@attested-intelligence/aga-mcp-server 0.1.1 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/PATENTS.md +28 -0
- package/README.md +84 -23
- package/dist/context.d.ts +39 -0
- package/dist/context.d.ts.map +1 -0
- package/dist/context.js +113 -0
- package/dist/context.js.map +1 -0
- package/dist/core/identity.d.ts +14 -0
- package/dist/core/identity.d.ts.map +1 -0
- package/dist/core/identity.js +16 -0
- package/dist/core/identity.js.map +1 -0
- package/dist/core/index.d.ts +3 -0
- package/dist/core/index.d.ts.map +1 -1
- package/dist/core/index.js +3 -0
- package/dist/core/index.js.map +1 -1
- package/dist/core/measurement.d.ts +16 -0
- package/dist/core/measurement.d.ts.map +1 -0
- package/dist/core/measurement.js +18 -0
- package/dist/core/measurement.js.map +1 -0
- package/dist/core/portal.d.ts +1 -1
- package/dist/core/portal.d.ts.map +1 -1
- package/dist/core/portal.js +10 -5
- package/dist/core/portal.js.map +1 -1
- package/dist/core/types.d.ts +2 -2
- package/dist/core/types.d.ts.map +1 -1
- package/dist/crypto/canonicalize.d.ts +7 -0
- package/dist/crypto/canonicalize.d.ts.map +1 -0
- package/dist/crypto/canonicalize.js +21 -0
- package/dist/crypto/canonicalize.js.map +1 -0
- package/dist/crypto/index.d.ts +6 -5
- package/dist/crypto/index.d.ts.map +1 -1
- package/dist/crypto/index.js +6 -5
- package/dist/crypto/index.js.map +1 -1
- package/dist/crypto/keys.d.ts +10 -0
- package/dist/crypto/keys.d.ts.map +1 -0
- package/dist/crypto/keys.js +19 -0
- package/dist/crypto/keys.js.map +1 -0
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/middleware/governance.d.ts +1 -7
- package/dist/middleware/governance.d.ts.map +1 -1
- package/dist/middleware/governance.js +11 -18
- package/dist/middleware/governance.js.map +1 -1
- package/dist/prompts/drift-analysis.d.ts +13 -0
- package/dist/prompts/drift-analysis.d.ts.map +1 -0
- package/dist/prompts/drift-analysis.js +43 -0
- package/dist/prompts/drift-analysis.js.map +1 -0
- package/dist/prompts/governance-report.d.ts +7 -0
- package/dist/prompts/governance-report.d.ts.map +1 -0
- package/dist/prompts/governance-report.js +26 -0
- package/dist/prompts/governance-report.js.map +1 -0
- package/dist/prompts/nccoe-demo.d.ts +14 -0
- package/dist/prompts/nccoe-demo.d.ts.map +1 -0
- package/dist/prompts/nccoe-demo.js +48 -0
- package/dist/prompts/nccoe-demo.js.map +1 -0
- package/dist/resources/crypto-primitives.d.ts +3 -0
- package/dist/resources/crypto-primitives.d.ts.map +1 -0
- package/dist/resources/crypto-primitives.js +52 -0
- package/dist/resources/crypto-primitives.js.map +1 -0
- package/dist/resources/patent-claims.d.ts +3 -0
- package/dist/resources/patent-claims.d.ts.map +1 -0
- package/dist/resources/patent-claims.js +67 -0
- package/dist/resources/patent-claims.js.map +1 -0
- package/dist/resources/sample-bundle.d.ts +6 -0
- package/dist/resources/sample-bundle.d.ts.map +1 -0
- package/dist/resources/sample-bundle.js +58 -0
- package/dist/resources/sample-bundle.js.map +1 -0
- package/dist/resources/specification.d.ts +3 -0
- package/dist/resources/specification.d.ts.map +1 -0
- package/dist/resources/specification.js +107 -0
- package/dist/resources/specification.js.map +1 -0
- package/dist/server.d.ts +4 -7
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +217 -343
- package/dist/server.js.map +1 -1
- package/dist/storage/sqlite.js +1 -1
- package/dist/tools/create-artifact.d.ts +25 -0
- package/dist/tools/create-artifact.d.ts.map +1 -0
- package/dist/tools/create-artifact.js +85 -0
- package/dist/tools/create-artifact.js.map +1 -0
- package/dist/tools/delegate-subagent.d.ts +18 -0
- package/dist/tools/delegate-subagent.d.ts.map +1 -0
- package/dist/tools/delegate-subagent.js +50 -0
- package/dist/tools/delegate-subagent.js.map +1 -0
- package/dist/tools/disclose-claim.d.ts +14 -0
- package/dist/tools/disclose-claim.d.ts.map +1 -0
- package/dist/tools/disclose-claim.js +23 -0
- package/dist/tools/disclose-claim.js.map +1 -0
- package/dist/tools/export-bundle.d.ts +8 -0
- package/dist/tools/export-bundle.d.ts.map +1 -0
- package/dist/tools/export-bundle.js +25 -0
- package/dist/tools/export-bundle.js.map +1 -0
- package/dist/tools/full-lifecycle.d.ts +16 -0
- package/dist/tools/full-lifecycle.d.ts.map +1 -0
- package/dist/tools/full-lifecycle.js +121 -0
- package/dist/tools/full-lifecycle.js.map +1 -0
- package/dist/tools/generate-receipt.d.ts +16 -0
- package/dist/tools/generate-receipt.d.ts.map +1 -0
- package/dist/tools/generate-receipt.js +31 -0
- package/dist/tools/generate-receipt.js.map +1 -0
- package/dist/tools/get-chain.d.ts +14 -0
- package/dist/tools/get-chain.d.ts.map +1 -0
- package/dist/tools/get-chain.js +45 -0
- package/dist/tools/get-chain.js.map +1 -0
- package/dist/tools/get-portal-state.d.ts +8 -0
- package/dist/tools/get-portal-state.d.ts.map +1 -0
- package/dist/tools/get-portal-state.js +15 -0
- package/dist/tools/get-portal-state.js.map +1 -0
- package/dist/tools/init-chain.d.ts +10 -0
- package/dist/tools/init-chain.d.ts.map +1 -0
- package/dist/tools/init-chain.js +13 -0
- package/dist/tools/init-chain.js.map +1 -0
- package/dist/tools/measure-behavior.d.ts +12 -0
- package/dist/tools/measure-behavior.d.ts.map +1 -0
- package/dist/tools/measure-behavior.js +29 -0
- package/dist/tools/measure-behavior.js.map +1 -0
- package/dist/tools/measure-subject.d.ts +15 -0
- package/dist/tools/measure-subject.d.ts.map +1 -0
- package/dist/tools/measure-subject.js +106 -0
- package/dist/tools/measure-subject.js.map +1 -0
- package/dist/tools/quarantine-status.d.ts +8 -0
- package/dist/tools/quarantine-status.d.ts.map +1 -0
- package/dist/tools/quarantine-status.js +16 -0
- package/dist/tools/quarantine-status.js.map +1 -0
- package/dist/tools/revoke-artifact.d.ts +13 -0
- package/dist/tools/revoke-artifact.d.ts.map +1 -0
- package/dist/tools/revoke-artifact.js +24 -0
- package/dist/tools/revoke-artifact.js.map +1 -0
- package/dist/tools/rotate-keys.d.ts +13 -0
- package/dist/tools/rotate-keys.d.ts.map +1 -0
- package/dist/tools/rotate-keys.js +39 -0
- package/dist/tools/rotate-keys.js.map +1 -0
- package/dist/tools/server-info.d.ts +8 -0
- package/dist/tools/server-info.d.ts.map +1 -0
- package/dist/tools/server-info.js +24 -0
- package/dist/tools/server-info.js.map +1 -0
- package/dist/tools/set-verification-tier.d.ts +11 -0
- package/dist/tools/set-verification-tier.d.ts.map +1 -0
- package/dist/tools/set-verification-tier.js +31 -0
- package/dist/tools/set-verification-tier.js.map +1 -0
