@attested-intelligence/aga-mcp-server 0.1.1 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +106 -24
- package/dist/context.d.ts +39 -0
- package/dist/context.d.ts.map +1 -0
- package/dist/context.js +113 -0
- package/dist/context.js.map +1 -0
- package/dist/core/identity.d.ts +14 -0
- package/dist/core/identity.d.ts.map +1 -0
- package/dist/core/identity.js +16 -0
- package/dist/core/identity.js.map +1 -0
- package/dist/core/index.d.ts +3 -0
- package/dist/core/index.d.ts.map +1 -1
- package/dist/core/index.js +3 -0
- package/dist/core/index.js.map +1 -1
- package/dist/core/measurement.d.ts +16 -0
- package/dist/core/measurement.d.ts.map +1 -0
- package/dist/core/measurement.js +18 -0
- package/dist/core/measurement.js.map +1 -0
- package/dist/core/portal.d.ts +1 -1
- package/dist/core/portal.d.ts.map +1 -1
- package/dist/core/portal.js +10 -5
- package/dist/core/portal.js.map +1 -1
- package/dist/core/types.d.ts +2 -3
- package/dist/core/types.d.ts.map +1 -1
- package/dist/crypto/canonicalize.d.ts +7 -0
- package/dist/crypto/canonicalize.d.ts.map +1 -0
- package/dist/crypto/canonicalize.js +21 -0
- package/dist/crypto/canonicalize.js.map +1 -0
- package/dist/crypto/hash.d.ts +1 -1
- package/dist/crypto/hash.d.ts.map +1 -1
- package/dist/crypto/hash.js +1 -1
- package/dist/crypto/hash.js.map +1 -1
- package/dist/crypto/index.d.ts +6 -5
- package/dist/crypto/index.d.ts.map +1 -1
- package/dist/crypto/index.js +6 -5
- package/dist/crypto/index.js.map +1 -1
- package/dist/crypto/keys.d.ts +10 -0
- package/dist/crypto/keys.d.ts.map +1 -0
- package/dist/crypto/keys.js +19 -0
- package/dist/crypto/keys.js.map +1 -0
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/middleware/governance.d.ts +1 -7
- package/dist/middleware/governance.d.ts.map +1 -1
- package/dist/middleware/governance.js +11 -18
- package/dist/middleware/governance.js.map +1 -1
- package/dist/prompts/drift-analysis.d.ts +13 -0
- package/dist/prompts/drift-analysis.d.ts.map +1 -0
- package/dist/prompts/drift-analysis.js +43 -0
- package/dist/prompts/drift-analysis.js.map +1 -0
- package/dist/prompts/governance-report.d.ts +7 -0
- package/dist/prompts/governance-report.d.ts.map +1 -0
- package/dist/prompts/governance-report.js +26 -0
- package/dist/prompts/governance-report.js.map +1 -0
- package/dist/prompts/nccoe-demo.d.ts +14 -0
- package/dist/prompts/nccoe-demo.d.ts.map +1 -0
- package/dist/prompts/nccoe-demo.js +47 -0
- package/dist/prompts/nccoe-demo.js.map +1 -0
- package/dist/resources/cosai-mapping.d.ts +24 -0
- package/dist/resources/cosai-mapping.d.ts.map +1 -0
- package/dist/resources/cosai-mapping.js +127 -0
- package/dist/resources/cosai-mapping.js.map +1 -0
- package/dist/resources/crypto-primitives.d.ts +3 -0
- package/dist/resources/crypto-primitives.d.ts.map +1 -0
- package/dist/resources/crypto-primitives.js +52 -0
- package/dist/resources/crypto-primitives.js.map +1 -0
- package/dist/resources/sample-bundle.d.ts +6 -0
- package/dist/resources/sample-bundle.d.ts.map +1 -0
- package/dist/resources/sample-bundle.js +58 -0
- package/dist/resources/sample-bundle.js.map +1 -0
- package/dist/resources/specification.d.ts +3 -0
- package/dist/resources/specification.d.ts.map +1 -0
- package/dist/resources/specification.js +161 -0
- package/dist/resources/specification.js.map +1 -0
- package/dist/server.d.ts +3 -7
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +214 -343
- package/dist/server.js.map +1 -1
- package/dist/storage/sqlite.js +1 -1
- package/dist/tools/create-artifact.d.ts +25 -0
- package/dist/tools/create-artifact.d.ts.map +1 -0
- package/dist/tools/create-artifact.js +85 -0
- package/dist/tools/create-artifact.js.map +1 -0
- package/dist/tools/delegate-subagent.d.ts +18 -0
- package/dist/tools/delegate-subagent.d.ts.map +1 -0
- package/dist/tools/delegate-subagent.js +50 -0
- package/dist/tools/delegate-subagent.js.map +1 -0
- package/dist/tools/disclose-claim.d.ts +14 -0
- package/dist/tools/disclose-claim.d.ts.map +1 -0
- package/dist/tools/disclose-claim.js +23 -0
- package/dist/tools/disclose-claim.js.map +1 -0
- package/dist/tools/export-bundle.d.ts +8 -0
- package/dist/tools/export-bundle.d.ts.map +1 -0
- package/dist/tools/export-bundle.js +25 -0
- package/dist/tools/export-bundle.js.map +1 -0
- package/dist/tools/full-lifecycle.d.ts +16 -0
- package/dist/tools/full-lifecycle.d.ts.map +1 -0
- package/dist/tools/full-lifecycle.js +121 -0
- package/dist/tools/full-lifecycle.js.map +1 -0
- package/dist/tools/generate-receipt.d.ts +16 -0
- package/dist/tools/generate-receipt.d.ts.map +1 -0
- package/dist/tools/generate-receipt.js +31 -0
- package/dist/tools/generate-receipt.js.map +1 -0
- package/dist/tools/get-chain.d.ts +14 -0
- package/dist/tools/get-chain.d.ts.map +1 -0
- package/dist/tools/get-chain.js +45 -0
- package/dist/tools/get-chain.js.map +1 -0
- package/dist/tools/get-portal-state.d.ts +8 -0
- package/dist/tools/get-portal-state.d.ts.map +1 -0
- package/dist/tools/get-portal-state.js +15 -0
- package/dist/tools/get-portal-state.js.map +1 -0
- package/dist/tools/init-chain.d.ts +10 -0
- package/dist/tools/init-chain.d.ts.map +1 -0
- package/dist/tools/init-chain.js +13 -0
- package/dist/tools/init-chain.js.map +1 -0
- package/dist/tools/measure-behavior.d.ts +12 -0
- package/dist/tools/measure-behavior.d.ts.map +1 -0
- package/dist/tools/measure-behavior.js +29 -0
- package/dist/tools/measure-behavior.js.map +1 -0
- package/dist/tools/measure-subject.d.ts +15 -0
- package/dist/tools/measure-subject.d.ts.map +1 -0
- package/dist/tools/measure-subject.js +106 -0
- package/dist/tools/measure-subject.js.map +1 -0
- package/dist/tools/quarantine-status.d.ts +8 -0
- package/dist/tools/quarantine-status.d.ts.map +1 -0
- package/dist/tools/quarantine-status.js +16 -0
- package/dist/tools/quarantine-status.js.map +1 -0
- package/dist/tools/revoke-artifact.d.ts +13 -0
- package/dist/tools/revoke-artifact.d.ts.map +1 -0
- package/dist/tools/revoke-artifact.js +24 -0
- package/dist/tools/revoke-artifact.js.map +1 -0
- package/dist/tools/rotate-keys.d.ts +13 -0
- package/dist/tools/rotate-keys.d.ts.map +1 -0
- package/dist/tools/rotate-keys.js +39 -0
- package/dist/tools/rotate-keys.js.map +1 -0
- package/dist/tools/server-info.d.ts +8 -0
- package/dist/tools/server-info.d.ts.map +1 -0
- package/dist/tools/server-info.js +23 -0
- package/dist/tools/server-info.js.map +1 -0
- package/dist/tools/set-verification-tier.d.ts +11 -0
