@attested-intelligence/aga-mcp-server 0.1.1 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (197) hide show
  1. package/README.md +106 -24
  2. package/dist/context.d.ts +39 -0
  3. package/dist/context.d.ts.map +1 -0
  4. package/dist/context.js +113 -0
  5. package/dist/context.js.map +1 -0
  6. package/dist/core/identity.d.ts +14 -0
  7. package/dist/core/identity.d.ts.map +1 -0
  8. package/dist/core/identity.js +16 -0
  9. package/dist/core/identity.js.map +1 -0
  10. package/dist/core/index.d.ts +3 -0
  11. package/dist/core/index.d.ts.map +1 -1
  12. package/dist/core/index.js +3 -0
  13. package/dist/core/index.js.map +1 -1
  14. package/dist/core/measurement.d.ts +16 -0
  15. package/dist/core/measurement.d.ts.map +1 -0
  16. package/dist/core/measurement.js +18 -0
  17. package/dist/core/measurement.js.map +1 -0
  18. package/dist/core/portal.d.ts +1 -1
  19. package/dist/core/portal.d.ts.map +1 -1
  20. package/dist/core/portal.js +10 -5
  21. package/dist/core/portal.js.map +1 -1
  22. package/dist/core/types.d.ts +2 -3
  23. package/dist/core/types.d.ts.map +1 -1
  24. package/dist/crypto/canonicalize.d.ts +7 -0
  25. package/dist/crypto/canonicalize.d.ts.map +1 -0
  26. package/dist/crypto/canonicalize.js +21 -0
  27. package/dist/crypto/canonicalize.js.map +1 -0
  28. package/dist/crypto/hash.d.ts +1 -1
  29. package/dist/crypto/hash.d.ts.map +1 -1
  30. package/dist/crypto/hash.js +1 -1
  31. package/dist/crypto/hash.js.map +1 -1
  32. package/dist/crypto/index.d.ts +6 -5
  33. package/dist/crypto/index.d.ts.map +1 -1
  34. package/dist/crypto/index.js +6 -5
  35. package/dist/crypto/index.js.map +1 -1
  36. package/dist/crypto/keys.d.ts +10 -0
  37. package/dist/crypto/keys.d.ts.map +1 -0
  38. package/dist/crypto/keys.js +19 -0
  39. package/dist/crypto/keys.js.map +1 -0
  40. package/dist/index.js +1 -1
  41. package/dist/index.js.map +1 -1
  42. package/dist/middleware/governance.d.ts +1 -7
  43. package/dist/middleware/governance.d.ts.map +1 -1
  44. package/dist/middleware/governance.js +11 -18
  45. package/dist/middleware/governance.js.map +1 -1
  46. package/dist/prompts/drift-analysis.d.ts +13 -0
  47. package/dist/prompts/drift-analysis.d.ts.map +1 -0
  48. package/dist/prompts/drift-analysis.js +43 -0
  49. package/dist/prompts/drift-analysis.js.map +1 -0
  50. package/dist/prompts/governance-report.d.ts +7 -0
  51. package/dist/prompts/governance-report.d.ts.map +1 -0
  52. package/dist/prompts/governance-report.js +26 -0
  53. package/dist/prompts/governance-report.js.map +1 -0
  54. package/dist/prompts/nccoe-demo.d.ts +14 -0
  55. package/dist/prompts/nccoe-demo.d.ts.map +1 -0
  56. package/dist/prompts/nccoe-demo.js +47 -0
  57. package/dist/prompts/nccoe-demo.js.map +1 -0
  58. package/dist/resources/cosai-mapping.d.ts +24 -0
  59. package/dist/resources/cosai-mapping.d.ts.map +1 -0
  60. package/dist/resources/cosai-mapping.js +127 -0
  61. package/dist/resources/cosai-mapping.js.map +1 -0
  62. package/dist/resources/crypto-primitives.d.ts +3 -0
  63. package/dist/resources/crypto-primitives.d.ts.map +1 -0
  64. package/dist/resources/crypto-primitives.js +52 -0
  65. package/dist/resources/crypto-primitives.js.map +1 -0
  66. package/dist/resources/sample-bundle.d.ts +6 -0
  67. package/dist/resources/sample-bundle.d.ts.map +1 -0
  68. package/dist/resources/sample-bundle.js +58 -0
  69. package/dist/resources/sample-bundle.js.map +1 -0
  70. package/dist/resources/specification.d.ts +3 -0
  71. package/dist/resources/specification.d.ts.map +1 -0
  72. package/dist/resources/specification.js +161 -0
  73. package/dist/resources/specification.js.map +1 -0
  74. package/dist/server.d.ts +3 -7
  75. package/dist/server.d.ts.map +1 -1
  76. package/dist/server.js +214 -343
  77. package/dist/server.js.map +1 -1
  78. package/dist/storage/sqlite.js +1 -1
  79. package/dist/tools/create-artifact.d.ts +25 -0
  80. package/dist/tools/create-artifact.d.ts.map +1 -0
  81. package/dist/tools/create-artifact.js +85 -0
  82. package/dist/tools/create-artifact.js.map +1 -0
  83. package/dist/tools/delegate-subagent.d.ts +18 -0
  84. package/dist/tools/delegate-subagent.d.ts.map +1 -0
  85. package/dist/tools/delegate-subagent.js +50 -0
  86. package/dist/tools/delegate-subagent.js.map +1 -0
  87. package/dist/tools/disclose-claim.d.ts +14 -0
  88. package/dist/tools/disclose-claim.d.ts.map +1 -0
  89. package/dist/tools/disclose-claim.js +23 -0
  90. package/dist/tools/disclose-claim.js.map +1 -0
  91. package/dist/tools/export-bundle.d.ts +8 -0
  92. package/dist/tools/export-bundle.d.ts.map +1 -0
  93. package/dist/tools/export-bundle.js +25 -0
  94. package/dist/tools/export-bundle.js.map +1 -0
  95. package/dist/tools/full-lifecycle.d.ts +16 -0
  96. package/dist/tools/full-lifecycle.d.ts.map +1 -0
  97. package/dist/tools/full-lifecycle.js +121 -0
  98. package/dist/tools/full-lifecycle.js.map +1 -0
  99. package/dist/tools/generate-receipt.d.ts +16 -0
  100. package/dist/tools/generate-receipt.d.ts.map +1 -0
  101. package/dist/tools/generate-receipt.js +31 -0
  102. package/dist/tools/generate-receipt.js.map +1 -0
  103. package/dist/tools/get-chain.d.ts +14 -0
  104. package/dist/tools/get-chain.d.ts.map +1 -0
  105. package/dist/tools/get-chain.js +45 -0
  106. package/dist/tools/get-chain.js.map +1 -0
  107. package/dist/tools/get-portal-state.d.ts +8 -0
  108. package/dist/tools/get-portal-state.d.ts.map +1 -0
  109. package/dist/tools/get-portal-state.js +15 -0
  110. package/dist/tools/get-portal-state.js.map +1 -0
  111. package/dist/tools/init-chain.d.ts +10 -0
  112. package/dist/tools/init-chain.d.ts.map +1 -0
  113. package/dist/tools/init-chain.js +13 -0
  114. package/dist/tools/init-chain.js.map +1 -0
  115. package/dist/tools/measure-behavior.d.ts +12 -0
  116. package/dist/tools/measure-behavior.d.ts.map +1 -0
  117. package/dist/tools/measure-behavior.js +29 -0
  118. package/dist/tools/measure-behavior.js.map +1 -0
  119. package/dist/tools/measure-subject.d.ts +15 -0
  120. package/dist/tools/measure-subject.d.ts.map +1 -0
  121. package/dist/tools/measure-subject.js +106 -0
  122. package/dist/tools/measure-subject.js.map +1 -0
  123. package/dist/tools/quarantine-status.d.ts +8 -0
  124. package/dist/tools/quarantine-status.d.ts.map +1 -0
  125. package/dist/tools/quarantine-status.js +16 -0
  126. package/dist/tools/quarantine-status.js.map +1 -0
  127. package/dist/tools/revoke-artifact.d.ts +13 -0
  128. package/dist/tools/revoke-artifact.d.ts.map +1 -0
  129. package/dist/tools/revoke-artifact.js +24 -0
  130. package/dist/tools/revoke-artifact.js.map +1 -0
  131. package/dist/tools/rotate-keys.d.ts +13 -0
  132. package/dist/tools/rotate-keys.d.ts.map +1 -0
  133. package/dist/tools/rotate-keys.js +39 -0
  134. package/dist/tools/rotate-keys.js.map +1 -0
  135. package/dist/tools/server-info.d.ts +8 -0