- package/dist/tools/start-monitoring.d.ts +12 -0
- package/dist/tools/start-monitoring.d.ts.map +1 -0
- package/dist/tools/start-monitoring.js +17 -0
- package/dist/tools/start-monitoring.js.map +1 -0
- package/dist/tools/trigger-measurement.d.ts +15 -0
- package/dist/tools/trigger-measurement.d.ts.map +1 -0
- package/dist/tools/trigger-measurement.js +86 -0
- package/dist/tools/trigger-measurement.js.map +1 -0
- package/dist/tools/verify-artifact.d.ts +13 -0
- package/dist/tools/verify-artifact.d.ts.map +1 -0
- package/dist/tools/verify-artifact.js +6 -0
- package/dist/tools/verify-artifact.js.map +1 -0
- package/dist/tools/verify-bundle.d.ts +13 -0
- package/dist/tools/verify-bundle.d.ts.map +1 -0
- package/dist/tools/verify-bundle.js +6 -0
- package/dist/tools/verify-bundle.js.map +1 -0
- package/dist/types.d.ts +262 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +9 -0
- package/dist/types.js.map +1 -0
- package/package.json +19 -3
- package/AGA_MCP_SERVER_SPEC.md +0 -632
- package/src/core/artifact.ts +0 -45
- package/src/core/attestation.ts +0 -33
- package/src/core/behavioral.ts +0 -132
- package/src/core/bundle.ts +0 -31
- package/src/core/chain.ts +0 -72
- package/src/core/checkpoint.ts +0 -22
- package/src/core/delegation.ts +0 -146
- package/src/core/disclosure.ts +0 -32
- package/src/core/index.ts +0 -11
- package/src/core/portal.ts +0 -96
- package/src/core/quarantine.ts +0 -16
- package/src/core/receipt.ts +0 -33
- package/src/core/subject.ts +0 -11
- package/src/core/types.ts +0 -244
- package/src/crypto/hash.ts +0 -33
- package/src/crypto/index.ts +0 -5
- package/src/crypto/merkle.ts +0 -43
- package/src/crypto/salt.ts +0 -18
- package/src/crypto/sign.ts +0 -35
- package/src/crypto/types.ts +0 -19
- package/src/index.ts +0 -12
- package/src/middleware/governance.ts +0 -95
- package/src/middleware/index.ts +0 -1
- package/src/server.ts +0 -436
- package/src/storage/index.ts +0 -3
- package/src/storage/interface.ts +0 -21
- package/src/storage/memory.ts +0 -27
- package/src/storage/sqlite.ts +0 -45
- package/src/tools/README.md +0 -13
- package/src/utils/canonical.ts +0 -14
- package/src/utils/constants.ts +0 -3
- package/src/utils/timestamp.ts +0 -12
- package/src/utils/uuid.ts +0 -2
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
import { verifyChainIntegrity } from '../core/chain.js';
|
|
2
|
+
const FILTER_MAP = {
|
|
3
|
+
behavioral: ['BEHAVIORAL_DRIFT'],
|
|
4
|
+
delegations: ['DELEGATION'],
|
|
5
|
+
receipts: ['INTERACTION_RECEIPT'],
|
|
6
|
+
revocations: ['REVOCATION'],
|
|
7
|
+
attestations: ['POLICY_ISSUANCE', 'RE_ATTESTATION', 'ATTESTATION'],
|
|
8
|
+
disclosure: ['DISCLOSURE', 'SUBSTITUTION'],
|
|
9
|
+
keys: ['KEY_ROTATION'],
|
|
10
|
+
};
|
|
11
|
+
export async function handleGetChain(args, ctx) {
|
|
12
|
+
let events = (args.start_seq !== undefined && args.end_seq !== undefined)
|
|
13
|
+
? await ctx.storage.getEvents(args.start_seq, args.end_seq)
|
|
14
|
+
: await ctx.storage.getAllEvents();
|
|
15
|
+
// Apply filter_type
|
|
16
|
+
if (args.filter_type && args.filter_type !== 'all') {
|
|
17
|
+
const allowedTypes = FILTER_MAP[args.filter_type];
|
|
18
|
+
if (allowedTypes) {
|
|
19
|
+
events = events.filter(e => allowedTypes.includes(e.event_type));
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
const result = {
|
|
23
|
+
count: events.length,
|
|
24
|
+
events: events.map(e => ({
|
|
25
|
+
sequence_number: e.sequence_number,
|
|
26
|
+
event_type: e.event_type,
|
|
27
|
+
event_id: e.event_id,
|
|
28
|
+
timestamp: e.timestamp,
|
|
29
|
+
leaf_hash: e.leaf_hash.slice(0, 16) + '...',
|
|
30
|
+
previous_leaf_hash: e.previous_leaf_hash ? e.previous_leaf_hash.slice(0, 16) + '...' : null,
|
|
31
|
+
payload_hash: e.payload_hash.slice(0, 16) + '...',
|
|
32
|
+
})),
|
|
33
|
+
};
|
|
34
|
+
if (args.verify) {
|
|
35
|
+
const allEvents = await ctx.storage.getAllEvents();
|
|
36
|
+
const integrity = verifyChainIntegrity(allEvents);
|
|
37
|
+
result.chain_valid = integrity.valid;
|
|
38
|
+
result.broken_at = integrity.brokenAt;
|
|
39
|
+
result.verification_error = integrity.error;
|
|
40
|
+
result.leaf_hash_formula = 'SHA-256(schema_version || protocol_version || event_type || event_id || sequence_number || timestamp || previous_leaf_hash) - PAYLOAD EXCLUDED';
|
|
41
|
+
result.event_signature_covers = 'COMPLETE event including payload';
|
|
42
|
+
}
|
|
43
|
+
return ctx.json(result);
|
|
44
|
+
}
|
|
45
|
+
//# sourceMappingURL=get-chain.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"get-chain.js","sourceRoot":"","sources":["../../src/tools/get-chain.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAUxD,MAAM,UAAU,GAA6B;IAC3C,UAAU,EAAE,CAAC,kBAAkB,CAAC;IAChC,WAAW,EAAE,CAAC,YAAY,CAAC;IAC3B,QAAQ,EAAE,CAAC,qBAAqB,CAAC;IACjC,WAAW,EAAE,CAAC,YAAY,CAAC;IAC3B,YAAY,EAAE,CAAC,iBAAiB,EAAE,gBAAgB,EAAE,aAAa,CAAC;IAClE,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;IAC1C,IAAI,EAAE,CAAC,cAAc,CAAC;CACvB,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,IAAkB,EAAE,GAAkB;IACzE,IAAI,MAAM,GAAG,CAAC,IAAI,CAAC,SAAS,KAAK,SAAS,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC;QACvE,CAAC,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC;QAC3D,CAAC,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;IAErC,oBAAoB;IACpB,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,WAAW,KAAK,KAAK,EAAE,CAAC;QACnD,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAClD,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAA4B;QACtC,KAAK,EAAE,MAAM,CAAC,MAAM;QACpB,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACvB,eAAe,EAAE,CAAC,CAAC,eAAe;YAClC,UAAU,EAAE,CAAC,CAAC,UAAU;YACxB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,SAAS,EAAE,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;YAC3C,kBAAkB,EAAE,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,CAAC,kBAAkB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI;YAC3F,YAAY,EAAE,CAAC,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;SAClD,CAAC,CAAC;KACJ,CAAC;IAEF,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,MAAM,SAAS,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;QACnD,MAAM,SAAS,GAAG,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAClD,MAAM,CAAC,WAAW,GAAG,SAAS,CAAC,KAAK,CAAC;QACrC,MAAM,CAAC,SAAS,GAAG,SAAS,CAAC,QAAQ,CAAC;QACtC,MAAM,CAAC,kBAAkB,GAAG,SAAS,CAAC,KAAK,CAAC;QAC5C,MAAM,CAAC,iBAAiB,GAAG,gJAAgJ,CAAC;QAC5K,MAAM,CAAC,sBAAsB,GAAG,kCAAkC,CAAC;IACrE,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { ServerContext } from '../context.js';
