@attested-intelligence/aga-mcp-server 0.1.1 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +106 -24
- package/dist/context.d.ts +39 -0
- package/dist/context.d.ts.map +1 -0
- package/dist/context.js +113 -0
- package/dist/context.js.map +1 -0
- package/dist/core/identity.d.ts +14 -0
- package/dist/core/identity.d.ts.map +1 -0
- package/dist/core/identity.js +16 -0
- package/dist/core/identity.js.map +1 -0
- package/dist/core/index.d.ts +3 -0
- package/dist/core/index.d.ts.map +1 -1
- package/dist/core/index.js +3 -0
- package/dist/core/index.js.map +1 -1
- package/dist/core/measurement.d.ts +16 -0
- package/dist/core/measurement.d.ts.map +1 -0
- package/dist/core/measurement.js +18 -0
- package/dist/core/measurement.js.map +1 -0
- package/dist/core/portal.d.ts +1 -1
- package/dist/core/portal.d.ts.map +1 -1
- package/dist/core/portal.js +10 -5
- package/dist/core/portal.js.map +1 -1
- package/dist/core/types.d.ts +2 -3
- package/dist/core/types.d.ts.map +1 -1
- package/dist/crypto/canonicalize.d.ts +7 -0
- package/dist/crypto/canonicalize.d.ts.map +1 -0
- package/dist/crypto/canonicalize.js +21 -0
- package/dist/crypto/canonicalize.js.map +1 -0
- package/dist/crypto/hash.d.ts +1 -1
- package/dist/crypto/hash.d.ts.map +1 -1
- package/dist/crypto/hash.js +1 -1
- package/dist/crypto/hash.js.map +1 -1
- package/dist/crypto/index.d.ts +6 -5
- package/dist/crypto/index.d.ts.map +1 -1
- package/dist/crypto/index.js +6 -5
- package/dist/crypto/index.js.map +1 -1
- package/dist/crypto/keys.d.ts +10 -0
- package/dist/crypto/keys.d.ts.map +1 -0
- package/dist/crypto/keys.js +19 -0
- package/dist/crypto/keys.js.map +1 -0
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/middleware/governance.d.ts +1 -7
- package/dist/middleware/governance.d.ts.map +1 -1
- package/dist/middleware/governance.js +11 -18
- package/dist/middleware/governance.js.map +1 -1
- package/dist/prompts/drift-analysis.d.ts +13 -0
- package/dist/prompts/drift-analysis.d.ts.map +1 -0
- package/dist/prompts/drift-analysis.js +43 -0
- package/dist/prompts/drift-analysis.js.map +1 -0
- package/dist/prompts/governance-report.d.ts +7 -0
- package/dist/prompts/governance-report.d.ts.map +1 -0
- package/dist/prompts/governance-report.js +26 -0
- package/dist/prompts/governance-report.js.map +1 -0
- package/dist/prompts/nccoe-demo.d.ts +14 -0
- package/dist/prompts/nccoe-demo.d.ts.map +1 -0
- package/dist/prompts/nccoe-demo.js +47 -0
- package/dist/prompts/nccoe-demo.js.map +1 -0
- package/dist/resources/cosai-mapping.d.ts +24 -0
- package/dist/resources/cosai-mapping.d.ts.map +1 -0
- package/dist/resources/cosai-mapping.js +127 -0
- package/dist/resources/cosai-mapping.js.map +1 -0
- package/dist/resources/crypto-primitives.d.ts +3 -0
- package/dist/resources/crypto-primitives.d.ts.map +1 -0
- package/dist/resources/crypto-primitives.js +52 -0
- package/dist/resources/crypto-primitives.js.map +1 -0
- package/dist/resources/sample-bundle.d.ts +6 -0
- package/dist/resources/sample-bundle.d.ts.map +1 -0
- package/dist/resources/sample-bundle.js +58 -0
- package/dist/resources/sample-bundle.js.map +1 -0
- package/dist/resources/specification.d.ts +3 -0
- package/dist/resources/specification.d.ts.map +1 -0
- package/dist/resources/specification.js +161 -0
- package/dist/resources/specification.js.map +1 -0
- package/dist/server.d.ts +3 -7
- package/dist/server.d.ts.map +1 -1
- package/dist/server.js +214 -343
- package/dist/server.js.map +1 -1
- package/dist/storage/sqlite.js +1 -1
- package/dist/tools/create-artifact.d.ts +25 -0
- package/dist/tools/create-artifact.d.ts.map +1 -0
- package/dist/tools/create-artifact.js +85 -0
- package/dist/tools/create-artifact.js.map +1 -0
- package/dist/tools/delegate-subagent.d.ts +18 -0
- package/dist/tools/delegate-subagent.d.ts.map +1 -0
- package/dist/tools/delegate-subagent.js +50 -0
- package/dist/tools/delegate-subagent.js.map +1 -0
- package/dist/tools/disclose-claim.d.ts +14 -0
- package/dist/tools/disclose-claim.d.ts.map +1 -0
- package/dist/tools/disclose-claim.js +23 -0
- package/dist/tools/disclose-claim.js.map +1 -0
- package/dist/tools/export-bundle.d.ts +8 -0
- package/dist/tools/export-bundle.d.ts.map +1 -0
- package/dist/tools/export-bundle.js +25 -0
- package/dist/tools/export-bundle.js.map +1 -0
- package/dist/tools/full-lifecycle.d.ts +16 -0
- package/dist/tools/full-lifecycle.d.ts.map +1 -0
- package/dist/tools/full-lifecycle.js +121 -0
- package/dist/tools/full-lifecycle.js.map +1 -0
- package/dist/tools/generate-receipt.d.ts +16 -0
- package/dist/tools/generate-receipt.d.ts.map +1 -0
- package/dist/tools/generate-receipt.js +31 -0
- package/dist/tools/generate-receipt.js.map +1 -0
- package/dist/tools/get-chain.d.ts +14 -0
- package/dist/tools/get-chain.d.ts.map +1 -0
- package/dist/tools/get-chain.js +45 -0
- package/dist/tools/get-chain.js.map +1 -0
- package/dist/tools/get-portal-state.d.ts +8 -0
- package/dist/tools/get-portal-state.d.ts.map +1 -0
- package/dist/tools/get-portal-state.js +15 -0
- package/dist/tools/get-portal-state.js.map +1 -0
- package/dist/tools/init-chain.d.ts +10 -0
- package/dist/tools/init-chain.d.ts.map +1 -0
- package/dist/tools/init-chain.js +13 -0
- package/dist/tools/init-chain.js.map +1 -0
- package/dist/tools/measure-behavior.d.ts +12 -0
- package/dist/tools/measure-behavior.d.ts.map +1 -0
- package/dist/tools/measure-behavior.js +29 -0
- package/dist/tools/measure-behavior.js.map +1 -0
- package/dist/tools/measure-subject.d.ts +15 -0
- package/dist/tools/measure-subject.d.ts.map +1 -0
- package/dist/tools/measure-subject.js +106 -0
- package/dist/tools/measure-subject.js.map +1 -0
- package/dist/tools/quarantine-status.d.ts +8 -0
- package/dist/tools/quarantine-status.d.ts.map +1 -0
- package/dist/tools/quarantine-status.js +16 -0
- package/dist/tools/quarantine-status.js.map +1 -0
- package/dist/tools/revoke-artifact.d.ts +13 -0
- package/dist/tools/revoke-artifact.d.ts.map +1 -0
- package/dist/tools/revoke-artifact.js +24 -0
- package/dist/tools/revoke-artifact.js.map +1 -0
- package/dist/tools/rotate-keys.d.ts +13 -0
- package/dist/tools/rotate-keys.d.ts.map +1 -0
- package/dist/tools/rotate-keys.js +39 -0
- package/dist/tools/rotate-keys.js.map +1 -0
- package/dist/tools/server-info.d.ts +8 -0
- package/dist/tools/server-info.d.ts.map +1 -0
- package/dist/tools/server-info.js +23 -0
- package/dist/tools/server-info.js.map +1 -0
- package/dist/tools/set-verification-tier.d.ts +11 -0
- package/dist/tools/set-verification-tier.d.ts.map +1 -0
- package/dist/tools/set-verification-tier.js +31 -0
- package/dist/tools/set-verification-tier.js.map +1 -0
- package/dist/tools/start-monitoring.d.ts +12 -0
- package/dist/tools/start-monitoring.d.ts.map +1 -0
- package/dist/tools/start-monitoring.js +17 -0
- package/dist/tools/start-monitoring.js.map +1 -0
- package/dist/tools/trigger-measurement.d.ts +15 -0
- package/dist/tools/trigger-measurement.d.ts.map +1 -0
- package/dist/tools/trigger-measurement.js +86 -0
- package/dist/tools/trigger-measurement.js.map +1 -0
- package/dist/tools/verify-artifact.d.ts +13 -0
- package/dist/tools/verify-artifact.d.ts.map +1 -0
- package/dist/tools/verify-artifact.js +6 -0
- package/dist/tools/verify-artifact.js.map +1 -0
- package/dist/tools/verify-bundle.d.ts +13 -0
- package/dist/tools/verify-bundle.d.ts.map +1 -0
- package/dist/tools/verify-bundle.js +6 -0
- package/dist/tools/verify-bundle.js.map +1 -0
- package/dist/types.d.ts +261 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +8 -0