  136. package/dist/tools/server-info.d.ts.map +1 -0
  137. package/dist/tools/server-info.js +23 -0
  138. package/dist/tools/server-info.js.map +1 -0
  139. package/dist/tools/set-verification-tier.d.ts +11 -0
  140. package/dist/tools/set-verification-tier.d.ts.map +1 -0
  141. package/dist/tools/set-verification-tier.js +31 -0
  142. package/dist/tools/set-verification-tier.js.map +1 -0
  143. package/dist/tools/start-monitoring.d.ts +12 -0
  144. package/dist/tools/start-monitoring.d.ts.map +1 -0
  145. package/dist/tools/start-monitoring.js +17 -0
  146. package/dist/tools/start-monitoring.js.map +1 -0
  147. package/dist/tools/trigger-measurement.d.ts +15 -0
  148. package/dist/tools/trigger-measurement.d.ts.map +1 -0
  149. package/dist/tools/trigger-measurement.js +86 -0
  150. package/dist/tools/trigger-measurement.js.map +1 -0
  151. package/dist/tools/verify-artifact.d.ts +13 -0
  152. package/dist/tools/verify-artifact.d.ts.map +1 -0
  153. package/dist/tools/verify-artifact.js +6 -0
  154. package/dist/tools/verify-artifact.js.map +1 -0
  155. package/dist/tools/verify-bundle.d.ts +13 -0
  156. package/dist/tools/verify-bundle.d.ts.map +1 -0
  157. package/dist/tools/verify-bundle.js +6 -0
  158. package/dist/tools/verify-bundle.js.map +1 -0
  159. package/dist/types.d.ts +261 -0
  160. package/dist/types.d.ts.map +1 -0
  161. package/dist/types.js +8 -0
  162. package/dist/types.js.map +1 -0
  163. package/package.json +18 -3
  164. package/AGA_MCP_SERVER_SPEC.md +0 -632
  165. package/src/core/artifact.ts +0 -45
  166. package/src/core/attestation.ts +0 -33
  167. package/src/core/behavioral.ts +0 -132
  168. package/src/core/bundle.ts +0 -31
  169. package/src/core/chain.ts +0 -72
  170. package/src/core/checkpoint.ts +0 -22
  171. package/src/core/delegation.ts +0 -146
  172. package/src/core/disclosure.ts +0 -32
  173. package/src/core/index.ts +0 -11
  174. package/src/core/portal.ts +0 -96
  175. package/src/core/quarantine.ts +0 -16
  176. package/src/core/receipt.ts +0 -33
  177. package/src/core/subject.ts +0 -11
  178. package/src/core/types.ts +0 -244
  179. package/src/crypto/hash.ts +0 -33
  180. package/src/crypto/index.ts +0 -5
  181. package/src/crypto/merkle.ts +0 -43
  182. package/src/crypto/salt.ts +0 -18
  183. package/src/crypto/sign.ts +0 -35
  184. package/src/crypto/types.ts +0 -19
  185. package/src/index.ts +0 -12
  186. package/src/middleware/governance.ts +0 -95
  187. package/src/middleware/index.ts +0 -1
  188. package/src/server.ts +0 -436
  189. package/src/storage/index.ts +0 -3
  190. package/src/storage/interface.ts +0 -21
  191. package/src/storage/memory.ts +0 -27
  192. package/src/storage/sqlite.ts +0 -45
  193. package/src/tools/README.md +0 -13
  194. package/src/utils/canonical.ts +0 -14
  195. package/src/utils/constants.ts +0 -3
  196. package/src/utils/timestamp.ts +0 -12
  197. package/src/utils/uuid.ts +0 -2
package/README.md CHANGED
@@ -1,42 +1,124 @@
1
- # @attested-intelligence/aga-mcp-server
1
+ # @attested-intelligence/aga-mcp-server v2.0.0
2
2
 
3
- MCP server implementing the Attested Governance Artifact (AGA) protocol.
3
+ [![MCP Badge](https://lobehub.com/badge/mcp/attested-intelligence-aga-mcp-server)](https://lobehub.com/mcp/attested-intelligence-aga-mcp-server)
4
4
 
5
- **Patent Pending:** USPTO Application No. 19/433,835
6
- **Referenced in:** NIST-2025-0035, NCCoE AI Agent Identity and Authorization
5
+ MCP server implementing the Attested Governance Artifact (AGA) protocol - cryptographic compliance enforcement for autonomous AI systems.
7
6
 
8
7
  ## What It Does
9
8
 
10
- This server acts as a **Portal** (enforcement boundary) for AI agents. Every tool call is attested, measured, and logged to a tamper-evident continuity chain.
9
+ This server acts as a **Portal** (zero-trust Policy Enforcement Point) for AI agents. Every tool call is attested, measured against a sealed cryptographic reference, and logged to a tamper-evident continuity chain with signed receipts.
11
10
 
12
- | MCP Tool | Patent Claim | Description |
11
+ **20 tools, 3 resources, 3 prompts, 159 tests**
12
+
13
+ ## 20 MCP Tools
14
+
15
+ | # | Tool | Description |
16
+ | --- | --- | --- |
17
+ | 1 | `aga_server_info` | Server identity, keys, portal state, framework alignment |
18
+ | 2 | `aga_init_chain` | Initialize continuity chain with genesis event |
19
+ | 3 | `aga_create_artifact` | Attest subject, generate sealed Policy Artifact |
20
+ | 4 | `aga_measure_subject` | Measure subject, compare to sealed ref, generate receipt |
21
+ | 5 | `aga_verify_artifact` | Verify artifact signature against issuer key |
22
+ | 6 | `aga_start_monitoring` | Start/restart behavioral monitoring with baseline |
23
+ | 7 | `aga_get_portal_state` | Current portal enforcement state and TTL |
24
+ | 8 | `aga_trigger_measurement` | Trigger measurement with specific type |
25
+ | 9 | `aga_generate_receipt` | Generate signed measurement receipt manually |
26
+ | 10 | `aga_export_bundle` | Package artifact + receipts + Merkle proofs |
27
+ | 11 | `aga_verify_bundle` | 4-step offline bundle verification |
28
+ | 12 | `aga_disclose_claim` | Privacy-preserving disclosure with auto-substitution |
29
+ | 13 | `aga_get_chain` | Get chain events with optional integrity verification |
30
+ | 14 | `aga_quarantine_status` | Quarantine state and forensic capture status |
31
+ | 15 | `aga_revoke_artifact` | Mid-session artifact revocation |
32
+ | 16 | `aga_set_verification_tier` | Set verification tier (BRONZE/SILVER/GOLD) |
33
+ | 17 | `aga_demonstrate_lifecycle` | Full lifecycle: attest, measure, checkpoint, verify |
34
+ | 18 | `aga_measure_behavior` | Behavioral drift detection (tool patterns) |
35
+ | 19 | `aga_delegate_to_subagent` | Constrained sub-agent delegation (scope only diminishes) |
36
+ | 20 | `aga_rotate_keys` | Key rotation with chain event |
37
+
38
+ ## 3 Resources
39
+
40
+ | Resource | URI | Description |
41
+ | --- | --- | --- |
42
+ | Protocol Spec | `aga://specification/protocol-v2` | Full protocol specification with SPIFFE alignment |
43
+ | Sample Bundle | `aga://resources/sample-bundle` | Sample evidence bundle documentation |
44
+ | Crypto Primitives | `aga://resources/crypto-primitives` | Cryptographic primitives documentation |
45
+
46
+ ## 3 Prompts
47
+
48
+ | Prompt | Description |
49
+ |--------|-------------|
50
+ | `nccoe-demo` | 4-phase NCCoE lab demo with behavioral drift |
51
+ | `governance-report` | Session governance summary report |
52
+ | `drift-analysis` | Drift event analysis and remediation |
53
+
54
+ ## CoSAI MCP Security Threat Coverage
55
+
56
+ The AGA MCP Server addresses all 12 threat categories identified in the
57
+ [CoSAI MCP Security whitepaper](https://github.com/cosai-oasis/ws4-secure-design-agentic-systems/blob/main/model-context-protocol-security.md)
58
+ (Coalition for Secure AI / OASIS, January 2026).