|
|
2
|
+
export declare function handleGetPortalState(_args: Record<string, never>, ctx: ServerContext): Promise<{
|
|
3
|
+
content: Array<{
|
|
4
|
+
type: "text";
|
|
5
|
+
text: string;
|
|
6
|
+
}>;
|
|
7
|
+
}>;
|
|
8
|
+
//# sourceMappingURL=get-portal-state.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"get-portal-state.d.ts","sourceRoot":"","sources":["../../src/tools/get-portal-state.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,EAAE,aAAa;;;;;GAa1F"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
export async function handleGetPortalState(_args, ctx) {
|
|
2
|
+
return ctx.json({
|
|
3
|
+
state: ctx.portal.state,
|
|
4
|
+
artifact_loaded: !!ctx.portal.artifact,
|
|
5
|
+
sealed_hash: ctx.portal.artifact?.sealed_hash ?? null,
|
|
6
|
+
ttl_seconds: ctx.portal.artifact?.enforcement_parameters.ttl_seconds ?? null,
|
|
7
|
+
issued_at: ctx.portal.artifact?.issued_timestamp ?? null,
|
|
8
|
+
enforcement_triggers: ctx.portal.artifact?.enforcement_parameters.enforcement_triggers ?? [],
|
|
9
|
+
sequence_counter: ctx.portal.sequenceCounter,
|
|
10
|
+
quarantine_active: ctx.quarantine?.active ?? false,
|
|
11
|
+
verification_tier: ctx.verificationTier,
|
|
12
|
+
measurement_count: ctx.measurementCount,
|
|
13
|
+
});
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=get-portal-state.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"get-portal-state.js","sourceRoot":"","sources":["../../src/tools/get-portal-state.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,KAA4B,EAAE,GAAkB;IACzF,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QACvB,eAAe,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ;QACtC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,WAAW,IAAI,IAAI;QACrD,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,sBAAsB,CAAC,WAAW,IAAI,IAAI;QAC5E,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,gBAAgB,IAAI,IAAI;QACxD,oBAAoB,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,EAAE,sBAAsB,CAAC,oBAAoB,IAAI,EAAE;QAC5F,gBAAgB,EAAE,GAAG,CAAC,MAAM,CAAC,eAAe;QAC5C,iBAAiB,EAAE,GAAG,CAAC,UAAU,EAAE,MAAM,IAAI,KAAK;QAClD,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;QACvC,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;KACxC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import type { ServerContext } from '../context.js';
|
|
2
|
+
export declare function handleInitChain(args: {
|
|
3
|
+
specification_hash?: string;
|
|
4
|
+
}, ctx: ServerContext): Promise<{
|
|
5
|
+
content: Array<{
|
|
6
|
+
type: "text";
|
|
7
|
+
text: string;
|
|
8
|
+
}>;
|
|
9
|
+
}>;
|
|
10
|
+
//# sourceMappingURL=init-chain.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"init-chain.d.ts","sourceRoot":"","sources":["../../src/tools/init-chain.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,wBAAsB,eAAe,CAAC,IAAI,EAAE;IAAE,kBAAkB,CAAC,EAAE,MAAM,CAAA;CAAE,EAAE,GAAG,EAAE,aAAa;;;;;GAQ9F"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import { sha256Str } from '../crypto/hash.js';
|
|
2
|
+
import { createGenesisEvent } from '../core/chain.js';
|
|
3
|
+
export async function handleInitChain(args, ctx) {
|
|
4
|
+
if (ctx.chainInitialized)
|
|
5
|
+
return ctx.error('Chain already initialized');
|
|
6
|
+
const genesis = createGenesisEvent(ctx.chainKP, args.specification_hash ?? sha256Str('AGA Protocol Specification v2.0.0'));
|
|
7
|
+
await ctx.storage.storeEvent(genesis);
|
|
8
|
+
ctx.chainInitialized = true;
|
|
9
|
+
ctx.portal.sequenceCounter = 0;
|
|
10
|
+
ctx.portal.lastLeafHash = genesis.leaf_hash;
|
|
11
|
+
return ctx.json({ success: true, genesis_event_id: genesis.event_id, genesis_leaf_hash: genesis.leaf_hash });
|
|
12
|
+
}
|
|
13
|
+
//# sourceMappingURL=init-chain.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"init-chain.js","sourceRoot":"","sources":["../../src/tools/init-chain.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAGtD,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,IAAqC,EAAE,GAAkB;IAC7F,IAAI,GAAG,CAAC,gBAAgB;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;IACxE,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,kBAAkB,IAAI,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;IAC3H,MAAM,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IACtC,GAAG,CAAC,gBAAgB,GAAG,IAAI,CAAC;IAC5B,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC,CAAC;IAC/B,GAAG,CAAC,MAAM,CAAC,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC;IAC5C,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,CAAC,QAAQ,EAAE,iBAAiB,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;AAC/G,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { ServerContext } from '../context.js';
|
|
2
|
+
export interface MeasureBehaviorArgs {
|
|
3
|
+
tool_name?: string;
|
|
4
|
+
record_only?: boolean;
|
|
5
|
+
}
|
|
6
|
+
export declare function handleMeasureBehavior(args: MeasureBehaviorArgs, ctx: ServerContext): Promise<{
|
|
7
|
+
content: Array<{
|
|
8
|
+
type: "text";
|
|
9
|
+
text: string;
|
|
10
|
+
}>;
|
|
11
|
+
}>;
|
|
12
|
+
//# sourceMappingURL=measure-behavior.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"measure-behavior.d.ts","sourceRoot":"","sources":["../../src/tools/measure-behavior.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,WAAW,mBAAmB;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,OAAO,CAAC;CACvB;AAED,wBAAsB,qBAAqB,CAAC,IAAI,EAAE,mBAAmB,EAAE,GAAG,EAAE,aAAa;;;;;GA4BxF"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { sha256Str } from '../crypto/hash.js';
|
|
2
|
+
export async function handleMeasureBehavior(args, ctx) {
|
|
3
|
+
// If a tool_name is provided, record the invocation first
|
|
4
|
+
if (args.tool_name) {
|
|
5
|
+
ctx.behavioralMonitor.recordInvocation(args.tool_name, sha256Str(args.tool_name));
|
|
6
|
+
}
|
|
7
|
+
// If record_only, just acknowledge the recording
|
|
8
|
+
if (args.record_only) {
|
|
9
|
+
return ctx.json({
|
|
10
|
+
success: true,
|
|
11
|
+
recorded: args.tool_name,
|
|
12
|
+
record_only: true,
|
|
13
|
+
});
|
|
14
|
+
}
|
|
15
|
+
// Measure behavioral patterns
|
|
16
|
+
const measurement = ctx.behavioralMonitor.measure();
|
|
17
|
+
if (measurement.drift_detected) {
|
|
18
|
+
await ctx.appendToChain('BEHAVIORAL_DRIFT', {
|
|
19
|
+
violations: measurement.violations,
|
|
20
|
+
behavioral_hash: measurement.behavioral_hash,
|
|
21
|
+
});
|
|
22
|
+
}
|
|
23
|
+
return ctx.json({
|
|
24
|
+
success: true,
|
|
25
|
+
...measurement,