- package/dist/tools/set-verification-tier.d.ts.map +1 -0
- package/dist/tools/set-verification-tier.js +31 -0
- package/dist/tools/set-verification-tier.js.map +1 -0
- package/dist/tools/start-monitoring.d.ts +12 -0
- package/dist/tools/start-monitoring.d.ts.map +1 -0
- package/dist/tools/start-monitoring.js +17 -0
- package/dist/tools/start-monitoring.js.map +1 -0
- package/dist/tools/trigger-measurement.d.ts +15 -0
- package/dist/tools/trigger-measurement.d.ts.map +1 -0
- package/dist/tools/trigger-measurement.js +86 -0
- package/dist/tools/trigger-measurement.js.map +1 -0
- package/dist/tools/verify-artifact.d.ts +13 -0
- package/dist/tools/verify-artifact.d.ts.map +1 -0
- package/dist/tools/verify-artifact.js +6 -0
- package/dist/tools/verify-artifact.js.map +1 -0
- package/dist/tools/verify-bundle.d.ts +13 -0
- package/dist/tools/verify-bundle.d.ts.map +1 -0
- package/dist/tools/verify-bundle.js +6 -0
- package/dist/tools/verify-bundle.js.map +1 -0
- package/dist/types.d.ts +261 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +8 -0
- package/dist/types.js.map +1 -0
- package/package.json +18 -3
- package/AGA_MCP_SERVER_SPEC.md +0 -632
- package/src/core/artifact.ts +0 -45
- package/src/core/attestation.ts +0 -33
- package/src/core/behavioral.ts +0 -132
- package/src/core/bundle.ts +0 -31
- package/src/core/chain.ts +0 -72
- package/src/core/checkpoint.ts +0 -22
- package/src/core/delegation.ts +0 -146
- package/src/core/disclosure.ts +0 -32
- package/src/core/index.ts +0 -11
- package/src/core/portal.ts +0 -96
- package/src/core/quarantine.ts +0 -16
- package/src/core/receipt.ts +0 -33
- package/src/core/subject.ts +0 -11
- package/src/core/types.ts +0 -244
- package/src/crypto/hash.ts +0 -33
- package/src/crypto/index.ts +0 -5
- package/src/crypto/merkle.ts +0 -43
- package/src/crypto/salt.ts +0 -18
- package/src/crypto/sign.ts +0 -35
- package/src/crypto/types.ts +0 -19
- package/src/index.ts +0 -12
- package/src/middleware/governance.ts +0 -95
- package/src/middleware/index.ts +0 -1
- package/src/server.ts +0 -436
- package/src/storage/index.ts +0 -3
- package/src/storage/interface.ts +0 -21
- package/src/storage/memory.ts +0 -27
- package/src/storage/sqlite.ts +0 -45
- package/src/tools/README.md +0 -13
- package/src/utils/canonical.ts +0 -14
- package/src/utils/constants.ts +0 -3
- package/src/utils/timestamp.ts +0 -12
- package/src/utils/uuid.ts +0 -2
package/README.md
CHANGED
|
@@ -1,42 +1,124 @@
|
|
|
1
|
-
# @attested-intelligence/aga-mcp-server
|
|
1
|
+
# @attested-intelligence/aga-mcp-server v2.0.0
|
|
2
2
|
|
|
3
|
-
MCP server
|
|
3
|
+
[](https://lobehub.com/mcp/attested-intelligence-aga-mcp-server)
|
|
4
4
|
|
|
5
|
-
|
|
6
|
-
**Referenced in:** NIST-2025-0035, NCCoE AI Agent Identity and Authorization
|
|
5
|
+
MCP server implementing the Attested Governance Artifact (AGA) protocol - cryptographic compliance enforcement for autonomous AI systems.
|
|
7
6
|
|
|
8
7
|
## What It Does
|
|
9
8
|
|
|
10
|
-
This server acts as a **Portal** (
|
|
9
|
+
This server acts as a **Portal** (zero-trust Policy Enforcement Point) for AI agents. Every tool call is attested, measured against a sealed cryptographic reference, and logged to a tamper-evident continuity chain with signed receipts.
|
|
11
10
|
|
|
12
|
-
|
|
11
|
+
**20 tools, 3 resources, 3 prompts, 159 tests**
|
|
12
|
+
|
|
13
|
+
## 20 MCP Tools
|
|
14
|
+
|
|
15
|
+
| # | Tool | Description |
|
|
16
|
+
| --- | --- | --- |
|
|
17
|
+
| 1 | `aga_server_info` | Server identity, keys, portal state, framework alignment |
|
|
18
|
+
| 2 | `aga_init_chain` | Initialize continuity chain with genesis event |
|
|
19
|
+
| 3 | `aga_create_artifact` | Attest subject, generate sealed Policy Artifact |
|
|
20
|
+
| 4 | `aga_measure_subject` | Measure subject, compare to sealed ref, generate receipt |
|
|
21
|
+
| 5 | `aga_verify_artifact` | Verify artifact signature against issuer key |
|
|
22
|
+
| 6 | `aga_start_monitoring` | Start/restart behavioral monitoring with baseline |
|
|
23
|
+
| 7 | `aga_get_portal_state` | Current portal enforcement state and TTL |
|
|
24
|
+
| 8 | `aga_trigger_measurement` | Trigger measurement with specific type |
|
|
25
|
+
| 9 | `aga_generate_receipt` | Generate signed measurement receipt manually |
|
|
26
|
+
| 10 | `aga_export_bundle` | Package artifact + receipts + Merkle proofs |
|
|
27
|
+
| 11 | `aga_verify_bundle` | 4-step offline bundle verification |
|
|
28
|
+
| 12 | `aga_disclose_claim` | Privacy-preserving disclosure with auto-substitution |
|
|
29
|
+
| 13 | `aga_get_chain` | Get chain events with optional integrity verification |
|
|
30
|
+
| 14 | `aga_quarantine_status` | Quarantine state and forensic capture status |
|
|
31
|
+
| 15 | `aga_revoke_artifact` | Mid-session artifact revocation |
|
|
32
|
+
| 16 | `aga_set_verification_tier` | Set verification tier (BRONZE/SILVER/GOLD) |
|
|
33
|
+
| 17 | `aga_demonstrate_lifecycle` | Full lifecycle: attest, measure, checkpoint, verify |
|
|
34
|
+
| 18 | `aga_measure_behavior` | Behavioral drift detection (tool patterns) |
|
|
35
|
+
| 19 | `aga_delegate_to_subagent` | Constrained sub-agent delegation (scope only diminishes) |
|
|
36
|
+
| 20 | `aga_rotate_keys` | Key rotation with chain event |
|
|
37
|
+
|
|
38
|
+
## 3 Resources
|
|
39
|
+
|
|
40
|
+
| Resource | URI | Description |
|
|
41
|
+
| --- | --- | --- |
|
|
42
|
+
| Protocol Spec | `aga://specification/protocol-v2` | Full protocol specification with SPIFFE alignment |
|
|
43
|
+
| Sample Bundle | `aga://resources/sample-bundle` | Sample evidence bundle documentation |
|
|
44
|
+
| Crypto Primitives | `aga://resources/crypto-primitives` | Cryptographic primitives documentation |
|
|
45
|
+
|
|
46
|
+
## 3 Prompts
|
|
47
|
+
|
|
48
|
+
| Prompt | Description |
|
|
49
|
+
|--------|-------------|
|
|
50
|
+
| `nccoe-demo` | 4-phase NCCoE lab demo with behavioral drift |
|
|
51
|
+
| `governance-report` | Session governance summary report |
|
|
52
|
+
| `drift-analysis` | Drift event analysis and remediation |
|
|
53
|
+
|
|
54
|
+
## CoSAI MCP Security Threat Coverage
|
|
55
|
+
|
|
56
|
+
The AGA MCP Server addresses all 12 threat categories identified in the
|
|
57
|
+
[CoSAI MCP Security whitepaper](https://github.com/cosai-oasis/ws4-secure-design-agentic-systems/blob/main/model-context-protocol-security.md)
|
|
58
|
+
(Coalition for Secure AI / OASIS, January 2026).
