@attested-intelligence/aga-mcp-server 0.1.1 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (194) hide show
  1. package/PATENTS.md +28 -0
  2. package/README.md +84 -23
  3. package/dist/context.d.ts +39 -0
  4. package/dist/context.d.ts.map +1 -0
  5. package/dist/context.js +113 -0
  6. package/dist/context.js.map +1 -0
  7. package/dist/core/identity.d.ts +14 -0
  8. package/dist/core/identity.d.ts.map +1 -0
  9. package/dist/core/identity.js +16 -0
  10. package/dist/core/identity.js.map +1 -0
  11. package/dist/core/index.d.ts +3 -0
  12. package/dist/core/index.d.ts.map +1 -1
  13. package/dist/core/index.js +3 -0
  14. package/dist/core/index.js.map +1 -1
  15. package/dist/core/measurement.d.ts +16 -0
  16. package/dist/core/measurement.d.ts.map +1 -0
  17. package/dist/core/measurement.js +18 -0
  18. package/dist/core/measurement.js.map +1 -0
  19. package/dist/core/portal.d.ts +1 -1
  20. package/dist/core/portal.d.ts.map +1 -1
  21. package/dist/core/portal.js +10 -5
  22. package/dist/core/portal.js.map +1 -1
  23. package/dist/core/types.d.ts +2 -2
  24. package/dist/core/types.d.ts.map +1 -1
  25. package/dist/crypto/canonicalize.d.ts +7 -0
  26. package/dist/crypto/canonicalize.d.ts.map +1 -0
  27. package/dist/crypto/canonicalize.js +21 -0
  28. package/dist/crypto/canonicalize.js.map +1 -0
  29. package/dist/crypto/index.d.ts +6 -5
  30. package/dist/crypto/index.d.ts.map +1 -1
  31. package/dist/crypto/index.js +6 -5
  32. package/dist/crypto/index.js.map +1 -1
  33. package/dist/crypto/keys.d.ts +10 -0
  34. package/dist/crypto/keys.d.ts.map +1 -0
  35. package/dist/crypto/keys.js +19 -0
  36. package/dist/crypto/keys.js.map +1 -0
  37. package/dist/index.js +1 -1
  38. package/dist/index.js.map +1 -1
  39. package/dist/middleware/governance.d.ts +1 -7
  40. package/dist/middleware/governance.d.ts.map +1 -1
  41. package/dist/middleware/governance.js +11 -18
  42. package/dist/middleware/governance.js.map +1 -1
  43. package/dist/prompts/drift-analysis.d.ts +13 -0
  44. package/dist/prompts/drift-analysis.d.ts.map +1 -0
  45. package/dist/prompts/drift-analysis.js +43 -0
  46. package/dist/prompts/drift-analysis.js.map +1 -0
  47. package/dist/prompts/governance-report.d.ts +7 -0
  48. package/dist/prompts/governance-report.d.ts.map +1 -0
  49. package/dist/prompts/governance-report.js +26 -0
  50. package/dist/prompts/governance-report.js.map +1 -0
  51. package/dist/prompts/nccoe-demo.d.ts +14 -0
  52. package/dist/prompts/nccoe-demo.d.ts.map +1 -0
  53. package/dist/prompts/nccoe-demo.js +48 -0
  54. package/dist/prompts/nccoe-demo.js.map +1 -0
  55. package/dist/resources/crypto-primitives.d.ts +3 -0
  56. package/dist/resources/crypto-primitives.d.ts.map +1 -0
  57. package/dist/resources/crypto-primitives.js +52 -0
  58. package/dist/resources/crypto-primitives.js.map +1 -0
  59. package/dist/resources/patent-claims.d.ts +3 -0
  60. package/dist/resources/patent-claims.d.ts.map +1 -0
  61. package/dist/resources/patent-claims.js +67 -0
  62. package/dist/resources/patent-claims.js.map +1 -0
  63. package/dist/resources/sample-bundle.d.ts +6 -0
  64. package/dist/resources/sample-bundle.d.ts.map +1 -0
  65. package/dist/resources/sample-bundle.js +58 -0
  66. package/dist/resources/sample-bundle.js.map +1 -0