|
|
26
|
+
violation_count: measurement.violations.length,
|
|
27
|
+
});
|
|
28
|
+
}
|
|
29
|
+
//# sourceMappingURL=measure-behavior.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"measure-behavior.js","sourceRoot":"","sources":["../../src/tools/measure-behavior.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAQ9C,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,IAAyB,EAAE,GAAkB;IACvF,0DAA0D;IAC1D,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;QACnB,GAAG,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IACpF,CAAC;IAED,iDAAiD;IACjD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,OAAO,GAAG,CAAC,IAAI,CAAC;YACd,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,IAAI,CAAC,SAAS;YACxB,WAAW,EAAE,IAAI;SAClB,CAAC,CAAC;IACL,CAAC;IAED,8BAA8B;IAC9B,MAAM,WAAW,GAAG,GAAG,CAAC,iBAAiB,CAAC,OAAO,EAAE,CAAC;IACpD,IAAI,WAAW,CAAC,cAAc,EAAE,CAAC;QAC/B,MAAM,GAAG,CAAC,aAAa,CAAC,kBAAkB,EAAE;YAC1C,UAAU,EAAE,WAAW,CAAC,UAAU;YAClC,eAAe,EAAE,WAAW,CAAC,eAAe;SAC7C,CAAC,CAAC;IACL,CAAC;IACD,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,GAAG,WAAW;QACd,eAAe,EAAE,WAAW,CAAC,UAAU,CAAC,MAAM;KAC/C,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import type { ServerContext } from '../context.js';
|
|
2
|
+
import type { SubjectMetadata } from '../core/types.js';
|
|
3
|
+
export interface MeasureSubjectArgs {
|
|
4
|
+
subject_content?: string;
|
|
5
|
+
subject_bytes_hash?: string;
|
|
6
|
+
subject_metadata_hash?: string;
|
|
7
|
+
subject_metadata?: SubjectMetadata;
|
|
8
|
+
}
|
|
9
|
+
export declare function handleMeasureSubject(args: MeasureSubjectArgs, ctx: ServerContext): Promise<{
|
|
10
|
+
content: Array<{
|
|
11
|
+
type: "text";
|
|
12
|
+
text: string;
|
|
13
|
+
}>;
|
|
14
|
+
}>;
|
|
15
|
+
//# sourceMappingURL=measure-subject.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"measure-subject.d.ts","sourceRoot":"","sources":["../../src/tools/measure-subject.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,KAAK,EAAE,eAAe,EAAqB,MAAM,kBAAkB,CAAC;AAE3E,MAAM,WAAW,kBAAkB;IACjC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,gBAAgB,CAAC,EAAE,eAAe,CAAC;CACpC;AAED,wBAAsB,oBAAoB,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,aAAa;;;;;GA0GtF"}
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
import { hashArtifact } from '../core/artifact.js';
|
|
2
|
+
import { generateReceipt } from '../core/receipt.js';
|
|
3
|
+
import { initQuarantine } from '../core/quarantine.js';
|
|
4
|
+
export async function handleMeasureSubject(args, ctx) {
|
|
5
|
+
if (!ctx.portal.artifact)
|
|
6
|
+
return ctx.error('No artifact loaded. Call aga_create_artifact first.');
|
|
7
|
+
if (ctx.portal.state === 'TERMINATED')
|
|
8
|
+
return ctx.error('Portal is terminated. Re-attest required.');
|
|
9
|
+
if (ctx.portal.state === 'SAFE_STATE')
|
|
10
|
+
return ctx.error('Portal is in safe state. Re-attest required.');
|
|
11
|
+
let currentBytesHash;
|
|
12
|
+
let currentMetaHash;
|
|
13
|
+
let match;
|
|
14
|
+
if (args.subject_bytes_hash) {
|
|
15
|
+
// Pre-computed hash mode
|
|
16
|
+
currentBytesHash = args.subject_bytes_hash;
|
|
17
|
+
currentMetaHash = args.subject_metadata_hash ?? ctx.portal.artifact.subject_identifier.metadata_hash;
|
|
18
|
+
match = currentBytesHash === ctx.portal.artifact.subject_identifier.bytes_hash &&
|
|
19
|
+
currentMetaHash === ctx.portal.artifact.subject_identifier.metadata_hash;
|
|
20
|
+
if (!match && ctx.portal.state === 'ACTIVE_MONITORING') {
|
|
21
|
+
ctx.portal.state = 'DRIFT_DETECTED';
|
|
22
|
+
}
|
|
23
|
+
}
|
|
24
|
+
else if (args.subject_content) {
|
|
25
|
+
// Content mode - use portal.measure()
|
|
26
|
+
const result = ctx.portal.measure(new TextEncoder().encode(args.subject_content), args.subject_metadata ?? {});
|
|
27
|
+
currentBytesHash = result.currentBytesHash;
|
|
28
|
+
currentMetaHash = result.currentMetaHash;
|
|
29
|
+
match = result.match;
|
|
30
|
+
if (!result.ttl_ok) {
|
|
31
|
+
ctx.measurementCount++;
|
|
32
|
+
const receipt = generateReceipt({
|
|
33
|
+
subjectId: ctx.portal.artifact.subject_identifier, artifactRef: hashArtifact(ctx.portal.artifact),
|
|
34
|
+
currentHash: 'UNAVAILABLE', sealedHash: `${result.expectedBytesHash}||${result.expectedMetaHash}`,
|
|
35
|
+
driftDetected: true, driftDescription: 'TTL expired - fail-closed termination', action: 'TERMINATE',
|
|
36
|
+
measurementType: ctx.portal.artifact.enforcement_parameters.measurement_types.join(','),
|
|
37
|
+
seq: ctx.portal.sequenceCounter + 1, prevLeaf: ctx.portal.lastLeafHash, portalKP: ctx.portalKP,
|
|
38
|
+
});
|
|
39
|
+
await ctx.storage.storeReceipt(receipt);
|
|
40
|
+
await ctx.appendToChain('INTERACTION_RECEIPT', { receipt_id: receipt.receipt_id, drift_detected: true, enforcement_action: 'TERMINATE' });
|
|
41
|
+
return ctx.json({ success: true, match: false, drift_detected: true, ttl_ok: false, revoked: false, enforcement_action: 'TERMINATE', portal_state: ctx.portal.state, receipt_id: receipt.receipt_id, measurement_count: ctx.measurementCount });
|
|
42
|
+
}
|
|
43
|
+
if (result.revoked) {
|
|
44
|
+
ctx.measurementCount++;
|
|
45
|
+
const receipt = generateReceipt({
|
|
46
|
+
subjectId: ctx.portal.artifact.subject_identifier, artifactRef: hashArtifact(ctx.portal.artifact),
|
|
47
|
+
currentHash: 'UNAVAILABLE', sealedHash: `${result.expectedBytesHash}||${result.expectedMetaHash}`,
|
|
48
|
+
driftDetected: true, driftDescription: 'Artifact revoked - fail-closed termination', action: 'TERMINATE',
|
|
49
|
+
measurementType: ctx.portal.artifact.enforcement_parameters.measurement_types.join(','),
|
|
50
|
+
seq: ctx.portal.sequenceCounter + 1, prevLeaf: ctx.portal.lastLeafHash, portalKP: ctx.portalKP,
|
|
51
|
+
});
|
|
52
|
+
await ctx.storage.storeReceipt(receipt);
|
|
53
|
+
await ctx.appendToChain('INTERACTION_RECEIPT', { receipt_id: receipt.receipt_id, drift_detected: true, enforcement_action: 'TERMINATE' });
|
|
54
|
+
return ctx.json({ success: true, match: false, drift_detected: true, ttl_ok: true, revoked: true, enforcement_action: 'TERMINATE', portal_state: ctx.portal.state, receipt_id: receipt.receipt_id, measurement_count: ctx.measurementCount });
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
else {
|
|
58
|
+
return ctx.error('Provide either subject_content or subject_bytes_hash');
|
|
59
|
+
}
|
|
60
|
+
const artRef = hashArtifact(ctx.portal.artifact);
|
|
61
|
+
const currentStr = `${currentBytesHash}||${currentMetaHash}`;
|
|
62
|
+