|
|
59
|
+
|
|
60
|
+
| CoSAI Category | Threat Domain | AGA Governance Mechanism |
|
|
13
61
|
|---|---|---|
|
|
14
|
-
|
|
|
15
|
-
|
|
|
16
|
-
|
|
|
17
|
-
|
|
|
18
|
-
|
|
|
19
|
-
|
|
|
20
|
-
|
|
|
21
|
-
|
|
|
22
|
-
|
|
|
23
|
-
|
|
|
24
|
-
|
|
|
25
|
-
|
|
|
26
|
-
|
|
62
|
+
| T1: Improper Authentication | Identity & Access | Ed25519 artifact signatures, pinned issuer keys, TTL re-attestation, key rotation chain events |
|
|
63
|
+
| T2: Missing Access Control | Identity & Access | Portal as mandatory enforcement boundary, sealed constraints, delegation with scope diminishment |
|
|
64
|
+
| T3: Input Validation Failures | Input Handling | Runtime measurement against sealed reference, behavioral drift detection |
|
|
65
|
+
| T4: Data/Control Boundary Failures | Input Handling | Behavioral baseline (permitted tools, forbidden sequences, rate limits), phantom execution forensics |
|
|
66
|
+
| T5: Inadequate Data Protection | Data & Code | Salted commitments, privacy-preserving disclosure with substitution, inference risk prevention |
|
|
67
|
+
| T6: Missing Integrity Controls | Data & Code | Content-addressable hash binding, 10 measurement embodiments, continuous runtime verification |
|
|
68
|
+
| T7: Session/Transport Security | Network & Transport | TTL-based artifact expiration, fail-closed on expiry, mid-session revocation, Ed25519 signed receipts |
|
|
69
|
+
| T8: Network Isolation Failures | Network & Transport | Two-process architecture, agent holds no credentials, NETWORK_ISOLATE enforcement action |
|
|
70
|
+
| T9: Trust Boundary Failures | Trust & Design | Enforcement pre-committed by human authorities in sealed artifact, not delegated to LLM |
|
|
71
|
+
| T10: Resource Management | Trust & Design | Per-tool rate limits in behavioral baseline, configurable measurement cadence (10ms to 3600s) |
|
|
72
|
+
| T11: Supply Chain Failures | Operational | Content-addressable hashing at attestation, runtime hash comparison blocks modified components |
|
|
73
|
+
| T12: Insufficient Observability | Operational | Signed receipts, tamper-evident continuity chain, Merkle anchoring, offline evidence bundles |
|
|
74
|
+
|
|
75
|
+
Full mapping details available via the `aga://specification` resource.
|
|
27
76
|
|
|
28
77
|
## Quick Start
|
|
29
78
|
|
|
30
|
-
|
|
79
|
+
```bash
|
|
80
|
+
npm install && npm run build && npm test
|
|
81
|
+
```
|
|
31
82
|
|
|
32
|
-
## Connect to
|
|
83
|
+
## Connect to an MCP Client
|
|
33
84
|
|
|
34
|
-
Add to
|
|
85
|
+
Add to your MCP client config:
|
|
86
|
+
|
|
87
|
+
```json
|
|
35
88
|
{
|
|
36
89
|
"mcpServers": {
|
|
37
|
-
"aga": { "command": "node", "args": ["/path/to/dist/index.js"] }
|
|
90
|
+
"aga": { "command": "node", "args": ["/path/to/aga-mcp-server/dist/index.js"] }
|
|
38
91
|
}
|
|
39
92
|
}
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
## Architecture
|
|
96
|
+
|
|
97
|
+
```
|
|
98
|
+
MCP Client
|
|
99
|
+
│ JSON-RPC over stdio
|
|
100
|
+
▼
|
|
101
|
+
src/server.ts - 20 tools + 3 resources + 3 prompts
|
|
102
|
+
│
|
|
103
|
+
├── src/tools/ 20 individual tool handlers
|
|
104
|
+
├── src/core/ Protocol logic (artifact, chain, portal, etc.)
|
|
105
|
+
├── src/crypto/ Ed25519 + SHA-256 + Merkle + canonical JSON
|
|
106
|
+
├── src/middleware/ Zero-trust governance PEP
|
|
107
|
+
├── src/storage/ In-memory + optional SQLite
|
|
108
|
+
├── src/resources/ Protocol docs + crypto primitives
|
|
109
|
+
└── src/prompts/ Demo + report + analysis prompts
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
## Test Coverage
|
|
113
|
+
|
|
114
|
+
| Suite | Tests | What |
|
|
115
|
+
|-------|-------|------|
|
|
116
|
+
| Crypto | 33 | SHA-256, Ed25519, Merkle, salt, canonical, keys |
|
|
117
|
+
| Core | 56 | Artifact, chain, portal, governance, behavioral, delegation, privacy, revocation, fail-closed |
|
|
118
|
+
| Tools | 25 | All 20 tool handlers |
|
|
119
|
+
| Integration | 38 | Bundle tamper, lifecycle, performance, NCCoE demo, crucible compatibility |
|
|
120
|
+
| **Total** | **159** | |
|
|
40
121
|
|
|
41
122
|
## License
|
|
42
|
-
|
|
123
|
+
|
|
124
|
+
MIT - Attested Intelligence Holdings LLC
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
import { Portal } from './core/portal.js';
|
|
2
|
+
import { BehavioralMonitor as BehavioralMonitorImpl } from './core/behavioral.js';
|
|
3
|
+
import type { AGAStorage } from './storage/interface.js';
|
|
4
|
+
import type { KeyPair, QuarantineState, ContinuityEvent, VerificationTier, ClaimsTaxonomy, DelegationRecord, PolicyArtifact, DisclosurePolicy } from './types.js';
|
|
5
|
+
import type { EventType } from './core/types.js';
|
|
6
|
+
export interface ServerContext {
|
|
7
|
+
issuerKP: KeyPair;
|
|
8
|
+
portalKP: KeyPair;
|
|
9
|
+
chainKP: KeyPair;
|
|
10
|
+
portal: Portal;
|
|
11
|
+
storage: AGAStorage;
|
|
12
|
+
chainInitialized: boolean;
|
|
13
|
+
activeArtifact: PolicyArtifact | null;
|
|
14
|
+
quarantine: QuarantineState | null;
|
|
15
|
+
behavioralMonitor: BehavioralMonitorImpl;
|
|
16
|
+
measurementCount: number;
|
|
17
|
+
verificationTier: VerificationTier;
|
|
18
|
+
startTime: string;
|
|
19
|
+
claimsTaxonomy: ClaimsTaxonomy;
|
|
20
|
+
delegations: DelegationRecord[];
|
|
21
|
+
defaultEnforcement: import('./types.js').EnforcementParams;
|
|
22
|
+
defaultClaims: DisclosurePolicy;
|
|
23
|
+
claimValues: Record<string, unknown>;
|
|
24
|
+
appendToChain(type: EventType, payload: unknown): Promise<ContinuityEvent>;
|
|
25
|
+
json(x: unknown): {
|
|
26
|
+
content: Array<{
|
|
27
|
+
type: 'text';
|
|
28
|
+
text: string;
|
|
29
|
+
}>;
|
|
30
|
+
};
|
|
31
|
+
error(msg: string, extra?: Record<string, unknown>): {
|
|
32
|
+
content: Array<{
|
|
33
|
+
type: 'text';
|
|
34
|
+
text: string;
|
|
35
|
+
}>;
|
|
36
|
+
};
|
|
37
|
+
}
|
|
38
|
+
export declare function createContext(): Promise<ServerContext>;
|
|
39
|
+
//# sourceMappingURL=context.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,iBAAiB,IAAI,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAGlF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,KAAK,EACV,OAAO,EAAE,eAAe,EAAE,eAAe,EACzC,gBAAgB,EAAE,cAAc,EAAE,gBAAgB,EAClD,cAAc,EAAE,gBAAgB,EACjC,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAGjD,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,UAAU,CAAC;IACpB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,cAAc,GAAG,IAAI,CAAC;IACtC,UAAU,EAAE,eAAe,GAAG,IAAI,CAAC;IACnC,iBAAiB,EAAE,qBAAqB,CAAC;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,cAAc,CAAC;IAC/B,WAAW,EAAE,gBAAgB,EAAE,CAAC;IAChC,kBAAkB,EAAE,OAAO,YAAY,EAAE,iBAAiB,CAAC;IAC3D,aAAa,EAAE,gBAAgB,CAAC;IAChC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAC3E,IAAI,CAAC,CAAC,EAAE,OAAO,GAAG;QAAE,OAAO,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC;IACrE,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;QAAE,OAAO,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC;CACzG;AAED,wBAAsB,aAAa,IAAI,OAAO,CAAC,aAAa,CAAC,CA8G5D"}
|
package/dist/context.js
ADDED
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* ServerContext: replaces closure pattern in server.ts.