59
+
60
+ | CoSAI Category | Threat Domain | AGA Governance Mechanism |
13
61
  |---|---|---|
14
- | `attest_subject` | 1a-1d | Attest and seal a policy artifact |
15
- | `measure_integrity` | 1e-1g | Measure, compare, enforce, receipt |
16
- | `revoke_artifact` | NCCoE 3b | Mid-session artifact revocation |
17
- | `request_claim` | 2 | Privacy-preserving disclosure |
18
- | `init_chain` | 3a | Initialize continuity chain |
19
- | `verify_chain` | 3c | Verify chain integrity |
20
- | `create_checkpoint` | 3d-3f | Merkle tree + anchor |
21
- | `generate_evidence_bundle` | 9 | Offline-verifiable package |
22
- | `delegate_to_subagent` | NCCoE | Constrained sub-agent delegation |
23
- | `measure_behavior` | NIST-2025-0035 | Behavioral drift detection |
24
- | `get_portal_state` | | Current enforcement status |
25
- | `get_receipts` | | Signed measurement receipts |
26
- | `get_chain_events` | — | Continuity chain events |
62
+ | T1: Improper Authentication | Identity & Access | Ed25519 artifact signatures, pinned issuer keys, TTL re-attestation, key rotation chain events |
63
+ | T2: Missing Access Control | Identity & Access | Portal as mandatory enforcement boundary, sealed constraints, delegation with scope diminishment |
64
+ | T3: Input Validation Failures | Input Handling | Runtime measurement against sealed reference, behavioral drift detection |
65
+ | T4: Data/Control Boundary Failures | Input Handling | Behavioral baseline (permitted tools, forbidden sequences, rate limits), phantom execution forensics |
66
+ | T5: Inadequate Data Protection | Data & Code | Salted commitments, privacy-preserving disclosure with substitution, inference risk prevention |
67
+ | T6: Missing Integrity Controls | Data & Code | Content-addressable hash binding, 10 measurement embodiments, continuous runtime verification |
68
+ | T7: Session/Transport Security | Network & Transport | TTL-based artifact expiration, fail-closed on expiry, mid-session revocation, Ed25519 signed receipts |
69
+ | T8: Network Isolation Failures | Network & Transport | Two-process architecture, agent holds no credentials, NETWORK_ISOLATE enforcement action |
70
+ | T9: Trust Boundary Failures | Trust & Design | Enforcement pre-committed by human authorities in sealed artifact, not delegated to LLM |
71
+ | T10: Resource Management | Trust & Design | Per-tool rate limits in behavioral baseline, configurable measurement cadence (10ms to 3600s) |
72
+ | T11: Supply Chain Failures | Operational | Content-addressable hashing at attestation, runtime hash comparison blocks modified components |
73
+ | T12: Insufficient Observability | Operational | Signed receipts, tamper-evident continuity chain, Merkle anchoring, offline evidence bundles |
74
+
75
+ Full mapping details available via the `aga://specification` resource.
27
76
 
28
77
  ## Quick Start
29
78
 
30
- npm install && npm run build && npm run demo
79
+ ```bash
80
+ npm install && npm run build && npm test
81
+ ```
31
82
 
32
- ## Connect to Claude Desktop
83
+ ## Connect to an MCP Client
33
84
 
34
- Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
85
+ Add to your MCP client config:
86
+
87
+ ```json
35
88
  {
36
89
  "mcpServers": {
37
- "aga": { "command": "node", "args": ["/path/to/dist/index.js"] }
90
+ "aga": { "command": "node", "args": ["/path/to/aga-mcp-server/dist/index.js"] }
38
91
  }
39
92
  }
93
+ ```
94
+
95
+ ## Architecture
96
+
97
+ ```
98
+ MCP Client
99
+ │ JSON-RPC over stdio
100
+
101
+ src/server.ts - 20 tools + 3 resources + 3 prompts
102
+
103
+ ├── src/tools/ 20 individual tool handlers
104
+ ├── src/core/ Protocol logic (artifact, chain, portal, etc.)
105
+ ├── src/crypto/ Ed25519 + SHA-256 + Merkle + canonical JSON
106
+ ├── src/middleware/ Zero-trust governance PEP
107
+ ├── src/storage/ In-memory + optional SQLite
108
+ ├── src/resources/ Protocol docs + crypto primitives
109
+ └── src/prompts/ Demo + report + analysis prompts
110
+ ```
111
+
112
+ ## Test Coverage
113
+
114
+ | Suite | Tests | What |
115
+ |-------|-------|------|
116
+ | Crypto | 33 | SHA-256, Ed25519, Merkle, salt, canonical, keys |
117
+ | Core | 56 | Artifact, chain, portal, governance, behavioral, delegation, privacy, revocation, fail-closed |
118
+ | Tools | 25 | All 20 tool handlers |
119
+ | Integration | 38 | Bundle tamper, lifecycle, performance, NCCoE demo, crucible compatibility |
120
+ | **Total** | **159** | |
40
121
 
41
122
  ## License
42
- MIT — Attested Intelligence Holdings LLC
123
+
124
+ MIT - Attested Intelligence Holdings LLC
@@ -0,0 +1,39 @@
1
+ import { Portal } from './core/portal.js';
2
+ import { BehavioralMonitor as BehavioralMonitorImpl } from './core/behavioral.js';
3
+ import type { AGAStorage } from './storage/interface.js';
4
+ import type { KeyPair, QuarantineState, ContinuityEvent, VerificationTier, ClaimsTaxonomy, DelegationRecord, PolicyArtifact, DisclosurePolicy } from './types.js';
5
+ import type { EventType } from './core/types.js';
6
+ export interface ServerContext {
7
+ issuerKP: KeyPair;
8
+ portalKP: KeyPair;
9
+ chainKP: KeyPair;
10
+ portal: Portal;
11
+ storage: AGAStorage;
12
+ chainInitialized: boolean;
13
+ activeArtifact: PolicyArtifact | null;
14
+ quarantine: QuarantineState | null;
15
+ behavioralMonitor: BehavioralMonitorImpl;
16
+ measurementCount: number;
17
+ verificationTier: VerificationTier;
18
+ startTime: string;
19
+ claimsTaxonomy: ClaimsTaxonomy;
20
+ delegations: DelegationRecord[];
21
+ defaultEnforcement: import('./types.js').EnforcementParams;
22
+ defaultClaims: DisclosurePolicy;
23
+ claimValues: Record<string, unknown>;
24
+ appendToChain(type: EventType, payload: unknown): Promise<ContinuityEvent>;
25
+ json(x: unknown): {
26
+ content: Array<{
27
+ type: 'text';
28
+ text: string;
29
+ }>;
30
+ };
31
+ error(msg: string, extra?: Record<string, unknown>): {
32
+ content: Array<{
33
+ type: 'text';
34
+ text: string;
35
+ }>;
36
+ };
37
+ }
38
+ export declare function createContext(): Promise<ServerContext>;
39
+ //# sourceMappingURL=context.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"context.d.ts","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,iBAAiB,IAAI,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAGlF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,KAAK,EACV,OAAO,EAAE,eAAe,EAAE,eAAe,EACzC,gBAAgB,EAAE,cAAc,EAAE,gBAAgB,EAClD,cAAc,EAAE,gBAAgB,EACjC,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAGjD,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,UAAU,CAAC;IACpB,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,cAAc,GAAG,IAAI,CAAC;IACtC,UAAU,EAAE,eAAe,GAAG,IAAI,CAAC;IACnC,iBAAiB,EAAE,qBAAqB,CAAC;IACzC,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,gBAAgB,CAAC;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,cAAc,CAAC;IAC/B,WAAW,EAAE,gBAAgB,EAAE,CAAC;IAChC,kBAAkB,EAAE,OAAO,YAAY,EAAE,iBAAiB,CAAC;IAC3D,aAAa,EAAE,gBAAgB,CAAC;IAChC,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;IAC3E,IAAI,CAAC,CAAC,EAAE,OAAO,GAAG;QAAE,OAAO,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC;IACrE,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;QAAE,OAAO,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,IAAI,EAAE,MAAM,CAAA;SAAE,CAAC,CAAA;KAAE,CAAC;CACzG;AAED,wBAAsB,aAAa,IAAI,OAAO,CAAC,aAAa,CAAC,CA8G5D"}
@@ -0,0 +1,113 @@
1
+ /**
2
+ * ServerContext: replaces closure pattern in server.ts.
3
+ * Central state container for the AGA MCP Server.