- package/dist/types.js.map +1 -0
- package/package.json +18 -3
- package/AGA_MCP_SERVER_SPEC.md +0 -632
- package/src/core/artifact.ts +0 -45
- package/src/core/attestation.ts +0 -33
- package/src/core/behavioral.ts +0 -132
- package/src/core/bundle.ts +0 -31
- package/src/core/chain.ts +0 -72
- package/src/core/checkpoint.ts +0 -22
- package/src/core/delegation.ts +0 -146
- package/src/core/disclosure.ts +0 -32
- package/src/core/index.ts +0 -11
- package/src/core/portal.ts +0 -96
- package/src/core/quarantine.ts +0 -16
- package/src/core/receipt.ts +0 -33
- package/src/core/subject.ts +0 -11
- package/src/core/types.ts +0 -244
- package/src/crypto/hash.ts +0 -33
- package/src/crypto/index.ts +0 -5
- package/src/crypto/merkle.ts +0 -43
- package/src/crypto/salt.ts +0 -18
- package/src/crypto/sign.ts +0 -35
- package/src/crypto/types.ts +0 -19
- package/src/index.ts +0 -12
- package/src/middleware/governance.ts +0 -95
- package/src/middleware/index.ts +0 -1
- package/src/server.ts +0 -436
- package/src/storage/index.ts +0 -3
- package/src/storage/interface.ts +0 -21
- package/src/storage/memory.ts +0 -27
- package/src/storage/sqlite.ts +0 -45
- package/src/tools/README.md +0 -13
- package/src/utils/canonical.ts +0 -14
- package/src/utils/constants.ts +0 -3
- package/src/utils/timestamp.ts +0 -12
- package/src/utils/uuid.ts +0 -2
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hash.d.ts","sourceRoot":"","sources":["../../src/crypto/hash.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAI1C,wBAAgB,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAErD;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE/C;AAED,wBAAgB,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAEpD;AAED,
|
|
1
|
+
{"version":3,"file":"hash.d.ts","sourceRoot":"","sources":["../../src/crypto/hash.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAI1C,wBAAgB,WAAW,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAErD;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAE/C;AAED,wBAAgB,UAAU,CAAC,IAAI,EAAE,UAAU,GAAG,OAAO,CAEpD;AAED,sFAAsF;AACtF,wBAAgB,SAAS,CAAC,GAAG,KAAK,EAAE,CAAC,UAAU,GAAG,MAAM,CAAC,EAAE,GAAG,OAAO,CAOpE;AAED,yFAAyF;AACzF,wBAAgB,YAAY,CAAC,GAAG,KAAK,EAAE,MAAM,EAAE,GAAG,OAAO,CAExD"}
|
package/dist/crypto/hash.js
CHANGED
|
@@ -11,7 +11,7 @@ export function sha256Str(data) {
|
|
|
11
11
|
export function blake2b256(data) {
|
|
12
12
|
return bytesToHex(blake2b(data, { dkLen: 32 }));
|
|
13
13
|
}
|
|
14
|
-
/** Concatenate inputs (NO delimiter) and SHA-256.
|
|
14
|
+
/** Concatenate inputs (NO delimiter) and SHA-256. No delimiters per protocol spec. */
|
|
15
15
|
export function sha256Cat(...parts) {
|
|
16
16
|
const bufs = parts.map(p => typeof p === 'string' ? enc.encode(p) : p);
|
|
17
17
|
const total = bufs.reduce((n, b) => n + b.length, 0);
|
package/dist/crypto/hash.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hash.js","sourceRoot":"","sources":["../../src/crypto/hash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;AAE9B,MAAM,UAAU,WAAW,CAAC,IAAgB;IAC1C,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,IAAY;IACpC,OAAO,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAgB;IACzC,OAAO,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;AAClD,CAAC;AAED,
|
|
1
|
+
{"version":3,"file":"hash.js","sourceRoot":"","sources":["../../src/crypto/hash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAGjD,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC;AAE9B,MAAM,UAAU,WAAW,CAAC,IAAgB;IAC1C,OAAO,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AAClC,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,IAAY;IACpC,OAAO,WAAW,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,IAAgB;IACzC,OAAO,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;AAClD,CAAC;AAED,sFAAsF;AACtF,MAAM,UAAU,SAAS,CAAC,GAAG,KAA8B;IACzD,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvE,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACrD,MAAM,QAAQ,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QAAC,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;IAAC,CAAC;IAChE,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;AAC/B,CAAC;AAED,yFAAyF;AACzF,MAAM,UAAU,YAAY,CAAC,GAAG,KAAe;IAC7C,OAAO,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;AACnC,CAAC"}
|
package/dist/crypto/index.d.ts
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
export
|
|
2
|
-
export
|
|
3
|
-
export
|
|
4
|
-
export
|
|
5
|
-
export
|
|
1
|
+
export { sha256Bytes, sha256Str, blake2b256, sha256Cat, sha256HexCat } from './hash.js';
|
|
2
|
+
export { generateKeyPair, sign, signStr, verify, verifyStr, sigToB64, b64ToSig, pkToHex, hexToPk } from './sign.js';
|
|
3
|
+
export { generateSalt, saltedCommitment, verifySaltedCommitment } from './salt.js';
|
|
4
|
+
export { buildMerkleTree, inclusionProof, verifyProof } from './merkle.js';
|
|
5
|
+
export { canonicalize, deepSortKeys } from './canonicalize.js';
|
|
6
|
+
export { keyFingerprint, isKeyValid, rotateKeyPair } from './keys.js';
|
|
6
7
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACxF,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpH,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AACnF,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC"}
|
package/dist/crypto/index.js
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
|
-
export
|
|
2
|
-
export
|
|
3
|
-
export
|
|
4
|
-
export
|
|
5
|
-
export
|
|
1
|
+
export { sha256Bytes, sha256Str, blake2b256, sha256Cat, sha256HexCat } from './hash.js';
|
|
2
|
+
export { generateKeyPair, sign, signStr, verify, verifyStr, sigToB64, b64ToSig, pkToHex, hexToPk } from './sign.js';
|
|
3
|
+
export { generateSalt, saltedCommitment, verifySaltedCommitment } from './salt.js';
|
|
4
|
+
export { buildMerkleTree, inclusionProof, verifyProof } from './merkle.js';
|
|
5
|
+
export { canonicalize, deepSortKeys } from './canonicalize.js';
|
|
6
|
+
export { keyFingerprint, isKeyValid, rotateKeyPair } from './keys.js';
|
|
6
7
|
//# sourceMappingURL=index.js.map
|
package/dist/crypto/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/crypto/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACxF,OAAO,EAAE,eAAe,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpH,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,MAAM,WAAW,CAAC;AACnF,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { pkToHex, hexToPk } from './sign.js';
|
|
2
|
+
import type { KeyPair } from '../types.js';
|
|
3
|
+
/** SHA-256 fingerprint of a public key (first 16 hex chars). */
|
|
4
|
+
export declare function keyFingerprint(pk: Uint8Array): string;
|
|
5
|
+
/** Check if a hex-encoded public key is valid (64 hex chars for Ed25519). */
|
|
6
|
+
export declare function isKeyValid(hexKey: string): boolean;
|
|
7
|
+
/** Rotate a keypair - returns new keypair. Old keypair should be revoked. */
|
|
8
|
+
export declare function rotateKeyPair(): KeyPair;
|
|
9
|
+
export { pkToHex, hexToPk };
|
|
10
|
+
//# sourceMappingURL=keys.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"keys.d.ts","sourceRoot":"","sources":["../../src/crypto/keys.ts"],"names":[],"mappings":"AAIA,OAAO,EAAmB,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAC9D,OAAO,KAAK,EAAE,OAAO,EAAW,MAAM,aAAa,CAAC;AAEpD,gEAAgE;AAChE,wBAAgB,cAAc,CAAC,EAAE,EAAE,UAAU,GAAG,MAAM,CAErD;AAED,6EAA6E;AAC7E,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAElD;AAED,6EAA6E;AAC7E,wBAAgB,aAAa,IAAI,OAAO,CAEvC;AAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Key utilities: fingerprints, hex encoding, validation.