|
|
3
|
+
* Central state container for the AGA MCP Server.
|
|
4
|
+
*/
|
|
5
|
+
import { generateKeyPair } from './crypto/sign.js';
|
|
6
|
+
import { sha256Str } from './crypto/hash.js';
|
|
7
|
+
import { Portal } from './core/portal.js';
|
|
8
|
+
import { BehavioralMonitor as BehavioralMonitorImpl } from './core/behavioral.js';
|
|
9
|
+
import { MemoryStorage } from './storage/memory.js';
|
|
10
|
+
import { createGenesisEvent, appendEvent } from './core/chain.js';
|
|
11
|
+
export async function createContext() {
|
|
12
|
+
const storage = new MemoryStorage();
|
|
13
|
+
await storage.initialize();
|
|
14
|
+
const issuerKP = generateKeyPair();
|
|
15
|
+
const portalKP = generateKeyPair();
|
|
16
|
+
const chainKP = generateKeyPair();
|
|
17
|
+
const portal = new Portal();
|
|
18
|
+
const behavioralMonitor = new BehavioralMonitorImpl();
|
|
19
|
+
const defaultEnforcement = {
|
|
20
|
+
measurement_cadence_ms: 1000,
|
|
21
|
+
ttl_seconds: 3600,
|
|
22
|
+
enforcement_triggers: ['QUARANTINE', 'TERMINATE'],
|
|
23
|
+
re_attestation_required: true,
|
|
24
|
+
measurement_types: ['FILE_SYSTEM_STATE', 'CONFIG_MANIFEST'],
|
|
25
|
+
};
|
|
26
|
+
const defaultClaims = {
|
|
27
|
+
claims_taxonomy: [
|
|
28
|
+
// Identity claims
|
|
29
|
+
{ claim_id: 'identity.name', sensitivity: 'S3_HIGH', substitutes: ['identity.pseudonym', 'identity.org'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
|
|
30
|
+
{ claim_id: 'identity.pseudonym', sensitivity: 'S2_MODERATE', substitutes: ['identity.org'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN'] },
|
|
31
|
+
{ claim_id: 'identity.org', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
|
|
32
|
+
{ claim_id: 'identity.age', sensitivity: 'S3_HIGH', substitutes: ['identity.age_range', 'identity.is_adult'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
|
|
33
|
+
{ claim_id: 'identity.age_range', sensitivity: 'S2_MODERATE', substitutes: ['identity.is_adult'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
|
|
34
|
+
{ claim_id: 'identity.is_adult', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_FULL'] },
|
|
35
|
+
// Vehicle claims (deployment-appropriate)
|
|
36
|
+
{ claim_id: 'vehicle.exact_position', sensitivity: 'S4_CRITICAL', substitutes: ['vehicle.grid_square', 'vehicle.operational_area'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
|
|
37
|
+
{ claim_id: 'vehicle.grid_square', sensitivity: 'S2_MODERATE', substitutes: ['vehicle.operational_area'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN'] },
|
|
38
|
+
{ claim_id: 'vehicle.operational_area', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
|
|
39
|
+
// Plant/infrastructure claims
|
|
40
|
+
{ claim_id: 'plant.reactor_id', sensitivity: 'S3_HIGH', substitutes: ['plant.facility_type'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
|
|
41
|
+
{ claim_id: 'plant.facility_type', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
|
|
42
|
+
// Agent/model claims
|
|
43
|
+
{ claim_id: 'agent.model_weights_hash', sensitivity: 'S4_CRITICAL', substitutes: ['agent.model_family', 'agent.model_generation'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
|
|
44
|
+
{ claim_id: 'agent.model_family', sensitivity: 'S2_MODERATE', substitutes: ['agent.model_generation'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN'] },
|
|
45
|
+
{ claim_id: 'agent.model_generation', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
|
|
46
|
+
],
|
|
47
|
+
substitution_rules: [],
|
|
48
|
+
};
|
|
49
|
+
const claimValues = {
|
|
50
|
+
'identity.name': 'Alice Johnson',
|
|
51
|
+
'identity.pseudonym': 'AJ-7742',
|
|
52
|
+
'identity.org': 'Attested Intelligence',
|
|
53
|
+
'identity.age': 32,
|
|
54
|
+
'identity.age_range': '25-34',
|
|
55
|
+
'identity.is_adult': true,
|
|
56
|
+
'vehicle.exact_position': '38.8977° N, 77.0365° W',
|
|
57
|
+
'vehicle.grid_square': 'FM18lv',
|
|
58
|
+
'vehicle.operational_area': 'National Capital Region',
|
|
59
|
+
'plant.reactor_id': 'NRC-R-1234',
|
|
60
|
+
'plant.facility_type': 'Nuclear Power Plant',
|
|
61
|
+
'agent.model_weights_hash': 'a4f8c2e1b3d7094f6e2a8b1c5d9f3e7a',
|
|
62
|
+
'agent.model_family': 'GPT-class LLM',
|
|
63
|
+
'agent.model_generation': 'Generation 4',
|
|
64
|
+
};
|
|
65
|
+
const claimsTaxonomy = {
|
|
66
|
+
claims: defaultClaims.claims_taxonomy,
|
|
67
|
+
version: '1.0.0',
|
|
68
|
+
};
|
|
69
|
+
const ctx = {
|
|
70
|
+
issuerKP,
|
|
71
|
+
portalKP,
|
|
72
|
+
chainKP,
|
|
73
|
+
portal,
|
|
74
|
+
storage,
|
|
75
|
+
chainInitialized: false,
|
|
76
|
+
activeArtifact: null,
|
|
77
|
+
quarantine: null,
|
|
78
|
+
behavioralMonitor,
|
|
79
|
+
measurementCount: 0,
|
|
80
|
+
verificationTier: 'BRONZE',
|
|
81
|
+
startTime: new Date().toISOString(),
|
|
82
|
+
claimsTaxonomy,
|
|
83
|
+
delegations: [],
|
|
84
|
+
defaultEnforcement,
|
|
85
|
+
defaultClaims,
|
|
86
|
+
claimValues,
|
|
87
|
+
async appendToChain(type, payload) {
|
|
88
|
+
if (!ctx.chainInitialized) {
|
|
89
|
+
const genesis = createGenesisEvent(ctx.chainKP, sha256Str('AGA Protocol Specification v2.0.0'));
|
|
90
|
+
await ctx.storage.storeEvent(genesis);
|
|
91
|
+
ctx.chainInitialized = true;
|
|
92
|
+
ctx.portal.sequenceCounter = 0;
|
|
93
|
+
ctx.portal.lastLeafHash = genesis.leaf_hash;
|
|
94
|
+
}
|
|
95
|
+
const prev = await ctx.storage.getLatestEvent();
|
|
96
|
+
if (!prev)
|
|
97
|
+
throw new Error('Chain initialization failed');
|
|
98
|
+
const event = appendEvent(type, payload, prev, ctx.chainKP);
|
|
99
|
+
await ctx.storage.storeEvent(event);
|
|
100
|
+
ctx.portal.sequenceCounter = event.sequence_number;
|
|
101
|
+
ctx.portal.lastLeafHash = event.leaf_hash;
|
|
102
|
+
return event;
|
|
103
|
+
},
|
|
104
|
+
json(x) {
|
|
105
|
+