4
+ */
5
+ import { generateKeyPair } from './crypto/sign.js';
6
+ import { sha256Str } from './crypto/hash.js';
7
+ import { Portal } from './core/portal.js';
8
+ import { BehavioralMonitor as BehavioralMonitorImpl } from './core/behavioral.js';
9
+ import { MemoryStorage } from './storage/memory.js';
10
+ import { createGenesisEvent, appendEvent } from './core/chain.js';
11
+ export async function createContext() {
12
+ const storage = new MemoryStorage();
13
+ await storage.initialize();
14
+ const issuerKP = generateKeyPair();
15
+ const portalKP = generateKeyPair();
16
+ const chainKP = generateKeyPair();
17
+ const portal = new Portal();
18
+ const behavioralMonitor = new BehavioralMonitorImpl();
19
+ const defaultEnforcement = {
20
+ measurement_cadence_ms: 1000,
21
+ ttl_seconds: 3600,
22
+ enforcement_triggers: ['QUARANTINE', 'TERMINATE'],
23
+ re_attestation_required: true,
24
+ measurement_types: ['FILE_SYSTEM_STATE', 'CONFIG_MANIFEST'],
25
+ };
26
+ const defaultClaims = {
27
+ claims_taxonomy: [
28
+ // Identity claims
29
+ { claim_id: 'identity.name', sensitivity: 'S3_HIGH', substitutes: ['identity.pseudonym', 'identity.org'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
30
+ { claim_id: 'identity.pseudonym', sensitivity: 'S2_MODERATE', substitutes: ['identity.org'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN'] },
31
+ { claim_id: 'identity.org', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
32
+ { claim_id: 'identity.age', sensitivity: 'S3_HIGH', substitutes: ['identity.age_range', 'identity.is_adult'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
33
+ { claim_id: 'identity.age_range', sensitivity: 'S2_MODERATE', substitutes: ['identity.is_adult'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
34
+ { claim_id: 'identity.is_adult', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_FULL'] },
35
+ // Vehicle claims (deployment-appropriate)
36
+ { claim_id: 'vehicle.exact_position', sensitivity: 'S4_CRITICAL', substitutes: ['vehicle.grid_square', 'vehicle.operational_area'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
37
+ { claim_id: 'vehicle.grid_square', sensitivity: 'S2_MODERATE', substitutes: ['vehicle.operational_area'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN'] },
38
+ { claim_id: 'vehicle.operational_area', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
39
+ // Plant/infrastructure claims
40
+ { claim_id: 'plant.reactor_id', sensitivity: 'S3_HIGH', substitutes: ['plant.facility_type'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
41
+ { claim_id: 'plant.facility_type', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
42
+ // Agent/model claims
43
+ { claim_id: 'agent.model_weights_hash', sensitivity: 'S4_CRITICAL', substitutes: ['agent.model_family', 'agent.model_generation'], inference_risks: [], permitted_modes: ['PROOF_ONLY'] },
44
+ { claim_id: 'agent.model_family', sensitivity: 'S2_MODERATE', substitutes: ['agent.model_generation'], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN'] },
45
+ { claim_id: 'agent.model_generation', sensitivity: 'S1_LOW', substitutes: [], inference_risks: [], permitted_modes: ['PROOF_ONLY', 'REVEAL_MIN', 'REVEAL_FULL'] },
46
+ ],
47
+ substitution_rules: [],
48
+ };
49
+ const claimValues = {
50
+ 'identity.name': 'Alice Johnson',
51
+ 'identity.pseudonym': 'AJ-7742',
52
+ 'identity.org': 'Attested Intelligence',
53
+ 'identity.age': 32,
54
+ 'identity.age_range': '25-34',
55
+ 'identity.is_adult': true,
56
+ 'vehicle.exact_position': '38.8977° N, 77.0365° W',
57
+ 'vehicle.grid_square': 'FM18lv',
58
+ 'vehicle.operational_area': 'National Capital Region',
59
+ 'plant.reactor_id': 'NRC-R-1234',
60
+ 'plant.facility_type': 'Nuclear Power Plant',
61
+ 'agent.model_weights_hash': 'a4f8c2e1b3d7094f6e2a8b1c5d9f3e7a',
62
+ 'agent.model_family': 'GPT-class LLM',
63
+ 'agent.model_generation': 'Generation 4',
64
+ };
65
+ const claimsTaxonomy = {
66
+ claims: defaultClaims.claims_taxonomy,
67
+ version: '1.0.0',
68
+ };
69
+ const ctx = {
70
+ issuerKP,
71
+ portalKP,
72
+ chainKP,
73
+ portal,
74
+ storage,
75
+ chainInitialized: false,
76
+ activeArtifact: null,
77
+ quarantine: null,
78
+ behavioralMonitor,
79
+ measurementCount: 0,
80
+ verificationTier: 'BRONZE',
81
+ startTime: new Date().toISOString(),
82
+ claimsTaxonomy,
83
+ delegations: [],
84
+ defaultEnforcement,
85
+ defaultClaims,
86
+ claimValues,
87
+ async appendToChain(type, payload) {
88
+ if (!ctx.chainInitialized) {
89
+ const genesis = createGenesisEvent(ctx.chainKP, sha256Str('AGA Protocol Specification v2.0.0'));
90
+ await ctx.storage.storeEvent(genesis);
91
+ ctx.chainInitialized = true;
92
+ ctx.portal.sequenceCounter = 0;
93
+ ctx.portal.lastLeafHash = genesis.leaf_hash;
94
+ }
95
+ const prev = await ctx.storage.getLatestEvent();
96
+ if (!prev)
97
+ throw new Error('Chain initialization failed');
98
+ const event = appendEvent(type, payload, prev, ctx.chainKP);
99
+ await ctx.storage.storeEvent(event);
100
+ ctx.portal.sequenceCounter = event.sequence_number;
101
+ ctx.portal.lastLeafHash = event.leaf_hash;
102
+ return event;
103
+ },
104
+ json(x) {
105
+ return { content: [{ type: 'text', text: JSON.stringify(x, null, 2) }] };
106
+ },
107
+ error(msg, extra) {
108
+ return { content: [{ type: 'text', text: JSON.stringify({ success: false, error: msg, ...extra }, null, 2) }] };
109
+ },
110
+ };
111
+ return ctx;
112
+ }
113
+ //# sourceMappingURL=context.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"context.js","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,eAAe,EAAW,MAAM,kBAAkB,CAAC;AAC5D,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AAC1C,OAAO,EAAE,iBAAiB,IAAI,qBAAqB,EAAE,MAAM,sBAAsB,CAAC;AAClF,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAiClE,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,MAAM,OAAO,GAAG,IAAI,aAAa,EAAE,CAAC;IACpC,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;IAE3B,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,MAAM,OAAO,GAAG,eAAe,EAAE,CAAC;IAClC,MAAM,MAAM,GAAG,IAAI,MAAM,EAAE,CAAC;IAC5B,MAAM,iBAAiB,GAAG,IAAI,qBAAqB,EAAE,CAAC;IAEtD,MAAM,kBAAkB,GAA2C;QACjE,sBAAsB,EAAE,IAAI;QAC5B,WAAW,EAAE,IAAI;QACjB,oBAAoB,EAAE,CAAC,YAAY,EAAE,WAAW,CAAC;QACjD,uBAAuB,EAAE,IAAI;QAC7B,iBAAiB,EAAE,CAAC,mBAAmB,EAAE,iBAAiB,CAAC;KAC5D,CAAC;IAEF,MAAM,aAAa,GAAqB;QACtC,eAAe,EAAE;YACf,kBAAkB;YAClB,EAAE,QAAQ,EAAE,eAAe,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,oBAAoB,EAAE,cAAc,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YAChK,EAAE,QAAQ,EAAE,oBAAoB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,cAAc,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC,EAAE;YACjK,EAAE,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YACvJ,EAAE,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,oBAAoB,EAAE,mBAAmB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YACpK,EAAE,QAAQ,EAAE,oBAAoB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,mBAAmB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YACrL,EAAE,QAAQ,EAAE,mBAAmB,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,aAAa,CAAC,EAAE;YAC9I,0CAA0C;YAC1C,EAAE,QAAQ,EAAE,wBAAwB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,qBAAqB,EAAE,0BAA0B,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YAC1L,EAAE,QAAQ,EAAE,qBAAqB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,0BAA0B,