  67. package/dist/resources/specification.d.ts +3 -0
  68. package/dist/resources/specification.d.ts.map +1 -0
  69. package/dist/resources/specification.js +107 -0
  70. package/dist/resources/specification.js.map +1 -0
  71. package/dist/server.d.ts +4 -7
  72. package/dist/server.d.ts.map +1 -1
  73. package/dist/server.js +217 -343
  74. package/dist/server.js.map +1 -1
  75. package/dist/storage/sqlite.js +1 -1
  76. package/dist/tools/create-artifact.d.ts +25 -0
  77. package/dist/tools/create-artifact.d.ts.map +1 -0
  78. package/dist/tools/create-artifact.js +85 -0
  79. package/dist/tools/create-artifact.js.map +1 -0
  80. package/dist/tools/delegate-subagent.d.ts +18 -0
  81. package/dist/tools/delegate-subagent.d.ts.map +1 -0
  82. package/dist/tools/delegate-subagent.js +50 -0
  83. package/dist/tools/delegate-subagent.js.map +1 -0
  84. package/dist/tools/disclose-claim.d.ts +14 -0
  85. package/dist/tools/disclose-claim.d.ts.map +1 -0
  86. package/dist/tools/disclose-claim.js +23 -0
  87. package/dist/tools/disclose-claim.js.map +1 -0
  88. package/dist/tools/export-bundle.d.ts +8 -0
  89. package/dist/tools/export-bundle.d.ts.map +1 -0
  90. package/dist/tools/export-bundle.js +25 -0
  91. package/dist/tools/export-bundle.js.map +1 -0
  92. package/dist/tools/full-lifecycle.d.ts +16 -0
  93. package/dist/tools/full-lifecycle.d.ts.map +1 -0
  94. package/dist/tools/full-lifecycle.js +121 -0
  95. package/dist/tools/full-lifecycle.js.map +1 -0
  96. package/dist/tools/generate-receipt.d.ts +16 -0
  97. package/dist/tools/generate-receipt.d.ts.map +1 -0
  98. package/dist/tools/generate-receipt.js +31 -0
  99. package/dist/tools/generate-receipt.js.map +1 -0
  100. package/dist/tools/get-chain.d.ts +14 -0
  101. package/dist/tools/get-chain.d.ts.map +1 -0
  102. package/dist/tools/get-chain.js +45 -0
  103. package/dist/tools/get-chain.js.map +1 -0
  104. package/dist/tools/get-portal-state.d.ts +8 -0
  105. package/dist/tools/get-portal-state.d.ts.map +1 -0
  106. package/dist/tools/get-portal-state.js +15 -0
  107. package/dist/tools/get-portal-state.js.map +1 -0
  108. package/dist/tools/init-chain.d.ts +10 -0
  109. package/dist/tools/init-chain.d.ts.map +1 -0
  110. package/dist/tools/init-chain.js +13 -0
  111. package/dist/tools/init-chain.js.map +1 -0
  112. package/dist/tools/measure-behavior.d.ts +12 -0
  113. package/dist/tools/measure-behavior.d.ts.map +1 -0
  114. package/dist/tools/measure-behavior.js +29 -0
  115. package/dist/tools/measure-behavior.js.map +1 -0
  116. package/dist/tools/measure-subject.d.ts +15 -0
  117. package/dist/tools/measure-subject.d.ts.map +1 -0
  118. package/dist/tools/measure-subject.js +106 -0
  119. package/dist/tools/measure-subject.js.map +1 -0
  120. package/dist/tools/quarantine-status.d.ts +8 -0
  121. package/dist/tools/quarantine-status.d.ts.map +1 -0
  122. package/dist/tools/quarantine-status.js +16 -0
  123. package/dist/tools/quarantine-status.js.map +1 -0
  124. package/dist/tools/revoke-artifact.d.ts +13 -0
  125. package/dist/tools/revoke-artifact.d.ts.map +1 -0
  126. package/dist/tools/revoke-artifact.js +24 -0
  127. package/dist/tools/revoke-artifact.js.map +1 -0
  128. package/dist/tools/rotate-keys.d.ts +13 -0
  129. package/dist/tools/rotate-keys.d.ts.map +1 -0
