAAwB,EAAE,CAAC;IACjD,SAAS,EAAE,eAAe,CAAC;CAC5B;AAMD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,kBAAkB,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC7C,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,MAAM,SAAS,GACjB,SAAS,GACT,iBAAiB,GACjB,qBAAqB,GACrB,YAAY,GACZ,aAAa,GACb,cAAc,GACd,YAAY,GACZ,cAAc,GACd,cAAc,GACd,kBAAkB,GAClB,YAAY,GACZ,gBAAgB,CAAC;AAErB,MAAM,WAAW,cAAc;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,MAAM,EAAE,SAAS,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,eAAe,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;CACpC;AAID,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,OAAO,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,cAAc,CAAC;IACzB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,aAAa,EAAE,oBAAoB,EAAE,CAAC;IACtC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,WAAW,iBAAiB;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,eAAe,CAAC;CAC5B;AAID,MAAM,MAAM,WAAW,GACnB,gBAAgB,GAChB,uBAAuB,GACvB,mBAAmB,GACnB,gBAAgB,GAChB,oBAAoB,GACpB,YAAY,GACZ,YAAY,CAAC;AAEjB,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;AAM5D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CAC5E"}
@@ -0,0 +1,7 @@
1
+ /**
2
+ * Deterministic JSON serialization (RFC 8785 aligned).
3
+ * Moved from src/utils/canonical.ts for directive structure alignment.
4
+ */
5
+ export declare function deepSortKeys(obj: unknown): unknown;
6
+ export declare function canonicalize(obj: unknown): string;
7
+ //# sourceMappingURL=canonicalize.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"canonicalize.d.ts","sourceRoot":"","sources":["../../src/crypto/canonicalize.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CASlD;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CAEjD"}
@@ -0,0 +1,21 @@
1
+ /**
2
+ * Deterministic JSON serialization (RFC 8785 aligned).
3
+ * Moved from src/utils/canonical.ts for directive structure alignment.
4
+ */
5
+ export function deepSortKeys(obj) {
6
+ if (obj === null || obj === undefined || typeof obj !== 'object')
7
+ return obj;
8
+ if (Array.isArray(obj))
9
+ return obj.map(deepSortKeys);
10
+ if (obj instanceof Uint8Array)
11
+ return obj;
12
+ const sorted = {};
13
+ for (const key of Object.keys(obj).sort()) {
14
+ sorted[key] = deepSortKeys(obj[key]);
15
+ }
16
+ return sorted;
17
+ }
18
+ export function canonicalize(obj) {
19
+ return JSON.stringify(deepSortKeys(obj));
20
+ }
21
+ //# sourceMappingURL=canonicalize.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"canonicalize.js","sourceRoot":"","sources":["../../src/crypto/canonicalize.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,GAAY;IACvC,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IAC7E,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACrD,IAAI,GAAG,YAAY,UAAU;QAAE,OAAO,GAAG,CAAC;IAC1C,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACrE,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAE,GAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,GAAY;IACvC,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3C,CAAC"}
@@ -1,6 +1,7 @@
1
- export * from './types.js';
2
- export * from './hash.js';
3
- export * from './sign.js';
4
- export * from './salt.js';
5
- export * from './merkle.js';
1
+ export { sha256Bytes, sha256Str, blake2b256, sha256Cat, sha256HexCat } from './hash.js';
2
+ export { generateKeyPair, sign, signStr, verify, verifyStr, sigToB64, b64ToSig, pkToHex, hexToPk } from './sign.js';
3
+ export { generateSalt, saltedCommitment, verifySaltedCommitment } from './salt.js';
4
+ export { buildMerkleTree, inclusionProof, verifyProof } from './merkle.js';
5
+ export { canonicalize, deepSortKeys } from './canonicalize.js';
6
+ export { keyFingerprint, isKeyValid, rotateKeyPair } from './keys.js';
6
7
  //# sourceMappingURL=index.d.ts.map