const sealedStr = `${ctx.portal.artifact.subject_identifier.bytes_hash}||${ctx.portal.artifact.subject_identifier.metadata_hash}`;
|
|
63
|
+
let action = null;
|
|
64
|
+
let driftDesc = null;
|
|
65
|
+
if (!match) {
|
|
66
|
+
driftDesc = 'Subject modified - hash mismatch';
|
|
67
|
+
action = ctx.portal.artifact.enforcement_parameters.enforcement_triggers[0] ?? 'ALERT_ONLY';
|
|
68
|
+
if (ctx.portal.state === 'DRIFT_DETECTED') {
|
|
69
|
+
ctx.portal.enforce(action);
|
|
70
|
+
}
|
|
71
|
+
if (action === 'QUARANTINE')
|
|
72
|
+
ctx.quarantine = initQuarantine();
|
|
73
|
+
}
|
|
74
|
+
ctx.measurementCount++;
|
|
75
|
+
const receipt = generateReceipt({
|
|
76
|
+
subjectId: ctx.portal.artifact.subject_identifier,
|
|
77
|
+
artifactRef: artRef,
|
|
78
|
+
currentHash: currentStr,
|
|
79
|
+
sealedHash: sealedStr,
|
|
80
|
+
driftDetected: !match,
|
|
81
|
+
driftDescription: driftDesc,
|
|
82
|
+
action,
|
|
83
|
+
measurementType: ctx.portal.artifact.enforcement_parameters.measurement_types.join(','),
|
|
84
|
+
seq: ctx.portal.sequenceCounter + 1,
|
|
85
|
+
prevLeaf: ctx.portal.lastLeafHash,
|
|
86
|
+
portalKP: ctx.portalKP,
|
|
87
|
+
});
|
|
88
|
+
await ctx.storage.storeReceipt(receipt);
|
|
89
|
+
await ctx.appendToChain('INTERACTION_RECEIPT', {
|
|
90
|
+
receipt_id: receipt.receipt_id,
|
|
91
|
+
drift_detected: !match,
|
|
92
|
+
enforcement_action: action,
|
|
93
|
+
});
|
|
94
|
+
return ctx.json({
|
|
95
|
+
success: true,
|
|
96
|
+
match,
|
|
97
|
+
drift_detected: !match,
|
|
98
|
+
ttl_ok: true,
|
|
99
|
+
revoked: false,
|
|
100
|
+
enforcement_action: action,
|
|
101
|
+
portal_state: ctx.portal.state,
|
|
102
|
+
receipt_id: receipt.receipt_id,
|
|
103
|
+
measurement_count: ctx.measurementCount,
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
//# sourceMappingURL=measure-subject.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"measure-subject.js","sourceRoot":"","sources":["../../src/tools/measure-subject.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAYvD,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,IAAwB,EAAE,GAAkB;IACrF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;IAClG,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,YAAY;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;IACrG,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,YAAY;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAExG,IAAI,gBAAwB,CAAC;IAC7B,IAAI,eAAuB,CAAC;IAC5B,IAAI,KAAc,CAAC;IAEnB,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAC5B,yBAAyB;QACzB,gBAAgB,GAAG,IAAI,CAAC,kBAAkB,CAAC;QAC3C,eAAe,GAAG,IAAI,CAAC,qBAAqB,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QACrG,KAAK,GAAG,gBAAgB,KAAK,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YACtE,eAAe,KAAK,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QACjF,IAAI,CAAC,KAAK,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,mBAAmB,EAAE,CAAC;YACtD,GAAG,CAAC,MAAc,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAC/C,CAAC;IACH,CAAC;SAAM,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;QAChC,sCAAsC;QACtC,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,CAC/B,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,EAC9C,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAC5B,CAAC;QACF,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAC;QAC3C,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;QACzC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QACrB,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,eAAe,CAAC;gBAC9B,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,EAAE,WAAW,EAAE,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC;gBACjG,WAAW,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC,iBAAiB,KAAK,MAAM,CAAC,gBAAgB,EAAE;gBACjG,aAAa,EAAE,IAAI,EAAE,gBAAgB,EAAE,uCAAuC,EAAE,MAAM,EAAE,WAAW;gBACnG,eAAe,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC;gBACvF,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC,EAAE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ;aAC/F,CAAC,CAAC;YACH,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM,GAAG,CAAC,aAAa,CAAC,qBAAqB,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,kBAAkB,EAAE,WAAW,EAAE,CAAC,CAAC;YAC1I,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,iBAAiB,EAAE,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAClP,CAAC;QACD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,GAAG,CAAC,gBAAgB,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,eAAe,CAAC;gBAC9B,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,EAAE,WAAW,EAAE,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC;gBACjG,WAAW,EAAE,aAAa,EAAE,UAAU,EAAE,GAAG,MAAM,CAAC,iBAAiB,KAAK,MAAM,CAAC,gBAAgB,EAAE;gBACjG,aAAa,EAAE,IAAI,EAAE,gBAAgB,EAAE,4CAA4C,EAAE,MAAM,EAAE,WAAW;gBACxG,eAAe,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC;gBACvF,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC,EAAE,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,QAAQ,EAAE,GAAG,CAAC,QAAQ;aAC/F,CAAC,CAAC;YACH,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM,GAAG,CAAC,aAAa,CAAC,qBAAqB,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,cAAc,EAAE,IAAI,EAAE,kBAAkB,EAAE,WAAW,EAAE,CAAC,CAAC;YAC1I,OAAO,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,kBAAkB,EAAE,WAAW,EAAE,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,iBAAiB,EAAE,GAAG,CAAC,gBAAgB,EAAE,CAAC,CAAC;QAChP,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,GAAG,CAAC,KAAK,CAAC,sDAAsD,CAAC,CAAC;IAC3E,CAAC;IAED,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,GAAG,gBAAgB,KAAK,eAAe,EAAE,CAAC;IAC7D,MAAM,SAAS,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU,KAAK,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;IAElI,IAAI,MAAM,GAA6B,IAAI,CAAC;IAC5C,IAAI,SAAS,GAAkB,IAAI,CAAC;IAEpC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,SAAS,GAAG,kCAAkC,CAAC;QAC/C,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,YAAY,CAAC;QAC5F,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,gBAAgB,EAAE,CAAC;YAC1C,GAAG,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC7B,CAAC;QACD,IAAI,MAAM,KAAK,YAAY;YAAE,GAAG,CAAC,UAAU,GAAG,cAAc,EAAE,CAAC;IACjE,CAAC;IAED,GAAG,CAAC,gBAAgB,EAAE,CAAC;IAEvB,MAAM,OAAO,GAAG,eAAe,CAAC;QAC9B,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,kBAAkB;QACjD,WAAW,EAAE,MAAM;QACnB,WAAW,EAAE,UAAU;QACvB,UAAU,EAAE,SAAS;QACrB,aAAa,EAAE,CAAC,KAAK;QACrB,gBAAgB,EAAE,SAAS;QAC3B,MAAM;QACN,eAAe,EAAE,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC;QACvF,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC;QACnC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,YAAY;QACjC,QAAQ,EAAE,GAAG,CAAC,QAAQ;KACvB,CAAC,CAAC;IACH,MAAM,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;IACxC,MAAM,GAAG,CAAC,aAAa,CAAC,qBAAqB,EAAE;QAC7C,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,cAAc,EAAE,CAAC,KAAK;QACtB,kBAAkB,EAAE,MAAM;KAC3B,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,KAAK;QACL,cAAc,EAAE,CAAC,KAAK;QACtB,MAAM,EAAE,IAAI;QACZ,OAAO,EAAE,KAAK;QACd,kBAAkB,EAAE,MAAM;QAC1B,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QAC9B,UAAU,EAAE,OAAO,CAAC,UAAU;QAC9B,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;KACxC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { ServerContext } from '../context.js';