|
|
3
|
+
*/
|
|
4
|
+
import { sha256Str } from './hash.js';
|
|
5
|
+
import { generateKeyPair, pkToHex, hexToPk } from './sign.js';
|
|
6
|
+
/** SHA-256 fingerprint of a public key (first 16 hex chars). */
|
|
7
|
+
export function keyFingerprint(pk) {
|
|
8
|
+
return sha256Str(pkToHex(pk)).slice(0, 16);
|
|
9
|
+
}
|
|
10
|
+
/** Check if a hex-encoded public key is valid (64 hex chars for Ed25519). */
|
|
11
|
+
export function isKeyValid(hexKey) {
|
|
12
|
+
return /^[0-9a-f]{64}$/.test(hexKey);
|
|
13
|
+
}
|
|
14
|
+
/** Rotate a keypair - returns new keypair. Old keypair should be revoked. */
|
|
15
|
+
export function rotateKeyPair() {
|
|
16
|
+
return generateKeyPair();
|
|
17
|
+
}
|
|
18
|
+
export { pkToHex, hexToPk };
|
|
19
|
+
//# sourceMappingURL=keys.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"keys.js","sourceRoot":"","sources":["../../src/crypto/keys.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AACtC,OAAO,EAAE,eAAe,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAG9D,gEAAgE;AAChE,MAAM,UAAU,cAAc,CAAC,EAAc;IAC3C,OAAO,SAAS,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC7C,CAAC;AAED,6EAA6E;AAC7E,MAAM,UAAU,UAAU,CAAC,MAAc;IACvC,OAAO,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACvC,CAAC;AAED,6EAA6E;AAC7E,MAAM,UAAU,aAAa;IAC3B,OAAO,eAAe,EAAE,CAAC;AAC3B,CAAC;AAED,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -5,7 +5,7 @@ async function main() {
|
|
|
5
5
|
const server = await createAGAServer();
|
|
6
6
|
const transport = new StdioServerTransport();
|
|
7
7
|
await server.connect(transport);
|
|
8
|
-
console.error('AGA MCP Server running on stdio');
|
|
8
|
+
console.error('AGA MCP Server v2.0.0 running on stdio');
|
|
9
9
|
}
|
|
10
10
|
main().catch(e => { console.error('Fatal:', e); process.exit(1); });
|
|
11
11
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;IACvC,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,wCAAwC,CAAC,CAAC;AAC1D,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC"}
|
|
@@ -1,15 +1,9 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Governance Middleware
|
|
2
|
+
* Governance Middleware: wraps every MCP tool handler.
|
|
3
3
|
*
|
|
4
4
|
* NCCoE filing Section 4: "The portal operates as a Policy Enforcement Point (PEP)...
|
|
5
5
|
* Every tool invocation, API call, actuator command, and data access passes through
|
|
6
6
|
* the portal, which evaluates it against the sealed artifact's enforcement parameters."
|
|
7
|
-
*
|
|
8
|
-
* Behavior:
|
|
9
|
-
* - TERMINATED state → reject all governed tools
|
|
10
|
-
* - PHANTOM_QUARANTINE → capture tool call as forensic input, reject
|
|
11
|
-
* - ACTIVE_MONITORING → allow, log to chain
|
|
12
|
-
* - Ungoverned tools (get_server_info, get_portal_state, list_claims) → always allow
|
|
13
7
|
*/
|
|
14
8
|
import type { Portal } from '../core/portal.js';
|
|
15
9
|
import type { QuarantineState } from '../core/types.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"governance.d.ts","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"governance.d.ts","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExD,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAI/D,MAAM,MAAM,UAAU,GAAG;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAAE,CAAC;AAC5E,MAAM,MAAM,WAAW,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,OAAO,CAAC,UAAU,CAAC,CAAC;AAYpE,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,MAAM,EACd,UAAU,EAAE;IAAE,OAAO,EAAE,eAAe,GAAG,IAAI,CAAA;CAAE,EAC/C,QAAQ,EAAE,MAAM,EAChB,iBAAiB,CAAC,EAAE,iBAAiB,IAIT,CAAC,EAAE,SAAS,WAAW,CAAC,CAAC,CAAC,KAAG,WAAW,CAAC,CAAC,CAAC,CA8CxE"}
|
|
@@ -2,14 +2,13 @@ import { captureInput } from '../core/quarantine.js';
|
|
|
2
2
|
import { sha256Str } from '../crypto/hash.js';
|
|
3
3
|
import { canonicalize } from '../utils/canonical.js';
|
|
4
4
|
const UNGOVERNED_TOOLS = new Set([
|
|
5
|
-
|
|
6
|
-
'get_portal_state',
|
|
7
|
-
'
|
|
8
|
-
|
|
9
|
-
'
|
|
10
|
-
'
|
|
11
|
-
'
|
|
12
|
-
'verify_chain', // read-only verification
|
|
5
|
+
// V1 names (backward compat)
|
|
6
|
+
'get_server_info', 'get_portal_state', 'get_receipts', 'get_chain_events',
|
|
7
|
+
'list_claims', 'init_chain', 'attest_subject', 'verify_chain',
|
|
8
|
+
// V2 names
|
|
9
|
+
'aga_server_info', 'aga_get_portal_state', 'aga_init_chain', 'aga_create_artifact',
|
|
10
|
+
'aga_verify_artifact', 'aga_verify_bundle', 'aga_get_chain', 'aga_quarantine_status',
|
|
11
|
+
'aga_set_verification_tier', 'aga_demonstrate_lifecycle', 'aga_measure_behavior',
|
|
13
12
|
]);
|
|
14
13
|
export function createGovernanceWrapper(portal, quarantine, toolName, behavioralMonitor) {
|
|
15
14
|
const isGoverned = !UNGOVERNED_TOOLS.has(toolName);
|
|
@@ -20,21 +19,17 @@ export function createGovernanceWrapper(portal, quarantine, toolName, behavioral
|
|
|
20
19
|
const j = (x) => ({
|
|
21
20
|
content: [{ type: 'text', text: JSON.stringify(x, null, 2) }]
|
|
22
21
|
});
|
|
23
|
-
|
|
24
|
-
if (portal.state === 'TERMINATED') {
|
|
22
|
+
if (portal.state === 'TERMINATED' || portal.state === 'SAFE_STATE') {
|
|
25
23
|
return j({
|
|
26
24
|
success: false,
|
|
27
|
-
error:
|
|
25
|
+
error: `GOVERNANCE_BLOCKED: Portal is ${portal.state.toLowerCase()}. Agent governance has been revoked. Re-attestation required.`,
|
|
28
26
|
portal_state: portal.state,
|
|
29
27
|
tool: toolName,
|
|
30
28
|
});
|
|
31
29
|
}
|
|
32
|
-
// PHANTOM_QUARANTINE → capture as forensic input, reject
|
|
33
30
|
if (portal.state === 'PHANTOM_QUARANTINE' && quarantine.current?.active) {
|
|
34
31
|
captureInput(quarantine.current, `tool_call:${toolName}`, {
|
|
35
|
-
tool: toolName,
|
|
36
|
-
args,
|
|
37
|
-
timestamp: new Date().toISOString(),
|
|
32
|
+
tool: toolName, args, timestamp: new Date().toISOString(),
|
|
38
33
|
});
|
|
39
34
|
return j({
|
|
40
35
|
success: false,
|
|