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC,EAAE;YAC9K,EAAE,QAAQ,EAAE,0BAA0B,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YACnK,8BAA8B;YAC9B,EAAE,QAAQ,EAAE,kBAAkB,EAAE,WAAW,EAAE,SAAS,EAAE,WAAW,EAAE,CAAC,qBAAqB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YACpJ,EAAE,QAAQ,EAAE,qBAAqB,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;YAC9J,qBAAqB;YACrB,EAAE,QAAQ,EAAE,0BAA0B,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,oBAAoB,EAAE,wBAAwB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,CAAC,EAAE;YACzL,EAAE,QAAQ,EAAE,oBAAoB,EAAE,WAAW,EAAE,aAAa,EAAE,WAAW,EAAE,CAAC,wBAAwB,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC,EAAE;YAC3K,EAAE,QAAQ,EAAE,wBAAwB,EAAE,WAAW,EAAE,QAAQ,EAAE,WAAW,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE,EAAE,eAAe,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,aAAa,CAAC,EAAE;SAClK;QACD,kBAAkB,EAAE,EAAE;KACvB,CAAC;IAEF,MAAM,WAAW,GAA4B;QAC3C,eAAe,EAAE,eAAe;QAChC,oBAAoB,EAAE,SAAS;QAC/B,cAAc,EAAE,uBAAuB;QACvC,cAAc,EAAE,EAAE;QAClB,oBAAoB,EAAE,OAAO;QAC7B,mBAAmB,EAAE,IAAI;QACzB,wBAAwB,EAAE,wBAAwB;QAClD,qBAAqB,EAAE,QAAQ;QAC/B,0BAA0B,EAAE,yBAAyB;QACrD,kBAAkB,EAAE,YAAY;QAChC,qBAAqB,EAAE,qBAAqB;QAC5C,0BAA0B,EAAE,kCAAkC;QAC9D,oBAAoB,EAAE,eAAe;QACrC,wBAAwB,EAAE,cAAc;KACzC,CAAC;IAEF,MAAM,cAAc,GAAmB;QACrC,MAAM,EAAE,aAAa,CAAC,eAAe;QACrC,OAAO,EAAE,OAAO;KACjB,CAAC;IAEF,MAAM,GAAG,GAAkB;QACzB,QAAQ;QACR,QAAQ;QACR,OAAO;QACP,MAAM;QACN,OAAO;QACP,gBAAgB,EAAE,KAAK;QACvB,cAAc,EAAE,IAAI;QACpB,UAAU,EAAE,IAAI;QAChB,iBAAiB;QACjB,gBAAgB,EAAE,CAAC;QACnB,gBAAgB,EAAE,QAAQ;QAC1B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,cAAc;QACd,WAAW,EAAE,EAAE;QACf,kBAAkB;QAClB,aAAa;QACb,WAAW;QAEX,KAAK,CAAC,aAAa,CAAC,IAAe,EAAE,OAAgB;YACnD,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC;gBAC1B,MAAM,OAAO,GAAG,kBAAkB,CAAC,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,mCAAmC,CAAC,CAAC,CAAC;gBAChG,MAAM,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;gBACtC,GAAG,CAAC,gBAAgB,GAAG,IAAI,CAAC;gBAC5B,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,CAAC,CAAC;gBAC/B,GAAG,CAAC,MAAM,CAAC,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC;YAC9C,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,OAAO,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,IAAI;gBAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;YAC1D,MAAM,KAAK,GAAG,WAAW,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5D,MAAM,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACpC,GAAG,CAAC,MAAM,CAAC,eAAe,GAAG,KAAK,CAAC,eAAe,CAAC;YACnD,GAAG,CAAC,MAAM,CAAC,YAAY,GAAG,KAAK,CAAC,SAAS,CAAC;YAC1C,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,CAAU;YACb,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QACpF,CAAC;QAED,KAAK,CAAC,GAAW,EAAE,KAA+B;YAChD,OAAO,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC;QAC3H,CAAC;KACF,CAAC;IAEF,OAAO,GAAG,CAAC;AACb,CAAC"}
@@ -0,0 +1,14 @@
1
+ /**
2
+ * Identity operations: key fingerprinting, validation, rotation.
3
+ */
4
+ import { keyFingerprint, isKeyValid } from '../crypto/keys.js';
5
+ import type { KeyPair } from '../types.js';
6
+ export { keyFingerprint, isKeyValid };
7
+ export interface KeyRotationResult {
8
+ newKeyPair: KeyPair;
9
+ newPublicKeyHex: string;
10
+ oldPublicKeyHex: string;
11
+ rotatedAt: string;
12
+ }
13
+ export declare function rotateKeys(oldKP: KeyPair): KeyRotationResult;
14
+ //# sourceMappingURL=identity.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../src/core/identity.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,cAAc,EAAE,UAAU,EAAiB,MAAM,mBAAmB,CAAC;AAE9E,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAE3C,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC;AAEtC,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,wBAAgB,UAAU,CAAC,KAAK,EAAE,OAAO,GAAG,iBAAiB,CAQ5D"}
@@ -0,0 +1,16 @@
1
+ /**
2
+ * Identity operations: key fingerprinting, validation, rotation.
3
+ */
4
+ import { keyFingerprint, isKeyValid, rotateKeyPair } from '../crypto/keys.js';
5
+ import { pkToHex } from '../crypto/sign.js';
6
+ export { keyFingerprint, isKeyValid };
7
+ export function rotateKeys(oldKP) {
8
+ const newKP = rotateKeyPair();
9
+ return {
10
+ newKeyPair: newKP,
11
+ newPublicKeyHex: pkToHex(newKP.publicKey),
12
+ oldPublicKeyHex: pkToHex(oldKP.publicKey),
13
+ rotatedAt: new Date().toISOString(),
14
+ };
15
+ }
16
+ //# sourceMappingURL=identity.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"identity.js","sourceRoot":"","sources":["../../src/core/identity.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAC9E,OAAO,EAAmB,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAG7D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC;AAStC,MAAM,UAAU,UAAU,CAAC,KAAc;IACvC,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;IAC9B,OAAO;QACL,UAAU,EAAE,KAAK;QACjB,eAAe,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC;QACzC,eAAe,EAAE,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC;QACzC,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC"}
@@ -9,4 +9,7 @@ export * from './quarantine.js';
9
9
  export * from './checkpoint.js';
10
10
  export * from './bundle.js';
11
11
  export * from './disclosure.js';
12
+ export * from './behavioral.js';
13
+ export * from './delegation.js';
14
+ export * from './identity.js';
12
15
  //# sourceMappingURL=index.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC"}
@@ -9,4 +9,7 @@ export * from './quarantine.js';
9
9
  export * from './checkpoint.js';
10
10
  export * from './bundle.js';
11
11
  export * from './disclosure.js';
12
+ export * from './behavioral.js';
13
+ export * from './delegation.js';
14
+ export * from './identity.js';
12
15
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/core/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,cAAc,CAAC;AAC7B,cAAc,kBAAkB,CAAC;AACjC,cAAc,eAAe,CAAC;AAC9B,cAAc,cAAc,CAAC;AAC7B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,aAAa,CAAC;AAC5B,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,iBAAiB,CAAC;AAChC,cAAc,eAAe,CAAC"}
@@ -0,0 +1,16 @@
1
+ import type { SubjectIdentifier, SubjectMetadata, HashHex } from '../types.js';
2
+ export interface MeasurementInput {
3
+ subjectBytes: Uint8Array;
4
+ metadata: SubjectMetadata;
5
+ }
6
+ export interface MeasurementOutput {
7
+ bytesHash: HashHex;
8
+ metadataHash: HashHex;
9
+ }
10
+ export declare function measureSubject(input: MeasurementInput): MeasurementOutput;
11
+ export declare function compareState(current: MeasurementOutput, expected: SubjectIdentifier): {
12
+ match: boolean;
13
+ bytesMatch: boolean;
14
+ metadataMatch: boolean;
15
+ };
16
+ //# sourceMappingURL=measurement.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"measurement.d.ts","sourceRoot":"","sources":["../../src/core/measurement.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,iBAAiB,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAE/E,MAAM,WAAW,gBAAgB;IAC/B,YAAY,EAAE,UAAU,CAAC;IACzB,QAAQ,EAAE,eAAe,CAAC;CAC3B;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,OAAO,CAAC;CACvB;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,gBAAgB,GAAG,iBAAiB,CAKzE;AAED,wBAAgB,YAAY,CAC1B,OAAO,EAAE,iBAAiB,EAC1B,QAAQ,EAAE,iBAAiB,GAC1B;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,UAAU,EAAE,OAAO,CAAC;IAAC,aAAa,EAAE,OAAO,CAAA;CAAE,CAIjE"}
@@ -0,0 +1,18 @@
1
+ /**
2
+ * Subject measurement: hash, compare, detect drift.
3
+ * Consolidates subject.ts + attestation.ts measurement logic.