return { content: [{ type: 'text', text: JSON.stringify(x, null, 2) }] };
|
|
106
|
+
},
|
|
107
|
+
error(msg, extra) {
|
|
108
|
+
return { content: [{ type: 'text', text: JSON.stringify({ success: false, error: msg, ...extra }, null, 2) }] };
|
|
109
|
+
},
|
|
110
|
+
};
|
|
111
|
+
return ctx;
|
|
112
|
+
}
|
|
113
|
+
//# sourceMappingURL=context.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"context.js","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,eAAe,EAAW,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,iBAAiB,IAAI,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAiClE,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,MAAM,OAAO,GAAG,IAAI,aAAa,EAAE,CAAC;IACpC,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;IAE3B,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,MAAM,OAAO,GAAG,eAAe,EAAE,CAAC;IAClC,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;IAC5B,MAAM,iBAAiB,GAAG,IAAI,qBAAqB,EAAE,CAAC;IAEtD,MAAM,kBAAkB,GAA2C;QACjE,sBAAsB,EAAE,IAAI;QAC5B,WAAW,EAAE,IAAI;QACjB,oBAAoB,EAAE,CAAC,YAAY,EAAE,WAAW,CAAC;QACjD,uBAAuB,EAAE,IAAI;QAC7B,iBAAiB,EAAE,CAAC,mBAAmB,EAAE,iBAAiB,CAAC;KAC5D,CAAC;IAEF,MAAM,aAAa,GAAqB;QACtC,eAAe,EAAE;YACf,kBAAkB;YAClB,EAAE,QAAQ,EAAE,eAAe,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,oBAAoB,EAAE,cAAc,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YAChK,EAAE,QAAQ,EAAE,oBAAoB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,cAAc,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC,EAAE;YACjK,EAAE,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YACvJ,EAAE,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,oBAAoB,EAAE,mBAAmB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YACpK,EAAE,QAAQ,EAAE,oBAAoB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,mBAAmB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YACrL,EAAE,QAAQ,EAAE,mBAAmB,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,aAAa,CAAC,EAAE;YAC9I,0CAA0C;YAC1C,EAAE,QAAQ,EAAE,wBAAwB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,qBAAqB,EAAE,0BAA0B,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YAC1L,EAAE,QAAQ,EAAE,qBAAqB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,0BAA0B,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC,EAAE;YAC9K,EAAE,QAAQ,EAAE,0BAA0B,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YACnK,8BAA8B;YAC9B,EAAE,QAAQ,EAAE,kBAAkB,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,qBAAqB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YACpJ,EAAE,QAAQ,EAAE,qBAAqB,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YAC9J,qBAAqB;YACrB,EAAE,QAAQ,EAAE,0BAA0B,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,oBAAoB,EAAE,wBAAwB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YACzL,EAAE,QAAQ,EAAE,oBAAoB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,wBAAwB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC,EAAE;YAC3K,EAAE,QAAQ,EAAE,wBAAwB,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;SAClK;QACD,kBAAkB,EAAE,EAAE;KACvB,CAAC;IAEF,MAAM,WAAW,GAA4B;QAC3C,eAAe,EAAE,eAAe;QAChC,oBAAoB,EAAE,SAAS;QAC/B,cAAc,EAAE,uBAAuB;QACvC,cAAc,EAAE,EAAE;QAClB,oBAAoB,EAAE,OAAO;QAC7B,mBAAmB,EAAE,IAAI;QACzB,wBAAwB,EAAE,wBAAwB;QAClD,qBAAqB,EAAE,QAAQ;QAC/B,0BAA0B,EAAE,yBAAyB;QACrD,kBAAkB,EAAE,YAAY;QAChC,qBAAqB,EAAE,qBAAqB;QAC5C,0BAA0B,EAAE,kCAAkC;QAC9D,oBAAoB,EAAE,eAAe;QACrC,wBAAwB,EAAE,cAAc;KACzC,CAAC;IAEF,MAAM,cAAc,GAAmB;QACrC,MAAM,EAAE,aAAa,CAAC,eAAe;QACrC,OAAO,EAAE,OAAO;KACjB,CAAC;IAEF,MAAM,GAAG,GAAkB;QACzB,QAAQ;QACR,QAAQ;QACR,OAAO;QACP,MAAM;QACN,OAAO;QACP,gBAAgB,EAAE,KAAK;QACvB,cAAc,EAAE,IAAI;QACpB,UAAU,EAAE,IAAI;QAChB,iBAAiB;QACjB,gBAAgB,EAAE,CAAC;QACnB,gBAAgB,EAAE,QAAQ;QAC1B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,cAAc;QACd,WAAW,EAAE,EAAE;QACf,kBAAkB;QAClB,aAAa;QACb,WAAW;QAEX,KAAK,CAAC,aAAa,CAAC,IAAe,EAAE,OAAgB;YACnD,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;gBAC1B,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;gBAChG,MAAM,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBACtC,GAAG,CAAC,gBAAgB,GAAG,IAAI,CAAC;gBAC5B,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC,CAAC;gBAC/B,GAAG,CAAC,MAAM,CAAC,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC;YAC9C,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YAC1D,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5D,MAAM,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACpC,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,KAAK,CAAC,eAAe,CAAC;YACnD,GAAG,CAAC,MAAM,CAAC,YAAY,GAAG,KAAK,CAAC,SAAS,CAAC;YAC1C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,CAAU;YACb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QACpF,CAAC;QAED,KAAK,CAAC,GAAW,EAAE,KAA+B;YAChD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QAC3H,CAAC;KACF,CAAC;IAEF,OAAO,GAAG,CAAC;AACb,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Identity operations: key fingerprinting, validation, rotation.
|
|
3
|
+
*/
|
|
4
|
+
import { keyFingerprint, isKeyValid } from '../crypto/keys.js';
|
|
5
|
+
import type { KeyPair } from '../types.js';
|
|
6
|
+
export { keyFingerprint, isKeyValid };
|
|
7
|
+
export interface KeyRotationResult {
|
|
8
|
+
newKeyPair: KeyPair;
|
|
9
|
+
newPublicKeyHex: string;
|
|
10
|
+
oldPublicKeyHex: string;
|
|
11
|
+
rotatedAt: string;
|
|
12
|
+
}
|
|
13
|
+
export declare function rotateKeys(oldKP: KeyPair): KeyRotationResult;
|
|
14
|
+
//# sourceMappingURL=identity.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/core/identity.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,cAAc,EAAE,UAAU,EAAiB,MAAM,mBAAmB,CAAC;AAE9E,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC;AAEtC,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAgB,UAAU,CAAC,KAAK,EAAE,OAAO,GAAG,iBAAiB,CAQ5D"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Identity operations: key fingerprinting, validation, rotation.