@@ -44,16 +39,14 @@ export function createGovernanceWrapper(portal, quarantine, toolName, behavioral
|
|
|
44
39
|
forensic_capture: true,
|
|
45
40
|
});
|
|
46
41
|
}
|
|
47
|
-
// INITIALIZATION or ARTIFACT_VERIFICATION → not yet governed
|
|
48
42
|
if (portal.state === 'INITIALIZATION' || portal.state === 'ARTIFACT_VERIFICATION') {
|
|
49
43
|
return j({
|
|
50
44
|
success: false,
|
|
51
|
-
error: 'GOVERNANCE_NOT_READY: No active policy artifact. Call
|
|
45
|
+
error: 'GOVERNANCE_NOT_READY: No active policy artifact. Call aga_create_artifact first.',
|
|
52
46
|
portal_state: portal.state,
|
|
53
47
|
tool: toolName,
|
|
54
48
|
});
|
|
55
49
|
}
|
|
56
|
-
// ACTIVE_MONITORING or DRIFT_DETECTED → record + allow through
|
|
57
50
|
if (behavioralMonitor) {
|
|
58
51
|
const argsHash = sha256Str(canonicalize(args));
|
|
59
52
|
behavioralMonitor.recordInvocation(toolName, argsHash);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"governance.js","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"governance.js","sourceRoot":"","sources":["../../src/middleware/governance.ts"],"names":[],"mappings":"AASA,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAKrD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC;IAC/B,6BAA6B;IAC7B,iBAAiB,EAAE,kBAAkB,EAAE,cAAc,EAAE,kBAAkB;IACzE,aAAa,EAAE,YAAY,EAAE,gBAAgB,EAAE,cAAc;IAC7D,WAAW;IACX,iBAAiB,EAAE,sBAAsB,EAAE,gBAAgB,EAAE,qBAAqB;IAClF,qBAAqB,EAAE,mBAAmB,EAAE,eAAe,EAAE,uBAAuB;IACpF,2BAA2B,EAAE,2BAA2B,EAAE,sBAAsB;CACjF,CAAC,CAAC;AAEH,MAAM,UAAU,uBAAuB,CACrC,MAAc,EACd,UAA+C,EAC/C,QAAgB,EAChB,iBAAqC;IAErC,MAAM,UAAU,GAAG,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAEnD,OAAO,SAAS,WAAW,CAAI,OAAuB;QACpD,IAAI,CAAC,UAAU;YAAE,OAAO,OAAO,CAAC;QAEhC,OAAO,KAAK,EAAE,IAAO,EAAuB,EAAE;YAC5C,MAAM,CAAC,GAAG,CAAC,CAAU,EAAc,EAAE,CAAC,CAAC;gBACrC,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;aAC9D,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,KAAK,KAAK,YAAY,IAAI,MAAM,CAAC,KAAK,KAAK,YAAY,EAAE,CAAC;gBACnE,OAAO,CAAC,CAAC;oBACP,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,iCAAiC,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,+DAA+D;oBACjI,YAAY,EAAE,MAAM,CAAC,KAAK;oBAC1B,IAAI,EAAE,QAAQ;iBACf,CAAC,CAAC;YACL,CAAC;YAED,IAAI,MAAM,CAAC,KAAK,KAAK,oBAAoB,IAAI,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,CAAC;gBACxE,YAAY,CAAC,UAAU,CAAC,OAAO,EAAE,aAAa,QAAQ,EAAE,EAAE;oBACxD,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBAC1D,CAAC,CAAC;gBACH,OAAO,CAAC,CAAC;oBACP,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,mIAAmI;oBAC1I,YAAY,EAAE,MAAM,CAAC,KAAK;oBAC1B,IAAI,EAAE,QAAQ;oBACd,gBAAgB,EAAE,IAAI;iBACvB,CAAC,CAAC;YACL,CAAC;YAED,IAAI,MAAM,CAAC,KAAK,KAAK,gBAAgB,IAAI,MAAM,CAAC,KAAK,KAAK,uBAAuB,EAAE,CAAC;gBAClF,OAAO,CAAC,CAAC;oBACP,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,kFAAkF;oBACzF,YAAY,EAAE,MAAM,CAAC,KAAK;oBAC1B,IAAI,EAAE,QAAQ;iBACf,CAAC,CAAC;YACL,CAAC;YAED,IAAI,iBAAiB,EAAE,CAAC;gBACtB,MAAM,QAAQ,GAAG,SAAS,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC/C,iBAAiB,CAAC,gBAAgB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;YACzD,CAAC;YACD,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC;QACvB,CAAC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
export declare const DRIFT_ANALYSIS_PROMPT: {
|
|
2
|
+
name: string;
|
|
3
|
+
description: string;
|
|
4
|
+
arguments: {
|
|
5
|
+
name: string;
|
|
6
|
+
description: string;
|
|
7
|
+
required: boolean;
|
|
8
|
+
}[];
|
|
9
|
+
template: (args: {
|
|
10
|
+
drift_type?: string;
|
|
11
|
+
}) => string;
|
|
12
|
+
};
|
|
13
|
+
//# sourceMappingURL=drift-analysis.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"drift-analysis.d.ts","sourceRoot":"","sources":["../../src/prompts/drift-analysis.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,qBAAqB;;;;;;;;qBAMf;QAAE,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE;CAmCzC,CAAC"}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
export const DRIFT_ANALYSIS_PROMPT = {
|
|
2
|
+
name: 'drift-analysis',
|
|
3
|
+
description: 'Analyze drift events and recommend remediation',
|
|
4
|
+
arguments: [
|
|
5
|
+
{ name: 'drift_type', description: 'Type of drift: binary, behavioral, or both', required: false },
|
|
6
|
+
],
|
|
7
|
+
template: (args) => `# Drift Event Analysis
|
|
8
|
+
|
|
9
|
+
Analyze drift events in the current AGA session for type: ${args.drift_type ?? 'both'}
|
|
10
|
+
|
|
11
|
+
## Investigation Steps
|
|
12
|
+
|
|
13
|
+
1. Call \`aga_get_chain\` to retrieve all chain events
|
|
14
|
+
2. Filter for INTERACTION_RECEIPT events where drift_detected=true
|
|
15
|
+
3. Filter for BEHAVIORAL_DRIFT events
|
|
16
|
+
4. Call \`aga_measure_behavior\` for current behavioral state
|
|
17
|
+
5. Call \`aga_get_portal_state\` for enforcement status
|
|
18
|
+
|
|
19
|
+
## Analysis Framework
|
|
20
|
+
|
|
21
|
+
For each drift event, determine:
|
|
22
|
+
- **Root Cause:** Binary modification, prompt injection, configuration change, behavioral anomaly
|
|
23
|
+
- **Severity:** Based on enforcement action taken (TERMINATE > QUARANTINE > ALERT_ONLY)
|
|
24
|
+
- **Timeline:** When drift was first detected, how many measurements before detection
|
|
25
|
+
- **Impact:** Which measurements were affected, what enforcement was applied
|
|
26
|
+
|
|
27
|
+
## Remediation Recommendations
|
|
28
|
+
|
|
29
|
+
Based on the drift analysis:
|
|
30
|
+
- If binary drift → Recommend re-attestation with updated subject
|
|
31
|
+
- If behavioral drift → Recommend baseline adjustment or investigation
|
|
32
|
+
- If both → Recommend full security review and incident response
|
|
33
|
+
|
|
34
|
+
## Output Format
|
|
35
|
+
|
|
36
|
+
Produce a structured drift analysis report with:
|
|
37
|
+
1. Drift event timeline
|
|
38
|
+
2. Root cause assessment
|
|
39
|
+
3. Severity classification
|
|
40
|
+
4. Remediation steps
|
|
41
|
+
5. Prevention recommendations`,
|
|
42
|
+
};
|
|
43
|