  130. package/dist/tools/rotate-keys.js +39 -0
  131. package/dist/tools/rotate-keys.js.map +1 -0
  132. package/dist/tools/server-info.d.ts +8 -0
  133. package/dist/tools/server-info.d.ts.map +1 -0
  134. package/dist/tools/server-info.js +24 -0
  135. package/dist/tools/server-info.js.map +1 -0
  136. package/dist/tools/set-verification-tier.d.ts +11 -0
  137. package/dist/tools/set-verification-tier.d.ts.map +1 -0
  138. package/dist/tools/set-verification-tier.js +31 -0
  139. package/dist/tools/set-verification-tier.js.map +1 -0
  140. package/dist/tools/start-monitoring.d.ts +12 -0
  141. package/dist/tools/start-monitoring.d.ts.map +1 -0
  142. package/dist/tools/start-monitoring.js +17 -0
  143. package/dist/tools/start-monitoring.js.map +1 -0
  144. package/dist/tools/trigger-measurement.d.ts +15 -0
  145. package/dist/tools/trigger-measurement.d.ts.map +1 -0
  146. package/dist/tools/trigger-measurement.js +86 -0
  147. package/dist/tools/trigger-measurement.js.map +1 -0
  148. package/dist/tools/verify-artifact.d.ts +13 -0
  149. package/dist/tools/verify-artifact.d.ts.map +1 -0
  150. package/dist/tools/verify-artifact.js +6 -0
  151. package/dist/tools/verify-artifact.js.map +1 -0
  152. package/dist/tools/verify-bundle.d.ts +13 -0
  153. package/dist/tools/verify-bundle.d.ts.map +1 -0
  154. package/dist/tools/verify-bundle.js +6 -0
  155. package/dist/tools/verify-bundle.js.map +1 -0
  156. package/dist/types.d.ts +262 -0
  157. package/dist/types.d.ts.map +1 -0
  158. package/dist/types.js +9 -0
  159. package/dist/types.js.map +1 -0
  160. package/package.json +19 -3
  161. package/AGA_MCP_SERVER_SPEC.md +0 -632
  162. package/src/core/artifact.ts +0 -45
  163. package/src/core/attestation.ts +0 -33
  164. package/src/core/behavioral.ts +0 -132
  165. package/src/core/bundle.ts +0 -31
  166. package/src/core/chain.ts +0 -72
  167. package/src/core/checkpoint.ts +0 -22
  168. package/src/core/delegation.ts +0 -146
  169. package/src/core/disclosure.ts +0 -32
  170. package/src/core/index.ts +0 -11
  171. package/src/core/portal.ts +0 -96
  172. package/src/core/quarantine.ts +0 -16
  173. package/src/core/receipt.ts +0 -33
  174. package/src/core/subject.ts +0 -11
  175. package/src/core/types.ts +0 -244
  176. package/src/crypto/hash.ts +0 -33
  177. package/src/crypto/index.ts +0 -5
  178. package/src/crypto/merkle.ts +0 -43
  179. package/src/crypto/salt.ts +0 -18
  180. package/src/crypto/sign.ts +0 -35
  181. package/src/crypto/types.ts +0 -19
  182. package/src/index.ts +0 -12
  183. package/src/middleware/governance.ts +0 -95
  184. package/src/middleware/index.ts +0 -1
  185. package/src/server.ts +0 -436
  186. package/src/storage/index.ts +0 -3
  187. package/src/storage/interface.ts +0 -21
  188. package/src/storage/memory.ts +0 -27
  189. package/src/storage/sqlite.ts +0 -45
  190. package/src/tools/README.md +0 -13
  191. package/src/utils/canonical.ts +0 -14
  192. package/src/utils/constants.ts +0 -3
  193. package/src/utils/timestamp.ts +0 -12
  194. package/src/utils/uuid.ts +0 -2
package/src/core/types.ts DELETED
@@ -1,244 +0,0 @@
1
- /**
2
- * V3: Aligned with NIST-2025-0035 and NCCoE AI Agent Identity filings.
3
- * Every interface annotated with patent reference numeral.