4
+ */
5
+ import { sha256Bytes, sha256Str } from '../crypto/hash.js';
6
+ import { canonicalize } from '../utils/canonical.js';
7
+ export function measureSubject(input) {
8
+ return {
9
+ bytesHash: sha256Bytes(input.subjectBytes),
10
+ metadataHash: sha256Str(canonicalize(input.metadata)),
11
+ };
12
+ }
13
+ export function compareState(current, expected) {
14
+ const bytesMatch = current.bytesHash === expected.bytes_hash;
15
+ const metadataMatch = current.metadataHash === expected.metadata_hash;
16
+ return { match: bytesMatch && metadataMatch, bytesMatch, metadataMatch };
17
+ }
18
+ //# sourceMappingURL=measurement.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"measurement.js","sourceRoot":"","sources":["../../src/core/measurement.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAarD,MAAM,UAAU,cAAc,CAAC,KAAuB;IACpD,OAAO;QACL,SAAS,EAAE,WAAW,CAAC,KAAK,CAAC,YAAY,CAAC;QAC1C,YAAY,EAAE,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;KACtD,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,OAA0B,EAC1B,QAA2B;IAE3B,MAAM,UAAU,GAAG,OAAO,CAAC,SAAS,KAAK,QAAQ,CAAC,UAAU,CAAC;IAC7D,MAAM,aAAa,GAAG,OAAO,CAAC,YAAY,KAAK,QAAQ,CAAC,aAAa,CAAC;IACtE,OAAO,EAAE,KAAK,EAAE,UAAU,IAAI,aAAa,EAAE,UAAU,EAAE,aAAa,EAAE,CAAC;AAC3E,CAAC"}
@@ -21,7 +21,7 @@ export declare class Portal {
21
21
  };
22
22
  measure(subjectBytes: Uint8Array, meta: SubjectMetadata): MeasurementResult;
23
23
  enforce(action: EnforcementAction): void;
24
- revoke(sealedHash: string): void;
24
+ revoke(sealedHash: string, transitionTo?: 'TERMINATED' | 'SAFE_STATE'): void;
25
25
  isRevoked(sealedHash: string): boolean;
26
26
  reset(): void;
27
27
  }
@@ -1 +1 @@
1
- {"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClG,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,MAAM;IACjB,KAAK,EAAE,WAAW,CAAoB;IACtC,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAQ;IACvC,eAAe,SAAK;IACpB,YAAY,EAAE,OAAO,GAAG,IAAI,CAAQ;IACpC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,CAAa;IAErC,YAAY,CAAC,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,GAAG;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE;IAiB5F,OAAO,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,eAAe,GAAG,iBAAiB;IA4B3E,OAAO,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI;IAUxC,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;IAKhC,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAEtC,KAAK,IAAI,IAAI;CAId"}
1
+ {"version":3,"file":"portal.d.ts","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAClG,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAElD,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,OAAO,CAAC;IACf,gBAAgB,EAAE,OAAO,CAAC;IAC1B,eAAe,EAAE,OAAO,CAAC;IACzB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,MAAM,EAAE,OAAO,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,qBAAa,MAAM;IACjB,KAAK,EAAE,WAAW,CAAoB;IACtC,QAAQ,EAAE,cAAc,GAAG,IAAI,CAAQ;IACvC,eAAe,SAAK;IACpB,YAAY,EAAE,OAAO,GAAG,IAAI,CAAQ;IACpC,WAAW,EAAE,GAAG,CAAC,MAAM,CAAC,CAAa;IAErC,YAAY,CAAC,QAAQ,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,GAAG;QAAE,EAAE,EAAE,OAAO,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE;IAiB5F,OAAO,CAAC,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,eAAe,GAAG,iBAAiB;IA6B3E,OAAO,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI;IAWxC,MAAM,CAAC,UAAU,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,YAAY,GAAG,YAAY,GAAG,IAAI;IAO5E,SAAS,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAEtC,KAAK,IAAI,IAAI;CAId"}
@@ -1,5 +1,5 @@
1
1
  /**
2
- * Portal (Sentinel) Runtime Enforcement Boundary. Ref 150, 270-280.
2
+ * Portal (Sentinel) - Runtime Enforcement Boundary. Ref 150, 270-280.
3
3
  * V3: TTL + revocation checked every measurement. Fail-closed semantics.
4
4
  * Aligned with NCCoE filing Sections 3-4 and NIST-2025-0035.
5
5
  */
@@ -37,6 +37,8 @@ export class Portal {
37
37
  throw new Error('No artifact loaded');
38
38
  if (this.state === 'TERMINATED')
39
39
  throw new Error('Portal is terminated');
40
+ if (this.state === 'SAFE_STATE')
41
+ throw new Error('Portal is in safe state - artifact revoked');
40
42
  const empty = { currentBytesHash: '', currentMetaHash: '',
41
43
  expectedBytesHash: this.artifact.subject_identifier.bytes_hash,
42
44
  expectedMetaHash: this.artifact.subject_identifier.metadata_hash };
@@ -67,9 +69,11 @@ export class Portal {
67
69
  throw new Error(`Cannot enforce in state ${this.state}`);
68
70
  switch (action) {
69
71
  case 'TERMINATE':
70
- case 'SAFE_STATE':
71
72
  this.state = 'TERMINATED';
72
73
  break;
74
+ case 'SAFE_STATE':
75
+ this.state = 'SAFE_STATE';
76
+ break;
73
77
  case 'QUARANTINE':
74
78
  this.state = 'PHANTOM_QUARANTINE';
75
79
  break;
@@ -79,10 +83,11 @@ export class Portal {
79
83
  default: break;
80
84
  }
81
85
  }
82
- revoke(sealedHash) {
86
+ revoke(sealedHash, transitionTo) {
83
87
  this.revocations.add(sealedHash);
84
- if (this.artifact?.sealed_hash === sealedHash)
85
- this.state = 'TERMINATED';
88
+ if (this.artifact?.sealed_hash === sealedHash) {
89
+ this.state = transitionTo === 'SAFE_STATE' ? 'SAFE_STATE' : 'TERMINATED';
90
+ }
86
91
  }
87
92
  isRevoked(sealedHash) { return this.revocations.has(sealedHash); }
88
93
  reset() {
@@ -1 +1 @@
1
- {"version":3,"file":"portal.js","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAc1E,MAAM,OAAO,MAAM;IACjB,KAAK,GAAgB,gBAAgB,CAAC;IACtC,QAAQ,GAA0B,IAAI,CAAC;IACvC,eAAe,GAAG,CAAC,CAAC;IACpB,YAAY,GAAmB,IAAI,CAAC;IACpC,WAAW,GAAgB,IAAI,GAAG,EAAE,CAAC;IAErC,YAAY,CAAC,QAAwB,EAAE,WAAmB;QACxD,IAAI,CAAC,KAAK,GAAG,uBAAuB,CAAC;QACrC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC;QAC5C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,YAAY,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YAClF,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC;QAC1F,CAAC;QACD,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,EAAE,QAAQ,CAAC,mBAAmB,EAAE,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC3F,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;QAC9F,CAAC;QACD,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QACtF,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;QACjC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAED,OAAO,CAAC,YAAwB,EAAE,IAAqB;QACrD,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC1D,IAAI,IAAI,CAAC,KAAK,KAAK,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QACzE,MAAM,KAAK,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE;YACvD,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;QAErE,yBAAyB;QACzB,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC;QAC5G,IAAI,CAAC,MAAM,EAAE,CAAC;YAAC,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,KAAK,EAAE,CAAC;QAAC,CAAC;QAE7G,gCAAgC;QAChC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACpD,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,KAAK,EAAE,CAAC;QAC5F,CAAC;QAED,MAAM,gBAAgB,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAChE,eAAe,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QAEjF,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK,mBAAmB;YAAE,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAChF,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,eAAe;YAC/C,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa;YAChE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACnC,CAAC;IAED,OAAO,CAAC,MAAyB;QAC/B,IAAI,IAAI,CAAC,KAAK,KAAK,gBAAgB;YAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QAC9F,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,WAAW,CAAC;YAAC,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;gBAAC,MAAM;YACtE,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,oBAAoB,CAAC;gBAAC,MAAM;YAC5D,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;gBAAC,MAAM;YAC3D,OAAO,CAAC,CAAC,MAAM;QACjB,CAAC;IACH,CAAC;IAED,MAAM,CAAC,UAAkB;QACvB,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACjC,IAAI,IAAI,CAAC,QAAQ,EAAE,WAAW,KAAK,UAAU;YAAE,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;IAC3E,CAAC;IAED,SAAS,CAAC,UAAkB,IAAa,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAEnF,KAAK;QACH,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACpD,IAAI,CAAC,eAAe,GAAG,CAAC,CAAC;QAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IACrD,CAAC;CACF"}