+
//# sourceMappingURL=drift-analysis.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"drift-analysis.js","sourceRoot":"","sources":["../../src/prompts/drift-analysis.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,IAAI,EAAE,gBAAgB;IACtB,WAAW,EAAE,gDAAgD;IAC7D,SAAS,EAAE;QACT,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,4CAA4C,EAAE,QAAQ,EAAE,KAAK,EAAE;KACnG;IACD,QAAQ,EAAE,CAAC,IAA6B,EAAE,EAAE,CAAC;;4DAEa,IAAI,CAAC,UAAU,IAAI,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAgCvD;CAC7B,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"governance-report.d.ts","sourceRoot":"","sources":["../../src/prompts/governance-report.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,wBAAwB;;;;;CAwBpC,CAAC"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
export const GOVERNANCE_REPORT_PROMPT = {
|
|
2
|
+
name: 'governance-report',
|
|
3
|
+
description: 'Generate a session governance summary report',
|
|
4
|
+
arguments: [],
|
|
5
|
+
template: () => `# Session Governance Summary Report
|
|
6
|
+
|
|
7
|
+
Generate a comprehensive governance report for the current AGA session:
|
|
8
|
+
|
|
9
|
+
1. Call \`aga_server_info\` for server identity and key information
|
|
10
|
+
2. Call \`aga_get_portal_state\` for current enforcement status
|
|
11
|
+
3. Call \`aga_get_chain\` with verify=true for chain integrity
|
|
12
|
+
4. Call \`aga_measure_behavior\` for behavioral analysis
|
|
13
|
+
5. Call \`aga_quarantine_status\` for quarantine state
|
|
14
|
+
|
|
15
|
+
Then produce a report with:
|
|
16
|
+
- **Session Identity:** Server keys, verification tier, uptime
|
|
17
|
+
- **Governance State:** Portal state, artifact status, TTL remaining
|
|
18
|
+
- **Chain Integrity:** Event count, verification status, any breaks
|
|
19
|
+
- **Behavioral Analysis:** Violations detected, behavioral hash
|
|
20
|
+
- **Quarantine Status:** Active/inactive, forensic captures
|
|
21
|
+
- **Measurement Summary:** Total measurements, drift events
|
|
22
|
+
- **Compliance Status:** NIST/NCCoE alignment assessment
|
|
23
|
+
|
|
24
|
+
Format as a structured markdown report suitable for audit documentation.`,
|
|
25
|
+
};
|
|
26
|
+
//# sourceMappingURL=governance-report.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"governance-report.js","sourceRoot":"","sources":["../../src/prompts/governance-report.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,IAAI,EAAE,mBAAmB;IACzB,WAAW,EAAE,8CAA8C;IAC3D,SAAS,EAAE,EAAE;IACb,QAAQ,EAAE,GAAG,EAAE,CAAC;;;;;;;;;;;;;;;;;;;yEAmBuD;CACxE,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
export declare const NCCOE_DEMO_PROMPT: {
|
|
2
|
+
name: string;
|
|
3
|
+
description: string;
|
|
4
|
+
arguments: {
|
|
5
|
+
name: string;
|
|
6
|
+
description: string;
|
|
7
|
+
required: boolean;
|
|
8
|
+
}[];
|
|
9
|
+
template: (args: {
|
|
10
|
+
agent_code?: string;
|
|
11
|
+
include_behavioral?: string;
|
|
12
|
+
}) => string;
|
|
13
|
+
};
|
|
14
|
+
//# sourceMappingURL=nccoe-demo.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"nccoe-demo.d.ts","sourceRoot":"","sources":["../../src/prompts/nccoe-demo.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,iBAAiB;;;;;;;;qBAOX;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,kBAAkB,CAAC,EAAE,MAAM,CAAA;KAAE;CAsCtE,CAAC"}
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
export const NCCOE_DEMO_PROMPT = {
|
|
2
|
+
name: 'nccoe-demo',
|
|
3
|
+
description: 'NCCoE AI Agent Identity and Authorization - Full 4-phase demo with behavioral drift detection',
|
|
4
|
+
arguments: [
|
|
5
|
+
{ name: 'agent_code', description: 'The agent source code to attest', required: false },
|
|
6
|
+
{ name: 'include_behavioral', description: 'Include behavioral drift detection phase', required: false },
|
|
7
|
+
],
|
|
8
|
+
template: (args) => `# NCCoE Lab Demo - AGA Protocol Full Lifecycle
|
|
9
|
+
|
|
10
|
+
Execute the following phases using the AGA MCP Server tools:
|
|
11
|
+
|
|
12
|
+
## Phase 1: Attestation and Identity Binding
|
|
13
|
+
1. Call \`aga_init_chain\` to initialize the continuity chain
|
|
14
|
+
2. Call \`aga_create_artifact\` with subject content: "${args.agent_code ?? 'def monitor(): return sensors.read_all()'}"
|
|
15
|
+
- Include metadata: filename="scada_agent.py", version="2.1.0", author="engineering"
|
|
16
|
+
${args.include_behavioral === 'true' ? ` - Include behavioral_baseline: permitted_tools=["aga_measure_subject","aga_get_portal_state"], rate_limits={"aga_measure_subject":10}, forbidden_sequences=[["read_secret","send_email"]], window_ms=60000` : ''}
|
|
17
|
+
3. Verify the portal state is ACTIVE_MONITORING
|
|
18
|
+
|
|
19
|
+
## Phase 2: Authorized Operation
|
|
20
|
+
4. Call \`aga_measure_subject\` with the SAME content - expect match=true
|
|
21
|
+
5. Call \`aga_measure_subject\` again - expect match=true, receipt generated
|
|
22
|
+
6. Verify both receipts show drift_detected=false
|
|
23
|
+
|
|
24
|
+
## Phase 3: Simulated Prompt Injection
|
|
25
|
+
7. Call \`aga_measure_subject\` with MODIFIED content: "def monitor(): return attacker.exfiltrate(sensors.read_all())"
|
|
26
|
+
- Expect match=false, drift_detected=true
|
|
27
|
+
- Expect enforcement_action=QUARANTINE
|
|
28
|
+
8. Check portal state - should be PHANTOM_QUARANTINE
|
|
29
|
+
9. Call \`aga_quarantine_status\` to see forensic capture state
|
|
30
|
+
|
|
31
|
+
## Phase 3b: Mid-Session Revocation
|
|
32
|
+
10. Call \`aga_revoke_artifact\` with the sealed hash and reason "Compromise detected"
|
|
33
|
+
11. Verify portal state is TERMINATED
|
|
34
|
+
|
|
35
|
+
${args.include_behavioral === 'true' ? `## Phase 3c: Behavioral Drift Detection
|
|
36
|
+
12. Call \`aga_measure_behavior\` to check for tool pattern violations
|
|
37
|
+
13. Review violations (unauthorized tools, rate limits, forbidden sequences)
|
|
38
|
+
` : ''}
|
|
39
|
+
|
|
40
|