|
|
3
|
+
*/
|
|
4
|
+
import { keyFingerprint, isKeyValid, rotateKeyPair } from '../crypto/keys.js';
|
|
5
|
+
import { pkToHex } from '../crypto/sign.js';
|
|
6
|
+
export { keyFingerprint, isKeyValid };
|
|
7
|
+
export function rotateKeys(oldKP) {
|
|
8
|
+
const newKP = rotateKeyPair();
|
|
9
|
+
return {
|
|
10
|
+
newKeyPair: newKP,
|
|
11
|
+
newPublicKeyHex: pkToHex(newKP.publicKey),
|
|
12
|
+
oldPublicKeyHex: pkToHex(oldKP.publicKey),
|
|
13
|
+
rotatedAt: new Date().toISOString(),
|
|
14
|
+
};
|
|
15
|
+
}
|
|
16
|
+
//# sourceMappingURL=identity.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/core/identity.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAC9E,OAAO,EAAmB,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAG7D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC;AAStC,MAAM,UAAU,UAAU,CAAC,KAAc;IACvC,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,OAAO;QACL,UAAU,EAAE,KAAK;QACjB,eAAe,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC;QACzC,eAAe,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC;QACzC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC"}
|
package/dist/core/index.d.ts
CHANGED
|
@@ -9,4 +9,7 @@ export * from './quarantine.js';
|
|
|
9
9
|
export * from './checkpoint.js';
|
|
10
10
|
export * from './bundle.js';
|
|
11
11
|
export * from './disclosure.js';
|
|
12
|
+
export * from './behavioral.js';
|
|
13
|
+
export * from './delegation.js';
|
|
14
|
+
export * from './identity.js';
|
|
12
15
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/core/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC"}
|
package/dist/core/index.js
CHANGED
|
@@ -9,4 +9,7 @@ export * from './quarantine.js';
|
|
|
9
9
|
export * from './checkpoint.js';
|
|
10
10
|
export * from './bundle.js';
|
|
11
11
|
export * from './disclosure.js';
|
|
12
|
+
export * from './behavioral.js';
|
|
13
|
+
export * from './delegation.js';
|
|
14
|
+
export * from './identity.js';
|
|
12
15
|
//# sourceMappingURL=index.js.map
|
package/dist/core/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import type { SubjectIdentifier, SubjectMetadata, HashHex } from '../types.js';
|
|
2
|
+
export interface MeasurementInput {
|
|
3
|
+
subjectBytes: Uint8Array;
|
|
4
|
+
metadata: SubjectMetadata;
|
|
5
|
+
}
|
|
6
|
+
export interface MeasurementOutput {
|
|
7
|
+
bytesHash: HashHex;
|
|
8
|
+
metadataHash: HashHex;
|
|
9
|
+
}
|
|
10
|
+
export declare function measureSubject(input: MeasurementInput): MeasurementOutput;
|
|
11
|
+
export declare function compareState(current: MeasurementOutput, expected: SubjectIdentifier): {
|
|
12
|
+
match: boolean;
|
|
13
|
+
bytesMatch: boolean;
|
|
14
|
+
metadataMatch: boolean;
|
|
15
|
+
};
|
|
16
|
+
//# sourceMappingURL=measurement.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"measurement.d.ts","sourceRoot":"","sources":["../../src/core/measurement.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,iBAAiB,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAE/E,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,UAAU,CAAC;IACzB,QAAQ,EAAE,eAAe,CAAC;CAC3B;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,OAAO,CAAC;CACvB;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,gBAAgB,GAAG,iBAAiB,CAKzE;AAED,wBAAgB,YAAY,CAC1B,OAAO,EAAE,iBAAiB,EAC1B,QAAQ,EAAE,iBAAiB,GAC1B;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,OAAO,CAAC;IAAC,aAAa,EAAE,OAAO,CAAA;CAAE,CAIjE"}
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Subject measurement: hash, compare, detect drift.
|
|
3
|
+
* Consolidates subject.ts + attestation.ts measurement logic.
|
|
4
|
+
*/
|
|
5
|
+
import { sha256Bytes, sha256Str } from '../crypto/hash.js';
|
|
6
|
+
import { canonicalize } from '../utils/canonical.js';
|
|
7
|
+
export function measureSubject(input) {
|
|
8
|
+
return {
|
|
9
|
+
bytesHash: sha256Bytes(input.subjectBytes),
|
|
10
|
+
metadataHash: sha256Str(canonicalize(input.metadata)),
|
|
11
|
+
};
|
|
12
|
+
}
|
|
13
|
+
export function compareState(current, expected) {
|
|
14
|
+
const bytesMatch = current.bytesHash === expected.bytes_hash;
|
|
15
|
+
const metadataMatch = current.metadataHash === expected.metadata_hash;
|
|
16
|
+
return { match: bytesMatch && metadataMatch, bytesMatch, metadataMatch };
|
|
17
|
+
}
|
|
18
|
+
//# sourceMappingURL=measurement.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"measurement.js","sourceRoot":"","sources":["../../src/core/measurement.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAarD,MAAM,UAAU,cAAc,CAAC,KAAuB;IACpD,OAAO;QACL,SAAS,EAAE,WAAW,CAAC,KAAK,CAAC,YAAY,CAAC;QAC1C,YAAY,EAAE,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;KACtD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,OAA0B,EAC1B,QAA2B;IAE3B,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,UAAU,CAAC;IAC7D,MAAM,aAAa,GAAG,OAAO,CAAC,YAAY,KAAK,QAAQ,CAAC,aAAa,CAAC;IACtE,OAAO,EAAE,KAAK,EAAE,UAAU,IAAI,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC;AAC3E,CAAC"}
|
package/dist/core/portal.d.ts
CHANGED
|
@@ -21,7 +21,7 @@ export declare class Portal {
|
|
|
21
21
|
};
|
|
22
22
|
measure(subjectBytes: Uint8Array, meta: SubjectMetadata): MeasurementResult;
|
|
23
23
|
enforce(action: EnforcementAction): void;
|
|
24
|
-
revoke(sealedHash: string): void;
|
|
24
|
+
revoke(sealedHash: string, transitionTo?: 'TERMINATED' | 'SAFE_STATE'): void;
|
|
25
25
|
isRevoked(sealedHash: string): boolean;
|
|
26
26
|
reset(): void;
|
|
27
27
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClG,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,MAAM;IACjB,KAAK,EAAE,WAAW,CAAoB;IACtC,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAQ;IACvC,eAAe,SAAK;IACpB,YAAY,EAAE,OAAO,GAAG,IAAI,CAAQ;IACpC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,CAAa;IAErC,YAAY,CAAC,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,GAAG;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE;IAiB5F,OAAO,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,eAAe,GAAG,iBAAiB;
|
|
1
|
+
{"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClG,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,MAAM;IACjB,KAAK,EAAE,WAAW,CAAoB;IACtC,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAQ;IACvC,eAAe,SAAK;IACpB,YAAY,EAAE,OAAO,GAAG,IAAI,CAAQ;IACpC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,CAAa;IAErC,YAAY,CAAC,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,GAAG;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE;IAiB5F,OAAO,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,eAAe,GAAG,iBAAiB;IA6B3E,OAAO,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI;IAWxC,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,YAAY,GAAG,IAAI;IAO5E,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAEtC,KAAK,IAAI,IAAI;CAId"}
|
package/dist/core/portal.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Portal (Sentinel)
|
|
2
|
+
* Portal (Sentinel) - Runtime Enforcement Boundary. Ref 150, 270-280.