|
|
2
|
+
export declare function handleQuarantineStatus(_args: Record<string, never>, ctx: ServerContext): Promise<{
|
|
3
|
+
content: Array<{
|
|
4
|
+
type: "text";
|
|
5
|
+
text: string;
|
|
6
|
+
}>;
|
|
7
|
+
}>;
|
|
8
|
+
//# sourceMappingURL=quarantine-status.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"quarantine-status.d.ts","sourceRoot":"","sources":["../../src/tools/quarantine-status.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,wBAAsB,sBAAsB,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,EAAE,aAAa;;;;;GAe5F"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
export async function handleQuarantineStatus(_args, ctx) {
|
|
2
|
+
if (ctx.portal.state !== 'PHANTOM_QUARANTINE' && !ctx.quarantine?.active) {
|
|
3
|
+
return ctx.error('Quarantine status unavailable - portal is not in quarantine state', {
|
|
4
|
+
portal_state: ctx.portal.state,
|
|
5
|
+
});
|
|
6
|
+
}
|
|
7
|
+
return ctx.json({
|
|
8
|
+
quarantine_active: ctx.quarantine?.active ?? false,
|
|
9
|
+
started_at: ctx.quarantine?.started_at ?? null,
|
|
10
|
+
inputs_captured: ctx.quarantine?.inputs_captured ?? 0,
|
|
11
|
+
outputs_severed: ctx.quarantine?.outputs_severed ?? false,
|
|
12
|
+
forensic_buffer_size: ctx.quarantine?.forensic_buffer.length ?? 0,
|
|
13
|
+
portal_state: ctx.portal.state,
|
|
14
|
+
});
|
|
15
|
+
}
|
|
16
|
+
//# sourceMappingURL=quarantine-status.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"quarantine-status.js","sourceRoot":"","sources":["../../src/tools/quarantine-status.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,KAA4B,EAAE,GAAkB;IAC3F,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,oBAAoB,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,CAAC;QACzE,OAAO,GAAG,CAAC,KAAK,CAAC,mEAAmE,EAAE;YACpF,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;SAC/B,CAAC,CAAC;IACL,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,iBAAiB,EAAE,GAAG,CAAC,UAAU,EAAE,MAAM,IAAI,KAAK;QAClD,UAAU,EAAE,GAAG,CAAC,UAAU,EAAE,UAAU,IAAI,IAAI;QAC9C,eAAe,EAAE,GAAG,CAAC,UAAU,EAAE,eAAe,IAAI,CAAC;QACrD,eAAe,EAAE,GAAG,CAAC,UAAU,EAAE,eAAe,IAAI,KAAK;QACzD,oBAAoB,EAAE,GAAG,CAAC,UAAU,EAAE,eAAe,CAAC,MAAM,IAAI,CAAC;QACjE,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;KAC/B,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import type { ServerContext } from '../context.js';
|
|
2
|
+
export interface RevokeArtifactArgs {
|
|
3
|
+
sealed_hash?: string;
|
|
4
|
+
reason: string;
|
|
5
|
+
transition_to?: 'TERMINATED' | 'SAFE_STATE';
|
|
6
|
+
}
|
|
7
|
+
export declare function handleRevokeArtifact(args: RevokeArtifactArgs, ctx: ServerContext): Promise<{
|
|
8
|
+
content: Array<{
|
|
9
|
+
type: "text";
|
|
10
|
+
text: string;
|
|
11
|
+
}>;
|
|
12
|
+
}>;
|
|
13
|
+
//# sourceMappingURL=revoke-artifact.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"revoke-artifact.d.ts","sourceRoot":"","sources":["../../src/tools/revoke-artifact.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGnD,MAAM,WAAW,kBAAkB;IACjC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,YAAY,GAAG,YAAY,CAAC;CAC7C;AAED,wBAAsB,oBAAoB,CAAC,IAAI,EAAE,kBAAkB,EAAE,GAAG,EAAE,aAAa;;;;;GAsBtF"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import { pkToHex } from '../crypto/sign.js';
|
|
2
|
+
import { utcNow } from '../utils/timestamp.js';
|
|
3
|
+
export async function handleRevokeArtifact(args, ctx) {
|
|
4
|
+
const sealedHash = args.sealed_hash ?? ctx.activeArtifact?.sealed_hash;
|
|
5
|
+
if (!sealedHash)
|
|
6
|
+
return ctx.error('No sealed_hash provided and no active artifact.');
|
|
7
|
+
const transition = args.transition_to ?? 'TERMINATED';
|
|
8
|
+
ctx.portal.revoke(sealedHash, transition);
|
|
9
|
+
const record = {
|
|
10
|
+
artifact_sealed_hash: sealedHash,
|
|
11
|
+
reason: args.reason,
|
|
12
|
+
revoked_by: pkToHex(ctx.issuerKP.publicKey),
|
|
13
|
+
timestamp: utcNow(),
|
|
14
|
+
};
|
|
15
|
+
await ctx.appendToChain('REVOCATION', { ...record, transition_to: transition });
|
|
16
|
+
return ctx.json({
|
|
17
|
+
success: true,
|
|
18
|
+
revoked: sealedHash,
|
|
19
|
+
portal_state: ctx.portal.state,
|
|
20
|
+
reason: args.reason,
|
|
21
|
+
transition_to: transition,
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=revoke-artifact.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"revoke-artifact.js","sourceRoot":"","sources":["../../src/tools/revoke-artifact.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC5C,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAU/C,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,IAAwB,EAAE,GAAkB;IACrF,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,IAAI,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC;IACvE,IAAI,CAAC,UAAU;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,iDAAiD,CAAC,CAAC;IAErF,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,IAAI,YAAY,CAAC;IACtD,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAqB;QAC/B,oBAAoB,EAAE,UAAU;QAChC,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;QAC3C,SAAS,EAAE,MAAM,EAAE;KACpB,CAAC;IACF,MAAM,GAAG,CAAC,aAAa,CAAC,YAAY,EAAE,EAAE,GAAG,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,CAAC,CAAC;IAEhF,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,UAAU;QACnB,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QAC9B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,aAAa,EAAE,UAAU;KAC1B,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import type { ServerContext } from '../context.js';
|
|
2
|
+
export interface RotateKeysArgs {
|
|
3
|
+
key_type?: 'issuer' | 'portal' | 'chain';
|
|
4
|
+
keypair?: 'issuer' | 'portal' | 'chain';
|
|
5
|
+
reason?: string;
|
|
6
|
+
}
|
|
7
|
+
export declare function handleRotateKeys(args: RotateKeysArgs, ctx: ServerContext): Promise<{