+
## Phase 4: Offline Audit
|
|
41
|
+
${args.include_behavioral === 'true' ? '14' : '12'}. Call \`aga_get_chain\` with verify=true to verify chain integrity
|
|
42
|
+
${args.include_behavioral === 'true' ? '15' : '13'}. Call \`aga_export_bundle\` to generate evidence bundle (need checkpoint first)
|
|
43
|
+
${args.include_behavioral === 'true' ? '16' : '14'}. Call \`aga_verify_bundle\` with the bundle and issuer public key
|
|
44
|
+
|
|
45
|
+
All operations should produce signed receipts and chain events.`,
|
|
46
|
+
};
|
|
47
|
+
//# sourceMappingURL=nccoe-demo.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"nccoe-demo.js","sourceRoot":"","sources":["../../src/prompts/nccoe-demo.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,iBAAiB,GAAG;IAC/B,IAAI,EAAE,YAAY;IAClB,WAAW,EAAE,+FAA+F;IAC5G,SAAS,EAAE;QACT,EAAE,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,iCAAiC,EAAE,QAAQ,EAAE,KAAK,EAAE;QACvF,EAAE,IAAI,EAAE,oBAAoB,EAAE,WAAW,EAAE,0CAA0C,EAAE,QAAQ,EAAE,KAAK,EAAE;KACzG;IACD,QAAQ,EAAE,CAAC,IAA0D,EAAE,EAAE,CAAC;;;;;;yDAMnB,IAAI,CAAC,UAAU,IAAI,0CAA0C;;EAEpH,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,+MAA+M,CAAC,CAAC,CAAC,EAAE;;;;;;;;;;;;;;;;;;;EAmBzP,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC;;;CAGtC,CAAC,CAAC,CAAC,EAAE;;;EAGJ,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;EAChD,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;EAChD,IAAI,CAAC,kBAAkB,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;;gEAEc;CAC/D,CAAC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
export declare const COSAI_MCP_SECURITY_MAPPING: {
|
|
2
|
+
title: string;
|
|
3
|
+
source: string;
|
|
4
|
+
whitepaper: string;
|
|
5
|
+
published: string;
|
|
6
|
+
url: string;
|
|
7
|
+
categories: {
|
|
8
|
+
id: string;
|
|
9
|
+
name: string;
|
|
10
|
+
domain: string;
|
|
11
|
+
cosai_description: string;
|
|
12
|
+
aga_tools: string[];
|
|
13
|
+
aga_mechanism: string;
|
|
14
|
+
nist_ref: string;
|
|
15
|
+
}[];
|
|
16
|
+
};
|
|
17
|
+
export declare const COSAI_COVERAGE_SUMMARY: {
|
|
18
|
+
total_threat_categories: number;
|
|
19
|
+
categories_with_aga_coverage: number;
|
|
20
|
+
total_tools_referenced: number;
|
|
21
|
+
unique_cosai_categories_covered: number;
|
|
22
|
+
nist_submission_sections_referenced: number;
|
|
23
|
+
};
|
|
24
|
+
//# sourceMappingURL=cosai-mapping.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cosai-mapping.d.ts","sourceRoot":"","sources":["../../src/resources/cosai-mapping.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,0BAA0B;;;;;;;;;;;;;;;CAsHtC,CAAC;AAGF,eAAO,MAAM,sBAAsB;;;;;;CAMlC,CAAC"}
|
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
// src/resources/cosai-mapping.ts
|
|
2
|
+
export const COSAI_MCP_SECURITY_MAPPING = {
|
|
3
|
+
title: 'AGA Coverage of CoSAI MCP Security Threat Taxonomy',
|
|
4
|
+
source: 'Coalition for Secure AI (CoSAI), OASIS Open Project',
|
|
5
|
+
whitepaper: 'Securing the AI Agent Revolution: A Practical Guide to Model Context Protocol Security',
|
|
6
|
+
published: 'January 20, 2026',
|
|
7
|
+
url: 'https://github.com/cosai-oasis/ws4-secure-design-agentic-systems/blob/main/model-context-protocol-security.md',
|
|
8
|
+
categories: [
|
|
9
|
+
{
|
|
10
|
+
id: 'T1',
|
|
11
|
+
name: 'Improper Authentication',
|
|
12
|
+
domain: 'Foundational Identity & Access',
|
|
13
|
+
cosai_description: 'Weak identity verification and credential management across agent chains',
|
|
14
|
+
aga_tools: ['aga_create_artifact', 'aga_verify_artifact', 'aga_rotate_keys'],
|
|
15
|
+
aga_mechanism: 'Ed25519 artifact signatures verified against pinned issuer public key. Portal rejects artifacts with invalid signatures. Key rotation recorded as chain events with both old and new keys for transition period. TTL-based re-attestation enforces continuous authentication.',
|
|
16
|
+
nist_ref: 'NCCoE Section 3: Authentication',
|
|
17
|
+
},
|
|
18
|
+
{
|
|
19
|
+
id: 'T2',
|
|
20
|
+
name: 'Missing Access Control',
|
|
21
|
+
domain: 'Foundational Identity & Access',
|
|
22
|
+
cosai_description: 'Insufficient authorization checks and privilege separation',
|
|
23
|
+
aga_tools: ['aga_start_monitoring', 'aga_trigger_measurement', 'aga_delegate_to_subagent'],
|
|
24
|
+
aga_mechanism: 'Portal enforces sealed policy constraints as a mandatory interception layer. Agent holds no credentials and cannot bypass the portal. Delegation enforces scope diminishment: child scope must be a strict subset of parent. TTL inheritance prevents privilege extension through delegation.',
|
|
25
|
+
nist_ref: 'NCCoE Section 4: Authorization, CAISI Section 4a',
|
|
26
|
+
},
|
|
27
|
+
{
|
|
28
|
+
id: 'T3',
|
|
29
|
+
name: 'Input Validation Failures',
|
|
30
|
+
domain: 'Input Handling',
|
|
31
|
+
cosai_description: 'Traditional injection flaws amplified by AI mediation',
|
|
32
|
+
aga_tools: ['aga_trigger_measurement', 'aga_measure_behavior'],
|
|
33
|
+
aga_mechanism: 'Portal validates every operation against sealed artifact parameters before authorizing execution. Behavioral drift detection monitors tool invocation patterns against a sealed baseline, catching injection-driven anomalies independent of binary integrity.',
|
|
34
|
+
nist_ref: 'CAISI Section 1a: Semantic Drift Without Binary Modification',
|
|
35
|
+
},
|
|
36
|
+
{
|
|
37
|
+
id: 'T4',
|
|
38
|
+
name: 'Data/Control Boundary Failures',
|
|
39
|
+
domain: 'Input Handling',
|
|
40
|
+
cosai_description: 'Prompt injection and tool poisoning exploiting the LLM as intermediary',
|
|
41
|
+
aga_tools: ['aga_measure_behavior', 'aga_quarantine_status'],
|
|
42
|
+
aga_mechanism: 'Behavioral baseline sealed in artifact defines permitted tools, forbidden sequences, and rate limits. Prompt injection that causes unauthorized tool invocations or forbidden sequences triggers enforcement. Phantom execution quarantines the compromised agent while capturing the full attack sequence as signed forensic evidence.',