|
|
3
3
|
* V3: TTL + revocation checked every measurement. Fail-closed semantics.
|
|
4
4
|
* Aligned with NCCoE filing Sections 3-4 and NIST-2025-0035.
|
|
5
5
|
*/
|
|
@@ -37,6 +37,8 @@ export class Portal {
|
|
|
37
37
|
throw new Error('No artifact loaded');
|
|
38
38
|
if (this.state === 'TERMINATED')
|
|
39
39
|
throw new Error('Portal is terminated');
|
|
40
|
+
if (this.state === 'SAFE_STATE')
|
|
41
|
+
throw new Error('Portal is in safe state - artifact revoked');
|
|
40
42
|
const empty = { currentBytesHash: '', currentMetaHash: '',
|
|
41
43
|
expectedBytesHash: this.artifact.subject_identifier.bytes_hash,
|
|
42
44
|
expectedMetaHash: this.artifact.subject_identifier.metadata_hash };
|
|
@@ -67,9 +69,11 @@ export class Portal {
|
|
|
67
69
|
throw new Error(`Cannot enforce in state ${this.state}`);
|
|
68
70
|
switch (action) {
|
|
69
71
|
case 'TERMINATE':
|
|
70
|
-
case 'SAFE_STATE':
|
|
71
72
|
this.state = 'TERMINATED';
|
|
72
73
|
break;
|
|
74
|
+
case 'SAFE_STATE':
|
|
75
|
+
this.state = 'SAFE_STATE';
|
|
76
|
+
break;
|
|
73
77
|
case 'QUARANTINE':
|
|
74
78
|
this.state = 'PHANTOM_QUARANTINE';
|
|
75
79
|
break;
|
|
@@ -79,10 +83,11 @@ export class Portal {
|
|
|
79
83
|
default: break;
|
|
80
84
|
}
|
|
81
85
|
}
|
|
82
|
-
revoke(sealedHash) {
|
|
86
|
+
revoke(sealedHash, transitionTo) {
|
|
83
87
|
this.revocations.add(sealedHash);
|
|
84
|
-
if (this.artifact?.sealed_hash === sealedHash)
|
|
85
|
-
this.state = 'TERMINATED';
|
|
88
|
+
if (this.artifact?.sealed_hash === sealedHash) {
|
|
89
|
+
this.state = transitionTo === 'SAFE_STATE' ? 'SAFE_STATE' : 'TERMINATED';
|
|
90
|
+
}
|
|
86
91
|
}
|
|
87
92
|
isRevoked(sealedHash) { return this.revocations.has(sealedHash); }
|
|
88
93
|
reset() {
|
package/dist/core/portal.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"portal.js","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAc1E,MAAM,OAAO,MAAM;IACjB,KAAK,GAAgB,gBAAgB,CAAC;IACtC,QAAQ,GAA0B,IAAI,CAAC;IACvC,eAAe,GAAG,CAAC,CAAC;IACpB,YAAY,GAAmB,IAAI,CAAC;IACpC,WAAW,GAAgB,IAAI,GAAG,EAAE,CAAC;IAErC,YAAY,CAAC,QAAwB,EAAE,WAAmB;QACxD,IAAI,CAAC,KAAK,GAAG,uBAAuB,CAAC;QACrC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC;QAC5C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,YAAY,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YAClF,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC;QAC1F,CAAC;QACD,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,EAAE,QAAQ,CAAC,mBAAmB,EAAE,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC3F,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;QAC9F,CAAC;QACD,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QACtF,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;QACjC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAED,OAAO,CAAC,YAAwB,EAAE,IAAqB;QACrD,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC1D,IAAI,IAAI,CAAC,KAAK,KAAK,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QACzE,MAAM,KAAK,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE;YACvD,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;QAErE,yBAAyB;QACzB,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC;QAC5G,IAAI,CAAC,MAAM,EAAE,CAAC;YAAC,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,KAAK,EAAE,CAAC;QAAC,CAAC;QAE7G,gCAAgC;QAChC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACpD,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,KAAK,EAAE,CAAC;QAC5F,CAAC;QAED,MAAM,gBAAgB,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAChE,eAAe,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QAEjF,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK,mBAAmB;YAAE,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAChF,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,eAAe;YAC/C,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa;YAChE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACnC,CAAC;IAED,OAAO,CAAC,MAAyB;QAC/B,IAAI,IAAI,CAAC,KAAK,KAAK,gBAAgB;YAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QAC9F,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"portal.js","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAc1E,MAAM,OAAO,MAAM;IACjB,KAAK,GAAgB,gBAAgB,CAAC;IACtC,QAAQ,GAA0B,IAAI,CAAC;IACvC,eAAe,GAAG,CAAC,CAAC;IACpB,YAAY,GAAmB,IAAI,CAAC;IACpC,WAAW,GAAgB,IAAI,GAAG,EAAE,CAAC;IAErC,YAAY,CAAC,QAAwB,EAAE,WAAmB;QACxD,IAAI,CAAC,KAAK,GAAG,uBAAuB,CAAC;QACrC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC;QAC5C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,YAAY,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YAClF,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC;QAC1F,CAAC;QACD,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,EAAE,QAAQ,CAAC,mBAAmB,EAAE,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC3F,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;QAC9F,CAAC;QACD,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QACtF,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;QACjC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAED,OAAO,CAAC,YAAwB,EAAE,IAAqB;QACrD,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC1D,IAAI,IAAI,CAAC,KAAK,KAAK,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QACzE,IAAI,IAAI,CAAC,KAAK,KAAK,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAC/F,MAAM,KAAK,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE;YACvD,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;QAErE,yBAAyB;QACzB,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC;QAC5G,IAAI,CAAC,MAAM,EAAE,CAAC;YAAC,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,KAAK,EAAE,CAAC;QAAC,CAAC;QAE7G,gCAAgC;QAChC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACpD,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,KAAK,EAAE,CAAC;QAC5F,CAAC;QAED,MAAM,gBAAgB,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAChE,eAAe,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QAEjF,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK,mBAAmB;YAAE,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAChF,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,eAAe;YAC/C,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa;YAChE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACnC,CAAC;IAED,OAAO,CAAC,MAAyB;QAC/B,IAAI,IAAI,CAAC,KAAK,KAAK,gBAAgB;YAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QAC9F,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,WAAW;gBAAE,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;gBAAC,MAAM;YACnD,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;gBAAC,MAAM;YACpD,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,oBAAoB,CAAC;gBAAC,MAAM;YAC5D,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;gBAAC,MAAM;YAC3D,OAAO,CAAC,CAAC,MAAM;QACjB,CAAC;IACH,CAAC;IAED,MAAM,CAAC,UAAkB,EAAE,YAA0C;QACnE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACjC,IAAI,IAAI,CAAC,QAAQ,EAAE,WAAW,KAAK,UAAU,EAAE,CAAC;YAC9C,IAAI,CAAC,KAAK,GAAG,YAAY,KAAK,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,SAAS,CAAC,UAAkB,IAAa,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAEnF,KAAK;QACH,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACpD,IAAI,CAAC,eAAe,GAAG,CAAC,CAAC;QAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IACrD,CAAC;CACF"}
|
package/dist/core/types.d.ts
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* V3: Aligned with NIST-2025-0035 and NCCoE AI Agent Identity filings.
|
|
3
|
-
* Every interface annotated with patent reference numeral.