4
- */
5
- import type { HashHex, SignatureBase64, SaltHex, MerkleInclusionProof } from '../crypto/types.js';
6
-
7
- // ── Subject (100, 102, 104, 106, 126) ──────────────────────────
8
-
9
- export interface SubjectIdentifier { // Ref 126
10
- bytes_hash: HashHex; // Ref 104
11
- metadata_hash: HashHex; // Ref 106
12
- }
13
-
14
- export interface SubjectMetadata {
15
- filename?: string;
16
- creation_timestamp?: string;
17
- author?: string;
18
- version?: string;
19
- content_type?: string;
20
- [key: string]: unknown;
21
- }
22
-
23
- // ── Enforcement (130–136, 162–168) ──────────────────────────────
24
-
25
- export type EnforcementAction =
26
- | 'TERMINATE' // Ref 162: immediate kill
27
- | 'QUARANTINE' // Ref 164: phantom execution
28
- | 'NETWORK_ISOLATE' // Ref 166: sever network, continue local
29
- | 'SAFE_STATE' // Ref 168: return-to-home / controlled shutdown
30
- | 'KEY_REVOKE' // invalidate crypto keys
31
- | 'TOKEN_INVALIDATE' // revoke access tokens
32
- | 'ACTUATOR_DISCONNECT' // sever physical actuator connections
33
- | 'ALERT_ONLY'; // log without enforcement (gradual deployment)
34
-
35
- export type MeasurementType =
36
- | 'EXECUTABLE_IMAGE' | 'LOADED_MODULES' | 'CONTAINER_IMAGE'
37
- | 'CONFIG_MANIFEST' | 'SBOM' | 'TEE_QUOTE'
38
- | 'MEMORY_REGIONS' | 'CONTROL_FLOW' | 'FILE_SYSTEM_STATE'
39
- | 'NETWORK_CONFIG';
40
-
41
- export interface EnforcementParams { // Ref 130
42
- measurement_cadence_ms: number; // Ref 132
43
- ttl_seconds: number; // Ref 134
44
- enforcement_triggers: EnforcementAction[]; // Ref 136
45
- re_attestation_required: boolean;
46
- measurement_types: MeasurementType[];
47
- }
48
-
49
- // ── Policy & Disclosure (112, 138–142) ──────────────────────────
50
-
51
- export type Sensitivity = 'S1_LOW' | 'S2_MODERATE' | 'S3_HIGH' | 'S4_CRITICAL';
52
- export type DisclosureMode = 'PROOF_ONLY' | 'REVEAL_MIN' | 'REVEAL_FULL';
53
-
54
- export interface ClaimRecord { // Ref 140
55
- claim_id: string;
56
- sensitivity: Sensitivity;
57
- substitutes: string[];
58
- inference_risks: string[];
59
- permitted_modes: DisclosureMode[];
60
- }
61
-
62
- export interface SubstitutionRule { // Ref 142
63
- original_claim_id: string;
64
- substitute_claim_id: string;
65
- conditions: Record<string, unknown>;
66
- }
67
-
68
- export interface DisclosurePolicy { // Ref 138
69
- claims_taxonomy: ClaimRecord[];
70
- substitution_rules: SubstitutionRule[];
71
- }
72
-
73
- // ── Evidence Commitment (114) ───────────────────────────────────
74
-
75
- export interface EvidenceCommitmentRecord {
76
- commitment: HashHex;
77
- salt: SaltHex;
78
- label: string;
79
- }
80
-
81
- // ── Policy Artifact (120, 122, 124, 144) ────────────────────────
82
-
83
- export interface PolicyArtifact { // Ref 122 (Weave Piece)
84
- schema_version: string;
85
- protocol_version: string;
86
- subject_identifier: SubjectIdentifier;
87
- policy_reference: HashHex; // Ref 128
88
- policy_version: number;
89
- sealed_hash: HashHex; // Ref 124
90
- seal_salt: SaltHex; // stored for audit
91
- issued_timestamp: string;
92
- effective_timestamp: string;
93
- expiration_timestamp: string | null;
94
- issuer_identifier: string;
95
- enforcement_parameters: EnforcementParams;
96
- disclosure_policy: DisclosurePolicy;
97
- evidence_commitments: EvidenceCommitmentRecord[];
98
- signature: SignatureBase64; // Ref 144
99
- }
100
-
101
- // ── Receipts (170, 172) ─────────────────────────────────────────
102
- // V3: Generated for EVERY measurement, not just drift. Per NIST filing:
103
- // "each measurement generates a signed receipt — match or mismatch"
104
-
105
- export interface SignedReceipt { // Ref 172
106
- receipt_id: string;
107
- subject_identifier: SubjectIdentifier;
108
- artifact_reference: HashHex;