|
|
8
|
+
content: Array<{
|
|
9
|
+
type: "text";
|
|
10
|
+
text: string;
|
|
11
|
+
}>;
|
|
12
|
+
}>;
|
|
13
|
+
//# sourceMappingURL=rotate-keys.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rotate-keys.d.ts","sourceRoot":"","sources":["../../src/tools/rotate-keys.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAC;IACzC,OAAO,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,OAAO,CAAC;IACxC,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,wBAAsB,gBAAgB,CAAC,IAAI,EAAE,cAAc,EAAE,GAAG,EAAE,aAAa;;;;;GAsC9E"}
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import { rotateKeys } from '../core/identity.js';
|
|
2
|
+
export async function handleRotateKeys(args, ctx) {
|
|
3
|
+
const keyType = args.key_type ?? args.keypair;
|
|
4
|
+
if (!keyType)
|
|
5
|
+
return ctx.error('Provide key_type or keypair parameter.');
|
|
6
|
+
let result;
|
|
7
|
+
switch (keyType) {
|
|
8
|
+
case 'issuer':
|
|
9
|
+
result = rotateKeys(ctx.issuerKP);
|
|
10
|
+
ctx.issuerKP = result.newKeyPair;
|
|
11
|
+
break;
|
|
12
|
+
case 'portal':
|
|
13
|
+
result = rotateKeys(ctx.portalKP);
|
|
14
|
+
ctx.portalKP = result.newKeyPair;
|
|
15
|
+
break;
|
|
16
|
+
case 'chain':
|
|
17
|
+
result = rotateKeys(ctx.chainKP);
|
|
18
|
+
ctx.chainKP = result.newKeyPair;
|
|
19
|
+
break;
|
|
20
|
+
default:
|
|
21
|
+
return ctx.error(`Invalid key_type: ${keyType}. Must be issuer, portal, or chain.`);
|
|
22
|
+
}
|
|
23
|
+
await ctx.appendToChain('KEY_ROTATION', {
|
|
24
|
+
key_type: keyType,
|
|
25
|
+
old_public_key: result.oldPublicKeyHex,
|
|
26
|
+
new_public_key: result.newPublicKeyHex,
|
|
27
|
+
rotated_at: result.rotatedAt,
|
|
28
|
+
reason: args.reason ?? 'Key rotation',
|
|
29
|
+
});
|
|
30
|
+
return ctx.json({
|
|
31
|
+
success: true,
|
|
32
|
+
key_type: keyType,
|
|
33
|
+
old_public_key: result.oldPublicKeyHex,
|
|
34
|
+
new_public_key: result.newPublicKeyHex,
|
|
35
|
+
rotated_at: result.rotatedAt,
|
|
36
|
+
reason: args.reason,
|
|
37
|
+
});
|
|
38
|
+
}
|
|
39
|
+
//# sourceMappingURL=rotate-keys.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rotate-keys.js","sourceRoot":"","sources":["../../src/tools/rotate-keys.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AASjD,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,IAAoB,EAAE,GAAkB;IAC7E,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC;IAC9C,IAAI,CAAC,OAAO;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;IAEzE,IAAI,MAAM,CAAC;IACX,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,QAAQ;YACX,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACjC,GAAW,CAAC,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC;YAC1C,MAAM;QACR,KAAK,QAAQ;YACX,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACjC,GAAW,CAAC,QAAQ,GAAG,MAAM,CAAC,UAAU,CAAC;YAC1C,MAAM;QACR,KAAK,OAAO;YACV,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAChC,GAAW,CAAC,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC;YACzC,MAAM;QACR;YACE,OAAO,GAAG,CAAC,KAAK,CAAC,qBAAqB,OAAO,qCAAqC,CAAC,CAAC;IACxF,CAAC;IAED,MAAM,GAAG,CAAC,aAAa,CAAC,cAAc,EAAE;QACtC,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,MAAM,CAAC,eAAe;QACtC,cAAc,EAAE,MAAM,CAAC,eAAe;QACtC,UAAU,EAAE,MAAM,CAAC,SAAS;QAC5B,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,cAAc;KACtC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,OAAO;QACjB,cAAc,EAAE,MAAM,CAAC,eAAe;QACtC,cAAc,EAAE,MAAM,CAAC,eAAe;QACtC,UAAU,EAAE,MAAM,CAAC,SAAS;QAC5B,MAAM,EAAE,IAAI,CAAC,MAAM;KACpB,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"server-info.d.ts","sourceRoot":"","sources":["../../src/tools/server-info.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,wBAAsB,gBAAgB,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,GAAG,EAAE,aAAa;;;;;GAqBtF"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import { pkToHex } from '../crypto/sign.js';
|
|
2
|
+
export async function handleServerInfo(_args, ctx) {
|
|
3
|
+
return ctx.json({
|
|
4
|
+
server: 'AGA MCP Server',
|
|
5
|
+
version: '2.0.0',
|
|
6
|
+
protocol: 'Attested Governance Artifacts v2.0.0',
|
|
7
|
+
patent: 'USPTO Application No. 19/433,835',
|
|
8
|
+
nist_references: ['NIST-2025-0035', 'NCCoE AI Agent Identity'],
|
|
9
|
+
framework_alignment: {
|
|
10
|
+
spiffe: 'SPIFFE provides workload identity (SVID); AGA binds governance to workload intent',
|
|
11
|
+
nist_sp_800_57: 'Key management aligned with SP 800-57 recommendations',
|
|
12
|
+
nist_ai_rmf: 'AI Risk Management Framework: Govern, Map, Measure, Manage',
|
|
13
|
+
},
|
|
14
|
+
issuer_public_key: pkToHex(ctx.issuerKP.publicKey),
|
|
15
|
+
portal_public_key: pkToHex(ctx.portalKP.publicKey),
|
|
16
|
+
chain_public_key: pkToHex(ctx.chainKP.publicKey),
|
|
17
|
+
chain_initialized: ctx.chainInitialized,
|
|
18
|
+
portal_state: ctx.portal.state,
|
|
19
|
+
verification_tier: ctx.verificationTier,
|
|
20
|
+
measurement_count: ctx.measurementCount,
|
|
21
|
+
uptime_ms: Date.now() - Date.parse(ctx.startTime),
|
|
22
|
+
});
|
|
23
|
+
}
|
|
24
|
+
//# sourceMappingURL=server-info.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"server-info.js","sourceRoot":"","sources":["../../src/tools/server-info.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAG5C,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,KAA4B,EAAE,GAAkB;IACrF,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,MAAM,EAAE,gBAAgB;QACxB,OAAO,EAAE,OAAO;QAChB,QAAQ,EAAE,sCAAsC;QAChD,MAAM,EAAE,kCAAkC;QAC1C,eAAe,EAAE,CAAC,gBAAgB,EAAE,yBAAyB,CAAC;QAC9D,mBAAmB,EAAE;YACnB,MAAM,EAAE,mFAAmF;YAC3F,cAAc,EAAE,uDAAuD;YACvE,WAAW,EAAE,4DAA4D;SAC1E;QACD,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;QAClD,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC;QAClD,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC;QAChD,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;QACvC,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QAC9B,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;QACvC,iBAAiB,EAAE,GAAG,CAAC,gBAAgB;QACvC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC;KAClD,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import type { ServerContext } from '../context.js';
|
|
2
|
+
export interface SetVerificationTierArgs {
|
|
3
|
+
tier: 'BRONZE' | 'SILVER' | 'GOLD';
|
|
4
|
+
}
|
|
5
|
+
export declare function handleSetVerificationTier(args: SetVerificationTierArgs, ctx: ServerContext): Promise<{
|
|
6
|
+
content: Array<{
|
|
7
|
+
type: "text";
|
|
8
|
+
text: string;
|
|
9
|
+
}>;
|
|
10
|
+
}>;
|
|
11
|