|
|
4
3
|
*/
|
|
5
4
|
import type { HashHex, SignatureBase64, SaltHex, MerkleInclusionProof } from '../crypto/types.js';
|
|
6
5
|
export interface SubjectIdentifier {
|
|
@@ -79,7 +78,7 @@ export interface SignedReceipt {
|
|
|
79
78
|
previous_leaf_hash: HashHex | null;
|
|
80
79
|
portal_signature: SignatureBase64;
|
|
81
80
|
}
|
|
82
|
-
export type EventType = 'GENESIS' | 'POLICY_ISSUANCE' | 'INTERACTION_RECEIPT' | 'REVOCATION' | 'ATTESTATION' | 'ANCHOR_BATCH' | 'DISCLOSURE' | 'SUBSTITUTION' | 'KEY_ROTATION';
|
|
81
|
+
export type EventType = 'GENESIS' | 'POLICY_ISSUANCE' | 'INTERACTION_RECEIPT' | 'REVOCATION' | 'ATTESTATION' | 'ANCHOR_BATCH' | 'DISCLOSURE' | 'SUBSTITUTION' | 'KEY_ROTATION' | 'BEHAVIORAL_DRIFT' | 'DELEGATION' | 'RE_ATTESTATION';
|
|
83
82
|
export interface GenesisPayload {
|
|
84
83
|
protocol_version: string;
|
|
85
84
|
taxonomy_version: string;
|
|
@@ -145,7 +144,7 @@ export interface SubstitutionReceipt {
|
|
|
145
144
|
chain_sequence_ref: number;
|
|
146
145
|
signature: SignatureBase64;
|
|
147
146
|
}
|
|
148
|
-
export type PortalState = 'INITIALIZATION' | 'ARTIFACT_VERIFICATION' | 'ACTIVE_MONITORING' | 'DRIFT_DETECTED' | 'PHANTOM_QUARANTINE' | 'TERMINATED';
|
|
147
|
+
export type PortalState = 'INITIALIZATION' | 'ARTIFACT_VERIFICATION' | 'ACTIVE_MONITORING' | 'DRIFT_DETECTED' | 'PHANTOM_QUARANTINE' | 'SAFE_STATE' | 'TERMINATED';
|
|
149
148
|
export type VerificationTier = 'BRONZE' | 'SILVER' | 'GOLD';
|
|
150
149
|
export interface RevocationRecord {
|
|
151
150
|
artifact_sealed_hash: HashHex;
|
package/dist/core/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAIlG,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAID,MAAM,MAAM,iBAAiB,GACzB,WAAW,GACX,YAAY,GACZ,iBAAiB,GACjB,YAAY,GACZ,YAAY,GACZ,kBAAkB,GAClB,qBAAqB,GACrB,YAAY,CAAC;AAEjB,MAAM,MAAM,eAAe,GACvB,kBAAkB,GAAG,gBAAgB,GAAG,iBAAiB,GACzD,iBAAiB,GAAI,MAAM,GAAa,WAAW,GACnD,gBAAgB,GAAK,cAAc,GAAK,mBAAmB,GAC3D,gBAAgB,CAAC;AAErB,MAAM,WAAW,iBAAiB;IAChC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,iBAAiB,EAAE,CAAC;IAC1C,uBAAuB,EAAE,OAAO,CAAC;IACjC,iBAAiB,EAAE,eAAe,EAAE,CAAC;CACtC;AAID,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,aAAa,CAAC;AAC/E,MAAM,MAAM,cAAc,GAAG,YAAY,GAAG,YAAY,GAAG,aAAa,CAAC;AAEzE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,EAAE,cAAc,EAAE,CAAC;CACnC;AAED,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,gBAAgB;IAC/B,eAAe,EAAE,WAAW,EAAE,CAAC;IAC/B,kBAAkB,EAAE,gBAAgB,EAAE,CAAC;CACxC;AAID,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAID,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,iBAAiB,CAAC;IAC1C,iBAAiB,EAAE,gBAAgB,CAAC;IACpC,oBAAoB,EAAE,wBAAwB,EAAE,CAAC;IACjD,SAAS,EAAE,eAAe,CAAC;CAC5B;AAMD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,kBAAkB,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC7C,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,MAAM,SAAS,GACjB,SAAS,GACT,iBAAiB,GACjB,qBAAqB,GACrB,YAAY,GACZ,aAAa,GACb,cAAc,GACd,YAAY,GACZ,cAAc,GACd,cAAc,GACd,kBAAkB,GAClB,YAAY,GACZ,gBAAgB,CAAC;AAErB,MAAM,WAAW,cAAc;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,MAAM,EAAE,SAAS,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,eAAe,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;CACpC;AAID,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,OAAO,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,cAAc,CAAC;IACzB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,aAAa,EAAE,oBAAoB,EAAE,CAAC;IACtC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,WAAW,iBAAiB;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,eAAe,CAAC;CAC5B;AAID,MAAM,MAAM,WAAW,GACnB,gBAAgB,GAChB,uBAAuB,GACvB,mBAAmB,GACnB,gBAAgB,GAChB,oBAAoB,GACpB,YAAY,GACZ,YAAY,CAAC;AAEjB,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;AAM5D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CAC5E"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Deterministic JSON serialization (RFC 8785 aligned).
|
|
3
|
+
* Moved from src/utils/canonical.ts for directive structure alignment.
|
|
4
|
+
*/
|
|
5
|
+
export declare function deepSortKeys(obj: unknown): unknown;
|
|
6
|
+
export declare function canonicalize(obj: unknown): string;
|
|
7
|
+
//# sourceMappingURL=canonicalize.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"canonicalize.d.ts","sourceRoot":"","sources":["../../src/crypto/canonicalize.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CASlD;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CAEjD"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Deterministic JSON serialization (RFC 8785 aligned).
|
|
3
|
+
* Moved from src/utils/canonical.ts for directive structure alignment.
|
|
4
|
+
*/
|
|
5
|
+
export function deepSortKeys(obj) {
|
|
6
|
+
if (obj === null || obj === undefined || typeof obj !== 'object')
|
|
7
|
+
return obj;
|
|
8
|
+
if (Array.isArray(obj))
|
|
9
|
+
return obj.map(deepSortKeys);
|
|
10
|
+
if (obj instanceof Uint8Array)
|
|
11
|
+
return obj;
|
|
12
|
+
const sorted = {};
|
|
13
|
+
for (const key of Object.keys(obj).sort()) {
|
|
14
|
+
sorted[key] = deepSortKeys(obj[key]);
|
|
15
|
+
}
|
|
16
|
+
return sorted;
|
|
17
|
+
}
|
|
18
|
+
export function canonicalize(obj) {
|
|
19
|
+
return JSON.stringify(deepSortKeys(obj));
|
|
20
|
+
}
|
|
21
|
+
//# sourceMappingURL=canonicalize.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"canonicalize.js","sourceRoot":"","sources":["../../src/crypto/canonicalize.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,GAAY;IACvC,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IAC7E,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACrD,IAAI,GAAG,YAAY,UAAU;QAAE,OAAO,GAAG,CAAC;IAC1C,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACrE,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAE,GAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,GAAY;IACvC,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3C,CAAC"}
|
package/dist/crypto/hash.d.ts
CHANGED
|
@@ -2,7 +2,7 @@ import type { HashHex } from './types.js';
|
|
|
2
2
|
export declare function sha256Bytes(data: Uint8Array): HashHex;
|
|
3
3
|
export declare function sha256Str(data: string): HashHex;
|
|
4
4
|
export declare function blake2b256(data: Uint8Array): HashHex;
|
|
5
|
-
/** Concatenate inputs (NO delimiter) and SHA-256.
|
|
5
|
+
/** Concatenate inputs (NO delimiter) and SHA-256. No delimiters per protocol spec. */
|
|
6
6
|
export declare function sha256Cat(...parts: (Uint8Array | string)[]): HashHex;
|
|
7
7
|
/** Concatenate hex strings as text (no decode) and hash. For sealed_hash computation. */
|
|
8
8
|
export declare function sha256HexCat(...hexes: string[]): HashHex;
|