109
- current_hash: string;
110
- sealed_hash: string;
111
- drift_detected: boolean;
112
- drift_description: string | null;
113
- enforcement_action: EnforcementAction | null;
114
- measurement_type: string; // V3: which measurement was performed
115
- timestamp: string;
116
- sequence_number: number;
117
- previous_leaf_hash: HashHex | null;
118
- portal_signature: SignatureBase64;
119
- }
120
-
121
- // ── Continuity Chain (180–196) ──────────────────────────────────
122
-
123
- export type EventType =
124
- | 'GENESIS'
125
- | 'POLICY_ISSUANCE'
126
- | 'INTERACTION_RECEIPT'
127
- | 'REVOCATION' // V3: mid-session revocation
128
- | 'ATTESTATION'
129
- | 'ANCHOR_BATCH'
130
- | 'DISCLOSURE'
131
- | 'SUBSTITUTION'
132
- | 'KEY_ROTATION'; // V3: key lifecycle event
133
-
134
- export interface GenesisPayload {
135
- protocol_version: string;
136
- taxonomy_version: string;
137
- root_fingerprint: string;
138
- specification_hash: HashHex;
139
- marker: 'GENESIS';
140
- }
141
-
142
- export interface ContinuityEvent { // Ref 184
143
- schema_version: string;
144
- protocol_version: string;
145
- event_type: EventType;
146
- event_id: string;
147
- sequence_number: number;
148
- timestamp: string;
149
- previous_leaf_hash: HashHex | null;
150
- leaf_hash: HashHex; // Ref 186
151
- payload: unknown; // Ref 192
152
- payload_hash: HashHex; // Ref 194
153
- event_signature: SignatureBase64; // Ref 196
154
- }
155
-
156
- export interface StructuralMetadata { // Ref 190
157
- schema_version: string;
158
- protocol_version: string;
159
- event_type: EventType;
160
- event_id: string;
161
- sequence_number: number;
162
- timestamp: string;
163
- previous_leaf_hash: HashHex | null;
164
- }
165
-
166
- // ── Checkpoints (200–214) ───────────────────────────────────────
167
-
168
- export interface CheckpointReference {
169
- merkle_root: HashHex;
170
- batch_start_sequence: number;
171
- batch_end_sequence: number;
172
- anchor_network: string;
173
- transaction_id: string;
174
- timestamp: string;
175
- }
176
-
177
- export interface AnchorBatchPayload {
178
- checkpoint_reference: CheckpointReference;
179
- leaf_count: number;
180
- }
181
-
182
- // ── Evidence Bundle (240–246) ───────────────────────────────────
183
-
184
- export interface EvidenceBundle {
185
- artifact: PolicyArtifact;
186
- receipts: SignedReceipt[];
187
- merkle_proofs: MerkleInclusionProof[];
188
- checkpoint_reference: CheckpointReference;
189
- public_key: string;
190
- bundle_signature: SignatureBase64;
191
- }
192
-
193
- // ── Disclosure (250–256) ────────────────────────────────────────
194
-
195
- export interface DisclosureRequest {
196
- requested_claim_id: string;
197
- requester_id: string;
198
- mode: DisclosureMode;
199
- timestamp: string;
200
- }
201
-
202
- export interface SubstitutionReceipt {
203
- receipt_id: string;
204
- original_claim_id: string;
205
- substitute_claim_id: string | null;
206
- policy_version: number;
207
- reason_code: string;
208
- timestamp: string;
209
- chain_sequence_ref: number;
210
- signature: SignatureBase64;
211
- }
212
-
213
- // ── Portal State Machine (150, 270–280) ─────────────────────────
214
-
215
- export type PortalState =
216
- | 'INITIALIZATION' // Ref 270
217
- | 'ARTIFACT_VERIFICATION' // Ref 272
218
- | 'ACTIVE_MONITORING' // Ref 274
219
- | 'DRIFT_DETECTED' // Ref 276
220
- | 'PHANTOM_QUARANTINE' // Ref 278
221
- | 'TERMINATED'; // Ref 280
222
-
223
- export type VerificationTier = 'BRONZE' | 'SILVER' | 'GOLD';
224
-
225
- // ── Revocation (V3) ────────────────────────────────────────────
226
- // Per NCCoE filing Phase 3b: "An administrator pushes a REVOCATION event
227
- // to the continuity chain, invalidating the agent's active policy artifact."