+
//# sourceMappingURL=set-verification-tier.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"set-verification-tier.d.ts","sourceRoot":"","sources":["../../src/tools/set-verification-tier.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;CACpC;AAiBD,wBAAsB,yBAAyB,CAAC,IAAI,EAAE,uBAAuB,EAAE,GAAG,EAAE,aAAa;;;;;GAehG"}
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
const TIER_DESCRIPTIONS = {
|
|
2
|
+
BRONZE: {
|
|
3
|
+
description: 'Cryptographic signatures only - artifact and receipt verification via Ed25519',
|
|
4
|
+
trust_assumption: 'Trust that signing keys are not compromised',
|
|
5
|
+
},
|
|
6
|
+
SILVER: {
|
|
7
|
+
description: 'Signatures plus continuity chain verification - tamper-evident event linkage',
|
|
8
|
+
trust_assumption: 'Trust the chain operator plus key integrity',
|
|
9
|
+
},
|
|
10
|
+
GOLD: {
|
|
11
|
+
description: 'Full verification with blockchain-anchored Merkle proofs - offline-verifiable evidence bundles',
|
|
12
|
+
trust_assumption: 'Minimal trust - cryptographic proof anchored to immutable external ledger',
|
|
13
|
+
},
|
|
14
|
+
};
|
|
15
|
+
export async function handleSetVerificationTier(args, ctx) {
|
|
16
|
+
const validTiers = ['BRONZE', 'SILVER', 'GOLD'];
|
|
17
|
+
if (!validTiers.includes(args.tier)) {
|
|
18
|
+
return ctx.error(`Invalid tier: ${args.tier}. Must be BRONZE, SILVER, or GOLD.`);
|
|
19
|
+
}
|
|
20
|
+
const previousTier = ctx.verificationTier;
|
|
21
|
+
ctx.verificationTier = args.tier;
|
|
22
|
+
const info = TIER_DESCRIPTIONS[args.tier];
|
|
23
|
+
return ctx.json({
|
|
24
|
+
success: true,
|
|
25
|
+
previous_tier: previousTier,
|
|
26
|
+
current_tier: ctx.verificationTier,
|
|
27
|
+
description: info.description,
|
|
28
|
+
trust_assumption: info.trust_assumption,
|
|
29
|
+
});
|
|
30
|
+
}
|
|
31
|
+
//# sourceMappingURL=set-verification-tier.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"set-verification-tier.js","sourceRoot":"","sources":["../../src/tools/set-verification-tier.ts"],"names":[],"mappings":"AAMA,MAAM,iBAAiB,GAAsE;IAC3F,MAAM,EAAE;QACN,WAAW,EAAE,+EAA+E;QAC5F,gBAAgB,EAAE,6CAA6C;KAChE;IACD,MAAM,EAAE;QACN,WAAW,EAAE,8EAA8E;QAC3F,gBAAgB,EAAE,6CAA6C;KAChE;IACD,IAAI,EAAE;QACJ,WAAW,EAAE,gGAAgG;QAC7G,gBAAgB,EAAE,2EAA2E;KAC9F;CACF,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,IAA6B,EAAE,GAAkB;IAC/F,MAAM,UAAU,GAAG,CAAC,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAU,CAAC;IACzD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAW,CAAC,EAAE,CAAC;QAC3C,OAAO,GAAG,CAAC,KAAK,CAAC,iBAAiB,IAAI,CAAC,IAAI,oCAAoC,CAAC,CAAC;IACnF,CAAC;IACD,MAAM,YAAY,GAAG,GAAG,CAAC,gBAAgB,CAAC;IAC1C,GAAG,CAAC,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC;IACjC,MAAM,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1C,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,aAAa,EAAE,YAAY;QAC3B,YAAY,EAAE,GAAG,CAAC,gBAAgB;QAClC,WAAW,EAAE,IAAI,CAAC,WAAW;QAC7B,gBAAgB,EAAE,IAAI,CAAC,gBAAgB;KACxC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import type { ServerContext } from '../context.js';
|
|
2
|
+
import type { BehavioralBaseline } from '../core/behavioral.js';
|
|
3
|
+
export interface StartMonitoringArgs {
|
|
4
|
+
behavioral_baseline?: BehavioralBaseline;
|
|
5
|
+
}
|
|
6
|
+
export declare function handleStartMonitoring(args: StartMonitoringArgs, ctx: ServerContext): Promise<{
|
|
7
|
+
content: Array<{
|
|
8
|
+
type: "text";
|
|
9
|
+
text: string;
|
|
10
|
+
}>;
|
|
11
|
+
}>;
|
|
12
|
+
//# sourceMappingURL=start-monitoring.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"start-monitoring.d.ts","sourceRoot":"","sources":["../../src/tools/start-monitoring.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAEhE,MAAM,WAAW,mBAAmB;IAClC,mBAAmB,CAAC,EAAE,kBAAkB,CAAC;CAC1C;AAED,wBAAsB,qBAAqB,CAAC,IAAI,EAAE,mBAAmB,EAAE,GAAG,EAAE,aAAa;;;;;GAexF"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
export async function handleStartMonitoring(args, ctx) {
|
|
2
|
+
if (!ctx.portal.artifact)
|
|
3
|
+
return ctx.error('No artifact loaded. Call aga_create_artifact first.');
|
|
4
|
+
if (ctx.portal.state !== 'ACTIVE_MONITORING')
|
|
5
|
+
return ctx.error(`Cannot start monitoring in state ${ctx.portal.state}`);
|
|
6
|
+
ctx.behavioralMonitor.reset();
|
|
7
|
+
if (args.behavioral_baseline) {
|
|
8
|
+
ctx.behavioralMonitor.setBaseline(args.behavioral_baseline);
|
|
9
|
+
}
|
|
10
|
+
return ctx.json({
|
|
11
|
+
success: true,
|
|
12
|
+
portal_state: ctx.portal.state,
|
|
13
|
+
monitoring_active: true,
|
|
14
|
+
baseline_set: !!args.behavioral_baseline,
|
|
15
|
+
});
|
|
16
|
+
}
|
|
17
|
+
//# sourceMappingURL=start-monitoring.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"start-monitoring.js","sourceRoot":"","sources":["../../src/tools/start-monitoring.ts"],"names":[],"mappings":"AAOA,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,IAAyB,EAAE,GAAkB;IACvF,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;IAClG,IAAI,GAAG,CAAC,MAAM,CAAC,KAAK,KAAK,mBAAmB;QAAE,OAAO,GAAG,CAAC,KAAK,CAAC,oCAAoC,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;IAEvH,GAAG,CAAC,iBAAiB,CAAC,KAAK,EAAE,CAAC;IAC9B,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;QAC7B,GAAG,CAAC,iBAAiB,CAAC,WAAW,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC9D,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,CAAC;QACd,OAAO,EAAE,IAAI;QACb,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK;QAC9B,iBAAiB,EAAE,IAAI;QACvB,YAAY,EAAE,CAAC,CAAC,IAAI,CAAC,mBAAmB;KACzC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import type { ServerContext } from '../context.js';
|
|
2
|
+
export interface TriggerMeasurementArgs {
|
|
3
|
+
subject_content?: string;
|
|
4
|
+
subject_bytes_hash?: string;
|
|
5
|
+
subject_metadata_hash?: string;
|
|
6
|
+
measurement_type?: string;
|
|
7
|
+
subject_metadata?: Record<string, string>;
|
|
8
|
+
}
|
|
9
|
+
export declare function handleTriggerMeasurement(args: TriggerMeasurementArgs, ctx: ServerContext): Promise<{
|
|
10
|
+
content: Array<{
|
|
11
|
+
type: "text";
|
|
12
|
+
text: string;
|
|
13
|
+
}>;
|
|
14
|
+
}>;
|
|
15
|
+
//# sourceMappingURL=trigger-measurement.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"trigger-measurement.d.ts","sourceRoot":"","sources":["../../src/tools/trigger-measurement.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGnD,MAAM,WAAW,sBAAsB;IACrC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C;AAED,wBAAsB,wBAAwB,CAAC,IAAI,EAAE,sBAAsB,EAAE,GAAG,EAAE,aAAa;;;;;GA2E9F"}
|