1
+ {"version":3,"file":"portal.js","sourceRoot":"","sources":["../../src/core/portal.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAc1E,MAAM,OAAO,MAAM;IACjB,KAAK,GAAgB,gBAAgB,CAAC;IACtC,QAAQ,GAA0B,IAAI,CAAC;IACvC,eAAe,GAAG,CAAC,CAAC;IACpB,YAAY,GAAmB,IAAI,CAAC;IACpC,WAAW,GAAgB,IAAI,GAAG,EAAE,CAAC;IAErC,YAAY,CAAC,QAAwB,EAAE,WAAmB;QACxD,IAAI,CAAC,KAAK,GAAG,uBAAuB,CAAC;QACrC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE,GAAG,QAAQ,CAAC;QAC5C,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,YAAY,CAAC,QAAQ,CAAC,EAAE,OAAO,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;YAClF,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC;QAC1F,CAAC;QACD,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,EAAE,QAAQ,CAAC,mBAAmB,EAAE,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;YAC3F,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC;QAC9F,CAAC;QACD,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QACtF,CAAC;QACD,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;QACjC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC;IAED,OAAO,CAAC,YAAwB,EAAE,IAAqB;QACrD,IAAI,CAAC,IAAI,CAAC,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QAC1D,IAAI,IAAI,CAAC,KAAK,KAAK,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QACzE,IAAI,IAAI,CAAC,KAAK,KAAK,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;QAC/F,MAAM,KAAK,GAAG,EAAE,gBAAgB,EAAE,EAAE,EAAE,eAAe,EAAE,EAAE;YACvD,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,EAAE,CAAC;QAErE,yBAAyB;QACzB,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,WAAW,CAAC,CAAC;QAC5G,IAAI,CAAC,MAAM,EAAE,CAAC;YAAC,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,KAAK,EAAE,CAAC;QAAC,CAAC;QAE7G,gCAAgC;QAChC,IAAI,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACpD,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;YAAC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,KAAK,EAAE,CAAC;QAC5F,CAAC;QAED,MAAM,gBAAgB,GAAG,WAAW,CAAC,YAAY,CAAC,CAAC;QACnD,MAAM,eAAe,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,gBAAgB,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAChE,eAAe,KAAK,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa,CAAC;QAEjF,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,KAAK,KAAK,mBAAmB;YAAE,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAChF,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,eAAe;YAC/C,iBAAiB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,UAAU;YAC9D,gBAAgB,EAAE,IAAI,CAAC,QAAQ,CAAC,kBAAkB,CAAC,aAAa;YAChE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;IACnC,CAAC;IAED,OAAO,CAAC,MAAyB;QAC/B,IAAI,IAAI,CAAC,KAAK,KAAK,gBAAgB;YAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;QAC9F,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,WAAW;gBAAE,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;gBAAC,MAAM;YACnD,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,YAAY,CAAC;gBAAC,MAAM;YACpD,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,oBAAoB,CAAC;gBAAC,MAAM;YAC5D,KAAK,YAAY;gBAAE,IAAI,CAAC,KAAK,GAAG,mBAAmB,CAAC;gBAAC,MAAM;YAC3D,OAAO,CAAC,CAAC,MAAM;QACjB,CAAC;IACH,CAAC;IAED,MAAM,CAAC,UAAkB,EAAE,YAA0C;QACnE,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACjC,IAAI,IAAI,CAAC,QAAQ,EAAE,WAAW,KAAK,UAAU,EAAE,CAAC;YAC9C,IAAI,CAAC,KAAK,GAAG,YAAY,KAAK,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC;QAC3E,CAAC;IACH,CAAC;IAED,SAAS,CAAC,UAAkB,IAAa,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAEnF,KAAK;QACH,IAAI,CAAC,KAAK,GAAG,gBAAgB,CAAC;QAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACpD,IAAI,CAAC,eAAe,GAAG,CAAC,CAAC;QAAC,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;IACrD,CAAC;CACF"}
@@ -1,6 +1,5 @@
1
1
  /**
2
2
  * V3: Aligned with NIST-2025-0035 and NCCoE AI Agent Identity filings.
3
- * Every interface annotated with patent reference numeral.
4
3
  */
5
4
  import type { HashHex, SignatureBase64, SaltHex, MerkleInclusionProof } from '../crypto/types.js';
6
5
  export interface SubjectIdentifier {
@@ -79,7 +78,7 @@ export interface SignedReceipt {
79
78
  previous_leaf_hash: HashHex | null;
80
79
  portal_signature: SignatureBase64;
81
80
  }
82
- export type EventType = 'GENESIS' | 'POLICY_ISSUANCE' | 'INTERACTION_RECEIPT' | 'REVOCATION' | 'ATTESTATION' | 'ANCHOR_BATCH' | 'DISCLOSURE' | 'SUBSTITUTION' | 'KEY_ROTATION';
81
+ export type EventType = 'GENESIS' | 'POLICY_ISSUANCE' | 'INTERACTION_RECEIPT' | 'REVOCATION' | 'ATTESTATION' | 'ANCHOR_BATCH' | 'DISCLOSURE' | 'SUBSTITUTION' | 'KEY_ROTATION' | 'BEHAVIORAL_DRIFT' | 'DELEGATION' | 'RE_ATTESTATION';
83
82
  export interface GenesisPayload {
84
83
  protocol_version: string;
85
84
  taxonomy_version: string;
@@ -145,7 +144,7 @@ export interface SubstitutionReceipt {
145
144
  chain_sequence_ref: number;
146
145
  signature: SignatureBase64;
147
146
  }
148
- export type PortalState = 'INITIALIZATION' | 'ARTIFACT_VERIFICATION' | 'ACTIVE_MONITORING' | 'DRIFT_DETECTED' | 'PHANTOM_QUARANTINE' | 'TERMINATED';
147
+ export type PortalState = 'INITIALIZATION' | 'ARTIFACT_VERIFICATION' | 'ACTIVE_MONITORING' | 'DRIFT_DETECTED' | 'PHANTOM_QUARANTINE' | 'SAFE_STATE' | 'TERMINATED';
149
148
  export type VerificationTier = 'BRONZE' | 'SILVER' | 'GOLD';
150
149
  export interface RevocationRecord {
151
150
  artifact_sealed_hash: HashHex;
@@ -1 +1 @@
1
- {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAIlG,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAID,MAAM,MAAM,iBAAiB,GACzB,WAAW,GACX,YAAY,GACZ,iBAAiB,GACjB,YAAY,GACZ,YAAY,GACZ,kBAAkB,GAClB,qBAAqB,GACrB,YAAY,CAAC;AAEjB,MAAM,MAAM,eAAe,GACvB,kBAAkB,GAAG,gBAAgB,GAAG,iBAAiB,GACzD,iBAAiB,GAAI,MAAM,GAAa,WAAW,GACnD,gBAAgB,GAAK,cAAc,GAAK,mBAAmB,GAC3D,gBAAgB,CAAC;AAErB,MAAM,WAAW,iBAAiB;IAChC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,iBAAiB,EAAE,CAAC;IAC1C,uBAAuB,EAAE,OAAO,CAAC;IACjC,iBAAiB,EAAE,eAAe,EAAE,CAAC;CACtC;AAID,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,aAAa,CAAC;AAC/E,MAAM,MAAM,cAAc,GAAG,YAAY,GAAG,YAAY,GAAG,aAAa,CAAC;AAEzE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,EAAE,cAAc,EAAE,CAAC;CACnC;AAED,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,gBAAgB;IAC/B,eAAe,EAAE,WAAW,EAAE,CAAC;IAC/B,kBAAkB,EAAE,gBAAgB,EAAE,CAAC;CACxC;AAID,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAID,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,iBAAiB,CAAC;IAC1C,iBAAiB,EAAE,gBAAgB,CAAC;IACpC,oBAAoB,EAAE,wBAAwB,EAAE,CAAC;IACjD,SAAS,EAAE,eAAe,CAAC;CAC5B;AAMD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,kBAAkB,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC7C,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,MAAM,SAAS,GACjB,SAAS,GACT,iBAAiB,GACjB,qBAAqB,GACrB,YAAY,GACZ,aAAa,GACb,cAAc,GACd,YAAY,GACZ,cAAc,GACd,cAAc,CAAC;AAEnB,MAAM,WAAW,cAAc;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,MAAM,EAAE,SAAS,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,eAAe,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;CACpC;AAID,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,OAAO,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,cAAc,CAAC;IACzB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,aAAa,EAAE,oBAAoB,EAAE,CAAC;IACtC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,WAAW,iBAAiB;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,eAAe,CAAC;CAC5B;AAID,MAAM,MAAM,WAAW,GACnB,gBAAgB,GAChB,uBAAuB,GACvB,mBAAmB,GACnB,gBAAgB,GAChB,oBAAoB,GACpB,YAAY,CAAC;AAEjB,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;AAM5D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CAC5E"}