228
-
229
- export interface RevocationRecord {
230
- artifact_sealed_hash: HashHex;
231
- reason: string;
232
- revoked_by: string; // issuer pk hex
233
- timestamp: string;
234
- }
235
-
236
- // ── Quarantine (220–230) ────────────────────────────────────────
237
-
238
- export interface QuarantineState {
239
- active: boolean;
240
- started_at: string | null;
241
- inputs_captured: number;
242
- outputs_severed: boolean;
243
- forensic_buffer: Array<{ timestamp: string; type: string; data: unknown }>;
244
- }
@@ -1,33 +0,0 @@
1
- import { sha256 } from '@noble/hashes/sha256';
2
- import { blake2b } from '@noble/hashes/blake2b';
3
- import { bytesToHex } from '@noble/hashes/utils';
4
- import type { HashHex } from './types.js';
5
-
6
- const enc = new TextEncoder();
7
-
8
- export function sha256Bytes(data: Uint8Array): HashHex {
9
- return bytesToHex(sha256(data));
10
- }
11
-
12
- export function sha256Str(data: string): HashHex {
13
- return sha256Bytes(enc.encode(data));
14
- }
15
-
16
- export function blake2b256(data: Uint8Array): HashHex {
17
- return bytesToHex(blake2b(data, { dkLen: 32 }));
18
- }
19
-
20
- /** Concatenate inputs (NO delimiter) and SHA-256. Patent Section D: "no delimiters." */
21
- export function sha256Cat(...parts: (Uint8Array | string)[]): HashHex {
22
- const bufs = parts.map(p => typeof p === 'string' ? enc.encode(p) : p);
23
- const total = bufs.reduce((n, b) => n + b.length, 0);
24
- const combined = new Uint8Array(total);
25
- let off = 0;
26
- for (const b of bufs) { combined.set(b, off); off += b.length; }
27
- return sha256Bytes(combined);
28
- }
29
-
30
- /** Concatenate hex strings as text (no decode) and hash. For sealed_hash computation. */
31
- export function sha256HexCat(...hexes: string[]): HashHex {
32
- return sha256Str(hexes.join(''));
33
- }
@@ -1,5 +0,0 @@
1
- export * from './types.js';
2
- export * from './hash.js';
3
- export * from './sign.js';
4
- export * from './salt.js';
5
- export * from './merkle.js';
@@ -1,43 +0,0 @@
1
- import { sha256Str } from './hash.js';
2
- import type { HashHex, MerkleInclusionProof } from './types.js';
3
-
4
- function pair(l: HashHex, r: HashHex): HashHex { return sha256Str(l + r); }
5
-
6
- export function buildMerkleTree(leaves: HashHex[]): { root: HashHex; layers: HashHex[][] } {
7
- if (!leaves.length) throw new Error('Empty leaf set');
8
- if (leaves.length === 1) return { root: leaves[0], layers: [leaves] };
9
- const layers: HashHex[][] = [[...leaves]];
10
- let cur = leaves;
11
- while (cur.length > 1) {
12
- const next: HashHex[] = [];
13
- for (let i = 0; i < cur.length; i += 2) {
14
- next.push(pair(cur[i], i + 1 < cur.length ? cur[i + 1] : cur[i]));
15
- }
16
- layers.push(next);
17
- cur = next;
18
- }
19
- return { root: cur[0], layers };
20
- }
21
-
22
- export function inclusionProof(leaves: HashHex[], idx: number): MerkleInclusionProof {
23
- if (idx < 0 || idx >= leaves.length) throw new RangeError(`Index ${idx} out of [0,${leaves.length})`);
24
- const { root, layers } = buildMerkleTree(leaves);
25
- const siblings: MerkleInclusionProof['siblings'] = [];
26
- let ci = idx;
27
- for (let L = 0; L < layers.length - 1; L++) {
28
- const layer = layers[L];
29
- const isRight = ci % 2 === 1;
30
- const si = isRight ? ci - 1 : (ci + 1 < layer.length ? ci + 1 : ci);
31
- siblings.push({ hash: layer[si], position: isRight ? 'left' : 'right' });
32
- ci = Math.floor(ci / 2);
33
- }
34
- return { leafHash: leaves[idx], leafIndex: idx, siblings, root };
35
- }
36
-
37
- export function verifyProof(proof: MerkleInclusionProof): boolean {
38
- let h = proof.leafHash;
39
- for (const s of proof.siblings) {
40
- h = s.position === 'left' ? pair(s.hash, h) : pair(h, s.hash);