|
|
43
|
+
nist_ref: 'NCCoE Section 6: Prompt Injection Prevention and Mitigation',
|
|
44
|
+
},
|
|
45
|
+
{
|
|
46
|
+
id: 'T5',
|
|
47
|
+
name: 'Inadequate Data Protection',
|
|
48
|
+
domain: 'Data & Code Protection',
|
|
49
|
+
cosai_description: 'Insufficient encryption and secrets management',
|
|
50
|
+
aga_tools: ['aga_create_artifact', 'aga_disclose_claim'],
|
|
51
|
+
aga_mechanism: 'Attestation evidence stored as salted commitments: Hash(Content || Salt). Original content never stored in the artifact. Privacy-preserving disclosure with automatic substitution prevents sensitive data exposure. Inference risk checking blocks combinations of disclosures that would reveal denied claims.',
|
|
52
|
+
nist_ref: 'CAISI Section 5a: Privacy-Preserving Governance Disclosure',
|
|
53
|
+
},
|
|
54
|
+
{
|
|
55
|
+
id: 'T6',
|
|
56
|
+
name: 'Missing Integrity Controls',
|
|
57
|
+
domain: 'Data & Code Protection',
|
|
58
|
+
cosai_description: 'Lack of verification for MCP servers and tool definitions',
|
|
59
|
+
aga_tools: ['aga_create_artifact', 'aga_trigger_measurement', 'aga_verify_artifact'],
|
|
60
|
+
aga_mechanism: 'Sealed hash computed over subject bytes, metadata, policy reference, and salt. Portal computes runtime hash on every request and compares to sealed reference. Any modification to any component (server binary, tool definitions, configuration) produces a hash mismatch and triggers enforcement. 10 measurement embodiments cover executable images, loaded modules, container images, configuration manifests, SBOMs, and more.',
|
|
61
|
+
nist_ref: 'CAISI Section 2a: Sealed Policy Artifacts',
|
|
62
|
+
},
|
|
63
|
+
{
|
|
64
|
+
id: 'T7',
|
|
65
|
+
name: 'Session/Transport Security',
|
|
66
|
+
domain: 'Network & Transport',
|
|
67
|
+
cosai_description: 'Insecure protocols and session management',
|
|
68
|
+
aga_tools: ['aga_create_artifact', 'aga_revoke_artifact'],
|
|
69
|
+
aga_mechanism: 'Artifact TTL enforces session expiration. Expired artifacts require re-attestation (fail-closed). Mid-session revocation immediately terminates agent authority. All artifacts and receipts cryptographically signed with Ed25519, preventing session hijacking or replay.',
|
|
70
|
+
nist_ref: 'NCCoE Section 3: TTL-Based Re-Attestation',
|
|
71
|
+
},
|
|
72
|
+
{
|
|
73
|
+
id: 'T8',
|
|
74
|
+
name: 'Network Isolation Failures',
|
|
75
|
+
domain: 'Network & Transport',
|
|
76
|
+
cosai_description: 'Improper network binding and segmentation',
|
|
77
|
+
aga_tools: ['aga_start_monitoring', 'aga_trigger_measurement'],
|
|
78
|
+
aga_mechanism: 'Two-process architecture: portal and agent are separate OS processes. Agent has no direct network access, no credentials, no keys. Portal is the only path to external resources. NETWORK_ISOLATE enforcement action severs network connections while allowing continued local execution for forensic capture.',
|
|
79
|
+
nist_ref: 'CAISI Section 2a: The Portal as Mandatory Runtime Enforcement Boundary',
|
|
80
|
+
},
|
|
81
|
+
{
|
|
82
|
+
id: 'T9',
|
|
83
|
+
name: 'Trust Boundary Failures',
|
|
84
|
+
domain: 'Trust & Design',
|
|
85
|
+
cosai_description: 'Overreliance on LLM judgment for security decisions',
|
|
86
|
+
aga_tools: ['aga_create_artifact', 'aga_trigger_measurement', 'aga_measure_behavior'],
|
|
87
|
+
aga_mechanism: 'Security decisions are pre-committed in the sealed artifact by human authorities before deployment, not delegated to the LLM at runtime. The portal enforces constraints mechanically through hash comparison and behavioral pattern matching. The LLM cannot override, modify, or bypass the sealed enforcement parameters.',
|
|
88
|
+
nist_ref: 'CAISI Section 4a: Fail-Closed Semantics',
|
|
89
|
+
},
|
|
90
|
+
{
|
|
91
|
+
id: 'T10',
|
|
92
|
+
name: 'Resource Management',
|
|
93
|
+
domain: 'Trust & Design',
|
|
94
|
+
cosai_description: 'Absence of rate limiting and quota controls',
|
|
95
|
+
aga_tools: ['aga_measure_behavior', 'aga_create_artifact'],
|
|
96
|
+
aga_mechanism: 'Behavioral baseline includes per-tool rate limits sealed in the artifact. Portal tracks invocation rates within a configurable time window. Rate limit violations trigger enforcement. Measurement cadence is configurable from 10ms (SCADA) to 3,600,000ms, preventing resource exhaustion from excessive measurement overhead.',
|
|
97
|
+
nist_ref: 'CAISI Section 2a: Configurable Measurement Cadences',
|
|
98
|
+
},
|
|
99
|
+
{
|
|
100
|
+
id: 'T11',
|
|
101
|
+
name: 'Supply Chain Failures',
|
|
102
|
+
domain: 'Operational Security',
|
|
103
|
+
cosai_description: 'Insecure MCP server lifecycle and distribution',
|
|
104
|
+
aga_tools: ['aga_create_artifact', 'aga_verify_artifact', 'aga_trigger_measurement'],
|
|
105
|
+
aga_mechanism: 'Content-addressable hash binding at attestation time. Every component (server binary, skill files, dependencies, configuration) is hashed and sealed into the artifact. Runtime measurement detects any modification to any component. Artifact signature binds all fields cryptographically. Modified or substituted components produce hash mismatches and are blocked before execution.',
|
|
106
|
+
nist_ref: 'CAISI Section 1a: Supply Chain Injection',
|
|
107
|
+
},
|
|
108
|
+
{
|
|
109
|
+
id: 'T12',
|
|
110
|
+
name: 'Insufficient Observability',
|
|
111
|
+
domain: 'Operational Security',
|
|
112
|
+
cosai_description: 'Lack of logging, monitoring, and audit trails',
|
|
113
|
+
aga_tools: ['aga_generate_receipt', 'aga_get_chain', 'aga_export_bundle', 'aga_verify_bundle'],
|
|
114
|
+