1
+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,oBAAoB,CAAC;AAIlG,MAAM,WAAW,iBAAiB;IAChC,UAAU,EAAE,OAAO,CAAC;IACpB,aAAa,EAAE,OAAO,CAAC;CACxB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AAID,MAAM,MAAM,iBAAiB,GACzB,WAAW,GACX,YAAY,GACZ,iBAAiB,GACjB,YAAY,GACZ,YAAY,GACZ,kBAAkB,GAClB,qBAAqB,GACrB,YAAY,CAAC;AAEjB,MAAM,MAAM,eAAe,GACvB,kBAAkB,GAAG,gBAAgB,GAAG,iBAAiB,GACzD,iBAAiB,GAAI,MAAM,GAAa,WAAW,GACnD,gBAAgB,GAAK,cAAc,GAAK,mBAAmB,GAC3D,gBAAgB,CAAC;AAErB,MAAM,WAAW,iBAAiB;IAChC,sBAAsB,EAAE,MAAM,CAAC;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,oBAAoB,EAAE,iBAAiB,EAAE,CAAC;IAC1C,uBAAuB,EAAE,OAAO,CAAC;IACjC,iBAAiB,EAAE,eAAe,EAAE,CAAC;CACtC;AAID,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,aAAa,GAAG,SAAS,GAAG,aAAa,CAAC;AAC/E,MAAM,MAAM,cAAc,GAAG,YAAY,GAAG,YAAY,GAAG,aAAa,CAAC;AAEzE,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,eAAe,EAAE,cAAc,EAAE,CAAC;CACnC;AAED,MAAM,WAAW,gBAAgB;IAC/B,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,CAAC;IAC5B,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACrC;AAED,MAAM,WAAW,gBAAgB;IAC/B,eAAe,EAAE,WAAW,EAAE,CAAC;IAC/B,kBAAkB,EAAE,gBAAgB,EAAE,CAAC;CACxC;AAID,MAAM,WAAW,wBAAwB;IACvC,UAAU,EAAE,OAAO,CAAC;IACpB,IAAI,EAAE,OAAO,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AAID,MAAM,WAAW,cAAc;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,gBAAgB,EAAE,OAAO,CAAC;IAC1B,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,OAAO,CAAC;IACrB,SAAS,EAAE,OAAO,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,iBAAiB,EAAE,MAAM,CAAC;IAC1B,sBAAsB,EAAE,iBAAiB,CAAC;IAC1C,iBAAiB,EAAE,gBAAgB,CAAC;IACpC,oBAAoB,EAAE,wBAAwB,EAAE,CAAC;IACjD,SAAS,EAAE,eAAe,CAAC;CAC5B;AAMD,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,kBAAkB,EAAE,iBAAiB,CAAC;IACtC,kBAAkB,EAAE,OAAO,CAAC;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,kBAAkB,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAC7C,gBAAgB,EAAE,MAAM,CAAC;IACzB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,MAAM,SAAS,GACjB,SAAS,GACT,iBAAiB,GACjB,qBAAqB,GACrB,YAAY,GACZ,aAAa,GACb,cAAc,GACd,YAAY,GACZ,cAAc,GACd,cAAc,GACd,kBAAkB,GAClB,YAAY,GACZ,gBAAgB,CAAC;AAErB,MAAM,WAAW,cAAc;IAC7B,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,gBAAgB,EAAE,MAAM,CAAC;IACzB,kBAAkB,EAAE,OAAO,CAAC;IAC5B,MAAM,EAAE,SAAS,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;IACnC,SAAS,EAAE,OAAO,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,OAAO,CAAC;IACtB,eAAe,EAAE,eAAe,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,cAAc,EAAE,MAAM,CAAC;IACvB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,SAAS,CAAC;IACtB,QAAQ,EAAE,MAAM,CAAC;IACjB,eAAe,EAAE,MAAM,CAAC;IACxB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;CACpC;AAID,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,OAAO,CAAC;IACrB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,cAAc,EAAE,MAAM,CAAC;IACvB,cAAc,EAAE,MAAM,CAAC;IACvB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;CACpB;AAID,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,cAAc,CAAC;IACzB,QAAQ,EAAE,aAAa,EAAE,CAAC;IAC1B,aAAa,EAAE,oBAAoB,EAAE,CAAC;IACtC,oBAAoB,EAAE,mBAAmB,CAAC;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,eAAe,CAAC;CACnC;AAID,MAAM,WAAW,iBAAiB;IAChC,kBAAkB,EAAE,MAAM,CAAC;IAC3B,YAAY,EAAE,MAAM,CAAC;IACrB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,SAAS,EAAE,eAAe,CAAC;CAC5B;AAID,MAAM,MAAM,WAAW,GACnB,gBAAgB,GAChB,uBAAuB,GACvB,mBAAmB,GACnB,gBAAgB,GAChB,oBAAoB,GACpB,YAAY,GACZ,YAAY,CAAC;AAEjB,MAAM,MAAM,gBAAgB,GAAG,QAAQ,GAAG,QAAQ,GAAG,MAAM,CAAC;AAM5D,MAAM,WAAW,gBAAgB;IAC/B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAID,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,OAAO,CAAC;IAChB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;IACxB,eAAe,EAAE,OAAO,CAAC;IACzB,eAAe,EAAE,KAAK,CAAC;QAAE,SAAS,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CAC5E"}
@@ -0,0 +1,7 @@
1
+ /**
2
+ * Deterministic JSON serialization (RFC 8785 aligned).
3
+ * Moved from src/utils/canonical.ts for directive structure alignment.
4
+ */
5
+ export declare function deepSortKeys(obj: unknown): unknown;
6
+ export declare function canonicalize(obj: unknown): string;
7
+ //# sourceMappingURL=canonicalize.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"canonicalize.d.ts","sourceRoot":"","sources":["../../src/crypto/canonicalize.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CASlD;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CAEjD"}
@@ -0,0 +1,21 @@
1
+ /**
2
+ * Deterministic JSON serialization (RFC 8785 aligned).
3
+ * Moved from src/utils/canonical.ts for directive structure alignment.
4
+ */
5
+ export function deepSortKeys(obj) {
6
+ if (obj === null || obj === undefined || typeof obj !== 'object')
7
+ return obj;
8
+ if (Array.isArray(obj))
9
+ return obj.map(deepSortKeys);
10
+ if (obj instanceof Uint8Array)
11
+ return obj;
12
+ const sorted = {};
13
+ for (const key of Object.keys(obj).sort()) {
14
+ sorted[key] = deepSortKeys(obj[key]);
15
+ }
16
+ return sorted;
17
+ }
18
+ export function canonicalize(obj) {
19
+ return JSON.stringify(deepSortKeys(obj));
20
+ }
21
+ //# sourceMappingURL=canonicalize.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"canonicalize.js","sourceRoot":"","sources":["../../src/crypto/canonicalize.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,GAAY;IACvC,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,OAAO,GAAG,CAAC;IAC7E,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;IACrD,IAAI,GAAG,YAAY,UAAU;QAAE,OAAO,GAAG,CAAC;IAC1C,MAAM,MAAM,GAA4B,EAAE,CAAC;IAC3C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAA8B,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QACrE,MAAM,CAAC,GAAG,CAAC,GAAG,YAAY,CAAE,GAA+B,CAAC,GAAG,CAAC,CAAC,CAAC;IACpE,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,GAAY;IACvC,OAAO,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3C,CAAC"}
@@ -2,7 +2,7 @@ import type { HashHex } from './types.js';
2
2
  export declare function sha256Bytes(data: Uint8Array): HashHex;
3
3
  export declare function sha256Str(data: string): HashHex;
4
4
  export declare function blake2b256(data: Uint8Array): HashHex;
5
- /** Concatenate inputs (NO delimiter) and SHA-256. Patent Section D: "no delimiters." */
5
+ /** Concatenate inputs (NO delimiter) and SHA-256. No delimiters per protocol spec. */
6
6
  export declare function sha256Cat(...parts: (Uint8Array | string)[]): HashHex;
7
7
  /** Concatenate hex strings as text (no decode) and hash. For sealed_hash computation. */
8
8
  export declare function sha256HexCat(...hexes: string[]): HashHex;