41
- }
42
- return h === proof.root;
43
- }
@@ -1,18 +0,0 @@
1
- import { randomBytes } from 'node:crypto';
2
- import { bytesToHex } from '@noble/hashes/utils';
3
- import { sha256Cat } from './hash.js';
4
- import type { SaltHex, SaltedCommitment, HashHex } from './types.js';
5
-
6
- const enc = new TextEncoder();
7
-
8
- export function generateSalt(): SaltHex { return bytesToHex(randomBytes(16)); }
9
-
10
- export function saltedCommitment(content: Uint8Array | string, salt?: SaltHex): SaltedCommitment {
11
- const s = salt ?? generateSalt();
12
- const c = typeof content === 'string' ? enc.encode(content) : content;
13
- return { commitment: sha256Cat(c, s), salt: s };
14
- }
15
-
16
- export function verifySaltedCommitment(content: Uint8Array | string, salt: SaltHex, expected: HashHex): boolean {
17
- return saltedCommitment(content, salt).commitment === expected;
18
- }
@@ -1,35 +0,0 @@
1
- import * as ed from '@noble/ed25519';
2
- import { sha512 } from '@noble/hashes/sha512';
3
- import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
4
- import type { KeyPair, Signature, SignatureBase64 } from './types.js';
5
-
6
- // Set sha512 sync ONCE at module load
7
- ed.etc.sha512Sync = (...m: Uint8Array[]) => {
8
- const total = m.reduce((n, a) => n + a.length, 0);
9
- const buf = new Uint8Array(total);
10
- let off = 0;
11
- for (const a of m) { buf.set(a, off); off += a.length; }
12
- return sha512(buf);
13
- };
14
-
15
- const enc = new TextEncoder();
16
-
17
- export function generateKeyPair(): KeyPair {
18
- const secretKey = ed.utils.randomPrivateKey();
19
- return { publicKey: ed.getPublicKey(secretKey), secretKey };
20
- }
21
-
22
- export function sign(msg: Uint8Array, sk: Uint8Array): Signature { return ed.sign(msg, sk); }
23
- export function signStr(msg: string, sk: Uint8Array): Signature { return sign(enc.encode(msg), sk); }
24
-
25
- export function verify(sig: Signature, msg: Uint8Array, pk: Uint8Array): boolean {
26
- try { return ed.verify(sig, msg, pk); } catch { return false; }
27
- }
28
- export function verifyStr(sig: Signature, msg: string, pk: Uint8Array): boolean {
29
- return verify(sig, enc.encode(msg), pk);
30
- }
31
-
32
- export const sigToB64 = (s: Signature): SignatureBase64 => Buffer.from(s).toString('base64');
33
- export const b64ToSig = (b: SignatureBase64): Signature => new Uint8Array(Buffer.from(b, 'base64'));
34
- export const pkToHex = (pk: Uint8Array): string => bytesToHex(pk);
35
- export const hexToPk = (h: string): Uint8Array => hexToBytes(h);
@@ -1,19 +0,0 @@
1
- export type PublicKey = Uint8Array;
2
- export type SecretKey = Uint8Array;
3
- export interface KeyPair { publicKey: PublicKey; secretKey: SecretKey; }
4
- export type Signature = Uint8Array;
5
- export type HashHex = string;
6
- export type SignatureBase64 = string;
7
- export type SaltHex = string;
8
-
9
- export interface SaltedCommitment {
10
- commitment: HashHex;
11
- salt: SaltHex;
12
- }
13
-
14
- export interface MerkleInclusionProof {
15
- leafHash: HashHex;
16
- leafIndex: number;
17
- siblings: Array<{ hash: HashHex; position: 'left' | 'right' }>;
18
- root: HashHex;
19
- }
package/src/index.ts DELETED
@@ -1,12 +0,0 @@
1
- #!/usr/bin/env node
2
- import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
3
- import { createAGAServer } from './server.js';
4
-
5
- async function main() {
6
- const server = await createAGAServer();
7
- const transport = new StdioServerTransport();
8
- await server.connect(transport);
9
- console.error('AGA MCP Server running on stdio');
10
- }
11
-
12
- main().catch(e => { console.error('Fatal:', e); process.exit(1); });
@@ -1,95 +0,0 @@
1
- /**
2
- * Governance Middleware — wraps every MCP tool handler.