aga_mechanism: 'Signed receipt generated for every measurement (match or mismatch). Receipts appended to tamper-evident continuity chain linked by structural metadata hashes. Payload excluded from leaf hash computation, enabling third-party verification without payload disclosure. Merkle checkpoint anchoring prevents history rewriting. Evidence bundles enable portable offline verification through a 4-step process: artifact signature, receipt signatures, Merkle proofs, and anchor validation.',
|
|
115
|
+
nist_ref: 'CAISI Section 2a: Tamper-Evident Accountability',
|
|
116
|
+
},
|
|
117
|
+
],
|
|
118
|
+
};
|
|
119
|
+
// Summary statistics
|
|
120
|
+
export const COSAI_COVERAGE_SUMMARY = {
|
|
121
|
+
total_threat_categories: 12,
|
|
122
|
+
categories_with_aga_coverage: 12,
|
|
123
|
+
total_tools_referenced: 20, // all 20 tools participate in at least one category
|
|
124
|
+
unique_cosai_categories_covered: 12,
|
|
125
|
+
nist_submission_sections_referenced: 10,
|
|
126
|
+
};
|
|
127
|
+
//# sourceMappingURL=cosai-mapping.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cosai-mapping.js","sourceRoot":"","sources":["../../src/resources/cosai-mapping.ts"],"names":[],"mappings":"AAAA,iCAAiC;AAEjC,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,KAAK,EAAE,oDAAoD;IAC3D,MAAM,EAAE,qDAAqD;IAC7D,UAAU,EAAE,wFAAwF;IACpG,SAAS,EAAE,kBAAkB;IAC7B,GAAG,EAAE,+GAA+G;IAEpH,UAAU,EAAE;QACV;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,yBAAyB;YAC/B,MAAM,EAAE,gCAAgC;YACxC,iBAAiB,EAAE,0EAA0E;YAC7F,SAAS,EAAE,CAAC,qBAAqB,EAAE,qBAAqB,EAAE,iBAAiB,CAAC;YAC5E,aAAa,EAAE,+QAA+Q;YAE9R,QAAQ,EAAE,iCAAiC;SAC5C;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,wBAAwB;YAC9B,MAAM,EAAE,gCAAgC;YACxC,iBAAiB,EAAE,4DAA4D;YAC/E,SAAS,EAAE,CAAC,sBAAsB,EAAE,yBAAyB,EAAE,0BAA0B,CAAC;YAC1F,aAAa,EAAE,+RAA+R;YAC9S,QAAQ,EAAE,kDAAkD;SAC7D;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,2BAA2B;YACjC,MAAM,EAAE,gBAAgB;YACxB,iBAAiB,EAAE,uDAAuD;YAC1E,SAAS,EAAE,CAAC,yBAAyB,EAAE,sBAAsB,CAAC;YAC9D,aAAa,EAAE,gQAAgQ;YAC/Q,QAAQ,EAAE,8DAA8D;SACzE;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,gCAAgC;YACtC,MAAM,EAAE,gBAAgB;YACxB,iBAAiB,EAAE,wEAAwE;YAC3F,SAAS,EAAE,CAAC,sBAAsB,EAAE,uBAAuB,CAAC;YAC5D,aAAa,EAAE,yUAAyU;YACxV,QAAQ,EAAE,6DAA6D;SACxE;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,4BAA4B;YAClC,MAAM,EAAE,wBAAwB;YAChC,iBAAiB,EAAE,gDAAgD;YACnE,SAAS,EAAE,CAAC,qBAAqB,EAAE,oBAAoB,CAAC;YACxD,aAAa,EAAE,kTAAkT;YACjU,QAAQ,EAAE,4DAA4D;SACvE;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,4BAA4B;YAClC,MAAM,EAAE,wBAAwB;YAChC,iBAAiB,EAAE,2DAA2D;YAC9E,SAAS,EAAE,CAAC,qBAAqB,EAAE,yBAAyB,EAAE,qBAAqB,CAAC;YACpF,aAAa,EAAE,saAAsa;YACrb,QAAQ,EAAE,2CAA2C;SACtD;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,4BAA4B;YAClC,MAAM,EAAE,qBAAqB;YAC7B,iBAAiB,EAAE,2CAA2C;YAC9D,SAAS,EAAE,CAAC,qBAAqB,EAAE,qBAAqB,CAAC;YACzD,aAAa,EAAE,4QAA4Q;YAC3R,QAAQ,EAAE,2CAA2C;SACtD;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,4BAA4B;YAClC,MAAM,EAAE,qBAAqB;YAC7B,iBAAiB,EAAE,2CAA2C;YAC9D,SAAS,EAAE,CAAC,sBAAsB,EAAE,yBAAyB,CAAC;YAC9D,aAAa,EAAE,gTAAgT;YAC/T,QAAQ,EAAE,wEAAwE;SACnF;QACD;YACE,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,yBAAyB;YAC/B,MAAM,EAAE,gBAAgB;YACxB,iBAAiB,EAAE,qDAAqD;YACxE,SAAS,EAAE,CAAC,qBAAqB,EAAE,yBAAyB,EAAE,sBAAsB,CAAC;YACrF,aAAa,EAAE,8TAA8T;YAC7U,QAAQ,EAAE,yCAAyC;SACpD;QACD;YACE,EAAE,EAAE,KAAK;YACT,IAAI,EAAE,qBAAqB;YAC3B,MAAM,EAAE,gBAAgB;YACxB,iBAAiB,EAAE,6CAA6C;YAChE,SAAS,EAAE,CAAC,sBAAsB,EAAE,qBAAqB,CAAC;YAC1D,aAAa,EAAE,kUAAkU;YACjV,QAAQ,EAAE,qDAAqD;SAChE;QACD;YACE,EAAE,EAAE,KAAK;YACT,IAAI,EAAE,uBAAuB;YAC7B,MAAM,EAAE,sBAAsB;YAC9B,iBAAiB,EAAE,gDAAgD;YACnE,SAAS,EAAE,CAAC,qBAAqB,EAAE,qBAAqB,EAAE,yBAAyB,CAAC;YACpF,aAAa,EAAE,4XAA4X;YAC3Y,QAAQ,EAAE,0CAA0C;SACrD;QACD;YACE,EAAE,EAAE,KAAK;YACT,IAAI,EAAE,4BAA4B;YAClC,MAAM,EAAE,sBAAsB;YAC9B,iBAAiB,EAAE,+CAA+C;YAClE,SAAS,EAAE,CAAC,sBAAsB,EAAE,eAAe,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;YAC9F,aAAa,EAAE,ieAAie;YAChf,QAAQ,EAAE,iDAAiD;SAC5D;KACF;CACF,CAAC;AAEF,qBAAqB;AACrB,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,uBAAuB,EAAE,EAAE;IAC3B,4BAA4B,EAAE,EAAE;IAChC,sBAAsB,EAAE,EAAE,EAAG,oDAAoD;IACjF,+BAA+B,EAAE,EAAE;IACnC,mCAAmC,EAAE,EAAE;CACxC,CAAC"}
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
export declare const CRYPTO_PRIMITIVES_DOC = "# AGA Cryptographic Primitives\n\n## Ed25519 Digital Signatures\n- Library: @noble/ed25519 v2.1.0\n- Key size: 256-bit (32 bytes)\n- Signature size: 512-bit (64 bytes)\n- Used for: Artifact signing, receipt signing, chain event signing\n\n## SHA-256 Hashing\n- Library: @noble/hashes v1.7.0\n- Output: 256-bit (64 hex characters)\n- Used for: Sealed hash, leaf hash, payload hash, subject identity\n\n## Sealed Hash Construction\n```\nsealed_hash = SHA-256(bytes_hash || metadata_hash || policy_reference || seal_salt)\n```\n- No delimiters between fields (raw hex concatenation)\n- No delimiters per protocol spec\n\n## Leaf Hash Construction\n```\nleaf_hash = SHA-256(\n schema_version || \"||\" || protocol_version || \"||\" ||\n event_type || \"||\" || event_id || \"||\" ||\n sequence_number || \"||\" || timestamp || \"||\" ||\n previous_leaf_hash\n)\n```\n- **Payload EXCLUDED** - privacy innovation\n- Chain integrity verifiable without revealing event contents\n\n## Salted Commitments\n```\ncommitment = SHA-256(content_bytes || salt_bytes)\n```\n- Salt: 128-bit (16 bytes, 32 hex chars) CSPRNG\n- Enables selective disclosure\n\n## Merkle Trees\n- Binary tree over leaf hashes\n- Internal nodes: SHA-256(left || right)\n- Odd leaf count: last leaf duplicated\n- Inclusion proofs: array of {hash, direction} pairs\n\n## Canonical Serialization\n- RFC 8785 aligned\n- Sorted keys, no whitespace\n- Used before signing any object\n";
|
|
2
|
+
export declare const CRYPTO_PRIMITIVES_URI = "aga://crypto-primitives";
|
|
3
|
+
//# sourceMappingURL=crypto-primitives.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"crypto-primitives.d.ts","sourceRoot":"","sources":["../../src/resources/crypto-primitives.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,qBAAqB,w6CAiDjC,CAAC;AAEF,eAAO,MAAM,qBAAqB,4BAA4B,CAAC"}
|