3
- *
4
- * NCCoE filing Section 4: "The portal operates as a Policy Enforcement Point (PEP)...
5
- * Every tool invocation, API call, actuator command, and data access passes through
6
- * the portal, which evaluates it against the sealed artifact's enforcement parameters."
7
- *
8
- * Behavior:
9
- * - TERMINATED state → reject all governed tools
10
- * - PHANTOM_QUARANTINE → capture tool call as forensic input, reject
11
- * - ACTIVE_MONITORING → allow, log to chain
12
- * - Ungoverned tools (get_server_info, get_portal_state, list_claims) → always allow
13
- */
14
- import type { Portal } from '../core/portal.js';
15
- import type { QuarantineState } from '../core/types.js';
16
- import { captureInput } from '../core/quarantine.js';
17
- import type { BehavioralMonitor } from '../core/behavioral.js';
18
- import { sha256Str } from '../crypto/hash.js';
19
- import { canonicalize } from '../utils/canonical.js';
20
-
21
- export type ToolResult = { content: Array<{ type: 'text'; text: string }> };
22
- export type ToolHandler<T = any> = (args: T) => Promise<ToolResult>;
23
-
24
- const UNGOVERNED_TOOLS = new Set([
25
- 'get_server_info',
26
- 'get_portal_state',
27
- 'get_receipts',
28
- 'get_chain_events',
29
- 'list_claims',
30
- 'init_chain', // must work before attestation
31
- 'attest_subject', // creates the governance relationship
32
- 'verify_chain', // read-only verification
33
- ]);
34
-
35
- export function createGovernanceWrapper(
36
- portal: Portal,
37
- quarantine: { current: QuarantineState | null },
38
- toolName: string,
39
- behavioralMonitor?: BehavioralMonitor
40
- ) {
41
- const isGoverned = !UNGOVERNED_TOOLS.has(toolName);
42
-
43
- return function wrapHandler<T>(handler: ToolHandler<T>): ToolHandler<T> {
44
- if (!isGoverned) return handler;
45
-
46
- return async (args: T): Promise<ToolResult> => {
47
- const j = (x: unknown): ToolResult => ({
48
- content: [{ type: 'text', text: JSON.stringify(x, null, 2) }]
49
- });
50
-
51
- // TERMINATED → reject everything
52
- if (portal.state === 'TERMINATED') {
53
- return j({
54
- success: false,
55
- error: 'GOVERNANCE_BLOCKED: Portal is terminated. Agent governance has been revoked. Re-attestation required.',
56
- portal_state: portal.state,
57
- tool: toolName,
58
- });
59
- }
60
-
61
- // PHANTOM_QUARANTINE → capture as forensic input, reject
62
- if (portal.state === 'PHANTOM_QUARANTINE' && quarantine.current?.active) {
63
- captureInput(quarantine.current, `tool_call:${toolName}`, {
64
- tool: toolName,
65
- args,
66
- timestamp: new Date().toISOString(),
67
- });
68
- return j({
69
- success: false,
70
- error: 'GOVERNANCE_QUARANTINED: Agent is in phantom quarantine. All outputs are severed. Inputs are being captured for forensic analysis.',
71
- portal_state: portal.state,
72
- tool: toolName,
73
- forensic_capture: true,
74
- });
75
- }
76
-
77
- // INITIALIZATION or ARTIFACT_VERIFICATION → not yet governed
78
- if (portal.state === 'INITIALIZATION' || portal.state === 'ARTIFACT_VERIFICATION') {
79
- return j({
80
- success: false,
81
- error: 'GOVERNANCE_NOT_READY: No active policy artifact. Call attest_subject first.',
82
- portal_state: portal.state,
83
- tool: toolName,
84
- });
85
- }
86
-
87
- // ACTIVE_MONITORING or DRIFT_DETECTED → record + allow through
88
- if (behavioralMonitor) {
89
- const argsHash = sha256Str(canonicalize(args));
90
- behavioralMonitor.recordInvocation(toolName, argsHash);
91
- }
92
- return handler(args);
93
- };
94
- };
95
- }
@@ -1 +0,0 @@
1
- export * from './governance.js';